@lifeready/core 1.0.2 → 1.0.4

package/esm2015/lib/cryptography/key-graph.service.js

@@ -1,280 +1,280 @@
-import { __awaiter } from "tslib";
-import { Injectable } from '@angular/core';
-import graphlib, { Graph } from '@dagrejs/graphlib';
-import _ from 'lodash';
-import { LrException, LrEncryptionException, LrNotFoundException, LrBadArgumentException, } from '../_common/exceptions';
-import { EdgeType, NodeType, } from './cryptography.types';
-import { asJwk, EncryptionService, isSymmetricKey, } from './encryption.service';
-import { KeyFactoryService as KFS, } from './key-factory.service';
-import { KeyService } from './key.service';
-import * as i0 from "@angular/core";
-import * as i1 from "./encryption.service";
-import * as i2 from "./key.service";
-export class KeyGraphService {
-    // private keyCache: {
-    //   [id: string]: Key;
-    // };
-    constructor(encryptionService, keyService) {
-        this.encryptionService = encryptionService;
-        this.keyService = keyService;
-        this.purgeKeys();
-    }
-    purgeKeys() {
-        this.graph = new Graph();
-        // this.keyCache = null;
-    }
-    populateKeys(userKey) {
-        return __awaiter(this, void 0, void 0, function* () {
-            this.keyService.populateKeys({
-                passKey: userKey.passKey,
-                masterKey: yield this.keyService.loadMasterKey(userKey.masterKey.id),
-                rootKey: yield this.unwrapKey(userKey.masterKey.id, userKey.rootKey.id),
-                pxk: yield this.unwrapKey(userKey.masterKey.id, userKey.pxk.id),
-                sigPxk: yield this.unwrapKey(userKey.masterKey.id, userKey.sigPxk.id),
-            });
-        });
-    }
-    hasKey(keyId) {
-        return !!this.graph.node(keyId);
-    }
-    getNode(id, type) {
-        const node = this.graph.node(id);
-        if (!node) {
-            throw new LrNotFoundException(`Key graphs does not contain key id: ${id}`);
-        }
-        if (node.type !== type) {
-            throw new LrException({
-                message: `Key with id ${id} is not of type ${type}`,
-            });
-        }
-        return node.data;
-    }
-    key(id) {
-        return this.getNode(id, NodeType.Key);
-    }
-    passKey(id) {
-        return this.getNode(id, NodeType.PassKey);
-    }
-    addKeys(src) {
-        // Keys
-        if (src.keys) {
-            // What key graph returns can not be customized. So keys are essentially immutable.
-            // Therefore, if a key exists, there's no reason to update it.
-            for (const key of src.keys) {
-                // Note using Relay global id allows us to not worry about clashing node id
-                if (this.graph.hasNode(key.id)) {
-                    continue;
-                }
-                const node = {
-                    type: NodeType.Key,
-                    data: _.cloneDeep(key),
-                };
-                this.graph.setNode(key.id, node);
-            }
-        }
-        // KeyLinks
-        if (src.keyLinks) {
-            for (const keyLink of src.keyLinks) {
-                if (this.graph.hasEdge(keyLink.wrappingKeyId, keyLink.keyId)) {
-                    continue;
-                }
-                const edge = {
-                    type: EdgeType.KeyLink,
-                    data: _.cloneDeep(keyLink),
-                };
-                // Edge goes from wrapping key to wrapped key.
-                this.graph.setEdge(keyLink.wrappingKeyId, keyLink.keyId, edge);
-            }
-        }
-        // PassKeyLinks
-        if (src.passKeyLinks) {
-            for (const passKeyLink of src.passKeyLinks) {
-                if (this.graph.hasEdge(passKeyLink.passKeyId, passKeyLink.keyId)) {
-                    continue;
-                }
-                const edge = {
-                    type: EdgeType.PassKeyLink,
-                    data: _.cloneDeep(passKeyLink),
-                };
-                // Edge goes from wrapping key to wrapped key.
-                this.graph.setEdge(passKeyLink.passKeyId, passKeyLink.keyId, edge);
-            }
-        }
-        // The graph is the single source of truth. These are lazily calculated.
-        // this.keyCache = null;
-    }
-    tracePath(distances, keyId) {
-        // The node label is the same as the id of the key nodes.
-        const ret = [];
-        let node = keyId;
-        if (!distances[node].predecessor) {
-            return null;
-        }
-        while (distances[node].predecessor) {
-            const child = distances[node].predecessor;
-            ret.push(this.graph.edge(child, node));
-            node = child;
-        }
-        // After reverse, the first element is the passkey
-        ret.reverse();
-        return ret;
-    }
-    getPath(knownKeyId, keyId) {
-        if (!knownKeyId || typeof knownKeyId !== 'string') {
-            throw new LrEncryptionException(`Param knownKeyId wrong format: ${knownKeyId}`);
-        }
-        if (!keyId || typeof keyId !== 'string') {
-            throw new LrEncryptionException(`Param keyId wrong format: ${keyId}`);
-        }
-        // => { A: { distance: 0 },
-        //      B: { distance: 6, predecessor: 'C' },
-        //      C: { distance: 4, predecessor: 'A' },
-        //      D: { distance: 2, predecessor: 'A' },
-        //      E: { distance: 8, predecessor: 'F' },
-        //      F: { distance: 4, predecessor: 'D' } }
-        const distances = graphlib.alg.dijkstra(this.graph, knownKeyId);
-        // Trace path from keyId to knownKeyId
-        return this.tracePath(distances, keyId);
-    }
-    getJwkKey(keyOrId, getKeyIdCallback) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return (yield this.getKey(keyOrId, getKeyIdCallback)).jwk;
-        });
-    }
-    // We assume that when a keyId is fetched, the key graph
-    // for the key is also returned and merged into the client-side
-    // key graph. By insisting a keyId is returned instead of the
-    // actual key we ensure key-graph is consistent.
-    getKey(keyOrId, getKeyIdCallback) {
-        return __awaiter(this, void 0, void 0, function* () {
-            let keyId = typeof keyOrId === 'string' ? keyOrId : keyOrId === null || keyOrId === void 0 ? void 0 : keyOrId.id;
-            if (!this.hasKey(keyId) && getKeyIdCallback) {
-                keyId = yield getKeyIdCallback();
-            }
-            // else, continue and let it fail.
-            const key = this.key(keyId);
-            if (key.jwk) {
-                return key;
-            }
-            else {
-                return this.unwrapKey(this.keyService.getCurrentMasterKey().id, keyId);
-            }
-        });
-    }
-    _unwrapLink(wrappingKey, link, dstKey) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // console.log("_unwrapLink:", link.data.keyId);
-            const wrappedKey = JSON.parse(link.data.wrappedKey);
-            // Signatures of keys contain the key itself. This way we only need
-            // to access the KeyLinks to decrypt/verify keys.
-            let nextRawKey;
-            if (wrappedKey.signatures) {
-                nextRawKey = yield this.encryptionService.verify(wrappingKey, wrappedKey);
-            }
-            else {
-                nextRawKey = yield this.encryptionService.decrypt(wrappingKey, wrappedKey);
-            }
-            dstKey.jwk = yield KFS.asKey(nextRawKey);
-            dstKey.task = null;
-        });
-    }
-    _unwrap(key, path) {
-        return __awaiter(this, void 0, void 0, function* () {
-            for (const link of path) {
-                const dstKey = this.key(link.data.keyId);
-                // console.log("key: ", link.data.keyId);
-                if (dstKey.jwk) {
-                    key = dstKey.jwk;
-                    // console.log("Returning cached key: ", link.data.keyId);
-                    continue;
-                }
-                if (!dstKey.task) {
-                    dstKey.task = this._unwrapLink(key, link, dstKey);
-                }
-                yield dstKey.task;
-                key = dstKey.jwk;
-            }
-            return key;
-        });
-    }
-    unwrapWithPassKey(passKeyId, passKey, keyId) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Get path of the directory key.
-            const path = this.getPath(passKeyId, keyId);
-            return {
-                id: keyId,
-                jwk: yield this._unwrap(passKey, path),
-            };
-        });
-    }
-    unwrapKey(masterKeyId, keyId) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // The first key should be a masterKey
-            const masterKey = yield this.keyService.loadMasterKey(masterKeyId);
-            if (masterKeyId === keyId) {
-                return masterKey;
-            }
-            // Get path of the directory key.
-            const path = this.getPath(masterKey.id, keyId);
-            return {
-                id: keyId,
-                jwk: yield this._unwrap(masterKey.jwk, path),
-            };
-        });
-    }
-    decryptFromString(keyOrId, cipherData, options) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (cipherData) {
-                const key = yield this.getJwkKey(keyOrId);
-                return (yield this.encryptionService.decrypt(key, JSON.parse(cipherData), options));
-            }
-            return null;
-        });
-    }
-    decryptFile(keyId, file) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const key = yield this.getJwkKey(keyId);
-            return (yield this.encryptionService.decrypt(key, file, {
-                payloadType: 'ArrayBuffer',
-            }));
-        });
-    }
-    // TODO rename this to encrypt() and use as the most common usecase
-    encryptToString(key, content) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Empty string should be encrypted since you want to clear the field.
-            // Null is not encrypted because it's not valid JSON in the old JSON spec. Use
-            // empty string instead. It'll function as a logic false as well.
-            // Note that passing in empty string means it'll be encrypted which verifies
-            // it's integrity. But we still want to have a way to set the DB field
-            // to NULL, so we explicitly return null when content == null. A null
-            // variable in graphql mutation on KC server clears the field to NULL.
-            if (content == null) {
-                return null;
-            }
-            const jwk = asJwk(key) || (yield this.getJwkKey(key));
-            return this.encryptionService.encryptToString(jwk, content);
-        });
-    }
-    // Wraps a symmetric encryption key.
-    // Throws exception if wrapping public keys.
-    wrapKey(wrappingKey, key) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!isSymmetricKey(key)) {
-                throw new LrBadArgumentException('Only allowing wrapping of symmetric keys.');
-            }
-            return this.encryptToString(wrappingKey, key.toJSON(true));
-        });
-    }
-}
-KeyGraphService.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyGraphService_Factory() { return new KeyGraphService(i0.ɵɵinject(i1.EncryptionService), i0.ɵɵinject(i2.KeyService)); }, token: KeyGraphService, providedIn: "root" });
-KeyGraphService.decorators = [
-    { type: Injectable, args: [{
-                providedIn: 'root',
-            },] }
-];
-KeyGraphService.ctorParameters = () => [
-    { type: EncryptionService },
-    { type: KeyService }
-];
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LWdyYXBoLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiL29wdC9hdGxhc3NpYW4vcGlwZWxpbmVzL2FnZW50L2J1aWxkL3Byb2plY3RzL2NvcmUvc3JjLyIsInNvdXJjZXMiOlsibGliL2NyeXB0b2dyYXBoeS9rZXktZ3JhcGguc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUMzQyxPQUFPLFFBQVEsRUFBRSxFQUFFLEtBQUssRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQ3BELE9BQU8sQ0FBQyxNQUFNLFFBQVEsQ0FBQztBQUd2QixPQUFPLEVBQ0wsV0FBVyxFQUNYLHFCQUFxQixFQUNyQixtQkFBbUIsRUFDbkIsc0JBQXNCLEdBQ3ZCLE1BQU0sdUJBQXVCLENBQUM7QUFDL0IsT0FBTyxFQUVMLFFBQVEsRUFJUixRQUFRLEdBRVQsTUFBTSxzQkFBc0IsQ0FBQztBQUM5QixPQUFPLEVBQ0wsS0FBSyxFQUVMLGlCQUFpQixFQUNqQixjQUFjLEdBQ2YsTUFBTSxzQkFBc0IsQ0FBQztBQUM5QixPQUFPLEVBRUwsaUJBQWlCLElBQUksR0FBRyxHQUN6QixNQUFNLHVCQUF1QixDQUFDO0FBQy9CLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxlQUFlLENBQUM7Ozs7QUFTM0MsTUFBTSxPQUFPLGVBQWU7SUFFMUIsc0JBQXNCO0lBQ3RCLHVCQUF1QjtJQUN2QixLQUFLO0lBRUwsWUFDVSxpQkFBb0MsRUFDcEMsVUFBc0I7UUFEdEIsc0JBQWlCLEdBQWpCLGlCQUFpQixDQUFtQjtRQUNwQyxlQUFVLEdBQVYsVUFBVSxDQUFZO1FBRTlCLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztJQUNuQixDQUFDO0lBRUQsU0FBUztRQUNQLElBQUksQ0FBQyxLQUFLLEdBQUcsSUFBSSxLQUFLLEVBQUUsQ0FBQztRQUN6Qix3QkFBd0I7SUFDMUIsQ0FBQztJQUVLLFlBQVksQ0FBQyxPQUF1Qjs7WUFDeEMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUM7Z0JBQzNCLE9BQU8sRUFBRSxPQUFPLENBQUMsT0FBTztnQkFDeEIsU0FBUyxFQUFFLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7Z0JBQ3BFLE9BQU8sRUFBRSxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxFQUFFLEVBQUUsT0FBTyxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7Z0JBQ3ZFLEdBQUcsRUFBRSxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxFQUFFLEVBQUUsT0FBTyxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQy9ELE1BQU0sRUFBRSxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxFQUFFLEVBQUUsT0FBTyxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7YUFDdEUsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztLQUFBO0lBRUQsTUFBTSxDQUFDLEtBQWE7UUFDbEIsT0FBTyxDQUFDLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUM7SUFDbEMsQ0FBQztJQUVPLE9BQU8sQ0FBQyxFQUFFLEVBQUUsSUFBSTtRQUN0QixNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNqQyxJQUFJLENBQUMsSUFBSSxFQUFFO1lBQ1QsTUFBTSxJQUFJLG1CQUFtQixDQUMzQix1Q0FBdUMsRUFBRSxFQUFFLENBQzVDLENBQUM7U0FDSDtRQUNELElBQUksSUFBSSxDQUFDLElBQUksS0FBSyxJQUFJLEVBQUU7WUFDdEIsTUFBTSxJQUFJLFdBQVcsQ0FBQztnQkFDcEIsT0FBTyxFQUFFLGVBQWUsRUFBRSxtQkFBbUIsSUFBSSxFQUFFO2FBQ3BELENBQUMsQ0FBQztTQUNKO1FBQ0QsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDO0lBQ25CLENBQUM7SUFFRCxHQUFHLENBQUMsRUFBRTtRQUNKLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQyxFQUFFLEVBQUUsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRCxPQUFPLENBQUMsRUFBRTtRQUNSLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQyxFQUFFLEVBQUUsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQzVDLENBQUM7SUFFRCxPQUFPLENBQUMsR0FBcUI7UUFDM0IsT0FBTztRQUNQLElBQUksR0FBRyxDQUFDLElBQUksRUFBRTtZQUNaLG1GQUFtRjtZQUNuRiw4REFBOEQ7WUFDOUQsS0FBSyxNQUFNLEdBQUcsSUFBSSxHQUFHLENBQUMsSUFBSSxFQUFFO2dCQUMxQiwyRUFBMkU7Z0JBQzNFLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxFQUFFO29CQUM5QixTQUFTO2lCQUNWO2dCQUVELE1BQU0sSUFBSSxHQUFTO29CQUNqQixJQUFJLEVBQUUsUUFBUSxDQUFDLEdBQUc7b0JBQ2xCLElBQUksRUFBRSxDQUFDLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQztpQkFDdkIsQ0FBQztnQkFFRixJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsRUFBRSxFQUFFLElBQUksQ0FBQyxDQUFDO2FBQ2xDO1NBQ0Y7UUFFRCxXQUFXO1FBQ1gsSUFBSSxHQUFHLENBQUMsUUFBUSxFQUFFO1lBQ2hCLEtBQUssTUFBTSxPQUFPLElBQUksR0FBRyxDQUFDLFFBQVEsRUFBRTtnQkFDbEMsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsYUFBYSxFQUFFLE9BQU8sQ0FBQyxLQUFLLENBQUMsRUFBRTtvQkFDNUQsU0FBUztpQkFDVjtnQkFFRCxNQUFNLElBQUksR0FBUztvQkFDakIsSUFBSSxFQUFFLFFBQVEsQ0FBQyxPQUFPO29CQUN0QixJQUFJLEVBQUUsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUM7aUJBQzNCLENBQUM7Z0JBQ0YsOENBQThDO2dCQUM5QyxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsYUFBYSxFQUFFLE9BQU8sQ0FBQyxLQUFLLEVBQUUsSUFBSSxDQUFDLENBQUM7YUFDaEU7U0FDRjtRQUVELGVBQWU7UUFDZixJQUFJLEdBQUcsQ0FBQyxZQUFZLEVBQUU7WUFDcEIsS0FBSyxNQUFNLFdBQVcsSUFBSSxHQUFHLENBQUMsWUFBWSxFQUFFO2dCQUMxQyxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxTQUFTLEVBQUUsV0FBVyxDQUFDLEtBQUssQ0FBQyxFQUFFO29CQUNoRSxTQUFTO2lCQUNWO2dCQUVELE1BQU0sSUFBSSxHQUFTO29CQUNqQixJQUFJLEVBQUUsUUFBUSxDQUFDLFdBQVc7b0JBQzFCLElBQUksRUFBRSxDQUFDLENBQUMsU0FBUyxDQUFDLFdBQVcsQ0FBQztpQkFDL0IsQ0FBQztnQkFDRiw4Q0FBOEM7Z0JBQzlDLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxTQUFTLEVBQUUsV0FBVyxDQUFDLEtBQUssRUFBRSxJQUFJLENBQUMsQ0FBQzthQUNwRTtTQUNGO1FBRUQsd0VBQXdFO1FBQ3hFLHdCQUF3QjtJQUMxQixDQUFDO0lBRUQsU0FBUyxDQUFDLFNBQVMsRUFBRSxLQUFhO1FBQ2hDLHlEQUF5RDtRQUN6RCxNQUFNLEdBQUcsR0FBVyxFQUFFLENBQUM7UUFDdkIsSUFBSSxJQUFJLEdBQUcsS0FBSyxDQUFDO1FBQ2pCLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUMsV0FBVyxFQUFFO1lBQ2hDLE9BQU8sSUFBSSxDQUFDO1NBQ2I7UUFFRCxPQUFPLFNBQVMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxXQUFXLEVBQUU7WUFDbEMsTUFBTSxLQUFLLEdBQUcsU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDLFdBQVcsQ0FBQztZQUMxQyxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLEtBQUssRUFBRSxJQUFJLENBQUMsQ0FBQyxDQUFDO1lBQ3ZDLElBQUksR0FBRyxLQUFLLENBQUM7U0FDZDtRQUVELGtEQUFrRDtRQUNsRCxHQUFHLENBQUMsT0FBTyxFQUFFLENBQUM7UUFFZCxPQUFPLEdBQUcsQ0FBQztJQUNiLENBQUM7SUFFRCxPQUFPLENBQUMsVUFBa0IsRUFBRSxLQUFhO1FBQ3ZDLElBQUksQ0FBQyxVQUFVLElBQUksT0FBTyxVQUFVLEtBQUssUUFBUSxFQUFFO1lBQ2pELE1BQU0sSUFBSSxxQkFBcUIsQ0FDN0Isa0NBQWtDLFVBQVUsRUFBRSxDQUMvQyxDQUFDO1NBQ0g7UUFDRCxJQUFJLENBQUMsS0FBSyxJQUFJLE9BQU8sS0FBSyxLQUFLLFFBQVEsRUFBRTtZQUN2QyxNQUFNLElBQUkscUJBQXFCLENBQUMsNkJBQTZCLEtBQUssRUFBRSxDQUFDLENBQUM7U0FDdkU7UUFFRCwyQkFBMkI7UUFDM0IsNkNBQTZDO1FBQzdDLDZDQUE2QztRQUM3Qyw2Q0FBNkM7UUFDN0MsNkNBQTZDO1FBQzdDLDhDQUE4QztRQUM5QyxNQUFNLFNBQVMsR0FBRyxRQUFRLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsS0FBSyxFQUFFLFVBQVUsQ0FBQyxDQUFDO1FBRWhFLHNDQUFzQztRQUN0QyxPQUFPLElBQUksQ0FBQyxTQUFTLENBQUMsU0FBUyxFQUFFLEtBQUssQ0FBQyxDQUFDO0lBQzFDLENBQUM7SUFFSyxTQUFTLENBQ2IsT0FBcUIsRUFDckIsZ0JBQWlEOztZQUVqRCxPQUFPLENBQUMsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sRUFBRSxnQkFBZ0IsQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDO1FBQzVELENBQUM7S0FBQTtJQUVELHdEQUF3RDtJQUN4RCwrREFBK0Q7SUFDL0QsNkRBQTZEO0lBQzdELGdEQUFnRDtJQUMxQyxNQUFNLENBQ1YsT0FBcUIsRUFDckIsZ0JBQWlEOztZQUVqRCxJQUFJLEtBQUssR0FBRyxPQUFPLE9BQU8sS0FBSyxRQUFRLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsT0FBTyxhQUFQLE9BQU8sdUJBQVAsT0FBTyxDQUFFLEVBQUUsQ0FBQztZQUVoRSxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsSUFBSSxnQkFBZ0IsRUFBRTtnQkFDM0MsS0FBSyxHQUFHLE1BQU0sZ0JBQWdCLEVBQUUsQ0FBQzthQUNsQztZQUNELGtDQUFrQztZQUVsQyxNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxDQUFDO1lBQzVCLElBQUksR0FBRyxDQUFDLEdBQUcsRUFBRTtnQkFDWCxPQUFPLEdBQUcsQ0FBQzthQUNaO2lCQUFNO2dCQUNMLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLG1CQUFtQixFQUFFLENBQUMsRUFBRSxFQUFFLEtBQUssQ0FBQyxDQUFDO2FBQ3hFO1FBQ0gsQ0FBQztLQUFBO0lBRWEsV0FBVyxDQUFDLFdBQVcsRUFBRSxJQUFJLEVBQUUsTUFBTTs7WUFDakQsZ0RBQWdEO1lBQ2hELE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQztZQUNwRCxtRUFBbUU7WUFDbkUsaURBQWlEO1lBQ2pELElBQUksVUFBVSxDQUFDO1lBQ2YsSUFBSSxVQUFVLENBQUMsVUFBVSxFQUFFO2dCQUN6QixVQUFVLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsTUFBTSxDQUFDLFdBQVcsRUFBRSxVQUFVLENBQUMsQ0FBQzthQUMzRTtpQkFBTTtnQkFDTCxVQUFVLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUMvQyxXQUFXLEVBQ1gsVUFBVSxDQUNYLENBQUM7YUFDSDtZQUNELE1BQU0sQ0FBQyxHQUFHLEdBQUcsTUFBTSxHQUFHLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBQ3pDLE1BQU0sQ0FBQyxJQUFJLEdBQUcsSUFBSSxDQUFDO1FBQ3JCLENBQUM7S0FBQTtJQUVhLE9BQU8sQ0FBQyxHQUFZLEVBQUUsSUFBWTs7WUFDOUMsS0FBSyxNQUFNLElBQUksSUFBSSxJQUFJLEVBQUU7Z0JBQ3ZCLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQztnQkFDekMseUNBQXlDO2dCQUN6QyxJQUFJLE1BQU0sQ0FBQyxHQUFHLEVBQUU7b0JBQ2QsR0FBRyxHQUFHLE1BQU0sQ0FBQyxHQUFHLENBQUM7b0JBQ2pCLDBEQUEwRDtvQkFDMUQsU0FBUztpQkFDVjtnQkFFRCxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRTtvQkFDaEIsTUFBTSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsRUFBRSxJQUFJLEVBQUUsTUFBTSxDQUFDLENBQUM7aUJBQ25EO2dCQUVELE1BQU0sTUFBTSxDQUFDLElBQUksQ0FBQztnQkFDbEIsR0FBRyxHQUFHLE1BQU0sQ0FBQyxHQUFHLENBQUM7YUFDbEI7WUFFRCxPQUFPLEdBQUcsQ0FBQztRQUNiLENBQUM7S0FBQTtJQUVZLGlCQUFpQixDQUM1QixTQUFpQixFQUNqQixPQUFnQixFQUNoQixLQUFhOztZQUViLGlDQUFpQztZQUNqQyxNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxLQUFLLENBQUMsQ0FBQztZQUU1QyxPQUFPO2dCQUNMLEVBQUUsRUFBRSxLQUFLO2dCQUNULEdBQUcsRUFBRSxNQUFNLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLElBQUksQ0FBQzthQUN2QyxDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRUssU0FBUyxDQUFDLFdBQW1CLEVBQUUsS0FBYTs7WUFDaEQsc0NBQXNDO1lBQ3RDLE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLENBQUMsV0FBVyxDQUFDLENBQUM7WUFFbkUsSUFBSSxXQUFXLEtBQUssS0FBSyxFQUFFO2dCQUN6QixPQUFPLFNBQVMsQ0FBQzthQUNsQjtZQUVELGlDQUFpQztZQUNqQyxNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7WUFFL0MsT0FBTztnQkFDTCxFQUFFLEVBQUUsS0FBSztnQkFDVCxHQUFHLEVBQUUsTUFBTSxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxHQUFHLEVBQUUsSUFBSSxDQUFDO2FBQzdDLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFSyxpQkFBaUIsQ0FDckIsT0FBcUIsRUFDckIsVUFBa0IsRUFDbEIsT0FBd0I7O1lBRXhCLElBQUksVUFBVSxFQUFFO2dCQUNkLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsQ0FBQztnQkFDMUMsT0FBTyxDQUFDLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDMUMsR0FBRyxFQUNILElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLEVBQ3RCLE9BQU8sQ0FDUixDQUFRLENBQUM7YUFDWDtZQUNELE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztLQUFBO0lBRUssV0FBVyxDQUFDLEtBQWEsRUFBRSxJQUFTOztZQUN4QyxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDeEMsT0FBTyxDQUFDLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQyxHQUFHLEVBQUUsSUFBSSxFQUFFO2dCQUN0RCxXQUFXLEVBQUUsYUFBYTthQUMzQixDQUFDLENBQVEsQ0FBQztRQUNiLENBQUM7S0FBQTtJQUVELG1FQUFtRTtJQUM3RCxlQUFlLENBQ25CLEdBQTJCLEVBQzNCLE9BQVk7O1lBRVosc0VBQXNFO1lBQ3RFLDhFQUE4RTtZQUM5RSxpRUFBaUU7WUFDakUsNEVBQTRFO1lBQzVFLHNFQUFzRTtZQUN0RSxxRUFBcUU7WUFDckUsc0VBQXNFO1lBQ3RFLElBQUksT0FBTyxJQUFJLElBQUksRUFBRTtnQkFDbkIsT0FBTyxJQUFJLENBQUM7YUFDYjtZQUVELE1BQU0sR0FBRyxHQUFHLEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxHQUFtQixDQUFDLENBQUMsQ0FBQztZQUN0RSxPQUFPLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxlQUFlLENBQUMsR0FBRyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQzlELENBQUM7S0FBQTtJQUVELG9DQUFvQztJQUNwQyw0Q0FBNEM7SUFDdEMsT0FBTyxDQUNYLFdBQW1DLEVBQ25DLEdBQVk7O1lBRVosSUFBSSxDQUFDLGNBQWMsQ0FBQyxHQUFHLENBQUMsRUFBRTtnQkFDeEIsTUFBTSxJQUFJLHNCQUFzQixDQUM5QiwyQ0FBMkMsQ0FDNUMsQ0FBQzthQUNIO1lBRUQsT0FBTyxJQUFJLENBQUMsZUFBZSxDQUFDLFdBQVcsRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7UUFDN0QsQ0FBQztLQUFBOzs7O1lBeFRGLFVBQVUsU0FBQztnQkFDVixVQUFVLEVBQUUsTUFBTTthQUNuQjs7O1lBZkMsaUJBQWlCO1lBT1YsVUFBVSIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEluamVjdGFibGUgfSBmcm9tICdAYW5ndWxhci9jb3JlJztcbmltcG9ydCBncmFwaGxpYiwgeyBHcmFwaCB9IGZyb20gJ0BkYWdyZWpzL2dyYXBobGliJztcbmltcG9ydCBfIGZyb20gJ2xvZGFzaCc7XG5pbXBvcnQgeyBKV0sgfSBmcm9tICdub2RlLWpvc2UnO1xuaW1wb3J0IHsgQ3VycmVudFVzZXJLZXkgfSBmcm9tICcuLi91c2Vycy9wcm9maWxlLnR5cGVzJztcbmltcG9ydCB7XG4gIExyRXhjZXB0aW9uLFxuICBMckVuY3J5cHRpb25FeGNlcHRpb24sXG4gIExyTm90Rm91bmRFeGNlcHRpb24sXG4gIExyQmFkQXJndW1lbnRFeGNlcHRpb24sXG59IGZyb20gJy4uL19jb21tb24vZXhjZXB0aW9ucyc7XG5pbXBvcnQge1xuICBFZGdlLFxuICBFZGdlVHlwZSxcbiAgS2V5LFxuICBLZXlHcmFwaFJlc3BvbnNlLFxuICBOb2RlLFxuICBOb2RlVHlwZSxcbiAgUGFzc0tleSxcbn0gZnJvbSAnLi9jcnlwdG9ncmFwaHkudHlwZXMnO1xuaW1wb3J0IHtcbiAgYXNKd2ssXG4gIERlY3J5cHRPcHRpb25zLFxuICBFbmNyeXB0aW9uU2VydmljZSxcbiAgaXNTeW1tZXRyaWNLZXksXG59IGZyb20gJy4vZW5jcnlwdGlvbi5zZXJ2aWNlJztcbmltcG9ydCB7XG4gIEtleUZhY3RvcnlTZXJ2aWNlLFxuICBLZXlGYWN0b3J5U2VydmljZSBhcyBLRlMsXG59IGZyb20gJy4va2V5LWZhY3Rvcnkuc2VydmljZSc7XG5pbXBvcnQgeyBLZXlTZXJ2aWNlIH0gZnJvbSAnLi9rZXkuc2VydmljZSc7XG5cbmV4cG9ydCBpbnRlcmZhY2UgR3JhcGhLZXkgZXh0ZW5kcyBLZXkge1xuICB0YXNrPzogUHJvbWlzZTxhbnk+O1xufVxuXG5ASW5qZWN0YWJsZSh7XG4gIHByb3ZpZGVkSW46ICdyb290Jyxcbn0pXG5leHBvcnQgY2xhc3MgS2V5R3JhcGhTZXJ2aWNlIHtcbiAgcHJpdmF0ZSBncmFwaDogR3JhcGg7XG4gIC8vIHByaXZhdGUga2V5Q2FjaGU6IHtcbiAgLy8gICBbaWQ6IHN0cmluZ106IEtleTtcbiAgLy8gfTtcblxuICBjb25zdHJ1Y3RvcihcbiAgICBwcml2YXRlIGVuY3J5cHRpb25TZXJ2aWNlOiBFbmNyeXB0aW9uU2VydmljZSxcbiAgICBwcml2YXRlIGtleVNlcnZpY2U6IEtleVNlcnZpY2VcbiAgKSB7XG4gICAgdGhpcy5wdXJnZUtleXMoKTtcbiAgfVxuXG4gIHB1cmdlS2V5cygpIHtcbiAgICB0aGlzLmdyYXBoID0gbmV3IEdyYXBoKCk7XG4gICAgLy8gdGhpcy5rZXlDYWNoZSA9IG51bGw7XG4gIH1cblxuICBhc3luYyBwb3B1bGF0ZUtleXModXNlcktleTogQ3VycmVudFVzZXJLZXkpIHtcbiAgICB0aGlzLmtleVNlcnZpY2UucG9wdWxhdGVLZXlzKHtcbiAgICAgIHBhc3NLZXk6IHVzZXJLZXkucGFzc0tleSxcbiAgICAgIG1hc3RlcktleTogYXdhaXQgdGhpcy5rZXlTZXJ2aWNlLmxvYWRNYXN0ZXJLZXkodXNlcktleS5tYXN0ZXJLZXkuaWQpLFxuICAgICAgcm9vdEtleTogYXdhaXQgdGhpcy51bndyYXBLZXkodXNlcktleS5tYXN0ZXJLZXkuaWQsIHVzZXJLZXkucm9vdEtleS5pZCksXG4gICAgICBweGs6IGF3YWl0IHRoaXMudW53cmFwS2V5KHVzZXJLZXkubWFzdGVyS2V5LmlkLCB1c2VyS2V5LnB4ay5pZCksXG4gICAgICBzaWdQeGs6IGF3YWl0IHRoaXMudW53cmFwS2V5KHVzZXJLZXkubWFzdGVyS2V5LmlkLCB1c2VyS2V5LnNpZ1B4ay5pZCksXG4gICAgfSk7XG4gIH1cblxuICBoYXNLZXkoa2V5SWQ6IHN0cmluZykge1xuICAgIHJldHVybiAhIXRoaXMuZ3JhcGgubm9kZShrZXlJZCk7XG4gIH1cblxuICBwcml2YXRlIGdldE5vZGUoaWQsIHR5cGUpOiBHcmFwaEtleSB8IFBhc3NLZXkge1xuICAgIGNvbnN0IG5vZGUgPSB0aGlzLmdyYXBoLm5vZGUoaWQpO1xuICAgIGlmICghbm9kZSkge1xuICAgICAgdGhyb3cgbmV3IExyTm90Rm91bmRFeGNlcHRpb24oXG4gICAgICAgIGBLZXkgZ3JhcGhzIGRvZXMgbm90IGNvbnRhaW4ga2V5IGlkOiAke2lkfWBcbiAgICAgICk7XG4gICAgfVxuICAgIGlmIChub2RlLnR5cGUgIT09IHR5cGUpIHtcbiAgICAgIHRocm93IG5ldyBMckV4Y2VwdGlvbih7XG4gICAgICAgIG1lc3NhZ2U6IGBLZXkgd2l0aCBpZCAke2lkfSBpcyBub3Qgb2YgdHlwZSAke3R5cGV9YCxcbiAgICAgIH0pO1xuICAgIH1cbiAgICByZXR1cm4gbm9kZS5kYXRhO1xuICB9XG5cbiAga2V5KGlkKTogR3JhcGhLZXkge1xuICAgIHJldHVybiB0aGlzLmdldE5vZGUoaWQsIE5vZGVUeXBlLktleSk7XG4gIH1cblxuICBwYXNzS2V5KGlkKTogUGFzc0tleSB7XG4gICAgcmV0dXJuIHRoaXMuZ2V0Tm9kZShpZCwgTm9kZVR5cGUuUGFzc0tleSk7XG4gIH1cblxuICBhZGRLZXlzKHNyYzogS2V5R3JhcGhSZXNwb25zZSkge1xuICAgIC8vIEtleXNcbiAgICBpZiAoc3JjLmtleXMpIHtcbiAgICAgIC8vIFdoYXQga2V5IGdyYXBoIHJldHVybnMgY2FuIG5vdCBiZSBjdXN0b21pemVkLiBTbyBrZXlzIGFyZSBlc3NlbnRpYWxseSBpbW11dGFibGUuXG4gICAgICAvLyBUaGVyZWZvcmUsIGlmIGEga2V5IGV4aXN0cywgdGhlcmUncyBubyByZWFzb24gdG8gdXBkYXRlIGl0LlxuICAgICAgZm9yIChjb25zdCBrZXkgb2Ygc3JjLmtleXMpIHtcbiAgICAgICAgLy8gTm90ZSB1c2luZyBSZWxheSBnbG9iYWwgaWQgYWxsb3dzIHVzIHRvIG5vdCB3b3JyeSBhYm91dCBjbGFzaGluZyBub2RlIGlkXG4gICAgICAgIGlmICh0aGlzLmdyYXBoLmhhc05vZGUoa2V5LmlkKSkge1xuICAgICAgICAgIGNvbnRpbnVlO1xuICAgICAgICB9XG5cbiAgICAgICAgY29uc3Qgbm9kZTogTm9kZSA9IHtcbiAgICAgICAgICB0eXBlOiBOb2RlVHlwZS5LZXksXG4gICAgICAgICAgZGF0YTogXy5jbG9uZURlZXAoa2V5KSxcbiAgICAgICAgfTtcblxuICAgICAgICB0aGlzLmdyYXBoLnNldE5vZGUoa2V5LmlkLCBub2RlKTtcbiAgICAgIH1cbiAgICB9XG5cbiAgICAvLyBLZXlMaW5rc1xuICAgIGlmIChzcmMua2V5TGlua3MpIHtcbiAgICAgIGZvciAoY29uc3Qga2V5TGluayBvZiBzcmMua2V5TGlua3MpIHtcbiAgICAgICAgaWYgKHRoaXMuZ3JhcGguaGFzRWRnZShrZXlMaW5rLndyYXBwaW5nS2V5SWQsIGtleUxpbmsua2V5SWQpKSB7XG4gICAgICAgICAgY29udGludWU7XG4gICAgICAgIH1cblxuICAgICAgICBjb25zdCBlZGdlOiBFZGdlID0ge1xuICAgICAgICAgIHR5cGU6IEVkZ2VUeXBlLktleUxpbmssXG4gICAgICAgICAgZGF0YTogXy5jbG9uZURlZXAoa2V5TGluayksXG4gICAgICAgIH07XG4gICAgICAgIC8vIEVkZ2UgZ29lcyBmcm9tIHdyYXBwaW5nIGtleSB0byB3cmFwcGVkIGtleS5cbiAgICAgICAgdGhpcy5ncmFwaC5zZXRFZGdlKGtleUxpbmsud3JhcHBpbmdLZXlJZCwga2V5TGluay5rZXlJZCwgZWRnZSk7XG4gICAgICB9XG4gICAgfVxuXG4gICAgLy8gUGFzc0tleUxpbmtzXG4gICAgaWYgKHNyYy5wYXNzS2V5TGlua3MpIHtcbiAgICAgIGZvciAoY29uc3QgcGFzc0tleUxpbmsgb2Ygc3JjLnBhc3NLZXlMaW5rcykge1xuICAgICAgICBpZiAodGhpcy5ncmFwaC5oYXNFZGdlKHBhc3NLZXlMaW5rLnBhc3NLZXlJZCwgcGFzc0tleUxpbmsua2V5SWQpKSB7XG4gICAgICAgICAgY29udGludWU7XG4gICAgICAgIH1cblxuICAgICAgICBjb25zdCBlZGdlOiBFZGdlID0ge1xuICAgICAgICAgIHR5cGU6IEVkZ2VUeXBlLlBhc3NLZXlMaW5rLFxuICAgICAgICAgIGRhdGE6IF8uY2xvbmVEZWVwKHBhc3NLZXlMaW5rKSxcbiAgICAgICAgfTtcbiAgICAgICAgLy8gRWRnZSBnb2VzIGZyb20gd3JhcHBpbmcga2V5IHRvIHdyYXBwZWQga2V5LlxuICAgICAgICB0aGlzLmdyYXBoLnNldEVkZ2UocGFzc0tleUxpbmsucGFzc0tleUlkLCBwYXNzS2V5TGluay5rZXlJZCwgZWRnZSk7XG4gICAgICB9XG4gICAgfVxuXG4gICAgLy8gVGhlIGdyYXBoIGlzIHRoZSBzaW5nbGUgc291cmNlIG9mIHRydXRoLiBUaGVzZSBhcmUgbGF6aWx5IGNhbGN1bGF0ZWQuXG4gICAgLy8gdGhpcy5rZXlDYWNoZSA9IG51bGw7XG4gIH1cblxuICB0cmFjZVBhdGgoZGlzdGFuY2VzLCBrZXlJZDogc3RyaW5nKTogRWRnZVtdIHtcbiAgICAvLyBUaGUgbm9kZSBsYWJlbCBpcyB0aGUgc2FtZSBhcyB0aGUgaWQgb2YgdGhlIGtleSBub2Rlcy5cbiAgICBjb25zdCByZXQ6IEVkZ2VbXSA9IFtdO1xuICAgIGxldCBub2RlID0ga2V5SWQ7XG4gICAgaWYgKCFkaXN0YW5jZXNbbm9kZV0ucHJlZGVjZXNzb3IpIHtcbiAgICAgIHJldHVybiBudWxsO1xuICAgIH1cblxuICAgIHdoaWxlIChkaXN0YW5jZXNbbm9kZV0ucHJlZGVjZXNzb3IpIHtcbiAgICAgIGNvbnN0IGNoaWxkID0gZGlzdGFuY2VzW25vZGVdLnByZWRlY2Vzc29yO1xuICAgICAgcmV0LnB1c2godGhpcy5ncmFwaC5lZGdlKGNoaWxkLCBub2RlKSk7XG4gICAgICBub2RlID0gY2hpbGQ7XG4gICAgfVxuXG4gICAgLy8gQWZ0ZXIgcmV2ZXJzZSwgdGhlIGZpcnN0IGVsZW1lbnQgaXMgdGhlIHBhc3NrZXlcbiAgICByZXQucmV2ZXJzZSgpO1xuXG4gICAgcmV0dXJuIHJldDtcbiAgfVxuXG4gIGdldFBhdGgoa25vd25LZXlJZDogc3RyaW5nLCBrZXlJZDogc3RyaW5nKTogRWRnZVtdIHtcbiAgICBpZiAoIWtub3duS2V5SWQgfHwgdHlwZW9mIGtub3duS2V5SWQgIT09ICdzdHJpbmcnKSB7XG4gICAgICB0aHJvdyBuZXcgTHJFbmNyeXB0aW9uRXhjZXB0aW9uKFxuICAgICAgICBgUGFyYW0ga25vd25LZXlJZCB3cm9uZyBmb3JtYXQ6ICR7a25vd25LZXlJZH1gXG4gICAgICApO1xuICAgIH1cbiAgICBpZiAoIWtleUlkIHx8IHR5cGVvZiBrZXlJZCAhPT0gJ3N0cmluZycpIHtcbiAgICAgIHRocm93IG5ldyBMckVuY3J5cHRpb25FeGNlcHRpb24oYFBhcmFtIGtleUlkIHdyb25nIGZvcm1hdDogJHtrZXlJZH1gKTtcbiAgICB9XG5cbiAgICAvLyA9PiB7IEE6IHsgZGlzdGFuY2U6IDAgfSxcbiAgICAvLyAgICAgIEI6IHsgZGlzdGFuY2U6IDYsIHByZWRlY2Vzc29yOiAnQycgfSxcbiAgICAvLyAgICAgIEM6IHsgZGlzdGFuY2U6IDQsIHByZWRlY2Vzc29yOiAnQScgfSxcbiAgICAvLyAgICAgIEQ6IHsgZGlzdGFuY2U6IDIsIHByZWRlY2Vzc29yOiAnQScgfSxcbiAgICAvLyAgICAgIEU6IHsgZGlzdGFuY2U6IDgsIHByZWRlY2Vzc29yOiAnRicgfSxcbiAgICAvLyAgICAgIEY6IHsgZGlzdGFuY2U6IDQsIHByZWRlY2Vzc29yOiAnRCcgfSB9XG4gICAgY29uc3QgZGlzdGFuY2VzID0gZ3JhcGhsaWIuYWxnLmRpamtzdHJhKHRoaXMuZ3JhcGgsIGtub3duS2V5SWQpO1xuXG4gICAgLy8gVHJhY2UgcGF0aCBmcm9tIGtleUlkIHRvIGtub3duS2V5SWRcbiAgICByZXR1cm4gdGhpcy50cmFjZVBhdGgoZGlzdGFuY2VzLCBrZXlJZCk7XG4gIH1cblxuICBhc3luYyBnZXRKd2tLZXkoXG4gICAga2V5T3JJZDogc3RyaW5nIHwgS2V5LFxuICAgIGdldEtleUlkQ2FsbGJhY2s/OiAoKSA9PiBQcm9taXNlPHN0cmluZz4gfCBzdHJpbmdcbiAgKTogUHJvbWlzZTxKV0suS2V5PiB7XG4gICAgcmV0dXJuIChhd2FpdCB0aGlzLmdldEtleShrZXlPcklkLCBnZXRLZXlJZENhbGxiYWNrKSkuandrO1xuICB9XG5cbiAgLy8gV2UgYXNzdW1lIHRoYXQgd2hlbiBhIGtleUlkIGlzIGZldGNoZWQsIHRoZSBrZXkgZ3JhcGhcbiAgLy8gZm9yIHRoZSBrZXkgaXMgYWxzbyByZXR1cm5lZCBhbmQgbWVyZ2VkIGludG8gdGhlIGNsaWVudC1zaWRlXG4gIC8vIGtleSBncmFwaC4gQnkgaW5zaXN0aW5nIGEga2V5SWQgaXMgcmV0dXJuZWQgaW5zdGVhZCBvZiB0aGVcbiAgLy8gYWN0dWFsIGtleSB3ZSBlbnN1cmUga2V5LWdyYXBoIGlzIGNvbnNpc3RlbnQuXG4gIGFzeW5jIGdldEtleShcbiAgICBrZXlPcklkOiBzdHJpbmcgfCBLZXksXG4gICAgZ2V0S2V5SWRDYWxsYmFjaz86ICgpID0+IFByb21pc2U8c3RyaW5nPiB8IHN0cmluZ1xuICApOiBQcm9taXNlPEtleT4ge1xuICAgIGxldCBrZXlJZCA9IHR5cGVvZiBrZXlPcklkID09PSAnc3RyaW5nJyA/IGtleU9ySWQgOiBrZXlPcklkPy5pZDtcblxuICAgIGlmICghdGhpcy5oYXNLZXkoa2V5SWQpICYmIGdldEtleUlkQ2FsbGJhY2spIHtcbiAgICAgIGtleUlkID0gYXdhaXQgZ2V0S2V5SWRDYWxsYmFjaygpO1xuICAgIH1cbiAgICAvLyBlbHNlLCBjb250aW51ZSBhbmQgbGV0IGl0IGZhaWwuXG5cbiAgICBjb25zdCBrZXkgPSB0aGlzLmtleShrZXlJZCk7XG4gICAgaWYgKGtleS5qd2spIHtcbiAgICAgIHJldHVybiBrZXk7XG4gICAgfSBlbHNlIHtcbiAgICAgIHJldHVybiB0aGlzLnVud3JhcEtleSh0aGlzLmtleVNlcnZpY2UuZ2V0Q3VycmVudE1hc3RlcktleSgpLmlkLCBrZXlJZCk7XG4gICAgfVxuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBfdW53cmFwTGluayh3cmFwcGluZ0tleSwgbGluaywgZHN0S2V5KSB7XG4gICAgLy8gY29uc29sZS5sb2coXCJfdW53cmFwTGluazpcIiwgbGluay5kYXRhLmtleUlkKTtcbiAgICBjb25zdCB3cmFwcGVkS2V5ID0gSlNPTi5wYXJzZShsaW5rLmRhdGEud3JhcHBlZEtleSk7XG4gICAgLy8gU2lnbmF0dXJlcyBvZiBrZXlzIGNvbnRhaW4gdGhlIGtleSBpdHNlbGYuIFRoaXMgd2F5IHdlIG9ubHkgbmVlZFxuICAgIC8vIHRvIGFjY2VzcyB0aGUgS2V5TGlua3MgdG8gZGVjcnlwdC92ZXJpZnkga2V5cy5cbiAgICBsZXQgbmV4dFJhd0tleTtcbiAgICBpZiAod3JhcHBlZEtleS5zaWduYXR1cmVzKSB7XG4gICAgICBuZXh0UmF3S2V5ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS52ZXJpZnkod3JhcHBpbmdLZXksIHdyYXBwZWRLZXkpO1xuICAgIH0gZWxzZSB7XG4gICAgICBuZXh0UmF3S2V5ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxuICAgICAgICB3cmFwcGluZ0tleSxcbiAgICAgICAgd3JhcHBlZEtleVxuICAgICAgKTtcbiAgICB9XG4gICAgZHN0S2V5Lmp3ayA9IGF3YWl0IEtGUy5hc0tleShuZXh0UmF3S2V5KTtcbiAgICBkc3RLZXkudGFzayA9IG51bGw7XG4gIH1cblxuICBwcml2YXRlIGFzeW5jIF91bndyYXAoa2V5OiBKV0suS2V5LCBwYXRoOiBFZGdlW10pOiBQcm9taXNlPEpXSy5LZXk+IHtcbiAgICBmb3IgKGNvbnN0IGxpbmsgb2YgcGF0aCkge1xuICAgICAgY29uc3QgZHN0S2V5ID0gdGhpcy5rZXkobGluay5kYXRhLmtleUlkKTtcbiAgICAgIC8vIGNvbnNvbGUubG9nKFwia2V5OiBcIiwgbGluay5kYXRhLmtleUlkKTtcbiAgICAgIGlmIChkc3RLZXkuandrKSB7XG4gICAgICAgIGtleSA9IGRzdEtleS5qd2s7XG4gICAgICAgIC8vIGNvbnNvbGUubG9nKFwiUmV0dXJuaW5nIGNhY2hlZCBrZXk6IFwiLCBsaW5rLmRhdGEua2V5SWQpO1xuICAgICAgICBjb250aW51ZTtcbiAgICAgIH1cblxuICAgICAgaWYgKCFkc3RLZXkudGFzaykge1xuICAgICAgICBkc3RLZXkudGFzayA9IHRoaXMuX3Vud3JhcExpbmsoa2V5LCBsaW5rLCBkc3RLZXkpO1xuICAgICAgfVxuXG4gICAgICBhd2FpdCBkc3RLZXkudGFzaztcbiAgICAgIGtleSA9IGRzdEtleS5qd2s7XG4gICAgfVxuXG4gICAgcmV0dXJuIGtleTtcbiAgfVxuXG4gIHB1YmxpYyBhc3luYyB1bndyYXBXaXRoUGFzc0tleShcbiAgICBwYXNzS2V5SWQ6IHN0cmluZyxcbiAgICBwYXNzS2V5OiBKV0suS2V5LFxuICAgIGtleUlkOiBzdHJpbmdcbiAgKTogUHJvbWlzZTxLZXk+IHtcbiAgICAvLyBHZXQgcGF0aCBvZiB0aGUgZGlyZWN0b3J5IGtleS5cbiAgICBjb25zdCBwYXRoID0gdGhpcy5nZXRQYXRoKHBhc3NLZXlJZCwga2V5SWQpO1xuXG4gICAgcmV0dXJuIHtcbiAgICAgIGlkOiBrZXlJZCxcbiAgICAgIGp3azogYXdhaXQgdGhpcy5fdW53cmFwKHBhc3NLZXksIHBhdGgpLFxuICAgIH07XG4gIH1cblxuICBhc3luYyB1bndyYXBLZXkobWFzdGVyS2V5SWQ6IHN0cmluZywga2V5SWQ6IHN0cmluZyk6IFByb21pc2U8S2V5PiB7XG4gICAgLy8gVGhlIGZpcnN0IGtleSBzaG91bGQgYmUgYSBtYXN0ZXJLZXlcbiAgICBjb25zdCBtYXN0ZXJLZXkgPSBhd2FpdCB0aGlzLmtleVNlcnZpY2UubG9hZE1hc3RlcktleShtYXN0ZXJLZXlJZCk7XG5cbiAgICBpZiAobWFzdGVyS2V5SWQgPT09IGtleUlkKSB7XG4gICAgICByZXR1cm4gbWFzdGVyS2V5O1xuICAgIH1cblxuICAgIC8vIEdldCBwYXRoIG9mIHRoZSBkaXJlY3Rvcnkga2V5LlxuICAgIGNvbnN0IHBhdGggPSB0aGlzLmdldFBhdGgobWFzdGVyS2V5LmlkLCBrZXlJZCk7XG5cbiAgICByZXR1cm4ge1xuICAgICAgaWQ6IGtleUlkLFxuICAgICAgandrOiBhd2FpdCB0aGlzLl91bndyYXAobWFzdGVyS2V5Lmp3aywgcGF0aCksXG4gICAgfTtcbiAgfVxuXG4gIGFzeW5jIGRlY3J5cHRGcm9tU3RyaW5nPFQ+KFxuICAgIGtleU9ySWQ6IHN0cmluZyB8IEtleSxcbiAgICBjaXBoZXJEYXRhOiBzdHJpbmcsXG4gICAgb3B0aW9ucz86IERlY3J5cHRPcHRpb25zXG4gICk6IFByb21pc2U8VD4ge1xuICAgIGlmIChjaXBoZXJEYXRhKSB7XG4gICAgICBjb25zdCBrZXkgPSBhd2FpdCB0aGlzLmdldEp3a0tleShrZXlPcklkKTtcbiAgICAgIHJldHVybiAoYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxuICAgICAgICBrZXksXG4gICAgICAgIEpTT04ucGFyc2UoY2lwaGVyRGF0YSksXG4gICAgICAgIG9wdGlvbnNcbiAgICAgICkpIGFzIGFueTtcbiAgICB9XG4gICAgcmV0dXJuIG51bGw7XG4gIH1cblxuICBhc3luYyBkZWNyeXB0RmlsZShrZXlJZDogc3RyaW5nLCBmaWxlOiBhbnkpOiBQcm9taXNlPGFueT4ge1xuICAgIGNvbnN0IGtleSA9IGF3YWl0IHRoaXMuZ2V0SndrS2V5KGtleUlkKTtcbiAgICByZXR1cm4gKGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZGVjcnlwdChrZXksIGZpbGUsIHtcbiAgICAgIHBheWxvYWRUeXBlOiAnQXJyYXlCdWZmZXInLFxuICAgIH0pKSBhcyBhbnk7XG4gIH1cblxuICAvLyBUT0RPIHJlbmFtZSB0aGlzIHRvIGVuY3J5cHQoKSBhbmQgdXNlIGFzIHRoZSBtb3N0IGNvbW1vbiB1c2VjYXNlXG4gIGFzeW5jIGVuY3J5cHRUb1N0cmluZyhcbiAgICBrZXk6IHN0cmluZyB8IEtleSB8IEpXSy5LZXksXG4gICAgY29udGVudDogYW55XG4gICk6IFByb21pc2U8c3RyaW5nPiB7XG4gICAgLy8gRW1wdHkgc3RyaW5nIHNob3VsZCBiZSBlbmNyeXB0ZWQgc2luY2UgeW91IHdhbnQgdG8gY2xlYXIgdGhlIGZpZWxkLlxuICAgIC8vIE51bGwgaXMgbm90IGVuY3J5cHRlZCBiZWNhdXNlIGl0J3Mgbm90IHZhbGlkIEpTT04gaW4gdGhlIG9sZCBKU09OIHNwZWMuIFVzZVxuICAgIC8vIGVtcHR5IHN0cmluZyBpbnN0ZWFkLiBJdCdsbCBmdW5jdGlvbiBhcyBhIGxvZ2ljIGZhbHNlIGFzIHdlbGwuXG4gICAgLy8gTm90ZSB0aGF0IHBhc3NpbmcgaW4gZW1wdHkgc3RyaW5nIG1lYW5zIGl0J2xsIGJlIGVuY3J5cHRlZCB3aGljaCB2ZXJpZmllc1xuICAgIC8vIGl0J3MgaW50ZWdyaXR5LiBCdXQgd2Ugc3RpbGwgd2FudCB0byBoYXZlIGEgd2F5IHRvIHNldCB0aGUgREIgZmllbGRcbiAgICAvLyB0byBOVUxMLCBzbyB3ZSBleHBsaWNpdGx5IHJldHVybiBudWxsIHdoZW4gY29udGVudCA9PSBudWxsLiBBIG51bGxcbiAgICAvLyB2YXJpYWJsZSBpbiBncmFwaHFsIG11dGF0aW9uIG9uIEtDIHNlcnZlciBjbGVhcnMgdGhlIGZpZWxkIHRvIE5VTEwuXG4gICAgaWYgKGNvbnRlbnQgPT0gbnVsbCkge1xuICAgICAgcmV0dXJuIG51bGw7XG4gICAgfVxuXG4gICAgY29uc3QgandrID0gYXNKd2soa2V5KSB8fCAoYXdhaXQgdGhpcy5nZXRKd2tLZXkoa2V5IGFzIHN0cmluZyB8IEtleSkpO1xuICAgIHJldHVybiB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHRUb1N0cmluZyhqd2ssIGNvbnRlbnQpO1xuICB9XG5cbiAgLy8gV3JhcHMgYSBzeW1tZXRyaWMgZW5jcnlwdGlvbiBrZXkuXG4gIC8vIFRocm93cyBleGNlcHRpb24gaWYgd3JhcHBpbmcgcHVibGljIGtleXMuXG4gIGFzeW5jIHdyYXBLZXk8VD4oXG4gICAgd3JhcHBpbmdLZXk6IHN0cmluZyB8IEtleSB8IEpXSy5LZXksXG4gICAga2V5OiBKV0suS2V5XG4gICk6IFByb21pc2U8c3RyaW5nPiB7XG4gICAgaWYgKCFpc1N5bW1ldHJpY0tleShrZXkpKSB7XG4gICAgICB0aHJvdyBuZXcgTHJCYWRBcmd1bWVudEV4Y2VwdGlvbihcbiAgICAgICAgJ09ubHkgYWxsb3dpbmcgd3JhcHBpbmcgb2Ygc3ltbWV0cmljIGtleXMuJ1xuICAgICAgKTtcbiAgICB9XG5cbiAgICByZXR1cm4gdGhpcy5lbmNyeXB0VG9TdHJpbmcod3JhcHBpbmdLZXksIGtleS50b0pTT04odHJ1ZSkpO1xuICB9XG5cbiAgLy8gVE9ET1xuICAvLyBhc3luYyB3cmFwUHVibGljS2V5PFQ+KCk7XG4gIC8vIGFzeW5jIHdyYXBQcml2YXRlS2V5PFQ+KCk7XG59XG4iXX0=
+import { __awaiter } from "tslib";
+import { Injectable } from '@angular/core';
+import graphlib, { Graph } from '@dagrejs/graphlib';
+import _ from 'lodash';
+import { LrException, LrEncryptionException, LrNotFoundException, LrBadArgumentException, } from '../_common/exceptions';
+import { EdgeType, NodeType, } from './cryptography.types';
+import { asJwk, EncryptionService, isSymmetricKey, } from './encryption.service';
+import { KeyFactoryService as KFS, } from './key-factory.service';
+import { KeyService } from './key.service';
+import * as i0 from "@angular/core";
+import * as i1 from "./encryption.service";
+import * as i2 from "./key.service";
+export class KeyGraphService {
+    // private keyCache: {
+    //   [id: string]: Key;
+    // };
+    constructor(encryptionService, keyService) {
+        this.encryptionService = encryptionService;
+        this.keyService = keyService;
+        this.purgeKeys();
+    }
+    purgeKeys() {
+        this.graph = new Graph();
+        // this.keyCache = null;
+    }
+    populateKeys(userKey) {
+        return __awaiter(this, void 0, void 0, function* () {
+            this.keyService.populateKeys({
+                passKey: userKey.passKey,
+                masterKey: yield this.keyService.loadMasterKey(userKey.masterKey.id),
+                rootKey: yield this.unwrapKey(userKey.masterKey.id, userKey.rootKey.id),
+                pxk: yield this.unwrapKey(userKey.masterKey.id, userKey.pxk.id),
+                sigPxk: yield this.unwrapKey(userKey.masterKey.id, userKey.sigPxk.id),
+            });
+        });
+    }
+    hasKey(keyId) {
+        return !!this.graph.node(keyId);
+    }
+    getNode(id, type) {
+        const node = this.graph.node(id);
+        if (!node) {
+            throw new LrNotFoundException(`Key graphs does not contain key id: ${id}`);
+        }
+        if (node.type !== type) {
+            throw new LrException({
+                message: `Key with id ${id} is not of type ${type}`,
+            });
+        }
+        return node.data;
+    }
+    key(id) {
+        return this.getNode(id, NodeType.Key);
+    }
+    passKey(id) {
+        return this.getNode(id, NodeType.PassKey);
+    }
+    addKeys(src) {
+        // Keys
+        if (src.keys) {
+            // What key graph returns can not be customized. So keys are essentially immutable.
+            // Therefore, if a key exists, there's no reason to update it.
+            for (const key of src.keys) {
+                // Note using Relay global id allows us to not worry about clashing node id
+                if (this.graph.hasNode(key.id)) {
+                    continue;
+                }
+                const node = {
+                    type: NodeType.Key,
+                    data: _.cloneDeep(key),
+                };
+                this.graph.setNode(key.id, node);
+            }
+        }
+        // KeyLinks
+        if (src.keyLinks) {
+            for (const keyLink of src.keyLinks) {
+                if (this.graph.hasEdge(keyLink.wrappingKeyId, keyLink.keyId)) {
+                    continue;
+                }
+                const edge = {
+                    type: EdgeType.KeyLink,
+                    data: _.cloneDeep(keyLink),
+                };
+                // Edge goes from wrapping key to wrapped key.
+                this.graph.setEdge(keyLink.wrappingKeyId, keyLink.keyId, edge);
+            }
+        }
+        // PassKeyLinks
+        if (src.passKeyLinks) {
+            for (const passKeyLink of src.passKeyLinks) {
+                if (this.graph.hasEdge(passKeyLink.passKeyId, passKeyLink.keyId)) {
+                    continue;
+                }
+                const edge = {
+                    type: EdgeType.PassKeyLink,
+                    data: _.cloneDeep(passKeyLink),
+                };
+                // Edge goes from wrapping key to wrapped key.
+                this.graph.setEdge(passKeyLink.passKeyId, passKeyLink.keyId, edge);
+            }
+        }
+        // The graph is the single source of truth. These are lazily calculated.
+        // this.keyCache = null;
+    }
+    tracePath(distances, keyId) {
+        // The node label is the same as the id of the key nodes.
+        const ret = [];
+        let node = keyId;
+        if (!distances[node].predecessor) {
+            return null;
+        }
+        while (distances[node].predecessor) {
+            const child = distances[node].predecessor;
+            ret.push(this.graph.edge(child, node));
+            node = child;
+        }
+        // After reverse, the first element is the passkey
+        ret.reverse();
+        return ret;
+    }
+    getPath(knownKeyId, keyId) {
+        if (!knownKeyId || typeof knownKeyId !== 'string') {
+            throw new LrEncryptionException(`Param knownKeyId wrong format: ${knownKeyId}`);
+        }
+        if (!keyId || typeof keyId !== 'string') {
+            throw new LrEncryptionException(`Param keyId wrong format: ${keyId}`);
+        }
+        // => { A: { distance: 0 },
+        //      B: { distance: 6, predecessor: 'C' },
+        //      C: { distance: 4, predecessor: 'A' },
+        //      D: { distance: 2, predecessor: 'A' },
+        //      E: { distance: 8, predecessor: 'F' },
+        //      F: { distance: 4, predecessor: 'D' } }
+        const distances = graphlib.alg.dijkstra(this.graph, knownKeyId);
+        // Trace path from keyId to knownKeyId
+        return this.tracePath(distances, keyId);
+    }
+    getJwkKey(keyOrId, getKeyIdCallback) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return (yield this.getKey(keyOrId, getKeyIdCallback)).jwk;
+        });
+    }
+    // We assume that when a keyId is fetched, the key graph
+    // for the key is also returned and merged into the client-side
+    // key graph. By insisting a keyId is returned instead of the
+    // actual key we ensure key-graph is consistent.
+    getKey(keyOrId, getKeyIdCallback) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let keyId = typeof keyOrId === 'string' ? keyOrId : keyOrId === null || keyOrId === void 0 ? void 0 : keyOrId.id;
+            if (!this.hasKey(keyId) && getKeyIdCallback) {
+                keyId = yield getKeyIdCallback();
+            }
+            // else, continue and let it fail.
+            const key = this.key(keyId);
+            if (key.jwk) {
+                return key;
+            }
+            else {
+                return this.unwrapKey(this.keyService.getCurrentMasterKey().id, keyId);
+            }
+        });
+    }
+    _unwrapLink(wrappingKey, link, dstKey) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // console.log("_unwrapLink:", link.data.keyId);
+            const wrappedKey = JSON.parse(link.data.wrappedKey);
+            // Signatures of keys contain the key itself. This way we only need
+            // to access the KeyLinks to decrypt/verify keys.
+            let nextRawKey;
+            if (wrappedKey.signatures) {
+                nextRawKey = yield this.encryptionService.verify(wrappingKey, wrappedKey);
+            }
+            else {
+                nextRawKey = yield this.encryptionService.decrypt(wrappingKey, wrappedKey);
+            }
+            dstKey.jwk = yield KFS.asKey(nextRawKey);
+            dstKey.task = null;
+        });
+    }
+    _unwrap(key, path) {
+        return __awaiter(this, void 0, void 0, function* () {
+            for (const link of path) {
+                const dstKey = this.key(link.data.keyId);
+                // console.log("key: ", link.data.keyId);
+                if (dstKey.jwk) {
+                    key = dstKey.jwk;
+                    // console.log("Returning cached key: ", link.data.keyId);
+                    continue;
+                }
+                if (!dstKey.task) {
+                    dstKey.task = this._unwrapLink(key, link, dstKey);
+                }
+                yield dstKey.task;
+                key = dstKey.jwk;
+            }
+            return key;
+        });
+    }
+    unwrapWithPassKey(passKeyId, passKey, keyId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Get path of the directory key.
+            const path = this.getPath(passKeyId, keyId);
+            return {
+                id: keyId,
+                jwk: yield this._unwrap(passKey, path),
+            };
+        });
+    }
+    unwrapKey(masterKeyId, keyId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // The first key should be a masterKey
+            const masterKey = yield this.keyService.loadMasterKey(masterKeyId);
+            if (masterKeyId === keyId) {
+                return masterKey;
+            }
+            // Get path of the directory key.
+            const path = this.getPath(masterKey.id, keyId);
+            return {
+                id: keyId,
+                jwk: yield this._unwrap(masterKey.jwk, path),
+            };
+        });
+    }
+    decryptFromString(keyOrId, cipherData, options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (cipherData) {
+                const key = yield this.getJwkKey(keyOrId);
+                return (yield this.encryptionService.decrypt(key, JSON.parse(cipherData), options));
+            }
+            return null;
+        });
+    }
+    decryptFile(keyId, file) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.getJwkKey(keyId);
+            return (yield this.encryptionService.decrypt(key, file, {
+                payloadType: 'ArrayBuffer',
+            }));
+        });
+    }
+    // TODO rename this to encrypt() and use as the most common usecase
+    encryptToString(key, content) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Empty string should be encrypted since you want to clear the field.
+            // Null is not encrypted because it's not valid JSON in the old JSON spec. Use
+            // empty string instead. It'll function as a logic false as well.
+            // Note that passing in empty string means it'll be encrypted which verifies
+            // it's integrity. But we still want to have a way to set the DB field
+            // to NULL, so we explicitly return null when content == null. A null
+            // variable in graphql mutation on KC server clears the field to NULL.
+            if (content == null) {
+                return null;
+            }
+            const jwk = asJwk(key) || (yield this.getJwkKey(key));
+            return this.encryptionService.encryptToString(jwk, content);
+        });
+    }
+    // Wraps a symmetric encryption key.
+    // Throws exception if wrapping public keys.
+    wrapKey(wrappingKey, key) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!isSymmetricKey(key)) {
+                throw new LrBadArgumentException('Only allowing wrapping of symmetric keys.');
+            }
+            return this.encryptToString(wrappingKey, key.toJSON(true));
+        });
+    }
+}
+KeyGraphService.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyGraphService_Factory() { return new KeyGraphService(i0.ɵɵinject(i1.EncryptionService), i0.ɵɵinject(i2.KeyService)); }, token: KeyGraphService, providedIn: "root" });
+KeyGraphService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+KeyGraphService.ctorParameters = () => [
+    { type: EncryptionService },
+    { type: KeyService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LWdyYXBoLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiQzovUHJvamVjdHMvbmV3cmVwby9rYy1jbGllbnQvcHJvamVjdHMvY29yZS9zcmMvIiwic291cmNlcyI6WyJsaWIvY3J5cHRvZ3JhcGh5L2tleS1ncmFwaC5zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sZUFBZSxDQUFDO0FBQzNDLE9BQU8sUUFBUSxFQUFFLEVBQUUsS0FBSyxFQUFFLE1BQU0sbUJBQW1CLENBQUM7QUFDcEQsT0FBTyxDQUFDLE1BQU0sUUFBUSxDQUFDO0FBR3ZCLE9BQU8sRUFDTCxXQUFXLEVBQ1gscUJBQXFCLEVBQ3JCLG1CQUFtQixFQUNuQixzQkFBc0IsR0FDdkIsTUFBTSx1QkFBdUIsQ0FBQztBQUMvQixPQUFPLEVBRUwsUUFBUSxFQUlSLFFBQVEsR0FFVCxNQUFNLHNCQUFzQixDQUFDO0FBQzlCLE9BQU8sRUFDTCxLQUFLLEVBRUwsaUJBQWlCLEVBQ2pCLGNBQWMsR0FDZixNQUFNLHNCQUFzQixDQUFDO0FBQzlCLE9BQU8sRUFFTCxpQkFBaUIsSUFBSSxHQUFHLEdBQ3pCLE1BQU0sdUJBQXVCLENBQUM7QUFDL0IsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGVBQWUsQ0FBQzs7OztBQVMzQyxNQUFNLE9BQU8sZUFBZTtJQUUxQixzQkFBc0I7SUFDdEIsdUJBQXVCO0lBQ3ZCLEtBQUs7SUFFTCxZQUNVLGlCQUFvQyxFQUNwQyxVQUFzQjtRQUR0QixzQkFBaUIsR0FBakIsaUJBQWlCLENBQW1CO1FBQ3BDLGVBQVUsR0FBVixVQUFVLENBQVk7UUFFOUIsSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO0lBQ25CLENBQUM7SUFFRCxTQUFTO1FBQ1AsSUFBSSxDQUFDLEtBQUssR0FBRyxJQUFJLEtBQUssRUFBRSxDQUFDO1FBQ3pCLHdCQUF3QjtJQUMxQixDQUFDO0lBRUssWUFBWSxDQUFDLE9BQXVCOztZQUN4QyxJQUFJLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FBQztnQkFDM0IsT0FBTyxFQUFFLE9BQU8sQ0FBQyxPQUFPO2dCQUN4QixTQUFTLEVBQUUsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztnQkFDcEUsT0FBTyxFQUFFLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztnQkFDdkUsR0FBRyxFQUFFLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFBRSxPQUFPLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDL0QsTUFBTSxFQUFFLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFBRSxPQUFPLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQzthQUN0RSxDQUFDLENBQUM7UUFDTCxDQUFDO0tBQUE7SUFFRCxNQUFNLENBQUMsS0FBYTtRQUNsQixPQUFPLENBQUMsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUNsQyxDQUFDO0lBRU8sT0FBTyxDQUFDLEVBQUUsRUFBRSxJQUFJO1FBQ3RCLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ2pDLElBQUksQ0FBQyxJQUFJLEVBQUU7WUFDVCxNQUFNLElBQUksbUJBQW1CLENBQzNCLHVDQUF1QyxFQUFFLEVBQUUsQ0FDNUMsQ0FBQztTQUNIO1FBQ0QsSUFBSSxJQUFJLENBQUMsSUFBSSxLQUFLLElBQUksRUFBRTtZQUN0QixNQUFNLElBQUksV0FBVyxDQUFDO2dCQUNwQixPQUFPLEVBQUUsZUFBZSxFQUFFLG1CQUFtQixJQUFJLEVBQUU7YUFDcEQsQ0FBQyxDQUFDO1NBQ0o7UUFDRCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUM7SUFDbkIsQ0FBQztJQUVELEdBQUcsQ0FBQyxFQUFFO1FBQ0osT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDLEVBQUUsRUFBRSxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVELE9BQU8sQ0FBQyxFQUFFO1FBQ1IsT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDLEVBQUUsRUFBRSxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDNUMsQ0FBQztJQUVELE9BQU8sQ0FBQyxHQUFxQjtRQUMzQixPQUFPO1FBQ1AsSUFBSSxHQUFHLENBQUMsSUFBSSxFQUFFO1lBQ1osbUZBQW1GO1lBQ25GLDhEQUE4RDtZQUM5RCxLQUFLLE1BQU0sR0FBRyxJQUFJLEdBQUcsQ0FBQyxJQUFJLEVBQUU7Z0JBQzFCLDJFQUEyRTtnQkFDM0UsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEVBQUU7b0JBQzlCLFNBQVM7aUJBQ1Y7Z0JBRUQsTUFBTSxJQUFJLEdBQVM7b0JBQ2pCLElBQUksRUFBRSxRQUFRLENBQUMsR0FBRztvQkFDbEIsSUFBSSxFQUFFLENBQUMsQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDO2lCQUN2QixDQUFDO2dCQUVGLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxFQUFFLEVBQUUsSUFBSSxDQUFDLENBQUM7YUFDbEM7U0FDRjtRQUVELFdBQVc7UUFDWCxJQUFJLEdBQUcsQ0FBQyxRQUFRLEVBQUU7WUFDaEIsS0FBSyxNQUFNLE9BQU8sSUFBSSxHQUFHLENBQUMsUUFBUSxFQUFFO2dCQUNsQyxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQUUsT0FBTyxDQUFDLEtBQUssQ0FBQyxFQUFFO29CQUM1RCxTQUFTO2lCQUNWO2dCQUVELE1BQU0sSUFBSSxHQUFTO29CQUNqQixJQUFJLEVBQUUsUUFBUSxDQUFDLE9BQU87b0JBQ3RCLElBQUksRUFBRSxDQUFDLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQztpQkFDM0IsQ0FBQztnQkFDRiw4Q0FBOEM7Z0JBQzlDLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQUUsT0FBTyxDQUFDLEtBQUssRUFBRSxJQUFJLENBQUMsQ0FBQzthQUNoRTtTQUNGO1FBRUQsZUFBZTtRQUNmLElBQUksR0FBRyxDQUFDLFlBQVksRUFBRTtZQUNwQixLQUFLLE1BQU0sV0FBVyxJQUFJLEdBQUcsQ0FBQyxZQUFZLEVBQUU7Z0JBQzFDLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLFNBQVMsRUFBRSxXQUFXLENBQUMsS0FBSyxDQUFDLEVBQUU7b0JBQ2hFLFNBQVM7aUJBQ1Y7Z0JBRUQsTUFBTSxJQUFJLEdBQVM7b0JBQ2pCLElBQUksRUFBRSxRQUFRLENBQUMsV0FBVztvQkFDMUIsSUFBSSxFQUFFLENBQUMsQ0FBQyxTQUFTLENBQUMsV0FBVyxDQUFDO2lCQUMvQixDQUFDO2dCQUNGLDhDQUE4QztnQkFDOUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLFNBQVMsRUFBRSxXQUFXLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDO2FBQ3BFO1NBQ0Y7UUFFRCx3RUFBd0U7UUFDeEUsd0JBQXdCO0lBQzFCLENBQUM7SUFFRCxTQUFTLENBQUMsU0FBUyxFQUFFLEtBQWE7UUFDaEMseURBQXlEO1FBQ3pELE1BQU0sR0FBRyxHQUFXLEVBQUUsQ0FBQztRQUN2QixJQUFJLElBQUksR0FBRyxLQUFLLENBQUM7UUFDakIsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxXQUFXLEVBQUU7WUFDaEMsT0FBTyxJQUFJLENBQUM7U0FDYjtRQUVELE9BQU8sU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDLFdBQVcsRUFBRTtZQUNsQyxNQUFNLEtBQUssR0FBRyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUMsV0FBVyxDQUFDO1lBQzFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDLENBQUM7WUFDdkMsSUFBSSxHQUFHLEtBQUssQ0FBQztTQUNkO1FBRUQsa0RBQWtEO1FBQ2xELEdBQUcsQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUVkLE9BQU8sR0FBRyxDQUFDO0lBQ2IsQ0FBQztJQUVELE9BQU8sQ0FBQyxVQUFrQixFQUFFLEtBQWE7UUFDdkMsSUFBSSxDQUFDLFVBQVUsSUFBSSxPQUFPLFVBQVUsS0FBSyxRQUFRLEVBQUU7WUFDakQsTUFBTSxJQUFJLHFCQUFxQixDQUM3QixrQ0FBa0MsVUFBVSxFQUFFLENBQy9DLENBQUM7U0FDSDtRQUNELElBQUksQ0FBQyxLQUFLLElBQUksT0FBTyxLQUFLLEtBQUssUUFBUSxFQUFFO1lBQ3ZDLE1BQU0sSUFBSSxxQkFBcUIsQ0FBQyw2QkFBNkIsS0FBSyxFQUFFLENBQUMsQ0FBQztTQUN2RTtRQUVELDJCQUEyQjtRQUMzQiw2Q0FBNkM7UUFDN0MsNkNBQTZDO1FBQzdDLDZDQUE2QztRQUM3Qyw2Q0FBNkM7UUFDN0MsOENBQThDO1FBQzlDLE1BQU0sU0FBUyxHQUFHLFFBQVEsQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxLQUFLLEVBQUUsVUFBVSxDQUFDLENBQUM7UUFFaEUsc0NBQXNDO1FBQ3RDLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxTQUFTLEVBQUUsS0FBSyxDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVLLFNBQVMsQ0FDYixPQUFxQixFQUNyQixnQkFBaUQ7O1lBRWpELE9BQU8sQ0FBQyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxFQUFFLGdCQUFnQixDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUM7UUFDNUQsQ0FBQztLQUFBO0lBRUQsd0RBQXdEO0lBQ3hELCtEQUErRDtJQUMvRCw2REFBNkQ7SUFDN0QsZ0RBQWdEO0lBQzFDLE1BQU0sQ0FDVixPQUFxQixFQUNyQixnQkFBaUQ7O1lBRWpELElBQUksS0FBSyxHQUFHLE9BQU8sT0FBTyxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxPQUFPLGFBQVAsT0FBTyx1QkFBUCxPQUFPLENBQUUsRUFBRSxDQUFDO1lBRWhFLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLGdCQUFnQixFQUFFO2dCQUMzQyxLQUFLLEdBQUcsTUFBTSxnQkFBZ0IsRUFBRSxDQUFDO2FBQ2xDO1lBQ0Qsa0NBQWtDO1lBRWxDLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDNUIsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFO2dCQUNYLE9BQU8sR0FBRyxDQUFDO2FBQ1o7aUJBQU07Z0JBQ0wsT0FBTyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsbUJBQW1CLEVBQUUsQ0FBQyxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7YUFDeEU7UUFDSCxDQUFDO0tBQUE7SUFFYSxXQUFXLENBQUMsV0FBVyxFQUFFLElBQUksRUFBRSxNQUFNOztZQUNqRCxnREFBZ0Q7WUFDaEQsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBQ3BELG1FQUFtRTtZQUNuRSxpREFBaUQ7WUFDakQsSUFBSSxVQUFVLENBQUM7WUFDZixJQUFJLFVBQVUsQ0FBQyxVQUFVLEVBQUU7Z0JBQ3pCLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLENBQUMsV0FBVyxFQUFFLFVBQVUsQ0FBQyxDQUFDO2FBQzNFO2lCQUFNO2dCQUNMLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQy9DLFdBQVcsRUFDWCxVQUFVLENBQ1gsQ0FBQzthQUNIO1lBQ0QsTUFBTSxDQUFDLEdBQUcsR0FBRyxNQUFNLEdBQUcsQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLENBQUM7WUFDekMsTUFBTSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUM7UUFDckIsQ0FBQztLQUFBO0lBRWEsT0FBTyxDQUFDLEdBQVksRUFBRSxJQUFZOztZQUM5QyxLQUFLLE1BQU0sSUFBSSxJQUFJLElBQUksRUFBRTtnQkFDdkIsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDO2dCQUN6Qyx5Q0FBeUM7Z0JBQ3pDLElBQUksTUFBTSxDQUFDLEdBQUcsRUFBRTtvQkFDZCxHQUFHLEdBQUcsTUFBTSxDQUFDLEdBQUcsQ0FBQztvQkFDakIsMERBQTBEO29CQUMxRCxTQUFTO2lCQUNWO2dCQUVELElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFO29CQUNoQixNQUFNLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxFQUFFLElBQUksRUFBRSxNQUFNLENBQUMsQ0FBQztpQkFDbkQ7Z0JBRUQsTUFBTSxNQUFNLENBQUMsSUFBSSxDQUFDO2dCQUNsQixHQUFHLEdBQUcsTUFBTSxDQUFDLEdBQUcsQ0FBQzthQUNsQjtZQUVELE9BQU8sR0FBRyxDQUFDO1FBQ2IsQ0FBQztLQUFBO0lBRVksaUJBQWlCLENBQzVCLFNBQWlCLEVBQ2pCLE9BQWdCLEVBQ2hCLEtBQWE7O1lBRWIsaUNBQWlDO1lBQ2pDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLEtBQUssQ0FBQyxDQUFDO1lBRTVDLE9BQU87Z0JBQ0wsRUFBRSxFQUFFLEtBQUs7Z0JBQ1QsR0FBRyxFQUFFLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDO2FBQ3ZDLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFSyxTQUFTLENBQUMsV0FBbUIsRUFBRSxLQUFhOztZQUNoRCxzQ0FBc0M7WUFDdEMsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQyxXQUFXLENBQUMsQ0FBQztZQUVuRSxJQUFJLFdBQVcsS0FBSyxLQUFLLEVBQUU7Z0JBQ3pCLE9BQU8sU0FBUyxDQUFDO2FBQ2xCO1lBRUQsaUNBQWlDO1lBQ2pDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFBRSxLQUFLLENBQUMsQ0FBQztZQUUvQyxPQUFPO2dCQUNMLEVBQUUsRUFBRSxLQUFLO2dCQUNULEdBQUcsRUFBRSxNQUFNLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEdBQUcsRUFBRSxJQUFJLENBQUM7YUFDN0MsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVLLGlCQUFpQixDQUNyQixPQUFxQixFQUNyQixVQUFrQixFQUNsQixPQUF3Qjs7WUFFeEIsSUFBSSxVQUFVLEVBQUU7Z0JBQ2QsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxDQUFDO2dCQUMxQyxPQUFPLENBQUMsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUMxQyxHQUFHLEVBQ0gsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsRUFDdEIsT0FBTyxDQUNSLENBQVEsQ0FBQzthQUNYO1lBQ0QsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO0tBQUE7SUFFSyxXQUFXLENBQUMsS0FBYSxFQUFFLElBQVM7O1lBQ3hDLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUN4QyxPQUFPLENBQUMsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLEdBQUcsRUFBRSxJQUFJLEVBQUU7Z0JBQ3RELFdBQVcsRUFBRSxhQUFhO2FBQzNCLENBQUMsQ0FBUSxDQUFDO1FBQ2IsQ0FBQztLQUFBO0lBRUQsbUVBQW1FO0lBQzdELGVBQWUsQ0FDbkIsR0FBMkIsRUFDM0IsT0FBWTs7WUFFWixzRUFBc0U7WUFDdEUsOEVBQThFO1lBQzlFLGlFQUFpRTtZQUNqRSw0RUFBNEU7WUFDNUUsc0VBQXNFO1lBQ3RFLHFFQUFxRTtZQUNyRSxzRUFBc0U7WUFDdEUsSUFBSSxPQUFPLElBQUksSUFBSSxFQUFFO2dCQUNuQixPQUFPLElBQUksQ0FBQzthQUNiO1lBRUQsTUFBTSxHQUFHLEdBQUcsS0FBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLEdBQW1CLENBQUMsQ0FBQyxDQUFDO1lBQ3RFLE9BQU8sSUFBSSxDQUFDLGlCQUFpQixDQUFDLGVBQWUsQ0FBQyxHQUFHLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDOUQsQ0FBQztLQUFBO0lBRUQsb0NBQW9DO0lBQ3BDLDRDQUE0QztJQUN0QyxPQUFPLENBQ1gsV0FBbUMsRUFDbkMsR0FBWTs7WUFFWixJQUFJLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxFQUFFO2dCQUN4QixNQUFNLElBQUksc0JBQXNCLENBQzlCLDJDQUEyQyxDQUM1QyxDQUFDO2FBQ0g7WUFFRCxPQUFPLElBQUksQ0FBQyxlQUFlLENBQUMsV0FBVyxFQUFFLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztRQUM3RCxDQUFDO0tBQUE7Ozs7WUF4VEYsVUFBVSxTQUFDO2dCQUNWLFVBQVUsRUFBRSxNQUFNO2FBQ25COzs7WUFmQyxpQkFBaUI7WUFPVixVQUFVIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgSW5qZWN0YWJsZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xyXG5pbXBvcnQgZ3JhcGhsaWIsIHsgR3JhcGggfSBmcm9tICdAZGFncmVqcy9ncmFwaGxpYic7XHJcbmltcG9ydCBfIGZyb20gJ2xvZGFzaCc7XHJcbmltcG9ydCB7IEpXSyB9IGZyb20gJ25vZGUtam9zZSc7XHJcbmltcG9ydCB7IEN1cnJlbnRVc2VyS2V5IH0gZnJvbSAnLi4vdXNlcnMvcHJvZmlsZS50eXBlcyc7XHJcbmltcG9ydCB7XHJcbiAgTHJFeGNlcHRpb24sXHJcbiAgTHJFbmNyeXB0aW9uRXhjZXB0aW9uLFxyXG4gIExyTm90Rm91bmRFeGNlcHRpb24sXHJcbiAgTHJCYWRBcmd1bWVudEV4Y2VwdGlvbixcclxufSBmcm9tICcuLi9fY29tbW9uL2V4Y2VwdGlvbnMnO1xyXG5pbXBvcnQge1xyXG4gIEVkZ2UsXHJcbiAgRWRnZVR5cGUsXHJcbiAgS2V5LFxyXG4gIEtleUdyYXBoUmVzcG9uc2UsXHJcbiAgTm9kZSxcclxuICBOb2RlVHlwZSxcclxuICBQYXNzS2V5LFxyXG59IGZyb20gJy4vY3J5cHRvZ3JhcGh5LnR5cGVzJztcclxuaW1wb3J0IHtcclxuICBhc0p3ayxcclxuICBEZWNyeXB0T3B0aW9ucyxcclxuICBFbmNyeXB0aW9uU2VydmljZSxcclxuICBpc1N5bW1ldHJpY0tleSxcclxufSBmcm9tICcuL2VuY3J5cHRpb24uc2VydmljZSc7XHJcbmltcG9ydCB7XHJcbiAgS2V5RmFjdG9yeVNlcnZpY2UsXHJcbiAgS2V5RmFjdG9yeVNlcnZpY2UgYXMgS0ZTLFxyXG59IGZyb20gJy4va2V5LWZhY3Rvcnkuc2VydmljZSc7XHJcbmltcG9ydCB7IEtleVNlcnZpY2UgfSBmcm9tICcuL2tleS5zZXJ2aWNlJztcclxuXHJcbmV4cG9ydCBpbnRlcmZhY2UgR3JhcGhLZXkgZXh0ZW5kcyBLZXkge1xyXG4gIHRhc2s/OiBQcm9taXNlPGFueT47XHJcbn1cclxuXHJcbkBJbmplY3RhYmxlKHtcclxuICBwcm92aWRlZEluOiAncm9vdCcsXHJcbn0pXHJcbmV4cG9ydCBjbGFzcyBLZXlHcmFwaFNlcnZpY2Uge1xyXG4gIHByaXZhdGUgZ3JhcGg6IEdyYXBoO1xyXG4gIC8vIHByaXZhdGUga2V5Q2FjaGU6IHtcclxuICAvLyAgIFtpZDogc3RyaW5nXTogS2V5O1xyXG4gIC8vIH07XHJcblxyXG4gIGNvbnN0cnVjdG9yKFxyXG4gICAgcHJpdmF0ZSBlbmNyeXB0aW9uU2VydmljZTogRW5jcnlwdGlvblNlcnZpY2UsXHJcbiAgICBwcml2YXRlIGtleVNlcnZpY2U6IEtleVNlcnZpY2VcclxuICApIHtcclxuICAgIHRoaXMucHVyZ2VLZXlzKCk7XHJcbiAgfVxyXG5cclxuICBwdXJnZUtleXMoKSB7XHJcbiAgICB0aGlzLmdyYXBoID0gbmV3IEdyYXBoKCk7XHJcbiAgICAvLyB0aGlzLmtleUNhY2hlID0gbnVsbDtcclxuICB9XHJcblxyXG4gIGFzeW5jIHBvcHVsYXRlS2V5cyh1c2VyS2V5OiBDdXJyZW50VXNlcktleSkge1xyXG4gICAgdGhpcy5rZXlTZXJ2aWNlLnBvcHVsYXRlS2V5cyh7XHJcbiAgICAgIHBhc3NLZXk6IHVzZXJLZXkucGFzc0tleSxcclxuICAgICAgbWFzdGVyS2V5OiBhd2FpdCB0aGlzLmtleVNlcnZpY2UubG9hZE1hc3RlcktleSh1c2VyS2V5Lm1hc3RlcktleS5pZCksXHJcbiAgICAgIHJvb3RLZXk6IGF3YWl0IHRoaXMudW53cmFwS2V5KHVzZXJLZXkubWFzdGVyS2V5LmlkLCB1c2VyS2V5LnJvb3RLZXkuaWQpLFxyXG4gICAgICBweGs6IGF3YWl0IHRoaXMudW53cmFwS2V5KHVzZXJLZXkubWFzdGVyS2V5LmlkLCB1c2VyS2V5LnB4ay5pZCksXHJcbiAgICAgIHNpZ1B4azogYXdhaXQgdGhpcy51bndyYXBLZXkodXNlcktleS5tYXN0ZXJLZXkuaWQsIHVzZXJLZXkuc2lnUHhrLmlkKSxcclxuICAgIH0pO1xyXG4gIH1cclxuXHJcbiAgaGFzS2V5KGtleUlkOiBzdHJpbmcpIHtcclxuICAgIHJldHVybiAhIXRoaXMuZ3JhcGgubm9kZShrZXlJZCk7XHJcbiAgfVxyXG5cclxuICBwcml2YXRlIGdldE5vZGUoaWQsIHR5cGUpOiBHcmFwaEtleSB8IFBhc3NLZXkge1xyXG4gICAgY29uc3Qgbm9kZSA9IHRoaXMuZ3JhcGgubm9kZShpZCk7XHJcbiAgICBpZiAoIW5vZGUpIHtcclxuICAgICAgdGhyb3cgbmV3IExyTm90Rm91bmRFeGNlcHRpb24oXHJcbiAgICAgICAgYEtleSBncmFwaHMgZG9lcyBub3QgY29udGFpbiBrZXkgaWQ6ICR7aWR9YFxyXG4gICAgICApO1xyXG4gICAgfVxyXG4gICAgaWYgKG5vZGUudHlwZSAhPT0gdHlwZSkge1xyXG4gICAgICB0aHJvdyBuZXcgTHJFeGNlcHRpb24oe1xyXG4gICAgICAgIG1lc3NhZ2U6IGBLZXkgd2l0aCBpZCAke2lkfSBpcyBub3Qgb2YgdHlwZSAke3R5cGV9YCxcclxuICAgICAgfSk7XHJcbiAgICB9XHJcbiAgICByZXR1cm4gbm9kZS5kYXRhO1xyXG4gIH1cclxuXHJcbiAga2V5KGlkKTogR3JhcGhLZXkge1xyXG4gICAgcmV0dXJuIHRoaXMuZ2V0Tm9kZShpZCwgTm9kZVR5cGUuS2V5KTtcclxuICB9XHJcblxyXG4gIHBhc3NLZXkoaWQpOiBQYXNzS2V5IHtcclxuICAgIHJldHVybiB0aGlzLmdldE5vZGUoaWQsIE5vZGVUeXBlLlBhc3NLZXkpO1xyXG4gIH1cclxuXHJcbiAgYWRkS2V5cyhzcmM6IEtleUdyYXBoUmVzcG9uc2UpIHtcclxuICAgIC8vIEtleXNcclxuICAgIGlmIChzcmMua2V5cykge1xyXG4gICAgICAvLyBXaGF0IGtleSBncmFwaCByZXR1cm5zIGNhbiBub3QgYmUgY3VzdG9taXplZC4gU28ga2V5cyBhcmUgZXNzZW50aWFsbHkgaW1tdXRhYmxlLlxyXG4gICAgICAvLyBUaGVyZWZvcmUsIGlmIGEga2V5IGV4aXN0cywgdGhlcmUncyBubyByZWFzb24gdG8gdXBkYXRlIGl0LlxyXG4gICAgICBmb3IgKGNvbnN0IGtleSBvZiBzcmMua2V5cykge1xyXG4gICAgICAgIC8vIE5vdGUgdXNpbmcgUmVsYXkgZ2xvYmFsIGlkIGFsbG93cyB1cyB0byBub3Qgd29ycnkgYWJvdXQgY2xhc2hpbmcgbm9kZSBpZFxyXG4gICAgICAgIGlmICh0aGlzLmdyYXBoLmhhc05vZGUoa2V5LmlkKSkge1xyXG4gICAgICAgICAgY29udGludWU7XHJcbiAgICAgICAgfVxyXG5cclxuICAgICAgICBjb25zdCBub2RlOiBOb2RlID0ge1xyXG4gICAgICAgICAgdHlwZTogTm9kZVR5cGUuS2V5LFxyXG4gICAgICAgICAgZGF0YTogXy5jbG9uZURlZXAoa2V5KSxcclxuICAgICAgICB9O1xyXG5cclxuICAgICAgICB0aGlzLmdyYXBoLnNldE5vZGUoa2V5LmlkLCBub2RlKTtcclxuICAgICAgfVxyXG4gICAgfVxyXG5cclxuICAgIC8vIEtleUxpbmtzXHJcbiAgICBpZiAoc3JjLmtleUxpbmtzKSB7XHJcbiAgICAgIGZvciAoY29uc3Qga2V5TGluayBvZiBzcmMua2V5TGlua3MpIHtcclxuICAgICAgICBpZiAodGhpcy5ncmFwaC5oYXNFZGdlKGtleUxpbmsud3JhcHBpbmdLZXlJZCwga2V5TGluay5rZXlJZCkpIHtcclxuICAgICAgICAgIGNvbnRpbnVlO1xyXG4gICAgICAgIH1cclxuXHJcbiAgICAgICAgY29uc3QgZWRnZTogRWRnZSA9IHtcclxuICAgICAgICAgIHR5cGU6IEVkZ2VUeXBlLktleUxpbmssXHJcbiAgICAgICAgICBkYXRhOiBfLmNsb25lRGVlcChrZXlMaW5rKSxcclxuICAgICAgICB9O1xyXG4gICAgICAgIC8vIEVkZ2UgZ29lcyBmcm9tIHdyYXBwaW5nIGtleSB0byB3cmFwcGVkIGtleS5cclxuICAgICAgICB0aGlzLmdyYXBoLnNldEVkZ2Uoa2V5TGluay53cmFwcGluZ0tleUlkLCBrZXlMaW5rLmtleUlkLCBlZGdlKTtcclxuICAgICAgfVxyXG4gICAgfVxyXG5cclxuICAgIC8vIFBhc3NLZXlMaW5rc1xyXG4gICAgaWYgKHNyYy5wYXNzS2V5TGlua3MpIHtcclxuICAgICAgZm9yIChjb25zdCBwYXNzS2V5TGluayBvZiBzcmMucGFzc0tleUxpbmtzKSB7XHJcbiAgICAgICAgaWYgKHRoaXMuZ3JhcGguaGFzRWRnZShwYXNzS2V5TGluay5wYXNzS2V5SWQsIHBhc3NLZXlMaW5rLmtleUlkKSkge1xyXG4gICAgICAgICAgY29udGludWU7XHJcbiAgICAgICAgfVxyXG5cclxuICAgICAgICBjb25zdCBlZGdlOiBFZGdlID0ge1xyXG4gICAgICAgICAgdHlwZTogRWRnZVR5cGUuUGFzc0tleUxpbmssXHJcbiAgICAgICAgICBkYXRhOiBfLmNsb25lRGVlcChwYXNzS2V5TGluayksXHJcbiAgICAgICAgfTtcclxuICAgICAgICAvLyBFZGdlIGdvZXMgZnJvbSB3cmFwcGluZyBrZXkgdG8gd3JhcHBlZCBrZXkuXHJcbiAgICAgICAgdGhpcy5ncmFwaC5zZXRFZGdlKHBhc3NLZXlMaW5rLnBhc3NLZXlJZCwgcGFzc0tleUxpbmsua2V5SWQsIGVkZ2UpO1xyXG4gICAgICB9XHJcbiAgICB9XHJcblxyXG4gICAgLy8gVGhlIGdyYXBoIGlzIHRoZSBzaW5nbGUgc291cmNlIG9mIHRydXRoLiBUaGVzZSBhcmUgbGF6aWx5IGNhbGN1bGF0ZWQuXHJcbiAgICAvLyB0aGlzLmtleUNhY2hlID0gbnVsbDtcclxuICB9XHJcblxyXG4gIHRyYWNlUGF0aChkaXN0YW5jZXMsIGtleUlkOiBzdHJpbmcpOiBFZGdlW10ge1xyXG4gICAgLy8gVGhlIG5vZGUgbGFiZWwgaXMgdGhlIHNhbWUgYXMgdGhlIGlkIG9mIHRoZSBrZXkgbm9kZXMuXHJcbiAgICBjb25zdCByZXQ6IEVkZ2VbXSA9IFtdO1xyXG4gICAgbGV0IG5vZGUgPSBrZXlJZDtcclxuICAgIGlmICghZGlzdGFuY2VzW25vZGVdLnByZWRlY2Vzc29yKSB7XHJcbiAgICAgIHJldHVybiBudWxsO1xyXG4gICAgfVxyXG5cclxuICAgIHdoaWxlIChkaXN0YW5jZXNbbm9kZV0ucHJlZGVjZXNzb3IpIHtcclxuICAgICAgY29uc3QgY2hpbGQgPSBkaXN0YW5jZXNbbm9kZV0ucHJlZGVjZXNzb3I7XHJcbiAgICAgIHJldC5wdXNoKHRoaXMuZ3JhcGguZWRnZShjaGlsZCwgbm9kZSkpO1xyXG4gICAgICBub2RlID0gY2hpbGQ7XHJcbiAgICB9XHJcblxyXG4gICAgLy8gQWZ0ZXIgcmV2ZXJzZSwgdGhlIGZpcnN0IGVsZW1lbnQgaXMgdGhlIHBhc3NrZXlcclxuICAgIHJldC5yZXZlcnNlKCk7XHJcblxyXG4gICAgcmV0dXJuIHJldDtcclxuICB9XHJcblxyXG4gIGdldFBhdGgoa25vd25LZXlJZDogc3RyaW5nLCBrZXlJZDogc3RyaW5nKTogRWRnZVtdIHtcclxuICAgIGlmICgha25vd25LZXlJZCB8fCB0eXBlb2Yga25vd25LZXlJZCAhPT0gJ3N0cmluZycpIHtcclxuICAgICAgdGhyb3cgbmV3IExyRW5jcnlwdGlvbkV4Y2VwdGlvbihcclxuICAgICAgICBgUGFyYW0ga25vd25LZXlJZCB3cm9uZyBmb3JtYXQ6ICR7a25vd25LZXlJZH1gXHJcbiAgICAgICk7XHJcbiAgICB9XHJcbiAgICBpZiAoIWtleUlkIHx8IHR5cGVvZiBrZXlJZCAhPT0gJ3N0cmluZycpIHtcclxuICAgICAgdGhyb3cgbmV3IExyRW5jcnlwdGlvbkV4Y2VwdGlvbihgUGFyYW0ga2V5SWQgd3JvbmcgZm9ybWF0OiAke2tleUlkfWApO1xyXG4gICAgfVxyXG5cclxuICAgIC8vID0+IHsgQTogeyBkaXN0YW5jZTogMCB9LFxyXG4gICAgLy8gICAgICBCOiB7IGRpc3RhbmNlOiA2LCBwcmVkZWNlc3NvcjogJ0MnIH0sXHJcbiAgICAvLyAgICAgIEM6IHsgZGlzdGFuY2U6IDQsIHByZWRlY2Vzc29yOiAnQScgfSxcclxuICAgIC8vICAgICAgRDogeyBkaXN0YW5jZTogMiwgcHJlZGVjZXNzb3I6ICdBJyB9LFxyXG4gICAgLy8gICAgICBFOiB7IGRpc3RhbmNlOiA4LCBwcmVkZWNlc3NvcjogJ0YnIH0sXHJcbiAgICAvLyAgICAgIEY6IHsgZGlzdGFuY2U6IDQsIHByZWRlY2Vzc29yOiAnRCcgfSB9XHJcbiAgICBjb25zdCBkaXN0YW5jZXMgPSBncmFwaGxpYi5hbGcuZGlqa3N0cmEodGhpcy5ncmFwaCwga25vd25LZXlJZCk7XHJcblxyXG4gICAgLy8gVHJhY2UgcGF0aCBmcm9tIGtleUlkIHRvIGtub3duS2V5SWRcclxuICAgIHJldHVybiB0aGlzLnRyYWNlUGF0aChkaXN0YW5jZXMsIGtleUlkKTtcclxuICB9XHJcblxyXG4gIGFzeW5jIGdldEp3a0tleShcclxuICAgIGtleU9ySWQ6IHN0cmluZyB8IEtleSxcclxuICAgIGdldEtleUlkQ2FsbGJhY2s/OiAoKSA9PiBQcm9taXNlPHN0cmluZz4gfCBzdHJpbmdcclxuICApOiBQcm9taXNlPEpXSy5LZXk+IHtcclxuICAgIHJldHVybiAoYXdhaXQgdGhpcy5nZXRLZXkoa2V5T3JJZCwgZ2V0S2V5SWRDYWxsYmFjaykpLmp3aztcclxuICB9XHJcblxyXG4gIC8vIFdlIGFzc3VtZSB0aGF0IHdoZW4gYSBrZXlJZCBpcyBmZXRjaGVkLCB0aGUga2V5IGdyYXBoXHJcbiAgLy8gZm9yIHRoZSBrZXkgaXMgYWxzbyByZXR1cm5lZCBhbmQgbWVyZ2VkIGludG8gdGhlIGNsaWVudC1zaWRlXHJcbiAgLy8ga2V5IGdyYXBoLiBCeSBpbnNpc3RpbmcgYSBrZXlJZCBpcyByZXR1cm5lZCBpbnN0ZWFkIG9mIHRoZVxyXG4gIC8vIGFjdHVhbCBrZXkgd2UgZW5zdXJlIGtleS1ncmFwaCBpcyBjb25zaXN0ZW50LlxyXG4gIGFzeW5jIGdldEtleShcclxuICAgIGtleU9ySWQ6IHN0cmluZyB8IEtleSxcclxuICAgIGdldEtleUlkQ2FsbGJhY2s/OiAoKSA9PiBQcm9taXNlPHN0cmluZz4gfCBzdHJpbmdcclxuICApOiBQcm9taXNlPEtleT4ge1xyXG4gICAgbGV0IGtleUlkID0gdHlwZW9mIGtleU9ySWQgPT09ICdzdHJpbmcnID8ga2V5T3JJZCA6IGtleU9ySWQ/LmlkO1xyXG5cclxuICAgIGlmICghdGhpcy5oYXNLZXkoa2V5SWQpICYmIGdldEtleUlkQ2FsbGJhY2spIHtcclxuICAgICAga2V5SWQgPSBhd2FpdCBnZXRLZXlJZENhbGxiYWNrKCk7XHJcbiAgICB9XHJcbiAgICAvLyBlbHNlLCBjb250aW51ZSBhbmQgbGV0IGl0IGZhaWwuXHJcblxyXG4gICAgY29uc3Qga2V5ID0gdGhpcy5rZXkoa2V5SWQpO1xyXG4gICAgaWYgKGtleS5qd2spIHtcclxuICAgICAgcmV0dXJuIGtleTtcclxuICAgIH0gZWxzZSB7XHJcbiAgICAgIHJldHVybiB0aGlzLnVud3JhcEtleSh0aGlzLmtleVNlcnZpY2UuZ2V0Q3VycmVudE1hc3RlcktleSgpLmlkLCBrZXlJZCk7XHJcbiAgICB9XHJcbiAgfVxyXG5cclxuICBwcml2YXRlIGFzeW5jIF91bndyYXBMaW5rKHdyYXBwaW5nS2V5LCBsaW5rLCBkc3RLZXkpIHtcclxuICAgIC8vIGNvbnNvbGUubG9nKFwiX3Vud3JhcExpbms6XCIsIGxpbmsuZGF0YS5rZXlJZCk7XHJcbiAgICBjb25zdCB3cmFwcGVkS2V5ID0gSlNPTi5wYXJzZShsaW5rLmRhdGEud3JhcHBlZEtleSk7XHJcbiAgICAvLyBTaWduYXR1cmVzIG9mIGtleXMgY29udGFpbiB0aGUga2V5IGl0c2VsZi4gVGhpcyB3YXkgd2Ugb25seSBuZWVkXHJcbiAgICAvLyB0byBhY2Nlc3MgdGhlIEtleUxpbmtzIHRvIGRlY3J5cHQvdmVyaWZ5IGtleXMuXHJcbiAgICBsZXQgbmV4dFJhd0tleTtcclxuICAgIGlmICh3cmFwcGVkS2V5LnNpZ25hdHVyZXMpIHtcclxuICAgICAgbmV4dFJhd0tleSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UudmVyaWZ5KHdyYXBwaW5nS2V5LCB3cmFwcGVkS2V5KTtcclxuICAgIH0gZWxzZSB7XHJcbiAgICAgIG5leHRSYXdLZXkgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoXHJcbiAgICAgICAgd3JhcHBpbmdLZXksXHJcbiAgICAgICAgd3JhcHBlZEtleVxyXG4gICAgICApO1xyXG4gICAgfVxyXG4gICAgZHN0S2V5Lmp3ayA9IGF3YWl0IEtGUy5hc0tleShuZXh0UmF3S2V5KTtcclxuICAgIGRzdEtleS50YXNrID0gbnVsbDtcclxuICB9XHJcblxyXG4gIHByaXZhdGUgYXN5bmMgX3Vud3JhcChrZXk6IEpXSy5LZXksIHBhdGg6IEVkZ2VbXSk6IFByb21pc2U8SldLLktleT4ge1xyXG4gICAgZm9yIChjb25zdCBsaW5rIG9mIHBhdGgpIHtcclxuICAgICAgY29uc3QgZHN0S2V5ID0gdGhpcy5rZXkobGluay5kYXRhLmtleUlkKTtcclxuICAgICAgLy8gY29uc29sZS5sb2coXCJrZXk6IFwiLCBsaW5rLmRhdGEua2V5SWQpO1xyXG4gICAgICBpZiAoZHN0S2V5Lmp3aykge1xyXG4gICAgICAgIGtleSA9IGRzdEtleS5qd2s7XHJcbiAgICAgICAgLy8gY29uc29sZS5sb2coXCJSZXR1cm5pbmcgY2FjaGVkIGtleTogXCIsIGxpbmsuZGF0YS5rZXlJZCk7XHJcbiAgICAgICAgY29udGludWU7XHJcbiAgICAgIH1cclxuXHJcbiAgICAgIGlmICghZHN0S2V5LnRhc2spIHtcclxuICAgICAgICBkc3RLZXkudGFzayA9IHRoaXMuX3Vud3JhcExpbmsoa2V5LCBsaW5rLCBkc3RLZXkpO1xyXG4gICAgICB9XHJcblxyXG4gICAgICBhd2FpdCBkc3RLZXkudGFzaztcclxuICAgICAga2V5ID0gZHN0S2V5Lmp3aztcclxuICAgIH1cclxuXHJcbiAgICByZXR1cm4ga2V5O1xyXG4gIH1cclxuXHJcbiAgcHVibGljIGFzeW5jIHVud3JhcFdpdGhQYXNzS2V5KFxyXG4gICAgcGFzc0tleUlkOiBzdHJpbmcsXHJcbiAgICBwYXNzS2V5OiBKV0suS2V5LFxyXG4gICAga2V5SWQ6IHN0cmluZ1xyXG4gICk6IFByb21pc2U8S2V5PiB7XHJcbiAgICAvLyBHZXQgcGF0aCBvZiB0aGUgZGlyZWN0b3J5IGtleS5cclxuICAgIGNvbnN0IHBhdGggPSB0aGlzLmdldFBhdGgocGFzc0tleUlkLCBrZXlJZCk7XHJcblxyXG4gICAgcmV0dXJuIHtcclxuICAgICAgaWQ6IGtleUlkLFxyXG4gICAgICBqd2s6IGF3YWl0IHRoaXMuX3Vud3JhcChwYXNzS2V5LCBwYXRoKSxcclxuICAgIH07XHJcbiAgfVxyXG5cclxuICBhc3luYyB1bndyYXBLZXkobWFzdGVyS2V5SWQ6IHN0cmluZywga2V5SWQ6IHN0cmluZyk6IFByb21pc2U8S2V5PiB7XHJcbiAgICAvLyBUaGUgZmlyc3Qga2V5IHNob3VsZCBiZSBhIG1hc3RlcktleVxyXG4gICAgY29uc3QgbWFzdGVyS2V5ID0gYXdhaXQgdGhpcy5rZXlTZXJ2aWNlLmxvYWRNYXN0ZXJLZXkobWFzdGVyS2V5SWQpO1xyXG5cclxuICAgIGlmIChtYXN0ZXJLZXlJZCA9PT0ga2V5SWQpIHtcclxuICAgICAgcmV0dXJuIG1hc3RlcktleTtcclxuICAgIH1cclxuXHJcbiAgICAvLyBHZXQgcGF0aCBvZiB0aGUgZGlyZWN0b3J5IGtleS5cclxuICAgIGNvbnN0IHBhdGggPSB0aGlzLmdldFBhdGgobWFzdGVyS2V5LmlkLCBrZXlJZCk7XHJcblxyXG4gICAgcmV0dXJuIHtcclxuICAgICAgaWQ6IGtleUlkLFxyXG4gICAgICBqd2s6IGF3YWl0IHRoaXMuX3Vud3JhcChtYXN0ZXJLZXkuandrLCBwYXRoKSxcclxuICAgIH07XHJcbiAgfVxyXG5cclxuICBhc3luYyBkZWNyeXB0RnJvbVN0cmluZzxUPihcclxuICAgIGtleU9ySWQ6IHN0cmluZyB8IEtleSxcclxuICAgIGNpcGhlckRhdGE6IHN0cmluZyxcclxuICAgIG9wdGlvbnM/OiBEZWNyeXB0T3B0aW9uc1xyXG4gICk6IFByb21pc2U8VD4ge1xyXG4gICAgaWYgKGNpcGhlckRhdGEpIHtcclxuICAgICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5nZXRKd2tLZXkoa2V5T3JJZCk7XHJcbiAgICAgIHJldHVybiAoYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxyXG4gICAgICAgIGtleSxcclxuICAgICAgICBKU09OLnBhcnNlKGNpcGhlckRhdGEpLFxyXG4gICAgICAgIG9wdGlvbnNcclxuICAgICAgKSkgYXMgYW55O1xyXG4gICAgfVxyXG4gICAgcmV0dXJuIG51bGw7XHJcbiAgfVxyXG5cclxuICBhc3luYyBkZWNyeXB0RmlsZShrZXlJZDogc3RyaW5nLCBmaWxlOiBhbnkpOiBQcm9taXNlPGFueT4ge1xyXG4gICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5nZXRKd2tLZXkoa2V5SWQpO1xyXG4gICAgcmV0dXJuIChhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoa2V5LCBmaWxlLCB7XHJcbiAgICAgIHBheWxvYWRUeXBlOiAnQXJyYXlCdWZmZXInLFxyXG4gICAgfSkpIGFzIGFueTtcclxuICB9XHJcblxyXG4gIC8vIFRPRE8gcmVuYW1lIHRoaXMgdG8gZW5jcnlwdCgpIGFuZCB1c2UgYXMgdGhlIG1vc3QgY29tbW9uIHVzZWNhc2VcclxuICBhc3luYyBlbmNyeXB0VG9TdHJpbmcoXHJcbiAgICBrZXk6IHN0cmluZyB8IEtleSB8IEpXSy5LZXksXHJcbiAgICBjb250ZW50OiBhbnlcclxuICApOiBQcm9taXNlPHN0cmluZz4ge1xyXG4gICAgLy8gRW1wdHkgc3RyaW5nIHNob3VsZCBiZSBlbmNyeXB0ZWQgc2luY2UgeW91IHdhbnQgdG8gY2xlYXIgdGhlIGZpZWxkLlxyXG4gICAgLy8gTnVsbCBpcyBub3QgZW5jcnlwdGVkIGJlY2F1c2UgaXQncyBub3QgdmFsaWQgSlNPTiBpbiB0aGUgb2xkIEpTT04gc3BlYy4gVXNlXHJcbiAgICAvLyBlbXB0eSBzdHJpbmcgaW5zdGVhZC4gSXQnbGwgZnVuY3Rpb24gYXMgYSBsb2dpYyBmYWxzZSBhcyB3ZWxsLlxyXG4gICAgLy8gTm90ZSB0aGF0IHBhc3NpbmcgaW4gZW1wdHkgc3RyaW5nIG1lYW5zIGl0J2xsIGJlIGVuY3J5cHRlZCB3aGljaCB2ZXJpZmllc1xyXG4gICAgLy8gaXQncyBpbnRlZ3JpdHkuIEJ1dCB3ZSBzdGlsbCB3YW50IHRvIGhhdmUgYSB3YXkgdG8gc2V0IHRoZSBEQiBmaWVsZFxyXG4gICAgLy8gdG8gTlVMTCwgc28gd2UgZXhwbGljaXRseSByZXR1cm4gbnVsbCB3aGVuIGNvbnRlbnQgPT0gbnVsbC4gQSBudWxsXHJcbiAgICAvLyB2YXJpYWJsZSBpbiBncmFwaHFsIG11dGF0aW9uIG9uIEtDIHNlcnZlciBjbGVhcnMgdGhlIGZpZWxkIHRvIE5VTEwuXHJcbiAgICBpZiAoY29udGVudCA9PSBudWxsKSB7XHJcbiAgICAgIHJldHVybiBudWxsO1xyXG4gICAgfVxyXG5cclxuICAgIGNvbnN0IGp3ayA9IGFzSndrKGtleSkgfHwgKGF3YWl0IHRoaXMuZ2V0SndrS2V5KGtleSBhcyBzdHJpbmcgfCBLZXkpKTtcclxuICAgIHJldHVybiB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHRUb1N0cmluZyhqd2ssIGNvbnRlbnQpO1xyXG4gIH1cclxuXHJcbiAgLy8gV3JhcHMgYSBzeW1tZXRyaWMgZW5jcnlwdGlvbiBrZXkuXHJcbiAgLy8gVGhyb3dzIGV4Y2VwdGlvbiBpZiB3cmFwcGluZyBwdWJsaWMga2V5cy5cclxuICBhc3luYyB3cmFwS2V5PFQ+KFxyXG4gICAgd3JhcHBpbmdLZXk6IHN0cmluZyB8IEtleSB8IEpXSy5LZXksXHJcbiAgICBrZXk6IEpXSy5LZXlcclxuICApOiBQcm9taXNlPHN0cmluZz4ge1xyXG4gICAgaWYgKCFpc1N5bW1ldHJpY0tleShrZXkpKSB7XHJcbiAgICAgIHRocm93IG5ldyBMckJhZEFyZ3VtZW50RXhjZXB0aW9uKFxyXG4gICAgICAgICdPbmx5IGFsbG93aW5nIHdyYXBwaW5nIG9mIHN5bW1ldHJpYyBrZXlzLidcclxuICAgICAgKTtcclxuICAgIH1cclxuXHJcbiAgICByZXR1cm4gdGhpcy5lbmNyeXB0VG9TdHJpbmcod3JhcHBpbmdLZXksIGtleS50b0pTT04odHJ1ZSkpO1xyXG4gIH1cclxuXHJcbiAgLy8gVE9ET1xyXG4gIC8vIGFzeW5jIHdyYXBQdWJsaWNLZXk8VD4oKTtcclxuICAvLyBhc3luYyB3cmFwUHJpdmF0ZUtleTxUPigpO1xyXG59XHJcbiJdfQ==