aws-cdk 0.0.0

package/lib/api/aws-auth/sdk-provider.d.ts

@@ -0,0 +1,207 @@
+import { ContextLookupRoleOptions } from '@aws-cdk/cloud-assembly-schema';
+import { Environment } from '@aws-cdk/cx-api';
+import { AssumeRoleCommandInput } from '@aws-sdk/client-sts';
+import type { NodeHttpHandlerOptions } from '@smithy/node-http-handler';
+import { AwsCredentialIdentityProvider, Logger } from '@smithy/types';
+import { SDK } from './sdk';
+import { Mode } from '../plugin/mode';
+export type AssumeRoleAdditionalOptions = Partial<Omit<AssumeRoleCommandInput, 'ExternalId' | 'RoleArn'>>;
+/**
+ * Options for the default SDK provider
+ */
+export interface SdkProviderOptions {
+    /**
+     * Profile to read from ~/.aws
+     *
+     * @default - No profile
+     */
+    readonly profile?: string;
+    /**
+     * HTTP options for SDK
+     */
+    readonly httpOptions?: SdkHttpOptions;
+    /**
+     * The logger for sdk calls.
+     */
+    readonly logger?: Logger;
+}
+/**
+ * Options for individual SDKs
+ */
+export interface SdkHttpOptions {
+    /**
+     * Proxy address to use
+     *
+     * @default No proxy
+     */
+    readonly proxyAddress?: string;
+    /**
+     * A path to a certificate bundle that contains a cert to be trusted.
+     *
+     * @default No certificate bundle
+     */
+    readonly caBundlePath?: string;
+}
+/**
+ * SDK configuration for a given environment
+ * 'forEnvironment' will attempt to assume a role and if it
+ * is not successful, then it will either:
+ *   1. Check to see if the default credentials (local credentials the CLI was executed with)
+ *      are for the given environment. If they are then return those.
+ *   2. If the default credentials are not for the given environment then
+ *      throw an error
+ *
+ * 'didAssumeRole' allows callers to whether they are receiving the assume role
+ * credentials or the default credentials.
+ */
+export interface SdkForEnvironment {
+    /**
+     * The SDK for the given environment
+     */
+    readonly sdk: SDK;
+    /**
+     * Whether or not the assume role was successful.
+     * If the assume role was not successful (false)
+     * then that means that the 'sdk' returned contains
+     * the default credentials (not the assume role credentials)
+     */
+    readonly didAssumeRole: boolean;
+}
+/**
+ * Creates instances of the AWS SDK appropriate for a given account/region.
+ *
+ * Behavior is as follows:
+ *
+ * - First, a set of "base" credentials are established
+ *   - If a target environment is given and the default ("current") SDK credentials are for
+ *     that account, return those; otherwise
+ *   - If a target environment is given, scan all credential provider plugins
+ *     for credentials, and return those if found; otherwise
+ *   - Return default ("current") SDK credentials, noting that they might be wrong.
+ *
+ * - Second, a role may optionally need to be assumed. Use the base credentials
+ *   established in the previous process to assume that role.
+ *   - If assuming the role fails and the base credentials are for the correct
+ *     account, return those. This is a fallback for people who are trying to interact
+ *     with a Default Synthesized stack and already have right credentials setup.
+ *
+ *     Typical cases we see in the wild:
+ *     - Credential plugin setup that, although not recommended, works for them
+ *     - Seeded terminal with `ReadOnly` credentials in order to do `cdk diff`--the `ReadOnly`
+ *       role doesn't have `sts:AssumeRole` and will fail for no real good reason.
+ */
+export declare class SdkProvider {
+    private readonly defaultCredentialProvider;
+    /**
+     * Default region
+     */
+    readonly defaultRegion: string;
+    private readonly requestHandler;
+    private readonly logger?;
+    /**
+     * Create a new SdkProvider which gets its defaults in a way that behaves like the AWS CLI does
+     *
+     * The AWS SDK for JS behaves slightly differently from the AWS CLI in a number of ways; see the
+     * class `AwsCliCompatible` for the details.
+     */
+    static withAwsCliCompatibleDefaults(options?: SdkProviderOptions): Promise<SdkProvider>;
+    private readonly plugins;
+    constructor(defaultCredentialProvider: AwsCredentialIdentityProvider, 
+    /**
+     * Default region
+     */
+    defaultRegion: string, requestHandler?: NodeHttpHandlerOptions, logger?: Logger | undefined);
+    /**
+     * Return an SDK which can do operations in the given environment
+     *
+     * The `environment` parameter is resolved first (see `resolveEnvironment()`).
+     */
+    forEnvironment(environment: Environment, mode: Mode, options?: CredentialsOptions, quiet?: boolean): Promise<SdkForEnvironment>;
+    /**
+     * Return the partition that base credentials are for
+     *
+     * Returns `undefined` if there are no base credentials.
+     */
+    baseCredentialsPartition(environment: Environment, mode: Mode): Promise<string | undefined>;
+    /**
+     * Resolve the environment for a stack
+     *
+     * Replaces the magic values `UNKNOWN_REGION` and `UNKNOWN_ACCOUNT`
+     * with the defaults for the current SDK configuration (`~/.aws/config` or
+     * otherwise).
+     *
+     * It is an error if `UNKNOWN_ACCOUNT` is used but the user hasn't configured
+     * any SDK credentials.
+     */
+    resolveEnvironment(env: Environment): Promise<Environment>;
+    /**
+     * The account we'd auth into if we used default credentials.
+     *
+     * Default credentials are the set of ambiently configured credentials using
+     * one of the environment variables, or ~/.aws/credentials, or the *one*
+     * profile that was passed into the CLI.
+     *
+     * Might return undefined if there are no default/ambient credentials
+     * available (in which case the user should better hope they have
+     * credential plugins configured).
+     *
+     * Uses a cache to avoid STS calls if we don't need 'em.
+     */
+    defaultAccount(): Promise<Account | undefined>;
+    /**
+     * Get credentials for the given account ID in the given mode
+     *
+     * 1. Use the default credentials if the destination account matches the
+     *    current credentials' account.
+     * 2. Otherwise try all credential plugins.
+     * 3. Fail if neither of these yield any credentials.
+     * 4. Return a failure if any of them returned credentials
+     */
+    private obtainBaseCredentials;
+    /**
+     * Return an SDK which uses assumed role credentials
+     *
+     * The base credentials used to retrieve the assumed role credentials will be the
+     * same credentials returned by obtainCredentials if an environment and mode is passed,
+     * otherwise it will be the current credentials.
+     */
+    private withAssumedRole;
+}
+/**
+ * An AWS account
+ *
+ * An AWS account always exists in only one partition. Usually we don't care about
+ * the partition, but when we need to form ARNs we do.
+ */
+export interface Account {
+    /**
+     * The account number
+     */
+    readonly accountId: string;
+    /**
+     * The partition ('aws' or 'aws-cn' or otherwise)
+     */
+    readonly partition: string;
+}
+/**
+ * Options for obtaining credentials for an environment
+ */
+export interface CredentialsOptions {
+    /**
+     * The ARN of the role that needs to be assumed, if any
+     */
+    readonly assumeRoleArn?: string;
+    /**
+     * External ID required to assume the given role.
+     */
+    readonly assumeRoleExternalId?: string;
+    /**
+     * Session tags required to assume the given role.
+     */
+    readonly assumeRoleAdditionalOptions?: AssumeRoleAdditionalOptions;
+}
+/**
+ * Instantiate an SDK for context providers. This function ensures that all
+ * lookup assume role options are used when context providers perform lookups.
+ */
+export declare function initContextProviderSdk(aws: SdkProvider, options: ContextLookupRoleOptions): Promise<SDK>;

package/lib/api/aws-auth/sdk-provider.js

@@ -0,0 +1,359 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var SdkProvider_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SdkProvider = void 0;
+exports.initContextProviderSdk = initContextProviderSdk;
+const os = require("os");
+const cx_api_1 = require("@aws-cdk/cx-api");
+const credential_providers_1 = require("@aws-sdk/credential-providers");
+const awscli_compatible_1 = require("./awscli-compatible");
+const cached_1 = require("./cached");
+const credential_plugins_1 = require("./credential-plugins");
+const provider_caching_1 = require("./provider-caching");
+const sdk_1 = require("./sdk");
+const tracing_1 = require("./tracing");
+const logging_1 = require("../../logging");
+const error_1 = require("../../toolkit/error");
+const error_2 = require("../../util/error");
+const mode_1 = require("../plugin/mode");
+const CACHED_ACCOUNT = Symbol('cached_account');
+/**
+ * Creates instances of the AWS SDK appropriate for a given account/region.
+ *
+ * Behavior is as follows:
+ *
+ * - First, a set of "base" credentials are established
+ *   - If a target environment is given and the default ("current") SDK credentials are for
+ *     that account, return those; otherwise
+ *   - If a target environment is given, scan all credential provider plugins
+ *     for credentials, and return those if found; otherwise
+ *   - Return default ("current") SDK credentials, noting that they might be wrong.
+ *
+ * - Second, a role may optionally need to be assumed. Use the base credentials
+ *   established in the previous process to assume that role.
+ *   - If assuming the role fails and the base credentials are for the correct
+ *     account, return those. This is a fallback for people who are trying to interact
+ *     with a Default Synthesized stack and already have right credentials setup.
+ *
+ *     Typical cases we see in the wild:
+ *     - Credential plugin setup that, although not recommended, works for them
+ *     - Seeded terminal with `ReadOnly` credentials in order to do `cdk diff`--the `ReadOnly`
+ *       role doesn't have `sts:AssumeRole` and will fail for no real good reason.
+ */
+let SdkProvider = SdkProvider_1 = class SdkProvider {
+    /**
+     * Create a new SdkProvider which gets its defaults in a way that behaves like the AWS CLI does
+     *
+     * The AWS SDK for JS behaves slightly differently from the AWS CLI in a number of ways; see the
+     * class `AwsCliCompatible` for the details.
+     */
+    static async withAwsCliCompatibleDefaults(options = {}) {
+        (0, tracing_1.callTrace)(SdkProvider_1.withAwsCliCompatibleDefaults.name, SdkProvider_1.constructor.name, options.logger);
+        const credentialProvider = await awscli_compatible_1.AwsCliCompatible.credentialChainBuilder({
+            profile: options.profile,
+            httpOptions: options.httpOptions,
+            logger: options.logger,
+        });
+        const region = await awscli_compatible_1.AwsCliCompatible.region(options.profile);
+        const requestHandler = awscli_compatible_1.AwsCliCompatible.requestHandlerBuilder(options.httpOptions);
+        return new SdkProvider_1(credentialProvider, region, requestHandler, options.logger);
+    }
+    constructor(defaultCredentialProvider, 
+    /**
+     * Default region
+     */
+    defaultRegion, requestHandler = {}, logger) {
+        this.defaultCredentialProvider = defaultCredentialProvider;
+        this.defaultRegion = defaultRegion;
+        this.requestHandler = requestHandler;
+        this.logger = logger;
+        this.plugins = new credential_plugins_1.CredentialPlugins();
+    }
+    /**
+     * Return an SDK which can do operations in the given environment
+     *
+     * The `environment` parameter is resolved first (see `resolveEnvironment()`).
+     */
+    async forEnvironment(environment, mode, options, quiet = false) {
+        const env = await this.resolveEnvironment(environment);
+        const baseCreds = await this.obtainBaseCredentials(env.account, mode);
+        // At this point, we need at least SOME credentials
+        if (baseCreds.source === 'none') {
+            throw new error_1.AuthenticationError(fmtObtainCredentialsError(env.account, baseCreds));
+        }
+        // Simple case is if we don't need to "assumeRole" here. If so, we must now have credentials for the right
+        // account.
+        if ((options === null || options === void 0 ? void 0 : options.assumeRoleArn) === undefined) {
+            if (baseCreds.source === 'incorrectDefault') {
+                throw new error_1.AuthenticationError(fmtObtainCredentialsError(env.account, baseCreds));
+            }
+            // Our current credentials must be valid and not expired. Confirm that before we get into doing
+            // actual CloudFormation calls, which might take a long time to hang.
+            const sdk = new sdk_1.SDK(baseCreds.credentials, env.region, this.requestHandler, this.logger);
+            await sdk.validateCredentials();
+            return { sdk, didAssumeRole: false };
+        }
+        try {
+            // We will proceed to AssumeRole using whatever we've been given.
+            const sdk = await this.withAssumedRole(baseCreds, options.assumeRoleArn, options.assumeRoleExternalId, options.assumeRoleAdditionalOptions, env.region);
+            return { sdk, didAssumeRole: true };
+        }
+        catch (err) {
+            if (err.name === 'ExpiredToken') {
+                throw err;
+            }
+            // AssumeRole failed. Proceed and warn *if and only if* the baseCredentials were already for the right account
+            // or returned from a plugin. This is to cover some current setups for people using plugins or preferring to
+            // feed the CLI credentials which are sufficient by themselves. Prefer to assume the correct role if we can,
+            // but if we can't then let's just try with available credentials anyway.
+            if (baseCreds.source === 'correctDefault' || baseCreds.source === 'plugin') {
+                (0, logging_1.debug)(err.message);
+                const logger = quiet ? logging_1.debug : logging_1.warning;
+                logger(`${fmtObtainedCredentials(baseCreds)} could not be used to assume '${options.assumeRoleArn}', but are for the right account. Proceeding anyway.`);
+                return {
+                    sdk: new sdk_1.SDK(baseCreds.credentials, env.region, this.requestHandler, this.logger),
+                    didAssumeRole: false,
+                };
+            }
+            throw err;
+        }
+    }
+    /**
+     * Return the partition that base credentials are for
+     *
+     * Returns `undefined` if there are no base credentials.
+     */
+    async baseCredentialsPartition(environment, mode) {
+        const env = await this.resolveEnvironment(environment);
+        const baseCreds = await this.obtainBaseCredentials(env.account, mode);
+        if (baseCreds.source === 'none') {
+            return undefined;
+        }
+        return (await new sdk_1.SDK(baseCreds.credentials, env.region, this.requestHandler, this.logger).currentAccount()).partition;
+    }
+    /**
+     * Resolve the environment for a stack
+     *
+     * Replaces the magic values `UNKNOWN_REGION` and `UNKNOWN_ACCOUNT`
+     * with the defaults for the current SDK configuration (`~/.aws/config` or
+     * otherwise).
+     *
+     * It is an error if `UNKNOWN_ACCOUNT` is used but the user hasn't configured
+     * any SDK credentials.
+     */
+    async resolveEnvironment(env) {
+        var _a;
+        const region = env.region !== cx_api_1.UNKNOWN_REGION ? env.region : this.defaultRegion;
+        const account = env.account !== cx_api_1.UNKNOWN_ACCOUNT ? env.account : (_a = (await this.defaultAccount())) === null || _a === void 0 ? void 0 : _a.accountId;
+        if (!account) {
+            throw new error_1.AuthenticationError('Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment');
+        }
+        return {
+            region,
+            account,
+            name: cx_api_1.EnvironmentUtils.format(account, region),
+        };
+    }
+    /**
+     * The account we'd auth into if we used default credentials.
+     *
+     * Default credentials are the set of ambiently configured credentials using
+     * one of the environment variables, or ~/.aws/credentials, or the *one*
+     * profile that was passed into the CLI.
+     *
+     * Might return undefined if there are no default/ambient credentials
+     * available (in which case the user should better hope they have
+     * credential plugins configured).
+     *
+     * Uses a cache to avoid STS calls if we don't need 'em.
+     */
+    async defaultAccount() {
+        return (0, cached_1.cached)(this, CACHED_ACCOUNT, async () => {
+            try {
+                return await new sdk_1.SDK(this.defaultCredentialProvider, this.defaultRegion, this.requestHandler, this.logger).currentAccount();
+            }
+            catch (e) {
+                // Treat 'ExpiredToken' specially. This is a common situation that people may find themselves in, and
+                // they are complaining about if we fail 'cdk synth' on them. We loudly complain in order to show that
+                // the current situation is probably undesirable, but we don't fail.
+                if (e.name === 'ExpiredToken') {
+                    (0, logging_1.warning)('There are expired AWS credentials in your environment. The CDK app will synth without current account information.');
+                    return undefined;
+                }
+                (0, logging_1.debug)(`Unable to determine the default AWS account (${e.name}): ${(0, error_2.formatErrorMessage)(e)}`);
+                return undefined;
+            }
+        });
+    }
+    /**
+     * Get credentials for the given account ID in the given mode
+     *
+     * 1. Use the default credentials if the destination account matches the
+     *    current credentials' account.
+     * 2. Otherwise try all credential plugins.
+     * 3. Fail if neither of these yield any credentials.
+     * 4. Return a failure if any of them returned credentials
+     */
+    async obtainBaseCredentials(accountId, mode) {
+        var _a;
+        // First try 'current' credentials
+        const defaultAccountId = (_a = (await this.defaultAccount())) === null || _a === void 0 ? void 0 : _a.accountId;
+        if (defaultAccountId === accountId) {
+            return {
+                source: 'correctDefault',
+                credentials: await this.defaultCredentialProvider,
+            };
+        }
+        // Then try the plugins
+        const pluginCreds = await this.plugins.fetchCredentialsFor(accountId, mode);
+        if (pluginCreds) {
+            return { source: 'plugin', ...pluginCreds };
+        }
+        // Fall back to default credentials with a note that they're not the right ones yet
+        if (defaultAccountId !== undefined) {
+            return {
+                source: 'incorrectDefault',
+                accountId: defaultAccountId,
+                credentials: await this.defaultCredentialProvider,
+                unusedPlugins: this.plugins.availablePluginNames,
+            };
+        }
+        // Apparently we didn't find any at all
+        return {
+            source: 'none',
+            unusedPlugins: this.plugins.availablePluginNames,
+        };
+    }
+    /**
+     * Return an SDK which uses assumed role credentials
+     *
+     * The base credentials used to retrieve the assumed role credentials will be the
+     * same credentials returned by obtainCredentials if an environment and mode is passed,
+     * otherwise it will be the current credentials.
+     */
+    async withAssumedRole(mainCredentials, roleArn, externalId, additionalOptions, region) {
+        (0, logging_1.debug)(`Assuming role '${roleArn}'.`);
+        region = region !== null && region !== void 0 ? region : this.defaultRegion;
+        const sourceDescription = fmtObtainedCredentials(mainCredentials);
+        try {
+            const credentials = await (0, provider_caching_1.makeCachingProvider)((0, credential_providers_1.fromTemporaryCredentials)({
+                masterCredentials: mainCredentials.credentials,
+                params: {
+                    RoleArn: roleArn,
+                    ExternalId: externalId,
+                    RoleSessionName: `aws-cdk-${safeUsername()}`,
+                    ...additionalOptions,
+                    TransitiveTagKeys: (additionalOptions === null || additionalOptions === void 0 ? void 0 : additionalOptions.Tags) ? additionalOptions.Tags.map((t) => t.Key) : undefined,
+                },
+                clientConfig: {
+                    region,
+                    requestHandler: this.requestHandler,
+                    customUserAgent: 'aws-cdk',
+                    logger: this.logger,
+                },
+                logger: this.logger,
+            }));
+            // Call the provider at least once here, to catch an error if it occurs
+            await credentials();
+            return new sdk_1.SDK(credentials, region, this.requestHandler, this.logger);
+        }
+        catch (err) {
+            if (err.name === 'ExpiredToken') {
+                throw err;
+            }
+            (0, logging_1.debug)(`Assuming role failed: ${err.message}`);
+            throw new error_1.AuthenticationError([
+                'Could not assume role in target account',
+                ...(sourceDescription ? [`using ${sourceDescription}`] : []),
+                err.message,
+                ". Please make sure that this role exists in the account. If it doesn't exist, (re)-bootstrap the environment " +
+                    "with the right '--trust', using the latest version of the CDK CLI.",
+            ].join(' '));
+        }
+    }
+};
+exports.SdkProvider = SdkProvider;
+exports.SdkProvider = SdkProvider = SdkProvider_1 = __decorate([
+    tracing_1.traceMemberMethods
+], SdkProvider);
+/**
+ * Return the username with characters invalid for a RoleSessionName removed
+ *
+ * @see https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html#API_AssumeRole_RequestParameters
+ */
+function safeUsername() {
+    try {
+        return os.userInfo().username.replace(/[^\w+=,.@-]/g, '@');
+    }
+    catch {
+        return 'noname';
+    }
+}
+/**
+ * Isolating the code that translates calculation errors into human error messages
+ *
+ * We cover the following cases:
+ *
+ * - No credentials are available at all
+ * - Default credentials are for the wrong account
+ */
+function fmtObtainCredentialsError(targetAccountId, obtainResult) {
+    const msg = [`Need to perform AWS calls for account ${targetAccountId}`];
+    switch (obtainResult.source) {
+        case 'incorrectDefault':
+            msg.push(`but the current credentials are for ${obtainResult.accountId}`);
+            break;
+        case 'none':
+            msg.push('but no credentials have been configured');
+    }
+    if (obtainResult.unusedPlugins.length > 0) {
+        msg.push(`and none of these plugins found any: ${obtainResult.unusedPlugins.join(', ')}`);
+    }
+    return msg.join(', ');
+}
+/**
+ * Format a message indicating where we got base credentials for the assume role
+ *
+ * We cover the following cases:
+ *
+ * - Default credentials for the right account
+ * - Default credentials for the wrong account
+ * - Credentials returned from a plugin
+ */
+function fmtObtainedCredentials(obtainResult) {
+    switch (obtainResult.source) {
+        case 'correctDefault':
+            return 'current credentials';
+        case 'plugin':
+            return `credentials returned by plugin '${obtainResult.pluginName}'`;
+        case 'incorrectDefault':
+            const msg = [];
+            msg.push(`current credentials (which are for account ${obtainResult.accountId}`);
+            if (obtainResult.unusedPlugins.length > 0) {
+                msg.push(`, and none of the following plugins provided credentials: ${obtainResult.unusedPlugins.join(', ')}`);
+            }
+            msg.push(')');
+            return msg.join('');
+    }
+}
+/**
+ * Instantiate an SDK for context providers. This function ensures that all
+ * lookup assume role options are used when context providers perform lookups.
+ */
+async function initContextProviderSdk(aws, options) {
+    const account = options.account;
+    const region = options.region;
+    const creds = {
+        assumeRoleArn: options.lookupRoleArn,
+        assumeRoleExternalId: options.lookupRoleExternalId,
+        assumeRoleAdditionalOptions: options.assumeRoleAdditionalOptions,
+    };
+    return (await aws.forEnvironment(cx_api_1.EnvironmentUtils.make(account, region), mode_1.Mode.ForReading, creds)).sdk;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2RrLXByb3ZpZGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsic2RrLXByb3ZpZGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7QUF3Z0JBLHdEQVdDO0FBbmhCRCx5QkFBeUI7QUFFekIsNENBQWlHO0FBRWpHLHdFQUF5RTtBQUd6RSwyREFBdUQ7QUFDdkQscUNBQWtDO0FBQ2xDLDZEQUF5RDtBQUN6RCx5REFBeUQ7QUFDekQsK0JBQTRCO0FBQzVCLHVDQUEwRDtBQUMxRCwyQ0FBK0M7QUFDL0MsK0NBQTBEO0FBQzFELDRDQUFzRDtBQUN0RCx5Q0FBc0M7QUE2Q3RDLE1BQU0sY0FBYyxHQUFHLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0FBNkJoRDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQXNCRztBQUVJLElBQU0sV0FBVyxtQkFBakIsTUFBTSxXQUFXO0lBQ3RCOzs7OztPQUtHO0lBQ0ksTUFBTSxDQUFDLEtBQUssQ0FBQyw0QkFBNEIsQ0FBQyxVQUE4QixFQUFFO1FBQy9FLElBQUEsbUJBQVMsRUFBQyxhQUFXLENBQUMsNEJBQTRCLENBQUMsSUFBSSxFQUFFLGFBQVcsQ0FBQyxXQUFXLENBQUMsSUFBSSxFQUFFLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN2RyxNQUFNLGtCQUFrQixHQUFHLE1BQU0sb0NBQWdCLENBQUMsc0JBQXNCLENBQUM7WUFDdkUsT0FBTyxFQUFFLE9BQU8sQ0FBQyxPQUFPO1lBQ3hCLFdBQVcsRUFBRSxPQUFPLENBQUMsV0FBVztZQUNoQyxNQUFNLEVBQUUsT0FBTyxDQUFDLE1BQU07U0FDdkIsQ0FBQyxDQUFDO1FBRUgsTUFBTSxNQUFNLEdBQUcsTUFBTSxvQ0FBZ0IsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzlELE1BQU0sY0FBYyxHQUFHLG9DQUFnQixDQUFDLHFCQUFxQixDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUNuRixPQUFPLElBQUksYUFBVyxDQUFDLGtCQUFrQixFQUFFLE1BQU0sRUFBRSxjQUFjLEVBQUUsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3JGLENBQUM7SUFJRCxZQUNtQix5QkFBd0Q7SUFDekU7O09BRUc7SUFDYSxhQUFxQixFQUNwQixpQkFBeUMsRUFBRSxFQUMzQyxNQUFlO1FBTmYsOEJBQXlCLEdBQXpCLHlCQUF5QixDQUErQjtRQUl6RCxrQkFBYSxHQUFiLGFBQWEsQ0FBUTtRQUNwQixtQkFBYyxHQUFkLGNBQWMsQ0FBNkI7UUFDM0MsV0FBTSxHQUFOLE1BQU0sQ0FBUztRQVRqQixZQUFPLEdBQUcsSUFBSSxzQ0FBaUIsRUFBRSxDQUFDO0lBVWhELENBQUM7SUFFSjs7OztPQUlHO0lBQ0ksS0FBSyxDQUFDLGNBQWMsQ0FDekIsV0FBd0IsRUFDeEIsSUFBVSxFQUNWLE9BQTRCLEVBQzVCLEtBQUssR0FBRyxLQUFLO1FBRWIsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsa0JBQWtCLENBQUMsV0FBVyxDQUFDLENBQUM7UUFFdkQsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMscUJBQXFCLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsQ0FBQztRQUV0RSxtREFBbUQ7UUFDbkQsSUFBSSxTQUFTLENBQUMsTUFBTSxLQUFLLE1BQU0sRUFBRSxDQUFDO1lBQ2hDLE1BQU0sSUFBSSwyQkFBbUIsQ0FBQyx5QkFBeUIsQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLFNBQVMsQ0FBQyxDQUFDLENBQUM7UUFDbkYsQ0FBQztRQUVELDBHQUEwRztRQUMxRyxXQUFXO1FBQ1gsSUFBSSxDQUFBLE9BQU8sYUFBUCxPQUFPLHVCQUFQLE9BQU8sQ0FBRSxhQUFhLE1BQUssU0FBUyxFQUFFLENBQUM7WUFDekMsSUFBSSxTQUFTLENBQUMsTUFBTSxLQUFLLGtCQUFrQixFQUFFLENBQUM7Z0JBQzVDLE1BQU0sSUFBSSwyQkFBbUIsQ0FBQyx5QkFBeUIsQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLFNBQVMsQ0FBQyxDQUFDLENBQUM7WUFDbkYsQ0FBQztZQUVELCtGQUErRjtZQUMvRixxRUFBcUU7WUFDckUsTUFBTSxHQUFHLEdBQUcsSUFBSSxTQUFHLENBQUMsU0FBUyxDQUFDLFdBQVcsRUFBRSxHQUFHLENBQUMsTUFBTSxFQUFFLElBQUksQ0FBQyxjQUFjLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ3pGLE1BQU0sR0FBRyxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDaEMsT0FBTyxFQUFFLEdBQUcsRUFBRSxhQUFhLEVBQUUsS0FBSyxFQUFFLENBQUM7UUFDdkMsQ0FBQztRQUVELElBQUksQ0FBQztZQUNILGlFQUFpRTtZQUNqRSxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxlQUFlLENBQ3BDLFNBQVMsRUFDVCxPQUFPLENBQUMsYUFBYSxFQUNyQixPQUFPLENBQUMsb0JBQW9CLEVBQzVCLE9BQU8sQ0FBQywyQkFBMkIsRUFDbkMsR0FBRyxDQUFDLE1BQU0sQ0FDWCxDQUFDO1lBRUYsT0FBTyxFQUFFLEdBQUcsRUFBRSxhQUFhLEVBQUUsSUFBSSxFQUFFLENBQUM7UUFDdEMsQ0FBQztRQUFDLE9BQU8sR0FBUSxFQUFFLENBQUM7WUFDbEIsSUFBSSxHQUFHLENBQUMsSUFBSSxLQUFLLGNBQWMsRUFBRSxDQUFDO2dCQUNoQyxNQUFNLEdBQUcsQ0FBQztZQUNaLENBQUM7WUFFRCw4R0FBOEc7WUFDOUcsNEdBQTRHO1lBQzVHLDRHQUE0RztZQUM1Ryx5RUFBeUU7WUFDekUsSUFBSSxTQUFTLENBQUMsTUFBTSxLQUFLLGdCQUFnQixJQUFJLFNBQVMsQ0FBQyxNQUFNLEtBQUssUUFBUSxFQUFFLENBQUM7Z0JBQzNFLElBQUEsZUFBSyxFQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsQ0FBQztnQkFDbkIsTUFBTSxNQUFNLEdBQUcsS0FBSyxDQUFDLENBQUMsQ0FBQyxlQUFLLENBQUMsQ0FBQyxDQUFDLGlCQUFPLENBQUM7Z0JBQ3ZDLE1BQU0sQ0FDSixHQUFHLHNCQUFzQixDQUFDLFNBQVMsQ0FBQyxpQ0FBaUMsT0FBTyxDQUFDLGFBQWEsc0RBQXNELENBQ2pKLENBQUM7Z0JBQ0YsT0FBTztvQkFDTCxHQUFHLEVBQUUsSUFBSSxTQUFHLENBQUMsU0FBUyxDQUFDLFdBQVcsRUFBRSxHQUFHLENBQUMsTUFBTSxFQUFFLElBQUksQ0FBQyxjQUFjLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQztvQkFDakYsYUFBYSxFQUFFLEtBQUs7aUJBQ3JCLENBQUM7WUFDSixDQUFDO1lBRUQsTUFBTSxHQUFHLENBQUM7UUFDWixDQUFDO0lBQ0gsQ0FBQztJQUVEOzs7O09BSUc7SUFDSSxLQUFLLENBQUMsd0JBQXdCLENBQUMsV0FBd0IsRUFBRSxJQUFVO1FBQ3hFLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLGtCQUFrQixDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQ3ZELE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLHFCQUFxQixDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDdEUsSUFBSSxTQUFTLENBQUMsTUFBTSxLQUFLLE1BQU0sRUFBRSxDQUFDO1lBQ2hDLE9BQU8sU0FBUyxDQUFDO1FBQ25CLENBQUM7UUFDRCxPQUFPLENBQUMsTUFBTSxJQUFJLFNBQUcsQ0FBQyxTQUFTLENBQUMsV0FBVyxFQUFFLEdBQUcsQ0FBQyxNQUFNLEVBQUUsSUFBSSxDQUFDLGNBQWMsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUMsY0FBYyxFQUFFLENBQUMsQ0FBQyxTQUFTLENBQUM7SUFDekgsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNJLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxHQUFnQjs7UUFDOUMsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLE1BQU0sS0FBSyx1QkFBYyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDO1FBQy9FLE1BQU0sT0FBTyxHQUFHLEdBQUcsQ0FBQyxPQUFPLEtBQUssd0JBQWUsQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsTUFBQSxDQUFDLE1BQU0sSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDLDBDQUFFLFNBQVMsQ0FBQztRQUV6RyxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDYixNQUFNLElBQUksMkJBQW1CLENBQzNCLCtIQUErSCxDQUNoSSxDQUFDO1FBQ0osQ0FBQztRQUVELE9BQU87WUFDTCxNQUFNO1lBQ04sT0FBTztZQUNQLElBQUksRUFBRSx5QkFBZ0IsQ0FBQyxNQUFNLENBQUMsT0FBTyxFQUFFLE1BQU0sQ0FBQztTQUMvQyxDQUFDO0lBQ0osQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7T0FZRztJQUNJLEtBQUssQ0FBQyxjQUFjO1FBQ3pCLE9BQU8sSUFBQSxlQUFNLEVBQUMsSUFBSSxFQUFFLGNBQWMsRUFBRSxLQUFLLElBQUksRUFBRTtZQUM3QyxJQUFJLENBQUM7Z0JBQ0gsT0FBTyxNQUFNLElBQUksU0FBRyxDQUFDLElBQUksQ0FBQyx5QkFBeUIsRUFBRSxJQUFJLENBQUMsYUFBYSxFQUFFLElBQUksQ0FBQyxjQUFjLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBQzlILENBQUM7WUFBQyxPQUFPLENBQU0sRUFBRSxDQUFDO2dCQUNoQixxR0FBcUc7Z0JBQ3JHLHNHQUFzRztnQkFDdEcsb0VBQW9FO2dCQUNwRSxJQUFJLENBQUMsQ0FBQyxJQUFJLEtBQUssY0FBYyxFQUFFLENBQUM7b0JBQzlCLElBQUEsaUJBQU8sRUFDTCxvSEFBb0gsQ0FDckgsQ0FBQztvQkFDRixPQUFPLFNBQVMsQ0FBQztnQkFDbkIsQ0FBQztnQkFFRCxJQUFBLGVBQUssRUFBQyxnREFBZ0QsQ0FBQyxDQUFDLElBQUksTUFBTSxJQUFBLDBCQUFrQixFQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQztnQkFDM0YsT0FBTyxTQUFTLENBQUM7WUFDbkIsQ0FBQztRQUNILENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVEOzs7Ozs7OztPQVFHO0lBQ0ssS0FBSyxDQUFDLHFCQUFxQixDQUFDLFNBQWlCLEVBQUUsSUFBVTs7UUFDL0Qsa0NBQWtDO1FBQ2xDLE1BQU0sZ0JBQWdCLEdBQUcsTUFBQSxDQUFDLE1BQU0sSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDLDBDQUFFLFNBQVMsQ0FBQztRQUNsRSxJQUFJLGdCQUFnQixLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ25DLE9BQU87Z0JBQ0wsTUFBTSxFQUFFLGdCQUFnQjtnQkFDeEIsV0FBVyxFQUFFLE1BQU0sSUFBSSxDQUFDLHlCQUF5QjthQUNsRCxDQUFDO1FBQ0osQ0FBQztRQUVELHVCQUF1QjtRQUN2QixNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxPQUFPLENBQUMsbUJBQW1CLENBQUMsU0FBUyxFQUFFLElBQUksQ0FBQyxDQUFDO1FBQzVFLElBQUksV0FBVyxFQUFFLENBQUM7WUFDaEIsT0FBTyxFQUFFLE1BQU0sRUFBRSxRQUFRLEVBQUUsR0FBRyxXQUFXLEVBQUUsQ0FBQztRQUM5QyxDQUFDO1FBRUQsbUZBQW1GO1FBQ25GLElBQUksZ0JBQWdCLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDbkMsT0FBTztnQkFDTCxNQUFNLEVBQUUsa0JBQWtCO2dCQUMxQixTQUFTLEVBQUUsZ0JBQWdCO2dCQUMzQixXQUFXLEVBQUUsTUFBTSxJQUFJLENBQUMseUJBQXlCO2dCQUNqRCxhQUFhLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxvQkFBb0I7YUFDakQsQ0FBQztRQUNKLENBQUM7UUFFRCx1Q0FBdUM7UUFDdkMsT0FBTztZQUNMLE1BQU0sRUFBRSxNQUFNO1lBQ2QsYUFBYSxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsb0JBQW9CO1NBQ2pELENBQUM7SUFDSixDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ssS0FBSyxDQUFDLGVBQWUsQ0FDM0IsZUFBeUUsRUFDekUsT0FBZSxFQUNmLFVBQW1CLEVBQ25CLGlCQUErQyxFQUMvQyxNQUFlO1FBRWYsSUFBQSxlQUFLLEVBQUMsa0JBQWtCLE9BQU8sSUFBSSxDQUFDLENBQUM7UUFFckMsTUFBTSxHQUFHLE1BQU0sYUFBTixNQUFNLGNBQU4sTUFBTSxHQUFJLElBQUksQ0FBQyxhQUFhLENBQUM7UUFFdEMsTUFBTSxpQkFBaUIsR0FBRyxzQkFBc0IsQ0FBQyxlQUFlLENBQUMsQ0FBQztRQUVsRSxJQUFJLENBQUM7WUFDSCxNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUEsc0NBQW1CLEVBQUMsSUFBQSwrQ0FBd0IsRUFBQztnQkFDckUsaUJBQWlCLEVBQUUsZUFBZSxDQUFDLFdBQVc7Z0JBQzlDLE1BQU0sRUFBRTtvQkFDTixPQUFPLEVBQUUsT0FBTztvQkFDaEIsVUFBVSxFQUFFLFVBQVU7b0JBQ3RCLGVBQWUsRUFBRSxXQUFXLFlBQVksRUFBRSxFQUFFO29CQUM1QyxHQUFHLGlCQUFpQjtvQkFDcEIsaUJBQWlCLEVBQUUsQ0FBQSxpQkFBaUIsYUFBakIsaUJBQWlCLHVCQUFqQixpQkFBaUIsQ0FBRSxJQUFJLEVBQUMsQ0FBQyxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxHQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUztpQkFDbkc7Z0JBQ0QsWUFBWSxFQUFFO29CQUNaLE1BQU07b0JBQ04sY0FBYyxFQUFFLElBQUksQ0FBQyxjQUFjO29CQUNuQyxlQUFlLEVBQUUsU0FBUztvQkFDMUIsTUFBTSxFQUFFLElBQUksQ0FBQyxNQUFNO2lCQUNwQjtnQkFDRCxNQUFNLEVBQUUsSUFBSSxDQUFDLE1BQU07YUFDcEIsQ0FBQyxDQUFDLENBQUM7WUFFSix1RUFBdUU7WUFDdkUsTUFBTSxXQUFXLEVBQUUsQ0FBQztZQUVwQixPQUFPLElBQUksU0FBRyxDQUFDLFdBQVcsRUFBRSxNQUFNLEVBQUUsSUFBSSxDQUFDLGNBQWMsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDeEUsQ0FBQztRQUFDLE9BQU8sR0FBUSxFQUFFLENBQUM7WUFDbEIsSUFBSSxHQUFHLENBQUMsSUFBSSxLQUFLLGNBQWMsRUFBRSxDQUFDO2dCQUNoQyxNQUFNLEdBQUcsQ0FBQztZQUNaLENBQUM7WUFFRCxJQUFBLGVBQUssRUFBQyx5QkFBeUIsR0FBRyxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7WUFDOUMsTUFBTSxJQUFJLDJCQUFtQixDQUMzQjtnQkFDRSx5Q0FBeUM7Z0JBQ3pDLEdBQUcsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTLGlCQUFpQixFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDO2dCQUM1RCxHQUFHLENBQUMsT0FBTztnQkFDWCwrR0FBK0c7b0JBQzdHLG9FQUFvRTthQUN2RSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FDWixDQUFDO1FBQ0osQ0FBQztJQUNILENBQUM7Q0FDRixDQUFBO0FBdlJZLGtDQUFXO3NCQUFYLFdBQVc7SUFEdkIsNEJBQWtCO0dBQ04sV0FBVyxDQXVSdkI7QUFvQkQ7Ozs7R0FJRztBQUNILFNBQVMsWUFBWTtJQUNuQixJQUFJLENBQUM7UUFDSCxPQUFPLEVBQUUsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLGNBQWMsRUFBRSxHQUFHLENBQUMsQ0FBQztJQUM3RCxDQUFDO0lBQUMsTUFBTSxDQUFDO1FBQ1AsT0FBTyxRQUFRLENBQUM7SUFDbEIsQ0FBQztBQUNILENBQUM7QUFvQ0Q7Ozs7Ozs7R0FPRztBQUNILFNBQVMseUJBQXlCLENBQ2hDLGVBQXVCLEVBQ3ZCLFlBRUM7SUFFRCxNQUFNLEdBQUcsR0FBRyxDQUFDLHlDQUF5QyxlQUFlLEVBQUUsQ0FBQyxDQUFDO0lBQ3pFLFFBQVEsWUFBWSxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBQzVCLEtBQUssa0JBQWtCO1lBQ3JCLEdBQUcsQ0FBQyxJQUFJLENBQUMsdUNBQXVDLFlBQVksQ0FBQyxTQUFTLEVBQUUsQ0FBQyxDQUFDO1lBQzFFLE1BQU07UUFDUixLQUFLLE1BQU07WUFDVCxHQUFHLENBQUMsSUFBSSxDQUFDLHlDQUF5QyxDQUFDLENBQUM7SUFDeEQsQ0FBQztJQUNELElBQUksWUFBWSxDQUFDLGFBQWEsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7UUFDMUMsR0FBRyxDQUFDLElBQUksQ0FBQyx3Q0FBd0MsWUFBWSxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQzVGLENBQUM7SUFDRCxPQUFPLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUM7QUFDeEIsQ0FBQztBQUVEOzs7Ozs7OztHQVFHO0FBQ0gsU0FBUyxzQkFBc0IsQ0FBQyxZQUFzRTtJQUNwRyxRQUFRLFlBQVksQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUM1QixLQUFLLGdCQUFnQjtZQUNuQixPQUFPLHFCQUFxQixDQUFDO1FBQy9CLEtBQUssUUFBUTtZQUNYLE9BQU8sbUNBQW1DLFlBQVksQ0FBQyxVQUFVLEdBQUcsQ0FBQztRQUN2RSxLQUFLLGtCQUFrQjtZQUNyQixNQUFNLEdBQUcsR0FBRyxFQUFFLENBQUM7WUFDZixHQUFHLENBQUMsSUFBSSxDQUFDLDhDQUE4QyxZQUFZLENBQUMsU0FBUyxFQUFFLENBQUMsQ0FBQztZQUVqRixJQUFJLFlBQVksQ0FBQyxhQUFhLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUMxQyxHQUFHLENBQUMsSUFBSSxDQUFDLDZEQUE2RCxZQUFZLENBQUMsYUFBYSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDakgsQ0FBQztZQUNELEdBQUcsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUM7WUFFZCxPQUFPLEdBQUcsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDeEIsQ0FBQztBQUNILENBQUM7QUFFRDs7O0dBR0c7QUFDSSxLQUFLLFVBQVUsc0JBQXNCLENBQUMsR0FBZ0IsRUFBRSxPQUFpQztJQUM5RixNQUFNLE9BQU8sR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDO0lBQ2hDLE1BQU0sTUFBTSxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUM7SUFFOUIsTUFBTSxLQUFLLEdBQXVCO1FBQ2hDLGFBQWEsRUFBRSxPQUFPLENBQUMsYUFBYTtRQUNwQyxvQkFBb0IsRUFBRSxPQUFPLENBQUMsb0JBQW9CO1FBQ2xELDJCQUEyQixFQUFFLE9BQU8sQ0FBQywyQkFBMkI7S0FDakUsQ0FBQztJQUVGLE9BQU8sQ0FBQyxNQUFNLEdBQUcsQ0FBQyxjQUFjLENBQUMseUJBQWdCLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsRUFBRSxXQUFJLENBQUMsVUFBVSxFQUFFLEtBQUssQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDO0FBQ3hHLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgKiBhcyBvcyBmcm9tICdvcyc7XG5pbXBvcnQgeyBDb250ZXh0TG9va3VwUm9sZU9wdGlvbnMgfSBmcm9tICdAYXdzLWNkay9jbG91ZC1hc3NlbWJseS1zY2hlbWEnO1xuaW1wb3J0IHsgRW52aXJvbm1lbnQsIEVudmlyb25tZW50VXRpbHMsIFVOS05PV05fQUNDT1VOVCwgVU5LTk9XTl9SRUdJT04gfSBmcm9tICdAYXdzLWNkay9jeC1hcGknO1xuaW1wb3J0IHsgQXNzdW1lUm9sZUNvbW1hbmRJbnB1dCB9IGZyb20gJ0Bhd3Mtc2RrL2NsaWVudC1zdHMnO1xuaW1wb3J0IHsgZnJvbVRlbXBvcmFyeUNyZWRlbnRpYWxzIH0gZnJvbSAnQGF3cy1zZGsvY3JlZGVudGlhbC1wcm92aWRlcnMnO1xuaW1wb3J0IHR5cGUgeyBOb2RlSHR0cEhhbmRsZXJPcHRpb25zIH0gZnJvbSAnQHNtaXRoeS9ub2RlLWh0dHAtaGFuZGxlcic7XG5pbXBvcnQgeyBBd3NDcmVkZW50aWFsSWRlbnRpdHlQcm92aWRlciwgTG9nZ2VyIH0gZnJvbSAnQHNtaXRoeS90eXBlcyc7XG5pbXBvcnQgeyBBd3NDbGlDb21wYXRpYmxlIH0gZnJvbSAnLi9hd3NjbGktY29tcGF0aWJsZSc7XG5pbXBvcnQgeyBjYWNoZWQgfSBmcm9tICcuL2NhY2hlZCc7XG5pbXBvcnQgeyBDcmVkZW50aWFsUGx1Z2lucyB9IGZyb20gJy4vY3JlZGVudGlhbC1wbHVnaW5zJztcbmltcG9ydCB7IG1ha2VDYWNoaW5nUHJvdmlkZXIgfSBmcm9tICcuL3Byb3ZpZGVyLWNhY2hpbmcnO1xuaW1wb3J0IHsgU0RLIH0gZnJvbSAnLi9zZGsnO1xuaW1wb3J0IHsgY2FsbFRyYWNlLCB0cmFjZU1lbWJlck1ldGhvZHMgfSBmcm9tICcuL3RyYWNpbmcnO1xuaW1wb3J0IHsgZGVidWcsIHdhcm5pbmcgfSBmcm9tICcuLi8uLi9sb2dnaW5nJztcbmltcG9ydCB7IEF1dGhlbnRpY2F0aW9uRXJyb3IgfSBmcm9tICcuLi8uLi90b29sa2l0L2Vycm9yJztcbmltcG9ydCB7IGZvcm1hdEVycm9yTWVzc2FnZSB9IGZyb20gJy4uLy4uL3V0aWwvZXJyb3InO1xuaW1wb3J0IHsgTW9kZSB9IGZyb20gJy4uL3BsdWdpbi9tb2RlJztcblxuZXhwb3J0IHR5cGUgQXNzdW1lUm9sZUFkZGl0aW9uYWxPcHRpb25zID0gUGFydGlhbDxPbWl0PEFzc3VtZVJvbGVDb21tYW5kSW5wdXQsICdFeHRlcm5hbElkJyB8ICdSb2xlQXJuJz4+O1xuXG4vKipcbiAqIE9wdGlvbnMgZm9yIHRoZSBkZWZhdWx0IFNESyBwcm92aWRlclxuICovXG5leHBvcnQgaW50ZXJmYWNlIFNka1Byb3ZpZGVyT3B0aW9ucyB7XG4gIC8qKlxuICAgKiBQcm9maWxlIHRvIHJlYWQgZnJvbSB+Ly5hd3NcbiAgICpcbiAgICogQGRlZmF1bHQgLSBObyBwcm9maWxlXG4gICAqL1xuICByZWFkb25seSBwcm9maWxlPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBIVFRQIG9wdGlvbnMgZm9yIFNES1xuICAgKi9cbiAgcmVhZG9ubHkgaHR0cE9wdGlvbnM/OiBTZGtIdHRwT3B0aW9ucztcblxuICAvKipcbiAgICogVGhlIGxvZ2dlciBmb3Igc2RrIGNhbGxzLlxuICAgKi9cbiAgcmVhZG9ubHkgbG9nZ2VyPzogTG9nZ2VyO1xufVxuXG4vKipcbiAqIE9wdGlvbnMgZm9yIGluZGl2aWR1YWwgU0RLc1xuICovXG5leHBvcnQgaW50ZXJmYWNlIFNka0h0dHBPcHRpb25zIHtcbiAgLyoqXG4gICAqIFByb3h5IGFkZHJlc3MgdG8gdXNlXG4gICAqXG4gICAqIEBkZWZhdWx0IE5vIHByb3h5XG4gICAqL1xuICByZWFkb25seSBwcm94eUFkZHJlc3M/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIEEgcGF0aCB0byBhIGNlcnRpZmljYXRlIGJ1bmRsZSB0aGF0IGNvbnRhaW5zIGEgY2VydCB0byBiZSB0cnVzdGVkLlxuICAgKlxuICAgKiBAZGVmYXVsdCBObyBjZXJ0aWZpY2F0ZSBidW5kbGVcbiAgICovXG4gIHJlYWRvbmx5IGNhQnVuZGxlUGF0aD86IHN0cmluZztcbn1cblxuY29uc3QgQ0FDSEVEX0FDQ09VTlQgPSBTeW1ib2woJ2NhY2hlZF9hY2NvdW50Jyk7XG5cbi8qKlxuICogU0RLIGNvbmZpZ3VyYXRpb24gZm9yIGEgZ2l2ZW4gZW52aXJvbm1lbnRcbiAqICdmb3JFbnZpcm9ubWVudCcgd2lsbCBhdHRlbXB0IHRvIGFzc3VtZSBhIHJvbGUgYW5kIGlmIGl0XG4gKiBpcyBub3Qgc3VjY2Vzc2Z1bCwgdGhlbiBpdCB3aWxsIGVpdGhlcjpcbiAqICAgMS4gQ2hlY2sgdG8gc2VlIGlmIHRoZSBkZWZhdWx0IGNyZWRlbnRpYWxzIChsb2NhbCBjcmVkZW50aWFscyB0aGUgQ0xJIHdhcyBleGVjdXRlZCB3aXRoKVxuICogICAgICBhcmUgZm9yIHRoZSBnaXZlbiBlbnZpcm9ubWVudC4gSWYgdGhleSBhcmUgdGhlbiByZXR1cm4gdGhvc2UuXG4gKiAgIDIuIElmIHRoZSBkZWZhdWx0IGNyZWRlbnRpYWxzIGFyZSBub3QgZm9yIHRoZSBnaXZlbiBlbnZpcm9ubWVudCB0aGVuXG4gKiAgICAgIHRocm93IGFuIGVycm9yXG4gKlxuICogJ2RpZEFzc3VtZVJvbGUnIGFsbG93cyBjYWxsZXJzIHRvIHdoZXRoZXIgdGhleSBhcmUgcmVjZWl2aW5nIHRoZSBhc3N1bWUgcm9sZVxuICogY3JlZGVudGlhbHMgb3IgdGhlIGRlZmF1bHQgY3JlZGVudGlhbHMuXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgU2RrRm9yRW52aXJvbm1lbnQge1xuICAvKipcbiAgICogVGhlIFNESyBmb3IgdGhlIGdpdmVuIGVudmlyb25tZW50XG4gICAqL1xuICByZWFkb25seSBzZGs6IFNESztcblxuICAvKipcbiAgICogV2hldGhlciBvciBub3QgdGhlIGFzc3VtZSByb2xlIHdhcyBzdWNjZXNzZnVsLlxuICAgKiBJZiB0aGUgYXNzdW1lIHJvbGUgd2FzIG5vdCBzdWNjZXNzZnVsIChmYWxzZSlcbiAgICogdGhlbiB0aGF0IG1lYW5zIHRoYXQgdGhlICdzZGsnIHJldHVybmVkIGNvbnRhaW5zXG4gICAqIHRoZSBkZWZhdWx0IGNyZWRlbnRpYWxzIChub3QgdGhlIGFzc3VtZSByb2xlIGNyZWRlbnRpYWxzKVxuICAgKi9cbiAgcmVhZG9ubHkgZGlkQXNzdW1lUm9sZTogYm9vbGVhbjtcbn1cblxuLyoqXG4gKiBDcmVhdGVzIGluc3RhbmNlcyBvZiB0aGUgQVdTIFNESyBhcHByb3ByaWF0ZSBmb3IgYSBnaXZlbiBhY2NvdW50L3JlZ2lvbi5cbiAqXG4gKiBCZWhhdmlvciBpcyBhcyBmb2xsb3dzOlxuICpcbiAqIC0gRmlyc3QsIGEgc2V0IG9mIFwiYmFzZVwiIGNyZWRlbnRpYWxzIGFyZSBlc3RhYmxpc2hlZFxuICogICAtIElmIGEgdGFyZ2V0IGVudmlyb25tZW50IGlzIGdpdmVuIGFuZCB0aGUgZGVmYXVsdCAoXCJjdXJyZW50XCIpIFNESyBjcmVkZW50aWFscyBhcmUgZm9yXG4gKiAgICAgdGhhdCBhY2NvdW50LCByZXR1cm4gdGhvc2U7IG90aGVyd2lzZVxuICogICAtIElmIGEgdGFyZ2V0IGVudmlyb25tZW50IGlzIGdpdmVuLCBzY2FuIGFsbCBjcmVkZW50aWFsIHByb3ZpZGVyIHBsdWdpbnNcbiAqICAgICBmb3IgY3JlZGVudGlhbHMsIGFuZCByZXR1cm4gdGhvc2UgaWYgZm91bmQ7IG90aGVyd2lzZVxuICogICAtIFJldHVybiBkZWZhdWx0IChcImN1cnJlbnRcIikgU0RLIGNyZWRlbnRpYWxzLCBub3RpbmcgdGhhdCB0aGV5IG1pZ2h0IGJlIHdyb25nLlxuICpcbiAqIC0gU2Vjb25kLCBhIHJvbGUgbWF5IG9wdGlvbmFsbHkgbmVlZCB0byBiZSBhc3N1bWVkLiBVc2UgdGhlIGJhc2UgY3JlZGVudGlhbHNcbiAqICAgZXN0YWJsaXNoZWQgaW4gdGhlIHByZXZpb3VzIHByb2Nlc3MgdG8gYXNzdW1lIHRoYXQgcm9sZS5cbiAqICAgLSBJZiBhc3N1bWluZyB0aGUgcm9sZSBmYWlscyBhbmQgdGhlIGJhc2UgY3JlZGVudGlhbHMgYXJlIGZvciB0aGUgY29ycmVjdFxuICogICAgIGFjY291bnQsIHJldHVybiB0aG9zZS4gVGhpcyBpcyBhIGZhbGxiYWNrIGZvciBwZW9wbGUgd2hvIGFyZSB0cnlpbmcgdG8gaW50ZXJhY3RcbiAqICAgICB3aXRoIGEgRGVmYXVsdCBTeW50aGVzaXplZCBzdGFjayBhbmQgYWxyZWFkeSBoYXZlIHJpZ2h0IGNyZWRlbnRpYWxzIHNldHVwLlxuICpcbiAqICAgICBUeXBpY2FsIGNhc2VzIHdlIHNlZSBpbiB0aGUgd2lsZDpcbiAqICAgICAtIENyZWRlbnRpYWwgcGx1Z2luIHNldHVwIHRoYXQsIGFsdGhvdWdoIG5vdCByZWNvbW1lbmRlZCwgd29ya3MgZm9yIHRoZW1cbiAqICAgICAtIFNlZWRlZCB0ZXJtaW5hbCB3aXRoIGBSZWFkT25seWAgY3JlZGVudGlhbHMgaW4gb3JkZXIgdG8gZG8gYGNkayBkaWZmYC0tdGhlIGBSZWFkT25seWBcbiAqICAgICAgIHJvbGUgZG9lc24ndCBoYXZlIGBzdHM6QXNzdW1lUm9sZWAgYW5kIHdpbGwgZmFpbCBmb3Igbm8gcmVhbCBnb29kIHJlYXNvbi5cbiAqL1xuQHRyYWNlTWVtYmVyTWV0aG9kc1xuZXhwb3J0IGNsYXNzIFNka1Byb3ZpZGVyIHtcbiAgLyoqXG4gICAqIENyZWF0ZSBhIG5ldyBTZGtQcm92aWRlciB3aGljaCBnZXRzIGl0cyBkZWZhdWx0cyBpbiBhIHdheSB0aGF0IGJlaGF2ZXMgbGlrZSB0aGUgQVdTIENMSSBkb2VzXG4gICAqXG4gICAqIFRoZSBBV1MgU0RLIGZvciBKUyBiZWhhdmVzIHNsaWdodGx5IGRpZmZlcmVudGx5IGZyb20gdGhlIEFXUyBDTEkgaW4gYSBudW1iZXIgb2Ygd2F5czsgc2VlIHRoZVxuICAgKiBjbGFzcyBgQXdzQ2xpQ29tcGF0aWJsZWAgZm9yIHRoZSBkZXRhaWxzLlxuICAgKi9cbiAgcHVibGljIHN0YXRpYyBhc3luYyB3aXRoQXdzQ2xpQ29tcGF0aWJsZURlZmF1bHRzKG9wdGlvbnM6IFNka1Byb3ZpZGVyT3B0aW9ucyA9IHt9KSB7XG4gICAgY2FsbFRyYWNlKFNka1Byb3ZpZGVyLndpdGhBd3NDbGlDb21wYXRpYmxlRGVmYXVsdHMubmFtZSwgU2RrUHJvdmlkZXIuY29uc3RydWN0b3IubmFtZSwgb3B0aW9ucy5sb2dnZXIpO1xuICAgIGNvbnN0IGNyZWRlbnRpYWxQcm92aWRlciA9IGF3YWl0IEF3c0NsaUNvbXBhdGlibGUuY3JlZGVudGlhbENoYWluQnVpbGRlcih7XG4gICAgICBwcm9maWxlOiBvcHRpb25zLnByb2ZpbGUsXG4gICAgICBodHRwT3B0aW9uczogb3B0aW9ucy5odHRwT3B0aW9ucyxcbiAgICAgIGxvZ2dlcjogb3B0aW9ucy5sb2dnZXIsXG4gICAgfSk7XG5cbiAgICBjb25zdCByZWdpb24gPSBhd2FpdCBBd3NDbGlDb21wYXRpYmxlLnJlZ2lvbihvcHRpb25zLnByb2ZpbGUpO1xuICAgIGNvbnN0IHJlcXVlc3RIYW5kbGVyID0gQXdzQ2xpQ29tcGF0aWJsZS5yZXF1ZXN0SGFuZGxlckJ1aWxkZXIob3B0aW9ucy5odHRwT3B0aW9ucyk7XG4gICAgcmV0dXJuIG5ldyBTZGtQcm92aWRlcihjcmVkZW50aWFsUHJvdmlkZXIsIHJlZ2lvbiwgcmVxdWVzdEhhbmRsZXIsIG9wdGlvbnMubG9nZ2VyKTtcbiAgfVxuXG4gIHByaXZhdGUgcmVhZG9ubHkgcGx1Z2lucyA9IG5ldyBDcmVkZW50aWFsUGx1Z2lucygpO1xuXG4gIHB1YmxpYyBjb25zdHJ1Y3RvcihcbiAgICBwcml2YXRlIHJlYWRvbmx5IGRlZmF1bHRDcmVkZW50aWFsUHJvdmlkZXI6IEF3c0NyZWRlbnRpYWxJZGVudGl0eVByb3ZpZGVyLFxuICAgIC8qKlxuICAgICAqIERlZmF1bHQgcmVnaW9uXG4gICAgICovXG4gICAgcHVibGljIHJlYWRvbmx5IGRlZmF1bHRSZWdpb246IHN0cmluZyxcbiAgICBwcml2YXRlIHJlYWRvbmx5IHJlcXVlc3RIYW5kbGVyOiBOb2RlSHR0cEhhbmRsZXJPcHRpb25zID0ge30sXG4gICAgcHJpdmF0ZSByZWFkb25seSBsb2dnZXI/OiBMb2dnZXIsXG4gICkge31cblxuICAvKipcbiAgICogUmV0dXJuIGFuIFNESyB3aGljaCBjYW4gZG8gb3BlcmF0aW9ucyBpbiB0aGUgZ2l2ZW4gZW52aXJvbm1lbnRcbiAgICpcbiAgICogVGhlIGBlbnZpcm9ubWVudGAgcGFyYW1ldGVyIGlzIHJlc29sdmVkIGZpcnN0IChzZWUgYHJlc29sdmVFbnZpcm9ubWVudCgpYCkuXG4gICAqL1xuICBwdWJsaWMgYXN5bmMgZm9yRW52aXJvbm1lbnQoXG4gICAgZW52aXJvbm1lbnQ6IEVudmlyb25tZW50LFxuICAgIG1vZGU6IE1vZGUsXG4gICAgb3B0aW9ucz86IENyZWRlbnRpYWxzT3B0aW9ucyxcbiAgICBxdWlldCA9IGZhbHNlLFxuICApOiBQcm9taXNlPFNka0ZvckVudmlyb25tZW50PiB7XG4gICAgY29uc3QgZW52ID0gYXdhaXQgdGhpcy5yZXNvbHZlRW52aXJvbm1lbnQoZW52aXJvbm1lbnQpO1xuXG4gICAgY29uc3QgYmFzZUNyZWRzID0gYXdhaXQgdGhpcy5vYnRhaW5CYXNlQ3JlZGVudGlhbHMoZW52LmFjY291bnQsIG1vZGUpO1xuXG4gICAgLy8gQXQgdGhpcyBwb2ludCwgd2UgbmVlZCBhdCBsZWFzdCBTT01FIGNyZWRlbnRpYWxzXG4gICAgaWYgKGJhc2VDcmVkcy5zb3VyY2UgPT09ICdub25lJykge1xuICAgICAgdGhyb3cgbmV3IEF1dGhlbnRpY2F0aW9uRXJyb3IoZm10T2J0YWluQ3JlZGVudGlhbHNFcnJvcihlbnYuYWNjb3VudCwgYmFzZUNyZWRzKSk7XG4gICAgfVxuXG4gICAgLy8gU2ltcGxlIGNhc2UgaXMgaWYgd2UgZG9uJ3QgbmVlZCB0byBcImFzc3VtZVJvbGVcIiBoZXJlLiBJZiBzbywgd2UgbXVzdCBub3cgaGF2ZSBjcmVkZW50aWFscyBmb3IgdGhlIHJpZ2h0XG4gICAgLy8gYWNjb3VudC5cbiAgICBpZiAob3B0aW9ucz8uYXNzdW1lUm9sZUFybiA9PT0gdW5kZWZpbmVkKSB7XG4gICAgICBpZiAoYmFzZUNyZWRzLnNvdXJjZSA9PT0gJ2luY29ycmVjdERlZmF1bHQnKSB7XG4gICAgICAgIHRocm93IG5ldyBBdXRoZW50aWNhdGlvbkVycm9yKGZtdE9idGFpbkNyZWRlbnRpYWxzRXJyb3IoZW52LmFjY291bnQsIGJhc2VDcmVkcykpO1xuICAgICAgfVxuXG4gICAgICAvLyBPdXIgY3VycmVudCBjcmVkZW50aWFscyBtdXN0IGJlIHZhbGlkIGFuZCBub3QgZXhwaXJlZC4gQ29uZmlybSB0aGF0IGJlZm9yZSB3ZSBnZXQgaW50byBkb2luZ1xuICAgICAgLy8gYWN0dWFsIENsb3VkRm9ybWF0aW9uIGNhbGxzLCB3aGljaCBtaWdodCB0YWtlIGEgbG9uZyB0aW1lIHRvIGhhbmcuXG4gICAgICBjb25zdCBzZGsgPSBuZXcgU0RLKGJhc2VDcmVkcy5jcmVkZW50aWFscywgZW52LnJlZ2lvbiwgdGhpcy5yZXF1ZXN0SGFuZGxlciwgdGhpcy5sb2dnZXIpO1xuICAgICAgYXdhaXQgc2RrLnZhbGlkYXRlQ3JlZGVudGlhbHMoKTtcbiAgICAgIHJldHVybiB7IHNkaywgZGlkQXNzdW1lUm9sZTogZmFsc2UgfTtcbiAgICB9XG5cbiAgICB0cnkge1xuICAgICAgLy8gV2Ugd2lsbCBwcm9jZWVkIHRvIEFzc3VtZVJvbGUgdXNpbmcgd2hhdGV2ZXIgd2UndmUgYmVlbiBnaXZlbi5cbiAgICAgIGNvbnN0IHNkayA9IGF3YWl0IHRoaXMud2l0aEFzc3VtZWRSb2xlKFxuICAgICAgICBiYXNlQ3JlZHMsXG4gICAgICAgIG9wdGlvbnMuYXNzdW1lUm9sZUFybixcbiAgICAgICAgb3B0aW9ucy5hc3N1bWVSb2xlRXh0ZXJuYWxJZCxcbiAgICAgICAgb3B0aW9ucy5hc3N1bWVSb2xlQWRkaXRpb25hbE9wdGlvbnMsXG4gICAgICAgIGVudi5yZWdpb24sXG4gICAgICApO1xuXG4gICAgICByZXR1cm4geyBzZGssIGRpZEFzc3VtZVJvbGU6IHRydWUgfTtcbiAgICB9IGNhdGNoIChlcnI6IGFueSkge1xuICAgICAgaWYgKGVyci5uYW1lID09PSAnRXhwaXJlZFRva2VuJykge1xuICAgICAgICB0aHJvdyBlcnI7XG4gICAgICB9XG5cbiAgICAgIC8vIEFzc3VtZVJvbGUgZmFpbGVkLiBQcm9jZWVkIGFuZCB3YXJuICppZiBhbmQgb25seSBpZiogdGhlIGJhc2VDcmVkZW50aWFscyB3ZXJlIGFscmVhZHkgZm9yIHRoZSByaWdodCBhY2NvdW50XG4gICAgICAvLyBvciByZXR1cm5lZCBmcm9tIGEgcGx1Z2luLiBUaGlzIGlzIHRvIGNvdmVyIHNvbWUgY3VycmVudCBzZXR1cHMgZm9yIHBlb3BsZSB1c2luZyBwbHVnaW5zIG9yIHByZWZlcnJpbmcgdG9cbiAgICAgIC8vIGZlZWQgdGhlIENMSSBjcmVkZW50aWFscyB3aGljaCBhcmUgc3VmZmljaWVudCBieSB0aGVtc2VsdmVzLiBQcmVmZXIgdG8gYXNzdW1lIHRoZSBjb3JyZWN0IHJvbGUgaWYgd2UgY2FuLFxuICAgICAgLy8gYnV0IGlmIHdlIGNhbid0IHRoZW4gbGV0J3MganVzdCB0cnkgd2l0aCBhdmFpbGFibGUgY3JlZGVudGlhbHMgYW55d2F5LlxuICAgICAgaWYgKGJhc2VDcmVkcy5zb3VyY2UgPT09ICdjb3JyZWN0RGVmYXVsdCcgfHwgYmFzZUNyZWRzLnNvdXJjZSA9PT0gJ3BsdWdpbicpIHtcbiAgICAgICAgZGVidWcoZXJyLm1lc3NhZ2UpO1xuICAgICAgICBjb25zdCBsb2dnZXIgPSBxdWlldCA/IGRlYnVnIDogd2FybmluZztcbiAgICAgICAgbG9nZ2VyKFxuICAgICAgICAgIGAke2ZtdE9idGFpbmVkQ3JlZGVudGlhbHMoYmFzZUNyZWRzKX0gY291bGQgbm90IGJlIHVzZWQgdG8gYXNzdW1lICcke29wdGlvbnMuYXNzdW1lUm9sZUFybn0nLCBidXQgYXJlIGZvciB0aGUgcmlnaHQgYWNjb3VudC4gUHJvY2VlZGluZyBhbnl3YXkuYCxcbiAgICAgICAgKTtcbiAgICAgICAgcmV0dXJuIHtcbiAgICAgICAgICBzZGs6IG5ldyBTREsoYmFzZUNyZWRzLmNyZWRlbnRpYWxzLCBlbnYucmVnaW9uLCB0aGlzLnJlcXVlc3RIYW5kbGVyLCB0aGlzLmxvZ2dlciksXG4gICAgICAgICAgZGlkQXNzdW1lUm9sZTogZmFsc2UsXG4gICAgICAgIH07XG4gICAgICB9XG5cbiAgICAgIHRocm93IGVycjtcbiAgICB9XG4gIH1cblxuICAvKipcbiAgICogUmV0dXJuIHRoZSBwYXJ0aXRpb24gdGhhdCBiYXNlIGNyZWRlbnRpYWxzIGFyZSBmb3JcbiAgICpcbiAgICogUmV0dXJucyBgdW5kZWZpbmVkYCBpZiB0aGVyZSBhcmUgbm8gYmFzZSBjcmVkZW50aWFscy5cbiAgICovXG4gIHB1YmxpYyBhc3luYyBiYXNlQ3JlZGVudGlhbHNQYXJ0aXRpb24oZW52aXJvbm1lbnQ6IEVudmlyb25tZW50LCBtb2RlOiBNb2RlKTogUHJvbWlzZTxzdHJpbmcgfCB1bmRlZmluZWQ+IHtcbiAgICBjb25zdCBlbnYgPSBhd2FpdCB0aGlzLnJlc29sdmVFbnZpcm9ubWVudChlbnZpcm9ubWVudCk7XG4gICAgY29uc3QgYmFzZUNyZWRzID0gYXdhaXQgdGhpcy5vYnRhaW5CYXNlQ3JlZGVudGlhbHMoZW52LmFjY291bnQsIG1vZGUpO1xuICAgIGlmIChiYXNlQ3JlZHMuc291cmNlID09PSAnbm9uZScpIHtcbiAgICAgIHJldHVybiB1bmRlZmluZWQ7XG4gICAgfVxuICAgIHJldHVybiAoYXdhaXQgbmV3IFNESyhiYXNlQ3JlZHMuY3JlZGVudGlhbHMsIGVudi5yZWdpb24sIHRoaXMucmVxdWVzdEhhbmRsZXIsIHRoaXMubG9nZ2VyKS5jdXJyZW50QWNjb3VudCgpKS5wYXJ0aXRpb247XG4gIH1cblxuICAvKipcbiAgICogUmVzb2x2ZSB0aGUgZW52aXJvbm1lbnQgZm9yIGEgc3RhY2tcbiAgICpcbiAgICogUmVwbGFjZXMgdGhlIG1hZ2ljIHZhbHVlcyBgVU5LTk9XTl9SRUdJT05gIGFuZCBgVU5LTk9XTl9BQ0NPVU5UYFxuICAgKiB3aXRoIHRoZSBkZWZhdWx0cyBmb3IgdGhlIGN1cnJlbnQgU0RLIGNvbmZpZ3VyYXRpb24gKGB+Ly5hd3MvY29uZmlnYCBvclxuICAgKiBvdGhlcndpc2UpLlxuICAgKlxuICAgKiBJdCBpcyBhbiBlcnJvciBpZiBgVU5LTk9XTl9BQ0NPVU5UYCBpcyB1c2VkIGJ1dCB0aGUgdXNlciBoYXNuJ3QgY29uZmlndXJlZFxuICAgKiBhbnkgU0RLIGNyZWRlbnRpYWxzLlxuICAgKi9cbiAgcHVibGljIGFzeW5jIHJlc29sdmVFbnZpcm9ubWVudChlbnY6IEVudmlyb25tZW50KTogUHJvbWlzZTxFbnZpcm9ubWVudD4ge1xuICAgIGNvbnN0IHJlZ2lvbiA9IGVudi5yZWdpb24gIT09IFVOS05PV05fUkVHSU9OID8gZW52LnJlZ2lvbiA6IHRoaXMuZGVmYXVsdFJlZ2lvbjtcbiAgICBjb25zdCBhY2NvdW50ID0gZW52LmFjY291bnQgIT09IFVOS05PV05fQUNDT1VOVCA/IGVudi5hY2NvdW50IDogKGF3YWl0IHRoaXMuZGVmYXVsdEFjY291bnQoKSk/LmFjY291bnRJZDtcblxuICAgIGlmICghYWNjb3VudCkge1xuICAgICAgdGhyb3cgbmV3IEF1dGhlbnRpY2F0aW9uRXJyb3IoXG4gICAgICAgICdVbmFibGUgdG8gcmVzb2x2ZSBBV1MgYWNjb3VudCB0byB1c2UuIEl0IG11c3QgYmUgZWl0aGVyIGNvbmZpZ3VyZWQgd2hlbiB5b3UgZGVmaW5lIHlvdXIgQ0RLIFN0YWNrLCBvciB0aHJvdWdoIHRoZSBlbnZpcm9ubWVudCcsXG4gICAgICApO1xuICAgIH1cblxuICAgIHJldHVybiB7XG4gICAgICByZWdpb24sXG4gICAgICBhY2NvdW50LFxuICAgICAgbmFtZTogRW52aXJvbm1lbnRVdGlscy5mb3JtYXQoYWNjb3VudCwgcmVnaW9uKSxcbiAgICB9O1xuICB9XG5cbiAgLyoqXG4gICAqIFRoZSBhY2NvdW50IHdlJ2QgYXV0aCBpbnRvIGlmIHdlIHVzZWQgZGVmYXVsdCBjcmVkZW50aWFscy5cbiAgICpcbiAgICogRGVmYXVsdCBjcmVkZW50aWFscyBhcmUgdGhlIHNldCBvZiBhbWJpZW50bHkgY29uZmlndXJlZCBjcmVkZW50aWFscyB1c2luZ1xuICAgKiBvbmUgb2YgdGhlIGVudmlyb25tZW50IHZhcmlhYmxlcywgb3Igfi8uYXdzL2NyZWRlbnRpYWxzLCBvciB0aGUgKm9uZSpcbiAgICogcHJvZmlsZSB0aGF0IHdhcyBwYXNzZWQgaW50byB0aGUgQ0xJLlxuICAgKlxuICAgKiBNaWdodCByZXR1cm4gdW5kZWZpbmVkIGlmIHRoZXJlIGFyZSBubyBkZWZhdWx0L2FtYmllbnQgY3JlZGVudGlhbHNcbiAgICogYXZhaWxhYmxlIChpbiB3aGljaCBjYXNlIHRoZSB1c2VyIHNob3VsZCBiZXR0ZXIgaG9wZSB0aGV5IGhhdmVcbiAgICogY3JlZGVudGlhbCBwbHVnaW5zIGNvbmZpZ3VyZWQpLlxuICAgKlxuICAgKiBVc2VzIGEgY2FjaGUgdG8gYXZvaWQgU1RTIGNhbGxzIGlmIHdlIGRvbid0IG5lZWQgJ2VtLlxuICAgKi9cbiAgcHVibGljIGFzeW5jIGRlZmF1bHRBY2NvdW50KCk6IFByb21pc2U8QWNjb3VudCB8IHVuZGVmaW5lZD4ge1xuICAgIHJldHVybiBjYWNoZWQodGhpcywgQ0FDSEVEX0FDQ09VTlQsIGFzeW5jICgpID0+IHtcbiAgICAgIHRyeSB7XG4gICAgICAgIHJldHVybiBhd2FpdCBuZXcgU0RLKHRoaXMuZGVmYXVsdENyZWRlbnRpYWxQcm92aWRlciwgdGhpcy5kZWZhdWx0UmVnaW9uLCB0aGlzLnJlcXVlc3RIYW5kbGVyLCB0aGlzLmxvZ2dlcikuY3VycmVudEFjY291bnQoKTtcbiAgICAgIH0gY2F0Y2ggKGU6IGFueSkge1xuICAgICAgICAvLyBUcmVhdCAnRXhwaXJlZFRva2VuJyBzcGVjaWFsbHkuIFRoaXMgaXMgYSBjb21tb24gc2l0dWF0aW9uIHRoYXQgcGVvcGxlIG1heSBmaW5kIHRoZW1zZWx2ZXMgaW4sIGFuZFxuICAgICAgICAvLyB0aGV5IGFyZSBjb21wbGFpbmluZyBhYm91dCBpZiB3ZSBmYWlsICdjZGsgc3ludGgnIG9uIHRoZW0uIFdlIGxvdWRseSBjb21wbGFpbiBpbiBvcmRlciB0byBzaG93IHRoYXRcbiAgICAgICAgLy8gdGhlIGN1cnJlbnQgc2l0dWF0aW9uIGlzIHByb2JhYmx5IHVuZGVzaXJhYmxlLCBidXQgd2UgZG9uJ3QgZmFpbC5cbiAgICAgICAgaWYgKGUubmFtZSA9PT0gJ0V4cGlyZWRUb2tlbicpIHtcbiAgICAgICAgICB3YXJuaW5nKFxuICAgICAgICAgICAgJ1RoZXJlIGFyZSBleHBpcmVkIEFXUyBjcmVkZW50aWFscyBpbiB5b3VyIGVudmlyb25tZW50LiBUaGUgQ0RLIGFwcCB3aWxsIHN5bnRoIHdpdGhvdXQgY3VycmVudCBhY2NvdW50IGluZm9ybWF0aW9uLicsXG4gICAgICAgICAgKTtcbiAgICAgICAgICByZXR1cm4gdW5kZWZpbmVkO1xuICAgICAgICB9XG5cbiAgICAgICAgZGVidWcoYFVuYWJsZSB0byBkZXRlcm1pbmUgdGhlIGRlZmF1bHQgQVdTIGFjY291bnQgKCR7ZS5uYW1lfSk6ICR7Zm9ybWF0RXJyb3JNZXNzYWdlKGUpfWApO1xuICAgICAgICByZXR1cm4gdW5kZWZpbmVkO1xuICAgICAgfVxuICAgIH0pO1xuICB9XG5cbiAgLyoqXG4gICAqIEdldCBjcmVkZW50aWFscyBmb3IgdGhlIGdpdmVuIGFjY291bnQgSUQgaW4gdGhlIGdpdmVuIG1vZGVcbiAgICpcbiAgICogMS4gVXNlIHRoZSBkZWZhdWx0IGNyZWRlbnRpYWxzIGlmIHRoZSBkZXN0aW5hdGlvbiBhY2NvdW50IG1hdGNoZXMgdGhlXG4gICAqICAgIGN1cnJlbnQgY3JlZGVudGlhbHMnIGFjY291bnQuXG4gICAqIDIuIE90aGVyd2lzZSB0cnkgYWxsIGNyZWRlbnRpYWwgcGx1Z2lucy5cbiAgICogMy4gRmFpbCBpZiBuZWl0aGVyIG9mIHRoZXNlIHlpZWxkIGFueSBjcmVkZW50aWFscy5cbiAgICogNC4gUmV0dXJuIGEgZmFpbHVyZSBpZiBhbnkgb2YgdGhlbSByZXR1cm5lZCBjcmVkZW50aWFsc1xuICAgKi9cbiAgcHJpdmF0ZSBhc3luYyBvYnRhaW5CYXNlQ3JlZGVudGlhbHMoYWNjb3VudElkOiBzdHJpbmcsIG1vZGU6IE1vZGUpOiBQcm9taXNlPE9idGFpbkJhc2VDcmVkZW50aWFsc1Jlc3VsdD4ge1xuICAgIC8vIEZpcnN0IHRyeSAnY3VycmVudCcgY3JlZGVudGlhbHNcbiAgICBjb25zdCBkZWZhdWx0QWNjb3VudElkID0gKGF3YWl0IHRoaXMuZGVmYXVsdEFjY291bnQoKSk/LmFjY291bnRJZDtcbiAgICBpZiAoZGVmYXVsdEFjY291bnRJZCA9PT0gYWNjb3VudElkKSB7XG4gICAgICByZXR1cm4ge1xuICAgICAgICBzb3VyY2U6ICdjb3JyZWN0RGVmYXVsdCcsXG4gICAgICAgIGNyZWRlbnRpYWxzOiBhd2FpdCB0aGlzLmRlZmF1bHRDcmVkZW50aWFsUHJvdmlkZXIsXG4gICAgICB9O1xuICAgIH1cblxuICAgIC8vIFRoZW4gdHJ5IHRoZSBwbHVnaW5zXG4gICAgY29uc3QgcGx1Z2luQ3JlZHMgPSBhd2FpdCB0aGlzLnBsdWdpbnMuZmV0Y2hDcmVkZW50aWFsc0ZvcihhY2NvdW50SWQsIG1vZGUpO1xuICAgIGlmIChwbHVnaW5DcmVkcykge1xuICAgICAgcmV0dXJuIHsgc291cmNlOiAncGx1Z2luJywgLi4ucGx1Z2luQ3JlZHMgfTtcbiAgICB9XG5cbiAgICAvLyBGYWxsIGJhY2sgdG8gZGVmYXVsdCBjcmVkZW50aWFscyB3aXRoIGEgbm90ZSB0aGF0IHRoZXkncmUgbm90IHRoZSByaWdodCBvbmVzIHlldFxuICAgIGlmIChkZWZhdWx0QWNjb3VudElkICE9PSB1bmRlZmluZWQpIHtcbiAgICAgIHJldHVybiB7XG4gICAgICAgIHNvdXJjZTogJ2luY29ycmVjdERlZmF1bHQnLFxuICAgICAgICBhY2NvdW50SWQ6IGRlZmF1bHRBY2NvdW50SWQsXG4gICAgICAgIGNyZWRlbnRpYWxzOiBhd2FpdCB0aGlzLmRlZmF1bHRDcmVkZW50aWFsUHJvdmlkZXIsXG4gICAgICAgIHVudXNlZFBsdWdpbnM6IHRoaXMucGx1Z2lucy5hdmFpbGFibGVQbHVnaW5OYW1lcyxcbiAgICAgIH07XG4gICAgfVxuXG4gICAgLy8gQXBwYXJlbnRseSB3ZSBkaWRuJ3QgZmluZCBhbnkgYXQgYWxsXG4gICAgcmV0dXJuIHtcbiAgICAgIHNvdXJjZTogJ25vbmUnLFxuICAgICAgdW51c2VkUGx1Z2luczogdGhpcy5wbHVnaW5zLmF2YWlsYWJsZVBsdWdpbk5hbWVzLFxuICAgIH07XG4gIH1cblxuICAvKipcbiAgICogUmV0dXJuIGFuIFNESyB3aGljaCB1c2VzIGFzc3VtZWQgcm9sZSBjcmVkZW50aWFsc1xuICAgKlxuICAgKiBUaGUgYmFzZSBjcmVkZW50aWFscyB1c2VkIHRvIHJldHJpZXZlIHRoZSBhc3N1bWVkIHJvbGUgY3JlZGVudGlhbHMgd2lsbCBiZSB0aGVcbiAgICogc2FtZSBjcmVkZW50aWFscyByZXR1cm5lZCBieSBvYnRhaW5DcmVkZW50aWFscyBpZiBhbiBlbnZpcm9ubWVudCBhbmQgbW9kZSBpcyBwYXNzZWQsXG4gICAqIG90aGVyd2lzZSBpdCB3aWxsIGJlIHRoZSBjdXJyZW50IGNyZWRlbnRpYWxzLlxuICAgKi9cbiAgcHJpdmF0ZSBhc3luYyB3aXRoQXNzdW1lZFJvbGUoXG4gICAgbWFpbkNyZWRlbnRpYWxzOiBFeGNsdWRlPE9idGFpbkJhc2VDcmVkZW50aWFsc1Jlc3VsdCwgeyBzb3VyY2U6ICdub25lJyB9PixcbiAgICByb2xlQXJuOiBzdHJpbmcsXG4gICAgZXh0ZXJuYWxJZD86IHN0cmluZyxcbiAgICBhZGRpdGlvbmFsT3B0aW9ucz86IEFzc3VtZVJvbGVBZGRpdGlvbmFsT3B0aW9ucyxcbiAgICByZWdpb24/OiBzdHJpbmcsXG4gICk6IFByb21pc2U8U0RLPiB7XG4gICAgZGVidWcoYEFzc3VtaW5nIHJvbGUgJyR7cm9sZUFybn0nLmApO1xuXG4gICAgcmVnaW9uID0gcmVnaW9uID8/IHRoaXMuZGVmYXVsdFJlZ2lvbjtcblxuICAgIGNvbnN0IHNvdXJjZURlc2NyaXB0aW9uID0gZm10T2J0YWluZWRDcmVkZW50aWFscyhtYWluQ3JlZGVudGlhbHMpO1xuXG4gICAgdHJ5IHtcbiAgICAgIGNvbnN0IGNyZWRlbnRpYWxzID0gYXdhaXQgbWFrZUNhY2hpbmdQcm92aWRlcihmcm9tVGVtcG9yYXJ5Q3JlZGVudGlhbHMoe1xuICAgICAgICBtYXN0ZXJDcmVkZW50aWFsczogbWFpbkNyZWRlbnRpYWxzLmNyZWRlbnRpYWxzLFxuICAgICAgICBwYXJhbXM6IHtcbiAgICAgICAgICBSb2xlQXJuOiByb2xlQXJuLFxuICAgICAgICAgIEV4dGVybmFsSWQ6IGV4dGVybmFsSWQsXG4gICAgICAgICAgUm9sZVNlc3Npb25OYW1lOiBgYXdzLWNkay0ke3NhZmVVc2VybmFtZSgpfWAsXG4gICAgICAgICAgLi4uYWRkaXRpb25hbE9wdGlvbnMsXG4gICAgICAgICAgVHJhbnNpdGl2ZVRhZ0tleXM6IGFkZGl0aW9uYWxPcHRpb25zPy5UYWdzID8gYWRkaXRpb25hbE9wdGlvbnMuVGFncy5tYXAoKHQpID0+IHQuS2V5ISkgOiB1bmRlZmluZWQsXG4gICAgICAgIH0sXG4gICAgICAgIGNsaWVudENvbmZpZzoge1xuICAgICAgICAgIHJlZ2lvbixcbiAgICAgICAgICByZXF1ZXN0SGFuZGxlcjogdGhpcy5yZXF1ZXN0SGFuZGxlcixcbiAgICAgICAgICBjdXN0b21Vc2VyQWdlbnQ6ICdhd3MtY2RrJyxcbiAgICAgICAgICBsb2dnZXI6IHRoaXMubG9nZ2VyLFxuICAgICAgICB9LFxuICAgICAgICBsb2dnZXI6IHRoaXMubG9nZ2VyLFxuICAgICAgfSkpO1xuXG4gICAgICAvLyBDYWxsIHRoZSBwcm92aWRlciBhdCBsZWFzdCBvbmNlIGhlcmUsIHRvIGNhdGNoIGFuIGVycm9yIGlmIGl0IG9jY3Vyc1xuICAgICAgYXdhaXQgY3JlZGVudGlhbHMoKTtcblxuICAgICAgcmV0dXJuIG5ldyBTREsoY3JlZGVudGlhbHMsIHJlZ2lvbiwgdGhpcy5yZXF1ZXN0SGFuZGxlciwgdGhpcy5sb2dnZXIpO1xuICAgIH0gY2F0Y2ggKGVycjogYW55KSB7XG4gICAgICBpZiAoZXJyLm5hbWUgPT09ICdFeHBpcmVkVG9rZW4nKSB7XG4gICAgICAgIHRocm93IGVycjtcbiAgICAgIH1cblxuICAgICAgZGVidWcoYEFzc3VtaW5nIHJvbGUgZmFpbGVkOiAke2Vyci5tZXNzYWdlfWApO1xuICAgICAgdGhyb3cgbmV3IEF1dGhlbnRpY2F0aW9uRXJyb3IoXG4gICAgICAgIFtcbiAgICAgICAgICAnQ291bGQgbm90IGFzc3VtZSByb2xlIGluIHRhcmdldCBhY2NvdW50JyxcbiAgICAgICAgICAuLi4oc291cmNlRGVzY3JpcHRpb24gPyBbYHVzaW5nICR7c291cmNlRGVzY3JpcHRpb259YF0gOiBbXSksXG4gICAgICAgICAgZXJyLm1lc3NhZ2UsXG4gICAgICAgICAgXCIuIFBsZWFzZSBtYWtlIHN1cmUgdGhhdCB0aGlzIHJvbGUgZXhpc3RzIGluIHRoZSBhY2NvdW50LiBJZiBpdCBkb2Vzbid0IGV4aXN0LCAocmUpLWJvb3RzdHJhcCB0aGUgZW52aXJvbm1lbnQgXCIgK1xuICAgICAgICAgICAgXCJ3aXRoIHRoZSByaWdodCAnLS10cnVzdCcsIHVzaW5nIHRoZSBsYXRlc3QgdmVyc2lvbiBvZiB0aGUgQ0RLIENMSS5cIixcbiAgICAgICAgXS5qb2luKCcgJyksXG4gICAgICApO1xuICAgIH1cbiAgfVxufVxuXG4vKipcbiAqIEFuIEFXUyBhY2NvdW50XG4gKlxuICogQW4gQVdTIGFjY291bnQgYWx3YXlzIGV4aXN0cyBpbiBvbmx5IG9uZSBwYXJ0aXRpb24uIFVzdWFsbHkgd2UgZG9uJ3QgY2FyZSBhYm91dFxuICogdGhlIHBhcnRpdGlvbiwgYnV0IHdoZW4gd2UgbmVlZCB0byBmb3JtIEFSTnMgd2UgZG8uXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgQWNjb3VudCB7XG4gIC8qKlxuICAgKiBUaGUgYWNjb3VudCBudW1iZXJcbiAgICovXG4gIHJlYWRvbmx5IGFjY291bnRJZDogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgcGFydGl0aW9uICgnYXdzJyBvciAnYXdzLWNuJyBvciBvdGhlcndpc2UpXG4gICAqL1xuICByZWFkb25seSBwYXJ0aXRpb246IHN0cmluZztcbn1cblxuLyoqXG4gKiBSZXR1cm4gdGhlIHVzZXJuYW1lIHdpdGggY2hhcmFjdGVycyBpbnZhbGlkIGZvciBhIFJvbGVTZXNzaW9uTmFtZSByZW1vdmVkXG4gKlxuICogQHNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vU1RTL2xhdGVzdC9BUElSZWZlcmVuY2UvQVBJX0Fzc3VtZVJvbGUuaHRtbCNBUElfQXNzdW1lUm9sZV9SZXF1ZXN0UGFyYW1ldGVyc1xuICovXG5mdW5jdGlvbiBzYWZlVXNlcm5hbWUoKSB7XG4gIHRyeSB7XG4gICAgcmV0dXJuIG9zLnVzZXJJbmZvKCkudXNlcm5hbWUucmVwbGFjZSgvW15cXHcrPSwuQC1dL2csICdAJyk7XG4gIH0gY2F0Y2gge1xuICAgIHJldHVybiAnbm9uYW1lJztcbiAgfVxufVxuXG4vKipcbiAqIE9wdGlvbnMgZm9yIG9idGFpbmluZyBjcmVkZW50aWFscyBmb3IgYW4gZW52aXJvbm1lbnRcbiAqL1xuZXhwb3J0IGludGVyZmFjZSBDcmVkZW50aWFsc09wdGlvbnMge1xuICAvKipcbiAgICogVGhlIEFSTiBvZiB0aGUgcm9sZSB0aGF0IG5lZWRzIHRvIGJlIGFzc3VtZWQsIGlmIGFueVxuICAgKi9cbiAgcmVhZG9ubHkgYXNzdW1lUm9sZUFybj86IHN0cmluZztcblxuICAvKipcbiAgICogRXh0ZXJuYWwgSUQgcmVxdWlyZWQgdG8gYXNzdW1lIHRoZSBnaXZlbiByb2xlLlxuICAgKi9cbiAgcmVhZG9ubHkgYXNzdW1lUm9sZUV4dGVybmFsSWQ/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFNlc3Npb24gdGFncyByZXF1aXJlZCB0byBhc3N1bWUgdGhlIGdpdmVuIHJvbGUuXG4gICAqL1xuICByZWFkb25seSBhc3N1bWVSb2xlQWRkaXRpb25hbE9wdGlvbnM/OiBBc3N1bWVSb2xlQWRkaXRpb25hbE9wdGlvbnM7XG59XG5cbi8qKlxuICogUmVzdWx0IG9mIG9idGFpbmluZyBiYXNlIGNyZWRlbnRpYWxzXG4gKi9cbnR5cGUgT2J0YWluQmFzZUNyZWRlbnRpYWxzUmVzdWx0ID1cbiAgfCB7IHNvdXJjZTogJ2NvcnJlY3REZWZhdWx0JzsgY3JlZGVudGlhbHM6IEF3c0NyZWRlbnRpYWxJZGVudGl0eVByb3ZpZGVyIH1cbiAgfCB7IHNvdXJjZTogJ3BsdWdpbic7IHBsdWdpbk5hbWU6IHN0cmluZzsgY3JlZGVudGlhbHM6IEF3c0NyZWRlbnRpYWxJZGVudGl0eVByb3ZpZGVyIH1cbiAgfCB7XG4gICAgc291cmNlOiAnaW5jb3JyZWN0RGVmYXVsdCc7XG4gICAgY3JlZGVudGlhbHM6IEF3c0NyZWRlbnRpYWxJZGVudGl0eVByb3ZpZGVyO1xuICAgIGFjY291bnRJZDogc3RyaW5nO1xuICAgIHVudXNlZFBsdWdpbnM6IHN0cmluZ1tdO1xuICB9XG4gIHwgeyBzb3VyY2U6ICdub25lJzsgdW51c2VkUGx1Z2luczogc3RyaW5nW10gfTtcblxuLyoqXG4gKiBJc29sYXRpbmcgdGhlIGNvZGUgdGhhdCB0cmFuc2xhdGVzIGNhbGN1bGF0aW9uIGVycm9ycyBpbnRvIGh1bWFuIGVycm9yIG1lc3NhZ2VzXG4gKlxuICogV2UgY292ZXIgdGhlIGZvbGxvd2luZyBjYXNlczpcbiAqXG4gKiAtIE5vIGNyZWRlbnRpYWxzIGFyZSBhdmFpbGFibGUgYXQgYWxsXG4gKiAtIERlZmF1bHQgY3JlZGVudGlhbHMgYXJlIGZvciB0aGUgd3JvbmcgYWNjb3VudFxuICovXG5mdW5jdGlvbiBmbXRPYnRhaW5DcmVkZW50aWFsc0Vycm9yKFxuICB0YXJnZXRBY2NvdW50SWQ6IHN0cmluZyxcbiAgb2J0YWluUmVzdWx0OiBPYnRhaW5CYXNlQ3JlZGVudGlhbHNSZXN1bHQgJiB7XG4gICAgc291cmNlOiAnbm9uZScgfCAnaW5jb3JyZWN0RGVmYXVsdCc7XG4gIH0sXG4pOiBzdHJpbmcge1xuICBjb25zdCBtc2cgPSBbYE5lZWQgdG8gcGVyZm9ybSBBV1MgY2FsbHMgZm9yIGFjY291bnQgJHt0YXJnZXRBY2NvdW50SWR9YF07XG4gIHN3aXRjaCAob2J0YWluUmVzdWx0LnNvdXJjZSkge1xuICAgIGNhc2UgJ2luY29ycmVjdERlZmF1bHQnOlxuICAgICAgbXNnLnB1c2goYGJ1dCB0aGUgY3VycmVudCBjcmVkZW50aWFscyBhcmUgZm9yICR7b2J0YWluUmVzdWx0LmFjY291bnRJZH1gKTtcbiAgICAgIGJyZWFrO1xuICAgIGNhc2UgJ25vbmUnOlxuICAgICAgbXNnLnB1c2goJ2J1dCBubyBjcmVkZW50aWFscyBoYXZlIGJlZW4gY29uZmlndXJlZCcpO1xuICB9XG4gIGlmIChvYnRhaW5SZXN1bHQudW51c2VkUGx1Z2lucy5sZW5ndGggPiAwKSB7XG4gICAgbXNnLnB1c2goYGFuZCBub25lIG9mIHRoZXNlIHBsdWdpbnMgZm91bmQgYW55OiAke29idGFpblJlc3VsdC51bnVzZWRQbHVnaW5zLmpvaW4oJywgJyl9YCk7XG4gIH1cbiAgcmV0dXJuIG1zZy5qb2luKCcsICcpO1xufVxuXG4vKipcbiAqIEZvcm1hdCBhIG1lc3NhZ2UgaW5kaWNhdGluZyB3aGVyZSB3ZSBnb3QgYmFzZSBjcmVkZW50aWFscyBmb3IgdGhlIGFzc3VtZSByb2xlXG4gKlxuICogV2UgY292ZXIgdGhlIGZvbGxvd2luZyBjYXNlczpcbiAqXG4gKiAtIERlZmF1bHQgY3JlZGVudGlhbHMgZm9yIHRoZSByaWdodCBhY2NvdW50XG4gKiAtIERlZmF1bHQgY3JlZGVudGlhbHMgZm9yIHRoZSB3cm9uZyBhY2NvdW50XG4gKiAtIENyZWRlbnRpYWxzIHJldHVybmVkIGZyb20gYSBwbHVnaW5cbiAqL1xuZnVuY3Rpb24gZm10T2J0YWluZWRDcmVkZW50aWFscyhvYnRhaW5SZXN1bHQ6IEV4Y2x1ZGU8T2J0YWluQmFzZUNyZWRlbnRpYWxzUmVzdWx0LCB7IHNvdXJjZTogJ25vbmUnIH0+KTogc3RyaW5nIHtcbiAgc3dpdGNoIChvYnRhaW5SZXN1bHQuc291cmNlKSB7XG4gICAgY2FzZSAnY29ycmVjdERlZmF1bHQnOlxuICAgICAgcmV0dXJuICdjdXJyZW50IGNyZWRlbnRpYWxzJztcbiAgICBjYXNlICdwbHVnaW4nOlxuICAgICAgcmV0dXJuIGBjcmVkZW50aWFscyByZXR1cm5lZCBieSBwbHVnaW4gJyR7b2J0YWluUmVzdWx0LnBsdWdpbk5hbWV9J2A7XG4gICAgY2FzZSAnaW5jb3JyZWN0RGVmYXVsdCc6XG4gICAgICBjb25zdCBtc2cgPSBbXTtcbiAgICAgIG1zZy5wdXNoKGBjdXJyZW50IGNyZWRlbnRpYWxzICh3aGljaCBhcmUgZm9yIGFjY291bnQgJHtvYnRhaW5SZXN1bHQuYWNjb3VudElkfWApO1xuXG4gICAgICBpZiAob2J0YWluUmVzdWx0LnVudXNlZFBsdWdpbnMubGVuZ3RoID4gMCkge1xuICAgICAgICBtc2cucHVzaChgLCBhbmQgbm9uZSBvZiB0aGUgZm9sbG93aW5nIHBsdWdpbnMgcHJvdmlkZWQgY3JlZGVudGlhbHM6ICR7b2J0YWluUmVzdWx0LnVudXNlZFBsdWdpbnMuam9pbignLCAnKX1gKTtcbiAgICAgIH1cbiAgICAgIG1zZy5wdXNoKCcpJyk7XG5cbiAgICAgIHJldHVybiBtc2cuam9pbignJyk7XG4gIH1cbn1cblxuLyoqXG4gKiBJbnN0YW50aWF0ZSBhbiBTREsgZm9yIGNvbnRleHQgcHJvdmlkZXJzLiBUaGlzIGZ1bmN0aW9uIGVuc3VyZXMgdGhhdCBhbGxcbiAqIGxvb2t1cCBhc3N1bWUgcm9sZSBvcHRpb25zIGFyZSB1c2VkIHdoZW4gY29udGV4dCBwcm92aWRlcnMgcGVyZm9ybSBsb29rdXBzLlxuICovXG5leHBvcnQgYXN5bmMgZnVuY3Rpb24gaW5pdENvbnRleHRQcm92aWRlclNkayhhd3M6IFNka1Byb3ZpZGVyLCBvcHRpb25zOiBDb250ZXh0TG9va3VwUm9sZU9wdGlvbnMpOiBQcm9taXNlPFNESz4ge1xuICBjb25zdCBhY2NvdW50ID0gb3B0aW9ucy5hY2NvdW50O1xuICBjb25zdCByZWdpb24gPSBvcHRpb25zLnJlZ2lvbjtcblxuICBjb25zdCBjcmVkczogQ3JlZGVudGlhbHNPcHRpb25zID0ge1xuICAgIGFzc3VtZVJvbGVBcm46IG9wdGlvbnMubG9va3VwUm9sZUFybixcbiAgICBhc3N1bWVSb2xlRXh0ZXJuYWxJZDogb3B0aW9ucy5sb29rdXBSb2xlRXh0ZXJuYWxJZCxcbiAgICBhc3N1bWVSb2xlQWRkaXRpb25hbE9wdGlvbnM6IG9wdGlvbnMuYXNzdW1lUm9sZUFkZGl0aW9uYWxPcHRpb25zLFxuICB9O1xuXG4gIHJldHVybiAoYXdhaXQgYXdzLmZvckVudmlyb25tZW50KEVudmlyb25tZW50VXRpbHMubWFrZShhY2NvdW50LCByZWdpb24pLCBNb2RlLkZvclJlYWRpbmcsIGNyZWRzKSkuc2RrO1xufVxuIl19