{"version":3,"sources":["jsdelivr-header.js","/npm/secrets-manager-signature-tools@1.0.7/dist/index.js"],"names":[],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA,ACNA,aACA,IAAI,UAAa,MAAQ,KAAK,WAAc,SAAU,EAAS,EAAY,EAAG,GAE1E,OAAO,IAAK,IAAM,EAAI,WAAU,SAAU,EAAS,GAC/C,SAAS,EAAU,GAAS,IAAM,EAAK,EAAU,KAAK,GAAS,CAAE,MAAO,GAAK,EAAO,EAAI,CAAE,CAC1F,SAAS,EAAS,GAAS,IAAM,EAAK,EAAiB,MAAE,GAAS,CAAE,MAAO,GAAK,EAAO,EAAI,CAAE,CAC7F,SAAS,EAAK,GAJlB,IAAe,EAIa,EAAO,KAAO,EAAQ,EAAO,QAJ1C,EAIyD,EAAO,MAJhD,aAAiB,EAAI,EAAQ,IAAI,GAAE,SAAU,GAAW,EAAQ,EAAQ,KAIjB,KAAK,EAAW,EAAW,CAC7G,GAAM,EAAY,EAAU,MAAM,EAAS,GAAc,KAAK,OAClE,GACJ,EACI,YAAe,MAAQ,KAAK,aAAgB,SAAU,EAAS,GAC/D,IAAsG,EAAG,EAAG,EAAG,EAA3G,EAAI,CAAE,MAAO,EAAG,KAAM,WAAa,GAAW,EAAP,EAAE,GAAQ,MAAM,EAAE,GAAI,OAAO,EAAE,EAAI,EAAG,KAAM,GAAI,IAAK,IAChG,OAAO,EAAI,CAAE,KAAM,EAAK,GAAI,MAAS,EAAK,GAAI,OAAU,EAAK,IAAwB,mBAAX,SAA0B,EAAE,OAAO,UAAY,WAAa,OAAO,IAAM,GAAI,EACvJ,SAAS,EAAK,GAAK,OAAO,SAAU,GAAK,OACzC,SAAc,GACV,GAAI,EAAG,MAAM,IAAI,UAAU,mCAC3B,KAAO,OACH,GAAI,EAAI,EAAG,IAAM,EAAY,EAAR,EAAG,GAAS,EAAU,OAAI,EAAG,GAAK,EAAS,SAAO,EAAI,EAAU,SAAM,EAAE,KAAK,GAAI,GAAK,EAAE,SAAW,EAAI,EAAE,KAAK,EAAG,EAAG,KAAK,KAAM,OAAO,EAE3J,OADI,EAAI,EAAG,IAAG,EAAK,CAAS,EAAR,EAAG,GAAQ,EAAE,QACzB,EAAG,IACP,KAAK,EAAG,KAAK,EAAG,EAAI,EAAI,MACxB,KAAK,EAAc,OAAX,EAAE,QAAgB,CAAE,MAAO,EAAG,GAAI,MAAM,GAChD,KAAK,EAAG,EAAE,QAAS,EAAI,EAAG,GAAI,EAAK,CAAC,GAAI,SACxC,KAAK,EAAG,EAAK,EAAE,IAAI,MAAO,EAAE,KAAK,MAAO,SACxC,QACI,KAAM,EAAI,EAAE,MAAM,EAAI,EAAE,OAAS,GAAK,EAAE,EAAE,OAAS,KAAkB,IAAV,EAAG,IAAsB,IAAV,EAAG,IAAW,CAAE,EAAI,EAAG,QAAU,CAC3G,GAAc,IAAV,EAAG,MAAc,GAAM,EAAG,GAAK,EAAE,IAAM,EAAG,GAAK,EAAE,IAAM,CAAE,EAAE,MAAQ,EAAG,GAAI,KAAO,CACrF,GAAc,IAAV,EAAG,IAAY,EAAE,MAAQ,EAAE,GAAI,CAAE,EAAE,MAAQ,EAAE,GAAI,EAAI,EAAI,KAAO,CACpE,GAAI,GAAK,EAAE,MAAQ,EAAE,GAAI,CAAE,EAAE,MAAQ,EAAE,GAAI,EAAE,IAAI,KAAK,GAAK,KAAO,CAC9D,EAAE,IAAI,EAAE,IAAI,MAChB,EAAE,KAAK,MAAO,SAEtB,EAAK,EAAK,KAAK,EAAS,EAC5B,CAAE,MAAO,GAAK,EAAK,CAAC,EAAG,GAAI,EAAI,CAAG,CAAE,QAAU,EAAI,EAAI,CAAG,CACzD,GAAY,EAAR,EAAG,GAAQ,MAAM,EAAG,GAAI,MAAO,CAAE,MAAO,EAAG,GAAK,EAAG,QAAK,EAAQ,MAAM,EAC9E,CAtBgD,CAAK,CAAC,EAAG,GAAK,CAAG,CAuBrE,EACI,gBAAmB,MAAQ,KAAK,iBAAoB,SAAU,GAC9D,OAAQ,GAAO,EAAI,WAAc,EAAM,CAAE,QAAW,EACxD,EACA,QAAQ,YAAa,EACrB,IAAI,SAAW,gBAAgB,QAAQ,aACnC,sBAAwB,gBAAgB,QAAQ,mCAMhD,iBAAkC,WAMlC,SAAS,EAAiB,GACtB,KAAK,OAAS,EACd,KAAK,OAAS,IAAI,IAClB,KAAK,UAAY,IAAI,sBAA+B,QAAE,KAAK,OAAO,iBAClE,KAAK,aAAe,IAAI,SAAkB,QAAE,KAAK,OAAO,aAC5D,CA2EA,OA3DA,EAAiB,UAAU,QAAU,SAAU,EAAM,EAAU,GAE3D,YADoB,IAAhB,IAA0B,GAAc,GACrC,UAAU,UAAM,OAAQ,GAAQ,WACnC,IAAI,EAAY,EAChB,OAAO,YAAY,MAAM,SAAU,GAC/B,OAAQ,EAAG,OACP,KAAK,EAED,OADA,EAAa,KAAK,OAAO,IAAI,IAEtB,CAAC,EAAc,KAAK,aAAa,KAAK,EAAY,IADjC,CAAC,EAAa,GAE1C,KAAK,EAAG,MAAO,CAAC,EAAa,KAAK,UAAU,UAAU,CAAE,SAAU,KAClE,KAAK,EAKD,OAJA,EAAM,EAAG,OACL,GACA,KAAK,OAAO,IAAI,EAAU,GAEvB,CAAC,EAAc,KAAK,aAAa,KAAK,EAAK,IAE9D,GACJ,GACJ,EAkBA,EAAiB,UAAU,WAAa,SAAU,EAAW,EAAM,EAAU,GAEzE,YADoB,IAAhB,IAA0B,GAAc,GACrC,UAAU,UAAM,OAAQ,GAAQ,WACnC,IAAI,EAAW,EACf,OAAO,YAAY,MAAM,SAAU,GAC/B,OAAQ,EAAG,OACP,KAAK,EAED,OADA,EAAY,KAAK,OAAO,IAAI,IAErB,CAAC,EAAc,KAAK,aAAa,OAAO,EAAW,EAAM,IADzC,CAAC,EAAa,GAEzC,KAAK,EAAG,MAAO,CAAC,EAAa,KAAK,UAAU,UAAU,CAAE,SAAU,KAClE,KAAK,EAKD,OAJA,EAAM,EAAG,OACL,GACA,KAAK,OAAO,IAAI,EAAU,GAEvB,CAAC,EAAc,KAAK,aAAa,OAAO,EAAK,EAAM,IAEtE,GACJ,GACJ,EACO,CACX,CAvFqC,GAwFrC,QAAiB,QAAI","file":"/npm/secrets-manager-signature-tools@1.0.7/dist/index.js","sourceRoot":"","sourcesContent":["/**\n * Minified by jsDelivr using Terser v5.39.0.\n * Original file: /npm/secrets-manager-signature-tools@1.0.7/dist/index.js\n *\n * Do NOT use SRI with dynamically generated files! More information: https://www.jsdelivr.com/using-sri-with-dynamic-files\n */\n","\"use strict\";\nvar __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {\n function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\n return new (P || (P = Promise))(function (resolve, reject) {\n function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\n function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\n function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\n step((generator = generator.apply(thisArg, _arguments || [])).next());\n });\n};\nvar __generator = (this && this.__generator) || function (thisArg, body) {\n var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;\n return g = { next: verb(0), \"throw\": verb(1), \"return\": verb(2) }, typeof Symbol === \"function\" && (g[Symbol.iterator] = function() { return this; }), g;\n function verb(n) { return function (v) { return step([n, v]); }; }\n function step(op) {\n if (f) throw new TypeError(\"Generator is already executing.\");\n while (_) try {\n if (f = 1, y && (t = op[0] & 2 ? y[\"return\"] : op[0] ? y[\"throw\"] || ((t = y[\"return\"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;\n if (y = 0, t) op = [op[0] & 2, t.value];\n switch (op[0]) {\n case 0: case 1: t = op; break;\n case 4: _.label++; return { value: op[1], done: false };\n case 5: _.label++; y = op[1]; op = [0]; continue;\n case 7: op = _.ops.pop(); _.trys.pop(); continue;\n default:\n if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }\n if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }\n if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }\n if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }\n if (t[2]) _.ops.pop();\n _.trys.pop(); continue;\n }\n op = body.call(thisArg, _);\n } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }\n if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };\n }\n};\nvar __importDefault = (this && this.__importDefault) || function (mod) {\n return (mod && mod.__esModule) ? mod : { \"default\": mod };\n};\nexports.__esModule = true;\nvar crypto_1 = __importDefault(require(\"./crypto\"));\nvar aws_secrets_manager_1 = __importDefault(require(\"./services/aws-secrets-manager\"));\n/**\n * Signature engine that signs or verified given data artefacts against secrets stored in AWS\n * Secrets Manager. This module is capable of caching keys in memory for multiple use to avoid\n * network turnarounds. This can be configured on per-cipher-key basis.\n */\nvar SimpleSignEngine = /** @class */ (function () {\n /**\n * Constructs and instance of the signature engine\n *\n * @param config Configuration to initialize the engine\n */\n function SimpleSignEngine(config) {\n this.config = config;\n this.keyMap = new Map();\n this.asmClient = new aws_secrets_manager_1[\"default\"](this.config.asmClientConfig);\n this.cryptoClient = new crypto_1[\"default\"](this.config.cryptoConfig);\n }\n /**\n * Generates a signature for the given data. It fetches the private key for signing using the\n * given secret id from ASM. If option shouldCache is false, the function will not save the key,\n * else it will store the key in the map.\n *\n * NOTE: the secretId param is the name of the secret that represents the private key in\n * AWS Secrets Manager.\n *\n * @param {string | Buffer} data Data that needs to be signed\n * @param {string} secretId ID in ASM for the private key for signing\n * @param {boolean} shouldCache Flag to cache the private key in the key map in-memory. This\n * option is set to false by default.\n *\n * @returns {Promise} Promise for the signature as Base-64 encoded string\n */\n SimpleSignEngine.prototype.getSign = function (data, secretId, shouldCache) {\n if (shouldCache === void 0) { shouldCache = false; }\n return __awaiter(this, void 0, void 0, function () {\n var privateKey, key;\n return __generator(this, function (_a) {\n switch (_a.label) {\n case 0:\n privateKey = this.keyMap.get(secretId);\n if (!privateKey) return [3 /*break*/, 1];\n return [2 /*return*/, this.cryptoClient.sign(privateKey, data)];\n case 1: return [4 /*yield*/, this.asmClient.getSecret({ SecretId: secretId })];\n case 2:\n key = _a.sent();\n if (shouldCache) {\n this.keyMap.set(secretId, key);\n }\n return [2 /*return*/, this.cryptoClient.sign(key, data)];\n }\n });\n });\n };\n /**\n * Verifies given data against a given signature. It fetches the public key using the given secret\n * id from ASM. If option shouldCache is false, the function will not save the key, else it will\n * store the key in the map.\n *\n * NOTE: the secretId param is the name of the secret that represents the public key in\n * AWS Secrets Manager.\n *\n * @param {string} signature\n * @param {string | Buffer} data Data that needs to be verified\n * @param {string} secretId ID in ASM for the public key for signing\n * @param {boolean} shouldCache Flag to cache the public key in the key map in-memory. This\n * option is set to false by default.\n *\n * @returns {Promise} Promise for the result of the verification as either true (passed)\n * or false (failed)\n */\n SimpleSignEngine.prototype.verifySign = function (signature, data, secretId, shouldCache) {\n if (shouldCache === void 0) { shouldCache = false; }\n return __awaiter(this, void 0, void 0, function () {\n var publicKey, key;\n return __generator(this, function (_a) {\n switch (_a.label) {\n case 0:\n publicKey = this.keyMap.get(secretId);\n if (!publicKey) return [3 /*break*/, 1];\n return [2 /*return*/, this.cryptoClient.verify(publicKey, data, signature)];\n case 1: return [4 /*yield*/, this.asmClient.getSecret({ SecretId: secretId })];\n case 2:\n key = _a.sent();\n if (shouldCache) {\n this.keyMap.set(secretId, key);\n }\n return [2 /*return*/, this.cryptoClient.verify(key, data, signature)];\n }\n });\n });\n };\n return SimpleSignEngine;\n}());\nexports[\"default\"] = SimpleSignEngine;\n"]}