@lifeready/core 0.6.0-beta.1

package/esm2015/lib/cryptography/encryption.service.js

@@ -0,0 +1,189 @@
+import { __awaiter } from "tslib";
+import { LrException, LrErrorCode, LrBadArgumentException, } from './../_common/exceptions';
+import { Injectable } from '@angular/core';
+import { JWE, JWS } from 'node-jose';
+import { TimeService } from '../api/time.service';
+import * as i0 from "@angular/core";
+import * as i1 from "../api/time.service";
+export var JoseSerialization;
+(function (JoseSerialization) {
+    JoseSerialization["JSON"] = "JSON";
+    JoseSerialization["COMPACT"] = "COMPACT";
+})(JoseSerialization || (JoseSerialization = {}));
+export const VERIFY_OPTIONS_DEFAULT = {
+    payloadType: 'json',
+    returnOnlyPayload: true,
+};
+export const DECRYPT_OPTIONS_DEFAULT = {
+    payloadType: 'json',
+    returnOnlyPayload: true,
+    serializations: [JoseSerialization.JSON],
+};
+export function isSymmetricKey(key) {
+    // TODO: make sure this covers all cases.
+    return key.kty === 'oct';
+}
+export function asJwk(key) {
+    // TODO: make sure this covers all cases.
+    // Excluded:
+    //   key.use - only for public keys, Ref: https://tools.ietf.org/html/rfc7517#section-4.2
+    if (key.id && key.jwk) {
+        return key.jwk;
+    }
+    else if (key.keystore && key.length && key.kty && key.kid && key.alg) {
+        return key;
+    }
+    else {
+        return null;
+    }
+}
+export class EncryptionService {
+    constructor(timeService) {
+        this.timeService = timeService;
+    }
+    decrypt(key, // string is assumed to be key.id, will unwrap key.
+    jwe, // string will be JSON.parsed
+    options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const opt = {
+                algorithms: ['dir', 'A*GCM', 'RSA-OAEP-*'],
+            };
+            options = Object.assign(Object.assign({}, DECRYPT_OPTIONS_DEFAULT), options);
+            if (key.jwk) {
+                key = key.jwk;
+            }
+            if (typeof jwe === 'string') {
+                if (options.serializations.includes(JoseSerialization.JSON)) {
+                    try {
+                        jwe = JSON.parse(jwe);
+                    }
+                    catch (error) {
+                        if (options.serializations.includes(JoseSerialization.COMPACT)) {
+                            console.log('Not a JSON-formatted JWE, it maybe compact serialisation format.');
+                        }
+                        else {
+                            throw error;
+                        }
+                    }
+                }
+            }
+            // {result} is a Object with:
+            // *  header: the combined 'protected' and 'unprotected' header members
+            // *  protected: an array of the member names from the "protected" member
+            // *  key: Key used to decrypt
+            // *  payload: Buffer of the decrypted content
+            // *  plaintext: Buffer of the decrypted content (alternate), just a reference to payload
+            const res = yield JWE.createDecrypt(key, opt).decrypt(jwe);
+            res.payload = this.decodePayload(options.payloadType, res.payload);
+            if (options.returnOnlyPayload) {
+                return res.payload;
+            }
+            else {
+                return res;
+            }
+        });
+    }
+    // TODO rename this to encrypt() and use as the most common usecase
+    encryptToString(key, content) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return JSON.stringify(yield this.encrypt(key, content));
+        });
+    }
+    // TODO rename this to encryptToJSON() and use this when required.
+    encrypt(key, content) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!content) {
+                throw new Error('Encrypting empty content.');
+            }
+            if (!(content instanceof ArrayBuffer)) {
+                content = new TextEncoder().encode(JSON.stringify(content));
+            }
+            return JWE.createEncrypt({
+                contentAlg: 'A256GCM',
+                fields: {
+                    timestamp: yield this.timeService.serverNow(),
+                },
+            }, key)
+                .update(content)
+                .final();
+        });
+    }
+    // <AZ> Unlike signContent, the serialised "content" variable is contained inside
+    // the result. So ordering of fields within "content" is not an issue.
+    sign(key, content) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const signer = JWS.createSign({
+                fields: {
+                    timestamp: yield this.timeService.serverNow(),
+                },
+            }, key);
+            if (content instanceof Buffer) {
+                signer.update(content);
+            }
+            else {
+                signer.update(JSON.stringify(content), 'utf8');
+            }
+            return signer.final();
+        });
+    }
+    signToString(key, content) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return JSON.stringify(yield this.sign(key, content));
+        });
+    }
+    verify(key, jws, options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const opt = {
+                algorithms: ['RS*'],
+            };
+            options = Object.assign(Object.assign({}, VERIFY_OPTIONS_DEFAULT), options);
+            try {
+                const res = yield JWS.createVerify(key, opt).verify(jws);
+                res.payload = this.decodePayload(options.payloadType, res.payload);
+                if (options.returnOnlyPayload) {
+                    return res.payload;
+                }
+                else {
+                    return res;
+                }
+            }
+            catch (error) {
+                throw new LrException({
+                    code: LrErrorCode.BadSignature,
+                    message: `Bad signature: ${error}`,
+                });
+            }
+        });
+    }
+    encryptThenSign({ key, sigPrk, }, content) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const cipher = JSON.stringify(yield this.encrypt(key, content));
+            const sig = yield this.sign(sigPrk, cipher);
+            delete sig.payload;
+            return {
+                cipher,
+                sig: JSON.stringify(sig),
+            };
+        });
+    }
+    decodePayload(payloadType, payload) {
+        switch (payloadType) {
+            case 'json':
+                return JSON.parse(new TextDecoder().decode(payload));
+            case 'ArrayBuffer':
+                return payload;
+            default:
+                throw new LrBadArgumentException(`Unknown payloadType: ${payloadType}`);
+        }
+    }
+}
+EncryptionService.ɵprov = i0.ɵɵdefineInjectable({ factory: function EncryptionService_Factory() { return new EncryptionService(i0.ɵɵinject(i1.TimeService)); }, token: EncryptionService, providedIn: "root" });
+EncryptionService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+EncryptionService.ctorParameters = () => [
+    { type: TimeService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW5jcnlwdGlvbi5zZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6IkM6L1Byb2plY3RzL3Rlc3QvcHJvamVjdHMvY29yZS9zcmMvIiwic291cmNlcyI6WyJsaWIvY3J5cHRvZ3JhcGh5L2VuY3J5cHRpb24uc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsT0FBTyxFQUNMLFdBQVcsRUFDWCxXQUFXLEVBQ1gsc0JBQXNCLEdBQ3ZCLE1BQU0seUJBQXlCLENBQUM7QUFDakMsT0FBTyxFQUE0QixVQUFVLEVBQUUsTUFBTSxlQUFlLENBQUM7QUFDckUsT0FBTyxFQUFFLEdBQUcsRUFBTyxHQUFHLEVBQVEsTUFBTSxXQUFXLENBQUM7QUFFaEQsT0FBTyxFQUFFLFdBQVcsRUFBRSxNQUFNLHFCQUFxQixDQUFDOzs7QUFFbEQsTUFBTSxDQUFOLElBQVksaUJBR1g7QUFIRCxXQUFZLGlCQUFpQjtJQUMzQixrQ0FBYSxDQUFBO0lBQ2Isd0NBQW1CLENBQUE7QUFDckIsQ0FBQyxFQUhXLGlCQUFpQixLQUFqQixpQkFBaUIsUUFHNUI7QUFhRCxNQUFNLENBQUMsTUFBTSxzQkFBc0IsR0FBa0I7SUFDbkQsV0FBVyxFQUFFLE1BQU07SUFDbkIsaUJBQWlCLEVBQUUsSUFBSTtDQUN4QixDQUFDO0FBRUYsTUFBTSxDQUFDLE1BQU0sdUJBQXVCLEdBQW1CO0lBQ3JELFdBQVcsRUFBRSxNQUFNO0lBQ25CLGlCQUFpQixFQUFFLElBQUk7SUFDdkIsY0FBYyxFQUFFLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUFDO0NBQ3pDLENBQUM7QUFFRixNQUFNLFVBQVUsY0FBYyxDQUFDLEdBQVk7SUFDekMseUNBQXlDO0lBQ3pDLE9BQU8sR0FBRyxDQUFDLEdBQUcsS0FBSyxLQUFLLENBQUM7QUFDM0IsQ0FBQztBQUVELE1BQU0sVUFBVSxLQUFLLENBQUMsR0FBd0I7SUFDNUMseUNBQXlDO0lBQ3pDLFlBQVk7SUFDWix5RkFBeUY7SUFFekYsSUFBSSxHQUFHLENBQUMsRUFBRSxJQUFJLEdBQUcsQ0FBQyxHQUFHLEVBQUU7UUFDckIsT0FBTyxHQUFHLENBQUMsR0FBRyxDQUFDO0tBQ2hCO1NBQU0sSUFBSSxHQUFHLENBQUMsUUFBUSxJQUFJLEdBQUcsQ0FBQyxNQUFNLElBQUksR0FBRyxDQUFDLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxJQUFJLEdBQUcsQ0FBQyxHQUFHLEVBQUU7UUFDdEUsT0FBTyxHQUFHLENBQUM7S0FDWjtTQUFNO1FBQ0wsT0FBTyxJQUFJLENBQUM7S0FDYjtBQUNILENBQUM7QUFLRCxNQUFNLE9BQU8saUJBQWlCO0lBQzVCLFlBQW9CLFdBQXdCO1FBQXhCLGdCQUFXLEdBQVgsV0FBVyxDQUFhO0lBQUcsQ0FBQztJQUUxQyxPQUFPLENBQ1gsR0FBa0IsRUFBRSxtREFBbUQ7SUFDdkUsR0FBb0IsRUFBRSw2QkFBNkI7SUFDbkQsT0FBd0I7O1lBRXhCLE1BQU0sR0FBRyxHQUFHO2dCQUNWLFVBQVUsRUFBRSxDQUFDLEtBQUssRUFBRSxPQUFPLEVBQUUsWUFBWSxDQUFDO2FBQzNDLENBQUM7WUFFRixPQUFPLG1DQUNGLHVCQUF1QixHQUN2QixPQUFPLENBQ1gsQ0FBQztZQUVGLElBQUssR0FBVyxDQUFDLEdBQUcsRUFBRTtnQkFDcEIsR0FBRyxHQUFJLEdBQVcsQ0FBQyxHQUFHLENBQUM7YUFDeEI7WUFFRCxJQUFJLE9BQU8sR0FBRyxLQUFLLFFBQVEsRUFBRTtnQkFDM0IsSUFBSSxPQUFPLENBQUMsY0FBYyxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsRUFBRTtvQkFDM0QsSUFBSTt3QkFDRixHQUFHLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztxQkFDdkI7b0JBQUMsT0FBTyxLQUFLLEVBQUU7d0JBQ2QsSUFBSSxPQUFPLENBQUMsY0FBYyxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsRUFBRTs0QkFDOUQsT0FBTyxDQUFDLEdBQUcsQ0FDVCxrRUFBa0UsQ0FDbkUsQ0FBQzt5QkFDSDs2QkFBTTs0QkFDTCxNQUFNLEtBQUssQ0FBQzt5QkFDYjtxQkFDRjtpQkFDRjthQUNGO1lBRUQsNkJBQTZCO1lBQzdCLHVFQUF1RTtZQUN2RSx5RUFBeUU7WUFDekUsOEJBQThCO1lBQzlCLDhDQUE4QztZQUM5Qyx5RkFBeUY7WUFDekYsTUFBTSxHQUFHLEdBQUcsTUFBTSxHQUFHLENBQUMsYUFBYSxDQUFDLEdBQWMsRUFBRSxHQUFHLENBQUMsQ0FBQyxPQUFPLENBQzlELEdBQVUsQ0FDWCxDQUFDO1lBRUYsR0FBRyxDQUFDLE9BQU8sR0FBRyxJQUFJLENBQUMsYUFBYSxDQUFDLE9BQU8sQ0FBQyxXQUFXLEVBQUUsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBRW5FLElBQUksT0FBTyxDQUFDLGlCQUFpQixFQUFFO2dCQUM3QixPQUFPLEdBQUcsQ0FBQyxPQUFPLENBQUM7YUFDcEI7aUJBQU07Z0JBQ0wsT0FBTyxHQUFHLENBQUM7YUFDWjtRQUNILENBQUM7S0FBQTtJQUVELG1FQUFtRTtJQUM3RCxlQUFlLENBQ25CLEdBQVksRUFDWixPQUFzQzs7WUFFdEMsT0FBTyxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FBQyxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUMsQ0FBQztRQUMxRCxDQUFDO0tBQUE7SUFFRCxrRUFBa0U7SUFDNUQsT0FBTyxDQUNYLEdBQVksRUFDWixPQUFzQzs7WUFFdEMsSUFBSSxDQUFDLE9BQU8sRUFBRTtnQkFDWixNQUFNLElBQUksS0FBSyxDQUFDLDJCQUEyQixDQUFDLENBQUM7YUFDOUM7WUFFRCxJQUFJLENBQUMsQ0FBQyxPQUFPLFlBQVksV0FBVyxDQUFDLEVBQUU7Z0JBQ3JDLE9BQU8sR0FBRyxJQUFJLFdBQVcsRUFBRSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7YUFDN0Q7WUFFRCxPQUFPLEdBQUcsQ0FBQyxhQUFhLENBQ3RCO2dCQUNFLFVBQVUsRUFBRSxTQUFTO2dCQUNyQixNQUFNLEVBQUU7b0JBQ04sU0FBUyxFQUFFLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxTQUFTLEVBQUU7aUJBQzlDO2FBQ0ssRUFDUixHQUFHLENBQ0o7aUJBQ0UsTUFBTSxDQUFDLE9BQU8sQ0FBQztpQkFDZixLQUFLLEVBQVMsQ0FBQztRQUNwQixDQUFDO0tBQUE7SUFFRCxpRkFBaUY7SUFDakYsc0VBQXNFO0lBQ2hFLElBQUksQ0FBQyxHQUFZLEVBQUUsT0FBaUM7O1lBQ3hELE1BQU0sTUFBTSxHQUFHLEdBQUcsQ0FBQyxVQUFVLENBQzNCO2dCQUNFLE1BQU0sRUFBRTtvQkFDTixTQUFTLEVBQUUsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLFNBQVMsRUFBRTtpQkFDOUM7YUFDRixFQUNELEdBQUcsQ0FDSixDQUFDO1lBRUYsSUFBSSxPQUFPLFlBQVksTUFBTSxFQUFFO2dCQUM3QixNQUFNLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDO2FBQ3hCO2lCQUFNO2dCQUNMLE1BQU0sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsRUFBRSxNQUFNLENBQUMsQ0FBQzthQUNoRDtZQUVELE9BQU8sTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQ3hCLENBQUM7S0FBQTtJQUVLLFlBQVksQ0FDaEIsR0FBWSxFQUNaLE9BQWlDOztZQUVqQyxPQUFPLElBQUksQ0FBQyxTQUFTLENBQUMsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxPQUFPLENBQUMsQ0FBQyxDQUFDO1FBQ3ZELENBQUM7S0FBQTtJQUVLLE1BQU0sQ0FDVixHQUFZLEVBQ1osR0FBVyxFQUNYLE9BQXVCOztZQUV2QixNQUFNLEdBQUcsR0FBRztnQkFDVixVQUFVLEVBQUUsQ0FBQyxLQUFLLENBQUM7YUFDcEIsQ0FBQztZQUVGLE9BQU8sbUNBQ0Ysc0JBQXNCLEdBQ3RCLE9BQU8sQ0FDWCxDQUFDO1lBRUYsSUFBSTtnQkFDRixNQUFNLEdBQUcsR0FBRyxNQUFNLEdBQUcsQ0FBQyxZQUFZLENBQUMsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxHQUFVLENBQUMsQ0FBQztnQkFFaEUsR0FBRyxDQUFDLE9BQU8sR0FBRyxJQUFJLENBQUMsYUFBYSxDQUFDLE9BQU8sQ0FBQyxXQUFXLEVBQUUsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDO2dCQUVuRSxJQUFJLE9BQU8sQ0FBQyxpQkFBaUIsRUFBRTtvQkFDN0IsT0FBTyxHQUFHLENBQUMsT0FBTyxDQUFDO2lCQUNwQjtxQkFBTTtvQkFDTCxPQUFPLEdBQUcsQ0FBQztpQkFDWjthQUNGO1lBQUMsT0FBTyxLQUFLLEVBQUU7Z0JBQ2QsTUFBTSxJQUFJLFdBQVcsQ0FBQztvQkFDcEIsSUFBSSxFQUFFLFdBQVcsQ0FBQyxZQUFZO29CQUM5QixPQUFPLEVBQUUsa0JBQWtCLEtBQUssRUFBRTtpQkFDbkMsQ0FBQyxDQUFDO2FBQ0o7UUFDSCxDQUFDO0tBQUE7SUFFSyxlQUFlLENBQ25CLEVBQ0UsR0FBRyxFQUNILE1BQU0sR0FJUCxFQUNELE9BQXNDOztZQUV0QyxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FBQyxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUMsQ0FBQztZQUNoRSxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBQzVDLE9BQU8sR0FBRyxDQUFDLE9BQU8sQ0FBQztZQUVuQixPQUFPO2dCQUNMLE1BQU07Z0JBQ04sR0FBRyxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDO2FBQ3pCLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFTyxhQUFhLENBQ25CLFdBQXdCLEVBQ3hCLE9BQW9CO1FBRXBCLFFBQVEsV0FBVyxFQUFFO1lBQ25CLEtBQUssTUFBTTtnQkFDVCxPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxXQUFXLEVBQUUsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztZQUN2RCxLQUFLLGFBQWE7Z0JBQ2hCLE9BQU8sT0FBTyxDQUFDO1lBQ2pCO2dCQUNFLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyx3QkFBd0IsV0FBVyxFQUFFLENBQUMsQ0FBQztTQUMzRTtJQUNILENBQUM7Ozs7WUF6TEYsVUFBVSxTQUFDO2dCQUNWLFVBQVUsRUFBRSxNQUFNO2FBQ25COzs7WUFsRFEsV0FBVyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7XHJcbiAgTHJFeGNlcHRpb24sXHJcbiAgTHJFcnJvckNvZGUsXHJcbiAgTHJCYWRBcmd1bWVudEV4Y2VwdGlvbixcclxufSBmcm9tICcuLy4uL19jb21tb24vZXhjZXB0aW9ucyc7XHJcbmltcG9ydCB7IENvbXBvbmVudEZhY3RvcnlSZXNvbHZlciwgSW5qZWN0YWJsZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xyXG5pbXBvcnQgeyBKV0UsIEpXSywgSldTLCB1dGlsIH0gZnJvbSAnbm9kZS1qb3NlJztcclxuaW1wb3J0IHsgS2V5LCBQYXlsb2FkVHlwZSB9IGZyb20gJy4vY3J5cHRvZ3JhcGh5LnR5cGVzJztcclxuaW1wb3J0IHsgVGltZVNlcnZpY2UgfSBmcm9tICcuLi9hcGkvdGltZS5zZXJ2aWNlJztcclxuXHJcbmV4cG9ydCBlbnVtIEpvc2VTZXJpYWxpemF0aW9uIHtcclxuICBKU09OID0gJ0pTT04nLFxyXG4gIENPTVBBQ1QgPSAnQ09NUEFDVCcsXHJcbn1cclxuXHJcbmV4cG9ydCBpbnRlcmZhY2UgVmVyaWZ5T3B0aW9ucyB7XHJcbiAgcGF5bG9hZFR5cGU/OiBQYXlsb2FkVHlwZTtcclxuICByZXR1cm5Pbmx5UGF5bG9hZD86IGJvb2xlYW47IC8vIElmIHRydWUsIHJldHVybiBvbmx5IHRoZSBkZWNvZGVkIHBheWxvYWQuXHJcbn1cclxuXHJcbmV4cG9ydCBpbnRlcmZhY2UgRGVjcnlwdE9wdGlvbnMge1xyXG4gIHBheWxvYWRUeXBlPzogUGF5bG9hZFR5cGU7XHJcbiAgcmV0dXJuT25seVBheWxvYWQ/OiBib29sZWFuOyAvLyBJZiB0cnVlLCByZXR1cm4gb25seSB0aGUgZGVjb2RlZCBwYXlsb2FkLlxyXG4gIHNlcmlhbGl6YXRpb25zPzogSm9zZVNlcmlhbGl6YXRpb25bXTtcclxufVxyXG5cclxuZXhwb3J0IGNvbnN0IFZFUklGWV9PUFRJT05TX0RFRkFVTFQ6IFZlcmlmeU9wdGlvbnMgPSB7XHJcbiAgcGF5bG9hZFR5cGU6ICdqc29uJyxcclxuICByZXR1cm5Pbmx5UGF5bG9hZDogdHJ1ZSxcclxufTtcclxuXHJcbmV4cG9ydCBjb25zdCBERUNSWVBUX09QVElPTlNfREVGQVVMVDogRGVjcnlwdE9wdGlvbnMgPSB7XHJcbiAgcGF5bG9hZFR5cGU6ICdqc29uJyxcclxuICByZXR1cm5Pbmx5UGF5bG9hZDogdHJ1ZSxcclxuICBzZXJpYWxpemF0aW9uczogW0pvc2VTZXJpYWxpemF0aW9uLkpTT05dLFxyXG59O1xyXG5cclxuZXhwb3J0IGZ1bmN0aW9uIGlzU3ltbWV0cmljS2V5KGtleTogSldLLktleSkge1xyXG4gIC8vIFRPRE86IG1ha2Ugc3VyZSB0aGlzIGNvdmVycyBhbGwgY2FzZXMuXHJcbiAgcmV0dXJuIGtleS5rdHkgPT09ICdvY3QnO1xyXG59XHJcblxyXG5leHBvcnQgZnVuY3Rpb24gYXNKd2soa2V5OiBKV0suS2V5IHwgS2V5IHwgYW55KTogSldLLktleSB8IG51bGwge1xyXG4gIC8vIFRPRE86IG1ha2Ugc3VyZSB0aGlzIGNvdmVycyBhbGwgY2FzZXMuXHJcbiAgLy8gRXhjbHVkZWQ6XHJcbiAgLy8gICBrZXkudXNlIC0gb25seSBmb3IgcHVibGljIGtleXMsIFJlZjogaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzc1MTcjc2VjdGlvbi00LjJcclxuXHJcbiAgaWYgKGtleS5pZCAmJiBrZXkuandrKSB7XHJcbiAgICByZXR1cm4ga2V5Lmp3aztcclxuICB9IGVsc2UgaWYgKGtleS5rZXlzdG9yZSAmJiBrZXkubGVuZ3RoICYmIGtleS5rdHkgJiYga2V5LmtpZCAmJiBrZXkuYWxnKSB7XHJcbiAgICByZXR1cm4ga2V5O1xyXG4gIH0gZWxzZSB7XHJcbiAgICByZXR1cm4gbnVsbDtcclxuICB9XHJcbn1cclxuXHJcbkBJbmplY3RhYmxlKHtcclxuICBwcm92aWRlZEluOiAncm9vdCcsXHJcbn0pXHJcbmV4cG9ydCBjbGFzcyBFbmNyeXB0aW9uU2VydmljZSB7XHJcbiAgY29uc3RydWN0b3IocHJpdmF0ZSB0aW1lU2VydmljZTogVGltZVNlcnZpY2UpIHt9XHJcblxyXG4gIGFzeW5jIGRlY3J5cHQoXHJcbiAgICBrZXk6IEpXSy5LZXkgfCBLZXksIC8vIHN0cmluZyBpcyBhc3N1bWVkIHRvIGJlIGtleS5pZCwgd2lsbCB1bndyYXAga2V5LlxyXG4gICAgandlOiBvYmplY3QgfCBzdHJpbmcsIC8vIHN0cmluZyB3aWxsIGJlIEpTT04ucGFyc2VkXHJcbiAgICBvcHRpb25zPzogRGVjcnlwdE9wdGlvbnNcclxuICApOiBQcm9taXNlPEpXRS5EZWNyeXB0UmVzdWx0IHwgYW55PiB7XHJcbiAgICBjb25zdCBvcHQgPSB7XHJcbiAgICAgIGFsZ29yaXRobXM6IFsnZGlyJywgJ0EqR0NNJywgJ1JTQS1PQUVQLSonXSxcclxuICAgIH07XHJcblxyXG4gICAgb3B0aW9ucyA9IHtcclxuICAgICAgLi4uREVDUllQVF9PUFRJT05TX0RFRkFVTFQsXHJcbiAgICAgIC4uLm9wdGlvbnMsXHJcbiAgICB9O1xyXG5cclxuICAgIGlmICgoa2V5IGFzIEtleSkuandrKSB7XHJcbiAgICAgIGtleSA9IChrZXkgYXMgS2V5KS5qd2s7XHJcbiAgICB9XHJcblxyXG4gICAgaWYgKHR5cGVvZiBqd2UgPT09ICdzdHJpbmcnKSB7XHJcbiAgICAgIGlmIChvcHRpb25zLnNlcmlhbGl6YXRpb25zLmluY2x1ZGVzKEpvc2VTZXJpYWxpemF0aW9uLkpTT04pKSB7XHJcbiAgICAgICAgdHJ5IHtcclxuICAgICAgICAgIGp3ZSA9IEpTT04ucGFyc2UoandlKTtcclxuICAgICAgICB9IGNhdGNoIChlcnJvcikge1xyXG4gICAgICAgICAgaWYgKG9wdGlvbnMuc2VyaWFsaXphdGlvbnMuaW5jbHVkZXMoSm9zZVNlcmlhbGl6YXRpb24uQ09NUEFDVCkpIHtcclxuICAgICAgICAgICAgY29uc29sZS5sb2coXHJcbiAgICAgICAgICAgICAgJ05vdCBhIEpTT04tZm9ybWF0dGVkIEpXRSwgaXQgbWF5YmUgY29tcGFjdCBzZXJpYWxpc2F0aW9uIGZvcm1hdC4nXHJcbiAgICAgICAgICAgICk7XHJcbiAgICAgICAgICB9IGVsc2Uge1xyXG4gICAgICAgICAgICB0aHJvdyBlcnJvcjtcclxuICAgICAgICAgIH1cclxuICAgICAgICB9XHJcbiAgICAgIH1cclxuICAgIH1cclxuXHJcbiAgICAvLyB7cmVzdWx0fSBpcyBhIE9iamVjdCB3aXRoOlxyXG4gICAgLy8gKiAgaGVhZGVyOiB0aGUgY29tYmluZWQgJ3Byb3RlY3RlZCcgYW5kICd1bnByb3RlY3RlZCcgaGVhZGVyIG1lbWJlcnNcclxuICAgIC8vICogIHByb3RlY3RlZDogYW4gYXJyYXkgb2YgdGhlIG1lbWJlciBuYW1lcyBmcm9tIHRoZSBcInByb3RlY3RlZFwiIG1lbWJlclxyXG4gICAgLy8gKiAga2V5OiBLZXkgdXNlZCB0byBkZWNyeXB0XHJcbiAgICAvLyAqICBwYXlsb2FkOiBCdWZmZXIgb2YgdGhlIGRlY3J5cHRlZCBjb250ZW50XHJcbiAgICAvLyAqICBwbGFpbnRleHQ6IEJ1ZmZlciBvZiB0aGUgZGVjcnlwdGVkIGNvbnRlbnQgKGFsdGVybmF0ZSksIGp1c3QgYSByZWZlcmVuY2UgdG8gcGF5bG9hZFxyXG4gICAgY29uc3QgcmVzID0gYXdhaXQgSldFLmNyZWF0ZURlY3J5cHQoa2V5IGFzIEpXSy5LZXksIG9wdCkuZGVjcnlwdChcclxuICAgICAgandlIGFzIGFueVxyXG4gICAgKTtcclxuXHJcbiAgICByZXMucGF5bG9hZCA9IHRoaXMuZGVjb2RlUGF5bG9hZChvcHRpb25zLnBheWxvYWRUeXBlLCByZXMucGF5bG9hZCk7XHJcblxyXG4gICAgaWYgKG9wdGlvbnMucmV0dXJuT25seVBheWxvYWQpIHtcclxuICAgICAgcmV0dXJuIHJlcy5wYXlsb2FkO1xyXG4gICAgfSBlbHNlIHtcclxuICAgICAgcmV0dXJuIHJlcztcclxuICAgIH1cclxuICB9XHJcblxyXG4gIC8vIFRPRE8gcmVuYW1lIHRoaXMgdG8gZW5jcnlwdCgpIGFuZCB1c2UgYXMgdGhlIG1vc3QgY29tbW9uIHVzZWNhc2VcclxuICBhc3luYyBlbmNyeXB0VG9TdHJpbmcoXHJcbiAgICBrZXk6IEpXSy5LZXksXHJcbiAgICBjb250ZW50OiBBcnJheUJ1ZmZlciB8IHN0cmluZyB8IG9iamVjdFxyXG4gICk6IFByb21pc2U8c3RyaW5nPiB7XHJcbiAgICByZXR1cm4gSlNPTi5zdHJpbmdpZnkoYXdhaXQgdGhpcy5lbmNyeXB0KGtleSwgY29udGVudCkpO1xyXG4gIH1cclxuXHJcbiAgLy8gVE9ETyByZW5hbWUgdGhpcyB0byBlbmNyeXB0VG9KU09OKCkgYW5kIHVzZSB0aGlzIHdoZW4gcmVxdWlyZWQuXHJcbiAgYXN5bmMgZW5jcnlwdChcclxuICAgIGtleTogSldLLktleSxcclxuICAgIGNvbnRlbnQ6IEFycmF5QnVmZmVyIHwgc3RyaW5nIHwgb2JqZWN0XHJcbiAgKTogUHJvbWlzZTxhbnk+IHtcclxuICAgIGlmICghY29udGVudCkge1xyXG4gICAgICB0aHJvdyBuZXcgRXJyb3IoJ0VuY3J5cHRpbmcgZW1wdHkgY29udGVudC4nKTtcclxuICAgIH1cclxuXHJcbiAgICBpZiAoIShjb250ZW50IGluc3RhbmNlb2YgQXJyYXlCdWZmZXIpKSB7XHJcbiAgICAgIGNvbnRlbnQgPSBuZXcgVGV4dEVuY29kZXIoKS5lbmNvZGUoSlNPTi5zdHJpbmdpZnkoY29udGVudCkpO1xyXG4gICAgfVxyXG5cclxuICAgIHJldHVybiBKV0UuY3JlYXRlRW5jcnlwdChcclxuICAgICAge1xyXG4gICAgICAgIGNvbnRlbnRBbGc6ICdBMjU2R0NNJyxcclxuICAgICAgICBmaWVsZHM6IHtcclxuICAgICAgICAgIHRpbWVzdGFtcDogYXdhaXQgdGhpcy50aW1lU2VydmljZS5zZXJ2ZXJOb3coKSxcclxuICAgICAgICB9LFxyXG4gICAgICB9IGFzIGFueSxcclxuICAgICAga2V5XHJcbiAgICApXHJcbiAgICAgIC51cGRhdGUoY29udGVudClcclxuICAgICAgLmZpbmFsKCkgYXMgYW55O1xyXG4gIH1cclxuXHJcbiAgLy8gPEFaPiBVbmxpa2Ugc2lnbkNvbnRlbnQsIHRoZSBzZXJpYWxpc2VkIFwiY29udGVudFwiIHZhcmlhYmxlIGlzIGNvbnRhaW5lZCBpbnNpZGVcclxuICAvLyB0aGUgcmVzdWx0LiBTbyBvcmRlcmluZyBvZiBmaWVsZHMgd2l0aGluIFwiY29udGVudFwiIGlzIG5vdCBhbiBpc3N1ZS5cclxuICBhc3luYyBzaWduKGtleTogSldLLktleSwgY29udGVudDogQnVmZmVyIHwgc3RyaW5nIHwgb2JqZWN0KTogUHJvbWlzZTxhbnk+IHtcclxuICAgIGNvbnN0IHNpZ25lciA9IEpXUy5jcmVhdGVTaWduKFxyXG4gICAgICB7XHJcbiAgICAgICAgZmllbGRzOiB7XHJcbiAgICAgICAgICB0aW1lc3RhbXA6IGF3YWl0IHRoaXMudGltZVNlcnZpY2Uuc2VydmVyTm93KCksXHJcbiAgICAgICAgfSxcclxuICAgICAgfSxcclxuICAgICAga2V5XHJcbiAgICApO1xyXG5cclxuICAgIGlmIChjb250ZW50IGluc3RhbmNlb2YgQnVmZmVyKSB7XHJcbiAgICAgIHNpZ25lci51cGRhdGUoY29udGVudCk7XHJcbiAgICB9IGVsc2Uge1xyXG4gICAgICBzaWduZXIudXBkYXRlKEpTT04uc3RyaW5naWZ5KGNvbnRlbnQpLCAndXRmOCcpO1xyXG4gICAgfVxyXG5cclxuICAgIHJldHVybiBzaWduZXIuZmluYWwoKTtcclxuICB9XHJcblxyXG4gIGFzeW5jIHNpZ25Ub1N0cmluZyhcclxuICAgIGtleTogSldLLktleSxcclxuICAgIGNvbnRlbnQ6IEJ1ZmZlciB8IHN0cmluZyB8IG9iamVjdFxyXG4gICk6IFByb21pc2U8c3RyaW5nPiB7XHJcbiAgICByZXR1cm4gSlNPTi5zdHJpbmdpZnkoYXdhaXQgdGhpcy5zaWduKGtleSwgY29udGVudCkpO1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgdmVyaWZ5KFxyXG4gICAga2V5OiBKV0suS2V5LFxyXG4gICAgandzOiBvYmplY3QsXHJcbiAgICBvcHRpb25zPzogVmVyaWZ5T3B0aW9uc1xyXG4gICk6IFByb21pc2U8YW55PiB7XHJcbiAgICBjb25zdCBvcHQgPSB7XHJcbiAgICAgIGFsZ29yaXRobXM6IFsnUlMqJ10sXHJcbiAgICB9O1xyXG5cclxuICAgIG9wdGlvbnMgPSB7XHJcbiAgICAgIC4uLlZFUklGWV9PUFRJT05TX0RFRkFVTFQsXHJcbiAgICAgIC4uLm9wdGlvbnMsXHJcbiAgICB9O1xyXG5cclxuICAgIHRyeSB7XHJcbiAgICAgIGNvbnN0IHJlcyA9IGF3YWl0IEpXUy5jcmVhdGVWZXJpZnkoa2V5LCBvcHQpLnZlcmlmeShqd3MgYXMgYW55KTtcclxuXHJcbiAgICAgIHJlcy5wYXlsb2FkID0gdGhpcy5kZWNvZGVQYXlsb2FkKG9wdGlvbnMucGF5bG9hZFR5cGUsIHJlcy5wYXlsb2FkKTtcclxuXHJcbiAgICAgIGlmIChvcHRpb25zLnJldHVybk9ubHlQYXlsb2FkKSB7XHJcbiAgICAgICAgcmV0dXJuIHJlcy5wYXlsb2FkO1xyXG4gICAgICB9IGVsc2Uge1xyXG4gICAgICAgIHJldHVybiByZXM7XHJcbiAgICAgIH1cclxuICAgIH0gY2F0Y2ggKGVycm9yKSB7XHJcbiAgICAgIHRocm93IG5ldyBMckV4Y2VwdGlvbih7XHJcbiAgICAgICAgY29kZTogTHJFcnJvckNvZGUuQmFkU2lnbmF0dXJlLFxyXG4gICAgICAgIG1lc3NhZ2U6IGBCYWQgc2lnbmF0dXJlOiAke2Vycm9yfWAsXHJcbiAgICAgIH0pO1xyXG4gICAgfVxyXG4gIH1cclxuXHJcbiAgYXN5bmMgZW5jcnlwdFRoZW5TaWduKFxyXG4gICAge1xyXG4gICAgICBrZXksXHJcbiAgICAgIHNpZ1ByayxcclxuICAgIH06IHtcclxuICAgICAga2V5OiBKV0suS2V5O1xyXG4gICAgICBzaWdQcms6IEpXSy5LZXk7XHJcbiAgICB9LFxyXG4gICAgY29udGVudDogQXJyYXlCdWZmZXIgfCBzdHJpbmcgfCBvYmplY3RcclxuICApOiBQcm9taXNlPHsgY2lwaGVyOiBzdHJpbmc7IHNpZzogc3RyaW5nIH0+IHtcclxuICAgIGNvbnN0IGNpcGhlciA9IEpTT04uc3RyaW5naWZ5KGF3YWl0IHRoaXMuZW5jcnlwdChrZXksIGNvbnRlbnQpKTtcclxuICAgIGNvbnN0IHNpZyA9IGF3YWl0IHRoaXMuc2lnbihzaWdQcmssIGNpcGhlcik7XHJcbiAgICBkZWxldGUgc2lnLnBheWxvYWQ7XHJcblxyXG4gICAgcmV0dXJuIHtcclxuICAgICAgY2lwaGVyLFxyXG4gICAgICBzaWc6IEpTT04uc3RyaW5naWZ5KHNpZyksXHJcbiAgICB9O1xyXG4gIH1cclxuXHJcbiAgcHJpdmF0ZSBkZWNvZGVQYXlsb2FkKFxyXG4gICAgcGF5bG9hZFR5cGU6IFBheWxvYWRUeXBlLFxyXG4gICAgcGF5bG9hZDogQXJyYXlCdWZmZXJcclxuICApOiBBcnJheUJ1ZmZlciB8IGFueSB7XHJcbiAgICBzd2l0Y2ggKHBheWxvYWRUeXBlKSB7XHJcbiAgICAgIGNhc2UgJ2pzb24nOlxyXG4gICAgICAgIHJldHVybiBKU09OLnBhcnNlKG5ldyBUZXh0RGVjb2RlcigpLmRlY29kZShwYXlsb2FkKSk7XHJcbiAgICAgIGNhc2UgJ0FycmF5QnVmZmVyJzpcclxuICAgICAgICByZXR1cm4gcGF5bG9hZDtcclxuICAgICAgZGVmYXVsdDpcclxuICAgICAgICB0aHJvdyBuZXcgTHJCYWRBcmd1bWVudEV4Y2VwdGlvbihgVW5rbm93biBwYXlsb2FkVHlwZTogJHtwYXlsb2FkVHlwZX1gKTtcclxuICAgIH1cclxuICB9XHJcbn1cclxuIl19

package/esm2015/lib/cryptography/key-factory.service.js

@@ -0,0 +1,237 @@
+import { __awaiter } from "tslib";
+import { Injectable } from '@angular/core';
+import { JWK } from 'node-jose';
+import { WebCryptoService } from './web-crypto.service';
+import { LrBadArgumentException, LrSuspiciousException, } from '../_common/exceptions';
+import * as i0 from "@angular/core";
+import * as i1 from "./web-crypto.service";
+export function sha256(message) {
+    return __awaiter(this, void 0, void 0, function* () {
+        // encode as UTF-8
+        const msgBuffer = new TextEncoder().encode(message);
+        // hash the message
+        const hashBuffer = yield crypto.subtle.digest('SHA-256', msgBuffer);
+        // convert ArrayBuffer to Array
+        const hashArray = Array.from(new Uint8Array(hashBuffer));
+        // convert bytes to hex string
+        const hashHex = hashArray
+            .map((b) => ('00' + b.toString(16)).slice(-2))
+            .join('');
+        return hashHex;
+    });
+}
+export class KeyFactoryService {
+    constructor(webCryptoService) {
+        this.webCryptoService = webCryptoService;
+        // Global keys store. Otherwise, each call to asKey creates a new keyStore.
+        // <AZ> Did not seem to improve speed.
+        // public static keyStore = JWK.createKeyStore();
+        // AZ: This can't be change easily. It's basically a PassK or PassIdp rotation.
+        // todo: we should eventually increase this periodically to match with Moore's law.
+        // The iterations for each key are kept by the server as well but we assume the value
+        // from the server is not trustworthy, so need to have minimum thresholds here.
+        // If creating new keys, these minimum are used.
+        this.MIN_PASS_IDP_PBKDF_ITER = 100000;
+        this.MIN_PASS_KEY_PBKDF_ITER = 100000;
+        this.MIN_LBOP_KEY_PBKDF_ITER = 100000;
+        // These are used as the default values. They must be larger than the minimum values.
+        this.DEFAULT_PASS_IDP_PBKDF_ITER = this.MIN_PASS_IDP_PBKDF_ITER;
+        this.DEFAULT_PASS_KEY_PBKDF_ITER = this.MIN_PASS_KEY_PBKDF_ITER;
+        this.DEFAULT_LBOP_KEY_PBKDF_ITER = this.MIN_LBOP_KEY_PBKDF_ITER;
+        this.crypto = this.webCryptoService.crypto;
+    }
+    static asKey(key, form, extras) {
+        // <AZ> Using a single global key store did not seem to improve speed.
+        // return KeyFactoryService.keyStore.add(key, form, extras);
+        return JWK.asKey(key, form, extras);
+    }
+    randomString(digits) {
+        if (digits <= 0) {
+            throw new LrBadArgumentException('digits <= 0');
+        }
+        const validChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+        let array = new Uint32Array(digits);
+        this.crypto.getRandomValues(array);
+        array = array.map((x) => validChars.charCodeAt(x % validChars.length));
+        return String.fromCharCode.apply(null, array);
+    }
+    randomDigitsNoZeros(digits) {
+        return this.randomChoices([1, 2, 3, 4, 5, 6, 7, 8, 9], digits).join('');
+    }
+    randomChoices(array, chooseN) {
+        if (array.length <= 1) {
+            throw new LrBadArgumentException('array.length <= 0');
+        }
+        if (chooseN <= 0) {
+            throw new LrBadArgumentException('chooseN <= 0');
+        }
+        const values = new Uint32Array(chooseN);
+        this.crypto.getRandomValues(values);
+        const ret = [];
+        values.forEach((v) => ret.push(array[v % array.length]));
+        return ret;
+    }
+    createSalt() {
+        return this.randomString(16);
+    }
+    createKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.crypto.subtle.generateKey({
+                name: 'AES-GCM',
+                length: 256,
+            }, true, // whether the key is extractable (i.e. can be used in exportKey)
+            ['encrypt', 'decrypt'] // must be ["encrypt", "decrypt"] or ["wrapKey", "unwrapKey"]
+            );
+            const jwk = yield this.crypto.subtle.exportKey('jwk', key);
+            // Removing the fields not needed by node-jose
+            delete jwk.ext;
+            delete jwk.key_ops;
+            return KeyFactoryService.asKey(jwk);
+        });
+    }
+    createSignKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.crypto.subtle.generateKey({
+                name: 'HMAC',
+                hash: { name: 'SHA-512' },
+            }, true, ['sign', 'verify']);
+            const jwk = yield this.crypto.subtle.exportKey('jwk', key);
+            // Removing the fields not needed by node-jose
+            delete jwk.key_ops;
+            delete jwk.ext;
+            return KeyFactoryService.asKey(jwk);
+        });
+    }
+    createPkcKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            // node-jose is not using Forge properly. It should be calling the async version of
+            // pki.rsa.generateKeyPair() with a callback. Instead it calls the sync version. Webcrypto
+            // does not support sync version, so it uses the javascript implementation, which is way too slow.
+            // So we generate using webcrypto and import the key.
+            // Unfortunately Elliptical Curve is not supported by Webcrypto. So we have to settle for RSA.
+            const key = yield this.crypto.subtle.generateKey({
+                name: 'RSA-OAEP',
+                modulusLength: 2048,
+                // As per suggestion: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams
+                publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+                hash: { name: 'SHA-256' },
+            }, true, // whether the key is extractable (i.e. can be used in exportKey)
+            ['encrypt', 'decrypt'] // must be ["encrypt", "decrypt"] or ["wrapKey", "unwrapKey"]
+            );
+            const jwk = yield this.crypto.subtle.exportKey('jwk', key.privateKey);
+            // Removing the fields not needed by node-jose
+            delete jwk.key_ops;
+            delete jwk.ext;
+            return KeyFactoryService.asKey(jwk);
+        });
+    }
+    createPkcSignKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.crypto.subtle.generateKey({
+                name: 'RSASSA-PKCS1-v1_5',
+                modulusLength: 2048,
+                // As per suggestion: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams
+                publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+                hash: { name: 'SHA-256' },
+            }, true, // whether the key is extractable (i.e. can be used in exportKey)
+            ['sign', 'verify'] // can be any combination of "sign" and "verify"
+            );
+            const jwk = yield this.crypto.subtle.exportKey('jwk', key.privateKey);
+            // Removing the fields not needed by node-jose
+            delete jwk.key_ops;
+            delete jwk.ext;
+            return KeyFactoryService.asKey(jwk);
+        });
+    }
+    deriveKey({ password, salt, iterations, kid, }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const enc = new TextEncoder();
+            const rawKey = yield this.crypto.subtle.importKey('raw', enc.encode(password), 'PBKDF2', false, ['deriveBits', 'deriveKey']);
+            const passKey = yield crypto.subtle.deriveKey({
+                name: 'PBKDF2',
+                salt: new TextEncoder().encode(salt),
+                iterations,
+                hash: 'SHA-256',
+            }, rawKey, { name: 'AES-GCM', length: 256 }, true, ['encrypt', 'decrypt']);
+            const passKeyJson = yield crypto.subtle.exportKey('jwk', passKey);
+            if (kid) {
+                passKeyJson.kid = kid;
+            }
+            const jwk = yield KeyFactoryService.asKey(passKeyJson);
+            return { jwk };
+        });
+    }
+    derivePassIdp(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (params.iterations < this.MIN_PASS_IDP_PBKDF_ITER) {
+                throw new LrSuspiciousException(`The number of PassIdp key derivation iterations sent from the server (${params.iterations}) is lower than the minimum (${this.MIN_PASS_IDP_PBKDF_ITER})`);
+            }
+            return this.deriveKey(params);
+        });
+    }
+    derivePassKey(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (params.iterations < this.MIN_PASS_KEY_PBKDF_ITER) {
+                throw new LrSuspiciousException(`The number of PassKey key derivation iterations sent from the server(${params.iterations}) is lower than the minimum(${this.MIN_PASS_KEY_PBKDF_ITER})`);
+            }
+            return this.deriveKey(params);
+        });
+    }
+    deriveLbopKey(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (params.iterations < this.MIN_LBOP_KEY_PBKDF_ITER) {
+                throw new LrSuspiciousException(`The number of LbopKey key derivation iterations sent from the server(${params.iterations}) is lower than the minimum(${this.MIN_LBOP_KEY_PBKDF_ITER})`);
+            }
+            return this.deriveKey(params);
+        });
+    }
+    createKid() {
+        return __awaiter(this, void 0, void 0, function* () {
+            // todo: AZ: node-jose source uses node's default UUID() function for kid, so just change to use that.
+            // for now, we are just creating a new key to use it's kid.
+            // The kid is a part of the JWK system. LR backend maintains the key hierarchy separately with it's own
+            // key id. But we just use it here as a double check.
+            return (yield this.createKey()).kid;
+        });
+    }
+    createPassIdpParams() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return {
+                salt: this.createSalt(),
+                iterations: this.DEFAULT_PASS_IDP_PBKDF_ITER,
+            };
+        });
+    }
+    createPassKeyParams() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return {
+                salt: this.createSalt(),
+                kid: yield this.createKid(),
+                iterations: this.DEFAULT_PASS_KEY_PBKDF_ITER,
+            };
+        });
+    }
+    createLbopKeyParams() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return {
+                salt: this.createSalt(),
+                // todo: AZ: node-jose source uses node's default UUID() function for kid, so just change to use that.
+                // for now, we are just creating a new key to use it's kid.
+                // The kid is a part of the JWK system. LR backend maintains the key hierarchy separately with it's own
+                // key id. But we just use it here as a double check.
+                kid: yield this.createKid(),
+                iterations: this.DEFAULT_PASS_KEY_PBKDF_ITER,
+            };
+        });
+    }
+}
+KeyFactoryService.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyFactoryService_Factory() { return new KeyFactoryService(i0.ɵɵinject(i1.WebCryptoService)); }, token: KeyFactoryService, providedIn: "root" });
+KeyFactoryService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+KeyFactoryService.ctorParameters = () => [
+    { type: WebCryptoService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LWZhY3Rvcnkuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiJDOi9Qcm9qZWN0cy90ZXN0L3Byb2plY3RzL2NvcmUvc3JjLyIsInNvdXJjZXMiOlsibGliL2NyeXB0b2dyYXBoeS9rZXktZmFjdG9yeS5zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sZUFBZSxDQUFDO0FBQzNDLE9BQU8sRUFBRSxHQUFHLEVBQUUsTUFBTSxXQUFXLENBQUM7QUFVaEMsT0FBTyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sc0JBQXNCLENBQUM7QUFDeEQsT0FBTyxFQUNMLHNCQUFzQixFQUN0QixxQkFBcUIsR0FDdEIsTUFBTSx1QkFBdUIsQ0FBQzs7O0FBRS9CLE1BQU0sVUFBZ0IsTUFBTSxDQUFDLE9BQU87O1FBQ2xDLGtCQUFrQjtRQUNsQixNQUFNLFNBQVMsR0FBRyxJQUFJLFdBQVcsRUFBRSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUVwRCxtQkFBbUI7UUFDbkIsTUFBTSxVQUFVLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDLENBQUM7UUFFcEUsK0JBQStCO1FBQy9CLE1BQU0sU0FBUyxHQUFHLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxVQUFVLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQztRQUV6RCw4QkFBOEI7UUFDOUIsTUFBTSxPQUFPLEdBQUcsU0FBUzthQUN0QixHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsSUFBSSxHQUFHLENBQUMsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQzthQUM3QyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDWixPQUFPLE9BQU8sQ0FBQztJQUNqQixDQUFDO0NBQUE7QUFLRCxNQUFNLE9BQU8saUJBQWlCO0lBQzVCLFlBQW9CLGdCQUFrQztRQUFsQyxxQkFBZ0IsR0FBaEIsZ0JBQWdCLENBQWtCO1FBSXRELDJFQUEyRTtRQUMzRSxzQ0FBc0M7UUFDdEMsaURBQWlEO1FBRWpELCtFQUErRTtRQUMvRSxtRkFBbUY7UUFDbkYscUZBQXFGO1FBQ3JGLCtFQUErRTtRQUMvRSxnREFBZ0Q7UUFDaEMsNEJBQXVCLEdBQUcsTUFBTSxDQUFDO1FBQ2pDLDRCQUF1QixHQUFHLE1BQU0sQ0FBQztRQUNqQyw0QkFBdUIsR0FBRyxNQUFNLENBQUM7UUFFakQscUZBQXFGO1FBQ3JFLGdDQUEyQixHQUFHLElBQUksQ0FBQyx1QkFBdUIsQ0FBQztRQUMzRCxnQ0FBMkIsR0FBRyxJQUFJLENBQUMsdUJBQXVCLENBQUM7UUFDM0QsZ0NBQTJCLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixDQUFDO1FBbkJ6RSxJQUFJLENBQUMsTUFBTSxHQUFHLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNLENBQUM7SUFDN0MsQ0FBQztJQW9CRCxNQUFNLENBQUMsS0FBSyxDQUNWLEdBQTBDLEVBQzFDLElBUVMsRUFDVCxNQUFnQztRQUVoQyxzRUFBc0U7UUFDdEUsNERBQTREO1FBQzVELE9BQU8sR0FBRyxDQUFDLEtBQUssQ0FBQyxHQUFHLEVBQUUsSUFBSSxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQ3RDLENBQUM7SUFFRCxZQUFZLENBQUMsTUFBYztRQUN6QixJQUFJLE1BQU0sSUFBSSxDQUFDLEVBQUU7WUFDZixNQUFNLElBQUksc0JBQXNCLENBQUMsYUFBYSxDQUFDLENBQUM7U0FDakQ7UUFDRCxNQUFNLFVBQVUsR0FDZCxnRUFBZ0UsQ0FBQztRQUNuRSxJQUFJLEtBQUssR0FBRyxJQUFJLFdBQVcsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNwQyxJQUFJLENBQUMsTUFBTSxDQUFDLGVBQWUsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUNuQyxLQUFLLEdBQUcsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQyxDQUFDLEdBQUcsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUM7UUFDdkUsT0FBTyxNQUFNLENBQUMsWUFBWSxDQUFDLEtBQUssQ0FBQyxJQUFJLEVBQUUsS0FBSyxDQUFDLENBQUM7SUFDaEQsQ0FBQztJQUVELG1CQUFtQixDQUFDLE1BQWM7UUFDaEMsT0FBTyxJQUFJLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLENBQUMsRUFBRSxNQUFNLENBQUMsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDMUUsQ0FBQztJQUVELGFBQWEsQ0FBSSxLQUFVLEVBQUUsT0FBZTtRQUMxQyxJQUFJLEtBQUssQ0FBQyxNQUFNLElBQUksQ0FBQyxFQUFFO1lBQ3JCLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO1NBQ3ZEO1FBQ0QsSUFBSSxPQUFPLElBQUksQ0FBQyxFQUFFO1lBQ2hCLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyxjQUFjLENBQUMsQ0FBQztTQUNsRDtRQUNELE1BQU0sTUFBTSxHQUFHLElBQUksV0FBVyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ3hDLElBQUksQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ3BDLE1BQU0sR0FBRyxHQUFRLEVBQUUsQ0FBQztRQUNwQixNQUFNLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLEdBQUcsS0FBSyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUN6RCxPQUFPLEdBQUcsQ0FBQztJQUNiLENBQUM7SUFFRCxVQUFVO1FBQ1IsT0FBTyxJQUFJLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQy9CLENBQUM7SUFFSyxTQUFTOztZQUNiLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUM5QztnQkFDRSxJQUFJLEVBQUUsU0FBUztnQkFDZixNQUFNLEVBQUUsR0FBRzthQUNaLEVBQ0QsSUFBSSxFQUFFLGlFQUFpRTtZQUN2RSxDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUMsQ0FBQyw2REFBNkQ7YUFDckYsQ0FBQztZQUVGLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxHQUFHLENBQUMsQ0FBQztZQUUzRCw4Q0FBOEM7WUFDOUMsT0FBTyxHQUFHLENBQUMsR0FBRyxDQUFDO1lBQ2YsT0FBTyxHQUFHLENBQUMsT0FBTyxDQUFDO1lBRW5CLE9BQU8saUJBQWlCLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ3RDLENBQUM7S0FBQTtJQUVLLGFBQWE7O1lBQ2pCLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUM5QztnQkFDRSxJQUFJLEVBQUUsTUFBTTtnQkFDWixJQUFJLEVBQUUsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFO2FBQzFCLEVBQ0QsSUFBSSxFQUNKLENBQUMsTUFBTSxFQUFFLFFBQVEsQ0FBQyxDQUNuQixDQUFDO1lBRUYsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsS0FBSyxFQUFFLEdBQUcsQ0FBQyxDQUFDO1lBRTNELDhDQUE4QztZQUM5QyxPQUFPLEdBQUcsQ0FBQyxPQUFPLENBQUM7WUFDbkIsT0FBTyxHQUFHLENBQUMsR0FBRyxDQUFDO1lBRWYsT0FBTyxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDdEMsQ0FBQztLQUFBO0lBRUssWUFBWTs7WUFDaEIsbUZBQW1GO1lBQ25GLDBGQUEwRjtZQUMxRixrR0FBa0c7WUFDbEcscURBQXFEO1lBQ3JELDhGQUE4RjtZQUM5RixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FDOUM7Z0JBQ0UsSUFBSSxFQUFFLFVBQVU7Z0JBQ2hCLGFBQWEsRUFBRSxJQUFJO2dCQUNuQiw0RkFBNEY7Z0JBQzVGLGNBQWMsRUFBRSxJQUFJLFVBQVUsQ0FBQyxDQUFDLElBQUksRUFBRSxJQUFJLEVBQUUsSUFBSSxDQUFDLENBQUM7Z0JBQ2xELElBQUksRUFBRSxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUU7YUFDMUIsRUFDRCxJQUFJLEVBQUUsaUVBQWlFO1lBQ3ZFLENBQUMsU0FBUyxFQUFFLFNBQVMsQ0FBQyxDQUFDLDZEQUE2RDthQUNyRixDQUFDO1lBRUYsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsS0FBSyxFQUFFLEdBQUcsQ0FBQyxVQUFVLENBQUMsQ0FBQztZQUN0RSw4Q0FBOEM7WUFDOUMsT0FBTyxHQUFHLENBQUMsT0FBTyxDQUFDO1lBQ25CLE9BQU8sR0FBRyxDQUFDLEdBQUcsQ0FBQztZQUVmLE9BQU8saUJBQWlCLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ3RDLENBQUM7S0FBQTtJQUVLLGdCQUFnQjs7WUFDcEIsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQzlDO2dCQUNFLElBQUksRUFBRSxtQkFBbUI7Z0JBQ3pCLGFBQWEsRUFBRSxJQUFJO2dCQUNuQiw0RkFBNEY7Z0JBQzVGLGNBQWMsRUFBRSxJQUFJLFVBQVUsQ0FBQyxDQUFDLElBQUksRUFBRSxJQUFJLEVBQUUsSUFBSSxDQUFDLENBQUM7Z0JBQ2xELElBQUksRUFBRSxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUU7YUFDMUIsRUFDRCxJQUFJLEVBQUUsaUVBQWlFO1lBQ3ZFLENBQUMsTUFBTSxFQUFFLFFBQVEsQ0FBQyxDQUFDLGdEQUFnRDthQUNwRSxDQUFDO1lBRUYsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsS0FBSyxFQUFFLEdBQUcsQ0FBQyxVQUFVLENBQUMsQ0FBQztZQUV0RSw4Q0FBOEM7WUFDOUMsT0FBTyxHQUFHLENBQUMsT0FBTyxDQUFDO1lBQ25CLE9BQU8sR0FBRyxDQUFDLEdBQUcsQ0FBQztZQUVmLE9BQU8saUJBQWlCLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ3RDLENBQUM7S0FBQTtJQUVLLFNBQVMsQ0FBQyxFQUNkLFFBQVEsRUFDUixJQUFJLEVBQ0osVUFBVSxFQUNWLEdBQUcsR0FNSjs7WUFDQyxNQUFNLEdBQUcsR0FBRyxJQUFJLFdBQVcsRUFBRSxDQUFDO1lBQzlCLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUMvQyxLQUFLLEVBQ0wsR0FBRyxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsRUFDcEIsUUFBUSxFQUNSLEtBQUssRUFDTCxDQUFDLFlBQVksRUFBRSxXQUFXLENBQUMsQ0FDNUIsQ0FBQztZQUVGLE1BQU0sT0FBTyxHQUFHLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQzNDO2dCQUNFLElBQUksRUFBRSxRQUFRO2dCQUNkLElBQUksRUFBRSxJQUFJLFdBQVcsRUFBRSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUM7Z0JBQ3BDLFVBQVU7Z0JBQ1YsSUFBSSxFQUFFLFNBQVM7YUFDaEIsRUFDRCxNQUFNLEVBQ04sRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLE1BQU0sRUFBRSxHQUFHLEVBQUUsRUFDaEMsSUFBSSxFQUNKLENBQUMsU0FBUyxFQUFFLFNBQVMsQ0FBQyxDQUN2QixDQUFDO1lBRUYsTUFBTSxXQUFXLEdBQVEsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsT0FBTyxDQUFDLENBQUM7WUFDdkUsSUFBSSxHQUFHLEVBQUU7Z0JBQ1AsV0FBVyxDQUFDLEdBQUcsR0FBRyxHQUFHLENBQUM7YUFDdkI7WUFFRCxNQUFNLEdBQUcsR0FBRyxNQUFNLGlCQUFpQixDQUFDLEtBQUssQ0FBQyxXQUFXLENBQUMsQ0FBQztZQUV2RCxPQUFPLEVBQUUsR0FBRyxFQUFFLENBQUM7UUFDakIsQ0FBQztLQUFBO0lBRUssYUFBYSxDQUFDLE1BQTJCOztZQUM3QyxJQUFJLE1BQU0sQ0FBQyxVQUFVLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixFQUFFO2dCQUNwRCxNQUFNLElBQUkscUJBQXFCLENBQzdCLHlFQUF5RSxNQUFNLENBQUMsVUFBVSxnQ0FBZ0MsSUFBSSxDQUFDLHVCQUF1QixHQUFHLENBQzFKLENBQUM7YUFDSDtZQUNELE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNoQyxDQUFDO0tBQUE7SUFFSyxhQUFhLENBQUMsTUFBMkI7O1lBQzdDLElBQUksTUFBTSxDQUFDLFVBQVUsR0FBRyxJQUFJLENBQUMsdUJBQXVCLEVBQUU7Z0JBQ3BELE1BQU0sSUFBSSxxQkFBcUIsQ0FDN0Isd0VBQXdFLE1BQU0sQ0FBQyxVQUFVLCtCQUErQixJQUFJLENBQUMsdUJBQXVCLEdBQUcsQ0FDeEosQ0FBQzthQUNIO1lBQ0QsT0FBTyxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2hDLENBQUM7S0FBQTtJQUVLLGFBQWEsQ0FBQyxNQUEyQjs7WUFDN0MsSUFBSSxNQUFNLENBQUMsVUFBVSxHQUFHLElBQUksQ0FBQyx1QkFBdUIsRUFBRTtnQkFDcEQsTUFBTSxJQUFJLHFCQUFxQixDQUM3Qix3RUFBd0UsTUFBTSxDQUFDLFVBQVUsK0JBQStCLElBQUksQ0FBQyx1QkFBdUIsR0FBRyxDQUN4SixDQUFDO2FBQ0g7WUFDRCxPQUFPLElBQUksQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDaEMsQ0FBQztLQUFBO0lBRUssU0FBUzs7WUFDYixzR0FBc0c7WUFDdEcsMkRBQTJEO1lBQzNELHVHQUF1RztZQUN2RyxxREFBcUQ7WUFDckQsT0FBTyxDQUFDLE1BQU0sSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDLENBQUMsR0FBRyxDQUFDO1FBQ3RDLENBQUM7S0FBQTtJQUVLLG1CQUFtQjs7WUFDdkIsT0FBTztnQkFDTCxJQUFJLEVBQUUsSUFBSSxDQUFDLFVBQVUsRUFBRTtnQkFDdkIsVUFBVSxFQUFFLElBQUksQ0FBQywyQkFBMkI7YUFDN0MsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVLLG1CQUFtQjs7WUFDdkIsT0FBTztnQkFDTCxJQUFJLEVBQUUsSUFBSSxDQUFDLFVBQVUsRUFBRTtnQkFDdkIsR0FBRyxFQUFFLE1BQU0sSUFBSSxDQUFDLFNBQVMsRUFBRTtnQkFDM0IsVUFBVSxFQUFFLElBQUksQ0FBQywyQkFBMkI7YUFDN0MsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVLLG1CQUFtQjs7WUFDdkIsT0FBTztnQkFDTCxJQUFJLEVBQUUsSUFBSSxDQUFDLFVBQVUsRUFBRTtnQkFDdkIsc0dBQXNHO2dCQUN0RywyREFBMkQ7Z0JBQzNELHVHQUF1RztnQkFDdkcscURBQXFEO2dCQUNyRCxHQUFHLEVBQUUsTUFBTSxJQUFJLENBQUMsU0FBUyxFQUFFO2dCQUMzQixVQUFVLEVBQUUsSUFBSSxDQUFDLDJCQUEyQjthQUM3QyxDQUFDO1FBQ0osQ0FBQztLQUFBOzs7O1lBM1FGLFVBQVUsU0FBQztnQkFDVixVQUFVLEVBQUUsTUFBTTthQUNuQjs7O1lBekJRLGdCQUFnQiIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEluamVjdGFibGUgfSBmcm9tICdAYW5ndWxhci9jb3JlJztcclxuaW1wb3J0IHsgSldLIH0gZnJvbSAnbm9kZS1qb3NlJztcclxuaW1wb3J0IHtcclxuICBMYm9wS2V5UGFyYW1zLFxyXG4gIFBhc3NJZHBQYXJhbXMsXHJcbiAgUGFzc0tleVBhcmFtcyxcclxuICBEZXJpdmVLZXlSZXN1bHQsXHJcbiAgRGVyaXZlUGFzc0lkcFBhcmFtcyxcclxuICBEZXJpdmVQYXNzS2V5UGFyYW1zLFxyXG4gIERlcml2ZUxib3BLZXlQYXJhbXMsXHJcbn0gZnJvbSAnLi9jcnlwdG9ncmFwaHkudHlwZXMnO1xyXG5pbXBvcnQgeyBXZWJDcnlwdG9TZXJ2aWNlIH0gZnJvbSAnLi93ZWItY3J5cHRvLnNlcnZpY2UnO1xyXG5pbXBvcnQge1xyXG4gIExyQmFkQXJndW1lbnRFeGNlcHRpb24sXHJcbiAgTHJTdXNwaWNpb3VzRXhjZXB0aW9uLFxyXG59IGZyb20gJy4uL19jb21tb24vZXhjZXB0aW9ucyc7XHJcblxyXG5leHBvcnQgYXN5bmMgZnVuY3Rpb24gc2hhMjU2KG1lc3NhZ2UpIHtcclxuICAvLyBlbmNvZGUgYXMgVVRGLThcclxuICBjb25zdCBtc2dCdWZmZXIgPSBuZXcgVGV4dEVuY29kZXIoKS5lbmNvZGUobWVzc2FnZSk7XHJcblxyXG4gIC8vIGhhc2ggdGhlIG1lc3NhZ2VcclxuICBjb25zdCBoYXNoQnVmZmVyID0gYXdhaXQgY3J5cHRvLnN1YnRsZS5kaWdlc3QoJ1NIQS0yNTYnLCBtc2dCdWZmZXIpO1xyXG5cclxuICAvLyBjb252ZXJ0IEFycmF5QnVmZmVyIHRvIEFycmF5XHJcbiAgY29uc3QgaGFzaEFycmF5ID0gQXJyYXkuZnJvbShuZXcgVWludDhBcnJheShoYXNoQnVmZmVyKSk7XHJcblxyXG4gIC8vIGNvbnZlcnQgYnl0ZXMgdG8gaGV4IHN0cmluZ1xyXG4gIGNvbnN0IGhhc2hIZXggPSBoYXNoQXJyYXlcclxuICAgIC5tYXAoKGIpID0+ICgnMDAnICsgYi50b1N0cmluZygxNikpLnNsaWNlKC0yKSlcclxuICAgIC5qb2luKCcnKTtcclxuICByZXR1cm4gaGFzaEhleDtcclxufVxyXG5cclxuQEluamVjdGFibGUoe1xyXG4gIHByb3ZpZGVkSW46ICdyb290JyxcclxufSlcclxuZXhwb3J0IGNsYXNzIEtleUZhY3RvcnlTZXJ2aWNlIHtcclxuICBjb25zdHJ1Y3Rvcihwcml2YXRlIHdlYkNyeXB0b1NlcnZpY2U6IFdlYkNyeXB0b1NlcnZpY2UpIHtcclxuICAgIHRoaXMuY3J5cHRvID0gdGhpcy53ZWJDcnlwdG9TZXJ2aWNlLmNyeXB0bztcclxuICB9XHJcbiAgcHJpdmF0ZSByZWFkb25seSBjcnlwdG87XHJcbiAgLy8gR2xvYmFsIGtleXMgc3RvcmUuIE90aGVyd2lzZSwgZWFjaCBjYWxsIHRvIGFzS2V5IGNyZWF0ZXMgYSBuZXcga2V5U3RvcmUuXHJcbiAgLy8gPEFaPiBEaWQgbm90IHNlZW0gdG8gaW1wcm92ZSBzcGVlZC5cclxuICAvLyBwdWJsaWMgc3RhdGljIGtleVN0b3JlID0gSldLLmNyZWF0ZUtleVN0b3JlKCk7XHJcblxyXG4gIC8vIEFaOiBUaGlzIGNhbid0IGJlIGNoYW5nZSBlYXNpbHkuIEl0J3MgYmFzaWNhbGx5IGEgUGFzc0sgb3IgUGFzc0lkcCByb3RhdGlvbi5cclxuICAvLyB0b2RvOiB3ZSBzaG91bGQgZXZlbnR1YWxseSBpbmNyZWFzZSB0aGlzIHBlcmlvZGljYWxseSB0byBtYXRjaCB3aXRoIE1vb3JlJ3MgbGF3LlxyXG4gIC8vIFRoZSBpdGVyYXRpb25zIGZvciBlYWNoIGtleSBhcmUga2VwdCBieSB0aGUgc2VydmVyIGFzIHdlbGwgYnV0IHdlIGFzc3VtZSB0aGUgdmFsdWVcclxuICAvLyBmcm9tIHRoZSBzZXJ2ZXIgaXMgbm90IHRydXN0d29ydGh5LCBzbyBuZWVkIHRvIGhhdmUgbWluaW11bSB0aHJlc2hvbGRzIGhlcmUuXHJcbiAgLy8gSWYgY3JlYXRpbmcgbmV3IGtleXMsIHRoZXNlIG1pbmltdW0gYXJlIHVzZWQuXHJcbiAgcHVibGljIHJlYWRvbmx5IE1JTl9QQVNTX0lEUF9QQktERl9JVEVSID0gMTAwMDAwO1xyXG4gIHB1YmxpYyByZWFkb25seSBNSU5fUEFTU19LRVlfUEJLREZfSVRFUiA9IDEwMDAwMDtcclxuICBwdWJsaWMgcmVhZG9ubHkgTUlOX0xCT1BfS0VZX1BCS0RGX0lURVIgPSAxMDAwMDA7XHJcblxyXG4gIC8vIFRoZXNlIGFyZSB1c2VkIGFzIHRoZSBkZWZhdWx0IHZhbHVlcy4gVGhleSBtdXN0IGJlIGxhcmdlciB0aGFuIHRoZSBtaW5pbXVtIHZhbHVlcy5cclxuICBwdWJsaWMgcmVhZG9ubHkgREVGQVVMVF9QQVNTX0lEUF9QQktERl9JVEVSID0gdGhpcy5NSU5fUEFTU19JRFBfUEJLREZfSVRFUjtcclxuICBwdWJsaWMgcmVhZG9ubHkgREVGQVVMVF9QQVNTX0tFWV9QQktERl9JVEVSID0gdGhpcy5NSU5fUEFTU19LRVlfUEJLREZfSVRFUjtcclxuICBwdWJsaWMgcmVhZG9ubHkgREVGQVVMVF9MQk9QX0tFWV9QQktERl9JVEVSID0gdGhpcy5NSU5fTEJPUF9LRVlfUEJLREZfSVRFUjtcclxuXHJcbiAgc3RhdGljIGFzS2V5KFxyXG4gICAga2V5OiBzdHJpbmcgfCBCdWZmZXIgfCBvYmplY3QgfCBKV0suUmF3S2V5LFxyXG4gICAgZm9ybT86XHJcbiAgICAgIHwgJ2pzb24nXHJcbiAgICAgIHwgJ3ByaXZhdGUnXHJcbiAgICAgIHwgJ3BrY3M4J1xyXG4gICAgICB8ICdwdWJsaWMnXHJcbiAgICAgIHwgJ3Nwa2knXHJcbiAgICAgIHwgJ3BraXgnXHJcbiAgICAgIHwgJ3g1MDknXHJcbiAgICAgIHwgJ3BlbScsXHJcbiAgICBleHRyYXM/OiBSZWNvcmQ8c3RyaW5nLCB1bmtub3duPlxyXG4gICk6IFByb21pc2U8SldLLktleT4ge1xyXG4gICAgLy8gPEFaPiBVc2luZyBhIHNpbmdsZSBnbG9iYWwga2V5IHN0b3JlIGRpZCBub3Qgc2VlbSB0byBpbXByb3ZlIHNwZWVkLlxyXG4gICAgLy8gcmV0dXJuIEtleUZhY3RvcnlTZXJ2aWNlLmtleVN0b3JlLmFkZChrZXksIGZvcm0sIGV4dHJhcyk7XHJcbiAgICByZXR1cm4gSldLLmFzS2V5KGtleSwgZm9ybSwgZXh0cmFzKTtcclxuICB9XHJcblxyXG4gIHJhbmRvbVN0cmluZyhkaWdpdHM6IG51bWJlcik6IHN0cmluZyB7XHJcbiAgICBpZiAoZGlnaXRzIDw9IDApIHtcclxuICAgICAgdGhyb3cgbmV3IExyQmFkQXJndW1lbnRFeGNlcHRpb24oJ2RpZ2l0cyA8PSAwJyk7XHJcbiAgICB9XHJcbiAgICBjb25zdCB2YWxpZENoYXJzID1cclxuICAgICAgJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5JztcclxuICAgIGxldCBhcnJheSA9IG5ldyBVaW50MzJBcnJheShkaWdpdHMpO1xyXG4gICAgdGhpcy5jcnlwdG8uZ2V0UmFuZG9tVmFsdWVzKGFycmF5KTtcclxuICAgIGFycmF5ID0gYXJyYXkubWFwKCh4KSA9PiB2YWxpZENoYXJzLmNoYXJDb2RlQXQoeCAlIHZhbGlkQ2hhcnMubGVuZ3RoKSk7XHJcbiAgICByZXR1cm4gU3RyaW5nLmZyb21DaGFyQ29kZS5hcHBseShudWxsLCBhcnJheSk7XHJcbiAgfVxyXG5cclxuICByYW5kb21EaWdpdHNOb1plcm9zKGRpZ2l0czogbnVtYmVyKTogc3RyaW5nIHtcclxuICAgIHJldHVybiB0aGlzLnJhbmRvbUNob2ljZXMoWzEsIDIsIDMsIDQsIDUsIDYsIDcsIDgsIDldLCBkaWdpdHMpLmpvaW4oJycpO1xyXG4gIH1cclxuXHJcbiAgcmFuZG9tQ2hvaWNlczxUPihhcnJheTogVFtdLCBjaG9vc2VOOiBudW1iZXIpOiBUW10ge1xyXG4gICAgaWYgKGFycmF5Lmxlbmd0aCA8PSAxKSB7XHJcbiAgICAgIHRocm93IG5ldyBMckJhZEFyZ3VtZW50RXhjZXB0aW9uKCdhcnJheS5sZW5ndGggPD0gMCcpO1xyXG4gICAgfVxyXG4gICAgaWYgKGNob29zZU4gPD0gMCkge1xyXG4gICAgICB0aHJvdyBuZXcgTHJCYWRBcmd1bWVudEV4Y2VwdGlvbignY2hvb3NlTiA8PSAwJyk7XHJcbiAgICB9XHJcbiAgICBjb25zdCB2YWx1ZXMgPSBuZXcgVWludDMyQXJyYXkoY2hvb3NlTik7XHJcbiAgICB0aGlzLmNyeXB0by5nZXRSYW5kb21WYWx1ZXModmFsdWVzKTtcclxuICAgIGNvbnN0IHJldDogVFtdID0gW107XHJcbiAgICB2YWx1ZXMuZm9yRWFjaCgodikgPT4gcmV0LnB1c2goYXJyYXlbdiAlIGFycmF5Lmxlbmd0aF0pKTtcclxuICAgIHJldHVybiByZXQ7XHJcbiAgfVxyXG5cclxuICBjcmVhdGVTYWx0KCk6IHN0cmluZyB7XHJcbiAgICByZXR1cm4gdGhpcy5yYW5kb21TdHJpbmcoMTYpO1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgY3JlYXRlS2V5KCk6IFByb21pc2U8SldLLktleT4ge1xyXG4gICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5jcnlwdG8uc3VidGxlLmdlbmVyYXRlS2V5KFxyXG4gICAgICB7XHJcbiAgICAgICAgbmFtZTogJ0FFUy1HQ00nLFxyXG4gICAgICAgIGxlbmd0aDogMjU2LCAvLyBjYW4gYmUgIDEyOCwgMTkyLCBvciAyNTZcclxuICAgICAgfSxcclxuICAgICAgdHJ1ZSwgLy8gd2hldGhlciB0aGUga2V5IGlzIGV4dHJhY3RhYmxlIChpLmUuIGNhbiBiZSB1c2VkIGluIGV4cG9ydEtleSlcclxuICAgICAgWydlbmNyeXB0JywgJ2RlY3J5cHQnXSAvLyBtdXN0IGJlIFtcImVuY3J5cHRcIiwgXCJkZWNyeXB0XCJdIG9yIFtcIndyYXBLZXlcIiwgXCJ1bndyYXBLZXlcIl1cclxuICAgICk7XHJcblxyXG4gICAgY29uc3QgandrID0gYXdhaXQgdGhpcy5jcnlwdG8uc3VidGxlLmV4cG9ydEtleSgnandrJywga2V5KTtcclxuXHJcbiAgICAvLyBSZW1vdmluZyB0aGUgZmllbGRzIG5vdCBuZWVkZWQgYnkgbm9kZS1qb3NlXHJcbiAgICBkZWxldGUgandrLmV4dDtcclxuICAgIGRlbGV0ZSBqd2sua2V5X29wcztcclxuXHJcbiAgICByZXR1cm4gS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoandrKTtcclxuICB9XHJcblxyXG4gIGFzeW5jIGNyZWF0ZVNpZ25LZXkoKTogUHJvbWlzZTxKV0suS2V5PiB7XHJcbiAgICBjb25zdCBrZXkgPSBhd2FpdCB0aGlzLmNyeXB0by5zdWJ0bGUuZ2VuZXJhdGVLZXkoXHJcbiAgICAgIHtcclxuICAgICAgICBuYW1lOiAnSE1BQycsXHJcbiAgICAgICAgaGFzaDogeyBuYW1lOiAnU0hBLTUxMicgfSxcclxuICAgICAgfSxcclxuICAgICAgdHJ1ZSxcclxuICAgICAgWydzaWduJywgJ3ZlcmlmeSddXHJcbiAgICApO1xyXG5cclxuICAgIGNvbnN0IGp3ayA9IGF3YWl0IHRoaXMuY3J5cHRvLnN1YnRsZS5leHBvcnRLZXkoJ2p3aycsIGtleSk7XHJcblxyXG4gICAgLy8gUmVtb3ZpbmcgdGhlIGZpZWxkcyBub3QgbmVlZGVkIGJ5IG5vZGUtam9zZVxyXG4gICAgZGVsZXRlIGp3ay5rZXlfb3BzO1xyXG4gICAgZGVsZXRlIGp3ay5leHQ7XHJcblxyXG4gICAgcmV0dXJuIEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KGp3ayk7XHJcbiAgfVxyXG5cclxuICBhc3luYyBjcmVhdGVQa2NLZXkoKTogUHJvbWlzZTxKV0suS2V5PiB7XHJcbiAgICAvLyBub2RlLWpvc2UgaXMgbm90IHVzaW5nIEZvcmdlIHByb3Blcmx5LiBJdCBzaG91bGQgYmUgY2FsbGluZyB0aGUgYXN5bmMgdmVyc2lvbiBvZlxyXG4gICAgLy8gcGtpLnJzYS5nZW5lcmF0ZUtleVBhaXIoKSB3aXRoIGEgY2FsbGJhY2suIEluc3RlYWQgaXQgY2FsbHMgdGhlIHN5bmMgdmVyc2lvbi4gV2ViY3J5cHRvXHJcbiAgICAvLyBkb2VzIG5vdCBzdXBwb3J0IHN5bmMgdmVyc2lvbiwgc28gaXQgdXNlcyB0aGUgamF2YXNjcmlwdCBpbXBsZW1lbnRhdGlvbiwgd2hpY2ggaXMgd2F5IHRvbyBzbG93LlxyXG4gICAgLy8gU28gd2UgZ2VuZXJhdGUgdXNpbmcgd2ViY3J5cHRvIGFuZCBpbXBvcnQgdGhlIGtleS5cclxuICAgIC8vIFVuZm9ydHVuYXRlbHkgRWxsaXB0aWNhbCBDdXJ2ZSBpcyBub3Qgc3VwcG9ydGVkIGJ5IFdlYmNyeXB0by4gU28gd2UgaGF2ZSB0byBzZXR0bGUgZm9yIFJTQS5cclxuICAgIGNvbnN0IGtleSA9IGF3YWl0IHRoaXMuY3J5cHRvLnN1YnRsZS5nZW5lcmF0ZUtleShcclxuICAgICAge1xyXG4gICAgICAgIG5hbWU6ICdSU0EtT0FFUCcsXHJcbiAgICAgICAgbW9kdWx1c0xlbmd0aDogMjA0OCwgLy8gY2FuIGJlIDEwMjQsIDIwNDgsIDMwNzIsIDQwOTYgLi4uIDE2Mzg0XHJcbiAgICAgICAgLy8gQXMgcGVyIHN1Z2dlc3Rpb246IGh0dHBzOi8vZGV2ZWxvcGVyLm1vemlsbGEub3JnL2VuLVVTL2RvY3MvV2ViL0FQSS9Sc2FIYXNoZWRLZXlHZW5QYXJhbXNcclxuICAgICAgICBwdWJsaWNFeHBvbmVudDogbmV3IFVpbnQ4QXJyYXkoWzB4MDEsIDB4MDAsIDB4MDFdKSxcclxuICAgICAgICBoYXNoOiB7IG5hbWU6ICdTSEEtMjU2JyB9LCAvLyBjYW4gYmUgXCJTSEEtMVwiLCBcIlNIQS0yNTZcIiwgXCJTSEEtMzg0XCIsIG9yIFwiU0hBLTUxMlwiXHJcbiAgICAgIH0sXHJcbiAgICAgIHRydWUsIC8vIHdoZXRoZXIgdGhlIGtleSBpcyBleHRyYWN0YWJsZSAoaS5lLiBjYW4gYmUgdXNlZCBpbiBleHBvcnRLZXkpXHJcbiAgICAgIFsnZW5jcnlwdCcsICdkZWNyeXB0J10gLy8gbXVzdCBiZSBbXCJlbmNyeXB0XCIsIFwiZGVjcnlwdFwiXSBvciBbXCJ3cmFwS2V5XCIsIFwidW53cmFwS2V5XCJdXHJcbiAgICApO1xyXG5cclxuICAgIGNvbnN0IGp3ayA9IGF3YWl0IHRoaXMuY3J5cHRvLnN1YnRsZS5leHBvcnRLZXkoJ2p3aycsIGtleS5wcml2YXRlS2V5KTtcclxuICAgIC8vIFJlbW92aW5nIHRoZSBmaWVsZHMgbm90IG5lZWRlZCBieSBub2RlLWpvc2VcclxuICAgIGRlbGV0ZSBqd2sua2V5X29wcztcclxuICAgIGRlbGV0ZSBqd2suZXh0O1xyXG5cclxuICAgIHJldHVybiBLZXlGYWN0b3J5U2VydmljZS5hc0tleShqd2spO1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgY3JlYXRlUGtjU2lnbktleSgpOiBQcm9taXNlPEpXSy5LZXk+IHtcclxuICAgIGNvbnN0IGtleSA9IGF3YWl0IHRoaXMuY3J5cHRvLnN1YnRsZS5nZW5lcmF0ZUtleShcclxuICAgICAge1xyXG4gICAgICAgIG5hbWU6ICdSU0FTU0EtUEtDUzEtdjFfNScsXHJcbiAgICAgICAgbW9kdWx1c0xlbmd0aDogMjA0OCwgLy8gY2FuIGJlIDEwMjQsIDIwNDgsIG9yIDQwOTZcclxuICAgICAgICAvLyBBcyBwZXIgc3VnZ2VzdGlvbjogaHR0cHM6Ly9kZXZlbG9wZXIubW96aWxsYS5vcmcvZW4tVVMvZG9jcy9XZWIvQVBJL1JzYUhhc2hlZEtleUdlblBhcmFtc1xyXG4gICAgICAgIHB1YmxpY0V4cG9uZW50OiBuZXcgVWludDhBcnJheShbMHgwMSwgMHgwMCwgMHgwMV0pLFxyXG4gICAgICAgIGhhc2g6IHsgbmFtZTogJ1NIQS0yNTYnIH0sIC8vIGNhbiBiZSBcIlNIQS0xXCIsIFwiU0hBLTI1NlwiLCBcIlNIQS0zODRcIiwgb3IgXCJTSEEtNTEyXCJcclxuICAgICAgfSxcclxuICAgICAgdHJ1ZSwgLy8gd2hldGhlciB0aGUga2V5IGlzIGV4dHJhY3RhYmxlIChpLmUuIGNhbiBiZSB1c2VkIGluIGV4cG9ydEtleSlcclxuICAgICAgWydzaWduJywgJ3ZlcmlmeSddIC8vIGNhbiBiZSBhbnkgY29tYmluYXRpb24gb2YgXCJzaWduXCIgYW5kIFwidmVyaWZ5XCJcclxuICAgICk7XHJcblxyXG4gICAgY29uc3QgandrID0gYXdhaXQgdGhpcy5jcnlwdG8uc3VidGxlLmV4cG9ydEtleSgnandrJywga2V5LnByaXZhdGVLZXkpO1xyXG5cclxuICAgIC8vIFJlbW92aW5nIHRoZSBmaWVsZHMgbm90IG5lZWRlZCBieSBub2RlLWpvc2VcclxuICAgIGRlbGV0ZSBqd2sua2V5X29wcztcclxuICAgIGRlbGV0ZSBqd2suZXh0O1xyXG5cclxuICAgIHJldHVybiBLZXlGYWN0b3J5U2VydmljZS5hc0tleShqd2spO1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgZGVyaXZlS2V5KHtcclxuICAgIHBhc3N3b3JkLFxyXG4gICAgc2FsdCxcclxuICAgIGl0ZXJhdGlvbnMsXHJcbiAgICBraWQsXHJcbiAgfToge1xyXG4gICAgcGFzc3dvcmQ6IHN0cmluZztcclxuICAgIHNhbHQ6IHN0cmluZztcclxuICAgIGl0ZXJhdGlvbnM6IG51bWJlcjtcclxuICAgIGtpZD86IHN0cmluZztcclxuICB9KTogUHJvbWlzZTxEZXJpdmVLZXlSZXN1bHQ+IHtcclxuICAgIGNvbnN0IGVuYyA9IG5ldyBUZXh0RW5jb2RlcigpO1xyXG4gICAgY29uc3QgcmF3S2V5ID0gYXdhaXQgdGhpcy5jcnlwdG8uc3VidGxlLmltcG9ydEtleShcclxuICAgICAgJ3JhdycsXHJcbiAgICAgIGVuYy5lbmNvZGUocGFzc3dvcmQpLFxyXG4gICAgICAnUEJLREYyJyxcclxuICAgICAgZmFsc2UsXHJcbiAgICAgIFsnZGVyaXZlQml0cycsICdkZXJpdmVLZXknXVxyXG4gICAgKTtcclxuXHJcbiAgICBjb25zdCBwYXNzS2V5ID0gYXdhaXQgY3J5cHRvLnN1YnRsZS5kZXJpdmVLZXkoXHJcbiAgICAgIHtcclxuICAgICAgICBuYW1lOiAnUEJLREYyJyxcclxuICAgICAgICBzYWx0OiBuZXcgVGV4dEVuY29kZXIoKS5lbmNvZGUoc2FsdCksXHJcbiAgICAgICAgaXRlcmF0aW9ucyxcclxuICAgICAgICBoYXNoOiAnU0hBLTI1NicsXHJcbiAgICAgIH0sXHJcbiAgICAgIHJhd0tleSxcclxuICAgICAgeyBuYW1lOiAnQUVTLUdDTScsIGxlbmd0aDogMjU2IH0sXHJcbiAgICAgIHRydWUsXHJcbiAgICAgIFsnZW5jcnlwdCcsICdkZWNyeXB0J11cclxuICAgICk7XHJcblxyXG4gICAgY29uc3QgcGFzc0tleUpzb246IGFueSA9IGF3YWl0IGNyeXB0by5zdWJ0bGUuZXhwb3J0S2V5KCdqd2snLCBwYXNzS2V5KTtcclxuICAgIGlmIChraWQpIHtcclxuICAgICAgcGFzc0tleUpzb24ua2lkID0ga2lkO1xyXG4gICAgfVxyXG5cclxuICAgIGNvbnN0IGp3ayA9IGF3YWl0IEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KHBhc3NLZXlKc29uKTtcclxuXHJcbiAgICByZXR1cm4geyBqd2sgfTtcclxuICB9XHJcblxyXG4gIGFzeW5jIGRlcml2ZVBhc3NJZHAocGFyYW1zOiBEZXJpdmVQYXNzSWRwUGFyYW1zKTogUHJvbWlzZTxEZXJpdmVLZXlSZXN1bHQ+IHtcclxuICAgIGlmIChwYXJhbXMuaXRlcmF0aW9ucyA8IHRoaXMuTUlOX1BBU1NfSURQX1BCS0RGX0lURVIpIHtcclxuICAgICAgdGhyb3cgbmV3IExyU3VzcGljaW91c0V4Y2VwdGlvbihcclxuICAgICAgICBgVGhlIG51bWJlciBvZiBQYXNzSWRwIGtleSBkZXJpdmF0aW9uIGl0ZXJhdGlvbnMgc2VudCBmcm9tIHRoZSBzZXJ2ZXIgKCR7cGFyYW1zLml0ZXJhdGlvbnN9KSBpcyBsb3dlciB0aGFuIHRoZSBtaW5pbXVtICgke3RoaXMuTUlOX1BBU1NfSURQX1BCS0RGX0lURVJ9KWBcclxuICAgICAgKTtcclxuICAgIH1cclxuICAgIHJldHVybiB0aGlzLmRlcml2ZUtleShwYXJhbXMpO1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgZGVyaXZlUGFzc0tleShwYXJhbXM6IERlcml2ZVBhc3NLZXlQYXJhbXMpOiBQcm9taXNlPERlcml2ZUtleVJlc3VsdD4ge1xyXG4gICAgaWYgKHBhcmFtcy5pdGVyYXRpb25zIDwgdGhpcy5NSU5fUEFTU19LRVlfUEJLREZfSVRFUikge1xyXG4gICAgICB0aHJvdyBuZXcgTHJTdXNwaWNpb3VzRXhjZXB0aW9uKFxyXG4gICAgICAgIGBUaGUgbnVtYmVyIG9mIFBhc3NLZXkga2V5IGRlcml2YXRpb24gaXRlcmF0aW9ucyBzZW50IGZyb20gdGhlIHNlcnZlcigke3BhcmFtcy5pdGVyYXRpb25zfSkgaXMgbG93ZXIgdGhhbiB0aGUgbWluaW11bSgke3RoaXMuTUlOX1BBU1NfS0VZX1BCS0RGX0lURVJ9KWBcclxuICAgICAgKTtcclxuICAgIH1cclxuICAgIHJldHVybiB0aGlzLmRlcml2ZUtleShwYXJhbXMpO1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgZGVyaXZlTGJvcEtleShwYXJhbXM6IERlcml2ZUxib3BLZXlQYXJhbXMpOiBQcm9taXNlPERlcml2ZUtleVJlc3VsdD4ge1xyXG4gICAgaWYgKHBhcmFtcy5pdGVyYXRpb25zIDwgdGhpcy5NSU5fTEJPUF9LRVlfUEJLREZfSVRFUikge1xyXG4gICAgICB0aHJvdyBuZXcgTHJTdXNwaWNpb3VzRXhjZXB0aW9uKFxyXG4gICAgICAgIGBUaGUgbnVtYmVyIG9mIExib3BLZXkga2V5IGRlcml2YXRpb24gaXRlcmF0aW9ucyBzZW50IGZyb20gdGhlIHNlcnZlcigke3BhcmFtcy5pdGVyYXRpb25zfSkgaXMgbG93ZXIgdGhhbiB0aGUgbWluaW11bSgke3RoaXMuTUlOX0xCT1BfS0VZX1BCS0RGX0lURVJ9KWBcclxuICAgICAgKTtcclxuICAgIH1cclxuICAgIHJldHVybiB0aGlzLmRlcml2ZUtleShwYXJhbXMpO1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgY3JlYXRlS2lkKCk6IFByb21pc2U8c3RyaW5nPiB7XHJcbiAgICAvLyB0b2RvOiBBWjogbm9kZS1qb3NlIHNvdXJjZSB1c2VzIG5vZGUncyBkZWZhdWx0IFVVSUQoKSBmdW5jdGlvbiBmb3Iga2lkLCBzbyBqdXN0IGNoYW5nZSB0byB1c2UgdGhhdC5cclxuICAgIC8vIGZvciBub3csIHdlIGFyZSBqdXN0IGNyZWF0aW5nIGEgbmV3IGtleSB0byB1c2UgaXQncyBraWQuXHJcbiAgICAvLyBUaGUga2lkIGlzIGEgcGFydCBvZiB0aGUgSldLIHN5c3RlbS4gTFIgYmFja2VuZCBtYWludGFpbnMgdGhlIGtleSBoaWVyYXJjaHkgc2VwYXJhdGVseSB3aXRoIGl0J3Mgb3duXHJcbiAgICAvLyBrZXkgaWQuIEJ1dCB3ZSBqdXN0IHVzZSBpdCBoZXJlIGFzIGEgZG91YmxlIGNoZWNrLlxyXG4gICAgcmV0dXJuIChhd2FpdCB0aGlzLmNyZWF0ZUtleSgpKS5raWQ7XHJcbiAgfVxyXG5cclxuICBhc3luYyBjcmVhdGVQYXNzSWRwUGFyYW1zKCk6IFByb21pc2U8UGFzc0lkcFBhcmFtcz4ge1xyXG4gICAgcmV0dXJuIHtcclxuICAgICAgc2FsdDogdGhpcy5jcmVhdGVTYWx0KCksXHJcbiAgICAgIGl0ZXJhdGlvbnM6IHRoaXMuREVGQVVMVF9QQVNTX0lEUF9QQktERl9JVEVSLFxyXG4gICAgfTtcclxuICB9XHJcblxyXG4gIGFzeW5jIGNyZWF0ZVBhc3NLZXlQYXJhbXMoKTogUHJvbWlzZTxQYXNzS2V5UGFyYW1zPiB7XHJcbiAgICByZXR1cm4ge1xyXG4gICAgICBzYWx0OiB0aGlzLmNyZWF0ZVNhbHQoKSxcclxuICAgICAga2lkOiBhd2FpdCB0aGlzLmNyZWF0ZUtpZCgpLFxyXG4gICAgICBpdGVyYXRpb25zOiB0aGlzLkRFRkFVTFRfUEFTU19LRVlfUEJLREZfSVRFUixcclxuICAgIH07XHJcbiAgfVxyXG5cclxuICBhc3luYyBjcmVhdGVMYm9wS2V5UGFyYW1zKCk6IFByb21pc2U8TGJvcEtleVBhcmFtcz4ge1xyXG4gICAgcmV0dXJuIHtcclxuICAgICAgc2FsdDogdGhpcy5jcmVhdGVTYWx0KCksXHJcbiAgICAgIC8vIHRvZG86IEFaOiBub2RlLWpvc2Ugc291cmNlIHVzZXMgbm9kZSdzIGRlZmF1bHQgVVVJRCgpIGZ1bmN0aW9uIGZvciBraWQsIHNvIGp1c3QgY2hhbmdlIHRvIHVzZSB0aGF0LlxyXG4gICAgICAvLyBmb3Igbm93LCB3ZSBhcmUganVzdCBjcmVhdGluZyBhIG5ldyBrZXkgdG8gdXNlIGl0J3Mga2lkLlxyXG4gICAgICAvLyBUaGUga2lkIGlzIGEgcGFydCBvZiB0aGUgSldLIHN5c3RlbS4gTFIgYmFja2VuZCBtYWludGFpbnMgdGhlIGtleSBoaWVyYXJjaHkgc2VwYXJhdGVseSB3aXRoIGl0J3Mgb3duXHJcbiAgICAgIC8vIGtleSBpZC4gQnV0IHdlIGp1c3QgdXNlIGl0IGhlcmUgYXMgYSBkb3VibGUgY2hlY2suXHJcbiAgICAgIGtpZDogYXdhaXQgdGhpcy5jcmVhdGVLaWQoKSxcclxuICAgICAgaXRlcmF0aW9uczogdGhpcy5ERUZBVUxUX1BBU1NfS0VZX1BCS0RGX0lURVIsXHJcbiAgICB9O1xyXG4gIH1cclxufVxyXG4iXX0=