@trautonen/cdk-dns-validated-certificate 0.0.2

package/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -0,0 +1,40 @@
+# AWS CDK DNS Validated Certificate
+
+CDK does not have a built in construct to manage cross-region or cross-account DNS validated certificates. There's an attempt to work around the issue with a cross region references option for stacks, but it has a lot of issues and still does not solve the cross-account use case.
+
+This construct solves these problems by managing the certificate as a custom resource and with direct API calls to ACM and Route53. In the future it will be possible to support not only Route53, but other DNS services too.
+
+Currently there's a limitation which does not allow using alternative names for the certificate as it would require mapping of different roles to different hosted zones. This API is currently being developed.
+
+## Usage for cross-region validation
+
+```typescript
+// hosted zone managed by the CDK application
+const hostedZone: route53.IHostedZone = ...
+// no separate validation role is needed
+const certificate = new DnsValidatedCertificate(this, 'CrossRegionCertificate', {
+  hostedZone: hostedZone,
+  domainName: 'example.com',     // must be compatible with the hosted zone
+  certificateRegion: 'us-east-1' // used by for example CloudFront
+})
+```
+
+## Usage for cross-account validation
+
+```typescript
+// external hosted zone
+const hostedZone: route53.IHostedZone = route53.HostedZone.fromHostedZoneAttributes(this, 'HostedZone', {
+  hostedZoneId: 'Z532DGDEDFS123456789',
+  zoneName: 'example.com',
+})
+// validation role on the same account as the hosted zone
+const roleArn = 'arn:aws:iam::123456789:role/ChangeDnsRecordsRole'
+const externalId = 'domain-assume'
+const validationRole: iam.IRole = iam.Role.fromRoleArn(this, 'ValidationRole', roleArn)
+const certificate = new DnsValidatedCertificate(this, 'CrossAccountCertificate', {
+  hostedZone: hostedZone,
+  domainName: 'example.com',
+  validationRole: validationRole,
+  validationExternalId: externalId,
+})
+```

package/lib/dns-validated-certificate.d.ts

@@ -0,0 +1,161 @@
+import * as cdk from 'aws-cdk-lib';
+import * as certificatemanager from 'aws-cdk-lib/aws-certificatemanager';
+import * as iam from 'aws-cdk-lib/aws-iam';
+import * as route53 from 'aws-cdk-lib/aws-route53';
+import { Construct } from 'constructs';
+export interface DnsValidatedCertificateProps {
+    /**
+     * Fully-qualified domain name to request a certificate for.
+     *
+     * May contain wildcards, such as ``*.domain.com``.
+     */
+    readonly domainName: string;
+    /**
+     * Hosted zone to use for DNS validation.
+     *
+     * If the hosted zone is not managed by the CDK application, it needs to be provided via
+     * ``HostedZone.fromHostedZoneAttributes()``.
+     */
+    readonly hostedZone: route53.IHostedZone;
+    /**
+     * AWS region where the certificate is deployed.
+     *
+     * You should use the default ``Certificate`` construct instead if the region is same as the stack's and the hosted
+     * zone is in the same account.
+     *
+     * @default - Same region as the stack.
+     */
+    readonly certificateRegion?: string;
+    /**
+     * The role that is used for the custom resource Lambda execution.
+     *
+     * The role is given permissions to request certificates from ACM. If the ``validationRole`` is provided, this role
+     * is also given permission to assume the ``validationRole``. Otherwise it is assumed that the hosted zone is in same
+     * account and the execution role is given permissions to change DNS records for the given ``domainName``.
+     *
+     * @default - Lambda creates a default execution role.
+     */
+    readonly customResourceRole?: iam.IRole;
+    /**
+     * The role that is assumed for DNS record changes for certificate validation.
+     *
+     * This role should exist in the same account as the hosted zone and include permissions to change the DNS records
+     * for the given ``hostedZone``. The ``customResourceRole`` or the default execution role is given permission to
+     * assume this role.
+     *
+     * @default - No separate role for DNS record changes. The given customResourceRole or the default role is used
+     * for DNS record changes.
+     */
+    readonly validationRole?: iam.IRole;
+    /**
+     * External id for ``validationRole`` role assume verification.
+     *
+     * This should be used only when ``validationRole`` is given and the role expects an external id provided on assume.
+     *
+     * @default - No external id provided during assume
+     */
+    readonly validationExternalId?: string;
+    /**
+     * Enable or disable cleaning of validation DNS records from the hosted zone.
+     *
+     * If there's multiple certificates created for same domain, it is possible to encouter a race condition where some
+     * certificate is removed and another certificate would need the same validation record. Prefer single certificate
+     * for a domain or set this to false and cleanup records manually when not needed anymore. If you change this
+     * property after creation, a new certificate will be requested.
+     *
+     * @default true
+     */
+    readonly cleanupValidationRecords?: boolean;
+    /**
+     * Enable or disable transparency logging for this certificate.
+     *
+     * Once a certificate has been logged, it cannot be removed from the log. Opting out at that point will have no
+     * effect. If you change this property after creation, a new certificate will be requested.
+     *
+     * @see https://docs.aws.amazon.com/acm/latest/userguide/acm-bestpractices.html#best-practices-transparency
+     *
+     * @default true
+     */
+    readonly transparencyLoggingEnabled?: boolean;
+    /**
+     * Apply the given removal policy to this resource.
+     *
+     * The removal policy controls what happens to this resource when it stops being managed by CloudFormation, either
+     * because you've removed it from the CDK application or because you've made a change that requires the resource to
+     * be replaced. The resource can be deleted (``RemovalPolicy.DESTROY``), or left in your AWS account for data
+     * recovery and cleanup later (``RemovalPolicy.RETAIN``). If you change this property after creation, a new
+     * certificate will be requested.
+     *
+     * @default RemovalPolicy.DESTROY
+     */
+    readonly removalPolicy?: cdk.RemovalPolicy;
+}
+/**
+ * A certificate managed by AWS Certificate Manager. Will be automatically validated using DNS validation against the
+ * specified Route 53 hosted zone. This construct should be used only for cross-region or cross-account certificate
+ * validations. The default ``Certificate`` construct is better in cases where everything is managed by the CDK
+ * application.
+ *
+ * Please note that this construct does not support alternative names yet as it would require domain to role mapping.
+ *
+ * @example
+ * // # Cross-region certificate validation
+ * // hosted zone managed by the CDK application
+ * const hostedZone: route53.IHostedZone = ...
+ * // no separate validation role is needed
+ * const certificate = new DnsValidatedCertificate(this, 'CrossRegionCertificate', {
+ *   hostedZone: hostedZone,
+ *   domainName: 'example.com',     // must be compatible with the hosted zone
+ *   certificateRegion: 'us-east-1' // used by for example CloudFront
+ * })
+ * // # Cross-account certificate validation
+ * // external hosted zone
+ * const hostedZone: route53.IHostedZone =
+ *   route53.HostedZone.fromHostedZoneAttributes(this, 'HostedZone', {
+ *     hostedZoneId: 'Z532DGDEDFS123456789',
+ *     zoneName: 'example.com'
+ *   })
+ * // validation role on the same account as the hosted zone
+ * const roleArn = 'arn:aws:iam::123456789:role/ChangeDnsRecordsRole'
+ * const externalId = 'domain-assume'
+ * const validationRole: iam.IRole =
+ *   iam.Role.fromRoleArn(this, 'ValidationRole', roleArn)
+ * const certificate = new DnsValidatedCertificate(this, 'CrossAccountCertificate', {
+ *   hostedZone: hostedZone,
+ *   domainName: 'example.com',
+ *   validationRole: validationRole,
+     validationExternalId: externalId
+ * })
+ *
+ * @resource Custom::DnsValidatedCertificate
+ * @resource AWS::CertificateManager::Certificate
+ */
+export declare class DnsValidatedCertificate extends cdk.Resource implements certificatemanager.ICertificate, cdk.ITaggable {
+    /** The certificate's ARN */
+    readonly certificateArn: string;
+    /** The region where the certificate is deployed to */
+    readonly certificateRegion: string;
+    /** The hosted zone identifier authoritative for the certificate */
+    readonly hostedZoneId: string;
+    /** The hosted zone name authoritative for the certificate */
+    readonly hostedZoneName: string;
+    /** The domain name included in the certificate */
+    readonly domainName: string;
+    /** The tag manager to set, remove and format tags for the certificate  */
+    readonly tags: cdk.TagManager;
+    /** The removal policy for the certificate */
+    private removalPolicy;
+    /**
+     * Creates an instance of DnsValidatedCertificate construct.
+     *
+     * @param scope construct hosting this construct
+     * @param id construct's identifier
+     * @param props properties for the construct
+     */
+    constructor(scope: Construct, id: string, props: DnsValidatedCertificateProps);
+    metricDaysToExpiry(props?: cdk.aws_cloudwatch.MetricOptions | undefined): cdk.aws_cloudwatch.Metric;
+    applyRemovalPolicy(policy: cdk.RemovalPolicy): void;
+    private normalizeDomainName;
+    private normalizeHostedZoneId;
+    private validateDomainToHostedZone;
+}

package/lib/dns-validated-certificate.js

@@ -0,0 +1,179 @@
+"use strict";
+var _a;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DnsValidatedCertificate = void 0;
+const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
+const path = require("path");
+const cdk = require("aws-cdk-lib");
+const cloudwatch = require("aws-cdk-lib/aws-cloudwatch");
+const iam = require("aws-cdk-lib/aws-iam");
+const lambda = require("aws-cdk-lib/aws-lambda");
+const lambda_nodejs = require("aws-cdk-lib/aws-lambda-nodejs");
+const custom_resources = require("aws-cdk-lib/custom-resources");
+const DNS_VALIDATED_CERTIFICATE_TYPE = 'Custom::DnsValidatedCertificate';
+const CERTTIFICATE_RESOURCE_TYPE = 'AWS::CertificateManager::Certificate';
+/**
+ * A certificate managed by AWS Certificate Manager. Will be automatically validated using DNS validation against the
+ * specified Route 53 hosted zone. This construct should be used only for cross-region or cross-account certificate
+ * validations. The default ``Certificate`` construct is better in cases where everything is managed by the CDK
+ * application.
+ *
+ * Please note that this construct does not support alternative names yet as it would require domain to role mapping.
+ *
+ * @example
+ * // # Cross-region certificate validation
+ * // hosted zone managed by the CDK application
+ * const hostedZone: route53.IHostedZone = ...
+ * // no separate validation role is needed
+ * const certificate = new DnsValidatedCertificate(this, 'CrossRegionCertificate', {
+ *   hostedZone: hostedZone,
+ *   domainName: 'example.com',     // must be compatible with the hosted zone
+ *   certificateRegion: 'us-east-1' // used by for example CloudFront
+ * })
+ * // # Cross-account certificate validation
+ * // external hosted zone
+ * const hostedZone: route53.IHostedZone =
+ *   route53.HostedZone.fromHostedZoneAttributes(this, 'HostedZone', {
+ *     hostedZoneId: 'Z532DGDEDFS123456789',
+ *     zoneName: 'example.com'
+ *   })
+ * // validation role on the same account as the hosted zone
+ * const roleArn = 'arn:aws:iam::123456789:role/ChangeDnsRecordsRole'
+ * const externalId = 'domain-assume'
+ * const validationRole: iam.IRole =
+ *   iam.Role.fromRoleArn(this, 'ValidationRole', roleArn)
+ * const certificate = new DnsValidatedCertificate(this, 'CrossAccountCertificate', {
+ *   hostedZone: hostedZone,
+ *   domainName: 'example.com',
+ *   validationRole: validationRole,
+     validationExternalId: externalId
+ * })
+ *
+ * @resource Custom::DnsValidatedCertificate
+ * @resource AWS::CertificateManager::Certificate
+ */
+class DnsValidatedCertificate extends cdk.Resource {
+    /**
+     * Creates an instance of DnsValidatedCertificate construct.
+     *
+     * @param scope construct hosting this construct
+     * @param id construct's identifier
+     * @param props properties for the construct
+     */
+    constructor(scope, id, props) {
+        super(scope, id);
+        this.domainName = this.normalizeDomainName(props.domainName);
+        this.hostedZoneId = this.normalizeHostedZoneId(props.hostedZone.hostedZoneId);
+        this.hostedZoneName = this.normalizeDomainName(props.hostedZone.zoneName);
+        this.certificateRegion = props.certificateRegion ?? this.stack.region;
+        this.tags = new cdk.TagManager(cdk.TagType.MAP, CERTTIFICATE_RESOURCE_TYPE);
+        this.removalPolicy = props.removalPolicy ?? cdk.RemovalPolicy.DESTROY;
+        const requestorFunction = new lambda_nodejs.NodejsFunction(this, 'RequestorFunction', {
+            entry: path.join(__dirname, 'lambda', 'handler.ts'),
+            runtime: lambda.Runtime.NODEJS_18_X,
+            architecture: lambda.Architecture.ARM_64,
+            timeout: cdk.Duration.minutes(14),
+            role: props.customResourceRole,
+        });
+        requestorFunction.addToRolePolicy(new iam.PolicyStatement({
+            effect: iam.Effect.ALLOW,
+            actions: [
+                'acm:RequestCertificate',
+                'acm:DescribeCertificate',
+                'acm:DeleteCertificate',
+                'acm:AddTagsToCertificate',
+            ],
+            resources: ['*'],
+        }));
+        if (props.validationRole) {
+            requestorFunction.addToRolePolicy(new iam.PolicyStatement({
+                effect: iam.Effect.ALLOW,
+                actions: ['sts:AssumeRole'],
+                resources: [props.validationRole.roleArn],
+            }));
+        }
+        else {
+            requestorFunction.addToRolePolicy(new iam.PolicyStatement({
+                actions: ['route53:GetChange'],
+                resources: ['*'],
+            }));
+            requestorFunction.addToRolePolicy(new iam.PolicyStatement({
+                actions: ['route53:changeResourceRecordSets'],
+                resources: [`arn:aws:route53:::hostedzone/${this.hostedZoneId}`],
+                conditions: {
+                    'ForAllValues:StringEquals': {
+                        'route53:ChangeResourceRecordSetsRecordTypes': ['CNAME'],
+                        'route53:ChangeResourceRecordSetsActions': ['UPSERT', 'DELETE'],
+                    },
+                    'ForAllValues:StringLike': {
+                        'route53:ChangeResourceRecordSetsNormalizedRecordNames': [this.domainName],
+                    },
+                },
+            }));
+        }
+        const requestorProvider = new custom_resources.Provider(this, 'RequestorProvider', {
+            onEventHandler: requestorFunction,
+        });
+        const properties = {
+            HostedZoneId: this.hostedZoneId,
+            DomainName: this.domainName,
+            CertificateRegion: this.certificateRegion,
+            SubjectAlternativeNames: undefined,
+            ValidationRoleArn: props.validationRole?.roleArn,
+            ValidationExternalId: props.validationExternalId,
+            CleanupValidationRecords: props.cleanupValidationRecords ?? true,
+            TransparencyLoggingEnabled: props.transparencyLoggingEnabled ?? true,
+            Tags: cdk.Lazy.any({ produce: () => this.tags.renderTags() }),
+            RemovalPolicy: cdk.Lazy.string({ produce: () => this.removalPolicy }),
+        };
+        const certificate = new cdk.CustomResource(this, 'RequestorResource', {
+            serviceToken: requestorProvider.serviceToken,
+            resourceType: DNS_VALIDATED_CERTIFICATE_TYPE,
+            properties,
+        });
+        this.certificateArn = certificate.getAttString('Arn');
+        this.node.addValidation({ validate: () => this.validateDomainToHostedZone(this.domainName, this.hostedZoneName) });
+    }
+    metricDaysToExpiry(props) {
+        return new cloudwatch.Metric({
+            period: cdk.Duration.days(1),
+            ...props,
+            dimensionsMap: { CertificateArn: this.certificateArn },
+            metricName: 'DaysToExpiry',
+            namespace: 'AWS/CertificateManager',
+            region: this.certificateRegion,
+            statistic: cloudwatch.Stats.MINIMUM,
+        });
+    }
+    applyRemovalPolicy(policy) {
+        this.removalPolicy = policy;
+    }
+    normalizeDomainName(domainName) {
+        if (cdk.Token.isUnresolved(domainName)) {
+            return domainName;
+        }
+        if (domainName.endsWith('.')) {
+            return domainName.slice(0, -1);
+        }
+        return domainName;
+    }
+    normalizeHostedZoneId(hostedZoneId) {
+        if (cdk.Token.isUnresolved(hostedZoneId)) {
+            return hostedZoneId;
+        }
+        return hostedZoneId.replace(/^\/hostedzone\//, '');
+    }
+    validateDomainToHostedZone(domainName, hostedZoneName) {
+        if (cdk.Token.isUnresolved(domainName) || cdk.Token.isUnresolved(hostedZoneName)) {
+            return [];
+        }
+        if (domainName !== hostedZoneName && !domainName.endsWith(`.${hostedZoneName}`)) {
+            return [`Hosted zone ${hostedZoneName} is not authoritative for certificate domain name ${domainName}`];
+        }
+        return [];
+    }
+}
+_a = JSII_RTTI_SYMBOL_1;
+DnsValidatedCertificate[_a] = { fqn: "@trautonen/cdk-dns-validated-certificate.DnsValidatedCertificate", version: "0.0.2" };
+exports.DnsValidatedCertificate = DnsValidatedCertificate;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZG5zLXZhbGlkYXRlZC1jZXJ0aWZpY2F0ZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9kbnMtdmFsaWRhdGVkLWNlcnRpZmljYXRlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsNkJBQTRCO0FBQzVCLG1DQUFrQztBQUVsQyx5REFBd0Q7QUFDeEQsMkNBQTBDO0FBQzFDLGlEQUFnRDtBQUNoRCwrREFBOEQ7QUFFOUQsaUVBQWdFO0FBb0doRSxNQUFNLDhCQUE4QixHQUFHLGlDQUFpQyxDQUFBO0FBQ3hFLE1BQU0sMEJBQTBCLEdBQUcsc0NBQXNDLENBQUE7QUFFekU7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQXVDRztBQUNILE1BQWEsdUJBQXdCLFNBQVEsR0FBRyxDQUFDLFFBQVE7SUFzQnZEOzs7Ozs7T0FNRztJQUNILFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBbUM7UUFDM0UsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQTtRQUVoQixJQUFJLENBQUMsVUFBVSxHQUFHLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLENBQUE7UUFDNUQsSUFBSSxDQUFDLFlBQVksR0FBRyxJQUFJLENBQUMscUJBQXFCLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUMsQ0FBQTtRQUM3RSxJQUFJLENBQUMsY0FBYyxHQUFHLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxDQUFBO1FBQ3pFLElBQUksQ0FBQyxpQkFBaUIsR0FBRyxLQUFLLENBQUMsaUJBQWlCLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUE7UUFDckUsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLEdBQUcsQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxHQUFHLEVBQUUsMEJBQTBCLENBQUMsQ0FBQTtRQUMzRSxJQUFJLENBQUMsYUFBYSxHQUFHLEtBQUssQ0FBQyxhQUFhLElBQUksR0FBRyxDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQUE7UUFFckUsTUFBTSxpQkFBaUIsR0FBRyxJQUFJLGFBQWEsQ0FBQyxjQUFjLENBQUMsSUFBSSxFQUFFLG1CQUFtQixFQUFFO1lBQ3BGLEtBQUssRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxRQUFRLEVBQUUsWUFBWSxDQUFDO1lBQ25ELE9BQU8sRUFBRSxNQUFNLENBQUMsT0FBTyxDQUFDLFdBQVc7WUFDbkMsWUFBWSxFQUFFLE1BQU0sQ0FBQyxZQUFZLENBQUMsTUFBTTtZQUN4QyxPQUFPLEVBQUUsR0FBRyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ2pDLElBQUksRUFBRSxLQUFLLENBQUMsa0JBQWtCO1NBQy9CLENBQUMsQ0FBQTtRQUVGLGlCQUFpQixDQUFDLGVBQWUsQ0FDL0IsSUFBSSxHQUFHLENBQUMsZUFBZSxDQUFDO1lBQ3RCLE1BQU0sRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDLEtBQUs7WUFDeEIsT0FBTyxFQUFFO2dCQUNQLHdCQUF3QjtnQkFDeEIseUJBQXlCO2dCQUN6Qix1QkFBdUI7Z0JBQ3ZCLDBCQUEwQjthQUMzQjtZQUNELFNBQVMsRUFBRSxDQUFDLEdBQUcsQ0FBQztTQUNqQixDQUFDLENBQ0gsQ0FBQTtRQUVELElBQUksS0FBSyxDQUFDLGNBQWMsRUFBRTtZQUN4QixpQkFBaUIsQ0FBQyxlQUFlLENBQy9CLElBQUksR0FBRyxDQUFDLGVBQWUsQ0FBQztnQkFDdEIsTUFBTSxFQUFFLEdBQUcsQ0FBQyxNQUFNLENBQUMsS0FBSztnQkFDeEIsT0FBTyxFQUFFLENBQUMsZ0JBQWdCLENBQUM7Z0JBQzNCLFNBQVMsRUFBRSxDQUFDLEtBQUssQ0FBQyxjQUFjLENBQUMsT0FBTyxDQUFDO2FBQzFDLENBQUMsQ0FDSCxDQUFBO1NBQ0Y7YUFBTTtZQUNMLGlCQUFpQixDQUFDLGVBQWUsQ0FDL0IsSUFBSSxHQUFHLENBQUMsZUFBZSxDQUFDO2dCQUN0QixPQUFPLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQztnQkFDOUIsU0FBUyxFQUFFLENBQUMsR0FBRyxDQUFDO2FBQ2pCLENBQUMsQ0FDSCxDQUFBO1lBRUQsaUJBQWlCLENBQUMsZUFBZSxDQUMvQixJQUFJLEdBQUcsQ0FBQyxlQUFlLENBQUM7Z0JBQ3RCLE9BQU8sRUFBRSxDQUFDLGtDQUFrQyxDQUFDO2dCQUM3QyxTQUFTLEVBQUUsQ0FBQyxnQ0FBZ0MsSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO2dCQUNoRSxVQUFVLEVBQUU7b0JBQ1YsMkJBQTJCLEVBQUU7d0JBQzNCLDZDQUE2QyxFQUFFLENBQUMsT0FBTyxDQUFDO3dCQUN4RCx5Q0FBeUMsRUFBRSxDQUFDLFFBQVEsRUFBRSxRQUFRLENBQUM7cUJBQ2hFO29CQUNELHlCQUF5QixFQUFFO3dCQUN6Qix1REFBdUQsRUFBRSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUM7cUJBQzNFO2lCQUNGO2FBQ0YsQ0FBQyxDQUNILENBQUE7U0FDRjtRQUVELE1BQU0saUJBQWlCLEdBQUcsSUFBSSxnQkFBZ0IsQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLG1CQUFtQixFQUFFO1lBQ2pGLGNBQWMsRUFBRSxpQkFBaUI7U0FDbEMsQ0FBQyxDQUFBO1FBRUYsTUFBTSxVQUFVLEdBQWU7WUFDN0IsWUFBWSxFQUFFLElBQUksQ0FBQyxZQUFZO1lBQy9CLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTtZQUMzQixpQkFBaUIsRUFBRSxJQUFJLENBQUMsaUJBQWlCO1lBQ3pDLHVCQUF1QixFQUFFLFNBQVM7WUFDbEMsaUJBQWlCLEVBQUUsS0FBSyxDQUFDLGNBQWMsRUFBRSxPQUFPO1lBQ2hELG9CQUFvQixFQUFFLEtBQUssQ0FBQyxvQkFBb0I7WUFDaEQsd0JBQXdCLEVBQUUsS0FBSyxDQUFDLHdCQUF3QixJQUFJLElBQUk7WUFDaEUsMEJBQTBCLEVBQUUsS0FBSyxDQUFDLDBCQUEwQixJQUFJLElBQUk7WUFDcEUsSUFBSSxFQUFFLEdBQUcsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsT0FBTyxFQUFFLEdBQUcsRUFBRSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLEVBQUUsQ0FBc0M7WUFDbEcsYUFBYSxFQUFFLEdBQUcsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLEVBQUUsT0FBTyxFQUFFLEdBQUcsRUFBRSxDQUFDLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztTQUN0RSxDQUFBO1FBRUQsTUFBTSxXQUFXLEdBQUcsSUFBSSxHQUFHLENBQUMsY0FBYyxDQUFDLElBQUksRUFBRSxtQkFBbUIsRUFBRTtZQUNwRSxZQUFZLEVBQUUsaUJBQWlCLENBQUMsWUFBWTtZQUM1QyxZQUFZLEVBQUUsOEJBQThCO1lBQzVDLFVBQVU7U0FDWCxDQUFDLENBQUE7UUFFRixJQUFJLENBQUMsY0FBYyxHQUFHLFdBQVcsQ0FBQyxZQUFZLENBQUMsS0FBSyxDQUFDLENBQUE7UUFFckQsSUFBSSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsRUFBRSxRQUFRLEVBQUUsR0FBRyxFQUFFLENBQUMsSUFBSSxDQUFDLDBCQUEwQixDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUFDLGNBQWMsQ0FBQyxFQUFFLENBQUMsQ0FBQTtJQUNwSCxDQUFDO0lBRUQsa0JBQWtCLENBQUMsS0FBb0Q7UUFDckUsT0FBTyxJQUFJLFVBQVUsQ0FBQyxNQUFNLENBQUM7WUFDM0IsTUFBTSxFQUFFLEdBQUcsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztZQUM1QixHQUFHLEtBQUs7WUFDUixhQUFhLEVBQUUsRUFBRSxjQUFjLEVBQUUsSUFBSSxDQUFDLGNBQWMsRUFBRTtZQUN0RCxVQUFVLEVBQUUsY0FBYztZQUMxQixTQUFTLEVBQUUsd0JBQXdCO1lBQ25DLE1BQU0sRUFBRSxJQUFJLENBQUMsaUJBQWlCO1lBQzlCLFNBQVMsRUFBRSxVQUFVLENBQUMsS0FBSyxDQUFDLE9BQU87U0FDcEMsQ0FBQyxDQUFBO0lBQ0osQ0FBQztJQUVELGtCQUFrQixDQUFDLE1BQXlCO1FBQzFDLElBQUksQ0FBQyxhQUFhLEdBQUcsTUFBTSxDQUFBO0lBQzdCLENBQUM7SUFFTyxtQkFBbUIsQ0FBQyxVQUFrQjtRQUM1QyxJQUFJLEdBQUcsQ0FBQyxLQUFLLENBQUMsWUFBWSxDQUFDLFVBQVUsQ0FBQyxFQUFFO1lBQ3RDLE9BQU8sVUFBVSxDQUFBO1NBQ2xCO1FBQ0QsSUFBSSxVQUFVLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxFQUFFO1lBQzVCLE9BQU8sVUFBVSxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQTtTQUMvQjtRQUNELE9BQU8sVUFBVSxDQUFBO0lBQ25CLENBQUM7SUFFTyxxQkFBcUIsQ0FBQyxZQUFvQjtRQUNoRCxJQUFJLEdBQUcsQ0FBQyxLQUFLLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FBQyxFQUFFO1lBQ3hDLE9BQU8sWUFBWSxDQUFBO1NBQ3BCO1FBQ0QsT0FBTyxZQUFZLENBQUMsT0FBTyxDQUFDLGlCQUFpQixFQUFFLEVBQUUsQ0FBQyxDQUFBO0lBQ3BELENBQUM7SUFFTywwQkFBMEIsQ0FBQyxVQUFrQixFQUFFLGNBQXNCO1FBQzNFLElBQUksR0FBRyxDQUFDLEtBQUssQ0FBQyxZQUFZLENBQUMsVUFBVSxDQUFDLElBQUksR0FBRyxDQUFDLEtBQUssQ0FBQyxZQUFZLENBQUMsY0FBYyxDQUFDLEVBQUU7WUFDaEYsT0FBTyxFQUFFLENBQUE7U0FDVjtRQUNELElBQUksVUFBVSxLQUFLLGNBQWMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsSUFBSSxjQUFjLEVBQUUsQ0FBQyxFQUFFO1lBQy9FLE9BQU8sQ0FBQyxlQUFlLGNBQWMscURBQXFELFVBQVUsRUFBRSxDQUFDLENBQUE7U0FDeEc7UUFDRCxPQUFPLEVBQUUsQ0FBQTtJQUNYLENBQUM7Ozs7QUFsS1UsMERBQXVCIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgcGF0aCBmcm9tICdwYXRoJ1xuaW1wb3J0ICogYXMgY2RrIGZyb20gJ2F3cy1jZGstbGliJ1xuaW1wb3J0ICogYXMgY2VydGlmaWNhdGVtYW5hZ2VyIGZyb20gJ2F3cy1jZGstbGliL2F3cy1jZXJ0aWZpY2F0ZW1hbmFnZXInXG5pbXBvcnQgKiBhcyBjbG91ZHdhdGNoIGZyb20gJ2F3cy1jZGstbGliL2F3cy1jbG91ZHdhdGNoJ1xuaW1wb3J0ICogYXMgaWFtIGZyb20gJ2F3cy1jZGstbGliL2F3cy1pYW0nXG5pbXBvcnQgKiBhcyBsYW1iZGEgZnJvbSAnYXdzLWNkay1saWIvYXdzLWxhbWJkYSdcbmltcG9ydCAqIGFzIGxhbWJkYV9ub2RlanMgZnJvbSAnYXdzLWNkay1saWIvYXdzLWxhbWJkYS1ub2RlanMnXG5pbXBvcnQgKiBhcyByb3V0ZTUzIGZyb20gJ2F3cy1jZGstbGliL2F3cy1yb3V0ZTUzJ1xuaW1wb3J0ICogYXMgY3VzdG9tX3Jlc291cmNlcyBmcm9tICdhd3MtY2RrLWxpYi9jdXN0b20tcmVzb3VyY2VzJ1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSAnY29uc3RydWN0cydcbmltcG9ydCB7IFByb3BlcnRpZXMgfSBmcm9tICcuL2xhbWJkYS9oYW5kbGVyJ1xuXG5leHBvcnQgaW50ZXJmYWNlIERuc1ZhbGlkYXRlZENlcnRpZmljYXRlUHJvcHMge1xuICAvKipcbiAgICogRnVsbHktcXVhbGlmaWVkIGRvbWFpbiBuYW1lIHRvIHJlcXVlc3QgYSBjZXJ0aWZpY2F0ZSBmb3IuXG4gICAqXG4gICAqIE1heSBjb250YWluIHdpbGRjYXJkcywgc3VjaCBhcyBgYCouZG9tYWluLmNvbWBgLlxuICAgKi9cbiAgcmVhZG9ubHkgZG9tYWluTmFtZTogc3RyaW5nXG5cbiAgLyoqXG4gICAqIEhvc3RlZCB6b25lIHRvIHVzZSBmb3IgRE5TIHZhbGlkYXRpb24uXG4gICAqXG4gICAqIElmIHRoZSBob3N0ZWQgem9uZSBpcyBub3QgbWFuYWdlZCBieSB0aGUgQ0RLIGFwcGxpY2F0aW9uLCBpdCBuZWVkcyB0byBiZSBwcm92aWRlZCB2aWFcbiAgICogYGBIb3N0ZWRab25lLmZyb21Ib3N0ZWRab25lQXR0cmlidXRlcygpYGAuXG4gICAqL1xuICByZWFkb25seSBob3N0ZWRab25lOiByb3V0ZTUzLklIb3N0ZWRab25lXG5cbiAgLyoqXG4gICAqIEFXUyByZWdpb24gd2hlcmUgdGhlIGNlcnRpZmljYXRlIGlzIGRlcGxveWVkLlxuICAgKlxuICAgKiBZb3Ugc2hvdWxkIHVzZSB0aGUgZGVmYXVsdCBgYENlcnRpZmljYXRlYGAgY29uc3RydWN0IGluc3RlYWQgaWYgdGhlIHJlZ2lvbiBpcyBzYW1lIGFzIHRoZSBzdGFjaydzIGFuZCB0aGUgaG9zdGVkXG4gICAqIHpvbmUgaXMgaW4gdGhlIHNhbWUgYWNjb3VudC5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBTYW1lIHJlZ2lvbiBhcyB0aGUgc3RhY2suXG4gICAqL1xuICByZWFkb25seSBjZXJ0aWZpY2F0ZVJlZ2lvbj86IHN0cmluZ1xuXG4gIC8qKlxuICAgKiBUaGUgcm9sZSB0aGF0IGlzIHVzZWQgZm9yIHRoZSBjdXN0b20gcmVzb3VyY2UgTGFtYmRhIGV4ZWN1dGlvbi5cbiAgICpcbiAgICogVGhlIHJvbGUgaXMgZ2l2ZW4gcGVybWlzc2lvbnMgdG8gcmVxdWVzdCBjZXJ0aWZpY2F0ZXMgZnJvbSBBQ00uIElmIHRoZSBgYHZhbGlkYXRpb25Sb2xlYGAgaXMgcHJvdmlkZWQsIHRoaXMgcm9sZVxuICAgKiBpcyBhbHNvIGdpdmVuIHBlcm1pc3Npb24gdG8gYXNzdW1lIHRoZSBgYHZhbGlkYXRpb25Sb2xlYGAuIE90aGVyd2lzZSBpdCBpcyBhc3N1bWVkIHRoYXQgdGhlIGhvc3RlZCB6b25lIGlzIGluIHNhbWVcbiAgICogYWNjb3VudCBhbmQgdGhlIGV4ZWN1dGlvbiByb2xlIGlzIGdpdmVuIHBlcm1pc3Npb25zIHRvIGNoYW5nZSBETlMgcmVjb3JkcyBmb3IgdGhlIGdpdmVuIGBgZG9tYWluTmFtZWBgLlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIExhbWJkYSBjcmVhdGVzIGEgZGVmYXVsdCBleGVjdXRpb24gcm9sZS5cbiAgICovXG4gIHJlYWRvbmx5IGN1c3RvbVJlc291cmNlUm9sZT86IGlhbS5JUm9sZVxuXG4gIC8qKlxuICAgKiBUaGUgcm9sZSB0aGF0IGlzIGFzc3VtZWQgZm9yIEROUyByZWNvcmQgY2hhbmdlcyBmb3IgY2VydGlmaWNhdGUgdmFsaWRhdGlvbi5cbiAgICpcbiAgICogVGhpcyByb2xlIHNob3VsZCBleGlzdCBpbiB0aGUgc2FtZSBhY2NvdW50IGFzIHRoZSBob3N0ZWQgem9uZSBhbmQgaW5jbHVkZSBwZXJtaXNzaW9ucyB0byBjaGFuZ2UgdGhlIEROUyByZWNvcmRzXG4gICAqIGZvciB0aGUgZ2l2ZW4gYGBob3N0ZWRab25lYGAuIFRoZSBgYGN1c3RvbVJlc291cmNlUm9sZWBgIG9yIHRoZSBkZWZhdWx0IGV4ZWN1dGlvbiByb2xlIGlzIGdpdmVuIHBlcm1pc3Npb24gdG9cbiAgICogYXNzdW1lIHRoaXMgcm9sZS5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBObyBzZXBhcmF0ZSByb2xlIGZvciBETlMgcmVjb3JkIGNoYW5nZXMuIFRoZSBnaXZlbiBjdXN0b21SZXNvdXJjZVJvbGUgb3IgdGhlIGRlZmF1bHQgcm9sZSBpcyB1c2VkXG4gICAqIGZvciBETlMgcmVjb3JkIGNoYW5nZXMuXG4gICAqL1xuICByZWFkb25seSB2YWxpZGF0aW9uUm9sZT86IGlhbS5JUm9sZVxuXG4gIC8qKlxuICAgKiBFeHRlcm5hbCBpZCBmb3IgYGB2YWxpZGF0aW9uUm9sZWBgIHJvbGUgYXNzdW1lIHZlcmlmaWNhdGlvbi5cbiAgICpcbiAgICogVGhpcyBzaG91bGQgYmUgdXNlZCBvbmx5IHdoZW4gYGB2YWxpZGF0aW9uUm9sZWBgIGlzIGdpdmVuIGFuZCB0aGUgcm9sZSBleHBlY3RzIGFuIGV4dGVybmFsIGlkIHByb3ZpZGVkIG9uIGFzc3VtZS5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBObyBleHRlcm5hbCBpZCBwcm92aWRlZCBkdXJpbmcgYXNzdW1lXG4gICAqL1xuICByZWFkb25seSB2YWxpZGF0aW9uRXh0ZXJuYWxJZD86IHN0cmluZ1xuXG4gIC8qKlxuICAgKiBFbmFibGUgb3IgZGlzYWJsZSBjbGVhbmluZyBvZiB2YWxpZGF0aW9uIEROUyByZWNvcmRzIGZyb20gdGhlIGhvc3RlZCB6b25lLlxuICAgKlxuICAgKiBJZiB0aGVyZSdzIG11bHRpcGxlIGNlcnRpZmljYXRlcyBjcmVhdGVkIGZvciBzYW1lIGRvbWFpbiwgaXQgaXMgcG9zc2libGUgdG8gZW5jb3V0ZXIgYSByYWNlIGNvbmRpdGlvbiB3aGVyZSBzb21lXG4gICAqIGNlcnRpZmljYXRlIGlzIHJlbW92ZWQgYW5kIGFub3RoZXIgY2VydGlmaWNhdGUgd291bGQgbmVlZCB0aGUgc2FtZSB2YWxpZGF0aW9uIHJlY29yZC4gUHJlZmVyIHNpbmdsZSBjZXJ0aWZpY2F0ZVxuICAgKiBmb3IgYSBkb21haW4gb3Igc2V0IHRoaXMgdG8gZmFsc2UgYW5kIGNsZWFudXAgcmVjb3JkcyBtYW51YWxseSB3aGVuIG5vdCBuZWVkZWQgYW55bW9yZS4gSWYgeW91IGNoYW5nZSB0aGlzXG4gICAqIHByb3BlcnR5IGFmdGVyIGNyZWF0aW9uLCBhIG5ldyBjZXJ0aWZpY2F0ZSB3aWxsIGJlIHJlcXVlc3RlZC5cbiAgICpcbiAgICogQGRlZmF1bHQgdHJ1ZVxuICAgKi9cbiAgcmVhZG9ubHkgY2xlYW51cFZhbGlkYXRpb25SZWNvcmRzPzogYm9vbGVhblxuXG4gIC8qKlxuICAgKiBFbmFibGUgb3IgZGlzYWJsZSB0cmFuc3BhcmVuY3kgbG9nZ2luZyBmb3IgdGhpcyBjZXJ0aWZpY2F0ZS5cbiAgICpcbiAgICogT25jZSBhIGNlcnRpZmljYXRlIGhhcyBiZWVuIGxvZ2dlZCwgaXQgY2Fubm90IGJlIHJlbW92ZWQgZnJvbSB0aGUgbG9nLiBPcHRpbmcgb3V0IGF0IHRoYXQgcG9pbnQgd2lsbCBoYXZlIG5vXG4gICAqIGVmZmVjdC4gSWYgeW91IGNoYW5nZSB0aGlzIHByb3BlcnR5IGFmdGVyIGNyZWF0aW9uLCBhIG5ldyBjZXJ0aWZpY2F0ZSB3aWxsIGJlIHJlcXVlc3RlZC5cbiAgICpcbiAgICogQHNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vYWNtL2xhdGVzdC91c2VyZ3VpZGUvYWNtLWJlc3RwcmFjdGljZXMuaHRtbCNiZXN0LXByYWN0aWNlcy10cmFuc3BhcmVuY3lcbiAgICpcbiAgICogQGRlZmF1bHQgdHJ1ZVxuICAgKi9cbiAgcmVhZG9ubHkgdHJhbnNwYXJlbmN5TG9nZ2luZ0VuYWJsZWQ/OiBib29sZWFuXG5cbiAgLyoqXG4gICAqIEFwcGx5IHRoZSBnaXZlbiByZW1vdmFsIHBvbGljeSB0byB0aGlzIHJlc291cmNlLlxuICAgKlxuICAgKiBUaGUgcmVtb3ZhbCBwb2xpY3kgY29udHJvbHMgd2hhdCBoYXBwZW5zIHRvIHRoaXMgcmVzb3VyY2Ugd2hlbiBpdCBzdG9wcyBiZWluZyBtYW5hZ2VkIGJ5IENsb3VkRm9ybWF0aW9uLCBlaXRoZXJcbiAgICogYmVjYXVzZSB5b3UndmUgcmVtb3ZlZCBpdCBmcm9tIHRoZSBDREsgYXBwbGljYXRpb24gb3IgYmVjYXVzZSB5b3UndmUgbWFkZSBhIGNoYW5nZSB0aGF0IHJlcXVpcmVzIHRoZSByZXNvdXJjZSB0b1xuICAgKiBiZSByZXBsYWNlZC4gVGhlIHJlc291cmNlIGNhbiBiZSBkZWxldGVkIChgYFJlbW92YWxQb2xpY3kuREVTVFJPWWBgKSwgb3IgbGVmdCBpbiB5b3VyIEFXUyBhY2NvdW50IGZvciBkYXRhXG4gICAqIHJlY292ZXJ5IGFuZCBjbGVhbnVwIGxhdGVyIChgYFJlbW92YWxQb2xpY3kuUkVUQUlOYGApLiBJZiB5b3UgY2hhbmdlIHRoaXMgcHJvcGVydHkgYWZ0ZXIgY3JlYXRpb24sIGEgbmV3XG4gICAqIGNlcnRpZmljYXRlIHdpbGwgYmUgcmVxdWVzdGVkLlxuICAgKlxuICAgKiBAZGVmYXVsdCBSZW1vdmFsUG9saWN5LkRFU1RST1lcbiAgICovXG4gIHJlYWRvbmx5IHJlbW92YWxQb2xpY3k/OiBjZGsuUmVtb3ZhbFBvbGljeVxufVxuXG5jb25zdCBETlNfVkFMSURBVEVEX0NFUlRJRklDQVRFX1RZUEUgPSAnQ3VzdG9tOjpEbnNWYWxpZGF0ZWRDZXJ0aWZpY2F0ZSdcbmNvbnN0IENFUlRUSUZJQ0FURV9SRVNPVVJDRV9UWVBFID0gJ0FXUzo6Q2VydGlmaWNhdGVNYW5hZ2VyOjpDZXJ0aWZpY2F0ZSdcblxuLyoqXG4gKiBBIGNlcnRpZmljYXRlIG1hbmFnZWQgYnkgQVdTIENlcnRpZmljYXRlIE1hbmFnZXIuIFdpbGwgYmUgYXV0b21hdGljYWxseSB2YWxpZGF0ZWQgdXNpbmcgRE5TIHZhbGlkYXRpb24gYWdhaW5zdCB0aGVcbiAqIHNwZWNpZmllZCBSb3V0ZSA1MyBob3N0ZWQgem9uZS4gVGhpcyBjb25zdHJ1Y3Qgc2hvdWxkIGJlIHVzZWQgb25seSBmb3IgY3Jvc3MtcmVnaW9uIG9yIGNyb3NzLWFjY291bnQgY2VydGlmaWNhdGVcbiAqIHZhbGlkYXRpb25zLiBUaGUgZGVmYXVsdCBgYENlcnRpZmljYXRlYGAgY29uc3RydWN0IGlzIGJldHRlciBpbiBjYXNlcyB3aGVyZSBldmVyeXRoaW5nIGlzIG1hbmFnZWQgYnkgdGhlIENES1xuICogYXBwbGljYXRpb24uXG4gKlxuICogUGxlYXNlIG5vdGUgdGhhdCB0aGlzIGNvbnN0cnVjdCBkb2VzIG5vdCBzdXBwb3J0IGFsdGVybmF0aXZlIG5hbWVzIHlldCBhcyBpdCB3b3VsZCByZXF1aXJlIGRvbWFpbiB0byByb2xlIG1hcHBpbmcuXG4gKlxuICogQGV4YW1wbGVcbiAqIC8vICMgQ3Jvc3MtcmVnaW9uIGNlcnRpZmljYXRlIHZhbGlkYXRpb25cbiAqIC8vIGhvc3RlZCB6b25lIG1hbmFnZWQgYnkgdGhlIENESyBhcHBsaWNhdGlvblxuICogY29uc3QgaG9zdGVkWm9uZTogcm91dGU1My5JSG9zdGVkWm9uZSA9IC4uLlxuICogLy8gbm8gc2VwYXJhdGUgdmFsaWRhdGlvbiByb2xlIGlzIG5lZWRlZFxuICogY29uc3QgY2VydGlmaWNhdGUgPSBuZXcgRG5zVmFsaWRhdGVkQ2VydGlmaWNhdGUodGhpcywgJ0Nyb3NzUmVnaW9uQ2VydGlmaWNhdGUnLCB7XG4gKiAgIGhvc3RlZFpvbmU6IGhvc3RlZFpvbmUsXG4gKiAgIGRvbWFpbk5hbWU6ICdleGFtcGxlLmNvbScsICAgICAvLyBtdXN0IGJlIGNvbXBhdGlibGUgd2l0aCB0aGUgaG9zdGVkIHpvbmVcbiAqICAgY2VydGlmaWNhdGVSZWdpb246ICd1cy1lYXN0LTEnIC8vIHVzZWQgYnkgZm9yIGV4YW1wbGUgQ2xvdWRGcm9udFxuICogfSlcbiAqIC8vICMgQ3Jvc3MtYWNjb3VudCBjZXJ0aWZpY2F0ZSB2YWxpZGF0aW9uXG4gKiAvLyBleHRlcm5hbCBob3N0ZWQgem9uZVxuICogY29uc3QgaG9zdGVkWm9uZTogcm91dGU1My5JSG9zdGVkWm9uZSA9XG4gKiAgIHJvdXRlNTMuSG9zdGVkWm9uZS5mcm9tSG9zdGVkWm9uZUF0dHJpYnV0ZXModGhpcywgJ0hvc3RlZFpvbmUnLCB7XG4gKiAgICAgaG9zdGVkWm9uZUlkOiAnWjUzMkRHREVERlMxMjM0NTY3ODknLFxuICogICAgIHpvbmVOYW1lOiAnZXhhbXBsZS5jb20nXG4gKiAgIH0pXG4gKiAvLyB2YWxpZGF0aW9uIHJvbGUgb24gdGhlIHNhbWUgYWNjb3VudCBhcyB0aGUgaG9zdGVkIHpvbmVcbiAqIGNvbnN0IHJvbGVBcm4gPSAnYXJuOmF3czppYW06OjEyMzQ1Njc4OTpyb2xlL0NoYW5nZURuc1JlY29yZHNSb2xlJ1xuICogY29uc3QgZXh0ZXJuYWxJZCA9ICdkb21haW4tYXNzdW1lJ1xuICogY29uc3QgdmFsaWRhdGlvblJvbGU6IGlhbS5JUm9sZSA9XG4gKiAgIGlhbS5Sb2xlLmZyb21Sb2xlQXJuKHRoaXMsICdWYWxpZGF0aW9uUm9sZScsIHJvbGVBcm4pXG4gKiBjb25zdCBjZXJ0aWZpY2F0ZSA9IG5ldyBEbnNWYWxpZGF0ZWRDZXJ0aWZpY2F0ZSh0aGlzLCAnQ3Jvc3NBY2NvdW50Q2VydGlmaWNhdGUnLCB7XG4gKiAgIGhvc3RlZFpvbmU6IGhvc3RlZFpvbmUsXG4gKiAgIGRvbWFpbk5hbWU6ICdleGFtcGxlLmNvbScsXG4gKiAgIHZhbGlkYXRpb25Sb2xlOiB2YWxpZGF0aW9uUm9sZSxcbiAgICAgdmFsaWRhdGlvbkV4dGVybmFsSWQ6IGV4dGVybmFsSWRcbiAqIH0pXG4gKlxuICogQHJlc291cmNlIEN1c3RvbTo6RG5zVmFsaWRhdGVkQ2VydGlmaWNhdGVcbiAqIEByZXNvdXJjZSBBV1M6OkNlcnRpZmljYXRlTWFuYWdlcjo6Q2VydGlmaWNhdGVcbiAqL1xuZXhwb3J0IGNsYXNzIERuc1ZhbGlkYXRlZENlcnRpZmljYXRlIGV4dGVuZHMgY2RrLlJlc291cmNlIGltcGxlbWVudHMgY2VydGlmaWNhdGVtYW5hZ2VyLklDZXJ0aWZpY2F0ZSwgY2RrLklUYWdnYWJsZSB7XG4gIC8qKiBUaGUgY2VydGlmaWNhdGUncyBBUk4gKi9cbiAgcHVibGljIHJlYWRvbmx5IGNlcnRpZmljYXRlQXJuOiBzdHJpbmdcblxuICAvKiogVGhlIHJlZ2lvbiB3aGVyZSB0aGUgY2VydGlmaWNhdGUgaXMgZGVwbG95ZWQgdG8gKi9cbiAgcHVibGljIHJlYWRvbmx5IGNlcnRpZmljYXRlUmVnaW9uOiBzdHJpbmdcblxuICAvKiogVGhlIGhvc3RlZCB6b25lIGlkZW50aWZpZXIgYXV0aG9yaXRhdGl2ZSBmb3IgdGhlIGNlcnRpZmljYXRlICovXG4gIHB1YmxpYyByZWFkb25seSBob3N0ZWRab25lSWQ6IHN0cmluZ1xuXG4gIC8qKiBUaGUgaG9zdGVkIHpvbmUgbmFtZSBhdXRob3JpdGF0aXZlIGZvciB0aGUgY2VydGlmaWNhdGUgKi9cbiAgcHVibGljIHJlYWRvbmx5IGhvc3RlZFpvbmVOYW1lOiBzdHJpbmdcblxuICAvKiogVGhlIGRvbWFpbiBuYW1lIGluY2x1ZGVkIGluIHRoZSBjZXJ0aWZpY2F0ZSAqL1xuICBwdWJsaWMgcmVhZG9ubHkgZG9tYWluTmFtZTogc3RyaW5nXG5cbiAgLyoqIFRoZSB0YWcgbWFuYWdlciB0byBzZXQsIHJlbW92ZSBhbmQgZm9ybWF0IHRhZ3MgZm9yIHRoZSBjZXJ0aWZpY2F0ZSAgKi9cbiAgcHVibGljIHJlYWRvbmx5IHRhZ3M6IGNkay5UYWdNYW5hZ2VyXG5cbiAgLyoqIFRoZSByZW1vdmFsIHBvbGljeSBmb3IgdGhlIGNlcnRpZmljYXRlICovXG4gIHByaXZhdGUgcmVtb3ZhbFBvbGljeTogY2RrLlJlbW92YWxQb2xpY3lcblxuICAvKipcbiAgICogQ3JlYXRlcyBhbiBpbnN0YW5jZSBvZiBEbnNWYWxpZGF0ZWRDZXJ0aWZpY2F0ZSBjb25zdHJ1Y3QuXG4gICAqXG4gICAqIEBwYXJhbSBzY29wZSBjb25zdHJ1Y3QgaG9zdGluZyB0aGlzIGNvbnN0cnVjdFxuICAgKiBAcGFyYW0gaWQgY29uc3RydWN0J3MgaWRlbnRpZmllclxuICAgKiBAcGFyYW0gcHJvcHMgcHJvcGVydGllcyBmb3IgdGhlIGNvbnN0cnVjdFxuICAgKi9cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IERuc1ZhbGlkYXRlZENlcnRpZmljYXRlUHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQpXG5cbiAgICB0aGlzLmRvbWFpbk5hbWUgPSB0aGlzLm5vcm1hbGl6ZURvbWFpbk5hbWUocHJvcHMuZG9tYWluTmFtZSlcbiAgICB0aGlzLmhvc3RlZFpvbmVJZCA9IHRoaXMubm9ybWFsaXplSG9zdGVkWm9uZUlkKHByb3BzLmhvc3RlZFpvbmUuaG9zdGVkWm9uZUlkKVxuICAgIHRoaXMuaG9zdGVkWm9uZU5hbWUgPSB0aGlzLm5vcm1hbGl6ZURvbWFpbk5hbWUocHJvcHMuaG9zdGVkWm9uZS56b25lTmFtZSlcbiAgICB0aGlzLmNlcnRpZmljYXRlUmVnaW9uID0gcHJvcHMuY2VydGlmaWNhdGVSZWdpb24gPz8gdGhpcy5zdGFjay5yZWdpb25cbiAgICB0aGlzLnRhZ3MgPSBuZXcgY2RrLlRhZ01hbmFnZXIoY2RrLlRhZ1R5cGUuTUFQLCBDRVJUVElGSUNBVEVfUkVTT1VSQ0VfVFlQRSlcbiAgICB0aGlzLnJlbW92YWxQb2xpY3kgPSBwcm9wcy5yZW1vdmFsUG9saWN5ID8/IGNkay5SZW1vdmFsUG9saWN5LkRFU1RST1lcblxuICAgIGNvbnN0IHJlcXVlc3RvckZ1bmN0aW9uID0gbmV3IGxhbWJkYV9ub2RlanMuTm9kZWpzRnVuY3Rpb24odGhpcywgJ1JlcXVlc3RvckZ1bmN0aW9uJywge1xuICAgICAgZW50cnk6IHBhdGguam9pbihfX2Rpcm5hbWUsICdsYW1iZGEnLCAnaGFuZGxlci50cycpLFxuICAgICAgcnVudGltZTogbGFtYmRhLlJ1bnRpbWUuTk9ERUpTXzE4X1gsXG4gICAgICBhcmNoaXRlY3R1cmU6IGxhbWJkYS5BcmNoaXRlY3R1cmUuQVJNXzY0LFxuICAgICAgdGltZW91dDogY2RrLkR1cmF0aW9uLm1pbnV0ZXMoMTQpLFxuICAgICAgcm9sZTogcHJvcHMuY3VzdG9tUmVzb3VyY2VSb2xlLFxuICAgIH0pXG5cbiAgICByZXF1ZXN0b3JGdW5jdGlvbi5hZGRUb1JvbGVQb2xpY3koXG4gICAgICBuZXcgaWFtLlBvbGljeVN0YXRlbWVudCh7XG4gICAgICAgIGVmZmVjdDogaWFtLkVmZmVjdC5BTExPVyxcbiAgICAgICAgYWN0aW9uczogW1xuICAgICAgICAgICdhY206UmVxdWVzdENlcnRpZmljYXRlJyxcbiAgICAgICAgICAnYWNtOkRlc2NyaWJlQ2VydGlmaWNhdGUnLFxuICAgICAgICAgICdhY206RGVsZXRlQ2VydGlmaWNhdGUnLFxuICAgICAgICAgICdhY206QWRkVGFnc1RvQ2VydGlmaWNhdGUnLFxuICAgICAgICBdLFxuICAgICAgICByZXNvdXJjZXM6IFsnKiddLFxuICAgICAgfSlcbiAgICApXG5cbiAgICBpZiAocHJvcHMudmFsaWRhdGlvblJvbGUpIHtcbiAgICAgIHJlcXVlc3RvckZ1bmN0aW9uLmFkZFRvUm9sZVBvbGljeShcbiAgICAgICAgbmV3IGlhbS5Qb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICAgIGVmZmVjdDogaWFtLkVmZmVjdC5BTExPVyxcbiAgICAgICAgICBhY3Rpb25zOiBbJ3N0czpBc3N1bWVSb2xlJ10sXG4gICAgICAgICAgcmVzb3VyY2VzOiBbcHJvcHMudmFsaWRhdGlvblJvbGUucm9sZUFybl0sXG4gICAgICAgIH0pXG4gICAgICApXG4gICAgfSBlbHNlIHtcbiAgICAgIHJlcXVlc3RvckZ1bmN0aW9uLmFkZFRvUm9sZVBvbGljeShcbiAgICAgICAgbmV3IGlhbS5Qb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICAgIGFjdGlvbnM6IFsncm91dGU1MzpHZXRDaGFuZ2UnXSxcbiAgICAgICAgICByZXNvdXJjZXM6IFsnKiddLFxuICAgICAgICB9KVxuICAgICAgKVxuXG4gICAgICByZXF1ZXN0b3JGdW5jdGlvbi5hZGRUb1JvbGVQb2xpY3koXG4gICAgICAgIG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBhY3Rpb25zOiBbJ3JvdXRlNTM6Y2hhbmdlUmVzb3VyY2VSZWNvcmRTZXRzJ10sXG4gICAgICAgICAgcmVzb3VyY2VzOiBbYGFybjphd3M6cm91dGU1Mzo6Omhvc3RlZHpvbmUvJHt0aGlzLmhvc3RlZFpvbmVJZH1gXSxcbiAgICAgICAgICBjb25kaXRpb25zOiB7XG4gICAgICAgICAgICAnRm9yQWxsVmFsdWVzOlN0cmluZ0VxdWFscyc6IHtcbiAgICAgICAgICAgICAgJ3JvdXRlNTM6Q2hhbmdlUmVzb3VyY2VSZWNvcmRTZXRzUmVjb3JkVHlwZXMnOiBbJ0NOQU1FJ10sXG4gICAgICAgICAgICAgICdyb3V0ZTUzOkNoYW5nZVJlc291cmNlUmVjb3JkU2V0c0FjdGlvbnMnOiBbJ1VQU0VSVCcsICdERUxFVEUnXSxcbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgICAnRm9yQWxsVmFsdWVzOlN0cmluZ0xpa2UnOiB7XG4gICAgICAgICAgICAgICdyb3V0ZTUzOkNoYW5nZVJlc291cmNlUmVjb3JkU2V0c05vcm1hbGl6ZWRSZWNvcmROYW1lcyc6IFt0aGlzLmRvbWFpbk5hbWVdLFxuICAgICAgICAgICAgfSxcbiAgICAgICAgICB9LFxuICAgICAgICB9KVxuICAgICAgKVxuICAgIH1cblxuICAgIGNvbnN0IHJlcXVlc3RvclByb3ZpZGVyID0gbmV3IGN1c3RvbV9yZXNvdXJjZXMuUHJvdmlkZXIodGhpcywgJ1JlcXVlc3RvclByb3ZpZGVyJywge1xuICAgICAgb25FdmVudEhhbmRsZXI6IHJlcXVlc3RvckZ1bmN0aW9uLFxuICAgIH0pXG5cbiAgICBjb25zdCBwcm9wZXJ0aWVzOiBQcm9wZXJ0aWVzID0ge1xuICAgICAgSG9zdGVkWm9uZUlkOiB0aGlzLmhvc3RlZFpvbmVJZCxcbiAgICAgIERvbWFpbk5hbWU6IHRoaXMuZG9tYWluTmFtZSxcbiAgICAgIENlcnRpZmljYXRlUmVnaW9uOiB0aGlzLmNlcnRpZmljYXRlUmVnaW9uLFxuICAgICAgU3ViamVjdEFsdGVybmF0aXZlTmFtZXM6IHVuZGVmaW5lZCwgLy8gbm90IHN1cHBvcnRlZCB5ZXQgYXMgaXQgcmVxdWlyZXMgcm9sZSB0byBkb21haW4gbWFwcGluZ1xuICAgICAgVmFsaWRhdGlvblJvbGVBcm46IHByb3BzLnZhbGlkYXRpb25Sb2xlPy5yb2xlQXJuLFxuICAgICAgVmFsaWRhdGlvbkV4dGVybmFsSWQ6IHByb3BzLnZhbGlkYXRpb25FeHRlcm5hbElkLFxuICAgICAgQ2xlYW51cFZhbGlkYXRpb25SZWNvcmRzOiBwcm9wcy5jbGVhbnVwVmFsaWRhdGlvblJlY29yZHMgPz8gdHJ1ZSxcbiAgICAgIFRyYW5zcGFyZW5jeUxvZ2dpbmdFbmFibGVkOiBwcm9wcy50cmFuc3BhcmVuY3lMb2dnaW5nRW5hYmxlZCA/PyB0cnVlLFxuICAgICAgVGFnczogY2RrLkxhenkuYW55KHsgcHJvZHVjZTogKCkgPT4gdGhpcy50YWdzLnJlbmRlclRhZ3MoKSB9KSBhcyB1bmtub3duIGFzIFJlY29yZDxzdHJpbmcsIHN0cmluZz4sXG4gICAgICBSZW1vdmFsUG9saWN5OiBjZGsuTGF6eS5zdHJpbmcoeyBwcm9kdWNlOiAoKSA9PiB0aGlzLnJlbW92YWxQb2xpY3kgfSksXG4gICAgfVxuXG4gICAgY29uc3QgY2VydGlmaWNhdGUgPSBuZXcgY2RrLkN1c3RvbVJlc291cmNlKHRoaXMsICdSZXF1ZXN0b3JSZXNvdXJjZScsIHtcbiAgICAgIHNlcnZpY2VUb2tlbjogcmVxdWVzdG9yUHJvdmlkZXIuc2VydmljZVRva2VuLFxuICAgICAgcmVzb3VyY2VUeXBlOiBETlNfVkFMSURBVEVEX0NFUlRJRklDQVRFX1RZUEUsXG4gICAgICBwcm9wZXJ0aWVzLFxuICAgIH0pXG5cbiAgICB0aGlzLmNlcnRpZmljYXRlQXJuID0gY2VydGlmaWNhdGUuZ2V0QXR0U3RyaW5nKCdBcm4nKVxuXG4gICAgdGhpcy5ub2RlLmFkZFZhbGlkYXRpb24oeyB2YWxpZGF0ZTogKCkgPT4gdGhpcy52YWxpZGF0ZURvbWFpblRvSG9zdGVkWm9uZSh0aGlzLmRvbWFpbk5hbWUsIHRoaXMuaG9zdGVkWm9uZU5hbWUpIH0pXG4gIH1cblxuICBtZXRyaWNEYXlzVG9FeHBpcnkocHJvcHM/OiBjZGsuYXdzX2Nsb3Vkd2F0Y2guTWV0cmljT3B0aW9ucyB8IHVuZGVmaW5lZCk6IGNkay5hd3NfY2xvdWR3YXRjaC5NZXRyaWMge1xuICAgIHJldHVybiBuZXcgY2xvdWR3YXRjaC5NZXRyaWMoe1xuICAgICAgcGVyaW9kOiBjZGsuRHVyYXRpb24uZGF5cygxKSxcbiAgICAgIC4uLnByb3BzLFxuICAgICAgZGltZW5zaW9uc01hcDogeyBDZXJ0aWZpY2F0ZUFybjogdGhpcy5jZXJ0aWZpY2F0ZUFybiB9LFxuICAgICAgbWV0cmljTmFtZTogJ0RheXNUb0V4cGlyeScsXG4gICAgICBuYW1lc3BhY2U6ICdBV1MvQ2VydGlmaWNhdGVNYW5hZ2VyJyxcbiAgICAgIHJlZ2lvbjogdGhpcy5jZXJ0aWZpY2F0ZVJlZ2lvbixcbiAgICAgIHN0YXRpc3RpYzogY2xvdWR3YXRjaC5TdGF0cy5NSU5JTVVNLFxuICAgIH0pXG4gIH1cblxuICBhcHBseVJlbW92YWxQb2xpY3kocG9saWN5OiBjZGsuUmVtb3ZhbFBvbGljeSk6IHZvaWQge1xuICAgIHRoaXMucmVtb3ZhbFBvbGljeSA9IHBvbGljeVxuICB9XG5cbiAgcHJpdmF0ZSBub3JtYWxpemVEb21haW5OYW1lKGRvbWFpbk5hbWU6IHN0cmluZyk6IHN0cmluZyB7XG4gICAgaWYgKGNkay5Ub2tlbi5pc1VucmVzb2x2ZWQoZG9tYWluTmFtZSkpIHtcbiAgICAgIHJldHVybiBkb21haW5OYW1lXG4gICAgfVxuICAgIGlmIChkb21haW5OYW1lLmVuZHNXaXRoKCcuJykpIHtcbiAgICAgIHJldHVybiBkb21haW5OYW1lLnNsaWNlKDAsIC0xKVxuICAgIH1cbiAgICByZXR1cm4gZG9tYWluTmFtZVxuICB9XG5cbiAgcHJpdmF0ZSBub3JtYWxpemVIb3N0ZWRab25lSWQoaG9zdGVkWm9uZUlkOiBzdHJpbmcpOiBzdHJpbmcge1xuICAgIGlmIChjZGsuVG9rZW4uaXNVbnJlc29sdmVkKGhvc3RlZFpvbmVJZCkpIHtcbiAgICAgIHJldHVybiBob3N0ZWRab25lSWRcbiAgICB9XG4gICAgcmV0dXJuIGhvc3RlZFpvbmVJZC5yZXBsYWNlKC9eXFwvaG9zdGVkem9uZVxcLy8sICcnKVxuICB9XG5cbiAgcHJpdmF0ZSB2YWxpZGF0ZURvbWFpblRvSG9zdGVkWm9uZShkb21haW5OYW1lOiBzdHJpbmcsIGhvc3RlZFpvbmVOYW1lOiBzdHJpbmcpOiBzdHJpbmdbXSB7XG4gICAgaWYgKGNkay5Ub2tlbi5pc1VucmVzb2x2ZWQoZG9tYWluTmFtZSkgfHwgY2RrLlRva2VuLmlzVW5yZXNvbHZlZChob3N0ZWRab25lTmFtZSkpIHtcbiAgICAgIHJldHVybiBbXVxuICAgIH1cbiAgICBpZiAoZG9tYWluTmFtZSAhPT0gaG9zdGVkWm9uZU5hbWUgJiYgIWRvbWFpbk5hbWUuZW5kc1dpdGgoYC4ke2hvc3RlZFpvbmVOYW1lfWApKSB7XG4gICAgICByZXR1cm4gW2BIb3N0ZWQgem9uZSAke2hvc3RlZFpvbmVOYW1lfSBpcyBub3QgYXV0aG9yaXRhdGl2ZSBmb3IgY2VydGlmaWNhdGUgZG9tYWluIG5hbWUgJHtkb21haW5OYW1lfWBdXG4gICAgfVxuICAgIHJldHVybiBbXVxuICB9XG59XG4iXX0=

package/lib/index.d.ts

@@ -0,0 +1 @@
+export * from './dns-validated-certificate';

package/lib/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./dns-validated-certificate"), exports);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLDhEQUEyQyIsInNvdXJjZXNDb250ZW50IjpbImV4cG9ydCAqIGZyb20gJy4vZG5zLXZhbGlkYXRlZC1jZXJ0aWZpY2F0ZSdcbiJdfQ==