UNPKG

@aws-solutions-constructs/aws-cloudfront-s3

Version:

CDK Constructs for AWS Cloudfront to AWS S3 integration.

github.com/awslabs/aws-solutions-constructs

awslabs/aws-solutions-constructs

126 lines • 25.3 kB

JavaScript

"use strict"; var _a; Object.defineProperty(exports, "__esModule", { value: true }); exports.CloudFrontToS3 = void 0; const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti"); /** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance * with the License. A copy of the License is located at * * http://www.apache.org/licenses/LICENSE-2.0 * * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions * and limitations under the License. */ const aws_cdk_lib_1 = require("aws-cdk-lib"); const iam = require("aws-cdk-lib/aws-iam"); const defaults = require("@aws-solutions-constructs/core"); const resources = require("@aws-solutions-constructs/resources"); // Note: To ensure CDKv2 compatibility, keep the import statement for Construct separate const constructs_1 = require("constructs"); class CloudFrontToS3 extends constructs_1.Construct { /** * @summary Constructs a new instance of the CloudFrontToS3 class. * @param {Construct} scope - represents the scope for all the resources. * @param {string} id - this is a a scope-unique id. * @param {CloudFrontToS3Props} props - user provided props for the construct * @since 0.8.0 * @access public */ constructor(scope, id, props) { super(scope, id); // All our tests are based upon this behavior being on, so we're setting // context here rather than assuming the client will set it this.node.setContext("@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy", true); defaults.CheckS3Props(props); defaults.CheckCloudFrontProps(props); defaults.CheckCloudfrontS3Props(props); let originBucket; if (!props.existingBucketObj) { const buildS3BucketResponse = defaults.buildS3Bucket(this, { bucketProps: props.bucketProps, loggingBucketProps: props.loggingBucketProps, logS3AccessLogs: props.logS3AccessLogs }); this.s3Bucket = buildS3BucketResponse.bucket; this.s3LoggingBucket = buildS3BucketResponse.loggingBucket; originBucket = this.s3Bucket; } else { originBucket = props.existingBucketObj; } this.s3BucketInterface = originBucket; // Define the CloudFront Distribution const cloudFrontDistributionForS3Props = { sourceBucket: this.s3BucketInterface, cloudFrontDistributionProps: props.cloudFrontDistributionProps, httpSecurityHeaders: props.insertHttpSecurityHeaders, cloudFrontLoggingBucketProps: props.cloudFrontLoggingBucketProps, responseHeadersPolicyProps: props.responseHeadersPolicyProps, cloudFrontLoggingBucketS3AccessLogBucketProps: props.cloudFrontLoggingBucketAccessLogBucketProps, logCloudFrontAccessLog: props.logCloudFrontAccessLog }; const cloudFrontDistributionForS3Response = defaults.createCloudFrontDistributionForS3(this, id, cloudFrontDistributionForS3Props); this.cloudFrontWebDistribution = cloudFrontDistributionForS3Response.distribution; this.cloudFrontFunction = cloudFrontDistributionForS3Response.cloudfrontFunction; this.cloudFrontLoggingBucket = cloudFrontDistributionForS3Response.loggingBucket; this.originAccessControl = cloudFrontDistributionForS3Response.originAccessControl; this.cloudFrontLoggingBucketAccessLogBucket = cloudFrontDistributionForS3Response.loggingBucketS3AccesssLogBucket; // Attach the OriginAccessControl to the CloudFront Distribution, and remove the OriginAccessIdentity const l1CloudFrontDistribution = this.cloudFrontWebDistribution.node.defaultChild; l1CloudFrontDistribution.addPropertyOverride('DistributionConfig.Origins.0.OriginAccessControlId', this.originAccessControl?.attrId); if (props.originPath) { l1CloudFrontDistribution.addPropertyOverride('DistributionConfig.Origins.0.OriginPath', props.originPath); } // Grant CloudFront permission to get the objects from the s3 bucket origin originBucket.addToResourcePolicy(new iam.PolicyStatement({ effect: iam.Effect.ALLOW, actions: ['s3:GetObject'], principals: [new iam.ServicePrincipal('cloudfront.amazonaws.com')], resources: [originBucket.arnForObjects('*')], conditions: { StringEquals: { 'AWS:SourceArn': `arn:${aws_cdk_lib_1.Aws.PARTITION}:cloudfront::${aws_cdk_lib_1.Aws.ACCOUNT_ID}:distribution/${this.cloudFrontWebDistribution.distributionId}` } } })); originBucket.addToResourcePolicy(new iam.PolicyStatement({ effect: iam.Effect.ALLOW, actions: ['s3:ListBucket'], principals: [new iam.ServicePrincipal('cloudfront.amazonaws.com')], resources: [originBucket.bucketArn], conditions: { StringEquals: { 'AWS:SourceArn': `arn:${aws_cdk_lib_1.Aws.PARTITION}:cloudfront::${aws_cdk_lib_1.Aws.ACCOUNT_ID}:distribution/${this.cloudFrontWebDistribution.distributionId}` } } })); // We need to create a custom resource to introduce the indirection necessary to avoid // a circular dependency when granting the CloudFront distribution access to use the // KMS key to decrypt objects. Without this indirection, it is not possible to reference // the CloudFront distribution ID in the KMS key policy because - // * The S3 bucket references the KMS key // * The CloudFront distribution references the bucket // * The KMS key references the CloudFront distribution let encryptionKey; if (props.bucketProps && props.bucketProps.encryptionKey) { encryptionKey = props.bucketProps.encryptionKey; } else if (props.existingBucketObj && props.existingBucketObj.encryptionKey) { encryptionKey = props.existingBucketObj.encryptionKey; } if (encryptionKey) { resources.createKeyPolicyUpdaterCustomResource(this, id, { distribution: this.cloudFrontWebDistribution, encryptionKey }); } } } exports.CloudFrontToS3 = CloudFrontToS3; _a = JSII_RTTI_SYMBOL_1; CloudFrontToS3[_a] = { fqn: "@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3", version: "2.92.1" }; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBOzs7Ozs7Ozs7OztHQVdHO0FBRUgsNkNBQWtDO0FBRWxDLDJDQUEyQztBQUczQywyREFBMkQ7QUFDM0QsaUVBQWlFO0FBQ2pFLHdGQUF3RjtBQUN4RiwyQ0FBdUM7QUFzR3ZDLE1BQWEsY0FBZSxTQUFRLHNCQUFTO0lBVTNDOzs7Ozs7O09BT0c7SUFDSCxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQTBCO1FBQ2xFLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsd0VBQXdFO1FBQ3hFLDJEQUEyRDtRQUMzRCxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxpREFBaUQsRUFBRSxJQUFJLENBQUMsQ0FBQztRQUU5RSxRQUFRLENBQUMsWUFBWSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQzdCLFFBQVEsQ0FBQyxvQkFBb0IsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUNyQyxRQUFRLENBQUMsc0JBQXNCLENBQUMsS0FBSyxDQUFDLENBQUM7UUFFdkMsSUFBSSxZQUF3QixDQUFDO1FBRTdCLElBQUksQ0FBQyxLQUFLLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztZQUM3QixNQUFNLHFCQUFxQixHQUFHLFFBQVEsQ0FBQyxhQUFhLENBQUMsSUFBSSxFQUFFO2dCQUN6RCxXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7Z0JBQzlCLGtCQUFrQixFQUFFLEtBQUssQ0FBQyxrQkFBa0I7Z0JBQzVDLGVBQWUsRUFBRSxLQUFLLENBQUMsZUFBZTthQUN2QyxDQUFDLENBQUM7WUFDSCxJQUFJLENBQUMsUUFBUSxHQUFHLHFCQUFxQixDQUFDLE1BQU0sQ0FBQztZQUM3QyxJQUFJLENBQUMsZUFBZSxHQUFHLHFCQUFxQixDQUFDLGFBQWEsQ0FBQztZQUMzRCxZQUFZLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUMvQixDQUFDO2FBQU0sQ0FBQztZQUNOLFlBQVksR0FBRyxLQUFLLENBQUMsaUJBQWlCLENBQUM7UUFDekMsQ0FBQztRQUVELElBQUksQ0FBQyxpQkFBaUIsR0FBRyxZQUFZLENBQUM7UUFFdEMscUNBQXFDO1FBQ3JDLE1BQU0sZ0NBQWdDLEdBQW9EO1lBQ3hGLFlBQVksRUFBRSxJQUFJLENBQUMsaUJBQWlCO1lBQ3BDLDJCQUEyQixFQUFFLEtBQUssQ0FBQywyQkFBMkI7WUFDOUQsbUJBQW1CLEVBQUUsS0FBSyxDQUFDLHlCQUF5QjtZQUNwRCw0QkFBNEIsRUFBRSxLQUFLLENBQUMsNEJBQTRCO1lBQ2hFLDBCQUEwQixFQUFFLEtBQUssQ0FBQywwQkFBMEI7WUFDNUQsNkNBQTZDLEVBQUUsS0FBSyxDQUFDLDJDQUEyQztZQUNoRyxzQkFBc0IsRUFBRSxLQUFLLENBQUMsc0JBQXNCO1NBQ3JELENBQUM7UUFDRixNQUFNLG1DQUFtQyxHQUFHLFFBQVEsQ0FBQyxpQ0FBaUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxFQUFFLGdDQUFnQyxDQUFDLENBQUM7UUFDbkksSUFBSSxDQUFDLHlCQUF5QixHQUFHLG1DQUFtQyxDQUFDLFlBQVksQ0FBQztRQUNsRixJQUFJLENBQUMsa0JBQWtCLEdBQUcsbUNBQW1DLENBQUMsa0JBQWtCLENBQUM7UUFDakYsSUFBSSxDQUFDLHVCQUF1QixHQUFHLG1DQUFtQyxDQUFDLGFBQWEsQ0FBQztRQUNqRixJQUFJLENBQUMsbUJBQW1CLEdBQUcsbUNBQW1DLENBQUMsbUJBQW1CLENBQUM7UUFDbkYsSUFBSSxDQUFDLHNDQUFzQyxHQUFHLG1DQUFtQyxDQUFDLCtCQUErQixDQUFDO1FBRWxILHFHQUFxRztRQUNyRyxNQUFNLHdCQUF3QixHQUFHLElBQUksQ0FBQyx5QkFBeUIsQ0FBQyxJQUFJLENBQUMsWUFBMEMsQ0FBQztRQUNoSCx3QkFBd0IsQ0FBQyxtQkFBbUIsQ0FBQyxvREFBb0QsRUFBRSxJQUFJLENBQUMsbUJBQW1CLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFDckksSUFBSSxLQUFLLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDckIsd0JBQXdCLENBQUMsbUJBQW1CLENBQUMseUNBQXlDLEVBQUUsS0FBSyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQzVHLENBQUM7UUFFRCwyRUFBMkU7UUFDM0UsWUFBWSxDQUFDLG1CQUFtQixDQUM5QixJQUFJLEdBQUcsQ0FBQyxlQUFlLENBQUM7WUFDdEIsTUFBTSxFQUFFLEdBQUcsQ0FBQyxNQUFNLENBQUMsS0FBSztZQUN4QixPQUFPLEVBQUUsQ0FBQyxjQUFjLENBQUM7WUFDekIsVUFBVSxFQUFFLENBQUMsSUFBSSxHQUFHLENBQUMsZ0JBQWdCLENBQUMsMEJBQTBCLENBQUMsQ0FBQztZQUNsRSxTQUFTLEVBQUUsQ0FBQyxZQUFZLENBQUMsYUFBYSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1lBQzVDLFVBQVUsRUFBRTtnQkFDVixZQUFZLEVBQUU7b0JBQ1osZUFBZSxFQUFFLE9BQU8saUJBQUcsQ0FBQyxTQUFTLGdCQUFnQixpQkFBRyxDQUFDLFVBQVUsaUJBQWlCLElBQUksQ0FBQyx5QkFBeUIsQ0FBQyxjQUFjLEVBQUU7aUJBQ3BJO2FBQ0Y7U0FDRixDQUFDLENBQ0gsQ0FBQztRQUVGLFlBQVksQ0FBQyxtQkFBbUIsQ0FDOUIsSUFBSSxHQUFHLENBQUMsZUFBZSxDQUFDO1lBQ3RCLE1BQU0sRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDLEtBQUs7WUFDeEIsT0FBTyxFQUFFLENBQUMsZUFBZSxDQUFDO1lBQzFCLFVBQVUsRUFBRSxDQUFDLElBQUksR0FBRyxDQUFDLGdCQUFnQixDQUFDLDBCQUEwQixDQUFDLENBQUM7WUFDbEUsU0FBUyxFQUFFLENBQUMsWUFBWSxDQUFDLFNBQVMsQ0FBQztZQUNuQyxVQUFVLEVBQUU7Z0JBQ1YsWUFBWSxFQUFFO29CQUNaLGVBQWUsRUFBRSxPQUFPLGlCQUFHLENBQUMsU0FBUyxnQkFBZ0IsaUJBQUcsQ0FBQyxVQUFVLGlCQUFpQixJQUFJLENBQUMseUJBQXlCLENBQUMsY0FBYyxFQUFFO2lCQUNwSTthQUNGO1NBQ0YsQ0FBQyxDQUNILENBQUM7UUFFRixzRkFBc0Y7UUFDdEYsb0ZBQW9GO1FBQ3BGLHdGQUF3RjtRQUN4RixpRUFBaUU7UUFDakUsMkNBQTJDO1FBQzNDLHdEQUF3RDtRQUN4RCx5REFBeUQ7UUFDekQsSUFBSSxhQUFtQyxDQUFDO1FBQ3hDLElBQUksS0FBSyxDQUFDLFdBQVcsSUFBSSxLQUFLLENBQUMsV0FBVyxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQ3pELGFBQWEsR0FBRyxLQUFLLENBQUMsV0FBVyxDQUFDLGFBQWEsQ0FBQztRQUNsRCxDQUFDO2FBQU0sSUFBSSxLQUFLLENBQUMsaUJBQWlCLElBQUksS0FBSyxDQUFDLGlCQUFpQixDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQzVFLGFBQWEsR0FBRyxLQUFLLENBQUMsaUJBQWlCLENBQUMsYUFBYSxDQUFDO1FBQ3hELENBQUM7UUFFRCxJQUFJLGFBQWEsRUFBRSxDQUFDO1lBQ2xCLFNBQVMsQ0FBQyxvQ0FBb0MsQ0FBQyxJQUFJLEVBQUUsRUFBRSxFQUFHO2dCQUN4RCxZQUFZLEVBQUUsSUFBSSxDQUFDLHlCQUF5QjtnQkFDNUMsYUFBYTthQUNkLENBQUMsQ0FBQztRQUNMLENBQUM7SUFDSCxDQUFDOztBQXZISCx3Q0F3SEMiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqICBDb3B5cmlnaHQgQW1hem9uLmNvbSwgSW5jLiBvciBpdHMgYWZmaWxpYXRlcy4gQWxsIFJpZ2h0cyBSZXNlcnZlZC5cbiAqXG4gKiAgTGljZW5zZWQgdW5kZXIgdGhlIEFwYWNoZSBMaWNlbnNlLCBWZXJzaW9uIDIuMCAodGhlIFwiTGljZW5zZVwiKS4gWW91IG1heSBub3QgdXNlIHRoaXMgZmlsZSBleGNlcHQgaW4gY29tcGxpYW5jZVxuICogIHdpdGggdGhlIExpY2Vuc2UuIEEgY29weSBvZiB0aGUgTGljZW5zZSBpcyBsb2NhdGVkIGF0XG4gKlxuICogICAgICBodHRwOi8vd3d3LmFwYWNoZS5vcmcvbGljZW5zZXMvTElDRU5TRS0yLjBcbiAqXG4gKiAgb3IgaW4gdGhlICdsaWNlbnNlJyBmaWxlIGFjY29tcGFueWluZyB0aGlzIGZpbGUuIFRoaXMgZmlsZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAnQVMgSVMnIEJBU0lTLCBXSVRIT1VUIFdBUlJBTlRJRVNcbiAqICBPUiBDT05ESVRJT05TIE9GIEFOWSBLSU5ELCBleHByZXNzIG9yIGltcGxpZWQuIFNlZSB0aGUgTGljZW5zZSBmb3IgdGhlIHNwZWNpZmljIGxhbmd1YWdlIGdvdmVybmluZyBwZXJtaXNzaW9uc1xuICogIGFuZCBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS5cbiAqL1xuXG5pbXBvcnQgeyBBd3MgfSBmcm9tICdhd3MtY2RrLWxpYic7XG5pbXBvcnQgKiBhcyBjbG91ZGZyb250IGZyb20gJ2F3cy1jZGstbGliL2F3cy1jbG91ZGZyb250JztcbmltcG9ydCAqIGFzIGlhbSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtaWFtJztcbmltcG9ydCAqIGFzIGttcyBmcm9tICdhd3MtY2RrLWxpYi9hd3Mta21zJztcbmltcG9ydCAqIGFzIHMzIGZyb20gJ2F3cy1jZGstbGliL2F3cy1zMyc7XG5pbXBvcnQgKiBhcyBkZWZhdWx0cyBmcm9tICdAYXdzLXNvbHV0aW9ucy1jb25zdHJ1Y3RzL2NvcmUnO1xuaW1wb3J0ICogYXMgcmVzb3VyY2VzIGZyb20gJ0Bhd3Mtc29sdXRpb25zLWNvbnN0cnVjdHMvcmVzb3VyY2VzJztcbi8vIE5vdGU6IFRvIGVuc3VyZSBDREt2MiBjb21wYXRpYmlsaXR5LCBrZWVwIHRoZSBpbXBvcnQgc3RhdGVtZW50IGZvciBDb25zdHJ1Y3Qgc2VwYXJhdGVcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuXG4vKipcbiAqIEBzdW1tYXJ5IFRoZSBwcm9wZXJ0aWVzIGZvciB0aGUgQ2xvdWRGcm9udFRvUzMgQ29uc3RydWN0XG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgQ2xvdWRGcm9udFRvUzNQcm9wcyB7XG4gIC8qKlxuICAgKiBPcHRpb25hbCB1c2VyIHByb3ZpZGVkIHByb3BzIHRvIG92ZXJyaWRlIHRoZSBkZWZhdWx0IHByb3BzXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gRGVmYXVsdCBwcm9wcyBhcmUgdXNlZFxuICAgKi9cbiAgcmVhZG9ubHkgY2xvdWRGcm9udERpc3RyaWJ1dGlvblByb3BzPzogY2xvdWRmcm9udC5EaXN0cmlidXRpb25Qcm9wcyB8IGFueSxcbiAgLyoqXG4gICAqIE9wdGlvbmFsIHVzZXIgcHJvdmlkZWQgcHJvcHMgdG8gdHVybiBvbi9vZmYgdGhlIGF1dG9tYXRpYyBpbmplY3Rpb24gb2YgYmVzdCBwcmFjdGljZSBIVFRQXG4gICAqIHNlY3VyaXR5IGhlYWRlcnMgaW4gYWxsIHJlc3BvbnNlcyBmcm9tIGNsb3VkZnJvbnQuXG4gICAqIFR1cm5pbmcgdGhpcyBvbiB3aWxsIGluamVjdCBkZWZhdWx0IGhlYWRlcnMgYW5kIGlzIG11dHVhbGx5IGV4Y2x1c2l2ZSB3aXRoIHBhc3NpbmcgY3VzdG9tIHNlY3VyaXR5IGhlYWRlcnNcbiAgICogdmlhIHRoZSByZXNwb25zZUhlYWRlcnNQb2xpY3lQcm9wcyBwYXJhbWV0ZXIuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gdHJ1ZVxuICAgKi9cbiAgcmVhZG9ubHkgaW5zZXJ0SHR0cFNlY3VyaXR5SGVhZGVycz86IGJvb2xlYW47XG4gIC8qKlxuICAgKiBPcHRpb25hbCB1c2VyIHByb3ZpZGVkIGNvbmZpZ3VyYXRpb24gdGhhdCBjbG91ZGZyb250IGFwcGxpZXMgdG8gYWxsIGh0dHAgcmVzcG9uc2VzLlxuICAgKiBDYW4gYmUgdXNlZCB0byBwYXNzIGEgY3VzdG9tIFJlc3BvbnNlU2VjdXJpdHlIZWFkZXJzQmVoYXZpb3IsIFJlc3BvbnNlQ3VzdG9tSGVhZGVyc0JlaGF2aW9yIG9yXG4gICAqIFJlc3BvbnNlSGVhZGVyc0NvcnNCZWhhdmlvciB0byB0aGUgY2xvdWRmcm9udCBkaXN0cmlidXRpb24uXG4gICAqXG4gICAqIFBhc3NpbmcgYSBjdXN0b20gUmVzcG9uc2VTZWN1cml0eUhlYWRlcnNCZWhhdmlvciBpcyBtdXR1YWxseSBleGNsdXNpdmUgd2l0aCB0dXJuaW5nIG9uIHRoZSBkZWZhdWx0IHNlY3VyaXR5IGhlYWRlcnNcbiAgICogdmlhIGBpbnNlcnRIdHRwU2VjdXJpdHlIZWFkZXJzYCBwcm9wLiBXaWxsIHRocm93IGFuIGVycm9yIGlmIGJvdGggYGluc2VydEh0dHBTZWN1cml0eUhlYWRlcnNgIGlzIHNldCB0byBgdHJ1ZWBcbiAgICogYW5kIFJlc3BvbnNlU2VjdXJpdHlIZWFkZXJzQmVoYXZpb3IgaXMgcGFzc2VkLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIHVuZGVmaW5lZFxuICAgKi9cbiAgcmVhZG9ubHkgcmVzcG9uc2VIZWFkZXJzUG9saWN5UHJvcHM/OiBjbG91ZGZyb250LlJlc3BvbnNlSGVhZGVyc1BvbGljeVByb3BzXG4gIC8qKlxuICAgKiBPcHRpb25hbCB1c2VyIHByb3ZpZGVkIHByb3BzIHRvIHByb3ZpZGUgYW4gb3JpZ2luUGF0aCB0aGF0IENsb3VkRnJvbnQgYXBwZW5kcyB0byB0aGVcbiAgICogb3JpZ2luIGRvbWFpbiBuYW1lIHdoZW4gQ2xvdWRGcm9udCByZXF1ZXN0cyBjb250ZW50IGZyb20gdGhlIG9yaWdpbi5cbiAgICogVGhlIHN0cmluZyBzaG91bGQgc3RhcnQgd2l0aCBhIGAvYCwgZm9yIGV4YW1wbGUgYC9wcm9kdWN0aW9uYC5cbiAgICogQGRlZmF1bHQgPSAnLydcbiAgICovXG4gIHJlYWRvbmx5IG9yaWdpblBhdGg/OiBzdHJpbmcsXG5cbiAgLy8gPT09PT09PT09PT09PT09PT09PT09XG4gIC8vIFMzIENvbnRlbnQgQnVja2V0XG4gIC8vID09PT09PT09PT09PT09PT09PT09PVxuICAvKipcbiAgICogRXhpc3RpbmcgaW5zdGFuY2Ugb2YgUzMgQ29udGVudCBCdWNrZXQgb2JqZWN0LCBwcm92aWRpbmcgYm90aCB0aGlzIGFuZCBgYnVja2V0UHJvcHNgIHdpbGwgY2F1c2UgYW4gZXJyb3IuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gTm9uZVxuICAgKi9cbiAgcmVhZG9ubHkgZXhpc3RpbmdCdWNrZXRPYmo/OiBzMy5JQnVja2V0LFxuICAvKipcbiAgICogT3B0aW9uYWwgdXNlciBwcm92aWRlZCBwcm9wcyB0byBvdmVycmlkZSB0aGUgZGVmYXVsdCBwcm9wcyBmb3IgdGhlIFMzIENvbnRlbnQgQnVja2V0LlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIERlZmF1bHQgcHJvcHMgYXJlIHVzZWRcbiAgICovXG4gIHJlYWRvbmx5IGJ1Y2tldFByb3BzPzogczMuQnVja2V0UHJvcHMsXG5cbiAgLy8gPT09PT09PT09PT09PT09PT09PT09XG4gIC8vIFMzIENvbnRlbnQgQnVja2V0IEFjY2VzcyBMb2dzIEJ1Y2tldFxuICAvLyA9PT09PT09PT09PT09PT09PT09PT1cbiAgLyoqXG4gICAqIE9wdGlvbmFsIC0gV2hldGhlciB0byBtYWludGFpbiBhY2Nlc3MgbG9ncyBmb3IgdGhlIFMzIENvbnRlbnQgYnVja2V0XG4gICAqXG4gICAqIEBkZWZhdWx0IC0gdHJ1ZVxuICAgKi9cbiAgcmVhZG9ubHkgbG9nUzNBY2Nlc3NMb2dzPzogYm9vbGVhbixcbiAgLyoqXG4gICAqIE9wdGlvbmFsIHVzZXIgcHJvdmlkZWQgcHJvcHMgdG8gb3ZlcnJpZGUgdGhlIGRlZmF1bHQgcHJvcHMgZm9yIHRoZSBTMyBDb250ZW50IEJ1Y2tldCBBY2Nlc3MgTG9nIEJ1Y2tldC5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBEZWZhdWx0IHByb3BzIGFyZSB1c2VkXG4gICAqL1xuICByZWFkb25seSBsb2dnaW5nQnVja2V0UHJvcHM/OiBzMy5CdWNrZXRQcm9wcyxcblxuICAvLyA9PT09PT09PT09PT09PT09PT09PT1cbiAgLy8gQ2xvdWRGcm9udCBMb2cgQnVja2V0XG4gIC8vID09PT09PT09PT09PT09PT09PT09PVxuICAvKipcbiAgICogT3B0aW9uYWwgdXNlciBwcm92aWRlZCBwcm9wcyB0byBvdmVycmlkZSB0aGUgZGVmYXVsdCBwcm9wcyBmb3IgdGhlIENsb3VkRnJvbnQgTG9nIEJ1Y2tldC5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBEZWZhdWx0IHByb3BzIGFyZSB1c2VkXG4gICAqL1xuICByZWFkb25seSBjbG91ZEZyb250TG9nZ2luZ0J1Y2tldFByb3BzPzogczMuQnVja2V0UHJvcHMsXG5cbiAgLy8gPT09PT09PT09PT09PT09PT09PT09XG4gIC8vIENsb3VkRnJvbnQgTG9ncyBCdWNrZXQgQWNjZXNzIExvZyBCdWNrZXRcbiAgLy8gPT09PT09PT09PT09PT09PT09PT09XG4gIC8qKlxuICAgKiBPcHRpb25hbCAtIFdoZXRoZXIgdG8gbWFpbnRhaW4gYWNjZXNzIGxvZ3MgZm9yIHRoZSBDbG91ZEZyb250IExvZ2dpbmcgYnVja2V0LiBTcGVjaWZ5aW5nIGZhbHNlIGZvciB0aGlzXG4gICAqIHdoaWxlIHByb3ZpZGluZyBpbmZvIGFib3V0IHRoZSBsb2cgYnVja2V0IHdpbGwgY2F1c2UgYW4gZXJyb3IuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gdHJ1ZVxuICAgKi9cbiAgcmVhZG9ubHkgbG9nQ2xvdWRGcm9udEFjY2Vzc0xvZz86IGJvb2xlYW4sXG4gIC8qKlxuICAgKiBPcHRpb25hbCB1c2VyIHByb3ZpZGVkIHByb3BzIHRvIG92ZXJyaWRlIHRoZSBkZWZhdWx0IHByb3BzIGZvciB0aGUgQ2xvdWRGcm9udCBMb2cgQnVja2V0IEFjY2VzcyBMb2cgYnVja2V0LlxuICAgKiBQcm92aWRpbmcgYm90aCB0aGlzIGFuZCBgZXhpc3RpbmdjbG91ZEZyb250TG9nZ2luZ0J1Y2tldEFjY2Vzc0xvZ0J1Y2tldGAgd2lsbCBjYXVzZSBhbiBlcnJvclxuICAgKlxuICAgKiBAZGVmYXVsdCAtIERlZmF1bHQgcHJvcHMgYXJlIHVzZWRcbiAgICovXG4gIHJlYWRvbmx5IGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0QWNjZXNzTG9nQnVja2V0UHJvcHM/OiBzMy5CdWNrZXRQcm9wcyxcbn1cblxuZXhwb3J0IGNsYXNzIENsb3VkRnJvbnRUb1MzIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgcHVibGljIHJlYWRvbmx5IGNsb3VkRnJvbnRXZWJEaXN0cmlidXRpb246IGNsb3VkZnJvbnQuRGlzdHJpYnV0aW9uO1xuICBwdWJsaWMgcmVhZG9ubHkgY2xvdWRGcm9udEZ1bmN0aW9uPzogY2xvdWRmcm9udC5GdW5jdGlvbjtcbiAgcHVibGljIHJlYWRvbmx5IGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0PzogczMuQnVja2V0O1xuICBwdWJsaWMgcmVhZG9ubHkgY2xvdWRGcm9udExvZ2dpbmdCdWNrZXRBY2Nlc3NMb2dCdWNrZXQ/OiBzMy5CdWNrZXQ7XG4gIHB1YmxpYyByZWFkb25seSBzM0J1Y2tldEludGVyZmFjZTogczMuSUJ1Y2tldDtcbiAgcHVibGljIHJlYWRvbmx5IHMzQnVja2V0PzogczMuQnVja2V0O1xuICBwdWJsaWMgcmVhZG9ubHkgczNMb2dnaW5nQnVja2V0PzogczMuQnVja2V0O1xuICBwdWJsaWMgcmVhZG9ubHkgb3JpZ2luQWNjZXNzQ29udHJvbD86IGNsb3VkZnJvbnQuQ2ZuT3JpZ2luQWNjZXNzQ29udHJvbDtcblxuICAvKipcbiAgICogQHN1bW1hcnkgQ29uc3RydWN0cyBhIG5ldyBpbnN0YW5jZSBvZiB0aGUgQ2xvdWRGcm9udFRvUzMgY2xhc3MuXG4gICAqIEBwYXJhbSB7Q29uc3RydWN0fSBzY29wZSAtIHJlcHJlc2VudHMgdGhlIHNjb3BlIGZvciBhbGwgdGhlIHJlc291cmNlcy5cbiAgICogQHBhcmFtIHtzdHJpbmd9IGlkIC0gdGhpcyBpcyBhIGEgc2NvcGUtdW5pcXVlIGlkLlxuICAgKiBAcGFyYW0ge0Nsb3VkRnJvbnRUb1MzUHJvcHN9IHByb3BzIC0gdXNlciBwcm92aWRlZCBwcm9wcyBmb3IgdGhlIGNvbnN0cnVjdFxuICAgKiBAc2luY2UgMC44LjBcbiAgICogQGFjY2VzcyBwdWJsaWNcbiAgICovXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBDbG91ZEZyb250VG9TM1Byb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIC8vIEFsbCBvdXIgdGVzdHMgYXJlIGJhc2VkIHVwb24gdGhpcyBiZWhhdmlvciBiZWluZyBvbiwgc28gd2UncmUgc2V0dGluZ1xuICAgIC8vIGNvbnRleHQgaGVyZSByYXRoZXIgdGhhbiBhc3N1bWluZyB0aGUgY2xpZW50IHdpbGwgc2V0IGl0XG4gICAgdGhpcy5ub2RlLnNldENvbnRleHQoXCJAYXdzLWNkay9hd3MtczM6c2VydmVyQWNjZXNzTG9nc1VzZUJ1Y2tldFBvbGljeVwiLCB0cnVlKTtcblxuICAgIGRlZmF1bHRzLkNoZWNrUzNQcm9wcyhwcm9wcyk7XG4gICAgZGVmYXVsdHMuQ2hlY2tDbG91ZEZyb250UHJvcHMocHJvcHMpO1xuICAgIGRlZmF1bHRzLkNoZWNrQ2xvdWRmcm9udFMzUHJvcHMocHJvcHMpO1xuXG4gICAgbGV0IG9yaWdpbkJ1Y2tldDogczMuSUJ1Y2tldDtcblxuICAgIGlmICghcHJvcHMuZXhpc3RpbmdCdWNrZXRPYmopIHtcbiAgICAgIGNvbnN0IGJ1aWxkUzNCdWNrZXRSZXNwb25zZSA9IGRlZmF1bHRzLmJ1aWxkUzNCdWNrZXQodGhpcywge1xuICAgICAgICBidWNrZXRQcm9wczogcHJvcHMuYnVja2V0UHJvcHMsXG4gICAgICAgIGxvZ2dpbmdCdWNrZXRQcm9wczogcHJvcHMubG9nZ2luZ0J1Y2tldFByb3BzLFxuICAgICAgICBsb2dTM0FjY2Vzc0xvZ3M6IHByb3BzLmxvZ1MzQWNjZXNzTG9nc1xuICAgICAgfSk7XG4gICAgICB0aGlzLnMzQnVja2V0ID0gYnVpbGRTM0J1Y2tldFJlc3BvbnNlLmJ1Y2tldDtcbiAgICAgIHRoaXMuczNMb2dnaW5nQnVja2V0ID0gYnVpbGRTM0J1Y2tldFJlc3BvbnNlLmxvZ2dpbmdCdWNrZXQ7XG4gICAgICBvcmlnaW5CdWNrZXQgPSB0aGlzLnMzQnVja2V0O1xuICAgIH0gZWxzZSB7XG4gICAgICBvcmlnaW5CdWNrZXQgPSBwcm9wcy5leGlzdGluZ0J1Y2tldE9iajtcbiAgICB9XG5cbiAgICB0aGlzLnMzQnVja2V0SW50ZXJmYWNlID0gb3JpZ2luQnVja2V0O1xuXG4gICAgLy8gRGVmaW5lIHRoZSBDbG91ZEZyb250IERpc3RyaWJ1dGlvblxuICAgIGNvbnN0IGNsb3VkRnJvbnREaXN0cmlidXRpb25Gb3JTM1Byb3BzOiBkZWZhdWx0cy5DcmVhdGVDbG91ZEZyb250RGlzdHJpYnV0aW9uRm9yUzNQcm9wcyA9IHtcbiAgICAgIHNvdXJjZUJ1Y2tldDogdGhpcy5zM0J1Y2tldEludGVyZmFjZSxcbiAgICAgIGNsb3VkRnJvbnREaXN0cmlidXRpb25Qcm9wczogcHJvcHMuY2xvdWRGcm9udERpc3RyaWJ1dGlvblByb3BzLFxuICAgICAgaHR0cFNlY3VyaXR5SGVhZGVyczogcHJvcHMuaW5zZXJ0SHR0cFNlY3VyaXR5SGVhZGVycyxcbiAgICAgIGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0UHJvcHM6IHByb3BzLmNsb3VkRnJvbnRMb2dnaW5nQnVja2V0UHJvcHMsXG4gICAgICByZXNwb25zZUhlYWRlcnNQb2xpY3lQcm9wczogcHJvcHMucmVzcG9uc2VIZWFkZXJzUG9saWN5UHJvcHMsXG4gICAgICBjbG91ZEZyb250TG9nZ2luZ0J1Y2tldFMzQWNjZXNzTG9nQnVja2V0UHJvcHM6IHByb3BzLmNsb3VkRnJvbnRMb2dnaW5nQnVja2V0QWNjZXNzTG9nQnVja2V0UHJvcHMsXG4gICAgICBsb2dDbG91ZEZyb250QWNjZXNzTG9nOiBwcm9wcy5sb2dDbG91ZEZyb250QWNjZXNzTG9nXG4gICAgfTtcbiAgICBjb25zdCBjbG91ZEZyb250RGlzdHJpYnV0aW9uRm9yUzNSZXNwb25zZSA9IGRlZmF1bHRzLmNyZWF0ZUNsb3VkRnJvbnREaXN0cmlidXRpb25Gb3JTMyh0aGlzLCBpZCwgY2xvdWRGcm9udERpc3RyaWJ1dGlvbkZvclMzUHJvcHMpO1xuICAgIHRoaXMuY2xvdWRGcm9udFdlYkRpc3RyaWJ1dGlvbiA9IGNsb3VkRnJvbnREaXN0cmlidXRpb25Gb3JTM1Jlc3BvbnNlLmRpc3RyaWJ1dGlvbjtcbiAgICB0aGlzLmNsb3VkRnJvbnRGdW5jdGlvbiA9IGNsb3VkRnJvbnREaXN0cmlidXRpb25Gb3JTM1Jlc3BvbnNlLmNsb3VkZnJvbnRGdW5jdGlvbjtcbiAgICB0aGlzLmNsb3VkRnJvbnRMb2dnaW5nQnVja2V0ID0gY2xvdWRGcm9udERpc3RyaWJ1dGlvbkZvclMzUmVzcG9uc2UubG9nZ2luZ0J1Y2tldDtcbiAgICB0aGlzLm9yaWdpbkFjY2Vzc0NvbnRyb2wgPSBjbG91ZEZyb250RGlzdHJpYnV0aW9uRm9yUzNSZXNwb25zZS5vcmlnaW5BY2Nlc3NDb250cm9sO1xuICAgIHRoaXMuY2xvdWRGcm9udExvZ2dpbmdCdWNrZXRBY2Nlc3NMb2dCdWNrZXQgPSBjbG91ZEZyb250RGlzdHJpYnV0aW9uRm9yUzNSZXNwb25zZS5sb2dnaW5nQnVja2V0UzNBY2Nlc3NzTG9nQnVja2V0O1xuXG4gICAgLy8gQXR0YWNoIHRoZSBPcmlnaW5BY2Nlc3NDb250cm9sIHRvIHRoZSBDbG91ZEZyb250IERpc3RyaWJ1dGlvbiwgYW5kIHJlbW92ZSB0aGUgT3JpZ2luQWNjZXNzSWRlbnRpdHlcbiAgICBjb25zdCBsMUNsb3VkRnJvbnREaXN0cmlidXRpb24gPSB0aGlzLmNsb3VkRnJvbnRXZWJEaXN0cmlidXRpb24ubm9kZS5kZWZhdWx0Q2hpbGQgYXMgY2xvdWRmcm9udC5DZm5EaXN0cmlidXRpb247XG4gICAgbDFDbG91ZEZyb250RGlzdHJpYnV0aW9uLmFkZFByb3BlcnR5T3ZlcnJpZGUoJ0Rpc3RyaWJ1dGlvbkNvbmZpZy5PcmlnaW5zLjAuT3JpZ2luQWNjZXNzQ29udHJvbElkJywgdGhpcy5vcmlnaW5BY2Nlc3NDb250cm9sPy5hdHRySWQpO1xuICAgIGlmIChwcm9wcy5vcmlnaW5QYXRoKSB7XG4gICAgICBsMUNsb3VkRnJvbnREaXN0cmlidXRpb24uYWRkUHJvcGVydHlPdmVycmlkZSgnRGlzdHJpYnV0aW9uQ29uZmlnLk9yaWdpbnMuMC5PcmlnaW5QYXRoJywgcHJvcHMub3JpZ2luUGF0aCk7XG4gICAgfVxuXG4gICAgLy8gR3JhbnQgQ2xvdWRGcm9udCBwZXJtaXNzaW9uIHRvIGdldCB0aGUgb2JqZWN0cyBmcm9tIHRoZSBzMyBidWNrZXQgb3JpZ2luXG4gICAgb3JpZ2luQnVja2V0LmFkZFRvUmVzb3VyY2VQb2xpY3koXG4gICAgICBuZXcgaWFtLlBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgIGVmZmVjdDogaWFtLkVmZmVjdC5BTExPVyxcbiAgICAgICAgYWN0aW9uczogWydzMzpHZXRPYmplY3QnXSxcbiAgICAgICAgcHJpbmNpcGFsczogW25ldyBpYW0uU2VydmljZVByaW5jaXBhbCgnY2xvdWRmcm9udC5hbWF6b25hd3MuY29tJyldLFxuICAgICAgICByZXNvdXJjZXM6IFtvcmlnaW5CdWNrZXQuYXJuRm9yT2JqZWN0cygnKicpXSxcbiAgICAgICAgY29uZGl0aW9uczoge1xuICAgICAgICAgIFN0cmluZ0VxdWFsczoge1xuICAgICAgICAgICAgJ0FXUzpTb3VyY2VBcm4nOiBgYXJuOiR7QXdzLlBBUlRJVElPTn06Y2xvdWRmcm9udDo6JHtBd3MuQUNDT1VOVF9JRH06ZGlzdHJpYnV0aW9uLyR7dGhpcy5jbG91ZEZyb250V2ViRGlzdHJpYnV0aW9uLmRpc3RyaWJ1dGlvbklkfWBcbiAgICAgICAgICB9XG4gICAgICAgIH1cbiAgICAgIH0pXG4gICAgKTtcblxuICAgIG9yaWdpbkJ1Y2tldC5hZGRUb1Jlc291cmNlUG9saWN5KFxuICAgICAgbmV3IGlhbS5Qb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICBlZmZlY3Q6IGlhbS5FZmZlY3QuQUxMT1csXG4gICAgICAgIGFjdGlvbnM6IFsnczM6TGlzdEJ1Y2tldCddLFxuICAgICAgICBwcmluY2lwYWxzOiBbbmV3IGlhbS5TZXJ2aWNlUHJpbmNpcGFsKCdjbG91ZGZyb250LmFtYXpvbmF3cy5jb20nKV0sXG4gICAgICAgIHJlc291cmNlczogW29yaWdpbkJ1Y2tldC5idWNrZXRBcm5dLFxuICAgICAgICBjb25kaXRpb25zOiB7XG4gICAgICAgICAgU3RyaW5nRXF1YWxzOiB7XG4gICAgICAgICAgICAnQVdTOlNvdXJjZUFybic6IGBhcm46JHtBd3MuUEFSVElUSU9OfTpjbG91ZGZyb250Ojoke0F3cy5BQ0NPVU5UX0lEfTpkaXN0cmlidXRpb24vJHt0aGlzLmNsb3VkRnJvbnRXZWJEaXN0cmlidXRpb24uZGlzdHJpYnV0aW9uSWR9YFxuICAgICAgICAgIH1cbiAgICAgICAgfVxuICAgICAgfSlcbiAgICApO1xuXG4gICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgYSBjdXN0b20gcmVzb3VyY2UgdG8gaW50cm9kdWNlIHRoZSBpbmRpcmVjdGlvbiBuZWNlc3NhcnkgdG8gYXZvaWRcbiAgICAvLyBhIGNpcmN1bGFyIGRlcGVuZGVuY3kgd2hlbiBncmFudGluZyB0aGUgQ2xvdWRGcm9udCBkaXN0cmlidXRpb24gYWNjZXNzIHRvIHVzZSB0aGVcbiAgICAvLyBLTVMga2V5IHRvIGRlY3J5cHQgb2JqZWN0cy4gV2l0aG91dCB0aGlzIGluZGlyZWN0aW9uLCBpdCBpcyBub3QgcG9zc2libGUgdG8gcmVmZXJlbmNlXG4gICAgLy8gdGhlIENsb3VkRnJvbnQgZGlzdHJpYnV0aW9uIElEIGluIHRoZSBLTVMga2V5IHBvbGljeSBiZWNhdXNlIC1cbiAgICAvLyAgICogVGhlIFMzIGJ1Y2tldCByZWZlcmVuY2VzIHRoZSBLTVMga2V5XG4gICAgLy8gICAqIFRoZSBDbG91ZEZyb250IGRpc3RyaWJ1dGlvbiByZWZlcmVuY2VzIHRoZSBidWNrZXRcbiAgICAvLyAgICogVGhlIEtNUyBrZXkgcmVmZXJlbmNlcyB0aGUgQ2xvdWRGcm9udCBkaXN0cmlidXRpb25cbiAgICBsZXQgZW5jcnlwdGlvbktleToga21zLklLZXkgfCB1bmRlZmluZWQ7XG4gICAgaWYgKHByb3BzLmJ1Y2tldFByb3BzICYmIHByb3BzLmJ1Y2tldFByb3BzLmVuY3J5cHRpb25LZXkpIHtcbiAgICAgIGVuY3J5cHRpb25LZXkgPSBwcm9wcy5idWNrZXRQcm9wcy5lbmNyeXB0aW9uS2V5O1xuICAgIH0gZWxzZSBpZiAocHJvcHMuZXhpc3RpbmdCdWNrZXRPYmogJiYgcHJvcHMuZXhpc3RpbmdCdWNrZXRPYmouZW5jcnlwdGlvbktleSkge1xuICAgICAgZW5jcnlwdGlvbktleSA9IHByb3BzLmV4aXN0aW5nQnVja2V0T2JqLmVuY3J5cHRpb25LZXk7XG4gICAgfVxuXG4gICAgaWYgKGVuY3J5cHRpb25LZXkpIHtcbiAgICAgIHJlc291cmNlcy5jcmVhdGVLZXlQb2xpY3lVcGRhdGVyQ3VzdG9tUmVzb3VyY2UodGhpcywgaWQsICB7XG4gICAgICAgIGRpc3RyaWJ1dGlvbjogdGhpcy5jbG91ZEZyb250V2ViRGlzdHJpYnV0aW9uLFxuICAgICAgICBlbmNyeXB0aW9uS2V5XG4gICAgICB9KTtcbiAgICB9XG4gIH1cbn0iXX0=