@storacha/encrypt-upload-client 1.1.66 → 1.1.67

package/dist/test/crypto-streaming.spec.js

@@ -1,129 +0,0 @@
-import './setup.js';
-import { test, describe } from 'node:test';
-import assert from 'node:assert';
-import { GenericAesCtrStreamingCrypto } from '../src/crypto/symmetric/generic-aes-ctr-streaming-crypto.js';
-import { createTestFile, streamToUint8Array, } from './helpers/test-file-utils.js';
-// FIXME (fforbeck) - Remove this skip when ready to run streaming crypto tests. It is failing on CI.
-await describe.skip('Streaming Crypto - Core Functionality', async () => {
-    await test('should encrypt and decrypt small files correctly', async () => {
-        const crypto = new GenericAesCtrStreamingCrypto();
-        const testFile = createTestFile(0.01); // 10KB (ultra-small for memory safety)
-        // Encrypt
-        const { key, iv, encryptedStream } = await crypto.encryptStream(testFile);
-        assert(key instanceof Uint8Array, 'Key should be Uint8Array');
-        assert.strictEqual(key.length, 32, 'Key should be 32 bytes');
-        assert(iv instanceof Uint8Array, 'IV should be Uint8Array');
-        assert.strictEqual(iv.length, 16, 'IV should be 16 bytes');
-        // Convert stream to bytes
-        const encryptedBytes = await streamToUint8Array(encryptedStream);
-        assert.strictEqual(encryptedBytes.length, testFile.size, 'Encrypted size should match original');
-        // Decrypt
-        const encryptedForDecrypt = new ReadableStream({
-            start(controller) {
-                controller.enqueue(encryptedBytes);
-                controller.close();
-            },
-        });
-        const decryptedStream = await crypto.decryptStream(encryptedForDecrypt, key, iv);
-        const decryptedBytes = await streamToUint8Array(decryptedStream);
-        // Verify round-trip
-        const originalBytes = new Uint8Array(await testFile.arrayBuffer());
-        assert.deepStrictEqual(decryptedBytes, originalBytes, 'Decrypted should match original');
-        console.log(`✓ Successfully encrypted/decrypted ${testFile.size} bytes`);
-    });
-    await test('should handle edge cases', async () => {
-        const crypto = new GenericAesCtrStreamingCrypto();
-        // Empty file
-        const emptyFile = new Blob([]);
-        const { encryptedStream: emptyEncrypted } = await crypto.encryptStream(emptyFile);
-        const emptyBytes = await streamToUint8Array(emptyEncrypted);
-        assert.strictEqual(emptyBytes.length, 0, 'Empty file should produce empty encrypted data');
-        // Single byte
-        const singleByteFile = new Blob([new Uint8Array([42])]);
-        const { key, iv, encryptedStream } = await crypto.encryptStream(singleByteFile);
-        const encryptedBytes = await streamToUint8Array(encryptedStream);
-        assert.strictEqual(encryptedBytes.length, 1, 'Single byte should produce single encrypted byte');
-        // Decrypt single byte
-        const encryptedForDecrypt = new ReadableStream({
-            start(controller) {
-                controller.enqueue(encryptedBytes);
-                controller.close();
-            },
-        });
-        const decryptedStream = await crypto.decryptStream(encryptedForDecrypt, key, iv);
-        const decryptedBytes = await streamToUint8Array(decryptedStream);
-        assert.deepStrictEqual(decryptedBytes, new Uint8Array([42]), 'Should decrypt to original byte');
-        console.log('✓ Edge cases handled correctly');
-    });
-    await test('should handle medium-sized files without issues', async () => {
-        try {
-            const crypto = new GenericAesCtrStreamingCrypto();
-            // Test with progressively larger files to show streaming works consistently
-            // Reduced sizes for CI stability while still testing streaming functionality
-            const testSizes = [0.5, 1, 2]; // MB
-            for (const sizeMB of testSizes) {
-                console.log(`Testing ${sizeMB}MB file...`);
-                const testFile = createTestFile(sizeMB);
-                const { key, iv, encryptedStream } = await crypto.encryptStream(testFile);
-                // Convert encrypted stream to bytes first
-                const encryptedBytes = await streamToUint8Array(encryptedStream);
-                // Create a new stream from the encrypted bytes for decryption
-                const encryptedForDecrypt = new ReadableStream({
-                    start(controller) {
-                        controller.enqueue(encryptedBytes);
-                        controller.close();
-                    },
-                });
-                const decryptedStream = await crypto.decryptStream(encryptedForDecrypt, key, iv);
-                const decryptedBytes = await streamToUint8Array(decryptedStream);
-                assert.strictEqual(decryptedBytes.length, sizeMB * 1024 * 1024, `Decrypted file size mismatch for ${sizeMB}MB`);
-                console.log(`✓ ${sizeMB}MB file encrypted and decrypted successfully`);
-            }
-            console.log('✓ Medium-sized files handled without issues');
-        }
-        catch (err) {
-            console.error('Test error (type):', typeof err, err && err.constructor && err.constructor.name);
-            console.error('Test error (keys):', err && Object.keys(err));
-            console.error('Test error (string):', String(err));
-            console.log(err);
-            assert.fail('Unable to test medium-sized files');
-        }
-    });
-    await test('should use proper counter arithmetic', async () => {
-        const crypto = new GenericAesCtrStreamingCrypto();
-        // Test counter increment function directly
-        const baseCounter = new Uint8Array([
-            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-        ]);
-        // Increment by 1
-        const counter1 = crypto.incrementCounter(baseCounter, 1);
-        assert.deepStrictEqual(counter1, new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1]), 'Should increment last byte by 1');
-        // Increment by 255
-        const counter255 = crypto.incrementCounter(baseCounter, 255);
-        assert.deepStrictEqual(counter255, new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255]), 'Should increment last byte by 255');
-        // Increment by 256 (should carry)
-        const counter256 = crypto.incrementCounter(baseCounter, 256);
-        assert.deepStrictEqual(counter256, new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0]), 'Should carry to second-to-last byte');
-        console.log('✓ Counter arithmetic works correctly');
-    });
-    await test('should implement complete interface', async () => {
-        const crypto = new GenericAesCtrStreamingCrypto();
-        // Check all required methods exist
-        assert(typeof crypto.generateKey === 'function', 'Should have generateKey method');
-        assert(typeof crypto.encryptStream === 'function', 'Should have encryptStream method');
-        assert(typeof crypto.decryptStream === 'function', 'Should have decryptStream method');
-        assert(typeof crypto.combineKeyAndIV === 'function', 'Should have combineKeyAndIV method');
-        assert(typeof crypto.splitKeyAndIV === 'function', 'Should have splitKeyAndIV method');
-        assert(typeof crypto.incrementCounter === 'function', 'Should have incrementCounter method');
-        // Test combine/split methods
-        const key = await crypto.generateKey();
-        const iv = globalThis.crypto.getRandomValues(new Uint8Array(16));
-        const combined = crypto.combineKeyAndIV(key, iv);
-        assert.strictEqual(combined.length, 48, 'Combined should be 48 bytes (32 key + 16 IV)');
-        const { key: splitKey, iv: splitIV } = crypto.splitKeyAndIV(combined);
-        assert.deepStrictEqual(splitKey, key, 'Split key should match original');
-        assert.deepStrictEqual(splitIV, iv, 'Split IV should match original');
-        console.log('Complete interface implemented correctly');
-    });
-});
-//# sourceMappingURL=crypto-streaming.spec.js.map

package/dist/test/encrypted-metadata.spec.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=encrypted-metadata.spec.d.ts.map

package/dist/test/encrypted-metadata.spec.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"encrypted-metadata.spec.d.ts","sourceRoot":"","sources":["../../test/encrypted-metadata.spec.js"],"names":[],"mappings":""}

package/dist/test/encrypted-metadata.spec.js

@@ -1,68 +0,0 @@
-import assert from 'node:assert';
-import { describe, it } from 'node:test';
-import * as Result from '@storacha/client/result';
-import * as Types from '../src/types.js';
-import { create, extract } from '../src/core/metadata/encrypted-metadata.js';
-import { CID } from 'multiformats';
-/** @type {Types.LitMetadataInput} */
-const encryptedMetadataInput = {
-    encryptedDataCID: 'bafkreids275u5ex6xfw7d4k67afej43c6rhm2kzdox2z6or4jxrndgevae',
-    identityBoundCiphertext: 'mF3OPa9dQ0wO4B1/XylmAV/eaHhLtM3JUPIbS175bvmqGaJUYroyDbsytV29q0cLD4XCpCRfCinntASNg9s730FIM7f4Mw2hVWeJ5g4akFA6BoZoaKgDC5Ln6MOQK5Ymb1y6No7um7Bn4uIIJTYNuUukDQvVxzY8LcRBc2ySR1Md+VSGzmyEgyvHtAI=',
-    plaintextKeyHash: '15f39e9a977cca43f16f3cd25237d711cd8130ff9763197b29df52a198607206',
-    accessControlConditions: [
-        {
-            contractAddress: '',
-            standardContractType: '',
-            chain: 'ethereum',
-            method: '',
-            parameters: [
-                ':currentActionIpfsId',
-                'did:key:z6MktfnQz8Kcz5nsC65oyXWFXhbbAZQavjg6LYuHgv4YbxzN',
-            ],
-            returnValueTest: {
-                comparator: '=',
-                value: 'QmPFrQGo5RAtdSTZ4bkaeDHVGrmy2TeEUwTu4LuVAPHiMd',
-            },
-        },
-    ],
-};
-/** @type {Types.KMSMetadata} */
-const kmsMetadataInput = {
-    encryptedDataCID: CID.parse('bafkreihdwdcefgh4dqkjv67uzcmw7ojee6xedzdetojuzjevtenxquvyku'),
-    encryptedSymmetricKey: 'bXlLTVNLZXlCeXRlcw==', // 'myKMSKeyBytes' in base64 for example
-    space: 'did:key:z6MktfnQz8Kcz5nsC65oyXWFXhbbAZQavjg6LYuHgv4YbxzN',
-    kms: {
-        provider: 'google-kms',
-        keyId: 'test-key',
-        algorithm: 'RSA-OAEP-2048-SHA256',
-    },
-};
-await describe('LitEncrypted Metadata', async () => {
-    await it('should create a valid block content', async () => {
-        const encryptedMetadata = create('lit', encryptedMetadataInput);
-        const block = await encryptedMetadata.archiveBlock();
-        // Encode the block into a CAR file
-        const car = await import('@ucanto/core').then((m) => m.CAR.encode({ roots: [block] }));
-        // Use the extract function to get the JSON object
-        const extractedData = Result.unwrap(extract(car));
-        const extractedDataJson = extractedData.toJSON();
-        assert.equal(extractedDataJson.identityBoundCiphertext, encryptedMetadataInput.identityBoundCiphertext);
-        assert.equal(extractedDataJson.plaintextKeyHash, encryptedMetadataInput.plaintextKeyHash);
-        assert.equal(extractedDataJson.encryptedDataCID, encryptedMetadataInput.encryptedDataCID);
-        assert.deepEqual(extractedDataJson.accessControlConditions, encryptedMetadataInput.accessControlConditions);
-    });
-});
-await describe('KMS Encrypted Metadata', async () => {
-    await it('should create a valid block content', async () => {
-        const kmsMetadata = create('kms', kmsMetadataInput);
-        const block = await kmsMetadata.archiveBlock();
-        const car = await import('@ucanto/core').then((m) => m.CAR.encode({ roots: [block] }));
-        const extractedData = Result.unwrap(extract(car));
-        const extractedDataJson = extractedData.toJSON();
-        assert.equal(extractedDataJson.encryptedSymmetricKey, kmsMetadataInput.encryptedSymmetricKey);
-        assert.equal(extractedDataJson.encryptedDataCID, kmsMetadataInput.encryptedDataCID);
-        assert.equal(extractedDataJson.space, kmsMetadataInput.space);
-        assert.deepEqual(extractedDataJson.kms, kmsMetadataInput.kms);
-    });
-});
-//# sourceMappingURL=encrypted-metadata.spec.js.map

package/dist/test/factories.spec.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=factories.spec.d.ts.map

package/dist/test/factories.spec.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"factories.spec.d.ts","sourceRoot":"","sources":["../../test/factories.spec.js"],"names":[],"mappings":""}

package/dist/test/factories.spec.js

@@ -1,142 +0,0 @@
-import './setup.js';
-import { test, describe } from 'node:test';
-import assert from 'node:assert';
-import { createGenericKMSAdapter, createGenericLitAdapter, createNodeLitAdapter, } from '../src/crypto/factories.node.js';
-import { GenericAesCtrStreamingCrypto } from '../src/crypto/symmetric/generic-aes-ctr-streaming-crypto.js';
-import { NodeAesCbcCrypto } from '../src/crypto/symmetric/node-aes-cbc-crypto.js';
-import { LitCryptoAdapter } from '../src/crypto/adapters/lit-crypto-adapter.js';
-import { KMSCryptoAdapter } from '../src/crypto/adapters/kms-crypto-adapter.js';
-// Mock Lit client for testing
-const mockLitClient = /** @type {any} */ ({
-    connect: () => Promise.resolve(),
-    disconnect: () => Promise.resolve(),
-});
-await describe('Crypto Factory Functions', async () => {
-    await describe('createBrowserLitAdapter', async () => {
-        await test('should create LitCryptoAdapter with streaming crypto', async () => {
-            const adapter = createGenericLitAdapter(mockLitClient);
-            // Verify adapter type
-            assert(adapter instanceof LitCryptoAdapter, 'Should create LitCryptoAdapter instance');
-            // Verify symmetric crypto implementation
-            assert(adapter.symmetricCrypto instanceof GenericAesCtrStreamingCrypto, 'Should use GenericAesCtrStreamingCrypto for browser environment');
-            // Verify lit client is passed through
-            assert.strictEqual(adapter.litClient, mockLitClient, 'Should pass through the lit client');
-        });
-        await test('should create adapter with required interface methods', async () => {
-            const adapter = createGenericLitAdapter(mockLitClient);
-            // Verify adapter has all required methods
-            assert(typeof adapter.encryptStream === 'function', 'Should have encryptStream method');
-            assert(typeof adapter.decryptStream === 'function', 'Should have decryptStream method');
-            assert(typeof adapter.encryptSymmetricKey === 'function', 'Should have encryptSymmetricKey method');
-            assert(typeof adapter.decryptSymmetricKey === 'function', 'Should have decryptSymmetricKey method');
-            assert(typeof adapter.extractEncryptedMetadata === 'function', 'Should have extractEncryptedMetadata method');
-            assert(typeof adapter.getEncryptedKey === 'function', 'Should have getEncryptedKey method');
-        });
-        await test('should handle null or undefined lit client gracefully', async () => {
-            // This should still create the adapter (validation happens at runtime)
-            const adapter = createGenericLitAdapter(/** @type {any} */ (null));
-            assert(adapter instanceof LitCryptoAdapter, 'Should create adapter even with null client');
-        });
-    });
-    await describe('createNodeLitAdapter', async () => {
-        await test('should create LitCryptoAdapter with Node crypto', async () => {
-            const adapter = createNodeLitAdapter(mockLitClient);
-            // Verify adapter type
-            assert(adapter instanceof LitCryptoAdapter, 'Should create LitCryptoAdapter instance');
-            // Verify symmetric crypto implementation
-            assert(adapter.symmetricCrypto instanceof NodeAesCbcCrypto, 'Should use NodeAesCbcCrypto for Node.js environment');
-            // Verify lit client is passed through
-            assert.strictEqual(adapter.litClient, mockLitClient, 'Should pass through the lit client');
-        });
-    });
-    await describe('createBrowserKMSAdapter', async () => {
-        await test('should create KMSCryptoAdapter with streaming crypto', async () => {
-            const keyManagerServiceURL = 'https://gateway.example.com';
-            const keyManagerServiceDID = 'did:web:gateway.example.com';
-            const adapter = createGenericKMSAdapter(keyManagerServiceURL, keyManagerServiceDID);
-            // Verify adapter type
-            assert(adapter instanceof KMSCryptoAdapter, 'Should create KMSCryptoAdapter instance');
-            // Verify symmetric crypto implementation
-            assert(adapter.symmetricCrypto instanceof GenericAesCtrStreamingCrypto, 'Should use GenericAesCtrStreamingCrypto for browser environment');
-            // Verify configuration is passed through
-            assert.strictEqual(adapter.keyManagerServiceURL.toString(), keyManagerServiceURL + '/', 'Should set the key manager service URL');
-            assert.strictEqual(adapter.keyManagerServiceDID.did(), keyManagerServiceDID, 'Should set the key manager service DID');
-        });
-        await test('should accept URL object for gateway URL', async () => {
-            const keyManagerServiceURL = new URL('https://gateway.example.com');
-            const keyManagerServiceDID = 'did:web:gateway.example.com';
-            const adapter = createGenericKMSAdapter(keyManagerServiceURL, keyManagerServiceDID);
-            assert(adapter instanceof KMSCryptoAdapter, 'Should create KMSCryptoAdapter with URL object');
-            assert.strictEqual(adapter.keyManagerServiceURL.toString(), keyManagerServiceURL.toString(), 'Should handle URL object input');
-        });
-        await test('should enforce HTTPS for security', async () => {
-            const httpKeyManagerServiceURL = 'http://insecure.example.com';
-            const keyManagerServiceDID = 'did:web:example.com';
-            assert.throws(() => createGenericKMSAdapter(httpKeyManagerServiceURL, keyManagerServiceDID), /Key manager service must use HTTPS protocol for security/, 'Should reject HTTP URLs for security');
-        });
-        await test('should allow HTTP with explicit insecure option', async () => {
-            // Note: The current implementation doesn't expose options in the factory
-            // but we can test this through direct adapter construction
-            const httpKeyManagerServiceURL = 'http://localhost:3000';
-            const keyManagerServiceDID = 'did:web:localhost';
-            assert.throws(() => createGenericKMSAdapter(httpKeyManagerServiceURL, keyManagerServiceDID), /Key manager service must use HTTPS protocol for security/, 'Should reject HTTP URLs even for localhost by default');
-        });
-        await test('should have all required KMS adapter methods', async () => {
-            const adapter = createGenericKMSAdapter('https://gateway.example.com', 'did:web:gateway.example.com');
-            // Verify adapter has all required methods
-            assert(typeof adapter.encryptStream === 'function', 'Should have encryptStream method');
-            assert(typeof adapter.decryptStream === 'function', 'Should have decryptStream method');
-            assert(typeof adapter.encryptSymmetricKey === 'function', 'Should have encryptSymmetricKey method');
-            assert(typeof adapter.decryptSymmetricKey === 'function', 'Should have decryptSymmetricKey method');
-        });
-    });
-    await describe('Factory Function Consistency', async () => {
-        await test('browser factories should use streaming crypto', async () => {
-            const litAdapter = createGenericLitAdapter(mockLitClient);
-            const kmsAdapter = createGenericKMSAdapter('https://gateway.example.com', 'did:web:gateway.example.com');
-            assert(litAdapter.symmetricCrypto.constructor.name ===
-                'GenericAesCtrStreamingCrypto', 'Browser Lit adapter should use streaming crypto');
-            assert(kmsAdapter.symmetricCrypto.constructor.name ===
-                'GenericAesCtrStreamingCrypto', 'Browser KMS adapter should use streaming crypto');
-        });
-        await test('node factories should use Node crypto', async () => {
-            const litAdapter = createNodeLitAdapter(mockLitClient);
-            assert(litAdapter.symmetricCrypto.constructor.name === 'NodeAesCbcCrypto', 'Node Lit adapter should use Node crypto');
-        });
-        await test('all adapters should implement the same interface', async () => {
-            const adapters = [
-                createGenericLitAdapter(mockLitClient),
-                createNodeLitAdapter(mockLitClient),
-                createGenericKMSAdapter('https://gateway.example.com', 'did:web:gateway.example.com'),
-                createGenericKMSAdapter('https://gateway.example.com', 'did:web:gateway.example.com'),
-            ];
-            const requiredMethods = [
-                'encryptStream',
-                'decryptStream',
-                'encryptSymmetricKey',
-                'decryptSymmetricKey',
-                'extractEncryptedMetadata',
-                'getEncryptedKey',
-            ];
-            for (const adapter of adapters) {
-                for (const method of requiredMethods) {
-                    assert(typeof ( /** @type {any} */(adapter)[method]) === 'function', `${adapter.constructor.name} should have ${method} method`);
-                }
-            }
-        });
-    });
-    await describe('Memory Usage Verification', async () => {
-        await test('browser adapters should use memory-efficient streaming crypto', async () => {
-            const litAdapter = createGenericLitAdapter(mockLitClient);
-            const kmsAdapter = createGenericKMSAdapter('https://gateway.example.com', 'did:web:gateway.example.com');
-            // Verify both use the streaming implementation
-            assert(litAdapter.symmetricCrypto instanceof GenericAesCtrStreamingCrypto, 'Lit adapter should use streaming crypto for memory efficiency');
-            assert(kmsAdapter.symmetricCrypto instanceof GenericAesCtrStreamingCrypto, 'KMS adapter should use streaming crypto for memory efficiency');
-            // Verify they have the streaming characteristics
-            const testBlob = new Blob([new Uint8Array(1024)]); // 1KB test
-            const litResult = await litAdapter.encryptStream(testBlob);
-            assert(litResult.encryptedStream instanceof ReadableStream, 'Should return ReadableStream for streaming');
-        });
-    });
-});
-//# sourceMappingURL=factories.spec.js.map

package/dist/test/file-metadata.spec.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=file-metadata.spec.d.ts.map

package/dist/test/file-metadata.spec.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"file-metadata.spec.d.ts","sourceRoot":"","sources":["../../test/file-metadata.spec.js"],"names":[],"mappings":""}