Merge pull request #333 from mauromol/fix-response-issuer-retrieval

Fix extraction of the response issuer

Author: pitbulk

core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java

@@ -707,38 +707,89 @@ public List<String> getAudiences() throws XPathExpressionException {
 	}
 
 	/**
-	 * Gets the Issuers (from Response and Assertion).
+	 * Gets the Response Issuer.
 	 *
-	 * @return the issuers of the assertion/response
+	 * @return the Response Issuer, or <code>null</code> if not specified
 	 *
 	 * @throws XPathExpressionException
 	 * @throws ValidationError
+	 *               if multiple Response issuers were found
+	 * @see #getAssertionIssuer()
+	 * @see #getIssuers()
 	 */
-	public List<String> getIssuers() throws XPathExpressionException, ValidationError {
-		List<String> issuers = new ArrayList<String>();
-		String value;
+	public String getResponseIssuer() throws XPathExpressionException, ValidationError {
 		NodeList responseIssuer = Util.query(samlResponseDocument, "/samlp:Response/saml:Issuer");
-		if (responseIssuer.getLength() > 1) {
+		if (responseIssuer.getLength() > 0) {
 			if (responseIssuer.getLength() == 1) {
-				value = responseIssuer.item(0).getTextContent();
-				if (!issuers.contains(value)) {
-					issuers.add(value);
-				}
+				return responseIssuer.item(0).getTextContent();
 			} else {
 				throw new ValidationError("Issuer of the Response is multiple.", ValidationError.ISSUER_MULTIPLE_IN_RESPONSE);
 			}
 		}
-
+		return null;
+	}
+	
+	/**
+	 * Gets the Assertion Issuer.
+	 *
+	 * @return the Assertion Issuer
+	 *
+	 * @throws XPathExpressionException
+	 * @throws ValidationError
+	 *               if no Assertion Issuer could be found, or if multiple Assertion
+	 *               issuers were found
+	 * @see #getResponseIssuer()
+	 * @see #getIssuers()
+	 */
+	public String getAssertionIssuer() throws XPathExpressionException, ValidationError {
 		NodeList assertionIssuer = this.queryAssertion("/saml:Issuer");
 		if (assertionIssuer.getLength() == 1) {
-			value = assertionIssuer.item(0).getTextContent();
-			if (!issuers.contains(value)) {
-				issuers.add(value);
-			}
+			return assertionIssuer.item(0).getTextContent();
 		} else {
 			throw new ValidationError("Issuer of the Assertion not found or multiple.", ValidationError.ISSUER_NOT_FOUND_IN_ASSERTION);
 		}
-
+	}
+	
+	/**
+	 * Gets the Issuers (from Response and Assertion). If the same issuer appears
+	 * both in the Response and in the Assertion (as it should), the returned list
+	 * will contain it just once. Hence, the returned list should always return one
+	 * element and in particular:
+	 * <ul>
+	 * <li>it will never contain zero elements (it means an Assertion Issuer could
+	 * not be found, hence a {@link ValidationError} will be thrown instead)
+	 * <li>if it contains more than one element, it means that the response is
+	 * invalid and one of the returned issuers won't pass the check performed by
+	 * {@link #isValid(String)} (which requires both issuers to be equal to the
+	 * Identity Provider entity id)
+	 * </ul>
+	 * <p>
+	 * Warning: as a consequence of the above, if this response status code is not a
+	 * successful one, this method will throw a {@link ValidationError} because it
+	 * won't find any Assertion Issuer. In this case, if you need to retrieve the
+	 * Response Issuer any way, you must use {@link #getResponseIssuer()} instead.
+	 *
+	 * @return the issuers of the assertion/response
+	 *
+	 * @throws XPathExpressionException
+	 * @throws ValidationError
+	 *               if multiple Response Issuers or multiple Assertion Issuers were
+	 *               found, or if no Assertion Issuer could be found
+	 * @see #getResponseIssuer()
+	 * @see #getAssertionIssuer()
+	 * @deprecated use {@link #getResponseIssuer()} and/or
+	 *             {@link #getAssertionIssuer()}; the contract of this method is
+	 *             quite controversial
+	 */
+	@Deprecated
+	public List<String> getIssuers() throws XPathExpressionException, ValidationError {
+		List<String> issuers = new ArrayList<String>();
+		String responseIssuer = getResponseIssuer();
+		if(responseIssuer != null)
+			issuers.add(responseIssuer);
+		String assertionIssuer = getAssertionIssuer();
+		if(!issuers.contains(assertionIssuer))
+			issuers.add(assertionIssuer);
 		return issuers;
 	}
 

core/src/test/java/com/onelogin/saml2/test/authn/AuthnResponseTest.java

@@ -846,7 +846,7 @@ public void testGetAudiences() throws IOException, Error, XPathExpressionExcepti
 	}
 
 	/**
-	 * Tests the getIssuers method of SamlResponse
+	 * Tests the getIssuers methods of SamlResponse
 	 *
 	 * @throws Error
 	 * @throws IOException
@@ -861,46 +861,118 @@ public void testGetAudiences() throws IOException, Error, XPathExpressionExcepti
 	@Test
 	public void testGetIssuers() throws IOException, Error, XPathExpressionException, ParserConfigurationException, SAXException, SettingsException, ValidationError {
 		Saml2Settings settings = new SettingsBuilder().fromFile("config/config.my.properties").build();
-		String samlResponseEncoded = Util.getFileAsString("data/responses/response1.xml.base64");
+		String samlResponseEncoded = Util.getFileAsString("data/responses/valid_encrypted_assertion.xml.base64");
 		SamlResponse samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
+		String expectedIssuer = "http://idp.example.com/";
 		List<String> expectedIssuers = new ArrayList<String>();
-		expectedIssuers.add("http://idp.example.com/");
-		samlResponseEncoded = Util.getFileAsString("data/responses/valid_encrypted_assertion.xml.base64");
-		samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
+		expectedIssuers.add(expectedIssuer);
+		assertEquals(expectedIssuer, samlResponse.getResponseIssuer());
+		assertEquals(expectedIssuer, samlResponse.getAssertionIssuer());
 		assertEquals(expectedIssuers, samlResponse.getIssuers());
 
 		expectedIssuers.remove(0);
-		expectedIssuers.add("https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php");
+		expectedIssuer = "https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php";
+		expectedIssuers.add(expectedIssuer);
 
 		samlResponseEncoded = Util.getFileAsString("data/responses/signed_message_encrypted_assertion.xml.base64");
 		samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
+		assertEquals(expectedIssuer, samlResponse.getResponseIssuer());
+		assertEquals(expectedIssuer, samlResponse.getAssertionIssuer());
 		assertEquals(expectedIssuers, samlResponse.getIssuers());
 
 		samlResponseEncoded = Util.getFileAsString("data/responses/double_signed_encrypted_assertion.xml.base64");
 		samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
+		assertEquals(expectedIssuer, samlResponse.getResponseIssuer());
+		assertEquals(expectedIssuer, samlResponse.getAssertionIssuer());
 		assertEquals(expectedIssuers, samlResponse.getIssuers());
 
 		samlResponseEncoded = Util.getFileAsString("data/responses/signed_encrypted_assertion.xml.base64");
 		samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
+		assertEquals(expectedIssuer, samlResponse.getResponseIssuer());
+		assertEquals(expectedIssuer, samlResponse.getAssertionIssuer());
 		assertEquals(expectedIssuers, samlResponse.getIssuers());
 
 		samlResponseEncoded = Util.getFileAsString("data/responses/double_signed_response.xml.base64");
 		samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
+		assertEquals(expectedIssuer, samlResponse.getResponseIssuer());
+		assertEquals(expectedIssuer, samlResponse.getAssertionIssuer());
 		assertEquals(expectedIssuers, samlResponse.getIssuers());
 
 		samlResponseEncoded = Util.getFileAsString("data/responses/signed_assertion_response.xml.base64");
 		samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
+		assertEquals(expectedIssuer, samlResponse.getResponseIssuer());
+		assertEquals(expectedIssuer, samlResponse.getAssertionIssuer());
 		assertEquals(expectedIssuers, samlResponse.getIssuers());
 
+		expectedIssuer = "https://app.onelogin.com/saml/metadata/13590";
 		expectedIssuers = new ArrayList<String>();
-		expectedIssuers.add("https://app.onelogin.com/saml/metadata/13590");
+		expectedIssuers.add(expectedIssuer);
 		samlResponseEncoded = Util.getFileAsString("data/responses/invalids/no_issuer_response.xml.base64");
 		samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
+		assertNull(expectedIssuer, samlResponse.getResponseIssuer());
+		assertEquals(expectedIssuer, samlResponse.getAssertionIssuer());
 		assertEquals(expectedIssuers, samlResponse.getIssuers());
 	}
 
 	/**
-	 * Tests the getIssuers method of SamlResponse
+	 * Tests the getIssuers methods of SamlResponse
+	 * <p>
+	 * Case: different issuers for response and assertion
+	 *
+	 * @throws Error
+	 * @throws IOException
+	 * @throws ValidationError
+	 * @throws SettingsException
+	 * @throws SAXException
+	 * @throws ParserConfigurationException
+	 * @throws XPathExpressionException
+	 *
+	 * @see com.onelogin.saml2.authn.SamlResponse#getIssuers
+	 */
+	@Test
+	public void testGetIssuersDifferentIssuers() throws IOException, Error, XPathExpressionException, ParserConfigurationException, SAXException, SettingsException, ValidationError {
+		Saml2Settings settings = new SettingsBuilder().fromFile("config/config.my.properties").build();
+		String samlResponseEncoded = Util.getFileAsString("data/responses/invalids/different_issuers.xml.base64");
+		SamlResponse samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
+		List<String> expectedIssuers = new ArrayList<String>();
+		String expectedResponseIssuer = "https://response-issuer.com";
+		String expectedAssertionIssuer = "https://assertion-issuer.com";
+		expectedIssuers.add(expectedResponseIssuer);
+		expectedIssuers.add(expectedAssertionIssuer);
+		assertEquals(expectedResponseIssuer, samlResponse.getResponseIssuer());
+		assertEquals(expectedAssertionIssuer, samlResponse.getAssertionIssuer());
+		assertEquals(expectedIssuers, samlResponse.getIssuers());
+	}
+
+	/**
+	 * Tests the getAssertionIssuer method of SamlResponse
+	 * <p>
+	 * Case: Issuer of the assertion not found
+	 *
+	 * @throws Error
+	 * @throws IOException
+	 * @throws ValidationError
+	 * @throws SettingsException
+	 * @throws SAXException
+	 * @throws ParserConfigurationException
+	 * @throws XPathExpressionException
+	 *
+	 * @see com.onelogin.saml2.authn.SamlResponse#getIssuers
+	 */
+	@Test
+	public void testGetAssertionIssuerNoInAssertion() throws IOException, Error, XPathExpressionException, ParserConfigurationException, SAXException, SettingsException, ValidationError {
+		Saml2Settings settings = new SettingsBuilder().fromFile("config/config.my.properties").build();
+		String samlResponseEncoded = Util.getFileAsString("data/responses/invalids/no_issuer_assertion.xml.base64");
+		SamlResponse samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
+		
+		expectedEx.expect(ValidationError.class);
+		expectedEx.expectMessage("Issuer of the Assertion not found or multiple.");
+		samlResponse.getAssertionIssuer();
+	}
+
+	/**
+	 * Tests the getIssuers methods of SamlResponse
+	 * <p>
 	 * Case: Issuer of the assertion not found
 	 *
 	 * @throws Error
@@ -919,11 +991,12 @@ public void testGetIssuersNoInAssertion() throws IOException, Error, XPathExpres
 		String samlResponseEncoded = Util.getFileAsString("data/responses/invalids/no_issuer_assertion.xml.base64");
 		SamlResponse samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
 
+		samlResponse.getResponseIssuer(); // this should not fail
 		expectedEx.expect(ValidationError.class);
 		expectedEx.expectMessage("Issuer of the Assertion not found or multiple.");
 		samlResponse.getIssuers();
 	}
-	
+
 	/**
 	 * Tests the getSessionIndex method of SamlResponse
 	 *
@@ -1811,8 +1884,7 @@ public void testIsInValidIssuer() throws IOException, Error, XPathExpressionExce
 		settings.setStrict(true);
 		samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
 		assertFalse(samlResponse.isValid());
-		assertEquals("No Signature found. SAML Response rejected", samlResponse.getError());
-		
+		assertEquals("Invalid issuer in the Assertion/Response. Was 'http://invalid.isser.example.com/', but expected 'http://idp.example.com/'", samlResponse.getError());
 	}
 
 	/**

core/src/test/resources/data/responses/invalids/different_issuers.xml.base64

@@ -0,0 +1 @@
+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgSUQ9IkdPU0FNTFIxMjkwMTE3NDU3MTc5NCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTAtMTEtMThUMjE6NTc6MzdaIiBEZXN0aW5hdGlvbj0ie3JlY2lwaWVudH0iPg0KICA8c2FtbDpJc3N1ZXI+aHR0cHM6Ly9yZXNwb25zZS1pc3N1ZXIuY29tPC9zYW1sOklzc3Vlcj4NCiAgPHNhbWxwOlN0YXR1cz4NCiAgICA8c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+DQogIDxzYW1sOkFzc2VydGlvbiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIFZlcnNpb249IjIuMCIgSUQ9InBmeGE0NjU3NGRmLWIzYjAtYTA2YS0yM2M4LTYzNjQxMzE5ODc3MiIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiI+DQogICAgPHNhbWw6SXNzdWVyPmh0dHBzOi8vYXNzZXJ0aW9uLWlzc3Vlci5jb208L3NhbWw6SXNzdWVyPg0KICAgIDxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICAgICAgPGRzOlNpZ25lZEluZm8+DQogICAgICAgIDxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4NCiAgICAgICAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZnhhNDY1NzRkZi1iM2IwLWEwNmEtMjNjOC02MzY0MTMxOTg3NzIiPg0KICAgICAgICAgIDxkczpUcmFuc2Zvcm1zPg0KICAgICAgICAgICAgPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+DQogICAgICAgICAgICA8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgICAgICAgPC9kczpUcmFuc2Zvcm1zPg0KICAgICAgICAgIDxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPg0KICAgICAgICAgIDxkczpEaWdlc3RWYWx1ZT5wSlE3TVMvZWs0S1JSV0dtdi9INDNSZUhZTXM9PC9kczpEaWdlc3RWYWx1ZT4NCiAgICAgICAgPC9kczpSZWZlcmVuY2U+DQogICAgICA8L2RzOlNpZ25lZEluZm8+DQogICAgICA8ZHM6U2lnbmF0dXJlVmFsdWU+eWl2ZUtjUGREcHVETmo2c2hyUTNBQndyL2NBM0NyeUQycGhHL3hMWnN6S1d4VTUvbWxhS3Q4ZXdiWk9kS0t2dE9zMnBIQnk1RHVhM2s5NEFGK3p4R3llbDVnT293bW95WEpyK0FPcitrUE8wdmxpMVY4bzNoUFBVWndSZ1NYNlE5cFMxQ3FRZ2hLaUVhc1J5eWxxcUpVYVBZem1Pek9FOC9YbE1rd2lXbU8wPTwvZHM6U2lnbmF0dXJlVmFsdWU+DQogICAgICA8ZHM6S2V5SW5mbz4NCiAgICAgICAgPGRzOlg1MDlEYXRhPg0KICAgICAgICAgIDxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQnJUQ0NBYUdnQXdJQkFnSUJBVEFEQmdFQU1HY3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwRFlXeHBabTl5Ym1saE1SVXdFd1lEVlFRSERBeFRZVzUwWVNCTmIyNXBZMkV4RVRBUEJnTlZCQW9NQ0U5dVpVeHZaMmx1TVJrd0Z3WURWUVFEREJCaGNIQXViMjVsYkc5bmFXNHVZMjl0TUI0WERURXdNRE13T1RBNU5UZzBOVm9YRFRFMU1ETXdPVEE1TlRnME5Wb3daekVMTUFrR0ExVUVCaE1DVlZNeEV6QVJCZ05WQkFnTUNrTmhiR2xtYjNKdWFXRXhGVEFUQmdOVkJBY01ERk5oYm5SaElFMXZibWxqWVRFUk1BOEdBMVVFQ2d3SVQyNWxURzluYVc0eEdUQVhCZ05WQkFNTUVHRndjQzV2Ym1Wc2IyZHBiaTVqYjIwd2daOHdEUVlKS29aSWh2Y05BUUVCQlFBRGdZMEFNSUdKQW9HQkFPalN1MWZqUHk4ZDV3NFF5TDEremQ0aEl3MU1ra2ZmNFdZL1RMRzhPWmtVNVlUU1dtbUhQRDVrdllINXVvWFMvNnFRODFxWHBSMndWOENUb3daSlVMZzA5ZGRSZFJuOFFzcWoxRnlPQzVzbEUzeTJiWjJvRnVhNzJvZi80OWZwdWpuRlQ2S25RNjFDQk1xbERvVFFxT1Q2MnZHSjhuUDZNWld2QTZzeHF1ZDVBZ01CQUFFd0F3WUJBQU1CQUE9PTwvZHM6WDUwOUNlcnRpZmljYXRlPg0KICAgICAgICA8L2RzOlg1MDlEYXRhPg0KICAgICAgPC9kczpLZXlJbmZvPg0KICAgIDwvZHM6U2lnbmF0dXJlPg0KICAgIDxzYW1sOlN1YmplY3Q+DQogICAgICA8c2FtbDpOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDplbWFpbEFkZHJlc3MiPnN1cHBvcnRAb25lbG9naW4uY29tPC9zYW1sOk5hbWVJRD4NCiAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj4NCiAgICAgICAgPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDEwLTExLTE4VDIyOjAyOjM3WiIgUmVjaXBpZW50PSJ7cmVjaXBpZW50fSIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPg0KICAgIDwvc2FtbDpTdWJqZWN0Pg0KICAgIDxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDEwLTExLTE4VDIxOjUyOjM3WiIgTm90T25PckFmdGVyPSIyMDEwLTExLTE4VDIyOjAyOjM3WiI+DQogICAgICA8c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgICAgICA8c2FtbDpBdWRpZW5jZT57YXVkaWVuY2V9PC9zYW1sOkF1ZGllbmNlPg0KICAgICAgPC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgPC9zYW1sOkNvbmRpdGlvbnM+DQogICAgPHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOVQyMTo1NzozN1oiIFNlc3Npb25JbmRleD0iXzUzMWMzMmQyODNiZGZmN2UwNGU0ODdiY2RiYzRkZDhkIj4NCiAgICAgIDxzYW1sOkF1dGhuQ29udGV4dD4NCiAgICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+DQogICAgICA8L3NhbWw6QXV0aG5Db250ZXh0Pg0KICAgIDwvc2FtbDpBdXRoblN0YXRlbWVudD4NCiAgICA8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5kZW1vPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPg0KICAgICAgPC9zYW1sOkF0dHJpYnV0ZT4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJhbm90aGVyX3ZhbHVlIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj52YWx1ZTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+DQo=