@thinkhive/sdk 3.1.0 → 3.3.0

package/dist/api/apiKeys.d.ts

@@ -0,0 +1,252 @@
+/**
+ * ThinkHive SDK - API Keys Management
+ *
+ * Create and manage scoped API keys with:
+ * - Permission control (read/write/delete)
+ * - Agent-level scoping (allowedAgentIds)
+ * - Environment separation (production/staging/development)
+ * - IP whitelisting (allowedIps)
+ *
+ * @example
+ * ```typescript
+ * import { apiKeys } from 'thinkhive-js';
+ *
+ * // Create a read-only key for monitoring
+ * const readOnlyKey = await apiKeys.create({
+ *   name: 'Monitoring Key',
+ *   scopeType: 'readonly'
+ * });
+ *
+ * // Create a key scoped to specific agents
+ * const agentKey = await apiKeys.create({
+ *   name: 'Agent A Key',
+ *   allowedAgentIds: ['agent-a-id', 'agent-b-id'],
+ *   permissions: { read: true, write: true, delete: false }
+ * });
+ *
+ * // Create a staging environment key
+ * const stagingKey = await apiKeys.create({
+ *   name: 'Staging Key',
+ *   environment: 'staging',
+ *   allowedIps: ['10.0.0.1', '10.0.0.2']
+ * });
+ * ```
+ */
+/**
+ * API key permission configuration
+ */
+export interface ApiKeyPermissions {
+    /** Allow read operations (GET requests, listing, etc.) */
+    read: boolean;
+    /** Allow write operations (POST, PUT requests) */
+    write: boolean;
+    /** Allow delete operations (DELETE requests) */
+    delete: boolean;
+}
+/**
+ * API key scope type
+ * - `company`: Full access to all company data
+ * - `agent`: Limited to specific agents (requires allowedAgentIds)
+ * - `readonly`: Read-only access regardless of other settings
+ */
+export type ScopeType = 'company' | 'agent' | 'readonly';
+/**
+ * API key environment
+ * - `production`: For production systems
+ * - `staging`: For staging/pre-production
+ * - `development`: For local development
+ */
+export type Environment = 'production' | 'staging' | 'development';
+/**
+ * Options for creating an API key
+ */
+export interface CreateApiKeyOptions {
+    /** Display name for the key */
+    name: string;
+    /** Permission configuration (defaults to read+write) */
+    permissions?: Partial<ApiKeyPermissions>;
+    /**
+     * Restrict key to specific agent IDs
+     * When set, key can only access traces for these agents
+     */
+    allowedAgentIds?: string[];
+    /**
+     * Scope type for the key
+     * @default 'company' or 'agent' if allowedAgentIds is set
+     */
+    scopeType?: ScopeType;
+    /**
+     * Environment for the key
+     * @default 'production'
+     */
+    environment?: Environment;
+    /**
+     * Restrict key to specific IP addresses
+     * When set, only requests from these IPs can use this key
+     */
+    allowedIps?: string[];
+    /** Expiration date for the key */
+    expiresAt?: Date;
+}
+/**
+ * API key metadata (returned from server)
+ */
+export interface ApiKey {
+    /** Unique key ID */
+    id: string;
+    /** Display name */
+    name: string;
+    /** Key prefix (first 8 chars for identification) */
+    keyPrefix: string;
+    /** Permission configuration */
+    permissions: ApiKeyPermissions | string[];
+    /** Scope type */
+    scopeType: ScopeType;
+    /** Environment */
+    environment: Environment;
+    /** Allowed agent IDs (null = all agents) */
+    allowedAgentIds: string[] | null;
+    /** Allowed IP addresses (null = all IPs) */
+    allowedIps: string[] | null;
+    /** Whether key is active */
+    isActive: boolean;
+    /** Last usage timestamp */
+    lastUsedAt: string | null;
+    /** Total usage count */
+    usageCount: number;
+    /** Expiration date */
+    expiresAt: string | null;
+    /** Creation timestamp */
+    createdAt: string;
+}
+/**
+ * Result of creating an API key (includes secret)
+ */
+export interface CreateApiKeyResult extends ApiKey {
+    /**
+     * The full API key value
+     * IMPORTANT: This is only returned once and cannot be retrieved later!
+     * Store it securely.
+     */
+    key: string;
+}
+/**
+ * Create a new API key with specified permissions and scoping
+ *
+ * @param options - API key configuration
+ * @returns Created key with secret (only returned once!)
+ *
+ * @example
+ * ```typescript
+ * // Create a production write key
+ * const result = await apiKeys.create({
+ *   name: 'Production SDK Key',
+ *   permissions: { read: true, write: true, delete: false }
+ * });
+ *
+ * // Save the key securely - it won't be shown again!
+ * console.log('Save this key:', result.key);
+ * ```
+ */
+export declare function create(options: CreateApiKeyOptions): Promise<CreateApiKeyResult>;
+/**
+ * List all API keys for the authenticated company
+ *
+ * @returns Array of API keys (without secrets)
+ *
+ * @example
+ * ```typescript
+ * const keys = await apiKeys.list();
+ * console.log(`Found ${keys.length} API keys`);
+ *
+ * // Filter by environment
+ * const prodKeys = keys.filter(k => k.environment === 'production');
+ * ```
+ */
+export declare function list(): Promise<ApiKey[]>;
+/**
+ * Revoke (deactivate) an API key
+ *
+ * @param keyId - ID of the key to revoke
+ *
+ * @example
+ * ```typescript
+ * // Revoke a compromised key
+ * await apiKeys.revoke('key-id-to-revoke');
+ * ```
+ */
+export declare function revoke(keyId: string): Promise<void>;
+/**
+ * Rotate an API key (revoke old, create new with same config)
+ *
+ * @param keyId - ID of the key to rotate
+ * @param options - Optional overrides for the new key
+ * @returns New key with secret
+ *
+ * @example
+ * ```typescript
+ * // Rotate a key periodically
+ * const existingKeys = await apiKeys.list();
+ * const oldKey = existingKeys.find(k => k.name === 'Production Key');
+ *
+ * if (oldKey) {
+ *   const newKey = await apiKeys.rotate(oldKey.id);
+ *   // Update your systems with newKey.key
+ *   console.log('New key:', newKey.key);
+ * }
+ * ```
+ */
+export declare function rotate(keyId: string, options?: Partial<CreateApiKeyOptions>): Promise<CreateApiKeyResult>;
+/**
+ * Test an API key connection
+ *
+ * @param apiKey - The full API key value to test
+ * @param agentId - Optional agent ID to test with
+ * @returns Test result
+ *
+ * @example
+ * ```typescript
+ * const result = await apiKeys.test('thk_...', 'my-agent-id');
+ * if (result.success) {
+ *   console.log('Key is valid!');
+ * }
+ * ```
+ */
+export declare function test(apiKey: string, agentId?: string): Promise<{
+    success: boolean;
+    error?: string;
+    testTraceId?: string;
+}>;
+/**
+ * Check if an API key has a specific permission
+ */
+export declare function hasPermission(key: ApiKey, permission: 'read' | 'write' | 'delete'): boolean;
+/**
+ * Check if an API key is expired
+ */
+export declare function isExpired(key: ApiKey): boolean;
+/**
+ * Check if an API key is valid (active and not expired)
+ */
+export declare function isValid(key: ApiKey): boolean;
+/**
+ * Get time until key expires (in milliseconds)
+ * Returns null if key doesn't expire
+ */
+export declare function getTimeUntilExpiry(key: ApiKey): number | null;
+/**
+ * Check if a key can access a specific agent
+ */
+export declare function canAccessAgent(key: ApiKey, agentId: string): boolean;
+export declare const apiKeys: {
+    create: typeof create;
+    list: typeof list;
+    revoke: typeof revoke;
+    rotate: typeof rotate;
+    test: typeof test;
+    hasPermission: typeof hasPermission;
+    isExpired: typeof isExpired;
+    isValid: typeof isValid;
+    getTimeUntilExpiry: typeof getTimeUntilExpiry;
+    canAccessAgent: typeof canAccessAgent;
+};

package/dist/api/apiKeys.js

@@ -0,0 +1,298 @@
+"use strict";
+/**
+ * ThinkHive SDK - API Keys Management
+ *
+ * Create and manage scoped API keys with:
+ * - Permission control (read/write/delete)
+ * - Agent-level scoping (allowedAgentIds)
+ * - Environment separation (production/staging/development)
+ * - IP whitelisting (allowedIps)
+ *
+ * @example
+ * ```typescript
+ * import { apiKeys } from 'thinkhive-js';
+ *
+ * // Create a read-only key for monitoring
+ * const readOnlyKey = await apiKeys.create({
+ *   name: 'Monitoring Key',
+ *   scopeType: 'readonly'
+ * });
+ *
+ * // Create a key scoped to specific agents
+ * const agentKey = await apiKeys.create({
+ *   name: 'Agent A Key',
+ *   allowedAgentIds: ['agent-a-id', 'agent-b-id'],
+ *   permissions: { read: true, write: true, delete: false }
+ * });
+ *
+ * // Create a staging environment key
+ * const stagingKey = await apiKeys.create({
+ *   name: 'Staging Key',
+ *   environment: 'staging',
+ *   allowedIps: ['10.0.0.1', '10.0.0.2']
+ * });
+ * ```
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.apiKeys = void 0;
+exports.create = create;
+exports.list = list;
+exports.revoke = revoke;
+exports.rotate = rotate;
+exports.test = test;
+exports.hasPermission = hasPermission;
+exports.isExpired = isExpired;
+exports.isValid = isValid;
+exports.getTimeUntilExpiry = getTimeUntilExpiry;
+exports.canAccessAgent = canAccessAgent;
+const client_1 = require("../core/client");
+// ============================================================================
+// API Key Management Functions
+// ============================================================================
+/**
+ * Create a new API key with specified permissions and scoping
+ *
+ * @param options - API key configuration
+ * @returns Created key with secret (only returned once!)
+ *
+ * @example
+ * ```typescript
+ * // Create a production write key
+ * const result = await apiKeys.create({
+ *   name: 'Production SDK Key',
+ *   permissions: { read: true, write: true, delete: false }
+ * });
+ *
+ * // Save the key securely - it won't be shown again!
+ * console.log('Save this key:', result.key);
+ * ```
+ */
+async function create(options) {
+    if (!options.name || options.name.trim().length === 0) {
+        throw new client_1.ThinkHiveValidationError('API key name is required', 'name');
+    }
+    // Validate IP addresses if provided
+    if (options.allowedIps) {
+        // IPv4 pattern
+        const ipv4Regex = /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/;
+        // IPv6 pattern (supports full and compressed notation like ::1, 2001:db8::1)
+        const ipv6Regex = /^(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(?::[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(?::[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(?::[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(?::[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?::[0-9a-fA-F]{1,4}){1,6}|:(?::[0-9a-fA-F]{1,4}){1,7}|::)$/;
+        for (const ip of options.allowedIps) {
+            if (!ipv4Regex.test(ip) && !ipv6Regex.test(ip) && ip !== 'localhost') {
+                throw new client_1.ThinkHiveValidationError(`Invalid IP address: ${ip}`, 'allowedIps');
+            }
+        }
+    }
+    const body = {
+        name: options.name.trim(),
+    };
+    if (options.permissions) {
+        body.permissions = {
+            read: options.permissions.read !== false,
+            write: options.permissions.write === true,
+            delete: options.permissions.delete === true,
+        };
+    }
+    if (options.scopeType) {
+        body.scopeType = options.scopeType;
+    }
+    if (options.environment) {
+        body.environment = options.environment;
+    }
+    if (options.allowedAgentIds && options.allowedAgentIds.length > 0) {
+        body.allowedAgentIds = options.allowedAgentIds;
+    }
+    if (options.allowedIps && options.allowedIps.length > 0) {
+        body.allowedIps = options.allowedIps;
+    }
+    if (options.expiresAt) {
+        body.expiresAt = options.expiresAt.toISOString();
+    }
+    return (0, client_1.apiRequest)('/api-keys', {
+        method: 'POST',
+        body,
+        apiVersion: 'v1',
+    });
+}
+/**
+ * List all API keys for the authenticated company
+ *
+ * @returns Array of API keys (without secrets)
+ *
+ * @example
+ * ```typescript
+ * const keys = await apiKeys.list();
+ * console.log(`Found ${keys.length} API keys`);
+ *
+ * // Filter by environment
+ * const prodKeys = keys.filter(k => k.environment === 'production');
+ * ```
+ */
+async function list() {
+    return (0, client_1.apiRequest)('/api-keys', {
+        method: 'GET',
+        apiVersion: 'v1',
+    });
+}
+/**
+ * Revoke (deactivate) an API key
+ *
+ * @param keyId - ID of the key to revoke
+ *
+ * @example
+ * ```typescript
+ * // Revoke a compromised key
+ * await apiKeys.revoke('key-id-to-revoke');
+ * ```
+ */
+async function revoke(keyId) {
+    if (!keyId) {
+        throw new client_1.ThinkHiveValidationError('Key ID is required', 'keyId');
+    }
+    await (0, client_1.apiRequest)(`/api-keys/${keyId}`, {
+        method: 'DELETE',
+        apiVersion: 'v1',
+    });
+}
+/**
+ * Rotate an API key (revoke old, create new with same config)
+ *
+ * @param keyId - ID of the key to rotate
+ * @param options - Optional overrides for the new key
+ * @returns New key with secret
+ *
+ * @example
+ * ```typescript
+ * // Rotate a key periodically
+ * const existingKeys = await apiKeys.list();
+ * const oldKey = existingKeys.find(k => k.name === 'Production Key');
+ *
+ * if (oldKey) {
+ *   const newKey = await apiKeys.rotate(oldKey.id);
+ *   // Update your systems with newKey.key
+ *   console.log('New key:', newKey.key);
+ * }
+ * ```
+ */
+async function rotate(keyId, options) {
+    // Get existing key metadata
+    const keys = await list();
+    const existingKey = keys.find(k => k.id === keyId);
+    if (!existingKey) {
+        throw new client_1.ThinkHiveValidationError('API key not found', 'keyId');
+    }
+    // Create new key with same (or overridden) config
+    const newKeyOptions = {
+        name: options?.name || existingKey.name,
+        scopeType: options?.scopeType || existingKey.scopeType,
+        environment: options?.environment || existingKey.environment,
+        allowedAgentIds: options?.allowedAgentIds || existingKey.allowedAgentIds || undefined,
+        allowedIps: options?.allowedIps || existingKey.allowedIps || undefined,
+    };
+    // Handle permissions conversion
+    if (options?.permissions) {
+        newKeyOptions.permissions = options.permissions;
+    }
+    else if (existingKey.permissions && typeof existingKey.permissions === 'object' && !Array.isArray(existingKey.permissions)) {
+        newKeyOptions.permissions = existingKey.permissions;
+    }
+    // Create new key first (so we don't lose access if creation fails)
+    const newKey = await create(newKeyOptions);
+    // Revoke old key
+    await revoke(keyId);
+    return newKey;
+}
+/**
+ * Test an API key connection
+ *
+ * @param apiKey - The full API key value to test
+ * @param agentId - Optional agent ID to test with
+ * @returns Test result
+ *
+ * @example
+ * ```typescript
+ * const result = await apiKeys.test('thk_...', 'my-agent-id');
+ * if (result.success) {
+ *   console.log('Key is valid!');
+ * }
+ * ```
+ */
+async function test(apiKey, agentId) {
+    if (!apiKey) {
+        throw new client_1.ThinkHiveValidationError('API key is required', 'apiKey');
+    }
+    return (0, client_1.apiRequest)('/api-keys/test', {
+        method: 'POST',
+        body: { apiKey, agentId, createTestTrace: !!agentId },
+        apiVersion: 'v1',
+    });
+}
+// ============================================================================
+// Utility Functions
+// ============================================================================
+/**
+ * Check if an API key has a specific permission
+ */
+function hasPermission(key, permission) {
+    // Handle object format
+    if (typeof key.permissions === 'object' && !Array.isArray(key.permissions)) {
+        return key.permissions[permission] === true;
+    }
+    // Handle legacy array format
+    if (Array.isArray(key.permissions)) {
+        return key.permissions.some(p => p.endsWith(`:${permission}`));
+    }
+    // Default: read allowed, write/delete denied
+    return permission === 'read';
+}
+/**
+ * Check if an API key is expired
+ */
+function isExpired(key) {
+    if (!key.expiresAt)
+        return false;
+    return new Date(key.expiresAt) < new Date();
+}
+/**
+ * Check if an API key is valid (active and not expired)
+ */
+function isValid(key) {
+    return key.isActive && !isExpired(key);
+}
+/**
+ * Get time until key expires (in milliseconds)
+ * Returns null if key doesn't expire
+ */
+function getTimeUntilExpiry(key) {
+    if (!key.expiresAt)
+        return null;
+    const expiry = new Date(key.expiresAt).getTime();
+    const now = Date.now();
+    return Math.max(0, expiry - now);
+}
+/**
+ * Check if a key can access a specific agent
+ */
+function canAccessAgent(key, agentId) {
+    // If no agent restrictions, allow all
+    if (!key.allowedAgentIds || key.allowedAgentIds.length === 0) {
+        return true;
+    }
+    return key.allowedAgentIds.includes(agentId);
+}
+// ============================================================================
+// Export namespace
+// ============================================================================
+exports.apiKeys = {
+    create,
+    list,
+    revoke,
+    rotate,
+    test,
+    hasPermission,
+    isExpired,
+    isValid,
+    getTimeUntilExpiry,
+    canAccessAgent,
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXBpS2V5cy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9hcGkvYXBpS2V5cy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUE7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQWlDRzs7O0FBNElILHdCQXVEQztBQWdCRCxvQkFLQztBQWFELHdCQVNDO0FBc0JELHdCQW1DQztBQWlCRCxvQkFhQztBQVNELHNDQWdCQztBQUtELDhCQUdDO0FBS0QsMEJBRUM7QUFNRCxnREFLQztBQUtELHdDQU1DO0FBallELDJDQUFzRTtBQW9IdEUsK0VBQStFO0FBQy9FLCtCQUErQjtBQUMvQiwrRUFBK0U7QUFFL0U7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBaUJHO0FBQ0ksS0FBSyxVQUFVLE1BQU0sQ0FBQyxPQUE0QjtJQUN2RCxJQUFJLENBQUMsT0FBTyxDQUFDLElBQUksSUFBSSxPQUFPLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztRQUN0RCxNQUFNLElBQUksaUNBQXdCLENBQUMsMEJBQTBCLEVBQUUsTUFBTSxDQUFDLENBQUM7SUFDekUsQ0FBQztJQUVELG9DQUFvQztJQUNwQyxJQUFJLE9BQU8sQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUN2QixlQUFlO1FBQ2YsTUFBTSxTQUFTLEdBQUcsNkZBQTZGLENBQUM7UUFDaEgsNkVBQTZFO1FBQzdFLE1BQU0sU0FBUyxHQUFHLHVaQUF1WixDQUFDO1FBQzFhLEtBQUssTUFBTSxFQUFFLElBQUksT0FBTyxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ3BDLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsSUFBSSxFQUFFLEtBQUssV0FBVyxFQUFFLENBQUM7Z0JBQ3JFLE1BQU0sSUFBSSxpQ0FBd0IsQ0FBQyx1QkFBdUIsRUFBRSxFQUFFLEVBQUUsWUFBWSxDQUFDLENBQUM7WUFDaEYsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQsTUFBTSxJQUFJLEdBQTRCO1FBQ3BDLElBQUksRUFBRSxPQUFPLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRTtLQUMxQixDQUFDO0lBRUYsSUFBSSxPQUFPLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDeEIsSUFBSSxDQUFDLFdBQVcsR0FBRztZQUNqQixJQUFJLEVBQUUsT0FBTyxDQUFDLFdBQVcsQ0FBQyxJQUFJLEtBQUssS0FBSztZQUN4QyxLQUFLLEVBQUUsT0FBTyxDQUFDLFdBQVcsQ0FBQyxLQUFLLEtBQUssSUFBSTtZQUN6QyxNQUFNLEVBQUUsT0FBTyxDQUFDLFdBQVcsQ0FBQyxNQUFNLEtBQUssSUFBSTtTQUM1QyxDQUFDO0lBQ0osQ0FBQztJQUVELElBQUksT0FBTyxDQUFDLFNBQVMsRUFBRSxDQUFDO1FBQ3RCLElBQUksQ0FBQyxTQUFTLEdBQUcsT0FBTyxDQUFDLFNBQVMsQ0FBQztJQUNyQyxDQUFDO0lBRUQsSUFBSSxPQUFPLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDeEIsSUFBSSxDQUFDLFdBQVcsR0FBRyxPQUFPLENBQUMsV0FBVyxDQUFDO0lBQ3pDLENBQUM7SUFFRCxJQUFJLE9BQU8sQ0FBQyxlQUFlLElBQUksT0FBTyxDQUFDLGVBQWUsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7UUFDbEUsSUFBSSxDQUFDLGVBQWUsR0FBRyxPQUFPLENBQUMsZUFBZSxDQUFDO0lBQ2pELENBQUM7SUFFRCxJQUFJLE9BQU8sQ0FBQyxVQUFVLElBQUksT0FBTyxDQUFDLFVBQVUsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7UUFDeEQsSUFBSSxDQUFDLFVBQVUsR0FBRyxPQUFPLENBQUMsVUFBVSxDQUFDO0lBQ3ZDLENBQUM7SUFFRCxJQUFJLE9BQU8sQ0FBQyxTQUFTLEVBQUUsQ0FBQztRQUN0QixJQUFJLENBQUMsU0FBUyxHQUFHLE9BQU8sQ0FBQyxTQUFTLENBQUMsV0FBVyxFQUFFLENBQUM7SUFDbkQsQ0FBQztJQUVELE9BQU8sSUFBQSxtQkFBVSxFQUFxQixXQUFXLEVBQUU7UUFDakQsTUFBTSxFQUFFLE1BQU07UUFDZCxJQUFJO1FBQ0osVUFBVSxFQUFFLElBQUk7S0FDakIsQ0FBQyxDQUFDO0FBQ0wsQ0FBQztBQUVEOzs7Ozs7Ozs7Ozs7O0dBYUc7QUFDSSxLQUFLLFVBQVUsSUFBSTtJQUN4QixPQUFPLElBQUEsbUJBQVUsRUFBVyxXQUFXLEVBQUU7UUFDdkMsTUFBTSxFQUFFLEtBQUs7UUFDYixVQUFVLEVBQUUsSUFBSTtLQUNqQixDQUFDLENBQUM7QUFDTCxDQUFDO0FBRUQ7Ozs7Ozs7Ozs7R0FVRztBQUNJLEtBQUssVUFBVSxNQUFNLENBQUMsS0FBYTtJQUN4QyxJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksaUNBQXdCLENBQUMsb0JBQW9CLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDcEUsQ0FBQztJQUVELE1BQU0sSUFBQSxtQkFBVSxFQUFDLGFBQWEsS0FBSyxFQUFFLEVBQUU7UUFDckMsTUFBTSxFQUFFLFFBQVE7UUFDaEIsVUFBVSxFQUFFLElBQUk7S0FDakIsQ0FBQyxDQUFDO0FBQ0wsQ0FBQztBQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBbUJHO0FBQ0ksS0FBSyxVQUFVLE1BQU0sQ0FDMUIsS0FBYSxFQUNiLE9BQXNDO0lBRXRDLDRCQUE0QjtJQUM1QixNQUFNLElBQUksR0FBRyxNQUFNLElBQUksRUFBRSxDQUFDO0lBQzFCLE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFBRSxLQUFLLEtBQUssQ0FBQyxDQUFDO0lBRW5ELElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUNqQixNQUFNLElBQUksaUNBQXdCLENBQUMsbUJBQW1CLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDbkUsQ0FBQztJQUVELGtEQUFrRDtJQUNsRCxNQUFNLGFBQWEsR0FBd0I7UUFDekMsSUFBSSxFQUFFLE9BQU8sRUFBRSxJQUFJLElBQUksV0FBVyxDQUFDLElBQUk7UUFDdkMsU0FBUyxFQUFFLE9BQU8sRUFBRSxTQUFTLElBQUksV0FBVyxDQUFDLFNBQVM7UUFDdEQsV0FBVyxFQUFFLE9BQU8sRUFBRSxXQUFXLElBQUksV0FBVyxDQUFDLFdBQVc7UUFDNUQsZUFBZSxFQUFFLE9BQU8sRUFBRSxlQUFlLElBQUksV0FBVyxDQUFDLGVBQWUsSUFBSSxTQUFTO1FBQ3JGLFVBQVUsRUFBRSxPQUFPLEVBQUUsVUFBVSxJQUFJLFdBQVcsQ0FBQyxVQUFVLElBQUksU0FBUztLQUN2RSxDQUFDO0lBRUYsZ0NBQWdDO0lBQ2hDLElBQUksT0FBTyxFQUFFLFdBQVcsRUFBRSxDQUFDO1FBQ3pCLGFBQWEsQ0FBQyxXQUFXLEdBQUcsT0FBTyxDQUFDLFdBQVcsQ0FBQztJQUNsRCxDQUFDO1NBQU0sSUFBSSxXQUFXLENBQUMsV0FBVyxJQUFJLE9BQU8sV0FBVyxDQUFDLFdBQVcsS0FBSyxRQUFRLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDO1FBQzdILGFBQWEsQ0FBQyxXQUFXLEdBQUcsV0FBVyxDQUFDLFdBQWdDLENBQUM7SUFDM0UsQ0FBQztJQUVELG1FQUFtRTtJQUNuRSxNQUFNLE1BQU0sR0FBRyxNQUFNLE1BQU0sQ0FBQyxhQUFhLENBQUMsQ0FBQztJQUUzQyxpQkFBaUI7SUFDakIsTUFBTSxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUM7SUFFcEIsT0FBTyxNQUFNLENBQUM7QUFDaEIsQ0FBQztBQUVEOzs7Ozs7Ozs7Ozs7OztHQWNHO0FBQ0ksS0FBSyxVQUFVLElBQUksQ0FDeEIsTUFBYyxFQUNkLE9BQWdCO0lBRWhCLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUNaLE1BQU0sSUFBSSxpQ0FBd0IsQ0FBQyxxQkFBcUIsRUFBRSxRQUFRLENBQUMsQ0FBQztJQUN0RSxDQUFDO0lBRUQsT0FBTyxJQUFBLG1CQUFVLEVBQTZELGdCQUFnQixFQUFFO1FBQzlGLE1BQU0sRUFBRSxNQUFNO1FBQ2QsSUFBSSxFQUFFLEVBQUUsTUFBTSxFQUFFLE9BQU8sRUFBRSxlQUFlLEVBQUUsQ0FBQyxDQUFDLE9BQU8sRUFBRTtRQUNyRCxVQUFVLEVBQUUsSUFBSTtLQUNqQixDQUFDLENBQUM7QUFDTCxDQUFDO0FBRUQsK0VBQStFO0FBQy9FLG9CQUFvQjtBQUNwQiwrRUFBK0U7QUFFL0U7O0dBRUc7QUFDSCxTQUFnQixhQUFhLENBQzNCLEdBQVcsRUFDWCxVQUF1QztJQUV2Qyx1QkFBdUI7SUFDdkIsSUFBSSxPQUFPLEdBQUcsQ0FBQyxXQUFXLEtBQUssUUFBUSxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQztRQUMzRSxPQUFPLEdBQUcsQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDLEtBQUssSUFBSSxDQUFDO0lBQzlDLENBQUM7SUFFRCw2QkFBNkI7SUFDN0IsSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDO1FBQ25DLE9BQU8sR0FBRyxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLElBQUksVUFBVSxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQ2pFLENBQUM7SUFFRCw2Q0FBNkM7SUFDN0MsT0FBTyxVQUFVLEtBQUssTUFBTSxDQUFDO0FBQy9CLENBQUM7QUFFRDs7R0FFRztBQUNILFNBQWdCLFNBQVMsQ0FBQyxHQUFXO0lBQ25DLElBQUksQ0FBQyxHQUFHLENBQUMsU0FBUztRQUFFLE9BQU8sS0FBSyxDQUFDO0lBQ2pDLE9BQU8sSUFBSSxJQUFJLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxHQUFHLElBQUksSUFBSSxFQUFFLENBQUM7QUFDOUMsQ0FBQztBQUVEOztHQUVHO0FBQ0gsU0FBZ0IsT0FBTyxDQUFDLEdBQVc7SUFDakMsT0FBTyxHQUFHLENBQUMsUUFBUSxJQUFJLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0FBQ3pDLENBQUM7QUFFRDs7O0dBR0c7QUFDSCxTQUFnQixrQkFBa0IsQ0FBQyxHQUFXO0lBQzVDLElBQUksQ0FBQyxHQUFHLENBQUMsU0FBUztRQUFFLE9BQU8sSUFBSSxDQUFDO0lBQ2hDLE1BQU0sTUFBTSxHQUFHLElBQUksSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQztJQUNqRCxNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7SUFDdkIsT0FBTyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxNQUFNLEdBQUcsR0FBRyxDQUFDLENBQUM7QUFDbkMsQ0FBQztBQUVEOztHQUVHO0FBQ0gsU0FBZ0IsY0FBYyxDQUFDLEdBQVcsRUFBRSxPQUFlO0lBQ3pELHNDQUFzQztJQUN0QyxJQUFJLENBQUMsR0FBRyxDQUFDLGVBQWUsSUFBSSxHQUFHLENBQUMsZUFBZSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztRQUM3RCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFDRCxPQUFPLEdBQUcsQ0FBQyxlQUFlLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDO0FBQy9DLENBQUM7QUFFRCwrRUFBK0U7QUFDL0UsbUJBQW1CO0FBQ25CLCtFQUErRTtBQUVsRSxRQUFBLE9BQU8sR0FBRztJQUNyQixNQUFNO0lBQ04sSUFBSTtJQUNKLE1BQU07SUFDTixNQUFNO0lBQ04sSUFBSTtJQUNKLGFBQWE7SUFDYixTQUFTO0lBQ1QsT0FBTztJQUNQLGtCQUFrQjtJQUNsQixjQUFjO0NBQ2YsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogVGhpbmtIaXZlIFNESyAtIEFQSSBLZXlzIE1hbmFnZW1lbnRcbiAqXG4gKiBDcmVhdGUgYW5kIG1hbmFnZSBzY29wZWQgQVBJIGtleXMgd2l0aDpcbiAqIC0gUGVybWlzc2lvbiBjb250cm9sIChyZWFkL3dyaXRlL2RlbGV0ZSlcbiAqIC0gQWdlbnQtbGV2ZWwgc2NvcGluZyAoYWxsb3dlZEFnZW50SWRzKVxuICogLSBFbnZpcm9ubWVudCBzZXBhcmF0aW9uIChwcm9kdWN0aW9uL3N0YWdpbmcvZGV2ZWxvcG1lbnQpXG4gKiAtIElQIHdoaXRlbGlzdGluZyAoYWxsb3dlZElwcylcbiAqXG4gKiBAZXhhbXBsZVxuICogYGBgdHlwZXNjcmlwdFxuICogaW1wb3J0IHsgYXBpS2V5cyB9IGZyb20gJ3RoaW5raGl2ZS1qcyc7XG4gKlxuICogLy8gQ3JlYXRlIGEgcmVhZC1vbmx5IGtleSBmb3IgbW9uaXRvcmluZ1xuICogY29uc3QgcmVhZE9ubHlLZXkgPSBhd2FpdCBhcGlLZXlzLmNyZWF0ZSh7XG4gKiAgIG5hbWU6ICdNb25pdG9yaW5nIEtleScsXG4gKiAgIHNjb3BlVHlwZTogJ3JlYWRvbmx5J1xuICogfSk7XG4gKlxuICogLy8gQ3JlYXRlIGEga2V5IHNjb3BlZCB0byBzcGVjaWZpYyBhZ2VudHNcbiAqIGNvbnN0IGFnZW50S2V5ID0gYXdhaXQgYXBpS2V5cy5jcmVhdGUoe1xuICogICBuYW1lOiAnQWdlbnQgQSBLZXknLFxuICogICBhbGxvd2VkQWdlbnRJZHM6IFsnYWdlbnQtYS1pZCcsICdhZ2VudC1iLWlkJ10sXG4gKiAgIHBlcm1pc3Npb25zOiB7IHJlYWQ6IHRydWUsIHdyaXRlOiB0cnVlLCBkZWxldGU6IGZhbHNlIH1cbiAqIH0pO1xuICpcbiAqIC8vIENyZWF0ZSBhIHN0YWdpbmcgZW52aXJvbm1lbnQga2V5XG4gKiBjb25zdCBzdGFnaW5nS2V5ID0gYXdhaXQgYXBpS2V5cy5jcmVhdGUoe1xuICogICBuYW1lOiAnU3RhZ2luZyBLZXknLFxuICogICBlbnZpcm9ubWVudDogJ3N0YWdpbmcnLFxuICogICBhbGxvd2VkSXBzOiBbJzEwLjAuMC4xJywgJzEwLjAuMC4yJ11cbiAqIH0pO1xuICogYGBgXG4gKi9cblxuaW1wb3J0IHsgYXBpUmVxdWVzdCwgVGhpbmtIaXZlVmFsaWRhdGlvbkVycm9yIH0gZnJvbSAnLi4vY29yZS9jbGllbnQnO1xuXG4vLyA9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09XG4vLyBUeXBlc1xuLy8gPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PVxuXG4vKipcbiAqIEFQSSBrZXkgcGVybWlzc2lvbiBjb25maWd1cmF0aW9uXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgQXBpS2V5UGVybWlzc2lvbnMge1xuICAvKiogQWxsb3cgcmVhZCBvcGVyYXRpb25zIChHRVQgcmVxdWVzdHMsIGxpc3RpbmcsIGV0Yy4pICovXG4gIHJlYWQ6IGJvb2xlYW47XG4gIC8qKiBBbGxvdyB3cml0ZSBvcGVyYXRpb25zIChQT1NULCBQVVQgcmVxdWVzdHMpICovXG4gIHdyaXRlOiBib29sZWFuO1xuICAvKiogQWxsb3cgZGVsZXRlIG9wZXJhdGlvbnMgKERFTEVURSByZXF1ZXN0cykgKi9cbiAgZGVsZXRlOiBib29sZWFuO1xufVxuXG4vKipcbiAqIEFQSSBrZXkgc2NvcGUgdHlwZVxuICogLSBgY29tcGFueWA6IEZ1bGwgYWNjZXNzIHRvIGFsbCBjb21wYW55IGRhdGFcbiAqIC0gYGFnZW50YDogTGltaXRlZCB0byBzcGVjaWZpYyBhZ2VudHMgKHJlcXVpcmVzIGFsbG93ZWRBZ2VudElkcylcbiAqIC0gYHJlYWRvbmx5YDogUmVhZC1vbmx5IGFjY2VzcyByZWdhcmRsZXNzIG9mIG90aGVyIHNldHRpbmdzXG4gKi9cbmV4cG9ydCB0eXBlIFNjb3BlVHlwZSA9ICdjb21wYW55JyB8ICdhZ2VudCcgfCAncmVhZG9ubHknO1xuXG4vKipcbiAqIEFQSSBrZXkgZW52aXJvbm1lbnRcbiAqIC0gYHByb2R1Y3Rpb25gOiBGb3IgcHJvZHVjdGlvbiBzeXN0ZW1zXG4gKiAtIGBzdGFnaW5nYDogRm9yIHN0YWdpbmcvcHJlLXByb2R1Y3Rpb25cbiAqIC0gYGRldmVsb3BtZW50YDogRm9yIGxvY2FsIGRldmVsb3BtZW50XG4gKi9cbmV4cG9ydCB0eXBlIEVudmlyb25tZW50ID0gJ3Byb2R1Y3Rpb24nIHwgJ3N0YWdpbmcnIHwgJ2RldmVsb3BtZW50JztcblxuLyoqXG4gKiBPcHRpb25zIGZvciBjcmVhdGluZyBhbiBBUEkga2V5XG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgQ3JlYXRlQXBpS2V5T3B0aW9ucyB7XG4gIC8qKiBEaXNwbGF5IG5hbWUgZm9yIHRoZSBrZXkgKi9cbiAgbmFtZTogc3RyaW5nO1xuXG4gIC8qKiBQZXJtaXNzaW9uIGNvbmZpZ3VyYXRpb24gKGRlZmF1bHRzIHRvIHJlYWQrd3JpdGUpICovXG4gIHBlcm1pc3Npb25zPzogUGFydGlhbDxBcGlLZXlQZXJtaXNzaW9ucz47XG5cbiAgLyoqXG4gICAqIFJlc3RyaWN0IGtleSB0byBzcGVjaWZpYyBhZ2VudCBJRHNcbiAgICogV2hlbiBzZXQsIGtleSBjYW4gb25seSBhY2Nlc3MgdHJhY2VzIGZvciB0aGVzZSBhZ2VudHNcbiAgICovXG4gIGFsbG93ZWRBZ2VudElkcz86IHN0cmluZ1tdO1xuXG4gIC8qKlxuICAgKiBTY29wZSB0eXBlIGZvciB0aGUga2V5XG4gICAqIEBkZWZhdWx0ICdjb21wYW55JyBvciAnYWdlbnQnIGlmIGFsbG93ZWRBZ2VudElkcyBpcyBzZXRcbiAgICovXG4gIHNjb3BlVHlwZT86IFNjb3BlVHlwZTtcblxuICAvKipcbiAgICogRW52aXJvbm1lbnQgZm9yIHRoZSBrZXlcbiAgICogQGRlZmF1bHQgJ3Byb2R1Y3Rpb24nXG4gICAqL1xuICBlbnZpcm9ubWVudD86IEVudmlyb25tZW50O1xuXG4gIC8qKlxuICAgKiBSZXN0cmljdCBrZXkgdG8gc3BlY2lmaWMgSVAgYWRkcmVzc2VzXG4gICAqIFdoZW4gc2V0LCBvbmx5IHJlcXVlc3RzIGZyb20gdGhlc2UgSVBzIGNhbiB1c2UgdGhpcyBrZXlcbiAgICovXG4gIGFsbG93ZWRJcHM/OiBzdHJpbmdbXTtcblxuICAvKiogRXhwaXJhdGlvbiBkYXRlIGZvciB0aGUga2V5ICovXG4gIGV4cGlyZXNBdD86IERhdGU7XG59XG5cbi8qKlxuICogQVBJIGtleSBtZXRhZGF0YSAocmV0dXJuZWQgZnJvbSBzZXJ2ZXIpXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgQXBpS2V5IHtcbiAgLyoqIFVuaXF1ZSBrZXkgSUQgKi9cbiAgaWQ6IHN0cmluZztcbiAgLyoqIERpc3BsYXkgbmFtZSAqL1xuICBuYW1lOiBzdHJpbmc7XG4gIC8qKiBLZXkgcHJlZml4IChmaXJzdCA4IGNoYXJzIGZvciBpZGVudGlmaWNhdGlvbikgKi9cbiAga2V5UHJlZml4OiBzdHJpbmc7XG4gIC8qKiBQZXJtaXNzaW9uIGNvbmZpZ3VyYXRpb24gKi9cbiAgcGVybWlzc2lvbnM6IEFwaUtleVBlcm1pc3Npb25zIHwgc3RyaW5nW107XG4gIC8qKiBTY29wZSB0eXBlICovXG4gIHNjb3BlVHlwZTogU2NvcGVUeXBlO1xuICAvKiogRW52aXJvbm1lbnQgKi9cbiAgZW52aXJvbm1lbnQ6IEVudmlyb25tZW50O1xuICAvKiogQWxsb3dlZCBhZ2VudCBJRHMgKG51bGwgPSBhbGwgYWdlbnRzKSAqL1xuICBhbGxvd2VkQWdlbnRJZHM6IHN0cmluZ1tdIHwgbnVsbDtcbiAgLyoqIEFsbG93ZWQgSVAgYWRkcmVzc2VzIChudWxsID0gYWxsIElQcykgKi9cbiAgYWxsb3dlZElwczogc3RyaW5nW10gfCBudWxsO1xuICAvKiogV2hldGhlciBrZXkgaXMgYWN0aXZlICovXG4gIGlzQWN0aXZlOiBib29sZWFuO1xuICAvKiogTGFzdCB1c2FnZSB0aW1lc3RhbXAgKi9cbiAgbGFzdFVzZWRBdDogc3RyaW5nIHwgbnVsbDtcbiAgLyoqIFRvdGFsIHVzYWdlIGNvdW50ICovXG4gIHVzYWdlQ291bnQ6IG51bWJlcjtcbiAgLyoqIEV4cGlyYXRpb24gZGF0ZSAqL1xuICBleHBpcmVzQXQ6IHN0cmluZyB8IG51bGw7XG4gIC8qKiBDcmVhdGlvbiB0aW1lc3RhbXAgKi9cbiAgY3JlYXRlZEF0OiBzdHJpbmc7XG59XG5cbi8qKlxuICogUmVzdWx0IG9mIGNyZWF0aW5nIGFuIEFQSSBrZXkgKGluY2x1ZGVzIHNlY3JldClcbiAqL1xuZXhwb3J0IGludGVyZmFjZSBDcmVhdGVBcGlLZXlSZXN1bHQgZXh0ZW5kcyBBcGlLZXkge1xuICAvKipcbiAgICogVGhlIGZ1bGwgQVBJIGtleSB2YWx1ZVxuICAgKiBJTVBPUlRBTlQ6IFRoaXMgaXMgb25seSByZXR1cm5lZCBvbmNlIGFuZCBjYW5ub3QgYmUgcmV0cmlldmVkIGxhdGVyIVxuICAgKiBTdG9yZSBpdCBzZWN1cmVseS5cbiAgICovXG4gIGtleTogc3RyaW5nO1xufVxuXG4vLyA9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09XG4vLyBBUEkgS2V5IE1hbmFnZW1lbnQgRnVuY3Rpb25zXG4vLyA9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09XG5cbi8qKlxuICogQ3JlYXRlIGEgbmV3IEFQSSBrZXkgd2l0aCBzcGVjaWZpZWQgcGVybWlzc2lvbnMgYW5kIHNjb3BpbmdcbiAqXG4gKiBAcGFyYW0gb3B0aW9ucyAtIEFQSSBrZXkgY29uZmlndXJhdGlvblxuICogQHJldHVybnMgQ3JlYXRlZCBrZXkgd2l0aCBzZWNyZXQgKG9ubHkgcmV0dXJuZWQgb25jZSEpXG4gKlxuICogQGV4YW1wbGVcbiAqIGBgYHR5cGVzY3JpcHRcbiAqIC8vIENyZWF0ZSBhIHByb2R1Y3Rpb24gd3JpdGUga2V5XG4gKiBjb25zdCByZXN1bHQgPSBhd2FpdCBhcGlLZXlzLmNyZWF0ZSh7XG4gKiAgIG5hbWU6ICdQcm9kdWN0aW9uIFNESyBLZXknLFxuICogICBwZXJtaXNzaW9uczogeyByZWFkOiB0cnVlLCB3cml0ZTogdHJ1ZSwgZGVsZXRlOiBmYWxzZSB9XG4gKiB9KTtcbiAqXG4gKiAvLyBTYXZlIHRoZSBrZXkgc2VjdXJlbHkgLSBpdCB3b24ndCBiZSBzaG93biBhZ2FpbiFcbiAqIGNvbnNvbGUubG9nKCdTYXZlIHRoaXMga2V5OicsIHJlc3VsdC5rZXkpO1xuICogYGBgXG4gKi9cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBjcmVhdGUob3B0aW9uczogQ3JlYXRlQXBpS2V5T3B0aW9ucyk6IFByb21pc2U8Q3JlYXRlQXBpS2V5UmVzdWx0PiB7XG4gIGlmICghb3B0aW9ucy5uYW1lIHx8IG9wdGlvbnMubmFtZS50cmltKCkubGVuZ3RoID09PSAwKSB7XG4gICAgdGhyb3cgbmV3IFRoaW5rSGl2ZVZhbGlkYXRpb25FcnJvcignQVBJIGtleSBuYW1lIGlzIHJlcXVpcmVkJywgJ25hbWUnKTtcbiAgfVxuXG4gIC8vIFZhbGlkYXRlIElQIGFkZHJlc3NlcyBpZiBwcm92aWRlZFxuICBpZiAob3B0aW9ucy5hbGxvd2VkSXBzKSB7XG4gICAgLy8gSVB2NCBwYXR0ZXJuXG4gICAgY29uc3QgaXB2NFJlZ2V4ID0gL14oPzooPzoyNVswLTVdfDJbMC00XVswLTldfFswMV0/WzAtOV1bMC05XT8pXFwuKXszfSg/OjI1WzAtNV18MlswLTRdWzAtOV18WzAxXT9bMC05XVswLTldPykkLztcbiAgICAvLyBJUHY2IHBhdHRlcm4gKHN1cHBvcnRzIGZ1bGwgYW5kIGNvbXByZXNzZWQgbm90YXRpb24gbGlrZSA6OjEsIDIwMDE6ZGI4OjoxKVxuICAgIGNvbnN0IGlwdjZSZWdleCA9IC9eKD86KD86WzAtOWEtZkEtRl17MSw0fTopezd9WzAtOWEtZkEtRl17MSw0fXwoPzpbMC05YS1mQS1GXXsxLDR9Oil7MSw3fTp8KD86WzAtOWEtZkEtRl17MSw0fTopezEsNn06WzAtOWEtZkEtRl17MSw0fXwoPzpbMC05YS1mQS1GXXsxLDR9Oil7MSw1fSg/OjpbMC05YS1mQS1GXXsxLDR9KXsxLDJ9fCg/OlswLTlhLWZBLUZdezEsNH06KXsxLDR9KD86OlswLTlhLWZBLUZdezEsNH0pezEsM318KD86WzAtOWEtZkEtRl17MSw0fTopezEsM30oPzo6WzAtOWEtZkEtRl17MSw0fSl7MSw0fXwoPzpbMC05YS1mQS1GXXsxLDR9Oil7MSwyfSg/OjpbMC05YS1mQS1GXXsxLDR9KXsxLDV9fFswLTlhLWZBLUZdezEsNH06KD86OlswLTlhLWZBLUZdezEsNH0pezEsNn18Oig/OjpbMC05YS1mQS1GXXsxLDR9KXsxLDd9fDo6KSQvO1xuICAgIGZvciAoY29uc3QgaXAgb2Ygb3B0aW9ucy5hbGxvd2VkSXBzKSB7XG4gICAgICBpZiAoIWlwdjRSZWdleC50ZXN0KGlwKSAmJiAhaXB2NlJlZ2V4LnRlc3QoaXApICYmIGlwICE9PSAnbG9jYWxob3N0Jykge1xuICAgICAgICB0aHJvdyBuZXcgVGhpbmtIaXZlVmFsaWRhdGlvbkVycm9yKGBJbnZhbGlkIElQIGFkZHJlc3M6ICR7aXB9YCwgJ2FsbG93ZWRJcHMnKTtcbiAgICAgIH1cbiAgICB9XG4gIH1cblxuICBjb25zdCBib2R5OiBSZWNvcmQ8c3RyaW5nLCB1bmtub3duPiA9IHtcbiAgICBuYW1lOiBvcHRpb25zLm5hbWUudHJpbSgpLFxuICB9O1xuXG4gIGlmIChvcHRpb25zLnBlcm1pc3Npb25zKSB7XG4gICAgYm9keS5wZXJtaXNzaW9ucyA9IHtcbiAgICAgIHJlYWQ6IG9wdGlvbnMucGVybWlzc2lvbnMucmVhZCAhPT0gZmFsc2UsXG4gICAgICB3cml0ZTogb3B0aW9ucy5wZXJtaXNzaW9ucy53cml0ZSA9PT0gdHJ1ZSxcbiAgICAgIGRlbGV0ZTogb3B0aW9ucy5wZXJtaXNzaW9ucy5kZWxldGUgPT09IHRydWUsXG4gICAgfTtcbiAgfVxuXG4gIGlmIChvcHRpb25zLnNjb3BlVHlwZSkge1xuICAgIGJvZHkuc2NvcGVUeXBlID0gb3B0aW9ucy5zY29wZVR5cGU7XG4gIH1cblxuICBpZiAob3B0aW9ucy5lbnZpcm9ubWVudCkge1xuICAgIGJvZHkuZW52aXJvbm1lbnQgPSBvcHRpb25zLmVudmlyb25tZW50O1xuICB9XG5cbiAgaWYgKG9wdGlvbnMuYWxsb3dlZEFnZW50SWRzICYmIG9wdGlvbnMuYWxsb3dlZEFnZW50SWRzLmxlbmd0aCA+IDApIHtcbiAgICBib2R5LmFsbG93ZWRBZ2VudElkcyA9IG9wdGlvbnMuYWxsb3dlZEFnZW50SWRzO1xuICB9XG5cbiAgaWYgKG9wdGlvbnMuYWxsb3dlZElwcyAmJiBvcHRpb25zLmFsbG93ZWRJcHMubGVuZ3RoID4gMCkge1xuICAgIGJvZHkuYWxsb3dlZElwcyA9IG9wdGlvbnMuYWxsb3dlZElwcztcbiAgfVxuXG4gIGlmIChvcHRpb25zLmV4cGlyZXNBdCkge1xuICAgIGJvZHkuZXhwaXJlc0F0ID0gb3B0aW9ucy5leHBpcmVzQXQudG9JU09TdHJpbmcoKTtcbiAgfVxuXG4gIHJldHVybiBhcGlSZXF1ZXN0PENyZWF0ZUFwaUtleVJlc3VsdD4oJy9hcGkta2V5cycsIHtcbiAgICBtZXRob2Q6ICdQT1NUJyxcbiAgICBib2R5LFxuICAgIGFwaVZlcnNpb246ICd2MScsXG4gIH0pO1xufVxuXG4vKipcbiAqIExpc3QgYWxsIEFQSSBrZXlzIGZvciB0aGUgYXV0aGVudGljYXRlZCBjb21wYW55XG4gKlxuICogQHJldHVybnMgQXJyYXkgb2YgQVBJIGtleXMgKHdpdGhvdXQgc2VjcmV0cylcbiAqXG4gKiBAZXhhbXBsZVxuICogYGBgdHlwZXNjcmlwdFxuICogY29uc3Qga2V5cyA9IGF3YWl0IGFwaUtleXMubGlzdCgpO1xuICogY29uc29sZS5sb2coYEZvdW5kICR7a2V5cy5sZW5ndGh9IEFQSSBrZXlzYCk7XG4gKlxuICogLy8gRmlsdGVyIGJ5IGVudmlyb25tZW50XG4gKiBjb25zdCBwcm9kS2V5cyA9IGtleXMuZmlsdGVyKGsgPT4gay5lbnZpcm9ubWVudCA9PT0gJ3Byb2R1Y3Rpb24nKTtcbiAqIGBgYFxuICovXG5leHBvcnQgYXN5bmMgZnVuY3Rpb24gbGlzdCgpOiBQcm9taXNlPEFwaUtleVtdPiB7XG4gIHJldHVybiBhcGlSZXF1ZXN0PEFwaUtleVtdPignL2FwaS1rZXlzJywge1xuICAgIG1ldGhvZDogJ0dFVCcsXG4gICAgYXBpVmVyc2lvbjogJ3YxJyxcbiAgfSk7XG59XG5cbi8qKlxuICogUmV2b2tlIChkZWFjdGl2YXRlKSBhbiBBUEkga2V5XG4gKlxuICogQHBhcmFtIGtleUlkIC0gSUQgb2YgdGhlIGtleSB0byByZXZva2VcbiAqXG4gKiBAZXhhbXBsZVxuICogYGBgdHlwZXNjcmlwdFxuICogLy8gUmV2b2tlIGEgY29tcHJvbWlzZWQga2V5XG4gKiBhd2FpdCBhcGlLZXlzLnJldm9rZSgna2V5LWlkLXRvLXJldm9rZScpO1xuICogYGBgXG4gKi9cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiByZXZva2Uoa2V5SWQ6IHN0cmluZyk6IFByb21pc2U8dm9pZD4ge1xuICBpZiAoIWtleUlkKSB7XG4gICAgdGhyb3cgbmV3IFRoaW5rSGl2ZVZhbGlkYXRpb25FcnJvcignS2V5IElEIGlzIHJlcXVpcmVkJywgJ2tleUlkJyk7XG4gIH1cblxuICBhd2FpdCBhcGlSZXF1ZXN0KGAvYXBpLWtleXMvJHtrZXlJZH1gLCB7XG4gICAgbWV0aG9kOiAnREVMRVRFJyxcbiAgICBhcGlWZXJzaW9uOiAndjEnLFxuICB9KTtcbn1cblxuLyoqXG4gKiBSb3RhdGUgYW4gQVBJIGtleSAocmV2b2tlIG9sZCwgY3JlYXRlIG5ldyB3aXRoIHNhbWUgY29uZmlnKVxuICpcbiAqIEBwYXJhbSBrZXlJZCAtIElEIG9mIHRoZSBrZXkgdG8gcm90YXRlXG4gKiBAcGFyYW0gb3B0aW9ucyAtIE9wdGlvbmFsIG92ZXJyaWRlcyBmb3IgdGhlIG5ldyBrZXlcbiAqIEByZXR1cm5zIE5ldyBrZXkgd2l0aCBzZWNyZXRcbiAqXG4gKiBAZXhhbXBsZVxuICogYGBgdHlwZXNjcmlwdFxuICogLy8gUm90YXRlIGEga2V5IHBlcmlvZGljYWxseVxuICogY29uc3QgZXhpc3RpbmdLZXlzID0gYXdhaXQgYXBpS2V5cy5saXN0KCk7XG4gKiBjb25zdCBvbGRLZXkgPSBleGlzdGluZ0tleXMuZmluZChrID0+IGsubmFtZSA9PT0gJ1Byb2R1Y3Rpb24gS2V5Jyk7XG4gKlxuICogaWYgKG9sZEtleSkge1xuICogICBjb25zdCBuZXdLZXkgPSBhd2FpdCBhcGlLZXlzLnJvdGF0ZShvbGRLZXkuaWQpO1xuICogICAvLyBVcGRhdGUgeW91ciBzeXN0ZW1zIHdpdGggbmV3S2V5LmtleVxuICogICBjb25zb2xlLmxvZygnTmV3IGtleTonLCBuZXdLZXkua2V5KTtcbiAqIH1cbiAqIGBgYFxuICovXG5leHBvcnQgYXN5bmMgZnVuY3Rpb24gcm90YXRlKFxuICBrZXlJZDogc3RyaW5nLFxuICBvcHRpb25zPzogUGFydGlhbDxDcmVhdGVBcGlLZXlPcHRpb25zPlxuKTogUHJvbWlzZTxDcmVhdGVBcGlLZXlSZXN1bHQ+IHtcbiAgLy8gR2V0IGV4aXN0aW5nIGtleSBtZXRhZGF0YVxuICBjb25zdCBrZXlzID0gYXdhaXQgbGlzdCgpO1xuICBjb25zdCBleGlzdGluZ0tleSA9IGtleXMuZmluZChrID0+IGsuaWQgPT09IGtleUlkKTtcblxuICBpZiAoIWV4aXN0aW5nS2V5KSB7XG4gICAgdGhyb3cgbmV3IFRoaW5rSGl2ZVZhbGlkYXRpb25FcnJvcignQVBJIGtleSBub3QgZm91bmQnLCAna2V5SWQnKTtcbiAgfVxuXG4gIC8vIENyZWF0ZSBuZXcga2V5IHdpdGggc2FtZSAob3Igb3ZlcnJpZGRlbikgY29uZmlnXG4gIGNvbnN0IG5ld0tleU9wdGlvbnM6IENyZWF0ZUFwaUtleU9wdGlvbnMgPSB7XG4gICAgbmFtZTogb3B0aW9ucz8ubmFtZSB8fCBleGlzdGluZ0tleS5uYW1lLFxuICAgIHNjb3BlVHlwZTogb3B0aW9ucz8uc2NvcGVUeXBlIHx8IGV4aXN0aW5nS2V5LnNjb3BlVHlwZSxcbiAgICBlbnZpcm9ubWVudDogb3B0aW9ucz8uZW52aXJvbm1lbnQgfHwgZXhpc3RpbmdLZXkuZW52aXJvbm1lbnQsXG4gICAgYWxsb3dlZEFnZW50SWRzOiBvcHRpb25zPy5hbGxvd2VkQWdlbnRJZHMgfHwgZXhpc3RpbmdLZXkuYWxsb3dlZEFnZW50SWRzIHx8IHVuZGVmaW5lZCxcbiAgICBhbGxvd2VkSXBzOiBvcHRpb25zPy5hbGxvd2VkSXBzIHx8IGV4aXN0aW5nS2V5LmFsbG93ZWRJcHMgfHwgdW5kZWZpbmVkLFxuICB9O1xuXG4gIC8vIEhhbmRsZSBwZXJtaXNzaW9ucyBjb252ZXJzaW9uXG4gIGlmIChvcHRpb25zPy5wZXJtaXNzaW9ucykge1xuICAgIG5ld0tleU9wdGlvbnMucGVybWlzc2lvbnMgPSBvcHRpb25zLnBlcm1pc3Npb25zO1xuICB9IGVsc2UgaWYgKGV4aXN0aW5nS2V5LnBlcm1pc3Npb25zICYmIHR5cGVvZiBleGlzdGluZ0tleS5wZXJtaXNzaW9ucyA9PT0gJ29iamVjdCcgJiYgIUFycmF5LmlzQXJyYXkoZXhpc3RpbmdLZXkucGVybWlzc2lvbnMpKSB7XG4gICAgbmV3S2V5T3B0aW9ucy5wZXJtaXNzaW9ucyA9IGV4aXN0aW5nS2V5LnBlcm1pc3Npb25zIGFzIEFwaUtleVBlcm1pc3Npb25zO1xuICB9XG5cbiAgLy8gQ3JlYXRlIG5ldyBrZXkgZmlyc3QgKHNvIHdlIGRvbid0IGxvc2UgYWNjZXNzIGlmIGNyZWF0aW9uIGZhaWxzKVxuICBjb25zdCBuZXdLZXkgPSBhd2FpdCBjcmVhdGUobmV3S2V5T3B0aW9ucyk7XG5cbiAgLy8gUmV2b2tlIG9sZCBrZXlcbiAgYXdhaXQgcmV2b2tlKGtleUlkKTtcblxuICByZXR1cm4gbmV3S2V5O1xufVxuXG4vKipcbiAqIFRlc3QgYW4gQVBJIGtleSBjb25uZWN0aW9uXG4gKlxuICogQHBhcmFtIGFwaUtleSAtIFRoZSBmdWxsIEFQSSBrZXkgdmFsdWUgdG8gdGVzdFxuICogQHBhcmFtIGFnZW50SWQgLSBPcHRpb25hbCBhZ2VudCBJRCB0byB0ZXN0IHdpdGhcbiAqIEByZXR1cm5zIFRlc3QgcmVzdWx0XG4gKlxuICogQGV4YW1wbGVcbiAqIGBgYHR5cGVzY3JpcHRcbiAqIGNvbnN0IHJlc3VsdCA9IGF3YWl0IGFwaUtleXMudGVzdCgndGhrXy4uLicsICdteS1hZ2VudC1pZCcpO1xuICogaWYgKHJlc3VsdC5zdWNjZXNzKSB7XG4gKiAgIGNvbnNvbGUubG9nKCdLZXkgaXMgdmFsaWQhJyk7XG4gKiB9XG4gKiBgYGBcbiAqL1xuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIHRlc3QoXG4gIGFwaUtleTogc3RyaW5nLFxuICBhZ2VudElkPzogc3RyaW5nXG4pOiBQcm9taXNlPHsgc3VjY2VzczogYm9vbGVhbjsgZXJyb3I/OiBzdHJpbmc7IHRlc3RUcmFjZUlkPzogc3RyaW5nIH0+IHtcbiAgaWYgKCFhcGlLZXkpIHtcbiAgICB0aHJvdyBuZXcgVGhpbmtIaXZlVmFsaWRhdGlvbkVycm9yKCdBUEkga2V5IGlzIHJlcXVpcmVkJywgJ2FwaUtleScpO1xuICB9XG5cbiAgcmV0dXJuIGFwaVJlcXVlc3Q8eyBzdWNjZXNzOiBib29sZWFuOyBlcnJvcj86IHN0cmluZzsgdGVzdFRyYWNlSWQ/OiBzdHJpbmcgfT4oJy9hcGkta2V5cy90ZXN0Jywge1xuICAgIG1ldGhvZDogJ1BPU1QnLFxuICAgIGJvZHk6IHsgYXBpS2V5LCBhZ2VudElkLCBjcmVhdGVUZXN0VHJhY2U6ICEhYWdlbnRJZCB9LFxuICAgIGFwaVZlcnNpb246ICd2MScsXG4gIH0pO1xufVxuXG4vLyA9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09XG4vLyBVdGlsaXR5IEZ1bmN0aW9uc1xuLy8gPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PVxuXG4vKipcbiAqIENoZWNrIGlmIGFuIEFQSSBrZXkgaGFzIGEgc3BlY2lmaWMgcGVybWlzc2lvblxuICovXG5leHBvcnQgZnVuY3Rpb24gaGFzUGVybWlzc2lvbihcbiAga2V5OiBBcGlLZXksXG4gIHBlcm1pc3Npb246ICdyZWFkJyB8ICd3cml0ZScgfCAnZGVsZXRlJ1xuKTogYm9vbGVhbiB7XG4gIC8vIEhhbmRsZSBvYmplY3QgZm9ybWF0XG4gIGlmICh0eXBlb2Yga2V5LnBlcm1pc3Npb25zID09PSAnb2JqZWN0JyAmJiAhQXJyYXkuaXNBcnJheShrZXkucGVybWlzc2lvbnMpKSB7XG4gICAgcmV0dXJuIGtleS5wZXJtaXNzaW9uc1twZXJtaXNzaW9uXSA9PT0gdHJ1ZTtcbiAgfVxuXG4gIC8vIEhhbmRsZSBsZWdhY3kgYXJyYXkgZm9ybWF0XG4gIGlmIChBcnJheS5pc0FycmF5KGtleS5wZXJtaXNzaW9ucykpIHtcbiAgICByZXR1cm4ga2V5LnBlcm1pc3Npb25zLnNvbWUocCA9PiBwLmVuZHNXaXRoKGA6JHtwZXJtaXNzaW9ufWApKTtcbiAgfVxuXG4gIC8vIERlZmF1bHQ6IHJlYWQgYWxsb3dlZCwgd3JpdGUvZGVsZXRlIGRlbmllZFxuICByZXR1cm4gcGVybWlzc2lvbiA9PT0gJ3JlYWQnO1xufVxuXG4vKipcbiAqIENoZWNrIGlmIGFuIEFQSSBrZXkgaXMgZXhwaXJlZFxuICovXG5leHBvcnQgZnVuY3Rpb24gaXNFeHBpcmVkKGtleTogQXBpS2V5KTogYm9vbGVhbiB7XG4gIGlmICgha2V5LmV4cGlyZXNBdCkgcmV0dXJuIGZhbHNlO1xuICByZXR1cm4gbmV3IERhdGUoa2V5LmV4cGlyZXNBdCkgPCBuZXcgRGF0ZSgpO1xufVxuXG4vKipcbiAqIENoZWNrIGlmIGFuIEFQSSBrZXkgaXMgdmFsaWQgKGFjdGl2ZSBhbmQgbm90IGV4cGlyZWQpXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBpc1ZhbGlkKGtleTogQXBpS2V5KTogYm9vbGVhbiB7XG4gIHJldHVybiBrZXkuaXNBY3RpdmUgJiYgIWlzRXhwaXJlZChrZXkpO1xufVxuXG4vKipcbiAqIEdldCB0aW1lIHVudGlsIGtleSBleHBpcmVzIChpbiBtaWxsaXNlY29uZHMpXG4gKiBSZXR1cm5zIG51bGwgaWYga2V5IGRvZXNuJ3QgZXhwaXJlXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBnZXRUaW1lVW50aWxFeHBpcnkoa2V5OiBBcGlLZXkpOiBudW1iZXIgfCBudWxsIHtcbiAgaWYgKCFrZXkuZXhwaXJlc0F0KSByZXR1cm4gbnVsbDtcbiAgY29uc3QgZXhwaXJ5ID0gbmV3IERhdGUoa2V5LmV4cGlyZXNBdCkuZ2V0VGltZSgpO1xuICBjb25zdCBub3cgPSBEYXRlLm5vdygpO1xuICByZXR1cm4gTWF0aC5tYXgoMCwgZXhwaXJ5IC0gbm93KTtcbn1cblxuLyoqXG4gKiBDaGVjayBpZiBhIGtleSBjYW4gYWNjZXNzIGEgc3BlY2lmaWMgYWdlbnRcbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGNhbkFjY2Vzc0FnZW50KGtleTogQXBpS2V5LCBhZ2VudElkOiBzdHJpbmcpOiBib29sZWFuIHtcbiAgLy8gSWYgbm8gYWdlbnQgcmVzdHJpY3Rpb25zLCBhbGxvdyBhbGxcbiAgaWYgKCFrZXkuYWxsb3dlZEFnZW50SWRzIHx8IGtleS5hbGxvd2VkQWdlbnRJZHMubGVuZ3RoID09PSAwKSB7XG4gICAgcmV0dXJuIHRydWU7XG4gIH1cbiAgcmV0dXJuIGtleS5hbGxvd2VkQWdlbnRJZHMuaW5jbHVkZXMoYWdlbnRJZCk7XG59XG5cbi8vID09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT1cbi8vIEV4cG9ydCBuYW1lc3BhY2Vcbi8vID09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT1cblxuZXhwb3J0IGNvbnN0IGFwaUtleXMgPSB7XG4gIGNyZWF0ZSxcbiAgbGlzdCxcbiAgcmV2b2tlLFxuICByb3RhdGUsXG4gIHRlc3QsXG4gIGhhc1Blcm1pc3Npb24sXG4gIGlzRXhwaXJlZCxcbiAgaXNWYWxpZCxcbiAgZ2V0VGltZVVudGlsRXhwaXJ5LFxuICBjYW5BY2Nlc3NBZ2VudCxcbn07XG4iXX0=