@lifeready/core 1.0.15 → 1.0.17

package/esm2015/lib/cryptography/key-factory.service.js

@@ -1,237 +1,237 @@
-import { __awaiter } from "tslib";
-import { Injectable } from '@angular/core';
-import { JWK } from 'node-jose';
-import { WebCryptoService } from './web-crypto.service';
-import { LrBadArgumentException, LrSuspiciousException, } from '../_common/exceptions';
-import * as i0 from "@angular/core";
-import * as i1 from "./web-crypto.service";
-export function sha256(message) {
-    return __awaiter(this, void 0, void 0, function* () {
-        // encode as UTF-8
-        const msgBuffer = new TextEncoder().encode(message);
-        // hash the message
-        const hashBuffer = yield crypto.subtle.digest('SHA-256', msgBuffer);
-        // convert ArrayBuffer to Array
-        const hashArray = Array.from(new Uint8Array(hashBuffer));
-        // convert bytes to hex string
-        const hashHex = hashArray
-            .map((b) => ('00' + b.toString(16)).slice(-2))
-            .join('');
-        return hashHex;
-    });
-}
-export class KeyFactoryService {
-    constructor(webCryptoService) {
-        this.webCryptoService = webCryptoService;
-        // Global keys store. Otherwise, each call to asKey creates a new keyStore.
-        // <AZ> Did not seem to improve speed.
-        // public static keyStore = JWK.createKeyStore();
-        // AZ: This can't be change easily. It's basically a PassK or PassIdp rotation.
-        // todo: we should eventually increase this periodically to match with Moore's law.
-        // The iterations for each key are kept by the server as well but we assume the value
-        // from the server is not trustworthy, so need to have minimum thresholds here.
-        // If creating new keys, these minimum are used.
-        this.MIN_PASS_IDP_PBKDF_ITER = 100000;
-        this.MIN_PASS_KEY_PBKDF_ITER = 100000;
-        this.MIN_LBOP_KEY_PBKDF_ITER = 100000;
-        // These are used as the default values. They must be larger than the minimum values.
-        this.DEFAULT_PASS_IDP_PBKDF_ITER = this.MIN_PASS_IDP_PBKDF_ITER;
-        this.DEFAULT_PASS_KEY_PBKDF_ITER = this.MIN_PASS_KEY_PBKDF_ITER;
-        this.DEFAULT_LBOP_KEY_PBKDF_ITER = this.MIN_LBOP_KEY_PBKDF_ITER;
-        this.crypto = this.webCryptoService.crypto;
-    }
-    static asKey(key, form, extras) {
-        // <AZ> Using a single global key store did not seem to improve speed.
-        // return KeyFactoryService.keyStore.add(key, form, extras);
-        return JWK.asKey(key, form, extras);
-    }
-    randomString(digits) {
-        if (digits <= 0) {
-            throw new LrBadArgumentException('digits <= 0');
-        }
-        const validChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
-        let array = new Uint32Array(digits);
-        this.crypto.getRandomValues(array);
-        array = array.map((x) => validChars.charCodeAt(x % validChars.length));
-        return String.fromCharCode.apply(null, array);
-    }
-    randomDigitsNoZeros(digits) {
-        return this.randomChoices([1, 2, 3, 4, 5, 6, 7, 8, 9], digits).join('');
-    }
-    randomChoices(array, chooseN) {
-        if (array.length <= 1) {
-            throw new LrBadArgumentException('array.length <= 0');
-        }
-        if (chooseN <= 0) {
-            throw new LrBadArgumentException('chooseN <= 0');
-        }
-        const values = new Uint32Array(chooseN);
-        this.crypto.getRandomValues(values);
-        const ret = [];
-        values.forEach((v) => ret.push(array[v % array.length]));
-        return ret;
-    }
-    createSalt() {
-        return this.randomString(16);
-    }
-    createKey() {
-        return __awaiter(this, void 0, void 0, function* () {
-            const key = yield this.crypto.subtle.generateKey({
-                name: 'AES-GCM',
-                length: 256,
-            }, true, // whether the key is extractable (i.e. can be used in exportKey)
-            ['encrypt', 'decrypt'] // must be ["encrypt", "decrypt"] or ["wrapKey", "unwrapKey"]
-            );
-            const jwk = yield this.crypto.subtle.exportKey('jwk', key);
-            // Removing the fields not needed by node-jose
-            delete jwk.ext;
-            delete jwk.key_ops;
-            return KeyFactoryService.asKey(jwk);
-        });
-    }
-    createSignKey() {
-        return __awaiter(this, void 0, void 0, function* () {
-            const key = yield this.crypto.subtle.generateKey({
-                name: 'HMAC',
-                hash: { name: 'SHA-512' },
-            }, true, ['sign', 'verify']);
-            const jwk = yield this.crypto.subtle.exportKey('jwk', key);
-            // Removing the fields not needed by node-jose
-            delete jwk.key_ops;
-            delete jwk.ext;
-            return KeyFactoryService.asKey(jwk);
-        });
-    }
-    createPkcKey() {
-        return __awaiter(this, void 0, void 0, function* () {
-            // node-jose is not using Forge properly. It should be calling the async version of
-            // pki.rsa.generateKeyPair() with a callback. Instead it calls the sync version. Webcrypto
-            // does not support sync version, so it uses the javascript implementation, which is way too slow.
-            // So we generate using webcrypto and import the key.
-            // Unfortunately Elliptical Curve is not supported by Webcrypto. So we have to settle for RSA.
-            const key = yield this.crypto.subtle.generateKey({
-                name: 'RSA-OAEP',
-                modulusLength: 2048,
-                // As per suggestion: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams
-                publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
-                hash: { name: 'SHA-256' },
-            }, true, // whether the key is extractable (i.e. can be used in exportKey)
-            ['encrypt', 'decrypt'] // must be ["encrypt", "decrypt"] or ["wrapKey", "unwrapKey"]
-            );
-            const jwk = yield this.crypto.subtle.exportKey('jwk', key.privateKey);
-            // Removing the fields not needed by node-jose
-            delete jwk.key_ops;
-            delete jwk.ext;
-            return KeyFactoryService.asKey(jwk);
-        });
-    }
-    createPkcSignKey() {
-        return __awaiter(this, void 0, void 0, function* () {
-            const key = yield this.crypto.subtle.generateKey({
-                name: 'RSASSA-PKCS1-v1_5',
-                modulusLength: 2048,
-                // As per suggestion: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams
-                publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
-                hash: { name: 'SHA-256' },
-            }, true, // whether the key is extractable (i.e. can be used in exportKey)
-            ['sign', 'verify'] // can be any combination of "sign" and "verify"
-            );
-            const jwk = yield this.crypto.subtle.exportKey('jwk', key.privateKey);
-            // Removing the fields not needed by node-jose
-            delete jwk.key_ops;
-            delete jwk.ext;
-            return KeyFactoryService.asKey(jwk);
-        });
-    }
-    deriveKey({ password, salt, iterations, kid, }) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const enc = new TextEncoder();
-            const rawKey = yield this.crypto.subtle.importKey('raw', enc.encode(password), 'PBKDF2', false, ['deriveBits', 'deriveKey']);
-            const passKey = yield crypto.subtle.deriveKey({
-                name: 'PBKDF2',
-                salt: new TextEncoder().encode(salt),
-                iterations,
-                hash: 'SHA-256',
-            }, rawKey, { name: 'AES-GCM', length: 256 }, true, ['encrypt', 'decrypt']);
-            const passKeyJson = yield crypto.subtle.exportKey('jwk', passKey);
-            if (kid) {
-                passKeyJson.kid = kid;
-            }
-            const jwk = yield KeyFactoryService.asKey(passKeyJson);
-            return { jwk };
-        });
-    }
-    derivePassIdp(params) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (params.iterations < this.MIN_PASS_IDP_PBKDF_ITER) {
-                throw new LrSuspiciousException(`The number of PassIdp key derivation iterations sent from the server (${params.iterations}) is lower than the minimum (${this.MIN_PASS_IDP_PBKDF_ITER})`);
-            }
-            return this.deriveKey(params);
-        });
-    }
-    derivePassKey(params) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (params.iterations < this.MIN_PASS_KEY_PBKDF_ITER) {
-                throw new LrSuspiciousException(`The number of PassKey key derivation iterations sent from the server(${params.iterations}) is lower than the minimum(${this.MIN_PASS_KEY_PBKDF_ITER})`);
-            }
-            return this.deriveKey(params);
-        });
-    }
-    deriveLbopKey(params) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (params.iterations < this.MIN_LBOP_KEY_PBKDF_ITER) {
-                throw new LrSuspiciousException(`The number of LbopKey key derivation iterations sent from the server(${params.iterations}) is lower than the minimum(${this.MIN_LBOP_KEY_PBKDF_ITER})`);
-            }
-            return this.deriveKey(params);
-        });
-    }
-    createKid() {
-        return __awaiter(this, void 0, void 0, function* () {
-            // todo: AZ: node-jose source uses node's default UUID() function for kid, so just change to use that.
-            // for now, we are just creating a new key to use it's kid.
-            // The kid is a part of the JWK system. LR backend maintains the key hierarchy separately with it's own
-            // key id. But we just use it here as a double check.
-            return (yield this.createKey()).kid;
-        });
-    }
-    createPassIdpParams() {
-        return __awaiter(this, void 0, void 0, function* () {
-            return {
-                salt: this.createSalt(),
-                iterations: this.DEFAULT_PASS_IDP_PBKDF_ITER,
-            };
-        });
-    }
-    createPassKeyParams() {
-        return __awaiter(this, void 0, void 0, function* () {
-            return {
-                salt: this.createSalt(),
-                kid: yield this.createKid(),
-                iterations: this.DEFAULT_PASS_KEY_PBKDF_ITER,
-            };
-        });
-    }
-    createLbopKeyParams() {
-        return __awaiter(this, void 0, void 0, function* () {
-            return {
-                salt: this.createSalt(),
-                // todo: AZ: node-jose source uses node's default UUID() function for kid, so just change to use that.
-                // for now, we are just creating a new key to use it's kid.
-                // The kid is a part of the JWK system. LR backend maintains the key hierarchy separately with it's own
-                // key id. But we just use it here as a double check.
-                kid: yield this.createKid(),
-                iterations: this.DEFAULT_PASS_KEY_PBKDF_ITER,
-            };
-        });
-    }
-}
-KeyFactoryService.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyFactoryService_Factory() { return new KeyFactoryService(i0.ɵɵinject(i1.WebCryptoService)); }, token: KeyFactoryService, providedIn: "root" });
-KeyFactoryService.decorators = [
-    { type: Injectable, args: [{
-                providedIn: 'root',
-            },] }
-];
-KeyFactoryService.ctorParameters = () => [
-    { type: WebCryptoService }
-];
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LWZhY3Rvcnkuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiJDOi9Qcm9qZWN0cy9rYy1jbGllbnQvcHJvamVjdHMvY29yZS9zcmMvIiwic291cmNlcyI6WyJsaWIvY3J5cHRvZ3JhcGh5L2tleS1mYWN0b3J5LnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxlQUFlLENBQUM7QUFDM0MsT0FBTyxFQUFFLEdBQUcsRUFBRSxNQUFNLFdBQVcsQ0FBQztBQVVoQyxPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUN4RCxPQUFPLEVBQ0wsc0JBQXNCLEVBQ3RCLHFCQUFxQixHQUN0QixNQUFNLHVCQUF1QixDQUFDOzs7QUFFL0IsTUFBTSxVQUFnQixNQUFNLENBQUMsT0FBTzs7UUFDbEMsa0JBQWtCO1FBQ2xCLE1BQU0sU0FBUyxHQUFHLElBQUksV0FBVyxFQUFFLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBRXBELG1CQUFtQjtRQUNuQixNQUFNLFVBQVUsR0FBRyxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUMsQ0FBQztRQUVwRSwrQkFBK0I7UUFDL0IsTUFBTSxTQUFTLEdBQUcsS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDO1FBRXpELDhCQUE4QjtRQUM5QixNQUFNLE9BQU8sR0FBRyxTQUFTO2FBQ3RCLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO2FBQzdDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNaLE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7Q0FBQTtBQUtELE1BQU0sT0FBTyxpQkFBaUI7SUFDNUIsWUFBb0IsZ0JBQWtDO1FBQWxDLHFCQUFnQixHQUFoQixnQkFBZ0IsQ0FBa0I7UUFJdEQsMkVBQTJFO1FBQzNFLHNDQUFzQztRQUN0QyxpREFBaUQ7UUFFakQsK0VBQStFO1FBQy9FLG1GQUFtRjtRQUNuRixxRkFBcUY7UUFDckYsK0VBQStFO1FBQy9FLGdEQUFnRDtRQUNoQyw0QkFBdUIsR0FBRyxNQUFNLENBQUM7UUFDakMsNEJBQXVCLEdBQUcsTUFBTSxDQUFDO1FBQ2pDLDRCQUF1QixHQUFHLE1BQU0sQ0FBQztRQUVqRCxxRkFBcUY7UUFDckUsZ0NBQTJCLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixDQUFDO1FBQzNELGdDQUEyQixHQUFHLElBQUksQ0FBQyx1QkFBdUIsQ0FBQztRQUMzRCxnQ0FBMkIsR0FBRyxJQUFJLENBQUMsdUJBQXVCLENBQUM7UUFuQnpFLElBQUksQ0FBQyxNQUFNLEdBQUcsSUFBSSxDQUFDLGdCQUFnQixDQUFDLE1BQU0sQ0FBQztJQUM3QyxDQUFDO0lBb0JELE1BQU0sQ0FBQyxLQUFLLENBQ1YsR0FBMEMsRUFDMUMsSUFRUyxFQUNULE1BQWdDO1FBRWhDLHNFQUFzRTtRQUN0RSw0REFBNEQ7UUFDNUQsT0FBTyxHQUFHLENBQUMsS0FBSyxDQUFDLEdBQUcsRUFBRSxJQUFJLEVBQUUsTUFBTSxDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVELFlBQVksQ0FBQyxNQUFjO1FBQ3pCLElBQUksTUFBTSxJQUFJLENBQUMsRUFBRTtZQUNmLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyxhQUFhLENBQUMsQ0FBQztTQUNqRDtRQUNELE1BQU0sVUFBVSxHQUNkLGdFQUFnRSxDQUFDO1FBQ25FLElBQUksS0FBSyxHQUFHLElBQUksV0FBVyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ3BDLElBQUksQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ25DLEtBQUssR0FBRyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLENBQUMsR0FBRyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztRQUN2RSxPQUFPLE1BQU0sQ0FBQyxZQUFZLENBQUMsS0FBSyxDQUFDLElBQUksRUFBRSxLQUFLLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQsbUJBQW1CLENBQUMsTUFBYztRQUNoQyxPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUMsQ0FBQyxFQUFFLE1BQU0sQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUMxRSxDQUFDO0lBRUQsYUFBYSxDQUFJLEtBQVUsRUFBRSxPQUFlO1FBQzFDLElBQUksS0FBSyxDQUFDLE1BQU0sSUFBSSxDQUFDLEVBQUU7WUFDckIsTUFBTSxJQUFJLHNCQUFzQixDQUFDLG1CQUFtQixDQUFDLENBQUM7U0FDdkQ7UUFDRCxJQUFJLE9BQU8sSUFBSSxDQUFDLEVBQUU7WUFDaEIsTUFBTSxJQUFJLHNCQUFzQixDQUFDLGNBQWMsQ0FBQyxDQUFDO1NBQ2xEO1FBQ0QsTUFBTSxNQUFNLEdBQUcsSUFBSSxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDeEMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxlQUFlLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDcEMsTUFBTSxHQUFHLEdBQVEsRUFBRSxDQUFDO1FBQ3BCLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUMsR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ3pELE9BQU8sR0FBRyxDQUFDO0lBQ2IsQ0FBQztJQUVELFVBQVU7UUFDUixPQUFPLElBQUksQ0FBQyxZQUFZLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVLLFNBQVM7O1lBQ2IsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQzlDO2dCQUNFLElBQUksRUFBRSxTQUFTO2dCQUNmLE1BQU0sRUFBRSxHQUFHO2FBQ1osRUFDRCxJQUFJLEVBQUUsaUVBQWlFO1lBQ3ZFLENBQUMsU0FBUyxFQUFFLFNBQVMsQ0FBQyxDQUFDLDZEQUE2RDthQUNyRixDQUFDO1lBRUYsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsS0FBSyxFQUFFLEdBQUcsQ0FBQyxDQUFDO1lBRTNELDhDQUE4QztZQUM5QyxPQUFPLEdBQUcsQ0FBQyxHQUFHLENBQUM7WUFDZixPQUFPLEdBQUcsQ0FBQyxPQUFPLENBQUM7WUFFbkIsT0FBTyxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDdEMsQ0FBQztLQUFBO0lBRUssYUFBYTs7WUFDakIsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQzlDO2dCQUNFLElBQUksRUFBRSxNQUFNO2dCQUNaLElBQUksRUFBRSxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUU7YUFDMUIsRUFDRCxJQUFJLEVBQ0osQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLENBQ25CLENBQUM7WUFFRixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsR0FBRyxDQUFDLENBQUM7WUFFM0QsOENBQThDO1lBQzlDLE9BQU8sR0FBRyxDQUFDLE9BQU8sQ0FBQztZQUNuQixPQUFPLEdBQUcsQ0FBQyxHQUFHLENBQUM7WUFFZixPQUFPLGlCQUFpQixDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUN0QyxDQUFDO0tBQUE7SUFFSyxZQUFZOztZQUNoQixtRkFBbUY7WUFDbkYsMEZBQTBGO1lBQzFGLGtHQUFrRztZQUNsRyxxREFBcUQ7WUFDckQsOEZBQThGO1lBQzlGLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUM5QztnQkFDRSxJQUFJLEVBQUUsVUFBVTtnQkFDaEIsYUFBYSxFQUFFLElBQUk7Z0JBQ25CLDRGQUE0RjtnQkFDNUYsY0FBYyxFQUFFLElBQUksVUFBVSxDQUFDLENBQUMsSUFBSSxFQUFFLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQztnQkFDbEQsSUFBSSxFQUFFLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRTthQUMxQixFQUNELElBQUksRUFBRSxpRUFBaUU7WUFDdkUsQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDLENBQUMsNkRBQTZEO2FBQ3JGLENBQUM7WUFFRixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsR0FBRyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBQ3RFLDhDQUE4QztZQUM5QyxPQUFPLEdBQUcsQ0FBQyxPQUFPLENBQUM7WUFDbkIsT0FBTyxHQUFHLENBQUMsR0FBRyxDQUFDO1lBRWYsT0FBTyxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDdEMsQ0FBQztLQUFBO0lBRUssZ0JBQWdCOztZQUNwQixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FDOUM7Z0JBQ0UsSUFBSSxFQUFFLG1CQUFtQjtnQkFDekIsYUFBYSxFQUFFLElBQUk7Z0JBQ25CLDRGQUE0RjtnQkFDNUYsY0FBYyxFQUFFLElBQUksVUFBVSxDQUFDLENBQUMsSUFBSSxFQUFFLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQztnQkFDbEQsSUFBSSxFQUFFLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRTthQUMxQixFQUNELElBQUksRUFBRSxpRUFBaUU7WUFDdkUsQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLENBQUMsZ0RBQWdEO2FBQ3BFLENBQUM7WUFFRixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsR0FBRyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBRXRFLDhDQUE4QztZQUM5QyxPQUFPLEdBQUcsQ0FBQyxPQUFPLENBQUM7WUFDbkIsT0FBTyxHQUFHLENBQUMsR0FBRyxDQUFDO1lBRWYsT0FBTyxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDdEMsQ0FBQztLQUFBO0lBRUssU0FBUyxDQUFDLEVBQ2QsUUFBUSxFQUNSLElBQUksRUFDSixVQUFVLEVBQ1YsR0FBRyxHQU1KOztZQUNDLE1BQU0sR0FBRyxHQUFHLElBQUksV0FBVyxFQUFFLENBQUM7WUFDOUIsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQy9DLEtBQUssRUFDTCxHQUFHLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxFQUNwQixRQUFRLEVBQ1IsS0FBSyxFQUNMLENBQUMsWUFBWSxFQUFFLFdBQVcsQ0FBQyxDQUM1QixDQUFDO1lBRUYsTUFBTSxPQUFPLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FDM0M7Z0JBQ0UsSUFBSSxFQUFFLFFBQVE7Z0JBQ2QsSUFBSSxFQUFFLElBQUksV0FBVyxFQUFFLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQztnQkFDcEMsVUFBVTtnQkFDVixJQUFJLEVBQUUsU0FBUzthQUNoQixFQUNELE1BQU0sRUFDTixFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsTUFBTSxFQUFFLEdBQUcsRUFBRSxFQUNoQyxJQUFJLEVBQ0osQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDLENBQ3ZCLENBQUM7WUFFRixNQUFNLFdBQVcsR0FBUSxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxPQUFPLENBQUMsQ0FBQztZQUN2RSxJQUFJLEdBQUcsRUFBRTtnQkFDUCxXQUFXLENBQUMsR0FBRyxHQUFHLEdBQUcsQ0FBQzthQUN2QjtZQUVELE1BQU0sR0FBRyxHQUFHLE1BQU0saUJBQWlCLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRXZELE9BQU8sRUFBRSxHQUFHLEVBQUUsQ0FBQztRQUNqQixDQUFDO0tBQUE7SUFFSyxhQUFhLENBQUMsTUFBMkI7O1lBQzdDLElBQUksTUFBTSxDQUFDLFVBQVUsR0FBRyxJQUFJLENBQUMsdUJBQXVCLEVBQUU7Z0JBQ3BELE1BQU0sSUFBSSxxQkFBcUIsQ0FDN0IseUVBQXlFLE1BQU0sQ0FBQyxVQUFVLGdDQUFnQyxJQUFJLENBQUMsdUJBQXVCLEdBQUcsQ0FDMUosQ0FBQzthQUNIO1lBQ0QsT0FBTyxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2hDLENBQUM7S0FBQTtJQUVLLGFBQWEsQ0FBQyxNQUEyQjs7WUFDN0MsSUFBSSxNQUFNLENBQUMsVUFBVSxHQUFHLElBQUksQ0FBQyx1QkFBdUIsRUFBRTtnQkFDcEQsTUFBTSxJQUFJLHFCQUFxQixDQUM3Qix3RUFBd0UsTUFBTSxDQUFDLFVBQVUsK0JBQStCLElBQUksQ0FBQyx1QkFBdUIsR0FBRyxDQUN4SixDQUFDO2FBQ0g7WUFDRCxPQUFPLElBQUksQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDaEMsQ0FBQztLQUFBO0lBRUssYUFBYSxDQUFDLE1BQTJCOztZQUM3QyxJQUFJLE1BQU0sQ0FBQyxVQUFVLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixFQUFFO2dCQUNwRCxNQUFNLElBQUkscUJBQXFCLENBQzdCLHdFQUF3RSxNQUFNLENBQUMsVUFBVSwrQkFBK0IsSUFBSSxDQUFDLHVCQUF1QixHQUFHLENBQ3hKLENBQUM7YUFDSDtZQUNELE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNoQyxDQUFDO0tBQUE7SUFFSyxTQUFTOztZQUNiLHNHQUFzRztZQUN0RywyREFBMkQ7WUFDM0QsdUdBQXVHO1lBQ3ZHLHFEQUFxRDtZQUNyRCxPQUFPLENBQUMsTUFBTSxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUMsQ0FBQyxHQUFHLENBQUM7UUFDdEMsQ0FBQztLQUFBO0lBRUssbUJBQW1COztZQUN2QixPQUFPO2dCQUNMLElBQUksRUFBRSxJQUFJLENBQUMsVUFBVSxFQUFFO2dCQUN2QixVQUFVLEVBQUUsSUFBSSxDQUFDLDJCQUEyQjthQUM3QyxDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRUssbUJBQW1COztZQUN2QixPQUFPO2dCQUNMLElBQUksRUFBRSxJQUFJLENBQUMsVUFBVSxFQUFFO2dCQUN2QixHQUFHLEVBQUUsTUFBTSxJQUFJLENBQUMsU0FBUyxFQUFFO2dCQUMzQixVQUFVLEVBQUUsSUFBSSxDQUFDLDJCQUEyQjthQUM3QyxDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRUssbUJBQW1COztZQUN2QixPQUFPO2dCQUNMLElBQUksRUFBRSxJQUFJLENBQUMsVUFBVSxFQUFFO2dCQUN2QixzR0FBc0c7Z0JBQ3RHLDJEQUEyRDtnQkFDM0QsdUdBQXVHO2dCQUN2RyxxREFBcUQ7Z0JBQ3JELEdBQUcsRUFBRSxNQUFNLElBQUksQ0FBQyxTQUFTLEVBQUU7Z0JBQzNCLFVBQVUsRUFBRSxJQUFJLENBQUMsMkJBQTJCO2FBQzdDLENBQUM7UUFDSixDQUFDO0tBQUE7Ozs7WUEzUUYsVUFBVSxTQUFDO2dCQUNWLFVBQVUsRUFBRSxNQUFNO2FBQ25COzs7WUF6QlEsZ0JBQWdCIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgSW5qZWN0YWJsZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xyXG5pbXBvcnQgeyBKV0sgfSBmcm9tICdub2RlLWpvc2UnO1xyXG5pbXBvcnQge1xyXG4gIExib3BLZXlQYXJhbXMsXHJcbiAgUGFzc0lkcFBhcmFtcyxcclxuICBQYXNzS2V5UGFyYW1zLFxyXG4gIERlcml2ZUtleVJlc3VsdCxcclxuICBEZXJpdmVQYXNzSWRwUGFyYW1zLFxyXG4gIERlcml2ZVBhc3NLZXlQYXJhbXMsXHJcbiAgRGVyaXZlTGJvcEtleVBhcmFtcyxcclxufSBmcm9tICcuL2NyeXB0b2dyYXBoeS50eXBlcyc7XHJcbmltcG9ydCB7IFdlYkNyeXB0b1NlcnZpY2UgfSBmcm9tICcuL3dlYi1jcnlwdG8uc2VydmljZSc7XHJcbmltcG9ydCB7XHJcbiAgTHJCYWRBcmd1bWVudEV4Y2VwdGlvbixcclxuICBMclN1c3BpY2lvdXNFeGNlcHRpb24sXHJcbn0gZnJvbSAnLi4vX2NvbW1vbi9leGNlcHRpb25zJztcclxuXHJcbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBzaGEyNTYobWVzc2FnZSkge1xyXG4gIC8vIGVuY29kZSBhcyBVVEYtOFxyXG4gIGNvbnN0IG1zZ0J1ZmZlciA9IG5ldyBUZXh0RW5jb2RlcigpLmVuY29kZShtZXNzYWdlKTtcclxuXHJcbiAgLy8gaGFzaCB0aGUgbWVzc2FnZVxyXG4gIGNvbnN0IGhhc2hCdWZmZXIgPSBhd2FpdCBjcnlwdG8uc3VidGxlLmRpZ2VzdCgnU0hBLTI1NicsIG1zZ0J1ZmZlcik7XHJcblxyXG4gIC8vIGNvbnZlcnQgQXJyYXlCdWZmZXIgdG8gQXJyYXlcclxuICBjb25zdCBoYXNoQXJyYXkgPSBBcnJheS5mcm9tKG5ldyBVaW50OEFycmF5KGhhc2hCdWZmZXIpKTtcclxuXHJcbiAgLy8gY29udmVydCBieXRlcyB0byBoZXggc3RyaW5nXHJcbiAgY29uc3QgaGFzaEhleCA9IGhhc2hBcnJheVxyXG4gICAgLm1hcCgoYikgPT4gKCcwMCcgKyBiLnRvU3RyaW5nKDE2KSkuc2xpY2UoLTIpKVxyXG4gICAgLmpvaW4oJycpO1xyXG4gIHJldHVybiBoYXNoSGV4O1xyXG59XHJcblxyXG5ASW5qZWN0YWJsZSh7XHJcbiAgcHJvdmlkZWRJbjogJ3Jvb3QnLFxyXG59KVxyXG5leHBvcnQgY2xhc3MgS2V5RmFjdG9yeVNlcnZpY2Uge1xyXG4gIGNvbnN0cnVjdG9yKHByaXZhdGUgd2ViQ3J5cHRvU2VydmljZTogV2ViQ3J5cHRvU2VydmljZSkge1xyXG4gICAgdGhpcy5jcnlwdG8gPSB0aGlzLndlYkNyeXB0b1NlcnZpY2UuY3J5cHRvO1xyXG4gIH1cclxuICBwcml2YXRlIHJlYWRvbmx5IGNyeXB0bztcclxuICAvLyBHbG9iYWwga2V5cyBzdG9yZS4gT3RoZXJ3aXNlLCBlYWNoIGNhbGwgdG8gYXNLZXkgY3JlYXRlcyBhIG5ldyBrZXlTdG9yZS5cclxuICAvLyA8QVo+IERpZCBub3Qgc2VlbSB0byBpbXByb3ZlIHNwZWVkLlxyXG4gIC8vIHB1YmxpYyBzdGF0aWMga2V5U3RvcmUgPSBKV0suY3JlYXRlS2V5U3RvcmUoKTtcclxuXHJcbiAgLy8gQVo6IFRoaXMgY2FuJ3QgYmUgY2hhbmdlIGVhc2lseS4gSXQncyBiYXNpY2FsbHkgYSBQYXNzSyBvciBQYXNzSWRwIHJvdGF0aW9uLlxyXG4gIC8vIHRvZG86IHdlIHNob3VsZCBldmVudHVhbGx5IGluY3JlYXNlIHRoaXMgcGVyaW9kaWNhbGx5IHRvIG1hdGNoIHdpdGggTW9vcmUncyBsYXcuXHJcbiAgLy8gVGhlIGl0ZXJhdGlvbnMgZm9yIGVhY2gga2V5IGFyZSBrZXB0IGJ5IHRoZSBzZXJ2ZXIgYXMgd2VsbCBidXQgd2UgYXNzdW1lIHRoZSB2YWx1ZVxyXG4gIC8vIGZyb20gdGhlIHNlcnZlciBpcyBub3QgdHJ1c3R3b3J0aHksIHNvIG5lZWQgdG8gaGF2ZSBtaW5pbXVtIHRocmVzaG9sZHMgaGVyZS5cclxuICAvLyBJZiBjcmVhdGluZyBuZXcga2V5cywgdGhlc2UgbWluaW11bSBhcmUgdXNlZC5cclxuICBwdWJsaWMgcmVhZG9ubHkgTUlOX1BBU1NfSURQX1BCS0RGX0lURVIgPSAxMDAwMDA7XHJcbiAgcHVibGljIHJlYWRvbmx5IE1JTl9QQVNTX0tFWV9QQktERl9JVEVSID0gMTAwMDAwO1xyXG4gIHB1YmxpYyByZWFkb25seSBNSU5fTEJPUF9LRVlfUEJLREZfSVRFUiA9IDEwMDAwMDtcclxuXHJcbiAgLy8gVGhlc2UgYXJlIHVzZWQgYXMgdGhlIGRlZmF1bHQgdmFsdWVzLiBUaGV5IG11c3QgYmUgbGFyZ2VyIHRoYW4gdGhlIG1pbmltdW0gdmFsdWVzLlxyXG4gIHB1YmxpYyByZWFkb25seSBERUZBVUxUX1BBU1NfSURQX1BCS0RGX0lURVIgPSB0aGlzLk1JTl9QQVNTX0lEUF9QQktERl9JVEVSO1xyXG4gIHB1YmxpYyByZWFkb25seSBERUZBVUxUX1BBU1NfS0VZX1BCS0RGX0lURVIgPSB0aGlzLk1JTl9QQVNTX0tFWV9QQktERl9JVEVSO1xyXG4gIHB1YmxpYyByZWFkb25seSBERUZBVUxUX0xCT1BfS0VZX1BCS0RGX0lURVIgPSB0aGlzLk1JTl9MQk9QX0tFWV9QQktERl9JVEVSO1xyXG5cclxuICBzdGF0aWMgYXNLZXkoXHJcbiAgICBrZXk6IHN0cmluZyB8IEJ1ZmZlciB8IG9iamVjdCB8IEpXSy5SYXdLZXksXHJcbiAgICBmb3JtPzpcclxuICAgICAgfCAnanNvbidcclxuICAgICAgfCAncHJpdmF0ZSdcclxuICAgICAgfCAncGtjczgnXHJcbiAgICAgIHwgJ3B1YmxpYydcclxuICAgICAgfCAnc3BraSdcclxuICAgICAgfCAncGtpeCdcclxuICAgICAgfCAneDUwOSdcclxuICAgICAgfCAncGVtJyxcclxuICAgIGV4dHJhcz86IFJlY29yZDxzdHJpbmcsIHVua25vd24+XHJcbiAgKTogUHJvbWlzZTxKV0suS2V5PiB7XHJcbiAgICAvLyA8QVo+IFVzaW5nIGEgc2luZ2xlIGdsb2JhbCBrZXkgc3RvcmUgZGlkIG5vdCBzZWVtIHRvIGltcHJvdmUgc3BlZWQuXHJcbiAgICAvLyByZXR1cm4gS2V5RmFjdG9yeVNlcnZpY2Uua2V5U3RvcmUuYWRkKGtleSwgZm9ybSwgZXh0cmFzKTtcclxuICAgIHJldHVybiBKV0suYXNLZXkoa2V5LCBmb3JtLCBleHRyYXMpO1xyXG4gIH1cclxuXHJcbiAgcmFuZG9tU3RyaW5nKGRpZ2l0czogbnVtYmVyKTogc3RyaW5nIHtcclxuICAgIGlmIChkaWdpdHMgPD0gMCkge1xyXG4gICAgICB0aHJvdyBuZXcgTHJCYWRBcmd1bWVudEV4Y2VwdGlvbignZGlnaXRzIDw9IDAnKTtcclxuICAgIH1cclxuICAgIGNvbnN0IHZhbGlkQ2hhcnMgPVxyXG4gICAgICAnQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODknO1xyXG4gICAgbGV0IGFycmF5ID0gbmV3IFVpbnQzMkFycmF5KGRpZ2l0cyk7XHJcbiAgICB0aGlzLmNyeXB0by5nZXRSYW5kb21WYWx1ZXMoYXJyYXkpO1xyXG4gICAgYXJyYXkgPSBhcnJheS5tYXAoKHgpID0+IHZhbGlkQ2hhcnMuY2hhckNvZGVBdCh4ICUgdmFsaWRDaGFycy5sZW5ndGgpKTtcclxuICAgIHJldHVybiBTdHJpbmcuZnJvbUNoYXJDb2RlLmFwcGx5KG51bGwsIGFycmF5KTtcclxuICB9XHJcblxyXG4gIHJhbmRvbURpZ2l0c05vWmVyb3MoZGlnaXRzOiBudW1iZXIpOiBzdHJpbmcge1xyXG4gICAgcmV0dXJuIHRoaXMucmFuZG9tQ2hvaWNlcyhbMSwgMiwgMywgNCwgNSwgNiwgNywgOCwgOV0sIGRpZ2l0cykuam9pbignJyk7XHJcbiAgfVxyXG5cclxuICByYW5kb21DaG9pY2VzPFQ+KGFycmF5OiBUW10sIGNob29zZU46IG51bWJlcik6IFRbXSB7XHJcbiAgICBpZiAoYXJyYXkubGVuZ3RoIDw9IDEpIHtcclxuICAgICAgdGhyb3cgbmV3IExyQmFkQXJndW1lbnRFeGNlcHRpb24oJ2FycmF5Lmxlbmd0aCA8PSAwJyk7XHJcbiAgICB9XHJcbiAgICBpZiAoY2hvb3NlTiA8PSAwKSB7XHJcbiAgICAgIHRocm93IG5ldyBMckJhZEFyZ3VtZW50RXhjZXB0aW9uKCdjaG9vc2VOIDw9IDAnKTtcclxuICAgIH1cclxuICAgIGNvbnN0IHZhbHVlcyA9IG5ldyBVaW50MzJBcnJheShjaG9vc2VOKTtcclxuICAgIHRoaXMuY3J5cHRvLmdldFJhbmRvbVZhbHVlcyh2YWx1ZXMpO1xyXG4gICAgY29uc3QgcmV0OiBUW10gPSBbXTtcclxuICAgIHZhbHVlcy5mb3JFYWNoKCh2KSA9PiByZXQucHVzaChhcnJheVt2ICUgYXJyYXkubGVuZ3RoXSkpO1xyXG4gICAgcmV0dXJuIHJldDtcclxuICB9XHJcblxyXG4gIGNyZWF0ZVNhbHQoKTogc3RyaW5nIHtcclxuICAgIHJldHVybiB0aGlzLnJhbmRvbVN0cmluZygxNik7XHJcbiAgfVxyXG5cclxuICBhc3luYyBjcmVhdGVLZXkoKTogUHJvbWlzZTxKV0suS2V5PiB7XHJcbiAgICBjb25zdCBrZXkgPSBhd2FpdCB0aGlzLmNyeXB0by5zdWJ0bGUuZ2VuZXJhdGVLZXkoXHJcbiAgICAgIHtcclxuICAgICAgICBuYW1lOiAnQUVTLUdDTScsXHJcbiAgICAgICAgbGVuZ3RoOiAyNTYsIC8vIGNhbiBiZSAgMTI4LCAxOTIsIG9yIDI1NlxyXG4gICAgICB9LFxyXG4gICAgICB0cnVlLCAvLyB3aGV0aGVyIHRoZSBrZXkgaXMgZXh0cmFjdGFibGUgKGkuZS4gY2FuIGJlIHVzZWQgaW4gZXhwb3J0S2V5KVxyXG4gICAgICBbJ2VuY3J5cHQnLCAnZGVjcnlwdCddIC8vIG11c3QgYmUgW1wiZW5jcnlwdFwiLCBcImRlY3J5cHRcIl0gb3IgW1wid3JhcEtleVwiLCBcInVud3JhcEtleVwiXVxyXG4gICAgKTtcclxuXHJcbiAgICBjb25zdCBqd2sgPSBhd2FpdCB0aGlzLmNyeXB0by5zdWJ0bGUuZXhwb3J0S2V5KCdqd2snLCBrZXkpO1xyXG5cclxuICAgIC8vIFJlbW92aW5nIHRoZSBmaWVsZHMgbm90IG5lZWRlZCBieSBub2RlLWpvc2VcclxuICAgIGRlbGV0ZSBqd2suZXh0O1xyXG4gICAgZGVsZXRlIGp3ay5rZXlfb3BzO1xyXG5cclxuICAgIHJldHVybiBLZXlGYWN0b3J5U2VydmljZS5hc0tleShqd2spO1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgY3JlYXRlU2lnbktleSgpOiBQcm9taXNlPEpXSy5LZXk+IHtcclxuICAgIGNvbnN0IGtleSA9IGF3YWl0IHRoaXMuY3J5cHRvLnN1YnRsZS5nZW5lcmF0ZUtleShcclxuICAgICAge1xyXG4gICAgICAgIG5hbWU6ICdITUFDJyxcclxuICAgICAgICBoYXNoOiB7IG5hbWU6ICdTSEEtNTEyJyB9LFxyXG4gICAgICB9LFxyXG4gICAgICB0cnVlLFxyXG4gICAgICBbJ3NpZ24nLCAndmVyaWZ5J11cclxuICAgICk7XHJcblxyXG4gICAgY29uc3QgandrID0gYXdhaXQgdGhpcy5jcnlwdG8uc3VidGxlLmV4cG9ydEtleSgnandrJywga2V5KTtcclxuXHJcbiAgICAvLyBSZW1vdmluZyB0aGUgZmllbGRzIG5vdCBuZWVkZWQgYnkgbm9kZS1qb3NlXHJcbiAgICBkZWxldGUgandrLmtleV9vcHM7XHJcbiAgICBkZWxldGUgandrLmV4dDtcclxuXHJcbiAgICByZXR1cm4gS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoandrKTtcclxuICB9XHJcblxyXG4gIGFzeW5jIGNyZWF0ZVBrY0tleSgpOiBQcm9taXNlPEpXSy5LZXk+IHtcclxuICAgIC8vIG5vZGUtam9zZSBpcyBub3QgdXNpbmcgRm9yZ2UgcHJvcGVybHkuIEl0IHNob3VsZCBiZSBjYWxsaW5nIHRoZSBhc3luYyB2ZXJzaW9uIG9mXHJcbiAgICAvLyBwa2kucnNhLmdlbmVyYXRlS2V5UGFpcigpIHdpdGggYSBjYWxsYmFjay4gSW5zdGVhZCBpdCBjYWxscyB0aGUgc3luYyB2ZXJzaW9uLiBXZWJjcnlwdG9cclxuICAgIC8vIGRvZXMgbm90IHN1cHBvcnQgc3luYyB2ZXJzaW9uLCBzbyBpdCB1c2VzIHRoZSBqYXZhc2NyaXB0IGltcGxlbWVudGF0aW9uLCB3aGljaCBpcyB3YXkgdG9vIHNsb3cuXHJcbiAgICAvLyBTbyB3ZSBnZW5lcmF0ZSB1c2luZyB3ZWJjcnlwdG8gYW5kIGltcG9ydCB0aGUga2V5LlxyXG4gICAgLy8gVW5mb3J0dW5hdGVseSBFbGxpcHRpY2FsIEN1cnZlIGlzIG5vdCBzdXBwb3J0ZWQgYnkgV2ViY3J5cHRvLiBTbyB3ZSBoYXZlIHRvIHNldHRsZSBmb3IgUlNBLlxyXG4gICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5jcnlwdG8uc3VidGxlLmdlbmVyYXRlS2V5KFxyXG4gICAgICB7XHJcbiAgICAgICAgbmFtZTogJ1JTQS1PQUVQJyxcclxuICAgICAgICBtb2R1bHVzTGVuZ3RoOiAyMDQ4LCAvLyBjYW4gYmUgMTAyNCwgMjA0OCwgMzA3MiwgNDA5NiAuLi4gMTYzODRcclxuICAgICAgICAvLyBBcyBwZXIgc3VnZ2VzdGlvbjogaHR0cHM6Ly9kZXZlbG9wZXIubW96aWxsYS5vcmcvZW4tVVMvZG9jcy9XZWIvQVBJL1JzYUhhc2hlZEtleUdlblBhcmFtc1xyXG4gICAgICAgIHB1YmxpY0V4cG9uZW50OiBuZXcgVWludDhBcnJheShbMHgwMSwgMHgwMCwgMHgwMV0pLFxyXG4gICAgICAgIGhhc2g6IHsgbmFtZTogJ1NIQS0yNTYnIH0sIC8vIGNhbiBiZSBcIlNIQS0xXCIsIFwiU0hBLTI1NlwiLCBcIlNIQS0zODRcIiwgb3IgXCJTSEEtNTEyXCJcclxuICAgICAgfSxcclxuICAgICAgdHJ1ZSwgLy8gd2hldGhlciB0aGUga2V5IGlzIGV4dHJhY3RhYmxlIChpLmUuIGNhbiBiZSB1c2VkIGluIGV4cG9ydEtleSlcclxuICAgICAgWydlbmNyeXB0JywgJ2RlY3J5cHQnXSAvLyBtdXN0IGJlIFtcImVuY3J5cHRcIiwgXCJkZWNyeXB0XCJdIG9yIFtcIndyYXBLZXlcIiwgXCJ1bndyYXBLZXlcIl1cclxuICAgICk7XHJcblxyXG4gICAgY29uc3QgandrID0gYXdhaXQgdGhpcy5jcnlwdG8uc3VidGxlLmV4cG9ydEtleSgnandrJywga2V5LnByaXZhdGVLZXkpO1xyXG4gICAgLy8gUmVtb3ZpbmcgdGhlIGZpZWxkcyBub3QgbmVlZGVkIGJ5IG5vZGUtam9zZVxyXG4gICAgZGVsZXRlIGp3ay5rZXlfb3BzO1xyXG4gICAgZGVsZXRlIGp3ay5leHQ7XHJcblxyXG4gICAgcmV0dXJuIEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KGp3ayk7XHJcbiAgfVxyXG5cclxuICBhc3luYyBjcmVhdGVQa2NTaWduS2V5KCk6IFByb21pc2U8SldLLktleT4ge1xyXG4gICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5jcnlwdG8uc3VidGxlLmdlbmVyYXRlS2V5KFxyXG4gICAgICB7XHJcbiAgICAgICAgbmFtZTogJ1JTQVNTQS1QS0NTMS12MV81JyxcclxuICAgICAgICBtb2R1bHVzTGVuZ3RoOiAyMDQ4LCAvLyBjYW4gYmUgMTAyNCwgMjA0OCwgb3IgNDA5NlxyXG4gICAgICAgIC8vIEFzIHBlciBzdWdnZXN0aW9uOiBodHRwczovL2RldmVsb3Blci5tb3ppbGxhLm9yZy9lbi1VUy9kb2NzL1dlYi9BUEkvUnNhSGFzaGVkS2V5R2VuUGFyYW1zXHJcbiAgICAgICAgcHVibGljRXhwb25lbnQ6IG5ldyBVaW50OEFycmF5KFsweDAxLCAweDAwLCAweDAxXSksXHJcbiAgICAgICAgaGFzaDogeyBuYW1lOiAnU0hBLTI1NicgfSwgLy8gY2FuIGJlIFwiU0hBLTFcIiwgXCJTSEEtMjU2XCIsIFwiU0hBLTM4NFwiLCBvciBcIlNIQS01MTJcIlxyXG4gICAgICB9LFxyXG4gICAgICB0cnVlLCAvLyB3aGV0aGVyIHRoZSBrZXkgaXMgZXh0cmFjdGFibGUgKGkuZS4gY2FuIGJlIHVzZWQgaW4gZXhwb3J0S2V5KVxyXG4gICAgICBbJ3NpZ24nLCAndmVyaWZ5J10gLy8gY2FuIGJlIGFueSBjb21iaW5hdGlvbiBvZiBcInNpZ25cIiBhbmQgXCJ2ZXJpZnlcIlxyXG4gICAgKTtcclxuXHJcbiAgICBjb25zdCBqd2sgPSBhd2FpdCB0aGlzLmNyeXB0by5zdWJ0bGUuZXhwb3J0S2V5KCdqd2snLCBrZXkucHJpdmF0ZUtleSk7XHJcblxyXG4gICAgLy8gUmVtb3ZpbmcgdGhlIGZpZWxkcyBub3QgbmVlZGVkIGJ5IG5vZGUtam9zZVxyXG4gICAgZGVsZXRlIGp3ay5rZXlfb3BzO1xyXG4gICAgZGVsZXRlIGp3ay5leHQ7XHJcblxyXG4gICAgcmV0dXJuIEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KGp3ayk7XHJcbiAgfVxyXG5cclxuICBhc3luYyBkZXJpdmVLZXkoe1xyXG4gICAgcGFzc3dvcmQsXHJcbiAgICBzYWx0LFxyXG4gICAgaXRlcmF0aW9ucyxcclxuICAgIGtpZCxcclxuICB9OiB7XHJcbiAgICBwYXNzd29yZDogc3RyaW5nO1xyXG4gICAgc2FsdDogc3RyaW5nO1xyXG4gICAgaXRlcmF0aW9uczogbnVtYmVyO1xyXG4gICAga2lkPzogc3RyaW5nO1xyXG4gIH0pOiBQcm9taXNlPERlcml2ZUtleVJlc3VsdD4ge1xyXG4gICAgY29uc3QgZW5jID0gbmV3IFRleHRFbmNvZGVyKCk7XHJcbiAgICBjb25zdCByYXdLZXkgPSBhd2FpdCB0aGlzLmNyeXB0by5zdWJ0bGUuaW1wb3J0S2V5KFxyXG4gICAgICAncmF3JyxcclxuICAgICAgZW5jLmVuY29kZShwYXNzd29yZCksXHJcbiAgICAgICdQQktERjInLFxyXG4gICAgICBmYWxzZSxcclxuICAgICAgWydkZXJpdmVCaXRzJywgJ2Rlcml2ZUtleSddXHJcbiAgICApO1xyXG5cclxuICAgIGNvbnN0IHBhc3NLZXkgPSBhd2FpdCBjcnlwdG8uc3VidGxlLmRlcml2ZUtleShcclxuICAgICAge1xyXG4gICAgICAgIG5hbWU6ICdQQktERjInLFxyXG4gICAgICAgIHNhbHQ6IG5ldyBUZXh0RW5jb2RlcigpLmVuY29kZShzYWx0KSxcclxuICAgICAgICBpdGVyYXRpb25zLFxyXG4gICAgICAgIGhhc2g6ICdTSEEtMjU2JyxcclxuICAgICAgfSxcclxuICAgICAgcmF3S2V5LFxyXG4gICAgICB7IG5hbWU6ICdBRVMtR0NNJywgbGVuZ3RoOiAyNTYgfSxcclxuICAgICAgdHJ1ZSxcclxuICAgICAgWydlbmNyeXB0JywgJ2RlY3J5cHQnXVxyXG4gICAgKTtcclxuXHJcbiAgICBjb25zdCBwYXNzS2V5SnNvbjogYW55ID0gYXdhaXQgY3J5cHRvLnN1YnRsZS5leHBvcnRLZXkoJ2p3aycsIHBhc3NLZXkpO1xyXG4gICAgaWYgKGtpZCkge1xyXG4gICAgICBwYXNzS2V5SnNvbi5raWQgPSBraWQ7XHJcbiAgICB9XHJcblxyXG4gICAgY29uc3QgandrID0gYXdhaXQgS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkocGFzc0tleUpzb24pO1xyXG5cclxuICAgIHJldHVybiB7IGp3ayB9O1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgZGVyaXZlUGFzc0lkcChwYXJhbXM6IERlcml2ZVBhc3NJZHBQYXJhbXMpOiBQcm9taXNlPERlcml2ZUtleVJlc3VsdD4ge1xyXG4gICAgaWYgKHBhcmFtcy5pdGVyYXRpb25zIDwgdGhpcy5NSU5fUEFTU19JRFBfUEJLREZfSVRFUikge1xyXG4gICAgICB0aHJvdyBuZXcgTHJTdXNwaWNpb3VzRXhjZXB0aW9uKFxyXG4gICAgICAgIGBUaGUgbnVtYmVyIG9mIFBhc3NJZHAga2V5IGRlcml2YXRpb24gaXRlcmF0aW9ucyBzZW50IGZyb20gdGhlIHNlcnZlciAoJHtwYXJhbXMuaXRlcmF0aW9uc30pIGlzIGxvd2VyIHRoYW4gdGhlIG1pbmltdW0gKCR7dGhpcy5NSU5fUEFTU19JRFBfUEJLREZfSVRFUn0pYFxyXG4gICAgICApO1xyXG4gICAgfVxyXG4gICAgcmV0dXJuIHRoaXMuZGVyaXZlS2V5KHBhcmFtcyk7XHJcbiAgfVxyXG5cclxuICBhc3luYyBkZXJpdmVQYXNzS2V5KHBhcmFtczogRGVyaXZlUGFzc0tleVBhcmFtcyk6IFByb21pc2U8RGVyaXZlS2V5UmVzdWx0PiB7XHJcbiAgICBpZiAocGFyYW1zLml0ZXJhdGlvbnMgPCB0aGlzLk1JTl9QQVNTX0tFWV9QQktERl9JVEVSKSB7XHJcbiAgICAgIHRocm93IG5ldyBMclN1c3BpY2lvdXNFeGNlcHRpb24oXHJcbiAgICAgICAgYFRoZSBudW1iZXIgb2YgUGFzc0tleSBrZXkgZGVyaXZhdGlvbiBpdGVyYXRpb25zIHNlbnQgZnJvbSB0aGUgc2VydmVyKCR7cGFyYW1zLml0ZXJhdGlvbnN9KSBpcyBsb3dlciB0aGFuIHRoZSBtaW5pbXVtKCR7dGhpcy5NSU5fUEFTU19LRVlfUEJLREZfSVRFUn0pYFxyXG4gICAgICApO1xyXG4gICAgfVxyXG4gICAgcmV0dXJuIHRoaXMuZGVyaXZlS2V5KHBhcmFtcyk7XHJcbiAgfVxyXG5cclxuICBhc3luYyBkZXJpdmVMYm9wS2V5KHBhcmFtczogRGVyaXZlTGJvcEtleVBhcmFtcyk6IFByb21pc2U8RGVyaXZlS2V5UmVzdWx0PiB7XHJcbiAgICBpZiAocGFyYW1zLml0ZXJhdGlvbnMgPCB0aGlzLk1JTl9MQk9QX0tFWV9QQktERl9JVEVSKSB7XHJcbiAgICAgIHRocm93IG5ldyBMclN1c3BpY2lvdXNFeGNlcHRpb24oXHJcbiAgICAgICAgYFRoZSBudW1iZXIgb2YgTGJvcEtleSBrZXkgZGVyaXZhdGlvbiBpdGVyYXRpb25zIHNlbnQgZnJvbSB0aGUgc2VydmVyKCR7cGFyYW1zLml0ZXJhdGlvbnN9KSBpcyBsb3dlciB0aGFuIHRoZSBtaW5pbXVtKCR7dGhpcy5NSU5fTEJPUF9LRVlfUEJLREZfSVRFUn0pYFxyXG4gICAgICApO1xyXG4gICAgfVxyXG4gICAgcmV0dXJuIHRoaXMuZGVyaXZlS2V5KHBhcmFtcyk7XHJcbiAgfVxyXG5cclxuICBhc3luYyBjcmVhdGVLaWQoKTogUHJvbWlzZTxzdHJpbmc+IHtcclxuICAgIC8vIHRvZG86IEFaOiBub2RlLWpvc2Ugc291cmNlIHVzZXMgbm9kZSdzIGRlZmF1bHQgVVVJRCgpIGZ1bmN0aW9uIGZvciBraWQsIHNvIGp1c3QgY2hhbmdlIHRvIHVzZSB0aGF0LlxyXG4gICAgLy8gZm9yIG5vdywgd2UgYXJlIGp1c3QgY3JlYXRpbmcgYSBuZXcga2V5IHRvIHVzZSBpdCdzIGtpZC5cclxuICAgIC8vIFRoZSBraWQgaXMgYSBwYXJ0IG9mIHRoZSBKV0sgc3lzdGVtLiBMUiBiYWNrZW5kIG1haW50YWlucyB0aGUga2V5IGhpZXJhcmNoeSBzZXBhcmF0ZWx5IHdpdGggaXQncyBvd25cclxuICAgIC8vIGtleSBpZC4gQnV0IHdlIGp1c3QgdXNlIGl0IGhlcmUgYXMgYSBkb3VibGUgY2hlY2suXHJcbiAgICByZXR1cm4gKGF3YWl0IHRoaXMuY3JlYXRlS2V5KCkpLmtpZDtcclxuICB9XHJcblxyXG4gIGFzeW5jIGNyZWF0ZVBhc3NJZHBQYXJhbXMoKTogUHJvbWlzZTxQYXNzSWRwUGFyYW1zPiB7XHJcbiAgICByZXR1cm4ge1xyXG4gICAgICBzYWx0OiB0aGlzLmNyZWF0ZVNhbHQoKSxcclxuICAgICAgaXRlcmF0aW9uczogdGhpcy5ERUZBVUxUX1BBU1NfSURQX1BCS0RGX0lURVIsXHJcbiAgICB9O1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgY3JlYXRlUGFzc0tleVBhcmFtcygpOiBQcm9taXNlPFBhc3NLZXlQYXJhbXM+IHtcclxuICAgIHJldHVybiB7XHJcbiAgICAgIHNhbHQ6IHRoaXMuY3JlYXRlU2FsdCgpLFxyXG4gICAgICBraWQ6IGF3YWl0IHRoaXMuY3JlYXRlS2lkKCksXHJcbiAgICAgIGl0ZXJhdGlvbnM6IHRoaXMuREVGQVVMVF9QQVNTX0tFWV9QQktERl9JVEVSLFxyXG4gICAgfTtcclxuICB9XHJcblxyXG4gIGFzeW5jIGNyZWF0ZUxib3BLZXlQYXJhbXMoKTogUHJvbWlzZTxMYm9wS2V5UGFyYW1zPiB7XHJcbiAgICByZXR1cm4ge1xyXG4gICAgICBzYWx0OiB0aGlzLmNyZWF0ZVNhbHQoKSxcclxuICAgICAgLy8gdG9kbzogQVo6IG5vZGUtam9zZSBzb3VyY2UgdXNlcyBub2RlJ3MgZGVmYXVsdCBVVUlEKCkgZnVuY3Rpb24gZm9yIGtpZCwgc28ganVzdCBjaGFuZ2UgdG8gdXNlIHRoYXQuXHJcbiAgICAgIC8vIGZvciBub3csIHdlIGFyZSBqdXN0IGNyZWF0aW5nIGEgbmV3IGtleSB0byB1c2UgaXQncyBraWQuXHJcbiAgICAgIC8vIFRoZSBraWQgaXMgYSBwYXJ0IG9mIHRoZSBKV0sgc3lzdGVtLiBMUiBiYWNrZW5kIG1haW50YWlucyB0aGUga2V5IGhpZXJhcmNoeSBzZXBhcmF0ZWx5IHdpdGggaXQncyBvd25cclxuICAgICAgLy8ga2V5IGlkLiBCdXQgd2UganVzdCB1c2UgaXQgaGVyZSBhcyBhIGRvdWJsZSBjaGVjay5cclxuICAgICAga2lkOiBhd2FpdCB0aGlzLmNyZWF0ZUtpZCgpLFxyXG4gICAgICBpdGVyYXRpb25zOiB0aGlzLkRFRkFVTFRfUEFTU19LRVlfUEJLREZfSVRFUixcclxuICAgIH07XHJcbiAgfVxyXG59XHJcbiJdfQ==
+import { __awaiter } from "tslib";
+import { Injectable } from '@angular/core';
+import { JWK } from 'node-jose';
+import { WebCryptoService } from './web-crypto.service';
+import { LrBadArgumentException, LrSuspiciousException, } from '../_common/exceptions';
+import * as i0 from "@angular/core";
+import * as i1 from "./web-crypto.service";
+export function sha256(message) {
+    return __awaiter(this, void 0, void 0, function* () {
+        // encode as UTF-8
+        const msgBuffer = new TextEncoder().encode(message);
+        // hash the message
+        const hashBuffer = yield crypto.subtle.digest('SHA-256', msgBuffer);
+        // convert ArrayBuffer to Array
+        const hashArray = Array.from(new Uint8Array(hashBuffer));
+        // convert bytes to hex string
+        const hashHex = hashArray
+            .map((b) => ('00' + b.toString(16)).slice(-2))
+            .join('');
+        return hashHex;
+    });
+}
+export class KeyFactoryService {
+    constructor(webCryptoService) {
+        this.webCryptoService = webCryptoService;
+        // Global keys store. Otherwise, each call to asKey creates a new keyStore.
+        // <AZ> Did not seem to improve speed.
+        // public static keyStore = JWK.createKeyStore();
+        // AZ: This can't be change easily. It's basically a PassK or PassIdp rotation.
+        // todo: we should eventually increase this periodically to match with Moore's law.
+        // The iterations for each key are kept by the server as well but we assume the value
+        // from the server is not trustworthy, so need to have minimum thresholds here.
+        // If creating new keys, these minimum are used.
+        this.MIN_PASS_IDP_PBKDF_ITER = 100000;
+        this.MIN_PASS_KEY_PBKDF_ITER = 100000;
+        this.MIN_LBOP_KEY_PBKDF_ITER = 100000;
+        // These are used as the default values. They must be larger than the minimum values.
+        this.DEFAULT_PASS_IDP_PBKDF_ITER = this.MIN_PASS_IDP_PBKDF_ITER;
+        this.DEFAULT_PASS_KEY_PBKDF_ITER = this.MIN_PASS_KEY_PBKDF_ITER;
+        this.DEFAULT_LBOP_KEY_PBKDF_ITER = this.MIN_LBOP_KEY_PBKDF_ITER;
+        this.crypto = this.webCryptoService.crypto;
+    }
+    static asKey(key, form, extras) {
+        // <AZ> Using a single global key store did not seem to improve speed.
+        // return KeyFactoryService.keyStore.add(key, form, extras);
+        return JWK.asKey(key, form, extras);
+    }
+    randomString(digits) {
+        if (digits <= 0) {
+            throw new LrBadArgumentException('digits <= 0');
+        }
+        const validChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+        let array = new Uint32Array(digits);
+        this.crypto.getRandomValues(array);
+        array = array.map((x) => validChars.charCodeAt(x % validChars.length));
+        return String.fromCharCode.apply(null, array);
+    }
+    randomDigitsNoZeros(digits) {
+        return this.randomChoices([1, 2, 3, 4, 5, 6, 7, 8, 9], digits).join('');
+    }
+    randomChoices(array, chooseN) {
+        if (array.length <= 1) {
+            throw new LrBadArgumentException('array.length <= 0');
+        }
+        if (chooseN <= 0) {
+            throw new LrBadArgumentException('chooseN <= 0');
+        }
+        const values = new Uint32Array(chooseN);
+        this.crypto.getRandomValues(values);
+        const ret = [];
+        values.forEach((v) => ret.push(array[v % array.length]));
+        return ret;
+    }
+    createSalt() {
+        return this.randomString(16);
+    }
+    createKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.crypto.subtle.generateKey({
+                name: 'AES-GCM',
+                length: 256,
+            }, true, // whether the key is extractable (i.e. can be used in exportKey)
+            ['encrypt', 'decrypt'] // must be ["encrypt", "decrypt"] or ["wrapKey", "unwrapKey"]
+            );
+            const jwk = yield this.crypto.subtle.exportKey('jwk', key);
+            // Removing the fields not needed by node-jose
+            delete jwk.ext;
+            delete jwk.key_ops;
+            return KeyFactoryService.asKey(jwk);
+        });
+    }
+    createSignKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.crypto.subtle.generateKey({
+                name: 'HMAC',
+                hash: { name: 'SHA-512' },
+            }, true, ['sign', 'verify']);
+            const jwk = yield this.crypto.subtle.exportKey('jwk', key);
+            // Removing the fields not needed by node-jose
+            delete jwk.key_ops;
+            delete jwk.ext;
+            return KeyFactoryService.asKey(jwk);
+        });
+    }
+    createPkcKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            // node-jose is not using Forge properly. It should be calling the async version of
+            // pki.rsa.generateKeyPair() with a callback. Instead it calls the sync version. Webcrypto
+            // does not support sync version, so it uses the javascript implementation, which is way too slow.
+            // So we generate using webcrypto and import the key.
+            // Unfortunately Elliptical Curve is not supported by Webcrypto. So we have to settle for RSA.
+            const key = yield this.crypto.subtle.generateKey({
+                name: 'RSA-OAEP',
+                modulusLength: 2048,
+                // As per suggestion: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams
+                publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+                hash: { name: 'SHA-256' },
+            }, true, // whether the key is extractable (i.e. can be used in exportKey)
+            ['encrypt', 'decrypt'] // must be ["encrypt", "decrypt"] or ["wrapKey", "unwrapKey"]
+            );
+            const jwk = yield this.crypto.subtle.exportKey('jwk', key.privateKey);
+            // Removing the fields not needed by node-jose
+            delete jwk.key_ops;
+            delete jwk.ext;
+            return KeyFactoryService.asKey(jwk);
+        });
+    }
+    createPkcSignKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.crypto.subtle.generateKey({
+                name: 'RSASSA-PKCS1-v1_5',
+                modulusLength: 2048,
+                // As per suggestion: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams
+                publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+                hash: { name: 'SHA-256' },
+            }, true, // whether the key is extractable (i.e. can be used in exportKey)
+            ['sign', 'verify'] // can be any combination of "sign" and "verify"
+            );
+            const jwk = yield this.crypto.subtle.exportKey('jwk', key.privateKey);
+            // Removing the fields not needed by node-jose
+            delete jwk.key_ops;
+            delete jwk.ext;
+            return KeyFactoryService.asKey(jwk);
+        });
+    }
+    deriveKey({ password, salt, iterations, kid, }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const enc = new TextEncoder();
+            const rawKey = yield this.crypto.subtle.importKey('raw', enc.encode(password), 'PBKDF2', false, ['deriveBits', 'deriveKey']);
+            const passKey = yield crypto.subtle.deriveKey({
+                name: 'PBKDF2',
+                salt: new TextEncoder().encode(salt),
+                iterations,
+                hash: 'SHA-256',
+            }, rawKey, { name: 'AES-GCM', length: 256 }, true, ['encrypt', 'decrypt']);
+            const passKeyJson = yield crypto.subtle.exportKey('jwk', passKey);
+            if (kid) {
+                passKeyJson.kid = kid;
+            }
+            const jwk = yield KeyFactoryService.asKey(passKeyJson);
+            return { jwk };
+        });
+    }
+    derivePassIdp(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (params.iterations < this.MIN_PASS_IDP_PBKDF_ITER) {
+                throw new LrSuspiciousException(`The number of PassIdp key derivation iterations sent from the server (${params.iterations}) is lower than the minimum (${this.MIN_PASS_IDP_PBKDF_ITER})`);
+            }
+            return this.deriveKey(params);
+        });
+    }
+    derivePassKey(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (params.iterations < this.MIN_PASS_KEY_PBKDF_ITER) {
+                throw new LrSuspiciousException(`The number of PassKey key derivation iterations sent from the server(${params.iterations}) is lower than the minimum(${this.MIN_PASS_KEY_PBKDF_ITER})`);
+            }
+            return this.deriveKey(params);
+        });
+    }
+    deriveLbopKey(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (params.iterations < this.MIN_LBOP_KEY_PBKDF_ITER) {
+                throw new LrSuspiciousException(`The number of LbopKey key derivation iterations sent from the server(${params.iterations}) is lower than the minimum(${this.MIN_LBOP_KEY_PBKDF_ITER})`);
+            }
+            return this.deriveKey(params);
+        });
+    }
+    createKid() {
+        return __awaiter(this, void 0, void 0, function* () {
+            // todo: AZ: node-jose source uses node's default UUID() function for kid, so just change to use that.
+            // for now, we are just creating a new key to use it's kid.
+            // The kid is a part of the JWK system. LR backend maintains the key hierarchy separately with it's own
+            // key id. But we just use it here as a double check.
+            return (yield this.createKey()).kid;
+        });
+    }
+    createPassIdpParams() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return {
+                salt: this.createSalt(),
+                iterations: this.DEFAULT_PASS_IDP_PBKDF_ITER,
+            };
+        });
+    }
+    createPassKeyParams() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return {
+                salt: this.createSalt(),
+                kid: yield this.createKid(),
+                iterations: this.DEFAULT_PASS_KEY_PBKDF_ITER,
+            };
+        });
+    }
+    createLbopKeyParams() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return {
+                salt: this.createSalt(),
+                // todo: AZ: node-jose source uses node's default UUID() function for kid, so just change to use that.
+                // for now, we are just creating a new key to use it's kid.
+                // The kid is a part of the JWK system. LR backend maintains the key hierarchy separately with it's own
+                // key id. But we just use it here as a double check.
+                kid: yield this.createKid(),
+                iterations: this.DEFAULT_PASS_KEY_PBKDF_ITER,
+            };
+        });
+    }
+}
+KeyFactoryService.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyFactoryService_Factory() { return new KeyFactoryService(i0.ɵɵinject(i1.WebCryptoService)); }, token: KeyFactoryService, providedIn: "root" });
+KeyFactoryService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+KeyFactoryService.ctorParameters = () => [
+    { type: WebCryptoService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LWZhY3Rvcnkuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiIvb3B0L2F0bGFzc2lhbi9waXBlbGluZXMvYWdlbnQvYnVpbGQvcHJvamVjdHMvY29yZS9zcmMvIiwic291cmNlcyI6WyJsaWIvY3J5cHRvZ3JhcGh5L2tleS1mYWN0b3J5LnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxlQUFlLENBQUM7QUFDM0MsT0FBTyxFQUFFLEdBQUcsRUFBRSxNQUFNLFdBQVcsQ0FBQztBQVVoQyxPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUN4RCxPQUFPLEVBQ0wsc0JBQXNCLEVBQ3RCLHFCQUFxQixHQUN0QixNQUFNLHVCQUF1QixDQUFDOzs7QUFFL0IsTUFBTSxVQUFnQixNQUFNLENBQUMsT0FBTzs7UUFDbEMsa0JBQWtCO1FBQ2xCLE1BQU0sU0FBUyxHQUFHLElBQUksV0FBVyxFQUFFLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBRXBELG1CQUFtQjtRQUNuQixNQUFNLFVBQVUsR0FBRyxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUMsQ0FBQztRQUVwRSwrQkFBK0I7UUFDL0IsTUFBTSxTQUFTLEdBQUcsS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDO1FBRXpELDhCQUE4QjtRQUM5QixNQUFNLE9BQU8sR0FBRyxTQUFTO2FBQ3RCLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO2FBQzdDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNaLE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7Q0FBQTtBQUtELE1BQU0sT0FBTyxpQkFBaUI7SUFDNUIsWUFBb0IsZ0JBQWtDO1FBQWxDLHFCQUFnQixHQUFoQixnQkFBZ0IsQ0FBa0I7UUFJdEQsMkVBQTJFO1FBQzNFLHNDQUFzQztRQUN0QyxpREFBaUQ7UUFFakQsK0VBQStFO1FBQy9FLG1GQUFtRjtRQUNuRixxRkFBcUY7UUFDckYsK0VBQStFO1FBQy9FLGdEQUFnRDtRQUNoQyw0QkFBdUIsR0FBRyxNQUFNLENBQUM7UUFDakMsNEJBQXVCLEdBQUcsTUFBTSxDQUFDO1FBQ2pDLDRCQUF1QixHQUFHLE1BQU0sQ0FBQztRQUVqRCxxRkFBcUY7UUFDckUsZ0NBQTJCLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixDQUFDO1FBQzNELGdDQUEyQixHQUFHLElBQUksQ0FBQyx1QkFBdUIsQ0FBQztRQUMzRCxnQ0FBMkIsR0FBRyxJQUFJLENBQUMsdUJBQXVCLENBQUM7UUFuQnpFLElBQUksQ0FBQyxNQUFNLEdBQUcsSUFBSSxDQUFDLGdCQUFnQixDQUFDLE1BQU0sQ0FBQztJQUM3QyxDQUFDO0lBb0JELE1BQU0sQ0FBQyxLQUFLLENBQ1YsR0FBMEMsRUFDMUMsSUFRUyxFQUNULE1BQWdDO1FBRWhDLHNFQUFzRTtRQUN0RSw0REFBNEQ7UUFDNUQsT0FBTyxHQUFHLENBQUMsS0FBSyxDQUFDLEdBQUcsRUFBRSxJQUFJLEVBQUUsTUFBTSxDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVELFlBQVksQ0FBQyxNQUFjO1FBQ3pCLElBQUksTUFBTSxJQUFJLENBQUMsRUFBRTtZQUNmLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyxhQUFhLENBQUMsQ0FBQztTQUNqRDtRQUNELE1BQU0sVUFBVSxHQUNkLGdFQUFnRSxDQUFDO1FBQ25FLElBQUksS0FBSyxHQUFHLElBQUksV0FBVyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ3BDLElBQUksQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ25DLEtBQUssR0FBRyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLENBQUMsR0FBRyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztRQUN2RSxPQUFPLE1BQU0sQ0FBQyxZQUFZLENBQUMsS0FBSyxDQUFDLElBQUksRUFBRSxLQUFLLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQsbUJBQW1CLENBQUMsTUFBYztRQUNoQyxPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUMsQ0FBQyxFQUFFLE1BQU0sQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUMxRSxDQUFDO0lBRUQsYUFBYSxDQUFJLEtBQVUsRUFBRSxPQUFlO1FBQzFDLElBQUksS0FBSyxDQUFDLE1BQU0sSUFBSSxDQUFDLEVBQUU7WUFDckIsTUFBTSxJQUFJLHNCQUFzQixDQUFDLG1CQUFtQixDQUFDLENBQUM7U0FDdkQ7UUFDRCxJQUFJLE9BQU8sSUFBSSxDQUFDLEVBQUU7WUFDaEIsTUFBTSxJQUFJLHNCQUFzQixDQUFDLGNBQWMsQ0FBQyxDQUFDO1NBQ2xEO1FBQ0QsTUFBTSxNQUFNLEdBQUcsSUFBSSxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDeEMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxlQUFlLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDcEMsTUFBTSxHQUFHLEdBQVEsRUFBRSxDQUFDO1FBQ3BCLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUMsR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ3pELE9BQU8sR0FBRyxDQUFDO0lBQ2IsQ0FBQztJQUVELFVBQVU7UUFDUixPQUFPLElBQUksQ0FBQyxZQUFZLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVLLFNBQVM7O1lBQ2IsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQzlDO2dCQUNFLElBQUksRUFBRSxTQUFTO2dCQUNmLE1BQU0sRUFBRSxHQUFHO2FBQ1osRUFDRCxJQUFJLEVBQUUsaUVBQWlFO1lBQ3ZFLENBQUMsU0FBUyxFQUFFLFNBQVMsQ0FBQyxDQUFDLDZEQUE2RDthQUNyRixDQUFDO1lBRUYsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsS0FBSyxFQUFFLEdBQUcsQ0FBQyxDQUFDO1lBRTNELDhDQUE4QztZQUM5QyxPQUFPLEdBQUcsQ0FBQyxHQUFHLENBQUM7WUFDZixPQUFPLEdBQUcsQ0FBQyxPQUFPLENBQUM7WUFFbkIsT0FBTyxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDdEMsQ0FBQztLQUFBO0lBRUssYUFBYTs7WUFDakIsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQzlDO2dCQUNFLElBQUksRUFBRSxNQUFNO2dCQUNaLElBQUksRUFBRSxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUU7YUFDMUIsRUFDRCxJQUFJLEVBQ0osQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLENBQ25CLENBQUM7WUFFRixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsR0FBRyxDQUFDLENBQUM7WUFFM0QsOENBQThDO1lBQzlDLE9BQU8sR0FBRyxDQUFDLE9BQU8sQ0FBQztZQUNuQixPQUFPLEdBQUcsQ0FBQyxHQUFHLENBQUM7WUFFZixPQUFPLGlCQUFpQixDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUN0QyxDQUFDO0tBQUE7SUFFSyxZQUFZOztZQUNoQixtRkFBbUY7WUFDbkYsMEZBQTBGO1lBQzFGLGtHQUFrRztZQUNsRyxxREFBcUQ7WUFDckQsOEZBQThGO1lBQzlGLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUM5QztnQkFDRSxJQUFJLEVBQUUsVUFBVTtnQkFDaEIsYUFBYSxFQUFFLElBQUk7Z0JBQ25CLDRGQUE0RjtnQkFDNUYsY0FBYyxFQUFFLElBQUksVUFBVSxDQUFDLENBQUMsSUFBSSxFQUFFLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQztnQkFDbEQsSUFBSSxFQUFFLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRTthQUMxQixFQUNELElBQUksRUFBRSxpRUFBaUU7WUFDdkUsQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDLENBQUMsNkRBQTZEO2FBQ3JGLENBQUM7WUFFRixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsR0FBRyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBQ3RFLDhDQUE4QztZQUM5QyxPQUFPLEdBQUcsQ0FBQyxPQUFPLENBQUM7WUFDbkIsT0FBTyxHQUFHLENBQUMsR0FBRyxDQUFDO1lBRWYsT0FBTyxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDdEMsQ0FBQztLQUFBO0lBRUssZ0JBQWdCOztZQUNwQixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FDOUM7Z0JBQ0UsSUFBSSxFQUFFLG1CQUFtQjtnQkFDekIsYUFBYSxFQUFFLElBQUk7Z0JBQ25CLDRGQUE0RjtnQkFDNUYsY0FBYyxFQUFFLElBQUksVUFBVSxDQUFDLENBQUMsSUFBSSxFQUFFLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQztnQkFDbEQsSUFBSSxFQUFFLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRTthQUMxQixFQUNELElBQUksRUFBRSxpRUFBaUU7WUFDdkUsQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLENBQUMsZ0RBQWdEO2FBQ3BFLENBQUM7WUFFRixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsR0FBRyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBRXRFLDhDQUE4QztZQUM5QyxPQUFPLEdBQUcsQ0FBQyxPQUFPLENBQUM7WUFDbkIsT0FBTyxHQUFHLENBQUMsR0FBRyxDQUFDO1lBRWYsT0FBTyxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDdEMsQ0FBQztLQUFBO0lBRUssU0FBUyxDQUFDLEVBQ2QsUUFBUSxFQUNSLElBQUksRUFDSixVQUFVLEVBQ1YsR0FBRyxHQU1KOztZQUNDLE1BQU0sR0FBRyxHQUFHLElBQUksV0FBVyxFQUFFLENBQUM7WUFDOUIsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQy9DLEtBQUssRUFDTCxHQUFHLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxFQUNwQixRQUFRLEVBQ1IsS0FBSyxFQUNMLENBQUMsWUFBWSxFQUFFLFdBQVcsQ0FBQyxDQUM1QixDQUFDO1lBRUYsTUFBTSxPQUFPLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FDM0M7Z0JBQ0UsSUFBSSxFQUFFLFFBQVE7Z0JBQ2QsSUFBSSxFQUFFLElBQUksV0FBVyxFQUFFLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQztnQkFDcEMsVUFBVTtnQkFDVixJQUFJLEVBQUUsU0FBUzthQUNoQixFQUNELE1BQU0sRUFDTixFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsTUFBTSxFQUFFLEdBQUcsRUFBRSxFQUNoQyxJQUFJLEVBQ0osQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDLENBQ3ZCLENBQUM7WUFFRixNQUFNLFdBQVcsR0FBUSxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxPQUFPLENBQUMsQ0FBQztZQUN2RSxJQUFJLEdBQUcsRUFBRTtnQkFDUCxXQUFXLENBQUMsR0FBRyxHQUFHLEdBQUcsQ0FBQzthQUN2QjtZQUVELE1BQU0sR0FBRyxHQUFHLE1BQU0saUJBQWlCLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRXZELE9BQU8sRUFBRSxHQUFHLEVBQUUsQ0FBQztRQUNqQixDQUFDO0tBQUE7SUFFSyxhQUFhLENBQUMsTUFBMkI7O1lBQzdDLElBQUksTUFBTSxDQUFDLFVBQVUsR0FBRyxJQUFJLENBQUMsdUJBQXVCLEVBQUU7Z0JBQ3BELE1BQU0sSUFBSSxxQkFBcUIsQ0FDN0IseUVBQXlFLE1BQU0sQ0FBQyxVQUFVLGdDQUFnQyxJQUFJLENBQUMsdUJBQXVCLEdBQUcsQ0FDMUosQ0FBQzthQUNIO1lBQ0QsT0FBTyxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2hDLENBQUM7S0FBQTtJQUVLLGFBQWEsQ0FBQyxNQUEyQjs7WUFDN0MsSUFBSSxNQUFNLENBQUMsVUFBVSxHQUFHLElBQUksQ0FBQyx1QkFBdUIsRUFBRTtnQkFDcEQsTUFBTSxJQUFJLHFCQUFxQixDQUM3Qix3RUFBd0UsTUFBTSxDQUFDLFVBQVUsK0JBQStCLElBQUksQ0FBQyx1QkFBdUIsR0FBRyxDQUN4SixDQUFDO2FBQ0g7WUFDRCxPQUFPLElBQUksQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDaEMsQ0FBQztLQUFBO0lBRUssYUFBYSxDQUFDLE1BQTJCOztZQUM3QyxJQUFJLE1BQU0sQ0FBQyxVQUFVLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixFQUFFO2dCQUNwRCxNQUFNLElBQUkscUJBQXFCLENBQzdCLHdFQUF3RSxNQUFNLENBQUMsVUFBVSwrQkFBK0IsSUFBSSxDQUFDLHVCQUF1QixHQUFHLENBQ3hKLENBQUM7YUFDSDtZQUNELE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNoQyxDQUFDO0tBQUE7SUFFSyxTQUFTOztZQUNiLHNHQUFzRztZQUN0RywyREFBMkQ7WUFDM0QsdUdBQXVHO1lBQ3ZHLHFEQUFxRDtZQUNyRCxPQUFPLENBQUMsTUFBTSxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUMsQ0FBQyxHQUFHLENBQUM7UUFDdEMsQ0FBQztLQUFBO0lBRUssbUJBQW1COztZQUN2QixPQUFPO2dCQUNMLElBQUksRUFBRSxJQUFJLENBQUMsVUFBVSxFQUFFO2dCQUN2QixVQUFVLEVBQUUsSUFBSSxDQUFDLDJCQUEyQjthQUM3QyxDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRUssbUJBQW1COztZQUN2QixPQUFPO2dCQUNMLElBQUksRUFBRSxJQUFJLENBQUMsVUFBVSxFQUFFO2dCQUN2QixHQUFHLEVBQUUsTUFBTSxJQUFJLENBQUMsU0FBUyxFQUFFO2dCQUMzQixVQUFVLEVBQUUsSUFBSSxDQUFDLDJCQUEyQjthQUM3QyxDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRUssbUJBQW1COztZQUN2QixPQUFPO2dCQUNMLElBQUksRUFBRSxJQUFJLENBQUMsVUFBVSxFQUFFO2dCQUN2QixzR0FBc0c7Z0JBQ3RHLDJEQUEyRDtnQkFDM0QsdUdBQXVHO2dCQUN2RyxxREFBcUQ7Z0JBQ3JELEdBQUcsRUFBRSxNQUFNLElBQUksQ0FBQyxTQUFTLEVBQUU7Z0JBQzNCLFVBQVUsRUFBRSxJQUFJLENBQUMsMkJBQTJCO2FBQzdDLENBQUM7UUFDSixDQUFDO0tBQUE7Ozs7WUEzUUYsVUFBVSxTQUFDO2dCQUNWLFVBQVUsRUFBRSxNQUFNO2FBQ25COzs7WUF6QlEsZ0JBQWdCIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgSW5qZWN0YWJsZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xuaW1wb3J0IHsgSldLIH0gZnJvbSAnbm9kZS1qb3NlJztcbmltcG9ydCB7XG4gIExib3BLZXlQYXJhbXMsXG4gIFBhc3NJZHBQYXJhbXMsXG4gIFBhc3NLZXlQYXJhbXMsXG4gIERlcml2ZUtleVJlc3VsdCxcbiAgRGVyaXZlUGFzc0lkcFBhcmFtcyxcbiAgRGVyaXZlUGFzc0tleVBhcmFtcyxcbiAgRGVyaXZlTGJvcEtleVBhcmFtcyxcbn0gZnJvbSAnLi9jcnlwdG9ncmFwaHkudHlwZXMnO1xuaW1wb3J0IHsgV2ViQ3J5cHRvU2VydmljZSB9IGZyb20gJy4vd2ViLWNyeXB0by5zZXJ2aWNlJztcbmltcG9ydCB7XG4gIExyQmFkQXJndW1lbnRFeGNlcHRpb24sXG4gIExyU3VzcGljaW91c0V4Y2VwdGlvbixcbn0gZnJvbSAnLi4vX2NvbW1vbi9leGNlcHRpb25zJztcblxuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIHNoYTI1NihtZXNzYWdlKSB7XG4gIC8vIGVuY29kZSBhcyBVVEYtOFxuICBjb25zdCBtc2dCdWZmZXIgPSBuZXcgVGV4dEVuY29kZXIoKS5lbmNvZGUobWVzc2FnZSk7XG5cbiAgLy8gaGFzaCB0aGUgbWVzc2FnZVxuICBjb25zdCBoYXNoQnVmZmVyID0gYXdhaXQgY3J5cHRvLnN1YnRsZS5kaWdlc3QoJ1NIQS0yNTYnLCBtc2dCdWZmZXIpO1xuXG4gIC8vIGNvbnZlcnQgQXJyYXlCdWZmZXIgdG8gQXJyYXlcbiAgY29uc3QgaGFzaEFycmF5ID0gQXJyYXkuZnJvbShuZXcgVWludDhBcnJheShoYXNoQnVmZmVyKSk7XG5cbiAgLy8gY29udmVydCBieXRlcyB0byBoZXggc3RyaW5nXG4gIGNvbnN0IGhhc2hIZXggPSBoYXNoQXJyYXlcbiAgICAubWFwKChiKSA9PiAoJzAwJyArIGIudG9TdHJpbmcoMTYpKS5zbGljZSgtMikpXG4gICAgLmpvaW4oJycpO1xuICByZXR1cm4gaGFzaEhleDtcbn1cblxuQEluamVjdGFibGUoe1xuICBwcm92aWRlZEluOiAncm9vdCcsXG59KVxuZXhwb3J0IGNsYXNzIEtleUZhY3RvcnlTZXJ2aWNlIHtcbiAgY29uc3RydWN0b3IocHJpdmF0ZSB3ZWJDcnlwdG9TZXJ2aWNlOiBXZWJDcnlwdG9TZXJ2aWNlKSB7XG4gICAgdGhpcy5jcnlwdG8gPSB0aGlzLndlYkNyeXB0b1NlcnZpY2UuY3J5cHRvO1xuICB9XG4gIHByaXZhdGUgcmVhZG9ubHkgY3J5cHRvO1xuICAvLyBHbG9iYWwga2V5cyBzdG9yZS4gT3RoZXJ3aXNlLCBlYWNoIGNhbGwgdG8gYXNLZXkgY3JlYXRlcyBhIG5ldyBrZXlTdG9yZS5cbiAgLy8gPEFaPiBEaWQgbm90IHNlZW0gdG8gaW1wcm92ZSBzcGVlZC5cbiAgLy8gcHVibGljIHN0YXRpYyBrZXlTdG9yZSA9IEpXSy5jcmVhdGVLZXlTdG9yZSgpO1xuXG4gIC8vIEFaOiBUaGlzIGNhbid0IGJlIGNoYW5nZSBlYXNpbHkuIEl0J3MgYmFzaWNhbGx5IGEgUGFzc0sgb3IgUGFzc0lkcCByb3RhdGlvbi5cbiAgLy8gdG9kbzogd2Ugc2hvdWxkIGV2ZW50dWFsbHkgaW5jcmVhc2UgdGhpcyBwZXJpb2RpY2FsbHkgdG8gbWF0Y2ggd2l0aCBNb29yZSdzIGxhdy5cbiAgLy8gVGhlIGl0ZXJhdGlvbnMgZm9yIGVhY2gga2V5IGFyZSBrZXB0IGJ5IHRoZSBzZXJ2ZXIgYXMgd2VsbCBidXQgd2UgYXNzdW1lIHRoZSB2YWx1ZVxuICAvLyBmcm9tIHRoZSBzZXJ2ZXIgaXMgbm90IHRydXN0d29ydGh5LCBzbyBuZWVkIHRvIGhhdmUgbWluaW11bSB0aHJlc2hvbGRzIGhlcmUuXG4gIC8vIElmIGNyZWF0aW5nIG5ldyBrZXlzLCB0aGVzZSBtaW5pbXVtIGFyZSB1c2VkLlxuICBwdWJsaWMgcmVhZG9ubHkgTUlOX1BBU1NfSURQX1BCS0RGX0lURVIgPSAxMDAwMDA7XG4gIHB1YmxpYyByZWFkb25seSBNSU5fUEFTU19LRVlfUEJLREZfSVRFUiA9IDEwMDAwMDtcbiAgcHVibGljIHJlYWRvbmx5IE1JTl9MQk9QX0tFWV9QQktERl9JVEVSID0gMTAwMDAwO1xuXG4gIC8vIFRoZXNlIGFyZSB1c2VkIGFzIHRoZSBkZWZhdWx0IHZhbHVlcy4gVGhleSBtdXN0IGJlIGxhcmdlciB0aGFuIHRoZSBtaW5pbXVtIHZhbHVlcy5cbiAgcHVibGljIHJlYWRvbmx5IERFRkFVTFRfUEFTU19JRFBfUEJLREZfSVRFUiA9IHRoaXMuTUlOX1BBU1NfSURQX1BCS0RGX0lURVI7XG4gIHB1YmxpYyByZWFkb25seSBERUZBVUxUX1BBU1NfS0VZX1BCS0RGX0lURVIgPSB0aGlzLk1JTl9QQVNTX0tFWV9QQktERl9JVEVSO1xuICBwdWJsaWMgcmVhZG9ubHkgREVGQVVMVF9MQk9QX0tFWV9QQktERl9JVEVSID0gdGhpcy5NSU5fTEJPUF9LRVlfUEJLREZfSVRFUjtcblxuICBzdGF0aWMgYXNLZXkoXG4gICAga2V5OiBzdHJpbmcgfCBCdWZmZXIgfCBvYmplY3QgfCBKV0suUmF3S2V5LFxuICAgIGZvcm0/OlxuICAgICAgfCAnanNvbidcbiAgICAgIHwgJ3ByaXZhdGUnXG4gICAgICB8ICdwa2NzOCdcbiAgICAgIHwgJ3B1YmxpYydcbiAgICAgIHwgJ3Nwa2knXG4gICAgICB8ICdwa2l4J1xuICAgICAgfCAneDUwOSdcbiAgICAgIHwgJ3BlbScsXG4gICAgZXh0cmFzPzogUmVjb3JkPHN0cmluZywgdW5rbm93bj5cbiAgKTogUHJvbWlzZTxKV0suS2V5PiB7XG4gICAgLy8gPEFaPiBVc2luZyBhIHNpbmdsZSBnbG9iYWwga2V5IHN0b3JlIGRpZCBub3Qgc2VlbSB0byBpbXByb3ZlIHNwZWVkLlxuICAgIC8vIHJldHVybiBLZXlGYWN0b3J5U2VydmljZS5rZXlTdG9yZS5hZGQoa2V5LCBmb3JtLCBleHRyYXMpO1xuICAgIHJldHVybiBKV0suYXNLZXkoa2V5LCBmb3JtLCBleHRyYXMpO1xuICB9XG5cbiAgcmFuZG9tU3RyaW5nKGRpZ2l0czogbnVtYmVyKTogc3RyaW5nIHtcbiAgICBpZiAoZGlnaXRzIDw9IDApIHtcbiAgICAgIHRocm93IG5ldyBMckJhZEFyZ3VtZW50RXhjZXB0aW9uKCdkaWdpdHMgPD0gMCcpO1xuICAgIH1cbiAgICBjb25zdCB2YWxpZENoYXJzID1cbiAgICAgICdBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSc7XG4gICAgbGV0IGFycmF5ID0gbmV3IFVpbnQzMkFycmF5KGRpZ2l0cyk7XG4gICAgdGhpcy5jcnlwdG8uZ2V0UmFuZG9tVmFsdWVzKGFycmF5KTtcbiAgICBhcnJheSA9IGFycmF5Lm1hcCgoeCkgPT4gdmFsaWRDaGFycy5jaGFyQ29kZUF0KHggJSB2YWxpZENoYXJzLmxlbmd0aCkpO1xuICAgIHJldHVybiBTdHJpbmcuZnJvbUNoYXJDb2RlLmFwcGx5KG51bGwsIGFycmF5KTtcbiAgfVxuXG4gIHJhbmRvbURpZ2l0c05vWmVyb3MoZGlnaXRzOiBudW1iZXIpOiBzdHJpbmcge1xuICAgIHJldHVybiB0aGlzLnJhbmRvbUNob2ljZXMoWzEsIDIsIDMsIDQsIDUsIDYsIDcsIDgsIDldLCBkaWdpdHMpLmpvaW4oJycpO1xuICB9XG5cbiAgcmFuZG9tQ2hvaWNlczxUPihhcnJheTogVFtdLCBjaG9vc2VOOiBudW1iZXIpOiBUW10ge1xuICAgIGlmIChhcnJheS5sZW5ndGggPD0gMSkge1xuICAgICAgdGhyb3cgbmV3IExyQmFkQXJndW1lbnRFeGNlcHRpb24oJ2FycmF5Lmxlbmd0aCA8PSAwJyk7XG4gICAgfVxuICAgIGlmIChjaG9vc2VOIDw9IDApIHtcbiAgICAgIHRocm93IG5ldyBMckJhZEFyZ3VtZW50RXhjZXB0aW9uKCdjaG9vc2VOIDw9IDAnKTtcbiAgICB9XG4gICAgY29uc3QgdmFsdWVzID0gbmV3IFVpbnQzMkFycmF5KGNob29zZU4pO1xuICAgIHRoaXMuY3J5cHRvLmdldFJhbmRvbVZhbHVlcyh2YWx1ZXMpO1xuICAgIGNvbnN0IHJldDogVFtdID0gW107XG4gICAgdmFsdWVzLmZvckVhY2goKHYpID0+IHJldC5wdXNoKGFycmF5W3YgJSBhcnJheS5sZW5ndGhdKSk7XG4gICAgcmV0dXJuIHJldDtcbiAgfVxuXG4gIGNyZWF0ZVNhbHQoKTogc3RyaW5nIHtcbiAgICByZXR1cm4gdGhpcy5yYW5kb21TdHJpbmcoMTYpO1xuICB9XG5cbiAgYXN5bmMgY3JlYXRlS2V5KCk6IFByb21pc2U8SldLLktleT4ge1xuICAgIGNvbnN0IGtleSA9IGF3YWl0IHRoaXMuY3J5cHRvLnN1YnRsZS5nZW5lcmF0ZUtleShcbiAgICAgIHtcbiAgICAgICAgbmFtZTogJ0FFUy1HQ00nLFxuICAgICAgICBsZW5ndGg6IDI1NiwgLy8gY2FuIGJlICAxMjgsIDE5Miwgb3IgMjU2XG4gICAgICB9LFxuICAgICAgdHJ1ZSwgLy8gd2hldGhlciB0aGUga2V5IGlzIGV4dHJhY3RhYmxlIChpLmUuIGNhbiBiZSB1c2VkIGluIGV4cG9ydEtleSlcbiAgICAgIFsnZW5jcnlwdCcsICdkZWNyeXB0J10gLy8gbXVzdCBiZSBbXCJlbmNyeXB0XCIsIFwiZGVjcnlwdFwiXSBvciBbXCJ3cmFwS2V5XCIsIFwidW53cmFwS2V5XCJdXG4gICAgKTtcblxuICAgIGNvbnN0IGp3ayA9IGF3YWl0IHRoaXMuY3J5cHRvLnN1YnRsZS5leHBvcnRLZXkoJ2p3aycsIGtleSk7XG5cbiAgICAvLyBSZW1vdmluZyB0aGUgZmllbGRzIG5vdCBuZWVkZWQgYnkgbm9kZS1qb3NlXG4gICAgZGVsZXRlIGp3ay5leHQ7XG4gICAgZGVsZXRlIGp3ay5rZXlfb3BzO1xuXG4gICAgcmV0dXJuIEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KGp3ayk7XG4gIH1cblxuICBhc3luYyBjcmVhdGVTaWduS2V5KCk6IFByb21pc2U8SldLLktleT4ge1xuICAgIGNvbnN0IGtleSA9IGF3YWl0IHRoaXMuY3J5cHRvLnN1YnRsZS5nZW5lcmF0ZUtleShcbiAgICAgIHtcbiAgICAgICAgbmFtZTogJ0hNQUMnLFxuICAgICAgICBoYXNoOiB7IG5hbWU6ICdTSEEtNTEyJyB9LFxuICAgICAgfSxcbiAgICAgIHRydWUsXG4gICAgICBbJ3NpZ24nLCAndmVyaWZ5J11cbiAgICApO1xuXG4gICAgY29uc3QgandrID0gYXdhaXQgdGhpcy5jcnlwdG8uc3VidGxlLmV4cG9ydEtleSgnandrJywga2V5KTtcblxuICAgIC8vIFJlbW92aW5nIHRoZSBmaWVsZHMgbm90IG5lZWRlZCBieSBub2RlLWpvc2VcbiAgICBkZWxldGUgandrLmtleV9vcHM7XG4gICAgZGVsZXRlIGp3ay5leHQ7XG5cbiAgICByZXR1cm4gS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoandrKTtcbiAgfVxuXG4gIGFzeW5jIGNyZWF0ZVBrY0tleSgpOiBQcm9taXNlPEpXSy5LZXk+IHtcbiAgICAvLyBub2RlLWpvc2UgaXMgbm90IHVzaW5nIEZvcmdlIHByb3Blcmx5LiBJdCBzaG91bGQgYmUgY2FsbGluZyB0aGUgYXN5bmMgdmVyc2lvbiBvZlxuICAgIC8vIHBraS5yc2EuZ2VuZXJhdGVLZXlQYWlyKCkgd2l0aCBhIGNhbGxiYWNrLiBJbnN0ZWFkIGl0IGNhbGxzIHRoZSBzeW5jIHZlcnNpb24uIFdlYmNyeXB0b1xuICAgIC8vIGRvZXMgbm90IHN1cHBvcnQgc3luYyB2ZXJzaW9uLCBzbyBpdCB1c2VzIHRoZSBqYXZhc2NyaXB0IGltcGxlbWVudGF0aW9uLCB3aGljaCBpcyB3YXkgdG9vIHNsb3cuXG4gICAgLy8gU28gd2UgZ2VuZXJhdGUgdXNpbmcgd2ViY3J5cHRvIGFuZCBpbXBvcnQgdGhlIGtleS5cbiAgICAvLyBVbmZvcnR1bmF0ZWx5IEVsbGlwdGljYWwgQ3VydmUgaXMgbm90IHN1cHBvcnRlZCBieSBXZWJjcnlwdG8uIFNvIHdlIGhhdmUgdG8gc2V0dGxlIGZvciBSU0EuXG4gICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5jcnlwdG8uc3VidGxlLmdlbmVyYXRlS2V5KFxuICAgICAge1xuICAgICAgICBuYW1lOiAnUlNBLU9BRVAnLFxuICAgICAgICBtb2R1bHVzTGVuZ3RoOiAyMDQ4LCAvLyBjYW4gYmUgMTAyNCwgMjA0OCwgMzA3MiwgNDA5NiAuLi4gMTYzODRcbiAgICAgICAgLy8gQXMgcGVyIHN1Z2dlc3Rpb246IGh0dHBzOi8vZGV2ZWxvcGVyLm1vemlsbGEub3JnL2VuLVVTL2RvY3MvV2ViL0FQSS9Sc2FIYXNoZWRLZXlHZW5QYXJhbXNcbiAgICAgICAgcHVibGljRXhwb25lbnQ6IG5ldyBVaW50OEFycmF5KFsweDAxLCAweDAwLCAweDAxXSksXG4gICAgICAgIGhhc2g6IHsgbmFtZTogJ1NIQS0yNTYnIH0sIC8vIGNhbiBiZSBcIlNIQS0xXCIsIFwiU0hBLTI1NlwiLCBcIlNIQS0zODRcIiwgb3IgXCJTSEEtNTEyXCJcbiAgICAgIH0sXG4gICAgICB0cnVlLCAvLyB3aGV0aGVyIHRoZSBrZXkgaXMgZXh0cmFjdGFibGUgKGkuZS4gY2FuIGJlIHVzZWQgaW4gZXhwb3J0S2V5KVxuICAgICAgWydlbmNyeXB0JywgJ2RlY3J5cHQnXSAvLyBtdXN0IGJlIFtcImVuY3J5cHRcIiwgXCJkZWNyeXB0XCJdIG9yIFtcIndyYXBLZXlcIiwgXCJ1bndyYXBLZXlcIl1cbiAgICApO1xuXG4gICAgY29uc3QgandrID0gYXdhaXQgdGhpcy5jcnlwdG8uc3VidGxlLmV4cG9ydEtleSgnandrJywga2V5LnByaXZhdGVLZXkpO1xuICAgIC8vIFJlbW92aW5nIHRoZSBmaWVsZHMgbm90IG5lZWRlZCBieSBub2RlLWpvc2VcbiAgICBkZWxldGUgandrLmtleV9vcHM7XG4gICAgZGVsZXRlIGp3ay5leHQ7XG5cbiAgICByZXR1cm4gS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoandrKTtcbiAgfVxuXG4gIGFzeW5jIGNyZWF0ZVBrY1NpZ25LZXkoKTogUHJvbWlzZTxKV0suS2V5PiB7XG4gICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5jcnlwdG8uc3VidGxlLmdlbmVyYXRlS2V5KFxuICAgICAge1xuICAgICAgICBuYW1lOiAnUlNBU1NBLVBLQ1MxLXYxXzUnLFxuICAgICAgICBtb2R1bHVzTGVuZ3RoOiAyMDQ4LCAvLyBjYW4gYmUgMTAyNCwgMjA0OCwgb3IgNDA5NlxuICAgICAgICAvLyBBcyBwZXIgc3VnZ2VzdGlvbjogaHR0cHM6Ly9kZXZlbG9wZXIubW96aWxsYS5vcmcvZW4tVVMvZG9jcy9XZWIvQVBJL1JzYUhhc2hlZEtleUdlblBhcmFtc1xuICAgICAgICBwdWJsaWNFeHBvbmVudDogbmV3IFVpbnQ4QXJyYXkoWzB4MDEsIDB4MDAsIDB4MDFdKSxcbiAgICAgICAgaGFzaDogeyBuYW1lOiAnU0hBLTI1NicgfSwgLy8gY2FuIGJlIFwiU0hBLTFcIiwgXCJTSEEtMjU2XCIsIFwiU0hBLTM4NFwiLCBvciBcIlNIQS01MTJcIlxuICAgICAgfSxcbiAgICAgIHRydWUsIC8vIHdoZXRoZXIgdGhlIGtleSBpcyBleHRyYWN0YWJsZSAoaS5lLiBjYW4gYmUgdXNlZCBpbiBleHBvcnRLZXkpXG4gICAgICBbJ3NpZ24nLCAndmVyaWZ5J10gLy8gY2FuIGJlIGFueSBjb21iaW5hdGlvbiBvZiBcInNpZ25cIiBhbmQgXCJ2ZXJpZnlcIlxuICAgICk7XG5cbiAgICBjb25zdCBqd2sgPSBhd2FpdCB0aGlzLmNyeXB0by5zdWJ0bGUuZXhwb3J0S2V5KCdqd2snLCBrZXkucHJpdmF0ZUtleSk7XG5cbiAgICAvLyBSZW1vdmluZyB0aGUgZmllbGRzIG5vdCBuZWVkZWQgYnkgbm9kZS1qb3NlXG4gICAgZGVsZXRlIGp3ay5rZXlfb3BzO1xuICAgIGRlbGV0ZSBqd2suZXh0O1xuXG4gICAgcmV0dXJuIEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KGp3ayk7XG4gIH1cblxuICBhc3luYyBkZXJpdmVLZXkoe1xuICAgIHBhc3N3b3JkLFxuICAgIHNhbHQsXG4gICAgaXRlcmF0aW9ucyxcbiAgICBraWQsXG4gIH06IHtcbiAgICBwYXNzd29yZDogc3RyaW5nO1xuICAgIHNhbHQ6IHN0cmluZztcbiAgICBpdGVyYXRpb25zOiBudW1iZXI7XG4gICAga2lkPzogc3RyaW5nO1xuICB9KTogUHJvbWlzZTxEZXJpdmVLZXlSZXN1bHQ+IHtcbiAgICBjb25zdCBlbmMgPSBuZXcgVGV4dEVuY29kZXIoKTtcbiAgICBjb25zdCByYXdLZXkgPSBhd2FpdCB0aGlzLmNyeXB0by5zdWJ0bGUuaW1wb3J0S2V5KFxuICAgICAgJ3JhdycsXG4gICAgICBlbmMuZW5jb2RlKHBhc3N3b3JkKSxcbiAgICAgICdQQktERjInLFxuICAgICAgZmFsc2UsXG4gICAgICBbJ2Rlcml2ZUJpdHMnLCAnZGVyaXZlS2V5J11cbiAgICApO1xuXG4gICAgY29uc3QgcGFzc0tleSA9IGF3YWl0IGNyeXB0by5zdWJ0bGUuZGVyaXZlS2V5KFxuICAgICAge1xuICAgICAgICBuYW1lOiAnUEJLREYyJyxcbiAgICAgICAgc2FsdDogbmV3IFRleHRFbmNvZGVyKCkuZW5jb2RlKHNhbHQpLFxuICAgICAgICBpdGVyYXRpb25zLFxuICAgICAgICBoYXNoOiAnU0hBLTI1NicsXG4gICAgICB9LFxuICAgICAgcmF3S2V5LFxuICAgICAgeyBuYW1lOiAnQUVTLUdDTScsIGxlbmd0aDogMjU2IH0sXG4gICAgICB0cnVlLFxuICAgICAgWydlbmNyeXB0JywgJ2RlY3J5cHQnXVxuICAgICk7XG5cbiAgICBjb25zdCBwYXNzS2V5SnNvbjogYW55ID0gYXdhaXQgY3J5cHRvLnN1YnRsZS5leHBvcnRLZXkoJ2p3aycsIHBhc3NLZXkpO1xuICAgIGlmIChraWQpIHtcbiAgICAgIHBhc3NLZXlKc29uLmtpZCA9IGtpZDtcbiAgICB9XG5cbiAgICBjb25zdCBqd2sgPSBhd2FpdCBLZXlGYWN0b3J5U2VydmljZS5hc0tleShwYXNzS2V5SnNvbik7XG5cbiAgICByZXR1cm4geyBqd2sgfTtcbiAgfVxuXG4gIGFzeW5jIGRlcml2ZVBhc3NJZHAocGFyYW1zOiBEZXJpdmVQYXNzSWRwUGFyYW1zKTogUHJvbWlzZTxEZXJpdmVLZXlSZXN1bHQ+IHtcbiAgICBpZiAocGFyYW1zLml0ZXJhdGlvbnMgPCB0aGlzLk1JTl9QQVNTX0lEUF9QQktERl9JVEVSKSB7XG4gICAgICB0aHJvdyBuZXcgTHJTdXNwaWNpb3VzRXhjZXB0aW9uKFxuICAgICAgICBgVGhlIG51bWJlciBvZiBQYXNzSWRwIGtleSBkZXJpdmF0aW9uIGl0ZXJhdGlvbnMgc2VudCBmcm9tIHRoZSBzZXJ2ZXIgKCR7cGFyYW1zLml0ZXJhdGlvbnN9KSBpcyBsb3dlciB0aGFuIHRoZSBtaW5pbXVtICgke3RoaXMuTUlOX1BBU1NfSURQX1BCS0RGX0lURVJ9KWBcbiAgICAgICk7XG4gICAgfVxuICAgIHJldHVybiB0aGlzLmRlcml2ZUtleShwYXJhbXMpO1xuICB9XG5cbiAgYXN5bmMgZGVyaXZlUGFzc0tleShwYXJhbXM6IERlcml2ZVBhc3NLZXlQYXJhbXMpOiBQcm9taXNlPERlcml2ZUtleVJlc3VsdD4ge1xuICAgIGlmIChwYXJhbXMuaXRlcmF0aW9ucyA8IHRoaXMuTUlOX1BBU1NfS0VZX1BCS0RGX0lURVIpIHtcbiAgICAgIHRocm93IG5ldyBMclN1c3BpY2lvdXNFeGNlcHRpb24oXG4gICAgICAgIGBUaGUgbnVtYmVyIG9mIFBhc3NLZXkga2V5IGRlcml2YXRpb24gaXRlcmF0aW9ucyBzZW50IGZyb20gdGhlIHNlcnZlcigke3BhcmFtcy5pdGVyYXRpb25zfSkgaXMgbG93ZXIgdGhhbiB0aGUgbWluaW11bSgke3RoaXMuTUlOX1BBU1NfS0VZX1BCS0RGX0lURVJ9KWBcbiAgICAgICk7XG4gICAgfVxuICAgIHJldHVybiB0aGlzLmRlcml2ZUtleShwYXJhbXMpO1xuICB9XG5cbiAgYXN5bmMgZGVyaXZlTGJvcEtleShwYXJhbXM6IERlcml2ZUxib3BLZXlQYXJhbXMpOiBQcm9taXNlPERlcml2ZUtleVJlc3VsdD4ge1xuICAgIGlmIChwYXJhbXMuaXRlcmF0aW9ucyA8IHRoaXMuTUlOX0xCT1BfS0VZX1BCS0RGX0lURVIpIHtcbiAgICAgIHRocm93IG5ldyBMclN1c3BpY2lvdXNFeGNlcHRpb24oXG4gICAgICAgIGBUaGUgbnVtYmVyIG9mIExib3BLZXkga2V5IGRlcml2YXRpb24gaXRlcmF0aW9ucyBzZW50IGZyb20gdGhlIHNlcnZlcigke3BhcmFtcy5pdGVyYXRpb25zfSkgaXMgbG93ZXIgdGhhbiB0aGUgbWluaW11bSgke3RoaXMuTUlOX0xCT1BfS0VZX1BCS0RGX0lURVJ9KWBcbiAgICAgICk7XG4gICAgfVxuICAgIHJldHVybiB0aGlzLmRlcml2ZUtleShwYXJhbXMpO1xuICB9XG5cbiAgYXN5bmMgY3JlYXRlS2lkKCk6IFByb21pc2U8c3RyaW5nPiB7XG4gICAgLy8gdG9kbzogQVo6IG5vZGUtam9zZSBzb3VyY2UgdXNlcyBub2RlJ3MgZGVmYXVsdCBVVUlEKCkgZnVuY3Rpb24gZm9yIGtpZCwgc28ganVzdCBjaGFuZ2UgdG8gdXNlIHRoYXQuXG4gICAgLy8gZm9yIG5vdywgd2UgYXJlIGp1c3QgY3JlYXRpbmcgYSBuZXcga2V5IHRvIHVzZSBpdCdzIGtpZC5cbiAgICAvLyBUaGUga2lkIGlzIGEgcGFydCBvZiB0aGUgSldLIHN5c3RlbS4gTFIgYmFja2VuZCBtYWludGFpbnMgdGhlIGtleSBoaWVyYXJjaHkgc2VwYXJhdGVseSB3aXRoIGl0J3Mgb3duXG4gICAgLy8ga2V5IGlkLiBCdXQgd2UganVzdCB1c2UgaXQgaGVyZSBhcyBhIGRvdWJsZSBjaGVjay5cbiAgICByZXR1cm4gKGF3YWl0IHRoaXMuY3JlYXRlS2V5KCkpLmtpZDtcbiAgfVxuXG4gIGFzeW5jIGNyZWF0ZVBhc3NJZHBQYXJhbXMoKTogUHJvbWlzZTxQYXNzSWRwUGFyYW1zPiB7XG4gICAgcmV0dXJuIHtcbiAgICAgIHNhbHQ6IHRoaXMuY3JlYXRlU2FsdCgpLFxuICAgICAgaXRlcmF0aW9uczogdGhpcy5ERUZBVUxUX1BBU1NfSURQX1BCS0RGX0lURVIsXG4gICAgfTtcbiAgfVxuXG4gIGFzeW5jIGNyZWF0ZVBhc3NLZXlQYXJhbXMoKTogUHJvbWlzZTxQYXNzS2V5UGFyYW1zPiB7XG4gICAgcmV0dXJuIHtcbiAgICAgIHNhbHQ6IHRoaXMuY3JlYXRlU2FsdCgpLFxuICAgICAga2lkOiBhd2FpdCB0aGlzLmNyZWF0ZUtpZCgpLFxuICAgICAgaXRlcmF0aW9uczogdGhpcy5ERUZBVUxUX1BBU1NfS0VZX1BCS0RGX0lURVIsXG4gICAgfTtcbiAgfVxuXG4gIGFzeW5jIGNyZWF0ZUxib3BLZXlQYXJhbXMoKTogUHJvbWlzZTxMYm9wS2V5UGFyYW1zPiB7XG4gICAgcmV0dXJuIHtcbiAgICAgIHNhbHQ6IHRoaXMuY3JlYXRlU2FsdCgpLFxuICAgICAgLy8gdG9kbzogQVo6IG5vZGUtam9zZSBzb3VyY2UgdXNlcyBub2RlJ3MgZGVmYXVsdCBVVUlEKCkgZnVuY3Rpb24gZm9yIGtpZCwgc28ganVzdCBjaGFuZ2UgdG8gdXNlIHRoYXQuXG4gICAgICAvLyBmb3Igbm93LCB3ZSBhcmUganVzdCBjcmVhdGluZyBhIG5ldyBrZXkgdG8gdXNlIGl0J3Mga2lkLlxuICAgICAgLy8gVGhlIGtpZCBpcyBhIHBhcnQgb2YgdGhlIEpXSyBzeXN0ZW0uIExSIGJhY2tlbmQgbWFpbnRhaW5zIHRoZSBrZXkgaGllcmFyY2h5IHNlcGFyYXRlbHkgd2l0aCBpdCdzIG93blxuICAgICAgLy8ga2V5IGlkLiBCdXQgd2UganVzdCB1c2UgaXQgaGVyZSBhcyBhIGRvdWJsZSBjaGVjay5cbiAgICAgIGtpZDogYXdhaXQgdGhpcy5jcmVhdGVLaWQoKSxcbiAgICAgIGl0ZXJhdGlvbnM6IHRoaXMuREVGQVVMVF9QQVNTX0tFWV9QQktERl9JVEVSLFxuICAgIH07XG4gIH1cbn1cbiJdfQ==