2026-03-01 10:29:20 +00:00
export const id = 869 ;
export const ids = [ 869 ] ;
export const modules = {
2026-01-30 14:42:57 +00:00
2026-03-03 17:05:14 +00:00
/***/ 5869 :
2026-01-30 14:42:57 +00:00
/***/ ( ( _ _unused _webpack _module , exports , _ _webpack _require _ _ ) => {
2026-03-03 17:05:14 +00:00
var sharedIniFileLoader = _ _webpack _require _ _ ( 4964 ) ;
var propertyProvider = _ _webpack _require _ _ ( 8857 ) ;
2026-01-30 14:42:57 +00:00
var client = _ _webpack _require _ _ ( 5152 ) ;
2026-03-03 17:05:14 +00:00
var credentialProviderLogin = _ _webpack _require _ _ ( 4072 ) ;
2026-01-30 14:42:57 +00:00
const resolveCredentialSource = ( credentialSource , profileName , logger ) => {
const sourceProvidersMap = {
EcsContainer : async ( options ) => {
2026-03-03 17:05:14 +00:00
const { fromHttp } = await _ _webpack _require _ _ . e ( /* import() */ 605 ) . then ( _ _webpack _require _ _ . bind ( _ _webpack _require _ _ , 8605 ) ) ;
const { fromContainerMetadata } = await _ _webpack _require _ _ . e ( /* import() */ 566 ) . then ( _ _webpack _require _ _ . t . bind ( _ _webpack _require _ _ , 566 , 19 ) ) ;
2026-01-30 14:42:57 +00:00
logger ? . debug ( "@aws-sdk/credential-provider-ini - credential_source is EcsContainer" ) ;
return async ( ) => propertyProvider . chain ( fromHttp ( options ? ? { } ) , fromContainerMetadata ( options ) ) ( ) . then ( setNamedProvider ) ;
} ,
Ec2InstanceMetadata : async ( options ) => {
logger ? . debug ( "@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata" ) ;
2026-03-03 17:05:14 +00:00
const { fromInstanceMetadata } = await _ _webpack _require _ _ . e ( /* import() */ 566 ) . then ( _ _webpack _require _ _ . t . bind ( _ _webpack _require _ _ , 566 , 19 ) ) ;
2026-01-30 14:42:57 +00:00
return async ( ) => fromInstanceMetadata ( options ) ( ) . then ( setNamedProvider ) ;
} ,
Environment : async ( options ) => {
logger ? . debug ( "@aws-sdk/credential-provider-ini - credential_source is Environment" ) ;
2026-03-03 17:05:14 +00:00
const { fromEnv } = await Promise . resolve ( /* import() */ ) . then ( _ _webpack _require _ _ . t . bind ( _ _webpack _require _ _ , 5606 , 19 ) ) ;
2026-01-30 14:42:57 +00:00
return async ( ) => fromEnv ( options ) ( ) . then ( setNamedProvider ) ;
} ,
} ;
if ( credentialSource in sourceProvidersMap ) {
return sourceProvidersMap [ credentialSource ] ;
}
else {
throw new propertyProvider . CredentialsProviderError ( ` Unsupported credential source in profile ${ profileName } . Got ${ credentialSource } , ` +
` expected EcsContainer or Ec2InstanceMetadata or Environment. ` , { logger } ) ;
}
} ;
const setNamedProvider = ( creds ) => client . setCredentialFeature ( creds , "CREDENTIALS_PROFILE_NAMED_PROVIDER" , "p" ) ;
const isAssumeRoleProfile = ( arg , { profile = "default" , logger } = { } ) => {
return ( Boolean ( arg ) &&
typeof arg === "object" &&
typeof arg . role _arn === "string" &&
[ "undefined" , "string" ] . indexOf ( typeof arg . role _session _name ) > - 1 &&
[ "undefined" , "string" ] . indexOf ( typeof arg . external _id ) > - 1 &&
[ "undefined" , "string" ] . indexOf ( typeof arg . mfa _serial ) > - 1 &&
( isAssumeRoleWithSourceProfile ( arg , { profile , logger } ) || isCredentialSourceProfile ( arg , { profile , logger } ) ) ) ;
} ;
const isAssumeRoleWithSourceProfile = ( arg , { profile , logger } ) => {
const withSourceProfile = typeof arg . source _profile === "string" && typeof arg . credential _source === "undefined" ;
if ( withSourceProfile ) {
logger ? . debug ? . ( ` ${ profile } isAssumeRoleWithSourceProfile source_profile= ${ arg . source _profile } ` ) ;
}
return withSourceProfile ;
} ;
const isCredentialSourceProfile = ( arg , { profile , logger } ) => {
const withProviderProfile = typeof arg . credential _source === "string" && typeof arg . source _profile === "undefined" ;
if ( withProviderProfile ) {
logger ? . debug ? . ( ` ${ profile } isCredentialSourceProfile credential_source= ${ arg . credential _source } ` ) ;
}
return withProviderProfile ;
} ;
const resolveAssumeRoleCredentials = async ( profileName , profiles , options , callerClientConfig , visitedProfiles = { } , resolveProfileData ) => {
options . logger ? . debug ( "@aws-sdk/credential-provider-ini - resolveAssumeRoleCredentials (STS)" ) ;
const profileData = profiles [ profileName ] ;
const { source _profile , region } = profileData ;
if ( ! options . roleAssumer ) {
const { getDefaultRoleAssumer } = await _ _webpack _require _ _ . e ( /* import() */ 136 ) . then ( _ _webpack _require _ _ . t . bind ( _ _webpack _require _ _ , 1136 , 23 ) ) ;
options . roleAssumer = getDefaultRoleAssumer ( {
... options . clientConfig ,
credentialProviderLogger : options . logger ,
parentClientConfig : {
... callerClientConfig ,
... options ? . parentClientConfig ,
region : region ? ? options ? . parentClientConfig ? . region ? ? callerClientConfig ? . region ,
} ,
} , options . clientPlugins ) ;
}
if ( source _profile && source _profile in visitedProfiles ) {
throw new propertyProvider . CredentialsProviderError ( ` Detected a cycle attempting to resolve credentials for profile ` +
` ${ sharedIniFileLoader . getProfileName ( options ) } . Profiles visited: ` +
Object . keys ( visitedProfiles ) . join ( ", " ) , { logger : options . logger } ) ;
}
options . logger ? . debug ( ` @aws-sdk/credential-provider-ini - finding credential resolver using ${ source _profile ? ` source_profile=[ ${ source _profile } ] ` : ` profile=[ ${ profileName } ] ` } ` ) ;
const sourceCredsProvider = source _profile
? resolveProfileData ( source _profile , profiles , options , callerClientConfig , {
... visitedProfiles ,
[ source _profile ] : true ,
} , isCredentialSourceWithoutRoleArn ( profiles [ source _profile ] ? ? { } ) )
: ( await resolveCredentialSource ( profileData . credential _source , profileName , options . logger ) ( options ) ) ( ) ;
if ( isCredentialSourceWithoutRoleArn ( profileData ) ) {
return sourceCredsProvider . then ( ( creds ) => client . setCredentialFeature ( creds , "CREDENTIALS_PROFILE_SOURCE_PROFILE" , "o" ) ) ;
}
else {
const params = {
RoleArn : profileData . role _arn ,
RoleSessionName : profileData . role _session _name || ` aws-sdk-js- ${ Date . now ( ) } ` ,
ExternalId : profileData . external _id ,
DurationSeconds : parseInt ( profileData . duration _seconds || "3600" , 10 ) ,
} ;
const { mfa _serial } = profileData ;
if ( mfa _serial ) {
if ( ! options . mfaCodeProvider ) {
throw new propertyProvider . CredentialsProviderError ( ` Profile ${ profileName } requires multi-factor authentication, but no MFA code callback was provided. ` , { logger : options . logger , tryNextLink : false } ) ;
}
params . SerialNumber = mfa _serial ;
params . TokenCode = await options . mfaCodeProvider ( mfa _serial ) ;
}
const sourceCreds = await sourceCredsProvider ;
return options . roleAssumer ( sourceCreds , params ) . then ( ( creds ) => client . setCredentialFeature ( creds , "CREDENTIALS_PROFILE_SOURCE_PROFILE" , "o" ) ) ;
}
} ;
const isCredentialSourceWithoutRoleArn = ( section ) => {
return ! section . role _arn && ! ! section . credential _source ;
} ;
const isLoginProfile = ( data ) => {
return Boolean ( data && data . login _session ) ;
} ;
const resolveLoginCredentials = async ( profileName , options , callerClientConfig ) => {
const credentials = await credentialProviderLogin . fromLoginCredentials ( {
... options ,
profile : profileName ,
} ) ( { callerClientConfig } ) ;
return client . setCredentialFeature ( credentials , "CREDENTIALS_PROFILE_LOGIN" , "AC" ) ;
} ;
const isProcessProfile = ( arg ) => Boolean ( arg ) && typeof arg === "object" && typeof arg . credential _process === "string" ;
2026-03-03 17:05:14 +00:00
const resolveProcessCredentials = async ( options , profile ) => _ _webpack _require _ _ . e ( /* import() */ 360 ) . then ( _ _webpack _require _ _ . t . bind ( _ _webpack _require _ _ , 5360 , 19 ) ) . then ( ( { fromProcess } ) => fromProcess ( {
2026-01-30 14:42:57 +00:00
... options ,
profile ,
} ) ( ) . then ( ( creds ) => client . setCredentialFeature ( creds , "CREDENTIALS_PROFILE_PROCESS" , "v" ) ) ) ;
const resolveSsoCredentials = async ( profile , profileData , options = { } , callerClientConfig ) => {
2026-03-03 17:05:14 +00:00
const { fromSSO } = await _ _webpack _require _ _ . e ( /* import() */ 998 ) . then ( _ _webpack _require _ _ . t . bind ( _ _webpack _require _ _ , 998 , 19 ) ) ;
2026-01-30 14:42:57 +00:00
return fromSSO ( {
profile ,
logger : options . logger ,
parentClientConfig : options . parentClientConfig ,
clientConfig : options . clientConfig ,
} ) ( {
callerClientConfig ,
} ) . then ( ( creds ) => {
if ( profileData . sso _session ) {
return client . setCredentialFeature ( creds , "CREDENTIALS_PROFILE_SSO" , "r" ) ;
}
else {
return client . setCredentialFeature ( creds , "CREDENTIALS_PROFILE_SSO_LEGACY" , "t" ) ;
}
} ) ;
} ;
const isSsoProfile = ( arg ) => arg &&
( typeof arg . sso _start _url === "string" ||
typeof arg . sso _account _id === "string" ||
typeof arg . sso _session === "string" ||
typeof arg . sso _region === "string" ||
typeof arg . sso _role _name === "string" ) ;
const isStaticCredsProfile = ( arg ) => Boolean ( arg ) &&
typeof arg === "object" &&
typeof arg . aws _access _key _id === "string" &&
typeof arg . aws _secret _access _key === "string" &&
[ "undefined" , "string" ] . indexOf ( typeof arg . aws _session _token ) > - 1 &&
[ "undefined" , "string" ] . indexOf ( typeof arg . aws _account _id ) > - 1 ;
const resolveStaticCredentials = async ( profile , options ) => {
options ? . logger ? . debug ( "@aws-sdk/credential-provider-ini - resolveStaticCredentials" ) ;
const credentials = {
accessKeyId : profile . aws _access _key _id ,
secretAccessKey : profile . aws _secret _access _key ,
sessionToken : profile . aws _session _token ,
... ( profile . aws _credential _scope && { credentialScope : profile . aws _credential _scope } ) ,
... ( profile . aws _account _id && { accountId : profile . aws _account _id } ) ,
} ;
return client . setCredentialFeature ( credentials , "CREDENTIALS_PROFILE" , "n" ) ;
} ;
const isWebIdentityProfile = ( arg ) => Boolean ( arg ) &&
typeof arg === "object" &&
typeof arg . web _identity _token _file === "string" &&
typeof arg . role _arn === "string" &&
[ "undefined" , "string" ] . indexOf ( typeof arg . role _session _name ) > - 1 ;
2026-03-03 17:11:57 +00:00
const resolveWebIdentityCredentials = async ( profile , options , callerClientConfig ) => Promise . all ( /* import() */ [ _ _webpack _require _ _ . e ( 136 ) , _ _webpack _require _ _ . e ( 956 ) ] ) . then ( _ _webpack _require _ _ . t . bind ( _ _webpack _require _ _ , 9956 , 23 ) ) . then ( ( { fromTokenFile } ) => fromTokenFile ( {
2026-01-30 14:42:57 +00:00
webIdentityTokenFile : profile . web _identity _token _file ,
roleArn : profile . role _arn ,
roleSessionName : profile . role _session _name ,
roleAssumerWithWebIdentity : options . roleAssumerWithWebIdentity ,
logger : options . logger ,
parentClientConfig : options . parentClientConfig ,
} ) ( {
callerClientConfig ,
} ) . then ( ( creds ) => client . setCredentialFeature ( creds , "CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN" , "q" ) ) ) ;
const resolveProfileData = async ( profileName , profiles , options , callerClientConfig , visitedProfiles = { } , isAssumeRoleRecursiveCall = false ) => {
const data = profiles [ profileName ] ;
if ( Object . keys ( visitedProfiles ) . length > 0 && isStaticCredsProfile ( data ) ) {
return resolveStaticCredentials ( data , options ) ;
}
if ( isAssumeRoleRecursiveCall || isAssumeRoleProfile ( data , { profile : profileName , logger : options . logger } ) ) {
return resolveAssumeRoleCredentials ( profileName , profiles , options , callerClientConfig , visitedProfiles , resolveProfileData ) ;
}
if ( isStaticCredsProfile ( data ) ) {
return resolveStaticCredentials ( data , options ) ;
}
if ( isWebIdentityProfile ( data ) ) {
return resolveWebIdentityCredentials ( data , options , callerClientConfig ) ;
}
if ( isProcessProfile ( data ) ) {
return resolveProcessCredentials ( options , profileName ) ;
}
if ( isSsoProfile ( data ) ) {
return await resolveSsoCredentials ( profileName , data , options , callerClientConfig ) ;
}
if ( isLoginProfile ( data ) ) {
return resolveLoginCredentials ( profileName , options , callerClientConfig ) ;
}
throw new propertyProvider . CredentialsProviderError ( ` Could not resolve credentials using profile: [ ${ profileName } ] in configuration/credentials file(s). ` , { logger : options . logger } ) ;
} ;
const fromIni = ( init = { } ) => async ( { callerClientConfig } = { } ) => {
init . logger ? . debug ( "@aws-sdk/credential-provider-ini - fromIni" ) ;
const profiles = await sharedIniFileLoader . parseKnownFiles ( init ) ;
return resolveProfileData ( sharedIniFileLoader . getProfileName ( {
profile : init . profile ? ? callerClientConfig ? . profile ,
} ) , profiles , init , callerClientConfig ) ;
} ;
exports . fromIni = fromIni ;
/***/ } ) ,
2026-03-03 17:05:14 +00:00
/***/ 4072 :
2026-01-30 14:42:57 +00:00
/***/ ( ( _ _unused _webpack _module , exports , _ _webpack _require _ _ ) => {
var client = _ _webpack _require _ _ ( 5152 ) ;
2026-03-03 17:05:14 +00:00
var propertyProvider = _ _webpack _require _ _ ( 8857 ) ;
var sharedIniFileLoader = _ _webpack _require _ _ ( 4964 ) ;
var protocolHttp = _ _webpack _require _ _ ( 2356 ) ;
var node _crypto = _ _webpack _require _ _ ( 7598 ) ;
var node _fs = _ _webpack _require _ _ ( 3024 ) ;
var node _os = _ _webpack _require _ _ ( 8161 ) ;
var node _path = _ _webpack _require _ _ ( 6760 ) ;
2026-01-30 14:42:57 +00:00
class LoginCredentialsFetcher {
profileData ;
init ;
callerClientConfig ;
static REFRESH _THRESHOLD = 5 * 60 * 1000 ;
constructor ( profileData , init , callerClientConfig ) {
this . profileData = profileData ;
this . init = init ;
this . callerClientConfig = callerClientConfig ;
}
async loadCredentials ( ) {
const token = await this . loadToken ( ) ;
if ( ! token ) {
throw new propertyProvider . CredentialsProviderError ( ` Failed to load a token for session ${ this . loginSession } , please re-authenticate using aws login ` , { tryNextLink : false , logger : this . logger } ) ;
}
const accessToken = token . accessToken ;
const now = Date . now ( ) ;
const expiryTime = new Date ( accessToken . expiresAt ) . getTime ( ) ;
const timeUntilExpiry = expiryTime - now ;
if ( timeUntilExpiry <= LoginCredentialsFetcher . REFRESH _THRESHOLD ) {
return this . refresh ( token ) ;
}
return {
accessKeyId : accessToken . accessKeyId ,
secretAccessKey : accessToken . secretAccessKey ,
sessionToken : accessToken . sessionToken ,
accountId : accessToken . accountId ,
expiration : new Date ( accessToken . expiresAt ) ,
} ;
}
get logger ( ) {
return this . init ? . logger ;
}
get loginSession ( ) {
return this . profileData . login _session ;
}
async refresh ( token ) {
2026-03-03 17:11:57 +00:00
const { SigninClient , CreateOAuth2TokenCommand } = await _ _webpack _require _ _ . e ( /* import() */ 762 ) . then ( _ _webpack _require _ _ . t . bind ( _ _webpack _require _ _ , 9762 , 23 ) ) ;
2026-01-30 14:42:57 +00:00
const { logger , userAgentAppId } = this . callerClientConfig ? ? { } ;
const isH2 = ( requestHandler ) => {
return requestHandler ? . metadata ? . handlerProtocol === "h2" ;
} ;
const requestHandler = isH2 ( this . callerClientConfig ? . requestHandler )
? undefined
: this . callerClientConfig ? . requestHandler ;
const region = this . profileData . region ? ? ( await this . callerClientConfig ? . region ? . ( ) ) ? ? process . env . AWS _REGION ;
const client = new SigninClient ( {
credentials : {
accessKeyId : "" ,
secretAccessKey : "" ,
} ,
region ,
requestHandler ,
logger ,
userAgentAppId ,
... this . init ? . clientConfig ,
} ) ;
this . createDPoPInterceptor ( client . middlewareStack ) ;
const commandInput = {
tokenInput : {
clientId : token . clientId ,
refreshToken : token . refreshToken ,
grantType : "refresh_token" ,
} ,
} ;
try {
const response = await client . send ( new CreateOAuth2TokenCommand ( commandInput ) ) ;
const { accessKeyId , secretAccessKey , sessionToken } = response . tokenOutput ? . accessToken ? ? { } ;
const { refreshToken , expiresIn } = response . tokenOutput ? ? { } ;
if ( ! accessKeyId || ! secretAccessKey || ! sessionToken || ! refreshToken ) {
throw new propertyProvider . CredentialsProviderError ( "Token refresh response missing required fields" , {
logger : this . logger ,
tryNextLink : false ,
} ) ;
}
const expiresInMs = ( expiresIn ? ? 900 ) * 1000 ;
const expiration = new Date ( Date . now ( ) + expiresInMs ) ;
const updatedToken = {
... token ,
accessToken : {
... token . accessToken ,
accessKeyId : accessKeyId ,
secretAccessKey : secretAccessKey ,
sessionToken : sessionToken ,
expiresAt : expiration . toISOString ( ) ,
} ,
refreshToken : refreshToken ,
} ;
await this . saveToken ( updatedToken ) ;
const newAccessToken = updatedToken . accessToken ;
return {
accessKeyId : newAccessToken . accessKeyId ,
secretAccessKey : newAccessToken . secretAccessKey ,
sessionToken : newAccessToken . sessionToken ,
accountId : newAccessToken . accountId ,
expiration ,
} ;
}
catch ( error ) {
if ( error . name === "AccessDeniedException" ) {
const errorType = error . error ;
let message ;
switch ( errorType ) {
case "TOKEN_EXPIRED" :
message = "Your session has expired. Please reauthenticate." ;
break ;
case "USER_CREDENTIALS_CHANGED" :
message =
"Unable to refresh credentials because of a change in your password. Please reauthenticate with your new password." ;
break ;
case "INSUFFICIENT_PERMISSIONS" :
message =
"Unable to refresh credentials due to insufficient permissions. You may be missing permission for the 'CreateOAuth2Token' action." ;
break ;
default :
message = ` Failed to refresh token: ${ String ( error ) } . Please re-authenticate using \` aws login \` ` ;
}
throw new propertyProvider . CredentialsProviderError ( message , { logger : this . logger , tryNextLink : false } ) ;
}
throw new propertyProvider . CredentialsProviderError ( ` Failed to refresh token: ${ String ( error ) } . Please re-authenticate using aws login ` , { logger : this . logger } ) ;
}
}
async loadToken ( ) {
const tokenFilePath = this . getTokenFilePath ( ) ;
try {
let tokenData ;
try {
tokenData = await sharedIniFileLoader . readFile ( tokenFilePath , { ignoreCache : this . init ? . ignoreCache } ) ;
}
catch {
tokenData = await node _fs . promises . readFile ( tokenFilePath , "utf8" ) ;
}
const token = JSON . parse ( tokenData ) ;
const missingFields = [ "accessToken" , "clientId" , "refreshToken" , "dpopKey" ] . filter ( ( k ) => ! token [ k ] ) ;
if ( ! token . accessToken ? . accountId ) {
missingFields . push ( "accountId" ) ;
}
if ( missingFields . length > 0 ) {
throw new propertyProvider . CredentialsProviderError ( ` Token validation failed, missing fields: ${ missingFields . join ( ", " ) } ` , {
logger : this . logger ,
tryNextLink : false ,
} ) ;
}
return token ;
}
catch ( error ) {
throw new propertyProvider . CredentialsProviderError ( ` Failed to load token from ${ tokenFilePath } : ${ String ( error ) } ` , {
logger : this . logger ,
tryNextLink : false ,
} ) ;
}
}
async saveToken ( token ) {
const tokenFilePath = this . getTokenFilePath ( ) ;
const directory = node _path . dirname ( tokenFilePath ) ;
try {
await node _fs . promises . mkdir ( directory , { recursive : true } ) ;
}
catch ( error ) {
}
await node _fs . promises . writeFile ( tokenFilePath , JSON . stringify ( token , null , 2 ) , "utf8" ) ;
}
getTokenFilePath ( ) {
const directory = process . env . AWS _LOGIN _CACHE _DIRECTORY ? ? node _path . join ( node _os . homedir ( ) , ".aws" , "login" , "cache" ) ;
const loginSessionBytes = Buffer . from ( this . loginSession , "utf8" ) ;
const loginSessionSha256 = node _crypto . createHash ( "sha256" ) . update ( loginSessionBytes ) . digest ( "hex" ) ;
return node _path . join ( directory , ` ${ loginSessionSha256 } .json ` ) ;
}
derToRawSignature ( derSignature ) {
let offset = 2 ;
if ( derSignature [ offset ] !== 0x02 ) {
throw new Error ( "Invalid DER signature" ) ;
}
offset ++ ;
const rLength = derSignature [ offset ++ ] ;
let r = derSignature . subarray ( offset , offset + rLength ) ;
offset += rLength ;
if ( derSignature [ offset ] !== 0x02 ) {
throw new Error ( "Invalid DER signature" ) ;
}
offset ++ ;
const sLength = derSignature [ offset ++ ] ;
let s = derSignature . subarray ( offset , offset + sLength ) ;
r = r [ 0 ] === 0x00 ? r . subarray ( 1 ) : r ;
s = s [ 0 ] === 0x00 ? s . subarray ( 1 ) : s ;
const rPadded = Buffer . concat ( [ Buffer . alloc ( 32 - r . length ) , r ] ) ;
const sPadded = Buffer . concat ( [ Buffer . alloc ( 32 - s . length ) , s ] ) ;
return Buffer . concat ( [ rPadded , sPadded ] ) ;
}
createDPoPInterceptor ( middlewareStack ) {
middlewareStack . add ( ( next ) => async ( args ) => {
if ( protocolHttp . HttpRequest . isInstance ( args . request ) ) {
const request = args . request ;
const actualEndpoint = ` ${ request . protocol } // ${ request . hostname } ${ request . port ? ` : ${ request . port } ` : "" } ${ request . path } ` ;
const dpop = await this . generateDpop ( request . method , actualEndpoint ) ;
request . headers = {
... request . headers ,
DPoP : dpop ,
} ;
}
return next ( args ) ;
} , {
step : "finalizeRequest" ,
name : "dpopInterceptor" ,
override : true ,
} ) ;
}
async generateDpop ( method = "POST" , endpoint ) {
const token = await this . loadToken ( ) ;
try {
const privateKey = node _crypto . createPrivateKey ( {
key : token . dpopKey ,
format : "pem" ,
type : "sec1" ,
} ) ;
const publicKey = node _crypto . createPublicKey ( privateKey ) ;
const publicDer = publicKey . export ( { format : "der" , type : "spki" } ) ;
let pointStart = - 1 ;
for ( let i = 0 ; i < publicDer . length ; i ++ ) {
if ( publicDer [ i ] === 0x04 ) {
pointStart = i ;
break ;
}
}
const x = publicDer . slice ( pointStart + 1 , pointStart + 33 ) ;
const y = publicDer . slice ( pointStart + 33 , pointStart + 65 ) ;
const header = {
alg : "ES256" ,
typ : "dpop+jwt" ,
jwk : {
kty : "EC" ,
crv : "P-256" ,
x : x . toString ( "base64url" ) ,
y : y . toString ( "base64url" ) ,
} ,
} ;
const payload = {
jti : crypto . randomUUID ( ) ,
htm : method ,
htu : endpoint ,
iat : Math . floor ( Date . now ( ) / 1000 ) ,
} ;
const headerB64 = Buffer . from ( JSON . stringify ( header ) ) . toString ( "base64url" ) ;
const payloadB64 = Buffer . from ( JSON . stringify ( payload ) ) . toString ( "base64url" ) ;
const message = ` ${ headerB64 } . ${ payloadB64 } ` ;
const asn1Signature = node _crypto . sign ( "sha256" , Buffer . from ( message ) , privateKey ) ;
const rawSignature = this . derToRawSignature ( asn1Signature ) ;
const signatureB64 = rawSignature . toString ( "base64url" ) ;
return ` ${ message } . ${ signatureB64 } ` ;
}
catch ( error ) {
throw new propertyProvider . CredentialsProviderError ( ` Failed to generate Dpop proof: ${ error instanceof Error ? error . message : String ( error ) } ` , { logger : this . logger , tryNextLink : false } ) ;
}
}
}
const fromLoginCredentials = ( init ) => async ( { callerClientConfig } = { } ) => {
init ? . logger ? . debug ? . ( "@aws-sdk/credential-providers - fromLoginCredentials" ) ;
const profiles = await sharedIniFileLoader . parseKnownFiles ( init || { } ) ;
const profileName = sharedIniFileLoader . getProfileName ( {
profile : init ? . profile ? ? callerClientConfig ? . profile ,
} ) ;
const profile = profiles [ profileName ] ;
if ( ! profile ? . login _session ) {
throw new propertyProvider . CredentialsProviderError ( ` Profile ${ profileName } does not contain login_session. ` , {
tryNextLink : true ,
logger : init ? . logger ,
} ) ;
}
const fetcher = new LoginCredentialsFetcher ( profile , init , callerClientConfig ) ;
const credentials = await fetcher . loadCredentials ( ) ;
return client . setCredentialFeature ( credentials , "CREDENTIALS_LOGIN" , "AD" ) ;
} ;
exports . fromLoginCredentials = fromLoginCredentials ;
/***/ } )
} ;
2026-03-01 10:29:20 +00:00
2026-01-30 14:42:57 +00:00
//# sourceMappingURL=869.index.js.map
