@webex/internal-plugin-encryption 3.0.0-beta.4 → 3.0.0-beta.400
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -3
- package/dist/config.js +0 -9
- package/dist/config.js.map +1 -1
- package/dist/constants.js +14 -0
- package/dist/constants.js.map +1 -0
- package/dist/encryption.js +25 -74
- package/dist/encryption.js.map +1 -1
- package/dist/ensure-buffer.browser.js +0 -12
- package/dist/ensure-buffer.browser.js.map +1 -1
- package/dist/ensure-buffer.js +5 -12
- package/dist/ensure-buffer.js.map +1 -1
- package/dist/index.js +7 -33
- package/dist/index.js.map +1 -1
- package/dist/kms-batcher.js +7 -30
- package/dist/kms-batcher.js.map +1 -1
- package/dist/kms-certificate-validation.js +24 -90
- package/dist/kms-certificate-validation.js.map +1 -1
- package/dist/kms-dry-error-interceptor.js +1 -23
- package/dist/kms-dry-error-interceptor.js.map +1 -1
- package/dist/kms-errors.js +21 -51
- package/dist/kms-errors.js.map +1 -1
- package/dist/kms.js +88 -218
- package/dist/kms.js.map +1 -1
- package/package.json +15 -15
- package/src/config.js +3 -3
- package/src/constants.js +3 -0
- package/src/encryption.js +74 -57
- package/src/ensure-buffer.browser.js +0 -1
- package/src/ensure-buffer.js +5 -5
- package/src/index.js +120 -96
- package/src/kms-batcher.js +53 -45
- package/src/kms-certificate-validation.js +48 -50
- package/src/kms-dry-error-interceptor.js +8 -4
- package/src/kms-errors.js +47 -16
- package/src/kms.js +219 -212
- package/test/integration/spec/encryption.js +313 -231
- package/test/integration/spec/kms.js +532 -405
- package/test/integration/spec/payload-transfom.js +69 -69
- package/test/unit/spec/encryption.js +21 -18
- package/test/unit/spec/kms-certificate-validation.js +76 -34
- package/test/unit/spec/kms-errors.js +70 -0
- package/test/unit/spec/kms.js +103 -0
|
@@ -42,13 +42,13 @@ describe('Encryption', function () {
|
|
|
42
42
|
return window.btoa(binary);
|
|
43
43
|
}
|
|
44
44
|
|
|
45
|
-
before('create test user', () =>
|
|
46
|
-
.then((users) => {
|
|
45
|
+
before('create test user', () =>
|
|
46
|
+
testUsers.create({count: 2, config: {roles: [{name: 'id_full_admin'}]}}).then((users) => {
|
|
47
47
|
spock = users[0];
|
|
48
48
|
webex = new WebexCore({
|
|
49
49
|
credentials: {
|
|
50
|
-
authorization: spock.token
|
|
51
|
-
}
|
|
50
|
+
authorization: spock.token,
|
|
51
|
+
},
|
|
52
52
|
});
|
|
53
53
|
spock.webex = webex;
|
|
54
54
|
assert.isTrue(webex.canAuthorize);
|
|
@@ -56,89 +56,104 @@ describe('Encryption', function () {
|
|
|
56
56
|
mccoy = users[1];
|
|
57
57
|
mccoy.webex = new WebexCore({
|
|
58
58
|
credentials: {
|
|
59
|
-
authorization: mccoy.token
|
|
60
|
-
}
|
|
59
|
+
authorization: mccoy.token,
|
|
60
|
+
},
|
|
61
61
|
});
|
|
62
62
|
|
|
63
63
|
assert.isTrue(mccoy.webex.canAuthorize);
|
|
64
64
|
|
|
65
65
|
return mccoy.webex.internal.device.register();
|
|
66
|
-
})
|
|
66
|
+
})
|
|
67
|
+
);
|
|
67
68
|
|
|
68
69
|
after(() => webex && webex.internal.mercury.disconnect());
|
|
69
70
|
|
|
70
71
|
let expiredUser;
|
|
71
72
|
|
|
72
73
|
// TODO: Re-enable SPARK-133280
|
|
73
|
-
it.skip('errs using an invalid token', () =>
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
74
|
+
it.skip('errs using an invalid token', () =>
|
|
75
|
+
testUsers
|
|
76
|
+
.create({count: 1})
|
|
77
|
+
.then((users) => {
|
|
78
|
+
[expiredUser] = users;
|
|
79
|
+
expiredUser.webex = new WebexCore({
|
|
80
|
+
credentials: {
|
|
81
|
+
authorization: 'invalidToken',
|
|
82
|
+
},
|
|
83
|
+
});
|
|
84
|
+
expiredUser.webex.internal.device.register();
|
|
85
|
+
})
|
|
86
|
+
.then(() => expiredUser.webex.internal.encryption.kms.createUnboundKeys({count: 1}))
|
|
87
|
+
.catch((err) => {
|
|
88
|
+
assert.equal(err.statusCode, 401);
|
|
89
|
+
}));
|
|
87
90
|
|
|
88
91
|
describe('#createResource()', () => {
|
|
89
|
-
it('creates a kms resource object', () =>
|
|
90
|
-
.then(([key]) =>
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
92
|
+
it('creates a kms resource object', () =>
|
|
93
|
+
webex.internal.encryption.kms.createUnboundKeys({count: 1}).then(([key]) =>
|
|
94
|
+
webex.internal.encryption.kms
|
|
95
|
+
.createResource({
|
|
96
|
+
userIds: [webex.internal.device.userId],
|
|
97
|
+
key,
|
|
98
|
+
})
|
|
99
|
+
.then((kro) => {
|
|
100
|
+
assert.property(kro, 'uri');
|
|
101
|
+
assert.property(kro, 'keyUris');
|
|
102
|
+
assert.lengthOf(kro.keyUris, 1);
|
|
103
|
+
assert.include(kro.keyUris, key.uri);
|
|
104
|
+
assert.property(kro, 'authorizationUris');
|
|
105
|
+
assert.lengthOf(kro.authorizationUris, 1);
|
|
106
|
+
})
|
|
107
|
+
));
|
|
102
108
|
});
|
|
103
109
|
|
|
104
110
|
describe('#addAuthorization()', () => {
|
|
105
111
|
let boundedKeyUri, kro, otherKro;
|
|
106
112
|
|
|
107
|
-
before('create a resource', () =>
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
113
|
+
before('create a resource', () =>
|
|
114
|
+
webex.internal.encryption.kms
|
|
115
|
+
.createUnboundKeys({count: 1})
|
|
116
|
+
.then(([key]) =>
|
|
117
|
+
webex.internal.encryption.kms.createResource({
|
|
118
|
+
key,
|
|
119
|
+
})
|
|
120
|
+
)
|
|
121
|
+
.then((k) => {
|
|
122
|
+
kro = k;
|
|
123
|
+
boundedKeyUri = kro.keyUris[0];
|
|
124
|
+
assert.lengthOf(kro.authorizationUris, 1);
|
|
125
|
+
})
|
|
126
|
+
);
|
|
116
127
|
|
|
117
|
-
it('authorizes a user to a key', () =>
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
128
|
+
it('authorizes a user to a key', () =>
|
|
129
|
+
webex.internal.encryption.kms
|
|
130
|
+
.addAuthorization({
|
|
131
|
+
userIds: [mccoy.webex.internal.device.userId],
|
|
132
|
+
kroUri: kro.uri,
|
|
133
|
+
})
|
|
134
|
+
.then(([auth]) => {
|
|
135
|
+
assert.equal(auth.resourceUri, kro.uri);
|
|
136
|
+
assert.equal(auth.authId, mccoy.webex.internal.device.userId);
|
|
124
137
|
|
|
125
|
-
|
|
126
|
-
|
|
138
|
+
return mccoy.webex.internal.encryption.kms.fetchKey({uri: boundedKeyUri});
|
|
139
|
+
}));
|
|
127
140
|
|
|
128
|
-
it('authorizes a resource to a key', () =>
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
141
|
+
it('authorizes a resource to a key', () =>
|
|
142
|
+
webex.internal.encryption.kms
|
|
143
|
+
.createUnboundKeys({count: 1})
|
|
144
|
+
.then(([key]) => webex.internal.encryption.kms.createResource({key}))
|
|
145
|
+
.then((k) => {
|
|
146
|
+
otherKro = k;
|
|
132
147
|
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
148
|
+
return webex.internal.encryption.kms.addAuthorization({
|
|
149
|
+
authIds: [otherKro.uri],
|
|
150
|
+
kro,
|
|
151
|
+
});
|
|
152
|
+
})
|
|
153
|
+
.then(([auth]) => {
|
|
154
|
+
assert.equal(auth.resourceUri, kro.uri);
|
|
155
|
+
assert.equal(auth.authId, otherKro.uri);
|
|
156
|
+
}));
|
|
142
157
|
});
|
|
143
158
|
|
|
144
159
|
/**
|
|
@@ -153,61 +168,87 @@ describe('Encryption', function () {
|
|
|
153
168
|
let boundedKeyUri, kro, otherKro;
|
|
154
169
|
let testResourceId;
|
|
155
170
|
|
|
156
|
-
before('creates a resource', () =>
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
.then(([auth]) => {
|
|
171
|
-
assert.equal(auth.resourceUri, kro.uri);
|
|
172
|
-
assert.equal(auth.authId, mccoy.webex.internal.device.userId);
|
|
173
|
-
|
|
174
|
-
return mccoy.webex.internal.encryption.kms.fetchKey({uri: boundedKeyUri});
|
|
175
|
-
}));
|
|
176
|
-
|
|
177
|
-
before('authorizes a resource to a key', () => webex.internal.encryption.kms.createUnboundKeys({count: 1})
|
|
178
|
-
.then(([key]) => webex.internal.encryption.kms.createResource({key}))
|
|
179
|
-
.then((k) => {
|
|
180
|
-
otherKro = k;
|
|
181
|
-
testResourceId = otherKro.uri;
|
|
171
|
+
before('creates a resource', () =>
|
|
172
|
+
webex.internal.encryption.kms
|
|
173
|
+
.createUnboundKeys({count: 1})
|
|
174
|
+
.then(([key]) =>
|
|
175
|
+
webex.internal.encryption.kms.createResource({
|
|
176
|
+
key,
|
|
177
|
+
})
|
|
178
|
+
)
|
|
179
|
+
.then((k) => {
|
|
180
|
+
kro = k;
|
|
181
|
+
boundedKeyUri = kro.keyUris[0];
|
|
182
|
+
assert.lengthOf(kro.authorizationUris, 1);
|
|
183
|
+
})
|
|
184
|
+
);
|
|
182
185
|
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
186
|
+
before('authorizes a user to a key', () =>
|
|
187
|
+
webex.internal.encryption.kms
|
|
188
|
+
.addAuthorization({
|
|
189
|
+
userIds: [mccoy.webex.internal.device.userId],
|
|
190
|
+
kroUri: kro.uri,
|
|
191
|
+
})
|
|
192
|
+
.then(([auth]) => {
|
|
193
|
+
assert.equal(auth.resourceUri, kro.uri);
|
|
194
|
+
assert.equal(auth.authId, mccoy.webex.internal.device.userId);
|
|
192
195
|
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
196
|
+
return mccoy.webex.internal.encryption.kms.fetchKey({uri: boundedKeyUri});
|
|
197
|
+
})
|
|
198
|
+
);
|
|
199
|
+
|
|
200
|
+
before('authorizes a resource to a key', () =>
|
|
201
|
+
webex.internal.encryption.kms
|
|
202
|
+
.createUnboundKeys({count: 1})
|
|
203
|
+
.then(([key]) => webex.internal.encryption.kms.createResource({key}))
|
|
204
|
+
.then((k) => {
|
|
205
|
+
otherKro = k;
|
|
206
|
+
testResourceId = otherKro.uri;
|
|
207
|
+
|
|
208
|
+
return webex.internal.encryption.kms.addAuthorization({
|
|
209
|
+
authIds: [testResourceId],
|
|
210
|
+
kro,
|
|
211
|
+
});
|
|
212
|
+
})
|
|
213
|
+
.then(([auth]) => {
|
|
214
|
+
assert.equal(auth.resourceUri, kro.uri);
|
|
215
|
+
assert.equal(auth.authId, otherKro.uri);
|
|
216
|
+
})
|
|
217
|
+
);
|
|
218
|
+
|
|
219
|
+
it('list authorizations', () =>
|
|
220
|
+
webex.internal.encryption.kms
|
|
221
|
+
.listAuthorizations({kroUri: kro.uri})
|
|
222
|
+
.then((authorizations) => {
|
|
223
|
+
assert.equal(authorizations.length, 3);
|
|
224
|
+
assert.include(
|
|
225
|
+
authorizations.map((a) => a.authId),
|
|
226
|
+
mccoy.webex.internal.device.userId
|
|
227
|
+
);
|
|
228
|
+
assert.include(
|
|
229
|
+
authorizations.map((a) => a.authId),
|
|
230
|
+
spock.id
|
|
231
|
+
);
|
|
232
|
+
assert.include(
|
|
233
|
+
authorizations.map((a) => a.resourceUri),
|
|
234
|
+
testResourceId
|
|
235
|
+
);
|
|
236
|
+
assert.include(
|
|
237
|
+
authorizations.map((a) => a.resourceUri),
|
|
238
|
+
kro.uri
|
|
239
|
+
);
|
|
240
|
+
}));
|
|
201
241
|
|
|
202
|
-
it('rejects normally for users that are not authorized', () =>
|
|
203
|
-
.then(([user]) => {
|
|
242
|
+
it('rejects normally for users that are not authorized', () =>
|
|
243
|
+
testUsers.create({count: 1}).then(([user]) => {
|
|
204
244
|
const us = new WebexCore({
|
|
205
245
|
credentials: {
|
|
206
|
-
authorization: user.token
|
|
207
|
-
}
|
|
246
|
+
authorization: user.token,
|
|
247
|
+
},
|
|
208
248
|
});
|
|
209
249
|
|
|
210
|
-
return assert
|
|
250
|
+
return assert
|
|
251
|
+
.isRejected(us.internal.encryption.kms.listAuthorizations({kroUri: kro.uri}))
|
|
211
252
|
.then((err) => {
|
|
212
253
|
console.error(err);
|
|
213
254
|
assert.equal(err.status, 403, 'We should get a Not Authorized response from kms');
|
|
@@ -215,119 +256,161 @@ describe('Encryption', function () {
|
|
|
215
256
|
.then(() => us.internal.mercury.disconnect());
|
|
216
257
|
}));
|
|
217
258
|
|
|
218
|
-
it('remove the user and verify this user is not in the authorization list ', () =>
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
259
|
+
it('remove the user and verify this user is not in the authorization list ', () =>
|
|
260
|
+
webex.internal.encryption.kms
|
|
261
|
+
.removeAuthorization({
|
|
262
|
+
userId: mccoy.webex.internal.device.userId,
|
|
263
|
+
kroUri: kro.uri,
|
|
264
|
+
})
|
|
265
|
+
.then(([auth]) => {
|
|
266
|
+
assert.equal(auth.resourceUri, kro.uri);
|
|
267
|
+
assert.equal(auth.authId, mccoy.webex.internal.device.userId);
|
|
268
|
+
|
|
269
|
+
return webex.internal.encryption.kms
|
|
270
|
+
.listAuthorizations({kro})
|
|
271
|
+
.then((authorizations) => {
|
|
272
|
+
assert.equal(authorizations.length, 2);
|
|
273
|
+
assert.include(
|
|
274
|
+
authorizations.map((a) => a.authId),
|
|
275
|
+
spock.id
|
|
276
|
+
);
|
|
277
|
+
assert.include(
|
|
278
|
+
authorizations.map((a) => a.resourceUri),
|
|
279
|
+
testResourceId
|
|
280
|
+
);
|
|
281
|
+
assert.include(
|
|
282
|
+
authorizations.map((a) => a.resourceUri),
|
|
283
|
+
kro.uri
|
|
284
|
+
);
|
|
285
|
+
});
|
|
286
|
+
}));
|
|
234
287
|
|
|
235
|
-
it('remove the resource and verify this resource is not in the authorizaiton list', () =>
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
288
|
+
it('remove the resource and verify this resource is not in the authorizaiton list', () =>
|
|
289
|
+
webex.internal.encryption.kms
|
|
290
|
+
.removeAuthorization({
|
|
291
|
+
userId: testResourceId,
|
|
292
|
+
kroUri: kro.uri,
|
|
293
|
+
})
|
|
294
|
+
.then(([auth]) => {
|
|
295
|
+
assert.equal(auth.resourceUri, kro.uri);
|
|
296
|
+
assert.equal(auth.authId, testResourceId);
|
|
297
|
+
|
|
298
|
+
return webex.internal.encryption.kms
|
|
299
|
+
.listAuthorizations({kroUri: kro.uri})
|
|
300
|
+
.then((authorizations) => {
|
|
301
|
+
assert.equal(authorizations.length, 1);
|
|
302
|
+
assert.include(
|
|
303
|
+
authorizations.map((a) => a.authId),
|
|
304
|
+
spock.id
|
|
305
|
+
);
|
|
306
|
+
assert.include(
|
|
307
|
+
authorizations.map((a) => a.resourceUri),
|
|
308
|
+
kro.uri
|
|
309
|
+
);
|
|
310
|
+
});
|
|
311
|
+
}));
|
|
250
312
|
});
|
|
251
313
|
|
|
252
314
|
describe('#removeAuthorization()', () => {
|
|
253
315
|
let boundedKeyUri, kro, otherKro;
|
|
254
316
|
|
|
255
|
-
before('create resource', () =>
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
317
|
+
before('create resource', () =>
|
|
318
|
+
webex.internal.encryption.kms
|
|
319
|
+
.createUnboundKeys({count: 1})
|
|
320
|
+
.then(([key]) =>
|
|
321
|
+
webex.internal.encryption.kms.createResource({
|
|
322
|
+
key,
|
|
323
|
+
})
|
|
324
|
+
)
|
|
325
|
+
.then((k) => {
|
|
326
|
+
kro = k;
|
|
327
|
+
boundedKeyUri = kro.keyUris[0];
|
|
328
|
+
assert.lengthOf(kro.authorizationUris, 1);
|
|
329
|
+
})
|
|
330
|
+
);
|
|
331
|
+
|
|
332
|
+
before('create another resource', () =>
|
|
333
|
+
webex.internal.encryption.kms
|
|
334
|
+
.createUnboundKeys({count: 1})
|
|
335
|
+
.then(([key]) =>
|
|
336
|
+
webex.internal.encryption.kms.createResource({
|
|
337
|
+
key,
|
|
338
|
+
})
|
|
339
|
+
)
|
|
340
|
+
.then((k) => {
|
|
341
|
+
otherKro = k;
|
|
342
|
+
})
|
|
343
|
+
);
|
|
272
344
|
|
|
273
|
-
before('add auths to resource', () =>
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
345
|
+
before('add auths to resource', () =>
|
|
346
|
+
webex.internal.encryption.kms
|
|
347
|
+
.addAuthorization({
|
|
348
|
+
authIds: [otherKro.uri, mccoy.webex.internal.device.userId],
|
|
349
|
+
kro,
|
|
350
|
+
})
|
|
351
|
+
.then(([kroAuth, userAuth]) => {
|
|
352
|
+
assert.equal(kroAuth.authId, otherKro.uri);
|
|
353
|
+
assert.equal(userAuth.authId, mccoy.webex.internal.device.userId);
|
|
354
|
+
})
|
|
355
|
+
);
|
|
281
356
|
|
|
282
|
-
it('deauthorizes a user from a key', () =>
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
357
|
+
it('deauthorizes a user from a key', () =>
|
|
358
|
+
webex.internal.encryption.kms
|
|
359
|
+
.removeAuthorization({
|
|
360
|
+
userId: mccoy.webex.internal.device.userId,
|
|
361
|
+
kroUri: kro.uri,
|
|
362
|
+
})
|
|
363
|
+
.then(([auth]) => {
|
|
364
|
+
assert.equal(auth.resourceUri, kro.uri);
|
|
365
|
+
assert.equal(auth.authId, mccoy.webex.internal.device.userId);
|
|
289
366
|
|
|
290
|
-
|
|
291
|
-
|
|
367
|
+
return assert.isRejected(
|
|
368
|
+
mccoy.webex.internal.encryption.kms.fetchKey({uri: boundedKeyUri})
|
|
369
|
+
);
|
|
370
|
+
}));
|
|
292
371
|
|
|
293
|
-
it('deauthorizes a resource from a key', () =>
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
372
|
+
it('deauthorizes a resource from a key', () =>
|
|
373
|
+
webex.internal.encryption.kms
|
|
374
|
+
.removeAuthorization({
|
|
375
|
+
authId: otherKro.uri,
|
|
376
|
+
kro,
|
|
377
|
+
})
|
|
378
|
+
.then(([auth]) => {
|
|
379
|
+
assert.equal(auth.resourceUri, kro.uri);
|
|
380
|
+
assert.equal(auth.authId, otherKro.uri);
|
|
381
|
+
}));
|
|
301
382
|
});
|
|
302
383
|
|
|
303
384
|
describe('#bindKey()', () => {
|
|
304
385
|
let key2, kro;
|
|
305
386
|
|
|
306
|
-
it('binds a resource to a key', () =>
|
|
307
|
-
.
|
|
308
|
-
|
|
387
|
+
it('binds a resource to a key', () =>
|
|
388
|
+
webex.internal.encryption.kms
|
|
389
|
+
.createUnboundKeys({count: 2})
|
|
390
|
+
.then((keys) => {
|
|
391
|
+
key2 = keys[1];
|
|
309
392
|
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
393
|
+
return webex.internal.encryption.kms.createResource({
|
|
394
|
+
userIds: [webex.internal.device.userId],
|
|
395
|
+
key: keys[0],
|
|
396
|
+
});
|
|
397
|
+
})
|
|
398
|
+
.then((k) => {
|
|
399
|
+
kro = k;
|
|
317
400
|
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
401
|
+
return webex.internal.encryption.kms.bindKey({kro, key: key2});
|
|
402
|
+
})
|
|
403
|
+
.then((key) => {
|
|
404
|
+
assert.equal(key.uri, key2.uri);
|
|
405
|
+
assert.property(key, 'bindDate');
|
|
406
|
+
assert.property(key, 'resourceUri');
|
|
407
|
+
assert.equal(key.resourceUri, kro.uri);
|
|
408
|
+
}));
|
|
326
409
|
});
|
|
327
410
|
|
|
328
411
|
describe('#createUnboundKeys()', () => {
|
|
329
|
-
it('requests unbound keys from the KMS', () =>
|
|
330
|
-
.then((keys) => {
|
|
412
|
+
it('requests unbound keys from the KMS', () =>
|
|
413
|
+
webex.internal.encryption.kms.createUnboundKeys({count: 2}).then((keys) => {
|
|
331
414
|
assert.lengthOf(keys, 2);
|
|
332
415
|
|
|
333
416
|
const [key1, key2] = keys;
|
|
@@ -342,98 +425,121 @@ describe('Encryption', function () {
|
|
|
342
425
|
describe('upload customer master key', () => {
|
|
343
426
|
let uploadedkeyId;
|
|
344
427
|
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
354
|
-
|
|
355
|
-
|
|
356
|
-
|
|
357
|
-
|
|
358
|
-
|
|
359
|
-
binaryDer
|
|
360
|
-
|
|
361
|
-
|
|
362
|
-
|
|
363
|
-
|
|
364
|
-
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
428
|
+
skipInBrowser(it)('upload customer master key', () =>
|
|
429
|
+
webex.internal.encryption.kms
|
|
430
|
+
.deleteAllCustomerMasterKeys({assignedOrgId: spock.orgId})
|
|
431
|
+
.then(() => webex.internal.encryption.kms.fetchPublicKey({assignedOrgId: spock.orgId}))
|
|
432
|
+
.then((publicKey) => {
|
|
433
|
+
assert.isNotEmpty(publicKey);
|
|
434
|
+
const pemHeader = '-----BEGIN PUBLIC KEY-----';
|
|
435
|
+
const pemFooter = '-----END PUBLIC KEY-----';
|
|
436
|
+
const publicContent = publicKey.substring(
|
|
437
|
+
pemHeader.length,
|
|
438
|
+
publicKey.length - pemFooter.length
|
|
439
|
+
);
|
|
440
|
+
const binaryDerString = window.atob(publicContent);
|
|
441
|
+
// convert from a binary string to an ArrayBuffer
|
|
442
|
+
const binaryDer = str2ab(binaryDerString);
|
|
443
|
+
|
|
444
|
+
return window.crypto.subtle.importKey(
|
|
445
|
+
'spki',
|
|
446
|
+
binaryDer,
|
|
447
|
+
{
|
|
448
|
+
name: 'RSA-OAEP',
|
|
449
|
+
hash: 'SHA-256',
|
|
450
|
+
},
|
|
451
|
+
true,
|
|
452
|
+
['encrypt']
|
|
453
|
+
);
|
|
454
|
+
})
|
|
455
|
+
.then((publicKey) => {
|
|
456
|
+
const buf = window.crypto.getRandomValues(new Uint8Array(16));
|
|
457
|
+
|
|
458
|
+
return window.crypto.subtle.encrypt(
|
|
459
|
+
{
|
|
460
|
+
name: 'RSA-OAEP',
|
|
461
|
+
},
|
|
462
|
+
publicKey,
|
|
463
|
+
buf
|
|
464
|
+
);
|
|
465
|
+
})
|
|
466
|
+
.then((encryptedData) =>
|
|
467
|
+
webex.internal.encryption.kms.uploadCustomerMasterKey({
|
|
468
|
+
assignedOrgId: spock.orgId,
|
|
469
|
+
customerMasterKey: arrayBufferToBase64(encryptedData),
|
|
470
|
+
})
|
|
471
|
+
)
|
|
472
|
+
.then((uploadRes) => {
|
|
473
|
+
uploadedkeyId = uploadRes.customerMasterKeys[0].uri;
|
|
382
474
|
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
475
|
+
return webex.internal.encryption.kms.listAllCustomerMasterKey({
|
|
476
|
+
assignedOrgId: spock.orgId,
|
|
477
|
+
});
|
|
478
|
+
})
|
|
479
|
+
.then((listCmksRes) => {
|
|
480
|
+
const cmks = listCmksRes.customerMasterKeys;
|
|
481
|
+
const uploadedCmk = cmks.find((cmk) => cmk.uri === uploadedkeyId);
|
|
388
482
|
|
|
389
|
-
|
|
483
|
+
expect(uploadedCmk).to.not.be.null;
|
|
390
484
|
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
394
|
-
|
|
485
|
+
return webex.internal.encryption.kms.changeCustomerMasterKeyState({
|
|
486
|
+
keyId: uploadedkeyId,
|
|
487
|
+
keyState: 'ACTIVE',
|
|
488
|
+
assignedOrgId: spock.orgId,
|
|
489
|
+
});
|
|
490
|
+
})
|
|
491
|
+
.then((activeRes) => {
|
|
492
|
+
expect(activeRes.customerMasterKeys[0].usageState).to.have.string('ACTIVE');
|
|
395
493
|
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
494
|
+
// return webex.internal.encryption.kms.useGlobalMasterKey({assignedOrgId: spock.orgId});
|
|
495
|
+
return webex.internal.encryption.kms.deleteAllCustomerMasterKeys({
|
|
496
|
+
assignedOrgId: spock.orgId,
|
|
497
|
+
});
|
|
498
|
+
})
|
|
499
|
+
);
|
|
399
500
|
});
|
|
400
501
|
|
|
401
502
|
describe('#fetchKey()', () => {
|
|
402
503
|
let key;
|
|
403
504
|
|
|
404
|
-
it('retrieves a specific key', () =>
|
|
405
|
-
.
|
|
406
|
-
|
|
505
|
+
it('retrieves a specific key', () =>
|
|
506
|
+
webex.internal.encryption.kms
|
|
507
|
+
.createUnboundKeys({count: 1})
|
|
508
|
+
.then(([k]) => {
|
|
509
|
+
key = k;
|
|
407
510
|
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
|
|
511
|
+
return webex.internal.encryption.kms.fetchKey({uri: key.uri});
|
|
512
|
+
})
|
|
513
|
+
.then((key2) => {
|
|
514
|
+
assert.property(key2, 'uri');
|
|
515
|
+
assert.property(key2, 'jwk');
|
|
516
|
+
assert.notEqual(key2, key);
|
|
517
|
+
assert.equal(key2.uri, key.uri);
|
|
518
|
+
}));
|
|
416
519
|
});
|
|
417
520
|
|
|
418
521
|
describe('#fetchKey(onBehalfOf)', () => {
|
|
419
522
|
let jim;
|
|
420
523
|
|
|
421
|
-
before('create compliance officer test user', () =>
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
524
|
+
before('create compliance officer test user', () =>
|
|
525
|
+
testUsers
|
|
526
|
+
.create({
|
|
527
|
+
count: 1,
|
|
528
|
+
config: {
|
|
529
|
+
roles: [{name: 'spark.kms_orgagent'}],
|
|
530
|
+
},
|
|
531
|
+
})
|
|
532
|
+
.then((users) => {
|
|
533
|
+
jim = users[0];
|
|
429
534
|
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
535
|
+
jim.webex = new WebexCore({
|
|
536
|
+
credentials: {
|
|
537
|
+
authorization: jim.token,
|
|
538
|
+
},
|
|
539
|
+
});
|
|
540
|
+
assert.isTrue(jim.webex.canAuthorize);
|
|
541
|
+
})
|
|
542
|
+
);
|
|
437
543
|
|
|
438
544
|
before('connect compliance officer to mercury', () => jim.webex.internal.mercury.connect());
|
|
439
545
|
|
|
@@ -441,62 +547,75 @@ describe('Encryption', function () {
|
|
|
441
547
|
|
|
442
548
|
let key;
|
|
443
549
|
|
|
444
|
-
it('retrieve key on behalf of another user', () =>
|
|
445
|
-
.
|
|
446
|
-
|
|
550
|
+
it('retrieve key on behalf of another user', () =>
|
|
551
|
+
spock.webex.internal.encryption.kms
|
|
552
|
+
.createUnboundKeys({count: 1})
|
|
553
|
+
.then(([k]) => {
|
|
554
|
+
key = k;
|
|
447
555
|
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
556
|
+
// Compliance Officer Jim fetches a key on behalf of Spock
|
|
557
|
+
return jim.webex.internal.encryption.kms.fetchKey({uri: key.uri, onBehalfOf: spock.id});
|
|
558
|
+
})
|
|
559
|
+
.then((key2) => {
|
|
560
|
+
assert.property(key2, 'uri');
|
|
561
|
+
assert.property(key2, 'jwk');
|
|
562
|
+
assert.notEqual(key2, key);
|
|
563
|
+
assert.equal(key2.uri, key.uri);
|
|
564
|
+
}));
|
|
457
565
|
|
|
458
|
-
it('retrieve key on behalf of self', () =>
|
|
459
|
-
.
|
|
460
|
-
|
|
566
|
+
it('retrieve key on behalf of self', () =>
|
|
567
|
+
jim.webex.internal.encryption.kms
|
|
568
|
+
.createUnboundKeys({count: 1})
|
|
569
|
+
.then(([k]) => {
|
|
570
|
+
key = k;
|
|
461
571
|
|
|
462
|
-
|
|
463
|
-
|
|
464
|
-
|
|
465
|
-
|
|
466
|
-
|
|
467
|
-
|
|
468
|
-
|
|
469
|
-
|
|
470
|
-
|
|
471
|
-
|
|
572
|
+
// Compliance Officer Jim fetches a key on behalf of himself
|
|
573
|
+
// This covers an edge case documented by https://jira-eng-gpk2.cisco.com/jira/browse/SPARK-240862.
|
|
574
|
+
return jim.webex.internal.encryption.kms.fetchKey({uri: key.uri, onBehalfOf: jim.id});
|
|
575
|
+
})
|
|
576
|
+
.then((key2) => {
|
|
577
|
+
assert.property(key2, 'uri');
|
|
578
|
+
assert.property(key2, 'jwk');
|
|
579
|
+
assert.notEqual(key2, key);
|
|
580
|
+
assert.equal(key2.uri, key.uri);
|
|
581
|
+
}));
|
|
472
582
|
|
|
473
583
|
// Spock creates the key and Jim is not in the KRO so he should not have access
|
|
474
|
-
it('retrieve key on behalf of self but self does not have access', () =>
|
|
475
|
-
.
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
|
|
479
|
-
return jim.webex.internal.encryption.kms.fetchKey({uri: key.uri, onBehalfOf: jim.id});
|
|
480
|
-
})
|
|
481
|
-
.then(() => {
|
|
482
|
-
expect.fail('It should not be possible to retrieve a key on behalf of another user without the spark.kms_orgagent role');
|
|
483
|
-
})
|
|
484
|
-
.catch((error) => {
|
|
485
|
-
// Expect a Forbidden error
|
|
486
|
-
expect(error.body.status).to.equal(403);
|
|
487
|
-
}));
|
|
584
|
+
it('retrieve key on behalf of self but self does not have access', () =>
|
|
585
|
+
spock.webex.internal.encryption.kms
|
|
586
|
+
.createUnboundKeys({count: 1})
|
|
587
|
+
.then(([k]) => {
|
|
588
|
+
key = k;
|
|
488
589
|
|
|
590
|
+
// Compliance Officer Jim fetches a key on behalf of himself but he is not in the KRO
|
|
591
|
+
return jim.webex.internal.encryption.kms.fetchKey({uri: key.uri, onBehalfOf: jim.id});
|
|
592
|
+
})
|
|
593
|
+
.then(() => {
|
|
594
|
+
expect.fail(
|
|
595
|
+
'It should not be possible to retrieve a key on behalf of another user without the spark.kms_orgagent role'
|
|
596
|
+
);
|
|
597
|
+
})
|
|
598
|
+
.catch((error) => {
|
|
599
|
+
// Expect a Forbidden error
|
|
600
|
+
expect(error.body.status).to.equal(403);
|
|
601
|
+
}));
|
|
489
602
|
|
|
490
|
-
it('error retrieving key, on behalf of another user, without spark.kms_orgagent role',
|
|
491
|
-
|
|
603
|
+
it('error retrieving key, on behalf of another user, without spark.kms_orgagent role', () =>
|
|
604
|
+
spock.webex.internal.encryption.kms
|
|
605
|
+
.createUnboundKeys({count: 1})
|
|
492
606
|
.then(([k]) => {
|
|
493
607
|
key = k;
|
|
494
608
|
|
|
495
609
|
// Normal user McCoy fails to fetch a key on behalf of Spock
|
|
496
|
-
return mccoy.webex.internal.encryption.kms.fetchKey({
|
|
610
|
+
return mccoy.webex.internal.encryption.kms.fetchKey({
|
|
611
|
+
uri: key.uri,
|
|
612
|
+
onBehalfOf: spock.id,
|
|
613
|
+
});
|
|
497
614
|
})
|
|
498
615
|
.then(() => {
|
|
499
|
-
expect.fail(
|
|
616
|
+
expect.fail(
|
|
617
|
+
'It should not be possible to retrieve a key on behalf of another user without the spark.kms_orgagent role'
|
|
618
|
+
);
|
|
500
619
|
})
|
|
501
620
|
.catch((error) => {
|
|
502
621
|
// Expect a Forbidden error
|
|
@@ -508,33 +627,35 @@ describe('Encryption', function () {
|
|
|
508
627
|
|
|
509
628
|
return Promise.all([
|
|
510
629
|
spock.webex.internal.encryption.kms.createUnboundKeys({count: 1}),
|
|
511
|
-
mccoy.webex.internal.encryption.kms.createUnboundKeys({count: 1})
|
|
512
|
-
])
|
|
513
|
-
|
|
514
|
-
|
|
515
|
-
|
|
516
|
-
|
|
517
|
-
|
|
518
|
-
|
|
519
|
-
|
|
520
|
-
|
|
521
|
-
|
|
522
|
-
|
|
523
|
-
|
|
524
|
-
|
|
525
|
-
|
|
526
|
-
|
|
527
|
-
|
|
528
|
-
|
|
529
|
-
|
|
530
|
-
|
|
531
|
-
|
|
630
|
+
mccoy.webex.internal.encryption.kms.createUnboundKeys({count: 1}),
|
|
631
|
+
])
|
|
632
|
+
.then(([[spockK], [mccoyK]]) => {
|
|
633
|
+
spockKey = spockK;
|
|
634
|
+
mccoyKey = mccoyK;
|
|
635
|
+
|
|
636
|
+
// Compliance Officer Jim fetches keys on behalf of users
|
|
637
|
+
return Promise.all([
|
|
638
|
+
jim.webex.internal.encryption.kms.fetchKey({uri: spockKey.uri, onBehalfOf: spock.id}),
|
|
639
|
+
jim.webex.internal.encryption.kms.fetchKey({uri: mccoyKey.uri, onBehalfOf: mccoy.id}),
|
|
640
|
+
]);
|
|
641
|
+
})
|
|
642
|
+
.then(([spockK, mccoyK]) => {
|
|
643
|
+
assert.property(spockK, 'uri');
|
|
644
|
+
assert.property(spockK, 'jwk');
|
|
645
|
+
assert.notEqual(spockK, spockKey);
|
|
646
|
+
assert.equal(spockK.uri, spockKey.uri);
|
|
647
|
+
|
|
648
|
+
assert.property(mccoyK, 'uri');
|
|
649
|
+
assert.property(mccoyK, 'jwk');
|
|
650
|
+
assert.notEqual(mccoyK, mccoyKey);
|
|
651
|
+
assert.equal(mccoyK.uri, mccoyKey.uri);
|
|
652
|
+
});
|
|
532
653
|
});
|
|
533
654
|
});
|
|
534
655
|
|
|
535
656
|
describe('#ping()', () => {
|
|
536
|
-
it('sends a ping to the kms', () =>
|
|
537
|
-
.then((res) => {
|
|
657
|
+
it('sends a ping to the kms', () =>
|
|
658
|
+
webex.internal.encryption.kms.ping().then((res) => {
|
|
538
659
|
assert.property(res, 'status');
|
|
539
660
|
assert.equal(res.status, 200);
|
|
540
661
|
assert.property(res, 'requestId');
|
|
@@ -544,15 +665,16 @@ describe('Encryption', function () {
|
|
|
544
665
|
describe('when ecdhe negotiation times out', () => {
|
|
545
666
|
let originalKmsTimeout, webex2, spy;
|
|
546
667
|
|
|
547
|
-
before('create test user', () =>
|
|
548
|
-
.then(([u]) => {
|
|
668
|
+
before('create test user', () =>
|
|
669
|
+
testUsers.create({count: 1}).then(([u]) => {
|
|
549
670
|
webex2 = new WebexCore({
|
|
550
671
|
credentials: {
|
|
551
|
-
authorization: u.token
|
|
552
|
-
}
|
|
672
|
+
authorization: u.token,
|
|
673
|
+
},
|
|
553
674
|
});
|
|
554
675
|
assert.isTrue(webex.canAuthorize);
|
|
555
|
-
})
|
|
676
|
+
})
|
|
677
|
+
);
|
|
556
678
|
|
|
557
679
|
after(() => webex2 && webex2.internal.mercury.disconnect());
|
|
558
680
|
|
|
@@ -568,14 +690,18 @@ describe('Encryption', function () {
|
|
|
568
690
|
|
|
569
691
|
afterEach(() => spy.restore());
|
|
570
692
|
|
|
571
|
-
it('handles late ecdhe responses', () =>
|
|
572
|
-
.then(() => {
|
|
693
|
+
it('handles late ecdhe responses', () =>
|
|
694
|
+
webex2.internal.encryption.kms.ping().then(() => {
|
|
573
695
|
// callCount should be at least 3:
|
|
574
696
|
// 1 for the initial ping message
|
|
575
697
|
// 1 when the ecdh key gets renegotiated
|
|
576
698
|
// 1 when the pings gets sent again
|
|
577
699
|
debug(`ecdhe: spy call count: ${spy.callCount}`);
|
|
578
|
-
assert.isAbove(
|
|
700
|
+
assert.isAbove(
|
|
701
|
+
spy.callCount,
|
|
702
|
+
2,
|
|
703
|
+
"If this test fails, we've made previously-assumed-to-be-impossible performance gains in cloudapps; please update this test accordingly."
|
|
704
|
+
);
|
|
579
705
|
}));
|
|
580
706
|
|
|
581
707
|
describe('when ecdhe is renegotiated', () => {
|
|
@@ -590,8 +716,8 @@ describe('Encryption', function () {
|
|
|
590
716
|
webex2.config.encryption.ecdhMaxTimeout = ecdhMaxTimeout;
|
|
591
717
|
});
|
|
592
718
|
|
|
593
|
-
it('limits the number of retries', () =>
|
|
594
|
-
.then(() => {
|
|
719
|
+
it('limits the number of retries', () =>
|
|
720
|
+
webex2.internal.encryption.kms.ping().then(() => {
|
|
595
721
|
debug(`retry: spy call count: ${spy.callCount}`);
|
|
596
722
|
assert.isBelow(spy.callCount, 5);
|
|
597
723
|
}));
|
|
@@ -601,34 +727,37 @@ describe('Encryption', function () {
|
|
|
601
727
|
describe('when the kms is in another org', () => {
|
|
602
728
|
let fedWebex;
|
|
603
729
|
|
|
604
|
-
before('create test user in other org', () =>
|
|
605
|
-
|
|
606
|
-
|
|
607
|
-
|
|
608
|
-
|
|
609
|
-
|
|
610
|
-
|
|
611
|
-
|
|
612
|
-
|
|
613
|
-
|
|
730
|
+
before('create test user in other org', () =>
|
|
731
|
+
testUsers
|
|
732
|
+
.create({
|
|
733
|
+
count: 1,
|
|
734
|
+
config: {
|
|
735
|
+
email: `webex-js-sdk--kms-fed--${uuid.v4()}@wx2.example.com`,
|
|
736
|
+
entitlements: ['webExSquared'],
|
|
737
|
+
orgId: 'kmsFederation',
|
|
738
|
+
},
|
|
739
|
+
})
|
|
740
|
+
.then((users) => {
|
|
741
|
+
const fedUser = users[0];
|
|
614
742
|
|
|
615
|
-
|
|
616
|
-
|
|
743
|
+
assert.equal(fedUser.orgId, '75dcf6c2-247d-4e3d-a32c-ff3ee28398eb');
|
|
744
|
+
assert.notEqual(fedUser.orgId, spock.orgId);
|
|
617
745
|
|
|
618
|
-
|
|
619
|
-
|
|
620
|
-
|
|
621
|
-
|
|
622
|
-
|
|
623
|
-
|
|
624
|
-
|
|
746
|
+
fedWebex = new WebexCore({
|
|
747
|
+
credentials: {
|
|
748
|
+
authorization: fedUser.token,
|
|
749
|
+
},
|
|
750
|
+
});
|
|
751
|
+
assert.isTrue(fedWebex.canAuthorize);
|
|
752
|
+
})
|
|
753
|
+
);
|
|
625
754
|
|
|
626
755
|
before('connect federated user to mercury', () => fedWebex.internal.mercury.connect());
|
|
627
756
|
|
|
628
757
|
after(() => fedWebex && fedWebex.internal.mercury.disconnect());
|
|
629
758
|
|
|
630
|
-
it('responds to pings', () =>
|
|
631
|
-
.then((res) => {
|
|
759
|
+
it('responds to pings', () =>
|
|
760
|
+
fedWebex.internal.encryption.kms.ping().then((res) => {
|
|
632
761
|
assert.property(res, 'status');
|
|
633
762
|
assert.equal(res.status, 200);
|
|
634
763
|
assert.property(res, 'requestId');
|
|
@@ -636,37 +765,35 @@ describe('Encryption', function () {
|
|
|
636
765
|
|
|
637
766
|
let key;
|
|
638
767
|
|
|
639
|
-
it('lets federated users retrieve keys from the main org', () =>
|
|
640
|
-
.
|
|
641
|
-
|
|
768
|
+
it('lets federated users retrieve keys from the main org', () =>
|
|
769
|
+
webex.internal.encryption.kms
|
|
770
|
+
.createUnboundKeys({count: 1})
|
|
771
|
+
.then(([k]) => {
|
|
772
|
+
key = k;
|
|
642
773
|
|
|
643
|
-
|
|
644
|
-
|
|
645
|
-
|
|
646
|
-
|
|
647
|
-
|
|
648
|
-
|
|
649
|
-
|
|
650
|
-
})
|
|
651
|
-
.then(() => fedWebex.internal.encryption.kms.fetchKey({uri: key.uri}))
|
|
652
|
-
.then((fedKey) => assert.equal(fedKey.keyUri, key.keyUri)));
|
|
774
|
+
return webex.internal.encryption.kms.createResource({
|
|
775
|
+
userIds: [webex.internal.device.userId, fedWebex.internal.device.userId],
|
|
776
|
+
key,
|
|
777
|
+
});
|
|
778
|
+
})
|
|
779
|
+
.then(() => fedWebex.internal.encryption.kms.fetchKey({uri: key.uri}))
|
|
780
|
+
.then((fedKey) => assert.equal(fedKey.keyUri, key.keyUri)));
|
|
653
781
|
|
|
654
782
|
let fedKey;
|
|
655
783
|
|
|
656
|
-
it('lets non-federated users retrieve keys from the federated org', () =>
|
|
657
|
-
.
|
|
658
|
-
|
|
784
|
+
it('lets non-federated users retrieve keys from the federated org', () =>
|
|
785
|
+
fedWebex.internal.encryption.kms
|
|
786
|
+
.createUnboundKeys({count: 1})
|
|
787
|
+
.then(([k]) => {
|
|
788
|
+
fedKey = k;
|
|
659
789
|
|
|
660
|
-
|
|
661
|
-
|
|
662
|
-
|
|
663
|
-
|
|
664
|
-
|
|
665
|
-
|
|
666
|
-
|
|
667
|
-
})
|
|
668
|
-
.then(() => webex.internal.encryption.kms.fetchKey({uri: fedKey.uri}))
|
|
669
|
-
.then((key) => assert.equal(key.keyUri, fedKey.keyUri)));
|
|
790
|
+
return fedWebex.internal.encryption.kms.createResource({
|
|
791
|
+
userIds: [fedWebex.internal.device.userId, webex.internal.device.userId],
|
|
792
|
+
key: fedKey,
|
|
793
|
+
});
|
|
794
|
+
})
|
|
795
|
+
.then(() => webex.internal.encryption.kms.fetchKey({uri: fedKey.uri}))
|
|
796
|
+
.then((key) => assert.equal(key.keyUri, fedKey.keyUri)));
|
|
670
797
|
});
|
|
671
798
|
});
|
|
672
799
|
});
|