livekit-client 1.11.4 → 1.12.0

package/dist/livekit-client.e2ee.worker.mjs

@@ -0,0 +1,1525 @@
+var commonjsGlobal = typeof globalThis !== 'undefined' ? globalThis : typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {};
+
+function getDefaultExportFromCjs (x) {
+	return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
+}
+
+var loglevel = {exports: {}};
+
+/*
+* loglevel - https://github.com/pimterry/loglevel
+*
+* Copyright (c) 2013 Tim Perry
+* Licensed under the MIT license.
+*/
+(function (module) {
+  (function (root, definition) {
+
+    if (module.exports) {
+      module.exports = definition();
+    } else {
+      root.log = definition();
+    }
+  })(commonjsGlobal, function () {
+
+    // Slightly dubious tricks to cut down minimized file size
+    var noop = function () {};
+    var undefinedType = "undefined";
+    var isIE = typeof window !== undefinedType && typeof window.navigator !== undefinedType && /Trident\/|MSIE /.test(window.navigator.userAgent);
+    var logMethods = ["trace", "debug", "info", "warn", "error"];
+
+    // Cross-browser bind equivalent that works at least back to IE6
+    function bindMethod(obj, methodName) {
+      var method = obj[methodName];
+      if (typeof method.bind === 'function') {
+        return method.bind(obj);
+      } else {
+        try {
+          return Function.prototype.bind.call(method, obj);
+        } catch (e) {
+          // Missing bind shim or IE8 + Modernizr, fallback to wrapping
+          return function () {
+            return Function.prototype.apply.apply(method, [obj, arguments]);
+          };
+        }
+      }
+    }
+
+    // Trace() doesn't print the message in IE, so for that case we need to wrap it
+    function traceForIE() {
+      if (console.log) {
+        if (console.log.apply) {
+          console.log.apply(console, arguments);
+        } else {
+          // In old IE, native console methods themselves don't have apply().
+          Function.prototype.apply.apply(console.log, [console, arguments]);
+        }
+      }
+      if (console.trace) console.trace();
+    }
+
+    // Build the best logging method possible for this env
+    // Wherever possible we want to bind, not wrap, to preserve stack traces
+    function realMethod(methodName) {
+      if (methodName === 'debug') {
+        methodName = 'log';
+      }
+      if (typeof console === undefinedType) {
+        return false; // No method possible, for now - fixed later by enableLoggingWhenConsoleArrives
+      } else if (methodName === 'trace' && isIE) {
+        return traceForIE;
+      } else if (console[methodName] !== undefined) {
+        return bindMethod(console, methodName);
+      } else if (console.log !== undefined) {
+        return bindMethod(console, 'log');
+      } else {
+        return noop;
+      }
+    }
+
+    // These private functions always need `this` to be set properly
+
+    function replaceLoggingMethods(level, loggerName) {
+      /*jshint validthis:true */
+      for (var i = 0; i < logMethods.length; i++) {
+        var methodName = logMethods[i];
+        this[methodName] = i < level ? noop : this.methodFactory(methodName, level, loggerName);
+      }
+
+      // Define log.log as an alias for log.debug
+      this.log = this.debug;
+    }
+
+    // In old IE versions, the console isn't present until you first open it.
+    // We build realMethod() replacements here that regenerate logging methods
+    function enableLoggingWhenConsoleArrives(methodName, level, loggerName) {
+      return function () {
+        if (typeof console !== undefinedType) {
+          replaceLoggingMethods.call(this, level, loggerName);
+          this[methodName].apply(this, arguments);
+        }
+      };
+    }
+
+    // By default, we use closely bound real methods wherever possible, and
+    // otherwise we wait for a console to appear, and then try again.
+    function defaultMethodFactory(methodName, level, loggerName) {
+      /*jshint validthis:true */
+      return realMethod(methodName) || enableLoggingWhenConsoleArrives.apply(this, arguments);
+    }
+    function Logger(name, defaultLevel, factory) {
+      var self = this;
+      var currentLevel;
+      defaultLevel = defaultLevel == null ? "WARN" : defaultLevel;
+      var storageKey = "loglevel";
+      if (typeof name === "string") {
+        storageKey += ":" + name;
+      } else if (typeof name === "symbol") {
+        storageKey = undefined;
+      }
+      function persistLevelIfPossible(levelNum) {
+        var levelName = (logMethods[levelNum] || 'silent').toUpperCase();
+        if (typeof window === undefinedType || !storageKey) return;
+
+        // Use localStorage if available
+        try {
+          window.localStorage[storageKey] = levelName;
+          return;
+        } catch (ignore) {}
+
+        // Use session cookie as fallback
+        try {
+          window.document.cookie = encodeURIComponent(storageKey) + "=" + levelName + ";";
+        } catch (ignore) {}
+      }
+      function getPersistedLevel() {
+        var storedLevel;
+        if (typeof window === undefinedType || !storageKey) return;
+        try {
+          storedLevel = window.localStorage[storageKey];
+        } catch (ignore) {}
+
+        // Fallback to cookies if local storage gives us nothing
+        if (typeof storedLevel === undefinedType) {
+          try {
+            var cookie = window.document.cookie;
+            var location = cookie.indexOf(encodeURIComponent(storageKey) + "=");
+            if (location !== -1) {
+              storedLevel = /^([^;]+)/.exec(cookie.slice(location))[1];
+            }
+          } catch (ignore) {}
+        }
+
+        // If the stored level is not valid, treat it as if nothing was stored.
+        if (self.levels[storedLevel] === undefined) {
+          storedLevel = undefined;
+        }
+        return storedLevel;
+      }
+      function clearPersistedLevel() {
+        if (typeof window === undefinedType || !storageKey) return;
+
+        // Use localStorage if available
+        try {
+          window.localStorage.removeItem(storageKey);
+          return;
+        } catch (ignore) {}
+
+        // Use session cookie as fallback
+        try {
+          window.document.cookie = encodeURIComponent(storageKey) + "=; expires=Thu, 01 Jan 1970 00:00:00 UTC";
+        } catch (ignore) {}
+      }
+
+      /*
+       *
+       * Public logger API - see https://github.com/pimterry/loglevel for details
+       *
+       */
+
+      self.name = name;
+      self.levels = {
+        "TRACE": 0,
+        "DEBUG": 1,
+        "INFO": 2,
+        "WARN": 3,
+        "ERROR": 4,
+        "SILENT": 5
+      };
+      self.methodFactory = factory || defaultMethodFactory;
+      self.getLevel = function () {
+        return currentLevel;
+      };
+      self.setLevel = function (level, persist) {
+        if (typeof level === "string" && self.levels[level.toUpperCase()] !== undefined) {
+          level = self.levels[level.toUpperCase()];
+        }
+        if (typeof level === "number" && level >= 0 && level <= self.levels.SILENT) {
+          currentLevel = level;
+          if (persist !== false) {
+            // defaults to true
+            persistLevelIfPossible(level);
+          }
+          replaceLoggingMethods.call(self, level, name);
+          if (typeof console === undefinedType && level < self.levels.SILENT) {
+            return "No console available for logging";
+          }
+        } else {
+          throw "log.setLevel() called with invalid level: " + level;
+        }
+      };
+      self.setDefaultLevel = function (level) {
+        defaultLevel = level;
+        if (!getPersistedLevel()) {
+          self.setLevel(level, false);
+        }
+      };
+      self.resetLevel = function () {
+        self.setLevel(defaultLevel, false);
+        clearPersistedLevel();
+      };
+      self.enableAll = function (persist) {
+        self.setLevel(self.levels.TRACE, persist);
+      };
+      self.disableAll = function (persist) {
+        self.setLevel(self.levels.SILENT, persist);
+      };
+
+      // Initialize with the right level
+      var initialLevel = getPersistedLevel();
+      if (initialLevel == null) {
+        initialLevel = defaultLevel;
+      }
+      self.setLevel(initialLevel, false);
+    }
+
+    /*
+     *
+     * Top-level API
+     *
+     */
+
+    var defaultLogger = new Logger();
+    var _loggersByName = {};
+    defaultLogger.getLogger = function getLogger(name) {
+      if (typeof name !== "symbol" && typeof name !== "string" || name === "") {
+        throw new TypeError("You must supply a name when creating a logger.");
+      }
+      var logger = _loggersByName[name];
+      if (!logger) {
+        logger = _loggersByName[name] = new Logger(name, defaultLogger.getLevel(), defaultLogger.methodFactory);
+      }
+      return logger;
+    };
+
+    // Grab the current global log variable in case of overwrite
+    var _log = typeof window !== undefinedType ? window.log : undefined;
+    defaultLogger.noConflict = function () {
+      if (typeof window !== undefinedType && window.log === defaultLogger) {
+        window.log = _log;
+      }
+      return defaultLogger;
+    };
+    defaultLogger.getLoggers = function getLoggers() {
+      return _loggersByName;
+    };
+
+    // ES6 default export, for compatibility
+    defaultLogger['default'] = defaultLogger;
+    return defaultLogger;
+  });
+})(loglevel);
+var loglevelExports = loglevel.exports;
+
+var LogLevel;
+(function (LogLevel) {
+  LogLevel[LogLevel["trace"] = 0] = "trace";
+  LogLevel[LogLevel["debug"] = 1] = "debug";
+  LogLevel[LogLevel["info"] = 2] = "info";
+  LogLevel[LogLevel["warn"] = 3] = "warn";
+  LogLevel[LogLevel["error"] = 4] = "error";
+  LogLevel[LogLevel["silent"] = 5] = "silent";
+})(LogLevel || (LogLevel = {}));
+const livekitLogger = loglevelExports.getLogger('livekit');
+livekitLogger.setDefaultLevel(LogLevel.info);
+
+const workerLogger = loglevelExports.getLogger('lk-e2ee');
+
+const ENCRYPTION_ALGORITHM = 'AES-GCM';
+// We use a ringbuffer of keys so we can change them and still decode packets that were
+// encrypted with an old key. We use a size of 16 which corresponds to the four bits
+// in the frame trailer.
+const KEYRING_SIZE = 16;
+// We copy the first bytes of the VP8 payload unencrypted.
+// For keyframes this is 10 bytes, for non-keyframes (delta) 3. See
+//   https://tools.ietf.org/html/rfc6386#section-9.1
+// This allows the bridge to continue detecting keyframes (only one byte needed in the JVB)
+// and is also a bit easier for the VP8 decoder (i.e. it generates funny garbage pictures
+// instead of being unable to decode).
+// This is a bit for show and we might want to reduce to 1 unconditionally in the final version.
+//
+// For audio (where frame.type is not set) we do not encrypt the opus TOC byte:
+//   https://tools.ietf.org/html/rfc6716#section-3.1
+const UNENCRYPTED_BYTES = {
+  key: 10,
+  delta: 3,
+  audio: 1,
+  empty: 0
+};
+/* We use a 12 byte bit IV. This is signalled in plain together with the
+ packet. See https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/encrypt#parameters */
+const IV_LENGTH = 12;
+const SALT = 'LKFrameEncryptionKey';
+const KEY_PROVIDER_DEFAULTS = {
+  sharedKey: false,
+  ratchetSalt: SALT,
+  ratchetWindowSize: 8
+};
+
+class LivekitError extends Error {
+  constructor(code, message) {
+    super(message || 'an error has occured');
+    this.code = code;
+  }
+}
+var MediaDeviceFailure;
+(function (MediaDeviceFailure) {
+  // user rejected permissions
+  MediaDeviceFailure["PermissionDenied"] = "PermissionDenied";
+  // device is not available
+  MediaDeviceFailure["NotFound"] = "NotFound";
+  // device is in use. On Windows, only a single tab may get access to a device at a time.
+  MediaDeviceFailure["DeviceInUse"] = "DeviceInUse";
+  MediaDeviceFailure["Other"] = "Other";
+})(MediaDeviceFailure || (MediaDeviceFailure = {}));
+(function (MediaDeviceFailure) {
+  function getFailure(error) {
+    if (error && 'name' in error) {
+      if (error.name === 'NotFoundError' || error.name === 'DevicesNotFoundError') {
+        return MediaDeviceFailure.NotFound;
+      }
+      if (error.name === 'NotAllowedError' || error.name === 'PermissionDeniedError') {
+        return MediaDeviceFailure.PermissionDenied;
+      }
+      if (error.name === 'NotReadableError' || error.name === 'TrackStartError') {
+        return MediaDeviceFailure.DeviceInUse;
+      }
+      return MediaDeviceFailure.Other;
+    }
+  }
+  MediaDeviceFailure.getFailure = getFailure;
+})(MediaDeviceFailure || (MediaDeviceFailure = {}));
+
+var CryptorErrorReason;
+(function (CryptorErrorReason) {
+  CryptorErrorReason[CryptorErrorReason["InvalidKey"] = 0] = "InvalidKey";
+  CryptorErrorReason[CryptorErrorReason["MissingKey"] = 1] = "MissingKey";
+  CryptorErrorReason[CryptorErrorReason["InternalError"] = 2] = "InternalError";
+})(CryptorErrorReason || (CryptorErrorReason = {}));
+class CryptorError extends LivekitError {
+  constructor(message) {
+    let reason = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : CryptorErrorReason.InternalError;
+    super(40, message);
+    this.reason = reason;
+  }
+}
+
+/******************************************************************************
+Copyright (c) Microsoft Corporation.
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.
+***************************************************************************** */
+/* global Reflect, Promise */
+
+
+function __awaiter(thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+}
+
+var eventemitter3 = {exports: {}};
+
+(function (module) {
+
+  var has = Object.prototype.hasOwnProperty,
+    prefix = '~';
+
+  /**
+   * Constructor to create a storage for our `EE` objects.
+   * An `Events` instance is a plain object whose properties are event names.
+   *
+   * @constructor
+   * @private
+   */
+  function Events() {}
+
+  //
+  // We try to not inherit from `Object.prototype`. In some engines creating an
+  // instance in this way is faster than calling `Object.create(null)` directly.
+  // If `Object.create(null)` is not supported we prefix the event names with a
+  // character to make sure that the built-in object properties are not
+  // overridden or used as an attack vector.
+  //
+  if (Object.create) {
+    Events.prototype = Object.create(null);
+
+    //
+    // This hack is needed because the `__proto__` property is still inherited in
+    // some old browsers like Android 4, iPhone 5.1, Opera 11 and Safari 5.
+    //
+    if (!new Events().__proto__) prefix = false;
+  }
+
+  /**
+   * Representation of a single event listener.
+   *
+   * @param {Function} fn The listener function.
+   * @param {*} context The context to invoke the listener with.
+   * @param {Boolean} [once=false] Specify if the listener is a one-time listener.
+   * @constructor
+   * @private
+   */
+  function EE(fn, context, once) {
+    this.fn = fn;
+    this.context = context;
+    this.once = once || false;
+  }
+
+  /**
+   * Add a listener for a given event.
+   *
+   * @param {EventEmitter} emitter Reference to the `EventEmitter` instance.
+   * @param {(String|Symbol)} event The event name.
+   * @param {Function} fn The listener function.
+   * @param {*} context The context to invoke the listener with.
+   * @param {Boolean} once Specify if the listener is a one-time listener.
+   * @returns {EventEmitter}
+   * @private
+   */
+  function addListener(emitter, event, fn, context, once) {
+    if (typeof fn !== 'function') {
+      throw new TypeError('The listener must be a function');
+    }
+    var listener = new EE(fn, context || emitter, once),
+      evt = prefix ? prefix + event : event;
+    if (!emitter._events[evt]) emitter._events[evt] = listener, emitter._eventsCount++;else if (!emitter._events[evt].fn) emitter._events[evt].push(listener);else emitter._events[evt] = [emitter._events[evt], listener];
+    return emitter;
+  }
+
+  /**
+   * Clear event by name.
+   *
+   * @param {EventEmitter} emitter Reference to the `EventEmitter` instance.
+   * @param {(String|Symbol)} evt The Event name.
+   * @private
+   */
+  function clearEvent(emitter, evt) {
+    if (--emitter._eventsCount === 0) emitter._events = new Events();else delete emitter._events[evt];
+  }
+
+  /**
+   * Minimal `EventEmitter` interface that is molded against the Node.js
+   * `EventEmitter` interface.
+   *
+   * @constructor
+   * @public
+   */
+  function EventEmitter() {
+    this._events = new Events();
+    this._eventsCount = 0;
+  }
+
+  /**
+   * Return an array listing the events for which the emitter has registered
+   * listeners.
+   *
+   * @returns {Array}
+   * @public
+   */
+  EventEmitter.prototype.eventNames = function eventNames() {
+    var names = [],
+      events,
+      name;
+    if (this._eventsCount === 0) return names;
+    for (name in events = this._events) {
+      if (has.call(events, name)) names.push(prefix ? name.slice(1) : name);
+    }
+    if (Object.getOwnPropertySymbols) {
+      return names.concat(Object.getOwnPropertySymbols(events));
+    }
+    return names;
+  };
+
+  /**
+   * Return the listeners registered for a given event.
+   *
+   * @param {(String|Symbol)} event The event name.
+   * @returns {Array} The registered listeners.
+   * @public
+   */
+  EventEmitter.prototype.listeners = function listeners(event) {
+    var evt = prefix ? prefix + event : event,
+      handlers = this._events[evt];
+    if (!handlers) return [];
+    if (handlers.fn) return [handlers.fn];
+    for (var i = 0, l = handlers.length, ee = new Array(l); i < l; i++) {
+      ee[i] = handlers[i].fn;
+    }
+    return ee;
+  };
+
+  /**
+   * Return the number of listeners listening to a given event.
+   *
+   * @param {(String|Symbol)} event The event name.
+   * @returns {Number} The number of listeners.
+   * @public
+   */
+  EventEmitter.prototype.listenerCount = function listenerCount(event) {
+    var evt = prefix ? prefix + event : event,
+      listeners = this._events[evt];
+    if (!listeners) return 0;
+    if (listeners.fn) return 1;
+    return listeners.length;
+  };
+
+  /**
+   * Calls each of the listeners registered for a given event.
+   *
+   * @param {(String|Symbol)} event The event name.
+   * @returns {Boolean} `true` if the event had listeners, else `false`.
+   * @public
+   */
+  EventEmitter.prototype.emit = function emit(event, a1, a2, a3, a4, a5) {
+    var evt = prefix ? prefix + event : event;
+    if (!this._events[evt]) return false;
+    var listeners = this._events[evt],
+      len = arguments.length,
+      args,
+      i;
+    if (listeners.fn) {
+      if (listeners.once) this.removeListener(event, listeners.fn, undefined, true);
+      switch (len) {
+        case 1:
+          return listeners.fn.call(listeners.context), true;
+        case 2:
+          return listeners.fn.call(listeners.context, a1), true;
+        case 3:
+          return listeners.fn.call(listeners.context, a1, a2), true;
+        case 4:
+          return listeners.fn.call(listeners.context, a1, a2, a3), true;
+        case 5:
+          return listeners.fn.call(listeners.context, a1, a2, a3, a4), true;
+        case 6:
+          return listeners.fn.call(listeners.context, a1, a2, a3, a4, a5), true;
+      }
+      for (i = 1, args = new Array(len - 1); i < len; i++) {
+        args[i - 1] = arguments[i];
+      }
+      listeners.fn.apply(listeners.context, args);
+    } else {
+      var length = listeners.length,
+        j;
+      for (i = 0; i < length; i++) {
+        if (listeners[i].once) this.removeListener(event, listeners[i].fn, undefined, true);
+        switch (len) {
+          case 1:
+            listeners[i].fn.call(listeners[i].context);
+            break;
+          case 2:
+            listeners[i].fn.call(listeners[i].context, a1);
+            break;
+          case 3:
+            listeners[i].fn.call(listeners[i].context, a1, a2);
+            break;
+          case 4:
+            listeners[i].fn.call(listeners[i].context, a1, a2, a3);
+            break;
+          default:
+            if (!args) for (j = 1, args = new Array(len - 1); j < len; j++) {
+              args[j - 1] = arguments[j];
+            }
+            listeners[i].fn.apply(listeners[i].context, args);
+        }
+      }
+    }
+    return true;
+  };
+
+  /**
+   * Add a listener for a given event.
+   *
+   * @param {(String|Symbol)} event The event name.
+   * @param {Function} fn The listener function.
+   * @param {*} [context=this] The context to invoke the listener with.
+   * @returns {EventEmitter} `this`.
+   * @public
+   */
+  EventEmitter.prototype.on = function on(event, fn, context) {
+    return addListener(this, event, fn, context, false);
+  };
+
+  /**
+   * Add a one-time listener for a given event.
+   *
+   * @param {(String|Symbol)} event The event name.
+   * @param {Function} fn The listener function.
+   * @param {*} [context=this] The context to invoke the listener with.
+   * @returns {EventEmitter} `this`.
+   * @public
+   */
+  EventEmitter.prototype.once = function once(event, fn, context) {
+    return addListener(this, event, fn, context, true);
+  };
+
+  /**
+   * Remove the listeners of a given event.
+   *
+   * @param {(String|Symbol)} event The event name.
+   * @param {Function} fn Only remove the listeners that match this function.
+   * @param {*} context Only remove the listeners that have this context.
+   * @param {Boolean} once Only remove one-time listeners.
+   * @returns {EventEmitter} `this`.
+   * @public
+   */
+  EventEmitter.prototype.removeListener = function removeListener(event, fn, context, once) {
+    var evt = prefix ? prefix + event : event;
+    if (!this._events[evt]) return this;
+    if (!fn) {
+      clearEvent(this, evt);
+      return this;
+    }
+    var listeners = this._events[evt];
+    if (listeners.fn) {
+      if (listeners.fn === fn && (!once || listeners.once) && (!context || listeners.context === context)) {
+        clearEvent(this, evt);
+      }
+    } else {
+      for (var i = 0, events = [], length = listeners.length; i < length; i++) {
+        if (listeners[i].fn !== fn || once && !listeners[i].once || context && listeners[i].context !== context) {
+          events.push(listeners[i]);
+        }
+      }
+
+      //
+      // Reset the array, or remove it completely if we have no more listeners.
+      //
+      if (events.length) this._events[evt] = events.length === 1 ? events[0] : events;else clearEvent(this, evt);
+    }
+    return this;
+  };
+
+  /**
+   * Remove all listeners, or those of the specified event.
+   *
+   * @param {(String|Symbol)} [event] The event name.
+   * @returns {EventEmitter} `this`.
+   * @public
+   */
+  EventEmitter.prototype.removeAllListeners = function removeAllListeners(event) {
+    var evt;
+    if (event) {
+      evt = prefix ? prefix + event : event;
+      if (this._events[evt]) clearEvent(this, evt);
+    } else {
+      this._events = new Events();
+      this._eventsCount = 0;
+    }
+    return this;
+  };
+
+  //
+  // Alias methods names because people roll like that.
+  //
+  EventEmitter.prototype.off = EventEmitter.prototype.removeListener;
+  EventEmitter.prototype.addListener = EventEmitter.prototype.on;
+
+  //
+  // Expose the prefix.
+  //
+  EventEmitter.prefixed = prefix;
+
+  //
+  // Allow `EventEmitter` to be imported as module namespace.
+  //
+  EventEmitter.EventEmitter = EventEmitter;
+
+  //
+  // Expose the module.
+  //
+  {
+    module.exports = EventEmitter;
+  }
+})(eventemitter3);
+var eventemitter3Exports = eventemitter3.exports;
+var EventEmitter = /*@__PURE__*/getDefaultExportFromCjs(eventemitter3Exports);
+
+const CryptorEvent = {
+  Error: 'cryptorError'
+};
+
+var AudioPresets;
+(function (AudioPresets) {
+  AudioPresets.telephone = {
+    maxBitrate: 12000
+  };
+  AudioPresets.speech = {
+    maxBitrate: 20000
+  };
+  AudioPresets.music = {
+    maxBitrate: 32000
+  };
+  AudioPresets.musicStereo = {
+    maxBitrate: 48000
+  };
+  AudioPresets.musicHighQuality = {
+    maxBitrate: 64000
+  };
+  AudioPresets.musicHighQualityStereo = {
+    maxBitrate: 96000
+  };
+})(AudioPresets || (AudioPresets = {}));
+
+function isVideoFrame(frame) {
+  return 'type' in frame;
+}
+function importKey(keyBytes) {
+  let algorithm = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {
+    name: ENCRYPTION_ALGORITHM
+  };
+  let usage = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : 'encrypt';
+  return __awaiter(this, void 0, void 0, function* () {
+    // https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey
+    return crypto.subtle.importKey('raw', keyBytes, algorithm, false, usage === 'derive' ? ['deriveBits', 'deriveKey'] : ['encrypt', 'decrypt']);
+  });
+}
+function getAlgoOptions(algorithmName, salt) {
+  const textEncoder = new TextEncoder();
+  const encodedSalt = textEncoder.encode(salt);
+  switch (algorithmName) {
+    case 'HKDF':
+      return {
+        name: 'HKDF',
+        salt: encodedSalt,
+        hash: 'SHA-256',
+        info: new ArrayBuffer(128)
+      };
+    case 'PBKDF2':
+      {
+        return {
+          name: 'PBKDF2',
+          salt: encodedSalt,
+          hash: 'SHA-256',
+          iterations: 100000
+        };
+      }
+    default:
+      throw new Error("algorithm ".concat(algorithmName, " is currently unsupported"));
+  }
+}
+/**
+ * Derives a set of keys from the master key.
+ * See https://tools.ietf.org/html/draft-omara-sframe-00#section-4.3.1
+ */
+function deriveKeys(material, salt) {
+  return __awaiter(this, void 0, void 0, function* () {
+    const algorithmOptions = getAlgoOptions(material.algorithm.name, salt);
+    // https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/deriveKey#HKDF
+    // https://developer.mozilla.org/en-US/docs/Web/API/HkdfParams
+    const encryptionKey = yield crypto.subtle.deriveKey(algorithmOptions, material, {
+      name: ENCRYPTION_ALGORITHM,
+      length: 128
+    }, false, ['encrypt', 'decrypt']);
+    return {
+      material,
+      encryptionKey
+    };
+  });
+}
+/**
+ * Ratchets a key. See
+ * https://tools.ietf.org/html/draft-omara-sframe-00#section-4.3.5.1
+ */
+function ratchet(material, salt) {
+  return __awaiter(this, void 0, void 0, function* () {
+    const algorithmOptions = getAlgoOptions(material.algorithm.name, salt);
+    // https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/deriveBits
+    return crypto.subtle.deriveBits(algorithmOptions, material, 256);
+  });
+}
+
+class BaseFrameCryptor extends EventEmitter {
+  encodeFunction(encodedFrame, controller) {
+    throw Error('not implemented for subclass');
+  }
+  decodeFunction(encodedFrame, controller) {
+    throw Error('not implemented for subclass');
+  }
+}
+/**
+ * Cryptor is responsible for en-/decrypting media frames.
+ * Each Cryptor instance is responsible for en-/decrypting a single mediaStreamTrack.
+ */
+class FrameCryptor extends BaseFrameCryptor {
+  constructor(opts) {
+    var _a;
+    super();
+    this.isKeyInvalid = false;
+    this.sendCounts = new Map();
+    this.keys = opts.keys;
+    this.participantId = opts.participantId;
+    this.rtpMap = new Map();
+    this.keyProviderOptions = opts.keyProviderOptions;
+    this.unencryptedFrameByteTrailer = (_a = opts.unencryptedFrameBytes) !== null && _a !== void 0 ? _a : new TextEncoder().encode('LKROCKS');
+  }
+  /**
+   * Assign a different participant to the cryptor.
+   * useful for transceiver re-use
+   * @param id
+   * @param keys
+   */
+  setParticipant(id, keys) {
+    this.participantId = id;
+    this.keys = keys;
+  }
+  unsetParticipant() {
+    this.participantId = undefined;
+  }
+  getParticipantId() {
+    return this.participantId;
+  }
+  getTrackId() {
+    return this.trackId;
+  }
+  /**
+   * Update the video codec used by the mediaStreamTrack
+   * @param codec
+   */
+  setVideoCodec(codec) {
+    this.videoCodec = codec;
+  }
+  /**
+   * rtp payload type map used for figuring out codec of payload type when encoding
+   * @param map
+   */
+  setRtpMap(map) {
+    this.rtpMap = map;
+  }
+  setupTransform(operation, readable, writable, trackId, codec) {
+    if (codec) {
+      console.info('setting codec on cryptor to', codec);
+      this.videoCodec = codec;
+    }
+    const transformFn = operation === 'encode' ? this.encodeFunction : this.decodeFunction;
+    const transformStream = new TransformStream({
+      transform: transformFn.bind(this)
+    });
+    readable.pipeThrough(transformStream).pipeTo(writable).catch(e => {
+      console.error(e);
+      this.emit('cryptorError', e instanceof CryptorError ? e : new CryptorError(e.message));
+    });
+    this.trackId = trackId;
+  }
+  /**
+   * Function that will be injected in a stream and will encrypt the given encoded frames.
+   *
+   * @param {RTCEncodedVideoFrame|RTCEncodedAudioFrame} encodedFrame - Encoded video frame.
+   * @param {TransformStreamDefaultController} controller - TransportStreamController.
+   *
+   * The VP8 payload descriptor described in
+   * https://tools.ietf.org/html/rfc7741#section-4.2
+   * is part of the RTP packet and not part of the frame and is not controllable by us.
+   * This is fine as the SFU keeps having access to it for routing.
+   *
+   * The encrypted frame is formed as follows:
+   * 1) Find unencrypted byte length, depending on the codec, frame type and kind.
+   * 2) Form the GCM IV for the frame as described above.
+   * 3) Encrypt the rest of the frame using AES-GCM.
+   * 4) Allocate space for the encrypted frame.
+   * 5) Copy the unencrypted bytes to the start of the encrypted frame.
+   * 6) Append the ciphertext to the encrypted frame.
+   * 7) Append the IV.
+   * 8) Append a single byte for the key identifier.
+   * 9) Enqueue the encrypted frame for sending.
+   */
+  encodeFunction(encodedFrame, controller) {
+    var _a;
+    return __awaiter(this, void 0, void 0, function* () {
+      if (!this.keys.isEnabled() ||
+      // skip for encryption for empty dtx frames
+      encodedFrame.data.byteLength === 0) {
+        return controller.enqueue(encodedFrame);
+      }
+      const {
+        encryptionKey
+      } = this.keys.getKeySet();
+      const keyIndex = this.keys.getCurrentKeyIndex();
+      if (encryptionKey) {
+        const iv = this.makeIV((_a = encodedFrame.getMetadata().synchronizationSource) !== null && _a !== void 0 ? _a : -1, encodedFrame.timestamp);
+        // Thіs is not encrypted and contains the VP8 payload descriptor or the Opus TOC byte.
+        const frameHeader = new Uint8Array(encodedFrame.data, 0, this.getUnencryptedBytes(encodedFrame));
+        // Frame trailer contains the R|IV_LENGTH and key index
+        const frameTrailer = new Uint8Array(2);
+        frameTrailer[0] = IV_LENGTH;
+        frameTrailer[1] = keyIndex;
+        // Construct frame trailer. Similar to the frame header described in
+        // https://tools.ietf.org/html/draft-omara-sframe-00#section-4.2
+        // but we put it at the end.
+        //
+        // ---------+-------------------------+-+---------+----
+        // payload  |IV...(length = IV_LENGTH)|R|IV_LENGTH|KID |
+        // ---------+-------------------------+-+---------+----
+        try {
+          const cipherText = yield crypto.subtle.encrypt({
+            name: ENCRYPTION_ALGORITHM,
+            iv,
+            additionalData: new Uint8Array(encodedFrame.data, 0, frameHeader.byteLength)
+          }, encryptionKey, new Uint8Array(encodedFrame.data, this.getUnencryptedBytes(encodedFrame)));
+          const newData = new ArrayBuffer(frameHeader.byteLength + cipherText.byteLength + iv.byteLength + frameTrailer.byteLength);
+          const newUint8 = new Uint8Array(newData);
+          newUint8.set(frameHeader); // copy first bytes.
+          newUint8.set(new Uint8Array(cipherText), frameHeader.byteLength); // add ciphertext.
+          newUint8.set(new Uint8Array(iv), frameHeader.byteLength + cipherText.byteLength); // append IV.
+          newUint8.set(frameTrailer, frameHeader.byteLength + cipherText.byteLength + iv.byteLength); // append frame trailer.
+          encodedFrame.data = newData;
+          return controller.enqueue(encodedFrame);
+        } catch (e) {
+          // TODO: surface this to the app.
+          workerLogger.error(e);
+        }
+      } else {
+        this.emit(CryptorEvent.Error, new CryptorError("encryption key missing for encoding", CryptorErrorReason.MissingKey));
+      }
+    });
+  }
+  /**
+   * Function that will be injected in a stream and will decrypt the given encoded frames.
+   *
+   * @param {RTCEncodedVideoFrame|RTCEncodedAudioFrame} encodedFrame - Encoded video frame.
+   * @param {TransformStreamDefaultController} controller - TransportStreamController.
+   */
+  decodeFunction(encodedFrame, controller) {
+    return __awaiter(this, void 0, void 0, function* () {
+      if (!this.keys.isEnabled() ||
+      // skip for decryption for empty dtx frames
+      encodedFrame.data.byteLength === 0 ||
+      // skip decryption if frame is server injected
+      isFrameServerInjected(encodedFrame.data, this.unencryptedFrameByteTrailer)) {
+        return controller.enqueue(encodedFrame);
+      }
+      const data = new Uint8Array(encodedFrame.data);
+      const keyIndex = data[encodedFrame.data.byteLength - 1];
+      if (this.keys.getKeySet(keyIndex)) {
+        try {
+          const decodedFrame = yield this.decryptFrame(encodedFrame, keyIndex);
+          if (decodedFrame) {
+            return controller.enqueue(decodedFrame);
+          }
+          this.isKeyInvalid = false;
+        } catch (error) {
+          if (error instanceof CryptorError && error.reason === CryptorErrorReason.InvalidKey) {
+            if (!this.isKeyInvalid) {
+              workerLogger.warn('invalid key');
+              this.emit(CryptorEvent.Error, new CryptorError("invalid key for participant ".concat(this.participantId), CryptorErrorReason.InvalidKey));
+              this.isKeyInvalid = true;
+            }
+          } else {
+            workerLogger.warn('decoding frame failed', {
+              error
+            });
+          }
+        }
+      } else {
+        this.emit(CryptorEvent.Error, new CryptorError("key missing for participant ".concat(this.participantId), CryptorErrorReason.MissingKey));
+      }
+      return controller.enqueue(encodedFrame);
+    });
+  }
+  /**
+   * Function that will decrypt the given encoded frame. If the decryption fails, it will
+   * ratchet the key for up to RATCHET_WINDOW_SIZE times.
+   */
+  decryptFrame(encodedFrame, keyIndex) {
+    let initialMaterial = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : undefined;
+    let ratchetOpts = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {
+      ratchetCount: 0
+    };
+    var _a;
+    return __awaiter(this, void 0, void 0, function* () {
+      const keySet = this.keys.getKeySet(keyIndex);
+      // Construct frame trailer. Similar to the frame header described in
+      // https://tools.ietf.org/html/draft-omara-sframe-00#section-4.2
+      // but we put it at the end.
+      //
+      // ---------+-------------------------+-+---------+----
+      // payload  |IV...(length = IV_LENGTH)|R|IV_LENGTH|KID |
+      // ---------+-------------------------+-+---------+----
+      try {
+        const frameHeader = new Uint8Array(encodedFrame.data, 0, this.getUnencryptedBytes(encodedFrame));
+        const frameTrailer = new Uint8Array(encodedFrame.data, encodedFrame.data.byteLength - 2, 2);
+        const ivLength = frameTrailer[0];
+        const iv = new Uint8Array(encodedFrame.data, encodedFrame.data.byteLength - ivLength - frameTrailer.byteLength, ivLength);
+        const cipherTextStart = frameHeader.byteLength;
+        const cipherTextLength = encodedFrame.data.byteLength - (frameHeader.byteLength + ivLength + frameTrailer.byteLength);
+        const plainText = yield crypto.subtle.decrypt({
+          name: ENCRYPTION_ALGORITHM,
+          iv,
+          additionalData: new Uint8Array(encodedFrame.data, 0, frameHeader.byteLength)
+        }, (_a = ratchetOpts.encryptionKey) !== null && _a !== void 0 ? _a : keySet.encryptionKey, new Uint8Array(encodedFrame.data, cipherTextStart, cipherTextLength));
+        const newData = new ArrayBuffer(frameHeader.byteLength + plainText.byteLength);
+        const newUint8 = new Uint8Array(newData);
+        newUint8.set(new Uint8Array(encodedFrame.data, 0, frameHeader.byteLength));
+        newUint8.set(new Uint8Array(plainText), frameHeader.byteLength);
+        encodedFrame.data = newData;
+        return encodedFrame;
+      } catch (error) {
+        if (this.keyProviderOptions.ratchetWindowSize > 0) {
+          if (ratchetOpts.ratchetCount < this.keyProviderOptions.ratchetWindowSize) {
+            workerLogger.debug("ratcheting key attempt ".concat(ratchetOpts.ratchetCount, " of ").concat(this.keyProviderOptions.ratchetWindowSize, ", for kind ").concat(encodedFrame instanceof RTCEncodedAudioFrame ? 'audio' : 'video'));
+            let ratchetedKeySet;
+            if (keySet === this.keys.getKeySet(keyIndex)) {
+              // only ratchet if the currently set key is still the same as the one used to decrypt this frame
+              // if not, it might be that a different frame has already ratcheted and we try with that one first
+              const newMaterial = yield this.keys.ratchetKey(keyIndex, false);
+              ratchetedKeySet = yield deriveKeys(newMaterial, this.keyProviderOptions.ratchetSalt);
+            }
+            const frame = yield this.decryptFrame(encodedFrame, keyIndex, initialMaterial || keySet, {
+              ratchetCount: ratchetOpts.ratchetCount + 1,
+              encryptionKey: ratchetedKeySet === null || ratchetedKeySet === void 0 ? void 0 : ratchetedKeySet.encryptionKey
+            });
+            if (frame && ratchetedKeySet) {
+              this.keys.setKeySet(ratchetedKeySet, keyIndex, true);
+              // decryption was successful, set the new key index to reflect the ratcheted key set
+              this.keys.setCurrentKeyIndex(keyIndex);
+            }
+            return frame;
+          } else {
+            /**
+             * Since the key it is first send and only afterwards actually used for encrypting, there were
+             * situations when the decrypting failed due to the fact that the received frame was not encrypted
+             * yet and ratcheting, of course, did not solve the problem. So if we fail RATCHET_WINDOW_SIZE times,
+             * we come back to the initial key.
+             */
+            if (initialMaterial) {
+              workerLogger.debug('resetting to initial material');
+              this.keys.setKeyFromMaterial(initialMaterial.material, keyIndex);
+            }
+            workerLogger.warn('maximum ratchet attempts exceeded, resetting key');
+          }
+        } else {
+          throw new CryptorError('Decryption failed, most likely because of an invalid key', CryptorErrorReason.InvalidKey);
+        }
+      }
+    });
+  }
+  /**
+   * Construct the IV used for AES-GCM and sent (in plain) with the packet similar to
+   * https://tools.ietf.org/html/rfc7714#section-8.1
+   * It concatenates
+   * - the 32 bit synchronization source (SSRC) given on the encoded frame,
+   * - the 32 bit rtp timestamp given on the encoded frame,
+   * - a send counter that is specific to the SSRC. Starts at a random number.
+   * The send counter is essentially the pictureId but we currently have to implement this ourselves.
+   * There is no XOR with a salt. Note that this IV leaks the SSRC to the receiver but since this is
+   * randomly generated and SFUs may not rewrite this is considered acceptable.
+   * The SSRC is used to allow demultiplexing multiple streams with the same key, as described in
+   *   https://tools.ietf.org/html/rfc3711#section-4.1.1
+   * The RTP timestamp is 32 bits and advances by the codec clock rate (90khz for video, 48khz for
+   * opus audio) every second. For video it rolls over roughly every 13 hours.
+   * The send counter will advance at the frame rate (30fps for video, 50fps for 20ms opus audio)
+   * every second. It will take a long time to roll over.
+   *
+   * See also https://developer.mozilla.org/en-US/docs/Web/API/AesGcmParams
+   */
+  makeIV(synchronizationSource, timestamp) {
+    var _a;
+    const iv = new ArrayBuffer(IV_LENGTH);
+    const ivView = new DataView(iv);
+    // having to keep our own send count (similar to a picture id) is not ideal.
+    if (!this.sendCounts.has(synchronizationSource)) {
+      // Initialize with a random offset, similar to the RTP sequence number.
+      this.sendCounts.set(synchronizationSource, Math.floor(Math.random() * 0xffff));
+    }
+    const sendCount = (_a = this.sendCounts.get(synchronizationSource)) !== null && _a !== void 0 ? _a : 0;
+    ivView.setUint32(0, synchronizationSource);
+    ivView.setUint32(4, timestamp);
+    ivView.setUint32(8, timestamp - sendCount % 0xffff);
+    this.sendCounts.set(synchronizationSource, sendCount + 1);
+    return iv;
+  }
+  getUnencryptedBytes(frame) {
+    var _a;
+    if (isVideoFrame(frame)) {
+      let detectedCodec = (_a = this.getVideoCodec(frame)) !== null && _a !== void 0 ? _a : this.videoCodec;
+      if (detectedCodec === 'av1' || detectedCodec === 'vp9') {
+        throw new Error("".concat(detectedCodec, " is not yet supported for end to end encryption"));
+      }
+      if (detectedCodec === 'vp8') {
+        return UNENCRYPTED_BYTES[frame.type];
+      }
+      const data = new Uint8Array(frame.data);
+      try {
+        const naluIndices = findNALUIndices(data);
+        // if the detected codec is undefined we test whether it _looks_ like a h264 frame as a best guess
+        const isH264 = detectedCodec === 'h264' || naluIndices.some(naluIndex => [NALUType.SLICE_IDR, NALUType.SLICE_NON_IDR].includes(parseNALUType(data[naluIndex])));
+        if (isH264) {
+          for (const index of naluIndices) {
+            let type = parseNALUType(data[index]);
+            switch (type) {
+              case NALUType.SLICE_IDR:
+              case NALUType.SLICE_NON_IDR:
+                return index + 2;
+              default:
+                break;
+            }
+          }
+          throw new TypeError('Could not find NALU');
+        }
+      } catch (e) {
+        // no op, we just continue and fallback to vp8
+      }
+      return UNENCRYPTED_BYTES[frame.type];
+    } else {
+      return UNENCRYPTED_BYTES.audio;
+    }
+  }
+  /**
+   * inspects frame payloadtype if available and maps it to the codec specified in rtpMap
+   */
+  getVideoCodec(frame) {
+    if (this.rtpMap.size === 0) {
+      return undefined;
+    }
+    // @ts-expect-error payloadType is not yet part of the typescript definition and currently not supported in Safari
+    const payloadType = frame.getMetadata().payloadType;
+    const codec = payloadType ? this.rtpMap.get(payloadType) : undefined;
+    return codec;
+  }
+}
+/**
+ * Slice the NALUs present in the supplied buffer, assuming it is already byte-aligned
+ * code adapted from https://github.com/medooze/h264-frame-parser/blob/main/lib/NalUnits.ts to return indices only
+ */
+function findNALUIndices(stream) {
+  const result = [];
+  let start = 0,
+    pos = 0,
+    searchLength = stream.length - 2;
+  while (pos < searchLength) {
+    // skip until end of current NALU
+    while (pos < searchLength && !(stream[pos] === 0 && stream[pos + 1] === 0 && stream[pos + 2] === 1)) pos++;
+    if (pos >= searchLength) pos = stream.length;
+    // remove trailing zeros from current NALU
+    let end = pos;
+    while (end > start && stream[end - 1] === 0) end--;
+    // save current NALU
+    if (start === 0) {
+      if (end !== start) throw TypeError('byte stream contains leading data');
+    } else {
+      result.push(start);
+    }
+    // begin new NALU
+    start = pos = pos + 3;
+  }
+  return result;
+}
+function parseNALUType(startByte) {
+  return startByte & kNaluTypeMask;
+}
+const kNaluTypeMask = 0x1f;
+var NALUType;
+(function (NALUType) {
+  /** Coded slice of a non-IDR picture */
+  NALUType[NALUType["SLICE_NON_IDR"] = 1] = "SLICE_NON_IDR";
+  /** Coded slice data partition A */
+  NALUType[NALUType["SLICE_PARTITION_A"] = 2] = "SLICE_PARTITION_A";
+  /** Coded slice data partition B */
+  NALUType[NALUType["SLICE_PARTITION_B"] = 3] = "SLICE_PARTITION_B";
+  /** Coded slice data partition C */
+  NALUType[NALUType["SLICE_PARTITION_C"] = 4] = "SLICE_PARTITION_C";
+  /** Coded slice of an IDR picture */
+  NALUType[NALUType["SLICE_IDR"] = 5] = "SLICE_IDR";
+  /** Supplemental enhancement information */
+  NALUType[NALUType["SEI"] = 6] = "SEI";
+  /** Sequence parameter set */
+  NALUType[NALUType["SPS"] = 7] = "SPS";
+  /** Picture parameter set */
+  NALUType[NALUType["PPS"] = 8] = "PPS";
+  /** Access unit delimiter */
+  NALUType[NALUType["AUD"] = 9] = "AUD";
+  /** End of sequence */
+  NALUType[NALUType["END_SEQ"] = 10] = "END_SEQ";
+  /** End of stream */
+  NALUType[NALUType["END_STREAM"] = 11] = "END_STREAM";
+  /** Filler data */
+  NALUType[NALUType["FILLER_DATA"] = 12] = "FILLER_DATA";
+  /** Sequence parameter set extension */
+  NALUType[NALUType["SPS_EXT"] = 13] = "SPS_EXT";
+  /** Prefix NAL unit */
+  NALUType[NALUType["PREFIX_NALU"] = 14] = "PREFIX_NALU";
+  /** Subset sequence parameter set */
+  NALUType[NALUType["SUBSET_SPS"] = 15] = "SUBSET_SPS";
+  /** Depth parameter set */
+  NALUType[NALUType["DPS"] = 16] = "DPS";
+  // 17, 18 reserved
+  /** Coded slice of an auxiliary coded picture without partitioning */
+  NALUType[NALUType["SLICE_AUX"] = 19] = "SLICE_AUX";
+  /** Coded slice extension */
+  NALUType[NALUType["SLICE_EXT"] = 20] = "SLICE_EXT";
+  /** Coded slice extension for a depth view component or a 3D-AVC texture view component */
+  NALUType[NALUType["SLICE_LAYER_EXT"] = 21] = "SLICE_LAYER_EXT";
+  // 22, 23 reserved
+})(NALUType || (NALUType = {}));
+/**
+ * we use a magic frame trailer to detect whether a frame is injected
+ * by the livekit server and thus to be treated as unencrypted
+ * @internal
+ */
+function isFrameServerInjected(frameData, trailerBytes) {
+  const frameTrailer = new Uint8Array(frameData.slice(frameData.byteLength - trailerBytes.byteLength));
+  return trailerBytes.every((value, index) => value === frameTrailer[index]);
+}
+
+// TODO ParticipantKeyHandlers currently don't get destroyed on participant disconnect
+// we could do this by having a separate worker message on participant disconnected.
+/**
+ * ParticipantKeyHandler is responsible for providing a cryptor instance with the
+ * en-/decryption key of a participant. It assumes that all tracks of a specific participant
+ * are encrypted with the same key.
+ * Additionally it exposes a method to ratchet a key which can be used by the cryptor either automatically
+ * if decryption fails or can be triggered manually on both sender and receiver side.
+ *
+ */
+class ParticipantKeyHandler extends EventEmitter {
+  constructor(participantId, isEnabled, keyProviderOptions) {
+    super();
+    this.currentKeyIndex = 0;
+    this.cryptoKeyRing = new Array(KEYRING_SIZE);
+    this.enabled = isEnabled;
+    this.keyProviderOptions = keyProviderOptions;
+    this.ratchetPromiseMap = new Map();
+    this.participantId = participantId;
+  }
+  setEnabled(enabled) {
+    this.enabled = enabled;
+  }
+  /**
+   * Ratchets the current key (or the one at keyIndex if provided) and
+   * returns the ratcheted material
+   * if `setKey` is true (default), it will also set the ratcheted key directly on the crypto key ring
+   * @param keyIndex
+   * @param setKey
+   */
+  ratchetKey(keyIndex) {
+    let setKey = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : true;
+    const currentKeyIndex = keyIndex !== null && keyIndex !== void 0 ? keyIndex : keyIndex = this.getCurrentKeyIndex();
+    const existingPromise = this.ratchetPromiseMap.get(currentKeyIndex);
+    if (typeof existingPromise !== 'undefined') {
+      return existingPromise;
+    }
+    const ratchetPromise = new Promise((resolve, reject) => __awaiter(this, void 0, void 0, function* () {
+      try {
+        const currentMaterial = this.getKeySet(currentKeyIndex).material;
+        const newMaterial = yield importKey(yield ratchet(currentMaterial, this.keyProviderOptions.ratchetSalt), currentMaterial.algorithm.name, 'derive');
+        if (setKey) {
+          this.setKeyFromMaterial(newMaterial, currentKeyIndex, true);
+        }
+        this.emit('keyRatcheted', newMaterial, keyIndex, this.participantId);
+        resolve(newMaterial);
+      } catch (e) {
+        reject(e);
+      } finally {
+        this.ratchetPromiseMap.delete(currentKeyIndex);
+      }
+    }));
+    this.ratchetPromiseMap.set(currentKeyIndex, ratchetPromise);
+    return ratchetPromise;
+  }
+  /**
+   * takes in a key material with `deriveBits` and `deriveKey` set as key usages
+   * and derives encryption keys from the material and sets it on the key ring buffer
+   * together with the material
+   * also updates the currentKeyIndex
+   */
+  setKeyFromMaterial(material) {
+    let keyIndex = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : 0;
+    let emitRatchetEvent = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
+    return __awaiter(this, void 0, void 0, function* () {
+      workerLogger.debug('setting new key');
+      if (keyIndex >= 0) {
+        this.currentKeyIndex = keyIndex % this.cryptoKeyRing.length;
+      }
+      const keySet = yield deriveKeys(material, this.keyProviderOptions.ratchetSalt);
+      this.setKeySet(keySet, this.currentKeyIndex, emitRatchetEvent);
+    });
+  }
+  setKeySet(keySet, keyIndex) {
+    let emitRatchetEvent = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
+    return __awaiter(this, void 0, void 0, function* () {
+      this.cryptoKeyRing[keyIndex % this.cryptoKeyRing.length] = keySet;
+      if (emitRatchetEvent) {
+        this.emit('keyRatcheted', keySet.material, keyIndex, this.participantId);
+      }
+    });
+  }
+  setCurrentKeyIndex(index) {
+    return __awaiter(this, void 0, void 0, function* () {
+      this.currentKeyIndex = index % this.cryptoKeyRing.length;
+    });
+  }
+  isEnabled() {
+    return this.enabled;
+  }
+  getCurrentKeyIndex() {
+    return this.currentKeyIndex;
+  }
+  /**
+   * returns currently used KeySet or the one at `keyIndex` if provided
+   * @param keyIndex
+   * @returns
+   */
+  getKeySet(keyIndex) {
+    return this.cryptoKeyRing[keyIndex !== null && keyIndex !== void 0 ? keyIndex : this.currentKeyIndex];
+  }
+}
+
+const participantCryptors = [];
+const participantKeys = new Map();
+let publishCryptors = [];
+let publisherKeys;
+let isEncryptionEnabled = false;
+let useSharedKey = false;
+let sharedKey;
+let keyProviderOptions = KEY_PROVIDER_DEFAULTS;
+workerLogger.setDefaultLevel('info');
+onmessage = ev => {
+  const {
+    kind,
+    data
+  } = ev.data;
+  switch (kind) {
+    case 'init':
+      workerLogger.info('worker initialized');
+      keyProviderOptions = data.keyProviderOptions;
+      useSharedKey = !!data.keyProviderOptions.sharedKey;
+      // acknowledge init successful
+      const enableMsg = {
+        kind: 'enable',
+        data: {
+          enabled: isEncryptionEnabled
+        }
+      };
+      publisherKeys = new ParticipantKeyHandler(undefined, isEncryptionEnabled, keyProviderOptions);
+      publisherKeys.on('keyRatcheted', emitRatchetedKeys);
+      postMessage(enableMsg);
+      break;
+    case 'enable':
+      setEncryptionEnabled(data.enabled, data.participantId);
+      workerLogger.info('updated e2ee enabled status');
+      // acknowledge enable call successful
+      postMessage(ev.data);
+      break;
+    case 'decode':
+      let cryptor = getTrackCryptor(data.participantId, data.trackId);
+      cryptor.setupTransform(kind, data.readableStream, data.writableStream, data.trackId, data.codec);
+      break;
+    case 'encode':
+      let pubCryptor = getPublisherCryptor(data.trackId);
+      pubCryptor.setupTransform(kind, data.readableStream, data.writableStream, data.trackId, data.codec);
+      break;
+    case 'setKey':
+      if (useSharedKey) {
+        workerLogger.debug('set shared key');
+        setSharedKey(data.key, data.keyIndex);
+      } else if (data.participantId) {
+        getParticipantKeyHandler(data.participantId).setKeyFromMaterial(data.key, data.keyIndex);
+      } else {
+        workerLogger.error('no participant Id was provided and shared key usage is disabled');
+      }
+      break;
+    case 'removeTransform':
+      unsetCryptorParticipant(data.trackId);
+      break;
+    case 'updateCodec':
+      getTrackCryptor(data.participantId, data.trackId).setVideoCodec(data.codec);
+      break;
+    case 'setRTPMap':
+      publishCryptors.forEach(cr => {
+        cr.setRtpMap(data.map);
+      });
+      break;
+    case 'ratchetRequest':
+      getParticipantKeyHandler(data.participantId).ratchetKey(data.keyIndex);
+  }
+};
+function getTrackCryptor(participantId, trackId) {
+  let cryptor = participantCryptors.find(c => c.getTrackId() === trackId);
+  if (!cryptor) {
+    workerLogger.info('creating new cryptor for', {
+      participantId
+    });
+    if (!keyProviderOptions) {
+      throw Error('Missing keyProvider options');
+    }
+    cryptor = new FrameCryptor({
+      participantId,
+      keys: getParticipantKeyHandler(participantId),
+      keyProviderOptions
+    });
+    setupCryptorErrorEvents(cryptor);
+    participantCryptors.push(cryptor);
+  } else if (participantId !== cryptor.getParticipantId()) {
+    // assign new participant id to track cryptor and pass in correct key handler
+    cryptor.setParticipant(participantId, getParticipantKeyHandler(participantId));
+  }
+  return cryptor;
+}
+function getParticipantKeyHandler(participantId) {
+  if (!participantId) {
+    return publisherKeys;
+  }
+  let keys = participantKeys.get(participantId);
+  if (!keys) {
+    keys = new ParticipantKeyHandler(participantId, true, keyProviderOptions);
+    if (sharedKey) {
+      keys.setKeyFromMaterial(sharedKey);
+    }
+    participantKeys.set(participantId, keys);
+  }
+  return keys;
+}
+function unsetCryptorParticipant(trackId) {
+  var _a;
+  (_a = participantCryptors.find(c => c.getTrackId() === trackId)) === null || _a === void 0 ? void 0 : _a.unsetParticipant();
+}
+function getPublisherCryptor(trackId) {
+  let publishCryptor = publishCryptors.find(cryptor => cryptor.getTrackId() === trackId);
+  if (!publishCryptor) {
+    if (!keyProviderOptions) {
+      throw new TypeError('Missing keyProvider options');
+    }
+    publishCryptor = new FrameCryptor({
+      keys: publisherKeys,
+      participantId: 'publisher',
+      keyProviderOptions
+    });
+    setupCryptorErrorEvents(publishCryptor);
+    publishCryptors.push(publishCryptor);
+  }
+  return publishCryptor;
+}
+function setEncryptionEnabled(enable, participantId) {
+  if (!participantId) {
+    isEncryptionEnabled = enable;
+    publisherKeys.setEnabled(enable);
+  } else {
+    getParticipantKeyHandler(participantId).setEnabled(enable);
+  }
+}
+function setSharedKey(key, index) {
+  workerLogger.debug('setting shared key');
+  sharedKey = key;
+  publisherKeys === null || publisherKeys === void 0 ? void 0 : publisherKeys.setKeyFromMaterial(key, index);
+  for (const [, keyHandler] of participantKeys) {
+    keyHandler.setKeyFromMaterial(key, index);
+  }
+}
+function setupCryptorErrorEvents(cryptor) {
+  cryptor.on('cryptorError', error => {
+    const msg = {
+      kind: 'error',
+      data: {
+        error: new Error("".concat(CryptorErrorReason[error.reason], ": ").concat(error.message))
+      }
+    };
+    postMessage(msg);
+  });
+}
+function emitRatchetedKeys(material, keyIndex) {
+  const msg = {
+    kind: "ratchetKey",
+    data: {
+      // participantId,
+      keyIndex,
+      material
+    }
+  };
+  postMessage(msg);
+}
+// Operations using RTCRtpScriptTransform.
+// @ts-ignore
+if (self.RTCTransformEvent) {
+  workerLogger.debug('setup transform event');
+  // @ts-ignore
+  self.onrtctransform = event => {
+    const transformer = event.transformer;
+    workerLogger.debug('transformer', transformer);
+    transformer.handled = true;
+    const {
+      kind,
+      participantId,
+      trackId,
+      codec
+    } = transformer.options;
+    const cryptor = kind === 'encode' ? getPublisherCryptor(trackId) : getTrackCryptor(participantId, trackId);
+    workerLogger.debug('transform', {
+      codec
+    });
+    cryptor.setupTransform(kind, transformer.readable, transformer.writable, trackId, codec);
+  };
+}
+//# sourceMappingURL=livekit-client.e2ee.worker.mjs.map