@lifeready/core 1.0.21 → 1.0.23

package/esm2015/lib/key/key-factory.service.js

@@ -0,0 +1,237 @@
+import { __awaiter } from "tslib";
+import { Injectable } from '@angular/core';
+import { JWK } from 'node-jose';
+import { WebCryptoService } from '../web-crypto/web-crypto.service';
+import { LrBadArgumentException, LrSuspiciousException, } from '../_common/exceptions';
+import * as i0 from "@angular/core";
+import * as i1 from "../web-crypto/web-crypto.service";
+export function sha256(message) {
+    return __awaiter(this, void 0, void 0, function* () {
+        // encode as UTF-8
+        const msgBuffer = new TextEncoder().encode(message);
+        // hash the message
+        const hashBuffer = yield crypto.subtle.digest('SHA-256', msgBuffer);
+        // convert ArrayBuffer to Array
+        const hashArray = Array.from(new Uint8Array(hashBuffer));
+        // convert bytes to hex string
+        const hashHex = hashArray
+            .map((b) => ('00' + b.toString(16)).slice(-2))
+            .join('');
+        return hashHex;
+    });
+}
+export class KeyFactoryService {
+    constructor(webCryptoService) {
+        this.webCryptoService = webCryptoService;
+        // Global keys store. Otherwise, each call to asKey creates a new keyStore.
+        // <AZ> Did not seem to improve speed.
+        // public static keyStore = JWK.createKeyStore();
+        // AZ: This can't be change easily. It's basically a PassK or PassIdp rotation.
+        // todo: we should eventually increase this periodically to match with Moore's law.
+        // The iterations for each key are kept by the server as well but we assume the value
+        // from the server is not trustworthy, so need to have minimum thresholds here.
+        // If creating new keys, these minimum are used.
+        this.MIN_PASS_IDP_PBKDF_ITER = 100000;
+        this.MIN_PASS_KEY_PBKDF_ITER = 100000;
+        this.MIN_LBOP_KEY_PBKDF_ITER = 100000;
+        // These are used as the default values. They must be larger than the minimum values.
+        this.DEFAULT_PASS_IDP_PBKDF_ITER = this.MIN_PASS_IDP_PBKDF_ITER;
+        this.DEFAULT_PASS_KEY_PBKDF_ITER = this.MIN_PASS_KEY_PBKDF_ITER;
+        this.DEFAULT_LBOP_KEY_PBKDF_ITER = this.MIN_LBOP_KEY_PBKDF_ITER;
+        this.crypto = this.webCryptoService.crypto;
+    }
+    static asKey(key, form, extras) {
+        // <AZ> Using a single global key store did not seem to improve speed.
+        // return KeyFactoryService.keyStore.add(key, form, extras);
+        return JWK.asKey(key, form, extras);
+    }
+    randomString(digits) {
+        if (digits <= 0) {
+            throw new LrBadArgumentException('digits <= 0');
+        }
+        const validChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+        let array = new Uint32Array(digits);
+        this.crypto.getRandomValues(array);
+        array = array.map((x) => validChars.charCodeAt(x % validChars.length));
+        return String.fromCharCode.apply(null, array);
+    }
+    randomDigitsNoZeros(digits) {
+        return this.randomChoices([1, 2, 3, 4, 5, 6, 7, 8, 9], digits).join('');
+    }
+    randomChoices(array, chooseN) {
+        if (array.length <= 1) {
+            throw new LrBadArgumentException('array.length <= 0');
+        }
+        if (chooseN <= 0) {
+            throw new LrBadArgumentException('chooseN <= 0');
+        }
+        const values = new Uint32Array(chooseN);
+        this.crypto.getRandomValues(values);
+        const ret = [];
+        values.forEach((v) => ret.push(array[v % array.length]));
+        return ret;
+    }
+    createSalt() {
+        return this.randomString(16);
+    }
+    createKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.crypto.subtle.generateKey({
+                name: 'AES-GCM',
+                length: 256,
+            }, true, // whether the key is extractable (i.e. can be used in exportKey)
+            ['encrypt', 'decrypt'] // must be ["encrypt", "decrypt"] or ["wrapKey", "unwrapKey"]
+            );
+            const jwk = yield this.crypto.subtle.exportKey('jwk', key);
+            // Removing the fields not needed by node-jose
+            delete jwk.ext;
+            delete jwk.key_ops;
+            return KeyFactoryService.asKey(jwk);
+        });
+    }
+    createSignKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.crypto.subtle.generateKey({
+                name: 'HMAC',
+                hash: { name: 'SHA-512' },
+            }, true, ['sign', 'verify']);
+            const jwk = yield this.crypto.subtle.exportKey('jwk', key);
+            // Removing the fields not needed by node-jose
+            delete jwk.key_ops;
+            delete jwk.ext;
+            return KeyFactoryService.asKey(jwk);
+        });
+    }
+    createPkcKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            // node-jose is not using Forge properly. It should be calling the async version of
+            // pki.rsa.generateKeyPair() with a callback. Instead it calls the sync version. Webcrypto
+            // does not support sync version, so it uses the javascript implementation, which is way too slow.
+            // So we generate using webcrypto and import the key.
+            // Unfortunately Elliptical Curve is not supported by Webcrypto. So we have to settle for RSA.
+            const key = yield this.crypto.subtle.generateKey({
+                name: 'RSA-OAEP',
+                modulusLength: 2048,
+                // As per suggestion: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams
+                publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+                hash: { name: 'SHA-256' },
+            }, true, // whether the key is extractable (i.e. can be used in exportKey)
+            ['encrypt', 'decrypt'] // must be ["encrypt", "decrypt"] or ["wrapKey", "unwrapKey"]
+            );
+            const jwk = yield this.crypto.subtle.exportKey('jwk', key.privateKey);
+            // Removing the fields not needed by node-jose
+            delete jwk.key_ops;
+            delete jwk.ext;
+            return KeyFactoryService.asKey(jwk);
+        });
+    }
+    createPkcSignKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.crypto.subtle.generateKey({
+                name: 'RSASSA-PKCS1-v1_5',
+                modulusLength: 2048,
+                // As per suggestion: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams
+                publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+                hash: { name: 'SHA-256' },
+            }, true, // whether the key is extractable (i.e. can be used in exportKey)
+            ['sign', 'verify'] // can be any combination of "sign" and "verify"
+            );
+            const jwk = yield this.crypto.subtle.exportKey('jwk', key.privateKey);
+            // Removing the fields not needed by node-jose
+            delete jwk.key_ops;
+            delete jwk.ext;
+            return KeyFactoryService.asKey(jwk);
+        });
+    }
+    deriveKey({ password, salt, iterations, kid, }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const enc = new TextEncoder();
+            const rawKey = yield this.crypto.subtle.importKey('raw', enc.encode(password), 'PBKDF2', false, ['deriveBits', 'deriveKey']);
+            const passKey = yield crypto.subtle.deriveKey({
+                name: 'PBKDF2',
+                salt: new TextEncoder().encode(salt),
+                iterations,
+                hash: 'SHA-256',
+            }, rawKey, { name: 'AES-GCM', length: 256 }, true, ['encrypt', 'decrypt']);
+            const passKeyJson = yield crypto.subtle.exportKey('jwk', passKey);
+            if (kid) {
+                passKeyJson.kid = kid;
+            }
+            const jwk = yield KeyFactoryService.asKey(passKeyJson);
+            return { jwk };
+        });
+    }
+    derivePassIdp(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (params.iterations < this.MIN_PASS_IDP_PBKDF_ITER) {
+                throw new LrSuspiciousException(`The number of PassIdp key derivation iterations sent from the server (${params.iterations}) is lower than the minimum (${this.MIN_PASS_IDP_PBKDF_ITER})`);
+            }
+            return this.deriveKey(params);
+        });
+    }
+    derivePassKey(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (params.iterations < this.MIN_PASS_KEY_PBKDF_ITER) {
+                throw new LrSuspiciousException(`The number of PassKey key derivation iterations sent from the server(${params.iterations}) is lower than the minimum(${this.MIN_PASS_KEY_PBKDF_ITER})`);
+            }
+            return this.deriveKey(params);
+        });
+    }
+    deriveLbopKey(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (params.iterations < this.MIN_LBOP_KEY_PBKDF_ITER) {
+                throw new LrSuspiciousException(`The number of LbopKey key derivation iterations sent from the server(${params.iterations}) is lower than the minimum(${this.MIN_LBOP_KEY_PBKDF_ITER})`);
+            }
+            return this.deriveKey(params);
+        });
+    }
+    createKid() {
+        return __awaiter(this, void 0, void 0, function* () {
+            // todo: AZ: node-jose source uses node's default UUID() function for kid, so just change to use that.
+            // for now, we are just creating a new key to use it's kid.
+            // The kid is a part of the JWK system. LR backend maintains the key hierarchy separately with it's own
+            // key id. But we just use it here as a double check.
+            return (yield this.createKey()).kid;
+        });
+    }
+    createPassIdpParams() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return {
+                salt: this.createSalt(),
+                iterations: this.DEFAULT_PASS_IDP_PBKDF_ITER,
+            };
+        });
+    }
+    createPassKeyParams() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return {
+                salt: this.createSalt(),
+                kid: yield this.createKid(),
+                iterations: this.DEFAULT_PASS_KEY_PBKDF_ITER,
+            };
+        });
+    }
+    createLbopKeyParams() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return {
+                salt: this.createSalt(),
+                // todo: AZ: node-jose source uses node's default UUID() function for kid, so just change to use that.
+                // for now, we are just creating a new key to use it's kid.
+                // The kid is a part of the JWK system. LR backend maintains the key hierarchy separately with it's own
+                // key id. But we just use it here as a double check.
+                kid: yield this.createKid(),
+                iterations: this.DEFAULT_PASS_KEY_PBKDF_ITER,
+            };
+        });
+    }
+}
+KeyFactoryService.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyFactoryService_Factory() { return new KeyFactoryService(i0.ɵɵinject(i1.WebCryptoService)); }, token: KeyFactoryService, providedIn: "root" });
+KeyFactoryService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+KeyFactoryService.ctorParameters = () => [
+    { type: WebCryptoService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LWZhY3Rvcnkuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uLy4uL3Byb2plY3RzL2NvcmUvc3JjL2xpYi9rZXkva2V5LWZhY3Rvcnkuc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUMzQyxPQUFPLEVBQUUsR0FBRyxFQUFFLE1BQU0sV0FBVyxDQUFDO0FBRWhDLE9BQU8sRUFBRSxnQkFBZ0IsRUFBRSxNQUFNLGtDQUFrQyxDQUFDO0FBQ3BFLE9BQU8sRUFDTCxzQkFBc0IsRUFDdEIscUJBQXFCLEdBQ3RCLE1BQU0sdUJBQXVCLENBQUM7OztBQVcvQixNQUFNLFVBQWdCLE1BQU0sQ0FBQyxPQUFPOztRQUNsQyxrQkFBa0I7UUFDbEIsTUFBTSxTQUFTLEdBQUcsSUFBSSxXQUFXLEVBQUUsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7UUFFcEQsbUJBQW1CO1FBQ25CLE1BQU0sVUFBVSxHQUFHLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBRXBFLCtCQUErQjtRQUMvQixNQUFNLFNBQVMsR0FBRyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksVUFBVSxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUM7UUFFekQsOEJBQThCO1FBQzlCLE1BQU0sT0FBTyxHQUFHLFNBQVM7YUFDdEIsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLElBQUksR0FBRyxDQUFDLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7YUFDN0MsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ1osT0FBTyxPQUFPLENBQUM7SUFDakIsQ0FBQztDQUFBO0FBS0QsTUFBTSxPQUFPLGlCQUFpQjtJQUM1QixZQUFvQixnQkFBa0M7UUFBbEMscUJBQWdCLEdBQWhCLGdCQUFnQixDQUFrQjtRQUl0RCwyRUFBMkU7UUFDM0Usc0NBQXNDO1FBQ3RDLGlEQUFpRDtRQUVqRCwrRUFBK0U7UUFDL0UsbUZBQW1GO1FBQ25GLHFGQUFxRjtRQUNyRiwrRUFBK0U7UUFDL0UsZ0RBQWdEO1FBQ2hDLDRCQUF1QixHQUFHLE1BQU0sQ0FBQztRQUNqQyw0QkFBdUIsR0FBRyxNQUFNLENBQUM7UUFDakMsNEJBQXVCLEdBQUcsTUFBTSxDQUFDO1FBRWpELHFGQUFxRjtRQUNyRSxnQ0FBMkIsR0FBRyxJQUFJLENBQUMsdUJBQXVCLENBQUM7UUFDM0QsZ0NBQTJCLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixDQUFDO1FBQzNELGdDQUEyQixHQUFHLElBQUksQ0FBQyx1QkFBdUIsQ0FBQztRQW5CekUsSUFBSSxDQUFDLE1BQU0sR0FBRyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsTUFBTSxDQUFDO0lBQzdDLENBQUM7SUFvQkQsTUFBTSxDQUFDLEtBQUssQ0FDVixHQUE4RCxFQUM5RCxJQVFTLEVBQ1QsTUFBZ0M7UUFFaEMsc0VBQXNFO1FBQ3RFLDREQUE0RDtRQUM1RCxPQUFPLEdBQUcsQ0FBQyxLQUFLLENBQUMsR0FBRyxFQUFFLElBQUksRUFBRSxNQUFNLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBRUQsWUFBWSxDQUFDLE1BQWM7UUFDekIsSUFBSSxNQUFNLElBQUksQ0FBQyxFQUFFO1lBQ2YsTUFBTSxJQUFJLHNCQUFzQixDQUFDLGFBQWEsQ0FBQyxDQUFDO1NBQ2pEO1FBQ0QsTUFBTSxVQUFVLEdBQ2QsZ0VBQWdFLENBQUM7UUFDbkUsSUFBSSxLQUFLLEdBQUcsSUFBSSxXQUFXLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDcEMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxlQUFlLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDbkMsS0FBSyxHQUFHLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUMsQ0FBQyxHQUFHLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO1FBQ3ZFLE9BQU8sTUFBTSxDQUFDLFlBQVksQ0FBQyxLQUFLLENBQUMsSUFBSSxFQUFFLEtBQUssQ0FBQyxDQUFDO0lBQ2hELENBQUM7SUFFRCxtQkFBbUIsQ0FBQyxNQUFjO1FBQ2hDLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxDQUFDLEVBQUUsTUFBTSxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQzFFLENBQUM7SUFFRCxhQUFhLENBQUksS0FBVSxFQUFFLE9BQWU7UUFDMUMsSUFBSSxLQUFLLENBQUMsTUFBTSxJQUFJLENBQUMsRUFBRTtZQUNyQixNQUFNLElBQUksc0JBQXNCLENBQUMsbUJBQW1CLENBQUMsQ0FBQztTQUN2RDtRQUNELElBQUksT0FBTyxJQUFJLENBQUMsRUFBRTtZQUNoQixNQUFNLElBQUksc0JBQXNCLENBQUMsY0FBYyxDQUFDLENBQUM7U0FDbEQ7UUFDRCxNQUFNLE1BQU0sR0FBRyxJQUFJLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN4QyxJQUFJLENBQUMsTUFBTSxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNwQyxNQUFNLEdBQUcsR0FBUSxFQUFFLENBQUM7UUFDcEIsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxHQUFHLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDekQsT0FBTyxHQUFHLENBQUM7SUFDYixDQUFDO0lBRUQsVUFBVTtRQUNSLE9BQU8sSUFBSSxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUssU0FBUzs7WUFDYixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FDOUM7Z0JBQ0UsSUFBSSxFQUFFLFNBQVM7Z0JBQ2YsTUFBTSxFQUFFLEdBQUc7YUFDWixFQUNELElBQUksRUFBRSxpRUFBaUU7WUFDdkUsQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDLENBQUMsNkRBQTZEO2FBQ3JGLENBQUM7WUFFRixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsR0FBRyxDQUFDLENBQUM7WUFFM0QsOENBQThDO1lBQzlDLE9BQU8sR0FBRyxDQUFDLEdBQUcsQ0FBQztZQUNmLE9BQU8sR0FBRyxDQUFDLE9BQU8sQ0FBQztZQUVuQixPQUFPLGlCQUFpQixDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUN0QyxDQUFDO0tBQUE7SUFFSyxhQUFhOztZQUNqQixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FDOUM7Z0JBQ0UsSUFBSSxFQUFFLE1BQU07Z0JBQ1osSUFBSSxFQUFFLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRTthQUMxQixFQUNELElBQUksRUFDSixDQUFDLE1BQU0sRUFBRSxRQUFRLENBQUMsQ0FDbkIsQ0FBQztZQUVGLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxHQUFHLENBQUMsQ0FBQztZQUUzRCw4Q0FBOEM7WUFDOUMsT0FBTyxHQUFHLENBQUMsT0FBTyxDQUFDO1lBQ25CLE9BQU8sR0FBRyxDQUFDLEdBQUcsQ0FBQztZQUVmLE9BQU8saUJBQWlCLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ3RDLENBQUM7S0FBQTtJQUVLLFlBQVk7O1lBQ2hCLG1GQUFtRjtZQUNuRiwwRkFBMEY7WUFDMUYsa0dBQWtHO1lBQ2xHLHFEQUFxRDtZQUNyRCw4RkFBOEY7WUFDOUYsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQzlDO2dCQUNFLElBQUksRUFBRSxVQUFVO2dCQUNoQixhQUFhLEVBQUUsSUFBSTtnQkFDbkIsNEZBQTRGO2dCQUM1RixjQUFjLEVBQUUsSUFBSSxVQUFVLENBQUMsQ0FBQyxJQUFJLEVBQUUsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO2dCQUNsRCxJQUFJLEVBQUUsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFO2FBQzFCLEVBQ0QsSUFBSSxFQUFFLGlFQUFpRTtZQUN2RSxDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUMsQ0FBQyw2REFBNkQ7YUFDckYsQ0FBQztZQUVGLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxHQUFHLENBQUMsVUFBVSxDQUFDLENBQUM7WUFDdEUsOENBQThDO1lBQzlDLE9BQU8sR0FBRyxDQUFDLE9BQU8sQ0FBQztZQUNuQixPQUFPLEdBQUcsQ0FBQyxHQUFHLENBQUM7WUFFZixPQUFPLGlCQUFpQixDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUN0QyxDQUFDO0tBQUE7SUFFSyxnQkFBZ0I7O1lBQ3BCLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUM5QztnQkFDRSxJQUFJLEVBQUUsbUJBQW1CO2dCQUN6QixhQUFhLEVBQUUsSUFBSTtnQkFDbkIsNEZBQTRGO2dCQUM1RixjQUFjLEVBQUUsSUFBSSxVQUFVLENBQUMsQ0FBQyxJQUFJLEVBQUUsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO2dCQUNsRCxJQUFJLEVBQUUsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFO2FBQzFCLEVBQ0QsSUFBSSxFQUFFLGlFQUFpRTtZQUN2RSxDQUFDLE1BQU0sRUFBRSxRQUFRLENBQUMsQ0FBQyxnREFBZ0Q7YUFDcEUsQ0FBQztZQUVGLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxHQUFHLENBQUMsVUFBVSxDQUFDLENBQUM7WUFFdEUsOENBQThDO1lBQzlDLE9BQU8sR0FBRyxDQUFDLE9BQU8sQ0FBQztZQUNuQixPQUFPLEdBQUcsQ0FBQyxHQUFHLENBQUM7WUFFZixPQUFPLGlCQUFpQixDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUN0QyxDQUFDO0tBQUE7SUFFSyxTQUFTLENBQUMsRUFDZCxRQUFRLEVBQ1IsSUFBSSxFQUNKLFVBQVUsRUFDVixHQUFHLEdBTUo7O1lBQ0MsTUFBTSxHQUFHLEdBQUcsSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUM5QixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FDL0MsS0FBSyxFQUNMLEdBQUcsQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLEVBQ3BCLFFBQVEsRUFDUixLQUFLLEVBQ0wsQ0FBQyxZQUFZLEVBQUUsV0FBVyxDQUFDLENBQzVCLENBQUM7WUFFRixNQUFNLE9BQU8sR0FBRyxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUMzQztnQkFDRSxJQUFJLEVBQUUsUUFBUTtnQkFDZCxJQUFJLEVBQUUsSUFBSSxXQUFXLEVBQUUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDO2dCQUNwQyxVQUFVO2dCQUNWLElBQUksRUFBRSxTQUFTO2FBQ2hCLEVBQ0QsTUFBTSxFQUNOLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxNQUFNLEVBQUUsR0FBRyxFQUFFLEVBQ2hDLElBQUksRUFDSixDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUMsQ0FDdkIsQ0FBQztZQUVGLE1BQU0sV0FBVyxHQUFlLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQzNELEtBQUssRUFDTCxPQUFPLENBQ1IsQ0FBQztZQUNGLElBQUksR0FBRyxFQUFFO2dCQUNQLFdBQVcsQ0FBQyxHQUFHLEdBQUcsR0FBRyxDQUFDO2FBQ3ZCO1lBRUQsTUFBTSxHQUFHLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLENBQUM7WUFFdkQsT0FBTyxFQUFFLEdBQUcsRUFBRSxDQUFDO1FBQ2pCLENBQUM7S0FBQTtJQUVLLGFBQWEsQ0FBQyxNQUEyQjs7WUFDN0MsSUFBSSxNQUFNLENBQUMsVUFBVSxHQUFHLElBQUksQ0FBQyx1QkFBdUIsRUFBRTtnQkFDcEQsTUFBTSxJQUFJLHFCQUFxQixDQUM3Qix5RUFBeUUsTUFBTSxDQUFDLFVBQVUsZ0NBQWdDLElBQUksQ0FBQyx1QkFBdUIsR0FBRyxDQUMxSixDQUFDO2FBQ0g7WUFDRCxPQUFPLElBQUksQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDaEMsQ0FBQztLQUFBO0lBRUssYUFBYSxDQUFDLE1BQTJCOztZQUM3QyxJQUFJLE1BQU0sQ0FBQyxVQUFVLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixFQUFFO2dCQUNwRCxNQUFNLElBQUkscUJBQXFCLENBQzdCLHdFQUF3RSxNQUFNLENBQUMsVUFBVSwrQkFBK0IsSUFBSSxDQUFDLHVCQUF1QixHQUFHLENBQ3hKLENBQUM7YUFDSDtZQUNELE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNoQyxDQUFDO0tBQUE7SUFFSyxhQUFhLENBQUMsTUFBMkI7O1lBQzdDLElBQUksTUFBTSxDQUFDLFVBQVUsR0FBRyxJQUFJLENBQUMsdUJBQXVCLEVBQUU7Z0JBQ3BELE1BQU0sSUFBSSxxQkFBcUIsQ0FDN0Isd0VBQXdFLE1BQU0sQ0FBQyxVQUFVLCtCQUErQixJQUFJLENBQUMsdUJBQXVCLEdBQUcsQ0FDeEosQ0FBQzthQUNIO1lBQ0QsT0FBTyxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2hDLENBQUM7S0FBQTtJQUVLLFNBQVM7O1lBQ2Isc0dBQXNHO1lBQ3RHLDJEQUEyRDtZQUMzRCx1R0FBdUc7WUFDdkcscURBQXFEO1lBQ3JELE9BQU8sQ0FBQyxNQUFNLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQyxDQUFDLEdBQUcsQ0FBQztRQUN0QyxDQUFDO0tBQUE7SUFFSyxtQkFBbUI7O1lBQ3ZCLE9BQU87Z0JBQ0wsSUFBSSxFQUFFLElBQUksQ0FBQyxVQUFVLEVBQUU7Z0JBQ3ZCLFVBQVUsRUFBRSxJQUFJLENBQUMsMkJBQTJCO2FBQzdDLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFSyxtQkFBbUI7O1lBQ3ZCLE9BQU87Z0JBQ0wsSUFBSSxFQUFFLElBQUksQ0FBQyxVQUFVLEVBQUU7Z0JBQ3ZCLEdBQUcsRUFBRSxNQUFNLElBQUksQ0FBQyxTQUFTLEVBQUU7Z0JBQzNCLFVBQVUsRUFBRSxJQUFJLENBQUMsMkJBQTJCO2FBQzdDLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFSyxtQkFBbUI7O1lBQ3ZCLE9BQU87Z0JBQ0wsSUFBSSxFQUFFLElBQUksQ0FBQyxVQUFVLEVBQUU7Z0JBQ3ZCLHNHQUFzRztnQkFDdEcsMkRBQTJEO2dCQUMzRCx1R0FBdUc7Z0JBQ3ZHLHFEQUFxRDtnQkFDckQsR0FBRyxFQUFFLE1BQU0sSUFBSSxDQUFDLFNBQVMsRUFBRTtnQkFDM0IsVUFBVSxFQUFFLElBQUksQ0FBQywyQkFBMkI7YUFDN0MsQ0FBQztRQUNKLENBQUM7S0FBQTs7OztZQTlRRixVQUFVLFNBQUM7Z0JBQ1YsVUFBVSxFQUFFLE1BQU07YUFDbkI7OztZQWxDUSxnQkFBZ0IiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBJbmplY3RhYmxlIH0gZnJvbSAnQGFuZ3VsYXIvY29yZSc7XG5pbXBvcnQgeyBKV0sgfSBmcm9tICdub2RlLWpvc2UnO1xuaW1wb3J0IHsgSlNPTk9iamVjdCB9IGZyb20gJy4uL2FwaS90eXBlcyc7XG5pbXBvcnQgeyBXZWJDcnlwdG9TZXJ2aWNlIH0gZnJvbSAnLi4vd2ViLWNyeXB0by93ZWItY3J5cHRvLnNlcnZpY2UnO1xuaW1wb3J0IHtcbiAgTHJCYWRBcmd1bWVudEV4Y2VwdGlvbixcbiAgTHJTdXNwaWNpb3VzRXhjZXB0aW9uLFxufSBmcm9tICcuLi9fY29tbW9uL2V4Y2VwdGlvbnMnO1xuaW1wb3J0IHtcbiAgRGVyaXZlS2V5UmVzdWx0LFxuICBEZXJpdmVMYm9wS2V5UGFyYW1zLFxuICBEZXJpdmVQYXNzSWRwUGFyYW1zLFxuICBEZXJpdmVQYXNzS2V5UGFyYW1zLFxuICBMYm9wS2V5UGFyYW1zLFxuICBQYXNzSWRwUGFyYW1zLFxuICBQYXNzS2V5UGFyYW1zLFxufSBmcm9tICcuL2tleS50eXBlcyc7XG5cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBzaGEyNTYobWVzc2FnZSkge1xuICAvLyBlbmNvZGUgYXMgVVRGLThcbiAgY29uc3QgbXNnQnVmZmVyID0gbmV3IFRleHRFbmNvZGVyKCkuZW5jb2RlKG1lc3NhZ2UpO1xuXG4gIC8vIGhhc2ggdGhlIG1lc3NhZ2VcbiAgY29uc3QgaGFzaEJ1ZmZlciA9IGF3YWl0IGNyeXB0by5zdWJ0bGUuZGlnZXN0KCdTSEEtMjU2JywgbXNnQnVmZmVyKTtcblxuICAvLyBjb252ZXJ0IEFycmF5QnVmZmVyIHRvIEFycmF5XG4gIGNvbnN0IGhhc2hBcnJheSA9IEFycmF5LmZyb20obmV3IFVpbnQ4QXJyYXkoaGFzaEJ1ZmZlcikpO1xuXG4gIC8vIGNvbnZlcnQgYnl0ZXMgdG8gaGV4IHN0cmluZ1xuICBjb25zdCBoYXNoSGV4ID0gaGFzaEFycmF5XG4gICAgLm1hcCgoYikgPT4gKCcwMCcgKyBiLnRvU3RyaW5nKDE2KSkuc2xpY2UoLTIpKVxuICAgIC5qb2luKCcnKTtcbiAgcmV0dXJuIGhhc2hIZXg7XG59XG5cbkBJbmplY3RhYmxlKHtcbiAgcHJvdmlkZWRJbjogJ3Jvb3QnLFxufSlcbmV4cG9ydCBjbGFzcyBLZXlGYWN0b3J5U2VydmljZSB7XG4gIGNvbnN0cnVjdG9yKHByaXZhdGUgd2ViQ3J5cHRvU2VydmljZTogV2ViQ3J5cHRvU2VydmljZSkge1xuICAgIHRoaXMuY3J5cHRvID0gdGhpcy53ZWJDcnlwdG9TZXJ2aWNlLmNyeXB0bztcbiAgfVxuICBwcml2YXRlIHJlYWRvbmx5IGNyeXB0bztcbiAgLy8gR2xvYmFsIGtleXMgc3RvcmUuIE90aGVyd2lzZSwgZWFjaCBjYWxsIHRvIGFzS2V5IGNyZWF0ZXMgYSBuZXcga2V5U3RvcmUuXG4gIC8vIDxBWj4gRGlkIG5vdCBzZWVtIHRvIGltcHJvdmUgc3BlZWQuXG4gIC8vIHB1YmxpYyBzdGF0aWMga2V5U3RvcmUgPSBKV0suY3JlYXRlS2V5U3RvcmUoKTtcblxuICAvLyBBWjogVGhpcyBjYW4ndCBiZSBjaGFuZ2UgZWFzaWx5LiBJdCdzIGJhc2ljYWxseSBhIFBhc3NLIG9yIFBhc3NJZHAgcm90YXRpb24uXG4gIC8vIHRvZG86IHdlIHNob3VsZCBldmVudHVhbGx5IGluY3JlYXNlIHRoaXMgcGVyaW9kaWNhbGx5IHRvIG1hdGNoIHdpdGggTW9vcmUncyBsYXcuXG4gIC8vIFRoZSBpdGVyYXRpb25zIGZvciBlYWNoIGtleSBhcmUga2VwdCBieSB0aGUgc2VydmVyIGFzIHdlbGwgYnV0IHdlIGFzc3VtZSB0aGUgdmFsdWVcbiAgLy8gZnJvbSB0aGUgc2VydmVyIGlzIG5vdCB0cnVzdHdvcnRoeSwgc28gbmVlZCB0byBoYXZlIG1pbmltdW0gdGhyZXNob2xkcyBoZXJlLlxuICAvLyBJZiBjcmVhdGluZyBuZXcga2V5cywgdGhlc2UgbWluaW11bSBhcmUgdXNlZC5cbiAgcHVibGljIHJlYWRvbmx5IE1JTl9QQVNTX0lEUF9QQktERl9JVEVSID0gMTAwMDAwO1xuICBwdWJsaWMgcmVhZG9ubHkgTUlOX1BBU1NfS0VZX1BCS0RGX0lURVIgPSAxMDAwMDA7XG4gIHB1YmxpYyByZWFkb25seSBNSU5fTEJPUF9LRVlfUEJLREZfSVRFUiA9IDEwMDAwMDtcblxuICAvLyBUaGVzZSBhcmUgdXNlZCBhcyB0aGUgZGVmYXVsdCB2YWx1ZXMuIFRoZXkgbXVzdCBiZSBsYXJnZXIgdGhhbiB0aGUgbWluaW11bSB2YWx1ZXMuXG4gIHB1YmxpYyByZWFkb25seSBERUZBVUxUX1BBU1NfSURQX1BCS0RGX0lURVIgPSB0aGlzLk1JTl9QQVNTX0lEUF9QQktERl9JVEVSO1xuICBwdWJsaWMgcmVhZG9ubHkgREVGQVVMVF9QQVNTX0tFWV9QQktERl9JVEVSID0gdGhpcy5NSU5fUEFTU19LRVlfUEJLREZfSVRFUjtcbiAgcHVibGljIHJlYWRvbmx5IERFRkFVTFRfTEJPUF9LRVlfUEJLREZfSVRFUiA9IHRoaXMuTUlOX0xCT1BfS0VZX1BCS0RGX0lURVI7XG5cbiAgc3RhdGljIGFzS2V5KFxuICAgIGtleTogc3RyaW5nIHwgQnVmZmVyIHwgUmVjb3JkPHN0cmluZywgSlNPTk9iamVjdD4gfCBKV0suUmF3S2V5LFxuICAgIGZvcm0/OlxuICAgICAgfCAnanNvbidcbiAgICAgIHwgJ3ByaXZhdGUnXG4gICAgICB8ICdwa2NzOCdcbiAgICAgIHwgJ3B1YmxpYydcbiAgICAgIHwgJ3Nwa2knXG4gICAgICB8ICdwa2l4J1xuICAgICAgfCAneDUwOSdcbiAgICAgIHwgJ3BlbScsXG4gICAgZXh0cmFzPzogUmVjb3JkPHN0cmluZywgdW5rbm93bj5cbiAgKTogUHJvbWlzZTxKV0suS2V5PiB7XG4gICAgLy8gPEFaPiBVc2luZyBhIHNpbmdsZSBnbG9iYWwga2V5IHN0b3JlIGRpZCBub3Qgc2VlbSB0byBpbXByb3ZlIHNwZWVkLlxuICAgIC8vIHJldHVybiBLZXlGYWN0b3J5U2VydmljZS5rZXlTdG9yZS5hZGQoa2V5LCBmb3JtLCBleHRyYXMpO1xuICAgIHJldHVybiBKV0suYXNLZXkoa2V5LCBmb3JtLCBleHRyYXMpO1xuICB9XG5cbiAgcmFuZG9tU3RyaW5nKGRpZ2l0czogbnVtYmVyKTogc3RyaW5nIHtcbiAgICBpZiAoZGlnaXRzIDw9IDApIHtcbiAgICAgIHRocm93IG5ldyBMckJhZEFyZ3VtZW50RXhjZXB0aW9uKCdkaWdpdHMgPD0gMCcpO1xuICAgIH1cbiAgICBjb25zdCB2YWxpZENoYXJzID1cbiAgICAgICdBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSc7XG4gICAgbGV0IGFycmF5ID0gbmV3IFVpbnQzMkFycmF5KGRpZ2l0cyk7XG4gICAgdGhpcy5jcnlwdG8uZ2V0UmFuZG9tVmFsdWVzKGFycmF5KTtcbiAgICBhcnJheSA9IGFycmF5Lm1hcCgoeCkgPT4gdmFsaWRDaGFycy5jaGFyQ29kZUF0KHggJSB2YWxpZENoYXJzLmxlbmd0aCkpO1xuICAgIHJldHVybiBTdHJpbmcuZnJvbUNoYXJDb2RlLmFwcGx5KG51bGwsIGFycmF5KTtcbiAgfVxuXG4gIHJhbmRvbURpZ2l0c05vWmVyb3MoZGlnaXRzOiBudW1iZXIpOiBzdHJpbmcge1xuICAgIHJldHVybiB0aGlzLnJhbmRvbUNob2ljZXMoWzEsIDIsIDMsIDQsIDUsIDYsIDcsIDgsIDldLCBkaWdpdHMpLmpvaW4oJycpO1xuICB9XG5cbiAgcmFuZG9tQ2hvaWNlczxUPihhcnJheTogVFtdLCBjaG9vc2VOOiBudW1iZXIpOiBUW10ge1xuICAgIGlmIChhcnJheS5sZW5ndGggPD0gMSkge1xuICAgICAgdGhyb3cgbmV3IExyQmFkQXJndW1lbnRFeGNlcHRpb24oJ2FycmF5Lmxlbmd0aCA8PSAwJyk7XG4gICAgfVxuICAgIGlmIChjaG9vc2VOIDw9IDApIHtcbiAgICAgIHRocm93IG5ldyBMckJhZEFyZ3VtZW50RXhjZXB0aW9uKCdjaG9vc2VOIDw9IDAnKTtcbiAgICB9XG4gICAgY29uc3QgdmFsdWVzID0gbmV3IFVpbnQzMkFycmF5KGNob29zZU4pO1xuICAgIHRoaXMuY3J5cHRvLmdldFJhbmRvbVZhbHVlcyh2YWx1ZXMpO1xuICAgIGNvbnN0IHJldDogVFtdID0gW107XG4gICAgdmFsdWVzLmZvckVhY2goKHYpID0+IHJldC5wdXNoKGFycmF5W3YgJSBhcnJheS5sZW5ndGhdKSk7XG4gICAgcmV0dXJuIHJldDtcbiAgfVxuXG4gIGNyZWF0ZVNhbHQoKTogc3RyaW5nIHtcbiAgICByZXR1cm4gdGhpcy5yYW5kb21TdHJpbmcoMTYpO1xuICB9XG5cbiAgYXN5bmMgY3JlYXRlS2V5KCk6IFByb21pc2U8SldLLktleT4ge1xuICAgIGNvbnN0IGtleSA9IGF3YWl0IHRoaXMuY3J5cHRvLnN1YnRsZS5nZW5lcmF0ZUtleShcbiAgICAgIHtcbiAgICAgICAgbmFtZTogJ0FFUy1HQ00nLFxuICAgICAgICBsZW5ndGg6IDI1NiwgLy8gY2FuIGJlICAxMjgsIDE5Miwgb3IgMjU2XG4gICAgICB9LFxuICAgICAgdHJ1ZSwgLy8gd2hldGhlciB0aGUga2V5IGlzIGV4dHJhY3RhYmxlIChpLmUuIGNhbiBiZSB1c2VkIGluIGV4cG9ydEtleSlcbiAgICAgIFsnZW5jcnlwdCcsICdkZWNyeXB0J10gLy8gbXVzdCBiZSBbXCJlbmNyeXB0XCIsIFwiZGVjcnlwdFwiXSBvciBbXCJ3cmFwS2V5XCIsIFwidW53cmFwS2V5XCJdXG4gICAgKTtcblxuICAgIGNvbnN0IGp3ayA9IGF3YWl0IHRoaXMuY3J5cHRvLnN1YnRsZS5leHBvcnRLZXkoJ2p3aycsIGtleSk7XG5cbiAgICAvLyBSZW1vdmluZyB0aGUgZmllbGRzIG5vdCBuZWVkZWQgYnkgbm9kZS1qb3NlXG4gICAgZGVsZXRlIGp3ay5leHQ7XG4gICAgZGVsZXRlIGp3ay5rZXlfb3BzO1xuXG4gICAgcmV0dXJuIEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KGp3ayk7XG4gIH1cblxuICBhc3luYyBjcmVhdGVTaWduS2V5KCk6IFByb21pc2U8SldLLktleT4ge1xuICAgIGNvbnN0IGtleSA9IGF3YWl0IHRoaXMuY3J5cHRvLnN1YnRsZS5nZW5lcmF0ZUtleShcbiAgICAgIHtcbiAgICAgICAgbmFtZTogJ0hNQUMnLFxuICAgICAgICBoYXNoOiB7IG5hbWU6ICdTSEEtNTEyJyB9LFxuICAgICAgfSxcbiAgICAgIHRydWUsXG4gICAgICBbJ3NpZ24nLCAndmVyaWZ5J11cbiAgICApO1xuXG4gICAgY29uc3QgandrID0gYXdhaXQgdGhpcy5jcnlwdG8uc3VidGxlLmV4cG9ydEtleSgnandrJywga2V5KTtcblxuICAgIC8vIFJlbW92aW5nIHRoZSBmaWVsZHMgbm90IG5lZWRlZCBieSBub2RlLWpvc2VcbiAgICBkZWxldGUgandrLmtleV9vcHM7XG4gICAgZGVsZXRlIGp3ay5leHQ7XG5cbiAgICByZXR1cm4gS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoandrKTtcbiAgfVxuXG4gIGFzeW5jIGNyZWF0ZVBrY0tleSgpOiBQcm9taXNlPEpXSy5LZXk+IHtcbiAgICAvLyBub2RlLWpvc2UgaXMgbm90IHVzaW5nIEZvcmdlIHByb3Blcmx5LiBJdCBzaG91bGQgYmUgY2FsbGluZyB0aGUgYXN5bmMgdmVyc2lvbiBvZlxuICAgIC8vIHBraS5yc2EuZ2VuZXJhdGVLZXlQYWlyKCkgd2l0aCBhIGNhbGxiYWNrLiBJbnN0ZWFkIGl0IGNhbGxzIHRoZSBzeW5jIHZlcnNpb24uIFdlYmNyeXB0b1xuICAgIC8vIGRvZXMgbm90IHN1cHBvcnQgc3luYyB2ZXJzaW9uLCBzbyBpdCB1c2VzIHRoZSBqYXZhc2NyaXB0IGltcGxlbWVudGF0aW9uLCB3aGljaCBpcyB3YXkgdG9vIHNsb3cuXG4gICAgLy8gU28gd2UgZ2VuZXJhdGUgdXNpbmcgd2ViY3J5cHRvIGFuZCBpbXBvcnQgdGhlIGtleS5cbiAgICAvLyBVbmZvcnR1bmF0ZWx5IEVsbGlwdGljYWwgQ3VydmUgaXMgbm90IHN1cHBvcnRlZCBieSBXZWJjcnlwdG8uIFNvIHdlIGhhdmUgdG8gc2V0dGxlIGZvciBSU0EuXG4gICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5jcnlwdG8uc3VidGxlLmdlbmVyYXRlS2V5KFxuICAgICAge1xuICAgICAgICBuYW1lOiAnUlNBLU9BRVAnLFxuICAgICAgICBtb2R1bHVzTGVuZ3RoOiAyMDQ4LCAvLyBjYW4gYmUgMTAyNCwgMjA0OCwgMzA3MiwgNDA5NiAuLi4gMTYzODRcbiAgICAgICAgLy8gQXMgcGVyIHN1Z2dlc3Rpb246IGh0dHBzOi8vZGV2ZWxvcGVyLm1vemlsbGEub3JnL2VuLVVTL2RvY3MvV2ViL0FQSS9Sc2FIYXNoZWRLZXlHZW5QYXJhbXNcbiAgICAgICAgcHVibGljRXhwb25lbnQ6IG5ldyBVaW50OEFycmF5KFsweDAxLCAweDAwLCAweDAxXSksXG4gICAgICAgIGhhc2g6IHsgbmFtZTogJ1NIQS0yNTYnIH0sIC8vIGNhbiBiZSBcIlNIQS0xXCIsIFwiU0hBLTI1NlwiLCBcIlNIQS0zODRcIiwgb3IgXCJTSEEtNTEyXCJcbiAgICAgIH0sXG4gICAgICB0cnVlLCAvLyB3aGV0aGVyIHRoZSBrZXkgaXMgZXh0cmFjdGFibGUgKGkuZS4gY2FuIGJlIHVzZWQgaW4gZXhwb3J0S2V5KVxuICAgICAgWydlbmNyeXB0JywgJ2RlY3J5cHQnXSAvLyBtdXN0IGJlIFtcImVuY3J5cHRcIiwgXCJkZWNyeXB0XCJdIG9yIFtcIndyYXBLZXlcIiwgXCJ1bndyYXBLZXlcIl1cbiAgICApO1xuXG4gICAgY29uc3QgandrID0gYXdhaXQgdGhpcy5jcnlwdG8uc3VidGxlLmV4cG9ydEtleSgnandrJywga2V5LnByaXZhdGVLZXkpO1xuICAgIC8vIFJlbW92aW5nIHRoZSBmaWVsZHMgbm90IG5lZWRlZCBieSBub2RlLWpvc2VcbiAgICBkZWxldGUgandrLmtleV9vcHM7XG4gICAgZGVsZXRlIGp3ay5leHQ7XG5cbiAgICByZXR1cm4gS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoandrKTtcbiAgfVxuXG4gIGFzeW5jIGNyZWF0ZVBrY1NpZ25LZXkoKTogUHJvbWlzZTxKV0suS2V5PiB7XG4gICAgY29uc3Qga2V5ID0gYXdhaXQgdGhpcy5jcnlwdG8uc3VidGxlLmdlbmVyYXRlS2V5KFxuICAgICAge1xuICAgICAgICBuYW1lOiAnUlNBU1NBLVBLQ1MxLXYxXzUnLFxuICAgICAgICBtb2R1bHVzTGVuZ3RoOiAyMDQ4LCAvLyBjYW4gYmUgMTAyNCwgMjA0OCwgb3IgNDA5NlxuICAgICAgICAvLyBBcyBwZXIgc3VnZ2VzdGlvbjogaHR0cHM6Ly9kZXZlbG9wZXIubW96aWxsYS5vcmcvZW4tVVMvZG9jcy9XZWIvQVBJL1JzYUhhc2hlZEtleUdlblBhcmFtc1xuICAgICAgICBwdWJsaWNFeHBvbmVudDogbmV3IFVpbnQ4QXJyYXkoWzB4MDEsIDB4MDAsIDB4MDFdKSxcbiAgICAgICAgaGFzaDogeyBuYW1lOiAnU0hBLTI1NicgfSwgLy8gY2FuIGJlIFwiU0hBLTFcIiwgXCJTSEEtMjU2XCIsIFwiU0hBLTM4NFwiLCBvciBcIlNIQS01MTJcIlxuICAgICAgfSxcbiAgICAgIHRydWUsIC8vIHdoZXRoZXIgdGhlIGtleSBpcyBleHRyYWN0YWJsZSAoaS5lLiBjYW4gYmUgdXNlZCBpbiBleHBvcnRLZXkpXG4gICAgICBbJ3NpZ24nLCAndmVyaWZ5J10gLy8gY2FuIGJlIGFueSBjb21iaW5hdGlvbiBvZiBcInNpZ25cIiBhbmQgXCJ2ZXJpZnlcIlxuICAgICk7XG5cbiAgICBjb25zdCBqd2sgPSBhd2FpdCB0aGlzLmNyeXB0by5zdWJ0bGUuZXhwb3J0S2V5KCdqd2snLCBrZXkucHJpdmF0ZUtleSk7XG5cbiAgICAvLyBSZW1vdmluZyB0aGUgZmllbGRzIG5vdCBuZWVkZWQgYnkgbm9kZS1qb3NlXG4gICAgZGVsZXRlIGp3ay5rZXlfb3BzO1xuICAgIGRlbGV0ZSBqd2suZXh0O1xuXG4gICAgcmV0dXJuIEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KGp3ayk7XG4gIH1cblxuICBhc3luYyBkZXJpdmVLZXkoe1xuICAgIHBhc3N3b3JkLFxuICAgIHNhbHQsXG4gICAgaXRlcmF0aW9ucyxcbiAgICBraWQsXG4gIH06IHtcbiAgICBwYXNzd29yZDogc3RyaW5nO1xuICAgIHNhbHQ6IHN0cmluZztcbiAgICBpdGVyYXRpb25zOiBudW1iZXI7XG4gICAga2lkPzogc3RyaW5nO1xuICB9KTogUHJvbWlzZTxEZXJpdmVLZXlSZXN1bHQ+IHtcbiAgICBjb25zdCBlbmMgPSBuZXcgVGV4dEVuY29kZXIoKTtcbiAgICBjb25zdCByYXdLZXkgPSBhd2FpdCB0aGlzLmNyeXB0by5zdWJ0bGUuaW1wb3J0S2V5KFxuICAgICAgJ3JhdycsXG4gICAgICBlbmMuZW5jb2RlKHBhc3N3b3JkKSxcbiAgICAgICdQQktERjInLFxuICAgICAgZmFsc2UsXG4gICAgICBbJ2Rlcml2ZUJpdHMnLCAnZGVyaXZlS2V5J11cbiAgICApO1xuXG4gICAgY29uc3QgcGFzc0tleSA9IGF3YWl0IGNyeXB0by5zdWJ0bGUuZGVyaXZlS2V5KFxuICAgICAge1xuICAgICAgICBuYW1lOiAnUEJLREYyJyxcbiAgICAgICAgc2FsdDogbmV3IFRleHRFbmNvZGVyKCkuZW5jb2RlKHNhbHQpLFxuICAgICAgICBpdGVyYXRpb25zLFxuICAgICAgICBoYXNoOiAnU0hBLTI1NicsXG4gICAgICB9LFxuICAgICAgcmF3S2V5LFxuICAgICAgeyBuYW1lOiAnQUVTLUdDTScsIGxlbmd0aDogMjU2IH0sXG4gICAgICB0cnVlLFxuICAgICAgWydlbmNyeXB0JywgJ2RlY3J5cHQnXVxuICAgICk7XG5cbiAgICBjb25zdCBwYXNzS2V5SnNvbjogSlNPTk9iamVjdCA9IGF3YWl0IGNyeXB0by5zdWJ0bGUuZXhwb3J0S2V5KFxuICAgICAgJ2p3aycsXG4gICAgICBwYXNzS2V5XG4gICAgKTtcbiAgICBpZiAoa2lkKSB7XG4gICAgICBwYXNzS2V5SnNvbi5raWQgPSBraWQ7XG4gICAgfVxuXG4gICAgY29uc3QgandrID0gYXdhaXQgS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkocGFzc0tleUpzb24pO1xuXG4gICAgcmV0dXJuIHsgandrIH07XG4gIH1cblxuICBhc3luYyBkZXJpdmVQYXNzSWRwKHBhcmFtczogRGVyaXZlUGFzc0lkcFBhcmFtcyk6IFByb21pc2U8RGVyaXZlS2V5UmVzdWx0PiB7XG4gICAgaWYgKHBhcmFtcy5pdGVyYXRpb25zIDwgdGhpcy5NSU5fUEFTU19JRFBfUEJLREZfSVRFUikge1xuICAgICAgdGhyb3cgbmV3IExyU3VzcGljaW91c0V4Y2VwdGlvbihcbiAgICAgICAgYFRoZSBudW1iZXIgb2YgUGFzc0lkcCBrZXkgZGVyaXZhdGlvbiBpdGVyYXRpb25zIHNlbnQgZnJvbSB0aGUgc2VydmVyICgke3BhcmFtcy5pdGVyYXRpb25zfSkgaXMgbG93ZXIgdGhhbiB0aGUgbWluaW11bSAoJHt0aGlzLk1JTl9QQVNTX0lEUF9QQktERl9JVEVSfSlgXG4gICAgICApO1xuICAgIH1cbiAgICByZXR1cm4gdGhpcy5kZXJpdmVLZXkocGFyYW1zKTtcbiAgfVxuXG4gIGFzeW5jIGRlcml2ZVBhc3NLZXkocGFyYW1zOiBEZXJpdmVQYXNzS2V5UGFyYW1zKTogUHJvbWlzZTxEZXJpdmVLZXlSZXN1bHQ+IHtcbiAgICBpZiAocGFyYW1zLml0ZXJhdGlvbnMgPCB0aGlzLk1JTl9QQVNTX0tFWV9QQktERl9JVEVSKSB7XG4gICAgICB0aHJvdyBuZXcgTHJTdXNwaWNpb3VzRXhjZXB0aW9uKFxuICAgICAgICBgVGhlIG51bWJlciBvZiBQYXNzS2V5IGtleSBkZXJpdmF0aW9uIGl0ZXJhdGlvbnMgc2VudCBmcm9tIHRoZSBzZXJ2ZXIoJHtwYXJhbXMuaXRlcmF0aW9uc30pIGlzIGxvd2VyIHRoYW4gdGhlIG1pbmltdW0oJHt0aGlzLk1JTl9QQVNTX0tFWV9QQktERl9JVEVSfSlgXG4gICAgICApO1xuICAgIH1cbiAgICByZXR1cm4gdGhpcy5kZXJpdmVLZXkocGFyYW1zKTtcbiAgfVxuXG4gIGFzeW5jIGRlcml2ZUxib3BLZXkocGFyYW1zOiBEZXJpdmVMYm9wS2V5UGFyYW1zKTogUHJvbWlzZTxEZXJpdmVLZXlSZXN1bHQ+IHtcbiAgICBpZiAocGFyYW1zLml0ZXJhdGlvbnMgPCB0aGlzLk1JTl9MQk9QX0tFWV9QQktERl9JVEVSKSB7XG4gICAgICB0aHJvdyBuZXcgTHJTdXNwaWNpb3VzRXhjZXB0aW9uKFxuICAgICAgICBgVGhlIG51bWJlciBvZiBMYm9wS2V5IGtleSBkZXJpdmF0aW9uIGl0ZXJhdGlvbnMgc2VudCBmcm9tIHRoZSBzZXJ2ZXIoJHtwYXJhbXMuaXRlcmF0aW9uc30pIGlzIGxvd2VyIHRoYW4gdGhlIG1pbmltdW0oJHt0aGlzLk1JTl9MQk9QX0tFWV9QQktERl9JVEVSfSlgXG4gICAgICApO1xuICAgIH1cbiAgICByZXR1cm4gdGhpcy5kZXJpdmVLZXkocGFyYW1zKTtcbiAgfVxuXG4gIGFzeW5jIGNyZWF0ZUtpZCgpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIC8vIHRvZG86IEFaOiBub2RlLWpvc2Ugc291cmNlIHVzZXMgbm9kZSdzIGRlZmF1bHQgVVVJRCgpIGZ1bmN0aW9uIGZvciBraWQsIHNvIGp1c3QgY2hhbmdlIHRvIHVzZSB0aGF0LlxuICAgIC8vIGZvciBub3csIHdlIGFyZSBqdXN0IGNyZWF0aW5nIGEgbmV3IGtleSB0byB1c2UgaXQncyBraWQuXG4gICAgLy8gVGhlIGtpZCBpcyBhIHBhcnQgb2YgdGhlIEpXSyBzeXN0ZW0uIExSIGJhY2tlbmQgbWFpbnRhaW5zIHRoZSBrZXkgaGllcmFyY2h5IHNlcGFyYXRlbHkgd2l0aCBpdCdzIG93blxuICAgIC8vIGtleSBpZC4gQnV0IHdlIGp1c3QgdXNlIGl0IGhlcmUgYXMgYSBkb3VibGUgY2hlY2suXG4gICAgcmV0dXJuIChhd2FpdCB0aGlzLmNyZWF0ZUtleSgpKS5raWQ7XG4gIH1cblxuICBhc3luYyBjcmVhdGVQYXNzSWRwUGFyYW1zKCk6IFByb21pc2U8UGFzc0lkcFBhcmFtcz4ge1xuICAgIHJldHVybiB7XG4gICAgICBzYWx0OiB0aGlzLmNyZWF0ZVNhbHQoKSxcbiAgICAgIGl0ZXJhdGlvbnM6IHRoaXMuREVGQVVMVF9QQVNTX0lEUF9QQktERl9JVEVSLFxuICAgIH07XG4gIH1cblxuICBhc3luYyBjcmVhdGVQYXNzS2V5UGFyYW1zKCk6IFByb21pc2U8UGFzc0tleVBhcmFtcz4ge1xuICAgIHJldHVybiB7XG4gICAgICBzYWx0OiB0aGlzLmNyZWF0ZVNhbHQoKSxcbiAgICAgIGtpZDogYXdhaXQgdGhpcy5jcmVhdGVLaWQoKSxcbiAgICAgIGl0ZXJhdGlvbnM6IHRoaXMuREVGQVVMVF9QQVNTX0tFWV9QQktERl9JVEVSLFxuICAgIH07XG4gIH1cblxuICBhc3luYyBjcmVhdGVMYm9wS2V5UGFyYW1zKCk6IFByb21pc2U8TGJvcEtleVBhcmFtcz4ge1xuICAgIHJldHVybiB7XG4gICAgICBzYWx0OiB0aGlzLmNyZWF0ZVNhbHQoKSxcbiAgICAgIC8vIHRvZG86IEFaOiBub2RlLWpvc2Ugc291cmNlIHVzZXMgbm9kZSdzIGRlZmF1bHQgVVVJRCgpIGZ1bmN0aW9uIGZvciBraWQsIHNvIGp1c3QgY2hhbmdlIHRvIHVzZSB0aGF0LlxuICAgICAgLy8gZm9yIG5vdywgd2UgYXJlIGp1c3QgY3JlYXRpbmcgYSBuZXcga2V5IHRvIHVzZSBpdCdzIGtpZC5cbiAgICAgIC8vIFRoZSBraWQgaXMgYSBwYXJ0IG9mIHRoZSBKV0sgc3lzdGVtLiBMUiBiYWNrZW5kIG1haW50YWlucyB0aGUga2V5IGhpZXJhcmNoeSBzZXBhcmF0ZWx5IHdpdGggaXQncyBvd25cbiAgICAgIC8vIGtleSBpZC4gQnV0IHdlIGp1c3QgdXNlIGl0IGhlcmUgYXMgYSBkb3VibGUgY2hlY2suXG4gICAgICBraWQ6IGF3YWl0IHRoaXMuY3JlYXRlS2lkKCksXG4gICAgICBpdGVyYXRpb25zOiB0aGlzLkRFRkFVTFRfUEFTU19LRVlfUEJLREZfSVRFUixcbiAgICB9O1xuICB9XG59XG4iXX0=

package/esm2015/lib/key/key-graph.service.js

@@ -0,0 +1,300 @@
+import { __awaiter } from "tslib";
+/* eslint-disable @typescript-eslint/no-explicit-any */
+import { Injectable } from '@angular/core';
+import graphlib, { Graph } from '@dagrejs/graphlib';
+import _ from 'lodash';
+import { asJwk, EncryptionService, isSymmetricKey, } from '../encryption/encryption.service';
+import { LrBadArgumentException, LrEncryptionException, LrException, LrNotFoundException, } from '../_common/exceptions';
+import { KeyFactoryService, KeyFactoryService as KFS, } from './key-factory.service';
+import { KeyService } from './key.service';
+import { KeyGraphEdgeType, KeyGraphNodeType, } from './key.types';
+import * as i0 from "@angular/core";
+import * as i1 from "../encryption/encryption.service";
+import * as i2 from "./key.service";
+import * as i3 from "./key-factory.service";
+export class KeyGraphService {
+    // private keyCache: {
+    //   [id: string]: Key;
+    // };
+    constructor(encryptionService, keyService, keyFactory) {
+        this.encryptionService = encryptionService;
+        this.keyService = keyService;
+        this.keyFactory = keyFactory;
+        this.purgeKeys();
+    }
+    purgeKeys() {
+        this.graph = new Graph();
+        // this.keyCache = null;
+    }
+    populateKeys(userKey) {
+        return __awaiter(this, void 0, void 0, function* () {
+            this.keyService.populateKeys({
+                passKey: userKey.passKey,
+                masterKey: yield this.keyService.loadMasterKey(userKey.masterKey.id),
+                rootKey: yield this.unwrapKey(userKey.masterKey.id, userKey.rootKey.id),
+                pxk: yield this.unwrapKey(userKey.masterKey.id, userKey.pxk.id),
+                sigPxk: yield this.unwrapKey(userKey.masterKey.id, userKey.sigPxk.id),
+            });
+        });
+    }
+    hasKey(keyId) {
+        return !!this.graph.node(keyId);
+    }
+    getNode(id, type) {
+        const node = this.graph.node(id);
+        if (!node) {
+            throw new LrNotFoundException(`Key graphs does not contain key id: ${id}`);
+        }
+        if (node.type !== type) {
+            throw new LrException({
+                message: `Key with id ${id} is not of type ${type}`,
+            });
+        }
+        return node.data;
+    }
+    key(id) {
+        return this.getNode(id, KeyGraphNodeType.Key);
+    }
+    passKey(id) {
+        return this.getNode(id, KeyGraphNodeType.PassKey);
+    }
+    addKeys(src) {
+        // Keys
+        if (src.keys) {
+            // What key graph returns can not be customized. So keys are essentially immutable.
+            // Therefore, if a key exists, there's no reason to update it.
+            for (const key of src.keys) {
+                // Note using Relay global id allows us to not worry about clashing node id
+                if (this.graph.hasNode(key.id)) {
+                    continue;
+                }
+                const node = {
+                    type: KeyGraphNodeType.Key,
+                    data: _.cloneDeep(key),
+                };
+                this.graph.setNode(key.id, node);
+            }
+        }
+        // KeyLinks
+        if (src.keyLinks) {
+            for (const keyLink of src.keyLinks) {
+                if (this.graph.hasEdge(keyLink.wrappingKeyId, keyLink.keyId)) {
+                    continue;
+                }
+                const edge = {
+                    type: KeyGraphEdgeType.KeyLink,
+                    data: _.cloneDeep(keyLink),
+                };
+                // Edge goes from wrapping key to wrapped key.
+                this.graph.setEdge(keyLink.wrappingKeyId, keyLink.keyId, edge);
+            }
+        }
+        // PassKeyLinks
+        if (src.passKeyLinks) {
+            for (const passKeyLink of src.passKeyLinks) {
+                if (this.graph.hasEdge(passKeyLink.passKeyId, passKeyLink.keyId)) {
+                    continue;
+                }
+                const edge = {
+                    type: KeyGraphEdgeType.PassKeyLink,
+                    data: _.cloneDeep(passKeyLink),
+                };
+                // Edge goes from wrapping key to wrapped key.
+                this.graph.setEdge(passKeyLink.passKeyId, passKeyLink.keyId, edge);
+            }
+        }
+        // The graph is the single source of truth. These are lazily calculated.
+        // this.keyCache = null;
+    }
+    tracePath(distances, keyId) {
+        // The node label is the same as the id of the key nodes.
+        const ret = [];
+        let node = keyId;
+        if (!distances[node].predecessor) {
+            return null;
+        }
+        while (distances[node].predecessor) {
+            const child = distances[node].predecessor;
+            ret.push(this.graph.edge(child, node));
+            node = child;
+        }
+        // After reverse, the first element is the passkey
+        ret.reverse();
+        return ret;
+    }
+    getPath(knownKeyId, keyId) {
+        if (!knownKeyId || typeof knownKeyId !== 'string') {
+            throw new LrEncryptionException(`Param knownKeyId wrong format: ${knownKeyId}`);
+        }
+        if (!keyId || typeof keyId !== 'string') {
+            throw new LrEncryptionException(`Param keyId wrong format: ${keyId}`);
+        }
+        // => { A: { distance: 0 },
+        //      B: { distance: 6, predecessor: 'C' },
+        //      C: { distance: 4, predecessor: 'A' },
+        //      D: { distance: 2, predecessor: 'A' },
+        //      E: { distance: 8, predecessor: 'F' },
+        //      F: { distance: 4, predecessor: 'D' } }
+        const distances = graphlib.alg.dijkstra(this.graph, knownKeyId);
+        // Trace path from keyId to knownKeyId
+        return this.tracePath(distances, keyId);
+    }
+    getJwkKey(keyOrId, getKeyIdCallback) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return (yield this.getKey(keyOrId, getKeyIdCallback)).jwk;
+        });
+    }
+    // We assume that when a keyId is fetched, the key graph
+    // for the key is also returned and merged into the client-side
+    // key graph. By insisting a keyId is returned instead of the
+    // actual key we ensure key-graph is consistent.
+    getKey(keyOrId, getKeyIdCallback) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let keyId = typeof keyOrId === 'string' ? keyOrId : keyOrId === null || keyOrId === void 0 ? void 0 : keyOrId.id;
+            if (!this.hasKey(keyId) && getKeyIdCallback) {
+                keyId = yield getKeyIdCallback();
+            }
+            // else, continue and let it fail.
+            const key = this.key(keyId);
+            if (key.jwk) {
+                return key;
+            }
+            else {
+                return this.unwrapKey(this.keyService.getCurrentMasterKey().id, keyId);
+            }
+        });
+    }
+    _unwrapLink(wrappingKey, link, dstKey) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // console.log("_unwrapLink:", link.data.keyId);
+            const wrappedKey = JSON.parse(link.data.wrappedKey);
+            // Signatures of keys contain the key itself. This way we only need
+            // to access the KeyLinks to decrypt/verify keys.
+            let nextRawKey;
+            if (wrappedKey.signatures) {
+                nextRawKey = yield this.encryptionService.verify(wrappingKey, wrappedKey);
+            }
+            else {
+                nextRawKey = yield this.encryptionService.decrypt(wrappingKey, wrappedKey);
+            }
+            dstKey.jwk = yield KFS.asKey(nextRawKey);
+            dstKey.task = null;
+        });
+    }
+    _unwrap(key, path) {
+        return __awaiter(this, void 0, void 0, function* () {
+            for (const link of path) {
+                const dstKey = this.key(link.data.keyId);
+                // console.log("key: ", link.data.keyId);
+                if (dstKey.jwk) {
+                    key = dstKey.jwk;
+                    // console.log("Returning cached key: ", link.data.keyId);
+                    continue;
+                }
+                if (!dstKey.task) {
+                    dstKey.task = this._unwrapLink(key, link, dstKey);
+                }
+                yield dstKey.task;
+                key = dstKey.jwk;
+            }
+            return key;
+        });
+    }
+    unwrapWithPassKey(passKeyId, passKey, keyId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Get path of the directory key.
+            const path = this.getPath(passKeyId, keyId);
+            return {
+                id: keyId,
+                jwk: yield this._unwrap(passKey, path),
+            };
+        });
+    }
+    unwrapKey(masterKeyId, keyId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // The first key should be a masterKey
+            const masterKey = yield this.keyService.loadMasterKey(masterKeyId);
+            if (masterKeyId === keyId) {
+                return masterKey;
+            }
+            // Get path of the directory key.
+            const path = this.getPath(masterKey.id, keyId);
+            return {
+                id: keyId,
+                jwk: yield this._unwrap(masterKey.jwk, path),
+            };
+        });
+    }
+    decryptFromString(keyOrId, cipherData, options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (cipherData) {
+                const key = yield this.getJwkKey(keyOrId);
+                return (yield this.encryptionService.decrypt(key, JSON.parse(cipherData), options));
+            }
+            return null;
+        });
+    }
+    decryptFile(keyId, file) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.getJwkKey(keyId);
+            return (yield this.encryptionService.decrypt(key, file, {
+                payloadType: 'ArrayBuffer',
+            }));
+        });
+    }
+    // TODO rename this to encrypt() and use as the most common usecase
+    encryptToString(key, content) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Empty string should be encrypted since you want to clear the field.
+            // Null is not encrypted because it's not valid JSON in the old JSON spec. Use
+            // empty string instead. It'll function as a logic false as well.
+            // Note that passing in empty string means it'll be encrypted which verifies
+            // it's integrity. But we still want to have a way to set the DB field
+            // to NULL, so we explicitly return null when content == null. A null
+            // variable in graphql mutation on KC server clears the field to NULL.
+            if (content == null) {
+                return null;
+            }
+            const jwk = asJwk(key) || (yield this.getJwkKey(key));
+            return this.encryptionService.encryptToString(jwk, content);
+        });
+    }
+    // Wraps a symmetric encryption key.
+    // Throws exception if wrapping public keys.
+    wrapKey(wrappingKey, key) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!isSymmetricKey(key)) {
+                throw new LrBadArgumentException('Only allowing wrapping of symmetric keys.');
+            }
+            return this.encryptToString(wrappingKey, key.toJSON(true));
+        });
+    }
+    // TODO
+    // async wrapPublicKey<T>();
+    // async wrapPrivateKey<T>();
+    encryptWithNewKey(wrappingKeyId, cipherClearJson) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const key = yield this.keyFactory.createKey();
+            const wrappedKey = yield this.encryptToString(wrappingKeyId, key.toJSON(true));
+            const cipher = yield this.encryptToString(key, cipherClearJson);
+            return {
+                key,
+                wrappingKeyId,
+                wrappedKey,
+                cipher,
+            };
+        });
+    }
+}
+KeyGraphService.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyGraphService_Factory() { return new KeyGraphService(i0.ɵɵinject(i1.EncryptionService), i0.ɵɵinject(i2.KeyService), i0.ɵɵinject(i3.KeyFactoryService)); }, token: KeyGraphService, providedIn: "root" });
+KeyGraphService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+KeyGraphService.ctorParameters = () => [
+    { type: EncryptionService },
+    { type: KeyService },
+    { type: KeyFactoryService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LWdyYXBoLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi9wcm9qZWN0cy9jb3JlL3NyYy9saWIva2V5L2tleS1ncmFwaC5zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSx1REFBdUQ7QUFDdkQsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUMzQyxPQUFPLFFBQVEsRUFBRSxFQUFFLEtBQUssRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQ3BELE9BQU8sQ0FBQyxNQUFNLFFBQVEsQ0FBQztBQUd2QixPQUFPLEVBQ0wsS0FBSyxFQUVMLGlCQUFpQixFQUNqQixjQUFjLEdBQ2YsTUFBTSxrQ0FBa0MsQ0FBQztBQUUxQyxPQUFPLEVBQ0wsc0JBQXNCLEVBQ3RCLHFCQUFxQixFQUNyQixXQUFXLEVBQ1gsbUJBQW1CLEdBQ3BCLE1BQU0sdUJBQXVCLENBQUM7QUFDL0IsT0FBTyxFQUNMLGlCQUFpQixFQUNqQixpQkFBaUIsSUFBSSxHQUFHLEdBQ3pCLE1BQU0sdUJBQXVCLENBQUM7QUFDL0IsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUMzQyxPQUFPLEVBR0wsZ0JBQWdCLEVBRWhCLGdCQUFnQixHQUdqQixNQUFNLGFBQWEsQ0FBQzs7Ozs7QUFTckIsTUFBTSxPQUFPLGVBQWU7SUFFMUIsc0JBQXNCO0lBQ3RCLHVCQUF1QjtJQUN2QixLQUFLO0lBRUwsWUFDVSxpQkFBb0MsRUFDcEMsVUFBc0IsRUFDdEIsVUFBNkI7UUFGN0Isc0JBQWlCLEdBQWpCLGlCQUFpQixDQUFtQjtRQUNwQyxlQUFVLEdBQVYsVUFBVSxDQUFZO1FBQ3RCLGVBQVUsR0FBVixVQUFVLENBQW1CO1FBRXJDLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztJQUNuQixDQUFDO0lBRUQsU0FBUztRQUNQLElBQUksQ0FBQyxLQUFLLEdBQUcsSUFBSSxLQUFLLEVBQUUsQ0FBQztRQUN6Qix3QkFBd0I7SUFDMUIsQ0FBQztJQUVLLFlBQVksQ0FBQyxPQUF1Qjs7WUFDeEMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUM7Z0JBQzNCLE9BQU8sRUFBRSxPQUFPLENBQUMsT0FBTztnQkFDeEIsU0FBUyxFQUFFLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7Z0JBQ3BFLE9BQU8sRUFBRSxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxFQUFFLEVBQUUsT0FBTyxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7Z0JBQ3ZFLEdBQUcsRUFBRSxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxFQUFFLEVBQUUsT0FBTyxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQy9ELE1BQU0sRUFBRSxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxFQUFFLEVBQUUsT0FBTyxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7YUFDdEUsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztLQUFBO0lBRUQsTUFBTSxDQUFDLEtBQWE7UUFDbEIsT0FBTyxDQUFDLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUM7SUFDbEMsQ0FBQztJQUVPLE9BQU8sQ0FBQyxFQUFFLEVBQUUsSUFBSTtRQUN0QixNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNqQyxJQUFJLENBQUMsSUFBSSxFQUFFO1lBQ1QsTUFBTSxJQUFJLG1CQUFtQixDQUMzQix1Q0FBdUMsRUFBRSxFQUFFLENBQzVDLENBQUM7U0FDSDtRQUNELElBQUksSUFBSSxDQUFDLElBQUksS0FBSyxJQUFJLEVBQUU7WUFDdEIsTUFBTSxJQUFJLFdBQVcsQ0FBQztnQkFDcEIsT0FBTyxFQUFFLGVBQWUsRUFBRSxtQkFBbUIsSUFBSSxFQUFFO2FBQ3BELENBQUMsQ0FBQztTQUNKO1FBQ0QsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDO0lBQ25CLENBQUM7SUFFRCxHQUFHLENBQUMsRUFBRTtRQUNKLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQyxFQUFFLEVBQUUsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDaEQsQ0FBQztJQUVELE9BQU8sQ0FBQyxFQUFFO1FBQ1IsT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDLEVBQUUsRUFBRSxnQkFBZ0IsQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUNwRCxDQUFDO0lBRUQsT0FBTyxDQUFDLEdBQXFCO1FBQzNCLE9BQU87UUFDUCxJQUFJLEdBQUcsQ0FBQyxJQUFJLEVBQUU7WUFDWixtRkFBbUY7WUFDbkYsOERBQThEO1lBQzlELEtBQUssTUFBTSxHQUFHLElBQUksR0FBRyxDQUFDLElBQUksRUFBRTtnQkFDMUIsMkVBQTJFO2dCQUMzRSxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsRUFBRTtvQkFDOUIsU0FBUztpQkFDVjtnQkFFRCxNQUFNLElBQUksR0FBaUI7b0JBQ3pCLElBQUksRUFBRSxnQkFBZ0IsQ0FBQyxHQUFHO29CQUMxQixJQUFJLEVBQUUsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQUM7aUJBQ3ZCLENBQUM7Z0JBRUYsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLEVBQUUsRUFBRSxJQUFJLENBQUMsQ0FBQzthQUNsQztTQUNGO1FBRUQsV0FBVztRQUNYLElBQUksR0FBRyxDQUFDLFFBQVEsRUFBRTtZQUNoQixLQUFLLE1BQU0sT0FBTyxJQUFJLEdBQUcsQ0FBQyxRQUFRLEVBQUU7Z0JBQ2xDLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLGFBQWEsRUFBRSxPQUFPLENBQUMsS0FBSyxDQUFDLEVBQUU7b0JBQzVELFNBQVM7aUJBQ1Y7Z0JBRUQsTUFBTSxJQUFJLEdBQWlCO29CQUN6QixJQUFJLEVBQUUsZ0JBQWdCLENBQUMsT0FBTztvQkFDOUIsSUFBSSxFQUFFLENBQUMsQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDO2lCQUMzQixDQUFDO2dCQUNGLDhDQUE4QztnQkFDOUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLGFBQWEsRUFBRSxPQUFPLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDO2FBQ2hFO1NBQ0Y7UUFFRCxlQUFlO1FBQ2YsSUFBSSxHQUFHLENBQUMsWUFBWSxFQUFFO1lBQ3BCLEtBQUssTUFBTSxXQUFXLElBQUksR0FBRyxDQUFDLFlBQVksRUFBRTtnQkFDMUMsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsU0FBUyxFQUFFLFdBQVcsQ0FBQyxLQUFLLENBQUMsRUFBRTtvQkFDaEUsU0FBUztpQkFDVjtnQkFFRCxNQUFNLElBQUksR0FBaUI7b0JBQ3pCLElBQUksRUFBRSxnQkFBZ0IsQ0FBQyxXQUFXO29CQUNsQyxJQUFJLEVBQUUsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxXQUFXLENBQUM7aUJBQy9CLENBQUM7Z0JBQ0YsOENBQThDO2dCQUM5QyxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsU0FBUyxFQUFFLFdBQVcsQ0FBQyxLQUFLLEVBQUUsSUFBSSxDQUFDLENBQUM7YUFDcEU7U0FDRjtRQUVELHdFQUF3RTtRQUN4RSx3QkFBd0I7SUFDMUIsQ0FBQztJQUVELFNBQVMsQ0FBQyxTQUFTLEVBQUUsS0FBYTtRQUNoQyx5REFBeUQ7UUFDekQsTUFBTSxHQUFHLEdBQW1CLEVBQUUsQ0FBQztRQUMvQixJQUFJLElBQUksR0FBRyxLQUFLLENBQUM7UUFDakIsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxXQUFXLEVBQUU7WUFDaEMsT0FBTyxJQUFJLENBQUM7U0FDYjtRQUVELE9BQU8sU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDLFdBQVcsRUFBRTtZQUNsQyxNQUFNLEtBQUssR0FBRyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUMsV0FBVyxDQUFDO1lBQzFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDLENBQUM7WUFDdkMsSUFBSSxHQUFHLEtBQUssQ0FBQztTQUNkO1FBRUQsa0RBQWtEO1FBQ2xELEdBQUcsQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUVkLE9BQU8sR0FBRyxDQUFDO0lBQ2IsQ0FBQztJQUVELE9BQU8sQ0FBQyxVQUFrQixFQUFFLEtBQWE7UUFDdkMsSUFBSSxDQUFDLFVBQVUsSUFBSSxPQUFPLFVBQVUsS0FBSyxRQUFRLEVBQUU7WUFDakQsTUFBTSxJQUFJLHFCQUFxQixDQUM3QixrQ0FBa0MsVUFBVSxFQUFFLENBQy9DLENBQUM7U0FDSDtRQUNELElBQUksQ0FBQyxLQUFLLElBQUksT0FBTyxLQUFLLEtBQUssUUFBUSxFQUFFO1lBQ3ZDLE1BQU0sSUFBSSxxQkFBcUIsQ0FBQyw2QkFBNkIsS0FBSyxFQUFFLENBQUMsQ0FBQztTQUN2RTtRQUVELDJCQUEyQjtRQUMzQiw2Q0FBNkM7UUFDN0MsNkNBQTZDO1FBQzdDLDZDQUE2QztRQUM3Qyw2Q0FBNkM7UUFDN0MsOENBQThDO1FBQzlDLE1BQU0sU0FBUyxHQUFHLFFBQVEsQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxLQUFLLEVBQUUsVUFBVSxDQUFDLENBQUM7UUFFaEUsc0NBQXNDO1FBQ3RDLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxTQUFTLEVBQUUsS0FBSyxDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVLLFNBQVMsQ0FDYixPQUFxQixFQUNyQixnQkFBaUQ7O1lBRWpELE9BQU8sQ0FBQyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxFQUFFLGdCQUFnQixDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUM7UUFDNUQsQ0FBQztLQUFBO0lBRUQsd0RBQXdEO0lBQ3hELCtEQUErRDtJQUMvRCw2REFBNkQ7SUFDN0QsZ0RBQWdEO0lBQzFDLE1BQU0sQ0FDVixPQUFxQixFQUNyQixnQkFBaUQ7O1lBRWpELElBQUksS0FBSyxHQUFHLE9BQU8sT0FBTyxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxPQUFPLGFBQVAsT0FBTyx1QkFBUCxPQUFPLENBQUUsRUFBRSxDQUFDO1lBRWhFLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLGdCQUFnQixFQUFFO2dCQUMzQyxLQUFLLEdBQUcsTUFBTSxnQkFBZ0IsRUFBRSxDQUFDO2FBQ2xDO1lBQ0Qsa0NBQWtDO1lBRWxDLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDNUIsSUFBSSxHQUFHLENBQUMsR0FBRyxFQUFFO2dCQUNYLE9BQU8sR0FBRyxDQUFDO2FBQ1o7aUJBQU07Z0JBQ0wsT0FBTyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsbUJBQW1CLEVBQUUsQ0FBQyxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7YUFDeEU7UUFDSCxDQUFDO0tBQUE7SUFFYSxXQUFXLENBQUMsV0FBVyxFQUFFLElBQUksRUFBRSxNQUFNOztZQUNqRCxnREFBZ0Q7WUFDaEQsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBQ3BELG1FQUFtRTtZQUNuRSxpREFBaUQ7WUFDakQsSUFBSSxVQUFVLENBQUM7WUFDZixJQUFJLFVBQVUsQ0FBQyxVQUFVLEVBQUU7Z0JBQ3pCLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLENBQUMsV0FBVyxFQUFFLFVBQVUsQ0FBQyxDQUFDO2FBQzNFO2lCQUFNO2dCQUNMLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQy9DLFdBQVcsRUFDWCxVQUFVLENBQ1gsQ0FBQzthQUNIO1lBQ0QsTUFBTSxDQUFDLEdBQUcsR0FBRyxNQUFNLEdBQUcsQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLENBQUM7WUFDekMsTUFBTSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUM7UUFDckIsQ0FBQztLQUFBO0lBRWEsT0FBTyxDQUFDLEdBQVksRUFBRSxJQUFvQjs7WUFDdEQsS0FBSyxNQUFNLElBQUksSUFBSSxJQUFJLEVBQUU7Z0JBQ3ZCLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQztnQkFDekMseUNBQXlDO2dCQUN6QyxJQUFJLE1BQU0sQ0FBQyxHQUFHLEVBQUU7b0JBQ2QsR0FBRyxHQUFHLE1BQU0sQ0FBQyxHQUFHLENBQUM7b0JBQ2pCLDBEQUEwRDtvQkFDMUQsU0FBUztpQkFDVjtnQkFFRCxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRTtvQkFDaEIsTUFBTSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsRUFBRSxJQUFJLEVBQUUsTUFBTSxDQUFDLENBQUM7aUJBQ25EO2dCQUVELE1BQU0sTUFBTSxDQUFDLElBQUksQ0FBQztnQkFDbEIsR0FBRyxHQUFHLE1BQU0sQ0FBQyxHQUFHLENBQUM7YUFDbEI7WUFFRCxPQUFPLEdBQUcsQ0FBQztRQUNiLENBQUM7S0FBQTtJQUVZLGlCQUFpQixDQUM1QixTQUFpQixFQUNqQixPQUFnQixFQUNoQixLQUFhOztZQUViLGlDQUFpQztZQUNqQyxNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxLQUFLLENBQUMsQ0FBQztZQUU1QyxPQUFPO2dCQUNMLEVBQUUsRUFBRSxLQUFLO2dCQUNULEdBQUcsRUFBRSxNQUFNLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLElBQUksQ0FBQzthQUN2QyxDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRUssU0FBUyxDQUFDLFdBQW1CLEVBQUUsS0FBYTs7WUFDaEQsc0NBQXNDO1lBQ3RDLE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLENBQUMsV0FBVyxDQUFDLENBQUM7WUFFbkUsSUFBSSxXQUFXLEtBQUssS0FBSyxFQUFFO2dCQUN6QixPQUFPLFNBQVMsQ0FBQzthQUNsQjtZQUVELGlDQUFpQztZQUNqQyxNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7WUFFL0MsT0FBTztnQkFDTCxFQUFFLEVBQUUsS0FBSztnQkFDVCxHQUFHLEVBQUUsTUFBTSxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxHQUFHLEVBQUUsSUFBSSxDQUFDO2FBQzdDLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFSyxpQkFBaUIsQ0FDckIsT0FBcUIsRUFDckIsVUFBa0IsRUFDbEIsT0FBd0I7O1lBRXhCLElBQUksVUFBVSxFQUFFO2dCQUNkLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsQ0FBQztnQkFDMUMsT0FBTyxDQUFDLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDMUMsR0FBRyxFQUNILElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLEVBQ3RCLE9BQU8sQ0FDUixDQUFRLENBQUM7YUFDWDtZQUNELE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztLQUFBO0lBRUssV0FBVyxDQUFDLEtBQWEsRUFBRSxJQUFTOztZQUN4QyxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDeEMsT0FBTyxDQUFDLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQyxHQUFHLEVBQUUsSUFBSSxFQUFFO2dCQUN0RCxXQUFXLEVBQUUsYUFBYTthQUMzQixDQUFDLENBQVEsQ0FBQztRQUNiLENBQUM7S0FBQTtJQUVELG1FQUFtRTtJQUM3RCxlQUFlLENBQ25CLEdBQTJCLEVBQzNCLE9BQVk7O1lBRVosc0VBQXNFO1lBQ3RFLDhFQUE4RTtZQUM5RSxpRUFBaUU7WUFDakUsNEVBQTRFO1lBQzVFLHNFQUFzRTtZQUN0RSxxRUFBcUU7WUFDckUsc0VBQXNFO1lBQ3RFLElBQUksT0FBTyxJQUFJLElBQUksRUFBRTtnQkFDbkIsT0FBTyxJQUFJLENBQUM7YUFDYjtZQUVELE1BQU0sR0FBRyxHQUFHLEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxHQUFtQixDQUFDLENBQUMsQ0FBQztZQUN0RSxPQUFPLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxlQUFlLENBQUMsR0FBRyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQzlELENBQUM7S0FBQTtJQUVELG9DQUFvQztJQUNwQyw0Q0FBNEM7SUFDdEMsT0FBTyxDQUNYLFdBQW1DLEVBQ25DLEdBQVk7O1lBRVosSUFBSSxDQUFDLGNBQWMsQ0FBQyxHQUFHLENBQUMsRUFBRTtnQkFDeEIsTUFBTSxJQUFJLHNCQUFzQixDQUM5QiwyQ0FBMkMsQ0FDNUMsQ0FBQzthQUNIO1lBRUQsT0FBTyxJQUFJLENBQUMsZUFBZSxDQUFDLFdBQVcsRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7UUFDN0QsQ0FBQztLQUFBO0lBRUQsT0FBTztJQUNQLDRCQUE0QjtJQUM1Qiw2QkFBNkI7SUFFdkIsaUJBQWlCLENBQUMsYUFBcUIsRUFBRSxlQUEyQjs7WUFDeEUsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQzlDLE1BQU0sVUFBVSxHQUFHLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FDM0MsYUFBYSxFQUNiLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQ2pCLENBQUM7WUFDRixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxFQUFFLGVBQWUsQ0FBQyxDQUFDO1lBRWhFLE9BQU87Z0JBQ0wsR0FBRztnQkFDSCxhQUFhO2dCQUNiLFVBQVU7Z0JBQ1YsTUFBTTthQUNQLENBQUM7UUFDSixDQUFDO0tBQUE7Ozs7WUE3VUYsVUFBVSxTQUFDO2dCQUNWLFVBQVUsRUFBRSxNQUFNO2FBQ25COzs7WUEvQkMsaUJBQWlCO1lBY1YsVUFBVTtZQUhqQixpQkFBaUIiLCJzb3VyY2VzQ29udGVudCI6WyIvKiBlc2xpbnQtZGlzYWJsZSBAdHlwZXNjcmlwdC1lc2xpbnQvbm8tZXhwbGljaXQtYW55ICovXG5pbXBvcnQgeyBJbmplY3RhYmxlIH0gZnJvbSAnQGFuZ3VsYXIvY29yZSc7XG5pbXBvcnQgZ3JhcGhsaWIsIHsgR3JhcGggfSBmcm9tICdAZGFncmVqcy9ncmFwaGxpYic7XG5pbXBvcnQgXyBmcm9tICdsb2Rhc2gnO1xuaW1wb3J0IHsgSldLIH0gZnJvbSAnbm9kZS1qb3NlJztcbmltcG9ydCB7IEpTT05PYmplY3QgfSBmcm9tICcuLi9hcGkvdHlwZXMnO1xuaW1wb3J0IHtcbiAgYXNKd2ssXG4gIERlY3J5cHRPcHRpb25zLFxuICBFbmNyeXB0aW9uU2VydmljZSxcbiAgaXNTeW1tZXRyaWNLZXksXG59IGZyb20gJy4uL2VuY3J5cHRpb24vZW5jcnlwdGlvbi5zZXJ2aWNlJztcbmltcG9ydCB7IEN1cnJlbnRVc2VyS2V5IH0gZnJvbSAnLi4vcHJvZmlsZS9wcm9maWxlLnR5cGVzJztcbmltcG9ydCB7XG4gIExyQmFkQXJndW1lbnRFeGNlcHRpb24sXG4gIExyRW5jcnlwdGlvbkV4Y2VwdGlvbixcbiAgTHJFeGNlcHRpb24sXG4gIExyTm90Rm91bmRFeGNlcHRpb24sXG59IGZyb20gJy4uL19jb21tb24vZXhjZXB0aW9ucyc7XG5pbXBvcnQge1xuICBLZXlGYWN0b3J5U2VydmljZSxcbiAgS2V5RmFjdG9yeVNlcnZpY2UgYXMgS0ZTLFxufSBmcm9tICcuL2tleS1mYWN0b3J5LnNlcnZpY2UnO1xuaW1wb3J0IHsgS2V5U2VydmljZSB9IGZyb20gJy4va2V5LnNlcnZpY2UnO1xuaW1wb3J0IHtcbiAgS2V5LFxuICBLZXlHcmFwaEVkZ2UsXG4gIEtleUdyYXBoRWRnZVR5cGUsXG4gIEtleUdyYXBoTm9kZSxcbiAgS2V5R3JhcGhOb2RlVHlwZSxcbiAgS2V5R3JhcGhSZXNwb25zZSxcbiAgUGFzc0tleSxcbn0gZnJvbSAnLi9rZXkudHlwZXMnO1xuXG5leHBvcnQgaW50ZXJmYWNlIEdyYXBoS2V5IGV4dGVuZHMgS2V5IHtcbiAgdGFzaz86IFByb21pc2U8YW55Pjtcbn1cblxuQEluamVjdGFibGUoe1xuICBwcm92aWRlZEluOiAncm9vdCcsXG59KVxuZXhwb3J0IGNsYXNzIEtleUdyYXBoU2VydmljZSB7XG4gIHByaXZhdGUgZ3JhcGg6IEdyYXBoO1xuICAvLyBwcml2YXRlIGtleUNhY2hlOiB7XG4gIC8vICAgW2lkOiBzdHJpbmddOiBLZXk7XG4gIC8vIH07XG5cbiAgY29uc3RydWN0b3IoXG4gICAgcHJpdmF0ZSBlbmNyeXB0aW9uU2VydmljZTogRW5jcnlwdGlvblNlcnZpY2UsXG4gICAgcHJpdmF0ZSBrZXlTZXJ2aWNlOiBLZXlTZXJ2aWNlLFxuICAgIHByaXZhdGUga2V5RmFjdG9yeTogS2V5RmFjdG9yeVNlcnZpY2VcbiAgKSB7XG4gICAgdGhpcy5wdXJnZUtleXMoKTtcbiAgfVxuXG4gIHB1cmdlS2V5cygpIHtcbiAgICB0aGlzLmdyYXBoID0gbmV3IEdyYXBoKCk7XG4gICAgLy8gdGhpcy5rZXlDYWNoZSA9IG51bGw7XG4gIH1cblxuICBhc3luYyBwb3B1bGF0ZUtleXModXNlcktleTogQ3VycmVudFVzZXJLZXkpIHtcbiAgICB0aGlzLmtleVNlcnZpY2UucG9wdWxhdGVLZXlzKHtcbiAgICAgIHBhc3NLZXk6IHVzZXJLZXkucGFzc0tleSxcbiAgICAgIG1hc3RlcktleTogYXdhaXQgdGhpcy5rZXlTZXJ2aWNlLmxvYWRNYXN0ZXJLZXkodXNlcktleS5tYXN0ZXJLZXkuaWQpLFxuICAgICAgcm9vdEtleTogYXdhaXQgdGhpcy51bndyYXBLZXkodXNlcktleS5tYXN0ZXJLZXkuaWQsIHVzZXJLZXkucm9vdEtleS5pZCksXG4gICAgICBweGs6IGF3YWl0IHRoaXMudW53cmFwS2V5KHVzZXJLZXkubWFzdGVyS2V5LmlkLCB1c2VyS2V5LnB4ay5pZCksXG4gICAgICBzaWdQeGs6IGF3YWl0IHRoaXMudW53cmFwS2V5KHVzZXJLZXkubWFzdGVyS2V5LmlkLCB1c2VyS2V5LnNpZ1B4ay5pZCksXG4gICAgfSk7XG4gIH1cblxuICBoYXNLZXkoa2V5SWQ6IHN0cmluZykge1xuICAgIHJldHVybiAhIXRoaXMuZ3JhcGgubm9kZShrZXlJZCk7XG4gIH1cblxuICBwcml2YXRlIGdldE5vZGUoaWQsIHR5cGUpOiBHcmFwaEtleSB8IFBhc3NLZXkge1xuICAgIGNvbnN0IG5vZGUgPSB0aGlzLmdyYXBoLm5vZGUoaWQpO1xuICAgIGlmICghbm9kZSkge1xuICAgICAgdGhyb3cgbmV3IExyTm90Rm91bmRFeGNlcHRpb24oXG4gICAgICAgIGBLZXkgZ3JhcGhzIGRvZXMgbm90IGNvbnRhaW4ga2V5IGlkOiAke2lkfWBcbiAgICAgICk7XG4gICAgfVxuICAgIGlmIChub2RlLnR5cGUgIT09IHR5cGUpIHtcbiAgICAgIHRocm93IG5ldyBMckV4Y2VwdGlvbih7XG4gICAgICAgIG1lc3NhZ2U6IGBLZXkgd2l0aCBpZCAke2lkfSBpcyBub3Qgb2YgdHlwZSAke3R5cGV9YCxcbiAgICAgIH0pO1xuICAgIH1cbiAgICByZXR1cm4gbm9kZS5kYXRhO1xuICB9XG5cbiAga2V5KGlkKTogR3JhcGhLZXkge1xuICAgIHJldHVybiB0aGlzLmdldE5vZGUoaWQsIEtleUdyYXBoTm9kZVR5cGUuS2V5KTtcbiAgfVxuXG4gIHBhc3NLZXkoaWQpOiBQYXNzS2V5IHtcbiAgICByZXR1cm4gdGhpcy5nZXROb2RlKGlkLCBLZXlHcmFwaE5vZGVUeXBlLlBhc3NLZXkpO1xuICB9XG5cbiAgYWRkS2V5cyhzcmM6IEtleUdyYXBoUmVzcG9uc2UpIHtcbiAgICAvLyBLZXlzXG4gICAgaWYgKHNyYy5rZXlzKSB7XG4gICAgICAvLyBXaGF0IGtleSBncmFwaCByZXR1cm5zIGNhbiBub3QgYmUgY3VzdG9taXplZC4gU28ga2V5cyBhcmUgZXNzZW50aWFsbHkgaW1tdXRhYmxlLlxuICAgICAgLy8gVGhlcmVmb3JlLCBpZiBhIGtleSBleGlzdHMsIHRoZXJlJ3Mgbm8gcmVhc29uIHRvIHVwZGF0ZSBpdC5cbiAgICAgIGZvciAoY29uc3Qga2V5IG9mIHNyYy5rZXlzKSB7XG4gICAgICAgIC8vIE5vdGUgdXNpbmcgUmVsYXkgZ2xvYmFsIGlkIGFsbG93cyB1cyB0byBub3Qgd29ycnkgYWJvdXQgY2xhc2hpbmcgbm9kZSBpZFxuICAgICAgICBpZiAodGhpcy5ncmFwaC5oYXNOb2RlKGtleS5pZCkpIHtcbiAgICAgICAgICBjb250aW51ZTtcbiAgICAgICAgfVxuXG4gICAgICAgIGNvbnN0IG5vZGU6IEtleUdyYXBoTm9kZSA9IHtcbiAgICAgICAgICB0eXBlOiBLZXlHcmFwaE5vZGVUeXBlLktleSxcbiAgICAgICAgICBkYXRhOiBfLmNsb25lRGVlcChrZXkpLFxuICAgICAgICB9O1xuXG4gICAgICAgIHRoaXMuZ3JhcGguc2V0Tm9kZShrZXkuaWQsIG5vZGUpO1xuICAgICAgfVxuICAgIH1cblxuICAgIC8vIEtleUxpbmtzXG4gICAgaWYgKHNyYy5rZXlMaW5rcykge1xuICAgICAgZm9yIChjb25zdCBrZXlMaW5rIG9mIHNyYy5rZXlMaW5rcykge1xuICAgICAgICBpZiAodGhpcy5ncmFwaC5oYXNFZGdlKGtleUxpbmsud3JhcHBpbmdLZXlJZCwga2V5TGluay5rZXlJZCkpIHtcbiAgICAgICAgICBjb250aW51ZTtcbiAgICAgICAgfVxuXG4gICAgICAgIGNvbnN0IGVkZ2U6IEtleUdyYXBoRWRnZSA9IHtcbiAgICAgICAgICB0eXBlOiBLZXlHcmFwaEVkZ2VUeXBlLktleUxpbmssXG4gICAgICAgICAgZGF0YTogXy5jbG9uZURlZXAoa2V5TGluayksXG4gICAgICAgIH07XG4gICAgICAgIC8vIEVkZ2UgZ29lcyBmcm9tIHdyYXBwaW5nIGtleSB0byB3cmFwcGVkIGtleS5cbiAgICAgICAgdGhpcy5ncmFwaC5zZXRFZGdlKGtleUxpbmsud3JhcHBpbmdLZXlJZCwga2V5TGluay5rZXlJZCwgZWRnZSk7XG4gICAgICB9XG4gICAgfVxuXG4gICAgLy8gUGFzc0tleUxpbmtzXG4gICAgaWYgKHNyYy5wYXNzS2V5TGlua3MpIHtcbiAgICAgIGZvciAoY29uc3QgcGFzc0tleUxpbmsgb2Ygc3JjLnBhc3NLZXlMaW5rcykge1xuICAgICAgICBpZiAodGhpcy5ncmFwaC5oYXNFZGdlKHBhc3NLZXlMaW5rLnBhc3NLZXlJZCwgcGFzc0tleUxpbmsua2V5SWQpKSB7XG4gICAgICAgICAgY29udGludWU7XG4gICAgICAgIH1cblxuICAgICAgICBjb25zdCBlZGdlOiBLZXlHcmFwaEVkZ2UgPSB7XG4gICAgICAgICAgdHlwZTogS2V5R3JhcGhFZGdlVHlwZS5QYXNzS2V5TGluayxcbiAgICAgICAgICBkYXRhOiBfLmNsb25lRGVlcChwYXNzS2V5TGluayksXG4gICAgICAgIH07XG4gICAgICAgIC8vIEVkZ2UgZ29lcyBmcm9tIHdyYXBwaW5nIGtleSB0byB3cmFwcGVkIGtleS5cbiAgICAgICAgdGhpcy5ncmFwaC5zZXRFZGdlKHBhc3NLZXlMaW5rLnBhc3NLZXlJZCwgcGFzc0tleUxpbmsua2V5SWQsIGVkZ2UpO1xuICAgICAgfVxuICAgIH1cblxuICAgIC8vIFRoZSBncmFwaCBpcyB0aGUgc2luZ2xlIHNvdXJjZSBvZiB0cnV0aC4gVGhlc2UgYXJlIGxhemlseSBjYWxjdWxhdGVkLlxuICAgIC8vIHRoaXMua2V5Q2FjaGUgPSBudWxsO1xuICB9XG5cbiAgdHJhY2VQYXRoKGRpc3RhbmNlcywga2V5SWQ6IHN0cmluZyk6IEtleUdyYXBoRWRnZVtdIHtcbiAgICAvLyBUaGUgbm9kZSBsYWJlbCBpcyB0aGUgc2FtZSBhcyB0aGUgaWQgb2YgdGhlIGtleSBub2Rlcy5cbiAgICBjb25zdCByZXQ6IEtleUdyYXBoRWRnZVtdID0gW107XG4gICAgbGV0IG5vZGUgPSBrZXlJZDtcbiAgICBpZiAoIWRpc3RhbmNlc1tub2RlXS5wcmVkZWNlc3Nvcikge1xuICAgICAgcmV0dXJuIG51bGw7XG4gICAgfVxuXG4gICAgd2hpbGUgKGRpc3RhbmNlc1tub2RlXS5wcmVkZWNlc3Nvcikge1xuICAgICAgY29uc3QgY2hpbGQgPSBkaXN0YW5jZXNbbm9kZV0ucHJlZGVjZXNzb3I7XG4gICAgICByZXQucHVzaCh0aGlzLmdyYXBoLmVkZ2UoY2hpbGQsIG5vZGUpKTtcbiAgICAgIG5vZGUgPSBjaGlsZDtcbiAgICB9XG5cbiAgICAvLyBBZnRlciByZXZlcnNlLCB0aGUgZmlyc3QgZWxlbWVudCBpcyB0aGUgcGFzc2tleVxuICAgIHJldC5yZXZlcnNlKCk7XG5cbiAgICByZXR1cm4gcmV0O1xuICB9XG5cbiAgZ2V0UGF0aChrbm93bktleUlkOiBzdHJpbmcsIGtleUlkOiBzdHJpbmcpOiBLZXlHcmFwaEVkZ2VbXSB7XG4gICAgaWYgKCFrbm93bktleUlkIHx8IHR5cGVvZiBrbm93bktleUlkICE9PSAnc3RyaW5nJykge1xuICAgICAgdGhyb3cgbmV3IExyRW5jcnlwdGlvbkV4Y2VwdGlvbihcbiAgICAgICAgYFBhcmFtIGtub3duS2V5SWQgd3JvbmcgZm9ybWF0OiAke2tub3duS2V5SWR9YFxuICAgICAgKTtcbiAgICB9XG4gICAgaWYgKCFrZXlJZCB8fCB0eXBlb2Yga2V5SWQgIT09ICdzdHJpbmcnKSB7XG4gICAgICB0aHJvdyBuZXcgTHJFbmNyeXB0aW9uRXhjZXB0aW9uKGBQYXJhbSBrZXlJZCB3cm9uZyBmb3JtYXQ6ICR7a2V5SWR9YCk7XG4gICAgfVxuXG4gICAgLy8gPT4geyBBOiB7IGRpc3RhbmNlOiAwIH0sXG4gICAgLy8gICAgICBCOiB7IGRpc3RhbmNlOiA2LCBwcmVkZWNlc3NvcjogJ0MnIH0sXG4gICAgLy8gICAgICBDOiB7IGRpc3RhbmNlOiA0LCBwcmVkZWNlc3NvcjogJ0EnIH0sXG4gICAgLy8gICAgICBEOiB7IGRpc3RhbmNlOiAyLCBwcmVkZWNlc3NvcjogJ0EnIH0sXG4gICAgLy8gICAgICBFOiB7IGRpc3RhbmNlOiA4LCBwcmVkZWNlc3NvcjogJ0YnIH0sXG4gICAgLy8gICAgICBGOiB7IGRpc3RhbmNlOiA0LCBwcmVkZWNlc3NvcjogJ0QnIH0gfVxuICAgIGNvbnN0IGRpc3RhbmNlcyA9IGdyYXBobGliLmFsZy5kaWprc3RyYSh0aGlzLmdyYXBoLCBrbm93bktleUlkKTtcblxuICAgIC8vIFRyYWNlIHBhdGggZnJvbSBrZXlJZCB0byBrbm93bktleUlkXG4gICAgcmV0dXJuIHRoaXMudHJhY2VQYXRoKGRpc3RhbmNlcywga2V5SWQpO1xuICB9XG5cbiAgYXN5bmMgZ2V0SndrS2V5KFxuICAgIGtleU9ySWQ6IHN0cmluZyB8IEtleSxcbiAgICBnZXRLZXlJZENhbGxiYWNrPzogKCkgPT4gUHJvbWlzZTxzdHJpbmc+IHwgc3RyaW5nXG4gICk6IFByb21pc2U8SldLLktleT4ge1xuICAgIHJldHVybiAoYXdhaXQgdGhpcy5nZXRLZXkoa2V5T3JJZCwgZ2V0S2V5SWRDYWxsYmFjaykpLmp3aztcbiAgfVxuXG4gIC8vIFdlIGFzc3VtZSB0aGF0IHdoZW4gYSBrZXlJZCBpcyBmZXRjaGVkLCB0aGUga2V5IGdyYXBoXG4gIC8vIGZvciB0aGUga2V5IGlzIGFsc28gcmV0dXJuZWQgYW5kIG1lcmdlZCBpbnRvIHRoZSBjbGllbnQtc2lkZVxuICAvLyBrZXkgZ3JhcGguIEJ5IGluc2lzdGluZyBhIGtleUlkIGlzIHJldHVybmVkIGluc3RlYWQgb2YgdGhlXG4gIC8vIGFjdHVhbCBrZXkgd2UgZW5zdXJlIGtleS1ncmFwaCBpcyBjb25zaXN0ZW50LlxuICBhc3luYyBnZXRLZXkoXG4gICAga2V5T3JJZDogc3RyaW5nIHwgS2V5LFxuICAgIGdldEtleUlkQ2FsbGJhY2s/OiAoKSA9PiBQcm9taXNlPHN0cmluZz4gfCBzdHJpbmdcbiAgKTogUHJvbWlzZTxLZXk+IHtcbiAgICBsZXQga2V5SWQgPSB0eXBlb2Yga2V5T3JJZCA9PT0gJ3N0cmluZycgPyBrZXlPcklkIDoga2V5T3JJZD8uaWQ7XG5cbiAgICBpZiAoIXRoaXMuaGFzS2V5KGtleUlkKSAmJiBnZXRLZXlJZENhbGxiYWNrKSB7XG4gICAgICBrZXlJZCA9IGF3YWl0IGdldEtleUlkQ2FsbGJhY2soKTtcbiAgICB9XG4gICAgLy8gZWxzZSwgY29udGludWUgYW5kIGxldCBpdCBmYWlsLlxuXG4gICAgY29uc3Qga2V5ID0gdGhpcy5rZXkoa2V5SWQpO1xuICAgIGlmIChrZXkuandrKSB7XG4gICAgICByZXR1cm4ga2V5O1xuICAgIH0gZWxzZSB7XG4gICAgICByZXR1cm4gdGhpcy51bndyYXBLZXkodGhpcy5rZXlTZXJ2aWNlLmdldEN1cnJlbnRNYXN0ZXJLZXkoKS5pZCwga2V5SWQpO1xuICAgIH1cbiAgfVxuXG4gIHByaXZhdGUgYXN5bmMgX3Vud3JhcExpbmsod3JhcHBpbmdLZXksIGxpbmssIGRzdEtleSkge1xuICAgIC8vIGNvbnNvbGUubG9nKFwiX3Vud3JhcExpbms6XCIsIGxpbmsuZGF0YS5rZXlJZCk7XG4gICAgY29uc3Qgd3JhcHBlZEtleSA9IEpTT04ucGFyc2UobGluay5kYXRhLndyYXBwZWRLZXkpO1xuICAgIC8vIFNpZ25hdHVyZXMgb2Yga2V5cyBjb250YWluIHRoZSBrZXkgaXRzZWxmLiBUaGlzIHdheSB3ZSBvbmx5IG5lZWRcbiAgICAvLyB0byBhY2Nlc3MgdGhlIEtleUxpbmtzIHRvIGRlY3J5cHQvdmVyaWZ5IGtleXMuXG4gICAgbGV0IG5leHRSYXdLZXk7XG4gICAgaWYgKHdyYXBwZWRLZXkuc2lnbmF0dXJlcykge1xuICAgICAgbmV4dFJhd0tleSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UudmVyaWZ5KHdyYXBwaW5nS2V5LCB3cmFwcGVkS2V5KTtcbiAgICB9IGVsc2Uge1xuICAgICAgbmV4dFJhd0tleSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZGVjcnlwdChcbiAgICAgICAgd3JhcHBpbmdLZXksXG4gICAgICAgIHdyYXBwZWRLZXlcbiAgICAgICk7XG4gICAgfVxuICAgIGRzdEtleS5qd2sgPSBhd2FpdCBLRlMuYXNLZXkobmV4dFJhd0tleSk7XG4gICAgZHN0S2V5LnRhc2sgPSBudWxsO1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBfdW53cmFwKGtleTogSldLLktleSwgcGF0aDogS2V5R3JhcGhFZGdlW10pOiBQcm9taXNlPEpXSy5LZXk+IHtcbiAgICBmb3IgKGNvbnN0IGxpbmsgb2YgcGF0aCkge1xuICAgICAgY29uc3QgZHN0S2V5ID0gdGhpcy5rZXkobGluay5kYXRhLmtleUlkKTtcbiAgICAgIC8vIGNvbnNvbGUubG9nKFwia2V5OiBcIiwgbGluay5kYXRhLmtleUlkKTtcbiAgICAgIGlmIChkc3RLZXkuandrKSB7XG4gICAgICAgIGtleSA9IGRzdEtleS5qd2s7XG4gICAgICAgIC8vIGNvbnNvbGUubG9nKFwiUmV0dXJuaW5nIGNhY2hlZCBrZXk6IFwiLCBsaW5rLmRhdGEua2V5SWQpO1xuICAgICAgICBjb250aW51ZTtcbiAgICAgIH1cblxuICAgICAgaWYgKCFkc3RLZXkudGFzaykge1xuICAgICAgICBkc3RLZXkudGFzayA9IHRoaXMuX3Vud3JhcExpbmsoa2V5LCBsaW5rLCBkc3RLZXkpO1xuICAgICAgfVxuXG4gICAgICBhd2FpdCBkc3RLZXkudGFzaztcbiAgICAgIGtleSA9IGRzdEtleS5qd2s7XG4gICAgfVxuXG4gICAgcmV0dXJuIGtleTtcbiAgfVxuXG4gIHB1YmxpYyBhc3luYyB1bndyYXBXaXRoUGFzc0tleShcbiAgICBwYXNzS2V5SWQ6IHN0cmluZyxcbiAgICBwYXNzS2V5OiBKV0suS2V5LFxuICAgIGtleUlkOiBzdHJpbmdcbiAgKTogUHJvbWlzZTxLZXk+IHtcbiAgICAvLyBHZXQgcGF0aCBvZiB0aGUgZGlyZWN0b3J5IGtleS5cbiAgICBjb25zdCBwYXRoID0gdGhpcy5nZXRQYXRoKHBhc3NLZXlJZCwga2V5SWQpO1xuXG4gICAgcmV0dXJuIHtcbiAgICAgIGlkOiBrZXlJZCxcbiAgICAgIGp3azogYXdhaXQgdGhpcy5fdW53cmFwKHBhc3NLZXksIHBhdGgpLFxuICAgIH07XG4gIH1cblxuICBhc3luYyB1bndyYXBLZXkobWFzdGVyS2V5SWQ6IHN0cmluZywga2V5SWQ6IHN0cmluZyk6IFByb21pc2U8S2V5PiB7XG4gICAgLy8gVGhlIGZpcnN0IGtleSBzaG91bGQgYmUgYSBtYXN0ZXJLZXlcbiAgICBjb25zdCBtYXN0ZXJLZXkgPSBhd2FpdCB0aGlzLmtleVNlcnZpY2UubG9hZE1hc3RlcktleShtYXN0ZXJLZXlJZCk7XG5cbiAgICBpZiAobWFzdGVyS2V5SWQgPT09IGtleUlkKSB7XG4gICAgICByZXR1cm4gbWFzdGVyS2V5O1xuICAgIH1cblxuICAgIC8vIEdldCBwYXRoIG9mIHRoZSBkaXJlY3Rvcnkga2V5LlxuICAgIGNvbnN0IHBhdGggPSB0aGlzLmdldFBhdGgobWFzdGVyS2V5LmlkLCBrZXlJZCk7XG5cbiAgICByZXR1cm4ge1xuICAgICAgaWQ6IGtleUlkLFxuICAgICAgandrOiBhd2FpdCB0aGlzLl91bndyYXAobWFzdGVyS2V5Lmp3aywgcGF0aCksXG4gICAgfTtcbiAgfVxuXG4gIGFzeW5jIGRlY3J5cHRGcm9tU3RyaW5nPFQ+KFxuICAgIGtleU9ySWQ6IHN0cmluZyB8IEtleSxcbiAgICBjaXBoZXJEYXRhOiBzdHJpbmcsXG4gICAgb3B0aW9ucz86IERlY3J5cHRPcHRpb25zXG4gICk6IFByb21pc2U8VD4ge1xuICAgIGlmIChjaXBoZXJEYXRhKSB7XG4gICAgICBjb25zdCBrZXkgPSBhd2FpdCB0aGlzLmdldEp3a0tleShrZXlPcklkKTtcbiAgICAgIHJldHVybiAoYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxuICAgICAgICBrZXksXG4gICAgICAgIEpTT04ucGFyc2UoY2lwaGVyRGF0YSksXG4gICAgICAgIG9wdGlvbnNcbiAgICAgICkpIGFzIGFueTtcbiAgICB9XG4gICAgcmV0dXJuIG51bGw7XG4gIH1cblxuICBhc3luYyBkZWNyeXB0RmlsZShrZXlJZDogc3RyaW5nLCBmaWxlOiBhbnkpOiBQcm9taXNlPGFueT4ge1xuICAgIGNvbnN0IGtleSA9IGF3YWl0IHRoaXMuZ2V0SndrS2V5KGtleUlkKTtcbiAgICByZXR1cm4gKGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZGVjcnlwdChrZXksIGZpbGUsIHtcbiAgICAgIHBheWxvYWRUeXBlOiAnQXJyYXlCdWZmZXInLFxuICAgIH0pKSBhcyBhbnk7XG4gIH1cblxuICAvLyBUT0RPIHJlbmFtZSB0aGlzIHRvIGVuY3J5cHQoKSBhbmQgdXNlIGFzIHRoZSBtb3N0IGNvbW1vbiB1c2VjYXNlXG4gIGFzeW5jIGVuY3J5cHRUb1N0cmluZyhcbiAgICBrZXk6IHN0cmluZyB8IEtleSB8IEpXSy5LZXksXG4gICAgY29udGVudDogYW55XG4gICk6IFByb21pc2U8c3RyaW5nPiB7XG4gICAgLy8gRW1wdHkgc3RyaW5nIHNob3VsZCBiZSBlbmNyeXB0ZWQgc2luY2UgeW91IHdhbnQgdG8gY2xlYXIgdGhlIGZpZWxkLlxuICAgIC8vIE51bGwgaXMgbm90IGVuY3J5cHRlZCBiZWNhdXNlIGl0J3Mgbm90IHZhbGlkIEpTT04gaW4gdGhlIG9sZCBKU09OIHNwZWMuIFVzZVxuICAgIC8vIGVtcHR5IHN0cmluZyBpbnN0ZWFkLiBJdCdsbCBmdW5jdGlvbiBhcyBhIGxvZ2ljIGZhbHNlIGFzIHdlbGwuXG4gICAgLy8gTm90ZSB0aGF0IHBhc3NpbmcgaW4gZW1wdHkgc3RyaW5nIG1lYW5zIGl0J2xsIGJlIGVuY3J5cHRlZCB3aGljaCB2ZXJpZmllc1xuICAgIC8vIGl0J3MgaW50ZWdyaXR5LiBCdXQgd2Ugc3RpbGwgd2FudCB0byBoYXZlIGEgd2F5IHRvIHNldCB0aGUgREIgZmllbGRcbiAgICAvLyB0byBOVUxMLCBzbyB3ZSBleHBsaWNpdGx5IHJldHVybiBudWxsIHdoZW4gY29udGVudCA9PSBudWxsLiBBIG51bGxcbiAgICAvLyB2YXJpYWJsZSBpbiBncmFwaHFsIG11dGF0aW9uIG9uIEtDIHNlcnZlciBjbGVhcnMgdGhlIGZpZWxkIHRvIE5VTEwuXG4gICAgaWYgKGNvbnRlbnQgPT0gbnVsbCkge1xuICAgICAgcmV0dXJuIG51bGw7XG4gICAgfVxuXG4gICAgY29uc3QgandrID0gYXNKd2soa2V5KSB8fCAoYXdhaXQgdGhpcy5nZXRKd2tLZXkoa2V5IGFzIHN0cmluZyB8IEtleSkpO1xuICAgIHJldHVybiB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHRUb1N0cmluZyhqd2ssIGNvbnRlbnQpO1xuICB9XG5cbiAgLy8gV3JhcHMgYSBzeW1tZXRyaWMgZW5jcnlwdGlvbiBrZXkuXG4gIC8vIFRocm93cyBleGNlcHRpb24gaWYgd3JhcHBpbmcgcHVibGljIGtleXMuXG4gIGFzeW5jIHdyYXBLZXkoXG4gICAgd3JhcHBpbmdLZXk6IHN0cmluZyB8IEtleSB8IEpXSy5LZXksXG4gICAga2V5OiBKV0suS2V5XG4gICk6IFByb21pc2U8c3RyaW5nPiB7XG4gICAgaWYgKCFpc1N5bW1ldHJpY0tleShrZXkpKSB7XG4gICAgICB0aHJvdyBuZXcgTHJCYWRBcmd1bWVudEV4Y2VwdGlvbihcbiAgICAgICAgJ09ubHkgYWxsb3dpbmcgd3JhcHBpbmcgb2Ygc3ltbWV0cmljIGtleXMuJ1xuICAgICAgKTtcbiAgICB9XG5cbiAgICByZXR1cm4gdGhpcy5lbmNyeXB0VG9TdHJpbmcod3JhcHBpbmdLZXksIGtleS50b0pTT04odHJ1ZSkpO1xuICB9XG5cbiAgLy8gVE9ET1xuICAvLyBhc3luYyB3cmFwUHVibGljS2V5PFQ+KCk7XG4gIC8vIGFzeW5jIHdyYXBQcml2YXRlS2V5PFQ+KCk7XG5cbiAgYXN5bmMgZW5jcnlwdFdpdGhOZXdLZXkod3JhcHBpbmdLZXlJZDogc3RyaW5nLCBjaXBoZXJDbGVhckpzb246IEpTT05PYmplY3QpIHtcbiAgICBjb25zdCBrZXkgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlS2V5KCk7XG4gICAgY29uc3Qgd3JhcHBlZEtleSA9IGF3YWl0IHRoaXMuZW5jcnlwdFRvU3RyaW5nKFxuICAgICAgd3JhcHBpbmdLZXlJZCxcbiAgICAgIGtleS50b0pTT04odHJ1ZSlcbiAgICApO1xuICAgIGNvbnN0IGNpcGhlciA9IGF3YWl0IHRoaXMuZW5jcnlwdFRvU3RyaW5nKGtleSwgY2lwaGVyQ2xlYXJKc29uKTtcblxuICAgIHJldHVybiB7XG4gICAgICBrZXksXG4gICAgICB3cmFwcGluZ0tleUlkLFxuICAgICAgd3JhcHBlZEtleSxcbiAgICAgIGNpcGhlcixcbiAgICB9O1xuICB9XG59XG4iXX0=