"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.WSSecurity = void 0;
const crypto = require("crypto");
const utils_1 = require("../utils");
const validPasswordTypes = ['PasswordDigest', 'PasswordText'];
class WSSecurity {
    constructor(username, password, options) {
        options = options || {};
        this._username = username;
        this._password = password;
        this._envelopeKey = 'soap';
        // must account for backward compatibility for passwordType String param as well as object options defaults: passwordType = 'PasswordText', hasTimeStamp = true
        if (typeof options === 'string') {
            this._passwordType = options ? options : 'PasswordText';
            options = {};
        }
        else {
            this._passwordType = options.passwordType ? options.passwordType : 'PasswordText';
        }
        if (validPasswordTypes.indexOf(this._passwordType) === -1) {
            this._passwordType = 'PasswordText';
        }
        this._hasTimeStamp = options.hasTimeStamp || typeof options.hasTimeStamp === 'boolean' ? !!options.hasTimeStamp : true;
        /*jshint eqnull:true */
        if (options.hasNonce != null) {
            this._hasNonce = !!options.hasNonce;
        }
        this._hasTokenCreated = options.hasTokenCreated || typeof options.hasTokenCreated === 'boolean' ? !!options.hasTokenCreated : true;
        if (options.actor != null) {
            this._actor = options.actor;
        }
        if (options.mustUnderstand != null) {
            this._mustUnderstand = !!options.mustUnderstand;
        }
        if (options.envelopeKey) {
            this._envelopeKey = options.envelopeKey;
        }
    }
    toXML() {
        // avoid dependency on date formatting libraries
        function getDate(d) {
            function pad(n) {
                return n < 10 ? '0' + n : n;
            }
            return d.getUTCFullYear() + '-'
                + pad(d.getUTCMonth() + 1) + '-'
                + pad(d.getUTCDate()) + 'T'
                + pad(d.getUTCHours()) + ':'
                + pad(d.getUTCMinutes()) + ':'
                + pad(d.getUTCSeconds()) + 'Z';
        }
        const now = new Date();
        const created = getDate(now);
        let timeStampXml = '';
        if (this._hasTimeStamp) {
            const expires = getDate(new Date(now.getTime() + (1000 * 600)));
            timeStampXml = '<wsu:Timestamp wsu:Id="Timestamp-' + created + '">' +
                '<wsu:Created>' + created + '</wsu:Created>' +
                '<wsu:Expires>' + expires + '</wsu:Expires>' +
                '</wsu:Timestamp>';
        }
        let password;
        let nonce;
        if (this._hasNonce || this._passwordType !== 'PasswordText') {
            // nonce = base64 ( sha1 ( created + random ) )
            const nHash = crypto.createHash('sha1');
            nHash.update(created + Math.random());
            nonce = nHash.digest('base64');
        }
        if (this._passwordType === 'PasswordText') {
            password = '<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">' + (0, utils_1.xmlEscape)(this._password) + '</wsse:Password>';
            if (nonce) {
                password += '<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">' + nonce + '</wsse:Nonce>';
            }
        }
        else {
            /* Specific Testcase for passwordDigest calculation cover this code
            /* istanbul ignore next */
            password = '<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">' + (0, utils_1.passwordDigest)(nonce, created, this._password) + '</wsse:Password>' +
                '<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">' + nonce + '</wsse:Nonce>';
        }
        return '<wsse:Security ' + (this._actor ? `${this._envelopeKey}:actor="${this._actor}" ` : '') +
            (this._mustUnderstand ? `${this._envelopeKey}:mustUnderstand="1" ` : '') +
            'xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">' +
            timeStampXml +
            '<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-' + created + '">' +
            '<wsse:Username>' + (0, utils_1.xmlEscape)(this._username) + '</wsse:Username>' +
            password +
            (this._hasTokenCreated ? '<wsu:Created>' + created + '</wsu:Created>' : '') +
            '</wsse:UsernameToken>' +
            '</wsse:Security>';
    }
}
exports.WSSecurity = WSSecurity;
//# sourceMappingURL=WSSecurity.js.map