@webex/internal-plugin-encryption 1.159.4 → 1.160.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config.js.map +1 -1
- package/dist/encryption.js +3 -3
- package/dist/encryption.js.map +1 -1
- package/dist/ensure-buffer.browser.js.map +1 -1
- package/dist/ensure-buffer.js.map +1 -1
- package/dist/index.js +8 -8
- package/dist/index.js.map +1 -1
- package/dist/kms-batcher.js.map +1 -1
- package/dist/kms-certificate-validation.js +3 -1
- package/dist/kms-certificate-validation.js.map +1 -1
- package/dist/kms-dry-error-interceptor.js.map +1 -1
- package/dist/kms-errors.js +1 -1
- package/dist/kms-errors.js.map +1 -1
- package/dist/kms.js +1 -1
- package/dist/kms.js.map +1 -1
- package/package.json +7 -7
package/dist/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"names":["encryption","joseOptions","compact","contentAlg","protect","kmsInitialTimeout","kmsMaxTimeout","ecdhMaxTimeout","batcherWait","batcherMaxCalls","batcherMaxWait"],"sources":["config.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nexport default {\n encryption: {\n joseOptions: {\n compact: true,\n contentAlg: 'A256GCM',\n protect: '*'\n },\n\n /**\n * Initial timeout before contacting KMS with a new request\n * @type {Number}\n */\n kmsInitialTimeout: 6000,\n\n /**\n * Maximum timeout before negotiating a new ECDH key\n * and contacting KMS with a new request\n * @type {Number}\n */\n kmsMaxTimeout: 32000,\n\n /**\n * Maximum timeout after negotiating several ECDH keys\n * @type {Number}\n */\n ecdhMaxTimeout: 32000 * 3,\n\n /**\n * Debounce wait before sending a kms request\n * @type {Number}\n */\n batcherWait: 50,\n\n /**\n * Maximum queue size before sending a kms request\n * @type {Number}\n */\n batcherMaxCalls: 50,\n\n /**\n * Debounce max wait before sending a kms metric\n * @type {Number}\n */\n batcherMaxWait: 150\n }\n};\n"],"mappings":";;;;;;;;;;AAAA;AACA;AACA;eAEe;EACbA,UAAU,EAAE;IACVC,WAAW,EAAE;MACXC,OAAO,EAAE,IADE;MAEXC,UAAU,EAAE,SAFD;MAGXC,OAAO,EAAE;IAHE,CADH;;IAOV;AACJ;AACA;AACA;IACIC,iBAAiB,EAAE,IAXT;;IAaV;AACJ;AACA;AACA;AACA;IACIC,aAAa,EAAE,KAlBL;;IAoBV;AACJ;AACA;AACA;IACIC,cAAc,EAAE,QAAQ,CAxBd;;IA0BV;AACJ;AACA;AACA;IACIC,WAAW,EAAE,EA9BH;;IAgCV;AACJ;AACA;AACA;IACIC,eAAe,EAAE,EApCP;;IAsCV;AACJ;AACA;AACA;IACIC,cAAc,EAAE;EA1CN;AADC,C"}
|
package/dist/encryption.js
CHANGED
|
@@ -42,9 +42,9 @@ var _ensureBuffer = _interopRequireDefault(require("./ensure-buffer"));
|
|
|
42
42
|
|
|
43
43
|
var _kms = _interopRequireDefault(require("./kms"));
|
|
44
44
|
|
|
45
|
-
function ownKeys(object, enumerableOnly) { var keys = _Object$keys(object); if (_Object$getOwnPropertySymbols) { var symbols = _Object$getOwnPropertySymbols(object);
|
|
45
|
+
function ownKeys(object, enumerableOnly) { var keys = _Object$keys(object); if (_Object$getOwnPropertySymbols) { var symbols = _Object$getOwnPropertySymbols(object); enumerableOnly && (symbols = symbols.filter(function (sym) { return _Object$getOwnPropertyDescriptor(object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
|
|
46
46
|
|
|
47
|
-
function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]
|
|
47
|
+
function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? ownKeys(Object(source), !0).forEach(function (key) { (0, _defineProperty2.default)(target, key, source[key]); }) : _Object$getOwnPropertyDescriptors ? _Object$defineProperties(target, _Object$getOwnPropertyDescriptors(source)) : ownKeys(Object(source)).forEach(function (key) { _Object$defineProperty(target, key, _Object$getOwnPropertyDescriptor(source, key)); }); } return target; }
|
|
48
48
|
|
|
49
49
|
var Encryption = _webexCore.WebexPlugin.extend({
|
|
50
50
|
children: {
|
|
@@ -273,7 +273,7 @@ var Encryption = _webexCore.WebexPlugin.extend({
|
|
|
273
273
|
}));
|
|
274
274
|
});
|
|
275
275
|
},
|
|
276
|
-
version: "1.
|
|
276
|
+
version: "1.160.0"
|
|
277
277
|
});
|
|
278
278
|
/**
|
|
279
279
|
* JSON.stringify replacer that ensures private key data is serialized.
|
package/dist/encryption.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["encryption.js"],"names":["Encryption","WebexPlugin","extend","children","kms","KMS","namespace","processKmsMessageEvent","event","decryptBinary","scr","buffer","then","b","length","byteLength","reject","Error","decrypt","decryptScr","key","cipherScr","options","getKey","k","SCR","fromJWE","jwk","decryptText","ciphertext","jose","JWE","createDecrypt","result","plaintext","toString","download","loc","shunt","EventEmitter","promise","_fetchDownloadUrl","uri","method","responseType","ret","request","res","body","logger","info","process","env","NODE_ENV","includes","resolve","inputBody","endpoints","endpointUrl","url","parse","protocol","pathname","format","allow","params","warn","encryptBinary","file","create","encrypt","ensureBuffer","cdata","encryptScr","toJWE","encryptText","createEncrypt","config","joseOptions","header","alg","reference","final","onBehalfOf","asKey","storageKey","unboundedStorage","get","keyString","JSON","keyObject","catch","fetchKey","put","replacer","v","json","toJSON"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAIA;;AACA;;AAEA;;AACA;;AACA;;AACA;;AAEA;;AACA;;;;;;AAEA,IAAMA,UAAU,GAAGC,uBAAYC,MAAZ,CAAmB;AACpCC,EAAAA,QAAQ,EAAE;AACRC,IAAAA,GAAG,EAAEC;AADG,GAD0B;AAKpCC,EAAAA,SAAS,EAAE,YALyB;AAOpCC,EAAAA,sBAPoC,kCAObC,KAPa,EAON;AAC5B,WAAO,KAAKJ,GAAL,CAASG,sBAAT,CAAgCC,KAAhC,CAAP;AACD,GATmC;AAWpCC,EAAAA,aAXoC,yBAWtBC,GAXsB,EAWjBC,MAXiB,EAWT;AACzB,WAAO,2BAAaA,MAAb,EACJC,IADI,CACC,UAACC,CAAD,EAAO;AACX;AACA,UAAIF,MAAM,CAACG,MAAP,KAAkB,CAAlB,IAAuBH,MAAM,CAACI,UAAP,KAAsB,CAAjD,EAAoD;AAClD,eAAO,iBAAQC,MAAR,CAAe,IAAIC,KAAJ,CAAU,yCAAV,CAAf,CAAP;AACD;;AAED,aAAOP,GAAG,CAACQ,OAAJ,CAAYL,CAAZ,CAAP;AACD,KARI,CAAP;AASD,GArBmC;;AAuBpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACEM,EAAAA,UAhCoC,sBAgCzBC,GAhCyB,EAgCpBC,SAhCoB,EAgCTC,OAhCS,EAgCA;AAClC,WAAO,KAAKC,MAAL,CAAYH,GAAZ,EAAiBE,OAAjB,EACJV,IADI,CACC,UAACY,CAAD;AAAA,aAAOC,iBAAIC,OAAJ,CAAYF,CAAC,CAACG,GAAd,EAAmBN,SAAnB,CAAP;AAAA,KADD,CAAP;AAED,GAnCmC;;AAqCpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACEO,EAAAA,WA9CoC,uBA8CxBR,GA9CwB,EA8CnBS,UA9CmB,EA8CPP,OA9CO,EA8CE;AACpC,WAAO,KAAKC,MAAL,CAAYH,GAAZ,EAAiBE,OAAjB,EACJV,IADI,CACC,UAACY,CAAD;AAAA,aAAOM,kBAAKC,GAAL,CACVC,aADU,CACIR,CAAC,CAACG,GADN,EAEVT,OAFU,CAEFW,UAFE,EAGVjB,IAHU,CAGL,UAACqB,MAAD;AAAA,eAAYA,MAAM,CAACC,SAAP,CAAiBC,QAAjB,EAAZ;AAAA,OAHK,CAAP;AAAA,KADD,CAAP;AAKD,GApDmC;;AAsDpC;AACF;AACA;AACA;AACA;AACA;AACA;AACEC,EAAAA,QA7DoC,oBA6D3B1B,GA7D2B,EA6DtBY,OA7DsB,EA6Db;AAAA;;AACrB;AACA,QAAI,CAACZ,GAAG,CAAC2B,GAAT,EAAc;AACZ,aAAO,iBAAQrB,MAAR,CAAe,IAAIC,KAAJ,CAAU,uBAAV,CAAf,CAAP;AACD;;AAED,QAAMqB,KAAK,GAAG,IAAIC,oBAAJ,EAAd;;AACA,QAAMC,OAAO,GAAG,KAAKC,iBAAL,CAAuB/B,GAAvB,EAA4BY,OAA5B,EACbV,IADa,CACR,UAAC8B,GAAD,EAAS;AACb,UAAMpB,OAAO,GAAG;AACdqB,QAAAA,MAAM,EAAE,KADM;AAEdD,QAAAA,GAAG,EAAHA,GAFc;AAGdE,QAAAA,YAAY,EAAE;AAHA,OAAhB;;AAMA,UAAMC,GAAG,GAAG,KAAI,CAACC,OAAL,CAAaxB,OAAb,CAAZ;;AAEA,kCAAe,UAAf,EAA2BA,OAAO,CAACc,QAAnC,EAA6CE,KAA7C;AAEA,aAAOO,GAAP;AACD,KAba,EAcbjC,IAda,CAcR,UAACmC,GAAD;AAAA,aAAS,KAAI,CAACtC,aAAL,CAAmBC,GAAnB,EAAwBqC,GAAG,CAACC,IAA5B,CAAT;AAAA,KAdQ,CAAhB;;AAgBA,6BAAYV,KAAZ,EAAmBE,OAAnB;AAEA,WAAOA,OAAP;AACD,GAvFmC;;AAyFpC;AACF;AACA;AACA;AACA;AACA;AACA;AACEC,EAAAA,iBAhGoC,6BAgGlB/B,GAhGkB,EAgGbY,OAhGa,EAgGJ;AAAA;;AAC9B,SAAK2B,MAAL,CAAYC,IAAZ,CAAiB,wDAAjB;;AAEA,QAAIC,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,YAAzB,IAAyC3C,GAAG,CAAC2B,GAAJ,CAAQiB,QAAR,CAAiB,WAAjB,CAA7C,EAA4E;AAC1E,WAAKL,MAAL,CAAYC,IAAZ,CAAiB,qFAAjB;AAEA,aAAO,iBAAQK,OAAR,CAAgB7C,GAAG,CAAC2B,GAApB,CAAP;AACD;;AAED,QAAMmB,SAAS,GAAG;AAChBC,MAAAA,SAAS,EAAE,CAAC/C,GAAG,CAAC2B,GAAL;AADK,KAAlB;;AAGA,QAAMqB,WAAW,GAAGC,aAAIC,KAAJ,CAAUlD,GAAG,CAAC2B,GAAd,CAApB,CAZ8B,CAc9B;;;AACAqB,IAAAA,WAAW,CAACG,QAAZ,GAAuB,OAAvB;AACAH,IAAAA,WAAW,CAACI,QAAZ,GAAuB,wBAAvB;AAEA,WAAO,KAAKhB,OAAL,CAAa;AAClBH,MAAAA,MAAM,EAAE,MADU;AAElBD,MAAAA,GAAG,EAAEiB,aAAII,MAAJ,CAAWL,WAAX,CAFa;AAGlBV,MAAAA,IAAI,EAAE1B,OAAO,mCACRkC,SADQ;AAEXQ,QAAAA,KAAK,EAAE1C,OAAO,CAAC2C,MAAR,CAAeD;AAFX,WAGTR;AANc,KAAb,EAQJ5C,IARI,CAQC,UAACmC,GAAD,EAAS;AACb,UAAMY,GAAG,GAAGZ,GAAG,CAACC,IAAJ,CAASS,SAAT,CAAmB/C,GAAG,CAAC2B,GAAvB,CAAZ;;AAEA,UAAI,CAACsB,GAAL,EAAU;AACR,QAAA,MAAI,CAACV,MAAL,CAAYiB,IAAZ,CAAiB,uGAAjB;;AAEA,eAAOxD,GAAG,CAAC2B,GAAX;AACD;;AACD,MAAA,MAAI,CAACY,MAAL,CAAYC,IAAZ,CAAiB,uDAAjB;;AAEA,aAAOS,GAAP;AACD,KAnBI,CAAP;AAoBD,GAtImC;AAwIpCQ,EAAAA,aAxIoC,yBAwItBC,IAxIsB,EAwIhB;AAClB,WAAO,2BAAaA,IAAb,EACJxD,IADI,CACC,UAACD,MAAD;AAAA,aAAYc,iBAAI4C,MAAJ,GACfzD,IADe,CACV,UAACF,GAAD;AAAA,eAASA,GAAG,CAAC4D,OAAJ,CAAY3D,MAAZ,EACZC,IADY,CACP2D,qBADO,EAEb;AAFa,SAGZ3D,IAHY,CAGP,UAAC4D,KAAD;AAAA,iBAAY;AAAC9D,YAAAA,GAAG,EAAHA,GAAD;AAAM8D,YAAAA,KAAK,EAALA;AAAN,WAAZ;AAAA,SAHO,CAAT;AAAA,OADU,CAAZ;AAAA,KADD,CAAP;AAMD,GA/ImC;;AAiJpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACEC,EAAAA,UA1JoC,sBA0JzBrD,GA1JyB,EA0JpBV,GA1JoB,EA0JfY,OA1Je,EA0JN;AAC5B;AACA,QAAI,CAACZ,GAAG,CAAC2B,GAAT,EAAc;AACZ,aAAO,iBAAQrB,MAAR,CAAe,IAAIC,KAAJ,CAAU,kDAAV,CAAf,CAAP;AACD;;AAED,WAAO,KAAKM,MAAL,CAAYH,GAAZ,EAAiBE,OAAjB,EACJV,IADI,CACC,UAACY,CAAD;AAAA,aAAOd,GAAG,CAACgE,KAAJ,CAAUlD,CAAC,CAACG,GAAZ,CAAP;AAAA,KADD,CAAP;AAED,GAlKmC;;AAoKpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACEgD,EAAAA,WA7KoC,uBA6KxBvD,GA7KwB,EA6KnBc,SA7KmB,EA6KRZ,OA7KQ,EA6KC;AAAA;;AACnC,WAAO,KAAKC,MAAL,CAAYH,GAAZ,EAAiBE,OAAjB,EACJV,IADI,CACC,UAACY,CAAD;AAAA,aAAOM,kBAAKC,GAAL,CACV6C,aADU,CACI,MAAI,CAACC,MAAL,CAAYC,WADhB,EAC6B;AACtC1D,QAAAA,GAAG,EAAEI,CAAC,CAACG,GAD+B;AAEtCoD,QAAAA,MAAM,EAAE;AACNC,UAAAA,GAAG,EAAE;AADC,SAF8B;AAKtCC,QAAAA,SAAS,EAAE;AAL2B,OAD7B,EAQVC,KARU,CAQJhD,SARI,EAQO,MARP,CAAP;AAAA,KADD,CAAP;AAUD,GAxLmC;;AA0LpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACEX,EAAAA,MAlMoC,kBAkM7BmB,GAlM6B,EAkML;AAAA;;AAAA,mFAAJ,EAAI;AAAA,QAAlByC,UAAkB,QAAlBA,UAAkB;;AAC7B,QAAIzC,GAAG,CAACf,GAAR,EAAa;AACX,aAAO,KAAKvB,GAAL,CAASgF,KAAT,CAAe1C,GAAf,CAAP;AACD;;AAED,QAAI2C,UAAU,GAAG3C,GAAjB;;AAEA,QAAIyC,UAAJ,EAAgB;AACdE,MAAAA,UAAU,0BAAmBF,UAAnB,CAAV;AACD;;AAED,WAAO,KAAKG,gBAAL,CAAsBC,GAAtB,CAA0BF,UAA1B,EACJzE,IADI,CACC,UAAC4E,SAAD;AAAA,aAAeC,IAAI,CAAC7B,KAAL,CAAW4B,SAAX,CAAf;AAAA,KADD,EAEJ5E,IAFI,CAEC,UAAC8E,SAAD;AAAA,aAAe,MAAI,CAACtF,GAAL,CAASgF,KAAT,CAAeM,SAAf,CAAf;AAAA,KAFD,EAGJC,KAHI,CAGE;AAAA,aAAM,MAAI,CAACvF,GAAL,CAASwF,QAAT,CAAkB;AAAClD,QAAAA,GAAG,EAAHA,GAAD;AAAMyC,QAAAA,UAAU,EAAVA;AAAN,OAAlB,EACVvE,IADU,CACL,iBAAI,UAACQ,GAAD;AAAA,eAAS,MAAI,CAACkE,gBAAL,CAAsBO,GAAtB,CAA0BR,UAA1B,EAAsC,wBAAejE,GAAf,EAAoB0E,QAApB,CAAtC,CAAT;AAAA,OAAJ,CADK,CAAN;AAAA,KAHF,CAAP;AAKD,GAlNmC;AAAA;AAAA,CAAnB,CAAnB;AAqNA;AACA;AACA;AACA;AACA;AACA;;;AACA,SAASA,QAAT,CAAkBtE,CAAlB,EAAqBuE,CAArB,EAAwB;AACtB,MAAIvE,CAAC,KAAK,KAAV,EAAiB;AACf;AACA;AACA,QAAMwE,IAAI,GAAG,KAAKxE,CAAL,EAAQyE,MAAR,CAAe,IAAf,CAAb;AAEA,WAAOD,IAAP;AACD;;AAED,SAAOD,CAAP;AACD;;eAEc/F,U","sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {EventEmitter} from 'events';\nimport url from 'url';\n\nimport {WebexPlugin} from '@webex/webex-core';\nimport {proxyEvents, tap, transferEvents} from '@webex/common';\nimport jose from 'node-jose';\nimport SCR from 'node-scr';\n\nimport ensureBuffer from './ensure-buffer';\nimport KMS from './kms';\n\nconst Encryption = WebexPlugin.extend({\n children: {\n kms: KMS\n },\n\n namespace: 'Encryption',\n\n processKmsMessageEvent(event) {\n return this.kms.processKmsMessageEvent(event);\n },\n\n decryptBinary(scr, buffer) {\n return ensureBuffer(buffer)\n .then((b) => {\n /* istanbul ignore if */\n if (buffer.length === 0 || buffer.byteLength === 0) {\n return Promise.reject(new Error('Attempted to decrypt zero-length buffer'));\n }\n\n return scr.decrypt(b);\n });\n },\n\n /**\n * Decrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} cipherScr - An encrypted SCR\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {Object} Decrypted SCR\n */\n decryptScr(key, cipherScr, options) {\n return this.getKey(key, options)\n .then((k) => SCR.fromJWE(k.jwk, cipherScr));\n },\n\n /**\n * Decrypt text using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} ciphertext - Encrypted text\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Decrypted plaintext\n */\n decryptText(key, ciphertext, options) {\n return this.getKey(key, options)\n .then((k) => jose.JWE\n .createDecrypt(k.jwk)\n .decrypt(ciphertext)\n .then((result) => result.plaintext.toString()));\n },\n\n /**\n * Validate and initiate a Download request for requested file\n *\n * @param {Object} scr - Plaintext\n * @param {Object} options - optional paramaters to download a file\n * @returns {promise}\n */\n download(scr, options) {\n /* istanbul ignore if */\n if (!scr.loc) {\n return Promise.reject(new Error('`scr.loc` is required'));\n }\n\n const shunt = new EventEmitter();\n const promise = this._fetchDownloadUrl(scr, options)\n .then((uri) => {\n const options = {\n method: 'GET',\n uri,\n responseType: 'buffer'\n };\n\n const ret = this.request(options);\n\n transferEvents('progress', options.download, shunt);\n\n return ret;\n })\n .then((res) => this.decryptBinary(scr, res.body));\n\n proxyEvents(shunt, promise);\n\n return promise;\n },\n\n /**\n * Fetch Download URL for the requested file\n *\n * @param {Object} scr - Plaintext\n * @param {Object} options - optional paramaters to download a file\n * @returns {promise} url of the downloadable file\n */\n _fetchDownloadUrl(scr, options) {\n this.logger.info('encryption: retrieving download url for encrypted file');\n\n if (process.env.NODE_ENV !== 'production' && scr.loc.includes('localhost')) {\n this.logger.info('encryption: bypassing webex files because this looks to be a test file on localhost');\n\n return Promise.resolve(scr.loc);\n }\n\n const inputBody = {\n endpoints: [scr.loc]\n };\n const endpointUrl = url.parse(scr.loc);\n\n // hardcode the url to use 'https' and the file service '/v1/download/endpoints' api\n endpointUrl.protocol = 'https';\n endpointUrl.pathname = '/v1/download/endpoints';\n\n return this.request({\n method: 'POST',\n uri: url.format(endpointUrl),\n body: options ? {\n ...inputBody,\n allow: options.params.allow\n } : inputBody\n })\n .then((res) => {\n const url = res.body.endpoints[scr.loc];\n\n if (!url) {\n this.logger.warn('encryption: could not determine download url for `scr.loc`; attempting to download `scr.loc` directly');\n\n return scr.loc;\n }\n this.logger.info('encryption: retrieved download url for encrypted file');\n\n return url;\n });\n },\n\n encryptBinary(file) {\n return ensureBuffer(file)\n .then((buffer) => SCR.create()\n .then((scr) => scr.encrypt(buffer)\n .then(ensureBuffer)\n // eslint-disable-next-line max-nested-callbacks\n .then((cdata) => ({scr, cdata}))));\n },\n\n /**\n * Encrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} scr - Plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted SCR\n */\n encryptScr(key, scr, options) {\n /* istanbul ignore if */\n if (!scr.loc) {\n return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));\n }\n\n return this.getKey(key, options)\n .then((k) => scr.toJWE(k.jwk));\n },\n\n /**\n * Encrypt plaintext using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted text\n */\n encryptText(key, plaintext, options) {\n return this.getKey(key, options)\n .then((k) => jose.JWE\n .createEncrypt(this.config.joseOptions, {\n key: k.jwk,\n header: {\n alg: 'dir'\n },\n reference: null\n })\n .final(plaintext, 'utf8'));\n },\n\n /**\n * Fetch the key associated with the supplied KMS uri.\n *\n * @param {string} uri - The uri of a key stored in KMS\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Key\n */\n getKey(uri, {onBehalfOf} = {}) {\n if (uri.jwk) {\n return this.kms.asKey(uri);\n }\n\n let storageKey = uri;\n\n if (onBehalfOf) {\n storageKey += `/onBehalfOf/${onBehalfOf}`;\n }\n\n return this.unboundedStorage.get(storageKey)\n .then((keyString) => JSON.parse(keyString))\n .then((keyObject) => this.kms.asKey(keyObject))\n .catch(() => this.kms.fetchKey({uri, onBehalfOf})\n .then(tap((key) => this.unboundedStorage.put(storageKey, JSON.stringify(key, replacer)))));\n }\n});\n\n/**\n * JSON.stringify replacer that ensures private key data is serialized.\n * @param {string} k\n * @param {mixed} v\n * @returns {mixed}\n */\nfunction replacer(k, v) {\n if (k === 'jwk') {\n // note: this[k] and v may be different representations of the same value\n // eslint-disable-next-line no-invalid-this\n const json = this[k].toJSON(true);\n\n return json;\n }\n\n return v;\n}\n\nexport default Encryption;\n"]}
|
|
1
|
+
{"version":3,"names":["Encryption","WebexPlugin","extend","children","kms","KMS","namespace","processKmsMessageEvent","event","decryptBinary","scr","buffer","then","b","length","byteLength","reject","Error","decrypt","decryptScr","key","cipherScr","options","getKey","k","SCR","fromJWE","jwk","decryptText","ciphertext","jose","JWE","createDecrypt","result","plaintext","toString","download","loc","shunt","EventEmitter","promise","_fetchDownloadUrl","uri","method","responseType","ret","request","res","body","logger","info","process","env","NODE_ENV","includes","resolve","inputBody","endpoints","endpointUrl","url","parse","protocol","pathname","format","allow","params","warn","encryptBinary","file","create","encrypt","ensureBuffer","cdata","encryptScr","toJWE","encryptText","createEncrypt","config","joseOptions","header","alg","reference","final","onBehalfOf","asKey","storageKey","unboundedStorage","get","keyString","JSON","keyObject","catch","fetchKey","put","replacer","v","json","toJSON"],"sources":["encryption.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {EventEmitter} from 'events';\nimport url from 'url';\n\nimport {WebexPlugin} from '@webex/webex-core';\nimport {proxyEvents, tap, transferEvents} from '@webex/common';\nimport jose from 'node-jose';\nimport SCR from 'node-scr';\n\nimport ensureBuffer from './ensure-buffer';\nimport KMS from './kms';\n\nconst Encryption = WebexPlugin.extend({\n children: {\n kms: KMS\n },\n\n namespace: 'Encryption',\n\n processKmsMessageEvent(event) {\n return this.kms.processKmsMessageEvent(event);\n },\n\n decryptBinary(scr, buffer) {\n return ensureBuffer(buffer)\n .then((b) => {\n /* istanbul ignore if */\n if (buffer.length === 0 || buffer.byteLength === 0) {\n return Promise.reject(new Error('Attempted to decrypt zero-length buffer'));\n }\n\n return scr.decrypt(b);\n });\n },\n\n /**\n * Decrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} cipherScr - An encrypted SCR\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {Object} Decrypted SCR\n */\n decryptScr(key, cipherScr, options) {\n return this.getKey(key, options)\n .then((k) => SCR.fromJWE(k.jwk, cipherScr));\n },\n\n /**\n * Decrypt text using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} ciphertext - Encrypted text\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Decrypted plaintext\n */\n decryptText(key, ciphertext, options) {\n return this.getKey(key, options)\n .then((k) => jose.JWE\n .createDecrypt(k.jwk)\n .decrypt(ciphertext)\n .then((result) => result.plaintext.toString()));\n },\n\n /**\n * Validate and initiate a Download request for requested file\n *\n * @param {Object} scr - Plaintext\n * @param {Object} options - optional paramaters to download a file\n * @returns {promise}\n */\n download(scr, options) {\n /* istanbul ignore if */\n if (!scr.loc) {\n return Promise.reject(new Error('`scr.loc` is required'));\n }\n\n const shunt = new EventEmitter();\n const promise = this._fetchDownloadUrl(scr, options)\n .then((uri) => {\n const options = {\n method: 'GET',\n uri,\n responseType: 'buffer'\n };\n\n const ret = this.request(options);\n\n transferEvents('progress', options.download, shunt);\n\n return ret;\n })\n .then((res) => this.decryptBinary(scr, res.body));\n\n proxyEvents(shunt, promise);\n\n return promise;\n },\n\n /**\n * Fetch Download URL for the requested file\n *\n * @param {Object} scr - Plaintext\n * @param {Object} options - optional paramaters to download a file\n * @returns {promise} url of the downloadable file\n */\n _fetchDownloadUrl(scr, options) {\n this.logger.info('encryption: retrieving download url for encrypted file');\n\n if (process.env.NODE_ENV !== 'production' && scr.loc.includes('localhost')) {\n this.logger.info('encryption: bypassing webex files because this looks to be a test file on localhost');\n\n return Promise.resolve(scr.loc);\n }\n\n const inputBody = {\n endpoints: [scr.loc]\n };\n const endpointUrl = url.parse(scr.loc);\n\n // hardcode the url to use 'https' and the file service '/v1/download/endpoints' api\n endpointUrl.protocol = 'https';\n endpointUrl.pathname = '/v1/download/endpoints';\n\n return this.request({\n method: 'POST',\n uri: url.format(endpointUrl),\n body: options ? {\n ...inputBody,\n allow: options.params.allow\n } : inputBody\n })\n .then((res) => {\n const url = res.body.endpoints[scr.loc];\n\n if (!url) {\n this.logger.warn('encryption: could not determine download url for `scr.loc`; attempting to download `scr.loc` directly');\n\n return scr.loc;\n }\n this.logger.info('encryption: retrieved download url for encrypted file');\n\n return url;\n });\n },\n\n encryptBinary(file) {\n return ensureBuffer(file)\n .then((buffer) => SCR.create()\n .then((scr) => scr.encrypt(buffer)\n .then(ensureBuffer)\n // eslint-disable-next-line max-nested-callbacks\n .then((cdata) => ({scr, cdata}))));\n },\n\n /**\n * Encrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} scr - Plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted SCR\n */\n encryptScr(key, scr, options) {\n /* istanbul ignore if */\n if (!scr.loc) {\n return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));\n }\n\n return this.getKey(key, options)\n .then((k) => scr.toJWE(k.jwk));\n },\n\n /**\n * Encrypt plaintext using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted text\n */\n encryptText(key, plaintext, options) {\n return this.getKey(key, options)\n .then((k) => jose.JWE\n .createEncrypt(this.config.joseOptions, {\n key: k.jwk,\n header: {\n alg: 'dir'\n },\n reference: null\n })\n .final(plaintext, 'utf8'));\n },\n\n /**\n * Fetch the key associated with the supplied KMS uri.\n *\n * @param {string} uri - The uri of a key stored in KMS\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Key\n */\n getKey(uri, {onBehalfOf} = {}) {\n if (uri.jwk) {\n return this.kms.asKey(uri);\n }\n\n let storageKey = uri;\n\n if (onBehalfOf) {\n storageKey += `/onBehalfOf/${onBehalfOf}`;\n }\n\n return this.unboundedStorage.get(storageKey)\n .then((keyString) => JSON.parse(keyString))\n .then((keyObject) => this.kms.asKey(keyObject))\n .catch(() => this.kms.fetchKey({uri, onBehalfOf})\n .then(tap((key) => this.unboundedStorage.put(storageKey, JSON.stringify(key, replacer)))));\n }\n});\n\n/**\n * JSON.stringify replacer that ensures private key data is serialized.\n * @param {string} k\n * @param {mixed} v\n * @returns {mixed}\n */\nfunction replacer(k, v) {\n if (k === 'jwk') {\n // note: this[k] and v may be different representations of the same value\n // eslint-disable-next-line no-invalid-this\n const json = this[k].toJSON(true);\n\n return json;\n }\n\n return v;\n}\n\nexport default Encryption;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAIA;;AACA;;AAEA;;AACA;;AACA;;AACA;;AAEA;;AACA;;;;;;AAEA,IAAMA,UAAU,GAAGC,uBAAYC,MAAZ,CAAmB;EACpCC,QAAQ,EAAE;IACRC,GAAG,EAAEC;EADG,CAD0B;EAKpCC,SAAS,EAAE,YALyB;EAOpCC,sBAPoC,kCAObC,KAPa,EAON;IAC5B,OAAO,KAAKJ,GAAL,CAASG,sBAAT,CAAgCC,KAAhC,CAAP;EACD,CATmC;EAWpCC,aAXoC,yBAWtBC,GAXsB,EAWjBC,MAXiB,EAWT;IACzB,OAAO,2BAAaA,MAAb,EACJC,IADI,CACC,UAACC,CAAD,EAAO;MACX;MACA,IAAIF,MAAM,CAACG,MAAP,KAAkB,CAAlB,IAAuBH,MAAM,CAACI,UAAP,KAAsB,CAAjD,EAAoD;QAClD,OAAO,iBAAQC,MAAR,CAAe,IAAIC,KAAJ,CAAU,yCAAV,CAAf,CAAP;MACD;;MAED,OAAOP,GAAG,CAACQ,OAAJ,CAAYL,CAAZ,CAAP;IACD,CARI,CAAP;EASD,CArBmC;;EAuBpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEM,UAhCoC,sBAgCzBC,GAhCyB,EAgCpBC,SAhCoB,EAgCTC,OAhCS,EAgCA;IAClC,OAAO,KAAKC,MAAL,CAAYH,GAAZ,EAAiBE,OAAjB,EACJV,IADI,CACC,UAACY,CAAD;MAAA,OAAOC,iBAAIC,OAAJ,CAAYF,CAAC,CAACG,GAAd,EAAmBN,SAAnB,CAAP;IAAA,CADD,CAAP;EAED,CAnCmC;;EAqCpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEO,WA9CoC,uBA8CxBR,GA9CwB,EA8CnBS,UA9CmB,EA8CPP,OA9CO,EA8CE;IACpC,OAAO,KAAKC,MAAL,CAAYH,GAAZ,EAAiBE,OAAjB,EACJV,IADI,CACC,UAACY,CAAD;MAAA,OAAOM,kBAAKC,GAAL,CACVC,aADU,CACIR,CAAC,CAACG,GADN,EAEVT,OAFU,CAEFW,UAFE,EAGVjB,IAHU,CAGL,UAACqB,MAAD;QAAA,OAAYA,MAAM,CAACC,SAAP,CAAiBC,QAAjB,EAAZ;MAAA,CAHK,CAAP;IAAA,CADD,CAAP;EAKD,CApDmC;;EAsDpC;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,QA7DoC,oBA6D3B1B,GA7D2B,EA6DtBY,OA7DsB,EA6Db;IAAA;;IACrB;IACA,IAAI,CAACZ,GAAG,CAAC2B,GAAT,EAAc;MACZ,OAAO,iBAAQrB,MAAR,CAAe,IAAIC,KAAJ,CAAU,uBAAV,CAAf,CAAP;IACD;;IAED,IAAMqB,KAAK,GAAG,IAAIC,oBAAJ,EAAd;;IACA,IAAMC,OAAO,GAAG,KAAKC,iBAAL,CAAuB/B,GAAvB,EAA4BY,OAA5B,EACbV,IADa,CACR,UAAC8B,GAAD,EAAS;MACb,IAAMpB,OAAO,GAAG;QACdqB,MAAM,EAAE,KADM;QAEdD,GAAG,EAAHA,GAFc;QAGdE,YAAY,EAAE;MAHA,CAAhB;;MAMA,IAAMC,GAAG,GAAG,KAAI,CAACC,OAAL,CAAaxB,OAAb,CAAZ;;MAEA,4BAAe,UAAf,EAA2BA,OAAO,CAACc,QAAnC,EAA6CE,KAA7C;MAEA,OAAOO,GAAP;IACD,CAba,EAcbjC,IAda,CAcR,UAACmC,GAAD;MAAA,OAAS,KAAI,CAACtC,aAAL,CAAmBC,GAAnB,EAAwBqC,GAAG,CAACC,IAA5B,CAAT;IAAA,CAdQ,CAAhB;;IAgBA,yBAAYV,KAAZ,EAAmBE,OAAnB;IAEA,OAAOA,OAAP;EACD,CAvFmC;;EAyFpC;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,iBAhGoC,6BAgGlB/B,GAhGkB,EAgGbY,OAhGa,EAgGJ;IAAA;;IAC9B,KAAK2B,MAAL,CAAYC,IAAZ,CAAiB,wDAAjB;;IAEA,IAAIC,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,YAAzB,IAAyC3C,GAAG,CAAC2B,GAAJ,CAAQiB,QAAR,CAAiB,WAAjB,CAA7C,EAA4E;MAC1E,KAAKL,MAAL,CAAYC,IAAZ,CAAiB,qFAAjB;MAEA,OAAO,iBAAQK,OAAR,CAAgB7C,GAAG,CAAC2B,GAApB,CAAP;IACD;;IAED,IAAMmB,SAAS,GAAG;MAChBC,SAAS,EAAE,CAAC/C,GAAG,CAAC2B,GAAL;IADK,CAAlB;;IAGA,IAAMqB,WAAW,GAAGC,aAAIC,KAAJ,CAAUlD,GAAG,CAAC2B,GAAd,CAApB,CAZ8B,CAc9B;;;IACAqB,WAAW,CAACG,QAAZ,GAAuB,OAAvB;IACAH,WAAW,CAACI,QAAZ,GAAuB,wBAAvB;IAEA,OAAO,KAAKhB,OAAL,CAAa;MAClBH,MAAM,EAAE,MADU;MAElBD,GAAG,EAAEiB,aAAII,MAAJ,CAAWL,WAAX,CAFa;MAGlBV,IAAI,EAAE1B,OAAO,mCACRkC,SADQ;QAEXQ,KAAK,EAAE1C,OAAO,CAAC2C,MAAR,CAAeD;MAFX,KAGTR;IANc,CAAb,EAQJ5C,IARI,CAQC,UAACmC,GAAD,EAAS;MACb,IAAMY,GAAG,GAAGZ,GAAG,CAACC,IAAJ,CAASS,SAAT,CAAmB/C,GAAG,CAAC2B,GAAvB,CAAZ;;MAEA,IAAI,CAACsB,GAAL,EAAU;QACR,MAAI,CAACV,MAAL,CAAYiB,IAAZ,CAAiB,uGAAjB;;QAEA,OAAOxD,GAAG,CAAC2B,GAAX;MACD;;MACD,MAAI,CAACY,MAAL,CAAYC,IAAZ,CAAiB,uDAAjB;;MAEA,OAAOS,GAAP;IACD,CAnBI,CAAP;EAoBD,CAtImC;EAwIpCQ,aAxIoC,yBAwItBC,IAxIsB,EAwIhB;IAClB,OAAO,2BAAaA,IAAb,EACJxD,IADI,CACC,UAACD,MAAD;MAAA,OAAYc,iBAAI4C,MAAJ,GACfzD,IADe,CACV,UAACF,GAAD;QAAA,OAASA,GAAG,CAAC4D,OAAJ,CAAY3D,MAAZ,EACZC,IADY,CACP2D,qBADO,EAEb;QAFa,CAGZ3D,IAHY,CAGP,UAAC4D,KAAD;UAAA,OAAY;YAAC9D,GAAG,EAAHA,GAAD;YAAM8D,KAAK,EAALA;UAAN,CAAZ;QAAA,CAHO,CAAT;MAAA,CADU,CAAZ;IAAA,CADD,CAAP;EAMD,CA/ImC;;EAiJpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,UA1JoC,sBA0JzBrD,GA1JyB,EA0JpBV,GA1JoB,EA0JfY,OA1Je,EA0JN;IAC5B;IACA,IAAI,CAACZ,GAAG,CAAC2B,GAAT,EAAc;MACZ,OAAO,iBAAQrB,MAAR,CAAe,IAAIC,KAAJ,CAAU,kDAAV,CAAf,CAAP;IACD;;IAED,OAAO,KAAKM,MAAL,CAAYH,GAAZ,EAAiBE,OAAjB,EACJV,IADI,CACC,UAACY,CAAD;MAAA,OAAOd,GAAG,CAACgE,KAAJ,CAAUlD,CAAC,CAACG,GAAZ,CAAP;IAAA,CADD,CAAP;EAED,CAlKmC;;EAoKpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEgD,WA7KoC,uBA6KxBvD,GA7KwB,EA6KnBc,SA7KmB,EA6KRZ,OA7KQ,EA6KC;IAAA;;IACnC,OAAO,KAAKC,MAAL,CAAYH,GAAZ,EAAiBE,OAAjB,EACJV,IADI,CACC,UAACY,CAAD;MAAA,OAAOM,kBAAKC,GAAL,CACV6C,aADU,CACI,MAAI,CAACC,MAAL,CAAYC,WADhB,EAC6B;QACtC1D,GAAG,EAAEI,CAAC,CAACG,GAD+B;QAEtCoD,MAAM,EAAE;UACNC,GAAG,EAAE;QADC,CAF8B;QAKtCC,SAAS,EAAE;MAL2B,CAD7B,EAQVC,KARU,CAQJhD,SARI,EAQO,MARP,CAAP;IAAA,CADD,CAAP;EAUD,CAxLmC;;EA0LpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEX,MAlMoC,kBAkM7BmB,GAlM6B,EAkML;IAAA;;IAAA,+EAAJ,EAAI;IAAA,IAAlByC,UAAkB,QAAlBA,UAAkB;;IAC7B,IAAIzC,GAAG,CAACf,GAAR,EAAa;MACX,OAAO,KAAKvB,GAAL,CAASgF,KAAT,CAAe1C,GAAf,CAAP;IACD;;IAED,IAAI2C,UAAU,GAAG3C,GAAjB;;IAEA,IAAIyC,UAAJ,EAAgB;MACdE,UAAU,0BAAmBF,UAAnB,CAAV;IACD;;IAED,OAAO,KAAKG,gBAAL,CAAsBC,GAAtB,CAA0BF,UAA1B,EACJzE,IADI,CACC,UAAC4E,SAAD;MAAA,OAAeC,IAAI,CAAC7B,KAAL,CAAW4B,SAAX,CAAf;IAAA,CADD,EAEJ5E,IAFI,CAEC,UAAC8E,SAAD;MAAA,OAAe,MAAI,CAACtF,GAAL,CAASgF,KAAT,CAAeM,SAAf,CAAf;IAAA,CAFD,EAGJC,KAHI,CAGE;MAAA,OAAM,MAAI,CAACvF,GAAL,CAASwF,QAAT,CAAkB;QAAClD,GAAG,EAAHA,GAAD;QAAMyC,UAAU,EAAVA;MAAN,CAAlB,EACVvE,IADU,CACL,iBAAI,UAACQ,GAAD;QAAA,OAAS,MAAI,CAACkE,gBAAL,CAAsBO,GAAtB,CAA0BR,UAA1B,EAAsC,wBAAejE,GAAf,EAAoB0E,QAApB,CAAtC,CAAT;MAAA,CAAJ,CADK,CAAN;IAAA,CAHF,CAAP;EAKD,CAlNmC;EAAA;AAAA,CAAnB,CAAnB;AAqNA;AACA;AACA;AACA;AACA;AACA;;;AACA,SAASA,QAAT,CAAkBtE,CAAlB,EAAqBuE,CAArB,EAAwB;EACtB,IAAIvE,CAAC,KAAK,KAAV,EAAiB;IACf;IACA;IACA,IAAMwE,IAAI,GAAG,KAAKxE,CAAL,EAAQyE,MAAR,CAAe,IAAf,CAAb;IAEA,OAAOD,IAAP;EACD;;EAED,OAAOD,CAAP;AACD;;eAEc/F,U"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"names":["ensureBuffer","buffer","ArrayBuffer","resolve","toArrayBuffer","reject","fr","FileReader","onload","Uint8Array","result","onerror","readAsArrayBuffer"],"sources":["ensure-buffer.browser.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n/* eslint-env: browser */\n/* global FileReader */\n\n/**\n * Ensures the provider buffer is, indeed, an ArrayBuffer; converts File and\n * Blob objects to ArrayBuffers.\n * @param {mixed} buffer\n * @returns {Promise<ArrayBuffer>}\n */\nexport default function ensureBuffer(buffer) {\n if (buffer instanceof ArrayBuffer) {\n return Promise.resolve(buffer);\n }\n\n if (buffer.toArrayBuffer) {\n return Promise.resolve(buffer.toArrayBuffer());\n }\n\n if (buffer.buffer) {\n return Promise.resolve(buffer.buffer);\n }\n\n return new Promise((resolve, reject) => {\n const fr = new FileReader();\n\n fr.onload = function onload() {\n resolve(new Uint8Array(this.result));\n };\n\n fr.onerror = reject;\n\n fr.readAsArrayBuffer(buffer);\n });\n}\n"],"mappings":";;;;;;;;;;;;;;AAAA;AACA;AACA;;AAEA;;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACe,SAASA,YAAT,CAAsBC,MAAtB,EAA8B;EAC3C,IAAIA,MAAM,YAAYC,WAAtB,EAAmC;IACjC,OAAO,iBAAQC,OAAR,CAAgBF,MAAhB,CAAP;EACD;;EAED,IAAIA,MAAM,CAACG,aAAX,EAA0B;IACxB,OAAO,iBAAQD,OAAR,CAAgBF,MAAM,CAACG,aAAP,EAAhB,CAAP;EACD;;EAED,IAAIH,MAAM,CAACA,MAAX,EAAmB;IACjB,OAAO,iBAAQE,OAAR,CAAgBF,MAAM,CAACA,MAAvB,CAAP;EACD;;EAED,OAAO,qBAAY,UAACE,OAAD,EAAUE,MAAV,EAAqB;IACtC,IAAMC,EAAE,GAAG,IAAIC,UAAJ,EAAX;;IAEAD,EAAE,CAACE,MAAH,GAAY,SAASA,MAAT,GAAkB;MAC5BL,OAAO,CAAC,IAAIM,UAAJ,CAAe,KAAKC,MAApB,CAAD,CAAP;IACD,CAFD;;IAIAJ,EAAE,CAACK,OAAH,GAAaN,MAAb;IAEAC,EAAE,CAACM,iBAAH,CAAqBX,MAArB;EACD,CAVM,CAAP;AAWD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"names":["ensureBuffer","buffer","reject","Error","resolve"],"sources":["ensure-buffer.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {isBuffer} from '@webex/common';\n\n/**\n* Ensures the provider Buffer is, indeed, a Buffer; sometimes, they seem to be\n* byte-arrays instead of proper Buffer objects.\n* @param {mixed} buffer\n* @returns {Promise<Buffer>}\n*/\nexport default function ensureBuffer(buffer) {\n /* istanbul ignore if */\n if (!isBuffer(buffer)) {\n return Promise.reject(new Error('`buffer` must be a buffer'));\n }\n\n return Promise.resolve(buffer);\n}\n"],"mappings":";;;;;;;;;;;;;;AAIA;;AAJA;AACA;AACA;;AAIA;AACA;AACA;AACA;AACA;AACA;AACe,SAASA,YAAT,CAAsBC,MAAtB,EAA8B;EAC3C;EACA,IAAI,CAAC,sBAASA,MAAT,CAAL,EAAuB;IACrB,OAAO,iBAAQC,MAAR,CAAe,IAAIC,KAAJ,CAAU,2BAAV,CAAf,CAAP;EACD;;EAED,OAAO,iBAAQC,OAAR,CAAgBH,MAAhB,CAAP;AACD"}
|
package/dist/index.js
CHANGED
|
@@ -8,31 +8,31 @@ _Object$defineProperty(exports, "__esModule", {
|
|
|
8
8
|
value: true
|
|
9
9
|
});
|
|
10
10
|
|
|
11
|
-
_Object$defineProperty(exports, "
|
|
11
|
+
_Object$defineProperty(exports, "DryError", {
|
|
12
12
|
enumerable: true,
|
|
13
13
|
get: function get() {
|
|
14
|
-
return
|
|
14
|
+
return _kmsErrors.DryError;
|
|
15
15
|
}
|
|
16
16
|
});
|
|
17
17
|
|
|
18
|
-
_Object$defineProperty(exports, "
|
|
18
|
+
_Object$defineProperty(exports, "KMS", {
|
|
19
19
|
enumerable: true,
|
|
20
20
|
get: function get() {
|
|
21
|
-
return
|
|
21
|
+
return _kms.default;
|
|
22
22
|
}
|
|
23
23
|
});
|
|
24
24
|
|
|
25
|
-
_Object$defineProperty(exports, "
|
|
25
|
+
_Object$defineProperty(exports, "KmsError", {
|
|
26
26
|
enumerable: true,
|
|
27
27
|
get: function get() {
|
|
28
|
-
return _kmsErrors.
|
|
28
|
+
return _kmsErrors.KmsError;
|
|
29
29
|
}
|
|
30
30
|
});
|
|
31
31
|
|
|
32
|
-
_Object$defineProperty(exports, "
|
|
32
|
+
_Object$defineProperty(exports, "default", {
|
|
33
33
|
enumerable: true,
|
|
34
34
|
get: function get() {
|
|
35
|
-
return
|
|
35
|
+
return _encryption.default;
|
|
36
36
|
}
|
|
37
37
|
});
|
|
38
38
|
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"names":["interceptors","process","env","NODE_ENV","KmsDryErrorInterceptor","create","Encryption","payloadTransformer","predicates","name","direction","test","ctx","options","resolve","body","kmsMessage","keyUris","length","resourceUri","includes","uri","extract","response","reason","Boolean","errorCode","transforms","fn","object","webex","internal","encryption","kms","prepareRequest","then","req","wrapped","decryptKmsMessage","promises","errors","map","error","description","desc","push","message","all","reject","DryError","config"],"sources":["index.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n// Note: There's a bug where if bind gets replayed because of a timeout in which\n// the original request eventually completed, there'll be an error indicating\n// the key can't be bound (because it already has been). This could be mitigated\n// by using Promise.race to resolve replays (as more requests get enqueue for a\n// specific action, accept whichever one completes first).\n\nimport {registerInternalPlugin} from '@webex/webex-core';\nimport {has, isObject, isString} from 'lodash';\n\nimport Encryption from './encryption';\nimport config from './config';\nimport {DryError} from './kms-errors';\nimport '@webex/internal-plugin-device';\nimport '@webex/internal-plugin-mercury';\nimport KmsDryErrorInterceptor from './kms-dry-error-interceptor';\n\nlet interceptors;\n\nif (process.env.NODE_ENV === 'test') {\n interceptors = {\n KmsDryErrorInterceptor: KmsDryErrorInterceptor.create\n };\n}\n\nregisterInternalPlugin('encryption', Encryption, {\n payloadTransformer: {\n predicates: [{\n name: 'encryptKmsMessage',\n direction: 'outbound',\n // I don't see any practical way to reduce complexity here.\n // eslint-disable-next-line complexity\n test(ctx, options) {\n if (!has(options, 'body.kmsMessage')) {\n return Promise.resolve(false);\n }\n\n if (!isObject(options.body.kmsMessage)) {\n return Promise.resolve(false);\n }\n\n // If this is a template for a kms message, assume another transform\n // will fill it in later. This is a bit of a leaky abstraction, but the\n // alternative is building a complex rules engine for controlling\n // ordering of transforms\n if (options.body.kmsMessage.keyUris && options.body.kmsMessage.keyUris.length === 0) {\n return Promise.resolve(false);\n }\n if (options.body.kmsMessage.resourceUri && (options.body.kmsMessage.resourceUri.includes('<KRO>') || options.body.kmsMessage.resourceUri.includes('<KEYURL>'))) {\n return Promise.resolve(false);\n }\n if (options.body.kmsMessage.uri && (options.body.kmsMessage.uri.includes('<KRO>') || options.body.kmsMessage.uri.includes('<KEYURL>'))) {\n return Promise.resolve(false);\n }\n\n return Promise.resolve(true);\n },\n extract(options) {\n return Promise.resolve(options.body);\n }\n }, {\n name: 'decryptKmsMessage',\n direction: 'inbound',\n test(ctx, response) {\n return Promise.resolve(has(response, 'body.kmsMessage') && isString(response.body.kmsMessage));\n },\n extract(response) {\n return Promise.resolve(response.body);\n }\n }, {\n name: 'decryptErrorResponse',\n direction: 'inbound',\n test(ctx, reason) {\n return Promise.resolve(Boolean(reason.body && reason.body.errorCode === 1900000));\n },\n extract(reason) {\n return Promise.resolve(reason);\n }\n }],\n transforms: [{\n name: 'encryptKmsMessage',\n fn(ctx, object) {\n if (!object) {\n return Promise.resolve();\n }\n\n if (!object.kmsMessage) {\n return Promise.resolve();\n }\n\n if (isString(object.kmsMessage)) {\n return Promise.resolve();\n }\n\n return ctx.webex.internal.encryption.kms.prepareRequest(object.kmsMessage)\n .then((req) => {\n object.kmsMessage = req.wrapped;\n });\n }\n }, {\n name: 'decryptKmsMessage',\n fn(ctx, object) {\n return ctx.webex.internal.encryption.kms.decryptKmsMessage(object.kmsMessage)\n .then((kmsMessage) => {\n object.kmsMessage = kmsMessage;\n });\n }\n }, {\n name: 'decryptErrorResponse',\n fn(ctx, reason) {\n const promises = reason.body.errors.map((error) => ctx.webex.internal.encryption.kms.decryptKmsMessage(error.description)\n .then((desc) => {\n error.description = desc;\n }));\n\n promises.push(ctx.webex.internal.encryption.kms.decryptKmsMessage(reason.body.message)\n .then((kmsMessage) => {\n reason.body.message = kmsMessage;\n }));\n\n return Promise.all(promises)\n .then(() => Promise.reject(new DryError(reason)));\n }\n }]\n },\n interceptors,\n config\n});\n\nexport {default} from './encryption';\nexport {default as KMS} from './kms';\nexport {KmsError, DryError} from './kms-errors';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAUA;;AAGA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAmHA;;AArIA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AAYA,IAAIA,YAAJ;;AAEA,IAAIC,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,MAA7B,EAAqC;EACnCH,YAAY,GAAG;IACbI,sBAAsB,EAAEA,gCAAuBC;EADlC,CAAf;AAGD;;AAED,uCAAuB,YAAvB,EAAqCC,mBAArC,EAAiD;EAC/CC,kBAAkB,EAAE;IAClBC,UAAU,EAAE,CAAC;MACXC,IAAI,EAAE,mBADK;MAEXC,SAAS,EAAE,UAFA;MAGX;MACA;MACAC,IALW,gBAKNC,GALM,EAKDC,OALC,EAKQ;QACjB,IAAI,CAAC,mBAAIA,OAAJ,EAAa,iBAAb,CAAL,EAAsC;UACpC,OAAO,iBAAQC,OAAR,CAAgB,KAAhB,CAAP;QACD;;QAED,IAAI,CAAC,wBAASD,OAAO,CAACE,IAAR,CAAaC,UAAtB,CAAL,EAAwC;UACtC,OAAO,iBAAQF,OAAR,CAAgB,KAAhB,CAAP;QACD,CAPgB,CASjB;QACA;QACA;QACA;;;QACA,IAAID,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBC,OAAxB,IAAmCJ,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBC,OAAxB,CAAgCC,MAAhC,KAA2C,CAAlF,EAAqF;UACnF,OAAO,iBAAQJ,OAAR,CAAgB,KAAhB,CAAP;QACD;;QACD,IAAID,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBG,WAAxB,KAAwCN,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBG,WAAxB,CAAoCC,QAApC,CAA6C,OAA7C,KAAyDP,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBG,WAAxB,CAAoCC,QAApC,CAA6C,UAA7C,CAAjG,CAAJ,EAAgK;UAC9J,OAAO,iBAAQN,OAAR,CAAgB,KAAhB,CAAP;QACD;;QACD,IAAID,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBK,GAAxB,KAAgCR,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBK,GAAxB,CAA4BD,QAA5B,CAAqC,OAArC,KAAiDP,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBK,GAAxB,CAA4BD,QAA5B,CAAqC,UAArC,CAAjF,CAAJ,EAAwI;UACtI,OAAO,iBAAQN,OAAR,CAAgB,KAAhB,CAAP;QACD;;QAED,OAAO,iBAAQA,OAAR,CAAgB,IAAhB,CAAP;MACD,CA7BU;MA8BXQ,OA9BW,mBA8BHT,OA9BG,EA8BM;QACf,OAAO,iBAAQC,OAAR,CAAgBD,OAAO,CAACE,IAAxB,CAAP;MACD;IAhCU,CAAD,EAiCT;MACDN,IAAI,EAAE,mBADL;MAEDC,SAAS,EAAE,SAFV;MAGDC,IAHC,gBAGIC,GAHJ,EAGSW,QAHT,EAGmB;QAClB,OAAO,iBAAQT,OAAR,CAAgB,mBAAIS,QAAJ,EAAc,iBAAd,KAAoC,wBAASA,QAAQ,CAACR,IAAT,CAAcC,UAAvB,CAApD,CAAP;MACD,CALA;MAMDM,OANC,mBAMOC,QANP,EAMiB;QAChB,OAAO,iBAAQT,OAAR,CAAgBS,QAAQ,CAACR,IAAzB,CAAP;MACD;IARA,CAjCS,EA0CT;MACDN,IAAI,EAAE,sBADL;MAEDC,SAAS,EAAE,SAFV;MAGDC,IAHC,gBAGIC,GAHJ,EAGSY,MAHT,EAGiB;QAChB,OAAO,iBAAQV,OAAR,CAAgBW,OAAO,CAACD,MAAM,CAACT,IAAP,IAAeS,MAAM,CAACT,IAAP,CAAYW,SAAZ,KAA0B,OAA1C,CAAvB,CAAP;MACD,CALA;MAMDJ,OANC,mBAMOE,MANP,EAMe;QACd,OAAO,iBAAQV,OAAR,CAAgBU,MAAhB,CAAP;MACD;IARA,CA1CS,CADM;IAqDlBG,UAAU,EAAE,CAAC;MACXlB,IAAI,EAAE,mBADK;MAEXmB,EAFW,cAERhB,GAFQ,EAEHiB,MAFG,EAEK;QACd,IAAI,CAACA,MAAL,EAAa;UACX,OAAO,iBAAQf,OAAR,EAAP;QACD;;QAED,IAAI,CAACe,MAAM,CAACb,UAAZ,EAAwB;UACtB,OAAO,iBAAQF,OAAR,EAAP;QACD;;QAED,IAAI,wBAASe,MAAM,CAACb,UAAhB,CAAJ,EAAiC;UAC/B,OAAO,iBAAQF,OAAR,EAAP;QACD;;QAED,OAAOF,GAAG,CAACkB,KAAJ,CAAUC,QAAV,CAAmBC,UAAnB,CAA8BC,GAA9B,CAAkCC,cAAlC,CAAiDL,MAAM,CAACb,UAAxD,EACJmB,IADI,CACC,UAACC,GAAD,EAAS;UACbP,MAAM,CAACb,UAAP,GAAoBoB,GAAG,CAACC,OAAxB;QACD,CAHI,CAAP;MAID;IAnBU,CAAD,EAoBT;MACD5B,IAAI,EAAE,mBADL;MAEDmB,EAFC,cAEEhB,GAFF,EAEOiB,MAFP,EAEe;QACd,OAAOjB,GAAG,CAACkB,KAAJ,CAAUC,QAAV,CAAmBC,UAAnB,CAA8BC,GAA9B,CAAkCK,iBAAlC,CAAoDT,MAAM,CAACb,UAA3D,EACJmB,IADI,CACC,UAACnB,UAAD,EAAgB;UACpBa,MAAM,CAACb,UAAP,GAAoBA,UAApB;QACD,CAHI,CAAP;MAID;IAPA,CApBS,EA4BT;MACDP,IAAI,EAAE,sBADL;MAEDmB,EAFC,cAEEhB,GAFF,EAEOY,MAFP,EAEe;QACd,IAAMe,QAAQ,GAAGf,MAAM,CAACT,IAAP,CAAYyB,MAAZ,CAAmBC,GAAnB,CAAuB,UAACC,KAAD;UAAA,OAAW9B,GAAG,CAACkB,KAAJ,CAAUC,QAAV,CAAmBC,UAAnB,CAA8BC,GAA9B,CAAkCK,iBAAlC,CAAoDI,KAAK,CAACC,WAA1D,EAChDR,IADgD,CAC3C,UAACS,IAAD,EAAU;YACdF,KAAK,CAACC,WAAN,GAAoBC,IAApB;UACD,CAHgD,CAAX;QAAA,CAAvB,CAAjB;QAKAL,QAAQ,CAACM,IAAT,CAAcjC,GAAG,CAACkB,KAAJ,CAAUC,QAAV,CAAmBC,UAAnB,CAA8BC,GAA9B,CAAkCK,iBAAlC,CAAoDd,MAAM,CAACT,IAAP,CAAY+B,OAAhE,EACXX,IADW,CACN,UAACnB,UAAD,EAAgB;UACpBQ,MAAM,CAACT,IAAP,CAAY+B,OAAZ,GAAsB9B,UAAtB;QACD,CAHW,CAAd;QAKA,OAAO,iBAAQ+B,GAAR,CAAYR,QAAZ,EACJJ,IADI,CACC;UAAA,OAAM,iBAAQa,MAAR,CAAe,IAAIC,mBAAJ,CAAazB,MAAb,CAAf,CAAN;QAAA,CADD,CAAP;MAED;IAfA,CA5BS;EArDM,CAD2B;EAoG/CxB,YAAY,EAAZA,YApG+C;EAqG/CkD,MAAM,EAANA;AArG+C,CAAjD"}
|
package/dist/kms-batcher.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"names":["TIMEOUT_SYMBOL","KmsBatcher","Batcher","extend","namespace","processKmsMessageEvent","event","logger","info","all","encryption","kmsMessages","map","kmsMessage","resolve","process","env","NODE_ENV","body","acceptItem","prepareItem","item","getDeferredForRequest","then","defer","timeout","Error","timer","warn","requestId","handleItemFailure","KmsTimeoutError","request","promise","clearTimeout","catch","prepareRequest","queue","webex","internal","kms","_getKMSCluster","cluster","destination","req","wrapped","submitHttpRequest","payload","length","method","service","resource","handleHttpSuccess","didItemFail","status","handleItemSuccess","getDeferredForResponse","reason","reject","KmsError","fingerprintRequest","fingerprintResponse"],"sources":["kms-batcher.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {safeSetTimeout} from '@webex/common-timers';\nimport {Batcher} from '@webex/webex-core';\n\nimport {KmsError, KmsTimeoutError} from './kms-errors';\n\nexport const TIMEOUT_SYMBOL = Symbol('TIMEOUT_SYMBOL');\n\n/**\n * @class\n */\nconst KmsBatcher = Batcher.extend({\n namespace: 'Encryption',\n\n /**\n * Accepts a kmsMessage event and passes its contents to acceptItem\n * @param {Object} event\n * @returns {Promise}\n */\n processKmsMessageEvent(event) {\n this.logger.info('kms-batcher: received kms message');\n\n return Promise.all(event.encryption.kmsMessages.map((kmsMessage) => new Promise((resolve) => {\n /* istanbul ignore else */\n if (process.env.NODE_ENV !== 'production') {\n this.logger.info('kms-batcher:', kmsMessage.body);\n }\n\n resolve(this.acceptItem(kmsMessage));\n })));\n },\n\n /**\n * Attaches a timeout to the given KMS message\n * @param {Object} item\n * @returns {Promise<Object>}\n */\n prepareItem(item) {\n return this.getDeferredForRequest(item)\n .then((defer) => {\n const timeout = item[TIMEOUT_SYMBOL];\n\n /* istanbul ignore if */\n if (!timeout) {\n throw new Error('timeout is required');\n }\n\n const timer = safeSetTimeout(() => {\n this.logger.warn(`kms: request timed out; request id: ${item.requestId}; timeout: ${timeout}`);\n this.handleItemFailure(item, new KmsTimeoutError({\n timeout,\n request: item\n }));\n }, timeout);\n\n // Reminder: reassign `promise` is not a viable means of inserting into\n // the Promise chain\n defer.promise.then(() => clearTimeout(timer));\n defer.promise.catch(() => clearTimeout(timer));\n\n return item;\n });\n },\n\n /**\n * Attaches the final bits of cluster info to the payload\n * @param {Array} queue\n * @returns {Promise<Array>}\n */\n prepareRequest(queue) {\n return this.webex.internal.encryption.kms._getKMSCluster()\n .then((cluster) => ({\n destination: cluster,\n kmsMessages: queue.map((req) => req.wrapped)\n }));\n },\n\n /**\n * @param {Object} payload\n * @returns {Promise<HttpResponseObject>}\n */\n submitHttpRequest(payload) {\n this.logger.info('kms: batched-request-length', payload.kmsMessages.length);\n\n return this.webex.request({\n method: 'POST',\n service: 'encryption',\n resource: '/kms/messages',\n body: payload\n });\n },\n\n /**\n * Does nothing; the http response doesn't carry our response data\n * @returns {Promise}\n */\n handleHttpSuccess() {\n return Promise.resolve();\n },\n\n /**\n * @param {Object} item\n * @returns {Promise<boolean>}\n */\n didItemFail(item) {\n return Promise.resolve(item.status >= 400);\n },\n\n /**\n * @param {Object} item\n * @returns {Promise}\n */\n handleItemSuccess(item) {\n return this.getDeferredForResponse(item)\n .then((defer) => {\n defer.resolve(item.body);\n });\n },\n\n /**\n * @param {Object} item\n * @param {KmsError} [reason]\n * @returns {Promise}\n */\n handleItemFailure(item, reason) {\n return this.getDeferredForResponse(item)\n .then((defer) => {\n defer.reject(reason || new KmsError(item.body));\n });\n },\n\n /**\n * @param {Object} item\n * @returns {Promise}\n */\n fingerprintRequest(item) {\n return Promise.resolve(item.requestId);\n },\n\n /**\n * @param {Object} item\n * @returns {Promise}\n */\n fingerprintResponse(item) {\n return Promise.resolve(item.requestId);\n }\n});\n\nexport default KmsBatcher;\n"],"mappings":";;;;;;;;;;;;;;;;AAIA;;AACA;;AAEA;;AAPA;AACA;AACA;AAOO,IAAMA,cAAc,GAAG,qBAAO,gBAAP,CAAvB;AAEP;AACA;AACA;;;;AACA,IAAMC,UAAU,GAAGC,mBAAQC,MAAR,CAAe;EAChCC,SAAS,EAAE,YADqB;;EAGhC;AACF;AACA;AACA;AACA;EACEC,sBARgC,kCAQTC,KARS,EAQF;IAAA;;IAC5B,KAAKC,MAAL,CAAYC,IAAZ,CAAiB,mCAAjB;IAEA,OAAO,iBAAQC,GAAR,CAAYH,KAAK,CAACI,UAAN,CAAiBC,WAAjB,CAA6BC,GAA7B,CAAiC,UAACC,UAAD;MAAA,OAAgB,qBAAY,UAACC,OAAD,EAAa;QAC3F;QACA,IAAIC,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,YAA7B,EAA2C;UACzC,KAAI,CAACV,MAAL,CAAYC,IAAZ,CAAiB,cAAjB,EAAiCK,UAAU,CAACK,IAA5C;QACD;;QAEDJ,OAAO,CAAC,KAAI,CAACK,UAAL,CAAgBN,UAAhB,CAAD,CAAP;MACD,CAPmE,CAAhB;IAAA,CAAjC,CAAZ,CAAP;EAQD,CAnB+B;;EAqBhC;AACF;AACA;AACA;AACA;EACEO,WA1BgC,uBA0BpBC,IA1BoB,EA0Bd;IAAA;;IAChB,OAAO,KAAKC,qBAAL,CAA2BD,IAA3B,EACJE,IADI,CACC,UAACC,KAAD,EAAW;MACf,IAAMC,OAAO,GAAGJ,IAAI,CAACrB,cAAD,CAApB;MAEA;;MACA,IAAI,CAACyB,OAAL,EAAc;QACZ,MAAM,IAAIC,KAAJ,CAAU,qBAAV,CAAN;MACD;;MAED,IAAMC,KAAK,GAAG,kCAAe,YAAM;QACjC,MAAI,CAACpB,MAAL,CAAYqB,IAAZ,+CAAwDP,IAAI,CAACQ,SAA7D,wBAAoFJ,OAApF;;QACA,MAAI,CAACK,iBAAL,CAAuBT,IAAvB,EAA6B,IAAIU,0BAAJ,CAAoB;UAC/CN,OAAO,EAAPA,OAD+C;UAE/CO,OAAO,EAAEX;QAFsC,CAApB,CAA7B;MAID,CANa,EAMXI,OANW,CAAd,CARe,CAgBf;MACA;;MACAD,KAAK,CAACS,OAAN,CAAcV,IAAd,CAAmB;QAAA,OAAMW,YAAY,CAACP,KAAD,CAAlB;MAAA,CAAnB;MACAH,KAAK,CAACS,OAAN,CAAcE,KAAd,CAAoB;QAAA,OAAMD,YAAY,CAACP,KAAD,CAAlB;MAAA,CAApB;MAEA,OAAON,IAAP;IACD,CAvBI,CAAP;EAwBD,CAnD+B;;EAqDhC;AACF;AACA;AACA;AACA;EACEe,cA1DgC,0BA0DjBC,KA1DiB,EA0DV;IACpB,OAAO,KAAKC,KAAL,CAAWC,QAAX,CAAoB7B,UAApB,CAA+B8B,GAA/B,CAAmCC,cAAnC,GACJlB,IADI,CACC,UAACmB,OAAD;MAAA,OAAc;QAClBC,WAAW,EAAED,OADK;QAElB/B,WAAW,EAAE0B,KAAK,CAACzB,GAAN,CAAU,UAACgC,GAAD;UAAA,OAASA,GAAG,CAACC,OAAb;QAAA,CAAV;MAFK,CAAd;IAAA,CADD,CAAP;EAKD,CAhE+B;;EAkEhC;AACF;AACA;AACA;EACEC,iBAtEgC,6BAsEdC,OAtEc,EAsEL;IACzB,KAAKxC,MAAL,CAAYC,IAAZ,CAAiB,6BAAjB,EAAgDuC,OAAO,CAACpC,WAAR,CAAoBqC,MAApE;IAEA,OAAO,KAAKV,KAAL,CAAWN,OAAX,CAAmB;MACxBiB,MAAM,EAAE,MADgB;MAExBC,OAAO,EAAE,YAFe;MAGxBC,QAAQ,EAAE,eAHc;MAIxBjC,IAAI,EAAE6B;IAJkB,CAAnB,CAAP;EAMD,CA/E+B;;EAiFhC;AACF;AACA;AACA;EACEK,iBArFgC,+BAqFZ;IAClB,OAAO,iBAAQtC,OAAR,EAAP;EACD,CAvF+B;;EAyFhC;AACF;AACA;AACA;EACEuC,WA7FgC,uBA6FpBhC,IA7FoB,EA6Fd;IAChB,OAAO,iBAAQP,OAAR,CAAgBO,IAAI,CAACiC,MAAL,IAAe,GAA/B,CAAP;EACD,CA/F+B;;EAiGhC;AACF;AACA;AACA;EACEC,iBArGgC,6BAqGdlC,IArGc,EAqGR;IACtB,OAAO,KAAKmC,sBAAL,CAA4BnC,IAA5B,EACJE,IADI,CACC,UAACC,KAAD,EAAW;MACfA,KAAK,CAACV,OAAN,CAAcO,IAAI,CAACH,IAAnB;IACD,CAHI,CAAP;EAID,CA1G+B;;EA4GhC;AACF;AACA;AACA;AACA;EACEY,iBAjHgC,6BAiHdT,IAjHc,EAiHRoC,MAjHQ,EAiHA;IAC9B,OAAO,KAAKD,sBAAL,CAA4BnC,IAA5B,EACJE,IADI,CACC,UAACC,KAAD,EAAW;MACfA,KAAK,CAACkC,MAAN,CAAaD,MAAM,IAAI,IAAIE,mBAAJ,CAAatC,IAAI,CAACH,IAAlB,CAAvB;IACD,CAHI,CAAP;EAID,CAtH+B;;EAwHhC;AACF;AACA;AACA;EACE0C,kBA5HgC,8BA4HbvC,IA5Ha,EA4HP;IACvB,OAAO,iBAAQP,OAAR,CAAgBO,IAAI,CAACQ,SAArB,CAAP;EACD,CA9H+B;;EAgIhC;AACF;AACA;AACA;EACEgC,mBApIgC,+BAoIZxC,IApIY,EAoIN;IACxB,OAAO,iBAAQP,OAAR,CAAgBO,IAAI,CAACQ,SAArB,CAAP;EACD;AAtI+B,CAAf,CAAnB;;eAyIe5B,U"}
|
|
@@ -24,6 +24,8 @@ var _promise = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/pr
|
|
|
24
24
|
|
|
25
25
|
var _slicedToArray2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/slicedToArray"));
|
|
26
26
|
|
|
27
|
+
var _createClass2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/createClass"));
|
|
28
|
+
|
|
27
29
|
var _classCallCheck2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/classCallCheck"));
|
|
28
30
|
|
|
29
31
|
var _inherits2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/inherits"));
|
|
@@ -92,7 +94,7 @@ var KMSError = /*#__PURE__*/function (_Error) {
|
|
|
92
94
|
return _this;
|
|
93
95
|
}
|
|
94
96
|
|
|
95
|
-
return KMSError;
|
|
97
|
+
return (0, _createClass2.default)(KMSError);
|
|
96
98
|
}( /*#__PURE__*/(0, _wrapNativeSuper2.default)(Error));
|
|
97
99
|
|
|
98
100
|
exports.KMSError = KMSError;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["kms-certificate-validation.js"],"names":["crypto","CryptoEngine","name","subtle","VALID_KTY","VALID_KID_PROTOCOL","X509_COMMON_NAME_KEY","X509_SUBJECT_ALT_NAME_KEY","KMSError","message","kmsError","Error","throwError","err","decodeCert","pem","der","Buffer","from","ber","Uint8Array","buffer","asn1","Certificate","schema","result","validateKtyHeader","kty","validateKidHeader","kid","protocol","validateCommonName","certificate","kidHostname","hostname","validationSuccessful","extensions","extension","extnID","altNames","parsedValue","entry","san","value","subjectAttributes","subject","typesAndValues","attribute","type","commonName","valueBlock","validatePublicCertificate","publicExponent","e","modulus","n","encode","jose","util","base64url","publicKey","subjectPublicKeyInfo","subjectPublicKey","asn1PublicCert","valueHex","publicCert","RSAPublicKey","publicExponentHex","modulusHex","validateCertificatesSignature","certificates","caroots","certificateEngine","CertificateChainValidationEngine","trustedCerts","map","certs","verify","then","resultCode","resultMessage","validateKMS","jwt","resolve","x5c","length","promise"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;AAEA;;AACA;;AACA;;AAQA;;AACA;;AACA;;;;;;;;;;;;AAEA,sBACE,WADF,EAEEA,4BAFF,EAGE,IAAIC,mBAAJ,CAAiB;AACfC,EAAAA,IAAI,EAAE,EADS;AAEfF,EAAAA,MAAM,EAANA,4BAFe;AAGfG,EAAAA,MAAM,EAAEH,6BAAOG;AAHA,CAAjB,CAHF;AAUA,IAAMC,SAAS,GAAG,KAAlB;AACA,IAAMC,kBAAkB,GAAG,MAA3B;AAEA,IAAMC,oBAAoB,GAAG,SAA7B;AAEA,IAAMC,yBAAyB,GAAG,WAAlC;AAEA;AACA;AACA;AACA;;IACaC,Q;;;;;AACX;AACF;AACA;AACA;AACE,oBAAYC,OAAZ,EAAqB;AAAA;;AAAA;AACnB,8BAAMA,OAAN;AACA,UAAKC,QAAL,GAAgB,IAAhB;AAFmB;AAGpB;;;+CAR2BC,K;;;;AAW9B,IAAMC,UAAU,GAAG,SAAbA,UAAa,CAACC,GAAD,EAAS;AAC1B,QAAM,IAAIL,QAAJ,wBAA6BK,GAA7B,EAAN;AACD,CAFD;AAIA;AACA;AACA;AACA;AACA;;;AACA,IAAMC,UAAU,GAAG,SAAbA,UAAa,CAACC,GAAD,EAAS;AAC1B,MAAI,OAAOA,GAAP,KAAe,QAAnB,EAA6B;AAC3BH,IAAAA,UAAU,CAAC,kCAAD,CAAV;AACD;;AAED,MAAMI,GAAG,GAAGC,mBAAOC,IAAP,CAAYH,GAAZ,EAAiB,QAAjB,CAAZ;;AACA,MAAMI,GAAG,GAAG,IAAIC,UAAJ,CAAeJ,GAAf,EAAoBK,MAAhC;AAEA,MAAMC,IAAI,GAAG,qBAAQH,GAAR,CAAb;AAEA,SAAO,IAAII,kBAAJ,CAAgB;AAACC,IAAAA,MAAM,EAAEF,IAAI,CAACG;AAAd,GAAhB,CAAP;AACD,CAXD;AAaA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAMC,iBAAiB,GAAG,SAApBA,iBAAoB,OAAW;AAAA,MAATC,GAAS,QAATA,GAAS;;AACnC,MAAIA,GAAG,KAAKvB,SAAZ,EAAuB;AACrBQ,IAAAA,UAAU,iCAA0BR,SAA1B,OAAV;AACD;AACF,CAJD;;AAMA,IAAMwB,iBAAiB,GAAG,SAApBA,iBAAoB,QAAW;AAAA,MAATC,GAAS,SAATA,GAAS;;AACnC,MAAI,CAAC,qBAAMA,GAAN,CAAL,EAAiB;AACfjB,IAAAA,UAAU,CAAC,4BAAD,CAAV;AACD;;AAED,MAAI,gBAASiB,GAAT,EAAcC,QAAd,KAA2BzB,kBAA/B,EAAmD;AACjDO,IAAAA,UAAU,mCAA4BP,kBAA5B,OAAV;AACD;AACF,CARD;AAUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAM0B,kBAAkB,GAAG,SAArBA,kBAAqB,eAA0B;AAAA;AAAA,MAAxBC,WAAwB;;AAAA,MAATH,GAAS,SAATA,GAAS;AACnD,MAAMI,WAAW,GAAG,gBAASJ,GAAT,EAAcK,QAAlC;AACA,MAAIC,oBAAoB,GAAG,KAA3B;;AAEA,MAAIH,WAAW,CAACI,UAAhB,EAA4B;AAC1B;AAD0B,+CAEFJ,WAAW,CAACI,UAFV;AAAA;;AAAA;AAE1B,0DAAgD;AAAA,YAArCC,SAAqC;;AAC9C,YAAIA,SAAS,CAACC,MAAV,KAAqB/B,yBAAzB,EAAoD;AAClD,cAAOgC,QAAP,GAAmBF,SAAS,CAACG,WAA7B,CAAOD,QAAP;;AADkD,sDAG9BA,QAH8B;AAAA;;AAAA;AAGlD,mEAA8B;AAAA,kBAAnBE,KAAmB;AAC5B,kBAAMC,GAAG,GAAGD,KAAK,CAACE,KAAlB;AAEAR,cAAAA,oBAAoB,GAAGO,GAAG,KAAKT,WAA/B;;AACA,kBAAIE,oBAAJ,EAA0B;AACxB;AACD;AACF;AAViD;AAAA;AAAA;AAAA;AAAA;;AAYlD,cAAIA,oBAAJ,EAA0B;AACxB;AACD;AACF;AACF;AAnByB;AAAA;AAAA;AAAA;AAAA;AAoB3B;;AAED,MAAI,CAACA,oBAAL,EAA2B;AACzB;AACA,QAAMS,iBAAiB,GAAGZ,WAAW,CAACa,OAAZ,CAAoBC,cAA9C;;AAFyB,gDAIDF,iBAJC;AAAA;;AAAA;AAIzB,6DAA2C;AAAA,YAAhCG,SAAgC;;AACzC,YAAIA,SAAS,CAACC,IAAV,KAAmB1C,oBAAvB,EAA6C;AAC3C,cAAM2C,UAAU,GAAGF,SAAS,CAACJ,KAAV,CAAgBO,UAAhB,CAA2BP,KAA9C;AAEAR,UAAAA,oBAAoB,GAAGc,UAAU,KAAKhB,WAAtC;;AACA,cAAIE,oBAAJ,EAA0B;AACxB;AACD;AACF;AACF;AAbwB;AAAA;AAAA;AAAA;AAAA;AAc1B;;AAED,MAAI,CAACA,oBAAL,EAA2B;AACzBvB,IAAAA,UAAU,CAAC,wDAAD,CAAV;AACD;AACF,CA7CD;AA+CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAMuC,yBAAyB,GAC7B,SADIA,yBACJ,eAAoD;AAAA;AAAA,MAAlDnB,WAAkD;;AAAA,MAAhCoB,cAAgC,SAAnCC,CAAmC;AAAA,MAAbC,OAAa,SAAhBC,CAAgB;AAClD,MAAOC,MAAP,GAAiBC,kBAAKC,IAAL,CAAUC,SAA3B,CAAOH,MAAP;AAEA,MAAMI,SAAS,GAAG5B,WAAW,CAAC6B,oBAAZ,CAAiCC,gBAAnD;AACA,MAAMC,cAAc,GAAG,qBAAQH,SAAS,CAACV,UAAV,CAAqBc,QAA7B,CAAvB;AACA,MAAMC,UAAU,GAAG,IAAIC,mBAAJ,CAAiB;AAAC1C,IAAAA,MAAM,EAAEuC,cAAc,CAACtC;AAAxB,GAAjB,CAAnB;AACA,MAAM0C,iBAAiB,GAAGF,UAAU,CAACb,cAAX,CAA0BF,UAA1B,CAAqCc,QAA/D;AACA,MAAMI,UAAU,GAAGH,UAAU,CAACX,OAAX,CAAmBJ,UAAnB,CAA8Bc,QAAjD;;AAEA,MAAIZ,cAAc,KAAKI,MAAM,CAACW,iBAAD,CAA7B,EAAkD;AAChDvD,IAAAA,UAAU,CAAC,4BAAD,CAAV;AACD;;AACD,MAAI0C,OAAO,KAAKE,MAAM,CAACY,UAAD,CAAtB,EAAoC;AAClCxD,IAAAA,UAAU,CAAC,oBAAD,CAAV;AACD;AACF,CAhBH;AAkBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAMyD,6BAA6B,GAAG,SAAhCA,6BAAgC,CAACC,YAAD,EAAgC;AAAA,MAAjBC,OAAiB,uEAAP,EAAO;AACpE,MAAMC,iBAAiB,GAAG,IAAIC,uCAAJ,CAAqC;AAC7DC,IAAAA,YAAY,EAAEH,OAAO,CAACI,GAAR,CAAY7D,UAAZ,CAD+C;AAE7D8D,IAAAA,KAAK,EAAEN;AAFsD,GAArC,CAA1B;AAKA,SAAOE,iBAAiB,CAACK,MAAlB,GACJC,IADI,CACC,iBAAyC;AAAA,QAAvCrD,MAAuC,SAAvCA,MAAuC;AAAA,QAA/BsD,UAA+B,SAA/BA,UAA+B;AAAA,QAAnBC,aAAmB,SAAnBA,aAAmB;;AAC7C,QAAI,CAACvD,MAAL,EAAa;AACXb,MAAAA,UAAU,0CAC0BmE,UAD1B,gBAC0CC,aAD1C,EAAV;AAGD;AACF,GAPI,CAAP;AAQD,CAdD;AAgBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAMC,WAAW,GAAG,SAAdA,WAAc,CAACV,OAAD;AAAA,SAAa;AAAA,QAACW,GAAD,uEAAO,EAAP;AAAA,WAAc,iBAAQC,OAAR,GAC5CL,IAD4C,CACvC,YAAM;AACVpD,MAAAA,iBAAiB,CAACwD,GAAD,CAAjB;AACAtD,MAAAA,iBAAiB,CAACsD,GAAD,CAAjB;;AAEA,UAAI,EAAE,uBAAQA,GAAG,CAACE,GAAZ,KAAoBF,GAAG,CAACE,GAAJ,CAAQC,MAAR,GAAiB,CAAvC,CAAJ,EAA+C;AAC7CzE,QAAAA,UAAU,CAAC,6CAAD,CAAV;AACD;;AACD,UAAM0D,YAAY,GAAGY,GAAG,CAACE,GAAJ,CAAQT,GAAR,CAAY7D,UAAZ,CAArB;AAEAiB,MAAAA,kBAAkB,CAACuC,YAAD,EAAeY,GAAf,CAAlB;AACA/B,MAAAA,yBAAyB,CAACmB,YAAD,EAAeY,GAAf,CAAzB,CAVU,CAYV;;AACA,UAAMI,OAAO,GAAGf,OAAO,GACrBF,6BAA6B,CAACC,YAAD,EAAeC,OAAf,CADR,GACkC,iBAAQY,OAAR,EADzD;AAGA,aAAOG,OAAO,CACXR,IADI,CACC;AAAA,eAAMI,GAAN;AAAA,OADD,CAAP;AAED,KAnB4C,CAAd;AAAA,GAAb;AAAA,CAApB;;eAqBeD,W","sourcesContent":["import {parse as parseUrl} from 'url';\n\nimport {isUri} from 'valid-url';\nimport {fromBER} from 'asn1js';\nimport {\n Certificate,\n RSAPublicKey,\n CertificateChainValidationEngine,\n CryptoEngine,\n setEngine\n} from 'pkijs';\nimport {isArray} from 'lodash';\nimport jose from 'node-jose';\nimport crypto from 'isomorphic-webcrypto';\nimport {Buffer} from 'safe-buffer';\n\nsetEngine(\n 'newEngine',\n crypto,\n new CryptoEngine({\n name: '',\n crypto,\n subtle: crypto.subtle\n })\n);\n\nconst VALID_KTY = 'RSA';\nconst VALID_KID_PROTOCOL = 'kms:';\n\nconst X509_COMMON_NAME_KEY = '2.5.4.3';\n\nconst X509_SUBJECT_ALT_NAME_KEY = '2.5.29.17';\n\n/**\n * Customize Error so the SDK knows to quit retrying and notify\n * the user\n */\nexport class KMSError extends Error {\n /**\n * add kmsError field to notify\n * @param {string} message\n */\n constructor(message) {\n super(message);\n this.kmsError = true;\n }\n}\n\nconst throwError = (err) => {\n throw new KMSError(`INVALID KMS: ${err}`);\n};\n\n/**\n * Converts the PEM string to a pkijs certificate object\n * @param {string} pem PEM representation of a certificate\n * @returns {Certificate} pkijs object of the certificate\n */\nconst decodeCert = (pem) => {\n if (typeof pem !== 'string') {\n throwError('certificate needs to be a string');\n }\n\n const der = Buffer.from(pem, 'base64');\n const ber = new Uint8Array(der).buffer;\n\n const asn1 = fromBER(ber);\n\n return new Certificate({schema: asn1.result});\n};\n\n/**\n * Validate the 'kty' property of the KMS credentials\n * @param {Object} JWT KMS credentials\n * @param {string} JWT.kty type of certificate\n * @throws {KMSError} if kty is not a valid type\n * @returns {void}\n */\nconst validateKtyHeader = ({kty}) => {\n if (kty !== VALID_KTY) {\n throwError(`'kty' header must be '${VALID_KTY}'`);\n }\n};\n\nconst validateKidHeader = ({kid}) => {\n if (!isUri(kid)) {\n throwError('\\'kid\\' is not a valid URI');\n }\n\n if (parseUrl(kid).protocol !== VALID_KID_PROTOCOL) {\n throwError(`'kid' protocol must be '${VALID_KID_PROTOCOL}'`);\n }\n};\n\n/**\n * Checks the first certificate matches the 'kid' in the JWT.\n * It first checks the Subject Alternative Name then it checks\n * the Common Name\n * @param {Certificate} certificate represents the KMS\n * @param {Object} JWT KMS credentials\n * @param {string} JWT.kid the uri of the KMS\n * @throws {KMSError} if unable to validate certificate against KMS credentials\n * @returns {void}\n */\nconst validateCommonName = ([certificate], {kid}) => {\n const kidHostname = parseUrl(kid).hostname;\n let validationSuccessful = false;\n\n if (certificate.extensions) {\n // Subject Alt Names are in here\n for (const extension of certificate.extensions) {\n if (extension.extnID === X509_SUBJECT_ALT_NAME_KEY) {\n const {altNames} = extension.parsedValue;\n\n for (const entry of altNames) {\n const san = entry.value;\n\n validationSuccessful = san === kidHostname;\n if (validationSuccessful) {\n break;\n }\n }\n\n if (validationSuccessful) {\n break;\n }\n }\n }\n }\n\n if (!validationSuccessful) {\n // Didn't match kid in the Subject Alt Names, checking the Common Name\n const subjectAttributes = certificate.subject.typesAndValues;\n\n for (const attribute of subjectAttributes) {\n if (attribute.type === X509_COMMON_NAME_KEY) {\n const commonName = attribute.value.valueBlock.value;\n\n validationSuccessful = commonName === kidHostname;\n if (validationSuccessful) {\n break;\n }\n }\n }\n }\n\n if (!validationSuccessful) {\n throwError('hostname of the 1st certificate does not match \\'kid\\'');\n }\n};\n\n/**\n * Validate the first KMS certificate against the information\n * provided in the JWT\n * @param {Certificate} certificate first certificate the identifies the KMS\n * @param {Object} JWT credentials of the KMS\n * @param {string} JWT.e Public exponent of the first certificate\n * @param {string} KWT.n Modulus of the first certificate\n * @throws {KMSError} if e or n doesn't match the first certificate\n * @returns {void}\n */\nconst validatePublicCertificate =\n ([certificate], {e: publicExponent, n: modulus}) => {\n const {encode} = jose.util.base64url;\n\n const publicKey = certificate.subjectPublicKeyInfo.subjectPublicKey;\n const asn1PublicCert = fromBER(publicKey.valueBlock.valueHex);\n const publicCert = new RSAPublicKey({schema: asn1PublicCert.result});\n const publicExponentHex = publicCert.publicExponent.valueBlock.valueHex;\n const modulusHex = publicCert.modulus.valueBlock.valueHex;\n\n if (publicExponent !== encode(publicExponentHex)) {\n throwError('Public exponent is invalid');\n }\n if (modulus !== encode(modulusHex)) {\n throwError('Modulus is invalid');\n }\n };\n\n/**\n * Validates the list of certificates against the CAs provided\n * @param {certificate[]} certificates list of certificates provided\n * by the KMS to certify itself\n * @param {string[]} [caroots=[]] list of Certificate Authorities used to\n * validate the KMS's certificates\n * @returns {Promise} rejects if unable to validate the certificates\n */\nconst validateCertificatesSignature = (certificates, caroots = []) => {\n const certificateEngine = new CertificateChainValidationEngine({\n trustedCerts: caroots.map(decodeCert),\n certs: certificates\n });\n\n return certificateEngine.verify()\n .then(({result, resultCode, resultMessage}) => {\n if (!result) {\n throwError(\n `Certificate Validation failed [${resultCode}]: ${resultMessage}`\n );\n }\n });\n};\n\n/**\n * Validates the information provided by the KMS. This is a curried function.\n * The first function takes the caroots param and returns a second function.\n * The second function takes the credentials of the KMS and validates it\n * @param {string[]} caroots PEM encoded certificates that will be used\n * as Certificate Authorities\n * @param {Object} jwt Object containing the fields necessary to\n * validate the KMS\n * @returns {Promise} when resolved will return the jwt\n */\nconst validateKMS = (caroots) => (jwt = {}) => Promise.resolve()\n .then(() => {\n validateKtyHeader(jwt);\n validateKidHeader(jwt);\n\n if (!(isArray(jwt.x5c) && jwt.x5c.length > 0)) {\n throwError('JWK does not contain a list of certificates');\n }\n const certificates = jwt.x5c.map(decodeCert);\n\n validateCommonName(certificates, jwt);\n validatePublicCertificate(certificates, jwt);\n\n // Skip validating signatures if no CA roots were provided\n const promise = caroots ?\n validateCertificatesSignature(certificates, caroots) : Promise.resolve();\n\n return promise\n .then(() => jwt);\n });\n\nexport default validateKMS;\n"]}
|
|
1
|
+
{"version":3,"names":["crypto","CryptoEngine","name","subtle","VALID_KTY","VALID_KID_PROTOCOL","X509_COMMON_NAME_KEY","X509_SUBJECT_ALT_NAME_KEY","KMSError","message","kmsError","Error","throwError","err","decodeCert","pem","der","Buffer","from","ber","Uint8Array","buffer","asn1","Certificate","schema","result","validateKtyHeader","kty","validateKidHeader","kid","protocol","validateCommonName","certificate","kidHostname","hostname","validationSuccessful","extensions","extension","extnID","altNames","parsedValue","entry","san","value","subjectAttributes","subject","typesAndValues","attribute","type","commonName","valueBlock","validatePublicCertificate","publicExponent","e","modulus","n","encode","jose","util","base64url","publicKey","subjectPublicKeyInfo","subjectPublicKey","asn1PublicCert","valueHex","publicCert","RSAPublicKey","publicExponentHex","modulusHex","validateCertificatesSignature","certificates","caroots","certificateEngine","CertificateChainValidationEngine","trustedCerts","map","certs","verify","then","resultCode","resultMessage","validateKMS","jwt","resolve","x5c","length","promise"],"sources":["kms-certificate-validation.js"],"sourcesContent":["import {parse as parseUrl} from 'url';\n\nimport {isUri} from 'valid-url';\nimport {fromBER} from 'asn1js';\nimport {\n Certificate,\n RSAPublicKey,\n CertificateChainValidationEngine,\n CryptoEngine,\n setEngine\n} from 'pkijs';\nimport {isArray} from 'lodash';\nimport jose from 'node-jose';\nimport crypto from 'isomorphic-webcrypto';\nimport {Buffer} from 'safe-buffer';\n\nsetEngine(\n 'newEngine',\n crypto,\n new CryptoEngine({\n name: '',\n crypto,\n subtle: crypto.subtle\n })\n);\n\nconst VALID_KTY = 'RSA';\nconst VALID_KID_PROTOCOL = 'kms:';\n\nconst X509_COMMON_NAME_KEY = '2.5.4.3';\n\nconst X509_SUBJECT_ALT_NAME_KEY = '2.5.29.17';\n\n/**\n * Customize Error so the SDK knows to quit retrying and notify\n * the user\n */\nexport class KMSError extends Error {\n /**\n * add kmsError field to notify\n * @param {string} message\n */\n constructor(message) {\n super(message);\n this.kmsError = true;\n }\n}\n\nconst throwError = (err) => {\n throw new KMSError(`INVALID KMS: ${err}`);\n};\n\n/**\n * Converts the PEM string to a pkijs certificate object\n * @param {string} pem PEM representation of a certificate\n * @returns {Certificate} pkijs object of the certificate\n */\nconst decodeCert = (pem) => {\n if (typeof pem !== 'string') {\n throwError('certificate needs to be a string');\n }\n\n const der = Buffer.from(pem, 'base64');\n const ber = new Uint8Array(der).buffer;\n\n const asn1 = fromBER(ber);\n\n return new Certificate({schema: asn1.result});\n};\n\n/**\n * Validate the 'kty' property of the KMS credentials\n * @param {Object} JWT KMS credentials\n * @param {string} JWT.kty type of certificate\n * @throws {KMSError} if kty is not a valid type\n * @returns {void}\n */\nconst validateKtyHeader = ({kty}) => {\n if (kty !== VALID_KTY) {\n throwError(`'kty' header must be '${VALID_KTY}'`);\n }\n};\n\nconst validateKidHeader = ({kid}) => {\n if (!isUri(kid)) {\n throwError('\\'kid\\' is not a valid URI');\n }\n\n if (parseUrl(kid).protocol !== VALID_KID_PROTOCOL) {\n throwError(`'kid' protocol must be '${VALID_KID_PROTOCOL}'`);\n }\n};\n\n/**\n * Checks the first certificate matches the 'kid' in the JWT.\n * It first checks the Subject Alternative Name then it checks\n * the Common Name\n * @param {Certificate} certificate represents the KMS\n * @param {Object} JWT KMS credentials\n * @param {string} JWT.kid the uri of the KMS\n * @throws {KMSError} if unable to validate certificate against KMS credentials\n * @returns {void}\n */\nconst validateCommonName = ([certificate], {kid}) => {\n const kidHostname = parseUrl(kid).hostname;\n let validationSuccessful = false;\n\n if (certificate.extensions) {\n // Subject Alt Names are in here\n for (const extension of certificate.extensions) {\n if (extension.extnID === X509_SUBJECT_ALT_NAME_KEY) {\n const {altNames} = extension.parsedValue;\n\n for (const entry of altNames) {\n const san = entry.value;\n\n validationSuccessful = san === kidHostname;\n if (validationSuccessful) {\n break;\n }\n }\n\n if (validationSuccessful) {\n break;\n }\n }\n }\n }\n\n if (!validationSuccessful) {\n // Didn't match kid in the Subject Alt Names, checking the Common Name\n const subjectAttributes = certificate.subject.typesAndValues;\n\n for (const attribute of subjectAttributes) {\n if (attribute.type === X509_COMMON_NAME_KEY) {\n const commonName = attribute.value.valueBlock.value;\n\n validationSuccessful = commonName === kidHostname;\n if (validationSuccessful) {\n break;\n }\n }\n }\n }\n\n if (!validationSuccessful) {\n throwError('hostname of the 1st certificate does not match \\'kid\\'');\n }\n};\n\n/**\n * Validate the first KMS certificate against the information\n * provided in the JWT\n * @param {Certificate} certificate first certificate the identifies the KMS\n * @param {Object} JWT credentials of the KMS\n * @param {string} JWT.e Public exponent of the first certificate\n * @param {string} KWT.n Modulus of the first certificate\n * @throws {KMSError} if e or n doesn't match the first certificate\n * @returns {void}\n */\nconst validatePublicCertificate =\n ([certificate], {e: publicExponent, n: modulus}) => {\n const {encode} = jose.util.base64url;\n\n const publicKey = certificate.subjectPublicKeyInfo.subjectPublicKey;\n const asn1PublicCert = fromBER(publicKey.valueBlock.valueHex);\n const publicCert = new RSAPublicKey({schema: asn1PublicCert.result});\n const publicExponentHex = publicCert.publicExponent.valueBlock.valueHex;\n const modulusHex = publicCert.modulus.valueBlock.valueHex;\n\n if (publicExponent !== encode(publicExponentHex)) {\n throwError('Public exponent is invalid');\n }\n if (modulus !== encode(modulusHex)) {\n throwError('Modulus is invalid');\n }\n };\n\n/**\n * Validates the list of certificates against the CAs provided\n * @param {certificate[]} certificates list of certificates provided\n * by the KMS to certify itself\n * @param {string[]} [caroots=[]] list of Certificate Authorities used to\n * validate the KMS's certificates\n * @returns {Promise} rejects if unable to validate the certificates\n */\nconst validateCertificatesSignature = (certificates, caroots = []) => {\n const certificateEngine = new CertificateChainValidationEngine({\n trustedCerts: caroots.map(decodeCert),\n certs: certificates\n });\n\n return certificateEngine.verify()\n .then(({result, resultCode, resultMessage}) => {\n if (!result) {\n throwError(\n `Certificate Validation failed [${resultCode}]: ${resultMessage}`\n );\n }\n });\n};\n\n/**\n * Validates the information provided by the KMS. This is a curried function.\n * The first function takes the caroots param and returns a second function.\n * The second function takes the credentials of the KMS and validates it\n * @param {string[]} caroots PEM encoded certificates that will be used\n * as Certificate Authorities\n * @param {Object} jwt Object containing the fields necessary to\n * validate the KMS\n * @returns {Promise} when resolved will return the jwt\n */\nconst validateKMS = (caroots) => (jwt = {}) => Promise.resolve()\n .then(() => {\n validateKtyHeader(jwt);\n validateKidHeader(jwt);\n\n if (!(isArray(jwt.x5c) && jwt.x5c.length > 0)) {\n throwError('JWK does not contain a list of certificates');\n }\n const certificates = jwt.x5c.map(decodeCert);\n\n validateCommonName(certificates, jwt);\n validatePublicCertificate(certificates, jwt);\n\n // Skip validating signatures if no CA roots were provided\n const promise = caroots ?\n validateCertificatesSignature(certificates, caroots) : Promise.resolve();\n\n return promise\n .then(() => jwt);\n });\n\nexport default validateKMS;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;AAEA;;AACA;;AACA;;AAQA;;AACA;;AACA;;;;;;;;;;;;AAEA,sBACE,WADF,EAEEA,4BAFF,EAGE,IAAIC,mBAAJ,CAAiB;EACfC,IAAI,EAAE,EADS;EAEfF,MAAM,EAANA,4BAFe;EAGfG,MAAM,EAAEH,6BAAOG;AAHA,CAAjB,CAHF;AAUA,IAAMC,SAAS,GAAG,KAAlB;AACA,IAAMC,kBAAkB,GAAG,MAA3B;AAEA,IAAMC,oBAAoB,GAAG,SAA7B;AAEA,IAAMC,yBAAyB,GAAG,WAAlC;AAEA;AACA;AACA;AACA;;IACaC,Q;;;;;EACX;AACF;AACA;AACA;EACE,kBAAYC,OAAZ,EAAqB;IAAA;;IAAA;IACnB,0BAAMA,OAAN;IACA,MAAKC,QAAL,GAAgB,IAAhB;IAFmB;EAGpB;;;+CAR2BC,K;;;;AAW9B,IAAMC,UAAU,GAAG,SAAbA,UAAa,CAACC,GAAD,EAAS;EAC1B,MAAM,IAAIL,QAAJ,wBAA6BK,GAA7B,EAAN;AACD,CAFD;AAIA;AACA;AACA;AACA;AACA;;;AACA,IAAMC,UAAU,GAAG,SAAbA,UAAa,CAACC,GAAD,EAAS;EAC1B,IAAI,OAAOA,GAAP,KAAe,QAAnB,EAA6B;IAC3BH,UAAU,CAAC,kCAAD,CAAV;EACD;;EAED,IAAMI,GAAG,GAAGC,mBAAOC,IAAP,CAAYH,GAAZ,EAAiB,QAAjB,CAAZ;;EACA,IAAMI,GAAG,GAAG,IAAIC,UAAJ,CAAeJ,GAAf,EAAoBK,MAAhC;EAEA,IAAMC,IAAI,GAAG,qBAAQH,GAAR,CAAb;EAEA,OAAO,IAAII,kBAAJ,CAAgB;IAACC,MAAM,EAAEF,IAAI,CAACG;EAAd,CAAhB,CAAP;AACD,CAXD;AAaA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAMC,iBAAiB,GAAG,SAApBA,iBAAoB,OAAW;EAAA,IAATC,GAAS,QAATA,GAAS;;EACnC,IAAIA,GAAG,KAAKvB,SAAZ,EAAuB;IACrBQ,UAAU,iCAA0BR,SAA1B,OAAV;EACD;AACF,CAJD;;AAMA,IAAMwB,iBAAiB,GAAG,SAApBA,iBAAoB,QAAW;EAAA,IAATC,GAAS,SAATA,GAAS;;EACnC,IAAI,CAAC,qBAAMA,GAAN,CAAL,EAAiB;IACfjB,UAAU,CAAC,4BAAD,CAAV;EACD;;EAED,IAAI,gBAASiB,GAAT,EAAcC,QAAd,KAA2BzB,kBAA/B,EAAmD;IACjDO,UAAU,mCAA4BP,kBAA5B,OAAV;EACD;AACF,CARD;AAUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAM0B,kBAAkB,GAAG,SAArBA,kBAAqB,eAA0B;EAAA;EAAA,IAAxBC,WAAwB;;EAAA,IAATH,GAAS,SAATA,GAAS;EACnD,IAAMI,WAAW,GAAG,gBAASJ,GAAT,EAAcK,QAAlC;EACA,IAAIC,oBAAoB,GAAG,KAA3B;;EAEA,IAAIH,WAAW,CAACI,UAAhB,EAA4B;IAC1B;IAD0B,2CAEFJ,WAAW,CAACI,UAFV;IAAA;;IAAA;MAE1B,oDAAgD;QAAA,IAArCC,SAAqC;;QAC9C,IAAIA,SAAS,CAACC,MAAV,KAAqB/B,yBAAzB,EAAoD;UAClD,IAAOgC,QAAP,GAAmBF,SAAS,CAACG,WAA7B,CAAOD,QAAP;;UADkD,4CAG9BA,QAH8B;UAAA;;UAAA;YAGlD,uDAA8B;cAAA,IAAnBE,KAAmB;cAC5B,IAAMC,GAAG,GAAGD,KAAK,CAACE,KAAlB;cAEAR,oBAAoB,GAAGO,GAAG,KAAKT,WAA/B;;cACA,IAAIE,oBAAJ,EAA0B;gBACxB;cACD;YACF;UAViD;YAAA;UAAA;YAAA;UAAA;;UAYlD,IAAIA,oBAAJ,EAA0B;YACxB;UACD;QACF;MACF;IAnByB;MAAA;IAAA;MAAA;IAAA;EAoB3B;;EAED,IAAI,CAACA,oBAAL,EAA2B;IACzB;IACA,IAAMS,iBAAiB,GAAGZ,WAAW,CAACa,OAAZ,CAAoBC,cAA9C;;IAFyB,4CAIDF,iBAJC;IAAA;;IAAA;MAIzB,uDAA2C;QAAA,IAAhCG,SAAgC;;QACzC,IAAIA,SAAS,CAACC,IAAV,KAAmB1C,oBAAvB,EAA6C;UAC3C,IAAM2C,UAAU,GAAGF,SAAS,CAACJ,KAAV,CAAgBO,UAAhB,CAA2BP,KAA9C;UAEAR,oBAAoB,GAAGc,UAAU,KAAKhB,WAAtC;;UACA,IAAIE,oBAAJ,EAA0B;YACxB;UACD;QACF;MACF;IAbwB;MAAA;IAAA;MAAA;IAAA;EAc1B;;EAED,IAAI,CAACA,oBAAL,EAA2B;IACzBvB,UAAU,CAAC,wDAAD,CAAV;EACD;AACF,CA7CD;AA+CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAMuC,yBAAyB,GAC7B,SADIA,yBACJ,eAAoD;EAAA;EAAA,IAAlDnB,WAAkD;;EAAA,IAAhCoB,cAAgC,SAAnCC,CAAmC;EAAA,IAAbC,OAAa,SAAhBC,CAAgB;EAClD,IAAOC,MAAP,GAAiBC,kBAAKC,IAAL,CAAUC,SAA3B,CAAOH,MAAP;EAEA,IAAMI,SAAS,GAAG5B,WAAW,CAAC6B,oBAAZ,CAAiCC,gBAAnD;EACA,IAAMC,cAAc,GAAG,qBAAQH,SAAS,CAACV,UAAV,CAAqBc,QAA7B,CAAvB;EACA,IAAMC,UAAU,GAAG,IAAIC,mBAAJ,CAAiB;IAAC1C,MAAM,EAAEuC,cAAc,CAACtC;EAAxB,CAAjB,CAAnB;EACA,IAAM0C,iBAAiB,GAAGF,UAAU,CAACb,cAAX,CAA0BF,UAA1B,CAAqCc,QAA/D;EACA,IAAMI,UAAU,GAAGH,UAAU,CAACX,OAAX,CAAmBJ,UAAnB,CAA8Bc,QAAjD;;EAEA,IAAIZ,cAAc,KAAKI,MAAM,CAACW,iBAAD,CAA7B,EAAkD;IAChDvD,UAAU,CAAC,4BAAD,CAAV;EACD;;EACD,IAAI0C,OAAO,KAAKE,MAAM,CAACY,UAAD,CAAtB,EAAoC;IAClCxD,UAAU,CAAC,oBAAD,CAAV;EACD;AACF,CAhBH;AAkBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAMyD,6BAA6B,GAAG,SAAhCA,6BAAgC,CAACC,YAAD,EAAgC;EAAA,IAAjBC,OAAiB,uEAAP,EAAO;EACpE,IAAMC,iBAAiB,GAAG,IAAIC,uCAAJ,CAAqC;IAC7DC,YAAY,EAAEH,OAAO,CAACI,GAAR,CAAY7D,UAAZ,CAD+C;IAE7D8D,KAAK,EAAEN;EAFsD,CAArC,CAA1B;EAKA,OAAOE,iBAAiB,CAACK,MAAlB,GACJC,IADI,CACC,iBAAyC;IAAA,IAAvCrD,MAAuC,SAAvCA,MAAuC;IAAA,IAA/BsD,UAA+B,SAA/BA,UAA+B;IAAA,IAAnBC,aAAmB,SAAnBA,aAAmB;;IAC7C,IAAI,CAACvD,MAAL,EAAa;MACXb,UAAU,0CAC0BmE,UAD1B,gBAC0CC,aAD1C,EAAV;IAGD;EACF,CAPI,CAAP;AAQD,CAdD;AAgBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAMC,WAAW,GAAG,SAAdA,WAAc,CAACV,OAAD;EAAA,OAAa;IAAA,IAACW,GAAD,uEAAO,EAAP;IAAA,OAAc,iBAAQC,OAAR,GAC5CL,IAD4C,CACvC,YAAM;MACVpD,iBAAiB,CAACwD,GAAD,CAAjB;MACAtD,iBAAiB,CAACsD,GAAD,CAAjB;;MAEA,IAAI,EAAE,uBAAQA,GAAG,CAACE,GAAZ,KAAoBF,GAAG,CAACE,GAAJ,CAAQC,MAAR,GAAiB,CAAvC,CAAJ,EAA+C;QAC7CzE,UAAU,CAAC,6CAAD,CAAV;MACD;;MACD,IAAM0D,YAAY,GAAGY,GAAG,CAACE,GAAJ,CAAQT,GAAR,CAAY7D,UAAZ,CAArB;MAEAiB,kBAAkB,CAACuC,YAAD,EAAeY,GAAf,CAAlB;MACA/B,yBAAyB,CAACmB,YAAD,EAAeY,GAAf,CAAzB,CAVU,CAYV;;MACA,IAAMI,OAAO,GAAGf,OAAO,GACrBF,6BAA6B,CAACC,YAAD,EAAeC,OAAf,CADR,GACkC,iBAAQY,OAAR,EADzD;MAGA,OAAOG,OAAO,CACXR,IADI,CACC;QAAA,OAAMI,GAAN;MAAA,CADD,CAAP;IAED,CAnB4C,CAAd;EAAA,CAAb;AAAA,CAApB;;eAqBeD,W"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"names":["KmsDryErrorInterceptor","options","reason","DryError","message","match","webex","logger","error","replay","reject","replayCount","config","maxAuthenticationReplays","info","request","Interceptor"],"sources":["kms-dry-error-interceptor.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {Interceptor} from '@webex/http-core';\n\nimport {DryError} from './kms-errors';\n/**\n * Interceptor (only to be used in test mode) intended to replay requests that\n * fail as a result of the test-user incompatibiliy in KMS.\n * @class\n */\nexport default class KmsDryErrorInterceptor extends Interceptor {\n /**\n * @returns {KmsDryErrorInterceptor}\n */\n static create() {\n return new KmsDryErrorInterceptor({webex: this});\n }\n\n /**\n * @param {Object} options\n * @param {Exception} reason\n * @returns {Promise}\n */\n onResponseError(options, reason) {\n if (reason instanceof DryError && reason.message.match(/Failed to resolve authorization token in KmsMessage request for user/)) {\n this.webex.logger.error('DRY Request Failed due to kms/test-user flakiness');\n this.webex.logger.error(reason);\n\n return this.replay(options, reason);\n }\n\n return Promise.reject(reason);\n }\n\n /**\n * Replays the request\n * @param {Object} options\n * @param {DryError} reason\n * @returns {Object}\n */\n replay(options, reason) {\n if (options.replayCount) {\n options.replayCount += 1;\n }\n else {\n options.replayCount = 1;\n }\n\n if (options.replayCount > this.webex.config.maxAuthenticationReplays) {\n this.webex.logger.error(`kms: failed after ${this.webex.config.maxAuthenticationReplays} replay attempts`);\n\n return Promise.reject(reason);\n }\n\n this.webex.logger.info(`kms: replaying request ${options.replayCount} time`);\n\n return this.webex.request(options);\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAIA;;AAEA;;;;;;AACA;AACA;AACA;AACA;AACA;IACqBA,sB;;;;;;;;;;;;;IAQnB;AACF;AACA;AACA;AACA;IACE,yBAAgBC,OAAhB,EAAyBC,MAAzB,EAAiC;MAC/B,IAAIA,MAAM,YAAYC,mBAAlB,IAA8BD,MAAM,CAACE,OAAP,CAAeC,KAAf,CAAqB,sEAArB,CAAlC,EAAgI;QAC9H,KAAKC,KAAL,CAAWC,MAAX,CAAkBC,KAAlB,CAAwB,mDAAxB;QACA,KAAKF,KAAL,CAAWC,MAAX,CAAkBC,KAAlB,CAAwBN,MAAxB;QAEA,OAAO,KAAKO,MAAL,CAAYR,OAAZ,EAAqBC,MAArB,CAAP;MACD;;MAED,OAAO,iBAAQQ,MAAR,CAAeR,MAAf,CAAP;IACD;IAED;AACF;AACA;AACA;AACA;AACA;;;;WACE,gBAAOD,OAAP,EAAgBC,MAAhB,EAAwB;MACtB,IAAID,OAAO,CAACU,WAAZ,EAAyB;QACvBV,OAAO,CAACU,WAAR,IAAuB,CAAvB;MACD,CAFD,MAGK;QACHV,OAAO,CAACU,WAAR,GAAsB,CAAtB;MACD;;MAED,IAAIV,OAAO,CAACU,WAAR,GAAsB,KAAKL,KAAL,CAAWM,MAAX,CAAkBC,wBAA5C,EAAsE;QACpE,KAAKP,KAAL,CAAWC,MAAX,CAAkBC,KAAlB,6BAA6C,KAAKF,KAAL,CAAWM,MAAX,CAAkBC,wBAA/D;QAEA,OAAO,iBAAQH,MAAR,CAAeR,MAAf,CAAP;MACD;;MAED,KAAKI,KAAL,CAAWC,MAAX,CAAkBO,IAAlB,kCAAiDb,OAAO,CAACU,WAAzD;MAEA,OAAO,KAAKL,KAAL,CAAWS,OAAX,CAAmBd,OAAnB,CAAP;IACD;;;;IA9CD;AACF;AACA;IACE,kBAAgB;MACd,OAAO,IAAID,sBAAJ,CAA2B;QAACM,KAAK,EAAE;MAAR,CAA3B,CAAP;IACD;;;EANiDU,qB"}
|
package/dist/kms-errors.js
CHANGED
|
@@ -10,7 +10,7 @@ _Object$defineProperty(exports, "__esModule", {
|
|
|
10
10
|
value: true
|
|
11
11
|
});
|
|
12
12
|
|
|
13
|
-
exports.
|
|
13
|
+
exports.KmsTimeoutError = exports.KmsError = exports.DryError = void 0;
|
|
14
14
|
|
|
15
15
|
var _defineProperties = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/object/define-properties"));
|
|
16
16
|
|
package/dist/kms-errors.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"
|
|
1
|
+
{"version":3,"names":["KmsError","body","enumerable","value","reason","requestId","status","message","constructor","defaultMessage","Exception","KmsTimeoutError","request","timeout","method","uri","DryError","WebexHttpError","prototype","parse","_res","options","url","service","toUpperCase","resource","headers","trackingid"],"sources":["kms-errors.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {Exception} from '@webex/common';\nimport {WebexHttpError} from '@webex/webex-core';\n\n/**\n * Error class for KMS errors\n */\nexport class KmsError extends Exception {\n static defaultMessage = 'An unknown error occurred while communicating with the kms. This implies we received an error response without a body.';\n\n /**\n * @param {HttpResponse} body\n * @returns {string}\n */\n parse(body) {\n body = body.body || body;\n\n Object.defineProperties(this, {\n body: {\n enumerable: false,\n value: body\n },\n reason: {\n enumerable: false,\n value: body.reason\n },\n requestId: {\n enumerable: false,\n value: body.requestId\n },\n status: {\n enumerable: false,\n value: body.status\n }\n });\n\n let message = typeof body === 'string' ? body : body.reason;\n\n if (!message) {\n message = this.constructor.defaultMessage;\n }\n if (body.status) {\n message += `\\nKMS_RESPONSE_STATUS: ${body.status}`;\n }\n if (body.requestId) {\n message += `\\nKMS_REQUEST_ID: ${body.requestId}`;\n }\n\n return message;\n }\n}\n\n/**\n * Thrown when an expected KMSResponse is not received in a timely manner\n */\nexport class KmsTimeoutError extends KmsError {\n /**\n * @param {KmsRequest} options.request\n * @param {KmsRequest} options.timeout\n * @returns {string}\n */\n parse({request = {}, timeout} = {}) {\n let message = `The KMS did not respond within ${timeout ? `${timeout} milliseconds` : 'a timely fashion'}`;\n\n if (request) {\n if (request.method && request.uri) {\n message += `\\nKMS_REQUEST: ${request.method} ${request.uri}`;\n }\n\n if (request.requestId) {\n message += `\\nKMS_REQUEST_ID: ${request.requestId}`;\n }\n }\n\n return message;\n }\n}\n\n/**\n * Emitted when a REST request includes an encrypter error\n */\nexport class DryError extends WebexHttpError {\n static defaultMessage = 'An unknown error was received from a service that proxies to the KMS';\n\n /**\n * @param {WebexHttpError} reason\n * @returns {string}\n */\n parse(reason) {\n Reflect.apply(WebexHttpError.prototype.parse, this, [reason._res]);\n const body = reason._res.body.message;\n\n let message = body.reason || body;\n\n if (!message) {\n message = this.constructor.defaultMessage;\n }\n if (this.options.url) {\n message += `\\n${this.options.method} ${this.options.url}`;\n }\n else if (this.options.uri) {\n message += `\\n${this.options.method} ${this.options.uri}`;\n }\n else {\n message += `\\n${this.options.method} ${this.options.service.toUpperCase()}/${this.options.resource}`;\n }\n message += `\\nWEBEX_TRACKING_ID: ${this.options.headers.trackingid}`;\n\n if (body.status) {\n message += `\\nKMS_RESPONSE_STATUS: ${body.status}`;\n }\n if (body.requestId) {\n message += `\\nKMS_REQUEST_ID: ${body.requestId}`;\n }\n\n Object.defineProperties(this, {\n reason: {\n enumerable: false,\n value: body.reason\n },\n requestId: {\n enumerable: false,\n value: body.requestId\n },\n status: {\n enumerable: false,\n value: body.status\n }\n });\n\n return message;\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAIA;;AACA;;;;;;AAEA;AACA;AACA;IACaA,Q;;;;;;;;;;;;;IAGX;AACF;AACA;AACA;IACE,eAAMC,IAAN,EAAY;MACVA,IAAI,GAAGA,IAAI,CAACA,IAAL,IAAaA,IAApB;MAEA,+BAAwB,IAAxB,EAA8B;QAC5BA,IAAI,EAAE;UACJC,UAAU,EAAE,KADR;UAEJC,KAAK,EAAEF;QAFH,CADsB;QAK5BG,MAAM,EAAE;UACNF,UAAU,EAAE,KADN;UAENC,KAAK,EAAEF,IAAI,CAACG;QAFN,CALoB;QAS5BC,SAAS,EAAE;UACTH,UAAU,EAAE,KADH;UAETC,KAAK,EAAEF,IAAI,CAACI;QAFH,CATiB;QAa5BC,MAAM,EAAE;UACNJ,UAAU,EAAE,KADN;UAENC,KAAK,EAAEF,IAAI,CAACK;QAFN;MAboB,CAA9B;MAmBA,IAAIC,OAAO,GAAG,OAAON,IAAP,KAAgB,QAAhB,GAA2BA,IAA3B,GAAkCA,IAAI,CAACG,MAArD;;MAEA,IAAI,CAACG,OAAL,EAAc;QACZA,OAAO,GAAG,KAAKC,WAAL,CAAiBC,cAA3B;MACD;;MACD,IAAIR,IAAI,CAACK,MAAT,EAAiB;QACfC,OAAO,qCAA8BN,IAAI,CAACK,MAAnC,CAAP;MACD;;MACD,IAAIL,IAAI,CAACI,SAAT,EAAoB;QAClBE,OAAO,gCAAyBN,IAAI,CAACI,SAA9B,CAAP;MACD;;MAED,OAAOE,OAAP;IACD;;;EA1C2BG,iB;AA6C9B;AACA;AACA;;;;8BA/CaV,Q,oBACa,wH;;IA+CbW,e;;;;;;;;;;;;;IACX;AACF;AACA;AACA;AACA;IACE,iBAAoC;MAAA,+EAAJ,EAAI;MAAA,wBAA7BC,OAA6B;MAAA,IAA7BA,OAA6B,6BAAnB,EAAmB;MAAA,IAAfC,OAAe,QAAfA,OAAe;;MAClC,IAAIN,OAAO,4CAAqCM,OAAO,aAAMA,OAAN,qBAA+B,kBAA3E,CAAX;;MAEA,IAAID,OAAJ,EAAa;QACX,IAAIA,OAAO,CAACE,MAAR,IAAkBF,OAAO,CAACG,GAA9B,EAAmC;UACjCR,OAAO,6BAAsBK,OAAO,CAACE,MAA9B,cAAwCF,OAAO,CAACG,GAAhD,CAAP;QACD;;QAED,IAAIH,OAAO,CAACP,SAAZ,EAAuB;UACrBE,OAAO,gCAAyBK,OAAO,CAACP,SAAjC,CAAP;QACD;MACF;;MAED,OAAOE,OAAP;IACD;;;EApBkCP,Q;AAuBrC;AACA;AACA;;;;;IACagB,Q;;;;;;;;;;;;;IAGX;AACF;AACA;AACA;IACE,eAAMZ,MAAN,EAAc;MACZ,oBAAca,0BAAeC,SAAf,CAAyBC,KAAvC,EAA8C,IAA9C,EAAoD,CAACf,MAAM,CAACgB,IAAR,CAApD;MACA,IAAMnB,IAAI,GAAGG,MAAM,CAACgB,IAAP,CAAYnB,IAAZ,CAAiBM,OAA9B;MAEA,IAAIA,OAAO,GAAGN,IAAI,CAACG,MAAL,IAAeH,IAA7B;;MAEA,IAAI,CAACM,OAAL,EAAc;QACZA,OAAO,GAAG,KAAKC,WAAL,CAAiBC,cAA3B;MACD;;MACD,IAAI,KAAKY,OAAL,CAAaC,GAAjB,EAAsB;QACpBf,OAAO,gBAAS,KAAKc,OAAL,CAAaP,MAAtB,cAAgC,KAAKO,OAAL,CAAaC,GAA7C,CAAP;MACD,CAFD,MAGK,IAAI,KAAKD,OAAL,CAAaN,GAAjB,EAAsB;QACzBR,OAAO,gBAAS,KAAKc,OAAL,CAAaP,MAAtB,cAAgC,KAAKO,OAAL,CAAaN,GAA7C,CAAP;MACD,CAFI,MAGA;QACHR,OAAO,gBAAS,KAAKc,OAAL,CAAaP,MAAtB,cAAgC,KAAKO,OAAL,CAAaE,OAAb,CAAqBC,WAArB,EAAhC,cAAsE,KAAKH,OAAL,CAAaI,QAAnF,CAAP;MACD;;MACDlB,OAAO,mCAA4B,KAAKc,OAAL,CAAaK,OAAb,CAAqBC,UAAjD,CAAP;;MAEA,IAAI1B,IAAI,CAACK,MAAT,EAAiB;QACfC,OAAO,qCAA8BN,IAAI,CAACK,MAAnC,CAAP;MACD;;MACD,IAAIL,IAAI,CAACI,SAAT,EAAoB;QAClBE,OAAO,gCAAyBN,IAAI,CAACI,SAA9B,CAAP;MACD;;MAED,+BAAwB,IAAxB,EAA8B;QAC5BD,MAAM,EAAE;UACNF,UAAU,EAAE,KADN;UAENC,KAAK,EAAEF,IAAI,CAACG;QAFN,CADoB;QAK5BC,SAAS,EAAE;UACTH,UAAU,EAAE,KADH;UAETC,KAAK,EAAEF,IAAI,CAACI;QAFH,CALiB;QAS5BC,MAAM,EAAE;UACNJ,UAAU,EAAE,KADN;UAENC,KAAK,EAAEF,IAAI,CAACK;QAFN;MAToB,CAA9B;MAeA,OAAOC,OAAP;IACD;;;EAlD2BU,yB;;;8BAAjBD,Q,oBACa,sE"}
|
package/dist/kms.js
CHANGED
|
@@ -747,7 +747,7 @@ var KMS = _webexCore.WebexPlugin.extend((_dec = (0, _common.oneFlight)({
|
|
|
747
747
|
context.ephemeralKey = originalContext.ephemeralKey;
|
|
748
748
|
return context;
|
|
749
749
|
},
|
|
750
|
-
version: "1.
|
|
750
|
+
version: "1.160.0"
|
|
751
751
|
}, ((0, _applyDecoratedDescriptor2.default)(_obj, "fetchKey", [_dec], (0, _getOwnPropertyDescriptor.default)(_obj, "fetchKey"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "_getContext", [_common.oneFlight], (0, _getOwnPropertyDescriptor.default)(_obj, "_getContext"), _obj)), _obj)));
|
|
752
752
|
|
|
753
753
|
var _default = KMS;
|
package/dist/kms.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["kms.js"],"names":["contexts","kmsDetails","partialContexts","consoleDebug","require","KMS","WebexPlugin","extend","keyFactory","uri","onBehalfOf","namespace","children","batcher","KMSBatcher","bindKey","kro","kroUri","key","keyUri","logger","info","reject","Error","request","method","resourceUri","then","res","createResource","userIds","keyUris","keys","reduce","uris","k","push","length","resource","addAuthorization","authIds","concat","authorizations","listAuthorizations","removeAuthorization","authId","userId","querystring","stringify","createUnboundKeys","count","all","map","asKey","fetchKey","ping","jose","JWK","jwk","prepareRequest","payload","isECDHRequest","includes","resolve","get","_getContext","context","req","Request","requestContext","_contextOnBehalfOf","wrap","serverKey","process","env","NODE_ENV","util","inspect","JSON","parse","depth","processKmsMessageEvent","event","encryption","kmsMessages","kmsMessage","index","_isECDHEMessage","isECDHMessage","Response","unwrap","catch","reason","error","stack","decryptKmsMessage","body","_getKMSStaticPubKey","kmsStaticPubKey","fields","split","header","base64url","decode","kid","timeout","config","kmsInitialTimeout","webex","internal","mercury","connect","TIMEOUT_SYMBOL","status","statusCode","message","match","warn","KMSError","trigger","ecdhMaxTimeout","nextTimeout","kmsMaxTimeout","delete","_getAuthorization","credentials","getUserToken","token","access_token","promise","_prepareContext","set","expiresIn","ephemeralKey","expirationDate","authorization","clientInfo","credential","bearer","_getKMSCluster","_getKMSDetails","kmsCluster","details","service","device","rsaPublicKey","Context","caroots","clientId","url","serverInfo","createECDHKey","localECDHKey","cluster","toJSON","deriveEphemeralKey","originalContext","oneFlight"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAIA;;AACA;;AAEA;;AACA;;AACA;;AACA;;AACA;;AAGA;;AACA;;;;;;;;AAEA,IAAMA,QAAQ,GAAG,sBAAjB;AACA,IAAMC,UAAU,GAAG,sBAAnB;AACA,IAAMC,eAAe,GAAG,sBAAxB;;AAEA,IAAMC,YAAY,GAAGC,OAAO,CAAC,OAAD,CAAP,CAAiB,KAAjB,CAArB;AAEA;AACA;AACA;;;AACA,IAAMC,GAAG,GAAGC,uBAAYC,MAAZ,SA6OT,uBAAU;AACTC,EAAAA,UAAU,EAAE;AAAA,QAAEC,GAAF,QAAEA,GAAF;AAAA,QAAOC,UAAP,QAAOA,UAAP;AAAA,qBAA0BD,GAA1B,cAAiCC,UAAjC;AAAA;AADH,CAAV,CA7OS,UAAmB;AAC7BC,EAAAA,SAAS,EAAE,YADkB;AAG7BC,EAAAA,QAAQ,EAAE;AACRC,IAAAA,OAAO,EAAEC;AADD,GAHmB;;AAO7B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACEC,EAAAA,OAhB6B,0BAkB1B;AAAA;;AAAA,QADDC,GACC,SADDA,GACC;AAAA,QADIC,MACJ,SADIA,MACJ;AAAA,QADYC,GACZ,SADYA,GACZ;AAAA,QADiBC,MACjB,SADiBA,MACjB;AACDF,IAAAA,MAAM,GAAGA,MAAM,IAAID,GAAG,CAACP,GAAvB;AACAU,IAAAA,MAAM,GAAGA,MAAM,IAAID,GAAG,CAACT,GAAvB;AAEA,SAAKW,MAAL,CAAYC,IAAZ,CAAiB,8BAAjB;AAEA;;AACA,QAAI,CAACJ,MAAL,EAAa;AACX,aAAO,iBAAQK,MAAR,CAAe,IAAIC,KAAJ,CAAU,+BAAV,CAAf,CAAP;AACD;AAED;;;AACA,QAAI,CAACJ,MAAL,EAAa;AACX,aAAO,iBAAQG,MAAR,CAAe,IAAIC,KAAJ,CAAU,+BAAV,CAAf,CAAP;AACD;;AAED,WAAO,KAAKC,OAAL,CAAa;AAClBC,MAAAA,MAAM,EAAE,QADU;AAElBC,MAAAA,WAAW,EAAET,MAFK;AAGlBR,MAAAA,GAAG,EAAEU;AAHa,KAAb,EAKJQ,IALI,CAKC,UAACC,GAAD,EAAS;AACb,MAAA,KAAI,CAACR,MAAL,CAAYC,IAAZ,CAAiB,4BAAjB;;AAEA,aAAOO,GAAG,CAACV,GAAX;AACD,KATI,CAAP;AAUD,GA5C4B;;AA8C7B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACEW,EAAAA,cAvD6B,iCAyD1B;AAAA;;AAAA,QADDC,OACC,SADDA,OACC;AAAA,QADQC,OACR,SADQA,OACR;AAAA,QADiBb,GACjB,SADiBA,GACjB;AAAA,QADsBc,IACtB,SADsBA,IACtB;AACDD,IAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;AACA;;AACA,QAAIC,IAAJ,EAAU;AACRD,MAAAA,OAAO,GAAGC,IAAI,CAACC,MAAL,CAAY,UAACC,IAAD,EAAOC,CAAP,EAAa;AACjCD,QAAAA,IAAI,CAACE,IAAL,CAAUD,CAAC,CAAC1B,GAAZ;AAEA,eAAOyB,IAAP;AACD,OAJS,EAIPH,OAJO,CAAV;AAKD;AAED;;;AACA,QAAIb,GAAJ,EAAS;AACPa,MAAAA,OAAO,CAACK,IAAR,CAAalB,GAAG,CAACT,GAAjB;AACD;AAED;;;AACA,QAAIsB,OAAO,CAACM,MAAR,KAAmB,CAAvB,EAA0B;AACxB,aAAO,iBAAQf,MAAR,CAAe,IAAIC,KAAJ,CAAU,wDAAV,CAAf,CAAP;AACD;;AAED,SAAKH,MAAL,CAAYC,IAAZ,CAAiB,wBAAjB;AAEA,WAAO,KAAKG,OAAL,CAAa;AAClBC,MAAAA,MAAM,EAAE,QADU;AAElBhB,MAAAA,GAAG,EAAE,YAFa;AAGlBqB,MAAAA,OAAO,EAAPA,OAHkB;AAIlBC,MAAAA,OAAO,EAAPA;AAJkB,KAAb,EAMJJ,IANI,CAMC,UAACC,GAAD,EAAS;AACb,MAAA,MAAI,CAACR,MAAL,CAAYC,IAAZ,CAAiB,uBAAjB;;AAEA,aAAOO,GAAG,CAACU,QAAX;AACD,KAVI,CAAP;AAWD,GA3F4B;;AA6F7B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACEC,EAAAA,gBAtG6B,mCAwG1B;AAAA;;AAAA,QADDT,OACC,SADDA,OACC;AAAA,QADQU,OACR,SADQA,OACR;AAAA,QADiBxB,GACjB,SADiBA,GACjB;AAAA,QADsBC,MACtB,SADsBA,MACtB;AACDa,IAAAA,OAAO,GAAGA,OAAO,IAAI,EAArB;AACAb,IAAAA,MAAM,GAAGA,MAAM,IAAID,GAAG,CAACP,GAAvB;;AAEA,QAAI+B,OAAJ,EAAa;AACXV,MAAAA,OAAO,GAAGA,OAAO,CAACW,MAAR,CAAeD,OAAf,CAAV;AACD;AAED;;;AACA,QAAIV,OAAO,CAACO,MAAR,KAAmB,CAAvB,EAA0B;AACxB,aAAO,iBAAQf,MAAR,CAAe,IAAIC,KAAJ,CAAU,qDAAV,CAAf,CAAP;AACD;AAED;;;AACA,QAAI,CAACN,MAAL,EAAa;AACX,aAAO,iBAAQK,MAAR,CAAe,IAAIC,KAAJ,CAAU,+BAAV,CAAf,CAAP;AACD;;AAED,SAAKH,MAAL,CAAYC,IAAZ,CAAiB,2CAAjB;AAEA,WAAO,KAAKG,OAAL,CAAa;AAClBC,MAAAA,MAAM,EAAE,QADU;AAElBhB,MAAAA,GAAG,EAAE,iBAFa;AAGlBiB,MAAAA,WAAW,EAAET,MAHK;AAIlBa,MAAAA,OAAO,EAAPA;AAJkB,KAAb,EAMJH,IANI,CAMC,UAACC,GAAD,EAAS;AACb,MAAA,MAAI,CAACR,MAAL,CAAYC,IAAZ,CAAiB,0BAAjB;;AAEA,aAAOO,GAAG,CAACc,cAAX;AACD,KAVI,CAAP;AAWD,GAvI4B;;AAyI7B;AACF;AACA;AACA;AACA;AACA;AACA;AACEC,EAAAA,kBAhJ6B,qCAgJK;AAAA;;AAAA,QAAd3B,GAAc,SAAdA,GAAc;AAAA,QAATC,MAAS,SAATA,MAAS;AAChCA,IAAAA,MAAM,GAAGA,MAAM,IAAID,GAAG,CAACP,GAAvB;AACA;;AACA,QAAI,CAACQ,MAAL,EAAa;AACX,aAAO,iBAAQK,MAAR,CAAe,IAAIC,KAAJ,CAAU,+BAAV,CAAf,CAAP;AACD;;AAED,WAAO,KAAKC,OAAL,CAAa;AAClBC,MAAAA,MAAM,EAAE,UADU;AAElBhB,MAAAA,GAAG,YAAKQ,MAAL;AAFe,KAAb,EAIJU,IAJI,CAIC,UAACC,GAAD,EAAS;AACb,MAAA,MAAI,CAACR,MAAL,CAAYC,IAAZ,CAAiB,mCAAjB;;AAEA,aAAOO,GAAG,CAACc,cAAX;AACD,KARI,CAAP;AASD,GAhK4B;;AAkK7B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACEE,EAAAA,mBA3K6B,sCA6K1B;AAAA;;AAAA,QADDC,MACC,SADDA,MACC;AAAA,QADOC,MACP,SADOA,MACP;AAAA,QADe9B,GACf,SADeA,GACf;AAAA,QADoBC,MACpB,SADoBA,MACpB;AACD4B,IAAAA,MAAM,GAAGA,MAAM,IAAIC,MAAnB;AACA7B,IAAAA,MAAM,GAAGA,MAAM,IAAID,GAAG,CAACP,GAAvB;AAEA;;AACA,QAAI,CAACoC,MAAL,EAAa;AACX,aAAO,iBAAQvB,MAAR,CAAe,IAAIC,KAAJ,CAAU,4CAAV,CAAf,CAAP;AACD;AAED;;;AACA,QAAI,CAACN,MAAL,EAAa;AACX,aAAO,iBAAQK,MAAR,CAAe,IAAIC,KAAJ,CAAU,+BAAV,CAAf,CAAP;AACD;;AAED,SAAKH,MAAL,CAAYC,IAAZ,CAAiB,+CAAjB;AAEA,WAAO,KAAKG,OAAL,CAAa;AAClBC,MAAAA,MAAM,EAAE,QADU;AAElBhB,MAAAA,GAAG,YAAKQ,MAAL,6BAA8B8B,qBAAYC,SAAZ,CAAsB;AAACH,QAAAA,MAAM,EAANA;AAAD,OAAtB,CAA9B;AAFe,KAAb,EAIJlB,IAJI,CAIC,UAACC,GAAD,EAAS;AACb,MAAA,MAAI,CAACR,MAAL,CAAYC,IAAZ,CAAiB,4BAAjB;;AAEA,aAAOO,GAAG,CAACc,cAAX;AACD,KARI,CAAP;AASD,GAtM4B;;AAwM7B;AACF;AACA;AACA;AACA;AACA;AACEO,EAAAA,iBA9M6B,oCA8MF;AAAA;;AAAA,QAARC,KAAQ,SAARA,KAAQ;AACzB,SAAK9B,MAAL,CAAYC,IAAZ,wBAAiC6B,KAAjC;AAEA;;AACA,QAAI,CAACA,KAAL,EAAY;AACV,aAAO,iBAAQ5B,MAAR,CAAe,IAAIC,KAAJ,CAAU,6BAAV,CAAf,CAAP;AACD;;AAED,WAAO,KAAKC,OAAL,CAAa;AAClBC,MAAAA,MAAM,EAAE,QADU;AAElBhB,MAAAA,GAAG,EAAE,OAFa;AAGlByC,MAAAA,KAAK,EAALA;AAHkB,KAAb,EAKJvB,IALI,CAKC,UAACC,GAAD,EAAS;AACb,MAAA,MAAI,CAACR,MAAL,CAAYC,IAAZ,CAAiB,4BAAjB;;AAEA,aAAO,iBAAQ8B,GAAR,CAAYvB,GAAG,CAACI,IAAJ,CAASoB,GAAT,CAAa,MAAI,CAACC,KAAlB,CAAZ,CAAP;AACD,KATI,CAAP;AAUD,GAhO4B;AAgP7BC,EAAAA,QAhP6B,2BAgPD;AAAA;;AAAA,QAAlB7C,GAAkB,SAAlBA,GAAkB;AAAA,QAAbC,UAAa,SAAbA,UAAa;;AAC1B;AACA,QAAI,CAACD,GAAL,EAAU;AACR,aAAO,iBAAQa,MAAR,CAAe,IAAIC,KAAJ,CAAU,2BAAV,CAAf,CAAP;AACD;;AAED,SAAKH,MAAL,CAAYC,IAAZ,CAAiB,mBAAjB;AAEA,WAAO,KAAKG,OAAL,CAAa;AAClBC,MAAAA,MAAM,EAAE,UADU;AAElBhB,MAAAA,GAAG,EAAHA;AAFkB,KAAb,EAGJ;AAACC,MAAAA,UAAU,EAAVA;AAAD,KAHI,EAIJiB,IAJI,CAIC,UAACC,GAAD,EAAS;AACb,MAAA,MAAI,CAACR,MAAL,CAAYC,IAAZ,CAAiB,kBAAjB;;AAEA,aAAO,MAAI,CAACgC,KAAL,CAAWzB,GAAG,CAACV,GAAf,CAAP;AACD,KARI,CAAP;AASD,GAjQ4B;;AAmQ7B;AACF;AACA;AACA;AACEqC,EAAAA,IAvQ6B,kBAuQtB;AACL,WAAO,KAAK/B,OAAL,CAAa;AAClBC,MAAAA,MAAM,EAAE,QADU;AAElBhB,MAAAA,GAAG,EAAE;AAFa,KAAb,CAAP;AAID,GA5Q4B;;AA8Q7B;AACF;AACA;AACA;AACA;AACE4C,EAAAA,KAnR6B,iBAmRvBnC,GAnRuB,EAmRlB;AACT,WAAOsC,kBAAKC,GAAL,CAASJ,KAAT,CAAenC,GAAG,CAACwC,GAAnB,EACJ/B,IADI,CACC,UAAC+B,GAAD,EAAS;AACbxC,MAAAA,GAAG,CAACwC,GAAJ,GAAUA,GAAV;AAEA,aAAOxC,GAAP;AACD,KALI,CAAP;AAMD,GA1R4B;;AA4R7B;AACF;AACA;AACA;AACA;AACA;AACEyC,EAAAA,cAlS6B,0BAkSdC,OAlSc,EAkSLlD,UAlSK,EAkSO;AAAA;;AAClC,QAAMmD,aAAa,GAAGD,OAAO,CAACnC,MAAR,KAAmB,QAAnB,IAA+BmC,OAAO,CAACnD,GAAR,CAAYqD,QAAZ,CAAqB,QAArB,CAArD;AAEA,WAAO,iBAAQC,OAAR,CAAgBF,aAAa,GAAG3D,eAAe,CAAC8D,GAAhB,CAAoB,IAApB,CAAH,GAA+B,KAAKC,WAAL,EAA5D,EACJtC,IADI,CACC,UAACuC,OAAD,EAAa;AACjB,MAAA,MAAI,CAAC9C,MAAL,CAAYC,IAAZ,yBAAkCwC,aAAa,GAAG,eAAH,GAAqB,KAApE;;AACA,UAAMM,GAAG,GAAG,IAAIC,gBAAJ,CAAYR,OAAZ,CAAZ;AACA,UAAIS,cAAc,GAAGH,OAArB;;AAEA,UAAIxD,UAAJ,EAAgB;AACd2D,QAAAA,cAAc,GAAG,MAAI,CAACC,kBAAL,CAAwBJ,OAAxB,EAAiCxD,UAAjC,CAAjB;AACD;;AAED,aAAOyD,GAAG,CAACI,IAAJ,CAASF,cAAT,EAAyB;AAACG,QAAAA,SAAS,EAAEX;AAAZ,OAAzB,EACJlC,IADI,CACC,YAAM;AACV;AACA,YAAI8C,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,YAA7B,EAA2C;AACzC,UAAA,MAAI,CAACvD,MAAL,CAAYC,IAAZ,CAAiB,sBAAjB,EAAyCuD,cAAKC,OAAL,CAAa,oBAAKC,IAAI,CAACC,KAAL,CAAW,wBAAeZ,GAAf,CAAX,CAAL,EAAsC,SAAtC,CAAb,EAA+D;AAACa,YAAAA,KAAK,EAAE;AAAR,WAA/D,CAAzC;AACD;;AAED,eAAOb,GAAP;AACD,OARI,CAAP;AASD,KAnBI,CAAP;AAoBD,GAzT4B;;AA2T7B;AACF;AACA;AACA;AACA;AACEc,EAAAA,sBAhU6B,kCAgUNC,KAhUM,EAgUC;AAAA;;AAC5B,SAAK9D,MAAL,CAAYC,IAAZ,CAAiB,2BAAjB;AAEA,WAAO,iBAAQ8B,GAAR,CAAY+B,KAAK,CAACC,UAAN,CAAiBC,WAAjB,CAA6BhC,GAA7B,CAAiC,UAACiC,UAAD,EAAaC,KAAb;AAAA,aAAuB,MAAI,CAACC,eAAL,CAAqBF,UAArB,EACxE1D,IADwE,CACnE,UAAC6D,aAAD,EAAmB;AACvB,QAAA,MAAI,CAACpE,MAAL,CAAYC,IAAZ,yBAAkCmE,aAAa,GAAG,OAAH,GAAa,QAA5D;;AACA,YAAM5D,GAAG,GAAG,IAAI6D,iBAAJ,CAAaJ,UAAb,CAAZ;AAEA,eAAO,iBAAQtB,OAAR,CAAgByB,aAAa,GAAGtF,eAAe,CAAC8D,GAAhB,CAAoB,MAApB,CAAH,GAA+BhE,QAAQ,CAACgE,GAAT,CAAa,MAAb,CAA5D,EACL;AADK,SAEJrC,IAFI,CAEC,UAACuC,OAAD;AAAA,iBAAatC,GAAG,CAAC8D,MAAJ,CAAWxB,OAAX,CAAb;AAAA,SAFD,EAGL;AAHK,SAIJvC,IAJI,CAIC,YAAM;AACV,cAAI8C,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,YAA7B,EAA2C;AACzC,YAAA,MAAI,CAACvD,MAAL,CAAYC,IAAZ,CAAiB,uBAAjB,EAA0CuD,cAAKC,OAAL,CAAa,oBAAKC,IAAI,CAACC,KAAL,CAAW,wBAAenD,GAAf,CAAX,CAAL,EAAsC,SAAtC,CAAb,EAA+D;AAACoD,cAAAA,KAAK,EAAE;AAAR,aAA/D,CAA1C;AACD;AACF,SARI,EASL;AATK,SAUJrD,IAVI,CAUC,YAAM;AAAEuD,UAAAA,KAAK,CAACC,UAAN,CAAiBC,WAAjB,CAA6BE,KAA7B,IAAsC1D,GAAtC;AAA4C,SAVrD,EAWL;AAXK,SAYJD,IAZI,CAYC;AAAA,iBAAMC,GAAN;AAAA,SAZD,CAAP;AAaD,OAlBwE,CAAvB;AAAA,KAAjC,CAAZ,EAmBJD,IAnBI,CAmBC;AAAA,aAAM,MAAI,CAACd,OAAL,CAAaoE,sBAAb,CAAoCC,KAApC,CAAN;AAAA,KAnBD,EAoBJS,KApBI,CAoBE,UAACC,MAAD,EAAY;AACjB,MAAA,MAAI,CAACxE,MAAL,CAAYyE,KAAZ,CAAkB,qBAAlB,EAAyCD,MAAM,CAACE,KAAhD;;AAEA,aAAO,iBAAQxE,MAAR,CAAesE,MAAf,CAAP;AACD,KAxBI,EAyBJjE,IAzBI,CAyBC;AAAA,aAAMuD,KAAN;AAAA,KAzBD,CAAP;AA0BD,GA7V4B;;AA+V7B;AACF;AACA;AACA;AACA;AACEa,EAAAA,iBApW6B,6BAoWXV,UApWW,EAoWC;AAC5B,QAAMzD,GAAG,GAAG,IAAI6D,iBAAJ,CAAaJ,UAAb,CAAZ;AAEA,WAAOrF,QAAQ,CAACgE,GAAT,CAAa,IAAb,EACJrC,IADI,CACC,UAACuC,OAAD;AAAA,aAAatC,GAAG,CAAC8D,MAAJ,CAAWxB,OAAX,CAAb;AAAA,KADD,EAEJvC,IAFI,CAEC;AAAA,aAAMC,GAAG,CAACoE,IAAV;AAAA,KAFD,CAAP;AAGD,GA1W4B;;AA4W7B;AACF;AACA;AACA;AACA;AACET,EAAAA,eAjX6B,2BAiXbF,UAjXa,EAiXD;AAC1B,WAAO,KAAKY,mBAAL,GACJtE,IADI,CACC,UAACuE,eAAD,EAAqB;AACzB,UAAMC,MAAM,GAAGd,UAAU,CAACe,KAAX,CAAiB,GAAjB,CAAf;;AAEA,UAAID,MAAM,CAAC9D,MAAP,KAAkB,CAAtB,EAAyB;AACvB,eAAO,KAAP;AACD;;AAED,UAAMgE,MAAM,GAAGvB,IAAI,CAACC,KAAL,CAAWvB,kBAAKoB,IAAL,CAAU0B,SAAV,CAAoBC,MAApB,CAA2BJ,MAAM,CAAC,CAAD,CAAjC,CAAX,CAAf;AAEA,aAAOE,MAAM,CAACG,GAAP,KAAeN,eAAe,CAACM,GAAtC;AACD,KAXI,CAAP;AAYD,GA9X4B;;AAgY7B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACEhF,EAAAA,OAxY6B,mBAwYrBoC,OAxYqB,EAwYgB;AAAA;;AAAA,oFAAJ,EAAI;AAAA,QAA3B6C,OAA2B,SAA3BA,OAA2B;AAAA,QAAlB/F,UAAkB,SAAlBA,UAAkB;;AAC3C+F,IAAAA,OAAO,GAAGA,OAAO,IAAI,KAAKC,MAAL,CAAYC,iBAAjC,CAD2C,CAG3C;AACA;;AACA,WAAO,KAAKC,KAAL,CAAWC,QAAX,CAAoBC,OAApB,CAA4BC,OAA5B,GACJpF,IADI,CACC;AAAA,aAAM,OAAI,CAACgC,cAAL,CAAoBC,OAApB,EAA6BlD,UAA7B,CAAN;AAAA,KADD,EAEJiB,IAFI,CAEC,UAACwC,GAAD,EAAS;AACbA,MAAAA,GAAG,CAAC6C,0BAAD,CAAH,GAAsBP,OAAtB;AAEA,aAAO,OAAI,CAAC5F,OAAL,CAAaW,OAAb,CAAqB2C,GAArB,CAAP;AACD,KANI,EAOL;AACA;AARK,KASJwB,KATI,CASE,UAACC,MAAD,EAAY;AACjB,UAAInB,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,MAAzB,KAAoCiB,MAAM,CAACqB,MAAP,KAAkB,GAAlB,IAAyBrB,MAAM,CAACsB,UAAP,KAAsB,GAAnF,KAA2FtB,MAAM,CAACuB,OAAP,CAAeC,KAAf,CAAqB,sEAArB,CAA/F,EAA6L;AAC3L,QAAA,OAAI,CAAChG,MAAL,CAAYiG,IAAZ,CAAiB,wDAAjB;;AAEA,eAAO,OAAI,CAAC7F,OAAL,CAAaoC,OAAb,EAAsB;AAAClD,UAAAA,UAAU,EAAVA;AAAD,SAAtB,CAAP;AACD,OALgB,CAOjB;;;AACA,UAAIkF,MAAM,YAAY0B,kCAAtB,EAAgC;AAC9B,QAAA,OAAI,CAACV,KAAL,CAAWW,OAAX,CAAmB,4BAAnB;;AAEA,eAAO,iBAAQjG,MAAR,CAAesE,MAAf,CAAP;AACD,OAZgB,CAcjB;AACA;AACA;;;AACA,UAAI,CAACA,MAAM,CAACsB,UAAR,IAAsB,CAACtB,MAAM,CAACqB,MAAlC,EAA0C;AACxC;AACA,YAAIxC,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,YAA7B,EAA2C;AACzC;AACA,UAAA,OAAI,CAACvD,MAAL,CAAYC,IAAZ,CAAiB,oBAAjB,EAAuCuE,MAAM,CAACE,KAAP,IAAgBF,MAAvD;AACD;;AAEDzF,QAAAA,YAAY,mBAAYsG,OAAZ,EAAZ;AACAA,QAAAA,OAAO,IAAI,CAAX;;AAEA,YAAIA,OAAO,IAAI,OAAI,CAACC,MAAL,CAAYc,cAA3B,EAA2C;AACzC,UAAA,OAAI,CAACpG,MAAL,CAAYC,IAAZ,CAAiB,2CAAjB;;AAEA,iBAAO,iBAAQC,MAAR,CAAesE,MAAf,CAAP;AACD,SAduC,CAgBxC;AACA;;;AACA,YAAM6B,WAAW,GAAGhB,OAAO,GAAG,CAA9B;;AAEA,YAAIA,OAAO,IAAI,OAAI,CAACC,MAAL,CAAYgB,aAAvB,IAAwCD,WAAW,GAAG,OAAI,CAACf,MAAL,CAAYc,cAAtE,EAAsF;AACpF,UAAA,OAAI,CAACpG,MAAL,CAAYC,IAAZ,CAAiB,qEAAjB;AAEA;;;AACA,cAAIoD,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,YAA7B,EAA2C;AACzC,YAAA,OAAI,CAACvD,MAAL,CAAYC,IAAZ,CAAiB,yBAAjB,EAA4CoF,OAA5C,EAAqD,OAAI,CAACC,MAAL,CAAYgB,aAAjE;AACD;;AAED1H,UAAAA,QAAQ,CAAC2H,MAAT,CAAgB,OAAhB;AACAlB,UAAAA,OAAO,GAAG,CAAV;AACD;;AAED,eAAO,OAAI,CAACjF,OAAL,CAAaoC,OAAb,EAAsB;AAAC6C,UAAAA,OAAO,EAAPA,OAAD;AAAU/F,UAAAA,UAAU,EAAVA;AAAV,SAAtB,CAAP;AACD;;AAED,aAAO,iBAAQY,MAAR,CAAesE,MAAf,CAAP;AACD,KA9DI,CAAP;AA+DD,GA5c4B;;AA8c7B;AACF;AACA;AACA;AACEgC,EAAAA,iBAld6B,+BAkdT;AAClB,WAAO,KAAKhB,KAAL,CAAWiB,WAAX,CAAuBC,YAAvB,CAAoC,WAApC,EACJnG,IADI,CACC,UAACoG,KAAD;AAAA,aAAWA,KAAK,CAACC,YAAjB;AAAA,KADD,CAAP;AAED,GArd4B;;AAwd7B;AACF;AACA;AACA;AACA;AACE/D,EAAAA,WA7d6B,yBA6df;AAAA;;AACZ,QAAIgE,OAAO,GAAGjI,QAAQ,CAACgE,GAAT,CAAa,IAAb,CAAd;;AAEA,QAAI,CAACiE,OAAL,EAAc;AACZA,MAAAA,OAAO,GAAG,KAAKC,eAAL,EAAV;AACAlI,MAAAA,QAAQ,CAACmI,GAAT,CAAa,IAAb,EAAmBF,OAAnB;AACAA,MAAAA,OAAO,CAACtG,IAAR,CAAa,UAACuC,OAAD,EAAa;AACxB,YAAMkE,SAAS,GAAGlE,OAAO,CAACmE,YAAR,CAAqBC,cAArB,GAAsC,mBAAtC,GAAmD,KAArE;AAEA,0CAAe;AAAA,iBAAMtI,QAAQ,CAAC2H,MAAT,CAAgB,OAAhB,CAAN;AAAA,SAAf,EAA4CS,SAA5C;AACD,OAJD;AAKD;;AAED,WAAO,iBAAQjF,GAAR,CAAY,CACjB8E,OADiB,EAEjB,KAAKL,iBAAL,EAFiB,CAAZ,EAIJjG,IAJI,CAIC,kBAA8B;AAAA;AAAA,UAA5BuC,OAA4B;AAAA,UAAnBqE,aAAmB;;AAClCrE,MAAAA,OAAO,CAACsE,UAAR,CAAmBC,UAAnB,CAA8BC,MAA9B,GAAuCH,aAAvC;AAEA,aAAOrE,OAAP;AACD,KARI,CAAP;AASD,GAnf4B;;AAqf7B;AACF;AACA;AACA;AACEyE,EAAAA,cAzf6B,4BAyfZ;AACf,SAAKvH,MAAL,CAAYC,IAAZ,CAAiB,6BAAjB;AAEA,WAAO,KAAKuH,cAAL,GACJjH,IADI,CACC;AAAA,UAAEkH,UAAF,UAAEA,UAAF;AAAA,aAAkBA,UAAlB;AAAA,KADD,CAAP;AAED,GA9f4B;;AAggB7B;AACF;AACA;AACA;AACED,EAAAA,cApgB6B,4BAogBZ;AAAA;;AACf,QAAIE,OAAO,GAAG7I,UAAU,CAAC+D,GAAX,CAAe,IAAf,CAAd;;AAEA,QAAI,CAAC8E,OAAL,EAAc;AACZ,WAAK1H,MAAL,CAAYC,IAAZ,CAAiB,2BAAjB;AACAyH,MAAAA,OAAO,GAAG,KAAKlC,KAAL,CAAWpF,OAAX,CAAmB;AAC3BuH,QAAAA,OAAO,EAAE,YADkB;AAE3BzG,QAAAA,QAAQ,iBAAU,KAAKsE,KAAL,CAAWC,QAAX,CAAoBmC,MAApB,CAA2BlG,MAArC;AAFmB,OAAnB,EAIPnB,IAJO,CAIF,UAACC,GAAD,EAAS;AACb,QAAA,OAAI,CAACR,MAAL,CAAYC,IAAZ,CAAiB,0BAAjB;;AACA,YAAO2E,IAAP,GAAepE,GAAf,CAAOoE,IAAP;AAEAA,QAAAA,IAAI,CAACiD,YAAL,GAAoBnE,IAAI,CAACC,KAAL,CAAWiB,IAAI,CAACiD,YAAhB,CAApB;AAEA,eAAOjD,IAAP;AACD,OAXO,EAYPL,KAZO,CAYD,UAACC,MAAD,EAAY;AACjB,QAAA,OAAI,CAACxE,MAAL,CAAYyE,KAAZ,CAAkB,kCAAlB,EAAsDD,MAAtD;;AAEA,eAAO,iBAAQtE,MAAR,CAAesE,MAAf,CAAP;AACD,OAhBO,CAAV;AAkBA3F,MAAAA,UAAU,CAACkI,GAAX,CAAe,IAAf,EAAqBW,OAArB;AACD;;AAED,WAAOA,OAAP;AACD,GA/hB4B;;AAiiB7B;AACF;AACA;AACA;AACE7C,EAAAA,mBAriB6B,iCAqiBP;AACpB,SAAK7E,MAAL,CAAYC,IAAZ,CAAiB,uCAAjB;AAEA,WAAO,KAAKuH,cAAL,GACJjH,IADI,CACC;AAAA,UAAEsH,YAAF,UAAEA,YAAF;AAAA,aAAoBA,YAApB;AAAA,KADD,CAAP;AAED,GA1iB4B;;AA4iB7B;AACF;AACA;AACA;AACEf,EAAAA,eAhjB6B,6BAgjBX;AAAA;;AAChB,SAAK9G,MAAL,CAAYC,IAAZ,CAAiB,uBAAjB;AACA,QAAM6C,OAAO,GAAG,IAAIgF,gBAAJ,EAAhB;AAEA,WAAO,iBAAQ/F,GAAR,CAAY,CACjB,KAAK8C,mBAAL,GAA2BtE,IAA3B,CAAgC,uCAAY,KAAK+E,MAAL,CAAYyC,OAAxB,CAAhC,CADiB,EAEjB,KAAKvB,iBAAL,EAFiB,CAAZ,EAIJjG,IAJI,CAIC,kBAAsC;AAAA;AAAA,UAApCuE,eAAoC;AAAA,UAAnBqC,aAAmB;;AAC1CrE,MAAAA,OAAO,CAACsE,UAAR,GAAqB;AACnBY,QAAAA,QAAQ,EAAE,OAAI,CAACxC,KAAL,CAAWC,QAAX,CAAoBmC,MAApB,CAA2BK,GADlB;AAEnBZ,QAAAA,UAAU,EAAE;AACV3F,UAAAA,MAAM,EAAE,OAAI,CAAC8D,KAAL,CAAWC,QAAX,CAAoBmC,MAApB,CAA2BlG,MADzB;AAEV4F,UAAAA,MAAM,EAAEH;AAFE;AAFO,OAArB;AAQArE,MAAAA,OAAO,CAACoF,UAAR,GAAqB;AACnBpI,QAAAA,GAAG,EAAEgF;AADc,OAArB;;AAIA,MAAA,OAAI,CAAC9E,MAAL,CAAYC,IAAZ,CAAiB,mCAAjB;;AAEA,aAAO6C,OAAO,CAACqF,aAAR,EAAP;AACD,KApBI,EAqBJ5H,IArBI,CAqBC,UAAC6H,YAAD,EAAkB;AACtBtF,MAAAA,OAAO,CAACmE,YAAR,GAAuBmB,YAAvB;AACAtJ,MAAAA,eAAe,CAACiI,GAAhB,CAAoB,OAApB,EAA0BjE,OAA1B;AAEA,aAAO,iBAAQf,GAAR,CAAY,CAACqG,YAAY,CAACnG,KAAb,EAAD,EAAuB,OAAI,CAACsF,cAAL,EAAvB,CAAZ,CAAP;AACD,KA1BI,EA2BJhH,IA3BI,CA2BC,kBAA6B;AAAA;AAAA,UAA3B6H,YAA2B;AAAA,UAAbC,OAAa;;AACjC,MAAA,OAAI,CAACrI,MAAL,CAAYC,IAAZ,CAAiB,uCAAjB;;AAEA,aAAO,OAAI,CAACG,OAAL,CAAa;AAClBf,QAAAA,GAAG,YAAKgJ,OAAL,WADe;AAElBhI,QAAAA,MAAM,EAAE,QAFU;AAGlBiC,QAAAA,GAAG,EAAE8F,YAAY,CAACE,MAAb;AAHa,OAAb,CAAP;AAKD,KAnCI,EAoCJ/H,IApCI,CAoCC,UAACC,GAAD,EAAS;AACb,MAAA,OAAI,CAACR,MAAL,CAAYC,IAAZ,CAAiB,mCAAjB;;AAEA,aAAO6C,OAAO,CAACyF,kBAAR,CAA2B/H,GAAG,CAACV,GAA/B,CAAP;AACD,KAxCI,EAyCJS,IAzCI,CAyCC,UAACT,GAAD,EAAS;AACbgD,MAAAA,OAAO,CAACmE,YAAR,GAAuBnH,GAAvB;AACAhB,MAAAA,eAAe,CAACyH,MAAhB,CAAuB,OAAvB;;AACA,MAAA,OAAI,CAACvG,MAAL,CAAYC,IAAZ,CAAiB,kCAAjB;;AAEA,aAAO6C,OAAP;AACD,KA/CI,EAgDJyB,KAhDI,CAgDE,UAACC,MAAD,EAAY;AACjB,MAAA,OAAI,CAACxE,MAAL,CAAYyE,KAAZ,CAAkB,wCAAlB,EAA4DD,MAA5D;;AAEA,aAAO,iBAAQtE,MAAR,CAAesE,MAAf,CAAP;AACD,KApDI,CAAP;AAqDD,GAzmB4B;;AA2mB7B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACEtB,EAAAA,kBAvnB6B,8BAunBVsF,eAvnBU,EAunBOlJ,UAvnBP,EAunBmB;AAC9C,QAAMwD,OAAO,GAAG,IAAIgF,gBAAJ,EAAhB;AAEAhF,IAAAA,OAAO,CAACsE,UAAR,GAAqBtE,OAAO,CAACsE,UAAR,GAAqB;AACxCY,MAAAA,QAAQ,EAAEQ,eAAe,CAACpB,UAAhB,CAA2BY,QADG;AAExCX,MAAAA,UAAU,EAAE;AACV3F,QAAAA,MAAM,EAAEpC,UADE;AAEVA,QAAAA,UAAU,EAAVA,UAFU;AAEE;AACZgI,QAAAA,MAAM,EAAEkB,eAAe,CAACpB,UAAhB,CAA2BC,UAA3B,CAAsCC;AAHpC;AAF4B,KAA1C;AAQAxE,IAAAA,OAAO,CAACoF,UAAR,GAAqBM,eAAe,CAACN,UAArC;AACApF,IAAAA,OAAO,CAACmE,YAAR,GAAuBuB,eAAe,CAACvB,YAAvC;AAEA,WAAOnE,OAAP;AACD,GAtoB4B;AAAA;AAAA,CAAnB,oMAudT2F,iBAvdS,+EAAZ;;eAyoBexJ,G","sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport querystring from 'querystring';\nimport util from 'util';\n\nimport {safeSetTimeout} from '@webex/common-timers';\nimport {oneFlight} from '@webex/common';\nimport {WebexPlugin} from '@webex/webex-core';\nimport {Context, Request, Response} from 'node-kms';\nimport jose from 'node-jose';\nimport {omit} from 'lodash';\n\nimport KMSBatcher, {TIMEOUT_SYMBOL} from './kms-batcher';\nimport validateKMS, {KMSError} from './kms-certificate-validation';\n\nconst contexts = new WeakMap();\nconst kmsDetails = new WeakMap();\nconst partialContexts = new WeakMap();\n\nconst consoleDebug = require('debug')('kms');\n\n/**\n * @class\n */\nconst KMS = WebexPlugin.extend({\n namespace: 'Encryption',\n\n children: {\n batcher: KMSBatcher\n },\n\n /**\n * Binds a key to a resource\n * @param {Object} options\n * @param {KMSResourceObject} options.kro\n * @param {string} options.kroUri\n * @param {Key} options.key\n * @param {string} options.keyUri\n * @returns {Promise<Key>}\n */\n bindKey({\n kro, kroUri, key, keyUri\n }) {\n kroUri = kroUri || kro.uri;\n keyUri = keyUri || key.uri;\n\n this.logger.info('kms: binding key to resource');\n\n /* istanbul ignore if */\n if (!kroUri) {\n return Promise.reject(new Error('`kro` or `kroUri` is required'));\n }\n\n /* istanbul ignore if */\n if (!keyUri) {\n return Promise.reject(new Error('`key` or `keyUri` is required'));\n }\n\n return this.request({\n method: 'update',\n resourceUri: kroUri,\n uri: keyUri\n })\n .then((res) => {\n this.logger.info('kms: bound key to resource');\n\n return res.key;\n });\n },\n\n /**\n * Creates a new KMS Resource\n * @param {Object} options\n * @param {Array<string>} options.userIds\n * @param {Array<string>} options.keyUris\n * @param {Key} options.key\n * @param {Array<Keys>} options.keys\n * @returns {Promise<KMSResourceObject>}\n */\n createResource({\n userIds, keyUris, key, keys\n }) {\n keyUris = keyUris || [];\n /* istanbul ignore if */\n if (keys) {\n keyUris = keys.reduce((uris, k) => {\n uris.push(k.uri);\n\n return uris;\n }, keyUris);\n }\n\n /* istanbul ignore else */\n if (key) {\n keyUris.push(key.uri);\n }\n\n /* istanbul ignore if */\n if (keyUris.length === 0) {\n return Promise.reject(new Error('Cannot create KMS Resource without at least one keyUri'));\n }\n\n this.logger.info('kms: creating resource');\n\n return this.request({\n method: 'create',\n uri: '/resources',\n userIds,\n keyUris\n })\n .then((res) => {\n this.logger.info('kms: created resource');\n\n return res.resource;\n });\n },\n\n /**\n * Authorizes a user or KRO to a KRO\n * @param {Object} options\n * @param {Array<string>} options.userIds\n * @param {Array<string>} options.authIds interchangable with userIds\n * @param {KMSResourceObject} options.kro the target kro\n * @param {string} options.kroUri\n * @returns {Promise<KMSAuthorizationObject>}\n */\n addAuthorization({\n userIds, authIds, kro, kroUri\n }) {\n userIds = userIds || [];\n kroUri = kroUri || kro.uri;\n\n if (authIds) {\n userIds = userIds.concat(authIds);\n }\n\n /* istanbul ignore if */\n if (userIds.length === 0) {\n return Promise.reject(new Error('Cannot add authorization without userIds or authIds'));\n }\n\n /* istanbul ignore if */\n if (!kroUri) {\n return Promise.reject(new Error('`kro` or `kroUri` is required'));\n }\n\n this.logger.info('kms: adding authorization to kms resource');\n\n return this.request({\n method: 'create',\n uri: '/authorizations',\n resourceUri: kroUri,\n userIds\n })\n .then((res) => {\n this.logger.info('kms: added authorization');\n\n return res.authorizations;\n });\n },\n\n /**\n * Retrieve a list of users that have been authorized to the KRO\n * @param {Object} options\n * @param {KMSResourceObject} options.kro the target kro\n * @param {string} options.kroUri\n * @returns {Array<authId>}\n */\n listAuthorizations({kro, kroUri}) {\n kroUri = kroUri || kro.uri;\n /* istanbul ignore if */\n if (!kroUri) {\n return Promise.reject(new Error('`kro` or `kroUri` is required'));\n }\n\n return this.request({\n method: 'retrieve',\n uri: `${kroUri}/authorizations`\n })\n .then((res) => {\n this.logger.info('kms: retrieved authorization list');\n\n return res.authorizations;\n });\n },\n\n /**\n * Deauthorizes a user or KRO from a KRO\n * @param {Object} options\n * @param {string} options.userId\n * @param {string} options.authId interchangable with userIds\n * @param {KMSResourceObject} options.kro the target kro\n * @param {string} options.kroUri\n * @returns {Promise<KMSAuthorizationObject>}\n */\n removeAuthorization({\n authId, userId, kro, kroUri\n }) {\n authId = authId || userId;\n kroUri = kroUri || kro.uri;\n\n /* istanbul ignore if */\n if (!authId) {\n return Promise.reject(new Error('Cannot remove authorization without authId'));\n }\n\n /* istanbul ignore if */\n if (!kroUri) {\n return Promise.reject(new Error('`kro` or `kroUri` is required'));\n }\n\n this.logger.info('kms: removing authorization from kms resource');\n\n return this.request({\n method: 'delete',\n uri: `${kroUri}/authorizations?${querystring.stringify({authId})}`\n })\n .then((res) => {\n this.logger.info('kms: removed authorization');\n\n return res.authorizations;\n });\n },\n\n /**\n * Requests `count` unbound keys from the kms\n * @param {Object} options\n * @param {Number} options.count\n * @returns {Array<Key>}\n */\n createUnboundKeys({count}) {\n this.logger.info(`kms: request ${count} unbound keys`);\n\n /* istanbul ignore if */\n if (!count) {\n return Promise.reject(new Error('`options.count` is required'));\n }\n\n return this.request({\n method: 'create',\n uri: '/keys',\n count\n })\n .then((res) => {\n this.logger.info('kms: received unbound keys');\n\n return Promise.all(res.keys.map(this.asKey));\n });\n },\n\n /**\n * Fetches the specified key from the kms\n * @param {Object} options\n * @param {string} options.uri\n * @param {string} options.onBehalfOf The id of a user, upon whose behalf, the key is to be retrieved or undefined if retrieval is for the active user\n * @returns {Promise<Key>}\n */\n // Ideally, this would be done via the kms batcher, but other than request id,\n // there isn't any other userful key in a kms response to match it to a\n // request. as such, we need the batcher to group requests, but one flight to\n // make sure we don't make the same request multiple times.\n @oneFlight({\n keyFactory: ({uri, onBehalfOf}) => `${uri}/${onBehalfOf}`\n })\n fetchKey({uri, onBehalfOf}) {\n /* istanbul ignore if */\n if (!uri) {\n return Promise.reject(new Error('`options.uri` is required'));\n }\n\n this.logger.info('kms: fetching key');\n\n return this.request({\n method: 'retrieve',\n uri\n }, {onBehalfOf})\n .then((res) => {\n this.logger.info('kms: fetched key');\n\n return this.asKey(res.key);\n });\n },\n\n /**\n * Pings the kms. Mostly for testing\n * @returns {Promise}\n */\n ping() {\n return this.request({\n method: 'update',\n uri: '/ping'\n });\n },\n\n /**\n * Ensures a key obect is Key instance\n * @param {Object} key\n * @returns {Promise<Key>}\n */\n asKey(key) {\n return jose.JWK.asKey(key.jwk)\n .then((jwk) => {\n key.jwk = jwk;\n\n return key;\n });\n },\n\n /**\n * Adds appropriate metadata to the KMS request\n * @param {Object} payload\n * @param {Object} onBehalfOf Optional parameter to prepare the request on behalf of another user\n * @returns {Promise<KMS.Request>}\n */\n prepareRequest(payload, onBehalfOf) {\n const isECDHRequest = payload.method === 'create' && payload.uri.includes('/ecdhe');\n\n return Promise.resolve(isECDHRequest ? partialContexts.get(this) : this._getContext())\n .then((context) => {\n this.logger.info(`kms: wrapping ${isECDHRequest ? 'ephemeral key' : 'kms'} request`);\n const req = new Request(payload);\n let requestContext = context;\n\n if (onBehalfOf) {\n requestContext = this._contextOnBehalfOf(context, onBehalfOf);\n }\n\n return req.wrap(requestContext, {serverKey: isECDHRequest})\n .then(() => {\n /* istanbul ignore else */\n if (process.env.NODE_ENV !== 'production') {\n this.logger.info('kms: request payload', util.inspect(omit(JSON.parse(JSON.stringify(req)), 'wrapped'), {depth: null}));\n }\n\n return req;\n });\n });\n },\n\n /**\n * Accepts a kms message event, decrypts it, and passes it to the batcher\n * @param {Object} event\n * @returns {Promise<Object>}\n */\n processKmsMessageEvent(event) {\n this.logger.info('kms: received kms message');\n\n return Promise.all(event.encryption.kmsMessages.map((kmsMessage, index) => this._isECDHEMessage(kmsMessage)\n .then((isECDHMessage) => {\n this.logger.info(`kms: received ${isECDHMessage ? 'ecdhe' : 'normal'} message`);\n const res = new Response(kmsMessage);\n\n return Promise.resolve(isECDHMessage ? partialContexts.get(this) : contexts.get(this))\n // eslint-disable-next-line max-nested-callbacks\n .then((context) => res.unwrap(context))\n // eslint-disable-next-line max-nested-callbacks\n .then(() => {\n if (process.env.NODE_ENV !== 'production') {\n this.logger.info('kms: response payload', util.inspect(omit(JSON.parse(JSON.stringify(res)), 'wrapped'), {depth: null}));\n }\n })\n // eslint-disable-next-line max-nested-callbacks\n .then(() => { event.encryption.kmsMessages[index] = res; })\n // eslint-disable-next-line max-nested-callbacks\n .then(() => res);\n })))\n .then(() => this.batcher.processKmsMessageEvent(event))\n .catch((reason) => {\n this.logger.error('kms: decrypt failed', reason.stack);\n\n return Promise.reject(reason);\n })\n .then(() => event);\n },\n\n /**\n * Decrypts a kms message\n * @param {Object} kmsMessage\n * @returns {Promise<Object>}\n */\n decryptKmsMessage(kmsMessage) {\n const res = new Response(kmsMessage);\n\n return contexts.get(this)\n .then((context) => res.unwrap(context))\n .then(() => res.body);\n },\n\n /**\n * Determines if the kms message is an ecdhe message or a normal message\n * @param {Object} kmsMessage\n * @returns {Promise<boolean>}\n */\n _isECDHEMessage(kmsMessage) {\n return this._getKMSStaticPubKey()\n .then((kmsStaticPubKey) => {\n const fields = kmsMessage.split('.');\n\n if (fields.length !== 3) {\n return false;\n }\n\n const header = JSON.parse(jose.util.base64url.decode(fields[0]));\n\n return header.kid === kmsStaticPubKey.kid;\n });\n },\n\n /**\n * Sends a request to the kms\n * @param {Object} payload\n * @param {Object} options\n * @param {Number} options.timeout (internal)\n * @param {string} options.onBehalfOf Run the request on behalf of another user (UUID), used in compliance scenarios\n * @returns {Promise<Object>}\n */\n request(payload, {timeout, onBehalfOf} = {}) {\n timeout = timeout || this.config.kmsInitialTimeout;\n\n // Note: this should only happen when we're using the async kms batcher;\n // once we implement the sync batcher, this'll need to be smarter.\n return this.webex.internal.mercury.connect()\n .then(() => this.prepareRequest(payload, onBehalfOf))\n .then((req) => {\n req[TIMEOUT_SYMBOL] = timeout;\n\n return this.batcher.request(req);\n })\n // High complexity is due to attempt at test mode resiliency\n // eslint-disable-next-line complexity\n .catch((reason) => {\n if (process.env.NODE_ENV === 'test' && (reason.status === 403 || reason.statusCode === 403) && reason.message.match(/Failed to resolve authorization token in KmsMessage request for user/)) {\n this.logger.warn('kms: rerequested key due to test-mode kms auth failure');\n\n return this.request(payload, {onBehalfOf});\n }\n\n // KMS Error. Notify the user\n if (reason instanceof KMSError) {\n this.webex.trigger('client:InvalidRequestError');\n\n return Promise.reject(reason);\n }\n\n // Ideally, most or all of the code below would go in kms-batcher, but\n // but batching needs at least one more round of refactoring for that to\n // work.\n if (!reason.statusCode && !reason.status) {\n /* istanbul ignore else */\n if (process.env.NODE_ENV !== 'production') {\n /* istanbul ignore next: reason.stack vs stack difficult to control in test */\n this.logger.info('kms: request error', reason.stack || reason);\n }\n\n consoleDebug(`timeout ${timeout}`);\n timeout *= 2;\n\n if (timeout >= this.config.ecdhMaxTimeout) {\n this.logger.info('kms: exceeded maximum KMS request retries');\n\n return Promise.reject(reason);\n }\n\n // Peek ahead to make sure we don't reset the timeout if the next timeout\n // will exceed the maximum timeout for renegotiating ECDH keys.\n const nextTimeout = timeout * 2;\n\n if (timeout >= this.config.kmsMaxTimeout && nextTimeout < this.config.ecdhMaxTimeout) {\n this.logger.info('kms: exceeded maximum KMS request retries; negotiating new ecdh key');\n\n /* istanbul ignore else */\n if (process.env.NODE_ENV !== 'production') {\n this.logger.info('kms: timeout/maxtimeout', timeout, this.config.kmsMaxTimeout);\n }\n\n contexts.delete(this);\n timeout = 0;\n }\n\n return this.request(payload, {timeout, onBehalfOf});\n }\n\n return Promise.reject(reason);\n });\n },\n\n /**\n * @private\n * @returns {Promise<string>}\n */\n _getAuthorization() {\n return this.webex.credentials.getUserToken('spark:kms')\n .then((token) => token.access_token);\n },\n\n @oneFlight\n /**\n * @private\n * @param {String} onBehalfOf create context on behalf of another user, undefined when this is not necessary\n * @returns {Promise<Object>}\n */\n _getContext() {\n let promise = contexts.get(this);\n\n if (!promise) {\n promise = this._prepareContext();\n contexts.set(this, promise);\n promise.then((context) => {\n const expiresIn = context.ephemeralKey.expirationDate - Date.now() - 30000;\n\n safeSetTimeout(() => contexts.delete(this), expiresIn);\n });\n }\n\n return Promise.all([\n promise,\n this._getAuthorization()\n ])\n .then(([context, authorization]) => {\n context.clientInfo.credential.bearer = authorization;\n\n return context;\n });\n },\n\n /**\n * @private\n * @returns {Promise<Object>}\n */\n _getKMSCluster() {\n this.logger.info('kms: retrieving KMS cluster');\n\n return this._getKMSDetails()\n .then(({kmsCluster}) => kmsCluster);\n },\n\n /**\n * @private\n * @returns {Promise<Object>}\n */\n _getKMSDetails() {\n let details = kmsDetails.get(this);\n\n if (!details) {\n this.logger.info('kms: fetching KMS details');\n details = this.webex.request({\n service: 'encryption',\n resource: `/kms/${this.webex.internal.device.userId}`\n })\n .then((res) => {\n this.logger.info('kms: fetched KMS details');\n const {body} = res;\n\n body.rsaPublicKey = JSON.parse(body.rsaPublicKey);\n\n return body;\n })\n .catch((reason) => {\n this.logger.error('kms: failed to fetch KMS details', reason);\n\n return Promise.reject(reason);\n });\n\n kmsDetails.set(this, details);\n }\n\n return details;\n },\n\n /**\n * @private\n * @returns {Promise<Object>}\n */\n _getKMSStaticPubKey() {\n this.logger.info('kms: retrieving KMS static public key');\n\n return this._getKMSDetails()\n .then(({rsaPublicKey}) => rsaPublicKey);\n },\n\n /**\n * @private\n * @returns {Promise<Object>}\n */\n _prepareContext() {\n this.logger.info('kms: creating context');\n const context = new Context();\n\n return Promise.all([\n this._getKMSStaticPubKey().then(validateKMS(this.config.caroots)),\n this._getAuthorization()\n ])\n .then(([kmsStaticPubKey, authorization]) => {\n context.clientInfo = {\n clientId: this.webex.internal.device.url,\n credential: {\n userId: this.webex.internal.device.userId,\n bearer: authorization\n }\n };\n\n context.serverInfo = {\n key: kmsStaticPubKey\n };\n\n this.logger.info('kms: creating local ephemeral key');\n\n return context.createECDHKey();\n })\n .then((localECDHKey) => {\n context.ephemeralKey = localECDHKey;\n partialContexts.set(this, context);\n\n return Promise.all([localECDHKey.asKey(), this._getKMSCluster()]);\n })\n .then(([localECDHKey, cluster]) => {\n this.logger.info('kms: submitting ephemeral key request');\n\n return this.request({\n uri: `${cluster}/ecdhe`,\n method: 'create',\n jwk: localECDHKey.toJSON()\n });\n })\n .then((res) => {\n this.logger.info('kms: deriving final ephemeral key');\n\n return context.deriveEphemeralKey(res.key);\n })\n .then((key) => {\n context.ephemeralKey = key;\n partialContexts.delete(this);\n this.logger.info('kms: derived final ephemeral key');\n\n return context;\n })\n .catch((reason) => {\n this.logger.error('kms: failed to negotiate ephemeral key', reason);\n\n return Promise.reject(reason);\n });\n },\n\n /**\n * KMS 'retrieve' requests can be made on behalf of another user. This is useful\n * for scenarios such as eDiscovery. i.e. Where an authorized compliance officer is\n * entitled to retrieve content generated by any organisational user.\n * As the KMSContext is cached, updating it will affect separate requests. Hence when\n * making a request onBehalfOf another user create a new context for just this request.\n * However this context will be 'light' as it only needs to change one field.\n * @param {Object} originalContext - The base context to 'copy'\n * @param {String} onBehalfOf - The user specified in the new context\n * @returns {Context} A 'copy' of the existing context with a new user specified\n * @private\n */\n _contextOnBehalfOf(originalContext, onBehalfOf) {\n const context = new Context();\n\n context.clientInfo = context.clientInfo = {\n clientId: originalContext.clientInfo.clientId,\n credential: {\n userId: onBehalfOf,\n onBehalfOf, // Supports running onBehalfOf self. i.e. A CO which calls onBehalfOf with CO.id.\n bearer: originalContext.clientInfo.credential.bearer\n }\n };\n context.serverInfo = originalContext.serverInfo;\n context.ephemeralKey = originalContext.ephemeralKey;\n\n return context;\n }\n});\n\nexport default KMS;\n"]}
|
|
1
|
+
{"version":3,"names":["contexts","kmsDetails","partialContexts","consoleDebug","require","KMS","WebexPlugin","extend","keyFactory","uri","onBehalfOf","namespace","children","batcher","KMSBatcher","bindKey","kro","kroUri","key","keyUri","logger","info","reject","Error","request","method","resourceUri","then","res","createResource","userIds","keyUris","keys","reduce","uris","k","push","length","resource","addAuthorization","authIds","concat","authorizations","listAuthorizations","removeAuthorization","authId","userId","querystring","stringify","createUnboundKeys","count","all","map","asKey","fetchKey","ping","jose","JWK","jwk","prepareRequest","payload","isECDHRequest","includes","resolve","get","_getContext","context","req","Request","requestContext","_contextOnBehalfOf","wrap","serverKey","process","env","NODE_ENV","util","inspect","JSON","parse","depth","processKmsMessageEvent","event","encryption","kmsMessages","kmsMessage","index","_isECDHEMessage","isECDHMessage","Response","unwrap","catch","reason","error","stack","decryptKmsMessage","body","_getKMSStaticPubKey","kmsStaticPubKey","fields","split","header","base64url","decode","kid","timeout","config","kmsInitialTimeout","webex","internal","mercury","connect","TIMEOUT_SYMBOL","status","statusCode","message","match","warn","KMSError","trigger","ecdhMaxTimeout","nextTimeout","kmsMaxTimeout","delete","_getAuthorization","credentials","getUserToken","token","access_token","promise","_prepareContext","set","expiresIn","ephemeralKey","expirationDate","authorization","clientInfo","credential","bearer","_getKMSCluster","_getKMSDetails","kmsCluster","details","service","device","rsaPublicKey","Context","caroots","clientId","url","serverInfo","createECDHKey","localECDHKey","cluster","toJSON","deriveEphemeralKey","originalContext","oneFlight"],"sources":["kms.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport querystring from 'querystring';\nimport util from 'util';\n\nimport {safeSetTimeout} from '@webex/common-timers';\nimport {oneFlight} from '@webex/common';\nimport {WebexPlugin} from '@webex/webex-core';\nimport {Context, Request, Response} from 'node-kms';\nimport jose from 'node-jose';\nimport {omit} from 'lodash';\n\nimport KMSBatcher, {TIMEOUT_SYMBOL} from './kms-batcher';\nimport validateKMS, {KMSError} from './kms-certificate-validation';\n\nconst contexts = new WeakMap();\nconst kmsDetails = new WeakMap();\nconst partialContexts = new WeakMap();\n\nconst consoleDebug = require('debug')('kms');\n\n/**\n * @class\n */\nconst KMS = WebexPlugin.extend({\n namespace: 'Encryption',\n\n children: {\n batcher: KMSBatcher\n },\n\n /**\n * Binds a key to a resource\n * @param {Object} options\n * @param {KMSResourceObject} options.kro\n * @param {string} options.kroUri\n * @param {Key} options.key\n * @param {string} options.keyUri\n * @returns {Promise<Key>}\n */\n bindKey({\n kro, kroUri, key, keyUri\n }) {\n kroUri = kroUri || kro.uri;\n keyUri = keyUri || key.uri;\n\n this.logger.info('kms: binding key to resource');\n\n /* istanbul ignore if */\n if (!kroUri) {\n return Promise.reject(new Error('`kro` or `kroUri` is required'));\n }\n\n /* istanbul ignore if */\n if (!keyUri) {\n return Promise.reject(new Error('`key` or `keyUri` is required'));\n }\n\n return this.request({\n method: 'update',\n resourceUri: kroUri,\n uri: keyUri\n })\n .then((res) => {\n this.logger.info('kms: bound key to resource');\n\n return res.key;\n });\n },\n\n /**\n * Creates a new KMS Resource\n * @param {Object} options\n * @param {Array<string>} options.userIds\n * @param {Array<string>} options.keyUris\n * @param {Key} options.key\n * @param {Array<Keys>} options.keys\n * @returns {Promise<KMSResourceObject>}\n */\n createResource({\n userIds, keyUris, key, keys\n }) {\n keyUris = keyUris || [];\n /* istanbul ignore if */\n if (keys) {\n keyUris = keys.reduce((uris, k) => {\n uris.push(k.uri);\n\n return uris;\n }, keyUris);\n }\n\n /* istanbul ignore else */\n if (key) {\n keyUris.push(key.uri);\n }\n\n /* istanbul ignore if */\n if (keyUris.length === 0) {\n return Promise.reject(new Error('Cannot create KMS Resource without at least one keyUri'));\n }\n\n this.logger.info('kms: creating resource');\n\n return this.request({\n method: 'create',\n uri: '/resources',\n userIds,\n keyUris\n })\n .then((res) => {\n this.logger.info('kms: created resource');\n\n return res.resource;\n });\n },\n\n /**\n * Authorizes a user or KRO to a KRO\n * @param {Object} options\n * @param {Array<string>} options.userIds\n * @param {Array<string>} options.authIds interchangable with userIds\n * @param {KMSResourceObject} options.kro the target kro\n * @param {string} options.kroUri\n * @returns {Promise<KMSAuthorizationObject>}\n */\n addAuthorization({\n userIds, authIds, kro, kroUri\n }) {\n userIds = userIds || [];\n kroUri = kroUri || kro.uri;\n\n if (authIds) {\n userIds = userIds.concat(authIds);\n }\n\n /* istanbul ignore if */\n if (userIds.length === 0) {\n return Promise.reject(new Error('Cannot add authorization without userIds or authIds'));\n }\n\n /* istanbul ignore if */\n if (!kroUri) {\n return Promise.reject(new Error('`kro` or `kroUri` is required'));\n }\n\n this.logger.info('kms: adding authorization to kms resource');\n\n return this.request({\n method: 'create',\n uri: '/authorizations',\n resourceUri: kroUri,\n userIds\n })\n .then((res) => {\n this.logger.info('kms: added authorization');\n\n return res.authorizations;\n });\n },\n\n /**\n * Retrieve a list of users that have been authorized to the KRO\n * @param {Object} options\n * @param {KMSResourceObject} options.kro the target kro\n * @param {string} options.kroUri\n * @returns {Array<authId>}\n */\n listAuthorizations({kro, kroUri}) {\n kroUri = kroUri || kro.uri;\n /* istanbul ignore if */\n if (!kroUri) {\n return Promise.reject(new Error('`kro` or `kroUri` is required'));\n }\n\n return this.request({\n method: 'retrieve',\n uri: `${kroUri}/authorizations`\n })\n .then((res) => {\n this.logger.info('kms: retrieved authorization list');\n\n return res.authorizations;\n });\n },\n\n /**\n * Deauthorizes a user or KRO from a KRO\n * @param {Object} options\n * @param {string} options.userId\n * @param {string} options.authId interchangable with userIds\n * @param {KMSResourceObject} options.kro the target kro\n * @param {string} options.kroUri\n * @returns {Promise<KMSAuthorizationObject>}\n */\n removeAuthorization({\n authId, userId, kro, kroUri\n }) {\n authId = authId || userId;\n kroUri = kroUri || kro.uri;\n\n /* istanbul ignore if */\n if (!authId) {\n return Promise.reject(new Error('Cannot remove authorization without authId'));\n }\n\n /* istanbul ignore if */\n if (!kroUri) {\n return Promise.reject(new Error('`kro` or `kroUri` is required'));\n }\n\n this.logger.info('kms: removing authorization from kms resource');\n\n return this.request({\n method: 'delete',\n uri: `${kroUri}/authorizations?${querystring.stringify({authId})}`\n })\n .then((res) => {\n this.logger.info('kms: removed authorization');\n\n return res.authorizations;\n });\n },\n\n /**\n * Requests `count` unbound keys from the kms\n * @param {Object} options\n * @param {Number} options.count\n * @returns {Array<Key>}\n */\n createUnboundKeys({count}) {\n this.logger.info(`kms: request ${count} unbound keys`);\n\n /* istanbul ignore if */\n if (!count) {\n return Promise.reject(new Error('`options.count` is required'));\n }\n\n return this.request({\n method: 'create',\n uri: '/keys',\n count\n })\n .then((res) => {\n this.logger.info('kms: received unbound keys');\n\n return Promise.all(res.keys.map(this.asKey));\n });\n },\n\n /**\n * Fetches the specified key from the kms\n * @param {Object} options\n * @param {string} options.uri\n * @param {string} options.onBehalfOf The id of a user, upon whose behalf, the key is to be retrieved or undefined if retrieval is for the active user\n * @returns {Promise<Key>}\n */\n // Ideally, this would be done via the kms batcher, but other than request id,\n // there isn't any other userful key in a kms response to match it to a\n // request. as such, we need the batcher to group requests, but one flight to\n // make sure we don't make the same request multiple times.\n @oneFlight({\n keyFactory: ({uri, onBehalfOf}) => `${uri}/${onBehalfOf}`\n })\n fetchKey({uri, onBehalfOf}) {\n /* istanbul ignore if */\n if (!uri) {\n return Promise.reject(new Error('`options.uri` is required'));\n }\n\n this.logger.info('kms: fetching key');\n\n return this.request({\n method: 'retrieve',\n uri\n }, {onBehalfOf})\n .then((res) => {\n this.logger.info('kms: fetched key');\n\n return this.asKey(res.key);\n });\n },\n\n /**\n * Pings the kms. Mostly for testing\n * @returns {Promise}\n */\n ping() {\n return this.request({\n method: 'update',\n uri: '/ping'\n });\n },\n\n /**\n * Ensures a key obect is Key instance\n * @param {Object} key\n * @returns {Promise<Key>}\n */\n asKey(key) {\n return jose.JWK.asKey(key.jwk)\n .then((jwk) => {\n key.jwk = jwk;\n\n return key;\n });\n },\n\n /**\n * Adds appropriate metadata to the KMS request\n * @param {Object} payload\n * @param {Object} onBehalfOf Optional parameter to prepare the request on behalf of another user\n * @returns {Promise<KMS.Request>}\n */\n prepareRequest(payload, onBehalfOf) {\n const isECDHRequest = payload.method === 'create' && payload.uri.includes('/ecdhe');\n\n return Promise.resolve(isECDHRequest ? partialContexts.get(this) : this._getContext())\n .then((context) => {\n this.logger.info(`kms: wrapping ${isECDHRequest ? 'ephemeral key' : 'kms'} request`);\n const req = new Request(payload);\n let requestContext = context;\n\n if (onBehalfOf) {\n requestContext = this._contextOnBehalfOf(context, onBehalfOf);\n }\n\n return req.wrap(requestContext, {serverKey: isECDHRequest})\n .then(() => {\n /* istanbul ignore else */\n if (process.env.NODE_ENV !== 'production') {\n this.logger.info('kms: request payload', util.inspect(omit(JSON.parse(JSON.stringify(req)), 'wrapped'), {depth: null}));\n }\n\n return req;\n });\n });\n },\n\n /**\n * Accepts a kms message event, decrypts it, and passes it to the batcher\n * @param {Object} event\n * @returns {Promise<Object>}\n */\n processKmsMessageEvent(event) {\n this.logger.info('kms: received kms message');\n\n return Promise.all(event.encryption.kmsMessages.map((kmsMessage, index) => this._isECDHEMessage(kmsMessage)\n .then((isECDHMessage) => {\n this.logger.info(`kms: received ${isECDHMessage ? 'ecdhe' : 'normal'} message`);\n const res = new Response(kmsMessage);\n\n return Promise.resolve(isECDHMessage ? partialContexts.get(this) : contexts.get(this))\n // eslint-disable-next-line max-nested-callbacks\n .then((context) => res.unwrap(context))\n // eslint-disable-next-line max-nested-callbacks\n .then(() => {\n if (process.env.NODE_ENV !== 'production') {\n this.logger.info('kms: response payload', util.inspect(omit(JSON.parse(JSON.stringify(res)), 'wrapped'), {depth: null}));\n }\n })\n // eslint-disable-next-line max-nested-callbacks\n .then(() => { event.encryption.kmsMessages[index] = res; })\n // eslint-disable-next-line max-nested-callbacks\n .then(() => res);\n })))\n .then(() => this.batcher.processKmsMessageEvent(event))\n .catch((reason) => {\n this.logger.error('kms: decrypt failed', reason.stack);\n\n return Promise.reject(reason);\n })\n .then(() => event);\n },\n\n /**\n * Decrypts a kms message\n * @param {Object} kmsMessage\n * @returns {Promise<Object>}\n */\n decryptKmsMessage(kmsMessage) {\n const res = new Response(kmsMessage);\n\n return contexts.get(this)\n .then((context) => res.unwrap(context))\n .then(() => res.body);\n },\n\n /**\n * Determines if the kms message is an ecdhe message or a normal message\n * @param {Object} kmsMessage\n * @returns {Promise<boolean>}\n */\n _isECDHEMessage(kmsMessage) {\n return this._getKMSStaticPubKey()\n .then((kmsStaticPubKey) => {\n const fields = kmsMessage.split('.');\n\n if (fields.length !== 3) {\n return false;\n }\n\n const header = JSON.parse(jose.util.base64url.decode(fields[0]));\n\n return header.kid === kmsStaticPubKey.kid;\n });\n },\n\n /**\n * Sends a request to the kms\n * @param {Object} payload\n * @param {Object} options\n * @param {Number} options.timeout (internal)\n * @param {string} options.onBehalfOf Run the request on behalf of another user (UUID), used in compliance scenarios\n * @returns {Promise<Object>}\n */\n request(payload, {timeout, onBehalfOf} = {}) {\n timeout = timeout || this.config.kmsInitialTimeout;\n\n // Note: this should only happen when we're using the async kms batcher;\n // once we implement the sync batcher, this'll need to be smarter.\n return this.webex.internal.mercury.connect()\n .then(() => this.prepareRequest(payload, onBehalfOf))\n .then((req) => {\n req[TIMEOUT_SYMBOL] = timeout;\n\n return this.batcher.request(req);\n })\n // High complexity is due to attempt at test mode resiliency\n // eslint-disable-next-line complexity\n .catch((reason) => {\n if (process.env.NODE_ENV === 'test' && (reason.status === 403 || reason.statusCode === 403) && reason.message.match(/Failed to resolve authorization token in KmsMessage request for user/)) {\n this.logger.warn('kms: rerequested key due to test-mode kms auth failure');\n\n return this.request(payload, {onBehalfOf});\n }\n\n // KMS Error. Notify the user\n if (reason instanceof KMSError) {\n this.webex.trigger('client:InvalidRequestError');\n\n return Promise.reject(reason);\n }\n\n // Ideally, most or all of the code below would go in kms-batcher, but\n // but batching needs at least one more round of refactoring for that to\n // work.\n if (!reason.statusCode && !reason.status) {\n /* istanbul ignore else */\n if (process.env.NODE_ENV !== 'production') {\n /* istanbul ignore next: reason.stack vs stack difficult to control in test */\n this.logger.info('kms: request error', reason.stack || reason);\n }\n\n consoleDebug(`timeout ${timeout}`);\n timeout *= 2;\n\n if (timeout >= this.config.ecdhMaxTimeout) {\n this.logger.info('kms: exceeded maximum KMS request retries');\n\n return Promise.reject(reason);\n }\n\n // Peek ahead to make sure we don't reset the timeout if the next timeout\n // will exceed the maximum timeout for renegotiating ECDH keys.\n const nextTimeout = timeout * 2;\n\n if (timeout >= this.config.kmsMaxTimeout && nextTimeout < this.config.ecdhMaxTimeout) {\n this.logger.info('kms: exceeded maximum KMS request retries; negotiating new ecdh key');\n\n /* istanbul ignore else */\n if (process.env.NODE_ENV !== 'production') {\n this.logger.info('kms: timeout/maxtimeout', timeout, this.config.kmsMaxTimeout);\n }\n\n contexts.delete(this);\n timeout = 0;\n }\n\n return this.request(payload, {timeout, onBehalfOf});\n }\n\n return Promise.reject(reason);\n });\n },\n\n /**\n * @private\n * @returns {Promise<string>}\n */\n _getAuthorization() {\n return this.webex.credentials.getUserToken('spark:kms')\n .then((token) => token.access_token);\n },\n\n @oneFlight\n /**\n * @private\n * @param {String} onBehalfOf create context on behalf of another user, undefined when this is not necessary\n * @returns {Promise<Object>}\n */\n _getContext() {\n let promise = contexts.get(this);\n\n if (!promise) {\n promise = this._prepareContext();\n contexts.set(this, promise);\n promise.then((context) => {\n const expiresIn = context.ephemeralKey.expirationDate - Date.now() - 30000;\n\n safeSetTimeout(() => contexts.delete(this), expiresIn);\n });\n }\n\n return Promise.all([\n promise,\n this._getAuthorization()\n ])\n .then(([context, authorization]) => {\n context.clientInfo.credential.bearer = authorization;\n\n return context;\n });\n },\n\n /**\n * @private\n * @returns {Promise<Object>}\n */\n _getKMSCluster() {\n this.logger.info('kms: retrieving KMS cluster');\n\n return this._getKMSDetails()\n .then(({kmsCluster}) => kmsCluster);\n },\n\n /**\n * @private\n * @returns {Promise<Object>}\n */\n _getKMSDetails() {\n let details = kmsDetails.get(this);\n\n if (!details) {\n this.logger.info('kms: fetching KMS details');\n details = this.webex.request({\n service: 'encryption',\n resource: `/kms/${this.webex.internal.device.userId}`\n })\n .then((res) => {\n this.logger.info('kms: fetched KMS details');\n const {body} = res;\n\n body.rsaPublicKey = JSON.parse(body.rsaPublicKey);\n\n return body;\n })\n .catch((reason) => {\n this.logger.error('kms: failed to fetch KMS details', reason);\n\n return Promise.reject(reason);\n });\n\n kmsDetails.set(this, details);\n }\n\n return details;\n },\n\n /**\n * @private\n * @returns {Promise<Object>}\n */\n _getKMSStaticPubKey() {\n this.logger.info('kms: retrieving KMS static public key');\n\n return this._getKMSDetails()\n .then(({rsaPublicKey}) => rsaPublicKey);\n },\n\n /**\n * @private\n * @returns {Promise<Object>}\n */\n _prepareContext() {\n this.logger.info('kms: creating context');\n const context = new Context();\n\n return Promise.all([\n this._getKMSStaticPubKey().then(validateKMS(this.config.caroots)),\n this._getAuthorization()\n ])\n .then(([kmsStaticPubKey, authorization]) => {\n context.clientInfo = {\n clientId: this.webex.internal.device.url,\n credential: {\n userId: this.webex.internal.device.userId,\n bearer: authorization\n }\n };\n\n context.serverInfo = {\n key: kmsStaticPubKey\n };\n\n this.logger.info('kms: creating local ephemeral key');\n\n return context.createECDHKey();\n })\n .then((localECDHKey) => {\n context.ephemeralKey = localECDHKey;\n partialContexts.set(this, context);\n\n return Promise.all([localECDHKey.asKey(), this._getKMSCluster()]);\n })\n .then(([localECDHKey, cluster]) => {\n this.logger.info('kms: submitting ephemeral key request');\n\n return this.request({\n uri: `${cluster}/ecdhe`,\n method: 'create',\n jwk: localECDHKey.toJSON()\n });\n })\n .then((res) => {\n this.logger.info('kms: deriving final ephemeral key');\n\n return context.deriveEphemeralKey(res.key);\n })\n .then((key) => {\n context.ephemeralKey = key;\n partialContexts.delete(this);\n this.logger.info('kms: derived final ephemeral key');\n\n return context;\n })\n .catch((reason) => {\n this.logger.error('kms: failed to negotiate ephemeral key', reason);\n\n return Promise.reject(reason);\n });\n },\n\n /**\n * KMS 'retrieve' requests can be made on behalf of another user. This is useful\n * for scenarios such as eDiscovery. i.e. Where an authorized compliance officer is\n * entitled to retrieve content generated by any organisational user.\n * As the KMSContext is cached, updating it will affect separate requests. Hence when\n * making a request onBehalfOf another user create a new context for just this request.\n * However this context will be 'light' as it only needs to change one field.\n * @param {Object} originalContext - The base context to 'copy'\n * @param {String} onBehalfOf - The user specified in the new context\n * @returns {Context} A 'copy' of the existing context with a new user specified\n * @private\n */\n _contextOnBehalfOf(originalContext, onBehalfOf) {\n const context = new Context();\n\n context.clientInfo = context.clientInfo = {\n clientId: originalContext.clientInfo.clientId,\n credential: {\n userId: onBehalfOf,\n onBehalfOf, // Supports running onBehalfOf self. i.e. A CO which calls onBehalfOf with CO.id.\n bearer: originalContext.clientInfo.credential.bearer\n }\n };\n context.serverInfo = originalContext.serverInfo;\n context.ephemeralKey = originalContext.ephemeralKey;\n\n return context;\n }\n});\n\nexport default KMS;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAIA;;AACA;;AAEA;;AACA;;AACA;;AACA;;AACA;;AAGA;;AACA;;;;;;;;AAEA,IAAMA,QAAQ,GAAG,sBAAjB;AACA,IAAMC,UAAU,GAAG,sBAAnB;AACA,IAAMC,eAAe,GAAG,sBAAxB;;AAEA,IAAMC,YAAY,GAAGC,OAAO,CAAC,OAAD,CAAP,CAAiB,KAAjB,CAArB;AAEA;AACA;AACA;;;AACA,IAAMC,GAAG,GAAGC,uBAAYC,MAAZ,SA6OT,uBAAU;EACTC,UAAU,EAAE;IAAA,IAAEC,GAAF,QAAEA,GAAF;IAAA,IAAOC,UAAP,QAAOA,UAAP;IAAA,iBAA0BD,GAA1B,cAAiCC,UAAjC;EAAA;AADH,CAAV,CA7OS,UAAmB;EAC7BC,SAAS,EAAE,YADkB;EAG7BC,QAAQ,EAAE;IACRC,OAAO,EAAEC;EADD,CAHmB;;EAO7B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,OAhB6B,0BAkB1B;IAAA;;IAAA,IADDC,GACC,SADDA,GACC;IAAA,IADIC,MACJ,SADIA,MACJ;IAAA,IADYC,GACZ,SADYA,GACZ;IAAA,IADiBC,MACjB,SADiBA,MACjB;IACDF,MAAM,GAAGA,MAAM,IAAID,GAAG,CAACP,GAAvB;IACAU,MAAM,GAAGA,MAAM,IAAID,GAAG,CAACT,GAAvB;IAEA,KAAKW,MAAL,CAAYC,IAAZ,CAAiB,8BAAjB;IAEA;;IACA,IAAI,CAACJ,MAAL,EAAa;MACX,OAAO,iBAAQK,MAAR,CAAe,IAAIC,KAAJ,CAAU,+BAAV,CAAf,CAAP;IACD;IAED;;;IACA,IAAI,CAACJ,MAAL,EAAa;MACX,OAAO,iBAAQG,MAAR,CAAe,IAAIC,KAAJ,CAAU,+BAAV,CAAf,CAAP;IACD;;IAED,OAAO,KAAKC,OAAL,CAAa;MAClBC,MAAM,EAAE,QADU;MAElBC,WAAW,EAAET,MAFK;MAGlBR,GAAG,EAAEU;IAHa,CAAb,EAKJQ,IALI,CAKC,UAACC,GAAD,EAAS;MACb,KAAI,CAACR,MAAL,CAAYC,IAAZ,CAAiB,4BAAjB;;MAEA,OAAOO,GAAG,CAACV,GAAX;IACD,CATI,CAAP;EAUD,CA5C4B;;EA8C7B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEW,cAvD6B,iCAyD1B;IAAA;;IAAA,IADDC,OACC,SADDA,OACC;IAAA,IADQC,OACR,SADQA,OACR;IAAA,IADiBb,GACjB,SADiBA,GACjB;IAAA,IADsBc,IACtB,SADsBA,IACtB;IACDD,OAAO,GAAGA,OAAO,IAAI,EAArB;IACA;;IACA,IAAIC,IAAJ,EAAU;MACRD,OAAO,GAAGC,IAAI,CAACC,MAAL,CAAY,UAACC,IAAD,EAAOC,CAAP,EAAa;QACjCD,IAAI,CAACE,IAAL,CAAUD,CAAC,CAAC1B,GAAZ;QAEA,OAAOyB,IAAP;MACD,CAJS,EAIPH,OAJO,CAAV;IAKD;IAED;;;IACA,IAAIb,GAAJ,EAAS;MACPa,OAAO,CAACK,IAAR,CAAalB,GAAG,CAACT,GAAjB;IACD;IAED;;;IACA,IAAIsB,OAAO,CAACM,MAAR,KAAmB,CAAvB,EAA0B;MACxB,OAAO,iBAAQf,MAAR,CAAe,IAAIC,KAAJ,CAAU,wDAAV,CAAf,CAAP;IACD;;IAED,KAAKH,MAAL,CAAYC,IAAZ,CAAiB,wBAAjB;IAEA,OAAO,KAAKG,OAAL,CAAa;MAClBC,MAAM,EAAE,QADU;MAElBhB,GAAG,EAAE,YAFa;MAGlBqB,OAAO,EAAPA,OAHkB;MAIlBC,OAAO,EAAPA;IAJkB,CAAb,EAMJJ,IANI,CAMC,UAACC,GAAD,EAAS;MACb,MAAI,CAACR,MAAL,CAAYC,IAAZ,CAAiB,uBAAjB;;MAEA,OAAOO,GAAG,CAACU,QAAX;IACD,CAVI,CAAP;EAWD,CA3F4B;;EA6F7B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,gBAtG6B,mCAwG1B;IAAA;;IAAA,IADDT,OACC,SADDA,OACC;IAAA,IADQU,OACR,SADQA,OACR;IAAA,IADiBxB,GACjB,SADiBA,GACjB;IAAA,IADsBC,MACtB,SADsBA,MACtB;IACDa,OAAO,GAAGA,OAAO,IAAI,EAArB;IACAb,MAAM,GAAGA,MAAM,IAAID,GAAG,CAACP,GAAvB;;IAEA,IAAI+B,OAAJ,EAAa;MACXV,OAAO,GAAGA,OAAO,CAACW,MAAR,CAAeD,OAAf,CAAV;IACD;IAED;;;IACA,IAAIV,OAAO,CAACO,MAAR,KAAmB,CAAvB,EAA0B;MACxB,OAAO,iBAAQf,MAAR,CAAe,IAAIC,KAAJ,CAAU,qDAAV,CAAf,CAAP;IACD;IAED;;;IACA,IAAI,CAACN,MAAL,EAAa;MACX,OAAO,iBAAQK,MAAR,CAAe,IAAIC,KAAJ,CAAU,+BAAV,CAAf,CAAP;IACD;;IAED,KAAKH,MAAL,CAAYC,IAAZ,CAAiB,2CAAjB;IAEA,OAAO,KAAKG,OAAL,CAAa;MAClBC,MAAM,EAAE,QADU;MAElBhB,GAAG,EAAE,iBAFa;MAGlBiB,WAAW,EAAET,MAHK;MAIlBa,OAAO,EAAPA;IAJkB,CAAb,EAMJH,IANI,CAMC,UAACC,GAAD,EAAS;MACb,MAAI,CAACR,MAAL,CAAYC,IAAZ,CAAiB,0BAAjB;;MAEA,OAAOO,GAAG,CAACc,cAAX;IACD,CAVI,CAAP;EAWD,CAvI4B;;EAyI7B;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,kBAhJ6B,qCAgJK;IAAA;;IAAA,IAAd3B,GAAc,SAAdA,GAAc;IAAA,IAATC,MAAS,SAATA,MAAS;IAChCA,MAAM,GAAGA,MAAM,IAAID,GAAG,CAACP,GAAvB;IACA;;IACA,IAAI,CAACQ,MAAL,EAAa;MACX,OAAO,iBAAQK,MAAR,CAAe,IAAIC,KAAJ,CAAU,+BAAV,CAAf,CAAP;IACD;;IAED,OAAO,KAAKC,OAAL,CAAa;MAClBC,MAAM,EAAE,UADU;MAElBhB,GAAG,YAAKQ,MAAL;IAFe,CAAb,EAIJU,IAJI,CAIC,UAACC,GAAD,EAAS;MACb,MAAI,CAACR,MAAL,CAAYC,IAAZ,CAAiB,mCAAjB;;MAEA,OAAOO,GAAG,CAACc,cAAX;IACD,CARI,CAAP;EASD,CAhK4B;;EAkK7B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEE,mBA3K6B,sCA6K1B;IAAA;;IAAA,IADDC,MACC,SADDA,MACC;IAAA,IADOC,MACP,SADOA,MACP;IAAA,IADe9B,GACf,SADeA,GACf;IAAA,IADoBC,MACpB,SADoBA,MACpB;IACD4B,MAAM,GAAGA,MAAM,IAAIC,MAAnB;IACA7B,MAAM,GAAGA,MAAM,IAAID,GAAG,CAACP,GAAvB;IAEA;;IACA,IAAI,CAACoC,MAAL,EAAa;MACX,OAAO,iBAAQvB,MAAR,CAAe,IAAIC,KAAJ,CAAU,4CAAV,CAAf,CAAP;IACD;IAED;;;IACA,IAAI,CAACN,MAAL,EAAa;MACX,OAAO,iBAAQK,MAAR,CAAe,IAAIC,KAAJ,CAAU,+BAAV,CAAf,CAAP;IACD;;IAED,KAAKH,MAAL,CAAYC,IAAZ,CAAiB,+CAAjB;IAEA,OAAO,KAAKG,OAAL,CAAa;MAClBC,MAAM,EAAE,QADU;MAElBhB,GAAG,YAAKQ,MAAL,6BAA8B8B,qBAAYC,SAAZ,CAAsB;QAACH,MAAM,EAANA;MAAD,CAAtB,CAA9B;IAFe,CAAb,EAIJlB,IAJI,CAIC,UAACC,GAAD,EAAS;MACb,MAAI,CAACR,MAAL,CAAYC,IAAZ,CAAiB,4BAAjB;;MAEA,OAAOO,GAAG,CAACc,cAAX;IACD,CARI,CAAP;EASD,CAtM4B;;EAwM7B;AACF;AACA;AACA;AACA;AACA;EACEO,iBA9M6B,oCA8MF;IAAA;;IAAA,IAARC,KAAQ,SAARA,KAAQ;IACzB,KAAK9B,MAAL,CAAYC,IAAZ,wBAAiC6B,KAAjC;IAEA;;IACA,IAAI,CAACA,KAAL,EAAY;MACV,OAAO,iBAAQ5B,MAAR,CAAe,IAAIC,KAAJ,CAAU,6BAAV,CAAf,CAAP;IACD;;IAED,OAAO,KAAKC,OAAL,CAAa;MAClBC,MAAM,EAAE,QADU;MAElBhB,GAAG,EAAE,OAFa;MAGlByC,KAAK,EAALA;IAHkB,CAAb,EAKJvB,IALI,CAKC,UAACC,GAAD,EAAS;MACb,MAAI,CAACR,MAAL,CAAYC,IAAZ,CAAiB,4BAAjB;;MAEA,OAAO,iBAAQ8B,GAAR,CAAYvB,GAAG,CAACI,IAAJ,CAASoB,GAAT,CAAa,MAAI,CAACC,KAAlB,CAAZ,CAAP;IACD,CATI,CAAP;EAUD,CAhO4B;EAgP7BC,QAhP6B,2BAgPD;IAAA;;IAAA,IAAlB7C,GAAkB,SAAlBA,GAAkB;IAAA,IAAbC,UAAa,SAAbA,UAAa;;IAC1B;IACA,IAAI,CAACD,GAAL,EAAU;MACR,OAAO,iBAAQa,MAAR,CAAe,IAAIC,KAAJ,CAAU,2BAAV,CAAf,CAAP;IACD;;IAED,KAAKH,MAAL,CAAYC,IAAZ,CAAiB,mBAAjB;IAEA,OAAO,KAAKG,OAAL,CAAa;MAClBC,MAAM,EAAE,UADU;MAElBhB,GAAG,EAAHA;IAFkB,CAAb,EAGJ;MAACC,UAAU,EAAVA;IAAD,CAHI,EAIJiB,IAJI,CAIC,UAACC,GAAD,EAAS;MACb,MAAI,CAACR,MAAL,CAAYC,IAAZ,CAAiB,kBAAjB;;MAEA,OAAO,MAAI,CAACgC,KAAL,CAAWzB,GAAG,CAACV,GAAf,CAAP;IACD,CARI,CAAP;EASD,CAjQ4B;;EAmQ7B;AACF;AACA;AACA;EACEqC,IAvQ6B,kBAuQtB;IACL,OAAO,KAAK/B,OAAL,CAAa;MAClBC,MAAM,EAAE,QADU;MAElBhB,GAAG,EAAE;IAFa,CAAb,CAAP;EAID,CA5Q4B;;EA8Q7B;AACF;AACA;AACA;AACA;EACE4C,KAnR6B,iBAmRvBnC,GAnRuB,EAmRlB;IACT,OAAOsC,kBAAKC,GAAL,CAASJ,KAAT,CAAenC,GAAG,CAACwC,GAAnB,EACJ/B,IADI,CACC,UAAC+B,GAAD,EAAS;MACbxC,GAAG,CAACwC,GAAJ,GAAUA,GAAV;MAEA,OAAOxC,GAAP;IACD,CALI,CAAP;EAMD,CA1R4B;;EA4R7B;AACF;AACA;AACA;AACA;AACA;EACEyC,cAlS6B,0BAkSdC,OAlSc,EAkSLlD,UAlSK,EAkSO;IAAA;;IAClC,IAAMmD,aAAa,GAAGD,OAAO,CAACnC,MAAR,KAAmB,QAAnB,IAA+BmC,OAAO,CAACnD,GAAR,CAAYqD,QAAZ,CAAqB,QAArB,CAArD;IAEA,OAAO,iBAAQC,OAAR,CAAgBF,aAAa,GAAG3D,eAAe,CAAC8D,GAAhB,CAAoB,IAApB,CAAH,GAA+B,KAAKC,WAAL,EAA5D,EACJtC,IADI,CACC,UAACuC,OAAD,EAAa;MACjB,MAAI,CAAC9C,MAAL,CAAYC,IAAZ,yBAAkCwC,aAAa,GAAG,eAAH,GAAqB,KAApE;;MACA,IAAMM,GAAG,GAAG,IAAIC,gBAAJ,CAAYR,OAAZ,CAAZ;MACA,IAAIS,cAAc,GAAGH,OAArB;;MAEA,IAAIxD,UAAJ,EAAgB;QACd2D,cAAc,GAAG,MAAI,CAACC,kBAAL,CAAwBJ,OAAxB,EAAiCxD,UAAjC,CAAjB;MACD;;MAED,OAAOyD,GAAG,CAACI,IAAJ,CAASF,cAAT,EAAyB;QAACG,SAAS,EAAEX;MAAZ,CAAzB,EACJlC,IADI,CACC,YAAM;QACV;QACA,IAAI8C,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,YAA7B,EAA2C;UACzC,MAAI,CAACvD,MAAL,CAAYC,IAAZ,CAAiB,sBAAjB,EAAyCuD,cAAKC,OAAL,CAAa,oBAAKC,IAAI,CAACC,KAAL,CAAW,wBAAeZ,GAAf,CAAX,CAAL,EAAsC,SAAtC,CAAb,EAA+D;YAACa,KAAK,EAAE;UAAR,CAA/D,CAAzC;QACD;;QAED,OAAOb,GAAP;MACD,CARI,CAAP;IASD,CAnBI,CAAP;EAoBD,CAzT4B;;EA2T7B;AACF;AACA;AACA;AACA;EACEc,sBAhU6B,kCAgUNC,KAhUM,EAgUC;IAAA;;IAC5B,KAAK9D,MAAL,CAAYC,IAAZ,CAAiB,2BAAjB;IAEA,OAAO,iBAAQ8B,GAAR,CAAY+B,KAAK,CAACC,UAAN,CAAiBC,WAAjB,CAA6BhC,GAA7B,CAAiC,UAACiC,UAAD,EAAaC,KAAb;MAAA,OAAuB,MAAI,CAACC,eAAL,CAAqBF,UAArB,EACxE1D,IADwE,CACnE,UAAC6D,aAAD,EAAmB;QACvB,MAAI,CAACpE,MAAL,CAAYC,IAAZ,yBAAkCmE,aAAa,GAAG,OAAH,GAAa,QAA5D;;QACA,IAAM5D,GAAG,GAAG,IAAI6D,iBAAJ,CAAaJ,UAAb,CAAZ;QAEA,OAAO,iBAAQtB,OAAR,CAAgByB,aAAa,GAAGtF,eAAe,CAAC8D,GAAhB,CAAoB,MAApB,CAAH,GAA+BhE,QAAQ,CAACgE,GAAT,CAAa,MAAb,CAA5D,EACL;QADK,CAEJrC,IAFI,CAEC,UAACuC,OAAD;UAAA,OAAatC,GAAG,CAAC8D,MAAJ,CAAWxB,OAAX,CAAb;QAAA,CAFD,EAGL;QAHK,CAIJvC,IAJI,CAIC,YAAM;UACV,IAAI8C,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,YAA7B,EAA2C;YACzC,MAAI,CAACvD,MAAL,CAAYC,IAAZ,CAAiB,uBAAjB,EAA0CuD,cAAKC,OAAL,CAAa,oBAAKC,IAAI,CAACC,KAAL,CAAW,wBAAenD,GAAf,CAAX,CAAL,EAAsC,SAAtC,CAAb,EAA+D;cAACoD,KAAK,EAAE;YAAR,CAA/D,CAA1C;UACD;QACF,CARI,EASL;QATK,CAUJrD,IAVI,CAUC,YAAM;UAAEuD,KAAK,CAACC,UAAN,CAAiBC,WAAjB,CAA6BE,KAA7B,IAAsC1D,GAAtC;QAA4C,CAVrD,EAWL;QAXK,CAYJD,IAZI,CAYC;UAAA,OAAMC,GAAN;QAAA,CAZD,CAAP;MAaD,CAlBwE,CAAvB;IAAA,CAAjC,CAAZ,EAmBJD,IAnBI,CAmBC;MAAA,OAAM,MAAI,CAACd,OAAL,CAAaoE,sBAAb,CAAoCC,KAApC,CAAN;IAAA,CAnBD,EAoBJS,KApBI,CAoBE,UAACC,MAAD,EAAY;MACjB,MAAI,CAACxE,MAAL,CAAYyE,KAAZ,CAAkB,qBAAlB,EAAyCD,MAAM,CAACE,KAAhD;;MAEA,OAAO,iBAAQxE,MAAR,CAAesE,MAAf,CAAP;IACD,CAxBI,EAyBJjE,IAzBI,CAyBC;MAAA,OAAMuD,KAAN;IAAA,CAzBD,CAAP;EA0BD,CA7V4B;;EA+V7B;AACF;AACA;AACA;AACA;EACEa,iBApW6B,6BAoWXV,UApWW,EAoWC;IAC5B,IAAMzD,GAAG,GAAG,IAAI6D,iBAAJ,CAAaJ,UAAb,CAAZ;IAEA,OAAOrF,QAAQ,CAACgE,GAAT,CAAa,IAAb,EACJrC,IADI,CACC,UAACuC,OAAD;MAAA,OAAatC,GAAG,CAAC8D,MAAJ,CAAWxB,OAAX,CAAb;IAAA,CADD,EAEJvC,IAFI,CAEC;MAAA,OAAMC,GAAG,CAACoE,IAAV;IAAA,CAFD,CAAP;EAGD,CA1W4B;;EA4W7B;AACF;AACA;AACA;AACA;EACET,eAjX6B,2BAiXbF,UAjXa,EAiXD;IAC1B,OAAO,KAAKY,mBAAL,GACJtE,IADI,CACC,UAACuE,eAAD,EAAqB;MACzB,IAAMC,MAAM,GAAGd,UAAU,CAACe,KAAX,CAAiB,GAAjB,CAAf;;MAEA,IAAID,MAAM,CAAC9D,MAAP,KAAkB,CAAtB,EAAyB;QACvB,OAAO,KAAP;MACD;;MAED,IAAMgE,MAAM,GAAGvB,IAAI,CAACC,KAAL,CAAWvB,kBAAKoB,IAAL,CAAU0B,SAAV,CAAoBC,MAApB,CAA2BJ,MAAM,CAAC,CAAD,CAAjC,CAAX,CAAf;MAEA,OAAOE,MAAM,CAACG,GAAP,KAAeN,eAAe,CAACM,GAAtC;IACD,CAXI,CAAP;EAYD,CA9X4B;;EAgY7B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEhF,OAxY6B,mBAwYrBoC,OAxYqB,EAwYgB;IAAA;;IAAA,gFAAJ,EAAI;IAAA,IAA3B6C,OAA2B,SAA3BA,OAA2B;IAAA,IAAlB/F,UAAkB,SAAlBA,UAAkB;;IAC3C+F,OAAO,GAAGA,OAAO,IAAI,KAAKC,MAAL,CAAYC,iBAAjC,CAD2C,CAG3C;IACA;;IACA,OAAO,KAAKC,KAAL,CAAWC,QAAX,CAAoBC,OAApB,CAA4BC,OAA5B,GACJpF,IADI,CACC;MAAA,OAAM,OAAI,CAACgC,cAAL,CAAoBC,OAApB,EAA6BlD,UAA7B,CAAN;IAAA,CADD,EAEJiB,IAFI,CAEC,UAACwC,GAAD,EAAS;MACbA,GAAG,CAAC6C,0BAAD,CAAH,GAAsBP,OAAtB;MAEA,OAAO,OAAI,CAAC5F,OAAL,CAAaW,OAAb,CAAqB2C,GAArB,CAAP;IACD,CANI,EAOL;IACA;IARK,CASJwB,KATI,CASE,UAACC,MAAD,EAAY;MACjB,IAAInB,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,MAAzB,KAAoCiB,MAAM,CAACqB,MAAP,KAAkB,GAAlB,IAAyBrB,MAAM,CAACsB,UAAP,KAAsB,GAAnF,KAA2FtB,MAAM,CAACuB,OAAP,CAAeC,KAAf,CAAqB,sEAArB,CAA/F,EAA6L;QAC3L,OAAI,CAAChG,MAAL,CAAYiG,IAAZ,CAAiB,wDAAjB;;QAEA,OAAO,OAAI,CAAC7F,OAAL,CAAaoC,OAAb,EAAsB;UAAClD,UAAU,EAAVA;QAAD,CAAtB,CAAP;MACD,CALgB,CAOjB;;;MACA,IAAIkF,MAAM,YAAY0B,kCAAtB,EAAgC;QAC9B,OAAI,CAACV,KAAL,CAAWW,OAAX,CAAmB,4BAAnB;;QAEA,OAAO,iBAAQjG,MAAR,CAAesE,MAAf,CAAP;MACD,CAZgB,CAcjB;MACA;MACA;;;MACA,IAAI,CAACA,MAAM,CAACsB,UAAR,IAAsB,CAACtB,MAAM,CAACqB,MAAlC,EAA0C;QACxC;QACA,IAAIxC,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,YAA7B,EAA2C;UACzC;UACA,OAAI,CAACvD,MAAL,CAAYC,IAAZ,CAAiB,oBAAjB,EAAuCuE,MAAM,CAACE,KAAP,IAAgBF,MAAvD;QACD;;QAEDzF,YAAY,mBAAYsG,OAAZ,EAAZ;QACAA,OAAO,IAAI,CAAX;;QAEA,IAAIA,OAAO,IAAI,OAAI,CAACC,MAAL,CAAYc,cAA3B,EAA2C;UACzC,OAAI,CAACpG,MAAL,CAAYC,IAAZ,CAAiB,2CAAjB;;UAEA,OAAO,iBAAQC,MAAR,CAAesE,MAAf,CAAP;QACD,CAduC,CAgBxC;QACA;;;QACA,IAAM6B,WAAW,GAAGhB,OAAO,GAAG,CAA9B;;QAEA,IAAIA,OAAO,IAAI,OAAI,CAACC,MAAL,CAAYgB,aAAvB,IAAwCD,WAAW,GAAG,OAAI,CAACf,MAAL,CAAYc,cAAtE,EAAsF;UACpF,OAAI,CAACpG,MAAL,CAAYC,IAAZ,CAAiB,qEAAjB;UAEA;;;UACA,IAAIoD,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,YAA7B,EAA2C;YACzC,OAAI,CAACvD,MAAL,CAAYC,IAAZ,CAAiB,yBAAjB,EAA4CoF,OAA5C,EAAqD,OAAI,CAACC,MAAL,CAAYgB,aAAjE;UACD;;UAED1H,QAAQ,CAAC2H,MAAT,CAAgB,OAAhB;UACAlB,OAAO,GAAG,CAAV;QACD;;QAED,OAAO,OAAI,CAACjF,OAAL,CAAaoC,OAAb,EAAsB;UAAC6C,OAAO,EAAPA,OAAD;UAAU/F,UAAU,EAAVA;QAAV,CAAtB,CAAP;MACD;;MAED,OAAO,iBAAQY,MAAR,CAAesE,MAAf,CAAP;IACD,CA9DI,CAAP;EA+DD,CA5c4B;;EA8c7B;AACF;AACA;AACA;EACEgC,iBAld6B,+BAkdT;IAClB,OAAO,KAAKhB,KAAL,CAAWiB,WAAX,CAAuBC,YAAvB,CAAoC,WAApC,EACJnG,IADI,CACC,UAACoG,KAAD;MAAA,OAAWA,KAAK,CAACC,YAAjB;IAAA,CADD,CAAP;EAED,CArd4B;;EAwd7B;AACF;AACA;AACA;AACA;EACE/D,WA7d6B,yBA6df;IAAA;;IACZ,IAAIgE,OAAO,GAAGjI,QAAQ,CAACgE,GAAT,CAAa,IAAb,CAAd;;IAEA,IAAI,CAACiE,OAAL,EAAc;MACZA,OAAO,GAAG,KAAKC,eAAL,EAAV;MACAlI,QAAQ,CAACmI,GAAT,CAAa,IAAb,EAAmBF,OAAnB;MACAA,OAAO,CAACtG,IAAR,CAAa,UAACuC,OAAD,EAAa;QACxB,IAAMkE,SAAS,GAAGlE,OAAO,CAACmE,YAAR,CAAqBC,cAArB,GAAsC,mBAAtC,GAAmD,KAArE;QAEA,kCAAe;UAAA,OAAMtI,QAAQ,CAAC2H,MAAT,CAAgB,OAAhB,CAAN;QAAA,CAAf,EAA4CS,SAA5C;MACD,CAJD;IAKD;;IAED,OAAO,iBAAQjF,GAAR,CAAY,CACjB8E,OADiB,EAEjB,KAAKL,iBAAL,EAFiB,CAAZ,EAIJjG,IAJI,CAIC,kBAA8B;MAAA;MAAA,IAA5BuC,OAA4B;MAAA,IAAnBqE,aAAmB;;MAClCrE,OAAO,CAACsE,UAAR,CAAmBC,UAAnB,CAA8BC,MAA9B,GAAuCH,aAAvC;MAEA,OAAOrE,OAAP;IACD,CARI,CAAP;EASD,CAnf4B;;EAqf7B;AACF;AACA;AACA;EACEyE,cAzf6B,4BAyfZ;IACf,KAAKvH,MAAL,CAAYC,IAAZ,CAAiB,6BAAjB;IAEA,OAAO,KAAKuH,cAAL,GACJjH,IADI,CACC;MAAA,IAAEkH,UAAF,UAAEA,UAAF;MAAA,OAAkBA,UAAlB;IAAA,CADD,CAAP;EAED,CA9f4B;;EAggB7B;AACF;AACA;AACA;EACED,cApgB6B,4BAogBZ;IAAA;;IACf,IAAIE,OAAO,GAAG7I,UAAU,CAAC+D,GAAX,CAAe,IAAf,CAAd;;IAEA,IAAI,CAAC8E,OAAL,EAAc;MACZ,KAAK1H,MAAL,CAAYC,IAAZ,CAAiB,2BAAjB;MACAyH,OAAO,GAAG,KAAKlC,KAAL,CAAWpF,OAAX,CAAmB;QAC3BuH,OAAO,EAAE,YADkB;QAE3BzG,QAAQ,iBAAU,KAAKsE,KAAL,CAAWC,QAAX,CAAoBmC,MAApB,CAA2BlG,MAArC;MAFmB,CAAnB,EAIPnB,IAJO,CAIF,UAACC,GAAD,EAAS;QACb,OAAI,CAACR,MAAL,CAAYC,IAAZ,CAAiB,0BAAjB;;QACA,IAAO2E,IAAP,GAAepE,GAAf,CAAOoE,IAAP;QAEAA,IAAI,CAACiD,YAAL,GAAoBnE,IAAI,CAACC,KAAL,CAAWiB,IAAI,CAACiD,YAAhB,CAApB;QAEA,OAAOjD,IAAP;MACD,CAXO,EAYPL,KAZO,CAYD,UAACC,MAAD,EAAY;QACjB,OAAI,CAACxE,MAAL,CAAYyE,KAAZ,CAAkB,kCAAlB,EAAsDD,MAAtD;;QAEA,OAAO,iBAAQtE,MAAR,CAAesE,MAAf,CAAP;MACD,CAhBO,CAAV;MAkBA3F,UAAU,CAACkI,GAAX,CAAe,IAAf,EAAqBW,OAArB;IACD;;IAED,OAAOA,OAAP;EACD,CA/hB4B;;EAiiB7B;AACF;AACA;AACA;EACE7C,mBAriB6B,iCAqiBP;IACpB,KAAK7E,MAAL,CAAYC,IAAZ,CAAiB,uCAAjB;IAEA,OAAO,KAAKuH,cAAL,GACJjH,IADI,CACC;MAAA,IAAEsH,YAAF,UAAEA,YAAF;MAAA,OAAoBA,YAApB;IAAA,CADD,CAAP;EAED,CA1iB4B;;EA4iB7B;AACF;AACA;AACA;EACEf,eAhjB6B,6BAgjBX;IAAA;;IAChB,KAAK9G,MAAL,CAAYC,IAAZ,CAAiB,uBAAjB;IACA,IAAM6C,OAAO,GAAG,IAAIgF,gBAAJ,EAAhB;IAEA,OAAO,iBAAQ/F,GAAR,CAAY,CACjB,KAAK8C,mBAAL,GAA2BtE,IAA3B,CAAgC,uCAAY,KAAK+E,MAAL,CAAYyC,OAAxB,CAAhC,CADiB,EAEjB,KAAKvB,iBAAL,EAFiB,CAAZ,EAIJjG,IAJI,CAIC,kBAAsC;MAAA;MAAA,IAApCuE,eAAoC;MAAA,IAAnBqC,aAAmB;;MAC1CrE,OAAO,CAACsE,UAAR,GAAqB;QACnBY,QAAQ,EAAE,OAAI,CAACxC,KAAL,CAAWC,QAAX,CAAoBmC,MAApB,CAA2BK,GADlB;QAEnBZ,UAAU,EAAE;UACV3F,MAAM,EAAE,OAAI,CAAC8D,KAAL,CAAWC,QAAX,CAAoBmC,MAApB,CAA2BlG,MADzB;UAEV4F,MAAM,EAAEH;QAFE;MAFO,CAArB;MAQArE,OAAO,CAACoF,UAAR,GAAqB;QACnBpI,GAAG,EAAEgF;MADc,CAArB;;MAIA,OAAI,CAAC9E,MAAL,CAAYC,IAAZ,CAAiB,mCAAjB;;MAEA,OAAO6C,OAAO,CAACqF,aAAR,EAAP;IACD,CApBI,EAqBJ5H,IArBI,CAqBC,UAAC6H,YAAD,EAAkB;MACtBtF,OAAO,CAACmE,YAAR,GAAuBmB,YAAvB;MACAtJ,eAAe,CAACiI,GAAhB,CAAoB,OAApB,EAA0BjE,OAA1B;MAEA,OAAO,iBAAQf,GAAR,CAAY,CAACqG,YAAY,CAACnG,KAAb,EAAD,EAAuB,OAAI,CAACsF,cAAL,EAAvB,CAAZ,CAAP;IACD,CA1BI,EA2BJhH,IA3BI,CA2BC,kBAA6B;MAAA;MAAA,IAA3B6H,YAA2B;MAAA,IAAbC,OAAa;;MACjC,OAAI,CAACrI,MAAL,CAAYC,IAAZ,CAAiB,uCAAjB;;MAEA,OAAO,OAAI,CAACG,OAAL,CAAa;QAClBf,GAAG,YAAKgJ,OAAL,WADe;QAElBhI,MAAM,EAAE,QAFU;QAGlBiC,GAAG,EAAE8F,YAAY,CAACE,MAAb;MAHa,CAAb,CAAP;IAKD,CAnCI,EAoCJ/H,IApCI,CAoCC,UAACC,GAAD,EAAS;MACb,OAAI,CAACR,MAAL,CAAYC,IAAZ,CAAiB,mCAAjB;;MAEA,OAAO6C,OAAO,CAACyF,kBAAR,CAA2B/H,GAAG,CAACV,GAA/B,CAAP;IACD,CAxCI,EAyCJS,IAzCI,CAyCC,UAACT,GAAD,EAAS;MACbgD,OAAO,CAACmE,YAAR,GAAuBnH,GAAvB;MACAhB,eAAe,CAACyH,MAAhB,CAAuB,OAAvB;;MACA,OAAI,CAACvG,MAAL,CAAYC,IAAZ,CAAiB,kCAAjB;;MAEA,OAAO6C,OAAP;IACD,CA/CI,EAgDJyB,KAhDI,CAgDE,UAACC,MAAD,EAAY;MACjB,OAAI,CAACxE,MAAL,CAAYyE,KAAZ,CAAkB,wCAAlB,EAA4DD,MAA5D;;MAEA,OAAO,iBAAQtE,MAAR,CAAesE,MAAf,CAAP;IACD,CApDI,CAAP;EAqDD,CAzmB4B;;EA2mB7B;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEtB,kBAvnB6B,8BAunBVsF,eAvnBU,EAunBOlJ,UAvnBP,EAunBmB;IAC9C,IAAMwD,OAAO,GAAG,IAAIgF,gBAAJ,EAAhB;IAEAhF,OAAO,CAACsE,UAAR,GAAqBtE,OAAO,CAACsE,UAAR,GAAqB;MACxCY,QAAQ,EAAEQ,eAAe,CAACpB,UAAhB,CAA2BY,QADG;MAExCX,UAAU,EAAE;QACV3F,MAAM,EAAEpC,UADE;QAEVA,UAAU,EAAVA,UAFU;QAEE;QACZgI,MAAM,EAAEkB,eAAe,CAACpB,UAAhB,CAA2BC,UAA3B,CAAsCC;MAHpC;IAF4B,CAA1C;IAQAxE,OAAO,CAACoF,UAAR,GAAqBM,eAAe,CAACN,UAArC;IACApF,OAAO,CAACmE,YAAR,GAAuBuB,eAAe,CAACvB,YAAvC;IAEA,OAAOnE,OAAP;EACD,CAtoB4B;EAAA;AAAA,CAAnB,oMAudT2F,iBAvdS,+EAAZ;;eAyoBexJ,G"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@webex/internal-plugin-encryption",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.160.0",
|
|
4
4
|
"description": "",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"author": "Ian W. Remmel <iremmel@cisco.com>",
|
|
@@ -22,11 +22,11 @@
|
|
|
22
22
|
"dependencies": {
|
|
23
23
|
"@babel/runtime-corejs2": "^7.14.8",
|
|
24
24
|
"lodash": "^4.17.21",
|
|
25
|
-
"@webex/webex-core": "1.
|
|
26
|
-
"@webex/common": "1.
|
|
25
|
+
"@webex/webex-core": "1.160.0",
|
|
26
|
+
"@webex/common": "1.160.0",
|
|
27
27
|
"node-jose": "^2.0.0",
|
|
28
28
|
"node-scr": "^0.3.0",
|
|
29
|
-
"@webex/common-timers": "1.
|
|
29
|
+
"@webex/common-timers": "1.160.0",
|
|
30
30
|
"node-kms": "^0.4.0",
|
|
31
31
|
"valid-url": "^1.0.9",
|
|
32
32
|
"asn1js": "^2.0.26",
|
|
@@ -34,9 +34,9 @@
|
|
|
34
34
|
"isomorphic-webcrypto": "^2.3.8",
|
|
35
35
|
"safe-buffer": "^5.2.0",
|
|
36
36
|
"debug": "^3.2.6",
|
|
37
|
-
"@webex/internal-plugin-device": "1.
|
|
38
|
-
"@webex/internal-plugin-mercury": "1.
|
|
39
|
-
"@webex/http-core": "1.
|
|
37
|
+
"@webex/internal-plugin-device": "1.160.0",
|
|
38
|
+
"@webex/internal-plugin-mercury": "1.160.0",
|
|
39
|
+
"@webex/http-core": "1.160.0",
|
|
40
40
|
"envify": "^4.1.0"
|
|
41
41
|
}
|
|
42
42
|
}
|