@lifeready/core 1.0.3 → 1.0.5

package/esm2015/lib/cryptography/key.service.js

@@ -1,124 +1,124 @@
-import { __awaiter } from "tslib";
-import { Inject, Injectable } from '@angular/core';
-import { LrNotFoundException } from '../_common/exceptions';
-import { PersistService } from '../api/persist.service';
-import { KeyFactoryService as KFS } from './key-factory.service';
-import { LR_CONFIG } from '../life-ready.config';
-import * as i0 from "@angular/core";
-import * as i1 from "../life-ready.config";
-import * as i2 from "../api/persist.service";
-export class UserKeys {
-}
-export class KeyService {
-    constructor(config, persistService) {
-        this.config = config;
-        this.persistService = persistService;
-        this.STORE_MASTER_KEY = 'masterKey';
-        // AZ: This can't be change easily. It's basically a PassK or PassIdp rotation.
-        // todo: we should eventually increase this periodically to match with Moore's law.
-        // The iterations for each key are kept by the server as well but we assume the value
-        // from the server is not trustworthy, so need to have minimum thresholds here.
-        // If creating new keys, these minimum are used.
-        this.MIN_PASS_IDP_PBKDF_ITER = 100000;
-        this.MIN_PASS_KEY_PBKDF_ITER = 100000;
-        this.MIN_LBOP_KEY_PBKDF_ITER = 100000;
-        // These are used as the default values. They must be larger than the minimum values.
-        this.DEFAULT_PASS_IDP_PBKDF_ITER = this.MIN_PASS_IDP_PBKDF_ITER;
-        this.DEFAULT_PASS_KEY_PBKDF_ITER = this.MIN_PASS_KEY_PBKDF_ITER;
-        this.DEFAULT_LBOP_KEY_PBKDF_ITER = this.MIN_LBOP_KEY_PBKDF_ITER;
-        this.resetKeys();
-    }
-    resetKeys() {
-        this.keys = null;
-        this.masterKey = null;
-    }
-    purgeKeys() {
-        this.resetKeys();
-        this.persistService.clear();
-    }
-    populateKeys(keys) {
-        this.keys = keys;
-    }
-    getCurrentPassKey() {
-        return this.keys.passKey;
-    }
-    getCurrentMasterKey() {
-        return this.keys.masterKey;
-    }
-    getCurrentRootKey() {
-        return this.keys.rootKey;
-    }
-    getCurrentPxk() {
-        return this.keys.pxk;
-    }
-    getCurrentSigPxk() {
-        return this.keys.sigPxk;
-    }
-    expiresAfter(seconds) {
-        return new Date(Date.now() + 1000 * seconds);
-    }
-    persistMasterKey(masterKey, expiresAfterSeconds) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const storedKey = {
-                id: masterKey.id,
-                jwk: masterKey.jwk.toJSON(true),
-            };
-            this.masterKey = masterKey;
-            // Save in an expirable cookie.
-            yield this.persistService.set({
-                name: this.STORE_MASTER_KEY,
-                value: storedKey,
-                expiry: this.expiresAfter(expiresAfterSeconds),
-                serverSession: !this.config.disableSessionEncryptionKey,
-            });
-        });
-    }
-    setMasterKeyExpiresAfterSeconds(seconds) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const storedKey = yield this.persistService.get(this.STORE_MASTER_KEY);
-            if (storedKey == null) {
-                throw new LrNotFoundException(`Can not find masterKey in persisted storage using name: ${this.STORE_MASTER_KEY}`);
-            }
-            yield this.persistService.set({
-                name: this.STORE_MASTER_KEY,
-                value: storedKey,
-                expiry: this.expiresAfter(seconds),
-                serverSession: !this.config.disableSessionEncryptionKey,
-            });
-        });
-    }
-    // There's little benefit in using WebCrypto's none-extractable keys because if there
-    // is an XSS attack, then the attacker has control over the js that downloads the keys. The
-    // attacker can modify the code to import the keys as extractable. So none-extractable keys
-    // are only useful if they are already persisted and the user cannot download any more keys,
-    // which is not feasible.
-    // So storing the PassKey in localstorage for now, at least till we know what the usage
-    // pattern is, i.e. how often do we need to use the RootK, MaterK, and PassK.
-    loadMasterKey(masterKeyId) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!this.masterKey) {
-                const storedKey = yield this.persistService.get(this.STORE_MASTER_KEY);
-                if (!storedKey) {
-                    throw new LrNotFoundException('Could not find masterKey in persisted storage');
-                }
-                if (storedKey.id !== masterKeyId) {
-                    throw new LrNotFoundException(`masterKeyId ${storedKey.id} in persisted storage does not match the one requested ${masterKeyId}`);
-                }
-                storedKey.jwk = yield KFS.asKey(storedKey.jwk);
-                this.masterKey = storedKey;
-            }
-            return this.masterKey;
-        });
-    }
-}
-KeyService.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyService_Factory() { return new KeyService(i0.ɵɵinject(i1.LR_CONFIG), i0.ɵɵinject(i2.PersistService)); }, token: KeyService, providedIn: "root" });
-KeyService.decorators = [
-    { type: Injectable, args: [{
-                providedIn: 'root',
-            },] }
-];
-KeyService.ctorParameters = () => [
-    { type: undefined, decorators: [{ type: Inject, args: [LR_CONFIG,] }] },
-    { type: PersistService }
-];
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiQzovUHJvamVjdHMvbmV3cmVwby9rYy1jbGllbnQvcHJvamVjdHMvY29yZS9zcmMvIiwic291cmNlcyI6WyJsaWIvY3J5cHRvZ3JhcGh5L2tleS5zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSxPQUFPLEVBQUUsTUFBTSxFQUFFLFVBQVUsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUVuRCxPQUFPLEVBQUUsbUJBQW1CLEVBQUUsTUFBTSx1QkFBdUIsQ0FBQztBQUM1RCxPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDeEQsT0FBTyxFQUFFLGlCQUFpQixJQUFJLEdBQUcsRUFBRSxNQUFNLHVCQUF1QixDQUFDO0FBQ2pFLE9BQU8sRUFBbUIsU0FBUyxFQUFFLE1BQU0sc0JBQXNCLENBQUM7Ozs7QUFFbEUsTUFBTSxPQUFPLFFBQVE7Q0FNcEI7QUFVRCxNQUFNLE9BQU8sVUFBVTtJQW9CckIsWUFDNkIsTUFBdUIsRUFDMUMsY0FBOEI7UUFEWCxXQUFNLEdBQU4sTUFBTSxDQUFpQjtRQUMxQyxtQkFBYyxHQUFkLGNBQWMsQ0FBZ0I7UUFyQnZCLHFCQUFnQixHQUFHLFdBQVcsQ0FBQztRQUtoRCwrRUFBK0U7UUFDL0UsbUZBQW1GO1FBQ25GLHFGQUFxRjtRQUNyRiwrRUFBK0U7UUFDL0UsZ0RBQWdEO1FBQ2hDLDRCQUF1QixHQUFHLE1BQU0sQ0FBQztRQUNqQyw0QkFBdUIsR0FBRyxNQUFNLENBQUM7UUFDakMsNEJBQXVCLEdBQUcsTUFBTSxDQUFDO1FBRWpELHFGQUFxRjtRQUNyRSxnQ0FBMkIsR0FBRyxJQUFJLENBQUMsdUJBQXVCLENBQUM7UUFDM0QsZ0NBQTJCLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixDQUFDO1FBQzNELGdDQUEyQixHQUFHLElBQUksQ0FBQyx1QkFBdUIsQ0FBQztRQU16RSxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7SUFDbkIsQ0FBQztJQUVELFNBQVM7UUFDUCxJQUFJLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQztRQUNqQixJQUFJLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQztJQUN4QixDQUFDO0lBRUQsU0FBUztRQUNQLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztRQUNqQixJQUFJLENBQUMsY0FBYyxDQUFDLEtBQUssRUFBRSxDQUFDO0lBQzlCLENBQUM7SUFFRCxZQUFZLENBQUMsSUFBYztRQUN6QixJQUFJLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQztJQUNuQixDQUFDO0lBRU0saUJBQWlCO1FBQ3RCLE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUM7SUFDM0IsQ0FBQztJQUVNLG1CQUFtQjtRQUN4QixPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDO0lBQzdCLENBQUM7SUFFTSxpQkFBaUI7UUFDdEIsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQztJQUMzQixDQUFDO0lBRU0sYUFBYTtRQUNsQixPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDO0lBQ3ZCLENBQUM7SUFFTSxnQkFBZ0I7UUFDckIsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQztJQUMxQixDQUFDO0lBRU8sWUFBWSxDQUFDLE9BQWU7UUFDbEMsT0FBTyxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLEdBQUcsSUFBSSxHQUFHLE9BQU8sQ0FBQyxDQUFDO0lBQy9DLENBQUM7SUFFSyxnQkFBZ0IsQ0FDcEIsU0FBYyxFQUNkLG1CQUEyQjs7WUFFM0IsTUFBTSxTQUFTLEdBQUc7Z0JBQ2hCLEVBQUUsRUFBRSxTQUFTLENBQUMsRUFBRTtnQkFDaEIsR0FBRyxFQUFFLFNBQVMsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQzthQUNoQyxDQUFDO1lBRUYsSUFBSSxDQUFDLFNBQVMsR0FBRyxTQUFTLENBQUM7WUFFM0IsK0JBQStCO1lBQy9CLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxHQUFHLENBQUM7Z0JBQzVCLElBQUksRUFBRSxJQUFJLENBQUMsZ0JBQWdCO2dCQUMzQixLQUFLLEVBQUUsU0FBUztnQkFDaEIsTUFBTSxFQUFFLElBQUksQ0FBQyxZQUFZLENBQUMsbUJBQW1CLENBQUM7Z0JBQzlDLGFBQWEsRUFBRSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsMkJBQTJCO2FBQ3hELENBQUMsQ0FBQztRQUNMLENBQUM7S0FBQTtJQUVLLCtCQUErQixDQUFDLE9BQWU7O1lBQ25ELE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLENBQUM7WUFDdkUsSUFBSSxTQUFTLElBQUksSUFBSSxFQUFFO2dCQUNyQixNQUFNLElBQUksbUJBQW1CLENBQzNCLDJEQUEyRCxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FDbkYsQ0FBQzthQUNIO1lBQ0QsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQztnQkFDNUIsSUFBSSxFQUFFLElBQUksQ0FBQyxnQkFBZ0I7Z0JBQzNCLEtBQUssRUFBRSxTQUFTO2dCQUNoQixNQUFNLEVBQUUsSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUM7Z0JBQ2xDLGFBQWEsRUFBRSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsMkJBQTJCO2FBQ3hELENBQUMsQ0FBQztRQUNMLENBQUM7S0FBQTtJQUVELHFGQUFxRjtJQUNyRiwyRkFBMkY7SUFDM0YsMkZBQTJGO0lBQzNGLDRGQUE0RjtJQUM1Rix5QkFBeUI7SUFDekIsdUZBQXVGO0lBQ3ZGLDZFQUE2RTtJQUN2RSxhQUFhLENBQUMsV0FBbUI7O1lBQ3JDLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxFQUFFO2dCQUNuQixNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO2dCQUV2RSxJQUFJLENBQUMsU0FBUyxFQUFFO29CQUNkLE1BQU0sSUFBSSxtQkFBbUIsQ0FDM0IsK0NBQStDLENBQ2hELENBQUM7aUJBQ0g7Z0JBRUQsSUFBSSxTQUFTLENBQUMsRUFBRSxLQUFLLFdBQVcsRUFBRTtvQkFDaEMsTUFBTSxJQUFJLG1CQUFtQixDQUMzQixlQUFlLFNBQVMsQ0FBQyxFQUFFLDBEQUEwRCxXQUFXLEVBQUUsQ0FDbkcsQ0FBQztpQkFDSDtnQkFFRCxTQUFTLENBQUMsR0FBRyxHQUFHLE1BQU0sR0FBRyxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLENBQUM7Z0JBRS9DLElBQUksQ0FBQyxTQUFTLEdBQUcsU0FBUyxDQUFDO2FBQzVCO1lBRUQsT0FBTyxJQUFJLENBQUMsU0FBUyxDQUFDO1FBQ3hCLENBQUM7S0FBQTs7OztZQXBJRixVQUFVLFNBQUM7Z0JBQ1YsVUFBVSxFQUFFLE1BQU07YUFDbkI7Ozs0Q0FzQkksTUFBTSxTQUFDLFNBQVM7WUF6Q1osY0FBYyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEluamVjdCwgSW5qZWN0YWJsZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xyXG5pbXBvcnQgeyBLZXksIFBhc3NLZXkgfSBmcm9tICcuL2NyeXB0b2dyYXBoeS50eXBlcyc7XHJcbmltcG9ydCB7IExyTm90Rm91bmRFeGNlcHRpb24gfSBmcm9tICcuLi9fY29tbW9uL2V4Y2VwdGlvbnMnO1xyXG5pbXBvcnQgeyBQZXJzaXN0U2VydmljZSB9IGZyb20gJy4uL2FwaS9wZXJzaXN0LnNlcnZpY2UnO1xyXG5pbXBvcnQgeyBLZXlGYWN0b3J5U2VydmljZSBhcyBLRlMgfSBmcm9tICcuL2tleS1mYWN0b3J5LnNlcnZpY2UnO1xyXG5pbXBvcnQgeyBMaWZlUmVhZHlDb25maWcsIExSX0NPTkZJRyB9IGZyb20gJy4uL2xpZmUtcmVhZHkuY29uZmlnJztcclxuXHJcbmV4cG9ydCBjbGFzcyBVc2VyS2V5cyB7XHJcbiAgcGFzc0tleTogUGFzc0tleTtcclxuICBtYXN0ZXJLZXk6IEtleTtcclxuICByb290S2V5PzogS2V5O1xyXG4gIHB4az86IEtleTtcclxuICBzaWdQeGs/OiBLZXk7XHJcbn1cclxuXHJcbmludGVyZmFjZSBTdG9yZWRQYXNzS2V5IHtcclxuICBpZDogc3RyaW5nO1xyXG4gIGp3azogb2JqZWN0O1xyXG59XHJcblxyXG5ASW5qZWN0YWJsZSh7XHJcbiAgcHJvdmlkZWRJbjogJ3Jvb3QnLFxyXG59KVxyXG5leHBvcnQgY2xhc3MgS2V5U2VydmljZSB7XHJcbiAgcHJpdmF0ZSByZWFkb25seSBTVE9SRV9NQVNURVJfS0VZID0gJ21hc3RlcktleSc7XHJcbiAgLy8gdmFyaWFibGVzXHJcbiAgcHJpdmF0ZSBrZXlzOiBVc2VyS2V5cztcclxuICBwcml2YXRlIG1hc3RlcktleTogS2V5O1xyXG5cclxuICAvLyBBWjogVGhpcyBjYW4ndCBiZSBjaGFuZ2UgZWFzaWx5LiBJdCdzIGJhc2ljYWxseSBhIFBhc3NLIG9yIFBhc3NJZHAgcm90YXRpb24uXHJcbiAgLy8gdG9kbzogd2Ugc2hvdWxkIGV2ZW50dWFsbHkgaW5jcmVhc2UgdGhpcyBwZXJpb2RpY2FsbHkgdG8gbWF0Y2ggd2l0aCBNb29yZSdzIGxhdy5cclxuICAvLyBUaGUgaXRlcmF0aW9ucyBmb3IgZWFjaCBrZXkgYXJlIGtlcHQgYnkgdGhlIHNlcnZlciBhcyB3ZWxsIGJ1dCB3ZSBhc3N1bWUgdGhlIHZhbHVlXHJcbiAgLy8gZnJvbSB0aGUgc2VydmVyIGlzIG5vdCB0cnVzdHdvcnRoeSwgc28gbmVlZCB0byBoYXZlIG1pbmltdW0gdGhyZXNob2xkcyBoZXJlLlxyXG4gIC8vIElmIGNyZWF0aW5nIG5ldyBrZXlzLCB0aGVzZSBtaW5pbXVtIGFyZSB1c2VkLlxyXG4gIHB1YmxpYyByZWFkb25seSBNSU5fUEFTU19JRFBfUEJLREZfSVRFUiA9IDEwMDAwMDtcclxuICBwdWJsaWMgcmVhZG9ubHkgTUlOX1BBU1NfS0VZX1BCS0RGX0lURVIgPSAxMDAwMDA7XHJcbiAgcHVibGljIHJlYWRvbmx5IE1JTl9MQk9QX0tFWV9QQktERl9JVEVSID0gMTAwMDAwO1xyXG5cclxuICAvLyBUaGVzZSBhcmUgdXNlZCBhcyB0aGUgZGVmYXVsdCB2YWx1ZXMuIFRoZXkgbXVzdCBiZSBsYXJnZXIgdGhhbiB0aGUgbWluaW11bSB2YWx1ZXMuXHJcbiAgcHVibGljIHJlYWRvbmx5IERFRkFVTFRfUEFTU19JRFBfUEJLREZfSVRFUiA9IHRoaXMuTUlOX1BBU1NfSURQX1BCS0RGX0lURVI7XHJcbiAgcHVibGljIHJlYWRvbmx5IERFRkFVTFRfUEFTU19LRVlfUEJLREZfSVRFUiA9IHRoaXMuTUlOX1BBU1NfS0VZX1BCS0RGX0lURVI7XHJcbiAgcHVibGljIHJlYWRvbmx5IERFRkFVTFRfTEJPUF9LRVlfUEJLREZfSVRFUiA9IHRoaXMuTUlOX0xCT1BfS0VZX1BCS0RGX0lURVI7XHJcblxyXG4gIGNvbnN0cnVjdG9yKFxyXG4gICAgQEluamVjdChMUl9DT05GSUcpIHByaXZhdGUgY29uZmlnOiBMaWZlUmVhZHlDb25maWcsXHJcbiAgICBwcml2YXRlIHBlcnNpc3RTZXJ2aWNlOiBQZXJzaXN0U2VydmljZVxyXG4gICkge1xyXG4gICAgdGhpcy5yZXNldEtleXMoKTtcclxuICB9XHJcblxyXG4gIHJlc2V0S2V5cygpIHtcclxuICAgIHRoaXMua2V5cyA9IG51bGw7XHJcbiAgICB0aGlzLm1hc3RlcktleSA9IG51bGw7XHJcbiAgfVxyXG5cclxuICBwdXJnZUtleXMoKSB7XHJcbiAgICB0aGlzLnJlc2V0S2V5cygpO1xyXG4gICAgdGhpcy5wZXJzaXN0U2VydmljZS5jbGVhcigpO1xyXG4gIH1cclxuXHJcbiAgcG9wdWxhdGVLZXlzKGtleXM6IFVzZXJLZXlzKSB7XHJcbiAgICB0aGlzLmtleXMgPSBrZXlzO1xyXG4gIH1cclxuXHJcbiAgcHVibGljIGdldEN1cnJlbnRQYXNzS2V5KCk6IEtleSB7XHJcbiAgICByZXR1cm4gdGhpcy5rZXlzLnBhc3NLZXk7XHJcbiAgfVxyXG5cclxuICBwdWJsaWMgZ2V0Q3VycmVudE1hc3RlcktleSgpOiBLZXkge1xyXG4gICAgcmV0dXJuIHRoaXMua2V5cy5tYXN0ZXJLZXk7XHJcbiAgfVxyXG5cclxuICBwdWJsaWMgZ2V0Q3VycmVudFJvb3RLZXkoKTogS2V5IHtcclxuICAgIHJldHVybiB0aGlzLmtleXMucm9vdEtleTtcclxuICB9XHJcblxyXG4gIHB1YmxpYyBnZXRDdXJyZW50UHhrKCk6IEtleSB7XHJcbiAgICByZXR1cm4gdGhpcy5rZXlzLnB4aztcclxuICB9XHJcblxyXG4gIHB1YmxpYyBnZXRDdXJyZW50U2lnUHhrKCk6IEtleSB7XHJcbiAgICByZXR1cm4gdGhpcy5rZXlzLnNpZ1B4aztcclxuICB9XHJcblxyXG4gIHByaXZhdGUgZXhwaXJlc0FmdGVyKHNlY29uZHM6IG51bWJlcik6IERhdGUge1xyXG4gICAgcmV0dXJuIG5ldyBEYXRlKERhdGUubm93KCkgKyAxMDAwICogc2Vjb25kcyk7XHJcbiAgfVxyXG5cclxuICBhc3luYyBwZXJzaXN0TWFzdGVyS2V5KFxyXG4gICAgbWFzdGVyS2V5OiBLZXksXHJcbiAgICBleHBpcmVzQWZ0ZXJTZWNvbmRzOiBudW1iZXJcclxuICApOiBQcm9taXNlPHZvaWQ+IHtcclxuICAgIGNvbnN0IHN0b3JlZEtleSA9IHtcclxuICAgICAgaWQ6IG1hc3RlcktleS5pZCxcclxuICAgICAgandrOiBtYXN0ZXJLZXkuandrLnRvSlNPTih0cnVlKSxcclxuICAgIH07XHJcblxyXG4gICAgdGhpcy5tYXN0ZXJLZXkgPSBtYXN0ZXJLZXk7XHJcblxyXG4gICAgLy8gU2F2ZSBpbiBhbiBleHBpcmFibGUgY29va2llLlxyXG4gICAgYXdhaXQgdGhpcy5wZXJzaXN0U2VydmljZS5zZXQoe1xyXG4gICAgICBuYW1lOiB0aGlzLlNUT1JFX01BU1RFUl9LRVksXHJcbiAgICAgIHZhbHVlOiBzdG9yZWRLZXksXHJcbiAgICAgIGV4cGlyeTogdGhpcy5leHBpcmVzQWZ0ZXIoZXhwaXJlc0FmdGVyU2Vjb25kcyksXHJcbiAgICAgIHNlcnZlclNlc3Npb246ICF0aGlzLmNvbmZpZy5kaXNhYmxlU2Vzc2lvbkVuY3J5cHRpb25LZXksXHJcbiAgICB9KTtcclxuICB9XHJcblxyXG4gIGFzeW5jIHNldE1hc3RlcktleUV4cGlyZXNBZnRlclNlY29uZHMoc2Vjb25kczogbnVtYmVyKTogUHJvbWlzZTx2b2lkPiB7XHJcbiAgICBjb25zdCBzdG9yZWRLZXkgPSBhd2FpdCB0aGlzLnBlcnNpc3RTZXJ2aWNlLmdldCh0aGlzLlNUT1JFX01BU1RFUl9LRVkpO1xyXG4gICAgaWYgKHN0b3JlZEtleSA9PSBudWxsKSB7XHJcbiAgICAgIHRocm93IG5ldyBMck5vdEZvdW5kRXhjZXB0aW9uKFxyXG4gICAgICAgIGBDYW4gbm90IGZpbmQgbWFzdGVyS2V5IGluIHBlcnNpc3RlZCBzdG9yYWdlIHVzaW5nIG5hbWU6ICR7dGhpcy5TVE9SRV9NQVNURVJfS0VZfWBcclxuICAgICAgKTtcclxuICAgIH1cclxuICAgIGF3YWl0IHRoaXMucGVyc2lzdFNlcnZpY2Uuc2V0KHtcclxuICAgICAgbmFtZTogdGhpcy5TVE9SRV9NQVNURVJfS0VZLFxyXG4gICAgICB2YWx1ZTogc3RvcmVkS2V5LFxyXG4gICAgICBleHBpcnk6IHRoaXMuZXhwaXJlc0FmdGVyKHNlY29uZHMpLFxyXG4gICAgICBzZXJ2ZXJTZXNzaW9uOiAhdGhpcy5jb25maWcuZGlzYWJsZVNlc3Npb25FbmNyeXB0aW9uS2V5LFxyXG4gICAgfSk7XHJcbiAgfVxyXG5cclxuICAvLyBUaGVyZSdzIGxpdHRsZSBiZW5lZml0IGluIHVzaW5nIFdlYkNyeXB0bydzIG5vbmUtZXh0cmFjdGFibGUga2V5cyBiZWNhdXNlIGlmIHRoZXJlXHJcbiAgLy8gaXMgYW4gWFNTIGF0dGFjaywgdGhlbiB0aGUgYXR0YWNrZXIgaGFzIGNvbnRyb2wgb3ZlciB0aGUganMgdGhhdCBkb3dubG9hZHMgdGhlIGtleXMuIFRoZVxyXG4gIC8vIGF0dGFja2VyIGNhbiBtb2RpZnkgdGhlIGNvZGUgdG8gaW1wb3J0IHRoZSBrZXlzIGFzIGV4dHJhY3RhYmxlLiBTbyBub25lLWV4dHJhY3RhYmxlIGtleXNcclxuICAvLyBhcmUgb25seSB1c2VmdWwgaWYgdGhleSBhcmUgYWxyZWFkeSBwZXJzaXN0ZWQgYW5kIHRoZSB1c2VyIGNhbm5vdCBkb3dubG9hZCBhbnkgbW9yZSBrZXlzLFxyXG4gIC8vIHdoaWNoIGlzIG5vdCBmZWFzaWJsZS5cclxuICAvLyBTbyBzdG9yaW5nIHRoZSBQYXNzS2V5IGluIGxvY2Fsc3RvcmFnZSBmb3Igbm93LCBhdCBsZWFzdCB0aWxsIHdlIGtub3cgd2hhdCB0aGUgdXNhZ2VcclxuICAvLyBwYXR0ZXJuIGlzLCBpLmUuIGhvdyBvZnRlbiBkbyB3ZSBuZWVkIHRvIHVzZSB0aGUgUm9vdEssIE1hdGVySywgYW5kIFBhc3NLLlxyXG4gIGFzeW5jIGxvYWRNYXN0ZXJLZXkobWFzdGVyS2V5SWQ6IHN0cmluZyk6IFByb21pc2U8S2V5PiB7XHJcbiAgICBpZiAoIXRoaXMubWFzdGVyS2V5KSB7XHJcbiAgICAgIGNvbnN0IHN0b3JlZEtleSA9IGF3YWl0IHRoaXMucGVyc2lzdFNlcnZpY2UuZ2V0KHRoaXMuU1RPUkVfTUFTVEVSX0tFWSk7XHJcblxyXG4gICAgICBpZiAoIXN0b3JlZEtleSkge1xyXG4gICAgICAgIHRocm93IG5ldyBMck5vdEZvdW5kRXhjZXB0aW9uKFxyXG4gICAgICAgICAgJ0NvdWxkIG5vdCBmaW5kIG1hc3RlcktleSBpbiBwZXJzaXN0ZWQgc3RvcmFnZSdcclxuICAgICAgICApO1xyXG4gICAgICB9XHJcblxyXG4gICAgICBpZiAoc3RvcmVkS2V5LmlkICE9PSBtYXN0ZXJLZXlJZCkge1xyXG4gICAgICAgIHRocm93IG5ldyBMck5vdEZvdW5kRXhjZXB0aW9uKFxyXG4gICAgICAgICAgYG1hc3RlcktleUlkICR7c3RvcmVkS2V5LmlkfSBpbiBwZXJzaXN0ZWQgc3RvcmFnZSBkb2VzIG5vdCBtYXRjaCB0aGUgb25lIHJlcXVlc3RlZCAke21hc3RlcktleUlkfWBcclxuICAgICAgICApO1xyXG4gICAgICB9XHJcblxyXG4gICAgICBzdG9yZWRLZXkuandrID0gYXdhaXQgS0ZTLmFzS2V5KHN0b3JlZEtleS5qd2spO1xyXG5cclxuICAgICAgdGhpcy5tYXN0ZXJLZXkgPSBzdG9yZWRLZXk7XHJcbiAgICB9XHJcblxyXG4gICAgcmV0dXJuIHRoaXMubWFzdGVyS2V5O1xyXG4gIH1cclxufVxyXG4iXX0=
+import { __awaiter } from "tslib";
+import { Inject, Injectable } from '@angular/core';
+import { LrNotFoundException } from '../_common/exceptions';
+import { PersistService } from '../api/persist.service';
+import { KeyFactoryService as KFS } from './key-factory.service';
+import { LR_CONFIG } from '../life-ready.config';
+import * as i0 from "@angular/core";
+import * as i1 from "../life-ready.config";
+import * as i2 from "../api/persist.service";
+export class UserKeys {
+}
+export class KeyService {
+    constructor(config, persistService) {
+        this.config = config;
+        this.persistService = persistService;
+        this.STORE_MASTER_KEY = 'masterKey';
+        // AZ: This can't be change easily. It's basically a PassK or PassIdp rotation.
+        // todo: we should eventually increase this periodically to match with Moore's law.
+        // The iterations for each key are kept by the server as well but we assume the value
+        // from the server is not trustworthy, so need to have minimum thresholds here.
+        // If creating new keys, these minimum are used.
+        this.MIN_PASS_IDP_PBKDF_ITER = 100000;
+        this.MIN_PASS_KEY_PBKDF_ITER = 100000;
+        this.MIN_LBOP_KEY_PBKDF_ITER = 100000;
+        // These are used as the default values. They must be larger than the minimum values.
+        this.DEFAULT_PASS_IDP_PBKDF_ITER = this.MIN_PASS_IDP_PBKDF_ITER;
+        this.DEFAULT_PASS_KEY_PBKDF_ITER = this.MIN_PASS_KEY_PBKDF_ITER;
+        this.DEFAULT_LBOP_KEY_PBKDF_ITER = this.MIN_LBOP_KEY_PBKDF_ITER;
+        this.resetKeys();
+    }
+    resetKeys() {
+        this.keys = null;
+        this.masterKey = null;
+    }
+    purgeKeys() {
+        this.resetKeys();
+        this.persistService.clear();
+    }
+    populateKeys(keys) {
+        this.keys = keys;
+    }
+    getCurrentPassKey() {
+        return this.keys.passKey;
+    }
+    getCurrentMasterKey() {
+        return this.keys.masterKey;
+    }
+    getCurrentRootKey() {
+        return this.keys.rootKey;
+    }
+    getCurrentPxk() {
+        return this.keys.pxk;
+    }
+    getCurrentSigPxk() {
+        return this.keys.sigPxk;
+    }
+    expiresAfter(seconds) {
+        return new Date(Date.now() + 1000 * seconds);
+    }
+    persistMasterKey(masterKey, expiresAfterSeconds) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const storedKey = {
+                id: masterKey.id,
+                jwk: masterKey.jwk.toJSON(true),
+            };
+            this.masterKey = masterKey;
+            // Save in an expirable cookie.
+            yield this.persistService.set({
+                name: this.STORE_MASTER_KEY,
+                value: storedKey,
+                expiry: this.expiresAfter(expiresAfterSeconds),
+                serverSession: !this.config.disableSessionEncryptionKey,
+            });
+        });
+    }
+    setMasterKeyExpiresAfterSeconds(seconds) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const storedKey = yield this.persistService.get(this.STORE_MASTER_KEY);
+            if (storedKey == null) {
+                throw new LrNotFoundException(`Can not find masterKey in persisted storage using name: ${this.STORE_MASTER_KEY}`);
+            }
+            yield this.persistService.set({
+                name: this.STORE_MASTER_KEY,
+                value: storedKey,
+                expiry: this.expiresAfter(seconds),
+                serverSession: !this.config.disableSessionEncryptionKey,
+            });
+        });
+    }
+    // There's little benefit in using WebCrypto's none-extractable keys because if there
+    // is an XSS attack, then the attacker has control over the js that downloads the keys. The
+    // attacker can modify the code to import the keys as extractable. So none-extractable keys
+    // are only useful if they are already persisted and the user cannot download any more keys,
+    // which is not feasible.
+    // So storing the PassKey in localstorage for now, at least till we know what the usage
+    // pattern is, i.e. how often do we need to use the RootK, MaterK, and PassK.
+    loadMasterKey(masterKeyId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!this.masterKey) {
+                const storedKey = yield this.persistService.get(this.STORE_MASTER_KEY);
+                if (!storedKey) {
+                    throw new LrNotFoundException('Could not find masterKey in persisted storage');
+                }
+                if (storedKey.id !== masterKeyId) {
+                    throw new LrNotFoundException(`masterKeyId ${storedKey.id} in persisted storage does not match the one requested ${masterKeyId}`);
+                }
+                storedKey.jwk = yield KFS.asKey(storedKey.jwk);
+                this.masterKey = storedKey;
+            }
+            return this.masterKey;
+        });
+    }
+}
+KeyService.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyService_Factory() { return new KeyService(i0.ɵɵinject(i1.LR_CONFIG), i0.ɵɵinject(i2.PersistService)); }, token: KeyService, providedIn: "root" });
+KeyService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+KeyService.ctorParameters = () => [
+    { type: undefined, decorators: [{ type: Inject, args: [LR_CONFIG,] }] },
+    { type: PersistService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiL29wdC9hdGxhc3NpYW4vcGlwZWxpbmVzL2FnZW50L2J1aWxkL3Byb2plY3RzL2NvcmUvc3JjLyIsInNvdXJjZXMiOlsibGliL2NyeXB0b2dyYXBoeS9rZXkuc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsT0FBTyxFQUFFLE1BQU0sRUFBRSxVQUFVLEVBQUUsTUFBTSxlQUFlLENBQUM7QUFFbkQsT0FBTyxFQUFFLG1CQUFtQixFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDNUQsT0FBTyxFQUFFLGNBQWMsRUFBRSxNQUFNLHdCQUF3QixDQUFDO0FBQ3hELE9BQU8sRUFBRSxpQkFBaUIsSUFBSSxHQUFHLEVBQUUsTUFBTSx1QkFBdUIsQ0FBQztBQUNqRSxPQUFPLEVBQW1CLFNBQVMsRUFBRSxNQUFNLHNCQUFzQixDQUFDOzs7O0FBRWxFLE1BQU0sT0FBTyxRQUFRO0NBTXBCO0FBVUQsTUFBTSxPQUFPLFVBQVU7SUFvQnJCLFlBQzZCLE1BQXVCLEVBQzFDLGNBQThCO1FBRFgsV0FBTSxHQUFOLE1BQU0sQ0FBaUI7UUFDMUMsbUJBQWMsR0FBZCxjQUFjLENBQWdCO1FBckJ2QixxQkFBZ0IsR0FBRyxXQUFXLENBQUM7UUFLaEQsK0VBQStFO1FBQy9FLG1GQUFtRjtRQUNuRixxRkFBcUY7UUFDckYsK0VBQStFO1FBQy9FLGdEQUFnRDtRQUNoQyw0QkFBdUIsR0FBRyxNQUFNLENBQUM7UUFDakMsNEJBQXVCLEdBQUcsTUFBTSxDQUFDO1FBQ2pDLDRCQUF1QixHQUFHLE1BQU0sQ0FBQztRQUVqRCxxRkFBcUY7UUFDckUsZ0NBQTJCLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixDQUFDO1FBQzNELGdDQUEyQixHQUFHLElBQUksQ0FBQyx1QkFBdUIsQ0FBQztRQUMzRCxnQ0FBMkIsR0FBRyxJQUFJLENBQUMsdUJBQXVCLENBQUM7UUFNekUsSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO0lBQ25CLENBQUM7SUFFRCxTQUFTO1FBQ1AsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUM7UUFDakIsSUFBSSxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUM7SUFDeEIsQ0FBQztJQUVELFNBQVM7UUFDUCxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7UUFDakIsSUFBSSxDQUFDLGNBQWMsQ0FBQyxLQUFLLEVBQUUsQ0FBQztJQUM5QixDQUFDO0lBRUQsWUFBWSxDQUFDLElBQWM7UUFDekIsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUM7SUFDbkIsQ0FBQztJQUVNLGlCQUFpQjtRQUN0QixPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDO0lBQzNCLENBQUM7SUFFTSxtQkFBbUI7UUFDeEIsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQztJQUM3QixDQUFDO0lBRU0saUJBQWlCO1FBQ3RCLE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUM7SUFDM0IsQ0FBQztJQUVNLGFBQWE7UUFDbEIsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQztJQUN2QixDQUFDO0lBRU0sZ0JBQWdCO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUM7SUFDMUIsQ0FBQztJQUVPLFlBQVksQ0FBQyxPQUFlO1FBQ2xDLE9BQU8sSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUksR0FBRyxPQUFPLENBQUMsQ0FBQztJQUMvQyxDQUFDO0lBRUssZ0JBQWdCLENBQ3BCLFNBQWMsRUFDZCxtQkFBMkI7O1lBRTNCLE1BQU0sU0FBUyxHQUFHO2dCQUNoQixFQUFFLEVBQUUsU0FBUyxDQUFDLEVBQUU7Z0JBQ2hCLEdBQUcsRUFBRSxTQUFTLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUM7YUFDaEMsQ0FBQztZQUVGLElBQUksQ0FBQyxTQUFTLEdBQUcsU0FBUyxDQUFDO1lBRTNCLCtCQUErQjtZQUMvQixNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDO2dCQUM1QixJQUFJLEVBQUUsSUFBSSxDQUFDLGdCQUFnQjtnQkFDM0IsS0FBSyxFQUFFLFNBQVM7Z0JBQ2hCLE1BQU0sRUFBRSxJQUFJLENBQUMsWUFBWSxDQUFDLG1CQUFtQixDQUFDO2dCQUM5QyxhQUFhLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLDJCQUEyQjthQUN4RCxDQUFDLENBQUM7UUFDTCxDQUFDO0tBQUE7SUFFSywrQkFBK0IsQ0FBQyxPQUFlOztZQUNuRCxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1lBQ3ZFLElBQUksU0FBUyxJQUFJLElBQUksRUFBRTtnQkFDckIsTUFBTSxJQUFJLG1CQUFtQixDQUMzQiwyREFBMkQsSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQ25GLENBQUM7YUFDSDtZQUNELE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxHQUFHLENBQUM7Z0JBQzVCLElBQUksRUFBRSxJQUFJLENBQUMsZ0JBQWdCO2dCQUMzQixLQUFLLEVBQUUsU0FBUztnQkFDaEIsTUFBTSxFQUFFLElBQUksQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDO2dCQUNsQyxhQUFhLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLDJCQUEyQjthQUN4RCxDQUFDLENBQUM7UUFDTCxDQUFDO0tBQUE7SUFFRCxxRkFBcUY7SUFDckYsMkZBQTJGO0lBQzNGLDJGQUEyRjtJQUMzRiw0RkFBNEY7SUFDNUYseUJBQXlCO0lBQ3pCLHVGQUF1RjtJQUN2Riw2RUFBNkU7SUFDdkUsYUFBYSxDQUFDLFdBQW1COztZQUNyQyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRTtnQkFDbkIsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztnQkFFdkUsSUFBSSxDQUFDLFNBQVMsRUFBRTtvQkFDZCxNQUFNLElBQUksbUJBQW1CLENBQzNCLCtDQUErQyxDQUNoRCxDQUFDO2lCQUNIO2dCQUVELElBQUksU0FBUyxDQUFDLEVBQUUsS0FBSyxXQUFXLEVBQUU7b0JBQ2hDLE1BQU0sSUFBSSxtQkFBbUIsQ0FDM0IsZUFBZSxTQUFTLENBQUMsRUFBRSwwREFBMEQsV0FBVyxFQUFFLENBQ25HLENBQUM7aUJBQ0g7Z0JBRUQsU0FBUyxDQUFDLEdBQUcsR0FBRyxNQUFNLEdBQUcsQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxDQUFDO2dCQUUvQyxJQUFJLENBQUMsU0FBUyxHQUFHLFNBQVMsQ0FBQzthQUM1QjtZQUVELE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQztRQUN4QixDQUFDO0tBQUE7Ozs7WUFwSUYsVUFBVSxTQUFDO2dCQUNWLFVBQVUsRUFBRSxNQUFNO2FBQ25COzs7NENBc0JJLE1BQU0sU0FBQyxTQUFTO1lBekNaLGNBQWMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBJbmplY3QsIEluamVjdGFibGUgfSBmcm9tICdAYW5ndWxhci9jb3JlJztcbmltcG9ydCB7IEtleSwgUGFzc0tleSB9IGZyb20gJy4vY3J5cHRvZ3JhcGh5LnR5cGVzJztcbmltcG9ydCB7IExyTm90Rm91bmRFeGNlcHRpb24gfSBmcm9tICcuLi9fY29tbW9uL2V4Y2VwdGlvbnMnO1xuaW1wb3J0IHsgUGVyc2lzdFNlcnZpY2UgfSBmcm9tICcuLi9hcGkvcGVyc2lzdC5zZXJ2aWNlJztcbmltcG9ydCB7IEtleUZhY3RvcnlTZXJ2aWNlIGFzIEtGUyB9IGZyb20gJy4va2V5LWZhY3Rvcnkuc2VydmljZSc7XG5pbXBvcnQgeyBMaWZlUmVhZHlDb25maWcsIExSX0NPTkZJRyB9IGZyb20gJy4uL2xpZmUtcmVhZHkuY29uZmlnJztcblxuZXhwb3J0IGNsYXNzIFVzZXJLZXlzIHtcbiAgcGFzc0tleTogUGFzc0tleTtcbiAgbWFzdGVyS2V5OiBLZXk7XG4gIHJvb3RLZXk/OiBLZXk7XG4gIHB4az86IEtleTtcbiAgc2lnUHhrPzogS2V5O1xufVxuXG5pbnRlcmZhY2UgU3RvcmVkUGFzc0tleSB7XG4gIGlkOiBzdHJpbmc7XG4gIGp3azogb2JqZWN0O1xufVxuXG5ASW5qZWN0YWJsZSh7XG4gIHByb3ZpZGVkSW46ICdyb290Jyxcbn0pXG5leHBvcnQgY2xhc3MgS2V5U2VydmljZSB7XG4gIHByaXZhdGUgcmVhZG9ubHkgU1RPUkVfTUFTVEVSX0tFWSA9ICdtYXN0ZXJLZXknO1xuICAvLyB2YXJpYWJsZXNcbiAgcHJpdmF0ZSBrZXlzOiBVc2VyS2V5cztcbiAgcHJpdmF0ZSBtYXN0ZXJLZXk6IEtleTtcblxuICAvLyBBWjogVGhpcyBjYW4ndCBiZSBjaGFuZ2UgZWFzaWx5LiBJdCdzIGJhc2ljYWxseSBhIFBhc3NLIG9yIFBhc3NJZHAgcm90YXRpb24uXG4gIC8vIHRvZG86IHdlIHNob3VsZCBldmVudHVhbGx5IGluY3JlYXNlIHRoaXMgcGVyaW9kaWNhbGx5IHRvIG1hdGNoIHdpdGggTW9vcmUncyBsYXcuXG4gIC8vIFRoZSBpdGVyYXRpb25zIGZvciBlYWNoIGtleSBhcmUga2VwdCBieSB0aGUgc2VydmVyIGFzIHdlbGwgYnV0IHdlIGFzc3VtZSB0aGUgdmFsdWVcbiAgLy8gZnJvbSB0aGUgc2VydmVyIGlzIG5vdCB0cnVzdHdvcnRoeSwgc28gbmVlZCB0byBoYXZlIG1pbmltdW0gdGhyZXNob2xkcyBoZXJlLlxuICAvLyBJZiBjcmVhdGluZyBuZXcga2V5cywgdGhlc2UgbWluaW11bSBhcmUgdXNlZC5cbiAgcHVibGljIHJlYWRvbmx5IE1JTl9QQVNTX0lEUF9QQktERl9JVEVSID0gMTAwMDAwO1xuICBwdWJsaWMgcmVhZG9ubHkgTUlOX1BBU1NfS0VZX1BCS0RGX0lURVIgPSAxMDAwMDA7XG4gIHB1YmxpYyByZWFkb25seSBNSU5fTEJPUF9LRVlfUEJLREZfSVRFUiA9IDEwMDAwMDtcblxuICAvLyBUaGVzZSBhcmUgdXNlZCBhcyB0aGUgZGVmYXVsdCB2YWx1ZXMuIFRoZXkgbXVzdCBiZSBsYXJnZXIgdGhhbiB0aGUgbWluaW11bSB2YWx1ZXMuXG4gIHB1YmxpYyByZWFkb25seSBERUZBVUxUX1BBU1NfSURQX1BCS0RGX0lURVIgPSB0aGlzLk1JTl9QQVNTX0lEUF9QQktERl9JVEVSO1xuICBwdWJsaWMgcmVhZG9ubHkgREVGQVVMVF9QQVNTX0tFWV9QQktERl9JVEVSID0gdGhpcy5NSU5fUEFTU19LRVlfUEJLREZfSVRFUjtcbiAgcHVibGljIHJlYWRvbmx5IERFRkFVTFRfTEJPUF9LRVlfUEJLREZfSVRFUiA9IHRoaXMuTUlOX0xCT1BfS0VZX1BCS0RGX0lURVI7XG5cbiAgY29uc3RydWN0b3IoXG4gICAgQEluamVjdChMUl9DT05GSUcpIHByaXZhdGUgY29uZmlnOiBMaWZlUmVhZHlDb25maWcsXG4gICAgcHJpdmF0ZSBwZXJzaXN0U2VydmljZTogUGVyc2lzdFNlcnZpY2VcbiAgKSB7XG4gICAgdGhpcy5yZXNldEtleXMoKTtcbiAgfVxuXG4gIHJlc2V0S2V5cygpIHtcbiAgICB0aGlzLmtleXMgPSBudWxsO1xuICAgIHRoaXMubWFzdGVyS2V5ID0gbnVsbDtcbiAgfVxuXG4gIHB1cmdlS2V5cygpIHtcbiAgICB0aGlzLnJlc2V0S2V5cygpO1xuICAgIHRoaXMucGVyc2lzdFNlcnZpY2UuY2xlYXIoKTtcbiAgfVxuXG4gIHBvcHVsYXRlS2V5cyhrZXlzOiBVc2VyS2V5cykge1xuICAgIHRoaXMua2V5cyA9IGtleXM7XG4gIH1cblxuICBwdWJsaWMgZ2V0Q3VycmVudFBhc3NLZXkoKTogS2V5IHtcbiAgICByZXR1cm4gdGhpcy5rZXlzLnBhc3NLZXk7XG4gIH1cblxuICBwdWJsaWMgZ2V0Q3VycmVudE1hc3RlcktleSgpOiBLZXkge1xuICAgIHJldHVybiB0aGlzLmtleXMubWFzdGVyS2V5O1xuICB9XG5cbiAgcHVibGljIGdldEN1cnJlbnRSb290S2V5KCk6IEtleSB7XG4gICAgcmV0dXJuIHRoaXMua2V5cy5yb290S2V5O1xuICB9XG5cbiAgcHVibGljIGdldEN1cnJlbnRQeGsoKTogS2V5IHtcbiAgICByZXR1cm4gdGhpcy5rZXlzLnB4aztcbiAgfVxuXG4gIHB1YmxpYyBnZXRDdXJyZW50U2lnUHhrKCk6IEtleSB7XG4gICAgcmV0dXJuIHRoaXMua2V5cy5zaWdQeGs7XG4gIH1cblxuICBwcml2YXRlIGV4cGlyZXNBZnRlcihzZWNvbmRzOiBudW1iZXIpOiBEYXRlIHtcbiAgICByZXR1cm4gbmV3IERhdGUoRGF0ZS5ub3coKSArIDEwMDAgKiBzZWNvbmRzKTtcbiAgfVxuXG4gIGFzeW5jIHBlcnNpc3RNYXN0ZXJLZXkoXG4gICAgbWFzdGVyS2V5OiBLZXksXG4gICAgZXhwaXJlc0FmdGVyU2Vjb25kczogbnVtYmVyXG4gICk6IFByb21pc2U8dm9pZD4ge1xuICAgIGNvbnN0IHN0b3JlZEtleSA9IHtcbiAgICAgIGlkOiBtYXN0ZXJLZXkuaWQsXG4gICAgICBqd2s6IG1hc3RlcktleS5qd2sudG9KU09OKHRydWUpLFxuICAgIH07XG5cbiAgICB0aGlzLm1hc3RlcktleSA9IG1hc3RlcktleTtcblxuICAgIC8vIFNhdmUgaW4gYW4gZXhwaXJhYmxlIGNvb2tpZS5cbiAgICBhd2FpdCB0aGlzLnBlcnNpc3RTZXJ2aWNlLnNldCh7XG4gICAgICBuYW1lOiB0aGlzLlNUT1JFX01BU1RFUl9LRVksXG4gICAgICB2YWx1ZTogc3RvcmVkS2V5LFxuICAgICAgZXhwaXJ5OiB0aGlzLmV4cGlyZXNBZnRlcihleHBpcmVzQWZ0ZXJTZWNvbmRzKSxcbiAgICAgIHNlcnZlclNlc3Npb246ICF0aGlzLmNvbmZpZy5kaXNhYmxlU2Vzc2lvbkVuY3J5cHRpb25LZXksXG4gICAgfSk7XG4gIH1cblxuICBhc3luYyBzZXRNYXN0ZXJLZXlFeHBpcmVzQWZ0ZXJTZWNvbmRzKHNlY29uZHM6IG51bWJlcik6IFByb21pc2U8dm9pZD4ge1xuICAgIGNvbnN0IHN0b3JlZEtleSA9IGF3YWl0IHRoaXMucGVyc2lzdFNlcnZpY2UuZ2V0KHRoaXMuU1RPUkVfTUFTVEVSX0tFWSk7XG4gICAgaWYgKHN0b3JlZEtleSA9PSBudWxsKSB7XG4gICAgICB0aHJvdyBuZXcgTHJOb3RGb3VuZEV4Y2VwdGlvbihcbiAgICAgICAgYENhbiBub3QgZmluZCBtYXN0ZXJLZXkgaW4gcGVyc2lzdGVkIHN0b3JhZ2UgdXNpbmcgbmFtZTogJHt0aGlzLlNUT1JFX01BU1RFUl9LRVl9YFxuICAgICAgKTtcbiAgICB9XG4gICAgYXdhaXQgdGhpcy5wZXJzaXN0U2VydmljZS5zZXQoe1xuICAgICAgbmFtZTogdGhpcy5TVE9SRV9NQVNURVJfS0VZLFxuICAgICAgdmFsdWU6IHN0b3JlZEtleSxcbiAgICAgIGV4cGlyeTogdGhpcy5leHBpcmVzQWZ0ZXIoc2Vjb25kcyksXG4gICAgICBzZXJ2ZXJTZXNzaW9uOiAhdGhpcy5jb25maWcuZGlzYWJsZVNlc3Npb25FbmNyeXB0aW9uS2V5LFxuICAgIH0pO1xuICB9XG5cbiAgLy8gVGhlcmUncyBsaXR0bGUgYmVuZWZpdCBpbiB1c2luZyBXZWJDcnlwdG8ncyBub25lLWV4dHJhY3RhYmxlIGtleXMgYmVjYXVzZSBpZiB0aGVyZVxuICAvLyBpcyBhbiBYU1MgYXR0YWNrLCB0aGVuIHRoZSBhdHRhY2tlciBoYXMgY29udHJvbCBvdmVyIHRoZSBqcyB0aGF0IGRvd25sb2FkcyB0aGUga2V5cy4gVGhlXG4gIC8vIGF0dGFja2VyIGNhbiBtb2RpZnkgdGhlIGNvZGUgdG8gaW1wb3J0IHRoZSBrZXlzIGFzIGV4dHJhY3RhYmxlLiBTbyBub25lLWV4dHJhY3RhYmxlIGtleXNcbiAgLy8gYXJlIG9ubHkgdXNlZnVsIGlmIHRoZXkgYXJlIGFscmVhZHkgcGVyc2lzdGVkIGFuZCB0aGUgdXNlciBjYW5ub3QgZG93bmxvYWQgYW55IG1vcmUga2V5cyxcbiAgLy8gd2hpY2ggaXMgbm90IGZlYXNpYmxlLlxuICAvLyBTbyBzdG9yaW5nIHRoZSBQYXNzS2V5IGluIGxvY2Fsc3RvcmFnZSBmb3Igbm93LCBhdCBsZWFzdCB0aWxsIHdlIGtub3cgd2hhdCB0aGUgdXNhZ2VcbiAgLy8gcGF0dGVybiBpcywgaS5lLiBob3cgb2Z0ZW4gZG8gd2UgbmVlZCB0byB1c2UgdGhlIFJvb3RLLCBNYXRlckssIGFuZCBQYXNzSy5cbiAgYXN5bmMgbG9hZE1hc3RlcktleShtYXN0ZXJLZXlJZDogc3RyaW5nKTogUHJvbWlzZTxLZXk+IHtcbiAgICBpZiAoIXRoaXMubWFzdGVyS2V5KSB7XG4gICAgICBjb25zdCBzdG9yZWRLZXkgPSBhd2FpdCB0aGlzLnBlcnNpc3RTZXJ2aWNlLmdldCh0aGlzLlNUT1JFX01BU1RFUl9LRVkpO1xuXG4gICAgICBpZiAoIXN0b3JlZEtleSkge1xuICAgICAgICB0aHJvdyBuZXcgTHJOb3RGb3VuZEV4Y2VwdGlvbihcbiAgICAgICAgICAnQ291bGQgbm90IGZpbmQgbWFzdGVyS2V5IGluIHBlcnNpc3RlZCBzdG9yYWdlJ1xuICAgICAgICApO1xuICAgICAgfVxuXG4gICAgICBpZiAoc3RvcmVkS2V5LmlkICE9PSBtYXN0ZXJLZXlJZCkge1xuICAgICAgICB0aHJvdyBuZXcgTHJOb3RGb3VuZEV4Y2VwdGlvbihcbiAgICAgICAgICBgbWFzdGVyS2V5SWQgJHtzdG9yZWRLZXkuaWR9IGluIHBlcnNpc3RlZCBzdG9yYWdlIGRvZXMgbm90IG1hdGNoIHRoZSBvbmUgcmVxdWVzdGVkICR7bWFzdGVyS2V5SWR9YFxuICAgICAgICApO1xuICAgICAgfVxuXG4gICAgICBzdG9yZWRLZXkuandrID0gYXdhaXQgS0ZTLmFzS2V5KHN0b3JlZEtleS5qd2spO1xuXG4gICAgICB0aGlzLm1hc3RlcktleSA9IHN0b3JlZEtleTtcbiAgICB9XG5cbiAgICByZXR1cm4gdGhpcy5tYXN0ZXJLZXk7XG4gIH1cbn1cbiJdfQ==