{"version":3,"file":"handleDeviceSRPAuth.mjs","sources":["../../../../../src/providers/cognito/utils/handleDeviceSRPAuth.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { createRespondToAuthChallengeClient } from '../../../foundation/factories/serviceClients/cognitoIdentityProvider';\nimport { createCognitoUserPoolEndpointResolver } from '../factories';\nimport { getRegionFromUserPoolId } from '../../../foundation/parsers';\nimport { assertDeviceMetadata } from './types';\nimport { getAuthenticationHelper, getNowString, getSignatureString, } from './srp';\nimport { BigInteger } from './srp/BigInteger';\nimport { getUserContextData } from './userContextData';\nexport async function handleDeviceSRPAuth({ username, config, clientMetadata, session, tokenOrchestrator, }) {\n    const { userPoolId, userPoolEndpoint } = config;\n    const clientId = config.userPoolClientId;\n    const deviceMetadata = await tokenOrchestrator?.getDeviceMetadata(username);\n    assertDeviceMetadata(deviceMetadata);\n    const authenticationHelper = await getAuthenticationHelper(deviceMetadata.deviceGroupKey);\n    const challengeResponses = {\n        USERNAME: username,\n        SRP_A: authenticationHelper.A.toString(16),\n        DEVICE_KEY: deviceMetadata.deviceKey,\n    };\n    const jsonReqResponseChallenge = {\n        ChallengeName: 'DEVICE_SRP_AUTH',\n        ClientId: clientId,\n        ChallengeResponses: challengeResponses,\n        ClientMetadata: clientMetadata,\n        Session: session,\n    };\n    const respondToAuthChallenge = createRespondToAuthChallengeClient({\n        endpointResolver: createCognitoUserPoolEndpointResolver({\n            endpointOverride: userPoolEndpoint,\n        }),\n    });\n    const { ChallengeParameters: respondedChallengeParameters, Session } = await respondToAuthChallenge({ region: getRegionFromUserPoolId(userPoolId) }, jsonReqResponseChallenge);\n    return handleDevicePasswordVerifier(username, respondedChallengeParameters, clientMetadata, Session, authenticationHelper, config, tokenOrchestrator);\n}\nasync function handleDevicePasswordVerifier(username, challengeParameters, clientMetadata, session, authenticationHelper, { userPoolId, userPoolClientId, userPoolEndpoint }, tokenOrchestrator) {\n    const deviceMetadata = await tokenOrchestrator?.getDeviceMetadata(username);\n    assertDeviceMetadata(deviceMetadata);\n    const serverBValue = new BigInteger(challengeParameters?.SRP_B, 16);\n    const salt = new BigInteger(challengeParameters?.SALT, 16);\n    const { deviceKey } = deviceMetadata;\n    const { deviceGroupKey } = deviceMetadata;\n    const hkdf = await authenticationHelper.getPasswordAuthenticationKey({\n        username: deviceMetadata.deviceKey,\n        password: deviceMetadata.randomPassword,\n        serverBValue,\n        salt,\n    });\n    const dateNow = getNowString();\n    const challengeResponses = {\n        USERNAME: challengeParameters?.USERNAME ?? username,\n        PASSWORD_CLAIM_SECRET_BLOCK: challengeParameters?.SECRET_BLOCK,\n        TIMESTAMP: dateNow,\n        PASSWORD_CLAIM_SIGNATURE: getSignatureString({\n            username: deviceKey,\n            userPoolName: deviceGroupKey,\n            challengeParameters,\n            dateNow,\n            hkdf,\n        }),\n        DEVICE_KEY: deviceKey,\n    };\n    const UserContextData = getUserContextData({\n        username,\n        userPoolId,\n        userPoolClientId,\n    });\n    const jsonReqResponseChallenge = {\n        ChallengeName: 'DEVICE_PASSWORD_VERIFIER',\n        ClientId: userPoolClientId,\n        ChallengeResponses: challengeResponses,\n        Session: session,\n        ClientMetadata: clientMetadata,\n        UserContextData,\n    };\n    const respondToAuthChallenge = createRespondToAuthChallengeClient({\n        endpointResolver: createCognitoUserPoolEndpointResolver({\n            endpointOverride: userPoolEndpoint,\n        }),\n    });\n    return respondToAuthChallenge({ region: getRegionFromUserPoolId(userPoolId) }, jsonReqResponseChallenge);\n}\n"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AACA;AAQO,eAAe,mBAAmB,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,iBAAiB,GAAG,EAAE;AAC7G,IAAI,MAAM,EAAE,UAAU,EAAE,gBAAgB,EAAE,GAAG,MAAM;AACnD,IAAI,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB;AAC5C,IAAI,MAAM,cAAc,GAAG,MAAM,iBAAiB,EAAE,iBAAiB,CAAC,QAAQ,CAAC;AAC/E,IAAI,oBAAoB,CAAC,cAAc,CAAC;AACxC,IAAI,MAAM,oBAAoB,GAAG,MAAM,uBAAuB,CAAC,cAAc,CAAC,cAAc,CAAC;AAC7F,IAAI,MAAM,kBAAkB,GAAG;AAC/B,QAAQ,QAAQ,EAAE,QAAQ;AAC1B,QAAQ,KAAK,EAAE,oBAAoB,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;AAClD,QAAQ,UAAU,EAAE,cAAc,CAAC,SAAS;AAC5C,KAAK;AACL,IAAI,MAAM,wBAAwB,GAAG;AACrC,QAAQ,aAAa,EAAE,iBAAiB;AACxC,QAAQ,QAAQ,EAAE,QAAQ;AAC1B,QAAQ,kBAAkB,EAAE,kBAAkB;AAC9C,QAAQ,cAAc,EAAE,cAAc;AACtC,QAAQ,OAAO,EAAE,OAAO;AACxB,KAAK;AACL,IAAI,MAAM,sBAAsB,GAAG,kCAAkC,CAAC;AACtE,QAAQ,gBAAgB,EAAE,qCAAqC,CAAC;AAChE,YAAY,gBAAgB,EAAE,gBAAgB;AAC9C,SAAS,CAAC;AACV,KAAK,CAAC;AACN,IAAI,MAAM,EAAE,mBAAmB,EAAE,4BAA4B,EAAE,OAAO,EAAE,GAAG,MAAM,sBAAsB,CAAC,EAAE,MAAM,EAAE,uBAAuB,CAAC,UAAU,CAAC,EAAE,EAAE,wBAAwB,CAAC;AAClL,IAAI,OAAO,4BAA4B,CAAC,QAAQ,EAAE,4BAA4B,EAAE,cAAc,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,EAAE,iBAAiB,CAAC;AACzJ;AACA,eAAe,4BAA4B,CAAC,QAAQ,EAAE,mBAAmB,EAAE,cAAc,EAAE,OAAO,EAAE,oBAAoB,EAAE,EAAE,UAAU,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,EAAE,iBAAiB,EAAE;AACjM,IAAI,MAAM,cAAc,GAAG,MAAM,iBAAiB,EAAE,iBAAiB,CAAC,QAAQ,CAAC;AAC/E,IAAI,oBAAoB,CAAC,cAAc,CAAC;AACxC,IAAI,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,mBAAmB,EAAE,KAAK,EAAE,EAAE,CAAC;AACvE,IAAI,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,mBAAmB,EAAE,IAAI,EAAE,EAAE,CAAC;AAC9D,IAAI,MAAM,EAAE,SAAS,EAAE,GAAG,cAAc;AACxC,IAAI,MAAM,EAAE,cAAc,EAAE,GAAG,cAAc;AAC7C,IAAI,MAAM,IAAI,GAAG,MAAM,oBAAoB,CAAC,4BAA4B,CAAC;AACzE,QAAQ,QAAQ,EAAE,cAAc,CAAC,SAAS;AAC1C,QAAQ,QAAQ,EAAE,cAAc,CAAC,cAAc;AAC/C,QAAQ,YAAY;AACpB,QAAQ,IAAI;AACZ,KAAK,CAAC;AACN,IAAI,MAAM,OAAO,GAAG,YAAY,EAAE;AAClC,IAAI,MAAM,kBAAkB,GAAG;AAC/B,QAAQ,QAAQ,EAAE,mBAAmB,EAAE,QAAQ,IAAI,QAAQ;AAC3D,QAAQ,2BAA2B,EAAE,mBAAmB,EAAE,YAAY;AACtE,QAAQ,SAAS,EAAE,OAAO;AAC1B,QAAQ,wBAAwB,EAAE,kBAAkB,CAAC;AACrD,YAAY,QAAQ,EAAE,SAAS;AAC/B,YAAY,YAAY,EAAE,cAAc;AACxC,YAAY,mBAAmB;AAC/B,YAAY,OAAO;AACnB,YAAY,IAAI;AAChB,SAAS,CAAC;AACV,QAAQ,UAAU,EAAE,SAAS;AAC7B,KAAK;AACL,IAAI,MAAM,eAAe,GAAG,kBAAkB,CAAC;AAC/C,QAAQ,QAAQ;AAChB,QAAQ,UAAU;AAClB,QAAQ,gBAAgB;AACxB,KAAK,CAAC;AACN,IAAI,MAAM,wBAAwB,GAAG;AACrC,QAAQ,aAAa,EAAE,0BAA0B;AACjD,QAAQ,QAAQ,EAAE,gBAAgB;AAClC,QAAQ,kBAAkB,EAAE,kBAAkB;AAC9C,QAAQ,OAAO,EAAE,OAAO;AACxB,QAAQ,cAAc,EAAE,cAAc;AACtC,QAAQ,eAAe;AACvB,KAAK;AACL,IAAI,MAAM,sBAAsB,GAAG,kCAAkC,CAAC;AACtE,QAAQ,gBAAgB,EAAE,qCAAqC,CAAC;AAChE,YAAY,gBAAgB,EAAE,gBAAgB;AAC9C,SAAS,CAAC;AACV,KAAK,CAAC;AACN,IAAI,OAAO,sBAAsB,CAAC,EAAE,MAAM,EAAE,uBAAuB,CAAC,UAAU,CAAC,EAAE,EAAE,wBAAwB,CAAC;AAC5G;;;;"}