@lifeready/core 1.0.1 → 1.0.3

package/esm2015/lib/cryptography/key-graph.service.js

@@ -0,0 +1,280 @@
+import { __awaiter } from "tslib";
+import { Injectable } from '@angular/core';
+import graphlib, { Graph } from '@dagrejs/graphlib';
+import _ from 'lodash';
+import { LrException, LrEncryptionException, LrNotFoundException, LrBadArgumentException, } from '../_common/exceptions';
+import { EdgeType, NodeType, } from './cryptography.types';
+import { asJwk, EncryptionService, isSymmetricKey, } from './encryption.service';
+import { KeyFactoryService as KFS, } from './key-factory.service';
+import { KeyService } from './key.service';
+import * as i0 from "@angular/core";
+import * as i1 from "./encryption.service";
+import * as i2 from "./key.service";
+export class KeyGraphService {
+    // private keyCache: {
+    //   [id: string]: Key;
+    // };
+    constructor(encryptionService, keyService) {
+        this.encryptionService = encryptionService;
+        this.keyService = keyService;
+        this.purgeKeys();
+    }
+    purgeKeys() {
+        this.graph = new Graph();
+        // this.keyCache = null;
+    }
+    populateKeys(userKey) {
+        return __awaiter(this, void 0, void 0, function* () {
+            this.keyService.populateKeys({
+                passKey: userKey.passKey,
+                masterKey: yield this.keyService.loadMasterKey(userKey.masterKey.id),
+                rootKey: yield this.unwrapKey(userKey.masterKey.id, userKey.rootKey.id),
+                pxk: yield this.unwrapKey(userKey.masterKey.id, userKey.pxk.id),
+                sigPxk: yield this.unwrapKey(userKey.masterKey.id, userKey.sigPxk.id),
+            });
+        });
+    }
+    hasKey(keyId) {
+        return !!this.graph.node(keyId);
+    }
+    getNode(id, type) {
+        const node = this.graph.node(id);
+        if (!node) {
+            throw new LrNotFoundException(`Key graphs does not contain key id: ${id}`);
+        }
+        if (node.type !== type) {
+            throw new LrException({
+                message: `Key with id ${id} is not of type ${type}`,
+            });
+        }
+        return node.data;
+    }
+    key(id) {
+        return this.getNode(id, NodeType.Key);
+    }
+    passKey(id) {
+        return this.getNode(id, NodeType.PassKey);
+    }
+    addKeys(src) {
+        // Keys
+        if (src.keys) {
+            // What key graph returns can not be customized. So keys are essentially immutable.
+            // Therefore, if a key exists, there's no reason to update it.
+            for (const key of src.keys) {
+                // Note using Relay global id allows us to not worry about clashing node id
+                if (this.graph.hasNode(key.id)) {
+                    continue;
+                }
+                const node = {
+                    type: NodeType.Key,
+                    data: _.cloneDeep(key),
+                };
+                this.graph.setNode(key.id, node);
+            }
+        }
+        // KeyLinks
+        if (src.keyLinks) {
+            for (const keyLink of src.keyLinks) {
+                if (this.graph.hasEdge(keyLink.wrappingKeyId, keyLink.keyId)) {
+                    continue;
+                }
+                const edge = {
+                    type: EdgeType.KeyLink,
+                    data: _.cloneDeep(keyLink),
+                };
+                // Edge goes from wrapping key to wrapped key.
+                this.graph.setEdge(keyLink.wrappingKeyId, keyLink.keyId, edge);
+            }
+        }
+        // PassKeyLinks
+        if (src.passKeyLinks) {
+            for (const passKeyLink of src.passKeyLinks) {
+                if (this.graph.hasEdge(passKeyLink.passKeyId, passKeyLink.keyId)) {
+                    continue;
+                }
+                const edge = {
+                    type: EdgeType.PassKeyLink,
+                    data: _.cloneDeep(passKeyLink),
+                };
+                // Edge goes from wrapping key to wrapped key.
+                this.graph.setEdge(passKeyLink.passKeyId, passKeyLink.keyId, edge);
+            }
+        }
+        // The graph is the single source of truth. These are lazily calculated.
+        // this.keyCache = null;
+    }
+    tracePath(distances, keyId) {
+        // The node label is the same as the id of the key nodes.
+        const ret = [];
+        let node = keyId;
+        if (!distances[node].predecessor) {
+            return null;
+        }
+        while (distances[node].predecessor) {
+            const child = distances[node].predecessor;
+            ret.push(this.graph.edge(child, node));
+            node = child;
+        }
+        // After reverse, the first element is the passkey
+        ret.reverse();
+        return ret;
+    }
+    getPath(knownKeyId, keyId) {
+        if (!knownKeyId || typeof knownKeyId !== 'string') {
+            throw new LrEncryptionException(`Param knownKeyId wrong format: ${knownKeyId}`);
+        }
+        if (!keyId || typeof keyId !== 'string') {
+            throw new LrEncryptionException(`Param keyId wrong format: ${keyId}`);
+        }
+        // => { A: { distance: 0 },
+        //      B: { distance: 6, predecessor: 'C' },
+        //      C: { distance: 4, predecessor: 'A' },
+        //      D: { distance: 2, predecessor: 'A' },
+        //      E: { distance: 8, predecessor: 'F' },
+        //      F: { distance: 4, predecessor: 'D' } }
+        const distances = graphlib.alg.dijkstra(this.graph, knownKeyId);
+        // Trace path from keyId to knownKeyId
+        return this.tracePath(distances, keyId);
+    }
+    getJwkKey(keyOrId, getKeyIdCallback) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return (yield this.getKey(keyOrId, getKeyIdCallback)).jwk;
+        });
+    }
+    // We assume that when a keyId is fetched, the key graph
+    // for the key is also returned and merged into the client-side
+    // key graph. By insisting a keyId is returned instead of the
+    // actual key we ensure key-graph is consistent.
+    getKey(keyOrId, getKeyIdCallback) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let keyId = typeof keyOrId === 'string' ? keyOrId : keyOrId === null || keyOrId === void 0 ? void 0 : keyOrId.id;
+            if (!this.hasKey(keyId) && getKeyIdCallback) {
+                keyId = yield getKeyIdCallback();
+            }
+            // else, continue and let it fail.
+            const key = this.key(keyId);
+            if (key.jwk) {
+                return key;
+            }
+            else {
+                return this.unwrapKey(this.keyService.getCurrentMasterKey().id, keyId);
+            }
+        });
+    }
+    _unwrapLink(wrappingKey, link, dstKey) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // console.log("_unwrapLink:", link.data.keyId);
+            const wrappedKey = JSON.parse(link.data.wrappedKey);
+            // Signatures of keys contain the key itself. This way we only need
+            // to access the KeyLinks to decrypt/verify keys.
+            let nextRawKey;
+            if (wrappedKey.signatures) {
+                nextRawKey = yield this.encryptionService.verify(wrappingKey, wrappedKey);
+            }
+            else {
+                nextRawKey = yield this.encryptionService.decrypt(wrappingKey, wrappedKey);
+            }
+            dstKey.jwk = yield KFS.asKey(nextRawKey);
+            dstKey.task = null;
+        });
+    }
+    _unwrap(key, path) {
+        return __awaiter(this, void 0, void 0, function* () {
+            for (const link of path) {
+                const dstKey = this.key(link.data.keyId);
+                // console.log("key: ", link.data.keyId);
+                if (dstKey.jwk) {
+                    key = dstKey.jwk;
+                    // console.log("Returning cached key: ", link.data.keyId);
+                    continue;
+                }
+                if (!dstKey.task) {
+                    dstKey.task = this._unwrapLink(key, link, dstKey);
+                }
+                yield dstKey.task;
+                key = dstKey.jwk;
+            }
+            return key;
+        });
+    }
+    unwrapWithPassKey(passKeyId, passKey, keyId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Get path of the directory key.
+            const path = this.getPath(passKeyId, keyId);
+            return {
+                id: keyId,
+                jwk: yield this._unwrap(passKey, path),
+            };
+        });
+    }
+    unwrapKey(masterKeyId, keyId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // The first key should be a masterKey
+            const masterKey = yield this.keyService.loadMasterKey(masterKeyId);
+            if (masterKeyId === keyId) {
+                return masterKey;
+            }
+            // Get path of the directory key.
+            const path = this.getPath(masterKey.id, keyId);
+            return {
+                id: keyId,
+                jwk: yield this._unwrap(masterKey.jwk, path),
+            };
+        });
+    }
+    decryptFromString(keyOrId, cipherData, options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (cipherData) {
+                const key = yield this.getJwkKey(keyOrId);
+                return (yield this.encryptionService.decrypt(key, JSON.parse(cipherData), options));
+            }
+            return null;
+        });
+    }
+    decryptFile(keyId, file) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.getJwkKey(keyId);
+            return (yield this.encryptionService.decrypt(key, file, {
+                payloadType: 'ArrayBuffer',
+            }));
+        });
+    }
+    // TODO rename this to encrypt() and use as the most common usecase
+    encryptToString(key, content) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Empty string should be encrypted since you want to clear the field.
+            // Null is not encrypted because it's not valid JSON in the old JSON spec. Use
+            // empty string instead. It'll function as a logic false as well.
+            // Note that passing in empty string means it'll be encrypted which verifies
+            // it's integrity. But we still want to have a way to set the DB field
+            // to NULL, so we explicitly return null when content == null. A null
+            // variable in graphql mutation on KC server clears the field to NULL.
+            if (content == null) {
+                return null;
+            }
+            const jwk = asJwk(key) || (yield this.getJwkKey(key));
+            return this.encryptionService.encryptToString(jwk, content);
+        });
+    }
+    // Wraps a symmetric encryption key.
+    // Throws exception if wrapping public keys.
+    wrapKey(wrappingKey, key) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!isSymmetricKey(key)) {
+                throw new LrBadArgumentException('Only allowing wrapping of symmetric keys.');
+            }
+            return this.encryptToString(wrappingKey, key.toJSON(true));
+        });
+    }
+}
+KeyGraphService.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyGraphService_Factory() { return new KeyGraphService(i0.ɵɵinject(i1.EncryptionService), i0.ɵɵinject(i2.KeyService)); }, token: KeyGraphService, providedIn: "root" });
+KeyGraphService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+KeyGraphService.ctorParameters = () => [
+    { type: EncryptionService },
+    { type: KeyService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LWdyYXBoLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiQzovUHJvamVjdHMvbmV3cmVwby9rYy1jbGllbnQvcHJvamVjdHMvY29yZS9zcmMvIiwic291cmNlcyI6WyJsaWIvY3J5cHRvZ3JhcGh5L2tleS1ncmFwaC5zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sZUFBZSxDQUFDO0FBQzNDLE9BQU8sUUFBUSxFQUFFLEVBQUUsS0FBSyxFQUFFLE1BQU0sbUJBQW1CLENBQUM7QUFDcEQsT0FBTyxDQUFDLE1BQU0sUUFBUSxDQUFDO0FBR3ZCLE9BQU8sRUFDTCxXQUFXLEVBQ1gscUJBQXFCLEVBQ3JCLG1CQUFtQixFQUNuQixzQkFBc0IsR0FDdkIsTUFBTSx1QkFBdUIsQ0FBQztBQUMvQixPQUFPLEVBRUwsUUFBUSxFQUlSLFFBQVEsR0FFVCxNQUFNLHNCQUFzQixDQUFDO0FBQzlCLE9BQU8sRUFDTCxLQUFLLEVBRUwsaUJBQWlCLEVBQ2pCLGNBQWMsR0FDZixNQUFNLHNCQUFzQixDQUFDO0FBQzlCLE9BQU8sRUFFTCxpQkFBaUIsSUFBSSxHQUFHLEdBQ3pCLE1BQU0sdUJBQXVCLENBQUM7QUFDL0IsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGVBQWUsQ0FBQzs7OztBQVMzQyxNQUFNLE9BQU8sZUFBZTtJQUUxQixzQkFBc0I7SUFDdEIsdUJBQXVCO0lBQ3ZCLEtBQUs7SUFFTCxZQUNVLGlCQUFvQyxFQUNwQyxVQUFzQjtRQUR0QixzQkFBaUIsR0FBakIsaUJBQWlCLENBQW1CO1FBQ3BDLGVBQVUsR0FBVixVQUFVLENBQVk7UUFFOUIsSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO0lBQ25CLENBQUM7SUFFRCxTQUFTO1FBQ1AsSUFBSSxDQUFDLEtBQUssR0FBRyxJQUFJLEtBQUssRUFBRSxDQUFDO1FBQ3pCLHdCQUF3QjtJQUMxQixDQUFDO0lBRUssWUFBWSxDQUFDLE9BQXVCOztZQUN4QyxJQUFJLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FBQztnQkFDM0IsT0FBTyxFQUFFLE9BQU8sQ0FBQyxPQUFPO2dCQUN4QixTQUFTLEVBQUUsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztnQkFDcEUsT0FBTyxFQUFFLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztnQkFDdkUsR0FBRyxFQUFFLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFBRSxPQUFPLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDL0QsTUFBTSxFQUFFLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFBRSxPQUFPLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQzthQUN0RSxDQUFDLENBQUM7UUFDTCxDQUFDO0tBQUE7SUFFRCxNQUFNLENBQUMsS0FBYTtRQUNsQixPQUFPLENBQUMsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUNsQyxDQUFDO0lBRU8sT0FBTyxDQUFDLEVBQUUsRUFBRSxJQUFJO1FBQ3RCLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ2pDLElBQUksQ0FBQyxJQUFJLEVBQUU7WUFDVCxNQUFNLElBQUksbUJBQW1CLENBQzNCLHVDQUF1QyxFQUFFLEVBQUUsQ0FDNUMsQ0FBQztTQUNIO1FBQ0QsSUFBSSxJQUFJLENBQUMsSUFBSSxLQUFLLElBQUksRUFBRTtZQUN0QixNQUFNLElBQUksV0FBVyxDQUFDO2dCQUNwQixPQUFPLEVBQUUsZUFBZSxFQUFFLG1CQUFtQixJQUFJLEVBQUU7YUFDcEQsQ0FBQyxDQUFDO1NBQ0o7UUFDRCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUM7SUFDbkIsQ0FBQztJQUVELEdBQUcsQ0FBQyxFQUFFO1FBQ0osT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDLEVBQUUsRUFBRSxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVELE9BQU8sQ0FBQyxFQUFFO1FBQ1IsT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDLEVBQUUsRUFBRSxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDNUMsQ0FBQztJQUVELE9BQU8sQ0FBQyxHQUFxQjtRQUMzQixPQUFPO1FBQ1AsSUFBSSxHQUFHLENBQUMsSUFBSSxFQUFFO1lBQ1osbUZBQW1GO1lBQ25GLDhEQUE4RDtZQUM5RCxLQUFLLE1BQU0sR0FBRyxJQUFJLEdBQUcsQ0FBQyxJQUFJLEVBQUU7Z0JBQzFCLDJFQUEyRTtnQkFDM0UsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEVBQUU7b0JBQzlCLFNBQVM7aUJBQ1Y7Z0JBRUQsTUFBTSxJQUFJLEdBQVM7b0JBQ2pCLElBQUksRUFBRSxRQUFRLENBQUMsR0FBRztvQkFDbEIsSUFBSSxFQUFFLENBQUMsQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDO2lCQUN2QixDQUFDO2dCQUVGLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxFQUFFLEVBQUUsSUFBSSxDQUFDLENBQUM7YUFDbEM7U0FDRjtRQUVELFdBQVc7UUFDWCxJQUFJLEdBQUcsQ0FBQyxRQUFRLEVBQUU7WUFDaEIsS0FBSyxNQUFNLE9BQU8sSUFBSSxHQUFHLENBQUMsUUFBUSxFQUFFO2dCQUNsQyxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQUUsT0FBTyxDQUFDLEtBQUssQ0FBQyxFQUFFO29CQUM1RCxTQUFTO2lCQUNWO2dCQUVELE1BQU0sSUFBSSxHQUFTO29CQUNqQixJQUFJLEVBQUUsUUFBUSxDQUFDLE9BQU87b0JBQ3RCLElBQUksRUFBRSxDQUFDLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQztpQkFDM0IsQ0FBQztnQkFDRiw4Q0FBOEM7Z0JBQzlDLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQUUsT0FBTyxDQUFDLEtBQUssRUFBRSxJQUFJLENBQUMsQ0FBQzthQUNoRTtTQUNGO1FBRUQsZUFBZTtRQUNmLElBQUksR0FBRyxDQUFDLFlBQVksRUFBRTtZQUNwQixLQUFLLE1BQU0sV0FBVyxJQUFJLEdBQUcsQ0FBQyxZQUFZLEVBQUU7Z0JBQzFDLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLFNBQVMsRUFBRSxXQUFXLENBQUMsS0FBSyxDQUFDLEVBQUU7b0JBQ2hFLFNBQVM7aUJBQ1Y7Z0JBRUQsTUFBTSxJQUFJLEdBQVM7b0JBQ2pCLElBQUksRUFBRSxRQUFRLENBQUMsV0FBVztvQkFDMUIsSUFBSSxFQUFFLENBQUMsQ0FBQyxTQUFTLENBQUMsV0FBVyxDQUFDO2lCQUMvQixDQUFDO2dCQUNGLDhDQUE4QztnQkFDOUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLFNBQVMsRUFBRSxXQUFXLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDO2FBQ3BFO1NBQ0Y7UUFFRCx3RUFBd0U7UUFDeEUsd0JBQXdCO0lBQzFCLENBQUM7SUFFRCxTQUFTLENBQUMsU0FBUyxFQUFFLEtBQWE7UUFDaEMseURBQXlEO1FBQ3pELE1BQU0sR0FBRyxHQUFXLEVBQUUsQ0FBQztRQUN2QixJQUFJLElBQUksR0FBRyxLQUFLLENBQUM7UUFDakIsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxXQUFXLEVBQUU7WUFDaEMsT0FBTyxJQUFJLENBQUM7U0FDYjtRQUVELE9BQU8sU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDLFdBQVcsRUFBRTtZQUNsQyxNQUFNLEtBQUssR0FBRyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUMsV0FBVyxDQUFDO1lBQzFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDLENBQUM7WUFDdkMsSUFBSSxHQUFHLEtBQUssQ0FBQztTQUNkO1FBRUQsa0RBQWtEO1FBQ2xELEdBQUcsQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUVkLE9BQU8sR0FBRyxDQUFDO0lBQ2IsQ0FBQztJQUVELE9BQU8sQ0FBQyxVQUFrQixFQUFFLEtBQWE7UUFDdkMsSUFBSSxDQUFDLFVBQVUsSUFBSSxPQUFPLFVBQVUsS0FBSyxRQUFRLEVBQUU7WUFDakQsTUFBTSxJQUFJLHFCQUFxQixDQUM3QixrQ0FBa0MsVUFBVSxFQUFFLENBQy9DLENBQUM7U0FDSDtRQUNELElBQUksQ0FBQyxLQUFLLElBQUksT0FBTyxLQUFLLEtBQUssUUFBUSxFQUFFO1lBQ3ZDLE1BQU0sSUFBSSxxQkFBcUIsQ0FBQyw2QkFBNkIsS0FBSyxFQUFFLENBQUMsQ0FBQztTQUN2RTtRQUVELDJCQUEyQjtRQUMzQiw2Q0FBNkM7UUFDN0MsNkNBQTZDO1FBQzdDLDZDQUE2QztRQUM3Qyw2Q0FBNkM7UUFDN0MsOENBQThDO1FBQzlDLE1BQU0sU0FBUyxHQUFHLFFBQVEsQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxLQUFLLEVBQUUsVUFBVSxDQUFDLENBQUM7UUFFaEUsc0NBQXNDO1FBQ3RDLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxTQUFTLEVBQUUsS0FBSyxDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVLLFNBQVMsQ0FDYixPQUFxQixFQUNyQixnQkFBaUQ7O1lBRWpELE9BQU8sQ0FBQyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxFQUFFLGdCQUFnQixDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUM7UUFDNUQsQ0FBQztLQUFBO0lBRUQsd0RBQXdEO0lBQ3hELCtEQUErRDtJQUMvRCw2REFBNkQ7SUFDN0QsZ0RBQWdEO0lBQzFDLE1BQU0sQ0FDVixPQUFxQixFQUNyQixnQkFBaUQ7O1lBRWpELElBQUksS0FBSyxHQUFHLE9BQU8sT0FBTyxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxPQUFPLGFBQVAsT0FBTyx1QkFBUCxPQUFPLENBQUUsRUFBRSxDQUFDO1lBRWhFLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLGdCQUFnQixFQUFFO2dCQUMzQyxLQUFLLEdBQUcsTUFBTSxnQkFBZ0IsRUFBRSxDQUFDO2FBQ2xDO1lBQ0Qsa0NBQWtDO1lBRWxDLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDNUIsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFO2dCQUNYLE9BQU8sR0FBRyxDQUFDO2FBQ1o7aUJBQU07Z0JBQ0wsT0FBTyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsbUJBQW1CLEVBQUUsQ0FBQyxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7YUFDeEU7UUFDSCxDQUFDO0tBQUE7SUFFYSxXQUFXLENBQUMsV0FBVyxFQUFFLElBQUksRUFBRSxNQUFNOztZQUNqRCxnREFBZ0Q7WUFDaEQsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBQ3BELG1FQUFtRTtZQUNuRSxpREFBaUQ7WUFDakQsSUFBSSxVQUFVLENBQUM7WUFDZixJQUFJLFVBQVUsQ0FBQyxVQUFVLEVBQUU7Z0JBQ3pCLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLENBQUMsV0FBVyxFQUFFLFVBQVUsQ0FBQyxDQUFDO2FBQzNFO2lCQUFNO2dCQUNMLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQy9DLFdBQVcsRUFDWCxVQUFVLENBQ1gsQ0FBQzthQUNIO1lBQ0QsTUFBTSxDQUFDLEdBQUcsR0FBRyxNQUFNLEdBQUcsQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLENBQUM7WUFDekMsTUFBTSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUM7UUFDckIsQ0FBQztLQUFBO0lBRWEsT0FBTyxDQUFDLEdBQVksRUFBRSxJQUFZOztZQUM5QyxLQUFLLE1BQU0sSUFBSSxJQUFJLElBQUksRUFBRTtnQkFDdkIsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDO2dCQUN6Qyx5Q0FBeUM7Z0JBQ3pDLElBQUksTUFBTSxDQUFDLEdBQUcsRUFBRTtvQkFDZCxHQUFHLEdBQUcsTUFBTSxDQUFDLEdBQUcsQ0FBQztvQkFDakIsMERBQTBEO29CQUMxRCxTQUFTO2lCQUNWO2dCQUVELElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFO29CQUNoQixNQUFNLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxFQUFFLElBQUksRUFBRSxNQUFNLENBQUMsQ0FBQztpQkFDbkQ7Z0JBRUQsTUFBTSxNQUFNLENBQUMsSUFBSSxDQUFDO2dCQUNsQixHQUFHLEdBQUcsTUFBTSxDQUFDLEdBQUcsQ0FBQzthQUNsQjtZQUVELE9BQU8sR0FBRyxDQUFDO1FBQ2IsQ0FBQztLQUFBO0lBRVksaUJBQWlCLENBQzVCLFNBQWlCLEVBQ2pCLE9BQWdCLEVBQ2hCLEtBQWE7O1lBRWIsaUNBQWlDO1lBQ2pDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLEtBQUssQ0FBQyxDQUFDO1lBRTVDLE9BQU87Z0JBQ0wsRUFBRSxFQUFFLEtBQUs7Z0JBQ1QsR0FBRyxFQUFFLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDO2FBQ3ZDLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFSyxTQUFTLENBQUMsV0FBbUIsRUFBRSxLQUFhOztZQUNoRCxzQ0FBc0M7WUFDdEMsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQyxXQUFXLENBQUMsQ0FBQztZQUVuRSxJQUFJLFdBQVcsS0FBSyxLQUFLLEVBQUU7Z0JBQ3pCLE9BQU8sU0FBUyxDQUFDO2FBQ2xCO1lBRUQsaUNBQWlDO1lBQ2pDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFBRSxLQUFLLENBQUMsQ0FBQztZQUUvQyxPQUFPO2dCQUNMLEVBQUUsRUFBRSxLQUFLO2dCQUNULEdBQUcsRUFBRSxNQUFNLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEdBQUcsRUFBRSxJQUFJLENBQUM7YUFDN0MsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVLLGlCQUFpQixDQUNyQixPQUFxQixFQUNyQixVQUFrQixFQUNsQixPQUF3Qjs7WUFFeEIsSUFBSSxVQUFVLEVBQUU7Z0JBQ2QsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxDQUFDO2dCQUMxQyxPQUFPLENBQUMsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUMxQyxHQUFHLEVBQ0gsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsRUFDdEIsT0FBTyxDQUNSLENBQVEsQ0FBQzthQUNYO1lBQ0QsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO0tBQUE7SUFFSyxXQUFXLENBQUMsS0FBYSxFQUFFLElBQVM7O1lBQ3hDLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUN4QyxPQUFPLENBQUMsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLEdBQUcsRUFBRSxJQUFJLEVBQUU7Z0JBQ3RELFdBQVcsRUFBRSxhQUFhO2FBQzNCLENBQUMsQ0FBUSxDQUFDO1FBQ2IsQ0FBQztLQUFBO0lBRUQsbUVBQW1FO0lBQzdELGVBQWUsQ0FDbkIsR0FBMkIsRUFDM0IsT0FBWTs7WUFFWixzRUFBc0U7WUFDdEUsOEVBQThFO1lBQzlFLGlFQUFpRTtZQUNqRSw0RUFBNEU7WUFDNUUsc0VBQXNFO1lBQ3RFLHFFQUFxRTtZQUNyRSxzRUFBc0U7WUFDdEUsSUFBSSxPQUFPLElBQUksSUFBSSxFQUFFO2dCQUNuQixPQUFPLElBQUksQ0FBQzthQUNiO1lBRUQsTUFBTSxHQUFHLEdBQUcsS0FBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLEdBQW1CLENBQUMsQ0FBQyxDQUFDO1lBQ3RFLE9BQU8sSUFBSSxDQUFDLGlCQUFpQixDQUFDLGVBQWUsQ0FBQyxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDOUQsQ0FBQztLQUFBO0lBRUQsb0NBQW9DO0lBQ3BDLDRDQUE0QztJQUN0QyxPQUFPLENBQ1gsV0FBbUMsRUFDbkMsR0FBWTs7WUFFWixJQUFJLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxFQUFFO2dCQUN4QixNQUFNLElBQUksc0JBQXNCLENBQzlCLDJDQUEyQyxDQUM1QyxDQUFDO2FBQ0g7WUFFRCxPQUFPLElBQUksQ0FBQyxlQUFlLENBQUMsV0FBVyxFQUFFLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztRQUM3RCxDQUFDO0tBQUE7Ozs7WUF4VEYsVUFBVSxTQUFDO2dCQUNWLFVBQVUsRUFBRSxNQUFNO2FBQ25COzs7WUFmQyxpQkFBaUI7WUFPVixVQUFVIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgSW5qZWN0YWJsZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xyXG5pbXBvcnQgZ3JhcGhsaWIsIHsgR3JhcGggfSBmcm9tICdAZGFncmVqcy9ncmFwaGxpYic7XHJcbmltcG9ydCBfIGZyb20gJ2xvZGFzaCc7XHJcbmltcG9ydCB7IEpXSyB9IGZyb20gJ25vZGUtam9zZSc7XHJcbmltcG9ydCB7IEN1cnJlbnRVc2VyS2V5IH0gZnJvbSAnLi4vdXNlcnMvcHJvZmlsZS50eXBlcyc7XHJcbmltcG9ydCB7XHJcbiAgTHJFeGNlcHRpb24sXHJcbiAgTHJFbmNyeXB0aW9uRXhjZXB0aW9uLFxyXG4gIExyTm90Rm91bmRFeGNlcHRpb24sXHJcbiAgTHJCYWRBcmd1bWVudEV4Y2VwdGlvbixcclxufSBmcm9tICcuLi9fY29tbW9uL2V4Y2VwdGlvbnMnO1xyXG5pbXBvcnQge1xyXG4gIEVkZ2UsXHJcbiAgRWRnZVR5cGUsXHJcbiAgS2V5LFxyXG4gIEtleUdyYXBoUmVzcG9uc2UsXHJcbiAgTm9kZSxcclxuICBOb2RlVHlwZSxcclxuICBQYXNzS2V5LFxyXG59IGZyb20gJy4vY3J5cHRvZ3JhcGh5LnR5cGVzJztcclxuaW1wb3J0IHtcclxuICBhc0p3ayxcclxuICBEZWNyeXB0T3B0aW9ucyxcclxuICBFbmNyeXB0aW9uU2VydmljZSxcclxuICBpc1N5bW1ldHJpY0tleSxcclxufSBmcm9tICcuL2VuY3J5cHRpb24uc2VydmljZSc7XHJcbmltcG9ydCB7XHJcbiAgS2V5RmFjdG9yeVNlcnZpY2UsXHJcbiAgS2V5RmFjdG9yeVNlcnZpY2UgYXMgS0ZTLFxyXG59IGZyb20gJy4va2V5LWZhY3Rvcnkuc2VydmljZSc7XHJcbmltcG9ydCB7IEtleVNlcnZpY2UgfSBmcm9tICcuL2tleS5zZXJ2aWNlJztcclxuXHJcbmV4cG9ydCBpbnRlcmZhY2UgR3JhcGhLZXkgZXh0ZW5kcyBLZXkge1xyXG4gIHRhc2s/OiBQcm9taXNlPGFueT47XHJcbn1cclxuXHJcbkBJbmplY3RhYmxlKHtcclxuICBwcm92aWRlZEluOiAncm9vdCcsXHJcbn0pXHJcbmV4cG9ydCBjbGFzcyBLZXlHcmFwaFNlcnZpY2Uge1xyXG4gIHByaXZhdGUgZ3JhcGg6IEdyYXBoO1xyXG4gIC8vIHByaXZhdGUga2V5Q2FjaGU6IHtcclxuICAvLyAgIFtpZDogc3RyaW5nXTogS2V5O1xyXG4gIC8vIH07XHJcblxyXG4gIGNvbnN0cnVjdG9yKFxyXG4gICAgcHJpdmF0ZSBlbmNyeXB0aW9uU2VydmljZTogRW5jcnlwdGlvblNlcnZpY2UsXHJcbiAgICBwcml2YXRlIGtleVNlcnZpY2U6IEtleVNlcnZpY2VcclxuICApIHtcclxuICAgIHRoaXMucHVyZ2VLZXlzKCk7XHJcbiAgfVxyXG5cclxuICBwdXJnZUtleXMoKSB7XHJcbiAgICB0aGlzLmdyYXBoID0gbmV3IEdyYXBoKCk7XHJcbiAgICAvLyB0aGlzLmtleUNhY2hlID0gbnVsbDtcclxuICB9XHJcblxyXG4gIGFzeW5jIHBvcHVsYXRlS2V5cyh1c2VyS2V5OiBDdXJyZW50VXNlcktleSkge1xyXG4gICAgdGhpcy5rZXlTZXJ2aWNlLnBvcHVsYXRlS2V5cyh7XHJcbiAgICAgIHBhc3NLZXk6IHVzZXJLZXkucGFzc0tleSxcclxuICAgICAgbWFzdGVyS2V5OiBhd2FpdCB0aGlzLmtleVNlcnZpY2UubG9hZE1hc3RlcktleSh1c2VyS2V5Lm1hc3RlcktleS5pZCksXHJcbiAgICAgIHJvb3RLZXk6IGF3YWl0IHRoaXMudW53cmFwS2V5KHVzZXJLZXkubWFzdGVyS2V5LmlkLCB1c2VyS2V5LnJvb3RLZXkuaWQpLFxyXG4gICAgICBweGs6IGF3YWl0IHRoaXMudW53cmFwS2V5KHVzZXJLZXkubWFzdGVyS2V5LmlkLCB1c2VyS2V5LnB4ay5pZCksXHJcbiAgICAgIHNpZ1B4azogYXdhaXQgdGhpcy51bndyYXBLZXkodXNlcktleS5tYXN0ZXJLZXkuaWQsIHVzZXJLZXkuc2lnUHhrLmlkKSxcclxuICAgIH0pO1xyXG4gIH1cclxuXHJcbiAgaGFzS2V5KGtleUlkOiBzdHJpbmcpIHtcclxuICAgIHJldHVybiAhIXRoaXMuZ3JhcGgubm9kZShrZXlJZCk7XHJcbiAgfVxyXG5cclxuICBwcml2YXRlIGdldE5vZGUoaWQsIHR5cGUpOiBHcmFwaEtleSB8IFBhc3NLZXkge1xyXG4gICAgY29uc3Qgbm9kZSA9IHRoaXMuZ3JhcGgubm9kZShpZCk7XHJcbiAgICBpZiAoIW5vZGUpIHtcclxuICAgICAgdGhyb3cgbmV3IExyTm90Rm91bmRFeGNlcHRpb24oXHJcbiAgICAgICAgYEtleSBncmFwaHMgZG9lcyBub3QgY29udGFpbiBrZXkgaWQ6ICR7aWR9YFxyXG4gICAgICApO1xyXG4gICAgfVxyXG4gICAgaWYgKG5vZGUudHlwZSAhPT0gdHlwZSkge1xyXG4gICAgICB0aHJvdyBuZXcgTHJFeGNlcHRpb24oe1xyXG4gICAgICAgIG1lc3NhZ2U6IGBLZXkgd2l0aCBpZCAke2lkfSBpcyBub3Qgb2YgdHlwZSAke3R5cGV9YCxcclxuICAgICAgfSk7XHJcbiAgICB9XHJcbiAgICByZXR1cm4gbm9kZS5kYXRhO1xyXG4gIH1cclxuXHJcbiAga2V5KGlkKTogR3JhcGhLZXkge1xyXG4gICAgcmV0dXJuIHRoaXMuZ2V0Tm9kZShpZCwgTm9kZVR5cGUuS2V5KTtcclxuICB9XHJcblxyXG4gIHBhc3NLZXkoaWQpOiBQYXNzS2V5IHtcclxuICAgIHJldHVybiB0aGlzLmdldE5vZGUoaWQsIE5vZGVUeXBlLlBhc3NLZXkpO1xyXG4gIH1cclxuXHJcbiAgYWRkS2V5cyhzcmM6IEtleUdyYXBoUmVzcG9uc2UpIHtcclxuICAgIC8vIEtleXNcclxuICAgIGlmIChzcmMua2V5cykge1xyXG4gICAgICAvLyBXaGF0IGtleSBncmFwaCByZXR1cm5zIGNhbiBub3QgYmUgY3VzdG9taXplZC4gU28ga2V5cyBhcmUgZXNzZW50aWFsbHkgaW1tdXRhYmxlLlxyXG4gICAgICAvLyBUaGVyZWZvcmUsIGlmIGEga2V5IGV4aXN0cywgdGhlcmUncyBubyByZWFzb24gdG8gdXBkYXRlIGl0LlxyXG4gICAgICBmb3IgKGNvbnN0IGtleSBvZiBzcmMua2V5cykge1xyXG4gICAgICAgIC8vIE5vdGUgdXNpbmcgUmVsYXkgZ2xvYmFsIGlkIGFsbG93cyB1cyB0byBub3Qgd29ycnkgYWJvdXQgY2xhc2hpbmcgbm9kZSBpZFxyXG4gICAgICAgIGlmICh0aGlzLmdyYXBoLmhhc05vZGUoa2V5LmlkKSkge1xyXG4gICAgICAgICAgY29udGludWU7XHJcbiAgICAgICAgfVxyXG5cclxuICAgICAgICBjb25zdCBub2RlOiBOb2RlID0ge1xyXG4gICAgICAgICAgdHlwZTogTm9kZVR5cGUuS2V5LFxyXG4gICAgICAgICAgZGF0YTogXy5jbG9uZURlZXAoa2V5KSxcclxuICAgICAgICB9O1xyXG5cclxuICAgICAgICB0aGlzLmdyYXBoLnNldE5vZGUoa2V5LmlkLCBub2RlKTtcclxuICAgICAgfVxyXG4gICAgfVxyXG5cclxuICAgIC8vIEtleUxpbmtzXHJcbiAgICBpZiAoc3JjLmtleUxpbmtzKSB7XHJcbiAgICAgIGZvciAoY29uc3Qga2V5TGluayBvZiBzcmMua2V5TGlua3MpIHtcclxuICAgICAgICBpZiAodGhpcy5ncmFwaC5oYXNFZGdlKGtleUxpbmsud3JhcHBpbmdLZXlJZCwga2V5TGluay5rZXlJZCkpIHtcclxuICAgICAgICAgIGNvbnRpbnVlO1xyXG4gICAgICAgIH1cclxuXHJcbiAgICAgICAgY29uc3QgZWRnZTogRWRnZSA9IHtcclxuICAgICAgICAgIHR5cGU6IEVkZ2VUeXBlLktleUxpbmssXHJcbiAgICAgICAgICBkYXRhOiBfLmNsb25lRGVlcChrZXlMaW5rKSxcclxuICAgICAgICB9O1xyXG4gICAgICAgIC8vIEVkZ2UgZ29lcyBmcm9tIHdyYXBwaW5nIGtleSB0byB3cmFwcGVkIGtleS5cclxuICAgICAgICB0aGlzLmdyYXBoLnNldEVkZ2Uoa2V5TGluay53cmFwcGluZ0tleUlkLCBrZXlMaW5rLmtleUlkLCBlZGdlKTtcclxuICAgICAgfVxyXG4gICAgfVxyXG5cclxuICAgIC8vIFBhc3NLZXlMaW5rc1xyXG4gICAgaWYgKHNyYy5wYXNzS2V5TGlua3MpIHtcclxuICAgICAgZm9yIChjb25zdCBwYXNzS2V5TGluayBvZiBzcmMucGFzc0tleUxpbmtzKSB7XHJcbiAgICAgICAgaWYgKHRoaXMuZ3JhcGguaGFzRWRnZShwYXNzS2V5TGluay5wYXNzS2V5SWQsIHBhc3NLZXlMaW5rLmtleUlkKSkge1xyXG4gICAgICAgICAgY29udGludWU7XHJcbiAgICAgICAgfVxyXG5cclxuICAgICAgICBjb25zdCBlZGdlOiBFZGdlID0ge1xyXG4gICAgICAgICAgdHlwZTogRWRnZVR5cGUuUGFzc0tleUxpbmssXHJcbiAgICAgICAgICBkYXRhOiBfLmNsb25lRGVlcChwYXNzS2V5TGluayksXHJcbiAgICAgICAgfTtcclxuICAgICAgICAvLyBFZGdlIGdvZXMgZnJvbSB3cmFwcGluZyBrZXkgdG8gd3JhcHBlZCBrZXkuXHJcbiAgICAgICAgdGhpcy5ncmFwaC5zZXRFZGdlKHBhc3NLZXlMaW5rLnBhc3NLZXlJZCwgcGFzc0tleUxpbmsua2V5SWQsIGVkZ2UpO1xyXG4gICAgICB9XHJcbiAgICB9XHJcblxyXG4gICAgLy8gVGhlIGdyYXBoIGlzIHRoZSBzaW5nbGUgc291cmNlIG9mIHRydXRoLiBUaGVzZSBhcmUgbGF6aWx5IGNhbGN1bGF0ZWQuXHJcbiAgICAvLyB0aGlzLmtleUNhY2hlID0gbnVsbDtcclxuICB9XHJcblxyXG4gIHRyYWNlUGF0aChkaXN0YW5jZXMsIGtleUlkOiBzdHJpbmcpOiBFZGdlW10ge1xyXG4gICAgLy8gVGhlIG5vZGUgbGFiZWwgaXMgdGhlIHNhbWUgYXMgdGhlIGlkIG9mIHRoZSBrZXkgbm9kZXMuXHJcbiAgICBjb25zdCByZXQ6IEVkZ2VbXSA9IFtdO1xyXG4gICAgbGV0IG5vZGUgPSBrZXlJZDtcclxuICAgIGlmICghZGlzdGFuY2VzW25vZGVdLnByZWRlY2Vzc29yKSB7XHJcbiAgICAgIHJldHVybiBudWxsO1xyXG4gICAgfVxyXG5cclxuICAgIHdoaWxlIChkaXN0YW5jZXNbbm9kZV0ucHJlZGVjZXNzb3IpIHtcclxuICAgICAgY29uc3QgY2hpbGQgPSBkaXN0YW5jZXNbbm9kZV0ucHJlZGVjZXNzb3I7XHJcbiAgICAgIHJldC5wdXNoKHRoaXMuZ3JhcGguZWRnZShjaGlsZCwgbm9kZSkpO1xyXG4gICAgICBub2RlID0gY2hpbGQ7XHJcbiAgICB9XHJcblxyXG4gICAgLy8gQWZ0ZXIgcmV2ZXJzZSwgdGhlIGZpcnN0IGVsZW1lbnQgaXMgdGhlIHBhc3NrZXlcclxuICAgIHJldC5yZXZlcnNlKCk7XHJcblxyXG4gICAgcmV0dXJuIHJldDtcclxuICB9XHJcblxyXG4gIGdldFBhdGgoa25vd25LZXlJZDogc3RyaW5nLCBrZXlJZDogc3RyaW5nKTogRWRnZVtdIHtcclxuICAgIGlmICgha25vd25LZXlJZCB8fCB0eXBlb2Yga25vd25LZXlJZCAhPT0gJ3N0cmluZycpIHtcclxuICAgICAgdGhyb3cgbmV3IExyRW5jcnlwdGlvbkV4Y2VwdGlvbihcclxuICAgICAgICBgUGFyYW0ga25vd25LZXlJZCB3cm9uZyBmb3JtYXQ6ICR7a25vd25LZXlJZH1gXHJcbiAgICAgICk7XHJcbiAgICB9XHJcbiAgICBpZiAoIWtleUlkIHx8IHR5cGVvZiBrZXlJZCAhPT0gJ3N0cmluZycpIHtcclxuICAgICAgdGhyb3cgbmV3IExyRW5jcnlwdGlvbkV4Y2VwdGlvbihgUGFyYW0ga2V5SWQgd3JvbmcgZm9ybWF0OiAke2tleUlkfWApO1xyXG4gICAgfVxyXG5cclxuICAgIC8vID0+IHsgQTogeyBkaXN0YW5jZTogMCB9LFxyXG4gICAgLy8gICAgICBCOiB7IGRpc3RhbmNlOiA2LCBwcmVkZWNlc3NvcjogJ0MnIH0sXHJcbiAgICAvLyAgICAgIEM6IHsgZGlzdGFuY2U6IDQsIHByZWRlY2Vzc29yOiAnQScgfSxcclxuICAgIC8vICAgICAgRDogeyBkaXN0YW5jZTogMiwgcHJlZGVjZXNzb3I6ICdBJyB9LFxyXG4gICAgLy8gICAgICBFOiB7IGRpc3RhbmNlOiA4LCBwcmVkZWNlc3NvcjogJ0YnIH0sXHJcbiAgICAvLyAgICAgIEY6IHsgZGlzdGFuY2U6IDQsIHByZWRlY2Vzc29yOiAnRCcgfSB9XHJcbiAgICBjb25zdCBkaXN0YW5jZXMgPSBncmFwaGxpYi5hbGcuZGlqa3N0cmEodGhpcy5ncmFwaCwga25vd25LZXlJZCk7XHJcblxyXG4gICAgLy8gVHJhY2UgcGF0aCBmcm9tIGtleUlkIHRvIGtub3duS2V5SWRcclxuICAgIHJldHVybiB0aGlzLnRyYWNlUGF0aChkaXN0YW5jZXMsIGtleUlkKTtcclxuICB9XHJcblxyXG4gIGFzeW5jIGdldEp3a0tleShcclxuICAgIGtleU9ySWQ6IHN0cmluZyB8IEtleSxcclxuICAgIGdldEtleUlkQ2FsbGJhY2s/OiAoKSA9PiBQcm9taXNlPHN0cmluZz4gfCBzdHJpbmdcclxuICApOiBQcm9taXNlPEpXSy5LZXk+IHtcclxuICAgIHJldHVybiAoYXdhaXQgdGhpcy5nZXRLZXkoa2V5T3JJZCwgZ2V0S2V5SWRDYWxsYmFjaykpLmp3aztcclxuICB9XHJcblxyXG4gIC8vIFdlIGFzc3VtZSB0aGF0IHdoZW4gYSBrZXlJZCBpcyBmZXRjaGVkLCB0aGUga2V5IGdyYXBoXHJcbiAgLy8gZm9yIHRoZSBrZXkgaXMgYWxzbyByZXR1cm5lZCBhbmQgbWVyZ2VkIGludG8gdGhlIGNsaWVudC1zaWRlXHJcbiAgLy8ga2V5IGdyYXBoLiBCeSBpbnNpc3RpbmcgYSBrZXlJZCBpcyByZXR1cm5lZCBpbnN0ZWFkIG9mIHRoZVxyXG4gIC8vIGFjdHVhbCBrZXkgd2UgZW5zdXJlIGtleS1ncmFwaCBpcyBjb25zaXN0ZW50LlxyXG4gIGFzeW5jIGdldEtleShcclxuICAgIGtleU9ySWQ6IHN0cmluZyB8IEtleSxcclxuICAgIGdldEtleUlkQ2FsbGJhY2s/OiAoKSA9PiBQcm9taXNlPHN0cmluZz4gfCBzdHJpbmdcclxuICApOiBQcm9taXNlPEtleT4ge1xyXG4gICAgbGV0IGtleUlkID0gdHlwZW9mIGtleU9ySWQgPT09ICdzdHJpbmcnID8ga2V5T3JJZCA6IGtleU9ySWQ/LmlkO1xyXG5cclxuICAgIGlmICghdGhpcy5oYXNLZXkoa2V5SWQpICYmIGdldEtleUlkQ2FsbGJhY2spIHtcclxuICAgICAga2V5SWQgPSBhd2FpdCBnZXRLZXlJZENhbGxiYWNrKCk7XHJcbiAgICB9XHJcbiAgICAvLyBlbHNlLCBjb250aW51ZSBhbmQgbGV0IGl0IGZhaWwuXHJcblxyXG4gICAgY29uc3Qga2V5ID0gdGhpcy5rZXkoa2V5SWQpO1xyXG4gICAgaWYgKGtleS5qd2spIHtcclxuICAgICAgcmV0dXJuIGtleTtcclxuICAgIH0gZWxzZSB7XHJcbiAgICAgIHJldHVybiB0aGlzLnVud3JhcEtleSh0aGlzLmtleVNlcnZpY2UuZ2V0Q3VycmVudE1hc3RlcktleSgpLmlkLCBrZXlJZCk7XHJcbiAgICB9XHJcbiAgfVxyXG5cclxuICBwcml2YXRlIGFzeW5jIF91bndyYXBMaW5rKHdyYXBwaW5nS2V5LCBsaW5rLCBkc3RLZXkpIHtcclxuICAgIC8vIGNvbnNvbGUubG9nKFwiX3Vud3JhcExpbms6XCIsIGxpbmsuZGF0YS5rZXlJZCk7XHJcbiAgICBjb25zdCB3cmFwcGVkS2V5ID0gSlNPTi5wYXJzZShsaW5rLmRhdGEud3JhcHBlZEtleSk7XHJcbiAgICAvLyBTaWduYXR1cmVzIG9mIGtleXMgY29udGFpbiB0aGUga2V5IGl0c2VsZi4gVGhpcyB3YXkgd2Ugb25seSBuZWVkXHJcbiAgICAvLyB0byBhY2Nlc3MgdGhlIEtleUxpbmtzIHRvIGRlY3J5cHQvdmVyaWZ5IGtleXMuXHJcbiAgICBsZXQgbmV4dFJhd0tleTtcclxuICAgIGlmICh3cmFwcGVkS2V5LnNpZ25hdHVyZXMpIHtcclxuICAgICAgbmV4dFJhd0tleSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UudmVyaWZ5KHdyYXBwaW5nS2V5LCB3cmFwcGVkS2V5KTtcclxuICAgIH0gZWxzZSB7XHJcbiAgICAgIG5leHRSYXdLZXkgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoXHJcbiAgICAgICAgd3JhcHBpbmdLZXksXHJcbiAgICAgICAgd3JhcHBlZEtleVxyXG4gICAgICApO1xyXG4gICAgfVxyXG4gICAgZHN0S2V5Lmp3ayA9IGF3YWl0IEtGUy5hc0tleShuZXh0UmF3S2V5KTtcclxuICAgIGRzdEtleS50YXNrID0gbnVsbDtcclxuICB9XHJcblxyXG4gIHByaXZhdGUgYXN5bmMgX3Vud3JhcChrZXk6IEpXSy5LZXksIHBhdGg6IEVkZ2VbXSk6IFByb21pc2U8SldLLktleT4ge1xyXG4gICAgZm9yIChjb25zdCBsaW5rIG9mIHBhdGgpIHtcclxuICAgICAgY29uc3QgZHN0S2V5ID0gdGhpcy5rZXkobGluay5kYXRhLmtleUlkKTtcclxuICAgICAgLy8gY29uc29sZS5sb2coXCJrZXk6IFwiLCBsaW5rLmRhdGEua2V5SWQpO1xyXG4gICAgICBpZiAoZHN0S2V5Lmp3aykge1xyXG4gICAgICAgIGtleSA9IGRzdEtleS5qd2s7XHJcbiAgICAgICAgLy8gY29uc29sZS5sb2coXCJSZXR1cm5pbmcgY2FjaGVkIGtleTogXCIsIGxpbmsuZGF0YS5rZXlJZCk7XHJcbiAgICAgICAgY29udGludWU7XHJcbiAgICAgIH1cclxuXHJcbiAgICAgIGlmICghZHN0S2V5LnRhc2spIHtcclxuICAgICAgICBkc3RLZXkudGFzayA9IHRoaXMuX3Vud3JhcExpbmsoa2V5LCBsaW5rLCBkc3RLZXkpO1xyXG4gICAgICB9XHJcblxyXG4gICAgICBhd2FpdCBkc3RLZXkudGFzaztcclxuICAgICAga2V5ID0gZHN0S2V5Lmp3aztcclxuICAgIH1cclxuXHJcbiAgICByZXR1cm4ga2V5O1xyXG4gIH1cclxuXHJcbiAgcHVibGljIGFzeW5jIHVud3JhcFdpdGhQYXNzS2V5KFxyXG4gICAgcGFzc0tleUlkOiBzdHJpbmcsXHJcbiAgICBwYXNzS2V5OiBKV0suS2V5LFxyXG4gICAga2V5SWQ6IHN0cmluZ1xyXG4gICk6IFByb21pc2U8S2V5PiB7XHJcbiAgICAvLyBHZXQgcGF0aCBvZiB0aGUgZGlyZWN0b3J5IGtleS5cclxuICAgIGNvbnN0IHBhdGggPSB0aGlzLmdldFBhdGgocGFzc0tleUlkLCBrZXlJZCk7XHJcblxyXG4gICAgcmV0dXJuIHtcclxuICAgICAgaWQ6IGtleUlkLFxyXG4gICAgICBqd2s6IGF3YWl0IHRoaXMuX3Vud3JhcChwYXNzS2V5LCBwYXRoKSxcclxuICAgIH07XHJcbiAgfVxyXG5cclxuICBhc3luYyB1bndyYXBLZXkobWFzdGVyS2V5SWQ6IHN0cmluZywga2V5SWQ6IHN0cmluZyk6IFByb21pc2U8S2V5PiB7XHJcbiAgICAvLyBUaGUgZmlyc3Qga2V5IHNob3VsZCBiZSBhIG1hc3RlcktleVxyXG4gICAgY29uc3QgbWFzdGVyS2V5ID0gYXdhaXQgdGhpcy5rZXlTZXJ2aWNlLmxvYWRNYXN0ZXJLZXkobWFzdGVyS2V5SWQpO1xyXG5cclxuICAgIGlmIChtYXN0ZXJLZXlJZCA9PT0ga2V5SWQpIHtcclxuICAgICAgcmV0dXJuIG1hc3RlcktleTtcclxuICAgIH1cclxuXHJcbiAgICAvLyBHZXQgcGF0aCBvZiB0aGUgZGlyZWN0b3J5IGtleS5cclxuICAgIGNvbnN0IHBhdGggPSB0aGlzLmdldFBhdGgobWFzdGVyS2V5LmlkLCBrZXlJZCk7XHJcblxyXG4gICAgcmV0dXJuIHtcclxuICAgICAgaWQ6IGtleUlkLFxyXG4gICAgICBqd2s6IGF3YWl0IHRoaXMuX3Vud3JhcChtYXN0ZXJLZXkuandrLCBwYXRoKSxcclxuICAgIH07XHJcbiAgfVxyXG5cclxuICBhc3luYyBkZWNyeXB0RnJvbVN0cmluZzxUPihcclxuICAgIGtleU9ySWQ6IHN0cmluZyB8IEtleSxcclxuICAgIGNpcGhlckRhdGE6IHN0cmluZyxcclxuICAgIG9wdGlvbnM/OiBEZWNyeXB0T3B0aW9uc1xyXG4gICk6IFByb21pc2U8VD4ge1xyXG4gICAgaWYgKGNpcGhlckRhdGEpIHtcclxuICAgICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5nZXRKd2tLZXkoa2V5T3JJZCk7XHJcbiAgICAgIHJldHVybiAoYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxyXG4gICAgICAgIGtleSxcclxuICAgICAgICBKU09OLnBhcnNlKGNpcGhlckRhdGEpLFxyXG4gICAgICAgIG9wdGlvbnNcclxuICAgICAgKSkgYXMgYW55O1xyXG4gICAgfVxyXG4gICAgcmV0dXJuIG51bGw7XHJcbiAgfVxyXG5cclxuICBhc3luYyBkZWNyeXB0RmlsZShrZXlJZDogc3RyaW5nLCBmaWxlOiBhbnkpOiBQcm9taXNlPGFueT4ge1xyXG4gICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5nZXRKd2tLZXkoa2V5SWQpO1xyXG4gICAgcmV0dXJuIChhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoa2V5LCBmaWxlLCB7XHJcbiAgICAgIHBheWxvYWRUeXBlOiAnQXJyYXlCdWZmZXInLFxyXG4gICAgfSkpIGFzIGFueTtcclxuICB9XHJcblxyXG4gIC8vIFRPRE8gcmVuYW1lIHRoaXMgdG8gZW5jcnlwdCgpIGFuZCB1c2UgYXMgdGhlIG1vc3QgY29tbW9uIHVzZWNhc2VcclxuICBhc3luYyBlbmNyeXB0VG9TdHJpbmcoXHJcbiAgICBrZXk6IHN0cmluZyB8IEtleSB8IEpXSy5LZXksXHJcbiAgICBjb250ZW50OiBhbnlcclxuICApOiBQcm9taXNlPHN0cmluZz4ge1xyXG4gICAgLy8gRW1wdHkgc3RyaW5nIHNob3VsZCBiZSBlbmNyeXB0ZWQgc2luY2UgeW91IHdhbnQgdG8gY2xlYXIgdGhlIGZpZWxkLlxyXG4gICAgLy8gTnVsbCBpcyBub3QgZW5jcnlwdGVkIGJlY2F1c2UgaXQncyBub3QgdmFsaWQgSlNPTiBpbiB0aGUgb2xkIEpTT04gc3BlYy4gVXNlXHJcbiAgICAvLyBlbXB0eSBzdHJpbmcgaW5zdGVhZC4gSXQnbGwgZnVuY3Rpb24gYXMgYSBsb2dpYyBmYWxzZSBhcyB3ZWxsLlxyXG4gICAgLy8gTm90ZSB0aGF0IHBhc3NpbmcgaW4gZW1wdHkgc3RyaW5nIG1lYW5zIGl0J2xsIGJlIGVuY3J5cHRlZCB3aGljaCB2ZXJpZmllc1xyXG4gICAgLy8gaXQncyBpbnRlZ3JpdHkuIEJ1dCB3ZSBzdGlsbCB3YW50IHRvIGhhdmUgYSB3YXkgdG8gc2V0IHRoZSBEQiBmaWVsZFxyXG4gICAgLy8gdG8gTlVMTCwgc28gd2UgZXhwbGljaXRseSByZXR1cm4gbnVsbCB3aGVuIGNvbnRlbnQgPT0gbnVsbC4gQSBudWxsXHJcbiAgICAvLyB2YXJpYWJsZSBpbiBncmFwaHFsIG11dGF0aW9uIG9uIEtDIHNlcnZlciBjbGVhcnMgdGhlIGZpZWxkIHRvIE5VTEwuXHJcbiAgICBpZiAoY29udGVudCA9PSBudWxsKSB7XHJcbiAgICAgIHJldHVybiBudWxsO1xyXG4gICAgfVxyXG5cclxuICAgIGNvbnN0IGp3ayA9IGFzSndrKGtleSkgfHwgKGF3YWl0IHRoaXMuZ2V0SndrS2V5KGtleSBhcyBzdHJpbmcgfCBLZXkpKTtcclxuICAgIHJldHVybiB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHRUb1N0cmluZyhqd2ssIGNvbnRlbnQpO1xyXG4gIH1cclxuXHJcbiAgLy8gV3JhcHMgYSBzeW1tZXRyaWMgZW5jcnlwdGlvbiBrZXkuXHJcbiAgLy8gVGhyb3dzIGV4Y2VwdGlvbiBpZiB3cmFwcGluZyBwdWJsaWMga2V5cy5cclxuICBhc3luYyB3cmFwS2V5PFQ+KFxyXG4gICAgd3JhcHBpbmdLZXk6IHN0cmluZyB8IEtleSB8IEpXSy5LZXksXHJcbiAgICBrZXk6IEpXSy5LZXlcclxuICApOiBQcm9taXNlPHN0cmluZz4ge1xyXG4gICAgaWYgKCFpc1N5bW1ldHJpY0tleShrZXkpKSB7XHJcbiAgICAgIHRocm93IG5ldyBMckJhZEFyZ3VtZW50RXhjZXB0aW9uKFxyXG4gICAgICAgICdPbmx5IGFsbG93aW5nIHdyYXBwaW5nIG9mIHN5bW1ldHJpYyBrZXlzLidcclxuICAgICAgKTtcclxuICAgIH1cclxuXHJcbiAgICByZXR1cm4gdGhpcy5lbmNyeXB0VG9TdHJpbmcod3JhcHBpbmdLZXksIGtleS50b0pTT04odHJ1ZSkpO1xyXG4gIH1cclxuXHJcbiAgLy8gVE9ET1xyXG4gIC8vIGFzeW5jIHdyYXBQdWJsaWNLZXk8VD4oKTtcclxuICAvLyBhc3luYyB3cmFwUHJpdmF0ZUtleTxUPigpO1xyXG59XHJcbiJdfQ==

package/esm2015/lib/cryptography/key-meta.service.js

@@ -0,0 +1,200 @@
+import { __awaiter } from "tslib";
+import { Injectable } from '@angular/core';
+import { LrApolloService } from '../api/lr-apollo.service';
+import { GetCategoryKeyIdQuery } from '../category/category.gql';
+import { EncryptionService, } from './encryption.service';
+import { KeyFactoryService } from './key-factory.service';
+import { KeyGraphService } from './key-graph.service';
+import { KeyService } from './key.service';
+import * as i0 from "@angular/core";
+import * as i1 from "./encryption.service";
+import * as i2 from "./key-graph.service";
+import * as i3 from "../api/lr-apollo.service";
+import * as i4 from "./key.service";
+import * as i5 from "./key-factory.service";
+export class WrappedContent {
+}
+export class WrappingKey {
+}
+export class KeyMetaService {
+    constructor(encryptionService, keyGraph, lrApollo, keyService, keyFactory) {
+        this.encryptionService = encryptionService;
+        this.keyGraph = keyGraph;
+        this.lrApollo = lrApollo;
+        this.keyService = keyService;
+        this.keyFactory = keyFactory;
+    }
+    // async decryptFromString<T>(
+    //   keyOrId: string | Key,
+    //   cipherData: string,
+    //   options?: DecryptOptions
+    // ): Promise<T> {
+    //   if (cipherData) {
+    //     const key = await this.keyGraphService.getJwkKey(keyOrId);
+    //     return (await this.encryptionService.decrypt(
+    //       key,
+    //       JSON.parse(cipherData),
+    //       options
+    //     )) as any;
+    //   }
+    //   return null;
+    // }
+    decryptMeta(metaHaver) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (metaHaver.cipherMeta) {
+                const key = yield this.keyGraph.getJwkKey(metaHaver.keyId);
+                return (yield this.encryptionService.decrypt(key, JSON.parse(metaHaver.cipherMeta)));
+            }
+            return null;
+        });
+    }
+    // async decryptFile(keyId: string, file: any): Promise<any> {
+    //   const key = await this.keyGraphService.getJwkKey(keyId);
+    //   return (await this.encryptionService.decrypt(key, file, {
+    //     payloadType: 'ArrayBuffer',
+    //   })) as any;
+    // }
+    // // TODO rename this to encrypt() and use as the most common usecase
+    // async encryptToString(
+    //   key: string | Key | JWK.Key,
+    //   content: any
+    // ): Promise<string> {
+    //   // Empty string should be encrypted since you want to clear the field.
+    //   // Null is not encrypted because it's not valid JSON in the old JSON spec. Use
+    //   // empty string instead. It'll function as a logic false as well.
+    //   // Note that passing in empty string means it'll be encrypted which verifies
+    //   // it's integrity. But we still want to have a way to set the DB field
+    //   // to NULL, so we explicitly return null when content == null. A null
+    //   // variable in graphql mutation on KC server clears the field to NULL.
+    //   if (content == null) {
+    //     return null;
+    //   }
+    //   const jwk =
+    //     asJwk(key) || (await this.keyGraphService.getJwkKey(key as string | Key));
+    //   return JSON.stringify(await this.encryptionService.encrypt(jwk, content));
+    // }
+    // // Wraps a symmetric encryption key.
+    // // Throws exception if wrapping public keys.
+    // async wrapKey<T>(
+    //   wrappingKey: string | Key | JWK.Key,
+    //   key: JWK.Key
+    // ): Promise<string> {
+    //   if (!isSymmetricKey(key)) {
+    //     throw new LrBadArgumentException(
+    //       'Only allowing wrapping of symmetric keys.'
+    //     );
+    //   }
+    //   return this.encryptToString(wrappingKey, key.toJSON(true));
+    // }
+    // // TODO
+    // // async wrapPublicKey<T>();
+    // // async wrapPrivateKey<T>();
+    doubleWrapContent(secureContent, categoryIds, fileContent) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.keyFactory.createKey();
+            const wrappedContent = yield this.wrapContent(key.toJSON(true), categoryIds);
+            return {
+                rootKey: wrappedContent.rootKey,
+                wrappedKeys: wrappedContent.wrappedKeys,
+                doubleWrappedKey: wrappedContent.cipherMeta,
+                cipherMeta: secureContent
+                    ? JSON.stringify(yield this.encryptionService.encrypt(key, secureContent))
+                    : null,
+                cipherFileContent: fileContent
+                    ? JSON.stringify(yield this.encryptionService.encrypt(key, fileContent))
+                    : null,
+            };
+        });
+    }
+    reWrapContent(keyId, secureContent) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.keyGraph.getJwkKey(keyId);
+            const newKey = yield this.keyFactory.createKey();
+            return {
+                doubleWrappedKey: JSON.stringify(yield this.encryptionService.encrypt(key, newKey.toJSON(true))),
+                cipherMeta: secureContent
+                    ? JSON.stringify(yield this.encryptionService.encrypt(newKey, secureContent))
+                    : null,
+            };
+        });
+    }
+    wrapContent(secureContent, categoryIds) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.keyFactory.createKey();
+            let wrappedKeys;
+            let rootWrappingKey;
+            if (categoryIds && categoryIds.length) {
+                wrappedKeys = yield Promise.all(categoryIds.map((categoryId) => __awaiter(this, void 0, void 0, function* () {
+                    const parentKey = yield this.getCategoryKeyId(categoryId);
+                    const wrappedKey = JSON.stringify(yield this.encryptionService.encrypt(parentKey.key, key.toJSON(true)));
+                    return {
+                        directoryId: categoryId,
+                        wrappingKeyId: parentKey.keyId,
+                        wrappedKey,
+                    };
+                })));
+            }
+            else {
+                // Adding to root directory
+                const rootKey = this.keyService.getCurrentRootKey();
+                const wrappedKey = JSON.stringify(yield this.encryptionService.encrypt(rootKey.jwk, key.toJSON(true)));
+                rootWrappingKey = {
+                    wrappingKeyId: rootKey.id,
+                    wrappedKey,
+                };
+            }
+            return {
+                key,
+                rootKey: rootWrappingKey,
+                wrappedKeys,
+                cipherMeta: secureContent
+                    ? JSON.stringify(yield this.encryptionService.encrypt(key, secureContent))
+                    : null,
+            };
+        });
+    }
+    wrapContentWithKey(secureContent, keyId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.keyFactory.createKey();
+            const wrappedKey = yield this.keyGraph.encryptToString(keyId, key.toJSON(true));
+            return {
+                key,
+                rootKey: {
+                    wrappingKeyId: keyId,
+                    wrappedKey,
+                },
+                cipherMeta: secureContent
+                    ? JSON.stringify(yield this.encryptionService.encrypt(key, secureContent))
+                    : null,
+            };
+        });
+    }
+    getCategoryKeyId(categoryId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { category } = yield this.lrApollo.query({
+                query: GetCategoryKeyIdQuery,
+                variables: {
+                    id: categoryId,
+                },
+            });
+            return {
+                keyId: category.keyId,
+                key: yield this.keyGraph.getJwkKey(category.keyId),
+            };
+        });
+    }
+}
+KeyMetaService.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyMetaService_Factory() { return new KeyMetaService(i0.ɵɵinject(i1.EncryptionService), i0.ɵɵinject(i2.KeyGraphService), i0.ɵɵinject(i3.LrApolloService), i0.ɵɵinject(i4.KeyService), i0.ɵɵinject(i5.KeyFactoryService)); }, token: KeyMetaService, providedIn: "root" });
+KeyMetaService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+KeyMetaService.ctorParameters = () => [
+    { type: EncryptionService },
+    { type: KeyGraphService },
+    { type: LrApolloService },
+    { type: KeyService },
+    { type: KeyFactoryService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LW1ldGEuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiJDOi9Qcm9qZWN0cy9uZXdyZXBvL2tjLWNsaWVudC9wcm9qZWN0cy9jb3JlL3NyYy8iLCJzb3VyY2VzIjpbImxpYi9jcnlwdG9ncmFwaHkva2V5LW1ldGEuc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUUzQyxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFDM0QsT0FBTyxFQUFFLHFCQUFxQixFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFHakUsT0FBTyxFQUdMLGlCQUFpQixHQUVsQixNQUFNLHNCQUFzQixDQUFDO0FBQzlCLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLHVCQUF1QixDQUFDO0FBQzFELE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUN0RCxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sZUFBZSxDQUFDOzs7Ozs7O0FBTzNDLE1BQU0sT0FBTyxjQUFjO0NBSzFCO0FBRUQsTUFBTSxPQUFPLFdBQVc7Q0FJdkI7QUFLRCxNQUFNLE9BQU8sY0FBYztJQUN6QixZQUNVLGlCQUFvQyxFQUNwQyxRQUF5QixFQUN6QixRQUF5QixFQUN6QixVQUFzQixFQUN0QixVQUE2QjtRQUo3QixzQkFBaUIsR0FBakIsaUJBQWlCLENBQW1CO1FBQ3BDLGFBQVEsR0FBUixRQUFRLENBQWlCO1FBQ3pCLGFBQVEsR0FBUixRQUFRLENBQWlCO1FBQ3pCLGVBQVUsR0FBVixVQUFVLENBQVk7UUFDdEIsZUFBVSxHQUFWLFVBQVUsQ0FBbUI7SUFDcEMsQ0FBQztJQUVKLDhCQUE4QjtJQUM5QiwyQkFBMkI7SUFDM0Isd0JBQXdCO0lBQ3hCLDZCQUE2QjtJQUM3QixrQkFBa0I7SUFDbEIsc0JBQXNCO0lBQ3RCLGlFQUFpRTtJQUNqRSxvREFBb0Q7SUFDcEQsYUFBYTtJQUNiLGdDQUFnQztJQUNoQyxnQkFBZ0I7SUFDaEIsaUJBQWlCO0lBQ2pCLE1BQU07SUFDTixpQkFBaUI7SUFDakIsSUFBSTtJQUVFLFdBQVcsQ0FBSSxTQUF3Qjs7WUFDM0MsSUFBSSxTQUFTLENBQUMsVUFBVSxFQUFFO2dCQUN4QixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQztnQkFDM0QsT0FBTyxDQUFDLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDMUMsR0FBRyxFQUNILElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLFVBQVUsQ0FBQyxDQUNqQyxDQUFRLENBQUM7YUFDWDtZQUNELE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztLQUFBO0lBRUQsOERBQThEO0lBQzlELDZEQUE2RDtJQUM3RCw4REFBOEQ7SUFDOUQsa0NBQWtDO0lBQ2xDLGdCQUFnQjtJQUNoQixJQUFJO0lBRUosc0VBQXNFO0lBQ3RFLHlCQUF5QjtJQUN6QixpQ0FBaUM7SUFDakMsaUJBQWlCO0lBQ2pCLHVCQUF1QjtJQUN2QiwyRUFBMkU7SUFDM0UsbUZBQW1GO0lBQ25GLHNFQUFzRTtJQUN0RSxpRkFBaUY7SUFDakYsMkVBQTJFO0lBQzNFLDBFQUEwRTtJQUMxRSwyRUFBMkU7SUFDM0UsMkJBQTJCO0lBQzNCLG1CQUFtQjtJQUNuQixNQUFNO0lBRU4sZ0JBQWdCO0lBQ2hCLGlGQUFpRjtJQUNqRiwrRUFBK0U7SUFDL0UsSUFBSTtJQUVKLHVDQUF1QztJQUN2QywrQ0FBK0M7SUFDL0Msb0JBQW9CO0lBQ3BCLHlDQUF5QztJQUN6QyxpQkFBaUI7SUFDakIsdUJBQXVCO0lBQ3ZCLGdDQUFnQztJQUNoQyx3Q0FBd0M7SUFDeEMsb0RBQW9EO0lBQ3BELFNBQVM7SUFDVCxNQUFNO0lBRU4sZ0VBQWdFO0lBQ2hFLElBQUk7SUFFSixVQUFVO0lBQ1YsK0JBQStCO0lBQy9CLGdDQUFnQztJQUUxQixpQkFBaUIsQ0FDckIsYUFBa0IsRUFDbEIsV0FBcUIsRUFDckIsV0FBeUI7O1lBRXpCLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUU5QyxNQUFNLGNBQWMsR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQzNDLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEVBQ2hCLFdBQVcsQ0FDWixDQUFDO1lBRUYsT0FBTztnQkFDTCxPQUFPLEVBQUUsY0FBYyxDQUFDLE9BQU87Z0JBQy9CLFdBQVcsRUFBRSxjQUFjLENBQUMsV0FBVztnQkFDdkMsZ0JBQWdCLEVBQUUsY0FBYyxDQUFDLFVBQVU7Z0JBQzNDLFVBQVUsRUFBRSxhQUFhO29CQUN2QixDQUFDLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FDWixNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsR0FBRyxFQUFFLGFBQWEsQ0FBQyxDQUN6RDtvQkFDSCxDQUFDLENBQUMsSUFBSTtnQkFDUixpQkFBaUIsRUFBRSxXQUFXO29CQUM1QixDQUFDLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsR0FBRyxFQUFFLFdBQVcsQ0FBQyxDQUFDO29CQUN4RSxDQUFDLENBQUMsSUFBSTthQUNULENBQUM7UUFDSixDQUFDO0tBQUE7SUFFSyxhQUFhLENBQUMsS0FBYSxFQUFFLGFBQWtCOztZQUNuRCxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxDQUFDO1lBQ2pELE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUVqRCxPQUFPO2dCQUNMLGdCQUFnQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQzlCLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQyxHQUFHLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUMvRDtnQkFDRCxVQUFVLEVBQUUsYUFBYTtvQkFDdkIsQ0FBQyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQ1osTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLE1BQU0sRUFBRSxhQUFhLENBQUMsQ0FDNUQ7b0JBQ0gsQ0FBQyxDQUFDLElBQUk7YUFDVCxDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRUssV0FBVyxDQUNmLGFBQWtCLEVBQ2xCLFdBQXNCOztZQUV0QixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxFQUFFLENBQUM7WUFFOUMsSUFBSSxXQUEwQixDQUFDO1lBQy9CLElBQUksZUFBNEIsQ0FBQztZQUVqQyxJQUFJLFdBQVcsSUFBSSxXQUFXLENBQUMsTUFBTSxFQUFFO2dCQUNyQyxXQUFXLEdBQUcsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUM3QixXQUFXLENBQUMsR0FBRyxDQUFDLENBQU8sVUFBVSxFQUFFLEVBQUU7b0JBQ25DLE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLGdCQUFnQixDQUFDLFVBQVUsQ0FBQyxDQUFDO29CQUMxRCxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUMvQixNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ2xDLFNBQVMsQ0FBQyxHQUFHLEVBQ2IsR0FBRyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDakIsQ0FDRixDQUFDO29CQUNGLE9BQU87d0JBQ0wsV0FBVyxFQUFFLFVBQVU7d0JBQ3ZCLGFBQWEsRUFBRSxTQUFTLENBQUMsS0FBSzt3QkFDOUIsVUFBVTtxQkFDWCxDQUFDO2dCQUNKLENBQUMsQ0FBQSxDQUFDLENBQ0gsQ0FBQzthQUNIO2lCQUFNO2dCQUNMLDJCQUEyQjtnQkFDM0IsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO2dCQUNwRCxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUMvQixNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLEdBQUcsRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQ3BFLENBQUM7Z0JBQ0YsZUFBZSxHQUFHO29CQUNoQixhQUFhLEVBQUUsT0FBTyxDQUFDLEVBQUU7b0JBQ3pCLFVBQVU7aUJBQ1gsQ0FBQzthQUNIO1lBRUQsT0FBTztnQkFDTCxHQUFHO2dCQUNILE9BQU8sRUFBRSxlQUFlO2dCQUN4QixXQUFXO2dCQUNYLFVBQVUsRUFBRSxhQUFhO29CQUN2QixDQUFDLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FDWixNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsR0FBRyxFQUFFLGFBQWEsQ0FBQyxDQUN6RDtvQkFDSCxDQUFDLENBQUMsSUFBSTthQUNULENBQUM7UUFDSixDQUFDO0tBQUE7SUFFSyxrQkFBa0IsQ0FDdEIsYUFBa0IsRUFDbEIsS0FBYTs7WUFFYixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxFQUFFLENBQUM7WUFFOUMsTUFBTSxVQUFVLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLGVBQWUsQ0FDcEQsS0FBSyxFQUNMLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQ2pCLENBQUM7WUFFRixPQUFPO2dCQUNMLEdBQUc7Z0JBQ0gsT0FBTyxFQUFFO29CQUNQLGFBQWEsRUFBRSxLQUFLO29CQUNwQixVQUFVO2lCQUNYO2dCQUNELFVBQVUsRUFBRSxhQUFhO29CQUN2QixDQUFDLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FDWixNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsR0FBRyxFQUFFLGFBQWEsQ0FBQyxDQUN6RDtvQkFDSCxDQUFDLENBQUMsSUFBSTthQUNULENBQUM7UUFDSixDQUFDO0tBQUE7SUFFYSxnQkFBZ0IsQ0FDNUIsVUFBa0I7O1lBRWxCLE1BQU0sRUFBRSxRQUFRLEVBQUUsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFNO2dCQUNsRCxLQUFLLEVBQUUscUJBQXFCO2dCQUM1QixTQUFTLEVBQUU7b0JBQ1QsRUFBRSxFQUFFLFVBQVU7aUJBQ2Y7YUFDRixDQUFDLENBQUM7WUFFSCxPQUFPO2dCQUNMLEtBQUssRUFBRSxRQUFRLENBQUMsS0FBSztnQkFDckIsR0FBRyxFQUFFLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQzthQUNuRCxDQUFDO1FBQ0osQ0FBQztLQUFBOzs7O1lBMU5GLFVBQVUsU0FBQztnQkFDVixVQUFVLEVBQUUsTUFBTTthQUNuQjs7O1lBM0JDLGlCQUFpQjtZQUlWLGVBQWU7WUFYZixlQUFlO1lBWWYsVUFBVTtZQUZWLGlCQUFpQiIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEluamVjdGFibGUgfSBmcm9tICdAYW5ndWxhci9jb3JlJztcclxuaW1wb3J0IHsgSldLIH0gZnJvbSAnbm9kZS1qb3NlJztcclxuaW1wb3J0IHsgTHJBcG9sbG9TZXJ2aWNlIH0gZnJvbSAnLi4vYXBpL2xyLWFwb2xsby5zZXJ2aWNlJztcclxuaW1wb3J0IHsgR2V0Q2F0ZWdvcnlLZXlJZFF1ZXJ5IH0gZnJvbSAnLi4vY2F0ZWdvcnkvY2F0ZWdvcnkuZ3FsJztcclxuaW1wb3J0IHsgTHJCYWRBcmd1bWVudEV4Y2VwdGlvbiB9IGZyb20gJy4uL19jb21tb24vZXhjZXB0aW9ucyc7XHJcbmltcG9ydCB7IEtleSwgUGF5bG9hZFR5cGUgfSBmcm9tICcuL2NyeXB0b2dyYXBoeS50eXBlcyc7XHJcbmltcG9ydCB7XHJcbiAgYXNKd2ssXHJcbiAgRGVjcnlwdE9wdGlvbnMsXHJcbiAgRW5jcnlwdGlvblNlcnZpY2UsXHJcbiAgaXNTeW1tZXRyaWNLZXksXHJcbn0gZnJvbSAnLi9lbmNyeXB0aW9uLnNlcnZpY2UnO1xyXG5pbXBvcnQgeyBLZXlGYWN0b3J5U2VydmljZSB9IGZyb20gJy4va2V5LWZhY3Rvcnkuc2VydmljZSc7XHJcbmltcG9ydCB7IEtleUdyYXBoU2VydmljZSB9IGZyb20gJy4va2V5LWdyYXBoLnNlcnZpY2UnO1xyXG5pbXBvcnQgeyBLZXlTZXJ2aWNlIH0gZnJvbSAnLi9rZXkuc2VydmljZSc7XHJcblxyXG5leHBvcnQgaW50ZXJmYWNlIEhhc0NpcGhlck1ldGEge1xyXG4gIGtleUlkOiBzdHJpbmc7XHJcbiAgY2lwaGVyTWV0YTogc3RyaW5nO1xyXG59XHJcblxyXG5leHBvcnQgY2xhc3MgV3JhcHBlZENvbnRlbnQge1xyXG4gIGtleTogSldLLktleTtcclxuICBjaXBoZXJNZXRhOiBzdHJpbmc7XHJcbiAgd3JhcHBlZEtleXM/OiBXcmFwcGluZ0tleVtdO1xyXG4gIHJvb3RLZXk/OiBXcmFwcGluZ0tleTtcclxufVxyXG5cclxuZXhwb3J0IGNsYXNzIFdyYXBwaW5nS2V5IHtcclxuICBkaXJlY3RvcnlJZD86IHN0cmluZztcclxuICB3cmFwcGluZ0tleUlkOiBzdHJpbmc7XHJcbiAgd3JhcHBlZEtleTogc3RyaW5nO1xyXG59XHJcblxyXG5ASW5qZWN0YWJsZSh7XHJcbiAgcHJvdmlkZWRJbjogJ3Jvb3QnLFxyXG59KVxyXG5leHBvcnQgY2xhc3MgS2V5TWV0YVNlcnZpY2Uge1xyXG4gIGNvbnN0cnVjdG9yKFxyXG4gICAgcHJpdmF0ZSBlbmNyeXB0aW9uU2VydmljZTogRW5jcnlwdGlvblNlcnZpY2UsXHJcbiAgICBwcml2YXRlIGtleUdyYXBoOiBLZXlHcmFwaFNlcnZpY2UsXHJcbiAgICBwcml2YXRlIGxyQXBvbGxvOiBMckFwb2xsb1NlcnZpY2UsXHJcbiAgICBwcml2YXRlIGtleVNlcnZpY2U6IEtleVNlcnZpY2UsXHJcbiAgICBwcml2YXRlIGtleUZhY3Rvcnk6IEtleUZhY3RvcnlTZXJ2aWNlXHJcbiAgKSB7fVxyXG5cclxuICAvLyBhc3luYyBkZWNyeXB0RnJvbVN0cmluZzxUPihcclxuICAvLyAgIGtleU9ySWQ6IHN0cmluZyB8IEtleSxcclxuICAvLyAgIGNpcGhlckRhdGE6IHN0cmluZyxcclxuICAvLyAgIG9wdGlvbnM/OiBEZWNyeXB0T3B0aW9uc1xyXG4gIC8vICk6IFByb21pc2U8VD4ge1xyXG4gIC8vICAgaWYgKGNpcGhlckRhdGEpIHtcclxuICAvLyAgICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5rZXlHcmFwaFNlcnZpY2UuZ2V0SndrS2V5KGtleU9ySWQpO1xyXG4gIC8vICAgICByZXR1cm4gKGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZGVjcnlwdChcclxuICAvLyAgICAgICBrZXksXHJcbiAgLy8gICAgICAgSlNPTi5wYXJzZShjaXBoZXJEYXRhKSxcclxuICAvLyAgICAgICBvcHRpb25zXHJcbiAgLy8gICAgICkpIGFzIGFueTtcclxuICAvLyAgIH1cclxuICAvLyAgIHJldHVybiBudWxsO1xyXG4gIC8vIH1cclxuXHJcbiAgYXN5bmMgZGVjcnlwdE1ldGE8VD4obWV0YUhhdmVyOiBIYXNDaXBoZXJNZXRhKTogUHJvbWlzZTxUPiB7XHJcbiAgICBpZiAobWV0YUhhdmVyLmNpcGhlck1ldGEpIHtcclxuICAgICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5rZXlHcmFwaC5nZXRKd2tLZXkobWV0YUhhdmVyLmtleUlkKTtcclxuICAgICAgcmV0dXJuIChhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoXHJcbiAgICAgICAga2V5LFxyXG4gICAgICAgIEpTT04ucGFyc2UobWV0YUhhdmVyLmNpcGhlck1ldGEpXHJcbiAgICAgICkpIGFzIGFueTtcclxuICAgIH1cclxuICAgIHJldHVybiBudWxsO1xyXG4gIH1cclxuXHJcbiAgLy8gYXN5bmMgZGVjcnlwdEZpbGUoa2V5SWQ6IHN0cmluZywgZmlsZTogYW55KTogUHJvbWlzZTxhbnk+IHtcclxuICAvLyAgIGNvbnN0IGtleSA9IGF3YWl0IHRoaXMua2V5R3JhcGhTZXJ2aWNlLmdldEp3a0tleShrZXlJZCk7XHJcbiAgLy8gICByZXR1cm4gKGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZGVjcnlwdChrZXksIGZpbGUsIHtcclxuICAvLyAgICAgcGF5bG9hZFR5cGU6ICdBcnJheUJ1ZmZlcicsXHJcbiAgLy8gICB9KSkgYXMgYW55O1xyXG4gIC8vIH1cclxuXHJcbiAgLy8gLy8gVE9ETyByZW5hbWUgdGhpcyB0byBlbmNyeXB0KCkgYW5kIHVzZSBhcyB0aGUgbW9zdCBjb21tb24gdXNlY2FzZVxyXG4gIC8vIGFzeW5jIGVuY3J5cHRUb1N0cmluZyhcclxuICAvLyAgIGtleTogc3RyaW5nIHwgS2V5IHwgSldLLktleSxcclxuICAvLyAgIGNvbnRlbnQ6IGFueVxyXG4gIC8vICk6IFByb21pc2U8c3RyaW5nPiB7XHJcbiAgLy8gICAvLyBFbXB0eSBzdHJpbmcgc2hvdWxkIGJlIGVuY3J5cHRlZCBzaW5jZSB5b3Ugd2FudCB0byBjbGVhciB0aGUgZmllbGQuXHJcbiAgLy8gICAvLyBOdWxsIGlzIG5vdCBlbmNyeXB0ZWQgYmVjYXVzZSBpdCdzIG5vdCB2YWxpZCBKU09OIGluIHRoZSBvbGQgSlNPTiBzcGVjLiBVc2VcclxuICAvLyAgIC8vIGVtcHR5IHN0cmluZyBpbnN0ZWFkLiBJdCdsbCBmdW5jdGlvbiBhcyBhIGxvZ2ljIGZhbHNlIGFzIHdlbGwuXHJcbiAgLy8gICAvLyBOb3RlIHRoYXQgcGFzc2luZyBpbiBlbXB0eSBzdHJpbmcgbWVhbnMgaXQnbGwgYmUgZW5jcnlwdGVkIHdoaWNoIHZlcmlmaWVzXHJcbiAgLy8gICAvLyBpdCdzIGludGVncml0eS4gQnV0IHdlIHN0aWxsIHdhbnQgdG8gaGF2ZSBhIHdheSB0byBzZXQgdGhlIERCIGZpZWxkXHJcbiAgLy8gICAvLyB0byBOVUxMLCBzbyB3ZSBleHBsaWNpdGx5IHJldHVybiBudWxsIHdoZW4gY29udGVudCA9PSBudWxsLiBBIG51bGxcclxuICAvLyAgIC8vIHZhcmlhYmxlIGluIGdyYXBocWwgbXV0YXRpb24gb24gS0Mgc2VydmVyIGNsZWFycyB0aGUgZmllbGQgdG8gTlVMTC5cclxuICAvLyAgIGlmIChjb250ZW50ID09IG51bGwpIHtcclxuICAvLyAgICAgcmV0dXJuIG51bGw7XHJcbiAgLy8gICB9XHJcblxyXG4gIC8vICAgY29uc3QgandrID1cclxuICAvLyAgICAgYXNKd2soa2V5KSB8fCAoYXdhaXQgdGhpcy5rZXlHcmFwaFNlcnZpY2UuZ2V0SndrS2V5KGtleSBhcyBzdHJpbmcgfCBLZXkpKTtcclxuICAvLyAgIHJldHVybiBKU09OLnN0cmluZ2lmeShhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoandrLCBjb250ZW50KSk7XHJcbiAgLy8gfVxyXG5cclxuICAvLyAvLyBXcmFwcyBhIHN5bW1ldHJpYyBlbmNyeXB0aW9uIGtleS5cclxuICAvLyAvLyBUaHJvd3MgZXhjZXB0aW9uIGlmIHdyYXBwaW5nIHB1YmxpYyBrZXlzLlxyXG4gIC8vIGFzeW5jIHdyYXBLZXk8VD4oXHJcbiAgLy8gICB3cmFwcGluZ0tleTogc3RyaW5nIHwgS2V5IHwgSldLLktleSxcclxuICAvLyAgIGtleTogSldLLktleVxyXG4gIC8vICk6IFByb21pc2U8c3RyaW5nPiB7XHJcbiAgLy8gICBpZiAoIWlzU3ltbWV0cmljS2V5KGtleSkpIHtcclxuICAvLyAgICAgdGhyb3cgbmV3IExyQmFkQXJndW1lbnRFeGNlcHRpb24oXHJcbiAgLy8gICAgICAgJ09ubHkgYWxsb3dpbmcgd3JhcHBpbmcgb2Ygc3ltbWV0cmljIGtleXMuJ1xyXG4gIC8vICAgICApO1xyXG4gIC8vICAgfVxyXG5cclxuICAvLyAgIHJldHVybiB0aGlzLmVuY3J5cHRUb1N0cmluZyh3cmFwcGluZ0tleSwga2V5LnRvSlNPTih0cnVlKSk7XHJcbiAgLy8gfVxyXG5cclxuICAvLyAvLyBUT0RPXHJcbiAgLy8gLy8gYXN5bmMgd3JhcFB1YmxpY0tleTxUPigpO1xyXG4gIC8vIC8vIGFzeW5jIHdyYXBQcml2YXRlS2V5PFQ+KCk7XHJcblxyXG4gIGFzeW5jIGRvdWJsZVdyYXBDb250ZW50KFxyXG4gICAgc2VjdXJlQ29udGVudDogYW55LFxyXG4gICAgY2F0ZWdvcnlJZHM6IHN0cmluZ1tdLFxyXG4gICAgZmlsZUNvbnRlbnQ/OiBBcnJheUJ1ZmZlclxyXG4gICkge1xyXG4gICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZUtleSgpO1xyXG5cclxuICAgIGNvbnN0IHdyYXBwZWRDb250ZW50ID0gYXdhaXQgdGhpcy53cmFwQ29udGVudChcclxuICAgICAga2V5LnRvSlNPTih0cnVlKSxcclxuICAgICAgY2F0ZWdvcnlJZHNcclxuICAgICk7XHJcblxyXG4gICAgcmV0dXJuIHtcclxuICAgICAgcm9vdEtleTogd3JhcHBlZENvbnRlbnQucm9vdEtleSxcclxuICAgICAgd3JhcHBlZEtleXM6IHdyYXBwZWRDb250ZW50LndyYXBwZWRLZXlzLFxyXG4gICAgICBkb3VibGVXcmFwcGVkS2V5OiB3cmFwcGVkQ29udGVudC5jaXBoZXJNZXRhLFxyXG4gICAgICBjaXBoZXJNZXRhOiBzZWN1cmVDb250ZW50XHJcbiAgICAgICAgPyBKU09OLnN0cmluZ2lmeShcclxuICAgICAgICAgICAgYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KGtleSwgc2VjdXJlQ29udGVudClcclxuICAgICAgICAgIClcclxuICAgICAgICA6IG51bGwsXHJcbiAgICAgIGNpcGhlckZpbGVDb250ZW50OiBmaWxlQ29udGVudFxyXG4gICAgICAgID8gSlNPTi5zdHJpbmdpZnkoYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KGtleSwgZmlsZUNvbnRlbnQpKVxyXG4gICAgICAgIDogbnVsbCxcclxuICAgIH07XHJcbiAgfVxyXG5cclxuICBhc3luYyByZVdyYXBDb250ZW50KGtleUlkOiBzdHJpbmcsIHNlY3VyZUNvbnRlbnQ6IGFueSkge1xyXG4gICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5rZXlHcmFwaC5nZXRKd2tLZXkoa2V5SWQpO1xyXG4gICAgY29uc3QgbmV3S2V5ID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZUtleSgpO1xyXG5cclxuICAgIHJldHVybiB7XHJcbiAgICAgIGRvdWJsZVdyYXBwZWRLZXk6IEpTT04uc3RyaW5naWZ5KFxyXG4gICAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChrZXksIG5ld0tleS50b0pTT04odHJ1ZSkpXHJcbiAgICAgICksXHJcbiAgICAgIGNpcGhlck1ldGE6IHNlY3VyZUNvbnRlbnRcclxuICAgICAgICA/IEpTT04uc3RyaW5naWZ5KFxyXG4gICAgICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQobmV3S2V5LCBzZWN1cmVDb250ZW50KVxyXG4gICAgICAgICAgKVxyXG4gICAgICAgIDogbnVsbCxcclxuICAgIH07XHJcbiAgfVxyXG5cclxuICBhc3luYyB3cmFwQ29udGVudChcclxuICAgIHNlY3VyZUNvbnRlbnQ6IGFueSxcclxuICAgIGNhdGVnb3J5SWRzPzogc3RyaW5nW11cclxuICApOiBQcm9taXNlPFdyYXBwZWRDb250ZW50PiB7XHJcbiAgICBjb25zdCBrZXkgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlS2V5KCk7XHJcblxyXG4gICAgbGV0IHdyYXBwZWRLZXlzOiBXcmFwcGluZ0tleVtdO1xyXG4gICAgbGV0IHJvb3RXcmFwcGluZ0tleTogV3JhcHBpbmdLZXk7XHJcblxyXG4gICAgaWYgKGNhdGVnb3J5SWRzICYmIGNhdGVnb3J5SWRzLmxlbmd0aCkge1xyXG4gICAgICB3cmFwcGVkS2V5cyA9IGF3YWl0IFByb21pc2UuYWxsKFxyXG4gICAgICAgIGNhdGVnb3J5SWRzLm1hcChhc3luYyAoY2F0ZWdvcnlJZCkgPT4ge1xyXG4gICAgICAgICAgY29uc3QgcGFyZW50S2V5ID0gYXdhaXQgdGhpcy5nZXRDYXRlZ29yeUtleUlkKGNhdGVnb3J5SWQpO1xyXG4gICAgICAgICAgY29uc3Qgd3JhcHBlZEtleSA9IEpTT04uc3RyaW5naWZ5KFxyXG4gICAgICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoXHJcbiAgICAgICAgICAgICAgcGFyZW50S2V5LmtleSxcclxuICAgICAgICAgICAgICBrZXkudG9KU09OKHRydWUpXHJcbiAgICAgICAgICAgIClcclxuICAgICAgICAgICk7XHJcbiAgICAgICAgICByZXR1cm4ge1xyXG4gICAgICAgICAgICBkaXJlY3RvcnlJZDogY2F0ZWdvcnlJZCxcclxuICAgICAgICAgICAgd3JhcHBpbmdLZXlJZDogcGFyZW50S2V5LmtleUlkLFxyXG4gICAgICAgICAgICB3cmFwcGVkS2V5LFxyXG4gICAgICAgICAgfTtcclxuICAgICAgICB9KVxyXG4gICAgICApO1xyXG4gICAgfSBlbHNlIHtcclxuICAgICAgLy8gQWRkaW5nIHRvIHJvb3QgZGlyZWN0b3J5XHJcbiAgICAgIGNvbnN0IHJvb3RLZXkgPSB0aGlzLmtleVNlcnZpY2UuZ2V0Q3VycmVudFJvb3RLZXkoKTtcclxuICAgICAgY29uc3Qgd3JhcHBlZEtleSA9IEpTT04uc3RyaW5naWZ5KFxyXG4gICAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChyb290S2V5Lmp3aywga2V5LnRvSlNPTih0cnVlKSlcclxuICAgICAgKTtcclxuICAgICAgcm9vdFdyYXBwaW5nS2V5ID0ge1xyXG4gICAgICAgIHdyYXBwaW5nS2V5SWQ6IHJvb3RLZXkuaWQsXHJcbiAgICAgICAgd3JhcHBlZEtleSxcclxuICAgICAgfTtcclxuICAgIH1cclxuXHJcbiAgICByZXR1cm4ge1xyXG4gICAgICBrZXksXHJcbiAgICAgIHJvb3RLZXk6IHJvb3RXcmFwcGluZ0tleSxcclxuICAgICAgd3JhcHBlZEtleXMsXHJcbiAgICAgIGNpcGhlck1ldGE6IHNlY3VyZUNvbnRlbnRcclxuICAgICAgICA/IEpTT04uc3RyaW5naWZ5KFxyXG4gICAgICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoa2V5LCBzZWN1cmVDb250ZW50KVxyXG4gICAgICAgICAgKVxyXG4gICAgICAgIDogbnVsbCxcclxuICAgIH07XHJcbiAgfVxyXG5cclxuICBhc3luYyB3cmFwQ29udGVudFdpdGhLZXkoXHJcbiAgICBzZWN1cmVDb250ZW50OiBhbnksXHJcbiAgICBrZXlJZDogc3RyaW5nXHJcbiAgKTogUHJvbWlzZTxXcmFwcGVkQ29udGVudD4ge1xyXG4gICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZUtleSgpO1xyXG5cclxuICAgIGNvbnN0IHdyYXBwZWRLZXkgPSBhd2FpdCB0aGlzLmtleUdyYXBoLmVuY3J5cHRUb1N0cmluZyhcclxuICAgICAga2V5SWQsXHJcbiAgICAgIGtleS50b0pTT04odHJ1ZSlcclxuICAgICk7XHJcblxyXG4gICAgcmV0dXJuIHtcclxuICAgICAga2V5LFxyXG4gICAgICByb290S2V5OiB7XHJcbiAgICAgICAgd3JhcHBpbmdLZXlJZDoga2V5SWQsXHJcbiAgICAgICAgd3JhcHBlZEtleSxcclxuICAgICAgfSxcclxuICAgICAgY2lwaGVyTWV0YTogc2VjdXJlQ29udGVudFxyXG4gICAgICAgID8gSlNPTi5zdHJpbmdpZnkoXHJcbiAgICAgICAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChrZXksIHNlY3VyZUNvbnRlbnQpXHJcbiAgICAgICAgICApXHJcbiAgICAgICAgOiBudWxsLFxyXG4gICAgfTtcclxuICB9XHJcblxyXG4gIHByaXZhdGUgYXN5bmMgZ2V0Q2F0ZWdvcnlLZXlJZChcclxuICAgIGNhdGVnb3J5SWQ6IHN0cmluZ1xyXG4gICk6IFByb21pc2U8eyBrZXlJZDogc3RyaW5nOyBrZXk6IGFueSB9PiB7XHJcbiAgICBjb25zdCB7IGNhdGVnb3J5IH0gPSBhd2FpdCB0aGlzLmxyQXBvbGxvLnF1ZXJ5PGFueT4oe1xyXG4gICAgICBxdWVyeTogR2V0Q2F0ZWdvcnlLZXlJZFF1ZXJ5LFxyXG4gICAgICB2YXJpYWJsZXM6IHtcclxuICAgICAgICBpZDogY2F0ZWdvcnlJZCxcclxuICAgICAgfSxcclxuICAgIH0pO1xyXG5cclxuICAgIHJldHVybiB7XHJcbiAgICAgIGtleUlkOiBjYXRlZ29yeS5rZXlJZCxcclxuICAgICAga2V5OiBhd2FpdCB0aGlzLmtleUdyYXBoLmdldEp3a0tleShjYXRlZ29yeS5rZXlJZCksXHJcbiAgICB9O1xyXG4gIH1cclxufVxyXG4iXX0=