@jvsoft/utils 1.0.0-alpha.11 → 1.0.0-alpha.12

package/fesm2022/jvsoft-utils-services.mjs

@@ -1,6 +1,11 @@
 import * as i0 from '@angular/core';
-import { signal, computed, Injectable } from '@angular/core';
+import { signal, computed, Injectable, InjectionToken, inject } from '@angular/core';
 import { format } from 'date-fns';
+import { HttpClient } from '@angular/common/http';
+import { firstValueFrom } from 'rxjs';
+import { map, catchError } from 'rxjs/operators';
+import * as CryptoJS from 'crypto-js';
+import JSEncrypt from 'jsencrypt';
 
 class RelojService {
     // El offset es la diferencia: ServerTime - LocalTime (performance.now())
@@ -93,6 +98,127 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.14", ngImpo
                 }]
         }], ctorParameters: () => [] });
 
+const ENCRYPTION_CONFIG = new InjectionToken('ENCRYPTION_CONFIG');
+class EncryptionService {
+    http = inject(HttpClient);
+    reloj = inject(RelojService);
+    config = inject(ENCRYPTION_CONFIG, { optional: true });
+    PUBLIC_KEY_URL = this.config?.publicKeyUrl ?? '/api/auth/public-key';
+    CACHE_KEY = 'jvs_rsa_public_key';
+    publicKey = signal(null);
+    pendingFetch;
+    constructor() {
+        this.loadCachedPublicKey();
+        this.escucharCambiosOtrasPestanas();
+    }
+    /**
+     * Obtiene la llave pública del servidor.
+     * Utiliza la Signal (RAM) primariamente, luego localStorage.
+     * Maneja peticiones concurrentes de forma que solo se dispare una descarga.
+     */
+    async getPublicKey() {
+        const current = this.publicKey();
+        if (current) {
+            return current;
+        }
+        if (this.pendingFetch) {
+            return this.pendingFetch;
+        }
+        this.pendingFetch = firstValueFrom(this.http.get(this.PUBLIC_KEY_URL).pipe(map(res => {
+            const key = res.publicKey || res.public_key;
+            if (!key)
+                throw new Error('Respuesta inválida del servidor (Falta publicKey/public_key).');
+            this.setPublicKey(key);
+            return key;
+        }), catchError(err => {
+            this.pendingFetch = undefined;
+            console.error('[EncryptionService] Error al obtener llave pública:', err);
+            throw err;
+        })));
+        try {
+            const key = await this.pendingFetch;
+            this.pendingFetch = undefined;
+            return key;
+        }
+        catch {
+            this.pendingFetch = undefined;
+            throw new Error('No se pudo establecer el canal seguro (RSA Key Fallback).');
+        }
+    }
+    /**
+     * Fuerza la limpieza del caché y descarga una nueva llave.
+     * Útil para auto-saneamiento cuando el backend reporta error de desencriptación.
+     */
+    async forceRefreshPublicKey() {
+        console.info('[EncryptionService] Forzando refresco de llave RSA por solicitud del interceptor.');
+        this.publicKey.set(null);
+        localStorage.removeItem(this.CACHE_KEY);
+        return this.getPublicKey();
+    }
+    /**
+     * Encriptación Híbrida (RSA + AES-256-CBC)
+     */
+    async encryptHybrid(data) {
+        const pubKey = await this.getPublicKey();
+        // 1. Generar Key (32 bytes) e IV (16 bytes)
+        const aesKey = CryptoJS.lib.WordArray.random(32);
+        const aesIv = CryptoJS.lib.WordArray.random(16);
+        // 2. Preparar payload con timestamp (Unix Epoch)
+        const timestamp = Math.floor((this.reloj.timestamp() || Date.now()) / 1000);
+        const bodyToEncrypt = typeof data === 'object' && data !== null ? { ...data, timestamp } : { data, timestamp };
+        const plainData = JSON.stringify(bodyToEncrypt);
+        // 3. Cifrar con AES
+        const encryptedPayload = CryptoJS.AES.encrypt(plainData, aesKey, {
+            iv: aesIv,
+            mode: CryptoJS.mode.CBC,
+            padding: CryptoJS.pad.Pkcs7
+        });
+        // 4. Concatenar Key + IV (48 bytes) y cifrar con RSA
+        const combinedBytes = aesKey.concat(aesIv);
+        const combinedLatin1 = combinedBytes.toString(CryptoJS.enc.Latin1);
+        const rsa = new JSEncrypt();
+        rsa.setPublicKey(pubKey);
+        const encryptedKeys = rsa.encrypt(combinedLatin1);
+        if (!encryptedKeys) {
+            throw new Error('Fallo en cifrado RSA (Llave posiblemente inválida).');
+        }
+        return {
+            payload: encryptedPayload.toString(),
+            keys: encryptedKeys
+        };
+    }
+    setPublicKey(key) {
+        this.publicKey.set(key);
+        localStorage.setItem(this.CACHE_KEY, key);
+    }
+    loadCachedPublicKey() {
+        const cached = localStorage.getItem(this.CACHE_KEY);
+        if (cached) {
+            this.publicKey.set(cached);
+        }
+    }
+    escucharCambiosOtrasPestanas() {
+        window.addEventListener('storage', (event) => {
+            if (event.key === this.CACHE_KEY) {
+                if (event.newValue) {
+                    this.publicKey.set(event.newValue);
+                }
+                else {
+                    this.publicKey.set(null);
+                }
+            }
+        });
+    }
+    static ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.14", ngImport: i0, type: EncryptionService, deps: [], target: i0.ɵɵFactoryTarget.Injectable });
+    static ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.14", ngImport: i0, type: EncryptionService, providedIn: 'root' });
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.14", ngImport: i0, type: EncryptionService, decorators: [{
+            type: Injectable,
+            args: [{
+                    providedIn: 'root'
+                }]
+        }], ctorParameters: () => [] });
+
 /*
  * Public API Surface of utils services
  */
@@ -101,5 +227,5 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.14", ngImpo
  * Generated bundle index. Do not edit.
  */
 
-export { RelojService };
+export { ENCRYPTION_CONFIG, EncryptionService, RelojService };
 //# sourceMappingURL=jvsoft-utils-services.mjs.map

package/fesm2022/jvsoft-utils-services.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"jvsoft-utils-services.mjs","sources":["../../../projects/utils/services/reloj.service.ts","../../../projects/utils/services/public-api.ts","../../../projects/utils/services/jvsoft-utils-services.ts"],"sourcesContent":["import { computed, Injectable, signal } from '@angular/core';\nimport { format } from 'date-fns';\n\n@Injectable({\n  providedIn: 'root'\n})\nexport class RelojService {\n  // El offset es la diferencia: ServerTime - LocalTime (performance.now())\n  private readonly offset = signal<number>(0);\n  private readonly STORAGE_KEY = 'srv_clock_offset';\n  \n  // Signal que cambia cada segundo para forzar la reactividad del reloj\n  private readonly ticker = signal<number>(0);\n\n  // Hora actual calculada basándose en performance.now() para evitar drift y suspensión\n  readonly timestamp = computed(() => {\n    this.ticker(); // Dependencia reactiva para que el computed se ejecute cada segundo\n    // performance.now() es monotónico, Date.now() es manipulable por el usuario\n    // Usamos Date.now() inicialmente pero ajustado por el offset calculado\n    return Date.now() + this.offset();\n  });\n\n  readonly date = computed(() => new Date(this.timestamp()));\n\n  readonly dateTime = computed(() => {\n    return format(this.date(), \"yyyy-MM-dd'T'HH:mm\");\n  });\n\n  constructor() {\n    this.cargarOffsetInicial();\n    this.escucharCambiosOtrasPestanas();\n    this.iniciarVigilanteWarp();\n    \n    // Iniciar el ticker que mantiene el reloj vivo\n    setInterval(() => {\n      this.ticker.update(n => n + 1);\n    }, 1000);\n  }\n\n  /**\n   * Sincroniza el reloj interno con una hora oficial del servidor.\n   * Calculamos el offset respecto al tiempo local actual.\n   */\n  sincronizar(serverTime: number | string | Date) {\n    const srvTime = new Date(serverTime).getTime();\n    const lclTime = Date.now();\n    const nuevoOffset = srvTime - lclTime;\n\n    this.offset.set(nuevoOffset);\n    localStorage.setItem(this.STORAGE_KEY, nuevoOffset.toString());\n    this.estaSincronizado.set(true);\n  }\n\n  /**\n   * Fuerza que la próxima petición HTTP pida la hora al servidor.\n   * Útil tras reconexiones de socket o detecciones de warp.\n   */\n  forzarSincronizacion() {\n    this.estaSincronizado.set(false);\n  }\n\n  private estaSincronizado = signal<boolean>(false);\n  get sincronizado() { return this.estaSincronizado(); }\n\n  private cargarOffsetInicial() {\n    const guardado = localStorage.getItem(this.STORAGE_KEY);\n    if (guardado) {\n      this.offset.set(parseInt(guardado, 10));\n    }\n  }\n\n  private escucharCambiosOtrasPestanas() {\n    window.addEventListener('storage', (event) => {\n      if (event.key === this.STORAGE_KEY && event.newValue) {\n        this.offset.set(parseInt(event.newValue, 10));\n      }\n    });\n  }\n\n  /**\n   * Monitoriza saltos bruscos en el tiempo (suspensión o cambio manual de hora).\n   * Si detectamos un \"warp\", podríamos pedir una sincronización forzada.\n   */\n  private iniciarVigilanteWarp() {\n    let lastPerformance = performance.now();\n    let lastDate = Date.now();\n\n    setInterval(() => {\n      const currentPerformance = performance.now();\n      const currentDate = Date.now();\n\n      const perfDelta = currentPerformance - lastPerformance;\n      const dateDelta = currentDate - lastDate;\n\n      // Si la diferencia entre deltas es mayor a 2s (ajustable), hubo un warp\n      if (Math.abs(perfDelta - dateDelta) > 2000) {\n        console.warn('[RelojService] Salto temporal detectado (Warp). Se recomienda sincronizar.');\n        this.forzarSincronizacion();\n      }\n\n      lastPerformance = currentPerformance;\n      lastDate = currentDate;\n    }, 5000);\n  }\n}\n","/*\n * Public API Surface of utils services\n */\nexport * from './reloj.service';\n","/**\n * Generated bundle index. Do not edit.\n */\n\nexport * from './public-api';\n"],"names":[],"mappings":";;;;MAMa,YAAY,CAAA;;AAEN,IAAA,MAAM,GAAG,MAAM,CAAS,CAAC,CAAC;IAC1B,WAAW,GAAG,kBAAkB;;AAGhC,IAAA,MAAM,GAAG,MAAM,CAAS,CAAC,CAAC;;AAGlC,IAAA,SAAS,GAAG,QAAQ,CAAC,MAAK;AACjC,QAAA,IAAI,CAAC,MAAM,EAAE,CAAC;;;QAGd,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE;AACnC,KAAC,CAAC;AAEO,IAAA,IAAI,GAAG,QAAQ,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;AAEjD,IAAA,QAAQ,GAAG,QAAQ,CAAC,MAAK;QAChC,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,oBAAoB,CAAC;AAClD,KAAC,CAAC;AAEF,IAAA,WAAA,GAAA;QACE,IAAI,CAAC,mBAAmB,EAAE;QAC1B,IAAI,CAAC,4BAA4B,EAAE;QACnC,IAAI,CAAC,oBAAoB,EAAE;;QAG3B,WAAW,CAAC,MAAK;AACf,YAAA,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;SAC/B,EAAE,IAAI,CAAC;;AAGV;;;AAGG;AACH,IAAA,WAAW,CAAC,UAAkC,EAAA;QAC5C,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE;AAC9C,QAAA,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE;AAC1B,QAAA,MAAM,WAAW,GAAG,OAAO,GAAG,OAAO;AAErC,QAAA,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC;AAC5B,QAAA,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,QAAQ,EAAE,CAAC;AAC9D,QAAA,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC;;AAGjC;;;AAGG;IACH,oBAAoB,GAAA;AAClB,QAAA,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC;;AAG1B,IAAA,gBAAgB,GAAG,MAAM,CAAU,KAAK,CAAC;IACjD,IAAI,YAAY,KAAK,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;IAE5C,mBAAmB,GAAA;QACzB,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC;QACvD,IAAI,QAAQ,EAAE;AACZ,YAAA,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;;;IAInC,4BAA4B,GAAA;QAClC,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,CAAC,KAAK,KAAI;AAC3C,YAAA,IAAI,KAAK,CAAC,GAAG,KAAK,IAAI,CAAC,WAAW,IAAI,KAAK,CAAC,QAAQ,EAAE;AACpD,gBAAA,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;;AAEjD,SAAC,CAAC;;AAGJ;;;AAGG;IACK,oBAAoB,GAAA;AAC1B,QAAA,IAAI,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE;AACvC,QAAA,IAAI,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE;QAEzB,WAAW,CAAC,MAAK;AACf,YAAA,MAAM,kBAAkB,GAAG,WAAW,CAAC,GAAG,EAAE;AAC5C,YAAA,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE;AAE9B,YAAA,MAAM,SAAS,GAAG,kBAAkB,GAAG,eAAe;AACtD,YAAA,MAAM,SAAS,GAAG,WAAW,GAAG,QAAQ;;YAGxC,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,GAAG,SAAS,CAAC,GAAG,IAAI,EAAE;AAC1C,gBAAA,OAAO,CAAC,IAAI,CAAC,4EAA4E,CAAC;gBAC1F,IAAI,CAAC,oBAAoB,EAAE;;YAG7B,eAAe,GAAG,kBAAkB;YACpC,QAAQ,GAAG,WAAW;SACvB,EAAE,IAAI,CAAC;;wGAhGC,YAAY,EAAA,IAAA,EAAA,EAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA;AAAZ,IAAA,OAAA,KAAA,GAAA,EAAA,CAAA,qBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,YAAY,cAFX,MAAM,EAAA,CAAA;;4FAEP,YAAY,EAAA,UAAA,EAAA,CAAA;kBAHxB,UAAU;AAAC,YAAA,IAAA,EAAA,CAAA;AACV,oBAAA,UAAU,EAAE;AACb,iBAAA;;;ACLD;;AAEG;;ACFH;;AAEG;;;;"}
+{"version":3,"file":"jvsoft-utils-services.mjs","sources":["../../../projects/utils/services/reloj.service.ts","../../../projects/utils/services/encryption.service.ts","../../../projects/utils/services/public-api.ts","../../../projects/utils/services/jvsoft-utils-services.ts"],"sourcesContent":["import { computed, Injectable, signal } from '@angular/core';\nimport { format } from 'date-fns';\n\n@Injectable({\n  providedIn: 'root'\n})\nexport class RelojService {\n  // El offset es la diferencia: ServerTime - LocalTime (performance.now())\n  private readonly offset = signal<number>(0);\n  private readonly STORAGE_KEY = 'srv_clock_offset';\n  \n  // Signal que cambia cada segundo para forzar la reactividad del reloj\n  private readonly ticker = signal<number>(0);\n\n  // Hora actual calculada basándose en performance.now() para evitar drift y suspensión\n  readonly timestamp = computed(() => {\n    this.ticker(); // Dependencia reactiva para que el computed se ejecute cada segundo\n    // performance.now() es monotónico, Date.now() es manipulable por el usuario\n    // Usamos Date.now() inicialmente pero ajustado por el offset calculado\n    return Date.now() + this.offset();\n  });\n\n  readonly date = computed(() => new Date(this.timestamp()));\n\n  readonly dateTime = computed(() => {\n    return format(this.date(), \"yyyy-MM-dd'T'HH:mm\");\n  });\n\n  constructor() {\n    this.cargarOffsetInicial();\n    this.escucharCambiosOtrasPestanas();\n    this.iniciarVigilanteWarp();\n    \n    // Iniciar el ticker que mantiene el reloj vivo\n    setInterval(() => {\n      this.ticker.update(n => n + 1);\n    }, 1000);\n  }\n\n  /**\n   * Sincroniza el reloj interno con una hora oficial del servidor.\n   * Calculamos el offset respecto al tiempo local actual.\n   */\n  sincronizar(serverTime: number | string | Date) {\n    const srvTime = new Date(serverTime).getTime();\n    const lclTime = Date.now();\n    const nuevoOffset = srvTime - lclTime;\n\n    this.offset.set(nuevoOffset);\n    localStorage.setItem(this.STORAGE_KEY, nuevoOffset.toString());\n    this.estaSincronizado.set(true);\n  }\n\n  /**\n   * Fuerza que la próxima petición HTTP pida la hora al servidor.\n   * Útil tras reconexiones de socket o detecciones de warp.\n   */\n  forzarSincronizacion() {\n    this.estaSincronizado.set(false);\n  }\n\n  private estaSincronizado = signal<boolean>(false);\n  get sincronizado() { return this.estaSincronizado(); }\n\n  private cargarOffsetInicial() {\n    const guardado = localStorage.getItem(this.STORAGE_KEY);\n    if (guardado) {\n      this.offset.set(parseInt(guardado, 10));\n    }\n  }\n\n  private escucharCambiosOtrasPestanas() {\n    window.addEventListener('storage', (event) => {\n      if (event.key === this.STORAGE_KEY && event.newValue) {\n        this.offset.set(parseInt(event.newValue, 10));\n      }\n    });\n  }\n\n  /**\n   * Monitoriza saltos bruscos en el tiempo (suspensión o cambio manual de hora).\n   * Si detectamos un \"warp\", podríamos pedir una sincronización forzada.\n   */\n  private iniciarVigilanteWarp() {\n    let lastPerformance = performance.now();\n    let lastDate = Date.now();\n\n    setInterval(() => {\n      const currentPerformance = performance.now();\n      const currentDate = Date.now();\n\n      const perfDelta = currentPerformance - lastPerformance;\n      const dateDelta = currentDate - lastDate;\n\n      // Si la diferencia entre deltas es mayor a 2s (ajustable), hubo un warp\n      if (Math.abs(perfDelta - dateDelta) > 2000) {\n        console.warn('[RelojService] Salto temporal detectado (Warp). Se recomienda sincronizar.');\n        this.forzarSincronizacion();\n      }\n\n      lastPerformance = currentPerformance;\n      lastDate = currentDate;\n    }, 5000);\n  }\n}\n","import { Injectable, inject, signal, InjectionToken } from '@angular/core';\nimport { HttpClient } from '@angular/common/http';\nimport { firstValueFrom } from 'rxjs';\nimport { catchError, map } from 'rxjs/operators';\nimport * as CryptoJS from 'crypto-js';\nimport JSEncrypt from 'jsencrypt';\nimport { RelojService } from './reloj.service';\n\nexport interface EncryptedPayload {\n  payload: string;\n  keys: string;\n}\n\nexport interface EncryptionConfig {\n  publicKeyUrl?: string;\n}\n\nexport const ENCRYPTION_CONFIG = new InjectionToken<EncryptionConfig>('ENCRYPTION_CONFIG');\n\n@Injectable({\n  providedIn: 'root'\n})\nexport class EncryptionService {\n  private readonly http = inject(HttpClient);\n  private readonly reloj = inject(RelojService);\n  private readonly config = inject(ENCRYPTION_CONFIG, { optional: true });\n  \n  private readonly PUBLIC_KEY_URL = this.config?.publicKeyUrl ?? '/api/auth/public-key';\n  private readonly CACHE_KEY = 'jvs_rsa_public_key';\n  \n  private publicKey = signal<string | null>(null);\n  private pendingFetch?: Promise<string>;\n\n  constructor() {\n    this.loadCachedPublicKey();\n    this.escucharCambiosOtrasPestanas();\n  }\n\n  /**\n   * Obtiene la llave pública del servidor.\n   * Utiliza la Signal (RAM) primariamente, luego localStorage.\n   * Maneja peticiones concurrentes de forma que solo se dispare una descarga.\n   */\n  async getPublicKey(): Promise<string> {\n    const current = this.publicKey();\n    if (current) {\n      return current;\n    }\n\n    if (this.pendingFetch) {\n      return this.pendingFetch;\n    }\n\n    this.pendingFetch = firstValueFrom(\n      this.http.get<{ publicKey?: string; public_key?: string }>(this.PUBLIC_KEY_URL).pipe(\n        map(res => {\n          const key = res.publicKey || res.public_key;\n          if (!key) throw new Error('Respuesta inválida del servidor (Falta publicKey/public_key).');\n          this.setPublicKey(key);\n          return key;\n        }),\n        catchError(err => {\n          this.pendingFetch = undefined;\n          console.error('[EncryptionService] Error al obtener llave pública:', err);\n          throw err;\n        })\n      )\n    );\n\n    try {\n      const key = await this.pendingFetch;\n      this.pendingFetch = undefined;\n      return key;\n    } catch {\n      this.pendingFetch = undefined;\n      throw new Error('No se pudo establecer el canal seguro (RSA Key Fallback).');\n    }\n  }\n\n  /**\n   * Fuerza la limpieza del caché y descarga una nueva llave.\n   * Útil para auto-saneamiento cuando el backend reporta error de desencriptación.\n   */\n  async forceRefreshPublicKey(): Promise<string> {\n    console.info('[EncryptionService] Forzando refresco de llave RSA por solicitud del interceptor.');\n    this.publicKey.set(null);\n    localStorage.removeItem(this.CACHE_KEY);\n    return this.getPublicKey();\n  }\n\n  /**\n   * Encriptación Híbrida (RSA + AES-256-CBC)\n   */\n  async encryptHybrid(data: any): Promise<EncryptedPayload> {\n    const pubKey = await this.getPublicKey();\n\n    // 1. Generar Key (32 bytes) e IV (16 bytes)\n    const aesKey = CryptoJS.lib.WordArray.random(32);\n    const aesIv = CryptoJS.lib.WordArray.random(16);\n\n    // 2. Preparar payload con timestamp (Unix Epoch)\n    const timestamp = Math.floor((this.reloj.timestamp() || Date.now()) / 1000);\n    const bodyToEncrypt = typeof data === 'object' && data !== null ? { ...data, timestamp } : { data, timestamp };\n    const plainData = JSON.stringify(bodyToEncrypt);\n\n    // 3. Cifrar con AES\n    const encryptedPayload = CryptoJS.AES.encrypt(plainData, aesKey, {\n      iv: aesIv,\n      mode: CryptoJS.mode.CBC,\n      padding: CryptoJS.pad.Pkcs7\n    });\n\n    // 4. Concatenar Key + IV (48 bytes) y cifrar con RSA\n    const combinedBytes = aesKey.concat(aesIv);\n    const combinedLatin1 = combinedBytes.toString(CryptoJS.enc.Latin1);\n\n    const rsa = new JSEncrypt();\n    rsa.setPublicKey(pubKey);\n    const encryptedKeys = rsa.encrypt(combinedLatin1);\n\n    if (!encryptedKeys) {\n      throw new Error('Fallo en cifrado RSA (Llave posiblemente inválida).');\n    }\n\n    return {\n      payload: encryptedPayload.toString(),\n      keys: encryptedKeys\n    };\n  }\n\n  private setPublicKey(key: string) {\n    this.publicKey.set(key);\n    localStorage.setItem(this.CACHE_KEY, key);\n  }\n\n  private loadCachedPublicKey() {\n    const cached = localStorage.getItem(this.CACHE_KEY);\n    if (cached) {\n      this.publicKey.set(cached);\n    }\n  }\n\n  private escucharCambiosOtrasPestanas() {\n    window.addEventListener('storage', (event) => {\n      if (event.key === this.CACHE_KEY) {\n        if (event.newValue) {\n          this.publicKey.set(event.newValue);\n        } else {\n          this.publicKey.set(null);\n        }\n      }\n    });\n  }\n}\n","/*\n * Public API Surface of utils services\n */\nexport * from './reloj.service';\nexport * from './encryption.service';\n","/**\n * Generated bundle index. Do not edit.\n */\n\nexport * from './public-api';\n"],"names":[],"mappings":";;;;;;;;;MAMa,YAAY,CAAA;;AAEN,IAAA,MAAM,GAAG,MAAM,CAAS,CAAC,CAAC;IAC1B,WAAW,GAAG,kBAAkB;;AAGhC,IAAA,MAAM,GAAG,MAAM,CAAS,CAAC,CAAC;;AAGlC,IAAA,SAAS,GAAG,QAAQ,CAAC,MAAK;AACjC,QAAA,IAAI,CAAC,MAAM,EAAE,CAAC;;;QAGd,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE;AACnC,KAAC,CAAC;AAEO,IAAA,IAAI,GAAG,QAAQ,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;AAEjD,IAAA,QAAQ,GAAG,QAAQ,CAAC,MAAK;QAChC,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,oBAAoB,CAAC;AAClD,KAAC,CAAC;AAEF,IAAA,WAAA,GAAA;QACE,IAAI,CAAC,mBAAmB,EAAE;QAC1B,IAAI,CAAC,4BAA4B,EAAE;QACnC,IAAI,CAAC,oBAAoB,EAAE;;QAG3B,WAAW,CAAC,MAAK;AACf,YAAA,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;SAC/B,EAAE,IAAI,CAAC;;AAGV;;;AAGG;AACH,IAAA,WAAW,CAAC,UAAkC,EAAA;QAC5C,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE;AAC9C,QAAA,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE;AAC1B,QAAA,MAAM,WAAW,GAAG,OAAO,GAAG,OAAO;AAErC,QAAA,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC;AAC5B,QAAA,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,QAAQ,EAAE,CAAC;AAC9D,QAAA,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC;;AAGjC;;;AAGG;IACH,oBAAoB,GAAA;AAClB,QAAA,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC;;AAG1B,IAAA,gBAAgB,GAAG,MAAM,CAAU,KAAK,CAAC;IACjD,IAAI,YAAY,KAAK,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;IAE5C,mBAAmB,GAAA;QACzB,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC;QACvD,IAAI,QAAQ,EAAE;AACZ,YAAA,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;;;IAInC,4BAA4B,GAAA;QAClC,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,CAAC,KAAK,KAAI;AAC3C,YAAA,IAAI,KAAK,CAAC,GAAG,KAAK,IAAI,CAAC,WAAW,IAAI,KAAK,CAAC,QAAQ,EAAE;AACpD,gBAAA,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;;AAEjD,SAAC,CAAC;;AAGJ;;;AAGG;IACK,oBAAoB,GAAA;AAC1B,QAAA,IAAI,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE;AACvC,QAAA,IAAI,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE;QAEzB,WAAW,CAAC,MAAK;AACf,YAAA,MAAM,kBAAkB,GAAG,WAAW,CAAC,GAAG,EAAE;AAC5C,YAAA,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE;AAE9B,YAAA,MAAM,SAAS,GAAG,kBAAkB,GAAG,eAAe;AACtD,YAAA,MAAM,SAAS,GAAG,WAAW,GAAG,QAAQ;;YAGxC,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,GAAG,SAAS,CAAC,GAAG,IAAI,EAAE;AAC1C,gBAAA,OAAO,CAAC,IAAI,CAAC,4EAA4E,CAAC;gBAC1F,IAAI,CAAC,oBAAoB,EAAE;;YAG7B,eAAe,GAAG,kBAAkB;YACpC,QAAQ,GAAG,WAAW;SACvB,EAAE,IAAI,CAAC;;wGAhGC,YAAY,EAAA,IAAA,EAAA,EAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA;AAAZ,IAAA,OAAA,KAAA,GAAA,EAAA,CAAA,qBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,YAAY,cAFX,MAAM,EAAA,CAAA;;4FAEP,YAAY,EAAA,UAAA,EAAA,CAAA;kBAHxB,UAAU;AAAC,YAAA,IAAA,EAAA,CAAA;AACV,oBAAA,UAAU,EAAE;AACb,iBAAA;;;MCYY,iBAAiB,GAAG,IAAI,cAAc,CAAmB,mBAAmB;MAK5E,iBAAiB,CAAA;AACX,IAAA,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC;AACzB,IAAA,KAAK,GAAG,MAAM,CAAC,YAAY,CAAC;IAC5B,MAAM,GAAG,MAAM,CAAC,iBAAiB,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAEtD,cAAc,GAAG,IAAI,CAAC,MAAM,EAAE,YAAY,IAAI,sBAAsB;IACpE,SAAS,GAAG,oBAAoB;AAEzC,IAAA,SAAS,GAAG,MAAM,CAAgB,IAAI,CAAC;AACvC,IAAA,YAAY;AAEpB,IAAA,WAAA,GAAA;QACE,IAAI,CAAC,mBAAmB,EAAE;QAC1B,IAAI,CAAC,4BAA4B,EAAE;;AAGrC;;;;AAIG;AACH,IAAA,MAAM,YAAY,GAAA;AAChB,QAAA,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE;QAChC,IAAI,OAAO,EAAE;AACX,YAAA,OAAO,OAAO;;AAGhB,QAAA,IAAI,IAAI,CAAC,YAAY,EAAE;YACrB,OAAO,IAAI,CAAC,YAAY;;QAG1B,IAAI,CAAC,YAAY,GAAG,cAAc,CAChC,IAAI,CAAC,IAAI,CAAC,GAAG,CAA8C,IAAI,CAAC,cAAc,CAAC,CAAC,IAAI,CAClF,GAAG,CAAC,GAAG,IAAG;YACR,MAAM,GAAG,GAAG,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,UAAU;AAC3C,YAAA,IAAI,CAAC,GAAG;AAAE,gBAAA,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC;AAC1F,YAAA,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;AACtB,YAAA,OAAO,GAAG;AACZ,SAAC,CAAC,EACF,UAAU,CAAC,GAAG,IAAG;AACf,YAAA,IAAI,CAAC,YAAY,GAAG,SAAS;AAC7B,YAAA,OAAO,CAAC,KAAK,CAAC,qDAAqD,EAAE,GAAG,CAAC;AACzE,YAAA,MAAM,GAAG;SACV,CAAC,CACH,CACF;AAED,QAAA,IAAI;AACF,YAAA,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY;AACnC,YAAA,IAAI,CAAC,YAAY,GAAG,SAAS;AAC7B,YAAA,OAAO,GAAG;;AACV,QAAA,MAAM;AACN,YAAA,IAAI,CAAC,YAAY,GAAG,SAAS;AAC7B,YAAA,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC;;;AAIhF;;;AAGG;AACH,IAAA,MAAM,qBAAqB,GAAA;AACzB,QAAA,OAAO,CAAC,IAAI,CAAC,mFAAmF,CAAC;AACjG,QAAA,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC;AACxB,QAAA,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;AACvC,QAAA,OAAO,IAAI,CAAC,YAAY,EAAE;;AAG5B;;AAEG;IACH,MAAM,aAAa,CAAC,IAAS,EAAA;AAC3B,QAAA,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE;;AAGxC,QAAA,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;AAChD,QAAA,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;;QAG/C,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC;QAC3E,MAAM,aAAa,GAAG,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,GAAG,EAAE,GAAG,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE;QAC9G,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC;;QAG/C,MAAM,gBAAgB,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE;AAC/D,YAAA,EAAE,EAAE,KAAK;AACT,YAAA,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,GAAG;AACvB,YAAA,OAAO,EAAE,QAAQ,CAAC,GAAG,CAAC;AACvB,SAAA,CAAC;;QAGF,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC;AAC1C,QAAA,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC;AAElE,QAAA,MAAM,GAAG,GAAG,IAAI,SAAS,EAAE;AAC3B,QAAA,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC;QACxB,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;QAEjD,IAAI,CAAC,aAAa,EAAE;AAClB,YAAA,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC;;QAGxE,OAAO;AACL,YAAA,OAAO,EAAE,gBAAgB,CAAC,QAAQ,EAAE;AACpC,YAAA,IAAI,EAAE;SACP;;AAGK,IAAA,YAAY,CAAC,GAAW,EAAA;AAC9B,QAAA,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC;QACvB,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC;;IAGnC,mBAAmB,GAAA;QACzB,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC;QACnD,IAAI,MAAM,EAAE;AACV,YAAA,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC;;;IAItB,4BAA4B,GAAA;QAClC,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,CAAC,KAAK,KAAI;YAC3C,IAAI,KAAK,CAAC,GAAG,KAAK,IAAI,CAAC,SAAS,EAAE;AAChC,gBAAA,IAAI,KAAK,CAAC,QAAQ,EAAE;oBAClB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC;;qBAC7B;AACL,oBAAA,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC;;;AAG9B,SAAC,CAAC;;wGAjIO,iBAAiB,EAAA,IAAA,EAAA,EAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA;AAAjB,IAAA,OAAA,KAAA,GAAA,EAAA,CAAA,qBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,iBAAiB,cAFhB,MAAM,EAAA,CAAA;;4FAEP,iBAAiB,EAAA,UAAA,EAAA,CAAA;kBAH7B,UAAU;AAAC,YAAA,IAAA,EAAA,CAAA;AACV,oBAAA,UAAU,EAAE;AACb,iBAAA;;;ACrBD;;AAEG;;ACFH;;AAEG;;;;"}

package/fesm2022/jvsoft-utils.mjs

@@ -1,23 +1,24 @@
 import { Validators, FormGroup, FormControl, FormArray, NG_VALIDATORS, NgControl, FormControlName } from '@angular/forms';
 import * as i0 from '@angular/core';
-import { inject, DestroyRef, Pipe, input, forwardRef, Directive, computed, Component, TemplateRef, Injectable, ElementRef, ViewContainerRef, HostListener, output, effect, untracked, signal } from '@angular/core';
+import { inject, DestroyRef, Pipe, input, forwardRef, Directive, computed, Component, TemplateRef, Injectable, ElementRef, ViewContainerRef, HostListener, output, effect, untracked, signal, InjectionToken } from '@angular/core';
 import { takeUntilDestroyed } from '@angular/core/rxjs-interop';
-import { tap, startWith, debounceTime, isObservable, switchMap, of, finalize, Subject, merge, distinctUntilChanged, map as map$1 } from 'rxjs';
-import { map } from 'rxjs/operators';
+import { tap, startWith, debounceTime, isObservable, switchMap, of, finalize, Subject, merge, distinctUntilChanged, map as map$1, firstValueFrom, from, throwError, catchError as catchError$1 } from 'rxjs';
+import { map, catchError } from 'rxjs/operators';
 import { Buffer } from 'buffer';
-import CryptoJS from 'crypto-js';
+import * as CryptoJS from 'crypto-js';
+import CryptoJS__default from 'crypto-js';
 import * as i1$1 from '@angular/common';
 import { formatDate, CommonModule } from '@angular/common';
 import { saveAs } from 'file-saver';
-import { ReactiveFormConfig } from '@rxweb/reactive-form-validators';
-import moment from 'moment';
+import { format, differenceInSeconds } from 'date-fns';
 import swal from 'sweetalert2';
 import { jwtDecode } from 'jwt-decode';
 import * as i1 from '@angular/platform-browser';
 import { Overlay, OverlayPositionBuilder } from '@angular/cdk/overlay';
 import { ComponentPortal } from '@angular/cdk/portal';
 import { ToastrService } from 'ngx-toastr';
-import { format } from 'date-fns';
+import { HttpClient } from '@angular/common/http';
+import JSEncrypt from 'jsencrypt';
 
 function deepMerge(source, target) {
     // Crea un clon profundo sin usar JSON.parse(JSON.stringify)
@@ -759,25 +760,25 @@ function getBrowserName() {
 // import * as CryptoJS from 'crypto-js';
 // var CryptoJS = require("crypto-js");
 // Clave secreta (debe ser de 16, 24 o 32 caracteres)
-const secretKey = CryptoJS.enc.Utf8.parse('JVSoftSecret@20615178350');
-const iv = CryptoJS.enc.Utf8.parse('AnSalHuaJVSoft07'); // Debe ser de 16 bytes
+const secretKey = CryptoJS__default.enc.Utf8.parse('JVSoftSecret@20615178350');
+const iv = CryptoJS__default.enc.Utf8.parse('AnSalHuaJVSoft07'); // Debe ser de 16 bytes
 // Función para encriptar texto
 function encriptar(text) {
-    const encrypted = CryptoJS.AES.encrypt(text, secretKey, {
+    const encrypted = CryptoJS__default.AES.encrypt(text, secretKey, {
         iv: iv,
-        mode: CryptoJS.mode.CBC,
-        padding: CryptoJS.pad.Pkcs7,
+        mode: CryptoJS__default.mode.CBC,
+        padding: CryptoJS__default.pad.Pkcs7,
     });
     return encrypted.toString(); // Texto cifrado en Base64
 }
 // Función para desencriptar texto
 function desencriptar(ciphertext) {
-    const decrypted = CryptoJS.AES.decrypt(ciphertext, secretKey, {
+    const decrypted = CryptoJS__default.AES.decrypt(ciphertext, secretKey, {
         iv: iv,
-        mode: CryptoJS.mode.CBC,
-        padding: CryptoJS.pad.Pkcs7,
+        mode: CryptoJS__default.mode.CBC,
+        padding: CryptoJS__default.pad.Pkcs7,
     });
-    return decrypted.toString(CryptoJS.enc.Utf8);
+    return decrypted.toString(CryptoJS__default.enc.Utf8);
 }
 
 function formatearFechaFormato(val, format = 'dd/MM/yyyy') {
@@ -1121,15 +1122,6 @@ function getFormValidationErrors(form) {
 function mensajesErrorFormControl(control) {
     if (!control || !control.errors || !control.touched)
         return '';
-    ReactiveFormConfig.set({
-        // RxwebValidators
-        validationMessage: {
-            required: 'Es requerido',
-            numeric: 'Debe ser numérico valido',
-            // minLength: 'minimum length is {{1}}',
-            // maxLength: 'allowed max length is {{1}}',
-        },
-    });
     const errorMessages = {
         required: 'Es requerido',
         numeric: 'Debe ser numérico válido',
@@ -1245,7 +1237,7 @@ function transformarFechasPorNombreDeCampo(formValue) {
         }
         if (value instanceof Date) {
             if (/^d[A-Za-z]+/.test(key)) {
-                retData[key] = moment(value).format('YYYY-MM-DD');
+                retData[key] = format(value, 'yyyy-MM-dd');
             }
             else {
                 retData[key] = new Date(Date.UTC(value.getFullYear(), value.getMonth(), value.getDate(), value.getHours(), value.getMinutes(), value.getSeconds()));
@@ -1525,7 +1517,7 @@ function jwtTokenExpiracion(key = dataSessionStorageKey.tokenStringKey) {
     }
 }
 function jwtTokenExpiracionFaltante() {
-    return Math.abs(moment().diff(jwtTokenExpiracion(), 'seconds'));
+    return Math.abs(differenceInSeconds(new Date(), jwtTokenExpiracion()));
 }
 function setCambiarPwd(accion = true) {
     localStorage.setItem(dataSessionStorageKey.changePasswordKey, (accion ? 1 : 0).toString());
@@ -1723,6 +1715,21 @@ function obtenerHostDesdeUrl(url, options) {
 }
 /** @deprecated Alias compatible (deprecated) — preferir usar `obtenerHostDesdeUrl`. */
 const extraerDominio = (url, options) => obtenerHostDesdeUrl(url, options);
+/**
+ * Genera un hash numérico simple a partir de una cadena (versión ligera de shorthash2).
+ * Útil para generar identificadores únicos deterministas basados en contenido.
+ * @param str Cadena a hashear
+ * @returns Hash alfanumérico en base 36
+ */
+function simpleHash(str) {
+    let hash = 0;
+    for (let i = 0; i < str.length; i++) {
+        const char = str.charCodeAt(i);
+        hash = ((hash << 5) - hash) + char;
+        hash = hash & hash; // Convertir a entero de 32 bits
+    }
+    return Math.abs(hash).toString(36);
+}
 
 function verificarRUC(ruc) {
     const f = [5, 4, 3, 2, 7, 6, 5, 4, 3, 2];
@@ -2738,10 +2745,195 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.14", ngImpo
                 }]
         }], ctorParameters: () => [] });
 
+const ENCRYPTION_CONFIG = new InjectionToken('ENCRYPTION_CONFIG');
+class EncryptionService {
+    http = inject(HttpClient);
+    reloj = inject(RelojService);
+    config = inject(ENCRYPTION_CONFIG, { optional: true });
+    PUBLIC_KEY_URL = this.config?.publicKeyUrl ?? '/api/auth/public-key';
+    CACHE_KEY = 'jvs_rsa_public_key';
+    publicKey = signal(null);
+    pendingFetch;
+    constructor() {
+        this.loadCachedPublicKey();
+        this.escucharCambiosOtrasPestanas();
+    }
+    /**
+     * Obtiene la llave pública del servidor.
+     * Utiliza la Signal (RAM) primariamente, luego localStorage.
+     * Maneja peticiones concurrentes de forma que solo se dispare una descarga.
+     */
+    async getPublicKey() {
+        const current = this.publicKey();
+        if (current) {
+            return current;
+        }
+        if (this.pendingFetch) {
+            return this.pendingFetch;
+        }
+        this.pendingFetch = firstValueFrom(this.http.get(this.PUBLIC_KEY_URL).pipe(map(res => {
+            const key = res.publicKey || res.public_key;
+            if (!key)
+                throw new Error('Respuesta inválida del servidor (Falta publicKey/public_key).');
+            this.setPublicKey(key);
+            return key;
+        }), catchError(err => {
+            this.pendingFetch = undefined;
+            console.error('[EncryptionService] Error al obtener llave pública:', err);
+            throw err;
+        })));
+        try {
+            const key = await this.pendingFetch;
+            this.pendingFetch = undefined;
+            return key;
+        }
+        catch {
+            this.pendingFetch = undefined;
+            throw new Error('No se pudo establecer el canal seguro (RSA Key Fallback).');
+        }
+    }
+    /**
+     * Fuerza la limpieza del caché y descarga una nueva llave.
+     * Útil para auto-saneamiento cuando el backend reporta error de desencriptación.
+     */
+    async forceRefreshPublicKey() {
+        console.info('[EncryptionService] Forzando refresco de llave RSA por solicitud del interceptor.');
+        this.publicKey.set(null);
+        localStorage.removeItem(this.CACHE_KEY);
+        return this.getPublicKey();
+    }
+    /**
+     * Encriptación Híbrida (RSA + AES-256-CBC)
+     */
+    async encryptHybrid(data) {
+        const pubKey = await this.getPublicKey();
+        // 1. Generar Key (32 bytes) e IV (16 bytes)
+        const aesKey = CryptoJS.lib.WordArray.random(32);
+        const aesIv = CryptoJS.lib.WordArray.random(16);
+        // 2. Preparar payload con timestamp (Unix Epoch)
+        const timestamp = Math.floor((this.reloj.timestamp() || Date.now()) / 1000);
+        const bodyToEncrypt = typeof data === 'object' && data !== null ? { ...data, timestamp } : { data, timestamp };
+        const plainData = JSON.stringify(bodyToEncrypt);
+        // 3. Cifrar con AES
+        const encryptedPayload = CryptoJS.AES.encrypt(plainData, aesKey, {
+            iv: aesIv,
+            mode: CryptoJS.mode.CBC,
+            padding: CryptoJS.pad.Pkcs7
+        });
+        // 4. Concatenar Key + IV (48 bytes) y cifrar con RSA
+        const combinedBytes = aesKey.concat(aesIv);
+        const combinedLatin1 = combinedBytes.toString(CryptoJS.enc.Latin1);
+        const rsa = new JSEncrypt();
+        rsa.setPublicKey(pubKey);
+        const encryptedKeys = rsa.encrypt(combinedLatin1);
+        if (!encryptedKeys) {
+            throw new Error('Fallo en cifrado RSA (Llave posiblemente inválida).');
+        }
+        return {
+            payload: encryptedPayload.toString(),
+            keys: encryptedKeys
+        };
+    }
+    setPublicKey(key) {
+        this.publicKey.set(key);
+        localStorage.setItem(this.CACHE_KEY, key);
+    }
+    loadCachedPublicKey() {
+        const cached = localStorage.getItem(this.CACHE_KEY);
+        if (cached) {
+            this.publicKey.set(cached);
+        }
+    }
+    escucharCambiosOtrasPestanas() {
+        window.addEventListener('storage', (event) => {
+            if (event.key === this.CACHE_KEY) {
+                if (event.newValue) {
+                    this.publicKey.set(event.newValue);
+                }
+                else {
+                    this.publicKey.set(null);
+                }
+            }
+        });
+    }
+    static ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.14", ngImport: i0, type: EncryptionService, deps: [], target: i0.ɵɵFactoryTarget.Injectable });
+    static ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.14", ngImport: i0, type: EncryptionService, providedIn: 'root' });
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.14", ngImport: i0, type: EncryptionService, decorators: [{
+            type: Injectable,
+            args: [{
+                    providedIn: 'root'
+                }]
+        }], ctorParameters: () => [] });
+
 /*
  * Public API Surface of utils services
  */
 
+/**
+ * Interceptor de Encriptación Híbrida.
+ * Detecta el header 'X-Secure-Request: true'.
+ * Autogestiona la descarga de llaves y reintenta ante errores de desencriptación.
+ */
+const encryptionInterceptor = (req, next) => {
+    const encryptionService = inject(EncryptionService);
+    return executeEncryptionLogic(req, next, encryptionService);
+};
+/**
+ * Lógica interna del interceptor para permitir recursividad/reintentos seguros.
+ */
+function executeEncryptionLogic(req, next, encryptionService) {
+    const isSecure = req.headers.has('X-Secure-Request');
+    const isRaw = req.headers.has('X-Secure-Raw');
+    const isRetry = req.headers.has('X-Encryption-Retry');
+    /**
+     * Capturador de errores de túnel seguro.
+     * Si el servidor reporta 412, refrescamos la llave y reintentamos la petición original.
+     */
+    const handleEncryptionError = (error, originalReq) => {
+        const isDecryptionError = error.status === 412 ||
+            (error.status === 400 && (error.error?.error === 'INVALID_SECURE_TUNNEL' ||
+                error.error?.error === 'Error de desencriptación'));
+        if (isDecryptionError && !isRetry) {
+            console.warn(`[EncryptionInterceptor] Detectado fallo de llave RSA (Status: ${error.status}). Reintentando auto-saneamiento...`);
+            return from(encryptionService.forceRefreshPublicKey()).pipe(switchMap(() => {
+                const retryReq = originalReq.clone({
+                    headers: originalReq.headers.set('X-Encryption-Retry', 'true')
+                });
+                // Llamada recursiva pasando el servicio ya inyectado
+                return executeEncryptionLogic(retryReq, next, encryptionService);
+            }));
+        }
+        return throwError(() => error);
+    };
+    if (!isSecure || !req.body) {
+        return next(req).pipe(catchError$1(error => handleEncryptionError(error, req)));
+    }
+    // Limpiamos los headers de control antes de enviar
+    const cleanHeaders = req.headers
+        .delete('X-Secure-Request')
+        .delete('X-Secure-Raw');
+    // Flujo de encriptación y envío
+    return from(encryptionService.encryptHybrid(req.body)).pipe(switchMap(encryptResult => {
+        let finalReq;
+        if (isRaw) {
+            // MODO HEADER (Raw): Llaves en header jvsenc-hybrid, body es solo el payload string
+            finalReq = req.clone({
+                body: encryptResult.payload,
+                headers: cleanHeaders.set('jvsenc-hybrid', encryptResult.keys)
+            });
+        }
+        else {
+            // MODO BODY (Standard): Body es { payload, keys }
+            finalReq = req.clone({
+                body: encryptResult,
+                headers: cleanHeaders
+            });
+        }
+        return next(finalReq).pipe(catchError$1(error => handleEncryptionError(error, req)));
+    }));
+}
+
 /*
  * Public API Surface of utils
  */
@@ -2750,5 +2942,5 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.14", ngImpo
  * Generated bundle index. Do not edit.
  */
 
-export { AutoSelectFirstDirective, AutocompleteMatchValidatorDirective, DataEnListaPipe, DataModel, DateDiffStringPipe, FiltroPipe, FormControlIsRequiredPipe, JsonParsePipe, JvsAutocompleteDirective, JvsDisplayWithPipe, JvsPopoverDirective, JvsPopoverListenerDirective, JvsPopoverPanelComponent, JvsPopoverService, NoSanitizePipe, RelojService, TipoValorFuncionPipe, ZeroFillPipe, b64Decode, b64Encode, buscarPorCampo, changeSelect, changeSelectApi, changeSelectData, changeSelectDataApi, changeSelectReformateado, convertirBytes, dataEnLista, dateDiffString, decodeBase64Object, decodeBase64String, decodeBase64ToBlob, deepClone, deepMerge, delLocalStorage, desencriptar, devError, devGroup, devGroupEnd, devLog, devTable, devTime, devTimeEnd, devWarn, downLoadFileStream, eliminarColumnaPorIndex, eliminarDuplicados, eliminarElementos, encodeBase64File, encodeBase64Object, encodeBase64String, encriptar, esNumero, esPromise, establecerQuitarRequired, extraerDominio, filtrarDatosLocal, formControlIsRequired, formatearFecha, formatearFechaCadena, formatearFechaFormato, generateRandomString, getBrowserName, getCambiarPwd, getDataArchivoFromPath, getFormValidationErrors, getLocalStorage, getUniqueValues, getUniqueValuesByProperty, getValueByPath, groupBy, inicializarVariablesSessionStorage, isEmail, isProduction, jwtToken, jwtTokenData, jwtTokenExpiracion, jwtTokenExpiracionFaltante, localStorageKeys, markAsTouchedWithoutEmitEvent, maskEmail, mensajeAlerta, mensajeConfirmacion, mensajeTimer, mensajeToast, mensajesDeError, mensajesErrorFormControl, mostrarValorEnBusqueda, nestGroupsBy, numberToWords, objectPropertiesBoolean, objectPropertiesToType, obtenerHostDesdeUrl, obtenerMimeType, obtenerUltimoOrden, ordenarArray, ordenarPorPropiedad, ordenarPorPropiedades, roundToDecimal, sanitizarNombreArchivo, seleccionarTextoInput, setCambiarPwd, setControlDesdeLista, setJwtTokenData, setLocalStorage, setProductionMode, sumarObjetos, sumarPropiedades, tipoValorFuncion, toFormData, transformarFechasPorNombreDeCampo, verificarRUC, zeroFill };
+export { AutoSelectFirstDirective, AutocompleteMatchValidatorDirective, DataEnListaPipe, DataModel, DateDiffStringPipe, ENCRYPTION_CONFIG, EncryptionService, FiltroPipe, FormControlIsRequiredPipe, JsonParsePipe, JvsAutocompleteDirective, JvsDisplayWithPipe, JvsPopoverDirective, JvsPopoverListenerDirective, JvsPopoverPanelComponent, JvsPopoverService, NoSanitizePipe, RelojService, TipoValorFuncionPipe, ZeroFillPipe, b64Decode, b64Encode, buscarPorCampo, changeSelect, changeSelectApi, changeSelectData, changeSelectDataApi, changeSelectReformateado, convertirBytes, dataEnLista, dateDiffString, decodeBase64Object, decodeBase64String, decodeBase64ToBlob, deepClone, deepMerge, delLocalStorage, desencriptar, devError, devGroup, devGroupEnd, devLog, devTable, devTime, devTimeEnd, devWarn, downLoadFileStream, eliminarColumnaPorIndex, eliminarDuplicados, eliminarElementos, encodeBase64File, encodeBase64Object, encodeBase64String, encriptar, encryptionInterceptor, esNumero, esPromise, establecerQuitarRequired, extraerDominio, filtrarDatosLocal, formControlIsRequired, formatearFecha, formatearFechaCadena, formatearFechaFormato, generateRandomString, getBrowserName, getCambiarPwd, getDataArchivoFromPath, getFormValidationErrors, getLocalStorage, getUniqueValues, getUniqueValuesByProperty, getValueByPath, groupBy, inicializarVariablesSessionStorage, isEmail, isProduction, jwtToken, jwtTokenData, jwtTokenExpiracion, jwtTokenExpiracionFaltante, localStorageKeys, markAsTouchedWithoutEmitEvent, maskEmail, mensajeAlerta, mensajeConfirmacion, mensajeTimer, mensajeToast, mensajesDeError, mensajesErrorFormControl, mostrarValorEnBusqueda, nestGroupsBy, numberToWords, objectPropertiesBoolean, objectPropertiesToType, obtenerHostDesdeUrl, obtenerMimeType, obtenerUltimoOrden, ordenarArray, ordenarPorPropiedad, ordenarPorPropiedades, roundToDecimal, sanitizarNombreArchivo, seleccionarTextoInput, setCambiarPwd, setControlDesdeLista, setJwtTokenData, setLocalStorage, setProductionMode, simpleHash, sumarObjetos, sumarPropiedades, tipoValorFuncion, toFormData, transformarFechasPorNombreDeCampo, verificarRUC, zeroFill };
 //# sourceMappingURL=jvsoft-utils.mjs.map