@lifeready/core 1.0.12 → 1.0.15

package/esm2015/lib/cryptography/key-graph.service.js

@@ -1,299 +1,299 @@
-import { __awaiter } from "tslib";
-import { Injectable } from '@angular/core';
-import graphlib, { Graph } from '@dagrejs/graphlib';
-import _ from 'lodash';
-import { LrException, LrEncryptionException, LrNotFoundException, LrBadArgumentException, } from '../_common/exceptions';
-import { EdgeType, NodeType, } from './cryptography.types';
-import { asJwk, EncryptionService, isSymmetricKey, } from './encryption.service';
-import { KeyFactoryService, KeyFactoryService as KFS, } from './key-factory.service';
-import { KeyService } from './key.service';
-import * as i0 from "@angular/core";
-import * as i1 from "./encryption.service";
-import * as i2 from "./key.service";
-import * as i3 from "./key-factory.service";
-export class KeyGraphService {
-    // private keyCache: {
-    //   [id: string]: Key;
-    // };
-    constructor(encryptionService, keyService, keyFactory) {
-        this.encryptionService = encryptionService;
-        this.keyService = keyService;
-        this.keyFactory = keyFactory;
-        this.purgeKeys();
-    }
-    purgeKeys() {
-        this.graph = new Graph();
-        // this.keyCache = null;
-    }
-    populateKeys(userKey) {
-        return __awaiter(this, void 0, void 0, function* () {
-            this.keyService.populateKeys({
-                passKey: userKey.passKey,
-                masterKey: yield this.keyService.loadMasterKey(userKey.masterKey.id),
-                rootKey: yield this.unwrapKey(userKey.masterKey.id, userKey.rootKey.id),
-                pxk: yield this.unwrapKey(userKey.masterKey.id, userKey.pxk.id),
-                sigPxk: yield this.unwrapKey(userKey.masterKey.id, userKey.sigPxk.id),
-            });
-        });
-    }
-    hasKey(keyId) {
-        return !!this.graph.node(keyId);
-    }
-    getNode(id, type) {
-        const node = this.graph.node(id);
-        if (!node) {
-            throw new LrNotFoundException(`Key graphs does not contain key id: ${id}`);
-        }
-        if (node.type !== type) {
-            throw new LrException({
-                message: `Key with id ${id} is not of type ${type}`,
-            });
-        }
-        return node.data;
-    }
-    key(id) {
-        return this.getNode(id, NodeType.Key);
-    }
-    passKey(id) {
-        return this.getNode(id, NodeType.PassKey);
-    }
-    addKeys(src) {
-        // Keys
-        if (src.keys) {
-            // What key graph returns can not be customized. So keys are essentially immutable.
-            // Therefore, if a key exists, there's no reason to update it.
-            for (const key of src.keys) {
-                // Note using Relay global id allows us to not worry about clashing node id
-                if (this.graph.hasNode(key.id)) {
-                    continue;
-                }
-                const node = {
-                    type: NodeType.Key,
-                    data: _.cloneDeep(key),
-                };
-                this.graph.setNode(key.id, node);
-            }
-        }
-        // KeyLinks
-        if (src.keyLinks) {
-            for (const keyLink of src.keyLinks) {
-                if (this.graph.hasEdge(keyLink.wrappingKeyId, keyLink.keyId)) {
-                    continue;
-                }
-                const edge = {
-                    type: EdgeType.KeyLink,
-                    data: _.cloneDeep(keyLink),
-                };
-                // Edge goes from wrapping key to wrapped key.
-                this.graph.setEdge(keyLink.wrappingKeyId, keyLink.keyId, edge);
-            }
-        }
-        // PassKeyLinks
-        if (src.passKeyLinks) {
-            for (const passKeyLink of src.passKeyLinks) {
-                if (this.graph.hasEdge(passKeyLink.passKeyId, passKeyLink.keyId)) {
-                    continue;
-                }
-                const edge = {
-                    type: EdgeType.PassKeyLink,
-                    data: _.cloneDeep(passKeyLink),
-                };
-                // Edge goes from wrapping key to wrapped key.
-                this.graph.setEdge(passKeyLink.passKeyId, passKeyLink.keyId, edge);
-            }
-        }
-        // The graph is the single source of truth. These are lazily calculated.
-        // this.keyCache = null;
-    }
-    tracePath(distances, keyId) {
-        // The node label is the same as the id of the key nodes.
-        const ret = [];
-        let node = keyId;
-        if (!distances[node].predecessor) {
-            return null;
-        }
-        while (distances[node].predecessor) {
-            const child = distances[node].predecessor;
-            ret.push(this.graph.edge(child, node));
-            node = child;
-        }
-        // After reverse, the first element is the passkey
-        ret.reverse();
-        return ret;
-    }
-    getPath(knownKeyId, keyId) {
-        if (!knownKeyId || typeof knownKeyId !== 'string') {
-            throw new LrEncryptionException(`Param knownKeyId wrong format: ${knownKeyId}`);
-        }
-        if (!keyId || typeof keyId !== 'string') {
-            throw new LrEncryptionException(`Param keyId wrong format: ${keyId}`);
-        }
-        // => { A: { distance: 0 },
-        //      B: { distance: 6, predecessor: 'C' },
-        //      C: { distance: 4, predecessor: 'A' },
-        //      D: { distance: 2, predecessor: 'A' },
-        //      E: { distance: 8, predecessor: 'F' },
-        //      F: { distance: 4, predecessor: 'D' } }
-        const distances = graphlib.alg.dijkstra(this.graph, knownKeyId);
-        // Trace path from keyId to knownKeyId
-        return this.tracePath(distances, keyId);
-    }
-    getJwkKey(keyOrId, getKeyIdCallback) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return (yield this.getKey(keyOrId, getKeyIdCallback)).jwk;
-        });
-    }
-    // We assume that when a keyId is fetched, the key graph
-    // for the key is also returned and merged into the client-side
-    // key graph. By insisting a keyId is returned instead of the
-    // actual key we ensure key-graph is consistent.
-    getKey(keyOrId, getKeyIdCallback) {
-        return __awaiter(this, void 0, void 0, function* () {
-            let keyId = typeof keyOrId === 'string' ? keyOrId : keyOrId === null || keyOrId === void 0 ? void 0 : keyOrId.id;
-            if (!this.hasKey(keyId) && getKeyIdCallback) {
-                keyId = yield getKeyIdCallback();
-            }
-            // else, continue and let it fail.
-            const key = this.key(keyId);
-            if (key.jwk) {
-                return key;
-            }
-            else {
-                return this.unwrapKey(this.keyService.getCurrentMasterKey().id, keyId);
-            }
-        });
-    }
-    _unwrapLink(wrappingKey, link, dstKey) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // console.log("_unwrapLink:", link.data.keyId);
-            const wrappedKey = JSON.parse(link.data.wrappedKey);
-            // Signatures of keys contain the key itself. This way we only need
-            // to access the KeyLinks to decrypt/verify keys.
-            let nextRawKey;
-            if (wrappedKey.signatures) {
-                nextRawKey = yield this.encryptionService.verify(wrappingKey, wrappedKey);
-            }
-            else {
-                nextRawKey = yield this.encryptionService.decrypt(wrappingKey, wrappedKey);
-            }
-            dstKey.jwk = yield KFS.asKey(nextRawKey);
-            dstKey.task = null;
-        });
-    }
-    _unwrap(key, path) {
-        return __awaiter(this, void 0, void 0, function* () {
-            for (const link of path) {
-                const dstKey = this.key(link.data.keyId);
-                // console.log("key: ", link.data.keyId);
-                if (dstKey.jwk) {
-                    key = dstKey.jwk;
-                    // console.log("Returning cached key: ", link.data.keyId);
-                    continue;
-                }
-                if (!dstKey.task) {
-                    dstKey.task = this._unwrapLink(key, link, dstKey);
-                }
-                yield dstKey.task;
-                key = dstKey.jwk;
-            }
-            return key;
-        });
-    }
-    unwrapWithPassKey(passKeyId, passKey, keyId) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Get path of the directory key.
-            const path = this.getPath(passKeyId, keyId);
-            return {
-                id: keyId,
-                jwk: yield this._unwrap(passKey, path),
-            };
-        });
-    }
-    unwrapKey(masterKeyId, keyId) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // The first key should be a masterKey
-            const masterKey = yield this.keyService.loadMasterKey(masterKeyId);
-            if (masterKeyId === keyId) {
-                return masterKey;
-            }
-            // Get path of the directory key.
-            const path = this.getPath(masterKey.id, keyId);
-            return {
-                id: keyId,
-                jwk: yield this._unwrap(masterKey.jwk, path),
-            };
-        });
-    }
-    decryptFromString(keyOrId, cipherData, options) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (cipherData) {
-                const key = yield this.getJwkKey(keyOrId);
-                return (yield this.encryptionService.decrypt(key, JSON.parse(cipherData), options));
-            }
-            return null;
-        });
-    }
-    decryptFile(keyId, file) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const key = yield this.getJwkKey(keyId);
-            return (yield this.encryptionService.decrypt(key, file, {
-                payloadType: 'ArrayBuffer',
-            }));
-        });
-    }
-    // TODO rename this to encrypt() and use as the most common usecase
-    encryptToString(key, content) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Empty string should be encrypted since you want to clear the field.
-            // Null is not encrypted because it's not valid JSON in the old JSON spec. Use
-            // empty string instead. It'll function as a logic false as well.
-            // Note that passing in empty string means it'll be encrypted which verifies
-            // it's integrity. But we still want to have a way to set the DB field
-            // to NULL, so we explicitly return null when content == null. A null
-            // variable in graphql mutation on KC server clears the field to NULL.
-            if (content == null) {
-                return null;
-            }
-            const jwk = asJwk(key) || (yield this.getJwkKey(key));
-            return this.encryptionService.encryptToString(jwk, content);
-        });
-    }
-    // Wraps a symmetric encryption key.
-    // Throws exception if wrapping public keys.
-    wrapKey(wrappingKey, key) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!isSymmetricKey(key)) {
-                throw new LrBadArgumentException('Only allowing wrapping of symmetric keys.');
-            }
-            return this.encryptToString(wrappingKey, key.toJSON(true));
-        });
-    }
-    // TODO
-    // async wrapPublicKey<T>();
-    // async wrapPrivateKey<T>();
-    encryptWithNewKey(wrappingKeyId, cipherClearJson) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const key = yield this.keyFactory.createKey();
-            const wrappedKey = yield this.encryptToString(wrappingKeyId, key.toJSON(true));
-            const cipher = yield this.encryptToString(key, cipherClearJson);
-            return {
-                key,
-                wrappingKeyId,
-                wrappedKey,
-                cipher,
-            };
-        });
-    }
-}
-KeyGraphService.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyGraphService_Factory() { return new KeyGraphService(i0.ɵɵinject(i1.EncryptionService), i0.ɵɵinject(i2.KeyService), i0.ɵɵinject(i3.KeyFactoryService)); }, token: KeyGraphService, providedIn: "root" });
-KeyGraphService.decorators = [
-    { type: Injectable, args: [{
-                providedIn: 'root',
-            },] }
-];
-KeyGraphService.ctorParameters = () => [
-    { type: EncryptionService },
-    { type: KeyService },
-    { type: KeyFactoryService }
-];
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LWdyYXBoLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiL29wdC9hdGxhc3NpYW4vcGlwZWxpbmVzL2FnZW50L2J1aWxkL3Byb2plY3RzL2NvcmUvc3JjLyIsInNvdXJjZXMiOlsibGliL2NyeXB0b2dyYXBoeS9rZXktZ3JhcGguc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUMzQyxPQUFPLFFBQVEsRUFBRSxFQUFFLEtBQUssRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQ3BELE9BQU8sQ0FBQyxNQUFNLFFBQVEsQ0FBQztBQUd2QixPQUFPLEVBQ0wsV0FBVyxFQUNYLHFCQUFxQixFQUNyQixtQkFBbUIsRUFDbkIsc0JBQXNCLEdBQ3ZCLE1BQU0sdUJBQXVCLENBQUM7QUFDL0IsT0FBTyxFQUVMLFFBQVEsRUFJUixRQUFRLEdBRVQsTUFBTSxzQkFBc0IsQ0FBQztBQUM5QixPQUFPLEVBQ0wsS0FBSyxFQUVMLGlCQUFpQixFQUNqQixjQUFjLEdBQ2YsTUFBTSxzQkFBc0IsQ0FBQztBQUM5QixPQUFPLEVBQ0wsaUJBQWlCLEVBQ2pCLGlCQUFpQixJQUFJLEdBQUcsR0FDekIsTUFBTSx1QkFBdUIsQ0FBQztBQUMvQixPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sZUFBZSxDQUFDOzs7OztBQVMzQyxNQUFNLE9BQU8sZUFBZTtJQUUxQixzQkFBc0I7SUFDdEIsdUJBQXVCO0lBQ3ZCLEtBQUs7SUFFTCxZQUNVLGlCQUFvQyxFQUNwQyxVQUFzQixFQUN0QixVQUE2QjtRQUY3QixzQkFBaUIsR0FBakIsaUJBQWlCLENBQW1CO1FBQ3BDLGVBQVUsR0FBVixVQUFVLENBQVk7UUFDdEIsZUFBVSxHQUFWLFVBQVUsQ0FBbUI7UUFFckMsSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO0lBQ25CLENBQUM7SUFFRCxTQUFTO1FBQ1AsSUFBSSxDQUFDLEtBQUssR0FBRyxJQUFJLEtBQUssRUFBRSxDQUFDO1FBQ3pCLHdCQUF3QjtJQUMxQixDQUFDO0lBRUssWUFBWSxDQUFDLE9BQXVCOztZQUN4QyxJQUFJLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FBQztnQkFDM0IsT0FBTyxFQUFFLE9BQU8sQ0FBQyxPQUFPO2dCQUN4QixTQUFTLEVBQUUsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztnQkFDcEUsT0FBTyxFQUFFLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztnQkFDdkUsR0FBRyxFQUFFLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFBRSxPQUFPLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDL0QsTUFBTSxFQUFFLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFBRSxPQUFPLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQzthQUN0RSxDQUFDLENBQUM7UUFDTCxDQUFDO0tBQUE7SUFFRCxNQUFNLENBQUMsS0FBYTtRQUNsQixPQUFPLENBQUMsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUNsQyxDQUFDO0lBRU8sT0FBTyxDQUFDLEVBQUUsRUFBRSxJQUFJO1FBQ3RCLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ2pDLElBQUksQ0FBQyxJQUFJLEVBQUU7WUFDVCxNQUFNLElBQUksbUJBQW1CLENBQzNCLHVDQUF1QyxFQUFFLEVBQUUsQ0FDNUMsQ0FBQztTQUNIO1FBQ0QsSUFBSSxJQUFJLENBQUMsSUFBSSxLQUFLLElBQUksRUFBRTtZQUN0QixNQUFNLElBQUksV0FBVyxDQUFDO2dCQUNwQixPQUFPLEVBQUUsZUFBZSxFQUFFLG1CQUFtQixJQUFJLEVBQUU7YUFDcEQsQ0FBQyxDQUFDO1NBQ0o7UUFDRCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUM7SUFDbkIsQ0FBQztJQUVELEdBQUcsQ0FBQyxFQUFFO1FBQ0osT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDLEVBQUUsRUFBRSxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVELE9BQU8sQ0FBQyxFQUFFO1FBQ1IsT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDLEVBQUUsRUFBRSxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDNUMsQ0FBQztJQUVELE9BQU8sQ0FBQyxHQUFxQjtRQUMzQixPQUFPO1FBQ1AsSUFBSSxHQUFHLENBQUMsSUFBSSxFQUFFO1lBQ1osbUZBQW1GO1lBQ25GLDhEQUE4RDtZQUM5RCxLQUFLLE1BQU0sR0FBRyxJQUFJLEdBQUcsQ0FBQyxJQUFJLEVBQUU7Z0JBQzFCLDJFQUEyRTtnQkFDM0UsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEVBQUU7b0JBQzlCLFNBQVM7aUJBQ1Y7Z0JBRUQsTUFBTSxJQUFJLEdBQVM7b0JBQ2pCLElBQUksRUFBRSxRQUFRLENBQUMsR0FBRztvQkFDbEIsSUFBSSxFQUFFLENBQUMsQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDO2lCQUN2QixDQUFDO2dCQUVGLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxFQUFFLEVBQUUsSUFBSSxDQUFDLENBQUM7YUFDbEM7U0FDRjtRQUVELFdBQVc7UUFDWCxJQUFJLEdBQUcsQ0FBQyxRQUFRLEVBQUU7WUFDaEIsS0FBSyxNQUFNLE9BQU8sSUFBSSxHQUFHLENBQUMsUUFBUSxFQUFFO2dCQUNsQyxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQUUsT0FBTyxDQUFDLEtBQUssQ0FBQyxFQUFFO29CQUM1RCxTQUFTO2lCQUNWO2dCQUVELE1BQU0sSUFBSSxHQUFTO29CQUNqQixJQUFJLEVBQUUsUUFBUSxDQUFDLE9BQU87b0JBQ3RCLElBQUksRUFBRSxDQUFDLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQztpQkFDM0IsQ0FBQztnQkFDRiw4Q0FBOEM7Z0JBQzlDLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQUUsT0FBTyxDQUFDLEtBQUssRUFBRSxJQUFJLENBQUMsQ0FBQzthQUNoRTtTQUNGO1FBRUQsZUFBZTtRQUNmLElBQUksR0FBRyxDQUFDLFlBQVksRUFBRTtZQUNwQixLQUFLLE1BQU0sV0FBVyxJQUFJLEdBQUcsQ0FBQyxZQUFZLEVBQUU7Z0JBQzFDLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLFNBQVMsRUFBRSxXQUFXLENBQUMsS0FBSyxDQUFDLEVBQUU7b0JBQ2hFLFNBQVM7aUJBQ1Y7Z0JBRUQsTUFBTSxJQUFJLEdBQVM7b0JBQ2pCLElBQUksRUFBRSxRQUFRLENBQUMsV0FBVztvQkFDMUIsSUFBSSxFQUFFLENBQUMsQ0FBQyxTQUFTLENBQUMsV0FBVyxDQUFDO2lCQUMvQixDQUFDO2dCQUNGLDhDQUE4QztnQkFDOUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLFNBQVMsRUFBRSxXQUFXLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDO2FBQ3BFO1NBQ0Y7UUFFRCx3RUFBd0U7UUFDeEUsd0JBQXdCO0lBQzFCLENBQUM7SUFFRCxTQUFTLENBQUMsU0FBUyxFQUFFLEtBQWE7UUFDaEMseURBQXlEO1FBQ3pELE1BQU0sR0FBRyxHQUFXLEVBQUUsQ0FBQztRQUN2QixJQUFJLElBQUksR0FBRyxLQUFLLENBQUM7UUFDakIsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxXQUFXLEVBQUU7WUFDaEMsT0FBTyxJQUFJLENBQUM7U0FDYjtRQUVELE9BQU8sU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDLFdBQVcsRUFBRTtZQUNsQyxNQUFNLEtBQUssR0FBRyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUMsV0FBVyxDQUFDO1lBQzFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDLENBQUM7WUFDdkMsSUFBSSxHQUFHLEtBQUssQ0FBQztTQUNkO1FBRUQsa0RBQWtEO1FBQ2xELEdBQUcsQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUVkLE9BQU8sR0FBRyxDQUFDO0lBQ2IsQ0FBQztJQUVELE9BQU8sQ0FBQyxVQUFrQixFQUFFLEtBQWE7UUFDdkMsSUFBSSxDQUFDLFVBQVUsSUFBSSxPQUFPLFVBQVUsS0FBSyxRQUFRLEVBQUU7WUFDakQsTUFBTSxJQUFJLHFCQUFxQixDQUM3QixrQ0FBa0MsVUFBVSxFQUFFLENBQy9DLENBQUM7U0FDSDtRQUNELElBQUksQ0FBQyxLQUFLLElBQUksT0FBTyxLQUFLLEtBQUssUUFBUSxFQUFFO1lBQ3ZDLE1BQU0sSUFBSSxxQkFBcUIsQ0FBQyw2QkFBNkIsS0FBSyxFQUFFLENBQUMsQ0FBQztTQUN2RTtRQUVELDJCQUEyQjtRQUMzQiw2Q0FBNkM7UUFDN0MsNkNBQTZDO1FBQzdDLDZDQUE2QztRQUM3Qyw2Q0FBNkM7UUFDN0MsOENBQThDO1FBQzlDLE1BQU0sU0FBUyxHQUFHLFFBQVEsQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxLQUFLLEVBQUUsVUFBVSxDQUFDLENBQUM7UUFFaEUsc0NBQXNDO1FBQ3RDLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxTQUFTLEVBQUUsS0FBSyxDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVLLFNBQVMsQ0FDYixPQUFxQixFQUNyQixnQkFBaUQ7O1lBRWpELE9BQU8sQ0FBQyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxFQUFFLGdCQUFnQixDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUM7UUFDNUQsQ0FBQztLQUFBO0lBRUQsd0RBQXdEO0lBQ3hELCtEQUErRDtJQUMvRCw2REFBNkQ7SUFDN0QsZ0RBQWdEO0lBQzFDLE1BQU0sQ0FDVixPQUFxQixFQUNyQixnQkFBaUQ7O1lBRWpELElBQUksS0FBSyxHQUFHLE9BQU8sT0FBTyxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxPQUFPLGFBQVAsT0FBTyx1QkFBUCxPQUFPLENBQUUsRUFBRSxDQUFDO1lBRWhFLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLGdCQUFnQixFQUFFO2dCQUMzQyxLQUFLLEdBQUcsTUFBTSxnQkFBZ0IsRUFBRSxDQUFDO2FBQ2xDO1lBQ0Qsa0NBQWtDO1lBRWxDLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDNUIsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFO2dCQUNYLE9BQU8sR0FBRyxDQUFDO2FBQ1o7aUJBQU07Z0JBQ0wsT0FBTyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsbUJBQW1CLEVBQUUsQ0FBQyxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7YUFDeEU7UUFDSCxDQUFDO0tBQUE7SUFFYSxXQUFXLENBQUMsV0FBVyxFQUFFLElBQUksRUFBRSxNQUFNOztZQUNqRCxnREFBZ0Q7WUFDaEQsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBQ3BELG1FQUFtRTtZQUNuRSxpREFBaUQ7WUFDakQsSUFBSSxVQUFVLENBQUM7WUFDZixJQUFJLFVBQVUsQ0FBQyxVQUFVLEVBQUU7Z0JBQ3pCLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLENBQUMsV0FBVyxFQUFFLFVBQVUsQ0FBQyxDQUFDO2FBQzNFO2lCQUFNO2dCQUNMLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQy9DLFdBQVcsRUFDWCxVQUFVLENBQ1gsQ0FBQzthQUNIO1lBQ0QsTUFBTSxDQUFDLEdBQUcsR0FBRyxNQUFNLEdBQUcsQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLENBQUM7WUFDekMsTUFBTSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUM7UUFDckIsQ0FBQztLQUFBO0lBRWEsT0FBTyxDQUFDLEdBQVksRUFBRSxJQUFZOztZQUM5QyxLQUFLLE1BQU0sSUFBSSxJQUFJLElBQUksRUFBRTtnQkFDdkIsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDO2dCQUN6Qyx5Q0FBeUM7Z0JBQ3pDLElBQUksTUFBTSxDQUFDLEdBQUcsRUFBRTtvQkFDZCxHQUFHLEdBQUcsTUFBTSxDQUFDLEdBQUcsQ0FBQztvQkFDakIsMERBQTBEO29CQUMxRCxTQUFTO2lCQUNWO2dCQUVELElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFO29CQUNoQixNQUFNLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxFQUFFLElBQUksRUFBRSxNQUFNLENBQUMsQ0FBQztpQkFDbkQ7Z0JBRUQsTUFBTSxNQUFNLENBQUMsSUFBSSxDQUFDO2dCQUNsQixHQUFHLEdBQUcsTUFBTSxDQUFDLEdBQUcsQ0FBQzthQUNsQjtZQUVELE9BQU8sR0FBRyxDQUFDO1FBQ2IsQ0FBQztLQUFBO0lBRVksaUJBQWlCLENBQzVCLFNBQWlCLEVBQ2pCLE9BQWdCLEVBQ2hCLEtBQWE7O1lBRWIsaUNBQWlDO1lBQ2pDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLEtBQUssQ0FBQyxDQUFDO1lBRTVDLE9BQU87Z0JBQ0wsRUFBRSxFQUFFLEtBQUs7Z0JBQ1QsR0FBRyxFQUFFLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDO2FBQ3ZDLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFSyxTQUFTLENBQUMsV0FBbUIsRUFBRSxLQUFhOztZQUNoRCxzQ0FBc0M7WUFDdEMsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQyxXQUFXLENBQUMsQ0FBQztZQUVuRSxJQUFJLFdBQVcsS0FBSyxLQUFLLEVBQUU7Z0JBQ3pCLE9BQU8sU0FBUyxDQUFDO2FBQ2xCO1lBRUQsaUNBQWlDO1lBQ2pDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFBRSxLQUFLLENBQUMsQ0FBQztZQUUvQyxPQUFPO2dCQUNMLEVBQUUsRUFBRSxLQUFLO2dCQUNULEdBQUcsRUFBRSxNQUFNLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEdBQUcsRUFBRSxJQUFJLENBQUM7YUFDN0MsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVLLGlCQUFpQixDQUNyQixPQUFxQixFQUNyQixVQUFrQixFQUNsQixPQUF3Qjs7WUFFeEIsSUFBSSxVQUFVLEVBQUU7Z0JBQ2QsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxDQUFDO2dCQUMxQyxPQUFPLENBQUMsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUMxQyxHQUFHLEVBQ0gsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsRUFDdEIsT0FBTyxDQUNSLENBQVEsQ0FBQzthQUNYO1lBQ0QsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO0tBQUE7SUFFSyxXQUFXLENBQUMsS0FBYSxFQUFFLElBQVM7O1lBQ3hDLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUN4QyxPQUFPLENBQUMsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLEdBQUcsRUFBRSxJQUFJLEVBQUU7Z0JBQ3RELFdBQVcsRUFBRSxhQUFhO2FBQzNCLENBQUMsQ0FBUSxDQUFDO1FBQ2IsQ0FBQztLQUFBO0lBRUQsbUVBQW1FO0lBQzdELGVBQWUsQ0FDbkIsR0FBMkIsRUFDM0IsT0FBWTs7WUFFWixzRUFBc0U7WUFDdEUsOEVBQThFO1lBQzlFLGlFQUFpRTtZQUNqRSw0RUFBNEU7WUFDNUUsc0VBQXNFO1lBQ3RFLHFFQUFxRTtZQUNyRSxzRUFBc0U7WUFDdEUsSUFBSSxPQUFPLElBQUksSUFBSSxFQUFFO2dCQUNuQixPQUFPLElBQUksQ0FBQzthQUNiO1lBRUQsTUFBTSxHQUFHLEdBQUcsS0FBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLEdBQW1CLENBQUMsQ0FBQyxDQUFDO1lBQ3RFLE9BQU8sSUFBSSxDQUFDLGlCQUFpQixDQUFDLGVBQWUsQ0FBQyxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDOUQsQ0FBQztLQUFBO0lBRUQsb0NBQW9DO0lBQ3BDLDRDQUE0QztJQUN0QyxPQUFPLENBQ1gsV0FBbUMsRUFDbkMsR0FBWTs7WUFFWixJQUFJLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxFQUFFO2dCQUN4QixNQUFNLElBQUksc0JBQXNCLENBQzlCLDJDQUEyQyxDQUM1QyxDQUFDO2FBQ0g7WUFFRCxPQUFPLElBQUksQ0FBQyxlQUFlLENBQUMsV0FBVyxFQUFFLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztRQUM3RCxDQUFDO0tBQUE7SUFFRCxPQUFPO0lBQ1AsNEJBQTRCO0lBQzVCLDZCQUE2QjtJQUV2QixpQkFBaUIsQ0FBQyxhQUFxQixFQUFFLGVBQW9COztZQUNqRSxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDOUMsTUFBTSxVQUFVLEdBQUcsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUMzQyxhQUFhLEVBQ2IsR0FBRyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDakIsQ0FBQztZQUNGLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLEVBQUUsZUFBZSxDQUFDLENBQUM7WUFFaEUsT0FBTztnQkFDTCxHQUFHO2dCQUNILGFBQWE7Z0JBQ2IsVUFBVTtnQkFDVixNQUFNO2FBQ1AsQ0FBQztRQUNKLENBQUM7S0FBQTs7OztZQTdVRixVQUFVLFNBQUM7Z0JBQ1YsVUFBVSxFQUFFLE1BQU07YUFDbkI7OztZQWZDLGlCQUFpQjtZQU9WLFVBQVU7WUFIakIsaUJBQWlCIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgSW5qZWN0YWJsZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xuaW1wb3J0IGdyYXBobGliLCB7IEdyYXBoIH0gZnJvbSAnQGRhZ3JlanMvZ3JhcGhsaWInO1xuaW1wb3J0IF8gZnJvbSAnbG9kYXNoJztcbmltcG9ydCB7IEpXSyB9IGZyb20gJ25vZGUtam9zZSc7XG5pbXBvcnQgeyBDdXJyZW50VXNlcktleSB9IGZyb20gJy4uL3VzZXJzL3Byb2ZpbGUudHlwZXMnO1xuaW1wb3J0IHtcbiAgTHJFeGNlcHRpb24sXG4gIExyRW5jcnlwdGlvbkV4Y2VwdGlvbixcbiAgTHJOb3RGb3VuZEV4Y2VwdGlvbixcbiAgTHJCYWRBcmd1bWVudEV4Y2VwdGlvbixcbn0gZnJvbSAnLi4vX2NvbW1vbi9leGNlcHRpb25zJztcbmltcG9ydCB7XG4gIEVkZ2UsXG4gIEVkZ2VUeXBlLFxuICBLZXksXG4gIEtleUdyYXBoUmVzcG9uc2UsXG4gIE5vZGUsXG4gIE5vZGVUeXBlLFxuICBQYXNzS2V5LFxufSBmcm9tICcuL2NyeXB0b2dyYXBoeS50eXBlcyc7XG5pbXBvcnQge1xuICBhc0p3ayxcbiAgRGVjcnlwdE9wdGlvbnMsXG4gIEVuY3J5cHRpb25TZXJ2aWNlLFxuICBpc1N5bW1ldHJpY0tleSxcbn0gZnJvbSAnLi9lbmNyeXB0aW9uLnNlcnZpY2UnO1xuaW1wb3J0IHtcbiAgS2V5RmFjdG9yeVNlcnZpY2UsXG4gIEtleUZhY3RvcnlTZXJ2aWNlIGFzIEtGUyxcbn0gZnJvbSAnLi9rZXktZmFjdG9yeS5zZXJ2aWNlJztcbmltcG9ydCB7IEtleVNlcnZpY2UgfSBmcm9tICcuL2tleS5zZXJ2aWNlJztcblxuZXhwb3J0IGludGVyZmFjZSBHcmFwaEtleSBleHRlbmRzIEtleSB7XG4gIHRhc2s/OiBQcm9taXNlPGFueT47XG59XG5cbkBJbmplY3RhYmxlKHtcbiAgcHJvdmlkZWRJbjogJ3Jvb3QnLFxufSlcbmV4cG9ydCBjbGFzcyBLZXlHcmFwaFNlcnZpY2Uge1xuICBwcml2YXRlIGdyYXBoOiBHcmFwaDtcbiAgLy8gcHJpdmF0ZSBrZXlDYWNoZToge1xuICAvLyAgIFtpZDogc3RyaW5nXTogS2V5O1xuICAvLyB9O1xuXG4gIGNvbnN0cnVjdG9yKFxuICAgIHByaXZhdGUgZW5jcnlwdGlvblNlcnZpY2U6IEVuY3J5cHRpb25TZXJ2aWNlLFxuICAgIHByaXZhdGUga2V5U2VydmljZTogS2V5U2VydmljZSxcbiAgICBwcml2YXRlIGtleUZhY3Rvcnk6IEtleUZhY3RvcnlTZXJ2aWNlXG4gICkge1xuICAgIHRoaXMucHVyZ2VLZXlzKCk7XG4gIH1cblxuICBwdXJnZUtleXMoKSB7XG4gICAgdGhpcy5ncmFwaCA9IG5ldyBHcmFwaCgpO1xuICAgIC8vIHRoaXMua2V5Q2FjaGUgPSBudWxsO1xuICB9XG5cbiAgYXN5bmMgcG9wdWxhdGVLZXlzKHVzZXJLZXk6IEN1cnJlbnRVc2VyS2V5KSB7XG4gICAgdGhpcy5rZXlTZXJ2aWNlLnBvcHVsYXRlS2V5cyh7XG4gICAgICBwYXNzS2V5OiB1c2VyS2V5LnBhc3NLZXksXG4gICAgICBtYXN0ZXJLZXk6IGF3YWl0IHRoaXMua2V5U2VydmljZS5sb2FkTWFzdGVyS2V5KHVzZXJLZXkubWFzdGVyS2V5LmlkKSxcbiAgICAgIHJvb3RLZXk6IGF3YWl0IHRoaXMudW53cmFwS2V5KHVzZXJLZXkubWFzdGVyS2V5LmlkLCB1c2VyS2V5LnJvb3RLZXkuaWQpLFxuICAgICAgcHhrOiBhd2FpdCB0aGlzLnVud3JhcEtleSh1c2VyS2V5Lm1hc3RlcktleS5pZCwgdXNlcktleS5weGsuaWQpLFxuICAgICAgc2lnUHhrOiBhd2FpdCB0aGlzLnVud3JhcEtleSh1c2VyS2V5Lm1hc3RlcktleS5pZCwgdXNlcktleS5zaWdQeGsuaWQpLFxuICAgIH0pO1xuICB9XG5cbiAgaGFzS2V5KGtleUlkOiBzdHJpbmcpIHtcbiAgICByZXR1cm4gISF0aGlzLmdyYXBoLm5vZGUoa2V5SWQpO1xuICB9XG5cbiAgcHJpdmF0ZSBnZXROb2RlKGlkLCB0eXBlKTogR3JhcGhLZXkgfCBQYXNzS2V5IHtcbiAgICBjb25zdCBub2RlID0gdGhpcy5ncmFwaC5ub2RlKGlkKTtcbiAgICBpZiAoIW5vZGUpIHtcbiAgICAgIHRocm93IG5ldyBMck5vdEZvdW5kRXhjZXB0aW9uKFxuICAgICAgICBgS2V5IGdyYXBocyBkb2VzIG5vdCBjb250YWluIGtleSBpZDogJHtpZH1gXG4gICAgICApO1xuICAgIH1cbiAgICBpZiAobm9kZS50eXBlICE9PSB0eXBlKSB7XG4gICAgICB0aHJvdyBuZXcgTHJFeGNlcHRpb24oe1xuICAgICAgICBtZXNzYWdlOiBgS2V5IHdpdGggaWQgJHtpZH0gaXMgbm90IG9mIHR5cGUgJHt0eXBlfWAsXG4gICAgICB9KTtcbiAgICB9XG4gICAgcmV0dXJuIG5vZGUuZGF0YTtcbiAgfVxuXG4gIGtleShpZCk6IEdyYXBoS2V5IHtcbiAgICByZXR1cm4gdGhpcy5nZXROb2RlKGlkLCBOb2RlVHlwZS5LZXkpO1xuICB9XG5cbiAgcGFzc0tleShpZCk6IFBhc3NLZXkge1xuICAgIHJldHVybiB0aGlzLmdldE5vZGUoaWQsIE5vZGVUeXBlLlBhc3NLZXkpO1xuICB9XG5cbiAgYWRkS2V5cyhzcmM6IEtleUdyYXBoUmVzcG9uc2UpIHtcbiAgICAvLyBLZXlzXG4gICAgaWYgKHNyYy5rZXlzKSB7XG4gICAgICAvLyBXaGF0IGtleSBncmFwaCByZXR1cm5zIGNhbiBub3QgYmUgY3VzdG9taXplZC4gU28ga2V5cyBhcmUgZXNzZW50aWFsbHkgaW1tdXRhYmxlLlxuICAgICAgLy8gVGhlcmVmb3JlLCBpZiBhIGtleSBleGlzdHMsIHRoZXJlJ3Mgbm8gcmVhc29uIHRvIHVwZGF0ZSBpdC5cbiAgICAgIGZvciAoY29uc3Qga2V5IG9mIHNyYy5rZXlzKSB7XG4gICAgICAgIC8vIE5vdGUgdXNpbmcgUmVsYXkgZ2xvYmFsIGlkIGFsbG93cyB1cyB0byBub3Qgd29ycnkgYWJvdXQgY2xhc2hpbmcgbm9kZSBpZFxuICAgICAgICBpZiAodGhpcy5ncmFwaC5oYXNOb2RlKGtleS5pZCkpIHtcbiAgICAgICAgICBjb250aW51ZTtcbiAgICAgICAgfVxuXG4gICAgICAgIGNvbnN0IG5vZGU6IE5vZGUgPSB7XG4gICAgICAgICAgdHlwZTogTm9kZVR5cGUuS2V5LFxuICAgICAgICAgIGRhdGE6IF8uY2xvbmVEZWVwKGtleSksXG4gICAgICAgIH07XG5cbiAgICAgICAgdGhpcy5ncmFwaC5zZXROb2RlKGtleS5pZCwgbm9kZSk7XG4gICAgICB9XG4gICAgfVxuXG4gICAgLy8gS2V5TGlua3NcbiAgICBpZiAoc3JjLmtleUxpbmtzKSB7XG4gICAgICBmb3IgKGNvbnN0IGtleUxpbmsgb2Ygc3JjLmtleUxpbmtzKSB7XG4gICAgICAgIGlmICh0aGlzLmdyYXBoLmhhc0VkZ2Uoa2V5TGluay53cmFwcGluZ0tleUlkLCBrZXlMaW5rLmtleUlkKSkge1xuICAgICAgICAgIGNvbnRpbnVlO1xuICAgICAgICB9XG5cbiAgICAgICAgY29uc3QgZWRnZTogRWRnZSA9IHtcbiAgICAgICAgICB0eXBlOiBFZGdlVHlwZS5LZXlMaW5rLFxuICAgICAgICAgIGRhdGE6IF8uY2xvbmVEZWVwKGtleUxpbmspLFxuICAgICAgICB9O1xuICAgICAgICAvLyBFZGdlIGdvZXMgZnJvbSB3cmFwcGluZyBrZXkgdG8gd3JhcHBlZCBrZXkuXG4gICAgICAgIHRoaXMuZ3JhcGguc2V0RWRnZShrZXlMaW5rLndyYXBwaW5nS2V5SWQsIGtleUxpbmsua2V5SWQsIGVkZ2UpO1xuICAgICAgfVxuICAgIH1cblxuICAgIC8vIFBhc3NLZXlMaW5rc1xuICAgIGlmIChzcmMucGFzc0tleUxpbmtzKSB7XG4gICAgICBmb3IgKGNvbnN0IHBhc3NLZXlMaW5rIG9mIHNyYy5wYXNzS2V5TGlua3MpIHtcbiAgICAgICAgaWYgKHRoaXMuZ3JhcGguaGFzRWRnZShwYXNzS2V5TGluay5wYXNzS2V5SWQsIHBhc3NLZXlMaW5rLmtleUlkKSkge1xuICAgICAgICAgIGNvbnRpbnVlO1xuICAgICAgICB9XG5cbiAgICAgICAgY29uc3QgZWRnZTogRWRnZSA9IHtcbiAgICAgICAgICB0eXBlOiBFZGdlVHlwZS5QYXNzS2V5TGluayxcbiAgICAgICAgICBkYXRhOiBfLmNsb25lRGVlcChwYXNzS2V5TGluayksXG4gICAgICAgIH07XG4gICAgICAgIC8vIEVkZ2UgZ29lcyBmcm9tIHdyYXBwaW5nIGtleSB0byB3cmFwcGVkIGtleS5cbiAgICAgICAgdGhpcy5ncmFwaC5zZXRFZGdlKHBhc3NLZXlMaW5rLnBhc3NLZXlJZCwgcGFzc0tleUxpbmsua2V5SWQsIGVkZ2UpO1xuICAgICAgfVxuICAgIH1cblxuICAgIC8vIFRoZSBncmFwaCBpcyB0aGUgc2luZ2xlIHNvdXJjZSBvZiB0cnV0aC4gVGhlc2UgYXJlIGxhemlseSBjYWxjdWxhdGVkLlxuICAgIC8vIHRoaXMua2V5Q2FjaGUgPSBudWxsO1xuICB9XG5cbiAgdHJhY2VQYXRoKGRpc3RhbmNlcywga2V5SWQ6IHN0cmluZyk6IEVkZ2VbXSB7XG4gICAgLy8gVGhlIG5vZGUgbGFiZWwgaXMgdGhlIHNhbWUgYXMgdGhlIGlkIG9mIHRoZSBrZXkgbm9kZXMuXG4gICAgY29uc3QgcmV0OiBFZGdlW10gPSBbXTtcbiAgICBsZXQgbm9kZSA9IGtleUlkO1xuICAgIGlmICghZGlzdGFuY2VzW25vZGVdLnByZWRlY2Vzc29yKSB7XG4gICAgICByZXR1cm4gbnVsbDtcbiAgICB9XG5cbiAgICB3aGlsZSAoZGlzdGFuY2VzW25vZGVdLnByZWRlY2Vzc29yKSB7XG4gICAgICBjb25zdCBjaGlsZCA9IGRpc3RhbmNlc1tub2RlXS5wcmVkZWNlc3NvcjtcbiAgICAgIHJldC5wdXNoKHRoaXMuZ3JhcGguZWRnZShjaGlsZCwgbm9kZSkpO1xuICAgICAgbm9kZSA9IGNoaWxkO1xuICAgIH1cblxuICAgIC8vIEFmdGVyIHJldmVyc2UsIHRoZSBmaXJzdCBlbGVtZW50IGlzIHRoZSBwYXNza2V5XG4gICAgcmV0LnJldmVyc2UoKTtcblxuICAgIHJldHVybiByZXQ7XG4gIH1cblxuICBnZXRQYXRoKGtub3duS2V5SWQ6IHN0cmluZywga2V5SWQ6IHN0cmluZyk6IEVkZ2VbXSB7XG4gICAgaWYgKCFrbm93bktleUlkIHx8IHR5cGVvZiBrbm93bktleUlkICE9PSAnc3RyaW5nJykge1xuICAgICAgdGhyb3cgbmV3IExyRW5jcnlwdGlvbkV4Y2VwdGlvbihcbiAgICAgICAgYFBhcmFtIGtub3duS2V5SWQgd3JvbmcgZm9ybWF0OiAke2tub3duS2V5SWR9YFxuICAgICAgKTtcbiAgICB9XG4gICAgaWYgKCFrZXlJZCB8fCB0eXBlb2Yga2V5SWQgIT09ICdzdHJpbmcnKSB7XG4gICAgICB0aHJvdyBuZXcgTHJFbmNyeXB0aW9uRXhjZXB0aW9uKGBQYXJhbSBrZXlJZCB3cm9uZyBmb3JtYXQ6ICR7a2V5SWR9YCk7XG4gICAgfVxuXG4gICAgLy8gPT4geyBBOiB7IGRpc3RhbmNlOiAwIH0sXG4gICAgLy8gICAgICBCOiB7IGRpc3RhbmNlOiA2LCBwcmVkZWNlc3NvcjogJ0MnIH0sXG4gICAgLy8gICAgICBDOiB7IGRpc3RhbmNlOiA0LCBwcmVkZWNlc3NvcjogJ0EnIH0sXG4gICAgLy8gICAgICBEOiB7IGRpc3RhbmNlOiAyLCBwcmVkZWNlc3NvcjogJ0EnIH0sXG4gICAgLy8gICAgICBFOiB7IGRpc3RhbmNlOiA4LCBwcmVkZWNlc3NvcjogJ0YnIH0sXG4gICAgLy8gICAgICBGOiB7IGRpc3RhbmNlOiA0LCBwcmVkZWNlc3NvcjogJ0QnIH0gfVxuICAgIGNvbnN0IGRpc3RhbmNlcyA9IGdyYXBobGliLmFsZy5kaWprc3RyYSh0aGlzLmdyYXBoLCBrbm93bktleUlkKTtcblxuICAgIC8vIFRyYWNlIHBhdGggZnJvbSBrZXlJZCB0byBrbm93bktleUlkXG4gICAgcmV0dXJuIHRoaXMudHJhY2VQYXRoKGRpc3RhbmNlcywga2V5SWQpO1xuICB9XG5cbiAgYXN5bmMgZ2V0SndrS2V5KFxuICAgIGtleU9ySWQ6IHN0cmluZyB8IEtleSxcbiAgICBnZXRLZXlJZENhbGxiYWNrPzogKCkgPT4gUHJvbWlzZTxzdHJpbmc+IHwgc3RyaW5nXG4gICk6IFByb21pc2U8SldLLktleT4ge1xuICAgIHJldHVybiAoYXdhaXQgdGhpcy5nZXRLZXkoa2V5T3JJZCwgZ2V0S2V5SWRDYWxsYmFjaykpLmp3aztcbiAgfVxuXG4gIC8vIFdlIGFzc3VtZSB0aGF0IHdoZW4gYSBrZXlJZCBpcyBmZXRjaGVkLCB0aGUga2V5IGdyYXBoXG4gIC8vIGZvciB0aGUga2V5IGlzIGFsc28gcmV0dXJuZWQgYW5kIG1lcmdlZCBpbnRvIHRoZSBjbGllbnQtc2lkZVxuICAvLyBrZXkgZ3JhcGguIEJ5IGluc2lzdGluZyBhIGtleUlkIGlzIHJldHVybmVkIGluc3RlYWQgb2YgdGhlXG4gIC8vIGFjdHVhbCBrZXkgd2UgZW5zdXJlIGtleS1ncmFwaCBpcyBjb25zaXN0ZW50LlxuICBhc3luYyBnZXRLZXkoXG4gICAga2V5T3JJZDogc3RyaW5nIHwgS2V5LFxuICAgIGdldEtleUlkQ2FsbGJhY2s/OiAoKSA9PiBQcm9taXNlPHN0cmluZz4gfCBzdHJpbmdcbiAgKTogUHJvbWlzZTxLZXk+IHtcbiAgICBsZXQga2V5SWQgPSB0eXBlb2Yga2V5T3JJZCA9PT0gJ3N0cmluZycgPyBrZXlPcklkIDoga2V5T3JJZD8uaWQ7XG5cbiAgICBpZiAoIXRoaXMuaGFzS2V5KGtleUlkKSAmJiBnZXRLZXlJZENhbGxiYWNrKSB7XG4gICAgICBrZXlJZCA9IGF3YWl0IGdldEtleUlkQ2FsbGJhY2soKTtcbiAgICB9XG4gICAgLy8gZWxzZSwgY29udGludWUgYW5kIGxldCBpdCBmYWlsLlxuXG4gICAgY29uc3Qga2V5ID0gdGhpcy5rZXkoa2V5SWQpO1xuICAgIGlmIChrZXkuandrKSB7XG4gICAgICByZXR1cm4ga2V5O1xuICAgIH0gZWxzZSB7XG4gICAgICByZXR1cm4gdGhpcy51bndyYXBLZXkodGhpcy5rZXlTZXJ2aWNlLmdldEN1cnJlbnRNYXN0ZXJLZXkoKS5pZCwga2V5SWQpO1xuICAgIH1cbiAgfVxuXG4gIHByaXZhdGUgYXN5bmMgX3Vud3JhcExpbmsod3JhcHBpbmdLZXksIGxpbmssIGRzdEtleSkge1xuICAgIC8vIGNvbnNvbGUubG9nKFwiX3Vud3JhcExpbms6XCIsIGxpbmsuZGF0YS5rZXlJZCk7XG4gICAgY29uc3Qgd3JhcHBlZEtleSA9IEpTT04ucGFyc2UobGluay5kYXRhLndyYXBwZWRLZXkpO1xuICAgIC8vIFNpZ25hdHVyZXMgb2Yga2V5cyBjb250YWluIHRoZSBrZXkgaXRzZWxmLiBUaGlzIHdheSB3ZSBvbmx5IG5lZWRcbiAgICAvLyB0byBhY2Nlc3MgdGhlIEtleUxpbmtzIHRvIGRlY3J5cHQvdmVyaWZ5IGtleXMuXG4gICAgbGV0IG5leHRSYXdLZXk7XG4gICAgaWYgKHdyYXBwZWRLZXkuc2lnbmF0dXJlcykge1xuICAgICAgbmV4dFJhd0tleSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UudmVyaWZ5KHdyYXBwaW5nS2V5LCB3cmFwcGVkS2V5KTtcbiAgICB9IGVsc2Uge1xuICAgICAgbmV4dFJhd0tleSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZGVjcnlwdChcbiAgICAgICAgd3JhcHBpbmdLZXksXG4gICAgICAgIHdyYXBwZWRLZXlcbiAgICAgICk7XG4gICAgfVxuICAgIGRzdEtleS5qd2sgPSBhd2FpdCBLRlMuYXNLZXkobmV4dFJhd0tleSk7XG4gICAgZHN0S2V5LnRhc2sgPSBudWxsO1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBfdW53cmFwKGtleTogSldLLktleSwgcGF0aDogRWRnZVtdKTogUHJvbWlzZTxKV0suS2V5PiB7XG4gICAgZm9yIChjb25zdCBsaW5rIG9mIHBhdGgpIHtcbiAgICAgIGNvbnN0IGRzdEtleSA9IHRoaXMua2V5KGxpbmsuZGF0YS5rZXlJZCk7XG4gICAgICAvLyBjb25zb2xlLmxvZyhcImtleTogXCIsIGxpbmsuZGF0YS5rZXlJZCk7XG4gICAgICBpZiAoZHN0S2V5Lmp3aykge1xuICAgICAgICBrZXkgPSBkc3RLZXkuandrO1xuICAgICAgICAvLyBjb25zb2xlLmxvZyhcIlJldHVybmluZyBjYWNoZWQga2V5OiBcIiwgbGluay5kYXRhLmtleUlkKTtcbiAgICAgICAgY29udGludWU7XG4gICAgICB9XG5cbiAgICAgIGlmICghZHN0S2V5LnRhc2spIHtcbiAgICAgICAgZHN0S2V5LnRhc2sgPSB0aGlzLl91bndyYXBMaW5rKGtleSwgbGluaywgZHN0S2V5KTtcbiAgICAgIH1cblxuICAgICAgYXdhaXQgZHN0S2V5LnRhc2s7XG4gICAgICBrZXkgPSBkc3RLZXkuandrO1xuICAgIH1cblxuICAgIHJldHVybiBrZXk7XG4gIH1cblxuICBwdWJsaWMgYXN5bmMgdW53cmFwV2l0aFBhc3NLZXkoXG4gICAgcGFzc0tleUlkOiBzdHJpbmcsXG4gICAgcGFzc0tleTogSldLLktleSxcbiAgICBrZXlJZDogc3RyaW5nXG4gICk6IFByb21pc2U8S2V5PiB7XG4gICAgLy8gR2V0IHBhdGggb2YgdGhlIGRpcmVjdG9yeSBrZXkuXG4gICAgY29uc3QgcGF0aCA9IHRoaXMuZ2V0UGF0aChwYXNzS2V5SWQsIGtleUlkKTtcblxuICAgIHJldHVybiB7XG4gICAgICBpZDoga2V5SWQsXG4gICAgICBqd2s6IGF3YWl0IHRoaXMuX3Vud3JhcChwYXNzS2V5LCBwYXRoKSxcbiAgICB9O1xuICB9XG5cbiAgYXN5bmMgdW53cmFwS2V5KG1hc3RlcktleUlkOiBzdHJpbmcsIGtleUlkOiBzdHJpbmcpOiBQcm9taXNlPEtleT4ge1xuICAgIC8vIFRoZSBmaXJzdCBrZXkgc2hvdWxkIGJlIGEgbWFzdGVyS2V5XG4gICAgY29uc3QgbWFzdGVyS2V5ID0gYXdhaXQgdGhpcy5rZXlTZXJ2aWNlLmxvYWRNYXN0ZXJLZXkobWFzdGVyS2V5SWQpO1xuXG4gICAgaWYgKG1hc3RlcktleUlkID09PSBrZXlJZCkge1xuICAgICAgcmV0dXJuIG1hc3RlcktleTtcbiAgICB9XG5cbiAgICAvLyBHZXQgcGF0aCBvZiB0aGUgZGlyZWN0b3J5IGtleS5cbiAgICBjb25zdCBwYXRoID0gdGhpcy5nZXRQYXRoKG1hc3RlcktleS5pZCwga2V5SWQpO1xuXG4gICAgcmV0dXJuIHtcbiAgICAgIGlkOiBrZXlJZCxcbiAgICAgIGp3azogYXdhaXQgdGhpcy5fdW53cmFwKG1hc3RlcktleS5qd2ssIHBhdGgpLFxuICAgIH07XG4gIH1cblxuICBhc3luYyBkZWNyeXB0RnJvbVN0cmluZzxUPihcbiAgICBrZXlPcklkOiBzdHJpbmcgfCBLZXksXG4gICAgY2lwaGVyRGF0YTogc3RyaW5nLFxuICAgIG9wdGlvbnM/OiBEZWNyeXB0T3B0aW9uc1xuICApOiBQcm9taXNlPFQ+IHtcbiAgICBpZiAoY2lwaGVyRGF0YSkge1xuICAgICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5nZXRKd2tLZXkoa2V5T3JJZCk7XG4gICAgICByZXR1cm4gKGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZGVjcnlwdChcbiAgICAgICAga2V5LFxuICAgICAgICBKU09OLnBhcnNlKGNpcGhlckRhdGEpLFxuICAgICAgICBvcHRpb25zXG4gICAgICApKSBhcyBhbnk7XG4gICAgfVxuICAgIHJldHVybiBudWxsO1xuICB9XG5cbiAgYXN5bmMgZGVjcnlwdEZpbGUoa2V5SWQ6IHN0cmluZywgZmlsZTogYW55KTogUHJvbWlzZTxhbnk+IHtcbiAgICBjb25zdCBrZXkgPSBhd2FpdCB0aGlzLmdldEp3a0tleShrZXlJZCk7XG4gICAgcmV0dXJuIChhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoa2V5LCBmaWxlLCB7XG4gICAgICBwYXlsb2FkVHlwZTogJ0FycmF5QnVmZmVyJyxcbiAgICB9KSkgYXMgYW55O1xuICB9XG5cbiAgLy8gVE9ETyByZW5hbWUgdGhpcyB0byBlbmNyeXB0KCkgYW5kIHVzZSBhcyB0aGUgbW9zdCBjb21tb24gdXNlY2FzZVxuICBhc3luYyBlbmNyeXB0VG9TdHJpbmcoXG4gICAga2V5OiBzdHJpbmcgfCBLZXkgfCBKV0suS2V5LFxuICAgIGNvbnRlbnQ6IGFueVxuICApOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIC8vIEVtcHR5IHN0cmluZyBzaG91bGQgYmUgZW5jcnlwdGVkIHNpbmNlIHlvdSB3YW50IHRvIGNsZWFyIHRoZSBmaWVsZC5cbiAgICAvLyBOdWxsIGlzIG5vdCBlbmNyeXB0ZWQgYmVjYXVzZSBpdCdzIG5vdCB2YWxpZCBKU09OIGluIHRoZSBvbGQgSlNPTiBzcGVjLiBVc2VcbiAgICAvLyBlbXB0eSBzdHJpbmcgaW5zdGVhZC4gSXQnbGwgZnVuY3Rpb24gYXMgYSBsb2dpYyBmYWxzZSBhcyB3ZWxsLlxuICAgIC8vIE5vdGUgdGhhdCBwYXNzaW5nIGluIGVtcHR5IHN0cmluZyBtZWFucyBpdCdsbCBiZSBlbmNyeXB0ZWQgd2hpY2ggdmVyaWZpZXNcbiAgICAvLyBpdCdzIGludGVncml0eS4gQnV0IHdlIHN0aWxsIHdhbnQgdG8gaGF2ZSBhIHdheSB0byBzZXQgdGhlIERCIGZpZWxkXG4gICAgLy8gdG8gTlVMTCwgc28gd2UgZXhwbGljaXRseSByZXR1cm4gbnVsbCB3aGVuIGNvbnRlbnQgPT0gbnVsbC4gQSBudWxsXG4gICAgLy8gdmFyaWFibGUgaW4gZ3JhcGhxbCBtdXRhdGlvbiBvbiBLQyBzZXJ2ZXIgY2xlYXJzIHRoZSBmaWVsZCB0byBOVUxMLlxuICAgIGlmIChjb250ZW50ID09IG51bGwpIHtcbiAgICAgIHJldHVybiBudWxsO1xuICAgIH1cblxuICAgIGNvbnN0IGp3ayA9IGFzSndrKGtleSkgfHwgKGF3YWl0IHRoaXMuZ2V0SndrS2V5KGtleSBhcyBzdHJpbmcgfCBLZXkpKTtcbiAgICByZXR1cm4gdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0VG9TdHJpbmcoandrLCBjb250ZW50KTtcbiAgfVxuXG4gIC8vIFdyYXBzIGEgc3ltbWV0cmljIGVuY3J5cHRpb24ga2V5LlxuICAvLyBUaHJvd3MgZXhjZXB0aW9uIGlmIHdyYXBwaW5nIHB1YmxpYyBrZXlzLlxuICBhc3luYyB3cmFwS2V5PFQ+KFxuICAgIHdyYXBwaW5nS2V5OiBzdHJpbmcgfCBLZXkgfCBKV0suS2V5LFxuICAgIGtleTogSldLLktleVxuICApOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGlmICghaXNTeW1tZXRyaWNLZXkoa2V5KSkge1xuICAgICAgdGhyb3cgbmV3IExyQmFkQXJndW1lbnRFeGNlcHRpb24oXG4gICAgICAgICdPbmx5IGFsbG93aW5nIHdyYXBwaW5nIG9mIHN5bW1ldHJpYyBrZXlzLidcbiAgICAgICk7XG4gICAgfVxuXG4gICAgcmV0dXJuIHRoaXMuZW5jcnlwdFRvU3RyaW5nKHdyYXBwaW5nS2V5LCBrZXkudG9KU09OKHRydWUpKTtcbiAgfVxuXG4gIC8vIFRPRE9cbiAgLy8gYXN5bmMgd3JhcFB1YmxpY0tleTxUPigpO1xuICAvLyBhc3luYyB3cmFwUHJpdmF0ZUtleTxUPigpO1xuXG4gIGFzeW5jIGVuY3J5cHRXaXRoTmV3S2V5KHdyYXBwaW5nS2V5SWQ6IHN0cmluZywgY2lwaGVyQ2xlYXJKc29uOiBhbnkpIHtcbiAgICBjb25zdCBrZXkgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlS2V5KCk7XG4gICAgY29uc3Qgd3JhcHBlZEtleSA9IGF3YWl0IHRoaXMuZW5jcnlwdFRvU3RyaW5nKFxuICAgICAgd3JhcHBpbmdLZXlJZCxcbiAgICAgIGtleS50b0pTT04odHJ1ZSlcbiAgICApO1xuICAgIGNvbnN0IGNpcGhlciA9IGF3YWl0IHRoaXMuZW5jcnlwdFRvU3RyaW5nKGtleSwgY2lwaGVyQ2xlYXJKc29uKTtcblxuICAgIHJldHVybiB7XG4gICAgICBrZXksXG4gICAgICB3cmFwcGluZ0tleUlkLFxuICAgICAgd3JhcHBlZEtleSxcbiAgICAgIGNpcGhlcixcbiAgICB9O1xuICB9XG59XG4iXX0=
+import { __awaiter } from "tslib";
+import { Injectable } from '@angular/core';
+import graphlib, { Graph } from '@dagrejs/graphlib';
+import _ from 'lodash';
+import { LrException, LrEncryptionException, LrNotFoundException, LrBadArgumentException, } from '../_common/exceptions';
+import { EdgeType, NodeType, } from './cryptography.types';
+import { asJwk, EncryptionService, isSymmetricKey, } from './encryption.service';
+import { KeyFactoryService, KeyFactoryService as KFS, } from './key-factory.service';
+import { KeyService } from './key.service';
+import * as i0 from "@angular/core";
+import * as i1 from "./encryption.service";
+import * as i2 from "./key.service";
+import * as i3 from "./key-factory.service";
+export class KeyGraphService {
+    // private keyCache: {
+    //   [id: string]: Key;
+    // };
+    constructor(encryptionService, keyService, keyFactory) {
+        this.encryptionService = encryptionService;
+        this.keyService = keyService;
+        this.keyFactory = keyFactory;
+        this.purgeKeys();
+    }
+    purgeKeys() {
+        this.graph = new Graph();
+        // this.keyCache = null;
+    }
+    populateKeys(userKey) {
+        return __awaiter(this, void 0, void 0, function* () {
+            this.keyService.populateKeys({
+                passKey: userKey.passKey,
+                masterKey: yield this.keyService.loadMasterKey(userKey.masterKey.id),
+                rootKey: yield this.unwrapKey(userKey.masterKey.id, userKey.rootKey.id),
+                pxk: yield this.unwrapKey(userKey.masterKey.id, userKey.pxk.id),
+                sigPxk: yield this.unwrapKey(userKey.masterKey.id, userKey.sigPxk.id),
+            });
+        });
+    }
+    hasKey(keyId) {
+        return !!this.graph.node(keyId);
+    }
+    getNode(id, type) {
+        const node = this.graph.node(id);
+        if (!node) {
+            throw new LrNotFoundException(`Key graphs does not contain key id: ${id}`);
+        }
+        if (node.type !== type) {
+            throw new LrException({
+                message: `Key with id ${id} is not of type ${type}`,
+            });
+        }
+        return node.data;
+    }
+    key(id) {
+        return this.getNode(id, NodeType.Key);
+    }
+    passKey(id) {
+        return this.getNode(id, NodeType.PassKey);
+    }
+    addKeys(src) {
+        // Keys
+        if (src.keys) {
+            // What key graph returns can not be customized. So keys are essentially immutable.
+            // Therefore, if a key exists, there's no reason to update it.
+            for (const key of src.keys) {
+                // Note using Relay global id allows us to not worry about clashing node id
+                if (this.graph.hasNode(key.id)) {
+                    continue;
+                }
+                const node = {
+                    type: NodeType.Key,
+                    data: _.cloneDeep(key),
+                };
+                this.graph.setNode(key.id, node);
+            }
+        }
+        // KeyLinks
+        if (src.keyLinks) {
+            for (const keyLink of src.keyLinks) {
+                if (this.graph.hasEdge(keyLink.wrappingKeyId, keyLink.keyId)) {
+                    continue;
+                }
+                const edge = {
+                    type: EdgeType.KeyLink,
+                    data: _.cloneDeep(keyLink),
+                };
+                // Edge goes from wrapping key to wrapped key.
+                this.graph.setEdge(keyLink.wrappingKeyId, keyLink.keyId, edge);
+            }
+        }
+        // PassKeyLinks
+        if (src.passKeyLinks) {
+            for (const passKeyLink of src.passKeyLinks) {
+                if (this.graph.hasEdge(passKeyLink.passKeyId, passKeyLink.keyId)) {
+                    continue;
+                }
+                const edge = {
+                    type: EdgeType.PassKeyLink,
+                    data: _.cloneDeep(passKeyLink),
+                };
+                // Edge goes from wrapping key to wrapped key.
+                this.graph.setEdge(passKeyLink.passKeyId, passKeyLink.keyId, edge);
+            }
+        }
+        // The graph is the single source of truth. These are lazily calculated.
+        // this.keyCache = null;
+    }
+    tracePath(distances, keyId) {
+        // The node label is the same as the id of the key nodes.
+        const ret = [];
+        let node = keyId;
+        if (!distances[node].predecessor) {
+            return null;
+        }
+        while (distances[node].predecessor) {
+            const child = distances[node].predecessor;
+            ret.push(this.graph.edge(child, node));
+            node = child;
+        }
+        // After reverse, the first element is the passkey
+        ret.reverse();
+        return ret;
+    }
+    getPath(knownKeyId, keyId) {
+        if (!knownKeyId || typeof knownKeyId !== 'string') {
+            throw new LrEncryptionException(`Param knownKeyId wrong format: ${knownKeyId}`);
+        }
+        if (!keyId || typeof keyId !== 'string') {
+            throw new LrEncryptionException(`Param keyId wrong format: ${keyId}`);
+        }
+        // => { A: { distance: 0 },
+        //      B: { distance: 6, predecessor: 'C' },
+        //      C: { distance: 4, predecessor: 'A' },
+        //      D: { distance: 2, predecessor: 'A' },
+        //      E: { distance: 8, predecessor: 'F' },
+        //      F: { distance: 4, predecessor: 'D' } }
+        const distances = graphlib.alg.dijkstra(this.graph, knownKeyId);
+        // Trace path from keyId to knownKeyId
+        return this.tracePath(distances, keyId);
+    }
+    getJwkKey(keyOrId, getKeyIdCallback) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return (yield this.getKey(keyOrId, getKeyIdCallback)).jwk;
+        });
+    }
+    // We assume that when a keyId is fetched, the key graph
+    // for the key is also returned and merged into the client-side
+    // key graph. By insisting a keyId is returned instead of the
+    // actual key we ensure key-graph is consistent.
+    getKey(keyOrId, getKeyIdCallback) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let keyId = typeof keyOrId === 'string' ? keyOrId : keyOrId === null || keyOrId === void 0 ? void 0 : keyOrId.id;
+            if (!this.hasKey(keyId) && getKeyIdCallback) {
+                keyId = yield getKeyIdCallback();
+            }
+            // else, continue and let it fail.
+            const key = this.key(keyId);
+            if (key.jwk) {
+                return key;
+            }
+            else {
+                return this.unwrapKey(this.keyService.getCurrentMasterKey().id, keyId);
+            }
+        });
+    }
+    _unwrapLink(wrappingKey, link, dstKey) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // console.log("_unwrapLink:", link.data.keyId);
+            const wrappedKey = JSON.parse(link.data.wrappedKey);
+            // Signatures of keys contain the key itself. This way we only need
+            // to access the KeyLinks to decrypt/verify keys.
+            let nextRawKey;
+            if (wrappedKey.signatures) {
+                nextRawKey = yield this.encryptionService.verify(wrappingKey, wrappedKey);
+            }
+            else {
+                nextRawKey = yield this.encryptionService.decrypt(wrappingKey, wrappedKey);
+            }
+            dstKey.jwk = yield KFS.asKey(nextRawKey);
+            dstKey.task = null;
+        });
+    }
+    _unwrap(key, path) {
+        return __awaiter(this, void 0, void 0, function* () {
+            for (const link of path) {
+                const dstKey = this.key(link.data.keyId);
+                // console.log("key: ", link.data.keyId);
+                if (dstKey.jwk) {
+                    key = dstKey.jwk;
+                    // console.log("Returning cached key: ", link.data.keyId);
+                    continue;
+                }
+                if (!dstKey.task) {
+                    dstKey.task = this._unwrapLink(key, link, dstKey);
+                }
+                yield dstKey.task;
+                key = dstKey.jwk;
+            }
+            return key;
+        });
+    }
+    unwrapWithPassKey(passKeyId, passKey, keyId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Get path of the directory key.
+            const path = this.getPath(passKeyId, keyId);
+            return {
+                id: keyId,
+                jwk: yield this._unwrap(passKey, path),
+            };
+        });
+    }
+    unwrapKey(masterKeyId, keyId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // The first key should be a masterKey
+            const masterKey = yield this.keyService.loadMasterKey(masterKeyId);
+            if (masterKeyId === keyId) {
+                return masterKey;
+            }
+            // Get path of the directory key.
+            const path = this.getPath(masterKey.id, keyId);
+            return {
+                id: keyId,
+                jwk: yield this._unwrap(masterKey.jwk, path),
+            };
+        });
+    }
+    decryptFromString(keyOrId, cipherData, options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (cipherData) {
+                const key = yield this.getJwkKey(keyOrId);
+                return (yield this.encryptionService.decrypt(key, JSON.parse(cipherData), options));
+            }
+            return null;
+        });
+    }
+    decryptFile(keyId, file) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.getJwkKey(keyId);
+            return (yield this.encryptionService.decrypt(key, file, {
+                payloadType: 'ArrayBuffer',
+            }));
+        });
+    }
+    // TODO rename this to encrypt() and use as the most common usecase
+    encryptToString(key, content) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Empty string should be encrypted since you want to clear the field.
+            // Null is not encrypted because it's not valid JSON in the old JSON spec. Use
+            // empty string instead. It'll function as a logic false as well.
+            // Note that passing in empty string means it'll be encrypted which verifies
+            // it's integrity. But we still want to have a way to set the DB field
+            // to NULL, so we explicitly return null when content == null. A null
+            // variable in graphql mutation on KC server clears the field to NULL.
+            if (content == null) {
+                return null;
+            }
+            const jwk = asJwk(key) || (yield this.getJwkKey(key));
+            return this.encryptionService.encryptToString(jwk, content);
+        });
+    }
+    // Wraps a symmetric encryption key.
+    // Throws exception if wrapping public keys.
+    wrapKey(wrappingKey, key) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!isSymmetricKey(key)) {
+                throw new LrBadArgumentException('Only allowing wrapping of symmetric keys.');
+            }
+            return this.encryptToString(wrappingKey, key.toJSON(true));
+        });
+    }
+    // TODO
+    // async wrapPublicKey<T>();
+    // async wrapPrivateKey<T>();
+    encryptWithNewKey(wrappingKeyId, cipherClearJson) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.keyFactory.createKey();
+            const wrappedKey = yield this.encryptToString(wrappingKeyId, key.toJSON(true));
+            const cipher = yield this.encryptToString(key, cipherClearJson);
+            return {
+                key,
+                wrappingKeyId,
+                wrappedKey,
+                cipher,
+            };
+        });
+    }
+}
+KeyGraphService.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyGraphService_Factory() { return new KeyGraphService(i0.ɵɵinject(i1.EncryptionService), i0.ɵɵinject(i2.KeyService), i0.ɵɵinject(i3.KeyFactoryService)); }, token: KeyGraphService, providedIn: "root" });
+KeyGraphService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+KeyGraphService.ctorParameters = () => [
+    { type: EncryptionService },
+    { type: KeyService },
+    { type: KeyFactoryService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LWdyYXBoLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiQzovUHJvamVjdHMva2MtY2xpZW50L3Byb2plY3RzL2NvcmUvc3JjLyIsInNvdXJjZXMiOlsibGliL2NyeXB0b2dyYXBoeS9rZXktZ3JhcGguc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUMzQyxPQUFPLFFBQVEsRUFBRSxFQUFFLEtBQUssRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQ3BELE9BQU8sQ0FBQyxNQUFNLFFBQVEsQ0FBQztBQUd2QixPQUFPLEVBQ0wsV0FBVyxFQUNYLHFCQUFxQixFQUNyQixtQkFBbUIsRUFDbkIsc0JBQXNCLEdBQ3ZCLE1BQU0sdUJBQXVCLENBQUM7QUFDL0IsT0FBTyxFQUVMLFFBQVEsRUFJUixRQUFRLEdBRVQsTUFBTSxzQkFBc0IsQ0FBQztBQUM5QixPQUFPLEVBQ0wsS0FBSyxFQUVMLGlCQUFpQixFQUNqQixjQUFjLEdBQ2YsTUFBTSxzQkFBc0IsQ0FBQztBQUM5QixPQUFPLEVBQ0wsaUJBQWlCLEVBQ2pCLGlCQUFpQixJQUFJLEdBQUcsR0FDekIsTUFBTSx1QkFBdUIsQ0FBQztBQUMvQixPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sZUFBZSxDQUFDOzs7OztBQVMzQyxNQUFNLE9BQU8sZUFBZTtJQUUxQixzQkFBc0I7SUFDdEIsdUJBQXVCO0lBQ3ZCLEtBQUs7SUFFTCxZQUNVLGlCQUFvQyxFQUNwQyxVQUFzQixFQUN0QixVQUE2QjtRQUY3QixzQkFBaUIsR0FBakIsaUJBQWlCLENBQW1CO1FBQ3BDLGVBQVUsR0FBVixVQUFVLENBQVk7UUFDdEIsZUFBVSxHQUFWLFVBQVUsQ0FBbUI7UUFFckMsSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO0lBQ25CLENBQUM7SUFFRCxTQUFTO1FBQ1AsSUFBSSxDQUFDLEtBQUssR0FBRyxJQUFJLEtBQUssRUFBRSxDQUFDO1FBQ3pCLHdCQUF3QjtJQUMxQixDQUFDO0lBRUssWUFBWSxDQUFDLE9BQXVCOztZQUN4QyxJQUFJLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FBQztnQkFDM0IsT0FBTyxFQUFFLE9BQU8sQ0FBQyxPQUFPO2dCQUN4QixTQUFTLEVBQUUsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztnQkFDcEUsT0FBTyxFQUFFLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztnQkFDdkUsR0FBRyxFQUFFLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFBRSxPQUFPLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDL0QsTUFBTSxFQUFFLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFBRSxPQUFPLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQzthQUN0RSxDQUFDLENBQUM7UUFDTCxDQUFDO0tBQUE7SUFFRCxNQUFNLENBQUMsS0FBYTtRQUNsQixPQUFPLENBQUMsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUNsQyxDQUFDO0lBRU8sT0FBTyxDQUFDLEVBQUUsRUFBRSxJQUFJO1FBQ3RCLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ2pDLElBQUksQ0FBQyxJQUFJLEVBQUU7WUFDVCxNQUFNLElBQUksbUJBQW1CLENBQzNCLHVDQUF1QyxFQUFFLEVBQUUsQ0FDNUMsQ0FBQztTQUNIO1FBQ0QsSUFBSSxJQUFJLENBQUMsSUFBSSxLQUFLLElBQUksRUFBRTtZQUN0QixNQUFNLElBQUksV0FBVyxDQUFDO2dCQUNwQixPQUFPLEVBQUUsZUFBZSxFQUFFLG1CQUFtQixJQUFJLEVBQUU7YUFDcEQsQ0FBQyxDQUFDO1NBQ0o7UUFDRCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUM7SUFDbkIsQ0FBQztJQUVELEdBQUcsQ0FBQyxFQUFFO1FBQ0osT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDLEVBQUUsRUFBRSxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVELE9BQU8sQ0FBQyxFQUFFO1FBQ1IsT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDLEVBQUUsRUFBRSxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDNUMsQ0FBQztJQUVELE9BQU8sQ0FBQyxHQUFxQjtRQUMzQixPQUFPO1FBQ1AsSUFBSSxHQUFHLENBQUMsSUFBSSxFQUFFO1lBQ1osbUZBQW1GO1lBQ25GLDhEQUE4RDtZQUM5RCxLQUFLLE1BQU0sR0FBRyxJQUFJLEdBQUcsQ0FBQyxJQUFJLEVBQUU7Z0JBQzFCLDJFQUEyRTtnQkFDM0UsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEVBQUU7b0JBQzlCLFNBQVM7aUJBQ1Y7Z0JBRUQsTUFBTSxJQUFJLEdBQVM7b0JBQ2pCLElBQUksRUFBRSxRQUFRLENBQUMsR0FBRztvQkFDbEIsSUFBSSxFQUFFLENBQUMsQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDO2lCQUN2QixDQUFDO2dCQUVGLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxFQUFFLEVBQUUsSUFBSSxDQUFDLENBQUM7YUFDbEM7U0FDRjtRQUVELFdBQVc7UUFDWCxJQUFJLEdBQUcsQ0FBQyxRQUFRLEVBQUU7WUFDaEIsS0FBSyxNQUFNLE9BQU8sSUFBSSxHQUFHLENBQUMsUUFBUSxFQUFFO2dCQUNsQyxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQUUsT0FBTyxDQUFDLEtBQUssQ0FBQyxFQUFFO29CQUM1RCxTQUFTO2lCQUNWO2dCQUVELE1BQU0sSUFBSSxHQUFTO29CQUNqQixJQUFJLEVBQUUsUUFBUSxDQUFDLE9BQU87b0JBQ3RCLElBQUksRUFBRSxDQUFDLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQztpQkFDM0IsQ0FBQztnQkFDRiw4Q0FBOEM7Z0JBQzlDLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQUUsT0FBTyxDQUFDLEtBQUssRUFBRSxJQUFJLENBQUMsQ0FBQzthQUNoRTtTQUNGO1FBRUQsZUFBZTtRQUNmLElBQUksR0FBRyxDQUFDLFlBQVksRUFBRTtZQUNwQixLQUFLLE1BQU0sV0FBVyxJQUFJLEdBQUcsQ0FBQyxZQUFZLEVBQUU7Z0JBQzFDLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLFNBQVMsRUFBRSxXQUFXLENBQUMsS0FBSyxDQUFDLEVBQUU7b0JBQ2hFLFNBQVM7aUJBQ1Y7Z0JBRUQsTUFBTSxJQUFJLEdBQVM7b0JBQ2pCLElBQUksRUFBRSxRQUFRLENBQUMsV0FBVztvQkFDMUIsSUFBSSxFQUFFLENBQUMsQ0FBQyxTQUFTLENBQUMsV0FBVyxDQUFDO2lCQUMvQixDQUFDO2dCQUNGLDhDQUE4QztnQkFDOUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLFNBQVMsRUFBRSxXQUFXLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDO2FBQ3BFO1NBQ0Y7UUFFRCx3RUFBd0U7UUFDeEUsd0JBQXdCO0lBQzFCLENBQUM7SUFFRCxTQUFTLENBQUMsU0FBUyxFQUFFLEtBQWE7UUFDaEMseURBQXlEO1FBQ3pELE1BQU0sR0FBRyxHQUFXLEVBQUUsQ0FBQztRQUN2QixJQUFJLElBQUksR0FBRyxLQUFLLENBQUM7UUFDakIsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxXQUFXLEVBQUU7WUFDaEMsT0FBTyxJQUFJLENBQUM7U0FDYjtRQUVELE9BQU8sU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDLFdBQVcsRUFBRTtZQUNsQyxNQUFNLEtBQUssR0FBRyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUMsV0FBVyxDQUFDO1lBQzFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDLENBQUM7WUFDdkMsSUFBSSxHQUFHLEtBQUssQ0FBQztTQUNkO1FBRUQsa0RBQWtEO1FBQ2xELEdBQUcsQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUVkLE9BQU8sR0FBRyxDQUFDO0lBQ2IsQ0FBQztJQUVELE9BQU8sQ0FBQyxVQUFrQixFQUFFLEtBQWE7UUFDdkMsSUFBSSxDQUFDLFVBQVUsSUFBSSxPQUFPLFVBQVUsS0FBSyxRQUFRLEVBQUU7WUFDakQsTUFBTSxJQUFJLHFCQUFxQixDQUM3QixrQ0FBa0MsVUFBVSxFQUFFLENBQy9DLENBQUM7U0FDSDtRQUNELElBQUksQ0FBQyxLQUFLLElBQUksT0FBTyxLQUFLLEtBQUssUUFBUSxFQUFFO1lBQ3ZDLE1BQU0sSUFBSSxxQkFBcUIsQ0FBQyw2QkFBNkIsS0FBSyxFQUFFLENBQUMsQ0FBQztTQUN2RTtRQUVELDJCQUEyQjtRQUMzQiw2Q0FBNkM7UUFDN0MsNkNBQTZDO1FBQzdDLDZDQUE2QztRQUM3Qyw2Q0FBNkM7UUFDN0MsOENBQThDO1FBQzlDLE1BQU0sU0FBUyxHQUFHLFFBQVEsQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxLQUFLLEVBQUUsVUFBVSxDQUFDLENBQUM7UUFFaEUsc0NBQXNDO1FBQ3RDLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxTQUFTLEVBQUUsS0FBSyxDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVLLFNBQVMsQ0FDYixPQUFxQixFQUNyQixnQkFBaUQ7O1lBRWpELE9BQU8sQ0FBQyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxFQUFFLGdCQUFnQixDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUM7UUFDNUQsQ0FBQztLQUFBO0lBRUQsd0RBQXdEO0lBQ3hELCtEQUErRDtJQUMvRCw2REFBNkQ7SUFDN0QsZ0RBQWdEO0lBQzFDLE1BQU0sQ0FDVixPQUFxQixFQUNyQixnQkFBaUQ7O1lBRWpELElBQUksS0FBSyxHQUFHLE9BQU8sT0FBTyxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxPQUFPLGFBQVAsT0FBTyx1QkFBUCxPQUFPLENBQUUsRUFBRSxDQUFDO1lBRWhFLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLGdCQUFnQixFQUFFO2dCQUMzQyxLQUFLLEdBQUcsTUFBTSxnQkFBZ0IsRUFBRSxDQUFDO2FBQ2xDO1lBQ0Qsa0NBQWtDO1lBRWxDLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDNUIsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFO2dCQUNYLE9BQU8sR0FBRyxDQUFDO2FBQ1o7aUJBQU07Z0JBQ0wsT0FBTyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsbUJBQW1CLEVBQUUsQ0FBQyxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7YUFDeEU7UUFDSCxDQUFDO0tBQUE7SUFFYSxXQUFXLENBQUMsV0FBVyxFQUFFLElBQUksRUFBRSxNQUFNOztZQUNqRCxnREFBZ0Q7WUFDaEQsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBQ3BELG1FQUFtRTtZQUNuRSxpREFBaUQ7WUFDakQsSUFBSSxVQUFVLENBQUM7WUFDZixJQUFJLFVBQVUsQ0FBQyxVQUFVLEVBQUU7Z0JBQ3pCLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLENBQUMsV0FBVyxFQUFFLFVBQVUsQ0FBQyxDQUFDO2FBQzNFO2lCQUFNO2dCQUNMLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQy9DLFdBQVcsRUFDWCxVQUFVLENBQ1gsQ0FBQzthQUNIO1lBQ0QsTUFBTSxDQUFDLEdBQUcsR0FBRyxNQUFNLEdBQUcsQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLENBQUM7WUFDekMsTUFBTSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUM7UUFDckIsQ0FBQztLQUFBO0lBRWEsT0FBTyxDQUFDLEdBQVksRUFBRSxJQUFZOztZQUM5QyxLQUFLLE1BQU0sSUFBSSxJQUFJLElBQUksRUFBRTtnQkFDdkIsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDO2dCQUN6Qyx5Q0FBeUM7Z0JBQ3pDLElBQUksTUFBTSxDQUFDLEdBQUcsRUFBRTtvQkFDZCxHQUFHLEdBQUcsTUFBTSxDQUFDLEdBQUcsQ0FBQztvQkFDakIsMERBQTBEO29CQUMxRCxTQUFTO2lCQUNWO2dCQUVELElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFO29CQUNoQixNQUFNLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxFQUFFLElBQUksRUFBRSxNQUFNLENBQUMsQ0FBQztpQkFDbkQ7Z0JBRUQsTUFBTSxNQUFNLENBQUMsSUFBSSxDQUFDO2dCQUNsQixHQUFHLEdBQUcsTUFBTSxDQUFDLEdBQUcsQ0FBQzthQUNsQjtZQUVELE9BQU8sR0FBRyxDQUFDO1FBQ2IsQ0FBQztLQUFBO0lBRVksaUJBQWlCLENBQzVCLFNBQWlCLEVBQ2pCLE9BQWdCLEVBQ2hCLEtBQWE7O1lBRWIsaUNBQWlDO1lBQ2pDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLEtBQUssQ0FBQyxDQUFDO1lBRTVDLE9BQU87Z0JBQ0wsRUFBRSxFQUFFLEtBQUs7Z0JBQ1QsR0FBRyxFQUFFLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDO2FBQ3ZDLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFSyxTQUFTLENBQUMsV0FBbUIsRUFBRSxLQUFhOztZQUNoRCxzQ0FBc0M7WUFDdEMsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQyxXQUFXLENBQUMsQ0FBQztZQUVuRSxJQUFJLFdBQVcsS0FBSyxLQUFLLEVBQUU7Z0JBQ3pCLE9BQU8sU0FBUyxDQUFDO2FBQ2xCO1lBRUQsaUNBQWlDO1lBQ2pDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFBRSxLQUFLLENBQUMsQ0FBQztZQUUvQyxPQUFPO2dCQUNMLEVBQUUsRUFBRSxLQUFLO2dCQUNULEdBQUcsRUFBRSxNQUFNLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEdBQUcsRUFBRSxJQUFJLENBQUM7YUFDN0MsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVLLGlCQUFpQixDQUNyQixPQUFxQixFQUNyQixVQUFrQixFQUNsQixPQUF3Qjs7WUFFeEIsSUFBSSxVQUFVLEVBQUU7Z0JBQ2QsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxDQUFDO2dCQUMxQyxPQUFPLENBQUMsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUMxQyxHQUFHLEVBQ0gsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsRUFDdEIsT0FBTyxDQUNSLENBQVEsQ0FBQzthQUNYO1lBQ0QsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO0tBQUE7SUFFSyxXQUFXLENBQUMsS0FBYSxFQUFFLElBQVM7O1lBQ3hDLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUN4QyxPQUFPLENBQUMsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLEdBQUcsRUFBRSxJQUFJLEVBQUU7Z0JBQ3RELFdBQVcsRUFBRSxhQUFhO2FBQzNCLENBQUMsQ0FBUSxDQUFDO1FBQ2IsQ0FBQztLQUFBO0lBRUQsbUVBQW1FO0lBQzdELGVBQWUsQ0FDbkIsR0FBMkIsRUFDM0IsT0FBWTs7WUFFWixzRUFBc0U7WUFDdEUsOEVBQThFO1lBQzlFLGlFQUFpRTtZQUNqRSw0RUFBNEU7WUFDNUUsc0VBQXNFO1lBQ3RFLHFFQUFxRTtZQUNyRSxzRUFBc0U7WUFDdEUsSUFBSSxPQUFPLElBQUksSUFBSSxFQUFFO2dCQUNuQixPQUFPLElBQUksQ0FBQzthQUNiO1lBRUQsTUFBTSxHQUFHLEdBQUcsS0FBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLEdBQW1CLENBQUMsQ0FBQyxDQUFDO1lBQ3RFLE9BQU8sSUFBSSxDQUFDLGlCQUFpQixDQUFDLGVBQWUsQ0FBQyxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDOUQsQ0FBQztLQUFBO0lBRUQsb0NBQW9DO0lBQ3BDLDRDQUE0QztJQUN0QyxPQUFPLENBQ1gsV0FBbUMsRUFDbkMsR0FBWTs7WUFFWixJQUFJLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxFQUFFO2dCQUN4QixNQUFNLElBQUksc0JBQXNCLENBQzlCLDJDQUEyQyxDQUM1QyxDQUFDO2FBQ0g7WUFFRCxPQUFPLElBQUksQ0FBQyxlQUFlLENBQUMsV0FBVyxFQUFFLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztRQUM3RCxDQUFDO0tBQUE7SUFFRCxPQUFPO0lBQ1AsNEJBQTRCO0lBQzVCLDZCQUE2QjtJQUV2QixpQkFBaUIsQ0FBQyxhQUFxQixFQUFFLGVBQW9COztZQUNqRSxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDOUMsTUFBTSxVQUFVLEdBQUcsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUMzQyxhQUFhLEVBQ2IsR0FBRyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDakIsQ0FBQztZQUNGLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLEVBQUUsZUFBZSxDQUFDLENBQUM7WUFFaEUsT0FBTztnQkFDTCxHQUFHO2dCQUNILGFBQWE7Z0JBQ2IsVUFBVTtnQkFDVixNQUFNO2FBQ1AsQ0FBQztRQUNKLENBQUM7S0FBQTs7OztZQTdVRixVQUFVLFNBQUM7Z0JBQ1YsVUFBVSxFQUFFLE1BQU07YUFDbkI7OztZQWZDLGlCQUFpQjtZQU9WLFVBQVU7WUFIakIsaUJBQWlCIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgSW5qZWN0YWJsZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xyXG5pbXBvcnQgZ3JhcGhsaWIsIHsgR3JhcGggfSBmcm9tICdAZGFncmVqcy9ncmFwaGxpYic7XHJcbmltcG9ydCBfIGZyb20gJ2xvZGFzaCc7XHJcbmltcG9ydCB7IEpXSyB9IGZyb20gJ25vZGUtam9zZSc7XHJcbmltcG9ydCB7IEN1cnJlbnRVc2VyS2V5IH0gZnJvbSAnLi4vdXNlcnMvcHJvZmlsZS50eXBlcyc7XHJcbmltcG9ydCB7XHJcbiAgTHJFeGNlcHRpb24sXHJcbiAgTHJFbmNyeXB0aW9uRXhjZXB0aW9uLFxyXG4gIExyTm90Rm91bmRFeGNlcHRpb24sXHJcbiAgTHJCYWRBcmd1bWVudEV4Y2VwdGlvbixcclxufSBmcm9tICcuLi9fY29tbW9uL2V4Y2VwdGlvbnMnO1xyXG5pbXBvcnQge1xyXG4gIEVkZ2UsXHJcbiAgRWRnZVR5cGUsXHJcbiAgS2V5LFxyXG4gIEtleUdyYXBoUmVzcG9uc2UsXHJcbiAgTm9kZSxcclxuICBOb2RlVHlwZSxcclxuICBQYXNzS2V5LFxyXG59IGZyb20gJy4vY3J5cHRvZ3JhcGh5LnR5cGVzJztcclxuaW1wb3J0IHtcclxuICBhc0p3ayxcclxuICBEZWNyeXB0T3B0aW9ucyxcclxuICBFbmNyeXB0aW9uU2VydmljZSxcclxuICBpc1N5bW1ldHJpY0tleSxcclxufSBmcm9tICcuL2VuY3J5cHRpb24uc2VydmljZSc7XHJcbmltcG9ydCB7XHJcbiAgS2V5RmFjdG9yeVNlcnZpY2UsXHJcbiAgS2V5RmFjdG9yeVNlcnZpY2UgYXMgS0ZTLFxyXG59IGZyb20gJy4va2V5LWZhY3Rvcnkuc2VydmljZSc7XHJcbmltcG9ydCB7IEtleVNlcnZpY2UgfSBmcm9tICcuL2tleS5zZXJ2aWNlJztcclxuXHJcbmV4cG9ydCBpbnRlcmZhY2UgR3JhcGhLZXkgZXh0ZW5kcyBLZXkge1xyXG4gIHRhc2s/OiBQcm9taXNlPGFueT47XHJcbn1cclxuXHJcbkBJbmplY3RhYmxlKHtcclxuICBwcm92aWRlZEluOiAncm9vdCcsXHJcbn0pXHJcbmV4cG9ydCBjbGFzcyBLZXlHcmFwaFNlcnZpY2Uge1xyXG4gIHByaXZhdGUgZ3JhcGg6IEdyYXBoO1xyXG4gIC8vIHByaXZhdGUga2V5Q2FjaGU6IHtcclxuICAvLyAgIFtpZDogc3RyaW5nXTogS2V5O1xyXG4gIC8vIH07XHJcblxyXG4gIGNvbnN0cnVjdG9yKFxyXG4gICAgcHJpdmF0ZSBlbmNyeXB0aW9uU2VydmljZTogRW5jcnlwdGlvblNlcnZpY2UsXHJcbiAgICBwcml2YXRlIGtleVNlcnZpY2U6IEtleVNlcnZpY2UsXHJcbiAgICBwcml2YXRlIGtleUZhY3Rvcnk6IEtleUZhY3RvcnlTZXJ2aWNlXHJcbiAgKSB7XHJcbiAgICB0aGlzLnB1cmdlS2V5cygpO1xyXG4gIH1cclxuXHJcbiAgcHVyZ2VLZXlzKCkge1xyXG4gICAgdGhpcy5ncmFwaCA9IG5ldyBHcmFwaCgpO1xyXG4gICAgLy8gdGhpcy5rZXlDYWNoZSA9IG51bGw7XHJcbiAgfVxyXG5cclxuICBhc3luYyBwb3B1bGF0ZUtleXModXNlcktleTogQ3VycmVudFVzZXJLZXkpIHtcclxuICAgIHRoaXMua2V5U2VydmljZS5wb3B1bGF0ZUtleXMoe1xyXG4gICAgICBwYXNzS2V5OiB1c2VyS2V5LnBhc3NLZXksXHJcbiAgICAgIG1hc3RlcktleTogYXdhaXQgdGhpcy5rZXlTZXJ2aWNlLmxvYWRNYXN0ZXJLZXkodXNlcktleS5tYXN0ZXJLZXkuaWQpLFxyXG4gICAgICByb290S2V5OiBhd2FpdCB0aGlzLnVud3JhcEtleSh1c2VyS2V5Lm1hc3RlcktleS5pZCwgdXNlcktleS5yb290S2V5LmlkKSxcclxuICAgICAgcHhrOiBhd2FpdCB0aGlzLnVud3JhcEtleSh1c2VyS2V5Lm1hc3RlcktleS5pZCwgdXNlcktleS5weGsuaWQpLFxyXG4gICAgICBzaWdQeGs6IGF3YWl0IHRoaXMudW53cmFwS2V5KHVzZXJLZXkubWFzdGVyS2V5LmlkLCB1c2VyS2V5LnNpZ1B4ay5pZCksXHJcbiAgICB9KTtcclxuICB9XHJcblxyXG4gIGhhc0tleShrZXlJZDogc3RyaW5nKSB7XHJcbiAgICByZXR1cm4gISF0aGlzLmdyYXBoLm5vZGUoa2V5SWQpO1xyXG4gIH1cclxuXHJcbiAgcHJpdmF0ZSBnZXROb2RlKGlkLCB0eXBlKTogR3JhcGhLZXkgfCBQYXNzS2V5IHtcclxuICAgIGNvbnN0IG5vZGUgPSB0aGlzLmdyYXBoLm5vZGUoaWQpO1xyXG4gICAgaWYgKCFub2RlKSB7XHJcbiAgICAgIHRocm93IG5ldyBMck5vdEZvdW5kRXhjZXB0aW9uKFxyXG4gICAgICAgIGBLZXkgZ3JhcGhzIGRvZXMgbm90IGNvbnRhaW4ga2V5IGlkOiAke2lkfWBcclxuICAgICAgKTtcclxuICAgIH1cclxuICAgIGlmIChub2RlLnR5cGUgIT09IHR5cGUpIHtcclxuICAgICAgdGhyb3cgbmV3IExyRXhjZXB0aW9uKHtcclxuICAgICAgICBtZXNzYWdlOiBgS2V5IHdpdGggaWQgJHtpZH0gaXMgbm90IG9mIHR5cGUgJHt0eXBlfWAsXHJcbiAgICAgIH0pO1xyXG4gICAgfVxyXG4gICAgcmV0dXJuIG5vZGUuZGF0YTtcclxuICB9XHJcblxyXG4gIGtleShpZCk6IEdyYXBoS2V5IHtcclxuICAgIHJldHVybiB0aGlzLmdldE5vZGUoaWQsIE5vZGVUeXBlLktleSk7XHJcbiAgfVxyXG5cclxuICBwYXNzS2V5KGlkKTogUGFzc0tleSB7XHJcbiAgICByZXR1cm4gdGhpcy5nZXROb2RlKGlkLCBOb2RlVHlwZS5QYXNzS2V5KTtcclxuICB9XHJcblxyXG4gIGFkZEtleXMoc3JjOiBLZXlHcmFwaFJlc3BvbnNlKSB7XHJcbiAgICAvLyBLZXlzXHJcbiAgICBpZiAoc3JjLmtleXMpIHtcclxuICAgICAgLy8gV2hhdCBrZXkgZ3JhcGggcmV0dXJucyBjYW4gbm90IGJlIGN1c3RvbWl6ZWQuIFNvIGtleXMgYXJlIGVzc2VudGlhbGx5IGltbXV0YWJsZS5cclxuICAgICAgLy8gVGhlcmVmb3JlLCBpZiBhIGtleSBleGlzdHMsIHRoZXJlJ3Mgbm8gcmVhc29uIHRvIHVwZGF0ZSBpdC5cclxuICAgICAgZm9yIChjb25zdCBrZXkgb2Ygc3JjLmtleXMpIHtcclxuICAgICAgICAvLyBOb3RlIHVzaW5nIFJlbGF5IGdsb2JhbCBpZCBhbGxvd3MgdXMgdG8gbm90IHdvcnJ5IGFib3V0IGNsYXNoaW5nIG5vZGUgaWRcclxuICAgICAgICBpZiAodGhpcy5ncmFwaC5oYXNOb2RlKGtleS5pZCkpIHtcclxuICAgICAgICAgIGNvbnRpbnVlO1xyXG4gICAgICAgIH1cclxuXHJcbiAgICAgICAgY29uc3Qgbm9kZTogTm9kZSA9IHtcclxuICAgICAgICAgIHR5cGU6IE5vZGVUeXBlLktleSxcclxuICAgICAgICAgIGRhdGE6IF8uY2xvbmVEZWVwKGtleSksXHJcbiAgICAgICAgfTtcclxuXHJcbiAgICAgICAgdGhpcy5ncmFwaC5zZXROb2RlKGtleS5pZCwgbm9kZSk7XHJcbiAgICAgIH1cclxuICAgIH1cclxuXHJcbiAgICAvLyBLZXlMaW5rc1xyXG4gICAgaWYgKHNyYy5rZXlMaW5rcykge1xyXG4gICAgICBmb3IgKGNvbnN0IGtleUxpbmsgb2Ygc3JjLmtleUxpbmtzKSB7XHJcbiAgICAgICAgaWYgKHRoaXMuZ3JhcGguaGFzRWRnZShrZXlMaW5rLndyYXBwaW5nS2V5SWQsIGtleUxpbmsua2V5SWQpKSB7XHJcbiAgICAgICAgICBjb250aW51ZTtcclxuICAgICAgICB9XHJcblxyXG4gICAgICAgIGNvbnN0IGVkZ2U6IEVkZ2UgPSB7XHJcbiAgICAgICAgICB0eXBlOiBFZGdlVHlwZS5LZXlMaW5rLFxyXG4gICAgICAgICAgZGF0YTogXy5jbG9uZURlZXAoa2V5TGluayksXHJcbiAgICAgICAgfTtcclxuICAgICAgICAvLyBFZGdlIGdvZXMgZnJvbSB3cmFwcGluZyBrZXkgdG8gd3JhcHBlZCBrZXkuXHJcbiAgICAgICAgdGhpcy5ncmFwaC5zZXRFZGdlKGtleUxpbmsud3JhcHBpbmdLZXlJZCwga2V5TGluay5rZXlJZCwgZWRnZSk7XHJcbiAgICAgIH1cclxuICAgIH1cclxuXHJcbiAgICAvLyBQYXNzS2V5TGlua3NcclxuICAgIGlmIChzcmMucGFzc0tleUxpbmtzKSB7XHJcbiAgICAgIGZvciAoY29uc3QgcGFzc0tleUxpbmsgb2Ygc3JjLnBhc3NLZXlMaW5rcykge1xyXG4gICAgICAgIGlmICh0aGlzLmdyYXBoLmhhc0VkZ2UocGFzc0tleUxpbmsucGFzc0tleUlkLCBwYXNzS2V5TGluay5rZXlJZCkpIHtcclxuICAgICAgICAgIGNvbnRpbnVlO1xyXG4gICAgICAgIH1cclxuXHJcbiAgICAgICAgY29uc3QgZWRnZTogRWRnZSA9IHtcclxuICAgICAgICAgIHR5cGU6IEVkZ2VUeXBlLlBhc3NLZXlMaW5rLFxyXG4gICAgICAgICAgZGF0YTogXy5jbG9uZURlZXAocGFzc0tleUxpbmspLFxyXG4gICAgICAgIH07XHJcbiAgICAgICAgLy8gRWRnZSBnb2VzIGZyb20gd3JhcHBpbmcga2V5IHRvIHdyYXBwZWQga2V5LlxyXG4gICAgICAgIHRoaXMuZ3JhcGguc2V0RWRnZShwYXNzS2V5TGluay5wYXNzS2V5SWQsIHBhc3NLZXlMaW5rLmtleUlkLCBlZGdlKTtcclxuICAgICAgfVxyXG4gICAgfVxyXG5cclxuICAgIC8vIFRoZSBncmFwaCBpcyB0aGUgc2luZ2xlIHNvdXJjZSBvZiB0cnV0aC4gVGhlc2UgYXJlIGxhemlseSBjYWxjdWxhdGVkLlxyXG4gICAgLy8gdGhpcy5rZXlDYWNoZSA9IG51bGw7XHJcbiAgfVxyXG5cclxuICB0cmFjZVBhdGgoZGlzdGFuY2VzLCBrZXlJZDogc3RyaW5nKTogRWRnZVtdIHtcclxuICAgIC8vIFRoZSBub2RlIGxhYmVsIGlzIHRoZSBzYW1lIGFzIHRoZSBpZCBvZiB0aGUga2V5IG5vZGVzLlxyXG4gICAgY29uc3QgcmV0OiBFZGdlW10gPSBbXTtcclxuICAgIGxldCBub2RlID0ga2V5SWQ7XHJcbiAgICBpZiAoIWRpc3RhbmNlc1tub2RlXS5wcmVkZWNlc3Nvcikge1xyXG4gICAgICByZXR1cm4gbnVsbDtcclxuICAgIH1cclxuXHJcbiAgICB3aGlsZSAoZGlzdGFuY2VzW25vZGVdLnByZWRlY2Vzc29yKSB7XHJcbiAgICAgIGNvbnN0IGNoaWxkID0gZGlzdGFuY2VzW25vZGVdLnByZWRlY2Vzc29yO1xyXG4gICAgICByZXQucHVzaCh0aGlzLmdyYXBoLmVkZ2UoY2hpbGQsIG5vZGUpKTtcclxuICAgICAgbm9kZSA9IGNoaWxkO1xyXG4gICAgfVxyXG5cclxuICAgIC8vIEFmdGVyIHJldmVyc2UsIHRoZSBmaXJzdCBlbGVtZW50IGlzIHRoZSBwYXNza2V5XHJcbiAgICByZXQucmV2ZXJzZSgpO1xyXG5cclxuICAgIHJldHVybiByZXQ7XHJcbiAgfVxyXG5cclxuICBnZXRQYXRoKGtub3duS2V5SWQ6IHN0cmluZywga2V5SWQ6IHN0cmluZyk6IEVkZ2VbXSB7XHJcbiAgICBpZiAoIWtub3duS2V5SWQgfHwgdHlwZW9mIGtub3duS2V5SWQgIT09ICdzdHJpbmcnKSB7XHJcbiAgICAgIHRocm93IG5ldyBMckVuY3J5cHRpb25FeGNlcHRpb24oXHJcbiAgICAgICAgYFBhcmFtIGtub3duS2V5SWQgd3JvbmcgZm9ybWF0OiAke2tub3duS2V5SWR9YFxyXG4gICAgICApO1xyXG4gICAgfVxyXG4gICAgaWYgKCFrZXlJZCB8fCB0eXBlb2Yga2V5SWQgIT09ICdzdHJpbmcnKSB7XHJcbiAgICAgIHRocm93IG5ldyBMckVuY3J5cHRpb25FeGNlcHRpb24oYFBhcmFtIGtleUlkIHdyb25nIGZvcm1hdDogJHtrZXlJZH1gKTtcclxuICAgIH1cclxuXHJcbiAgICAvLyA9PiB7IEE6IHsgZGlzdGFuY2U6IDAgfSxcclxuICAgIC8vICAgICAgQjogeyBkaXN0YW5jZTogNiwgcHJlZGVjZXNzb3I6ICdDJyB9LFxyXG4gICAgLy8gICAgICBDOiB7IGRpc3RhbmNlOiA0LCBwcmVkZWNlc3NvcjogJ0EnIH0sXHJcbiAgICAvLyAgICAgIEQ6IHsgZGlzdGFuY2U6IDIsIHByZWRlY2Vzc29yOiAnQScgfSxcclxuICAgIC8vICAgICAgRTogeyBkaXN0YW5jZTogOCwgcHJlZGVjZXNzb3I6ICdGJyB9LFxyXG4gICAgLy8gICAgICBGOiB7IGRpc3RhbmNlOiA0LCBwcmVkZWNlc3NvcjogJ0QnIH0gfVxyXG4gICAgY29uc3QgZGlzdGFuY2VzID0gZ3JhcGhsaWIuYWxnLmRpamtzdHJhKHRoaXMuZ3JhcGgsIGtub3duS2V5SWQpO1xyXG5cclxuICAgIC8vIFRyYWNlIHBhdGggZnJvbSBrZXlJZCB0byBrbm93bktleUlkXHJcbiAgICByZXR1cm4gdGhpcy50cmFjZVBhdGgoZGlzdGFuY2VzLCBrZXlJZCk7XHJcbiAgfVxyXG5cclxuICBhc3luYyBnZXRKd2tLZXkoXHJcbiAgICBrZXlPcklkOiBzdHJpbmcgfCBLZXksXHJcbiAgICBnZXRLZXlJZENhbGxiYWNrPzogKCkgPT4gUHJvbWlzZTxzdHJpbmc+IHwgc3RyaW5nXHJcbiAgKTogUHJvbWlzZTxKV0suS2V5PiB7XHJcbiAgICByZXR1cm4gKGF3YWl0IHRoaXMuZ2V0S2V5KGtleU9ySWQsIGdldEtleUlkQ2FsbGJhY2spKS5qd2s7XHJcbiAgfVxyXG5cclxuICAvLyBXZSBhc3N1bWUgdGhhdCB3aGVuIGEga2V5SWQgaXMgZmV0Y2hlZCwgdGhlIGtleSBncmFwaFxyXG4gIC8vIGZvciB0aGUga2V5IGlzIGFsc28gcmV0dXJuZWQgYW5kIG1lcmdlZCBpbnRvIHRoZSBjbGllbnQtc2lkZVxyXG4gIC8vIGtleSBncmFwaC4gQnkgaW5zaXN0aW5nIGEga2V5SWQgaXMgcmV0dXJuZWQgaW5zdGVhZCBvZiB0aGVcclxuICAvLyBhY3R1YWwga2V5IHdlIGVuc3VyZSBrZXktZ3JhcGggaXMgY29uc2lzdGVudC5cclxuICBhc3luYyBnZXRLZXkoXHJcbiAgICBrZXlPcklkOiBzdHJpbmcgfCBLZXksXHJcbiAgICBnZXRLZXlJZENhbGxiYWNrPzogKCkgPT4gUHJvbWlzZTxzdHJpbmc+IHwgc3RyaW5nXHJcbiAgKTogUHJvbWlzZTxLZXk+IHtcclxuICAgIGxldCBrZXlJZCA9IHR5cGVvZiBrZXlPcklkID09PSAnc3RyaW5nJyA/IGtleU9ySWQgOiBrZXlPcklkPy5pZDtcclxuXHJcbiAgICBpZiAoIXRoaXMuaGFzS2V5KGtleUlkKSAmJiBnZXRLZXlJZENhbGxiYWNrKSB7XHJcbiAgICAgIGtleUlkID0gYXdhaXQgZ2V0S2V5SWRDYWxsYmFjaygpO1xyXG4gICAgfVxyXG4gICAgLy8gZWxzZSwgY29udGludWUgYW5kIGxldCBpdCBmYWlsLlxyXG5cclxuICAgIGNvbnN0IGtleSA9IHRoaXMua2V5KGtleUlkKTtcclxuICAgIGlmIChrZXkuandrKSB7XHJcbiAgICAgIHJldHVybiBrZXk7XHJcbiAgICB9IGVsc2Uge1xyXG4gICAgICByZXR1cm4gdGhpcy51bndyYXBLZXkodGhpcy5rZXlTZXJ2aWNlLmdldEN1cnJlbnRNYXN0ZXJLZXkoKS5pZCwga2V5SWQpO1xyXG4gICAgfVxyXG4gIH1cclxuXHJcbiAgcHJpdmF0ZSBhc3luYyBfdW53cmFwTGluayh3cmFwcGluZ0tleSwgbGluaywgZHN0S2V5KSB7XHJcbiAgICAvLyBjb25zb2xlLmxvZyhcIl91bndyYXBMaW5rOlwiLCBsaW5rLmRhdGEua2V5SWQpO1xyXG4gICAgY29uc3Qgd3JhcHBlZEtleSA9IEpTT04ucGFyc2UobGluay5kYXRhLndyYXBwZWRLZXkpO1xyXG4gICAgLy8gU2lnbmF0dXJlcyBvZiBrZXlzIGNvbnRhaW4gdGhlIGtleSBpdHNlbGYuIFRoaXMgd2F5IHdlIG9ubHkgbmVlZFxyXG4gICAgLy8gdG8gYWNjZXNzIHRoZSBLZXlMaW5rcyB0byBkZWNyeXB0L3ZlcmlmeSBrZXlzLlxyXG4gICAgbGV0IG5leHRSYXdLZXk7XHJcbiAgICBpZiAod3JhcHBlZEtleS5zaWduYXR1cmVzKSB7XHJcbiAgICAgIG5leHRSYXdLZXkgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLnZlcmlmeSh3cmFwcGluZ0tleSwgd3JhcHBlZEtleSk7XHJcbiAgICB9IGVsc2Uge1xyXG4gICAgICBuZXh0UmF3S2V5ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxyXG4gICAgICAgIHdyYXBwaW5nS2V5LFxyXG4gICAgICAgIHdyYXBwZWRLZXlcclxuICAgICAgKTtcclxuICAgIH1cclxuICAgIGRzdEtleS5qd2sgPSBhd2FpdCBLRlMuYXNLZXkobmV4dFJhd0tleSk7XHJcbiAgICBkc3RLZXkudGFzayA9IG51bGw7XHJcbiAgfVxyXG5cclxuICBwcml2YXRlIGFzeW5jIF91bndyYXAoa2V5OiBKV0suS2V5LCBwYXRoOiBFZGdlW10pOiBQcm9taXNlPEpXSy5LZXk+IHtcclxuICAgIGZvciAoY29uc3QgbGluayBvZiBwYXRoKSB7XHJcbiAgICAgIGNvbnN0IGRzdEtleSA9IHRoaXMua2V5KGxpbmsuZGF0YS5rZXlJZCk7XHJcbiAgICAgIC8vIGNvbnNvbGUubG9nKFwia2V5OiBcIiwgbGluay5kYXRhLmtleUlkKTtcclxuICAgICAgaWYgKGRzdEtleS5qd2spIHtcclxuICAgICAgICBrZXkgPSBkc3RLZXkuandrO1xyXG4gICAgICAgIC8vIGNvbnNvbGUubG9nKFwiUmV0dXJuaW5nIGNhY2hlZCBrZXk6IFwiLCBsaW5rLmRhdGEua2V5SWQpO1xyXG4gICAgICAgIGNvbnRpbnVlO1xyXG4gICAgICB9XHJcblxyXG4gICAgICBpZiAoIWRzdEtleS50YXNrKSB7XHJcbiAgICAgICAgZHN0S2V5LnRhc2sgPSB0aGlzLl91bndyYXBMaW5rKGtleSwgbGluaywgZHN0S2V5KTtcclxuICAgICAgfVxyXG5cclxuICAgICAgYXdhaXQgZHN0S2V5LnRhc2s7XHJcbiAgICAgIGtleSA9IGRzdEtleS5qd2s7XHJcbiAgICB9XHJcblxyXG4gICAgcmV0dXJuIGtleTtcclxuICB9XHJcblxyXG4gIHB1YmxpYyBhc3luYyB1bndyYXBXaXRoUGFzc0tleShcclxuICAgIHBhc3NLZXlJZDogc3RyaW5nLFxyXG4gICAgcGFzc0tleTogSldLLktleSxcclxuICAgIGtleUlkOiBzdHJpbmdcclxuICApOiBQcm9taXNlPEtleT4ge1xyXG4gICAgLy8gR2V0IHBhdGggb2YgdGhlIGRpcmVjdG9yeSBrZXkuXHJcbiAgICBjb25zdCBwYXRoID0gdGhpcy5nZXRQYXRoKHBhc3NLZXlJZCwga2V5SWQpO1xyXG5cclxuICAgIHJldHVybiB7XHJcbiAgICAgIGlkOiBrZXlJZCxcclxuICAgICAgandrOiBhd2FpdCB0aGlzLl91bndyYXAocGFzc0tleSwgcGF0aCksXHJcbiAgICB9O1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgdW53cmFwS2V5KG1hc3RlcktleUlkOiBzdHJpbmcsIGtleUlkOiBzdHJpbmcpOiBQcm9taXNlPEtleT4ge1xyXG4gICAgLy8gVGhlIGZpcnN0IGtleSBzaG91bGQgYmUgYSBtYXN0ZXJLZXlcclxuICAgIGNvbnN0IG1hc3RlcktleSA9IGF3YWl0IHRoaXMua2V5U2VydmljZS5sb2FkTWFzdGVyS2V5KG1hc3RlcktleUlkKTtcclxuXHJcbiAgICBpZiAobWFzdGVyS2V5SWQgPT09IGtleUlkKSB7XHJcbiAgICAgIHJldHVybiBtYXN0ZXJLZXk7XHJcbiAgICB9XHJcblxyXG4gICAgLy8gR2V0IHBhdGggb2YgdGhlIGRpcmVjdG9yeSBrZXkuXHJcbiAgICBjb25zdCBwYXRoID0gdGhpcy5nZXRQYXRoKG1hc3RlcktleS5pZCwga2V5SWQpO1xyXG5cclxuICAgIHJldHVybiB7XHJcbiAgICAgIGlkOiBrZXlJZCxcclxuICAgICAgandrOiBhd2FpdCB0aGlzLl91bndyYXAobWFzdGVyS2V5Lmp3aywgcGF0aCksXHJcbiAgICB9O1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgZGVjcnlwdEZyb21TdHJpbmc8VD4oXHJcbiAgICBrZXlPcklkOiBzdHJpbmcgfCBLZXksXHJcbiAgICBjaXBoZXJEYXRhOiBzdHJpbmcsXHJcbiAgICBvcHRpb25zPzogRGVjcnlwdE9wdGlvbnNcclxuICApOiBQcm9taXNlPFQ+IHtcclxuICAgIGlmIChjaXBoZXJEYXRhKSB7XHJcbiAgICAgIGNvbnN0IGtleSA9IGF3YWl0IHRoaXMuZ2V0SndrS2V5KGtleU9ySWQpO1xyXG4gICAgICByZXR1cm4gKGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZGVjcnlwdChcclxuICAgICAgICBrZXksXHJcbiAgICAgICAgSlNPTi5wYXJzZShjaXBoZXJEYXRhKSxcclxuICAgICAgICBvcHRpb25zXHJcbiAgICAgICkpIGFzIGFueTtcclxuICAgIH1cclxuICAgIHJldHVybiBudWxsO1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgZGVjcnlwdEZpbGUoa2V5SWQ6IHN0cmluZywgZmlsZTogYW55KTogUHJvbWlzZTxhbnk+IHtcclxuICAgIGNvbnN0IGtleSA9IGF3YWl0IHRoaXMuZ2V0SndrS2V5KGtleUlkKTtcclxuICAgIHJldHVybiAoYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KGtleSwgZmlsZSwge1xyXG4gICAgICBwYXlsb2FkVHlwZTogJ0FycmF5QnVmZmVyJyxcclxuICAgIH0pKSBhcyBhbnk7XHJcbiAgfVxyXG5cclxuICAvLyBUT0RPIHJlbmFtZSB0aGlzIHRvIGVuY3J5cHQoKSBhbmQgdXNlIGFzIHRoZSBtb3N0IGNvbW1vbiB1c2VjYXNlXHJcbiAgYXN5bmMgZW5jcnlwdFRvU3RyaW5nKFxyXG4gICAga2V5OiBzdHJpbmcgfCBLZXkgfCBKV0suS2V5LFxyXG4gICAgY29udGVudDogYW55XHJcbiAgKTogUHJvbWlzZTxzdHJpbmc+IHtcclxuICAgIC8vIEVtcHR5IHN0cmluZyBzaG91bGQgYmUgZW5jcnlwdGVkIHNpbmNlIHlvdSB3YW50IHRvIGNsZWFyIHRoZSBmaWVsZC5cclxuICAgIC8vIE51bGwgaXMgbm90IGVuY3J5cHRlZCBiZWNhdXNlIGl0J3Mgbm90IHZhbGlkIEpTT04gaW4gdGhlIG9sZCBKU09OIHNwZWMuIFVzZVxyXG4gICAgLy8gZW1wdHkgc3RyaW5nIGluc3RlYWQuIEl0J2xsIGZ1bmN0aW9uIGFzIGEgbG9naWMgZmFsc2UgYXMgd2VsbC5cclxuICAgIC8vIE5vdGUgdGhhdCBwYXNzaW5nIGluIGVtcHR5IHN0cmluZyBtZWFucyBpdCdsbCBiZSBlbmNyeXB0ZWQgd2hpY2ggdmVyaWZpZXNcclxuICAgIC8vIGl0J3MgaW50ZWdyaXR5LiBCdXQgd2Ugc3RpbGwgd2FudCB0byBoYXZlIGEgd2F5IHRvIHNldCB0aGUgREIgZmllbGRcclxuICAgIC8vIHRvIE5VTEwsIHNvIHdlIGV4cGxpY2l0bHkgcmV0dXJuIG51bGwgd2hlbiBjb250ZW50ID09IG51bGwuIEEgbnVsbFxyXG4gICAgLy8gdmFyaWFibGUgaW4gZ3JhcGhxbCBtdXRhdGlvbiBvbiBLQyBzZXJ2ZXIgY2xlYXJzIHRoZSBmaWVsZCB0byBOVUxMLlxyXG4gICAgaWYgKGNvbnRlbnQgPT0gbnVsbCkge1xyXG4gICAgICByZXR1cm4gbnVsbDtcclxuICAgIH1cclxuXHJcbiAgICBjb25zdCBqd2sgPSBhc0p3ayhrZXkpIHx8IChhd2FpdCB0aGlzLmdldEp3a0tleShrZXkgYXMgc3RyaW5nIHwgS2V5KSk7XHJcbiAgICByZXR1cm4gdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0VG9TdHJpbmcoandrLCBjb250ZW50KTtcclxuICB9XHJcblxyXG4gIC8vIFdyYXBzIGEgc3ltbWV0cmljIGVuY3J5cHRpb24ga2V5LlxyXG4gIC8vIFRocm93cyBleGNlcHRpb24gaWYgd3JhcHBpbmcgcHVibGljIGtleXMuXHJcbiAgYXN5bmMgd3JhcEtleTxUPihcclxuICAgIHdyYXBwaW5nS2V5OiBzdHJpbmcgfCBLZXkgfCBKV0suS2V5LFxyXG4gICAga2V5OiBKV0suS2V5XHJcbiAgKTogUHJvbWlzZTxzdHJpbmc+IHtcclxuICAgIGlmICghaXNTeW1tZXRyaWNLZXkoa2V5KSkge1xyXG4gICAgICB0aHJvdyBuZXcgTHJCYWRBcmd1bWVudEV4Y2VwdGlvbihcclxuICAgICAgICAnT25seSBhbGxvd2luZyB3cmFwcGluZyBvZiBzeW1tZXRyaWMga2V5cy4nXHJcbiAgICAgICk7XHJcbiAgICB9XHJcblxyXG4gICAgcmV0dXJuIHRoaXMuZW5jcnlwdFRvU3RyaW5nKHdyYXBwaW5nS2V5LCBrZXkudG9KU09OKHRydWUpKTtcclxuICB9XHJcblxyXG4gIC8vIFRPRE9cclxuICAvLyBhc3luYyB3cmFwUHVibGljS2V5PFQ+KCk7XHJcbiAgLy8gYXN5bmMgd3JhcFByaXZhdGVLZXk8VD4oKTtcclxuXHJcbiAgYXN5bmMgZW5jcnlwdFdpdGhOZXdLZXkod3JhcHBpbmdLZXlJZDogc3RyaW5nLCBjaXBoZXJDbGVhckpzb246IGFueSkge1xyXG4gICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZUtleSgpO1xyXG4gICAgY29uc3Qgd3JhcHBlZEtleSA9IGF3YWl0IHRoaXMuZW5jcnlwdFRvU3RyaW5nKFxyXG4gICAgICB3cmFwcGluZ0tleUlkLFxyXG4gICAgICBrZXkudG9KU09OKHRydWUpXHJcbiAgICApO1xyXG4gICAgY29uc3QgY2lwaGVyID0gYXdhaXQgdGhpcy5lbmNyeXB0VG9TdHJpbmcoa2V5LCBjaXBoZXJDbGVhckpzb24pO1xyXG5cclxuICAgIHJldHVybiB7XHJcbiAgICAgIGtleSxcclxuICAgICAgd3JhcHBpbmdLZXlJZCxcclxuICAgICAgd3JhcHBlZEtleSxcclxuICAgICAgY2lwaGVyLFxyXG4gICAgfTtcclxuICB9XHJcbn1cclxuIl19