@webex/internal-plugin-encryption 3.0.0-beta.9 → 3.0.0-beta.90
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -3
- package/dist/config.js +0 -9
- package/dist/config.js.map +1 -1
- package/dist/encryption.js +9 -60
- package/dist/encryption.js.map +1 -1
- package/dist/ensure-buffer.browser.js +0 -12
- package/dist/ensure-buffer.browser.js.map +1 -1
- package/dist/ensure-buffer.js +5 -12
- package/dist/ensure-buffer.js.map +1 -1
- package/dist/index.js +7 -33
- package/dist/index.js.map +1 -1
- package/dist/kms-batcher.js +6 -30
- package/dist/kms-batcher.js.map +1 -1
- package/dist/kms-certificate-validation.js +20 -88
- package/dist/kms-certificate-validation.js.map +1 -1
- package/dist/kms-dry-error-interceptor.js +1 -23
- package/dist/kms-dry-error-interceptor.js.map +1 -1
- package/dist/kms-errors.js +3 -50
- package/dist/kms-errors.js.map +1 -1
- package/dist/kms.js +74 -213
- package/dist/kms.js.map +1 -1
- package/package.json +15 -15
- package/src/config.js +3 -3
- package/src/encryption.js +66 -56
- package/src/ensure-buffer.browser.js +0 -1
- package/src/ensure-buffer.js +5 -5
- package/src/index.js +120 -96
- package/src/kms-batcher.js +50 -44
- package/src/kms-certificate-validation.js +45 -47
- package/src/kms-dry-error-interceptor.js +8 -4
- package/src/kms-errors.js +19 -16
- package/src/kms.js +210 -206
- package/test/integration/spec/encryption.js +311 -230
- package/test/integration/spec/kms.js +532 -404
- package/test/integration/spec/payload-transfom.js +69 -69
- package/test/unit/spec/encryption.js +16 -13
- package/test/unit/spec/kms-certificate-validation.js +41 -32
|
@@ -11,87 +11,87 @@ import testUsers from '@webex/test-helper-test-users';
|
|
|
11
11
|
describe('plugin-encryption', () => {
|
|
12
12
|
let other, webex;
|
|
13
13
|
|
|
14
|
-
before('create test user', () =>
|
|
15
|
-
.then(([user, o]) => {
|
|
14
|
+
before('create test user', () =>
|
|
15
|
+
testUsers.create({count: 2}).then(([user, o]) => {
|
|
16
16
|
other = o;
|
|
17
17
|
console.log(o);
|
|
18
18
|
webex = new WebexCore({
|
|
19
19
|
credentials: {
|
|
20
|
-
authorization: user.token
|
|
21
|
-
}
|
|
20
|
+
authorization: user.token,
|
|
21
|
+
},
|
|
22
22
|
});
|
|
23
23
|
assert.isTrue(webex.isAuthenticated || webex.canAuthorize);
|
|
24
|
-
})
|
|
24
|
+
})
|
|
25
|
+
);
|
|
25
26
|
|
|
26
27
|
before('register with wdm', () => webex.internal.device.register());
|
|
27
28
|
|
|
28
29
|
describe('when a DRY response has an error', () => {
|
|
29
|
-
it('decrypts the error message', () =>
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
{
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
30
|
+
it('decrypts the error message', () =>
|
|
31
|
+
assert
|
|
32
|
+
.isRejected(
|
|
33
|
+
webex.request({
|
|
34
|
+
method: 'POST',
|
|
35
|
+
service: 'conversation',
|
|
36
|
+
resource: 'conversations',
|
|
37
|
+
body: {
|
|
38
|
+
activities: {
|
|
39
|
+
items: [
|
|
40
|
+
{
|
|
41
|
+
actor: {
|
|
42
|
+
objectType: 'person',
|
|
43
|
+
id: webex.internal.device.userId,
|
|
44
|
+
},
|
|
45
|
+
objectType: 'activity',
|
|
46
|
+
verb: 'create',
|
|
47
|
+
},
|
|
48
|
+
{
|
|
49
|
+
actor: {
|
|
50
|
+
objectType: 'person',
|
|
51
|
+
id: webex.internal.device.userId,
|
|
52
|
+
},
|
|
53
|
+
object: {
|
|
54
|
+
objectType: 'person',
|
|
55
|
+
id: webex.internal.device.userId,
|
|
56
|
+
},
|
|
57
|
+
objectType: 'activity',
|
|
58
|
+
verb: 'add',
|
|
59
|
+
},
|
|
60
|
+
{
|
|
61
|
+
actor: {
|
|
62
|
+
objectType: 'person',
|
|
63
|
+
id: webex.internal.device.userId,
|
|
64
|
+
},
|
|
65
|
+
object: {
|
|
66
|
+
objectType: 'person',
|
|
67
|
+
id: other.id,
|
|
68
|
+
},
|
|
69
|
+
objectType: 'activity',
|
|
70
|
+
verb: 'add',
|
|
71
|
+
},
|
|
72
|
+
],
|
|
48
73
|
},
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
74
|
+
defaultActivityEncryptionKeyUrl: 'kms://fakeuri',
|
|
75
|
+
objectType: 'conversation',
|
|
76
|
+
kmsMessage: {
|
|
77
|
+
method: 'create',
|
|
78
|
+
uri: '/resource',
|
|
79
|
+
userIds: [webex.internal.device.userId, other.id],
|
|
80
|
+
keyUris: ['kms://fakeuri'],
|
|
52
81
|
},
|
|
53
|
-
objectType: 'activity',
|
|
54
|
-
verb: 'add'
|
|
55
82
|
},
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
},
|
|
70
|
-
defaultActivityEncryptionKeyUrl: 'kms://fakeuri',
|
|
71
|
-
objectType: 'conversation',
|
|
72
|
-
kmsMessage: {
|
|
73
|
-
method: 'create',
|
|
74
|
-
uri: '/resource',
|
|
75
|
-
userIds: [
|
|
76
|
-
webex.internal.device.userId,
|
|
77
|
-
other.id
|
|
78
|
-
],
|
|
79
|
-
keyUris: [
|
|
80
|
-
'kms://fakeuri'
|
|
81
|
-
]
|
|
82
|
-
}
|
|
83
|
-
}
|
|
84
|
-
}))
|
|
85
|
-
.then((err) => {
|
|
86
|
-
assert.statusCode(err, 400);
|
|
87
|
-
assert.throws(() => {
|
|
88
|
-
base64.decode(err.body.message.split('.')[0]);
|
|
89
|
-
});
|
|
90
|
-
assert.match(err.toString(), /POST .+\s/);
|
|
91
|
-
assert.match(err.toString(), /WEBEX_TRACKING_ID: .+\s/);
|
|
92
|
-
assert.match(err.toString(), /KMS_RESPONSE_STATUS: .+\s/);
|
|
93
|
-
assert.match(err.toString(), /KMS_REQUEST_ID: .+/);
|
|
94
|
-
assert.instanceOf(err, DryError);
|
|
95
|
-
}));
|
|
83
|
+
})
|
|
84
|
+
)
|
|
85
|
+
.then((err) => {
|
|
86
|
+
assert.statusCode(err, 400);
|
|
87
|
+
assert.throws(() => {
|
|
88
|
+
base64.decode(err.body.message.split('.')[0]);
|
|
89
|
+
});
|
|
90
|
+
assert.match(err.toString(), /POST .+\s/);
|
|
91
|
+
assert.match(err.toString(), /WEBEX_TRACKING_ID: .+\s/);
|
|
92
|
+
assert.match(err.toString(), /KMS_RESPONSE_STATUS: .+\s/);
|
|
93
|
+
assert.match(err.toString(), /KMS_REQUEST_ID: .+/);
|
|
94
|
+
assert.instanceOf(err, DryError);
|
|
95
|
+
}));
|
|
96
96
|
});
|
|
97
97
|
});
|
|
@@ -16,26 +16,25 @@ describe('internal-plugin-encryption', () => {
|
|
|
16
16
|
beforeEach(() => {
|
|
17
17
|
webex = new MockWebex({
|
|
18
18
|
children: {
|
|
19
|
-
encryption: Encryption
|
|
20
|
-
}
|
|
19
|
+
encryption: Encryption,
|
|
20
|
+
},
|
|
21
21
|
});
|
|
22
22
|
});
|
|
23
23
|
|
|
24
24
|
describe('check _fetchDownloadUrl()', () => {
|
|
25
25
|
const scrArray = [
|
|
26
26
|
{
|
|
27
|
-
loc: 'https://files-api-intb1.ciscospark.com/v1/spaces/a0cba376-fc05-4b88-af4b-cfffa7465f9a/contents/1d3931e7-9e31-46bc-8084-d766a8f72c99/versions/5fa9caf87a98410aae49e0173856a974/bytes'
|
|
27
|
+
loc: 'https://files-api-intb1.ciscospark.com/v1/spaces/a0cba376-fc05-4b88-af4b-cfffa7465f9a/contents/1d3931e7-9e31-46bc-8084-d766a8f72c99/versions/5fa9caf87a98410aae49e0173856a974/bytes',
|
|
28
28
|
},
|
|
29
29
|
{
|
|
30
|
-
loc: 'https://files-api-intb2.ciscospark.com/v1/spaces/a0cba376-fc05-4b88-af4b-cfffa7465f9a/contents/1d3931e7-9e31-46bc-8084-d766a8f72c99/versions/5fa9caf87a98410aae49e0173856a974/bytes'
|
|
30
|
+
loc: 'https://files-api-intb2.ciscospark.com/v1/spaces/a0cba376-fc05-4b88-af4b-cfffa7465f9a/contents/1d3931e7-9e31-46bc-8084-d766a8f72c99/versions/5fa9caf87a98410aae49e0173856a974/bytes',
|
|
31
31
|
},
|
|
32
32
|
{
|
|
33
|
-
loc: 'https://www.test-api.com/v1/spaces/test-path-name-space/contents/test-path-name-contents/versions/test-version/bytes'
|
|
33
|
+
loc: 'https://www.test-api.com/v1/spaces/test-path-name-space/contents/test-path-name-contents/versions/test-version/bytes',
|
|
34
34
|
},
|
|
35
35
|
{
|
|
36
|
-
loc: 'http://www.test-api.com/v1/spaces/test-path-name-space/contents/test-path-name-contents/versions/test-version/bytes'
|
|
37
|
-
}
|
|
38
|
-
|
|
36
|
+
loc: 'http://www.test-api.com/v1/spaces/test-path-name-space/contents/test-path-name-contents/versions/test-version/bytes',
|
|
37
|
+
},
|
|
39
38
|
];
|
|
40
39
|
const options = undefined;
|
|
41
40
|
let spyStub;
|
|
@@ -45,14 +44,18 @@ describe('internal-plugin-encryption', () => {
|
|
|
45
44
|
|
|
46
45
|
spyStub = sinon.stub(webex.internal.encryption, 'request').callsFake(returnStub);
|
|
47
46
|
|
|
48
|
-
scrArray.forEach(
|
|
49
|
-
(scr) => webex.internal.encryption._fetchDownloadUrl(scr, options)
|
|
50
|
-
);
|
|
47
|
+
scrArray.forEach((scr) => webex.internal.encryption._fetchDownloadUrl(scr, options));
|
|
51
48
|
});
|
|
52
49
|
|
|
53
50
|
it('verifying file service uris', () => {
|
|
54
|
-
assert.equal(
|
|
55
|
-
|
|
51
|
+
assert.equal(
|
|
52
|
+
spyStub.args[0][0].uri,
|
|
53
|
+
'https://files-api-intb1.ciscospark.com/v1/download/endpoints'
|
|
54
|
+
);
|
|
55
|
+
assert.equal(
|
|
56
|
+
spyStub.args[1][0].uri,
|
|
57
|
+
'https://files-api-intb2.ciscospark.com/v1/download/endpoints'
|
|
58
|
+
);
|
|
56
59
|
assert.equal(spyStub.args[2][0].uri, 'https://www.test-api.com/v1/download/endpoints');
|
|
57
60
|
assert.equal(spyStub.args[3][0].uri, 'https://www.test-api.com/v1/download/endpoints');
|
|
58
61
|
});
|
|
@@ -2,23 +2,34 @@ import {assert} from '@webex/test-helper-chai';
|
|
|
2
2
|
|
|
3
3
|
import validateCert, {KMSError} from '../../../src/kms-certificate-validation';
|
|
4
4
|
|
|
5
|
-
const caroots = [
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
5
|
+
const caroots = [
|
|
6
|
+
'MIID6TCCAtGgAwIBAgIURmBu688C9oUIJXlykr1J3fi5H4kwDQYJKoZIhvcNAQELBQAwgYMxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhDb2xvcmFkbzEPMA0GA1UEBwwGRGVudmVyMRAwDgYDVQQKDAdFeGFtcGxlMR8wHQYDVQQDDBZodHRwczovL2NhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTAeFw0yMDAyMDYyMDIyMDhaFw00MDAyMDEyMDIyMDhaMIGDMQswCQYDVQQGEwJVUzERMA8GA1UECAwIQ29sb3JhZG8xDzANBgNVBAcMBkRlbnZlcjEQMA4GA1UECgwHRXhhbXBsZTEfMB0GA1UEAwwWaHR0cHM6Ly9jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7TaDWldwjU65y4fnNDIuNu4dZi3bZvaN9nJ3A8D9pwFcNx3DL5cPpafAkJuE/2ZBrsZxJWKwXLQFuNE9V3XVslv0OPgEZVfY5AKuPhVezRqEqsCdUgODMkJat6PE02r0NZRFpBiRCThh0wY5u/tiTiPgjHwEPhBEyLgcJ6FOWLn9wBsS4SvBzfppYGL5GW1G0eN9yORnKKgqkgyf0x8FvTMyVSjtkhcI/kA/8061sl4DFG6sefQmAOVvH7tp7YmN+jpQ7cOKQtjOpZS6Gp22u7LEI0/qb5n2QvjjcUQM81mN6CZ8nciWXRgjBhdAJJhmyMvcx8rnVb6vtU26fCaetAgMBAAGjUzBRMB0GA1UdDgQWBBRZiCyKaTYL94gwhxzktYg32qMOYjAfBgNVHSMEGDAWgBRZiCyKaTYL94gwhxzktYg32qMOYjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQATa2QkTGcj8IPjItnvg23ihlRjHdFHn6lB7uYPhcDurwRlBrlC2/OB44P3dHB9tEPbV4unoF9ftEKO3nNY3HUDcPrQwRqkPftlYYr4/6z/jnmNBRgiDICVaiTZNlX54fLiPsSAbIymPWLLLNtq17vjVEcfGUXhi/F+EkN/uXZ4yH6RK0YjBRwPV9cfziz1YsF2WVYVYtQErf+NTjnYR5S4Ba2kEqhI5j7mNhiafPNODaOchHcaRMvfWcBhlHt+atwNyPxNr4NP+cDjAWg0I8xAUdbZGQiRJecjkctolLHsfZXj+ulEv3eaKw7gSo3Aekexw8aZS7soy+VM1fzmLopw',
|
|
7
|
+
];
|
|
8
|
+
|
|
9
|
+
const x5c = [
|
|
10
|
+
'MIIDaDCCAlACFG2NkKF2WKCN/OnGN2E7mBamxhB2MA0GCSqGSIb3DQEBCwUAMIGDMQswCQYDVQQGEwJVUzERMA8GA1UECAwIQ29sb3JhZG8xDzANBgNVBAcMBkRlbnZlcjEQMA4GA1UECgwHRXhhbXBsZTEfMB0GA1UEAwwWaHR0cHM6Ly9jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhcNMjAwMjA2MjAzMjU0WhcNNDAwMjAxMjAzMjU0WjBdMQswCQYDVQQGEwJVUzERMA8GA1UECAwIQ29sb3JhZG8xDzANBgNVBAcMBkRlbnZlcjEQMA4GA1UECgwHRXhhbXBsZTEYMBYGA1UEAwwPa21zLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OObWUoNG0Wv4zYuhGUT7JNiUkefUsFZ384NS2l5VOB/lSNcElBtmX55yPcjvPnukfpETDUG82K8ncOwCuV8ZTpvzM3QHSIHGyO5JBFJ38U6Pq6kHje6An+eSHLCVkQfOlf4TCRb8SlcEoi8wkl3IIGewzC0/87b1OvyYTb8BHZJVeUV7AxcZChkAA/IJV5ADnmc/6ZCihXVuCWJgTFpLLv7HVqE924lNDTgRn64ioCpHK4pC1FFqQKLlsq0tV75gc5d7A6m5/9znEvg02JuqUFd9LdOcnf8QeTkyg6OTTvJUUa39KZDKONi8MXiECacGU6VbUvuKOXZU49UeqVKQQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCmlEodmn5LfgIWViRn8t4qjTZoM7VUGWXfCnaMqSnW6P0eYbZdCoCecja6WicBWPAlFFR/UscYv4rEGXtmzD+GQUQKfYFfsNdkfCpPvCFlpudHNuW0kCZ8lUfDWQRirrC+MyiAVpEG7mNHNZfK9hof05MHS6ItcpET5+F0DiC6l+vsBBRqP2SU8bo9gTrr8WO7bW8JQb59XNEoTQC1AzCn172+idJcgaasOfp/V+QqODIa96YNM7vT9pj09nGL0Wxulaq546pW32HYkOhZw1nr8prZn17UFLfoQnaNuTuT2ZCsFc7V2H0UqcMwjg1QZoObLI5tXPv0syP6WXo19OjW',
|
|
11
|
+
];
|
|
12
|
+
const x5cModulus =
|
|
13
|
+
'2OObWUoNG0Wv4zYuhGUT7JNiUkefUsFZ384NS2l5VOB_lSNcElBtmX55yPcjvPnukfpETDUG82K8ncOwCuV8ZTpvzM3QHSIHGyO5JBFJ38U6Pq6kHje6An-eSHLCVkQfOlf4TCRb8SlcEoi8wkl3IIGewzC0_87b1OvyYTb8BHZJVeUV7AxcZChkAA_IJV5ADnmc_6ZCihXVuCWJgTFpLLv7HVqE924lNDTgRn64ioCpHK4pC1FFqQKLlsq0tV75gc5d7A6m5_9znEvg02JuqUFd9LdOcnf8QeTkyg6OTTvJUUa39KZDKONi8MXiECacGU6VbUvuKOXZU49UeqVKQQ';
|
|
14
|
+
|
|
15
|
+
const x5cSAN = [
|
|
16
|
+
'MIIEHDCCAwSgAwIBAgIUbY2QoXZYoI386cY3YTuYFqbGEHcwDQYJKoZIhvcNAQELBQAwgYMxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhDb2xvcmFkbzEPMA0GA1UEBwwGRGVudmVyMRAwDgYDVQQKDAdFeGFtcGxlMR8wHQYDVQQDDBZodHRwczovL2NhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTAeFw0yMDAyMTExOTI5MDFaFw00MDAyMDYxOTI5MDFaMIGcMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xDzANBgNVBAcMBkRlbnZlcjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRYwFAYDVQQLDA1FeGFtcGxlLCBJbmMuMRQwEgYDVQQDDAtleGFtcGxlLmNvbTEeMBwGCSqGSIb3DQEJARYPa21zQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4DzUlN27XQ+clCPhU3q4U6cZfzgYX1yGr5fdSzK5MzU5fxYooyudJ1L1Zc6/VaxVpjl4GvU9Y5DtKbaSNeFUaBDGae9GAcBWjcrTAVY3ftW4t1LnE6DJLvn3UmPNqEEhQMWVeyNftqjgS3c0ciQIYq3sUqcZvjglRBA61gLlsmFlfs23jgRTZZzGeDjxETjAeQgH+E/mIsnEj3Iit6iBsuhPf/DjlGzD5/LyEaQJK+OQj/7+xL5jAlk6M6Uo/7YOx7abVnnwWoAaYAX9vQS6trJQm2m4mzNFAEBTjdtJu/eNP5H4yfX1VaXgYKy1MaBhu9VkVMeMREVOp9DPWHFaVwIDAQABo20wazAfBgNVHSMEGDAWgBRZiCyKaTYL94gwhxzktYg32qMOYjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DAwBgNVHREEKTAnghRrbXMtdGVzdC5leGFtcGxlLmNvbYIPa21zLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQCebaIWYk1mVtAndJpM/FTW0U3luYpUoOEIPRnrpcaBALG5ZwEwzaWKS42avRpjgCCiZGowSjdI8HgeUjO89g6OXgJduZNHVHKJnzV/8O76HTAaNIthHDQmqyywngvxnImf9txyXK+ZMdpgIWm351kaqHsLyN3GjknyVW/Xne5C4ONm7+y7jw6AdPRX0AoeEOGICAgrgni9k7kjLOskjyoCiJzjw+FxpVmsVAtjg1B2zXP8ce850B/ebJS4rkUr6082B+7DreDsSur4tTM5SFuoiLRrrnrpwKZ4CV3spaeO8zTn9b/3mousCWgL2KgEmBVjWSEYAT9RuB6pb1EIRYtY',
|
|
17
|
+
];
|
|
18
|
+
const x5cSANModulus =
|
|
19
|
+
'4DzUlN27XQ-clCPhU3q4U6cZfzgYX1yGr5fdSzK5MzU5fxYooyudJ1L1Zc6_VaxVpjl4GvU9Y5DtKbaSNeFUaBDGae9GAcBWjcrTAVY3ftW4t1LnE6DJLvn3UmPNqEEhQMWVeyNftqjgS3c0ciQIYq3sUqcZvjglRBA61gLlsmFlfs23jgRTZZzGeDjxETjAeQgH-E_mIsnEj3Iit6iBsuhPf_DjlGzD5_LyEaQJK-OQj_7-xL5jAlk6M6Uo_7YOx7abVnnwWoAaYAX9vQS6trJQm2m4mzNFAEBTjdtJu_eNP5H4yfX1VaXgYKy1MaBhu9VkVMeMREVOp9DPWHFaVw';
|
|
20
|
+
|
|
21
|
+
const x5cSelfSigned = [
|
|
22
|
+
'MIIFmTCCA4GgAwIBAgIUOxbqWoC/R0Lt2eWgqE3960xTLE4wDQYJKoZIhvcNAQELBQAwXDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNPMQ8wDQYDVQQHDAZEZW52ZXIxFTATBgNVBAoMDEV4YW1wbGUgSW5jLjEYMBYGA1UEAwwPa21zLmV4YW1wbGUuY29tMB4XDTIwMDIxMTIwMjk0NVoXDTQwMDIwNjIwMjk0NVowXDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNPMQ8wDQYDVQQHDAZEZW52ZXIxFTATBgNVBAoMDEV4YW1wbGUgSW5jLjEYMBYGA1UEAwwPa21zLmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyRUvQFD9UboxW4xjOyo2Cu7RsAT0GDx66Brl3tEnxvCwnfSystwerbAZtGtrklDJWcqAWVbSNwxnPuGsxSUg4D8ziI4Biqc6rvoNO4YYzpHWYmS9aLMG8TOUzAZZORrnvuiu7VGleZKi+Yd08fXSjrUV4sldRiD+Y0IN80xa52B0053yFX4geCuFn0Ewo8NXhkCU6Pfwb9wVVuCmcu9mt3ubpWRa2H+h2ie3suAc4ADrb9Ng63stU3UrjUcYv5guo0gBOBrk7i0WL/2KJf2NmDJiTaaCxR0gEe0sHjio7PCXDNHS0eJj/2++Wq90fDbBFDP/LP0aBKJAvaTZNEKcX5Hr/Y32Bz1Szpi18/HSlEF6rIketLiAzgLfzRMktctWLGGubp6RarNWALBX5kJA43/Cernaf0sVRtCUqjKPRd8k8Bo3BXl5VwVn2b+nZO6EJQ6RslOfbumFPVhlyFv6I1tAOPmZOHjOpc4ogPyI7jMefXMMsSJOGgLb7JVPpbi0bjXmsW7I0sWcAdDzcASNUxxp1c0qXZu4nHI2VlPucA4LA5W4Z1qcNQsfQEN4gdPWBeSbDBv0FPxFcHZNqk87ywvLkurgASL+KxqB9FzIqhv7w0OYm1r7iClBJxsbItYeehEypv/PJpxBq1uxcd6pExY6kTP3x8YAqUgb3GoWlUsCAwEAAaNTMFEwHQYDVR0OBBYEFOJqvx/CUIV6mkiTURkyVYiugkqVMB8GA1UdIwQYMBaAFOJqvx/CUIV6mkiTURkyVYiugkqVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAHTov7zZOMt7zAfy9N8X6yOsakUqAXVtrTDu9DMn9kw2vhudSfNfno7dSc3JeE+KtySkyfrMbNub19IzfVHMI2dRiO7PGzgv8XD69PC/PKaqNmViW27P0l4ORGKE4RHcjd0Y0Rj8nciwHDu4u7p9gI1yS7TiLtpQqyb0ba/ZVP88EVe7wI+BtoHiSMQeEjs13gTSARTYXay0WsL7xxwzKH68Y4RRjfqt+NpyMP7wrf5Kcha2cID8jG9i4LqSoj+o5jvwH969jEP+9DX7XFx0894O42xGreyl1E1HkKOgrGE+owkEpVNYLfcQP3tbx3maoG2g5TXMtMqei1ffNdUiONPbi9II1UP53JrTcnFUb3aVo2yLJ5ftkOSWpkyhk9G9TWoUiTB/k3Jb6gxzk6HvjhLgYTeT+UPW/ATiffL7SNmGTQBuVuNUHNxm4sAz9oQTmCo+8vCqMtqK4IHeKqNP+yqVGCAI71yEcxuYy17S57iarK7ON/RTMiblerUOowOSBzTmm+7kuR8Ke0BVCw6l0A7yUueAUnRaVXEAszvhHsLxZMlnMeYlL5qj6CAamdgpwdsMFa0QcAAcGl6j3vW9ks9nLlEAzJmUIQUx33W4SryYwflliWkH4f4OlRj7Lrq81/QvZ+tTUTiTBrvZjB1j9ezCv0Fjp9cEDi1hyV1ArKV3',
|
|
23
|
+
];
|
|
24
|
+
const x5cSelfSignedModulus =
|
|
25
|
+
'yRUvQFD9UboxW4xjOyo2Cu7RsAT0GDx66Brl3tEnxvCwnfSystwerbAZtGtrklDJWcqAWVbSNwxnPuGsxSUg4D8ziI4Biqc6rvoNO4YYzpHWYmS9aLMG8TOUzAZZORrnvuiu7VGleZKi-Yd08fXSjrUV4sldRiD-Y0IN80xa52B0053yFX4geCuFn0Ewo8NXhkCU6Pfwb9wVVuCmcu9mt3ubpWRa2H-h2ie3suAc4ADrb9Ng63stU3UrjUcYv5guo0gBOBrk7i0WL_2KJf2NmDJiTaaCxR0gEe0sHjio7PCXDNHS0eJj_2--Wq90fDbBFDP_LP0aBKJAvaTZNEKcX5Hr_Y32Bz1Szpi18_HSlEF6rIketLiAzgLfzRMktctWLGGubp6RarNWALBX5kJA43_Cernaf0sVRtCUqjKPRd8k8Bo3BXl5VwVn2b-nZO6EJQ6RslOfbumFPVhlyFv6I1tAOPmZOHjOpc4ogPyI7jMefXMMsSJOGgLb7JVPpbi0bjXmsW7I0sWcAdDzcASNUxxp1c0qXZu4nHI2VlPucA4LA5W4Z1qcNQsfQEN4gdPWBeSbDBv0FPxFcHZNqk87ywvLkurgASL-KxqB9FzIqhv7w0OYm1r7iClBJxsbItYeehEypv_PJpxBq1uxcd6pExY6kTP3x8YAqUgb3GoWlUs';
|
|
15
26
|
|
|
16
27
|
const VALID_JWT = {
|
|
17
28
|
kty: 'RSA',
|
|
18
29
|
kid: 'kms://kms.example.com',
|
|
19
30
|
x5c,
|
|
20
31
|
e: 'AQAB',
|
|
21
|
-
n: x5cModulus
|
|
32
|
+
n: x5cModulus,
|
|
22
33
|
};
|
|
23
34
|
|
|
24
35
|
const VALID_JWT_SAN = {
|
|
@@ -26,26 +37,25 @@ const VALID_JWT_SAN = {
|
|
|
26
37
|
kid: 'kms://kms.example.com',
|
|
27
38
|
x5c: x5cSAN,
|
|
28
39
|
n: x5cSANModulus,
|
|
29
|
-
e: 'AQAB'
|
|
40
|
+
e: 'AQAB',
|
|
30
41
|
};
|
|
31
42
|
|
|
32
43
|
const validate = validateCert(caroots);
|
|
33
44
|
|
|
34
45
|
describe('internal-plugin-encryption', () => {
|
|
35
46
|
describe('kms-certificate-validation', () => {
|
|
36
|
-
it('validates a good JWT', () =>
|
|
37
|
-
.then((jwt) => assert.equal(jwt, VALID_JWT)));
|
|
47
|
+
it('validates a good JWT', () =>
|
|
48
|
+
validate(VALID_JWT).then((jwt) => assert.equal(jwt, VALID_JWT)));
|
|
38
49
|
|
|
39
|
-
it('validates a good JWT (SAN extension)', () =>
|
|
40
|
-
.then((validJwt) => assert.equal(validJwt, VALID_JWT_SAN)));
|
|
50
|
+
it('validates a good JWT (SAN extension)', () =>
|
|
51
|
+
validate(VALID_JWT_SAN).then((validJwt) => assert.equal(validJwt, VALID_JWT_SAN)));
|
|
41
52
|
|
|
42
|
-
it('rejects if `JWT` is undefined',
|
|
43
|
-
() => assert.isRejected(validate(), KMSError));
|
|
53
|
+
it('rejects if `JWT` is undefined', () => assert.isRejected(validate(), KMSError));
|
|
44
54
|
|
|
45
55
|
it('rejects if the `kty` is wrong.', () => {
|
|
46
56
|
const jwt = {
|
|
47
57
|
...VALID_JWT,
|
|
48
|
-
kty: 'WRONG'
|
|
58
|
+
kty: 'WRONG',
|
|
49
59
|
};
|
|
50
60
|
|
|
51
61
|
return assert.isRejected(validate(jwt), KMSError);
|
|
@@ -54,7 +64,7 @@ describe('internal-plugin-encryption', () => {
|
|
|
54
64
|
it('rejects if `kty` is not a string', () => {
|
|
55
65
|
const jwt = {
|
|
56
66
|
...VALID_JWT,
|
|
57
|
-
kty: {}
|
|
67
|
+
kty: {},
|
|
58
68
|
};
|
|
59
69
|
|
|
60
70
|
return assert.isRejected(validate(jwt), KMSError);
|
|
@@ -63,7 +73,7 @@ describe('internal-plugin-encryption', () => {
|
|
|
63
73
|
it('rejects if the `kid` is wrong', () => {
|
|
64
74
|
const jwt = {
|
|
65
75
|
...VALID_JWT,
|
|
66
|
-
kid: 'WRONG'
|
|
76
|
+
kid: 'WRONG',
|
|
67
77
|
};
|
|
68
78
|
|
|
69
79
|
return assert.isRejected(validate(jwt), KMSError);
|
|
@@ -72,7 +82,7 @@ describe('internal-plugin-encryption', () => {
|
|
|
72
82
|
it('rejects if the `kid` is not a string', () => {
|
|
73
83
|
const jwt = {
|
|
74
84
|
...VALID_JWT,
|
|
75
|
-
kid: {a: 1}
|
|
85
|
+
kid: {a: 1},
|
|
76
86
|
};
|
|
77
87
|
|
|
78
88
|
return assert.isRejected(validate(jwt), KMSError);
|
|
@@ -81,7 +91,7 @@ describe('internal-plugin-encryption', () => {
|
|
|
81
91
|
it('rejects if there is not a list of certificates', () => {
|
|
82
92
|
const jwt = {
|
|
83
93
|
...VALID_JWT,
|
|
84
|
-
x5c: undefined
|
|
94
|
+
x5c: undefined,
|
|
85
95
|
};
|
|
86
96
|
|
|
87
97
|
return assert.isRejected(validate(jwt), KMSError);
|
|
@@ -90,7 +100,7 @@ describe('internal-plugin-encryption', () => {
|
|
|
90
100
|
it('rejects if certificate list is not an array', () => {
|
|
91
101
|
const jwt = {
|
|
92
102
|
...VALID_JWT,
|
|
93
|
-
x5c: 'NOT AN ARRAY'
|
|
103
|
+
x5c: 'NOT AN ARRAY',
|
|
94
104
|
};
|
|
95
105
|
|
|
96
106
|
return assert.isRejected(validate(jwt), KMSError);
|
|
@@ -99,7 +109,7 @@ describe('internal-plugin-encryption', () => {
|
|
|
99
109
|
it('rejects if the certificate list is empty', () => {
|
|
100
110
|
const jwt = {
|
|
101
111
|
...VALID_JWT,
|
|
102
|
-
x5c: []
|
|
112
|
+
x5c: [],
|
|
103
113
|
};
|
|
104
114
|
|
|
105
115
|
return assert.isRejected(validate(jwt), KMSError);
|
|
@@ -108,7 +118,7 @@ describe('internal-plugin-encryption', () => {
|
|
|
108
118
|
it('rejects if the `kid` does not match the certificate', () => {
|
|
109
119
|
const jwt = {
|
|
110
120
|
...VALID_JWT,
|
|
111
|
-
kid: 'kms://not_correct.example.com'
|
|
121
|
+
kid: 'kms://not_correct.example.com',
|
|
112
122
|
};
|
|
113
123
|
|
|
114
124
|
return assert.isRejected(validate(jwt), KMSError);
|
|
@@ -117,7 +127,7 @@ describe('internal-plugin-encryption', () => {
|
|
|
117
127
|
it('rejects if the public exponent is wrong', () => {
|
|
118
128
|
const jwt = {
|
|
119
129
|
...VALID_JWT,
|
|
120
|
-
e: 'WRONG_VALUE'
|
|
130
|
+
e: 'WRONG_VALUE',
|
|
121
131
|
};
|
|
122
132
|
|
|
123
133
|
return assert.isRejected(validate(jwt), KMSError);
|
|
@@ -126,7 +136,7 @@ describe('internal-plugin-encryption', () => {
|
|
|
126
136
|
it('rejects if the modulus is wrong', () => {
|
|
127
137
|
const jwt = {
|
|
128
138
|
...VALID_JWT,
|
|
129
|
-
n: 'WRONG_VALUE'
|
|
139
|
+
n: 'WRONG_VALUE',
|
|
130
140
|
};
|
|
131
141
|
|
|
132
142
|
return assert.isRejected(validate(jwt), KMSError);
|
|
@@ -136,7 +146,7 @@ describe('internal-plugin-encryption', () => {
|
|
|
136
146
|
const jwt = {
|
|
137
147
|
...VALID_JWT,
|
|
138
148
|
x5c: x5cSelfSigned,
|
|
139
|
-
n: x5cSelfSignedModulus
|
|
149
|
+
n: x5cSelfSignedModulus,
|
|
140
150
|
};
|
|
141
151
|
|
|
142
152
|
return assert.isRejected(validate(jwt), KMSError);
|
|
@@ -146,11 +156,10 @@ describe('internal-plugin-encryption', () => {
|
|
|
146
156
|
const jwt = {
|
|
147
157
|
...VALID_JWT,
|
|
148
158
|
x5c: x5cSelfSigned,
|
|
149
|
-
n: x5cSelfSignedModulus
|
|
159
|
+
n: x5cSelfSignedModulus,
|
|
150
160
|
};
|
|
151
161
|
|
|
152
|
-
return validateCert()(jwt)
|
|
153
|
-
.then((results) => assert.equal(results, jwt));
|
|
162
|
+
return validateCert()(jwt).then((results) => assert.equal(results, jwt));
|
|
154
163
|
});
|
|
155
164
|
});
|
|
156
165
|
});
|