@lifeready/core 0.6.0-beta.1

package/esm2015/lib/cryptography/key-graph.service.js

@@ -0,0 +1,280 @@
+import { __awaiter } from "tslib";
+import { Injectable } from '@angular/core';
+import graphlib, { Graph } from '@dagrejs/graphlib';
+import _ from 'lodash';
+import { LrException, LrEncryptionException, LrNotFoundException, LrBadArgumentException, } from '../_common/exceptions';
+import { EdgeType, NodeType, } from './cryptography.types';
+import { asJwk, EncryptionService, isSymmetricKey, } from './encryption.service';
+import { KeyFactoryService as KFS, } from './key-factory.service';
+import { KeyService } from './key.service';
+import * as i0 from "@angular/core";
+import * as i1 from "./encryption.service";
+import * as i2 from "./key.service";
+export class KeyGraphService {
+    // private keyCache: {
+    //   [id: string]: Key;
+    // };
+    constructor(encryptionService, keyService) {
+        this.encryptionService = encryptionService;
+        this.keyService = keyService;
+        this.purgeKeys();
+    }
+    purgeKeys() {
+        this.graph = new Graph();
+        // this.keyCache = null;
+    }
+    populateKeys(userKey) {
+        return __awaiter(this, void 0, void 0, function* () {
+            this.keyService.populateKeys({
+                passKey: userKey.passKey,
+                masterKey: yield this.keyService.loadMasterKey(userKey.masterKey.id),
+                rootKey: yield this.unwrapKey(userKey.masterKey.id, userKey.rootKey.id),
+                pxk: yield this.unwrapKey(userKey.masterKey.id, userKey.pxk.id),
+                sigPxk: yield this.unwrapKey(userKey.masterKey.id, userKey.sigPxk.id),
+            });
+        });
+    }
+    hasKey(keyId) {
+        return !!this.graph.node(keyId);
+    }
+    getNode(id, type) {
+        const node = this.graph.node(id);
+        if (!node) {
+            throw new LrNotFoundException(`Key graphs does not contain key id: ${id}`);
+        }
+        if (node.type !== type) {
+            throw new LrException({
+                message: `Key with id ${id} is not of type ${type}`,
+            });
+        }
+        return node.data;
+    }
+    key(id) {
+        return this.getNode(id, NodeType.Key);
+    }
+    passKey(id) {
+        return this.getNode(id, NodeType.PassKey);
+    }
+    addKeys(src) {
+        // Keys
+        if (src.keys) {
+            // What key graph returns can not be customized. So keys are essentially immutable.
+            // Therefore, if a key exists, there's no reason to update it.
+            for (const key of src.keys) {
+                // Note using Relay global id allows us to not worry about clashing node id
+                if (this.graph.hasNode(key.id)) {
+                    continue;
+                }
+                const node = {
+                    type: NodeType.Key,
+                    data: _.cloneDeep(key),
+                };
+                this.graph.setNode(key.id, node);
+            }
+        }
+        // KeyLinks
+        if (src.keyLinks) {
+            for (const keyLink of src.keyLinks) {
+                if (this.graph.hasEdge(keyLink.wrappingKeyId, keyLink.keyId)) {
+                    continue;
+                }
+                const edge = {
+                    type: EdgeType.KeyLink,
+                    data: _.cloneDeep(keyLink),
+                };
+                // Edge goes from wrapping key to wrapped key.
+                this.graph.setEdge(keyLink.wrappingKeyId, keyLink.keyId, edge);
+            }
+        }
+        // PassKeyLinks
+        if (src.passKeyLinks) {
+            for (const passKeyLink of src.passKeyLinks) {
+                if (this.graph.hasEdge(passKeyLink.passKeyId, passKeyLink.keyId)) {
+                    continue;
+                }
+                const edge = {
+                    type: EdgeType.PassKeyLink,
+                    data: _.cloneDeep(passKeyLink),
+                };
+                // Edge goes from wrapping key to wrapped key.
+                this.graph.setEdge(passKeyLink.passKeyId, passKeyLink.keyId, edge);
+            }
+        }
+        // The graph is the single source of truth. These are lazily calculated.
+        // this.keyCache = null;
+    }
+    tracePath(distances, keyId) {
+        // The node label is the same as the id of the key nodes.
+        const ret = [];
+        let node = keyId;
+        if (!distances[node].predecessor) {
+            return null;
+        }
+        while (distances[node].predecessor) {
+            const child = distances[node].predecessor;
+            ret.push(this.graph.edge(child, node));
+            node = child;
+        }
+        // After reverse, the first element is the passkey
+        ret.reverse();
+        return ret;
+    }
+    getPath(knownKeyId, keyId) {
+        if (!knownKeyId || typeof knownKeyId !== 'string') {
+            throw new LrEncryptionException(`Param knownKeyId wrong format: ${knownKeyId}`);
+        }
+        if (!keyId || typeof keyId !== 'string') {
+            throw new LrEncryptionException(`Param keyId wrong format: ${keyId}`);
+        }
+        // => { A: { distance: 0 },
+        //      B: { distance: 6, predecessor: 'C' },
+        //      C: { distance: 4, predecessor: 'A' },
+        //      D: { distance: 2, predecessor: 'A' },
+        //      E: { distance: 8, predecessor: 'F' },
+        //      F: { distance: 4, predecessor: 'D' } }
+        const distances = graphlib.alg.dijkstra(this.graph, knownKeyId);
+        // Trace path from keyId to knownKeyId
+        return this.tracePath(distances, keyId);
+    }
+    getJwkKey(keyOrId, getKeyIdCallback) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return (yield this.getKey(keyOrId, getKeyIdCallback)).jwk;
+        });
+    }
+    // We assume that when a keyId is fetched, the key graph
+    // for the key is also returned and merged into the client-side
+    // key graph. By insisting a keyId is returned instead of the
+    // actual key we ensure key-graph is consistent.
+    getKey(keyOrId, getKeyIdCallback) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let keyId = typeof keyOrId === 'string' ? keyOrId : keyOrId === null || keyOrId === void 0 ? void 0 : keyOrId.id;
+            if (!this.hasKey(keyId) && getKeyIdCallback) {
+                keyId = yield getKeyIdCallback();
+            }
+            // else, continue and let it fail.
+            const key = this.key(keyId);
+            if (key.jwk) {
+                return key;
+            }
+            else {
+                return this.unwrapKey(this.keyService.getCurrentMasterKey().id, keyId);
+            }
+        });
+    }
+    _unwrapLink(wrappingKey, link, dstKey) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // console.log("_unwrapLink:", link.data.keyId);
+            const wrappedKey = JSON.parse(link.data.wrappedKey);
+            // Signatures of keys contain the key itself. This way we only need
+            // to access the KeyLinks to decrypt/verify keys.
+            let nextRawKey;
+            if (wrappedKey.signatures) {
+                nextRawKey = yield this.encryptionService.verify(wrappingKey, wrappedKey);
+            }
+            else {
+                nextRawKey = yield this.encryptionService.decrypt(wrappingKey, wrappedKey);
+            }
+            dstKey.jwk = yield KFS.asKey(nextRawKey);
+            dstKey.task = null;
+        });
+    }
+    _unwrap(key, path) {
+        return __awaiter(this, void 0, void 0, function* () {
+            for (const link of path) {
+                const dstKey = this.key(link.data.keyId);
+                // console.log("key: ", link.data.keyId);
+                if (dstKey.jwk) {
+                    key = dstKey.jwk;
+                    // console.log("Returning cached key: ", link.data.keyId);
+                    continue;
+                }
+                if (!dstKey.task) {
+                    dstKey.task = this._unwrapLink(key, link, dstKey);
+                }
+                yield dstKey.task;
+                key = dstKey.jwk;
+            }
+            return key;
+        });
+    }
+    unwrapWithPassKey(passKeyId, passKey, keyId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Get path of the directory key.
+            const path = this.getPath(passKeyId, keyId);
+            return {
+                id: keyId,
+                jwk: yield this._unwrap(passKey, path),
+            };
+        });
+    }
+    unwrapKey(masterKeyId, keyId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // The first key should be a masterKey
+            const masterKey = yield this.keyService.loadMasterKey(masterKeyId);
+            if (masterKeyId === keyId) {
+                return masterKey;
+            }
+            // Get path of the directory key.
+            const path = this.getPath(masterKey.id, keyId);
+            return {
+                id: keyId,
+                jwk: yield this._unwrap(masterKey.jwk, path),
+            };
+        });
+    }
+    decryptFromString(keyOrId, cipherData, options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (cipherData) {
+                const key = yield this.getJwkKey(keyOrId);
+                return (yield this.encryptionService.decrypt(key, JSON.parse(cipherData), options));
+            }
+            return null;
+        });
+    }
+    decryptFile(keyId, file) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.getJwkKey(keyId);
+            return (yield this.encryptionService.decrypt(key, file, {
+                payloadType: 'ArrayBuffer',
+            }));
+        });
+    }
+    // TODO rename this to encrypt() and use as the most common usecase
+    encryptToString(key, content) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Empty string should be encrypted since you want to clear the field.
+            // Null is not encrypted because it's not valid JSON in the old JSON spec. Use
+            // empty string instead. It'll function as a logic false as well.
+            // Note that passing in empty string means it'll be encrypted which verifies
+            // it's integrity. But we still want to have a way to set the DB field
+            // to NULL, so we explicitly return null when content == null. A null
+            // variable in graphql mutation on KC server clears the field to NULL.
+            if (content == null) {
+                return null;
+            }
+            const jwk = asJwk(key) || (yield this.getJwkKey(key));
+            return this.encryptionService.encryptToString(jwk, content);
+        });
+    }
+    // Wraps a symmetric encryption key.
+    // Throws exception if wrapping public keys.
+    wrapKey(wrappingKey, key) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!isSymmetricKey(key)) {
+                throw new LrBadArgumentException('Only allowing wrapping of symmetric keys.');
+            }
+            return this.encryptToString(wrappingKey, key.toJSON(true));
+        });
+    }
+}
+KeyGraphService.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyGraphService_Factory() { return new KeyGraphService(i0.ɵɵinject(i1.EncryptionService), i0.ɵɵinject(i2.KeyService)); }, token: KeyGraphService, providedIn: "root" });
+KeyGraphService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+KeyGraphService.ctorParameters = () => [
+    { type: EncryptionService },
+    { type: KeyService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LWdyYXBoLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiQzovUHJvamVjdHMvdGVzdC9wcm9qZWN0cy9jb3JlL3NyYy8iLCJzb3VyY2VzIjpbImxpYi9jcnlwdG9ncmFwaHkva2V5LWdyYXBoLnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxlQUFlLENBQUM7QUFDM0MsT0FBTyxRQUFRLEVBQUUsRUFBRSxLQUFLLEVBQUUsTUFBTSxtQkFBbUIsQ0FBQztBQUNwRCxPQUFPLENBQUMsTUFBTSxRQUFRLENBQUM7QUFHdkIsT0FBTyxFQUNMLFdBQVcsRUFDWCxxQkFBcUIsRUFDckIsbUJBQW1CLEVBQ25CLHNCQUFzQixHQUN2QixNQUFNLHVCQUF1QixDQUFDO0FBQy9CLE9BQU8sRUFFTCxRQUFRLEVBSVIsUUFBUSxHQUVULE1BQU0sc0JBQXNCLENBQUM7QUFDOUIsT0FBTyxFQUNMLEtBQUssRUFFTCxpQkFBaUIsRUFDakIsY0FBYyxHQUNmLE1BQU0sc0JBQXNCLENBQUM7QUFDOUIsT0FBTyxFQUVMLGlCQUFpQixJQUFJLEdBQUcsR0FDekIsTUFBTSx1QkFBdUIsQ0FBQztBQUMvQixPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sZUFBZSxDQUFDOzs7O0FBUzNDLE1BQU0sT0FBTyxlQUFlO0lBRTFCLHNCQUFzQjtJQUN0Qix1QkFBdUI7SUFDdkIsS0FBSztJQUVMLFlBQ1UsaUJBQW9DLEVBQ3BDLFVBQXNCO1FBRHRCLHNCQUFpQixHQUFqQixpQkFBaUIsQ0FBbUI7UUFDcEMsZUFBVSxHQUFWLFVBQVUsQ0FBWTtRQUU5QixJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7SUFDbkIsQ0FBQztJQUVELFNBQVM7UUFDUCxJQUFJLENBQUMsS0FBSyxHQUFHLElBQUksS0FBSyxFQUFFLENBQUM7UUFDekIsd0JBQXdCO0lBQzFCLENBQUM7SUFFSyxZQUFZLENBQUMsT0FBdUI7O1lBQ3hDLElBQUksQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUFDO2dCQUMzQixPQUFPLEVBQUUsT0FBTyxDQUFDLE9BQU87Z0JBQ3hCLFNBQVMsRUFBRSxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDO2dCQUNwRSxPQUFPLEVBQUUsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsRUFBRSxFQUFFLE9BQU8sQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO2dCQUN2RSxHQUFHLEVBQUUsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsRUFBRSxFQUFFLE9BQU8sQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUMvRCxNQUFNLEVBQUUsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsRUFBRSxFQUFFLE9BQU8sQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDO2FBQ3RFLENBQUMsQ0FBQztRQUNMLENBQUM7S0FBQTtJQUVELE1BQU0sQ0FBQyxLQUFhO1FBQ2xCLE9BQU8sQ0FBQyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQ2xDLENBQUM7SUFFTyxPQUFPLENBQUMsRUFBRSxFQUFFLElBQUk7UUFDdEIsTUFBTSxJQUFJLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDakMsSUFBSSxDQUFDLElBQUksRUFBRTtZQUNULE1BQU0sSUFBSSxtQkFBbUIsQ0FDM0IsdUNBQXVDLEVBQUUsRUFBRSxDQUM1QyxDQUFDO1NBQ0g7UUFDRCxJQUFJLElBQUksQ0FBQyxJQUFJLEtBQUssSUFBSSxFQUFFO1lBQ3RCLE1BQU0sSUFBSSxXQUFXLENBQUM7Z0JBQ3BCLE9BQU8sRUFBRSxlQUFlLEVBQUUsbUJBQW1CLElBQUksRUFBRTthQUNwRCxDQUFDLENBQUM7U0FDSjtRQUNELE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQztJQUNuQixDQUFDO0lBRUQsR0FBRyxDQUFDLEVBQUU7UUFDSixPQUFPLElBQUksQ0FBQyxPQUFPLENBQUMsRUFBRSxFQUFFLFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQsT0FBTyxDQUFDLEVBQUU7UUFDUixPQUFPLElBQUksQ0FBQyxPQUFPLENBQUMsRUFBRSxFQUFFLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBRUQsT0FBTyxDQUFDLEdBQXFCO1FBQzNCLE9BQU87UUFDUCxJQUFJLEdBQUcsQ0FBQyxJQUFJLEVBQUU7WUFDWixtRkFBbUY7WUFDbkYsOERBQThEO1lBQzlELEtBQUssTUFBTSxHQUFHLElBQUksR0FBRyxDQUFDLElBQUksRUFBRTtnQkFDMUIsMkVBQTJFO2dCQUMzRSxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsRUFBRTtvQkFDOUIsU0FBUztpQkFDVjtnQkFFRCxNQUFNLElBQUksR0FBUztvQkFDakIsSUFBSSxFQUFFLFFBQVEsQ0FBQyxHQUFHO29CQUNsQixJQUFJLEVBQUUsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQUM7aUJBQ3ZCLENBQUM7Z0JBRUYsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLEVBQUUsRUFBRSxJQUFJLENBQUMsQ0FBQzthQUNsQztTQUNGO1FBRUQsV0FBVztRQUNYLElBQUksR0FBRyxDQUFDLFFBQVEsRUFBRTtZQUNoQixLQUFLLE1BQU0sT0FBTyxJQUFJLEdBQUcsQ0FBQyxRQUFRLEVBQUU7Z0JBQ2xDLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLGFBQWEsRUFBRSxPQUFPLENBQUMsS0FBSyxDQUFDLEVBQUU7b0JBQzVELFNBQVM7aUJBQ1Y7Z0JBRUQsTUFBTSxJQUFJLEdBQVM7b0JBQ2pCLElBQUksRUFBRSxRQUFRLENBQUMsT0FBTztvQkFDdEIsSUFBSSxFQUFFLENBQUMsQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDO2lCQUMzQixDQUFDO2dCQUNGLDhDQUE4QztnQkFDOUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLGFBQWEsRUFBRSxPQUFPLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDO2FBQ2hFO1NBQ0Y7UUFFRCxlQUFlO1FBQ2YsSUFBSSxHQUFHLENBQUMsWUFBWSxFQUFFO1lBQ3BCLEtBQUssTUFBTSxXQUFXLElBQUksR0FBRyxDQUFDLFlBQVksRUFBRTtnQkFDMUMsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsU0FBUyxFQUFFLFdBQVcsQ0FBQyxLQUFLLENBQUMsRUFBRTtvQkFDaEUsU0FBUztpQkFDVjtnQkFFRCxNQUFNLElBQUksR0FBUztvQkFDakIsSUFBSSxFQUFFLFFBQVEsQ0FBQyxXQUFXO29CQUMxQixJQUFJLEVBQUUsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxXQUFXLENBQUM7aUJBQy9CLENBQUM7Z0JBQ0YsOENBQThDO2dCQUM5QyxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsU0FBUyxFQUFFLFdBQVcsQ0FBQyxLQUFLLEVBQUUsSUFBSSxDQUFDLENBQUM7YUFDcEU7U0FDRjtRQUVELHdFQUF3RTtRQUN4RSx3QkFBd0I7SUFDMUIsQ0FBQztJQUVELFNBQVMsQ0FBQyxTQUFTLEVBQUUsS0FBYTtRQUNoQyx5REFBeUQ7UUFDekQsTUFBTSxHQUFHLEdBQVcsRUFBRSxDQUFDO1FBQ3ZCLElBQUksSUFBSSxHQUFHLEtBQUssQ0FBQztRQUNqQixJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDLFdBQVcsRUFBRTtZQUNoQyxPQUFPLElBQUksQ0FBQztTQUNiO1FBRUQsT0FBTyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUMsV0FBVyxFQUFFO1lBQ2xDLE1BQU0sS0FBSyxHQUFHLFNBQVMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxXQUFXLENBQUM7WUFDMUMsR0FBRyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxLQUFLLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQztZQUN2QyxJQUFJLEdBQUcsS0FBSyxDQUFDO1NBQ2Q7UUFFRCxrREFBa0Q7UUFDbEQsR0FBRyxDQUFDLE9BQU8sRUFBRSxDQUFDO1FBRWQsT0FBTyxHQUFHLENBQUM7SUFDYixDQUFDO0lBRUQsT0FBTyxDQUFDLFVBQWtCLEVBQUUsS0FBYTtRQUN2QyxJQUFJLENBQUMsVUFBVSxJQUFJLE9BQU8sVUFBVSxLQUFLLFFBQVEsRUFBRTtZQUNqRCxNQUFNLElBQUkscUJBQXFCLENBQzdCLGtDQUFrQyxVQUFVLEVBQUUsQ0FDL0MsQ0FBQztTQUNIO1FBQ0QsSUFBSSxDQUFDLEtBQUssSUFBSSxPQUFPLEtBQUssS0FBSyxRQUFRLEVBQUU7WUFDdkMsTUFBTSxJQUFJLHFCQUFxQixDQUFDLDZCQUE2QixLQUFLLEVBQUUsQ0FBQyxDQUFDO1NBQ3ZFO1FBRUQsMkJBQTJCO1FBQzNCLDZDQUE2QztRQUM3Qyw2Q0FBNkM7UUFDN0MsNkNBQTZDO1FBQzdDLDZDQUE2QztRQUM3Qyw4Q0FBOEM7UUFDOUMsTUFBTSxTQUFTLEdBQUcsUUFBUSxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLEtBQUssRUFBRSxVQUFVLENBQUMsQ0FBQztRQUVoRSxzQ0FBc0M7UUFDdEMsT0FBTyxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVMsRUFBRSxLQUFLLENBQUMsQ0FBQztJQUMxQyxDQUFDO0lBRUssU0FBUyxDQUNiLE9BQXFCLEVBQ3JCLGdCQUFpRDs7WUFFakQsT0FBTyxDQUFDLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLEVBQUUsZ0JBQWdCLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQztRQUM1RCxDQUFDO0tBQUE7SUFFRCx3REFBd0Q7SUFDeEQsK0RBQStEO0lBQy9ELDZEQUE2RDtJQUM3RCxnREFBZ0Q7SUFDMUMsTUFBTSxDQUNWLE9BQXFCLEVBQ3JCLGdCQUFpRDs7WUFFakQsSUFBSSxLQUFLLEdBQUcsT0FBTyxPQUFPLEtBQUssUUFBUSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLE9BQU8sYUFBUCxPQUFPLHVCQUFQLE9BQU8sQ0FBRSxFQUFFLENBQUM7WUFFaEUsSUFBSSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksZ0JBQWdCLEVBQUU7Z0JBQzNDLEtBQUssR0FBRyxNQUFNLGdCQUFnQixFQUFFLENBQUM7YUFDbEM7WUFDRCxrQ0FBa0M7WUFFbEMsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUM1QixJQUFJLEdBQUcsQ0FBQyxHQUFHLEVBQUU7Z0JBQ1gsT0FBTyxHQUFHLENBQUM7YUFDWjtpQkFBTTtnQkFDTCxPQUFPLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDLEVBQUUsRUFBRSxLQUFLLENBQUMsQ0FBQzthQUN4RTtRQUNILENBQUM7S0FBQTtJQUVhLFdBQVcsQ0FBQyxXQUFXLEVBQUUsSUFBSSxFQUFFLE1BQU07O1lBQ2pELGdEQUFnRDtZQUNoRCxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLENBQUM7WUFDcEQsbUVBQW1FO1lBQ25FLGlEQUFpRDtZQUNqRCxJQUFJLFVBQVUsQ0FBQztZQUNmLElBQUksVUFBVSxDQUFDLFVBQVUsRUFBRTtnQkFDekIsVUFBVSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE1BQU0sQ0FBQyxXQUFXLEVBQUUsVUFBVSxDQUFDLENBQUM7YUFDM0U7aUJBQU07Z0JBQ0wsVUFBVSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDL0MsV0FBVyxFQUNYLFVBQVUsQ0FDWCxDQUFDO2FBQ0g7WUFDRCxNQUFNLENBQUMsR0FBRyxHQUFHLE1BQU0sR0FBRyxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsQ0FBQztZQUN6QyxNQUFNLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQztRQUNyQixDQUFDO0tBQUE7SUFFYSxPQUFPLENBQUMsR0FBWSxFQUFFLElBQVk7O1lBQzlDLEtBQUssTUFBTSxJQUFJLElBQUksSUFBSSxFQUFFO2dCQUN2QixNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUM7Z0JBQ3pDLHlDQUF5QztnQkFDekMsSUFBSSxNQUFNLENBQUMsR0FBRyxFQUFFO29CQUNkLEdBQUcsR0FBRyxNQUFNLENBQUMsR0FBRyxDQUFDO29CQUNqQiwwREFBMEQ7b0JBQzFELFNBQVM7aUJBQ1Y7Z0JBRUQsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLEVBQUU7b0JBQ2hCLE1BQU0sQ0FBQyxJQUFJLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLEVBQUUsSUFBSSxFQUFFLE1BQU0sQ0FBQyxDQUFDO2lCQUNuRDtnQkFFRCxNQUFNLE1BQU0sQ0FBQyxJQUFJLENBQUM7Z0JBQ2xCLEdBQUcsR0FBRyxNQUFNLENBQUMsR0FBRyxDQUFDO2FBQ2xCO1lBRUQsT0FBTyxHQUFHLENBQUM7UUFDYixDQUFDO0tBQUE7SUFFWSxpQkFBaUIsQ0FDNUIsU0FBaUIsRUFDakIsT0FBZ0IsRUFDaEIsS0FBYTs7WUFFYixpQ0FBaUM7WUFDakMsTUFBTSxJQUFJLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsS0FBSyxDQUFDLENBQUM7WUFFNUMsT0FBTztnQkFDTCxFQUFFLEVBQUUsS0FBSztnQkFDVCxHQUFHLEVBQUUsTUFBTSxJQUFJLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUM7YUFDdkMsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVLLFNBQVMsQ0FBQyxXQUFtQixFQUFFLEtBQWE7O1lBQ2hELHNDQUFzQztZQUN0QyxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRW5FLElBQUksV0FBVyxLQUFLLEtBQUssRUFBRTtnQkFDekIsT0FBTyxTQUFTLENBQUM7YUFDbEI7WUFFRCxpQ0FBaUM7WUFDakMsTUFBTSxJQUFJLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsRUFBRSxFQUFFLEtBQUssQ0FBQyxDQUFDO1lBRS9DLE9BQU87Z0JBQ0wsRUFBRSxFQUFFLEtBQUs7Z0JBQ1QsR0FBRyxFQUFFLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsR0FBRyxFQUFFLElBQUksQ0FBQzthQUM3QyxDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRUssaUJBQWlCLENBQ3JCLE9BQXFCLEVBQ3JCLFVBQWtCLEVBQ2xCLE9BQXdCOztZQUV4QixJQUFJLFVBQVUsRUFBRTtnQkFDZCxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLENBQUM7Z0JBQzFDLE9BQU8sQ0FBQyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQzFDLEdBQUcsRUFDSCxJQUFJLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxFQUN0QixPQUFPLENBQ1IsQ0FBUSxDQUFDO2FBQ1g7WUFDRCxPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7S0FBQTtJQUVLLFdBQVcsQ0FBQyxLQUFhLEVBQUUsSUFBUzs7WUFDeEMsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxDQUFDO1lBQ3hDLE9BQU8sQ0FBQyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsR0FBRyxFQUFFLElBQUksRUFBRTtnQkFDdEQsV0FBVyxFQUFFLGFBQWE7YUFDM0IsQ0FBQyxDQUFRLENBQUM7UUFDYixDQUFDO0tBQUE7SUFFRCxtRUFBbUU7SUFDN0QsZUFBZSxDQUNuQixHQUEyQixFQUMzQixPQUFZOztZQUVaLHNFQUFzRTtZQUN0RSw4RUFBOEU7WUFDOUUsaUVBQWlFO1lBQ2pFLDRFQUE0RTtZQUM1RSxzRUFBc0U7WUFDdEUscUVBQXFFO1lBQ3JFLHNFQUFzRTtZQUN0RSxJQUFJLE9BQU8sSUFBSSxJQUFJLEVBQUU7Z0JBQ25CLE9BQU8sSUFBSSxDQUFDO2FBQ2I7WUFFRCxNQUFNLEdBQUcsR0FBRyxLQUFLLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsR0FBbUIsQ0FBQyxDQUFDLENBQUM7WUFDdEUsT0FBTyxJQUFJLENBQUMsaUJBQWlCLENBQUMsZUFBZSxDQUFDLEdBQUcsRUFBRSxPQUFPLENBQUMsQ0FBQztRQUM5RCxDQUFDO0tBQUE7SUFFRCxvQ0FBb0M7SUFDcEMsNENBQTRDO0lBQ3RDLE9BQU8sQ0FDWCxXQUFtQyxFQUNuQyxHQUFZOztZQUVaLElBQUksQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDLEVBQUU7Z0JBQ3hCLE1BQU0sSUFBSSxzQkFBc0IsQ0FDOUIsMkNBQTJDLENBQzVDLENBQUM7YUFDSDtZQUVELE9BQU8sSUFBSSxDQUFDLGVBQWUsQ0FBQyxXQUFXLEVBQUUsR0FBRyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO1FBQzdELENBQUM7S0FBQTs7OztZQXhURixVQUFVLFNBQUM7Z0JBQ1YsVUFBVSxFQUFFLE1BQU07YUFDbkI7OztZQWZDLGlCQUFpQjtZQU9WLFVBQVUiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBJbmplY3RhYmxlIH0gZnJvbSAnQGFuZ3VsYXIvY29yZSc7XHJcbmltcG9ydCBncmFwaGxpYiwgeyBHcmFwaCB9IGZyb20gJ0BkYWdyZWpzL2dyYXBobGliJztcclxuaW1wb3J0IF8gZnJvbSAnbG9kYXNoJztcclxuaW1wb3J0IHsgSldLIH0gZnJvbSAnbm9kZS1qb3NlJztcclxuaW1wb3J0IHsgQ3VycmVudFVzZXJLZXkgfSBmcm9tICcuLi91c2Vycy9wcm9maWxlLnR5cGVzJztcclxuaW1wb3J0IHtcclxuICBMckV4Y2VwdGlvbixcclxuICBMckVuY3J5cHRpb25FeGNlcHRpb24sXHJcbiAgTHJOb3RGb3VuZEV4Y2VwdGlvbixcclxuICBMckJhZEFyZ3VtZW50RXhjZXB0aW9uLFxyXG59IGZyb20gJy4uL19jb21tb24vZXhjZXB0aW9ucyc7XHJcbmltcG9ydCB7XHJcbiAgRWRnZSxcclxuICBFZGdlVHlwZSxcclxuICBLZXksXHJcbiAgS2V5R3JhcGhSZXNwb25zZSxcclxuICBOb2RlLFxyXG4gIE5vZGVUeXBlLFxyXG4gIFBhc3NLZXksXHJcbn0gZnJvbSAnLi9jcnlwdG9ncmFwaHkudHlwZXMnO1xyXG5pbXBvcnQge1xyXG4gIGFzSndrLFxyXG4gIERlY3J5cHRPcHRpb25zLFxyXG4gIEVuY3J5cHRpb25TZXJ2aWNlLFxyXG4gIGlzU3ltbWV0cmljS2V5LFxyXG59IGZyb20gJy4vZW5jcnlwdGlvbi5zZXJ2aWNlJztcclxuaW1wb3J0IHtcclxuICBLZXlGYWN0b3J5U2VydmljZSxcclxuICBLZXlGYWN0b3J5U2VydmljZSBhcyBLRlMsXHJcbn0gZnJvbSAnLi9rZXktZmFjdG9yeS5zZXJ2aWNlJztcclxuaW1wb3J0IHsgS2V5U2VydmljZSB9IGZyb20gJy4va2V5LnNlcnZpY2UnO1xyXG5cclxuZXhwb3J0IGludGVyZmFjZSBHcmFwaEtleSBleHRlbmRzIEtleSB7XHJcbiAgdGFzaz86IFByb21pc2U8YW55PjtcclxufVxyXG5cclxuQEluamVjdGFibGUoe1xyXG4gIHByb3ZpZGVkSW46ICdyb290JyxcclxufSlcclxuZXhwb3J0IGNsYXNzIEtleUdyYXBoU2VydmljZSB7XHJcbiAgcHJpdmF0ZSBncmFwaDogR3JhcGg7XHJcbiAgLy8gcHJpdmF0ZSBrZXlDYWNoZToge1xyXG4gIC8vICAgW2lkOiBzdHJpbmddOiBLZXk7XHJcbiAgLy8gfTtcclxuXHJcbiAgY29uc3RydWN0b3IoXHJcbiAgICBwcml2YXRlIGVuY3J5cHRpb25TZXJ2aWNlOiBFbmNyeXB0aW9uU2VydmljZSxcclxuICAgIHByaXZhdGUga2V5U2VydmljZTogS2V5U2VydmljZVxyXG4gICkge1xyXG4gICAgdGhpcy5wdXJnZUtleXMoKTtcclxuICB9XHJcblxyXG4gIHB1cmdlS2V5cygpIHtcclxuICAgIHRoaXMuZ3JhcGggPSBuZXcgR3JhcGgoKTtcclxuICAgIC8vIHRoaXMua2V5Q2FjaGUgPSBudWxsO1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgcG9wdWxhdGVLZXlzKHVzZXJLZXk6IEN1cnJlbnRVc2VyS2V5KSB7XHJcbiAgICB0aGlzLmtleVNlcnZpY2UucG9wdWxhdGVLZXlzKHtcclxuICAgICAgcGFzc0tleTogdXNlcktleS5wYXNzS2V5LFxyXG4gICAgICBtYXN0ZXJLZXk6IGF3YWl0IHRoaXMua2V5U2VydmljZS5sb2FkTWFzdGVyS2V5KHVzZXJLZXkubWFzdGVyS2V5LmlkKSxcclxuICAgICAgcm9vdEtleTogYXdhaXQgdGhpcy51bndyYXBLZXkodXNlcktleS5tYXN0ZXJLZXkuaWQsIHVzZXJLZXkucm9vdEtleS5pZCksXHJcbiAgICAgIHB4azogYXdhaXQgdGhpcy51bndyYXBLZXkodXNlcktleS5tYXN0ZXJLZXkuaWQsIHVzZXJLZXkucHhrLmlkKSxcclxuICAgICAgc2lnUHhrOiBhd2FpdCB0aGlzLnVud3JhcEtleSh1c2VyS2V5Lm1hc3RlcktleS5pZCwgdXNlcktleS5zaWdQeGsuaWQpLFxyXG4gICAgfSk7XHJcbiAgfVxyXG5cclxuICBoYXNLZXkoa2V5SWQ6IHN0cmluZykge1xyXG4gICAgcmV0dXJuICEhdGhpcy5ncmFwaC5ub2RlKGtleUlkKTtcclxuICB9XHJcblxyXG4gIHByaXZhdGUgZ2V0Tm9kZShpZCwgdHlwZSk6IEdyYXBoS2V5IHwgUGFzc0tleSB7XHJcbiAgICBjb25zdCBub2RlID0gdGhpcy5ncmFwaC5ub2RlKGlkKTtcclxuICAgIGlmICghbm9kZSkge1xyXG4gICAgICB0aHJvdyBuZXcgTHJOb3RGb3VuZEV4Y2VwdGlvbihcclxuICAgICAgICBgS2V5IGdyYXBocyBkb2VzIG5vdCBjb250YWluIGtleSBpZDogJHtpZH1gXHJcbiAgICAgICk7XHJcbiAgICB9XHJcbiAgICBpZiAobm9kZS50eXBlICE9PSB0eXBlKSB7XHJcbiAgICAgIHRocm93IG5ldyBMckV4Y2VwdGlvbih7XHJcbiAgICAgICAgbWVzc2FnZTogYEtleSB3aXRoIGlkICR7aWR9IGlzIG5vdCBvZiB0eXBlICR7dHlwZX1gLFxyXG4gICAgICB9KTtcclxuICAgIH1cclxuICAgIHJldHVybiBub2RlLmRhdGE7XHJcbiAgfVxyXG5cclxuICBrZXkoaWQpOiBHcmFwaEtleSB7XHJcbiAgICByZXR1cm4gdGhpcy5nZXROb2RlKGlkLCBOb2RlVHlwZS5LZXkpO1xyXG4gIH1cclxuXHJcbiAgcGFzc0tleShpZCk6IFBhc3NLZXkge1xyXG4gICAgcmV0dXJuIHRoaXMuZ2V0Tm9kZShpZCwgTm9kZVR5cGUuUGFzc0tleSk7XHJcbiAgfVxyXG5cclxuICBhZGRLZXlzKHNyYzogS2V5R3JhcGhSZXNwb25zZSkge1xyXG4gICAgLy8gS2V5c1xyXG4gICAgaWYgKHNyYy5rZXlzKSB7XHJcbiAgICAgIC8vIFdoYXQga2V5IGdyYXBoIHJldHVybnMgY2FuIG5vdCBiZSBjdXN0b21pemVkLiBTbyBrZXlzIGFyZSBlc3NlbnRpYWxseSBpbW11dGFibGUuXHJcbiAgICAgIC8vIFRoZXJlZm9yZSwgaWYgYSBrZXkgZXhpc3RzLCB0aGVyZSdzIG5vIHJlYXNvbiB0byB1cGRhdGUgaXQuXHJcbiAgICAgIGZvciAoY29uc3Qga2V5IG9mIHNyYy5rZXlzKSB7XHJcbiAgICAgICAgLy8gTm90ZSB1c2luZyBSZWxheSBnbG9iYWwgaWQgYWxsb3dzIHVzIHRvIG5vdCB3b3JyeSBhYm91dCBjbGFzaGluZyBub2RlIGlkXHJcbiAgICAgICAgaWYgKHRoaXMuZ3JhcGguaGFzTm9kZShrZXkuaWQpKSB7XHJcbiAgICAgICAgICBjb250aW51ZTtcclxuICAgICAgICB9XHJcblxyXG4gICAgICAgIGNvbnN0IG5vZGU6IE5vZGUgPSB7XHJcbiAgICAgICAgICB0eXBlOiBOb2RlVHlwZS5LZXksXHJcbiAgICAgICAgICBkYXRhOiBfLmNsb25lRGVlcChrZXkpLFxyXG4gICAgICAgIH07XHJcblxyXG4gICAgICAgIHRoaXMuZ3JhcGguc2V0Tm9kZShrZXkuaWQsIG5vZGUpO1xyXG4gICAgICB9XHJcbiAgICB9XHJcblxyXG4gICAgLy8gS2V5TGlua3NcclxuICAgIGlmIChzcmMua2V5TGlua3MpIHtcclxuICAgICAgZm9yIChjb25zdCBrZXlMaW5rIG9mIHNyYy5rZXlMaW5rcykge1xyXG4gICAgICAgIGlmICh0aGlzLmdyYXBoLmhhc0VkZ2Uoa2V5TGluay53cmFwcGluZ0tleUlkLCBrZXlMaW5rLmtleUlkKSkge1xyXG4gICAgICAgICAgY29udGludWU7XHJcbiAgICAgICAgfVxyXG5cclxuICAgICAgICBjb25zdCBlZGdlOiBFZGdlID0ge1xyXG4gICAgICAgICAgdHlwZTogRWRnZVR5cGUuS2V5TGluayxcclxuICAgICAgICAgIGRhdGE6IF8uY2xvbmVEZWVwKGtleUxpbmspLFxyXG4gICAgICAgIH07XHJcbiAgICAgICAgLy8gRWRnZSBnb2VzIGZyb20gd3JhcHBpbmcga2V5IHRvIHdyYXBwZWQga2V5LlxyXG4gICAgICAgIHRoaXMuZ3JhcGguc2V0RWRnZShrZXlMaW5rLndyYXBwaW5nS2V5SWQsIGtleUxpbmsua2V5SWQsIGVkZ2UpO1xyXG4gICAgICB9XHJcbiAgICB9XHJcblxyXG4gICAgLy8gUGFzc0tleUxpbmtzXHJcbiAgICBpZiAoc3JjLnBhc3NLZXlMaW5rcykge1xyXG4gICAgICBmb3IgKGNvbnN0IHBhc3NLZXlMaW5rIG9mIHNyYy5wYXNzS2V5TGlua3MpIHtcclxuICAgICAgICBpZiAodGhpcy5ncmFwaC5oYXNFZGdlKHBhc3NLZXlMaW5rLnBhc3NLZXlJZCwgcGFzc0tleUxpbmsua2V5SWQpKSB7XHJcbiAgICAgICAgICBjb250aW51ZTtcclxuICAgICAgICB9XHJcblxyXG4gICAgICAgIGNvbnN0IGVkZ2U6IEVkZ2UgPSB7XHJcbiAgICAgICAgICB0eXBlOiBFZGdlVHlwZS5QYXNzS2V5TGluayxcclxuICAgICAgICAgIGRhdGE6IF8uY2xvbmVEZWVwKHBhc3NLZXlMaW5rKSxcclxuICAgICAgICB9O1xyXG4gICAgICAgIC8vIEVkZ2UgZ29lcyBmcm9tIHdyYXBwaW5nIGtleSB0byB3cmFwcGVkIGtleS5cclxuICAgICAgICB0aGlzLmdyYXBoLnNldEVkZ2UocGFzc0tleUxpbmsucGFzc0tleUlkLCBwYXNzS2V5TGluay5rZXlJZCwgZWRnZSk7XHJcbiAgICAgIH1cclxuICAgIH1cclxuXHJcbiAgICAvLyBUaGUgZ3JhcGggaXMgdGhlIHNpbmdsZSBzb3VyY2Ugb2YgdHJ1dGguIFRoZXNlIGFyZSBsYXppbHkgY2FsY3VsYXRlZC5cclxuICAgIC8vIHRoaXMua2V5Q2FjaGUgPSBudWxsO1xyXG4gIH1cclxuXHJcbiAgdHJhY2VQYXRoKGRpc3RhbmNlcywga2V5SWQ6IHN0cmluZyk6IEVkZ2VbXSB7XHJcbiAgICAvLyBUaGUgbm9kZSBsYWJlbCBpcyB0aGUgc2FtZSBhcyB0aGUgaWQgb2YgdGhlIGtleSBub2Rlcy5cclxuICAgIGNvbnN0IHJldDogRWRnZVtdID0gW107XHJcbiAgICBsZXQgbm9kZSA9IGtleUlkO1xyXG4gICAgaWYgKCFkaXN0YW5jZXNbbm9kZV0ucHJlZGVjZXNzb3IpIHtcclxuICAgICAgcmV0dXJuIG51bGw7XHJcbiAgICB9XHJcblxyXG4gICAgd2hpbGUgKGRpc3RhbmNlc1tub2RlXS5wcmVkZWNlc3Nvcikge1xyXG4gICAgICBjb25zdCBjaGlsZCA9IGRpc3RhbmNlc1tub2RlXS5wcmVkZWNlc3NvcjtcclxuICAgICAgcmV0LnB1c2godGhpcy5ncmFwaC5lZGdlKGNoaWxkLCBub2RlKSk7XHJcbiAgICAgIG5vZGUgPSBjaGlsZDtcclxuICAgIH1cclxuXHJcbiAgICAvLyBBZnRlciByZXZlcnNlLCB0aGUgZmlyc3QgZWxlbWVudCBpcyB0aGUgcGFzc2tleVxyXG4gICAgcmV0LnJldmVyc2UoKTtcclxuXHJcbiAgICByZXR1cm4gcmV0O1xyXG4gIH1cclxuXHJcbiAgZ2V0UGF0aChrbm93bktleUlkOiBzdHJpbmcsIGtleUlkOiBzdHJpbmcpOiBFZGdlW10ge1xyXG4gICAgaWYgKCFrbm93bktleUlkIHx8IHR5cGVvZiBrbm93bktleUlkICE9PSAnc3RyaW5nJykge1xyXG4gICAgICB0aHJvdyBuZXcgTHJFbmNyeXB0aW9uRXhjZXB0aW9uKFxyXG4gICAgICAgIGBQYXJhbSBrbm93bktleUlkIHdyb25nIGZvcm1hdDogJHtrbm93bktleUlkfWBcclxuICAgICAgKTtcclxuICAgIH1cclxuICAgIGlmICgha2V5SWQgfHwgdHlwZW9mIGtleUlkICE9PSAnc3RyaW5nJykge1xyXG4gICAgICB0aHJvdyBuZXcgTHJFbmNyeXB0aW9uRXhjZXB0aW9uKGBQYXJhbSBrZXlJZCB3cm9uZyBmb3JtYXQ6ICR7a2V5SWR9YCk7XHJcbiAgICB9XHJcblxyXG4gICAgLy8gPT4geyBBOiB7IGRpc3RhbmNlOiAwIH0sXHJcbiAgICAvLyAgICAgIEI6IHsgZGlzdGFuY2U6IDYsIHByZWRlY2Vzc29yOiAnQycgfSxcclxuICAgIC8vICAgICAgQzogeyBkaXN0YW5jZTogNCwgcHJlZGVjZXNzb3I6ICdBJyB9LFxyXG4gICAgLy8gICAgICBEOiB7IGRpc3RhbmNlOiAyLCBwcmVkZWNlc3NvcjogJ0EnIH0sXHJcbiAgICAvLyAgICAgIEU6IHsgZGlzdGFuY2U6IDgsIHByZWRlY2Vzc29yOiAnRicgfSxcclxuICAgIC8vICAgICAgRjogeyBkaXN0YW5jZTogNCwgcHJlZGVjZXNzb3I6ICdEJyB9IH1cclxuICAgIGNvbnN0IGRpc3RhbmNlcyA9IGdyYXBobGliLmFsZy5kaWprc3RyYSh0aGlzLmdyYXBoLCBrbm93bktleUlkKTtcclxuXHJcbiAgICAvLyBUcmFjZSBwYXRoIGZyb20ga2V5SWQgdG8ga25vd25LZXlJZFxyXG4gICAgcmV0dXJuIHRoaXMudHJhY2VQYXRoKGRpc3RhbmNlcywga2V5SWQpO1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgZ2V0SndrS2V5KFxyXG4gICAga2V5T3JJZDogc3RyaW5nIHwgS2V5LFxyXG4gICAgZ2V0S2V5SWRDYWxsYmFjaz86ICgpID0+IFByb21pc2U8c3RyaW5nPiB8IHN0cmluZ1xyXG4gICk6IFByb21pc2U8SldLLktleT4ge1xyXG4gICAgcmV0dXJuIChhd2FpdCB0aGlzLmdldEtleShrZXlPcklkLCBnZXRLZXlJZENhbGxiYWNrKSkuandrO1xyXG4gIH1cclxuXHJcbiAgLy8gV2UgYXNzdW1lIHRoYXQgd2hlbiBhIGtleUlkIGlzIGZldGNoZWQsIHRoZSBrZXkgZ3JhcGhcclxuICAvLyBmb3IgdGhlIGtleSBpcyBhbHNvIHJldHVybmVkIGFuZCBtZXJnZWQgaW50byB0aGUgY2xpZW50LXNpZGVcclxuICAvLyBrZXkgZ3JhcGguIEJ5IGluc2lzdGluZyBhIGtleUlkIGlzIHJldHVybmVkIGluc3RlYWQgb2YgdGhlXHJcbiAgLy8gYWN0dWFsIGtleSB3ZSBlbnN1cmUga2V5LWdyYXBoIGlzIGNvbnNpc3RlbnQuXHJcbiAgYXN5bmMgZ2V0S2V5KFxyXG4gICAga2V5T3JJZDogc3RyaW5nIHwgS2V5LFxyXG4gICAgZ2V0S2V5SWRDYWxsYmFjaz86ICgpID0+IFByb21pc2U8c3RyaW5nPiB8IHN0cmluZ1xyXG4gICk6IFByb21pc2U8S2V5PiB7XHJcbiAgICBsZXQga2V5SWQgPSB0eXBlb2Yga2V5T3JJZCA9PT0gJ3N0cmluZycgPyBrZXlPcklkIDoga2V5T3JJZD8uaWQ7XHJcblxyXG4gICAgaWYgKCF0aGlzLmhhc0tleShrZXlJZCkgJiYgZ2V0S2V5SWRDYWxsYmFjaykge1xyXG4gICAgICBrZXlJZCA9IGF3YWl0IGdldEtleUlkQ2FsbGJhY2soKTtcclxuICAgIH1cclxuICAgIC8vIGVsc2UsIGNvbnRpbnVlIGFuZCBsZXQgaXQgZmFpbC5cclxuXHJcbiAgICBjb25zdCBrZXkgPSB0aGlzLmtleShrZXlJZCk7XHJcbiAgICBpZiAoa2V5Lmp3aykge1xyXG4gICAgICByZXR1cm4ga2V5O1xyXG4gICAgfSBlbHNlIHtcclxuICAgICAgcmV0dXJuIHRoaXMudW53cmFwS2V5KHRoaXMua2V5U2VydmljZS5nZXRDdXJyZW50TWFzdGVyS2V5KCkuaWQsIGtleUlkKTtcclxuICAgIH1cclxuICB9XHJcblxyXG4gIHByaXZhdGUgYXN5bmMgX3Vud3JhcExpbmsod3JhcHBpbmdLZXksIGxpbmssIGRzdEtleSkge1xyXG4gICAgLy8gY29uc29sZS5sb2coXCJfdW53cmFwTGluazpcIiwgbGluay5kYXRhLmtleUlkKTtcclxuICAgIGNvbnN0IHdyYXBwZWRLZXkgPSBKU09OLnBhcnNlKGxpbmsuZGF0YS53cmFwcGVkS2V5KTtcclxuICAgIC8vIFNpZ25hdHVyZXMgb2Yga2V5cyBjb250YWluIHRoZSBrZXkgaXRzZWxmLiBUaGlzIHdheSB3ZSBvbmx5IG5lZWRcclxuICAgIC8vIHRvIGFjY2VzcyB0aGUgS2V5TGlua3MgdG8gZGVjcnlwdC92ZXJpZnkga2V5cy5cclxuICAgIGxldCBuZXh0UmF3S2V5O1xyXG4gICAgaWYgKHdyYXBwZWRLZXkuc2lnbmF0dXJlcykge1xyXG4gICAgICBuZXh0UmF3S2V5ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS52ZXJpZnkod3JhcHBpbmdLZXksIHdyYXBwZWRLZXkpO1xyXG4gICAgfSBlbHNlIHtcclxuICAgICAgbmV4dFJhd0tleSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZGVjcnlwdChcclxuICAgICAgICB3cmFwcGluZ0tleSxcclxuICAgICAgICB3cmFwcGVkS2V5XHJcbiAgICAgICk7XHJcbiAgICB9XHJcbiAgICBkc3RLZXkuandrID0gYXdhaXQgS0ZTLmFzS2V5KG5leHRSYXdLZXkpO1xyXG4gICAgZHN0S2V5LnRhc2sgPSBudWxsO1xyXG4gIH1cclxuXHJcbiAgcHJpdmF0ZSBhc3luYyBfdW53cmFwKGtleTogSldLLktleSwgcGF0aDogRWRnZVtdKTogUHJvbWlzZTxKV0suS2V5PiB7XHJcbiAgICBmb3IgKGNvbnN0IGxpbmsgb2YgcGF0aCkge1xyXG4gICAgICBjb25zdCBkc3RLZXkgPSB0aGlzLmtleShsaW5rLmRhdGEua2V5SWQpO1xyXG4gICAgICAvLyBjb25zb2xlLmxvZyhcImtleTogXCIsIGxpbmsuZGF0YS5rZXlJZCk7XHJcbiAgICAgIGlmIChkc3RLZXkuandrKSB7XHJcbiAgICAgICAga2V5ID0gZHN0S2V5Lmp3aztcclxuICAgICAgICAvLyBjb25zb2xlLmxvZyhcIlJldHVybmluZyBjYWNoZWQga2V5OiBcIiwgbGluay5kYXRhLmtleUlkKTtcclxuICAgICAgICBjb250aW51ZTtcclxuICAgICAgfVxyXG5cclxuICAgICAgaWYgKCFkc3RLZXkudGFzaykge1xyXG4gICAgICAgIGRzdEtleS50YXNrID0gdGhpcy5fdW53cmFwTGluayhrZXksIGxpbmssIGRzdEtleSk7XHJcbiAgICAgIH1cclxuXHJcbiAgICAgIGF3YWl0IGRzdEtleS50YXNrO1xyXG4gICAgICBrZXkgPSBkc3RLZXkuandrO1xyXG4gICAgfVxyXG5cclxuICAgIHJldHVybiBrZXk7XHJcbiAgfVxyXG5cclxuICBwdWJsaWMgYXN5bmMgdW53cmFwV2l0aFBhc3NLZXkoXHJcbiAgICBwYXNzS2V5SWQ6IHN0cmluZyxcclxuICAgIHBhc3NLZXk6IEpXSy5LZXksXHJcbiAgICBrZXlJZDogc3RyaW5nXHJcbiAgKTogUHJvbWlzZTxLZXk+IHtcclxuICAgIC8vIEdldCBwYXRoIG9mIHRoZSBkaXJlY3Rvcnkga2V5LlxyXG4gICAgY29uc3QgcGF0aCA9IHRoaXMuZ2V0UGF0aChwYXNzS2V5SWQsIGtleUlkKTtcclxuXHJcbiAgICByZXR1cm4ge1xyXG4gICAgICBpZDoga2V5SWQsXHJcbiAgICAgIGp3azogYXdhaXQgdGhpcy5fdW53cmFwKHBhc3NLZXksIHBhdGgpLFxyXG4gICAgfTtcclxuICB9XHJcblxyXG4gIGFzeW5jIHVud3JhcEtleShtYXN0ZXJLZXlJZDogc3RyaW5nLCBrZXlJZDogc3RyaW5nKTogUHJvbWlzZTxLZXk+IHtcclxuICAgIC8vIFRoZSBmaXJzdCBrZXkgc2hvdWxkIGJlIGEgbWFzdGVyS2V5XHJcbiAgICBjb25zdCBtYXN0ZXJLZXkgPSBhd2FpdCB0aGlzLmtleVNlcnZpY2UubG9hZE1hc3RlcktleShtYXN0ZXJLZXlJZCk7XHJcblxyXG4gICAgaWYgKG1hc3RlcktleUlkID09PSBrZXlJZCkge1xyXG4gICAgICByZXR1cm4gbWFzdGVyS2V5O1xyXG4gICAgfVxyXG5cclxuICAgIC8vIEdldCBwYXRoIG9mIHRoZSBkaXJlY3Rvcnkga2V5LlxyXG4gICAgY29uc3QgcGF0aCA9IHRoaXMuZ2V0UGF0aChtYXN0ZXJLZXkuaWQsIGtleUlkKTtcclxuXHJcbiAgICByZXR1cm4ge1xyXG4gICAgICBpZDoga2V5SWQsXHJcbiAgICAgIGp3azogYXdhaXQgdGhpcy5fdW53cmFwKG1hc3RlcktleS5qd2ssIHBhdGgpLFxyXG4gICAgfTtcclxuICB9XHJcblxyXG4gIGFzeW5jIGRlY3J5cHRGcm9tU3RyaW5nPFQ+KFxyXG4gICAga2V5T3JJZDogc3RyaW5nIHwgS2V5LFxyXG4gICAgY2lwaGVyRGF0YTogc3RyaW5nLFxyXG4gICAgb3B0aW9ucz86IERlY3J5cHRPcHRpb25zXHJcbiAgKTogUHJvbWlzZTxUPiB7XHJcbiAgICBpZiAoY2lwaGVyRGF0YSkge1xyXG4gICAgICBjb25zdCBrZXkgPSBhd2FpdCB0aGlzLmdldEp3a0tleShrZXlPcklkKTtcclxuICAgICAgcmV0dXJuIChhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoXHJcbiAgICAgICAga2V5LFxyXG4gICAgICAgIEpTT04ucGFyc2UoY2lwaGVyRGF0YSksXHJcbiAgICAgICAgb3B0aW9uc1xyXG4gICAgICApKSBhcyBhbnk7XHJcbiAgICB9XHJcbiAgICByZXR1cm4gbnVsbDtcclxuICB9XHJcblxyXG4gIGFzeW5jIGRlY3J5cHRGaWxlKGtleUlkOiBzdHJpbmcsIGZpbGU6IGFueSk6IFByb21pc2U8YW55PiB7XHJcbiAgICBjb25zdCBrZXkgPSBhd2FpdCB0aGlzLmdldEp3a0tleShrZXlJZCk7XHJcbiAgICByZXR1cm4gKGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZGVjcnlwdChrZXksIGZpbGUsIHtcclxuICAgICAgcGF5bG9hZFR5cGU6ICdBcnJheUJ1ZmZlcicsXHJcbiAgICB9KSkgYXMgYW55O1xyXG4gIH1cclxuXHJcbiAgLy8gVE9ETyByZW5hbWUgdGhpcyB0byBlbmNyeXB0KCkgYW5kIHVzZSBhcyB0aGUgbW9zdCBjb21tb24gdXNlY2FzZVxyXG4gIGFzeW5jIGVuY3J5cHRUb1N0cmluZyhcclxuICAgIGtleTogc3RyaW5nIHwgS2V5IHwgSldLLktleSxcclxuICAgIGNvbnRlbnQ6IGFueVxyXG4gICk6IFByb21pc2U8c3RyaW5nPiB7XHJcbiAgICAvLyBFbXB0eSBzdHJpbmcgc2hvdWxkIGJlIGVuY3J5cHRlZCBzaW5jZSB5b3Ugd2FudCB0byBjbGVhciB0aGUgZmllbGQuXHJcbiAgICAvLyBOdWxsIGlzIG5vdCBlbmNyeXB0ZWQgYmVjYXVzZSBpdCdzIG5vdCB2YWxpZCBKU09OIGluIHRoZSBvbGQgSlNPTiBzcGVjLiBVc2VcclxuICAgIC8vIGVtcHR5IHN0cmluZyBpbnN0ZWFkLiBJdCdsbCBmdW5jdGlvbiBhcyBhIGxvZ2ljIGZhbHNlIGFzIHdlbGwuXHJcbiAgICAvLyBOb3RlIHRoYXQgcGFzc2luZyBpbiBlbXB0eSBzdHJpbmcgbWVhbnMgaXQnbGwgYmUgZW5jcnlwdGVkIHdoaWNoIHZlcmlmaWVzXHJcbiAgICAvLyBpdCdzIGludGVncml0eS4gQnV0IHdlIHN0aWxsIHdhbnQgdG8gaGF2ZSBhIHdheSB0byBzZXQgdGhlIERCIGZpZWxkXHJcbiAgICAvLyB0byBOVUxMLCBzbyB3ZSBleHBsaWNpdGx5IHJldHVybiBudWxsIHdoZW4gY29udGVudCA9PSBudWxsLiBBIG51bGxcclxuICAgIC8vIHZhcmlhYmxlIGluIGdyYXBocWwgbXV0YXRpb24gb24gS0Mgc2VydmVyIGNsZWFycyB0aGUgZmllbGQgdG8gTlVMTC5cclxuICAgIGlmIChjb250ZW50ID09IG51bGwpIHtcclxuICAgICAgcmV0dXJuIG51bGw7XHJcbiAgICB9XHJcblxyXG4gICAgY29uc3QgandrID0gYXNKd2soa2V5KSB8fCAoYXdhaXQgdGhpcy5nZXRKd2tLZXkoa2V5IGFzIHN0cmluZyB8IEtleSkpO1xyXG4gICAgcmV0dXJuIHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdFRvU3RyaW5nKGp3aywgY29udGVudCk7XHJcbiAgfVxyXG5cclxuICAvLyBXcmFwcyBhIHN5bW1ldHJpYyBlbmNyeXB0aW9uIGtleS5cclxuICAvLyBUaHJvd3MgZXhjZXB0aW9uIGlmIHdyYXBwaW5nIHB1YmxpYyBrZXlzLlxyXG4gIGFzeW5jIHdyYXBLZXk8VD4oXHJcbiAgICB3cmFwcGluZ0tleTogc3RyaW5nIHwgS2V5IHwgSldLLktleSxcclxuICAgIGtleTogSldLLktleVxyXG4gICk6IFByb21pc2U8c3RyaW5nPiB7XHJcbiAgICBpZiAoIWlzU3ltbWV0cmljS2V5KGtleSkpIHtcclxuICAgICAgdGhyb3cgbmV3IExyQmFkQXJndW1lbnRFeGNlcHRpb24oXHJcbiAgICAgICAgJ09ubHkgYWxsb3dpbmcgd3JhcHBpbmcgb2Ygc3ltbWV0cmljIGtleXMuJ1xyXG4gICAgICApO1xyXG4gICAgfVxyXG5cclxuICAgIHJldHVybiB0aGlzLmVuY3J5cHRUb1N0cmluZyh3cmFwcGluZ0tleSwga2V5LnRvSlNPTih0cnVlKSk7XHJcbiAgfVxyXG5cclxuICAvLyBUT0RPXHJcbiAgLy8gYXN5bmMgd3JhcFB1YmxpY0tleTxUPigpO1xyXG4gIC8vIGFzeW5jIHdyYXBQcml2YXRlS2V5PFQ+KCk7XHJcbn1cclxuIl19

package/esm2015/lib/cryptography/key-meta.service.js

@@ -0,0 +1,200 @@
+import { __awaiter } from "tslib";
+import { Injectable } from '@angular/core';
+import { LrApolloService } from '../api/lr-apollo.service';
+import { GetCategoryKeyIdQuery } from '../category/category.gql';
+import { EncryptionService, } from './encryption.service';
+import { KeyFactoryService } from './key-factory.service';
+import { KeyGraphService } from './key-graph.service';
+import { KeyService } from './key.service';
+import * as i0 from "@angular/core";
+import * as i1 from "./encryption.service";
+import * as i2 from "./key-graph.service";
+import * as i3 from "../api/lr-apollo.service";
+import * as i4 from "./key.service";
+import * as i5 from "./key-factory.service";
+export class WrappedContent {
+}
+export class WrappingKey {
+}
+export class KeyMetaService {
+    constructor(encryptionService, keyGraph, lrApollo, keyService, keyFactory) {
+        this.encryptionService = encryptionService;
+        this.keyGraph = keyGraph;
+        this.lrApollo = lrApollo;
+        this.keyService = keyService;
+        this.keyFactory = keyFactory;
+    }
+    // async decryptFromString<T>(
+    //   keyOrId: string | Key,
+    //   cipherData: string,
+    //   options?: DecryptOptions
+    // ): Promise<T> {
+    //   if (cipherData) {
+    //     const key = await this.keyGraphService.getJwkKey(keyOrId);
+    //     return (await this.encryptionService.decrypt(
+    //       key,
+    //       JSON.parse(cipherData),
+    //       options
+    //     )) as any;
+    //   }
+    //   return null;
+    // }
+    decryptMeta(metaHaver) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (metaHaver.cipherMeta) {
+                const key = yield this.keyGraph.getJwkKey(metaHaver.keyId);
+                return (yield this.encryptionService.decrypt(key, JSON.parse(metaHaver.cipherMeta)));
+            }
+            return null;
+        });
+    }
+    // async decryptFile(keyId: string, file: any): Promise<any> {
+    //   const key = await this.keyGraphService.getJwkKey(keyId);
+    //   return (await this.encryptionService.decrypt(key, file, {
+    //     payloadType: 'ArrayBuffer',
+    //   })) as any;
+    // }
+    // // TODO rename this to encrypt() and use as the most common usecase
+    // async encryptToString(
+    //   key: string | Key | JWK.Key,
+    //   content: any
+    // ): Promise<string> {
+    //   // Empty string should be encrypted since you want to clear the field.
+    //   // Null is not encrypted because it's not valid JSON in the old JSON spec. Use
+    //   // empty string instead. It'll function as a logic false as well.
+    //   // Note that passing in empty string means it'll be encrypted which verifies
+    //   // it's integrity. But we still want to have a way to set the DB field
+    //   // to NULL, so we explicitly return null when content == null. A null
+    //   // variable in graphql mutation on KC server clears the field to NULL.
+    //   if (content == null) {
+    //     return null;
+    //   }
+    //   const jwk =
+    //     asJwk(key) || (await this.keyGraphService.getJwkKey(key as string | Key));
+    //   return JSON.stringify(await this.encryptionService.encrypt(jwk, content));
+    // }
+    // // Wraps a symmetric encryption key.
+    // // Throws exception if wrapping public keys.
+    // async wrapKey<T>(
+    //   wrappingKey: string | Key | JWK.Key,
+    //   key: JWK.Key
+    // ): Promise<string> {
+    //   if (!isSymmetricKey(key)) {
+    //     throw new LrBadArgumentException(
+    //       'Only allowing wrapping of symmetric keys.'
+    //     );
+    //   }
+    //   return this.encryptToString(wrappingKey, key.toJSON(true));
+    // }
+    // // TODO
+    // // async wrapPublicKey<T>();
+    // // async wrapPrivateKey<T>();
+    doubleWrapContent(secureContent, categoryIds, fileContent) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.keyFactory.createKey();
+            const wrappedContent = yield this.wrapContent(key.toJSON(true), categoryIds);
+            return {
+                rootKey: wrappedContent.rootKey,
+                wrappedKeys: wrappedContent.wrappedKeys,
+                doubleWrappedKey: wrappedContent.cipherMeta,
+                cipherMeta: secureContent
+                    ? JSON.stringify(yield this.encryptionService.encrypt(key, secureContent))
+                    : null,
+                cipherFileContent: fileContent
+                    ? JSON.stringify(yield this.encryptionService.encrypt(key, fileContent))
+                    : null,
+            };
+        });
+    }
+    reWrapContent(keyId, secureContent) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.keyGraph.getJwkKey(keyId);
+            const newKey = yield this.keyFactory.createKey();
+            return {
+                doubleWrappedKey: JSON.stringify(yield this.encryptionService.encrypt(key, newKey.toJSON(true))),
+                cipherMeta: secureContent
+                    ? JSON.stringify(yield this.encryptionService.encrypt(newKey, secureContent))
+                    : null,
+            };
+        });
+    }
+    wrapContent(secureContent, categoryIds) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.keyFactory.createKey();
+            let wrappedKeys;
+            let rootWrappingKey;
+            if (categoryIds && categoryIds.length) {
+                wrappedKeys = yield Promise.all(categoryIds.map((categoryId) => __awaiter(this, void 0, void 0, function* () {
+                    const parentKey = yield this.getCategoryKeyId(categoryId);
+                    const wrappedKey = JSON.stringify(yield this.encryptionService.encrypt(parentKey.key, key.toJSON(true)));
+                    return {
+                        directoryId: categoryId,
+                        wrappingKeyId: parentKey.keyId,
+                        wrappedKey,
+                    };
+                })));
+            }
+            else {
+                // Adding to root directory
+                const rootKey = this.keyService.getCurrentRootKey();
+                const wrappedKey = JSON.stringify(yield this.encryptionService.encrypt(rootKey.jwk, key.toJSON(true)));
+                rootWrappingKey = {
+                    wrappingKeyId: rootKey.id,
+                    wrappedKey,
+                };
+            }
+            return {
+                key,
+                rootKey: rootWrappingKey,
+                wrappedKeys,
+                cipherMeta: secureContent
+                    ? JSON.stringify(yield this.encryptionService.encrypt(key, secureContent))
+                    : null,
+            };
+        });
+    }
+    wrapContentWithKey(secureContent, keyId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.keyFactory.createKey();
+            const wrappedKey = yield this.keyGraph.encryptToString(keyId, key.toJSON(true));
+            return {
+                key,
+                rootKey: {
+                    wrappingKeyId: keyId,
+                    wrappedKey,
+                },
+                cipherMeta: secureContent
+                    ? JSON.stringify(yield this.encryptionService.encrypt(key, secureContent))
+                    : null,
+            };
+        });
+    }
+    getCategoryKeyId(categoryId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { category } = yield this.lrApollo.query({
+                query: GetCategoryKeyIdQuery,
+                variables: {
+                    id: categoryId,
+                },
+            });
+            return {
+                keyId: category.keyId,
+                key: yield this.keyGraph.getJwkKey(category.keyId),
+            };
+        });
+    }
+}
+KeyMetaService.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyMetaService_Factory() { return new KeyMetaService(i0.ɵɵinject(i1.EncryptionService), i0.ɵɵinject(i2.KeyGraphService), i0.ɵɵinject(i3.LrApolloService), i0.ɵɵinject(i4.KeyService), i0.ɵɵinject(i5.KeyFactoryService)); }, token: KeyMetaService, providedIn: "root" });
+KeyMetaService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+KeyMetaService.ctorParameters = () => [
+    { type: EncryptionService },
+    { type: KeyGraphService },
+    { type: LrApolloService },
+    { type: KeyService },
+    { type: KeyFactoryService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LW1ldGEuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiJDOi9Qcm9qZWN0cy90ZXN0L3Byb2plY3RzL2NvcmUvc3JjLyIsInNvdXJjZXMiOlsibGliL2NyeXB0b2dyYXBoeS9rZXktbWV0YS5zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sZUFBZSxDQUFDO0FBRTNDLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQztBQUMzRCxPQUFPLEVBQUUscUJBQXFCLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQztBQUdqRSxPQUFPLEVBR0wsaUJBQWlCLEdBRWxCLE1BQU0sc0JBQXNCLENBQUM7QUFDOUIsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDMUQsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLHFCQUFxQixDQUFDO0FBQ3RELE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxlQUFlLENBQUM7Ozs7Ozs7QUFPM0MsTUFBTSxPQUFPLGNBQWM7Q0FLMUI7QUFFRCxNQUFNLE9BQU8sV0FBVztDQUl2QjtBQUtELE1BQU0sT0FBTyxjQUFjO0lBQ3pCLFlBQ1UsaUJBQW9DLEVBQ3BDLFFBQXlCLEVBQ3pCLFFBQXlCLEVBQ3pCLFVBQXNCLEVBQ3RCLFVBQTZCO1FBSjdCLHNCQUFpQixHQUFqQixpQkFBaUIsQ0FBbUI7UUFDcEMsYUFBUSxHQUFSLFFBQVEsQ0FBaUI7UUFDekIsYUFBUSxHQUFSLFFBQVEsQ0FBaUI7UUFDekIsZUFBVSxHQUFWLFVBQVUsQ0FBWTtRQUN0QixlQUFVLEdBQVYsVUFBVSxDQUFtQjtJQUNwQyxDQUFDO0lBRUosOEJBQThCO0lBQzlCLDJCQUEyQjtJQUMzQix3QkFBd0I7SUFDeEIsNkJBQTZCO0lBQzdCLGtCQUFrQjtJQUNsQixzQkFBc0I7SUFDdEIsaUVBQWlFO0lBQ2pFLG9EQUFvRDtJQUNwRCxhQUFhO0lBQ2IsZ0NBQWdDO0lBQ2hDLGdCQUFnQjtJQUNoQixpQkFBaUI7SUFDakIsTUFBTTtJQUNOLGlCQUFpQjtJQUNqQixJQUFJO0lBRUUsV0FBVyxDQUFJLFNBQXdCOztZQUMzQyxJQUFJLFNBQVMsQ0FBQyxVQUFVLEVBQUU7Z0JBQ3hCLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxDQUFDO2dCQUMzRCxPQUFPLENBQUMsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUMxQyxHQUFHLEVBQ0gsSUFBSSxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLENBQ2pDLENBQVEsQ0FBQzthQUNYO1lBQ0QsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO0tBQUE7SUFFRCw4REFBOEQ7SUFDOUQsNkRBQTZEO0lBQzdELDhEQUE4RDtJQUM5RCxrQ0FBa0M7SUFDbEMsZ0JBQWdCO0lBQ2hCLElBQUk7SUFFSixzRUFBc0U7SUFDdEUseUJBQXlCO0lBQ3pCLGlDQUFpQztJQUNqQyxpQkFBaUI7SUFDakIsdUJBQXVCO0lBQ3ZCLDJFQUEyRTtJQUMzRSxtRkFBbUY7SUFDbkYsc0VBQXNFO0lBQ3RFLGlGQUFpRjtJQUNqRiwyRUFBMkU7SUFDM0UsMEVBQTBFO0lBQzFFLDJFQUEyRTtJQUMzRSwyQkFBMkI7SUFDM0IsbUJBQW1CO0lBQ25CLE1BQU07SUFFTixnQkFBZ0I7SUFDaEIsaUZBQWlGO0lBQ2pGLCtFQUErRTtJQUMvRSxJQUFJO0lBRUosdUNBQXVDO0lBQ3ZDLCtDQUErQztJQUMvQyxvQkFBb0I7SUFDcEIseUNBQXlDO0lBQ3pDLGlCQUFpQjtJQUNqQix1QkFBdUI7SUFDdkIsZ0NBQWdDO0lBQ2hDLHdDQUF3QztJQUN4QyxvREFBb0Q7SUFDcEQsU0FBUztJQUNULE1BQU07SUFFTixnRUFBZ0U7SUFDaEUsSUFBSTtJQUVKLFVBQVU7SUFDViwrQkFBK0I7SUFDL0IsZ0NBQWdDO0lBRTFCLGlCQUFpQixDQUNyQixhQUFrQixFQUNsQixXQUFxQixFQUNyQixXQUF5Qjs7WUFFekIsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBRTlDLE1BQU0sY0FBYyxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FDM0MsR0FBRyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsRUFDaEIsV0FBVyxDQUNaLENBQUM7WUFFRixPQUFPO2dCQUNMLE9BQU8sRUFBRSxjQUFjLENBQUMsT0FBTztnQkFDL0IsV0FBVyxFQUFFLGNBQWMsQ0FBQyxXQUFXO2dCQUN2QyxnQkFBZ0IsRUFBRSxjQUFjLENBQUMsVUFBVTtnQkFDM0MsVUFBVSxFQUFFLGFBQWE7b0JBQ3ZCLENBQUMsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUNaLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQyxHQUFHLEVBQUUsYUFBYSxDQUFDLENBQ3pEO29CQUNILENBQUMsQ0FBQyxJQUFJO2dCQUNSLGlCQUFpQixFQUFFLFdBQVc7b0JBQzVCLENBQUMsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQyxHQUFHLEVBQUUsV0FBVyxDQUFDLENBQUM7b0JBQ3hFLENBQUMsQ0FBQyxJQUFJO2FBQ1QsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVLLGFBQWEsQ0FBQyxLQUFhLEVBQUUsYUFBa0I7O1lBQ25ELE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDakQsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBRWpELE9BQU87Z0JBQ0wsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FDOUIsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLEdBQUcsRUFBRSxNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQy9EO2dCQUNELFVBQVUsRUFBRSxhQUFhO29CQUN2QixDQUFDLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FDWixNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsTUFBTSxFQUFFLGFBQWEsQ0FBQyxDQUM1RDtvQkFDSCxDQUFDLENBQUMsSUFBSTthQUNULENBQUM7UUFDSixDQUFDO0tBQUE7SUFFSyxXQUFXLENBQ2YsYUFBa0IsRUFDbEIsV0FBc0I7O1lBRXRCLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUU5QyxJQUFJLFdBQTBCLENBQUM7WUFDL0IsSUFBSSxlQUE0QixDQUFDO1lBRWpDLElBQUksV0FBVyxJQUFJLFdBQVcsQ0FBQyxNQUFNLEVBQUU7Z0JBQ3JDLFdBQVcsR0FBRyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQzdCLFdBQVcsQ0FBQyxHQUFHLENBQUMsQ0FBTyxVQUFVLEVBQUUsRUFBRTtvQkFDbkMsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsVUFBVSxDQUFDLENBQUM7b0JBQzFELE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxTQUFTLENBQy9CLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbEMsU0FBUyxDQUFDLEdBQUcsRUFDYixHQUFHLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUNqQixDQUNGLENBQUM7b0JBQ0YsT0FBTzt3QkFDTCxXQUFXLEVBQUUsVUFBVTt3QkFDdkIsYUFBYSxFQUFFLFNBQVMsQ0FBQyxLQUFLO3dCQUM5QixVQUFVO3FCQUNYLENBQUM7Z0JBQ0osQ0FBQyxDQUFBLENBQUMsQ0FDSCxDQUFDO2FBQ0g7aUJBQU07Z0JBQ0wsMkJBQTJCO2dCQUMzQixNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLGlCQUFpQixFQUFFLENBQUM7Z0JBQ3BELE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxTQUFTLENBQy9CLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsR0FBRyxFQUFFLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FDcEUsQ0FBQztnQkFDRixlQUFlLEdBQUc7b0JBQ2hCLGFBQWEsRUFBRSxPQUFPLENBQUMsRUFBRTtvQkFDekIsVUFBVTtpQkFDWCxDQUFDO2FBQ0g7WUFFRCxPQUFPO2dCQUNMLEdBQUc7Z0JBQ0gsT0FBTyxFQUFFLGVBQWU7Z0JBQ3hCLFdBQVc7Z0JBQ1gsVUFBVSxFQUFFLGFBQWE7b0JBQ3ZCLENBQUMsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUNaLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQyxHQUFHLEVBQUUsYUFBYSxDQUFDLENBQ3pEO29CQUNILENBQUMsQ0FBQyxJQUFJO2FBQ1QsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVLLGtCQUFrQixDQUN0QixhQUFrQixFQUNsQixLQUFhOztZQUViLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUU5QyxNQUFNLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsZUFBZSxDQUNwRCxLQUFLLEVBQ0wsR0FBRyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDakIsQ0FBQztZQUVGLE9BQU87Z0JBQ0wsR0FBRztnQkFDSCxPQUFPLEVBQUU7b0JBQ1AsYUFBYSxFQUFFLEtBQUs7b0JBQ3BCLFVBQVU7aUJBQ1g7Z0JBQ0QsVUFBVSxFQUFFLGFBQWE7b0JBQ3ZCLENBQUMsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUNaLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQyxHQUFHLEVBQUUsYUFBYSxDQUFDLENBQ3pEO29CQUNILENBQUMsQ0FBQyxJQUFJO2FBQ1QsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVhLGdCQUFnQixDQUM1QixVQUFrQjs7WUFFbEIsTUFBTSxFQUFFLFFBQVEsRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQU07Z0JBQ2xELEtBQUssRUFBRSxxQkFBcUI7Z0JBQzVCLFNBQVMsRUFBRTtvQkFDVCxFQUFFLEVBQUUsVUFBVTtpQkFDZjthQUNGLENBQUMsQ0FBQztZQUVILE9BQU87Z0JBQ0wsS0FBSyxFQUFFLFFBQVEsQ0FBQyxLQUFLO2dCQUNyQixHQUFHLEVBQUUsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDO2FBQ25ELENBQUM7UUFDSixDQUFDO0tBQUE7Ozs7WUExTkYsVUFBVSxTQUFDO2dCQUNWLFVBQVUsRUFBRSxNQUFNO2FBQ25COzs7WUEzQkMsaUJBQWlCO1lBSVYsZUFBZTtZQVhmLGVBQWU7WUFZZixVQUFVO1lBRlYsaUJBQWlCIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgSW5qZWN0YWJsZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xyXG5pbXBvcnQgeyBKV0sgfSBmcm9tICdub2RlLWpvc2UnO1xyXG5pbXBvcnQgeyBMckFwb2xsb1NlcnZpY2UgfSBmcm9tICcuLi9hcGkvbHItYXBvbGxvLnNlcnZpY2UnO1xyXG5pbXBvcnQgeyBHZXRDYXRlZ29yeUtleUlkUXVlcnkgfSBmcm9tICcuLi9jYXRlZ29yeS9jYXRlZ29yeS5ncWwnO1xyXG5pbXBvcnQgeyBMckJhZEFyZ3VtZW50RXhjZXB0aW9uIH0gZnJvbSAnLi4vX2NvbW1vbi9leGNlcHRpb25zJztcclxuaW1wb3J0IHsgS2V5LCBQYXlsb2FkVHlwZSB9IGZyb20gJy4vY3J5cHRvZ3JhcGh5LnR5cGVzJztcclxuaW1wb3J0IHtcclxuICBhc0p3ayxcclxuICBEZWNyeXB0T3B0aW9ucyxcclxuICBFbmNyeXB0aW9uU2VydmljZSxcclxuICBpc1N5bW1ldHJpY0tleSxcclxufSBmcm9tICcuL2VuY3J5cHRpb24uc2VydmljZSc7XHJcbmltcG9ydCB7IEtleUZhY3RvcnlTZXJ2aWNlIH0gZnJvbSAnLi9rZXktZmFjdG9yeS5zZXJ2aWNlJztcclxuaW1wb3J0IHsgS2V5R3JhcGhTZXJ2aWNlIH0gZnJvbSAnLi9rZXktZ3JhcGguc2VydmljZSc7XHJcbmltcG9ydCB7IEtleVNlcnZpY2UgfSBmcm9tICcuL2tleS5zZXJ2aWNlJztcclxuXHJcbmV4cG9ydCBpbnRlcmZhY2UgSGFzQ2lwaGVyTWV0YSB7XHJcbiAga2V5SWQ6IHN0cmluZztcclxuICBjaXBoZXJNZXRhOiBzdHJpbmc7XHJcbn1cclxuXHJcbmV4cG9ydCBjbGFzcyBXcmFwcGVkQ29udGVudCB7XHJcbiAga2V5OiBKV0suS2V5O1xyXG4gIGNpcGhlck1ldGE6IHN0cmluZztcclxuICB3cmFwcGVkS2V5cz86IFdyYXBwaW5nS2V5W107XHJcbiAgcm9vdEtleT86IFdyYXBwaW5nS2V5O1xyXG59XHJcblxyXG5leHBvcnQgY2xhc3MgV3JhcHBpbmdLZXkge1xyXG4gIGRpcmVjdG9yeUlkPzogc3RyaW5nO1xyXG4gIHdyYXBwaW5nS2V5SWQ6IHN0cmluZztcclxuICB3cmFwcGVkS2V5OiBzdHJpbmc7XHJcbn1cclxuXHJcbkBJbmplY3RhYmxlKHtcclxuICBwcm92aWRlZEluOiAncm9vdCcsXHJcbn0pXHJcbmV4cG9ydCBjbGFzcyBLZXlNZXRhU2VydmljZSB7XHJcbiAgY29uc3RydWN0b3IoXHJcbiAgICBwcml2YXRlIGVuY3J5cHRpb25TZXJ2aWNlOiBFbmNyeXB0aW9uU2VydmljZSxcclxuICAgIHByaXZhdGUga2V5R3JhcGg6IEtleUdyYXBoU2VydmljZSxcclxuICAgIHByaXZhdGUgbHJBcG9sbG86IExyQXBvbGxvU2VydmljZSxcclxuICAgIHByaXZhdGUga2V5U2VydmljZTogS2V5U2VydmljZSxcclxuICAgIHByaXZhdGUga2V5RmFjdG9yeTogS2V5RmFjdG9yeVNlcnZpY2VcclxuICApIHt9XHJcblxyXG4gIC8vIGFzeW5jIGRlY3J5cHRGcm9tU3RyaW5nPFQ+KFxyXG4gIC8vICAga2V5T3JJZDogc3RyaW5nIHwgS2V5LFxyXG4gIC8vICAgY2lwaGVyRGF0YTogc3RyaW5nLFxyXG4gIC8vICAgb3B0aW9ucz86IERlY3J5cHRPcHRpb25zXHJcbiAgLy8gKTogUHJvbWlzZTxUPiB7XHJcbiAgLy8gICBpZiAoY2lwaGVyRGF0YSkge1xyXG4gIC8vICAgICBjb25zdCBrZXkgPSBhd2FpdCB0aGlzLmtleUdyYXBoU2VydmljZS5nZXRKd2tLZXkoa2V5T3JJZCk7XHJcbiAgLy8gICAgIHJldHVybiAoYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxyXG4gIC8vICAgICAgIGtleSxcclxuICAvLyAgICAgICBKU09OLnBhcnNlKGNpcGhlckRhdGEpLFxyXG4gIC8vICAgICAgIG9wdGlvbnNcclxuICAvLyAgICAgKSkgYXMgYW55O1xyXG4gIC8vICAgfVxyXG4gIC8vICAgcmV0dXJuIG51bGw7XHJcbiAgLy8gfVxyXG5cclxuICBhc3luYyBkZWNyeXB0TWV0YTxUPihtZXRhSGF2ZXI6IEhhc0NpcGhlck1ldGEpOiBQcm9taXNlPFQ+IHtcclxuICAgIGlmIChtZXRhSGF2ZXIuY2lwaGVyTWV0YSkge1xyXG4gICAgICBjb25zdCBrZXkgPSBhd2FpdCB0aGlzLmtleUdyYXBoLmdldEp3a0tleShtZXRhSGF2ZXIua2V5SWQpO1xyXG4gICAgICByZXR1cm4gKGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZGVjcnlwdChcclxuICAgICAgICBrZXksXHJcbiAgICAgICAgSlNPTi5wYXJzZShtZXRhSGF2ZXIuY2lwaGVyTWV0YSlcclxuICAgICAgKSkgYXMgYW55O1xyXG4gICAgfVxyXG4gICAgcmV0dXJuIG51bGw7XHJcbiAgfVxyXG5cclxuICAvLyBhc3luYyBkZWNyeXB0RmlsZShrZXlJZDogc3RyaW5nLCBmaWxlOiBhbnkpOiBQcm9taXNlPGFueT4ge1xyXG4gIC8vICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5rZXlHcmFwaFNlcnZpY2UuZ2V0SndrS2V5KGtleUlkKTtcclxuICAvLyAgIHJldHVybiAoYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KGtleSwgZmlsZSwge1xyXG4gIC8vICAgICBwYXlsb2FkVHlwZTogJ0FycmF5QnVmZmVyJyxcclxuICAvLyAgIH0pKSBhcyBhbnk7XHJcbiAgLy8gfVxyXG5cclxuICAvLyAvLyBUT0RPIHJlbmFtZSB0aGlzIHRvIGVuY3J5cHQoKSBhbmQgdXNlIGFzIHRoZSBtb3N0IGNvbW1vbiB1c2VjYXNlXHJcbiAgLy8gYXN5bmMgZW5jcnlwdFRvU3RyaW5nKFxyXG4gIC8vICAga2V5OiBzdHJpbmcgfCBLZXkgfCBKV0suS2V5LFxyXG4gIC8vICAgY29udGVudDogYW55XHJcbiAgLy8gKTogUHJvbWlzZTxzdHJpbmc+IHtcclxuICAvLyAgIC8vIEVtcHR5IHN0cmluZyBzaG91bGQgYmUgZW5jcnlwdGVkIHNpbmNlIHlvdSB3YW50IHRvIGNsZWFyIHRoZSBmaWVsZC5cclxuICAvLyAgIC8vIE51bGwgaXMgbm90IGVuY3J5cHRlZCBiZWNhdXNlIGl0J3Mgbm90IHZhbGlkIEpTT04gaW4gdGhlIG9sZCBKU09OIHNwZWMuIFVzZVxyXG4gIC8vICAgLy8gZW1wdHkgc3RyaW5nIGluc3RlYWQuIEl0J2xsIGZ1bmN0aW9uIGFzIGEgbG9naWMgZmFsc2UgYXMgd2VsbC5cclxuICAvLyAgIC8vIE5vdGUgdGhhdCBwYXNzaW5nIGluIGVtcHR5IHN0cmluZyBtZWFucyBpdCdsbCBiZSBlbmNyeXB0ZWQgd2hpY2ggdmVyaWZpZXNcclxuICAvLyAgIC8vIGl0J3MgaW50ZWdyaXR5LiBCdXQgd2Ugc3RpbGwgd2FudCB0byBoYXZlIGEgd2F5IHRvIHNldCB0aGUgREIgZmllbGRcclxuICAvLyAgIC8vIHRvIE5VTEwsIHNvIHdlIGV4cGxpY2l0bHkgcmV0dXJuIG51bGwgd2hlbiBjb250ZW50ID09IG51bGwuIEEgbnVsbFxyXG4gIC8vICAgLy8gdmFyaWFibGUgaW4gZ3JhcGhxbCBtdXRhdGlvbiBvbiBLQyBzZXJ2ZXIgY2xlYXJzIHRoZSBmaWVsZCB0byBOVUxMLlxyXG4gIC8vICAgaWYgKGNvbnRlbnQgPT0gbnVsbCkge1xyXG4gIC8vICAgICByZXR1cm4gbnVsbDtcclxuICAvLyAgIH1cclxuXHJcbiAgLy8gICBjb25zdCBqd2sgPVxyXG4gIC8vICAgICBhc0p3ayhrZXkpIHx8IChhd2FpdCB0aGlzLmtleUdyYXBoU2VydmljZS5nZXRKd2tLZXkoa2V5IGFzIHN0cmluZyB8IEtleSkpO1xyXG4gIC8vICAgcmV0dXJuIEpTT04uc3RyaW5naWZ5KGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChqd2ssIGNvbnRlbnQpKTtcclxuICAvLyB9XHJcblxyXG4gIC8vIC8vIFdyYXBzIGEgc3ltbWV0cmljIGVuY3J5cHRpb24ga2V5LlxyXG4gIC8vIC8vIFRocm93cyBleGNlcHRpb24gaWYgd3JhcHBpbmcgcHVibGljIGtleXMuXHJcbiAgLy8gYXN5bmMgd3JhcEtleTxUPihcclxuICAvLyAgIHdyYXBwaW5nS2V5OiBzdHJpbmcgfCBLZXkgfCBKV0suS2V5LFxyXG4gIC8vICAga2V5OiBKV0suS2V5XHJcbiAgLy8gKTogUHJvbWlzZTxzdHJpbmc+IHtcclxuICAvLyAgIGlmICghaXNTeW1tZXRyaWNLZXkoa2V5KSkge1xyXG4gIC8vICAgICB0aHJvdyBuZXcgTHJCYWRBcmd1bWVudEV4Y2VwdGlvbihcclxuICAvLyAgICAgICAnT25seSBhbGxvd2luZyB3cmFwcGluZyBvZiBzeW1tZXRyaWMga2V5cy4nXHJcbiAgLy8gICAgICk7XHJcbiAgLy8gICB9XHJcblxyXG4gIC8vICAgcmV0dXJuIHRoaXMuZW5jcnlwdFRvU3RyaW5nKHdyYXBwaW5nS2V5LCBrZXkudG9KU09OKHRydWUpKTtcclxuICAvLyB9XHJcblxyXG4gIC8vIC8vIFRPRE9cclxuICAvLyAvLyBhc3luYyB3cmFwUHVibGljS2V5PFQ+KCk7XHJcbiAgLy8gLy8gYXN5bmMgd3JhcFByaXZhdGVLZXk8VD4oKTtcclxuXHJcbiAgYXN5bmMgZG91YmxlV3JhcENvbnRlbnQoXHJcbiAgICBzZWN1cmVDb250ZW50OiBhbnksXHJcbiAgICBjYXRlZ29yeUlkczogc3RyaW5nW10sXHJcbiAgICBmaWxlQ29udGVudD86IEFycmF5QnVmZmVyXHJcbiAgKSB7XHJcbiAgICBjb25zdCBrZXkgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlS2V5KCk7XHJcblxyXG4gICAgY29uc3Qgd3JhcHBlZENvbnRlbnQgPSBhd2FpdCB0aGlzLndyYXBDb250ZW50KFxyXG4gICAgICBrZXkudG9KU09OKHRydWUpLFxyXG4gICAgICBjYXRlZ29yeUlkc1xyXG4gICAgKTtcclxuXHJcbiAgICByZXR1cm4ge1xyXG4gICAgICByb290S2V5OiB3cmFwcGVkQ29udGVudC5yb290S2V5LFxyXG4gICAgICB3cmFwcGVkS2V5czogd3JhcHBlZENvbnRlbnQud3JhcHBlZEtleXMsXHJcbiAgICAgIGRvdWJsZVdyYXBwZWRLZXk6IHdyYXBwZWRDb250ZW50LmNpcGhlck1ldGEsXHJcbiAgICAgIGNpcGhlck1ldGE6IHNlY3VyZUNvbnRlbnRcclxuICAgICAgICA/IEpTT04uc3RyaW5naWZ5KFxyXG4gICAgICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoa2V5LCBzZWN1cmVDb250ZW50KVxyXG4gICAgICAgICAgKVxyXG4gICAgICAgIDogbnVsbCxcclxuICAgICAgY2lwaGVyRmlsZUNvbnRlbnQ6IGZpbGVDb250ZW50XHJcbiAgICAgICAgPyBKU09OLnN0cmluZ2lmeShhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoa2V5LCBmaWxlQ29udGVudCkpXHJcbiAgICAgICAgOiBudWxsLFxyXG4gICAgfTtcclxuICB9XHJcblxyXG4gIGFzeW5jIHJlV3JhcENvbnRlbnQoa2V5SWQ6IHN0cmluZywgc2VjdXJlQ29udGVudDogYW55KSB7XHJcbiAgICBjb25zdCBrZXkgPSBhd2FpdCB0aGlzLmtleUdyYXBoLmdldEp3a0tleShrZXlJZCk7XHJcbiAgICBjb25zdCBuZXdLZXkgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlS2V5KCk7XHJcblxyXG4gICAgcmV0dXJuIHtcclxuICAgICAgZG91YmxlV3JhcHBlZEtleTogSlNPTi5zdHJpbmdpZnkoXHJcbiAgICAgICAgYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KGtleSwgbmV3S2V5LnRvSlNPTih0cnVlKSlcclxuICAgICAgKSxcclxuICAgICAgY2lwaGVyTWV0YTogc2VjdXJlQ29udGVudFxyXG4gICAgICAgID8gSlNPTi5zdHJpbmdpZnkoXHJcbiAgICAgICAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChuZXdLZXksIHNlY3VyZUNvbnRlbnQpXHJcbiAgICAgICAgICApXHJcbiAgICAgICAgOiBudWxsLFxyXG4gICAgfTtcclxuICB9XHJcblxyXG4gIGFzeW5jIHdyYXBDb250ZW50KFxyXG4gICAgc2VjdXJlQ29udGVudDogYW55LFxyXG4gICAgY2F0ZWdvcnlJZHM/OiBzdHJpbmdbXVxyXG4gICk6IFByb21pc2U8V3JhcHBlZENvbnRlbnQ+IHtcclxuICAgIGNvbnN0IGtleSA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVLZXkoKTtcclxuXHJcbiAgICBsZXQgd3JhcHBlZEtleXM6IFdyYXBwaW5nS2V5W107XHJcbiAgICBsZXQgcm9vdFdyYXBwaW5nS2V5OiBXcmFwcGluZ0tleTtcclxuXHJcbiAgICBpZiAoY2F0ZWdvcnlJZHMgJiYgY2F0ZWdvcnlJZHMubGVuZ3RoKSB7XHJcbiAgICAgIHdyYXBwZWRLZXlzID0gYXdhaXQgUHJvbWlzZS5hbGwoXHJcbiAgICAgICAgY2F0ZWdvcnlJZHMubWFwKGFzeW5jIChjYXRlZ29yeUlkKSA9PiB7XHJcbiAgICAgICAgICBjb25zdCBwYXJlbnRLZXkgPSBhd2FpdCB0aGlzLmdldENhdGVnb3J5S2V5SWQoY2F0ZWdvcnlJZCk7XHJcbiAgICAgICAgICBjb25zdCB3cmFwcGVkS2V5ID0gSlNPTi5zdHJpbmdpZnkoXHJcbiAgICAgICAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcclxuICAgICAgICAgICAgICBwYXJlbnRLZXkua2V5LFxyXG4gICAgICAgICAgICAgIGtleS50b0pTT04odHJ1ZSlcclxuICAgICAgICAgICAgKVxyXG4gICAgICAgICAgKTtcclxuICAgICAgICAgIHJldHVybiB7XHJcbiAgICAgICAgICAgIGRpcmVjdG9yeUlkOiBjYXRlZ29yeUlkLFxyXG4gICAgICAgICAgICB3cmFwcGluZ0tleUlkOiBwYXJlbnRLZXkua2V5SWQsXHJcbiAgICAgICAgICAgIHdyYXBwZWRLZXksXHJcbiAgICAgICAgICB9O1xyXG4gICAgICAgIH0pXHJcbiAgICAgICk7XHJcbiAgICB9IGVsc2Uge1xyXG4gICAgICAvLyBBZGRpbmcgdG8gcm9vdCBkaXJlY3RvcnlcclxuICAgICAgY29uc3Qgcm9vdEtleSA9IHRoaXMua2V5U2VydmljZS5nZXRDdXJyZW50Um9vdEtleSgpO1xyXG4gICAgICBjb25zdCB3cmFwcGVkS2V5ID0gSlNPTi5zdHJpbmdpZnkoXHJcbiAgICAgICAgYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KHJvb3RLZXkuandrLCBrZXkudG9KU09OKHRydWUpKVxyXG4gICAgICApO1xyXG4gICAgICByb290V3JhcHBpbmdLZXkgPSB7XHJcbiAgICAgICAgd3JhcHBpbmdLZXlJZDogcm9vdEtleS5pZCxcclxuICAgICAgICB3cmFwcGVkS2V5LFxyXG4gICAgICB9O1xyXG4gICAgfVxyXG5cclxuICAgIHJldHVybiB7XHJcbiAgICAgIGtleSxcclxuICAgICAgcm9vdEtleTogcm9vdFdyYXBwaW5nS2V5LFxyXG4gICAgICB3cmFwcGVkS2V5cyxcclxuICAgICAgY2lwaGVyTWV0YTogc2VjdXJlQ29udGVudFxyXG4gICAgICAgID8gSlNPTi5zdHJpbmdpZnkoXHJcbiAgICAgICAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChrZXksIHNlY3VyZUNvbnRlbnQpXHJcbiAgICAgICAgICApXHJcbiAgICAgICAgOiBudWxsLFxyXG4gICAgfTtcclxuICB9XHJcblxyXG4gIGFzeW5jIHdyYXBDb250ZW50V2l0aEtleShcclxuICAgIHNlY3VyZUNvbnRlbnQ6IGFueSxcclxuICAgIGtleUlkOiBzdHJpbmdcclxuICApOiBQcm9taXNlPFdyYXBwZWRDb250ZW50PiB7XHJcbiAgICBjb25zdCBrZXkgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlS2V5KCk7XHJcblxyXG4gICAgY29uc3Qgd3JhcHBlZEtleSA9IGF3YWl0IHRoaXMua2V5R3JhcGguZW5jcnlwdFRvU3RyaW5nKFxyXG4gICAgICBrZXlJZCxcclxuICAgICAga2V5LnRvSlNPTih0cnVlKVxyXG4gICAgKTtcclxuXHJcbiAgICByZXR1cm4ge1xyXG4gICAgICBrZXksXHJcbiAgICAgIHJvb3RLZXk6IHtcclxuICAgICAgICB3cmFwcGluZ0tleUlkOiBrZXlJZCxcclxuICAgICAgICB3cmFwcGVkS2V5LFxyXG4gICAgICB9LFxyXG4gICAgICBjaXBoZXJNZXRhOiBzZWN1cmVDb250ZW50XHJcbiAgICAgICAgPyBKU09OLnN0cmluZ2lmeShcclxuICAgICAgICAgICAgYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KGtleSwgc2VjdXJlQ29udGVudClcclxuICAgICAgICAgIClcclxuICAgICAgICA6IG51bGwsXHJcbiAgICB9O1xyXG4gIH1cclxuXHJcbiAgcHJpdmF0ZSBhc3luYyBnZXRDYXRlZ29yeUtleUlkKFxyXG4gICAgY2F0ZWdvcnlJZDogc3RyaW5nXHJcbiAgKTogUHJvbWlzZTx7IGtleUlkOiBzdHJpbmc7IGtleTogYW55IH0+IHtcclxuICAgIGNvbnN0IHsgY2F0ZWdvcnkgfSA9IGF3YWl0IHRoaXMubHJBcG9sbG8ucXVlcnk8YW55Pih7XHJcbiAgICAgIHF1ZXJ5OiBHZXRDYXRlZ29yeUtleUlkUXVlcnksXHJcbiAgICAgIHZhcmlhYmxlczoge1xyXG4gICAgICAgIGlkOiBjYXRlZ29yeUlkLFxyXG4gICAgICB9LFxyXG4gICAgfSk7XHJcblxyXG4gICAgcmV0dXJuIHtcclxuICAgICAga2V5SWQ6IGNhdGVnb3J5LmtleUlkLFxyXG4gICAgICBrZXk6IGF3YWl0IHRoaXMua2V5R3JhcGguZ2V0SndrS2V5KGNhdGVnb3J5LmtleUlkKSxcclxuICAgIH07XHJcbiAgfVxyXG59XHJcbiJdfQ==