@lifeready/core 1.0.1 → 1.0.3

package/esm2015/lib/cryptography/encryption.service.js

@@ -0,0 +1,189 @@
+import { __awaiter } from "tslib";
+import { LrException, LrErrorCode, LrBadArgumentException, } from './../_common/exceptions';
+import { Injectable } from '@angular/core';
+import { JWE, JWS } from 'node-jose';
+import { TimeService } from '../api/time.service';
+import * as i0 from "@angular/core";
+import * as i1 from "../api/time.service";
+export var JoseSerialization;
+(function (JoseSerialization) {
+    JoseSerialization["JSON"] = "JSON";
+    JoseSerialization["COMPACT"] = "COMPACT";
+})(JoseSerialization || (JoseSerialization = {}));
+export const VERIFY_OPTIONS_DEFAULT = {
+    payloadType: 'json',
+    returnOnlyPayload: true,
+};
+export const DECRYPT_OPTIONS_DEFAULT = {
+    payloadType: 'json',
+    returnOnlyPayload: true,
+    serializations: [JoseSerialization.JSON],
+};
+export function isSymmetricKey(key) {
+    // TODO: make sure this covers all cases.
+    return key.kty === 'oct';
+}
+export function asJwk(key) {
+    // TODO: make sure this covers all cases.
+    // Excluded:
+    //   key.use - only for public keys, Ref: https://tools.ietf.org/html/rfc7517#section-4.2
+    if (key.id && key.jwk) {
+        return key.jwk;
+    }
+    else if (key.keystore && key.length && key.kty && key.kid && key.alg) {
+        return key;
+    }
+    else {
+        return null;
+    }
+}
+export class EncryptionService {
+    constructor(timeService) {
+        this.timeService = timeService;
+    }
+    decrypt(key, // string is assumed to be key.id, will unwrap key.
+    jwe, // string will be JSON.parsed
+    options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const opt = {
+                algorithms: ['dir', 'A*GCM', 'RSA-OAEP-*'],
+            };
+            options = Object.assign(Object.assign({}, DECRYPT_OPTIONS_DEFAULT), options);
+            if (key.jwk) {
+                key = key.jwk;
+            }
+            if (typeof jwe === 'string') {
+                if (options.serializations.includes(JoseSerialization.JSON)) {
+                    try {
+                        jwe = JSON.parse(jwe);
+                    }
+                    catch (error) {
+                        if (options.serializations.includes(JoseSerialization.COMPACT)) {
+                            console.log('Not a JSON-formatted JWE, it maybe compact serialisation format.');
+                        }
+                        else {
+                            throw error;
+                        }
+                    }
+                }
+            }
+            // {result} is a Object with:
+            // *  header: the combined 'protected' and 'unprotected' header members
+            // *  protected: an array of the member names from the "protected" member
+            // *  key: Key used to decrypt
+            // *  payload: Buffer of the decrypted content
+            // *  plaintext: Buffer of the decrypted content (alternate), just a reference to payload
+            const res = yield JWE.createDecrypt(key, opt).decrypt(jwe);
+            res.payload = this.decodePayload(options.payloadType, res.payload);
+            if (options.returnOnlyPayload) {
+                return res.payload;
+            }
+            else {
+                return res;
+            }
+        });
+    }
+    // TODO rename this to encrypt() and use as the most common usecase
+    encryptToString(key, content) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return JSON.stringify(yield this.encrypt(key, content));
+        });
+    }
+    // TODO rename this to encryptToJSON() and use this when required.
+    encrypt(key, content) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!content) {
+                throw new Error('Encrypting empty content.');
+            }
+            if (!(content instanceof ArrayBuffer)) {
+                content = new TextEncoder().encode(JSON.stringify(content));
+            }
+            return JWE.createEncrypt({
+                contentAlg: 'A256GCM',
+                fields: {
+                    timestamp: yield this.timeService.serverNow(),
+                },
+            }, key)
+                .update(content)
+                .final();
+        });
+    }
+    // <AZ> Unlike signContent, the serialised "content" variable is contained inside
+    // the result. So ordering of fields within "content" is not an issue.
+    sign(key, content) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const signer = JWS.createSign({
+                fields: {
+                    timestamp: yield this.timeService.serverNow(),
+                },
+            }, key);
+            if (content instanceof Buffer) {
+                signer.update(content);
+            }
+            else {
+                signer.update(JSON.stringify(content), 'utf8');
+            }
+            return signer.final();
+        });
+    }
+    signToString(key, content) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return JSON.stringify(yield this.sign(key, content));
+        });
+    }
+    verify(key, jws, options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const opt = {
+                algorithms: ['RS*'],
+            };
+            options = Object.assign(Object.assign({}, VERIFY_OPTIONS_DEFAULT), options);
+            try {
+                const res = yield JWS.createVerify(key, opt).verify(jws);
+                res.payload = this.decodePayload(options.payloadType, res.payload);
+                if (options.returnOnlyPayload) {
+                    return res.payload;
+                }
+                else {
+                    return res;
+                }
+            }
+            catch (error) {
+                throw new LrException({
+                    code: LrErrorCode.BadSignature,
+                    message: `Bad signature: ${error}`,
+                });
+            }
+        });
+    }
+    encryptThenSign({ key, sigPrk, }, content) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const cipher = JSON.stringify(yield this.encrypt(key, content));
+            const sig = yield this.sign(sigPrk, cipher);
+            delete sig.payload;
+            return {
+                cipher,
+                sig: JSON.stringify(sig),
+            };
+        });
+    }
+    decodePayload(payloadType, payload) {
+        switch (payloadType) {
+            case 'json':
+                return JSON.parse(new TextDecoder().decode(payload));
+            case 'ArrayBuffer':
+                return payload;
+            default:
+                throw new LrBadArgumentException(`Unknown payloadType: ${payloadType}`);
+        }
+    }
+}
+EncryptionService.ɵprov = i0.ɵɵdefineInjectable({ factory: function EncryptionService_Factory() { return new EncryptionService(i0.ɵɵinject(i1.TimeService)); }, token: EncryptionService, providedIn: "root" });
+EncryptionService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+EncryptionService.ctorParameters = () => [
+    { type: TimeService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW5jcnlwdGlvbi5zZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6IkM6L1Byb2plY3RzL25ld3JlcG8va2MtY2xpZW50L3Byb2plY3RzL2NvcmUvc3JjLyIsInNvdXJjZXMiOlsibGliL2NyeXB0b2dyYXBoeS9lbmNyeXB0aW9uLnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLE9BQU8sRUFDTCxXQUFXLEVBQ1gsV0FBVyxFQUNYLHNCQUFzQixHQUN2QixNQUFNLHlCQUF5QixDQUFDO0FBQ2pDLE9BQU8sRUFBNEIsVUFBVSxFQUFFLE1BQU0sZUFBZSxDQUFDO0FBQ3JFLE9BQU8sRUFBRSxHQUFHLEVBQU8sR0FBRyxFQUFRLE1BQU0sV0FBVyxDQUFDO0FBRWhELE9BQU8sRUFBRSxXQUFXLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQzs7O0FBRWxELE1BQU0sQ0FBTixJQUFZLGlCQUdYO0FBSEQsV0FBWSxpQkFBaUI7SUFDM0Isa0NBQWEsQ0FBQTtJQUNiLHdDQUFtQixDQUFBO0FBQ3JCLENBQUMsRUFIVyxpQkFBaUIsS0FBakIsaUJBQWlCLFFBRzVCO0FBYUQsTUFBTSxDQUFDLE1BQU0sc0JBQXNCLEdBQWtCO0lBQ25ELFdBQVcsRUFBRSxNQUFNO0lBQ25CLGlCQUFpQixFQUFFLElBQUk7Q0FDeEIsQ0FBQztBQUVGLE1BQU0sQ0FBQyxNQUFNLHVCQUF1QixHQUFtQjtJQUNyRCxXQUFXLEVBQUUsTUFBTTtJQUNuQixpQkFBaUIsRUFBRSxJQUFJO0lBQ3ZCLGNBQWMsRUFBRSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQztDQUN6QyxDQUFDO0FBRUYsTUFBTSxVQUFVLGNBQWMsQ0FBQyxHQUFZO0lBQ3pDLHlDQUF5QztJQUN6QyxPQUFPLEdBQUcsQ0FBQyxHQUFHLEtBQUssS0FBSyxDQUFDO0FBQzNCLENBQUM7QUFFRCxNQUFNLFVBQVUsS0FBSyxDQUFDLEdBQXdCO0lBQzVDLHlDQUF5QztJQUN6QyxZQUFZO0lBQ1oseUZBQXlGO0lBRXpGLElBQUksR0FBRyxDQUFDLEVBQUUsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFO1FBQ3JCLE9BQU8sR0FBRyxDQUFDLEdBQUcsQ0FBQztLQUNoQjtTQUFNLElBQUksR0FBRyxDQUFDLFFBQVEsSUFBSSxHQUFHLENBQUMsTUFBTSxJQUFJLEdBQUcsQ0FBQyxHQUFHLElBQUksR0FBRyxDQUFDLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFO1FBQ3RFLE9BQU8sR0FBRyxDQUFDO0tBQ1o7U0FBTTtRQUNMLE9BQU8sSUFBSSxDQUFDO0tBQ2I7QUFDSCxDQUFDO0FBS0QsTUFBTSxPQUFPLGlCQUFpQjtJQUM1QixZQUFvQixXQUF3QjtRQUF4QixnQkFBVyxHQUFYLFdBQVcsQ0FBYTtJQUFHLENBQUM7SUFFMUMsT0FBTyxDQUNYLEdBQWtCLEVBQUUsbURBQW1EO0lBQ3ZFLEdBQW9CLEVBQUUsNkJBQTZCO0lBQ25ELE9BQXdCOztZQUV4QixNQUFNLEdBQUcsR0FBRztnQkFDVixVQUFVLEVBQUUsQ0FBQyxLQUFLLEVBQUUsT0FBTyxFQUFFLFlBQVksQ0FBQzthQUMzQyxDQUFDO1lBRUYsT0FBTyxtQ0FDRix1QkFBdUIsR0FDdkIsT0FBTyxDQUNYLENBQUM7WUFFRixJQUFLLEdBQVcsQ0FBQyxHQUFHLEVBQUU7Z0JBQ3BCLEdBQUcsR0FBSSxHQUFXLENBQUMsR0FBRyxDQUFDO2FBQ3hCO1lBRUQsSUFBSSxPQUFPLEdBQUcsS0FBSyxRQUFRLEVBQUU7Z0JBQzNCLElBQUksT0FBTyxDQUFDLGNBQWMsQ0FBQyxRQUFRLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUFDLEVBQUU7b0JBQzNELElBQUk7d0JBQ0YsR0FBRyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7cUJBQ3ZCO29CQUFDLE9BQU8sS0FBSyxFQUFFO3dCQUNkLElBQUksT0FBTyxDQUFDLGNBQWMsQ0FBQyxRQUFRLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLEVBQUU7NEJBQzlELE9BQU8sQ0FBQyxHQUFHLENBQ1Qsa0VBQWtFLENBQ25FLENBQUM7eUJBQ0g7NkJBQU07NEJBQ0wsTUFBTSxLQUFLLENBQUM7eUJBQ2I7cUJBQ0Y7aUJBQ0Y7YUFDRjtZQUVELDZCQUE2QjtZQUM3Qix1RUFBdUU7WUFDdkUseUVBQXlFO1lBQ3pFLDhCQUE4QjtZQUM5Qiw4Q0FBOEM7WUFDOUMseUZBQXlGO1lBQ3pGLE1BQU0sR0FBRyxHQUFHLE1BQU0sR0FBRyxDQUFDLGFBQWEsQ0FBQyxHQUFjLEVBQUUsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUM5RCxHQUFVLENBQ1gsQ0FBQztZQUVGLEdBQUcsQ0FBQyxPQUFPLEdBQUcsSUFBSSxDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQUMsV0FBVyxFQUFFLEdBQUcsQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUVuRSxJQUFJLE9BQU8sQ0FBQyxpQkFBaUIsRUFBRTtnQkFDN0IsT0FBTyxHQUFHLENBQUMsT0FBTyxDQUFDO2FBQ3BCO2lCQUFNO2dCQUNMLE9BQU8sR0FBRyxDQUFDO2FBQ1o7UUFDSCxDQUFDO0tBQUE7SUFFRCxtRUFBbUU7SUFDN0QsZUFBZSxDQUNuQixHQUFZLEVBQ1osT0FBc0M7O1lBRXRDLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLElBQUksQ0FBQyxPQUFPLENBQUMsR0FBRyxFQUFFLE9BQU8sQ0FBQyxDQUFDLENBQUM7UUFDMUQsQ0FBQztLQUFBO0lBRUQsa0VBQWtFO0lBQzVELE9BQU8sQ0FDWCxHQUFZLEVBQ1osT0FBc0M7O1lBRXRDLElBQUksQ0FBQyxPQUFPLEVBQUU7Z0JBQ1osTUFBTSxJQUFJLEtBQUssQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO2FBQzlDO1lBRUQsSUFBSSxDQUFDLENBQUMsT0FBTyxZQUFZLFdBQVcsQ0FBQyxFQUFFO2dCQUNyQyxPQUFPLEdBQUcsSUFBSSxXQUFXLEVBQUUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDO2FBQzdEO1lBRUQsT0FBTyxHQUFHLENBQUMsYUFBYSxDQUN0QjtnQkFDRSxVQUFVLEVBQUUsU0FBUztnQkFDckIsTUFBTSxFQUFFO29CQUNOLFNBQVMsRUFBRSxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsU0FBUyxFQUFFO2lCQUM5QzthQUNLLEVBQ1IsR0FBRyxDQUNKO2lCQUNFLE1BQU0sQ0FBQyxPQUFPLENBQUM7aUJBQ2YsS0FBSyxFQUFTLENBQUM7UUFDcEIsQ0FBQztLQUFBO0lBRUQsaUZBQWlGO0lBQ2pGLHNFQUFzRTtJQUNoRSxJQUFJLENBQUMsR0FBWSxFQUFFLE9BQWlDOztZQUN4RCxNQUFNLE1BQU0sR0FBRyxHQUFHLENBQUMsVUFBVSxDQUMzQjtnQkFDRSxNQUFNLEVBQUU7b0JBQ04sU0FBUyxFQUFFLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxTQUFTLEVBQUU7aUJBQzlDO2FBQ0YsRUFDRCxHQUFHLENBQ0osQ0FBQztZQUVGLElBQUksT0FBTyxZQUFZLE1BQU0sRUFBRTtnQkFDN0IsTUFBTSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQzthQUN4QjtpQkFBTTtnQkFDTCxNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLEVBQUUsTUFBTSxDQUFDLENBQUM7YUFDaEQ7WUFFRCxPQUFPLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUN4QixDQUFDO0tBQUE7SUFFSyxZQUFZLENBQ2hCLEdBQVksRUFDWixPQUFpQzs7WUFFakMsT0FBTyxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUMsQ0FBQztRQUN2RCxDQUFDO0tBQUE7SUFFSyxNQUFNLENBQ1YsR0FBWSxFQUNaLEdBQVcsRUFDWCxPQUF1Qjs7WUFFdkIsTUFBTSxHQUFHLEdBQUc7Z0JBQ1YsVUFBVSxFQUFFLENBQUMsS0FBSyxDQUFDO2FBQ3BCLENBQUM7WUFFRixPQUFPLG1DQUNGLHNCQUFzQixHQUN0QixPQUFPLENBQ1gsQ0FBQztZQUVGLElBQUk7Z0JBQ0YsTUFBTSxHQUFHLEdBQUcsTUFBTSxHQUFHLENBQUMsWUFBWSxDQUFDLEdBQUcsRUFBRSxHQUFHLENBQUMsQ0FBQyxNQUFNLENBQUMsR0FBVSxDQUFDLENBQUM7Z0JBRWhFLEdBQUcsQ0FBQyxPQUFPLEdBQUcsSUFBSSxDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQUMsV0FBVyxFQUFFLEdBQUcsQ0FBQyxPQUFPLENBQUMsQ0FBQztnQkFFbkUsSUFBSSxPQUFPLENBQUMsaUJBQWlCLEVBQUU7b0JBQzdCLE9BQU8sR0FBRyxDQUFDLE9BQU8sQ0FBQztpQkFDcEI7cUJBQU07b0JBQ0wsT0FBTyxHQUFHLENBQUM7aUJBQ1o7YUFDRjtZQUFDLE9BQU8sS0FBSyxFQUFFO2dCQUNkLE1BQU0sSUFBSSxXQUFXLENBQUM7b0JBQ3BCLElBQUksRUFBRSxXQUFXLENBQUMsWUFBWTtvQkFDOUIsT0FBTyxFQUFFLGtCQUFrQixLQUFLLEVBQUU7aUJBQ25DLENBQUMsQ0FBQzthQUNKO1FBQ0gsQ0FBQztLQUFBO0lBRUssZUFBZSxDQUNuQixFQUNFLEdBQUcsRUFDSCxNQUFNLEdBSVAsRUFDRCxPQUFzQzs7WUFFdEMsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLElBQUksQ0FBQyxPQUFPLENBQUMsR0FBRyxFQUFFLE9BQU8sQ0FBQyxDQUFDLENBQUM7WUFDaEUsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxNQUFNLENBQUMsQ0FBQztZQUM1QyxPQUFPLEdBQUcsQ0FBQyxPQUFPLENBQUM7WUFFbkIsT0FBTztnQkFDTCxNQUFNO2dCQUNOLEdBQUcsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQzthQUN6QixDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRU8sYUFBYSxDQUNuQixXQUF3QixFQUN4QixPQUFvQjtRQUVwQixRQUFRLFdBQVcsRUFBRTtZQUNuQixLQUFLLE1BQU07Z0JBQ1QsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksV0FBVyxFQUFFLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7WUFDdkQsS0FBSyxhQUFhO2dCQUNoQixPQUFPLE9BQU8sQ0FBQztZQUNqQjtnQkFDRSxNQUFNLElBQUksc0JBQXNCLENBQUMsd0JBQXdCLFdBQVcsRUFBRSxDQUFDLENBQUM7U0FDM0U7SUFDSCxDQUFDOzs7O1lBekxGLFVBQVUsU0FBQztnQkFDVixVQUFVLEVBQUUsTUFBTTthQUNuQjs7O1lBbERRLFdBQVciLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQge1xyXG4gIExyRXhjZXB0aW9uLFxyXG4gIExyRXJyb3JDb2RlLFxyXG4gIExyQmFkQXJndW1lbnRFeGNlcHRpb24sXHJcbn0gZnJvbSAnLi8uLi9fY29tbW9uL2V4Y2VwdGlvbnMnO1xyXG5pbXBvcnQgeyBDb21wb25lbnRGYWN0b3J5UmVzb2x2ZXIsIEluamVjdGFibGUgfSBmcm9tICdAYW5ndWxhci9jb3JlJztcclxuaW1wb3J0IHsgSldFLCBKV0ssIEpXUywgdXRpbCB9IGZyb20gJ25vZGUtam9zZSc7XHJcbmltcG9ydCB7IEtleSwgUGF5bG9hZFR5cGUgfSBmcm9tICcuL2NyeXB0b2dyYXBoeS50eXBlcyc7XHJcbmltcG9ydCB7IFRpbWVTZXJ2aWNlIH0gZnJvbSAnLi4vYXBpL3RpbWUuc2VydmljZSc7XHJcblxyXG5leHBvcnQgZW51bSBKb3NlU2VyaWFsaXphdGlvbiB7XHJcbiAgSlNPTiA9ICdKU09OJyxcclxuICBDT01QQUNUID0gJ0NPTVBBQ1QnLFxyXG59XHJcblxyXG5leHBvcnQgaW50ZXJmYWNlIFZlcmlmeU9wdGlvbnMge1xyXG4gIHBheWxvYWRUeXBlPzogUGF5bG9hZFR5cGU7XHJcbiAgcmV0dXJuT25seVBheWxvYWQ/OiBib29sZWFuOyAvLyBJZiB0cnVlLCByZXR1cm4gb25seSB0aGUgZGVjb2RlZCBwYXlsb2FkLlxyXG59XHJcblxyXG5leHBvcnQgaW50ZXJmYWNlIERlY3J5cHRPcHRpb25zIHtcclxuICBwYXlsb2FkVHlwZT86IFBheWxvYWRUeXBlO1xyXG4gIHJldHVybk9ubHlQYXlsb2FkPzogYm9vbGVhbjsgLy8gSWYgdHJ1ZSwgcmV0dXJuIG9ubHkgdGhlIGRlY29kZWQgcGF5bG9hZC5cclxuICBzZXJpYWxpemF0aW9ucz86IEpvc2VTZXJpYWxpemF0aW9uW107XHJcbn1cclxuXHJcbmV4cG9ydCBjb25zdCBWRVJJRllfT1BUSU9OU19ERUZBVUxUOiBWZXJpZnlPcHRpb25zID0ge1xyXG4gIHBheWxvYWRUeXBlOiAnanNvbicsXHJcbiAgcmV0dXJuT25seVBheWxvYWQ6IHRydWUsXHJcbn07XHJcblxyXG5leHBvcnQgY29uc3QgREVDUllQVF9PUFRJT05TX0RFRkFVTFQ6IERlY3J5cHRPcHRpb25zID0ge1xyXG4gIHBheWxvYWRUeXBlOiAnanNvbicsXHJcbiAgcmV0dXJuT25seVBheWxvYWQ6IHRydWUsXHJcbiAgc2VyaWFsaXphdGlvbnM6IFtKb3NlU2VyaWFsaXphdGlvbi5KU09OXSxcclxufTtcclxuXHJcbmV4cG9ydCBmdW5jdGlvbiBpc1N5bW1ldHJpY0tleShrZXk6IEpXSy5LZXkpIHtcclxuICAvLyBUT0RPOiBtYWtlIHN1cmUgdGhpcyBjb3ZlcnMgYWxsIGNhc2VzLlxyXG4gIHJldHVybiBrZXkua3R5ID09PSAnb2N0JztcclxufVxyXG5cclxuZXhwb3J0IGZ1bmN0aW9uIGFzSndrKGtleTogSldLLktleSB8IEtleSB8IGFueSk6IEpXSy5LZXkgfCBudWxsIHtcclxuICAvLyBUT0RPOiBtYWtlIHN1cmUgdGhpcyBjb3ZlcnMgYWxsIGNhc2VzLlxyXG4gIC8vIEV4Y2x1ZGVkOlxyXG4gIC8vICAga2V5LnVzZSAtIG9ubHkgZm9yIHB1YmxpYyBrZXlzLCBSZWY6IGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmM3NTE3I3NlY3Rpb24tNC4yXHJcblxyXG4gIGlmIChrZXkuaWQgJiYga2V5Lmp3aykge1xyXG4gICAgcmV0dXJuIGtleS5qd2s7XHJcbiAgfSBlbHNlIGlmIChrZXkua2V5c3RvcmUgJiYga2V5Lmxlbmd0aCAmJiBrZXkua3R5ICYmIGtleS5raWQgJiYga2V5LmFsZykge1xyXG4gICAgcmV0dXJuIGtleTtcclxuICB9IGVsc2Uge1xyXG4gICAgcmV0dXJuIG51bGw7XHJcbiAgfVxyXG59XHJcblxyXG5ASW5qZWN0YWJsZSh7XHJcbiAgcHJvdmlkZWRJbjogJ3Jvb3QnLFxyXG59KVxyXG5leHBvcnQgY2xhc3MgRW5jcnlwdGlvblNlcnZpY2Uge1xyXG4gIGNvbnN0cnVjdG9yKHByaXZhdGUgdGltZVNlcnZpY2U6IFRpbWVTZXJ2aWNlKSB7fVxyXG5cclxuICBhc3luYyBkZWNyeXB0KFxyXG4gICAga2V5OiBKV0suS2V5IHwgS2V5LCAvLyBzdHJpbmcgaXMgYXNzdW1lZCB0byBiZSBrZXkuaWQsIHdpbGwgdW53cmFwIGtleS5cclxuICAgIGp3ZTogb2JqZWN0IHwgc3RyaW5nLCAvLyBzdHJpbmcgd2lsbCBiZSBKU09OLnBhcnNlZFxyXG4gICAgb3B0aW9ucz86IERlY3J5cHRPcHRpb25zXHJcbiAgKTogUHJvbWlzZTxKV0UuRGVjcnlwdFJlc3VsdCB8IGFueT4ge1xyXG4gICAgY29uc3Qgb3B0ID0ge1xyXG4gICAgICBhbGdvcml0aG1zOiBbJ2RpcicsICdBKkdDTScsICdSU0EtT0FFUC0qJ10sXHJcbiAgICB9O1xyXG5cclxuICAgIG9wdGlvbnMgPSB7XHJcbiAgICAgIC4uLkRFQ1JZUFRfT1BUSU9OU19ERUZBVUxULFxyXG4gICAgICAuLi5vcHRpb25zLFxyXG4gICAgfTtcclxuXHJcbiAgICBpZiAoKGtleSBhcyBLZXkpLmp3aykge1xyXG4gICAgICBrZXkgPSAoa2V5IGFzIEtleSkuandrO1xyXG4gICAgfVxyXG5cclxuICAgIGlmICh0eXBlb2YgandlID09PSAnc3RyaW5nJykge1xyXG4gICAgICBpZiAob3B0aW9ucy5zZXJpYWxpemF0aW9ucy5pbmNsdWRlcyhKb3NlU2VyaWFsaXphdGlvbi5KU09OKSkge1xyXG4gICAgICAgIHRyeSB7XHJcbiAgICAgICAgICBqd2UgPSBKU09OLnBhcnNlKGp3ZSk7XHJcbiAgICAgICAgfSBjYXRjaCAoZXJyb3IpIHtcclxuICAgICAgICAgIGlmIChvcHRpb25zLnNlcmlhbGl6YXRpb25zLmluY2x1ZGVzKEpvc2VTZXJpYWxpemF0aW9uLkNPTVBBQ1QpKSB7XHJcbiAgICAgICAgICAgIGNvbnNvbGUubG9nKFxyXG4gICAgICAgICAgICAgICdOb3QgYSBKU09OLWZvcm1hdHRlZCBKV0UsIGl0IG1heWJlIGNvbXBhY3Qgc2VyaWFsaXNhdGlvbiBmb3JtYXQuJ1xyXG4gICAgICAgICAgICApO1xyXG4gICAgICAgICAgfSBlbHNlIHtcclxuICAgICAgICAgICAgdGhyb3cgZXJyb3I7XHJcbiAgICAgICAgICB9XHJcbiAgICAgICAgfVxyXG4gICAgICB9XHJcbiAgICB9XHJcblxyXG4gICAgLy8ge3Jlc3VsdH0gaXMgYSBPYmplY3Qgd2l0aDpcclxuICAgIC8vICogIGhlYWRlcjogdGhlIGNvbWJpbmVkICdwcm90ZWN0ZWQnIGFuZCAndW5wcm90ZWN0ZWQnIGhlYWRlciBtZW1iZXJzXHJcbiAgICAvLyAqICBwcm90ZWN0ZWQ6IGFuIGFycmF5IG9mIHRoZSBtZW1iZXIgbmFtZXMgZnJvbSB0aGUgXCJwcm90ZWN0ZWRcIiBtZW1iZXJcclxuICAgIC8vICogIGtleTogS2V5IHVzZWQgdG8gZGVjcnlwdFxyXG4gICAgLy8gKiAgcGF5bG9hZDogQnVmZmVyIG9mIHRoZSBkZWNyeXB0ZWQgY29udGVudFxyXG4gICAgLy8gKiAgcGxhaW50ZXh0OiBCdWZmZXIgb2YgdGhlIGRlY3J5cHRlZCBjb250ZW50IChhbHRlcm5hdGUpLCBqdXN0IGEgcmVmZXJlbmNlIHRvIHBheWxvYWRcclxuICAgIGNvbnN0IHJlcyA9IGF3YWl0IEpXRS5jcmVhdGVEZWNyeXB0KGtleSBhcyBKV0suS2V5LCBvcHQpLmRlY3J5cHQoXHJcbiAgICAgIGp3ZSBhcyBhbnlcclxuICAgICk7XHJcblxyXG4gICAgcmVzLnBheWxvYWQgPSB0aGlzLmRlY29kZVBheWxvYWQob3B0aW9ucy5wYXlsb2FkVHlwZSwgcmVzLnBheWxvYWQpO1xyXG5cclxuICAgIGlmIChvcHRpb25zLnJldHVybk9ubHlQYXlsb2FkKSB7XHJcbiAgICAgIHJldHVybiByZXMucGF5bG9hZDtcclxuICAgIH0gZWxzZSB7XHJcbiAgICAgIHJldHVybiByZXM7XHJcbiAgICB9XHJcbiAgfVxyXG5cclxuICAvLyBUT0RPIHJlbmFtZSB0aGlzIHRvIGVuY3J5cHQoKSBhbmQgdXNlIGFzIHRoZSBtb3N0IGNvbW1vbiB1c2VjYXNlXHJcbiAgYXN5bmMgZW5jcnlwdFRvU3RyaW5nKFxyXG4gICAga2V5OiBKV0suS2V5LFxyXG4gICAgY29udGVudDogQXJyYXlCdWZmZXIgfCBzdHJpbmcgfCBvYmplY3RcclxuICApOiBQcm9taXNlPHN0cmluZz4ge1xyXG4gICAgcmV0dXJuIEpTT04uc3RyaW5naWZ5KGF3YWl0IHRoaXMuZW5jcnlwdChrZXksIGNvbnRlbnQpKTtcclxuICB9XHJcblxyXG4gIC8vIFRPRE8gcmVuYW1lIHRoaXMgdG8gZW5jcnlwdFRvSlNPTigpIGFuZCB1c2UgdGhpcyB3aGVuIHJlcXVpcmVkLlxyXG4gIGFzeW5jIGVuY3J5cHQoXHJcbiAgICBrZXk6IEpXSy5LZXksXHJcbiAgICBjb250ZW50OiBBcnJheUJ1ZmZlciB8IHN0cmluZyB8IG9iamVjdFxyXG4gICk6IFByb21pc2U8YW55PiB7XHJcbiAgICBpZiAoIWNvbnRlbnQpIHtcclxuICAgICAgdGhyb3cgbmV3IEVycm9yKCdFbmNyeXB0aW5nIGVtcHR5IGNvbnRlbnQuJyk7XHJcbiAgICB9XHJcblxyXG4gICAgaWYgKCEoY29udGVudCBpbnN0YW5jZW9mIEFycmF5QnVmZmVyKSkge1xyXG4gICAgICBjb250ZW50ID0gbmV3IFRleHRFbmNvZGVyKCkuZW5jb2RlKEpTT04uc3RyaW5naWZ5KGNvbnRlbnQpKTtcclxuICAgIH1cclxuXHJcbiAgICByZXR1cm4gSldFLmNyZWF0ZUVuY3J5cHQoXHJcbiAgICAgIHtcclxuICAgICAgICBjb250ZW50QWxnOiAnQTI1NkdDTScsXHJcbiAgICAgICAgZmllbGRzOiB7XHJcbiAgICAgICAgICB0aW1lc3RhbXA6IGF3YWl0IHRoaXMudGltZVNlcnZpY2Uuc2VydmVyTm93KCksXHJcbiAgICAgICAgfSxcclxuICAgICAgfSBhcyBhbnksXHJcbiAgICAgIGtleVxyXG4gICAgKVxyXG4gICAgICAudXBkYXRlKGNvbnRlbnQpXHJcbiAgICAgIC5maW5hbCgpIGFzIGFueTtcclxuICB9XHJcblxyXG4gIC8vIDxBWj4gVW5saWtlIHNpZ25Db250ZW50LCB0aGUgc2VyaWFsaXNlZCBcImNvbnRlbnRcIiB2YXJpYWJsZSBpcyBjb250YWluZWQgaW5zaWRlXHJcbiAgLy8gdGhlIHJlc3VsdC4gU28gb3JkZXJpbmcgb2YgZmllbGRzIHdpdGhpbiBcImNvbnRlbnRcIiBpcyBub3QgYW4gaXNzdWUuXHJcbiAgYXN5bmMgc2lnbihrZXk6IEpXSy5LZXksIGNvbnRlbnQ6IEJ1ZmZlciB8IHN0cmluZyB8IG9iamVjdCk6IFByb21pc2U8YW55PiB7XHJcbiAgICBjb25zdCBzaWduZXIgPSBKV1MuY3JlYXRlU2lnbihcclxuICAgICAge1xyXG4gICAgICAgIGZpZWxkczoge1xyXG4gICAgICAgICAgdGltZXN0YW1wOiBhd2FpdCB0aGlzLnRpbWVTZXJ2aWNlLnNlcnZlck5vdygpLFxyXG4gICAgICAgIH0sXHJcbiAgICAgIH0sXHJcbiAgICAgIGtleVxyXG4gICAgKTtcclxuXHJcbiAgICBpZiAoY29udGVudCBpbnN0YW5jZW9mIEJ1ZmZlcikge1xyXG4gICAgICBzaWduZXIudXBkYXRlKGNvbnRlbnQpO1xyXG4gICAgfSBlbHNlIHtcclxuICAgICAgc2lnbmVyLnVwZGF0ZShKU09OLnN0cmluZ2lmeShjb250ZW50KSwgJ3V0ZjgnKTtcclxuICAgIH1cclxuXHJcbiAgICByZXR1cm4gc2lnbmVyLmZpbmFsKCk7XHJcbiAgfVxyXG5cclxuICBhc3luYyBzaWduVG9TdHJpbmcoXHJcbiAgICBrZXk6IEpXSy5LZXksXHJcbiAgICBjb250ZW50OiBCdWZmZXIgfCBzdHJpbmcgfCBvYmplY3RcclxuICApOiBQcm9taXNlPHN0cmluZz4ge1xyXG4gICAgcmV0dXJuIEpTT04uc3RyaW5naWZ5KGF3YWl0IHRoaXMuc2lnbihrZXksIGNvbnRlbnQpKTtcclxuICB9XHJcblxyXG4gIGFzeW5jIHZlcmlmeShcclxuICAgIGtleTogSldLLktleSxcclxuICAgIGp3czogb2JqZWN0LFxyXG4gICAgb3B0aW9ucz86IFZlcmlmeU9wdGlvbnNcclxuICApOiBQcm9taXNlPGFueT4ge1xyXG4gICAgY29uc3Qgb3B0ID0ge1xyXG4gICAgICBhbGdvcml0aG1zOiBbJ1JTKiddLFxyXG4gICAgfTtcclxuXHJcbiAgICBvcHRpb25zID0ge1xyXG4gICAgICAuLi5WRVJJRllfT1BUSU9OU19ERUZBVUxULFxyXG4gICAgICAuLi5vcHRpb25zLFxyXG4gICAgfTtcclxuXHJcbiAgICB0cnkge1xyXG4gICAgICBjb25zdCByZXMgPSBhd2FpdCBKV1MuY3JlYXRlVmVyaWZ5KGtleSwgb3B0KS52ZXJpZnkoandzIGFzIGFueSk7XHJcblxyXG4gICAgICByZXMucGF5bG9hZCA9IHRoaXMuZGVjb2RlUGF5bG9hZChvcHRpb25zLnBheWxvYWRUeXBlLCByZXMucGF5bG9hZCk7XHJcblxyXG4gICAgICBpZiAob3B0aW9ucy5yZXR1cm5Pbmx5UGF5bG9hZCkge1xyXG4gICAgICAgIHJldHVybiByZXMucGF5bG9hZDtcclxuICAgICAgfSBlbHNlIHtcclxuICAgICAgICByZXR1cm4gcmVzO1xyXG4gICAgICB9XHJcbiAgICB9IGNhdGNoIChlcnJvcikge1xyXG4gICAgICB0aHJvdyBuZXcgTHJFeGNlcHRpb24oe1xyXG4gICAgICAgIGNvZGU6IExyRXJyb3JDb2RlLkJhZFNpZ25hdHVyZSxcclxuICAgICAgICBtZXNzYWdlOiBgQmFkIHNpZ25hdHVyZTogJHtlcnJvcn1gLFxyXG4gICAgICB9KTtcclxuICAgIH1cclxuICB9XHJcblxyXG4gIGFzeW5jIGVuY3J5cHRUaGVuU2lnbihcclxuICAgIHtcclxuICAgICAga2V5LFxyXG4gICAgICBzaWdQcmssXHJcbiAgICB9OiB7XHJcbiAgICAgIGtleTogSldLLktleTtcclxuICAgICAgc2lnUHJrOiBKV0suS2V5O1xyXG4gICAgfSxcclxuICAgIGNvbnRlbnQ6IEFycmF5QnVmZmVyIHwgc3RyaW5nIHwgb2JqZWN0XHJcbiAgKTogUHJvbWlzZTx7IGNpcGhlcjogc3RyaW5nOyBzaWc6IHN0cmluZyB9PiB7XHJcbiAgICBjb25zdCBjaXBoZXIgPSBKU09OLnN0cmluZ2lmeShhd2FpdCB0aGlzLmVuY3J5cHQoa2V5LCBjb250ZW50KSk7XHJcbiAgICBjb25zdCBzaWcgPSBhd2FpdCB0aGlzLnNpZ24oc2lnUHJrLCBjaXBoZXIpO1xyXG4gICAgZGVsZXRlIHNpZy5wYXlsb2FkO1xyXG5cclxuICAgIHJldHVybiB7XHJcbiAgICAgIGNpcGhlcixcclxuICAgICAgc2lnOiBKU09OLnN0cmluZ2lmeShzaWcpLFxyXG4gICAgfTtcclxuICB9XHJcblxyXG4gIHByaXZhdGUgZGVjb2RlUGF5bG9hZChcclxuICAgIHBheWxvYWRUeXBlOiBQYXlsb2FkVHlwZSxcclxuICAgIHBheWxvYWQ6IEFycmF5QnVmZmVyXHJcbiAgKTogQXJyYXlCdWZmZXIgfCBhbnkge1xyXG4gICAgc3dpdGNoIChwYXlsb2FkVHlwZSkge1xyXG4gICAgICBjYXNlICdqc29uJzpcclxuICAgICAgICByZXR1cm4gSlNPTi5wYXJzZShuZXcgVGV4dERlY29kZXIoKS5kZWNvZGUocGF5bG9hZCkpO1xyXG4gICAgICBjYXNlICdBcnJheUJ1ZmZlcic6XHJcbiAgICAgICAgcmV0dXJuIHBheWxvYWQ7XHJcbiAgICAgIGRlZmF1bHQ6XHJcbiAgICAgICAgdGhyb3cgbmV3IExyQmFkQXJndW1lbnRFeGNlcHRpb24oYFVua25vd24gcGF5bG9hZFR5cGU6ICR7cGF5bG9hZFR5cGV9YCk7XHJcbiAgICB9XHJcbiAgfVxyXG59XHJcbiJdfQ==

package/esm2015/lib/cryptography/key-factory.service.js

@@ -0,0 +1,237 @@
+import { __awaiter } from "tslib";
+import { Injectable } from '@angular/core';
+import { JWK } from 'node-jose';
+import { WebCryptoService } from './web-crypto.service';
+import { LrBadArgumentException, LrSuspiciousException, } from '../_common/exceptions';
+import * as i0 from "@angular/core";
+import * as i1 from "./web-crypto.service";
+export function sha256(message) {
+    return __awaiter(this, void 0, void 0, function* () {
+        // encode as UTF-8
+        const msgBuffer = new TextEncoder().encode(message);
+        // hash the message
+        const hashBuffer = yield crypto.subtle.digest('SHA-256', msgBuffer);
+        // convert ArrayBuffer to Array
+        const hashArray = Array.from(new Uint8Array(hashBuffer));
+        // convert bytes to hex string
+        const hashHex = hashArray
+            .map((b) => ('00' + b.toString(16)).slice(-2))
+            .join('');
+        return hashHex;
+    });
+}
+export class KeyFactoryService {
+    constructor(webCryptoService) {
+        this.webCryptoService = webCryptoService;
+        // Global keys store. Otherwise, each call to asKey creates a new keyStore.
+        // <AZ> Did not seem to improve speed.
+        // public static keyStore = JWK.createKeyStore();
+        // AZ: This can't be change easily. It's basically a PassK or PassIdp rotation.
+        // todo: we should eventually increase this periodically to match with Moore's law.
+        // The iterations for each key are kept by the server as well but we assume the value
+        // from the server is not trustworthy, so need to have minimum thresholds here.
+        // If creating new keys, these minimum are used.
+        this.MIN_PASS_IDP_PBKDF_ITER = 100000;
+        this.MIN_PASS_KEY_PBKDF_ITER = 100000;
+        this.MIN_LBOP_KEY_PBKDF_ITER = 100000;
+        // These are used as the default values. They must be larger than the minimum values.
+        this.DEFAULT_PASS_IDP_PBKDF_ITER = this.MIN_PASS_IDP_PBKDF_ITER;
+        this.DEFAULT_PASS_KEY_PBKDF_ITER = this.MIN_PASS_KEY_PBKDF_ITER;
+        this.DEFAULT_LBOP_KEY_PBKDF_ITER = this.MIN_LBOP_KEY_PBKDF_ITER;
+        this.crypto = this.webCryptoService.crypto;
+    }
+    static asKey(key, form, extras) {
+        // <AZ> Using a single global key store did not seem to improve speed.
+        // return KeyFactoryService.keyStore.add(key, form, extras);
+        return JWK.asKey(key, form, extras);
+    }
+    randomString(digits) {
+        if (digits <= 0) {
+            throw new LrBadArgumentException('digits <= 0');
+        }
+        const validChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+        let array = new Uint32Array(digits);
+        this.crypto.getRandomValues(array);
+        array = array.map((x) => validChars.charCodeAt(x % validChars.length));
+        return String.fromCharCode.apply(null, array);
+    }
+    randomDigitsNoZeros(digits) {
+        return this.randomChoices([1, 2, 3, 4, 5, 6, 7, 8, 9], digits).join('');
+    }
+    randomChoices(array, chooseN) {
+        if (array.length <= 1) {
+            throw new LrBadArgumentException('array.length <= 0');
+        }
+        if (chooseN <= 0) {
+            throw new LrBadArgumentException('chooseN <= 0');
+        }
+        const values = new Uint32Array(chooseN);
+        this.crypto.getRandomValues(values);
+        const ret = [];
+        values.forEach((v) => ret.push(array[v % array.length]));
+        return ret;
+    }
+    createSalt() {
+        return this.randomString(16);
+    }
+    createKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.crypto.subtle.generateKey({
+                name: 'AES-GCM',
+                length: 256,
+            }, true, // whether the key is extractable (i.e. can be used in exportKey)
+            ['encrypt', 'decrypt'] // must be ["encrypt", "decrypt"] or ["wrapKey", "unwrapKey"]
+            );
+            const jwk = yield this.crypto.subtle.exportKey('jwk', key);
+            // Removing the fields not needed by node-jose
+            delete jwk.ext;
+            delete jwk.key_ops;
+            return KeyFactoryService.asKey(jwk);
+        });
+    }
+    createSignKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.crypto.subtle.generateKey({
+                name: 'HMAC',
+                hash: { name: 'SHA-512' },
+            }, true, ['sign', 'verify']);
+            const jwk = yield this.crypto.subtle.exportKey('jwk', key);
+            // Removing the fields not needed by node-jose
+            delete jwk.key_ops;
+            delete jwk.ext;
+            return KeyFactoryService.asKey(jwk);
+        });
+    }
+    createPkcKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            // node-jose is not using Forge properly. It should be calling the async version of
+            // pki.rsa.generateKeyPair() with a callback. Instead it calls the sync version. Webcrypto
+            // does not support sync version, so it uses the javascript implementation, which is way too slow.
+            // So we generate using webcrypto and import the key.
+            // Unfortunately Elliptical Curve is not supported by Webcrypto. So we have to settle for RSA.
+            const key = yield this.crypto.subtle.generateKey({
+                name: 'RSA-OAEP',
+                modulusLength: 2048,
+                // As per suggestion: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams
+                publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+                hash: { name: 'SHA-256' },
+            }, true, // whether the key is extractable (i.e. can be used in exportKey)
+            ['encrypt', 'decrypt'] // must be ["encrypt", "decrypt"] or ["wrapKey", "unwrapKey"]
+            );
+            const jwk = yield this.crypto.subtle.exportKey('jwk', key.privateKey);
+            // Removing the fields not needed by node-jose
+            delete jwk.key_ops;
+            delete jwk.ext;
+            return KeyFactoryService.asKey(jwk);
+        });
+    }
+    createPkcSignKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.crypto.subtle.generateKey({
+                name: 'RSASSA-PKCS1-v1_5',
+                modulusLength: 2048,
+                // As per suggestion: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams
+                publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+                hash: { name: 'SHA-256' },
+            }, true, // whether the key is extractable (i.e. can be used in exportKey)
+            ['sign', 'verify'] // can be any combination of "sign" and "verify"
+            );
+            const jwk = yield this.crypto.subtle.exportKey('jwk', key.privateKey);
+            // Removing the fields not needed by node-jose
+            delete jwk.key_ops;
+            delete jwk.ext;
+            return KeyFactoryService.asKey(jwk);
+        });
+    }
+    deriveKey({ password, salt, iterations, kid, }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const enc = new TextEncoder();
+            const rawKey = yield this.crypto.subtle.importKey('raw', enc.encode(password), 'PBKDF2', false, ['deriveBits', 'deriveKey']);
+            const passKey = yield crypto.subtle.deriveKey({
+                name: 'PBKDF2',
+                salt: new TextEncoder().encode(salt),
+                iterations,
+                hash: 'SHA-256',
+            }, rawKey, { name: 'AES-GCM', length: 256 }, true, ['encrypt', 'decrypt']);
+            const passKeyJson = yield crypto.subtle.exportKey('jwk', passKey);
+            if (kid) {
+                passKeyJson.kid = kid;
+            }
+            const jwk = yield KeyFactoryService.asKey(passKeyJson);
+            return { jwk };
+        });
+    }
+    derivePassIdp(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (params.iterations < this.MIN_PASS_IDP_PBKDF_ITER) {
+                throw new LrSuspiciousException(`The number of PassIdp key derivation iterations sent from the server (${params.iterations}) is lower than the minimum (${this.MIN_PASS_IDP_PBKDF_ITER})`);
+            }
+            return this.deriveKey(params);
+        });
+    }
+    derivePassKey(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (params.iterations < this.MIN_PASS_KEY_PBKDF_ITER) {
+                throw new LrSuspiciousException(`The number of PassKey key derivation iterations sent from the server(${params.iterations}) is lower than the minimum(${this.MIN_PASS_KEY_PBKDF_ITER})`);
+            }
+            return this.deriveKey(params);
+        });
+    }
+    deriveLbopKey(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (params.iterations < this.MIN_LBOP_KEY_PBKDF_ITER) {
+                throw new LrSuspiciousException(`The number of LbopKey key derivation iterations sent from the server(${params.iterations}) is lower than the minimum(${this.MIN_LBOP_KEY_PBKDF_ITER})`);
+            }
+            return this.deriveKey(params);
+        });
+    }
+    createKid() {
+        return __awaiter(this, void 0, void 0, function* () {
+            // todo: AZ: node-jose source uses node's default UUID() function for kid, so just change to use that.
+            // for now, we are just creating a new key to use it's kid.
+            // The kid is a part of the JWK system. LR backend maintains the key hierarchy separately with it's own
+            // key id. But we just use it here as a double check.
+            return (yield this.createKey()).kid;
+        });
+    }
+    createPassIdpParams() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return {
+                salt: this.createSalt(),
+                iterations: this.DEFAULT_PASS_IDP_PBKDF_ITER,
+            };
+        });
+    }
+    createPassKeyParams() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return {
+                salt: this.createSalt(),
+                kid: yield this.createKid(),
+                iterations: this.DEFAULT_PASS_KEY_PBKDF_ITER,
+            };
+        });
+    }
+    createLbopKeyParams() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return {
+                salt: this.createSalt(),
+                // todo: AZ: node-jose source uses node's default UUID() function for kid, so just change to use that.
+                // for now, we are just creating a new key to use it's kid.
+                // The kid is a part of the JWK system. LR backend maintains the key hierarchy separately with it's own
+                // key id. But we just use it here as a double check.
+                kid: yield this.createKid(),
+                iterations: this.DEFAULT_PASS_KEY_PBKDF_ITER,
+            };
+        });
+    }
+}
+KeyFactoryService.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyFactoryService_Factory() { return new KeyFactoryService(i0.ɵɵinject(i1.WebCryptoService)); }, token: KeyFactoryService, providedIn: "root" });
+KeyFactoryService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+KeyFactoryService.ctorParameters = () => [
+    { type: WebCryptoService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LWZhY3Rvcnkuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiJDOi9Qcm9qZWN0cy9uZXdyZXBvL2tjLWNsaWVudC9wcm9qZWN0cy9jb3JlL3NyYy8iLCJzb3VyY2VzIjpbImxpYi9jcnlwdG9ncmFwaHkva2V5LWZhY3Rvcnkuc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUMzQyxPQUFPLEVBQUUsR0FBRyxFQUFFLE1BQU0sV0FBVyxDQUFDO0FBVWhDLE9BQU8sRUFBRSxnQkFBZ0IsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ3hELE9BQU8sRUFDTCxzQkFBc0IsRUFDdEIscUJBQXFCLEdBQ3RCLE1BQU0sdUJBQXVCLENBQUM7OztBQUUvQixNQUFNLFVBQWdCLE1BQU0sQ0FBQyxPQUFPOztRQUNsQyxrQkFBa0I7UUFDbEIsTUFBTSxTQUFTLEdBQUcsSUFBSSxXQUFXLEVBQUUsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7UUFFcEQsbUJBQW1CO1FBQ25CLE1BQU0sVUFBVSxHQUFHLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBRXBFLCtCQUErQjtRQUMvQixNQUFNLFNBQVMsR0FBRyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksVUFBVSxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUM7UUFFekQsOEJBQThCO1FBQzlCLE1BQU0sT0FBTyxHQUFHLFNBQVM7YUFDdEIsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLElBQUksR0FBRyxDQUFDLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7YUFDN0MsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ1osT0FBTyxPQUFPLENBQUM7SUFDakIsQ0FBQztDQUFBO0FBS0QsTUFBTSxPQUFPLGlCQUFpQjtJQUM1QixZQUFvQixnQkFBa0M7UUFBbEMscUJBQWdCLEdBQWhCLGdCQUFnQixDQUFrQjtRQUl0RCwyRUFBMkU7UUFDM0Usc0NBQXNDO1FBQ3RDLGlEQUFpRDtRQUVqRCwrRUFBK0U7UUFDL0UsbUZBQW1GO1FBQ25GLHFGQUFxRjtRQUNyRiwrRUFBK0U7UUFDL0UsZ0RBQWdEO1FBQ2hDLDRCQUF1QixHQUFHLE1BQU0sQ0FBQztRQUNqQyw0QkFBdUIsR0FBRyxNQUFNLENBQUM7UUFDakMsNEJBQXVCLEdBQUcsTUFBTSxDQUFDO1FBRWpELHFGQUFxRjtRQUNyRSxnQ0FBMkIsR0FBRyxJQUFJLENBQUMsdUJBQXVCLENBQUM7UUFDM0QsZ0NBQTJCLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixDQUFDO1FBQzNELGdDQUEyQixHQUFHLElBQUksQ0FBQyx1QkFBdUIsQ0FBQztRQW5CekUsSUFBSSxDQUFDLE1BQU0sR0FBRyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsTUFBTSxDQUFDO0lBQzdDLENBQUM7SUFvQkQsTUFBTSxDQUFDLEtBQUssQ0FDVixHQUEwQyxFQUMxQyxJQVFTLEVBQ1QsTUFBZ0M7UUFFaEMsc0VBQXNFO1FBQ3RFLDREQUE0RDtRQUM1RCxPQUFPLEdBQUcsQ0FBQyxLQUFLLENBQUMsR0FBRyxFQUFFLElBQUksRUFBRSxNQUFNLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBRUQsWUFBWSxDQUFDLE1BQWM7UUFDekIsSUFBSSxNQUFNLElBQUksQ0FBQyxFQUFFO1lBQ2YsTUFBTSxJQUFJLHNCQUFzQixDQUFDLGFBQWEsQ0FBQyxDQUFDO1NBQ2pEO1FBQ0QsTUFBTSxVQUFVLEdBQ2QsZ0VBQWdFLENBQUM7UUFDbkUsSUFBSSxLQUFLLEdBQUcsSUFBSSxXQUFXLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDcEMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxlQUFlLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDbkMsS0FBSyxHQUFHLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUMsQ0FBQyxHQUFHLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO1FBQ3ZFLE9BQU8sTUFBTSxDQUFDLFlBQVksQ0FBQyxLQUFLLENBQUMsSUFBSSxFQUFFLEtBQUssQ0FBQyxDQUFDO0lBQ2hELENBQUM7SUFFRCxtQkFBbUIsQ0FBQyxNQUFjO1FBQ2hDLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxDQUFDLEVBQUUsTUFBTSxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQzFFLENBQUM7SUFFRCxhQUFhLENBQUksS0FBVSxFQUFFLE9BQWU7UUFDMUMsSUFBSSxLQUFLLENBQUMsTUFBTSxJQUFJLENBQUMsRUFBRTtZQUNyQixNQUFNLElBQUksc0JBQXNCLENBQUMsbUJBQW1CLENBQUMsQ0FBQztTQUN2RDtRQUNELElBQUksT0FBTyxJQUFJLENBQUMsRUFBRTtZQUNoQixNQUFNLElBQUksc0JBQXNCLENBQUMsY0FBYyxDQUFDLENBQUM7U0FDbEQ7UUFDRCxNQUFNLE1BQU0sR0FBRyxJQUFJLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN4QyxJQUFJLENBQUMsTUFBTSxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNwQyxNQUFNLEdBQUcsR0FBUSxFQUFFLENBQUM7UUFDcEIsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxHQUFHLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDekQsT0FBTyxHQUFHLENBQUM7SUFDYixDQUFDO0lBRUQsVUFBVTtRQUNSLE9BQU8sSUFBSSxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUssU0FBUzs7WUFDYixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FDOUM7Z0JBQ0UsSUFBSSxFQUFFLFNBQVM7Z0JBQ2YsTUFBTSxFQUFFLEdBQUc7YUFDWixFQUNELElBQUksRUFBRSxpRUFBaUU7WUFDdkUsQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDLENBQUMsNkRBQTZEO2FBQ3JGLENBQUM7WUFFRixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsR0FBRyxDQUFDLENBQUM7WUFFM0QsOENBQThDO1lBQzlDLE9BQU8sR0FBRyxDQUFDLEdBQUcsQ0FBQztZQUNmLE9BQU8sR0FBRyxDQUFDLE9BQU8sQ0FBQztZQUVuQixPQUFPLGlCQUFpQixDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUN0QyxDQUFDO0tBQUE7SUFFSyxhQUFhOztZQUNqQixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FDOUM7Z0JBQ0UsSUFBSSxFQUFFLE1BQU07Z0JBQ1osSUFBSSxFQUFFLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRTthQUMxQixFQUNELElBQUksRUFDSixDQUFDLE1BQU0sRUFBRSxRQUFRLENBQUMsQ0FDbkIsQ0FBQztZQUVGLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxHQUFHLENBQUMsQ0FBQztZQUUzRCw4Q0FBOEM7WUFDOUMsT0FBTyxHQUFHLENBQUMsT0FBTyxDQUFDO1lBQ25CLE9BQU8sR0FBRyxDQUFDLEdBQUcsQ0FBQztZQUVmLE9BQU8saUJBQWlCLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ3RDLENBQUM7S0FBQTtJQUVLLFlBQVk7O1lBQ2hCLG1GQUFtRjtZQUNuRiwwRkFBMEY7WUFDMUYsa0dBQWtHO1lBQ2xHLHFEQUFxRDtZQUNyRCw4RkFBOEY7WUFDOUYsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQzlDO2dCQUNFLElBQUksRUFBRSxVQUFVO2dCQUNoQixhQUFhLEVBQUUsSUFBSTtnQkFDbkIsNEZBQTRGO2dCQUM1RixjQUFjLEVBQUUsSUFBSSxVQUFVLENBQUMsQ0FBQyxJQUFJLEVBQUUsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO2dCQUNsRCxJQUFJLEVBQUUsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFO2FBQzFCLEVBQ0QsSUFBSSxFQUFFLGlFQUFpRTtZQUN2RSxDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUMsQ0FBQyw2REFBNkQ7YUFDckYsQ0FBQztZQUVGLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxHQUFHLENBQUMsVUFBVSxDQUFDLENBQUM7WUFDdEUsOENBQThDO1lBQzlDLE9BQU8sR0FBRyxDQUFDLE9BQU8sQ0FBQztZQUNuQixPQUFPLEdBQUcsQ0FBQyxHQUFHLENBQUM7WUFFZixPQUFPLGlCQUFpQixDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUN0QyxDQUFDO0tBQUE7SUFFSyxnQkFBZ0I7O1lBQ3BCLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUM5QztnQkFDRSxJQUFJLEVBQUUsbUJBQW1CO2dCQUN6QixhQUFhLEVBQUUsSUFBSTtnQkFDbkIsNEZBQTRGO2dCQUM1RixjQUFjLEVBQUUsSUFBSSxVQUFVLENBQUMsQ0FBQyxJQUFJLEVBQUUsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO2dCQUNsRCxJQUFJLEVBQUUsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFO2FBQzFCLEVBQ0QsSUFBSSxFQUFFLGlFQUFpRTtZQUN2RSxDQUFDLE1BQU0sRUFBRSxRQUFRLENBQUMsQ0FBQyxnREFBZ0Q7YUFDcEUsQ0FBQztZQUVGLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxHQUFHLENBQUMsVUFBVSxDQUFDLENBQUM7WUFFdEUsOENBQThDO1lBQzlDLE9BQU8sR0FBRyxDQUFDLE9BQU8sQ0FBQztZQUNuQixPQUFPLEdBQUcsQ0FBQyxHQUFHLENBQUM7WUFFZixPQUFPLGlCQUFpQixDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUN0QyxDQUFDO0tBQUE7SUFFSyxTQUFTLENBQUMsRUFDZCxRQUFRLEVBQ1IsSUFBSSxFQUNKLFVBQVUsRUFDVixHQUFHLEdBTUo7O1lBQ0MsTUFBTSxHQUFHLEdBQUcsSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUM5QixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FDL0MsS0FBSyxFQUNMLEdBQUcsQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLEVBQ3BCLFFBQVEsRUFDUixLQUFLLEVBQ0wsQ0FBQyxZQUFZLEVBQUUsV0FBVyxDQUFDLENBQzVCLENBQUM7WUFFRixNQUFNLE9BQU8sR0FBRyxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUMzQztnQkFDRSxJQUFJLEVBQUUsUUFBUTtnQkFDZCxJQUFJLEVBQUUsSUFBSSxXQUFXLEVBQUUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDO2dCQUNwQyxVQUFVO2dCQUNWLElBQUksRUFBRSxTQUFTO2FBQ2hCLEVBQ0QsTUFBTSxFQUNOLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxNQUFNLEVBQUUsR0FBRyxFQUFFLEVBQ2hDLElBQUksRUFDSixDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUMsQ0FDdkIsQ0FBQztZQUVGLE1BQU0sV0FBVyxHQUFRLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsS0FBSyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1lBQ3ZFLElBQUksR0FBRyxFQUFFO2dCQUNQLFdBQVcsQ0FBQyxHQUFHLEdBQUcsR0FBRyxDQUFDO2FBQ3ZCO1lBRUQsTUFBTSxHQUFHLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLENBQUM7WUFFdkQsT0FBTyxFQUFFLEdBQUcsRUFBRSxDQUFDO1FBQ2pCLENBQUM7S0FBQTtJQUVLLGFBQWEsQ0FBQyxNQUEyQjs7WUFDN0MsSUFBSSxNQUFNLENBQUMsVUFBVSxHQUFHLElBQUksQ0FBQyx1QkFBdUIsRUFBRTtnQkFDcEQsTUFBTSxJQUFJLHFCQUFxQixDQUM3Qix5RUFBeUUsTUFBTSxDQUFDLFVBQVUsZ0NBQWdDLElBQUksQ0FBQyx1QkFBdUIsR0FBRyxDQUMxSixDQUFDO2FBQ0g7WUFDRCxPQUFPLElBQUksQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDaEMsQ0FBQztLQUFBO0lBRUssYUFBYSxDQUFDLE1BQTJCOztZQUM3QyxJQUFJLE1BQU0sQ0FBQyxVQUFVLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixFQUFFO2dCQUNwRCxNQUFNLElBQUkscUJBQXFCLENBQzdCLHdFQUF3RSxNQUFNLENBQUMsVUFBVSwrQkFBK0IsSUFBSSxDQUFDLHVCQUF1QixHQUFHLENBQ3hKLENBQUM7YUFDSDtZQUNELE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNoQyxDQUFDO0tBQUE7SUFFSyxhQUFhLENBQUMsTUFBMkI7O1lBQzdDLElBQUksTUFBTSxDQUFDLFVBQVUsR0FBRyxJQUFJLENBQUMsdUJBQXVCLEVBQUU7Z0JBQ3BELE1BQU0sSUFBSSxxQkFBcUIsQ0FDN0Isd0VBQXdFLE1BQU0sQ0FBQyxVQUFVLCtCQUErQixJQUFJLENBQUMsdUJBQXVCLEdBQUcsQ0FDeEosQ0FBQzthQUNIO1lBQ0QsT0FBTyxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2hDLENBQUM7S0FBQTtJQUVLLFNBQVM7O1lBQ2Isc0dBQXNHO1lBQ3RHLDJEQUEyRDtZQUMzRCx1R0FBdUc7WUFDdkcscURBQXFEO1lBQ3JELE9BQU8sQ0FBQyxNQUFNLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQyxDQUFDLEdBQUcsQ0FBQztRQUN0QyxDQUFDO0tBQUE7SUFFSyxtQkFBbUI7O1lBQ3ZCLE9BQU87Z0JBQ0wsSUFBSSxFQUFFLElBQUksQ0FBQyxVQUFVLEVBQUU7Z0JBQ3ZCLFVBQVUsRUFBRSxJQUFJLENBQUMsMkJBQTJCO2FBQzdDLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFSyxtQkFBbUI7O1lBQ3ZCLE9BQU87Z0JBQ0wsSUFBSSxFQUFFLElBQUksQ0FBQyxVQUFVLEVBQUU7Z0JBQ3ZCLEdBQUcsRUFBRSxNQUFNLElBQUksQ0FBQyxTQUFTLEVBQUU7Z0JBQzNCLFVBQVUsRUFBRSxJQUFJLENBQUMsMkJBQTJCO2FBQzdDLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFSyxtQkFBbUI7O1lBQ3ZCLE9BQU87Z0JBQ0wsSUFBSSxFQUFFLElBQUksQ0FBQyxVQUFVLEVBQUU7Z0JBQ3ZCLHNHQUFzRztnQkFDdEcsMkRBQTJEO2dCQUMzRCx1R0FBdUc7Z0JBQ3ZHLHFEQUFxRDtnQkFDckQsR0FBRyxFQUFFLE1BQU0sSUFBSSxDQUFDLFNBQVMsRUFBRTtnQkFDM0IsVUFBVSxFQUFFLElBQUksQ0FBQywyQkFBMkI7YUFDN0MsQ0FBQztRQUNKLENBQUM7S0FBQTs7OztZQTNRRixVQUFVLFNBQUM7Z0JBQ1YsVUFBVSxFQUFFLE1BQU07YUFDbkI7OztZQXpCUSxnQkFBZ0IiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBJbmplY3RhYmxlIH0gZnJvbSAnQGFuZ3VsYXIvY29yZSc7XHJcbmltcG9ydCB7IEpXSyB9IGZyb20gJ25vZGUtam9zZSc7XHJcbmltcG9ydCB7XHJcbiAgTGJvcEtleVBhcmFtcyxcclxuICBQYXNzSWRwUGFyYW1zLFxyXG4gIFBhc3NLZXlQYXJhbXMsXHJcbiAgRGVyaXZlS2V5UmVzdWx0LFxyXG4gIERlcml2ZVBhc3NJZHBQYXJhbXMsXHJcbiAgRGVyaXZlUGFzc0tleVBhcmFtcyxcclxuICBEZXJpdmVMYm9wS2V5UGFyYW1zLFxyXG59IGZyb20gJy4vY3J5cHRvZ3JhcGh5LnR5cGVzJztcclxuaW1wb3J0IHsgV2ViQ3J5cHRvU2VydmljZSB9IGZyb20gJy4vd2ViLWNyeXB0by5zZXJ2aWNlJztcclxuaW1wb3J0IHtcclxuICBMckJhZEFyZ3VtZW50RXhjZXB0aW9uLFxyXG4gIExyU3VzcGljaW91c0V4Y2VwdGlvbixcclxufSBmcm9tICcuLi9fY29tbW9uL2V4Y2VwdGlvbnMnO1xyXG5cclxuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIHNoYTI1NihtZXNzYWdlKSB7XHJcbiAgLy8gZW5jb2RlIGFzIFVURi04XHJcbiAgY29uc3QgbXNnQnVmZmVyID0gbmV3IFRleHRFbmNvZGVyKCkuZW5jb2RlKG1lc3NhZ2UpO1xyXG5cclxuICAvLyBoYXNoIHRoZSBtZXNzYWdlXHJcbiAgY29uc3QgaGFzaEJ1ZmZlciA9IGF3YWl0IGNyeXB0by5zdWJ0bGUuZGlnZXN0KCdTSEEtMjU2JywgbXNnQnVmZmVyKTtcclxuXHJcbiAgLy8gY29udmVydCBBcnJheUJ1ZmZlciB0byBBcnJheVxyXG4gIGNvbnN0IGhhc2hBcnJheSA9IEFycmF5LmZyb20obmV3IFVpbnQ4QXJyYXkoaGFzaEJ1ZmZlcikpO1xyXG5cclxuICAvLyBjb252ZXJ0IGJ5dGVzIHRvIGhleCBzdHJpbmdcclxuICBjb25zdCBoYXNoSGV4ID0gaGFzaEFycmF5XHJcbiAgICAubWFwKChiKSA9PiAoJzAwJyArIGIudG9TdHJpbmcoMTYpKS5zbGljZSgtMikpXHJcbiAgICAuam9pbignJyk7XHJcbiAgcmV0dXJuIGhhc2hIZXg7XHJcbn1cclxuXHJcbkBJbmplY3RhYmxlKHtcclxuICBwcm92aWRlZEluOiAncm9vdCcsXHJcbn0pXHJcbmV4cG9ydCBjbGFzcyBLZXlGYWN0b3J5U2VydmljZSB7XHJcbiAgY29uc3RydWN0b3IocHJpdmF0ZSB3ZWJDcnlwdG9TZXJ2aWNlOiBXZWJDcnlwdG9TZXJ2aWNlKSB7XHJcbiAgICB0aGlzLmNyeXB0byA9IHRoaXMud2ViQ3J5cHRvU2VydmljZS5jcnlwdG87XHJcbiAgfVxyXG4gIHByaXZhdGUgcmVhZG9ubHkgY3J5cHRvO1xyXG4gIC8vIEdsb2JhbCBrZXlzIHN0b3JlLiBPdGhlcndpc2UsIGVhY2ggY2FsbCB0byBhc0tleSBjcmVhdGVzIGEgbmV3IGtleVN0b3JlLlxyXG4gIC8vIDxBWj4gRGlkIG5vdCBzZWVtIHRvIGltcHJvdmUgc3BlZWQuXHJcbiAgLy8gcHVibGljIHN0YXRpYyBrZXlTdG9yZSA9IEpXSy5jcmVhdGVLZXlTdG9yZSgpO1xyXG5cclxuICAvLyBBWjogVGhpcyBjYW4ndCBiZSBjaGFuZ2UgZWFzaWx5LiBJdCdzIGJhc2ljYWxseSBhIFBhc3NLIG9yIFBhc3NJZHAgcm90YXRpb24uXHJcbiAgLy8gdG9kbzogd2Ugc2hvdWxkIGV2ZW50dWFsbHkgaW5jcmVhc2UgdGhpcyBwZXJpb2RpY2FsbHkgdG8gbWF0Y2ggd2l0aCBNb29yZSdzIGxhdy5cclxuICAvLyBUaGUgaXRlcmF0aW9ucyBmb3IgZWFjaCBrZXkgYXJlIGtlcHQgYnkgdGhlIHNlcnZlciBhcyB3ZWxsIGJ1dCB3ZSBhc3N1bWUgdGhlIHZhbHVlXHJcbiAgLy8gZnJvbSB0aGUgc2VydmVyIGlzIG5vdCB0cnVzdHdvcnRoeSwgc28gbmVlZCB0byBoYXZlIG1pbmltdW0gdGhyZXNob2xkcyBoZXJlLlxyXG4gIC8vIElmIGNyZWF0aW5nIG5ldyBrZXlzLCB0aGVzZSBtaW5pbXVtIGFyZSB1c2VkLlxyXG4gIHB1YmxpYyByZWFkb25seSBNSU5fUEFTU19JRFBfUEJLREZfSVRFUiA9IDEwMDAwMDtcclxuICBwdWJsaWMgcmVhZG9ubHkgTUlOX1BBU1NfS0VZX1BCS0RGX0lURVIgPSAxMDAwMDA7XHJcbiAgcHVibGljIHJlYWRvbmx5IE1JTl9MQk9QX0tFWV9QQktERl9JVEVSID0gMTAwMDAwO1xyXG5cclxuICAvLyBUaGVzZSBhcmUgdXNlZCBhcyB0aGUgZGVmYXVsdCB2YWx1ZXMuIFRoZXkgbXVzdCBiZSBsYXJnZXIgdGhhbiB0aGUgbWluaW11bSB2YWx1ZXMuXHJcbiAgcHVibGljIHJlYWRvbmx5IERFRkFVTFRfUEFTU19JRFBfUEJLREZfSVRFUiA9IHRoaXMuTUlOX1BBU1NfSURQX1BCS0RGX0lURVI7XHJcbiAgcHVibGljIHJlYWRvbmx5IERFRkFVTFRfUEFTU19LRVlfUEJLREZfSVRFUiA9IHRoaXMuTUlOX1BBU1NfS0VZX1BCS0RGX0lURVI7XHJcbiAgcHVibGljIHJlYWRvbmx5IERFRkFVTFRfTEJPUF9LRVlfUEJLREZfSVRFUiA9IHRoaXMuTUlOX0xCT1BfS0VZX1BCS0RGX0lURVI7XHJcblxyXG4gIHN0YXRpYyBhc0tleShcclxuICAgIGtleTogc3RyaW5nIHwgQnVmZmVyIHwgb2JqZWN0IHwgSldLLlJhd0tleSxcclxuICAgIGZvcm0/OlxyXG4gICAgICB8ICdqc29uJ1xyXG4gICAgICB8ICdwcml2YXRlJ1xyXG4gICAgICB8ICdwa2NzOCdcclxuICAgICAgfCAncHVibGljJ1xyXG4gICAgICB8ICdzcGtpJ1xyXG4gICAgICB8ICdwa2l4J1xyXG4gICAgICB8ICd4NTA5J1xyXG4gICAgICB8ICdwZW0nLFxyXG4gICAgZXh0cmFzPzogUmVjb3JkPHN0cmluZywgdW5rbm93bj5cclxuICApOiBQcm9taXNlPEpXSy5LZXk+IHtcclxuICAgIC8vIDxBWj4gVXNpbmcgYSBzaW5nbGUgZ2xvYmFsIGtleSBzdG9yZSBkaWQgbm90IHNlZW0gdG8gaW1wcm92ZSBzcGVlZC5cclxuICAgIC8vIHJldHVybiBLZXlGYWN0b3J5U2VydmljZS5rZXlTdG9yZS5hZGQoa2V5LCBmb3JtLCBleHRyYXMpO1xyXG4gICAgcmV0dXJuIEpXSy5hc0tleShrZXksIGZvcm0sIGV4dHJhcyk7XHJcbiAgfVxyXG5cclxuICByYW5kb21TdHJpbmcoZGlnaXRzOiBudW1iZXIpOiBzdHJpbmcge1xyXG4gICAgaWYgKGRpZ2l0cyA8PSAwKSB7XHJcbiAgICAgIHRocm93IG5ldyBMckJhZEFyZ3VtZW50RXhjZXB0aW9uKCdkaWdpdHMgPD0gMCcpO1xyXG4gICAgfVxyXG4gICAgY29uc3QgdmFsaWRDaGFycyA9XHJcbiAgICAgICdBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSc7XHJcbiAgICBsZXQgYXJyYXkgPSBuZXcgVWludDMyQXJyYXkoZGlnaXRzKTtcclxuICAgIHRoaXMuY3J5cHRvLmdldFJhbmRvbVZhbHVlcyhhcnJheSk7XHJcbiAgICBhcnJheSA9IGFycmF5Lm1hcCgoeCkgPT4gdmFsaWRDaGFycy5jaGFyQ29kZUF0KHggJSB2YWxpZENoYXJzLmxlbmd0aCkpO1xyXG4gICAgcmV0dXJuIFN0cmluZy5mcm9tQ2hhckNvZGUuYXBwbHkobnVsbCwgYXJyYXkpO1xyXG4gIH1cclxuXHJcbiAgcmFuZG9tRGlnaXRzTm9aZXJvcyhkaWdpdHM6IG51bWJlcik6IHN0cmluZyB7XHJcbiAgICByZXR1cm4gdGhpcy5yYW5kb21DaG9pY2VzKFsxLCAyLCAzLCA0LCA1LCA2LCA3LCA4LCA5XSwgZGlnaXRzKS5qb2luKCcnKTtcclxuICB9XHJcblxyXG4gIHJhbmRvbUNob2ljZXM8VD4oYXJyYXk6IFRbXSwgY2hvb3NlTjogbnVtYmVyKTogVFtdIHtcclxuICAgIGlmIChhcnJheS5sZW5ndGggPD0gMSkge1xyXG4gICAgICB0aHJvdyBuZXcgTHJCYWRBcmd1bWVudEV4Y2VwdGlvbignYXJyYXkubGVuZ3RoIDw9IDAnKTtcclxuICAgIH1cclxuICAgIGlmIChjaG9vc2VOIDw9IDApIHtcclxuICAgICAgdGhyb3cgbmV3IExyQmFkQXJndW1lbnRFeGNlcHRpb24oJ2Nob29zZU4gPD0gMCcpO1xyXG4gICAgfVxyXG4gICAgY29uc3QgdmFsdWVzID0gbmV3IFVpbnQzMkFycmF5KGNob29zZU4pO1xyXG4gICAgdGhpcy5jcnlwdG8uZ2V0UmFuZG9tVmFsdWVzKHZhbHVlcyk7XHJcbiAgICBjb25zdCByZXQ6IFRbXSA9IFtdO1xyXG4gICAgdmFsdWVzLmZvckVhY2goKHYpID0+IHJldC5wdXNoKGFycmF5W3YgJSBhcnJheS5sZW5ndGhdKSk7XHJcbiAgICByZXR1cm4gcmV0O1xyXG4gIH1cclxuXHJcbiAgY3JlYXRlU2FsdCgpOiBzdHJpbmcge1xyXG4gICAgcmV0dXJuIHRoaXMucmFuZG9tU3RyaW5nKDE2KTtcclxuICB9XHJcblxyXG4gIGFzeW5jIGNyZWF0ZUtleSgpOiBQcm9taXNlPEpXSy5LZXk+IHtcclxuICAgIGNvbnN0IGtleSA9IGF3YWl0IHRoaXMuY3J5cHRvLnN1YnRsZS5nZW5lcmF0ZUtleShcclxuICAgICAge1xyXG4gICAgICAgIG5hbWU6ICdBRVMtR0NNJyxcclxuICAgICAgICBsZW5ndGg6IDI1NiwgLy8gY2FuIGJlICAxMjgsIDE5Miwgb3IgMjU2XHJcbiAgICAgIH0sXHJcbiAgICAgIHRydWUsIC8vIHdoZXRoZXIgdGhlIGtleSBpcyBleHRyYWN0YWJsZSAoaS5lLiBjYW4gYmUgdXNlZCBpbiBleHBvcnRLZXkpXHJcbiAgICAgIFsnZW5jcnlwdCcsICdkZWNyeXB0J10gLy8gbXVzdCBiZSBbXCJlbmNyeXB0XCIsIFwiZGVjcnlwdFwiXSBvciBbXCJ3cmFwS2V5XCIsIFwidW53cmFwS2V5XCJdXHJcbiAgICApO1xyXG5cclxuICAgIGNvbnN0IGp3ayA9IGF3YWl0IHRoaXMuY3J5cHRvLnN1YnRsZS5leHBvcnRLZXkoJ2p3aycsIGtleSk7XHJcblxyXG4gICAgLy8gUmVtb3ZpbmcgdGhlIGZpZWxkcyBub3QgbmVlZGVkIGJ5IG5vZGUtam9zZVxyXG4gICAgZGVsZXRlIGp3ay5leHQ7XHJcbiAgICBkZWxldGUgandrLmtleV9vcHM7XHJcblxyXG4gICAgcmV0dXJuIEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KGp3ayk7XHJcbiAgfVxyXG5cclxuICBhc3luYyBjcmVhdGVTaWduS2V5KCk6IFByb21pc2U8SldLLktleT4ge1xyXG4gICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5jcnlwdG8uc3VidGxlLmdlbmVyYXRlS2V5KFxyXG4gICAgICB7XHJcbiAgICAgICAgbmFtZTogJ0hNQUMnLFxyXG4gICAgICAgIGhhc2g6IHsgbmFtZTogJ1NIQS01MTInIH0sXHJcbiAgICAgIH0sXHJcbiAgICAgIHRydWUsXHJcbiAgICAgIFsnc2lnbicsICd2ZXJpZnknXVxyXG4gICAgKTtcclxuXHJcbiAgICBjb25zdCBqd2sgPSBhd2FpdCB0aGlzLmNyeXB0by5zdWJ0bGUuZXhwb3J0S2V5KCdqd2snLCBrZXkpO1xyXG5cclxuICAgIC8vIFJlbW92aW5nIHRoZSBmaWVsZHMgbm90IG5lZWRlZCBieSBub2RlLWpvc2VcclxuICAgIGRlbGV0ZSBqd2sua2V5X29wcztcclxuICAgIGRlbGV0ZSBqd2suZXh0O1xyXG5cclxuICAgIHJldHVybiBLZXlGYWN0b3J5U2VydmljZS5hc0tleShqd2spO1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgY3JlYXRlUGtjS2V5KCk6IFByb21pc2U8SldLLktleT4ge1xyXG4gICAgLy8gbm9kZS1qb3NlIGlzIG5vdCB1c2luZyBGb3JnZSBwcm9wZXJseS4gSXQgc2hvdWxkIGJlIGNhbGxpbmcgdGhlIGFzeW5jIHZlcnNpb24gb2ZcclxuICAgIC8vIHBraS5yc2EuZ2VuZXJhdGVLZXlQYWlyKCkgd2l0aCBhIGNhbGxiYWNrLiBJbnN0ZWFkIGl0IGNhbGxzIHRoZSBzeW5jIHZlcnNpb24uIFdlYmNyeXB0b1xyXG4gICAgLy8gZG9lcyBub3Qgc3VwcG9ydCBzeW5jIHZlcnNpb24sIHNvIGl0IHVzZXMgdGhlIGphdmFzY3JpcHQgaW1wbGVtZW50YXRpb24sIHdoaWNoIGlzIHdheSB0b28gc2xvdy5cclxuICAgIC8vIFNvIHdlIGdlbmVyYXRlIHVzaW5nIHdlYmNyeXB0byBhbmQgaW1wb3J0IHRoZSBrZXkuXHJcbiAgICAvLyBVbmZvcnR1bmF0ZWx5IEVsbGlwdGljYWwgQ3VydmUgaXMgbm90IHN1cHBvcnRlZCBieSBXZWJjcnlwdG8uIFNvIHdlIGhhdmUgdG8gc2V0dGxlIGZvciBSU0EuXHJcbiAgICBjb25zdCBrZXkgPSBhd2FpdCB0aGlzLmNyeXB0by5zdWJ0bGUuZ2VuZXJhdGVLZXkoXHJcbiAgICAgIHtcclxuICAgICAgICBuYW1lOiAnUlNBLU9BRVAnLFxyXG4gICAgICAgIG1vZHVsdXNMZW5ndGg6IDIwNDgsIC8vIGNhbiBiZSAxMDI0LCAyMDQ4LCAzMDcyLCA0MDk2IC4uLiAxNjM4NFxyXG4gICAgICAgIC8vIEFzIHBlciBzdWdnZXN0aW9uOiBodHRwczovL2RldmVsb3Blci5tb3ppbGxhLm9yZy9lbi1VUy9kb2NzL1dlYi9BUEkvUnNhSGFzaGVkS2V5R2VuUGFyYW1zXHJcbiAgICAgICAgcHVibGljRXhwb25lbnQ6IG5ldyBVaW50OEFycmF5KFsweDAxLCAweDAwLCAweDAxXSksXHJcbiAgICAgICAgaGFzaDogeyBuYW1lOiAnU0hBLTI1NicgfSwgLy8gY2FuIGJlIFwiU0hBLTFcIiwgXCJTSEEtMjU2XCIsIFwiU0hBLTM4NFwiLCBvciBcIlNIQS01MTJcIlxyXG4gICAgICB9LFxyXG4gICAgICB0cnVlLCAvLyB3aGV0aGVyIHRoZSBrZXkgaXMgZXh0cmFjdGFibGUgKGkuZS4gY2FuIGJlIHVzZWQgaW4gZXhwb3J0S2V5KVxyXG4gICAgICBbJ2VuY3J5cHQnLCAnZGVjcnlwdCddIC8vIG11c3QgYmUgW1wiZW5jcnlwdFwiLCBcImRlY3J5cHRcIl0gb3IgW1wid3JhcEtleVwiLCBcInVud3JhcEtleVwiXVxyXG4gICAgKTtcclxuXHJcbiAgICBjb25zdCBqd2sgPSBhd2FpdCB0aGlzLmNyeXB0by5zdWJ0bGUuZXhwb3J0S2V5KCdqd2snLCBrZXkucHJpdmF0ZUtleSk7XHJcbiAgICAvLyBSZW1vdmluZyB0aGUgZmllbGRzIG5vdCBuZWVkZWQgYnkgbm9kZS1qb3NlXHJcbiAgICBkZWxldGUgandrLmtleV9vcHM7XHJcbiAgICBkZWxldGUgandrLmV4dDtcclxuXHJcbiAgICByZXR1cm4gS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoandrKTtcclxuICB9XHJcblxyXG4gIGFzeW5jIGNyZWF0ZVBrY1NpZ25LZXkoKTogUHJvbWlzZTxKV0suS2V5PiB7XHJcbiAgICBjb25zdCBrZXkgPSBhd2FpdCB0aGlzLmNyeXB0by5zdWJ0bGUuZ2VuZXJhdGVLZXkoXHJcbiAgICAgIHtcclxuICAgICAgICBuYW1lOiAnUlNBU1NBLVBLQ1MxLXYxXzUnLFxyXG4gICAgICAgIG1vZHVsdXNMZW5ndGg6IDIwNDgsIC8vIGNhbiBiZSAxMDI0LCAyMDQ4LCBvciA0MDk2XHJcbiAgICAgICAgLy8gQXMgcGVyIHN1Z2dlc3Rpb246IGh0dHBzOi8vZGV2ZWxvcGVyLm1vemlsbGEub3JnL2VuLVVTL2RvY3MvV2ViL0FQSS9Sc2FIYXNoZWRLZXlHZW5QYXJhbXNcclxuICAgICAgICBwdWJsaWNFeHBvbmVudDogbmV3IFVpbnQ4QXJyYXkoWzB4MDEsIDB4MDAsIDB4MDFdKSxcclxuICAgICAgICBoYXNoOiB7IG5hbWU6ICdTSEEtMjU2JyB9LCAvLyBjYW4gYmUgXCJTSEEtMVwiLCBcIlNIQS0yNTZcIiwgXCJTSEEtMzg0XCIsIG9yIFwiU0hBLTUxMlwiXHJcbiAgICAgIH0sXHJcbiAgICAgIHRydWUsIC8vIHdoZXRoZXIgdGhlIGtleSBpcyBleHRyYWN0YWJsZSAoaS5lLiBjYW4gYmUgdXNlZCBpbiBleHBvcnRLZXkpXHJcbiAgICAgIFsnc2lnbicsICd2ZXJpZnknXSAvLyBjYW4gYmUgYW55IGNvbWJpbmF0aW9uIG9mIFwic2lnblwiIGFuZCBcInZlcmlmeVwiXHJcbiAgICApO1xyXG5cclxuICAgIGNvbnN0IGp3ayA9IGF3YWl0IHRoaXMuY3J5cHRvLnN1YnRsZS5leHBvcnRLZXkoJ2p3aycsIGtleS5wcml2YXRlS2V5KTtcclxuXHJcbiAgICAvLyBSZW1vdmluZyB0aGUgZmllbGRzIG5vdCBuZWVkZWQgYnkgbm9kZS1qb3NlXHJcbiAgICBkZWxldGUgandrLmtleV9vcHM7XHJcbiAgICBkZWxldGUgandrLmV4dDtcclxuXHJcbiAgICByZXR1cm4gS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoandrKTtcclxuICB9XHJcblxyXG4gIGFzeW5jIGRlcml2ZUtleSh7XHJcbiAgICBwYXNzd29yZCxcclxuICAgIHNhbHQsXHJcbiAgICBpdGVyYXRpb25zLFxyXG4gICAga2lkLFxyXG4gIH06IHtcclxuICAgIHBhc3N3b3JkOiBzdHJpbmc7XHJcbiAgICBzYWx0OiBzdHJpbmc7XHJcbiAgICBpdGVyYXRpb25zOiBudW1iZXI7XHJcbiAgICBraWQ/OiBzdHJpbmc7XHJcbiAgfSk6IFByb21pc2U8RGVyaXZlS2V5UmVzdWx0PiB7XHJcbiAgICBjb25zdCBlbmMgPSBuZXcgVGV4dEVuY29kZXIoKTtcclxuICAgIGNvbnN0IHJhd0tleSA9IGF3YWl0IHRoaXMuY3J5cHRvLnN1YnRsZS5pbXBvcnRLZXkoXHJcbiAgICAgICdyYXcnLFxyXG4gICAgICBlbmMuZW5jb2RlKHBhc3N3b3JkKSxcclxuICAgICAgJ1BCS0RGMicsXHJcbiAgICAgIGZhbHNlLFxyXG4gICAgICBbJ2Rlcml2ZUJpdHMnLCAnZGVyaXZlS2V5J11cclxuICAgICk7XHJcblxyXG4gICAgY29uc3QgcGFzc0tleSA9IGF3YWl0IGNyeXB0by5zdWJ0bGUuZGVyaXZlS2V5KFxyXG4gICAgICB7XHJcbiAgICAgICAgbmFtZTogJ1BCS0RGMicsXHJcbiAgICAgICAgc2FsdDogbmV3IFRleHRFbmNvZGVyKCkuZW5jb2RlKHNhbHQpLFxyXG4gICAgICAgIGl0ZXJhdGlvbnMsXHJcbiAgICAgICAgaGFzaDogJ1NIQS0yNTYnLFxyXG4gICAgICB9LFxyXG4gICAgICByYXdLZXksXHJcbiAgICAgIHsgbmFtZTogJ0FFUy1HQ00nLCBsZW5ndGg6IDI1NiB9LFxyXG4gICAgICB0cnVlLFxyXG4gICAgICBbJ2VuY3J5cHQnLCAnZGVjcnlwdCddXHJcbiAgICApO1xyXG5cclxuICAgIGNvbnN0IHBhc3NLZXlKc29uOiBhbnkgPSBhd2FpdCBjcnlwdG8uc3VidGxlLmV4cG9ydEtleSgnandrJywgcGFzc0tleSk7XHJcbiAgICBpZiAoa2lkKSB7XHJcbiAgICAgIHBhc3NLZXlKc29uLmtpZCA9IGtpZDtcclxuICAgIH1cclxuXHJcbiAgICBjb25zdCBqd2sgPSBhd2FpdCBLZXlGYWN0b3J5U2VydmljZS5hc0tleShwYXNzS2V5SnNvbik7XHJcblxyXG4gICAgcmV0dXJuIHsgandrIH07XHJcbiAgfVxyXG5cclxuICBhc3luYyBkZXJpdmVQYXNzSWRwKHBhcmFtczogRGVyaXZlUGFzc0lkcFBhcmFtcyk6IFByb21pc2U8RGVyaXZlS2V5UmVzdWx0PiB7XHJcbiAgICBpZiAocGFyYW1zLml0ZXJhdGlvbnMgPCB0aGlzLk1JTl9QQVNTX0lEUF9QQktERl9JVEVSKSB7XHJcbiAgICAgIHRocm93IG5ldyBMclN1c3BpY2lvdXNFeGNlcHRpb24oXHJcbiAgICAgICAgYFRoZSBudW1iZXIgb2YgUGFzc0lkcCBrZXkgZGVyaXZhdGlvbiBpdGVyYXRpb25zIHNlbnQgZnJvbSB0aGUgc2VydmVyICgke3BhcmFtcy5pdGVyYXRpb25zfSkgaXMgbG93ZXIgdGhhbiB0aGUgbWluaW11bSAoJHt0aGlzLk1JTl9QQVNTX0lEUF9QQktERl9JVEVSfSlgXHJcbiAgICAgICk7XHJcbiAgICB9XHJcbiAgICByZXR1cm4gdGhpcy5kZXJpdmVLZXkocGFyYW1zKTtcclxuICB9XHJcblxyXG4gIGFzeW5jIGRlcml2ZVBhc3NLZXkocGFyYW1zOiBEZXJpdmVQYXNzS2V5UGFyYW1zKTogUHJvbWlzZTxEZXJpdmVLZXlSZXN1bHQ+IHtcclxuICAgIGlmIChwYXJhbXMuaXRlcmF0aW9ucyA8IHRoaXMuTUlOX1BBU1NfS0VZX1BCS0RGX0lURVIpIHtcclxuICAgICAgdGhyb3cgbmV3IExyU3VzcGljaW91c0V4Y2VwdGlvbihcclxuICAgICAgICBgVGhlIG51bWJlciBvZiBQYXNzS2V5IGtleSBkZXJpdmF0aW9uIGl0ZXJhdGlvbnMgc2VudCBmcm9tIHRoZSBzZXJ2ZXIoJHtwYXJhbXMuaXRlcmF0aW9uc30pIGlzIGxvd2VyIHRoYW4gdGhlIG1pbmltdW0oJHt0aGlzLk1JTl9QQVNTX0tFWV9QQktERl9JVEVSfSlgXHJcbiAgICAgICk7XHJcbiAgICB9XHJcbiAgICByZXR1cm4gdGhpcy5kZXJpdmVLZXkocGFyYW1zKTtcclxuICB9XHJcblxyXG4gIGFzeW5jIGRlcml2ZUxib3BLZXkocGFyYW1zOiBEZXJpdmVMYm9wS2V5UGFyYW1zKTogUHJvbWlzZTxEZXJpdmVLZXlSZXN1bHQ+IHtcclxuICAgIGlmIChwYXJhbXMuaXRlcmF0aW9ucyA8IHRoaXMuTUlOX0xCT1BfS0VZX1BCS0RGX0lURVIpIHtcclxuICAgICAgdGhyb3cgbmV3IExyU3VzcGljaW91c0V4Y2VwdGlvbihcclxuICAgICAgICBgVGhlIG51bWJlciBvZiBMYm9wS2V5IGtleSBkZXJpdmF0aW9uIGl0ZXJhdGlvbnMgc2VudCBmcm9tIHRoZSBzZXJ2ZXIoJHtwYXJhbXMuaXRlcmF0aW9uc30pIGlzIGxvd2VyIHRoYW4gdGhlIG1pbmltdW0oJHt0aGlzLk1JTl9MQk9QX0tFWV9QQktERl9JVEVSfSlgXHJcbiAgICAgICk7XHJcbiAgICB9XHJcbiAgICByZXR1cm4gdGhpcy5kZXJpdmVLZXkocGFyYW1zKTtcclxuICB9XHJcblxyXG4gIGFzeW5jIGNyZWF0ZUtpZCgpOiBQcm9taXNlPHN0cmluZz4ge1xyXG4gICAgLy8gdG9kbzogQVo6IG5vZGUtam9zZSBzb3VyY2UgdXNlcyBub2RlJ3MgZGVmYXVsdCBVVUlEKCkgZnVuY3Rpb24gZm9yIGtpZCwgc28ganVzdCBjaGFuZ2UgdG8gdXNlIHRoYXQuXHJcbiAgICAvLyBmb3Igbm93LCB3ZSBhcmUganVzdCBjcmVhdGluZyBhIG5ldyBrZXkgdG8gdXNlIGl0J3Mga2lkLlxyXG4gICAgLy8gVGhlIGtpZCBpcyBhIHBhcnQgb2YgdGhlIEpXSyBzeXN0ZW0uIExSIGJhY2tlbmQgbWFpbnRhaW5zIHRoZSBrZXkgaGllcmFyY2h5IHNlcGFyYXRlbHkgd2l0aCBpdCdzIG93blxyXG4gICAgLy8ga2V5IGlkLiBCdXQgd2UganVzdCB1c2UgaXQgaGVyZSBhcyBhIGRvdWJsZSBjaGVjay5cclxuICAgIHJldHVybiAoYXdhaXQgdGhpcy5jcmVhdGVLZXkoKSkua2lkO1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgY3JlYXRlUGFzc0lkcFBhcmFtcygpOiBQcm9taXNlPFBhc3NJZHBQYXJhbXM+IHtcclxuICAgIHJldHVybiB7XHJcbiAgICAgIHNhbHQ6IHRoaXMuY3JlYXRlU2FsdCgpLFxyXG4gICAgICBpdGVyYXRpb25zOiB0aGlzLkRFRkFVTFRfUEFTU19JRFBfUEJLREZfSVRFUixcclxuICAgIH07XHJcbiAgfVxyXG5cclxuICBhc3luYyBjcmVhdGVQYXNzS2V5UGFyYW1zKCk6IFByb21pc2U8UGFzc0tleVBhcmFtcz4ge1xyXG4gICAgcmV0dXJuIHtcclxuICAgICAgc2FsdDogdGhpcy5jcmVhdGVTYWx0KCksXHJcbiAgICAgIGtpZDogYXdhaXQgdGhpcy5jcmVhdGVLaWQoKSxcclxuICAgICAgaXRlcmF0aW9uczogdGhpcy5ERUZBVUxUX1BBU1NfS0VZX1BCS0RGX0lURVIsXHJcbiAgICB9O1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgY3JlYXRlTGJvcEtleVBhcmFtcygpOiBQcm9taXNlPExib3BLZXlQYXJhbXM+IHtcclxuICAgIHJldHVybiB7XHJcbiAgICAgIHNhbHQ6IHRoaXMuY3JlYXRlU2FsdCgpLFxyXG4gICAgICAvLyB0b2RvOiBBWjogbm9kZS1qb3NlIHNvdXJjZSB1c2VzIG5vZGUncyBkZWZhdWx0IFVVSUQoKSBmdW5jdGlvbiBmb3Iga2lkLCBzbyBqdXN0IGNoYW5nZSB0byB1c2UgdGhhdC5cclxuICAgICAgLy8gZm9yIG5vdywgd2UgYXJlIGp1c3QgY3JlYXRpbmcgYSBuZXcga2V5IHRvIHVzZSBpdCdzIGtpZC5cclxuICAgICAgLy8gVGhlIGtpZCBpcyBhIHBhcnQgb2YgdGhlIEpXSyBzeXN0ZW0uIExSIGJhY2tlbmQgbWFpbnRhaW5zIHRoZSBrZXkgaGllcmFyY2h5IHNlcGFyYXRlbHkgd2l0aCBpdCdzIG93blxyXG4gICAgICAvLyBrZXkgaWQuIEJ1dCB3ZSBqdXN0IHVzZSBpdCBoZXJlIGFzIGEgZG91YmxlIGNoZWNrLlxyXG4gICAgICBraWQ6IGF3YWl0IHRoaXMuY3JlYXRlS2lkKCksXHJcbiAgICAgIGl0ZXJhdGlvbnM6IHRoaXMuREVGQVVMVF9QQVNTX0tFWV9QQktERl9JVEVSLFxyXG4gICAgfTtcclxuICB9XHJcbn1cclxuIl19