@webex/internal-plugin-encryption 2.59.2 → 2.59.3-next.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.eslintrc.js +6 -6
- package/README.md +42 -42
- package/babel.config.js +3 -3
- package/dist/config.js +21 -21
- package/dist/config.js.map +1 -1
- package/dist/encryption.js +57 -57
- package/dist/encryption.js.map +1 -1
- package/dist/ensure-buffer.browser.js +7 -7
- package/dist/ensure-buffer.browser.js.map +1 -1
- package/dist/ensure-buffer.js +7 -7
- package/dist/ensure-buffer.js.map +1 -1
- package/dist/index.js +2 -2
- package/dist/index.js.map +1 -1
- package/dist/kms-batcher.js +38 -38
- package/dist/kms-batcher.js.map +1 -1
- package/dist/kms-certificate-validation.js +50 -50
- package/dist/kms-certificate-validation.js.map +1 -1
- package/dist/kms-dry-error-interceptor.js +15 -15
- package/dist/kms-dry-error-interceptor.js.map +1 -1
- package/dist/kms-errors.js +16 -16
- package/dist/kms-errors.js.map +1 -1
- package/dist/kms.js +171 -171
- package/dist/kms.js.map +1 -1
- package/jest.config.js +3 -3
- package/package.json +20 -19
- package/process +1 -1
- package/src/config.js +50 -50
- package/src/encryption.js +257 -257
- package/src/ensure-buffer.browser.js +37 -37
- package/src/ensure-buffer.js +20 -20
- package/src/index.js +159 -159
- package/src/kms-batcher.js +158 -158
- package/src/kms-certificate-validation.js +232 -232
- package/src/kms-dry-error-interceptor.js +65 -65
- package/src/kms-errors.js +147 -147
- package/src/kms.js +848 -848
- package/test/integration/spec/encryption.js +448 -448
- package/test/integration/spec/kms.js +800 -800
- package/test/integration/spec/payload-transfom.js +97 -97
- package/test/unit/spec/encryption.js +82 -82
- package/test/unit/spec/kms-certificate-validation.js +165 -165
- package/test/unit/spec/kms.js +103 -103
|
@@ -1,165 +1,165 @@
|
|
|
1
|
-
import {assert} from '@webex/test-helper-chai';
|
|
2
|
-
|
|
3
|
-
import validateCert, {KMSError} from '../../../src/kms-certificate-validation';
|
|
4
|
-
|
|
5
|
-
const caroots = [
|
|
6
|
-
'MIID6TCCAtGgAwIBAgIURmBu688C9oUIJXlykr1J3fi5H4kwDQYJKoZIhvcNAQELBQAwgYMxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhDb2xvcmFkbzEPMA0GA1UEBwwGRGVudmVyMRAwDgYDVQQKDAdFeGFtcGxlMR8wHQYDVQQDDBZodHRwczovL2NhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTAeFw0yMDAyMDYyMDIyMDhaFw00MDAyMDEyMDIyMDhaMIGDMQswCQYDVQQGEwJVUzERMA8GA1UECAwIQ29sb3JhZG8xDzANBgNVBAcMBkRlbnZlcjEQMA4GA1UECgwHRXhhbXBsZTEfMB0GA1UEAwwWaHR0cHM6Ly9jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7TaDWldwjU65y4fnNDIuNu4dZi3bZvaN9nJ3A8D9pwFcNx3DL5cPpafAkJuE/2ZBrsZxJWKwXLQFuNE9V3XVslv0OPgEZVfY5AKuPhVezRqEqsCdUgODMkJat6PE02r0NZRFpBiRCThh0wY5u/tiTiPgjHwEPhBEyLgcJ6FOWLn9wBsS4SvBzfppYGL5GW1G0eN9yORnKKgqkgyf0x8FvTMyVSjtkhcI/kA/8061sl4DFG6sefQmAOVvH7tp7YmN+jpQ7cOKQtjOpZS6Gp22u7LEI0/qb5n2QvjjcUQM81mN6CZ8nciWXRgjBhdAJJhmyMvcx8rnVb6vtU26fCaetAgMBAAGjUzBRMB0GA1UdDgQWBBRZiCyKaTYL94gwhxzktYg32qMOYjAfBgNVHSMEGDAWgBRZiCyKaTYL94gwhxzktYg32qMOYjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQATa2QkTGcj8IPjItnvg23ihlRjHdFHn6lB7uYPhcDurwRlBrlC2/OB44P3dHB9tEPbV4unoF9ftEKO3nNY3HUDcPrQwRqkPftlYYr4/6z/jnmNBRgiDICVaiTZNlX54fLiPsSAbIymPWLLLNtq17vjVEcfGUXhi/F+EkN/uXZ4yH6RK0YjBRwPV9cfziz1YsF2WVYVYtQErf+NTjnYR5S4Ba2kEqhI5j7mNhiafPNODaOchHcaRMvfWcBhlHt+atwNyPxNr4NP+cDjAWg0I8xAUdbZGQiRJecjkctolLHsfZXj+ulEv3eaKw7gSo3Aekexw8aZS7soy+VM1fzmLopw',
|
|
7
|
-
];
|
|
8
|
-
|
|
9
|
-
const x5c = [
|
|
10
|
-
'MIIDaDCCAlACFG2NkKF2WKCN/OnGN2E7mBamxhB2MA0GCSqGSIb3DQEBCwUAMIGDMQswCQYDVQQGEwJVUzERMA8GA1UECAwIQ29sb3JhZG8xDzANBgNVBAcMBkRlbnZlcjEQMA4GA1UECgwHRXhhbXBsZTEfMB0GA1UEAwwWaHR0cHM6Ly9jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMjAwMjA2MjAzMjU0WhcNNDAwMjAxMjAzMjU0WjBdMQswCQYDVQQGEwJVUzERMA8GA1UECAwIQ29sb3JhZG8xDzANBgNVBAcMBkRlbnZlcjEQMA4GA1UECgwHRXhhbXBsZTEYMBYGA1UEAwwPa21zLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OObWUoNG0Wv4zYuhGUT7JNiUkefUsFZ384NS2l5VOB/lSNcElBtmX55yPcjvPnukfpETDUG82K8ncOwCuV8ZTpvzM3QHSIHGyO5JBFJ38U6Pq6kHje6An+eSHLCVkQfOlf4TCRb8SlcEoi8wkl3IIGewzC0/87b1OvyYTb8BHZJVeUV7AxcZChkAA/IJV5ADnmc/6ZCihXVuCWJgTFpLLv7HVqE924lNDTgRn64ioCpHK4pC1FFqQKLlsq0tV75gc5d7A6m5/9znEvg02JuqUFd9LdOcnf8QeTkyg6OTTvJUUa39KZDKONi8MXiECacGU6VbUvuKOXZU49UeqVKQQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCmlEodmn5LfgIWViRn8t4qjTZoM7VUGWXfCnaMqSnW6P0eYbZdCoCecja6WicBWPAlFFR/UscYv4rEGXtmzD+GQUQKfYFfsNdkfCpPvCFlpudHNuW0kCZ8lUfDWQRirrC+MyiAVpEG7mNHNZfK9hof05MHS6ItcpET5+F0DiC6l+vsBBRqP2SU8bo9gTrr8WO7bW8JQb59XNEoTQC1AzCn172+idJcgaasOfp/V+QqODIa96YNM7vT9pj09nGL0Wxulaq546pW32HYkOhZw1nr8prZn17UFLfoQnaNuTuT2ZCsFc7V2H0UqcMwjg1QZoObLI5tXPv0syP6WXo19OjW',
|
|
11
|
-
];
|
|
12
|
-
const x5cModulus =
|
|
13
|
-
'2OObWUoNG0Wv4zYuhGUT7JNiUkefUsFZ384NS2l5VOB_lSNcElBtmX55yPcjvPnukfpETDUG82K8ncOwCuV8ZTpvzM3QHSIHGyO5JBFJ38U6Pq6kHje6An-eSHLCVkQfOlf4TCRb8SlcEoi8wkl3IIGewzC0_87b1OvyYTb8BHZJVeUV7AxcZChkAA_IJV5ADnmc_6ZCihXVuCWJgTFpLLv7HVqE924lNDTgRn64ioCpHK4pC1FFqQKLlsq0tV75gc5d7A6m5_9znEvg02JuqUFd9LdOcnf8QeTkyg6OTTvJUUa39KZDKONi8MXiECacGU6VbUvuKOXZU49UeqVKQQ';
|
|
14
|
-
|
|
15
|
-
const x5cSAN = [
|
|
16
|
-
'MIIEHDCCAwSgAwIBAgIUbY2QoXZYoI386cY3YTuYFqbGEHcwDQYJKoZIhvcNAQELBQAwgYMxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhDb2xvcmFkbzEPMA0GA1UEBwwGRGVudmVyMRAwDgYDVQQKDAdFeGFtcGxlMR8wHQYDVQQDDBZodHRwczovL2NhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTAeFw0yMDAyMTExOTI5MDFaFw00MDAyMDYxOTI5MDFaMIGcMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xDzANBgNVBAcMBkRlbnZlcjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRYwFAYDVQQLDA1FeGFtcGxlLCBJbmMuMRQwEgYDVQQDDAtleGFtcGxlLmNvbTEeMBwGCSqGSIb3DQEJARYPa21zQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4DzUlN27XQ+clCPhU3q4U6cZfzgYX1yGr5fdSzK5MzU5fxYooyudJ1L1Zc6/VaxVpjl4GvU9Y5DtKbaSNeFUaBDGae9GAcBWjcrTAVY3ftW4t1LnE6DJLvn3UmPNqEEhQMWVeyNftqjgS3c0ciQIYq3sUqcZvjglRBA61gLlsmFlfs23jgRTZZzGeDjxETjAeQgH+E/mIsnEj3Iit6iBsuhPf/DjlGzD5/LyEaQJK+OQj/7+xL5jAlk6M6Uo/7YOx7abVnnwWoAaYAX9vQS6trJQm2m4mzNFAEBTjdtJu/eNP5H4yfX1VaXgYKy1MaBhu9VkVMeMREVOp9DPWHFaVwIDAQABo20wazAfBgNVHSMEGDAWgBRZiCyKaTYL94gwhxzktYg32qMOYjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DAwBgNVHREEKTAnghRrbXMtdGVzdC5leGFtcGxlLmNvbYIPa21zLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQCebaIWYk1mVtAndJpM/FTW0U3luYpUoOEIPRnrpcaBALG5ZwEwzaWKS42avRpjgCCiZGowSjdI8HgeUjO89g6OXgJduZNHVHKJnzV/8O76HTAaNIthHDQmqyywngvxnImf9txyXK+ZMdpgIWm351kaqHsLyN3GjknyVW/Xne5C4ONm7+y7jw6AdPRX0AoeEOGICAgrgni9k7kjLOskjyoCiJzjw+FxpVmsVAtjg1B2zXP8ce850B/ebJS4rkUr6082B+7DreDsSur4tTM5SFuoiLRrrnrpwKZ4CV3spaeO8zTn9b/3mousCWgL2KgEmBVjWSEYAT9RuB6pb1EIRYtY',
|
|
17
|
-
];
|
|
18
|
-
const x5cSANModulus =
|
|
19
|
-
'4DzUlN27XQ-clCPhU3q4U6cZfzgYX1yGr5fdSzK5MzU5fxYooyudJ1L1Zc6_VaxVpjl4GvU9Y5DtKbaSNeFUaBDGae9GAcBWjcrTAVY3ftW4t1LnE6DJLvn3UmPNqEEhQMWVeyNftqjgS3c0ciQIYq3sUqcZvjglRBA61gLlsmFlfs23jgRTZZzGeDjxETjAeQgH-E_mIsnEj3Iit6iBsuhPf_DjlGzD5_LyEaQJK-OQj_7-xL5jAlk6M6Uo_7YOx7abVnnwWoAaYAX9vQS6trJQm2m4mzNFAEBTjdtJu_eNP5H4yfX1VaXgYKy1MaBhu9VkVMeMREVOp9DPWHFaVw';
|
|
20
|
-
|
|
21
|
-
const x5cSelfSigned = [
|
|
22
|
-
'MIIFmTCCA4GgAwIBAgIUOxbqWoC/R0Lt2eWgqE3960xTLE4wDQYJKoZIhvcNAQELBQAwXDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNPMQ8wDQYDVQQHDAZEZW52ZXIxFTATBgNVBAoMDEV4YW1wbGUgSW5jLjEYMBYGA1UEAwwPa21zLmV4YW1wbGUuY29tMB4XDTIwMDIxMTIwMjk0NVoXDTQwMDIwNjIwMjk0NVowXDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNPMQ8wDQYDVQQHDAZEZW52ZXIxFTATBgNVBAoMDEV4YW1wbGUgSW5jLjEYMBYGA1UEAwwPa21zLmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyRUvQFD9UboxW4xjOyo2Cu7RsAT0GDx66Brl3tEnxvCwnfSystwerbAZtGtrklDJWcqAWVbSNwxnPuGsxSUg4D8ziI4Biqc6rvoNO4YYzpHWYmS9aLMG8TOUzAZZORrnvuiu7VGleZKi+Yd08fXSjrUV4sldRiD+Y0IN80xa52B0053yFX4geCuFn0Ewo8NXhkCU6Pfwb9wVVuCmcu9mt3ubpWRa2H+h2ie3suAc4ADrb9Ng63stU3UrjUcYv5guo0gBOBrk7i0WL/2KJf2NmDJiTaaCxR0gEe0sHjio7PCXDNHS0eJj/2++Wq90fDbBFDP/LP0aBKJAvaTZNEKcX5Hr/Y32Bz1Szpi18/HSlEF6rIketLiAzgLfzRMktctWLGGubp6RarNWALBX5kJA43/Cernaf0sVRtCUqjKPRd8k8Bo3BXl5VwVn2b+nZO6EJQ6RslOfbumFPVhlyFv6I1tAOPmZOHjOpc4ogPyI7jMefXMMsSJOGgLb7JVPpbi0bjXmsW7I0sWcAdDzcASNUxxp1c0qXZu4nHI2VlPucA4LA5W4Z1qcNQsfQEN4gdPWBeSbDBv0FPxFcHZNqk87ywvLkurgASL+KxqB9FzIqhv7w0OYm1r7iClBJxsbItYeehEypv/PJpxBq1uxcd6pExY6kTP3x8YAqUgb3GoWlUsCAwEAAaNTMFEwHQYDVR0OBBYEFOJqvx/CUIV6mkiTURkyVYiugkqVMB8GA1UdIwQYMBaAFOJqvx/CUIV6mkiTURkyVYiugkqVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAHTov7zZOMt7zAfy9N8X6yOsakUqAXVtrTDu9DMn9kw2vhudSfNfno7dSc3JeE+KtySkyfrMbNub19IzfVHMI2dRiO7PGzgv8XD69PC/PKaqNmViW27P0l4ORGKE4RHcjd0Y0Rj8nciwHDu4u7p9gI1yS7TiLtpQqyb0ba/ZVP88EVe7wI+BtoHiSMQeEjs13gTSARTYXay0WsL7xxwzKH68Y4RRjfqt+NpyMP7wrf5Kcha2cID8jG9i4LqSoj+o5jvwH969jEP+9DX7XFx0894O42xGreyl1E1HkKOgrGE+owkEpVNYLfcQP3tbx3maoG2g5TXMtMqei1ffNdUiONPbi9II1UP53JrTcnFUb3aVo2yLJ5ftkOSWpkyhk9G9TWoUiTB/k3Jb6gxzk6HvjhLgYTeT+UPW/ATiffL7SNmGTQBuVuNUHNxm4sAz9oQTmCo+8vCqMtqK4IHeKqNP+yqVGCAI71yEcxuYy17S57iarK7ON/RTMiblerUOowOSBzTmm+7kuR8Ke0BVCw6l0A7yUueAUnRaVXEAszvhHsLxZMlnMeYlL5qj6CAamdgpwdsMFa0QcAAcGl6j3vW9ks9nLlEAzJmUIQUx33W4SryYwflliWkH4f4OlRj7Lrq81/QvZ+tTUTiTBrvZjB1j9ezCv0Fjp9cEDi1hyV1ArKV3',
|
|
23
|
-
];
|
|
24
|
-
const x5cSelfSignedModulus =
|
|
25
|
-
'yRUvQFD9UboxW4xjOyo2Cu7RsAT0GDx66Brl3tEnxvCwnfSystwerbAZtGtrklDJWcqAWVbSNwxnPuGsxSUg4D8ziI4Biqc6rvoNO4YYzpHWYmS9aLMG8TOUzAZZORrnvuiu7VGleZKi-Yd08fXSjrUV4sldRiD-Y0IN80xa52B0053yFX4geCuFn0Ewo8NXhkCU6Pfwb9wVVuCmcu9mt3ubpWRa2H-h2ie3suAc4ADrb9Ng63stU3UrjUcYv5guo0gBOBrk7i0WL_2KJf2NmDJiTaaCxR0gEe0sHjio7PCXDNHS0eJj_2--Wq90fDbBFDP_LP0aBKJAvaTZNEKcX5Hr_Y32Bz1Szpi18_HSlEF6rIketLiAzgLfzRMktctWLGGubp6RarNWALBX5kJA43_Cernaf0sVRtCUqjKPRd8k8Bo3BXl5VwVn2b-nZO6EJQ6RslOfbumFPVhlyFv6I1tAOPmZOHjOpc4ogPyI7jMefXMMsSJOGgLb7JVPpbi0bjXmsW7I0sWcAdDzcASNUxxp1c0qXZu4nHI2VlPucA4LA5W4Z1qcNQsfQEN4gdPWBeSbDBv0FPxFcHZNqk87ywvLkurgASL-KxqB9FzIqhv7w0OYm1r7iClBJxsbItYeehEypv_PJpxBq1uxcd6pExY6kTP3x8YAqUgb3GoWlUs';
|
|
26
|
-
|
|
27
|
-
const VALID_JWT = {
|
|
28
|
-
kty: 'RSA',
|
|
29
|
-
kid: 'kms://kms.example.com',
|
|
30
|
-
x5c,
|
|
31
|
-
e: 'AQAB',
|
|
32
|
-
n: x5cModulus,
|
|
33
|
-
};
|
|
34
|
-
|
|
35
|
-
const VALID_JWT_SAN = {
|
|
36
|
-
kty: 'RSA',
|
|
37
|
-
kid: 'kms://kms.example.com',
|
|
38
|
-
x5c: x5cSAN,
|
|
39
|
-
n: x5cSANModulus,
|
|
40
|
-
e: 'AQAB',
|
|
41
|
-
};
|
|
42
|
-
|
|
43
|
-
const validate = validateCert(caroots);
|
|
44
|
-
|
|
45
|
-
describe('internal-plugin-encryption', () => {
|
|
46
|
-
describe('kms-certificate-validation', () => {
|
|
47
|
-
it('validates a good JWT', () =>
|
|
48
|
-
validate(VALID_JWT).then((jwt) => assert.equal(jwt, VALID_JWT)));
|
|
49
|
-
|
|
50
|
-
it('validates a good JWT (SAN extension)', () =>
|
|
51
|
-
validate(VALID_JWT_SAN).then((validJwt) => assert.equal(validJwt, VALID_JWT_SAN)));
|
|
52
|
-
|
|
53
|
-
it('rejects if `JWT` is undefined', () => assert.isRejected(validate(), KMSError));
|
|
54
|
-
|
|
55
|
-
it('rejects if the `kty` is wrong.', () => {
|
|
56
|
-
const jwt = {
|
|
57
|
-
...VALID_JWT,
|
|
58
|
-
kty: 'WRONG',
|
|
59
|
-
};
|
|
60
|
-
|
|
61
|
-
return assert.isRejected(validate(jwt), KMSError);
|
|
62
|
-
});
|
|
63
|
-
|
|
64
|
-
it('rejects if `kty` is not a string', () => {
|
|
65
|
-
const jwt = {
|
|
66
|
-
...VALID_JWT,
|
|
67
|
-
kty: {},
|
|
68
|
-
};
|
|
69
|
-
|
|
70
|
-
return assert.isRejected(validate(jwt), KMSError);
|
|
71
|
-
});
|
|
72
|
-
|
|
73
|
-
it('rejects if the `kid` is wrong', () => {
|
|
74
|
-
const jwt = {
|
|
75
|
-
...VALID_JWT,
|
|
76
|
-
kid: 'WRONG',
|
|
77
|
-
};
|
|
78
|
-
|
|
79
|
-
return assert.isRejected(validate(jwt), KMSError);
|
|
80
|
-
});
|
|
81
|
-
|
|
82
|
-
it('rejects if the `kid` is not a string', () => {
|
|
83
|
-
const jwt = {
|
|
84
|
-
...VALID_JWT,
|
|
85
|
-
kid: {a: 1},
|
|
86
|
-
};
|
|
87
|
-
|
|
88
|
-
return assert.isRejected(validate(jwt), KMSError);
|
|
89
|
-
});
|
|
90
|
-
|
|
91
|
-
it('rejects if there is not a list of certificates', () => {
|
|
92
|
-
const jwt = {
|
|
93
|
-
...VALID_JWT,
|
|
94
|
-
x5c: undefined,
|
|
95
|
-
};
|
|
96
|
-
|
|
97
|
-
return assert.isRejected(validate(jwt), KMSError);
|
|
98
|
-
});
|
|
99
|
-
|
|
100
|
-
it('rejects if certificate list is not an array', () => {
|
|
101
|
-
const jwt = {
|
|
102
|
-
...VALID_JWT,
|
|
103
|
-
x5c: 'NOT AN ARRAY',
|
|
104
|
-
};
|
|
105
|
-
|
|
106
|
-
return assert.isRejected(validate(jwt), KMSError);
|
|
107
|
-
});
|
|
108
|
-
|
|
109
|
-
it('rejects if the certificate list is empty', () => {
|
|
110
|
-
const jwt = {
|
|
111
|
-
...VALID_JWT,
|
|
112
|
-
x5c: [],
|
|
113
|
-
};
|
|
114
|
-
|
|
115
|
-
return assert.isRejected(validate(jwt), KMSError);
|
|
116
|
-
});
|
|
117
|
-
|
|
118
|
-
it('rejects if the `kid` does not match the certificate', () => {
|
|
119
|
-
const jwt = {
|
|
120
|
-
...VALID_JWT,
|
|
121
|
-
kid: 'kms://not_correct.example.com',
|
|
122
|
-
};
|
|
123
|
-
|
|
124
|
-
return assert.isRejected(validate(jwt), KMSError);
|
|
125
|
-
});
|
|
126
|
-
|
|
127
|
-
it('rejects if the public exponent is wrong', () => {
|
|
128
|
-
const jwt = {
|
|
129
|
-
...VALID_JWT,
|
|
130
|
-
e: 'WRONG_VALUE',
|
|
131
|
-
};
|
|
132
|
-
|
|
133
|
-
return assert.isRejected(validate(jwt), KMSError);
|
|
134
|
-
});
|
|
135
|
-
|
|
136
|
-
it('rejects if the modulus is wrong', () => {
|
|
137
|
-
const jwt = {
|
|
138
|
-
...VALID_JWT,
|
|
139
|
-
n: 'WRONG_VALUE',
|
|
140
|
-
};
|
|
141
|
-
|
|
142
|
-
return assert.isRejected(validate(jwt), KMSError);
|
|
143
|
-
});
|
|
144
|
-
|
|
145
|
-
it('rejects a self signed certificate', () => {
|
|
146
|
-
const jwt = {
|
|
147
|
-
...VALID_JWT,
|
|
148
|
-
x5c: x5cSelfSigned,
|
|
149
|
-
n: x5cSelfSignedModulus,
|
|
150
|
-
};
|
|
151
|
-
|
|
152
|
-
return assert.isRejected(validate(jwt), KMSError);
|
|
153
|
-
});
|
|
154
|
-
|
|
155
|
-
it('accepts self signed certificate if no CA roots.', () => {
|
|
156
|
-
const jwt = {
|
|
157
|
-
...VALID_JWT,
|
|
158
|
-
x5c: x5cSelfSigned,
|
|
159
|
-
n: x5cSelfSignedModulus,
|
|
160
|
-
};
|
|
161
|
-
|
|
162
|
-
return validateCert()(jwt).then((results) => assert.equal(results, jwt));
|
|
163
|
-
});
|
|
164
|
-
});
|
|
165
|
-
});
|
|
1
|
+
import {assert} from '@webex/test-helper-chai';
|
|
2
|
+
|
|
3
|
+
import validateCert, {KMSError} from '../../../src/kms-certificate-validation';
|
|
4
|
+
|
|
5
|
+
const caroots = [
|
|
6
|
+
'MIID6TCCAtGgAwIBAgIURmBu688C9oUIJXlykr1J3fi5H4kwDQYJKoZIhvcNAQELBQAwgYMxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhDb2xvcmFkbzEPMA0GA1UEBwwGRGVudmVyMRAwDgYDVQQKDAdFeGFtcGxlMR8wHQYDVQQDDBZodHRwczovL2NhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTAeFw0yMDAyMDYyMDIyMDhaFw00MDAyMDEyMDIyMDhaMIGDMQswCQYDVQQGEwJVUzERMA8GA1UECAwIQ29sb3JhZG8xDzANBgNVBAcMBkRlbnZlcjEQMA4GA1UECgwHRXhhbXBsZTEfMB0GA1UEAwwWaHR0cHM6Ly9jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7TaDWldwjU65y4fnNDIuNu4dZi3bZvaN9nJ3A8D9pwFcNx3DL5cPpafAkJuE/2ZBrsZxJWKwXLQFuNE9V3XVslv0OPgEZVfY5AKuPhVezRqEqsCdUgODMkJat6PE02r0NZRFpBiRCThh0wY5u/tiTiPgjHwEPhBEyLgcJ6FOWLn9wBsS4SvBzfppYGL5GW1G0eN9yORnKKgqkgyf0x8FvTMyVSjtkhcI/kA/8061sl4DFG6sefQmAOVvH7tp7YmN+jpQ7cOKQtjOpZS6Gp22u7LEI0/qb5n2QvjjcUQM81mN6CZ8nciWXRgjBhdAJJhmyMvcx8rnVb6vtU26fCaetAgMBAAGjUzBRMB0GA1UdDgQWBBRZiCyKaTYL94gwhxzktYg32qMOYjAfBgNVHSMEGDAWgBRZiCyKaTYL94gwhxzktYg32qMOYjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQATa2QkTGcj8IPjItnvg23ihlRjHdFHn6lB7uYPhcDurwRlBrlC2/OB44P3dHB9tEPbV4unoF9ftEKO3nNY3HUDcPrQwRqkPftlYYr4/6z/jnmNBRgiDICVaiTZNlX54fLiPsSAbIymPWLLLNtq17vjVEcfGUXhi/F+EkN/uXZ4yH6RK0YjBRwPV9cfziz1YsF2WVYVYtQErf+NTjnYR5S4Ba2kEqhI5j7mNhiafPNODaOchHcaRMvfWcBhlHt+atwNyPxNr4NP+cDjAWg0I8xAUdbZGQiRJecjkctolLHsfZXj+ulEv3eaKw7gSo3Aekexw8aZS7soy+VM1fzmLopw',
|
|
7
|
+
];
|
|
8
|
+
|
|
9
|
+
const x5c = [
|
|
10
|
+
'MIIDaDCCAlACFG2NkKF2WKCN/OnGN2E7mBamxhB2MA0GCSqGSIb3DQEBCwUAMIGDMQswCQYDVQQGEwJVUzERMA8GA1UECAwIQ29sb3JhZG8xDzANBgNVBAcMBkRlbnZlcjEQMA4GA1UECgwHRXhhbXBsZTEfMB0GA1UEAwwWaHR0cHM6Ly9jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMjAwMjA2MjAzMjU0WhcNNDAwMjAxMjAzMjU0WjBdMQswCQYDVQQGEwJVUzERMA8GA1UECAwIQ29sb3JhZG8xDzANBgNVBAcMBkRlbnZlcjEQMA4GA1UECgwHRXhhbXBsZTEYMBYGA1UEAwwPa21zLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OObWUoNG0Wv4zYuhGUT7JNiUkefUsFZ384NS2l5VOB/lSNcElBtmX55yPcjvPnukfpETDUG82K8ncOwCuV8ZTpvzM3QHSIHGyO5JBFJ38U6Pq6kHje6An+eSHLCVkQfOlf4TCRb8SlcEoi8wkl3IIGewzC0/87b1OvyYTb8BHZJVeUV7AxcZChkAA/IJV5ADnmc/6ZCihXVuCWJgTFpLLv7HVqE924lNDTgRn64ioCpHK4pC1FFqQKLlsq0tV75gc5d7A6m5/9znEvg02JuqUFd9LdOcnf8QeTkyg6OTTvJUUa39KZDKONi8MXiECacGU6VbUvuKOXZU49UeqVKQQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCmlEodmn5LfgIWViRn8t4qjTZoM7VUGWXfCnaMqSnW6P0eYbZdCoCecja6WicBWPAlFFR/UscYv4rEGXtmzD+GQUQKfYFfsNdkfCpPvCFlpudHNuW0kCZ8lUfDWQRirrC+MyiAVpEG7mNHNZfK9hof05MHS6ItcpET5+F0DiC6l+vsBBRqP2SU8bo9gTrr8WO7bW8JQb59XNEoTQC1AzCn172+idJcgaasOfp/V+QqODIa96YNM7vT9pj09nGL0Wxulaq546pW32HYkOhZw1nr8prZn17UFLfoQnaNuTuT2ZCsFc7V2H0UqcMwjg1QZoObLI5tXPv0syP6WXo19OjW',
|
|
11
|
+
];
|
|
12
|
+
const x5cModulus =
|
|
13
|
+
'2OObWUoNG0Wv4zYuhGUT7JNiUkefUsFZ384NS2l5VOB_lSNcElBtmX55yPcjvPnukfpETDUG82K8ncOwCuV8ZTpvzM3QHSIHGyO5JBFJ38U6Pq6kHje6An-eSHLCVkQfOlf4TCRb8SlcEoi8wkl3IIGewzC0_87b1OvyYTb8BHZJVeUV7AxcZChkAA_IJV5ADnmc_6ZCihXVuCWJgTFpLLv7HVqE924lNDTgRn64ioCpHK4pC1FFqQKLlsq0tV75gc5d7A6m5_9znEvg02JuqUFd9LdOcnf8QeTkyg6OTTvJUUa39KZDKONi8MXiECacGU6VbUvuKOXZU49UeqVKQQ';
|
|
14
|
+
|
|
15
|
+
const x5cSAN = [
|
|
16
|
+
'MIIEHDCCAwSgAwIBAgIUbY2QoXZYoI386cY3YTuYFqbGEHcwDQYJKoZIhvcNAQELBQAwgYMxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhDb2xvcmFkbzEPMA0GA1UEBwwGRGVudmVyMRAwDgYDVQQKDAdFeGFtcGxlMR8wHQYDVQQDDBZodHRwczovL2NhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTAeFw0yMDAyMTExOTI5MDFaFw00MDAyMDYxOTI5MDFaMIGcMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xDzANBgNVBAcMBkRlbnZlcjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRYwFAYDVQQLDA1FeGFtcGxlLCBJbmMuMRQwEgYDVQQDDAtleGFtcGxlLmNvbTEeMBwGCSqGSIb3DQEJARYPa21zQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4DzUlN27XQ+clCPhU3q4U6cZfzgYX1yGr5fdSzK5MzU5fxYooyudJ1L1Zc6/VaxVpjl4GvU9Y5DtKbaSNeFUaBDGae9GAcBWjcrTAVY3ftW4t1LnE6DJLvn3UmPNqEEhQMWVeyNftqjgS3c0ciQIYq3sUqcZvjglRBA61gLlsmFlfs23jgRTZZzGeDjxETjAeQgH+E/mIsnEj3Iit6iBsuhPf/DjlGzD5/LyEaQJK+OQj/7+xL5jAlk6M6Uo/7YOx7abVnnwWoAaYAX9vQS6trJQm2m4mzNFAEBTjdtJu/eNP5H4yfX1VaXgYKy1MaBhu9VkVMeMREVOp9DPWHFaVwIDAQABo20wazAfBgNVHSMEGDAWgBRZiCyKaTYL94gwhxzktYg32qMOYjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DAwBgNVHREEKTAnghRrbXMtdGVzdC5leGFtcGxlLmNvbYIPa21zLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQCebaIWYk1mVtAndJpM/FTW0U3luYpUoOEIPRnrpcaBALG5ZwEwzaWKS42avRpjgCCiZGowSjdI8HgeUjO89g6OXgJduZNHVHKJnzV/8O76HTAaNIthHDQmqyywngvxnImf9txyXK+ZMdpgIWm351kaqHsLyN3GjknyVW/Xne5C4ONm7+y7jw6AdPRX0AoeEOGICAgrgni9k7kjLOskjyoCiJzjw+FxpVmsVAtjg1B2zXP8ce850B/ebJS4rkUr6082B+7DreDsSur4tTM5SFuoiLRrrnrpwKZ4CV3spaeO8zTn9b/3mousCWgL2KgEmBVjWSEYAT9RuB6pb1EIRYtY',
|
|
17
|
+
];
|
|
18
|
+
const x5cSANModulus =
|
|
19
|
+
'4DzUlN27XQ-clCPhU3q4U6cZfzgYX1yGr5fdSzK5MzU5fxYooyudJ1L1Zc6_VaxVpjl4GvU9Y5DtKbaSNeFUaBDGae9GAcBWjcrTAVY3ftW4t1LnE6DJLvn3UmPNqEEhQMWVeyNftqjgS3c0ciQIYq3sUqcZvjglRBA61gLlsmFlfs23jgRTZZzGeDjxETjAeQgH-E_mIsnEj3Iit6iBsuhPf_DjlGzD5_LyEaQJK-OQj_7-xL5jAlk6M6Uo_7YOx7abVnnwWoAaYAX9vQS6trJQm2m4mzNFAEBTjdtJu_eNP5H4yfX1VaXgYKy1MaBhu9VkVMeMREVOp9DPWHFaVw';
|
|
20
|
+
|
|
21
|
+
const x5cSelfSigned = [
|
|
22
|
+
'MIIFmTCCA4GgAwIBAgIUOxbqWoC/R0Lt2eWgqE3960xTLE4wDQYJKoZIhvcNAQELBQAwXDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNPMQ8wDQYDVQQHDAZEZW52ZXIxFTATBgNVBAoMDEV4YW1wbGUgSW5jLjEYMBYGA1UEAwwPa21zLmV4YW1wbGUuY29tMB4XDTIwMDIxMTIwMjk0NVoXDTQwMDIwNjIwMjk0NVowXDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNPMQ8wDQYDVQQHDAZEZW52ZXIxFTATBgNVBAoMDEV4YW1wbGUgSW5jLjEYMBYGA1UEAwwPa21zLmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyRUvQFD9UboxW4xjOyo2Cu7RsAT0GDx66Brl3tEnxvCwnfSystwerbAZtGtrklDJWcqAWVbSNwxnPuGsxSUg4D8ziI4Biqc6rvoNO4YYzpHWYmS9aLMG8TOUzAZZORrnvuiu7VGleZKi+Yd08fXSjrUV4sldRiD+Y0IN80xa52B0053yFX4geCuFn0Ewo8NXhkCU6Pfwb9wVVuCmcu9mt3ubpWRa2H+h2ie3suAc4ADrb9Ng63stU3UrjUcYv5guo0gBOBrk7i0WL/2KJf2NmDJiTaaCxR0gEe0sHjio7PCXDNHS0eJj/2++Wq90fDbBFDP/LP0aBKJAvaTZNEKcX5Hr/Y32Bz1Szpi18/HSlEF6rIketLiAzgLfzRMktctWLGGubp6RarNWALBX5kJA43/Cernaf0sVRtCUqjKPRd8k8Bo3BXl5VwVn2b+nZO6EJQ6RslOfbumFPVhlyFv6I1tAOPmZOHjOpc4ogPyI7jMefXMMsSJOGgLb7JVPpbi0bjXmsW7I0sWcAdDzcASNUxxp1c0qXZu4nHI2VlPucA4LA5W4Z1qcNQsfQEN4gdPWBeSbDBv0FPxFcHZNqk87ywvLkurgASL+KxqB9FzIqhv7w0OYm1r7iClBJxsbItYeehEypv/PJpxBq1uxcd6pExY6kTP3x8YAqUgb3GoWlUsCAwEAAaNTMFEwHQYDVR0OBBYEFOJqvx/CUIV6mkiTURkyVYiugkqVMB8GA1UdIwQYMBaAFOJqvx/CUIV6mkiTURkyVYiugkqVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAHTov7zZOMt7zAfy9N8X6yOsakUqAXVtrTDu9DMn9kw2vhudSfNfno7dSc3JeE+KtySkyfrMbNub19IzfVHMI2dRiO7PGzgv8XD69PC/PKaqNmViW27P0l4ORGKE4RHcjd0Y0Rj8nciwHDu4u7p9gI1yS7TiLtpQqyb0ba/ZVP88EVe7wI+BtoHiSMQeEjs13gTSARTYXay0WsL7xxwzKH68Y4RRjfqt+NpyMP7wrf5Kcha2cID8jG9i4LqSoj+o5jvwH969jEP+9DX7XFx0894O42xGreyl1E1HkKOgrGE+owkEpVNYLfcQP3tbx3maoG2g5TXMtMqei1ffNdUiONPbi9II1UP53JrTcnFUb3aVo2yLJ5ftkOSWpkyhk9G9TWoUiTB/k3Jb6gxzk6HvjhLgYTeT+UPW/ATiffL7SNmGTQBuVuNUHNxm4sAz9oQTmCo+8vCqMtqK4IHeKqNP+yqVGCAI71yEcxuYy17S57iarK7ON/RTMiblerUOowOSBzTmm+7kuR8Ke0BVCw6l0A7yUueAUnRaVXEAszvhHsLxZMlnMeYlL5qj6CAamdgpwdsMFa0QcAAcGl6j3vW9ks9nLlEAzJmUIQUx33W4SryYwflliWkH4f4OlRj7Lrq81/QvZ+tTUTiTBrvZjB1j9ezCv0Fjp9cEDi1hyV1ArKV3',
|
|
23
|
+
];
|
|
24
|
+
const x5cSelfSignedModulus =
|
|
25
|
+
'yRUvQFD9UboxW4xjOyo2Cu7RsAT0GDx66Brl3tEnxvCwnfSystwerbAZtGtrklDJWcqAWVbSNwxnPuGsxSUg4D8ziI4Biqc6rvoNO4YYzpHWYmS9aLMG8TOUzAZZORrnvuiu7VGleZKi-Yd08fXSjrUV4sldRiD-Y0IN80xa52B0053yFX4geCuFn0Ewo8NXhkCU6Pfwb9wVVuCmcu9mt3ubpWRa2H-h2ie3suAc4ADrb9Ng63stU3UrjUcYv5guo0gBOBrk7i0WL_2KJf2NmDJiTaaCxR0gEe0sHjio7PCXDNHS0eJj_2--Wq90fDbBFDP_LP0aBKJAvaTZNEKcX5Hr_Y32Bz1Szpi18_HSlEF6rIketLiAzgLfzRMktctWLGGubp6RarNWALBX5kJA43_Cernaf0sVRtCUqjKPRd8k8Bo3BXl5VwVn2b-nZO6EJQ6RslOfbumFPVhlyFv6I1tAOPmZOHjOpc4ogPyI7jMefXMMsSJOGgLb7JVPpbi0bjXmsW7I0sWcAdDzcASNUxxp1c0qXZu4nHI2VlPucA4LA5W4Z1qcNQsfQEN4gdPWBeSbDBv0FPxFcHZNqk87ywvLkurgASL-KxqB9FzIqhv7w0OYm1r7iClBJxsbItYeehEypv_PJpxBq1uxcd6pExY6kTP3x8YAqUgb3GoWlUs';
|
|
26
|
+
|
|
27
|
+
const VALID_JWT = {
|
|
28
|
+
kty: 'RSA',
|
|
29
|
+
kid: 'kms://kms.example.com',
|
|
30
|
+
x5c,
|
|
31
|
+
e: 'AQAB',
|
|
32
|
+
n: x5cModulus,
|
|
33
|
+
};
|
|
34
|
+
|
|
35
|
+
const VALID_JWT_SAN = {
|
|
36
|
+
kty: 'RSA',
|
|
37
|
+
kid: 'kms://kms.example.com',
|
|
38
|
+
x5c: x5cSAN,
|
|
39
|
+
n: x5cSANModulus,
|
|
40
|
+
e: 'AQAB',
|
|
41
|
+
};
|
|
42
|
+
|
|
43
|
+
const validate = validateCert(caroots);
|
|
44
|
+
|
|
45
|
+
describe('internal-plugin-encryption', () => {
|
|
46
|
+
describe('kms-certificate-validation', () => {
|
|
47
|
+
it('validates a good JWT', () =>
|
|
48
|
+
validate(VALID_JWT).then((jwt) => assert.equal(jwt, VALID_JWT)));
|
|
49
|
+
|
|
50
|
+
it('validates a good JWT (SAN extension)', () =>
|
|
51
|
+
validate(VALID_JWT_SAN).then((validJwt) => assert.equal(validJwt, VALID_JWT_SAN)));
|
|
52
|
+
|
|
53
|
+
it('rejects if `JWT` is undefined', () => assert.isRejected(validate(), KMSError));
|
|
54
|
+
|
|
55
|
+
it('rejects if the `kty` is wrong.', () => {
|
|
56
|
+
const jwt = {
|
|
57
|
+
...VALID_JWT,
|
|
58
|
+
kty: 'WRONG',
|
|
59
|
+
};
|
|
60
|
+
|
|
61
|
+
return assert.isRejected(validate(jwt), KMSError);
|
|
62
|
+
});
|
|
63
|
+
|
|
64
|
+
it('rejects if `kty` is not a string', () => {
|
|
65
|
+
const jwt = {
|
|
66
|
+
...VALID_JWT,
|
|
67
|
+
kty: {},
|
|
68
|
+
};
|
|
69
|
+
|
|
70
|
+
return assert.isRejected(validate(jwt), KMSError);
|
|
71
|
+
});
|
|
72
|
+
|
|
73
|
+
it('rejects if the `kid` is wrong', () => {
|
|
74
|
+
const jwt = {
|
|
75
|
+
...VALID_JWT,
|
|
76
|
+
kid: 'WRONG',
|
|
77
|
+
};
|
|
78
|
+
|
|
79
|
+
return assert.isRejected(validate(jwt), KMSError);
|
|
80
|
+
});
|
|
81
|
+
|
|
82
|
+
it('rejects if the `kid` is not a string', () => {
|
|
83
|
+
const jwt = {
|
|
84
|
+
...VALID_JWT,
|
|
85
|
+
kid: {a: 1},
|
|
86
|
+
};
|
|
87
|
+
|
|
88
|
+
return assert.isRejected(validate(jwt), KMSError);
|
|
89
|
+
});
|
|
90
|
+
|
|
91
|
+
it('rejects if there is not a list of certificates', () => {
|
|
92
|
+
const jwt = {
|
|
93
|
+
...VALID_JWT,
|
|
94
|
+
x5c: undefined,
|
|
95
|
+
};
|
|
96
|
+
|
|
97
|
+
return assert.isRejected(validate(jwt), KMSError);
|
|
98
|
+
});
|
|
99
|
+
|
|
100
|
+
it('rejects if certificate list is not an array', () => {
|
|
101
|
+
const jwt = {
|
|
102
|
+
...VALID_JWT,
|
|
103
|
+
x5c: 'NOT AN ARRAY',
|
|
104
|
+
};
|
|
105
|
+
|
|
106
|
+
return assert.isRejected(validate(jwt), KMSError);
|
|
107
|
+
});
|
|
108
|
+
|
|
109
|
+
it('rejects if the certificate list is empty', () => {
|
|
110
|
+
const jwt = {
|
|
111
|
+
...VALID_JWT,
|
|
112
|
+
x5c: [],
|
|
113
|
+
};
|
|
114
|
+
|
|
115
|
+
return assert.isRejected(validate(jwt), KMSError);
|
|
116
|
+
});
|
|
117
|
+
|
|
118
|
+
it('rejects if the `kid` does not match the certificate', () => {
|
|
119
|
+
const jwt = {
|
|
120
|
+
...VALID_JWT,
|
|
121
|
+
kid: 'kms://not_correct.example.com',
|
|
122
|
+
};
|
|
123
|
+
|
|
124
|
+
return assert.isRejected(validate(jwt), KMSError);
|
|
125
|
+
});
|
|
126
|
+
|
|
127
|
+
it('rejects if the public exponent is wrong', () => {
|
|
128
|
+
const jwt = {
|
|
129
|
+
...VALID_JWT,
|
|
130
|
+
e: 'WRONG_VALUE',
|
|
131
|
+
};
|
|
132
|
+
|
|
133
|
+
return assert.isRejected(validate(jwt), KMSError);
|
|
134
|
+
});
|
|
135
|
+
|
|
136
|
+
it('rejects if the modulus is wrong', () => {
|
|
137
|
+
const jwt = {
|
|
138
|
+
...VALID_JWT,
|
|
139
|
+
n: 'WRONG_VALUE',
|
|
140
|
+
};
|
|
141
|
+
|
|
142
|
+
return assert.isRejected(validate(jwt), KMSError);
|
|
143
|
+
});
|
|
144
|
+
|
|
145
|
+
it('rejects a self signed certificate', () => {
|
|
146
|
+
const jwt = {
|
|
147
|
+
...VALID_JWT,
|
|
148
|
+
x5c: x5cSelfSigned,
|
|
149
|
+
n: x5cSelfSignedModulus,
|
|
150
|
+
};
|
|
151
|
+
|
|
152
|
+
return assert.isRejected(validate(jwt), KMSError);
|
|
153
|
+
});
|
|
154
|
+
|
|
155
|
+
it('accepts self signed certificate if no CA roots.', () => {
|
|
156
|
+
const jwt = {
|
|
157
|
+
...VALID_JWT,
|
|
158
|
+
x5c: x5cSelfSigned,
|
|
159
|
+
n: x5cSelfSignedModulus,
|
|
160
|
+
};
|
|
161
|
+
|
|
162
|
+
return validateCert()(jwt).then((results) => assert.equal(results, jwt));
|
|
163
|
+
});
|
|
164
|
+
});
|
|
165
|
+
});
|
package/test/unit/spec/kms.js
CHANGED
|
@@ -1,103 +1,103 @@
|
|
|
1
|
-
/*!
|
|
2
|
-
* Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.
|
|
3
|
-
*/
|
|
4
|
-
/* eslint-disable no-underscore-dangle */
|
|
5
|
-
import Url from 'url';
|
|
6
|
-
|
|
7
|
-
import {assert} from '@webex/test-helper-chai';
|
|
8
|
-
import MockWebex from '@webex/test-helper-mock-webex';
|
|
9
|
-
import sinon from 'sinon';
|
|
10
|
-
import Encryption from '@webex/internal-plugin-encryption';
|
|
11
|
-
import {KmsError} from '../../../dist/kms-errors';
|
|
12
|
-
|
|
13
|
-
describe('internal-plugin-encryption', () => {
|
|
14
|
-
describe('kms', () => {
|
|
15
|
-
let webex;
|
|
16
|
-
|
|
17
|
-
beforeEach(() => {
|
|
18
|
-
webex = new MockWebex({
|
|
19
|
-
children: {
|
|
20
|
-
encryption: Encryption,
|
|
21
|
-
},
|
|
22
|
-
});
|
|
23
|
-
});
|
|
24
|
-
|
|
25
|
-
describe('key management', () => {
|
|
26
|
-
const options = undefined;
|
|
27
|
-
let spyStub;
|
|
28
|
-
|
|
29
|
-
beforeEach(() => {
|
|
30
|
-
const returnStub = (obj) => Promise.resolve(obj);
|
|
31
|
-
|
|
32
|
-
spyStub = sinon.stub(webex.internal.encryption.kms, 'request').callsFake(returnStub);
|
|
33
|
-
});
|
|
34
|
-
|
|
35
|
-
afterEach(() => {
|
|
36
|
-
spyStub.resetHistory();
|
|
37
|
-
});
|
|
38
|
-
|
|
39
|
-
it('listAllCustomerMasterKey', async () => {
|
|
40
|
-
await webex.internal.encryption.kms.listAllCustomerMasterKey({
|
|
41
|
-
assignedOrgId: 'xx-sds-assdf',
|
|
42
|
-
awsKms: false,
|
|
43
|
-
});
|
|
44
|
-
|
|
45
|
-
await webex.internal.encryption.kms.listAllCustomerMasterKey({
|
|
46
|
-
assignedOrgId: 'xx-sds-assdf',
|
|
47
|
-
awsKms: true,
|
|
48
|
-
});
|
|
49
|
-
|
|
50
|
-
assert.equal(spyStub.args[0][0].uri, '/cmk');
|
|
51
|
-
assert.equal(spyStub.args[1][0].uri, '/awsKmsCmk');
|
|
52
|
-
});
|
|
53
|
-
|
|
54
|
-
it('uploadCustomerMasterKey', async () => {
|
|
55
|
-
await webex.internal.encryption.kms.uploadCustomerMasterKey({
|
|
56
|
-
assignedOrgId: 'xx-sds-assdf',
|
|
57
|
-
awsKms: false,
|
|
58
|
-
});
|
|
59
|
-
|
|
60
|
-
await webex.internal.encryption.kms.uploadCustomerMasterKey({
|
|
61
|
-
assignedOrgId: 'xx-sds-assdf',
|
|
62
|
-
awsKms: true,
|
|
63
|
-
});
|
|
64
|
-
|
|
65
|
-
assert.equal(spyStub.args[0][0].uri, '/cmk');
|
|
66
|
-
assert.equal(spyStub.args[1][0].uri, '/awsKmsCmk');
|
|
67
|
-
});
|
|
68
|
-
|
|
69
|
-
it('deleteAllCustomerMasterKeys', async () => {
|
|
70
|
-
await webex.internal.encryption.kms.deleteAllCustomerMasterKeys({
|
|
71
|
-
assignedOrgId: 'xx-sds-assdf',
|
|
72
|
-
awsKms: false,
|
|
73
|
-
});
|
|
74
|
-
|
|
75
|
-
await webex.internal.encryption.kms.deleteAllCustomerMasterKeys({
|
|
76
|
-
assignedOrgId: 'xx-sds-assdf',
|
|
77
|
-
awsKms: true,
|
|
78
|
-
});
|
|
79
|
-
|
|
80
|
-
assert.equal(spyStub.args[0][0].uri, '/cmk');
|
|
81
|
-
assert.equal(spyStub.args[1][0].uri, '/awsKmsCmk');
|
|
82
|
-
});
|
|
83
|
-
});
|
|
84
|
-
|
|
85
|
-
describe('KMS error', () => {
|
|
86
|
-
it('KMSError', async () => {
|
|
87
|
-
const error = new KmsError({
|
|
88
|
-
status: 404,
|
|
89
|
-
errorCode: 30005,
|
|
90
|
-
reason: 'cannot fetch keys',
|
|
91
|
-
requestId: '3434343',
|
|
92
|
-
});
|
|
93
|
-
assert.equal(
|
|
94
|
-
error.toString(),
|
|
95
|
-
'KmsError: cannot fetch keys\n' +
|
|
96
|
-
'KMS_RESPONSE_STATUS: 404\n' +
|
|
97
|
-
'KMS_REQUEST_ID: 3434343\n' +
|
|
98
|
-
'KMS_ErrorCode: 30005'
|
|
99
|
-
);
|
|
100
|
-
});
|
|
101
|
-
});
|
|
102
|
-
});
|
|
103
|
-
});
|
|
1
|
+
/*!
|
|
2
|
+
* Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.
|
|
3
|
+
*/
|
|
4
|
+
/* eslint-disable no-underscore-dangle */
|
|
5
|
+
import Url from 'url';
|
|
6
|
+
|
|
7
|
+
import {assert} from '@webex/test-helper-chai';
|
|
8
|
+
import MockWebex from '@webex/test-helper-mock-webex';
|
|
9
|
+
import sinon from 'sinon';
|
|
10
|
+
import Encryption from '@webex/internal-plugin-encryption';
|
|
11
|
+
import {KmsError} from '../../../dist/kms-errors';
|
|
12
|
+
|
|
13
|
+
describe('internal-plugin-encryption', () => {
|
|
14
|
+
describe('kms', () => {
|
|
15
|
+
let webex;
|
|
16
|
+
|
|
17
|
+
beforeEach(() => {
|
|
18
|
+
webex = new MockWebex({
|
|
19
|
+
children: {
|
|
20
|
+
encryption: Encryption,
|
|
21
|
+
},
|
|
22
|
+
});
|
|
23
|
+
});
|
|
24
|
+
|
|
25
|
+
describe('key management', () => {
|
|
26
|
+
const options = undefined;
|
|
27
|
+
let spyStub;
|
|
28
|
+
|
|
29
|
+
beforeEach(() => {
|
|
30
|
+
const returnStub = (obj) => Promise.resolve(obj);
|
|
31
|
+
|
|
32
|
+
spyStub = sinon.stub(webex.internal.encryption.kms, 'request').callsFake(returnStub);
|
|
33
|
+
});
|
|
34
|
+
|
|
35
|
+
afterEach(() => {
|
|
36
|
+
spyStub.resetHistory();
|
|
37
|
+
});
|
|
38
|
+
|
|
39
|
+
it('listAllCustomerMasterKey', async () => {
|
|
40
|
+
await webex.internal.encryption.kms.listAllCustomerMasterKey({
|
|
41
|
+
assignedOrgId: 'xx-sds-assdf',
|
|
42
|
+
awsKms: false,
|
|
43
|
+
});
|
|
44
|
+
|
|
45
|
+
await webex.internal.encryption.kms.listAllCustomerMasterKey({
|
|
46
|
+
assignedOrgId: 'xx-sds-assdf',
|
|
47
|
+
awsKms: true,
|
|
48
|
+
});
|
|
49
|
+
|
|
50
|
+
assert.equal(spyStub.args[0][0].uri, '/cmk');
|
|
51
|
+
assert.equal(spyStub.args[1][0].uri, '/awsKmsCmk');
|
|
52
|
+
});
|
|
53
|
+
|
|
54
|
+
it('uploadCustomerMasterKey', async () => {
|
|
55
|
+
await webex.internal.encryption.kms.uploadCustomerMasterKey({
|
|
56
|
+
assignedOrgId: 'xx-sds-assdf',
|
|
57
|
+
awsKms: false,
|
|
58
|
+
});
|
|
59
|
+
|
|
60
|
+
await webex.internal.encryption.kms.uploadCustomerMasterKey({
|
|
61
|
+
assignedOrgId: 'xx-sds-assdf',
|
|
62
|
+
awsKms: true,
|
|
63
|
+
});
|
|
64
|
+
|
|
65
|
+
assert.equal(spyStub.args[0][0].uri, '/cmk');
|
|
66
|
+
assert.equal(spyStub.args[1][0].uri, '/awsKmsCmk');
|
|
67
|
+
});
|
|
68
|
+
|
|
69
|
+
it('deleteAllCustomerMasterKeys', async () => {
|
|
70
|
+
await webex.internal.encryption.kms.deleteAllCustomerMasterKeys({
|
|
71
|
+
assignedOrgId: 'xx-sds-assdf',
|
|
72
|
+
awsKms: false,
|
|
73
|
+
});
|
|
74
|
+
|
|
75
|
+
await webex.internal.encryption.kms.deleteAllCustomerMasterKeys({
|
|
76
|
+
assignedOrgId: 'xx-sds-assdf',
|
|
77
|
+
awsKms: true,
|
|
78
|
+
});
|
|
79
|
+
|
|
80
|
+
assert.equal(spyStub.args[0][0].uri, '/cmk');
|
|
81
|
+
assert.equal(spyStub.args[1][0].uri, '/awsKmsCmk');
|
|
82
|
+
});
|
|
83
|
+
});
|
|
84
|
+
|
|
85
|
+
describe('KMS error', () => {
|
|
86
|
+
it('KMSError', async () => {
|
|
87
|
+
const error = new KmsError({
|
|
88
|
+
status: 404,
|
|
89
|
+
errorCode: 30005,
|
|
90
|
+
reason: 'cannot fetch keys',
|
|
91
|
+
requestId: '3434343',
|
|
92
|
+
});
|
|
93
|
+
assert.equal(
|
|
94
|
+
error.toString(),
|
|
95
|
+
'KmsError: cannot fetch keys\n' +
|
|
96
|
+
'KMS_RESPONSE_STATUS: 404\n' +
|
|
97
|
+
'KMS_REQUEST_ID: 3434343\n' +
|
|
98
|
+
'KMS_ErrorCode: 30005'
|
|
99
|
+
);
|
|
100
|
+
});
|
|
101
|
+
});
|
|
102
|
+
});
|
|
103
|
+
});
|