UNPKG

@aws-solutions-constructs/core

Version:

Core CDK Construct for patterns library

github.com/awslabs/aws-solutions-constructs

awslabs/aws-solutions-constructs

138 lines 20.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
"use strict"; /** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance * with the License. A copy of the License is located at * * http://www.apache.org/licenses/LICENSE-2.0 * * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions * and limitations under the License. */ Object.defineProperty(exports, "__esModule", { value: true }); exports.buildTopic = buildTopic; exports.CheckSnsProps = CheckSnsProps; /* * The functions found here in the core library are for internal use and can be changed * or removed outside of a major release. We recommend against calling them directly from client code. */ // Imports const sns = require("aws-cdk-lib/aws-sns"); const kms = require("aws-cdk-lib/aws-kms"); const sns_defaults_1 = require("./sns-defaults"); const kms_helper_1 = require("./kms-helper"); const utils_1 = require("./utils"); const aws_iam_1 = require("aws-cdk-lib/aws-iam"); const aws_cdk_lib_1 = require("aws-cdk-lib"); function applySecureTopicPolicy(topic) { // Apply topic policy to enforce only the topic owner can publish and subscribe to this topic topic.addToResourcePolicy(new aws_iam_1.PolicyStatement({ sid: 'TopicOwnerOnlyAccess', resources: [ `${topic.topicArn}` ], actions: [ "SNS:Publish", "SNS:RemovePermission", "SNS:SetTopicAttributes", "SNS:DeleteTopic", "SNS:ListSubscriptionsByTopic", "SNS:GetTopicAttributes", "SNS:Receive", "SNS:AddPermission", "SNS:Subscribe" ], principals: [new aws_iam_1.AccountPrincipal(aws_cdk_lib_1.Stack.of(topic).account)], effect: aws_iam_1.Effect.ALLOW, conditions: { StringEquals: { "AWS:SourceOwner": aws_cdk_lib_1.Stack.of(topic).account } } })); // Apply Topic policy to enforce encryption of data in transit topic.addToResourcePolicy(new aws_iam_1.PolicyStatement({ sid: 'HttpsOnly', resources: [ `${topic.topicArn}` ], actions: [ "SNS:Publish", "SNS:RemovePermission", "SNS:SetTopicAttributes", "SNS:DeleteTopic", "SNS:ListSubscriptionsByTopic", "SNS:GetTopicAttributes", "SNS:Receive", "SNS:AddPermission", "SNS:Subscribe" ], principals: [new aws_iam_1.AnyPrincipal()], effect: aws_iam_1.Effect.DENY, conditions: { Bool: { 'aws:SecureTransport': 'false' } } })); } /** * @internal This is an internal core function and should not be called directly by Solutions Constructs clients. */ function buildTopic(scope, id, props) { if (!props.existingTopicObj) { // Setup the topic properties const snsTopicProps = (0, utils_1.consolidateProps)(sns_defaults_1.defaultSnsTopicProps, props.topicProps); // Set encryption properties if (props.topicProps?.masterKey) { snsTopicProps.masterKey = props.topicProps?.masterKey; } else if (props.encryptionKey) { snsTopicProps.masterKey = props.encryptionKey; } else if (props.encryptionKeyProps || props.enableEncryptionWithCustomerManagedKey === true) { snsTopicProps.masterKey = (0, kms_helper_1.buildEncryptionKey)(scope, id, props.encryptionKeyProps); } else { snsTopicProps.masterKey = kms.Alias.fromAliasName(scope, 'aws-managed-key', 'alias/aws/sns'); } // Create the SNS Topic // NOSONAR (typescript:S6327) - The masterKey is set in the if statement above, SONAR is // not catching it. Behavior is confirmed in the // 'Test deployment with no properties using AWS Managed KMS Key' unit test const topic = new sns.Topic(scope, 'SnsTopic', snsTopicProps); // NOSONAR applySecureTopicPolicy(topic); return { topic, key: snsTopicProps.masterKey }; } else { return { topic: props.existingTopicObj, key: props.existingTopicEncryptionKey }; } } function CheckSnsProps(propsObject) { let errorMessages = ''; let errorFound = false; // FargateToSns used TopicObject instead of TopicObj - to fix would be a breaking change, so we // must look for both here. if (propsObject.topicProps && (propsObject.existingTopicObj || propsObject.existingTopicObject)) { errorMessages += 'Error - Either provide topicProps or existingTopicObj, but not both.\n'; errorFound = true; } if (propsObject.topicProps?.masterKey && propsObject.encryptionKey) { errorMessages += 'Error - Either provide topicProps.masterKey or encryptionKey, but not both.\n'; errorFound = true; } if (propsObject.topicProps?.masterKey && propsObject.encryptionKeyProps) { errorMessages += 'Error - Either provide topicProps.masterKey or encryptionKeyProps, but not both.\n'; errorFound = true; } if (propsObject.encryptionKey && propsObject.encryptionKeyProps) { errorMessages += 'Error - Either provide encryptionKey or encryptionKeyProps, but not both.\n'; errorFound = true; } if (errorFound) { throw new Error(errorMessages); } } //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic25zLWhlbHBlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbInNucy1oZWxwZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBOzs7Ozs7Ozs7OztHQVdHOztBQWtJSCxnQ0E0QkM7QUFVRCxzQ0E2QkM7QUFuTUQ7OztHQUdHO0FBRUgsVUFBVTtBQUNWLDJDQUEyQztBQUMzQywyQ0FBMkM7QUFDM0MsaURBQXNEO0FBQ3RELDZDQUFrRDtBQUNsRCxtQ0FBMkM7QUFDM0MsaURBQThGO0FBQzlGLDZDQUFvQztBQStDcEMsU0FBUyxzQkFBc0IsQ0FBQyxLQUFnQjtJQUU5Qyw2RkFBNkY7SUFDN0YsS0FBSyxDQUFDLG1CQUFtQixDQUN2QixJQUFJLHlCQUFlLENBQUM7UUFDbEIsR0FBRyxFQUFFLHNCQUFzQjtRQUMzQixTQUFTLEVBQUU7WUFDVCxHQUFHLEtBQUssQ0FBQyxRQUFRLEVBQUU7U0FDcEI7UUFDRCxPQUFPLEVBQUU7WUFDUCxhQUFhO1lBQ2Isc0JBQXNCO1lBQ3RCLHdCQUF3QjtZQUN4QixpQkFBaUI7WUFDakIsOEJBQThCO1lBQzlCLHdCQUF3QjtZQUN4QixhQUFhO1lBQ2IsbUJBQW1CO1lBQ25CLGVBQWU7U0FDaEI7UUFDRCxVQUFVLEVBQUUsQ0FBQyxJQUFJLDBCQUFnQixDQUFDLG1CQUFLLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzNELE1BQU0sRUFBRSxnQkFBTSxDQUFDLEtBQUs7UUFDcEIsVUFBVSxFQUNKO1lBQ0UsWUFBWSxFQUFFO2dCQUNaLGlCQUFpQixFQUFFLG1CQUFLLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLE9BQU87YUFDM0M7U0FDRjtLQUNSLENBQUMsQ0FDSCxDQUFDO0lBRUYsOERBQThEO0lBQzlELEtBQUssQ0FBQyxtQkFBbUIsQ0FDdkIsSUFBSSx5QkFBZSxDQUFDO1FBQ2xCLEdBQUcsRUFBRSxXQUFXO1FBQ2hCLFNBQVMsRUFBRTtZQUNULEdBQUcsS0FBSyxDQUFDLFFBQVEsRUFBRTtTQUNwQjtRQUNELE9BQU8sRUFBRTtZQUNQLGFBQWE7WUFDYixzQkFBc0I7WUFDdEIsd0JBQXdCO1lBQ3hCLGlCQUFpQjtZQUNqQiw4QkFBOEI7WUFDOUIsd0JBQXdCO1lBQ3hCLGFBQWE7WUFDYixtQkFBbUI7WUFDbkIsZUFBZTtTQUNoQjtRQUNELFVBQVUsRUFBRSxDQUFDLElBQUksc0JBQVksRUFBRSxDQUFDO1FBQ2hDLE1BQU0sRUFBRSxnQkFBTSxDQUFDLElBQUk7UUFDbkIsVUFBVSxFQUNKO1lBQ0UsSUFBSSxFQUFFO2dCQUNKLHFCQUFxQixFQUFFLE9BQU87YUFDL0I7U0FDRjtLQUNSLENBQUMsQ0FDSCxDQUFDO0FBQ0osQ0FBQztBQU9EOztHQUVHO0FBQ0gsU0FBZ0IsVUFBVSxDQUFDLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQXNCO0lBQzdFLElBQUksQ0FBQyxLQUFLLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztRQUM1Qiw2QkFBNkI7UUFDN0IsTUFBTSxhQUFhLEdBQUcsSUFBQSx3QkFBZ0IsRUFBQyxtQ0FBb0IsRUFBRSxLQUFLLENBQUMsVUFBVSxDQUFDLENBQUM7UUFFL0UsNEJBQTRCO1FBQzVCLElBQUksS0FBSyxDQUFDLFVBQVUsRUFBRSxTQUFTLEVBQUUsQ0FBQztZQUNoQyxhQUFhLENBQUMsU0FBUyxHQUFHLEtBQUssQ0FBQyxVQUFVLEVBQUUsU0FBUyxDQUFDO1FBQ3hELENBQUM7YUFBTSxJQUFJLEtBQUssQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUMvQixhQUFhLENBQUMsU0FBUyxHQUFHLEtBQUssQ0FBQyxhQUFhLENBQUM7UUFDaEQsQ0FBQzthQUFNLElBQUksS0FBSyxDQUFDLGtCQUFrQixJQUFJLEtBQUssQ0FBQyxzQ0FBc0MsS0FBSyxJQUFJLEVBQUUsQ0FBQztZQUM3RixhQUFhLENBQUMsU0FBUyxHQUFHLElBQUEsK0JBQWtCLEVBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRSxLQUFLLENBQUMsa0JBQWtCLENBQUMsQ0FBQztRQUNwRixDQUFDO2FBQU0sQ0FBQztZQUNOLGFBQWEsQ0FBQyxTQUFTLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxhQUFhLENBQUMsS0FBSyxFQUFFLGlCQUFpQixFQUFFLGVBQWUsQ0FBQyxDQUFDO1FBQy9GLENBQUM7UUFFRCx1QkFBdUI7UUFDdkIsd0ZBQXdGO1FBQ3hGLGdEQUFnRDtRQUNoRCwyRUFBMkU7UUFDM0UsTUFBTSxLQUFLLEdBQWMsSUFBSSxHQUFHLENBQUMsS0FBSyxDQUFDLEtBQUssRUFBRSxVQUFVLEVBQUUsYUFBYSxDQUFDLENBQUMsQ0FBQyxVQUFVO1FBRXBGLHNCQUFzQixDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRTlCLE9BQU8sRUFBRSxLQUFLLEVBQUUsR0FBRyxFQUFFLGFBQWEsQ0FBQyxTQUFTLEVBQUUsQ0FBQztJQUNqRCxDQUFDO1NBQU0sQ0FBQztRQUNOLE9BQU8sRUFBRSxLQUFLLEVBQUUsS0FBSyxDQUFDLGdCQUFnQixFQUFFLEdBQUcsRUFBRSxLQUFLLENBQUMsMEJBQTBCLEVBQUUsQ0FBQztJQUNsRixDQUFDO0FBQ0gsQ0FBQztBQVVELFNBQWdCLGFBQWEsQ0FBQyxXQUEyQjtJQUN2RCxJQUFJLGFBQWEsR0FBRyxFQUFFLENBQUM7SUFDdkIsSUFBSSxVQUFVLEdBQUcsS0FBSyxDQUFDO0lBRXZCLCtGQUErRjtJQUMvRiwyQkFBMkI7SUFDM0IsSUFBSSxXQUFXLENBQUMsVUFBVSxJQUFJLENBQUMsV0FBVyxDQUFDLGdCQUFnQixJQUFJLFdBQVcsQ0FBQyxtQkFBbUIsQ0FBQyxFQUFFLENBQUM7UUFDaEcsYUFBYSxJQUFJLHdFQUF3RSxDQUFDO1FBQzFGLFVBQVUsR0FBRyxJQUFJLENBQUM7SUFDcEIsQ0FBQztJQUVELElBQUksV0FBVyxDQUFDLFVBQVUsRUFBRSxTQUFTLElBQUksV0FBVyxDQUFDLGFBQWEsRUFBRSxDQUFDO1FBQ25FLGFBQWEsSUFBSSwrRUFBK0UsQ0FBQztRQUNqRyxVQUFVLEdBQUcsSUFBSSxDQUFDO0lBQ3BCLENBQUM7SUFFRCxJQUFJLFdBQVcsQ0FBQyxVQUFVLEVBQUUsU0FBUyxJQUFJLFdBQVcsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1FBQ3hFLGFBQWEsSUFBSSxvRkFBb0YsQ0FBQztRQUN0RyxVQUFVLEdBQUcsSUFBSSxDQUFDO0lBQ3BCLENBQUM7SUFFRCxJQUFJLFdBQVcsQ0FBQyxhQUFhLElBQUksV0FBVyxDQUFDLGtCQUFrQixFQUFFLENBQUM7UUFDaEUsYUFBYSxJQUFJLDZFQUE2RSxDQUFDO1FBQy9GLFVBQVUsR0FBRyxJQUFJLENBQUM7SUFDcEIsQ0FBQztJQUVELElBQUksVUFBVSxFQUFFLENBQUM7UUFDZixNQUFNLElBQUksS0FBSyxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7QUFDSCxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiAgQ29weXJpZ2h0IEFtYXpvbi5jb20sIEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuXG4gKlxuICogIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSBcIkxpY2Vuc2VcIikuIFlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2VcbiAqICB3aXRoIHRoZSBMaWNlbnNlLiBBIGNvcHkgb2YgdGhlIExpY2Vuc2UgaXMgbG9jYXRlZCBhdFxuICpcbiAqICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wXG4gKlxuICogIG9yIGluIHRoZSAnbGljZW5zZScgZmlsZSBhY2NvbXBhbnlpbmcgdGhpcyBmaWxlLiBUaGlzIGZpbGUgaXMgZGlzdHJpYnV0ZWQgb24gYW4gJ0FTIElTJyBCQVNJUywgV0lUSE9VVCBXQVJSQU5USUVTXG4gKiAgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZXhwcmVzcyBvciBpbXBsaWVkLiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnNcbiAqICBhbmQgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuXG4gKi9cblxuLypcbiAqICBUaGUgZnVuY3Rpb25zIGZvdW5kIGhlcmUgaW4gdGhlIGNvcmUgbGlicmFyeSBhcmUgZm9yIGludGVybmFsIHVzZSBhbmQgY2FuIGJlIGNoYW5nZWRcbiAqICBvciByZW1vdmVkIG91dHNpZGUgb2YgYSBtYWpvciByZWxlYXNlLiBXZSByZWNvbW1lbmQgYWdhaW5zdCBjYWxsaW5nIHRoZW0gZGlyZWN0bHkgZnJvbSBjbGllbnQgY29kZS5cbiAqL1xuXG4vLyBJbXBvcnRzXG5pbXBvcnQgKiBhcyBzbnMgZnJvbSAnYXdzLWNkay1saWIvYXdzLXNucyc7XG5pbXBvcnQgKiBhcyBrbXMgZnJvbSAnYXdzLWNkay1saWIvYXdzLWttcyc7XG5pbXBvcnQgeyBkZWZhdWx0U25zVG9waWNQcm9wcyB9IGZyb20gJy4vc25zLWRlZmF1bHRzJztcbmltcG9ydCB7IGJ1aWxkRW5jcnlwdGlvbktleSB9IGZyb20gJy4va21zLWhlbHBlcic7XG5pbXBvcnQgeyBjb25zb2xpZGF0ZVByb3BzIH0gZnJvbSAnLi91dGlscyc7XG5pbXBvcnQgeyBQb2xpY3lTdGF0ZW1lbnQsIEFueVByaW5jaXBhbCwgRWZmZWN0LCBBY2NvdW50UHJpbmNpcGFsIH0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWlhbSc7XG5pbXBvcnQgeyBTdGFjayB9IGZyb20gJ2F3cy1jZGstbGliJztcbi8vIE5vdGU6IFRvIGVuc3VyZSBDREt2MiBjb21wYXRpYmlsaXR5LCBrZWVwIHRoZSBpbXBvcnQgc3RhdGVtZW50IGZvciBDb25zdHJ1Y3Qgc2VwYXJhdGVcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuXG5leHBvcnQgaW50ZXJmYWNlIEJ1aWxkVG9waWNQcm9wcyB7XG4gICAgLyoqXG4gICAgICogRXhpc3RpbmcgU05TIHRvcGljIHRvIGJlIHVzZWQgaW5zdGVhZCBvZiB0aGUgZGVmYXVsdCB0b3BpYy4gUHJvdmlkaW5nIGJvdGggdGhpcyBhbmQgYHRvcGljUHJvcHNgIHdpbGwgY2F1c2UgYW4gZXJyb3IuXG4gICAgICogSWYgdGhlIFNOUyBUb3BpYyBpcyBlbmNyeXB0ZWQgd2l0aCBhIEN1c3RvbWVyLU1hbmFnZWQgbWFuYWdlZCBLTVMga2V5LCB0aGUga2V5IG11c3QgYmUgc3BlY2lmaWVkIGluIHRoZVxuICAgICAqIGBleGlzdGluZ1RvcGljRW5jcnlwdGlvbktleWAgcHJvcGVydHkuXG4gICAgICpcbiAgICAgKiBAZGVmYXVsdCAtIERlZmF1bHQgcHJvcHMgYXJlIHVzZWRcbiAgICAgKi9cbiAgICByZWFkb25seSBleGlzdGluZ1RvcGljT2JqPzogc25zLlRvcGljO1xuICAgICAvKipcbiAgICAgICogSWYgYW4gZXhpc3RpbmcgdG9waWMgaXMgcHJvdmlkZWQgaW4gdGhlIGBleGlzdGluZ1RvcGljT2JqYCBwcm9wZXJ0eSwgYW5kIHRoYXQgdG9waWMgaXMgZW5jcnlwdGVkIHdpdGggYSBjdXN0b21lciBtYW5hZ2VkIEtNUyBrZXksXG4gICAgICAqIHRoaXMgcHJvcGVydHkgYWxzbyBuZWVkcyB0byBiZSBzZXQgd2l0aCBzYW1lIENNSy5cbiAgICAgICpcbiAgICAgICogQGRlZmF1bHQgLSBOb25lXG4gICAgICAqL1xuICAgIHJlYWRvbmx5IGV4aXN0aW5nVG9waWNFbmNyeXB0aW9uS2V5Pzoga21zLktleTtcbiAgICAvKipcbiAgICAgKiBPcHRpb25hbCB1c2VyIHByb3ZpZGVkIHByb3BzIHRvIG92ZXJyaWRlIHRoZSBkZWZhdWx0IHByb3BzIGZvciB0aGUgU05TIHRvcGljLlxuICAgICAqXG4gICAgICogQGRlZmF1bHQgLSBEZWZhdWx0IHByb3BzIGFyZSB1c2VkLlxuICAgICAqL1xuICAgIHJlYWRvbmx5IHRvcGljUHJvcHM/OiBzbnMuVG9waWNQcm9wcztcbiAgICAvKipcbiAgICAgKiBJZiBubyBrZXkgaXMgcHJvdmlkZWQsIHRoaXMgZmxhZyBkZXRlcm1pbmVzIHdoZXRoZXIgdGhlIHRvcGljIGlzIGVuY3J5cHRlZCB3aXRoIGEgbmV3IENNSyBvciBhbiBBV1MgbWFuYWdlZCBrZXkuXG4gICAgICogVGhpcyBmbGFnIGlzIGlnbm9yZWQgaWYgYW55IG9mIHRoZSBmb2xsb3dpbmcgYXJlIGRlZmluZWQ6IHRvcGljUHJvcHMubWFzdGVyS2V5LCBlbmNyeXB0aW9uS2V5IG9yIGVuY3J5cHRpb25LZXlQcm9wcy5cbiAgICAgKlxuICAgICAqIEBkZWZhdWx0IC0gRmFsc2UgaWYgdG9waWNQcm9wcy5tYXN0ZXJLZXksIGVuY3J5cHRpb25LZXksIGFuZCBlbmNyeXB0aW9uS2V5UHJvcHMgYXJlIGFsbCB1bmRlZmluZWQuXG4gICAgICovXG4gICAgcmVhZG9ubHkgZW5hYmxlRW5jcnlwdGlvbldpdGhDdXN0b21lck1hbmFnZWRLZXk/OiBib29sZWFuO1xuICAgIC8qKlxuICAgICAqIEFuIG9wdGlvbmFsLCBpbXBvcnRlZCBlbmNyeXB0aW9uIGtleSB0byBlbmNyeXB0IHRoZSBTTlMgdG9waWMgd2l0aC5cbiAgICAgKlxuICAgICAqIEBkZWZhdWx0IC0gTm9uZVxuICAgICAqL1xuICAgIHJlYWRvbmx5IGVuY3J5cHRpb25LZXk/OiBrbXMuS2V5O1xuICAgIC8qKlxuICAgICAqIE9wdGlvbmFsIHVzZXIgcHJvdmlkZWQgcHJvcGVydGllcyB0byBvdmVycmlkZSB0aGUgZGVmYXVsdCBwcm9wZXJ0aWVzIGZvciB0aGUgS01TIGVuY3J5cHRpb24ga2V5IHVzZWQgdG8gZW5jcnlwdCB0aGUgU05TIHRvcGljIHdpdGguXG4gICAgICpcbiAgICAgKiBAZGVmYXVsdCAtIE5vbmVcbiAgICAgKi9cbiAgICByZWFkb25seSBlbmNyeXB0aW9uS2V5UHJvcHM/OiBrbXMuS2V5UHJvcHM7XG59XG5cbmZ1bmN0aW9uIGFwcGx5U2VjdXJlVG9waWNQb2xpY3kodG9waWM6IHNucy5Ub3BpYyk6IHZvaWQge1xuXG4gIC8vIEFwcGx5IHRvcGljIHBvbGljeSB0byBlbmZvcmNlIG9ubHkgdGhlIHRvcGljIG93bmVyIGNhbiBwdWJsaXNoIGFuZCBzdWJzY3JpYmUgdG8gdGhpcyB0b3BpY1xuICB0b3BpYy5hZGRUb1Jlc291cmNlUG9saWN5KFxuICAgIG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgc2lkOiAnVG9waWNPd25lck9ubHlBY2Nlc3MnLFxuICAgICAgcmVzb3VyY2VzOiBbXG4gICAgICAgIGAke3RvcGljLnRvcGljQXJufWBcbiAgICAgIF0sXG4gICAgICBhY3Rpb25zOiBbXG4gICAgICAgIFwiU05TOlB1Ymxpc2hcIixcbiAgICAgICAgXCJTTlM6UmVtb3ZlUGVybWlzc2lvblwiLFxuICAgICAgICBcIlNOUzpTZXRUb3BpY0F0dHJpYnV0ZXNcIixcbiAgICAgICAgXCJTTlM6RGVsZXRlVG9waWNcIixcbiAgICAgICAgXCJTTlM6TGlzdFN1YnNjcmlwdGlvbnNCeVRvcGljXCIsXG4gICAgICAgIFwiU05TOkdldFRvcGljQXR0cmlidXRlc1wiLFxuICAgICAgICBcIlNOUzpSZWNlaXZlXCIsXG4gICAgICAgIFwiU05TOkFkZFBlcm1pc3Npb25cIixcbiAgICAgICAgXCJTTlM6U3Vic2NyaWJlXCJcbiAgICAgIF0sXG4gICAgICBwcmluY2lwYWxzOiBbbmV3IEFjY291bnRQcmluY2lwYWwoU3RhY2sub2YodG9waWMpLmFjY291bnQpXSxcbiAgICAgIGVmZmVjdDogRWZmZWN0LkFMTE9XLFxuICAgICAgY29uZGl0aW9uczpcbiAgICAgICAgICAgIHtcbiAgICAgICAgICAgICAgU3RyaW5nRXF1YWxzOiB7XG4gICAgICAgICAgICAgICAgXCJBV1M6U291cmNlT3duZXJcIjogU3RhY2sub2YodG9waWMpLmFjY291bnRcbiAgICAgICAgICAgICAgfVxuICAgICAgICAgICAgfVxuICAgIH0pXG4gICk7XG5cbiAgLy8gQXBwbHkgVG9waWMgcG9saWN5IHRvIGVuZm9yY2UgZW5jcnlwdGlvbiBvZiBkYXRhIGluIHRyYW5zaXRcbiAgdG9waWMuYWRkVG9SZXNvdXJjZVBvbGljeShcbiAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgIHNpZDogJ0h0dHBzT25seScsXG4gICAgICByZXNvdXJjZXM6IFtcbiAgICAgICAgYCR7dG9waWMudG9waWNBcm59YFxuICAgICAgXSxcbiAgICAgIGFjdGlvbnM6IFtcbiAgICAgICAgXCJTTlM6UHVibGlzaFwiLFxuICAgICAgICBcIlNOUzpSZW1vdmVQZXJtaXNzaW9uXCIsXG4gICAgICAgIFwiU05TOlNldFRvcGljQXR0cmlidXRlc1wiLFxuICAgICAgICBcIlNOUzpEZWxldGVUb3BpY1wiLFxuICAgICAgICBcIlNOUzpMaXN0U3Vic2NyaXB0aW9uc0J5VG9waWNcIixcbiAgICAgICAgXCJTTlM6R2V0VG9waWNBdHRyaWJ1dGVzXCIsXG4gICAgICAgIFwiU05TOlJlY2VpdmVcIixcbiAgICAgICAgXCJTTlM6QWRkUGVybWlzc2lvblwiLFxuICAgICAgICBcIlNOUzpTdWJzY3JpYmVcIlxuICAgICAgXSxcbiAgICAgIHByaW5jaXBhbHM6IFtuZXcgQW55UHJpbmNpcGFsKCldLFxuICAgICAgZWZmZWN0OiBFZmZlY3QuREVOWSxcbiAgICAgIGNvbmRpdGlvbnM6XG4gICAgICAgICAgICB7XG4gICAgICAgICAgICAgIEJvb2w6IHtcbiAgICAgICAgICAgICAgICAnYXdzOlNlY3VyZVRyYW5zcG9ydCc6ICdmYWxzZSdcbiAgICAgICAgICAgICAgfVxuICAgICAgICAgICAgfVxuICAgIH0pXG4gICk7XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgQnVpbGRUb3BpY1Jlc3BvbnNlIHtcbiAgcmVhZG9ubHkgdG9waWM6IHNucy5Ub3BpYyxcbiAgcmVhZG9ubHkga2V5Pzoga21zLktleVxufVxuXG4vKipcbiAqIEBpbnRlcm5hbCBUaGlzIGlzIGFuIGludGVybmFsIGNvcmUgZnVuY3Rpb24gYW5kIHNob3VsZCBub3QgYmUgY2FsbGVkIGRpcmVjdGx5IGJ5IFNvbHV0aW9ucyBDb25zdHJ1Y3RzIGNsaWVudHMuXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBidWlsZFRvcGljKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBCdWlsZFRvcGljUHJvcHMpOiBCdWlsZFRvcGljUmVzcG9uc2Uge1xuICBpZiAoIXByb3BzLmV4aXN0aW5nVG9waWNPYmopIHtcbiAgICAvLyBTZXR1cCB0aGUgdG9waWMgcHJvcGVydGllc1xuICAgIGNvbnN0IHNuc1RvcGljUHJvcHMgPSBjb25zb2xpZGF0ZVByb3BzKGRlZmF1bHRTbnNUb3BpY1Byb3BzLCBwcm9wcy50b3BpY1Byb3BzKTtcblxuICAgIC8vIFNldCBlbmNyeXB0aW9uIHByb3BlcnRpZXNcbiAgICBpZiAocHJvcHMudG9waWNQcm9wcz8ubWFzdGVyS2V5KSB7XG4gICAgICBzbnNUb3BpY1Byb3BzLm1hc3RlcktleSA9IHByb3BzLnRvcGljUHJvcHM/Lm1hc3RlcktleTtcbiAgICB9IGVsc2UgaWYgKHByb3BzLmVuY3J5cHRpb25LZXkpIHtcbiAgICAgIHNuc1RvcGljUHJvcHMubWFzdGVyS2V5ID0gcHJvcHMuZW5jcnlwdGlvbktleTtcbiAgICB9IGVsc2UgaWYgKHByb3BzLmVuY3J5cHRpb25LZXlQcm9wcyB8fCBwcm9wcy5lbmFibGVFbmNyeXB0aW9uV2l0aEN1c3RvbWVyTWFuYWdlZEtleSA9PT0gdHJ1ZSkge1xuICAgICAgc25zVG9waWNQcm9wcy5tYXN0ZXJLZXkgPSBidWlsZEVuY3J5cHRpb25LZXkoc2NvcGUsIGlkLCBwcm9wcy5lbmNyeXB0aW9uS2V5UHJvcHMpO1xuICAgIH0gZWxzZSB7XG4gICAgICBzbnNUb3BpY1Byb3BzLm1hc3RlcktleSA9IGttcy5BbGlhcy5mcm9tQWxpYXNOYW1lKHNjb3BlLCAnYXdzLW1hbmFnZWQta2V5JywgJ2FsaWFzL2F3cy9zbnMnKTtcbiAgICB9XG5cbiAgICAvLyBDcmVhdGUgdGhlIFNOUyBUb3BpY1xuICAgIC8vIE5PU09OQVIgKHR5cGVzY3JpcHQ6UzYzMjcpIC0gVGhlIG1hc3RlcktleSBpcyBzZXQgaW4gdGhlIGlmIHN0YXRlbWVudCBhYm92ZSwgU09OQVIgaXNcbiAgICAvLyBub3QgY2F0Y2hpbmcgaXQuIEJlaGF2aW9yIGlzIGNvbmZpcm1lZCBpbiB0aGVcbiAgICAvLyAnVGVzdCBkZXBsb3ltZW50IHdpdGggbm8gcHJvcGVydGllcyB1c2luZyBBV1MgTWFuYWdlZCBLTVMgS2V5JyB1bml0IHRlc3RcbiAgICBjb25zdCB0b3BpYzogc25zLlRvcGljID0gbmV3IHNucy5Ub3BpYyhzY29wZSwgJ1Nuc1RvcGljJywgc25zVG9waWNQcm9wcyk7IC8vIE5PU09OQVJcblxuICAgIGFwcGx5U2VjdXJlVG9waWNQb2xpY3kodG9waWMpO1xuXG4gICAgcmV0dXJuIHsgdG9waWMsIGtleTogc25zVG9waWNQcm9wcy5tYXN0ZXJLZXkgfTtcbiAgfSBlbHNlIHtcbiAgICByZXR1cm4geyB0b3BpYzogcHJvcHMuZXhpc3RpbmdUb3BpY09iaiwga2V5OiBwcm9wcy5leGlzdGluZ1RvcGljRW5jcnlwdGlvbktleSB9O1xuICB9XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgU25zUHJvcHMge1xuICByZWFkb25seSB0b3BpY1Byb3BzPzogc25zLlRvcGljUHJvcHMsXG4gIHJlYWRvbmx5IGV4aXN0aW5nVG9waWNPYmo/OiBzbnMuVG9waWMsXG4gIHJlYWRvbmx5IGV4aXN0aW5nVG9waWNPYmplY3Q/OiBzbnMuVG9waWMsXG4gIHJlYWRvbmx5IGVuY3J5cHRpb25LZXk/OiBrbXMuS2V5LFxuICByZWFkb25seSBlbmNyeXB0aW9uS2V5UHJvcHM/OiBrbXMuS2V5UHJvcHNcbn1cblxuZXhwb3J0IGZ1bmN0aW9uIENoZWNrU25zUHJvcHMocHJvcHNPYmplY3Q6IFNuc1Byb3BzIHwgYW55KSB7XG4gIGxldCBlcnJvck1lc3NhZ2VzID0gJyc7XG4gIGxldCBlcnJvckZvdW5kID0gZmFsc2U7XG5cbiAgLy8gRmFyZ2F0ZVRvU25zIHVzZWQgVG9waWNPYmplY3QgaW5zdGVhZCBvZiBUb3BpY09iaiAtIHRvIGZpeCB3b3VsZCBiZSBhIGJyZWFraW5nIGNoYW5nZSwgc28gd2VcbiAgLy8gbXVzdCBsb29rIGZvciBib3RoIGhlcmUuXG4gIGlmIChwcm9wc09iamVjdC50b3BpY1Byb3BzICYmIChwcm9wc09iamVjdC5leGlzdGluZ1RvcGljT2JqIHx8IHByb3BzT2JqZWN0LmV4aXN0aW5nVG9waWNPYmplY3QpKSB7XG4gICAgZXJyb3JNZXNzYWdlcyArPSAnRXJyb3IgLSBFaXRoZXIgcHJvdmlkZSB0b3BpY1Byb3BzIG9yIGV4aXN0aW5nVG9waWNPYmosIGJ1dCBub3QgYm90aC5cXG4nO1xuICAgIGVycm9yRm91bmQgPSB0cnVlO1xuICB9XG5cbiAgaWYgKHByb3BzT2JqZWN0LnRvcGljUHJvcHM/Lm1hc3RlcktleSAmJiBwcm9wc09iamVjdC5lbmNyeXB0aW9uS2V5KSB7XG4gICAgZXJyb3JNZXNzYWdlcyArPSAnRXJyb3IgLSBFaXRoZXIgcHJvdmlkZSB0b3BpY1Byb3BzLm1hc3RlcktleSBvciBlbmNyeXB0aW9uS2V5LCBidXQgbm90IGJvdGguXFxuJztcbiAgICBlcnJvckZvdW5kID0gdHJ1ZTtcbiAgfVxuXG4gIGlmIChwcm9wc09iamVjdC50b3BpY1Byb3BzPy5tYXN0ZXJLZXkgJiYgcHJvcHNPYmplY3QuZW5jcnlwdGlvbktleVByb3BzKSB7XG4gICAgZXJyb3JNZXNzYWdlcyArPSAnRXJyb3IgLSBFaXRoZXIgcHJvdmlkZSB0b3BpY1Byb3BzLm1hc3RlcktleSBvciBlbmNyeXB0aW9uS2V5UHJvcHMsIGJ1dCBub3QgYm90aC5cXG4nO1xuICAgIGVycm9yRm91bmQgPSB0cnVlO1xuICB9XG5cbiAgaWYgKHByb3BzT2JqZWN0LmVuY3J5cHRpb25LZXkgJiYgcHJvcHNPYmplY3QuZW5jcnlwdGlvbktleVByb3BzKSB7XG4gICAgZXJyb3JNZXNzYWdlcyArPSAnRXJyb3IgLSBFaXRoZXIgcHJvdmlkZSBlbmNyeXB0aW9uS2V5IG9yIGVuY3J5cHRpb25LZXlQcm9wcywgYnV0IG5vdCBib3RoLlxcbic7XG4gICAgZXJyb3JGb3VuZCA9IHRydWU7XG4gIH1cblxuICBpZiAoZXJyb3JGb3VuZCkge1xuICAgIHRocm93IG5ldyBFcnJvcihlcnJvck1lc3NhZ2VzKTtcbiAgfVxufVxuIl19