@lifeready/core 1.0.12 → 1.0.15

package/esm2015/lib/cryptography/key.service.js

@@ -1,124 +1,124 @@
-import { __awaiter } from "tslib";
-import { Inject, Injectable } from '@angular/core';
-import { LrNotFoundException } from '../_common/exceptions';
-import { PersistService } from '../api/persist.service';
-import { KeyFactoryService as KFS } from './key-factory.service';
-import { LR_CONFIG } from '../life-ready.config';
-import * as i0 from "@angular/core";
-import * as i1 from "../life-ready.config";
-import * as i2 from "../api/persist.service";
-export class UserKeys {
-}
-export class KeyService {
-    constructor(config, persistService) {
-        this.config = config;
-        this.persistService = persistService;
-        this.STORE_MASTER_KEY = 'masterKey';
-        // AZ: This can't be change easily. It's basically a PassK or PassIdp rotation.
-        // todo: we should eventually increase this periodically to match with Moore's law.
-        // The iterations for each key are kept by the server as well but we assume the value
-        // from the server is not trustworthy, so need to have minimum thresholds here.
-        // If creating new keys, these minimum are used.
-        this.MIN_PASS_IDP_PBKDF_ITER = 100000;
-        this.MIN_PASS_KEY_PBKDF_ITER = 100000;
-        this.MIN_LBOP_KEY_PBKDF_ITER = 100000;
-        // These are used as the default values. They must be larger than the minimum values.
-        this.DEFAULT_PASS_IDP_PBKDF_ITER = this.MIN_PASS_IDP_PBKDF_ITER;
-        this.DEFAULT_PASS_KEY_PBKDF_ITER = this.MIN_PASS_KEY_PBKDF_ITER;
-        this.DEFAULT_LBOP_KEY_PBKDF_ITER = this.MIN_LBOP_KEY_PBKDF_ITER;
-        this.resetKeys();
-    }
-    resetKeys() {
-        this.keys = null;
-        this.masterKey = null;
-    }
-    purgeKeys() {
-        this.resetKeys();
-        this.persistService.clear();
-    }
-    populateKeys(keys) {
-        this.keys = keys;
-    }
-    getCurrentPassKey() {
-        return this.keys.passKey;
-    }
-    getCurrentMasterKey() {
-        return this.keys.masterKey;
-    }
-    getCurrentRootKey() {
-        return this.keys.rootKey;
-    }
-    getCurrentPxk() {
-        return this.keys.pxk;
-    }
-    getCurrentSigPxk() {
-        return this.keys.sigPxk;
-    }
-    expiresAfter(seconds) {
-        return new Date(Date.now() + 1000 * seconds);
-    }
-    persistMasterKey(masterKey, expiresAfterSeconds) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const storedKey = {
-                id: masterKey.id,
-                jwk: masterKey.jwk.toJSON(true),
-            };
-            this.masterKey = masterKey;
-            // Save in an expirable cookie.
-            yield this.persistService.set({
-                name: this.STORE_MASTER_KEY,
-                value: storedKey,
-                expiry: this.expiresAfter(expiresAfterSeconds),
-                serverSession: !this.config.disableSessionEncryptionKey,
-            });
-        });
-    }
-    setMasterKeyExpiresAfterSeconds(seconds) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const storedKey = yield this.persistService.get(this.STORE_MASTER_KEY);
-            if (storedKey == null) {
-                throw new LrNotFoundException(`Can not find masterKey in persisted storage using name: ${this.STORE_MASTER_KEY}`);
-            }
-            yield this.persistService.set({
-                name: this.STORE_MASTER_KEY,
-                value: storedKey,
-                expiry: this.expiresAfter(seconds),
-                serverSession: !this.config.disableSessionEncryptionKey,
-            });
-        });
-    }
-    // There's little benefit in using WebCrypto's none-extractable keys because if there
-    // is an XSS attack, then the attacker has control over the js that downloads the keys. The
-    // attacker can modify the code to import the keys as extractable. So none-extractable keys
-    // are only useful if they are already persisted and the user cannot download any more keys,
-    // which is not feasible.
-    // So storing the PassKey in localstorage for now, at least till we know what the usage
-    // pattern is, i.e. how often do we need to use the RootK, MaterK, and PassK.
-    loadMasterKey(masterKeyId) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!this.masterKey) {
-                const storedKey = yield this.persistService.get(this.STORE_MASTER_KEY);
-                if (!storedKey) {
-                    throw new LrNotFoundException('Could not find masterKey in persisted storage');
-                }
-                if (storedKey.id !== masterKeyId) {
-                    throw new LrNotFoundException(`masterKeyId ${storedKey.id} in persisted storage does not match the one requested ${masterKeyId}`);
-                }
-                storedKey.jwk = yield KFS.asKey(storedKey.jwk);
-                this.masterKey = storedKey;
-            }
-            return this.masterKey;
-        });
-    }
-}
-KeyService.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyService_Factory() { return new KeyService(i0.ɵɵinject(i1.LR_CONFIG), i0.ɵɵinject(i2.PersistService)); }, token: KeyService, providedIn: "root" });
-KeyService.decorators = [
-    { type: Injectable, args: [{
-                providedIn: 'root',
-            },] }
-];
-KeyService.ctorParameters = () => [
-    { type: undefined, decorators: [{ type: Inject, args: [LR_CONFIG,] }] },
-    { type: PersistService }
-];
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiL29wdC9hdGxhc3NpYW4vcGlwZWxpbmVzL2FnZW50L2J1aWxkL3Byb2plY3RzL2NvcmUvc3JjLyIsInNvdXJjZXMiOlsibGliL2NyeXB0b2dyYXBoeS9rZXkuc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsT0FBTyxFQUFFLE1BQU0sRUFBRSxVQUFVLEVBQUUsTUFBTSxlQUFlLENBQUM7QUFFbkQsT0FBTyxFQUFFLG1CQUFtQixFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDNUQsT0FBTyxFQUFFLGNBQWMsRUFBRSxNQUFNLHdCQUF3QixDQUFDO0FBQ3hELE9BQU8sRUFBRSxpQkFBaUIsSUFBSSxHQUFHLEVBQUUsTUFBTSx1QkFBdUIsQ0FBQztBQUNqRSxPQUFPLEVBQW1CLFNBQVMsRUFBRSxNQUFNLHNCQUFzQixDQUFDOzs7O0FBRWxFLE1BQU0sT0FBTyxRQUFRO0NBTXBCO0FBVUQsTUFBTSxPQUFPLFVBQVU7SUFvQnJCLFlBQzZCLE1BQXVCLEVBQzFDLGNBQThCO1FBRFgsV0FBTSxHQUFOLE1BQU0sQ0FBaUI7UUFDMUMsbUJBQWMsR0FBZCxjQUFjLENBQWdCO1FBckJ2QixxQkFBZ0IsR0FBRyxXQUFXLENBQUM7UUFLaEQsK0VBQStFO1FBQy9FLG1GQUFtRjtRQUNuRixxRkFBcUY7UUFDckYsK0VBQStFO1FBQy9FLGdEQUFnRDtRQUNoQyw0QkFBdUIsR0FBRyxNQUFNLENBQUM7UUFDakMsNEJBQXVCLEdBQUcsTUFBTSxDQUFDO1FBQ2pDLDRCQUF1QixHQUFHLE1BQU0sQ0FBQztRQUVqRCxxRkFBcUY7UUFDckUsZ0NBQTJCLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixDQUFDO1FBQzNELGdDQUEyQixHQUFHLElBQUksQ0FBQyx1QkFBdUIsQ0FBQztRQUMzRCxnQ0FBMkIsR0FBRyxJQUFJLENBQUMsdUJBQXVCLENBQUM7UUFNekUsSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO0lBQ25CLENBQUM7SUFFRCxTQUFTO1FBQ1AsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUM7UUFDakIsSUFBSSxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUM7SUFDeEIsQ0FBQztJQUVELFNBQVM7UUFDUCxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7UUFDakIsSUFBSSxDQUFDLGNBQWMsQ0FBQyxLQUFLLEVBQUUsQ0FBQztJQUM5QixDQUFDO0lBRUQsWUFBWSxDQUFDLElBQWM7UUFDekIsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUM7SUFDbkIsQ0FBQztJQUVNLGlCQUFpQjtRQUN0QixPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDO0lBQzNCLENBQUM7SUFFTSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQztJQUM3QixDQUFDO0lBRU0saUJBQWlCO1FBQ3RCLE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUM7SUFDM0IsQ0FBQztJQUVNLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQztJQUN2QixDQUFDO0lBRU0sZ0JBQWdCO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUM7SUFDMUIsQ0FBQztJQUVPLFlBQVksQ0FBQyxPQUFlO1FBQ2xDLE9BQU8sSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUksR0FBRyxPQUFPLENBQUMsQ0FBQztJQUMvQyxDQUFDO0lBRUssZ0JBQWdCLENBQ3BCLFNBQWMsRUFDZCxtQkFBMkI7O1lBRTNCLE1BQU0sU0FBUyxHQUFHO2dCQUNoQixFQUFFLEVBQUUsU0FBUyxDQUFDLEVBQUU7Z0JBQ2hCLEdBQUcsRUFBRSxTQUFTLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUM7YUFDaEMsQ0FBQztZQUVGLElBQUksQ0FBQyxTQUFTLEdBQUcsU0FBUyxDQUFDO1lBRTNCLCtCQUErQjtZQUMvQixNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDO2dCQUM1QixJQUFJLEVBQUUsSUFBSSxDQUFDLGdCQUFnQjtnQkFDM0IsS0FBSyxFQUFFLFNBQVM7Z0JBQ2hCLE1BQU0sRUFBRSxJQUFJLENBQUMsWUFBWSxDQUFDLG1CQUFtQixDQUFDO2dCQUM5QyxhQUFhLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLDJCQUEyQjthQUN4RCxDQUFDLENBQUM7UUFDTCxDQUFDO0tBQUE7SUFFSywrQkFBK0IsQ0FBQyxPQUFlOztZQUNuRCxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1lBQ3ZFLElBQUksU0FBUyxJQUFJLElBQUksRUFBRTtnQkFDckIsTUFBTSxJQUFJLG1CQUFtQixDQUMzQiwyREFBMkQsSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQ25GLENBQUM7YUFDSDtZQUNELE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxHQUFHLENBQUM7Z0JBQzVCLElBQUksRUFBRSxJQUFJLENBQUMsZ0JBQWdCO2dCQUMzQixLQUFLLEVBQUUsU0FBUztnQkFDaEIsTUFBTSxFQUFFLElBQUksQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDO2dCQUNsQyxhQUFhLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLDJCQUEyQjthQUN4RCxDQUFDLENBQUM7UUFDTCxDQUFDO0tBQUE7SUFFRCxxRkFBcUY7SUFDckYsMkZBQTJGO0lBQzNGLDJGQUEyRjtJQUMzRiw0RkFBNEY7SUFDNUYseUJBQXlCO0lBQ3pCLHVGQUF1RjtJQUN2Riw2RUFBNkU7SUFDdkUsYUFBYSxDQUFDLFdBQW1COztZQUNyQyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRTtnQkFDbkIsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztnQkFFdkUsSUFBSSxDQUFDLFNBQVMsRUFBRTtvQkFDZCxNQUFNLElBQUksbUJBQW1CLENBQzNCLCtDQUErQyxDQUNoRCxDQUFDO2lCQUNIO2dCQUVELElBQUksU0FBUyxDQUFDLEVBQUUsS0FBSyxXQUFXLEVBQUU7b0JBQ2hDLE1BQU0sSUFBSSxtQkFBbUIsQ0FDM0IsZUFBZSxTQUFTLENBQUMsRUFBRSwwREFBMEQsV0FBVyxFQUFFLENBQ25HLENBQUM7aUJBQ0g7Z0JBRUQsU0FBUyxDQUFDLEdBQUcsR0FBRyxNQUFNLEdBQUcsQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxDQUFDO2dCQUUvQyxJQUFJLENBQUMsU0FBUyxHQUFHLFNBQVMsQ0FBQzthQUM1QjtZQUVELE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQztRQUN4QixDQUFDO0tBQUE7Ozs7WUFwSUYsVUFBVSxTQUFDO2dCQUNWLFVBQVUsRUFBRSxNQUFNO2FBQ25COzs7NENBc0JJLE1BQU0sU0FBQyxTQUFTO1lBekNaLGNBQWMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBJbmplY3QsIEluamVjdGFibGUgfSBmcm9tICdAYW5ndWxhci9jb3JlJztcbmltcG9ydCB7IEtleSwgUGFzc0tleSB9IGZyb20gJy4vY3J5cHRvZ3JhcGh5LnR5cGVzJztcbmltcG9ydCB7IExyTm90Rm91bmRFeGNlcHRpb24gfSBmcm9tICcuLi9fY29tbW9uL2V4Y2VwdGlvbnMnO1xuaW1wb3J0IHsgUGVyc2lzdFNlcnZpY2UgfSBmcm9tICcuLi9hcGkvcGVyc2lzdC5zZXJ2aWNlJztcbmltcG9ydCB7IEtleUZhY3RvcnlTZXJ2aWNlIGFzIEtGUyB9IGZyb20gJy4va2V5LWZhY3Rvcnkuc2VydmljZSc7XG5pbXBvcnQgeyBMaWZlUmVhZHlDb25maWcsIExSX0NPTkZJRyB9IGZyb20gJy4uL2xpZmUtcmVhZHkuY29uZmlnJztcblxuZXhwb3J0IGNsYXNzIFVzZXJLZXlzIHtcbiAgcGFzc0tleTogUGFzc0tleTtcbiAgbWFzdGVyS2V5OiBLZXk7XG4gIHJvb3RLZXk/OiBLZXk7XG4gIHB4az86IEtleTtcbiAgc2lnUHhrPzogS2V5O1xufVxuXG5pbnRlcmZhY2UgU3RvcmVkUGFzc0tleSB7XG4gIGlkOiBzdHJpbmc7XG4gIGp3azogb2JqZWN0O1xufVxuXG5ASW5qZWN0YWJsZSh7XG4gIHByb3ZpZGVkSW46ICdyb290Jyxcbn0pXG5leHBvcnQgY2xhc3MgS2V5U2VydmljZSB7XG4gIHByaXZhdGUgcmVhZG9ubHkgU1RPUkVfTUFTVEVSX0tFWSA9ICdtYXN0ZXJLZXknO1xuICAvLyB2YXJpYWJsZXNcbiAgcHJpdmF0ZSBrZXlzOiBVc2VyS2V5cztcbiAgcHJpdmF0ZSBtYXN0ZXJLZXk6IEtleTtcblxuICAvLyBBWjogVGhpcyBjYW4ndCBiZSBjaGFuZ2UgZWFzaWx5LiBJdCdzIGJhc2ljYWxseSBhIFBhc3NLIG9yIFBhc3NJZHAgcm90YXRpb24uXG4gIC8vIHRvZG86IHdlIHNob3VsZCBldmVudHVhbGx5IGluY3JlYXNlIHRoaXMgcGVyaW9kaWNhbGx5IHRvIG1hdGNoIHdpdGggTW9vcmUncyBsYXcuXG4gIC8vIFRoZSBpdGVyYXRpb25zIGZvciBlYWNoIGtleSBhcmUga2VwdCBieSB0aGUgc2VydmVyIGFzIHdlbGwgYnV0IHdlIGFzc3VtZSB0aGUgdmFsdWVcbiAgLy8gZnJvbSB0aGUgc2VydmVyIGlzIG5vdCB0cnVzdHdvcnRoeSwgc28gbmVlZCB0byBoYXZlIG1pbmltdW0gdGhyZXNob2xkcyBoZXJlLlxuICAvLyBJZiBjcmVhdGluZyBuZXcga2V5cywgdGhlc2UgbWluaW11bSBhcmUgdXNlZC5cbiAgcHVibGljIHJlYWRvbmx5IE1JTl9QQVNTX0lEUF9QQktERl9JVEVSID0gMTAwMDAwO1xuICBwdWJsaWMgcmVhZG9ubHkgTUlOX1BBU1NfS0VZX1BCS0RGX0lURVIgPSAxMDAwMDA7XG4gIHB1YmxpYyByZWFkb25seSBNSU5fTEJPUF9LRVlfUEJLREZfSVRFUiA9IDEwMDAwMDtcblxuICAvLyBUaGVzZSBhcmUgdXNlZCBhcyB0aGUgZGVmYXVsdCB2YWx1ZXMuIFRoZXkgbXVzdCBiZSBsYXJnZXIgdGhhbiB0aGUgbWluaW11bSB2YWx1ZXMuXG4gIHB1YmxpYyByZWFkb25seSBERUZBVUxUX1BBU1NfSURQX1BCS0RGX0lURVIgPSB0aGlzLk1JTl9QQVNTX0lEUF9QQktERl9JVEVSO1xuICBwdWJsaWMgcmVhZG9ubHkgREVGQVVMVF9QQVNTX0tFWV9QQktERl9JVEVSID0gdGhpcy5NSU5fUEFTU19LRVlfUEJLREZfSVRFUjtcbiAgcHVibGljIHJlYWRvbmx5IERFRkFVTFRfTEJPUF9LRVlfUEJLREZfSVRFUiA9IHRoaXMuTUlOX0xCT1BfS0VZX1BCS0RGX0lURVI7XG5cbiAgY29uc3RydWN0b3IoXG4gICAgQEluamVjdChMUl9DT05GSUcpIHByaXZhdGUgY29uZmlnOiBMaWZlUmVhZHlDb25maWcsXG4gICAgcHJpdmF0ZSBwZXJzaXN0U2VydmljZTogUGVyc2lzdFNlcnZpY2VcbiAgKSB7XG4gICAgdGhpcy5yZXNldEtleXMoKTtcbiAgfVxuXG4gIHJlc2V0S2V5cygpIHtcbiAgICB0aGlzLmtleXMgPSBudWxsO1xuICAgIHRoaXMubWFzdGVyS2V5ID0gbnVsbDtcbiAgfVxuXG4gIHB1cmdlS2V5cygpIHtcbiAgICB0aGlzLnJlc2V0S2V5cygpO1xuICAgIHRoaXMucGVyc2lzdFNlcnZpY2UuY2xlYXIoKTtcbiAgfVxuXG4gIHBvcHVsYXRlS2V5cyhrZXlzOiBVc2VyS2V5cykge1xuICAgIHRoaXMua2V5cyA9IGtleXM7XG4gIH1cblxuICBwdWJsaWMgZ2V0Q3VycmVudFBhc3NLZXkoKTogS2V5IHtcbiAgICByZXR1cm4gdGhpcy5rZXlzLnBhc3NLZXk7XG4gIH1cblxuICBwdWJsaWMgZ2V0Q3VycmVudE1hc3RlcktleSgpOiBLZXkge1xuICAgIHJldHVybiB0aGlzLmtleXMubWFzdGVyS2V5O1xuICB9XG5cbiAgcHVibGljIGdldEN1cnJlbnRSb290S2V5KCk6IEtleSB7XG4gICAgcmV0dXJuIHRoaXMua2V5cy5yb290S2V5O1xuICB9XG5cbiAgcHVibGljIGdldEN1cnJlbnRQeGsoKTogS2V5IHtcbiAgICByZXR1cm4gdGhpcy5rZXlzLnB4aztcbiAgfVxuXG4gIHB1YmxpYyBnZXRDdXJyZW50U2lnUHhrKCk6IEtleSB7XG4gICAgcmV0dXJuIHRoaXMua2V5cy5zaWdQeGs7XG4gIH1cblxuICBwcml2YXRlIGV4cGlyZXNBZnRlcihzZWNvbmRzOiBudW1iZXIpOiBEYXRlIHtcbiAgICByZXR1cm4gbmV3IERhdGUoRGF0ZS5ub3coKSArIDEwMDAgKiBzZWNvbmRzKTtcbiAgfVxuXG4gIGFzeW5jIHBlcnNpc3RNYXN0ZXJLZXkoXG4gICAgbWFzdGVyS2V5OiBLZXksXG4gICAgZXhwaXJlc0FmdGVyU2Vjb25kczogbnVtYmVyXG4gICk6IFByb21pc2U8dm9pZD4ge1xuICAgIGNvbnN0IHN0b3JlZEtleSA9IHtcbiAgICAgIGlkOiBtYXN0ZXJLZXkuaWQsXG4gICAgICBqd2s6IG1hc3RlcktleS5qd2sudG9KU09OKHRydWUpLFxuICAgIH07XG5cbiAgICB0aGlzLm1hc3RlcktleSA9IG1hc3RlcktleTtcblxuICAgIC8vIFNhdmUgaW4gYW4gZXhwaXJhYmxlIGNvb2tpZS5cbiAgICBhd2FpdCB0aGlzLnBlcnNpc3RTZXJ2aWNlLnNldCh7XG4gICAgICBuYW1lOiB0aGlzLlNUT1JFX01BU1RFUl9LRVksXG4gICAgICB2YWx1ZTogc3RvcmVkS2V5LFxuICAgICAgZXhwaXJ5OiB0aGlzLmV4cGlyZXNBZnRlcihleHBpcmVzQWZ0ZXJTZWNvbmRzKSxcbiAgICAgIHNlcnZlclNlc3Npb246ICF0aGlzLmNvbmZpZy5kaXNhYmxlU2Vzc2lvbkVuY3J5cHRpb25LZXksXG4gICAgfSk7XG4gIH1cblxuICBhc3luYyBzZXRNYXN0ZXJLZXlFeHBpcmVzQWZ0ZXJTZWNvbmRzKHNlY29uZHM6IG51bWJlcik6IFByb21pc2U8dm9pZD4ge1xuICAgIGNvbnN0IHN0b3JlZEtleSA9IGF3YWl0IHRoaXMucGVyc2lzdFNlcnZpY2UuZ2V0KHRoaXMuU1RPUkVfTUFTVEVSX0tFWSk7XG4gICAgaWYgKHN0b3JlZEtleSA9PSBudWxsKSB7XG4gICAgICB0aHJvdyBuZXcgTHJOb3RGb3VuZEV4Y2VwdGlvbihcbiAgICAgICAgYENhbiBub3QgZmluZCBtYXN0ZXJLZXkgaW4gcGVyc2lzdGVkIHN0b3JhZ2UgdXNpbmcgbmFtZTogJHt0aGlzLlNUT1JFX01BU1RFUl9LRVl9YFxuICAgICAgKTtcbiAgICB9XG4gICAgYXdhaXQgdGhpcy5wZXJzaXN0U2VydmljZS5zZXQoe1xuICAgICAgbmFtZTogdGhpcy5TVE9SRV9NQVNURVJfS0VZLFxuICAgICAgdmFsdWU6IHN0b3JlZEtleSxcbiAgICAgIGV4cGlyeTogdGhpcy5leHBpcmVzQWZ0ZXIoc2Vjb25kcyksXG4gICAgICBzZXJ2ZXJTZXNzaW9uOiAhdGhpcy5jb25maWcuZGlzYWJsZVNlc3Npb25FbmNyeXB0aW9uS2V5LFxuICAgIH0pO1xuICB9XG5cbiAgLy8gVGhlcmUncyBsaXR0bGUgYmVuZWZpdCBpbiB1c2luZyBXZWJDcnlwdG8ncyBub25lLWV4dHJhY3RhYmxlIGtleXMgYmVjYXVzZSBpZiB0aGVyZVxuICAvLyBpcyBhbiBYU1MgYXR0YWNrLCB0aGVuIHRoZSBhdHRhY2tlciBoYXMgY29udHJvbCBvdmVyIHRoZSBqcyB0aGF0IGRvd25sb2FkcyB0aGUga2V5cy4gVGhlXG4gIC8vIGF0dGFja2VyIGNhbiBtb2RpZnkgdGhlIGNvZGUgdG8gaW1wb3J0IHRoZSBrZXlzIGFzIGV4dHJhY3RhYmxlLiBTbyBub25lLWV4dHJhY3RhYmxlIGtleXNcbiAgLy8gYXJlIG9ubHkgdXNlZnVsIGlmIHRoZXkgYXJlIGFscmVhZHkgcGVyc2lzdGVkIGFuZCB0aGUgdXNlciBjYW5ub3QgZG93bmxvYWQgYW55IG1vcmUga2V5cyxcbiAgLy8gd2hpY2ggaXMgbm90IGZlYXNpYmxlLlxuICAvLyBTbyBzdG9yaW5nIHRoZSBQYXNzS2V5IGluIGxvY2Fsc3RvcmFnZSBmb3Igbm93LCBhdCBsZWFzdCB0aWxsIHdlIGtub3cgd2hhdCB0aGUgdXNhZ2VcbiAgLy8gcGF0dGVybiBpcywgaS5lLiBob3cgb2Z0ZW4gZG8gd2UgbmVlZCB0byB1c2UgdGhlIFJvb3RLLCBNYXRlckssIGFuZCBQYXNzSy5cbiAgYXN5bmMgbG9hZE1hc3RlcktleShtYXN0ZXJLZXlJZDogc3RyaW5nKTogUHJvbWlzZTxLZXk+IHtcbiAgICBpZiAoIXRoaXMubWFzdGVyS2V5KSB7XG4gICAgICBjb25zdCBzdG9yZWRLZXkgPSBhd2FpdCB0aGlzLnBlcnNpc3RTZXJ2aWNlLmdldCh0aGlzLlNUT1JFX01BU1RFUl9LRVkpO1xuXG4gICAgICBpZiAoIXN0b3JlZEtleSkge1xuICAgICAgICB0aHJvdyBuZXcgTHJOb3RGb3VuZEV4Y2VwdGlvbihcbiAgICAgICAgICAnQ291bGQgbm90IGZpbmQgbWFzdGVyS2V5IGluIHBlcnNpc3RlZCBzdG9yYWdlJ1xuICAgICAgICApO1xuICAgICAgfVxuXG4gICAgICBpZiAoc3RvcmVkS2V5LmlkICE9PSBtYXN0ZXJLZXlJZCkge1xuICAgICAgICB0aHJvdyBuZXcgTHJOb3RGb3VuZEV4Y2VwdGlvbihcbiAgICAgICAgICBgbWFzdGVyS2V5SWQgJHtzdG9yZWRLZXkuaWR9IGluIHBlcnNpc3RlZCBzdG9yYWdlIGRvZXMgbm90IG1hdGNoIHRoZSBvbmUgcmVxdWVzdGVkICR7bWFzdGVyS2V5SWR9YFxuICAgICAgICApO1xuICAgICAgfVxuXG4gICAgICBzdG9yZWRLZXkuandrID0gYXdhaXQgS0ZTLmFzS2V5KHN0b3JlZEtleS5qd2spO1xuXG4gICAgICB0aGlzLm1hc3RlcktleSA9IHN0b3JlZEtleTtcbiAgICB9XG5cbiAgICByZXR1cm4gdGhpcy5tYXN0ZXJLZXk7XG4gIH1cbn1cbiJdfQ==
+import { __awaiter } from "tslib";
+import { Inject, Injectable } from '@angular/core';
+import { LrNotFoundException } from '../_common/exceptions';
+import { PersistService } from '../api/persist.service';
+import { KeyFactoryService as KFS } from './key-factory.service';
+import { LR_CONFIG } from '../life-ready.config';
+import * as i0 from "@angular/core";
+import * as i1 from "../life-ready.config";
+import * as i2 from "../api/persist.service";
+export class UserKeys {
+}
+export class KeyService {
+    constructor(config, persistService) {
+        this.config = config;
+        this.persistService = persistService;
+        this.STORE_MASTER_KEY = 'masterKey';
+        // AZ: This can't be change easily. It's basically a PassK or PassIdp rotation.
+        // todo: we should eventually increase this periodically to match with Moore's law.
+        // The iterations for each key are kept by the server as well but we assume the value
+        // from the server is not trustworthy, so need to have minimum thresholds here.
+        // If creating new keys, these minimum are used.
+        this.MIN_PASS_IDP_PBKDF_ITER = 100000;
+        this.MIN_PASS_KEY_PBKDF_ITER = 100000;
+        this.MIN_LBOP_KEY_PBKDF_ITER = 100000;
+        // These are used as the default values. They must be larger than the minimum values.
+        this.DEFAULT_PASS_IDP_PBKDF_ITER = this.MIN_PASS_IDP_PBKDF_ITER;
+        this.DEFAULT_PASS_KEY_PBKDF_ITER = this.MIN_PASS_KEY_PBKDF_ITER;
+        this.DEFAULT_LBOP_KEY_PBKDF_ITER = this.MIN_LBOP_KEY_PBKDF_ITER;
+        this.resetKeys();
+    }
+    resetKeys() {
+        this.keys = null;
+        this.masterKey = null;
+    }
+    purgeKeys() {
+        this.resetKeys();
+        this.persistService.clear();
+    }
+    populateKeys(keys) {
+        this.keys = keys;
+    }
+    getCurrentPassKey() {
+        return this.keys.passKey;
+    }
+    getCurrentMasterKey() {
+        return this.keys.masterKey;
+    }
+    getCurrentRootKey() {
+        return this.keys.rootKey;
+    }
+    getCurrentPxk() {
+        return this.keys.pxk;
+    }
+    getCurrentSigPxk() {
+        return this.keys.sigPxk;
+    }
+    expiresAfter(seconds) {
+        return new Date(Date.now() + 1000 * seconds);
+    }
+    persistMasterKey(masterKey, expiresAfterSeconds) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const storedKey = {
+                id: masterKey.id,
+                jwk: masterKey.jwk.toJSON(true),
+            };
+            this.masterKey = masterKey;
+            // Save in an expirable cookie.
+            yield this.persistService.set({
+                name: this.STORE_MASTER_KEY,
+                value: storedKey,
+                expiry: this.expiresAfter(expiresAfterSeconds),
+                serverSession: !this.config.disableSessionEncryptionKey,
+            });
+        });
+    }
+    setMasterKeyExpiresAfterSeconds(seconds) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const storedKey = yield this.persistService.get(this.STORE_MASTER_KEY);
+            if (storedKey == null) {
+                throw new LrNotFoundException(`Can not find masterKey in persisted storage using name: ${this.STORE_MASTER_KEY}`);
+            }
+            yield this.persistService.set({
+                name: this.STORE_MASTER_KEY,
+                value: storedKey,
+                expiry: this.expiresAfter(seconds),
+                serverSession: !this.config.disableSessionEncryptionKey,
+            });
+        });
+    }
+    // There's little benefit in using WebCrypto's none-extractable keys because if there
+    // is an XSS attack, then the attacker has control over the js that downloads the keys. The
+    // attacker can modify the code to import the keys as extractable. So none-extractable keys
+    // are only useful if they are already persisted and the user cannot download any more keys,
+    // which is not feasible.
+    // So storing the PassKey in localstorage for now, at least till we know what the usage
+    // pattern is, i.e. how often do we need to use the RootK, MaterK, and PassK.
+    loadMasterKey(masterKeyId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!this.masterKey) {
+                const storedKey = yield this.persistService.get(this.STORE_MASTER_KEY);
+                if (!storedKey) {
+                    throw new LrNotFoundException('Could not find masterKey in persisted storage');
+                }
+                if (storedKey.id !== masterKeyId) {
+                    throw new LrNotFoundException(`masterKeyId ${storedKey.id} in persisted storage does not match the one requested ${masterKeyId}`);
+                }
+                storedKey.jwk = yield KFS.asKey(storedKey.jwk);
+                this.masterKey = storedKey;
+            }
+            return this.masterKey;
+        });
+    }
+}
+KeyService.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyService_Factory() { return new KeyService(i0.ɵɵinject(i1.LR_CONFIG), i0.ɵɵinject(i2.PersistService)); }, token: KeyService, providedIn: "root" });
+KeyService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+KeyService.ctorParameters = () => [
+    { type: undefined, decorators: [{ type: Inject, args: [LR_CONFIG,] }] },
+    { type: PersistService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiQzovUHJvamVjdHMva2MtY2xpZW50L3Byb2plY3RzL2NvcmUvc3JjLyIsInNvdXJjZXMiOlsibGliL2NyeXB0b2dyYXBoeS9rZXkuc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsT0FBTyxFQUFFLE1BQU0sRUFBRSxVQUFVLEVBQUUsTUFBTSxlQUFlLENBQUM7QUFFbkQsT0FBTyxFQUFFLG1CQUFtQixFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDNUQsT0FBTyxFQUFFLGNBQWMsRUFBRSxNQUFNLHdCQUF3QixDQUFDO0FBQ3hELE9BQU8sRUFBRSxpQkFBaUIsSUFBSSxHQUFHLEVBQUUsTUFBTSx1QkFBdUIsQ0FBQztBQUNqRSxPQUFPLEVBQW1CLFNBQVMsRUFBRSxNQUFNLHNCQUFzQixDQUFDOzs7O0FBRWxFLE1BQU0sT0FBTyxRQUFRO0NBTXBCO0FBVUQsTUFBTSxPQUFPLFVBQVU7SUFvQnJCLFlBQzZCLE1BQXVCLEVBQzFDLGNBQThCO1FBRFgsV0FBTSxHQUFOLE1BQU0sQ0FBaUI7UUFDMUMsbUJBQWMsR0FBZCxjQUFjLENBQWdCO1FBckJ2QixxQkFBZ0IsR0FBRyxXQUFXLENBQUM7UUFLaEQsK0VBQStFO1FBQy9FLG1GQUFtRjtRQUNuRixxRkFBcUY7UUFDckYsK0VBQStFO1FBQy9FLGdEQUFnRDtRQUNoQyw0QkFBdUIsR0FBRyxNQUFNLENBQUM7UUFDakMsNEJBQXVCLEdBQUcsTUFBTSxDQUFDO1FBQ2pDLDRCQUF1QixHQUFHLE1BQU0sQ0FBQztRQUVqRCxxRkFBcUY7UUFDckUsZ0NBQTJCLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixDQUFDO1FBQzNELGdDQUEyQixHQUFHLElBQUksQ0FBQyx1QkFBdUIsQ0FBQztRQUMzRCxnQ0FBMkIsR0FBRyxJQUFJLENBQUMsdUJBQXVCLENBQUM7UUFNekUsSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO0lBQ25CLENBQUM7SUFFRCxTQUFTO1FBQ1AsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUM7UUFDakIsSUFBSSxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUM7SUFDeEIsQ0FBQztJQUVELFNBQVM7UUFDUCxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7UUFDakIsSUFBSSxDQUFDLGNBQWMsQ0FBQyxLQUFLLEVBQUUsQ0FBQztJQUM5QixDQUFDO0lBRUQsWUFBWSxDQUFDLElBQWM7UUFDekIsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUM7SUFDbkIsQ0FBQztJQUVNLGlCQUFpQjtRQUN0QixPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDO0lBQzNCLENBQUM7SUFFTSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQztJQUM3QixDQUFDO0lBRU0saUJBQWlCO1FBQ3RCLE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUM7SUFDM0IsQ0FBQztJQUVNLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQztJQUN2QixDQUFDO0lBRU0sZ0JBQWdCO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUM7SUFDMUIsQ0FBQztJQUVPLFlBQVksQ0FBQyxPQUFlO1FBQ2xDLE9BQU8sSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUksR0FBRyxPQUFPLENBQUMsQ0FBQztJQUMvQyxDQUFDO0lBRUssZ0JBQWdCLENBQ3BCLFNBQWMsRUFDZCxtQkFBMkI7O1lBRTNCLE1BQU0sU0FBUyxHQUFHO2dCQUNoQixFQUFFLEVBQUUsU0FBUyxDQUFDLEVBQUU7Z0JBQ2hCLEdBQUcsRUFBRSxTQUFTLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUM7YUFDaEMsQ0FBQztZQUVGLElBQUksQ0FBQyxTQUFTLEdBQUcsU0FBUyxDQUFDO1lBRTNCLCtCQUErQjtZQUMvQixNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDO2dCQUM1QixJQUFJLEVBQUUsSUFBSSxDQUFDLGdCQUFnQjtnQkFDM0IsS0FBSyxFQUFFLFNBQVM7Z0JBQ2hCLE1BQU0sRUFBRSxJQUFJLENBQUMsWUFBWSxDQUFDLG1CQUFtQixDQUFDO2dCQUM5QyxhQUFhLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLDJCQUEyQjthQUN4RCxDQUFDLENBQUM7UUFDTCxDQUFDO0tBQUE7SUFFSywrQkFBK0IsQ0FBQyxPQUFlOztZQUNuRCxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1lBQ3ZFLElBQUksU0FBUyxJQUFJLElBQUksRUFBRTtnQkFDckIsTUFBTSxJQUFJLG1CQUFtQixDQUMzQiwyREFBMkQsSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQ25GLENBQUM7YUFDSDtZQUNELE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxHQUFHLENBQUM7Z0JBQzVCLElBQUksRUFBRSxJQUFJLENBQUMsZ0JBQWdCO2dCQUMzQixLQUFLLEVBQUUsU0FBUztnQkFDaEIsTUFBTSxFQUFFLElBQUksQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDO2dCQUNsQyxhQUFhLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLDJCQUEyQjthQUN4RCxDQUFDLENBQUM7UUFDTCxDQUFDO0tBQUE7SUFFRCxxRkFBcUY7SUFDckYsMkZBQTJGO0lBQzNGLDJGQUEyRjtJQUMzRiw0RkFBNEY7SUFDNUYseUJBQXlCO0lBQ3pCLHVGQUF1RjtJQUN2Riw2RUFBNkU7SUFDdkUsYUFBYSxDQUFDLFdBQW1COztZQUNyQyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRTtnQkFDbkIsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztnQkFFdkUsSUFBSSxDQUFDLFNBQVMsRUFBRTtvQkFDZCxNQUFNLElBQUksbUJBQW1CLENBQzNCLCtDQUErQyxDQUNoRCxDQUFDO2lCQUNIO2dCQUVELElBQUksU0FBUyxDQUFDLEVBQUUsS0FBSyxXQUFXLEVBQUU7b0JBQ2hDLE1BQU0sSUFBSSxtQkFBbUIsQ0FDM0IsZUFBZSxTQUFTLENBQUMsRUFBRSwwREFBMEQsV0FBVyxFQUFFLENBQ25HLENBQUM7aUJBQ0g7Z0JBRUQsU0FBUyxDQUFDLEdBQUcsR0FBRyxNQUFNLEdBQUcsQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxDQUFDO2dCQUUvQyxJQUFJLENBQUMsU0FBUyxHQUFHLFNBQVMsQ0FBQzthQUM1QjtZQUVELE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQztRQUN4QixDQUFDO0tBQUE7Ozs7WUFwSUYsVUFBVSxTQUFDO2dCQUNWLFVBQVUsRUFBRSxNQUFNO2FBQ25COzs7NENBc0JJLE1BQU0sU0FBQyxTQUFTO1lBekNaLGNBQWMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBJbmplY3QsIEluamVjdGFibGUgfSBmcm9tICdAYW5ndWxhci9jb3JlJztcclxuaW1wb3J0IHsgS2V5LCBQYXNzS2V5IH0gZnJvbSAnLi9jcnlwdG9ncmFwaHkudHlwZXMnO1xyXG5pbXBvcnQgeyBMck5vdEZvdW5kRXhjZXB0aW9uIH0gZnJvbSAnLi4vX2NvbW1vbi9leGNlcHRpb25zJztcclxuaW1wb3J0IHsgUGVyc2lzdFNlcnZpY2UgfSBmcm9tICcuLi9hcGkvcGVyc2lzdC5zZXJ2aWNlJztcclxuaW1wb3J0IHsgS2V5RmFjdG9yeVNlcnZpY2UgYXMgS0ZTIH0gZnJvbSAnLi9rZXktZmFjdG9yeS5zZXJ2aWNlJztcclxuaW1wb3J0IHsgTGlmZVJlYWR5Q29uZmlnLCBMUl9DT05GSUcgfSBmcm9tICcuLi9saWZlLXJlYWR5LmNvbmZpZyc7XHJcblxyXG5leHBvcnQgY2xhc3MgVXNlcktleXMge1xyXG4gIHBhc3NLZXk6IFBhc3NLZXk7XHJcbiAgbWFzdGVyS2V5OiBLZXk7XHJcbiAgcm9vdEtleT86IEtleTtcclxuICBweGs/OiBLZXk7XHJcbiAgc2lnUHhrPzogS2V5O1xyXG59XHJcblxyXG5pbnRlcmZhY2UgU3RvcmVkUGFzc0tleSB7XHJcbiAgaWQ6IHN0cmluZztcclxuICBqd2s6IG9iamVjdDtcclxufVxyXG5cclxuQEluamVjdGFibGUoe1xyXG4gIHByb3ZpZGVkSW46ICdyb290JyxcclxufSlcclxuZXhwb3J0IGNsYXNzIEtleVNlcnZpY2Uge1xyXG4gIHByaXZhdGUgcmVhZG9ubHkgU1RPUkVfTUFTVEVSX0tFWSA9ICdtYXN0ZXJLZXknO1xyXG4gIC8vIHZhcmlhYmxlc1xyXG4gIHByaXZhdGUga2V5czogVXNlcktleXM7XHJcbiAgcHJpdmF0ZSBtYXN0ZXJLZXk6IEtleTtcclxuXHJcbiAgLy8gQVo6IFRoaXMgY2FuJ3QgYmUgY2hhbmdlIGVhc2lseS4gSXQncyBiYXNpY2FsbHkgYSBQYXNzSyBvciBQYXNzSWRwIHJvdGF0aW9uLlxyXG4gIC8vIHRvZG86IHdlIHNob3VsZCBldmVudHVhbGx5IGluY3JlYXNlIHRoaXMgcGVyaW9kaWNhbGx5IHRvIG1hdGNoIHdpdGggTW9vcmUncyBsYXcuXHJcbiAgLy8gVGhlIGl0ZXJhdGlvbnMgZm9yIGVhY2gga2V5IGFyZSBrZXB0IGJ5IHRoZSBzZXJ2ZXIgYXMgd2VsbCBidXQgd2UgYXNzdW1lIHRoZSB2YWx1ZVxyXG4gIC8vIGZyb20gdGhlIHNlcnZlciBpcyBub3QgdHJ1c3R3b3J0aHksIHNvIG5lZWQgdG8gaGF2ZSBtaW5pbXVtIHRocmVzaG9sZHMgaGVyZS5cclxuICAvLyBJZiBjcmVhdGluZyBuZXcga2V5cywgdGhlc2UgbWluaW11bSBhcmUgdXNlZC5cclxuICBwdWJsaWMgcmVhZG9ubHkgTUlOX1BBU1NfSURQX1BCS0RGX0lURVIgPSAxMDAwMDA7XHJcbiAgcHVibGljIHJlYWRvbmx5IE1JTl9QQVNTX0tFWV9QQktERl9JVEVSID0gMTAwMDAwO1xyXG4gIHB1YmxpYyByZWFkb25seSBNSU5fTEJPUF9LRVlfUEJLREZfSVRFUiA9IDEwMDAwMDtcclxuXHJcbiAgLy8gVGhlc2UgYXJlIHVzZWQgYXMgdGhlIGRlZmF1bHQgdmFsdWVzLiBUaGV5IG11c3QgYmUgbGFyZ2VyIHRoYW4gdGhlIG1pbmltdW0gdmFsdWVzLlxyXG4gIHB1YmxpYyByZWFkb25seSBERUZBVUxUX1BBU1NfSURQX1BCS0RGX0lURVIgPSB0aGlzLk1JTl9QQVNTX0lEUF9QQktERl9JVEVSO1xyXG4gIHB1YmxpYyByZWFkb25seSBERUZBVUxUX1BBU1NfS0VZX1BCS0RGX0lURVIgPSB0aGlzLk1JTl9QQVNTX0tFWV9QQktERl9JVEVSO1xyXG4gIHB1YmxpYyByZWFkb25seSBERUZBVUxUX0xCT1BfS0VZX1BCS0RGX0lURVIgPSB0aGlzLk1JTl9MQk9QX0tFWV9QQktERl9JVEVSO1xyXG5cclxuICBjb25zdHJ1Y3RvcihcclxuICAgIEBJbmplY3QoTFJfQ09ORklHKSBwcml2YXRlIGNvbmZpZzogTGlmZVJlYWR5Q29uZmlnLFxyXG4gICAgcHJpdmF0ZSBwZXJzaXN0U2VydmljZTogUGVyc2lzdFNlcnZpY2VcclxuICApIHtcclxuICAgIHRoaXMucmVzZXRLZXlzKCk7XHJcbiAgfVxyXG5cclxuICByZXNldEtleXMoKSB7XHJcbiAgICB0aGlzLmtleXMgPSBudWxsO1xyXG4gICAgdGhpcy5tYXN0ZXJLZXkgPSBudWxsO1xyXG4gIH1cclxuXHJcbiAgcHVyZ2VLZXlzKCkge1xyXG4gICAgdGhpcy5yZXNldEtleXMoKTtcclxuICAgIHRoaXMucGVyc2lzdFNlcnZpY2UuY2xlYXIoKTtcclxuICB9XHJcblxyXG4gIHBvcHVsYXRlS2V5cyhrZXlzOiBVc2VyS2V5cykge1xyXG4gICAgdGhpcy5rZXlzID0ga2V5cztcclxuICB9XHJcblxyXG4gIHB1YmxpYyBnZXRDdXJyZW50UGFzc0tleSgpOiBLZXkge1xyXG4gICAgcmV0dXJuIHRoaXMua2V5cy5wYXNzS2V5O1xyXG4gIH1cclxuXHJcbiAgcHVibGljIGdldEN1cnJlbnRNYXN0ZXJLZXkoKTogS2V5IHtcclxuICAgIHJldHVybiB0aGlzLmtleXMubWFzdGVyS2V5O1xyXG4gIH1cclxuXHJcbiAgcHVibGljIGdldEN1cnJlbnRSb290S2V5KCk6IEtleSB7XHJcbiAgICByZXR1cm4gdGhpcy5rZXlzLnJvb3RLZXk7XHJcbiAgfVxyXG5cclxuICBwdWJsaWMgZ2V0Q3VycmVudFB4aygpOiBLZXkge1xyXG4gICAgcmV0dXJuIHRoaXMua2V5cy5weGs7XHJcbiAgfVxyXG5cclxuICBwdWJsaWMgZ2V0Q3VycmVudFNpZ1B4aygpOiBLZXkge1xyXG4gICAgcmV0dXJuIHRoaXMua2V5cy5zaWdQeGs7XHJcbiAgfVxyXG5cclxuICBwcml2YXRlIGV4cGlyZXNBZnRlcihzZWNvbmRzOiBudW1iZXIpOiBEYXRlIHtcclxuICAgIHJldHVybiBuZXcgRGF0ZShEYXRlLm5vdygpICsgMTAwMCAqIHNlY29uZHMpO1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgcGVyc2lzdE1hc3RlcktleShcclxuICAgIG1hc3RlcktleTogS2V5LFxyXG4gICAgZXhwaXJlc0FmdGVyU2Vjb25kczogbnVtYmVyXHJcbiAgKTogUHJvbWlzZTx2b2lkPiB7XHJcbiAgICBjb25zdCBzdG9yZWRLZXkgPSB7XHJcbiAgICAgIGlkOiBtYXN0ZXJLZXkuaWQsXHJcbiAgICAgIGp3azogbWFzdGVyS2V5Lmp3ay50b0pTT04odHJ1ZSksXHJcbiAgICB9O1xyXG5cclxuICAgIHRoaXMubWFzdGVyS2V5ID0gbWFzdGVyS2V5O1xyXG5cclxuICAgIC8vIFNhdmUgaW4gYW4gZXhwaXJhYmxlIGNvb2tpZS5cclxuICAgIGF3YWl0IHRoaXMucGVyc2lzdFNlcnZpY2Uuc2V0KHtcclxuICAgICAgbmFtZTogdGhpcy5TVE9SRV9NQVNURVJfS0VZLFxyXG4gICAgICB2YWx1ZTogc3RvcmVkS2V5LFxyXG4gICAgICBleHBpcnk6IHRoaXMuZXhwaXJlc0FmdGVyKGV4cGlyZXNBZnRlclNlY29uZHMpLFxyXG4gICAgICBzZXJ2ZXJTZXNzaW9uOiAhdGhpcy5jb25maWcuZGlzYWJsZVNlc3Npb25FbmNyeXB0aW9uS2V5LFxyXG4gICAgfSk7XHJcbiAgfVxyXG5cclxuICBhc3luYyBzZXRNYXN0ZXJLZXlFeHBpcmVzQWZ0ZXJTZWNvbmRzKHNlY29uZHM6IG51bWJlcik6IFByb21pc2U8dm9pZD4ge1xyXG4gICAgY29uc3Qgc3RvcmVkS2V5ID0gYXdhaXQgdGhpcy5wZXJzaXN0U2VydmljZS5nZXQodGhpcy5TVE9SRV9NQVNURVJfS0VZKTtcclxuICAgIGlmIChzdG9yZWRLZXkgPT0gbnVsbCkge1xyXG4gICAgICB0aHJvdyBuZXcgTHJOb3RGb3VuZEV4Y2VwdGlvbihcclxuICAgICAgICBgQ2FuIG5vdCBmaW5kIG1hc3RlcktleSBpbiBwZXJzaXN0ZWQgc3RvcmFnZSB1c2luZyBuYW1lOiAke3RoaXMuU1RPUkVfTUFTVEVSX0tFWX1gXHJcbiAgICAgICk7XHJcbiAgICB9XHJcbiAgICBhd2FpdCB0aGlzLnBlcnNpc3RTZXJ2aWNlLnNldCh7XHJcbiAgICAgIG5hbWU6IHRoaXMuU1RPUkVfTUFTVEVSX0tFWSxcclxuICAgICAgdmFsdWU6IHN0b3JlZEtleSxcclxuICAgICAgZXhwaXJ5OiB0aGlzLmV4cGlyZXNBZnRlcihzZWNvbmRzKSxcclxuICAgICAgc2VydmVyU2Vzc2lvbjogIXRoaXMuY29uZmlnLmRpc2FibGVTZXNzaW9uRW5jcnlwdGlvbktleSxcclxuICAgIH0pO1xyXG4gIH1cclxuXHJcbiAgLy8gVGhlcmUncyBsaXR0bGUgYmVuZWZpdCBpbiB1c2luZyBXZWJDcnlwdG8ncyBub25lLWV4dHJhY3RhYmxlIGtleXMgYmVjYXVzZSBpZiB0aGVyZVxyXG4gIC8vIGlzIGFuIFhTUyBhdHRhY2ssIHRoZW4gdGhlIGF0dGFja2VyIGhhcyBjb250cm9sIG92ZXIgdGhlIGpzIHRoYXQgZG93bmxvYWRzIHRoZSBrZXlzLiBUaGVcclxuICAvLyBhdHRhY2tlciBjYW4gbW9kaWZ5IHRoZSBjb2RlIHRvIGltcG9ydCB0aGUga2V5cyBhcyBleHRyYWN0YWJsZS4gU28gbm9uZS1leHRyYWN0YWJsZSBrZXlzXHJcbiAgLy8gYXJlIG9ubHkgdXNlZnVsIGlmIHRoZXkgYXJlIGFscmVhZHkgcGVyc2lzdGVkIGFuZCB0aGUgdXNlciBjYW5ub3QgZG93bmxvYWQgYW55IG1vcmUga2V5cyxcclxuICAvLyB3aGljaCBpcyBub3QgZmVhc2libGUuXHJcbiAgLy8gU28gc3RvcmluZyB0aGUgUGFzc0tleSBpbiBsb2NhbHN0b3JhZ2UgZm9yIG5vdywgYXQgbGVhc3QgdGlsbCB3ZSBrbm93IHdoYXQgdGhlIHVzYWdlXHJcbiAgLy8gcGF0dGVybiBpcywgaS5lLiBob3cgb2Z0ZW4gZG8gd2UgbmVlZCB0byB1c2UgdGhlIFJvb3RLLCBNYXRlckssIGFuZCBQYXNzSy5cclxuICBhc3luYyBsb2FkTWFzdGVyS2V5KG1hc3RlcktleUlkOiBzdHJpbmcpOiBQcm9taXNlPEtleT4ge1xyXG4gICAgaWYgKCF0aGlzLm1hc3RlcktleSkge1xyXG4gICAgICBjb25zdCBzdG9yZWRLZXkgPSBhd2FpdCB0aGlzLnBlcnNpc3RTZXJ2aWNlLmdldCh0aGlzLlNUT1JFX01BU1RFUl9LRVkpO1xyXG5cclxuICAgICAgaWYgKCFzdG9yZWRLZXkpIHtcclxuICAgICAgICB0aHJvdyBuZXcgTHJOb3RGb3VuZEV4Y2VwdGlvbihcclxuICAgICAgICAgICdDb3VsZCBub3QgZmluZCBtYXN0ZXJLZXkgaW4gcGVyc2lzdGVkIHN0b3JhZ2UnXHJcbiAgICAgICAgKTtcclxuICAgICAgfVxyXG5cclxuICAgICAgaWYgKHN0b3JlZEtleS5pZCAhPT0gbWFzdGVyS2V5SWQpIHtcclxuICAgICAgICB0aHJvdyBuZXcgTHJOb3RGb3VuZEV4Y2VwdGlvbihcclxuICAgICAgICAgIGBtYXN0ZXJLZXlJZCAke3N0b3JlZEtleS5pZH0gaW4gcGVyc2lzdGVkIHN0b3JhZ2UgZG9lcyBub3QgbWF0Y2ggdGhlIG9uZSByZXF1ZXN0ZWQgJHttYXN0ZXJLZXlJZH1gXHJcbiAgICAgICAgKTtcclxuICAgICAgfVxyXG5cclxuICAgICAgc3RvcmVkS2V5Lmp3ayA9IGF3YWl0IEtGUy5hc0tleShzdG9yZWRLZXkuandrKTtcclxuXHJcbiAgICAgIHRoaXMubWFzdGVyS2V5ID0gc3RvcmVkS2V5O1xyXG4gICAgfVxyXG5cclxuICAgIHJldHVybiB0aGlzLm1hc3RlcktleTtcclxuICB9XHJcbn1cclxuIl19