@webex/internal-plugin-encryption 3.0.0-beta.13 → 3.0.0-beta.15

package/README.md

@@ -21,14 +21,12 @@ npm install --save @webex/internal-plugin-encryption
 ## Usage
 
 ```js
-
 import '@webex/internal-plugin-encryption';
 
 import WebexCore from '@webex/webex-core';
 
 const webex = new WebexCore();
-webex.internal.encryption.WHATEVER
-
+webex.internal.encryption.WHATEVER;
 ```
 
 ## Maintainers

package/dist/config.js.map

@@ -1 +1 @@
-{"version":3,"names":["encryption","joseOptions","compact","contentAlg","protect","kmsInitialTimeout","kmsMaxTimeout","ecdhMaxTimeout","batcherWait","batcherMaxCalls","batcherMaxWait"],"sources":["config.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nexport default {\n  encryption: {\n    joseOptions: {\n      compact: true,\n      contentAlg: 'A256GCM',\n      protect: '*'\n    },\n\n    /**\n     * Initial timeout before contacting KMS with a new request\n     * @type {Number}\n     */\n    kmsInitialTimeout: 6000,\n\n    /**\n     * Maximum timeout before negotiating a new ECDH key\n     * and contacting KMS with a new request\n     * @type {Number}\n     */\n    kmsMaxTimeout: 32000,\n\n    /**\n     * Maximum timeout after negotiating several ECDH keys\n     * @type {Number}\n     */\n    ecdhMaxTimeout: 32000 * 3,\n\n    /**\n     * Debounce wait before sending a kms request\n     * @type {Number}\n     */\n    batcherWait: 50,\n\n    /**\n     * Maximum queue size before sending a kms request\n     * @type {Number}\n     */\n    batcherMaxCalls: 50,\n\n    /**\n     * Debounce max wait before sending a kms metric\n     * @type {Number}\n     */\n    batcherMaxWait: 150\n  }\n};\n"],"mappings":";;;;;;;;;;AAAA;AACA;AACA;eAEe;EACbA,UAAU,EAAE;IACVC,WAAW,EAAE;MACXC,OAAO,EAAE,IADE;MAEXC,UAAU,EAAE,SAFD;MAGXC,OAAO,EAAE;IAHE,CADH;;IAOV;AACJ;AACA;AACA;IACIC,iBAAiB,EAAE,IAXT;;IAaV;AACJ;AACA;AACA;AACA;IACIC,aAAa,EAAE,KAlBL;;IAoBV;AACJ;AACA;AACA;IACIC,cAAc,EAAE,QAAQ,CAxBd;;IA0BV;AACJ;AACA;AACA;IACIC,WAAW,EAAE,EA9BH;;IAgCV;AACJ;AACA;AACA;IACIC,eAAe,EAAE,EApCP;;IAsCV;AACJ;AACA;AACA;IACIC,cAAc,EAAE;EA1CN;AADC,C"}
+{"version":3,"names":["encryption","joseOptions","compact","contentAlg","protect","kmsInitialTimeout","kmsMaxTimeout","ecdhMaxTimeout","batcherWait","batcherMaxCalls","batcherMaxWait"],"sources":["config.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nexport default {\n  encryption: {\n    joseOptions: {\n      compact: true,\n      contentAlg: 'A256GCM',\n      protect: '*',\n    },\n\n    /**\n     * Initial timeout before contacting KMS with a new request\n     * @type {Number}\n     */\n    kmsInitialTimeout: 6000,\n\n    /**\n     * Maximum timeout before negotiating a new ECDH key\n     * and contacting KMS with a new request\n     * @type {Number}\n     */\n    kmsMaxTimeout: 32000,\n\n    /**\n     * Maximum timeout after negotiating several ECDH keys\n     * @type {Number}\n     */\n    ecdhMaxTimeout: 32000 * 3,\n\n    /**\n     * Debounce wait before sending a kms request\n     * @type {Number}\n     */\n    batcherWait: 50,\n\n    /**\n     * Maximum queue size before sending a kms request\n     * @type {Number}\n     */\n    batcherMaxCalls: 50,\n\n    /**\n     * Debounce max wait before sending a kms metric\n     * @type {Number}\n     */\n    batcherMaxWait: 150,\n  },\n};\n"],"mappings":";;;;;;;;;;AAAA;AACA;AACA;eAEe;EACbA,UAAU,EAAE;IACVC,WAAW,EAAE;MACXC,OAAO,EAAE,IADE;MAEXC,UAAU,EAAE,SAFD;MAGXC,OAAO,EAAE;IAHE,CADH;;IAOV;AACJ;AACA;AACA;IACIC,iBAAiB,EAAE,IAXT;;IAaV;AACJ;AACA;AACA;AACA;IACIC,aAAa,EAAE,KAlBL;;IAoBV;AACJ;AACA;AACA;IACIC,cAAc,EAAE,QAAQ,CAxBd;;IA0BV;AACJ;AACA;AACA;IACIC,WAAW,EAAE,EA9BH;;IAgCV;AACJ;AACA;AACA;IACIC,eAAe,EAAE,EApCP;;IAsCV;AACJ;AACA;AACA;IACIC,cAAc,EAAE;EA1CN;AADC,C"}

package/dist/encryption.js

@@ -115,6 +115,7 @@ var Encryption = _webexCore.WebexPlugin.extend({
     var shunt = new _events.EventEmitter();
 
     var promise = this._fetchDownloadUrl(scr, options).then(function (uri) {
+      // eslint-disable-next-line no-shadow
       var options = {
         method: 'GET',
         uri: uri,
@@ -166,6 +167,7 @@ var Encryption = _webexCore.WebexPlugin.extend({
         allow: options.params.allow
       }) : inputBody
     }).then(function (res) {
+      // eslint-disable-next-line no-shadow
       var url = res.body.endpoints[scr.loc];
 
       if (!url) {
@@ -273,7 +275,7 @@ var Encryption = _webexCore.WebexPlugin.extend({
       }));
     });
   },
-  version: "3.0.0-beta.13"
+  version: "3.0.0-beta.15"
 });
 /**
  * JSON.stringify replacer that ensures private key data is serialized.

package/dist/encryption.js.map

@@ -1 +1 @@
-{"version":3,"names":["Encryption","WebexPlugin","extend","children","kms","KMS","namespace","processKmsMessageEvent","event","decryptBinary","scr","buffer","ensureBuffer","then","b","length","byteLength","reject","Error","decrypt","decryptScr","key","cipherScr","options","getKey","k","SCR","fromJWE","jwk","decryptText","ciphertext","jose","JWE","createDecrypt","result","plaintext","toString","download","loc","shunt","EventEmitter","promise","_fetchDownloadUrl","uri","method","responseType","ret","request","transferEvents","res","body","proxyEvents","logger","info","process","env","NODE_ENV","includes","resolve","inputBody","endpoints","endpointUrl","url","parse","protocol","pathname","format","allow","params","warn","encryptBinary","file","create","encrypt","cdata","encryptScr","toJWE","encryptText","createEncrypt","config","joseOptions","header","alg","reference","final","onBehalfOf","asKey","storageKey","unboundedStorage","get","keyString","JSON","keyObject","catch","fetchKey","tap","put","replacer","v","json","toJSON"],"sources":["encryption.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {EventEmitter} from 'events';\nimport url from 'url';\n\nimport {WebexPlugin} from '@webex/webex-core';\nimport {proxyEvents, tap, transferEvents} from '@webex/common';\nimport jose from 'node-jose';\nimport SCR from 'node-scr';\n\nimport ensureBuffer from './ensure-buffer';\nimport KMS from './kms';\n\nconst Encryption = WebexPlugin.extend({\n  children: {\n    kms: KMS\n  },\n\n  namespace: 'Encryption',\n\n  processKmsMessageEvent(event) {\n    return this.kms.processKmsMessageEvent(event);\n  },\n\n  decryptBinary(scr, buffer) {\n    return ensureBuffer(buffer)\n      .then((b) => {\n        /* istanbul ignore if */\n        if (buffer.length === 0 || buffer.byteLength === 0) {\n          return Promise.reject(new Error('Attempted to decrypt zero-length buffer'));\n        }\n\n        return scr.decrypt(b);\n      });\n  },\n\n  /**\n   * Decrypt a SCR (Secure Content Resource) using the supplied key uri.\n   *\n   * @param {string} key - The uri of a key stored in KMS\n   * @param {Object} cipherScr - An encrypted SCR\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {Object} Decrypted SCR\n   */\n  decryptScr(key, cipherScr, options) {\n    return this.getKey(key, options)\n      .then((k) => SCR.fromJWE(k.jwk, cipherScr));\n  },\n\n  /**\n   * Decrypt text using the supplied key uri.\n   *\n   * @param {string} key - The uri of a key stored in KMS\n   * @param {string} ciphertext - Encrypted text\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {string} Decrypted plaintext\n   */\n  decryptText(key, ciphertext, options) {\n    return this.getKey(key, options)\n      .then((k) => jose.JWE\n        .createDecrypt(k.jwk)\n        .decrypt(ciphertext)\n        .then((result) => result.plaintext.toString()));\n  },\n\n  /**\n   * Validate and initiate a Download request for requested file\n   *\n   * @param {Object} scr - Plaintext\n   * @param {Object} options - optional parameters to download a file\n   * @returns {promise}\n   */\n  download(scr, options) {\n    /* istanbul ignore if */\n    if (!scr.loc) {\n      return Promise.reject(new Error('`scr.loc` is required'));\n    }\n\n    const shunt = new EventEmitter();\n    const promise = this._fetchDownloadUrl(scr, options)\n      .then((uri) => {\n        const options = {\n          method: 'GET',\n          uri,\n          responseType: 'buffer'\n        };\n\n        const ret = this.request(options);\n\n        transferEvents('progress', options.download, shunt);\n\n        return ret;\n      })\n      .then((res) => this.decryptBinary(scr, res.body));\n\n    proxyEvents(shunt, promise);\n\n    return promise;\n  },\n\n  /**\n   * Fetch Download URL for the requested file\n   *\n   * @param {Object} scr - Plaintext\n   * @param {Object} options - optional parameters to download a file\n   * @returns {promise} url of the downloadable file\n   */\n  _fetchDownloadUrl(scr, options) {\n    this.logger.info('encryption: retrieving download url for encrypted file');\n\n    if (process.env.NODE_ENV !== 'production' && scr.loc.includes('localhost')) {\n      this.logger.info('encryption: bypassing webex files because this looks to be a test file on localhost');\n\n      return Promise.resolve(scr.loc);\n    }\n\n    const inputBody = {\n      endpoints: [scr.loc]\n    };\n    const endpointUrl = url.parse(scr.loc);\n\n    // hardcode the url to use 'https' and the file service '/v1/download/endpoints' api\n    endpointUrl.protocol = 'https';\n    endpointUrl.pathname = '/v1/download/endpoints';\n\n    return this.request({\n      method: 'POST',\n      uri: url.format(endpointUrl),\n      body: options ? {\n        ...inputBody,\n        allow: options.params.allow\n      } : inputBody\n    })\n      .then((res) => {\n        const url = res.body.endpoints[scr.loc];\n\n        if (!url) {\n          this.logger.warn('encryption: could not determine download url for `scr.loc`; attempting to download `scr.loc` directly');\n\n          return scr.loc;\n        }\n        this.logger.info('encryption: retrieved download url for encrypted file');\n\n        return url;\n      });\n  },\n\n  encryptBinary(file) {\n    return ensureBuffer(file)\n      .then((buffer) => SCR.create()\n        .then((scr) => scr.encrypt(buffer)\n          .then(ensureBuffer)\n          // eslint-disable-next-line max-nested-callbacks\n          .then((cdata) => ({scr, cdata}))));\n  },\n\n  /**\n   * Encrypt a SCR (Secure Content Resource) using the supplied key uri.\n   *\n   * @param {string} key - The uri of a key stored in KMS\n   * @param {Object} scr - Plaintext\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {string} Encrypted SCR\n   */\n  encryptScr(key, scr, options) {\n    /* istanbul ignore if */\n    if (!scr.loc) {\n      return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));\n    }\n\n    return this.getKey(key, options)\n      .then((k) => scr.toJWE(k.jwk));\n  },\n\n  /**\n   * Encrypt plaintext using the supplied key uri.\n   *\n   * @param {string} key - The uri of a key stored in KMS\n   * @param {string} plaintext\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {string} Encrypted text\n   */\n  encryptText(key, plaintext, options) {\n    return this.getKey(key, options)\n      .then((k) => jose.JWE\n        .createEncrypt(this.config.joseOptions, {\n          key: k.jwk,\n          header: {\n            alg: 'dir'\n          },\n          reference: null\n        })\n        .final(plaintext, 'utf8'));\n  },\n\n  /**\n   * Fetch the key associated with the supplied KMS uri.\n   *\n   * @param {string} uri - The uri of a key stored in KMS\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {string} Key\n   */\n  getKey(uri, {onBehalfOf} = {}) {\n    if (uri.jwk) {\n      return this.kms.asKey(uri);\n    }\n\n    let storageKey = uri;\n\n    if (onBehalfOf) {\n      storageKey += `/onBehalfOf/${onBehalfOf}`;\n    }\n\n    return this.unboundedStorage.get(storageKey)\n      .then((keyString) => JSON.parse(keyString))\n      .then((keyObject) => this.kms.asKey(keyObject))\n      .catch(() => this.kms.fetchKey({uri, onBehalfOf})\n        .then(tap((key) => this.unboundedStorage.put(storageKey, JSON.stringify(key, replacer)))));\n  }\n});\n\n/**\n * JSON.stringify replacer that ensures private key data is serialized.\n * @param {string} k\n * @param {mixed} v\n * @returns {mixed}\n */\nfunction replacer(k, v) {\n  if (k === 'jwk') {\n    // note: this[k] and v may be different representations of the same value\n    // eslint-disable-next-line no-invalid-this\n    const json = this[k].toJSON(true);\n\n    return json;\n  }\n\n  return v;\n}\n\nexport default Encryption;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAIA;;AACA;;AAEA;;AACA;;AACA;;AACA;;AAEA;;AACA;;;;;;AAEA,IAAMA,UAAU,GAAGC,sBAAA,CAAYC,MAAZ,CAAmB;EACpCC,QAAQ,EAAE;IACRC,GAAG,EAAEC;EADG,CAD0B;EAKpCC,SAAS,EAAE,YALyB;EAOpCC,sBAPoC,kCAObC,KAPa,EAON;IAC5B,OAAO,KAAKJ,GAAL,CAASG,sBAAT,CAAgCC,KAAhC,CAAP;EACD,CATmC;EAWpCC,aAXoC,yBAWtBC,GAXsB,EAWjBC,MAXiB,EAWT;IACzB,OAAO,IAAAC,qBAAA,EAAaD,MAAb,EACJE,IADI,CACC,UAACC,CAAD,EAAO;MACX;MACA,IAAIH,MAAM,CAACI,MAAP,KAAkB,CAAlB,IAAuBJ,MAAM,CAACK,UAAP,KAAsB,CAAjD,EAAoD;QAClD,OAAO,iBAAQC,MAAR,CAAe,IAAIC,KAAJ,CAAU,yCAAV,CAAf,CAAP;MACD;;MAED,OAAOR,GAAG,CAACS,OAAJ,CAAYL,CAAZ,CAAP;IACD,CARI,CAAP;EASD,CArBmC;;EAuBpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEM,UAhCoC,sBAgCzBC,GAhCyB,EAgCpBC,SAhCoB,EAgCTC,OAhCS,EAgCA;IAClC,OAAO,KAAKC,MAAL,CAAYH,GAAZ,EAAiBE,OAAjB,EACJV,IADI,CACC,UAACY,CAAD;MAAA,OAAOC,gBAAA,CAAIC,OAAJ,CAAYF,CAAC,CAACG,GAAd,EAAmBN,SAAnB,CAAP;IAAA,CADD,CAAP;EAED,CAnCmC;;EAqCpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEO,WA9CoC,uBA8CxBR,GA9CwB,EA8CnBS,UA9CmB,EA8CPP,OA9CO,EA8CE;IACpC,OAAO,KAAKC,MAAL,CAAYH,GAAZ,EAAiBE,OAAjB,EACJV,IADI,CACC,UAACY,CAAD;MAAA,OAAOM,iBAAA,CAAKC,GAAL,CACVC,aADU,CACIR,CAAC,CAACG,GADN,EAEVT,OAFU,CAEFW,UAFE,EAGVjB,IAHU,CAGL,UAACqB,MAAD;QAAA,OAAYA,MAAM,CAACC,SAAP,CAAiBC,QAAjB,EAAZ;MAAA,CAHK,CAAP;IAAA,CADD,CAAP;EAKD,CApDmC;;EAsDpC;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,QA7DoC,oBA6D3B3B,GA7D2B,EA6DtBa,OA7DsB,EA6Db;IAAA;;IACrB;IACA,IAAI,CAACb,GAAG,CAAC4B,GAAT,EAAc;MACZ,OAAO,iBAAQrB,MAAR,CAAe,IAAIC,KAAJ,CAAU,uBAAV,CAAf,CAAP;IACD;;IAED,IAAMqB,KAAK,GAAG,IAAIC,oBAAJ,EAAd;;IACA,IAAMC,OAAO,GAAG,KAAKC,iBAAL,CAAuBhC,GAAvB,EAA4Ba,OAA5B,EACbV,IADa,CACR,UAAC8B,GAAD,EAAS;MACb,IAAMpB,OAAO,GAAG;QACdqB,MAAM,EAAE,KADM;QAEdD,GAAG,EAAHA,GAFc;QAGdE,YAAY,EAAE;MAHA,CAAhB;;MAMA,IAAMC,GAAG,GAAG,KAAI,CAACC,OAAL,CAAaxB,OAAb,CAAZ;;MAEA,IAAAyB,sBAAA,EAAe,UAAf,EAA2BzB,OAAO,CAACc,QAAnC,EAA6CE,KAA7C;MAEA,OAAOO,GAAP;IACD,CAba,EAcbjC,IAda,CAcR,UAACoC,GAAD;MAAA,OAAS,KAAI,CAACxC,aAAL,CAAmBC,GAAnB,EAAwBuC,GAAG,CAACC,IAA5B,CAAT;IAAA,CAdQ,CAAhB;;IAgBA,IAAAC,mBAAA,EAAYZ,KAAZ,EAAmBE,OAAnB;IAEA,OAAOA,OAAP;EACD,CAvFmC;;EAyFpC;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,iBAhGoC,6BAgGlBhC,GAhGkB,EAgGba,OAhGa,EAgGJ;IAAA;;IAC9B,KAAK6B,MAAL,CAAYC,IAAZ,CAAiB,wDAAjB;;IAEA,IAAIC,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,YAAzB,IAAyC9C,GAAG,CAAC4B,GAAJ,CAAQmB,QAAR,CAAiB,WAAjB,CAA7C,EAA4E;MAC1E,KAAKL,MAAL,CAAYC,IAAZ,CAAiB,qFAAjB;MAEA,OAAO,iBAAQK,OAAR,CAAgBhD,GAAG,CAAC4B,GAApB,CAAP;IACD;;IAED,IAAMqB,SAAS,GAAG;MAChBC,SAAS,EAAE,CAAClD,GAAG,CAAC4B,GAAL;IADK,CAAlB;;IAGA,IAAMuB,WAAW,GAAGC,YAAA,CAAIC,KAAJ,CAAUrD,GAAG,CAAC4B,GAAd,CAApB,CAZ8B,CAc9B;;;IACAuB,WAAW,CAACG,QAAZ,GAAuB,OAAvB;IACAH,WAAW,CAACI,QAAZ,GAAuB,wBAAvB;IAEA,OAAO,KAAKlB,OAAL,CAAa;MAClBH,MAAM,EAAE,MADU;MAElBD,GAAG,EAAEmB,YAAA,CAAII,MAAJ,CAAWL,WAAX,CAFa;MAGlBX,IAAI,EAAE3B,OAAO,mCACRoC,SADQ;QAEXQ,KAAK,EAAE5C,OAAO,CAAC6C,MAAR,CAAeD;MAFX,KAGTR;IANc,CAAb,EAQJ9C,IARI,CAQC,UAACoC,GAAD,EAAS;MACb,IAAMa,GAAG,GAAGb,GAAG,CAACC,IAAJ,CAASU,SAAT,CAAmBlD,GAAG,CAAC4B,GAAvB,CAAZ;;MAEA,IAAI,CAACwB,GAAL,EAAU;QACR,MAAI,CAACV,MAAL,CAAYiB,IAAZ,CAAiB,uGAAjB;;QAEA,OAAO3D,GAAG,CAAC4B,GAAX;MACD;;MACD,MAAI,CAACc,MAAL,CAAYC,IAAZ,CAAiB,uDAAjB;;MAEA,OAAOS,GAAP;IACD,CAnBI,CAAP;EAoBD,CAtImC;EAwIpCQ,aAxIoC,yBAwItBC,IAxIsB,EAwIhB;IAClB,OAAO,IAAA3D,qBAAA,EAAa2D,IAAb,EACJ1D,IADI,CACC,UAACF,MAAD;MAAA,OAAYe,gBAAA,CAAI8C,MAAJ,GACf3D,IADe,CACV,UAACH,GAAD;QAAA,OAASA,GAAG,CAAC+D,OAAJ,CAAY9D,MAAZ,EACZE,IADY,CACPD,qBADO,EAEb;QAFa,CAGZC,IAHY,CAGP,UAAC6D,KAAD;UAAA,OAAY;YAAChE,GAAG,EAAHA,GAAD;YAAMgE,KAAK,EAALA;UAAN,CAAZ;QAAA,CAHO,CAAT;MAAA,CADU,CAAZ;IAAA,CADD,CAAP;EAMD,CA/ImC;;EAiJpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,UA1JoC,sBA0JzBtD,GA1JyB,EA0JpBX,GA1JoB,EA0Jfa,OA1Je,EA0JN;IAC5B;IACA,IAAI,CAACb,GAAG,CAAC4B,GAAT,EAAc;MACZ,OAAO,iBAAQrB,MAAR,CAAe,IAAIC,KAAJ,CAAU,kDAAV,CAAf,CAAP;IACD;;IAED,OAAO,KAAKM,MAAL,CAAYH,GAAZ,EAAiBE,OAAjB,EACJV,IADI,CACC,UAACY,CAAD;MAAA,OAAOf,GAAG,CAACkE,KAAJ,CAAUnD,CAAC,CAACG,GAAZ,CAAP;IAAA,CADD,CAAP;EAED,CAlKmC;;EAoKpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEiD,WA7KoC,uBA6KxBxD,GA7KwB,EA6KnBc,SA7KmB,EA6KRZ,OA7KQ,EA6KC;IAAA;;IACnC,OAAO,KAAKC,MAAL,CAAYH,GAAZ,EAAiBE,OAAjB,EACJV,IADI,CACC,UAACY,CAAD;MAAA,OAAOM,iBAAA,CAAKC,GAAL,CACV8C,aADU,CACI,MAAI,CAACC,MAAL,CAAYC,WADhB,EAC6B;QACtC3D,GAAG,EAAEI,CAAC,CAACG,GAD+B;QAEtCqD,MAAM,EAAE;UACNC,GAAG,EAAE;QADC,CAF8B;QAKtCC,SAAS,EAAE;MAL2B,CAD7B,EAQVC,KARU,CAQJjD,SARI,EAQO,MARP,CAAP;IAAA,CADD,CAAP;EAUD,CAxLmC;;EA0LpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEX,MAlMoC,kBAkM7BmB,GAlM6B,EAkML;IAAA;;IAAA,+EAAJ,EAAI;IAAA,IAAlB0C,UAAkB,QAAlBA,UAAkB;;IAC7B,IAAI1C,GAAG,CAACf,GAAR,EAAa;MACX,OAAO,KAAKxB,GAAL,CAASkF,KAAT,CAAe3C,GAAf,CAAP;IACD;;IAED,IAAI4C,UAAU,GAAG5C,GAAjB;;IAEA,IAAI0C,UAAJ,EAAgB;MACdE,UAAU,0BAAmBF,UAAnB,CAAV;IACD;;IAED,OAAO,KAAKG,gBAAL,CAAsBC,GAAtB,CAA0BF,UAA1B,EACJ1E,IADI,CACC,UAAC6E,SAAD;MAAA,OAAeC,IAAI,CAAC5B,KAAL,CAAW2B,SAAX,CAAf;IAAA,CADD,EAEJ7E,IAFI,CAEC,UAAC+E,SAAD;MAAA,OAAe,MAAI,CAACxF,GAAL,CAASkF,KAAT,CAAeM,SAAf,CAAf;IAAA,CAFD,EAGJC,KAHI,CAGE;MAAA,OAAM,MAAI,CAACzF,GAAL,CAAS0F,QAAT,CAAkB;QAACnD,GAAG,EAAHA,GAAD;QAAM0C,UAAU,EAAVA;MAAN,CAAlB,EACVxE,IADU,CACL,IAAAkF,WAAA,EAAI,UAAC1E,GAAD;QAAA,OAAS,MAAI,CAACmE,gBAAL,CAAsBQ,GAAtB,CAA0BT,UAA1B,EAAsC,wBAAelE,GAAf,EAAoB4E,QAApB,CAAtC,CAAT;MAAA,CAAJ,CADK,CAAN;IAAA,CAHF,CAAP;EAKD,CAlNmC;EAAA;AAAA,CAAnB,CAAnB;AAqNA;AACA;AACA;AACA;AACA;AACA;;;AACA,SAASA,QAAT,CAAkBxE,CAAlB,EAAqByE,CAArB,EAAwB;EACtB,IAAIzE,CAAC,KAAK,KAAV,EAAiB;IACf;IACA;IACA,IAAM0E,IAAI,GAAG,KAAK1E,CAAL,EAAQ2E,MAAR,CAAe,IAAf,CAAb;IAEA,OAAOD,IAAP;EACD;;EAED,OAAOD,CAAP;AACD;;eAEclG,U"}
+{"version":3,"names":["Encryption","WebexPlugin","extend","children","kms","KMS","namespace","processKmsMessageEvent","event","decryptBinary","scr","buffer","ensureBuffer","then","b","length","byteLength","reject","Error","decrypt","decryptScr","key","cipherScr","options","getKey","k","SCR","fromJWE","jwk","decryptText","ciphertext","jose","JWE","createDecrypt","result","plaintext","toString","download","loc","shunt","EventEmitter","promise","_fetchDownloadUrl","uri","method","responseType","ret","request","transferEvents","res","body","proxyEvents","logger","info","process","env","NODE_ENV","includes","resolve","inputBody","endpoints","endpointUrl","url","parse","protocol","pathname","format","allow","params","warn","encryptBinary","file","create","encrypt","cdata","encryptScr","toJWE","encryptText","createEncrypt","config","joseOptions","header","alg","reference","final","onBehalfOf","asKey","storageKey","unboundedStorage","get","keyString","JSON","keyObject","catch","fetchKey","tap","put","replacer","v","json","toJSON"],"sources":["encryption.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {EventEmitter} from 'events';\nimport url from 'url';\n\nimport {WebexPlugin} from '@webex/webex-core';\nimport {proxyEvents, tap, transferEvents} from '@webex/common';\nimport jose from 'node-jose';\nimport SCR from 'node-scr';\n\nimport ensureBuffer from './ensure-buffer';\nimport KMS from './kms';\n\nconst Encryption = WebexPlugin.extend({\n  children: {\n    kms: KMS,\n  },\n\n  namespace: 'Encryption',\n\n  processKmsMessageEvent(event) {\n    return this.kms.processKmsMessageEvent(event);\n  },\n\n  decryptBinary(scr, buffer) {\n    return ensureBuffer(buffer).then((b) => {\n      /* istanbul ignore if */\n      if (buffer.length === 0 || buffer.byteLength === 0) {\n        return Promise.reject(new Error('Attempted to decrypt zero-length buffer'));\n      }\n\n      return scr.decrypt(b);\n    });\n  },\n\n  /**\n   * Decrypt a SCR (Secure Content Resource) using the supplied key uri.\n   *\n   * @param {string} key - The uri of a key stored in KMS\n   * @param {Object} cipherScr - An encrypted SCR\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {Object} Decrypted SCR\n   */\n  decryptScr(key, cipherScr, options) {\n    return this.getKey(key, options).then((k) => SCR.fromJWE(k.jwk, cipherScr));\n  },\n\n  /**\n   * Decrypt text using the supplied key uri.\n   *\n   * @param {string} key - The uri of a key stored in KMS\n   * @param {string} ciphertext - Encrypted text\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {string} Decrypted plaintext\n   */\n  decryptText(key, ciphertext, options) {\n    return this.getKey(key, options).then((k) =>\n      jose.JWE.createDecrypt(k.jwk)\n        .decrypt(ciphertext)\n        .then((result) => result.plaintext.toString())\n    );\n  },\n\n  /**\n   * Validate and initiate a Download request for requested file\n   *\n   * @param {Object} scr - Plaintext\n   * @param {Object} options - optional parameters to download a file\n   * @returns {promise}\n   */\n  download(scr, options) {\n    /* istanbul ignore if */\n    if (!scr.loc) {\n      return Promise.reject(new Error('`scr.loc` is required'));\n    }\n\n    const shunt = new EventEmitter();\n    const promise = this._fetchDownloadUrl(scr, options)\n      .then((uri) => {\n        // eslint-disable-next-line no-shadow\n        const options = {\n          method: 'GET',\n          uri,\n          responseType: 'buffer',\n        };\n\n        const ret = this.request(options);\n\n        transferEvents('progress', options.download, shunt);\n\n        return ret;\n      })\n      .then((res) => this.decryptBinary(scr, res.body));\n\n    proxyEvents(shunt, promise);\n\n    return promise;\n  },\n\n  /**\n   * Fetch Download URL for the requested file\n   *\n   * @param {Object} scr - Plaintext\n   * @param {Object} options - optional parameters to download a file\n   * @returns {promise} url of the downloadable file\n   */\n  _fetchDownloadUrl(scr, options) {\n    this.logger.info('encryption: retrieving download url for encrypted file');\n\n    if (process.env.NODE_ENV !== 'production' && scr.loc.includes('localhost')) {\n      this.logger.info(\n        'encryption: bypassing webex files because this looks to be a test file on localhost'\n      );\n\n      return Promise.resolve(scr.loc);\n    }\n\n    const inputBody = {\n      endpoints: [scr.loc],\n    };\n    const endpointUrl = url.parse(scr.loc);\n\n    // hardcode the url to use 'https' and the file service '/v1/download/endpoints' api\n    endpointUrl.protocol = 'https';\n    endpointUrl.pathname = '/v1/download/endpoints';\n\n    return this.request({\n      method: 'POST',\n      uri: url.format(endpointUrl),\n      body: options\n        ? {\n            ...inputBody,\n            allow: options.params.allow,\n          }\n        : inputBody,\n    }).then((res) => {\n      // eslint-disable-next-line no-shadow\n      const url = res.body.endpoints[scr.loc];\n\n      if (!url) {\n        this.logger.warn(\n          'encryption: could not determine download url for `scr.loc`; attempting to download `scr.loc` directly'\n        );\n\n        return scr.loc;\n      }\n      this.logger.info('encryption: retrieved download url for encrypted file');\n\n      return url;\n    });\n  },\n\n  encryptBinary(file) {\n    return ensureBuffer(file).then((buffer) =>\n      SCR.create().then((scr) =>\n        scr\n          .encrypt(buffer)\n          .then(ensureBuffer)\n          // eslint-disable-next-line max-nested-callbacks\n          .then((cdata) => ({scr, cdata}))\n      )\n    );\n  },\n\n  /**\n   * Encrypt a SCR (Secure Content Resource) using the supplied key uri.\n   *\n   * @param {string} key - The uri of a key stored in KMS\n   * @param {Object} scr - Plaintext\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {string} Encrypted SCR\n   */\n  encryptScr(key, scr, options) {\n    /* istanbul ignore if */\n    if (!scr.loc) {\n      return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));\n    }\n\n    return this.getKey(key, options).then((k) => scr.toJWE(k.jwk));\n  },\n\n  /**\n   * Encrypt plaintext using the supplied key uri.\n   *\n   * @param {string} key - The uri of a key stored in KMS\n   * @param {string} plaintext\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {string} Encrypted text\n   */\n  encryptText(key, plaintext, options) {\n    return this.getKey(key, options).then((k) =>\n      jose.JWE.createEncrypt(this.config.joseOptions, {\n        key: k.jwk,\n        header: {\n          alg: 'dir',\n        },\n        reference: null,\n      }).final(plaintext, 'utf8')\n    );\n  },\n\n  /**\n   * Fetch the key associated with the supplied KMS uri.\n   *\n   * @param {string} uri - The uri of a key stored in KMS\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {string} Key\n   */\n  getKey(uri, {onBehalfOf} = {}) {\n    if (uri.jwk) {\n      return this.kms.asKey(uri);\n    }\n\n    let storageKey = uri;\n\n    if (onBehalfOf) {\n      storageKey += `/onBehalfOf/${onBehalfOf}`;\n    }\n\n    return this.unboundedStorage\n      .get(storageKey)\n      .then((keyString) => JSON.parse(keyString))\n      .then((keyObject) => this.kms.asKey(keyObject))\n      .catch(() =>\n        this.kms\n          .fetchKey({uri, onBehalfOf})\n          .then(tap((key) => this.unboundedStorage.put(storageKey, JSON.stringify(key, replacer))))\n      );\n  },\n});\n\n/**\n * JSON.stringify replacer that ensures private key data is serialized.\n * @param {string} k\n * @param {mixed} v\n * @returns {mixed}\n */\nfunction replacer(k, v) {\n  if (k === 'jwk') {\n    // note: this[k] and v may be different representations of the same value\n    // eslint-disable-next-line no-invalid-this\n    const json = this[k].toJSON(true);\n\n    return json;\n  }\n\n  return v;\n}\n\nexport default Encryption;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAIA;;AACA;;AAEA;;AACA;;AACA;;AACA;;AAEA;;AACA;;;;;;AAEA,IAAMA,UAAU,GAAGC,sBAAA,CAAYC,MAAZ,CAAmB;EACpCC,QAAQ,EAAE;IACRC,GAAG,EAAEC;EADG,CAD0B;EAKpCC,SAAS,EAAE,YALyB;EAOpCC,sBAPoC,kCAObC,KAPa,EAON;IAC5B,OAAO,KAAKJ,GAAL,CAASG,sBAAT,CAAgCC,KAAhC,CAAP;EACD,CATmC;EAWpCC,aAXoC,yBAWtBC,GAXsB,EAWjBC,MAXiB,EAWT;IACzB,OAAO,IAAAC,qBAAA,EAAaD,MAAb,EAAqBE,IAArB,CAA0B,UAACC,CAAD,EAAO;MACtC;MACA,IAAIH,MAAM,CAACI,MAAP,KAAkB,CAAlB,IAAuBJ,MAAM,CAACK,UAAP,KAAsB,CAAjD,EAAoD;QAClD,OAAO,iBAAQC,MAAR,CAAe,IAAIC,KAAJ,CAAU,yCAAV,CAAf,CAAP;MACD;;MAED,OAAOR,GAAG,CAACS,OAAJ,CAAYL,CAAZ,CAAP;IACD,CAPM,CAAP;EAQD,CApBmC;;EAsBpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEM,UA/BoC,sBA+BzBC,GA/ByB,EA+BpBC,SA/BoB,EA+BTC,OA/BS,EA+BA;IAClC,OAAO,KAAKC,MAAL,CAAYH,GAAZ,EAAiBE,OAAjB,EAA0BV,IAA1B,CAA+B,UAACY,CAAD;MAAA,OAAOC,gBAAA,CAAIC,OAAJ,CAAYF,CAAC,CAACG,GAAd,EAAmBN,SAAnB,CAAP;IAAA,CAA/B,CAAP;EACD,CAjCmC;;EAmCpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEO,WA5CoC,uBA4CxBR,GA5CwB,EA4CnBS,UA5CmB,EA4CPP,OA5CO,EA4CE;IACpC,OAAO,KAAKC,MAAL,CAAYH,GAAZ,EAAiBE,OAAjB,EAA0BV,IAA1B,CAA+B,UAACY,CAAD;MAAA,OACpCM,iBAAA,CAAKC,GAAL,CAASC,aAAT,CAAuBR,CAAC,CAACG,GAAzB,EACGT,OADH,CACWW,UADX,EAEGjB,IAFH,CAEQ,UAACqB,MAAD;QAAA,OAAYA,MAAM,CAACC,SAAP,CAAiBC,QAAjB,EAAZ;MAAA,CAFR,CADoC;IAAA,CAA/B,CAAP;EAKD,CAlDmC;;EAoDpC;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,QA3DoC,oBA2D3B3B,GA3D2B,EA2DtBa,OA3DsB,EA2Db;IAAA;;IACrB;IACA,IAAI,CAACb,GAAG,CAAC4B,GAAT,EAAc;MACZ,OAAO,iBAAQrB,MAAR,CAAe,IAAIC,KAAJ,CAAU,uBAAV,CAAf,CAAP;IACD;;IAED,IAAMqB,KAAK,GAAG,IAAIC,oBAAJ,EAAd;;IACA,IAAMC,OAAO,GAAG,KAAKC,iBAAL,CAAuBhC,GAAvB,EAA4Ba,OAA5B,EACbV,IADa,CACR,UAAC8B,GAAD,EAAS;MACb;MACA,IAAMpB,OAAO,GAAG;QACdqB,MAAM,EAAE,KADM;QAEdD,GAAG,EAAHA,GAFc;QAGdE,YAAY,EAAE;MAHA,CAAhB;;MAMA,IAAMC,GAAG,GAAG,KAAI,CAACC,OAAL,CAAaxB,OAAb,CAAZ;;MAEA,IAAAyB,sBAAA,EAAe,UAAf,EAA2BzB,OAAO,CAACc,QAAnC,EAA6CE,KAA7C;MAEA,OAAOO,GAAP;IACD,CAda,EAebjC,IAfa,CAeR,UAACoC,GAAD;MAAA,OAAS,KAAI,CAACxC,aAAL,CAAmBC,GAAnB,EAAwBuC,GAAG,CAACC,IAA5B,CAAT;IAAA,CAfQ,CAAhB;;IAiBA,IAAAC,mBAAA,EAAYZ,KAAZ,EAAmBE,OAAnB;IAEA,OAAOA,OAAP;EACD,CAtFmC;;EAwFpC;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,iBA/FoC,6BA+FlBhC,GA/FkB,EA+Fba,OA/Fa,EA+FJ;IAAA;;IAC9B,KAAK6B,MAAL,CAAYC,IAAZ,CAAiB,wDAAjB;;IAEA,IAAIC,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,YAAzB,IAAyC9C,GAAG,CAAC4B,GAAJ,CAAQmB,QAAR,CAAiB,WAAjB,CAA7C,EAA4E;MAC1E,KAAKL,MAAL,CAAYC,IAAZ,CACE,qFADF;MAIA,OAAO,iBAAQK,OAAR,CAAgBhD,GAAG,CAAC4B,GAApB,CAAP;IACD;;IAED,IAAMqB,SAAS,GAAG;MAChBC,SAAS,EAAE,CAAClD,GAAG,CAAC4B,GAAL;IADK,CAAlB;;IAGA,IAAMuB,WAAW,GAAGC,YAAA,CAAIC,KAAJ,CAAUrD,GAAG,CAAC4B,GAAd,CAApB,CAd8B,CAgB9B;;;IACAuB,WAAW,CAACG,QAAZ,GAAuB,OAAvB;IACAH,WAAW,CAACI,QAAZ,GAAuB,wBAAvB;IAEA,OAAO,KAAKlB,OAAL,CAAa;MAClBH,MAAM,EAAE,MADU;MAElBD,GAAG,EAAEmB,YAAA,CAAII,MAAJ,CAAWL,WAAX,CAFa;MAGlBX,IAAI,EAAE3B,OAAO,mCAEJoC,SAFI;QAGPQ,KAAK,EAAE5C,OAAO,CAAC6C,MAAR,CAAeD;MAHf,KAKTR;IARc,CAAb,EASJ9C,IATI,CASC,UAACoC,GAAD,EAAS;MACf;MACA,IAAMa,GAAG,GAAGb,GAAG,CAACC,IAAJ,CAASU,SAAT,CAAmBlD,GAAG,CAAC4B,GAAvB,CAAZ;;MAEA,IAAI,CAACwB,GAAL,EAAU;QACR,MAAI,CAACV,MAAL,CAAYiB,IAAZ,CACE,uGADF;;QAIA,OAAO3D,GAAG,CAAC4B,GAAX;MACD;;MACD,MAAI,CAACc,MAAL,CAAYC,IAAZ,CAAiB,uDAAjB;;MAEA,OAAOS,GAAP;IACD,CAvBM,CAAP;EAwBD,CA3ImC;EA6IpCQ,aA7IoC,yBA6ItBC,IA7IsB,EA6IhB;IAClB,OAAO,IAAA3D,qBAAA,EAAa2D,IAAb,EAAmB1D,IAAnB,CAAwB,UAACF,MAAD;MAAA,OAC7Be,gBAAA,CAAI8C,MAAJ,GAAa3D,IAAb,CAAkB,UAACH,GAAD;QAAA,OAChBA,GAAG,CACA+D,OADH,CACW9D,MADX,EAEGE,IAFH,CAEQD,qBAFR,EAGE;QAHF,CAIGC,IAJH,CAIQ,UAAC6D,KAAD;UAAA,OAAY;YAAChE,GAAG,EAAHA,GAAD;YAAMgE,KAAK,EAALA;UAAN,CAAZ;QAAA,CAJR,CADgB;MAAA,CAAlB,CAD6B;IAAA,CAAxB,CAAP;EASD,CAvJmC;;EAyJpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,UAlKoC,sBAkKzBtD,GAlKyB,EAkKpBX,GAlKoB,EAkKfa,OAlKe,EAkKN;IAC5B;IACA,IAAI,CAACb,GAAG,CAAC4B,GAAT,EAAc;MACZ,OAAO,iBAAQrB,MAAR,CAAe,IAAIC,KAAJ,CAAU,kDAAV,CAAf,CAAP;IACD;;IAED,OAAO,KAAKM,MAAL,CAAYH,GAAZ,EAAiBE,OAAjB,EAA0BV,IAA1B,CAA+B,UAACY,CAAD;MAAA,OAAOf,GAAG,CAACkE,KAAJ,CAAUnD,CAAC,CAACG,GAAZ,CAAP;IAAA,CAA/B,CAAP;EACD,CAzKmC;;EA2KpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEiD,WApLoC,uBAoLxBxD,GApLwB,EAoLnBc,SApLmB,EAoLRZ,OApLQ,EAoLC;IAAA;;IACnC,OAAO,KAAKC,MAAL,CAAYH,GAAZ,EAAiBE,OAAjB,EAA0BV,IAA1B,CAA+B,UAACY,CAAD;MAAA,OACpCM,iBAAA,CAAKC,GAAL,CAAS8C,aAAT,CAAuB,MAAI,CAACC,MAAL,CAAYC,WAAnC,EAAgD;QAC9C3D,GAAG,EAAEI,CAAC,CAACG,GADuC;QAE9CqD,MAAM,EAAE;UACNC,GAAG,EAAE;QADC,CAFsC;QAK9CC,SAAS,EAAE;MALmC,CAAhD,EAMGC,KANH,CAMSjD,SANT,EAMoB,MANpB,CADoC;IAAA,CAA/B,CAAP;EASD,CA9LmC;;EAgMpC;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEX,MAxMoC,kBAwM7BmB,GAxM6B,EAwML;IAAA;;IAAA,+EAAJ,EAAI;IAAA,IAAlB0C,UAAkB,QAAlBA,UAAkB;;IAC7B,IAAI1C,GAAG,CAACf,GAAR,EAAa;MACX,OAAO,KAAKxB,GAAL,CAASkF,KAAT,CAAe3C,GAAf,CAAP;IACD;;IAED,IAAI4C,UAAU,GAAG5C,GAAjB;;IAEA,IAAI0C,UAAJ,EAAgB;MACdE,UAAU,0BAAmBF,UAAnB,CAAV;IACD;;IAED,OAAO,KAAKG,gBAAL,CACJC,GADI,CACAF,UADA,EAEJ1E,IAFI,CAEC,UAAC6E,SAAD;MAAA,OAAeC,IAAI,CAAC5B,KAAL,CAAW2B,SAAX,CAAf;IAAA,CAFD,EAGJ7E,IAHI,CAGC,UAAC+E,SAAD;MAAA,OAAe,MAAI,CAACxF,GAAL,CAASkF,KAAT,CAAeM,SAAf,CAAf;IAAA,CAHD,EAIJC,KAJI,CAIE;MAAA,OACL,MAAI,CAACzF,GAAL,CACG0F,QADH,CACY;QAACnD,GAAG,EAAHA,GAAD;QAAM0C,UAAU,EAAVA;MAAN,CADZ,EAEGxE,IAFH,CAEQ,IAAAkF,WAAA,EAAI,UAAC1E,GAAD;QAAA,OAAS,MAAI,CAACmE,gBAAL,CAAsBQ,GAAtB,CAA0BT,UAA1B,EAAsC,wBAAelE,GAAf,EAAoB4E,QAApB,CAAtC,CAAT;MAAA,CAAJ,CAFR,CADK;IAAA,CAJF,CAAP;EASD,CA5NmC;EAAA;AAAA,CAAnB,CAAnB;AA+NA;AACA;AACA;AACA;AACA;AACA;;;AACA,SAASA,QAAT,CAAkBxE,CAAlB,EAAqByE,CAArB,EAAwB;EACtB,IAAIzE,CAAC,KAAK,KAAV,EAAiB;IACf;IACA;IACA,IAAM0E,IAAI,GAAG,KAAK1E,CAAL,EAAQ2E,MAAR,CAAe,IAAf,CAAb;IAEA,OAAOD,IAAP;EACD;;EAED,OAAOD,CAAP;AACD;;eAEclG,U"}

package/dist/ensure-buffer.browser.js

@@ -18,8 +18,6 @@ var _promise = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/pr
 
 /* eslint-env: browser */
 
-/* global FileReader */
-
 /**
  * Ensures the provider buffer is, indeed, an ArrayBuffer; converts File and
  * Blob objects to ArrayBuffers.

package/dist/ensure-buffer.browser.js.map

@@ -1 +1 @@
-{"version":3,"names":["ensureBuffer","buffer","ArrayBuffer","resolve","toArrayBuffer","reject","fr","FileReader","onload","Uint8Array","result","onerror","readAsArrayBuffer"],"sources":["ensure-buffer.browser.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n/* eslint-env: browser */\n/* global FileReader */\n\n/**\n * Ensures the provider buffer is, indeed, an ArrayBuffer; converts File and\n * Blob objects to ArrayBuffers.\n * @param {mixed} buffer\n * @returns {Promise<ArrayBuffer>}\n */\nexport default function ensureBuffer(buffer) {\n  if (buffer instanceof ArrayBuffer) {\n    return Promise.resolve(buffer);\n  }\n\n  if (buffer.toArrayBuffer) {\n    return Promise.resolve(buffer.toArrayBuffer());\n  }\n\n  if (buffer.buffer) {\n    return Promise.resolve(buffer.buffer);\n  }\n\n  return new Promise((resolve, reject) => {\n    const fr = new FileReader();\n\n    fr.onload = function onload() {\n      resolve(new Uint8Array(this.result));\n    };\n\n    fr.onerror = reject;\n\n    fr.readAsArrayBuffer(buffer);\n  });\n}\n"],"mappings":";;;;;;;;;;;;;;AAAA;AACA;AACA;;AAEA;;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACe,SAASA,YAAT,CAAsBC,MAAtB,EAA8B;EAC3C,IAAIA,MAAM,YAAYC,WAAtB,EAAmC;IACjC,OAAO,iBAAQC,OAAR,CAAgBF,MAAhB,CAAP;EACD;;EAED,IAAIA,MAAM,CAACG,aAAX,EAA0B;IACxB,OAAO,iBAAQD,OAAR,CAAgBF,MAAM,CAACG,aAAP,EAAhB,CAAP;EACD;;EAED,IAAIH,MAAM,CAACA,MAAX,EAAmB;IACjB,OAAO,iBAAQE,OAAR,CAAgBF,MAAM,CAACA,MAAvB,CAAP;EACD;;EAED,OAAO,qBAAY,UAACE,OAAD,EAAUE,MAAV,EAAqB;IACtC,IAAMC,EAAE,GAAG,IAAIC,UAAJ,EAAX;;IAEAD,EAAE,CAACE,MAAH,GAAY,SAASA,MAAT,GAAkB;MAC5BL,OAAO,CAAC,IAAIM,UAAJ,CAAe,KAAKC,MAApB,CAAD,CAAP;IACD,CAFD;;IAIAJ,EAAE,CAACK,OAAH,GAAaN,MAAb;IAEAC,EAAE,CAACM,iBAAH,CAAqBX,MAArB;EACD,CAVM,CAAP;AAWD"}
+{"version":3,"names":["ensureBuffer","buffer","ArrayBuffer","resolve","toArrayBuffer","reject","fr","FileReader","onload","Uint8Array","result","onerror","readAsArrayBuffer"],"sources":["ensure-buffer.browser.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n/* eslint-env: browser */\n\n/**\n * Ensures the provider buffer is, indeed, an ArrayBuffer; converts File and\n * Blob objects to ArrayBuffers.\n * @param {mixed} buffer\n * @returns {Promise<ArrayBuffer>}\n */\nexport default function ensureBuffer(buffer) {\n  if (buffer instanceof ArrayBuffer) {\n    return Promise.resolve(buffer);\n  }\n\n  if (buffer.toArrayBuffer) {\n    return Promise.resolve(buffer.toArrayBuffer());\n  }\n\n  if (buffer.buffer) {\n    return Promise.resolve(buffer.buffer);\n  }\n\n  return new Promise((resolve, reject) => {\n    const fr = new FileReader();\n\n    fr.onload = function onload() {\n      resolve(new Uint8Array(this.result));\n    };\n\n    fr.onerror = reject;\n\n    fr.readAsArrayBuffer(buffer);\n  });\n}\n"],"mappings":";;;;;;;;;;;;;;AAAA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACe,SAASA,YAAT,CAAsBC,MAAtB,EAA8B;EAC3C,IAAIA,MAAM,YAAYC,WAAtB,EAAmC;IACjC,OAAO,iBAAQC,OAAR,CAAgBF,MAAhB,CAAP;EACD;;EAED,IAAIA,MAAM,CAACG,aAAX,EAA0B;IACxB,OAAO,iBAAQD,OAAR,CAAgBF,MAAM,CAACG,aAAP,EAAhB,CAAP;EACD;;EAED,IAAIH,MAAM,CAACA,MAAX,EAAmB;IACjB,OAAO,iBAAQE,OAAR,CAAgBF,MAAM,CAACA,MAAvB,CAAP;EACD;;EAED,OAAO,qBAAY,UAACE,OAAD,EAAUE,MAAV,EAAqB;IACtC,IAAMC,EAAE,GAAG,IAAIC,UAAJ,EAAX;;IAEAD,EAAE,CAACE,MAAH,GAAY,SAASA,MAAT,GAAkB;MAC5BL,OAAO,CAAC,IAAIM,UAAJ,CAAe,KAAKC,MAApB,CAAD,CAAP;IACD,CAFD;;IAIAJ,EAAE,CAACK,OAAH,GAAaN,MAAb;IAEAC,EAAE,CAACM,iBAAH,CAAqBX,MAArB;EACD,CAVM,CAAP;AAWD"}

package/dist/ensure-buffer.js

@@ -19,11 +19,11 @@ var _common = require("@webex/common");
  */
 
 /**
-* Ensures the provider Buffer is, indeed, a Buffer; sometimes, they seem to be
-* byte-arrays instead of proper Buffer objects.
-* @param {mixed} buffer
-* @returns {Promise<Buffer>}
-*/
+ * Ensures the provider Buffer is, indeed, a Buffer; sometimes, they seem to be
+ * byte-arrays instead of proper Buffer objects.
+ * @param {mixed} buffer
+ * @returns {Promise<Buffer>}
+ */
 function ensureBuffer(buffer) {
   /* istanbul ignore if */
   if (!(0, _common.isBuffer)(buffer)) {

package/dist/ensure-buffer.js.map

@@ -1 +1 @@
-{"version":3,"names":["ensureBuffer","buffer","isBuffer","reject","Error","resolve"],"sources":["ensure-buffer.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {isBuffer} from '@webex/common';\n\n/**\n* Ensures the provider Buffer is, indeed, a Buffer; sometimes, they seem to be\n* byte-arrays instead of proper Buffer objects.\n* @param {mixed} buffer\n* @returns {Promise<Buffer>}\n*/\nexport default function ensureBuffer(buffer) {\n  /* istanbul ignore if */\n  if (!isBuffer(buffer)) {\n    return Promise.reject(new Error('`buffer` must be a buffer'));\n  }\n\n  return Promise.resolve(buffer);\n}\n"],"mappings":";;;;;;;;;;;;;;AAIA;;AAJA;AACA;AACA;;AAIA;AACA;AACA;AACA;AACA;AACA;AACe,SAASA,YAAT,CAAsBC,MAAtB,EAA8B;EAC3C;EACA,IAAI,CAAC,IAAAC,gBAAA,EAASD,MAAT,CAAL,EAAuB;IACrB,OAAO,iBAAQE,MAAR,CAAe,IAAIC,KAAJ,CAAU,2BAAV,CAAf,CAAP;EACD;;EAED,OAAO,iBAAQC,OAAR,CAAgBJ,MAAhB,CAAP;AACD"}
+{"version":3,"names":["ensureBuffer","buffer","isBuffer","reject","Error","resolve"],"sources":["ensure-buffer.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {isBuffer} from '@webex/common';\n\n/**\n * Ensures the provider Buffer is, indeed, a Buffer; sometimes, they seem to be\n * byte-arrays instead of proper Buffer objects.\n * @param {mixed} buffer\n * @returns {Promise<Buffer>}\n */\nexport default function ensureBuffer(buffer) {\n  /* istanbul ignore if */\n  if (!isBuffer(buffer)) {\n    return Promise.reject(new Error('`buffer` must be a buffer'));\n  }\n\n  return Promise.resolve(buffer);\n}\n"],"mappings":";;;;;;;;;;;;;;AAIA;;AAJA;AACA;AACA;;AAIA;AACA;AACA;AACA;AACA;AACA;AACe,SAASA,YAAT,CAAsBC,MAAtB,EAA8B;EAC3C;EACA,IAAI,CAAC,IAAAC,gBAAA,EAASD,MAAT,CAAL,EAAuB;IACrB,OAAO,iBAAQE,MAAR,CAAe,IAAIC,KAAJ,CAAU,2BAAV,CAAf,CAAP;EACD;;EAED,OAAO,iBAAQC,OAAR,CAAgBJ,MAAhB,CAAP;AACD"}

package/dist/index.js

@@ -44,6 +44,10 @@ var _isObject2 = _interopRequireDefault(require("lodash/isObject"));
 
 var _has2 = _interopRequireDefault(require("lodash/has"));
 
+require("@webex/internal-plugin-device");
+
+require("@webex/internal-plugin-mercury");
+
 var _webexCore = require("@webex/webex-core");
 
 var _encryption = _interopRequireDefault(require("./encryption"));
@@ -52,10 +56,6 @@ var _config = _interopRequireDefault(require("./config"));
 
 var _kmsErrors = require("./kms-errors");
 
-require("@webex/internal-plugin-device");
-
-require("@webex/internal-plugin-mercury");
-
 var _kmsDryErrorInterceptor = _interopRequireDefault(require("./kms-dry-error-interceptor"));
 
 var _kms = _interopRequireDefault(require("./kms"));

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["interceptors","process","env","NODE_ENV","KmsDryErrorInterceptor","create","registerInternalPlugin","Encryption","payloadTransformer","predicates","name","direction","test","ctx","options","resolve","body","kmsMessage","keyUris","length","resourceUri","includes","uri","extract","response","reason","Boolean","errorCode","transforms","fn","object","webex","internal","encryption","kms","prepareRequest","then","req","wrapped","decryptKmsMessage","promises","errors","map","error","description","desc","push","message","all","reject","DryError","config"],"sources":["index.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n// Note: There's a bug where if bind gets replayed because of a timeout in which\n// the original request eventually completed, there'll be an error indicating\n// the key can't be bound (because it already has been). This could be mitigated\n// by using Promise.race to resolve replays (as more requests get enqueue for a\n// specific action, accept whichever one completes first).\n\nimport {registerInternalPlugin} from '@webex/webex-core';\nimport {has, isObject, isString} from 'lodash';\n\nimport Encryption from './encryption';\nimport config from './config';\nimport {DryError} from './kms-errors';\nimport '@webex/internal-plugin-device';\nimport '@webex/internal-plugin-mercury';\nimport KmsDryErrorInterceptor from './kms-dry-error-interceptor';\n\nlet interceptors;\n\nif (process.env.NODE_ENV === 'test') {\n  interceptors = {\n    KmsDryErrorInterceptor: KmsDryErrorInterceptor.create\n  };\n}\n\nregisterInternalPlugin('encryption', Encryption, {\n  payloadTransformer: {\n    predicates: [{\n      name: 'encryptKmsMessage',\n      direction: 'outbound',\n      // I don't see any practical way to reduce complexity here.\n      // eslint-disable-next-line complexity\n      test(ctx, options) {\n        if (!has(options, 'body.kmsMessage')) {\n          return Promise.resolve(false);\n        }\n\n        if (!isObject(options.body.kmsMessage)) {\n          return Promise.resolve(false);\n        }\n\n        // If this is a template for a kms message, assume another transform\n        // will fill it in later. This is a bit of a leaky abstraction, but the\n        // alternative is building a complex rules engine for controlling\n        // ordering of transforms\n        if (options.body.kmsMessage.keyUris && options.body.kmsMessage.keyUris.length === 0) {\n          return Promise.resolve(false);\n        }\n        if (options.body.kmsMessage.resourceUri && (options.body.kmsMessage.resourceUri.includes('<KRO>') || options.body.kmsMessage.resourceUri.includes('<KEYURL>'))) {\n          return Promise.resolve(false);\n        }\n        if (options.body.kmsMessage.uri && (options.body.kmsMessage.uri.includes('<KRO>') || options.body.kmsMessage.uri.includes('<KEYURL>'))) {\n          return Promise.resolve(false);\n        }\n\n        return Promise.resolve(true);\n      },\n      extract(options) {\n        return Promise.resolve(options.body);\n      }\n    }, {\n      name: 'decryptKmsMessage',\n      direction: 'inbound',\n      test(ctx, response) {\n        return Promise.resolve(has(response, 'body.kmsMessage') && isString(response.body.kmsMessage));\n      },\n      extract(response) {\n        return Promise.resolve(response.body);\n      }\n    }, {\n      name: 'decryptErrorResponse',\n      direction: 'inbound',\n      test(ctx, reason) {\n        return Promise.resolve(Boolean(reason.body && reason.body.errorCode === 1900000));\n      },\n      extract(reason) {\n        return Promise.resolve(reason);\n      }\n    }],\n    transforms: [{\n      name: 'encryptKmsMessage',\n      fn(ctx, object) {\n        if (!object) {\n          return Promise.resolve();\n        }\n\n        if (!object.kmsMessage) {\n          return Promise.resolve();\n        }\n\n        if (isString(object.kmsMessage)) {\n          return Promise.resolve();\n        }\n\n        return ctx.webex.internal.encryption.kms.prepareRequest(object.kmsMessage)\n          .then((req) => {\n            object.kmsMessage = req.wrapped;\n          });\n      }\n    }, {\n      name: 'decryptKmsMessage',\n      fn(ctx, object) {\n        return ctx.webex.internal.encryption.kms.decryptKmsMessage(object.kmsMessage)\n          .then((kmsMessage) => {\n            object.kmsMessage = kmsMessage;\n          });\n      }\n    }, {\n      name: 'decryptErrorResponse',\n      fn(ctx, reason) {\n        const promises = reason.body.errors.map((error) => ctx.webex.internal.encryption.kms.decryptKmsMessage(error.description)\n          .then((desc) => {\n            error.description = desc;\n          }));\n\n        promises.push(ctx.webex.internal.encryption.kms.decryptKmsMessage(reason.body.message)\n          .then((kmsMessage) => {\n            reason.body.message = kmsMessage;\n          }));\n\n        return Promise.all(promises)\n          .then(() => Promise.reject(new DryError(reason)));\n      }\n    }]\n  },\n  interceptors,\n  config\n});\n\nexport {default} from './encryption';\nexport {default as KMS} from './kms';\nexport {KmsError, DryError} from './kms-errors';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAUA;;AAGA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAmHA;;AArIA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AAYA,IAAIA,YAAJ;;AAEA,IAAIC,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,MAA7B,EAAqC;EACnCH,YAAY,GAAG;IACbI,sBAAsB,EAAEA,+BAAA,CAAuBC;EADlC,CAAf;AAGD;;AAED,IAAAC,iCAAA,EAAuB,YAAvB,EAAqCC,mBAArC,EAAiD;EAC/CC,kBAAkB,EAAE;IAClBC,UAAU,EAAE,CAAC;MACXC,IAAI,EAAE,mBADK;MAEXC,SAAS,EAAE,UAFA;MAGX;MACA;MACAC,IALW,gBAKNC,GALM,EAKDC,OALC,EAKQ;QACjB,IAAI,CAAC,mBAAIA,OAAJ,EAAa,iBAAb,CAAL,EAAsC;UACpC,OAAO,iBAAQC,OAAR,CAAgB,KAAhB,CAAP;QACD;;QAED,IAAI,CAAC,wBAASD,OAAO,CAACE,IAAR,CAAaC,UAAtB,CAAL,EAAwC;UACtC,OAAO,iBAAQF,OAAR,CAAgB,KAAhB,CAAP;QACD,CAPgB,CASjB;QACA;QACA;QACA;;;QACA,IAAID,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBC,OAAxB,IAAmCJ,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBC,OAAxB,CAAgCC,MAAhC,KAA2C,CAAlF,EAAqF;UACnF,OAAO,iBAAQJ,OAAR,CAAgB,KAAhB,CAAP;QACD;;QACD,IAAID,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBG,WAAxB,KAAwCN,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBG,WAAxB,CAAoCC,QAApC,CAA6C,OAA7C,KAAyDP,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBG,WAAxB,CAAoCC,QAApC,CAA6C,UAA7C,CAAjG,CAAJ,EAAgK;UAC9J,OAAO,iBAAQN,OAAR,CAAgB,KAAhB,CAAP;QACD;;QACD,IAAID,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBK,GAAxB,KAAgCR,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBK,GAAxB,CAA4BD,QAA5B,CAAqC,OAArC,KAAiDP,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBK,GAAxB,CAA4BD,QAA5B,CAAqC,UAArC,CAAjF,CAAJ,EAAwI;UACtI,OAAO,iBAAQN,OAAR,CAAgB,KAAhB,CAAP;QACD;;QAED,OAAO,iBAAQA,OAAR,CAAgB,IAAhB,CAAP;MACD,CA7BU;MA8BXQ,OA9BW,mBA8BHT,OA9BG,EA8BM;QACf,OAAO,iBAAQC,OAAR,CAAgBD,OAAO,CAACE,IAAxB,CAAP;MACD;IAhCU,CAAD,EAiCT;MACDN,IAAI,EAAE,mBADL;MAEDC,SAAS,EAAE,SAFV;MAGDC,IAHC,gBAGIC,GAHJ,EAGSW,QAHT,EAGmB;QAClB,OAAO,iBAAQT,OAAR,CAAgB,mBAAIS,QAAJ,EAAc,iBAAd,KAAoC,wBAASA,QAAQ,CAACR,IAAT,CAAcC,UAAvB,CAApD,CAAP;MACD,CALA;MAMDM,OANC,mBAMOC,QANP,EAMiB;QAChB,OAAO,iBAAQT,OAAR,CAAgBS,QAAQ,CAACR,IAAzB,CAAP;MACD;IARA,CAjCS,EA0CT;MACDN,IAAI,EAAE,sBADL;MAEDC,SAAS,EAAE,SAFV;MAGDC,IAHC,gBAGIC,GAHJ,EAGSY,MAHT,EAGiB;QAChB,OAAO,iBAAQV,OAAR,CAAgBW,OAAO,CAACD,MAAM,CAACT,IAAP,IAAeS,MAAM,CAACT,IAAP,CAAYW,SAAZ,KAA0B,OAA1C,CAAvB,CAAP;MACD,CALA;MAMDJ,OANC,mBAMOE,MANP,EAMe;QACd,OAAO,iBAAQV,OAAR,CAAgBU,MAAhB,CAAP;MACD;IARA,CA1CS,CADM;IAqDlBG,UAAU,EAAE,CAAC;MACXlB,IAAI,EAAE,mBADK;MAEXmB,EAFW,cAERhB,GAFQ,EAEHiB,MAFG,EAEK;QACd,IAAI,CAACA,MAAL,EAAa;UACX,OAAO,iBAAQf,OAAR,EAAP;QACD;;QAED,IAAI,CAACe,MAAM,CAACb,UAAZ,EAAwB;UACtB,OAAO,iBAAQF,OAAR,EAAP;QACD;;QAED,IAAI,wBAASe,MAAM,CAACb,UAAhB,CAAJ,EAAiC;UAC/B,OAAO,iBAAQF,OAAR,EAAP;QACD;;QAED,OAAOF,GAAG,CAACkB,KAAJ,CAAUC,QAAV,CAAmBC,UAAnB,CAA8BC,GAA9B,CAAkCC,cAAlC,CAAiDL,MAAM,CAACb,UAAxD,EACJmB,IADI,CACC,UAACC,GAAD,EAAS;UACbP,MAAM,CAACb,UAAP,GAAoBoB,GAAG,CAACC,OAAxB;QACD,CAHI,CAAP;MAID;IAnBU,CAAD,EAoBT;MACD5B,IAAI,EAAE,mBADL;MAEDmB,EAFC,cAEEhB,GAFF,EAEOiB,MAFP,EAEe;QACd,OAAOjB,GAAG,CAACkB,KAAJ,CAAUC,QAAV,CAAmBC,UAAnB,CAA8BC,GAA9B,CAAkCK,iBAAlC,CAAoDT,MAAM,CAACb,UAA3D,EACJmB,IADI,CACC,UAACnB,UAAD,EAAgB;UACpBa,MAAM,CAACb,UAAP,GAAoBA,UAApB;QACD,CAHI,CAAP;MAID;IAPA,CApBS,EA4BT;MACDP,IAAI,EAAE,sBADL;MAEDmB,EAFC,cAEEhB,GAFF,EAEOY,MAFP,EAEe;QACd,IAAMe,QAAQ,GAAGf,MAAM,CAACT,IAAP,CAAYyB,MAAZ,CAAmBC,GAAnB,CAAuB,UAACC,KAAD;UAAA,OAAW9B,GAAG,CAACkB,KAAJ,CAAUC,QAAV,CAAmBC,UAAnB,CAA8BC,GAA9B,CAAkCK,iBAAlC,CAAoDI,KAAK,CAACC,WAA1D,EAChDR,IADgD,CAC3C,UAACS,IAAD,EAAU;YACdF,KAAK,CAACC,WAAN,GAAoBC,IAApB;UACD,CAHgD,CAAX;QAAA,CAAvB,CAAjB;QAKAL,QAAQ,CAACM,IAAT,CAAcjC,GAAG,CAACkB,KAAJ,CAAUC,QAAV,CAAmBC,UAAnB,CAA8BC,GAA9B,CAAkCK,iBAAlC,CAAoDd,MAAM,CAACT,IAAP,CAAY+B,OAAhE,EACXX,IADW,CACN,UAACnB,UAAD,EAAgB;UACpBQ,MAAM,CAACT,IAAP,CAAY+B,OAAZ,GAAsB9B,UAAtB;QACD,CAHW,CAAd;QAKA,OAAO,iBAAQ+B,GAAR,CAAYR,QAAZ,EACJJ,IADI,CACC;UAAA,OAAM,iBAAQa,MAAR,CAAe,IAAIC,mBAAJ,CAAazB,MAAb,CAAf,CAAN;QAAA,CADD,CAAP;MAED;IAfA,CA5BS;EArDM,CAD2B;EAoG/CzB,YAAY,EAAZA,YApG+C;EAqG/CmD,MAAM,EAANA;AArG+C,CAAjD"}
+{"version":3,"names":["interceptors","process","env","NODE_ENV","KmsDryErrorInterceptor","create","registerInternalPlugin","Encryption","payloadTransformer","predicates","name","direction","test","ctx","options","resolve","body","kmsMessage","keyUris","length","resourceUri","includes","uri","extract","response","reason","Boolean","errorCode","transforms","fn","object","webex","internal","encryption","kms","prepareRequest","then","req","wrapped","decryptKmsMessage","promises","errors","map","error","description","desc","push","message","all","reject","DryError","config"],"sources":["index.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n// Note: There's a bug where if bind gets replayed because of a timeout in which\n// the original request eventually completed, there'll be an error indicating\n// the key can't be bound (because it already has been). This could be mitigated\n// by using Promise.race to resolve replays (as more requests get enqueue for a\n// specific action, accept whichever one completes first).\n\nimport '@webex/internal-plugin-device';\n\nimport '@webex/internal-plugin-mercury';\n\nimport {registerInternalPlugin} from '@webex/webex-core';\nimport {has, isObject, isString} from 'lodash';\n\nimport Encryption from './encryption';\nimport config from './config';\nimport {DryError} from './kms-errors';\n\nimport KmsDryErrorInterceptor from './kms-dry-error-interceptor';\n\nlet interceptors;\n\nif (process.env.NODE_ENV === 'test') {\n  interceptors = {\n    KmsDryErrorInterceptor: KmsDryErrorInterceptor.create,\n  };\n}\n\nregisterInternalPlugin('encryption', Encryption, {\n  payloadTransformer: {\n    predicates: [\n      {\n        name: 'encryptKmsMessage',\n        direction: 'outbound',\n        // I don't see any practical way to reduce complexity here.\n        // eslint-disable-next-line complexity\n        test(ctx, options) {\n          if (!has(options, 'body.kmsMessage')) {\n            return Promise.resolve(false);\n          }\n\n          if (!isObject(options.body.kmsMessage)) {\n            return Promise.resolve(false);\n          }\n\n          // If this is a template for a kms message, assume another transform\n          // will fill it in later. This is a bit of a leaky abstraction, but the\n          // alternative is building a complex rules engine for controlling\n          // ordering of transforms\n          if (options.body.kmsMessage.keyUris && options.body.kmsMessage.keyUris.length === 0) {\n            return Promise.resolve(false);\n          }\n          if (\n            options.body.kmsMessage.resourceUri &&\n            (options.body.kmsMessage.resourceUri.includes('<KRO>') ||\n              options.body.kmsMessage.resourceUri.includes('<KEYURL>'))\n          ) {\n            return Promise.resolve(false);\n          }\n          if (\n            options.body.kmsMessage.uri &&\n            (options.body.kmsMessage.uri.includes('<KRO>') ||\n              options.body.kmsMessage.uri.includes('<KEYURL>'))\n          ) {\n            return Promise.resolve(false);\n          }\n\n          return Promise.resolve(true);\n        },\n        extract(options) {\n          return Promise.resolve(options.body);\n        },\n      },\n      {\n        name: 'decryptKmsMessage',\n        direction: 'inbound',\n        test(ctx, response) {\n          return Promise.resolve(\n            has(response, 'body.kmsMessage') && isString(response.body.kmsMessage)\n          );\n        },\n        extract(response) {\n          return Promise.resolve(response.body);\n        },\n      },\n      {\n        name: 'decryptErrorResponse',\n        direction: 'inbound',\n        test(ctx, reason) {\n          return Promise.resolve(Boolean(reason.body && reason.body.errorCode === 1900000));\n        },\n        extract(reason) {\n          return Promise.resolve(reason);\n        },\n      },\n    ],\n    transforms: [\n      {\n        name: 'encryptKmsMessage',\n        fn(ctx, object) {\n          if (!object) {\n            return Promise.resolve();\n          }\n\n          if (!object.kmsMessage) {\n            return Promise.resolve();\n          }\n\n          if (isString(object.kmsMessage)) {\n            return Promise.resolve();\n          }\n\n          return ctx.webex.internal.encryption.kms.prepareRequest(object.kmsMessage).then((req) => {\n            object.kmsMessage = req.wrapped;\n          });\n        },\n      },\n      {\n        name: 'decryptKmsMessage',\n        fn(ctx, object) {\n          return ctx.webex.internal.encryption.kms\n            .decryptKmsMessage(object.kmsMessage)\n            .then((kmsMessage) => {\n              object.kmsMessage = kmsMessage;\n            });\n        },\n      },\n      {\n        name: 'decryptErrorResponse',\n        fn(ctx, reason) {\n          const promises = reason.body.errors.map((error) =>\n            ctx.webex.internal.encryption.kms.decryptKmsMessage(error.description).then((desc) => {\n              error.description = desc;\n            })\n          );\n\n          promises.push(\n            ctx.webex.internal.encryption.kms\n              .decryptKmsMessage(reason.body.message)\n              .then((kmsMessage) => {\n                reason.body.message = kmsMessage;\n              })\n          );\n\n          return Promise.all(promises).then(() => Promise.reject(new DryError(reason)));\n        },\n      },\n    ],\n  },\n  interceptors,\n  config,\n});\n\nexport {default} from './encryption';\nexport {default as KMS} from './kms';\nexport {KmsError, DryError} from './kms-errors';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAUA;;AAEA;;AAEA;;AAGA;;AACA;;AACA;;AAEA;;AAwIA;;AA7JA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AAeA,IAAIA,YAAJ;;AAEA,IAAIC,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,MAA7B,EAAqC;EACnCH,YAAY,GAAG;IACbI,sBAAsB,EAAEA,+BAAA,CAAuBC;EADlC,CAAf;AAGD;;AAED,IAAAC,iCAAA,EAAuB,YAAvB,EAAqCC,mBAArC,EAAiD;EAC/CC,kBAAkB,EAAE;IAClBC,UAAU,EAAE,CACV;MACEC,IAAI,EAAE,mBADR;MAEEC,SAAS,EAAE,UAFb;MAGE;MACA;MACAC,IALF,gBAKOC,GALP,EAKYC,OALZ,EAKqB;QACjB,IAAI,CAAC,mBAAIA,OAAJ,EAAa,iBAAb,CAAL,EAAsC;UACpC,OAAO,iBAAQC,OAAR,CAAgB,KAAhB,CAAP;QACD;;QAED,IAAI,CAAC,wBAASD,OAAO,CAACE,IAAR,CAAaC,UAAtB,CAAL,EAAwC;UACtC,OAAO,iBAAQF,OAAR,CAAgB,KAAhB,CAAP;QACD,CAPgB,CASjB;QACA;QACA;QACA;;;QACA,IAAID,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBC,OAAxB,IAAmCJ,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBC,OAAxB,CAAgCC,MAAhC,KAA2C,CAAlF,EAAqF;UACnF,OAAO,iBAAQJ,OAAR,CAAgB,KAAhB,CAAP;QACD;;QACD,IACED,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBG,WAAxB,KACCN,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBG,WAAxB,CAAoCC,QAApC,CAA6C,OAA7C,KACCP,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBG,WAAxB,CAAoCC,QAApC,CAA6C,UAA7C,CAFF,CADF,EAIE;UACA,OAAO,iBAAQN,OAAR,CAAgB,KAAhB,CAAP;QACD;;QACD,IACED,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBK,GAAxB,KACCR,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBK,GAAxB,CAA4BD,QAA5B,CAAqC,OAArC,KACCP,OAAO,CAACE,IAAR,CAAaC,UAAb,CAAwBK,GAAxB,CAA4BD,QAA5B,CAAqC,UAArC,CAFF,CADF,EAIE;UACA,OAAO,iBAAQN,OAAR,CAAgB,KAAhB,CAAP;QACD;;QAED,OAAO,iBAAQA,OAAR,CAAgB,IAAhB,CAAP;MACD,CArCH;MAsCEQ,OAtCF,mBAsCUT,OAtCV,EAsCmB;QACf,OAAO,iBAAQC,OAAR,CAAgBD,OAAO,CAACE,IAAxB,CAAP;MACD;IAxCH,CADU,EA2CV;MACEN,IAAI,EAAE,mBADR;MAEEC,SAAS,EAAE,SAFb;MAGEC,IAHF,gBAGOC,GAHP,EAGYW,QAHZ,EAGsB;QAClB,OAAO,iBAAQT,OAAR,CACL,mBAAIS,QAAJ,EAAc,iBAAd,KAAoC,wBAASA,QAAQ,CAACR,IAAT,CAAcC,UAAvB,CAD/B,CAAP;MAGD,CAPH;MAQEM,OARF,mBAQUC,QARV,EAQoB;QAChB,OAAO,iBAAQT,OAAR,CAAgBS,QAAQ,CAACR,IAAzB,CAAP;MACD;IAVH,CA3CU,EAuDV;MACEN,IAAI,EAAE,sBADR;MAEEC,SAAS,EAAE,SAFb;MAGEC,IAHF,gBAGOC,GAHP,EAGYY,MAHZ,EAGoB;QAChB,OAAO,iBAAQV,OAAR,CAAgBW,OAAO,CAACD,MAAM,CAACT,IAAP,IAAeS,MAAM,CAACT,IAAP,CAAYW,SAAZ,KAA0B,OAA1C,CAAvB,CAAP;MACD,CALH;MAMEJ,OANF,mBAMUE,MANV,EAMkB;QACd,OAAO,iBAAQV,OAAR,CAAgBU,MAAhB,CAAP;MACD;IARH,CAvDU,CADM;IAmElBG,UAAU,EAAE,CACV;MACElB,IAAI,EAAE,mBADR;MAEEmB,EAFF,cAEKhB,GAFL,EAEUiB,MAFV,EAEkB;QACd,IAAI,CAACA,MAAL,EAAa;UACX,OAAO,iBAAQf,OAAR,EAAP;QACD;;QAED,IAAI,CAACe,MAAM,CAACb,UAAZ,EAAwB;UACtB,OAAO,iBAAQF,OAAR,EAAP;QACD;;QAED,IAAI,wBAASe,MAAM,CAACb,UAAhB,CAAJ,EAAiC;UAC/B,OAAO,iBAAQF,OAAR,EAAP;QACD;;QAED,OAAOF,GAAG,CAACkB,KAAJ,CAAUC,QAAV,CAAmBC,UAAnB,CAA8BC,GAA9B,CAAkCC,cAAlC,CAAiDL,MAAM,CAACb,UAAxD,EAAoEmB,IAApE,CAAyE,UAACC,GAAD,EAAS;UACvFP,MAAM,CAACb,UAAP,GAAoBoB,GAAG,CAACC,OAAxB;QACD,CAFM,CAAP;MAGD;IAlBH,CADU,EAqBV;MACE5B,IAAI,EAAE,mBADR;MAEEmB,EAFF,cAEKhB,GAFL,EAEUiB,MAFV,EAEkB;QACd,OAAOjB,GAAG,CAACkB,KAAJ,CAAUC,QAAV,CAAmBC,UAAnB,CAA8BC,GAA9B,CACJK,iBADI,CACcT,MAAM,CAACb,UADrB,EAEJmB,IAFI,CAEC,UAACnB,UAAD,EAAgB;UACpBa,MAAM,CAACb,UAAP,GAAoBA,UAApB;QACD,CAJI,CAAP;MAKD;IARH,CArBU,EA+BV;MACEP,IAAI,EAAE,sBADR;MAEEmB,EAFF,cAEKhB,GAFL,EAEUY,MAFV,EAEkB;QACd,IAAMe,QAAQ,GAAGf,MAAM,CAACT,IAAP,CAAYyB,MAAZ,CAAmBC,GAAnB,CAAuB,UAACC,KAAD;UAAA,OACtC9B,GAAG,CAACkB,KAAJ,CAAUC,QAAV,CAAmBC,UAAnB,CAA8BC,GAA9B,CAAkCK,iBAAlC,CAAoDI,KAAK,CAACC,WAA1D,EAAuER,IAAvE,CAA4E,UAACS,IAAD,EAAU;YACpFF,KAAK,CAACC,WAAN,GAAoBC,IAApB;UACD,CAFD,CADsC;QAAA,CAAvB,CAAjB;QAMAL,QAAQ,CAACM,IAAT,CACEjC,GAAG,CAACkB,KAAJ,CAAUC,QAAV,CAAmBC,UAAnB,CAA8BC,GAA9B,CACGK,iBADH,CACqBd,MAAM,CAACT,IAAP,CAAY+B,OADjC,EAEGX,IAFH,CAEQ,UAACnB,UAAD,EAAgB;UACpBQ,MAAM,CAACT,IAAP,CAAY+B,OAAZ,GAAsB9B,UAAtB;QACD,CAJH,CADF;QAQA,OAAO,iBAAQ+B,GAAR,CAAYR,QAAZ,EAAsBJ,IAAtB,CAA2B;UAAA,OAAM,iBAAQa,MAAR,CAAe,IAAIC,mBAAJ,CAAazB,MAAb,CAAf,CAAN;QAAA,CAA3B,CAAP;MACD;IAlBH,CA/BU;EAnEM,CAD2B;EAyH/CzB,YAAY,EAAZA,YAzH+C;EA0H/CmD,MAAM,EAANA;AA1H+C,CAAjD"}

package/dist/kms-batcher.js.map

@@ -1 +1 @@
-{"version":3,"names":["TIMEOUT_SYMBOL","KmsBatcher","Batcher","extend","namespace","processKmsMessageEvent","event","logger","info","all","encryption","kmsMessages","map","kmsMessage","resolve","process","env","NODE_ENV","body","acceptItem","prepareItem","item","getDeferredForRequest","then","defer","timeout","Error","timer","safeSetTimeout","warn","requestId","handleItemFailure","KmsTimeoutError","request","promise","clearTimeout","catch","prepareRequest","queue","webex","internal","kms","_getKMSCluster","cluster","destination","req","wrapped","submitHttpRequest","payload","length","method","service","resource","handleHttpSuccess","didItemFail","status","handleItemSuccess","getDeferredForResponse","reason","reject","KmsError","fingerprintRequest","fingerprintResponse"],"sources":["kms-batcher.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {safeSetTimeout} from '@webex/common-timers';\nimport {Batcher} from '@webex/webex-core';\n\nimport {KmsError, KmsTimeoutError} from './kms-errors';\n\nexport const TIMEOUT_SYMBOL = Symbol('TIMEOUT_SYMBOL');\n\n/**\n * @class\n */\nconst KmsBatcher = Batcher.extend({\n  namespace: 'Encryption',\n\n  /**\n   * Accepts a kmsMessage event and passes its contents to acceptItem\n   * @param {Object} event\n   * @returns {Promise}\n   */\n  processKmsMessageEvent(event) {\n    this.logger.info('kms-batcher: received kms message');\n\n    return Promise.all(event.encryption.kmsMessages.map((kmsMessage) => new Promise((resolve) => {\n      /* istanbul ignore else */\n      if (process.env.NODE_ENV !== 'production') {\n        this.logger.info('kms-batcher:', kmsMessage.body);\n      }\n\n      resolve(this.acceptItem(kmsMessage));\n    })));\n  },\n\n  /**\n   * Attaches a timeout to the given KMS message\n   * @param {Object} item\n   * @returns {Promise<Object>}\n   */\n  prepareItem(item) {\n    return this.getDeferredForRequest(item)\n      .then((defer) => {\n        const timeout = item[TIMEOUT_SYMBOL];\n\n        /* istanbul ignore if */\n        if (!timeout) {\n          throw new Error('timeout is required');\n        }\n\n        const timer = safeSetTimeout(() => {\n          this.logger.warn(`kms: request timed out; request id: ${item.requestId}; timeout: ${timeout}`);\n          this.handleItemFailure(item, new KmsTimeoutError({\n            timeout,\n            request: item\n          }));\n        }, timeout);\n\n        // Reminder: reassign `promise` is not a viable means of inserting into\n        // the Promise chain\n        defer.promise.then(() => clearTimeout(timer));\n        defer.promise.catch(() => clearTimeout(timer));\n\n        return item;\n      });\n  },\n\n  /**\n   * Attaches the final bits of cluster info to the payload\n   * @param {Array} queue\n   * @returns {Promise<Array>}\n   */\n  prepareRequest(queue) {\n    return this.webex.internal.encryption.kms._getKMSCluster()\n      .then((cluster) => ({\n        destination: cluster,\n        kmsMessages: queue.map((req) => req.wrapped)\n      }));\n  },\n\n  /**\n   * @param {Object} payload\n   * @returns {Promise<HttpResponseObject>}\n   */\n  submitHttpRequest(payload) {\n    this.logger.info('kms: batched-request-length', payload.kmsMessages.length);\n\n    return this.webex.request({\n      method: 'POST',\n      service: 'encryption',\n      resource: '/kms/messages',\n      body: payload\n    });\n  },\n\n  /**\n   * Does nothing; the http response doesn't carry our response data\n   * @returns {Promise}\n   */\n  handleHttpSuccess() {\n    return Promise.resolve();\n  },\n\n  /**\n   * @param {Object} item\n   * @returns {Promise<boolean>}\n   */\n  didItemFail(item) {\n    return Promise.resolve(item.status >= 400);\n  },\n\n  /**\n   * @param {Object} item\n   * @returns {Promise}\n   */\n  handleItemSuccess(item) {\n    return this.getDeferredForResponse(item)\n      .then((defer) => {\n        defer.resolve(item.body);\n      });\n  },\n\n  /**\n   * @param {Object} item\n   * @param {KmsError} [reason]\n   * @returns {Promise}\n   */\n  handleItemFailure(item, reason) {\n    return this.getDeferredForResponse(item)\n      .then((defer) => {\n        defer.reject(reason || new KmsError(item.body));\n      });\n  },\n\n  /**\n   * @param {Object} item\n   * @returns {Promise}\n   */\n  fingerprintRequest(item) {\n    return Promise.resolve(item.requestId);\n  },\n\n  /**\n   * @param {Object} item\n   * @returns {Promise}\n   */\n  fingerprintResponse(item) {\n    return Promise.resolve(item.requestId);\n  }\n});\n\nexport default KmsBatcher;\n"],"mappings":";;;;;;;;;;;;;;;;AAIA;;AACA;;AAEA;;AAPA;AACA;AACA;AAOO,IAAMA,cAAc,GAAG,qBAAO,gBAAP,CAAvB;AAEP;AACA;AACA;;;;AACA,IAAMC,UAAU,GAAGC,kBAAA,CAAQC,MAAR,CAAe;EAChCC,SAAS,EAAE,YADqB;;EAGhC;AACF;AACA;AACA;AACA;EACEC,sBARgC,kCAQTC,KARS,EAQF;IAAA;;IAC5B,KAAKC,MAAL,CAAYC,IAAZ,CAAiB,mCAAjB;IAEA,OAAO,iBAAQC,GAAR,CAAYH,KAAK,CAACI,UAAN,CAAiBC,WAAjB,CAA6BC,GAA7B,CAAiC,UAACC,UAAD;MAAA,OAAgB,qBAAY,UAACC,OAAD,EAAa;QAC3F;QACA,IAAIC,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,YAA7B,EAA2C;UACzC,KAAI,CAACV,MAAL,CAAYC,IAAZ,CAAiB,cAAjB,EAAiCK,UAAU,CAACK,IAA5C;QACD;;QAEDJ,OAAO,CAAC,KAAI,CAACK,UAAL,CAAgBN,UAAhB,CAAD,CAAP;MACD,CAPmE,CAAhB;IAAA,CAAjC,CAAZ,CAAP;EAQD,CAnB+B;;EAqBhC;AACF;AACA;AACA;AACA;EACEO,WA1BgC,uBA0BpBC,IA1BoB,EA0Bd;IAAA;;IAChB,OAAO,KAAKC,qBAAL,CAA2BD,IAA3B,EACJE,IADI,CACC,UAACC,KAAD,EAAW;MACf,IAAMC,OAAO,GAAGJ,IAAI,CAACrB,cAAD,CAApB;MAEA;;MACA,IAAI,CAACyB,OAAL,EAAc;QACZ,MAAM,IAAIC,KAAJ,CAAU,qBAAV,CAAN;MACD;;MAED,IAAMC,KAAK,GAAG,IAAAC,4BAAA,EAAe,YAAM;QACjC,MAAI,CAACrB,MAAL,CAAYsB,IAAZ,+CAAwDR,IAAI,CAACS,SAA7D,wBAAoFL,OAApF;;QACA,MAAI,CAACM,iBAAL,CAAuBV,IAAvB,EAA6B,IAAIW,0BAAJ,CAAoB;UAC/CP,OAAO,EAAPA,OAD+C;UAE/CQ,OAAO,EAAEZ;QAFsC,CAApB,CAA7B;MAID,CANa,EAMXI,OANW,CAAd,CARe,CAgBf;MACA;;MACAD,KAAK,CAACU,OAAN,CAAcX,IAAd,CAAmB;QAAA,OAAMY,YAAY,CAACR,KAAD,CAAlB;MAAA,CAAnB;MACAH,KAAK,CAACU,OAAN,CAAcE,KAAd,CAAoB;QAAA,OAAMD,YAAY,CAACR,KAAD,CAAlB;MAAA,CAApB;MAEA,OAAON,IAAP;IACD,CAvBI,CAAP;EAwBD,CAnD+B;;EAqDhC;AACF;AACA;AACA;AACA;EACEgB,cA1DgC,0BA0DjBC,KA1DiB,EA0DV;IACpB,OAAO,KAAKC,KAAL,CAAWC,QAAX,CAAoB9B,UAApB,CAA+B+B,GAA/B,CAAmCC,cAAnC,GACJnB,IADI,CACC,UAACoB,OAAD;MAAA,OAAc;QAClBC,WAAW,EAAED,OADK;QAElBhC,WAAW,EAAE2B,KAAK,CAAC1B,GAAN,CAAU,UAACiC,GAAD;UAAA,OAASA,GAAG,CAACC,OAAb;QAAA,CAAV;MAFK,CAAd;IAAA,CADD,CAAP;EAKD,CAhE+B;;EAkEhC;AACF;AACA;AACA;EACEC,iBAtEgC,6BAsEdC,OAtEc,EAsEL;IACzB,KAAKzC,MAAL,CAAYC,IAAZ,CAAiB,6BAAjB,EAAgDwC,OAAO,CAACrC,WAAR,CAAoBsC,MAApE;IAEA,OAAO,KAAKV,KAAL,CAAWN,OAAX,CAAmB;MACxBiB,MAAM,EAAE,MADgB;MAExBC,OAAO,EAAE,YAFe;MAGxBC,QAAQ,EAAE,eAHc;MAIxBlC,IAAI,EAAE8B;IAJkB,CAAnB,CAAP;EAMD,CA/E+B;;EAiFhC;AACF;AACA;AACA;EACEK,iBArFgC,+BAqFZ;IAClB,OAAO,iBAAQvC,OAAR,EAAP;EACD,CAvF+B;;EAyFhC;AACF;AACA;AACA;EACEwC,WA7FgC,uBA6FpBjC,IA7FoB,EA6Fd;IAChB,OAAO,iBAAQP,OAAR,CAAgBO,IAAI,CAACkC,MAAL,IAAe,GAA/B,CAAP;EACD,CA/F+B;;EAiGhC;AACF;AACA;AACA;EACEC,iBArGgC,6BAqGdnC,IArGc,EAqGR;IACtB,OAAO,KAAKoC,sBAAL,CAA4BpC,IAA5B,EACJE,IADI,CACC,UAACC,KAAD,EAAW;MACfA,KAAK,CAACV,OAAN,CAAcO,IAAI,CAACH,IAAnB;IACD,CAHI,CAAP;EAID,CA1G+B;;EA4GhC;AACF;AACA;AACA;AACA;EACEa,iBAjHgC,6BAiHdV,IAjHc,EAiHRqC,MAjHQ,EAiHA;IAC9B,OAAO,KAAKD,sBAAL,CAA4BpC,IAA5B,EACJE,IADI,CACC,UAACC,KAAD,EAAW;MACfA,KAAK,CAACmC,MAAN,CAAaD,MAAM,IAAI,IAAIE,mBAAJ,CAAavC,IAAI,CAACH,IAAlB,CAAvB;IACD,CAHI,CAAP;EAID,CAtH+B;;EAwHhC;AACF;AACA;AACA;EACE2C,kBA5HgC,8BA4HbxC,IA5Ha,EA4HP;IACvB,OAAO,iBAAQP,OAAR,CAAgBO,IAAI,CAACS,SAArB,CAAP;EACD,CA9H+B;;EAgIhC;AACF;AACA;AACA;EACEgC,mBApIgC,+BAoIZzC,IApIY,EAoIN;IACxB,OAAO,iBAAQP,OAAR,CAAgBO,IAAI,CAACS,SAArB,CAAP;EACD;AAtI+B,CAAf,CAAnB;;eAyIe7B,U"}
+{"version":3,"names":["TIMEOUT_SYMBOL","KmsBatcher","Batcher","extend","namespace","processKmsMessageEvent","event","logger","info","all","encryption","kmsMessages","map","kmsMessage","resolve","process","env","NODE_ENV","body","acceptItem","prepareItem","item","getDeferredForRequest","then","defer","timeout","Error","timer","safeSetTimeout","warn","requestId","handleItemFailure","KmsTimeoutError","request","promise","clearTimeout","catch","prepareRequest","queue","webex","internal","kms","_getKMSCluster","cluster","destination","req","wrapped","submitHttpRequest","payload","length","method","service","resource","handleHttpSuccess","didItemFail","status","handleItemSuccess","getDeferredForResponse","reason","reject","KmsError","fingerprintRequest","fingerprintResponse"],"sources":["kms-batcher.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {safeSetTimeout} from '@webex/common-timers';\nimport {Batcher} from '@webex/webex-core';\n\nimport {KmsError, KmsTimeoutError} from './kms-errors';\n\nexport const TIMEOUT_SYMBOL = Symbol('TIMEOUT_SYMBOL');\n\n/**\n * @class\n */\nconst KmsBatcher = Batcher.extend({\n  namespace: 'Encryption',\n\n  /**\n   * Accepts a kmsMessage event and passes its contents to acceptItem\n   * @param {Object} event\n   * @returns {Promise}\n   */\n  processKmsMessageEvent(event) {\n    this.logger.info('kms-batcher: received kms message');\n\n    return Promise.all(\n      event.encryption.kmsMessages.map(\n        (kmsMessage) =>\n          new Promise((resolve) => {\n            /* istanbul ignore else */\n            if (process.env.NODE_ENV !== 'production') {\n              this.logger.info('kms-batcher:', kmsMessage.body);\n            }\n\n            resolve(this.acceptItem(kmsMessage));\n          })\n      )\n    );\n  },\n\n  /**\n   * Attaches a timeout to the given KMS message\n   * @param {Object} item\n   * @returns {Promise<Object>}\n   */\n  prepareItem(item) {\n    return this.getDeferredForRequest(item).then((defer) => {\n      const timeout = item[TIMEOUT_SYMBOL];\n\n      /* istanbul ignore if */\n      if (!timeout) {\n        throw new Error('timeout is required');\n      }\n\n      const timer = safeSetTimeout(() => {\n        this.logger.warn(\n          `kms: request timed out; request id: ${item.requestId}; timeout: ${timeout}`\n        );\n        this.handleItemFailure(\n          item,\n          new KmsTimeoutError({\n            timeout,\n            request: item,\n          })\n        );\n      }, timeout);\n\n      // Reminder: reassign `promise` is not a viable means of inserting into\n      // the Promise chain\n      defer.promise.then(() => clearTimeout(timer));\n      defer.promise.catch(() => clearTimeout(timer));\n\n      return item;\n    });\n  },\n\n  /**\n   * Attaches the final bits of cluster info to the payload\n   * @param {Array} queue\n   * @returns {Promise<Array>}\n   */\n  prepareRequest(queue) {\n    return this.webex.internal.encryption.kms._getKMSCluster().then((cluster) => ({\n      destination: cluster,\n      kmsMessages: queue.map((req) => req.wrapped),\n    }));\n  },\n\n  /**\n   * @param {Object} payload\n   * @returns {Promise<HttpResponseObject>}\n   */\n  submitHttpRequest(payload) {\n    this.logger.info('kms: batched-request-length', payload.kmsMessages.length);\n\n    return this.webex.request({\n      method: 'POST',\n      service: 'encryption',\n      resource: '/kms/messages',\n      body: payload,\n    });\n  },\n\n  /**\n   * Does nothing; the http response doesn't carry our response data\n   * @returns {Promise}\n   */\n  handleHttpSuccess() {\n    return Promise.resolve();\n  },\n\n  /**\n   * @param {Object} item\n   * @returns {Promise<boolean>}\n   */\n  didItemFail(item) {\n    return Promise.resolve(item.status >= 400);\n  },\n\n  /**\n   * @param {Object} item\n   * @returns {Promise}\n   */\n  handleItemSuccess(item) {\n    return this.getDeferredForResponse(item).then((defer) => {\n      defer.resolve(item.body);\n    });\n  },\n\n  /**\n   * @param {Object} item\n   * @param {KmsError} [reason]\n   * @returns {Promise}\n   */\n  handleItemFailure(item, reason) {\n    return this.getDeferredForResponse(item).then((defer) => {\n      defer.reject(reason || new KmsError(item.body));\n    });\n  },\n\n  /**\n   * @param {Object} item\n   * @returns {Promise}\n   */\n  fingerprintRequest(item) {\n    return Promise.resolve(item.requestId);\n  },\n\n  /**\n   * @param {Object} item\n   * @returns {Promise}\n   */\n  fingerprintResponse(item) {\n    return Promise.resolve(item.requestId);\n  },\n});\n\nexport default KmsBatcher;\n"],"mappings":";;;;;;;;;;;;;;;;AAIA;;AACA;;AAEA;;AAPA;AACA;AACA;AAOO,IAAMA,cAAc,GAAG,qBAAO,gBAAP,CAAvB;AAEP;AACA;AACA;;;;AACA,IAAMC,UAAU,GAAGC,kBAAA,CAAQC,MAAR,CAAe;EAChCC,SAAS,EAAE,YADqB;;EAGhC;AACF;AACA;AACA;AACA;EACEC,sBARgC,kCAQTC,KARS,EAQF;IAAA;;IAC5B,KAAKC,MAAL,CAAYC,IAAZ,CAAiB,mCAAjB;IAEA,OAAO,iBAAQC,GAAR,CACLH,KAAK,CAACI,UAAN,CAAiBC,WAAjB,CAA6BC,GAA7B,CACE,UAACC,UAAD;MAAA,OACE,qBAAY,UAACC,OAAD,EAAa;QACvB;QACA,IAAIC,OAAO,CAACC,GAAR,CAAYC,QAAZ,KAAyB,YAA7B,EAA2C;UACzC,KAAI,CAACV,MAAL,CAAYC,IAAZ,CAAiB,cAAjB,EAAiCK,UAAU,CAACK,IAA5C;QACD;;QAEDJ,OAAO,CAAC,KAAI,CAACK,UAAL,CAAgBN,UAAhB,CAAD,CAAP;MACD,CAPD,CADF;IAAA,CADF,CADK,CAAP;EAaD,CAxB+B;;EA0BhC;AACF;AACA;AACA;AACA;EACEO,WA/BgC,uBA+BpBC,IA/BoB,EA+Bd;IAAA;;IAChB,OAAO,KAAKC,qBAAL,CAA2BD,IAA3B,EAAiCE,IAAjC,CAAsC,UAACC,KAAD,EAAW;MACtD,IAAMC,OAAO,GAAGJ,IAAI,CAACrB,cAAD,CAApB;MAEA;;MACA,IAAI,CAACyB,OAAL,EAAc;QACZ,MAAM,IAAIC,KAAJ,CAAU,qBAAV,CAAN;MACD;;MAED,IAAMC,KAAK,GAAG,IAAAC,4BAAA,EAAe,YAAM;QACjC,MAAI,CAACrB,MAAL,CAAYsB,IAAZ,+CACyCR,IAAI,CAACS,SAD9C,wBACqEL,OADrE;;QAGA,MAAI,CAACM,iBAAL,CACEV,IADF,EAEE,IAAIW,0BAAJ,CAAoB;UAClBP,OAAO,EAAPA,OADkB;UAElBQ,OAAO,EAAEZ;QAFS,CAApB,CAFF;MAOD,CAXa,EAWXI,OAXW,CAAd,CARsD,CAqBtD;MACA;;MACAD,KAAK,CAACU,OAAN,CAAcX,IAAd,CAAmB;QAAA,OAAMY,YAAY,CAACR,KAAD,CAAlB;MAAA,CAAnB;MACAH,KAAK,CAACU,OAAN,CAAcE,KAAd,CAAoB;QAAA,OAAMD,YAAY,CAACR,KAAD,CAAlB;MAAA,CAApB;MAEA,OAAON,IAAP;IACD,CA3BM,CAAP;EA4BD,CA5D+B;;EA8DhC;AACF;AACA;AACA;AACA;EACEgB,cAnEgC,0BAmEjBC,KAnEiB,EAmEV;IACpB,OAAO,KAAKC,KAAL,CAAWC,QAAX,CAAoB9B,UAApB,CAA+B+B,GAA/B,CAAmCC,cAAnC,GAAoDnB,IAApD,CAAyD,UAACoB,OAAD;MAAA,OAAc;QAC5EC,WAAW,EAAED,OAD+D;QAE5EhC,WAAW,EAAE2B,KAAK,CAAC1B,GAAN,CAAU,UAACiC,GAAD;UAAA,OAASA,GAAG,CAACC,OAAb;QAAA,CAAV;MAF+D,CAAd;IAAA,CAAzD,CAAP;EAID,CAxE+B;;EA0EhC;AACF;AACA;AACA;EACEC,iBA9EgC,6BA8EdC,OA9Ec,EA8EL;IACzB,KAAKzC,MAAL,CAAYC,IAAZ,CAAiB,6BAAjB,EAAgDwC,OAAO,CAACrC,WAAR,CAAoBsC,MAApE;IAEA,OAAO,KAAKV,KAAL,CAAWN,OAAX,CAAmB;MACxBiB,MAAM,EAAE,MADgB;MAExBC,OAAO,EAAE,YAFe;MAGxBC,QAAQ,EAAE,eAHc;MAIxBlC,IAAI,EAAE8B;IAJkB,CAAnB,CAAP;EAMD,CAvF+B;;EAyFhC;AACF;AACA;AACA;EACEK,iBA7FgC,+BA6FZ;IAClB,OAAO,iBAAQvC,OAAR,EAAP;EACD,CA/F+B;;EAiGhC;AACF;AACA;AACA;EACEwC,WArGgC,uBAqGpBjC,IArGoB,EAqGd;IAChB,OAAO,iBAAQP,OAAR,CAAgBO,IAAI,CAACkC,MAAL,IAAe,GAA/B,CAAP;EACD,CAvG+B;;EAyGhC;AACF;AACA;AACA;EACEC,iBA7GgC,6BA6GdnC,IA7Gc,EA6GR;IACtB,OAAO,KAAKoC,sBAAL,CAA4BpC,IAA5B,EAAkCE,IAAlC,CAAuC,UAACC,KAAD,EAAW;MACvDA,KAAK,CAACV,OAAN,CAAcO,IAAI,CAACH,IAAnB;IACD,CAFM,CAAP;EAGD,CAjH+B;;EAmHhC;AACF;AACA;AACA;AACA;EACEa,iBAxHgC,6BAwHdV,IAxHc,EAwHRqC,MAxHQ,EAwHA;IAC9B,OAAO,KAAKD,sBAAL,CAA4BpC,IAA5B,EAAkCE,IAAlC,CAAuC,UAACC,KAAD,EAAW;MACvDA,KAAK,CAACmC,MAAN,CAAaD,MAAM,IAAI,IAAIE,mBAAJ,CAAavC,IAAI,CAACH,IAAlB,CAAvB;IACD,CAFM,CAAP;EAGD,CA5H+B;;EA8HhC;AACF;AACA;AACA;EACE2C,kBAlIgC,8BAkIbxC,IAlIa,EAkIP;IACvB,OAAO,iBAAQP,OAAR,CAAgBO,IAAI,CAACS,SAArB,CAAP;EACD,CApI+B;;EAsIhC;AACF;AACA;AACA;EACEgC,mBA1IgC,+BA0IZzC,IA1IY,EA0IN;IACxB,OAAO,iBAAQP,OAAR,CAAgBO,IAAI,CAACS,SAArB,CAAP;EACD;AA5I+B,CAAf,CAAnB;;eA+Ie7B,U"}

package/dist/kms-certificate-validation.js

@@ -143,7 +143,7 @@ var validateKidHeader = function validateKidHeader(_ref2) {
   var kid = _ref2.kid;
 
   if (!(0, _validUrl.isUri)(kid)) {
-    throwError('\'kid\' is not a valid URI');
+    throwError("'kid' is not a valid URI");
   }
 
   if ((0, _url.parse)(kid).protocol !== VALID_KID_PROTOCOL) {
@@ -241,7 +241,7 @@ var validateCommonName = function validateCommonName(_ref3, _ref4) {
   }
 
   if (!validationSuccessful) {
-    throwError('hostname of the 1st certificate does not match \'kid\'');
+    throwError("hostname of the 1st certificate does not match 'kid'");
   }
 };
 /**

package/dist/kms-certificate-validation.js.map

@@ -1 +1 @@
-{"version":3,"names":["setEngine","crypto","CryptoEngine","name","subtle","VALID_KTY","VALID_KID_PROTOCOL","X509_COMMON_NAME_KEY","X509_SUBJECT_ALT_NAME_KEY","KMSError","message","kmsError","Error","throwError","err","decodeCert","pem","der","Buffer","from","ber","Uint8Array","buffer","asn1","fromBER","Certificate","schema","result","validateKtyHeader","kty","validateKidHeader","kid","isUri","parseUrl","protocol","validateCommonName","certificate","kidHostname","hostname","validationSuccessful","extensions","extension","extnID","altNames","parsedValue","entry","san","value","subjectAttributes","subject","typesAndValues","attribute","type","commonName","valueBlock","validatePublicCertificate","publicExponent","e","modulus","n","encode","jose","util","base64url","publicKey","subjectPublicKeyInfo","subjectPublicKey","asn1PublicCert","valueHex","publicCert","RSAPublicKey","publicExponentHex","modulusHex","validateCertificatesSignature","certificates","caroots","certificateEngine","CertificateChainValidationEngine","trustedCerts","map","certs","verify","then","resultCode","resultMessage","validateKMS","jwt","resolve","x5c","length","promise"],"sources":["kms-certificate-validation.js"],"sourcesContent":["import {parse as parseUrl} from 'url';\n\nimport {isUri} from 'valid-url';\nimport {fromBER} from 'asn1js';\nimport {\n  Certificate,\n  RSAPublicKey,\n  CertificateChainValidationEngine,\n  CryptoEngine,\n  setEngine\n} from 'pkijs';\nimport {isArray} from 'lodash';\nimport jose from 'node-jose';\nimport crypto from 'isomorphic-webcrypto';\nimport {Buffer} from 'safe-buffer';\n\nsetEngine(\n  'newEngine',\n  crypto,\n  new CryptoEngine({\n    name: '',\n    crypto,\n    subtle: crypto.subtle\n  })\n);\n\nconst VALID_KTY = 'RSA';\nconst VALID_KID_PROTOCOL = 'kms:';\n\nconst X509_COMMON_NAME_KEY = '2.5.4.3';\n\nconst X509_SUBJECT_ALT_NAME_KEY = '2.5.29.17';\n\n/**\n * Customize Error so the SDK knows to quit retrying and notify\n * the user\n */\nexport class KMSError extends Error {\n  /**\n   * add kmsError field to notify\n   * @param {string} message\n   */\n  constructor(message) {\n    super(message);\n    this.kmsError = true;\n  }\n}\n\nconst throwError = (err) => {\n  throw new KMSError(`INVALID KMS: ${err}`);\n};\n\n/**\n * Converts the PEM string to a pkijs certificate object\n * @param {string} pem PEM representation of a certificate\n * @returns {Certificate} pkijs object of the certificate\n */\nconst decodeCert = (pem) => {\n  if (typeof pem !== 'string') {\n    throwError('certificate needs to be a string');\n  }\n\n  const der = Buffer.from(pem, 'base64');\n  const ber = new Uint8Array(der).buffer;\n\n  const asn1 = fromBER(ber);\n\n  return new Certificate({schema: asn1.result});\n};\n\n/**\n * Validate the 'kty' property of the KMS credentials\n * @param {Object} JWT KMS credentials\n * @param {string} JWT.kty type of certificate\n * @throws {KMSError} if kty is not a valid type\n * @returns {void}\n */\nconst validateKtyHeader = ({kty}) => {\n  if (kty !== VALID_KTY) {\n    throwError(`'kty' header must be '${VALID_KTY}'`);\n  }\n};\n\nconst validateKidHeader = ({kid}) => {\n  if (!isUri(kid)) {\n    throwError('\\'kid\\' is not a valid URI');\n  }\n\n  if (parseUrl(kid).protocol !== VALID_KID_PROTOCOL) {\n    throwError(`'kid' protocol must be '${VALID_KID_PROTOCOL}'`);\n  }\n};\n\n/**\n * Checks the first certificate matches the 'kid' in the JWT.\n * It first checks the Subject Alternative Name then it checks\n * the Common Name\n * @param {Certificate} certificate represents the KMS\n * @param {Object} JWT KMS credentials\n * @param {string} JWT.kid the uri of the KMS\n * @throws {KMSError} if unable to validate certificate against KMS credentials\n * @returns {void}\n */\nconst validateCommonName = ([certificate], {kid}) => {\n  const kidHostname = parseUrl(kid).hostname;\n  let validationSuccessful = false;\n\n  if (certificate.extensions) {\n    // Subject Alt Names are in here\n    for (const extension of certificate.extensions) {\n      if (extension.extnID === X509_SUBJECT_ALT_NAME_KEY) {\n        const {altNames} = extension.parsedValue;\n\n        for (const entry of altNames) {\n          const san = entry.value;\n\n          validationSuccessful = san === kidHostname;\n          if (validationSuccessful) {\n            break;\n          }\n        }\n\n        if (validationSuccessful) {\n          break;\n        }\n      }\n    }\n  }\n\n  if (!validationSuccessful) {\n    // Didn't match kid in the Subject Alt Names, checking the Common Name\n    const subjectAttributes = certificate.subject.typesAndValues;\n\n    for (const attribute of subjectAttributes) {\n      if (attribute.type === X509_COMMON_NAME_KEY) {\n        const commonName = attribute.value.valueBlock.value;\n\n        validationSuccessful = commonName === kidHostname;\n        if (validationSuccessful) {\n          break;\n        }\n      }\n    }\n  }\n\n  if (!validationSuccessful) {\n    throwError('hostname of the 1st certificate does not match \\'kid\\'');\n  }\n};\n\n/**\n * Validate the first KMS certificate against the information\n * provided in the JWT\n * @param {Certificate} certificate first certificate the identifies the KMS\n * @param {Object} JWT credentials of the KMS\n * @param {string} JWT.e Public exponent of the first certificate\n * @param {string} KWT.n Modulus of the first certificate\n * @throws {KMSError} if e or n doesn't match the first certificate\n * @returns {void}\n */\nconst validatePublicCertificate =\n  ([certificate], {e: publicExponent, n: modulus}) => {\n    const {encode} = jose.util.base64url;\n\n    const publicKey = certificate.subjectPublicKeyInfo.subjectPublicKey;\n    const asn1PublicCert = fromBER(publicKey.valueBlock.valueHex);\n    const publicCert = new RSAPublicKey({schema: asn1PublicCert.result});\n    const publicExponentHex = publicCert.publicExponent.valueBlock.valueHex;\n    const modulusHex = publicCert.modulus.valueBlock.valueHex;\n\n    if (publicExponent !== encode(publicExponentHex)) {\n      throwError('Public exponent is invalid');\n    }\n    if (modulus !== encode(modulusHex)) {\n      throwError('Modulus is invalid');\n    }\n  };\n\n/**\n * Validates the list of certificates against the CAs provided\n * @param {certificate[]} certificates list of certificates provided\n *   by the KMS to certify itself\n * @param {string[]} [caroots=[]] list of Certificate Authorities used to\n *   validate the KMS's certificates\n * @returns {Promise} rejects if unable to validate the certificates\n */\nconst validateCertificatesSignature = (certificates, caroots = []) => {\n  const certificateEngine = new CertificateChainValidationEngine({\n    trustedCerts: caroots.map(decodeCert),\n    certs: certificates\n  });\n\n  return certificateEngine.verify()\n    .then(({result, resultCode, resultMessage}) => {\n      if (!result) {\n        throwError(\n          `Certificate Validation failed [${resultCode}]: ${resultMessage}`\n        );\n      }\n    });\n};\n\n/**\n * Validates the information provided by the KMS. This is a curried function.\n * The first function takes the caroots param and returns a second function.\n * The second function takes the credentials of the KMS and validates it\n * @param {string[]} caroots PEM encoded certificates that will be used\n *   as Certificate Authorities\n * @param {Object} jwt Object containing the fields necessary to\n *   validate the KMS\n * @returns {Promise} when resolved will return the jwt\n */\nconst validateKMS = (caroots) => (jwt = {}) => Promise.resolve()\n  .then(() => {\n    validateKtyHeader(jwt);\n    validateKidHeader(jwt);\n\n    if (!(isArray(jwt.x5c) && jwt.x5c.length > 0)) {\n      throwError('JWK does not contain a list of certificates');\n    }\n    const certificates = jwt.x5c.map(decodeCert);\n\n    validateCommonName(certificates, jwt);\n    validatePublicCertificate(certificates, jwt);\n\n    // Skip validating signatures if no CA roots were provided\n    const promise = caroots ?\n      validateCertificatesSignature(certificates, caroots) : Promise.resolve();\n\n    return promise\n      .then(() => jwt);\n  });\n\nexport default validateKMS;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;AAEA;;AACA;;AACA;;AAQA;;AACA;;AACA;;;;;;;;;;;;AAEA,IAAAA,gBAAA,EACE,WADF,EAEEC,4BAFF,EAGE,IAAIC,mBAAJ,CAAiB;EACfC,IAAI,EAAE,EADS;EAEfF,MAAM,EAANA,4BAFe;EAGfG,MAAM,EAAEH,4BAAA,CAAOG;AAHA,CAAjB,CAHF;AAUA,IAAMC,SAAS,GAAG,KAAlB;AACA,IAAMC,kBAAkB,GAAG,MAA3B;AAEA,IAAMC,oBAAoB,GAAG,SAA7B;AAEA,IAAMC,yBAAyB,GAAG,WAAlC;AAEA;AACA;AACA;AACA;;IACaC,Q;;;;;EACX;AACF;AACA;AACA;EACE,kBAAYC,OAAZ,EAAqB;IAAA;;IAAA;IACnB,0BAAMA,OAAN;IACA,MAAKC,QAAL,GAAgB,IAAhB;IAFmB;EAGpB;;;+CAR2BC,K;;;;AAW9B,IAAMC,UAAU,GAAG,SAAbA,UAAa,CAACC,GAAD,EAAS;EAC1B,MAAM,IAAIL,QAAJ,wBAA6BK,GAA7B,EAAN;AACD,CAFD;AAIA;AACA;AACA;AACA;AACA;;;AACA,IAAMC,UAAU,GAAG,SAAbA,UAAa,CAACC,GAAD,EAAS;EAC1B,IAAI,OAAOA,GAAP,KAAe,QAAnB,EAA6B;IAC3BH,UAAU,CAAC,kCAAD,CAAV;EACD;;EAED,IAAMI,GAAG,GAAGC,kBAAA,CAAOC,IAAP,CAAYH,GAAZ,EAAiB,QAAjB,CAAZ;;EACA,IAAMI,GAAG,GAAG,IAAIC,UAAJ,CAAeJ,GAAf,EAAoBK,MAAhC;EAEA,IAAMC,IAAI,GAAG,IAAAC,eAAA,EAAQJ,GAAR,CAAb;EAEA,OAAO,IAAIK,kBAAJ,CAAgB;IAACC,MAAM,EAAEH,IAAI,CAACI;EAAd,CAAhB,CAAP;AACD,CAXD;AAaA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAMC,iBAAiB,GAAG,SAApBA,iBAAoB,OAAW;EAAA,IAATC,GAAS,QAATA,GAAS;;EACnC,IAAIA,GAAG,KAAKxB,SAAZ,EAAuB;IACrBQ,UAAU,iCAA0BR,SAA1B,OAAV;EACD;AACF,CAJD;;AAMA,IAAMyB,iBAAiB,GAAG,SAApBA,iBAAoB,QAAW;EAAA,IAATC,GAAS,SAATA,GAAS;;EACnC,IAAI,CAAC,IAAAC,eAAA,EAAMD,GAAN,CAAL,EAAiB;IACflB,UAAU,CAAC,4BAAD,CAAV;EACD;;EAED,IAAI,IAAAoB,UAAA,EAASF,GAAT,EAAcG,QAAd,KAA2B5B,kBAA/B,EAAmD;IACjDO,UAAU,mCAA4BP,kBAA5B,OAAV;EACD;AACF,CARD;AAUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAM6B,kBAAkB,GAAG,SAArBA,kBAAqB,eAA0B;EAAA;EAAA,IAAxBC,WAAwB;;EAAA,IAATL,GAAS,SAATA,GAAS;EACnD,IAAMM,WAAW,GAAG,IAAAJ,UAAA,EAASF,GAAT,EAAcO,QAAlC;EACA,IAAIC,oBAAoB,GAAG,KAA3B;;EAEA,IAAIH,WAAW,CAACI,UAAhB,EAA4B;IAC1B;IAD0B,2CAEFJ,WAAW,CAACI,UAFV;IAAA;;IAAA;MAE1B,oDAAgD;QAAA,IAArCC,SAAqC;;QAC9C,IAAIA,SAAS,CAACC,MAAV,KAAqBlC,yBAAzB,EAAoD;UAClD,IAAOmC,QAAP,GAAmBF,SAAS,CAACG,WAA7B,CAAOD,QAAP;;UADkD,4CAG9BA,QAH8B;UAAA;;UAAA;YAGlD,uDAA8B;cAAA,IAAnBE,KAAmB;cAC5B,IAAMC,GAAG,GAAGD,KAAK,CAACE,KAAlB;cAEAR,oBAAoB,GAAGO,GAAG,KAAKT,WAA/B;;cACA,IAAIE,oBAAJ,EAA0B;gBACxB;cACD;YACF;UAViD;YAAA;UAAA;YAAA;UAAA;;UAYlD,IAAIA,oBAAJ,EAA0B;YACxB;UACD;QACF;MACF;IAnByB;MAAA;IAAA;MAAA;IAAA;EAoB3B;;EAED,IAAI,CAACA,oBAAL,EAA2B;IACzB;IACA,IAAMS,iBAAiB,GAAGZ,WAAW,CAACa,OAAZ,CAAoBC,cAA9C;;IAFyB,4CAIDF,iBAJC;IAAA;;IAAA;MAIzB,uDAA2C;QAAA,IAAhCG,SAAgC;;QACzC,IAAIA,SAAS,CAACC,IAAV,KAAmB7C,oBAAvB,EAA6C;UAC3C,IAAM8C,UAAU,GAAGF,SAAS,CAACJ,KAAV,CAAgBO,UAAhB,CAA2BP,KAA9C;UAEAR,oBAAoB,GAAGc,UAAU,KAAKhB,WAAtC;;UACA,IAAIE,oBAAJ,EAA0B;YACxB;UACD;QACF;MACF;IAbwB;MAAA;IAAA;MAAA;IAAA;EAc1B;;EAED,IAAI,CAACA,oBAAL,EAA2B;IACzB1B,UAAU,CAAC,wDAAD,CAAV;EACD;AACF,CA7CD;AA+CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAM0C,yBAAyB,GAC7B,SADIA,yBACJ,eAAoD;EAAA;EAAA,IAAlDnB,WAAkD;;EAAA,IAAhCoB,cAAgC,SAAnCC,CAAmC;EAAA,IAAbC,OAAa,SAAhBC,CAAgB;EAClD,IAAOC,MAAP,GAAiBC,iBAAA,CAAKC,IAAL,CAAUC,SAA3B,CAAOH,MAAP;EAEA,IAAMI,SAAS,GAAG5B,WAAW,CAAC6B,oBAAZ,CAAiCC,gBAAnD;EACA,IAAMC,cAAc,GAAG,IAAA3C,eAAA,EAAQwC,SAAS,CAACV,UAAV,CAAqBc,QAA7B,CAAvB;EACA,IAAMC,UAAU,GAAG,IAAIC,mBAAJ,CAAiB;IAAC5C,MAAM,EAAEyC,cAAc,CAACxC;EAAxB,CAAjB,CAAnB;EACA,IAAM4C,iBAAiB,GAAGF,UAAU,CAACb,cAAX,CAA0BF,UAA1B,CAAqCc,QAA/D;EACA,IAAMI,UAAU,GAAGH,UAAU,CAACX,OAAX,CAAmBJ,UAAnB,CAA8Bc,QAAjD;;EAEA,IAAIZ,cAAc,KAAKI,MAAM,CAACW,iBAAD,CAA7B,EAAkD;IAChD1D,UAAU,CAAC,4BAAD,CAAV;EACD;;EACD,IAAI6C,OAAO,KAAKE,MAAM,CAACY,UAAD,CAAtB,EAAoC;IAClC3D,UAAU,CAAC,oBAAD,CAAV;EACD;AACF,CAhBH;AAkBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAM4D,6BAA6B,GAAG,SAAhCA,6BAAgC,CAACC,YAAD,EAAgC;EAAA,IAAjBC,OAAiB,uEAAP,EAAO;EACpE,IAAMC,iBAAiB,GAAG,IAAIC,uCAAJ,CAAqC;IAC7DC,YAAY,EAAEH,OAAO,CAACI,GAAR,CAAYhE,UAAZ,CAD+C;IAE7DiE,KAAK,EAAEN;EAFsD,CAArC,CAA1B;EAKA,OAAOE,iBAAiB,CAACK,MAAlB,GACJC,IADI,CACC,iBAAyC;IAAA,IAAvCvD,MAAuC,SAAvCA,MAAuC;IAAA,IAA/BwD,UAA+B,SAA/BA,UAA+B;IAAA,IAAnBC,aAAmB,SAAnBA,aAAmB;;IAC7C,IAAI,CAACzD,MAAL,EAAa;MACXd,UAAU,0CAC0BsE,UAD1B,gBAC0CC,aAD1C,EAAV;IAGD;EACF,CAPI,CAAP;AAQD,CAdD;AAgBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAMC,WAAW,GAAG,SAAdA,WAAc,CAACV,OAAD;EAAA,OAAa;IAAA,IAACW,GAAD,uEAAO,EAAP;IAAA,OAAc,iBAAQC,OAAR,GAC5CL,IAD4C,CACvC,YAAM;MACVtD,iBAAiB,CAAC0D,GAAD,CAAjB;MACAxD,iBAAiB,CAACwD,GAAD,CAAjB;;MAEA,IAAI,EAAE,uBAAQA,GAAG,CAACE,GAAZ,KAAoBF,GAAG,CAACE,GAAJ,CAAQC,MAAR,GAAiB,CAAvC,CAAJ,EAA+C;QAC7C5E,UAAU,CAAC,6CAAD,CAAV;MACD;;MACD,IAAM6D,YAAY,GAAGY,GAAG,CAACE,GAAJ,CAAQT,GAAR,CAAYhE,UAAZ,CAArB;MAEAoB,kBAAkB,CAACuC,YAAD,EAAeY,GAAf,CAAlB;MACA/B,yBAAyB,CAACmB,YAAD,EAAeY,GAAf,CAAzB,CAVU,CAYV;;MACA,IAAMI,OAAO,GAAGf,OAAO,GACrBF,6BAA6B,CAACC,YAAD,EAAeC,OAAf,CADR,GACkC,iBAAQY,OAAR,EADzD;MAGA,OAAOG,OAAO,CACXR,IADI,CACC;QAAA,OAAMI,GAAN;MAAA,CADD,CAAP;IAED,CAnB4C,CAAd;EAAA,CAAb;AAAA,CAApB;;eAqBeD,W"}
+{"version":3,"names":["setEngine","crypto","CryptoEngine","name","subtle","VALID_KTY","VALID_KID_PROTOCOL","X509_COMMON_NAME_KEY","X509_SUBJECT_ALT_NAME_KEY","KMSError","message","kmsError","Error","throwError","err","decodeCert","pem","der","Buffer","from","ber","Uint8Array","buffer","asn1","fromBER","Certificate","schema","result","validateKtyHeader","kty","validateKidHeader","kid","isUri","parseUrl","protocol","validateCommonName","certificate","kidHostname","hostname","validationSuccessful","extensions","extension","extnID","altNames","parsedValue","entry","san","value","subjectAttributes","subject","typesAndValues","attribute","type","commonName","valueBlock","validatePublicCertificate","publicExponent","e","modulus","n","encode","jose","util","base64url","publicKey","subjectPublicKeyInfo","subjectPublicKey","asn1PublicCert","valueHex","publicCert","RSAPublicKey","publicExponentHex","modulusHex","validateCertificatesSignature","certificates","caroots","certificateEngine","CertificateChainValidationEngine","trustedCerts","map","certs","verify","then","resultCode","resultMessage","validateKMS","jwt","resolve","x5c","length","promise"],"sources":["kms-certificate-validation.js"],"sourcesContent":["import {parse as parseUrl} from 'url';\n\nimport {isUri} from 'valid-url';\nimport {fromBER} from 'asn1js';\nimport {\n  Certificate,\n  RSAPublicKey,\n  CertificateChainValidationEngine,\n  CryptoEngine,\n  setEngine,\n} from 'pkijs';\nimport {isArray} from 'lodash';\nimport jose from 'node-jose';\nimport crypto from 'isomorphic-webcrypto';\nimport {Buffer} from 'safe-buffer';\n\nsetEngine(\n  'newEngine',\n  crypto,\n  new CryptoEngine({\n    name: '',\n    crypto,\n    subtle: crypto.subtle,\n  })\n);\n\nconst VALID_KTY = 'RSA';\nconst VALID_KID_PROTOCOL = 'kms:';\n\nconst X509_COMMON_NAME_KEY = '2.5.4.3';\n\nconst X509_SUBJECT_ALT_NAME_KEY = '2.5.29.17';\n\n/**\n * Customize Error so the SDK knows to quit retrying and notify\n * the user\n */\nexport class KMSError extends Error {\n  /**\n   * add kmsError field to notify\n   * @param {string} message\n   */\n  constructor(message) {\n    super(message);\n    this.kmsError = true;\n  }\n}\n\nconst throwError = (err) => {\n  throw new KMSError(`INVALID KMS: ${err}`);\n};\n\n/**\n * Converts the PEM string to a pkijs certificate object\n * @param {string} pem PEM representation of a certificate\n * @returns {Certificate} pkijs object of the certificate\n */\nconst decodeCert = (pem) => {\n  if (typeof pem !== 'string') {\n    throwError('certificate needs to be a string');\n  }\n\n  const der = Buffer.from(pem, 'base64');\n  const ber = new Uint8Array(der).buffer;\n\n  const asn1 = fromBER(ber);\n\n  return new Certificate({schema: asn1.result});\n};\n\n/**\n * Validate the 'kty' property of the KMS credentials\n * @param {Object} JWT KMS credentials\n * @param {string} JWT.kty type of certificate\n * @throws {KMSError} if kty is not a valid type\n * @returns {void}\n */\nconst validateKtyHeader = ({kty}) => {\n  if (kty !== VALID_KTY) {\n    throwError(`'kty' header must be '${VALID_KTY}'`);\n  }\n};\n\nconst validateKidHeader = ({kid}) => {\n  if (!isUri(kid)) {\n    throwError(\"'kid' is not a valid URI\");\n  }\n\n  if (parseUrl(kid).protocol !== VALID_KID_PROTOCOL) {\n    throwError(`'kid' protocol must be '${VALID_KID_PROTOCOL}'`);\n  }\n};\n\n/**\n * Checks the first certificate matches the 'kid' in the JWT.\n * It first checks the Subject Alternative Name then it checks\n * the Common Name\n * @param {Certificate} certificate represents the KMS\n * @param {Object} JWT KMS credentials\n * @param {string} JWT.kid the uri of the KMS\n * @throws {KMSError} if unable to validate certificate against KMS credentials\n * @returns {void}\n */\nconst validateCommonName = ([certificate], {kid}) => {\n  const kidHostname = parseUrl(kid).hostname;\n  let validationSuccessful = false;\n\n  if (certificate.extensions) {\n    // Subject Alt Names are in here\n    for (const extension of certificate.extensions) {\n      if (extension.extnID === X509_SUBJECT_ALT_NAME_KEY) {\n        const {altNames} = extension.parsedValue;\n\n        for (const entry of altNames) {\n          const san = entry.value;\n\n          validationSuccessful = san === kidHostname;\n          if (validationSuccessful) {\n            break;\n          }\n        }\n\n        if (validationSuccessful) {\n          break;\n        }\n      }\n    }\n  }\n\n  if (!validationSuccessful) {\n    // Didn't match kid in the Subject Alt Names, checking the Common Name\n    const subjectAttributes = certificate.subject.typesAndValues;\n\n    for (const attribute of subjectAttributes) {\n      if (attribute.type === X509_COMMON_NAME_KEY) {\n        const commonName = attribute.value.valueBlock.value;\n\n        validationSuccessful = commonName === kidHostname;\n        if (validationSuccessful) {\n          break;\n        }\n      }\n    }\n  }\n\n  if (!validationSuccessful) {\n    throwError(\"hostname of the 1st certificate does not match 'kid'\");\n  }\n};\n\n/**\n * Validate the first KMS certificate against the information\n * provided in the JWT\n * @param {Certificate} certificate first certificate the identifies the KMS\n * @param {Object} JWT credentials of the KMS\n * @param {string} JWT.e Public exponent of the first certificate\n * @param {string} KWT.n Modulus of the first certificate\n * @throws {KMSError} if e or n doesn't match the first certificate\n * @returns {void}\n */\nconst validatePublicCertificate = ([certificate], {e: publicExponent, n: modulus}) => {\n  const {encode} = jose.util.base64url;\n\n  const publicKey = certificate.subjectPublicKeyInfo.subjectPublicKey;\n  const asn1PublicCert = fromBER(publicKey.valueBlock.valueHex);\n  const publicCert = new RSAPublicKey({schema: asn1PublicCert.result});\n  const publicExponentHex = publicCert.publicExponent.valueBlock.valueHex;\n  const modulusHex = publicCert.modulus.valueBlock.valueHex;\n\n  if (publicExponent !== encode(publicExponentHex)) {\n    throwError('Public exponent is invalid');\n  }\n  if (modulus !== encode(modulusHex)) {\n    throwError('Modulus is invalid');\n  }\n};\n\n/**\n * Validates the list of certificates against the CAs provided\n * @param {certificate[]} certificates list of certificates provided\n *   by the KMS to certify itself\n * @param {string[]} [caroots=[]] list of Certificate Authorities used to\n *   validate the KMS's certificates\n * @returns {Promise} rejects if unable to validate the certificates\n */\nconst validateCertificatesSignature = (certificates, caroots = []) => {\n  const certificateEngine = new CertificateChainValidationEngine({\n    trustedCerts: caroots.map(decodeCert),\n    certs: certificates,\n  });\n\n  return certificateEngine.verify().then(({result, resultCode, resultMessage}) => {\n    if (!result) {\n      throwError(`Certificate Validation failed [${resultCode}]: ${resultMessage}`);\n    }\n  });\n};\n\n/**\n * Validates the information provided by the KMS. This is a curried function.\n * The first function takes the caroots param and returns a second function.\n * The second function takes the credentials of the KMS and validates it\n * @param {string[]} caroots PEM encoded certificates that will be used\n *   as Certificate Authorities\n * @param {Object} jwt Object containing the fields necessary to\n *   validate the KMS\n * @returns {Promise} when resolved will return the jwt\n */\nconst validateKMS =\n  (caroots) =>\n  (jwt = {}) =>\n    Promise.resolve().then(() => {\n      validateKtyHeader(jwt);\n      validateKidHeader(jwt);\n\n      if (!(isArray(jwt.x5c) && jwt.x5c.length > 0)) {\n        throwError('JWK does not contain a list of certificates');\n      }\n      const certificates = jwt.x5c.map(decodeCert);\n\n      validateCommonName(certificates, jwt);\n      validatePublicCertificate(certificates, jwt);\n\n      // Skip validating signatures if no CA roots were provided\n      const promise = caroots\n        ? validateCertificatesSignature(certificates, caroots)\n        : Promise.resolve();\n\n      return promise.then(() => jwt);\n    });\n\nexport default validateKMS;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;AAEA;;AACA;;AACA;;AAQA;;AACA;;AACA;;;;;;;;;;;;AAEA,IAAAA,gBAAA,EACE,WADF,EAEEC,4BAFF,EAGE,IAAIC,mBAAJ,CAAiB;EACfC,IAAI,EAAE,EADS;EAEfF,MAAM,EAANA,4BAFe;EAGfG,MAAM,EAAEH,4BAAA,CAAOG;AAHA,CAAjB,CAHF;AAUA,IAAMC,SAAS,GAAG,KAAlB;AACA,IAAMC,kBAAkB,GAAG,MAA3B;AAEA,IAAMC,oBAAoB,GAAG,SAA7B;AAEA,IAAMC,yBAAyB,GAAG,WAAlC;AAEA;AACA;AACA;AACA;;IACaC,Q;;;;;EACX;AACF;AACA;AACA;EACE,kBAAYC,OAAZ,EAAqB;IAAA;;IAAA;IACnB,0BAAMA,OAAN;IACA,MAAKC,QAAL,GAAgB,IAAhB;IAFmB;EAGpB;;;+CAR2BC,K;;;;AAW9B,IAAMC,UAAU,GAAG,SAAbA,UAAa,CAACC,GAAD,EAAS;EAC1B,MAAM,IAAIL,QAAJ,wBAA6BK,GAA7B,EAAN;AACD,CAFD;AAIA;AACA;AACA;AACA;AACA;;;AACA,IAAMC,UAAU,GAAG,SAAbA,UAAa,CAACC,GAAD,EAAS;EAC1B,IAAI,OAAOA,GAAP,KAAe,QAAnB,EAA6B;IAC3BH,UAAU,CAAC,kCAAD,CAAV;EACD;;EAED,IAAMI,GAAG,GAAGC,kBAAA,CAAOC,IAAP,CAAYH,GAAZ,EAAiB,QAAjB,CAAZ;;EACA,IAAMI,GAAG,GAAG,IAAIC,UAAJ,CAAeJ,GAAf,EAAoBK,MAAhC;EAEA,IAAMC,IAAI,GAAG,IAAAC,eAAA,EAAQJ,GAAR,CAAb;EAEA,OAAO,IAAIK,kBAAJ,CAAgB;IAACC,MAAM,EAAEH,IAAI,CAACI;EAAd,CAAhB,CAAP;AACD,CAXD;AAaA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAMC,iBAAiB,GAAG,SAApBA,iBAAoB,OAAW;EAAA,IAATC,GAAS,QAATA,GAAS;;EACnC,IAAIA,GAAG,KAAKxB,SAAZ,EAAuB;IACrBQ,UAAU,iCAA0BR,SAA1B,OAAV;EACD;AACF,CAJD;;AAMA,IAAMyB,iBAAiB,GAAG,SAApBA,iBAAoB,QAAW;EAAA,IAATC,GAAS,SAATA,GAAS;;EACnC,IAAI,CAAC,IAAAC,eAAA,EAAMD,GAAN,CAAL,EAAiB;IACflB,UAAU,CAAC,0BAAD,CAAV;EACD;;EAED,IAAI,IAAAoB,UAAA,EAASF,GAAT,EAAcG,QAAd,KAA2B5B,kBAA/B,EAAmD;IACjDO,UAAU,mCAA4BP,kBAA5B,OAAV;EACD;AACF,CARD;AAUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAM6B,kBAAkB,GAAG,SAArBA,kBAAqB,eAA0B;EAAA;EAAA,IAAxBC,WAAwB;;EAAA,IAATL,GAAS,SAATA,GAAS;EACnD,IAAMM,WAAW,GAAG,IAAAJ,UAAA,EAASF,GAAT,EAAcO,QAAlC;EACA,IAAIC,oBAAoB,GAAG,KAA3B;;EAEA,IAAIH,WAAW,CAACI,UAAhB,EAA4B;IAC1B;IAD0B,2CAEFJ,WAAW,CAACI,UAFV;IAAA;;IAAA;MAE1B,oDAAgD;QAAA,IAArCC,SAAqC;;QAC9C,IAAIA,SAAS,CAACC,MAAV,KAAqBlC,yBAAzB,EAAoD;UAClD,IAAOmC,QAAP,GAAmBF,SAAS,CAACG,WAA7B,CAAOD,QAAP;;UADkD,4CAG9BA,QAH8B;UAAA;;UAAA;YAGlD,uDAA8B;cAAA,IAAnBE,KAAmB;cAC5B,IAAMC,GAAG,GAAGD,KAAK,CAACE,KAAlB;cAEAR,oBAAoB,GAAGO,GAAG,KAAKT,WAA/B;;cACA,IAAIE,oBAAJ,EAA0B;gBACxB;cACD;YACF;UAViD;YAAA;UAAA;YAAA;UAAA;;UAYlD,IAAIA,oBAAJ,EAA0B;YACxB;UACD;QACF;MACF;IAnByB;MAAA;IAAA;MAAA;IAAA;EAoB3B;;EAED,IAAI,CAACA,oBAAL,EAA2B;IACzB;IACA,IAAMS,iBAAiB,GAAGZ,WAAW,CAACa,OAAZ,CAAoBC,cAA9C;;IAFyB,4CAIDF,iBAJC;IAAA;;IAAA;MAIzB,uDAA2C;QAAA,IAAhCG,SAAgC;;QACzC,IAAIA,SAAS,CAACC,IAAV,KAAmB7C,oBAAvB,EAA6C;UAC3C,IAAM8C,UAAU,GAAGF,SAAS,CAACJ,KAAV,CAAgBO,UAAhB,CAA2BP,KAA9C;UAEAR,oBAAoB,GAAGc,UAAU,KAAKhB,WAAtC;;UACA,IAAIE,oBAAJ,EAA0B;YACxB;UACD;QACF;MACF;IAbwB;MAAA;IAAA;MAAA;IAAA;EAc1B;;EAED,IAAI,CAACA,oBAAL,EAA2B;IACzB1B,UAAU,CAAC,sDAAD,CAAV;EACD;AACF,CA7CD;AA+CA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAM0C,yBAAyB,GAAG,SAA5BA,yBAA4B,eAAoD;EAAA;EAAA,IAAlDnB,WAAkD;;EAAA,IAAhCoB,cAAgC,SAAnCC,CAAmC;EAAA,IAAbC,OAAa,SAAhBC,CAAgB;EACpF,IAAOC,MAAP,GAAiBC,iBAAA,CAAKC,IAAL,CAAUC,SAA3B,CAAOH,MAAP;EAEA,IAAMI,SAAS,GAAG5B,WAAW,CAAC6B,oBAAZ,CAAiCC,gBAAnD;EACA,IAAMC,cAAc,GAAG,IAAA3C,eAAA,EAAQwC,SAAS,CAACV,UAAV,CAAqBc,QAA7B,CAAvB;EACA,IAAMC,UAAU,GAAG,IAAIC,mBAAJ,CAAiB;IAAC5C,MAAM,EAAEyC,cAAc,CAACxC;EAAxB,CAAjB,CAAnB;EACA,IAAM4C,iBAAiB,GAAGF,UAAU,CAACb,cAAX,CAA0BF,UAA1B,CAAqCc,QAA/D;EACA,IAAMI,UAAU,GAAGH,UAAU,CAACX,OAAX,CAAmBJ,UAAnB,CAA8Bc,QAAjD;;EAEA,IAAIZ,cAAc,KAAKI,MAAM,CAACW,iBAAD,CAA7B,EAAkD;IAChD1D,UAAU,CAAC,4BAAD,CAAV;EACD;;EACD,IAAI6C,OAAO,KAAKE,MAAM,CAACY,UAAD,CAAtB,EAAoC;IAClC3D,UAAU,CAAC,oBAAD,CAAV;EACD;AACF,CAfD;AAiBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAM4D,6BAA6B,GAAG,SAAhCA,6BAAgC,CAACC,YAAD,EAAgC;EAAA,IAAjBC,OAAiB,uEAAP,EAAO;EACpE,IAAMC,iBAAiB,GAAG,IAAIC,uCAAJ,CAAqC;IAC7DC,YAAY,EAAEH,OAAO,CAACI,GAAR,CAAYhE,UAAZ,CAD+C;IAE7DiE,KAAK,EAAEN;EAFsD,CAArC,CAA1B;EAKA,OAAOE,iBAAiB,CAACK,MAAlB,GAA2BC,IAA3B,CAAgC,iBAAyC;IAAA,IAAvCvD,MAAuC,SAAvCA,MAAuC;IAAA,IAA/BwD,UAA+B,SAA/BA,UAA+B;IAAA,IAAnBC,aAAmB,SAAnBA,aAAmB;;IAC9E,IAAI,CAACzD,MAAL,EAAa;MACXd,UAAU,0CAAmCsE,UAAnC,gBAAmDC,aAAnD,EAAV;IACD;EACF,CAJM,CAAP;AAKD,CAXD;AAaA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,IAAMC,WAAW,GACf,SADIA,WACJ,CAACV,OAAD;EAAA,OACA;IAAA,IAACW,GAAD,uEAAO,EAAP;IAAA,OACE,iBAAQC,OAAR,GAAkBL,IAAlB,CAAuB,YAAM;MAC3BtD,iBAAiB,CAAC0D,GAAD,CAAjB;MACAxD,iBAAiB,CAACwD,GAAD,CAAjB;;MAEA,IAAI,EAAE,uBAAQA,GAAG,CAACE,GAAZ,KAAoBF,GAAG,CAACE,GAAJ,CAAQC,MAAR,GAAiB,CAAvC,CAAJ,EAA+C;QAC7C5E,UAAU,CAAC,6CAAD,CAAV;MACD;;MACD,IAAM6D,YAAY,GAAGY,GAAG,CAACE,GAAJ,CAAQT,GAAR,CAAYhE,UAAZ,CAArB;MAEAoB,kBAAkB,CAACuC,YAAD,EAAeY,GAAf,CAAlB;MACA/B,yBAAyB,CAACmB,YAAD,EAAeY,GAAf,CAAzB,CAV2B,CAY3B;;MACA,IAAMI,OAAO,GAAGf,OAAO,GACnBF,6BAA6B,CAACC,YAAD,EAAeC,OAAf,CADV,GAEnB,iBAAQY,OAAR,EAFJ;MAIA,OAAOG,OAAO,CAACR,IAAR,CAAa;QAAA,OAAMI,GAAN;MAAA,CAAb,CAAP;IACD,CAlBD,CADF;EAAA,CADA;AAAA,CADF;;eAuBeD,W"}

package/dist/kms-dry-error-interceptor.js.map

@@ -1 +1 @@
-{"version":3,"names":["KmsDryErrorInterceptor","options","reason","DryError","message","match","webex","logger","error","replay","reject","replayCount","config","maxAuthenticationReplays","info","request","Interceptor"],"sources":["kms-dry-error-interceptor.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {Interceptor} from '@webex/http-core';\n\nimport {DryError} from './kms-errors';\n/**\n * Interceptor (only to be used in test mode) intended to replay requests that\n * fail as a result of the test-user incompatibility in KMS.\n * @class\n */\nexport default class KmsDryErrorInterceptor extends Interceptor {\n  /**\n   * @returns {KmsDryErrorInterceptor}\n   */\n  static create() {\n    return new KmsDryErrorInterceptor({webex: this});\n  }\n\n  /**\n   * @param {Object} options\n   * @param {Exception} reason\n   * @returns {Promise}\n   */\n  onResponseError(options, reason) {\n    if (reason instanceof DryError && reason.message.match(/Failed to resolve authorization token in KmsMessage request for user/)) {\n      this.webex.logger.error('DRY Request Failed due to kms/test-user flakiness');\n      this.webex.logger.error(reason);\n\n      return this.replay(options, reason);\n    }\n\n    return Promise.reject(reason);\n  }\n\n  /**\n   * Replays the request\n   * @param {Object} options\n   * @param {DryError} reason\n   * @returns {Object}\n   */\n  replay(options, reason) {\n    if (options.replayCount) {\n      options.replayCount += 1;\n    }\n    else {\n      options.replayCount = 1;\n    }\n\n    if (options.replayCount > this.webex.config.maxAuthenticationReplays) {\n      this.webex.logger.error(`kms: failed after ${this.webex.config.maxAuthenticationReplays} replay attempts`);\n\n      return Promise.reject(reason);\n    }\n\n    this.webex.logger.info(`kms: replaying request ${options.replayCount} time`);\n\n    return this.webex.request(options);\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAIA;;AAEA;;;;;;AACA;AACA;AACA;AACA;AACA;IACqBA,sB;;;;;;;;;;;;;IAQnB;AACF;AACA;AACA;AACA;IACE,yBAAgBC,OAAhB,EAAyBC,MAAzB,EAAiC;MAC/B,IAAIA,MAAM,YAAYC,mBAAlB,IAA8BD,MAAM,CAACE,OAAP,CAAeC,KAAf,CAAqB,sEAArB,CAAlC,EAAgI;QAC9H,KAAKC,KAAL,CAAWC,MAAX,CAAkBC,KAAlB,CAAwB,mDAAxB;QACA,KAAKF,KAAL,CAAWC,MAAX,CAAkBC,KAAlB,CAAwBN,MAAxB;QAEA,OAAO,KAAKO,MAAL,CAAYR,OAAZ,EAAqBC,MAArB,CAAP;MACD;;MAED,OAAO,iBAAQQ,MAAR,CAAeR,MAAf,CAAP;IACD;IAED;AACF;AACA;AACA;AACA;AACA;;;;WACE,gBAAOD,OAAP,EAAgBC,MAAhB,EAAwB;MACtB,IAAID,OAAO,CAACU,WAAZ,EAAyB;QACvBV,OAAO,CAACU,WAAR,IAAuB,CAAvB;MACD,CAFD,MAGK;QACHV,OAAO,CAACU,WAAR,GAAsB,CAAtB;MACD;;MAED,IAAIV,OAAO,CAACU,WAAR,GAAsB,KAAKL,KAAL,CAAWM,MAAX,CAAkBC,wBAA5C,EAAsE;QACpE,KAAKP,KAAL,CAAWC,MAAX,CAAkBC,KAAlB,6BAA6C,KAAKF,KAAL,CAAWM,MAAX,CAAkBC,wBAA/D;QAEA,OAAO,iBAAQH,MAAR,CAAeR,MAAf,CAAP;MACD;;MAED,KAAKI,KAAL,CAAWC,MAAX,CAAkBO,IAAlB,kCAAiDb,OAAO,CAACU,WAAzD;MAEA,OAAO,KAAKL,KAAL,CAAWS,OAAX,CAAmBd,OAAnB,CAAP;IACD;;;;IA9CD;AACF;AACA;IACE,kBAAgB;MACd,OAAO,IAAID,sBAAJ,CAA2B;QAACM,KAAK,EAAE;MAAR,CAA3B,CAAP;IACD;;;EANiDU,qB"}
+{"version":3,"names":["KmsDryErrorInterceptor","options","reason","DryError","message","match","webex","logger","error","replay","reject","replayCount","config","maxAuthenticationReplays","info","request","Interceptor"],"sources":["kms-dry-error-interceptor.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {Interceptor} from '@webex/http-core';\n\nimport {DryError} from './kms-errors';\n/**\n * Interceptor (only to be used in test mode) intended to replay requests that\n * fail as a result of the test-user incompatibility in KMS.\n * @class\n */\nexport default class KmsDryErrorInterceptor extends Interceptor {\n  /**\n   * @returns {KmsDryErrorInterceptor}\n   */\n  static create() {\n    return new KmsDryErrorInterceptor({webex: this});\n  }\n\n  /**\n   * @param {Object} options\n   * @param {Exception} reason\n   * @returns {Promise}\n   */\n  onResponseError(options, reason) {\n    if (\n      reason instanceof DryError &&\n      reason.message.match(/Failed to resolve authorization token in KmsMessage request for user/)\n    ) {\n      this.webex.logger.error('DRY Request Failed due to kms/test-user flakiness');\n      this.webex.logger.error(reason);\n\n      return this.replay(options, reason);\n    }\n\n    return Promise.reject(reason);\n  }\n\n  /**\n   * Replays the request\n   * @param {Object} options\n   * @param {DryError} reason\n   * @returns {Object}\n   */\n  replay(options, reason) {\n    if (options.replayCount) {\n      options.replayCount += 1;\n    } else {\n      options.replayCount = 1;\n    }\n\n    if (options.replayCount > this.webex.config.maxAuthenticationReplays) {\n      this.webex.logger.error(\n        `kms: failed after ${this.webex.config.maxAuthenticationReplays} replay attempts`\n      );\n\n      return Promise.reject(reason);\n    }\n\n    this.webex.logger.info(`kms: replaying request ${options.replayCount} time`);\n\n    return this.webex.request(options);\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAIA;;AAEA;;;;;;AACA;AACA;AACA;AACA;AACA;IACqBA,sB;;;;;;;;;;;;;IAQnB;AACF;AACA;AACA;AACA;IACE,yBAAgBC,OAAhB,EAAyBC,MAAzB,EAAiC;MAC/B,IACEA,MAAM,YAAYC,mBAAlB,IACAD,MAAM,CAACE,OAAP,CAAeC,KAAf,CAAqB,sEAArB,CAFF,EAGE;QACA,KAAKC,KAAL,CAAWC,MAAX,CAAkBC,KAAlB,CAAwB,mDAAxB;QACA,KAAKF,KAAL,CAAWC,MAAX,CAAkBC,KAAlB,CAAwBN,MAAxB;QAEA,OAAO,KAAKO,MAAL,CAAYR,OAAZ,EAAqBC,MAArB,CAAP;MACD;;MAED,OAAO,iBAAQQ,MAAR,CAAeR,MAAf,CAAP;IACD;IAED;AACF;AACA;AACA;AACA;AACA;;;;WACE,gBAAOD,OAAP,EAAgBC,MAAhB,EAAwB;MACtB,IAAID,OAAO,CAACU,WAAZ,EAAyB;QACvBV,OAAO,CAACU,WAAR,IAAuB,CAAvB;MACD,CAFD,MAEO;QACLV,OAAO,CAACU,WAAR,GAAsB,CAAtB;MACD;;MAED,IAAIV,OAAO,CAACU,WAAR,GAAsB,KAAKL,KAAL,CAAWM,MAAX,CAAkBC,wBAA5C,EAAsE;QACpE,KAAKP,KAAL,CAAWC,MAAX,CAAkBC,KAAlB,6BACuB,KAAKF,KAAL,CAAWM,MAAX,CAAkBC,wBADzC;QAIA,OAAO,iBAAQH,MAAR,CAAeR,MAAf,CAAP;MACD;;MAED,KAAKI,KAAL,CAAWC,MAAX,CAAkBO,IAAlB,kCAAiDb,OAAO,CAACU,WAAzD;MAEA,OAAO,KAAKL,KAAL,CAAWS,OAAX,CAAmBd,OAAnB,CAAP;IACD;;;;IAlDD;AACF;AACA;IACE,kBAAgB;MACd,OAAO,IAAID,sBAAJ,CAA2B;QAACM,KAAK,EAAE;MAAR,CAA3B,CAAP;IACD;;;EANiDU,qB"}

package/dist/kms-errors.js.map

@@ -1 +1 @@
-{"version":3,"names":["KmsError","body","enumerable","value","reason","requestId","status","message","constructor","defaultMessage","Exception","KmsTimeoutError","request","timeout","method","uri","DryError","WebexHttpError","prototype","parse","_res","options","url","service","toUpperCase","resource","headers","trackingid"],"sources":["kms-errors.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {Exception} from '@webex/common';\nimport {WebexHttpError} from '@webex/webex-core';\n\n/**\n * Error class for KMS errors\n */\nexport class KmsError extends Exception {\n  static defaultMessage = 'An unknown error occurred while communicating with the kms. This implies we received an error response without a body.';\n\n  /**\n   * @param {HttpResponse} body\n   * @returns {string}\n   */\n  parse(body) {\n    body = body.body || body;\n\n    Object.defineProperties(this, {\n      body: {\n        enumerable: false,\n        value: body\n      },\n      reason: {\n        enumerable: false,\n        value: body.reason\n      },\n      requestId: {\n        enumerable: false,\n        value: body.requestId\n      },\n      status: {\n        enumerable: false,\n        value: body.status\n      }\n    });\n\n    let message = typeof body === 'string' ? body : body.reason;\n\n    if (!message) {\n      message = this.constructor.defaultMessage;\n    }\n    if (body.status) {\n      message += `\\nKMS_RESPONSE_STATUS: ${body.status}`;\n    }\n    if (body.requestId) {\n      message += `\\nKMS_REQUEST_ID: ${body.requestId}`;\n    }\n\n    return message;\n  }\n}\n\n/**\n * Thrown when an expected KMSResponse is not received in a timely manner\n */\nexport class KmsTimeoutError extends KmsError {\n  /**\n   * @param {KmsRequest} options.request\n   * @param {KmsRequest} options.timeout\n   * @returns {string}\n   */\n  parse({request = {}, timeout} = {}) {\n    let message = `The KMS did not respond within ${timeout ? `${timeout} milliseconds` : 'a timely fashion'}`;\n\n    if (request) {\n      if (request.method && request.uri) {\n        message += `\\nKMS_REQUEST: ${request.method} ${request.uri}`;\n      }\n\n      if (request.requestId) {\n        message += `\\nKMS_REQUEST_ID: ${request.requestId}`;\n      }\n    }\n\n    return message;\n  }\n}\n\n/**\n * Emitted when a REST request includes an encrypter error\n */\nexport class DryError extends WebexHttpError {\n  static defaultMessage = 'An unknown error was received from a service that proxies to the KMS';\n\n  /**\n   * @param {WebexHttpError} reason\n   * @returns {string}\n   */\n  parse(reason) {\n    Reflect.apply(WebexHttpError.prototype.parse, this, [reason._res]);\n    const body = reason._res.body.message;\n\n    let message = body.reason || body;\n\n    if (!message) {\n      message = this.constructor.defaultMessage;\n    }\n    if (this.options.url) {\n      message += `\\n${this.options.method} ${this.options.url}`;\n    }\n    else if (this.options.uri) {\n      message += `\\n${this.options.method} ${this.options.uri}`;\n    }\n    else {\n      message += `\\n${this.options.method} ${this.options.service.toUpperCase()}/${this.options.resource}`;\n    }\n    message += `\\nWEBEX_TRACKING_ID: ${this.options.headers.trackingid}`;\n\n    if (body.status) {\n      message += `\\nKMS_RESPONSE_STATUS: ${body.status}`;\n    }\n    if (body.requestId) {\n      message += `\\nKMS_REQUEST_ID: ${body.requestId}`;\n    }\n\n    Object.defineProperties(this, {\n      reason: {\n        enumerable: false,\n        value: body.reason\n      },\n      requestId: {\n        enumerable: false,\n        value: body.requestId\n      },\n      status: {\n        enumerable: false,\n        value: body.status\n      }\n    });\n\n    return message;\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAIA;;AACA;;;;;;AAEA;AACA;AACA;IACaA,Q;;;;;;;;;;;;;IAGX;AACF;AACA;AACA;IACE,eAAMC,IAAN,EAAY;MACVA,IAAI,GAAGA,IAAI,CAACA,IAAL,IAAaA,IAApB;MAEA,+BAAwB,IAAxB,EAA8B;QAC5BA,IAAI,EAAE;UACJC,UAAU,EAAE,KADR;UAEJC,KAAK,EAAEF;QAFH,CADsB;QAK5BG,MAAM,EAAE;UACNF,UAAU,EAAE,KADN;UAENC,KAAK,EAAEF,IAAI,CAACG;QAFN,CALoB;QAS5BC,SAAS,EAAE;UACTH,UAAU,EAAE,KADH;UAETC,KAAK,EAAEF,IAAI,CAACI;QAFH,CATiB;QAa5BC,MAAM,EAAE;UACNJ,UAAU,EAAE,KADN;UAENC,KAAK,EAAEF,IAAI,CAACK;QAFN;MAboB,CAA9B;MAmBA,IAAIC,OAAO,GAAG,OAAON,IAAP,KAAgB,QAAhB,GAA2BA,IAA3B,GAAkCA,IAAI,CAACG,MAArD;;MAEA,IAAI,CAACG,OAAL,EAAc;QACZA,OAAO,GAAG,KAAKC,WAAL,CAAiBC,cAA3B;MACD;;MACD,IAAIR,IAAI,CAACK,MAAT,EAAiB;QACfC,OAAO,qCAA8BN,IAAI,CAACK,MAAnC,CAAP;MACD;;MACD,IAAIL,IAAI,CAACI,SAAT,EAAoB;QAClBE,OAAO,gCAAyBN,IAAI,CAACI,SAA9B,CAAP;MACD;;MAED,OAAOE,OAAP;IACD;;;EA1C2BG,iB;AA6C9B;AACA;AACA;;;;8BA/CaV,Q,oBACa,wH;;IA+CbW,e;;;;;;;;;;;;;IACX;AACF;AACA;AACA;AACA;IACE,iBAAoC;MAAA,+EAAJ,EAAI;MAAA,wBAA7BC,OAA6B;MAAA,IAA7BA,OAA6B,6BAAnB,EAAmB;MAAA,IAAfC,OAAe,QAAfA,OAAe;;MAClC,IAAIN,OAAO,4CAAqCM,OAAO,aAAMA,OAAN,qBAA+B,kBAA3E,CAAX;;MAEA,IAAID,OAAJ,EAAa;QACX,IAAIA,OAAO,CAACE,MAAR,IAAkBF,OAAO,CAACG,GAA9B,EAAmC;UACjCR,OAAO,6BAAsBK,OAAO,CAACE,MAA9B,cAAwCF,OAAO,CAACG,GAAhD,CAAP;QACD;;QAED,IAAIH,OAAO,CAACP,SAAZ,EAAuB;UACrBE,OAAO,gCAAyBK,OAAO,CAACP,SAAjC,CAAP;QACD;MACF;;MAED,OAAOE,OAAP;IACD;;;EApBkCP,Q;AAuBrC;AACA;AACA;;;;;IACagB,Q;;;;;;;;;;;;;IAGX;AACF;AACA;AACA;IACE,eAAMZ,MAAN,EAAc;MACZ,oBAAca,yBAAA,CAAeC,SAAf,CAAyBC,KAAvC,EAA8C,IAA9C,EAAoD,CAACf,MAAM,CAACgB,IAAR,CAApD;MACA,IAAMnB,IAAI,GAAGG,MAAM,CAACgB,IAAP,CAAYnB,IAAZ,CAAiBM,OAA9B;MAEA,IAAIA,OAAO,GAAGN,IAAI,CAACG,MAAL,IAAeH,IAA7B;;MAEA,IAAI,CAACM,OAAL,EAAc;QACZA,OAAO,GAAG,KAAKC,WAAL,CAAiBC,cAA3B;MACD;;MACD,IAAI,KAAKY,OAAL,CAAaC,GAAjB,EAAsB;QACpBf,OAAO,gBAAS,KAAKc,OAAL,CAAaP,MAAtB,cAAgC,KAAKO,OAAL,CAAaC,GAA7C,CAAP;MACD,CAFD,MAGK,IAAI,KAAKD,OAAL,CAAaN,GAAjB,EAAsB;QACzBR,OAAO,gBAAS,KAAKc,OAAL,CAAaP,MAAtB,cAAgC,KAAKO,OAAL,CAAaN,GAA7C,CAAP;MACD,CAFI,MAGA;QACHR,OAAO,gBAAS,KAAKc,OAAL,CAAaP,MAAtB,cAAgC,KAAKO,OAAL,CAAaE,OAAb,CAAqBC,WAArB,EAAhC,cAAsE,KAAKH,OAAL,CAAaI,QAAnF,CAAP;MACD;;MACDlB,OAAO,mCAA4B,KAAKc,OAAL,CAAaK,OAAb,CAAqBC,UAAjD,CAAP;;MAEA,IAAI1B,IAAI,CAACK,MAAT,EAAiB;QACfC,OAAO,qCAA8BN,IAAI,CAACK,MAAnC,CAAP;MACD;;MACD,IAAIL,IAAI,CAACI,SAAT,EAAoB;QAClBE,OAAO,gCAAyBN,IAAI,CAACI,SAA9B,CAAP;MACD;;MAED,+BAAwB,IAAxB,EAA8B;QAC5BD,MAAM,EAAE;UACNF,UAAU,EAAE,KADN;UAENC,KAAK,EAAEF,IAAI,CAACG;QAFN,CADoB;QAK5BC,SAAS,EAAE;UACTH,UAAU,EAAE,KADH;UAETC,KAAK,EAAEF,IAAI,CAACI;QAFH,CALiB;QAS5BC,MAAM,EAAE;UACNJ,UAAU,EAAE,KADN;UAENC,KAAK,EAAEF,IAAI,CAACK;QAFN;MAToB,CAA9B;MAeA,OAAOC,OAAP;IACD;;;EAlD2BU,yB;;;8BAAjBD,Q,oBACa,sE"}
+{"version":3,"names":["KmsError","body","enumerable","value","reason","requestId","status","message","constructor","defaultMessage","Exception","KmsTimeoutError","request","timeout","method","uri","DryError","WebexHttpError","prototype","parse","_res","options","url","service","toUpperCase","resource","headers","trackingid"],"sources":["kms-errors.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {Exception} from '@webex/common';\nimport {WebexHttpError} from '@webex/webex-core';\n\n/**\n * Error class for KMS errors\n */\nexport class KmsError extends Exception {\n  static defaultMessage =\n    'An unknown error occurred while communicating with the kms. This implies we received an error response without a body.';\n\n  /**\n   * @param {HttpResponse} body\n   * @returns {string}\n   */\n  parse(body) {\n    body = body.body || body;\n\n    Object.defineProperties(this, {\n      body: {\n        enumerable: false,\n        value: body,\n      },\n      reason: {\n        enumerable: false,\n        value: body.reason,\n      },\n      requestId: {\n        enumerable: false,\n        value: body.requestId,\n      },\n      status: {\n        enumerable: false,\n        value: body.status,\n      },\n    });\n\n    let message = typeof body === 'string' ? body : body.reason;\n\n    if (!message) {\n      message = this.constructor.defaultMessage;\n    }\n    if (body.status) {\n      message += `\\nKMS_RESPONSE_STATUS: ${body.status}`;\n    }\n    if (body.requestId) {\n      message += `\\nKMS_REQUEST_ID: ${body.requestId}`;\n    }\n\n    return message;\n  }\n}\n\n/**\n * Thrown when an expected KMSResponse is not received in a timely manner\n */\nexport class KmsTimeoutError extends KmsError {\n  /**\n   * @param {KmsRequest} options.request\n   * @param {KmsRequest} options.timeout\n   * @returns {string}\n   */\n  parse({request = {}, timeout} = {}) {\n    let message = `The KMS did not respond within ${\n      timeout ? `${timeout} milliseconds` : 'a timely fashion'\n    }`;\n\n    if (request) {\n      if (request.method && request.uri) {\n        message += `\\nKMS_REQUEST: ${request.method} ${request.uri}`;\n      }\n\n      if (request.requestId) {\n        message += `\\nKMS_REQUEST_ID: ${request.requestId}`;\n      }\n    }\n\n    return message;\n  }\n}\n\n/**\n * Emitted when a REST request includes an encrypter error\n */\nexport class DryError extends WebexHttpError {\n  static defaultMessage = 'An unknown error was received from a service that proxies to the KMS';\n\n  /**\n   * @param {WebexHttpError} reason\n   * @returns {string}\n   */\n  parse(reason) {\n    Reflect.apply(WebexHttpError.prototype.parse, this, [reason._res]);\n    const body = reason._res.body.message;\n\n    let message = body.reason || body;\n\n    if (!message) {\n      message = this.constructor.defaultMessage;\n    }\n    if (this.options.url) {\n      message += `\\n${this.options.method} ${this.options.url}`;\n    } else if (this.options.uri) {\n      message += `\\n${this.options.method} ${this.options.uri}`;\n    } else {\n      message += `\\n${this.options.method} ${this.options.service.toUpperCase()}/${\n        this.options.resource\n      }`;\n    }\n    message += `\\nWEBEX_TRACKING_ID: ${this.options.headers.trackingid}`;\n\n    if (body.status) {\n      message += `\\nKMS_RESPONSE_STATUS: ${body.status}`;\n    }\n    if (body.requestId) {\n      message += `\\nKMS_REQUEST_ID: ${body.requestId}`;\n    }\n\n    Object.defineProperties(this, {\n      reason: {\n        enumerable: false,\n        value: body.reason,\n      },\n      requestId: {\n        enumerable: false,\n        value: body.requestId,\n      },\n      status: {\n        enumerable: false,\n        value: body.status,\n      },\n    });\n\n    return message;\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAIA;;AACA;;;;;;AAEA;AACA;AACA;IACaA,Q;;;;;;;;;;;;;IAIX;AACF;AACA;AACA;IACE,eAAMC,IAAN,EAAY;MACVA,IAAI,GAAGA,IAAI,CAACA,IAAL,IAAaA,IAApB;MAEA,+BAAwB,IAAxB,EAA8B;QAC5BA,IAAI,EAAE;UACJC,UAAU,EAAE,KADR;UAEJC,KAAK,EAAEF;QAFH,CADsB;QAK5BG,MAAM,EAAE;UACNF,UAAU,EAAE,KADN;UAENC,KAAK,EAAEF,IAAI,CAACG;QAFN,CALoB;QAS5BC,SAAS,EAAE;UACTH,UAAU,EAAE,KADH;UAETC,KAAK,EAAEF,IAAI,CAACI;QAFH,CATiB;QAa5BC,MAAM,EAAE;UACNJ,UAAU,EAAE,KADN;UAENC,KAAK,EAAEF,IAAI,CAACK;QAFN;MAboB,CAA9B;MAmBA,IAAIC,OAAO,GAAG,OAAON,IAAP,KAAgB,QAAhB,GAA2BA,IAA3B,GAAkCA,IAAI,CAACG,MAArD;;MAEA,IAAI,CAACG,OAAL,EAAc;QACZA,OAAO,GAAG,KAAKC,WAAL,CAAiBC,cAA3B;MACD;;MACD,IAAIR,IAAI,CAACK,MAAT,EAAiB;QACfC,OAAO,qCAA8BN,IAAI,CAACK,MAAnC,CAAP;MACD;;MACD,IAAIL,IAAI,CAACI,SAAT,EAAoB;QAClBE,OAAO,gCAAyBN,IAAI,CAACI,SAA9B,CAAP;MACD;;MAED,OAAOE,OAAP;IACD;;;EA3C2BG,iB;AA8C9B;AACA;AACA;;;;8BAhDaV,Q,oBAET,wH;;IA+CSW,e;;;;;;;;;;;;;IACX;AACF;AACA;AACA;AACA;IACE,iBAAoC;MAAA,+EAAJ,EAAI;MAAA,wBAA7BC,OAA6B;MAAA,IAA7BA,OAA6B,6BAAnB,EAAmB;MAAA,IAAfC,OAAe,QAAfA,OAAe;;MAClC,IAAIN,OAAO,4CACTM,OAAO,aAAMA,OAAN,qBAA+B,kBAD7B,CAAX;;MAIA,IAAID,OAAJ,EAAa;QACX,IAAIA,OAAO,CAACE,MAAR,IAAkBF,OAAO,CAACG,GAA9B,EAAmC;UACjCR,OAAO,6BAAsBK,OAAO,CAACE,MAA9B,cAAwCF,OAAO,CAACG,GAAhD,CAAP;QACD;;QAED,IAAIH,OAAO,CAACP,SAAZ,EAAuB;UACrBE,OAAO,gCAAyBK,OAAO,CAACP,SAAjC,CAAP;QACD;MACF;;MAED,OAAOE,OAAP;IACD;;;EAtBkCP,Q;AAyBrC;AACA;AACA;;;;;IACagB,Q;;;;;;;;;;;;;IAGX;AACF;AACA;AACA;IACE,eAAMZ,MAAN,EAAc;MACZ,oBAAca,yBAAA,CAAeC,SAAf,CAAyBC,KAAvC,EAA8C,IAA9C,EAAoD,CAACf,MAAM,CAACgB,IAAR,CAApD;MACA,IAAMnB,IAAI,GAAGG,MAAM,CAACgB,IAAP,CAAYnB,IAAZ,CAAiBM,OAA9B;MAEA,IAAIA,OAAO,GAAGN,IAAI,CAACG,MAAL,IAAeH,IAA7B;;MAEA,IAAI,CAACM,OAAL,EAAc;QACZA,OAAO,GAAG,KAAKC,WAAL,CAAiBC,cAA3B;MACD;;MACD,IAAI,KAAKY,OAAL,CAAaC,GAAjB,EAAsB;QACpBf,OAAO,gBAAS,KAAKc,OAAL,CAAaP,MAAtB,cAAgC,KAAKO,OAAL,CAAaC,GAA7C,CAAP;MACD,CAFD,MAEO,IAAI,KAAKD,OAAL,CAAaN,GAAjB,EAAsB;QAC3BR,OAAO,gBAAS,KAAKc,OAAL,CAAaP,MAAtB,cAAgC,KAAKO,OAAL,CAAaN,GAA7C,CAAP;MACD,CAFM,MAEA;QACLR,OAAO,gBAAS,KAAKc,OAAL,CAAaP,MAAtB,cAAgC,KAAKO,OAAL,CAAaE,OAAb,CAAqBC,WAArB,EAAhC,cACL,KAAKH,OAAL,CAAaI,QADR,CAAP;MAGD;;MACDlB,OAAO,mCAA4B,KAAKc,OAAL,CAAaK,OAAb,CAAqBC,UAAjD,CAAP;;MAEA,IAAI1B,IAAI,CAACK,MAAT,EAAiB;QACfC,OAAO,qCAA8BN,IAAI,CAACK,MAAnC,CAAP;MACD;;MACD,IAAIL,IAAI,CAACI,SAAT,EAAoB;QAClBE,OAAO,gCAAyBN,IAAI,CAACI,SAA9B,CAAP;MACD;;MAED,+BAAwB,IAAxB,EAA8B;QAC5BD,MAAM,EAAE;UACNF,UAAU,EAAE,KADN;UAENC,KAAK,EAAEF,IAAI,CAACG;QAFN,CADoB;QAK5BC,SAAS,EAAE;UACTH,UAAU,EAAE,KADH;UAETC,KAAK,EAAEF,IAAI,CAACI;QAFH,CALiB;QAS5BC,MAAM,EAAE;UACNJ,UAAU,EAAE,KADN;UAENC,KAAK,EAAEF,IAAI,CAACK;QAFN;MAToB,CAA9B;MAeA,OAAOC,OAAP;IACD;;;EAlD2BU,yB;;;8BAAjBD,Q,oBACa,sE"}

package/dist/kms.js

@@ -322,11 +322,11 @@ var KMS = _webexCore.WebexPlugin.extend((_dec = (0, _common.oneFlight)({
   },
 
   /**
-  * @typedef {Object} FetchPublicKeyResponse
-  * @property {number} status 200,400(Bad Request: Request payload missing info),404(Not Found: HSM Public Key not found),501(Not Implemented: This KMS does not support BYOK),502(Bad Gateway: KMS could not communicate with HSM)
-  * @property {UUID} requestId this is should be unique, used for debug.
-  * @property {string} publicKey
-  */
+   * @typedef {Object} FetchPublicKeyResponse
+   * @property {number} status 200,400(Bad Request: Request payload missing info),404(Not Found: HSM Public Key not found),501(Not Implemented: This KMS does not support BYOK),502(Bad Gateway: KMS could not communicate with HSM)
+   * @property {UUID} requestId this is should be unique, used for debug.
+   * @property {string} publicKey
+   */
 
   /**
    * get public key from kms
@@ -351,12 +351,12 @@ var KMS = _webexCore.WebexPlugin.extend((_dec = (0, _common.oneFlight)({
   },
 
   /**
-  * @typedef {Object} UploadCmkResponse
-  * @property {number} status
-  * @property {UUID} requestId
-  * @property {string} uri
-  * @property {string} keysState
-  */
+   * @typedef {Object} UploadCmkResponse
+   * @property {number} status
+   * @property {UUID} requestId
+   * @property {string} uri
+   * @property {string} keysState
+   */
 
   /**
    * upload master key for one org.
@@ -408,11 +408,11 @@ var KMS = _webexCore.WebexPlugin.extend((_dec = (0, _common.oneFlight)({
   },
 
   /**
-  * @typedef {Object} ActivateCmkResponse
-  * @property {number} status
-  * @property {UUID} requestId
-  * @property {Array<CMK>} customerMasterKeys
-  */
+   * @typedef {Object} ActivateCmkResponse
+   * @property {number} status
+   * @property {UUID} requestId
+   * @property {Array<CMK>} customerMasterKeys
+   */
 
   /**
    *
@@ -931,7 +931,7 @@ var KMS = _webexCore.WebexPlugin.extend((_dec = (0, _common.oneFlight)({
     context.ephemeralKey = originalContext.ephemeralKey;
     return context;
   },
-  version: "3.0.0-beta.13"
+  version: "3.0.0-beta.15"
 }, ((0, _applyDecoratedDescriptor2.default)(_obj, "fetchKey", [_dec], (0, _getOwnPropertyDescriptor.default)(_obj, "fetchKey"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "_getContext", [_common.oneFlight], (0, _getOwnPropertyDescriptor.default)(_obj, "_getContext"), _obj)), _obj)));
 
 var _default = KMS;