@webex/internal-plugin-encryption 2.60.1-next.9 → 2.60.2

package/src/encryption.js

@@ -67,19 +67,19 @@ const Encryption = WebexPlugin.extend({
 
   /**
    * Validate and initiate a Download request for requested file
-   * @param {Object} fileUrl - Plaintext
+   *
    * @param {Object} scr - Plaintext
    * @param {Object} options - optional parameters to download a file
    * @returns {promise}
    */
-  download(fileUrl, scr, options) {
+  download(scr, options) {
     /* istanbul ignore if */
-    if (!fileUrl || !scr) {
-      return Promise.reject(new Error('`scr` and `fileUrl` are required'));
+    if (!scr.loc) {
+      return Promise.reject(new Error('`scr.loc` is required'));
     }
 
     const shunt = new EventEmitter();
-    const promise = this._fetchDownloadUrl(fileUrl, options)
+    const promise = this._fetchDownloadUrl(scr, options)
       .then((uri) => {
         // eslint-disable-next-line no-shadow
         const options = {
@@ -103,25 +103,26 @@ const Encryption = WebexPlugin.extend({
 
   /**
    * Fetch Download URL for the requested file
-   * @param {Object} fileUrl - Plaintext
+   *
+   * @param {Object} scr - Plaintext
    * @param {Object} options - optional parameters to download a file
    * @returns {promise} url of the downloadable file
    */
-  _fetchDownloadUrl(fileUrl, options) {
+  _fetchDownloadUrl(scr, options) {
     this.logger.info('encryption: retrieving download url for encrypted file');
 
-    if (process.env.NODE_ENV !== 'production' && fileUrl.includes('localhost')) {
+    if (process.env.NODE_ENV !== 'production' && scr.loc.includes('localhost')) {
       this.logger.info(
         'encryption: bypassing webex files because this looks to be a test file on localhost'
       );
 
-      return Promise.resolve(fileUrl);
+      return Promise.resolve(scr.loc);
     }
 
     const inputBody = {
-      endpoints: [fileUrl],
+      endpoints: [scr.loc],
     };
-    const endpointUrl = url.parse(fileUrl);
+    const endpointUrl = url.parse(scr.loc);
 
     // hardcode the url to use 'https' and the file service '/v1/download/endpoints' api
     endpointUrl.protocol = 'https';
@@ -136,29 +137,21 @@ const Encryption = WebexPlugin.extend({
             allow: options.params.allow,
           }
         : inputBody,
-    })
-      .then((res) => {
-        // eslint-disable-next-line no-shadow
-        const url = res.body.endpoints[fileUrl];
-
-        if (!url) {
-          this.logger.warn(
-            'encryption: could not determine download url for `fileUrl`; attempting to download `fileUrl` directly'
-          );
+    }).then((res) => {
+      // eslint-disable-next-line no-shadow
+      const url = res.body.endpoints[scr.loc];
 
-          return fileUrl;
-        }
-        this.logger.info('encryption: retrieved download url for encrypted file');
-
-        return url;
-      })
-      .catch((err) => {
+      if (!url) {
         this.logger.warn(
-          `encryption: ${err} could not determine download url for ${fileUrl}; attempting to download ${fileUrl} directly`
+          'encryption: could not determine download url for `scr.loc`; attempting to download `scr.loc` directly'
         );
 
-        return fileUrl;
-      });
+        return scr.loc;
+      }
+      this.logger.info('encryption: retrieved download url for encrypted file');
+
+      return url;
+    });
   },
 
   encryptBinary(file) {

package/src/kms-batcher.js

@@ -5,7 +5,7 @@
 import {safeSetTimeout} from '@webex/common-timers';
 import {Batcher} from '@webex/webex-core';
 
-import {KmsError, KmsTimeoutError, handleKmsKeyRevokedEncryptionFailure} from './kms-errors';
+import {KmsError, KmsTimeoutError} from './kms-errors';
 
 export const TIMEOUT_SYMBOL = Symbol('TIMEOUT_SYMBOL');
 
@@ -133,8 +133,6 @@ const KmsBatcher = Batcher.extend({
    * @returns {Promise}
    */
   handleItemFailure(item, reason) {
-    handleKmsKeyRevokedEncryptionFailure(item, this.webex);
-
     return this.getDeferredForResponse(item).then((defer) => {
       defer.reject(reason || new KmsError(item.body));
     });

package/src/kms-certificate-validation.js

@@ -29,7 +29,7 @@ const VALID_KID_PROTOCOL = 'kms:';
 
 const X509_COMMON_NAME_KEY = '2.5.4.3';
 
-export const X509_SUBJECT_ALT_NAME_KEY = '2.5.29.17';
+const X509_SUBJECT_ALT_NAME_KEY = '2.5.29.17';
 
 /**
  * Customize Error so the SDK knows to quit retrying and notify
@@ -101,7 +101,7 @@ const validateKidHeader = ({kid}) => {
  * @throws {KMSError} if unable to validate certificate against KMS credentials
  * @returns {void}
  */
-export const validateCommonName = ([certificate], {kid}) => {
+const validateCommonName = ([certificate], {kid}) => {
   const kidHostname = parseUrl(kid).hostname;
   let validationSuccessful = false;
 
@@ -112,7 +112,7 @@ export const validateCommonName = ([certificate], {kid}) => {
         const {altNames} = extension.parsedValue;
 
         for (const entry of altNames) {
-          const san = entry.value.toLowerCase();
+          const san = entry.value;
 
           validationSuccessful = san === kidHostname;
           if (validationSuccessful) {

package/src/kms-errors.js

@@ -5,12 +5,6 @@
 import {Exception} from '@webex/common';
 import {WebexHttpError} from '@webex/webex-core';
 
-import {
-  KMS_KEY_REVOKE_ERROR_CODES,
-  KMS_KEY_REVOKE_FAILURE,
-  KMS_KEY_REVOKE_ERROR_STATUS,
-} from './constants';
-
 /**
  * Error class for KMS errors
  */
@@ -151,17 +145,3 @@ export class DryError extends WebexHttpError {
     return message;
   }
 }
-
-/**
- * Function triggers an event when specific encryption failures are received.
- */
-
-// eslint-disable-next-line consistent-return
-export const handleKmsKeyRevokedEncryptionFailure = (item, webex) => {
-  if (
-    item.status === KMS_KEY_REVOKE_ERROR_STATUS &&
-    KMS_KEY_REVOKE_ERROR_CODES.includes(item.body.errorCode)
-  ) {
-    webex.internal.encryption.trigger(KMS_KEY_REVOKE_FAILURE);
-  }
-};

package/test/integration/spec/encryption.js

@@ -158,8 +158,7 @@ describe('Encryption', function () {
         }));
   });
 
-  // SPARK-413317
-  describe.skip('#download()', () => {
+  describe('#download()', () => {
     it('downloads and decrypts an encrypted file', () =>
       webex.internal.encryption
         .encryptBinary(FILE)

package/test/integration/spec/kms.js

@@ -425,6 +425,7 @@ describe('Encryption', function () {
     describe('upload customer master key', () => {
       let uploadedkeyId;
 
+      /* eslint-disable no-unused-expressions */
       skipInBrowser(it)('upload customer master key', () =>
         webex.internal.encryption.kms
           .deleteAllCustomerMasterKeys({assignedOrgId: spock.orgId})

package/test/unit/spec/encryption.js

@@ -22,18 +22,18 @@ describe('internal-plugin-encryption', () => {
     });
 
     describe('check _fetchDownloadUrl()', () => {
-      const fileArray = [
+      const scrArray = [
         {
-          url: 'https://files-api-intb1.ciscospark.com/v1/spaces/a0cba376-fc05-4b88-af4b-cfffa7465f9a/contents/1d3931e7-9e31-46bc-8084-d766a8f72c99/versions/5fa9caf87a98410aae49e0173856a974/bytes',
+          loc: 'https://files-api-intb1.ciscospark.com/v1/spaces/a0cba376-fc05-4b88-af4b-cfffa7465f9a/contents/1d3931e7-9e31-46bc-8084-d766a8f72c99/versions/5fa9caf87a98410aae49e0173856a974/bytes',
         },
         {
-          url: 'https://files-api-intb2.ciscospark.com/v1/spaces/a0cba376-fc05-4b88-af4b-cfffa7465f9a/contents/1d3931e7-9e31-46bc-8084-d766a8f72c99/versions/5fa9caf87a98410aae49e0173856a974/bytes',
+          loc: 'https://files-api-intb2.ciscospark.com/v1/spaces/a0cba376-fc05-4b88-af4b-cfffa7465f9a/contents/1d3931e7-9e31-46bc-8084-d766a8f72c99/versions/5fa9caf87a98410aae49e0173856a974/bytes',
         },
         {
-          url: 'https://www.test-api.com/v1/spaces/test-path-name-space/contents/test-path-name-contents/versions/test-version/bytes',
+          loc: 'https://www.test-api.com/v1/spaces/test-path-name-space/contents/test-path-name-contents/versions/test-version/bytes',
         },
         {
-          url: 'http://www.test-api.com/v1/spaces/test-path-name-space/contents/test-path-name-contents/versions/test-version/bytes',
+          loc: 'http://www.test-api.com/v1/spaces/test-path-name-space/contents/test-path-name-contents/versions/test-version/bytes',
         },
       ];
       const options = undefined;
@@ -44,7 +44,7 @@ describe('internal-plugin-encryption', () => {
 
         spyStub = sinon.stub(webex.internal.encryption, 'request').callsFake(returnStub);
 
-        fileArray.forEach((file) => webex.internal.encryption._fetchDownloadUrl(file.url, options));
+        scrArray.forEach((scr) => webex.internal.encryption._fetchDownloadUrl(scr, options));
       });
 
       it('verifying file service uris', () => {
@@ -68,10 +68,10 @@ describe('internal-plugin-encryption', () => {
       });
 
       it('verifying endpoints', () => {
-        assert.equal(spyStub.args[0][0].body.endpoints[0], fileArray[0].url);
-        assert.equal(spyStub.args[1][0].body.endpoints[0], fileArray[1].url);
-        assert.equal(spyStub.args[2][0].body.endpoints[0], fileArray[2].url);
-        assert.equal(spyStub.args[3][0].body.endpoints[0], fileArray[3].url);
+        assert.equal(spyStub.args[0][0].body.endpoints[0], scrArray[0].loc);
+        assert.equal(spyStub.args[1][0].body.endpoints[0], scrArray[1].loc);
+        assert.equal(spyStub.args[2][0].body.endpoints[0], scrArray[2].loc);
+        assert.equal(spyStub.args[3][0].body.endpoints[0], scrArray[3].loc);
       });
 
       afterEach(() => {

package/test/unit/spec/kms-certificate-validation.js

@@ -1,6 +1,6 @@
 import {assert} from '@webex/test-helper-chai';
 
-import validateCert, {KMSError, validateCommonName, X509_SUBJECT_ALT_NAME_KEY} from '../../../src/kms-certificate-validation';
+import validateCert, {KMSError} from '../../../src/kms-certificate-validation';
 
 const caroots = [
   'MIID6TCCAtGgAwIBAgIURmBu688C9oUIJXlykr1J3fi5H4kwDQYJKoZIhvcNAQELBQAwgYMxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhDb2xvcmFkbzEPMA0GA1UEBwwGRGVudmVyMRAwDgYDVQQKDAdFeGFtcGxlMR8wHQYDVQQDDBZodHRwczovL2NhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTAeFw0yMDAyMDYyMDIyMDhaFw00MDAyMDEyMDIyMDhaMIGDMQswCQYDVQQGEwJVUzERMA8GA1UECAwIQ29sb3JhZG8xDzANBgNVBAcMBkRlbnZlcjEQMA4GA1UECgwHRXhhbXBsZTEfMB0GA1UEAwwWaHR0cHM6Ly9jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7TaDWldwjU65y4fnNDIuNu4dZi3bZvaN9nJ3A8D9pwFcNx3DL5cPpafAkJuE/2ZBrsZxJWKwXLQFuNE9V3XVslv0OPgEZVfY5AKuPhVezRqEqsCdUgODMkJat6PE02r0NZRFpBiRCThh0wY5u/tiTiPgjHwEPhBEyLgcJ6FOWLn9wBsS4SvBzfppYGL5GW1G0eN9yORnKKgqkgyf0x8FvTMyVSjtkhcI/kA/8061sl4DFG6sefQmAOVvH7tp7YmN+jpQ7cOKQtjOpZS6Gp22u7LEI0/qb5n2QvjjcUQM81mN6CZ8nciWXRgjBhdAJJhmyMvcx8rnVb6vtU26fCaetAgMBAAGjUzBRMB0GA1UdDgQWBBRZiCyKaTYL94gwhxzktYg32qMOYjAfBgNVHSMEGDAWgBRZiCyKaTYL94gwhxzktYg32qMOYjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQATa2QkTGcj8IPjItnvg23ihlRjHdFHn6lB7uYPhcDurwRlBrlC2/OB44P3dHB9tEPbV4unoF9ftEKO3nNY3HUDcPrQwRqkPftlYYr4/6z/jnmNBRgiDICVaiTZNlX54fLiPsSAbIymPWLLLNtq17vjVEcfGUXhi/F+EkN/uXZ4yH6RK0YjBRwPV9cfziz1YsF2WVYVYtQErf+NTjnYR5S4Ba2kEqhI5j7mNhiafPNODaOchHcaRMvfWcBhlHt+atwNyPxNr4NP+cDjAWg0I8xAUdbZGQiRJecjkctolLHsfZXj+ulEv3eaKw7gSo3Aekexw8aZS7soy+VM1fzmLopw',
@@ -163,36 +163,3 @@ describe('internal-plugin-encryption', () => {
     });
   });
 });
-
-describe('validateCommonName', () => {
-
-  const checkValidate = (SAN, kidHostname) => {
-    validateCommonName(
-      [
-        {
-          extensions: [
-            {
-              extnID: X509_SUBJECT_ALT_NAME_KEY,
-              parsedValue: {
-                altNames: [{value: 'Example.com'}],
-              },
-            },
-          ],
-        },
-      ],
-      {kid: 'https://Example.com'}
-    );
-  }
-
-  it('handles mixed case SAN', () => {
-    checkValidate('Example.com', 'https://Example.com');
-  });
-
-  it('handles different case SAN', () => {
-    checkValidate('ExAmpLe.cOm', 'https://example.com');
-  });
-
-  it('handles different case kid hostname', () => {
-    checkValidate('example.com', 'https://ExAmpLe.cOm');
-  });
-});

package/dist/constants.js

@@ -1,11 +0,0 @@
-"use strict";
-
-var _Object$defineProperty = require("@babel/runtime-corejs2/core-js/object/define-property");
-_Object$defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.KMS_KEY_REVOKE_FAILURE = exports.KMS_KEY_REVOKE_ERROR_STATUS = exports.KMS_KEY_REVOKE_ERROR_CODES = void 0;
-var KMS_KEY_REVOKE_FAILURE = exports.KMS_KEY_REVOKE_FAILURE = 'event:kms:key:revoke:encryption:failure';
-var KMS_KEY_REVOKE_ERROR_STATUS = exports.KMS_KEY_REVOKE_ERROR_STATUS = 405;
-var KMS_KEY_REVOKE_ERROR_CODES = exports.KMS_KEY_REVOKE_ERROR_CODES = [405005, 405006];
-//# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["KMS_KEY_REVOKE_FAILURE","exports","KMS_KEY_REVOKE_ERROR_STATUS","KMS_KEY_REVOKE_ERROR_CODES"],"sources":["constants.js"],"sourcesContent":["export const KMS_KEY_REVOKE_FAILURE = 'event:kms:key:revoke:encryption:failure';\nexport const KMS_KEY_REVOKE_ERROR_STATUS = 405;\nexport const KMS_KEY_REVOKE_ERROR_CODES = [405005, 405006];\n"],"mappings":";;;;;;;AAAO,IAAMA,sBAAsB,GAAAC,OAAA,CAAAD,sBAAA,GAAG,yCAAyC;AACxE,IAAME,2BAA2B,GAAAD,OAAA,CAAAC,2BAAA,GAAG,GAAG;AACvC,IAAMC,0BAA0B,GAAAF,OAAA,CAAAE,0BAAA,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC"}

package/src/constants.js

@@ -1,3 +0,0 @@
-export const KMS_KEY_REVOKE_FAILURE = 'event:kms:key:revoke:encryption:failure';
-export const KMS_KEY_REVOKE_ERROR_STATUS = 405;
-export const KMS_KEY_REVOKE_ERROR_CODES = [405005, 405006];

package/test/unit/spec/kms-errors.js

@@ -1,70 +0,0 @@
-import {assert} from '@webex/test-helper-chai';
-import {handleKmsKeyRevokedEncryptionFailure} from '../../../src/kms-errors'
-import sinon from 'sinon';
-
-describe('handleKmsKeyRevokedEncryptionFailure', () => {
-
-    it('triggers `event:kms:key:revoke:encryption:failure` event when correct error code is detected', () => {
-        const webex = {
-            internal: {
-                encryption: {
-                trigger: sinon.spy()
-              },
-            },
-          }
-
-        const item = {
-            status: 405,
-            body: {
-                errorCode: 405005,
-            }
-        }
-
-        handleKmsKeyRevokedEncryptionFailure(item, webex);
-        
-        assert.calledOnce(webex.internal.encryption.trigger);
-        assert.calledWithExactly(webex.internal.encryption.trigger, `event:kms:key:revoke:encryption:failure`);
-    });
-
-    it('does not trigger `event:kms:key:revoke:encryption:failure` event when correct status but wrong error code is detected', () => {
-        const webex = {
-            internal: {
-                encryption: {
-                trigger: sinon.spy()
-              },
-            },
-          }
-
-        const item = {
-            status: 405,
-            body: {
-                errorCode: 405009,
-            }
-        }
-
-        handleKmsKeyRevokedEncryptionFailure(item, webex);
-         
-        assert.notCalled(webex.internal.encryption.trigger);
-       });
-
-       it('does not trigger `event:kms:key:revoke:encryption:failure` event when wrong status but correct error code is detected', () => {
-        const webex = {
-            internal: {
-                encryption: {
-                trigger: sinon.spy()
-              },
-            },
-          }
-
-        const item = {
-            status: 403,
-            body: {
-                errorCode: 405005,
-            }
-        }
-
-        handleKmsKeyRevokedEncryptionFailure(item, webex);
-         
-        assert.notCalled(webex.internal.encryption.trigger);
-       });
-});