token-server: Add protos for new API for generating service account tokens.

tokenserver/api/minter/v1/token_minter.pb.go

Index: tokenserver/api/minter/v1/token_minter.pb.go
diff --git a/tokenserver/api/minter/v1/token_minter.pb.go b/tokenserver/api/minter/v1/token_minter.pb.go
index 7d8424662f540904d00c8059a28a290d718b9fb9..6445b538becd674f5c6830c1335b7d82c5ea7e0a 100644
--- a/tokenserver/api/minter/v1/token_minter.pb.go
+++ b/tokenserver/api/minter/v1/token_minter.pb.go
@@ -15,6 +15,10 @@ It has these top-level messages:
 	LuciMachineToken
 	MintDelegationTokenRequest
 	MintDelegationTokenResponse
+	MintOAuthTokenGrantRequest
+	MintOAuthTokenGrantResponse
+	MintOAuthTokenViaGrantRequest
+	MintOAuthTokenViaGrantResponse
 */
 package minter
 
@@ -196,7 +200,7 @@ func (m *MachineTokenRequest) GetTokenType() tokenserver.MachineTokenType {
 	return tokenserver.MachineTokenType_UNKNOWN_TYPE
 }
 
-// MintMachineTokenResponse is returned by 'MintMachineToken' if the server
+// MintMachineTokenResponse is returned by MintMachineToken if the server
 // processed the request.
 //
 // It's returned even if server refuses to mint a token. It contains the error
@@ -476,7 +480,7 @@ func (m *MintDelegationTokenRequest) GetIntent() string {
 	return ""
 }
 
-// MintDelegationTokenResponse is returned by 'MintDelegationToken' on success.
+// MintDelegationTokenResponse is returned by MintDelegationToken on success.
 //
 // Errors are returned via standard gRPC codes.
 type MintDelegationTokenResponse struct {
@@ -490,6 +494,7 @@ type MintDelegationTokenResponse struct {
 	// Identifier of the service and its version that produced the token.
 	//
 	// Has the form "<app-id>/<module-version>". This is _not_ part of the token.
+	// Used only for logging and monitoring.
 	ServiceVersion string `protobuf:"bytes,3,opt,name=service_version,json=serviceVersion" json:"service_version,omitempty"`
 }
 
@@ -519,6 +524,197 @@ func (m *MintDelegationTokenResponse) GetServiceVersion() string {
 	return ""
 }
 
+// MintOAuthTokenGrantRequest is passed to MintOAuthTokenGrant.
+//
+// Additional implicit field is the identity of whoever makes this call. It
+// becomes 'wielder_identity' of the generated token.
+type MintOAuthTokenGrantRequest struct {
+	// Service account identity the end user wants to act as.
+	//
+	// A string of the form "user:<email>".
+	//
+	// Required.
+	ServiceAccount string `protobuf:"bytes,1,opt,name=service_account,json=serviceAccount" json:"service_account,omitempty"`
+	// How long the generated grant should be considered valid (in seconds).
+	//
+	// Default is 3600 sec.
+	ValidityDuration int64 `protobuf:"varint,2,opt,name=validity_duration,json=validityDuration" json:"validity_duration,omitempty"`
+	// An end user that wants to act as the service account (perhaps indirectly).
+	//
+	// A string of the form "user:<email>". On Swarming, this is an identity of
+	// a user that posted the task.
+	//
+	// TODO(vadimsh): Verify that this user is present during MintOAuthTokenGrant
+	// RPC by requiring the end user's credentials, e.g make Swarming forward
+	// user's OAuth token to the token server, where it can be validated.
+	//
+	// Required.
+	EndUserIdentity string `protobuf:"bytes,3,opt,name=end_user_identity,json=endUserIdentity" json:"end_user_identity,omitempty"`
+	// Optional reason why the grant is created.
+	//
+	// Used only for logging and auditing purposes. Doesn't become part of the
+	// grant.
+	Intent string `protobuf:"bytes,4,opt,name=intent" json:"intent,omitempty"`
+}
+
+func (m *MintOAuthTokenGrantRequest) Reset()                    { *m = MintOAuthTokenGrantRequest{} }
+func (m *MintOAuthTokenGrantRequest) String() string            { return proto.CompactTextString(m) }
+func (*MintOAuthTokenGrantRequest) ProtoMessage()               {}
+func (*MintOAuthTokenGrantRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{7} }
+
+func (m *MintOAuthTokenGrantRequest) GetServiceAccount() string {
+	if m != nil {
+		return m.ServiceAccount
+	}
+	return ""
+}
+
+func (m *MintOAuthTokenGrantRequest) GetValidityDuration() int64 {
+	if m != nil {
+		return m.ValidityDuration
+	}
+	return 0
+}
+
+func (m *MintOAuthTokenGrantRequest) GetEndUserIdentity() string {
+	if m != nil {
+		return m.EndUserIdentity
+	}
+	return ""
+}
+
+func (m *MintOAuthTokenGrantRequest) GetIntent() string {
+	if m != nil {
+		return m.Intent
+	}
+	return ""
+}
+
+// MintOAuthTokenGrantResponse is returned by MintOAuthTokenGrant.
+type MintOAuthTokenGrantResponse struct {
+	GrantToken string                     `protobuf:"bytes,1,opt,name=grant_token,json=grantToken" json:"grant_token,omitempty"`
+	Expiry     *google_protobuf.Timestamp `protobuf:"bytes,2,opt,name=expiry" json:"expiry,omitempty"`
+	// Identifier of the service and its version that produced the token.
+	//
+	// Has the form "<app-id>/<module-version>". This is _not_ part of the token.
+	// Used only for logging and monitoring.
+	ServiceVersion string `protobuf:"bytes,3,opt,name=service_version,json=serviceVersion" json:"service_version,omitempty"`
+}
+
+func (m *MintOAuthTokenGrantResponse) Reset()                    { *m = MintOAuthTokenGrantResponse{} }
+func (m *MintOAuthTokenGrantResponse) String() string            { return proto.CompactTextString(m) }
+func (*MintOAuthTokenGrantResponse) ProtoMessage()               {}
+func (*MintOAuthTokenGrantResponse) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{8} }
+
+func (m *MintOAuthTokenGrantResponse) GetGrantToken() string {
+	if m != nil {
+		return m.GrantToken
+	}
+	return ""
+}
+
+func (m *MintOAuthTokenGrantResponse) GetExpiry() *google_protobuf.Timestamp {
+	if m != nil {
+		return m.Expiry
+	}
+	return nil
+}
+
+func (m *MintOAuthTokenGrantResponse) GetServiceVersion() string {
+	if m != nil {
+		return m.ServiceVersion
+	}
+	return ""
+}
+
+// MintOAuthTokenViaGrantRequest is passed to MintOAuthTokenViaGrant.
+//
+// Additional implicit field is the identity of whoever makes this call. It is
+// compared against 'wielder_identity' inside the token.
+type MintOAuthTokenViaGrantRequest struct {
+	// A previously generated grant, as returned by MintOAuthTokenGrant.
+	GrantToken string `protobuf:"bytes,1,opt,name=grant_token,json=grantToken" json:"grant_token,omitempty"`
+	// The list of OAuth scopes the access token should have.
+	//
+	// The server may reject the request if some scopes are not allowed.
+	OauthScopes []string `protobuf:"bytes,2,rep,name=oauth_scopes,json=oauthScopes" json:"oauth_scopes,omitempty"`
+	// Minimally accepted validity duration of the returned OAuth token (seconds).
+	//
+	// The server may return a token that lives longer than this. The maximum is
+	// 1h. An attempt to get a token that lives longer than 1h will result in
+	// an error.
+	//
+	// The returned token validity duration doesn't depend on the lifetime of
+	// the grant: it's possible to use a grant that expires in 1 sec to get an
+	// access token that lives for 1h.
+	//
+	// Default is 300 sec.
+	MinValidityDuration int64 `protobuf:"varint,3,opt,name=min_validity_duration,json=minValidityDuration" json:"min_validity_duration,omitempty"`
+}
+
+func (m *MintOAuthTokenViaGrantRequest) Reset()                    { *m = MintOAuthTokenViaGrantRequest{} }
+func (m *MintOAuthTokenViaGrantRequest) String() string            { return proto.CompactTextString(m) }
+func (*MintOAuthTokenViaGrantRequest) ProtoMessage()               {}
+func (*MintOAuthTokenViaGrantRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{9} }
+
+func (m *MintOAuthTokenViaGrantRequest) GetGrantToken() string {
+	if m != nil {
+		return m.GrantToken
+	}
+	return ""
+}
+
+func (m *MintOAuthTokenViaGrantRequest) GetOauthScopes() []string {
+	if m != nil {
+		return m.OauthScopes
+	}
+	return nil
+}
+
+func (m *MintOAuthTokenViaGrantRequest) GetMinValidityDuration() int64 {
+	if m != nil {
+		return m.MinValidityDuration
+	}
+	return 0
+}
+
+// MintOAuthTokenViaGrantResponse is returned by MintOAuthTokenViaGrant.
+type MintOAuthTokenViaGrantResponse struct {
+	AccessToken string                     `protobuf:"bytes,1,opt,name=access_token,json=accessToken" json:"access_token,omitempty"`
+	Expiry      *google_protobuf.Timestamp `protobuf:"bytes,2,opt,name=expiry" json:"expiry,omitempty"`
+	// Identifier of the service and its version that produced the token.
+	//
+	// Has the form "<app-id>/<module-version>". Used only for logging and
+	// monitoring.
+	ServiceVersion string `protobuf:"bytes,3,opt,name=service_version,json=serviceVersion" json:"service_version,omitempty"`
+}
+
+func (m *MintOAuthTokenViaGrantResponse) Reset()                    { *m = MintOAuthTokenViaGrantResponse{} }
+func (m *MintOAuthTokenViaGrantResponse) String() string            { return proto.CompactTextString(m) }
+func (*MintOAuthTokenViaGrantResponse) ProtoMessage()               {}
+func (*MintOAuthTokenViaGrantResponse) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{10} }
+
+func (m *MintOAuthTokenViaGrantResponse) GetAccessToken() string {
+	if m != nil {
+		return m.AccessToken
+	}
+	return ""
+}
+
+func (m *MintOAuthTokenViaGrantResponse) GetExpiry() *google_protobuf.Timestamp {
+	if m != nil {
+		return m.Expiry
+	}
+	return nil
+}
+
+func (m *MintOAuthTokenViaGrantResponse) GetServiceVersion() string {
+	if m != nil {
+		return m.ServiceVersion
+	}
+	return ""
+}
+
 func init() {
 	proto.RegisterType((*MintMachineTokenRequest)(nil), "tokenserver.minter.MintMachineTokenRequest")
 	proto.RegisterType((*MachineTokenRequest)(nil), "tokenserver.minter.MachineTokenRequest")
@@ -527,6 +723,10 @@ func init() {
 	proto.RegisterType((*LuciMachineToken)(nil), "tokenserver.minter.LuciMachineToken")
 	proto.RegisterType((*MintDelegationTokenRequest)(nil), "tokenserver.minter.MintDelegationTokenRequest")
 	proto.RegisterType((*MintDelegationTokenResponse)(nil), "tokenserver.minter.MintDelegationTokenResponse")
+	proto.RegisterType((*MintOAuthTokenGrantRequest)(nil), "tokenserver.minter.MintOAuthTokenGrantRequest")
+	proto.RegisterType((*MintOAuthTokenGrantResponse)(nil), "tokenserver.minter.MintOAuthTokenGrantResponse")
+	proto.RegisterType((*MintOAuthTokenViaGrantRequest)(nil), "tokenserver.minter.MintOAuthTokenViaGrantRequest")
+	proto.RegisterType((*MintOAuthTokenViaGrantResponse)(nil), "tokenserver.minter.MintOAuthTokenViaGrantResponse")
 	proto.RegisterEnum("tokenserver.minter.SignatureAlgorithm", SignatureAlgorithm_name, SignatureAlgorithm_value)
 	proto.RegisterEnum("tokenserver.minter.ErrorCode", ErrorCode_name, ErrorCode_value)
 }
@@ -572,6 +772,41 @@ type TokenMinterClient interface {
 	// combinations of (caller identity, delegated identity, audience, service)
 	// tuples. See DelegationRule in config.proto.
 	MintDelegationToken(ctx context.Context, in *MintDelegationTokenRequest, opts ...grpc.CallOption) (*MintDelegationTokenResponse, error)
+	// MintOAuthTokenGrant generates a new grant for getting an OAuth2 token.
+	//
+	// This is a special (opaque for clients) token that asserts that the caller
+	// at the time of the call was allowed to act as a particular service account
+	// to perform a task authorized by an end-user.
+	//
+	// The returned grant can be used later (when the end-user is no longer
+	// present) to get a real OAuth2 access token via MintOAuthTokenViaGrant call.
+	//
+	// This pair of RPCs is used to "delay" generation of service account OAuth
+	// token until some later time, when it is actually needed. This is used by
+	// Swarming:
+	//   1. When the task is posted, Swarming calls MintOAuthTokenGrant to verify
+	//      that the end-user is allowed to act as the requested service account
+	//      on Swarming. On success, Swarming stores the grant in the task
+	//      metadata.
+	//   2. At a later time, when the task is executing and it needs an access
+	//      token, Swarming calls MintOAuthTokenViaGrant to convert the grant into
+	//      a real OAuth2 token.
+	//
+	// The returned grant can be used multiple times (as long as its validity
+	// duration and the token server policy allows).
+	//
+	// The token server must be configured in advance with all expected
+	// combinations of (caller identity, service account name, end users) tuples.
+	// See ServiceAccountRule in config.proto.
+	//
+	// MintOAuthTokenGrant will check that the requested usage is allowed by the
+	// rules. Later, MintOAuthTokenViaGrant will recheck this too.
+	MintOAuthTokenGrant(ctx context.Context, in *MintOAuthTokenGrantRequest, opts ...grpc.CallOption) (*MintOAuthTokenGrantResponse, error)
+	// MintOAuthTokenViaGrant converts an OAuth2 token grant into an access token.
+	//
+	// The grant must be previously generated by MintOAuthTokenGrant function, see
+	// its docs for more details.
+	MintOAuthTokenViaGrant(ctx context.Context, in *MintOAuthTokenViaGrantRequest, opts ...grpc.CallOption) (*MintOAuthTokenViaGrantResponse, error)
 }
 type tokenMinterPRPCClient struct {
 	client *prpc.Client
@@ -599,6 +834,24 @@ func (c *tokenMinterPRPCClient) MintDelegationToken(ctx context.Context, in *Min
 	return out, nil
 }
 
+func (c *tokenMinterPRPCClient) MintOAuthTokenGrant(ctx context.Context, in *MintOAuthTokenGrantRequest, opts ...grpc.CallOption) (*MintOAuthTokenGrantResponse, error) {
+	out := new(MintOAuthTokenGrantResponse)
+	err := c.client.Call(ctx, "tokenserver.minter.TokenMinter", "MintOAuthTokenGrant", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *tokenMinterPRPCClient) MintOAuthTokenViaGrant(ctx context.Context, in *MintOAuthTokenViaGrantRequest, opts ...grpc.CallOption) (*MintOAuthTokenViaGrantResponse, error) {
+	out := new(MintOAuthTokenViaGrantResponse)
+	err := c.client.Call(ctx, "tokenserver.minter.TokenMinter", "MintOAuthTokenViaGrant", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 type tokenMinterClient struct {
 	cc *grpc.ClientConn
 }
@@ -625,6 +878,24 @@ func (c *tokenMinterClient) MintDelegationToken(ctx context.Context, in *MintDel
 	return out, nil
 }
 
+func (c *tokenMinterClient) MintOAuthTokenGrant(ctx context.Context, in *MintOAuthTokenGrantRequest, opts ...grpc.CallOption) (*MintOAuthTokenGrantResponse, error) {
+	out := new(MintOAuthTokenGrantResponse)
+	err := grpc.Invoke(ctx, "/tokenserver.minter.TokenMinter/MintOAuthTokenGrant", in, out, c.cc, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *tokenMinterClient) MintOAuthTokenViaGrant(ctx context.Context, in *MintOAuthTokenViaGrantRequest, opts ...grpc.CallOption) (*MintOAuthTokenViaGrantResponse, error) {
+	out := new(MintOAuthTokenViaGrantResponse)
+	err := grpc.Invoke(ctx, "/tokenserver.minter.TokenMinter/MintOAuthTokenViaGrant", in, out, c.cc, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 // Server API for TokenMinter service
 
 type TokenMinterServer interface {
@@ -658,6 +929,41 @@ type TokenMinterServer interface {
 	// combinations of (caller identity, delegated identity, audience, service)
 	// tuples. See DelegationRule in config.proto.
 	MintDelegationToken(context.Context, *MintDelegationTokenRequest) (*MintDelegationTokenResponse, error)
+	// MintOAuthTokenGrant generates a new grant for getting an OAuth2 token.
+	//
+	// This is a special (opaque for clients) token that asserts that the caller
+	// at the time of the call was allowed to act as a particular service account
+	// to perform a task authorized by an end-user.
+	//
+	// The returned grant can be used later (when the end-user is no longer
+	// present) to get a real OAuth2 access token via MintOAuthTokenViaGrant call.
+	//
+	// This pair of RPCs is used to "delay" generation of service account OAuth
+	// token until some later time, when it is actually needed. This is used by
+	// Swarming:
+	//   1. When the task is posted, Swarming calls MintOAuthTokenGrant to verify
+	//      that the end-user is allowed to act as the requested service account
+	//      on Swarming. On success, Swarming stores the grant in the task
+	//      metadata.
+	//   2. At a later time, when the task is executing and it needs an access
+	//      token, Swarming calls MintOAuthTokenViaGrant to convert the grant into
+	//      a real OAuth2 token.
+	//
+	// The returned grant can be used multiple times (as long as its validity
+	// duration and the token server policy allows).
+	//
+	// The token server must be configured in advance with all expected
+	// combinations of (caller identity, service account name, end users) tuples.
+	// See ServiceAccountRule in config.proto.
+	//
+	// MintOAuthTokenGrant will check that the requested usage is allowed by the
+	// rules. Later, MintOAuthTokenViaGrant will recheck this too.
+	MintOAuthTokenGrant(context.Context, *MintOAuthTokenGrantRequest) (*MintOAuthTokenGrantResponse, error)
+	// MintOAuthTokenViaGrant converts an OAuth2 token grant into an access token.
+	//
+	// The grant must be previously generated by MintOAuthTokenGrant function, see
+	// its docs for more details.
+	MintOAuthTokenViaGrant(context.Context, *MintOAuthTokenViaGrantRequest) (*MintOAuthTokenViaGrantResponse, error)
 }
 
 func RegisterTokenMinterServer(s prpc.Registrar, srv TokenMinterServer) {
@@ -700,6 +1006,42 @@ func _TokenMinter_MintDelegationToken_Handler(srv interface{}, ctx context.Conte
 	return interceptor(ctx, in, info, handler)
 }
 
+func _TokenMinter_MintOAuthTokenGrant_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(MintOAuthTokenGrantRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TokenMinterServer).MintOAuthTokenGrant(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/tokenserver.minter.TokenMinter/MintOAuthTokenGrant",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TokenMinterServer).MintOAuthTokenGrant(ctx, req.(*MintOAuthTokenGrantRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TokenMinter_MintOAuthTokenViaGrant_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(MintOAuthTokenViaGrantRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TokenMinterServer).MintOAuthTokenViaGrant(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/tokenserver.minter.TokenMinter/MintOAuthTokenViaGrant",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TokenMinterServer).MintOAuthTokenViaGrant(ctx, req.(*MintOAuthTokenViaGrantRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 var _TokenMinter_serviceDesc = grpc.ServiceDesc{
 	ServiceName: "tokenserver.minter.TokenMinter",
 	HandlerType: (*TokenMinterServer)(nil),
@@ -712,6 +1054,14 @@ var _TokenMinter_serviceDesc = grpc.ServiceDesc{
 			MethodName: "MintDelegationToken",
 			Handler:    _TokenMinter_MintDelegationToken_Handler,
 		},
+		{
+			MethodName: "MintOAuthTokenGrant",
+			Handler:    _TokenMinter_MintOAuthTokenGrant_Handler,
+		},
+		{
+			MethodName: "MintOAuthTokenViaGrant",
+			Handler:    _TokenMinter_MintOAuthTokenViaGrant_Handler,
+		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "github.com/luci/luci-go/tokenserver/api/minter/v1/token_minter.proto",
@@ -722,63 +1072,75 @@ func init() {
 }
 
 var fileDescriptor0 = []byte{
-	// 919 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x55, 0xdd, 0x6e, 0xdb, 0x36,
-	0x14, 0x8e, 0x62, 0xc7, 0xb5, 0x4f, 0x7e, 0xaa, 0xd0, 0x49, 0xea, 0xb9, 0x1b, 0x1a, 0x78, 0xc3,
-	0x16, 0xb4, 0xab, 0x84, 0x79, 0xd8, 0x0f, 0xd0, 0xdd, 0xa8, 0xb6, 0x9a, 0x38, 0xad, 0xe4, 0x80,
-	0x92, 0x57, 0xec, 0x8a, 0x50, 0x2c, 0xd6, 0x21, 0x6a, 0x4b, 0xae, 0x44, 0x19, 0xf3, 0xde, 0x61,
-	0x0f, 0xb1, 0x27, 0xd8, 0x6b, 0xec, 0x49, 0xf6, 0x04, 0x03, 0x76, 0x3b, 0x88, 0x94, 0x6c, 0x39,
-	0x51, 0x87, 0xdc, 0x18, 0xe2, 0xf7, 0x7d, 0x3c, 0xdf, 0xe1, 0x39, 0x87, 0x34, 0xf4, 0x27, 0x8c,
-	0xdf, 0x24, 0xd7, 0xda, 0x38, 0x9c, 0xe9, 0xd3, 0x64, 0xcc, 0xc4, 0xcf, 0xf3, 0x49, 0xa8, 0xf3,
-	0xf0, 0x3d, 0x0d, 0x62, 0x1a, 0x2d, 0x68, 0xa4, 0x7b, 0x73, 0xa6, 0xcf, 0x58, 0xc0, 0x69, 0xa4,
-	0x2f, 0xbe, 0x91, 0x0c, 0x91, 0x6b, 0x6d, 0x1e, 0x85, 0x3c, 0x44, 0xa8, 0xa0, 0xd6, 0x24, 0xd3,
-	0x7e, 0x32, 0x09, 0xc3, 0xc9, 0x94, 0xea, 0x42, 0x71, 0x9d, 0xbc, 0xd3, 0x39, 0x9b, 0xd1, 0x98,
-	0x7b, 0xb3, 0xb9, 0xdc, 0xd4, 0xbe, 0xf8, 0x98, 0x75, 0xee, 0x9a, 0xf0, 0x1b, 0xdd, 0xa7, 0x53,
-	0x3a, 0xf1, 0x38, 0x0b, 0x03, 0x7d, 0x46, 0xe3, 0xd8, 0x9b, 0xd0, 0xb8, 0x80, 0x65, 0x91, 0x5e,
-	0xdc, 0xfb, 0x10, 0xde, 0xf8, 0x86, 0x05, 0x94, 0x08, 0x5c, 0x6e, 0xee, 0x7c, 0x80, 0x47, 0x16,
-	0x0b, 0xb8, 0x25, 0x29, 0x37, 0x65, 0x30, 0xfd, 0x90, 0xd0, 0x98, 0xa3, 0x1f, 0xa1, 0x15, 0xd3,
-	0x88, 0x79, 0x53, 0xf6, 0x1b, 0xf5, 0xe5, 0x26, 0x12, 0x49, 0xae, 0xa5, 0x9c, 0x2a, 0x67, 0x7b,
-	0xf8, 0x64, 0xcd, 0x6f, 0xec, 0xfc, 0x14, 0x1a, 0x31, 0x9b, 0x04, 0x1e, 0x4f, 0x22, 0xda, 0xda,
-	0x16, 0xd2, 0x35, 0xd0, 0xf9, 0x7d, 0x1b, 0x9a, 0x65, 0x7e, 0xa7, 0xb0, 0x3b, 0xa6, 0x11, 0x67,
-	0xef, 0xd8, 0xd8, 0xe3, 0x34, 0xb3, 0x28, 0x42, 0xe8, 0x2d, 0x34, 0x57, 0x61, 0x88, 0x37, 0x9d,
-	0x84, 0x11, 0xe3, 0x37, 0x33, 0xe1, 0x70, 0xd0, 0xfd, 0x52, 0xbb, 0xdb, 0x06, 0xcd, 0xc9, 0xe5,
-	0x46, 0xae, 0xc6, 0x28, 0xbe, 0x83, 0xa1, 0x1f, 0xa0, 0xc1, 0xe2, 0x38, 0xa1, 0x3e, 0xf1, 0x78,
-	0xab, 0x72, 0xaa, 0x9c, 0xed, 0x76, 0xdb, 0x9a, 0xec, 0xa0, 0x96, 0x77, 0x50, 0x73, 0xf3, 0x0e,
-	0xe2, 0xba, 0x14, 0x1b, 0x1c, 0xfd, 0x04, 0x20, 0x0b, 0xc3, 0x97, 0x73, 0xda, 0xaa, 0x8a, 0x44,
-	0x3e, 0xdb, 0x48, 0xa4, 0x78, 0x52, 0x77, 0x39, 0xa7, 0xb8, 0xc1, 0xf3, 0xcf, 0xcb, 0x6a, 0x7d,
-	0x47, 0xad, 0x75, 0xfe, 0x55, 0xa0, 0x75, 0xb7, 0x07, 0xf1, 0x3c, 0x0c, 0x62, 0x9a, 0x1a, 0xd0,
-	0x28, 0x0a, 0x23, 0x32, 0x0e, 0x7d, 0x59, 0x93, 0xdb, 0x06, 0xd9, 0x49, 0xcd, 0x54, 0xd5, 0x0b,
-	0x7d, 0x8a, 0x1b, 0x34, 0xff, 0x44, 0x9f, 0xc3, 0xbe, 0xdc, 0x9d, 0x4d, 0x8f, 0x28, 0x55, 0x03,
-	0xef, 0x09, 0xd0, 0x92, 0x18, 0x1a, 0xc2, 0x41, 0xde, 0x5c, 0x69, 0x9a, 0x55, 0xe0, 0xac, 0xcc,
-	0xa6, 0x2c, 0x49, 0xbc, 0xcf, 0x37, 0x72, 0xfe, 0x0a, 0x1e, 0xa6, 0x9b, 0xd8, 0x98, 0x92, 0x05,
-	0x8d, 0x62, 0x16, 0x06, 0xa2, 0x32, 0x0d, 0x7c, 0x90, 0xc1, 0x3f, 0x4b, 0xb4, 0xf3, 0xa7, 0x02,
-	0x47, 0xa5, 0xa7, 0x2e, 0x89, 0xb0, 0x5d, 0x16, 0x01, 0xb9, 0x80, 0xd2, 0x69, 0x27, 0x1b, 0xa3,
-	0xdd, 0x3a, 0x16, 0xf9, 0x7f, 0x51, 0x96, 0xff, 0x9b, 0x64, 0xcc, 0x8a, 0x96, 0x17, 0x5b, 0x58,
-	0x9d, 0xde, 0xc2, 0x5e, 0xee, 0x15, 0xbb, 0x7a, 0x59, 0xad, 0x2b, 0xea, 0xf6, 0x65, 0xb5, 0x7e,
-	0xa4, 0x1e, 0x77, 0xde, 0x83, 0x7a, 0x3b, 0x42, 0x5a, 0xe4, 0x4d, 0x7b, 0x45, 0x16, 0x79, 0x56,
-	0x14, 0x75, 0xa1, 0x46, 0x7f, 0x9d, 0xb3, 0x68, 0x29, 0x0e, 0xf2, 0xff, 0xe3, 0x95, 0x29, 0x3b,
-	0x7f, 0x29, 0xd0, 0x4e, 0x07, 0xa3, 0xbf, 0xba, 0xf1, 0x1b, 0xf7, 0xe5, 0x39, 0xa0, 0xec, 0x2d,
-	0xa0, 0x3e, 0x61, 0x3e, 0x0d, 0x38, 0xe3, 0xcb, 0xcc, 0xfc, 0x70, 0xc5, 0x0c, 0x32, 0x02, 0x3d,
-	0x83, 0xc3, 0x85, 0x37, 0x65, 0x3e, 0xe3, 0x4b, 0xe2, 0x27, 0x91, 0x88, 0x27, 0x92, 0xa9, 0x60,
-	0x35, 0x27, 0xfa, 0x19, 0x8e, 0xda, 0x50, 0xf7, 0x12, 0x9f, 0xd1, 0x60, 0x9c, 0x4e, 0x43, 0xe5,
-	0xac, 0x81, 0x57, 0xeb, 0x94, 0xcb, 0xba, 0x10, 0xb7, 0xaa, 0x92, 0xcb, 0xd7, 0xe8, 0x04, 0x6a,
-	0x69, 0x9d, 0x03, 0xde, 0xda, 0x11, 0x79, 0x64, 0xab, 0xce, 0x1f, 0x0a, 0x3c, 0x2e, 0x3d, 0x4a,
-	0xd6, 0xf0, 0x23, 0xd8, 0x29, 0xd6, 0x4e, 0x2e, 0x50, 0x0f, 0x9a, 0xeb, 0xd7, 0x8e, 0xc4, 0xc9,
-	0xb5, 0xd4, 0xc8, 0x0a, 0x22, 0x2d, 0x7f, 0x12, 0x35, 0x27, 0x63, 0x30, 0x5a, 0xcb, 0x73, 0xac,
-	0x6c, 0x96, 0x2a, 0x65, 0xb3, 0xf4, 0xf4, 0x05, 0xa0, 0xbb, 0xcf, 0x05, 0x52, 0x61, 0x6f, 0x64,
-	0xbf, 0xb6, 0x87, 0x6f, 0x6d, 0x62, 0xbc, 0x39, 0x1f, 0xaa, 0x5b, 0xa8, 0x09, 0x0f, 0x9d, 0x0b,
-	0xa3, 0xfb, 0xdd, 0xf7, 0x04, 0x3b, 0x86, 0x04, 0x95, 0xa7, 0x7f, 0x2b, 0xd0, 0x58, 0x5d, 0x41,
-	0xb4, 0x0b, 0x0f, 0x9c, 0x51, 0xaf, 0x67, 0x3a, 0x8e, 0xba, 0x85, 0x3e, 0x81, 0xe3, 0x91, 0xed,
-	0x8c, 0xae, 0xae, 0x86, 0xd8, 0x35, 0xfb, 0xc4, 0x19, 0x9c, 0xdb, 0x86, 0x3b, 0xc2, 0xa6, 0xaa,
-	0xa0, 0x36, 0x9c, 0x14, 0x29, 0x77, 0xf8, 0xda, 0xb4, 0x89, 0xfb, 0xcb, 0x95, 0xa9, 0x6e, 0xa3,
-	0x43, 0xd8, 0x7f, 0x69, 0xf4, 0x89, 0x3b, 0xb0, 0x4c, 0xc7, 0x35, 0xac, 0x2b, 0xb5, 0x92, 0xca,
-	0x53, 0xa8, 0x67, 0x62, 0x77, 0xf0, 0x6a, 0xd0, 0x33, 0x5c, 0x93, 0xbc, 0x1a, 0x62, 0xcb, 0x70,
-	0xd5, 0x6a, 0x2e, 0x5f, 0x47, 0xdf, 0x91, 0xc6, 0x2e, 0x1e, 0x39, 0x69, 0xec, 0xc2, 0x26, 0xb5,
-	0x86, 0x1e, 0x41, 0x53, 0x04, 0x17, 0x86, 0x06, 0x3e, 0x1f, 0x59, 0xa6, 0xed, 0x3a, 0xea, 0x03,
-	0xf4, 0x04, 0x1e, 0x5b, 0x46, 0xef, 0x62, 0x60, 0x9b, 0x19, 0x69, 0x0d, 0x6c, 0x77, 0x60, 0x9f,
-	0x13, 0x13, 0xe3, 0x21, 0x56, 0xeb, 0xdd, 0x7f, 0x14, 0xd8, 0x15, 0xbd, 0xb3, 0xc4, 0x85, 0x42,
-	0x33, 0x50, 0x6f, 0x3f, 0x5e, 0xe8, 0x59, 0xe9, 0xcb, 0x51, 0xfe, 0x37, 0xd3, 0xfe, 0xfa, 0x7e,
-	0xe2, 0x6c, 0x50, 0x16, 0xd0, 0x2c, 0x99, 0x23, 0xa4, 0x7d, 0x2c, 0x48, 0xf9, 0xdd, 0x69, 0xeb,
-	0xf7, 0xd6, 0x4b, 0xdf, 0xeb, 0x9a, 0xb8, 0xa7, 0xdf, 0xfe, 0x17, 0x00, 0x00, 0xff, 0xff, 0x24,
-	0xdc, 0xe5, 0x43, 0x32, 0x08, 0x00, 0x00,
+	// 1117 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0xcd, 0x6e, 0xdb, 0x46,
+	0x17, 0x0d, 0x25, 0xd9, 0x91, 0xae, 0x64, 0x9b, 0x1e, 0xd9, 0x8e, 0x3e, 0xe5, 0x4b, 0xed, 0xa8,
+	0x45, 0x6b, 0x38, 0x8d, 0x84, 0xa8, 0xe8, 0x0f, 0x90, 0x6e, 0x18, 0x99, 0xb1, 0xe5, 0x44, 0x92,
+	0x31, 0xa4, 0x1c, 0x74, 0x45, 0xd0, 0xe4, 0x44, 0x1e, 0x44, 0x22, 0x15, 0x72, 0x68, 0xd4, 0xdd,
+	0xf4, 0x09, 0xba, 0xee, 0xa2, 0x9b, 0xf6, 0x09, 0xba, 0xeb, 0x33, 0xf4, 0x49, 0xba, 0xeb, 0xba,
+	0xdb, 0x82, 0x33, 0xa4, 0x44, 0x4a, 0x54, 0xe3, 0x14, 0xe8, 0xc6, 0x10, 0xcf, 0xbd, 0x73, 0xcf,
+	0x99, 0x73, 0xef, 0xcc, 0x18, 0x8e, 0x47, 0x94, 0x5d, 0x05, 0x97, 0x4d, 0xcb, 0x9d, 0xb4, 0xc6,
+	0x81, 0x45, 0xf9, 0x9f, 0xc7, 0x23, 0xb7, 0xc5, 0xdc, 0x37, 0xc4, 0xf1, 0x89, 0x77, 0x4d, 0xbc,
+	0x96, 0x39, 0xa5, 0xad, 0x09, 0x75, 0x18, 0xf1, 0x5a, 0xd7, 0x4f, 0x44, 0xc4, 0x10, 0xdf, 0xcd,
+	0xa9, 0xe7, 0x32, 0x17, 0xa1, 0x44, 0x76, 0x53, 0x44, 0xea, 0xfb, 0x23, 0xd7, 0x1d, 0x8d, 0x49,
+	0x8b, 0x67, 0x5c, 0x06, 0xaf, 0x5b, 0x8c, 0x4e, 0x88, 0xcf, 0xcc, 0xc9, 0x54, 0x2c, 0xaa, 0x9f,
+	0xae, 0xa2, 0x8e, 0x59, 0x03, 0x76, 0xd5, 0xb2, 0xc9, 0x98, 0x8c, 0x4c, 0x46, 0x5d, 0xa7, 0x35,
+	0x21, 0xbe, 0x6f, 0x8e, 0x88, 0x9f, 0xc0, 0xa2, 0x4a, 0x4f, 0x6f, 0xbd, 0x09, 0xd3, 0xba, 0xa2,
+	0x0e, 0x31, 0x38, 0x2e, 0x16, 0x37, 0xde, 0xc2, 0xbd, 0x1e, 0x75, 0x58, 0x4f, 0x84, 0xf4, 0x30,
+	0x82, 0xc9, 0xdb, 0x80, 0xf8, 0x0c, 0x7d, 0x05, 0x35, 0x9f, 0x78, 0xd4, 0x1c, 0xd3, 0xef, 0x88,
+	0x2d, 0x16, 0x19, 0x9e, 0x88, 0xd5, 0xa4, 0x03, 0xe9, 0xb0, 0x82, 0xf7, 0xe6, 0xf1, 0xd4, 0xca,
+	0xff, 0x43, 0xc9, 0xa7, 0x23, 0xc7, 0x64, 0x81, 0x47, 0x6a, 0x39, 0x9e, 0x3a, 0x07, 0x1a, 0x3f,
+	0xe4, 0xa0, 0x9a, 0xc5, 0x77, 0x00, 0x65, 0x8b, 0x78, 0x8c, 0xbe, 0xa6, 0x96, 0xc9, 0x48, 0x44,
+	0x91, 0x84, 0xd0, 0x2b, 0xa8, 0xce, 0xca, 0x18, 0xe6, 0x78, 0xe4, 0x7a, 0x94, 0x5d, 0x4d, 0x38,
+	0xc3, 0x66, 0xfb, 0xe3, 0xe6, 0x72, 0x1b, 0x9a, 0x5a, 0x9c, 0xae, 0xc4, 0xd9, 0x18, 0xf9, 0x4b,
+	0x18, 0xfa, 0x12, 0x4a, 0xd4, 0xf7, 0x03, 0x62, 0x1b, 0x26, 0xab, 0xe5, 0x0f, 0xa4, 0xc3, 0x72,
+	0xbb, 0xde, 0x14, 0x1d, 0x6c, 0xc6, 0x1d, 0x6c, 0xea, 0x71, 0x07, 0x71, 0x51, 0x24, 0x2b, 0x0c,
+	0x7d, 0x0d, 0x20, 0x8c, 0x61, 0x37, 0x53, 0x52, 0x2b, 0x70, 0x21, 0x0f, 0x52, 0x42, 0x92, 0x3b,
+	0xd5, 0x6f, 0xa6, 0x04, 0x97, 0x58, 0xfc, 0xf3, 0xac, 0x50, 0x5c, 0x93, 0xd7, 0x1b, 0x7f, 0x49,
+	0x50, 0x5b, 0xee, 0x81, 0x3f, 0x75, 0x1d, 0x9f, 0x84, 0x04, 0xc4, 0xf3, 0x5c, 0xcf, 0xb0, 0x5c,
+	0x5b, 0x78, 0xb2, 0x48, 0x10, 0xed, 0x54, 0x0d, 0xb3, 0x3a, 0xae, 0x4d, 0x70, 0x89, 0xc4, 0x3f,
+	0xd1, 0x87, 0xb0, 0x21, 0x56, 0x47, 0xd3, 0xc3, 0xad, 0x2a, 0xe1, 0x0a, 0x07, 0x7b, 0x02, 0x43,
+	0x03, 0xd8, 0x8c, 0x9b, 0x2b, 0x48, 0x23, 0x07, 0x0e, 0xb3, 0x68, 0xb2, 0x44, 0xe2, 0x0d, 0x96,
+	0xd2, 0xfc, 0x09, 0x6c, 0x85, 0x8b, 0xa8, 0x45, 0x8c, 0x6b, 0xe2, 0xf9, 0xd4, 0x75, 0xb8, 0x33,
+	0x25, 0xbc, 0x19, 0xc1, 0x17, 0x02, 0x6d, 0xfc, 0x2a, 0xc1, 0x4e, 0xe6, 0xae, 0x33, 0x2a, 0xe4,
+	0xb2, 0x2a, 0x20, 0x1d, 0x50, 0x38, 0xed, 0x46, 0x6a, 0xb4, 0x6b, 0xbb, 0x5c, 0xff, 0x47, 0x59,
+	0xfa, 0x5f, 0x06, 0x16, 0x4d, 0x52, 0x9e, 0xde, 0xc1, 0xf2, 0x78, 0x01, 0x7b, 0x56, 0x49, 0x76,
+	0xf5, 0xac, 0x50, 0x94, 0xe4, 0xdc, 0x59, 0xa1, 0xb8, 0x23, 0xef, 0x36, 0xde, 0x80, 0xbc, 0x58,
+	0x21, 0x34, 0x39, 0x4d, 0x2f, 0x09, 0x93, 0x27, 0xc9, 0xa4, 0x36, 0xac, 0x93, 0x6f, 0xa7, 0xd4,
+	0xbb, 0xe1, 0x1b, 0xf9, 0xe7, 0xf1, 0x8a, 0x32, 0x1b, 0xbf, 0x4b, 0x50, 0x0f, 0x07, 0xe3, 0x78,
+	0x76, 0xe2, 0x53, 0xe7, 0xe5, 0x31, 0xa0, 0xe8, 0x2e, 0x20, 0xb6, 0x41, 0x6d, 0xe2, 0x30, 0xca,
+	0x6e, 0x22, 0xf2, 0xed, 0x59, 0xa4, 0x1b, 0x05, 0xd0, 0x23, 0xd8, 0xbe, 0x36, 0xc7, 0xd4, 0xa6,
+	0xec, 0xc6, 0xb0, 0x03, 0x8f, 0xd7, 0xe3, 0x62, 0xf2, 0x58, 0x8e, 0x03, 0xc7, 0x11, 0x8e, 0xea,
+	0x50, 0x34, 0x03, 0x9b, 0x12, 0xc7, 0x0a, 0xa7, 0x21, 0x7f, 0x58, 0xc2, 0xb3, 0xef, 0x30, 0x16,
+	0x75, 0xc1, 0xaf, 0x15, 0x44, 0x2c, 0xfe, 0x46, 0x7b, 0xb0, 0x1e, 0xfa, 0xec, 0xb0, 0xda, 0x1a,
+	0xd7, 0x11, 0x7d, 0x35, 0x7e, 0x91, 0xe0, 0x7e, 0xe6, 0x56, 0xa2, 0x86, 0xef, 0xc0, 0x5a, 0xd2,
+	0x3b, 0xf1, 0x81, 0x3a, 0x50, 0x9d, 0xdf, 0x76, 0x86, 0x1f, 0x5c, 0x8a, 0x1c, 0xe1, 0x20, 0x6a,
+	0xc6, 0x57, 0x62, 0x53, 0x8b, 0x22, 0x18, 0xcd, 0xd3, 0x63, 0x2c, 0x6b, 0x96, 0xf2, 0x99, 0xd3,
+	0xf8, 0x5b, 0x64, 0xf7, 0x40, 0x09, 0xd8, 0x15, 0x97, 0x77, 0xe2, 0x99, 0x0e, 0x8b, 0xed, 0x4e,
+	0xd4, 0x31, 0x2d, 0xcb, 0x0d, 0x1c, 0x16, 0x89, 0x8d, 0xeb, 0x28, 0x02, 0x7d, 0x3f, 0xa3, 0x8f,
+	0x60, 0x9b, 0x38, 0xb6, 0x11, 0xf8, 0xc4, 0x9b, 0xf7, 0x50, 0xe8, 0xdb, 0x22, 0x8e, 0x3d, 0xf4,
+	0x89, 0x37, 0xeb, 0xe0, 0xdc, 0xdc, 0x42, 0xca, 0xdc, 0x9f, 0x22, 0x73, 0x97, 0x84, 0x47, 0xe6,
+	0xee, 0x43, 0x79, 0x14, 0x02, 0xa9, 0xf1, 0x04, 0x0e, 0xfd, 0xeb, 0xe1, 0xbc, 0xbd, 0xad, 0x3f,
+	0x4a, 0xf0, 0x20, 0xad, 0xee, 0x82, 0x9a, 0x29, 0x67, 0xdf, 0xa9, 0xef, 0x21, 0x54, 0xdc, 0xf0,
+	0x3d, 0x34, 0x7c, 0xcb, 0x9d, 0x12, 0xbf, 0x96, 0xe3, 0x53, 0x57, 0xe6, 0x98, 0xc6, 0x21, 0xd4,
+	0x86, 0xdd, 0x09, 0x75, 0x8c, 0x65, 0xe3, 0xf3, 0xdc, 0xf8, 0xea, 0x84, 0x3a, 0x17, 0x0b, 0xde,
+	0x37, 0x7e, 0x96, 0xe0, 0x83, 0x55, 0xca, 0x22, 0xeb, 0x1e, 0x42, 0xc5, 0xb4, 0x2c, 0xe2, 0xfb,
+	0x29, 0x6d, 0x65, 0x81, 0xfd, 0xf7, 0xe6, 0x1d, 0x3d, 0x05, 0xb4, 0xfc, 0x84, 0x21, 0x19, 0x2a,
+	0xc3, 0xfe, 0x8b, 0xfe, 0xe0, 0x55, 0xdf, 0x50, 0x5e, 0x9e, 0x0c, 0xe4, 0x3b, 0xa8, 0x0a, 0x5b,
+	0xda, 0xa9, 0xd2, 0xfe, 0xfc, 0x0b, 0x03, 0x6b, 0x8a, 0x00, 0xa5, 0xa3, 0x3f, 0x24, 0x28, 0xcd,
+	0x9e, 0x05, 0x54, 0x86, 0xbb, 0xda, 0xb0, 0xd3, 0x51, 0x35, 0x4d, 0xbe, 0x83, 0xfe, 0x07, 0xbb,
+	0xc3, 0xbe, 0x36, 0x3c, 0x3f, 0x1f, 0x60, 0x5d, 0x3d, 0x36, 0xb4, 0xee, 0x49, 0x5f, 0xd1, 0x87,
+	0x58, 0x95, 0x25, 0x54, 0x87, 0xbd, 0x64, 0x48, 0x1f, 0xbc, 0x50, 0xfb, 0x86, 0xfe, 0xcd, 0xb9,
+	0x2a, 0xe7, 0xd0, 0x36, 0x6c, 0x3c, 0x53, 0x8e, 0x0d, 0xbd, 0xdb, 0x53, 0x35, 0x5d, 0xe9, 0x9d,
+	0xcb, 0xf9, 0x30, 0x3d, 0x84, 0x3a, 0x2a, 0xd6, 0xbb, 0xcf, 0xbb, 0x1d, 0x45, 0x57, 0x8d, 0xe7,
+	0x03, 0xdc, 0x53, 0x74, 0xb9, 0x10, 0xa7, 0xcf, 0xab, 0xaf, 0x09, 0x62, 0x1d, 0x0f, 0xb5, 0xb0,
+	0x76, 0x62, 0x91, 0xbc, 0x8e, 0xee, 0x41, 0x95, 0x17, 0xe7, 0x84, 0x0a, 0x3e, 0x19, 0xf6, 0xd4,
+	0xbe, 0xae, 0xc9, 0x77, 0xd1, 0x3e, 0xdc, 0xef, 0x29, 0x9d, 0xd3, 0x6e, 0x5f, 0x8d, 0x82, 0xbd,
+	0x6e, 0x5f, 0xef, 0xf6, 0x4f, 0x0c, 0x15, 0xe3, 0x01, 0x96, 0x8b, 0xed, 0x3f, 0xf3, 0x50, 0xe6,
+	0xcd, 0xe8, 0xf1, 0x4b, 0x1e, 0x4d, 0x40, 0x5e, 0x7c, 0x50, 0xd1, 0xa3, 0xcc, 0xd7, 0x2c, 0xfb,
+	0x5f, 0x9f, 0xfa, 0xa7, 0xb7, 0x4b, 0x8e, 0x86, 0xe4, 0x1a, 0xaa, 0x19, 0x77, 0x1b, 0x6a, 0xae,
+	0x2a, 0x92, 0x7d, 0x9f, 0xd7, 0x5b, 0xb7, 0xce, 0x4f, 0xf3, 0x2e, 0x1c, 0xfb, 0xd5, 0xbc, 0xd9,
+	0x17, 0xdb, 0x6a, 0xde, 0x55, 0xf7, 0xc9, 0xf7, 0xb0, 0x97, 0x7d, 0x6c, 0xd0, 0x93, 0x77, 0x97,
+	0x5a, 0x38, 0xfc, 0xf5, 0xf6, 0xfb, 0x2c, 0x11, 0x02, 0x2e, 0xd7, 0xf9, 0xd1, 0xfa, 0xec, 0xef,
+	0x00, 0x00, 0x00, 0xff, 0xff, 0x9b, 0x07, 0xeb, 0xf4, 0xbf, 0x0b, 0x00, 0x00,
 }