1 | ;
|
2 |
|
3 | Object.defineProperty(exports, "__esModule", {
|
4 | value: true
|
5 | });
|
6 |
|
7 | var _logger = require('./logger');
|
8 |
|
9 | var _logger2 = _interopRequireDefault(_logger);
|
10 |
|
11 | var _util = require('util');
|
12 |
|
13 | var _keyid = require('./keyid');
|
14 |
|
15 | var _httpSignatureParser = require('./http-signature-parser');
|
16 |
|
17 | var _httpSignatureParser2 = _interopRequireDefault(_httpSignatureParser);
|
18 |
|
19 | var _authContext = require('@leisurelink/auth-context');
|
20 |
|
21 | var _request = require('./schemas/request');
|
22 |
|
23 | var _request2 = _interopRequireDefault(_request);
|
24 |
|
25 | var _bluebird = require('bluebird');
|
26 |
|
27 | var _bluebird2 = _interopRequireDefault(_bluebird);
|
28 |
|
29 | var _httpSignature = require('http-signature');
|
30 |
|
31 | var _httpSignature2 = _interopRequireDefault(_httpSignature);
|
32 |
|
33 | var _schemas = require('./schemas');
|
34 |
|
35 | var _trustedBaseSchema = require('./schemas/trusted-base-schema');
|
36 |
|
37 | function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
|
38 |
|
39 | const logger = (0, _logger2.default)('base');
|
40 |
|
41 | function transformForLog(value) {
|
42 | if (_authContext.AuthContext.isContext(value)) {
|
43 | return value.toAuditString();
|
44 | }
|
45 | if (typeof value === 'object' && value !== null) {
|
46 | return (0, _util.inspect)(value, false, 9);
|
47 | }
|
48 | return '' + value;
|
49 | }
|
50 |
|
51 | function checkVerified(auth) {
|
52 | if (!auth.verified) {
|
53 | logger.debug(`Invalid authority; unverifiable: ${ transformForLog(auth) }.`);
|
54 | return null;
|
55 | }
|
56 | return auth;
|
57 | }
|
58 |
|
59 | function checkVerifiedAndNotExpired(auth) {
|
60 | if (!checkVerified(auth)) {
|
61 | return null;
|
62 | }
|
63 | if (auth.isExpired) {
|
64 | logger.debug(`Invalid authority; expired: ${ transformForLog(auth) }.`);
|
65 | return null;
|
66 | }
|
67 | return auth;
|
68 | }
|
69 |
|
70 | const DEFA_LANG = 'en-US';
|
71 | let POSSIBLY_OVERRIDDEN_DEFA_LANG = process.env.AUTH_DEFAULT_LANG || DEFA_LANG;
|
72 |
|
73 | let $keyId = Symbol('keyId');
|
74 | let $lang = Symbol('lang');
|
75 | let $scope = Symbol('scope');
|
76 | let $resolveEndpointKey = Symbol('resolveEndpointKey');
|
77 | let $resolveEndpointClaims = Symbol('resolveEndpointClaims');
|
78 |
|
79 | class TrustedEndpoint {
|
80 | constructor(opts) {
|
81 | const options = (0, _schemas.validate)(opts, _trustedBaseSchema.optionsSchema);
|
82 |
|
83 | this[$lang] = options.lang || POSSIBLY_OVERRIDDEN_DEFA_LANG;
|
84 | this[$scope] = options.scope;
|
85 | this[$keyId] = options.keyId instanceof _keyid.KeyId ? options.keyId : _keyid.KeyId.parse(options.keyId);
|
86 | this[$resolveEndpointKey] = options.resolveEndpointKey;
|
87 | this[$resolveEndpointClaims] = options.resolveEndpointClaims;
|
88 |
|
89 | logger.debug(`new ${ this.constructor.name }({ keyId: '${ this.keyId }', scope = ${ this[$scope] }`);
|
90 | }
|
91 |
|
92 | get keyId() {
|
93 | return this[$keyId];
|
94 | }
|
95 |
|
96 | get lang() {
|
97 | return this[$lang];
|
98 | }
|
99 |
|
100 | verify(token) {
|
101 | let scope = this[$scope];
|
102 | return new _bluebird2.default((resolve, reject) => {
|
103 | scope.verify(token, (err, ctx) => {
|
104 | if (err) reject(err);else resolve(ctx);
|
105 | });
|
106 | });
|
107 | }
|
108 |
|
109 | resolveAndVerifyClaims(keyId) {
|
110 | keyId = keyId instanceof _keyid.KeyId ? keyId : _keyid.KeyId.parse(keyId);
|
111 | return this[$resolveEndpointClaims](this.lang, keyId.principalId).then(token => {
|
112 | logger.debug(`resolved endpoint claims: ${ token }`);
|
113 | return this.verify(token);
|
114 | }).then(checkVerifiedAndNotExpired);
|
115 | }
|
116 |
|
117 | resolveEndpointKey(keyId) {
|
118 | return this[$resolveEndpointKey](this.lang, keyId);
|
119 | }
|
120 |
|
121 | getLocalAuth() {
|
122 | return this.resolveAndVerifyClaims(this.keyId);
|
123 | }
|
124 |
|
125 | getRemoteAuth(request) {
|
126 | (0, _schemas.validate)(request, _request2.default);
|
127 | let self = this;
|
128 | let auth = {};
|
129 | let parser = new _httpSignatureParser2.default(_httpSignature2.default);
|
130 | return new _bluebird2.default((resolve, reject) => {
|
131 | let parsed = parser.parseRequest(request);
|
132 | return this.resolveEndpointKey(parsed.keyId).then(key => parser.verifySignature(parsed, key)).then(parsed => {
|
133 | if (parsed) {
|
134 | return this.resolveAndVerifyClaims(parsed.keyId);
|
135 | }
|
136 | return null;
|
137 | }).then(endpoint => {
|
138 | if (endpoint) {
|
139 | logger.debug(`endpoint authority: ${ endpoint }`);
|
140 | auth.remoteEndpoint = endpoint;
|
141 | }
|
142 | if (request.headers['x-authentic-user']) {
|
143 | logger.debug('X-Authentic-User header contains JWT; verifying user authority...');
|
144 | return self.verify(request.headers['x-authentic-user']).then(checkVerifiedAndNotExpired);
|
145 | }
|
146 | if (parsed.params.jwt) {
|
147 | logger.debug('Signature contains JWT; verifying user authority...');
|
148 | return self.verify(parsed.params.jwt).then(checkVerifiedAndNotExpired);
|
149 | }
|
150 | return null;
|
151 | }).then(user => {
|
152 | if (user) {
|
153 | logger.debug(`user authority: ${ user }`);
|
154 | auth.remoteUser = user;
|
155 | return resolve(auth);
|
156 | }
|
157 | if (request.headers['x-authentic-origin']) {
|
158 | logger.debug('X-Authentic-Origin header contains JWT; verifying originating endpoint authority...');
|
159 | return self.verify(request.headers['x-authentic-origin'])
|
160 | // be more lax with the expiration on originating endpoint, since it could take some time for messaging to flow through the system
|
161 | .then(checkVerified);
|
162 | }
|
163 | return null;
|
164 | }).then(originatingEndpoint => {
|
165 | if (originatingEndpoint) {
|
166 | logger.debug(`originatingEndpoint: ${ originatingEndpoint }`);
|
167 | auth.originatingEndpoint = originatingEndpoint;
|
168 | }
|
169 | return resolve(auth);
|
170 | }).catch(e => reject(e));
|
171 | });
|
172 | }
|
173 | }
|
174 |
|
175 | exports.default = TrustedEndpoint;
|
176 | module.exports = exports['default'];
|
177 | //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIi4uL2xpYi90cnVzdGVkLWVuZHBvaW50LWJhc2UuanMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBQUE7Ozs7QUFDQTs7QUFDQTs7QUFDQTs7OztBQUNBOztBQUNBOzs7O0FBQ0E7Ozs7QUFDQTs7OztBQUVBOztBQUNBOzs7O0FBRUEsTUFBTSxTQUFTLHNCQUFhLE1BQWIsQ0FBVDs7QUFFTixTQUFTLGVBQVQsQ0FBeUIsS0FBekIsRUFBZ0M7QUFDOUIsTUFBSSx5QkFBWSxTQUFaLENBQXNCLEtBQXRCLENBQUosRUFBa0M7QUFDaEMsV0FBTyxNQUFNLGFBQU4sRUFBUCxDQURnQztHQUFsQztBQUdBLE1BQUksT0FBTyxLQUFQLEtBQWtCLFFBQWxCLElBQThCLFVBQVUsSUFBVixFQUFnQjtBQUNoRCxXQUFPLG1CQUFRLEtBQVIsRUFBZSxLQUFmLEVBQXNCLENBQXRCLENBQVAsQ0FEZ0Q7R0FBbEQ7QUFHQSxTQUFPLEtBQUssS0FBTCxDQVB1QjtDQUFoQzs7QUFVQSxTQUFTLGFBQVQsQ0FBdUIsSUFBdkIsRUFBNkI7QUFDM0IsTUFBSSxDQUFDLEtBQUssUUFBTCxFQUFlO0FBQ2xCLFdBQU8sS0FBUCxDQUFhLENBQUMsaUNBQUQsR0FBb0MsZ0JBQWdCLElBQWhCLENBQXBDLEVBQTBELENBQTFELENBQWIsRUFEa0I7QUFFbEIsV0FBTyxJQUFQLENBRmtCO0dBQXBCO0FBSUEsU0FBTyxJQUFQLENBTDJCO0NBQTdCOztBQVFBLFNBQVMsMEJBQVQsQ0FBb0MsSUFBcEMsRUFBMEM7QUFDeEMsTUFBSSxDQUFDLGNBQWMsSUFBZCxDQUFELEVBQXFCO0FBQ3ZCLFdBQU8sSUFBUCxDQUR1QjtHQUF6QjtBQUdBLE1BQUksS0FBSyxTQUFMLEVBQWdCO0FBQ2xCLFdBQU8sS0FBUCxDQUFhLENBQUMsNEJBQUQsR0FBK0IsZ0JBQWdCLElBQWhCLENBQS9CLEVBQXFELENBQXJELENBQWIsRUFEa0I7QUFFbEIsV0FBTyxJQUFQLENBRmtCO0dBQXBCO0FBSUEsU0FBTyxJQUFQLENBUndDO0NBQTFDOztBQVdBLE1BQU0sWUFBWSxPQUFaO0FBQ04sSUFBSSxnQ0FBZ0MsUUFBUSxHQUFSLENBQVksaUJBQVosSUFBaUMsU0FBakM7O0FBRXBDLElBQUksU0FBUyxPQUFPLE9BQVAsQ0FBVDtBQUNKLElBQUksUUFBUSxPQUFPLE1BQVAsQ0FBUjtBQUNKLElBQUksU0FBUyxPQUFPLE9BQVAsQ0FBVDtBQUNKLElBQUksc0JBQXNCLE9BQU8sb0JBQVAsQ0FBdEI7QUFDSixJQUFJLHlCQUF5QixPQUFPLHVCQUFQLENBQXpCOztBQUVKLE1BQU0sZUFBTixDQUFzQjtBQUNwQixjQUFZLElBQVosRUFBa0I7QUFDaEIsVUFBTSxVQUFVLHVCQUFTLElBQVQsbUNBQVYsQ0FEVTs7QUFHaEIsU0FBSyxLQUFMLElBQWMsUUFBUSxJQUFSLElBQWdCLDZCQUFoQixDQUhFO0FBSWhCLFNBQUssTUFBTCxJQUFlLFFBQVEsS0FBUixDQUpDO0FBS2hCLFNBQUssTUFBTCxJQUFlLE9BQUMsQ0FBUSxLQUFSLHdCQUFELEdBQW1DLFFBQVEsS0FBUixHQUFnQixhQUFNLEtBQU4sQ0FBWSxRQUFRLEtBQVIsQ0FBL0QsQ0FMQztBQU1oQixTQUFLLG1CQUFMLElBQTRCLFFBQVEsa0JBQVIsQ0FOWjtBQU9oQixTQUFLLHNCQUFMLElBQStCLFFBQVEscUJBQVIsQ0FQZjs7QUFTaEIsV0FBTyxLQUFQLENBQWEsQ0FBQyxJQUFELEdBQU8sS0FBSyxXQUFMLENBQWlCLElBQWpCLEVBQXNCLFdBQTdCLEdBQTBDLEtBQUssS0FBTCxFQUFXLFdBQXJELEdBQWtFLEtBQUssTUFBTCxDQUFsRSxFQUErRSxDQUE1RixFQVRnQjtHQUFsQjs7QUFZQSxNQUFJLEtBQUosR0FBWTtBQUNWLFdBQU8sS0FBSyxNQUFMLENBQVAsQ0FEVTtHQUFaOztBQUlBLE1BQUksSUFBSixHQUFXO0FBQ1QsV0FBTyxLQUFLLEtBQUwsQ0FBUCxDQURTO0dBQVg7O0FBSUEsU0FBTyxLQUFQLEVBQWM7QUFDWixRQUFJLFFBQVEsS0FBSyxNQUFMLENBQVIsQ0FEUTtBQUVaLFdBQU8sdUJBQ0wsQ0FBQyxPQUFELEVBQVUsTUFBVixLQUFxQjtBQUNuQixZQUFNLE1BQU4sQ0FBYSxLQUFiLEVBQW9CLENBQUMsR0FBRCxFQUFNLEdBQU4sS0FBYztBQUNoQyxZQUFJLEdBQUosRUFBUyxPQUFPLEdBQVAsRUFBVCxLQUNLLFFBQVEsR0FBUixFQURMO09BRGtCLENBQXBCLENBRG1CO0tBQXJCLENBREYsQ0FGWTtHQUFkOztBQVdBLHlCQUF1QixLQUF2QixFQUE4QjtBQUM1QixZQUFRLEtBQUMsd0JBQUQsR0FBMkIsS0FBM0IsR0FBbUMsYUFBTSxLQUFOLENBQVksS0FBWixDQUFuQyxDQURvQjtBQUU1QixXQUFPLEtBQUssc0JBQUwsRUFBNkIsS0FBSyxJQUFMLEVBQVcsTUFBTSxXQUFOLENBQXhDLENBQ0osSUFESSxDQUNDLFNBQVM7QUFDYixhQUFPLEtBQVAsQ0FBYSxDQUFDLDBCQUFELEdBQTZCLEtBQTdCLEVBQW1DLENBQWhELEVBRGE7QUFFYixhQUFPLEtBQUssTUFBTCxDQUFZLEtBQVosQ0FBUCxDQUZhO0tBQVQsQ0FERCxDQUtKLElBTEksQ0FLQywwQkFMRCxDQUFQLENBRjRCO0dBQTlCOztBQVVBLHFCQUFtQixLQUFuQixFQUEwQjtBQUN4QixXQUFPLEtBQUssbUJBQUwsRUFBMEIsS0FBSyxJQUFMLEVBQVcsS0FBckMsQ0FBUCxDQUR3QjtHQUExQjs7QUFJQSxpQkFBZTtBQUNiLFdBQU8sS0FBSyxzQkFBTCxDQUE0QixLQUFLLEtBQUwsQ0FBbkMsQ0FEYTtHQUFmOztBQUlBLGdCQUFjLE9BQWQsRUFBdUI7QUFDckIsMkJBQVMsT0FBVCxxQkFEcUI7QUFFckIsUUFBSSxPQUFPLElBQVAsQ0FGaUI7QUFHckIsUUFBSSxPQUFPLEVBQVAsQ0FIaUI7QUFJckIsUUFBSSxTQUFTLDBEQUFULENBSmlCO0FBS3JCLFdBQU8sdUJBQVksQ0FBQyxPQUFELEVBQVUsTUFBVixLQUFvQjtBQUNyQyxVQUFJLFNBQVMsT0FBTyxZQUFQLENBQW9CLE9BQXBCLENBQVQsQ0FEaUM7QUFFckMsYUFBTyxLQUFLLGtCQUFMLENBQXdCLE9BQU8sS0FBUCxDQUF4QixDQUNKLElBREksQ0FDQyxPQUFPLE9BQU8sZUFBUCxDQUF1QixNQUF2QixFQUErQixHQUEvQixDQUFQLENBREQsQ0FFSixJQUZJLENBRUMsVUFBVTtBQUNkLFlBQUksTUFBSixFQUFZO0FBQ1YsaUJBQU8sS0FBSyxzQkFBTCxDQUE0QixPQUFPLEtBQVAsQ0FBbkMsQ0FEVTtTQUFaO0FBR0EsZUFBTyxJQUFQLENBSmM7T0FBVixDQUZELENBUUosSUFSSSxDQVFDLFlBQVk7QUFDaEIsWUFBSSxRQUFKLEVBQWM7QUFDWixpQkFBTyxLQUFQLENBQWEsQ0FBQyxvQkFBRCxHQUF1QixRQUF2QixFQUFnQyxDQUE3QyxFQURZO0FBRVosZUFBSyxjQUFMLEdBQXNCLFFBQXRCLENBRlk7U0FBZDtBQUlBLFlBQUksUUFBUSxPQUFSLENBQWdCLGtCQUFoQixDQUFKLEVBQXlDO0FBQ3ZDLGlCQUFPLEtBQVAsQ0FBYSxtRUFBYixFQUR1QztBQUV2QyxpQkFBTyxLQUFLLE1BQUwsQ0FBWSxRQUFRLE9BQVIsQ0FBZ0Isa0JBQWhCLENBQVosRUFDSixJQURJLENBQ0MsMEJBREQsQ0FBUCxDQUZ1QztTQUF6QztBQUtBLFlBQUksT0FBTyxNQUFQLENBQWMsR0FBZCxFQUFtQjtBQUNyQixpQkFBTyxLQUFQLENBQWEscURBQWIsRUFEcUI7QUFFckIsaUJBQU8sS0FBSyxNQUFMLENBQVksT0FBTyxNQUFQLENBQWMsR0FBZCxDQUFaLENBQ0osSUFESSxDQUNDLDBCQURELENBQVAsQ0FGcUI7U0FBdkI7QUFLQSxlQUFPLElBQVAsQ0FmZ0I7T0FBWixDQVJELENBd0JGLElBeEJFLENBd0JHLFFBQVE7QUFDZCxZQUFJLElBQUosRUFBVTtBQUNSLGlCQUFPLEtBQVAsQ0FBYSxDQUFDLGdCQUFELEdBQW1CLElBQW5CLEVBQXdCLENBQXJDLEVBRFE7QUFFUixlQUFLLFVBQUwsR0FBa0IsSUFBbEIsQ0FGUTtBQUdSLGlCQUFPLFFBQVEsSUFBUixDQUFQLENBSFE7U0FBVjtBQUtBLFlBQUksUUFBUSxPQUFSLENBQWdCLG9CQUFoQixDQUFKLEVBQTJDO0FBQ3pDLGlCQUFPLEtBQVAsQ0FBYSxxRkFBYixFQUR5QztBQUV6QyxpQkFBTyxLQUFLLE1BQUwsQ0FBWSxRQUFRLE9BQVIsQ0FBZ0Isb0JBQWhCLENBQVo7O1dBRUosSUFGSSxDQUVDLGFBRkQsQ0FBUCxDQUZ5QztTQUEzQztBQU1BLGVBQU8sSUFBUCxDQVpjO09BQVIsQ0F4QkgsQ0FxQ0YsSUFyQ0UsQ0FxQ0csdUJBQXVCO0FBQzdCLFlBQUksbUJBQUosRUFBeUI7QUFDdkIsaUJBQU8sS0FBUCxDQUFhLENBQUMscUJBQUQsR0FBd0IsbUJBQXhCLEVBQTRDLENBQXpELEVBRHVCO0FBRXZCLGVBQUssbUJBQUwsR0FBMkIsbUJBQTNCLENBRnVCO1NBQXpCO0FBSUEsZUFBTyxRQUFRLElBQVIsQ0FBUCxDQUw2QjtPQUF2QixDQXJDSCxDQTRDSixLQTVDSSxDQTRDRSxLQUFLLE9BQU8sQ0FBUCxDQUFMLENBNUNULENBRnFDO0tBQXBCLENBQW5CLENBTHFCO0dBQXZCO0NBbERGOztrQkEyR2UiLCJmaWxlIjoidHJ1c3RlZC1lbmRwb2ludC1iYXNlLmpzIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IGNyZWF0ZUxvZ2dlciBmcm9tICcuL2xvZ2dlcic7XG5pbXBvcnQgeyBpbnNwZWN0IH0gZnJvbSAndXRpbCc7XG5pbXBvcnQgeyBLZXlJZCB9IGZyb20gJy4va2V5aWQnO1xuaW1wb3J0IFNpZ1BhcnNlciBmcm9tICcuL2h0dHAtc2lnbmF0dXJlLXBhcnNlcic7XG5pbXBvcnQgeyBBdXRoQ29udGV4dCB9IGZyb20gJ0BsZWlzdXJlbGluay9hdXRoLWNvbnRleHQnO1xuaW1wb3J0IHJlcXVlc3RTY2hlbWEgZnJvbSAnLi9zY2hlbWFzL3JlcXVlc3QnO1xuaW1wb3J0IFByb21pc2UgZnJvbSAnYmx1ZWJpcmQnO1xuaW1wb3J0IEh0dHBTaWcgZnJvbSAnaHR0cC1zaWduYXR1cmUnO1xuXG5pbXBvcnQgeyB2YWxpZGF0ZSB9IGZyb20gJy4vc2NoZW1hcyc7XG5pbXBvcnQgeyBvcHRpb25zU2NoZW1hIH0gZnJvbSAnLi9zY2hlbWFzL3RydXN0ZWQtYmFzZS1zY2hlbWEnO1xuXG5jb25zdCBsb2dnZXIgPSBjcmVhdGVMb2dnZXIoJ2Jhc2UnKTtcblxuZnVuY3Rpb24gdHJhbnNmb3JtRm9yTG9nKHZhbHVlKSB7XG4gIGlmIChBdXRoQ29udGV4dC5pc0NvbnRleHQodmFsdWUpKSB7XG4gICAgcmV0dXJuIHZhbHVlLnRvQXVkaXRTdHJpbmcoKTtcbiAgfVxuICBpZiAodHlwZW9mKHZhbHVlKSA9PT0gJ29iamVjdCcgJiYgdmFsdWUgIT09IG51bGwpIHtcbiAgICByZXR1cm4gaW5zcGVjdCh2YWx1ZSwgZmFsc2UsIDkpO1xuICB9XG4gIHJldHVybiAnJyArIHZhbHVlO1xufVxuXG5mdW5jdGlvbiBjaGVja1ZlcmlmaWVkKGF1dGgpIHtcbiAgaWYgKCFhdXRoLnZlcmlmaWVkKSB7XG4gICAgbG9nZ2VyLmRlYnVnKGBJbnZhbGlkIGF1dGhvcml0eTsgdW52ZXJpZmlhYmxlOiAke3RyYW5zZm9ybUZvckxvZyhhdXRoKX0uYCk7XG4gICAgcmV0dXJuIG51bGw7XG4gIH1cbiAgcmV0dXJuIGF1dGg7XG59XG5cbmZ1bmN0aW9uIGNoZWNrVmVyaWZpZWRBbmROb3RFeHBpcmVkKGF1dGgpIHtcbiAgaWYgKCFjaGVja1ZlcmlmaWVkKGF1dGgpKXtcbiAgICByZXR1cm4gbnVsbDtcbiAgfVxuICBpZiAoYXV0aC5pc0V4cGlyZWQpIHtcbiAgICBsb2dnZXIuZGVidWcoYEludmFsaWQgYXV0aG9yaXR5OyBleHBpcmVkOiAke3RyYW5zZm9ybUZvckxvZyhhdXRoKX0uYCk7XG4gICAgcmV0dXJuIG51bGw7XG4gIH1cbiAgcmV0dXJuIGF1dGg7XG59XG5cbmNvbnN0IERFRkFfTEFORyA9ICdlbi1VUyc7XG5sZXQgUE9TU0lCTFlfT1ZFUlJJRERFTl9ERUZBX0xBTkcgPSBwcm9jZXNzLmVudi5BVVRIX0RFRkFVTFRfTEFORyB8fCBERUZBX0xBTkc7XG5cbmxldCAka2V5SWQgPSBTeW1ib2woJ2tleUlkJyk7XG5sZXQgJGxhbmcgPSBTeW1ib2woJ2xhbmcnKTtcbmxldCAkc2NvcGUgPSBTeW1ib2woJ3Njb3BlJyk7XG5sZXQgJHJlc29sdmVFbmRwb2ludEtleSA9IFN5bWJvbCgncmVzb2x2ZUVuZHBvaW50S2V5Jyk7XG5sZXQgJHJlc29sdmVFbmRwb2ludENsYWltcyA9IFN5bWJvbCgncmVzb2x2ZUVuZHBvaW50Q2xhaW1zJyk7XG5cbmNsYXNzIFRydXN0ZWRFbmRwb2ludCB7XG4gIGNvbnN0cnVjdG9yKG9wdHMpIHtcbiAgICBjb25zdCBvcHRpb25zID0gdmFsaWRhdGUob3B0cywgb3B0aW9uc1NjaGVtYSk7XG5cbiAgICB0aGlzWyRsYW5nXSA9IG9wdGlvbnMubGFuZyB8fCBQT1NTSUJMWV9PVkVSUklEREVOX0RFRkFfTEFORztcbiAgICB0aGlzWyRzY29wZV0gPSBvcHRpb25zLnNjb3BlO1xuICAgIHRoaXNbJGtleUlkXSA9IChvcHRpb25zLmtleUlkIGluc3RhbmNlb2YgS2V5SWQpID8gb3B0aW9ucy5rZXlJZCA6IEtleUlkLnBhcnNlKG9wdGlvbnMua2V5SWQpO1xuICAgIHRoaXNbJHJlc29sdmVFbmRwb2ludEtleV0gPSBvcHRpb25zLnJlc29sdmVFbmRwb2ludEtleTtcbiAgICB0aGlzWyRyZXNvbHZlRW5kcG9pbnRDbGFpbXNdID0gb3B0aW9ucy5yZXNvbHZlRW5kcG9pbnRDbGFpbXM7XG5cbiAgICBsb2dnZXIuZGVidWcoYG5ldyAke3RoaXMuY29uc3RydWN0b3IubmFtZX0oeyBrZXlJZDogJyR7dGhpcy5rZXlJZH0nLCBzY29wZSA9ICR7dGhpc1skc2NvcGVdfWApO1xuICB9XG5cbiAgZ2V0IGtleUlkKCkge1xuICAgIHJldHVybiB0aGlzWyRrZXlJZF07XG4gIH1cblxuICBnZXQgbGFuZygpIHtcbiAgICByZXR1cm4gdGhpc1skbGFuZ107XG4gIH1cblxuICB2ZXJpZnkodG9rZW4pIHtcbiAgICBsZXQgc2NvcGUgPSB0aGlzWyRzY29wZV07XG4gICAgcmV0dXJuIG5ldyBQcm9taXNlKFxuICAgICAgKHJlc29sdmUsIHJlamVjdCkgPT4ge1xuICAgICAgICBzY29wZS52ZXJpZnkodG9rZW4sIChlcnIsIGN0eCkgPT4ge1xuICAgICAgICAgIGlmIChlcnIpIHJlamVjdChlcnIpO1xuICAgICAgICAgIGVsc2UgcmVzb2x2ZShjdHgpO1xuICAgICAgICB9KTtcbiAgICAgIH0pO1xuICB9XG5cbiAgcmVzb2x2ZUFuZFZlcmlmeUNsYWltcyhrZXlJZCkge1xuICAgIGtleUlkID0gKGtleUlkIGluc3RhbmNlb2YgS2V5SWQpID8ga2V5SWQgOiBLZXlJZC5wYXJzZShrZXlJZCk7XG4gICAgcmV0dXJuIHRoaXNbJHJlc29sdmVFbmRwb2ludENsYWltc10odGhpcy5sYW5nLCBrZXlJZC5wcmluY2lwYWxJZClcbiAgICAgIC50aGVuKHRva2VuID0+IHtcbiAgICAgICAgbG9nZ2VyLmRlYnVnKGByZXNvbHZlZCBlbmRwb2ludCBjbGFpbXM6ICR7dG9rZW59YCk7XG4gICAgICAgIHJldHVybiB0aGlzLnZlcmlmeSh0b2tlbik7XG4gICAgICB9KVxuICAgICAgLnRoZW4oY2hlY2tWZXJpZmllZEFuZE5vdEV4cGlyZWQpO1xuICB9XG5cbiAgcmVzb2x2ZUVuZHBvaW50S2V5KGtleUlkKSB7XG4gICAgcmV0dXJuIHRoaXNbJHJlc29sdmVFbmRwb2ludEtleV0odGhpcy5sYW5nLCBrZXlJZCk7XG4gIH1cblxuICBnZXRMb2NhbEF1dGgoKSB7XG4gICAgcmV0dXJuIHRoaXMucmVzb2x2ZUFuZFZlcmlmeUNsYWltcyh0aGlzLmtleUlkKTtcbiAgfVxuXG4gIGdldFJlbW90ZUF1dGgocmVxdWVzdCkge1xuICAgIHZhbGlkYXRlKHJlcXVlc3QsIHJlcXVlc3RTY2hlbWEpO1xuICAgIGxldCBzZWxmID0gdGhpcztcbiAgICBsZXQgYXV0aCA9IHt9O1xuICAgIGxldCBwYXJzZXIgPSBuZXcgU2lnUGFyc2VyKEh0dHBTaWcpO1xuICAgIHJldHVybiBuZXcgUHJvbWlzZSgocmVzb2x2ZSwgcmVqZWN0KSA9PntcbiAgICAgIGxldCBwYXJzZWQgPSBwYXJzZXIucGFyc2VSZXF1ZXN0KHJlcXVlc3QpO1xuICAgICAgcmV0dXJuIHRoaXMucmVzb2x2ZUVuZHBvaW50S2V5KHBhcnNlZC5rZXlJZClcbiAgICAgICAgLnRoZW4oa2V5ID0+IHBhcnNlci52ZXJpZnlTaWduYXR1cmUocGFyc2VkLCBrZXkpKVxuICAgICAgICAudGhlbihwYXJzZWQgPT4ge1xuICAgICAgICAgIGlmIChwYXJzZWQpIHtcbiAgICAgICAgICAgIHJldHVybiB0aGlzLnJlc29sdmVBbmRWZXJpZnlDbGFpbXMocGFyc2VkLmtleUlkKTtcbiAgICAgICAgICB9XG4gICAgICAgICAgcmV0dXJuIG51bGw7XG4gICAgICAgIH0pXG4gICAgICAgIC50aGVuKGVuZHBvaW50ID0+IHtcbiAgICAgICAgICBpZiAoZW5kcG9pbnQpIHtcbiAgICAgICAgICAgIGxvZ2dlci5kZWJ1ZyhgZW5kcG9pbnQgYXV0aG9yaXR5OiAke2VuZHBvaW50fWApO1xuICAgICAgICAgICAgYXV0aC5yZW1vdGVFbmRwb2ludCA9IGVuZHBvaW50O1xuICAgICAgICAgIH1cbiAgICAgICAgICBpZiAocmVxdWVzdC5oZWFkZXJzWyd4LWF1dGhlbnRpYy11c2VyJ10pIHtcbiAgICAgICAgICAgIGxvZ2dlci5kZWJ1ZygnWC1BdXRoZW50aWMtVXNlciBoZWFkZXIgY29udGFpbnMgSldUOyB2ZXJpZnlpbmcgdXNlciBhdXRob3JpdHkuLi4nKTtcbiAgICAgICAgICAgIHJldHVybiBzZWxmLnZlcmlmeShyZXF1ZXN0LmhlYWRlcnNbJ3gtYXV0aGVudGljLXVzZXInXSlcbiAgICAgICAgICAgICAgLnRoZW4oY2hlY2tWZXJpZmllZEFuZE5vdEV4cGlyZWQpO1xuICAgICAgICAgIH1cbiAgICAgICAgICBpZiAocGFyc2VkLnBhcmFtcy5qd3QpIHtcbiAgICAgICAgICAgIGxvZ2dlci5kZWJ1ZygnU2lnbmF0dXJlIGNvbnRhaW5zIEpXVDsgdmVyaWZ5aW5nIHVzZXIgYXV0aG9yaXR5Li4uJyk7XG4gICAgICAgICAgICByZXR1cm4gc2VsZi52ZXJpZnkocGFyc2VkLnBhcmFtcy5qd3QpXG4gICAgICAgICAgICAgIC50aGVuKGNoZWNrVmVyaWZpZWRBbmROb3RFeHBpcmVkKTtcbiAgICAgICAgICB9XG4gICAgICAgICAgcmV0dXJuIG51bGw7XG4gICAgICAgIH0pLnRoZW4odXNlciA9PiB7XG4gICAgICAgICAgaWYgKHVzZXIpIHtcbiAgICAgICAgICAgIGxvZ2dlci5kZWJ1ZyhgdXNlciBhdXRob3JpdHk6ICR7dXNlcn1gKTtcbiAgICAgICAgICAgIGF1dGgucmVtb3RlVXNlciA9IHVzZXI7XG4gICAgICAgICAgICByZXR1cm4gcmVzb2x2ZShhdXRoKTtcbiAgICAgICAgICB9XG4gICAgICAgICAgaWYgKHJlcXVlc3QuaGVhZGVyc1sneC1hdXRoZW50aWMtb3JpZ2luJ10pIHtcbiAgICAgICAgICAgIGxvZ2dlci5kZWJ1ZygnWC1BdXRoZW50aWMtT3JpZ2luIGhlYWRlciBjb250YWlucyBKV1Q7IHZlcmlmeWluZyBvcmlnaW5hdGluZyBlbmRwb2ludCBhdXRob3JpdHkuLi4nKTtcbiAgICAgICAgICAgIHJldHVybiBzZWxmLnZlcmlmeShyZXF1ZXN0LmhlYWRlcnNbJ3gtYXV0aGVudGljLW9yaWdpbiddKVxuICAgICAgICAgICAgICAvLyBiZSBtb3JlIGxheCB3aXRoIHRoZSBleHBpcmF0aW9uIG9uIG9yaWdpbmF0aW5nIGVuZHBvaW50LCBzaW5jZSBpdCBjb3VsZCB0YWtlIHNvbWUgdGltZSBmb3IgbWVzc2FnaW5nIHRvIGZsb3cgdGhyb3VnaCB0aGUgc3lzdGVtXG4gICAgICAgICAgICAgIC50aGVuKGNoZWNrVmVyaWZpZWQpO1xuICAgICAgICAgIH1cbiAgICAgICAgICByZXR1cm4gbnVsbDtcbiAgICAgICAgfSkudGhlbihvcmlnaW5hdGluZ0VuZHBvaW50ID0+IHtcbiAgICAgICAgICBpZiAob3JpZ2luYXRpbmdFbmRwb2ludCkge1xuICAgICAgICAgICAgbG9nZ2VyLmRlYnVnKGBvcmlnaW5hdGluZ0VuZHBvaW50OiAke29yaWdpbmF0aW5nRW5kcG9pbnR9YCk7XG4gICAgICAgICAgICBhdXRoLm9yaWdpbmF0aW5nRW5kcG9pbnQgPSBvcmlnaW5hdGluZ0VuZHBvaW50O1xuICAgICAgICAgIH1cbiAgICAgICAgICByZXR1cm4gcmVzb2x2ZShhdXRoKTtcbiAgICAgICAgfSlcbiAgICAgICAgLmNhdGNoKGUgPT4gcmVqZWN0KGUpKTtcbiAgICB9KTtcblxuICB9XG59XG5cbmV4cG9ydCBkZWZhdWx0IFRydXN0ZWRFbmRwb2ludDtcbiJdfQ== |
\ | No newline at end of file |