@lifeready/core 9.0.8 → 10.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/fesm2022/lifeready-core.mjs +10522 -0
- package/fesm2022/lifeready-core.mjs.map +1 -0
- package/package.json +21 -16
- package/types/lifeready-core.d.ts +5329 -0
- package/bundles/lifeready-core.umd.js +0 -13231
- package/bundles/lifeready-core.umd.js.map +0 -1
- package/bundles/lifeready-core.umd.min.js +0 -2
- package/bundles/lifeready-core.umd.min.js.map +0 -1
- package/esm2015/lib/_common/ast.js +0 -41
- package/esm2015/lib/_common/deferred-promise.js +0 -24
- package/esm2015/lib/_common/exceptions.js +0 -186
- package/esm2015/lib/_common/index.js +0 -3
- package/esm2015/lib/_common/kc-lodash.js +0 -11
- package/esm2015/lib/_common/key.js +0 -28
- package/esm2015/lib/_common/queries.gql.js +0 -43
- package/esm2015/lib/_common/run-outside-angular.js +0 -80
- package/esm2015/lib/_common/storage.js +0 -28
- package/esm2015/lib/_common/types.js +0 -2
- package/esm2015/lib/_common/utils.js +0 -73
- package/esm2015/lib/api/lr-apollo.service.js +0 -47
- package/esm2015/lib/api/lr-graphql/index.js +0 -6
- package/esm2015/lib/api/lr-graphql/lr-graphql.service.js +0 -170
- package/esm2015/lib/api/lr-graphql/lr-merged-mutation.js +0 -216
- package/esm2015/lib/api/lr-graphql/lr-mutation-base.js +0 -51
- package/esm2015/lib/api/lr-graphql/lr-mutation.js +0 -91
- package/esm2015/lib/api/lr-graphql/lr.service.js +0 -18
- package/esm2015/lib/api/query-processor/common-processors.service.js +0 -94
- package/esm2015/lib/api/query-processor/index.js +0 -3
- package/esm2015/lib/api/query-processor/query-processor.service.js +0 -307
- package/esm2015/lib/api/query-processor/tp-password-reset-processor.service.js +0 -110
- package/esm2015/lib/api/types/graphql.types.js +0 -8
- package/esm2015/lib/api/types/index.js +0 -3
- package/esm2015/lib/api/types/lr-graphql.types.js +0 -182
- package/esm2015/lib/auth/auth.config.js +0 -57
- package/esm2015/lib/auth/auth.gql.private.js +0 -85
- package/esm2015/lib/auth/auth.service.js +0 -616
- package/esm2015/lib/auth/auth.types.js +0 -19
- package/esm2015/lib/contact-card/contact-card.gql.js +0 -79
- package/esm2015/lib/contact-card/contact-card.service.js +0 -156
- package/esm2015/lib/contact-card/contact-card2.gql.js +0 -29
- package/esm2015/lib/contact-card/contact-card2.service.js +0 -103
- package/esm2015/lib/encryption/encryption.service.js +0 -188
- package/esm2015/lib/file-upload/file-upload.service.js +0 -70
- package/esm2015/lib/file-upload/file-upload.types.js +0 -2
- package/esm2015/lib/idle/idle.service.js +0 -159
- package/esm2015/lib/idle/idle.types.js +0 -7
- package/esm2015/lib/item/item.gql.js +0 -166
- package/esm2015/lib/item/item.gql.private.js +0 -41
- package/esm2015/lib/item/item.service.js +0 -662
- package/esm2015/lib/item/item.types.js +0 -2
- package/esm2015/lib/key/key-factory.service.js +0 -226
- package/esm2015/lib/key/key-graph.service.js +0 -314
- package/esm2015/lib/key/key-meta.service.js +0 -153
- package/esm2015/lib/key/key.service.js +0 -124
- package/esm2015/lib/key/key.types.js +0 -16
- package/esm2015/lib/key-exchange/key-exchange.gql.js +0 -174
- package/esm2015/lib/key-exchange/key-exchange.service.js +0 -496
- package/esm2015/lib/lbop/lbop.service.js +0 -351
- package/esm2015/lib/life-ready.config.js +0 -96
- package/esm2015/lib/life-ready.module.js +0 -42
- package/esm2015/lib/lock/lock.gql.js +0 -40
- package/esm2015/lib/lock/lock.service.js +0 -64
- package/esm2015/lib/notification/notification.gql.js +0 -43
- package/esm2015/lib/notification/notification.service.js +0 -118
- package/esm2015/lib/password/password.gql.js +0 -28
- package/esm2015/lib/password/password.service.js +0 -309
- package/esm2015/lib/persist/persist.service.js +0 -181
- package/esm2015/lib/plan/plan.gql.js +0 -91
- package/esm2015/lib/plan/plan.service.js +0 -191
- package/esm2015/lib/plan/plan.types.js +0 -2
- package/esm2015/lib/profile/profile-details.service.js +0 -261
- package/esm2015/lib/profile/profile.gql.js +0 -170
- package/esm2015/lib/profile/profile.service.js +0 -166
- package/esm2015/lib/profile/profile.types.js +0 -45
- package/esm2015/lib/register/register.service.js +0 -173
- package/esm2015/lib/register/register.types.js +0 -3
- package/esm2015/lib/reminder/reminder.gql.js +0 -27
- package/esm2015/lib/reminder/reminder.service.js +0 -85
- package/esm2015/lib/reminder/reminder.types.js +0 -2
- package/esm2015/lib/scenario/scenario.constants.js +0 -2
- package/esm2015/lib/scenario/scenario.controller.js +0 -34
- package/esm2015/lib/scenario/scenario.gql.js +0 -90
- package/esm2015/lib/scenario/scenario.private.gql.js +0 -200
- package/esm2015/lib/scenario/scenario.service.js +0 -679
- package/esm2015/lib/scenario/scenario.types.js +0 -2
- package/esm2015/lib/server-config/server-config.gql.js +0 -9
- package/esm2015/lib/server-config/server-config.service.js +0 -41
- package/esm2015/lib/shared-contact-card/shared-contact-card.service.js +0 -119
- package/esm2015/lib/shared-contact-card/shared-contact-card2.gql.js +0 -41
- package/esm2015/lib/shared-contact-card/shared-contact-card2.service.js +0 -117
- package/esm2015/lib/slip39/slip39.service.js +0 -167
- package/esm2015/lib/time/time.service.js +0 -152
- package/esm2015/lib/tp-assembly/tp-assembly.js +0 -363
- package/esm2015/lib/tp-assembly/tp-assembly.private.gql.js +0 -22
- package/esm2015/lib/tp-assembly/tp-assembly.types.js +0 -2
- package/esm2015/lib/tp-password-reset/tp-password-reset-request.service.js +0 -98
- package/esm2015/lib/tp-password-reset/tp-password-reset-user.service.js +0 -121
- package/esm2015/lib/tp-password-reset/tp-password-reset.constants.js +0 -4
- package/esm2015/lib/tp-password-reset/tp-password-reset.controller.js +0 -34
- package/esm2015/lib/tp-password-reset/tp-password-reset.gql.js +0 -74
- package/esm2015/lib/tp-password-reset/tp-password-reset.private.gql.js +0 -166
- package/esm2015/lib/tp-password-reset/tp-password-reset.private.service.js +0 -54
- package/esm2015/lib/tp-password-reset/tp-password-reset.service.js +0 -110
- package/esm2015/lib/tp-password-reset/tp-password-reset.types.js +0 -2
- package/esm2015/lib/trusted-party/trusted-party.gql.js +0 -96
- package/esm2015/lib/trusted-party/trusted-party.gql.private.js +0 -51
- package/esm2015/lib/trusted-party/trusted-party.service.js +0 -461
- package/esm2015/lib/trusted-party/trusted-party.types.js +0 -2
- package/esm2015/lib/two-factor/two-factor.service.js +0 -74
- package/esm2015/lib/user/user.gql.js +0 -32
- package/esm2015/lib/user/user.service.js +0 -58
- package/esm2015/lib/user/user.types.js +0 -2
- package/esm2015/lib/web-crypto/web-crypto.service.js +0 -29
- package/esm2015/lifeready-core.js +0 -17
- package/esm2015/public-api.js +0 -60
- package/fesm2015/lifeready-core.js +0 -10970
- package/fesm2015/lifeready-core.js.map +0 -1
- package/lib/_common/ast.d.ts +0 -11
- package/lib/_common/deferred-promise.d.ts +0 -12
- package/lib/_common/exceptions.d.ts +0 -126
- package/lib/_common/index.d.ts +0 -2
- package/lib/_common/kc-lodash.d.ts +0 -5
- package/lib/_common/key.d.ts +0 -14
- package/lib/_common/queries.gql.d.ts +0 -4
- package/lib/_common/run-outside-angular.d.ts +0 -14
- package/lib/_common/storage.d.ts +0 -13
- package/lib/_common/types.d.ts +0 -15
- package/lib/_common/utils.d.ts +0 -12
- package/lib/api/lr-apollo.service.d.ts +0 -15
- package/lib/api/lr-graphql/index.d.ts +0 -5
- package/lib/api/lr-graphql/lr-graphql.service.d.ts +0 -81
- package/lib/api/lr-graphql/lr-merged-mutation.d.ts +0 -46
- package/lib/api/lr-graphql/lr-mutation-base.d.ts +0 -28
- package/lib/api/lr-graphql/lr-mutation.d.ts +0 -48
- package/lib/api/lr-graphql/lr.service.d.ts +0 -9
- package/lib/api/query-processor/common-processors.service.d.ts +0 -36
- package/lib/api/query-processor/index.d.ts +0 -2
- package/lib/api/query-processor/query-processor.service.d.ts +0 -18
- package/lib/api/query-processor/tp-password-reset-processor.service.d.ts +0 -15
- package/lib/api/types/graphql.types.d.ts +0 -30
- package/lib/api/types/index.d.ts +0 -2
- package/lib/api/types/lr-graphql.types.d.ts +0 -807
- package/lib/auth/auth.config.d.ts +0 -5
- package/lib/auth/auth.gql.private.d.ts +0 -25
- package/lib/auth/auth.service.d.ts +0 -72
- package/lib/auth/auth.types.d.ts +0 -70
- package/lib/contact-card/contact-card.gql.d.ts +0 -7
- package/lib/contact-card/contact-card.service.d.ts +0 -53
- package/lib/contact-card/contact-card2.gql.d.ts +0 -25
- package/lib/contact-card/contact-card2.service.d.ts +0 -64
- package/lib/encryption/encryption.service.d.ts +0 -42
- package/lib/file-upload/file-upload.service.d.ts +0 -15
- package/lib/file-upload/file-upload.types.d.ts +0 -5
- package/lib/idle/idle.service.d.ts +0 -47
- package/lib/idle/idle.types.d.ts +0 -10
- package/lib/item/item.gql.d.ts +0 -134
- package/lib/item/item.gql.private.d.ts +0 -35
- package/lib/item/item.service.d.ts +0 -201
- package/lib/item/item.types.d.ts +0 -95
- package/lib/key/key-factory.service.d.ts +0 -40
- package/lib/key/key-graph.service.d.ts +0 -41
- package/lib/key/key-meta.service.d.ts +0 -51
- package/lib/key/key.service.d.ts +0 -36
- package/lib/key/key.types.d.ts +0 -86
- package/lib/key-exchange/key-exchange.gql.d.ts +0 -141
- package/lib/key-exchange/key-exchange.service.d.ts +0 -179
- package/lib/lbop/lbop.service.d.ts +0 -99
- package/lib/life-ready.config.d.ts +0 -26
- package/lib/life-ready.module.d.ts +0 -5
- package/lib/lock/lock.gql.d.ts +0 -27
- package/lib/lock/lock.service.d.ts +0 -34
- package/lib/notification/notification.gql.d.ts +0 -37
- package/lib/notification/notification.service.d.ts +0 -64
- package/lib/password/password.gql.d.ts +0 -3
- package/lib/password/password.service.d.ts +0 -79
- package/lib/persist/persist.service.d.ts +0 -31
- package/lib/plan/plan.gql.d.ts +0 -69
- package/lib/plan/plan.service.d.ts +0 -111
- package/lib/plan/plan.types.d.ts +0 -16
- package/lib/profile/profile-details.service.d.ts +0 -20
- package/lib/profile/profile.gql.d.ts +0 -21
- package/lib/profile/profile.service.d.ts +0 -32
- package/lib/profile/profile.types.d.ts +0 -121
- package/lib/register/register.service.d.ts +0 -25
- package/lib/register/register.types.d.ts +0 -6
- package/lib/reminder/reminder.gql.d.ts +0 -23
- package/lib/reminder/reminder.service.d.ts +0 -33
- package/lib/reminder/reminder.types.d.ts +0 -17
- package/lib/scenario/scenario.constants.d.ts +0 -1
- package/lib/scenario/scenario.controller.d.ts +0 -10
- package/lib/scenario/scenario.gql.d.ts +0 -78
- package/lib/scenario/scenario.private.gql.d.ts +0 -16
- package/lib/scenario/scenario.service.d.ts +0 -655
- package/lib/scenario/scenario.types.d.ts +0 -64
- package/lib/server-config/server-config.gql.d.ts +0 -5
- package/lib/server-config/server-config.service.d.ts +0 -9
- package/lib/shared-contact-card/shared-contact-card.service.d.ts +0 -33
- package/lib/shared-contact-card/shared-contact-card2.gql.d.ts +0 -36
- package/lib/shared-contact-card/shared-contact-card2.service.d.ts +0 -45
- package/lib/slip39/slip39.service.d.ts +0 -42
- package/lib/time/time.service.d.ts +0 -26
- package/lib/tp-assembly/tp-assembly.d.ts +0 -177
- package/lib/tp-assembly/tp-assembly.private.gql.d.ts +0 -5
- package/lib/tp-assembly/tp-assembly.types.d.ts +0 -40
- package/lib/tp-password-reset/tp-password-reset-request.service.d.ts +0 -16
- package/lib/tp-password-reset/tp-password-reset-user.service.d.ts +0 -29
- package/lib/tp-password-reset/tp-password-reset.constants.d.ts +0 -3
- package/lib/tp-password-reset/tp-password-reset.controller.d.ts +0 -10
- package/lib/tp-password-reset/tp-password-reset.gql.d.ts +0 -63
- package/lib/tp-password-reset/tp-password-reset.private.gql.d.ts +0 -163
- package/lib/tp-password-reset/tp-password-reset.private.service.d.ts +0 -59
- package/lib/tp-password-reset/tp-password-reset.service.d.ts +0 -112
- package/lib/tp-password-reset/tp-password-reset.types.d.ts +0 -40
- package/lib/trusted-party/trusted-party.gql.d.ts +0 -85
- package/lib/trusted-party/trusted-party.gql.private.d.ts +0 -40
- package/lib/trusted-party/trusted-party.service.d.ts +0 -192
- package/lib/trusted-party/trusted-party.types.d.ts +0 -31
- package/lib/two-factor/two-factor.service.d.ts +0 -15
- package/lib/user/user.gql.d.ts +0 -8
- package/lib/user/user.service.d.ts +0 -9
- package/lib/user/user.types.d.ts +0 -16
- package/lib/web-crypto/web-crypto.service.d.ts +0 -5
- package/lifeready-core.d.ts +0 -16
- package/lifeready-core.metadata.json +0 -1
- package/public-api.d.ts +0 -56
|
@@ -1,496 +0,0 @@
|
|
|
1
|
-
import { __awaiter, __decorate } from "tslib";
|
|
2
|
-
import { Injectable, Injector, NgZone } from '@angular/core';
|
|
3
|
-
import { LrMutation, LrService } from '../api/lr-graphql';
|
|
4
|
-
import { EncryptionService, JoseSerialization, } from '../encryption/encryption.service';
|
|
5
|
-
import { KeyFactoryService } from '../key/key-factory.service';
|
|
6
|
-
import { KeyGraphService } from '../key/key-graph.service';
|
|
7
|
-
import { KeyService } from '../key/key.service';
|
|
8
|
-
import { KcCodeMismatchException } from '../_common/exceptions';
|
|
9
|
-
import { RunOutsideAngular } from '../_common/run-outside-angular';
|
|
10
|
-
import { CancelKeyExchangeMutation, CompleteKeyExchangeOtkMutation, CurrentUserSharedKeyQuery2, DeclineKeyExchangeMutation, InitiateKeyExchangeOtkMutation, KeyExchangeQuery2, KeyExchangesQuery2, KeyExchangeTokenQuery2, RespondKeyExchangeOtkMutation, } from './key-exchange.gql';
|
|
11
|
-
import * as i0 from "@angular/core";
|
|
12
|
-
import * as i1 from "../key/key-factory.service";
|
|
13
|
-
import * as i2 from "../key/key.service";
|
|
14
|
-
import * as i3 from "../encryption/encryption.service";
|
|
15
|
-
import * as i4 from "../key/key-graph.service";
|
|
16
|
-
let KeyExchangeService = class KeyExchangeService extends LrService {
|
|
17
|
-
constructor(ngZone, injector, keyFactory, keyService, encryptionService, keyGraph) {
|
|
18
|
-
super(injector);
|
|
19
|
-
this.ngZone = ngZone;
|
|
20
|
-
this.injector = injector;
|
|
21
|
-
this.keyFactory = keyFactory;
|
|
22
|
-
this.keyService = keyService;
|
|
23
|
-
this.encryptionService = encryptionService;
|
|
24
|
-
this.keyGraph = keyGraph;
|
|
25
|
-
this.CLIENT_NONCE_LENGTH = 32;
|
|
26
|
-
}
|
|
27
|
-
getOtKey(keyExchange, otKeyK) {
|
|
28
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
29
|
-
if (otKeyK) {
|
|
30
|
-
return yield KeyFactoryService.asKey(Object.assign(Object.assign({}, JSON.parse(keyExchange.otk.otKeyParams)), { k: otKeyK }));
|
|
31
|
-
}
|
|
32
|
-
else if (keyExchange.otk.state === 'OTK_INITIATED' &&
|
|
33
|
-
!keyExchange.isInitiator &&
|
|
34
|
-
keyExchange.otk.responderPbkCipher) {
|
|
35
|
-
// Assuming existing user getting invited where OTK is wrapped in responder's public key.
|
|
36
|
-
const prk = this.keyService.currentPxk;
|
|
37
|
-
const decryptedCipher = yield this.encryptionService.decrypt(prk.jwk, JSON.parse(keyExchange.otk.responderPbkCipher), {
|
|
38
|
-
serializations: [JoseSerialization.COMPACT],
|
|
39
|
-
});
|
|
40
|
-
if (decryptedCipher.otKey) {
|
|
41
|
-
return yield KeyFactoryService.asKey(decryptedCipher.otKey);
|
|
42
|
-
}
|
|
43
|
-
}
|
|
44
|
-
return null;
|
|
45
|
-
});
|
|
46
|
-
}
|
|
47
|
-
decryptOtk(keyExchange, otKeyK) {
|
|
48
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
49
|
-
const otKey = yield this.getOtKey(keyExchange, otKeyK);
|
|
50
|
-
let otk = keyExchange.otk;
|
|
51
|
-
if (otKey && otk.otKeyCipher) {
|
|
52
|
-
otk = Object.assign(Object.assign({}, otk), { otKey, otKeyCipherClearJson: yield this.encryptionService.decrypt(otKey, keyExchange.otk.otKeyCipher) });
|
|
53
|
-
}
|
|
54
|
-
else if (otk.otKeyCipher && !otKey) {
|
|
55
|
-
// Log a warning when we have cipher data but couldn't obtain the key to decrypt it.
|
|
56
|
-
// This typically happens when:
|
|
57
|
-
// - The otKeyK (raw one-time key from URL hash) was not provided or was empty
|
|
58
|
-
// - The responder doesn't have a responderPbkCipher (new user via invite)
|
|
59
|
-
console.warn('KeyExchangeService: Unable to decrypt OTK cipher - one-time key not available. ' +
|
|
60
|
-
'otKeyK provided:', !!otKeyK, 'otKeyK value:', otKeyK ? '[present]' : '[empty/missing]');
|
|
61
|
-
}
|
|
62
|
-
return Object.assign(Object.assign({}, keyExchange), { otk });
|
|
63
|
-
});
|
|
64
|
-
}
|
|
65
|
-
decryptResponseCipher(otKey, otPrk, content) {
|
|
66
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
67
|
-
// The response could be wrapped by the OtK in addition to the OtPbk
|
|
68
|
-
try {
|
|
69
|
-
content = yield this.encryptionService.decrypt(otKey, content);
|
|
70
|
-
}
|
|
71
|
-
catch (error) {
|
|
72
|
-
if (error.message !== 'no key found') {
|
|
73
|
-
throw error;
|
|
74
|
-
}
|
|
75
|
-
// Do nothing to support older versions where message is not wrapped with otk.
|
|
76
|
-
}
|
|
77
|
-
// The Prk is single-use and only used to send information from the responder back to the initiator.
|
|
78
|
-
return yield this.encryptionService.decrypt(otPrk, content);
|
|
79
|
-
});
|
|
80
|
-
}
|
|
81
|
-
decryptKeyExchangeAsInitiator(keyExchange) {
|
|
82
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
83
|
-
const rootKey = this.keyService.currentRootKey;
|
|
84
|
-
// Decrypt using the root key to get the Prk
|
|
85
|
-
const initiatorRootKeyCipherClearJson = (yield this.encryptionService.decrypt(rootKey.jwk, keyExchange.initiatorRootKeyCipher));
|
|
86
|
-
const otKey = yield KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.otKey);
|
|
87
|
-
keyExchange = Object.assign(Object.assign({}, keyExchange), { initiatorRootKeyCipherClearJson });
|
|
88
|
-
let otk = keyExchange.otk;
|
|
89
|
-
if (otk.initiatorOneTimePbkCipher) {
|
|
90
|
-
otk = Object.assign(Object.assign({}, otk), { initiatorOneTimePbkCipherClearJson: yield this.decryptResponseCipher(otKey, yield KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.oneTimePrk), otk.initiatorOneTimePbkCipher) });
|
|
91
|
-
}
|
|
92
|
-
if (otk.otKeyCipher) {
|
|
93
|
-
otk.otKeyCipherClearJson = yield this.encryptionService.decrypt(otKey, otk.otKeyCipher);
|
|
94
|
-
}
|
|
95
|
-
return Object.assign(Object.assign({}, keyExchange), { otk });
|
|
96
|
-
});
|
|
97
|
-
}
|
|
98
|
-
decryptKeyExchangeAsResponder(keyExchange, otKeyK) {
|
|
99
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
100
|
-
return this.decryptOtk(keyExchange, otKeyK);
|
|
101
|
-
});
|
|
102
|
-
}
|
|
103
|
-
decryptKeyExchange(keyExchange, otKeyK) {
|
|
104
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
105
|
-
if (keyExchange.isInitiator) {
|
|
106
|
-
return this.decryptKeyExchangeAsInitiator(keyExchange);
|
|
107
|
-
}
|
|
108
|
-
else {
|
|
109
|
-
return this.decryptKeyExchangeAsResponder(keyExchange, otKeyK);
|
|
110
|
-
}
|
|
111
|
-
});
|
|
112
|
-
}
|
|
113
|
-
getKeyExchanges({ state } = {}) {
|
|
114
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
115
|
-
const { keyExchanges } = yield this.query({
|
|
116
|
-
query: KeyExchangesQuery2,
|
|
117
|
-
variables: {
|
|
118
|
-
state,
|
|
119
|
-
},
|
|
120
|
-
});
|
|
121
|
-
return Promise.all(keyExchanges.edges.map((edge) => this.decryptKeyExchange(edge.node)));
|
|
122
|
-
});
|
|
123
|
-
}
|
|
124
|
-
/**
|
|
125
|
-
* @param id If the current user can responder the key exchange if they are either the initiator or the receiver.
|
|
126
|
-
* @param token If not signed in, or not the initiator or responder, 'token' must be given.
|
|
127
|
-
* @param otKeyK Is the raw one-time key (string). If the responder is explicitly specified at time of initiation, then
|
|
128
|
-
* it's possible to have the otKey wrapped by the public key of the responder. In which case, the otKeyK is not needed.
|
|
129
|
-
*/
|
|
130
|
-
getKeyExchange(id, { otKeyK, token } = {}) {
|
|
131
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
132
|
-
const res = yield this.query({
|
|
133
|
-
query: token ? KeyExchangeTokenQuery2 : KeyExchangeQuery2,
|
|
134
|
-
variables: {
|
|
135
|
-
id,
|
|
136
|
-
token,
|
|
137
|
-
},
|
|
138
|
-
includeKeyGraph: !token,
|
|
139
|
-
});
|
|
140
|
-
return this.decryptKeyExchange(res.keyExchange, otKeyK);
|
|
141
|
-
});
|
|
142
|
-
}
|
|
143
|
-
getCurrentUserSharedKey(input) {
|
|
144
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
145
|
-
return this.query({
|
|
146
|
-
query: CurrentUserSharedKeyQuery2,
|
|
147
|
-
variables: {
|
|
148
|
-
username: input.username,
|
|
149
|
-
userId: input.userId,
|
|
150
|
-
},
|
|
151
|
-
});
|
|
152
|
-
});
|
|
153
|
-
}
|
|
154
|
-
cancelKeyExchange(id) {
|
|
155
|
-
return this.mutate(this.cancelKeyExchangeMutation(id));
|
|
156
|
-
}
|
|
157
|
-
cancelKeyExchangeMutation(id) {
|
|
158
|
-
return new LrMutation({
|
|
159
|
-
mutation: CancelKeyExchangeMutation,
|
|
160
|
-
variables: {
|
|
161
|
-
input: {
|
|
162
|
-
id,
|
|
163
|
-
},
|
|
164
|
-
},
|
|
165
|
-
});
|
|
166
|
-
}
|
|
167
|
-
declineKeyExchange(id, token) {
|
|
168
|
-
return this.mutate(this.declineKeyExchangeMutation(id, token));
|
|
169
|
-
}
|
|
170
|
-
declineKeyExchangeMutation(id, token) {
|
|
171
|
-
return new LrMutation({
|
|
172
|
-
mutation: DeclineKeyExchangeMutation,
|
|
173
|
-
variables: {
|
|
174
|
-
input: {
|
|
175
|
-
id,
|
|
176
|
-
token,
|
|
177
|
-
},
|
|
178
|
-
},
|
|
179
|
-
});
|
|
180
|
-
}
|
|
181
|
-
initiateOtk(input = {}) {
|
|
182
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
183
|
-
return this.mutate((yield this.initiateOtkMutation(input)).lrMutation);
|
|
184
|
-
});
|
|
185
|
-
}
|
|
186
|
-
initiateOtkMutation({ message, email, contactCard, upgrade, } = {}) {
|
|
187
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
188
|
-
const otKey = yield this.keyFactory.createKey();
|
|
189
|
-
const nonce = this.keyFactory.randomString(this.CLIENT_NONCE_LENGTH);
|
|
190
|
-
// New PKC key for encryption. This key is used only once when the responder sends
|
|
191
|
-
// back their signing public key.
|
|
192
|
-
const initiatorOneTimePrk = yield this.keyFactory.createPkcKey();
|
|
193
|
-
// Option 1: New PKC key for signing
|
|
194
|
-
// const initiatorSigPrk = await this.keyService.createPkcSignKey();
|
|
195
|
-
// Option 2: Use the user's global signing key.
|
|
196
|
-
// This key is used to prove the initiator's identity.
|
|
197
|
-
const initiatorPrk = this.keyService.currentPxk;
|
|
198
|
-
const initiatorSigPrk = this.keyService.currentSigPxk;
|
|
199
|
-
let initiatorPlainDataSig = null;
|
|
200
|
-
if (contactCard && contactCard.ownerPlainDataJson) {
|
|
201
|
-
initiatorPlainDataSig = yield this.encryptionService.signToString(initiatorSigPrk.jwk, contactCard.ownerPlainDataJson);
|
|
202
|
-
}
|
|
203
|
-
const initiator = {
|
|
204
|
-
message,
|
|
205
|
-
contactCard: contactCard && {
|
|
206
|
-
sharedCipherDataClearJson: contactCard.sharedCipherDataClearJson,
|
|
207
|
-
},
|
|
208
|
-
};
|
|
209
|
-
// Content to be encrypted using the OTK.
|
|
210
|
-
const plainOtKeyCipher = {
|
|
211
|
-
// TODO Make sure we also put the OOB code in here as well since the OOB code is the
|
|
212
|
-
// _only_ information the KC server does not have access to. The server may have
|
|
213
|
-
// access to OTK and hence the nonce here. It's good to have both the nonce and OOB code
|
|
214
|
-
// since the user may not be using the OOB code. And it's simple to always include
|
|
215
|
-
// the nonce, so why not.
|
|
216
|
-
nonce,
|
|
217
|
-
initiator: Object.assign(Object.assign({}, initiator), { oneTimePbk: initiatorOneTimePrk.toJSON(), pbk: initiatorPrk.jwk.toJSON(), sigPbk: initiatorSigPrk.jwk.toJSON() }),
|
|
218
|
-
};
|
|
219
|
-
const otKeyCipher = yield this.keyGraph.encryptToString(otKey, plainOtKeyCipher);
|
|
220
|
-
// Content to be encrypted using the initiator's root key.
|
|
221
|
-
const initiatorRootKeyCipherClearJson = {
|
|
222
|
-
nonce,
|
|
223
|
-
oneTimePrk: initiatorOneTimePrk.toJSON(true),
|
|
224
|
-
// Should not need to keep this encrypted since we are using the global signing key.
|
|
225
|
-
// sigPrk: initiatorSigPrk.toJSON(true),
|
|
226
|
-
// Save it in case the initiator want to decode the otKeyCipher.
|
|
227
|
-
// Since the otKey is only used once, and that otKeyCipher contains only
|
|
228
|
-
// the public key of the initiator, it's safe just leave the otKey stored here.
|
|
229
|
-
otKey: otKey.toJSON(true),
|
|
230
|
-
// These should be storing information such as how the fields of the shared contact card is
|
|
231
|
-
// derived from the master contact card.
|
|
232
|
-
initiatorContactCard: contactCard,
|
|
233
|
-
initiator,
|
|
234
|
-
};
|
|
235
|
-
const rootKey = this.keyService.currentRootKey;
|
|
236
|
-
const initiatorRootKeyCipher = yield this.keyGraph.encryptToString(rootKey.jwk, initiatorRootKeyCipherClearJson);
|
|
237
|
-
// The raw OTK
|
|
238
|
-
const otKeyK = otKey.toJSON(true).k;
|
|
239
|
-
// API call
|
|
240
|
-
const lrMutation = new LrMutation({
|
|
241
|
-
mutation: InitiateKeyExchangeOtkMutation,
|
|
242
|
-
variables: {
|
|
243
|
-
input: {
|
|
244
|
-
// These will be stored on the server
|
|
245
|
-
initiatorRootKeyCipher,
|
|
246
|
-
initiatorPxkId: initiatorPrk.id,
|
|
247
|
-
initiatorSigPxkId: initiatorSigPrk.id,
|
|
248
|
-
// These will be sent to the responder
|
|
249
|
-
otKeyParams: JSON.stringify(otKey.toJSON()),
|
|
250
|
-
otKeyCipher,
|
|
251
|
-
sendEmail: email && {
|
|
252
|
-
email,
|
|
253
|
-
rawOtKey: otKeyK,
|
|
254
|
-
},
|
|
255
|
-
createTp: true,
|
|
256
|
-
initiatorPlainDataSig,
|
|
257
|
-
upgrade,
|
|
258
|
-
},
|
|
259
|
-
},
|
|
260
|
-
});
|
|
261
|
-
return { lrMutation, otKeyK };
|
|
262
|
-
});
|
|
263
|
-
}
|
|
264
|
-
respondOtk(input) {
|
|
265
|
-
return this.mutate(this.respondOtkMutation(input));
|
|
266
|
-
}
|
|
267
|
-
respondOtkMutation({ keyExchangeId, token, decryptedOtk, message, initiatorContactCard, responderContactCard, }) {
|
|
268
|
-
var _a;
|
|
269
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
270
|
-
// Validate that the OTK was properly decrypted before proceeding.
|
|
271
|
-
// This can fail if the one-time key (otKeyK) was not provided or was invalid,
|
|
272
|
-
// which can happen if the invite URL hash fragment was lost (e.g., page refresh after hash removal).
|
|
273
|
-
if (!((_a = decryptedOtk === null || decryptedOtk === void 0 ? void 0 : decryptedOtk.otKeyCipherClearJson) === null || _a === void 0 ? void 0 : _a.initiator)) {
|
|
274
|
-
throw new Error('Failed to decrypt key exchange data. The invite link may be invalid or expired. ' +
|
|
275
|
-
'Please request a new invite from the sender.');
|
|
276
|
-
}
|
|
277
|
-
const rootKey = this.keyService.currentRootKey;
|
|
278
|
-
const masterKey = this.keyService.currentMasterKey;
|
|
279
|
-
const sharedKey = yield this.keyFactory.createKey();
|
|
280
|
-
const mkSharedKey = yield this.keyFactory.createKey();
|
|
281
|
-
const rkWrappedSharedKey = yield this.encryptionService.encrypt(rootKey.jwk, sharedKey.toJSON(true));
|
|
282
|
-
const mkWrappedMkSharedKey = yield this.encryptionService.encrypt(masterKey.jwk, mkSharedKey.toJSON(true));
|
|
283
|
-
const initiatorOneTimePbk = yield KeyFactoryService.asKey(decryptedOtk.otKeyCipherClearJson.initiator.oneTimePbk);
|
|
284
|
-
const initiatorPbk = yield KeyFactoryService.asKey(decryptedOtk.otKeyCipherClearJson.initiator.pbk);
|
|
285
|
-
const initiatorSigPbk = yield KeyFactoryService.asKey(decryptedOtk.otKeyCipherClearJson.initiator.sigPbk);
|
|
286
|
-
// Option 1: Using new Prk for each TP pair
|
|
287
|
-
// Create a new public signing key for the responder.
|
|
288
|
-
// const responderSigPrk = await this.keyService.createPkcSignKey()
|
|
289
|
-
// const rkWrappedResponderSigPrk = await this.encrypt(rootKey, responderSigPrk.toJSON(true));
|
|
290
|
-
// Option 2: Responder already has a signing Prk
|
|
291
|
-
const responderPrk = this.keyService.currentPxk;
|
|
292
|
-
const responderSigPrk = this.keyService.currentSigPxk;
|
|
293
|
-
const signedInitiatorPbk = yield this.encryptionService.sign(responderSigPrk.jwk, initiatorPbk.toJSON());
|
|
294
|
-
const signedInitiatorSigPbk = yield this.encryptionService.sign(responderSigPrk.jwk, initiatorSigPbk.toJSON());
|
|
295
|
-
const initiatorOneTimePbkCipherClearJson = {
|
|
296
|
-
nonce: decryptedOtk.otKeyCipherClearJson.nonce,
|
|
297
|
-
sharedKey: sharedKey.toJSON(true),
|
|
298
|
-
mkSharedKey: mkSharedKey.toJSON(true),
|
|
299
|
-
responder: {
|
|
300
|
-
pbk: responderPrk.jwk.toJSON(),
|
|
301
|
-
sigPbk: responderSigPrk.jwk.toJSON(),
|
|
302
|
-
message,
|
|
303
|
-
},
|
|
304
|
-
};
|
|
305
|
-
let receivedCardInput;
|
|
306
|
-
if (decryptedOtk.otKeyCipherClearJson.initiator.contactCard) {
|
|
307
|
-
// Set the info about the initiator to be the ones sent by the initiator. We need th responder to do the encryption here
|
|
308
|
-
// because the initiator does not have the shared key yet, and we want the responder to have a functional contact card after
|
|
309
|
-
// this exchange. The initiator can double check the contact details are correct and sign it when it completes the exchange.
|
|
310
|
-
const sharedCipherDataClearJson = decryptedOtk.otKeyCipherClearJson.initiator.contactCard
|
|
311
|
-
.sharedCipherDataClearJson;
|
|
312
|
-
// Create keys
|
|
313
|
-
const receiverKey = yield this.keyFactory.createKey();
|
|
314
|
-
const ccSharedKey = yield this.keyFactory.createKey();
|
|
315
|
-
const sigPxk = this.keyService.currentSigPxk;
|
|
316
|
-
receivedCardInput = {
|
|
317
|
-
receiverWrappedKey: JSON.stringify(yield this.encryptionService.encrypt(rootKey.jwk, receiverKey.toJSON(true))),
|
|
318
|
-
receiverWrappingKeyId: rootKey.id,
|
|
319
|
-
receiverCipherData: initiatorContactCard
|
|
320
|
-
? JSON.stringify(yield this.encryptionService.encrypt(receiverKey, initiatorContactCard.receiverCipherDataClearJson))
|
|
321
|
-
: '',
|
|
322
|
-
sharedWrappedKey: JSON.stringify(yield this.encryptionService.encrypt(sharedKey, ccSharedKey.toJSON(true))),
|
|
323
|
-
};
|
|
324
|
-
const sharedCipherData = yield this.encryptionService.encrypt(ccSharedKey, sharedCipherDataClearJson);
|
|
325
|
-
receivedCardInput.sharedCipherDataSig = JSON.stringify(yield this.encryptionService.sign(sigPxk.jwk, sharedCipherData));
|
|
326
|
-
receivedCardInput.sigPxkId = sigPxk.id;
|
|
327
|
-
initiatorOneTimePbkCipherClearJson.responder.contactCard = Object.assign(Object.assign({}, initiatorOneTimePbkCipherClearJson.responder.contactCard), { sharedCipherKey: ccSharedKey.toJSON(true) });
|
|
328
|
-
}
|
|
329
|
-
let responderCardInput;
|
|
330
|
-
if (responderContactCard) {
|
|
331
|
-
// Create keys
|
|
332
|
-
const ownerKey = yield this.keyFactory.createKey();
|
|
333
|
-
const ccSharedKey = yield this.keyFactory.createKey();
|
|
334
|
-
const sigPxk = this.keyService.currentSigPxk;
|
|
335
|
-
responderCardInput = {
|
|
336
|
-
ownerWrappedKey: JSON.stringify(yield this.encryptionService.encrypt(rootKey.jwk, ownerKey.toJSON(true))),
|
|
337
|
-
ownerWrappingKeyId: rootKey.id,
|
|
338
|
-
ownerCipherData: responderContactCard.ownerCipherDataClearJson
|
|
339
|
-
? JSON.stringify(yield this.encryptionService.encrypt(ownerKey, responderContactCard.ownerCipherDataClearJson))
|
|
340
|
-
: '',
|
|
341
|
-
sharedWrappedKey: JSON.stringify(yield this.encryptionService.encrypt(sharedKey, ccSharedKey.toJSON(true))),
|
|
342
|
-
};
|
|
343
|
-
const sharedCipherData = yield this.encryptionService.encrypt(ccSharedKey, responderContactCard.sharedCipherDataClearJson);
|
|
344
|
-
responderCardInput.sharedCipherDataSig = JSON.stringify(yield this.encryptionService.sign(sigPxk.jwk, sharedCipherData));
|
|
345
|
-
responderCardInput.sigPxkId = sigPxk.id;
|
|
346
|
-
if (responderContactCard.ownerPlainDataJson) {
|
|
347
|
-
responderCardInput.ownerPlainDataSig = JSON.stringify(yield this.encryptionService.sign(responderSigPrk.jwk, responderContactCard.ownerPlainDataJson));
|
|
348
|
-
}
|
|
349
|
-
// Contact card info readable by the initiator
|
|
350
|
-
initiatorOneTimePbkCipherClearJson.responder.contactCard = Object.assign(Object.assign({}, initiatorOneTimePbkCipherClearJson.responder.contactCard), { sharedCipherDataClearJson: responderContactCard.sharedCipherDataClearJson });
|
|
351
|
-
}
|
|
352
|
-
// Encrypt with one-time public key
|
|
353
|
-
let initiatorOneTimePbkCipher = yield this.encryptionService.encrypt(initiatorOneTimePbk, initiatorOneTimePbkCipherClearJson);
|
|
354
|
-
// Encrypt with the otk again to keep use of asymmetric keys to a minimum.
|
|
355
|
-
initiatorOneTimePbkCipher = yield this.encryptionService.encrypt(decryptedOtk.otKey, initiatorOneTimePbkCipher);
|
|
356
|
-
return new LrMutation({
|
|
357
|
-
mutation: RespondKeyExchangeOtkMutation,
|
|
358
|
-
variables: {
|
|
359
|
-
input: {
|
|
360
|
-
keyExchangeId,
|
|
361
|
-
keyExchangeToken: token,
|
|
362
|
-
rootKeyId: rootKey.id,
|
|
363
|
-
masterKeyId: masterKey.id,
|
|
364
|
-
// These will be stored on the server
|
|
365
|
-
responderPxkId: responderPrk.id,
|
|
366
|
-
responderSigPxkId: responderSigPrk.id,
|
|
367
|
-
signedInitiatorPbk: JSON.stringify(signedInitiatorPbk),
|
|
368
|
-
signedInitiatorSigPbk: JSON.stringify(signedInitiatorSigPbk),
|
|
369
|
-
// rkWrappedInitiatorSigPbk: JSON.stringify(rkWrappedInitiatorSigPbk),
|
|
370
|
-
// Option 1: Using new Prk for each TP pair
|
|
371
|
-
// rkWrappedResponderSigPrk: JSON.stringify(rkWrappedResponderSigPrk),
|
|
372
|
-
rkWrappedSharedKey: JSON.stringify(rkWrappedSharedKey),
|
|
373
|
-
mkWrappedMkSharedKey: JSON.stringify(mkWrappedMkSharedKey),
|
|
374
|
-
// These will be sent to the initiator
|
|
375
|
-
initiatorOneTimePbkCipher: JSON.stringify(initiatorOneTimePbkCipher),
|
|
376
|
-
initiatorContactCard: receivedCardInput,
|
|
377
|
-
responderContactCard: responderCardInput,
|
|
378
|
-
},
|
|
379
|
-
},
|
|
380
|
-
});
|
|
381
|
-
});
|
|
382
|
-
}
|
|
383
|
-
completeOtk(input) {
|
|
384
|
-
return this.mutate(this.completeOtkMutation(input));
|
|
385
|
-
}
|
|
386
|
-
completeOtkMutation({ keyExchangeId, initiatorRootKeyCipher, initiatorOneTimePbkCipher, responderContactCard, initiatorContactCard, }) {
|
|
387
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
388
|
-
const rootKey = this.keyService.currentRootKey;
|
|
389
|
-
const masterKey = this.keyService.currentMasterKey;
|
|
390
|
-
// Decrypt using the root key to get the Prk
|
|
391
|
-
const initiatorRootKeyCipherClearJson = (yield this.encryptionService.decrypt(rootKey.jwk, initiatorRootKeyCipher));
|
|
392
|
-
// The Prk is single-use and only used to send information from the responder back to the initiator.
|
|
393
|
-
const plainInitiatorOneTimePbkCipher = yield this.decryptResponseCipher(yield KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.otKey), yield KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.oneTimePrk), initiatorOneTimePbkCipher);
|
|
394
|
-
// Check the nonce match to ensure the responder was the one holding the OTK
|
|
395
|
-
if (initiatorRootKeyCipherClearJson.nonce !==
|
|
396
|
-
plainInitiatorOneTimePbkCipher.nonce) {
|
|
397
|
-
throw new KcCodeMismatchException('The nonce returned by responder does not match with the one created by the initiator.');
|
|
398
|
-
}
|
|
399
|
-
// Option 1: Assuming the signing key is unique between users.
|
|
400
|
-
// const initiatorSigPrk = await KFS.asKey(ke.plainInitiatorRootKeyCipher.sigPrk);
|
|
401
|
-
// const rkWrappedInitiatorSigPrk = await this.encrypt(rootKey, initiatorSigPrk.toJSON(true));
|
|
402
|
-
// Option 2: Use the user's global signing key.
|
|
403
|
-
// In this case the initiatorSigPrk is already a part of the key graph.
|
|
404
|
-
// So there's nothing to do here.
|
|
405
|
-
// Protected the signing public key of the responder.
|
|
406
|
-
const initiatorSigPrk = this.keyService.currentSigPxk;
|
|
407
|
-
const responderSigPbk = yield KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.responder.sigPbk);
|
|
408
|
-
const responderPbk = yield KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.responder.pbk);
|
|
409
|
-
const signedResponderPbk = yield this.encryptionService.sign(initiatorSigPrk.jwk, responderPbk.toJSON());
|
|
410
|
-
const signedResponderSigPbk = yield this.encryptionService.sign(initiatorSigPrk.jwk, responderSigPbk.toJSON());
|
|
411
|
-
const sharedKey = yield KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.sharedKey);
|
|
412
|
-
const rkWrappedSharedKey = yield this.encryptionService.encrypt(rootKey.jwk, sharedKey.toJSON(true));
|
|
413
|
-
const mkSharedKey = yield KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.mkSharedKey);
|
|
414
|
-
const mkWrappedMkSharedKey = yield this.encryptionService.encrypt(masterKey.jwk, mkSharedKey.toJSON(true));
|
|
415
|
-
let responderContactCardCipherInput;
|
|
416
|
-
if (responderContactCard) {
|
|
417
|
-
// Create key
|
|
418
|
-
const receiverKey = yield this.keyFactory.createKey();
|
|
419
|
-
responderContactCardCipherInput = {
|
|
420
|
-
receiverWrappedKey: JSON.stringify(yield this.encryptionService.encrypt(rootKey.jwk, receiverKey.toJSON(true))),
|
|
421
|
-
receiverWrappingKeyId: rootKey.id,
|
|
422
|
-
receiverCipherData: JSON.stringify(yield this.encryptionService.encrypt(receiverKey, responderContactCard.receiverCipherDataClearJson)),
|
|
423
|
-
};
|
|
424
|
-
}
|
|
425
|
-
// Get the data needed from the initiator's cipher data.
|
|
426
|
-
let initiatorContactCardCipherInput;
|
|
427
|
-
let initiatorContactCardSharedCipherInput;
|
|
428
|
-
if (initiatorRootKeyCipherClearJson.initiatorContactCard) {
|
|
429
|
-
// The initiatorContactCard created during the creation of the invite and encrypted using the initiator's
|
|
430
|
-
// root key
|
|
431
|
-
const initiatorContactCardFromInit = initiatorRootKeyCipherClearJson.initiatorContactCard;
|
|
432
|
-
const ownerKey = yield this.keyFactory.createKey();
|
|
433
|
-
const sharedCipherKey = yield KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.responder.contactCard.sharedCipherKey);
|
|
434
|
-
const ownerWrappedKey = JSON.stringify(yield this.encryptionService.encrypt(rootKey.jwk, ownerKey.toJSON(true)));
|
|
435
|
-
// Allow the initiatorContactCard parameter to override
|
|
436
|
-
const ownerCipherDataClearJson = (initiatorContactCard === null || initiatorContactCard === void 0 ? void 0 : initiatorContactCard.ownerCipherDataClearJson) ||
|
|
437
|
-
initiatorContactCardFromInit.ownerCipherDataClearJson;
|
|
438
|
-
const ownerCipherData = ownerCipherDataClearJson
|
|
439
|
-
? yield this.keyGraph.encryptToString(ownerKey, ownerCipherDataClearJson)
|
|
440
|
-
: '';
|
|
441
|
-
initiatorContactCardCipherInput = {
|
|
442
|
-
ownerWrappedKey,
|
|
443
|
-
ownerWrappingKeyId: rootKey.id,
|
|
444
|
-
ownerCipherData,
|
|
445
|
-
};
|
|
446
|
-
initiatorContactCardSharedCipherInput = {
|
|
447
|
-
sigPxkId: initiatorSigPrk.id,
|
|
448
|
-
};
|
|
449
|
-
const sharedCipherData = yield this.encryptionService.encrypt(sharedCipherKey, initiatorContactCardFromInit.sharedCipherDataClearJson);
|
|
450
|
-
initiatorContactCardSharedCipherInput.sharedCipherDataSig =
|
|
451
|
-
JSON.stringify(yield this.encryptionService.sign(initiatorSigPrk.jwk, sharedCipherData));
|
|
452
|
-
}
|
|
453
|
-
// TODO ideally we update the shared data in the contact card sent to the responder as well since that
|
|
454
|
-
// CC was created by the responder.
|
|
455
|
-
return new LrMutation({
|
|
456
|
-
mutation: CompleteKeyExchangeOtkMutation,
|
|
457
|
-
variables: {
|
|
458
|
-
input: {
|
|
459
|
-
keyExchangeId,
|
|
460
|
-
rootKeyId: rootKey.id,
|
|
461
|
-
masterKeyId: masterKey.id,
|
|
462
|
-
initiatorSigPxkId: initiatorSigPrk.id,
|
|
463
|
-
signedResponderPbk: JSON.stringify(signedResponderPbk),
|
|
464
|
-
signedResponderSigPbk: JSON.stringify(signedResponderSigPbk),
|
|
465
|
-
rkWrappedSharedKey: JSON.stringify(rkWrappedSharedKey),
|
|
466
|
-
mkWrappedMkSharedKey: JSON.stringify(mkWrappedMkSharedKey),
|
|
467
|
-
responderContactCardCipher: responderContactCardCipherInput,
|
|
468
|
-
initiatorContactCardCipher: initiatorContactCardCipherInput,
|
|
469
|
-
initiatorContactCardSharedCipher: initiatorContactCardSharedCipherInput,
|
|
470
|
-
},
|
|
471
|
-
},
|
|
472
|
-
});
|
|
473
|
-
});
|
|
474
|
-
}
|
|
475
|
-
};
|
|
476
|
-
KeyExchangeService.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyExchangeService_Factory() { return new KeyExchangeService(i0.ɵɵinject(i0.NgZone), i0.ɵɵinject(i0.INJECTOR), i0.ɵɵinject(i1.KeyFactoryService), i0.ɵɵinject(i2.KeyService), i0.ɵɵinject(i3.EncryptionService), i0.ɵɵinject(i4.KeyGraphService)); }, token: KeyExchangeService, providedIn: "root" });
|
|
477
|
-
KeyExchangeService.decorators = [
|
|
478
|
-
{ type: Injectable, args: [{
|
|
479
|
-
providedIn: 'root',
|
|
480
|
-
},] }
|
|
481
|
-
];
|
|
482
|
-
KeyExchangeService.ctorParameters = () => [
|
|
483
|
-
{ type: NgZone },
|
|
484
|
-
{ type: Injector },
|
|
485
|
-
{ type: KeyFactoryService },
|
|
486
|
-
{ type: KeyService },
|
|
487
|
-
{ type: EncryptionService },
|
|
488
|
-
{ type: KeyGraphService }
|
|
489
|
-
];
|
|
490
|
-
KeyExchangeService = __decorate([
|
|
491
|
-
RunOutsideAngular({
|
|
492
|
-
ngZoneName: 'ngZone',
|
|
493
|
-
})
|
|
494
|
-
], KeyExchangeService);
|
|
495
|
-
export { KeyExchangeService };
|
|
496
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LWV4Y2hhbmdlLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi9wcm9qZWN0cy9jb3JlL3NyYy9saWIva2V5LWV4Y2hhbmdlL2tleS1leGNoYW5nZS5zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSxPQUFPLEVBQUUsVUFBVSxFQUFFLFFBQVEsRUFBRSxNQUFNLEVBQUUsTUFBTSxlQUFlLENBQUM7QUFFN0QsT0FBTyxFQUFFLFVBQVUsRUFBRSxTQUFTLEVBQUUsTUFBTSxtQkFBbUIsQ0FBQztBQU8xRCxPQUFPLEVBQ0wsaUJBQWlCLEVBQ2pCLGlCQUFpQixHQUNsQixNQUFNLGtDQUFrQyxDQUFDO0FBQzFDLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLDRCQUE0QixDQUFDO0FBQy9ELE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQztBQUMzRCxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sb0JBQW9CLENBQUM7QUFDaEQsT0FBTyxFQUFFLHVCQUF1QixFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDaEUsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sZ0NBQWdDLENBQUM7QUFDbkUsT0FBTyxFQUNMLHlCQUF5QixFQUN6Qiw4QkFBOEIsRUFDOUIsMEJBQTBCLEVBQzFCLDBCQUEwQixFQUMxQiw4QkFBOEIsRUFFOUIsaUJBQWlCLEVBQ2pCLGtCQUFrQixFQUVsQixzQkFBc0IsRUFDdEIsNkJBQTZCLEdBQzlCLE1BQU0sb0JBQW9CLENBQUM7Ozs7OztJQTRIZixrQkFBa0IsU0FBbEIsa0JBQW1CLFNBQVEsU0FBUztJQUcvQyxZQUNVLE1BQWMsRUFDZCxRQUFrQixFQUNsQixVQUE2QixFQUM3QixVQUFzQixFQUN0QixpQkFBb0MsRUFDcEMsUUFBeUI7UUFFakMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBUFIsV0FBTSxHQUFOLE1BQU0sQ0FBUTtRQUNkLGFBQVEsR0FBUixRQUFRLENBQVU7UUFDbEIsZUFBVSxHQUFWLFVBQVUsQ0FBbUI7UUFDN0IsZUFBVSxHQUFWLFVBQVUsQ0FBWTtRQUN0QixzQkFBaUIsR0FBakIsaUJBQWlCLENBQW1CO1FBQ3BDLGFBQVEsR0FBUixRQUFRLENBQWlCO1FBUmxCLHdCQUFtQixHQUFHLEVBQUUsQ0FBQztJQVcxQyxDQUFDO0lBRWEsUUFBUSxDQUNwQixXQUFvQyxFQUNwQyxNQUFlOztZQUVmLElBQUksTUFBTSxFQUFFO2dCQUNWLE9BQU8sTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLGlDQUMvQixJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsV0FBVyxDQUFDLEtBQzFDLENBQUMsRUFBRSxNQUFNLElBQ1QsQ0FBQzthQUNKO2lCQUFNLElBQ0wsV0FBVyxDQUFDLEdBQUcsQ0FBQyxLQUFLLEtBQUssZUFBZTtnQkFDekMsQ0FBQyxXQUFXLENBQUMsV0FBVztnQkFDeEIsV0FBVyxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsRUFDbEM7Z0JBQ0EseUZBQXlGO2dCQUN6RixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQztnQkFDdkMsTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUMxRCxHQUFHLENBQUMsR0FBRyxFQUNQLElBQUksQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsQ0FBQyxFQUM5QztvQkFDRSxjQUFjLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUM7aUJBQzVDLENBQ0YsQ0FBQztnQkFDRixJQUFJLGVBQWUsQ0FBQyxLQUFLLEVBQUU7b0JBQ3pCLE9BQU8sTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsZUFBZSxDQUFDLEtBQUssQ0FBQyxDQUFDO2lCQUM3RDthQUNGO1lBQ0QsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO0tBQUE7SUFFYSxVQUFVLENBQ3RCLFdBQW9DLEVBQ3BDLE1BQWU7O1lBRWYsTUFBTSxLQUFLLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLFdBQVcsRUFBRSxNQUFNLENBQUMsQ0FBQztZQUV2RCxJQUFJLEdBQUcsR0FBRyxXQUFXLENBQUMsR0FBRyxDQUFDO1lBRTFCLElBQUksS0FBSyxJQUFJLEdBQUcsQ0FBQyxXQUFXLEVBQUU7Z0JBQzVCLEdBQUcsbUNBQ0UsR0FBRyxLQUNOLEtBQUssRUFDTCxvQkFBb0IsRUFBRSxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ3hELEtBQUssRUFDTCxXQUFXLENBQUMsR0FBRyxDQUFDLFdBQVcsQ0FDNUIsR0FDRixDQUFDO2FBQ0g7aUJBQU0sSUFBSSxHQUFHLENBQUMsV0FBVyxJQUFJLENBQUMsS0FBSyxFQUFFO2dCQUNwQyxvRkFBb0Y7Z0JBQ3BGLCtCQUErQjtnQkFDL0IsOEVBQThFO2dCQUM5RSwwRUFBMEU7Z0JBQzFFLE9BQU8sQ0FBQyxJQUFJLENBQ1YsaUZBQWlGO29CQUNqRixrQkFBa0IsRUFBRSxDQUFDLENBQUMsTUFBTSxFQUM1QixlQUFlLEVBQUUsTUFBTSxDQUFDLENBQUMsQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDLGlCQUFpQixDQUMxRCxDQUFDO2FBQ0g7WUFFRCx1Q0FDSyxXQUFXLEtBQ2QsR0FBRyxJQUNIO1FBQ0osQ0FBQztLQUFBO0lBRWEscUJBQXFCLENBQ2pDLEtBQWMsRUFDZCxLQUFjLEVBQ2QsT0FBbUI7O1lBRW5CLG9FQUFvRTtZQUNwRSxJQUFJO2dCQUNGLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFLE9BQU8sQ0FBQyxDQUFDO2FBQ2hFO1lBQUMsT0FBTyxLQUFLLEVBQUU7Z0JBQ2QsSUFBSSxLQUFLLENBQUMsT0FBTyxLQUFLLGNBQWMsRUFBRTtvQkFDcEMsTUFBTSxLQUFLLENBQUM7aUJBQ2I7Z0JBQ0QsOEVBQThFO2FBQy9FO1lBRUQsb0dBQW9HO1lBQ3BHLE9BQU8sTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxPQUFPLENBQUMsQ0FBQztRQUM5RCxDQUFDO0tBQUE7SUFFYSw2QkFBNkIsQ0FDekMsV0FBb0M7O1lBRXBDLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDO1lBRS9DLDRDQUE0QztZQUM1QyxNQUFNLCtCQUErQixHQUNuQyxDQUFDLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbkMsT0FBTyxDQUFDLEdBQUcsRUFDWCxXQUFXLENBQUMsc0JBQXNCLENBQ25DLENBQXFDLENBQUM7WUFFekMsTUFBTSxLQUFLLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLENBQ3pDLCtCQUErQixDQUFDLEtBQUssQ0FDdEMsQ0FBQztZQUVGLFdBQVcsbUNBQ04sV0FBVyxLQUNkLCtCQUErQixHQUNoQyxDQUFDO1lBRUYsSUFBSSxHQUFHLEdBQUcsV0FBVyxDQUFDLEdBQUcsQ0FBQztZQUUxQixJQUFJLEdBQUcsQ0FBQyx5QkFBeUIsRUFBRTtnQkFDakMsR0FBRyxtQ0FDRSxHQUFHLEtBQ04sa0NBQWtDLEVBQUUsTUFBTSxJQUFJLENBQUMscUJBQXFCLENBQ2xFLEtBQUssRUFDTCxNQUFNLGlCQUFpQixDQUFDLEtBQUssQ0FDM0IsK0JBQStCLENBQUMsVUFBVSxDQUMzQyxFQUNELEdBQUcsQ0FBQyx5QkFBeUIsQ0FDOUIsR0FDRixDQUFDO2FBQ0g7WUFFRCxJQUFJLEdBQUcsQ0FBQyxXQUFXLEVBQUU7Z0JBQ25CLEdBQUcsQ0FBQyxvQkFBb0IsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQzdELEtBQUssRUFDTCxHQUFHLENBQUMsV0FBVyxDQUNoQixDQUFDO2FBQ0g7WUFFRCx1Q0FDSyxXQUFXLEtBQ2QsR0FBRyxJQUNIO1FBQ0osQ0FBQztLQUFBO0lBRWEsNkJBQTZCLENBQ3pDLFdBQW9DLEVBQ3BDLE1BQWU7O1lBRWYsT0FBTyxJQUFJLENBQUMsVUFBVSxDQUFDLFdBQVcsRUFBRSxNQUFNLENBQUMsQ0FBQztRQUM5QyxDQUFDO0tBQUE7SUFFSyxrQkFBa0IsQ0FDdEIsV0FBb0MsRUFDcEMsTUFBZTs7WUFFZixJQUFJLFdBQVcsQ0FBQyxXQUFXLEVBQUU7Z0JBQzNCLE9BQU8sSUFBSSxDQUFDLDZCQUE2QixDQUFDLFdBQVcsQ0FBQyxDQUFDO2FBQ3hEO2lCQUFNO2dCQUNMLE9BQU8sSUFBSSxDQUFDLDZCQUE2QixDQUFDLFdBQVcsRUFBRSxNQUFNLENBQUMsQ0FBQzthQUNoRTtRQUNILENBQUM7S0FBQTtJQUVLLGVBQWUsQ0FBQyxFQUFFLEtBQUssS0FBb0MsRUFBRTs7WUFDakUsTUFBTSxFQUFFLFlBQVksRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLEtBQUssQ0FBQztnQkFDeEMsS0FBSyxFQUFFLGtCQUFrQjtnQkFDekIsU0FBUyxFQUFFO29CQUNULEtBQUs7aUJBQ047YUFDRixDQUFDLENBQUM7WUFFSCxPQUFPLE9BQU8sQ0FBQyxHQUFHLENBQ2hCLFlBQVksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQ3JFLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFRDs7Ozs7T0FLRztJQUNHLGNBQWMsQ0FDbEIsRUFBVSxFQUNWLEVBQUUsTUFBTSxFQUFFLEtBQUssS0FBNkIsRUFBRTs7WUFFOUMsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsS0FBSyxDQUFDO2dCQUMzQixLQUFLLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDLENBQUMsaUJBQWlCO2dCQUN6RCxTQUFTLEVBQUU7b0JBQ1QsRUFBRTtvQkFDRixLQUFLO2lCQUNOO2dCQUNELGVBQWUsRUFBRSxDQUFDLEtBQUs7YUFDeEIsQ0FBQyxDQUFDO1lBQ0gsT0FBTyxJQUFJLENBQUMsa0JBQWtCLENBQUMsR0FBRyxDQUFDLFdBQVcsRUFBRSxNQUFNLENBQUMsQ0FBQztRQUMxRCxDQUFDO0tBQUE7SUFFWSx1QkFBdUIsQ0FBQyxLQUdwQzs7WUFDQyxPQUFPLElBQUksQ0FBQyxLQUFLLENBQUM7Z0JBQ2hCLEtBQUssRUFBRSwwQkFBMEI7Z0JBQ2pDLFNBQVMsRUFBRTtvQkFDVCxRQUFRLEVBQUUsS0FBSyxDQUFDLFFBQVE7b0JBQ3hCLE1BQU0sRUFBRSxLQUFLLENBQUMsTUFBTTtpQkFDckI7YUFDRixDQUFDLENBQUM7UUFDTCxDQUFDO0tBQUE7SUFFRCxpQkFBaUIsQ0FBQyxFQUFVO1FBQzFCLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMseUJBQXlCLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztJQUN6RCxDQUFDO0lBRUQseUJBQXlCLENBQUMsRUFBVTtRQUNsQyxPQUFPLElBQUksVUFBVSxDQUFDO1lBQ3BCLFFBQVEsRUFBRSx5QkFBeUI7WUFDbkMsU0FBUyxFQUFFO2dCQUNULEtBQUssRUFBRTtvQkFDTCxFQUFFO2lCQUNIO2FBQ0Y7U0FDRixDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsa0JBQWtCLENBQUMsRUFBVSxFQUFFLEtBQWE7UUFDMUMsT0FBTyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQywwQkFBMEIsQ0FBQyxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQztJQUNqRSxDQUFDO0lBRUQsMEJBQTBCLENBQUMsRUFBVSxFQUFFLEtBQWE7UUFDbEQsT0FBTyxJQUFJLFVBQVUsQ0FBQztZQUNwQixRQUFRLEVBQUUsMEJBQTBCO1lBQ3BDLFNBQVMsRUFBRTtnQkFDVCxLQUFLLEVBQUU7b0JBQ0wsRUFBRTtvQkFDRixLQUFLO2lCQUNOO2FBQ0Y7U0FDRixDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUssV0FBVyxDQUFDLFFBQTJCLEVBQUU7O1lBQzdDLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDLE1BQU0sSUFBSSxDQUFDLG1CQUFtQixDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDekUsQ0FBQztLQUFBO0lBRUssbUJBQW1CLENBQUMsRUFDeEIsT0FBTyxFQUNQLEtBQUssRUFDTCxXQUFXLEVBQ1gsT0FBTyxNQUNjLEVBQUU7O1lBQ3ZCLE1BQU0sS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUNoRCxNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLENBQUMsQ0FBQztZQUVyRSxrRkFBa0Y7WUFDbEYsaUNBQWlDO1lBQ2pDLE1BQU0sbUJBQW1CLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLFlBQVksRUFBRSxDQUFDO1lBRWpFLG9DQUFvQztZQUNwQyxvRUFBb0U7WUFFcEUsK0NBQStDO1lBQy9DLHNEQUFzRDtZQUN0RCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQztZQUNoRCxNQUFNLGVBQWUsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQztZQUV0RCxJQUFJLHFCQUFxQixHQUFXLElBQUksQ0FBQztZQUV6QyxJQUFJLFdBQVcsSUFBSSxXQUFXLENBQUMsa0JBQWtCLEVBQUU7Z0JBQ2pELHFCQUFxQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLFlBQVksQ0FDL0QsZUFBZSxDQUFDLEdBQUcsRUFDbkIsV0FBVyxDQUFDLGtCQUFrQixDQUMvQixDQUFDO2FBQ0g7WUFFRCxNQUFNLFNBQVMsR0FBRztnQkFDaEIsT0FBTztnQkFDUCxXQUFXLEVBQUUsV0FBVyxJQUFJO29CQUMxQix5QkFBeUIsRUFBRSxXQUFXLENBQUMseUJBQXlCO2lCQUNqRTthQUNGLENBQUM7WUFFRix5Q0FBeUM7WUFDekMsTUFBTSxnQkFBZ0IsR0FBMEI7Z0JBQzlDLG9GQUFvRjtnQkFDcEYsZ0ZBQWdGO2dCQUNoRix3RkFBd0Y7Z0JBQ3hGLGtGQUFrRjtnQkFDbEYseUJBQXlCO2dCQUN6QixLQUFLO2dCQUNMLFNBQVMsa0NBQ0osU0FBUyxLQUNaLFVBQVUsRUFBRSxtQkFBbUIsQ0FBQyxNQUFNLEVBQUUsRUFDeEMsR0FBRyxFQUFFLFlBQVksQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLEVBQzlCLE1BQU0sRUFBRSxlQUFlLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxHQUNyQzthQUNGLENBQUM7WUFFRixNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsZUFBZSxDQUNyRCxLQUFLLEVBQ0wsZ0JBQWdCLENBQ2pCLENBQUM7WUFFRiwwREFBMEQ7WUFDMUQsTUFBTSwrQkFBK0IsR0FBcUM7Z0JBQ3hFLEtBQUs7Z0JBQ0wsVUFBVSxFQUFFLG1CQUFtQixDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUM7Z0JBQzVDLG9GQUFvRjtnQkFDcEYsd0NBQXdDO2dCQUV4QyxnRUFBZ0U7Z0JBQ2hFLHdFQUF3RTtnQkFDeEUsK0VBQStFO2dCQUMvRSxLQUFLLEVBQUUsS0FBSyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUM7Z0JBQ3pCLDJGQUEyRjtnQkFDM0Ysd0NBQXdDO2dCQUN4QyxvQkFBb0IsRUFBRSxXQUFXO2dCQUNqQyxTQUFTO2FBQ1YsQ0FBQztZQUVGLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDO1lBQy9DLE1BQU0sc0JBQXNCLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLGVBQWUsQ0FDaEUsT0FBTyxDQUFDLEdBQUcsRUFDWCwrQkFBK0IsQ0FDaEMsQ0FBQztZQUVGLGNBQWM7WUFDZCxNQUFNLE1BQU0sR0FBWSxLQUFLLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBZ0IsQ0FBQyxDQUFDLENBQUM7WUFFNUQsV0FBVztZQUNYLE1BQU0sVUFBVSxHQUFHLElBQUksVUFBVSxDQUFDO2dCQUNoQyxRQUFRLEVBQUUsOEJBQThCO2dCQUN4QyxTQUFTLEVBQUU7b0JBQ1QsS0FBSyxFQUFFO3dCQUNMLHFDQUFxQzt3QkFDckMsc0JBQXNCO3dCQUN0QixjQUFjLEVBQUUsWUFBWSxDQUFDLEVBQUU7d0JBQy9CLGlCQUFpQixFQUFFLGVBQWUsQ0FBQyxFQUFFO3dCQUNyQyxzQ0FBc0M7d0JBQ3RDLFdBQVcsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxNQUFNLEVBQUUsQ0FBQzt3QkFDM0MsV0FBVzt3QkFDWCxTQUFTLEVBQUUsS0FBSyxJQUFJOzRCQUNsQixLQUFLOzRCQUNMLFFBQVEsRUFBRSxNQUFNO3lCQUNqQjt3QkFDRCxRQUFRLEVBQUUsSUFBSTt3QkFDZCxxQkFBcUI7d0JBQ3JCLE9BQU87cUJBQ1I7aUJBQ0Y7YUFDRixDQUFDLENBQUM7WUFFSCxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sRUFBRSxDQUFDO1FBQ2hDLENBQUM7S0FBQTtJQUVELFVBQVUsQ0FBQyxLQUF1QjtRQUNoQyxPQUFPLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7SUFDckQsQ0FBQztJQUVLLGtCQUFrQixDQUFDLEVBQ3ZCLGFBQWEsRUFDYixLQUFLLEVBQ0wsWUFBWSxFQUNaLE9BQU8sRUFDUCxvQkFBb0IsRUFDcEIsb0JBQW9CLEdBQ0g7OztZQUNqQixrRUFBa0U7WUFDbEUsOEVBQThFO1lBQzlFLHFHQUFxRztZQUNyRyxJQUFJLFFBQUMsWUFBWSxhQUFaLFlBQVksdUJBQVosWUFBWSxDQUFFLG9CQUFvQiwwQ0FBRSxTQUFTLENBQUEsRUFBRTtnQkFDbEQsTUFBTSxJQUFJLEtBQUssQ0FDYixrRkFBa0Y7b0JBQ2xGLDhDQUE4QyxDQUMvQyxDQUFDO2FBQ0g7WUFFRCxNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLGNBQWMsQ0FBQztZQUUvQyxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLGdCQUFnQixDQUFDO1lBRW5ELE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUNwRCxNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxFQUFFLENBQUM7WUFFdEQsTUFBTSxrQkFBa0IsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQzdELE9BQU8sQ0FBQyxHQUFHLEVBQ1gsU0FBUyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDdkIsQ0FBQztZQUNGLE1BQU0sb0JBQW9CLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUMvRCxTQUFTLENBQUMsR0FBRyxFQUNiLFdBQVcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQ3pCLENBQUM7WUFFRixNQUFNLG1CQUFtQixHQUFHLE1BQU0saUJBQWlCLENBQUMsS0FBSyxDQUN2RCxZQUFZLENBQUMsb0JBQW9CLENBQUMsU0FBUyxDQUFDLFVBQVUsQ0FDdkQsQ0FBQztZQUVGLE1BQU0sWUFBWSxHQUFHLE1BQU0saUJBQWlCLENBQUMsS0FBSyxDQUNoRCxZQUFZLENBQUMsb0JBQW9CLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FDaEQsQ0FBQztZQUNGLE1BQU0sZUFBZSxHQUFHLE1BQU0saUJBQWlCLENBQUMsS0FBSyxDQUNuRCxZQUFZLENBQUMsb0JBQW9CLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FDbkQsQ0FBQztZQUVGLDJDQUEyQztZQUMzQyxxREFBcUQ7WUFDckQsbUVBQW1FO1lBQ25FLDhGQUE4RjtZQUU5RixnREFBZ0Q7WUFDaEQsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUM7WUFDaEQsTUFBTSxlQUFlLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLENBQUM7WUFFdEQsTUFBTSxrQkFBa0IsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQzFELGVBQWUsQ0FBQyxHQUFHLEVBQ25CLFlBQVksQ0FBQyxNQUFNLEVBQUUsQ0FDdEIsQ0FBQztZQUNGLE1BQU0scUJBQXFCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUM3RCxlQUFlLENBQUMsR0FBRyxFQUNuQixlQUFlLENBQUMsTUFBTSxFQUFFLENBQ3pCLENBQUM7WUFFRixNQUFNLGtDQUFrQyxHQUN0QztnQkFDRSxLQUFLLEVBQUUsWUFBWSxDQUFDLG9CQUFvQixDQUFDLEtBQUs7Z0JBQzlDLFNBQVMsRUFBRSxTQUFTLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQztnQkFDakMsV0FBVyxFQUFFLFdBQVcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDO2dCQUNyQyxTQUFTLEVBQUU7b0JBQ1QsR0FBRyxFQUFFLFlBQVksQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFO29CQUM5QixNQUFNLEVBQUUsZUFBZSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUU7b0JBQ3BDLE9BQU87aUJBQ1I7YUFDRixDQUFDO1lBRUosSUFBSSxpQkFBaUIsQ0FBQztZQUN0QixJQUFJLFlBQVksQ0FBQyxvQkFBb0IsQ0FBQyxTQUFTLENBQUMsV0FBVyxFQUFFO2dCQUMzRCx3SEFBd0g7Z0JBQ3hILDRIQUE0SDtnQkFDNUgsNEhBQTRIO2dCQUM1SCxNQUFNLHlCQUF5QixHQUM3QixZQUFZLENBQUMsb0JBQW9CLENBQUMsU0FBUyxDQUFDLFdBQVc7cUJBQ3BELHlCQUF5QixDQUFDO2dCQUUvQixjQUFjO2dCQUNkLE1BQU0sV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztnQkFDdEQsTUFBTSxXQUFXLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsRUFBRSxDQUFDO2dCQUN0RCxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQztnQkFFN0MsaUJBQWlCLEdBQUc7b0JBQ2xCLGtCQUFrQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQ2hDLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbEMsT0FBTyxDQUFDLEdBQUcsRUFDWCxXQUFXLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUN6QixDQUNGO29CQUNELHFCQUFxQixFQUFFLE9BQU8sQ0FBQyxFQUFFO29CQUNqQyxrQkFBa0IsRUFBRSxvQkFBb0I7d0JBQ3RDLENBQUMsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUNaLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbEMsV0FBVyxFQUNYLG9CQUFvQixDQUFDLDJCQUEyQixDQUNqRCxDQUNGO3dCQUNILENBQUMsQ0FBQyxFQUFFO29CQUNOLGdCQUFnQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQzlCLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbEMsU0FBUyxFQUNULFdBQVcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQ3pCLENBQ0Y7aUJBQ0YsQ0FBQztnQkFFRixNQUFNLGdCQUFnQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDM0QsV0FBVyxFQUNYLHlCQUF5QixDQUMxQixDQUFDO2dCQUNGLGlCQUFpQixDQUFDLG1CQUFtQixHQUFHLElBQUksQ0FBQyxTQUFTLENBQ3BELE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsR0FBRyxFQUFFLGdCQUFnQixDQUFDLENBQ2hFLENBQUM7Z0JBQ0YsaUJBQWlCLENBQUMsUUFBUSxHQUFHLE1BQU0sQ0FBQyxFQUFFLENBQUM7Z0JBRXZDLGtDQUFrQyxDQUFDLFNBQVMsQ0FBQyxXQUFXLG1DQUNuRCxrQ0FBa0MsQ0FBQyxTQUFTLENBQUMsV0FBVyxLQUMzRCxlQUFlLEVBQUUsV0FBVyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FDMUMsQ0FBQzthQUNIO1lBRUQsSUFBSSxrQkFBa0IsQ0FBQztZQUN2QixJQUFJLG9CQUFvQixFQUFFO2dCQUN4QixjQUFjO2dCQUNkLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztnQkFDbkQsTUFBTSxXQUFXLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsRUFBRSxDQUFDO2dCQUN0RCxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQztnQkFFN0Msa0JBQWtCLEdBQUc7b0JBQ25CLGVBQWUsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUM3QixNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ2xDLE9BQU8sQ0FBQyxHQUFHLEVBQ1gsUUFBUSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDdEIsQ0FDRjtvQkFDRCxrQkFBa0IsRUFBRSxPQUFPLENBQUMsRUFBRTtvQkFDOUIsZUFBZSxFQUFFLG9CQUFvQixDQUFDLHdCQUF3Qjt3QkFDNUQsQ0FBQyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQ1osTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUNsQyxRQUFRLEVBQ1Isb0JBQW9CLENBQUMsd0JBQXdCLENBQzlDLENBQ0Y7d0JBQ0gsQ0FBQyxDQUFDLEVBQUU7b0JBRU4sZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FDOUIsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUNsQyxTQUFTLEVBQ1QsV0FBVyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDekIsQ0FDRjtpQkFDRixDQUFDO2dCQUVGLE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUMzRCxXQUFXLEVBQ1gsb0JBQW9CLENBQUMseUJBQXlCLENBQy9DLENBQUM7Z0JBQ0Ysa0JBQWtCLENBQUMsbUJBQW1CLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FDckQsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxHQUFHLEVBQUUsZ0JBQWdCLENBQUMsQ0FDaEUsQ0FBQztnQkFDRixrQkFBa0IsQ0FBQyxRQUFRLEdBQUcsTUFBTSxDQUFDLEVBQUUsQ0FBQztnQkFFeEMsSUFBSSxvQkFBb0IsQ0FBQyxrQkFBa0IsRUFBRTtvQkFDM0Msa0JBQWtCLENBQUMsaUJBQWlCLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FDbkQsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUMvQixlQUFlLENBQUMsR0FBRyxFQUNuQixvQkFBb0IsQ0FBQyxrQkFBa0IsQ0FDeEMsQ0FDRixDQUFDO2lCQUNIO2dCQUVELDhDQUE4QztnQkFDOUMsa0NBQWtDLENBQUMsU0FBUyxDQUFDLFdBQVcsbUNBQ25ELGtDQUFrQyxDQUFDLFNBQVMsQ0FBQyxXQUFXLEtBQzNELHlCQUF5QixFQUN2QixvQkFBb0IsQ0FBQyx5QkFBeUIsR0FDakQsQ0FBQzthQUNIO1lBRUQsbUNBQW1DO1lBQ25DLElBQUkseUJBQXlCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUNsRSxtQkFBbUIsRUFDbkIsa0NBQWtDLENBQ25DLENBQUM7WUFFRiwwRUFBMEU7WUFDMUUseUJBQXlCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUM5RCxZQUFZLENBQUMsS0FBSyxFQUNsQix5QkFBeUIsQ0FDMUIsQ0FBQztZQUVGLE9BQU8sSUFBSSxVQUFVLENBQUM7Z0JBQ3BCLFFBQVEsRUFBRSw2QkFBNkI7Z0JBQ3ZDLFNBQVMsRUFBRTtvQkFDVCxLQUFLLEVBQUU7d0JBQ0wsYUFBYTt3QkFDYixnQkFBZ0IsRUFBRSxLQUFLO3dCQUN2QixTQUFTLEVBQUUsT0FBTyxDQUFDLEVBQUU7d0JBQ3JCLFdBQVcsRUFBRSxTQUFTLENBQUMsRUFBRTt3QkFDekIscUNBQXFDO3dCQUNyQyxjQUFjLEVBQUUsWUFBWSxDQUFDLEVBQUU7d0JBQy9CLGlCQUFpQixFQUFFLGVBQWUsQ0FBQyxFQUFFO3dCQUNyQyxrQkFBa0IsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLGtCQUFrQixDQUFDO3dCQUN0RCxxQkFBcUIsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLHFCQUFxQixDQUFDO3dCQUM1RCxzRUFBc0U7d0JBRXRFLDJDQUEyQzt3QkFDM0Msc0VBQXNFO3dCQUN0RSxrQkFBa0IsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLGtCQUFrQixDQUFDO3dCQUN0RCxvQkFBb0IsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLG9CQUFvQixDQUFDO3dCQUMxRCxzQ0FBc0M7d0JBQ3RDLHlCQUF5QixFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMseUJBQXlCLENBQUM7d0JBQ3BFLG9CQUFvQixFQUFFLGlCQUFpQjt3QkFDdkMsb0JBQW9CLEVBQUUsa0JBQWtCO3FCQUN6QztpQkFDRjthQUNGLENBQUMsQ0FBQzs7S0FDSjtJQUVELFdBQVcsQ0FBQyxLQUF3QjtRQUNsQyxPQUFPLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7SUFDdEQsQ0FBQztJQUVLLG1CQUFtQixDQUFDLEVBQ3hCLGFBQWEsRUFDYixzQkFBc0IsRUFDdEIseUJBQXlCLEVBQ3pCLG9CQUFvQixFQUNwQixvQkFBb0IsR0FDRjs7WUFDbEIsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxjQUFjLENBQUM7WUFDL0MsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxnQkFBZ0IsQ0FBQztZQUVuRCw0Q0FBNEM7WUFDNUMsTUFBTSwrQkFBK0IsR0FDbkMsQ0FBQyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ25DLE9BQU8sQ0FBQyxHQUFHLEVBQ1gsc0JBQXNCLENBQ3ZCLENBQXFDLENBQUM7WUFFekMsb0dBQW9HO1lBQ3BHLE1BQU0sOEJBQThCLEdBQUcsTUFBTSxJQUFJLENBQUMscUJBQXFCLENBQ3JFLE1BQU0saUJBQWlCLENBQUMsS0FBSyxDQUFDLCtCQUErQixDQUFDLEtBQUssQ0FBQyxFQUNwRSxNQUFNLGlCQUFpQixDQUFDLEtBQUssQ0FBQywrQkFBK0IsQ0FBQyxVQUFVLENBQUMsRUFDekUseUJBQXlCLENBQzFCLENBQUM7WUFFRiw0RUFBNEU7WUFDNUUsSUFDRSwrQkFBK0IsQ0FBQyxLQUFLO2dCQUNyQyw4QkFBOEIsQ0FBQyxLQUFLLEVBQ3BDO2dCQUNBLE1BQU0sSUFBSSx1QkFBdUIsQ0FDL0IsdUZBQXVGLENBQ3hGLENBQUM7YUFDSDtZQUVELDhEQUE4RDtZQUM5RCxrRkFBa0Y7WUFDbEYsOEZBQThGO1lBRTlGLCtDQUErQztZQUMvQyx1RUFBdUU7WUFDdkUsaUNBQWlDO1lBRWpDLHFEQUFxRDtZQUNyRCxNQUFNLGVBQWUsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQztZQUN0RCxNQUFNLGVBQWUsR0FBRyxNQUFNLGlCQUFpQixDQUFDLEtBQUssQ0FDbkQsOEJBQThCLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FDaEQsQ0FBQztZQUNGLE1BQU0sWUFBWSxHQUFHLE1BQU0saUJBQWlCLENBQUMsS0FBSyxDQUNoRCw4QkFBOEIsQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUM3QyxDQUFDO1lBRUYsTUFBTSxrQkFBa0IsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQzFELGVBQWUsQ0FBQyxHQUFHLEVBQ25CLFlBQVksQ0FBQyxNQUFNLEVBQUUsQ0FDdEIsQ0FBQztZQUNGLE1BQU0scUJBQXFCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUM3RCxlQUFlLENBQUMsR0FBRyxFQUNuQixlQUFlLENBQUMsTUFBTSxFQUFFLENBQ3pCLENBQUM7WUFFRixNQUFNLFNBQVMsR0FBRyxNQUFNLGlCQUFpQixDQUFDLEtBQUssQ0FDN0MsOEJBQThCLENBQUMsU0FBUyxDQUN6QyxDQUFDO1lBQ0YsTUFBTSxrQkFBa0IsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQzdELE9BQU8sQ0FBQyxHQUFHLEVBQ1gsU0FBUyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDdkIsQ0FBQztZQUVGLE1BQU0sV0FBVyxHQUFHLE1BQU0saUJBQWlCLENBQUMsS0FBSyxDQUMvQyw4QkFBOEIsQ0FBQyxXQUFXLENBQzNDLENBQUM7WUFDRixNQUFNLG9CQUFvQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDL0QsU0FBUyxDQUFDLEdBQUcsRUFDYixXQUFXLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUN6QixDQUFDO1lBRUYsSUFBSSwrQkFBK0IsQ0FBQztZQUNwQyxJQUFJLG9CQUFvQixFQUFFO2dCQUN4QixhQUFhO2dCQUNiLE1BQU0sV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztnQkFFdEQsK0JBQStCLEdBQUc7b0JBQ2hDLGtCQUFrQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQ2hDLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbEMsT0FBTyxDQUFDLEdBQUcsRUFDWCxXQUFXLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUN6QixDQUNGO29CQUNELHFCQUFxQixFQUFFLE9BQU8sQ0FBQyxFQUFFO29CQUNqQyxrQkFBa0IsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUNoQyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ2xDLFdBQVcsRUFDWCxvQkFBb0IsQ0FBQywyQkFBMkIsQ0FDakQsQ0FDRjtpQkFDRixDQUFDO2FBQ0g7WUFFRCx3REFBd0Q7WUFDeEQsSUFBSSwrQkFBK0IsQ0FBQztZQUNwQyxJQUFJLHFDQUFxQyxDQUFDO1lBQzFDLElBQUksK0JBQStCLENBQUMsb0JBQW9CLEVBQUU7Z0JBQ3hELHlHQUF5RztnQkFDekcsV0FBVztnQkFDWCxNQUFNLDRCQUE0QixHQUNoQywrQkFBK0IsQ0FBQyxvQkFBb0IsQ0FBQztnQkFDdkQsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsRUFBRSxDQUFDO2dCQUNuRCxNQUFNLGVBQWUsR0FBRyxNQUFNLGlCQUFpQixDQUFDLEtBQUssQ0FDbkQsOEJBQThCLENBQUMsU0FBUyxDQUFDLFdBQVcsQ0FBQyxlQUFlLENBQ3JFLENBQUM7Z0JBRUYsTUFBTSxlQUFlLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FDcEMsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxHQUFHLEVBQUUsUUFBUSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUN6RSxDQUFDO2dCQUVGLHVEQUF1RDtnQkFDdkQsTUFBTSx3QkFBd0IsR0FDNUIsQ0FBQSxvQkFBb0IsYUFBcEIsb0JBQW9CLHVCQUFwQixvQkFBb0IsQ0FBRSx3QkFBd0I7b0JBQzlDLDRCQUE0QixDQUFDLHdCQUF3QixDQUFDO2dCQUV4RCxNQUFNLGVBQWUsR0FBRyx3QkFBd0I7b0JBQzlDLENBQUMsQ0FBQyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsZUFBZSxDQUNqQyxRQUFRLEVBQ1Isd0JBQXdCLENBQ3pCO29CQUNILENBQUMsQ0FBQyxFQUFFLENBQUM7Z0JBRVAsK0JBQStCLEdBQUc7b0JBQ2hDLGVBQWU7b0JBQ2Ysa0JBQWtCLEVBQUUsT0FBTyxDQUFDLEVBQUU7b0JBQzlCLGVBQWU7aUJBQ2hCLENBQUM7Z0JBRUYscUNBQXFDLEdBQUc7b0JBQ3RDLFFBQVEsRUFBRSxlQUFlLENBQUMsRUFBRTtpQkFDN0IsQ0FBQztnQkFFRixNQUFNLGdCQUFnQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDM0QsZUFBZSxFQUNmLDRCQUE0QixDQUFDLHlCQUF5QixDQUN2RCxDQUFDO2dCQUNGLHFDQUFxQyxDQUFDLG1CQUFtQjtvQkFDdkQsSUFBSSxDQUFDLFNBQVMsQ0FDWixNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQy9CLGVBQWUsQ0FBQyxHQUFHLEVBQ25CLGdCQUFnQixDQUNqQixDQUNGLENBQUM7YUFDTDtZQUVELHNHQUFzRztZQUN0RyxtQ0FBbUM7WUFFbkMsT0FBTyxJQUFJLFVBQVUsQ0FBQztnQkFDcEIsUUFBUSxFQUFFLDhCQUE4QjtnQkFDeEMsU0FBUyxFQUFFO29CQUNULEtBQUssRUFBRTt3QkFDTCxhQUFhO3dCQUNiLFNBQVMsRUFBRSxPQUFPLENBQUMsRUFBRTt3QkFDckIsV0FBVyxFQUFFLFNBQVMsQ0FBQyxFQUFFO3dCQUN6QixpQkFBaUIsRUFBRSxlQUFlLENBQUMsRUFBRTt3QkFDckMsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxrQkFBa0IsQ0FBQzt3QkFDdEQscUJBQXFCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxxQkFBcUIsQ0FBQzt3QkFDNUQsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxrQkFBa0IsQ0FBQzt3QkFDdEQsb0JBQW9CLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxvQkFBb0IsQ0FBQzt3QkFDMUQsMEJBQTBCLEVBQUUsK0JBQStCO3dCQUMzRCwwQkFBMEIsRUFBRSwrQkFBK0I7d0JBQzNELGdDQUFnQyxFQUM5QixxQ0FBcUM7cUJBQ3hDO2lCQUNGO2FBQ0YsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztLQUFBO0NBQ0YsQ0FBQTs7O1lBL3ZCQSxVQUFVLFNBQUM7Z0JBQ1YsVUFBVSxFQUFFLE1BQU07YUFDbkI7OztZQXpKOEIsTUFBTTtZQUFoQixRQUFRO1lBYXBCLGlCQUFpQjtZQUVqQixVQUFVO1lBTGpCLGlCQUFpQjtZQUlWLGVBQWU7O0FBNElYLGtCQUFrQjtJQU45QixpQkFBaUIsQ0FBQztRQUNqQixVQUFVLEVBQUUsUUFBUTtLQUNyQixDQUFDO0dBSVcsa0JBQWtCLENBNHZCOUI7U0E1dkJZLGtCQUFrQiIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEluamVjdGFibGUsIEluamVjdG9yLCBOZ1pvbmUgfSBmcm9tICdAYW5ndWxhci9jb3JlJztcbmltcG9ydCB7IEpXSyB9IGZyb20gJ25vZGUtam9zZSc7XG5pbXBvcnQgeyBMck11dGF0aW9uLCBMclNlcnZpY2UgfSBmcm9tICcuLi9hcGkvbHItZ3JhcGhxbCc7XG5pbXBvcnQge1xuICBDb250YWN0Q2FyZFNoYXJlZENpcGhlckRhdGEsXG4gIEpTT05PYmplY3QsXG4gIE90S2V5Q2lwaGVyQ2xlYXJKc29uMixcbn0gZnJvbSAnLi4vYXBpL3R5cGVzJztcbmltcG9ydCB7IE93bmVyUGxhaW5EYXRhSnNvbiB9IGZyb20gJy4uL2NvbnRhY3QtY2FyZC9jb250YWN0LWNhcmQyLnNlcnZpY2UnO1xuaW1wb3J0IHtcbiAgRW5jcnlwdGlvblNlcnZpY2UsXG4gIEpvc2VTZXJpYWxpemF0aW9uLFxufSBmcm9tICcuLi9lbmNyeXB0aW9uL2VuY3J5cHRpb24uc2VydmljZSc7XG5pbXBvcnQgeyBLZXlGYWN0b3J5U2VydmljZSB9IGZyb20gJy4uL2tleS9rZXktZmFjdG9yeS5zZXJ2aWNlJztcbmltcG9ydCB7IEtleUdyYXBoU2VydmljZSB9IGZyb20gJy4uL2tleS9rZXktZ3JhcGguc2VydmljZSc7XG5pbXBvcnQgeyBLZXlTZXJ2aWNlIH0gZnJvbSAnLi4va2V5L2tleS5zZXJ2aWNlJztcbmltcG9ydCB7IEtjQ29kZU1pc21hdGNoRXhjZXB0aW9uIH0gZnJvbSAnLi4vX2NvbW1vbi9leGNlcHRpb25zJztcbmltcG9ydCB7IFJ1bk91dHNpZGVBbmd1bGFyIH0gZnJvbSAnLi4vX2NvbW1vbi9ydW4tb3V0c2lkZS1hbmd1bGFyJztcbmltcG9ydCB7XG4gIENhbmNlbEtleUV4Y2hhbmdlTXV0YXRpb24sXG4gIENvbXBsZXRlS2V5RXhjaGFuZ2VPdGtNdXRhdGlvbixcbiAgQ3VycmVudFVzZXJTaGFyZWRLZXlRdWVyeTIsXG4gIERlY2xpbmVLZXlFeGNoYW5nZU11dGF0aW9uLFxuICBJbml0aWF0ZUtleUV4Y2hhbmdlT3RrTXV0YXRpb24sXG4gIEtleUV4Y2hhbmdlRmllbGRzUmVzdWx0LFxuICBLZXlFeGNoYW5nZVF1ZXJ5MixcbiAgS2V5RXhjaGFuZ2VzUXVlcnkyLFxuICBLZXlFeGNoYW5nZVN0YXRlMixcbiAgS2V5RXhjaGFuZ2VUb2tlblF1ZXJ5MixcbiAgUmVzcG9uZEtleUV4Y2hhbmdlT3RrTXV0YXRpb24sXG59IGZyb20gJy4va2V5LWV4Y2hhbmdlLmdxbCc7XG5cbi8qKlxuICogVGhlIGRlY3J5cHRlZCBjb250ZW50IG9mIHRoZSBvbmUtdGltZSBrZXkgY2lwaGVyO1xuICogV2hlbiB1c2VyIHN1cHBsaWVzIHRoaXMgaW5mb3JtYXRpb24gdGhlIGxpYiBkb2Vzbid0IG5lZWQgdG8gZG8gYW5vdGhlciBBUEkgY2FsbFxuICogdG8gZmV0Y2ggdGhlIGtleSBleGNoYW5nZSBub2RlLiBBbmQgc2luY2UgdGhlIHR5cGljYWwgdXNlIGNhc2UgaXMgdG8gZGlzcGxheVxuICogc29tZSBpbmZvcm1hdGlvbiB0byB0aGUgdXNlciwgdGhlIGtleSBleGNoYW5nZSBub2RlIHdvdWxkIGFscmVhZHkgaGF2ZSBiZWVuXG4gKiBmZXRjaGVkIGFuZCBkZWNyeXB0ZWQuXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgRGVjcnlwdGVkT3RrMiB7XG4gIG90S2V5Q2lwaGVyQ2xlYXJKc29uOiBPdEtleUNpcGhlckNsZWFySnNvbjI7XG4gIG90S2V5OiBKV0suS2V5OyAvLyBUaGUgb25lLXRpbWUga2V5XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgQ29udGFjdENhcmRSZWNlaXZlckNpcGhlckRhdGEge1xuICAvLyBUaGUgcmVjZWl2ZXIgb2YgdGhlIGNvbnRhY3QgY2FyZCBrZWVwcyBhIGNvcHlcbiAgLy8gb2YgdGhlIG93bmVyJ3MgY29udGFjdCBjYXJkIGluZm9ybWF0aW9uLCBlbmNyeXB0ZWQgdXNpbmcgdGhlIHJlY2VpdmVyJ3Mga2V5cy4gU28gdGhhdCB3aGVuXG4gIC8vIHRoZSBvd25lciBkZWNpZGVzIHRvIHVwZGF0ZSB0aGVpciBzaGFyZWQgY29udGFjdCBjYXJkIGF0IGEgbGF0ZXIgZGF0ZSwgdGhlIHJlY2VpdmVyIGNhblxuICAvLyBjb21wYXJlIGFnYWluc3QgdGhlIG9yaWdpbmFsIGNvbnRhY3QgY2FyZCBzZW50IGR1cmluZyBrZXkgZXhjaGFuZ2UuIFRoaXMgd2F5LCB0aGUgb3duZXJcbiAgLy8gY2FuJ3QgdW5pbGF0ZXJhbGx5IHVwZGF0ZSB0aGVpciBzaGFyZWQgY29udGFjdCBjYXJkIHdpdGhvdXQgdGhlIHJlY2VpdmVyIGtub3dpbmcgYWJvdXQgaXQuXG4gIHJlY2VpdmVyQ2lwaGVyRGF0YUNsZWFySnNvbjogSlNPTk9iamVjdDtcbn1cblxuZXhwb3J0IGludGVyZmFjZSBDb250YWN0Q2FyZE93bmVyUGxhaW5EYXRhIHtcbiAgLy8gQWNjZXNzaWJsZSBieSB0aGUgc2VydmVyIGFuZCB0aGUgb3duZXIuIFNlcnZlciBzaWRlIG5vdGlmaWNhdGlvbiBlbWFpbHMgbmVlZCB0byBrbm93IHNvbWVcbiAgLy8gaW5mb3JtYXRpb24gYWJvdXQgdGhlIG93bmVyLlxuICAvLyBUaGUgb3duZXIgY291bGQgZWl0aGVyIGJlIHRoZSBpbml0aWF0b3Igb3IgdGhlIHJlc3BvbmRlci5cbiAgb3duZXJQbGFpbkRhdGFKc29uOiBPd25lclBsYWluRGF0YUpzb247XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgQ29udGFjdENhcmRPd25lckNpcGhlckRhdGEge1xuICAvLyBPd25lciBvbmx5IGFjY2VzcyB0byB0aGlzIGRhdGFcbiAgb3duZXJDaXBoZXJEYXRhQ2xlYXJKc29uOiBKU09OT2JqZWN0O1xufVxuXG4vKipcbiAqIFNlbmRpbmcgY29udGFjdCBjYXJkIGluZm9ybWF0aW9uIGZyb20gdGhlIG93bmVyIHRvIHRoZSByZWNlaXZlci5cbiAqL1xuZXhwb3J0IHR5cGUgU2VuZENvbnRhY3RDYXJkSW5wdXQgPSBDb250YWN0Q2FyZE93bmVyUGxhaW5EYXRhICZcbiAgQ29udGFjdENhcmRPd25lckNpcGhlckRhdGEgJlxuICBDb250YWN0Q2FyZFNoYXJlZENpcGhlckRhdGE7XG5cbmV4cG9ydCBpbnRlcmZhY2UgSW5pdGlhdGVPdGtJbnB1dDIge1xuICAvLyBOb3RlIHRoYXQgaWYgbmVpdGhlciBlbWFpbCBub3IgcmVzcG9uZGVyVXNlcm5hbWUgYXJlIGdpdmVuLCB0aGUgb25lLXRpbWUga2V5XG4gIC8vIGNhbiBzdGlsbCBiZSBzZW50IHRvIHRoZSByZXNwb25kZXIgdmlhIE9PQlxuICBlbWFpbD86IHN0cmluZztcbiAgbWVzc2FnZT86IEpTT05PYmplY3Q7XG4gIGNvbnRhY3RDYXJkPzogU2VuZENvbnRhY3RDYXJkSW5wdXQ7XG4gIC8vIElmIFRydWUsIHRvIHVwZ3JhZGUgYW4gZW1haWwgaW52aXRlIHRvIGFuIGV4aXN0aW5nIHVzZXIgaW52aXRlIGlmIHRoZSBlbWFpbFxuICAvLyBpcyBhbHJlYWR5IGFzc29jaWF0ZWQgd2l0aCBhbiBleGlzdGluZyB1c2VyLlxuICB1cGdyYWRlPzogYm9vbGVhbjtcbn1cblxuZXhwb3J0IGludGVyZmFjZSBSZXNwb25kT3RrSW5wdXQyIHtcbiAga2V5RXhjaGFuZ2VJZDogc3RyaW5nO1xuICB0b2tlbjogc3RyaW5nO1xuICBkZWNyeXB0ZWRPdGs6IERlY3J5cHRlZE90azI7XG4gIG1lc3NhZ2U/OiBKU09OT2JqZWN0O1xuICAvLyBUaGUgaW5pdGlhdG9yIGlzIHRoZSBvd25lciBmbyB0aGUgaW5pdGlhdG9yQ29udGFjdENhcmQsIHRoZSByZXNwb25kZXJcbiAgLy8gaXMgdGhlIHJlY2VpdmVyLlxuICBpbml0aWF0b3JDb250YWN0Q2FyZD86IENvbnRhY3RDYXJkUmVjZWl2ZXJDaXBoZXJEYXRhO1xuICByZXNwb25kZXJDb250YWN0Q2FyZD86IFNlbmRDb250YWN0Q2FyZElucHV0O1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIENvbXBsZXRlT3RrSW5wdXQyIHtcbiAga2V5RXhjaGFuZ2VJZDogc3RyaW5nO1xuICAvLyBUaGlzIGlzIGEgcGFydCBvZiB0aGUga2V5IGV4Y2hhbmdlIGRhdGEuIEl0J3MgZW5jcnlwdGVkIHVzaW5nIHRoZSByb290IGtleVxuICBpbml0aWF0b3JSb290S2V5Q2lwaGVyOiBzdHJpbmc7XG4gIC8vIFRoaXMgaXMgYSBwYXJ0IG9mIHRoZSBrZXkgZXhjaGFuZ2UgZGF0YS4gSXQncyBlbmNyeXB0ZWQgdXNpbmcgdGhlIG9uZS10aW1lIGtleS5cbiAgaW5pdGlhdG9yT25lVGltZVBia0NpcGhlcjogc3RyaW5nO1xuICAvLyBUaGUgcmVzcG9uZGVyIGlzIHRoZSBvd25lciBmbyB0aGUgcmVzcG9uZGVyQ29udGFjdENhcmQsIHRoZSBpbml0aWF0b3JcbiAgLy8gaXMgdGhlIHJlY2VpdmVyLlxuICByZXNwb25kZXJDb250YWN0Q2FyZD86IENvbnRhY3RDYXJkUmVjZWl2ZXJDaXBoZXJEYXRhO1xuICAvLyBUaGUgaW5pdGlhdG9yIGNhbiB1cGRhdGUgdGhlIGNpcGhlciBkYXRhIHRoYXQgYXJlIG9ubHkgdmlzaWJsZSB0byB0aGVtLiBJdCBtYWtlc1xuICAvLyBsZXNzIHNlbnNlIHRvIHVwZGF0ZSB0aGUgc2hhcmVkIGRhdGEgYmVjYXVzZSB0aGUgcmVzcG9uZGVyIHdvdWxkIGhhdmUgYWxyZWFkeSBzZWVuXG4gIC8vIHRoZSBzaGFyZWQgZGF0YSBhbmQgYWNjZXB0ZWQgdGhhdCBpdCdzIGxlZ2l0LlxuICAvLyBCdXQgaW4gYW55IGNhc2UsIHRoZSBpbml0aWF0b3IgY2FuIHVwZGF0ZSB0aGUgc2hhcmVkIGNvbnRhY3QgY2FyZCBpbmZvIGF0IGFueSB0aW1lLlxuICBpbml0aWF0b3JDb250YWN0Q2FyZD86IENvbnRhY3RDYXJkT3duZXJDaXBoZXJEYXRhO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIEluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24yIHtcbiAgbm9uY2U6IHN0cmluZztcbiAgb25lVGltZVByazogUmVjb3JkPHN0cmluZywgSlNPTk9iamVjdD47IC8vIG9uZS10aW1lIHB1YmxpYyBlbmNyeXB0aW9uIGtleSByZXNwb25kZXIgdXNlIHRvIHNlbmQgZGF0YSBiYWNrIHRvIGluaXRpYXRvclxuICBvdEtleTogUmVjb3JkPHN0cmluZywgSlNPTk9iamVjdD47IC8vIG9uZS10aW1lIHN5bW1ldHJpYyBrZXkgdGhhdCBuZWVkcyB0byBiZSBzaGFyZWQgT09CXG4gIGluaXRpYXRvckNvbnRhY3RDYXJkPzogQ29udGFjdENhcmRPd25lckNpcGhlckRhdGEgJlxuICAgIENvbnRhY3RDYXJkU2hhcmVkQ2lwaGVyRGF0YTtcbiAgaW5pdGlhdG9yOiB7XG4gICAgbWVzc2FnZT86IEpTT05PYmplY3Q7XG4gICAgY29udGFjdENhcmQ/OiBDb250YWN0Q2FyZFNoYXJlZENpcGhlckRhdGE7XG4gIH07XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgSW5pdGlhdG9yT25lVGltZVBia0NpcGhlckNsZWFySnNvbiB7XG4gIG5vbmNlOiBzdHJpbmc7XG4gIHNoYXJlZEtleTogUmVjb3JkPHN0cmluZywgSlNPTk9iamVjdD47XG4gIG1rU2hhcmVkS2V5OiBSZWNvcmQ8c3RyaW5nLCBKU09OT2JqZWN0PjtcbiAgcmVzcG9uZGVyOiB7XG4gICAgcGJrOiBSZWNvcmQ8c3RyaW5nLCBKU09OT2JqZWN0PjtcbiAgICBzaWdQYms6IFJlY29yZDxzdHJpbmcsIEpTT05PYmplY3Q+O1xuICAgIG1lc3NhZ2U/OiBKU09OT2JqZWN0O1xuICAgIGNvbnRhY3RDYXJkPzogQ29udGFjdENhcmRTaGFyZWRDaXBoZXJEYXRhICYge1xuICAgICAgLy8gTm90ZSB0aGF0IHRoaXMgaXMgX25vdF8gdGhlIHNhbWUga2V5IGFzIHRoZSBzaGFyZWRLZXkuIFRoZSBzaGFyZWRLZXkgd3JhcHNcbiAgICAgIC8vIHRoaXMga2V5IGluIHRoZSBrZXkgZ3JhcGguIEJ1dCBiZWNhdXNlIHRoaXMga2V5IGhhcyBub3QgYmVlbiBlbnRlcmVkIGludG9cbiAgICAgIC8vIHRoZSBrZXkgZ3JhcGggd2hlbiB0aGUgcmVzcG9uZGVyIGNhbGxzIHRoZSBBUEksIHdlIHBhc3MgdGhlIEpXSyBkaXJlY3RseSBoZXJlLlxuICAgICAgc2hhcmVkQ2lwaGVyS2V5OiBSZWNvcmQ8c3RyaW5nLCBKU09OT2JqZWN0PjtcbiAgICB9O1xuICB9O1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIEdldEtleUV4Y2hhbmdlT3B0aW9uczIge1xuICAvLyBUaGUgb3RLZXkgYXMgYSByYXcgc3RyaW5nLiBpLmUuIGtleS50b0pTT04odHJ1ZSkua1xuICBvdEtleUs/OiBzdHJpbmc7XG4gIC8vIFVzZXIgbmVlZCB0aGUgdG9rZW4gaWYgdGhleSBoYXZlIG5vdCByZXNwb25kZWQgdG8gdGhlIGtleSBleGNoYW5nZSB5ZXQuXG4gIC8vIE9uY2UgdGhleSd2ZSByZXNwb25kZWQgKGhlbmNlIHByb3ZlbiB0aGV5IGhhdmUgdGhlIE9PQiBLZXkpIHRoZXkgYmVjb21lXG4gIC8vIHRoZSBcInJlc3BvbmRlclwiIG9mIHRoaXMgZXhjaGFuZ2UsIGFuZCBjYW4gYWNjZXNzIGl0IHdoZW4gc2lnbmVkIGluLlxuICB0b2tlbj86IHN0cmluZztcbn1cblxuQFJ1bk91dHNpZGVBbmd1bGFyKHtcbiAgbmdab25lTmFtZTogJ25nWm9uZScsXG59KVxuQEluamVjdGFibGUoe1xuICBwcm92aWRlZEluOiAncm9vdCcsXG59KVxuZXhwb3J0IGNsYXNzIEtleUV4Y2hhbmdlU2VydmljZSBleHRlbmRzIExyU2VydmljZSB7XG4gIHByaXZhdGUgcmVhZG9ubHkgQ0xJRU5UX05PTkNFX0xFTkdUSCA9IDMyO1xuXG4gIGNvbnN0cnVjdG9yKFxuICAgIHByaXZhdGUgbmdab25lOiBOZ1pvbmUsXG4gICAgcHJpdmF0ZSBpbmplY3RvcjogSW5qZWN0b3IsXG4gICAgcHJpdmF0ZSBrZXlGYWN0b3J5OiBLZXlGYWN0b3J5U2VydmljZSxcbiAgICBwcml2YXRlIGtleVNlcnZpY2U6IEtleVNlcnZpY2UsXG4gICAgcHJpdmF0ZSBlbmNyeXB0aW9uU2VydmljZTogRW5jcnlwdGlvblNlcnZpY2UsXG4gICAgcHJpdmF0ZSBrZXlHcmFwaDogS2V5R3JhcGhTZXJ2aWNlXG4gICkge1xuICAgIHN1cGVyKGluamVjdG9yKTtcbiAgfVxuXG4gIHByaXZhdGUgYXN5bmMgZ2V0T3RLZXkoXG4gICAga2V5RXhjaGFuZ2U6IEtleUV4Y2hhbmdlRmllbGRzUmVzdWx0LFxuICAgIG90S2V5Sz86IHN0cmluZ1xuICApOiBQcm9taXNlPEpXSy5LZXk+IHtcbiAgICBpZiAob3RLZXlLKSB7XG4gICAgICByZXR1cm4gYXdhaXQgS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoe1xuICAgICAgICAuLi5KU09OLnBhcnNlKGtleUV4Y2hhbmdlLm90ay5vdEtleVBhcmFtcyksXG4gICAgICAgIGs6IG90S2V5SyxcbiAgICAgIH0pO1xuICAgIH0gZWxzZSBpZiAoXG4gICAgICBrZXlFeGNoYW5nZS5vdGsuc3RhdGUgPT09ICdPVEtfSU5JVElBVEVEJyAmJlxuICAgICAgIWtleUV4Y2hhbmdlLmlzSW5pdGlhdG9yICYmXG4gICAgICBrZXlFeGNoYW5nZS5vdGsucmVzcG9uZGVyUGJrQ2lwaGVyXG4gICAgKSB7XG4gICAgICAvLyBBc3N1bWluZyBleGlzdGluZyB1c2VyIGdldHRpbmcgaW52aXRlZCB3aGVyZSBPVEsgaXMgd3JhcHBlZCBpbiByZXNwb25kZXIncyBwdWJsaWMga2V5LlxuICAgICAgY29uc3QgcHJrID0gdGhpcy5rZXlTZXJ2aWNlLmN1cnJlbnRQeGs7XG4gICAgICBjb25zdCBkZWNyeXB0ZWRDaXBoZXIgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoXG4gICAgICAgIHByay5qd2ssXG4gICAgICAgIEpTT04ucGFyc2Uoa2V5RXhjaGFuZ2Uub3RrLnJlc3BvbmRlclBia0NpcGhlciksXG4gICAgICAgIHtcbiAgICAgICAgICBzZXJpYWxpemF0aW9uczogW0pvc2VTZXJpYWxpemF0aW9uLkNPTVBBQ1RdLFxuICAgICAgICB9XG4gICAgICApO1xuICAgICAgaWYgKGRlY3J5cHRlZENpcGhlci5vdEtleSkge1xuICAgICAgICByZXR1cm4gYXdhaXQgS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoZGVjcnlwdGVkQ2lwaGVyLm90S2V5KTtcbiAgICAgIH1cbiAgICB9XG4gICAgcmV0dXJuIG51bGw7XG4gIH1cblxuICBwcml2YXRlIGFzeW5jIGRlY3J5cHRPdGsoXG4gICAga2V5RXhjaGFuZ2U6IEtleUV4Y2hhbmdlRmllbGRzUmVzdWx0LFxuICAgIG90S2V5Sz86IHN0cmluZ1xuICApOiBQcm9taXNlPEtleUV4Y2hhbmdlRmllbGRzUmVzdWx0PiB7XG4gICAgY29uc3Qgb3RLZXkgPSBhd2FpdCB0aGlzLmdldE90S2V5KGtleUV4Y2hhbmdlLCBvdEtleUspO1xuXG4gICAgbGV0IG90ayA9IGtleUV4Y2hhbmdlLm90aztcblxuICAgIGlmIChvdEtleSAmJiBvdGsub3RLZXlDaXBoZXIpIHtcbiAgICAgIG90ayA9IHtcbiAgICAgICAgLi4ub3RrLFxuICAgICAgICBvdEtleSxcbiAgICAgICAgb3RLZXlDaXBoZXJDbGVhckpzb246IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZGVjcnlwdChcbiAgICAgICAgICBvdEtleSxcbiAgICAgICAgICBrZXlFeGNoYW5nZS5vdGsub3RLZXlDaXBoZXJcbiAgICAgICAgKSxcbiAgICAgIH07XG4gICAgfSBlbHNlIGlmIChvdGsub3RLZXlDaXBoZXIgJiYgIW90S2V5KSB7XG4gICAgICAvLyBMb2cgYSB3YXJuaW5nIHdoZW4gd2UgaGF2ZSBjaXBoZXIgZGF0YSBidXQgY291bGRuJ3Qgb2J0YWluIHRoZSBrZXkgdG8gZGVjcnlwdCBpdC5cbiAgICAgIC8vIFRoaXMgdHlwaWNhbGx5IGhhcHBlbnMgd2hlbjpcbiAgICAgIC8vIC0gVGhlIG90S2V5SyAocmF3IG9uZS10aW1lIGtleSBmcm9tIFVSTCBoYXNoKSB3YXMgbm90IHByb3ZpZGVkIG9yIHdhcyBlbXB0eVxuICAgICAgLy8gLSBUaGUgcmVzcG9uZGVyIGRvZXNuJ3QgaGF2ZSBhIHJlc3BvbmRlclBia0NpcGhlciAobmV3IHVzZXIgdmlhIGludml0ZSlcbiAgICAgIGNvbnNvbGUud2FybihcbiAgICAgICAgJ0tleUV4Y2hhbmdlU2VydmljZTogVW5hYmxlIHRvIGRlY3J5cHQgT1RLIGNpcGhlciAtIG9uZS10aW1lIGtleSBub3QgYXZhaWxhYmxlLiAnICtcbiAgICAgICAgJ290S2V5SyBwcm92aWRlZDonLCAhIW90S2V5SyxcbiAgICAgICAgJ290S2V5SyB2YWx1ZTonLCBvdEtleUsgPyAnW3ByZXNlbnRdJyA6ICdbZW1wdHkvbWlzc2luZ10nXG4gICAgICApO1xuICAgIH1cblxuICAgIHJldHVybiB7XG4gICAgICAuLi5rZXlFeGNoYW5nZSxcbiAgICAgIG90ayxcbiAgICB9O1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBkZWNyeXB0UmVzcG9uc2VDaXBoZXIoXG4gICAgb3RLZXk6IEpXSy5LZXksXG4gICAgb3RQcms6IEpXSy5LZXksXG4gICAgY29udGVudDogSlNPTk9iamVjdFxuICApOiBQcm9taXNlPEluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXJDbGVhckpzb24+IHtcbiAgICAvLyBUaGUgcmVzcG9uc2UgY291bGQgYmUgd3JhcHBlZCBieSB0aGUgT3RLIGluIGFkZGl0aW9uIHRvIHRoZSBPdFBia1xuICAgIHRyeSB7XG4gICAgICBjb250ZW50ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KG90S2V5LCBjb250ZW50KTtcbiAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgaWYgKGVycm9yLm1lc3NhZ2UgIT09ICdubyBrZXkgZm91bmQnKSB7XG4gICAgICAgIHRocm93IGVycm9yO1xuICAgICAgfVxuICAgICAgLy8gRG8gbm90aGluZyB0byBzdXBwb3J0IG9sZGVyIHZlcnNpb25zIHdoZXJlIG1lc3NhZ2UgaXMgbm90IHdyYXBwZWQgd2l0aCBvdGsuXG4gICAgfVxuXG4gICAgLy8gVGhlIFByayBpcyBzaW5nbGUtdXNlIGFuZCBvbmx5IHVzZWQgdG8gc2VuZCBpbmZvcm1hdGlvbiBmcm9tIHRoZSByZXNwb25kZXIgYmFjayB0byB0aGUgaW5pdGlhdG9yLlxuICAgIHJldHVybiBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQob3RQcmssIGNvbnRlbnQpO1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBkZWNyeXB0S2V5RXhjaGFuZ2VBc0luaXRpYXRvcihcbiAgICBrZXlFeGNoYW5nZTogS2V5RXhjaGFuZ2VGaWVsZHNSZXN1bHRcbiAgKTogUHJvbWlzZTxLZXlFeGNoYW5nZUZpZWxkc1Jlc3VsdD4ge1xuICAgIGNvbnN0IHJvb3RLZXkgPSB0aGlzLmtleVNlcnZpY2UuY3VycmVudFJvb3RLZXk7XG5cbiAgICAvLyBEZWNyeXB0IHVzaW5nIHRoZSByb290IGtleSB0byBnZXQgdGhlIFBya1xuICAgIGNvbnN0IGluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24gPVxuICAgICAgKGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZGVjcnlwdChcbiAgICAgICAgcm9vdEtleS5qd2ssXG4gICAgICAgIGtleUV4Y2hhbmdlLmluaXRpYXRvclJvb3RLZXlDaXBoZXJcbiAgICAgICkpIGFzIEluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24yO1xuXG4gICAgY29uc3Qgb3RLZXkgPSBhd2FpdCBLZXlGYWN0b3J5U2VydmljZS5hc0tleShcbiAgICAgIGluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24ub3RLZXlcbiAgICApO1xuXG4gICAga2V5RXhjaGFuZ2UgPSB7XG4gICAgICAuLi5rZXlFeGNoYW5nZSxcbiAgICAgIGluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24sXG4gICAgfTtcblxuICAgIGxldCBvdGsgPSBrZXlFeGNoYW5nZS5vdGs7XG5cbiAgICBpZiAob3RrLmluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXIpIHtcbiAgICAgIG90ayA9IHtcbiAgICAgICAgLi4ub3RrLFxuICAgICAgICBpbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyQ2xlYXJKc29uOiBhd2FpdCB0aGlzLmRlY3J5cHRSZXNwb25zZUNpcGhlcihcbiAgICAgICAgICBvdEtleSxcbiAgICAgICAgICBhd2FpdCBLZXlGYWN0b3J5U2VydmljZS5hc0tleShcbiAgICAgICAgICAgIGluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24ub25lVGltZVBya1xuICAgICAgICAgICksXG4gICAgICAgICAgb3RrLmluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXJcbiAgICAgICAgKSxcbiAgICAgIH07XG4gICAgfVxuXG4gICAgaWYgKG90ay5vdEtleUNpcGhlcikge1xuICAgICAgb3RrLm90S2V5Q2lwaGVyQ2xlYXJKc29uID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxuICAgICAgICBvdEtleSxcbiAgICAgICAgb3RrLm90S2V5Q2lwaGVyXG4gICAgICApO1xuICAgIH1cblxuICAgIHJldHVybiB7XG4gICAgICAuLi5rZXlFeGNoYW5nZSxcbiAgICAgIG90ayxcbiAgICB9O1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBkZWNyeXB0S2V5RXhjaGFuZ2VBc1Jlc3BvbmRlcihcbiAgICBrZXlFeGNoYW5nZTogS2V5RXhjaGFuZ2VGaWVsZHNSZXN1bHQsXG4gICAgb3RLZXlLPzogc3RyaW5nXG4gICkge1xuICAgIHJldHVybiB0aGlzLmRlY3J5cHRPdGsoa2V5RXhjaGFuZ2UsIG90S2V5Syk7XG4gIH1cblxuICBhc3luYyBkZWNyeXB0S2V5RXhjaGFuZ2UoXG4gICAga2V5RXhjaGFuZ2U6IEtleUV4Y2hhbmdlRmllbGRzUmVzdWx0LFxuICAgIG90S2V5Sz86IHN0cmluZ1xuICApIHtcbiAgICBpZiAoa2V5RXhjaGFuZ2UuaXNJbml0aWF0b3IpIHtcbiAgICAgIHJldHVybiB0aGlzLmRlY3J5cHRLZXlFeGNoYW5nZUFzSW5pdGlhdG9yKGtleUV4Y2hhbmdlKTtcbiAgICB9IGVsc2Uge1xuICAgICAgcmV0dXJuIHRoaXMuZGVjcnlwdEtleUV4Y2hhbmdlQXNSZXNwb25kZXIoa2V5RXhjaGFuZ2UsIG90S2V5Syk7XG4gICAgfVxuICB9XG5cbiAgYXN5bmMgZ2V0S2V5RXhjaGFuZ2VzKHsgc3RhdGUgfTogeyBzdGF0ZT86IEtleUV4Y2hhbmdlU3RhdGUyIH0gPSB7fSkge1xuICAgIGNvbnN0IHsga2V5RXhjaGFuZ2VzIH0gPSBhd2FpdCB0aGlzLnF1ZXJ5KHtcbiAgICAgIHF1ZXJ5OiBLZXlFeGNoYW5nZXNRdWVyeTIsXG4gICAgICB2YXJpYWJsZXM6IHtcbiAgICAgICAgc3RhdGUsXG4gICAgICB9LFxuICAgIH0pO1xuXG4gICAgcmV0dXJuIFByb21pc2UuYWxsKFxuICAgICAga2V5RXhjaGFuZ2VzLmVkZ2VzLm1hcCgoZWRnZSkgPT4gdGhpcy5kZWNyeXB0S2V5RXhjaGFuZ2UoZWRnZS5ub2RlKSlcbiAgICApO1xuICB9XG5cbiAgLyoqXG4gICAqIEBwYXJhbSBpZCBJZiB0aGUgY3VycmVudCB1c2VyIGNhbiByZXNwb25kZXIgdGhlIGtleSBleGNoYW5nZSBpZiB0aGV5IGFyZSBlaXRoZXIgdGhlIGluaXRpYXRvciBvciB0aGUgcmVjZWl2ZXIuXG4gICAqIEBwYXJhbSB0b2tlbiBJZiBub3Qgc2lnbmVkIGluLCBvciBub3QgdGhlIGluaXRpYXRvciBvciByZXNwb25kZXIsICd0b2tlbicgbXVzdCBiZSBnaXZlbi5cbiAgICogQHBhcmFtIG90S2V5SyBJcyB0aGUgcmF3IG9uZS10aW1lIGtleSAoc3RyaW5nKS4gSWYgdGhlIHJlc3BvbmRlciBpcyBleHBsaWNpdGx5IHNwZWNpZmllZCBhdCB0aW1lIG9mIGluaXRpYXRpb24sIHRoZW5cbiAgICogICBpdCdzIHBvc3NpYmxlIHRvIGhhdmUgdGhlIG90S2V5IHdyYXBwZWQgYnkgdGhlIHB1YmxpYyBrZXkgb2YgdGhlIHJlc3BvbmRlci4gSW4gd2hpY2ggY2FzZSwgdGhlIG90S2V5SyBpcyBub3QgbmVlZGVkLlxuICAgKi9cbiAgYXN5bmMgZ2V0S2V5RXhjaGFuZ2UoXG4gICAgaWQ6IHN0cmluZyxcbiAgICB7IG90S2V5SywgdG9rZW4gfTogR2V0S2V5RXhjaGFuZ2VPcHRpb25zMiA9IHt9XG4gICkge1xuICAgIGNvbnN0IHJlcyA9IGF3YWl0IHRoaXMucXVlcnkoe1xuICAgICAgcXVlcnk6IHRva2VuID8gS2V5RXhjaGFuZ2VUb2tlblF1ZXJ5MiA6IEtleUV4Y2hhbmdlUXVlcnkyLFxuICAgICAgdmFyaWFibGVzOiB7XG4gICAgICAgIGlkLFxuICAgICAgICB0b2tlbixcbiAgICAgIH0sXG4gICAgICBpbmNsdWRlS2V5R3JhcGg6ICF0b2tlbiwgLy8gaWYgIXRva2VuIHRoZW4gd2UgYXJlIHBvc3QgYXV0aCwgc28gY2FuIGZldGNoIGtleUdyYXBoXG4gICAgfSk7XG4gICAgcmV0dXJuIHRoaXMuZGVjcnlwdEtleUV4Y2hhbmdlKHJlcy5rZXlFeGNoYW5nZSwgb3RLZXlLKTtcbiAgfVxuXG4gIHB1YmxpYyBhc3luYyBnZXRDdXJyZW50VXNlclNoYXJlZEtleShpbnB1dDoge1xuICAgIHVzZXJuYW1lPzogc3RyaW5nO1xuICAgIHVzZXJJZD86IHN0cmluZztcbiAgfSkge1xuICAgIHJldHVybiB0aGlzLnF1ZXJ5KHtcbiAgICAgIHF1ZXJ5OiBDdXJyZW50VXNlclNoYXJlZEtleVF1ZXJ5MixcbiAgICAgIHZhcmlhYmxlczoge1xuICAgICAgICB1c2VybmFtZTogaW5wdXQudXNlcm5hbWUsXG4gICAgICAgIHVzZXJJZDogaW5wdXQudXNlcklkLFxuICAgICAgfSxcbiAgICB9KTtcbiAgfVxuXG4gIGNhbmNlbEtleUV4Y2hhbmdlKGlkOiBzdHJpbmcpIHtcbiAgICByZXR1cm4gdGhpcy5tdXRhdGUodGhpcy5jYW5jZWxLZXlFeGNoYW5nZU11dGF0aW9uKGlkKSk7XG4gIH1cblxuICBjYW5jZWxLZXlFeGNoYW5nZU11dGF0aW9uKGlkOiBzdHJpbmcpIHtcbiAgICByZXR1cm4gbmV3IExyTXV0YXRpb24oe1xuICAgICAgbXV0YXRpb246IENhbmNlbEtleUV4Y2hhbmdlTXV0YXRpb24sXG4gICAgICB2YXJpYWJsZXM6IHtcbiAgICAgICAgaW5wdXQ6IHtcbiAgICAgICAgICBpZCxcbiAgICAgICAgfSxcbiAgICAgIH0sXG4gICAgfSk7XG4gIH1cblxuICBkZWNsaW5lS2V5RXhjaGFuZ2UoaWQ6IHN0cmluZywgdG9rZW46IHN0cmluZykge1xuICAgIHJldHVybiB0aGlzLm11dGF0ZSh0aGlzLmRlY2xpbmVLZXlFeGNoYW5nZU11dGF0aW9uKGlkLCB0b2tlbikpO1xuICB9XG5cbiAgZGVjbGluZUtleUV4Y2hhbmdlTXV0YXRpb24oaWQ6IHN0cmluZywgdG9rZW46IHN0cmluZykge1xuICAgIHJldHVybiBuZXcgTHJNdXRhdGlvbih7XG4gICAgICBtdXRhdGlvbjogRGVjbGluZUtleUV4Y2hhbmdlTXV0YXRpb24sXG4gICAgICB2YXJpYWJsZXM6IHtcbiAgICAgICAgaW5wdXQ6IHtcbiAgICAgICAgICBpZCxcbiAgICAgICAgICB0b2tlbixcbiAgICAgICAgfSxcbiAgICAgIH0sXG4gICAgfSk7XG4gIH1cblxuICBhc3luYyBpbml0aWF0ZU90ayhpbnB1dDogSW5pdGlhdGVPdGtJbnB1dDIgPSB7fSkge1xuICAgIHJldHVybiB0aGlzLm11dGF0ZSgoYXdhaXQgdGhpcy5pbml0aWF0ZU90a011dGF0aW9uKGlucHV0KSkubHJNdXRhdGlvbik7XG4gIH1cblxuICBhc3luYyBpbml0aWF0ZU90a011dGF0aW9uKHtcbiAgICBtZXNzYWdlLFxuICAgIGVtYWlsLFxuICAgIGNvbnRhY3RDYXJkLFxuICAgIHVwZ3JhZGUsXG4gIH06IEluaXRpYXRlT3RrSW5wdXQyID0ge30pIHtcbiAgICBjb25zdCBvdEtleSA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVLZXkoKTtcbiAgICBjb25zdCBub25jZSA9IHRoaXMua2V5RmFjdG9yeS5yYW5kb21TdHJpbmcodGhpcy5DTElFTlRfTk9OQ0VfTEVOR1RIKTtcblxuICAgIC8vIE5ldyBQS0Mga2V5IGZvciBlbmNyeXB0aW9uLiBUaGlzIGtleSBpcyB1c2VkIG9ubHkgb25jZSB3aGVuIHRoZSByZXNwb25kZXIgc2VuZHNcbiAgICAvLyBiYWNrIHRoZWlyIHNpZ25pbmcgcHVibGljIGtleS5cbiAgICBjb25zdCBpbml0aWF0b3JPbmVUaW1lUHJrID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZVBrY0tleSgpO1xuXG4gICAgLy8gT3B0aW9uIDE6IE5ldyBQS0Mga2V5IGZvciBzaWduaW5nXG4gICAgLy8gY29uc3QgaW5pdGlhdG9yU2lnUHJrID0gYXdhaXQgdGhpcy5rZXlTZXJ2aWNlLmNyZWF0ZVBrY1NpZ25LZXkoKTtcblxuICAgIC8vIE9wdGlvbiAyOiBVc2UgdGhlIHVzZXIncyBnbG9iYWwgc2lnbmluZyBrZXkuXG4gICAgLy8gVGhpcyBrZXkgaXMgdXNlZCB0byBwcm92ZSB0aGUgaW5pdGlhdG9yJ3MgaWRlbnRpdHkuXG4gICAgY29uc3QgaW5pdGlhdG9yUHJrID0gdGhpcy5rZXlTZXJ2aWNlLmN1cnJlbnRQeGs7XG4gICAgY29uc3QgaW5pdGlhdG9yU2lnUHJrID0gdGhpcy5rZXlTZXJ2aWNlLmN1cnJlbnRTaWdQeGs7XG5cbiAgICBsZXQgaW5pdGlhdG9yUGxhaW5EYXRhU2lnOiBzdHJpbmcgPSBudWxsO1xuXG4gICAgaWYgKGNvbnRhY3RDYXJkICYmIGNvbnRhY3RDYXJkLm93bmVyUGxhaW5EYXRhSnNvbikge1xuICAgICAgaW5pdGlhdG9yUGxhaW5EYXRhU2lnID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5zaWduVG9TdHJpbmcoXG4gICAgICAgIGluaXRpYXRvclNpZ1Byay5qd2ssXG4gICAgICAgIGNvbnRhY3RDYXJkLm93bmVyUGxhaW5EYXRhSnNvblxuICAgICAgKTtcbiAgICB9XG5cbiAgICBjb25zdCBpbml0aWF0b3IgPSB7XG4gICAgICBtZXNzYWdlLFxuICAgICAgY29udGFjdENhcmQ6IGNvbnRhY3RDYXJkICYmIHtcbiAgICAgICAgc2hhcmVkQ2lwaGVyRGF0YUNsZWFySnNvbjogY29udGFjdENhcmQuc2hhcmVkQ2lwaGVyRGF0YUNsZWFySnNvbixcbiAgICAgIH0sXG4gICAgfTtcblxuICAgIC8vIENvbnRlbnQgdG8gYmUgZW5jcnlwdGVkIHVzaW5nIHRoZSBPVEsuXG4gICAgY29uc3QgcGxhaW5PdEtleUNpcGhlcjogT3RLZXlDaXBoZXJDbGVhckpzb24yID0ge1xuICAgICAgLy8gVE9ETyBNYWtlIHN1cmUgd2UgYWxzbyBwdXQgdGhlIE9PQiBjb2RlIGluIGhlcmUgYXMgd2VsbCBzaW5jZSB0aGUgT09CIGNvZGUgaXMgdGhlXG4gICAgICAvLyBfb25seV8gaW5mb3JtYXRpb24gdGhlIEtDIHNlcnZlciBkb2VzIG5vdCBoYXZlIGFjY2VzcyB0by4gVGhlIHNlcnZlciBtYXkgaGF2ZVxuICAgICAgLy8gYWNjZXNzIHRvIE9USyBhbmQgaGVuY2UgdGhlIG5vbmNlIGhlcmUuIEl0J3MgZ29vZCB0byBoYXZlIGJvdGggdGhlIG5vbmNlIGFuZCBPT0IgY29kZVxuICAgICAgLy8gc2luY2UgdGhlIHVzZXIgbWF5IG5vdCBiZSB1c2luZyB0aGUgT09CIGNvZGUuIEFuZCBpdCdzIHNpbXBsZSB0byBhbHdheXMgaW5jbHVkZVxuICAgICAgLy8gdGhlIG5vbmNlLCBzbyB3aHkgbm90LlxuICAgICAgbm9uY2UsXG4gICAgICBpbml0aWF0b3I6IHtcbiAgICAgICAgLi4uaW5pdGlhdG9yLFxuICAgICAgICBvbmVUaW1lUGJrOiBpbml0aWF0b3JPbmVUaW1lUHJrLnRvSlNPTigpLCAvLyBvbmUtdGltZSBwdWJsaWMgZW5jcnlwdGlvbiBrZXkgcmVzcG9uZGVyIHVzZSB0byBzZW5kIGRhdGEgYmFjayB0byBpbml0aWF0b3JcbiAgICAgICAgcGJrOiBpbml0aWF0b3JQcmsuandrLnRvSlNPTigpLCAvLyBwdWJsaWMgZW5jcnlwdGlvbiBrZXlcbiAgICAgICAgc2lnUGJrOiBpbml0aWF0b3JTaWdQcmsuandrLnRvSlNPTigpLCAvLyBwdWJsaWMgc2lnbmluZyBrZXlcbiAgICAgIH0sXG4gICAgfTtcblxuICAgIGNvbnN0IG90S2V5Q2lwaGVyID0gYXdhaXQgdGhpcy5rZXlHcmFwaC5lbmNyeXB0VG9TdHJpbmcoXG4gICAgICBvdEtleSxcbiAgICAgIHBsYWluT3RLZXlDaXBoZXJcbiAgICApO1xuXG4gICAgLy8gQ29udGVudCB0byBiZSBlbmNyeXB0ZWQgdXNpbmcgdGhlIGluaXRpYXRvcidzIHJvb3Qga2V5LlxuICAgIGNvbnN0IGluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb246IEluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24yID0ge1xuICAgICAgbm9uY2UsXG4gICAgICBvbmVUaW1lUHJrOiBpbml0aWF0b3JPbmVUaW1lUHJrLnRvSlNPTih0cnVlKSxcbiAgICAgIC8vIFNob3VsZCBub3QgbmVlZCB0byBrZWVwIHRoaXMgZW5jcnlwdGVkIHNpbmNlIHdlIGFyZSB1c2luZyB0aGUgZ2xvYmFsIHNpZ25pbmcga2V5LlxuICAgICAgLy8gc2lnUHJrOiBpbml0aWF0b3JTaWdQcmsudG9KU09OKHRydWUpLFxuXG4gICAgICAvLyBTYXZlIGl0IGluIGNhc2UgdGhlIGluaXRpYXRvciB3YW50IHRvIGRlY29kZSB0aGUgb3RLZXlDaXBoZXIuXG4gICAgICAvLyBTaW5jZSB0aGUgb3RLZXkgaXMgb25seSB1c2VkIG9uY2UsIGFuZCB0aGF0IG90S2V5Q2lwaGVyIGNvbnRhaW5zIG9ubHlcbiAgICAgIC8vIHRoZSBwdWJsaWMga2V5IG9mIHRoZSBpbml0aWF0b3IsIGl0J3Mgc2FmZSBqdXN0IGxlYXZlIHRoZSBvdEtleSBzdG9yZWQgaGVyZS5cbiAgICAgIG90S2V5OiBvdEtleS50b0pTT04odHJ1ZSksXG4gICAgICAvLyBUaGVzZSBzaG91bGQgYmUgc3RvcmluZyBpbmZvcm1hdGlvbiBzdWNoIGFzIGhvdyB0aGUgZmllbGRzIG9mIHRoZSBzaGFyZWQgY29udGFjdCBjYXJkIGlzXG4gICAgICAvLyBkZXJpdmVkIGZyb20gdGhlIG1hc3RlciBjb250YWN0IGNhcmQuXG4gICAgICBpbml0aWF0b3JDb250YWN0Q2FyZDogY29udGFjdENhcmQsXG4gICAgICBpbml0aWF0b3IsXG4gICAgfTtcblxuICAgIGNvbnN0IHJvb3RLZXkgPSB0aGlzLmtleVNlcnZpY2UuY3VycmVudFJvb3RLZXk7XG4gICAgY29uc3QgaW5pdGlhdG9yUm9vdEtleUNpcGhlciA9IGF3YWl0IHRoaXMua2V5R3JhcGguZW5jcnlwdFRvU3RyaW5nKFxuICAgICAgcm9vdEtleS5qd2ssXG4gICAgICBpbml0aWF0b3JSb290S2V5Q2lwaGVyQ2xlYXJKc29uXG4gICAgKTtcblxuICAgIC8vIFRoZSByYXcgT1RLXG4gICAgY29uc3Qgb3RLZXlLOiBzdHJpbmcgPSAob3RLZXkudG9KU09OKHRydWUpIGFzIEpTT05PYmplY3QpLms7XG5cbiAgICAvLyBBUEkgY2FsbFxuICAgIGNvbnN0IGxyTXV0YXRpb24gPSBuZXcgTHJNdXRhdGlvbih7XG4gICAgICBtdXRhdGlvbjogSW5pdGlhdGVLZXlFeGNoYW5nZU90a011dGF0aW9uLFxuICAgICAgdmFyaWFibGVzOiB7XG4gICAgICAgIGlucHV0OiB7XG4gICAgICAgICAgLy8gVGhlc2Ugd2lsbCBiZSBzdG9yZWQgb24gdGhlIHNlcnZlclxuICAgICAgICAgIGluaXRpYXRvclJvb3RLZXlDaXBoZXIsXG4gICAgICAgICAgaW5pdGlhdG9yUHhrSWQ6IGluaXRpYXRvclByay5pZCxcbiAgICAgICAgICBpbml0aWF0b3JTaWdQeGtJZDogaW5pdGlhdG9yU2lnUHJrLmlkLFxuICAgICAgICAgIC8vIFRoZXNlIHdpbGwgYmUgc2VudCB0byB0aGUgcmVzcG9uZGVyXG4gICAgICAgICAgb3RLZXlQYXJhbXM6IEpTT04uc3RyaW5naWZ5KG90S2V5LnRvSlNPTigpKSxcbiAgICAgICAgICBvdEtleUNpcGhlcixcbiAgICAgICAgICBzZW5kRW1haWw6IGVtYWlsICYmIHtcbiAgICAgICAgICAgIGVtYWlsLFxuICAgICAgICAgICAgcmF3T3RLZXk6IG90S2V5SyxcbiAgICAgICAgICB9LFxuICAgICAgICAgIGNyZWF0ZVRwOiB0cnVlLFxuICAgICAgICAgIGluaXRpYXRvclBsYWluRGF0YVNpZyxcbiAgICAgICAgICB1cGdyYWRlLFxuICAgICAgICB9LFxuICAgICAgfSxcbiAgICB9KTtcblxuICAgIHJldHVybiB7IGxyTXV0YXRpb24sIG90S2V5SyB9O1xuICB9XG5cbiAgcmVzcG9uZE90ayhpbnB1dDogUmVzcG9uZE90a0lucHV0Mikge1xuICAgIHJldHVybiB0aGlzLm11dGF0ZSh0aGlzLnJlc3BvbmRPdGtNdXRhdGlvbihpbnB1dCkpO1xuICB9XG5cbiAgYXN5bmMgcmVzcG9uZE90a011dGF0aW9uKHtcbiAgICBrZXlFeGNoYW5nZUlkLFxuICAgIHRva2VuLFxuICAgIGRlY3J5cHRlZE90ayxcbiAgICBtZXNzYWdlLFxuICAgIGluaXRpYXRvckNvbnRhY3RDYXJkLFxuICAgIHJlc3BvbmRlckNvbnRhY3RDYXJkLFxuICB9OiBSZXNwb25kT3RrSW5wdXQyKSB7XG4gICAgLy8gVmFsaWRhdGUgdGhhdCB0aGUgT1RLIHdhcyBwcm9wZXJseSBkZWNyeXB0ZWQgYmVmb3JlIHByb2NlZWRpbmcuXG4gICAgLy8gVGhpcyBjYW4gZmFpbCBpZiB0aGUgb25lLXRpbWUga2V5IChvdEtleUspIHdhcyBub3QgcHJvdmlkZWQgb3Igd2FzIGludmFsaWQsXG4gICAgLy8gd2hpY2ggY2FuIGhhcHBlbiBpZiB0aGUgaW52aXRlIFVSTCBoYXNoIGZyYWdtZW50IHdhcyBsb3N0IChlLmcuLCBwYWdlIHJlZnJlc2ggYWZ0ZXIgaGFzaCByZW1vdmFsKS5cbiAgICBpZiAoIWRlY3J5cHRlZE90az8ub3RLZXlDaXBoZXJDbGVhckpzb24/LmluaXRpYXRvcikge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKFxuICAgICAgICAnRmFpbGVkIHRvIGRlY3J5cHQga2V5IGV4Y2hhbmdlIGRhdGEuIFRoZSBpbnZpdGUgbGluayBtYXkgYmUgaW52YWxpZCBvciBleHBpcmVkLiAnICtcbiAgICAgICAgJ1BsZWFzZSByZXF1ZXN0IGEgbmV3IGludml0ZSBmcm9tIHRoZSBzZW5kZXIuJ1xuICAgICAgKTtcbiAgICB9XG5cbiAgICBjb25zdCByb290S2V5ID0gdGhpcy5rZXlTZXJ2aWNlLmN1cnJlbnRSb290S2V5O1xuXG4gICAgY29uc3QgbWFzdGVyS2V5ID0gdGhpcy5rZXlTZXJ2aWNlLmN1cnJlbnRNYXN0ZXJLZXk7XG5cbiAgICBjb25zdCBzaGFyZWRLZXkgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlS2V5KCk7XG4gICAgY29uc3QgbWtTaGFyZWRLZXkgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlS2V5KCk7XG5cbiAgICBjb25zdCBya1dyYXBwZWRTaGFyZWRLZXkgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoXG4gICAgICByb290S2V5Lmp3ayxcbiAgICAgIHNoYXJlZEtleS50b0pTT04odHJ1ZSlcbiAgICApO1xuICAgIGNvbnN0IG1rV3JhcHBlZE1rU2hhcmVkS2V5ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgbWFzdGVyS2V5Lmp3ayxcbiAgICAgIG1rU2hhcmVkS2V5LnRvSlNPTih0cnVlKVxuICAgICk7XG5cbiAgICBjb25zdCBpbml0aWF0b3JPbmVUaW1lUGJrID0gYXdhaXQgS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoXG4gICAgICBkZWNyeXB0ZWRPdGsub3RLZXlDaXBoZXJDbGVhckpzb24uaW5pdGlhdG9yLm9uZVRpbWVQYmtcbiAgICApO1xuXG4gICAgY29uc3QgaW5pdGlhdG9yUGJrID0gYXdhaXQgS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoXG4gICAgICBkZWNyeXB0ZWRPdGsub3RLZXlDaXBoZXJDbGVhckpzb24uaW5pdGlhdG9yLnBia1xuICAgICk7XG4gICAgY29uc3QgaW5pdGlhdG9yU2lnUGJrID0gYXdhaXQgS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoXG4gICAgICBkZWNyeXB0ZWRPdGsub3RLZXlDaXBoZXJDbGVhckpzb24uaW5pdGlhdG9yLnNpZ1Bia1xuICAgICk7XG5cbiAgICAvLyBPcHRpb24gMTogVXNpbmcgbmV3IFByayBmb3IgZWFjaCBUUCBwYWlyXG4gICAgLy8gQ3JlYXRlIGEgbmV3IHB1YmxpYyBzaWduaW5nIGtleSBmb3IgdGhlIHJlc3BvbmRlci5cbiAgICAvLyBjb25zdCByZXNwb25kZXJTaWdQcmsgPSBhd2FpdCB0aGlzLmtleVNlcnZpY2UuY3JlYXRlUGtjU2lnbktleSgpXG4gICAgLy8gY29uc3QgcmtXcmFwcGVkUmVzcG9uZGVyU2lnUHJrID0gYXdhaXQgdGhpcy5lbmNyeXB0KHJvb3RLZXksIHJlc3BvbmRlclNpZ1Byay50b0pTT04odHJ1ZSkpO1xuXG4gICAgLy8gT3B0aW9uIDI6IFJlc3BvbmRlciBhbHJlYWR5IGhhcyBhIHNpZ25pbmcgUHJrXG4gICAgY29uc3QgcmVzcG9uZGVyUHJrID0gdGhpcy5rZXlTZXJ2aWNlLmN1cnJlbnRQeGs7XG4gICAgY29uc3QgcmVzcG9uZGVyU2lnUHJrID0gdGhpcy5rZXlTZXJ2aWNlLmN1cnJlbnRTaWdQeGs7XG5cbiAgICBjb25zdCBzaWduZWRJbml0aWF0b3JQYmsgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLnNpZ24oXG4gICAgICByZXNwb25kZXJTaWdQcmsuandrLFxuICAgICAgaW5pdGlhdG9yUGJrLnRvSlNPTigpXG4gICAgKTtcbiAgICBjb25zdCBzaWduZWRJbml0aWF0b3JTaWdQYmsgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLnNpZ24oXG4gICAgICByZXNwb25kZXJTaWdQcmsuandrLFxuICAgICAgaW5pdGlhdG9yU2lnUGJrLnRvSlNPTigpXG4gICAgKTtcblxuICAgIGNvbnN0IGluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXJDbGVhckpzb246IEluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXJDbGVhckpzb24gPVxuICAgICAge1xuICAgICAgICBub25jZTogZGVjcnlwdGVkT3RrLm90S2V5Q2lwaGVyQ2xlYXJKc29uLm5vbmNlLFxuICAgICAgICBzaGFyZWRLZXk6IHNoYXJlZEtleS50b0pTT04odHJ1ZSksXG4gICAgICAgIG1rU2hhcmVkS2V5OiBta1NoYXJlZEtleS50b0pTT04odHJ1ZSksXG4gICAgICAgIHJlc3BvbmRlcjoge1xuICAgICAgICAgIHBiazogcmVzcG9uZGVyUHJrLmp3ay50b0pTT04oKSwgLy8gcHVibGljIGtleVxuICAgICAgICAgIHNpZ1BiazogcmVzcG9uZGVyU2lnUHJrLmp3ay50b0pTT04oKSwgLy8gcHVibGljIGtleVxuICAgICAgICAgIG1lc3NhZ2UsXG4gICAgICAgIH0sXG4gICAgICB9O1xuXG4gICAgbGV0IHJlY2VpdmVkQ2FyZElucHV0O1xuICAgIGlmIChkZWNyeXB0ZWRPdGsub3RLZXlDaXBoZXJDbGVhckpzb24uaW5pdGlhdG9yLmNvbnRhY3RDYXJkKSB7XG4gICAgICAvLyBTZXQgdGhlIGluZm8gYWJvdXQgdGhlIGluaXRpYXRvciB0byBiZSB0aGUgb25lcyBzZW50IGJ5IHRoZSBpbml0aWF0b3IuIFdlIG5lZWQgdGggcmVzcG9uZGVyIHRvIGRvIHRoZSBlbmNyeXB0aW9uIGhlcmVcbiAgICAgIC8vIGJlY2F1c2UgdGhlIGluaXRpYXRvciBkb2VzIG5vdCBoYXZlIHRoZSBzaGFyZWQga2V5IHlldCwgYW5kIHdlIHdhbnQgdGhlIHJlc3BvbmRlciB0byBoYXZlIGEgZnVuY3Rpb25hbCBjb250YWN0IGNhcmQgYWZ0ZXJcbiAgICAgIC8vIHRoaXMgZXhjaGFuZ2UuIFRoZSBpbml0aWF0b3IgY2FuIGRvdWJsZSBjaGVjayB0aGUgY29udGFjdCBkZXRhaWxzIGFyZSBjb3JyZWN0IGFuZCBzaWduIGl0IHdoZW4gaXQgY29tcGxldGVzIHRoZSBleGNoYW5nZS5cbiAgICAgIGNvbnN0IHNoYXJlZENpcGhlckRhdGFDbGVhckpzb24gPVxuICAgICAgICBkZWNyeXB0ZWRPdGsub3RLZXlDaXBoZXJDbGVhckpzb24uaW5pdGlhdG9yLmNvbnRhY3RDYXJkXG4gICAgICAgICAgLnNoYXJlZENpcGhlckRhdGFDbGVhckpzb247XG5cbiAgICAgIC8vIENyZWF0ZSBrZXlzXG4gICAgICBjb25zdCByZWNlaXZlcktleSA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVLZXkoKTtcbiAgICAgIGNvbnN0IGNjU2hhcmVkS2V5ID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZUtleSgpO1xuICAgICAgY29uc3Qgc2lnUHhrID0gdGhpcy5rZXlTZXJ2aWNlLmN1cnJlbnRTaWdQeGs7XG5cbiAgICAgIHJlY2VpdmVkQ2FyZElucHV0ID0ge1xuICAgICAgICByZWNlaXZlcldyYXBwZWRLZXk6IEpTT04uc3RyaW5naWZ5KFxuICAgICAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgICAgICAgIHJvb3RLZXkuandrLFxuICAgICAgICAgICAgcmVjZWl2ZXJLZXkudG9KU09OKHRydWUpXG4gICAgICAgICAgKVxuICAgICAgICApLFxuICAgICAgICByZWNlaXZlcldyYXBwaW5nS2V5SWQ6IHJvb3RLZXkuaWQsXG4gICAgICAgIHJlY2VpdmVyQ2lwaGVyRGF0YTogaW5pdGlhdG9yQ29udGFjdENhcmRcbiAgICAgICAgICA/IEpTT04uc3RyaW5naWZ5KFxuICAgICAgICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoXG4gICAgICAgICAgICAgICAgcmVjZWl2ZXJLZXksXG4gICAgICAgICAgICAgICAgaW5pdGlhdG9yQ29udGFjdENhcmQucmVjZWl2ZXJDaXBoZXJEYXRhQ2xlYXJKc29uXG4gICAgICAgICAgICAgIClcbiAgICAgICAgICAgIClcbiAgICAgICAgICA6ICcnLFxuICAgICAgICBzaGFyZWRXcmFwcGVkS2V5OiBKU09OLnN0cmluZ2lmeShcbiAgICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoXG4gICAgICAgICAgICBzaGFyZWRLZXksXG4gICAgICAgICAgICBjY1NoYXJlZEtleS50b0pTT04odHJ1ZSlcbiAgICAgICAgICApXG4gICAgICAgICksXG4gICAgICB9O1xuXG4gICAgICBjb25zdCBzaGFyZWRDaXBoZXJEYXRhID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgICBjY1NoYXJlZEtleSxcbiAgICAgICAgc2hhcmVkQ2lwaGVyRGF0YUNsZWFySnNvblxuICAgICAgKTtcbiAgICAgIHJlY2VpdmVkQ2FyZElucHV0LnNoYXJlZENpcGhlckRhdGFTaWcgPSBKU09OLnN0cmluZ2lmeShcbiAgICAgICAgYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5zaWduKHNpZ1B4ay5qd2ssIHNoYXJlZENpcGhlckRhdGEpXG4gICAgICApO1xuICAgICAgcmVjZWl2ZWRDYXJkSW5wdXQuc2lnUHhrSWQgPSBzaWdQeGsuaWQ7XG5cbiAgICAgIGluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXJDbGVhckpzb24ucmVzcG9uZGVyLmNvbnRhY3RDYXJkID0ge1xuICAgICAgICAuLi5pbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyQ2xlYXJKc29uLnJlc3BvbmRlci5jb250YWN0Q2FyZCxcbiAgICAgICAgc2hhcmVkQ2lwaGVyS2V5OiBjY1NoYXJlZEtleS50b0pTT04odHJ1ZSksXG4gICAgICB9O1xuICAgIH1cblxuICAgIGxldCByZXNwb25kZXJDYXJkSW5wdXQ7XG4gICAgaWYgKHJlc3BvbmRlckNvbnRhY3RDYXJkKSB7XG4gICAgICAvLyBDcmVhdGUga2V5c1xuICAgICAgY29uc3Qgb3duZXJLZXkgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlS2V5KCk7XG4gICAgICBjb25zdCBjY1NoYXJlZEtleSA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVLZXkoKTtcbiAgICAgIGNvbnN0IHNpZ1B4ayA9IHRoaXMua2V5U2VydmljZS5jdXJyZW50U2lnUHhrO1xuXG4gICAgICByZXNwb25kZXJDYXJkSW5wdXQgPSB7XG4gICAgICAgIG93bmVyV3JhcHBlZEtleTogSlNPTi5zdHJpbmdpZnkoXG4gICAgICAgICAgYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgICAgICAgcm9vdEtleS5qd2ssXG4gICAgICAgICAgICBvd25lcktleS50b0pTT04odHJ1ZSlcbiAgICAgICAgICApXG4gICAgICAgICksXG4gICAgICAgIG93bmVyV3JhcHBpbmdLZXlJZDogcm9vdEtleS5pZCxcbiAgICAgICAgb3duZXJDaXBoZXJEYXRhOiByZXNwb25kZXJDb250YWN0Q2FyZC5vd25lckNpcGhlckRhdGFDbGVhckpzb25cbiAgICAgICAgICA/IEpTT04uc3RyaW5naWZ5KFxuICAgICAgICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoXG4gICAgICAgICAgICAgICAgb3duZXJLZXksXG4gICAgICAgICAgICAgICAgcmVzcG9uZGVyQ29udGFjdENhcmQub3duZXJDaXBoZXJEYXRhQ2xlYXJKc29uXG4gICAgICAgICAgICAgIClcbiAgICAgICAgICAgIClcbiAgICAgICAgICA6ICcnLFxuXG4gICAgICAgIHNoYXJlZFdyYXBwZWRLZXk6IEpTT04uc3RyaW5naWZ5KFxuICAgICAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgICAgICAgIHNoYXJlZEtleSxcbiAgICAgICAgICAgIGNjU2hhcmVkS2V5LnRvSlNPTih0cnVlKVxuICAgICAgICAgIClcbiAgICAgICAgKSxcbiAgICAgIH07XG5cbiAgICAgIGNvbnN0IHNoYXJlZENpcGhlckRhdGEgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoXG4gICAgICAgIGNjU2hhcmVkS2V5LFxuICAgICAgICByZXNwb25kZXJDb250YWN0Q2FyZC5zaGFyZWRDaXBoZXJEYXRhQ2xlYXJKc29uXG4gICAgICApO1xuICAgICAgcmVzcG9uZGVyQ2FyZElucHV0LnNoYXJlZENpcGhlckRhdGFTaWcgPSBKU09OLnN0cmluZ2lmeShcbiAgICAgICAgYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5zaWduKHNpZ1B4ay5qd2ssIHNoYXJlZENpcGhlckRhdGEpXG4gICAgICApO1xuICAgICAgcmVzcG9uZGVyQ2FyZElucHV0LnNpZ1B4a0lkID0gc2lnUHhrLmlkO1xuXG4gICAgICBpZiAocmVzcG9uZGVyQ29udGFjdENhcmQub3duZXJQbGFpbkRhdGFKc29uKSB7XG4gICAgICAgIHJlc3BvbmRlckNhcmRJbnB1dC5vd25lclBsYWluRGF0YVNpZyA9IEpTT04uc3RyaW5naWZ5KFxuICAgICAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2Uuc2lnbihcbiAgICAgICAgICAgIHJlc3BvbmRlclNpZ1Byay5qd2ssXG4gICAgICAgICAgICByZXNwb25kZXJDb250YWN0Q2FyZC5vd25lclBsYWluRGF0YUpzb25cbiAgICAgICAgICApXG4gICAgICAgICk7XG4gICAgICB9XG5cbiAgICAgIC8vIENvbnRhY3QgY2FyZCBpbmZvIHJlYWRhYmxlIGJ5IHRoZSBpbml0aWF0b3JcbiAgICAgIGluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXJDbGVhckpzb24ucmVzcG9uZGVyLmNvbnRhY3RDYXJkID0ge1xuICAgICAgICAuLi5pbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyQ2xlYXJKc29uLnJlc3BvbmRlci5jb250YWN0Q2FyZCxcbiAgICAgICAgc2hhcmVkQ2lwaGVyRGF0YUNsZWFySnNvbjpcbiAgICAgICAgICByZXNwb25kZXJDb250YWN0Q2FyZC5zaGFyZWRDaXBoZXJEYXRhQ2xlYXJKc29uLFxuICAgICAgfTtcbiAgICB9XG5cbiAgICAvLyBFbmNyeXB0IHdpdGggb25lLXRpbWUgcHVibGljIGtleVxuICAgIGxldCBpbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgaW5pdGlhdG9yT25lVGltZVBiayxcbiAgICAgIGluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXJDbGVhckpzb25cbiAgICApO1xuXG4gICAgLy8gRW5jcnlwdCB3aXRoIHRoZSBvdGsgYWdhaW4gdG8ga2VlcCB1c2Ugb2YgYXN5bW1ldHJpYyBrZXlzIHRvIGEgbWluaW11bS5cbiAgICBpbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgZGVjcnlwdGVkT3RrLm90S2V5LFxuICAgICAgaW5pdGlhdG9yT25lVGltZVBia0NpcGhlclxuICAgICk7XG5cbiAgICByZXR1cm4gbmV3IExyTXV0YXRpb24oe1xuICAgICAgbXV0YXRpb246IFJlc3BvbmRLZXlFeGNoYW5nZU90a011dGF0aW9uLFxuICAgICAgdmFyaWFibGVzOiB7XG4gICAgICAgIGlucHV0OiB7XG4gICAgICAgICAga2V5RXhjaGFuZ2VJZCxcbiAgICAgICAgICBrZXlFeGNoYW5nZVRva2VuOiB0b2tlbixcbiAgICAgICAgICByb290S2V5SWQ6IHJvb3RLZXkuaWQsXG4gICAgICAgICAgbWFzdGVyS2V5SWQ6IG1hc3RlcktleS5pZCxcbiAgICAgICAgICAvLyBUaGVzZSB3aWxsIGJlIHN0b3JlZCBvbiB0aGUgc2VydmVyXG4gICAgICAgICAgcmVzcG9uZGVyUHhrSWQ6IHJlc3BvbmRlclByay5pZCxcbiAgICAgICAgICByZXNwb25kZXJTaWdQeGtJZDogcmVzcG9uZGVyU2lnUHJrLmlkLFxuICAgICAgICAgIHNpZ25lZEluaXRpYXRvclBiazogSlNPTi5zdHJpbmdpZnkoc2lnbmVkSW5pdGlhdG9yUGJrKSxcbiAgICAgICAgICBzaWduZWRJbml0aWF0b3JTaWdQYms6IEpTT04uc3RyaW5naWZ5KHNpZ25lZEluaXRpYXRvclNpZ1BiayksXG4gICAgICAgICAgLy8gcmtXcmFwcGVkSW5pdGlhdG9yU2lnUGJrOiBKU09OLnN0cmluZ2lmeShya1dyYXBwZWRJbml0aWF0b3JTaWdQYmspLFxuXG4gICAgICAgICAgLy8gT3B0aW9uIDE6IFVzaW5nIG5ldyBQcmsgZm9yIGVhY2ggVFAgcGFpclxuICAgICAgICAgIC8vIHJrV3JhcHBlZFJlc3BvbmRlclNpZ1ByazogSlNPTi5zdHJpbmdpZnkocmtXcmFwcGVkUmVzcG9uZGVyU2lnUHJrKSxcbiAgICAgICAgICBya1dyYXBwZWRTaGFyZWRLZXk6IEpTT04uc3RyaW5naWZ5KHJrV3JhcHBlZFNoYXJlZEtleSksXG4gICAgICAgICAgbWtXcmFwcGVkTWtTaGFyZWRLZXk6IEpTT04uc3RyaW5naWZ5KG1rV3JhcHBlZE1rU2hhcmVkS2V5KSxcbiAgICAgICAgICAvLyBUaGVzZSB3aWxsIGJlIHNlbnQgdG8gdGhlIGluaXRpYXRvclxuICAgICAgICAgIGluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXI6IEpTT04uc3RyaW5naWZ5KGluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXIpLFxuICAgICAgICAgIGluaXRpYXRvckNvbnRhY3RDYXJkOiByZWNlaXZlZENhcmRJbnB1dCxcbiAgICAgICAgICByZXNwb25kZXJDb250YWN0Q2FyZDogcmVzcG9uZGVyQ2FyZElucHV0LFxuICAgICAgICB9LFxuICAgICAgfSxcbiAgICB9KTtcbiAgfVxuXG4gIGNvbXBsZXRlT3RrKGlucHV0OiBDb21wbGV0ZU90a0lucHV0Mikge1xuICAgIHJldHVybiB0aGlzLm11dGF0ZSh0aGlzLmNvbXBsZXRlT3RrTXV0YXRpb24oaW5wdXQpKTtcbiAgfVxuXG4gIGFzeW5jIGNvbXBsZXRlT3RrTXV0YXRpb24oe1xuICAgIGtleUV4Y2hhbmdlSWQsXG4gICAgaW5pdGlhdG9yUm9vdEtleUNpcGhlcixcbiAgICBpbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyLFxuICAgIHJlc3BvbmRlckNvbnRhY3RDYXJkLFxuICAgIGluaXRpYXRvckNvbnRhY3RDYXJkLFxuICB9OiBDb21wbGV0ZU90a0lucHV0Mikge1xuICAgIGNvbnN0IHJvb3RLZXkgPSB0aGlzLmtleVNlcnZpY2UuY3VycmVudFJvb3RLZXk7XG4gICAgY29uc3QgbWFzdGVyS2V5ID0gdGhpcy5rZXlTZXJ2aWNlLmN1cnJlbnRNYXN0ZXJLZXk7XG5cbiAgICAvLyBEZWNyeXB0IHVzaW5nIHRoZSByb290IGtleSB0byBnZXQgdGhlIFBya1xuICAgIGNvbnN0IGluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24gPVxuICAgICAgKGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZGVjcnlwdChcbiAgICAgICAgcm9vdEtleS5qd2ssXG4gICAgICAgIGluaXRpYXRvclJvb3RLZXlDaXBoZXJcbiAgICAgICkpIGFzIEluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24yO1xuXG4gICAgLy8gVGhlIFByayBpcyBzaW5nbGUtdXNlIGFuZCBvbmx5IHVzZWQgdG8gc2VuZCBpbmZvcm1hdGlvbiBmcm9tIHRoZSByZXNwb25kZXIgYmFjayB0byB0aGUgaW5pdGlhdG9yLlxuICAgIGNvbnN0IHBsYWluSW5pdGlhdG9yT25lVGltZVBia0NpcGhlciA9IGF3YWl0IHRoaXMuZGVjcnlwdFJlc3BvbnNlQ2lwaGVyKFxuICAgICAgYXdhaXQgS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoaW5pdGlhdG9yUm9vdEtleUNpcGhlckNsZWFySnNvbi5vdEtleSksXG4gICAgICBhd2FpdCBLZXlGYWN0b3J5U2VydmljZS5hc0tleShpbml0aWF0b3JSb290S2V5Q2lwaGVyQ2xlYXJKc29uLm9uZVRpbWVQcmspLFxuICAgICAgaW5pdGlhdG9yT25lVGltZVBia0NpcGhlclxuICAgICk7XG5cbiAgICAvLyBDaGVjayB0aGUgbm9uY2UgbWF0Y2ggdG8gZW5zdXJlIHRoZSByZXNwb25kZXIgd2FzIHRoZSBvbmUgaG9sZGluZyB0aGUgT1RLXG4gICAgaWYgKFxuICAgICAgaW5pdGlhdG9yUm9vdEtleUNpcGhlckNsZWFySnNvbi5ub25jZSAhPT1cbiAgICAgIHBsYWluSW5pdGlhdG9yT25lVGltZVBia0NpcGhlci5ub25jZVxuICAgICkge1xuICAgICAgdGhyb3cgbmV3IEtjQ29kZU1pc21hdGNoRXhjZXB0aW9uKFxuICAgICAgICAnVGhlIG5vbmNlIHJldHVybmVkIGJ5IHJlc3BvbmRlciBkb2VzIG5vdCBtYXRjaCB3aXRoIHRoZSBvbmUgY3JlYXRlZCBieSB0aGUgaW5pdGlhdG9yLidcbiAgICAgICk7XG4gICAgfVxuXG4gICAgLy8gT3B0aW9uIDE6IEFzc3VtaW5nIHRoZSBzaWduaW5nIGtleSBpcyB1bmlxdWUgYmV0d2VlbiB1c2Vycy5cbiAgICAvLyBjb25zdCBpbml0aWF0b3JTaWdQcmsgPSBhd2FpdCBLRlMuYXNLZXkoa2UucGxhaW5Jbml0aWF0b3JSb290S2V5Q2lwaGVyLnNpZ1Byayk7XG4gICAgLy8gY29uc3QgcmtXcmFwcGVkSW5pdGlhdG9yU2lnUHJrID0gYXdhaXQgdGhpcy5lbmNyeXB0KHJvb3RLZXksIGluaXRpYXRvclNpZ1Byay50b0pTT04odHJ1ZSkpO1xuXG4gICAgLy8gT3B0aW9uIDI6IFVzZSB0aGUgdXNlcidzIGdsb2JhbCBzaWduaW5nIGtleS5cbiAgICAvLyBJbiB0aGlzIGNhc2UgdGhlIGluaXRpYXRvclNpZ1ByayBpcyBhbHJlYWR5IGEgcGFydCBvZiB0aGUga2V5IGdyYXBoLlxuICAgIC8vIFNvIHRoZXJlJ3Mgbm90aGluZyB0byBkbyBoZXJlLlxuXG4gICAgLy8gUHJvdGVjdGVkIHRoZSBzaWduaW5nIHB1YmxpYyBrZXkgb2YgdGhlIHJlc3BvbmRlci5cbiAgICBjb25zdCBpbml0aWF0b3JTaWdQcmsgPSB0aGlzLmtleVNlcnZpY2UuY3VycmVudFNpZ1B4aztcbiAgICBjb25zdCByZXNwb25kZXJTaWdQYmsgPSBhd2FpdCBLZXlGYWN0b3J5U2VydmljZS5hc0tleShcbiAgICAgIHBsYWluSW5pdGlhdG9yT25lVGltZVBia0NpcGhlci5yZXNwb25kZXIuc2lnUGJrXG4gICAgKTtcbiAgICBjb25zdCByZXNwb25kZXJQYmsgPSBhd2FpdCBLZXlGYWN0b3J5U2VydmljZS5hc0tleShcbiAgICAgIHBsYWluSW5pdGlhdG9yT25lVGltZVBia0NpcGhlci5yZXNwb25kZXIucGJrXG4gICAgKTtcblxuICAgIGNvbnN0IHNpZ25lZFJlc3BvbmRlclBiayA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2Uuc2lnbihcbiAgICAgIGluaXRpYXRvclNpZ1Byay5qd2ssXG4gICAgICByZXNwb25kZXJQYmsudG9KU09OKClcbiAgICApO1xuICAgIGNvbnN0IHNpZ25lZFJlc3BvbmRlclNpZ1BiayA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2Uuc2lnbihcbiAgICAgIGluaXRpYXRvclNpZ1Byay5qd2ssXG4gICAgICByZXNwb25kZXJTaWdQYmsudG9KU09OKClcbiAgICApO1xuXG4gICAgY29uc3Qgc2hhcmVkS2V5ID0gYXdhaXQgS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoXG4gICAgICBwbGFpbkluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXIuc2hhcmVkS2V5XG4gICAgKTtcbiAgICBjb25zdCBya1dyYXBwZWRTaGFyZWRLZXkgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoXG4gICAgICByb290S2V5Lmp3ayxcbiAgICAgIHNoYXJlZEtleS50b0pTT04odHJ1ZSlcbiAgICApO1xuXG4gICAgY29uc3QgbWtTaGFyZWRLZXkgPSBhd2FpdCBLZXlGYWN0b3J5U2VydmljZS5hc0tleShcbiAgICAgIHBsYWluSW5pdGlhdG9yT25lVGltZVBia0NpcGhlci5ta1NoYXJlZEtleVxuICAgICk7XG4gICAgY29uc3QgbWtXcmFwcGVkTWtTaGFyZWRLZXkgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoXG4gICAgICBtYXN0ZXJLZXkuandrLFxuICAgICAgbWtTaGFyZWRLZXkudG9KU09OKHRydWUpXG4gICAgKTtcblxuICAgIGxldCByZXNwb25kZXJDb250YWN0Q2FyZENpcGhlcklucHV0O1xuICAgIGlmIChyZXNwb25kZXJDb250YWN0Q2FyZCkge1xuICAgICAgLy8gQ3JlYXRlIGtleVxuICAgICAgY29uc3QgcmVjZWl2ZXJLZXkgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlS2V5KCk7XG5cbiAgICAgIHJlc3BvbmRlckNvbnRhY3RDYXJkQ2lwaGVySW5wdXQgPSB7XG4gICAgICAgIHJlY2VpdmVyV3JhcHBlZEtleTogSlNPTi5zdHJpbmdpZnkoXG4gICAgICAgICAgYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgICAgICAgcm9vdEtleS5qd2ssXG4gICAgICAgICAgICByZWNlaXZlcktleS50b0pTT04odHJ1ZSlcbiAgICAgICAgICApXG4gICAgICAgICksXG4gICAgICAgIHJlY2VpdmVyV3JhcHBpbmdLZXlJZDogcm9vdEtleS5pZCxcbiAgICAgICAgcmVjZWl2ZXJDaXBoZXJEYXRhOiBKU09OLnN0cmluZ2lmeShcbiAgICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoXG4gICAgICAgICAgICByZWNlaXZlcktleSxcbiAgICAgICAgICAgIHJlc3BvbmRlckNvbnRhY3RDYXJkLnJlY2VpdmVyQ2lwaGVyRGF0YUNsZWFySnNvblxuICAgICAgICAgIClcbiAgICAgICAgKSxcbiAgICAgIH07XG4gICAgfVxuXG4gICAgLy8gR2V0IHRoZSBkYXRhIG5lZWRlZCBmcm9tIHRoZSBpbml0aWF0b3IncyBjaXBoZXIgZGF0YS5cbiAgICBsZXQgaW5pdGlhdG9yQ29udGFjdENhcmRDaXBoZXJJbnB1dDtcbiAgICBsZXQgaW5pdGlhdG9yQ29udGFjdENhcmRTaGFyZWRDaXBoZXJJbnB1dDtcbiAgICBpZiAoaW5pdGlhdG9yUm9vdEtleUNpcGhlckNsZWFySnNvbi5pbml0aWF0b3JDb250YWN0Q2FyZCkge1xuICAgICAgLy8gVGhlIGluaXRpYXRvckNvbnRhY3RDYXJkIGNyZWF0ZWQgZHVyaW5nIHRoZSBjcmVhdGlvbiBvZiB0aGUgaW52aXRlIGFuZCBlbmNyeXB0ZWQgdXNpbmcgdGhlIGluaXRpYXRvcidzXG4gICAgICAvLyByb290IGtleVxuICAgICAgY29uc3QgaW5pdGlhdG9yQ29udGFjdENhcmRGcm9tSW5pdCA9XG4gICAgICAgIGluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24uaW5pdGlhdG9yQ29udGFjdENhcmQ7XG4gICAgICBjb25zdCBvd25lcktleSA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVLZXkoKTtcbiAgICAgIGNvbnN0IHNoYXJlZENpcGhlcktleSA9IGF3YWl0IEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KFxuICAgICAgICBwbGFpbkluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXIucmVzcG9uZGVyLmNvbnRhY3RDYXJkLnNoYXJlZENpcGhlcktleVxuICAgICAgKTtcblxuICAgICAgY29uc3Qgb3duZXJXcmFwcGVkS2V5ID0gSlNPTi5zdHJpbmdpZnkoXG4gICAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChyb290S2V5Lmp3aywgb3duZXJLZXkudG9KU09OKHRydWUpKVxuICAgICAgKTtcblxuICAgICAgLy8gQWxsb3cgdGhlIGluaXRpYXRvckNvbnRhY3RDYXJkIHBhcmFtZXRlciB0byBvdmVycmlkZVxuICAgICAgY29uc3Qgb3duZXJDaXBoZXJEYXRhQ2xlYXJKc29uID1cbiAgICAgICAgaW5pdGlhdG9yQ29udGFjdENhcmQ/Lm93bmVyQ2lwaGVyRGF0YUNsZWFySnNvbiB8fFxuICAgICAgICBpbml0aWF0b3JDb250YWN0Q2FyZEZyb21Jbml0Lm93bmVyQ2lwaGVyRGF0YUNsZWFySnNvbjtcblxuICAgICAgY29uc3Qgb3duZXJDaXBoZXJEYXRhID0gb3duZXJDaXBoZXJEYXRhQ2xlYXJKc29uXG4gICAgICAgID8gYXdhaXQgdGhpcy5rZXlHcmFwaC5lbmNyeXB0VG9TdHJpbmcoXG4gICAgICAgICAgICBvd25lcktleSxcbiAgICAgICAgICAgIG93bmVyQ2lwaGVyRGF0YUNsZWFySnNvblxuICAgICAgICAgIClcbiAgICAgICAgOiAnJztcblxuICAgICAgaW5pdGlhdG9yQ29udGFjdENhcmRDaXBoZXJJbnB1dCA9IHtcbiAgICAgICAgb3duZXJXcmFwcGVkS2V5LFxuICAgICAgICBvd25lcldyYXBwaW5nS2V5SWQ6IHJvb3RLZXkuaWQsXG4gICAgICAgIG93bmVyQ2lwaGVyRGF0YSxcbiAgICAgIH07XG5cbiAgICAgIGluaXRpYXRvckNvbnRhY3RDYXJkU2hhcmVkQ2lwaGVySW5wdXQgPSB7XG4gICAgICAgIHNpZ1B4a0lkOiBpbml0aWF0b3JTaWdQcmsuaWQsXG4gICAgICB9O1xuXG4gICAgICBjb25zdCBzaGFyZWRDaXBoZXJEYXRhID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgICBzaGFyZWRDaXBoZXJLZXksXG4gICAgICAgIGluaXRpYXRvckNvbnRhY3RDYXJkRnJvbUluaXQuc2hhcmVkQ2lwaGVyRGF0YUNsZWFySnNvblxuICAgICAgKTtcbiAgICAgIGluaXRpYXRvckNvbnRhY3RDYXJkU2hhcmVkQ2lwaGVySW5wdXQuc2hhcmVkQ2lwaGVyRGF0YVNpZyA9XG4gICAgICAgIEpTT04uc3RyaW5naWZ5KFxuICAgICAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2Uuc2lnbihcbiAgICAgICAgICAgIGluaXRpYXRvclNpZ1Byay5qd2ssXG4gICAgICAgICAgICBzaGFyZWRDaXBoZXJEYXRhXG4gICAgICAgICAgKVxuICAgICAgICApO1xuICAgIH1cblxuICAgIC8vIFRPRE8gaWRlYWxseSB3ZSB1cGRhdGUgdGhlIHNoYXJlZCBkYXRhIGluIHRoZSBjb250YWN0IGNhcmQgc2VudCB0byB0aGUgcmVzcG9uZGVyIGFzIHdlbGwgc2luY2UgdGhhdFxuICAgIC8vIENDIHdhcyBjcmVhdGVkIGJ5IHRoZSByZXNwb25kZXIuXG5cbiAgICByZXR1cm4gbmV3IExyTXV0YXRpb24oe1xuICAgICAgbXV0YXRpb246IENvbXBsZXRlS2V5RXhjaGFuZ2VPdGtNdXRhdGlvbixcbiAgICAgIHZhcmlhYmxlczoge1xuICAgICAgICBpbnB1dDoge1xuICAgICAgICAgIGtleUV4Y2hhbmdlSWQsXG4gICAgICAgICAgcm9vdEtleUlkOiByb290S2V5LmlkLFxuICAgICAgICAgIG1hc3RlcktleUlkOiBtYXN0ZXJLZXkuaWQsXG4gICAgICAgICAgaW5pdGlhdG9yU2lnUHhrSWQ6IGluaXRpYXRvclNpZ1Byay5pZCxcbiAgICAgICAgICBzaWduZWRSZXNwb25kZXJQYms6IEpTT04uc3RyaW5naWZ5KHNpZ25lZFJlc3BvbmRlclBiayksXG4gICAgICAgICAgc2lnbmVkUmVzcG9uZGVyU2lnUGJrOiBKU09OLnN0cmluZ2lmeShzaWduZWRSZXNwb25kZXJTaWdQYmspLFxuICAgICAgICAgIHJrV3JhcHBlZFNoYXJlZEtleTogSlNPTi5zdHJpbmdpZnkocmtXcmFwcGVkU2hhcmVkS2V5KSxcbiAgICAgICAgICBta1dyYXBwZWRNa1NoYXJlZEtleTogSlNPTi5zdHJpbmdpZnkobWtXcmFwcGVkTWtTaGFyZWRLZXkpLFxuICAgICAgICAgIHJlc3BvbmRlckNvbnRhY3RDYXJkQ2lwaGVyOiByZXNwb25kZXJDb250YWN0Q2FyZENpcGhlcklucHV0LFxuICAgICAgICAgIGluaXRpYXRvckNvbnRhY3RDYXJkQ2lwaGVyOiBpbml0aWF0b3JDb250YWN0Q2FyZENpcGhlcklucHV0LFxuICAgICAgICAgIGluaXRpYXRvckNvbnRhY3RDYXJkU2hhcmVkQ2lwaGVyOlxuICAgICAgICAgICAgaW5pdGlhdG9yQ29udGFjdENhcmRTaGFyZWRDaXBoZXJJbnB1dCxcbiAgICAgICAgfSxcbiAgICAgIH0sXG4gICAgfSk7XG4gIH1cbn1cbiJdfQ==
|