@azure/keyvault-common 1.0.0-beta.1 → 1.0.0

package/dist/index.js

@@ -2,28 +2,6 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var url = require('url');
-
-function _interopNamespace(e) {
-    if (e && e.__esModule) return e;
-    var n = Object.create(null);
-    if (e) {
-        Object.keys(e).forEach(function (k) {
-            if (k !== 'default') {
-                var d = Object.getOwnPropertyDescriptor(e, k);
-                Object.defineProperty(n, k, d.get ? d : {
-                    enumerable: true,
-                    get: function () { return e[k]; }
-                });
-            }
-        });
-    }
-    n["default"] = e;
-    return Object.freeze(n);
-}
-
-var url__namespace = /*#__PURE__*/_interopNamespace(url);
-
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 const validWWWAuthenticateProperties = [
@@ -170,6 +148,7 @@ function createKeyVaultChallengeCallbacks(options = {}) {
 }
 
 // Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
 /**
  * Parses a Key Vault identifier into its components.
  *
@@ -185,7 +164,7 @@ function parseKeyVaultIdentifier(collection, identifier) {
     }
     let baseUri;
     try {
-        baseUri = url__namespace.parse(identifier, true, true);
+        baseUri = new URL(identifier);
     }
     catch (e) {
         throw new Error(`Invalid ${collection} identifier: ${identifier}. Not a valid URI`);

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sources":["../src/parseWWWAuthenticate.ts","../src/challengeBasedAuthenticationPolicy.ts","../src/parseKeyVaultIdentifier.ts"],"sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/**\n * Parameters parsed out of the WWW-Authenticate header value by the parseWWWAuthenticate function.\n */\nexport interface WWWAuthenticate {\n  /**\n   * The authorization parameter, if present.\n   */\n  authorization?: string;\n\n  /**\n   * The authorization_url parameter, if present.\n   */\n  authorization_url?: string;\n\n  /**\n   * The resource parameter, if present.\n   */\n  resource?: string;\n\n  /**\n   * The scope parameter, if present.\n   */\n  scope?: string;\n\n  /**\n   * The tenantId parameter, if present.\n   */\n  tenantId?: string;\n}\n\nconst validWWWAuthenticateProperties: readonly (keyof WWWAuthenticate)[] = [\n  \"authorization\",\n  \"authorization_url\",\n  \"resource\",\n  \"scope\",\n  \"tenantId\",\n] as const;\n\n/**\n * Parses an WWW-Authenticate response header.\n * This transforms a string value like:\n * `Bearer authorization=\"https://some.url/tenantId\", resource=\"https://some.url\"`\n * into an object like:\n * `{ authorization: \"https://some.url/tenantId\", resource: \"https://some.url\" }`\n * @param headerValue - String value in the WWW-Authenticate header\n */\nexport function parseWWWAuthenticateHeader(headerValue: string): WWWAuthenticate {\n  const pairDelimiter = /,? +/;\n  const parsed = headerValue.split(pairDelimiter).reduce<WWWAuthenticate>((kvPairs, p) => {\n    if (p.match(/\\w=\"/)) {\n      // 'sampleKey=\"sample_value\"' -> [sampleKey, \"sample_value\"] -> { sampleKey: sample_value }\n      const [key, value] = p.split(\"=\");\n      if (validWWWAuthenticateProperties.includes(key as keyof WWWAuthenticate)) {\n        // The values will be wrapped in quotes, which need to be stripped out.\n        return { ...kvPairs, [key]: value.slice(1, -1) };\n      }\n    }\n    return kvPairs;\n  }, {});\n\n  // Finally, we pull the tenantId from the authorization header to support multi-tenant authentication.\n  if (parsed.authorization) {\n    try {\n      const tenantId = new URL(parsed.authorization).pathname.substring(1);\n      if (tenantId) {\n        parsed.tenantId = tenantId;\n      }\n    } catch (_) {\n      throw new Error(`The challenge authorization URI '${parsed.authorization}' is invalid.`);\n    }\n  }\n\n  return parsed;\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n  AuthorizeRequestOnChallengeOptions,\n  AuthorizeRequestOptions,\n  ChallengeCallbacks,\n  PipelineRequest,\n  RequestBodyType,\n} from \"@azure/core-rest-pipeline\";\nimport { WWWAuthenticate, parseWWWAuthenticateHeader } from \"./parseWWWAuthenticate\";\n\nimport { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * @internal\n * Holds the state of Challenge Auth.\n * When making the first request we force Key Vault to begin a challenge\n * by clearing out the request body and storing it locally.\n *\n * Later on, the authorizeRequestOnChallenge callback will process the\n * challenge and, if ready to resend the original request, reset the body\n * so that it may be sent again.\n *\n * Once a client has succeeded once, we can start skipping CAE.\n */\ntype ChallengeState =\n  | {\n      status: \"none\";\n    }\n  | {\n      status: \"started\";\n      originalBody?: RequestBodyType;\n    }\n  | {\n      status: \"complete\";\n      scopes: string[];\n    };\n\n/**\n * Additional options for the challenge based authentication policy.\n */\nexport interface CreateChallengeCallbacksOptions {\n  /**\n   * Whether to disable verification that the challenge resource matches the Key Vault or Managed HSM domain.\n   *\n   * Defaults to false.\n   */\n  disableChallengeResourceVerification?: boolean;\n}\n\nfunction verifyChallengeResource(scope: string, request: PipelineRequest): void {\n  let scopeAsUrl: URL;\n  try {\n    scopeAsUrl = new URL(scope);\n  } catch (e) {\n    throw new Error(`The challenge contains invalid scope '${scope}'`);\n  }\n\n  const requestUrl = new URL(request.url);\n\n  if (!requestUrl.hostname.endsWith(`.${scopeAsUrl.hostname}`)) {\n    throw new Error(\n      `The challenge resource '${scopeAsUrl.hostname}' does not match the requested domain. Set disableChallengeResourceVerification to true in your client options to disable. See https://aka.ms/azsdk/blog/vault-uri for more information.`\n    );\n  }\n}\n\n/**\n * Creates challenge callback handlers to manage CAE lifecycle in Azure Key Vault.\n *\n * Key Vault supports other authentication schemes, but we ensure challenge authentication\n * is used by first sending a copy of the request, without authorization or content.\n *\n * when the challenge is received, it will be authenticated and used to send the original\n * request with authorization.\n *\n * Following the first request of a client, follow-up requests will get the cached token\n * if possible.\n *\n */\nexport function createKeyVaultChallengeCallbacks(\n  options: CreateChallengeCallbacksOptions = {}\n): ChallengeCallbacks {\n  const { disableChallengeResourceVerification } = options;\n  let challengeState: ChallengeState = { status: \"none\" };\n\n  function requestToOptions(request: PipelineRequest): GetTokenOptions {\n    return {\n      abortSignal: request.abortSignal,\n      requestOptions: {\n        timeout: request.timeout > 0 ? request.timeout : undefined,\n      },\n      tracingOptions: request.tracingOptions,\n    };\n  }\n\n  async function authorizeRequest({\n    request,\n    getAccessToken,\n  }: AuthorizeRequestOptions): Promise<void> {\n    const requestOptions: GetTokenOptions = requestToOptions(request);\n\n    switch (challengeState.status) {\n      case \"none\":\n        challengeState = {\n          status: \"started\",\n          originalBody: request.body,\n        };\n        request.body = null;\n        break;\n      case \"started\":\n        break; // Retry, we should not overwrite the original body\n      case \"complete\": {\n        const token = await getAccessToken(challengeState.scopes, requestOptions);\n        if (token) {\n          request.headers.set(\"authorization\", `Bearer ${token.token}`);\n        }\n        break;\n      }\n    }\n    return Promise.resolve();\n  }\n\n  async function authorizeRequestOnChallenge({\n    request,\n    response,\n    getAccessToken,\n  }: AuthorizeRequestOnChallengeOptions): Promise<boolean> {\n    if (request.body === null && challengeState.status === \"started\") {\n      // Reset the original body before doing anything else.\n      // Note: If successful status will be \"complete\", otherwise \"none\" will\n      // restart the process.\n      request.body = challengeState.originalBody;\n    }\n\n    const getTokenOptions = requestToOptions(request);\n\n    const challenge = response.headers.get(\"WWW-Authenticate\");\n    if (!challenge) {\n      throw new Error(\"Missing challenge.\");\n    }\n    const parsedChallenge: WWWAuthenticate = parseWWWAuthenticateHeader(challenge) || {};\n\n    const scope = parsedChallenge.resource\n      ? parsedChallenge.resource + \"/.default\"\n      : parsedChallenge.scope;\n\n    if (!scope) {\n      throw new Error(\"Missing scope.\");\n    }\n\n    if (!disableChallengeResourceVerification) {\n      verifyChallengeResource(scope, request);\n    }\n\n    const accessToken = await getAccessToken([scope], {\n      ...getTokenOptions,\n      tenantId: parsedChallenge.tenantId,\n    });\n\n    if (!accessToken) {\n      return false;\n    }\n\n    request.headers.set(\"Authorization\", `Bearer ${accessToken.token}`);\n\n    challengeState = {\n      status: \"complete\",\n      scopes: [scope],\n    };\n\n    return true;\n  }\n\n  return {\n    authorizeRequest,\n    authorizeRequestOnChallenge,\n  };\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as url from \"url\";\n\n/**\n * The parsed components of a Key Vault entity identifier.\n */\nexport interface KeyVaultEntityIdentifier {\n  /**\n   * The vault URI.\n   */\n  vaultUrl: string;\n  /**\n   * The version of key/secret/certificate. May be undefined.\n   */\n  version?: string;\n  /**\n   * The name of key/secret/certificate.\n   */\n  name: string;\n}\n\n/**\n * Parses a Key Vault identifier into its components.\n *\n * @param collection - The collection of the Key Vault identifier.\n * @param identifier - The Key Vault identifier to be parsed.\n */\nexport function parseKeyVaultIdentifier(\n  collection: string,\n  identifier: string | undefined\n): KeyVaultEntityIdentifier {\n  if (typeof collection !== \"string\" || !(collection = collection.trim())) {\n    throw new Error(\"Invalid collection argument\");\n  }\n\n  if (typeof identifier !== \"string\" || !(identifier = identifier.trim())) {\n    throw new Error(\"Invalid identifier argument\");\n  }\n\n  let baseUri;\n  try {\n    baseUri = url.parse(identifier, true, true);\n  } catch (e: any) {\n    throw new Error(`Invalid ${collection} identifier: ${identifier}. Not a valid URI`);\n  }\n\n  // Path is of the form '/collection/name[/version]'\n  const segments = (baseUri.pathname || \"\").split(\"/\");\n  if (segments.length !== 3 && segments.length !== 4) {\n    throw new Error(\n      `Invalid ${collection} identifier: ${identifier}. Bad number of segments: ${segments.length}`\n    );\n  }\n\n  if (collection !== segments[1]) {\n    throw new Error(\n      `Invalid ${collection} identifier: ${identifier}. segment [1] should be \"${collection}\", found \"${segments[1]}\"`\n    );\n  }\n\n  const vaultUrl = `${baseUri.protocol}//${baseUri.host}`;\n  const name = segments[2];\n  const version = segments.length === 4 ? segments[3] : undefined;\n  return {\n    vaultUrl,\n    name,\n    version,\n  };\n}\n"],"names":["url"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AACA;AAgCA,MAAM,8BAA8B,GAAuC;IACzE,eAAe;IACf,mBAAmB;IACnB,UAAU;IACV,OAAO;IACP,UAAU;CACF,CAAC;AAEX;;;;;;;AAOG;AACG,SAAU,0BAA0B,CAAC,WAAmB,EAAA;IAC5D,MAAM,aAAa,GAAG,MAAM,CAAC;AAC7B,IAAA,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,MAAM,CAAkB,CAAC,OAAO,EAAE,CAAC,KAAI;AACrF,QAAA,IAAI,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE;;AAEnB,YAAA,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAClC,YAAA,IAAI,8BAA8B,CAAC,QAAQ,CAAC,GAA4B,CAAC,EAAE;;AAEzE,gBAAA,OAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAAY,OAAO,CAAA,EAAA,EAAE,CAAC,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAG,CAAA,CAAA;AAClD,aAAA;AACF,SAAA;AACD,QAAA,OAAO,OAAO,CAAC;KAChB,EAAE,EAAE,CAAC,CAAC;;IAGP,IAAI,MAAM,CAAC,aAAa,EAAE;QACxB,IAAI;AACF,YAAA,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;AACrE,YAAA,IAAI,QAAQ,EAAE;AACZ,gBAAA,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;AAC5B,aAAA;AACF,SAAA;AAAC,QAAA,OAAO,CAAC,EAAE;YACV,MAAM,IAAI,KAAK,CAAC,CAAA,iCAAA,EAAoC,MAAM,CAAC,aAAa,CAAe,aAAA,CAAA,CAAC,CAAC;AAC1F,SAAA;AACF,KAAA;AAED,IAAA,OAAO,MAAM,CAAC;AAChB;;AC5EA;AAmDA,SAAS,uBAAuB,CAAC,KAAa,EAAE,OAAwB,EAAA;AACtE,IAAA,IAAI,UAAe,CAAC;IACpB,IAAI;AACF,QAAA,UAAU,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;AAC7B,KAAA;AAAC,IAAA,OAAO,CAAC,EAAE;AACV,QAAA,MAAM,IAAI,KAAK,CAAC,yCAAyC,KAAK,CAAA,CAAA,CAAG,CAAC,CAAC;AACpE,KAAA;IAED,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;AAExC,IAAA,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA,CAAA,EAAI,UAAU,CAAC,QAAQ,CAAA,CAAE,CAAC,EAAE;QAC5D,MAAM,IAAI,KAAK,CACb,CAAA,wBAAA,EAA2B,UAAU,CAAC,QAAQ,CAA0L,wLAAA,CAAA,CACzO,CAAC;AACH,KAAA;AACH,CAAC;AAED;;;;;;;;;;;;AAYG;AACa,SAAA,gCAAgC,CAC9C,OAAA,GAA2C,EAAE,EAAA;AAE7C,IAAA,MAAM,EAAE,oCAAoC,EAAE,GAAG,OAAO,CAAC;AACzD,IAAA,IAAI,cAAc,GAAmB,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAExD,SAAS,gBAAgB,CAAC,OAAwB,EAAA;QAChD,OAAO;YACL,WAAW,EAAE,OAAO,CAAC,WAAW;AAChC,YAAA,cAAc,EAAE;AACd,gBAAA,OAAO,EAAE,OAAO,CAAC,OAAO,GAAG,CAAC,GAAG,OAAO,CAAC,OAAO,GAAG,SAAS;AAC3D,aAAA;YACD,cAAc,EAAE,OAAO,CAAC,cAAc;SACvC,CAAC;KACH;AAED,IAAA,eAAe,gBAAgB,CAAC,EAC9B,OAAO,EACP,cAAc,GACU,EAAA;AACxB,QAAA,MAAM,cAAc,GAAoB,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAElE,QAAQ,cAAc,CAAC,MAAM;AAC3B,YAAA,KAAK,MAAM;AACT,gBAAA,cAAc,GAAG;AACf,oBAAA,MAAM,EAAE,SAAS;oBACjB,YAAY,EAAE,OAAO,CAAC,IAAI;iBAC3B,CAAC;AACF,gBAAA,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACpB,MAAM;AACR,YAAA,KAAK,SAAS;AACZ,gBAAA,MAAM;YACR,KAAK,UAAU,EAAE;gBACf,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,cAAc,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;AAC1E,gBAAA,IAAI,KAAK,EAAE;AACT,oBAAA,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAA,OAAA,EAAU,KAAK,CAAC,KAAK,CAAA,CAAE,CAAC,CAAC;AAC/D,iBAAA;gBACD,MAAM;AACP,aAAA;AACF,SAAA;AACD,QAAA,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;KAC1B;IAED,eAAe,2BAA2B,CAAC,EACzC,OAAO,EACP,QAAQ,EACR,cAAc,GACqB,EAAA;QACnC,IAAI,OAAO,CAAC,IAAI,KAAK,IAAI,IAAI,cAAc,CAAC,MAAM,KAAK,SAAS,EAAE;;;;AAIhE,YAAA,OAAO,CAAC,IAAI,GAAG,cAAc,CAAC,YAAY,CAAC;AAC5C,SAAA;AAED,QAAA,MAAM,eAAe,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAElD,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC3D,IAAI,CAAC,SAAS,EAAE;AACd,YAAA,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;AACvC,SAAA;QACD,MAAM,eAAe,GAAoB,0BAA0B,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;AAErF,QAAA,MAAM,KAAK,GAAG,eAAe,CAAC,QAAQ;AACpC,cAAE,eAAe,CAAC,QAAQ,GAAG,WAAW;AACxC,cAAE,eAAe,CAAC,KAAK,CAAC;QAE1B,IAAI,CAAC,KAAK,EAAE;AACV,YAAA,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;AACnC,SAAA;QAED,IAAI,CAAC,oCAAoC,EAAE;AACzC,YAAA,uBAAuB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;AACzC,SAAA;AAED,QAAA,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,CAAC,KAAK,CAAC,EAC3C,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAAA,eAAe,KAClB,QAAQ,EAAE,eAAe,CAAC,QAAQ,IAClC,CAAC;QAEH,IAAI,CAAC,WAAW,EAAE;AAChB,YAAA,OAAO,KAAK,CAAC;AACd,SAAA;AAED,QAAA,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAA,OAAA,EAAU,WAAW,CAAC,KAAK,CAAA,CAAE,CAAC,CAAC;AAEpE,QAAA,cAAc,GAAG;AACf,YAAA,MAAM,EAAE,UAAU;YAClB,MAAM,EAAE,CAAC,KAAK,CAAC;SAChB,CAAC;AAEF,QAAA,OAAO,IAAI,CAAC;KACb;IAED,OAAO;QACL,gBAAgB;QAChB,2BAA2B;KAC5B,CAAC;AACJ;;ACnLA;AAuBA;;;;;AAKG;AACa,SAAA,uBAAuB,CACrC,UAAkB,EAClB,UAA8B,EAAA;AAE9B,IAAA,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,EAAE,UAAU,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC,EAAE;AACvE,QAAA,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;AAChD,KAAA;AAED,IAAA,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,EAAE,UAAU,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC,EAAE;AACvE,QAAA,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;AAChD,KAAA;AAED,IAAA,IAAI,OAAO,CAAC;IACZ,IAAI;QACF,OAAO,GAAGA,cAAG,CAAC,KAAK,CAAC,UAAU,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;AAC7C,KAAA;AAAC,IAAA,OAAO,CAAM,EAAE;QACf,MAAM,IAAI,KAAK,CAAC,CAAA,QAAA,EAAW,UAAU,CAAgB,aAAA,EAAA,UAAU,CAAmB,iBAAA,CAAA,CAAC,CAAC;AACrF,KAAA;;AAGD,IAAA,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACrD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;AAClD,QAAA,MAAM,IAAI,KAAK,CACb,CAAA,QAAA,EAAW,UAAU,CAAA,aAAA,EAAgB,UAAU,CAAA,0BAAA,EAA6B,QAAQ,CAAC,MAAM,CAAA,CAAE,CAC9F,CAAC;AACH,KAAA;AAED,IAAA,IAAI,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE;AAC9B,QAAA,MAAM,IAAI,KAAK,CACb,CAAW,QAAA,EAAA,UAAU,gBAAgB,UAAU,CAAA,yBAAA,EAA4B,UAAU,CAAA,UAAA,EAAa,QAAQ,CAAC,CAAC,CAAC,CAAA,CAAA,CAAG,CACjH,CAAC;AACH,KAAA;IAED,MAAM,QAAQ,GAAG,CAAA,EAAG,OAAO,CAAC,QAAQ,CAAA,EAAA,EAAK,OAAO,CAAC,IAAI,CAAA,CAAE,CAAC;AACxD,IAAA,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;AACzB,IAAA,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,KAAK,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC;IAChE,OAAO;QACL,QAAQ;QACR,IAAI;QACJ,OAAO;KACR,CAAC;AACJ;;;;;"}
+{"version":3,"file":"index.js","sources":["../src/parseWWWAuthenticate.ts","../src/challengeBasedAuthenticationPolicy.ts","../src/parseKeyVaultIdentifier.ts"],"sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/**\n * Parameters parsed out of the WWW-Authenticate header value by the parseWWWAuthenticate function.\n */\nexport interface WWWAuthenticate {\n  /**\n   * The authorization parameter, if present.\n   */\n  authorization?: string;\n\n  /**\n   * The authorization_url parameter, if present.\n   */\n  authorization_url?: string;\n\n  /**\n   * The resource parameter, if present.\n   */\n  resource?: string;\n\n  /**\n   * The scope parameter, if present.\n   */\n  scope?: string;\n\n  /**\n   * The tenantId parameter, if present.\n   */\n  tenantId?: string;\n}\n\nconst validWWWAuthenticateProperties: readonly (keyof WWWAuthenticate)[] = [\n  \"authorization\",\n  \"authorization_url\",\n  \"resource\",\n  \"scope\",\n  \"tenantId\",\n] as const;\n\n/**\n * Parses an WWW-Authenticate response header.\n * This transforms a string value like:\n * `Bearer authorization=\"https://some.url/tenantId\", resource=\"https://some.url\"`\n * into an object like:\n * `{ authorization: \"https://some.url/tenantId\", resource: \"https://some.url\" }`\n * @param headerValue - String value in the WWW-Authenticate header\n */\nexport function parseWWWAuthenticateHeader(headerValue: string): WWWAuthenticate {\n  const pairDelimiter = /,? +/;\n  const parsed = headerValue.split(pairDelimiter).reduce<WWWAuthenticate>((kvPairs, p) => {\n    if (p.match(/\\w=\"/)) {\n      // 'sampleKey=\"sample_value\"' -> [sampleKey, \"sample_value\"] -> { sampleKey: sample_value }\n      const [key, value] = p.split(\"=\");\n      if (validWWWAuthenticateProperties.includes(key as keyof WWWAuthenticate)) {\n        // The values will be wrapped in quotes, which need to be stripped out.\n        return { ...kvPairs, [key]: value.slice(1, -1) };\n      }\n    }\n    return kvPairs;\n  }, {});\n\n  // Finally, we pull the tenantId from the authorization header to support multi-tenant authentication.\n  if (parsed.authorization) {\n    try {\n      const tenantId = new URL(parsed.authorization).pathname.substring(1);\n      if (tenantId) {\n        parsed.tenantId = tenantId;\n      }\n    } catch (_) {\n      throw new Error(`The challenge authorization URI '${parsed.authorization}' is invalid.`);\n    }\n  }\n\n  return parsed;\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport {\n  AuthorizeRequestOnChallengeOptions,\n  AuthorizeRequestOptions,\n  ChallengeCallbacks,\n  PipelineRequest,\n  RequestBodyType,\n} from \"@azure/core-rest-pipeline\";\nimport { WWWAuthenticate, parseWWWAuthenticateHeader } from \"./parseWWWAuthenticate\";\n\nimport { GetTokenOptions } from \"@azure/core-auth\";\n\n/**\n * @internal\n * Holds the state of Challenge Auth.\n * When making the first request we force Key Vault to begin a challenge\n * by clearing out the request body and storing it locally.\n *\n * Later on, the authorizeRequestOnChallenge callback will process the\n * challenge and, if ready to resend the original request, reset the body\n * so that it may be sent again.\n *\n * Once a client has succeeded once, we can start skipping CAE.\n */\ntype ChallengeState =\n  | {\n      status: \"none\";\n    }\n  | {\n      status: \"started\";\n      originalBody?: RequestBodyType;\n    }\n  | {\n      status: \"complete\";\n      scopes: string[];\n    };\n\n/**\n * Additional options for the challenge based authentication policy.\n */\nexport interface CreateChallengeCallbacksOptions {\n  /**\n   * Whether to disable verification that the challenge resource matches the Key Vault or Managed HSM domain.\n   *\n   * Defaults to false.\n   */\n  disableChallengeResourceVerification?: boolean;\n}\n\nfunction verifyChallengeResource(scope: string, request: PipelineRequest): void {\n  let scopeAsUrl: URL;\n  try {\n    scopeAsUrl = new URL(scope);\n  } catch (e) {\n    throw new Error(`The challenge contains invalid scope '${scope}'`);\n  }\n\n  const requestUrl = new URL(request.url);\n\n  if (!requestUrl.hostname.endsWith(`.${scopeAsUrl.hostname}`)) {\n    throw new Error(\n      `The challenge resource '${scopeAsUrl.hostname}' does not match the requested domain. Set disableChallengeResourceVerification to true in your client options to disable. See https://aka.ms/azsdk/blog/vault-uri for more information.`\n    );\n  }\n}\n\n/**\n * Creates challenge callback handlers to manage CAE lifecycle in Azure Key Vault.\n *\n * Key Vault supports other authentication schemes, but we ensure challenge authentication\n * is used by first sending a copy of the request, without authorization or content.\n *\n * when the challenge is received, it will be authenticated and used to send the original\n * request with authorization.\n *\n * Following the first request of a client, follow-up requests will get the cached token\n * if possible.\n *\n */\nexport function createKeyVaultChallengeCallbacks(\n  options: CreateChallengeCallbacksOptions = {}\n): ChallengeCallbacks {\n  const { disableChallengeResourceVerification } = options;\n  let challengeState: ChallengeState = { status: \"none\" };\n\n  function requestToOptions(request: PipelineRequest): GetTokenOptions {\n    return {\n      abortSignal: request.abortSignal,\n      requestOptions: {\n        timeout: request.timeout > 0 ? request.timeout : undefined,\n      },\n      tracingOptions: request.tracingOptions,\n    };\n  }\n\n  async function authorizeRequest({\n    request,\n    getAccessToken,\n  }: AuthorizeRequestOptions): Promise<void> {\n    const requestOptions: GetTokenOptions = requestToOptions(request);\n\n    switch (challengeState.status) {\n      case \"none\":\n        challengeState = {\n          status: \"started\",\n          originalBody: request.body,\n        };\n        request.body = null;\n        break;\n      case \"started\":\n        break; // Retry, we should not overwrite the original body\n      case \"complete\": {\n        const token = await getAccessToken(challengeState.scopes, requestOptions);\n        if (token) {\n          request.headers.set(\"authorization\", `Bearer ${token.token}`);\n        }\n        break;\n      }\n    }\n    return Promise.resolve();\n  }\n\n  async function authorizeRequestOnChallenge({\n    request,\n    response,\n    getAccessToken,\n  }: AuthorizeRequestOnChallengeOptions): Promise<boolean> {\n    if (request.body === null && challengeState.status === \"started\") {\n      // Reset the original body before doing anything else.\n      // Note: If successful status will be \"complete\", otherwise \"none\" will\n      // restart the process.\n      request.body = challengeState.originalBody;\n    }\n\n    const getTokenOptions = requestToOptions(request);\n\n    const challenge = response.headers.get(\"WWW-Authenticate\");\n    if (!challenge) {\n      throw new Error(\"Missing challenge.\");\n    }\n    const parsedChallenge: WWWAuthenticate = parseWWWAuthenticateHeader(challenge) || {};\n\n    const scope = parsedChallenge.resource\n      ? parsedChallenge.resource + \"/.default\"\n      : parsedChallenge.scope;\n\n    if (!scope) {\n      throw new Error(\"Missing scope.\");\n    }\n\n    if (!disableChallengeResourceVerification) {\n      verifyChallengeResource(scope, request);\n    }\n\n    const accessToken = await getAccessToken([scope], {\n      ...getTokenOptions,\n      tenantId: parsedChallenge.tenantId,\n    });\n\n    if (!accessToken) {\n      return false;\n    }\n\n    request.headers.set(\"Authorization\", `Bearer ${accessToken.token}`);\n\n    challengeState = {\n      status: \"complete\",\n      scopes: [scope],\n    };\n\n    return true;\n  }\n\n  return {\n    authorizeRequest,\n    authorizeRequestOnChallenge,\n  };\n}\n","// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/**\n * The parsed components of a Key Vault entity identifier.\n */\nexport interface KeyVaultEntityIdentifier {\n  /**\n   * The vault URI.\n   */\n  vaultUrl: string;\n  /**\n   * The version of key/secret/certificate. May be undefined.\n   */\n  version?: string;\n  /**\n   * The name of key/secret/certificate.\n   */\n  name: string;\n}\n\n/**\n * Parses a Key Vault identifier into its components.\n *\n * @param collection - The collection of the Key Vault identifier.\n * @param identifier - The Key Vault identifier to be parsed.\n */\nexport function parseKeyVaultIdentifier(\n  collection: string,\n  identifier: string | undefined\n): KeyVaultEntityIdentifier {\n  if (typeof collection !== \"string\" || !(collection = collection.trim())) {\n    throw new Error(\"Invalid collection argument\");\n  }\n\n  if (typeof identifier !== \"string\" || !(identifier = identifier.trim())) {\n    throw new Error(\"Invalid identifier argument\");\n  }\n\n  let baseUri;\n  try {\n    baseUri = new URL(identifier);\n  } catch (e: any) {\n    throw new Error(`Invalid ${collection} identifier: ${identifier}. Not a valid URI`);\n  }\n\n  // Path is of the form '/collection/name[/version]'\n  const segments = (baseUri.pathname || \"\").split(\"/\");\n  if (segments.length !== 3 && segments.length !== 4) {\n    throw new Error(\n      `Invalid ${collection} identifier: ${identifier}. Bad number of segments: ${segments.length}`\n    );\n  }\n\n  if (collection !== segments[1]) {\n    throw new Error(\n      `Invalid ${collection} identifier: ${identifier}. segment [1] should be \"${collection}\", found \"${segments[1]}\"`\n    );\n  }\n\n  const vaultUrl = `${baseUri.protocol}//${baseUri.host}`;\n  const name = segments[2];\n  const version = segments.length === 4 ? segments[3] : undefined;\n  return {\n    vaultUrl,\n    name,\n    version,\n  };\n}\n"],"names":[],"mappings":";;;;AAAA;AACA;AAgCA,MAAM,8BAA8B,GAAuC;IACzE,eAAe;IACf,mBAAmB;IACnB,UAAU;IACV,OAAO;IACP,UAAU;CACF,CAAC;AAEX;;;;;;;AAOG;AACG,SAAU,0BAA0B,CAAC,WAAmB,EAAA;IAC5D,MAAM,aAAa,GAAG,MAAM,CAAC;AAC7B,IAAA,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,MAAM,CAAkB,CAAC,OAAO,EAAE,CAAC,KAAI;AACrF,QAAA,IAAI,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE;;AAEnB,YAAA,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAClC,YAAA,IAAI,8BAA8B,CAAC,QAAQ,CAAC,GAA4B,CAAC,EAAE;;AAEzE,gBAAA,OAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAAY,OAAO,CAAA,EAAA,EAAE,CAAC,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAG,CAAA,CAAA;AAClD,aAAA;AACF,SAAA;AACD,QAAA,OAAO,OAAO,CAAC;KAChB,EAAE,EAAE,CAAC,CAAC;;IAGP,IAAI,MAAM,CAAC,aAAa,EAAE;QACxB,IAAI;AACF,YAAA,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;AACrE,YAAA,IAAI,QAAQ,EAAE;AACZ,gBAAA,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;AAC5B,aAAA;AACF,SAAA;AAAC,QAAA,OAAO,CAAC,EAAE;YACV,MAAM,IAAI,KAAK,CAAC,CAAA,iCAAA,EAAoC,MAAM,CAAC,aAAa,CAAe,aAAA,CAAA,CAAC,CAAC;AAC1F,SAAA;AACF,KAAA;AAED,IAAA,OAAO,MAAM,CAAC;AAChB;;AC5EA;AAmDA,SAAS,uBAAuB,CAAC,KAAa,EAAE,OAAwB,EAAA;AACtE,IAAA,IAAI,UAAe,CAAC;IACpB,IAAI;AACF,QAAA,UAAU,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;AAC7B,KAAA;AAAC,IAAA,OAAO,CAAC,EAAE;AACV,QAAA,MAAM,IAAI,KAAK,CAAC,yCAAyC,KAAK,CAAA,CAAA,CAAG,CAAC,CAAC;AACpE,KAAA;IAED,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;AAExC,IAAA,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA,CAAA,EAAI,UAAU,CAAC,QAAQ,CAAA,CAAE,CAAC,EAAE;QAC5D,MAAM,IAAI,KAAK,CACb,CAAA,wBAAA,EAA2B,UAAU,CAAC,QAAQ,CAA0L,wLAAA,CAAA,CACzO,CAAC;AACH,KAAA;AACH,CAAC;AAED;;;;;;;;;;;;AAYG;AACa,SAAA,gCAAgC,CAC9C,OAAA,GAA2C,EAAE,EAAA;AAE7C,IAAA,MAAM,EAAE,oCAAoC,EAAE,GAAG,OAAO,CAAC;AACzD,IAAA,IAAI,cAAc,GAAmB,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAExD,SAAS,gBAAgB,CAAC,OAAwB,EAAA;QAChD,OAAO;YACL,WAAW,EAAE,OAAO,CAAC,WAAW;AAChC,YAAA,cAAc,EAAE;AACd,gBAAA,OAAO,EAAE,OAAO,CAAC,OAAO,GAAG,CAAC,GAAG,OAAO,CAAC,OAAO,GAAG,SAAS;AAC3D,aAAA;YACD,cAAc,EAAE,OAAO,CAAC,cAAc;SACvC,CAAC;KACH;AAED,IAAA,eAAe,gBAAgB,CAAC,EAC9B,OAAO,EACP,cAAc,GACU,EAAA;AACxB,QAAA,MAAM,cAAc,GAAoB,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAElE,QAAQ,cAAc,CAAC,MAAM;AAC3B,YAAA,KAAK,MAAM;AACT,gBAAA,cAAc,GAAG;AACf,oBAAA,MAAM,EAAE,SAAS;oBACjB,YAAY,EAAE,OAAO,CAAC,IAAI;iBAC3B,CAAC;AACF,gBAAA,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;gBACpB,MAAM;AACR,YAAA,KAAK,SAAS;AACZ,gBAAA,MAAM;YACR,KAAK,UAAU,EAAE;gBACf,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,cAAc,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;AAC1E,gBAAA,IAAI,KAAK,EAAE;AACT,oBAAA,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAA,OAAA,EAAU,KAAK,CAAC,KAAK,CAAA,CAAE,CAAC,CAAC;AAC/D,iBAAA;gBACD,MAAM;AACP,aAAA;AACF,SAAA;AACD,QAAA,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;KAC1B;IAED,eAAe,2BAA2B,CAAC,EACzC,OAAO,EACP,QAAQ,EACR,cAAc,GACqB,EAAA;QACnC,IAAI,OAAO,CAAC,IAAI,KAAK,IAAI,IAAI,cAAc,CAAC,MAAM,KAAK,SAAS,EAAE;;;;AAIhE,YAAA,OAAO,CAAC,IAAI,GAAG,cAAc,CAAC,YAAY,CAAC;AAC5C,SAAA;AAED,QAAA,MAAM,eAAe,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAElD,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC3D,IAAI,CAAC,SAAS,EAAE;AACd,YAAA,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;AACvC,SAAA;QACD,MAAM,eAAe,GAAoB,0BAA0B,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;AAErF,QAAA,MAAM,KAAK,GAAG,eAAe,CAAC,QAAQ;AACpC,cAAE,eAAe,CAAC,QAAQ,GAAG,WAAW;AACxC,cAAE,eAAe,CAAC,KAAK,CAAC;QAE1B,IAAI,CAAC,KAAK,EAAE;AACV,YAAA,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;AACnC,SAAA;QAED,IAAI,CAAC,oCAAoC,EAAE;AACzC,YAAA,uBAAuB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;AACzC,SAAA;AAED,QAAA,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,CAAC,KAAK,CAAC,EAC3C,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAAA,eAAe,KAClB,QAAQ,EAAE,eAAe,CAAC,QAAQ,IAClC,CAAC;QAEH,IAAI,CAAC,WAAW,EAAE;AAChB,YAAA,OAAO,KAAK,CAAC;AACd,SAAA;AAED,QAAA,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAA,OAAA,EAAU,WAAW,CAAC,KAAK,CAAA,CAAE,CAAC,CAAC;AAEpE,QAAA,cAAc,GAAG;AACf,YAAA,MAAM,EAAE,UAAU;YAClB,MAAM,EAAE,CAAC,KAAK,CAAC;SAChB,CAAC;AAEF,QAAA,OAAO,IAAI,CAAC;KACb;IAED,OAAO;QACL,gBAAgB;QAChB,2BAA2B;KAC5B,CAAC;AACJ;;ACnLA;AACA;AAoBA;;;;;AAKG;AACa,SAAA,uBAAuB,CACrC,UAAkB,EAClB,UAA8B,EAAA;AAE9B,IAAA,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,EAAE,UAAU,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC,EAAE;AACvE,QAAA,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;AAChD,KAAA;AAED,IAAA,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,EAAE,UAAU,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC,EAAE;AACvE,QAAA,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;AAChD,KAAA;AAED,IAAA,IAAI,OAAO,CAAC;IACZ,IAAI;AACF,QAAA,OAAO,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;AAC/B,KAAA;AAAC,IAAA,OAAO,CAAM,EAAE;QACf,MAAM,IAAI,KAAK,CAAC,CAAA,QAAA,EAAW,UAAU,CAAgB,aAAA,EAAA,UAAU,CAAmB,iBAAA,CAAA,CAAC,CAAC;AACrF,KAAA;;AAGD,IAAA,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACrD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;AAClD,QAAA,MAAM,IAAI,KAAK,CACb,CAAA,QAAA,EAAW,UAAU,CAAA,aAAA,EAAgB,UAAU,CAAA,0BAAA,EAA6B,QAAQ,CAAC,MAAM,CAAA,CAAE,CAC9F,CAAC;AACH,KAAA;AAED,IAAA,IAAI,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE;AAC9B,QAAA,MAAM,IAAI,KAAK,CACb,CAAW,QAAA,EAAA,UAAU,gBAAgB,UAAU,CAAA,yBAAA,EAA4B,UAAU,CAAA,UAAA,EAAa,QAAQ,CAAC,CAAC,CAAC,CAAA,CAAA,CAAG,CACjH,CAAC;AACH,KAAA;IAED,MAAM,QAAQ,GAAG,CAAA,EAAG,OAAO,CAAC,QAAQ,CAAA,EAAA,EAAK,OAAO,CAAC,IAAI,CAAA,CAAE,CAAC;AACxD,IAAA,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;AACzB,IAAA,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,KAAK,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC;IAChE,OAAO;QACL,QAAQ;QACR,IAAI;QACJ,OAAO;KACR,CAAC;AACJ;;;;;"}

package/dist-esm/src/parseKeyVaultIdentifier.js

@@ -1,6 +1,5 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
-import * as url from "url";
 /**
  * Parses a Key Vault identifier into its components.
  *
@@ -16,7 +15,7 @@ export function parseKeyVaultIdentifier(collection, identifier) {
     }
     let baseUri;
     try {
-        baseUri = url.parse(identifier, true, true);
+        baseUri = new URL(identifier);
     }
     catch (e) {
         throw new Error(`Invalid ${collection} identifier: ${identifier}. Not a valid URI`);

package/dist-esm/src/parseKeyVaultIdentifier.js.map

@@ -1 +1 @@
-{"version":3,"file":"parseKeyVaultIdentifier.js","sourceRoot":"","sources":["../../src/parseKeyVaultIdentifier.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,GAAG,MAAM,KAAK,CAAC;AAoB3B;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CACrC,UAAkB,EAClB,UAA8B;IAE9B,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC,EAAE;QACvE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;KAChD;IAED,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC,EAAE;QACvE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;KAChD;IAED,IAAI,OAAO,CAAC;IACZ,IAAI;QACF,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;KAC7C;IAAC,OAAO,CAAM,EAAE;QACf,MAAM,IAAI,KAAK,CAAC,WAAW,UAAU,gBAAgB,UAAU,mBAAmB,CAAC,CAAC;KACrF;IAED,mDAAmD;IACnD,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;QAClD,MAAM,IAAI,KAAK,CACb,WAAW,UAAU,gBAAgB,UAAU,6BAA6B,QAAQ,CAAC,MAAM,EAAE,CAC9F,CAAC;KACH;IAED,IAAI,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE;QAC9B,MAAM,IAAI,KAAK,CACb,WAAW,UAAU,gBAAgB,UAAU,4BAA4B,UAAU,aAAa,QAAQ,CAAC,CAAC,CAAC,GAAG,CACjH,CAAC;KACH;IAED,MAAM,QAAQ,GAAG,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,IAAI,EAAE,CAAC;IACxD,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAChE,OAAO;QACL,QAAQ;QACR,IAAI;QACJ,OAAO;KACR,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as url from \"url\";\n\n/**\n * The parsed components of a Key Vault entity identifier.\n */\nexport interface KeyVaultEntityIdentifier {\n  /**\n   * The vault URI.\n   */\n  vaultUrl: string;\n  /**\n   * The version of key/secret/certificate. May be undefined.\n   */\n  version?: string;\n  /**\n   * The name of key/secret/certificate.\n   */\n  name: string;\n}\n\n/**\n * Parses a Key Vault identifier into its components.\n *\n * @param collection - The collection of the Key Vault identifier.\n * @param identifier - The Key Vault identifier to be parsed.\n */\nexport function parseKeyVaultIdentifier(\n  collection: string,\n  identifier: string | undefined\n): KeyVaultEntityIdentifier {\n  if (typeof collection !== \"string\" || !(collection = collection.trim())) {\n    throw new Error(\"Invalid collection argument\");\n  }\n\n  if (typeof identifier !== \"string\" || !(identifier = identifier.trim())) {\n    throw new Error(\"Invalid identifier argument\");\n  }\n\n  let baseUri;\n  try {\n    baseUri = url.parse(identifier, true, true);\n  } catch (e: any) {\n    throw new Error(`Invalid ${collection} identifier: ${identifier}. Not a valid URI`);\n  }\n\n  // Path is of the form '/collection/name[/version]'\n  const segments = (baseUri.pathname || \"\").split(\"/\");\n  if (segments.length !== 3 && segments.length !== 4) {\n    throw new Error(\n      `Invalid ${collection} identifier: ${identifier}. Bad number of segments: ${segments.length}`\n    );\n  }\n\n  if (collection !== segments[1]) {\n    throw new Error(\n      `Invalid ${collection} identifier: ${identifier}. segment [1] should be \"${collection}\", found \"${segments[1]}\"`\n    );\n  }\n\n  const vaultUrl = `${baseUri.protocol}//${baseUri.host}`;\n  const name = segments[2];\n  const version = segments.length === 4 ? segments[3] : undefined;\n  return {\n    vaultUrl,\n    name,\n    version,\n  };\n}\n"]}
+{"version":3,"file":"parseKeyVaultIdentifier.js","sourceRoot":"","sources":["../../src/parseKeyVaultIdentifier.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAoBlC;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CACrC,UAAkB,EAClB,UAA8B;IAE9B,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC,EAAE;QACvE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;KAChD;IAED,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,CAAC,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC,EAAE;QACvE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;KAChD;IAED,IAAI,OAAO,CAAC;IACZ,IAAI;QACF,OAAO,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;KAC/B;IAAC,OAAO,CAAM,EAAE;QACf,MAAM,IAAI,KAAK,CAAC,WAAW,UAAU,gBAAgB,UAAU,mBAAmB,CAAC,CAAC;KACrF;IAED,mDAAmD;IACnD,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;QAClD,MAAM,IAAI,KAAK,CACb,WAAW,UAAU,gBAAgB,UAAU,6BAA6B,QAAQ,CAAC,MAAM,EAAE,CAC9F,CAAC;KACH;IAED,IAAI,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE;QAC9B,MAAM,IAAI,KAAK,CACb,WAAW,UAAU,gBAAgB,UAAU,4BAA4B,UAAU,aAAa,QAAQ,CAAC,CAAC,CAAC,GAAG,CACjH,CAAC;KACH;IAED,MAAM,QAAQ,GAAG,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,IAAI,EAAE,CAAC;IACxD,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAChE,OAAO;QACL,QAAQ;QACR,IAAI;QACJ,OAAO;KACR,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/**\n * The parsed components of a Key Vault entity identifier.\n */\nexport interface KeyVaultEntityIdentifier {\n  /**\n   * The vault URI.\n   */\n  vaultUrl: string;\n  /**\n   * The version of key/secret/certificate. May be undefined.\n   */\n  version?: string;\n  /**\n   * The name of key/secret/certificate.\n   */\n  name: string;\n}\n\n/**\n * Parses a Key Vault identifier into its components.\n *\n * @param collection - The collection of the Key Vault identifier.\n * @param identifier - The Key Vault identifier to be parsed.\n */\nexport function parseKeyVaultIdentifier(\n  collection: string,\n  identifier: string | undefined\n): KeyVaultEntityIdentifier {\n  if (typeof collection !== \"string\" || !(collection = collection.trim())) {\n    throw new Error(\"Invalid collection argument\");\n  }\n\n  if (typeof identifier !== \"string\" || !(identifier = identifier.trim())) {\n    throw new Error(\"Invalid identifier argument\");\n  }\n\n  let baseUri;\n  try {\n    baseUri = new URL(identifier);\n  } catch (e: any) {\n    throw new Error(`Invalid ${collection} identifier: ${identifier}. Not a valid URI`);\n  }\n\n  // Path is of the form '/collection/name[/version]'\n  const segments = (baseUri.pathname || \"\").split(\"/\");\n  if (segments.length !== 3 && segments.length !== 4) {\n    throw new Error(\n      `Invalid ${collection} identifier: ${identifier}. Bad number of segments: ${segments.length}`\n    );\n  }\n\n  if (collection !== segments[1]) {\n    throw new Error(\n      `Invalid ${collection} identifier: ${identifier}. segment [1] should be \"${collection}\", found \"${segments[1]}\"`\n    );\n  }\n\n  const vaultUrl = `${baseUri.protocol}//${baseUri.host}`;\n  const name = segments[2];\n  const version = segments.length === 4 ? segments[3] : undefined;\n  return {\n    vaultUrl,\n    name,\n    version,\n  };\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@azure/keyvault-common",
-  "version": "1.0.0-beta.1",
+  "version": "1.0.0",
   "description": "Common internal functionality for all of the Azure Key Vault clients in the Azure SDK for JavaScript",
   "sdk-type": "client",
   "author": "Microsoft Corporation",
@@ -17,7 +17,7 @@
     "clean": "rimraf dist dist-* temp types *.tgz *.log",
     "execute:samples": "dev-tool samples run samples-dev",
     "extract-api": "tsc -p . && api-extractor run --local",
-    "format": "prettier --write --config ../../../.prettierrc.json --ignore-path ../../../.prettierignore \"src/**/*.ts\" \"test/**/*.ts\" \"samples-dev/**/*.ts\" \"*.{js,json}\"",
+    "format": "prettier --write --config ../../../.prettierrc.json --ignore-path ../../../.prettierignore \"src/**/*.ts\" \"test/**/*.ts\" \"*.{js,json}\"",
     "integration-test:browser": "echo skipped",
     "integration-test:node": "echo skipped",
     "integration-test": "npm run integration-test:node && npm run integration-test:browser",
@@ -74,9 +74,9 @@
     "mocha": "^7.1.1",
     "mocha-junit-reporter": "^2.0.0",
     "nyc": "^15.0.0",
-    "puppeteer": "^14.0.0",
+    "puppeteer": "^19.2.2",
     "sinon": "^9.0.2",
     "source-map-support": "^0.5.9",
-    "typescript": "~4.6.0"
+    "typescript": "~4.8.0"
   }
 }