@webex/internal-plugin-encryption 2.59.2 → 2.59.3-next.1

package/dist/kms-batcher.js

@@ -11,22 +11,22 @@ var _promise = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/pr
 var _commonTimers = require("@webex/common-timers");
 var _webexCore = require("@webex/webex-core");
 var _kmsErrors = require("./kms-errors");
-/*!
- * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.
+/*!
+ * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.
  */
 
 var TIMEOUT_SYMBOL = (0, _symbol.default)('TIMEOUT_SYMBOL');
 
-/**
- * @class
+/**
+ * @class
  */
 exports.TIMEOUT_SYMBOL = TIMEOUT_SYMBOL;
 var KmsBatcher = _webexCore.Batcher.extend({
   namespace: 'Encryption',
-  /**
-   * Accepts a kmsMessage event and passes its contents to acceptItem
-   * @param {Object} event
-   * @returns {Promise}
+  /**
+   * Accepts a kmsMessage event and passes its contents to acceptItem
+   * @param {Object} event
+   * @returns {Promise}
    */
   processKmsMessageEvent: function processKmsMessageEvent(event) {
     var _this = this;
@@ -41,10 +41,10 @@ var KmsBatcher = _webexCore.Batcher.extend({
       });
     }));
   },
-  /**
-   * Attaches a timeout to the given KMS message
-   * @param {Object} item
-   * @returns {Promise<Object>}
+  /**
+   * Attaches a timeout to the given KMS message
+   * @param {Object} item
+   * @returns {Promise<Object>}
    */
   prepareItem: function prepareItem(item) {
     var _this2 = this;
@@ -74,10 +74,10 @@ var KmsBatcher = _webexCore.Batcher.extend({
       return item;
     });
   },
-  /**
-   * Attaches the final bits of cluster info to the payload
-   * @param {Array} queue
-   * @returns {Promise<Array>}
+  /**
+   * Attaches the final bits of cluster info to the payload
+   * @param {Array} queue
+   * @returns {Promise<Array>}
    */
   prepareRequest: function prepareRequest(queue) {
     return this.webex.internal.encryption.kms._getKMSCluster().then(function (cluster) {
@@ -89,9 +89,9 @@ var KmsBatcher = _webexCore.Batcher.extend({
       };
     });
   },
-  /**
-   * @param {Object} payload
-   * @returns {Promise<HttpResponseObject>}
+  /**
+   * @param {Object} payload
+   * @returns {Promise<HttpResponseObject>}
    */
   submitHttpRequest: function submitHttpRequest(payload) {
     this.logger.info('kms: batched-request-length', payload.kmsMessages.length);
@@ -102,49 +102,49 @@ var KmsBatcher = _webexCore.Batcher.extend({
       body: payload
     });
   },
-  /**
-   * Does nothing; the http response doesn't carry our response data
-   * @returns {Promise}
+  /**
+   * Does nothing; the http response doesn't carry our response data
+   * @returns {Promise}
    */
   handleHttpSuccess: function handleHttpSuccess() {
     return _promise.default.resolve();
   },
-  /**
-   * @param {Object} item
-   * @returns {Promise<boolean>}
+  /**
+   * @param {Object} item
+   * @returns {Promise<boolean>}
    */
   didItemFail: function didItemFail(item) {
     return _promise.default.resolve(item.status >= 400);
   },
-  /**
-   * @param {Object} item
-   * @returns {Promise}
+  /**
+   * @param {Object} item
+   * @returns {Promise}
    */
   handleItemSuccess: function handleItemSuccess(item) {
     return this.getDeferredForResponse(item).then(function (defer) {
       defer.resolve(item.body);
     });
   },
-  /**
-   * @param {Object} item
-   * @param {KmsError} [reason]
-   * @returns {Promise}
+  /**
+   * @param {Object} item
+   * @param {KmsError} [reason]
+   * @returns {Promise}
    */
   handleItemFailure: function handleItemFailure(item, reason) {
     return this.getDeferredForResponse(item).then(function (defer) {
       defer.reject(reason || new _kmsErrors.KmsError(item.body));
     });
   },
-  /**
-   * @param {Object} item
-   * @returns {Promise}
+  /**
+   * @param {Object} item
+   * @returns {Promise}
    */
   fingerprintRequest: function fingerprintRequest(item) {
     return _promise.default.resolve(item.requestId);
   },
-  /**
-   * @param {Object} item
-   * @returns {Promise}
+  /**
+   * @param {Object} item
+   * @returns {Promise}
    */
   fingerprintResponse: function fingerprintResponse(item) {
     return _promise.default.resolve(item.requestId);

package/dist/kms-batcher.js.map

@@ -1 +1 @@
-{"version":3,"names":["_commonTimers","require","_webexCore","_kmsErrors","TIMEOUT_SYMBOL","_symbol","default","exports","KmsBatcher","Batcher","extend","namespace","processKmsMessageEvent","event","_this","logger","info","_promise","all","encryption","kmsMessages","map","kmsMessage","resolve","process","env","NODE_ENV","body","acceptItem","prepareItem","item","_this2","getDeferredForRequest","then","defer","timeout","Error","timer","safeSetTimeout","warn","concat","requestId","handleItemFailure","KmsTimeoutError","request","promise","clearTimeout","catch","prepareRequest","queue","webex","internal","kms","_getKMSCluster","cluster","destination","req","wrapped","submitHttpRequest","payload","length","method","service","resource","handleHttpSuccess","didItemFail","status","handleItemSuccess","getDeferredForResponse","reason","reject","KmsError","fingerprintRequest","fingerprintResponse","_default"],"sources":["kms-batcher.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {safeSetTimeout} from '@webex/common-timers';\nimport {Batcher} from '@webex/webex-core';\n\nimport {KmsError, KmsTimeoutError} from './kms-errors';\n\nexport const TIMEOUT_SYMBOL = Symbol('TIMEOUT_SYMBOL');\n\n/**\n * @class\n */\nconst KmsBatcher = Batcher.extend({\n  namespace: 'Encryption',\n\n  /**\n   * Accepts a kmsMessage event and passes its contents to acceptItem\n   * @param {Object} event\n   * @returns {Promise}\n   */\n  processKmsMessageEvent(event) {\n    this.logger.info('kms-batcher: received kms message');\n\n    return Promise.all(\n      event.encryption.kmsMessages.map(\n        (kmsMessage) =>\n          new Promise((resolve) => {\n            /* istanbul ignore else */\n            if (process.env.NODE_ENV !== 'production') {\n              this.logger.info('kms-batcher:', kmsMessage.body);\n            }\n\n            resolve(this.acceptItem(kmsMessage));\n          })\n      )\n    );\n  },\n\n  /**\n   * Attaches a timeout to the given KMS message\n   * @param {Object} item\n   * @returns {Promise<Object>}\n   */\n  prepareItem(item) {\n    return this.getDeferredForRequest(item).then((defer) => {\n      const timeout = item[TIMEOUT_SYMBOL];\n\n      /* istanbul ignore if */\n      if (!timeout) {\n        throw new Error('timeout is required');\n      }\n\n      const timer = safeSetTimeout(() => {\n        this.logger.warn(\n          `kms: request timed out; request id: ${item.requestId}; timeout: ${timeout}`\n        );\n        this.handleItemFailure(\n          item,\n          new KmsTimeoutError({\n            timeout,\n            request: item,\n          })\n        );\n      }, timeout);\n\n      // Reminder: reassign `promise` is not a viable means of inserting into\n      // the Promise chain\n      defer.promise.then(() => clearTimeout(timer));\n      defer.promise.catch(() => clearTimeout(timer));\n\n      return item;\n    });\n  },\n\n  /**\n   * Attaches the final bits of cluster info to the payload\n   * @param {Array} queue\n   * @returns {Promise<Array>}\n   */\n  prepareRequest(queue) {\n    return this.webex.internal.encryption.kms._getKMSCluster().then((cluster) => ({\n      destination: cluster,\n      kmsMessages: queue.map((req) => req.wrapped),\n    }));\n  },\n\n  /**\n   * @param {Object} payload\n   * @returns {Promise<HttpResponseObject>}\n   */\n  submitHttpRequest(payload) {\n    this.logger.info('kms: batched-request-length', payload.kmsMessages.length);\n\n    return this.webex.request({\n      method: 'POST',\n      service: 'encryption',\n      resource: '/kms/messages',\n      body: payload,\n    });\n  },\n\n  /**\n   * Does nothing; the http response doesn't carry our response data\n   * @returns {Promise}\n   */\n  handleHttpSuccess() {\n    return Promise.resolve();\n  },\n\n  /**\n   * @param {Object} item\n   * @returns {Promise<boolean>}\n   */\n  didItemFail(item) {\n    return Promise.resolve(item.status >= 400);\n  },\n\n  /**\n   * @param {Object} item\n   * @returns {Promise}\n   */\n  handleItemSuccess(item) {\n    return this.getDeferredForResponse(item).then((defer) => {\n      defer.resolve(item.body);\n    });\n  },\n\n  /**\n   * @param {Object} item\n   * @param {KmsError} [reason]\n   * @returns {Promise}\n   */\n  handleItemFailure(item, reason) {\n    return this.getDeferredForResponse(item).then((defer) => {\n      defer.reject(reason || new KmsError(item.body));\n    });\n  },\n\n  /**\n   * @param {Object} item\n   * @returns {Promise}\n   */\n  fingerprintRequest(item) {\n    return Promise.resolve(item.requestId);\n  },\n\n  /**\n   * @param {Object} item\n   * @returns {Promise}\n   */\n  fingerprintResponse(item) {\n    return Promise.resolve(item.requestId);\n  },\n});\n\nexport default KmsBatcher;\n"],"mappings":";;;;;;;;;;AAIA,IAAAA,aAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,UAAA,GAAAF,OAAA;AAPA;AACA;AACA;;AAOO,IAAMG,cAAc,GAAG,IAAAC,OAAA,CAAAC,OAAA,EAAO,gBAAgB,CAAC;;AAEtD;AACA;AACA;AAFAC,OAAA,CAAAH,cAAA,GAAAA,cAAA;AAGA,IAAMI,UAAU,GAAGC,kBAAO,CAACC,MAAM,CAAC;EAChCC,SAAS,EAAE,YAAY;EAEvB;AACF;AACA;AACA;AACA;EACEC,sBAAsB,WAAAA,uBAACC,KAAK,EAAE;IAAA,IAAAC,KAAA;IAC5B,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,mCAAmC,CAAC;IAErD,OAAOC,QAAA,CAAAX,OAAA,CAAQY,GAAG,CAChBL,KAAK,CAACM,UAAU,CAACC,WAAW,CAACC,GAAG,CAC9B,UAACC,UAAU;MAAA,OACT,IAAAL,QAAA,CAAAX,OAAA,CAAY,UAACiB,OAAO,EAAK;QACvB;QACA,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,EAAE;UACzCZ,KAAI,CAACC,MAAM,CAACC,IAAI,CAAC,cAAc,EAAEM,UAAU,CAACK,IAAI,CAAC;QACnD;QAEAJ,OAAO,CAACT,KAAI,CAACc,UAAU,CAACN,UAAU,CAAC,CAAC;MACtC,CAAC,CAAC;IAAA,EACL,CACF;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;EACEO,WAAW,WAAAA,YAACC,IAAI,EAAE;IAAA,IAAAC,MAAA;IAChB,OAAO,IAAI,CAACC,qBAAqB,CAACF,IAAI,CAAC,CAACG,IAAI,CAAC,UAACC,KAAK,EAAK;MACtD,IAAMC,OAAO,GAAGL,IAAI,CAAC1B,cAAc,CAAC;;MAEpC;MACA,IAAI,CAAC+B,OAAO,EAAE;QACZ,MAAM,IAAIC,KAAK,CAAC,qBAAqB,CAAC;MACxC;MAEA,IAAMC,KAAK,GAAG,IAAAC,4BAAc,EAAC,YAAM;QACjCP,MAAI,CAAChB,MAAM,CAACwB,IAAI,wCAAAC,MAAA,CACyBV,IAAI,CAACW,SAAS,iBAAAD,MAAA,CAAcL,OAAO,EAC3E;QACDJ,MAAI,CAACW,iBAAiB,CACpBZ,IAAI,EACJ,IAAIa,0BAAe,CAAC;UAClBR,OAAO,EAAPA,OAAO;UACPS,OAAO,EAAEd;QACX,CAAC,CAAC,CACH;MACH,CAAC,EAAEK,OAAO,CAAC;;MAEX;MACA;MACAD,KAAK,CAACW,OAAO,CAACZ,IAAI,CAAC;QAAA,OAAMa,YAAY,CAACT,KAAK,CAAC;MAAA,EAAC;MAC7CH,KAAK,CAACW,OAAO,CAACE,KAAK,CAAC;QAAA,OAAMD,YAAY,CAACT,KAAK,CAAC;MAAA,EAAC;MAE9C,OAAOP,IAAI;IACb,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;EACEkB,cAAc,WAAAA,eAACC,KAAK,EAAE;IACpB,OAAO,IAAI,CAACC,KAAK,CAACC,QAAQ,CAAChC,UAAU,CAACiC,GAAG,CAACC,cAAc,EAAE,CAACpB,IAAI,CAAC,UAACqB,OAAO;MAAA,OAAM;QAC5EC,WAAW,EAAED,OAAO;QACpBlC,WAAW,EAAE6B,KAAK,CAAC5B,GAAG,CAAC,UAACmC,GAAG;UAAA,OAAKA,GAAG,CAACC,OAAO;QAAA;MAC7C,CAAC;IAAA,CAAC,CAAC;EACL,CAAC;EAED;AACF;AACA;AACA;EACEC,iBAAiB,WAAAA,kBAACC,OAAO,EAAE;IACzB,IAAI,CAAC5C,MAAM,CAACC,IAAI,CAAC,6BAA6B,EAAE2C,OAAO,CAACvC,WAAW,CAACwC,MAAM,CAAC;IAE3E,OAAO,IAAI,CAACV,KAAK,CAACN,OAAO,CAAC;MACxBiB,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE,YAAY;MACrBC,QAAQ,EAAE,eAAe;MACzBpC,IAAI,EAAEgC;IACR,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;EACEK,iBAAiB,WAAAA,kBAAA,EAAG;IAClB,OAAO/C,QAAA,CAAAX,OAAA,CAAQiB,OAAO,EAAE;EAC1B,CAAC;EAED;AACF;AACA;AACA;EACE0C,WAAW,WAAAA,YAACnC,IAAI,EAAE;IAChB,OAAOb,QAAA,CAAAX,OAAA,CAAQiB,OAAO,CAACO,IAAI,CAACoC,MAAM,IAAI,GAAG,CAAC;EAC5C,CAAC;EAED;AACF;AACA;AACA;EACEC,iBAAiB,WAAAA,kBAACrC,IAAI,EAAE;IACtB,OAAO,IAAI,CAACsC,sBAAsB,CAACtC,IAAI,CAAC,CAACG,IAAI,CAAC,UAACC,KAAK,EAAK;MACvDA,KAAK,CAACX,OAAO,CAACO,IAAI,CAACH,IAAI,CAAC;IAC1B,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;EACEe,iBAAiB,WAAAA,kBAACZ,IAAI,EAAEuC,MAAM,EAAE;IAC9B,OAAO,IAAI,CAACD,sBAAsB,CAACtC,IAAI,CAAC,CAACG,IAAI,CAAC,UAACC,KAAK,EAAK;MACvDA,KAAK,CAACoC,MAAM,CAACD,MAAM,IAAI,IAAIE,mBAAQ,CAACzC,IAAI,CAACH,IAAI,CAAC,CAAC;IACjD,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;EACE6C,kBAAkB,WAAAA,mBAAC1C,IAAI,EAAE;IACvB,OAAOb,QAAA,CAAAX,OAAA,CAAQiB,OAAO,CAACO,IAAI,CAACW,SAAS,CAAC;EACxC,CAAC;EAED;AACF;AACA;AACA;EACEgC,mBAAmB,WAAAA,oBAAC3C,IAAI,EAAE;IACxB,OAAOb,QAAA,CAAAX,OAAA,CAAQiB,OAAO,CAACO,IAAI,CAACW,SAAS,CAAC;EACxC;AACF,CAAC,CAAC;AAAC,IAAAiC,QAAA,GAEYlE,UAAU;AAAAD,OAAA,CAAAD,OAAA,GAAAoE,QAAA"}
+{"version":3,"names":["_commonTimers","require","_webexCore","_kmsErrors","TIMEOUT_SYMBOL","_symbol","default","exports","KmsBatcher","Batcher","extend","namespace","processKmsMessageEvent","event","_this","logger","info","_promise","all","encryption","kmsMessages","map","kmsMessage","resolve","process","env","NODE_ENV","body","acceptItem","prepareItem","item","_this2","getDeferredForRequest","then","defer","timeout","Error","timer","safeSetTimeout","warn","concat","requestId","handleItemFailure","KmsTimeoutError","request","promise","clearTimeout","catch","prepareRequest","queue","webex","internal","kms","_getKMSCluster","cluster","destination","req","wrapped","submitHttpRequest","payload","length","method","service","resource","handleHttpSuccess","didItemFail","status","handleItemSuccess","getDeferredForResponse","reason","reject","KmsError","fingerprintRequest","fingerprintResponse","_default"],"sources":["kms-batcher.js"],"sourcesContent":["/*!\r\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\r\n */\r\n\r\nimport {safeSetTimeout} from '@webex/common-timers';\r\nimport {Batcher} from '@webex/webex-core';\r\n\r\nimport {KmsError, KmsTimeoutError} from './kms-errors';\r\n\r\nexport const TIMEOUT_SYMBOL = Symbol('TIMEOUT_SYMBOL');\r\n\r\n/**\r\n * @class\r\n */\r\nconst KmsBatcher = Batcher.extend({\r\n  namespace: 'Encryption',\r\n\r\n  /**\r\n   * Accepts a kmsMessage event and passes its contents to acceptItem\r\n   * @param {Object} event\r\n   * @returns {Promise}\r\n   */\r\n  processKmsMessageEvent(event) {\r\n    this.logger.info('kms-batcher: received kms message');\r\n\r\n    return Promise.all(\r\n      event.encryption.kmsMessages.map(\r\n        (kmsMessage) =>\r\n          new Promise((resolve) => {\r\n            /* istanbul ignore else */\r\n            if (process.env.NODE_ENV !== 'production') {\r\n              this.logger.info('kms-batcher:', kmsMessage.body);\r\n            }\r\n\r\n            resolve(this.acceptItem(kmsMessage));\r\n          })\r\n      )\r\n    );\r\n  },\r\n\r\n  /**\r\n   * Attaches a timeout to the given KMS message\r\n   * @param {Object} item\r\n   * @returns {Promise<Object>}\r\n   */\r\n  prepareItem(item) {\r\n    return this.getDeferredForRequest(item).then((defer) => {\r\n      const timeout = item[TIMEOUT_SYMBOL];\r\n\r\n      /* istanbul ignore if */\r\n      if (!timeout) {\r\n        throw new Error('timeout is required');\r\n      }\r\n\r\n      const timer = safeSetTimeout(() => {\r\n        this.logger.warn(\r\n          `kms: request timed out; request id: ${item.requestId}; timeout: ${timeout}`\r\n        );\r\n        this.handleItemFailure(\r\n          item,\r\n          new KmsTimeoutError({\r\n            timeout,\r\n            request: item,\r\n          })\r\n        );\r\n      }, timeout);\r\n\r\n      // Reminder: reassign `promise` is not a viable means of inserting into\r\n      // the Promise chain\r\n      defer.promise.then(() => clearTimeout(timer));\r\n      defer.promise.catch(() => clearTimeout(timer));\r\n\r\n      return item;\r\n    });\r\n  },\r\n\r\n  /**\r\n   * Attaches the final bits of cluster info to the payload\r\n   * @param {Array} queue\r\n   * @returns {Promise<Array>}\r\n   */\r\n  prepareRequest(queue) {\r\n    return this.webex.internal.encryption.kms._getKMSCluster().then((cluster) => ({\r\n      destination: cluster,\r\n      kmsMessages: queue.map((req) => req.wrapped),\r\n    }));\r\n  },\r\n\r\n  /**\r\n   * @param {Object} payload\r\n   * @returns {Promise<HttpResponseObject>}\r\n   */\r\n  submitHttpRequest(payload) {\r\n    this.logger.info('kms: batched-request-length', payload.kmsMessages.length);\r\n\r\n    return this.webex.request({\r\n      method: 'POST',\r\n      service: 'encryption',\r\n      resource: '/kms/messages',\r\n      body: payload,\r\n    });\r\n  },\r\n\r\n  /**\r\n   * Does nothing; the http response doesn't carry our response data\r\n   * @returns {Promise}\r\n   */\r\n  handleHttpSuccess() {\r\n    return Promise.resolve();\r\n  },\r\n\r\n  /**\r\n   * @param {Object} item\r\n   * @returns {Promise<boolean>}\r\n   */\r\n  didItemFail(item) {\r\n    return Promise.resolve(item.status >= 400);\r\n  },\r\n\r\n  /**\r\n   * @param {Object} item\r\n   * @returns {Promise}\r\n   */\r\n  handleItemSuccess(item) {\r\n    return this.getDeferredForResponse(item).then((defer) => {\r\n      defer.resolve(item.body);\r\n    });\r\n  },\r\n\r\n  /**\r\n   * @param {Object} item\r\n   * @param {KmsError} [reason]\r\n   * @returns {Promise}\r\n   */\r\n  handleItemFailure(item, reason) {\r\n    return this.getDeferredForResponse(item).then((defer) => {\r\n      defer.reject(reason || new KmsError(item.body));\r\n    });\r\n  },\r\n\r\n  /**\r\n   * @param {Object} item\r\n   * @returns {Promise}\r\n   */\r\n  fingerprintRequest(item) {\r\n    return Promise.resolve(item.requestId);\r\n  },\r\n\r\n  /**\r\n   * @param {Object} item\r\n   * @returns {Promise}\r\n   */\r\n  fingerprintResponse(item) {\r\n    return Promise.resolve(item.requestId);\r\n  },\r\n});\r\n\r\nexport default KmsBatcher;\r\n"],"mappings":";;;;;;;;;;AAIA,IAAAA,aAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,UAAA,GAAAF,OAAA;AAPA;AACA;AACA;;AAOO,IAAMG,cAAc,GAAG,IAAAC,OAAA,CAAAC,OAAA,EAAO,gBAAgB,CAAC;;AAEtD;AACA;AACA;AAFAC,OAAA,CAAAH,cAAA,GAAAA,cAAA;AAGA,IAAMI,UAAU,GAAGC,kBAAO,CAACC,MAAM,CAAC;EAChCC,SAAS,EAAE,YAAY;EAEvB;AACF;AACA;AACA;AACA;EACEC,sBAAsB,WAAAA,uBAACC,KAAK,EAAE;IAAA,IAAAC,KAAA;IAC5B,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,mCAAmC,CAAC;IAErD,OAAOC,QAAA,CAAAX,OAAA,CAAQY,GAAG,CAChBL,KAAK,CAACM,UAAU,CAACC,WAAW,CAACC,GAAG,CAC9B,UAACC,UAAU;MAAA,OACT,IAAAL,QAAA,CAAAX,OAAA,CAAY,UAACiB,OAAO,EAAK;QACvB;QACA,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,EAAE;UACzCZ,KAAI,CAACC,MAAM,CAACC,IAAI,CAAC,cAAc,EAAEM,UAAU,CAACK,IAAI,CAAC;QACnD;QAEAJ,OAAO,CAACT,KAAI,CAACc,UAAU,CAACN,UAAU,CAAC,CAAC;MACtC,CAAC,CAAC;IAAA,EACL,CACF;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;EACEO,WAAW,WAAAA,YAACC,IAAI,EAAE;IAAA,IAAAC,MAAA;IAChB,OAAO,IAAI,CAACC,qBAAqB,CAACF,IAAI,CAAC,CAACG,IAAI,CAAC,UAACC,KAAK,EAAK;MACtD,IAAMC,OAAO,GAAGL,IAAI,CAAC1B,cAAc,CAAC;;MAEpC;MACA,IAAI,CAAC+B,OAAO,EAAE;QACZ,MAAM,IAAIC,KAAK,CAAC,qBAAqB,CAAC;MACxC;MAEA,IAAMC,KAAK,GAAG,IAAAC,4BAAc,EAAC,YAAM;QACjCP,MAAI,CAAChB,MAAM,CAACwB,IAAI,wCAAAC,MAAA,CACyBV,IAAI,CAACW,SAAS,iBAAAD,MAAA,CAAcL,OAAO,EAC3E;QACDJ,MAAI,CAACW,iBAAiB,CACpBZ,IAAI,EACJ,IAAIa,0BAAe,CAAC;UAClBR,OAAO,EAAPA,OAAO;UACPS,OAAO,EAAEd;QACX,CAAC,CAAC,CACH;MACH,CAAC,EAAEK,OAAO,CAAC;;MAEX;MACA;MACAD,KAAK,CAACW,OAAO,CAACZ,IAAI,CAAC;QAAA,OAAMa,YAAY,CAACT,KAAK,CAAC;MAAA,EAAC;MAC7CH,KAAK,CAACW,OAAO,CAACE,KAAK,CAAC;QAAA,OAAMD,YAAY,CAACT,KAAK,CAAC;MAAA,EAAC;MAE9C,OAAOP,IAAI;IACb,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;EACEkB,cAAc,WAAAA,eAACC,KAAK,EAAE;IACpB,OAAO,IAAI,CAACC,KAAK,CAACC,QAAQ,CAAChC,UAAU,CAACiC,GAAG,CAACC,cAAc,EAAE,CAACpB,IAAI,CAAC,UAACqB,OAAO;MAAA,OAAM;QAC5EC,WAAW,EAAED,OAAO;QACpBlC,WAAW,EAAE6B,KAAK,CAAC5B,GAAG,CAAC,UAACmC,GAAG;UAAA,OAAKA,GAAG,CAACC,OAAO;QAAA;MAC7C,CAAC;IAAA,CAAC,CAAC;EACL,CAAC;EAED;AACF;AACA;AACA;EACEC,iBAAiB,WAAAA,kBAACC,OAAO,EAAE;IACzB,IAAI,CAAC5C,MAAM,CAACC,IAAI,CAAC,6BAA6B,EAAE2C,OAAO,CAACvC,WAAW,CAACwC,MAAM,CAAC;IAE3E,OAAO,IAAI,CAACV,KAAK,CAACN,OAAO,CAAC;MACxBiB,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE,YAAY;MACrBC,QAAQ,EAAE,eAAe;MACzBpC,IAAI,EAAEgC;IACR,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;EACEK,iBAAiB,WAAAA,kBAAA,EAAG;IAClB,OAAO/C,QAAA,CAAAX,OAAA,CAAQiB,OAAO,EAAE;EAC1B,CAAC;EAED;AACF;AACA;AACA;EACE0C,WAAW,WAAAA,YAACnC,IAAI,EAAE;IAChB,OAAOb,QAAA,CAAAX,OAAA,CAAQiB,OAAO,CAACO,IAAI,CAACoC,MAAM,IAAI,GAAG,CAAC;EAC5C,CAAC;EAED;AACF;AACA;AACA;EACEC,iBAAiB,WAAAA,kBAACrC,IAAI,EAAE;IACtB,OAAO,IAAI,CAACsC,sBAAsB,CAACtC,IAAI,CAAC,CAACG,IAAI,CAAC,UAACC,KAAK,EAAK;MACvDA,KAAK,CAACX,OAAO,CAACO,IAAI,CAACH,IAAI,CAAC;IAC1B,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;EACEe,iBAAiB,WAAAA,kBAACZ,IAAI,EAAEuC,MAAM,EAAE;IAC9B,OAAO,IAAI,CAACD,sBAAsB,CAACtC,IAAI,CAAC,CAACG,IAAI,CAAC,UAACC,KAAK,EAAK;MACvDA,KAAK,CAACoC,MAAM,CAACD,MAAM,IAAI,IAAIE,mBAAQ,CAACzC,IAAI,CAACH,IAAI,CAAC,CAAC;IACjD,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;EACE6C,kBAAkB,WAAAA,mBAAC1C,IAAI,EAAE;IACvB,OAAOb,QAAA,CAAAX,OAAA,CAAQiB,OAAO,CAACO,IAAI,CAACW,SAAS,CAAC;EACxC,CAAC;EAED;AACF;AACA;AACA;EACEgC,mBAAmB,WAAAA,oBAAC3C,IAAI,EAAE;IACxB,OAAOb,QAAA,CAAAX,OAAA,CAAQiB,OAAO,CAACO,IAAI,CAACW,SAAS,CAAC;EACxC;AACF,CAAC,CAAC;AAAC,IAAAiC,QAAA,GAEYlE,UAAU;AAAAD,OAAA,CAAAD,OAAA,GAAAoE,QAAA"}

package/dist/kms-certificate-validation.js

@@ -42,16 +42,16 @@ var VALID_KID_PROTOCOL = 'kms:';
 var X509_COMMON_NAME_KEY = '2.5.4.3';
 var X509_SUBJECT_ALT_NAME_KEY = '2.5.29.17';
 
-/**
- * Customize Error so the SDK knows to quit retrying and notify
- * the user
+/**
+ * Customize Error so the SDK knows to quit retrying and notify
+ * the user
  */
 var KMSError = /*#__PURE__*/function (_Error) {
   (0, _inherits2.default)(KMSError, _Error);
   var _super = _createSuper(KMSError);
-  /**
-   * add kmsError field to notify
-   * @param {string} message
+  /**
+   * add kmsError field to notify
+   * @param {string} message
    */
   function KMSError(message) {
     var _this;
@@ -67,10 +67,10 @@ var throwError = function throwError(err) {
   throw new KMSError("INVALID KMS: ".concat(err));
 };
 
-/**
- * Converts the PEM string to a pkijs certificate object
- * @param {string} pem PEM representation of a certificate
- * @returns {Certificate} pkijs object of the certificate
+/**
+ * Converts the PEM string to a pkijs certificate object
+ * @param {string} pem PEM representation of a certificate
+ * @returns {Certificate} pkijs object of the certificate
  */
 var decodeCert = function decodeCert(pem) {
   if (typeof pem !== 'string') {
@@ -84,12 +84,12 @@ var decodeCert = function decodeCert(pem) {
   });
 };
 
-/**
- * Validate the 'kty' property of the KMS credentials
- * @param {Object} JWT KMS credentials
- * @param {string} JWT.kty type of certificate
- * @throws {KMSError} if kty is not a valid type
- * @returns {void}
+/**
+ * Validate the 'kty' property of the KMS credentials
+ * @param {Object} JWT KMS credentials
+ * @param {string} JWT.kty type of certificate
+ * @throws {KMSError} if kty is not a valid type
+ * @returns {void}
  */
 var validateKtyHeader = function validateKtyHeader(_ref) {
   var kty = _ref.kty;
@@ -107,15 +107,15 @@ var validateKidHeader = function validateKidHeader(_ref2) {
   }
 };
 
-/**
- * Checks the first certificate matches the 'kid' in the JWT.
- * It first checks the Subject Alternative Name then it checks
- * the Common Name
- * @param {Certificate} certificate represents the KMS
- * @param {Object} JWT KMS credentials
- * @param {string} JWT.kid the uri of the KMS
- * @throws {KMSError} if unable to validate certificate against KMS credentials
- * @returns {void}
+/**
+ * Checks the first certificate matches the 'kid' in the JWT.
+ * It first checks the Subject Alternative Name then it checks
+ * the Common Name
+ * @param {Certificate} certificate represents the KMS
+ * @param {Object} JWT KMS credentials
+ * @param {string} JWT.kid the uri of the KMS
+ * @throws {KMSError} if unable to validate certificate against KMS credentials
+ * @returns {void}
  */
 var validateCommonName = function validateCommonName(_ref3, _ref4) {
   var _ref5 = (0, _slicedToArray2.default)(_ref3, 1),
@@ -186,15 +186,15 @@ var validateCommonName = function validateCommonName(_ref3, _ref4) {
   }
 };
 
-/**
- * Validate the first KMS certificate against the information
- * provided in the JWT
- * @param {Certificate} certificate first certificate the identifies the KMS
- * @param {Object} JWT credentials of the KMS
- * @param {string} JWT.e Public exponent of the first certificate
- * @param {string} KWT.n Modulus of the first certificate
- * @throws {KMSError} if e or n doesn't match the first certificate
- * @returns {void}
+/**
+ * Validate the first KMS certificate against the information
+ * provided in the JWT
+ * @param {Certificate} certificate first certificate the identifies the KMS
+ * @param {Object} JWT credentials of the KMS
+ * @param {string} JWT.e Public exponent of the first certificate
+ * @param {string} KWT.n Modulus of the first certificate
+ * @throws {KMSError} if e or n doesn't match the first certificate
+ * @returns {void}
  */
 var validatePublicCertificate = function validatePublicCertificate(_ref6, _ref7) {
   var _ref8 = (0, _slicedToArray2.default)(_ref6, 1),
@@ -217,13 +217,13 @@ var validatePublicCertificate = function validatePublicCertificate(_ref6, _ref7)
   }
 };
 
-/**
- * Validates the list of certificates against the CAs provided
- * @param {certificate[]} certificates list of certificates provided
- *   by the KMS to certify itself
- * @param {string[]} [caroots=[]] list of Certificate Authorities used to
- *   validate the KMS's certificates
- * @returns {Promise} rejects if unable to validate the certificates
+/**
+ * Validates the list of certificates against the CAs provided
+ * @param {certificate[]} certificates list of certificates provided
+ *   by the KMS to certify itself
+ * @param {string[]} [caroots=[]] list of Certificate Authorities used to
+ *   validate the KMS's certificates
+ * @returns {Promise} rejects if unable to validate the certificates
  */
 var validateCertificatesSignature = function validateCertificatesSignature(certificates) {
   var caroots = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : [];
@@ -241,15 +241,15 @@ var validateCertificatesSignature = function validateCertificatesSignature(certi
   });
 };
 
-/**
- * Validates the information provided by the KMS. This is a curried function.
- * The first function takes the caroots param and returns a second function.
- * The second function takes the credentials of the KMS and validates it
- * @param {string[]} caroots PEM encoded certificates that will be used
- *   as Certificate Authorities
- * @param {Object} jwt Object containing the fields necessary to
- *   validate the KMS
- * @returns {Promise} when resolved will return the jwt
+/**
+ * Validates the information provided by the KMS. This is a curried function.
+ * The first function takes the caroots param and returns a second function.
+ * The second function takes the credentials of the KMS and validates it
+ * @param {string[]} caroots PEM encoded certificates that will be used
+ *   as Certificate Authorities
+ * @param {Object} jwt Object containing the fields necessary to
+ *   validate the KMS
+ * @returns {Promise} when resolved will return the jwt
  */
 var validateKMS = function validateKMS(caroots) {
   return function () {

package/dist/kms-certificate-validation.js.map

@@ -1 +1 @@
-{"version":3,"names":["_url","require","_validUrl","_asn1js","_pkijs","_nodeJose","_interopRequireDefault","_isomorphicWebcrypto","_safeBuffer","_createForOfIteratorHelper","o","allowArrayLike","it","_Symbol","_Symbol$iterator","_Array$isArray","_unsupportedIterableToArray","length","i","F","s","n","done","value","e","_e","f","TypeError","normalCompletion","didErr","err","call","step","next","_e2","return","minLen","_arrayLikeToArray","Object","prototype","toString","slice","constructor","name","_Array$from","test","arr","len","arr2","Array","_createSuper","Derived","hasNativeReflectConstruct","_isNativeReflectConstruct","_createSuperInternal","Super","_getPrototypeOf2","default","result","NewTarget","_Reflect$construct","arguments","apply","_possibleConstructorReturn2","Reflect","sham","Proxy","Boolean","valueOf","setEngine","crypto","CryptoEngine","subtle","VALID_KTY","VALID_KID_PROTOCOL","X509_COMMON_NAME_KEY","X509_SUBJECT_ALT_NAME_KEY","KMSError","_Error","_inherits2","_super","message","_this","_classCallCheck2","kmsError","_createClass2","_wrapNativeSuper2","Error","exports","throwError","concat","decodeCert","pem","der","Buffer","from","ber","Uint8Array","buffer","asn1","fromBER","Certificate","schema","validateKtyHeader","_ref","kty","validateKidHeader","_ref2","kid","isUri","parseUrl","protocol","validateCommonName","_ref3","_ref4","_ref5","_slicedToArray2","certificate","kidHostname","hostname","validationSuccessful","extensions","_iterator","_step","extension","extnID","altNames","parsedValue","_iterator2","_step2","entry","san","subjectAttributes","subject","typesAndValues","_iterator3","_step3","attribute","type","commonName","valueBlock","validatePublicCertificate","_ref6","_ref7","_ref8","publicExponent","modulus","encode","jose","util","base64url","publicKey","subjectPublicKeyInfo","subjectPublicKey","asn1PublicCert","valueHex","publicCert","RSAPublicKey","publicExponentHex","modulusHex","validateCertificatesSignature","certificates","caroots","undefined","certificateEngine","CertificateChainValidationEngine","trustedCerts","map","certs","verify","then","_ref9","resultCode","resultMessage","validateKMS","jwt","_promise","resolve","_isArray2","x5c","promise","_default"],"sources":["kms-certificate-validation.js"],"sourcesContent":["import {parse as parseUrl} from 'url';\n\nimport {isUri} from 'valid-url';\nimport {fromBER} from 'asn1js';\nimport {\n  Certificate,\n  RSAPublicKey,\n  CertificateChainValidationEngine,\n  CryptoEngine,\n  setEngine,\n} from 'pkijs';\nimport {isArray} from 'lodash';\nimport jose from 'node-jose';\nimport crypto from 'isomorphic-webcrypto';\nimport {Buffer} from 'safe-buffer';\n\nsetEngine(\n  'newEngine',\n  crypto,\n  new CryptoEngine({\n    name: '',\n    crypto,\n    subtle: crypto.subtle,\n  })\n);\n\nconst VALID_KTY = 'RSA';\nconst VALID_KID_PROTOCOL = 'kms:';\n\nconst X509_COMMON_NAME_KEY = '2.5.4.3';\n\nconst X509_SUBJECT_ALT_NAME_KEY = '2.5.29.17';\n\n/**\n * Customize Error so the SDK knows to quit retrying and notify\n * the user\n */\nexport class KMSError extends Error {\n  /**\n   * add kmsError field to notify\n   * @param {string} message\n   */\n  constructor(message) {\n    super(message);\n    this.kmsError = true;\n  }\n}\n\nconst throwError = (err) => {\n  throw new KMSError(`INVALID KMS: ${err}`);\n};\n\n/**\n * Converts the PEM string to a pkijs certificate object\n * @param {string} pem PEM representation of a certificate\n * @returns {Certificate} pkijs object of the certificate\n */\nconst decodeCert = (pem) => {\n  if (typeof pem !== 'string') {\n    throwError('certificate needs to be a string');\n  }\n\n  const der = Buffer.from(pem, 'base64');\n  const ber = new Uint8Array(der).buffer;\n\n  const asn1 = fromBER(ber);\n\n  return new Certificate({schema: asn1.result});\n};\n\n/**\n * Validate the 'kty' property of the KMS credentials\n * @param {Object} JWT KMS credentials\n * @param {string} JWT.kty type of certificate\n * @throws {KMSError} if kty is not a valid type\n * @returns {void}\n */\nconst validateKtyHeader = ({kty}) => {\n  if (kty !== VALID_KTY) {\n    throwError(`'kty' header must be '${VALID_KTY}'`);\n  }\n};\n\nconst validateKidHeader = ({kid}) => {\n  if (!isUri(kid)) {\n    throwError(\"'kid' is not a valid URI\");\n  }\n\n  if (parseUrl(kid).protocol !== VALID_KID_PROTOCOL) {\n    throwError(`'kid' protocol must be '${VALID_KID_PROTOCOL}'`);\n  }\n};\n\n/**\n * Checks the first certificate matches the 'kid' in the JWT.\n * It first checks the Subject Alternative Name then it checks\n * the Common Name\n * @param {Certificate} certificate represents the KMS\n * @param {Object} JWT KMS credentials\n * @param {string} JWT.kid the uri of the KMS\n * @throws {KMSError} if unable to validate certificate against KMS credentials\n * @returns {void}\n */\nconst validateCommonName = ([certificate], {kid}) => {\n  const kidHostname = parseUrl(kid).hostname;\n  let validationSuccessful = false;\n\n  if (certificate.extensions) {\n    // Subject Alt Names are in here\n    for (const extension of certificate.extensions) {\n      if (extension.extnID === X509_SUBJECT_ALT_NAME_KEY) {\n        const {altNames} = extension.parsedValue;\n\n        for (const entry of altNames) {\n          const san = entry.value;\n\n          validationSuccessful = san === kidHostname;\n          if (validationSuccessful) {\n            break;\n          }\n        }\n\n        if (validationSuccessful) {\n          break;\n        }\n      }\n    }\n  }\n\n  if (!validationSuccessful) {\n    // Didn't match kid in the Subject Alt Names, checking the Common Name\n    const subjectAttributes = certificate.subject.typesAndValues;\n\n    for (const attribute of subjectAttributes) {\n      if (attribute.type === X509_COMMON_NAME_KEY) {\n        const commonName = attribute.value.valueBlock.value;\n\n        validationSuccessful = commonName === kidHostname;\n        if (validationSuccessful) {\n          break;\n        }\n      }\n    }\n  }\n\n  if (!validationSuccessful) {\n    throwError(\"hostname of the 1st certificate does not match 'kid'\");\n  }\n};\n\n/**\n * Validate the first KMS certificate against the information\n * provided in the JWT\n * @param {Certificate} certificate first certificate the identifies the KMS\n * @param {Object} JWT credentials of the KMS\n * @param {string} JWT.e Public exponent of the first certificate\n * @param {string} KWT.n Modulus of the first certificate\n * @throws {KMSError} if e or n doesn't match the first certificate\n * @returns {void}\n */\nconst validatePublicCertificate = ([certificate], {e: publicExponent, n: modulus}) => {\n  const {encode} = jose.util.base64url;\n\n  const publicKey = certificate.subjectPublicKeyInfo.subjectPublicKey;\n  const asn1PublicCert = fromBER(publicKey.valueBlock.valueHex);\n  const publicCert = new RSAPublicKey({schema: asn1PublicCert.result});\n  const publicExponentHex = publicCert.publicExponent.valueBlock.valueHex;\n  const modulusHex = publicCert.modulus.valueBlock.valueHex;\n\n  if (publicExponent !== encode(publicExponentHex)) {\n    throwError('Public exponent is invalid');\n  }\n  if (modulus !== encode(modulusHex)) {\n    throwError('Modulus is invalid');\n  }\n};\n\n/**\n * Validates the list of certificates against the CAs provided\n * @param {certificate[]} certificates list of certificates provided\n *   by the KMS to certify itself\n * @param {string[]} [caroots=[]] list of Certificate Authorities used to\n *   validate the KMS's certificates\n * @returns {Promise} rejects if unable to validate the certificates\n */\nconst validateCertificatesSignature = (certificates, caroots = []) => {\n  const certificateEngine = new CertificateChainValidationEngine({\n    trustedCerts: caroots.map(decodeCert),\n    certs: certificates,\n  });\n\n  return certificateEngine.verify().then(({result, resultCode, resultMessage}) => {\n    if (!result) {\n      throwError(`Certificate Validation failed [${resultCode}]: ${resultMessage}`);\n    }\n  });\n};\n\n/**\n * Validates the information provided by the KMS. This is a curried function.\n * The first function takes the caroots param and returns a second function.\n * The second function takes the credentials of the KMS and validates it\n * @param {string[]} caroots PEM encoded certificates that will be used\n *   as Certificate Authorities\n * @param {Object} jwt Object containing the fields necessary to\n *   validate the KMS\n * @returns {Promise} when resolved will return the jwt\n */\nconst validateKMS =\n  (caroots) =>\n  (jwt = {}) =>\n    Promise.resolve().then(() => {\n      validateKtyHeader(jwt);\n      validateKidHeader(jwt);\n\n      if (!(isArray(jwt.x5c) && jwt.x5c.length > 0)) {\n        throwError('JWK does not contain a list of certificates');\n      }\n      const certificates = jwt.x5c.map(decodeCert);\n\n      validateCommonName(certificates, jwt);\n      validatePublicCertificate(certificates, jwt);\n\n      // Skip validating signatures if no CA roots were provided\n      const promise = caroots\n        ? validateCertificatesSignature(certificates, caroots)\n        : Promise.resolve();\n\n      return promise.then(() => jwt);\n    });\n\nexport default validateKMS;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AAEA,IAAAC,SAAA,GAAAD,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AAQA,IAAAI,SAAA,GAAAC,sBAAA,CAAAL,OAAA;AACA,IAAAM,oBAAA,GAAAD,sBAAA,CAAAL,OAAA;AACA,IAAAO,WAAA,GAAAP,OAAA;AAAmC,SAAAQ,2BAAAC,CAAA,EAAAC,cAAA,QAAAC,EAAA,UAAAC,OAAA,oBAAAH,CAAA,CAAAI,gBAAA,KAAAJ,CAAA,qBAAAE,EAAA,QAAAG,cAAA,CAAAL,CAAA,MAAAE,EAAA,GAAAI,2BAAA,CAAAN,CAAA,MAAAC,cAAA,IAAAD,CAAA,WAAAA,CAAA,CAAAO,MAAA,qBAAAL,EAAA,EAAAF,CAAA,GAAAE,EAAA,MAAAM,CAAA,UAAAC,CAAA,YAAAA,EAAA,eAAAC,CAAA,EAAAD,CAAA,EAAAE,CAAA,WAAAA,EAAA,QAAAH,CAAA,IAAAR,CAAA,CAAAO,MAAA,WAAAK,IAAA,mBAAAA,IAAA,SAAAC,KAAA,EAAAb,CAAA,CAAAQ,CAAA,UAAAM,CAAA,WAAAA,EAAAC,EAAA,UAAAA,EAAA,KAAAC,CAAA,EAAAP,CAAA,gBAAAQ,SAAA,iJAAAC,gBAAA,SAAAC,MAAA,UAAAC,GAAA,WAAAV,CAAA,WAAAA,EAAA,IAAAR,EAAA,GAAAA,EAAA,CAAAmB,IAAA,CAAArB,CAAA,MAAAW,CAAA,WAAAA,EAAA,QAAAW,IAAA,GAAApB,EAAA,CAAAqB,IAAA,IAAAL,gBAAA,GAAAI,IAAA,CAAAV,IAAA,SAAAU,IAAA,KAAAR,CAAA,WAAAA,EAAAU,GAAA,IAAAL,MAAA,SAAAC,GAAA,GAAAI,GAAA,KAAAR,CAAA,WAAAA,EAAA,eAAAE,gBAAA,IAAAhB,EAAA,CAAAuB,MAAA,UAAAvB,EAAA,CAAAuB,MAAA,oBAAAN,MAAA,QAAAC,GAAA;AAAA,SAAAd,4BAAAN,CAAA,EAAA0B,MAAA,SAAA1B,CAAA,qBAAAA,CAAA,sBAAA2B,iBAAA,CAAA3B,CAAA,EAAA0B,MAAA,OAAAf,CAAA,GAAAiB,MAAA,CAAAC,SAAA,CAAAC,QAAA,CAAAT,IAAA,CAAArB,CAAA,EAAA+B,KAAA,aAAApB,CAAA,iBAAAX,CAAA,CAAAgC,WAAA,EAAArB,CAAA,GAAAX,CAAA,CAAAgC,WAAA,CAAAC,IAAA,MAAAtB,CAAA,cAAAA,CAAA,mBAAAuB,WAAA,CAAAlC,CAAA,OAAAW,CAAA,+DAAAwB,IAAA,CAAAxB,CAAA,UAAAgB,iBAAA,CAAA3B,CAAA,EAAA0B,MAAA;AAAA,SAAAC,kBAAAS,GAAA,EAAAC,GAAA,QAAAA,GAAA,YAAAA,GAAA,GAAAD,GAAA,CAAA7B,MAAA,EAAA8B,GAAA,GAAAD,GAAA,CAAA7B,MAAA,WAAAC,CAAA,MAAA8B,IAAA,OAAAC,KAAA,CAAAF,GAAA,GAAA7B,CAAA,GAAA6B,GAAA,EAAA7B,CAAA,IAAA8B,IAAA,CAAA9B,CAAA,IAAA4B,GAAA,CAAA5B,CAAA,UAAA8B,IAAA;AAAA,SAAAE,aAAAC,OAAA,QAAAC,yBAAA,GAAAC,yBAAA,oBAAAC,qBAAA,QAAAC,KAAA,OAAAC,gBAAA,CAAAC,OAAA,EAAAN,OAAA,GAAAO,MAAA,MAAAN,yBAAA,QAAAO,SAAA,OAAAH,gBAAA,CAAAC,OAAA,QAAAf,WAAA,EAAAgB,MAAA,GAAAE,kBAAA,CAAAL,KAAA,EAAAM,SAAA,EAAAF,SAAA,YAAAD,MAAA,GAAAH,KAAA,CAAAO,KAAA,OAAAD,SAAA,gBAAAE,2BAAA,CAAAN,OAAA,QAAAC,MAAA;AAAA,SAAAL,0BAAA,eAAAW,OAAA,qBAAAJ,kBAAA,oBAAAA,kBAAA,CAAAK,IAAA,2BAAAC,KAAA,oCAAAC,OAAA,CAAA5B,SAAA,CAAA6B,OAAA,CAAArC,IAAA,CAAA6B,kBAAA,CAAAO,OAAA,8CAAA3C,CAAA;AAEnC,IAAA6C,gBAAS,EACP,WAAW,EACXC,4BAAM,EACN,IAAIC,mBAAY,CAAC;EACf5B,IAAI,EAAE,EAAE;EACR2B,MAAM,EAANA,4BAAM;EACNE,MAAM,EAAEF,4BAAM,CAACE;AACjB,CAAC,CAAC,CACH;AAED,IAAMC,SAAS,GAAG,KAAK;AACvB,IAAMC,kBAAkB,GAAG,MAAM;AAEjC,IAAMC,oBAAoB,GAAG,SAAS;AAEtC,IAAMC,yBAAyB,GAAG,WAAW;;AAE7C;AACA;AACA;AACA;AAHA,IAIaC,QAAQ,0BAAAC,MAAA;EAAA,IAAAC,UAAA,CAAAtB,OAAA,EAAAoB,QAAA,EAAAC,MAAA;EAAA,IAAAE,MAAA,GAAA9B,YAAA,CAAA2B,QAAA;EACnB;AACF;AACA;AACA;EACE,SAAAA,SAAYI,OAAO,EAAE;IAAA,IAAAC,KAAA;IAAA,IAAAC,gBAAA,CAAA1B,OAAA,QAAAoB,QAAA;IACnBK,KAAA,GAAAF,MAAA,CAAAjD,IAAA,OAAMkD,OAAO;IACbC,KAAA,CAAKE,QAAQ,GAAG,IAAI;IAAC,OAAAF,KAAA;EACvB;EAAC,WAAAG,aAAA,CAAA5B,OAAA,EAAAoB,QAAA;AAAA,oBAAAS,iBAAA,CAAA7B,OAAA,EAR2B8B,KAAK;AAAAC,OAAA,CAAAX,QAAA,GAAAA,QAAA;AAWnC,IAAMY,UAAU,GAAG,SAAbA,UAAUA,CAAI3D,GAAG,EAAK;EAC1B,MAAM,IAAI+C,QAAQ,iBAAAa,MAAA,CAAiB5D,GAAG,EAAG;AAC3C,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA,IAAM6D,UAAU,GAAG,SAAbA,UAAUA,CAAIC,GAAG,EAAK;EAC1B,IAAI,OAAOA,GAAG,KAAK,QAAQ,EAAE;IAC3BH,UAAU,CAAC,kCAAkC,CAAC;EAChD;EAEA,IAAMI,GAAG,GAAGC,kBAAM,CAACC,IAAI,CAACH,GAAG,EAAE,QAAQ,CAAC;EACtC,IAAMI,GAAG,GAAG,IAAIC,UAAU,CAACJ,GAAG,CAAC,CAACK,MAAM;EAEtC,IAAMC,IAAI,GAAG,IAAAC,eAAO,EAACJ,GAAG,CAAC;EAEzB,OAAO,IAAIK,kBAAW,CAAC;IAACC,MAAM,EAAEH,IAAI,CAACzC;EAAM,CAAC,CAAC;AAC/C,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAM6C,iBAAiB,GAAG,SAApBA,iBAAiBA,CAAAC,IAAA,EAAc;EAAA,IAATC,GAAG,GAAAD,IAAA,CAAHC,GAAG;EAC7B,IAAIA,GAAG,KAAKhC,SAAS,EAAE;IACrBgB,UAAU,0BAAAC,MAAA,CAA0BjB,SAAS,OAAI;EACnD;AACF,CAAC;AAED,IAAMiC,iBAAiB,GAAG,SAApBA,iBAAiBA,CAAAC,KAAA,EAAc;EAAA,IAATC,GAAG,GAAAD,KAAA,CAAHC,GAAG;EAC7B,IAAI,CAAC,IAAAC,eAAK,EAACD,GAAG,CAAC,EAAE;IACfnB,UAAU,CAAC,0BAA0B,CAAC;EACxC;EAEA,IAAI,IAAAqB,UAAQ,EAACF,GAAG,CAAC,CAACG,QAAQ,KAAKrC,kBAAkB,EAAE;IACjDe,UAAU,4BAAAC,MAAA,CAA4BhB,kBAAkB,OAAI;EAC9D;AACF,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMsC,kBAAkB,GAAG,SAArBA,kBAAkBA,CAAAC,KAAA,EAAAC,KAAA,EAA6B;EAAA,IAAAC,KAAA,OAAAC,eAAA,CAAA3D,OAAA,EAAAwD,KAAA;IAAxBI,WAAW,GAAAF,KAAA;EAAA,IAAIP,GAAG,GAAAM,KAAA,CAAHN,GAAG;EAC7C,IAAMU,WAAW,GAAG,IAAAR,UAAQ,EAACF,GAAG,CAAC,CAACW,QAAQ;EAC1C,IAAIC,oBAAoB,GAAG,KAAK;EAEhC,IAAIH,WAAW,CAACI,UAAU,EAAE;IAC1B;IAAA,IAAAC,SAAA,GAAAjH,0BAAA,CACwB4G,WAAW,CAACI,UAAU;MAAAE,KAAA;IAAA;MAA9C,KAAAD,SAAA,CAAAtG,CAAA,MAAAuG,KAAA,GAAAD,SAAA,CAAArG,CAAA,IAAAC,IAAA,GAAgD;QAAA,IAArCsG,SAAS,GAAAD,KAAA,CAAApG,KAAA;QAClB,IAAIqG,SAAS,CAACC,MAAM,KAAKjD,yBAAyB,EAAE;UAClD,IAAOkD,QAAQ,GAAIF,SAAS,CAACG,WAAW,CAAjCD,QAAQ;UAA0B,IAAAE,UAAA,GAAAvH,0BAAA,CAErBqH,QAAQ;YAAAG,MAAA;UAAA;YAA5B,KAAAD,UAAA,CAAA5G,CAAA,MAAA6G,MAAA,GAAAD,UAAA,CAAA3G,CAAA,IAAAC,IAAA,GAA8B;cAAA,IAAnB4G,KAAK,GAAAD,MAAA,CAAA1G,KAAA;cACd,IAAM4G,GAAG,GAAGD,KAAK,CAAC3G,KAAK;cAEvBiG,oBAAoB,GAAGW,GAAG,KAAKb,WAAW;cAC1C,IAAIE,oBAAoB,EAAE;gBACxB;cACF;YACF;UAAC,SAAA1F,GAAA;YAAAkG,UAAA,CAAAxG,CAAA,CAAAM,GAAA;UAAA;YAAAkG,UAAA,CAAAtG,CAAA;UAAA;UAED,IAAI8F,oBAAoB,EAAE;YACxB;UACF;QACF;MACF;IAAC,SAAA1F,GAAA;MAAA4F,SAAA,CAAAlG,CAAA,CAAAM,GAAA;IAAA;MAAA4F,SAAA,CAAAhG,CAAA;IAAA;EACH;EAEA,IAAI,CAAC8F,oBAAoB,EAAE;IACzB;IACA,IAAMY,iBAAiB,GAAGf,WAAW,CAACgB,OAAO,CAACC,cAAc;IAAC,IAAAC,UAAA,GAAA9H,0BAAA,CAErC2H,iBAAiB;MAAAI,MAAA;IAAA;MAAzC,KAAAD,UAAA,CAAAnH,CAAA,MAAAoH,MAAA,GAAAD,UAAA,CAAAlH,CAAA,IAAAC,IAAA,GAA2C;QAAA,IAAhCmH,SAAS,GAAAD,MAAA,CAAAjH,KAAA;QAClB,IAAIkH,SAAS,CAACC,IAAI,KAAK/D,oBAAoB,EAAE;UAC3C,IAAMgE,UAAU,GAAGF,SAAS,CAAClH,KAAK,CAACqH,UAAU,CAACrH,KAAK;UAEnDiG,oBAAoB,GAAGmB,UAAU,KAAKrB,WAAW;UACjD,IAAIE,oBAAoB,EAAE;YACxB;UACF;QACF;MACF;IAAC,SAAA1F,GAAA;MAAAyG,UAAA,CAAA/G,CAAA,CAAAM,GAAA;IAAA;MAAAyG,UAAA,CAAA7G,CAAA;IAAA;EACH;EAEA,IAAI,CAAC8F,oBAAoB,EAAE;IACzB/B,UAAU,CAAC,sDAAsD,CAAC;EACpE;AACF,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMoD,yBAAyB,GAAG,SAA5BA,yBAAyBA,CAAAC,KAAA,EAAAC,KAAA,EAAuD;EAAA,IAAAC,KAAA,OAAA5B,eAAA,CAAA3D,OAAA,EAAAqF,KAAA;IAAlDzB,WAAW,GAAA2B,KAAA;EAAA,IAAOC,cAAc,GAAAF,KAAA,CAAjBvH,CAAC;IAAqB0H,OAAO,GAAAH,KAAA,CAAV1H,CAAC;EACrE,IAAO8H,MAAM,GAAIC,iBAAI,CAACC,IAAI,CAACC,SAAS,CAA7BH,MAAM;EAEb,IAAMI,SAAS,GAAGlC,WAAW,CAACmC,oBAAoB,CAACC,gBAAgB;EACnE,IAAMC,cAAc,GAAG,IAAAtD,eAAO,EAACmD,SAAS,CAACX,UAAU,CAACe,QAAQ,CAAC;EAC7D,IAAMC,UAAU,GAAG,IAAIC,mBAAY,CAAC;IAACvD,MAAM,EAAEoD,cAAc,CAAChG;EAAM,CAAC,CAAC;EACpE,IAAMoG,iBAAiB,GAAGF,UAAU,CAACX,cAAc,CAACL,UAAU,CAACe,QAAQ;EACvE,IAAMI,UAAU,GAAGH,UAAU,CAACV,OAAO,CAACN,UAAU,CAACe,QAAQ;EAEzD,IAAIV,cAAc,KAAKE,MAAM,CAACW,iBAAiB,CAAC,EAAE;IAChDrE,UAAU,CAAC,4BAA4B,CAAC;EAC1C;EACA,IAAIyD,OAAO,KAAKC,MAAM,CAACY,UAAU,CAAC,EAAE;IAClCtE,UAAU,CAAC,oBAAoB,CAAC;EAClC;AACF,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMuE,6BAA6B,GAAG,SAAhCA,6BAA6BA,CAAIC,YAAY,EAAmB;EAAA,IAAjBC,OAAO,GAAArG,SAAA,CAAA5C,MAAA,QAAA4C,SAAA,QAAAsG,SAAA,GAAAtG,SAAA,MAAG,EAAE;EAC/D,IAAMuG,iBAAiB,GAAG,IAAIC,uCAAgC,CAAC;IAC7DC,YAAY,EAAEJ,OAAO,CAACK,GAAG,CAAC5E,UAAU,CAAC;IACrC6E,KAAK,EAAEP;EACT,CAAC,CAAC;EAEF,OAAOG,iBAAiB,CAACK,MAAM,EAAE,CAACC,IAAI,CAAC,UAAAC,KAAA,EAAyC;IAAA,IAAvCjH,MAAM,GAAAiH,KAAA,CAANjH,MAAM;MAAEkH,UAAU,GAAAD,KAAA,CAAVC,UAAU;MAAEC,aAAa,GAAAF,KAAA,CAAbE,aAAa;IACxE,IAAI,CAACnH,MAAM,EAAE;MACX+B,UAAU,mCAAAC,MAAA,CAAmCkF,UAAU,SAAAlF,MAAA,CAAMmF,aAAa,EAAG;IAC/E;EACF,CAAC,CAAC;AACJ,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMC,WAAW,GACf,SADIA,WAAWA,CACdZ,OAAO;EAAA,OACR;IAAA,IAACa,GAAG,GAAAlH,SAAA,CAAA5C,MAAA,QAAA4C,SAAA,QAAAsG,SAAA,GAAAtG,SAAA,MAAG,CAAC,CAAC;IAAA,OACPmH,QAAA,CAAAvH,OAAA,CAAQwH,OAAO,EAAE,CAACP,IAAI,CAAC,YAAM;MAC3BnE,iBAAiB,CAACwE,GAAG,CAAC;MACtBrE,iBAAiB,CAACqE,GAAG,CAAC;MAEtB,IAAI,EAAE,IAAAG,SAAA,CAAAzH,OAAA,EAAQsH,GAAG,CAACI,GAAG,CAAC,IAAIJ,GAAG,CAACI,GAAG,CAAClK,MAAM,GAAG,CAAC,CAAC,EAAE;QAC7CwE,UAAU,CAAC,6CAA6C,CAAC;MAC3D;MACA,IAAMwE,YAAY,GAAGc,GAAG,CAACI,GAAG,CAACZ,GAAG,CAAC5E,UAAU,CAAC;MAE5CqB,kBAAkB,CAACiD,YAAY,EAAEc,GAAG,CAAC;MACrClC,yBAAyB,CAACoB,YAAY,EAAEc,GAAG,CAAC;;MAE5C;MACA,IAAMK,OAAO,GAAGlB,OAAO,GACnBF,6BAA6B,CAACC,YAAY,EAAEC,OAAO,CAAC,GACpDc,QAAA,CAAAvH,OAAA,CAAQwH,OAAO,EAAE;MAErB,OAAOG,OAAO,CAACV,IAAI,CAAC;QAAA,OAAMK,GAAG;MAAA,EAAC;IAChC,CAAC,CAAC;EAAA;AAAA;AAAC,IAAAM,QAAA,GAEQP,WAAW;AAAAtF,OAAA,CAAA/B,OAAA,GAAA4H,QAAA"}
+{"version":3,"names":["_url","require","_validUrl","_asn1js","_pkijs","_nodeJose","_interopRequireDefault","_isomorphicWebcrypto","_safeBuffer","_createForOfIteratorHelper","o","allowArrayLike","it","_Symbol","_Symbol$iterator","_Array$isArray","_unsupportedIterableToArray","length","i","F","s","n","done","value","e","_e","f","TypeError","normalCompletion","didErr","err","call","step","next","_e2","return","minLen","_arrayLikeToArray","Object","prototype","toString","slice","constructor","name","_Array$from","test","arr","len","arr2","Array","_createSuper","Derived","hasNativeReflectConstruct","_isNativeReflectConstruct","_createSuperInternal","Super","_getPrototypeOf2","default","result","NewTarget","_Reflect$construct","arguments","apply","_possibleConstructorReturn2","Reflect","sham","Proxy","Boolean","valueOf","setEngine","crypto","CryptoEngine","subtle","VALID_KTY","VALID_KID_PROTOCOL","X509_COMMON_NAME_KEY","X509_SUBJECT_ALT_NAME_KEY","KMSError","_Error","_inherits2","_super","message","_this","_classCallCheck2","kmsError","_createClass2","_wrapNativeSuper2","Error","exports","throwError","concat","decodeCert","pem","der","Buffer","from","ber","Uint8Array","buffer","asn1","fromBER","Certificate","schema","validateKtyHeader","_ref","kty","validateKidHeader","_ref2","kid","isUri","parseUrl","protocol","validateCommonName","_ref3","_ref4","_ref5","_slicedToArray2","certificate","kidHostname","hostname","validationSuccessful","extensions","_iterator","_step","extension","extnID","altNames","parsedValue","_iterator2","_step2","entry","san","subjectAttributes","subject","typesAndValues","_iterator3","_step3","attribute","type","commonName","valueBlock","validatePublicCertificate","_ref6","_ref7","_ref8","publicExponent","modulus","encode","jose","util","base64url","publicKey","subjectPublicKeyInfo","subjectPublicKey","asn1PublicCert","valueHex","publicCert","RSAPublicKey","publicExponentHex","modulusHex","validateCertificatesSignature","certificates","caroots","undefined","certificateEngine","CertificateChainValidationEngine","trustedCerts","map","certs","verify","then","_ref9","resultCode","resultMessage","validateKMS","jwt","_promise","resolve","_isArray2","x5c","promise","_default"],"sources":["kms-certificate-validation.js"],"sourcesContent":["import {parse as parseUrl} from 'url';\r\n\r\nimport {isUri} from 'valid-url';\r\nimport {fromBER} from 'asn1js';\r\nimport {\r\n  Certificate,\r\n  RSAPublicKey,\r\n  CertificateChainValidationEngine,\r\n  CryptoEngine,\r\n  setEngine,\r\n} from 'pkijs';\r\nimport {isArray} from 'lodash';\r\nimport jose from 'node-jose';\r\nimport crypto from 'isomorphic-webcrypto';\r\nimport {Buffer} from 'safe-buffer';\r\n\r\nsetEngine(\r\n  'newEngine',\r\n  crypto,\r\n  new CryptoEngine({\r\n    name: '',\r\n    crypto,\r\n    subtle: crypto.subtle,\r\n  })\r\n);\r\n\r\nconst VALID_KTY = 'RSA';\r\nconst VALID_KID_PROTOCOL = 'kms:';\r\n\r\nconst X509_COMMON_NAME_KEY = '2.5.4.3';\r\n\r\nconst X509_SUBJECT_ALT_NAME_KEY = '2.5.29.17';\r\n\r\n/**\r\n * Customize Error so the SDK knows to quit retrying and notify\r\n * the user\r\n */\r\nexport class KMSError extends Error {\r\n  /**\r\n   * add kmsError field to notify\r\n   * @param {string} message\r\n   */\r\n  constructor(message) {\r\n    super(message);\r\n    this.kmsError = true;\r\n  }\r\n}\r\n\r\nconst throwError = (err) => {\r\n  throw new KMSError(`INVALID KMS: ${err}`);\r\n};\r\n\r\n/**\r\n * Converts the PEM string to a pkijs certificate object\r\n * @param {string} pem PEM representation of a certificate\r\n * @returns {Certificate} pkijs object of the certificate\r\n */\r\nconst decodeCert = (pem) => {\r\n  if (typeof pem !== 'string') {\r\n    throwError('certificate needs to be a string');\r\n  }\r\n\r\n  const der = Buffer.from(pem, 'base64');\r\n  const ber = new Uint8Array(der).buffer;\r\n\r\n  const asn1 = fromBER(ber);\r\n\r\n  return new Certificate({schema: asn1.result});\r\n};\r\n\r\n/**\r\n * Validate the 'kty' property of the KMS credentials\r\n * @param {Object} JWT KMS credentials\r\n * @param {string} JWT.kty type of certificate\r\n * @throws {KMSError} if kty is not a valid type\r\n * @returns {void}\r\n */\r\nconst validateKtyHeader = ({kty}) => {\r\n  if (kty !== VALID_KTY) {\r\n    throwError(`'kty' header must be '${VALID_KTY}'`);\r\n  }\r\n};\r\n\r\nconst validateKidHeader = ({kid}) => {\r\n  if (!isUri(kid)) {\r\n    throwError(\"'kid' is not a valid URI\");\r\n  }\r\n\r\n  if (parseUrl(kid).protocol !== VALID_KID_PROTOCOL) {\r\n    throwError(`'kid' protocol must be '${VALID_KID_PROTOCOL}'`);\r\n  }\r\n};\r\n\r\n/**\r\n * Checks the first certificate matches the 'kid' in the JWT.\r\n * It first checks the Subject Alternative Name then it checks\r\n * the Common Name\r\n * @param {Certificate} certificate represents the KMS\r\n * @param {Object} JWT KMS credentials\r\n * @param {string} JWT.kid the uri of the KMS\r\n * @throws {KMSError} if unable to validate certificate against KMS credentials\r\n * @returns {void}\r\n */\r\nconst validateCommonName = ([certificate], {kid}) => {\r\n  const kidHostname = parseUrl(kid).hostname;\r\n  let validationSuccessful = false;\r\n\r\n  if (certificate.extensions) {\r\n    // Subject Alt Names are in here\r\n    for (const extension of certificate.extensions) {\r\n      if (extension.extnID === X509_SUBJECT_ALT_NAME_KEY) {\r\n        const {altNames} = extension.parsedValue;\r\n\r\n        for (const entry of altNames) {\r\n          const san = entry.value;\r\n\r\n          validationSuccessful = san === kidHostname;\r\n          if (validationSuccessful) {\r\n            break;\r\n          }\r\n        }\r\n\r\n        if (validationSuccessful) {\r\n          break;\r\n        }\r\n      }\r\n    }\r\n  }\r\n\r\n  if (!validationSuccessful) {\r\n    // Didn't match kid in the Subject Alt Names, checking the Common Name\r\n    const subjectAttributes = certificate.subject.typesAndValues;\r\n\r\n    for (const attribute of subjectAttributes) {\r\n      if (attribute.type === X509_COMMON_NAME_KEY) {\r\n        const commonName = attribute.value.valueBlock.value;\r\n\r\n        validationSuccessful = commonName === kidHostname;\r\n        if (validationSuccessful) {\r\n          break;\r\n        }\r\n      }\r\n    }\r\n  }\r\n\r\n  if (!validationSuccessful) {\r\n    throwError(\"hostname of the 1st certificate does not match 'kid'\");\r\n  }\r\n};\r\n\r\n/**\r\n * Validate the first KMS certificate against the information\r\n * provided in the JWT\r\n * @param {Certificate} certificate first certificate the identifies the KMS\r\n * @param {Object} JWT credentials of the KMS\r\n * @param {string} JWT.e Public exponent of the first certificate\r\n * @param {string} KWT.n Modulus of the first certificate\r\n * @throws {KMSError} if e or n doesn't match the first certificate\r\n * @returns {void}\r\n */\r\nconst validatePublicCertificate = ([certificate], {e: publicExponent, n: modulus}) => {\r\n  const {encode} = jose.util.base64url;\r\n\r\n  const publicKey = certificate.subjectPublicKeyInfo.subjectPublicKey;\r\n  const asn1PublicCert = fromBER(publicKey.valueBlock.valueHex);\r\n  const publicCert = new RSAPublicKey({schema: asn1PublicCert.result});\r\n  const publicExponentHex = publicCert.publicExponent.valueBlock.valueHex;\r\n  const modulusHex = publicCert.modulus.valueBlock.valueHex;\r\n\r\n  if (publicExponent !== encode(publicExponentHex)) {\r\n    throwError('Public exponent is invalid');\r\n  }\r\n  if (modulus !== encode(modulusHex)) {\r\n    throwError('Modulus is invalid');\r\n  }\r\n};\r\n\r\n/**\r\n * Validates the list of certificates against the CAs provided\r\n * @param {certificate[]} certificates list of certificates provided\r\n *   by the KMS to certify itself\r\n * @param {string[]} [caroots=[]] list of Certificate Authorities used to\r\n *   validate the KMS's certificates\r\n * @returns {Promise} rejects if unable to validate the certificates\r\n */\r\nconst validateCertificatesSignature = (certificates, caroots = []) => {\r\n  const certificateEngine = new CertificateChainValidationEngine({\r\n    trustedCerts: caroots.map(decodeCert),\r\n    certs: certificates,\r\n  });\r\n\r\n  return certificateEngine.verify().then(({result, resultCode, resultMessage}) => {\r\n    if (!result) {\r\n      throwError(`Certificate Validation failed [${resultCode}]: ${resultMessage}`);\r\n    }\r\n  });\r\n};\r\n\r\n/**\r\n * Validates the information provided by the KMS. This is a curried function.\r\n * The first function takes the caroots param and returns a second function.\r\n * The second function takes the credentials of the KMS and validates it\r\n * @param {string[]} caroots PEM encoded certificates that will be used\r\n *   as Certificate Authorities\r\n * @param {Object} jwt Object containing the fields necessary to\r\n *   validate the KMS\r\n * @returns {Promise} when resolved will return the jwt\r\n */\r\nconst validateKMS =\r\n  (caroots) =>\r\n  (jwt = {}) =>\r\n    Promise.resolve().then(() => {\r\n      validateKtyHeader(jwt);\r\n      validateKidHeader(jwt);\r\n\r\n      if (!(isArray(jwt.x5c) && jwt.x5c.length > 0)) {\r\n        throwError('JWK does not contain a list of certificates');\r\n      }\r\n      const certificates = jwt.x5c.map(decodeCert);\r\n\r\n      validateCommonName(certificates, jwt);\r\n      validatePublicCertificate(certificates, jwt);\r\n\r\n      // Skip validating signatures if no CA roots were provided\r\n      const promise = caroots\r\n        ? validateCertificatesSignature(certificates, caroots)\r\n        : Promise.resolve();\r\n\r\n      return promise.then(() => jwt);\r\n    });\r\n\r\nexport default validateKMS;\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AAEA,IAAAC,SAAA,GAAAD,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AAQA,IAAAI,SAAA,GAAAC,sBAAA,CAAAL,OAAA;AACA,IAAAM,oBAAA,GAAAD,sBAAA,CAAAL,OAAA;AACA,IAAAO,WAAA,GAAAP,OAAA;AAAmC,SAAAQ,2BAAAC,CAAA,EAAAC,cAAA,QAAAC,EAAA,UAAAC,OAAA,oBAAAH,CAAA,CAAAI,gBAAA,KAAAJ,CAAA,qBAAAE,EAAA,QAAAG,cAAA,CAAAL,CAAA,MAAAE,EAAA,GAAAI,2BAAA,CAAAN,CAAA,MAAAC,cAAA,IAAAD,CAAA,WAAAA,CAAA,CAAAO,MAAA,qBAAAL,EAAA,EAAAF,CAAA,GAAAE,EAAA,MAAAM,CAAA,UAAAC,CAAA,YAAAA,EAAA,eAAAC,CAAA,EAAAD,CAAA,EAAAE,CAAA,WAAAA,EAAA,QAAAH,CAAA,IAAAR,CAAA,CAAAO,MAAA,WAAAK,IAAA,mBAAAA,IAAA,SAAAC,KAAA,EAAAb,CAAA,CAAAQ,CAAA,UAAAM,CAAA,WAAAA,EAAAC,EAAA,UAAAA,EAAA,KAAAC,CAAA,EAAAP,CAAA,gBAAAQ,SAAA,iJAAAC,gBAAA,SAAAC,MAAA,UAAAC,GAAA,WAAAV,CAAA,WAAAA,EAAA,IAAAR,EAAA,GAAAA,EAAA,CAAAmB,IAAA,CAAArB,CAAA,MAAAW,CAAA,WAAAA,EAAA,QAAAW,IAAA,GAAApB,EAAA,CAAAqB,IAAA,IAAAL,gBAAA,GAAAI,IAAA,CAAAV,IAAA,SAAAU,IAAA,KAAAR,CAAA,WAAAA,EAAAU,GAAA,IAAAL,MAAA,SAAAC,GAAA,GAAAI,GAAA,KAAAR,CAAA,WAAAA,EAAA,eAAAE,gBAAA,IAAAhB,EAAA,CAAAuB,MAAA,UAAAvB,EAAA,CAAAuB,MAAA,oBAAAN,MAAA,QAAAC,GAAA;AAAA,SAAAd,4BAAAN,CAAA,EAAA0B,MAAA,SAAA1B,CAAA,qBAAAA,CAAA,sBAAA2B,iBAAA,CAAA3B,CAAA,EAAA0B,MAAA,OAAAf,CAAA,GAAAiB,MAAA,CAAAC,SAAA,CAAAC,QAAA,CAAAT,IAAA,CAAArB,CAAA,EAAA+B,KAAA,aAAApB,CAAA,iBAAAX,CAAA,CAAAgC,WAAA,EAAArB,CAAA,GAAAX,CAAA,CAAAgC,WAAA,CAAAC,IAAA,MAAAtB,CAAA,cAAAA,CAAA,mBAAAuB,WAAA,CAAAlC,CAAA,OAAAW,CAAA,+DAAAwB,IAAA,CAAAxB,CAAA,UAAAgB,iBAAA,CAAA3B,CAAA,EAAA0B,MAAA;AAAA,SAAAC,kBAAAS,GAAA,EAAAC,GAAA,QAAAA,GAAA,YAAAA,GAAA,GAAAD,GAAA,CAAA7B,MAAA,EAAA8B,GAAA,GAAAD,GAAA,CAAA7B,MAAA,WAAAC,CAAA,MAAA8B,IAAA,OAAAC,KAAA,CAAAF,GAAA,GAAA7B,CAAA,GAAA6B,GAAA,EAAA7B,CAAA,IAAA8B,IAAA,CAAA9B,CAAA,IAAA4B,GAAA,CAAA5B,CAAA,UAAA8B,IAAA;AAAA,SAAAE,aAAAC,OAAA,QAAAC,yBAAA,GAAAC,yBAAA,oBAAAC,qBAAA,QAAAC,KAAA,OAAAC,gBAAA,CAAAC,OAAA,EAAAN,OAAA,GAAAO,MAAA,MAAAN,yBAAA,QAAAO,SAAA,OAAAH,gBAAA,CAAAC,OAAA,QAAAf,WAAA,EAAAgB,MAAA,GAAAE,kBAAA,CAAAL,KAAA,EAAAM,SAAA,EAAAF,SAAA,YAAAD,MAAA,GAAAH,KAAA,CAAAO,KAAA,OAAAD,SAAA,gBAAAE,2BAAA,CAAAN,OAAA,QAAAC,MAAA;AAAA,SAAAL,0BAAA,eAAAW,OAAA,qBAAAJ,kBAAA,oBAAAA,kBAAA,CAAAK,IAAA,2BAAAC,KAAA,oCAAAC,OAAA,CAAA5B,SAAA,CAAA6B,OAAA,CAAArC,IAAA,CAAA6B,kBAAA,CAAAO,OAAA,8CAAA3C,CAAA;AAEnC,IAAA6C,gBAAS,EACP,WAAW,EACXC,4BAAM,EACN,IAAIC,mBAAY,CAAC;EACf5B,IAAI,EAAE,EAAE;EACR2B,MAAM,EAANA,4BAAM;EACNE,MAAM,EAAEF,4BAAM,CAACE;AACjB,CAAC,CAAC,CACH;AAED,IAAMC,SAAS,GAAG,KAAK;AACvB,IAAMC,kBAAkB,GAAG,MAAM;AAEjC,IAAMC,oBAAoB,GAAG,SAAS;AAEtC,IAAMC,yBAAyB,GAAG,WAAW;;AAE7C;AACA;AACA;AACA;AAHA,IAIaC,QAAQ,0BAAAC,MAAA;EAAA,IAAAC,UAAA,CAAAtB,OAAA,EAAAoB,QAAA,EAAAC,MAAA;EAAA,IAAAE,MAAA,GAAA9B,YAAA,CAAA2B,QAAA;EACnB;AACF;AACA;AACA;EACE,SAAAA,SAAYI,OAAO,EAAE;IAAA,IAAAC,KAAA;IAAA,IAAAC,gBAAA,CAAA1B,OAAA,QAAAoB,QAAA;IACnBK,KAAA,GAAAF,MAAA,CAAAjD,IAAA,OAAMkD,OAAO;IACbC,KAAA,CAAKE,QAAQ,GAAG,IAAI;IAAC,OAAAF,KAAA;EACvB;EAAC,WAAAG,aAAA,CAAA5B,OAAA,EAAAoB,QAAA;AAAA,oBAAAS,iBAAA,CAAA7B,OAAA,EAR2B8B,KAAK;AAAAC,OAAA,CAAAX,QAAA,GAAAA,QAAA;AAWnC,IAAMY,UAAU,GAAG,SAAbA,UAAUA,CAAI3D,GAAG,EAAK;EAC1B,MAAM,IAAI+C,QAAQ,iBAAAa,MAAA,CAAiB5D,GAAG,EAAG;AAC3C,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA,IAAM6D,UAAU,GAAG,SAAbA,UAAUA,CAAIC,GAAG,EAAK;EAC1B,IAAI,OAAOA,GAAG,KAAK,QAAQ,EAAE;IAC3BH,UAAU,CAAC,kCAAkC,CAAC;EAChD;EAEA,IAAMI,GAAG,GAAGC,kBAAM,CAACC,IAAI,CAACH,GAAG,EAAE,QAAQ,CAAC;EACtC,IAAMI,GAAG,GAAG,IAAIC,UAAU,CAACJ,GAAG,CAAC,CAACK,MAAM;EAEtC,IAAMC,IAAI,GAAG,IAAAC,eAAO,EAACJ,GAAG,CAAC;EAEzB,OAAO,IAAIK,kBAAW,CAAC;IAACC,MAAM,EAAEH,IAAI,CAACzC;EAAM,CAAC,CAAC;AAC/C,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAM6C,iBAAiB,GAAG,SAApBA,iBAAiBA,CAAAC,IAAA,EAAc;EAAA,IAATC,GAAG,GAAAD,IAAA,CAAHC,GAAG;EAC7B,IAAIA,GAAG,KAAKhC,SAAS,EAAE;IACrBgB,UAAU,0BAAAC,MAAA,CAA0BjB,SAAS,OAAI;EACnD;AACF,CAAC;AAED,IAAMiC,iBAAiB,GAAG,SAApBA,iBAAiBA,CAAAC,KAAA,EAAc;EAAA,IAATC,GAAG,GAAAD,KAAA,CAAHC,GAAG;EAC7B,IAAI,CAAC,IAAAC,eAAK,EAACD,GAAG,CAAC,EAAE;IACfnB,UAAU,CAAC,0BAA0B,CAAC;EACxC;EAEA,IAAI,IAAAqB,UAAQ,EAACF,GAAG,CAAC,CAACG,QAAQ,KAAKrC,kBAAkB,EAAE;IACjDe,UAAU,4BAAAC,MAAA,CAA4BhB,kBAAkB,OAAI;EAC9D;AACF,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMsC,kBAAkB,GAAG,SAArBA,kBAAkBA,CAAAC,KAAA,EAAAC,KAAA,EAA6B;EAAA,IAAAC,KAAA,OAAAC,eAAA,CAAA3D,OAAA,EAAAwD,KAAA;IAAxBI,WAAW,GAAAF,KAAA;EAAA,IAAIP,GAAG,GAAAM,KAAA,CAAHN,GAAG;EAC7C,IAAMU,WAAW,GAAG,IAAAR,UAAQ,EAACF,GAAG,CAAC,CAACW,QAAQ;EAC1C,IAAIC,oBAAoB,GAAG,KAAK;EAEhC,IAAIH,WAAW,CAACI,UAAU,EAAE;IAC1B;IAAA,IAAAC,SAAA,GAAAjH,0BAAA,CACwB4G,WAAW,CAACI,UAAU;MAAAE,KAAA;IAAA;MAA9C,KAAAD,SAAA,CAAAtG,CAAA,MAAAuG,KAAA,GAAAD,SAAA,CAAArG,CAAA,IAAAC,IAAA,GAAgD;QAAA,IAArCsG,SAAS,GAAAD,KAAA,CAAApG,KAAA;QAClB,IAAIqG,SAAS,CAACC,MAAM,KAAKjD,yBAAyB,EAAE;UAClD,IAAOkD,QAAQ,GAAIF,SAAS,CAACG,WAAW,CAAjCD,QAAQ;UAA0B,IAAAE,UAAA,GAAAvH,0BAAA,CAErBqH,QAAQ;YAAAG,MAAA;UAAA;YAA5B,KAAAD,UAAA,CAAA5G,CAAA,MAAA6G,MAAA,GAAAD,UAAA,CAAA3G,CAAA,IAAAC,IAAA,GAA8B;cAAA,IAAnB4G,KAAK,GAAAD,MAAA,CAAA1G,KAAA;cACd,IAAM4G,GAAG,GAAGD,KAAK,CAAC3G,KAAK;cAEvBiG,oBAAoB,GAAGW,GAAG,KAAKb,WAAW;cAC1C,IAAIE,oBAAoB,EAAE;gBACxB;cACF;YACF;UAAC,SAAA1F,GAAA;YAAAkG,UAAA,CAAAxG,CAAA,CAAAM,GAAA;UAAA;YAAAkG,UAAA,CAAAtG,CAAA;UAAA;UAED,IAAI8F,oBAAoB,EAAE;YACxB;UACF;QACF;MACF;IAAC,SAAA1F,GAAA;MAAA4F,SAAA,CAAAlG,CAAA,CAAAM,GAAA;IAAA;MAAA4F,SAAA,CAAAhG,CAAA;IAAA;EACH;EAEA,IAAI,CAAC8F,oBAAoB,EAAE;IACzB;IACA,IAAMY,iBAAiB,GAAGf,WAAW,CAACgB,OAAO,CAACC,cAAc;IAAC,IAAAC,UAAA,GAAA9H,0BAAA,CAErC2H,iBAAiB;MAAAI,MAAA;IAAA;MAAzC,KAAAD,UAAA,CAAAnH,CAAA,MAAAoH,MAAA,GAAAD,UAAA,CAAAlH,CAAA,IAAAC,IAAA,GAA2C;QAAA,IAAhCmH,SAAS,GAAAD,MAAA,CAAAjH,KAAA;QAClB,IAAIkH,SAAS,CAACC,IAAI,KAAK/D,oBAAoB,EAAE;UAC3C,IAAMgE,UAAU,GAAGF,SAAS,CAAClH,KAAK,CAACqH,UAAU,CAACrH,KAAK;UAEnDiG,oBAAoB,GAAGmB,UAAU,KAAKrB,WAAW;UACjD,IAAIE,oBAAoB,EAAE;YACxB;UACF;QACF;MACF;IAAC,SAAA1F,GAAA;MAAAyG,UAAA,CAAA/G,CAAA,CAAAM,GAAA;IAAA;MAAAyG,UAAA,CAAA7G,CAAA;IAAA;EACH;EAEA,IAAI,CAAC8F,oBAAoB,EAAE;IACzB/B,UAAU,CAAC,sDAAsD,CAAC;EACpE;AACF,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMoD,yBAAyB,GAAG,SAA5BA,yBAAyBA,CAAAC,KAAA,EAAAC,KAAA,EAAuD;EAAA,IAAAC,KAAA,OAAA5B,eAAA,CAAA3D,OAAA,EAAAqF,KAAA;IAAlDzB,WAAW,GAAA2B,KAAA;EAAA,IAAOC,cAAc,GAAAF,KAAA,CAAjBvH,CAAC;IAAqB0H,OAAO,GAAAH,KAAA,CAAV1H,CAAC;EACrE,IAAO8H,MAAM,GAAIC,iBAAI,CAACC,IAAI,CAACC,SAAS,CAA7BH,MAAM;EAEb,IAAMI,SAAS,GAAGlC,WAAW,CAACmC,oBAAoB,CAACC,gBAAgB;EACnE,IAAMC,cAAc,GAAG,IAAAtD,eAAO,EAACmD,SAAS,CAACX,UAAU,CAACe,QAAQ,CAAC;EAC7D,IAAMC,UAAU,GAAG,IAAIC,mBAAY,CAAC;IAACvD,MAAM,EAAEoD,cAAc,CAAChG;EAAM,CAAC,CAAC;EACpE,IAAMoG,iBAAiB,GAAGF,UAAU,CAACX,cAAc,CAACL,UAAU,CAACe,QAAQ;EACvE,IAAMI,UAAU,GAAGH,UAAU,CAACV,OAAO,CAACN,UAAU,CAACe,QAAQ;EAEzD,IAAIV,cAAc,KAAKE,MAAM,CAACW,iBAAiB,CAAC,EAAE;IAChDrE,UAAU,CAAC,4BAA4B,CAAC;EAC1C;EACA,IAAIyD,OAAO,KAAKC,MAAM,CAACY,UAAU,CAAC,EAAE;IAClCtE,UAAU,CAAC,oBAAoB,CAAC;EAClC;AACF,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMuE,6BAA6B,GAAG,SAAhCA,6BAA6BA,CAAIC,YAAY,EAAmB;EAAA,IAAjBC,OAAO,GAAArG,SAAA,CAAA5C,MAAA,QAAA4C,SAAA,QAAAsG,SAAA,GAAAtG,SAAA,MAAG,EAAE;EAC/D,IAAMuG,iBAAiB,GAAG,IAAIC,uCAAgC,CAAC;IAC7DC,YAAY,EAAEJ,OAAO,CAACK,GAAG,CAAC5E,UAAU,CAAC;IACrC6E,KAAK,EAAEP;EACT,CAAC,CAAC;EAEF,OAAOG,iBAAiB,CAACK,MAAM,EAAE,CAACC,IAAI,CAAC,UAAAC,KAAA,EAAyC;IAAA,IAAvCjH,MAAM,GAAAiH,KAAA,CAANjH,MAAM;MAAEkH,UAAU,GAAAD,KAAA,CAAVC,UAAU;MAAEC,aAAa,GAAAF,KAAA,CAAbE,aAAa;IACxE,IAAI,CAACnH,MAAM,EAAE;MACX+B,UAAU,mCAAAC,MAAA,CAAmCkF,UAAU,SAAAlF,MAAA,CAAMmF,aAAa,EAAG;IAC/E;EACF,CAAC,CAAC;AACJ,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMC,WAAW,GACf,SADIA,WAAWA,CACdZ,OAAO;EAAA,OACR;IAAA,IAACa,GAAG,GAAAlH,SAAA,CAAA5C,MAAA,QAAA4C,SAAA,QAAAsG,SAAA,GAAAtG,SAAA,MAAG,CAAC,CAAC;IAAA,OACPmH,QAAA,CAAAvH,OAAA,CAAQwH,OAAO,EAAE,CAACP,IAAI,CAAC,YAAM;MAC3BnE,iBAAiB,CAACwE,GAAG,CAAC;MACtBrE,iBAAiB,CAACqE,GAAG,CAAC;MAEtB,IAAI,EAAE,IAAAG,SAAA,CAAAzH,OAAA,EAAQsH,GAAG,CAACI,GAAG,CAAC,IAAIJ,GAAG,CAACI,GAAG,CAAClK,MAAM,GAAG,CAAC,CAAC,EAAE;QAC7CwE,UAAU,CAAC,6CAA6C,CAAC;MAC3D;MACA,IAAMwE,YAAY,GAAGc,GAAG,CAACI,GAAG,CAACZ,GAAG,CAAC5E,UAAU,CAAC;MAE5CqB,kBAAkB,CAACiD,YAAY,EAAEc,GAAG,CAAC;MACrClC,yBAAyB,CAACoB,YAAY,EAAEc,GAAG,CAAC;;MAE5C;MACA,IAAMK,OAAO,GAAGlB,OAAO,GACnBF,6BAA6B,CAACC,YAAY,EAAEC,OAAO,CAAC,GACpDc,QAAA,CAAAvH,OAAA,CAAQwH,OAAO,EAAE;MAErB,OAAOG,OAAO,CAACV,IAAI,CAAC;QAAA,OAAMK,GAAG;MAAA,EAAC;IAChC,CAAC,CAAC;EAAA;AAAA;AAAC,IAAAM,QAAA,GAEQP,WAAW;AAAAtF,OAAA,CAAA/B,OAAA,GAAA4H,QAAA"}

package/dist/kms-dry-error-interceptor.js

@@ -17,10 +17,10 @@ var _httpCore = require("@webex/http-core");
 var _kmsErrors = require("./kms-errors");
 function _createSuper(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct(); return function _createSuperInternal() { var Super = (0, _getPrototypeOf2.default)(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = (0, _getPrototypeOf2.default)(this).constructor; result = _Reflect$construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return (0, _possibleConstructorReturn2.default)(this, result); }; }
 function _isNativeReflectConstruct() { if (typeof Reflect === "undefined" || !_Reflect$construct) return false; if (_Reflect$construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(_Reflect$construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
-/**
- * Interceptor (only to be used in test mode) intended to replay requests that
- * fail as a result of the test-user incompatibility in KMS.
- * @class
+/**
+ * Interceptor (only to be used in test mode) intended to replay requests that
+ * fail as a result of the test-user incompatibility in KMS.
+ * @class
  */
 var KmsDryErrorInterceptor = /*#__PURE__*/function (_Interceptor) {
   (0, _inherits2.default)(KmsDryErrorInterceptor, _Interceptor);
@@ -32,10 +32,10 @@ var KmsDryErrorInterceptor = /*#__PURE__*/function (_Interceptor) {
   (0, _createClass2.default)(KmsDryErrorInterceptor, [{
     key: "onResponseError",
     value:
-    /**
-     * @param {Object} options
-     * @param {Exception} reason
-     * @returns {Promise}
+    /**
+     * @param {Object} options
+     * @param {Exception} reason
+     * @returns {Promise}
      */
     function onResponseError(options, reason) {
       if (reason instanceof _kmsErrors.DryError && reason.message.match(/Failed to resolve authorization token in KmsMessage request for user/)) {
@@ -46,11 +46,11 @@ var KmsDryErrorInterceptor = /*#__PURE__*/function (_Interceptor) {
       return _promise.default.reject(reason);
     }
 
-    /**
-     * Replays the request
-     * @param {Object} options
-     * @param {DryError} reason
-     * @returns {Object}
+    /**
+     * Replays the request
+     * @param {Object} options
+     * @param {DryError} reason
+     * @returns {Object}
      */
   }, {
     key: "replay",
@@ -70,8 +70,8 @@ var KmsDryErrorInterceptor = /*#__PURE__*/function (_Interceptor) {
   }], [{
     key: "create",
     value:
-    /**
-     * @returns {KmsDryErrorInterceptor}
+    /**
+     * @returns {KmsDryErrorInterceptor}
      */
     function create() {
       return new KmsDryErrorInterceptor({

package/dist/kms-dry-error-interceptor.js.map

@@ -1 +1 @@
-{"version":3,"names":["_httpCore","require","_kmsErrors","_createSuper","Derived","hasNativeReflectConstruct","_isNativeReflectConstruct","_createSuperInternal","Super","_getPrototypeOf2","default","result","NewTarget","constructor","_Reflect$construct","arguments","apply","_possibleConstructorReturn2","Reflect","sham","Proxy","Boolean","prototype","valueOf","call","e","KmsDryErrorInterceptor","_Interceptor","_inherits2","_super","_classCallCheck2","_createClass2","key","value","onResponseError","options","reason","DryError","message","match","webex","logger","error","replay","_promise","reject","replayCount","config","maxAuthenticationReplays","concat","info","request","create","Interceptor","exports"],"sources":["kms-dry-error-interceptor.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {Interceptor} from '@webex/http-core';\n\nimport {DryError} from './kms-errors';\n/**\n * Interceptor (only to be used in test mode) intended to replay requests that\n * fail as a result of the test-user incompatibility in KMS.\n * @class\n */\nexport default class KmsDryErrorInterceptor extends Interceptor {\n  /**\n   * @returns {KmsDryErrorInterceptor}\n   */\n  static create() {\n    return new KmsDryErrorInterceptor({webex: this});\n  }\n\n  /**\n   * @param {Object} options\n   * @param {Exception} reason\n   * @returns {Promise}\n   */\n  onResponseError(options, reason) {\n    if (\n      reason instanceof DryError &&\n      reason.message.match(/Failed to resolve authorization token in KmsMessage request for user/)\n    ) {\n      this.webex.logger.error('DRY Request Failed due to kms/test-user flakiness');\n      this.webex.logger.error(reason);\n\n      return this.replay(options, reason);\n    }\n\n    return Promise.reject(reason);\n  }\n\n  /**\n   * Replays the request\n   * @param {Object} options\n   * @param {DryError} reason\n   * @returns {Object}\n   */\n  replay(options, reason) {\n    if (options.replayCount) {\n      options.replayCount += 1;\n    } else {\n      options.replayCount = 1;\n    }\n\n    if (options.replayCount > this.webex.config.maxAuthenticationReplays) {\n      this.webex.logger.error(\n        `kms: failed after ${this.webex.config.maxAuthenticationReplays} replay attempts`\n      );\n\n      return Promise.reject(reason);\n    }\n\n    this.webex.logger.info(`kms: replaying request ${options.replayCount} time`);\n\n    return this.webex.request(options);\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;AAIA,IAAAA,SAAA,GAAAC,OAAA;AAEA,IAAAC,UAAA,GAAAD,OAAA;AAAsC,SAAAE,aAAAC,OAAA,QAAAC,yBAAA,GAAAC,yBAAA,oBAAAC,qBAAA,QAAAC,KAAA,OAAAC,gBAAA,CAAAC,OAAA,EAAAN,OAAA,GAAAO,MAAA,MAAAN,yBAAA,QAAAO,SAAA,OAAAH,gBAAA,CAAAC,OAAA,QAAAG,WAAA,EAAAF,MAAA,GAAAG,kBAAA,CAAAN,KAAA,EAAAO,SAAA,EAAAH,SAAA,YAAAD,MAAA,GAAAH,KAAA,CAAAQ,KAAA,OAAAD,SAAA,gBAAAE,2BAAA,CAAAP,OAAA,QAAAC,MAAA;AAAA,SAAAL,0BAAA,eAAAY,OAAA,qBAAAJ,kBAAA,oBAAAA,kBAAA,CAAAK,IAAA,2BAAAC,KAAA,oCAAAC,OAAA,CAAAC,SAAA,CAAAC,OAAA,CAAAC,IAAA,CAAAV,kBAAA,CAAAO,OAAA,8CAAAI,CAAA;AACtC;AACA;AACA;AACA;AACA;AAJA,IAKqBC,sBAAsB,0BAAAC,YAAA;EAAA,IAAAC,UAAA,CAAAlB,OAAA,EAAAgB,sBAAA,EAAAC,YAAA;EAAA,IAAAE,MAAA,GAAA1B,YAAA,CAAAuB,sBAAA;EAAA,SAAAA,uBAAA;IAAA,IAAAI,gBAAA,CAAApB,OAAA,QAAAgB,sBAAA;IAAA,OAAAG,MAAA,CAAAb,KAAA,OAAAD,SAAA;EAAA;EAAA,IAAAgB,aAAA,CAAArB,OAAA,EAAAgB,sBAAA;IAAAM,GAAA;IAAAC,KAAA;IAQzC;AACF;AACA;AACA;AACA;IACE,SAAAC,gBAAgBC,OAAO,EAAEC,MAAM,EAAE;MAC/B,IACEA,MAAM,YAAYC,mBAAQ,IAC1BD,MAAM,CAACE,OAAO,CAACC,KAAK,CAAC,sEAAsE,CAAC,EAC5F;QACA,IAAI,CAACC,KAAK,CAACC,MAAM,CAACC,KAAK,CAAC,mDAAmD,CAAC;QAC5E,IAAI,CAACF,KAAK,CAACC,MAAM,CAACC,KAAK,CAACN,MAAM,CAAC;QAE/B,OAAO,IAAI,CAACO,MAAM,CAACR,OAAO,EAAEC,MAAM,CAAC;MACrC;MAEA,OAAOQ,QAAA,CAAAlC,OAAA,CAAQmC,MAAM,CAACT,MAAM,CAAC;IAC/B;;IAEA;AACF;AACA;AACA;AACA;AACA;EALE;IAAAJ,GAAA;IAAAC,KAAA,EAMA,SAAAU,OAAOR,OAAO,EAAEC,MAAM,EAAE;MACtB,IAAID,OAAO,CAACW,WAAW,EAAE;QACvBX,OAAO,CAACW,WAAW,IAAI,CAAC;MAC1B,CAAC,MAAM;QACLX,OAAO,CAACW,WAAW,GAAG,CAAC;MACzB;MAEA,IAAIX,OAAO,CAACW,WAAW,GAAG,IAAI,CAACN,KAAK,CAACO,MAAM,CAACC,wBAAwB,EAAE;QACpE,IAAI,CAACR,KAAK,CAACC,MAAM,CAACC,KAAK,sBAAAO,MAAA,CACA,IAAI,CAACT,KAAK,CAACO,MAAM,CAACC,wBAAwB,sBAChE;QAED,OAAOJ,QAAA,CAAAlC,OAAA,CAAQmC,MAAM,CAACT,MAAM,CAAC;MAC/B;MAEA,IAAI,CAACI,KAAK,CAACC,MAAM,CAACS,IAAI,2BAAAD,MAAA,CAA2Bd,OAAO,CAACW,WAAW,WAAQ;MAE5E,OAAO,IAAI,CAACN,KAAK,CAACW,OAAO,CAAChB,OAAO,CAAC;IACpC;EAAC;IAAAH,GAAA;IAAAC,KAAA;IAlDD;AACF;AACA;IACE,SAAAmB,OAAA,EAAgB;MACd,OAAO,IAAI1B,sBAAsB,CAAC;QAACc,KAAK,EAAE;MAAI,CAAC,CAAC;IAClD;EAAC;EAAA,OAAAd,sBAAA;AAAA,EANiD2B,qBAAW;AAAAC,OAAA,CAAA5C,OAAA,GAAAgB,sBAAA"}
+{"version":3,"names":["_httpCore","require","_kmsErrors","_createSuper","Derived","hasNativeReflectConstruct","_isNativeReflectConstruct","_createSuperInternal","Super","_getPrototypeOf2","default","result","NewTarget","constructor","_Reflect$construct","arguments","apply","_possibleConstructorReturn2","Reflect","sham","Proxy","Boolean","prototype","valueOf","call","e","KmsDryErrorInterceptor","_Interceptor","_inherits2","_super","_classCallCheck2","_createClass2","key","value","onResponseError","options","reason","DryError","message","match","webex","logger","error","replay","_promise","reject","replayCount","config","maxAuthenticationReplays","concat","info","request","create","Interceptor","exports"],"sources":["kms-dry-error-interceptor.js"],"sourcesContent":["/*!\r\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\r\n */\r\n\r\nimport {Interceptor} from '@webex/http-core';\r\n\r\nimport {DryError} from './kms-errors';\r\n/**\r\n * Interceptor (only to be used in test mode) intended to replay requests that\r\n * fail as a result of the test-user incompatibility in KMS.\r\n * @class\r\n */\r\nexport default class KmsDryErrorInterceptor extends Interceptor {\r\n  /**\r\n   * @returns {KmsDryErrorInterceptor}\r\n   */\r\n  static create() {\r\n    return new KmsDryErrorInterceptor({webex: this});\r\n  }\r\n\r\n  /**\r\n   * @param {Object} options\r\n   * @param {Exception} reason\r\n   * @returns {Promise}\r\n   */\r\n  onResponseError(options, reason) {\r\n    if (\r\n      reason instanceof DryError &&\r\n      reason.message.match(/Failed to resolve authorization token in KmsMessage request for user/)\r\n    ) {\r\n      this.webex.logger.error('DRY Request Failed due to kms/test-user flakiness');\r\n      this.webex.logger.error(reason);\r\n\r\n      return this.replay(options, reason);\r\n    }\r\n\r\n    return Promise.reject(reason);\r\n  }\r\n\r\n  /**\r\n   * Replays the request\r\n   * @param {Object} options\r\n   * @param {DryError} reason\r\n   * @returns {Object}\r\n   */\r\n  replay(options, reason) {\r\n    if (options.replayCount) {\r\n      options.replayCount += 1;\r\n    } else {\r\n      options.replayCount = 1;\r\n    }\r\n\r\n    if (options.replayCount > this.webex.config.maxAuthenticationReplays) {\r\n      this.webex.logger.error(\r\n        `kms: failed after ${this.webex.config.maxAuthenticationReplays} replay attempts`\r\n      );\r\n\r\n      return Promise.reject(reason);\r\n    }\r\n\r\n    this.webex.logger.info(`kms: replaying request ${options.replayCount} time`);\r\n\r\n    return this.webex.request(options);\r\n  }\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;;AAIA,IAAAA,SAAA,GAAAC,OAAA;AAEA,IAAAC,UAAA,GAAAD,OAAA;AAAsC,SAAAE,aAAAC,OAAA,QAAAC,yBAAA,GAAAC,yBAAA,oBAAAC,qBAAA,QAAAC,KAAA,OAAAC,gBAAA,CAAAC,OAAA,EAAAN,OAAA,GAAAO,MAAA,MAAAN,yBAAA,QAAAO,SAAA,OAAAH,gBAAA,CAAAC,OAAA,QAAAG,WAAA,EAAAF,MAAA,GAAAG,kBAAA,CAAAN,KAAA,EAAAO,SAAA,EAAAH,SAAA,YAAAD,MAAA,GAAAH,KAAA,CAAAQ,KAAA,OAAAD,SAAA,gBAAAE,2BAAA,CAAAP,OAAA,QAAAC,MAAA;AAAA,SAAAL,0BAAA,eAAAY,OAAA,qBAAAJ,kBAAA,oBAAAA,kBAAA,CAAAK,IAAA,2BAAAC,KAAA,oCAAAC,OAAA,CAAAC,SAAA,CAAAC,OAAA,CAAAC,IAAA,CAAAV,kBAAA,CAAAO,OAAA,8CAAAI,CAAA;AACtC;AACA;AACA;AACA;AACA;AAJA,IAKqBC,sBAAsB,0BAAAC,YAAA;EAAA,IAAAC,UAAA,CAAAlB,OAAA,EAAAgB,sBAAA,EAAAC,YAAA;EAAA,IAAAE,MAAA,GAAA1B,YAAA,CAAAuB,sBAAA;EAAA,SAAAA,uBAAA;IAAA,IAAAI,gBAAA,CAAApB,OAAA,QAAAgB,sBAAA;IAAA,OAAAG,MAAA,CAAAb,KAAA,OAAAD,SAAA;EAAA;EAAA,IAAAgB,aAAA,CAAArB,OAAA,EAAAgB,sBAAA;IAAAM,GAAA;IAAAC,KAAA;IAQzC;AACF;AACA;AACA;AACA;IACE,SAAAC,gBAAgBC,OAAO,EAAEC,MAAM,EAAE;MAC/B,IACEA,MAAM,YAAYC,mBAAQ,IAC1BD,MAAM,CAACE,OAAO,CAACC,KAAK,CAAC,sEAAsE,CAAC,EAC5F;QACA,IAAI,CAACC,KAAK,CAACC,MAAM,CAACC,KAAK,CAAC,mDAAmD,CAAC;QAC5E,IAAI,CAACF,KAAK,CAACC,MAAM,CAACC,KAAK,CAACN,MAAM,CAAC;QAE/B,OAAO,IAAI,CAACO,MAAM,CAACR,OAAO,EAAEC,MAAM,CAAC;MACrC;MAEA,OAAOQ,QAAA,CAAAlC,OAAA,CAAQmC,MAAM,CAACT,MAAM,CAAC;IAC/B;;IAEA;AACF;AACA;AACA;AACA;AACA;EALE;IAAAJ,GAAA;IAAAC,KAAA,EAMA,SAAAU,OAAOR,OAAO,EAAEC,MAAM,EAAE;MACtB,IAAID,OAAO,CAACW,WAAW,EAAE;QACvBX,OAAO,CAACW,WAAW,IAAI,CAAC;MAC1B,CAAC,MAAM;QACLX,OAAO,CAACW,WAAW,GAAG,CAAC;MACzB;MAEA,IAAIX,OAAO,CAACW,WAAW,GAAG,IAAI,CAACN,KAAK,CAACO,MAAM,CAACC,wBAAwB,EAAE;QACpE,IAAI,CAACR,KAAK,CAACC,MAAM,CAACC,KAAK,sBAAAO,MAAA,CACA,IAAI,CAACT,KAAK,CAACO,MAAM,CAACC,wBAAwB,sBAChE;QAED,OAAOJ,QAAA,CAAAlC,OAAA,CAAQmC,MAAM,CAACT,MAAM,CAAC;MAC/B;MAEA,IAAI,CAACI,KAAK,CAACC,MAAM,CAACS,IAAI,2BAAAD,MAAA,CAA2Bd,OAAO,CAACW,WAAW,WAAQ;MAE5E,OAAO,IAAI,CAACN,KAAK,CAACW,OAAO,CAAChB,OAAO,CAAC;IACpC;EAAC;IAAAH,GAAA;IAAAC,KAAA;IAlDD;AACF;AACA;IACE,SAAAmB,OAAA,EAAgB;MACd,OAAO,IAAI1B,sBAAsB,CAAC;QAACc,KAAK,EAAE;MAAI,CAAC,CAAC;IAClD;EAAC;EAAA,OAAAd,sBAAA;AAAA,EANiD2B,qBAAW;AAAAC,OAAA,CAAA5C,OAAA,GAAAgB,sBAAA"}

package/dist/kms-errors.js

@@ -19,8 +19,8 @@ var _common = require("@webex/common");
 var _webexCore = require("@webex/webex-core");
 function _createSuper(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct(); return function _createSuperInternal() { var Super = (0, _getPrototypeOf2.default)(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = (0, _getPrototypeOf2.default)(this).constructor; result = _Reflect$construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return (0, _possibleConstructorReturn2.default)(this, result); }; }
 function _isNativeReflectConstruct() { if (typeof Reflect === "undefined" || !_Reflect$construct) return false; if (_Reflect$construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(_Reflect$construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
-/**
- * Error class for KMS errors
+/**
+ * Error class for KMS errors
  */
 var KmsError = /*#__PURE__*/function (_Exception) {
   (0, _inherits2.default)(KmsError, _Exception);
@@ -32,9 +32,9 @@ var KmsError = /*#__PURE__*/function (_Exception) {
   (0, _createClass2.default)(KmsError, [{
     key: "parse",
     value:
-    /**
-     * @param {HttpResponse} body
-     * @returns {string}
+    /**
+     * @param {HttpResponse} body
+     * @returns {string}
      */
     function parse(body) {
       body = body.body || body;
@@ -77,8 +77,8 @@ var KmsError = /*#__PURE__*/function (_Exception) {
   }]);
   return KmsError;
 }(_common.Exception);
-/**
- * Thrown when an expected KMSResponse is not received in a timely manner
+/**
+ * Thrown when an expected KMSResponse is not received in a timely manner
  */
 exports.KmsError = KmsError;
 (0, _defineProperty2.default)(KmsError, "defaultMessage", 'An unknown error occurred while communicating with the kms. This implies we received an error response without a body.');
@@ -92,10 +92,10 @@ var KmsTimeoutError = /*#__PURE__*/function (_KmsError) {
   (0, _createClass2.default)(KmsTimeoutError, [{
     key: "parse",
     value:
-    /**
-     * @param {KmsRequest} options.request
-     * @param {KmsRequest} options.timeout
-     * @returns {string}
+    /**
+     * @param {KmsRequest} options.request
+     * @param {KmsRequest} options.timeout
+     * @returns {string}
      */
     function parse() {
       var _ref = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {},
@@ -116,8 +116,8 @@ var KmsTimeoutError = /*#__PURE__*/function (_KmsError) {
   }]);
   return KmsTimeoutError;
 }(KmsError);
-/**
- * Emitted when a REST request includes an encrypter error
+/**
+ * Emitted when a REST request includes an encrypter error
  */
 exports.KmsTimeoutError = KmsTimeoutError;
 var DryError = /*#__PURE__*/function (_WebexHttpError) {
@@ -130,9 +130,9 @@ var DryError = /*#__PURE__*/function (_WebexHttpError) {
   (0, _createClass2.default)(DryError, [{
     key: "parse",
     value:
-    /**
-     * @param {WebexHttpError} reason
-     * @returns {string}
+    /**
+     * @param {WebexHttpError} reason
+     * @returns {string}
      */
     function parse(reason) {
       (0, _apply.default)(_webexCore.WebexHttpError.prototype.parse, this, [reason._res]);