@lifeready/core 6.1.3 → 6.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bundles/lifeready-core.umd.js +301 -293
- package/bundles/lifeready-core.umd.js.map +1 -1
- package/bundles/lifeready-core.umd.min.js +1 -1
- package/bundles/lifeready-core.umd.min.js.map +1 -1
- package/esm2015/lib/auth/auth.config.js +57 -0
- package/esm2015/lib/auth/auth.gql.private.js +85 -0
- package/esm2015/lib/auth/auth.service.js +602 -0
- package/esm2015/lib/auth/auth.types.js +21 -0
- package/esm2015/lib/item/item.gql.js +164 -0
- package/esm2015/lib/item/item.gql.private.js +23 -0
- package/esm2015/lib/item/item.service.js +592 -0
- package/esm2015/lib/item/item.types.js +2 -0
- package/esm2015/lib/key-exchange/key-exchange.gql.js +174 -0
- package/esm2015/lib/key-exchange/key-exchange.service.js +480 -0
- package/esm2015/lib/lbop/lbop.service.js +7 -15
- package/esm2015/lib/life-ready.module.js +2 -2
- package/esm2015/lib/password/password.service.js +1 -1
- package/esm2015/lib/plan/plan.gql.js +91 -0
- package/esm2015/lib/plan/plan.service.js +191 -0
- package/esm2015/lib/plan/plan.types.js +2 -0
- package/esm2015/lib/profile/profile.gql.js +2 -2
- package/esm2015/lib/profile/profile.service.js +1 -8
- package/esm2015/lib/profile/profile.types.js +1 -8
- package/esm2015/lib/scenario/scenario.service.js +8 -8
- package/esm2015/lib/shared-contact-card/shared-contact-card2.service.js +1 -1
- package/esm2015/lib/trusted-party/trusted-party.gql.js +64 -0
- package/esm2015/lib/trusted-party/trusted-party.gql.private.js +25 -0
- package/esm2015/lib/trusted-party/trusted-party.service.js +240 -0
- package/esm2015/lib/trusted-party/trusted-party.types.js +2 -0
- package/esm2015/public-api.js +17 -12
- package/fesm2015/lifeready-core.js +189 -211
- package/fesm2015/lifeready-core.js.map +1 -1
- package/lib/{auth2/auth2.service.d.ts → auth/auth.service.d.ts} +2 -2
- package/lib/{item2/item2.service.d.ts → item/item.service.d.ts} +39 -39
- package/lib/key-exchange/{key-exchange2.service.d.ts → key-exchange.service.d.ts} +2 -2
- package/lib/lbop/lbop.service.d.ts +1 -5
- package/lib/password/password.service.d.ts +1 -1
- package/lib/{plan2/plan2.service.d.ts → plan/plan.service.d.ts} +20 -20
- package/lib/profile/profile.service.d.ts +1 -2
- package/lib/profile/profile.types.d.ts +2 -15
- package/lib/scenario/scenario.service.d.ts +3 -3
- package/lib/shared-contact-card/shared-contact-card2.service.d.ts +1 -1
- package/lib/trusted-party/{trusted-party2.service.d.ts → trusted-party.service.d.ts} +6 -6
- package/lifeready-core.metadata.json +1 -1
- package/package.json +1 -1
- package/public-api.d.ts +16 -11
- package/esm2015/lib/auth2/auth.config.js +0 -57
- package/esm2015/lib/auth2/auth2.gql.private.js +0 -85
- package/esm2015/lib/auth2/auth2.service.js +0 -602
- package/esm2015/lib/auth2/auth2.types.js +0 -21
- package/esm2015/lib/item2/item2.gql.js +0 -164
- package/esm2015/lib/item2/item2.gql.private.js +0 -23
- package/esm2015/lib/item2/item2.service.js +0 -592
- package/esm2015/lib/item2/item2.types.js +0 -2
- package/esm2015/lib/key-exchange/key-exchange2.gql.js +0 -174
- package/esm2015/lib/key-exchange/key-exchange2.service.js +0 -480
- package/esm2015/lib/plan2/plan2.gql.js +0 -91
- package/esm2015/lib/plan2/plan2.service.js +0 -191
- package/esm2015/lib/plan2/plan2.types.js +0 -2
- package/esm2015/lib/trusted-party/trusted-party2.gql.js +0 -64
- package/esm2015/lib/trusted-party/trusted-party2.gql.private.js +0 -25
- package/esm2015/lib/trusted-party/trusted-party2.service.js +0 -240
- package/esm2015/lib/trusted-party/trusted-party2.types.js +0 -2
- /package/lib/{auth2 → auth}/auth.config.d.ts +0 -0
- /package/lib/{auth2/auth2.gql.private.d.ts → auth/auth.gql.private.d.ts} +0 -0
- /package/lib/{auth2/auth2.types.d.ts → auth/auth.types.d.ts} +0 -0
- /package/lib/{item2/item2.gql.d.ts → item/item.gql.d.ts} +0 -0
- /package/lib/{item2/item2.gql.private.d.ts → item/item.gql.private.d.ts} +0 -0
- /package/lib/{item2/item2.types.d.ts → item/item.types.d.ts} +0 -0
- /package/lib/key-exchange/{key-exchange2.gql.d.ts → key-exchange.gql.d.ts} +0 -0
- /package/lib/{plan2/plan2.gql.d.ts → plan/plan.gql.d.ts} +0 -0
- /package/lib/{plan2/plan2.types.d.ts → plan/plan.types.d.ts} +0 -0
- /package/lib/trusted-party/{trusted-party2.gql.d.ts → trusted-party.gql.d.ts} +0 -0
- /package/lib/trusted-party/{trusted-party2.gql.private.d.ts → trusted-party.gql.private.d.ts} +0 -0
- /package/lib/trusted-party/{trusted-party2.types.d.ts → trusted-party.types.d.ts} +0 -0
|
@@ -1,480 +0,0 @@
|
|
|
1
|
-
import { __awaiter, __decorate } from "tslib";
|
|
2
|
-
import { Injectable, Injector, NgZone } from '@angular/core';
|
|
3
|
-
import { LrMutation, LrService } from '../api/lr-graphql';
|
|
4
|
-
import { EncryptionService, JoseSerialization, } from '../encryption/encryption.service';
|
|
5
|
-
import { KeyFactoryService } from '../key/key-factory.service';
|
|
6
|
-
import { KeyGraphService } from '../key/key-graph.service';
|
|
7
|
-
import { KeyService } from '../key/key.service';
|
|
8
|
-
import { KcCodeMismatchException } from '../_common/exceptions';
|
|
9
|
-
import { RunOutsideAngular } from '../_common/run-outside-angular';
|
|
10
|
-
import { CancelKeyExchangeMutation, CompleteKeyExchangeOtkMutation, CurrentUserSharedKeyQuery2, DeclineKeyExchangeMutation, InitiateKeyExchangeOtkMutation, KeyExchangeQuery2, KeyExchangesQuery2, KeyExchangeTokenQuery2, RespondKeyExchangeOtkMutation, } from './key-exchange2.gql';
|
|
11
|
-
import * as i0 from "@angular/core";
|
|
12
|
-
import * as i1 from "../key/key-factory.service";
|
|
13
|
-
import * as i2 from "../key/key.service";
|
|
14
|
-
import * as i3 from "../encryption/encryption.service";
|
|
15
|
-
import * as i4 from "../key/key-graph.service";
|
|
16
|
-
let KeyExchange2Service = class KeyExchange2Service extends LrService {
|
|
17
|
-
constructor(ngZone, injector, keyFactory, keyService, encryptionService, keyGraph) {
|
|
18
|
-
super(injector);
|
|
19
|
-
this.ngZone = ngZone;
|
|
20
|
-
this.injector = injector;
|
|
21
|
-
this.keyFactory = keyFactory;
|
|
22
|
-
this.keyService = keyService;
|
|
23
|
-
this.encryptionService = encryptionService;
|
|
24
|
-
this.keyGraph = keyGraph;
|
|
25
|
-
this.CLIENT_NONCE_LENGTH = 32;
|
|
26
|
-
}
|
|
27
|
-
getOtKey(keyExchange, otKeyK) {
|
|
28
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
29
|
-
if (otKeyK) {
|
|
30
|
-
return yield KeyFactoryService.asKey(Object.assign(Object.assign({}, JSON.parse(keyExchange.otk.otKeyParams)), { k: otKeyK }));
|
|
31
|
-
}
|
|
32
|
-
else if (keyExchange.otk.state === 'OTK_INITIATED' &&
|
|
33
|
-
!keyExchange.isInitiator &&
|
|
34
|
-
keyExchange.otk.responderPbkCipher) {
|
|
35
|
-
// Assuming existing user getting invited where OTK is wrapped in responder's public key.
|
|
36
|
-
const prk = this.keyService.currentPxk;
|
|
37
|
-
const decryptedCipher = yield this.encryptionService.decrypt(prk.jwk, JSON.parse(keyExchange.otk.responderPbkCipher), {
|
|
38
|
-
serializations: [JoseSerialization.COMPACT],
|
|
39
|
-
});
|
|
40
|
-
if (decryptedCipher.otKey) {
|
|
41
|
-
return yield KeyFactoryService.asKey(decryptedCipher.otKey);
|
|
42
|
-
}
|
|
43
|
-
}
|
|
44
|
-
return null;
|
|
45
|
-
});
|
|
46
|
-
}
|
|
47
|
-
decryptOtk(keyExchange, otKeyK) {
|
|
48
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
49
|
-
const otKey = yield this.getOtKey(keyExchange, otKeyK);
|
|
50
|
-
let otk = keyExchange.otk;
|
|
51
|
-
if (otKey && otk.otKeyCipher) {
|
|
52
|
-
otk = Object.assign(Object.assign({}, otk), { otKey, otKeyCipherClearJson: yield this.encryptionService.decrypt(otKey, keyExchange.otk.otKeyCipher) });
|
|
53
|
-
}
|
|
54
|
-
return Object.assign(Object.assign({}, keyExchange), { otk });
|
|
55
|
-
});
|
|
56
|
-
}
|
|
57
|
-
decryptResponseCipher(otKey, otPrk, content) {
|
|
58
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
59
|
-
// The response could be wrapped by the OtK in addition to the OtPbk
|
|
60
|
-
try {
|
|
61
|
-
content = yield this.encryptionService.decrypt(otKey, content);
|
|
62
|
-
}
|
|
63
|
-
catch (error) {
|
|
64
|
-
if (error.message !== 'no key found') {
|
|
65
|
-
throw error;
|
|
66
|
-
}
|
|
67
|
-
// Do nothing to support older versions where message is not wrapped with otk.
|
|
68
|
-
}
|
|
69
|
-
// The Prk is single-use and only used to send information from the responder back to the initiator.
|
|
70
|
-
return yield this.encryptionService.decrypt(otPrk, content);
|
|
71
|
-
});
|
|
72
|
-
}
|
|
73
|
-
decryptKeyExchangeAsInitiator(keyExchange) {
|
|
74
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
75
|
-
const rootKey = this.keyService.currentRootKey;
|
|
76
|
-
// Decrypt using the root key to get the Prk
|
|
77
|
-
const initiatorRootKeyCipherClearJson = (yield this.encryptionService.decrypt(rootKey.jwk, keyExchange.initiatorRootKeyCipher));
|
|
78
|
-
const otKey = yield KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.otKey);
|
|
79
|
-
keyExchange = Object.assign(Object.assign({}, keyExchange), { initiatorRootKeyCipherClearJson });
|
|
80
|
-
let otk = keyExchange.otk;
|
|
81
|
-
if (otk.initiatorOneTimePbkCipher) {
|
|
82
|
-
otk = Object.assign(Object.assign({}, otk), { initiatorOneTimePbkCipherClearJson: yield this.decryptResponseCipher(otKey, yield KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.oneTimePrk), otk.initiatorOneTimePbkCipher) });
|
|
83
|
-
}
|
|
84
|
-
if (otk.otKeyCipher) {
|
|
85
|
-
otk.otKeyCipherClearJson = yield this.encryptionService.decrypt(otKey, otk.otKeyCipher);
|
|
86
|
-
}
|
|
87
|
-
return Object.assign(Object.assign({}, keyExchange), { otk });
|
|
88
|
-
});
|
|
89
|
-
}
|
|
90
|
-
decryptKeyExchangeAsResponder(keyExchange, otKeyK) {
|
|
91
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
92
|
-
return this.decryptOtk(keyExchange, otKeyK);
|
|
93
|
-
});
|
|
94
|
-
}
|
|
95
|
-
decryptKeyExchange(keyExchange, otKeyK) {
|
|
96
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
97
|
-
if (keyExchange.isInitiator) {
|
|
98
|
-
return this.decryptKeyExchangeAsInitiator(keyExchange);
|
|
99
|
-
}
|
|
100
|
-
else {
|
|
101
|
-
return this.decryptKeyExchangeAsResponder(keyExchange, otKeyK);
|
|
102
|
-
}
|
|
103
|
-
});
|
|
104
|
-
}
|
|
105
|
-
getKeyExchanges({ state } = {}) {
|
|
106
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
107
|
-
const { keyExchanges } = yield this.query({
|
|
108
|
-
query: KeyExchangesQuery2,
|
|
109
|
-
variables: {
|
|
110
|
-
state,
|
|
111
|
-
},
|
|
112
|
-
});
|
|
113
|
-
return Promise.all(keyExchanges.edges.map((edge) => this.decryptKeyExchange(edge.node)));
|
|
114
|
-
});
|
|
115
|
-
}
|
|
116
|
-
/**
|
|
117
|
-
* @param id If the current user can responder the key exchange if they are either the initiator or the receiver.
|
|
118
|
-
* @param token If not signed in, or not the initiator or responder, 'token' must be given.
|
|
119
|
-
* @param otKeyK Is the raw one-time key (string). If the responder is explicitly specified at time of initiation, then
|
|
120
|
-
* it's possible to have the otKey wrapped by the public key of the responder. In which case, the otKeyK is not needed.
|
|
121
|
-
*/
|
|
122
|
-
getKeyExchange(id, { otKeyK, token } = {}) {
|
|
123
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
124
|
-
const res = yield this.query({
|
|
125
|
-
query: token ? KeyExchangeTokenQuery2 : KeyExchangeQuery2,
|
|
126
|
-
variables: {
|
|
127
|
-
id,
|
|
128
|
-
token,
|
|
129
|
-
},
|
|
130
|
-
includeKeyGraph: !token,
|
|
131
|
-
});
|
|
132
|
-
return this.decryptKeyExchange(res.keyExchange, otKeyK);
|
|
133
|
-
});
|
|
134
|
-
}
|
|
135
|
-
getCurrentUserSharedKey(input) {
|
|
136
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
137
|
-
return this.query({
|
|
138
|
-
query: CurrentUserSharedKeyQuery2,
|
|
139
|
-
variables: {
|
|
140
|
-
username: input.username,
|
|
141
|
-
userId: input.userId,
|
|
142
|
-
},
|
|
143
|
-
});
|
|
144
|
-
});
|
|
145
|
-
}
|
|
146
|
-
cancelKeyExchange(id) {
|
|
147
|
-
return this.mutate(this.cancelKeyExchangeMutation(id));
|
|
148
|
-
}
|
|
149
|
-
cancelKeyExchangeMutation(id) {
|
|
150
|
-
return new LrMutation({
|
|
151
|
-
mutation: CancelKeyExchangeMutation,
|
|
152
|
-
variables: {
|
|
153
|
-
input: {
|
|
154
|
-
id,
|
|
155
|
-
},
|
|
156
|
-
},
|
|
157
|
-
});
|
|
158
|
-
}
|
|
159
|
-
declineKeyExchange(id, token) {
|
|
160
|
-
return this.mutate(this.declineKeyExchangeMutation(id, token));
|
|
161
|
-
}
|
|
162
|
-
declineKeyExchangeMutation(id, token) {
|
|
163
|
-
return new LrMutation({
|
|
164
|
-
mutation: DeclineKeyExchangeMutation,
|
|
165
|
-
variables: {
|
|
166
|
-
input: {
|
|
167
|
-
id,
|
|
168
|
-
token,
|
|
169
|
-
},
|
|
170
|
-
},
|
|
171
|
-
});
|
|
172
|
-
}
|
|
173
|
-
initiateOtk(input = {}) {
|
|
174
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
175
|
-
return this.mutate((yield this.initiateOtkMutation(input)).lrMutation);
|
|
176
|
-
});
|
|
177
|
-
}
|
|
178
|
-
initiateOtkMutation({ message, email, contactCard, upgrade, } = {}) {
|
|
179
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
180
|
-
const otKey = yield this.keyFactory.createKey();
|
|
181
|
-
const nonce = this.keyFactory.randomString(this.CLIENT_NONCE_LENGTH);
|
|
182
|
-
// New PKC key for encryption. This key is used only once when the responder sends
|
|
183
|
-
// back their signing public key.
|
|
184
|
-
const initiatorOneTimePrk = yield this.keyFactory.createPkcKey();
|
|
185
|
-
// Option 1: New PKC key for signing
|
|
186
|
-
// const initiatorSigPrk = await this.keyService.createPkcSignKey();
|
|
187
|
-
// Option 2: Use the user's global signing key.
|
|
188
|
-
// This key is used to prove the initiator's identity.
|
|
189
|
-
const initiatorPrk = this.keyService.currentPxk;
|
|
190
|
-
const initiatorSigPrk = this.keyService.currentSigPxk;
|
|
191
|
-
let initiatorPlainDataSig = null;
|
|
192
|
-
if (contactCard && contactCard.ownerPlainDataJson) {
|
|
193
|
-
initiatorPlainDataSig = yield this.encryptionService.signToString(initiatorSigPrk.jwk, contactCard.ownerPlainDataJson);
|
|
194
|
-
}
|
|
195
|
-
const initiator = {
|
|
196
|
-
message,
|
|
197
|
-
contactCard: contactCard && {
|
|
198
|
-
sharedCipherDataClearJson: contactCard.sharedCipherDataClearJson,
|
|
199
|
-
},
|
|
200
|
-
};
|
|
201
|
-
// Content to be encrypted using the OTK.
|
|
202
|
-
const plainOtKeyCipher = {
|
|
203
|
-
// TODO Make sure we also put the OOB code in here as well since the OOB code is the
|
|
204
|
-
// _only_ information the KC server does not have access to. The server may have
|
|
205
|
-
// access to OTK and hence the nonce here. It's good to have both the nonce and OOB code
|
|
206
|
-
// since the user may not be using the OOB code. And it's simple to always include
|
|
207
|
-
// the nonce, so why not.
|
|
208
|
-
nonce,
|
|
209
|
-
initiator: Object.assign(Object.assign({}, initiator), { oneTimePbk: initiatorOneTimePrk.toJSON(), pbk: initiatorPrk.jwk.toJSON(), sigPbk: initiatorSigPrk.jwk.toJSON() }),
|
|
210
|
-
};
|
|
211
|
-
const otKeyCipher = yield this.keyGraph.encryptToString(otKey, plainOtKeyCipher);
|
|
212
|
-
// Content to be encrypted using the initiator's root key.
|
|
213
|
-
const initiatorRootKeyCipherClearJson = {
|
|
214
|
-
nonce,
|
|
215
|
-
oneTimePrk: initiatorOneTimePrk.toJSON(true),
|
|
216
|
-
// Should not need to keep this encrypted since we are using the global signing key.
|
|
217
|
-
// sigPrk: initiatorSigPrk.toJSON(true),
|
|
218
|
-
// Save it in case the initiator want to decode the otKeyCipher.
|
|
219
|
-
// Since the otKey is only used once, and that otKeyCipher contains only
|
|
220
|
-
// the public key of the initiator, it's safe just leave the otKey stored here.
|
|
221
|
-
otKey: otKey.toJSON(true),
|
|
222
|
-
// These should be storing information such as how the fields of the shared contact card is
|
|
223
|
-
// derived from the master contact card.
|
|
224
|
-
initiatorContactCard: contactCard,
|
|
225
|
-
initiator,
|
|
226
|
-
};
|
|
227
|
-
const rootKey = this.keyService.currentRootKey;
|
|
228
|
-
const initiatorRootKeyCipher = yield this.keyGraph.encryptToString(rootKey.jwk, initiatorRootKeyCipherClearJson);
|
|
229
|
-
// The raw OTK
|
|
230
|
-
const otKeyK = otKey.toJSON(true).k;
|
|
231
|
-
// API call
|
|
232
|
-
const lrMutation = new LrMutation({
|
|
233
|
-
mutation: InitiateKeyExchangeOtkMutation,
|
|
234
|
-
variables: {
|
|
235
|
-
input: {
|
|
236
|
-
// These will be stored on the server
|
|
237
|
-
initiatorRootKeyCipher,
|
|
238
|
-
initiatorPxkId: initiatorPrk.id,
|
|
239
|
-
initiatorSigPxkId: initiatorSigPrk.id,
|
|
240
|
-
// These will be sent to the responder
|
|
241
|
-
otKeyParams: JSON.stringify(otKey.toJSON()),
|
|
242
|
-
otKeyCipher,
|
|
243
|
-
sendEmail: email && {
|
|
244
|
-
email,
|
|
245
|
-
rawOtKey: otKeyK,
|
|
246
|
-
},
|
|
247
|
-
createTp: true,
|
|
248
|
-
initiatorPlainDataSig,
|
|
249
|
-
upgrade,
|
|
250
|
-
},
|
|
251
|
-
},
|
|
252
|
-
});
|
|
253
|
-
return { lrMutation, otKeyK };
|
|
254
|
-
});
|
|
255
|
-
}
|
|
256
|
-
respondOtk(input) {
|
|
257
|
-
return this.mutate(this.respondOtkMutation(input));
|
|
258
|
-
}
|
|
259
|
-
respondOtkMutation({ keyExchangeId, token, decryptedOtk, message, initiatorContactCard, responderContactCard, }) {
|
|
260
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
261
|
-
const rootKey = this.keyService.currentRootKey;
|
|
262
|
-
const masterKey = this.keyService.currentMasterKey;
|
|
263
|
-
const sharedKey = yield this.keyFactory.createKey();
|
|
264
|
-
const mkSharedKey = yield this.keyFactory.createKey();
|
|
265
|
-
const rkWrappedSharedKey = yield this.encryptionService.encrypt(rootKey.jwk, sharedKey.toJSON(true));
|
|
266
|
-
const mkWrappedMkSharedKey = yield this.encryptionService.encrypt(masterKey.jwk, mkSharedKey.toJSON(true));
|
|
267
|
-
const initiatorOneTimePbk = yield KeyFactoryService.asKey(decryptedOtk.otKeyCipherClearJson.initiator.oneTimePbk);
|
|
268
|
-
const initiatorPbk = yield KeyFactoryService.asKey(decryptedOtk.otKeyCipherClearJson.initiator.pbk);
|
|
269
|
-
const initiatorSigPbk = yield KeyFactoryService.asKey(decryptedOtk.otKeyCipherClearJson.initiator.sigPbk);
|
|
270
|
-
// Option 1: Using new Prk for each TP pair
|
|
271
|
-
// Create a new public signing key for the responder.
|
|
272
|
-
// const responderSigPrk = await this.keyService.createPkcSignKey()
|
|
273
|
-
// const rkWrappedResponderSigPrk = await this.encrypt(rootKey, responderSigPrk.toJSON(true));
|
|
274
|
-
// Option 2: Responder already has a signing Prk
|
|
275
|
-
const responderPrk = this.keyService.currentPxk;
|
|
276
|
-
const responderSigPrk = this.keyService.currentSigPxk;
|
|
277
|
-
const signedInitiatorPbk = yield this.encryptionService.sign(responderSigPrk.jwk, initiatorPbk.toJSON());
|
|
278
|
-
const signedInitiatorSigPbk = yield this.encryptionService.sign(responderSigPrk.jwk, initiatorSigPbk.toJSON());
|
|
279
|
-
const initiatorOneTimePbkCipherClearJson = {
|
|
280
|
-
nonce: decryptedOtk.otKeyCipherClearJson.nonce,
|
|
281
|
-
sharedKey: sharedKey.toJSON(true),
|
|
282
|
-
mkSharedKey: mkSharedKey.toJSON(true),
|
|
283
|
-
responder: {
|
|
284
|
-
pbk: responderPrk.jwk.toJSON(),
|
|
285
|
-
sigPbk: responderSigPrk.jwk.toJSON(),
|
|
286
|
-
message,
|
|
287
|
-
},
|
|
288
|
-
};
|
|
289
|
-
let receivedCardInput;
|
|
290
|
-
if (decryptedOtk.otKeyCipherClearJson.initiator.contactCard) {
|
|
291
|
-
// Set the info about the initiator to be the ones sent by the initiator. We need th responder to do the encryption here
|
|
292
|
-
// because the initiator does not have the shared key yet, and we want the responder to have a functional contact card after
|
|
293
|
-
// this exchange. The initiator can double check the contact details are correct and sign it when it completes the exchange.
|
|
294
|
-
const sharedCipherDataClearJson = decryptedOtk.otKeyCipherClearJson.initiator.contactCard
|
|
295
|
-
.sharedCipherDataClearJson;
|
|
296
|
-
// Create keys
|
|
297
|
-
const receiverKey = yield this.keyFactory.createKey();
|
|
298
|
-
const ccSharedKey = yield this.keyFactory.createKey();
|
|
299
|
-
const sigPxk = this.keyService.currentSigPxk;
|
|
300
|
-
receivedCardInput = {
|
|
301
|
-
receiverWrappedKey: JSON.stringify(yield this.encryptionService.encrypt(rootKey.jwk, receiverKey.toJSON(true))),
|
|
302
|
-
receiverWrappingKeyId: rootKey.id,
|
|
303
|
-
receiverCipherData: initiatorContactCard
|
|
304
|
-
? JSON.stringify(yield this.encryptionService.encrypt(receiverKey, initiatorContactCard.receiverCipherDataClearJson))
|
|
305
|
-
: '',
|
|
306
|
-
sharedWrappedKey: JSON.stringify(yield this.encryptionService.encrypt(sharedKey, ccSharedKey.toJSON(true))),
|
|
307
|
-
};
|
|
308
|
-
const sharedCipherData = yield this.encryptionService.encrypt(ccSharedKey, sharedCipherDataClearJson);
|
|
309
|
-
receivedCardInput.sharedCipherDataSig = JSON.stringify(yield this.encryptionService.sign(sigPxk.jwk, sharedCipherData));
|
|
310
|
-
receivedCardInput.sigPxkId = sigPxk.id;
|
|
311
|
-
initiatorOneTimePbkCipherClearJson.responder.contactCard = Object.assign(Object.assign({}, initiatorOneTimePbkCipherClearJson.responder.contactCard), { sharedCipherKey: ccSharedKey.toJSON(true) });
|
|
312
|
-
}
|
|
313
|
-
let responderCardInput;
|
|
314
|
-
if (responderContactCard) {
|
|
315
|
-
// Create keys
|
|
316
|
-
const ownerKey = yield this.keyFactory.createKey();
|
|
317
|
-
const ccSharedKey = yield this.keyFactory.createKey();
|
|
318
|
-
const sigPxk = this.keyService.currentSigPxk;
|
|
319
|
-
responderCardInput = {
|
|
320
|
-
ownerWrappedKey: JSON.stringify(yield this.encryptionService.encrypt(rootKey.jwk, ownerKey.toJSON(true))),
|
|
321
|
-
ownerWrappingKeyId: rootKey.id,
|
|
322
|
-
ownerCipherData: responderContactCard.ownerCipherDataClearJson
|
|
323
|
-
? JSON.stringify(yield this.encryptionService.encrypt(ownerKey, responderContactCard.ownerCipherDataClearJson))
|
|
324
|
-
: '',
|
|
325
|
-
sharedWrappedKey: JSON.stringify(yield this.encryptionService.encrypt(sharedKey, ccSharedKey.toJSON(true))),
|
|
326
|
-
};
|
|
327
|
-
const sharedCipherData = yield this.encryptionService.encrypt(ccSharedKey, responderContactCard.sharedCipherDataClearJson);
|
|
328
|
-
responderCardInput.sharedCipherDataSig = JSON.stringify(yield this.encryptionService.sign(sigPxk.jwk, sharedCipherData));
|
|
329
|
-
responderCardInput.sigPxkId = sigPxk.id;
|
|
330
|
-
if (responderContactCard.ownerPlainDataJson) {
|
|
331
|
-
responderCardInput.ownerPlainDataSig = JSON.stringify(yield this.encryptionService.sign(responderSigPrk.jwk, responderContactCard.ownerPlainDataJson));
|
|
332
|
-
}
|
|
333
|
-
// Contact card info readable by the initiator
|
|
334
|
-
initiatorOneTimePbkCipherClearJson.responder.contactCard = Object.assign(Object.assign({}, initiatorOneTimePbkCipherClearJson.responder.contactCard), { sharedCipherDataClearJson: responderContactCard.sharedCipherDataClearJson });
|
|
335
|
-
}
|
|
336
|
-
// Encrypt with one-time public key
|
|
337
|
-
let initiatorOneTimePbkCipher = yield this.encryptionService.encrypt(initiatorOneTimePbk, initiatorOneTimePbkCipherClearJson);
|
|
338
|
-
// Encrypt with the otk again to keep use of asymmetric keys to a minimum.
|
|
339
|
-
initiatorOneTimePbkCipher = yield this.encryptionService.encrypt(decryptedOtk.otKey, initiatorOneTimePbkCipher);
|
|
340
|
-
return new LrMutation({
|
|
341
|
-
mutation: RespondKeyExchangeOtkMutation,
|
|
342
|
-
variables: {
|
|
343
|
-
input: {
|
|
344
|
-
keyExchangeId,
|
|
345
|
-
keyExchangeToken: token,
|
|
346
|
-
rootKeyId: rootKey.id,
|
|
347
|
-
masterKeyId: masterKey.id,
|
|
348
|
-
// These will be stored on the server
|
|
349
|
-
responderPxkId: responderPrk.id,
|
|
350
|
-
responderSigPxkId: responderSigPrk.id,
|
|
351
|
-
signedInitiatorPbk: JSON.stringify(signedInitiatorPbk),
|
|
352
|
-
signedInitiatorSigPbk: JSON.stringify(signedInitiatorSigPbk),
|
|
353
|
-
// rkWrappedInitiatorSigPbk: JSON.stringify(rkWrappedInitiatorSigPbk),
|
|
354
|
-
// Option 1: Using new Prk for each TP pair
|
|
355
|
-
// rkWrappedResponderSigPrk: JSON.stringify(rkWrappedResponderSigPrk),
|
|
356
|
-
rkWrappedSharedKey: JSON.stringify(rkWrappedSharedKey),
|
|
357
|
-
mkWrappedMkSharedKey: JSON.stringify(mkWrappedMkSharedKey),
|
|
358
|
-
// These will be sent to the initiator
|
|
359
|
-
initiatorOneTimePbkCipher: JSON.stringify(initiatorOneTimePbkCipher),
|
|
360
|
-
initiatorContactCard: receivedCardInput,
|
|
361
|
-
responderContactCard: responderCardInput,
|
|
362
|
-
},
|
|
363
|
-
},
|
|
364
|
-
});
|
|
365
|
-
});
|
|
366
|
-
}
|
|
367
|
-
completeOtk(input) {
|
|
368
|
-
return this.mutate(this.completeOtkMutation(input));
|
|
369
|
-
}
|
|
370
|
-
completeOtkMutation({ keyExchangeId, initiatorRootKeyCipher, initiatorOneTimePbkCipher, responderContactCard, initiatorContactCard, }) {
|
|
371
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
372
|
-
const rootKey = this.keyService.currentRootKey;
|
|
373
|
-
const masterKey = this.keyService.currentMasterKey;
|
|
374
|
-
// Decrypt using the root key to get the Prk
|
|
375
|
-
const initiatorRootKeyCipherClearJson = (yield this.encryptionService.decrypt(rootKey.jwk, initiatorRootKeyCipher));
|
|
376
|
-
// The Prk is single-use and only used to send information from the responder back to the initiator.
|
|
377
|
-
const plainInitiatorOneTimePbkCipher = yield this.decryptResponseCipher(yield KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.otKey), yield KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.oneTimePrk), initiatorOneTimePbkCipher);
|
|
378
|
-
// Check the nonce match to ensure the responder was the one holding the OTK
|
|
379
|
-
if (initiatorRootKeyCipherClearJson.nonce !==
|
|
380
|
-
plainInitiatorOneTimePbkCipher.nonce) {
|
|
381
|
-
throw new KcCodeMismatchException('The nonce returned by responder does not match with the one created by the initiator.');
|
|
382
|
-
}
|
|
383
|
-
// Option 1: Assuming the signing key is unique between users.
|
|
384
|
-
// const initiatorSigPrk = await KFS.asKey(ke.plainInitiatorRootKeyCipher.sigPrk);
|
|
385
|
-
// const rkWrappedInitiatorSigPrk = await this.encrypt(rootKey, initiatorSigPrk.toJSON(true));
|
|
386
|
-
// Option 2: Use the user's global signing key.
|
|
387
|
-
// In this case the initiatorSigPrk is already a part of the key graph.
|
|
388
|
-
// So there's nothing to do here.
|
|
389
|
-
// Protected the signing public key of the responder.
|
|
390
|
-
const initiatorSigPrk = this.keyService.currentSigPxk;
|
|
391
|
-
const responderSigPbk = yield KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.responder.sigPbk);
|
|
392
|
-
const responderPbk = yield KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.responder.pbk);
|
|
393
|
-
const signedResponderPbk = yield this.encryptionService.sign(initiatorSigPrk.jwk, responderPbk.toJSON());
|
|
394
|
-
const signedResponderSigPbk = yield this.encryptionService.sign(initiatorSigPrk.jwk, responderSigPbk.toJSON());
|
|
395
|
-
const sharedKey = yield KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.sharedKey);
|
|
396
|
-
const rkWrappedSharedKey = yield this.encryptionService.encrypt(rootKey.jwk, sharedKey.toJSON(true));
|
|
397
|
-
const mkSharedKey = yield KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.mkSharedKey);
|
|
398
|
-
const mkWrappedMkSharedKey = yield this.encryptionService.encrypt(masterKey.jwk, mkSharedKey.toJSON(true));
|
|
399
|
-
let responderContactCardCipherInput;
|
|
400
|
-
if (responderContactCard) {
|
|
401
|
-
// Create key
|
|
402
|
-
const receiverKey = yield this.keyFactory.createKey();
|
|
403
|
-
responderContactCardCipherInput = {
|
|
404
|
-
receiverWrappedKey: JSON.stringify(yield this.encryptionService.encrypt(rootKey.jwk, receiverKey.toJSON(true))),
|
|
405
|
-
receiverWrappingKeyId: rootKey.id,
|
|
406
|
-
receiverCipherData: JSON.stringify(yield this.encryptionService.encrypt(receiverKey, responderContactCard.receiverCipherDataClearJson)),
|
|
407
|
-
};
|
|
408
|
-
}
|
|
409
|
-
// Get the data needed from the initiator's cipher data.
|
|
410
|
-
let initiatorContactCardCipherInput;
|
|
411
|
-
let initiatorContactCardSharedCipherInput;
|
|
412
|
-
if (initiatorRootKeyCipherClearJson.initiatorContactCard) {
|
|
413
|
-
// The initiatorContactCard created during the creation of the invite and encrypted using the initiator's
|
|
414
|
-
// root key
|
|
415
|
-
const initiatorContactCardFromInit = initiatorRootKeyCipherClearJson.initiatorContactCard;
|
|
416
|
-
const ownerKey = yield this.keyFactory.createKey();
|
|
417
|
-
const sharedCipherKey = yield KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.responder.contactCard.sharedCipherKey);
|
|
418
|
-
const ownerWrappedKey = JSON.stringify(yield this.encryptionService.encrypt(rootKey.jwk, ownerKey.toJSON(true)));
|
|
419
|
-
// Allow the initiatorContactCard parameter to override
|
|
420
|
-
const ownerCipherDataClearJson = (initiatorContactCard === null || initiatorContactCard === void 0 ? void 0 : initiatorContactCard.ownerCipherDataClearJson) ||
|
|
421
|
-
initiatorContactCardFromInit.ownerCipherDataClearJson;
|
|
422
|
-
const ownerCipherData = ownerCipherDataClearJson
|
|
423
|
-
? yield this.keyGraph.encryptToString(ownerKey, ownerCipherDataClearJson)
|
|
424
|
-
: '';
|
|
425
|
-
initiatorContactCardCipherInput = {
|
|
426
|
-
ownerWrappedKey,
|
|
427
|
-
ownerWrappingKeyId: rootKey.id,
|
|
428
|
-
ownerCipherData,
|
|
429
|
-
};
|
|
430
|
-
initiatorContactCardSharedCipherInput = {
|
|
431
|
-
sigPxkId: initiatorSigPrk.id,
|
|
432
|
-
};
|
|
433
|
-
const sharedCipherData = yield this.encryptionService.encrypt(sharedCipherKey, initiatorContactCardFromInit.sharedCipherDataClearJson);
|
|
434
|
-
initiatorContactCardSharedCipherInput.sharedCipherDataSig =
|
|
435
|
-
JSON.stringify(yield this.encryptionService.sign(initiatorSigPrk.jwk, sharedCipherData));
|
|
436
|
-
}
|
|
437
|
-
// TODO ideally we update the shared data in the contact card sent to the responder as well since that
|
|
438
|
-
// CC was created by the responder.
|
|
439
|
-
return new LrMutation({
|
|
440
|
-
mutation: CompleteKeyExchangeOtkMutation,
|
|
441
|
-
variables: {
|
|
442
|
-
input: {
|
|
443
|
-
keyExchangeId,
|
|
444
|
-
rootKeyId: rootKey.id,
|
|
445
|
-
masterKeyId: masterKey.id,
|
|
446
|
-
initiatorSigPxkId: initiatorSigPrk.id,
|
|
447
|
-
signedResponderPbk: JSON.stringify(signedResponderPbk),
|
|
448
|
-
signedResponderSigPbk: JSON.stringify(signedResponderSigPbk),
|
|
449
|
-
rkWrappedSharedKey: JSON.stringify(rkWrappedSharedKey),
|
|
450
|
-
mkWrappedMkSharedKey: JSON.stringify(mkWrappedMkSharedKey),
|
|
451
|
-
responderContactCardCipher: responderContactCardCipherInput,
|
|
452
|
-
initiatorContactCardCipher: initiatorContactCardCipherInput,
|
|
453
|
-
initiatorContactCardSharedCipher: initiatorContactCardSharedCipherInput,
|
|
454
|
-
},
|
|
455
|
-
},
|
|
456
|
-
});
|
|
457
|
-
});
|
|
458
|
-
}
|
|
459
|
-
};
|
|
460
|
-
KeyExchange2Service.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyExchange2Service_Factory() { return new KeyExchange2Service(i0.ɵɵinject(i0.NgZone), i0.ɵɵinject(i0.INJECTOR), i0.ɵɵinject(i1.KeyFactoryService), i0.ɵɵinject(i2.KeyService), i0.ɵɵinject(i3.EncryptionService), i0.ɵɵinject(i4.KeyGraphService)); }, token: KeyExchange2Service, providedIn: "root" });
|
|
461
|
-
KeyExchange2Service.decorators = [
|
|
462
|
-
{ type: Injectable, args: [{
|
|
463
|
-
providedIn: 'root',
|
|
464
|
-
},] }
|
|
465
|
-
];
|
|
466
|
-
KeyExchange2Service.ctorParameters = () => [
|
|
467
|
-
{ type: NgZone },
|
|
468
|
-
{ type: Injector },
|
|
469
|
-
{ type: KeyFactoryService },
|
|
470
|
-
{ type: KeyService },
|
|
471
|
-
{ type: EncryptionService },
|
|
472
|
-
{ type: KeyGraphService }
|
|
473
|
-
];
|
|
474
|
-
KeyExchange2Service = __decorate([
|
|
475
|
-
RunOutsideAngular({
|
|
476
|
-
ngZoneName: 'ngZone',
|
|
477
|
-
})
|
|
478
|
-
], KeyExchange2Service);
|
|
479
|
-
export { KeyExchange2Service };
|
|
480
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LWV4Y2hhbmdlMi5zZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vLi4vcHJvamVjdHMvY29yZS9zcmMvbGliL2tleS1leGNoYW5nZS9rZXktZXhjaGFuZ2UyLnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLE9BQU8sRUFBRSxVQUFVLEVBQUUsUUFBUSxFQUFFLE1BQU0sRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUU3RCxPQUFPLEVBQUUsVUFBVSxFQUFFLFNBQVMsRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBTzFELE9BQU8sRUFDTCxpQkFBaUIsRUFDakIsaUJBQWlCLEdBQ2xCLE1BQU0sa0NBQWtDLENBQUM7QUFDMUMsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sNEJBQTRCLENBQUM7QUFDL0QsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBQzNELE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxvQkFBb0IsQ0FBQztBQUNoRCxPQUFPLEVBQUUsdUJBQXVCLEVBQUUsTUFBTSx1QkFBdUIsQ0FBQztBQUNoRSxPQUFPLEVBQUUsaUJBQWlCLEVBQUUsTUFBTSxnQ0FBZ0MsQ0FBQztBQUNuRSxPQUFPLEVBQ0wseUJBQXlCLEVBQ3pCLDhCQUE4QixFQUM5QiwwQkFBMEIsRUFDMUIsMEJBQTBCLEVBQzFCLDhCQUE4QixFQUU5QixpQkFBaUIsRUFDakIsa0JBQWtCLEVBRWxCLHNCQUFzQixFQUN0Qiw2QkFBNkIsR0FDOUIsTUFBTSxxQkFBcUIsQ0FBQzs7Ozs7O0lBNEhoQixtQkFBbUIsU0FBbkIsbUJBQW9CLFNBQVEsU0FBUztJQUdoRCxZQUNVLE1BQWMsRUFDZCxRQUFrQixFQUNsQixVQUE2QixFQUM3QixVQUFzQixFQUN0QixpQkFBb0MsRUFDcEMsUUFBeUI7UUFFakMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBUFIsV0FBTSxHQUFOLE1BQU0sQ0FBUTtRQUNkLGFBQVEsR0FBUixRQUFRLENBQVU7UUFDbEIsZUFBVSxHQUFWLFVBQVUsQ0FBbUI7UUFDN0IsZUFBVSxHQUFWLFVBQVUsQ0FBWTtRQUN0QixzQkFBaUIsR0FBakIsaUJBQWlCLENBQW1CO1FBQ3BDLGFBQVEsR0FBUixRQUFRLENBQWlCO1FBUmxCLHdCQUFtQixHQUFHLEVBQUUsQ0FBQztJQVcxQyxDQUFDO0lBRWEsUUFBUSxDQUNwQixXQUFvQyxFQUNwQyxNQUFlOztZQUVmLElBQUksTUFBTSxFQUFFO2dCQUNWLE9BQU8sTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLGlDQUMvQixJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsV0FBVyxDQUFDLEtBQzFDLENBQUMsRUFBRSxNQUFNLElBQ1QsQ0FBQzthQUNKO2lCQUFNLElBQ0wsV0FBVyxDQUFDLEdBQUcsQ0FBQyxLQUFLLEtBQUssZUFBZTtnQkFDekMsQ0FBQyxXQUFXLENBQUMsV0FBVztnQkFDeEIsV0FBVyxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsRUFDbEM7Z0JBQ0EseUZBQXlGO2dCQUN6RixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQztnQkFDdkMsTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUMxRCxHQUFHLENBQUMsR0FBRyxFQUNQLElBQUksQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsQ0FBQyxFQUM5QztvQkFDRSxjQUFjLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUM7aUJBQzVDLENBQ0YsQ0FBQztnQkFDRixJQUFJLGVBQWUsQ0FBQyxLQUFLLEVBQUU7b0JBQ3pCLE9BQU8sTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsZUFBZSxDQUFDLEtBQUssQ0FBQyxDQUFDO2lCQUM3RDthQUNGO1lBQ0QsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO0tBQUE7SUFFYSxVQUFVLENBQ3RCLFdBQW9DLEVBQ3BDLE1BQWU7O1lBRWYsTUFBTSxLQUFLLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLFdBQVcsRUFBRSxNQUFNLENBQUMsQ0FBQztZQUV2RCxJQUFJLEdBQUcsR0FBRyxXQUFXLENBQUMsR0FBRyxDQUFDO1lBRTFCLElBQUksS0FBSyxJQUFJLEdBQUcsQ0FBQyxXQUFXLEVBQUU7Z0JBQzVCLEdBQUcsbUNBQ0UsR0FBRyxLQUNOLEtBQUssRUFDTCxvQkFBb0IsRUFBRSxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ3hELEtBQUssRUFDTCxXQUFXLENBQUMsR0FBRyxDQUFDLFdBQVcsQ0FDNUIsR0FDRixDQUFDO2FBQ0g7WUFFRCx1Q0FDSyxXQUFXLEtBQ2QsR0FBRyxJQUNIO1FBQ0osQ0FBQztLQUFBO0lBRWEscUJBQXFCLENBQ2pDLEtBQWMsRUFDZCxLQUFjLEVBQ2QsT0FBbUI7O1lBRW5CLG9FQUFvRTtZQUNwRSxJQUFJO2dCQUNGLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFLE9BQU8sQ0FBQyxDQUFDO2FBQ2hFO1lBQUMsT0FBTyxLQUFLLEVBQUU7Z0JBQ2QsSUFBSSxLQUFLLENBQUMsT0FBTyxLQUFLLGNBQWMsRUFBRTtvQkFDcEMsTUFBTSxLQUFLLENBQUM7aUJBQ2I7Z0JBQ0QsOEVBQThFO2FBQy9FO1lBRUQsb0dBQW9HO1lBQ3BHLE9BQU8sTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxPQUFPLENBQUMsQ0FBQztRQUM5RCxDQUFDO0tBQUE7SUFFYSw2QkFBNkIsQ0FDekMsV0FBb0M7O1lBRXBDLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDO1lBRS9DLDRDQUE0QztZQUM1QyxNQUFNLCtCQUErQixHQUNuQyxDQUFDLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbkMsT0FBTyxDQUFDLEdBQUcsRUFDWCxXQUFXLENBQUMsc0JBQXNCLENBQ25DLENBQXFDLENBQUM7WUFFekMsTUFBTSxLQUFLLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLENBQ3pDLCtCQUErQixDQUFDLEtBQUssQ0FDdEMsQ0FBQztZQUVGLFdBQVcsbUNBQ04sV0FBVyxLQUNkLCtCQUErQixHQUNoQyxDQUFDO1lBRUYsSUFBSSxHQUFHLEdBQUcsV0FBVyxDQUFDLEdBQUcsQ0FBQztZQUUxQixJQUFJLEdBQUcsQ0FBQyx5QkFBeUIsRUFBRTtnQkFDakMsR0FBRyxtQ0FDRSxHQUFHLEtBQ04sa0NBQWtDLEVBQUUsTUFBTSxJQUFJLENBQUMscUJBQXFCLENBQ2xFLEtBQUssRUFDTCxNQUFNLGlCQUFpQixDQUFDLEtBQUssQ0FDM0IsK0JBQStCLENBQUMsVUFBVSxDQUMzQyxFQUNELEdBQUcsQ0FBQyx5QkFBeUIsQ0FDOUIsR0FDRixDQUFDO2FBQ0g7WUFFRCxJQUFJLEdBQUcsQ0FBQyxXQUFXLEVBQUU7Z0JBQ25CLEdBQUcsQ0FBQyxvQkFBb0IsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQzdELEtBQUssRUFDTCxHQUFHLENBQUMsV0FBVyxDQUNoQixDQUFDO2FBQ0g7WUFFRCx1Q0FDSyxXQUFXLEtBQ2QsR0FBRyxJQUNIO1FBQ0osQ0FBQztLQUFBO0lBRWEsNkJBQTZCLENBQ3pDLFdBQW9DLEVBQ3BDLE1BQWU7O1lBRWYsT0FBTyxJQUFJLENBQUMsVUFBVSxDQUFDLFdBQVcsRUFBRSxNQUFNLENBQUMsQ0FBQztRQUM5QyxDQUFDO0tBQUE7SUFFSyxrQkFBa0IsQ0FDdEIsV0FBb0MsRUFDcEMsTUFBZTs7WUFFZixJQUFJLFdBQVcsQ0FBQyxXQUFXLEVBQUU7Z0JBQzNCLE9BQU8sSUFBSSxDQUFDLDZCQUE2QixDQUFDLFdBQVcsQ0FBQyxDQUFDO2FBQ3hEO2lCQUFNO2dCQUNMLE9BQU8sSUFBSSxDQUFDLDZCQUE2QixDQUFDLFdBQVcsRUFBRSxNQUFNLENBQUMsQ0FBQzthQUNoRTtRQUNILENBQUM7S0FBQTtJQUVLLGVBQWUsQ0FBQyxFQUFFLEtBQUssS0FBb0MsRUFBRTs7WUFDakUsTUFBTSxFQUFFLFlBQVksRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLEtBQUssQ0FBQztnQkFDeEMsS0FBSyxFQUFFLGtCQUFrQjtnQkFDekIsU0FBUyxFQUFFO29CQUNULEtBQUs7aUJBQ047YUFDRixDQUFDLENBQUM7WUFFSCxPQUFPLE9BQU8sQ0FBQyxHQUFHLENBQ2hCLFlBQVksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQ3JFLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFRDs7Ozs7T0FLRztJQUNHLGNBQWMsQ0FDbEIsRUFBVSxFQUNWLEVBQUUsTUFBTSxFQUFFLEtBQUssS0FBNkIsRUFBRTs7WUFFOUMsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsS0FBSyxDQUFDO2dCQUMzQixLQUFLLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDLENBQUMsaUJBQWlCO2dCQUN6RCxTQUFTLEVBQUU7b0JBQ1QsRUFBRTtvQkFDRixLQUFLO2lCQUNOO2dCQUNELGVBQWUsRUFBRSxDQUFDLEtBQUs7YUFDeEIsQ0FBQyxDQUFDO1lBQ0gsT0FBTyxJQUFJLENBQUMsa0JBQWtCLENBQUMsR0FBRyxDQUFDLFdBQVcsRUFBRSxNQUFNLENBQUMsQ0FBQztRQUMxRCxDQUFDO0tBQUE7SUFFWSx1QkFBdUIsQ0FBQyxLQUdwQzs7WUFDQyxPQUFPLElBQUksQ0FBQyxLQUFLLENBQUM7Z0JBQ2hCLEtBQUssRUFBRSwwQkFBMEI7Z0JBQ2pDLFNBQVMsRUFBRTtvQkFDVCxRQUFRLEVBQUUsS0FBSyxDQUFDLFFBQVE7b0JBQ3hCLE1BQU0sRUFBRSxLQUFLLENBQUMsTUFBTTtpQkFDckI7YUFDRixDQUFDLENBQUM7UUFDTCxDQUFDO0tBQUE7SUFFRCxpQkFBaUIsQ0FBQyxFQUFVO1FBQzFCLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMseUJBQXlCLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztJQUN6RCxDQUFDO0lBRUQseUJBQXlCLENBQUMsRUFBVTtRQUNsQyxPQUFPLElBQUksVUFBVSxDQUFDO1lBQ3BCLFFBQVEsRUFBRSx5QkFBeUI7WUFDbkMsU0FBUyxFQUFFO2dCQUNULEtBQUssRUFBRTtvQkFDTCxFQUFFO2lCQUNIO2FBQ0Y7U0FDRixDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsa0JBQWtCLENBQUMsRUFBVSxFQUFFLEtBQWE7UUFDMUMsT0FBTyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQywwQkFBMEIsQ0FBQyxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQztJQUNqRSxDQUFDO0lBRUQsMEJBQTBCLENBQUMsRUFBVSxFQUFFLEtBQWE7UUFDbEQsT0FBTyxJQUFJLFVBQVUsQ0FBQztZQUNwQixRQUFRLEVBQUUsMEJBQTBCO1lBQ3BDLFNBQVMsRUFBRTtnQkFDVCxLQUFLLEVBQUU7b0JBQ0wsRUFBRTtvQkFDRixLQUFLO2lCQUNOO2FBQ0Y7U0FDRixDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUssV0FBVyxDQUFDLFFBQTJCLEVBQUU7O1lBQzdDLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDLE1BQU0sSUFBSSxDQUFDLG1CQUFtQixDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDekUsQ0FBQztLQUFBO0lBRUssbUJBQW1CLENBQUMsRUFDeEIsT0FBTyxFQUNQLEtBQUssRUFDTCxXQUFXLEVBQ1gsT0FBTyxNQUNjLEVBQUU7O1lBQ3ZCLE1BQU0sS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUNoRCxNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLENBQUMsQ0FBQztZQUVyRSxrRkFBa0Y7WUFDbEYsaUNBQWlDO1lBQ2pDLE1BQU0sbUJBQW1CLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLFlBQVksRUFBRSxDQUFDO1lBRWpFLG9DQUFvQztZQUNwQyxvRUFBb0U7WUFFcEUsK0NBQStDO1lBQy9DLHNEQUFzRDtZQUN0RCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQztZQUNoRCxNQUFNLGVBQWUsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQztZQUV0RCxJQUFJLHFCQUFxQixHQUFXLElBQUksQ0FBQztZQUV6QyxJQUFJLFdBQVcsSUFBSSxXQUFXLENBQUMsa0JBQWtCLEVBQUU7Z0JBQ2pELHFCQUFxQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLFlBQVksQ0FDL0QsZUFBZSxDQUFDLEdBQUcsRUFDbkIsV0FBVyxDQUFDLGtCQUFrQixDQUMvQixDQUFDO2FBQ0g7WUFFRCxNQUFNLFNBQVMsR0FBRztnQkFDaEIsT0FBTztnQkFDUCxXQUFXLEVBQUUsV0FBVyxJQUFJO29CQUMxQix5QkFBeUIsRUFBRSxXQUFXLENBQUMseUJBQXlCO2lCQUNqRTthQUNGLENBQUM7WUFFRix5Q0FBeUM7WUFDekMsTUFBTSxnQkFBZ0IsR0FBMEI7Z0JBQzlDLG9GQUFvRjtnQkFDcEYsZ0ZBQWdGO2dCQUNoRix3RkFBd0Y7Z0JBQ3hGLGtGQUFrRjtnQkFDbEYseUJBQXlCO2dCQUN6QixLQUFLO2dCQUNMLFNBQVMsa0NBQ0osU0FBUyxLQUNaLFVBQVUsRUFBRSxtQkFBbUIsQ0FBQyxNQUFNLEVBQUUsRUFDeEMsR0FBRyxFQUFFLFlBQVksQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLEVBQzlCLE1BQU0sRUFBRSxlQUFlLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxHQUNyQzthQUNGLENBQUM7WUFFRixNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsZUFBZSxDQUNyRCxLQUFLLEVBQ0wsZ0JBQWdCLENBQ2pCLENBQUM7WUFFRiwwREFBMEQ7WUFDMUQsTUFBTSwrQkFBK0IsR0FBcUM7Z0JBQ3hFLEtBQUs7Z0JBQ0wsVUFBVSxFQUFFLG1CQUFtQixDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUM7Z0JBQzVDLG9GQUFvRjtnQkFDcEYsd0NBQXdDO2dCQUV4QyxnRUFBZ0U7Z0JBQ2hFLHdFQUF3RTtnQkFDeEUsK0VBQStFO2dCQUMvRSxLQUFLLEVBQUUsS0FBSyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUM7Z0JBQ3pCLDJGQUEyRjtnQkFDM0Ysd0NBQXdDO2dCQUN4QyxvQkFBb0IsRUFBRSxXQUFXO2dCQUNqQyxTQUFTO2FBQ1YsQ0FBQztZQUVGLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDO1lBQy9DLE1BQU0sc0JBQXNCLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLGVBQWUsQ0FDaEUsT0FBTyxDQUFDLEdBQUcsRUFDWCwrQkFBK0IsQ0FDaEMsQ0FBQztZQUVGLGNBQWM7WUFDZCxNQUFNLE1BQU0sR0FBWSxLQUFLLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBZ0IsQ0FBQyxDQUFDLENBQUM7WUFFNUQsV0FBVztZQUNYLE1BQU0sVUFBVSxHQUFHLElBQUksVUFBVSxDQUFDO2dCQUNoQyxRQUFRLEVBQUUsOEJBQThCO2dCQUN4QyxTQUFTLEVBQUU7b0JBQ1QsS0FBSyxFQUFFO3dCQUNMLHFDQUFxQzt3QkFDckMsc0JBQXNCO3dCQUN0QixjQUFjLEVBQUUsWUFBWSxDQUFDLEVBQUU7d0JBQy9CLGlCQUFpQixFQUFFLGVBQWUsQ0FBQyxFQUFFO3dCQUNyQyxzQ0FBc0M7d0JBQ3RDLFdBQVcsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxNQUFNLEVBQUUsQ0FBQzt3QkFDM0MsV0FBVzt3QkFDWCxTQUFTLEVBQUUsS0FBSyxJQUFJOzRCQUNsQixLQUFLOzRCQUNMLFFBQVEsRUFBRSxNQUFNO3lCQUNqQjt3QkFDRCxRQUFRLEVBQUUsSUFBSTt3QkFDZCxxQkFBcUI7d0JBQ3JCLE9BQU87cUJBQ1I7aUJBQ0Y7YUFDRixDQUFDLENBQUM7WUFFSCxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sRUFBRSxDQUFDO1FBQ2hDLENBQUM7S0FBQTtJQUVELFVBQVUsQ0FBQyxLQUF1QjtRQUNoQyxPQUFPLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7SUFDckQsQ0FBQztJQUVLLGtCQUFrQixDQUFDLEVBQ3ZCLGFBQWEsRUFDYixLQUFLLEVBQ0wsWUFBWSxFQUNaLE9BQU8sRUFDUCxvQkFBb0IsRUFDcEIsb0JBQW9CLEdBQ0g7O1lBQ2pCLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDO1lBRS9DLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsZ0JBQWdCLENBQUM7WUFFbkQsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQ3BELE1BQU0sV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUV0RCxNQUFNLGtCQUFrQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDN0QsT0FBTyxDQUFDLEdBQUcsRUFDWCxTQUFTLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUN2QixDQUFDO1lBQ0YsTUFBTSxvQkFBb0IsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQy9ELFNBQVMsQ0FBQyxHQUFHLEVBQ2IsV0FBVyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDekIsQ0FBQztZQUVGLE1BQU0sbUJBQW1CLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLENBQ3ZELFlBQVksQ0FBQyxvQkFBb0IsQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUN2RCxDQUFDO1lBRUYsTUFBTSxZQUFZLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLENBQ2hELFlBQVksQ0FBQyxvQkFBb0IsQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUNoRCxDQUFDO1lBQ0YsTUFBTSxlQUFlLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLENBQ25ELFlBQVksQ0FBQyxvQkFBb0IsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUNuRCxDQUFDO1lBRUYsMkNBQTJDO1lBQzNDLHFEQUFxRDtZQUNyRCxtRUFBbUU7WUFDbkUsOEZBQThGO1lBRTlGLGdEQUFnRDtZQUNoRCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQztZQUNoRCxNQUFNLGVBQWUsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQztZQUV0RCxNQUFNLGtCQUFrQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FDMUQsZUFBZSxDQUFDLEdBQUcsRUFDbkIsWUFBWSxDQUFDLE1BQU0sRUFBRSxDQUN0QixDQUFDO1lBQ0YsTUFBTSxxQkFBcUIsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQzdELGVBQWUsQ0FBQyxHQUFHLEVBQ25CLGVBQWUsQ0FBQyxNQUFNLEVBQUUsQ0FDekIsQ0FBQztZQUVGLE1BQU0sa0NBQWtDLEdBQ3RDO2dCQUNFLEtBQUssRUFBRSxZQUFZLENBQUMsb0JBQW9CLENBQUMsS0FBSztnQkFDOUMsU0FBUyxFQUFFLFNBQVMsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDO2dCQUNqQyxXQUFXLEVBQUUsV0FBVyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUM7Z0JBQ3JDLFNBQVMsRUFBRTtvQkFDVCxHQUFHLEVBQUUsWUFBWSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUU7b0JBQzlCLE1BQU0sRUFBRSxlQUFlLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRTtvQkFDcEMsT0FBTztpQkFDUjthQUNGLENBQUM7WUFFSixJQUFJLGlCQUFpQixDQUFDO1lBQ3RCLElBQUksWUFBWSxDQUFDLG9CQUFvQixDQUFDLFNBQVMsQ0FBQyxXQUFXLEVBQUU7Z0JBQzNELHdIQUF3SDtnQkFDeEgsNEhBQTRIO2dCQUM1SCw0SEFBNEg7Z0JBQzVILE1BQU0seUJBQXlCLEdBQzdCLFlBQVksQ0FBQyxvQkFBb0IsQ0FBQyxTQUFTLENBQUMsV0FBVztxQkFDcEQseUJBQXlCLENBQUM7Z0JBRS9CLGNBQWM7Z0JBQ2QsTUFBTSxXQUFXLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsRUFBRSxDQUFDO2dCQUN0RCxNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBQ3RELE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxDQUFDO2dCQUU3QyxpQkFBaUIsR0FBRztvQkFDbEIsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FDaEMsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUNsQyxPQUFPLENBQUMsR0FBRyxFQUNYLFdBQVcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQ3pCLENBQ0Y7b0JBQ0QscUJBQXFCLEVBQUUsT0FBTyxDQUFDLEVBQUU7b0JBQ2pDLGtCQUFrQixFQUFFLG9CQUFvQjt3QkFDdEMsQ0FBQyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQ1osTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUNsQyxXQUFXLEVBQ1gsb0JBQW9CLENBQUMsMkJBQTJCLENBQ2pELENBQ0Y7d0JBQ0gsQ0FBQyxDQUFDLEVBQUU7b0JBQ04sZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FDOUIsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUNsQyxTQUFTLEVBQ1QsV0FBVyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDekIsQ0FDRjtpQkFDRixDQUFDO2dCQUVGLE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUMzRCxXQUFXLEVBQ1gseUJBQXlCLENBQzFCLENBQUM7Z0JBQ0YsaUJBQWlCLENBQUMsbUJBQW1CLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FDcEQsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxHQUFHLEVBQUUsZ0JBQWdCLENBQUMsQ0FDaEUsQ0FBQztnQkFDRixpQkFBaUIsQ0FBQyxRQUFRLEdBQUcsTUFBTSxDQUFDLEVBQUUsQ0FBQztnQkFFdkMsa0NBQWtDLENBQUMsU0FBUyxDQUFDLFdBQVcsbUNBQ25ELGtDQUFrQyxDQUFDLFNBQVMsQ0FBQyxXQUFXLEtBQzNELGVBQWUsRUFBRSxXQUFXLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxHQUMxQyxDQUFDO2FBQ0g7WUFFRCxJQUFJLGtCQUFrQixDQUFDO1lBQ3ZCLElBQUksb0JBQW9CLEVBQUU7Z0JBQ3hCLGNBQWM7Z0JBQ2QsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsRUFBRSxDQUFDO2dCQUNuRCxNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBQ3RELE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxDQUFDO2dCQUU3QyxrQkFBa0IsR0FBRztvQkFDbkIsZUFBZSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQzdCLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbEMsT0FBTyxDQUFDLEdBQUcsRUFDWCxRQUFRLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUN0QixDQUNGO29CQUNELGtCQUFrQixFQUFFLE9BQU8sQ0FBQyxFQUFFO29CQUM5QixlQUFlLEVBQUUsb0JBQW9CLENBQUMsd0JBQXdCO3dCQUM1RCxDQUFDLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FDWixNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ2xDLFFBQVEsRUFDUixvQkFBb0IsQ0FBQyx3QkFBd0IsQ0FDOUMsQ0FDRjt3QkFDSCxDQUFDLENBQUMsRUFBRTtvQkFFTixnQkFBZ0IsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUM5QixNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ2xDLFNBQVMsRUFDVCxXQUFXLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUN6QixDQUNGO2lCQUNGLENBQUM7Z0JBRUYsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQzNELFdBQVcsRUFDWCxvQkFBb0IsQ0FBQyx5QkFBeUIsQ0FDL0MsQ0FBQztnQkFDRixrQkFBa0IsQ0FBQyxtQkFBbUIsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUNyRCxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLEdBQUcsRUFBRSxnQkFBZ0IsQ0FBQyxDQUNoRSxDQUFDO2dCQUNGLGtCQUFrQixDQUFDLFFBQVEsR0FBRyxNQUFNLENBQUMsRUFBRSxDQUFDO2dCQUV4QyxJQUFJLG9CQUFvQixDQUFDLGtCQUFrQixFQUFFO29CQUMzQyxrQkFBa0IsQ0FBQyxpQkFBaUIsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUNuRCxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQy9CLGVBQWUsQ0FBQyxHQUFHLEVBQ25CLG9CQUFvQixDQUFDLGtCQUFrQixDQUN4QyxDQUNGLENBQUM7aUJBQ0g7Z0JBRUQsOENBQThDO2dCQUM5QyxrQ0FBa0MsQ0FBQyxTQUFTLENBQUMsV0FBVyxtQ0FDbkQsa0NBQWtDLENBQUMsU0FBUyxDQUFDLFdBQVcsS0FDM0QseUJBQXlCLEVBQ3ZCLG9CQUFvQixDQUFDLHlCQUF5QixHQUNqRCxDQUFDO2FBQ0g7WUFFRCxtQ0FBbUM7WUFDbkMsSUFBSSx5QkFBeUIsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ2xFLG1CQUFtQixFQUNuQixrQ0FBa0MsQ0FDbkMsQ0FBQztZQUVGLDBFQUEwRTtZQUMxRSx5QkFBeUIsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQzlELFlBQVksQ0FBQyxLQUFLLEVBQ2xCLHlCQUF5QixDQUMxQixDQUFDO1lBRUYsT0FBTyxJQUFJLFVBQVUsQ0FBQztnQkFDcEIsUUFBUSxFQUFFLDZCQUE2QjtnQkFDdkMsU0FBUyxFQUFFO29CQUNULEtBQUssRUFBRTt3QkFDTCxhQUFhO3dCQUNiLGdCQUFnQixFQUFFLEtBQUs7d0JBQ3ZCLFNBQVMsRUFBRSxPQUFPLENBQUMsRUFBRTt3QkFDckIsV0FBVyxFQUFFLFNBQVMsQ0FBQyxFQUFFO3dCQUN6QixxQ0FBcUM7d0JBQ3JDLGNBQWMsRUFBRSxZQUFZLENBQUMsRUFBRTt3QkFDL0IsaUJBQWlCLEVBQUUsZUFBZSxDQUFDLEVBQUU7d0JBQ3JDLGtCQUFrQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsa0JBQWtCLENBQUM7d0JBQ3RELHFCQUFxQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMscUJBQXFCLENBQUM7d0JBQzVELHNFQUFzRTt3QkFFdEUsMkNBQTJDO3dCQUMzQyxzRUFBc0U7d0JBQ3RFLGtCQUFrQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsa0JBQWtCLENBQUM7d0JBQ3RELG9CQUFvQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsb0JBQW9CLENBQUM7d0JBQzFELHNDQUFzQzt3QkFDdEMseUJBQXlCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyx5QkFBeUIsQ0FBQzt3QkFDcEUsb0JBQW9CLEVBQUUsaUJBQWlCO3dCQUN2QyxvQkFBb0IsRUFBRSxrQkFBa0I7cUJBQ3pDO2lCQUNGO2FBQ0YsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztLQUFBO0lBRUQsV0FBVyxDQUFDLEtBQXdCO1FBQ2xDLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsbUJBQW1CLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztJQUN0RCxDQUFDO0lBRUssbUJBQW1CLENBQUMsRUFDeEIsYUFBYSxFQUNiLHNCQUFzQixFQUN0Qix5QkFBeUIsRUFDekIsb0JBQW9CLEVBQ3BCLG9CQUFvQixHQUNGOztZQUNsQixNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLGNBQWMsQ0FBQztZQUMvQyxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLGdCQUFnQixDQUFDO1lBRW5ELDRDQUE0QztZQUM1QyxNQUFNLCtCQUErQixHQUNuQyxDQUFDLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbkMsT0FBTyxDQUFDLEdBQUcsRUFDWCxzQkFBc0IsQ0FDdkIsQ0FBcUMsQ0FBQztZQUV6QyxvR0FBb0c7WUFDcEcsTUFBTSw4QkFBOEIsR0FBRyxNQUFNLElBQUksQ0FBQyxxQkFBcUIsQ0FDckUsTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsK0JBQStCLENBQUMsS0FBSyxDQUFDLEVBQ3BFLE1BQU0saUJBQWlCLENBQUMsS0FBSyxDQUFDLCtCQUErQixDQUFDLFVBQVUsQ0FBQyxFQUN6RSx5QkFBeUIsQ0FDMUIsQ0FBQztZQUVGLDRFQUE0RTtZQUM1RSxJQUNFLCtCQUErQixDQUFDLEtBQUs7Z0JBQ3JDLDhCQUE4QixDQUFDLEtBQUssRUFDcEM7Z0JBQ0EsTUFBTSxJQUFJLHVCQUF1QixDQUMvQix1RkFBdUYsQ0FDeEYsQ0FBQzthQUNIO1lBRUQsOERBQThEO1lBQzlELGtGQUFrRjtZQUNsRiw4RkFBOEY7WUFFOUYsK0NBQStDO1lBQy9DLHVFQUF1RTtZQUN2RSxpQ0FBaUM7WUFFakMscURBQXFEO1lBQ3JELE1BQU0sZUFBZSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxDQUFDO1lBQ3RELE1BQU0sZUFBZSxHQUFHLE1BQU0saUJBQWlCLENBQUMsS0FBSyxDQUNuRCw4QkFBOEIsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUNoRCxDQUFDO1lBQ0YsTUFBTSxZQUFZLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLENBQ2hELDhCQUE4QixDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQzdDLENBQUM7WUFFRixNQUFNLGtCQUFrQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FDMUQsZUFBZSxDQUFDLEdBQUcsRUFDbkIsWUFBWSxDQUFDLE1BQU0sRUFBRSxDQUN0QixDQUFDO1lBQ0YsTUFBTSxxQkFBcUIsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQzdELGVBQWUsQ0FBQyxHQUFHLEVBQ25CLGVBQWUsQ0FBQyxNQUFNLEVBQUUsQ0FDekIsQ0FBQztZQUVGLE1BQU0sU0FBUyxHQUFHLE1BQU0saUJBQWlCLENBQUMsS0FBSyxDQUM3Qyw4QkFBOEIsQ0FBQyxTQUFTLENBQ3pDLENBQUM7WUFDRixNQUFNLGtCQUFrQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDN0QsT0FBTyxDQUFDLEdBQUcsRUFDWCxTQUFTLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUN2QixDQUFDO1lBRUYsTUFBTSxXQUFXLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLENBQy9DLDhCQUE4QixDQUFDLFdBQVcsQ0FDM0MsQ0FBQztZQUNGLE1BQU0sb0JBQW9CLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUMvRCxTQUFTLENBQUMsR0FBRyxFQUNiLFdBQVcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQ3pCLENBQUM7WUFFRixJQUFJLCtCQUErQixDQUFDO1lBQ3BDLElBQUksb0JBQW9CLEVBQUU7Z0JBQ3hCLGFBQWE7Z0JBQ2IsTUFBTSxXQUFXLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsRUFBRSxDQUFDO2dCQUV0RCwrQkFBK0IsR0FBRztvQkFDaEMsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FDaEMsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUNsQyxPQUFPLENBQUMsR0FBRyxFQUNYLFdBQVcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQ3pCLENBQ0Y7b0JBQ0QscUJBQXFCLEVBQUUsT0FBTyxDQUFDLEVBQUU7b0JBQ2pDLGtCQUFrQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQ2hDLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbEMsV0FBVyxFQUNYLG9CQUFvQixDQUFDLDJCQUEyQixDQUNqRCxDQUNGO2lCQUNGLENBQUM7YUFDSDtZQUVELHdEQUF3RDtZQUN4RCxJQUFJLCtCQUErQixDQUFDO1lBQ3BDLElBQUkscUNBQXFDLENBQUM7WUFDMUMsSUFBSSwrQkFBK0IsQ0FBQyxvQkFBb0IsRUFBRTtnQkFDeEQseUdBQXlHO2dCQUN6RyxXQUFXO2dCQUNYLE1BQU0sNEJBQTRCLEdBQ2hDLCtCQUErQixDQUFDLG9CQUFvQixDQUFDO2dCQUN2RCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBQ25ELE1BQU0sZUFBZSxHQUFHLE1BQU0saUJBQWlCLENBQUMsS0FBSyxDQUNuRCw4QkFBOEIsQ0FBQyxTQUFTLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FDckUsQ0FBQztnQkFFRixNQUFNLGVBQWUsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUNwQyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLEdBQUcsRUFBRSxRQUFRLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQ3pFLENBQUM7Z0JBRUYsdURBQXVEO2dCQUN2RCxNQUFNLHdCQUF3QixHQUM1QixDQUFBLG9CQUFvQixhQUFwQixvQkFBb0IsdUJBQXBCLG9CQUFvQixDQUFFLHdCQUF3QjtvQkFDOUMsNEJBQTRCLENBQUMsd0JBQXdCLENBQUM7Z0JBRXhELE1BQU0sZUFBZSxHQUFHLHdCQUF3QjtvQkFDOUMsQ0FBQyxDQUFDLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxlQUFlLENBQ2pDLFFBQVEsRUFDUix3QkFBd0IsQ0FDekI7b0JBQ0gsQ0FBQyxDQUFDLEVBQUUsQ0FBQztnQkFFUCwrQkFBK0IsR0FBRztvQkFDaEMsZUFBZTtvQkFDZixrQkFBa0IsRUFBRSxPQUFPLENBQUMsRUFBRTtvQkFDOUIsZUFBZTtpQkFDaEIsQ0FBQztnQkFFRixxQ0FBcUMsR0FBRztvQkFDdEMsUUFBUSxFQUFFLGVBQWUsQ0FBQyxFQUFFO2lCQUM3QixDQUFDO2dCQUVGLE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUMzRCxlQUFlLEVBQ2YsNEJBQTRCLENBQUMseUJBQXlCLENBQ3ZELENBQUM7Z0JBQ0YscUNBQXFDLENBQUMsbUJBQW1CO29CQUN2RCxJQUFJLENBQUMsU0FBUyxDQUNaLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FDL0IsZUFBZSxDQUFDLEdBQUcsRUFDbkIsZ0JBQWdCLENBQ2pCLENBQ0YsQ0FBQzthQUNMO1lBRUQsc0dBQXNHO1lBQ3RHLG1DQUFtQztZQUVuQyxPQUFPLElBQUksVUFBVSxDQUFDO2dCQUNwQixRQUFRLEVBQUUsOEJBQThCO2dCQUN4QyxTQUFTLEVBQUU7b0JBQ1QsS0FBSyxFQUFFO3dCQUNMLGFBQWE7d0JBQ2IsU0FBUyxFQUFFLE9BQU8sQ0FBQyxFQUFFO3dCQUNyQixXQUFXLEVBQUUsU0FBUyxDQUFDLEVBQUU7d0JBQ3pCLGlCQUFpQixFQUFFLGVBQWUsQ0FBQyxFQUFFO3dCQUNyQyxrQkFBa0IsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLGtCQUFrQixDQUFDO3dCQUN0RCxxQkFBcUIsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLHFCQUFxQixDQUFDO3dCQUM1RCxrQkFBa0IsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLGtCQUFrQixDQUFDO3dCQUN0RCxvQkFBb0IsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLG9CQUFvQixDQUFDO3dCQUMxRCwwQkFBMEIsRUFBRSwrQkFBK0I7d0JBQzNELDBCQUEwQixFQUFFLCtCQUErQjt3QkFDM0QsZ0NBQWdDLEVBQzlCLHFDQUFxQztxQkFDeEM7aUJBQ0Y7YUFDRixDQUFDLENBQUM7UUFDTCxDQUFDO0tBQUE7Q0FDRixDQUFBOzs7WUEzdUJBLFVBQVUsU0FBQztnQkFDVixVQUFVLEVBQUUsTUFBTTthQUNuQjs7O1lBeko4QixNQUFNO1lBQWhCLFFBQVE7WUFhcEIsaUJBQWlCO1lBRWpCLFVBQVU7WUFMakIsaUJBQWlCO1lBSVYsZUFBZTs7QUE0SVgsbUJBQW1CO0lBTi9CLGlCQUFpQixDQUFDO1FBQ2pCLFVBQVUsRUFBRSxRQUFRO0tBQ3JCLENBQUM7R0FJVyxtQkFBbUIsQ0F3dUIvQjtTQXh1QlksbUJBQW1CIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgSW5qZWN0YWJsZSwgSW5qZWN0b3IsIE5nWm9uZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xuaW1wb3J0IHsgSldLIH0gZnJvbSAnbm9kZS1qb3NlJztcbmltcG9ydCB7IExyTXV0YXRpb24sIExyU2VydmljZSB9IGZyb20gJy4uL2FwaS9sci1ncmFwaHFsJztcbmltcG9ydCB7XG4gIENvbnRhY3RDYXJkU2hhcmVkQ2lwaGVyRGF0YSxcbiAgSlNPTk9iamVjdCxcbiAgT3RLZXlDaXBoZXJDbGVhckpzb24yLFxufSBmcm9tICcuLi9hcGkvdHlwZXMnO1xuaW1wb3J0IHsgT3duZXJQbGFpbkRhdGFKc29uIH0gZnJvbSAnLi4vY29udGFjdC1jYXJkL2NvbnRhY3QtY2FyZDIuc2VydmljZSc7XG5pbXBvcnQge1xuICBFbmNyeXB0aW9uU2VydmljZSxcbiAgSm9zZVNlcmlhbGl6YXRpb24sXG59IGZyb20gJy4uL2VuY3J5cHRpb24vZW5jcnlwdGlvbi5zZXJ2aWNlJztcbmltcG9ydCB7IEtleUZhY3RvcnlTZXJ2aWNlIH0gZnJvbSAnLi4va2V5L2tleS1mYWN0b3J5LnNlcnZpY2UnO1xuaW1wb3J0IHsgS2V5R3JhcGhTZXJ2aWNlIH0gZnJvbSAnLi4va2V5L2tleS1ncmFwaC5zZXJ2aWNlJztcbmltcG9ydCB7IEtleVNlcnZpY2UgfSBmcm9tICcuLi9rZXkva2V5LnNlcnZpY2UnO1xuaW1wb3J0IHsgS2NDb2RlTWlzbWF0Y2hFeGNlcHRpb24gfSBmcm9tICcuLi9fY29tbW9uL2V4Y2VwdGlvbnMnO1xuaW1wb3J0IHsgUnVuT3V0c2lkZUFuZ3VsYXIgfSBmcm9tICcuLi9fY29tbW9uL3J1bi1vdXRzaWRlLWFuZ3VsYXInO1xuaW1wb3J0IHtcbiAgQ2FuY2VsS2V5RXhjaGFuZ2VNdXRhdGlvbixcbiAgQ29tcGxldGVLZXlFeGNoYW5nZU90a011dGF0aW9uLFxuICBDdXJyZW50VXNlclNoYXJlZEtleVF1ZXJ5MixcbiAgRGVjbGluZUtleUV4Y2hhbmdlTXV0YXRpb24sXG4gIEluaXRpYXRlS2V5RXhjaGFuZ2VPdGtNdXRhdGlvbixcbiAgS2V5RXhjaGFuZ2VGaWVsZHNSZXN1bHQsXG4gIEtleUV4Y2hhbmdlUXVlcnkyLFxuICBLZXlFeGNoYW5nZXNRdWVyeTIsXG4gIEtleUV4Y2hhbmdlU3RhdGUyLFxuICBLZXlFeGNoYW5nZVRva2VuUXVlcnkyLFxuICBSZXNwb25kS2V5RXhjaGFuZ2VPdGtNdXRhdGlvbixcbn0gZnJvbSAnLi9rZXktZXhjaGFuZ2UyLmdxbCc7XG5cbi8qKlxuICogVGhlIGRlY3J5cHRlZCBjb250ZW50IG9mIHRoZSBvbmUtdGltZSBrZXkgY2lwaGVyO1xuICogV2hlbiB1c2VyIHN1cHBsaWVzIHRoaXMgaW5mb3JtYXRpb24gdGhlIGxpYiBkb2Vzbid0IG5lZWQgdG8gZG8gYW5vdGhlciBBUEkgY2FsbFxuICogdG8gZmV0Y2ggdGhlIGtleSBleGNoYW5nZSBub2RlLiBBbmQgc2luY2UgdGhlIHR5cGljYWwgdXNlIGNhc2UgaXMgdG8gZGlzcGxheVxuICogc29tZSBpbmZvcm1hdGlvbiB0byB0aGUgdXNlciwgdGhlIGtleSBleGNoYW5nZSBub2RlIHdvdWxkIGFscmVhZHkgaGF2ZSBiZWVuXG4gKiBmZXRjaGVkIGFuZCBkZWNyeXB0ZWQuXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgRGVjcnlwdGVkT3RrMiB7XG4gIG90S2V5Q2lwaGVyQ2xlYXJKc29uOiBPdEtleUNpcGhlckNsZWFySnNvbjI7XG4gIG90S2V5OiBKV0suS2V5OyAvLyBUaGUgb25lLXRpbWUga2V5XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgQ29udGFjdENhcmRSZWNlaXZlckNpcGhlckRhdGEge1xuICAvLyBUaGUgcmVjZWl2ZXIgb2YgdGhlIGNvbnRhY3QgY2FyZCBrZWVwcyBhIGNvcHlcbiAgLy8gb2YgdGhlIG93bmVyJ3MgY29udGFjdCBjYXJkIGluZm9ybWF0aW9uLCBlbmNyeXB0ZWQgdXNpbmcgdGhlIHJlY2VpdmVyJ3Mga2V5cy4gU28gdGhhdCB3aGVuXG4gIC8vIHRoZSBvd25lciBkZWNpZGVzIHRvIHVwZGF0ZSB0aGVpciBzaGFyZWQgY29udGFjdCBjYXJkIGF0IGEgbGF0ZXIgZGF0ZSwgdGhlIHJlY2VpdmVyIGNhblxuICAvLyBjb21wYXJlIGFnYWluc3QgdGhlIG9yaWdpbmFsIGNvbnRhY3QgY2FyZCBzZW50IGR1cmluZyBrZXkgZXhjaGFuZ2UuIFRoaXMgd2F5LCB0aGUgb3duZXJcbiAgLy8gY2FuJ3QgdW5pbGF0ZXJhbGx5IHVwZGF0ZSB0aGVpciBzaGFyZWQgY29udGFjdCBjYXJkIHdpdGhvdXQgdGhlIHJlY2VpdmVyIGtub3dpbmcgYWJvdXQgaXQuXG4gIHJlY2VpdmVyQ2lwaGVyRGF0YUNsZWFySnNvbjogSlNPTk9iamVjdDtcbn1cblxuZXhwb3J0IGludGVyZmFjZSBDb250YWN0Q2FyZE93bmVyUGxhaW5EYXRhIHtcbiAgLy8gQWNjZXNzaWJsZSBieSB0aGUgc2VydmVyIGFuZCB0aGUgb3duZXIuIFNlcnZlciBzaWRlIG5vdGlmaWNhdGlvbiBlbWFpbHMgbmVlZCB0byBrbm93IHNvbWVcbiAgLy8gaW5mb3JtYXRpb24gYWJvdXQgdGhlIG93bmVyLlxuICAvLyBUaGUgb3duZXIgY291bGQgZWl0aGVyIGJlIHRoZSBpbml0aWF0b3Igb3IgdGhlIHJlc3BvbmRlci5cbiAgb3duZXJQbGFpbkRhdGFKc29uOiBPd25lclBsYWluRGF0YUpzb247XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgQ29udGFjdENhcmRPd25lckNpcGhlckRhdGEge1xuICAvLyBPd25lciBvbmx5IGFjY2VzcyB0byB0aGlzIGRhdGFcbiAgb3duZXJDaXBoZXJEYXRhQ2xlYXJKc29uOiBKU09OT2JqZWN0O1xufVxuXG4vKipcbiAqIFNlbmRpbmcgY29udGFjdCBjYXJkIGluZm9ybWF0aW9uIGZyb20gdGhlIG93bmVyIHRvIHRoZSByZWNlaXZlci5cbiAqL1xuZXhwb3J0IHR5cGUgU2VuZENvbnRhY3RDYXJkSW5wdXQgPSBDb250YWN0Q2FyZE93bmVyUGxhaW5EYXRhICZcbiAgQ29udGFjdENhcmRPd25lckNpcGhlckRhdGEgJlxuICBDb250YWN0Q2FyZFNoYXJlZENpcGhlckRhdGE7XG5cbmV4cG9ydCBpbnRlcmZhY2UgSW5pdGlhdGVPdGtJbnB1dDIge1xuICAvLyBOb3RlIHRoYXQgaWYgbmVpdGhlciBlbWFpbCBub3IgcmVzcG9uZGVyVXNlcm5hbWUgYXJlIGdpdmVuLCB0aGUgb25lLXRpbWUga2V5XG4gIC8vIGNhbiBzdGlsbCBiZSBzZW50IHRvIHRoZSByZXNwb25kZXIgdmlhIE9PQlxuICBlbWFpbD86IHN0cmluZztcbiAgbWVzc2FnZT86IEpTT05PYmplY3Q7XG4gIGNvbnRhY3RDYXJkPzogU2VuZENvbnRhY3RDYXJkSW5wdXQ7XG4gIC8vIElmIFRydWUsIHRvIHVwZ3JhZGUgYW4gZW1haWwgaW52aXRlIHRvIGFuIGV4aXN0aW5nIHVzZXIgaW52aXRlIGlmIHRoZSBlbWFpbFxuICAvLyBpcyBhbHJlYWR5IGFzc29jaWF0ZWQgd2l0aCBhbiBleGlzdGluZyB1c2VyLlxuICB1cGdyYWRlPzogYm9vbGVhbjtcbn1cblxuZXhwb3J0IGludGVyZmFjZSBSZXNwb25kT3RrSW5wdXQyIHtcbiAga2V5RXhjaGFuZ2VJZDogc3RyaW5nO1xuICB0b2tlbjogc3RyaW5nO1xuICBkZWNyeXB0ZWRPdGs6IERlY3J5cHRlZE90azI7XG4gIG1lc3NhZ2U/OiBKU09OT2JqZWN0O1xuICAvLyBUaGUgaW5pdGlhdG9yIGlzIHRoZSBvd25lciBmbyB0aGUgaW5pdGlhdG9yQ29udGFjdENhcmQsIHRoZSByZXNwb25kZXJcbiAgLy8gaXMgdGhlIHJlY2VpdmVyLlxuICBpbml0aWF0b3JDb250YWN0Q2FyZD86IENvbnRhY3RDYXJkUmVjZWl2ZXJDaXBoZXJEYXRhO1xuICByZXNwb25kZXJDb250YWN0Q2FyZD86IFNlbmRDb250YWN0Q2FyZElucHV0O1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIENvbXBsZXRlT3RrSW5wdXQyIHtcbiAga2V5RXhjaGFuZ2VJZDogc3RyaW5nO1xuICAvLyBUaGlzIGlzIGEgcGFydCBvZiB0aGUga2V5IGV4Y2hhbmdlIGRhdGEuIEl0J3MgZW5jcnlwdGVkIHVzaW5nIHRoZSByb290IGtleVxuICBpbml0aWF0b3JSb290S2V5Q2lwaGVyOiBzdHJpbmc7XG4gIC8vIFRoaXMgaXMgYSBwYXJ0IG9mIHRoZSBrZXkgZXhjaGFuZ2UgZGF0YS4gSXQncyBlbmNyeXB0ZWQgdXNpbmcgdGhlIG9uZS10aW1lIGtleS5cbiAgaW5pdGlhdG9yT25lVGltZVBia0NpcGhlcjogc3RyaW5nO1xuICAvLyBUaGUgcmVzcG9uZGVyIGlzIHRoZSBvd25lciBmbyB0aGUgcmVzcG9uZGVyQ29udGFjdENhcmQsIHRoZSBpbml0aWF0b3JcbiAgLy8gaXMgdGhlIHJlY2VpdmVyLlxuICByZXNwb25kZXJDb250YWN0Q2FyZD86IENvbnRhY3RDYXJkUmVjZWl2ZXJDaXBoZXJEYXRhO1xuICAvLyBUaGUgaW5pdGlhdG9yIGNhbiB1cGRhdGUgdGhlIGNpcGhlciBkYXRhIHRoYXQgYXJlIG9ubHkgdmlzaWJsZSB0byB0aGVtLiBJdCBtYWtlc1xuICAvLyBsZXNzIHNlbnNlIHRvIHVwZGF0ZSB0aGUgc2hhcmVkIGRhdGEgYmVjYXVzZSB0aGUgcmVzcG9uZGVyIHdvdWxkIGhhdmUgYWxyZWFkeSBzZWVuXG4gIC8vIHRoZSBzaGFyZWQgZGF0YSBhbmQgYWNjZXB0ZWQgdGhhdCBpdCdzIGxlZ2l0LlxuICAvLyBCdXQgaW4gYW55IGNhc2UsIHRoZSBpbml0aWF0b3IgY2FuIHVwZGF0ZSB0aGUgc2hhcmVkIGNvbnRhY3QgY2FyZCBpbmZvIGF0IGFueSB0aW1lLlxuICBpbml0aWF0b3JDb250YWN0Q2FyZD86IENvbnRhY3RDYXJkT3duZXJDaXBoZXJEYXRhO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIEluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24yIHtcbiAgbm9uY2U6IHN0cmluZztcbiAgb25lVGltZVByazogUmVjb3JkPHN0cmluZywgSlNPTk9iamVjdD47IC8vIG9uZS10aW1lIHB1YmxpYyBlbmNyeXB0aW9uIGtleSByZXNwb25kZXIgdXNlIHRvIHNlbmQgZGF0YSBiYWNrIHRvIGluaXRpYXRvclxuICBvdEtleTogUmVjb3JkPHN0cmluZywgSlNPTk9iamVjdD47IC8vIG9uZS10aW1lIHN5bW1ldHJpYyBrZXkgdGhhdCBuZWVkcyB0byBiZSBzaGFyZWQgT09CXG4gIGluaXRpYXRvckNvbnRhY3RDYXJkPzogQ29udGFjdENhcmRPd25lckNpcGhlckRhdGEgJlxuICAgIENvbnRhY3RDYXJkU2hhcmVkQ2lwaGVyRGF0YTtcbiAgaW5pdGlhdG9yOiB7XG4gICAgbWVzc2FnZT86IEpTT05PYmplY3Q7XG4gICAgY29udGFjdENhcmQ/OiBDb250YWN0Q2FyZFNoYXJlZENpcGhlckRhdGE7XG4gIH07XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgSW5pdGlhdG9yT25lVGltZVBia0NpcGhlckNsZWFySnNvbiB7XG4gIG5vbmNlOiBzdHJpbmc7XG4gIHNoYXJlZEtleTogUmVjb3JkPHN0cmluZywgSlNPTk9iamVjdD47XG4gIG1rU2hhcmVkS2V5OiBSZWNvcmQ8c3RyaW5nLCBKU09OT2JqZWN0PjtcbiAgcmVzcG9uZGVyOiB7XG4gICAgcGJrOiBSZWNvcmQ8c3RyaW5nLCBKU09OT2JqZWN0PjtcbiAgICBzaWdQYms6IFJlY29yZDxzdHJpbmcsIEpTT05PYmplY3Q+O1xuICAgIG1lc3NhZ2U/OiBKU09OT2JqZWN0O1xuICAgIGNvbnRhY3RDYXJkPzogQ29udGFjdENhcmRTaGFyZWRDaXBoZXJEYXRhICYge1xuICAgICAgLy8gTm90ZSB0aGF0IHRoaXMgaXMgX25vdF8gdGhlIHNhbWUga2V5IGFzIHRoZSBzaGFyZWRLZXkuIFRoZSBzaGFyZWRLZXkgd3JhcHNcbiAgICAgIC8vIHRoaXMga2V5IGluIHRoZSBrZXkgZ3JhcGguIEJ1dCBiZWNhdXNlIHRoaXMga2V5IGhhcyBub3QgYmVlbiBlbnRlcmVkIGludG9cbiAgICAgIC8vIHRoZSBrZXkgZ3JhcGggd2hlbiB0aGUgcmVzcG9uZGVyIGNhbGxzIHRoZSBBUEksIHdlIHBhc3MgdGhlIEpXSyBkaXJlY3RseSBoZXJlLlxuICAgICAgc2hhcmVkQ2lwaGVyS2V5OiBSZWNvcmQ8c3RyaW5nLCBKU09OT2JqZWN0PjtcbiAgICB9O1xuICB9O1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIEdldEtleUV4Y2hhbmdlT3B0aW9uczIge1xuICAvLyBUaGUgb3RLZXkgYXMgYSByYXcgc3RyaW5nLiBpLmUuIGtleS50b0pTT04odHJ1ZSkua1xuICBvdEtleUs/OiBzdHJpbmc7XG4gIC8vIFVzZXIgbmVlZCB0aGUgdG9rZW4gaWYgdGhleSBoYXZlIG5vdCByZXNwb25kZWQgdG8gdGhlIGtleSBleGNoYW5nZSB5ZXQuXG4gIC8vIE9uY2UgdGhleSd2ZSByZXNwb25kZWQgKGhlbmNlIHByb3ZlbiB0aGV5IGhhdmUgdGhlIE9PQiBLZXkpIHRoZXkgYmVjb21lXG4gIC8vIHRoZSBcInJlc3BvbmRlclwiIG9mIHRoaXMgZXhjaGFuZ2UsIGFuZCBjYW4gYWNjZXNzIGl0IHdoZW4gc2lnbmVkIGluLlxuICB0b2tlbj86IHN0cmluZztcbn1cblxuQFJ1bk91dHNpZGVBbmd1bGFyKHtcbiAgbmdab25lTmFtZTogJ25nWm9uZScsXG59KVxuQEluamVjdGFibGUoe1xuICBwcm92aWRlZEluOiAncm9vdCcsXG59KVxuZXhwb3J0IGNsYXNzIEtleUV4Y2hhbmdlMlNlcnZpY2UgZXh0ZW5kcyBMclNlcnZpY2Uge1xuICBwcml2YXRlIHJlYWRvbmx5IENMSUVOVF9OT05DRV9MRU5HVEggPSAzMjtcblxuICBjb25zdHJ1Y3RvcihcbiAgICBwcml2YXRlIG5nWm9uZTogTmdab25lLFxuICAgIHByaXZhdGUgaW5qZWN0b3I6IEluamVjdG9yLFxuICAgIHByaXZhdGUga2V5RmFjdG9yeTogS2V5RmFjdG9yeVNlcnZpY2UsXG4gICAgcHJpdmF0ZSBrZXlTZXJ2aWNlOiBLZXlTZXJ2aWNlLFxuICAgIHByaXZhdGUgZW5jcnlwdGlvblNlcnZpY2U6IEVuY3J5cHRpb25TZXJ2aWNlLFxuICAgIHByaXZhdGUga2V5R3JhcGg6IEtleUdyYXBoU2VydmljZVxuICApIHtcbiAgICBzdXBlcihpbmplY3Rvcik7XG4gIH1cblxuICBwcml2YXRlIGFzeW5jIGdldE90S2V5KFxuICAgIGtleUV4Y2hhbmdlOiBLZXlFeGNoYW5nZUZpZWxkc1Jlc3VsdCxcbiAgICBvdEtleUs/OiBzdHJpbmdcbiAgKTogUHJvbWlzZTxKV0suS2V5PiB7XG4gICAgaWYgKG90S2V5Sykge1xuICAgICAgcmV0dXJuIGF3YWl0IEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KHtcbiAgICAgICAgLi4uSlNPTi5wYXJzZShrZXlFeGNoYW5nZS5vdGsub3RLZXlQYXJhbXMpLFxuICAgICAgICBrOiBvdEtleUssXG4gICAgICB9KTtcbiAgICB9IGVsc2UgaWYgKFxuICAgICAga2V5RXhjaGFuZ2Uub3RrLnN0YXRlID09PSAnT1RLX0lOSVRJQVRFRCcgJiZcbiAgICAgICFrZXlFeGNoYW5nZS5pc0luaXRpYXRvciAmJlxuICAgICAga2V5RXhjaGFuZ2Uub3RrLnJlc3BvbmRlclBia0NpcGhlclxuICAgICkge1xuICAgICAgLy8gQXNzdW1pbmcgZXhpc3RpbmcgdXNlciBnZXR0aW5nIGludml0ZWQgd2hlcmUgT1RLIGlzIHdyYXBwZWQgaW4gcmVzcG9uZGVyJ3MgcHVibGljIGtleS5cbiAgICAgIGNvbnN0IHByayA9IHRoaXMua2V5U2VydmljZS5jdXJyZW50UHhrO1xuICAgICAgY29uc3QgZGVjcnlwdGVkQ2lwaGVyID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxuICAgICAgICBwcmsuandrLFxuICAgICAgICBKU09OLnBhcnNlKGtleUV4Y2hhbmdlLm90ay5yZXNwb25kZXJQYmtDaXBoZXIpLFxuICAgICAgICB7XG4gICAgICAgICAgc2VyaWFsaXphdGlvbnM6IFtKb3NlU2VyaWFsaXphdGlvbi5DT01QQUNUXSxcbiAgICAgICAgfVxuICAgICAgKTtcbiAgICAgIGlmIChkZWNyeXB0ZWRDaXBoZXIub3RLZXkpIHtcbiAgICAgICAgcmV0dXJuIGF3YWl0IEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KGRlY3J5cHRlZENpcGhlci5vdEtleSk7XG4gICAgICB9XG4gICAgfVxuICAgIHJldHVybiBudWxsO1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBkZWNyeXB0T3RrKFxuICAgIGtleUV4Y2hhbmdlOiBLZXlFeGNoYW5nZUZpZWxkc1Jlc3VsdCxcbiAgICBvdEtleUs/OiBzdHJpbmdcbiAgKTogUHJvbWlzZTxLZXlFeGNoYW5nZUZpZWxkc1Jlc3VsdD4ge1xuICAgIGNvbnN0IG90S2V5ID0gYXdhaXQgdGhpcy5nZXRPdEtleShrZXlFeGNoYW5nZSwgb3RLZXlLKTtcblxuICAgIGxldCBvdGsgPSBrZXlFeGNoYW5nZS5vdGs7XG5cbiAgICBpZiAob3RLZXkgJiYgb3RrLm90S2V5Q2lwaGVyKSB7XG4gICAgICBvdGsgPSB7XG4gICAgICAgIC4uLm90ayxcbiAgICAgICAgb3RLZXksXG4gICAgICAgIG90S2V5Q2lwaGVyQ2xlYXJKc29uOiBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoXG4gICAgICAgICAgb3RLZXksXG4gICAgICAgICAga2V5RXhjaGFuZ2Uub3RrLm90S2V5Q2lwaGVyXG4gICAgICAgICksXG4gICAgICB9O1xuICAgIH1cblxuICAgIHJldHVybiB7XG4gICAgICAuLi5rZXlFeGNoYW5nZSxcbiAgICAgIG90ayxcbiAgICB9O1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBkZWNyeXB0UmVzcG9uc2VDaXBoZXIoXG4gICAgb3RLZXk6IEpXSy5LZXksXG4gICAgb3RQcms6IEpXSy5LZXksXG4gICAgY29udGVudDogSlNPTk9iamVjdFxuICApOiBQcm9taXNlPEluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXJDbGVhckpzb24+IHtcbiAgICAvLyBUaGUgcmVzcG9uc2UgY291bGQgYmUgd3JhcHBlZCBieSB0aGUgT3RLIGluIGFkZGl0aW9uIHRvIHRoZSBPdFBia1xuICAgIHRyeSB7XG4gICAgICBjb250ZW50ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KG90S2V5LCBjb250ZW50KTtcbiAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgaWYgKGVycm9yLm1lc3NhZ2UgIT09ICdubyBrZXkgZm91bmQnKSB7XG4gICAgICAgIHRocm93IGVycm9yO1xuICAgICAgfVxuICAgICAgLy8gRG8gbm90aGluZyB0byBzdXBwb3J0IG9sZGVyIHZlcnNpb25zIHdoZXJlIG1lc3NhZ2UgaXMgbm90IHdyYXBwZWQgd2l0aCBvdGsuXG4gICAgfVxuXG4gICAgLy8gVGhlIFByayBpcyBzaW5nbGUtdXNlIGFuZCBvbmx5IHVzZWQgdG8gc2VuZCBpbmZvcm1hdGlvbiBmcm9tIHRoZSByZXNwb25kZXIgYmFjayB0byB0aGUgaW5pdGlhdG9yLlxuICAgIHJldHVybiBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQob3RQcmssIGNvbnRlbnQpO1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBkZWNyeXB0S2V5RXhjaGFuZ2VBc0luaXRpYXRvcihcbiAgICBrZXlFeGNoYW5nZTogS2V5RXhjaGFuZ2VGaWVsZHNSZXN1bHRcbiAgKTogUHJvbWlzZTxLZXlFeGNoYW5nZUZpZWxkc1Jlc3VsdD4ge1xuICAgIGNvbnN0IHJvb3RLZXkgPSB0aGlzLmtleVNlcnZpY2UuY3VycmVudFJvb3RLZXk7XG5cbiAgICAvLyBEZWNyeXB0IHVzaW5nIHRoZSByb290IGtleSB0byBnZXQgdGhlIFBya1xuICAgIGNvbnN0IGluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24gPVxuICAgICAgKGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZGVjcnlwdChcbiAgICAgICAgcm9vdEtleS5qd2ssXG4gICAgICAgIGtleUV4Y2hhbmdlLmluaXRpYXRvclJvb3RLZXlDaXBoZXJcbiAgICAgICkpIGFzIEluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24yO1xuXG4gICAgY29uc3Qgb3RLZXkgPSBhd2FpdCBLZXlGYWN0b3J5U2VydmljZS5hc0tleShcbiAgICAgIGluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24ub3RLZXlcbiAgICApO1xuXG4gICAga2V5RXhjaGFuZ2UgPSB7XG4gICAgICAuLi5rZXlFeGNoYW5nZSxcbiAgICAgIGluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24sXG4gICAgfTtcblxuICAgIGxldCBvdGsgPSBrZXlFeGNoYW5nZS5vdGs7XG5cbiAgICBpZiAob3RrLmluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXIpIHtcbiAgICAgIG90ayA9IHtcbiAgICAgICAgLi4ub3RrLFxuICAgICAgICBpbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyQ2xlYXJKc29uOiBhd2FpdCB0aGlzLmRlY3J5cHRSZXNwb25zZUNpcGhlcihcbiAgICAgICAgICBvdEtleSxcbiAgICAgICAgICBhd2FpdCBLZXlGYWN0b3J5U2VydmljZS5hc0tleShcbiAgICAgICAgICAgIGluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24ub25lVGltZVBya1xuICAgICAgICAgICksXG4gICAgICAgICAgb3RrLmluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXJcbiAgICAgICAgKSxcbiAgICAgIH07XG4gICAgfVxuXG4gICAgaWYgKG90ay5vdEtleUNpcGhlcikge1xuICAgICAgb3RrLm90S2V5Q2lwaGVyQ2xlYXJKc29uID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxuICAgICAgICBvdEtleSxcbiAgICAgICAgb3RrLm90S2V5Q2lwaGVyXG4gICAgICApO1xuICAgIH1cblxuICAgIHJldHVybiB7XG4gICAgICAuLi5rZXlFeGNoYW5nZSxcbiAgICAgIG90ayxcbiAgICB9O1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBkZWNyeXB0S2V5RXhjaGFuZ2VBc1Jlc3BvbmRlcihcbiAgICBrZXlFeGNoYW5nZTogS2V5RXhjaGFuZ2VGaWVsZHNSZXN1bHQsXG4gICAgb3RLZXlLPzogc3RyaW5nXG4gICkge1xuICAgIHJldHVybiB0aGlzLmRlY3J5cHRPdGsoa2V5RXhjaGFuZ2UsIG90S2V5Syk7XG4gIH1cblxuICBhc3luYyBkZWNyeXB0S2V5RXhjaGFuZ2UoXG4gICAga2V5RXhjaGFuZ2U6IEtleUV4Y2hhbmdlRmllbGRzUmVzdWx0LFxuICAgIG90S2V5Sz86IHN0cmluZ1xuICApIHtcbiAgICBpZiAoa2V5RXhjaGFuZ2UuaXNJbml0aWF0b3IpIHtcbiAgICAgIHJldHVybiB0aGlzLmRlY3J5cHRLZXlFeGNoYW5nZUFzSW5pdGlhdG9yKGtleUV4Y2hhbmdlKTtcbiAgICB9IGVsc2Uge1xuICAgICAgcmV0dXJuIHRoaXMuZGVjcnlwdEtleUV4Y2hhbmdlQXNSZXNwb25kZXIoa2V5RXhjaGFuZ2UsIG90S2V5Syk7XG4gICAgfVxuICB9XG5cbiAgYXN5bmMgZ2V0S2V5RXhjaGFuZ2VzKHsgc3RhdGUgfTogeyBzdGF0ZT86IEtleUV4Y2hhbmdlU3RhdGUyIH0gPSB7fSkge1xuICAgIGNvbnN0IHsga2V5RXhjaGFuZ2VzIH0gPSBhd2FpdCB0aGlzLnF1ZXJ5KHtcbiAgICAgIHF1ZXJ5OiBLZXlFeGNoYW5nZXNRdWVyeTIsXG4gICAgICB2YXJpYWJsZXM6IHtcbiAgICAgICAgc3RhdGUsXG4gICAgICB9LFxuICAgIH0pO1xuXG4gICAgcmV0dXJuIFByb21pc2UuYWxsKFxuICAgICAga2V5RXhjaGFuZ2VzLmVkZ2VzLm1hcCgoZWRnZSkgPT4gdGhpcy5kZWNyeXB0S2V5RXhjaGFuZ2UoZWRnZS5ub2RlKSlcbiAgICApO1xuICB9XG5cbiAgLyoqXG4gICAqIEBwYXJhbSBpZCBJZiB0aGUgY3VycmVudCB1c2VyIGNhbiByZXNwb25kZXIgdGhlIGtleSBleGNoYW5nZSBpZiB0aGV5IGFyZSBlaXRoZXIgdGhlIGluaXRpYXRvciBvciB0aGUgcmVjZWl2ZXIuXG4gICAqIEBwYXJhbSB0b2tlbiBJZiBub3Qgc2lnbmVkIGluLCBvciBub3QgdGhlIGluaXRpYXRvciBvciByZXNwb25kZXIsICd0b2tlbicgbXVzdCBiZSBnaXZlbi5cbiAgICogQHBhcmFtIG90S2V5SyBJcyB0aGUgcmF3IG9uZS10aW1lIGtleSAoc3RyaW5nKS4gSWYgdGhlIHJlc3BvbmRlciBpcyBleHBsaWNpdGx5IHNwZWNpZmllZCBhdCB0aW1lIG9mIGluaXRpYXRpb24sIHRoZW5cbiAgICogICBpdCdzIHBvc3NpYmxlIHRvIGhhdmUgdGhlIG90S2V5IHdyYXBwZWQgYnkgdGhlIHB1YmxpYyBrZXkgb2YgdGhlIHJlc3BvbmRlci4gSW4gd2hpY2ggY2FzZSwgdGhlIG90S2V5SyBpcyBub3QgbmVlZGVkLlxuICAgKi9cbiAgYXN5bmMgZ2V0S2V5RXhjaGFuZ2UoXG4gICAgaWQ6IHN0cmluZyxcbiAgICB7IG90S2V5SywgdG9rZW4gfTogR2V0S2V5RXhjaGFuZ2VPcHRpb25zMiA9IHt9XG4gICkge1xuICAgIGNvbnN0IHJlcyA9IGF3YWl0IHRoaXMucXVlcnkoe1xuICAgICAgcXVlcnk6IHRva2VuID8gS2V5RXhjaGFuZ2VUb2tlblF1ZXJ5MiA6IEtleUV4Y2hhbmdlUXVlcnkyLFxuICAgICAgdmFyaWFibGVzOiB7XG4gICAgICAgIGlkLFxuICAgICAgICB0b2tlbixcbiAgICAgIH0sXG4gICAgICBpbmNsdWRlS2V5R3JhcGg6ICF0b2tlbiwgLy8gaWYgIXRva2VuIHRoZW4gd2UgYXJlIHBvc3QgYXV0aCwgc28gY2FuIGZldGNoIGtleUdyYXBoXG4gICAgfSk7XG4gICAgcmV0dXJuIHRoaXMuZGVjcnlwdEtleUV4Y2hhbmdlKHJlcy5rZXlFeGNoYW5nZSwgb3RLZXlLKTtcbiAgfVxuXG4gIHB1YmxpYyBhc3luYyBnZXRDdXJyZW50VXNlclNoYXJlZEtleShpbnB1dDoge1xuICAgIHVzZXJuYW1lPzogc3RyaW5nO1xuICAgIHVzZXJJZD86IHN0cmluZztcbiAgfSkge1xuICAgIHJldHVybiB0aGlzLnF1ZXJ5KHtcbiAgICAgIHF1ZXJ5OiBDdXJyZW50VXNlclNoYXJlZEtleVF1ZXJ5MixcbiAgICAgIHZhcmlhYmxlczoge1xuICAgICAgICB1c2VybmFtZTogaW5wdXQudXNlcm5hbWUsXG4gICAgICAgIHVzZXJJZDogaW5wdXQudXNlcklkLFxuICAgICAgfSxcbiAgICB9KTtcbiAgfVxuXG4gIGNhbmNlbEtleUV4Y2hhbmdlKGlkOiBzdHJpbmcpIHtcbiAgICByZXR1cm4gdGhpcy5tdXRhdGUodGhpcy5jYW5jZWxLZXlFeGNoYW5nZU11dGF0aW9uKGlkKSk7XG4gIH1cblxuICBjYW5jZWxLZXlFeGNoYW5nZU11dGF0aW9uKGlkOiBzdHJpbmcpIHtcbiAgICByZXR1cm4gbmV3IExyTXV0YXRpb24oe1xuICAgICAgbXV0YXRpb246IENhbmNlbEtleUV4Y2hhbmdlTXV0YXRpb24sXG4gICAgICB2YXJpYWJsZXM6IHtcbiAgICAgICAgaW5wdXQ6IHtcbiAgICAgICAgICBpZCxcbiAgICAgICAgfSxcbiAgICAgIH0sXG4gICAgfSk7XG4gIH1cblxuICBkZWNsaW5lS2V5RXhjaGFuZ2UoaWQ6IHN0cmluZywgdG9rZW46IHN0cmluZykge1xuICAgIHJldHVybiB0aGlzLm11dGF0ZSh0aGlzLmRlY2xpbmVLZXlFeGNoYW5nZU11dGF0aW9uKGlkLCB0b2tlbikpO1xuICB9XG5cbiAgZGVjbGluZUtleUV4Y2hhbmdlTXV0YXRpb24oaWQ6IHN0cmluZywgdG9rZW46IHN0cmluZykge1xuICAgIHJldHVybiBuZXcgTHJNdXRhdGlvbih7XG4gICAgICBtdXRhdGlvbjogRGVjbGluZUtleUV4Y2hhbmdlTXV0YXRpb24sXG4gICAgICB2YXJpYWJsZXM6IHtcbiAgICAgICAgaW5wdXQ6IHtcbiAgICAgICAgICBpZCxcbiAgICAgICAgICB0b2tlbixcbiAgICAgICAgfSxcbiAgICAgIH0sXG4gICAgfSk7XG4gIH1cblxuICBhc3luYyBpbml0aWF0ZU90ayhpbnB1dDogSW5pdGlhdGVPdGtJbnB1dDIgPSB7fSkge1xuICAgIHJldHVybiB0aGlzLm11dGF0ZSgoYXdhaXQgdGhpcy5pbml0aWF0ZU90a011dGF0aW9uKGlucHV0KSkubHJNdXRhdGlvbik7XG4gIH1cblxuICBhc3luYyBpbml0aWF0ZU90a011dGF0aW9uKHtcbiAgICBtZXNzYWdlLFxuICAgIGVtYWlsLFxuICAgIGNvbnRhY3RDYXJkLFxuICAgIHVwZ3JhZGUsXG4gIH06IEluaXRpYXRlT3RrSW5wdXQyID0ge30pIHtcbiAgICBjb25zdCBvdEtleSA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVLZXkoKTtcbiAgICBjb25zdCBub25jZSA9IHRoaXMua2V5RmFjdG9yeS5yYW5kb21TdHJpbmcodGhpcy5DTElFTlRfTk9OQ0VfTEVOR1RIKTtcblxuICAgIC8vIE5ldyBQS0Mga2V5IGZvciBlbmNyeXB0aW9uLiBUaGlzIGtleSBpcyB1c2VkIG9ubHkgb25jZSB3aGVuIHRoZSByZXNwb25kZXIgc2VuZHNcbiAgICAvLyBiYWNrIHRoZWlyIHNpZ25pbmcgcHVibGljIGtleS5cbiAgICBjb25zdCBpbml0aWF0b3JPbmVUaW1lUHJrID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZVBrY0tleSgpO1xuXG4gICAgLy8gT3B0aW9uIDE6IE5ldyBQS0Mga2V5IGZvciBzaWduaW5nXG4gICAgLy8gY29uc3QgaW5pdGlhdG9yU2lnUHJrID0gYXdhaXQgdGhpcy5rZXlTZXJ2aWNlLmNyZWF0ZVBrY1NpZ25LZXkoKTtcblxuICAgIC8vIE9wdGlvbiAyOiBVc2UgdGhlIHVzZXIncyBnbG9iYWwgc2lnbmluZyBrZXkuXG4gICAgLy8gVGhpcyBrZXkgaXMgdXNlZCB0byBwcm92ZSB0aGUgaW5pdGlhdG9yJ3MgaWRlbnRpdHkuXG4gICAgY29uc3QgaW5pdGlhdG9yUHJrID0gdGhpcy5rZXlTZXJ2aWNlLmN1cnJlbnRQeGs7XG4gICAgY29uc3QgaW5pdGlhdG9yU2lnUHJrID0gdGhpcy5rZXlTZXJ2aWNlLmN1cnJlbnRTaWdQeGs7XG5cbiAgICBsZXQgaW5pdGlhdG9yUGxhaW5EYXRhU2lnOiBzdHJpbmcgPSBudWxsO1xuXG4gICAgaWYgKGNvbnRhY3RDYXJkICYmIGNvbnRhY3RDYXJkLm93bmVyUGxhaW5EYXRhSnNvbikge1xuICAgICAgaW5pdGlhdG9yUGxhaW5EYXRhU2lnID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5zaWduVG9TdHJpbmcoXG4gICAgICAgIGluaXRpYXRvclNpZ1Byay5qd2ssXG4gICAgICAgIGNvbnRhY3RDYXJkLm93bmVyUGxhaW5EYXRhSnNvblxuICAgICAgKTtcbiAgICB9XG5cbiAgICBjb25zdCBpbml0aWF0b3IgPSB7XG4gICAgICBtZXNzYWdlLFxuICAgICAgY29udGFjdENhcmQ6IGNvbnRhY3RDYXJkICYmIHtcbiAgICAgICAgc2hhcmVkQ2lwaGVyRGF0YUNsZWFySnNvbjogY29udGFjdENhcmQuc2hhcmVkQ2lwaGVyRGF0YUNsZWFySnNvbixcbiAgICAgIH0sXG4gICAgfTtcblxuICAgIC8vIENvbnRlbnQgdG8gYmUgZW5jcnlwdGVkIHVzaW5nIHRoZSBPVEsuXG4gICAgY29uc3QgcGxhaW5PdEtleUNpcGhlcjogT3RLZXlDaXBoZXJDbGVhckpzb24yID0ge1xuICAgICAgLy8gVE9ETyBNYWtlIHN1cmUgd2UgYWxzbyBwdXQgdGhlIE9PQiBjb2RlIGluIGhlcmUgYXMgd2VsbCBzaW5jZSB0aGUgT09CIGNvZGUgaXMgdGhlXG4gICAgICAvLyBfb25seV8gaW5mb3JtYXRpb24gdGhlIEtDIHNlcnZlciBkb2VzIG5vdCBoYXZlIGFjY2VzcyB0by4gVGhlIHNlcnZlciBtYXkgaGF2ZVxuICAgICAgLy8gYWNjZXNzIHRvIE9USyBhbmQgaGVuY2UgdGhlIG5vbmNlIGhlcmUuIEl0J3MgZ29vZCB0byBoYXZlIGJvdGggdGhlIG5vbmNlIGFuZCBPT0IgY29kZVxuICAgICAgLy8gc2luY2UgdGhlIHVzZXIgbWF5IG5vdCBiZSB1c2luZyB0aGUgT09CIGNvZGUuIEFuZCBpdCdzIHNpbXBsZSB0byBhbHdheXMgaW5jbHVkZVxuICAgICAgLy8gdGhlIG5vbmNlLCBzbyB3aHkgbm90LlxuICAgICAgbm9uY2UsXG4gICAgICBpbml0aWF0b3I6IHtcbiAgICAgICAgLi4uaW5pdGlhdG9yLFxuICAgICAgICBvbmVUaW1lUGJrOiBpbml0aWF0b3JPbmVUaW1lUHJrLnRvSlNPTigpLCAvLyBvbmUtdGltZSBwdWJsaWMgZW5jcnlwdGlvbiBrZXkgcmVzcG9uZGVyIHVzZSB0byBzZW5kIGRhdGEgYmFjayB0byBpbml0aWF0b3JcbiAgICAgICAgcGJrOiBpbml0aWF0b3JQcmsuandrLnRvSlNPTigpLCAvLyBwdWJsaWMgZW5jcnlwdGlvbiBrZXlcbiAgICAgICAgc2lnUGJrOiBpbml0aWF0b3JTaWdQcmsuandrLnRvSlNPTigpLCAvLyBwdWJsaWMgc2lnbmluZyBrZXlcbiAgICAgIH0sXG4gICAgfTtcblxuICAgIGNvbnN0IG90S2V5Q2lwaGVyID0gYXdhaXQgdGhpcy5rZXlHcmFwaC5lbmNyeXB0VG9TdHJpbmcoXG4gICAgICBvdEtleSxcbiAgICAgIHBsYWluT3RLZXlDaXBoZXJcbiAgICApO1xuXG4gICAgLy8gQ29udGVudCB0byBiZSBlbmNyeXB0ZWQgdXNpbmcgdGhlIGluaXRpYXRvcidzIHJvb3Qga2V5LlxuICAgIGNvbnN0IGluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb246IEluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24yID0ge1xuICAgICAgbm9uY2UsXG4gICAgICBvbmVUaW1lUHJrOiBpbml0aWF0b3JPbmVUaW1lUHJrLnRvSlNPTih0cnVlKSxcbiAgICAgIC8vIFNob3VsZCBub3QgbmVlZCB0byBrZWVwIHRoaXMgZW5jcnlwdGVkIHNpbmNlIHdlIGFyZSB1c2luZyB0aGUgZ2xvYmFsIHNpZ25pbmcga2V5LlxuICAgICAgLy8gc2lnUHJrOiBpbml0aWF0b3JTaWdQcmsudG9KU09OKHRydWUpLFxuXG4gICAgICAvLyBTYXZlIGl0IGluIGNhc2UgdGhlIGluaXRpYXRvciB3YW50IHRvIGRlY29kZSB0aGUgb3RLZXlDaXBoZXIuXG4gICAgICAvLyBTaW5jZSB0aGUgb3RLZXkgaXMgb25seSB1c2VkIG9uY2UsIGFuZCB0aGF0IG90S2V5Q2lwaGVyIGNvbnRhaW5zIG9ubHlcbiAgICAgIC8vIHRoZSBwdWJsaWMga2V5IG9mIHRoZSBpbml0aWF0b3IsIGl0J3Mgc2FmZSBqdXN0IGxlYXZlIHRoZSBvdEtleSBzdG9yZWQgaGVyZS5cbiAgICAgIG90S2V5OiBvdEtleS50b0pTT04odHJ1ZSksXG4gICAgICAvLyBUaGVzZSBzaG91bGQgYmUgc3RvcmluZyBpbmZvcm1hdGlvbiBzdWNoIGFzIGhvdyB0aGUgZmllbGRzIG9mIHRoZSBzaGFyZWQgY29udGFjdCBjYXJkIGlzXG4gICAgICAvLyBkZXJpdmVkIGZyb20gdGhlIG1hc3RlciBjb250YWN0IGNhcmQuXG4gICAgICBpbml0aWF0b3JDb250YWN0Q2FyZDogY29udGFjdENhcmQsXG4gICAgICBpbml0aWF0b3IsXG4gICAgfTtcblxuICAgIGNvbnN0IHJvb3RLZXkgPSB0aGlzLmtleVNlcnZpY2UuY3VycmVudFJvb3RLZXk7XG4gICAgY29uc3QgaW5pdGlhdG9yUm9vdEtleUNpcGhlciA9IGF3YWl0IHRoaXMua2V5R3JhcGguZW5jcnlwdFRvU3RyaW5nKFxuICAgICAgcm9vdEtleS5qd2ssXG4gICAgICBpbml0aWF0b3JSb290S2V5Q2lwaGVyQ2xlYXJKc29uXG4gICAgKTtcblxuICAgIC8vIFRoZSByYXcgT1RLXG4gICAgY29uc3Qgb3RLZXlLOiBzdHJpbmcgPSAob3RLZXkudG9KU09OKHRydWUpIGFzIEpTT05PYmplY3QpLms7XG5cbiAgICAvLyBBUEkgY2FsbFxuICAgIGNvbnN0IGxyTXV0YXRpb24gPSBuZXcgTHJNdXRhdGlvbih7XG4gICAgICBtdXRhdGlvbjogSW5pdGlhdGVLZXlFeGNoYW5nZU90a011dGF0aW9uLFxuICAgICAgdmFyaWFibGVzOiB7XG4gICAgICAgIGlucHV0OiB7XG4gICAgICAgICAgLy8gVGhlc2Ugd2lsbCBiZSBzdG9yZWQgb24gdGhlIHNlcnZlclxuICAgICAgICAgIGluaXRpYXRvclJvb3RLZXlDaXBoZXIsXG4gICAgICAgICAgaW5pdGlhdG9yUHhrSWQ6IGluaXRpYXRvclByay5pZCxcbiAgICAgICAgICBpbml0aWF0b3JTaWdQeGtJZDogaW5pdGlhdG9yU2lnUHJrLmlkLFxuICAgICAgICAgIC8vIFRoZXNlIHdpbGwgYmUgc2VudCB0byB0aGUgcmVzcG9uZGVyXG4gICAgICAgICAgb3RLZXlQYXJhbXM6IEpTT04uc3RyaW5naWZ5KG90S2V5LnRvSlNPTigpKSxcbiAgICAgICAgICBvdEtleUNpcGhlcixcbiAgICAgICAgICBzZW5kRW1haWw6IGVtYWlsICYmIHtcbiAgICAgICAgICAgIGVtYWlsLFxuICAgICAgICAgICAgcmF3T3RLZXk6IG90S2V5SyxcbiAgICAgICAgICB9LFxuICAgICAgICAgIGNyZWF0ZVRwOiB0cnVlLFxuICAgICAgICAgIGluaXRpYXRvclBsYWluRGF0YVNpZyxcbiAgICAgICAgICB1cGdyYWRlLFxuICAgICAgICB9LFxuICAgICAgfSxcbiAgICB9KTtcblxuICAgIHJldHVybiB7IGxyTXV0YXRpb24sIG90S2V5SyB9O1xuICB9XG5cbiAgcmVzcG9uZE90ayhpbnB1dDogUmVzcG9uZE90a0lucHV0Mikge1xuICAgIHJldHVybiB0aGlzLm11dGF0ZSh0aGlzLnJlc3BvbmRPdGtNdXRhdGlvbihpbnB1dCkpO1xuICB9XG5cbiAgYXN5bmMgcmVzcG9uZE90a011dGF0aW9uKHtcbiAgICBrZXlFeGNoYW5nZUlkLFxuICAgIHRva2VuLFxuICAgIGRlY3J5cHRlZE90ayxcbiAgICBtZXNzYWdlLFxuICAgIGluaXRpYXRvckNvbnRhY3RDYXJkLFxuICAgIHJlc3BvbmRlckNvbnRhY3RDYXJkLFxuICB9OiBSZXNwb25kT3RrSW5wdXQyKSB7XG4gICAgY29uc3Qgcm9vdEtleSA9IHRoaXMua2V5U2VydmljZS5jdXJyZW50Um9vdEtleTtcblxuICAgIGNvbnN0IG1hc3RlcktleSA9IHRoaXMua2V5U2VydmljZS5jdXJyZW50TWFzdGVyS2V5O1xuXG4gICAgY29uc3Qgc2hhcmVkS2V5ID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZUtleSgpO1xuICAgIGNvbnN0IG1rU2hhcmVkS2V5ID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZUtleSgpO1xuXG4gICAgY29uc3QgcmtXcmFwcGVkU2hhcmVkS2V5ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgcm9vdEtleS5qd2ssXG4gICAgICBzaGFyZWRLZXkudG9KU09OKHRydWUpXG4gICAgKTtcbiAgICBjb25zdCBta1dyYXBwZWRNa1NoYXJlZEtleSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgIG1hc3RlcktleS5qd2ssXG4gICAgICBta1NoYXJlZEtleS50b0pTT04odHJ1ZSlcbiAgICApO1xuXG4gICAgY29uc3QgaW5pdGlhdG9yT25lVGltZVBiayA9IGF3YWl0IEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KFxuICAgICAgZGVjcnlwdGVkT3RrLm90S2V5Q2lwaGVyQ2xlYXJKc29uLmluaXRpYXRvci5vbmVUaW1lUGJrXG4gICAgKTtcblxuICAgIGNvbnN0IGluaXRpYXRvclBiayA9IGF3YWl0IEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KFxuICAgICAgZGVjcnlwdGVkT3RrLm90S2V5Q2lwaGVyQ2xlYXJKc29uLmluaXRpYXRvci5wYmtcbiAgICApO1xuICAgIGNvbnN0IGluaXRpYXRvclNpZ1BiayA9IGF3YWl0IEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KFxuICAgICAgZGVjcnlwdGVkT3RrLm90S2V5Q2lwaGVyQ2xlYXJKc29uLmluaXRpYXRvci5zaWdQYmtcbiAgICApO1xuXG4gICAgLy8gT3B0aW9uIDE6IFVzaW5nIG5ldyBQcmsgZm9yIGVhY2ggVFAgcGFpclxuICAgIC8vIENyZWF0ZSBhIG5ldyBwdWJsaWMgc2lnbmluZyBrZXkgZm9yIHRoZSByZXNwb25kZXIuXG4gICAgLy8gY29uc3QgcmVzcG9uZGVyU2lnUHJrID0gYXdhaXQgdGhpcy5rZXlTZXJ2aWNlLmNyZWF0ZVBrY1NpZ25LZXkoKVxuICAgIC8vIGNvbnN0IHJrV3JhcHBlZFJlc3BvbmRlclNpZ1ByayA9IGF3YWl0IHRoaXMuZW5jcnlwdChyb290S2V5LCByZXNwb25kZXJTaWdQcmsudG9KU09OKHRydWUpKTtcblxuICAgIC8vIE9wdGlvbiAyOiBSZXNwb25kZXIgYWxyZWFkeSBoYXMgYSBzaWduaW5nIFBya1xuICAgIGNvbnN0IHJlc3BvbmRlclByayA9IHRoaXMua2V5U2VydmljZS5jdXJyZW50UHhrO1xuICAgIGNvbnN0IHJlc3BvbmRlclNpZ1ByayA9IHRoaXMua2V5U2VydmljZS5jdXJyZW50U2lnUHhrO1xuXG4gICAgY29uc3Qgc2lnbmVkSW5pdGlhdG9yUGJrID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5zaWduKFxuICAgICAgcmVzcG9uZGVyU2lnUHJrLmp3ayxcbiAgICAgIGluaXRpYXRvclBiay50b0pTT04oKVxuICAgICk7XG4gICAgY29uc3Qgc2lnbmVkSW5pdGlhdG9yU2lnUGJrID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5zaWduKFxuICAgICAgcmVzcG9uZGVyU2lnUHJrLmp3ayxcbiAgICAgIGluaXRpYXRvclNpZ1Biay50b0pTT04oKVxuICAgICk7XG5cbiAgICBjb25zdCBpbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyQ2xlYXJKc29uOiBJbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyQ2xlYXJKc29uID1cbiAgICAgIHtcbiAgICAgICAgbm9uY2U6IGRlY3J5cHRlZE90ay5vdEtleUNpcGhlckNsZWFySnNvbi5ub25jZSxcbiAgICAgICAgc2hhcmVkS2V5OiBzaGFyZWRLZXkudG9KU09OKHRydWUpLFxuICAgICAgICBta1NoYXJlZEtleTogbWtTaGFyZWRLZXkudG9KU09OKHRydWUpLFxuICAgICAgICByZXNwb25kZXI6IHtcbiAgICAgICAgICBwYms6IHJlc3BvbmRlclByay5qd2sudG9KU09OKCksIC8vIHB1YmxpYyBrZXlcbiAgICAgICAgICBzaWdQYms6IHJlc3BvbmRlclNpZ1Byay5qd2sudG9KU09OKCksIC8vIHB1YmxpYyBrZXlcbiAgICAgICAgICBtZXNzYWdlLFxuICAgICAgICB9LFxuICAgICAgfTtcblxuICAgIGxldCByZWNlaXZlZENhcmRJbnB1dDtcbiAgICBpZiAoZGVjcnlwdGVkT3RrLm90S2V5Q2lwaGVyQ2xlYXJKc29uLmluaXRpYXRvci5jb250YWN0Q2FyZCkge1xuICAgICAgLy8gU2V0IHRoZSBpbmZvIGFib3V0IHRoZSBpbml0aWF0b3IgdG8gYmUgdGhlIG9uZXMgc2VudCBieSB0aGUgaW5pdGlhdG9yLiBXZSBuZWVkIHRoIHJlc3BvbmRlciB0byBkbyB0aGUgZW5jcnlwdGlvbiBoZXJlXG4gICAgICAvLyBiZWNhdXNlIHRoZSBpbml0aWF0b3IgZG9lcyBub3QgaGF2ZSB0aGUgc2hhcmVkIGtleSB5ZXQsIGFuZCB3ZSB3YW50IHRoZSByZXNwb25kZXIgdG8gaGF2ZSBhIGZ1bmN0aW9uYWwgY29udGFjdCBjYXJkIGFmdGVyXG4gICAgICAvLyB0aGlzIGV4Y2hhbmdlLiBUaGUgaW5pdGlhdG9yIGNhbiBkb3VibGUgY2hlY2sgdGhlIGNvbnRhY3QgZGV0YWlscyBhcmUgY29ycmVjdCBhbmQgc2lnbiBpdCB3aGVuIGl0IGNvbXBsZXRlcyB0aGUgZXhjaGFuZ2UuXG4gICAgICBjb25zdCBzaGFyZWRDaXBoZXJEYXRhQ2xlYXJKc29uID1cbiAgICAgICAgZGVjcnlwdGVkT3RrLm90S2V5Q2lwaGVyQ2xlYXJKc29uLmluaXRpYXRvci5jb250YWN0Q2FyZFxuICAgICAgICAgIC5zaGFyZWRDaXBoZXJEYXRhQ2xlYXJKc29uO1xuXG4gICAgICAvLyBDcmVhdGUga2V5c1xuICAgICAgY29uc3QgcmVjZWl2ZXJLZXkgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlS2V5KCk7XG4gICAgICBjb25zdCBjY1NoYXJlZEtleSA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVLZXkoKTtcbiAgICAgIGNvbnN0IHNpZ1B4ayA9IHRoaXMua2V5U2VydmljZS5jdXJyZW50U2lnUHhrO1xuXG4gICAgICByZWNlaXZlZENhcmRJbnB1dCA9IHtcbiAgICAgICAgcmVjZWl2ZXJXcmFwcGVkS2V5OiBKU09OLnN0cmluZ2lmeShcbiAgICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoXG4gICAgICAgICAgICByb290S2V5Lmp3ayxcbiAgICAgICAgICAgIHJlY2VpdmVyS2V5LnRvSlNPTih0cnVlKVxuICAgICAgICAgIClcbiAgICAgICAgKSxcbiAgICAgICAgcmVjZWl2ZXJXcmFwcGluZ0tleUlkOiByb290S2V5LmlkLFxuICAgICAgICByZWNlaXZlckNpcGhlckRhdGE6IGluaXRpYXRvckNvbnRhY3RDYXJkXG4gICAgICAgICAgPyBKU09OLnN0cmluZ2lmeShcbiAgICAgICAgICAgICAgYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgICAgICAgICAgIHJlY2VpdmVyS2V5LFxuICAgICAgICAgICAgICAgIGluaXRpYXRvckNvbnRhY3RDYXJkLnJlY2VpdmVyQ2lwaGVyRGF0YUNsZWFySnNvblxuICAgICAgICAgICAgICApXG4gICAgICAgICAgICApXG4gICAgICAgICAgOiAnJyxcbiAgICAgICAgc2hhcmVkV3JhcHBlZEtleTogSlNPTi5zdHJpbmdpZnkoXG4gICAgICAgICAgYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgICAgICAgc2hhcmVkS2V5LFxuICAgICAgICAgICAgY2NTaGFyZWRLZXkudG9KU09OKHRydWUpXG4gICAgICAgICAgKVxuICAgICAgICApLFxuICAgICAgfTtcblxuICAgICAgY29uc3Qgc2hhcmVkQ2lwaGVyRGF0YSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgICAgY2NTaGFyZWRLZXksXG4gICAgICAgIHNoYXJlZENpcGhlckRhdGFDbGVhckpzb25cbiAgICAgICk7XG4gICAgICByZWNlaXZlZENhcmRJbnB1dC5zaGFyZWRDaXBoZXJEYXRhU2lnID0gSlNPTi5zdHJpbmdpZnkoXG4gICAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2Uuc2lnbihzaWdQeGsuandrLCBzaGFyZWRDaXBoZXJEYXRhKVxuICAgICAgKTtcbiAgICAgIHJlY2VpdmVkQ2FyZElucHV0LnNpZ1B4a0lkID0gc2lnUHhrLmlkO1xuXG4gICAgICBpbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyQ2xlYXJKc29uLnJlc3BvbmRlci5jb250YWN0Q2FyZCA9IHtcbiAgICAgICAgLi4uaW5pdGlhdG9yT25lVGltZVBia0NpcGhlckNsZWFySnNvbi5yZXNwb25kZXIuY29udGFjdENhcmQsXG4gICAgICAgIHNoYXJlZENpcGhlcktleTogY2NTaGFyZWRLZXkudG9KU09OKHRydWUpLFxuICAgICAgfTtcbiAgICB9XG5cbiAgICBsZXQgcmVzcG9uZGVyQ2FyZElucHV0O1xuICAgIGlmIChyZXNwb25kZXJDb250YWN0Q2FyZCkge1xuICAgICAgLy8gQ3JlYXRlIGtleXNcbiAgICAgIGNvbnN0IG93bmVyS2V5ID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZUtleSgpO1xuICAgICAgY29uc3QgY2NTaGFyZWRLZXkgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlS2V5KCk7XG4gICAgICBjb25zdCBzaWdQeGsgPSB0aGlzLmtleVNlcnZpY2UuY3VycmVudFNpZ1B4aztcblxuICAgICAgcmVzcG9uZGVyQ2FyZElucHV0ID0ge1xuICAgICAgICBvd25lcldyYXBwZWRLZXk6IEpTT04uc3RyaW5naWZ5KFxuICAgICAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgICAgICAgIHJvb3RLZXkuandrLFxuICAgICAgICAgICAgb3duZXJLZXkudG9KU09OKHRydWUpXG4gICAgICAgICAgKVxuICAgICAgICApLFxuICAgICAgICBvd25lcldyYXBwaW5nS2V5SWQ6IHJvb3RLZXkuaWQsXG4gICAgICAgIG93bmVyQ2lwaGVyRGF0YTogcmVzcG9uZGVyQ29udGFjdENhcmQub3duZXJDaXBoZXJEYXRhQ2xlYXJKc29uXG4gICAgICAgICAgPyBKU09OLnN0cmluZ2lmeShcbiAgICAgICAgICAgICAgYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgICAgICAgICAgIG93bmVyS2V5LFxuICAgICAgICAgICAgICAgIHJlc3BvbmRlckNvbnRhY3RDYXJkLm93bmVyQ2lwaGVyRGF0YUNsZWFySnNvblxuICAgICAgICAgICAgICApXG4gICAgICAgICAgICApXG4gICAgICAgICAgOiAnJyxcblxuICAgICAgICBzaGFyZWRXcmFwcGVkS2V5OiBKU09OLnN0cmluZ2lmeShcbiAgICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoXG4gICAgICAgICAgICBzaGFyZWRLZXksXG4gICAgICAgICAgICBjY1NoYXJlZEtleS50b0pTT04odHJ1ZSlcbiAgICAgICAgICApXG4gICAgICAgICksXG4gICAgICB9O1xuXG4gICAgICBjb25zdCBzaGFyZWRDaXBoZXJEYXRhID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgICBjY1NoYXJlZEtleSxcbiAgICAgICAgcmVzcG9uZGVyQ29udGFjdENhcmQuc2hhcmVkQ2lwaGVyRGF0YUNsZWFySnNvblxuICAgICAgKTtcbiAgICAgIHJlc3BvbmRlckNhcmRJbnB1dC5zaGFyZWRDaXBoZXJEYXRhU2lnID0gSlNPTi5zdHJpbmdpZnkoXG4gICAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2Uuc2lnbihzaWdQeGsuandrLCBzaGFyZWRDaXBoZXJEYXRhKVxuICAgICAgKTtcbiAgICAgIHJlc3BvbmRlckNhcmRJbnB1dC5zaWdQeGtJZCA9IHNpZ1B4ay5pZDtcblxuICAgICAgaWYgKHJlc3BvbmRlckNvbnRhY3RDYXJkLm93bmVyUGxhaW5EYXRhSnNvbikge1xuICAgICAgICByZXNwb25kZXJDYXJkSW5wdXQub3duZXJQbGFpbkRhdGFTaWcgPSBKU09OLnN0cmluZ2lmeShcbiAgICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLnNpZ24oXG4gICAgICAgICAgICByZXNwb25kZXJTaWdQcmsuandrLFxuICAgICAgICAgICAgcmVzcG9uZGVyQ29udGFjdENhcmQub3duZXJQbGFpbkRhdGFKc29uXG4gICAgICAgICAgKVxuICAgICAgICApO1xuICAgICAgfVxuXG4gICAgICAvLyBDb250YWN0IGNhcmQgaW5mbyByZWFkYWJsZSBieSB0aGUgaW5pdGlhdG9yXG4gICAgICBpbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyQ2xlYXJKc29uLnJlc3BvbmRlci5jb250YWN0Q2FyZCA9IHtcbiAgICAgICAgLi4uaW5pdGlhdG9yT25lVGltZVBia0NpcGhlckNsZWFySnNvbi5yZXNwb25kZXIuY29udGFjdENhcmQsXG4gICAgICAgIHNoYXJlZENpcGhlckRhdGFDbGVhckpzb246XG4gICAgICAgICAgcmVzcG9uZGVyQ29udGFjdENhcmQuc2hhcmVkQ2lwaGVyRGF0YUNsZWFySnNvbixcbiAgICAgIH07XG4gICAgfVxuXG4gICAgLy8gRW5jcnlwdCB3aXRoIG9uZS10aW1lIHB1YmxpYyBrZXlcbiAgICBsZXQgaW5pdGlhdG9yT25lVGltZVBia0NpcGhlciA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgIGluaXRpYXRvck9uZVRpbWVQYmssXG4gICAgICBpbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyQ2xlYXJKc29uXG4gICAgKTtcblxuICAgIC8vIEVuY3J5cHQgd2l0aCB0aGUgb3RrIGFnYWluIHRvIGtlZXAgdXNlIG9mIGFzeW1tZXRyaWMga2V5cyB0byBhIG1pbmltdW0uXG4gICAgaW5pdGlhdG9yT25lVGltZVBia0NpcGhlciA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgIGRlY3J5cHRlZE90ay5vdEtleSxcbiAgICAgIGluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXJcbiAgICApO1xuXG4gICAgcmV0dXJuIG5ldyBMck11dGF0aW9uKHtcbiAgICAgIG11dGF0aW9uOiBSZXNwb25kS2V5RXhjaGFuZ2VPdGtNdXRhdGlvbixcbiAgICAgIHZhcmlhYmxlczoge1xuICAgICAgICBpbnB1dDoge1xuICAgICAgICAgIGtleUV4Y2hhbmdlSWQsXG4gICAgICAgICAga2V5RXhjaGFuZ2VUb2tlbjogdG9rZW4sXG4gICAgICAgICAgcm9vdEtleUlkOiByb290S2V5LmlkLFxuICAgICAgICAgIG1hc3RlcktleUlkOiBtYXN0ZXJLZXkuaWQsXG4gICAgICAgICAgLy8gVGhlc2Ugd2lsbCBiZSBzdG9yZWQgb24gdGhlIHNlcnZlclxuICAgICAgICAgIHJlc3BvbmRlclB4a0lkOiByZXNwb25kZXJQcmsuaWQsXG4gICAgICAgICAgcmVzcG9uZGVyU2lnUHhrSWQ6IHJlc3BvbmRlclNpZ1Byay5pZCxcbiAgICAgICAgICBzaWduZWRJbml0aWF0b3JQYms6IEpTT04uc3RyaW5naWZ5KHNpZ25lZEluaXRpYXRvclBiayksXG4gICAgICAgICAgc2lnbmVkSW5pdGlhdG9yU2lnUGJrOiBKU09OLnN0cmluZ2lmeShzaWduZWRJbml0aWF0b3JTaWdQYmspLFxuICAgICAgICAgIC8vIHJrV3JhcHBlZEluaXRpYXRvclNpZ1BiazogSlNPTi5zdHJpbmdpZnkocmtXcmFwcGVkSW5pdGlhdG9yU2lnUGJrKSxcblxuICAgICAgICAgIC8vIE9wdGlvbiAxOiBVc2luZyBuZXcgUHJrIGZvciBlYWNoIFRQIHBhaXJcbiAgICAgICAgICAvLyBya1dyYXBwZWRSZXNwb25kZXJTaWdQcms6IEpTT04uc3RyaW5naWZ5KHJrV3JhcHBlZFJlc3BvbmRlclNpZ1ByayksXG4gICAgICAgICAgcmtXcmFwcGVkU2hhcmVkS2V5OiBKU09OLnN0cmluZ2lmeShya1dyYXBwZWRTaGFyZWRLZXkpLFxuICAgICAgICAgIG1rV3JhcHBlZE1rU2hhcmVkS2V5OiBKU09OLnN0cmluZ2lmeShta1dyYXBwZWRNa1NoYXJlZEtleSksXG4gICAgICAgICAgLy8gVGhlc2Ugd2lsbCBiZSBzZW50IHRvIHRoZSBpbml0aWF0b3JcbiAgICAgICAgICBpbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyOiBKU09OLnN0cmluZ2lmeShpbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyKSxcbiAgICAgICAgICBpbml0aWF0b3JDb250YWN0Q2FyZDogcmVjZWl2ZWRDYXJkSW5wdXQsXG4gICAgICAgICAgcmVzcG9uZGVyQ29udGFjdENhcmQ6IHJlc3BvbmRlckNhcmRJbnB1dCxcbiAgICAgICAgfSxcbiAgICAgIH0sXG4gICAgfSk7XG4gIH1cblxuICBjb21wbGV0ZU90ayhpbnB1dDogQ29tcGxldGVPdGtJbnB1dDIpIHtcbiAgICByZXR1cm4gdGhpcy5tdXRhdGUodGhpcy5jb21wbGV0ZU90a011dGF0aW9uKGlucHV0KSk7XG4gIH1cblxuICBhc3luYyBjb21wbGV0ZU90a011dGF0aW9uKHtcbiAgICBrZXlFeGNoYW5nZUlkLFxuICAgIGluaXRpYXRvclJvb3RLZXlDaXBoZXIsXG4gICAgaW5pdGlhdG9yT25lVGltZVBia0NpcGhlcixcbiAgICByZXNwb25kZXJDb250YWN0Q2FyZCxcbiAgICBpbml0aWF0b3JDb250YWN0Q2FyZCxcbiAgfTogQ29tcGxldGVPdGtJbnB1dDIpIHtcbiAgICBjb25zdCByb290S2V5ID0gdGhpcy5rZXlTZXJ2aWNlLmN1cnJlbnRSb290S2V5O1xuICAgIGNvbnN0IG1hc3RlcktleSA9IHRoaXMua2V5U2VydmljZS5jdXJyZW50TWFzdGVyS2V5O1xuXG4gICAgLy8gRGVjcnlwdCB1c2luZyB0aGUgcm9vdCBrZXkgdG8gZ2V0IHRoZSBQcmtcbiAgICBjb25zdCBpbml0aWF0b3JSb290S2V5Q2lwaGVyQ2xlYXJKc29uID1cbiAgICAgIChhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoXG4gICAgICAgIHJvb3RLZXkuandrLFxuICAgICAgICBpbml0aWF0b3JSb290S2V5Q2lwaGVyXG4gICAgICApKSBhcyBJbml0aWF0b3JSb290S2V5Q2lwaGVyQ2xlYXJKc29uMjtcblxuICAgIC8vIFRoZSBQcmsgaXMgc2luZ2xlLXVzZSBhbmQgb25seSB1c2VkIHRvIHNlbmQgaW5mb3JtYXRpb24gZnJvbSB0aGUgcmVzcG9uZGVyIGJhY2sgdG8gdGhlIGluaXRpYXRvci5cbiAgICBjb25zdCBwbGFpbkluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXIgPSBhd2FpdCB0aGlzLmRlY3J5cHRSZXNwb25zZUNpcGhlcihcbiAgICAgIGF3YWl0IEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KGluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24ub3RLZXkpLFxuICAgICAgYXdhaXQgS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoaW5pdGlhdG9yUm9vdEtleUNpcGhlckNsZWFySnNvbi5vbmVUaW1lUHJrKSxcbiAgICAgIGluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXJcbiAgICApO1xuXG4gICAgLy8gQ2hlY2sgdGhlIG5vbmNlIG1hdGNoIHRvIGVuc3VyZSB0aGUgcmVzcG9uZGVyIHdhcyB0aGUgb25lIGhvbGRpbmcgdGhlIE9US1xuICAgIGlmIChcbiAgICAgIGluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24ubm9uY2UgIT09XG4gICAgICBwbGFpbkluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXIubm9uY2VcbiAgICApIHtcbiAgICAgIHRocm93IG5ldyBLY0NvZGVNaXNtYXRjaEV4Y2VwdGlvbihcbiAgICAgICAgJ1RoZSBub25jZSByZXR1cm5lZCBieSByZXNwb25kZXIgZG9lcyBub3QgbWF0Y2ggd2l0aCB0aGUgb25lIGNyZWF0ZWQgYnkgdGhlIGluaXRpYXRvci4nXG4gICAgICApO1xuICAgIH1cblxuICAgIC8vIE9wdGlvbiAxOiBBc3N1bWluZyB0aGUgc2lnbmluZyBrZXkgaXMgdW5pcXVlIGJldHdlZW4gdXNlcnMuXG4gICAgLy8gY29uc3QgaW5pdGlhdG9yU2lnUHJrID0gYXdhaXQgS0ZTLmFzS2V5KGtlLnBsYWluSW5pdGlhdG9yUm9vdEtleUNpcGhlci5zaWdQcmspO1xuICAgIC8vIGNvbnN0IHJrV3JhcHBlZEluaXRpYXRvclNpZ1ByayA9IGF3YWl0IHRoaXMuZW5jcnlwdChyb290S2V5LCBpbml0aWF0b3JTaWdQcmsudG9KU09OKHRydWUpKTtcblxuICAgIC8vIE9wdGlvbiAyOiBVc2UgdGhlIHVzZXIncyBnbG9iYWwgc2lnbmluZyBrZXkuXG4gICAgLy8gSW4gdGhpcyBjYXNlIHRoZSBpbml0aWF0b3JTaWdQcmsgaXMgYWxyZWFkeSBhIHBhcnQgb2YgdGhlIGtleSBncmFwaC5cbiAgICAvLyBTbyB0aGVyZSdzIG5vdGhpbmcgdG8gZG8gaGVyZS5cblxuICAgIC8vIFByb3RlY3RlZCB0aGUgc2lnbmluZyBwdWJsaWMga2V5IG9mIHRoZSByZXNwb25kZXIuXG4gICAgY29uc3QgaW5pdGlhdG9yU2lnUHJrID0gdGhpcy5rZXlTZXJ2aWNlLmN1cnJlbnRTaWdQeGs7XG4gICAgY29uc3QgcmVzcG9uZGVyU2lnUGJrID0gYXdhaXQgS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoXG4gICAgICBwbGFpbkluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXIucmVzcG9uZGVyLnNpZ1Bia1xuICAgICk7XG4gICAgY29uc3QgcmVzcG9uZGVyUGJrID0gYXdhaXQgS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoXG4gICAgICBwbGFpbkluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXIucmVzcG9uZGVyLnBia1xuICAgICk7XG5cbiAgICBjb25zdCBzaWduZWRSZXNwb25kZXJQYmsgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLnNpZ24oXG4gICAgICBpbml0aWF0b3JTaWdQcmsuandrLFxuICAgICAgcmVzcG9uZGVyUGJrLnRvSlNPTigpXG4gICAgKTtcbiAgICBjb25zdCBzaWduZWRSZXNwb25kZXJTaWdQYmsgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLnNpZ24oXG4gICAgICBpbml0aWF0b3JTaWdQcmsuandrLFxuICAgICAgcmVzcG9uZGVyU2lnUGJrLnRvSlNPTigpXG4gICAgKTtcblxuICAgIGNvbnN0IHNoYXJlZEtleSA9IGF3YWl0IEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KFxuICAgICAgcGxhaW5Jbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyLnNoYXJlZEtleVxuICAgICk7XG4gICAgY29uc3QgcmtXcmFwcGVkU2hhcmVkS2V5ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgcm9vdEtleS5qd2ssXG4gICAgICBzaGFyZWRLZXkudG9KU09OKHRydWUpXG4gICAgKTtcblxuICAgIGNvbnN0IG1rU2hhcmVkS2V5ID0gYXdhaXQgS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoXG4gICAgICBwbGFpbkluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXIubWtTaGFyZWRLZXlcbiAgICApO1xuICAgIGNvbnN0IG1rV3JhcHBlZE1rU2hhcmVkS2V5ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgbWFzdGVyS2V5Lmp3ayxcbiAgICAgIG1rU2hhcmVkS2V5LnRvSlNPTih0cnVlKVxuICAgICk7XG5cbiAgICBsZXQgcmVzcG9uZGVyQ29udGFjdENhcmRDaXBoZXJJbnB1dDtcbiAgICBpZiAocmVzcG9uZGVyQ29udGFjdENhcmQpIHtcbiAgICAgIC8vIENyZWF0ZSBrZXlcbiAgICAgIGNvbnN0IHJlY2VpdmVyS2V5ID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZUtleSgpO1xuXG4gICAgICByZXNwb25kZXJDb250YWN0Q2FyZENpcGhlcklucHV0ID0ge1xuICAgICAgICByZWNlaXZlcldyYXBwZWRLZXk6IEpTT04uc3RyaW5naWZ5KFxuICAgICAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgICAgICAgIHJvb3RLZXkuandrLFxuICAgICAgICAgICAgcmVjZWl2ZXJLZXkudG9KU09OKHRydWUpXG4gICAgICAgICAgKVxuICAgICAgICApLFxuICAgICAgICByZWNlaXZlcldyYXBwaW5nS2V5SWQ6IHJvb3RLZXkuaWQsXG4gICAgICAgIHJlY2VpdmVyQ2lwaGVyRGF0YTogSlNPTi5zdHJpbmdpZnkoXG4gICAgICAgICAgYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgICAgICAgcmVjZWl2ZXJLZXksXG4gICAgICAgICAgICByZXNwb25kZXJDb250YWN0Q2FyZC5yZWNlaXZlckNpcGhlckRhdGFDbGVhckpzb25cbiAgICAgICAgICApXG4gICAgICAgICksXG4gICAgICB9O1xuICAgIH1cblxuICAgIC8vIEdldCB0aGUgZGF0YSBuZWVkZWQgZnJvbSB0aGUgaW5pdGlhdG9yJ3MgY2lwaGVyIGRhdGEuXG4gICAgbGV0IGluaXRpYXRvckNvbnRhY3RDYXJkQ2lwaGVySW5wdXQ7XG4gICAgbGV0IGluaXRpYXRvckNvbnRhY3RDYXJkU2hhcmVkQ2lwaGVySW5wdXQ7XG4gICAgaWYgKGluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24uaW5pdGlhdG9yQ29udGFjdENhcmQpIHtcbiAgICAgIC8vIFRoZSBpbml0aWF0b3JDb250YWN0Q2FyZCBjcmVhdGVkIGR1cmluZyB0aGUgY3JlYXRpb24gb2YgdGhlIGludml0ZSBhbmQgZW5jcnlwdGVkIHVzaW5nIHRoZSBpbml0aWF0b3Inc1xuICAgICAgLy8gcm9vdCBrZXlcbiAgICAgIGNvbnN0IGluaXRpYXRvckNvbnRhY3RDYXJkRnJvbUluaXQgPVxuICAgICAgICBpbml0aWF0b3JSb290S2V5Q2lwaGVyQ2xlYXJKc29uLmluaXRpYXRvckNvbnRhY3RDYXJkO1xuICAgICAgY29uc3Qgb3duZXJLZXkgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlS2V5KCk7XG4gICAgICBjb25zdCBzaGFyZWRDaXBoZXJLZXkgPSBhd2FpdCBLZXlGYWN0b3J5U2VydmljZS5hc0tleShcbiAgICAgICAgcGxhaW5Jbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyLnJlc3BvbmRlci5jb250YWN0Q2FyZC5zaGFyZWRDaXBoZXJLZXlcbiAgICAgICk7XG5cbiAgICAgIGNvbnN0IG93bmVyV3JhcHBlZEtleSA9IEpTT04uc3RyaW5naWZ5KFxuICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQocm9vdEtleS5qd2ssIG93bmVyS2V5LnRvSlNPTih0cnVlKSlcbiAgICAgICk7XG5cbiAgICAgIC8vIEFsbG93IHRoZSBpbml0aWF0b3JDb250YWN0Q2FyZCBwYXJhbWV0ZXIgdG8gb3ZlcnJpZGVcbiAgICAgIGNvbnN0IG93bmVyQ2lwaGVyRGF0YUNsZWFySnNvbiA9XG4gICAgICAgIGluaXRpYXRvckNvbnRhY3RDYXJkPy5vd25lckNpcGhlckRhdGFDbGVhckpzb24gfHxcbiAgICAgICAgaW5pdGlhdG9yQ29udGFjdENhcmRGcm9tSW5pdC5vd25lckNpcGhlckRhdGFDbGVhckpzb247XG5cbiAgICAgIGNvbnN0IG93bmVyQ2lwaGVyRGF0YSA9IG93bmVyQ2lwaGVyRGF0YUNsZWFySnNvblxuICAgICAgICA/IGF3YWl0IHRoaXMua2V5R3JhcGguZW5jcnlwdFRvU3RyaW5nKFxuICAgICAgICAgICAgb3duZXJLZXksXG4gICAgICAgICAgICBvd25lckNpcGhlckRhdGFDbGVhckpzb25cbiAgICAgICAgICApXG4gICAgICAgIDogJyc7XG5cbiAgICAgIGluaXRpYXRvckNvbnRhY3RDYXJkQ2lwaGVySW5wdXQgPSB7XG4gICAgICAgIG93bmVyV3JhcHBlZEtleSxcbiAgICAgICAgb3duZXJXcmFwcGluZ0tleUlkOiByb290S2V5LmlkLFxuICAgICAgICBvd25lckNpcGhlckRhdGEsXG4gICAgICB9O1xuXG4gICAgICBpbml0aWF0b3JDb250YWN0Q2FyZFNoYXJlZENpcGhlcklucHV0ID0ge1xuICAgICAgICBzaWdQeGtJZDogaW5pdGlhdG9yU2lnUHJrLmlkLFxuICAgICAgfTtcblxuICAgICAgY29uc3Qgc2hhcmVkQ2lwaGVyRGF0YSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgICAgc2hhcmVkQ2lwaGVyS2V5LFxuICAgICAgICBpbml0aWF0b3JDb250YWN0Q2FyZEZyb21Jbml0LnNoYXJlZENpcGhlckRhdGFDbGVhckpzb25cbiAgICAgICk7XG4gICAgICBpbml0aWF0b3JDb250YWN0Q2FyZFNoYXJlZENpcGhlcklucHV0LnNoYXJlZENpcGhlckRhdGFTaWcgPVxuICAgICAgICBKU09OLnN0cmluZ2lmeShcbiAgICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLnNpZ24oXG4gICAgICAgICAgICBpbml0aWF0b3JTaWdQcmsuandrLFxuICAgICAgICAgICAgc2hhcmVkQ2lwaGVyRGF0YVxuICAgICAgICAgIClcbiAgICAgICAgKTtcbiAgICB9XG5cbiAgICAvLyBUT0RPIGlkZWFsbHkgd2UgdXBkYXRlIHRoZSBzaGFyZWQgZGF0YSBpbiB0aGUgY29udGFjdCBjYXJkIHNlbnQgdG8gdGhlIHJlc3BvbmRlciBhcyB3ZWxsIHNpbmNlIHRoYXRcbiAgICAvLyBDQyB3YXMgY3JlYXRlZCBieSB0aGUgcmVzcG9uZGVyLlxuXG4gICAgcmV0dXJuIG5ldyBMck11dGF0aW9uKHtcbiAgICAgIG11dGF0aW9uOiBDb21wbGV0ZUtleUV4Y2hhbmdlT3RrTXV0YXRpb24sXG4gICAgICB2YXJpYWJsZXM6IHtcbiAgICAgICAgaW5wdXQ6IHtcbiAgICAgICAgICBrZXlFeGNoYW5nZUlkLFxuICAgICAgICAgIHJvb3RLZXlJZDogcm9vdEtleS5pZCxcbiAgICAgICAgICBtYXN0ZXJLZXlJZDogbWFzdGVyS2V5LmlkLFxuICAgICAgICAgIGluaXRpYXRvclNpZ1B4a0lkOiBpbml0aWF0b3JTaWdQcmsuaWQsXG4gICAgICAgICAgc2lnbmVkUmVzcG9uZGVyUGJrOiBKU09OLnN0cmluZ2lmeShzaWduZWRSZXNwb25kZXJQYmspLFxuICAgICAgICAgIHNpZ25lZFJlc3BvbmRlclNpZ1BiazogSlNPTi5zdHJpbmdpZnkoc2lnbmVkUmVzcG9uZGVyU2lnUGJrKSxcbiAgICAgICAgICBya1dyYXBwZWRTaGFyZWRLZXk6IEpTT04uc3RyaW5naWZ5KHJrV3JhcHBlZFNoYXJlZEtleSksXG4gICAgICAgICAgbWtXcmFwcGVkTWtTaGFyZWRLZXk6IEpTT04uc3RyaW5naWZ5KG1rV3JhcHBlZE1rU2hhcmVkS2V5KSxcbiAgICAgICAgICByZXNwb25kZXJDb250YWN0Q2FyZENpcGhlcjogcmVzcG9uZGVyQ29udGFjdENhcmRDaXBoZXJJbnB1dCxcbiAgICAgICAgICBpbml0aWF0b3JDb250YWN0Q2FyZENpcGhlcjogaW5pdGlhdG9yQ29udGFjdENhcmRDaXBoZXJJbnB1dCxcbiAgICAgICAgICBpbml0aWF0b3JDb250YWN0Q2FyZFNoYXJlZENpcGhlcjpcbiAgICAgICAgICAgIGluaXRpYXRvckNvbnRhY3RDYXJkU2hhcmVkQ2lwaGVySW5wdXQsXG4gICAgICAgIH0sXG4gICAgICB9LFxuICAgIH0pO1xuICB9XG59XG4iXX0=
|