New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@aws-crypto/material-management
Advanced tools
@aws-crypto/material-management - npm Package Compare versions
Comparing version 0.2.0-preview.3 to 0.2.0-preview.4
@@ -1,2 +0,8 @@ | ||
| import { MixedBackendCryptoKey, SupportedAlgorithmSuites, AwsEsdkJsCryptoKey, AwsEsdkJsKeyUsage, EncryptionContext } from './types'; | ||
| import { MixedBackendCryptoKey, // eslint-disable-line no-unused-vars | ||
| SupportedAlgorithmSuites, // eslint-disable-line no-unused-vars | ||
| AwsEsdkJsCryptoKey, // eslint-disable-line no-unused-vars | ||
| AwsEsdkJsKeyUsage, // eslint-disable-line no-unused-vars | ||
| EncryptionContext, // eslint-disable-line no-unused-vars | ||
| AwsEsdkKeyObject, // eslint-disable-line no-unused-vars | ||
| AwsEsdkCreateSecretKey } from './types'; | ||
| import { EncryptedDataKey } from './encrypted_data_key'; | ||
@@ -7,2 +13,9 @@ import { SignatureKey, VerificationKey } from './signature_key'; | ||
| import { WebCryptoAlgorithmSuite } from './web_crypto_algorithms'; | ||
| interface AwsEsdkKeyObjectInstanceOf { | ||
| new (): AwsEsdkKeyObject; | ||
| } | ||
| export declare const supportsKeyObject: boolean | { | ||
| KeyObject: AwsEsdkKeyObjectInstanceOf; | ||
| createSecretKey: AwsEsdkCreateSecretKey; | ||
| }; | ||
| export interface FunctionalCryptographicMaterial { | ||
@@ -13,7 +26,6 @@ hasValidKey: () => boolean; | ||
| suite: SupportedAlgorithmSuites; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array, trace: KeyringTrace) => T; | ||
| getUnencryptedDataKey: () => Uint8Array; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array | AwsEsdkKeyObject, trace: KeyringTrace) => T; | ||
| getUnencryptedDataKey: () => Uint8Array | AwsEsdkKeyObject; | ||
| zeroUnencryptedDataKey: () => T; | ||
| hasUnencryptedDataKey: boolean; | ||
| unencryptedDataKeyLength: number; | ||
| keyringTrace: KeyringTrace[]; | ||
@@ -40,7 +52,6 @@ encryptionContext: Readonly<EncryptionContext>; | ||
| suite: NodeAlgorithmSuite; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array, trace: KeyringTrace) => NodeEncryptionMaterial; | ||
| getUnencryptedDataKey: () => Uint8Array; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array | AwsEsdkKeyObject, trace: KeyringTrace) => NodeEncryptionMaterial; | ||
| getUnencryptedDataKey: () => Uint8Array | AwsEsdkKeyObject; | ||
| zeroUnencryptedDataKey: () => NodeEncryptionMaterial; | ||
| hasUnencryptedDataKey: boolean; | ||
| unencryptedDataKeyLength: number; | ||
| keyringTrace: KeyringTrace[]; | ||
@@ -57,7 +68,6 @@ encryptedDataKeys: EncryptedDataKey[]; | ||
| suite: NodeAlgorithmSuite; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array, trace: KeyringTrace) => NodeDecryptionMaterial; | ||
| getUnencryptedDataKey: () => Uint8Array; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array | AwsEsdkKeyObject, trace: KeyringTrace) => NodeDecryptionMaterial; | ||
| getUnencryptedDataKey: () => Uint8Array | AwsEsdkKeyObject; | ||
| zeroUnencryptedDataKey: () => NodeDecryptionMaterial; | ||
| hasUnencryptedDataKey: boolean; | ||
| unencryptedDataKeyLength: number; | ||
| keyringTrace: KeyringTrace[]; | ||
@@ -72,7 +82,6 @@ setVerificationKey: (key: VerificationKey) => NodeDecryptionMaterial; | ||
| suite: WebCryptoAlgorithmSuite; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array, trace: KeyringTrace) => WebCryptoEncryptionMaterial; | ||
| getUnencryptedDataKey: () => Uint8Array; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array | AwsEsdkKeyObject, trace: KeyringTrace) => WebCryptoEncryptionMaterial; | ||
| getUnencryptedDataKey: () => Uint8Array | AwsEsdkKeyObject; | ||
| zeroUnencryptedDataKey: () => WebCryptoEncryptionMaterial; | ||
| hasUnencryptedDataKey: boolean; | ||
| unencryptedDataKeyLength: number; | ||
| keyringTrace: KeyringTrace[]; | ||
@@ -93,7 +102,6 @@ encryptedDataKeys: EncryptedDataKey[]; | ||
| suite: WebCryptoAlgorithmSuite; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array, trace: KeyringTrace) => WebCryptoDecryptionMaterial; | ||
| getUnencryptedDataKey: () => Uint8Array; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array | AwsEsdkKeyObject, trace: KeyringTrace) => WebCryptoDecryptionMaterial; | ||
| getUnencryptedDataKey: () => Uint8Array | AwsEsdkKeyObject; | ||
| zeroUnencryptedDataKey: () => WebCryptoDecryptionMaterial; | ||
| hasUnencryptedDataKey: boolean; | ||
| unencryptedDataKeyLength: number; | ||
| keyringTrace: KeyringTrace[]; | ||
@@ -112,3 +120,3 @@ setVerificationKey: (key: VerificationKey) => WebCryptoDecryptionMaterial; | ||
| export declare function isDecryptionMaterial(obj: any): obj is WebCryptoDecryptionMaterial | NodeDecryptionMaterial; | ||
| export declare function decorateCryptographicMaterial<T extends CryptographicMaterial<T>>(material: T, setFlags: KeyringTraceFlag): T; | ||
| export declare function decorateCryptographicMaterial<T extends CryptographicMaterial<T>>(material: T, setFlag: KeyringTraceFlag): T; | ||
| export declare function decorateEncryptionMaterial<T extends EncryptionMaterial<T>>(material: T): T; | ||
@@ -121,2 +129,5 @@ export declare function decorateDecryptionMaterial<T extends DecryptionMaterial<T>>(material: T): T; | ||
| export declare function subtleFunctionForMaterial<T extends WebCryptoMaterial<T>>(material: T): "encrypt" | "decrypt"; | ||
| export declare function unwrapDataKey(dataKey: Uint8Array | AwsEsdkKeyObject): Uint8Array; | ||
| export declare function wrapWithKeyObjectIfSupported(dataKey: Uint8Array | AwsEsdkKeyObject): Uint8Array | AwsEsdkKeyObject; | ||
| export {}; | ||
| //# sourceMappingURL=cryptographic_material.d.ts.map |
@@ -24,2 +24,13 @@ "use strict"; | ||
| const needs_1 = require("./needs"); | ||
| exports.supportsKeyObject = (function () { | ||
| try { | ||
| const { KeyObject, createSecretKey } = require('crypto'); | ||
| if (!KeyObject || !createSecretKey) | ||
| return false; | ||
| return { KeyObject, createSecretKey }; | ||
| } | ||
| catch (ex) { | ||
| return false; | ||
| } | ||
| })(); | ||
| /* | ||
@@ -41,33 +52,34 @@ * This public interface to the CryptographicMaterial object is provided for | ||
| */ | ||
| let timingSafeEqual; | ||
| try { | ||
| /* It is possible for `require` to return an empty object, or an object | ||
| * that does not implement `timingSafeEqual`. | ||
| * in this case I need a fallback | ||
| */ | ||
| const { timingSafeEqual: nodeTimingSafeEqual } = require('crypto'); | ||
| timingSafeEqual = nodeTimingSafeEqual || portableTimingSafeEqual; | ||
| } | ||
| catch (e) { | ||
| timingSafeEqual = portableTimingSafeEqual; | ||
| } | ||
| /* https://codahale.com/a-lesson-in-timing-attacks/ */ | ||
| function portableTimingSafeEqual(a, b) { | ||
| /* It is *possible* that a runtime could optimize this constant time function. | ||
| * Adding `eval` should prevent the optimization, but this is no grantee. | ||
| * If you copy this function for your own use, make sure to educate yourself. | ||
| * Side channel attacks are pernicious and subtle. | ||
| */ | ||
| eval(''); // eslint-disable-line no-eval | ||
| /* Check for early return (Postcondition) UNTESTED: Size is well-know information. | ||
| * and does not leak information about contents. | ||
| */ | ||
| if (a.byteLength !== b.byteLength) | ||
| return false; | ||
| let diff = 0; | ||
| for (let i = 0; i < b.length; i++) { | ||
| diff |= a[i] ^ b[i]; | ||
| const timingSafeEqual = (function () { | ||
| try { | ||
| /* It is possible for `require` to return an empty object, or an object | ||
| * that does not implement `timingSafeEqual`. | ||
| * in this case I need a fallback | ||
| */ | ||
| const { timingSafeEqual: nodeTimingSafeEqual } = require('crypto'); | ||
| return nodeTimingSafeEqual || portableTimingSafeEqual; | ||
| } | ||
| return (diff === 0); | ||
| } | ||
| catch (e) { | ||
| return portableTimingSafeEqual; | ||
| } | ||
| /* https://codahale.com/a-lesson-in-timing-attacks/ */ | ||
| function portableTimingSafeEqual(a, b) { | ||
| /* It is *possible* that a runtime could optimize this constant time function. | ||
| * Adding `eval` should prevent the optimization, but this is no grantee. | ||
| * If you copy this function for your own use, make sure to educate yourself. | ||
| * Side channel attacks are pernicious and subtle. | ||
| */ | ||
| eval(''); // eslint-disable-line no-eval | ||
| /* Check for early return (Postcondition) UNTESTED: Size is well-know information. | ||
| * and does not leak information about contents. | ||
| */ | ||
| if (a.byteLength !== b.byteLength) | ||
| return false; | ||
| let diff = 0; | ||
| for (let i = 0; i < b.length; i++) { | ||
| diff |= a[i] ^ b[i]; | ||
| } | ||
| return (diff === 0); | ||
| } | ||
| })(); | ||
| class NodeEncryptionMaterial { | ||
@@ -173,3 +185,14 @@ constructor(suite, encryptionContext) { | ||
| exports.isDecryptionMaterial = isDecryptionMaterial; | ||
| function decorateCryptographicMaterial(material, setFlags) { | ||
| function decorateCryptographicMaterial(material, setFlag) { | ||
| /* Precondition: setFlag must be in the set of KeyringTraceFlag.SET_FLAGS. */ | ||
| needs_1.needs(setFlag & keyring_trace_1.KeyringTraceFlag.SET_FLAGS, 'Invalid setFlag'); | ||
| /* When a KeyringTraceFlag is passed to setUnencryptedDataKey, | ||
| * it must be valid for the type of material. | ||
| * It is invalid to claim that EncryptionMaterial were decrypted. | ||
| */ | ||
| const deniedSetFlags = (keyring_trace_1.KeyringTraceFlag.SET_FLAGS ^ setFlag) | (setFlag === keyring_trace_1.KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY | ||
| ? keyring_trace_1.KeyringTraceFlag.DECRYPT_FLAGS | ||
| : setFlag === keyring_trace_1.KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY | ||
| ? keyring_trace_1.KeyringTraceFlag.ENCRYPT_FLAGS | ||
| : 0); | ||
| let unencryptedDataKeyZeroed = false; | ||
@@ -183,24 +206,9 @@ let unencryptedDataKey; | ||
| const setUnencryptedDataKey = (dataKey, trace) => { | ||
| /* Precondition: unencryptedDataKey must not be set. Modifying the unencryptedDataKey is denied */ | ||
| needs_1.needs(!unencryptedDataKey, 'unencryptedDataKey has already been set'); | ||
| /* Precondition: dataKey must be Binary Data */ | ||
| needs_1.needs(dataKey instanceof Uint8Array, 'dataKey must be a Uint8Array'); | ||
| /* Precondition: dataKey should have an ArrayBuffer that *only* stores the key. | ||
| * This is a simple check to make sure that the key is not stored on | ||
| * a large potentially shared ArrayBuffer. | ||
| * If this was the case, it may be possible to find or manipulate. | ||
| */ | ||
| needs_1.needs(dataKey.byteOffset === 0, 'Unencrypted Master Key must be an isolated buffer.'); | ||
| /* Precondition: The data key length must agree with algorithm specification. | ||
| * If this is not the case, it either means ciphertext was tampered | ||
| * with or the keyring implementation is not setting the length properly. | ||
| */ | ||
| needs_1.needs(dataKey.byteLength === material.suite.keyLengthBytes, 'Key length does not agree with the algorithm specification.'); | ||
| /* Precondition: Trace must be set, and the flag must indicate that the data key was generated. */ | ||
| needs_1.needs(trace && trace.keyName && trace.keyNamespace, 'Malformed KeyringTrace'); | ||
| /* Precondition: On set the required KeyringTraceFlag must be set. */ | ||
| needs_1.needs(trace.flags & setFlags, 'Required KeyringTraceFlag not set'); | ||
| /* Avoid making unnecessary copies of the dataKey. */ | ||
| const tempUdk = dataKey instanceof Uint8Array ? dataKey : unwrapDataKey(dataKey); | ||
| /* All security conditions are tested here and failures will throw. */ | ||
| verifyUnencryptedDataKeyForSet(tempUdk, trace); | ||
| unencryptedDataKey = wrapWithKeyObjectIfSupported(dataKey); | ||
| udkForVerification = new Uint8Array(tempUdk); | ||
| material.keyringTrace.push(trace); | ||
| unencryptedDataKey = dataKey; | ||
| udkForVerification = new Uint8Array(dataKey); | ||
| return material; | ||
@@ -215,4 +223,8 @@ }; | ||
| needs_1.needs(!unencryptedDataKeyZeroed, 'unencryptedDataKey has been zeroed.'); | ||
| /* Precondition: The unencryptedDataKey must not have been modified. */ | ||
| needs_1.needs(timingSafeEqual(udkForVerification, unencryptedDataKey), 'unencryptedDataKey has been corrupted.'); | ||
| /* Precondition: The unencryptedDataKey must not have been modified. | ||
| * If the unencryptedDataKey is a KeyObject, | ||
| * then the security around modification is handled in C. | ||
| * Do not duplicate the secret just to check... | ||
| */ | ||
| needs_1.needs(!(unencryptedDataKey instanceof Uint8Array) || timingSafeEqual(udkForVerification, unwrapDataKey(unencryptedDataKey)), 'unencryptedDataKey has been corrupted.'); | ||
| return unencryptedDataKey; | ||
@@ -244,2 +256,8 @@ }; | ||
| } | ||
| /* The KeyObject manages its own ref counter. | ||
| * Once there are no more users, it will clean the memory. | ||
| */ | ||
| if (!(unencryptedDataKey instanceof Uint8Array)) { | ||
| unencryptedDataKey = new Uint8Array(); | ||
| } | ||
| unencryptedDataKey.fill(0); | ||
@@ -255,17 +273,2 @@ udkForVerification.fill(0); | ||
| }; | ||
| Object.defineProperty(material, 'unencryptedDataKeyLength', { | ||
| get: () => { | ||
| /* Precondition: The unencryptedDataKey must be set to have a length. */ | ||
| needs_1.needs(unencryptedDataKey, 'unencryptedDataKey has not been set'); | ||
| /* Precondition: the unencryptedDataKey must not be Zeroed out. | ||
| * returning information about the data key, | ||
| * while not the worst thing may indicate misuse. | ||
| * Checking the algorithm specification is the proper way | ||
| * to do this | ||
| */ | ||
| needs_1.needs(!unencryptedDataKeyZeroed, 'unencryptedDataKey has been zeroed.'); | ||
| return unencryptedDataKey.byteLength; | ||
| }, | ||
| enumerable: true | ||
| }); | ||
| immutable_class_1.readOnlyProperty(material, 'setUnencryptedDataKey', setUnencryptedDataKey); | ||
@@ -275,5 +278,31 @@ immutable_class_1.readOnlyProperty(material, 'getUnencryptedDataKey', getUnencryptedDataKey); | ||
| return material; | ||
| function verifyUnencryptedDataKeyForSet(dataKey, trace) { | ||
| /* Precondition: unencryptedDataKey must not be set. Modifying the unencryptedDataKey is denied */ | ||
| needs_1.needs(!unencryptedDataKey, 'unencryptedDataKey has already been set'); | ||
| /* Precondition: dataKey must be Binary Data */ | ||
| needs_1.needs(dataKey instanceof Uint8Array, 'dataKey must be a Uint8Array'); | ||
| /* Precondition: dataKey should have an ArrayBuffer that *only* stores the key. | ||
| * This is a simple check to make sure that the key is not stored on | ||
| * a large potentially shared ArrayBuffer. | ||
| * If this was the case, it may be possible to find or manipulate. | ||
| */ | ||
| needs_1.needs(dataKey.byteOffset === 0, 'Unencrypted Master Key must be an isolated buffer.'); | ||
| /* Precondition: The data key length must agree with algorithm specification. | ||
| * If this is not the case, it either means ciphertext was tampered | ||
| * with or the keyring implementation is not setting the length properly. | ||
| */ | ||
| needs_1.needs(dataKey.byteLength === material.suite.keyLengthBytes, 'Key length does not agree with the algorithm specification.'); | ||
| /* Precondition: Trace must be set, and the flag must indicate that the data key was generated. */ | ||
| needs_1.needs(trace && trace.keyName && trace.keyNamespace, 'Malformed KeyringTrace'); | ||
| /* Precondition: On set the required KeyringTraceFlag must be set. */ | ||
| needs_1.needs(trace.flags & setFlag, 'Required KeyringTraceFlag not set'); | ||
| /* Precondition: Only valid flags are allowed. | ||
| * An unencrypted data key can not be both generated and decrypted. | ||
| */ | ||
| needs_1.needs(!(trace.flags & deniedSetFlags), 'Invalid KeyringTraceFlags set.'); | ||
| } | ||
| } | ||
| exports.decorateCryptographicMaterial = decorateCryptographicMaterial; | ||
| function decorateEncryptionMaterial(material) { | ||
| const deniedEncryptFlags = keyring_trace_1.KeyringTraceFlag.SET_FLAGS | keyring_trace_1.KeyringTraceFlag.DECRYPT_FLAGS; | ||
| const encryptedDataKeys = []; | ||
@@ -294,13 +323,13 @@ let signatureKey; | ||
| needs_1.needs(flags & keyring_trace_1.KeyringTraceFlag.WRAPPING_KEY_ENCRYPTED_DATA_KEY, 'Encrypted data key flag must be set.'); | ||
| /* When the unencrypted data key is first set, a given wrapping key may or may not also encrypt that key. | ||
| * This means that the first EDK that is added may already have a trace. | ||
| * The flags for the EDK and the existing trace should be merged iif this is the first EDK | ||
| * and the only existing trace corresponds to this EDK. | ||
| /* Precondition: flags must not include a setFlag or a decrypt flag. | ||
| * The setFlag is reserved for setting the unencrypted data key | ||
| * and must only occur once in the set of KeyringTrace flags. | ||
| * The two setFlags in use are: | ||
| * KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY | ||
| * KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY | ||
| * | ||
| * KeyringTraceFlag.WRAPPING_KEY_VERIFIED_ENC_CTX is reserved for the decrypt path | ||
| */ | ||
| if (firstEdkAndTraceMatch(encryptedDataKeys, material.keyringTrace, edk)) { | ||
| material.keyringTrace[0].flags |= flags; | ||
| } | ||
| else { | ||
| material.keyringTrace.push({ keyName: edk.providerInfo, keyNamespace: edk.providerId, flags }); | ||
| } | ||
| needs_1.needs(!(flags & deniedEncryptFlags), 'Invalid flag for EncryptedDataKey.'); | ||
| material.keyringTrace.push({ keyName: edk.providerInfo, keyNamespace: edk.providerId, flags }); | ||
| encryptedDataKeys.push(edk); | ||
@@ -344,9 +373,2 @@ return material; | ||
| exports.decorateEncryptionMaterial = decorateEncryptionMaterial; | ||
| /* Verify that the this is the first EDK and that it matches the 1 and only 1 trace. */ | ||
| function firstEdkAndTraceMatch(edks, traces, edk) { | ||
| return edks.length === 0 && | ||
| traces.length === 1 && | ||
| edk.providerId === traces[0].keyNamespace && | ||
| edk.providerInfo === traces[0].keyName; | ||
| } | ||
| function decorateDecryptionMaterial(material) { | ||
@@ -490,2 +512,27 @@ // Verification Key | ||
| exports.subtleFunctionForMaterial = subtleFunctionForMaterial; | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY3J5cHRvZ3JhcGhpY19tYXRlcmlhbC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9jcnlwdG9ncmFwaGljX21hdGVyaWFsLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQTs7Ozs7Ozs7Ozs7OztHQWFHOztBQUdILDZEQUF1RDtBQUN2RCxtREFBK0Q7QUFDL0QsdURBQWlFO0FBQ2pFLG1EQUFnRSxDQUFDLHFDQUFxQztBQUN0Ryx1REFBc0Q7QUFDdEQsbUVBQWlFO0FBQ2pFLG1DQUErQjtBQUUvQjs7Ozs7Ozs7Ozs7Ozs7O0dBZUc7QUFFSCxJQUFJLGVBQTBELENBQUE7QUFDOUQsSUFBSTtJQUNGOzs7T0FHRztJQUNILE1BQU0sRUFBRSxlQUFlLEVBQUUsbUJBQW1CLEVBQUUsR0FBRyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUE7SUFDbEUsZUFBZSxHQUFHLG1CQUFtQixJQUFJLHVCQUF1QixDQUFBO0NBQ2pFO0FBQUMsT0FBTyxDQUFDLEVBQUU7SUFDVixlQUFlLEdBQUcsdUJBQXVCLENBQUE7Q0FDMUM7QUFDRCxzREFBc0Q7QUFDdEQsU0FBUyx1QkFBdUIsQ0FBRSxDQUFhLEVBQUUsQ0FBYTtJQUM1RDs7OztPQUlHO0lBQ0gsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFBLENBQUMsOEJBQThCO0lBQ3ZDOztPQUVHO0lBQ0gsSUFBSSxDQUFDLENBQUMsVUFBVSxLQUFLLENBQUMsQ0FBQyxVQUFVO1FBQUUsT0FBTyxLQUFLLENBQUE7SUFFL0MsSUFBSSxJQUFJLEdBQUcsQ0FBQyxDQUFBO0lBQ1osS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLEVBQUU7UUFDakMsSUFBSSxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUE7S0FDcEI7SUFDRCxPQUFPLENBQUMsSUFBSSxLQUFLLENBQUMsQ0FBQyxDQUFBO0FBQ3JCLENBQUM7QUFvQ0QsTUFBYSxzQkFBc0I7SUFlakMsWUFBYSxLQUF5QixFQUFFLGlCQUFvQztRQU41RSxpQkFBWSxHQUFtQixFQUFFLENBQUE7UUFPL0IsNEVBQTRFO1FBQzVFLGFBQUssQ0FBQyxLQUFLLFlBQVksb0NBQWtCLEVBQUUsb0NBQW9DLENBQUMsQ0FBQTtRQUNoRixJQUFJLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQTtRQUNsQixvR0FBb0c7UUFDcEcsYUFBSyxDQUFDLGlCQUFpQixJQUFJLE9BQU8saUJBQWlCLEtBQUssUUFBUSxFQUFFLGdDQUFnQyxDQUFDLENBQUE7UUFDbkcsSUFBSSxDQUFDLGlCQUFpQixHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsRUFBRSxHQUFHLGlCQUFpQixFQUFFLENBQUMsQ0FBQTtRQUNoRSx3RUFBd0U7UUFDeEUsTUFBTSxRQUFRLEdBQUcsZ0NBQWdCLENBQUMsK0JBQStCLENBQUE7UUFDakUsNkJBQTZCLENBQXlCLElBQUksRUFBRSxRQUFRLENBQUMsQ0FBQTtRQUNyRSwwQkFBMEIsQ0FBeUIsSUFBSSxDQUFDLENBQUE7UUFDeEQsTUFBTSxDQUFDLGNBQWMsQ0FBQyxJQUFJLEVBQUUsc0JBQXNCLENBQUMsU0FBUyxDQUFDLENBQUE7UUFDN0QsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQTtJQUNyQixDQUFDO0lBQ0QsV0FBVztRQUNULE9BQU8sSUFBSSxDQUFDLHFCQUFxQixDQUFBO0lBQ25DLENBQUM7Q0FDRjtBQWhDRCx3REFnQ0M7QUFDRCw2QkFBVyxDQUFDLHNCQUFzQixDQUFDLENBQUE7QUFFbkMsTUFBYSxzQkFBc0I7SUFhakMsWUFBYSxLQUF5QixFQUFFLGlCQUFvQztRQUo1RSxpQkFBWSxHQUFtQixFQUFFLENBQUE7UUFLL0IsNEVBQTRFO1FBQzVFLGFBQUssQ0FBQyxLQUFLLFlBQVksb0NBQWtCLEVBQUUsb0NBQW9DLENBQUMsQ0FBQTtRQUNoRixJQUFJLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQTtRQUNsQixvR0FBb0c7UUFDcEcsYUFBSyxDQUFDLGlCQUFpQixJQUFJLE9BQU8saUJBQWlCLEtBQUssUUFBUSxFQUFFLGdDQUFnQyxDQUFDLENBQUE7UUFDbkcsSUFBSSxDQUFDLGlCQUFpQixHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsRUFBRSxHQUFHLGlCQUFpQixFQUFFLENBQUMsQ0FBQTtRQUNoRSx3RUFBd0U7UUFDeEUsTUFBTSxRQUFRLEdBQUcsZ0NBQWdCLENBQUMsK0JBQStCLENBQUE7UUFDakUsNkJBQTZCLENBQXlCLElBQUksRUFBRSxRQUFRLENBQUMsQ0FBQTtRQUNyRSwwQkFBMEIsQ0FBeUIsSUFBSSxDQUFDLENBQUE7UUFDeEQsTUFBTSxDQUFDLGNBQWMsQ0FBQyxJQUFJLEVBQUUsc0JBQXNCLENBQUMsU0FBUyxDQUFDLENBQUE7UUFDN0QsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQTtJQUNyQixDQUFDO0lBQ0QsV0FBVztRQUNULE9BQU8sSUFBSSxDQUFDLHFCQUFxQixDQUFBO0lBQ25DLENBQUM7Q0FDRjtBQTlCRCx3REE4QkM7QUFDRCw2QkFBVyxDQUFDLHNCQUFzQixDQUFDLENBQUE7QUFFbkMsTUFBYSwyQkFBMkI7SUFvQnRDLFlBQWEsS0FBOEIsRUFBRSxpQkFBb0M7UUFWakYsaUJBQVksR0FBbUIsRUFBRSxDQUFBO1FBVy9CLHNGQUFzRjtRQUN0RixhQUFLLENBQUMsS0FBSyxZQUFZLCtDQUF1QixFQUFFLHlDQUF5QyxDQUFDLENBQUE7UUFDMUYsSUFBSSxDQUFDLEtBQUssR0FBRyxLQUFLLENBQUE7UUFDbEIsSUFBSSxDQUFDLFdBQVcsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFzQixDQUFDLFdBQVcsRUFBRSxTQUFTLENBQUMsQ0FBQyxDQUFBO1FBQy9FLHlHQUF5RztRQUN6RyxhQUFLLENBQUMsaUJBQWlCLElBQUksT0FBTyxpQkFBaUIsS0FBSyxRQUFRLEVBQUUsZ0NBQWdDLENBQUMsQ0FBQTtRQUNuRyxJQUFJLENBQUMsaUJBQWlCLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxFQUFFLEdBQUcsaUJBQWlCLEVBQUUsQ0FBQyxDQUFBO1FBQ2hFLHdFQUF3RTtRQUN4RSxNQUFNLE9BQU8sR0FBRyxnQ0FBZ0IsQ0FBQywrQkFBK0IsQ0FBQTtRQUNoRSw2QkFBNkIsQ0FBOEIsSUFBSSxFQUFFLE9BQU8sQ0FBQyxDQUFBO1FBQ3pFLDBCQUEwQixDQUE4QixJQUFJLENBQUMsQ0FBQTtRQUM3RCx5QkFBeUIsQ0FBOEIsSUFBSSxFQUFFLE9BQU8sQ0FBQyxDQUFBO1FBQ3JFLE1BQU0sQ0FBQyxjQUFjLENBQUMsSUFBSSxFQUFFLDJCQUEyQixDQUFDLFNBQVMsQ0FBQyxDQUFBO1FBQ2xFLE1BQU0sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUE7SUFDckIsQ0FBQztJQUNELFdBQVc7UUFDVCxPQUFPLElBQUksQ0FBQyxxQkFBcUIsSUFBSSxJQUFJLENBQUMsWUFBWSxDQUFBO0lBQ3hELENBQUM7Q0FDRjtBQXZDRCxrRUF1Q0M7QUFDRCw2QkFBVyxDQUFDLDJCQUEyQixDQUFDLENBQUE7QUFFeEMsTUFBYSwyQkFBMkI7SUFrQnRDLFlBQWEsS0FBOEIsRUFBRSxpQkFBb0M7UUFSakYsaUJBQVksR0FBbUIsRUFBRSxDQUFBO1FBUy9CLHNGQUFzRjtRQUN0RixhQUFLLENBQUMsS0FBSyxZQUFZLCtDQUF1QixFQUFFLHlDQUF5QyxDQUFDLENBQUE7UUFDMUYsSUFBSSxDQUFDLEtBQUssR0FBRyxLQUFLLENBQUE7UUFDbEIsSUFBSSxDQUFDLFdBQVcsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFzQixDQUFDLFdBQVcsRUFBRSxTQUFTLENBQUMsQ0FBQyxDQUFBO1FBQy9FLHlHQUF5RztRQUN6RyxhQUFLLENBQUMsaUJBQWlCLElBQUksT0FBTyxpQkFBaUIsS0FBSyxRQUFRLEVBQUUsZ0NBQWdDLENBQUMsQ0FBQTtRQUNuRyxJQUFJLENBQUMsaUJBQWlCLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxFQUFFLEdBQUcsaUJBQWlCLEVBQUUsQ0FBQyxDQUFBO1FBQ2hFLHdFQUF3RTtRQUN4RSxNQUFNLE9BQU8sR0FBRyxnQ0FBZ0IsQ0FBQywrQkFBK0IsQ0FBQTtRQUNoRSw2QkFBNkIsQ0FBOEIsSUFBSSxFQUFFLE9BQU8sQ0FBQyxDQUFBO1FBQ3pFLDBCQUEwQixDQUE4QixJQUFJLENBQUMsQ0FBQTtRQUM3RCx5QkFBeUIsQ0FBOEIsSUFBSSxFQUFFLE9BQU8sQ0FBQyxDQUFBO1FBQ3JFLE1BQU0sQ0FBQyxjQUFjLENBQUMsSUFBSSxFQUFFLDJCQUEyQixDQUFDLFNBQVMsQ0FBQyxDQUFBO1FBQ2xFLE1BQU0sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUE7SUFDckIsQ0FBQztJQUNELFdBQVc7UUFDVCxPQUFPLElBQUksQ0FBQyxZQUFZLENBQUE7SUFDMUIsQ0FBQztDQUNGO0FBckNELGtFQXFDQztBQUNELDZCQUFXLENBQUMsMkJBQTJCLENBQUMsQ0FBQTtBQUV4QyxTQUFnQixvQkFBb0IsQ0FBRSxHQUFRO0lBQzVDLE9BQU8sQ0FBQyxHQUFHLFlBQVksMkJBQTJCLENBQUMsSUFBSSxDQUFDLEdBQUcsWUFBWSxzQkFBc0IsQ0FBQyxDQUFBO0FBQ2hHLENBQUM7QUFGRCxvREFFQztBQUVELFNBQWdCLG9CQUFvQixDQUFFLEdBQVE7SUFDNUMsT0FBTyxDQUFDLEdBQUcsWUFBWSwyQkFBMkIsQ0FBQyxJQUFJLENBQUMsR0FBRyxZQUFZLHNCQUFzQixDQUFDLENBQUE7QUFDaEcsQ0FBQztBQUZELG9EQUVDO0FBRUQsU0FBZ0IsNkJBQTZCLENBQXNDLFFBQVcsRUFBRSxRQUEwQjtJQUN4SCxJQUFJLHdCQUF3QixHQUFHLEtBQUssQ0FBQTtJQUNwQyxJQUFJLGtCQUE4QixDQUFBO0lBQ2xDLG1FQUFtRTtJQUNuRSx1REFBdUQ7SUFDdkQsMERBQTBEO0lBQzFELG9EQUFvRDtJQUNwRCxJQUFJLGtCQUE4QixDQUFBO0lBRWxDLE1BQU0scUJBQXFCLEdBQUcsQ0FBQyxPQUFtQixFQUFFLEtBQW1CLEVBQUUsRUFBRTtRQUN6RSxtR0FBbUc7UUFDbkcsYUFBSyxDQUFDLENBQUMsa0JBQWtCLEVBQUUseUNBQXlDLENBQUMsQ0FBQTtRQUNyRSwrQ0FBK0M7UUFDL0MsYUFBSyxDQUFDLE9BQU8sWUFBWSxVQUFVLEVBQUUsOEJBQThCLENBQUMsQ0FBQTtRQUNwRTs7OztXQUlHO1FBQ0gsYUFBSyxDQUFDLE9BQU8sQ0FBQyxVQUFVLEtBQUssQ0FBQyxFQUFFLG9EQUFvRCxDQUFDLENBQUE7UUFDckY7OztXQUdHO1FBQ0gsYUFBSyxDQUFDLE9BQU8sQ0FBQyxVQUFVLEtBQUssUUFBUSxDQUFDLEtBQUssQ0FBQyxjQUFjLEVBQUUsNkRBQTZELENBQUMsQ0FBQTtRQUUxSCxrR0FBa0c7UUFDbEcsYUFBSyxDQUFDLEtBQUssSUFBSSxLQUFLLENBQUMsT0FBTyxJQUFJLEtBQUssQ0FBQyxZQUFZLEVBQUUsd0JBQXdCLENBQUMsQ0FBQTtRQUM3RSxxRUFBcUU7UUFDckUsYUFBSyxDQUFDLEtBQUssQ0FBQyxLQUFLLEdBQUcsUUFBUSxFQUFFLG1DQUFtQyxDQUFDLENBQUE7UUFDbEUsUUFBUSxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUE7UUFFakMsa0JBQWtCLEdBQUcsT0FBTyxDQUFBO1FBQzVCLGtCQUFrQixHQUFHLElBQUksVUFBVSxDQUFDLE9BQU8sQ0FBQyxDQUFBO1FBRTVDLE9BQU8sUUFBUSxDQUFBO0lBQ2pCLENBQUMsQ0FBQTtJQUNELE1BQU0scUJBQXFCLEdBQUcsR0FBZSxFQUFFO1FBQzdDLDJFQUEyRTtRQUMzRSxhQUFLLENBQUMsa0JBQWtCLEVBQUUscUNBQXFDLENBQUMsQ0FBQTtRQUNoRTs7V0FFRztRQUNILGFBQUssQ0FBQyxDQUFDLHdCQUF3QixFQUFFLHFDQUFxQyxDQUFDLENBQUE7UUFDdkUsdUVBQXVFO1FBQ3ZFLGFBQUssQ0FBQyxlQUFlLENBQUMsa0JBQWtCLEVBQUUsa0JBQWtCLENBQUMsRUFBRSx3Q0FBd0MsQ0FBQyxDQUFBO1FBQ3hHLE9BQU8sa0JBQWtCLENBQUE7SUFDM0IsQ0FBQyxDQUFBO0lBQ0QsTUFBTSxDQUFDLGNBQWMsQ0FBQyxRQUFRLEVBQUUsdUJBQXVCLEVBQUU7UUFDdkQsOERBQThEO1FBQzlELEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUMsa0JBQWtCLElBQUksQ0FBQyx3QkFBd0I7UUFDNUQsVUFBVSxFQUFFLElBQUk7S0FDakIsQ0FBQyxDQUFBO0lBQ0YsTUFBTSxzQkFBc0IsR0FBRyxHQUFHLEVBQUU7UUFDbEM7Ozs7OztXQU1HO1FBQ0gsSUFBSSxVQUFVLEdBQUcsQ0FBQyxDQUFBO1FBQ2xCLGdHQUFnRztRQUNoRyxJQUFJLENBQUMsa0JBQWtCLEVBQUU7WUFDdkIsa0JBQWtCLEdBQUcsSUFBSSxVQUFVLEVBQUUsQ0FBQTtZQUNyQyxVQUFVLElBQUksQ0FBQyxDQUFBO1NBQ2hCO1FBQ0QsZ0dBQWdHO1FBQ2hHLElBQUksQ0FBQyxrQkFBa0IsRUFBRTtZQUN2QixrQkFBa0IsR0FBRyxJQUFJLFVBQVUsRUFBRSxDQUFBO1lBQ3JDLFVBQVUsSUFBSSxDQUFDLENBQUE7U0FDaEI7UUFDRCxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUE7UUFDMUIsa0JBQWtCLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFBO1FBQzFCLHdCQUF3QixHQUFHLElBQUksQ0FBQTtRQUUvQjs7O1dBR0c7UUFDSCxhQUFLLENBQUMsVUFBVSxLQUFLLENBQUMsSUFBSSxVQUFVLEtBQUssQ0FBQyxFQUFFLDhEQUE4RCxDQUFDLENBQUE7UUFDM0csT0FBTyxRQUFRLENBQUE7SUFDakIsQ0FBQyxDQUFBO0lBQ0QsTUFBTSxDQUFDLGNBQWMsQ0FBQyxRQUFRLEVBQUUsMEJBQTBCLEVBQUU7UUFDMUQsR0FBRyxFQUFFLEdBQUcsRUFBRTtZQUNSLHdFQUF3RTtZQUN4RSxhQUFLLENBQUMsa0JBQWtCLEVBQUUscUNBQXFDLENBQUMsQ0FBQTtZQUNoRTs7Ozs7ZUFLRztZQUNILGFBQUssQ0FBQyxDQUFDLHdCQUF3QixFQUFFLHFDQUFxQyxDQUFDLENBQUE7WUFDdkUsT0FBTyxrQkFBa0IsQ0FBQyxVQUFVLENBQUE7UUFDdEMsQ0FBQztRQUNELFVBQVUsRUFBRSxJQUFJO0tBQ2pCLENBQUMsQ0FBQTtJQUVGLGtDQUFnQixDQUFDLFFBQVEsRUFBRSx1QkFBdUIsRUFBRSxxQkFBcUIsQ0FBQyxDQUFBO0lBQzFFLGtDQUFnQixDQUFDLFFBQVEsRUFBRSx1QkFBdUIsRUFBRSxxQkFBcUIsQ0FBQyxDQUFBO0lBQzFFLGtDQUFnQixDQUFDLFFBQVEsRUFBRSx3QkFBd0IsRUFBRSxzQkFBc0IsQ0FBQyxDQUFBO0lBRTVFLE9BQU8sUUFBUSxDQUFBO0FBQ2pCLENBQUM7QUF4R0Qsc0VBd0dDO0FBRUQsU0FBZ0IsMEJBQTBCLENBQW1DLFFBQVc7SUFDdEYsTUFBTSxpQkFBaUIsR0FBdUIsRUFBRSxDQUFBO0lBQ2hELElBQUksWUFBOEMsQ0FBQTtJQUVsRCxNQUFNLG1CQUFtQixHQUFHLENBQUMsR0FBcUIsRUFBRSxLQUF1QixFQUFFLEVBQUU7UUFDN0U7OztXQUdHO1FBQ0gsYUFBSyxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSwrQkFBK0IsQ0FBQyxDQUFBO1FBQ3RFOzs7V0FHRztRQUNILGFBQUssQ0FBQyxHQUFHLFlBQVkscUNBQWdCLEVBQUUsMENBQTBDLENBQUMsQ0FBQTtRQUVsRixtRUFBbUU7UUFDbkUsYUFBSyxDQUFDLEtBQUssR0FBRyxnQ0FBZ0IsQ0FBQywrQkFBK0IsRUFBRSxzQ0FBc0MsQ0FBQyxDQUFBO1FBQ3ZHOzs7O1dBSUc7UUFDSCxJQUFJLHFCQUFxQixDQUFDLGlCQUFpQixFQUFFLFFBQVEsQ0FBQyxZQUFZLEVBQUUsR0FBRyxDQUFDLEVBQUU7WUFDeEUsUUFBUSxDQUFDLFlBQVksQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLElBQUksS0FBSyxDQUFBO1NBQ3hDO2FBQU07WUFDTCxRQUFRLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxFQUFFLE9BQU8sRUFBRSxHQUFHLENBQUMsWUFBWSxFQUFFLFlBQVksRUFBRSxHQUFHLENBQUMsVUFBVSxFQUFFLEtBQUssRUFBRSxDQUFDLENBQUE7U0FDL0Y7UUFFRCxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUE7UUFDM0IsT0FBTyxRQUFRLENBQUE7SUFDakIsQ0FBQyxDQUFBO0lBRUQsa0NBQWdCLENBQUMsUUFBUSxFQUFFLHFCQUFxQixFQUFFLG1CQUFtQixDQUFDLENBQUE7SUFDdEUsTUFBTSxDQUFDLGNBQWMsQ0FBQyxRQUFRLEVBQUUsbUJBQW1CLEVBQUU7UUFDbkQscURBQXFEO1FBQ3JELDBCQUEwQjtRQUMxQixHQUFHLEVBQUUsR0FBRyxFQUFFLENBQUMsQ0FBQyxHQUFHLGlCQUFpQixDQUFDO1FBQ2pDLFVBQVUsRUFBRSxJQUFJO0tBQ2pCLENBQUMsQ0FBQTtJQUNGLE1BQU0sZUFBZSxHQUFHLENBQUMsR0FBaUIsRUFBRSxFQUFFO1FBQzVDOzs7V0FHRztRQUNILGFBQUssQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLGNBQWMsRUFBRSxzREFBc0QsQ0FBQyxDQUFBO1FBQzVGLHdGQUF3RjtRQUN4RixhQUFLLENBQUMsQ0FBQyxZQUFZLEVBQUUscUNBQXFDLENBQUMsQ0FBQTtRQUMzRCwrQ0FBK0M7UUFDL0MsYUFBSyxDQUFDLEdBQUcsWUFBWSw0QkFBWSxFQUFFLDZCQUE2QixDQUFDLENBQUE7UUFDakUsWUFBWSxHQUFHLEdBQUcsQ0FBQTtRQUNsQixPQUFPLFFBQVEsQ0FBQTtJQUNqQixDQUFDLENBQUE7SUFDRCxrQ0FBZ0IsQ0FBQyxRQUFRLEVBQUUsaUJBQWlCLEVBQUUsZUFBZSxDQUFDLENBQUE7SUFDOUQsTUFBTSxDQUFDLGNBQWMsQ0FBQyxRQUFRLEVBQUUsY0FBYyxFQUFFO1FBQzlDLEdBQUcsRUFBRSxHQUFHLEVBQUU7WUFDUjs7O2VBR0c7WUFDSCxhQUFLLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsY0FBYyxLQUFLLENBQUMsQ0FBQyxZQUFZLEVBQUUsd0NBQXdDLENBQUMsQ0FBQTtZQUNuRyxPQUFPLFlBQVksQ0FBQTtRQUNyQixDQUFDO1FBQ0QsVUFBVSxFQUFFLElBQUk7S0FDakIsQ0FBQyxDQUFBO0lBRUYsT0FBTyxRQUFRLENBQUE7QUFDakIsQ0FBQztBQW5FRCxnRUFtRUM7QUFFRCx1RkFBdUY7QUFDdkYsU0FBUyxxQkFBcUIsQ0FBRSxJQUF3QixFQUFFLE1BQXNCLEVBQUUsR0FBcUI7SUFDckcsT0FBTyxJQUFJLENBQUMsTUFBTSxLQUFLLENBQUM7UUFDeEIsTUFBTSxDQUFDLE1BQU0sS0FBSyxDQUFDO1FBQ25CLEdBQUcsQ0FBQyxVQUFVLEtBQUssTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDLFlBQVk7UUFDekMsR0FBRyxDQUFDLFlBQVksS0FBSyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFBO0FBQ3hDLENBQUM7QUFFRCxTQUFnQiwwQkFBMEIsQ0FBbUMsUUFBVztJQUN0RixtQkFBbUI7SUFDbkIsSUFBSSxlQUFvRCxDQUFBO0lBQ3hELE1BQU0sa0JBQWtCLEdBQUcsQ0FBQyxHQUFvQixFQUFFLEVBQUU7UUFDbEQ7OztXQUdHO1FBQ0gsYUFBSyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsY0FBYyxFQUFFLHNEQUFzRCxDQUFDLENBQUE7UUFDNUYsOEZBQThGO1FBQzlGLGFBQUssQ0FBQyxDQUFDLGVBQWUsRUFBRSx3Q0FBd0MsQ0FBQyxDQUFBO1FBQ2pFLGtEQUFrRDtRQUNsRCxhQUFLLENBQUMsR0FBRyxZQUFZLCtCQUFlLEVBQUUsNkJBQTZCLENBQUMsQ0FBQTtRQUNwRSxlQUFlLEdBQUcsR0FBRyxDQUFBO1FBQ3JCLE9BQU8sUUFBUSxDQUFBO0lBQ2pCLENBQUMsQ0FBQTtJQUNELGtDQUFnQixDQUFDLFFBQVEsRUFBRSxvQkFBb0IsRUFBRSxrQkFBa0IsQ0FBQyxDQUFBO0lBQ3BFLE1BQU0sQ0FBQyxjQUFjLENBQUMsUUFBUSxFQUFFLGlCQUFpQixFQUFFO1FBQ2pELEdBQUcsRUFBRSxHQUFHLEVBQUU7WUFDUjs7O2VBR0c7WUFDSCxhQUFLLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsY0FBYyxLQUFLLENBQUMsQ0FBQyxlQUFlLEVBQUUsd0NBQXdDLENBQUMsQ0FBQTtZQUN0RyxPQUFPLGVBQWUsQ0FBQTtRQUN4QixDQUFDO1FBQ0QsVUFBVSxFQUFFLElBQUk7S0FDakIsQ0FBQyxDQUFBO0lBRUYsT0FBTyxRQUFRLENBQUE7QUFDakIsQ0FBQztBQTlCRCxnRUE4QkM7QUFFRCxTQUFnQix5QkFBeUIsQ0FBa0MsUUFBVyxFQUFFLFFBQTBCO0lBQ2hILElBQUksU0FBdUUsQ0FBQTtJQUUzRSxNQUFNLFlBQVksR0FBRyxDQUFDLE9BQWlELEVBQUUsS0FBbUIsRUFBRSxFQUFFO1FBQzlGLGlGQUFpRjtRQUNqRixhQUFLLENBQUMsQ0FBQyxTQUFTLEVBQUUsMkJBQTJCLENBQUMsQ0FBQTtRQUM5QyxxREFBcUQ7UUFDckQsYUFBSyxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsSUFBSSx1QkFBdUIsQ0FBQyxPQUFPLENBQUMsRUFBRSwyQkFBMkIsQ0FBQyxDQUFBO1FBQzVGLCtFQUErRTtRQUMvRSxhQUFLLENBQUMsZ0JBQWdCLENBQUMsT0FBTyxFQUFFLFFBQVEsQ0FBQyxFQUFFLG9DQUFvQyxDQUFDLENBQUE7UUFFaEY7O1dBRUc7UUFDSCxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFO1lBQ25DLGlHQUFpRztZQUNqRyxhQUFLLENBQUMsS0FBSyxJQUFJLEtBQUssQ0FBQyxPQUFPLElBQUksS0FBSyxDQUFDLFlBQVksRUFBRSx3QkFBd0IsQ0FBQyxDQUFBO1lBQzdFLHVGQUF1RjtZQUN2RixhQUFLLENBQUMsS0FBSyxDQUFDLEtBQUssR0FBRyxRQUFRLEVBQUUsbUNBQW1DLENBQUMsQ0FBQTtZQUNsRTs7Ozs7ZUFLRztZQUNILFFBQVEsQ0FBQyxzQkFBc0IsRUFBRSxDQUFBO1lBQ2pDLFFBQVEsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFBO1NBQ2xDO1FBRUQsSUFBSSxXQUFXLENBQUMsT0FBTyxDQUFDLEVBQUU7WUFDeEIsU0FBUyxHQUFHLE9BQU8sQ0FBQTtTQUNwQjthQUFNO1lBQ0wsTUFBTSxFQUFFLGlCQUFpQixFQUFFLG9CQUFvQixFQUFFLEdBQUcsT0FBTyxDQUFBO1lBQzNELFNBQVMsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLEVBQUUsaUJBQWlCLEVBQUUsb0JBQW9CLEVBQUUsQ0FBQyxDQUFBO1NBQ3ZFO1FBRUQsT0FBTyxRQUFRLENBQUE7SUFDakIsQ0FBQyxDQUFBO0lBRUQsa0NBQWdCLENBQUMsUUFBUSxFQUFFLGNBQWMsRUFBRSxZQUFZLENBQUMsQ0FBQTtJQUN4RCxNQUFNLFlBQVksR0FBRyxHQUFHLEVBQUU7UUFDeEIsc0VBQXNFO1FBQ3RFLGFBQUssQ0FBQyxTQUFTLEVBQUUsd0JBQXdCLENBQUMsQ0FBQTtRQUMxQyxrREFBa0Q7UUFDbEQsd0RBQXdEO1FBQ3hELE9BQTJELFNBQVMsQ0FBQTtJQUN0RSxDQUFDLENBQUE7SUFDRCxrQ0FBZ0IsQ0FBQyxRQUFRLEVBQUUsY0FBYyxFQUFFLFlBQVksQ0FBQyxDQUFBO0lBRXhELE1BQU0sQ0FBQyxjQUFjLENBQUMsUUFBUSxFQUFFLGNBQWMsRUFBRTtRQUM5QyxHQUFHLEVBQUUsR0FBRyxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVM7UUFDdEIsVUFBVSxFQUFFLElBQUk7S0FDakIsQ0FBQyxDQUFBO0lBRUYsT0FBTyxRQUFRLENBQUE7QUFDakIsQ0FBQztBQXZERCw4REF1REM7QUFFRCxTQUFnQixXQUFXLENBQUUsT0FBWTtJQUN2QyxPQUFPLE9BQU87UUFDWixXQUFXLElBQUksT0FBTztRQUN0QixNQUFNLElBQUksT0FBTztRQUNqQixXQUFXLElBQUksT0FBTztRQUN0QixRQUFRLElBQUksT0FBTztRQUNuQixhQUFhLElBQUksT0FBTyxDQUFBO0FBQzVCLENBQUM7QUFQRCxrQ0FPQztBQUVELFNBQWdCLGdCQUFnQixDQUM5QixPQUFpRCxFQUNqRCxRQUFXO0lBRVgsSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsRUFBRTtRQUN6QixNQUFNLEVBQUUsaUJBQWlCLEVBQUUsb0JBQW9CLEVBQUUsR0FBRyxPQUFPLENBQUE7UUFDM0QsT0FBTyxnQkFBZ0IsQ0FBQyxpQkFBaUIsRUFBRSxRQUFRLENBQUM7WUFDbEQsZ0JBQWdCLENBQUMsb0JBQW9CLEVBQUUsUUFBUSxDQUFDLENBQUE7S0FDbkQ7SUFFRCxNQUFNLEVBQUUsS0FBSyxFQUFFLFdBQVcsRUFBRSxHQUFHLFFBQVEsQ0FBQTtJQUN2QyxNQUFNLEVBQUUsVUFBVSxFQUFFLFNBQVMsRUFBRSxHQUFHLEVBQUUsR0FBRyxLQUFLLENBQUE7SUFFNUM7OztPQUdHO0lBRUgsTUFBTSxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsTUFBTSxFQUFFLFdBQVcsRUFBRSxHQUFHLE9BQU8sQ0FBQTtJQUN4RCw0Q0FBNEM7SUFDNUMsTUFBTSxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsR0FBRyxTQUFTLENBQUE7SUFFbEMsNEJBQTRCO0lBQzVCLE9BQU8sSUFBSSxLQUFLLFFBQVE7UUFDdEIsdUJBQXVCO1FBQ3ZCLENBQUMsQ0FBQyxHQUFHLElBQUksSUFBSSxLQUFLLEdBQUcsQ0FBQztZQUNyQixDQUFDLElBQUksS0FBSyxVQUFVLElBQUksTUFBTSxLQUFLLFNBQVMsQ0FBQyxDQUFDO1FBQy9DOztXQUVHO1FBQ0gsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDekMsOEVBQThFO1FBQzlFLENBQUMsV0FBVyxDQUFBO0FBQ2hCLENBQUM7QUFqQ0QsNENBaUNDO0FBRUQsU0FBUyx1QkFBdUIsQ0FBRSxPQUFZO0lBQzVDLE1BQU0sRUFBRSxpQkFBaUIsRUFBRSxvQkFBb0IsRUFBRSxHQUFHLE9BQU8sQ0FBQTtJQUMzRCxPQUFPLFdBQVcsQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLFdBQVcsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFBO0FBQzVFLENBQUM7QUFFRCxTQUFnQixtQkFBbUIsQ0FBa0MsUUFBVztJQUM5RSxNQUFNLEVBQUUsS0FBSyxFQUFFLEdBQUcsUUFBUSxDQUFBO0lBQzFCLElBQUksS0FBSyxDQUFDLEdBQUc7UUFBRSxPQUFPLFdBQVcsQ0FBQTtJQUNqQyxPQUFPLHlCQUF5QixDQUFDLFFBQVEsQ0FBQyxDQUFBO0FBQzVDLENBQUM7QUFKRCxrREFJQztBQUVELFNBQWdCLHlCQUF5QixDQUFrQyxRQUFXO0lBQ3BGLElBQUksUUFBUSxZQUFZLDJCQUEyQjtRQUFFLE9BQU8sU0FBUyxDQUFBO0lBQ3JFLElBQUksUUFBUSxZQUFZLDJCQUEyQjtRQUFFLE9BQU8sU0FBUyxDQUFBO0lBRXJFLE1BQU0sSUFBSSxLQUFLLENBQUMsc0JBQXNCLENBQUMsQ0FBQTtBQUN6QyxDQUFDO0FBTEQsOERBS0MifQ== | ||
| function unwrapDataKey(dataKey) { | ||
| if (dataKey instanceof Uint8Array) | ||
| return dataKey; | ||
| if (exports.supportsKeyObject && dataKey instanceof exports.supportsKeyObject.KeyObject) | ||
| return dataKey.export(); | ||
| throw new Error('Unsupported dataKey type'); | ||
| } | ||
| exports.unwrapDataKey = unwrapDataKey; | ||
| function wrapWithKeyObjectIfSupported(dataKey) { | ||
| if (exports.supportsKeyObject) { | ||
| if (dataKey instanceof Uint8Array) { | ||
| const ko = exports.supportsKeyObject.createSecretKey(dataKey); | ||
| /* Postcondition: Zero the secret. It is now inside the KeyObject. */ | ||
| dataKey.fill(0); | ||
| return ko; | ||
| } | ||
| if (dataKey instanceof exports.supportsKeyObject.KeyObject) | ||
| return dataKey; | ||
| } | ||
| else if (dataKey instanceof Uint8Array) { | ||
| return dataKey; | ||
| } | ||
| throw new Error('Unsupported dataKey type'); | ||
| } | ||
| exports.wrapWithKeyObjectIfSupported = wrapWithKeyObjectIfSupported; | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY3J5cHRvZ3JhcGhpY19tYXRlcmlhbC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9jcnlwdG9ncmFwaGljX21hdGVyaWFsLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQTs7Ozs7Ozs7Ozs7OztHQWFHOztBQVdILDZEQUF1RDtBQUN2RCxtREFBK0Q7QUFDL0QsdURBQWlFO0FBQ2pFLG1EQUFnRSxDQUFDLHFDQUFxQztBQUN0Ryx1REFBc0Q7QUFDdEQsbUVBQWlFO0FBQ2pFLG1DQUErQjtBQVlsQixRQUFBLGlCQUFpQixHQUFHLENBQUM7SUFDaEMsSUFBSTtRQUNGLE1BQU0sRUFBRSxTQUFTLEVBQUUsZUFBZSxFQUFFLEdBQUcsT0FBTyxDQUFDLFFBQVEsQ0FBa0IsQ0FBQTtRQUN6RSxJQUFJLENBQUMsU0FBUyxJQUFJLENBQUMsZUFBZTtZQUFFLE9BQU8sS0FBSyxDQUFBO1FBRWhELE9BQU8sRUFBRSxTQUFTLEVBQUUsZUFBZSxFQUFFLENBQUE7S0FDdEM7SUFBQyxPQUFPLEVBQUUsRUFBRTtRQUNYLE9BQU8sS0FBSyxDQUFBO0tBQ2I7QUFDSCxDQUFDLENBQUMsRUFBRSxDQUFBO0FBRUo7Ozs7Ozs7Ozs7Ozs7OztHQWVHO0FBRUgsTUFBTSxlQUFlLEdBQThDLENBQUM7SUFDbEUsSUFBSTtRQUNGOzs7V0FHRztRQUNILE1BQU0sRUFBRSxlQUFlLEVBQUUsbUJBQW1CLEVBQUUsR0FBRyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUE7UUFDbEUsT0FBTyxtQkFBbUIsSUFBSSx1QkFBdUIsQ0FBQTtLQUN0RDtJQUFDLE9BQU8sQ0FBQyxFQUFFO1FBQ1YsT0FBTyx1QkFBdUIsQ0FBQTtLQUMvQjtJQUNELHNEQUFzRDtJQUN0RCxTQUFTLHVCQUF1QixDQUFFLENBQWEsRUFBRSxDQUFhO1FBQzVEOzs7O1lBSUk7UUFDSixJQUFJLENBQUMsRUFBRSxDQUFDLENBQUEsQ0FBQyw4QkFBOEI7UUFDdkM7O1lBRUk7UUFDSixJQUFJLENBQUMsQ0FBQyxVQUFVLEtBQUssQ0FBQyxDQUFDLFVBQVU7WUFBRSxPQUFPLEtBQUssQ0FBQTtRQUUvQyxJQUFJLElBQUksR0FBRyxDQUFDLENBQUE7UUFDWixLQUFLLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDLEVBQUUsRUFBRTtZQUNqQyxJQUFJLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQTtTQUNwQjtRQUNELE9BQU8sQ0FBQyxJQUFJLEtBQUssQ0FBQyxDQUFDLENBQUE7SUFDckIsQ0FBQztBQUNILENBQUMsQ0FBQyxFQUFFLENBQUE7QUFtQ0osTUFBYSxzQkFBc0I7SUFjakMsWUFBYSxLQUF5QixFQUFFLGlCQUFvQztRQU41RSxpQkFBWSxHQUFtQixFQUFFLENBQUE7UUFPL0IsNEVBQTRFO1FBQzVFLGFBQUssQ0FBQyxLQUFLLFlBQVksb0NBQWtCLEVBQUUsb0NBQW9DLENBQUMsQ0FBQTtRQUNoRixJQUFJLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQTtRQUNsQixvR0FBb0c7UUFDcEcsYUFBSyxDQUFDLGlCQUFpQixJQUFJLE9BQU8saUJBQWlCLEtBQUssUUFBUSxFQUFFLGdDQUFnQyxDQUFDLENBQUE7UUFDbkcsSUFBSSxDQUFDLGlCQUFpQixHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsRUFBRSxHQUFHLGlCQUFpQixFQUFFLENBQUMsQ0FBQTtRQUNoRSx3RUFBd0U7UUFDeEUsTUFBTSxRQUFRLEdBQUcsZ0NBQWdCLENBQUMsK0JBQStCLENBQUE7UUFDakUsNkJBQTZCLENBQXlCLElBQUksRUFBRSxRQUFRLENBQUMsQ0FBQTtRQUNyRSwwQkFBMEIsQ0FBeUIsSUFBSSxDQUFDLENBQUE7UUFDeEQsTUFBTSxDQUFDLGNBQWMsQ0FBQyxJQUFJLEVBQUUsc0JBQXNCLENBQUMsU0FBUyxDQUFDLENBQUE7UUFDN0QsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQTtJQUNyQixDQUFDO0lBQ0QsV0FBVztRQUNULE9BQU8sSUFBSSxDQUFDLHFCQUFxQixDQUFBO0lBQ25DLENBQUM7Q0FDRjtBQS9CRCx3REErQkM7QUFDRCw2QkFBVyxDQUFDLHNCQUFzQixDQUFDLENBQUE7QUFFbkMsTUFBYSxzQkFBc0I7SUFZakMsWUFBYSxLQUF5QixFQUFFLGlCQUFvQztRQUo1RSxpQkFBWSxHQUFtQixFQUFFLENBQUE7UUFLL0IsNEVBQTRFO1FBQzVFLGFBQUssQ0FBQyxLQUFLLFlBQVksb0NBQWtCLEVBQUUsb0NBQW9DLENBQUMsQ0FBQTtRQUNoRixJQUFJLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQTtRQUNsQixvR0FBb0c7UUFDcEcsYUFBSyxDQUFDLGlCQUFpQixJQUFJLE9BQU8saUJBQWlCLEtBQUssUUFBUSxFQUFFLGdDQUFnQyxDQUFDLENBQUE7UUFDbkcsSUFBSSxDQUFDLGlCQUFpQixHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsRUFBRSxHQUFHLGlCQUFpQixFQUFFLENBQUMsQ0FBQTtRQUNoRSx3RUFBd0U7UUFDeEUsTUFBTSxRQUFRLEdBQUcsZ0NBQWdCLENBQUMsK0JBQStCLENBQUE7UUFDakUsNkJBQTZCLENBQXlCLElBQUksRUFBRSxRQUFRLENBQUMsQ0FBQTtRQUNyRSwwQkFBMEIsQ0FBeUIsSUFBSSxDQUFDLENBQUE7UUFDeEQsTUFBTSxDQUFDLGNBQWMsQ0FBQyxJQUFJLEVBQUUsc0JBQXNCLENBQUMsU0FBUyxDQUFDLENBQUE7UUFDN0QsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQTtJQUNyQixDQUFDO0lBQ0QsV0FBVztRQUNULE9BQU8sSUFBSSxDQUFDLHFCQUFxQixDQUFBO0lBQ25DLENBQUM7Q0FDRjtBQTdCRCx3REE2QkM7QUFDRCw2QkFBVyxDQUFDLHNCQUFzQixDQUFDLENBQUE7QUFFbkMsTUFBYSwyQkFBMkI7SUFtQnRDLFlBQWEsS0FBOEIsRUFBRSxpQkFBb0M7UUFWakYsaUJBQVksR0FBbUIsRUFBRSxDQUFBO1FBVy9CLHNGQUFzRjtRQUN0RixhQUFLLENBQUMsS0FBSyxZQUFZLCtDQUF1QixFQUFFLHlDQUF5QyxDQUFDLENBQUE7UUFDMUYsSUFBSSxDQUFDLEtBQUssR0FBRyxLQUFLLENBQUE7UUFDbEIsSUFBSSxDQUFDLFdBQVcsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFzQixDQUFDLFdBQVcsRUFBRSxTQUFTLENBQUMsQ0FBQyxDQUFBO1FBQy9FLHlHQUF5RztRQUN6RyxhQUFLLENBQUMsaUJBQWlCLElBQUksT0FBTyxpQkFBaUIsS0FBSyxRQUFRLEVBQUUsZ0NBQWdDLENBQUMsQ0FBQTtRQUNuRyxJQUFJLENBQUMsaUJBQWlCLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxFQUFFLEdBQUcsaUJBQWlCLEVBQUUsQ0FBQyxDQUFBO1FBQ2hFLHdFQUF3RTtRQUN4RSxNQUFNLE9BQU8sR0FBRyxnQ0FBZ0IsQ0FBQywrQkFBK0IsQ0FBQTtRQUNoRSw2QkFBNkIsQ0FBOEIsSUFBSSxFQUFFLE9BQU8sQ0FBQyxDQUFBO1FBQ3pFLDBCQUEwQixDQUE4QixJQUFJLENBQUMsQ0FBQTtRQUM3RCx5QkFBeUIsQ0FBOEIsSUFBSSxFQUFFLE9BQU8sQ0FBQyxDQUFBO1FBQ3JFLE1BQU0sQ0FBQyxjQUFjLENBQUMsSUFBSSxFQUFFLDJCQUEyQixDQUFDLFNBQVMsQ0FBQyxDQUFBO1FBQ2xFLE1BQU0sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUE7SUFDckIsQ0FBQztJQUNELFdBQVc7UUFDVCxPQUFPLElBQUksQ0FBQyxxQkFBcUIsSUFBSSxJQUFJLENBQUMsWUFBWSxDQUFBO0lBQ3hELENBQUM7Q0FDRjtBQXRDRCxrRUFzQ0M7QUFDRCw2QkFBVyxDQUFDLDJCQUEyQixDQUFDLENBQUE7QUFFeEMsTUFBYSwyQkFBMkI7SUFpQnRDLFlBQWEsS0FBOEIsRUFBRSxpQkFBb0M7UUFSakYsaUJBQVksR0FBbUIsRUFBRSxDQUFBO1FBUy9CLHNGQUFzRjtRQUN0RixhQUFLLENBQUMsS0FBSyxZQUFZLCtDQUF1QixFQUFFLHlDQUF5QyxDQUFDLENBQUE7UUFDMUYsSUFBSSxDQUFDLEtBQUssR0FBRyxLQUFLLENBQUE7UUFDbEIsSUFBSSxDQUFDLFdBQVcsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFzQixDQUFDLFdBQVcsRUFBRSxTQUFTLENBQUMsQ0FBQyxDQUFBO1FBQy9FLHlHQUF5RztRQUN6RyxhQUFLLENBQUMsaUJBQWlCLElBQUksT0FBTyxpQkFBaUIsS0FBSyxRQUFRLEVBQUUsZ0NBQWdDLENBQUMsQ0FBQTtRQUNuRyxJQUFJLENBQUMsaUJBQWlCLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxFQUFFLEdBQUcsaUJBQWlCLEVBQUUsQ0FBQyxDQUFBO1FBQ2hFLHdFQUF3RTtRQUN4RSxNQUFNLE9BQU8sR0FBRyxnQ0FBZ0IsQ0FBQywrQkFBK0IsQ0FBQTtRQUNoRSw2QkFBNkIsQ0FBOEIsSUFBSSxFQUFFLE9BQU8sQ0FBQyxDQUFBO1FBQ3pFLDBCQUEwQixDQUE4QixJQUFJLENBQUMsQ0FBQTtRQUM3RCx5QkFBeUIsQ0FBOEIsSUFBSSxFQUFFLE9BQU8sQ0FBQyxDQUFBO1FBQ3JFLE1BQU0sQ0FBQyxjQUFjLENBQUMsSUFBSSxFQUFFLDJCQUEyQixDQUFDLFNBQVMsQ0FBQyxDQUFBO1FBQ2xFLE1BQU0sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUE7SUFDckIsQ0FBQztJQUNELFdBQVc7UUFDVCxPQUFPLElBQUksQ0FBQyxZQUFZLENBQUE7SUFDMUIsQ0FBQztDQUNGO0FBcENELGtFQW9DQztBQUNELDZCQUFXLENBQUMsMkJBQTJCLENBQUMsQ0FBQTtBQUV4QyxTQUFnQixvQkFBb0IsQ0FBRSxHQUFRO0lBQzVDLE9BQU8sQ0FBQyxHQUFHLFlBQVksMkJBQTJCLENBQUMsSUFBSSxDQUFDLEdBQUcsWUFBWSxzQkFBc0IsQ0FBQyxDQUFBO0FBQ2hHLENBQUM7QUFGRCxvREFFQztBQUVELFNBQWdCLG9CQUFvQixDQUFFLEdBQVE7SUFDNUMsT0FBTyxDQUFDLEdBQUcsWUFBWSwyQkFBMkIsQ0FBQyxJQUFJLENBQUMsR0FBRyxZQUFZLHNCQUFzQixDQUFDLENBQUE7QUFDaEcsQ0FBQztBQUZELG9EQUVDO0FBRUQsU0FBZ0IsNkJBQTZCLENBQXNDLFFBQVcsRUFBRSxPQUF5QjtJQUN2SCw2RUFBNkU7SUFDN0UsYUFBSyxDQUFDLE9BQU8sR0FBRyxnQ0FBZ0IsQ0FBQyxTQUFTLEVBQUUsaUJBQWlCLENBQUMsQ0FBQTtJQUM5RDs7O09BR0c7SUFDSCxNQUFNLGNBQWMsR0FBRyxDQUFDLGdDQUFnQixDQUFDLFNBQVMsR0FBRyxPQUFPLENBQUMsR0FBRyxDQUM5RCxPQUFPLEtBQUssZ0NBQWdCLENBQUMsK0JBQStCO1FBQzFELENBQUMsQ0FBQyxnQ0FBZ0IsQ0FBQyxhQUFhO1FBQ2hDLENBQUMsQ0FBQyxPQUFPLEtBQUssZ0NBQWdCLENBQUMsK0JBQStCO1lBQzVELENBQUMsQ0FBQyxnQ0FBZ0IsQ0FBQyxhQUFhO1lBQ2hDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQTtJQUVWLElBQUksd0JBQXdCLEdBQUcsS0FBSyxDQUFBO0lBQ3BDLElBQUksa0JBQWlELENBQUE7SUFDckQsbUVBQW1FO0lBQ25FLHVEQUF1RDtJQUN2RCwwREFBMEQ7SUFDMUQsb0RBQW9EO0lBQ3BELElBQUksa0JBQThCLENBQUE7SUFFbEMsTUFBTSxxQkFBcUIsR0FBRyxDQUFDLE9BQW9DLEVBQUUsS0FBbUIsRUFBRSxFQUFFO1FBQzFGLHFEQUFxRDtRQUNyRCxNQUFNLE9BQU8sR0FBRyxPQUFPLFlBQVksVUFBVSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQUMsQ0FBQTtRQUNoRixzRUFBc0U7UUFDdEUsOEJBQThCLENBQUMsT0FBTyxFQUFFLEtBQUssQ0FBQyxDQUFBO1FBQzlDLGtCQUFrQixHQUFHLDRCQUE0QixDQUFDLE9BQU8sQ0FBQyxDQUFBO1FBQzFELGtCQUFrQixHQUFHLElBQUksVUFBVSxDQUFDLE9BQU8sQ0FBQyxDQUFBO1FBQzVDLFFBQVEsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFBO1FBRWpDLE9BQU8sUUFBUSxDQUFBO0lBQ2pCLENBQUMsQ0FBQTtJQUNELE1BQU0scUJBQXFCLEdBQUcsR0FBZ0MsRUFBRTtRQUM5RCwyRUFBMkU7UUFDM0UsYUFBSyxDQUFDLGtCQUFrQixFQUFFLHFDQUFxQyxDQUFDLENBQUE7UUFDaEU7O1dBRUc7UUFDSCxhQUFLLENBQUMsQ0FBQyx3QkFBd0IsRUFBRSxxQ0FBcUMsQ0FBQyxDQUFBO1FBQ3ZFOzs7O1dBSUc7UUFDSCxhQUFLLENBQUMsQ0FBQyxDQUFDLGtCQUFrQixZQUFZLFVBQVUsQ0FBQyxJQUFJLGVBQWUsQ0FBQyxrQkFBa0IsRUFBRSxhQUFhLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxFQUFFLHdDQUF3QyxDQUFDLENBQUE7UUFDdEssT0FBTyxrQkFBa0IsQ0FBQTtJQUMzQixDQUFDLENBQUE7SUFDRCxNQUFNLENBQUMsY0FBYyxDQUFDLFFBQVEsRUFBRSx1QkFBdUIsRUFBRTtRQUN2RCw4REFBOEQ7UUFDOUQsR0FBRyxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQyxrQkFBa0IsSUFBSSxDQUFDLHdCQUF3QjtRQUM1RCxVQUFVLEVBQUUsSUFBSTtLQUNqQixDQUFDLENBQUE7SUFDRixNQUFNLHNCQUFzQixHQUFHLEdBQUcsRUFBRTtRQUNsQzs7Ozs7O1dBTUc7UUFDSCxJQUFJLFVBQVUsR0FBRyxDQUFDLENBQUE7UUFDbEIsZ0dBQWdHO1FBQ2hHLElBQUksQ0FBQyxrQkFBa0IsRUFBRTtZQUN2QixrQkFBa0IsR0FBRyxJQUFJLFVBQVUsRUFBRSxDQUFBO1lBQ3JDLFVBQVUsSUFBSSxDQUFDLENBQUE7U0FDaEI7UUFDRCxnR0FBZ0c7UUFDaEcsSUFBSSxDQUFDLGtCQUFrQixFQUFFO1lBQ3ZCLGtCQUFrQixHQUFHLElBQUksVUFBVSxFQUFFLENBQUE7WUFDckMsVUFBVSxJQUFJLENBQUMsQ0FBQTtTQUNoQjtRQUNEOztXQUVHO1FBQ0gsSUFBSSxDQUFDLENBQUMsa0JBQWtCLFlBQVksVUFBVSxDQUFDLEVBQUU7WUFDL0Msa0JBQWtCLEdBQUcsSUFBSSxVQUFVLEVBQUUsQ0FBQTtTQUN0QztRQUNELGtCQUFrQixDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQTtRQUMxQixrQkFBa0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUE7UUFDMUIsd0JBQXdCLEdBQUcsSUFBSSxDQUFBO1FBRS9COzs7V0FHRztRQUNILGFBQUssQ0FBQyxVQUFVLEtBQUssQ0FBQyxJQUFJLFVBQVUsS0FBSyxDQUFDLEVBQUUsOERBQThELENBQUMsQ0FBQTtRQUMzRyxPQUFPLFFBQVEsQ0FBQTtJQUNqQixDQUFDLENBQUE7SUFFRCxrQ0FBZ0IsQ0FBQyxRQUFRLEVBQUUsdUJBQXVCLEVBQUUscUJBQXFCLENBQUMsQ0FBQTtJQUMxRSxrQ0FBZ0IsQ0FBQyxRQUFRLEVBQUUsdUJBQXVCLEVBQUUscUJBQXFCLENBQUMsQ0FBQTtJQUMxRSxrQ0FBZ0IsQ0FBQyxRQUFRLEVBQUUsd0JBQXdCLEVBQUUsc0JBQXNCLENBQUMsQ0FBQTtJQUU1RSxPQUFPLFFBQVEsQ0FBQTtJQUVmLFNBQVMsOEJBQThCLENBQUUsT0FBbUIsRUFBRSxLQUFtQjtRQUMvRSxtR0FBbUc7UUFDbkcsYUFBSyxDQUFDLENBQUMsa0JBQWtCLEVBQUUseUNBQXlDLENBQUMsQ0FBQTtRQUNyRSwrQ0FBK0M7UUFDL0MsYUFBSyxDQUFDLE9BQU8sWUFBWSxVQUFVLEVBQUUsOEJBQThCLENBQUMsQ0FBQTtRQUNwRTs7OztXQUlHO1FBQ0gsYUFBSyxDQUFDLE9BQU8sQ0FBQyxVQUFVLEtBQUssQ0FBQyxFQUFFLG9EQUFvRCxDQUFDLENBQUE7UUFDckY7OztXQUdHO1FBQ0gsYUFBSyxDQUFDLE9BQU8sQ0FBQyxVQUFVLEtBQUssUUFBUSxDQUFDLEtBQUssQ0FBQyxjQUFjLEVBQUUsNkRBQTZELENBQUMsQ0FBQTtRQUUxSCxrR0FBa0c7UUFDbEcsYUFBSyxDQUFDLEtBQUssSUFBSSxLQUFLLENBQUMsT0FBTyxJQUFJLEtBQUssQ0FBQyxZQUFZLEVBQUUsd0JBQXdCLENBQUMsQ0FBQTtRQUM3RSxxRUFBcUU7UUFDckUsYUFBSyxDQUFDLEtBQUssQ0FBQyxLQUFLLEdBQUcsT0FBTyxFQUFFLG1DQUFtQyxDQUFDLENBQUE7UUFDakU7O1dBRUc7UUFDSCxhQUFLLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxLQUFLLEdBQUcsY0FBYyxDQUFDLEVBQUUsZ0NBQWdDLENBQUMsQ0FBQTtJQUMxRSxDQUFDO0FBQ0gsQ0FBQztBQTFIRCxzRUEwSEM7QUFFRCxTQUFnQiwwQkFBMEIsQ0FBbUMsUUFBVztJQUN0RixNQUFNLGtCQUFrQixHQUFHLGdDQUFnQixDQUFDLFNBQVMsR0FBRyxnQ0FBZ0IsQ0FBQyxhQUFhLENBQUE7SUFDdEYsTUFBTSxpQkFBaUIsR0FBdUIsRUFBRSxDQUFBO0lBQ2hELElBQUksWUFBOEMsQ0FBQTtJQUVsRCxNQUFNLG1CQUFtQixHQUFHLENBQUMsR0FBcUIsRUFBRSxLQUF1QixFQUFFLEVBQUU7UUFDN0U7OztXQUdHO1FBQ0gsYUFBSyxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSwrQkFBK0IsQ0FBQyxDQUFBO1FBQ3RFOzs7V0FHRztRQUNILGFBQUssQ0FBQyxHQUFHLFlBQVkscUNBQWdCLEVBQUUsMENBQTBDLENBQUMsQ0FBQTtRQUVsRixtRUFBbUU7UUFDbkUsYUFBSyxDQUFDLEtBQUssR0FBRyxnQ0FBZ0IsQ0FBQywrQkFBK0IsRUFBRSxzQ0FBc0MsQ0FBQyxDQUFBO1FBRXZHOzs7Ozs7OztXQVFHO1FBQ0gsYUFBSyxDQUFDLENBQUMsQ0FBQyxLQUFLLEdBQUcsa0JBQWtCLENBQUMsRUFBRSxvQ0FBb0MsQ0FBQyxDQUFBO1FBQzFFLFFBQVEsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLEVBQUUsT0FBTyxFQUFFLEdBQUcsQ0FBQyxZQUFZLEVBQUUsWUFBWSxFQUFFLEdBQUcsQ0FBQyxVQUFVLEVBQUUsS0FBSyxFQUFFLENBQUMsQ0FBQTtRQUU5RixpQkFBaUIsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUE7UUFDM0IsT0FBTyxRQUFRLENBQUE7SUFDakIsQ0FBQyxDQUFBO0lBRUQsa0NBQWdCLENBQUMsUUFBUSxFQUFFLHFCQUFxQixFQUFFLG1CQUFtQixDQUFDLENBQUE7SUFDdEUsTUFBTSxDQUFDLGNBQWMsQ0FBQyxRQUFRLEVBQUUsbUJBQW1CLEVBQUU7UUFDbkQscURBQXFEO1FBQ3JELDBCQUEwQjtRQUMxQixHQUFHLEVBQUUsR0FBRyxFQUFFLENBQUMsQ0FBQyxHQUFHLGlCQUFpQixDQUFDO1FBQ2pDLFVBQVUsRUFBRSxJQUFJO0tBQ2pCLENBQUMsQ0FBQTtJQUNGLE1BQU0sZUFBZSxHQUFHLENBQUMsR0FBaUIsRUFBRSxFQUFFO1FBQzVDOzs7V0FHRztRQUNILGFBQUssQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLGNBQWMsRUFBRSxzREFBc0QsQ0FBQyxDQUFBO1FBQzVGLHdGQUF3RjtRQUN4RixhQUFLLENBQUMsQ0FBQyxZQUFZLEVBQUUscUNBQXFDLENBQUMsQ0FBQTtRQUMzRCwrQ0FBK0M7UUFDL0MsYUFBSyxDQUFDLEdBQUcsWUFBWSw0QkFBWSxFQUFFLDZCQUE2QixDQUFDLENBQUE7UUFDakUsWUFBWSxHQUFHLEdBQUcsQ0FBQTtRQUNsQixPQUFPLFFBQVEsQ0FBQTtJQUNqQixDQUFDLENBQUE7SUFDRCxrQ0FBZ0IsQ0FBQyxRQUFRLEVBQUUsaUJBQWlCLEVBQUUsZUFBZSxDQUFDLENBQUE7SUFDOUQsTUFBTSxDQUFDLGNBQWMsQ0FBQyxRQUFRLEVBQUUsY0FBYyxFQUFFO1FBQzlDLEdBQUcsRUFBRSxHQUFHLEVBQUU7WUFDUjs7O2VBR0c7WUFDSCxhQUFLLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsY0FBYyxLQUFLLENBQUMsQ0FBQyxZQUFZLEVBQUUsd0NBQXdDLENBQUMsQ0FBQTtZQUNuRyxPQUFPLFlBQVksQ0FBQTtRQUNyQixDQUFDO1FBQ0QsVUFBVSxFQUFFLElBQUk7S0FDakIsQ0FBQyxDQUFBO0lBRUYsT0FBTyxRQUFRLENBQUE7QUFDakIsQ0FBQztBQXRFRCxnRUFzRUM7QUFFRCxTQUFnQiwwQkFBMEIsQ0FBbUMsUUFBVztJQUN0RixtQkFBbUI7SUFDbkIsSUFBSSxlQUFvRCxDQUFBO0lBQ3hELE1BQU0sa0JBQWtCLEdBQUcsQ0FBQyxHQUFvQixFQUFFLEVBQUU7UUFDbEQ7OztXQUdHO1FBQ0gsYUFBSyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsY0FBYyxFQUFFLHNEQUFzRCxDQUFDLENBQUE7UUFDNUYsOEZBQThGO1FBQzlGLGFBQUssQ0FBQyxDQUFDLGVBQWUsRUFBRSx3Q0FBd0MsQ0FBQyxDQUFBO1FBQ2pFLGtEQUFrRDtRQUNsRCxhQUFLLENBQUMsR0FBRyxZQUFZLCtCQUFlLEVBQUUsNkJBQTZCLENBQUMsQ0FBQTtRQUNwRSxlQUFlLEdBQUcsR0FBRyxDQUFBO1FBQ3JCLE9BQU8sUUFBUSxDQUFBO0lBQ2pCLENBQUMsQ0FBQTtJQUNELGtDQUFnQixDQUFDLFFBQVEsRUFBRSxvQkFBb0IsRUFBRSxrQkFBa0IsQ0FBQyxDQUFBO0lBQ3BFLE1BQU0sQ0FBQyxjQUFjLENBQUMsUUFBUSxFQUFFLGlCQUFpQixFQUFFO1FBQ2pELEdBQUcsRUFBRSxHQUFHLEVBQUU7WUFDUjs7O2VBR0c7WUFDSCxhQUFLLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsY0FBYyxLQUFLLENBQUMsQ0FBQyxlQUFlLEVBQUUsd0NBQXdDLENBQUMsQ0FBQTtZQUN0RyxPQUFPLGVBQWUsQ0FBQTtRQUN4QixDQUFDO1FBQ0QsVUFBVSxFQUFFLElBQUk7S0FDakIsQ0FBQyxDQUFBO0lBRUYsT0FBTyxRQUFRLENBQUE7QUFDakIsQ0FBQztBQTlCRCxnRUE4QkM7QUFFRCxTQUFnQix5QkFBeUIsQ0FBa0MsUUFBVyxFQUFFLFFBQTBCO0lBQ2hILElBQUksU0FBdUUsQ0FBQTtJQUUzRSxNQUFNLFlBQVksR0FBRyxDQUFDLE9BQWlELEVBQUUsS0FBbUIsRUFBRSxFQUFFO1FBQzlGLGlGQUFpRjtRQUNqRixhQUFLLENBQUMsQ0FBQyxTQUFTLEVBQUUsMkJBQTJCLENBQUMsQ0FBQTtRQUM5QyxxREFBcUQ7UUFDckQsYUFBSyxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsSUFBSSx1QkFBdUIsQ0FBQyxPQUFPLENBQUMsRUFBRSwyQkFBMkIsQ0FBQyxDQUFBO1FBQzVGLCtFQUErRTtRQUMvRSxhQUFLLENBQUMsZ0JBQWdCLENBQUMsT0FBTyxFQUFFLFFBQVEsQ0FBQyxFQUFFLG9DQUFvQyxDQUFDLENBQUE7UUFFaEY7O1dBRUc7UUFDSCxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFO1lBQ25DLGlHQUFpRztZQUNqRyxhQUFLLENBQUMsS0FBSyxJQUFJLEtBQUssQ0FBQyxPQUFPLElBQUksS0FBSyxDQUFDLFlBQVksRUFBRSx3QkFBd0IsQ0FBQyxDQUFBO1lBQzdFLHVGQUF1RjtZQUN2RixhQUFLLENBQUMsS0FBSyxDQUFDLEtBQUssR0FBRyxRQUFRLEVBQUUsbUNBQW1DLENBQUMsQ0FBQTtZQUNsRTs7Ozs7ZUFLRztZQUNILFFBQVEsQ0FBQyxzQkFBc0IsRUFBRSxDQUFBO1lBQ2pDLFFBQVEsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFBO1NBQ2xDO1FBRUQsSUFBSSxXQUFXLENBQUMsT0FBTyxDQUFDLEVBQUU7WUFDeEIsU0FBUyxHQUFHLE9BQU8sQ0FBQTtTQUNwQjthQUFNO1lBQ0wsTUFBTSxFQUFFLGlCQUFpQixFQUFFLG9CQUFvQixFQUFFLEdBQUcsT0FBTyxDQUFBO1lBQzNELFNBQVMsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLEVBQUUsaUJBQWlCLEVBQUUsb0JBQW9CLEVBQUUsQ0FBQyxDQUFBO1NBQ3ZFO1FBRUQsT0FBTyxRQUFRLENBQUE7SUFDakIsQ0FBQyxDQUFBO0lBRUQsa0NBQWdCLENBQUMsUUFBUSxFQUFFLGNBQWMsRUFBRSxZQUFZLENBQUMsQ0FBQTtJQUN4RCxNQUFNLFlBQVksR0FBRyxHQUFHLEVBQUU7UUFDeEIsc0VBQXNFO1FBQ3RFLGFBQUssQ0FBQyxTQUFTLEVBQUUsd0JBQXdCLENBQUMsQ0FBQTtRQUMxQyxrREFBa0Q7UUFDbEQsd0RBQXdEO1FBQ3hELE9BQTJELFNBQVMsQ0FBQTtJQUN0RSxDQUFDLENBQUE7SUFDRCxrQ0FBZ0IsQ0FBQyxRQUFRLEVBQUUsY0FBYyxFQUFFLFlBQVksQ0FBQyxDQUFBO0lBRXhELE1BQU0sQ0FBQyxjQUFjLENBQUMsUUFBUSxFQUFFLGNBQWMsRUFBRTtRQUM5QyxHQUFHLEVBQUUsR0FBRyxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVM7UUFDdEIsVUFBVSxFQUFFLElBQUk7S0FDakIsQ0FBQyxDQUFBO0lBRUYsT0FBTyxRQUFRLENBQUE7QUFDakIsQ0FBQztBQXZERCw4REF1REM7QUFFRCxTQUFnQixXQUFXLENBQUUsT0FBWTtJQUN2QyxPQUFPLE9BQU87UUFDWixXQUFXLElBQUksT0FBTztRQUN0QixNQUFNLElBQUksT0FBTztRQUNqQixXQUFXLElBQUksT0FBTztRQUN0QixRQUFRLElBQUksT0FBTztRQUNuQixhQUFhLElBQUksT0FBTyxDQUFBO0FBQzVCLENBQUM7QUFQRCxrQ0FPQztBQUVELFNBQWdCLGdCQUFnQixDQUM5QixPQUFpRCxFQUNqRCxRQUFXO0lBRVgsSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsRUFBRTtRQUN6QixNQUFNLEVBQUUsaUJBQWlCLEVBQUUsb0JBQW9CLEVBQUUsR0FBRyxPQUFPLENBQUE7UUFDM0QsT0FBTyxnQkFBZ0IsQ0FBQyxpQkFBaUIsRUFBRSxRQUFRLENBQUM7WUFDbEQsZ0JBQWdCLENBQUMsb0JBQW9CLEVBQUUsUUFBUSxDQUFDLENBQUE7S0FDbkQ7SUFFRCxNQUFNLEVBQUUsS0FBSyxFQUFFLFdBQVcsRUFBRSxHQUFHLFFBQVEsQ0FBQTtJQUN2QyxNQUFNLEVBQUUsVUFBVSxFQUFFLFNBQVMsRUFBRSxHQUFHLEVBQUUsR0FBRyxLQUFLLENBQUE7SUFFNUM7OztPQUdHO0lBRUgsTUFBTSxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsTUFBTSxFQUFFLFdBQVcsRUFBRSxHQUFHLE9BQU8sQ0FBQTtJQUN4RCw0Q0FBNEM7SUFDNUMsTUFBTSxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsR0FBRyxTQUFTLENBQUE7SUFFbEMsNEJBQTRCO0lBQzVCLE9BQU8sSUFBSSxLQUFLLFFBQVE7UUFDdEIsdUJBQXVCO1FBQ3ZCLENBQUMsQ0FBQyxHQUFHLElBQUksSUFBSSxLQUFLLEdBQUcsQ0FBQztZQUNyQixDQUFDLElBQUksS0FBSyxVQUFVLElBQUksTUFBTSxLQUFLLFNBQVMsQ0FBQyxDQUFDO1FBQy9DOztXQUVHO1FBQ0gsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDekMsOEVBQThFO1FBQzlFLENBQUMsV0FBVyxDQUFBO0FBQ2hCLENBQUM7QUFqQ0QsNENBaUNDO0FBRUQsU0FBUyx1QkFBdUIsQ0FBRSxPQUFZO0lBQzVDLE1BQU0sRUFBRSxpQkFBaUIsRUFBRSxvQkFBb0IsRUFBRSxHQUFHLE9BQU8sQ0FBQTtJQUMzRCxPQUFPLFdBQVcsQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLFdBQVcsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFBO0FBQzVFLENBQUM7QUFFRCxTQUFnQixtQkFBbUIsQ0FBa0MsUUFBVztJQUM5RSxNQUFNLEVBQUUsS0FBSyxFQUFFLEdBQUcsUUFBUSxDQUFBO0lBQzFCLElBQUksS0FBSyxDQUFDLEdBQUc7UUFBRSxPQUFPLFdBQVcsQ0FBQTtJQUNqQyxPQUFPLHlCQUF5QixDQUFDLFFBQVEsQ0FBQyxDQUFBO0FBQzVDLENBQUM7QUFKRCxrREFJQztBQUVELFNBQWdCLHlCQUF5QixDQUFrQyxRQUFXO0lBQ3BGLElBQUksUUFBUSxZQUFZLDJCQUEyQjtRQUFFLE9BQU8sU0FBUyxDQUFBO0lBQ3JFLElBQUksUUFBUSxZQUFZLDJCQUEyQjtRQUFFLE9BQU8sU0FBUyxDQUFBO0lBRXJFLE1BQU0sSUFBSSxLQUFLLENBQUMsc0JBQXNCLENBQUMsQ0FBQTtBQUN6QyxDQUFDO0FBTEQsOERBS0M7QUFFRCxTQUFnQixhQUFhLENBQUUsT0FBb0M7SUFDakUsSUFBSSxPQUFPLFlBQVksVUFBVTtRQUFFLE9BQU8sT0FBTyxDQUFBO0lBQ2pELElBQUkseUJBQWlCLElBQUksT0FBTyxZQUFZLHlCQUFpQixDQUFDLFNBQVM7UUFBRSxPQUFPLE9BQU8sQ0FBQyxNQUFNLEVBQUUsQ0FBQTtJQUVoRyxNQUFNLElBQUksS0FBSyxDQUFDLDBCQUEwQixDQUFDLENBQUE7QUFDN0MsQ0FBQztBQUxELHNDQUtDO0FBRUQsU0FBZ0IsNEJBQTRCLENBQUUsT0FBb0M7SUFDaEYsSUFBSSx5QkFBaUIsRUFBRTtRQUNyQixJQUFJLE9BQU8sWUFBWSxVQUFVLEVBQUU7WUFDakMsTUFBTSxFQUFFLEdBQUcseUJBQWlCLENBQUMsZUFBZSxDQUFDLE9BQU8sQ0FBQyxDQUFBO1lBQ3JELHNFQUFzRTtZQUN0RSxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFBO1lBQ2YsT0FBTyxFQUFFLENBQUE7U0FDVjtRQUNELElBQUksT0FBTyxZQUFZLHlCQUFpQixDQUFDLFNBQVM7WUFBRSxPQUFPLE9BQU8sQ0FBQTtLQUNuRTtTQUFNLElBQUksT0FBTyxZQUFZLFVBQVUsRUFBRTtRQUN4QyxPQUFPLE9BQU8sQ0FBQTtLQUNmO0lBQ0QsTUFBTSxJQUFJLEtBQUssQ0FBQywwQkFBMEIsQ0FBQyxDQUFBO0FBQzdDLENBQUM7QUFiRCxvRUFhQyJ9 |
@@ -16,2 +16,3 @@ export { AlgorithmSuiteIdentifier, AlgorithmSuiteName, AlgorithmSuite } from './algorithm_suites'; | ||
| export { isEncryptionMaterial, isDecryptionMaterial } from './cryptographic_material'; | ||
| export { unwrapDataKey, wrapWithKeyObjectIfSupported } from './cryptographic_material'; | ||
| export { CryptographicMaterial, decorateCryptographicMaterial, decorateWebCryptoMaterial, WebCryptoMaterial } from './cryptographic_material'; | ||
@@ -22,3 +23,4 @@ export { SignatureKey, VerificationKey } from './signature_key'; | ||
| export { needs } from './needs'; | ||
| export { cloneMaterial } from './clone_cryptographic_material'; | ||
| export * from './types'; | ||
| //# sourceMappingURL=index.d.ts.map |
@@ -48,4 +48,7 @@ "use strict"; | ||
| var cryptographic_material_5 = require("./cryptographic_material"); | ||
| exports.decorateCryptographicMaterial = cryptographic_material_5.decorateCryptographicMaterial; | ||
| exports.decorateWebCryptoMaterial = cryptographic_material_5.decorateWebCryptoMaterial; | ||
| exports.unwrapDataKey = cryptographic_material_5.unwrapDataKey; | ||
| exports.wrapWithKeyObjectIfSupported = cryptographic_material_5.wrapWithKeyObjectIfSupported; | ||
| var cryptographic_material_6 = require("./cryptographic_material"); | ||
| exports.decorateCryptographicMaterial = cryptographic_material_6.decorateCryptographicMaterial; | ||
| exports.decorateWebCryptoMaterial = cryptographic_material_6.decorateWebCryptoMaterial; | ||
| var signature_key_1 = require("./signature_key"); | ||
@@ -63,2 +66,4 @@ exports.SignatureKey = signature_key_1.SignatureKey; | ||
| exports.needs = needs_1.needs; | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBOzs7Ozs7Ozs7Ozs7O0dBYUc7O0FBRUgsdURBQWlHO0FBQXhGLHNEQUFBLHdCQUF3QixDQUFBO0FBQXNCLDRDQUFBLGNBQWMsQ0FBQTtBQU1yRSxpRUFBaUU7QUFBeEQsMERBQUEsdUJBQXVCLENBQUE7QUFDaEMscURBQXNEO0FBQTdDLCtDQUFBLGtCQUFrQixDQUFBO0FBRTNCLHFDQUFrRTtBQUF6RCw0QkFBQSxPQUFPLENBQUE7QUFBRSxnQ0FBQSxXQUFXLENBQUE7QUFBRSxxQ0FBQSxnQkFBZ0IsQ0FBQTtBQUMvQyxpREFBZ0U7QUFBekMsMkNBQUEsZ0JBQWdCLENBQUE7QUFDdkMsaURBQXlFO0FBQWhFLDJDQUFBLGdCQUFnQixDQUFBO0FBQUUsZ0RBQUEscUJBQXFCLENBQUE7QUFHaEQsbUVBQXlGO0FBQWhGLDBEQUFBLHNCQUFzQixDQUFBO0FBQUUsMERBQUEsc0JBQXNCLENBQUE7QUFDdkQsbUVBQXdIO0FBQS9HLG9EQUFBLGdCQUFnQixDQUFBO0FBQUUsK0NBQUEsV0FBVyxDQUFBO0FBQUUsdURBQUEsbUJBQW1CLENBQUE7QUFBRSw2REFBQSx5QkFBeUIsQ0FBQTtBQUN0RixtRUFBbUc7QUFBMUYsK0RBQUEsMkJBQTJCLENBQUE7QUFBRSwrREFBQSwyQkFBMkIsQ0FBQTtBQUNqRSxtRUFBcUY7QUFBNUUsd0RBQUEsb0JBQW9CLENBQUE7QUFBRSx3REFBQSxvQkFBb0IsQ0FBQTtBQUNuRCxtRUFBNkk7QUFBN0csaUVBQUEsNkJBQTZCLENBQUE7QUFBRSw2REFBQSx5QkFBeUIsQ0FBQTtBQUN4RixpREFBK0Q7QUFBdEQsdUNBQUEsWUFBWSxDQUFBO0FBQUUsMENBQUEsZUFBZSxDQUFBO0FBQ3RDLDJEQUEwRTtBQUFqRSxnREFBQSxnQkFBZ0IsQ0FBQTtBQUV6QixxREFBcUc7QUFBNUYsK0NBQUEsa0JBQWtCLENBQUE7QUFBRSwyQ0FBQSxjQUFjLENBQUE7QUFBRSx3Q0FBQSxXQUFXLENBQUE7QUFBRSw2Q0FBQSxnQkFBZ0IsQ0FBQTtBQUUxRSxpQ0FBK0I7QUFBdEIsd0JBQUEsS0FBSyxDQUFBIn0= | ||
| var clone_cryptographic_material_1 = require("./clone_cryptographic_material"); | ||
| exports.cloneMaterial = clone_cryptographic_material_1.cloneMaterial; | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBOzs7Ozs7Ozs7Ozs7O0dBYUc7O0FBRUgsdURBQWlHO0FBQXhGLHNEQUFBLHdCQUF3QixDQUFBO0FBQXNCLDRDQUFBLGNBQWMsQ0FBQTtBQU1yRSxpRUFBaUU7QUFBeEQsMERBQUEsdUJBQXVCLENBQUE7QUFDaEMscURBQXNEO0FBQTdDLCtDQUFBLGtCQUFrQixDQUFBO0FBRTNCLHFDQUFrRTtBQUF6RCw0QkFBQSxPQUFPLENBQUE7QUFBRSxnQ0FBQSxXQUFXLENBQUE7QUFBRSxxQ0FBQSxnQkFBZ0IsQ0FBQTtBQUMvQyxpREFBZ0U7QUFBekMsMkNBQUEsZ0JBQWdCLENBQUE7QUFDdkMsaURBQXlFO0FBQWhFLDJDQUFBLGdCQUFnQixDQUFBO0FBQUUsZ0RBQUEscUJBQXFCLENBQUE7QUFHaEQsbUVBQXlGO0FBQWhGLDBEQUFBLHNCQUFzQixDQUFBO0FBQUUsMERBQUEsc0JBQXNCLENBQUE7QUFDdkQsbUVBQXdIO0FBQS9HLG9EQUFBLGdCQUFnQixDQUFBO0FBQUUsK0NBQUEsV0FBVyxDQUFBO0FBQUUsdURBQUEsbUJBQW1CLENBQUE7QUFBRSw2REFBQSx5QkFBeUIsQ0FBQTtBQUN0RixtRUFBbUc7QUFBMUYsK0RBQUEsMkJBQTJCLENBQUE7QUFBRSwrREFBQSwyQkFBMkIsQ0FBQTtBQUNqRSxtRUFBcUY7QUFBNUUsd0RBQUEsb0JBQW9CLENBQUE7QUFBRSx3REFBQSxvQkFBb0IsQ0FBQTtBQUNuRCxtRUFBc0Y7QUFBN0UsaURBQUEsYUFBYSxDQUFBO0FBQUUsZ0VBQUEsNEJBQTRCLENBQUE7QUFDcEQsbUVBQTZJO0FBQTdHLGlFQUFBLDZCQUE2QixDQUFBO0FBQUUsNkRBQUEseUJBQXlCLENBQUE7QUFDeEYsaURBQStEO0FBQXRELHVDQUFBLFlBQVksQ0FBQTtBQUFFLDBDQUFBLGVBQWUsQ0FBQTtBQUN0QywyREFBMEU7QUFBakUsZ0RBQUEsZ0JBQWdCLENBQUE7QUFFekIscURBQXFHO0FBQTVGLCtDQUFBLGtCQUFrQixDQUFBO0FBQUUsMkNBQUEsY0FBYyxDQUFBO0FBQUUsd0NBQUEsV0FBVyxDQUFBO0FBQUUsNkNBQUEsZ0JBQWdCLENBQUE7QUFFMUUsaUNBQStCO0FBQXRCLHdCQUFBLEtBQUssQ0FBQTtBQUNkLCtFQUE4RDtBQUFyRCx1REFBQSxhQUFhLENBQUEifQ== |
@@ -53,4 +53,7 @@ /** | ||
| */ | ||
| WRAPPING_KEY_VERIFIED_ENC_CTX = 16 | ||
| WRAPPING_KEY_VERIFIED_ENC_CTX = 16, | ||
| ENCRYPT_FLAGS = 10, | ||
| SET_FLAGS = 5, | ||
| DECRYPT_FLAGS = 20 | ||
| } | ||
| //# sourceMappingURL=keyring_trace.d.ts.map |
@@ -39,3 +39,21 @@ "use strict"; | ||
| KeyringTraceFlag[KeyringTraceFlag["WRAPPING_KEY_VERIFIED_ENC_CTX"] = 16] = "WRAPPING_KEY_VERIFIED_ENC_CTX"; | ||
| /* KeyringTraceFlags are organized here. | ||
| * The three groupings are set, encrypt, and decrypt. | ||
| * An unencrypted data key is set and is required to have a SET_FLAG. | ||
| * For the encrypt path, the unencrypted data key must be generated. | ||
| * For the decrypt path, the unencrypted data key must be decrypted. | ||
| * | ||
| * A encrypted data key must be encrypted | ||
| * and the encryption context may be signed. | ||
| * | ||
| * When an encrypted data key is decrypted, | ||
| * the encryption context may be verified. | ||
| * | ||
| * This organization is to keep a KeyringTrace for an encrypted data key | ||
| * for listing the WRAPPING_KEY_VERIFIED_ENC_CTX flag. | ||
| */ | ||
| KeyringTraceFlag[KeyringTraceFlag["ENCRYPT_FLAGS"] = 10] = "ENCRYPT_FLAGS"; | ||
| KeyringTraceFlag[KeyringTraceFlag["SET_FLAGS"] = 5] = "SET_FLAGS"; | ||
| KeyringTraceFlag[KeyringTraceFlag["DECRYPT_FLAGS"] = 20] = "DECRYPT_FLAGS"; | ||
| })(KeyringTraceFlag = exports.KeyringTraceFlag || (exports.KeyringTraceFlag = {})); | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5cmluZ190cmFjZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9rZXlyaW5nX3RyYWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQTs7Ozs7Ozs7Ozs7OztHQWFHOztBQW9DSCxJQUFZLGdCQXlCWDtBQXpCRCxXQUFZLGdCQUFnQjtJQUM1Qjs7T0FFRztJQUNELDZHQUFtQyxDQUFBO0lBRXJDOztPQUVHO0lBQ0QsNkdBQTBDLENBQUE7SUFFNUM7O09BRUc7SUFDRCw2R0FBMEMsQ0FBQTtJQUU1Qzs7T0FFRztJQUNELHFHQUFzQyxDQUFBO0lBRXhDOztPQUVHO0lBQ0QsMEdBQXdDLENBQUE7QUFDMUMsQ0FBQyxFQXpCVyxnQkFBZ0IsR0FBaEIsd0JBQWdCLEtBQWhCLHdCQUFnQixRQXlCM0IifQ== | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5cmluZ190cmFjZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9rZXlyaW5nX3RyYWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQTs7Ozs7Ozs7Ozs7OztHQWFHOztBQW9DSCxJQUFZLGdCQStDWDtBQS9DRCxXQUFZLGdCQUFnQjtJQUM1Qjs7T0FFRztJQUNELDZHQUFtQyxDQUFBO0lBRXJDOztPQUVHO0lBQ0QsNkdBQTBDLENBQUE7SUFFNUM7O09BRUc7SUFDRCw2R0FBMEMsQ0FBQTtJQUU1Qzs7T0FFRztJQUNELHFHQUFzQyxDQUFBO0lBRXhDOztPQUVHO0lBQ0QsMEdBQXdDLENBQUE7SUFFeEM7Ozs7Ozs7Ozs7Ozs7O09BY0c7SUFFSCwwRUFBNkUsQ0FBQTtJQUU3RSxpRUFBNkUsQ0FBQTtJQUU3RSwwRUFBK0UsQ0FBQTtBQUNqRixDQUFDLEVBL0NXLGdCQUFnQixHQUFoQix3QkFBZ0IsS0FBaEIsd0JBQWdCLFFBK0MzQiJ9 |
@@ -85,2 +85,3 @@ "use strict"; | ||
| children.unshift(this.generator); | ||
| let childKeyringErrors = []; | ||
| for (const keyring of children) { | ||
@@ -94,11 +95,23 @@ /* Check for early return (Postcondition): Do not attempt to decrypt once I have a valid key. */ | ||
| catch (e) { | ||
| // there should be some debug here? or wrap? | ||
| // Failures onDecrypt should not short-circuit the process | ||
| // If the caller does not have access they may have access | ||
| // through another Keyring. | ||
| /* Failures onDecrypt should not short-circuit the process | ||
| * If the caller does not have access they may have access | ||
| * through another Keyring. | ||
| */ | ||
| childKeyringErrors.push(e); | ||
| } | ||
| } | ||
| /* Postcondition: A child keyring must provide a valid data key or no child keyring must have raised an error. | ||
| * If I have a data key, | ||
| * decrypt errors can be ignored. | ||
| * However, if I was unable to decrypt a data key AND I have errors, | ||
| * these errors should bubble up. | ||
| * Otherwise, the only error customers will see is that | ||
| * the material does not have an unencrypted data key. | ||
| * So I return a concatenated Error message | ||
| */ | ||
| needs_1.needs(material.hasValidKey() || (!material.hasValidKey() && !childKeyringErrors.length), childKeyringErrors | ||
| .reduce((m, e, i) => `${m} Error #${i + 1} \n ${e.stack} \n`, 'Unable to decrypt data key and one or more child keyrings had an error. \n ')); | ||
| return material; | ||
| }; | ||
| } | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibXVsdGlfa2V5cmluZy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9tdWx0aV9rZXlyaW5nLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQTs7Ozs7Ozs7Ozs7OztHQWFHOztBQUVILHVEQUFvRTtBQUNwRSx1Q0FJa0I7QUFFbEIsbUNBQStCO0FBSy9CLE1BQWEsZ0JBQWlCLFNBQVEscUJBQVc7SUFHL0MsWUFBYSxLQUE0QztRQUN2RCxLQUFLLEVBQUUsQ0FBQTtRQUdULGVBQVUsR0FBRyxxQkFBcUIsRUFBc0IsQ0FBQTtRQUN4RCxlQUFVLEdBQUcscUJBQXFCLEVBQXNCLENBQUE7UUFIdEQsa0JBQWtCLENBQUMsSUFBSSxFQUFFLHFCQUFXLEVBQUUsS0FBSyxDQUFDLENBQUE7SUFDOUMsQ0FBQztDQUdGO0FBVEQsNENBU0M7QUFDRCxnQ0FBYyxDQUFDLGdCQUFnQixDQUFDLENBQUE7QUFFaEMsTUFBYSxxQkFBc0IsU0FBUSwwQkFBZ0I7SUFJekQsWUFBYSxLQUFpRDtRQUM1RCxLQUFLLEVBQUUsQ0FBQTtRQUdULGVBQVUsR0FBRyxxQkFBcUIsRUFBMkIsQ0FBQTtRQUM3RCxlQUFVLEdBQUcscUJBQXFCLEVBQTJCLENBQUE7UUFIM0Qsa0JBQWtCLENBQUMsSUFBSSxFQUFFLDBCQUFnQixFQUFFLEtBQUssQ0FBQyxDQUFBO0lBQ25ELENBQUM7Q0FHRjtBQVZELHNEQVVDO0FBQ0QsZ0NBQWMsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFBO0FBRXJDLFNBQVMsa0JBQWtCLENBQ3pCLEdBQXFCLEVBQ3JCLFdBQWdCLEVBQ2hCLEVBQUUsU0FBUyxFQUFFLFFBQVEsR0FBRyxFQUFFLEVBQXdCO0lBRWxELG9EQUFvRDtJQUNwRCxhQUFLLENBQUMsU0FBUyxJQUFJLFFBQVEsQ0FBQyxNQUFNLEVBQUUscUNBQXFDLENBQUMsQ0FBQTtJQUMxRSxnREFBZ0Q7SUFDaEQsYUFBSyxDQUFDLENBQUMsQ0FBQyxTQUFTLEtBQUssU0FBUyxZQUFZLFdBQVcsRUFBRSw2QkFBNkIsQ0FBQyxDQUFBO0lBQ3RGLGtEQUFrRDtJQUNsRCxhQUFLLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLEVBQUUsWUFBWSxXQUFXLENBQUMsRUFBRSx5QkFBeUIsQ0FBQyxDQUFBO0lBRWpGLGtDQUFnQixDQUFDLEdBQUcsRUFBRSxVQUFVLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsS0FBSyxFQUFFLENBQUMsQ0FBQyxDQUFBO0lBQ2xFLGtDQUFnQixDQUFDLEdBQUcsRUFBRSxXQUFXLEVBQUUsU0FBUyxDQUFDLENBQUE7QUFDL0MsQ0FBQztBQUVELFNBQVMscUJBQXFCO0lBQzVCLE9BQU8sS0FBSyxVQUFVLFVBQVUsQ0FFOUIsUUFBK0I7UUFFL0I7Ozs7OztXQU1HO1FBQ0gsYUFBSyxDQUFDLENBQUMsUUFBUSxDQUFDLHFCQUFxQixDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxJQUFJLEVBQUUsMEVBQTBFLENBQUMsQ0FBQTtRQUUxSSxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsU0FBUztZQUM5QixDQUFDLENBQUMsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUM7WUFDMUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQTtRQUVaLHlFQUF5RTtRQUN6RSxhQUFLLENBQUMsU0FBUyxDQUFDLHFCQUFxQixFQUFFLCtDQUErQyxDQUFDLENBQUE7UUFFdkY7Ozs7O1dBS0c7UUFDSCxLQUFLLE1BQU0sT0FBTyxJQUFJLElBQUksQ0FBQyxRQUFRLEVBQUU7WUFDbkMsTUFBTSxPQUFPLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxDQUFBO1NBQ25DO1FBRUQsNEVBQTRFO1FBQzVFLDBFQUEwRTtRQUMxRSxtQkFBbUI7UUFDbkIsT0FBTyxTQUFTLENBQUE7SUFDbEIsQ0FBQyxDQUFBO0FBQ0gsQ0FBQztBQUVELFNBQVMscUJBQXFCO0lBQzVCLE9BQU8sS0FBSyxVQUFVLFVBQVUsQ0FFOUIsUUFBK0IsRUFDL0IsaUJBQXFDO1FBRXJDLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsS0FBSyxFQUFFLENBQUE7UUFDdEMsSUFBSSxJQUFJLENBQUMsU0FBUztZQUFFLFFBQVEsQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFBO1FBRXBELEtBQUssTUFBTSxPQUFPLElBQUksUUFBUSxFQUFFO1lBQ2hDLGdHQUFnRztZQUM5RixJQUFJLFFBQVEsQ0FBQyxXQUFXLEVBQUU7Z0JBQUUsT0FBTyxRQUFRLENBQUE7WUFFM0MsSUFBSTtnQkFDRixNQUFNLE9BQU8sQ0FBQyxTQUFTLENBQUMsUUFBUSxFQUFFLGlCQUFpQixDQUFDLENBQUE7YUFDckQ7WUFBQyxPQUFPLENBQUMsRUFBRTtnQkFDWiw2Q0FBNkM7Z0JBQzdDLDBEQUEwRDtnQkFDMUQsMERBQTBEO2dCQUMxRCwyQkFBMkI7YUFDMUI7U0FDRjtRQUNELE9BQU8sUUFBUSxDQUFBO0lBQ2pCLENBQUMsQ0FBQTtBQUNILENBQUMifQ== | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibXVsdGlfa2V5cmluZy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9tdWx0aV9rZXlyaW5nLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQTs7Ozs7Ozs7Ozs7OztHQWFHOztBQUVILHVEQUFvRTtBQUNwRSx1Q0FJa0I7QUFFbEIsbUNBQStCO0FBSy9CLE1BQWEsZ0JBQWlCLFNBQVEscUJBQVc7SUFHL0MsWUFBYSxLQUE0QztRQUN2RCxLQUFLLEVBQUUsQ0FBQTtRQUdULGVBQVUsR0FBRyxxQkFBcUIsRUFBc0IsQ0FBQTtRQUN4RCxlQUFVLEdBQUcscUJBQXFCLEVBQXNCLENBQUE7UUFIdEQsa0JBQWtCLENBQUMsSUFBSSxFQUFFLHFCQUFXLEVBQUUsS0FBSyxDQUFDLENBQUE7SUFDOUMsQ0FBQztDQUdGO0FBVEQsNENBU0M7QUFDRCxnQ0FBYyxDQUFDLGdCQUFnQixDQUFDLENBQUE7QUFFaEMsTUFBYSxxQkFBc0IsU0FBUSwwQkFBZ0I7SUFJekQsWUFBYSxLQUFpRDtRQUM1RCxLQUFLLEVBQUUsQ0FBQTtRQUdULGVBQVUsR0FBRyxxQkFBcUIsRUFBMkIsQ0FBQTtRQUM3RCxlQUFVLEdBQUcscUJBQXFCLEVBQTJCLENBQUE7UUFIM0Qsa0JBQWtCLENBQUMsSUFBSSxFQUFFLDBCQUFnQixFQUFFLEtBQUssQ0FBQyxDQUFBO0lBQ25ELENBQUM7Q0FHRjtBQVZELHNEQVVDO0FBQ0QsZ0NBQWMsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFBO0FBRXJDLFNBQVMsa0JBQWtCLENBQ3pCLEdBQXFCLEVBQ3JCLFdBQWdCLEVBQ2hCLEVBQUUsU0FBUyxFQUFFLFFBQVEsR0FBRyxFQUFFLEVBQXdCO0lBRWxELG9EQUFvRDtJQUNwRCxhQUFLLENBQUMsU0FBUyxJQUFJLFFBQVEsQ0FBQyxNQUFNLEVBQUUscUNBQXFDLENBQUMsQ0FBQTtJQUMxRSxnREFBZ0Q7SUFDaEQsYUFBSyxDQUFDLENBQUMsQ0FBQyxTQUFTLEtBQUssU0FBUyxZQUFZLFdBQVcsRUFBRSw2QkFBNkIsQ0FBQyxDQUFBO0lBQ3RGLGtEQUFrRDtJQUNsRCxhQUFLLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLEVBQUUsWUFBWSxXQUFXLENBQUMsRUFBRSx5QkFBeUIsQ0FBQyxDQUFBO0lBRWpGLGtDQUFnQixDQUFDLEdBQUcsRUFBRSxVQUFVLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsS0FBSyxFQUFFLENBQUMsQ0FBQyxDQUFBO0lBQ2xFLGtDQUFnQixDQUFDLEdBQUcsRUFBRSxXQUFXLEVBQUUsU0FBUyxDQUFDLENBQUE7QUFDL0MsQ0FBQztBQUVELFNBQVMscUJBQXFCO0lBQzVCLE9BQU8sS0FBSyxVQUFVLFVBQVUsQ0FFOUIsUUFBK0I7UUFFL0I7Ozs7OztXQU1HO1FBQ0gsYUFBSyxDQUFDLENBQUMsUUFBUSxDQUFDLHFCQUFxQixDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxJQUFJLEVBQUUsMEVBQTBFLENBQUMsQ0FBQTtRQUUxSSxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsU0FBUztZQUM5QixDQUFDLENBQUMsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUM7WUFDMUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQTtRQUVaLHlFQUF5RTtRQUN6RSxhQUFLLENBQUMsU0FBUyxDQUFDLHFCQUFxQixFQUFFLCtDQUErQyxDQUFDLENBQUE7UUFFdkY7Ozs7O1dBS0c7UUFDSCxLQUFLLE1BQU0sT0FBTyxJQUFJLElBQUksQ0FBQyxRQUFRLEVBQUU7WUFDbkMsTUFBTSxPQUFPLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxDQUFBO1NBQ25DO1FBRUQsNEVBQTRFO1FBQzVFLDBFQUEwRTtRQUMxRSxtQkFBbUI7UUFDbkIsT0FBTyxTQUFTLENBQUE7SUFDbEIsQ0FBQyxDQUFBO0FBQ0gsQ0FBQztBQUVELFNBQVMscUJBQXFCO0lBQzVCLE9BQU8sS0FBSyxVQUFVLFVBQVUsQ0FFOUIsUUFBK0IsRUFDL0IsaUJBQXFDO1FBRXJDLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsS0FBSyxFQUFFLENBQUE7UUFDdEMsSUFBSSxJQUFJLENBQUMsU0FBUztZQUFFLFFBQVEsQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFBO1FBRXBELElBQUksa0JBQWtCLEdBQVksRUFBRSxDQUFBO1FBRXBDLEtBQUssTUFBTSxPQUFPLElBQUksUUFBUSxFQUFFO1lBQ2hDLGdHQUFnRztZQUM5RixJQUFJLFFBQVEsQ0FBQyxXQUFXLEVBQUU7Z0JBQUUsT0FBTyxRQUFRLENBQUE7WUFFM0MsSUFBSTtnQkFDRixNQUFNLE9BQU8sQ0FBQyxTQUFTLENBQUMsUUFBUSxFQUFFLGlCQUFpQixDQUFDLENBQUE7YUFDckQ7WUFBQyxPQUFPLENBQUMsRUFBRTtnQkFDWjs7O21CQUdHO2dCQUNELGtCQUFrQixDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQTthQUMzQjtTQUNGO1FBRUQ7Ozs7Ozs7O1dBUUc7UUFDSCxhQUFLLENBQUMsUUFBUSxDQUFDLFdBQVcsRUFBRSxJQUFJLENBQUMsQ0FBQyxRQUFRLENBQUMsV0FBVyxFQUFFLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxNQUFNLENBQUMsRUFDbkYsa0JBQWtCO2FBQ2pCLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsQ0FBQyxLQUFLLEtBQUssRUFDMUQsNkVBQTZFLENBQUMsQ0FBQyxDQUFBO1FBRXJGLE9BQU8sUUFBUSxDQUFBO0lBQ2pCLENBQUMsQ0FBQTtBQUNILENBQUMifQ== |
@@ -0,1 +1,2 @@ | ||
| /// <reference types="node" /> | ||
| import { NodeAlgorithmSuite } from './node_algorithms'; | ||
@@ -37,2 +38,24 @@ import { WebCryptoAlgorithmSuite } from './web_crypto_algorithms'; | ||
| export declare type DecryptionMaterial<Suite> = Suite extends NodeAlgorithmSuite ? NodeDecryptionMaterial : Suite extends WebCryptoAlgorithmSuite ? WebCryptoDecryptionMaterial : never; | ||
| export declare type AwsEsdkKeyObjectType = 'secret' | 'public' | 'private'; | ||
| export declare type AwsEsdkKeyFormat = 'pem' | 'der'; | ||
| export declare type AwsEsdkKeyType = 'rsa' | 'dsa' | 'ec'; | ||
| export interface AwsEsdkKeyExportOptions<T extends AwsEsdkKeyFormat> { | ||
| type: 'pkcs1' | 'spki' | 'pkcs8' | 'sec1'; | ||
| format: T; | ||
| cipher?: string; | ||
| passphrase?: string | Buffer; | ||
| } | ||
| export interface AwsEsdkKeyObject { | ||
| asymmetricKeyType?: AwsEsdkKeyType; | ||
| /** | ||
| * For asymmetric keys, this property represents the size of the embedded key in | ||
| * bytes. This property is `undefined` for symmetric keys. | ||
| */ | ||
| asymmetricKeySize?: number; | ||
| export(options: AwsEsdkKeyExportOptions<'pem'>): string | Buffer; | ||
| export(options?: AwsEsdkKeyExportOptions<'der'>): Buffer; | ||
| symmetricSize?: number; | ||
| type: AwsEsdkKeyObjectType; | ||
| } | ||
| export declare type AwsEsdkCreateSecretKey = (key: Uint8Array) => AwsEsdkKeyObject; | ||
| //# sourceMappingURL=types.d.ts.map |
@@ -1,2 +0,8 @@ | ||
| import { MixedBackendCryptoKey, SupportedAlgorithmSuites, AwsEsdkJsCryptoKey, AwsEsdkJsKeyUsage, EncryptionContext } from './types'; | ||
| import { MixedBackendCryptoKey, // eslint-disable-line no-unused-vars | ||
| SupportedAlgorithmSuites, // eslint-disable-line no-unused-vars | ||
| AwsEsdkJsCryptoKey, // eslint-disable-line no-unused-vars | ||
| AwsEsdkJsKeyUsage, // eslint-disable-line no-unused-vars | ||
| EncryptionContext, // eslint-disable-line no-unused-vars | ||
| AwsEsdkKeyObject, // eslint-disable-line no-unused-vars | ||
| AwsEsdkCreateSecretKey } from './types'; | ||
| import { EncryptedDataKey } from './encrypted_data_key'; | ||
@@ -7,2 +13,9 @@ import { SignatureKey, VerificationKey } from './signature_key'; | ||
| import { WebCryptoAlgorithmSuite } from './web_crypto_algorithms'; | ||
| interface AwsEsdkKeyObjectInstanceOf { | ||
| new (): AwsEsdkKeyObject; | ||
| } | ||
| export declare const supportsKeyObject: boolean | { | ||
| KeyObject: AwsEsdkKeyObjectInstanceOf; | ||
| createSecretKey: AwsEsdkCreateSecretKey; | ||
| }; | ||
| export interface FunctionalCryptographicMaterial { | ||
@@ -13,7 +26,6 @@ hasValidKey: () => boolean; | ||
| suite: SupportedAlgorithmSuites; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array, trace: KeyringTrace) => T; | ||
| getUnencryptedDataKey: () => Uint8Array; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array | AwsEsdkKeyObject, trace: KeyringTrace) => T; | ||
| getUnencryptedDataKey: () => Uint8Array | AwsEsdkKeyObject; | ||
| zeroUnencryptedDataKey: () => T; | ||
| hasUnencryptedDataKey: boolean; | ||
| unencryptedDataKeyLength: number; | ||
| keyringTrace: KeyringTrace[]; | ||
@@ -40,7 +52,6 @@ encryptionContext: Readonly<EncryptionContext>; | ||
| suite: NodeAlgorithmSuite; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array, trace: KeyringTrace) => NodeEncryptionMaterial; | ||
| getUnencryptedDataKey: () => Uint8Array; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array | AwsEsdkKeyObject, trace: KeyringTrace) => NodeEncryptionMaterial; | ||
| getUnencryptedDataKey: () => Uint8Array | AwsEsdkKeyObject; | ||
| zeroUnencryptedDataKey: () => NodeEncryptionMaterial; | ||
| hasUnencryptedDataKey: boolean; | ||
| unencryptedDataKeyLength: number; | ||
| keyringTrace: KeyringTrace[]; | ||
@@ -57,7 +68,6 @@ encryptedDataKeys: EncryptedDataKey[]; | ||
| suite: NodeAlgorithmSuite; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array, trace: KeyringTrace) => NodeDecryptionMaterial; | ||
| getUnencryptedDataKey: () => Uint8Array; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array | AwsEsdkKeyObject, trace: KeyringTrace) => NodeDecryptionMaterial; | ||
| getUnencryptedDataKey: () => Uint8Array | AwsEsdkKeyObject; | ||
| zeroUnencryptedDataKey: () => NodeDecryptionMaterial; | ||
| hasUnencryptedDataKey: boolean; | ||
| unencryptedDataKeyLength: number; | ||
| keyringTrace: KeyringTrace[]; | ||
@@ -72,7 +82,6 @@ setVerificationKey: (key: VerificationKey) => NodeDecryptionMaterial; | ||
| suite: WebCryptoAlgorithmSuite; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array, trace: KeyringTrace) => WebCryptoEncryptionMaterial; | ||
| getUnencryptedDataKey: () => Uint8Array; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array | AwsEsdkKeyObject, trace: KeyringTrace) => WebCryptoEncryptionMaterial; | ||
| getUnencryptedDataKey: () => Uint8Array | AwsEsdkKeyObject; | ||
| zeroUnencryptedDataKey: () => WebCryptoEncryptionMaterial; | ||
| hasUnencryptedDataKey: boolean; | ||
| unencryptedDataKeyLength: number; | ||
| keyringTrace: KeyringTrace[]; | ||
@@ -93,7 +102,6 @@ encryptedDataKeys: EncryptedDataKey[]; | ||
| suite: WebCryptoAlgorithmSuite; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array, trace: KeyringTrace) => WebCryptoDecryptionMaterial; | ||
| getUnencryptedDataKey: () => Uint8Array; | ||
| setUnencryptedDataKey: (dataKey: Uint8Array | AwsEsdkKeyObject, trace: KeyringTrace) => WebCryptoDecryptionMaterial; | ||
| getUnencryptedDataKey: () => Uint8Array | AwsEsdkKeyObject; | ||
| zeroUnencryptedDataKey: () => WebCryptoDecryptionMaterial; | ||
| hasUnencryptedDataKey: boolean; | ||
| unencryptedDataKeyLength: number; | ||
| keyringTrace: KeyringTrace[]; | ||
@@ -112,3 +120,3 @@ setVerificationKey: (key: VerificationKey) => WebCryptoDecryptionMaterial; | ||
| export declare function isDecryptionMaterial(obj: any): obj is WebCryptoDecryptionMaterial | NodeDecryptionMaterial; | ||
| export declare function decorateCryptographicMaterial<T extends CryptographicMaterial<T>>(material: T, setFlags: KeyringTraceFlag): T; | ||
| export declare function decorateCryptographicMaterial<T extends CryptographicMaterial<T>>(material: T, setFlag: KeyringTraceFlag): T; | ||
| export declare function decorateEncryptionMaterial<T extends EncryptionMaterial<T>>(material: T): T; | ||
@@ -121,2 +129,5 @@ export declare function decorateDecryptionMaterial<T extends DecryptionMaterial<T>>(material: T): T; | ||
| export declare function subtleFunctionForMaterial<T extends WebCryptoMaterial<T>>(material: T): "encrypt" | "decrypt"; | ||
| export declare function unwrapDataKey(dataKey: Uint8Array | AwsEsdkKeyObject): Uint8Array; | ||
| export declare function wrapWithKeyObjectIfSupported(dataKey: Uint8Array | AwsEsdkKeyObject): Uint8Array | AwsEsdkKeyObject; | ||
| export {}; | ||
| //# sourceMappingURL=cryptographic_material.d.ts.map |
@@ -22,2 +22,13 @@ /* | ||
| import { needs } from './needs'; | ||
| export const supportsKeyObject = (function () { | ||
| try { | ||
| const { KeyObject, createSecretKey } = require('crypto'); | ||
| if (!KeyObject || !createSecretKey) | ||
| return false; | ||
| return { KeyObject, createSecretKey }; | ||
| } | ||
| catch (ex) { | ||
| return false; | ||
| } | ||
| })(); | ||
| /* | ||
@@ -39,33 +50,34 @@ * This public interface to the CryptographicMaterial object is provided for | ||
| */ | ||
| let timingSafeEqual; | ||
| try { | ||
| /* It is possible for `require` to return an empty object, or an object | ||
| * that does not implement `timingSafeEqual`. | ||
| * in this case I need a fallback | ||
| */ | ||
| const { timingSafeEqual: nodeTimingSafeEqual } = require('crypto'); | ||
| timingSafeEqual = nodeTimingSafeEqual || portableTimingSafeEqual; | ||
| } | ||
| catch (e) { | ||
| timingSafeEqual = portableTimingSafeEqual; | ||
| } | ||
| /* https://codahale.com/a-lesson-in-timing-attacks/ */ | ||
| function portableTimingSafeEqual(a, b) { | ||
| /* It is *possible* that a runtime could optimize this constant time function. | ||
| * Adding `eval` should prevent the optimization, but this is no grantee. | ||
| * If you copy this function for your own use, make sure to educate yourself. | ||
| * Side channel attacks are pernicious and subtle. | ||
| */ | ||
| eval(''); // eslint-disable-line no-eval | ||
| /* Check for early return (Postcondition) UNTESTED: Size is well-know information. | ||
| * and does not leak information about contents. | ||
| */ | ||
| if (a.byteLength !== b.byteLength) | ||
| return false; | ||
| let diff = 0; | ||
| for (let i = 0; i < b.length; i++) { | ||
| diff |= a[i] ^ b[i]; | ||
| const timingSafeEqual = (function () { | ||
| try { | ||
| /* It is possible for `require` to return an empty object, or an object | ||
| * that does not implement `timingSafeEqual`. | ||
| * in this case I need a fallback | ||
| */ | ||
| const { timingSafeEqual: nodeTimingSafeEqual } = require('crypto'); | ||
| return nodeTimingSafeEqual || portableTimingSafeEqual; | ||
| } | ||
| return (diff === 0); | ||
| } | ||
| catch (e) { | ||
| return portableTimingSafeEqual; | ||
| } | ||
| /* https://codahale.com/a-lesson-in-timing-attacks/ */ | ||
| function portableTimingSafeEqual(a, b) { | ||
| /* It is *possible* that a runtime could optimize this constant time function. | ||
| * Adding `eval` should prevent the optimization, but this is no grantee. | ||
| * If you copy this function for your own use, make sure to educate yourself. | ||
| * Side channel attacks are pernicious and subtle. | ||
| */ | ||
| eval(''); // eslint-disable-line no-eval | ||
| /* Check for early return (Postcondition) UNTESTED: Size is well-know information. | ||
| * and does not leak information about contents. | ||
| */ | ||
| if (a.byteLength !== b.byteLength) | ||
| return false; | ||
| let diff = 0; | ||
| for (let i = 0; i < b.length; i++) { | ||
| diff |= a[i] ^ b[i]; | ||
| } | ||
| return (diff === 0); | ||
| } | ||
| })(); | ||
| export class NodeEncryptionMaterial { | ||
@@ -165,3 +177,14 @@ constructor(suite, encryptionContext) { | ||
| } | ||
| export function decorateCryptographicMaterial(material, setFlags) { | ||
| export function decorateCryptographicMaterial(material, setFlag) { | ||
| /* Precondition: setFlag must be in the set of KeyringTraceFlag.SET_FLAGS. */ | ||
| needs(setFlag & KeyringTraceFlag.SET_FLAGS, 'Invalid setFlag'); | ||
| /* When a KeyringTraceFlag is passed to setUnencryptedDataKey, | ||
| * it must be valid for the type of material. | ||
| * It is invalid to claim that EncryptionMaterial were decrypted. | ||
| */ | ||
| const deniedSetFlags = (KeyringTraceFlag.SET_FLAGS ^ setFlag) | (setFlag === KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY | ||
| ? KeyringTraceFlag.DECRYPT_FLAGS | ||
| : setFlag === KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY | ||
| ? KeyringTraceFlag.ENCRYPT_FLAGS | ||
| : 0); | ||
| let unencryptedDataKeyZeroed = false; | ||
@@ -175,24 +198,9 @@ let unencryptedDataKey; | ||
| const setUnencryptedDataKey = (dataKey, trace) => { | ||
| /* Precondition: unencryptedDataKey must not be set. Modifying the unencryptedDataKey is denied */ | ||
| needs(!unencryptedDataKey, 'unencryptedDataKey has already been set'); | ||
| /* Precondition: dataKey must be Binary Data */ | ||
| needs(dataKey instanceof Uint8Array, 'dataKey must be a Uint8Array'); | ||
| /* Precondition: dataKey should have an ArrayBuffer that *only* stores the key. | ||
| * This is a simple check to make sure that the key is not stored on | ||
| * a large potentially shared ArrayBuffer. | ||
| * If this was the case, it may be possible to find or manipulate. | ||
| */ | ||
| needs(dataKey.byteOffset === 0, 'Unencrypted Master Key must be an isolated buffer.'); | ||
| /* Precondition: The data key length must agree with algorithm specification. | ||
| * If this is not the case, it either means ciphertext was tampered | ||
| * with or the keyring implementation is not setting the length properly. | ||
| */ | ||
| needs(dataKey.byteLength === material.suite.keyLengthBytes, 'Key length does not agree with the algorithm specification.'); | ||
| /* Precondition: Trace must be set, and the flag must indicate that the data key was generated. */ | ||
| needs(trace && trace.keyName && trace.keyNamespace, 'Malformed KeyringTrace'); | ||
| /* Precondition: On set the required KeyringTraceFlag must be set. */ | ||
| needs(trace.flags & setFlags, 'Required KeyringTraceFlag not set'); | ||
| /* Avoid making unnecessary copies of the dataKey. */ | ||
| const tempUdk = dataKey instanceof Uint8Array ? dataKey : unwrapDataKey(dataKey); | ||
| /* All security conditions are tested here and failures will throw. */ | ||
| verifyUnencryptedDataKeyForSet(tempUdk, trace); | ||
| unencryptedDataKey = wrapWithKeyObjectIfSupported(dataKey); | ||
| udkForVerification = new Uint8Array(tempUdk); | ||
| material.keyringTrace.push(trace); | ||
| unencryptedDataKey = dataKey; | ||
| udkForVerification = new Uint8Array(dataKey); | ||
| return material; | ||
@@ -207,4 +215,8 @@ }; | ||
| needs(!unencryptedDataKeyZeroed, 'unencryptedDataKey has been zeroed.'); | ||
| /* Precondition: The unencryptedDataKey must not have been modified. */ | ||
| needs(timingSafeEqual(udkForVerification, unencryptedDataKey), 'unencryptedDataKey has been corrupted.'); | ||
| /* Precondition: The unencryptedDataKey must not have been modified. | ||
| * If the unencryptedDataKey is a KeyObject, | ||
| * then the security around modification is handled in C. | ||
| * Do not duplicate the secret just to check... | ||
| */ | ||
| needs(!(unencryptedDataKey instanceof Uint8Array) || timingSafeEqual(udkForVerification, unwrapDataKey(unencryptedDataKey)), 'unencryptedDataKey has been corrupted.'); | ||
| return unencryptedDataKey; | ||
@@ -236,2 +248,8 @@ }; | ||
| } | ||
| /* The KeyObject manages its own ref counter. | ||
| * Once there are no more users, it will clean the memory. | ||
| */ | ||
| if (!(unencryptedDataKey instanceof Uint8Array)) { | ||
| unencryptedDataKey = new Uint8Array(); | ||
| } | ||
| unencryptedDataKey.fill(0); | ||
@@ -247,17 +265,2 @@ udkForVerification.fill(0); | ||
| }; | ||
| Object.defineProperty(material, 'unencryptedDataKeyLength', { | ||
| get: () => { | ||
| /* Precondition: The unencryptedDataKey must be set to have a length. */ | ||
| needs(unencryptedDataKey, 'unencryptedDataKey has not been set'); | ||
| /* Precondition: the unencryptedDataKey must not be Zeroed out. | ||
| * returning information about the data key, | ||
| * while not the worst thing may indicate misuse. | ||
| * Checking the algorithm specification is the proper way | ||
| * to do this | ||
| */ | ||
| needs(!unencryptedDataKeyZeroed, 'unencryptedDataKey has been zeroed.'); | ||
| return unencryptedDataKey.byteLength; | ||
| }, | ||
| enumerable: true | ||
| }); | ||
| readOnlyProperty(material, 'setUnencryptedDataKey', setUnencryptedDataKey); | ||
@@ -267,4 +270,30 @@ readOnlyProperty(material, 'getUnencryptedDataKey', getUnencryptedDataKey); | ||
| return material; | ||
| function verifyUnencryptedDataKeyForSet(dataKey, trace) { | ||
| /* Precondition: unencryptedDataKey must not be set. Modifying the unencryptedDataKey is denied */ | ||
| needs(!unencryptedDataKey, 'unencryptedDataKey has already been set'); | ||
| /* Precondition: dataKey must be Binary Data */ | ||
| needs(dataKey instanceof Uint8Array, 'dataKey must be a Uint8Array'); | ||
| /* Precondition: dataKey should have an ArrayBuffer that *only* stores the key. | ||
| * This is a simple check to make sure that the key is not stored on | ||
| * a large potentially shared ArrayBuffer. | ||
| * If this was the case, it may be possible to find or manipulate. | ||
| */ | ||
| needs(dataKey.byteOffset === 0, 'Unencrypted Master Key must be an isolated buffer.'); | ||
| /* Precondition: The data key length must agree with algorithm specification. | ||
| * If this is not the case, it either means ciphertext was tampered | ||
| * with or the keyring implementation is not setting the length properly. | ||
| */ | ||
| needs(dataKey.byteLength === material.suite.keyLengthBytes, 'Key length does not agree with the algorithm specification.'); | ||
| /* Precondition: Trace must be set, and the flag must indicate that the data key was generated. */ | ||
| needs(trace && trace.keyName && trace.keyNamespace, 'Malformed KeyringTrace'); | ||
| /* Precondition: On set the required KeyringTraceFlag must be set. */ | ||
| needs(trace.flags & setFlag, 'Required KeyringTraceFlag not set'); | ||
| /* Precondition: Only valid flags are allowed. | ||
| * An unencrypted data key can not be both generated and decrypted. | ||
| */ | ||
| needs(!(trace.flags & deniedSetFlags), 'Invalid KeyringTraceFlags set.'); | ||
| } | ||
| } | ||
| export function decorateEncryptionMaterial(material) { | ||
| const deniedEncryptFlags = KeyringTraceFlag.SET_FLAGS | KeyringTraceFlag.DECRYPT_FLAGS; | ||
| const encryptedDataKeys = []; | ||
@@ -285,13 +314,13 @@ let signatureKey; | ||
| needs(flags & KeyringTraceFlag.WRAPPING_KEY_ENCRYPTED_DATA_KEY, 'Encrypted data key flag must be set.'); | ||
| /* When the unencrypted data key is first set, a given wrapping key may or may not also encrypt that key. | ||
| * This means that the first EDK that is added may already have a trace. | ||
| * The flags for the EDK and the existing trace should be merged iif this is the first EDK | ||
| * and the only existing trace corresponds to this EDK. | ||
| /* Precondition: flags must not include a setFlag or a decrypt flag. | ||
| * The setFlag is reserved for setting the unencrypted data key | ||
| * and must only occur once in the set of KeyringTrace flags. | ||
| * The two setFlags in use are: | ||
| * KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY | ||
| * KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY | ||
| * | ||
| * KeyringTraceFlag.WRAPPING_KEY_VERIFIED_ENC_CTX is reserved for the decrypt path | ||
| */ | ||
| if (firstEdkAndTraceMatch(encryptedDataKeys, material.keyringTrace, edk)) { | ||
| material.keyringTrace[0].flags |= flags; | ||
| } | ||
| else { | ||
| material.keyringTrace.push({ keyName: edk.providerInfo, keyNamespace: edk.providerId, flags }); | ||
| } | ||
| needs(!(flags & deniedEncryptFlags), 'Invalid flag for EncryptedDataKey.'); | ||
| material.keyringTrace.push({ keyName: edk.providerInfo, keyNamespace: edk.providerId, flags }); | ||
| encryptedDataKeys.push(edk); | ||
@@ -334,9 +363,2 @@ return material; | ||
| } | ||
| /* Verify that the this is the first EDK and that it matches the 1 and only 1 trace. */ | ||
| function firstEdkAndTraceMatch(edks, traces, edk) { | ||
| return edks.length === 0 && | ||
| traces.length === 1 && | ||
| edk.providerId === traces[0].keyNamespace && | ||
| edk.providerInfo === traces[0].keyName; | ||
| } | ||
| export function decorateDecryptionMaterial(material) { | ||
@@ -474,2 +496,25 @@ // Verification Key | ||
| } | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY3J5cHRvZ3JhcGhpY19tYXRlcmlhbC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9jcnlwdG9ncmFwaGljX21hdGVyaWFsLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7Ozs7Ozs7O0dBYUc7QUFHSCxPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQTtBQUN2RCxPQUFPLEVBQUUsWUFBWSxFQUFFLGVBQWUsRUFBRSxNQUFNLGlCQUFpQixDQUFBO0FBQy9ELE9BQU8sRUFBRSxXQUFXLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxtQkFBbUIsQ0FBQTtBQUNqRSxPQUFPLEVBQWdCLGdCQUFnQixFQUFFLE1BQU0saUJBQWlCLENBQUEsQ0FBQyxxQ0FBcUM7QUFDdEcsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sbUJBQW1CLENBQUE7QUFDdEQsT0FBTyxFQUFFLHVCQUF1QixFQUFFLE1BQU0seUJBQXlCLENBQUE7QUFDakUsT0FBTyxFQUFFLEtBQUssRUFBRSxNQUFNLFNBQVMsQ0FBQTtBQUUvQjs7Ozs7Ozs7Ozs7Ozs7O0dBZUc7QUFFSCxJQUFJLGVBQTBELENBQUE7QUFDOUQsSUFBSTtJQUNGOzs7T0FHRztJQUNILE1BQU0sRUFBRSxlQUFlLEVBQUUsbUJBQW1CLEVBQUUsR0FBRyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUE7SUFDbEUsZUFBZSxHQUFHLG1CQUFtQixJQUFJLHVCQUF1QixDQUFBO0NBQ2pFO0FBQUMsT0FBTyxDQUFDLEVBQUU7SUFDVixlQUFlLEdBQUcsdUJBQXVCLENBQUE7Q0FDMUM7QUFDRCxzREFBc0Q7QUFDdEQsU0FBUyx1QkFBdUIsQ0FBRSxDQUFhLEVBQUUsQ0FBYTtJQUM1RDs7OztPQUlHO0lBQ0gsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFBLENBQUMsOEJBQThCO0lBQ3ZDOztPQUVHO0lBQ0gsSUFBSSxDQUFDLENBQUMsVUFBVSxLQUFLLENBQUMsQ0FBQyxVQUFVO1FBQUUsT0FBTyxLQUFLLENBQUE7SUFFL0MsSUFBSSxJQUFJLEdBQUcsQ0FBQyxDQUFBO0lBQ1osS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLEVBQUU7UUFDakMsSUFBSSxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUE7S0FDcEI7SUFDRCxPQUFPLENBQUMsSUFBSSxLQUFLLENBQUMsQ0FBQyxDQUFBO0FBQ3JCLENBQUM7QUFvQ0QsTUFBTSxPQUFPLHNCQUFzQjtJQWVqQyxZQUFhLEtBQXlCLEVBQUUsaUJBQW9DO1FBTjVFLGlCQUFZLEdBQW1CLEVBQUUsQ0FBQTtRQU8vQiw0RUFBNEU7UUFDNUUsS0FBSyxDQUFDLEtBQUssWUFBWSxrQkFBa0IsRUFBRSxvQ0FBb0MsQ0FBQyxDQUFBO1FBQ2hGLElBQUksQ0FBQyxLQUFLLEdBQUcsS0FBSyxDQUFBO1FBQ2xCLG9HQUFvRztRQUNwRyxLQUFLLENBQUMsaUJBQWlCLElBQUksT0FBTyxpQkFBaUIsS0FBSyxRQUFRLEVBQUUsZ0NBQWdDLENBQUMsQ0FBQTtRQUNuRyxJQUFJLENBQUMsaUJBQWlCLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxFQUFFLEdBQUcsaUJBQWlCLEVBQUUsQ0FBQyxDQUFBO1FBQ2hFLHdFQUF3RTtRQUN4RSxNQUFNLFFBQVEsR0FBRyxnQkFBZ0IsQ0FBQywrQkFBK0IsQ0FBQTtRQUNqRSw2QkFBNkIsQ0FBeUIsSUFBSSxFQUFFLFFBQVEsQ0FBQyxDQUFBO1FBQ3JFLDBCQUEwQixDQUF5QixJQUFJLENBQUMsQ0FBQTtRQUN4RCxNQUFNLENBQUMsY0FBYyxDQUFDLElBQUksRUFBRSxzQkFBc0IsQ0FBQyxTQUFTLENBQUMsQ0FBQTtRQUM3RCxNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFBO0lBQ3JCLENBQUM7SUFDRCxXQUFXO1FBQ1QsT0FBTyxJQUFJLENBQUMscUJBQXFCLENBQUE7SUFDbkMsQ0FBQztDQUNGO0FBQ0QsV0FBVyxDQUFDLHNCQUFzQixDQUFDLENBQUE7QUFFbkMsTUFBTSxPQUFPLHNCQUFzQjtJQWFqQyxZQUFhLEtBQXlCLEVBQUUsaUJBQW9DO1FBSjVFLGlCQUFZLEdBQW1CLEVBQUUsQ0FBQTtRQUsvQiw0RUFBNEU7UUFDNUUsS0FBSyxDQUFDLEtBQUssWUFBWSxrQkFBa0IsRUFBRSxvQ0FBb0MsQ0FBQyxDQUFBO1FBQ2hGLElBQUksQ0FBQyxLQUFLLEdBQUcsS0FBSyxDQUFBO1FBQ2xCLG9HQUFvRztRQUNwRyxLQUFLLENBQUMsaUJBQWlCLElBQUksT0FBTyxpQkFBaUIsS0FBSyxRQUFRLEVBQUUsZ0NBQWdDLENBQUMsQ0FBQTtRQUNuRyxJQUFJLENBQUMsaUJBQWlCLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxFQUFFLEdBQUcsaUJBQWlCLEVBQUUsQ0FBQyxDQUFBO1FBQ2hFLHdFQUF3RTtRQUN4RSxNQUFNLFFBQVEsR0FBRyxnQkFBZ0IsQ0FBQywrQkFBK0IsQ0FBQTtRQUNqRSw2QkFBNkIsQ0FBeUIsSUFBSSxFQUFFLFFBQVEsQ0FBQyxDQUFBO1FBQ3JFLDBCQUEwQixDQUF5QixJQUFJLENBQUMsQ0FBQTtRQUN4RCxNQUFNLENBQUMsY0FBYyxDQUFDLElBQUksRUFBRSxzQkFBc0IsQ0FBQyxTQUFTLENBQUMsQ0FBQTtRQUM3RCxNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFBO0lBQ3JCLENBQUM7SUFDRCxXQUFXO1FBQ1QsT0FBTyxJQUFJLENBQUMscUJBQXFCLENBQUE7SUFDbkMsQ0FBQztDQUNGO0FBQ0QsV0FBVyxDQUFDLHNCQUFzQixDQUFDLENBQUE7QUFFbkMsTUFBTSxPQUFPLDJCQUEyQjtJQW9CdEMsWUFBYSxLQUE4QixFQUFFLGlCQUFvQztRQVZqRixpQkFBWSxHQUFtQixFQUFFLENBQUE7UUFXL0Isc0ZBQXNGO1FBQ3RGLEtBQUssQ0FBQyxLQUFLLFlBQVksdUJBQXVCLEVBQUUseUNBQXlDLENBQUMsQ0FBQTtRQUMxRixJQUFJLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQTtRQUNsQixJQUFJLENBQUMsV0FBVyxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQXNCLENBQUMsV0FBVyxFQUFFLFNBQVMsQ0FBQyxDQUFDLENBQUE7UUFDL0UseUdBQXlHO1FBQ3pHLEtBQUssQ0FBQyxpQkFBaUIsSUFBSSxPQUFPLGlCQUFpQixLQUFLLFFBQVEsRUFBRSxnQ0FBZ0MsQ0FBQyxDQUFBO1FBQ25HLElBQUksQ0FBQyxpQkFBaUIsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLEVBQUUsR0FBRyxpQkFBaUIsRUFBRSxDQUFDLENBQUE7UUFDaEUsd0VBQXdFO1FBQ3hFLE1BQU0sT0FBTyxHQUFHLGdCQUFnQixDQUFDLCtCQUErQixDQUFBO1FBQ2hFLDZCQUE2QixDQUE4QixJQUFJLEVBQUUsT0FBTyxDQUFDLENBQUE7UUFDekUsMEJBQTBCLENBQThCLElBQUksQ0FBQyxDQUFBO1FBQzdELHlCQUF5QixDQUE4QixJQUFJLEVBQUUsT0FBTyxDQUFDLENBQUE7UUFDckUsTUFBTSxDQUFDLGNBQWMsQ0FBQyxJQUFJLEVBQUUsMkJBQTJCLENBQUMsU0FBUyxDQUFDLENBQUE7UUFDbEUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQTtJQUNyQixDQUFDO0lBQ0QsV0FBVztRQUNULE9BQU8sSUFBSSxDQUFDLHFCQUFxQixJQUFJLElBQUksQ0FBQyxZQUFZLENBQUE7SUFDeEQsQ0FBQztDQUNGO0FBQ0QsV0FBVyxDQUFDLDJCQUEyQixDQUFDLENBQUE7QUFFeEMsTUFBTSxPQUFPLDJCQUEyQjtJQWtCdEMsWUFBYSxLQUE4QixFQUFFLGlCQUFvQztRQVJqRixpQkFBWSxHQUFtQixFQUFFLENBQUE7UUFTL0Isc0ZBQXNGO1FBQ3RGLEtBQUssQ0FBQyxLQUFLLFlBQVksdUJBQXVCLEVBQUUseUNBQXlDLENBQUMsQ0FBQTtRQUMxRixJQUFJLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQTtRQUNsQixJQUFJLENBQUMsV0FBVyxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQXNCLENBQUMsV0FBVyxFQUFFLFNBQVMsQ0FBQyxDQUFDLENBQUE7UUFDL0UseUdBQXlHO1FBQ3pHLEtBQUssQ0FBQyxpQkFBaUIsSUFBSSxPQUFPLGlCQUFpQixLQUFLLFFBQVEsRUFBRSxnQ0FBZ0MsQ0FBQyxDQUFBO1FBQ25HLElBQUksQ0FBQyxpQkFBaUIsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLEVBQUUsR0FBRyxpQkFBaUIsRUFBRSxDQUFDLENBQUE7UUFDaEUsd0VBQXdFO1FBQ3hFLE1BQU0sT0FBTyxHQUFHLGdCQUFnQixDQUFDLCtCQUErQixDQUFBO1FBQ2hFLDZCQUE2QixDQUE4QixJQUFJLEVBQUUsT0FBTyxDQUFDLENBQUE7UUFDekUsMEJBQTBCLENBQThCLElBQUksQ0FBQyxDQUFBO1FBQzdELHlCQUF5QixDQUE4QixJQUFJLEVBQUUsT0FBTyxDQUFDLENBQUE7UUFDckUsTUFBTSxDQUFDLGNBQWMsQ0FBQyxJQUFJLEVBQUUsMkJBQTJCLENBQUMsU0FBUyxDQUFDLENBQUE7UUFDbEUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQTtJQUNyQixDQUFDO0lBQ0QsV0FBVztRQUNULE9BQU8sSUFBSSxDQUFDLFlBQVksQ0FBQTtJQUMxQixDQUFDO0NBQ0Y7QUFDRCxXQUFXLENBQUMsMkJBQTJCLENBQUMsQ0FBQTtBQUV4QyxNQUFNLFVBQVUsb0JBQW9CLENBQUUsR0FBUTtJQUM1QyxPQUFPLENBQUMsR0FBRyxZQUFZLDJCQUEyQixDQUFDLElBQUksQ0FBQyxHQUFHLFlBQVksc0JBQXNCLENBQUMsQ0FBQTtBQUNoRyxDQUFDO0FBRUQsTUFBTSxVQUFVLG9CQUFvQixDQUFFLEdBQVE7SUFDNUMsT0FBTyxDQUFDLEdBQUcsWUFBWSwyQkFBMkIsQ0FBQyxJQUFJLENBQUMsR0FBRyxZQUFZLHNCQUFzQixDQUFDLENBQUE7QUFDaEcsQ0FBQztBQUVELE1BQU0sVUFBVSw2QkFBNkIsQ0FBc0MsUUFBVyxFQUFFLFFBQTBCO0lBQ3hILElBQUksd0JBQXdCLEdBQUcsS0FBSyxDQUFBO0lBQ3BDLElBQUksa0JBQThCLENBQUE7SUFDbEMsbUVBQW1FO0lBQ25FLHVEQUF1RDtJQUN2RCwwREFBMEQ7SUFDMUQsb0RBQW9EO0lBQ3BELElBQUksa0JBQThCLENBQUE7SUFFbEMsTUFBTSxxQkFBcUIsR0FBRyxDQUFDLE9BQW1CLEVBQUUsS0FBbUIsRUFBRSxFQUFFO1FBQ3pFLG1HQUFtRztRQUNuRyxLQUFLLENBQUMsQ0FBQyxrQkFBa0IsRUFBRSx5Q0FBeUMsQ0FBQyxDQUFBO1FBQ3JFLCtDQUErQztRQUMvQyxLQUFLLENBQUMsT0FBTyxZQUFZLFVBQVUsRUFBRSw4QkFBOEIsQ0FBQyxDQUFBO1FBQ3BFOzs7O1dBSUc7UUFDSCxLQUFLLENBQUMsT0FBTyxDQUFDLFVBQVUsS0FBSyxDQUFDLEVBQUUsb0RBQW9ELENBQUMsQ0FBQTtRQUNyRjs7O1dBR0c7UUFDSCxLQUFLLENBQUMsT0FBTyxDQUFDLFVBQVUsS0FBSyxRQUFRLENBQUMsS0FBSyxDQUFDLGNBQWMsRUFBRSw2REFBNkQsQ0FBQyxDQUFBO1FBRTFILGtHQUFrRztRQUNsRyxLQUFLLENBQUMsS0FBSyxJQUFJLEtBQUssQ0FBQyxPQUFPLElBQUksS0FBSyxDQUFDLFlBQVksRUFBRSx3QkFBd0IsQ0FBQyxDQUFBO1FBQzdFLHFFQUFxRTtRQUNyRSxLQUFLLENBQUMsS0FBSyxDQUFDLEtBQUssR0FBRyxRQUFRLEVBQUUsbUNBQW1DLENBQUMsQ0FBQTtRQUNsRSxRQUFRLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQTtRQUVqQyxrQkFBa0IsR0FBRyxPQUFPLENBQUE7UUFDNUIsa0JBQWtCLEdBQUcsSUFBSSxVQUFVLENBQUMsT0FBTyxDQUFDLENBQUE7UUFFNUMsT0FBTyxRQUFRLENBQUE7SUFDakIsQ0FBQyxDQUFBO0lBQ0QsTUFBTSxxQkFBcUIsR0FBRyxHQUFlLEVBQUU7UUFDN0MsMkVBQTJFO1FBQzNFLEtBQUssQ0FBQyxrQkFBa0IsRUFBRSxxQ0FBcUMsQ0FBQyxDQUFBO1FBQ2hFOztXQUVHO1FBQ0gsS0FBSyxDQUFDLENBQUMsd0JBQXdCLEVBQUUscUNBQXFDLENBQUMsQ0FBQTtRQUN2RSx1RUFBdUU7UUFDdkUsS0FBSyxDQUFDLGVBQWUsQ0FBQyxrQkFBa0IsRUFBRSxrQkFBa0IsQ0FBQyxFQUFFLHdDQUF3QyxDQUFDLENBQUE7UUFDeEcsT0FBTyxrQkFBa0IsQ0FBQTtJQUMzQixDQUFDLENBQUE7SUFDRCxNQUFNLENBQUMsY0FBYyxDQUFDLFFBQVEsRUFBRSx1QkFBdUIsRUFBRTtRQUN2RCw4REFBOEQ7UUFDOUQsR0FBRyxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQyxrQkFBa0IsSUFBSSxDQUFDLHdCQUF3QjtRQUM1RCxVQUFVLEVBQUUsSUFBSTtLQUNqQixDQUFDLENBQUE7SUFDRixNQUFNLHNCQUFzQixHQUFHLEdBQUcsRUFBRTtRQUNsQzs7Ozs7O1dBTUc7UUFDSCxJQUFJLFVBQVUsR0FBRyxDQUFDLENBQUE7UUFDbEIsZ0dBQWdHO1FBQ2hHLElBQUksQ0FBQyxrQkFBa0IsRUFBRTtZQUN2QixrQkFBa0IsR0FBRyxJQUFJLFVBQVUsRUFBRSxDQUFBO1lBQ3JDLFVBQVUsSUFBSSxDQUFDLENBQUE7U0FDaEI7UUFDRCxnR0FBZ0c7UUFDaEcsSUFBSSxDQUFDLGtCQUFrQixFQUFFO1lBQ3ZCLGtCQUFrQixHQUFHLElBQUksVUFBVSxFQUFFLENBQUE7WUFDckMsVUFBVSxJQUFJLENBQUMsQ0FBQTtTQUNoQjtRQUNELGtCQUFrQixDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQTtRQUMxQixrQkFBa0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUE7UUFDMUIsd0JBQXdCLEdBQUcsSUFBSSxDQUFBO1FBRS9COzs7V0FHRztRQUNILEtBQUssQ0FBQyxVQUFVLEtBQUssQ0FBQyxJQUFJLFVBQVUsS0FBSyxDQUFDLEVBQUUsOERBQThELENBQUMsQ0FBQTtRQUMzRyxPQUFPLFFBQVEsQ0FBQTtJQUNqQixDQUFDLENBQUE7SUFDRCxNQUFNLENBQUMsY0FBYyxDQUFDLFFBQVEsRUFBRSwwQkFBMEIsRUFBRTtRQUMxRCxHQUFHLEVBQUUsR0FBRyxFQUFFO1lBQ1Isd0VBQXdFO1lBQ3hFLEtBQUssQ0FBQyxrQkFBa0IsRUFBRSxxQ0FBcUMsQ0FBQyxDQUFBO1lBQ2hFOzs7OztlQUtHO1lBQ0gsS0FBSyxDQUFDLENBQUMsd0JBQXdCLEVBQUUscUNBQXFDLENBQUMsQ0FBQTtZQUN2RSxPQUFPLGtCQUFrQixDQUFDLFVBQVUsQ0FBQTtRQUN0QyxDQUFDO1FBQ0QsVUFBVSxFQUFFLElBQUk7S0FDakIsQ0FBQyxDQUFBO0lBRUYsZ0JBQWdCLENBQUMsUUFBUSxFQUFFLHVCQUF1QixFQUFFLHFCQUFxQixDQUFDLENBQUE7SUFDMUUsZ0JBQWdCLENBQUMsUUFBUSxFQUFFLHVCQUF1QixFQUFFLHFCQUFxQixDQUFDLENBQUE7SUFDMUUsZ0JBQWdCLENBQUMsUUFBUSxFQUFFLHdCQUF3QixFQUFFLHNCQUFzQixDQUFDLENBQUE7SUFFNUUsT0FBTyxRQUFRLENBQUE7QUFDakIsQ0FBQztBQUVELE1BQU0sVUFBVSwwQkFBMEIsQ0FBbUMsUUFBVztJQUN0RixNQUFNLGlCQUFpQixHQUF1QixFQUFFLENBQUE7SUFDaEQsSUFBSSxZQUE4QyxDQUFBO0lBRWxELE1BQU0sbUJBQW1CLEdBQUcsQ0FBQyxHQUFxQixFQUFFLEtBQXVCLEVBQUUsRUFBRTtRQUM3RTs7O1dBR0c7UUFDSCxLQUFLLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLCtCQUErQixDQUFDLENBQUE7UUFDdEU7OztXQUdHO1FBQ0gsS0FBSyxDQUFDLEdBQUcsWUFBWSxnQkFBZ0IsRUFBRSwwQ0FBMEMsQ0FBQyxDQUFBO1FBRWxGLG1FQUFtRTtRQUNuRSxLQUFLLENBQUMsS0FBSyxHQUFHLGdCQUFnQixDQUFDLCtCQUErQixFQUFFLHNDQUFzQyxDQUFDLENBQUE7UUFDdkc7Ozs7V0FJRztRQUNILElBQUkscUJBQXFCLENBQUMsaUJBQWlCLEVBQUUsUUFBUSxDQUFDLFlBQVksRUFBRSxHQUFHLENBQUMsRUFBRTtZQUN4RSxRQUFRLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssSUFBSSxLQUFLLENBQUE7U0FDeEM7YUFBTTtZQUNMLFFBQVEsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLEVBQUUsT0FBTyxFQUFFLEdBQUcsQ0FBQyxZQUFZLEVBQUUsWUFBWSxFQUFFLEdBQUcsQ0FBQyxVQUFVLEVBQUUsS0FBSyxFQUFFLENBQUMsQ0FBQTtTQUMvRjtRQUVELGlCQUFpQixDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQTtRQUMzQixPQUFPLFFBQVEsQ0FBQTtJQUNqQixDQUFDLENBQUE7SUFFRCxnQkFBZ0IsQ0FBQyxRQUFRLEVBQUUscUJBQXFCLEVBQUUsbUJBQW1CLENBQUMsQ0FBQTtJQUN0RSxNQUFNLENBQUMsY0FBYyxDQUFDLFFBQVEsRUFBRSxtQkFBbUIsRUFBRTtRQUNuRCxxREFBcUQ7UUFDckQsMEJBQTBCO1FBQzFCLEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUFDLEdBQUcsaUJBQWlCLENBQUM7UUFDakMsVUFBVSxFQUFFLElBQUk7S0FDakIsQ0FBQyxDQUFBO0lBQ0YsTUFBTSxlQUFlLEdBQUcsQ0FBQyxHQUFpQixFQUFFLEVBQUU7UUFDNUM7OztXQUdHO1FBQ0gsS0FBSyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsY0FBYyxFQUFFLHNEQUFzRCxDQUFDLENBQUE7UUFDNUYsd0ZBQXdGO1FBQ3hGLEtBQUssQ0FBQyxDQUFDLFlBQVksRUFBRSxxQ0FBcUMsQ0FBQyxDQUFBO1FBQzNELCtDQUErQztRQUMvQyxLQUFLLENBQUMsR0FBRyxZQUFZLFlBQVksRUFBRSw2QkFBNkIsQ0FBQyxDQUFBO1FBQ2pFLFlBQVksR0FBRyxHQUFHLENBQUE7UUFDbEIsT0FBTyxRQUFRLENBQUE7SUFDakIsQ0FBQyxDQUFBO0lBQ0QsZ0JBQWdCLENBQUMsUUFBUSxFQUFFLGlCQUFpQixFQUFFLGVBQWUsQ0FBQyxDQUFBO0lBQzlELE1BQU0sQ0FBQyxjQUFjLENBQUMsUUFBUSxFQUFFLGNBQWMsRUFBRTtRQUM5QyxHQUFHLEVBQUUsR0FBRyxFQUFFO1lBQ1I7OztlQUdHO1lBQ0gsS0FBSyxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLGNBQWMsS0FBSyxDQUFDLENBQUMsWUFBWSxFQUFFLHdDQUF3QyxDQUFDLENBQUE7WUFDbkcsT0FBTyxZQUFZLENBQUE7UUFDckIsQ0FBQztRQUNELFVBQVUsRUFBRSxJQUFJO0tBQ2pCLENBQUMsQ0FBQTtJQUVGLE9BQU8sUUFBUSxDQUFBO0FBQ2pCLENBQUM7QUFFRCx1RkFBdUY7QUFDdkYsU0FBUyxxQkFBcUIsQ0FBRSxJQUF3QixFQUFFLE1BQXNCLEVBQUUsR0FBcUI7SUFDckcsT0FBTyxJQUFJLENBQUMsTUFBTSxLQUFLLENBQUM7UUFDeEIsTUFBTSxDQUFDLE1BQU0sS0FBSyxDQUFDO1FBQ25CLEdBQUcsQ0FBQyxVQUFVLEtBQUssTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDLFlBQVk7UUFDekMsR0FBRyxDQUFDLFlBQVksS0FBSyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFBO0FBQ3hDLENBQUM7QUFFRCxNQUFNLFVBQVUsMEJBQTBCLENBQW1DLFFBQVc7SUFDdEYsbUJBQW1CO0lBQ25CLElBQUksZUFBb0QsQ0FBQTtJQUN4RCxNQUFNLGtCQUFrQixHQUFHLENBQUMsR0FBb0IsRUFBRSxFQUFFO1FBQ2xEOzs7V0FHRztRQUNILEtBQUssQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLGNBQWMsRUFBRSxzREFBc0QsQ0FBQyxDQUFBO1FBQzVGLDhGQUE4RjtRQUM5RixLQUFLLENBQUMsQ0FBQyxlQUFlLEVBQUUsd0NBQXdDLENBQUMsQ0FBQTtRQUNqRSxrREFBa0Q7UUFDbEQsS0FBSyxDQUFDLEdBQUcsWUFBWSxlQUFlLEVBQUUsNkJBQTZCLENBQUMsQ0FBQTtRQUNwRSxlQUFlLEdBQUcsR0FBRyxDQUFBO1FBQ3JCLE9BQU8sUUFBUSxDQUFBO0lBQ2pCLENBQUMsQ0FBQTtJQUNELGdCQUFnQixDQUFDLFFBQVEsRUFBRSxvQkFBb0IsRUFBRSxrQkFBa0IsQ0FBQyxDQUFBO0lBQ3BFLE1BQU0sQ0FBQyxjQUFjLENBQUMsUUFBUSxFQUFFLGlCQUFpQixFQUFFO1FBQ2pELEdBQUcsRUFBRSxHQUFHLEVBQUU7WUFDUjs7O2VBR0c7WUFDSCxLQUFLLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsY0FBYyxLQUFLLENBQUMsQ0FBQyxlQUFlLEVBQUUsd0NBQXdDLENBQUMsQ0FBQTtZQUN0RyxPQUFPLGVBQWUsQ0FBQTtRQUN4QixDQUFDO1FBQ0QsVUFBVSxFQUFFLElBQUk7S0FDakIsQ0FBQyxDQUFBO0lBRUYsT0FBTyxRQUFRLENBQUE7QUFDakIsQ0FBQztBQUVELE1BQU0sVUFBVSx5QkFBeUIsQ0FBa0MsUUFBVyxFQUFFLFFBQTBCO0lBQ2hILElBQUksU0FBdUUsQ0FBQTtJQUUzRSxNQUFNLFlBQVksR0FBRyxDQUFDLE9BQWlELEVBQUUsS0FBbUIsRUFBRSxFQUFFO1FBQzlGLGlGQUFpRjtRQUNqRixLQUFLLENBQUMsQ0FBQyxTQUFTLEVBQUUsMkJBQTJCLENBQUMsQ0FBQTtRQUM5QyxxREFBcUQ7UUFDckQsS0FBSyxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsSUFBSSx1QkFBdUIsQ0FBQyxPQUFPLENBQUMsRUFBRSwyQkFBMkIsQ0FBQyxDQUFBO1FBQzVGLCtFQUErRTtRQUMvRSxLQUFLLENBQUMsZ0JBQWdCLENBQUMsT0FBTyxFQUFFLFFBQVEsQ0FBQyxFQUFFLG9DQUFvQyxDQUFDLENBQUE7UUFFaEY7O1dBRUc7UUFDSCxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFO1lBQ25DLGlHQUFpRztZQUNqRyxLQUFLLENBQUMsS0FBSyxJQUFJLEtBQUssQ0FBQyxPQUFPLElBQUksS0FBSyxDQUFDLFlBQVksRUFBRSx3QkFBd0IsQ0FBQyxDQUFBO1lBQzdFLHVGQUF1RjtZQUN2RixLQUFLLENBQUMsS0FBSyxDQUFDLEtBQUssR0FBRyxRQUFRLEVBQUUsbUNBQW1DLENBQUMsQ0FBQTtZQUNsRTs7Ozs7ZUFLRztZQUNILFFBQVEsQ0FBQyxzQkFBc0IsRUFBRSxDQUFBO1lBQ2pDLFFBQVEsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFBO1NBQ2xDO1FBRUQsSUFBSSxXQUFXLENBQUMsT0FBTyxDQUFDLEVBQUU7WUFDeEIsU0FBUyxHQUFHLE9BQU8sQ0FBQTtTQUNwQjthQUFNO1lBQ0wsTUFBTSxFQUFFLGlCQUFpQixFQUFFLG9CQUFvQixFQUFFLEdBQUcsT0FBTyxDQUFBO1lBQzNELFNBQVMsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLEVBQUUsaUJBQWlCLEVBQUUsb0JBQW9CLEVBQUUsQ0FBQyxDQUFBO1NBQ3ZFO1FBRUQsT0FBTyxRQUFRLENBQUE7SUFDakIsQ0FBQyxDQUFBO0lBRUQsZ0JBQWdCLENBQUMsUUFBUSxFQUFFLGNBQWMsRUFBRSxZQUFZLENBQUMsQ0FBQTtJQUN4RCxNQUFNLFlBQVksR0FBRyxHQUFHLEVBQUU7UUFDeEIsc0VBQXNFO1FBQ3RFLEtBQUssQ0FBQyxTQUFTLEVBQUUsd0JBQXdCLENBQUMsQ0FBQTtRQUMxQyxrREFBa0Q7UUFDbEQsd0RBQXdEO1FBQ3hELE9BQTJELFNBQVMsQ0FBQTtJQUN0RSxDQUFDLENBQUE7SUFDRCxnQkFBZ0IsQ0FBQyxRQUFRLEVBQUUsY0FBYyxFQUFFLFlBQVksQ0FBQyxDQUFBO0lBRXhELE1BQU0sQ0FBQyxjQUFjLENBQUMsUUFBUSxFQUFFLGNBQWMsRUFBRTtRQUM5QyxHQUFHLEVBQUUsR0FBRyxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVM7UUFDdEIsVUFBVSxFQUFFLElBQUk7S0FDakIsQ0FBQyxDQUFBO0lBRUYsT0FBTyxRQUFRLENBQUE7QUFDakIsQ0FBQztBQUVELE1BQU0sVUFBVSxXQUFXLENBQUUsT0FBWTtJQUN2QyxPQUFPLE9BQU87UUFDWixXQUFXLElBQUksT0FBTztRQUN0QixNQUFNLElBQUksT0FBTztRQUNqQixXQUFXLElBQUksT0FBTztRQUN0QixRQUFRLElBQUksT0FBTztRQUNuQixhQUFhLElBQUksT0FBTyxDQUFBO0FBQzVCLENBQUM7QUFFRCxNQUFNLFVBQVUsZ0JBQWdCLENBQzlCLE9BQWlELEVBQ2pELFFBQVc7SUFFWCxJQUFJLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxFQUFFO1FBQ3pCLE1BQU0sRUFBRSxpQkFBaUIsRUFBRSxvQkFBb0IsRUFBRSxHQUFHLE9BQU8sQ0FBQTtRQUMzRCxPQUFPLGdCQUFnQixDQUFDLGlCQUFpQixFQUFFLFFBQVEsQ0FBQztZQUNsRCxnQkFBZ0IsQ0FBQyxvQkFBb0IsRUFBRSxRQUFRLENBQUMsQ0FBQTtLQUNuRDtJQUVELE1BQU0sRUFBRSxLQUFLLEVBQUUsV0FBVyxFQUFFLEdBQUcsUUFBUSxDQUFBO0lBQ3ZDLE1BQU0sRUFBRSxVQUFVLEVBQUUsU0FBUyxFQUFFLEdBQUcsRUFBRSxHQUFHLEtBQUssQ0FBQTtJQUU1Qzs7O09BR0c7SUFFSCxNQUFNLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxNQUFNLEVBQUUsV0FBVyxFQUFFLEdBQUcsT0FBTyxDQUFBO0lBQ3hELDRDQUE0QztJQUM1QyxNQUFNLEVBQUUsSUFBSSxFQUFFLE1BQU0sRUFBRSxHQUFHLFNBQVMsQ0FBQTtJQUVsQyw0QkFBNEI7SUFDNUIsT0FBTyxJQUFJLEtBQUssUUFBUTtRQUN0Qix1QkFBdUI7UUFDdkIsQ0FBQyxDQUFDLEdBQUcsSUFBSSxJQUFJLEtBQUssR0FBRyxDQUFDO1lBQ3JCLENBQUMsSUFBSSxLQUFLLFVBQVUsSUFBSSxNQUFNLEtBQUssU0FBUyxDQUFDLENBQUM7UUFDL0M7O1dBRUc7UUFDSCxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUN6Qyw4RUFBOEU7UUFDOUUsQ0FBQyxXQUFXLENBQUE7QUFDaEIsQ0FBQztBQUVELFNBQVMsdUJBQXVCLENBQUUsT0FBWTtJQUM1QyxNQUFNLEVBQUUsaUJBQWlCLEVBQUUsb0JBQW9CLEVBQUUsR0FBRyxPQUFPLENBQUE7SUFDM0QsT0FBTyxXQUFXLENBQUMsaUJBQWlCLENBQUMsSUFBSSxXQUFXLENBQUMsb0JBQW9CLENBQUMsQ0FBQTtBQUM1RSxDQUFDO0FBRUQsTUFBTSxVQUFVLG1CQUFtQixDQUFrQyxRQUFXO0lBQzlFLE1BQU0sRUFBRSxLQUFLLEVBQUUsR0FBRyxRQUFRLENBQUE7SUFDMUIsSUFBSSxLQUFLLENBQUMsR0FBRztRQUFFLE9BQU8sV0FBVyxDQUFBO0lBQ2pDLE9BQU8seUJBQXlCLENBQUMsUUFBUSxDQUFDLENBQUE7QUFDNUMsQ0FBQztBQUVELE1BQU0sVUFBVSx5QkFBeUIsQ0FBa0MsUUFBVztJQUNwRixJQUFJLFFBQVEsWUFBWSwyQkFBMkI7UUFBRSxPQUFPLFNBQVMsQ0FBQTtJQUNyRSxJQUFJLFFBQVEsWUFBWSwyQkFBMkI7UUFBRSxPQUFPLFNBQVMsQ0FBQTtJQUVyRSxNQUFNLElBQUksS0FBSyxDQUFDLHNCQUFzQixDQUFDLENBQUE7QUFDekMsQ0FBQyJ9 | ||
| export function unwrapDataKey(dataKey) { | ||
| if (dataKey instanceof Uint8Array) | ||
| return dataKey; | ||
| if (supportsKeyObject && dataKey instanceof supportsKeyObject.KeyObject) | ||
| return dataKey.export(); | ||
| throw new Error('Unsupported dataKey type'); | ||
| } | ||
| export function wrapWithKeyObjectIfSupported(dataKey) { | ||
| if (supportsKeyObject) { | ||
| if (dataKey instanceof Uint8Array) { | ||
| const ko = supportsKeyObject.createSecretKey(dataKey); | ||
| /* Postcondition: Zero the secret. It is now inside the KeyObject. */ | ||
| dataKey.fill(0); | ||
| return ko; | ||
| } | ||
| if (dataKey instanceof supportsKeyObject.KeyObject) | ||
| return dataKey; | ||
| } | ||
| else if (dataKey instanceof Uint8Array) { | ||
| return dataKey; | ||
| } | ||
| throw new Error('Unsupported dataKey type'); | ||
| } | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY3J5cHRvZ3JhcGhpY19tYXRlcmlhbC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9jcnlwdG9ncmFwaGljX21hdGVyaWFsLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7Ozs7Ozs7O0dBYUc7QUFXSCxPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQTtBQUN2RCxPQUFPLEVBQUUsWUFBWSxFQUFFLGVBQWUsRUFBRSxNQUFNLGlCQUFpQixDQUFBO0FBQy9ELE9BQU8sRUFBRSxXQUFXLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxtQkFBbUIsQ0FBQTtBQUNqRSxPQUFPLEVBQWdCLGdCQUFnQixFQUFFLE1BQU0saUJBQWlCLENBQUEsQ0FBQyxxQ0FBcUM7QUFDdEcsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sbUJBQW1CLENBQUE7QUFDdEQsT0FBTyxFQUFFLHVCQUF1QixFQUFFLE1BQU0seUJBQXlCLENBQUE7QUFDakUsT0FBTyxFQUFFLEtBQUssRUFBRSxNQUFNLFNBQVMsQ0FBQTtBQVkvQixNQUFNLENBQUMsTUFBTSxpQkFBaUIsR0FBRyxDQUFDO0lBQ2hDLElBQUk7UUFDRixNQUFNLEVBQUUsU0FBUyxFQUFFLGVBQWUsRUFBRSxHQUFHLE9BQU8sQ0FBQyxRQUFRLENBQWtCLENBQUE7UUFDekUsSUFBSSxDQUFDLFNBQVMsSUFBSSxDQUFDLGVBQWU7WUFBRSxPQUFPLEtBQUssQ0FBQTtRQUVoRCxPQUFPLEVBQUUsU0FBUyxFQUFFLGVBQWUsRUFBRSxDQUFBO0tBQ3RDO0lBQUMsT0FBTyxFQUFFLEVBQUU7UUFDWCxPQUFPLEtBQUssQ0FBQTtLQUNiO0FBQ0gsQ0FBQyxDQUFDLEVBQUUsQ0FBQTtBQUVKOzs7Ozs7Ozs7Ozs7Ozs7R0FlRztBQUVILE1BQU0sZUFBZSxHQUE4QyxDQUFDO0lBQ2xFLElBQUk7UUFDRjs7O1dBR0c7UUFDSCxNQUFNLEVBQUUsZUFBZSxFQUFFLG1CQUFtQixFQUFFLEdBQUcsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFBO1FBQ2xFLE9BQU8sbUJBQW1CLElBQUksdUJBQXVCLENBQUE7S0FDdEQ7SUFBQyxPQUFPLENBQUMsRUFBRTtRQUNWLE9BQU8sdUJBQXVCLENBQUE7S0FDL0I7SUFDRCxzREFBc0Q7SUFDdEQsU0FBUyx1QkFBdUIsQ0FBRSxDQUFhLEVBQUUsQ0FBYTtRQUM1RDs7OztZQUlJO1FBQ0osSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFBLENBQUMsOEJBQThCO1FBQ3ZDOztZQUVJO1FBQ0osSUFBSSxDQUFDLENBQUMsVUFBVSxLQUFLLENBQUMsQ0FBQyxVQUFVO1lBQUUsT0FBTyxLQUFLLENBQUE7UUFFL0MsSUFBSSxJQUFJLEdBQUcsQ0FBQyxDQUFBO1FBQ1osS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLEVBQUU7WUFDakMsSUFBSSxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUE7U0FDcEI7UUFDRCxPQUFPLENBQUMsSUFBSSxLQUFLLENBQUMsQ0FBQyxDQUFBO0lBQ3JCLENBQUM7QUFDSCxDQUFDLENBQUMsRUFBRSxDQUFBO0FBbUNKLE1BQU0sT0FBTyxzQkFBc0I7SUFjakMsWUFBYSxLQUF5QixFQUFFLGlCQUFvQztRQU41RSxpQkFBWSxHQUFtQixFQUFFLENBQUE7UUFPL0IsNEVBQTRFO1FBQzVFLEtBQUssQ0FBQyxLQUFLLFlBQVksa0JBQWtCLEVBQUUsb0NBQW9DLENBQUMsQ0FBQTtRQUNoRixJQUFJLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQTtRQUNsQixvR0FBb0c7UUFDcEcsS0FBSyxDQUFDLGlCQUFpQixJQUFJLE9BQU8saUJBQWlCLEtBQUssUUFBUSxFQUFFLGdDQUFnQyxDQUFDLENBQUE7UUFDbkcsSUFBSSxDQUFDLGlCQUFpQixHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsRUFBRSxHQUFHLGlCQUFpQixFQUFFLENBQUMsQ0FBQTtRQUNoRSx3RUFBd0U7UUFDeEUsTUFBTSxRQUFRLEdBQUcsZ0JBQWdCLENBQUMsK0JBQStCLENBQUE7UUFDakUsNkJBQTZCLENBQXlCLElBQUksRUFBRSxRQUFRLENBQUMsQ0FBQTtRQUNyRSwwQkFBMEIsQ0FBeUIsSUFBSSxDQUFDLENBQUE7UUFDeEQsTUFBTSxDQUFDLGNBQWMsQ0FBQyxJQUFJLEVBQUUsc0JBQXNCLENBQUMsU0FBUyxDQUFDLENBQUE7UUFDN0QsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQTtJQUNyQixDQUFDO0lBQ0QsV0FBVztRQUNULE9BQU8sSUFBSSxDQUFDLHFCQUFxQixDQUFBO0lBQ25DLENBQUM7Q0FDRjtBQUNELFdBQVcsQ0FBQyxzQkFBc0IsQ0FBQyxDQUFBO0FBRW5DLE1BQU0sT0FBTyxzQkFBc0I7SUFZakMsWUFBYSxLQUF5QixFQUFFLGlCQUFvQztRQUo1RSxpQkFBWSxHQUFtQixFQUFFLENBQUE7UUFLL0IsNEVBQTRFO1FBQzVFLEtBQUssQ0FBQyxLQUFLLFlBQVksa0JBQWtCLEVBQUUsb0NBQW9DLENBQUMsQ0FBQTtRQUNoRixJQUFJLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQTtRQUNsQixvR0FBb0c7UUFDcEcsS0FBSyxDQUFDLGlCQUFpQixJQUFJLE9BQU8saUJBQWlCLEtBQUssUUFBUSxFQUFFLGdDQUFnQyxDQUFDLENBQUE7UUFDbkcsSUFBSSxDQUFDLGlCQUFpQixHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsRUFBRSxHQUFHLGlCQUFpQixFQUFFLENBQUMsQ0FBQTtRQUNoRSx3RUFBd0U7UUFDeEUsTUFBTSxRQUFRLEdBQUcsZ0JBQWdCLENBQUMsK0JBQStCLENBQUE7UUFDakUsNkJBQTZCLENBQXlCLElBQUksRUFBRSxRQUFRLENBQUMsQ0FBQTtRQUNyRSwwQkFBMEIsQ0FBeUIsSUFBSSxDQUFDLENBQUE7UUFDeEQsTUFBTSxDQUFDLGNBQWMsQ0FBQyxJQUFJLEVBQUUsc0JBQXNCLENBQUMsU0FBUyxDQUFDLENBQUE7UUFDN0QsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQTtJQUNyQixDQUFDO0lBQ0QsV0FBVztRQUNULE9BQU8sSUFBSSxDQUFDLHFCQUFxQixDQUFBO0lBQ25DLENBQUM7Q0FDRjtBQUNELFdBQVcsQ0FBQyxzQkFBc0IsQ0FBQyxDQUFBO0FBRW5DLE1BQU0sT0FBTywyQkFBMkI7SUFtQnRDLFlBQWEsS0FBOEIsRUFBRSxpQkFBb0M7UUFWakYsaUJBQVksR0FBbUIsRUFBRSxDQUFBO1FBVy9CLHNGQUFzRjtRQUN0RixLQUFLLENBQUMsS0FBSyxZQUFZLHVCQUF1QixFQUFFLHlDQUF5QyxDQUFDLENBQUE7UUFDMUYsSUFBSSxDQUFDLEtBQUssR0FBRyxLQUFLLENBQUE7UUFDbEIsSUFBSSxDQUFDLFdBQVcsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFzQixDQUFDLFdBQVcsRUFBRSxTQUFTLENBQUMsQ0FBQyxDQUFBO1FBQy9FLHlHQUF5RztRQUN6RyxLQUFLLENBQUMsaUJBQWlCLElBQUksT0FBTyxpQkFBaUIsS0FBSyxRQUFRLEVBQUUsZ0NBQWdDLENBQUMsQ0FBQTtRQUNuRyxJQUFJLENBQUMsaUJBQWlCLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxFQUFFLEdBQUcsaUJBQWlCLEVBQUUsQ0FBQyxDQUFBO1FBQ2hFLHdFQUF3RTtRQUN4RSxNQUFNLE9BQU8sR0FBRyxnQkFBZ0IsQ0FBQywrQkFBK0IsQ0FBQTtRQUNoRSw2QkFBNkIsQ0FBOEIsSUFBSSxFQUFFLE9BQU8sQ0FBQyxDQUFBO1FBQ3pFLDBCQUEwQixDQUE4QixJQUFJLENBQUMsQ0FBQTtRQUM3RCx5QkFBeUIsQ0FBOEIsSUFBSSxFQUFFLE9BQU8sQ0FBQyxDQUFBO1FBQ3JFLE1BQU0sQ0FBQyxjQUFjLENBQUMsSUFBSSxFQUFFLDJCQUEyQixDQUFDLFNBQVMsQ0FBQyxDQUFBO1FBQ2xFLE1BQU0sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUE7SUFDckIsQ0FBQztJQUNELFdBQVc7UUFDVCxPQUFPLElBQUksQ0FBQyxxQkFBcUIsSUFBSSxJQUFJLENBQUMsWUFBWSxDQUFBO0lBQ3hELENBQUM7Q0FDRjtBQUNELFdBQVcsQ0FBQywyQkFBMkIsQ0FBQyxDQUFBO0FBRXhDLE1BQU0sT0FBTywyQkFBMkI7SUFpQnRDLFlBQWEsS0FBOEIsRUFBRSxpQkFBb0M7UUFSakYsaUJBQVksR0FBbUIsRUFBRSxDQUFBO1FBUy9CLHNGQUFzRjtRQUN0RixLQUFLLENBQUMsS0FBSyxZQUFZLHVCQUF1QixFQUFFLHlDQUF5QyxDQUFDLENBQUE7UUFDMUYsSUFBSSxDQUFDLEtBQUssR0FBRyxLQUFLLENBQUE7UUFDbEIsSUFBSSxDQUFDLFdBQVcsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFzQixDQUFDLFdBQVcsRUFBRSxTQUFTLENBQUMsQ0FBQyxDQUFBO1FBQy9FLHlHQUF5RztRQUN6RyxLQUFLLENBQUMsaUJBQWlCLElBQUksT0FBTyxpQkFBaUIsS0FBSyxRQUFRLEVBQUUsZ0NBQWdDLENBQUMsQ0FBQTtRQUNuRyxJQUFJLENBQUMsaUJBQWlCLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxFQUFFLEdBQUcsaUJBQWlCLEVBQUUsQ0FBQyxDQUFBO1FBQ2hFLHdFQUF3RTtRQUN4RSxNQUFNLE9BQU8sR0FBRyxnQkFBZ0IsQ0FBQywrQkFBK0IsQ0FBQTtRQUNoRSw2QkFBNkIsQ0FBOEIsSUFBSSxFQUFFLE9BQU8sQ0FBQyxDQUFBO1FBQ3pFLDBCQUEwQixDQUE4QixJQUFJLENBQUMsQ0FBQTtRQUM3RCx5QkFBeUIsQ0FBOEIsSUFBSSxFQUFFLE9BQU8sQ0FBQyxDQUFBO1FBQ3JFLE1BQU0sQ0FBQyxjQUFjLENBQUMsSUFBSSxFQUFFLDJCQUEyQixDQUFDLFNBQVMsQ0FBQyxDQUFBO1FBQ2xFLE1BQU0sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUE7SUFDckIsQ0FBQztJQUNELFdBQVc7UUFDVCxPQUFPLElBQUksQ0FBQyxZQUFZLENBQUE7SUFDMUIsQ0FBQztDQUNGO0FBQ0QsV0FBVyxDQUFDLDJCQUEyQixDQUFDLENBQUE7QUFFeEMsTUFBTSxVQUFVLG9CQUFvQixDQUFFLEdBQVE7SUFDNUMsT0FBTyxDQUFDLEdBQUcsWUFBWSwyQkFBMkIsQ0FBQyxJQUFJLENBQUMsR0FBRyxZQUFZLHNCQUFzQixDQUFDLENBQUE7QUFDaEcsQ0FBQztBQUVELE1BQU0sVUFBVSxvQkFBb0IsQ0FBRSxHQUFRO0lBQzVDLE9BQU8sQ0FBQyxHQUFHLFlBQVksMkJBQTJCLENBQUMsSUFBSSxDQUFDLEdBQUcsWUFBWSxzQkFBc0IsQ0FBQyxDQUFBO0FBQ2hHLENBQUM7QUFFRCxNQUFNLFVBQVUsNkJBQTZCLENBQXNDLFFBQVcsRUFBRSxPQUF5QjtJQUN2SCw2RUFBNkU7SUFDN0UsS0FBSyxDQUFDLE9BQU8sR0FBRyxnQkFBZ0IsQ0FBQyxTQUFTLEVBQUUsaUJBQWlCLENBQUMsQ0FBQTtJQUM5RDs7O09BR0c7SUFDSCxNQUFNLGNBQWMsR0FBRyxDQUFDLGdCQUFnQixDQUFDLFNBQVMsR0FBRyxPQUFPLENBQUMsR0FBRyxDQUM5RCxPQUFPLEtBQUssZ0JBQWdCLENBQUMsK0JBQStCO1FBQzFELENBQUMsQ0FBQyxnQkFBZ0IsQ0FBQyxhQUFhO1FBQ2hDLENBQUMsQ0FBQyxPQUFPLEtBQUssZ0JBQWdCLENBQUMsK0JBQStCO1lBQzVELENBQUMsQ0FBQyxnQkFBZ0IsQ0FBQyxhQUFhO1lBQ2hDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQTtJQUVWLElBQUksd0JBQXdCLEdBQUcsS0FBSyxDQUFBO0lBQ3BDLElBQUksa0JBQWlELENBQUE7SUFDckQsbUVBQW1FO0lBQ25FLHVEQUF1RDtJQUN2RCwwREFBMEQ7SUFDMUQsb0RBQW9EO0lBQ3BELElBQUksa0JBQThCLENBQUE7SUFFbEMsTUFBTSxxQkFBcUIsR0FBRyxDQUFDLE9BQW9DLEVBQUUsS0FBbUIsRUFBRSxFQUFFO1FBQzFGLHFEQUFxRDtRQUNyRCxNQUFNLE9BQU8sR0FBRyxPQUFPLFlBQVksVUFBVSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQUMsQ0FBQTtRQUNoRixzRUFBc0U7UUFDdEUsOEJBQThCLENBQUMsT0FBTyxFQUFFLEtBQUssQ0FBQyxDQUFBO1FBQzlDLGtCQUFrQixHQUFHLDRCQUE0QixDQUFDLE9BQU8sQ0FBQyxDQUFBO1FBQzFELGtCQUFrQixHQUFHLElBQUksVUFBVSxDQUFDLE9BQU8sQ0FBQyxDQUFBO1FBQzVDLFFBQVEsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFBO1FBRWpDLE9BQU8sUUFBUSxDQUFBO0lBQ2pCLENBQUMsQ0FBQTtJQUNELE1BQU0scUJBQXFCLEdBQUcsR0FBZ0MsRUFBRTtRQUM5RCwyRUFBMkU7UUFDM0UsS0FBSyxDQUFDLGtCQUFrQixFQUFFLHFDQUFxQyxDQUFDLENBQUE7UUFDaEU7O1dBRUc7UUFDSCxLQUFLLENBQUMsQ0FBQyx3QkFBd0IsRUFBRSxxQ0FBcUMsQ0FBQyxDQUFBO1FBQ3ZFOzs7O1dBSUc7UUFDSCxLQUFLLENBQUMsQ0FBQyxDQUFDLGtCQUFrQixZQUFZLFVBQVUsQ0FBQyxJQUFJLGVBQWUsQ0FBQyxrQkFBa0IsRUFBRSxhQUFhLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxFQUFFLHdDQUF3QyxDQUFDLENBQUE7UUFDdEssT0FBTyxrQkFBa0IsQ0FBQTtJQUMzQixDQUFDLENBQUE7SUFDRCxNQUFNLENBQUMsY0FBYyxDQUFDLFFBQVEsRUFBRSx1QkFBdUIsRUFBRTtRQUN2RCw4REFBOEQ7UUFDOUQsR0FBRyxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQyxrQkFBa0IsSUFBSSxDQUFDLHdCQUF3QjtRQUM1RCxVQUFVLEVBQUUsSUFBSTtLQUNqQixDQUFDLENBQUE7SUFDRixNQUFNLHNCQUFzQixHQUFHLEdBQUcsRUFBRTtRQUNsQzs7Ozs7O1dBTUc7UUFDSCxJQUFJLFVBQVUsR0FBRyxDQUFDLENBQUE7UUFDbEIsZ0dBQWdHO1FBQ2hHLElBQUksQ0FBQyxrQkFBa0IsRUFBRTtZQUN2QixrQkFBa0IsR0FBRyxJQUFJLFVBQVUsRUFBRSxDQUFBO1lBQ3JDLFVBQVUsSUFBSSxDQUFDLENBQUE7U0FDaEI7UUFDRCxnR0FBZ0c7UUFDaEcsSUFBSSxDQUFDLGtCQUFrQixFQUFFO1lBQ3ZCLGtCQUFrQixHQUFHLElBQUksVUFBVSxFQUFFLENBQUE7WUFDckMsVUFBVSxJQUFJLENBQUMsQ0FBQTtTQUNoQjtRQUNEOztXQUVHO1FBQ0gsSUFBSSxDQUFDLENBQUMsa0JBQWtCLFlBQVksVUFBVSxDQUFDLEVBQUU7WUFDL0Msa0JBQWtCLEdBQUcsSUFBSSxVQUFVLEVBQUUsQ0FBQTtTQUN0QztRQUNELGtCQUFrQixDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQTtRQUMxQixrQkFBa0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUE7UUFDMUIsd0JBQXdCLEdBQUcsSUFBSSxDQUFBO1FBRS9COzs7V0FHRztRQUNILEtBQUssQ0FBQyxVQUFVLEtBQUssQ0FBQyxJQUFJLFVBQVUsS0FBSyxDQUFDLEVBQUUsOERBQThELENBQUMsQ0FBQTtRQUMzRyxPQUFPLFFBQVEsQ0FBQTtJQUNqQixDQUFDLENBQUE7SUFFRCxnQkFBZ0IsQ0FBQyxRQUFRLEVBQUUsdUJBQXVCLEVBQUUscUJBQXFCLENBQUMsQ0FBQTtJQUMxRSxnQkFBZ0IsQ0FBQyxRQUFRLEVBQUUsdUJBQXVCLEVBQUUscUJBQXFCLENBQUMsQ0FBQTtJQUMxRSxnQkFBZ0IsQ0FBQyxRQUFRLEVBQUUsd0JBQXdCLEVBQUUsc0JBQXNCLENBQUMsQ0FBQTtJQUU1RSxPQUFPLFFBQVEsQ0FBQTtJQUVmLFNBQVMsOEJBQThCLENBQUUsT0FBbUIsRUFBRSxLQUFtQjtRQUMvRSxtR0FBbUc7UUFDbkcsS0FBSyxDQUFDLENBQUMsa0JBQWtCLEVBQUUseUNBQXlDLENBQUMsQ0FBQTtRQUNyRSwrQ0FBK0M7UUFDL0MsS0FBSyxDQUFDLE9BQU8sWUFBWSxVQUFVLEVBQUUsOEJBQThCLENBQUMsQ0FBQTtRQUNwRTs7OztXQUlHO1FBQ0gsS0FBSyxDQUFDLE9BQU8sQ0FBQyxVQUFVLEtBQUssQ0FBQyxFQUFFLG9EQUFvRCxDQUFDLENBQUE7UUFDckY7OztXQUdHO1FBQ0gsS0FBSyxDQUFDLE9BQU8sQ0FBQyxVQUFVLEtBQUssUUFBUSxDQUFDLEtBQUssQ0FBQyxjQUFjLEVBQUUsNkRBQTZELENBQUMsQ0FBQTtRQUUxSCxrR0FBa0c7UUFDbEcsS0FBSyxDQUFDLEtBQUssSUFBSSxLQUFLLENBQUMsT0FBTyxJQUFJLEtBQUssQ0FBQyxZQUFZLEVBQUUsd0JBQXdCLENBQUMsQ0FBQTtRQUM3RSxxRUFBcUU7UUFDckUsS0FBSyxDQUFDLEtBQUssQ0FBQyxLQUFLLEdBQUcsT0FBTyxFQUFFLG1DQUFtQyxDQUFDLENBQUE7UUFDakU7O1dBRUc7UUFDSCxLQUFLLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxLQUFLLEdBQUcsY0FBYyxDQUFDLEVBQUUsZ0NBQWdDLENBQUMsQ0FBQTtJQUMxRSxDQUFDO0FBQ0gsQ0FBQztBQUVELE1BQU0sVUFBVSwwQkFBMEIsQ0FBbUMsUUFBVztJQUN0RixNQUFNLGtCQUFrQixHQUFHLGdCQUFnQixDQUFDLFNBQVMsR0FBRyxnQkFBZ0IsQ0FBQyxhQUFhLENBQUE7SUFDdEYsTUFBTSxpQkFBaUIsR0FBdUIsRUFBRSxDQUFBO0lBQ2hELElBQUksWUFBOEMsQ0FBQTtJQUVsRCxNQUFNLG1CQUFtQixHQUFHLENBQUMsR0FBcUIsRUFBRSxLQUF1QixFQUFFLEVBQUU7UUFDN0U7OztXQUdHO1FBQ0gsS0FBSyxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSwrQkFBK0IsQ0FBQyxDQUFBO1FBQ3RFOzs7V0FHRztRQUNILEtBQUssQ0FBQyxHQUFHLFlBQVksZ0JBQWdCLEVBQUUsMENBQTBDLENBQUMsQ0FBQTtRQUVsRixtRUFBbUU7UUFDbkUsS0FBSyxDQUFDLEtBQUssR0FBRyxnQkFBZ0IsQ0FBQywrQkFBK0IsRUFBRSxzQ0FBc0MsQ0FBQyxDQUFBO1FBRXZHOzs7Ozs7OztXQVFHO1FBQ0gsS0FBSyxDQUFDLENBQUMsQ0FBQyxLQUFLLEdBQUcsa0JBQWtCLENBQUMsRUFBRSxvQ0FBb0MsQ0FBQyxDQUFBO1FBQzFFLFFBQVEsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLEVBQUUsT0FBTyxFQUFFLEdBQUcsQ0FBQyxZQUFZLEVBQUUsWUFBWSxFQUFFLEdBQUcsQ0FBQyxVQUFVLEVBQUUsS0FBSyxFQUFFLENBQUMsQ0FBQTtRQUU5RixpQkFBaUIsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUE7UUFDM0IsT0FBTyxRQUFRLENBQUE7SUFDakIsQ0FBQyxDQUFBO0lBRUQsZ0JBQWdCLENBQUMsUUFBUSxFQUFFLHFCQUFxQixFQUFFLG1CQUFtQixDQUFDLENBQUE7SUFDdEUsTUFBTSxDQUFDLGNBQWMsQ0FBQyxRQUFRLEVBQUUsbUJBQW1CLEVBQUU7UUFDbkQscURBQXFEO1FBQ3JELDBCQUEwQjtRQUMxQixHQUFHLEVBQUUsR0FBRyxFQUFFLENBQUMsQ0FBQyxHQUFHLGlCQUFpQixDQUFDO1FBQ2pDLFVBQVUsRUFBRSxJQUFJO0tBQ2pCLENBQUMsQ0FBQTtJQUNGLE1BQU0sZUFBZSxHQUFHLENBQUMsR0FBaUIsRUFBRSxFQUFFO1FBQzVDOzs7V0FHRztRQUNILEtBQUssQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLGNBQWMsRUFBRSxzREFBc0QsQ0FBQyxDQUFBO1FBQzVGLHdGQUF3RjtRQUN4RixLQUFLLENBQUMsQ0FBQyxZQUFZLEVBQUUscUNBQXFDLENBQUMsQ0FBQTtRQUMzRCwrQ0FBK0M7UUFDL0MsS0FBSyxDQUFDLEdBQUcsWUFBWSxZQUFZLEVBQUUsNkJBQTZCLENBQUMsQ0FBQTtRQUNqRSxZQUFZLEdBQUcsR0FBRyxDQUFBO1FBQ2xCLE9BQU8sUUFBUSxDQUFBO0lBQ2pCLENBQUMsQ0FBQTtJQUNELGdCQUFnQixDQUFDLFFBQVEsRUFBRSxpQkFBaUIsRUFBRSxlQUFlLENBQUMsQ0FBQTtJQUM5RCxNQUFNLENBQUMsY0FBYyxDQUFDLFFBQVEsRUFBRSxjQUFjLEVBQUU7UUFDOUMsR0FBRyxFQUFFLEdBQUcsRUFBRTtZQUNSOzs7ZUFHRztZQUNILEtBQUssQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxjQUFjLEtBQUssQ0FBQyxDQUFDLFlBQVksRUFBRSx3Q0FBd0MsQ0FBQyxDQUFBO1lBQ25HLE9BQU8sWUFBWSxDQUFBO1FBQ3JCLENBQUM7UUFDRCxVQUFVLEVBQUUsSUFBSTtLQUNqQixDQUFDLENBQUE7SUFFRixPQUFPLFFBQVEsQ0FBQTtBQUNqQixDQUFDO0FBRUQsTUFBTSxVQUFVLDBCQUEwQixDQUFtQyxRQUFXO0lBQ3RGLG1CQUFtQjtJQUNuQixJQUFJLGVBQW9ELENBQUE7SUFDeEQsTUFBTSxrQkFBa0IsR0FBRyxDQUFDLEdBQW9CLEVBQUUsRUFBRTtRQUNsRDs7O1dBR0c7UUFDSCxLQUFLLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxjQUFjLEVBQUUsc0RBQXNELENBQUMsQ0FBQTtRQUM1Riw4RkFBOEY7UUFDOUYsS0FBSyxDQUFDLENBQUMsZUFBZSxFQUFFLHdDQUF3QyxDQUFDLENBQUE7UUFDakUsa0RBQWtEO1FBQ2xELEtBQUssQ0FBQyxHQUFHLFlBQVksZUFBZSxFQUFFLDZCQUE2QixDQUFDLENBQUE7UUFDcEUsZUFBZSxHQUFHLEdBQUcsQ0FBQTtRQUNyQixPQUFPLFFBQVEsQ0FBQTtJQUNqQixDQUFDLENBQUE7SUFDRCxnQkFBZ0IsQ0FBQyxRQUFRLEVBQUUsb0JBQW9CLEVBQUUsa0JBQWtCLENBQUMsQ0FBQTtJQUNwRSxNQUFNLENBQUMsY0FBYyxDQUFDLFFBQVEsRUFBRSxpQkFBaUIsRUFBRTtRQUNqRCxHQUFHLEVBQUUsR0FBRyxFQUFFO1lBQ1I7OztlQUdHO1lBQ0gsS0FBSyxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLGNBQWMsS0FBSyxDQUFDLENBQUMsZUFBZSxFQUFFLHdDQUF3QyxDQUFDLENBQUE7WUFDdEcsT0FBTyxlQUFlLENBQUE7UUFDeEIsQ0FBQztRQUNELFVBQVUsRUFBRSxJQUFJO0tBQ2pCLENBQUMsQ0FBQTtJQUVGLE9BQU8sUUFBUSxDQUFBO0FBQ2pCLENBQUM7QUFFRCxNQUFNLFVBQVUseUJBQXlCLENBQWtDLFFBQVcsRUFBRSxRQUEwQjtJQUNoSCxJQUFJLFNBQXVFLENBQUE7SUFFM0UsTUFBTSxZQUFZLEdBQUcsQ0FBQyxPQUFpRCxFQUFFLEtBQW1CLEVBQUUsRUFBRTtRQUM5RixpRkFBaUY7UUFDakYsS0FBSyxDQUFDLENBQUMsU0FBUyxFQUFFLDJCQUEyQixDQUFDLENBQUE7UUFDOUMscURBQXFEO1FBQ3JELEtBQUssQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLElBQUksdUJBQXVCLENBQUMsT0FBTyxDQUFDLEVBQUUsMkJBQTJCLENBQUMsQ0FBQTtRQUM1RiwrRUFBK0U7UUFDL0UsS0FBSyxDQUFDLGdCQUFnQixDQUFDLE9BQU8sRUFBRSxRQUFRLENBQUMsRUFBRSxvQ0FBb0MsQ0FBQyxDQUFBO1FBRWhGOztXQUVHO1FBQ0gsSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRTtZQUNuQyxpR0FBaUc7WUFDakcsS0FBSyxDQUFDLEtBQUssSUFBSSxLQUFLLENBQUMsT0FBTyxJQUFJLEtBQUssQ0FBQyxZQUFZLEVBQUUsd0JBQXdCLENBQUMsQ0FBQTtZQUM3RSx1RkFBdUY7WUFDdkYsS0FBSyxDQUFDLEtBQUssQ0FBQyxLQUFLLEdBQUcsUUFBUSxFQUFFLG1DQUFtQyxDQUFDLENBQUE7WUFDbEU7Ozs7O2VBS0c7WUFDSCxRQUFRLENBQUMsc0JBQXNCLEVBQUUsQ0FBQTtZQUNqQyxRQUFRLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQTtTQUNsQztRQUVELElBQUksV0FBVyxDQUFDLE9BQU8sQ0FBQyxFQUFFO1lBQ3hCLFNBQVMsR0FBRyxPQUFPLENBQUE7U0FDcEI7YUFBTTtZQUNMLE1BQU0sRUFBRSxpQkFBaUIsRUFBRSxvQkFBb0IsRUFBRSxHQUFHLE9BQU8sQ0FBQTtZQUMzRCxTQUFTLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxFQUFFLGlCQUFpQixFQUFFLG9CQUFvQixFQUFFLENBQUMsQ0FBQTtTQUN2RTtRQUVELE9BQU8sUUFBUSxDQUFBO0lBQ2pCLENBQUMsQ0FBQTtJQUVELGdCQUFnQixDQUFDLFFBQVEsRUFBRSxjQUFjLEVBQUUsWUFBWSxDQUFDLENBQUE7SUFDeEQsTUFBTSxZQUFZLEdBQUcsR0FBRyxFQUFFO1FBQ3hCLHNFQUFzRTtRQUN0RSxLQUFLLENBQUMsU0FBUyxFQUFFLHdCQUF3QixDQUFDLENBQUE7UUFDMUMsa0RBQWtEO1FBQ2xELHdEQUF3RDtRQUN4RCxPQUEyRCxTQUFTLENBQUE7SUFDdEUsQ0FBQyxDQUFBO0lBQ0QsZ0JBQWdCLENBQUMsUUFBUSxFQUFFLGNBQWMsRUFBRSxZQUFZLENBQUMsQ0FBQTtJQUV4RCxNQUFNLENBQUMsY0FBYyxDQUFDLFFBQVEsRUFBRSxjQUFjLEVBQUU7UUFDOUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQyxTQUFTO1FBQ3RCLFVBQVUsRUFBRSxJQUFJO0tBQ2pCLENBQUMsQ0FBQTtJQUVGLE9BQU8sUUFBUSxDQUFBO0FBQ2pCLENBQUM7QUFFRCxNQUFNLFVBQVUsV0FBVyxDQUFFLE9BQVk7SUFDdkMsT0FBTyxPQUFPO1FBQ1osV0FBVyxJQUFJLE9BQU87UUFDdEIsTUFBTSxJQUFJLE9BQU87UUFDakIsV0FBVyxJQUFJLE9BQU87UUFDdEIsUUFBUSxJQUFJLE9BQU87UUFDbkIsYUFBYSxJQUFJLE9BQU8sQ0FBQTtBQUM1QixDQUFDO0FBRUQsTUFBTSxVQUFVLGdCQUFnQixDQUM5QixPQUFpRCxFQUNqRCxRQUFXO0lBRVgsSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsRUFBRTtRQUN6QixNQUFNLEVBQUUsaUJBQWlCLEVBQUUsb0JBQW9CLEVBQUUsR0FBRyxPQUFPLENBQUE7UUFDM0QsT0FBTyxnQkFBZ0IsQ0FBQyxpQkFBaUIsRUFBRSxRQUFRLENBQUM7WUFDbEQsZ0JBQWdCLENBQUMsb0JBQW9CLEVBQUUsUUFBUSxDQUFDLENBQUE7S0FDbkQ7SUFFRCxNQUFNLEVBQUUsS0FBSyxFQUFFLFdBQVcsRUFBRSxHQUFHLFFBQVEsQ0FBQTtJQUN2QyxNQUFNLEVBQUUsVUFBVSxFQUFFLFNBQVMsRUFBRSxHQUFHLEVBQUUsR0FBRyxLQUFLLENBQUE7SUFFNUM7OztPQUdHO0lBRUgsTUFBTSxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsTUFBTSxFQUFFLFdBQVcsRUFBRSxHQUFHLE9BQU8sQ0FBQTtJQUN4RCw0Q0FBNEM7SUFDNUMsTUFBTSxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsR0FBRyxTQUFTLENBQUE7SUFFbEMsNEJBQTRCO0lBQzVCLE9BQU8sSUFBSSxLQUFLLFFBQVE7UUFDdEIsdUJBQXVCO1FBQ3ZCLENBQUMsQ0FBQyxHQUFHLElBQUksSUFBSSxLQUFLLEdBQUcsQ0FBQztZQUNyQixDQUFDLElBQUksS0FBSyxVQUFVLElBQUksTUFBTSxLQUFLLFNBQVMsQ0FBQyxDQUFDO1FBQy9DOztXQUVHO1FBQ0gsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDekMsOEVBQThFO1FBQzlFLENBQUMsV0FBVyxDQUFBO0FBQ2hCLENBQUM7QUFFRCxTQUFTLHVCQUF1QixDQUFFLE9BQVk7SUFDNUMsTUFBTSxFQUFFLGlCQUFpQixFQUFFLG9CQUFvQixFQUFFLEdBQUcsT0FBTyxDQUFBO0lBQzNELE9BQU8sV0FBVyxDQUFDLGlCQUFpQixDQUFDLElBQUksV0FBVyxDQUFDLG9CQUFvQixDQUFDLENBQUE7QUFDNUUsQ0FBQztBQUVELE1BQU0sVUFBVSxtQkFBbUIsQ0FBa0MsUUFBVztJQUM5RSxNQUFNLEVBQUUsS0FBSyxFQUFFLEdBQUcsUUFBUSxDQUFBO0lBQzFCLElBQUksS0FBSyxDQUFDLEdBQUc7UUFBRSxPQUFPLFdBQVcsQ0FBQTtJQUNqQyxPQUFPLHlCQUF5QixDQUFDLFFBQVEsQ0FBQyxDQUFBO0FBQzVDLENBQUM7QUFFRCxNQUFNLFVBQVUseUJBQXlCLENBQWtDLFFBQVc7SUFDcEYsSUFBSSxRQUFRLFlBQVksMkJBQTJCO1FBQUUsT0FBTyxTQUFTLENBQUE7SUFDckUsSUFBSSxRQUFRLFlBQVksMkJBQTJCO1FBQUUsT0FBTyxTQUFTLENBQUE7SUFFckUsTUFBTSxJQUFJLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQyxDQUFBO0FBQ3pDLENBQUM7QUFFRCxNQUFNLFVBQVUsYUFBYSxDQUFFLE9BQW9DO0lBQ2pFLElBQUksT0FBTyxZQUFZLFVBQVU7UUFBRSxPQUFPLE9BQU8sQ0FBQTtJQUNqRCxJQUFJLGlCQUFpQixJQUFJLE9BQU8sWUFBWSxpQkFBaUIsQ0FBQyxTQUFTO1FBQUUsT0FBTyxPQUFPLENBQUMsTUFBTSxFQUFFLENBQUE7SUFFaEcsTUFBTSxJQUFJLEtBQUssQ0FBQywwQkFBMEIsQ0FBQyxDQUFBO0FBQzdDLENBQUM7QUFFRCxNQUFNLFVBQVUsNEJBQTRCLENBQUUsT0FBb0M7SUFDaEYsSUFBSSxpQkFBaUIsRUFBRTtRQUNyQixJQUFJLE9BQU8sWUFBWSxVQUFVLEVBQUU7WUFDakMsTUFBTSxFQUFFLEdBQUcsaUJBQWlCLENBQUMsZUFBZSxDQUFDLE9BQU8sQ0FBQyxDQUFBO1lBQ3JELHNFQUFzRTtZQUN0RSxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFBO1lBQ2YsT0FBTyxFQUFFLENBQUE7U0FDVjtRQUNELElBQUksT0FBTyxZQUFZLGlCQUFpQixDQUFDLFNBQVM7WUFBRSxPQUFPLE9BQU8sQ0FBQTtLQUNuRTtTQUFNLElBQUksT0FBTyxZQUFZLFVBQVUsRUFBRTtRQUN4QyxPQUFPLE9BQU8sQ0FBQTtLQUNmO0lBQ0QsTUFBTSxJQUFJLEtBQUssQ0FBQywwQkFBMEIsQ0FBQyxDQUFBO0FBQzdDLENBQUMifQ== |
@@ -16,2 +16,3 @@ export { AlgorithmSuiteIdentifier, AlgorithmSuiteName, AlgorithmSuite } from './algorithm_suites'; | ||
| export { isEncryptionMaterial, isDecryptionMaterial } from './cryptographic_material'; | ||
| export { unwrapDataKey, wrapWithKeyObjectIfSupported } from './cryptographic_material'; | ||
| export { CryptographicMaterial, decorateCryptographicMaterial, decorateWebCryptoMaterial, WebCryptoMaterial } from './cryptographic_material'; | ||
@@ -22,3 +23,4 @@ export { SignatureKey, VerificationKey } from './signature_key'; | ||
| export { needs } from './needs'; | ||
| export { cloneMaterial } from './clone_cryptographic_material'; | ||
| export * from './types'; | ||
| //# sourceMappingURL=index.d.ts.map |
@@ -25,2 +25,3 @@ /* | ||
| export { isEncryptionMaterial, isDecryptionMaterial } from './cryptographic_material'; | ||
| export { unwrapDataKey, wrapWithKeyObjectIfSupported } from './cryptographic_material'; | ||
| export { decorateCryptographicMaterial, decorateWebCryptoMaterial } from './cryptographic_material'; | ||
@@ -31,2 +32,3 @@ export { SignatureKey, VerificationKey } from './signature_key'; | ||
| export { needs } from './needs'; | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7Ozs7Ozs7Ozs7R0FhRztBQUVILE9BQU8sRUFBRSx3QkFBd0IsRUFBc0IsY0FBYyxFQUFFLE1BQU0sb0JBQW9CLENBQUE7QUFNakcsT0FBTyxFQUFFLHVCQUF1QixFQUFFLE1BQU0seUJBQXlCLENBQUE7QUFDakUsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sbUJBQW1CLENBQUE7QUFFdEQsT0FBTyxFQUFFLE9BQU8sRUFBRSxXQUFXLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxXQUFXLENBQUE7QUFDbEUsT0FBTyxFQUFnQixnQkFBZ0IsRUFBRSxNQUFNLGlCQUFpQixDQUFBO0FBQ2hFLE9BQU8sRUFBRSxnQkFBZ0IsRUFBRSxxQkFBcUIsRUFBRSxNQUFNLGlCQUFpQixDQUFBO0FBR3pFLE9BQU8sRUFBRSxzQkFBc0IsRUFBRSxzQkFBc0IsRUFBRSxNQUFNLDBCQUEwQixDQUFBO0FBQ3pGLE9BQU8sRUFBRSxnQkFBZ0IsRUFBRSxXQUFXLEVBQUUsbUJBQW1CLEVBQUUseUJBQXlCLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQTtBQUN4SCxPQUFPLEVBQUUsMkJBQTJCLEVBQUUsMkJBQTJCLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQTtBQUNuRyxPQUFPLEVBQUUsb0JBQW9CLEVBQUUsb0JBQW9CLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQTtBQUNyRixPQUFPLEVBQXlCLDZCQUE2QixFQUFFLHlCQUF5QixFQUFxQixNQUFNLDBCQUEwQixDQUFBO0FBQzdJLE9BQU8sRUFBRSxZQUFZLEVBQUUsZUFBZSxFQUFFLE1BQU0saUJBQWlCLENBQUE7QUFDL0QsT0FBTyxFQUFFLGdCQUFnQixFQUFxQixNQUFNLHNCQUFzQixDQUFBO0FBRTFFLE9BQU8sRUFBRSxrQkFBa0IsRUFBRSxjQUFjLEVBQUUsV0FBVyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sbUJBQW1CLENBQUE7QUFFckcsT0FBTyxFQUFFLEtBQUssRUFBRSxNQUFNLFNBQVMsQ0FBQSJ9 | ||
| export { cloneMaterial } from './clone_cryptographic_material'; | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7Ozs7Ozs7Ozs7R0FhRztBQUVILE9BQU8sRUFBRSx3QkFBd0IsRUFBc0IsY0FBYyxFQUFFLE1BQU0sb0JBQW9CLENBQUE7QUFNakcsT0FBTyxFQUFFLHVCQUF1QixFQUFFLE1BQU0seUJBQXlCLENBQUE7QUFDakUsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sbUJBQW1CLENBQUE7QUFFdEQsT0FBTyxFQUFFLE9BQU8sRUFBRSxXQUFXLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxXQUFXLENBQUE7QUFDbEUsT0FBTyxFQUFnQixnQkFBZ0IsRUFBRSxNQUFNLGlCQUFpQixDQUFBO0FBQ2hFLE9BQU8sRUFBRSxnQkFBZ0IsRUFBRSxxQkFBcUIsRUFBRSxNQUFNLGlCQUFpQixDQUFBO0FBR3pFLE9BQU8sRUFBRSxzQkFBc0IsRUFBRSxzQkFBc0IsRUFBRSxNQUFNLDBCQUEwQixDQUFBO0FBQ3pGLE9BQU8sRUFBRSxnQkFBZ0IsRUFBRSxXQUFXLEVBQUUsbUJBQW1CLEVBQUUseUJBQXlCLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQTtBQUN4SCxPQUFPLEVBQUUsMkJBQTJCLEVBQUUsMkJBQTJCLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQTtBQUNuRyxPQUFPLEVBQUUsb0JBQW9CLEVBQUUsb0JBQW9CLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQTtBQUNyRixPQUFPLEVBQUUsYUFBYSxFQUFFLDRCQUE0QixFQUFFLE1BQU0sMEJBQTBCLENBQUE7QUFDdEYsT0FBTyxFQUF5Qiw2QkFBNkIsRUFBRSx5QkFBeUIsRUFBcUIsTUFBTSwwQkFBMEIsQ0FBQTtBQUM3SSxPQUFPLEVBQUUsWUFBWSxFQUFFLGVBQWUsRUFBRSxNQUFNLGlCQUFpQixDQUFBO0FBQy9ELE9BQU8sRUFBRSxnQkFBZ0IsRUFBcUIsTUFBTSxzQkFBc0IsQ0FBQTtBQUUxRSxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsY0FBYyxFQUFFLFdBQVcsRUFBRSxnQkFBZ0IsRUFBRSxNQUFNLG1CQUFtQixDQUFBO0FBRXJHLE9BQU8sRUFBRSxLQUFLLEVBQUUsTUFBTSxTQUFTLENBQUE7QUFDL0IsT0FBTyxFQUFFLGFBQWEsRUFBRSxNQUFNLGdDQUFnQyxDQUFBIn0= |
@@ -53,4 +53,7 @@ /** | ||
| */ | ||
| WRAPPING_KEY_VERIFIED_ENC_CTX = 16 | ||
| WRAPPING_KEY_VERIFIED_ENC_CTX = 16, | ||
| ENCRYPT_FLAGS = 10, | ||
| SET_FLAGS = 5, | ||
| DECRYPT_FLAGS = 20 | ||
| } | ||
| //# sourceMappingURL=keyring_trace.d.ts.map |
@@ -37,3 +37,21 @@ /* | ||
| KeyringTraceFlag[KeyringTraceFlag["WRAPPING_KEY_VERIFIED_ENC_CTX"] = 16] = "WRAPPING_KEY_VERIFIED_ENC_CTX"; | ||
| /* KeyringTraceFlags are organized here. | ||
| * The three groupings are set, encrypt, and decrypt. | ||
| * An unencrypted data key is set and is required to have a SET_FLAG. | ||
| * For the encrypt path, the unencrypted data key must be generated. | ||
| * For the decrypt path, the unencrypted data key must be decrypted. | ||
| * | ||
| * A encrypted data key must be encrypted | ||
| * and the encryption context may be signed. | ||
| * | ||
| * When an encrypted data key is decrypted, | ||
| * the encryption context may be verified. | ||
| * | ||
| * This organization is to keep a KeyringTrace for an encrypted data key | ||
| * for listing the WRAPPING_KEY_VERIFIED_ENC_CTX flag. | ||
| */ | ||
| KeyringTraceFlag[KeyringTraceFlag["ENCRYPT_FLAGS"] = 10] = "ENCRYPT_FLAGS"; | ||
| KeyringTraceFlag[KeyringTraceFlag["SET_FLAGS"] = 5] = "SET_FLAGS"; | ||
| KeyringTraceFlag[KeyringTraceFlag["DECRYPT_FLAGS"] = 20] = "DECRYPT_FLAGS"; | ||
| })(KeyringTraceFlag || (KeyringTraceFlag = {})); | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5cmluZ190cmFjZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9rZXlyaW5nX3RyYWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7Ozs7Ozs7O0dBYUc7QUFvQ0gsTUFBTSxDQUFOLElBQVksZ0JBeUJYO0FBekJELFdBQVksZ0JBQWdCO0lBQzVCOztPQUVHO0lBQ0QsNkdBQW1DLENBQUE7SUFFckM7O09BRUc7SUFDRCw2R0FBMEMsQ0FBQTtJQUU1Qzs7T0FFRztJQUNELDZHQUEwQyxDQUFBO0lBRTVDOztPQUVHO0lBQ0QscUdBQXNDLENBQUE7SUFFeEM7O09BRUc7SUFDRCwwR0FBd0MsQ0FBQTtBQUMxQyxDQUFDLEVBekJXLGdCQUFnQixLQUFoQixnQkFBZ0IsUUF5QjNCIn0= | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5cmluZ190cmFjZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9rZXlyaW5nX3RyYWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7Ozs7Ozs7O0dBYUc7QUFvQ0gsTUFBTSxDQUFOLElBQVksZ0JBK0NYO0FBL0NELFdBQVksZ0JBQWdCO0lBQzVCOztPQUVHO0lBQ0QsNkdBQW1DLENBQUE7SUFFckM7O09BRUc7SUFDRCw2R0FBMEMsQ0FBQTtJQUU1Qzs7T0FFRztJQUNELDZHQUEwQyxDQUFBO0lBRTVDOztPQUVHO0lBQ0QscUdBQXNDLENBQUE7SUFFeEM7O09BRUc7SUFDRCwwR0FBd0MsQ0FBQTtJQUV4Qzs7Ozs7Ozs7Ozs7Ozs7T0FjRztJQUVILDBFQUE2RSxDQUFBO0lBRTdFLGlFQUE2RSxDQUFBO0lBRTdFLDBFQUErRSxDQUFBO0FBQ2pGLENBQUMsRUEvQ1csZ0JBQWdCLEtBQWhCLGdCQUFnQixRQStDM0IifQ== |
@@ -82,2 +82,3 @@ /* | ||
| children.unshift(this.generator); | ||
| let childKeyringErrors = []; | ||
| for (const keyring of children) { | ||
@@ -91,11 +92,23 @@ /* Check for early return (Postcondition): Do not attempt to decrypt once I have a valid key. */ | ||
| catch (e) { | ||
| // there should be some debug here? or wrap? | ||
| // Failures onDecrypt should not short-circuit the process | ||
| // If the caller does not have access they may have access | ||
| // through another Keyring. | ||
| /* Failures onDecrypt should not short-circuit the process | ||
| * If the caller does not have access they may have access | ||
| * through another Keyring. | ||
| */ | ||
| childKeyringErrors.push(e); | ||
| } | ||
| } | ||
| /* Postcondition: A child keyring must provide a valid data key or no child keyring must have raised an error. | ||
| * If I have a data key, | ||
| * decrypt errors can be ignored. | ||
| * However, if I was unable to decrypt a data key AND I have errors, | ||
| * these errors should bubble up. | ||
| * Otherwise, the only error customers will see is that | ||
| * the material does not have an unencrypted data key. | ||
| * So I return a concatenated Error message | ||
| */ | ||
| needs(material.hasValidKey() || (!material.hasValidKey() && !childKeyringErrors.length), childKeyringErrors | ||
| .reduce((m, e, i) => `${m} Error #${i + 1} \n ${e.stack} \n`, 'Unable to decrypt data key and one or more child keyrings had an error. \n ')); | ||
| return material; | ||
| }; | ||
| } | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibXVsdGlfa2V5cmluZy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9tdWx0aV9rZXlyaW5nLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7Ozs7Ozs7O0dBYUc7QUFFSCxPQUFPLEVBQUUsY0FBYyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sbUJBQW1CLENBQUE7QUFDcEUsT0FBTyxFQUNJLHFDQUFxQztBQUM5QyxXQUFXLEVBQ1gsZ0JBQWdCLEVBQ2pCLE1BQU0sV0FBVyxDQUFBO0FBRWxCLE9BQU8sRUFBRSxLQUFLLEVBQUUsTUFBTSxTQUFTLENBQUE7QUFLL0IsTUFBTSxPQUFPLGdCQUFpQixTQUFRLFdBQVc7SUFHL0MsWUFBYSxLQUE0QztRQUN2RCxLQUFLLEVBQUUsQ0FBQTtRQUdULGVBQVUsR0FBRyxxQkFBcUIsRUFBc0IsQ0FBQTtRQUN4RCxlQUFVLEdBQUcscUJBQXFCLEVBQXNCLENBQUE7UUFIdEQsa0JBQWtCLENBQUMsSUFBSSxFQUFFLFdBQVcsRUFBRSxLQUFLLENBQUMsQ0FBQTtJQUM5QyxDQUFDO0NBR0Y7QUFDRCxjQUFjLENBQUMsZ0JBQWdCLENBQUMsQ0FBQTtBQUVoQyxNQUFNLE9BQU8scUJBQXNCLFNBQVEsZ0JBQWdCO0lBSXpELFlBQWEsS0FBaUQ7UUFDNUQsS0FBSyxFQUFFLENBQUE7UUFHVCxlQUFVLEdBQUcscUJBQXFCLEVBQTJCLENBQUE7UUFDN0QsZUFBVSxHQUFHLHFCQUFxQixFQUEyQixDQUFBO1FBSDNELGtCQUFrQixDQUFDLElBQUksRUFBRSxnQkFBZ0IsRUFBRSxLQUFLLENBQUMsQ0FBQTtJQUNuRCxDQUFDO0NBR0Y7QUFDRCxjQUFjLENBQUMscUJBQXFCLENBQUMsQ0FBQTtBQUVyQyxTQUFTLGtCQUFrQixDQUN6QixHQUFxQixFQUNyQixXQUFnQixFQUNoQixFQUFFLFNBQVMsRUFBRSxRQUFRLEdBQUcsRUFBRSxFQUF3QjtJQUVsRCxvREFBb0Q7SUFDcEQsS0FBSyxDQUFDLFNBQVMsSUFBSSxRQUFRLENBQUMsTUFBTSxFQUFFLHFDQUFxQyxDQUFDLENBQUE7SUFDMUUsZ0RBQWdEO0lBQ2hELEtBQUssQ0FBQyxDQUFDLENBQUMsU0FBUyxLQUFLLFNBQVMsWUFBWSxXQUFXLEVBQUUsNkJBQTZCLENBQUMsQ0FBQTtJQUN0RixrREFBa0Q7SUFDbEQsS0FBSyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLFlBQVksV0FBVyxDQUFDLEVBQUUseUJBQXlCLENBQUMsQ0FBQTtJQUVqRixnQkFBZ0IsQ0FBQyxHQUFHLEVBQUUsVUFBVSxFQUFFLE1BQU0sQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUMsQ0FBQTtJQUNsRSxnQkFBZ0IsQ0FBQyxHQUFHLEVBQUUsV0FBVyxFQUFFLFNBQVMsQ0FBQyxDQUFBO0FBQy9DLENBQUM7QUFFRCxTQUFTLHFCQUFxQjtJQUM1QixPQUFPLEtBQUssVUFBVSxVQUFVLENBRTlCLFFBQStCO1FBRS9COzs7Ozs7V0FNRztRQUNILEtBQUssQ0FBQyxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsSUFBSSxFQUFFLDBFQUEwRSxDQUFDLENBQUE7UUFFMUksTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLFNBQVM7WUFDOUIsQ0FBQyxDQUFDLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDO1lBQzFDLENBQUMsQ0FBQyxRQUFRLENBQUE7UUFFWix5RUFBeUU7UUFDekUsS0FBSyxDQUFDLFNBQVMsQ0FBQyxxQkFBcUIsRUFBRSwrQ0FBK0MsQ0FBQyxDQUFBO1FBRXZGOzs7OztXQUtHO1FBQ0gsS0FBSyxNQUFNLE9BQU8sSUFBSSxJQUFJLENBQUMsUUFBUSxFQUFFO1lBQ25DLE1BQU0sT0FBTyxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsQ0FBQTtTQUNuQztRQUVELDRFQUE0RTtRQUM1RSwwRUFBMEU7UUFDMUUsbUJBQW1CO1FBQ25CLE9BQU8sU0FBUyxDQUFBO0lBQ2xCLENBQUMsQ0FBQTtBQUNILENBQUM7QUFFRCxTQUFTLHFCQUFxQjtJQUM1QixPQUFPLEtBQUssVUFBVSxVQUFVLENBRTlCLFFBQStCLEVBQy9CLGlCQUFxQztRQUVyQyxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLEtBQUssRUFBRSxDQUFBO1FBQ3RDLElBQUksSUFBSSxDQUFDLFNBQVM7WUFBRSxRQUFRLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQTtRQUVwRCxLQUFLLE1BQU0sT0FBTyxJQUFJLFFBQVEsRUFBRTtZQUNoQyxnR0FBZ0c7WUFDOUYsSUFBSSxRQUFRLENBQUMsV0FBVyxFQUFFO2dCQUFFLE9BQU8sUUFBUSxDQUFBO1lBRTNDLElBQUk7Z0JBQ0YsTUFBTSxPQUFPLENBQUMsU0FBUyxDQUFDLFFBQVEsRUFBRSxpQkFBaUIsQ0FBQyxDQUFBO2FBQ3JEO1lBQUMsT0FBTyxDQUFDLEVBQUU7Z0JBQ1osNkNBQTZDO2dCQUM3QywwREFBMEQ7Z0JBQzFELDBEQUEwRDtnQkFDMUQsMkJBQTJCO2FBQzFCO1NBQ0Y7UUFDRCxPQUFPLFFBQVEsQ0FBQTtJQUNqQixDQUFDLENBQUE7QUFDSCxDQUFDIn0= | ||
| //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibXVsdGlfa2V5cmluZy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9tdWx0aV9rZXlyaW5nLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7Ozs7Ozs7O0dBYUc7QUFFSCxPQUFPLEVBQUUsY0FBYyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sbUJBQW1CLENBQUE7QUFDcEUsT0FBTyxFQUNJLHFDQUFxQztBQUM5QyxXQUFXLEVBQ1gsZ0JBQWdCLEVBQ2pCLE1BQU0sV0FBVyxDQUFBO0FBRWxCLE9BQU8sRUFBRSxLQUFLLEVBQUUsTUFBTSxTQUFTLENBQUE7QUFLL0IsTUFBTSxPQUFPLGdCQUFpQixTQUFRLFdBQVc7SUFHL0MsWUFBYSxLQUE0QztRQUN2RCxLQUFLLEVBQUUsQ0FBQTtRQUdULGVBQVUsR0FBRyxxQkFBcUIsRUFBc0IsQ0FBQTtRQUN4RCxlQUFVLEdBQUcscUJBQXFCLEVBQXNCLENBQUE7UUFIdEQsa0JBQWtCLENBQUMsSUFBSSxFQUFFLFdBQVcsRUFBRSxLQUFLLENBQUMsQ0FBQTtJQUM5QyxDQUFDO0NBR0Y7QUFDRCxjQUFjLENBQUMsZ0JBQWdCLENBQUMsQ0FBQTtBQUVoQyxNQUFNLE9BQU8scUJBQXNCLFNBQVEsZ0JBQWdCO0lBSXpELFlBQWEsS0FBaUQ7UUFDNUQsS0FBSyxFQUFFLENBQUE7UUFHVCxlQUFVLEdBQUcscUJBQXFCLEVBQTJCLENBQUE7UUFDN0QsZUFBVSxHQUFHLHFCQUFxQixFQUEyQixDQUFBO1FBSDNELGtCQUFrQixDQUFDLElBQUksRUFBRSxnQkFBZ0IsRUFBRSxLQUFLLENBQUMsQ0FBQTtJQUNuRCxDQUFDO0NBR0Y7QUFDRCxjQUFjLENBQUMscUJBQXFCLENBQUMsQ0FBQTtBQUVyQyxTQUFTLGtCQUFrQixDQUN6QixHQUFxQixFQUNyQixXQUFnQixFQUNoQixFQUFFLFNBQVMsRUFBRSxRQUFRLEdBQUcsRUFBRSxFQUF3QjtJQUVsRCxvREFBb0Q7SUFDcEQsS0FBSyxDQUFDLFNBQVMsSUFBSSxRQUFRLENBQUMsTUFBTSxFQUFFLHFDQUFxQyxDQUFDLENBQUE7SUFDMUUsZ0RBQWdEO0lBQ2hELEtBQUssQ0FBQyxDQUFDLENBQUMsU0FBUyxLQUFLLFNBQVMsWUFBWSxXQUFXLEVBQUUsNkJBQTZCLENBQUMsQ0FBQTtJQUN0RixrREFBa0Q7SUFDbEQsS0FBSyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLFlBQVksV0FBVyxDQUFDLEVBQUUseUJBQXlCLENBQUMsQ0FBQTtJQUVqRixnQkFBZ0IsQ0FBQyxHQUFHLEVBQUUsVUFBVSxFQUFFLE1BQU0sQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUMsQ0FBQTtJQUNsRSxnQkFBZ0IsQ0FBQyxHQUFHLEVBQUUsV0FBVyxFQUFFLFNBQVMsQ0FBQyxDQUFBO0FBQy9DLENBQUM7QUFFRCxTQUFTLHFCQUFxQjtJQUM1QixPQUFPLEtBQUssVUFBVSxVQUFVLENBRTlCLFFBQStCO1FBRS9COzs7Ozs7V0FNRztRQUNILEtBQUssQ0FBQyxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsSUFBSSxFQUFFLDBFQUEwRSxDQUFDLENBQUE7UUFFMUksTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLFNBQVM7WUFDOUIsQ0FBQyxDQUFDLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDO1lBQzFDLENBQUMsQ0FBQyxRQUFRLENBQUE7UUFFWix5RUFBeUU7UUFDekUsS0FBSyxDQUFDLFNBQVMsQ0FBQyxxQkFBcUIsRUFBRSwrQ0FBK0MsQ0FBQyxDQUFBO1FBRXZGOzs7OztXQUtHO1FBQ0gsS0FBSyxNQUFNLE9BQU8sSUFBSSxJQUFJLENBQUMsUUFBUSxFQUFFO1lBQ25DLE1BQU0sT0FBTyxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsQ0FBQTtTQUNuQztRQUVELDRFQUE0RTtRQUM1RSwwRUFBMEU7UUFDMUUsbUJBQW1CO1FBQ25CLE9BQU8sU0FBUyxDQUFBO0lBQ2xCLENBQUMsQ0FBQTtBQUNILENBQUM7QUFFRCxTQUFTLHFCQUFxQjtJQUM1QixPQUFPLEtBQUssVUFBVSxVQUFVLENBRTlCLFFBQStCLEVBQy9CLGlCQUFxQztRQUVyQyxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLEtBQUssRUFBRSxDQUFBO1FBQ3RDLElBQUksSUFBSSxDQUFDLFNBQVM7WUFBRSxRQUFRLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQTtRQUVwRCxJQUFJLGtCQUFrQixHQUFZLEVBQUUsQ0FBQTtRQUVwQyxLQUFLLE1BQU0sT0FBTyxJQUFJLFFBQVEsRUFBRTtZQUNoQyxnR0FBZ0c7WUFDOUYsSUFBSSxRQUFRLENBQUMsV0FBVyxFQUFFO2dCQUFFLE9BQU8sUUFBUSxDQUFBO1lBRTNDLElBQUk7Z0JBQ0YsTUFBTSxPQUFPLENBQUMsU0FBUyxDQUFDLFFBQVEsRUFBRSxpQkFBaUIsQ0FBQyxDQUFBO2FBQ3JEO1lBQUMsT0FBTyxDQUFDLEVBQUU7Z0JBQ1o7OzttQkFHRztnQkFDRCxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUE7YUFDM0I7U0FDRjtRQUVEOzs7Ozs7OztXQVFHO1FBQ0gsS0FBSyxDQUFDLFFBQVEsQ0FBQyxXQUFXLEVBQUUsSUFBSSxDQUFDLENBQUMsUUFBUSxDQUFDLFdBQVcsRUFBRSxJQUFJLENBQUMsa0JBQWtCLENBQUMsTUFBTSxDQUFDLEVBQ25GLGtCQUFrQjthQUNqQixNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLENBQUMsS0FBSyxLQUFLLEVBQzFELDZFQUE2RSxDQUFDLENBQUMsQ0FBQTtRQUVyRixPQUFPLFFBQVEsQ0FBQTtJQUNqQixDQUFDLENBQUE7QUFDSCxDQUFDIn0= |
@@ -0,1 +1,2 @@ | ||
| /// <reference types="node" /> | ||
| import { NodeAlgorithmSuite } from './node_algorithms'; | ||
@@ -37,2 +38,24 @@ import { WebCryptoAlgorithmSuite } from './web_crypto_algorithms'; | ||
| export declare type DecryptionMaterial<Suite> = Suite extends NodeAlgorithmSuite ? NodeDecryptionMaterial : Suite extends WebCryptoAlgorithmSuite ? WebCryptoDecryptionMaterial : never; | ||
| export declare type AwsEsdkKeyObjectType = 'secret' | 'public' | 'private'; | ||
| export declare type AwsEsdkKeyFormat = 'pem' | 'der'; | ||
| export declare type AwsEsdkKeyType = 'rsa' | 'dsa' | 'ec'; | ||
| export interface AwsEsdkKeyExportOptions<T extends AwsEsdkKeyFormat> { | ||
| type: 'pkcs1' | 'spki' | 'pkcs8' | 'sec1'; | ||
| format: T; | ||
| cipher?: string; | ||
| passphrase?: string | Buffer; | ||
| } | ||
| export interface AwsEsdkKeyObject { | ||
| asymmetricKeyType?: AwsEsdkKeyType; | ||
| /** | ||
| * For asymmetric keys, this property represents the size of the embedded key in | ||
| * bytes. This property is `undefined` for symmetric keys. | ||
| */ | ||
| asymmetricKeySize?: number; | ||
| export(options: AwsEsdkKeyExportOptions<'pem'>): string | Buffer; | ||
| export(options?: AwsEsdkKeyExportOptions<'der'>): Buffer; | ||
| symmetricSize?: number; | ||
| type: AwsEsdkKeyObjectType; | ||
| } | ||
| export declare type AwsEsdkCreateSecretKey = (key: Uint8Array) => AwsEsdkKeyObject; | ||
| //# sourceMappingURL=types.d.ts.map |
@@ -6,2 +6,21 @@ # Change Log | ||
| # [0.2.0-preview.4](/compare/@aws-crypto/material-management@0.2.0-preview.3...@aws-crypto/material-management@0.2.0-preview.4) (2019-09-20) | ||
| ### Bug Fixes | ||
| * Better error messageing (#212) 7198100, closes #212 #152 | ||
| * Better timingSafeEqual definition (#203) 12d1661, closes #203 | ||
| * KeyringTraceFlag requirements and data key caching (#210) 7dfa1ae, closes #210 | ||
| ### Features | ||
| * Remove unencryptedDataKeyLength (#201) bd160c0, closes #201 | ||
| * Suport Node.js crypto KeyObjects (#200) 77ad031, closes #200 #74 | ||
| # [0.2.0-preview.3](/compare/@aws-crypto/material-management@0.2.0-preview.2...@aws-crypto/material-management@0.2.0-preview.3) (2019-08-08) | ||
@@ -8,0 +27,0 @@ |
| { | ||
| "name": "@aws-crypto/material-management", | ||
| "version": "0.2.0-preview.3", | ||
| "version": "0.2.0-preview.4", | ||
| "scripts": { | ||
@@ -52,3 +52,3 @@ "prepublishOnly": "npm run build", | ||
| }, | ||
| "gitHead": "698180f30c85ef77a5739ebadd676d4b41ad441f" | ||
| "gitHead": "b3e278777e164258f0f40f5ec5d260f1c0d21a9b" | ||
| } |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
652998
6.32%- Number of package files
115
5.5%- Lines of code
4400
10.33%No dependency changes