"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.resolveSigV4AuthConfig = exports.resolveAwsAuthConfig = void 0; const property_provider_1 = require("@aws-sdk/property-provider"); const signature_v4_1 = require("@aws-sdk/signature-v4"); const util_middleware_1 = require("@aws-sdk/util-middleware"); const CREDENTIAL_EXPIRE_WINDOW = 300000; const resolveAwsAuthConfig = (input) => { const normalizedCreds = input.credentials ? normalizeCredentialProvider(input.credentials) : input.credentialDefaultProvider(input); const { signingEscapePath = true, systemClockOffset = input.systemClockOffset || 0, sha256 } = input; let signer; if (input.signer) { signer = (0, util_middleware_1.normalizeProvider)(input.signer); } else if (input.regionInfoProvider) { signer = () => (0, util_middleware_1.normalizeProvider)(input.region)() .then(async (region) => [ (await input.regionInfoProvider(region, { useFipsEndpoint: await input.useFipsEndpoint(), useDualstackEndpoint: await input.useDualstackEndpoint(), })) || {}, region, ]) .then(([regionInfo, region]) => { const { signingRegion, signingService } = regionInfo; input.signingRegion = input.signingRegion || signingRegion || region; input.signingName = input.signingName || signingService || input.serviceId; const params = { ...input, credentials: normalizedCreds, region: input.signingRegion, service: input.signingName, sha256, uriEscapePath: signingEscapePath, }; const SignerCtor = input.signerConstructor || signature_v4_1.SignatureV4; return new SignerCtor(params); }); } else { signer = async (authScheme) => { authScheme = Object.assign({}, { name: "sigv4", signingName: input.signingName || input.defaultSigningName, signingRegion: await (0, util_middleware_1.normalizeProvider)(input.region)(), properties: {}, }, authScheme); const signingRegion = authScheme.signingRegion; const signingService = authScheme.signingName; input.signingRegion = input.signingRegion || signingRegion; input.signingName = input.signingName || signingService || input.serviceId; const params = { ...input, credentials: normalizedCreds, region: input.signingRegion, service: input.signingName, sha256, uriEscapePath: signingEscapePath, }; const SignerCtor = input.signerConstructor || signature_v4_1.SignatureV4; return new SignerCtor(params); }; } return { ...input, systemClockOffset, signingEscapePath, credentials: normalizedCreds, signer, }; }; exports.resolveAwsAuthConfig = resolveAwsAuthConfig; const resolveSigV4AuthConfig = (input) => { const normalizedCreds = input.credentials ? normalizeCredentialProvider(input.credentials) : input.credentialDefaultProvider(input); const { signingEscapePath = true, systemClockOffset = input.systemClockOffset || 0, sha256 } = input; let signer; if (input.signer) { signer = (0, util_middleware_1.normalizeProvider)(input.signer); } else { signer = (0, util_middleware_1.normalizeProvider)(new signature_v4_1.SignatureV4({ credentials: normalizedCreds, region: input.region, service: input.signingName, sha256, uriEscapePath: signingEscapePath, })); } return { ...input, systemClockOffset, signingEscapePath, credentials: normalizedCreds, signer, }; }; exports.resolveSigV4AuthConfig = resolveSigV4AuthConfig; const normalizeCredentialProvider = (credentials) => { if (typeof credentials === "function") { return (0, property_provider_1.memoize)(credentials, (credentials) => credentials.expiration !== undefined && credentials.expiration.getTime() - Date.now() < CREDENTIAL_EXPIRE_WINDOW, (credentials) => credentials.expiration !== undefined); } return (0, util_middleware_1.normalizeProvider)(credentials); };