{"version":3,"file":"static/chunks/7716-2512f808501d344d.js","mappings":"8IAaA,cACA,UAAuB,GAAM,YAI7B,OAHA,YAEA,cAEA,EAUA,UACA,aACA,MAAW,OAAK,GAChB,mDCjBA,kBAAyD,EAAK,GAAG,EAAO,GAAG,EAAQ,GAAG,IAAmB,CAAC,ECH1G,MACA,yCAA2D,EAAE,OAC7D,OACA,WACA,sBACA,CACA,ECLA,gBAA4B,6EAA6F,IAEzH,gBAAY,oCAA6C,EAEzD,UAAY,eAAsB,EAAmB,GAGrD,OACA,KAJqD,OAIrD,EACA,gBAH4B,EAAkB,OAI9C,SAJ8C,EAK9C,kBACA,eACA,YACA,gBACA,iBACA,eACA,CACA,oFCjBA,cACA,MAA0B,OAAgB,IAC1C,aAAY,+CAAuD,EAEnE,GAAsB,aACtB,GAAY,IAAW,aACvB,EAAY,IAAe,IAC3B,GACA,GAAgB,IAAY,KAE5B,OAA4B,gBAE5B,EAAsB,OAAY,MAClC,gBAA0C,EAAY,GAAG,EAAgB,EACzE,mBAAgD,OAAgB,IAAU,EAC1E,eAAwC,EAAU,EAGlD,OAFA,EAAY,IAAW,EACvB,GAAW,IAA2B,EAAE,EAAE,EAAgB,IAAI,EAAmB,IAAI,EAAe,EACpG,CACA,kDCpBA,2BACA,eACA,oBACA,wCACA,CAAC,EACD,8BACA,UAAqB,MAAU,GAAG,QAAY;AAAA,GAC9C,SCPA,mBACA,oBACA,MACA,SAEA,UAEA,gBAA4B,KAAe,GAAG,KAAe,GAC7D,UACA,iDACA,SAA6B,2CAA2C,ECVxE,cACA,EACA,0CACA,EACA,8BCOA,aAA+B,2BAA4B,SAC3D,EACI,EAAe,cACf,EAAuB,gBACvB,EAAmB,GADI,CAEvB,MAAgB,IAChB,GAFmB,EAEnB,EAAgB,IACpB,2BCdA,kBACA,SAAmB,IAAoB,CAAC,EAAE,EAAgB,EAC1D,EAAoB,OAAa,MACjC,EAAsB,OAAa,MACnC,EAAuB,OAAa,MAEpC,MADuB,OAAa,GAAa,IAAmB,CAEpE,ECLA,YAAmE,IAA2B,mBCF9F,sBAAiC,4FAAsG,IAEvI,MAA6B,EAAmB,KAIhD,EAAyB,EAAe,IAFd,IAFsB,CAEtB,EAAkB,EAEJ,IAFI,IAK5C,MADsB,OAAkB,CAAC,EAAa,wECXtD,SAEA,QACe,IAAU,CAEzB,KAC2B,OAAkB,SAIlC,IAAgB,CAE3B,qDACA,+DACA,6HCjBA,gCCKA,kBAAuF,EAAoB,aAC3G,IAZA,CAW2G,GCJ3G,SACA,EAAqB,KACrB,MADqB,CACrB,MAEA,ECJA,gBAAoC,wCAAqD,IACzF,MACA,+BACA,OACA,OACA,iCACA,SACA,sCACA,CAAiB,EACjB,EACA,YAAyB,EAAoB,GAC7C,eAD6C,CAE7C,iBACA,eACA,EACA,QAAoC,OAAW,MAC/C,aAIA,OAIA,OAHA,GACA,GAAuC,EAA2B,kBAElE,CACA,CACA,EACA,GALkE,SAKzC,GAAU,EAAI,yEC5BvC,wBACA,wBACA,OACA,OAAY,6KCXZ,wBACA,eACA,qBACA,kBAEA,oBACA,wBACA,yBAEA,kBACA,SACA,kBACA,kBAEA,iBACA,qBACA,SAEA,qEACA","sources":["webpack://_N_E/./node_modules/@aws-amplify/core/dist/esm/clients/middleware/signing/signer/signatureV4/utils/dataHashHelpers.mjs","webpack://_N_E/./node_modules/@aws-amplify/core/dist/esm/clients/middleware/signing/signer/signatureV4/utils/getCredentialScope.mjs","webpack://_N_E/./node_modules/@aws-amplify/core/dist/esm/clients/middleware/signing/signer/signatureV4/utils/getFormattedDates.mjs","webpack://_N_E/./node_modules/@aws-amplify/core/dist/esm/clients/middleware/signing/signer/signatureV4/utils/getSigningValues.mjs","webpack://_N_E/./node_modules/@aws-amplify/core/dist/esm/clients/middleware/signing/signer/signatureV4/signRequest.mjs","webpack://_N_E/./node_modules/@aws-amplify/core/dist/esm/clients/middleware/signing/signer/signatureV4/utils/getCanonicalHeaders.mjs","webpack://_N_E/./node_modules/@aws-amplify/core/dist/esm/clients/middleware/signing/signer/signatureV4/utils/getCanonicalQueryString.mjs","webpack://_N_E/./node_modules/@aws-amplify/core/dist/esm/clients/middleware/signing/signer/signatureV4/utils/getCanonicalUri.mjs","webpack://_N_E/./node_modules/@aws-amplify/core/dist/esm/clients/middleware/signing/signer/signatureV4/utils/getCanonicalRequest.mjs","webpack://_N_E/./node_modules/@aws-amplify/core/dist/esm/clients/middleware/signing/signer/signatureV4/utils/getSigningKey.mjs","webpack://_N_E/./node_modules/@aws-amplify/core/dist/esm/clients/middleware/signing/signer/signatureV4/utils/getStringToSign.mjs","webpack://_N_E/./node_modules/@aws-amplify/core/dist/esm/clients/middleware/signing/signer/signatureV4/utils/getSignature.mjs","webpack://_N_E/./node_modules/@aws-amplify/core/dist/esm/clients/middleware/signing/signer/signatureV4/utils/getHashedPayload.mjs","webpack://_N_E/./node_modules/@aws-amplify/core/dist/esm/clients/middleware/signing/utils/getSkewCorrectedDate.mjs","webpack://_N_E/./node_modules/@aws-amplify/core/dist/esm/clients/middleware/signing/utils/isClockSkewed.mjs","webpack://_N_E/./node_modules/@aws-amplify/core/dist/esm/clients/middleware/signing/utils/getUpdatedSystemClockOffset.mjs","webpack://_N_E/./node_modules/@aws-amplify/core/dist/esm/clients/middleware/signing/middleware.mjs","webpack://_N_E/./node_modules/@aws-amplify/core/dist/esm/clients/middleware/signing/signer/signatureV4/utils/getSignedHeaders.mjs","webpack://_N_E/./node_modules/@aws-amplify/core/dist/esm/clients/middleware/signing/signer/signatureV4/constants.mjs"],"sourcesContent":["import { Sha256 } from '@aws-crypto/sha256-js';\nimport { toHex } from '@smithy/util-hex-encoding';\n\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\n// TODO: V6 update to different crypto dependency?\n/**\n * Returns the hashed data a `Uint8Array`.\n *\n * @param key `SourceData` to be used as hashing key.\n * @param data Hashable `SourceData`.\n * @returns `Uint8Array` created from the data as input to a hash function.\n */\nconst getHashedData = (key, data) => {\n    const sha256 = new Sha256(key ?? undefined);\n    sha256.update(data);\n    // TODO: V6 flip to async digest\n    const hashedData = sha256.digestSync();\n    return hashedData;\n};\n/**\n * Returns the hashed data as a hex string.\n *\n * @param key `SourceData` to be used as hashing key.\n * @param data Hashable `SourceData`.\n * @returns String using lowercase hexadecimal characters created from the data as input to a hash function.\n *\n * @internal\n */\nconst getHashedDataAsHex = (key, data) => {\n    const hashedData = getHashedData(key, data);\n    return toHex(hashedData);\n};\n\nexport { getHashedData, getHashedDataAsHex };\n//# sourceMappingURL=dataHashHelpers.mjs.map\n","import { KEY_TYPE_IDENTIFIER } from '../constants.mjs';\n\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\n/**\n * Returns the credential scope which restricts the resulting signature to the specified region and service.\n *\n * @param date Current date in the format 'YYYYMMDD'.\n * @param region AWS region in which the service resides.\n * @param service Service to which the signed request is being sent.\n *\n * @returns  A string representing the credential scope with format 'YYYYMMDD/region/service/aws4_request'.\n *\n * @internal\n */\nconst getCredentialScope = (date, region, service) => `${date}/${region}/${service}/${KEY_TYPE_IDENTIFIER}`;\n\nexport { getCredentialScope };\n//# sourceMappingURL=getCredentialScope.mjs.map\n","// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\n/**\n * Returns expected date strings to be used in signing.\n *\n * @param date JavaScript `Date` object.\n * @returns `FormattedDates` object containing the following:\n * - longDate: A date string in 'YYYYMMDDThhmmssZ' format\n * - shortDate: A date string in 'YYYYMMDD' format\n *\n * @internal\n */\nconst getFormattedDates = (date) => {\n    const longDate = date.toISOString().replace(/[:-]|\\.\\d{3}/g, '');\n    return {\n        longDate,\n        shortDate: longDate.slice(0, 8),\n    };\n};\n\nexport { getFormattedDates };\n//# sourceMappingURL=getFormattedDates.mjs.map\n","import { getCredentialScope } from './getCredentialScope.mjs';\nimport { getFormattedDates } from './getFormattedDates.mjs';\n\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\n/**\n * Extracts common values used for signing both requests and urls.\n *\n * @param options `SignRequestOptions` object containing values used to construct the signature.\n * @returns Common `SigningValues` used for signing.\n *\n * @internal\n */\nconst getSigningValues = ({ credentials, signingDate = new Date(), signingRegion, signingService, uriEscapePath = true, }) => {\n    // get properties from credentials\n    const { accessKeyId, secretAccessKey, sessionToken } = credentials;\n    // get formatted dates for signing\n    const { longDate, shortDate } = getFormattedDates(signingDate);\n    // copy header and set signing properties\n    const credentialScope = getCredentialScope(shortDate, signingRegion, signingService);\n    return {\n        accessKeyId,\n        credentialScope,\n        longDate,\n        secretAccessKey,\n        sessionToken,\n        shortDate,\n        signingRegion,\n        signingService,\n        uriEscapePath,\n    };\n};\n\nexport { getSigningValues };\n//# sourceMappingURL=getSigningValues.mjs.map\n","import { getSignedHeaders } from './utils/getSignedHeaders.mjs';\nimport { getSigningValues } from './utils/getSigningValues.mjs';\nimport { HOST_HEADER, AMZ_DATE_HEADER, TOKEN_HEADER, AUTH_HEADER, SHA256_ALGORITHM_IDENTIFIER } from './constants.mjs';\nimport { getSignature } from './utils/getSignature.mjs';\n\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\n/**\n * Given a `HttpRequest`, returns a Signature Version 4 signed `HttpRequest`.\n *\n * @param request `HttpRequest` to be signed.\n * @param signRequestOptions `SignRequestOptions` object containing values used to construct the signature.\n * @returns A `HttpRequest` with authentication headers which can grant temporary access to AWS resources.\n */\nconst signRequest = (request, options) => {\n    const signingValues = getSigningValues(options);\n    const { accessKeyId, credentialScope, longDate, sessionToken } = signingValues;\n    // create the request to sign\n    const headers = { ...request.headers };\n    headers[HOST_HEADER] = request.url.host;\n    headers[AMZ_DATE_HEADER] = longDate;\n    if (sessionToken) {\n        headers[TOKEN_HEADER] = sessionToken;\n    }\n    const requestToSign = { ...request, headers };\n    // calculate and add the signature to the request\n    const signature = getSignature(requestToSign, signingValues);\n    const credentialEntry = `Credential=${accessKeyId}/${credentialScope}`;\n    const signedHeadersEntry = `SignedHeaders=${getSignedHeaders(headers)}`;\n    const signatureEntry = `Signature=${signature}`;\n    headers[AUTH_HEADER] =\n        `${SHA256_ALGORITHM_IDENTIFIER} ${credentialEntry}, ${signedHeadersEntry}, ${signatureEntry}`;\n    return requestToSign;\n};\n\nexport { signRequest };\n//# sourceMappingURL=signRequest.mjs.map\n","// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\n/**\n * Returns canonical headers.\n *\n * @param headers Headers from the request.\n * @returns Request headers that will be signed, and their values, separated by newline characters. Header names must\n * use lowercase characters, must appear in alphabetical order, and must be followed by a colon (:). For the values,\n * trim any leading or trailing spaces, convert sequential spaces to a single space, and separate the values\n * for a multi-value header using commas.\n *\n * @internal\n */\nconst getCanonicalHeaders = (headers) => Object.entries(headers)\n    .map(([key, value]) => ({\n    key: key.toLowerCase(),\n    value: value?.trim().replace(/\\s+/g, ' ') ?? '',\n}))\n    .sort((a, b) => (a.key < b.key ? -1 : 1))\n    .map(entry => `${entry.key}:${entry.value}\\n`)\n    .join('');\n\nexport { getCanonicalHeaders };\n//# sourceMappingURL=getCanonicalHeaders.mjs.map\n","// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\n/**\n * Returns a canonical query string.\n *\n * @param searchParams `searchParams` from the request url.\n * @returns URL-encoded query string parameters, separated by ampersands (&). Percent-encode reserved characters,\n * including the space character. Encode names and values separately. If there are empty parameters, append the equals\n * sign to the parameter name before encoding. After encoding, sort the parameters alphabetically by key name. If there\n * is no query string, use an empty string (\"\").\n *\n * @internal\n */\nconst getCanonicalQueryString = (searchParams) => Array.from(searchParams)\n    .sort(([keyA, valA], [keyB, valB]) => {\n    if (keyA === keyB) {\n        return valA < valB ? -1 : 1;\n    }\n    return keyA < keyB ? -1 : 1;\n})\n    .map(([key, val]) => `${escapeUri(key)}=${escapeUri(val)}`)\n    .join('&');\nconst escapeUri = (uri) => encodeURIComponent(uri).replace(/[!'()*]/g, hexEncode);\nconst hexEncode = (c) => `%${c.charCodeAt(0).toString(16).toUpperCase()}`;\n\nexport { getCanonicalQueryString };\n//# sourceMappingURL=getCanonicalQueryString.mjs.map\n","// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\n/**\n * Returns a canonical uri.\n *\n * @param pathname `pathname` from request url.\n * @param uriEscapePath Whether to uri encode the path as part of canonical uri. It's used for S3 only where the\n *   pathname is already uri encoded, and the signing process is not expected to uri encode it again. Defaults to true.\n * @returns URI-encoded version of the absolute path component URL (everything between the host and the question mark\n * character (?) that starts the query string parameters). If the absolute path is empty, a forward slash character (/).\n *\n * @internal\n */\nconst getCanonicalUri = (pathname, uriEscapePath = true) => pathname\n    ? uriEscapePath\n        ? encodeURIComponent(pathname).replace(/%2F/g, '/')\n        : pathname\n    : '/';\n\nexport { getCanonicalUri };\n//# sourceMappingURL=getCanonicalUri.mjs.map\n","import { getCanonicalHeaders } from './getCanonicalHeaders.mjs';\nimport { getCanonicalQueryString } from './getCanonicalQueryString.mjs';\nimport { getCanonicalUri } from './getCanonicalUri.mjs';\nimport { getHashedPayload } from './getHashedPayload.mjs';\nimport { getSignedHeaders } from './getSignedHeaders.mjs';\n\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\n/**\n * Returns a canonical request.\n *\n * @param request `HttpRequest` from which to create the canonical request from.\n * @param uriEscapePath Whether to uri encode the path as part of canonical uri. It's used for S3 only where the\n *   pathname is already uri encoded, and the signing process is not expected to uri encode it again. Defaults to true.\n * @returns String created by by concatenating the following strings, separated by newline characters:\n * - HTTPMethod\n * - CanonicalUri\n * - CanonicalQueryString\n * - CanonicalHeaders\n * - SignedHeaders\n * - HashedPayload\n *\n * @internal\n */\nconst getCanonicalRequest = ({ body, headers, method, url }, uriEscapePath = true) => [\n    method,\n    getCanonicalUri(url.pathname, uriEscapePath),\n    getCanonicalQueryString(url.searchParams),\n    getCanonicalHeaders(headers),\n    getSignedHeaders(headers),\n    getHashedPayload(body),\n].join('\\n');\n\nexport { getCanonicalRequest };\n//# sourceMappingURL=getCanonicalRequest.mjs.map\n","import { KEY_TYPE_IDENTIFIER, SIGNATURE_IDENTIFIER } from '../constants.mjs';\nimport { getHashedData } from './dataHashHelpers.mjs';\n\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\n/**\n * Returns a signing key to be used for signing requests.\n *\n * @param secretAccessKey AWS secret access key from credentials.\n * @param date Current date in the format 'YYYYMMDD'.\n * @param region AWS region in which the service resides.\n * @param service Service to which the signed request is being sent.\n *\n * @returns `Uint8Array` calculated from its composite parts.\n *\n * @internal\n */\nconst getSigningKey = (secretAccessKey, date, region, service) => {\n    const key = `${SIGNATURE_IDENTIFIER}${secretAccessKey}`;\n    const dateKey = getHashedData(key, date);\n    const regionKey = getHashedData(dateKey, region);\n    const serviceKey = getHashedData(regionKey, service);\n    const signingKey = getHashedData(serviceKey, KEY_TYPE_IDENTIFIER);\n    return signingKey;\n};\n\nexport { getSigningKey };\n//# sourceMappingURL=getSigningKey.mjs.map\n","import { SHA256_ALGORITHM_IDENTIFIER } from '../constants.mjs';\n\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\n/**\n * Returns a string to be signed.\n *\n * @param date Current date in the format 'YYYYMMDDThhmmssZ'.\n * @param credentialScope String representing the credential scope with format 'YYYYMMDD/region/service/aws4_request'.\n * @param hashedRequest Hashed canonical request.\n *\n * @returns A string created by by concatenating the following strings, separated by newline characters:\n * - Algorithm\n * - RequestDateTime\n * - CredentialScope\n * - HashedCanonicalRequest\n *\n * @internal\n */\nconst getStringToSign = (date, credentialScope, hashedRequest) => [SHA256_ALGORITHM_IDENTIFIER, date, credentialScope, hashedRequest].join('\\n');\n\nexport { getStringToSign };\n//# sourceMappingURL=getStringToSign.mjs.map\n","import { getHashedDataAsHex } from './dataHashHelpers.mjs';\nimport { getCanonicalRequest } from './getCanonicalRequest.mjs';\nimport { getSigningKey } from './getSigningKey.mjs';\nimport { getStringToSign } from './getStringToSign.mjs';\n\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\n/**\n * Calculates and returns an AWS API Signature.\n * https://docs.aws.amazon.com/IAM/latest/UserGuide/create-signed-request.html\n *\n * @param request `HttpRequest` to be signed.\n * @param signRequestOptions `SignRequestOptions` object containing values used to construct the signature.\n * @returns AWS API Signature to sign a request or url with.\n *\n * @internal\n */\nconst getSignature = (request, { credentialScope, longDate, secretAccessKey, shortDate, signingRegion, signingService, uriEscapePath, }) => {\n    // step 1: create a canonical request\n    const canonicalRequest = getCanonicalRequest(request, uriEscapePath);\n    // step 2: create a hash of the canonical request\n    const hashedRequest = getHashedDataAsHex(null, canonicalRequest);\n    // step 3: create a string to sign\n    const stringToSign = getStringToSign(longDate, credentialScope, hashedRequest);\n    // step 4: calculate the signature\n    const signature = getHashedDataAsHex(getSigningKey(secretAccessKey, shortDate, signingRegion, signingService), stringToSign);\n    return signature;\n};\n\nexport { getSignature };\n//# sourceMappingURL=getSignature.mjs.map\n","import { EMPTY_HASH, UNSIGNED_PAYLOAD } from '../constants.mjs';\nimport { getHashedDataAsHex } from './dataHashHelpers.mjs';\n\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\n/**\n * Returns the hashed payload.\n *\n * @param body `body` (payload) from the request.\n * @returns String created using the payload in the body of the HTTP request as input to a hash function. This string\n * uses lowercase hexadecimal characters. If the payload is empty, return precalculated result of an empty hash.\n *\n * @internal\n */\nconst getHashedPayload = (body) => {\n    // return precalculated empty hash if body is undefined or null\n    if (body == null) {\n        return EMPTY_HASH;\n    }\n    if (isSourceData(body)) {\n        const hashedData = getHashedDataAsHex(null, body);\n        return hashedData;\n    }\n    // Defined body is not signable. Return unsigned payload which may or may not be accepted by the service.\n    return UNSIGNED_PAYLOAD;\n};\nconst isSourceData = (body) => typeof body === 'string' || ArrayBuffer.isView(body) || isArrayBuffer(body);\nconst isArrayBuffer = (arg) => (typeof ArrayBuffer === 'function' && arg instanceof ArrayBuffer) ||\n    Object.prototype.toString.call(arg) === '[object ArrayBuffer]';\n\nexport { getHashedPayload };\n//# sourceMappingURL=getHashedPayload.mjs.map\n","// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\n/**\n * Returns a `Date` that is corrected for clock skew.\n *\n * @param systemClockOffset The offset of the system clock in milliseconds.\n *\n * @returns `Date` representing the current time adjusted by the system clock offset.\n *\n * @internal\n */\nconst getSkewCorrectedDate = (systemClockOffset) => new Date(Date.now() + systemClockOffset);\n\nexport { getSkewCorrectedDate };\n//# sourceMappingURL=getSkewCorrectedDate.mjs.map\n","import { getSkewCorrectedDate } from './getSkewCorrectedDate.mjs';\n\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\n// 5 mins in milliseconds. Ref: https://github.com/aws/aws-sdk-js-v3/blob/6c0f44fab30a1bb2134af47362a31332abc3666b/packages/middleware-signing/src/utils/isClockSkewed.ts#L10\nconst SKEW_WINDOW = 5 * 60 * 1000;\n/**\n * Checks if the provided date is within the skew window of 5 minutes.\n *\n * @param clockTimeInMilliseconds Time to check for skew in milliseconds.\n * @param clockOffsetInMilliseconds Offset to check clock against in milliseconds.\n *\n * @returns True if skewed. False otherwise.\n *\n * @internal\n */\nconst isClockSkewed = (clockTimeInMilliseconds, clockOffsetInMilliseconds) => Math.abs(getSkewCorrectedDate(clockOffsetInMilliseconds).getTime() -\n    clockTimeInMilliseconds) >= SKEW_WINDOW;\n\nexport { isClockSkewed };\n//# sourceMappingURL=isClockSkewed.mjs.map\n","import { isClockSkewed } from './isClockSkewed.mjs';\n\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\n/**\n * Returns the difference between clock time and the current system time if clock is skewed.\n *\n * @param clockTimeInMilliseconds Clock time in milliseconds.\n * @param currentSystemClockOffset Current system clock offset in milliseconds.\n *\n * @internal\n */\nconst getUpdatedSystemClockOffset = (clockTimeInMilliseconds, currentSystemClockOffset) => {\n    if (isClockSkewed(clockTimeInMilliseconds, currentSystemClockOffset)) {\n        return clockTimeInMilliseconds - Date.now();\n    }\n    return currentSystemClockOffset;\n};\n\nexport { getUpdatedSystemClockOffset };\n//# sourceMappingURL=getUpdatedSystemClockOffset.mjs.map\n","import { signRequest } from './signer/signatureV4/signRequest.mjs';\nimport '@aws-crypto/sha256-js';\nimport '@smithy/util-hex-encoding';\nimport { getSkewCorrectedDate } from './utils/getSkewCorrectedDate.mjs';\nimport { getUpdatedSystemClockOffset } from './utils/getUpdatedSystemClockOffset.mjs';\n\n// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\n/**\n * Middleware that SigV4 signs request with AWS credentials, and correct system clock offset.\n * This middleware is expected to be placed after retry middleware.\n */\nconst signingMiddlewareFactory = ({ credentials, region, service, uriEscapePath = true, }) => {\n    let currentSystemClockOffset;\n    return (next, context) => async function signingMiddleware(request) {\n        currentSystemClockOffset = currentSystemClockOffset ?? 0;\n        const signRequestOptions = {\n            credentials: typeof credentials === 'function'\n                ? await credentials({\n                    forceRefresh: !!context?.isCredentialsExpired,\n                })\n                : credentials,\n            signingDate: getSkewCorrectedDate(currentSystemClockOffset),\n            signingRegion: region,\n            signingService: service,\n            uriEscapePath,\n        };\n        const signedRequest = await signRequest(request, signRequestOptions);\n        const response = await next(signedRequest);\n        // Update system clock offset if response contains date header, regardless of the status code.\n        // non-2xx response will still be returned from next handler instead of thrown, because it's\n        // only thrown by the retry middleware.\n        const dateString = getDateHeader(response);\n        if (dateString) {\n            currentSystemClockOffset = getUpdatedSystemClockOffset(Date.parse(dateString), currentSystemClockOffset);\n        }\n        return response;\n    };\n};\nconst getDateHeader = ({ headers } = {}) => headers?.date ?? headers?.Date ?? headers?.['x-amz-date'];\n\nexport { signingMiddlewareFactory };\n//# sourceMappingURL=middleware.mjs.map\n","// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\n/**\n * Returns signed headers.\n *\n * @param headers `headers` from the request.\n * @returns List of headers included in canonical headers, separated by semicolons (;). This indicates which headers\n * are part of the signing process. Header names must use lowercase characters and must appear in alphabetical order.\n *\n * @internal\n */\nconst getSignedHeaders = (headers) => Object.keys(headers)\n    .map(key => key.toLowerCase())\n    .sort()\n    .join(';');\n\nexport { getSignedHeaders };\n//# sourceMappingURL=getSignedHeaders.mjs.map\n","// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\n// query params\nconst ALGORITHM_QUERY_PARAM = 'X-Amz-Algorithm';\nconst AMZ_DATE_QUERY_PARAM = 'X-Amz-Date';\nconst CREDENTIAL_QUERY_PARAM = 'X-Amz-Credential';\nconst EXPIRES_QUERY_PARAM = 'X-Amz-Expires';\nconst REGION_SET_PARAM = 'X-Amz-Region-Set';\nconst SIGNATURE_QUERY_PARAM = 'X-Amz-Signature';\nconst SIGNED_HEADERS_QUERY_PARAM = 'X-Amz-SignedHeaders';\nconst TOKEN_QUERY_PARAM = 'X-Amz-Security-Token';\n// headers\nconst AUTH_HEADER = 'authorization';\nconst HOST_HEADER = 'host';\nconst AMZ_DATE_HEADER = AMZ_DATE_QUERY_PARAM.toLowerCase();\nconst TOKEN_HEADER = TOKEN_QUERY_PARAM.toLowerCase();\n// identifiers\nconst KEY_TYPE_IDENTIFIER = 'aws4_request';\nconst SHA256_ALGORITHM_IDENTIFIER = 'AWS4-HMAC-SHA256';\nconst SIGNATURE_IDENTIFIER = 'AWS4';\n// preset values\nconst EMPTY_HASH = 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855';\nconst UNSIGNED_PAYLOAD = 'UNSIGNED-PAYLOAD';\n\nexport { ALGORITHM_QUERY_PARAM, AMZ_DATE_HEADER, AMZ_DATE_QUERY_PARAM, AUTH_HEADER, CREDENTIAL_QUERY_PARAM, EMPTY_HASH, EXPIRES_QUERY_PARAM, HOST_HEADER, KEY_TYPE_IDENTIFIER, REGION_SET_PARAM, SHA256_ALGORITHM_IDENTIFIER, SIGNATURE_IDENTIFIER, SIGNATURE_QUERY_PARAM, SIGNED_HEADERS_QUERY_PARAM, TOKEN_HEADER, TOKEN_QUERY_PARAM, UNSIGNED_PAYLOAD };\n//# sourceMappingURL=constants.mjs.map\n"],"names":[],"sourceRoot":"","ignoreList":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18]}