@webex/internal-plugin-encryption 3.0.0-beta.8 → 3.0.0-bnr.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -3
- package/dist/config.js +0 -9
- package/dist/config.js.map +1 -1
- package/dist/encryption.js +9 -60
- package/dist/encryption.js.map +1 -1
- package/dist/ensure-buffer.browser.js +0 -12
- package/dist/ensure-buffer.browser.js.map +1 -1
- package/dist/ensure-buffer.js +5 -12
- package/dist/ensure-buffer.js.map +1 -1
- package/dist/index.js +7 -33
- package/dist/index.js.map +1 -1
- package/dist/kms-batcher.js +6 -30
- package/dist/kms-batcher.js.map +1 -1
- package/dist/kms-certificate-validation.js +20 -88
- package/dist/kms-certificate-validation.js.map +1 -1
- package/dist/kms-dry-error-interceptor.js +1 -23
- package/dist/kms-dry-error-interceptor.js.map +1 -1
- package/dist/kms-errors.js +3 -50
- package/dist/kms-errors.js.map +1 -1
- package/dist/kms.js +74 -213
- package/dist/kms.js.map +1 -1
- package/dist/types/config.d.ts +16 -0
- package/dist/types/encryption.d.ts +2 -0
- package/dist/types/ensure-buffer.browser.d.ts +10 -0
- package/dist/types/ensure-buffer.d.ts +7 -0
- package/dist/types/index.d.ts +3 -0
- package/dist/types/kms-batcher.d.ts +6 -0
- package/dist/types/kms-certificate-validation.d.ts +24 -0
- package/dist/types/kms-dry-error-interceptor.d.ts +25 -0
- package/dist/types/kms-errors.d.ts +33 -0
- package/dist/types/kms.d.ts +5 -0
- package/package.json +15 -15
- package/src/config.js +3 -3
- package/src/encryption.js +66 -56
- package/src/ensure-buffer.browser.js +0 -1
- package/src/ensure-buffer.js +5 -5
- package/src/index.js +120 -96
- package/src/kms-batcher.js +50 -44
- package/src/kms-certificate-validation.js +45 -47
- package/src/kms-dry-error-interceptor.js +8 -4
- package/src/kms-errors.js +19 -16
- package/src/kms.js +210 -206
- package/test/integration/spec/encryption.js +311 -230
- package/test/integration/spec/kms.js +532 -404
- package/test/integration/spec/payload-transfom.js +69 -69
- package/test/unit/spec/encryption.js +16 -13
- package/test/unit/spec/kms-certificate-validation.js +41 -32
|
@@ -42,13 +42,13 @@ describe('Encryption', function () {
|
|
|
42
42
|
return window.btoa(binary);
|
|
43
43
|
}
|
|
44
44
|
|
|
45
|
-
before('create test user', () =>
|
|
46
|
-
.then((users) => {
|
|
45
|
+
before('create test user', () =>
|
|
46
|
+
testUsers.create({count: 2, config: {roles: [{name: 'id_full_admin'}]}}).then((users) => {
|
|
47
47
|
spock = users[0];
|
|
48
48
|
webex = new WebexCore({
|
|
49
49
|
credentials: {
|
|
50
|
-
authorization: spock.token
|
|
51
|
-
}
|
|
50
|
+
authorization: spock.token,
|
|
51
|
+
},
|
|
52
52
|
});
|
|
53
53
|
spock.webex = webex;
|
|
54
54
|
assert.isTrue(webex.canAuthorize);
|
|
@@ -56,89 +56,104 @@ describe('Encryption', function () {
|
|
|
56
56
|
mccoy = users[1];
|
|
57
57
|
mccoy.webex = new WebexCore({
|
|
58
58
|
credentials: {
|
|
59
|
-
authorization: mccoy.token
|
|
60
|
-
}
|
|
59
|
+
authorization: mccoy.token,
|
|
60
|
+
},
|
|
61
61
|
});
|
|
62
62
|
|
|
63
63
|
assert.isTrue(mccoy.webex.canAuthorize);
|
|
64
64
|
|
|
65
65
|
return mccoy.webex.internal.device.register();
|
|
66
|
-
})
|
|
66
|
+
})
|
|
67
|
+
);
|
|
67
68
|
|
|
68
69
|
after(() => webex && webex.internal.mercury.disconnect());
|
|
69
70
|
|
|
70
71
|
let expiredUser;
|
|
71
72
|
|
|
72
73
|
// TODO: Re-enable SPARK-133280
|
|
73
|
-
it.skip('errs using an invalid token', () =>
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
74
|
+
it.skip('errs using an invalid token', () =>
|
|
75
|
+
testUsers
|
|
76
|
+
.create({count: 1})
|
|
77
|
+
.then((users) => {
|
|
78
|
+
[expiredUser] = users;
|
|
79
|
+
expiredUser.webex = new WebexCore({
|
|
80
|
+
credentials: {
|
|
81
|
+
authorization: 'invalidToken',
|
|
82
|
+
},
|
|
83
|
+
});
|
|
84
|
+
expiredUser.webex.internal.device.register();
|
|
85
|
+
})
|
|
86
|
+
.then(() => expiredUser.webex.internal.encryption.kms.createUnboundKeys({count: 1}))
|
|
87
|
+
.catch((err) => {
|
|
88
|
+
assert.equal(err.statusCode, 401);
|
|
89
|
+
}));
|
|
87
90
|
|
|
88
91
|
describe('#createResource()', () => {
|
|
89
|
-
it('creates a kms resource object', () =>
|
|
90
|
-
.then(([key]) =>
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
92
|
+
it('creates a kms resource object', () =>
|
|
93
|
+
webex.internal.encryption.kms.createUnboundKeys({count: 1}).then(([key]) =>
|
|
94
|
+
webex.internal.encryption.kms
|
|
95
|
+
.createResource({
|
|
96
|
+
userIds: [webex.internal.device.userId],
|
|
97
|
+
key,
|
|
98
|
+
})
|
|
99
|
+
.then((kro) => {
|
|
100
|
+
assert.property(kro, 'uri');
|
|
101
|
+
assert.property(kro, 'keyUris');
|
|
102
|
+
assert.lengthOf(kro.keyUris, 1);
|
|
103
|
+
assert.include(kro.keyUris, key.uri);
|
|
104
|
+
assert.property(kro, 'authorizationUris');
|
|
105
|
+
assert.lengthOf(kro.authorizationUris, 1);
|
|
106
|
+
})
|
|
107
|
+
));
|
|
102
108
|
});
|
|
103
109
|
|
|
104
110
|
describe('#addAuthorization()', () => {
|
|
105
111
|
let boundedKeyUri, kro, otherKro;
|
|
106
112
|
|
|
107
|
-
before('create a resource', () =>
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
113
|
+
before('create a resource', () =>
|
|
114
|
+
webex.internal.encryption.kms
|
|
115
|
+
.createUnboundKeys({count: 1})
|
|
116
|
+
.then(([key]) =>
|
|
117
|
+
webex.internal.encryption.kms.createResource({
|
|
118
|
+
key,
|
|
119
|
+
})
|
|
120
|
+
)
|
|
121
|
+
.then((k) => {
|
|
122
|
+
kro = k;
|
|
123
|
+
boundedKeyUri = kro.keyUris[0];
|
|
124
|
+
assert.lengthOf(kro.authorizationUris, 1);
|
|
125
|
+
})
|
|
126
|
+
);
|
|
116
127
|
|
|
117
|
-
it('authorizes a user to a key', () =>
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
128
|
+
it('authorizes a user to a key', () =>
|
|
129
|
+
webex.internal.encryption.kms
|
|
130
|
+
.addAuthorization({
|
|
131
|
+
userIds: [mccoy.webex.internal.device.userId],
|
|
132
|
+
kroUri: kro.uri,
|
|
133
|
+
})
|
|
134
|
+
.then(([auth]) => {
|
|
135
|
+
assert.equal(auth.resourceUri, kro.uri);
|
|
136
|
+
assert.equal(auth.authId, mccoy.webex.internal.device.userId);
|
|
124
137
|
|
|
125
|
-
|
|
126
|
-
|
|
138
|
+
return mccoy.webex.internal.encryption.kms.fetchKey({uri: boundedKeyUri});
|
|
139
|
+
}));
|
|
127
140
|
|
|
128
|
-
it('authorizes a resource to a key', () =>
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
141
|
+
it('authorizes a resource to a key', () =>
|
|
142
|
+
webex.internal.encryption.kms
|
|
143
|
+
.createUnboundKeys({count: 1})
|
|
144
|
+
.then(([key]) => webex.internal.encryption.kms.createResource({key}))
|
|
145
|
+
.then((k) => {
|
|
146
|
+
otherKro = k;
|
|
132
147
|
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
148
|
+
return webex.internal.encryption.kms.addAuthorization({
|
|
149
|
+
authIds: [otherKro.uri],
|
|
150
|
+
kro,
|
|
151
|
+
});
|
|
152
|
+
})
|
|
153
|
+
.then(([auth]) => {
|
|
154
|
+
assert.equal(auth.resourceUri, kro.uri);
|
|
155
|
+
assert.equal(auth.authId, otherKro.uri);
|
|
156
|
+
}));
|
|
142
157
|
});
|
|
143
158
|
|
|
144
159
|
/**
|
|
@@ -153,61 +168,87 @@ describe('Encryption', function () {
|
|
|
153
168
|
let boundedKeyUri, kro, otherKro;
|
|
154
169
|
let testResourceId;
|
|
155
170
|
|
|
156
|
-
before('creates a resource', () =>
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
.then(([auth]) => {
|
|
171
|
-
assert.equal(auth.resourceUri, kro.uri);
|
|
172
|
-
assert.equal(auth.authId, mccoy.webex.internal.device.userId);
|
|
173
|
-
|
|
174
|
-
return mccoy.webex.internal.encryption.kms.fetchKey({uri: boundedKeyUri});
|
|
175
|
-
}));
|
|
176
|
-
|
|
177
|
-
before('authorizes a resource to a key', () => webex.internal.encryption.kms.createUnboundKeys({count: 1})
|
|
178
|
-
.then(([key]) => webex.internal.encryption.kms.createResource({key}))
|
|
179
|
-
.then((k) => {
|
|
180
|
-
otherKro = k;
|
|
181
|
-
testResourceId = otherKro.uri;
|
|
171
|
+
before('creates a resource', () =>
|
|
172
|
+
webex.internal.encryption.kms
|
|
173
|
+
.createUnboundKeys({count: 1})
|
|
174
|
+
.then(([key]) =>
|
|
175
|
+
webex.internal.encryption.kms.createResource({
|
|
176
|
+
key,
|
|
177
|
+
})
|
|
178
|
+
)
|
|
179
|
+
.then((k) => {
|
|
180
|
+
kro = k;
|
|
181
|
+
boundedKeyUri = kro.keyUris[0];
|
|
182
|
+
assert.lengthOf(kro.authorizationUris, 1);
|
|
183
|
+
})
|
|
184
|
+
);
|
|
182
185
|
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
186
|
+
before('authorizes a user to a key', () =>
|
|
187
|
+
webex.internal.encryption.kms
|
|
188
|
+
.addAuthorization({
|
|
189
|
+
userIds: [mccoy.webex.internal.device.userId],
|
|
190
|
+
kroUri: kro.uri,
|
|
191
|
+
})
|
|
192
|
+
.then(([auth]) => {
|
|
193
|
+
assert.equal(auth.resourceUri, kro.uri);
|
|
194
|
+
assert.equal(auth.authId, mccoy.webex.internal.device.userId);
|
|
192
195
|
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
196
|
+
return mccoy.webex.internal.encryption.kms.fetchKey({uri: boundedKeyUri});
|
|
197
|
+
})
|
|
198
|
+
);
|
|
199
|
+
|
|
200
|
+
before('authorizes a resource to a key', () =>
|
|
201
|
+
webex.internal.encryption.kms
|
|
202
|
+
.createUnboundKeys({count: 1})
|
|
203
|
+
.then(([key]) => webex.internal.encryption.kms.createResource({key}))
|
|
204
|
+
.then((k) => {
|
|
205
|
+
otherKro = k;
|
|
206
|
+
testResourceId = otherKro.uri;
|
|
207
|
+
|
|
208
|
+
return webex.internal.encryption.kms.addAuthorization({
|
|
209
|
+
authIds: [testResourceId],
|
|
210
|
+
kro,
|
|
211
|
+
});
|
|
212
|
+
})
|
|
213
|
+
.then(([auth]) => {
|
|
214
|
+
assert.equal(auth.resourceUri, kro.uri);
|
|
215
|
+
assert.equal(auth.authId, otherKro.uri);
|
|
216
|
+
})
|
|
217
|
+
);
|
|
218
|
+
|
|
219
|
+
it('list authorizations', () =>
|
|
220
|
+
webex.internal.encryption.kms
|
|
221
|
+
.listAuthorizations({kroUri: kro.uri})
|
|
222
|
+
.then((authorizations) => {
|
|
223
|
+
assert.equal(authorizations.length, 3);
|
|
224
|
+
assert.include(
|
|
225
|
+
authorizations.map((a) => a.authId),
|
|
226
|
+
mccoy.webex.internal.device.userId
|
|
227
|
+
);
|
|
228
|
+
assert.include(
|
|
229
|
+
authorizations.map((a) => a.authId),
|
|
230
|
+
spock.id
|
|
231
|
+
);
|
|
232
|
+
assert.include(
|
|
233
|
+
authorizations.map((a) => a.resourceUri),
|
|
234
|
+
testResourceId
|
|
235
|
+
);
|
|
236
|
+
assert.include(
|
|
237
|
+
authorizations.map((a) => a.resourceUri),
|
|
238
|
+
kro.uri
|
|
239
|
+
);
|
|
240
|
+
}));
|
|
201
241
|
|
|
202
|
-
it('rejects normally for users that are not authorized', () =>
|
|
203
|
-
.then(([user]) => {
|
|
242
|
+
it('rejects normally for users that are not authorized', () =>
|
|
243
|
+
testUsers.create({count: 1}).then(([user]) => {
|
|
204
244
|
const us = new WebexCore({
|
|
205
245
|
credentials: {
|
|
206
|
-
authorization: user.token
|
|
207
|
-
}
|
|
246
|
+
authorization: user.token,
|
|
247
|
+
},
|
|
208
248
|
});
|
|
209
249
|
|
|
210
|
-
return assert
|
|
250
|
+
return assert
|
|
251
|
+
.isRejected(us.internal.encryption.kms.listAuthorizations({kroUri: kro.uri}))
|
|
211
252
|
.then((err) => {
|
|
212
253
|
console.error(err);
|
|
213
254
|
assert.equal(err.status, 403, 'We should get a Not Authorized response from kms');
|
|
@@ -215,119 +256,161 @@ describe('Encryption', function () {
|
|
|
215
256
|
.then(() => us.internal.mercury.disconnect());
|
|
216
257
|
}));
|
|
217
258
|
|
|
218
|
-
it('remove the user and verify this user is not in the authorization list ', () =>
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
259
|
+
it('remove the user and verify this user is not in the authorization list ', () =>
|
|
260
|
+
webex.internal.encryption.kms
|
|
261
|
+
.removeAuthorization({
|
|
262
|
+
userId: mccoy.webex.internal.device.userId,
|
|
263
|
+
kroUri: kro.uri,
|
|
264
|
+
})
|
|
265
|
+
.then(([auth]) => {
|
|
266
|
+
assert.equal(auth.resourceUri, kro.uri);
|
|
267
|
+
assert.equal(auth.authId, mccoy.webex.internal.device.userId);
|
|
268
|
+
|
|
269
|
+
return webex.internal.encryption.kms
|
|
270
|
+
.listAuthorizations({kro})
|
|
271
|
+
.then((authorizations) => {
|
|
272
|
+
assert.equal(authorizations.length, 2);
|
|
273
|
+
assert.include(
|
|
274
|
+
authorizations.map((a) => a.authId),
|
|
275
|
+
spock.id
|
|
276
|
+
);
|
|
277
|
+
assert.include(
|
|
278
|
+
authorizations.map((a) => a.resourceUri),
|
|
279
|
+
testResourceId
|
|
280
|
+
);
|
|
281
|
+
assert.include(
|
|
282
|
+
authorizations.map((a) => a.resourceUri),
|
|
283
|
+
kro.uri
|
|
284
|
+
);
|
|
285
|
+
});
|
|
286
|
+
}));
|
|
234
287
|
|
|
235
|
-
it('remove the resource and verify this resource is not in the authorizaiton list', () =>
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
288
|
+
it('remove the resource and verify this resource is not in the authorizaiton list', () =>
|
|
289
|
+
webex.internal.encryption.kms
|
|
290
|
+
.removeAuthorization({
|
|
291
|
+
userId: testResourceId,
|
|
292
|
+
kroUri: kro.uri,
|
|
293
|
+
})
|
|
294
|
+
.then(([auth]) => {
|
|
295
|
+
assert.equal(auth.resourceUri, kro.uri);
|
|
296
|
+
assert.equal(auth.authId, testResourceId);
|
|
297
|
+
|
|
298
|
+
return webex.internal.encryption.kms
|
|
299
|
+
.listAuthorizations({kroUri: kro.uri})
|
|
300
|
+
.then((authorizations) => {
|
|
301
|
+
assert.equal(authorizations.length, 1);
|
|
302
|
+
assert.include(
|
|
303
|
+
authorizations.map((a) => a.authId),
|
|
304
|
+
spock.id
|
|
305
|
+
);
|
|
306
|
+
assert.include(
|
|
307
|
+
authorizations.map((a) => a.resourceUri),
|
|
308
|
+
kro.uri
|
|
309
|
+
);
|
|
310
|
+
});
|
|
311
|
+
}));
|
|
250
312
|
});
|
|
251
313
|
|
|
252
314
|
describe('#removeAuthorization()', () => {
|
|
253
315
|
let boundedKeyUri, kro, otherKro;
|
|
254
316
|
|
|
255
|
-
before('create resource', () =>
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
317
|
+
before('create resource', () =>
|
|
318
|
+
webex.internal.encryption.kms
|
|
319
|
+
.createUnboundKeys({count: 1})
|
|
320
|
+
.then(([key]) =>
|
|
321
|
+
webex.internal.encryption.kms.createResource({
|
|
322
|
+
key,
|
|
323
|
+
})
|
|
324
|
+
)
|
|
325
|
+
.then((k) => {
|
|
326
|
+
kro = k;
|
|
327
|
+
boundedKeyUri = kro.keyUris[0];
|
|
328
|
+
assert.lengthOf(kro.authorizationUris, 1);
|
|
329
|
+
})
|
|
330
|
+
);
|
|
331
|
+
|
|
332
|
+
before('create another resource', () =>
|
|
333
|
+
webex.internal.encryption.kms
|
|
334
|
+
.createUnboundKeys({count: 1})
|
|
335
|
+
.then(([key]) =>
|
|
336
|
+
webex.internal.encryption.kms.createResource({
|
|
337
|
+
key,
|
|
338
|
+
})
|
|
339
|
+
)
|
|
340
|
+
.then((k) => {
|
|
341
|
+
otherKro = k;
|
|
342
|
+
})
|
|
343
|
+
);
|
|
272
344
|
|
|
273
|
-
before('add auths to resource', () =>
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
345
|
+
before('add auths to resource', () =>
|
|
346
|
+
webex.internal.encryption.kms
|
|
347
|
+
.addAuthorization({
|
|
348
|
+
authIds: [otherKro.uri, mccoy.webex.internal.device.userId],
|
|
349
|
+
kro,
|
|
350
|
+
})
|
|
351
|
+
.then(([kroAuth, userAuth]) => {
|
|
352
|
+
assert.equal(kroAuth.authId, otherKro.uri);
|
|
353
|
+
assert.equal(userAuth.authId, mccoy.webex.internal.device.userId);
|
|
354
|
+
})
|
|
355
|
+
);
|
|
281
356
|
|
|
282
|
-
it('deauthorizes a user from a key', () =>
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
357
|
+
it('deauthorizes a user from a key', () =>
|
|
358
|
+
webex.internal.encryption.kms
|
|
359
|
+
.removeAuthorization({
|
|
360
|
+
userId: mccoy.webex.internal.device.userId,
|
|
361
|
+
kroUri: kro.uri,
|
|
362
|
+
})
|
|
363
|
+
.then(([auth]) => {
|
|
364
|
+
assert.equal(auth.resourceUri, kro.uri);
|
|
365
|
+
assert.equal(auth.authId, mccoy.webex.internal.device.userId);
|
|
289
366
|
|
|
290
|
-
|
|
291
|
-
|
|
367
|
+
return assert.isRejected(
|
|
368
|
+
mccoy.webex.internal.encryption.kms.fetchKey({uri: boundedKeyUri})
|
|
369
|
+
);
|
|
370
|
+
}));
|
|
292
371
|
|
|
293
|
-
it('deauthorizes a resource from a key', () =>
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
372
|
+
it('deauthorizes a resource from a key', () =>
|
|
373
|
+
webex.internal.encryption.kms
|
|
374
|
+
.removeAuthorization({
|
|
375
|
+
authId: otherKro.uri,
|
|
376
|
+
kro,
|
|
377
|
+
})
|
|
378
|
+
.then(([auth]) => {
|
|
379
|
+
assert.equal(auth.resourceUri, kro.uri);
|
|
380
|
+
assert.equal(auth.authId, otherKro.uri);
|
|
381
|
+
}));
|
|
301
382
|
});
|
|
302
383
|
|
|
303
384
|
describe('#bindKey()', () => {
|
|
304
385
|
let key2, kro;
|
|
305
386
|
|
|
306
|
-
it('binds a resource to a key', () =>
|
|
307
|
-
.
|
|
308
|
-
|
|
387
|
+
it('binds a resource to a key', () =>
|
|
388
|
+
webex.internal.encryption.kms
|
|
389
|
+
.createUnboundKeys({count: 2})
|
|
390
|
+
.then((keys) => {
|
|
391
|
+
key2 = keys[1];
|
|
309
392
|
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
393
|
+
return webex.internal.encryption.kms.createResource({
|
|
394
|
+
userIds: [webex.internal.device.userId],
|
|
395
|
+
key: keys[0],
|
|
396
|
+
});
|
|
397
|
+
})
|
|
398
|
+
.then((k) => {
|
|
399
|
+
kro = k;
|
|
317
400
|
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
401
|
+
return webex.internal.encryption.kms.bindKey({kro, key: key2});
|
|
402
|
+
})
|
|
403
|
+
.then((key) => {
|
|
404
|
+
assert.equal(key.uri, key2.uri);
|
|
405
|
+
assert.property(key, 'bindDate');
|
|
406
|
+
assert.property(key, 'resourceUri');
|
|
407
|
+
assert.equal(key.resourceUri, kro.uri);
|
|
408
|
+
}));
|
|
326
409
|
});
|
|
327
410
|
|
|
328
411
|
describe('#createUnboundKeys()', () => {
|
|
329
|
-
it('requests unbound keys from the KMS', () =>
|
|
330
|
-
.then((keys) => {
|
|
412
|
+
it('requests unbound keys from the KMS', () =>
|
|
413
|
+
webex.internal.encryption.kms.createUnboundKeys({count: 2}).then((keys) => {
|
|
331
414
|
assert.lengthOf(keys, 2);
|
|
332
415
|
|
|
333
416
|
const [key1, key2] = keys;
|
|
@@ -343,97 +426,121 @@ describe('Encryption', function () {
|
|
|
343
426
|
let uploadedkeyId;
|
|
344
427
|
|
|
345
428
|
/* eslint-disable no-unused-expressions */
|
|
346
|
-
skipInBrowser(it)('upload customer master key', () =>
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
354
|
-
|
|
355
|
-
|
|
356
|
-
|
|
357
|
-
|
|
358
|
-
|
|
359
|
-
|
|
360
|
-
|
|
361
|
-
|
|
362
|
-
|
|
363
|
-
|
|
364
|
-
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
429
|
+
skipInBrowser(it)('upload customer master key', () =>
|
|
430
|
+
webex.internal.encryption.kms
|
|
431
|
+
.deleteAllCustomerMasterKeys({assignedOrgId: spock.orgId})
|
|
432
|
+
.then(() => webex.internal.encryption.kms.fetchPublicKey({assignedOrgId: spock.orgId}))
|
|
433
|
+
.then((publicKey) => {
|
|
434
|
+
assert.isNotEmpty(publicKey);
|
|
435
|
+
const pemHeader = '-----BEGIN PUBLIC KEY-----';
|
|
436
|
+
const pemFooter = '-----END PUBLIC KEY-----';
|
|
437
|
+
const publicContent = publicKey.substring(
|
|
438
|
+
pemHeader.length,
|
|
439
|
+
publicKey.length - pemFooter.length
|
|
440
|
+
);
|
|
441
|
+
const binaryDerString = window.atob(publicContent);
|
|
442
|
+
// convert from a binary string to an ArrayBuffer
|
|
443
|
+
const binaryDer = str2ab(binaryDerString);
|
|
444
|
+
|
|
445
|
+
return window.crypto.subtle.importKey(
|
|
446
|
+
'spki',
|
|
447
|
+
binaryDer,
|
|
448
|
+
{
|
|
449
|
+
name: 'RSA-OAEP',
|
|
450
|
+
hash: 'SHA-256',
|
|
451
|
+
},
|
|
452
|
+
true,
|
|
453
|
+
['encrypt']
|
|
454
|
+
);
|
|
455
|
+
})
|
|
456
|
+
.then((publicKey) => {
|
|
457
|
+
const buf = window.crypto.getRandomValues(new Uint8Array(16));
|
|
458
|
+
|
|
459
|
+
return window.crypto.subtle.encrypt(
|
|
460
|
+
{
|
|
461
|
+
name: 'RSA-OAEP',
|
|
462
|
+
},
|
|
463
|
+
publicKey,
|
|
464
|
+
buf
|
|
465
|
+
);
|
|
466
|
+
})
|
|
467
|
+
.then((encryptedData) =>
|
|
468
|
+
webex.internal.encryption.kms.uploadCustomerMasterKey({
|
|
469
|
+
assignedOrgId: spock.orgId,
|
|
470
|
+
customerMasterKey: arrayBufferToBase64(encryptedData),
|
|
471
|
+
})
|
|
472
|
+
)
|
|
473
|
+
.then((uploadRes) => {
|
|
474
|
+
uploadedkeyId = uploadRes.customerMasterKeys[0].uri;
|
|
382
475
|
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
476
|
+
return webex.internal.encryption.kms.listAllCustomerMasterKey({
|
|
477
|
+
assignedOrgId: spock.orgId,
|
|
478
|
+
});
|
|
479
|
+
})
|
|
480
|
+
.then((listCmksRes) => {
|
|
481
|
+
const cmks = listCmksRes.customerMasterKeys;
|
|
482
|
+
const uploadedCmk = cmks.find((cmk) => cmk.uri === uploadedkeyId);
|
|
388
483
|
|
|
389
|
-
|
|
484
|
+
expect(uploadedCmk).to.not.be.null;
|
|
390
485
|
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
394
|
-
|
|
486
|
+
return webex.internal.encryption.kms.changeCustomerMasterKeyState({
|
|
487
|
+
keyId: uploadedkeyId,
|
|
488
|
+
keyState: 'ACTIVE',
|
|
489
|
+
assignedOrgId: spock.orgId,
|
|
490
|
+
});
|
|
491
|
+
})
|
|
492
|
+
.then((activeRes) => {
|
|
493
|
+
expect(activeRes.customerMasterKeys[0].usageState).to.have.string('ACTIVE');
|
|
395
494
|
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
495
|
+
// return webex.internal.encryption.kms.useGlobalMasterKey({assignedOrgId: spock.orgId});
|
|
496
|
+
return webex.internal.encryption.kms.deleteAllCustomerMasterKeys({
|
|
497
|
+
assignedOrgId: spock.orgId,
|
|
498
|
+
});
|
|
499
|
+
})
|
|
500
|
+
);
|
|
399
501
|
});
|
|
400
502
|
|
|
401
503
|
describe('#fetchKey()', () => {
|
|
402
504
|
let key;
|
|
403
505
|
|
|
404
|
-
it('retrieves a specific key', () =>
|
|
405
|
-
.
|
|
406
|
-
|
|
506
|
+
it('retrieves a specific key', () =>
|
|
507
|
+
webex.internal.encryption.kms
|
|
508
|
+
.createUnboundKeys({count: 1})
|
|
509
|
+
.then(([k]) => {
|
|
510
|
+
key = k;
|
|
407
511
|
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
|
|
512
|
+
return webex.internal.encryption.kms.fetchKey({uri: key.uri});
|
|
513
|
+
})
|
|
514
|
+
.then((key2) => {
|
|
515
|
+
assert.property(key2, 'uri');
|
|
516
|
+
assert.property(key2, 'jwk');
|
|
517
|
+
assert.notEqual(key2, key);
|
|
518
|
+
assert.equal(key2.uri, key.uri);
|
|
519
|
+
}));
|
|
416
520
|
});
|
|
417
521
|
|
|
418
522
|
describe('#fetchKey(onBehalfOf)', () => {
|
|
419
523
|
let jim;
|
|
420
524
|
|
|
421
|
-
before('create compliance officer test user', () =>
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
525
|
+
before('create compliance officer test user', () =>
|
|
526
|
+
testUsers
|
|
527
|
+
.create({
|
|
528
|
+
count: 1,
|
|
529
|
+
config: {
|
|
530
|
+
roles: [{name: 'spark.kms_orgagent'}],
|
|
531
|
+
},
|
|
532
|
+
})
|
|
533
|
+
.then((users) => {
|
|
534
|
+
jim = users[0];
|
|
429
535
|
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
536
|
+
jim.webex = new WebexCore({
|
|
537
|
+
credentials: {
|
|
538
|
+
authorization: jim.token,
|
|
539
|
+
},
|
|
540
|
+
});
|
|
541
|
+
assert.isTrue(jim.webex.canAuthorize);
|
|
542
|
+
})
|
|
543
|
+
);
|
|
437
544
|
|
|
438
545
|
before('connect compliance officer to mercury', () => jim.webex.internal.mercury.connect());
|
|
439
546
|
|
|
@@ -441,62 +548,75 @@ describe('Encryption', function () {
|
|
|
441
548
|
|
|
442
549
|
let key;
|
|
443
550
|
|
|
444
|
-
it('retrieve key on behalf of another user', () =>
|
|
445
|
-
.
|
|
446
|
-
|
|
551
|
+
it('retrieve key on behalf of another user', () =>
|
|
552
|
+
spock.webex.internal.encryption.kms
|
|
553
|
+
.createUnboundKeys({count: 1})
|
|
554
|
+
.then(([k]) => {
|
|
555
|
+
key = k;
|
|
447
556
|
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
557
|
+
// Compliance Officer Jim fetches a key on behalf of Spock
|
|
558
|
+
return jim.webex.internal.encryption.kms.fetchKey({uri: key.uri, onBehalfOf: spock.id});
|
|
559
|
+
})
|
|
560
|
+
.then((key2) => {
|
|
561
|
+
assert.property(key2, 'uri');
|
|
562
|
+
assert.property(key2, 'jwk');
|
|
563
|
+
assert.notEqual(key2, key);
|
|
564
|
+
assert.equal(key2.uri, key.uri);
|
|
565
|
+
}));
|
|
457
566
|
|
|
458
|
-
it('retrieve key on behalf of self', () =>
|
|
459
|
-
.
|
|
460
|
-
|
|
567
|
+
it('retrieve key on behalf of self', () =>
|
|
568
|
+
jim.webex.internal.encryption.kms
|
|
569
|
+
.createUnboundKeys({count: 1})
|
|
570
|
+
.then(([k]) => {
|
|
571
|
+
key = k;
|
|
461
572
|
|
|
462
|
-
|
|
463
|
-
|
|
464
|
-
|
|
465
|
-
|
|
466
|
-
|
|
467
|
-
|
|
468
|
-
|
|
469
|
-
|
|
470
|
-
|
|
471
|
-
|
|
573
|
+
// Compliance Officer Jim fetches a key on behalf of himself
|
|
574
|
+
// This covers an edge case documented by https://jira-eng-gpk2.cisco.com/jira/browse/SPARK-240862.
|
|
575
|
+
return jim.webex.internal.encryption.kms.fetchKey({uri: key.uri, onBehalfOf: jim.id});
|
|
576
|
+
})
|
|
577
|
+
.then((key2) => {
|
|
578
|
+
assert.property(key2, 'uri');
|
|
579
|
+
assert.property(key2, 'jwk');
|
|
580
|
+
assert.notEqual(key2, key);
|
|
581
|
+
assert.equal(key2.uri, key.uri);
|
|
582
|
+
}));
|
|
472
583
|
|
|
473
584
|
// Spock creates the key and Jim is not in the KRO so he should not have access
|
|
474
|
-
it('retrieve key on behalf of self but self does not have access', () =>
|
|
475
|
-
.
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
|
|
479
|
-
return jim.webex.internal.encryption.kms.fetchKey({uri: key.uri, onBehalfOf: jim.id});
|
|
480
|
-
})
|
|
481
|
-
.then(() => {
|
|
482
|
-
expect.fail('It should not be possible to retrieve a key on behalf of another user without the spark.kms_orgagent role');
|
|
483
|
-
})
|
|
484
|
-
.catch((error) => {
|
|
485
|
-
// Expect a Forbidden error
|
|
486
|
-
expect(error.body.status).to.equal(403);
|
|
487
|
-
}));
|
|
585
|
+
it('retrieve key on behalf of self but self does not have access', () =>
|
|
586
|
+
spock.webex.internal.encryption.kms
|
|
587
|
+
.createUnboundKeys({count: 1})
|
|
588
|
+
.then(([k]) => {
|
|
589
|
+
key = k;
|
|
488
590
|
|
|
591
|
+
// Compliance Officer Jim fetches a key on behalf of himself but he is not in the KRO
|
|
592
|
+
return jim.webex.internal.encryption.kms.fetchKey({uri: key.uri, onBehalfOf: jim.id});
|
|
593
|
+
})
|
|
594
|
+
.then(() => {
|
|
595
|
+
expect.fail(
|
|
596
|
+
'It should not be possible to retrieve a key on behalf of another user without the spark.kms_orgagent role'
|
|
597
|
+
);
|
|
598
|
+
})
|
|
599
|
+
.catch((error) => {
|
|
600
|
+
// Expect a Forbidden error
|
|
601
|
+
expect(error.body.status).to.equal(403);
|
|
602
|
+
}));
|
|
489
603
|
|
|
490
|
-
it('error retrieving key, on behalf of another user, without spark.kms_orgagent role',
|
|
491
|
-
|
|
604
|
+
it('error retrieving key, on behalf of another user, without spark.kms_orgagent role', () =>
|
|
605
|
+
spock.webex.internal.encryption.kms
|
|
606
|
+
.createUnboundKeys({count: 1})
|
|
492
607
|
.then(([k]) => {
|
|
493
608
|
key = k;
|
|
494
609
|
|
|
495
610
|
// Normal user McCoy fails to fetch a key on behalf of Spock
|
|
496
|
-
return mccoy.webex.internal.encryption.kms.fetchKey({
|
|
611
|
+
return mccoy.webex.internal.encryption.kms.fetchKey({
|
|
612
|
+
uri: key.uri,
|
|
613
|
+
onBehalfOf: spock.id,
|
|
614
|
+
});
|
|
497
615
|
})
|
|
498
616
|
.then(() => {
|
|
499
|
-
expect.fail(
|
|
617
|
+
expect.fail(
|
|
618
|
+
'It should not be possible to retrieve a key on behalf of another user without the spark.kms_orgagent role'
|
|
619
|
+
);
|
|
500
620
|
})
|
|
501
621
|
.catch((error) => {
|
|
502
622
|
// Expect a Forbidden error
|
|
@@ -508,33 +628,35 @@ describe('Encryption', function () {
|
|
|
508
628
|
|
|
509
629
|
return Promise.all([
|
|
510
630
|
spock.webex.internal.encryption.kms.createUnboundKeys({count: 1}),
|
|
511
|
-
mccoy.webex.internal.encryption.kms.createUnboundKeys({count: 1})
|
|
512
|
-
])
|
|
513
|
-
|
|
514
|
-
|
|
515
|
-
|
|
516
|
-
|
|
517
|
-
|
|
518
|
-
|
|
519
|
-
|
|
520
|
-
|
|
521
|
-
|
|
522
|
-
|
|
523
|
-
|
|
524
|
-
|
|
525
|
-
|
|
526
|
-
|
|
527
|
-
|
|
528
|
-
|
|
529
|
-
|
|
530
|
-
|
|
531
|
-
|
|
631
|
+
mccoy.webex.internal.encryption.kms.createUnboundKeys({count: 1}),
|
|
632
|
+
])
|
|
633
|
+
.then(([[spockK], [mccoyK]]) => {
|
|
634
|
+
spockKey = spockK;
|
|
635
|
+
mccoyKey = mccoyK;
|
|
636
|
+
|
|
637
|
+
// Compliance Officer Jim fetches keys on behalf of users
|
|
638
|
+
return Promise.all([
|
|
639
|
+
jim.webex.internal.encryption.kms.fetchKey({uri: spockKey.uri, onBehalfOf: spock.id}),
|
|
640
|
+
jim.webex.internal.encryption.kms.fetchKey({uri: mccoyKey.uri, onBehalfOf: mccoy.id}),
|
|
641
|
+
]);
|
|
642
|
+
})
|
|
643
|
+
.then(([spockK, mccoyK]) => {
|
|
644
|
+
assert.property(spockK, 'uri');
|
|
645
|
+
assert.property(spockK, 'jwk');
|
|
646
|
+
assert.notEqual(spockK, spockKey);
|
|
647
|
+
assert.equal(spockK.uri, spockKey.uri);
|
|
648
|
+
|
|
649
|
+
assert.property(mccoyK, 'uri');
|
|
650
|
+
assert.property(mccoyK, 'jwk');
|
|
651
|
+
assert.notEqual(mccoyK, mccoyKey);
|
|
652
|
+
assert.equal(mccoyK.uri, mccoyKey.uri);
|
|
653
|
+
});
|
|
532
654
|
});
|
|
533
655
|
});
|
|
534
656
|
|
|
535
657
|
describe('#ping()', () => {
|
|
536
|
-
it('sends a ping to the kms', () =>
|
|
537
|
-
.then((res) => {
|
|
658
|
+
it('sends a ping to the kms', () =>
|
|
659
|
+
webex.internal.encryption.kms.ping().then((res) => {
|
|
538
660
|
assert.property(res, 'status');
|
|
539
661
|
assert.equal(res.status, 200);
|
|
540
662
|
assert.property(res, 'requestId');
|
|
@@ -544,15 +666,16 @@ describe('Encryption', function () {
|
|
|
544
666
|
describe('when ecdhe negotiation times out', () => {
|
|
545
667
|
let originalKmsTimeout, webex2, spy;
|
|
546
668
|
|
|
547
|
-
before('create test user', () =>
|
|
548
|
-
.then(([u]) => {
|
|
669
|
+
before('create test user', () =>
|
|
670
|
+
testUsers.create({count: 1}).then(([u]) => {
|
|
549
671
|
webex2 = new WebexCore({
|
|
550
672
|
credentials: {
|
|
551
|
-
authorization: u.token
|
|
552
|
-
}
|
|
673
|
+
authorization: u.token,
|
|
674
|
+
},
|
|
553
675
|
});
|
|
554
676
|
assert.isTrue(webex.canAuthorize);
|
|
555
|
-
})
|
|
677
|
+
})
|
|
678
|
+
);
|
|
556
679
|
|
|
557
680
|
after(() => webex2 && webex2.internal.mercury.disconnect());
|
|
558
681
|
|
|
@@ -568,14 +691,18 @@ describe('Encryption', function () {
|
|
|
568
691
|
|
|
569
692
|
afterEach(() => spy.restore());
|
|
570
693
|
|
|
571
|
-
it('handles late ecdhe responses', () =>
|
|
572
|
-
.then(() => {
|
|
694
|
+
it('handles late ecdhe responses', () =>
|
|
695
|
+
webex2.internal.encryption.kms.ping().then(() => {
|
|
573
696
|
// callCount should be at least 3:
|
|
574
697
|
// 1 for the initial ping message
|
|
575
698
|
// 1 when the ecdh key gets renegotiated
|
|
576
699
|
// 1 when the pings gets sent again
|
|
577
700
|
debug(`ecdhe: spy call count: ${spy.callCount}`);
|
|
578
|
-
assert.isAbove(
|
|
701
|
+
assert.isAbove(
|
|
702
|
+
spy.callCount,
|
|
703
|
+
2,
|
|
704
|
+
"If this test fails, we've made previously-assumed-to-be-impossible performance gains in cloudapps; please update this test accordingly."
|
|
705
|
+
);
|
|
579
706
|
}));
|
|
580
707
|
|
|
581
708
|
describe('when ecdhe is renegotiated', () => {
|
|
@@ -590,8 +717,8 @@ describe('Encryption', function () {
|
|
|
590
717
|
webex2.config.encryption.ecdhMaxTimeout = ecdhMaxTimeout;
|
|
591
718
|
});
|
|
592
719
|
|
|
593
|
-
it('limits the number of retries', () =>
|
|
594
|
-
.then(() => {
|
|
720
|
+
it('limits the number of retries', () =>
|
|
721
|
+
webex2.internal.encryption.kms.ping().then(() => {
|
|
595
722
|
debug(`retry: spy call count: ${spy.callCount}`);
|
|
596
723
|
assert.isBelow(spy.callCount, 5);
|
|
597
724
|
}));
|
|
@@ -601,34 +728,37 @@ describe('Encryption', function () {
|
|
|
601
728
|
describe('when the kms is in another org', () => {
|
|
602
729
|
let fedWebex;
|
|
603
730
|
|
|
604
|
-
before('create test user in other org', () =>
|
|
605
|
-
|
|
606
|
-
|
|
607
|
-
|
|
608
|
-
|
|
609
|
-
|
|
610
|
-
|
|
611
|
-
|
|
612
|
-
|
|
613
|
-
|
|
731
|
+
before('create test user in other org', () =>
|
|
732
|
+
testUsers
|
|
733
|
+
.create({
|
|
734
|
+
count: 1,
|
|
735
|
+
config: {
|
|
736
|
+
email: `webex-js-sdk--kms-fed--${uuid.v4()}@wx2.example.com`,
|
|
737
|
+
entitlements: ['webExSquared'],
|
|
738
|
+
orgId: 'kmsFederation',
|
|
739
|
+
},
|
|
740
|
+
})
|
|
741
|
+
.then((users) => {
|
|
742
|
+
const fedUser = users[0];
|
|
614
743
|
|
|
615
|
-
|
|
616
|
-
|
|
744
|
+
assert.equal(fedUser.orgId, '75dcf6c2-247d-4e3d-a32c-ff3ee28398eb');
|
|
745
|
+
assert.notEqual(fedUser.orgId, spock.orgId);
|
|
617
746
|
|
|
618
|
-
|
|
619
|
-
|
|
620
|
-
|
|
621
|
-
|
|
622
|
-
|
|
623
|
-
|
|
624
|
-
|
|
747
|
+
fedWebex = new WebexCore({
|
|
748
|
+
credentials: {
|
|
749
|
+
authorization: fedUser.token,
|
|
750
|
+
},
|
|
751
|
+
});
|
|
752
|
+
assert.isTrue(fedWebex.canAuthorize);
|
|
753
|
+
})
|
|
754
|
+
);
|
|
625
755
|
|
|
626
756
|
before('connect federated user to mercury', () => fedWebex.internal.mercury.connect());
|
|
627
757
|
|
|
628
758
|
after(() => fedWebex && fedWebex.internal.mercury.disconnect());
|
|
629
759
|
|
|
630
|
-
it('responds to pings', () =>
|
|
631
|
-
.then((res) => {
|
|
760
|
+
it('responds to pings', () =>
|
|
761
|
+
fedWebex.internal.encryption.kms.ping().then((res) => {
|
|
632
762
|
assert.property(res, 'status');
|
|
633
763
|
assert.equal(res.status, 200);
|
|
634
764
|
assert.property(res, 'requestId');
|
|
@@ -636,37 +766,35 @@ describe('Encryption', function () {
|
|
|
636
766
|
|
|
637
767
|
let key;
|
|
638
768
|
|
|
639
|
-
it('lets federated users retrieve keys from the main org', () =>
|
|
640
|
-
.
|
|
641
|
-
|
|
769
|
+
it('lets federated users retrieve keys from the main org', () =>
|
|
770
|
+
webex.internal.encryption.kms
|
|
771
|
+
.createUnboundKeys({count: 1})
|
|
772
|
+
.then(([k]) => {
|
|
773
|
+
key = k;
|
|
642
774
|
|
|
643
|
-
|
|
644
|
-
|
|
645
|
-
|
|
646
|
-
|
|
647
|
-
|
|
648
|
-
|
|
649
|
-
|
|
650
|
-
})
|
|
651
|
-
.then(() => fedWebex.internal.encryption.kms.fetchKey({uri: key.uri}))
|
|
652
|
-
.then((fedKey) => assert.equal(fedKey.keyUri, key.keyUri)));
|
|
775
|
+
return webex.internal.encryption.kms.createResource({
|
|
776
|
+
userIds: [webex.internal.device.userId, fedWebex.internal.device.userId],
|
|
777
|
+
key,
|
|
778
|
+
});
|
|
779
|
+
})
|
|
780
|
+
.then(() => fedWebex.internal.encryption.kms.fetchKey({uri: key.uri}))
|
|
781
|
+
.then((fedKey) => assert.equal(fedKey.keyUri, key.keyUri)));
|
|
653
782
|
|
|
654
783
|
let fedKey;
|
|
655
784
|
|
|
656
|
-
it('lets non-federated users retrieve keys from the federated org', () =>
|
|
657
|
-
.
|
|
658
|
-
|
|
785
|
+
it('lets non-federated users retrieve keys from the federated org', () =>
|
|
786
|
+
fedWebex.internal.encryption.kms
|
|
787
|
+
.createUnboundKeys({count: 1})
|
|
788
|
+
.then(([k]) => {
|
|
789
|
+
fedKey = k;
|
|
659
790
|
|
|
660
|
-
|
|
661
|
-
|
|
662
|
-
|
|
663
|
-
|
|
664
|
-
|
|
665
|
-
|
|
666
|
-
|
|
667
|
-
})
|
|
668
|
-
.then(() => webex.internal.encryption.kms.fetchKey({uri: fedKey.uri}))
|
|
669
|
-
.then((key) => assert.equal(key.keyUri, fedKey.keyUri)));
|
|
791
|
+
return fedWebex.internal.encryption.kms.createResource({
|
|
792
|
+
userIds: [fedWebex.internal.device.userId, webex.internal.device.userId],
|
|
793
|
+
key: fedKey,
|
|
794
|
+
});
|
|
795
|
+
})
|
|
796
|
+
.then(() => webex.internal.encryption.kms.fetchKey({uri: fedKey.uri}))
|
|
797
|
+
.then((key) => assert.equal(key.keyUri, fedKey.keyUri)));
|
|
670
798
|
});
|
|
671
799
|
});
|
|
672
800
|
});
|