@webex/internal-plugin-encryption 3.0.0-beta.9 → 3.0.0-beta.90

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/README.md +1 -3
  2. package/dist/config.js +0 -9
  3. package/dist/config.js.map +1 -1
  4. package/dist/encryption.js +9 -60
  5. package/dist/encryption.js.map +1 -1
  6. package/dist/ensure-buffer.browser.js +0 -12
  7. package/dist/ensure-buffer.browser.js.map +1 -1
  8. package/dist/ensure-buffer.js +5 -12
  9. package/dist/ensure-buffer.js.map +1 -1
  10. package/dist/index.js +7 -33
  11. package/dist/index.js.map +1 -1
  12. package/dist/kms-batcher.js +6 -30
  13. package/dist/kms-batcher.js.map +1 -1
  14. package/dist/kms-certificate-validation.js +20 -88
  15. package/dist/kms-certificate-validation.js.map +1 -1
  16. package/dist/kms-dry-error-interceptor.js +1 -23
  17. package/dist/kms-dry-error-interceptor.js.map +1 -1
  18. package/dist/kms-errors.js +3 -50
  19. package/dist/kms-errors.js.map +1 -1
  20. package/dist/kms.js +74 -213
  21. package/dist/kms.js.map +1 -1
  22. package/package.json +15 -15
  23. package/src/config.js +3 -3
  24. package/src/encryption.js +66 -56
  25. package/src/ensure-buffer.browser.js +0 -1
  26. package/src/ensure-buffer.js +5 -5
  27. package/src/index.js +120 -96
  28. package/src/kms-batcher.js +50 -44
  29. package/src/kms-certificate-validation.js +45 -47
  30. package/src/kms-dry-error-interceptor.js +8 -4
  31. package/src/kms-errors.js +19 -16
  32. package/src/kms.js +210 -206
  33. package/test/integration/spec/encryption.js +311 -230
  34. package/test/integration/spec/kms.js +532 -404
  35. package/test/integration/spec/payload-transfom.js +69 -69
  36. package/test/unit/spec/encryption.js +16 -13
  37. package/test/unit/spec/kms-certificate-validation.js +41 -32
package/test/integration/spec/encryption.js CHANGED
@@ -17,39 +17,48 @@ describe('Encryption', function () {
17
17
 
18
18
  let key, user, webex;
19
19
 
20
- const PLAINTEXT = 'Admiral, if we go "by the book". like Lieutenant Saavik, hours could seem like days.';
20
+ const PLAINTEXT =
21
+ 'Admiral, if we go "by the book". like Lieutenant Saavik, hours could seem like days.';
21
22
  let FILE = makeLocalUrl('/sample-image-small-one.png');
22
23
 
23
- before('create test user', () => testUsers.create({count: 1})
24
- .then((users) => {
24
+ before('create test user', () =>
25
+ testUsers.create({count: 1}).then((users) => {
25
26
  user = users[0];
26
27
  webex = new WebexCore({
27
28
  credentials: {
28
- authorization: user.token
29
- }
29
+ authorization: user.token,
30
+ },
30
31
  });
31
32
  assert.isTrue(webex.isAuthenticated || webex.canAuthorize);
32
- }));
33
+ })
34
+ );
33
35
 
34
- before('create unbound key', () => webex.internal.encryption.kms.createUnboundKeys({count: 1})
35
- .then(([k]) => {
36
+ before('create unbound key', () =>
37
+ webex.internal.encryption.kms.createUnboundKeys({count: 1}).then(([k]) => {
36
38
  key = k;
37
- }));
39
+ })
40
+ );
38
41
 
39
- before('fetch file fixture', () => webex.request({
40
- uri: FILE,
41
- responseType: 'buffer'
42
- })
43
- .then((res) => { FILE = res.body; }));
42
+ before('fetch file fixture', () =>
43
+ webex
44
+ .request({
45
+ uri: FILE,
46
+ responseType: 'buffer',
47
+ })
48
+ .then((res) => {
49
+ FILE = res.body;
50
+ })
51
+ );
44
52
 
45
53
  after(() => webex && webex.internal.mercury.disconnect());
46
54
 
47
55
  describe('#decryptBinary()', () => {
48
- it('decrypts a binary file', () => webex.internal.encryption.encryptBinary(FILE)
49
- .then(({scr, cdata}) => {
56
+ it('decrypts a binary file', () =>
57
+ webex.internal.encryption.encryptBinary(FILE).then(({scr, cdata}) => {
50
58
  scr.loc = 'file:///file.enc';
51
59
 
52
- return webex.internal.encryption.encryptScr(key, scr)
60
+ return webex.internal.encryption
61
+ .encryptScr(key, scr)
53
62
  .then((cipherScr) => webex.internal.encryption.decryptScr(key, cipherScr))
54
63
  .then((decryptedScr) => webex.internal.encryption.decryptBinary(decryptedScr, cdata))
55
64
  .then((f) => {
@@ -61,47 +70,50 @@ describe('Encryption', function () {
61
70
  });
62
71
 
63
72
  describe('#decryptScr()', () => {
64
- it('decrypts an scr', () => webex.internal.encryption.encryptBinary(FILE)
65
- .then(({scr}) => {
73
+ it('decrypts an scr', () =>
74
+ webex.internal.encryption.encryptBinary(FILE).then(({scr}) => {
66
75
  scr.loc = 'file:///file.enc';
67
76
 
68
- return webex.internal.encryption.encryptScr(key, scr)
77
+ return webex.internal.encryption
78
+ .encryptScr(key, scr)
69
79
  .then((cipherScr) => webex.internal.encryption.decryptScr(key, cipherScr))
70
80
  .then((decryptedScr) => assert.deepEqual(decryptedScr, scr));
71
81
  }));
72
82
  });
73
83
 
74
84
  describe('#decryptText()', () => {
75
- it('decrypts text', () => webex.internal.encryption.encryptText(key, PLAINTEXT)
76
- .then((ciphertext) => {
77
- assert.notEqual(ciphertext, PLAINTEXT);
85
+ it('decrypts text', () =>
86
+ webex.internal.encryption
87
+ .encryptText(key, PLAINTEXT)
88
+ .then((ciphertext) => {
89
+ assert.notEqual(ciphertext, PLAINTEXT);
78
90
 
79
- return webex.internal.encryption.decryptText(key, ciphertext);
80
- })
81
- .then((plaintext) => assert.equal(plaintext, PLAINTEXT)));
91
+ return webex.internal.encryption.decryptText(key, ciphertext);
92
+ })
93
+ .then((plaintext) => assert.equal(plaintext, PLAINTEXT)));
82
94
  });
83
95
 
84
96
  describe('#getKey()', () => {
85
97
  let fetchKeySpy, otherWebex, otherUser, storageGetSpy;
86
98
 
87
- before('create test user', () => testUsers.create({count: 1})
88
- .then((users) => {
99
+ before('create test user', () =>
100
+ testUsers.create({count: 1}).then((users) => {
89
101
  otherUser = users[0];
90
102
  otherWebex = new WebexCore({
91
103
  credentials: {
92
- authorization: otherUser.token
93
- }
104
+ authorization: otherUser.token,
105
+ },
94
106
  });
95
107
  assert.isTrue(otherWebex.canAuthorize);
96
- }));
108
+ })
109
+ );
97
110
 
98
- before('create kms resource', () => webex.internal.encryption.kms.createResource({
99
- key,
100
- userIds: [
101
- webex.internal.device.userId,
102
- otherUser.id
103
- ]
104
- }));
111
+ before('create kms resource', () =>
112
+ webex.internal.encryption.kms.createResource({
113
+ key,
114
+ userIds: [webex.internal.device.userId, otherUser.id],
115
+ })
116
+ );
105
117
 
106
118
  after(() => otherWebex && otherWebex.internal.mercury.disconnect());
107
119
 
@@ -115,141 +127,173 @@ describe('Encryption', function () {
115
127
  storageGetSpy.restore();
116
128
  });
117
129
 
118
- it('shortcircuits if it receives a key instead of a keyUri', () => webex.internal.encryption.getKey(key)
119
- // Reminder: If this starts failing after a node-jose upgrade, it probably
120
- // implies node-jose stopped shortcircuiting correctly.
121
- .then((k) => assert.equal(k, key)));
122
-
123
- it('attempts to retrieve the specified key from the local cache', () => otherWebex.internal.encryption.getKey(key.uri)
124
- .then((k) => assert.calledWith(storageGetSpy, k.uri)));
125
-
126
- it('fetches the key from the kms', () => otherWebex.internal.encryption.unboundedStorage.del(key.uri)
127
- .then(() => assert.notCalled(fetchKeySpy))
128
- .then(() => otherWebex.internal.encryption.getKey(key.uri))
129
- .then(() => assert.calledOnce(fetchKeySpy)));
130
-
131
- it('stores the newly retrieved key', () => otherWebex.internal.encryption.getKey(key.uri)
132
- .then((k) => otherWebex.internal.encryption.unboundedStorage.get(k.uri))
133
- .then((str) => JSON.parse(str))
134
- .then((k2) => {
135
- assert.property(k2, 'jwk');
136
- assert.property(k2.jwk, 'k');
137
- assert.equal(key.jwk.kid, k2.jwk.kid);
138
- }));
130
+ it('shortcircuits if it receives a key instead of a keyUri', () =>
131
+ webex.internal.encryption
132
+ .getKey(key)
133
+ // Reminder: If this starts failing after a node-jose upgrade, it probably
134
+ // implies node-jose stopped shortcircuiting correctly.
135
+ .then((k) => assert.equal(k, key)));
136
+
137
+ it('attempts to retrieve the specified key from the local cache', () =>
138
+ otherWebex.internal.encryption
139
+ .getKey(key.uri)
140
+ .then((k) => assert.calledWith(storageGetSpy, k.uri)));
141
+
142
+ it('fetches the key from the kms', () =>
143
+ otherWebex.internal.encryption.unboundedStorage
144
+ .del(key.uri)
145
+ .then(() => assert.notCalled(fetchKeySpy))
146
+ .then(() => otherWebex.internal.encryption.getKey(key.uri))
147
+ .then(() => assert.calledOnce(fetchKeySpy)));
148
+
149
+ it('stores the newly retrieved key', () =>
150
+ otherWebex.internal.encryption
151
+ .getKey(key.uri)
152
+ .then((k) => otherWebex.internal.encryption.unboundedStorage.get(k.uri))
153
+ .then((str) => JSON.parse(str))
154
+ .then((k2) => {
155
+ assert.property(k2, 'jwk');
156
+ assert.property(k2.jwk, 'k');
157
+ assert.equal(key.jwk.kid, k2.jwk.kid);
158
+ }));
139
159
  });
140
160
 
141
161
  describe('#download()', () => {
142
- it('downloads and decrypts an encrypted file', () => webex.internal.encryption.encryptBinary(FILE)
143
- .then(({scr, cdata}) => webex.request({
144
- method: 'POST',
145
- uri: makeLocalUrl('/files/upload'),
146
- body: cdata
147
- })
148
- .then((res) => {
149
- scr.loc = makeLocalUrl(res.body.loc, {full: true});
150
-
151
- return webex.internal.encryption.encryptScr(key, scr);
152
- }))
153
- .then((cipherScr) => webex.internal.encryption.decryptScr(key, cipherScr))
154
- .then((scr) => webex.internal.encryption.download(scr))
155
- .then((f) => file.isMatchingFile(f, FILE)
156
- .then((result) => assert.deepEqual(result, true))));
157
-
158
- it('downloads and decrypts an encrypted file with options param', () => webex.internal.encryption.encryptBinary(FILE)
159
- .then(({scr, cdata}) => webex.request({
160
- method: 'POST',
161
- uri: makeLocalUrl('/files/upload'),
162
- body: cdata
163
- })
164
- .then((res) => {
165
- scr.loc = makeLocalUrl(res.body.loc, {full: true});
166
-
167
- return webex.internal.encryption.encryptScr(key, scr);
168
- }))
169
- .then((cipherScr) => webex.internal.encryption.decryptScr(key, cipherScr))
170
- .then((scr) => {
171
- const options = {
172
- params: {
173
- allow: 'none'
174
- }
175
- };
176
-
177
- return webex.internal.encryption.download(scr, options);
178
- })
179
- .then((f) => file.isMatchingFile(f, FILE))
180
- .then((result) => assert.deepEqual(result, true)));
162
+ it('downloads and decrypts an encrypted file', () =>
163
+ webex.internal.encryption
164
+ .encryptBinary(FILE)
165
+ .then(({scr, cdata}) =>
166
+ webex
167
+ .request({
168
+ method: 'POST',
169
+ uri: makeLocalUrl('/files/upload'),
170
+ body: cdata,
171
+ })
172
+ .then((res) => {
173
+ scr.loc = makeLocalUrl(res.body.loc, {full: true});
174
+
175
+ return webex.internal.encryption.encryptScr(key, scr);
176
+ })
177
+ )
178
+ .then((cipherScr) => webex.internal.encryption.decryptScr(key, cipherScr))
179
+ .then((scr) => webex.internal.encryption.download(scr))
180
+ .then((f) =>
181
+ file.isMatchingFile(f, FILE).then((result) => assert.deepEqual(result, true))
182
+ ));
183
+
184
+ it('downloads and decrypts an encrypted file with options param', () =>
185
+ webex.internal.encryption
186
+ .encryptBinary(FILE)
187
+ .then(({scr, cdata}) =>
188
+ webex
189
+ .request({
190
+ method: 'POST',
191
+ uri: makeLocalUrl('/files/upload'),
192
+ body: cdata,
193
+ })
194
+ .then((res) => {
195
+ scr.loc = makeLocalUrl(res.body.loc, {full: true});
196
+
197
+ return webex.internal.encryption.encryptScr(key, scr);
198
+ })
199
+ )
200
+ .then((cipherScr) => webex.internal.encryption.decryptScr(key, cipherScr))
201
+ .then((scr) => {
202
+ const options = {
203
+ params: {
204
+ allow: 'none',
205
+ },
206
+ };
207
+
208
+ return webex.internal.encryption.download(scr, options);
209
+ })
210
+ .then((f) => file.isMatchingFile(f, FILE))
211
+ .then((result) => assert.deepEqual(result, true)));
181
212
 
182
213
  it('emits progress events', () => {
183
214
  const spy = sinon.spy();
184
215
 
185
- return webex.internal.encryption.encryptBinary(FILE)
186
- .then(({scr, cdata}) => webex.request({
187
- method: 'POST',
188
- uri: makeLocalUrl('/files/upload'),
189
- body: cdata
190
- })
191
- .then((res) => {
192
- scr.loc = makeLocalUrl(res.body.loc, {full: true});
193
-
194
- return webex.internal.encryption.encryptScr(key, scr);
195
- }))
216
+ return webex.internal.encryption
217
+ .encryptBinary(FILE)
218
+ .then(({scr, cdata}) =>
219
+ webex
220
+ .request({
221
+ method: 'POST',
222
+ uri: makeLocalUrl('/files/upload'),
223
+ body: cdata,
224
+ })
225
+ .then((res) => {
226
+ scr.loc = makeLocalUrl(res.body.loc, {full: true});
227
+
228
+ return webex.internal.encryption.encryptScr(key, scr);
229
+ })
230
+ )
196
231
  .then((cipherScr) => webex.internal.encryption.decryptScr(key, cipherScr))
197
- .then((scr) => webex.internal.encryption.download(scr)
198
- .on('progress', spy))
232
+ .then((scr) => webex.internal.encryption.download(scr).on('progress', spy))
199
233
  .then(() => assert.called(spy));
200
234
  });
201
235
 
202
- it('checks body of the API call /downloads/endpoints', () => webex.internal.encryption.encryptBinary(FILE)
203
- .then(({scr, cdata}) => webex.request({
204
- method: 'POST',
205
- uri: makeLocalUrl('/files/upload'),
206
- body: cdata
207
- })
208
- .then((res) => {
209
- scr.loc = makeLocalUrl(res.body.loc, {full: true});
210
-
211
- return webex.internal.encryption.encryptScr(key, scr);
212
- }))
213
- .then((cipherScr) => webex.internal.encryption.decryptScr(key, cipherScr))
214
- .then((scr) => {
215
- const options = {
216
- params: {
217
- allow: ['unchecked', 'evaluating']
218
- }
219
- };
220
-
221
- return webex.internal.encryption.download(scr, options);
222
- })
223
- .then((f) => file.isMatchingFile(f, FILE))
224
- .then((result) => assert.deepEqual(result, true)));
225
-
226
- it('checks _fetchDownloadUrl()', () => webex.internal.encryption.encryptBinary(FILE)
227
- .then(({scr, cdata}) => webex.request({
228
- method: 'POST',
229
- uri: makeLocalUrl('/files/upload'),
230
- body: cdata
231
- })
232
- .then((res) => {
233
- scr.loc = makeLocalUrl(res.body.loc, {full: true});
234
-
235
- return webex.internal.encryption.encryptScr(key, scr);
236
- }))
237
- .then((cipherScr) => webex.internal.encryption.decryptScr(key, cipherScr))
238
- .then((scr) => {
239
- const options = {
240
- params: {
241
- allow: ['unchecked', 'evaluating']
242
- }
243
- };
244
-
245
- return webex.internal.encryption._fetchDownloadUrl(scr, options);
246
- })
247
- .then((result) => assert.isString(result)));
236
+ it('checks body of the API call /downloads/endpoints', () =>
237
+ webex.internal.encryption
238
+ .encryptBinary(FILE)
239
+ .then(({scr, cdata}) =>
240
+ webex
241
+ .request({
242
+ method: 'POST',
243
+ uri: makeLocalUrl('/files/upload'),
244
+ body: cdata,
245
+ })
246
+ .then((res) => {
247
+ scr.loc = makeLocalUrl(res.body.loc, {full: true});
248
+
249
+ return webex.internal.encryption.encryptScr(key, scr);
250
+ })
251
+ )
252
+ .then((cipherScr) => webex.internal.encryption.decryptScr(key, cipherScr))
253
+ .then((scr) => {
254
+ const options = {
255
+ params: {
256
+ allow: ['unchecked', 'evaluating'],
257
+ },
258
+ };
259
+
260
+ return webex.internal.encryption.download(scr, options);
261
+ })
262
+ .then((f) => file.isMatchingFile(f, FILE))
263
+ .then((result) => assert.deepEqual(result, true)));
264
+
265
+ it('checks _fetchDownloadUrl()', () =>
266
+ webex.internal.encryption
267
+ .encryptBinary(FILE)
268
+ .then(({scr, cdata}) =>
269
+ webex
270
+ .request({
271
+ method: 'POST',
272
+ uri: makeLocalUrl('/files/upload'),
273
+ body: cdata,
274
+ })
275
+ .then((res) => {
276
+ scr.loc = makeLocalUrl(res.body.loc, {full: true});
277
+
278
+ return webex.internal.encryption.encryptScr(key, scr);
279
+ })
280
+ )
281
+ .then((cipherScr) => webex.internal.encryption.decryptScr(key, cipherScr))
282
+ .then((scr) => {
283
+ const options = {
284
+ params: {
285
+ allow: ['unchecked', 'evaluating'],
286
+ },
287
+ };
288
+
289
+ return webex.internal.encryption._fetchDownloadUrl(scr, options);
290
+ })
291
+ .then((result) => assert.isString(result)));
248
292
  });
249
293
 
250
294
  describe('#encryptBinary()', () => {
251
- it('encrypts a binary file', () => webex.internal.encryption.encryptBinary(FILE)
252
- .then(({scr, cdata}) => {
295
+ it('encrypts a binary file', () =>
296
+ webex.internal.encryption.encryptBinary(FILE).then(({scr, cdata}) => {
253
297
  assert.property(scr, 'enc');
254
298
  assert.property(scr, 'key');
255
299
  assert.property(scr, 'iv');
@@ -262,106 +306,143 @@ describe('Encryption', function () {
262
306
  });
263
307
 
264
308
  describe('#encryptScr()', () => {
265
- it('encrypts an scr', () => webex.internal.encryption.encryptBinary(FILE)
266
- .then(({scr}) => {
267
- scr.loc = 'file:///file.enc';
309
+ it('encrypts an scr', () =>
310
+ webex.internal.encryption
311
+ .encryptBinary(FILE)
312
+ .then(({scr}) => {
313
+ scr.loc = 'file:///file.enc';
268
314
 
269
- return webex.internal.encryption.encryptScr(key, scr);
270
- })
271
- .then((cipherScr) => assert.isString(cipherScr)));
315
+ return webex.internal.encryption.encryptScr(key, scr);
316
+ })
317
+ .then((cipherScr) => assert.isString(cipherScr)));
272
318
  });
273
319
 
274
320
  describe('#encryptText()', () => {
275
- it('encrypts text', () => webex.internal.encryption.encryptText(key, PLAINTEXT)
276
- .then((ciphertext) => assert.notEqual(ciphertext, PLAINTEXT)));
321
+ it('encrypts text', () =>
322
+ webex.internal.encryption
323
+ .encryptText(key, PLAINTEXT)
324
+ .then((ciphertext) => assert.notEqual(ciphertext, PLAINTEXT)));
277
325
  });
278
326
 
279
327
  describe('#onBehalfOf', () => {
280
328
  let complianceUser;
281
329
 
282
- before('create compliance officer test user', () => testUsers.create({
283
- count: 1,
284
- config: {
285
- roles: [{name: 'spark.kms_orgagent'}]
286
- }
287
- })
288
- .then((users) => {
289
- complianceUser = users[0];
290
- complianceUser.webex = new WebexCore({
291
- credentials: {
292
- authorization: complianceUser.token
293
- }
294
- });
295
- assert.isTrue(complianceUser.webex.canAuthorize);
296
- }));
330
+ before('create compliance officer test user', () =>
331
+ testUsers
332
+ .create({
333
+ count: 1,
334
+ config: {
335
+ roles: [{name: 'spark.kms_orgagent'}],
336
+ },
337
+ })
338
+ .then((users) => {
339
+ complianceUser = users[0];
340
+ complianceUser.webex = new WebexCore({
341
+ credentials: {
342
+ authorization: complianceUser.token,
343
+ },
344
+ });
345
+ assert.isTrue(complianceUser.webex.canAuthorize);
346
+ })
347
+ );
297
348
 
298
349
  after(() => complianceUser && complianceUser.webex.internal.mercury.disconnect());
299
350
 
300
- it('decrypt text', () => webex.internal.encryption.encryptText(key, PLAINTEXT)
301
- .then((ciphertext) => {
302
- assert.notEqual(ciphertext, PLAINTEXT);
351
+ it('decrypt text', () =>
352
+ webex.internal.encryption
353
+ .encryptText(key, PLAINTEXT)
354
+ .then((ciphertext) => {
355
+ assert.notEqual(ciphertext, PLAINTEXT);
303
356
 
304
- return complianceUser.webex.internal.encryption.decryptText(key, ciphertext, {onBehalfOf: user.id});
305
- })
306
- .then((plaintext) => assert.equal(plaintext, PLAINTEXT)));
357
+ return complianceUser.webex.internal.encryption.decryptText(key, ciphertext, {
358
+ onBehalfOf: user.id,
359
+ });
360
+ })
361
+ .then((plaintext) => assert.equal(plaintext, PLAINTEXT)));
307
362
 
308
- it('encrypt and decrypt text', () => complianceUser.webex.internal.encryption.encryptText(key, PLAINTEXT, {onBehalfOf: user.id})
309
- .then((ciphertext) => {
310
- assert.notEqual(ciphertext, PLAINTEXT);
363
+ it('encrypt and decrypt text', () =>
364
+ complianceUser.webex.internal.encryption
365
+ .encryptText(key, PLAINTEXT, {onBehalfOf: user.id})
366
+ .then((ciphertext) => {
367
+ assert.notEqual(ciphertext, PLAINTEXT);
311
368
 
312
- return complianceUser.webex.internal.encryption.decryptText(key, ciphertext, {onBehalfOf: user.id});
313
- })
314
- .then((plaintext) => assert.equal(plaintext, PLAINTEXT)));
369
+ return complianceUser.webex.internal.encryption.decryptText(key, ciphertext, {
370
+ onBehalfOf: user.id,
371
+ });
372
+ })
373
+ .then((plaintext) => assert.equal(plaintext, PLAINTEXT)));
315
374
 
316
- it('decrypt scr', () => webex.internal.encryption.encryptBinary(FILE)
317
- .then(({scr}) => {
375
+ it('decrypt scr', () =>
376
+ webex.internal.encryption.encryptBinary(FILE).then(({scr}) => {
318
377
  scr.loc = 'file:///file.enc';
319
378
 
320
- return webex.internal.encryption.encryptScr(key, scr)
321
- .then((cipherScr) => complianceUser.webex.internal.encryption.decryptScr(key, cipherScr, {onBehalfOf: user.id}))
379
+ return webex.internal.encryption
380
+ .encryptScr(key, scr)
381
+ .then((cipherScr) =>
382
+ complianceUser.webex.internal.encryption.decryptScr(key, cipherScr, {
383
+ onBehalfOf: user.id,
384
+ })
385
+ )
322
386
  .then((decryptedScr) => assert.deepEqual(decryptedScr, scr));
323
387
  }));
324
388
 
325
- it('decrypt scr', () => webex.internal.encryption.encryptBinary(FILE)
326
- .then(({scr}) => {
389
+ it('decrypt scr', () =>
390
+ webex.internal.encryption.encryptBinary(FILE).then(({scr}) => {
327
391
  scr.loc = 'file:///file.enc';
328
392
 
329
- return complianceUser.webex.internal.encryption.encryptScr(key, scr, {onBehalfOf: user.id})
330
- .then((cipherScr) => complianceUser.webex.internal.encryption.decryptScr(key, cipherScr, {onBehalfOf: user.id}))
393
+ return complianceUser.webex.internal.encryption
394
+ .encryptScr(key, scr, {onBehalfOf: user.id})
395
+ .then((cipherScr) =>
396
+ complianceUser.webex.internal.encryption.decryptScr(key, cipherScr, {
397
+ onBehalfOf: user.id,
398
+ })
399
+ )
331
400
  .then((decryptedScr) => assert.deepEqual(decryptedScr, scr));
332
401
  }));
333
402
 
334
- it('getKey', () => complianceUser.webex.internal.encryption.getKey(key.uri, {onBehalfOf: user.id})
335
- .then((key2) => {
336
- assert.property(key2, 'uri');
337
- assert.property(key2, 'jwk');
338
- assert.notEqual(key2, key);
339
- assert.equal(key2.uri, key.uri);
340
- }));
341
-
342
- it('getKey forbidden as compliance officer does not have access', () => complianceUser.webex.internal.encryption.getKey(key.uri)
343
- .then(
403
+ it('getKey', () =>
404
+ complianceUser.webex.internal.encryption
405
+ .getKey(key.uri, {onBehalfOf: user.id})
406
+ .then((key2) => {
407
+ assert.property(key2, 'uri');
408
+ assert.property(key2, 'jwk');
409
+ assert.notEqual(key2, key);
410
+ assert.equal(key2.uri, key.uri);
411
+ }));
412
+
413
+ it('getKey forbidden as compliance officer does not have access', () =>
414
+ complianceUser.webex.internal.encryption.getKey(key.uri).then(
344
415
  (value) => expect.fail(`Compliance officer has retrieved key without onBehalfOf: ${value}`),
345
416
  (error) => expect(error.body.status).to.equal(403)
346
417
  ));
347
418
 
348
- it('getKey forbidden as user does not have access', () => complianceUser.webex.internal.encryption.getKey(key.uri, {onBehalfOf: '7851fe79-7c87-40cc-ac36-8b77b011b399'})
349
- .then(
350
- (value) => expect.fail(`Should not be found as 7851fe79-7c87-40cc-ac36-8b77b011b399 does not have access ${value}`),
351
- (error) => expect(error.body.status).to.equal(403)
352
- ));
353
-
354
- it('getKey onBehalfOf and then by compliance officer only', () => complianceUser.webex.internal.encryption.getKey(key.uri, {onBehalfOf: user.id})
355
- .then((key2) => {
356
- assert.property(key2, 'uri');
357
- assert.property(key2, 'jwk');
358
- assert.notEqual(key2, key);
359
- assert.equal(key2.uri, key.uri);
360
- })
361
- .then(() => complianceUser.webex.internal.encryption.getKey(key.uri))
362
- .then(
363
- (value) => expect.fail(`Compliance should no longer be able to retrieve key as onBehalfOf was not set: ${value}`),
364
- (error) => expect(error.body.status).to.equal(403)
365
- ));
419
+ it('getKey forbidden as user does not have access', () =>
420
+ complianceUser.webex.internal.encryption
421
+ .getKey(key.uri, {onBehalfOf: '7851fe79-7c87-40cc-ac36-8b77b011b399'})
422
+ .then(
423
+ (value) =>
424
+ expect.fail(
425
+ `Should not be found as 7851fe79-7c87-40cc-ac36-8b77b011b399 does not have access ${value}`
426
+ ),
427
+ (error) => expect(error.body.status).to.equal(403)
428
+ ));
429
+
430
+ it('getKey onBehalfOf and then by compliance officer only', () =>
431
+ complianceUser.webex.internal.encryption
432
+ .getKey(key.uri, {onBehalfOf: user.id})
433
+ .then((key2) => {
434
+ assert.property(key2, 'uri');
435
+ assert.property(key2, 'jwk');
436
+ assert.notEqual(key2, key);
437
+ assert.equal(key2.uri, key.uri);
438
+ })
439
+ .then(() => complianceUser.webex.internal.encryption.getKey(key.uri))
440
+ .then(
441
+ (value) =>
442
+ expect.fail(
443
+ `Compliance should no longer be able to retrieve key as onBehalfOf was not set: ${value}`
444
+ ),
445
+ (error) => expect(error.body.status).to.equal(403)
446
+ ));
366
447
  });
367
448
  });