browser.js 27 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637
  1. /*
  2. HTTP Hawk Authentication Scheme
  3. Copyright (c) 2012-2014, Eran Hammer <eran@hammer.io>
  4. BSD Licensed
  5. */
  6. // Declare namespace
  7. var hawk = {
  8. internals: {}
  9. };
  10. hawk.client = {
  11. // Generate an Authorization header for a given request
  12. /*
  13. uri: 'http://example.com/resource?a=b' or object generated by hawk.utils.parseUri()
  14. method: HTTP verb (e.g. 'GET', 'POST')
  15. options: {
  16. // Required
  17. credentials: {
  18. id: 'dh37fgj492je',
  19. key: 'aoijedoaijsdlaksjdl',
  20. algorithm: 'sha256' // 'sha1', 'sha256'
  21. },
  22. // Optional
  23. ext: 'application-specific', // Application specific data sent via the ext attribute
  24. timestamp: Date.now() / 1000, // A pre-calculated timestamp in seconds
  25. nonce: '2334f34f', // A pre-generated nonce
  26. localtimeOffsetMsec: 400, // Time offset to sync with server time (ignored if timestamp provided)
  27. payload: '{"some":"payload"}', // UTF-8 encoded string for body hash generation (ignored if hash provided)
  28. contentType: 'application/json', // Payload content-type (ignored if hash provided)
  29. hash: 'U4MKKSmiVxk37JCCrAVIjV=', // Pre-calculated payload hash
  30. app: '24s23423f34dx', // Oz application id
  31. dlg: '234sz34tww3sd' // Oz delegated-by application id
  32. }
  33. */
  34. header: function (uri, method, options) {
  35. var result = {
  36. field: '',
  37. artifacts: {}
  38. };
  39. // Validate inputs
  40. if (!uri || (typeof uri !== 'string' && typeof uri !== 'object') ||
  41. !method || typeof method !== 'string' ||
  42. !options || typeof options !== 'object') {
  43. result.err = 'Invalid argument type';
  44. return result;
  45. }
  46. // Application time
  47. var timestamp = options.timestamp || hawk.utils.now(options.localtimeOffsetMsec);
  48. // Validate credentials
  49. var credentials = options.credentials;
  50. if (!credentials ||
  51. !credentials.id ||
  52. !credentials.key ||
  53. !credentials.algorithm) {
  54. result.err = 'Invalid credentials object';
  55. return result;
  56. }
  57. if (hawk.crypto.algorithms.indexOf(credentials.algorithm) === -1) {
  58. result.err = 'Unknown algorithm';
  59. return result;
  60. }
  61. // Parse URI
  62. if (typeof uri === 'string') {
  63. uri = hawk.utils.parseUri(uri);
  64. }
  65. // Calculate signature
  66. var artifacts = {
  67. ts: timestamp,
  68. nonce: options.nonce || hawk.utils.randomString(6),
  69. method: method,
  70. resource: uri.resource,
  71. host: uri.host,
  72. port: uri.port,
  73. hash: options.hash,
  74. ext: options.ext,
  75. app: options.app,
  76. dlg: options.dlg
  77. };
  78. result.artifacts = artifacts;
  79. // Calculate payload hash
  80. if (!artifacts.hash &&
  81. (options.payload || options.payload === '')) {
  82. artifacts.hash = hawk.crypto.calculatePayloadHash(options.payload, credentials.algorithm, options.contentType);
  83. }
  84. var mac = hawk.crypto.calculateMac('header', credentials, artifacts);
  85. // Construct header
  86. var hasExt = artifacts.ext !== null && artifacts.ext !== undefined && artifacts.ext !== ''; // Other falsey values allowed
  87. var header = 'Hawk id="' + credentials.id +
  88. '", ts="' + artifacts.ts +
  89. '", nonce="' + artifacts.nonce +
  90. (artifacts.hash ? '", hash="' + artifacts.hash : '') +
  91. (hasExt ? '", ext="' + hawk.utils.escapeHeaderAttribute(artifacts.ext) : '') +
  92. '", mac="' + mac + '"';
  93. if (artifacts.app) {
  94. header += ', app="' + artifacts.app +
  95. (artifacts.dlg ? '", dlg="' + artifacts.dlg : '') + '"';
  96. }
  97. result.field = header;
  98. return result;
  99. },
  100. // Generate a bewit value for a given URI
  101. /*
  102. uri: 'http://example.com/resource?a=b'
  103. options: {
  104. // Required
  105. credentials: {
  106. id: 'dh37fgj492je',
  107. key: 'aoijedoaijsdlaksjdl',
  108. algorithm: 'sha256' // 'sha1', 'sha256'
  109. },
  110. ttlSec: 60 * 60, // TTL in seconds
  111. // Optional
  112. ext: 'application-specific', // Application specific data sent via the ext attribute
  113. localtimeOffsetMsec: 400 // Time offset to sync with server time
  114. };
  115. */
  116. bewit: function (uri, options) {
  117. // Validate inputs
  118. if (!uri ||
  119. (typeof uri !== 'string') ||
  120. !options ||
  121. typeof options !== 'object' ||
  122. !options.ttlSec) {
  123. return '';
  124. }
  125. options.ext = (options.ext === null || options.ext === undefined ? '' : options.ext); // Zero is valid value
  126. // Application time
  127. var now = hawk.utils.now(options.localtimeOffsetMsec);
  128. // Validate credentials
  129. var credentials = options.credentials;
  130. if (!credentials ||
  131. !credentials.id ||
  132. !credentials.key ||
  133. !credentials.algorithm) {
  134. return '';
  135. }
  136. if (hawk.crypto.algorithms.indexOf(credentials.algorithm) === -1) {
  137. return '';
  138. }
  139. // Parse URI
  140. uri = hawk.utils.parseUri(uri);
  141. // Calculate signature
  142. var exp = now + options.ttlSec;
  143. var mac = hawk.crypto.calculateMac('bewit', credentials, {
  144. ts: exp,
  145. nonce: '',
  146. method: 'GET',
  147. resource: uri.resource, // Maintain trailing '?' and query params
  148. host: uri.host,
  149. port: uri.port,
  150. ext: options.ext
  151. });
  152. // Construct bewit: id\exp\mac\ext
  153. var bewit = credentials.id + '\\' + exp + '\\' + mac + '\\' + options.ext;
  154. return hawk.utils.base64urlEncode(bewit);
  155. },
  156. // Validate server response
  157. /*
  158. request: object created via 'new XMLHttpRequest()' after response received
  159. artifacts: object received from header().artifacts
  160. options: {
  161. payload: optional payload received
  162. required: specifies if a Server-Authorization header is required. Defaults to 'false'
  163. }
  164. */
  165. authenticate: function (request, credentials, artifacts, options) {
  166. options = options || {};
  167. var getHeader = function (name) {
  168. return request.getResponseHeader ? request.getResponseHeader(name) : request.getHeader(name);
  169. };
  170. var wwwAuthenticate = getHeader('www-authenticate');
  171. if (wwwAuthenticate) {
  172. // Parse HTTP WWW-Authenticate header
  173. var wwwAttributes = hawk.utils.parseAuthorizationHeader(wwwAuthenticate, ['ts', 'tsm', 'error']);
  174. if (!wwwAttributes) {
  175. return false;
  176. }
  177. if (wwwAttributes.ts) {
  178. var tsm = hawk.crypto.calculateTsMac(wwwAttributes.ts, credentials);
  179. if (tsm !== wwwAttributes.tsm) {
  180. return false;
  181. }
  182. hawk.utils.setNtpOffset(wwwAttributes.ts - Math.floor((new Date()).getTime() / 1000)); // Keep offset at 1 second precision
  183. }
  184. }
  185. // Parse HTTP Server-Authorization header
  186. var serverAuthorization = getHeader('server-authorization');
  187. if (!serverAuthorization &&
  188. !options.required) {
  189. return true;
  190. }
  191. var attributes = hawk.utils.parseAuthorizationHeader(serverAuthorization, ['mac', 'ext', 'hash']);
  192. if (!attributes) {
  193. return false;
  194. }
  195. var modArtifacts = {
  196. ts: artifacts.ts,
  197. nonce: artifacts.nonce,
  198. method: artifacts.method,
  199. resource: artifacts.resource,
  200. host: artifacts.host,
  201. port: artifacts.port,
  202. hash: attributes.hash,
  203. ext: attributes.ext,
  204. app: artifacts.app,
  205. dlg: artifacts.dlg
  206. };
  207. var mac = hawk.crypto.calculateMac('response', credentials, modArtifacts);
  208. if (mac !== attributes.mac) {
  209. return false;
  210. }
  211. if (!options.payload &&
  212. options.payload !== '') {
  213. return true;
  214. }
  215. if (!attributes.hash) {
  216. return false;
  217. }
  218. var calculatedHash = hawk.crypto.calculatePayloadHash(options.payload, credentials.algorithm, getHeader('content-type'));
  219. return (calculatedHash === attributes.hash);
  220. },
  221. message: function (host, port, message, options) {
  222. // Validate inputs
  223. if (!host || typeof host !== 'string' ||
  224. !port || typeof port !== 'number' ||
  225. message === null || message === undefined || typeof message !== 'string' ||
  226. !options || typeof options !== 'object') {
  227. return null;
  228. }
  229. // Application time
  230. var timestamp = options.timestamp || hawk.utils.now(options.localtimeOffsetMsec);
  231. // Validate credentials
  232. var credentials = options.credentials;
  233. if (!credentials ||
  234. !credentials.id ||
  235. !credentials.key ||
  236. !credentials.algorithm) {
  237. // Invalid credential object
  238. return null;
  239. }
  240. if (hawk.crypto.algorithms.indexOf(credentials.algorithm) === -1) {
  241. return null;
  242. }
  243. // Calculate signature
  244. var artifacts = {
  245. ts: timestamp,
  246. nonce: options.nonce || hawk.utils.randomString(6),
  247. host: host,
  248. port: port,
  249. hash: hawk.crypto.calculatePayloadHash(message, credentials.algorithm)
  250. };
  251. // Construct authorization
  252. var result = {
  253. id: credentials.id,
  254. ts: artifacts.ts,
  255. nonce: artifacts.nonce,
  256. hash: artifacts.hash,
  257. mac: hawk.crypto.calculateMac('message', credentials, artifacts)
  258. };
  259. return result;
  260. },
  261. authenticateTimestamp: function (message, credentials, updateClock) { // updateClock defaults to true
  262. var tsm = hawk.crypto.calculateTsMac(message.ts, credentials);
  263. if (tsm !== message.tsm) {
  264. return false;
  265. }
  266. if (updateClock !== false) {
  267. hawk.utils.setNtpOffset(message.ts - Math.floor((new Date()).getTime() / 1000)); // Keep offset at 1 second precision
  268. }
  269. return true;
  270. }
  271. };
  272. hawk.crypto = {
  273. headerVersion: '1',
  274. algorithms: ['sha1', 'sha256'],
  275. calculateMac: function (type, credentials, options) {
  276. var normalized = hawk.crypto.generateNormalizedString(type, options);
  277. var hmac = CryptoJS['Hmac' + credentials.algorithm.toUpperCase()](normalized, credentials.key);
  278. return hmac.toString(CryptoJS.enc.Base64);
  279. },
  280. generateNormalizedString: function (type, options) {
  281. var normalized = 'hawk.' + hawk.crypto.headerVersion + '.' + type + '\n' +
  282. options.ts + '\n' +
  283. options.nonce + '\n' +
  284. (options.method || '').toUpperCase() + '\n' +
  285. (options.resource || '') + '\n' +
  286. options.host.toLowerCase() + '\n' +
  287. options.port + '\n' +
  288. (options.hash || '') + '\n';
  289. if (options.ext) {
  290. normalized += options.ext.replace('\\', '\\\\').replace('\n', '\\n');
  291. }
  292. normalized += '\n';
  293. if (options.app) {
  294. normalized += options.app + '\n' +
  295. (options.dlg || '') + '\n';
  296. }
  297. return normalized;
  298. },
  299. calculatePayloadHash: function (payload, algorithm, contentType) {
  300. var hash = CryptoJS.algo[algorithm.toUpperCase()].create();
  301. hash.update('hawk.' + hawk.crypto.headerVersion + '.payload\n');
  302. hash.update(hawk.utils.parseContentType(contentType) + '\n');
  303. hash.update(payload);
  304. hash.update('\n');
  305. return hash.finalize().toString(CryptoJS.enc.Base64);
  306. },
  307. calculateTsMac: function (ts, credentials) {
  308. var hash = CryptoJS['Hmac' + credentials.algorithm.toUpperCase()]('hawk.' + hawk.crypto.headerVersion + '.ts\n' + ts + '\n', credentials.key);
  309. return hash.toString(CryptoJS.enc.Base64);
  310. }
  311. };
  312. // localStorage compatible interface
  313. hawk.internals.LocalStorage = function () {
  314. this._cache = {};
  315. this.length = 0;
  316. this.getItem = function (key) {
  317. return this._cache.hasOwnProperty(key) ? String(this._cache[key]) : null;
  318. };
  319. this.setItem = function (key, value) {
  320. this._cache[key] = String(value);
  321. this.length = Object.keys(this._cache).length;
  322. };
  323. this.removeItem = function (key) {
  324. delete this._cache[key];
  325. this.length = Object.keys(this._cache).length;
  326. };
  327. this.clear = function () {
  328. this._cache = {};
  329. this.length = 0;
  330. };
  331. this.key = function (i) {
  332. return Object.keys(this._cache)[i || 0];
  333. };
  334. };
  335. hawk.utils = {
  336. storage: new hawk.internals.LocalStorage(),
  337. setStorage: function (storage) {
  338. var ntpOffset = hawk.utils.storage.getItem('hawk_ntp_offset');
  339. hawk.utils.storage = storage;
  340. if (ntpOffset) {
  341. hawk.utils.setNtpOffset(ntpOffset);
  342. }
  343. },
  344. setNtpOffset: function (offset) {
  345. try {
  346. hawk.utils.storage.setItem('hawk_ntp_offset', offset);
  347. }
  348. catch (err) {
  349. console.error('[hawk] could not write to storage.');
  350. console.error(err);
  351. }
  352. },
  353. getNtpOffset: function () {
  354. var offset = hawk.utils.storage.getItem('hawk_ntp_offset');
  355. if (!offset) {
  356. return 0;
  357. }
  358. return parseInt(offset, 10);
  359. },
  360. now: function (localtimeOffsetMsec) {
  361. return Math.floor(((new Date()).getTime() + (localtimeOffsetMsec || 0)) / 1000) + hawk.utils.getNtpOffset();
  362. },
  363. escapeHeaderAttribute: function (attribute) {
  364. return attribute.replace(/\\/g, '\\\\').replace(/\"/g, '\\"');
  365. },
  366. parseContentType: function (header) {
  367. if (!header) {
  368. return '';
  369. }
  370. return header.split(';')[0].replace(/^\s+|\s+$/g, '').toLowerCase();
  371. },
  372. parseAuthorizationHeader: function (header, keys) {
  373. if (!header) {
  374. return null;
  375. }
  376. var headerParts = header.match(/^(\w+)(?:\s+(.*))?$/); // Header: scheme[ something]
  377. if (!headerParts) {
  378. return null;
  379. }
  380. var scheme = headerParts[1];
  381. if (scheme.toLowerCase() !== 'hawk') {
  382. return null;
  383. }
  384. var attributesString = headerParts[2];
  385. if (!attributesString) {
  386. return null;
  387. }
  388. var attributes = {};
  389. var verify = attributesString.replace(/(\w+)="([^"\\]*)"\s*(?:,\s*|$)/g, function ($0, $1, $2) {
  390. // Check valid attribute names
  391. if (keys.indexOf($1) === -1) {
  392. return;
  393. }
  394. // Allowed attribute value characters: !#$%&'()*+,-./:;<=>?@[]^_`{|}~ and space, a-z, A-Z, 0-9
  395. if ($2.match(/^[ \w\!#\$%&'\(\)\*\+,\-\.\/\:;<\=>\?@\[\]\^`\{\|\}~]+$/) === null) {
  396. return;
  397. }
  398. // Check for duplicates
  399. if (attributes.hasOwnProperty($1)) {
  400. return;
  401. }
  402. attributes[$1] = $2;
  403. return '';
  404. });
  405. if (verify !== '') {
  406. return null;
  407. }
  408. return attributes;
  409. },
  410. randomString: function (size) {
  411. var randomSource = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
  412. var len = randomSource.length;
  413. var result = [];
  414. for (var i = 0; i < size; ++i) {
  415. result[i] = randomSource[Math.floor(Math.random() * len)];
  416. }
  417. return result.join('');
  418. },
  419. uriRegex: /^([^:]+)\:\/\/(?:[^@]*@)?([^\/:]+)(?:\:(\d+))?([^#]*)(?:#.*)?$/, // scheme://credentials@host:port/resource#fragment
  420. parseUri: function (input) {
  421. var parts = input.match(hawk.utils.uriRegex);
  422. if (!parts) {
  423. return { host: '', port: '', resource: '' };
  424. }
  425. var scheme = parts[1].toLowerCase();
  426. var uri = {
  427. host: parts[2],
  428. port: parts[3] || (scheme === 'http' ? '80' : (scheme === 'https' ? '443' : '')),
  429. resource: parts[4]
  430. };
  431. return uri;
  432. },
  433. base64urlEncode: function (value) {
  434. var wordArray = CryptoJS.enc.Utf8.parse(value);
  435. var encoded = CryptoJS.enc.Base64.stringify(wordArray);
  436. return encoded.replace(/\+/g, '-').replace(/\//g, '_').replace(/\=/g, '');
  437. }
  438. };
  439. // $lab:coverage:off$
  440. /* eslint-disable */
  441. // Based on: Crypto-JS v3.1.2
  442. // Copyright (c) 2009-2013, Jeff Mott. All rights reserved.
  443. // http://code.google.com/p/crypto-js/
  444. // http://code.google.com/p/crypto-js/wiki/License
  445. var CryptoJS = CryptoJS || function (h, r) { var k = {}, l = k.lib = {}, n = function () { }, f = l.Base = { extend: function (a) { n.prototype = this; var b = new n; a && b.mixIn(a); b.hasOwnProperty("init") || (b.init = function () { b.$super.init.apply(this, arguments) }); b.init.prototype = b; b.$super = this; return b }, create: function () { var a = this.extend(); a.init.apply(a, arguments); return a }, init: function () { }, mixIn: function (a) { for (var b in a) a.hasOwnProperty(b) && (this[b] = a[b]); a.hasOwnProperty("toString") && (this.toString = a.toString) }, clone: function () { return this.init.prototype.extend(this) } }, j = l.WordArray = f.extend({ init: function (a, b) { a = this.words = a || []; this.sigBytes = b != r ? b : 4 * a.length }, toString: function (a) { return (a || s).stringify(this) }, concat: function (a) { var b = this.words, d = a.words, c = this.sigBytes; a = a.sigBytes; this.clamp(); if (c % 4) for (var e = 0; e < a; e++) b[c + e >>> 2] |= (d[e >>> 2] >>> 24 - 8 * (e % 4) & 255) << 24 - 8 * ((c + e) % 4); else if (65535 < d.length) for (e = 0; e < a; e += 4) b[c + e >>> 2] = d[e >>> 2]; else b.push.apply(b, d); this.sigBytes += a; return this }, clamp: function () { var a = this.words, b = this.sigBytes; a[b >>> 2] &= 4294967295 << 32 - 8 * (b % 4); a.length = h.ceil(b / 4) }, clone: function () { var a = f.clone.call(this); a.words = this.words.slice(0); return a }, random: function (a) { for (var b = [], d = 0; d < a; d += 4) b.push(4294967296 * h.random() | 0); return new j.init(b, a) } }), m = k.enc = {}, s = m.Hex = { stringify: function (a) { var b = a.words; a = a.sigBytes; for (var d = [], c = 0; c < a; c++) { var e = b[c >>> 2] >>> 24 - 8 * (c % 4) & 255; d.push((e >>> 4).toString(16)); d.push((e & 15).toString(16)) } return d.join("") }, parse: function (a) { for (var b = a.length, d = [], c = 0; c < b; c += 2) d[c >>> 3] |= parseInt(a.substr(c, 2), 16) << 24 - 4 * (c % 8); return new j.init(d, b / 2) } }, p = m.Latin1 = { stringify: function (a) { var b = a.words; a = a.sigBytes; for (var d = [], c = 0; c < a; c++) d.push(String.fromCharCode(b[c >>> 2] >>> 24 - 8 * (c % 4) & 255)); return d.join("") }, parse: function (a) { for (var b = a.length, d = [], c = 0; c < b; c++) d[c >>> 2] |= (a.charCodeAt(c) & 255) << 24 - 8 * (c % 4); return new j.init(d, b) } }, t = m.Utf8 = { stringify: function (a) { try { return decodeURIComponent(escape(p.stringify(a))) } catch (b) { throw Error("Malformed UTF-8 data"); } }, parse: function (a) { return p.parse(unescape(encodeURIComponent(a))) } }, q = l.BufferedBlockAlgorithm = f.extend({ reset: function () { this._data = new j.init; this._nDataBytes = 0 }, _append: function (a) { "string" == typeof a && (a = t.parse(a)); this._data.concat(a); this._nDataBytes += a.sigBytes }, _process: function (a) { var b = this._data, d = b.words, c = b.sigBytes, e = this.blockSize, f = c / (4 * e), f = a ? h.ceil(f) : h.max((f | 0) - this._minBufferSize, 0); a = f * e; c = h.min(4 * a, c); if (a) { for (var g = 0; g < a; g += e) this._doProcessBlock(d, g); g = d.splice(0, a); b.sigBytes -= c } return new j.init(g, c) }, clone: function () { var a = f.clone.call(this); a._data = this._data.clone(); return a }, _minBufferSize: 0 }); l.Hasher = q.extend({ cfg: f.extend(), init: function (a) { this.cfg = this.cfg.extend(a); this.reset() }, reset: function () { q.reset.call(this); this._doReset() }, update: function (a) { this._append(a); this._process(); return this }, finalize: function (a) { a && this._append(a); return this._doFinalize() }, blockSize: 16, _createHelper: function (a) { return function (b, d) { return (new a.init(d)).finalize(b) } }, _createHmacHelper: function (a) { return function (b, d) { return (new u.HMAC.init(a, d)).finalize(b) } } }); var u = k.algo = {}; return k }(Math);
  446. (function () { var k = CryptoJS, b = k.lib, m = b.WordArray, l = b.Hasher, d = [], b = k.algo.SHA1 = l.extend({ _doReset: function () { this._hash = new m.init([1732584193, 4023233417, 2562383102, 271733878, 3285377520]) }, _doProcessBlock: function (n, p) { for (var a = this._hash.words, e = a[0], f = a[1], h = a[2], j = a[3], b = a[4], c = 0; 80 > c; c++) { if (16 > c) d[c] = n[p + c] | 0; else { var g = d[c - 3] ^ d[c - 8] ^ d[c - 14] ^ d[c - 16]; d[c] = g << 1 | g >>> 31 } g = (e << 5 | e >>> 27) + b + d[c]; g = 20 > c ? g + ((f & h | ~f & j) + 1518500249) : 40 > c ? g + ((f ^ h ^ j) + 1859775393) : 60 > c ? g + ((f & h | f & j | h & j) - 1894007588) : g + ((f ^ h ^ j) - 899497514); b = j; j = h; h = f << 30 | f >>> 2; f = e; e = g } a[0] = a[0] + e | 0; a[1] = a[1] + f | 0; a[2] = a[2] + h | 0; a[3] = a[3] + j | 0; a[4] = a[4] + b | 0 }, _doFinalize: function () { var b = this._data, d = b.words, a = 8 * this._nDataBytes, e = 8 * b.sigBytes; d[e >>> 5] |= 128 << 24 - e % 32; d[(e + 64 >>> 9 << 4) + 14] = Math.floor(a / 4294967296); d[(e + 64 >>> 9 << 4) + 15] = a; b.sigBytes = 4 * d.length; this._process(); return this._hash }, clone: function () { var b = l.clone.call(this); b._hash = this._hash.clone(); return b } }); k.SHA1 = l._createHelper(b); k.HmacSHA1 = l._createHmacHelper(b) })();
  447. (function (k) { for (var g = CryptoJS, h = g.lib, v = h.WordArray, j = h.Hasher, h = g.algo, s = [], t = [], u = function (q) { return 4294967296 * (q - (q | 0)) | 0 }, l = 2, b = 0; 64 > b;) { var d; a: { d = l; for (var w = k.sqrt(d), r = 2; r <= w; r++) if (!(d % r)) { d = !1; break a } d = !0 } d && (8 > b && (s[b] = u(k.pow(l, 0.5))), t[b] = u(k.pow(l, 1 / 3)), b++); l++ } var n = [], h = h.SHA256 = j.extend({ _doReset: function () { this._hash = new v.init(s.slice(0)) }, _doProcessBlock: function (q, h) { for (var a = this._hash.words, c = a[0], d = a[1], b = a[2], k = a[3], f = a[4], g = a[5], j = a[6], l = a[7], e = 0; 64 > e; e++) { if (16 > e) n[e] = q[h + e] | 0; else { var m = n[e - 15], p = n[e - 2]; n[e] = ((m << 25 | m >>> 7) ^ (m << 14 | m >>> 18) ^ m >>> 3) + n[e - 7] + ((p << 15 | p >>> 17) ^ (p << 13 | p >>> 19) ^ p >>> 10) + n[e - 16] } m = l + ((f << 26 | f >>> 6) ^ (f << 21 | f >>> 11) ^ (f << 7 | f >>> 25)) + (f & g ^ ~f & j) + t[e] + n[e]; p = ((c << 30 | c >>> 2) ^ (c << 19 | c >>> 13) ^ (c << 10 | c >>> 22)) + (c & d ^ c & b ^ d & b); l = j; j = g; g = f; f = k + m | 0; k = b; b = d; d = c; c = m + p | 0 } a[0] = a[0] + c | 0; a[1] = a[1] + d | 0; a[2] = a[2] + b | 0; a[3] = a[3] + k | 0; a[4] = a[4] + f | 0; a[5] = a[5] + g | 0; a[6] = a[6] + j | 0; a[7] = a[7] + l | 0 }, _doFinalize: function () { var d = this._data, b = d.words, a = 8 * this._nDataBytes, c = 8 * d.sigBytes; b[c >>> 5] |= 128 << 24 - c % 32; b[(c + 64 >>> 9 << 4) + 14] = k.floor(a / 4294967296); b[(c + 64 >>> 9 << 4) + 15] = a; d.sigBytes = 4 * b.length; this._process(); return this._hash }, clone: function () { var b = j.clone.call(this); b._hash = this._hash.clone(); return b } }); g.SHA256 = j._createHelper(h); g.HmacSHA256 = j._createHmacHelper(h) })(Math);
  448. (function () { var c = CryptoJS, k = c.enc.Utf8; c.algo.HMAC = c.lib.Base.extend({ init: function (a, b) { a = this._hasher = new a.init; "string" == typeof b && (b = k.parse(b)); var c = a.blockSize, e = 4 * c; b.sigBytes > e && (b = a.finalize(b)); b.clamp(); for (var f = this._oKey = b.clone(), g = this._iKey = b.clone(), h = f.words, j = g.words, d = 0; d < c; d++) h[d] ^= 1549556828, j[d] ^= 909522486; f.sigBytes = g.sigBytes = e; this.reset() }, reset: function () { var a = this._hasher; a.reset(); a.update(this._iKey) }, update: function (a) { this._hasher.update(a); return this }, finalize: function (a) { var b = this._hasher; a = b.finalize(a); b.reset(); return b.finalize(this._oKey.clone().concat(a)) } }) })();
  449. (function () { var h = CryptoJS, j = h.lib.WordArray; h.enc.Base64 = { stringify: function (b) { var e = b.words, f = b.sigBytes, c = this._map; b.clamp(); b = []; for (var a = 0; a < f; a += 3) for (var d = (e[a >>> 2] >>> 24 - 8 * (a % 4) & 255) << 16 | (e[a + 1 >>> 2] >>> 24 - 8 * ((a + 1) % 4) & 255) << 8 | e[a + 2 >>> 2] >>> 24 - 8 * ((a + 2) % 4) & 255, g = 0; 4 > g && a + 0.75 * g < f; g++) b.push(c.charAt(d >>> 6 * (3 - g) & 63)); if (e = c.charAt(64)) for (; b.length % 4;) b.push(e); return b.join("") }, parse: function (b) { var e = b.length, f = this._map, c = f.charAt(64); c && (c = b.indexOf(c), -1 != c && (e = c)); for (var c = [], a = 0, d = 0; d < e; d++) if (d % 4) { var g = f.indexOf(b.charAt(d - 1)) << 2 * (d % 4), h = f.indexOf(b.charAt(d)) >>> 6 - 2 * (d % 4); c[a >>> 2] |= (g | h) << 24 - 8 * (a % 4); a++ } return j.create(c, a) }, _map: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=" } })();
  450. hawk.crypto.internals = CryptoJS;
  451. // Export if used as a module
  452. if (typeof module !== 'undefined' && module.exports) {
  453. module.exports = hawk;
  454. }
  455. /* eslint-enable */
  456. // $lab:coverage:on$