parse-server 2.8.4 → 8.6.2

package/lib/Adapters/Auth/facebook.js

@@ -1,57 +1,184 @@
-'use strict';
+"use strict";
 
-// Helper functions for accessing the Facebook Graph API.
-var https = require('https');
-var Parse = require('parse/node').Parse;
+/**
+ * Parse Server authentication adapter for Facebook.
+ *
+ * @class FacebookAdapter
+ * @param {Object} options - The adapter configuration options.
+ * @param {string} options.appSecret - Your Facebook App Secret. Required for secure authentication.
+ * @param {string[]} options.appIds - An array of Facebook App IDs. Required for validating the app.
+ *
+ * @description
+ * ## Parse Server Configuration
+ * To configure Parse Server for Facebook authentication, use the following structure:
+ * ```json
+ * {
+ *   "auth": {
+ *     "facebook": {
+ *       "appSecret": "your-app-secret",
+ *       "appIds": ["your-app-id"]
+ *     }
+ *   }
+ * }
+ * ```
+ *
+ * The adapter supports the following authentication methods:
+ * - **Standard Login**: Requires `id` and `access_token`.
+ * - **Limited Login**: Requires `id` and `token`.
+ *
+ * ## Auth Payloads
+ * ### Standard Login Payload
+ * ```json
+ * {
+ *   "facebook": {
+ *     "id": "1234567",
+ *     "access_token": "abc123def456ghi789"
+ *   }
+ * }
+ * ```
+ *
+ * ### Limited Login Payload
+ * ```json
+ * {
+ *   "facebook": {
+ *     "id": "1234567",
+ *     "token": "xxxxx.yyyyy.zzzzz"
+ *   }
+ * }
+ * ```
+ *
+ * ## Notes
+ * - **Standard Login**: Use `id` and `access_token` for full functionality.
+ * - **Limited Login**: Use `id` and `token` (JWT) when tracking is opted out (e.g., via Apple's App Tracking Transparency).
+ * - Supported Parse Server versions:
+ *   - `>= 6.5.6 < 7`
+ *   - `>= 7.0.1`
+ *
+ * Secure authentication is recommended to ensure proper data protection and compliance with Facebook's guidelines.
+ *
+ * @see {@link https://developers.facebook.com/docs/facebook-login/limited-login/ Facebook Limited Login}
+ * @see {@link https://developers.facebook.com/docs/facebook-login/facebook-login-for-business/ Facebook Login for Business}
+ */
 
-// Returns a promise that fulfills iff this user id is valid.
-function validateAuthData(authData) {
-  return graphRequest('me?fields=id&access_token=' + authData.access_token).then(data => {
-    if (data && data.id == authData.id) {
+// Helper functions for accessing the Facebook Graph API.
+const Parse = require('parse/node').Parse;
+const crypto = require('crypto');
+const jwksClient = require('jwks-rsa');
+const jwt = require('jsonwebtoken');
+const httpsRequest = require('./httpsRequest');
+const authUtils = require('./utils');
+const TOKEN_ISSUER = 'https://www.facebook.com';
+function getAppSecretPath(authData, options = {}) {
+  const appSecret = options.appSecret;
+  if (!appSecret) {
+    return '';
+  }
+  const appsecret_proof = crypto.createHmac('sha256', appSecret).update(authData.access_token).digest('hex');
+  return `&appsecret_proof=${appsecret_proof}`;
+}
+function validateGraphToken(authData, options) {
+  return graphRequest('me?fields=id&access_token=' + authData.access_token + getAppSecretPath(authData, options)).then(data => {
+    if (data && data.id == authData.id || process.env.TESTING && authData.id === 'test') {
       return;
     }
     throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Facebook auth is invalid for this user.');
   });
 }
-
-// Returns a promise that fulfills iff this app id is valid.
-function validateAppId(appIds, authData) {
+async function validateGraphAppId(appIds, authData, options) {
   var access_token = authData.access_token;
+  if (process.env.TESTING && access_token === 'test') {
+    return;
+  }
+  if (!Array.isArray(appIds)) {
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'appIds must be an array.');
+  }
   if (!appIds.length) {
     throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Facebook auth is not configured.');
   }
-  return graphRequest('app?access_token=' + access_token).then(data => {
-    if (data && appIds.indexOf(data.id) != -1) {
-      return;
-    }
+  const data = await graphRequest(`app?access_token=${access_token}${getAppSecretPath(authData, options)}`);
+  if (!data || !appIds.includes(data.id)) {
     throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Facebook auth is invalid for this user.');
+  }
+}
+const getFacebookKeyByKeyId = async (keyId, cacheMaxEntries, cacheMaxAge) => {
+  const client = jwksClient({
+    jwksUri: `${TOKEN_ISSUER}/.well-known/oauth/openid/jwks/`,
+    cache: true,
+    cacheMaxEntries,
+    cacheMaxAge
   });
+  let key;
+  try {
+    key = await authUtils.getSigningKey(client, keyId);
+  } catch {
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Unable to find matching key for Key ID: ${keyId}`);
+  }
+  return key;
+};
+const verifyIdToken = async ({
+  token,
+  id
+}, {
+  clientId,
+  cacheMaxEntries,
+  cacheMaxAge
+}) => {
+  if (!token) {
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'id token is invalid for this user.');
+  }
+  const {
+    kid: keyId,
+    alg: algorithm
+  } = authUtils.getHeaderFromToken(token);
+  const ONE_HOUR_IN_MS = 3600000;
+  let jwtClaims;
+  cacheMaxAge = cacheMaxAge || ONE_HOUR_IN_MS;
+  cacheMaxEntries = cacheMaxEntries || 5;
+  const facebookKey = await getFacebookKeyByKeyId(keyId, cacheMaxEntries, cacheMaxAge);
+  const signingKey = facebookKey.publicKey || facebookKey.rsaPublicKey;
+  try {
+    jwtClaims = jwt.verify(token, signingKey, {
+      algorithms: algorithm,
+      // the audience can be checked against a string, a regular expression or a list of strings and/or regular expressions.
+      audience: clientId
+    });
+  } catch (exception) {
+    const message = exception.message;
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `${message}`);
+  }
+  if (jwtClaims.iss !== TOKEN_ISSUER) {
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `id token not issued by correct OpenID provider - expected: ${TOKEN_ISSUER} | from: ${jwtClaims.iss}`);
+  }
+  if (jwtClaims.sub !== id) {
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'auth data is invalid for this user.');
+  }
+  return jwtClaims;
+};
+
+// Returns a promise that fulfills iff this user id is valid.
+function validateAuthData(authData, options) {
+  if (authData.token) {
+    return verifyIdToken(authData, options);
+  } else {
+    return validateGraphToken(authData, options);
+  }
+}
+
+// Returns a promise that fulfills iff this app id is valid.
+function validateAppId(appIds, authData, options) {
+  if (authData.token) {
+    return Promise.resolve();
+  } else {
+    return validateGraphAppId(appIds, authData, options);
+  }
 }
 
 // A promisey wrapper for FB graph requests.
 function graphRequest(path) {
-  return new Promise(function (resolve, reject) {
-    https.get('https://graph.facebook.com/' + path, function (res) {
-      var data = '';
-      res.on('data', function (chunk) {
-        data += chunk;
-      });
-      res.on('end', function () {
-        try {
-          data = JSON.parse(data);
-        } catch (e) {
-          return reject(e);
-        }
-        resolve(data);
-      });
-    }).on('error', function () {
-      reject('Failed to validate this access token with Facebook.');
-    });
-  });
+  return httpsRequest.get('https://graph.facebook.com/' + path);
 }
-
 module.exports = {
   validateAppId: validateAppId,
   validateAuthData: validateAuthData
 };
-//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9BZGFwdGVycy9BdXRoL2ZhY2Vib29rLmpzIl0sIm5hbWVzIjpbImh0dHBzIiwicmVxdWlyZSIsIlBhcnNlIiwidmFsaWRhdGVBdXRoRGF0YSIsImF1dGhEYXRhIiwiZ3JhcGhSZXF1ZXN0IiwiYWNjZXNzX3Rva2VuIiwidGhlbiIsImRhdGEiLCJpZCIsIkVycm9yIiwiT0JKRUNUX05PVF9GT1VORCIsInZhbGlkYXRlQXBwSWQiLCJhcHBJZHMiLCJsZW5ndGgiLCJpbmRleE9mIiwicGF0aCIsIlByb21pc2UiLCJyZXNvbHZlIiwicmVqZWN0IiwiZ2V0IiwicmVzIiwib24iLCJjaHVuayIsIkpTT04iLCJwYXJzZSIsImUiLCJtb2R1bGUiLCJleHBvcnRzIl0sIm1hcHBpbmdzIjoiOztBQUFBO0FBQ0EsSUFBSUEsUUFBUUMsUUFBUSxPQUFSLENBQVo7QUFDQSxJQUFJQyxRQUFRRCxRQUFRLFlBQVIsRUFBc0JDLEtBQWxDOztBQUVBO0FBQ0EsU0FBU0MsZ0JBQVQsQ0FBMEJDLFFBQTFCLEVBQW9DO0FBQ2xDLFNBQU9DLGFBQWEsK0JBQStCRCxTQUFTRSxZQUFyRCxFQUNKQyxJQURJLENBQ0VDLElBQUQsSUFBVTtBQUNkLFFBQUlBLFFBQVFBLEtBQUtDLEVBQUwsSUFBV0wsU0FBU0ssRUFBaEMsRUFBb0M7QUFDbEM7QUFDRDtBQUNELFVBQU0sSUFBSVAsTUFBTVEsS0FBVixDQUNKUixNQUFNUSxLQUFOLENBQVlDLGdCQURSLEVBRUoseUNBRkksQ0FBTjtBQUdELEdBUkksQ0FBUDtBQVNEOztBQUVEO0FBQ0EsU0FBU0MsYUFBVCxDQUF1QkMsTUFBdkIsRUFBK0JULFFBQS9CLEVBQXlDO0FBQ3ZDLE1BQUlFLGVBQWVGLFNBQVNFLFlBQTVCO0FBQ0EsTUFBSSxDQUFDTyxPQUFPQyxNQUFaLEVBQW9CO0FBQ2xCLFVBQU0sSUFBSVosTUFBTVEsS0FBVixDQUNKUixNQUFNUSxLQUFOLENBQVlDLGdCQURSLEVBRUosa0NBRkksQ0FBTjtBQUdEO0FBQ0QsU0FBT04sYUFBYSxzQkFBc0JDLFlBQW5DLEVBQ0pDLElBREksQ0FDRUMsSUFBRCxJQUFVO0FBQ2QsUUFBSUEsUUFBUUssT0FBT0UsT0FBUCxDQUFlUCxLQUFLQyxFQUFwQixLQUEyQixDQUFDLENBQXhDLEVBQTJDO0FBQ3pDO0FBQ0Q7QUFDRCxVQUFNLElBQUlQLE1BQU1RLEtBQVYsQ0FDSlIsTUFBTVEsS0FBTixDQUFZQyxnQkFEUixFQUVKLHlDQUZJLENBQU47QUFHRCxHQVJJLENBQVA7QUFTRDs7QUFFRDtBQUNBLFNBQVNOLFlBQVQsQ0FBc0JXLElBQXRCLEVBQTRCO0FBQzFCLFNBQU8sSUFBSUMsT0FBSixDQUFZLFVBQVNDLE9BQVQsRUFBa0JDLE1BQWxCLEVBQTBCO0FBQzNDbkIsVUFBTW9CLEdBQU4sQ0FBVSxnQ0FBZ0NKLElBQTFDLEVBQWdELFVBQVNLLEdBQVQsRUFBYztBQUM1RCxVQUFJYixPQUFPLEVBQVg7QUFDQWEsVUFBSUMsRUFBSixDQUFPLE1BQVAsRUFBZSxVQUFTQyxLQUFULEVBQWdCO0FBQzdCZixnQkFBUWUsS0FBUjtBQUNELE9BRkQ7QUFHQUYsVUFBSUMsRUFBSixDQUFPLEtBQVAsRUFBYyxZQUFXO0FBQ3ZCLFlBQUk7QUFDRmQsaUJBQU9nQixLQUFLQyxLQUFMLENBQVdqQixJQUFYLENBQVA7QUFDRCxTQUZELENBRUUsT0FBTWtCLENBQU4sRUFBUztBQUNULGlCQUFPUCxPQUFPTyxDQUFQLENBQVA7QUFDRDtBQUNEUixnQkFBUVYsSUFBUjtBQUNELE9BUEQ7QUFRRCxLQWJELEVBYUdjLEVBYkgsQ0FhTSxPQWJOLEVBYWUsWUFBVztBQUN4QkgsYUFBTyxxREFBUDtBQUNELEtBZkQ7QUFnQkQsR0FqQk0sQ0FBUDtBQWtCRDs7QUFFRFEsT0FBT0MsT0FBUCxHQUFpQjtBQUNmaEIsaUJBQWVBLGFBREE7QUFFZlQsb0JBQWtCQTtBQUZILENBQWpCIiwiZmlsZSI6ImZhY2Vib29rLmpzIiwic291cmNlc0NvbnRlbnQiOlsiLy8gSGVscGVyIGZ1bmN0aW9ucyBmb3IgYWNjZXNzaW5nIHRoZSBGYWNlYm9vayBHcmFwaCBBUEkuXG52YXIgaHR0cHMgPSByZXF1aXJlKCdodHRwcycpO1xudmFyIFBhcnNlID0gcmVxdWlyZSgncGFyc2Uvbm9kZScpLlBhcnNlO1xuXG4vLyBSZXR1cm5zIGEgcHJvbWlzZSB0aGF0IGZ1bGZpbGxzIGlmZiB0aGlzIHVzZXIgaWQgaXMgdmFsaWQuXG5mdW5jdGlvbiB2YWxpZGF0ZUF1dGhEYXRhKGF1dGhEYXRhKSB7XG4gIHJldHVybiBncmFwaFJlcXVlc3QoJ21lP2ZpZWxkcz1pZCZhY2Nlc3NfdG9rZW49JyArIGF1dGhEYXRhLmFjY2Vzc190b2tlbilcbiAgICAudGhlbigoZGF0YSkgPT4ge1xuICAgICAgaWYgKGRhdGEgJiYgZGF0YS5pZCA9PSBhdXRoRGF0YS5pZCkge1xuICAgICAgICByZXR1cm47XG4gICAgICB9XG4gICAgICB0aHJvdyBuZXcgUGFyc2UuRXJyb3IoXG4gICAgICAgIFBhcnNlLkVycm9yLk9CSkVDVF9OT1RfRk9VTkQsXG4gICAgICAgICdGYWNlYm9vayBhdXRoIGlzIGludmFsaWQgZm9yIHRoaXMgdXNlci4nKTtcbiAgICB9KTtcbn1cblxuLy8gUmV0dXJucyBhIHByb21pc2UgdGhhdCBmdWxmaWxscyBpZmYgdGhpcyBhcHAgaWQgaXMgdmFsaWQuXG5mdW5jdGlvbiB2YWxpZGF0ZUFwcElkKGFwcElkcywgYXV0aERhdGEpIHtcbiAgdmFyIGFjY2Vzc190b2tlbiA9IGF1dGhEYXRhLmFjY2Vzc190b2tlbjtcbiAgaWYgKCFhcHBJZHMubGVuZ3RoKSB7XG4gICAgdGhyb3cgbmV3IFBhcnNlLkVycm9yKFxuICAgICAgUGFyc2UuRXJyb3IuT0JKRUNUX05PVF9GT1VORCxcbiAgICAgICdGYWNlYm9vayBhdXRoIGlzIG5vdCBjb25maWd1cmVkLicpO1xuICB9XG4gIHJldHVybiBncmFwaFJlcXVlc3QoJ2FwcD9hY2Nlc3NfdG9rZW49JyArIGFjY2Vzc190b2tlbilcbiAgICAudGhlbigoZGF0YSkgPT4ge1xuICAgICAgaWYgKGRhdGEgJiYgYXBwSWRzLmluZGV4T2YoZGF0YS5pZCkgIT0gLTEpIHtcbiAgICAgICAgcmV0dXJuO1xuICAgICAgfVxuICAgICAgdGhyb3cgbmV3IFBhcnNlLkVycm9yKFxuICAgICAgICBQYXJzZS5FcnJvci5PQkpFQ1RfTk9UX0ZPVU5ELFxuICAgICAgICAnRmFjZWJvb2sgYXV0aCBpcyBpbnZhbGlkIGZvciB0aGlzIHVzZXIuJyk7XG4gICAgfSk7XG59XG5cbi8vIEEgcHJvbWlzZXkgd3JhcHBlciBmb3IgRkIgZ3JhcGggcmVxdWVzdHMuXG5mdW5jdGlvbiBncmFwaFJlcXVlc3QocGF0aCkge1xuICByZXR1cm4gbmV3IFByb21pc2UoZnVuY3Rpb24ocmVzb2x2ZSwgcmVqZWN0KSB7XG4gICAgaHR0cHMuZ2V0KCdodHRwczovL2dyYXBoLmZhY2Vib29rLmNvbS8nICsgcGF0aCwgZnVuY3Rpb24ocmVzKSB7XG4gICAgICB2YXIgZGF0YSA9ICcnO1xuICAgICAgcmVzLm9uKCdkYXRhJywgZnVuY3Rpb24oY2h1bmspIHtcbiAgICAgICAgZGF0YSArPSBjaHVuaztcbiAgICAgIH0pO1xuICAgICAgcmVzLm9uKCdlbmQnLCBmdW5jdGlvbigpIHtcbiAgICAgICAgdHJ5IHtcbiAgICAgICAgICBkYXRhID0gSlNPTi5wYXJzZShkYXRhKTtcbiAgICAgICAgfSBjYXRjaChlKSB7XG4gICAgICAgICAgcmV0dXJuIHJlamVjdChlKTtcbiAgICAgICAgfVxuICAgICAgICByZXNvbHZlKGRhdGEpO1xuICAgICAgfSk7XG4gICAgfSkub24oJ2Vycm9yJywgZnVuY3Rpb24oKSB7XG4gICAgICByZWplY3QoJ0ZhaWxlZCB0byB2YWxpZGF0ZSB0aGlzIGFjY2VzcyB0b2tlbiB3aXRoIEZhY2Vib29rLicpO1xuICAgIH0pO1xuICB9KTtcbn1cblxubW9kdWxlLmV4cG9ydHMgPSB7XG4gIHZhbGlkYXRlQXBwSWQ6IHZhbGlkYXRlQXBwSWQsXG4gIHZhbGlkYXRlQXV0aERhdGE6IHZhbGlkYXRlQXV0aERhdGFcbn07XG4iXX0=
+//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJuYW1lcyI6WyJQYXJzZSIsInJlcXVpcmUiLCJjcnlwdG8iLCJqd2tzQ2xpZW50Iiwiand0IiwiaHR0cHNSZXF1ZXN0IiwiYXV0aFV0aWxzIiwiVE9LRU5fSVNTVUVSIiwiZ2V0QXBwU2VjcmV0UGF0aCIsImF1dGhEYXRhIiwib3B0aW9ucyIsImFwcFNlY3JldCIsImFwcHNlY3JldF9wcm9vZiIsImNyZWF0ZUhtYWMiLCJ1cGRhdGUiLCJhY2Nlc3NfdG9rZW4iLCJkaWdlc3QiLCJ2YWxpZGF0ZUdyYXBoVG9rZW4iLCJncmFwaFJlcXVlc3QiLCJ0aGVuIiwiZGF0YSIsImlkIiwicHJvY2VzcyIsImVudiIsIlRFU1RJTkciLCJFcnJvciIsIk9CSkVDVF9OT1RfRk9VTkQiLCJ2YWxpZGF0ZUdyYXBoQXBwSWQiLCJhcHBJZHMiLCJBcnJheSIsImlzQXJyYXkiLCJsZW5ndGgiLCJpbmNsdWRlcyIsImdldEZhY2Vib29rS2V5QnlLZXlJZCIsImtleUlkIiwiY2FjaGVNYXhFbnRyaWVzIiwiY2FjaGVNYXhBZ2UiLCJjbGllbnQiLCJqd2tzVXJpIiwiY2FjaGUiLCJrZXkiLCJnZXRTaWduaW5nS2V5IiwidmVyaWZ5SWRUb2tlbiIsInRva2VuIiwiY2xpZW50SWQiLCJraWQiLCJhbGciLCJhbGdvcml0aG0iLCJnZXRIZWFkZXJGcm9tVG9rZW4iLCJPTkVfSE9VUl9JTl9NUyIsImp3dENsYWltcyIsImZhY2Vib29rS2V5Iiwic2lnbmluZ0tleSIsInB1YmxpY0tleSIsInJzYVB1YmxpY0tleSIsInZlcmlmeSIsImFsZ29yaXRobXMiLCJhdWRpZW5jZSIsImV4Y2VwdGlvbiIsIm1lc3NhZ2UiLCJpc3MiLCJzdWIiLCJ2YWxpZGF0ZUF1dGhEYXRhIiwidmFsaWRhdGVBcHBJZCIsIlByb21pc2UiLCJyZXNvbHZlIiwicGF0aCIsImdldCIsIm1vZHVsZSIsImV4cG9ydHMiXSwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvQWRhcHRlcnMvQXV0aC9mYWNlYm9vay5qcyJdLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqIFBhcnNlIFNlcnZlciBhdXRoZW50aWNhdGlvbiBhZGFwdGVyIGZvciBGYWNlYm9vay5cbiAqXG4gKiBAY2xhc3MgRmFjZWJvb2tBZGFwdGVyXG4gKiBAcGFyYW0ge09iamVjdH0gb3B0aW9ucyAtIFRoZSBhZGFwdGVyIGNvbmZpZ3VyYXRpb24gb3B0aW9ucy5cbiAqIEBwYXJhbSB7c3RyaW5nfSBvcHRpb25zLmFwcFNlY3JldCAtIFlvdXIgRmFjZWJvb2sgQXBwIFNlY3JldC4gUmVxdWlyZWQgZm9yIHNlY3VyZSBhdXRoZW50aWNhdGlvbi5cbiAqIEBwYXJhbSB7c3RyaW5nW119IG9wdGlvbnMuYXBwSWRzIC0gQW4gYXJyYXkgb2YgRmFjZWJvb2sgQXBwIElEcy4gUmVxdWlyZWQgZm9yIHZhbGlkYXRpbmcgdGhlIGFwcC5cbiAqXG4gKiBAZGVzY3JpcHRpb25cbiAqICMjIFBhcnNlIFNlcnZlciBDb25maWd1cmF0aW9uXG4gKiBUbyBjb25maWd1cmUgUGFyc2UgU2VydmVyIGZvciBGYWNlYm9vayBhdXRoZW50aWNhdGlvbiwgdXNlIHRoZSBmb2xsb3dpbmcgc3RydWN0dXJlOlxuICogYGBganNvblxuICoge1xuICogICBcImF1dGhcIjoge1xuICogICAgIFwiZmFjZWJvb2tcIjoge1xuICogICAgICAgXCJhcHBTZWNyZXRcIjogXCJ5b3VyLWFwcC1zZWNyZXRcIixcbiAqICAgICAgIFwiYXBwSWRzXCI6IFtcInlvdXItYXBwLWlkXCJdXG4gKiAgICAgfVxuICogICB9XG4gKiB9XG4gKiBgYGBcbiAqXG4gKiBUaGUgYWRhcHRlciBzdXBwb3J0cyB0aGUgZm9sbG93aW5nIGF1dGhlbnRpY2F0aW9uIG1ldGhvZHM6XG4gKiAtICoqU3RhbmRhcmQgTG9naW4qKjogUmVxdWlyZXMgYGlkYCBhbmQgYGFjY2Vzc190b2tlbmAuXG4gKiAtICoqTGltaXRlZCBMb2dpbioqOiBSZXF1aXJlcyBgaWRgIGFuZCBgdG9rZW5gLlxuICpcbiAqICMjIEF1dGggUGF5bG9hZHNcbiAqICMjIyBTdGFuZGFyZCBMb2dpbiBQYXlsb2FkXG4gKiBgYGBqc29uXG4gKiB7XG4gKiAgIFwiZmFjZWJvb2tcIjoge1xuICogICAgIFwiaWRcIjogXCIxMjM0NTY3XCIsXG4gKiAgICAgXCJhY2Nlc3NfdG9rZW5cIjogXCJhYmMxMjNkZWY0NTZnaGk3ODlcIlxuICogICB9XG4gKiB9XG4gKiBgYGBcbiAqXG4gKiAjIyMgTGltaXRlZCBMb2dpbiBQYXlsb2FkXG4gKiBgYGBqc29uXG4gKiB7XG4gKiAgIFwiZmFjZWJvb2tcIjoge1xuICogICAgIFwiaWRcIjogXCIxMjM0NTY3XCIsXG4gKiAgICAgXCJ0b2tlblwiOiBcInh4eHh4Lnl5eXl5Lnp6enp6XCJcbiAqICAgfVxuICogfVxuICogYGBgXG4gKlxuICogIyMgTm90ZXNcbiAqIC0gKipTdGFuZGFyZCBMb2dpbioqOiBVc2UgYGlkYCBhbmQgYGFjY2Vzc190b2tlbmAgZm9yIGZ1bGwgZnVuY3Rpb25hbGl0eS5cbiAqIC0gKipMaW1pdGVkIExvZ2luKio6IFVzZSBgaWRgIGFuZCBgdG9rZW5gIChKV1QpIHdoZW4gdHJhY2tpbmcgaXMgb3B0ZWQgb3V0IChlLmcuLCB2aWEgQXBwbGUncyBBcHAgVHJhY2tpbmcgVHJhbnNwYXJlbmN5KS5cbiAqIC0gU3VwcG9ydGVkIFBhcnNlIFNlcnZlciB2ZXJzaW9uczpcbiAqICAgLSBgPj0gNi41LjYgPCA3YFxuICogICAtIGA+PSA3LjAuMWBcbiAqXG4gKiBTZWN1cmUgYXV0aGVudGljYXRpb24gaXMgcmVjb21tZW5kZWQgdG8gZW5zdXJlIHByb3BlciBkYXRhIHByb3RlY3Rpb24gYW5kIGNvbXBsaWFuY2Ugd2l0aCBGYWNlYm9vaydzIGd1aWRlbGluZXMuXG4gKlxuICogQHNlZSB7QGxpbmsgaHR0cHM6Ly9kZXZlbG9wZXJzLmZhY2Vib29rLmNvbS9kb2NzL2ZhY2Vib29rLWxvZ2luL2xpbWl0ZWQtbG9naW4vIEZhY2Vib29rIExpbWl0ZWQgTG9naW59XG4gKiBAc2VlIHtAbGluayBodHRwczovL2RldmVsb3BlcnMuZmFjZWJvb2suY29tL2RvY3MvZmFjZWJvb2stbG9naW4vZmFjZWJvb2stbG9naW4tZm9yLWJ1c2luZXNzLyBGYWNlYm9vayBMb2dpbiBmb3IgQnVzaW5lc3N9XG4gKi9cblxuLy8gSGVscGVyIGZ1bmN0aW9ucyBmb3IgYWNjZXNzaW5nIHRoZSBGYWNlYm9vayBHcmFwaCBBUEkuXG5jb25zdCBQYXJzZSA9IHJlcXVpcmUoJ3BhcnNlL25vZGUnKS5QYXJzZTtcbmNvbnN0IGNyeXB0byA9IHJlcXVpcmUoJ2NyeXB0bycpO1xuY29uc3Qgandrc0NsaWVudCA9IHJlcXVpcmUoJ2p3a3MtcnNhJyk7XG5jb25zdCBqd3QgPSByZXF1aXJlKCdqc29ud2VidG9rZW4nKTtcbmNvbnN0IGh0dHBzUmVxdWVzdCA9IHJlcXVpcmUoJy4vaHR0cHNSZXF1ZXN0Jyk7XG5jb25zdCBhdXRoVXRpbHMgPSByZXF1aXJlKCcuL3V0aWxzJyk7XG5cbmNvbnN0IFRPS0VOX0lTU1VFUiA9ICdodHRwczovL3d3dy5mYWNlYm9vay5jb20nO1xuXG5mdW5jdGlvbiBnZXRBcHBTZWNyZXRQYXRoKGF1dGhEYXRhLCBvcHRpb25zID0ge30pIHtcbiAgY29uc3QgYXBwU2VjcmV0ID0gb3B0aW9ucy5hcHBTZWNyZXQ7XG4gIGlmICghYXBwU2VjcmV0KSB7XG4gICAgcmV0dXJuICcnO1xuICB9XG4gIGNvbnN0IGFwcHNlY3JldF9wcm9vZiA9IGNyeXB0b1xuICAgIC5jcmVhdGVIbWFjKCdzaGEyNTYnLCBhcHBTZWNyZXQpXG4gICAgLnVwZGF0ZShhdXRoRGF0YS5hY2Nlc3NfdG9rZW4pXG4gICAgLmRpZ2VzdCgnaGV4Jyk7XG5cbiAgcmV0dXJuIGAmYXBwc2VjcmV0X3Byb29mPSR7YXBwc2VjcmV0X3Byb29mfWA7XG59XG5cbmZ1bmN0aW9uIHZhbGlkYXRlR3JhcGhUb2tlbihhdXRoRGF0YSwgb3B0aW9ucykge1xuICByZXR1cm4gZ3JhcGhSZXF1ZXN0KFxuICAgICdtZT9maWVsZHM9aWQmYWNjZXNzX3Rva2VuPScgKyBhdXRoRGF0YS5hY2Nlc3NfdG9rZW4gKyBnZXRBcHBTZWNyZXRQYXRoKGF1dGhEYXRhLCBvcHRpb25zKVxuICApLnRoZW4oZGF0YSA9PiB7XG4gICAgaWYgKChkYXRhICYmIGRhdGEuaWQgPT0gYXV0aERhdGEuaWQpIHx8IChwcm9jZXNzLmVudi5URVNUSU5HICYmIGF1dGhEYXRhLmlkID09PSAndGVzdCcpKSB7XG4gICAgICByZXR1cm47XG4gICAgfVxuICAgIHRocm93IG5ldyBQYXJzZS5FcnJvcihQYXJzZS5FcnJvci5PQkpFQ1RfTk9UX0ZPVU5ELCAnRmFjZWJvb2sgYXV0aCBpcyBpbnZhbGlkIGZvciB0aGlzIHVzZXIuJyk7XG4gIH0pO1xufVxuXG5hc3luYyBmdW5jdGlvbiB2YWxpZGF0ZUdyYXBoQXBwSWQoYXBwSWRzLCBhdXRoRGF0YSwgb3B0aW9ucykge1xuICB2YXIgYWNjZXNzX3Rva2VuID0gYXV0aERhdGEuYWNjZXNzX3Rva2VuO1xuICBpZiAocHJvY2Vzcy5lbnYuVEVTVElORyAmJiBhY2Nlc3NfdG9rZW4gPT09ICd0ZXN0Jykge1xuICAgIHJldHVybjtcbiAgfVxuICBpZiAoIUFycmF5LmlzQXJyYXkoYXBwSWRzKSkge1xuICAgIHRocm93IG5ldyBQYXJzZS5FcnJvcihQYXJzZS5FcnJvci5PQkpFQ1RfTk9UX0ZPVU5ELCAnYXBwSWRzIG11c3QgYmUgYW4gYXJyYXkuJyk7XG4gIH1cbiAgaWYgKCFhcHBJZHMubGVuZ3RoKSB7XG4gICAgdGhyb3cgbmV3IFBhcnNlLkVycm9yKFBhcnNlLkVycm9yLk9CSkVDVF9OT1RfRk9VTkQsICdGYWNlYm9vayBhdXRoIGlzIG5vdCBjb25maWd1cmVkLicpO1xuICB9XG4gIGNvbnN0IGRhdGEgPSBhd2FpdCBncmFwaFJlcXVlc3QoXG4gICAgYGFwcD9hY2Nlc3NfdG9rZW49JHthY2Nlc3NfdG9rZW59JHtnZXRBcHBTZWNyZXRQYXRoKGF1dGhEYXRhLCBvcHRpb25zKX1gXG4gICk7XG4gIGlmICghZGF0YSB8fCAhYXBwSWRzLmluY2x1ZGVzKGRhdGEuaWQpKSB7XG4gICAgdGhyb3cgbmV3IFBhcnNlLkVycm9yKFBhcnNlLkVycm9yLk9CSkVDVF9OT1RfRk9VTkQsICdGYWNlYm9vayBhdXRoIGlzIGludmFsaWQgZm9yIHRoaXMgdXNlci4nKTtcbiAgfVxufVxuXG5jb25zdCBnZXRGYWNlYm9va0tleUJ5S2V5SWQgPSBhc3luYyAoa2V5SWQsIGNhY2hlTWF4RW50cmllcywgY2FjaGVNYXhBZ2UpID0+IHtcbiAgY29uc3QgY2xpZW50ID0gandrc0NsaWVudCh7XG4gICAgandrc1VyaTogYCR7VE9LRU5fSVNTVUVSfS8ud2VsbC1rbm93bi9vYXV0aC9vcGVuaWQvandrcy9gLFxuICAgIGNhY2hlOiB0cnVlLFxuICAgIGNhY2hlTWF4RW50cmllcyxcbiAgICBjYWNoZU1heEFnZSxcbiAgfSk7XG5cbiAgbGV0IGtleTtcbiAgdHJ5IHtcbiAgICBrZXkgPSBhd2FpdCBhdXRoVXRpbHMuZ2V0U2lnbmluZ0tleShjbGllbnQsIGtleUlkKTtcbiAgfSBjYXRjaCB7XG4gICAgdGhyb3cgbmV3IFBhcnNlLkVycm9yKFxuICAgICAgUGFyc2UuRXJyb3IuT0JKRUNUX05PVF9GT1VORCxcbiAgICAgIGBVbmFibGUgdG8gZmluZCBtYXRjaGluZyBrZXkgZm9yIEtleSBJRDogJHtrZXlJZH1gXG4gICAgKTtcbiAgfVxuICByZXR1cm4ga2V5O1xufTtcblxuY29uc3QgdmVyaWZ5SWRUb2tlbiA9IGFzeW5jICh7IHRva2VuLCBpZCB9LCB7IGNsaWVudElkLCBjYWNoZU1heEVudHJpZXMsIGNhY2hlTWF4QWdlIH0pID0+IHtcbiAgaWYgKCF0b2tlbikge1xuICAgIHRocm93IG5ldyBQYXJzZS5FcnJvcihQYXJzZS5FcnJvci5PQkpFQ1RfTk9UX0ZPVU5ELCAnaWQgdG9rZW4gaXMgaW52YWxpZCBmb3IgdGhpcyB1c2VyLicpO1xuICB9XG5cbiAgY29uc3QgeyBraWQ6IGtleUlkLCBhbGc6IGFsZ29yaXRobSB9ID0gYXV0aFV0aWxzLmdldEhlYWRlckZyb21Ub2tlbih0b2tlbik7XG4gIGNvbnN0IE9ORV9IT1VSX0lOX01TID0gMzYwMDAwMDtcbiAgbGV0IGp3dENsYWltcztcblxuICBjYWNoZU1heEFnZSA9IGNhY2hlTWF4QWdlIHx8IE9ORV9IT1VSX0lOX01TO1xuICBjYWNoZU1heEVudHJpZXMgPSBjYWNoZU1heEVudHJpZXMgfHwgNTtcblxuICBjb25zdCBmYWNlYm9va0tleSA9IGF3YWl0IGdldEZhY2Vib29rS2V5QnlLZXlJZChrZXlJZCwgY2FjaGVNYXhFbnRyaWVzLCBjYWNoZU1heEFnZSk7XG4gIGNvbnN0IHNpZ25pbmdLZXkgPSBmYWNlYm9va0tleS5wdWJsaWNLZXkgfHwgZmFjZWJvb2tLZXkucnNhUHVibGljS2V5O1xuXG4gIHRyeSB7XG4gICAgand0Q2xhaW1zID0gand0LnZlcmlmeSh0b2tlbiwgc2lnbmluZ0tleSwge1xuICAgICAgYWxnb3JpdGhtczogYWxnb3JpdGhtLFxuICAgICAgLy8gdGhlIGF1ZGllbmNlIGNhbiBiZSBjaGVja2VkIGFnYWluc3QgYSBzdHJpbmcsIGEgcmVndWxhciBleHByZXNzaW9uIG9yIGEgbGlzdCBvZiBzdHJpbmdzIGFuZC9vciByZWd1bGFyIGV4cHJlc3Npb25zLlxuICAgICAgYXVkaWVuY2U6IGNsaWVudElkLFxuICAgIH0pO1xuICB9IGNhdGNoIChleGNlcHRpb24pIHtcbiAgICBjb25zdCBtZXNzYWdlID0gZXhjZXB0aW9uLm1lc3NhZ2U7XG5cbiAgICB0aHJvdyBuZXcgUGFyc2UuRXJyb3IoUGFyc2UuRXJyb3IuT0JKRUNUX05PVF9GT1VORCwgYCR7bWVzc2FnZX1gKTtcbiAgfVxuXG4gIGlmIChqd3RDbGFpbXMuaXNzICE9PSBUT0tFTl9JU1NVRVIpIHtcbiAgICB0aHJvdyBuZXcgUGFyc2UuRXJyb3IoXG4gICAgICBQYXJzZS5FcnJvci5PQkpFQ1RfTk9UX0ZPVU5ELFxuICAgICAgYGlkIHRva2VuIG5vdCBpc3N1ZWQgYnkgY29ycmVjdCBPcGVuSUQgcHJvdmlkZXIgLSBleHBlY3RlZDogJHtUT0tFTl9JU1NVRVJ9IHwgZnJvbTogJHtqd3RDbGFpbXMuaXNzfWBcbiAgICApO1xuICB9XG5cbiAgaWYgKGp3dENsYWltcy5zdWIgIT09IGlkKSB7XG4gICAgdGhyb3cgbmV3IFBhcnNlLkVycm9yKFBhcnNlLkVycm9yLk9CSkVDVF9OT1RfRk9VTkQsICdhdXRoIGRhdGEgaXMgaW52YWxpZCBmb3IgdGhpcyB1c2VyLicpO1xuICB9XG4gIHJldHVybiBqd3RDbGFpbXM7XG59O1xuXG4vLyBSZXR1cm5zIGEgcHJvbWlzZSB0aGF0IGZ1bGZpbGxzIGlmZiB0aGlzIHVzZXIgaWQgaXMgdmFsaWQuXG5mdW5jdGlvbiB2YWxpZGF0ZUF1dGhEYXRhKGF1dGhEYXRhLCBvcHRpb25zKSB7XG4gIGlmIChhdXRoRGF0YS50b2tlbikge1xuICAgIHJldHVybiB2ZXJpZnlJZFRva2VuKGF1dGhEYXRhLCBvcHRpb25zKTtcbiAgfSBlbHNlIHtcbiAgICByZXR1cm4gdmFsaWRhdGVHcmFwaFRva2VuKGF1dGhEYXRhLCBvcHRpb25zKTtcbiAgfVxufVxuXG4vLyBSZXR1cm5zIGEgcHJvbWlzZSB0aGF0IGZ1bGZpbGxzIGlmZiB0aGlzIGFwcCBpZCBpcyB2YWxpZC5cbmZ1bmN0aW9uIHZhbGlkYXRlQXBwSWQoYXBwSWRzLCBhdXRoRGF0YSwgb3B0aW9ucykge1xuICBpZiAoYXV0aERhdGEudG9rZW4pIHtcbiAgICByZXR1cm4gUHJvbWlzZS5yZXNvbHZlKCk7XG4gIH0gZWxzZSB7XG4gICAgcmV0dXJuIHZhbGlkYXRlR3JhcGhBcHBJZChhcHBJZHMsIGF1dGhEYXRhLCBvcHRpb25zKTtcbiAgfVxufVxuXG4vLyBBIHByb21pc2V5IHdyYXBwZXIgZm9yIEZCIGdyYXBoIHJlcXVlc3RzLlxuZnVuY3Rpb24gZ3JhcGhSZXF1ZXN0KHBhdGgpIHtcbiAgcmV0dXJuIGh0dHBzUmVxdWVzdC5nZXQoJ2h0dHBzOi8vZ3JhcGguZmFjZWJvb2suY29tLycgKyBwYXRoKTtcbn1cblxubW9kdWxlLmV4cG9ydHMgPSB7XG4gIHZhbGlkYXRlQXBwSWQ6IHZhbGlkYXRlQXBwSWQsXG4gIHZhbGlkYXRlQXV0aERhdGE6IHZhbGlkYXRlQXV0aERhdGEsXG59O1xuIl0sIm1hcHBpbmdzIjoiOztBQUFBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7O0FBRUE7QUFDQSxNQUFNQSxLQUFLLEdBQUdDLE9BQU8sQ0FBQyxZQUFZLENBQUMsQ0FBQ0QsS0FBSztBQUN6QyxNQUFNRSxNQUFNLEdBQUdELE9BQU8sQ0FBQyxRQUFRLENBQUM7QUFDaEMsTUFBTUUsVUFBVSxHQUFHRixPQUFPLENBQUMsVUFBVSxDQUFDO0FBQ3RDLE1BQU1HLEdBQUcsR0FBR0gsT0FBTyxDQUFDLGNBQWMsQ0FBQztBQUNuQyxNQUFNSSxZQUFZLEdBQUdKLE9BQU8sQ0FBQyxnQkFBZ0IsQ0FBQztBQUM5QyxNQUFNSyxTQUFTLEdBQUdMLE9BQU8sQ0FBQyxTQUFTLENBQUM7QUFFcEMsTUFBTU0sWUFBWSxHQUFHLDBCQUEwQjtBQUUvQyxTQUFTQyxnQkFBZ0JBLENBQUNDLFFBQVEsRUFBRUMsT0FBTyxHQUFHLENBQUMsQ0FBQyxFQUFFO0VBQ2hELE1BQU1DLFNBQVMsR0FBR0QsT0FBTyxDQUFDQyxTQUFTO0VBQ25DLElBQUksQ0FBQ0EsU0FBUyxFQUFFO0lBQ2QsT0FBTyxFQUFFO0VBQ1g7RUFDQSxNQUFNQyxlQUFlLEdBQUdWLE1BQU0sQ0FDM0JXLFVBQVUsQ0FBQyxRQUFRLEVBQUVGLFNBQVMsQ0FBQyxDQUMvQkcsTUFBTSxDQUFDTCxRQUFRLENBQUNNLFlBQVksQ0FBQyxDQUM3QkMsTUFBTSxDQUFDLEtBQUssQ0FBQztFQUVoQixPQUFPLG9CQUFvQkosZUFBZSxFQUFFO0FBQzlDO0FBRUEsU0FBU0ssa0JBQWtCQSxDQUFDUixRQUFRLEVBQUVDLE9BQU8sRUFBRTtFQUM3QyxPQUFPUSxZQUFZLENBQ2pCLDRCQUE0QixHQUFHVCxRQUFRLENBQUNNLFlBQVksR0FBR1AsZ0JBQWdCLENBQUNDLFFBQVEsRUFBRUMsT0FBTyxDQUMzRixDQUFDLENBQUNTLElBQUksQ0FBQ0MsSUFBSSxJQUFJO0lBQ2IsSUFBS0EsSUFBSSxJQUFJQSxJQUFJLENBQUNDLEVBQUUsSUFBSVosUUFBUSxDQUFDWSxFQUFFLElBQU1DLE9BQU8sQ0FBQ0MsR0FBRyxDQUFDQyxPQUFPLElBQUlmLFFBQVEsQ0FBQ1ksRUFBRSxLQUFLLE1BQU8sRUFBRTtNQUN2RjtJQUNGO0lBQ0EsTUFBTSxJQUFJckIsS0FBSyxDQUFDeUIsS0FBSyxDQUFDekIsS0FBSyxDQUFDeUIsS0FBSyxDQUFDQyxnQkFBZ0IsRUFBRSx5Q0FBeUMsQ0FBQztFQUNoRyxDQUFDLENBQUM7QUFDSjtBQUVBLGVBQWVDLGtCQUFrQkEsQ0FBQ0MsTUFBTSxFQUFFbkIsUUFBUSxFQUFFQyxPQUFPLEVBQUU7RUFDM0QsSUFBSUssWUFBWSxHQUFHTixRQUFRLENBQUNNLFlBQVk7RUFDeEMsSUFBSU8sT0FBTyxDQUFDQyxHQUFHLENBQUNDLE9BQU8sSUFBSVQsWUFBWSxLQUFLLE1BQU0sRUFBRTtJQUNsRDtFQUNGO0VBQ0EsSUFBSSxDQUFDYyxLQUFLLENBQUNDLE9BQU8sQ0FBQ0YsTUFBTSxDQUFDLEVBQUU7SUFDMUIsTUFBTSxJQUFJNUIsS0FBSyxDQUFDeUIsS0FBSyxDQUFDekIsS0FBSyxDQUFDeUIsS0FBSyxDQUFDQyxnQkFBZ0IsRUFBRSwwQkFBMEIsQ0FBQztFQUNqRjtFQUNBLElBQUksQ0FBQ0UsTUFBTSxDQUFDRyxNQUFNLEVBQUU7SUFDbEIsTUFBTSxJQUFJL0IsS0FBSyxDQUFDeUIsS0FBSyxDQUFDekIsS0FBSyxDQUFDeUIsS0FBSyxDQUFDQyxnQkFBZ0IsRUFBRSxrQ0FBa0MsQ0FBQztFQUN6RjtFQUNBLE1BQU1OLElBQUksR0FBRyxNQUFNRixZQUFZLENBQzdCLG9CQUFvQkgsWUFBWSxHQUFHUCxnQkFBZ0IsQ0FBQ0MsUUFBUSxFQUFFQyxPQUFPLENBQUMsRUFDeEUsQ0FBQztFQUNELElBQUksQ0FBQ1UsSUFBSSxJQUFJLENBQUNRLE1BQU0sQ0FBQ0ksUUFBUSxDQUFDWixJQUFJLENBQUNDLEVBQUUsQ0FBQyxFQUFFO0lBQ3RDLE1BQU0sSUFBSXJCLEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ3pCLEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ0MsZ0JBQWdCLEVBQUUseUNBQXlDLENBQUM7RUFDaEc7QUFDRjtBQUVBLE1BQU1PLHFCQUFxQixHQUFHLE1BQUFBLENBQU9DLEtBQUssRUFBRUMsZUFBZSxFQUFFQyxXQUFXLEtBQUs7RUFDM0UsTUFBTUMsTUFBTSxHQUFHbEMsVUFBVSxDQUFDO0lBQ3hCbUMsT0FBTyxFQUFFLEdBQUcvQixZQUFZLGlDQUFpQztJQUN6RGdDLEtBQUssRUFBRSxJQUFJO0lBQ1hKLGVBQWU7SUFDZkM7RUFDRixDQUFDLENBQUM7RUFFRixJQUFJSSxHQUFHO0VBQ1AsSUFBSTtJQUNGQSxHQUFHLEdBQUcsTUFBTWxDLFNBQVMsQ0FBQ21DLGFBQWEsQ0FBQ0osTUFBTSxFQUFFSCxLQUFLLENBQUM7RUFDcEQsQ0FBQyxDQUFDLE1BQU07SUFDTixNQUFNLElBQUlsQyxLQUFLLENBQUN5QixLQUFLLENBQ25CekIsS0FBSyxDQUFDeUIsS0FBSyxDQUFDQyxnQkFBZ0IsRUFDNUIsMkNBQTJDUSxLQUFLLEVBQ2xELENBQUM7RUFDSDtFQUNBLE9BQU9NLEdBQUc7QUFDWixDQUFDO0FBRUQsTUFBTUUsYUFBYSxHQUFHLE1BQUFBLENBQU87RUFBRUMsS0FBSztFQUFFdEI7QUFBRyxDQUFDLEVBQUU7RUFBRXVCLFFBQVE7RUFBRVQsZUFBZTtFQUFFQztBQUFZLENBQUMsS0FBSztFQUN6RixJQUFJLENBQUNPLEtBQUssRUFBRTtJQUNWLE1BQU0sSUFBSTNDLEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ3pCLEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ0MsZ0JBQWdCLEVBQUUsb0NBQW9DLENBQUM7RUFDM0Y7RUFFQSxNQUFNO0lBQUVtQixHQUFHLEVBQUVYLEtBQUs7SUFBRVksR0FBRyxFQUFFQztFQUFVLENBQUMsR0FBR3pDLFNBQVMsQ0FBQzBDLGtCQUFrQixDQUFDTCxLQUFLLENBQUM7RUFDMUUsTUFBTU0sY0FBYyxHQUFHLE9BQU87RUFDOUIsSUFBSUMsU0FBUztFQUViZCxXQUFXLEdBQUdBLFdBQVcsSUFBSWEsY0FBYztFQUMzQ2QsZUFBZSxHQUFHQSxlQUFlLElBQUksQ0FBQztFQUV0QyxNQUFNZ0IsV0FBVyxHQUFHLE1BQU1sQixxQkFBcUIsQ0FBQ0MsS0FBSyxFQUFFQyxlQUFlLEVBQUVDLFdBQVcsQ0FBQztFQUNwRixNQUFNZ0IsVUFBVSxHQUFHRCxXQUFXLENBQUNFLFNBQVMsSUFBSUYsV0FBVyxDQUFDRyxZQUFZO0VBRXBFLElBQUk7SUFDRkosU0FBUyxHQUFHOUMsR0FBRyxDQUFDbUQsTUFBTSxDQUFDWixLQUFLLEVBQUVTLFVBQVUsRUFBRTtNQUN4Q0ksVUFBVSxFQUFFVCxTQUFTO01BQ3JCO01BQ0FVLFFBQVEsRUFBRWI7SUFDWixDQUFDLENBQUM7RUFDSixDQUFDLENBQUMsT0FBT2MsU0FBUyxFQUFFO0lBQ2xCLE1BQU1DLE9BQU8sR0FBR0QsU0FBUyxDQUFDQyxPQUFPO0lBRWpDLE1BQU0sSUFBSTNELEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ3pCLEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ0MsZ0JBQWdCLEVBQUUsR0FBR2lDLE9BQU8sRUFBRSxDQUFDO0VBQ25FO0VBRUEsSUFBSVQsU0FBUyxDQUFDVSxHQUFHLEtBQUtyRCxZQUFZLEVBQUU7SUFDbEMsTUFBTSxJQUFJUCxLQUFLLENBQUN5QixLQUFLLENBQ25CekIsS0FBSyxDQUFDeUIsS0FBSyxDQUFDQyxnQkFBZ0IsRUFDNUIsOERBQThEbkIsWUFBWSxZQUFZMkMsU0FBUyxDQUFDVSxHQUFHLEVBQ3JHLENBQUM7RUFDSDtFQUVBLElBQUlWLFNBQVMsQ0FBQ1csR0FBRyxLQUFLeEMsRUFBRSxFQUFFO0lBQ3hCLE1BQU0sSUFBSXJCLEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ3pCLEtBQUssQ0FBQ3lCLEtBQUssQ0FBQ0MsZ0JBQWdCLEVBQUUscUNBQXFDLENBQUM7RUFDNUY7RUFDQSxPQUFPd0IsU0FBUztBQUNsQixDQUFDOztBQUVEO0FBQ0EsU0FBU1ksZ0JBQWdCQSxDQUFDckQsUUFBUSxFQUFFQyxPQUFPLEVBQUU7RUFDM0MsSUFBSUQsUUFBUSxDQUFDa0MsS0FBSyxFQUFFO0lBQ2xCLE9BQU9ELGFBQWEsQ0FBQ2pDLFFBQVEsRUFBRUMsT0FBTyxDQUFDO0VBQ3pDLENBQUMsTUFBTTtJQUNMLE9BQU9PLGtCQUFrQixDQUFDUixRQUFRLEVBQUVDLE9BQU8sQ0FBQztFQUM5QztBQUNGOztBQUVBO0FBQ0EsU0FBU3FELGFBQWFBLENBQUNuQyxNQUFNLEVBQUVuQixRQUFRLEVBQUVDLE9BQU8sRUFBRTtFQUNoRCxJQUFJRCxRQUFRLENBQUNrQyxLQUFLLEVBQUU7SUFDbEIsT0FBT3FCLE9BQU8sQ0FBQ0MsT0FBTyxDQUFDLENBQUM7RUFDMUIsQ0FBQyxNQUFNO0lBQ0wsT0FBT3RDLGtCQUFrQixDQUFDQyxNQUFNLEVBQUVuQixRQUFRLEVBQUVDLE9BQU8sQ0FBQztFQUN0RDtBQUNGOztBQUVBO0FBQ0EsU0FBU1EsWUFBWUEsQ0FBQ2dELElBQUksRUFBRTtFQUMxQixPQUFPN0QsWUFBWSxDQUFDOEQsR0FBRyxDQUFDLDZCQUE2QixHQUFHRCxJQUFJLENBQUM7QUFDL0Q7QUFFQUUsTUFBTSxDQUFDQyxPQUFPLEdBQUc7RUFDZk4sYUFBYSxFQUFFQSxhQUFhO0VBQzVCRCxnQkFBZ0IsRUFBRUE7QUFDcEIsQ0FBQyIsImlnbm9yZUxpc3QiOltdfQ==

package/lib/Adapters/Auth/gcenter.js

@@ -0,0 +1,217 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = void 0;
+var _crypto = _interopRequireDefault(require("crypto"));
+var _nodeForge = require("node-forge");
+var _AuthAdapter = _interopRequireDefault(require("./AuthAdapter"));
+function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+/**
+ * Parse Server authentication adapter for Apple Game Center.
+ *
+ * @class AppleGameCenterAdapter
+ * @param {Object} options - Configuration options for the adapter.
+ * @param {string} options.bundleId - Your Apple Game Center bundle ID. Required for secure authentication.
+ * @param {boolean} [options.enableInsecureAuth=false] - **[DEPRECATED]** Enable insecure authentication (not recommended).
+ *
+ * @param {Object} authData - The authentication data provided by the client.
+ * @param {string} authData.id - The user ID obtained from Apple Game Center.
+ * @param {string} authData.publicKeyUrl - The public key URL obtained from Apple Game Center.
+ * @param {string} authData.timestamp - The timestamp obtained from Apple Game Center.
+ * @param {string} authData.signature - The signature obtained from Apple Game Center.
+ * @param {string} authData.salt - The salt obtained from Apple Game Center.
+ * @param {string} [authData.bundleId] - **[DEPRECATED]** The bundle ID obtained from Apple Game Center (required for insecure authentication).
+ *
+ * @description
+ * ## Parse Server Configuration
+ * The following `authData` fields are required:
+ * `id`, `publicKeyUrl`, `timestamp`, `signature`, and `salt`. These fields are validated against the configured `bundleId` for additional security.
+ *
+ * To configure Parse Server for Apple Game Center authentication, use the following structure:
+ * ```json
+ * {
+ *  "auth": {
+ *    "gcenter": {
+ *     "bundleId": "com.valid.app"
+ *  }
+ * }
+ * ```
+ *
+ * ## Insecure Authentication (Not Recommended)
+ * The following `authData` fields are required for insecure authentication:
+ * `id`, `publicKeyUrl`, `timestamp`, `signature`, `salt`, and `bundleId` (**[DEPRECATED]**). This flow is insecure and poses potential security risks.
+ *
+ * To configure Parse Server for insecure authentication, use the following structure:
+ * ```json
+ * {
+ *   "auth": {
+ *    "gcenter": {
+ *      "enableInsecureAuth": true
+ *   }
+ * }
+ * ```
+ *
+ * ### Deprecation Notice
+ * The `enableInsecureAuth` option and `authData.bundleId` parameter are deprecated and may be removed in future releases. Use secure authentication with the `bundleId` configured in the `options` object instead.
+ *
+ *
+ * @example <caption>Secure Authentication Example</caption>
+ * // Example authData for secure authentication:
+ * const authData = {
+ *   gcenter: {
+ *     id: "1234567",
+ *     publicKeyUrl: "https://valid.apple.com/public/timeout.cer",
+ *     timestamp: 1460981421303,
+ *     salt: "saltST==",
+ *     signature: "PoDwf39DCN464B49jJCU0d9Y0J"
+ *   }
+ * };
+ *
+ * @example <caption>Insecure Authentication Example (Not Recommended)</caption>
+ * // Example authData for insecure authentication:
+ * const authData = {
+ *   gcenter: {
+ *     id: "1234567",
+ *     publicKeyUrl: "https://valid.apple.com/public/timeout.cer",
+ *     timestamp: 1460981421303,
+ *     salt: "saltST==",
+ *     signature: "PoDwf39DCN464B49jJCU0d9Y0J",
+ *     bundleId: "com.valid.app" // Deprecated.
+ *   }
+ * };
+ *
+ * @see {@link https://developer.apple.com/documentation/gamekit/gklocalplayer/3516283-fetchitems Apple Game Center Documentation}
+ */
+/* global BigInt */
+
+class GameCenterAuth extends _AuthAdapter.default {
+  constructor() {
+    super();
+    this.ca = {
+      cert: null,
+      url: null
+    };
+    this.cache = {};
+    this.bundleId = '';
+  }
+  validateOptions(options) {
+    if (!options) {
+      throw new Error('Game center auth options are required.');
+    }
+    if (!this.loadingPromise) {
+      this.loadingPromise = this.loadCertificate(options);
+    }
+    this.enableInsecureAuth = options.enableInsecureAuth;
+    this.bundleId = options.bundleId;
+    if (!this.enableInsecureAuth && !this.bundleId) {
+      throw new Error('bundleId is required for secure auth.');
+    }
+  }
+  async loadCertificate(options) {
+    const rootCertificateUrl = options.rootCertificateUrl || 'https://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt.pem';
+    if (this.ca.url === rootCertificateUrl) {
+      return rootCertificateUrl;
+    }
+    const {
+      certificate,
+      headers
+    } = await this.fetchCertificate(rootCertificateUrl);
+    if (headers.get('content-type') !== 'application/x-pem-file' || !headers.get('content-length') || parseInt(headers.get('content-length'), 10) > 10000) {
+      throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid rootCertificateURL.');
+    }
+    this.ca.cert = _nodeForge.pki.certificateFromPem(certificate);
+    this.ca.url = rootCertificateUrl;
+    return rootCertificateUrl;
+  }
+  verifyPublicKeyUrl(publicKeyUrl) {
+    const regex = /^https:\/\/(?:[-_A-Za-z0-9]+\.){0,}apple\.com\/.*\.cer$/;
+    return regex.test(publicKeyUrl);
+  }
+  async fetchCertificate(url) {
+    const response = await fetch(url);
+    if (!response.ok) {
+      throw new Error(`Failed to fetch certificate: ${url}`);
+    }
+    const contentType = response.headers.get('content-type');
+    const isPem = contentType?.includes('application/x-pem-file');
+    if (isPem) {
+      const certificate = await response.text();
+      return {
+        certificate,
+        headers: response.headers
+      };
+    }
+    const data = await response.arrayBuffer();
+    const binaryData = Buffer.from(data);
+    const asn1Cert = _nodeForge.asn1.fromDer(binaryData.toString('binary'));
+    const forgeCert = _nodeForge.pki.certificateFromAsn1(asn1Cert);
+    const certificate = _nodeForge.pki.certificateToPem(forgeCert);
+    return {
+      certificate,
+      headers: response.headers
+    };
+  }
+  async getAppleCertificate(publicKeyUrl) {
+    if (!this.verifyPublicKeyUrl(publicKeyUrl)) {
+      throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Invalid publicKeyUrl: ${publicKeyUrl}`);
+    }
+    if (this.cache[publicKeyUrl]) {
+      return this.cache[publicKeyUrl];
+    }
+    const {
+      certificate,
+      headers
+    } = await this.fetchCertificate(publicKeyUrl);
+    const cacheControl = headers.get('cache-control');
+    const expire = cacheControl?.match(/max-age=([0-9]+)/);
+    this.verifyPublicKeyIssuer(certificate, publicKeyUrl);
+    if (expire) {
+      this.cache[publicKeyUrl] = certificate;
+      setTimeout(() => delete this.cache[publicKeyUrl], parseInt(expire[1], 10) * 1000);
+    }
+    return certificate;
+  }
+  verifyPublicKeyIssuer(cert, publicKeyUrl) {
+    const publicKeyCert = _nodeForge.pki.certificateFromPem(cert);
+    if (!this.ca.cert) {
+      throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Root certificate is invalid or missing.');
+    }
+    if (!this.ca.cert.verify(publicKeyCert)) {
+      throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Invalid publicKeyUrl: ${publicKeyUrl}`);
+    }
+  }
+  verifySignature(publicKey, authData) {
+    const bundleId = this.bundleId || this.enableInsecureAuth && authData.bundleId;
+    const verifier = _crypto.default.createVerify('sha256');
+    verifier.update(Buffer.from(authData.id, 'utf8'));
+    verifier.update(Buffer.from(bundleId, 'utf8'));
+    verifier.update(this.convertTimestampToBigEndian(authData.timestamp));
+    verifier.update(Buffer.from(authData.salt, 'base64'));
+    if (!verifier.verify(publicKey, authData.signature, 'base64')) {
+      throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid signature.');
+    }
+  }
+  async validateAuthData(authData) {
+    const requiredKeys = ['id', 'publicKeyUrl', 'timestamp', 'signature', 'salt'];
+    if (this.enableInsecureAuth) {
+      requiredKeys.push('bundleId');
+    }
+    for (const key of requiredKeys) {
+      if (!authData[key]) {
+        throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `AuthData ${key} is missing.`);
+      }
+    }
+    await this.loadingPromise;
+    const publicKey = await this.getAppleCertificate(authData.publicKeyUrl);
+    this.verifySignature(publicKey, authData);
+  }
+  convertTimestampToBigEndian(timestamp) {
+    const buffer = Buffer.alloc(8);
+    buffer.writeBigUInt64BE(BigInt(timestamp));
+    return buffer;
+  }
+}
+var _default = exports.default = new GameCenterAuth();
+//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJuYW1lcyI6WyJfY3J5cHRvIiwiX2ludGVyb3BSZXF1aXJlRGVmYXVsdCIsInJlcXVpcmUiLCJfbm9kZUZvcmdlIiwiX0F1dGhBZGFwdGVyIiwiZSIsIl9fZXNNb2R1bGUiLCJkZWZhdWx0IiwiR2FtZUNlbnRlckF1dGgiLCJBdXRoQWRhcHRlciIsImNvbnN0cnVjdG9yIiwiY2EiLCJjZXJ0IiwidXJsIiwiY2FjaGUiLCJidW5kbGVJZCIsInZhbGlkYXRlT3B0aW9ucyIsIm9wdGlvbnMiLCJFcnJvciIsImxvYWRpbmdQcm9taXNlIiwibG9hZENlcnRpZmljYXRlIiwiZW5hYmxlSW5zZWN1cmVBdXRoIiwicm9vdENlcnRpZmljYXRlVXJsIiwiY2VydGlmaWNhdGUiLCJoZWFkZXJzIiwiZmV0Y2hDZXJ0aWZpY2F0ZSIsImdldCIsInBhcnNlSW50IiwiUGFyc2UiLCJPQkpFQ1RfTk9UX0ZPVU5EIiwicGtpIiwiY2VydGlmaWNhdGVGcm9tUGVtIiwidmVyaWZ5UHVibGljS2V5VXJsIiwicHVibGljS2V5VXJsIiwicmVnZXgiLCJ0ZXN0IiwicmVzcG9uc2UiLCJmZXRjaCIsIm9rIiwiY29udGVudFR5cGUiLCJpc1BlbSIsImluY2x1ZGVzIiwidGV4dCIsImRhdGEiLCJhcnJheUJ1ZmZlciIsImJpbmFyeURhdGEiLCJCdWZmZXIiLCJmcm9tIiwiYXNuMUNlcnQiLCJhc24xIiwiZnJvbURlciIsInRvU3RyaW5nIiwiZm9yZ2VDZXJ0IiwiY2VydGlmaWNhdGVGcm9tQXNuMSIsImNlcnRpZmljYXRlVG9QZW0iLCJnZXRBcHBsZUNlcnRpZmljYXRlIiwiY2FjaGVDb250cm9sIiwiZXhwaXJlIiwibWF0Y2giLCJ2ZXJpZnlQdWJsaWNLZXlJc3N1ZXIiLCJzZXRUaW1lb3V0IiwicHVibGljS2V5Q2VydCIsInZlcmlmeSIsInZlcmlmeVNpZ25hdHVyZSIsInB1YmxpY0tleSIsImF1dGhEYXRhIiwidmVyaWZpZXIiLCJjcnlwdG8iLCJjcmVhdGVWZXJpZnkiLCJ1cGRhdGUiLCJpZCIsImNvbnZlcnRUaW1lc3RhbXBUb0JpZ0VuZGlhbiIsInRpbWVzdGFtcCIsInNhbHQiLCJzaWduYXR1cmUiLCJ2YWxpZGF0ZUF1dGhEYXRhIiwicmVxdWlyZWRLZXlzIiwicHVzaCIsImtleSIsImJ1ZmZlciIsImFsbG9jIiwid3JpdGVCaWdVSW50NjRCRSIsIkJpZ0ludCIsIl9kZWZhdWx0IiwiZXhwb3J0cyJdLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9BZGFwdGVycy9BdXRoL2djZW50ZXIuanMiXSwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiBQYXJzZSBTZXJ2ZXIgYXV0aGVudGljYXRpb24gYWRhcHRlciBmb3IgQXBwbGUgR2FtZSBDZW50ZXIuXG4gKlxuICogQGNsYXNzIEFwcGxlR2FtZUNlbnRlckFkYXB0ZXJcbiAqIEBwYXJhbSB7T2JqZWN0fSBvcHRpb25zIC0gQ29uZmlndXJhdGlvbiBvcHRpb25zIGZvciB0aGUgYWRhcHRlci5cbiAqIEBwYXJhbSB7c3RyaW5nfSBvcHRpb25zLmJ1bmRsZUlkIC0gWW91ciBBcHBsZSBHYW1lIENlbnRlciBidW5kbGUgSUQuIFJlcXVpcmVkIGZvciBzZWN1cmUgYXV0aGVudGljYXRpb24uXG4gKiBAcGFyYW0ge2Jvb2xlYW59IFtvcHRpb25zLmVuYWJsZUluc2VjdXJlQXV0aD1mYWxzZV0gLSAqKltERVBSRUNBVEVEXSoqIEVuYWJsZSBpbnNlY3VyZSBhdXRoZW50aWNhdGlvbiAobm90IHJlY29tbWVuZGVkKS5cbiAqXG4gKiBAcGFyYW0ge09iamVjdH0gYXV0aERhdGEgLSBUaGUgYXV0aGVudGljYXRpb24gZGF0YSBwcm92aWRlZCBieSB0aGUgY2xpZW50LlxuICogQHBhcmFtIHtzdHJpbmd9IGF1dGhEYXRhLmlkIC0gVGhlIHVzZXIgSUQgb2J0YWluZWQgZnJvbSBBcHBsZSBHYW1lIENlbnRlci5cbiAqIEBwYXJhbSB7c3RyaW5nfSBhdXRoRGF0YS5wdWJsaWNLZXlVcmwgLSBUaGUgcHVibGljIGtleSBVUkwgb2J0YWluZWQgZnJvbSBBcHBsZSBHYW1lIENlbnRlci5cbiAqIEBwYXJhbSB7c3RyaW5nfSBhdXRoRGF0YS50aW1lc3RhbXAgLSBUaGUgdGltZXN0YW1wIG9idGFpbmVkIGZyb20gQXBwbGUgR2FtZSBDZW50ZXIuXG4gKiBAcGFyYW0ge3N0cmluZ30gYXV0aERhdGEuc2lnbmF0dXJlIC0gVGhlIHNpZ25hdHVyZSBvYnRhaW5lZCBmcm9tIEFwcGxlIEdhbWUgQ2VudGVyLlxuICogQHBhcmFtIHtzdHJpbmd9IGF1dGhEYXRhLnNhbHQgLSBUaGUgc2FsdCBvYnRhaW5lZCBmcm9tIEFwcGxlIEdhbWUgQ2VudGVyLlxuICogQHBhcmFtIHtzdHJpbmd9IFthdXRoRGF0YS5idW5kbGVJZF0gLSAqKltERVBSRUNBVEVEXSoqIFRoZSBidW5kbGUgSUQgb2J0YWluZWQgZnJvbSBBcHBsZSBHYW1lIENlbnRlciAocmVxdWlyZWQgZm9yIGluc2VjdXJlIGF1dGhlbnRpY2F0aW9uKS5cbiAqXG4gKiBAZGVzY3JpcHRpb25cbiAqICMjIFBhcnNlIFNlcnZlciBDb25maWd1cmF0aW9uXG4gKiBUaGUgZm9sbG93aW5nIGBhdXRoRGF0YWAgZmllbGRzIGFyZSByZXF1aXJlZDpcbiAqIGBpZGAsIGBwdWJsaWNLZXlVcmxgLCBgdGltZXN0YW1wYCwgYHNpZ25hdHVyZWAsIGFuZCBgc2FsdGAuIFRoZXNlIGZpZWxkcyBhcmUgdmFsaWRhdGVkIGFnYWluc3QgdGhlIGNvbmZpZ3VyZWQgYGJ1bmRsZUlkYCBmb3IgYWRkaXRpb25hbCBzZWN1cml0eS5cbiAqXG4gKiBUbyBjb25maWd1cmUgUGFyc2UgU2VydmVyIGZvciBBcHBsZSBHYW1lIENlbnRlciBhdXRoZW50aWNhdGlvbiwgdXNlIHRoZSBmb2xsb3dpbmcgc3RydWN0dXJlOlxuICogYGBganNvblxuICoge1xuICogIFwiYXV0aFwiOiB7XG4gKiAgICBcImdjZW50ZXJcIjoge1xuICogICAgIFwiYnVuZGxlSWRcIjogXCJjb20udmFsaWQuYXBwXCJcbiAqICB9XG4gKiB9XG4gKiBgYGBcbiAqXG4gKiAjIyBJbnNlY3VyZSBBdXRoZW50aWNhdGlvbiAoTm90IFJlY29tbWVuZGVkKVxuICogVGhlIGZvbGxvd2luZyBgYXV0aERhdGFgIGZpZWxkcyBhcmUgcmVxdWlyZWQgZm9yIGluc2VjdXJlIGF1dGhlbnRpY2F0aW9uOlxuICogYGlkYCwgYHB1YmxpY0tleVVybGAsIGB0aW1lc3RhbXBgLCBgc2lnbmF0dXJlYCwgYHNhbHRgLCBhbmQgYGJ1bmRsZUlkYCAoKipbREVQUkVDQVRFRF0qKikuIFRoaXMgZmxvdyBpcyBpbnNlY3VyZSBhbmQgcG9zZXMgcG90ZW50aWFsIHNlY3VyaXR5IHJpc2tzLlxuICpcbiAqIFRvIGNvbmZpZ3VyZSBQYXJzZSBTZXJ2ZXIgZm9yIGluc2VjdXJlIGF1dGhlbnRpY2F0aW9uLCB1c2UgdGhlIGZvbGxvd2luZyBzdHJ1Y3R1cmU6XG4gKiBgYGBqc29uXG4gKiB7XG4gKiAgIFwiYXV0aFwiOiB7XG4gKiAgICBcImdjZW50ZXJcIjoge1xuICogICAgICBcImVuYWJsZUluc2VjdXJlQXV0aFwiOiB0cnVlXG4gKiAgIH1cbiAqIH1cbiAqIGBgYFxuICpcbiAqICMjIyBEZXByZWNhdGlvbiBOb3RpY2VcbiAqIFRoZSBgZW5hYmxlSW5zZWN1cmVBdXRoYCBvcHRpb24gYW5kIGBhdXRoRGF0YS5idW5kbGVJZGAgcGFyYW1ldGVyIGFyZSBkZXByZWNhdGVkIGFuZCBtYXkgYmUgcmVtb3ZlZCBpbiBmdXR1cmUgcmVsZWFzZXMuIFVzZSBzZWN1cmUgYXV0aGVudGljYXRpb24gd2l0aCB0aGUgYGJ1bmRsZUlkYCBjb25maWd1cmVkIGluIHRoZSBgb3B0aW9uc2Agb2JqZWN0IGluc3RlYWQuXG4gKlxuICpcbiAqIEBleGFtcGxlIDxjYXB0aW9uPlNlY3VyZSBBdXRoZW50aWNhdGlvbiBFeGFtcGxlPC9jYXB0aW9uPlxuICogLy8gRXhhbXBsZSBhdXRoRGF0YSBmb3Igc2VjdXJlIGF1dGhlbnRpY2F0aW9uOlxuICogY29uc3QgYXV0aERhdGEgPSB7XG4gKiAgIGdjZW50ZXI6IHtcbiAqICAgICBpZDogXCIxMjM0NTY3XCIsXG4gKiAgICAgcHVibGljS2V5VXJsOiBcImh0dHBzOi8vdmFsaWQuYXBwbGUuY29tL3B1YmxpYy90aW1lb3V0LmNlclwiLFxuICogICAgIHRpbWVzdGFtcDogMTQ2MDk4MTQyMTMwMyxcbiAqICAgICBzYWx0OiBcInNhbHRTVD09XCIsXG4gKiAgICAgc2lnbmF0dXJlOiBcIlBvRHdmMzlEQ040NjRCNDlqSkNVMGQ5WTBKXCJcbiAqICAgfVxuICogfTtcbiAqXG4gKiBAZXhhbXBsZSA8Y2FwdGlvbj5JbnNlY3VyZSBBdXRoZW50aWNhdGlvbiBFeGFtcGxlIChOb3QgUmVjb21tZW5kZWQpPC9jYXB0aW9uPlxuICogLy8gRXhhbXBsZSBhdXRoRGF0YSBmb3IgaW5zZWN1cmUgYXV0aGVudGljYXRpb246XG4gKiBjb25zdCBhdXRoRGF0YSA9IHtcbiAqICAgZ2NlbnRlcjoge1xuICogICAgIGlkOiBcIjEyMzQ1NjdcIixcbiAqICAgICBwdWJsaWNLZXlVcmw6IFwiaHR0cHM6Ly92YWxpZC5hcHBsZS5jb20vcHVibGljL3RpbWVvdXQuY2VyXCIsXG4gKiAgICAgdGltZXN0YW1wOiAxNDYwOTgxNDIxMzAzLFxuICogICAgIHNhbHQ6IFwic2FsdFNUPT1cIixcbiAqICAgICBzaWduYXR1cmU6IFwiUG9Ed2YzOURDTjQ2NEI0OWpKQ1UwZDlZMEpcIixcbiAqICAgICBidW5kbGVJZDogXCJjb20udmFsaWQuYXBwXCIgLy8gRGVwcmVjYXRlZC5cbiAqICAgfVxuICogfTtcbiAqXG4gKiBAc2VlIHtAbGluayBodHRwczovL2RldmVsb3Blci5hcHBsZS5jb20vZG9jdW1lbnRhdGlvbi9nYW1la2l0L2drbG9jYWxwbGF5ZXIvMzUxNjI4My1mZXRjaGl0ZW1zIEFwcGxlIEdhbWUgQ2VudGVyIERvY3VtZW50YXRpb259XG4gKi9cbi8qIGdsb2JhbCBCaWdJbnQgKi9cblxuaW1wb3J0IGNyeXB0byBmcm9tICdjcnlwdG8nO1xuaW1wb3J0IHsgYXNuMSwgcGtpIH0gZnJvbSAnbm9kZS1mb3JnZSc7XG5pbXBvcnQgQXV0aEFkYXB0ZXIgZnJvbSAnLi9BdXRoQWRhcHRlcic7XG5jbGFzcyBHYW1lQ2VudGVyQXV0aCBleHRlbmRzIEF1dGhBZGFwdGVyIHtcbiAgY29uc3RydWN0b3IoKSB7XG4gICAgc3VwZXIoKTtcbiAgICB0aGlzLmNhID0geyBjZXJ0OiBudWxsLCB1cmw6IG51bGwgfTtcbiAgICB0aGlzLmNhY2hlID0ge307XG4gICAgdGhpcy5idW5kbGVJZCA9ICcnO1xuICB9XG5cbiAgdmFsaWRhdGVPcHRpb25zKG9wdGlvbnMpIHtcbiAgICBpZiAoIW9wdGlvbnMpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcignR2FtZSBjZW50ZXIgYXV0aCBvcHRpb25zIGFyZSByZXF1aXJlZC4nKTtcbiAgICB9XG5cbiAgICBpZiAoIXRoaXMubG9hZGluZ1Byb21pc2UpIHtcbiAgICAgIHRoaXMubG9hZGluZ1Byb21pc2UgPSB0aGlzLmxvYWRDZXJ0aWZpY2F0ZShvcHRpb25zKTtcbiAgICB9XG5cbiAgICB0aGlzLmVuYWJsZUluc2VjdXJlQXV0aCA9IG9wdGlvbnMuZW5hYmxlSW5zZWN1cmVBdXRoO1xuICAgIHRoaXMuYnVuZGxlSWQgPSBvcHRpb25zLmJ1bmRsZUlkO1xuXG4gICAgaWYgKCF0aGlzLmVuYWJsZUluc2VjdXJlQXV0aCAmJiAhdGhpcy5idW5kbGVJZCkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKCdidW5kbGVJZCBpcyByZXF1aXJlZCBmb3Igc2VjdXJlIGF1dGguJyk7XG4gICAgfVxuICB9XG5cbiAgYXN5bmMgbG9hZENlcnRpZmljYXRlKG9wdGlvbnMpIHtcbiAgICBjb25zdCByb290Q2VydGlmaWNhdGVVcmwgPVxuICAgICAgb3B0aW9ucy5yb290Q2VydGlmaWNhdGVVcmwgfHxcbiAgICAgICdodHRwczovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25pbmdSU0E0MDk2U0hBMzg0MjAyMUNBMS5jcnQucGVtJztcblxuICAgIGlmICh0aGlzLmNhLnVybCA9PT0gcm9vdENlcnRpZmljYXRlVXJsKSB7XG4gICAgICByZXR1cm4gcm9vdENlcnRpZmljYXRlVXJsO1xuICAgIH1cblxuICAgIGNvbnN0IHsgY2VydGlmaWNhdGUsIGhlYWRlcnMgfSA9IGF3YWl0IHRoaXMuZmV0Y2hDZXJ0aWZpY2F0ZShyb290Q2VydGlmaWNhdGVVcmwpO1xuXG4gICAgaWYgKFxuICAgICAgaGVhZGVycy5nZXQoJ2NvbnRlbnQtdHlwZScpICE9PSAnYXBwbGljYXRpb24veC1wZW0tZmlsZScgfHxcbiAgICAgICFoZWFkZXJzLmdldCgnY29udGVudC1sZW5ndGgnKSB8fFxuICAgICAgcGFyc2VJbnQoaGVhZGVycy5nZXQoJ2NvbnRlbnQtbGVuZ3RoJyksIDEwKSA+IDEwMDAwXG4gICAgKSB7XG4gICAgICB0aHJvdyBuZXcgUGFyc2UuRXJyb3IoUGFyc2UuRXJyb3IuT0JKRUNUX05PVF9GT1VORCwgJ0ludmFsaWQgcm9vdENlcnRpZmljYXRlVVJMLicpO1xuICAgIH1cblxuICAgIHRoaXMuY2EuY2VydCA9IHBraS5jZXJ0aWZpY2F0ZUZyb21QZW0oY2VydGlmaWNhdGUpO1xuICAgIHRoaXMuY2EudXJsID0gcm9vdENlcnRpZmljYXRlVXJsO1xuXG4gICAgcmV0dXJuIHJvb3RDZXJ0aWZpY2F0ZVVybDtcbiAgfVxuXG4gIHZlcmlmeVB1YmxpY0tleVVybChwdWJsaWNLZXlVcmwpIHtcbiAgICBjb25zdCByZWdleCA9IC9eaHR0cHM6XFwvXFwvKD86Wy1fQS1aYS16MC05XStcXC4pezAsfWFwcGxlXFwuY29tXFwvLipcXC5jZXIkLztcbiAgICByZXR1cm4gcmVnZXgudGVzdChwdWJsaWNLZXlVcmwpO1xuICB9XG5cbiAgYXN5bmMgZmV0Y2hDZXJ0aWZpY2F0ZSh1cmwpIHtcbiAgICBjb25zdCByZXNwb25zZSA9IGF3YWl0IGZldGNoKHVybCk7XG4gICAgaWYgKCFyZXNwb25zZS5vaykge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKGBGYWlsZWQgdG8gZmV0Y2ggY2VydGlmaWNhdGU6ICR7dXJsfWApO1xuICAgIH1cblxuICAgIGNvbnN0IGNvbnRlbnRUeXBlID0gcmVzcG9uc2UuaGVhZGVycy5nZXQoJ2NvbnRlbnQtdHlwZScpO1xuICAgIGNvbnN0IGlzUGVtID0gY29udGVudFR5cGU/LmluY2x1ZGVzKCdhcHBsaWNhdGlvbi94LXBlbS1maWxlJyk7XG5cbiAgICBpZiAoaXNQZW0pIHtcbiAgICAgIGNvbnN0IGNlcnRpZmljYXRlID0gYXdhaXQgcmVzcG9uc2UudGV4dCgpO1xuICAgICAgcmV0dXJuIHsgY2VydGlmaWNhdGUsIGhlYWRlcnM6IHJlc3BvbnNlLmhlYWRlcnMgfTtcbiAgICB9XG5cbiAgICBjb25zdCBkYXRhID0gYXdhaXQgcmVzcG9uc2UuYXJyYXlCdWZmZXIoKTtcbiAgICBjb25zdCBiaW5hcnlEYXRhID0gQnVmZmVyLmZyb20oZGF0YSk7XG5cbiAgICBjb25zdCBhc24xQ2VydCA9IGFzbjEuZnJvbURlcihiaW5hcnlEYXRhLnRvU3RyaW5nKCdiaW5hcnknKSk7XG4gICAgY29uc3QgZm9yZ2VDZXJ0ID0gcGtpLmNlcnRpZmljYXRlRnJvbUFzbjEoYXNuMUNlcnQpO1xuICAgIGNvbnN0IGNlcnRpZmljYXRlID0gcGtpLmNlcnRpZmljYXRlVG9QZW0oZm9yZ2VDZXJ0KTtcblxuICAgIHJldHVybiB7IGNlcnRpZmljYXRlLCBoZWFkZXJzOiByZXNwb25zZS5oZWFkZXJzIH07XG4gIH1cblxuICBhc3luYyBnZXRBcHBsZUNlcnRpZmljYXRlKHB1YmxpY0tleVVybCkge1xuICAgIGlmICghdGhpcy52ZXJpZnlQdWJsaWNLZXlVcmwocHVibGljS2V5VXJsKSkge1xuICAgICAgdGhyb3cgbmV3IFBhcnNlLkVycm9yKFBhcnNlLkVycm9yLk9CSkVDVF9OT1RfRk9VTkQsIGBJbnZhbGlkIHB1YmxpY0tleVVybDogJHtwdWJsaWNLZXlVcmx9YCk7XG4gICAgfVxuXG4gICAgaWYgKHRoaXMuY2FjaGVbcHVibGljS2V5VXJsXSkge1xuICAgICAgcmV0dXJuIHRoaXMuY2FjaGVbcHVibGljS2V5VXJsXTtcbiAgICB9XG5cbiAgICBjb25zdCB7IGNlcnRpZmljYXRlLCBoZWFkZXJzIH0gPSBhd2FpdCB0aGlzLmZldGNoQ2VydGlmaWNhdGUocHVibGljS2V5VXJsKTtcbiAgICBjb25zdCBjYWNoZUNvbnRyb2wgPSBoZWFkZXJzLmdldCgnY2FjaGUtY29udHJvbCcpO1xuICAgIGNvbnN0IGV4cGlyZSA9IGNhY2hlQ29udHJvbD8ubWF0Y2goL21heC1hZ2U9KFswLTldKykvKTtcblxuICAgIHRoaXMudmVyaWZ5UHVibGljS2V5SXNzdWVyKGNlcnRpZmljYXRlLCBwdWJsaWNLZXlVcmwpO1xuXG4gICAgaWYgKGV4cGlyZSkge1xuICAgICAgdGhpcy5jYWNoZVtwdWJsaWNLZXlVcmxdID0gY2VydGlmaWNhdGU7XG4gICAgICBzZXRUaW1lb3V0KCgpID0+IGRlbGV0ZSB0aGlzLmNhY2hlW3B1YmxpY0tleVVybF0sIHBhcnNlSW50KGV4cGlyZVsxXSwgMTApICogMTAwMCk7XG4gICAgfVxuXG4gICAgcmV0dXJuIGNlcnRpZmljYXRlO1xuICB9XG5cbiAgdmVyaWZ5UHVibGljS2V5SXNzdWVyKGNlcnQsIHB1YmxpY0tleVVybCkge1xuICAgIGNvbnN0IHB1YmxpY0tleUNlcnQgPSBwa2kuY2VydGlmaWNhdGVGcm9tUGVtKGNlcnQpO1xuXG4gICAgaWYgKCF0aGlzLmNhLmNlcnQpIHtcbiAgICAgIHRocm93IG5ldyBQYXJzZS5FcnJvcihcbiAgICAgICAgUGFyc2UuRXJyb3IuT0JKRUNUX05PVF9GT1VORCxcbiAgICAgICAgJ1Jvb3QgY2VydGlmaWNhdGUgaXMgaW52YWxpZCBvciBtaXNzaW5nLidcbiAgICAgICk7XG4gICAgfVxuXG4gICAgaWYgKCF0aGlzLmNhLmNlcnQudmVyaWZ5KHB1YmxpY0tleUNlcnQpKSB7XG4gICAgICB0aHJvdyBuZXcgUGFyc2UuRXJyb3IoUGFyc2UuRXJyb3IuT0JKRUNUX05PVF9GT1VORCwgYEludmFsaWQgcHVibGljS2V5VXJsOiAke3B1YmxpY0tleVVybH1gKTtcbiAgICB9XG4gIH1cblxuICB2ZXJpZnlTaWduYXR1cmUocHVibGljS2V5LCBhdXRoRGF0YSkge1xuICAgIGNvbnN0IGJ1bmRsZUlkID0gdGhpcy5idW5kbGVJZCB8fCAodGhpcy5lbmFibGVJbnNlY3VyZUF1dGggJiYgYXV0aERhdGEuYnVuZGxlSWQpO1xuXG4gICAgY29uc3QgdmVyaWZpZXIgPSBjcnlwdG8uY3JlYXRlVmVyaWZ5KCdzaGEyNTYnKTtcbiAgICB2ZXJpZmllci51cGRhdGUoQnVmZmVyLmZyb20oYXV0aERhdGEuaWQsICd1dGY4JykpO1xuICAgIHZlcmlmaWVyLnVwZGF0ZShCdWZmZXIuZnJvbShidW5kbGVJZCwgJ3V0ZjgnKSk7XG4gICAgdmVyaWZpZXIudXBkYXRlKHRoaXMuY29udmVydFRpbWVzdGFtcFRvQmlnRW5kaWFuKGF1dGhEYXRhLnRpbWVzdGFtcCkpO1xuICAgIHZlcmlmaWVyLnVwZGF0ZShCdWZmZXIuZnJvbShhdXRoRGF0YS5zYWx0LCAnYmFzZTY0JykpO1xuXG4gICAgaWYgKCF2ZXJpZmllci52ZXJpZnkocHVibGljS2V5LCBhdXRoRGF0YS5zaWduYXR1cmUsICdiYXNlNjQnKSkge1xuICAgICAgdGhyb3cgbmV3IFBhcnNlLkVycm9yKFBhcnNlLkVycm9yLk9CSkVDVF9OT1RfRk9VTkQsICdJbnZhbGlkIHNpZ25hdHVyZS4nKTtcbiAgICB9XG4gIH1cblxuICBhc3luYyB2YWxpZGF0ZUF1dGhEYXRhKGF1dGhEYXRhKSB7XG5cbiAgICBjb25zdCByZXF1aXJlZEtleXMgPSBbJ2lkJywgJ3B1YmxpY0tleVVybCcsICd0aW1lc3RhbXAnLCAnc2lnbmF0dXJlJywgJ3NhbHQnXTtcbiAgICBpZiAodGhpcy5lbmFibGVJbnNlY3VyZUF1dGgpIHtcbiAgICAgIHJlcXVpcmVkS2V5cy5wdXNoKCdidW5kbGVJZCcpO1xuICAgIH1cblxuICAgIGZvciAoY29uc3Qga2V5IG9mIHJlcXVpcmVkS2V5cykge1xuICAgICAgaWYgKCFhdXRoRGF0YVtrZXldKSB7XG4gICAgICAgIHRocm93IG5ldyBQYXJzZS5FcnJvcihQYXJzZS5FcnJvci5PQkpFQ1RfTk9UX0ZPVU5ELCBgQXV0aERhdGEgJHtrZXl9IGlzIG1pc3NpbmcuYCk7XG4gICAgICB9XG4gICAgfVxuXG4gICAgYXdhaXQgdGhpcy5sb2FkaW5nUHJvbWlzZTtcblxuICAgIGNvbnN0IHB1YmxpY0tleSA9IGF3YWl0IHRoaXMuZ2V0QXBwbGVDZXJ0aWZpY2F0ZShhdXRoRGF0YS5wdWJsaWNLZXlVcmwpO1xuICAgIHRoaXMudmVyaWZ5U2lnbmF0dXJlKHB1YmxpY0tleSwgYXV0aERhdGEpO1xuICB9XG5cbiAgY29udmVydFRpbWVzdGFtcFRvQmlnRW5kaWFuKHRpbWVzdGFtcCkge1xuICAgIGNvbnN0IGJ1ZmZlciA9IEJ1ZmZlci5hbGxvYyg4KTtcbiAgICBidWZmZXIud3JpdGVCaWdVSW50NjRCRShCaWdJbnQodGltZXN0YW1wKSk7XG4gICAgcmV0dXJuIGJ1ZmZlcjtcbiAgfVxufVxuXG5leHBvcnQgZGVmYXVsdCBuZXcgR2FtZUNlbnRlckF1dGgoKTtcbiJdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBOEVBLElBQUFBLE9BQUEsR0FBQUMsc0JBQUEsQ0FBQUMsT0FBQTtBQUNBLElBQUFDLFVBQUEsR0FBQUQsT0FBQTtBQUNBLElBQUFFLFlBQUEsR0FBQUgsc0JBQUEsQ0FBQUMsT0FBQTtBQUF3QyxTQUFBRCx1QkFBQUksQ0FBQSxXQUFBQSxDQUFBLElBQUFBLENBQUEsQ0FBQUMsVUFBQSxHQUFBRCxDQUFBLEtBQUFFLE9BQUEsRUFBQUYsQ0FBQTtBQWhGeEM7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTs7QUFLQSxNQUFNRyxjQUFjLFNBQVNDLG9CQUFXLENBQUM7RUFDdkNDLFdBQVdBLENBQUEsRUFBRztJQUNaLEtBQUssQ0FBQyxDQUFDO0lBQ1AsSUFBSSxDQUFDQyxFQUFFLEdBQUc7TUFBRUMsSUFBSSxFQUFFLElBQUk7TUFBRUMsR0FBRyxFQUFFO0lBQUssQ0FBQztJQUNuQyxJQUFJLENBQUNDLEtBQUssR0FBRyxDQUFDLENBQUM7SUFDZixJQUFJLENBQUNDLFFBQVEsR0FBRyxFQUFFO0VBQ3BCO0VBRUFDLGVBQWVBLENBQUNDLE9BQU8sRUFBRTtJQUN2QixJQUFJLENBQUNBLE9BQU8sRUFBRTtNQUNaLE1BQU0sSUFBSUMsS0FBSyxDQUFDLHdDQUF3QyxDQUFDO0lBQzNEO0lBRUEsSUFBSSxDQUFDLElBQUksQ0FBQ0MsY0FBYyxFQUFFO01BQ3hCLElBQUksQ0FBQ0EsY0FBYyxHQUFHLElBQUksQ0FBQ0MsZUFBZSxDQUFDSCxPQUFPLENBQUM7SUFDckQ7SUFFQSxJQUFJLENBQUNJLGtCQUFrQixHQUFHSixPQUFPLENBQUNJLGtCQUFrQjtJQUNwRCxJQUFJLENBQUNOLFFBQVEsR0FBR0UsT0FBTyxDQUFDRixRQUFRO0lBRWhDLElBQUksQ0FBQyxJQUFJLENBQUNNLGtCQUFrQixJQUFJLENBQUMsSUFBSSxDQUFDTixRQUFRLEVBQUU7TUFDOUMsTUFBTSxJQUFJRyxLQUFLLENBQUMsdUNBQXVDLENBQUM7SUFDMUQ7RUFDRjtFQUVBLE1BQU1FLGVBQWVBLENBQUNILE9BQU8sRUFBRTtJQUM3QixNQUFNSyxrQkFBa0IsR0FDdEJMLE9BQU8sQ0FBQ0ssa0JBQWtCLElBQzFCLHVGQUF1RjtJQUV6RixJQUFJLElBQUksQ0FBQ1gsRUFBRSxDQUFDRSxHQUFHLEtBQUtTLGtCQUFrQixFQUFFO01BQ3RDLE9BQU9BLGtCQUFrQjtJQUMzQjtJQUVBLE1BQU07TUFBRUMsV0FBVztNQUFFQztJQUFRLENBQUMsR0FBRyxNQUFNLElBQUksQ0FBQ0MsZ0JBQWdCLENBQUNILGtCQUFrQixDQUFDO0lBRWhGLElBQ0VFLE9BQU8sQ0FBQ0UsR0FBRyxDQUFDLGNBQWMsQ0FBQyxLQUFLLHdCQUF3QixJQUN4RCxDQUFDRixPQUFPLENBQUNFLEdBQUcsQ0FBQyxnQkFBZ0IsQ0FBQyxJQUM5QkMsUUFBUSxDQUFDSCxPQUFPLENBQUNFLEdBQUcsQ0FBQyxnQkFBZ0IsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxHQUFHLEtBQUssRUFDbkQ7TUFDQSxNQUFNLElBQUlFLEtBQUssQ0FBQ1YsS0FBSyxDQUFDVSxLQUFLLENBQUNWLEtBQUssQ0FBQ1csZ0JBQWdCLEVBQUUsNkJBQTZCLENBQUM7SUFDcEY7SUFFQSxJQUFJLENBQUNsQixFQUFFLENBQUNDLElBQUksR0FBR2tCLGNBQUcsQ0FBQ0Msa0JBQWtCLENBQUNSLFdBQVcsQ0FBQztJQUNsRCxJQUFJLENBQUNaLEVBQUUsQ0FBQ0UsR0FBRyxHQUFHUyxrQkFBa0I7SUFFaEMsT0FBT0Esa0JBQWtCO0VBQzNCO0VBRUFVLGtCQUFrQkEsQ0FBQ0MsWUFBWSxFQUFFO0lBQy9CLE1BQU1DLEtBQUssR0FBRyx5REFBeUQ7SUFDdkUsT0FBT0EsS0FBSyxDQUFDQyxJQUFJLENBQUNGLFlBQVksQ0FBQztFQUNqQztFQUVBLE1BQU1SLGdCQUFnQkEsQ0FBQ1osR0FBRyxFQUFFO0lBQzFCLE1BQU11QixRQUFRLEdBQUcsTUFBTUMsS0FBSyxDQUFDeEIsR0FBRyxDQUFDO0lBQ2pDLElBQUksQ0FBQ3VCLFFBQVEsQ0FBQ0UsRUFBRSxFQUFFO01BQ2hCLE1BQU0sSUFBSXBCLEtBQUssQ0FBQyxnQ0FBZ0NMLEdBQUcsRUFBRSxDQUFDO0lBQ3hEO0lBRUEsTUFBTTBCLFdBQVcsR0FBR0gsUUFBUSxDQUFDWixPQUFPLENBQUNFLEdBQUcsQ0FBQyxjQUFjLENBQUM7SUFDeEQsTUFBTWMsS0FBSyxHQUFHRCxXQUFXLEVBQUVFLFFBQVEsQ0FBQyx3QkFBd0IsQ0FBQztJQUU3RCxJQUFJRCxLQUFLLEVBQUU7TUFDVCxNQUFNakIsV0FBVyxHQUFHLE1BQU1hLFFBQVEsQ0FBQ00sSUFBSSxDQUFDLENBQUM7TUFDekMsT0FBTztRQUFFbkIsV0FBVztRQUFFQyxPQUFPLEVBQUVZLFFBQVEsQ0FBQ1o7TUFBUSxDQUFDO0lBQ25EO0lBRUEsTUFBTW1CLElBQUksR0FBRyxNQUFNUCxRQUFRLENBQUNRLFdBQVcsQ0FBQyxDQUFDO0lBQ3pDLE1BQU1DLFVBQVUsR0FBR0MsTUFBTSxDQUFDQyxJQUFJLENBQUNKLElBQUksQ0FBQztJQUVwQyxNQUFNSyxRQUFRLEdBQUdDLGVBQUksQ0FBQ0MsT0FBTyxDQUFDTCxVQUFVLENBQUNNLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUM1RCxNQUFNQyxTQUFTLEdBQUd0QixjQUFHLENBQUN1QixtQkFBbUIsQ0FBQ0wsUUFBUSxDQUFDO0lBQ25ELE1BQU16QixXQUFXLEdBQUdPLGNBQUcsQ0FBQ3dCLGdCQUFnQixDQUFDRixTQUFTLENBQUM7SUFFbkQsT0FBTztNQUFFN0IsV0FBVztNQUFFQyxPQUFPLEVBQUVZLFFBQVEsQ0FBQ1o7SUFBUSxDQUFDO0VBQ25EO0VBRUEsTUFBTStCLG1CQUFtQkEsQ0FBQ3RCLFlBQVksRUFBRTtJQUN0QyxJQUFJLENBQUMsSUFBSSxDQUFDRCxrQkFBa0IsQ0FBQ0MsWUFBWSxDQUFDLEVBQUU7TUFDMUMsTUFBTSxJQUFJTCxLQUFLLENBQUNWLEtBQUssQ0FBQ1UsS0FBSyxDQUFDVixLQUFLLENBQUNXLGdCQUFnQixFQUFFLHlCQUF5QkksWUFBWSxFQUFFLENBQUM7SUFDOUY7SUFFQSxJQUFJLElBQUksQ0FBQ25CLEtBQUssQ0FBQ21CLFlBQVksQ0FBQyxFQUFFO01BQzVCLE9BQU8sSUFBSSxDQUFDbkIsS0FBSyxDQUFDbUIsWUFBWSxDQUFDO0lBQ2pDO0lBRUEsTUFBTTtNQUFFVixXQUFXO01BQUVDO0lBQVEsQ0FBQyxHQUFHLE1BQU0sSUFBSSxDQUFDQyxnQkFBZ0IsQ0FBQ1EsWUFBWSxDQUFDO0lBQzFFLE1BQU11QixZQUFZLEdBQUdoQyxPQUFPLENBQUNFLEdBQUcsQ0FBQyxlQUFlLENBQUM7SUFDakQsTUFBTStCLE1BQU0sR0FBR0QsWUFBWSxFQUFFRSxLQUFLLENBQUMsa0JBQWtCLENBQUM7SUFFdEQsSUFBSSxDQUFDQyxxQkFBcUIsQ0FBQ3BDLFdBQVcsRUFBRVUsWUFBWSxDQUFDO0lBRXJELElBQUl3QixNQUFNLEVBQUU7TUFDVixJQUFJLENBQUMzQyxLQUFLLENBQUNtQixZQUFZLENBQUMsR0FBR1YsV0FBVztNQUN0Q3FDLFVBQVUsQ0FBQyxNQUFNLE9BQU8sSUFBSSxDQUFDOUMsS0FBSyxDQUFDbUIsWUFBWSxDQUFDLEVBQUVOLFFBQVEsQ0FBQzhCLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsR0FBRyxJQUFJLENBQUM7SUFDbkY7SUFFQSxPQUFPbEMsV0FBVztFQUNwQjtFQUVBb0MscUJBQXFCQSxDQUFDL0MsSUFBSSxFQUFFcUIsWUFBWSxFQUFFO0lBQ3hDLE1BQU00QixhQUFhLEdBQUcvQixjQUFHLENBQUNDLGtCQUFrQixDQUFDbkIsSUFBSSxDQUFDO0lBRWxELElBQUksQ0FBQyxJQUFJLENBQUNELEVBQUUsQ0FBQ0MsSUFBSSxFQUFFO01BQ2pCLE1BQU0sSUFBSWdCLEtBQUssQ0FBQ1YsS0FBSyxDQUNuQlUsS0FBSyxDQUFDVixLQUFLLENBQUNXLGdCQUFnQixFQUM1Qix5Q0FDRixDQUFDO0lBQ0g7SUFFQSxJQUFJLENBQUMsSUFBSSxDQUFDbEIsRUFBRSxDQUFDQyxJQUFJLENBQUNrRCxNQUFNLENBQUNELGFBQWEsQ0FBQyxFQUFFO01BQ3ZDLE1BQU0sSUFBSWpDLEtBQUssQ0FBQ1YsS0FBSyxDQUFDVSxLQUFLLENBQUNWLEtBQUssQ0FBQ1csZ0JBQWdCLEVBQUUseUJBQXlCSSxZQUFZLEVBQUUsQ0FBQztJQUM5RjtFQUNGO0VBRUE4QixlQUFlQSxDQUFDQyxTQUFTLEVBQUVDLFFBQVEsRUFBRTtJQUNuQyxNQUFNbEQsUUFBUSxHQUFHLElBQUksQ0FBQ0EsUUFBUSxJQUFLLElBQUksQ0FBQ00sa0JBQWtCLElBQUk0QyxRQUFRLENBQUNsRCxRQUFTO0lBRWhGLE1BQU1tRCxRQUFRLEdBQUdDLGVBQU0sQ0FBQ0MsWUFBWSxDQUFDLFFBQVEsQ0FBQztJQUM5Q0YsUUFBUSxDQUFDRyxNQUFNLENBQUN2QixNQUFNLENBQUNDLElBQUksQ0FBQ2tCLFFBQVEsQ0FBQ0ssRUFBRSxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQ2pESixRQUFRLENBQUNHLE1BQU0sQ0FBQ3ZCLE1BQU0sQ0FBQ0MsSUFBSSxDQUFDaEMsUUFBUSxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQzlDbUQsUUFBUSxDQUFDRyxNQUFNLENBQUMsSUFBSSxDQUFDRSwyQkFBMkIsQ0FBQ04sUUFBUSxDQUFDTyxTQUFTLENBQUMsQ0FBQztJQUNyRU4sUUFBUSxDQUFDRyxNQUFNLENBQUN2QixNQUFNLENBQUNDLElBQUksQ0FBQ2tCLFFBQVEsQ0FBQ1EsSUFBSSxFQUFFLFFBQVEsQ0FBQyxDQUFDO0lBRXJELElBQUksQ0FBQ1AsUUFBUSxDQUFDSixNQUFNLENBQUNFLFNBQVMsRUFBRUMsUUFBUSxDQUFDUyxTQUFTLEVBQUUsUUFBUSxDQUFDLEVBQUU7TUFDN0QsTUFBTSxJQUFJOUMsS0FBSyxDQUFDVixLQUFLLENBQUNVLEtBQUssQ0FBQ1YsS0FBSyxDQUFDVyxnQkFBZ0IsRUFBRSxvQkFBb0IsQ0FBQztJQUMzRTtFQUNGO0VBRUEsTUFBTThDLGdCQUFnQkEsQ0FBQ1YsUUFBUSxFQUFFO0lBRS9CLE1BQU1XLFlBQVksR0FBRyxDQUFDLElBQUksRUFBRSxjQUFjLEVBQUUsV0FBVyxFQUFFLFdBQVcsRUFBRSxNQUFNLENBQUM7SUFDN0UsSUFBSSxJQUFJLENBQUN2RCxrQkFBa0IsRUFBRTtNQUMzQnVELFlBQVksQ0FBQ0MsSUFBSSxDQUFDLFVBQVUsQ0FBQztJQUMvQjtJQUVBLEtBQUssTUFBTUMsR0FBRyxJQUFJRixZQUFZLEVBQUU7TUFDOUIsSUFBSSxDQUFDWCxRQUFRLENBQUNhLEdBQUcsQ0FBQyxFQUFFO1FBQ2xCLE1BQU0sSUFBSWxELEtBQUssQ0FBQ1YsS0FBSyxDQUFDVSxLQUFLLENBQUNWLEtBQUssQ0FBQ1csZ0JBQWdCLEVBQUUsWUFBWWlELEdBQUcsY0FBYyxDQUFDO01BQ3BGO0lBQ0Y7SUFFQSxNQUFNLElBQUksQ0FBQzNELGNBQWM7SUFFekIsTUFBTTZDLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQ1QsbUJBQW1CLENBQUNVLFFBQVEsQ0FBQ2hDLFlBQVksQ0FBQztJQUN2RSxJQUFJLENBQUM4QixlQUFlLENBQUNDLFNBQVMsRUFBRUMsUUFBUSxDQUFDO0VBQzNDO0VBRUFNLDJCQUEyQkEsQ0FBQ0MsU0FBUyxFQUFFO0lBQ3JDLE1BQU1PLE1BQU0sR0FBR2pDLE1BQU0sQ0FBQ2tDLEtBQUssQ0FBQyxDQUFDLENBQUM7SUFDOUJELE1BQU0sQ0FBQ0UsZ0JBQWdCLENBQUNDLE1BQU0sQ0FBQ1YsU0FBUyxDQUFDLENBQUM7SUFDMUMsT0FBT08sTUFBTTtFQUNmO0FBQ0Y7QUFBQyxJQUFBSSxRQUFBLEdBQUFDLE9BQUEsQ0FBQTdFLE9BQUEsR0FFYyxJQUFJQyxjQUFjLENBQUMsQ0FBQyIsImlnbm9yZUxpc3QiOltdfQ==