@webex/internal-plugin-encryption 3.0.0-beta.9 → 3.0.0-bnr.2

package/src/kms-certificate-validation.js

@@ -7,7 +7,7 @@ import {
   RSAPublicKey,
   CertificateChainValidationEngine,
   CryptoEngine,
-  setEngine
+  setEngine,
 } from 'pkijs';
 import {isArray} from 'lodash';
 import jose from 'node-jose';
@@ -20,7 +20,7 @@ setEngine(
   new CryptoEngine({
     name: '',
     crypto,
-    subtle: crypto.subtle
+    subtle: crypto.subtle,
   })
 );
 
@@ -83,7 +83,7 @@ const validateKtyHeader = ({kty}) => {
 
 const validateKidHeader = ({kid}) => {
   if (!isUri(kid)) {
-    throwError('\'kid\' is not a valid URI');
+    throwError("'kid' is not a valid URI");
   }
 
   if (parseUrl(kid).protocol !== VALID_KID_PROTOCOL) {
@@ -144,7 +144,7 @@ const validateCommonName = ([certificate], {kid}) => {
   }
 
   if (!validationSuccessful) {
-    throwError('hostname of the 1st certificate does not match \'kid\'');
+    throwError("hostname of the 1st certificate does not match 'kid'");
   }
 };
 
@@ -158,23 +158,22 @@ const validateCommonName = ([certificate], {kid}) => {
  * @throws {KMSError} if e or n doesn't match the first certificate
  * @returns {void}
  */
-const validatePublicCertificate =
-  ([certificate], {e: publicExponent, n: modulus}) => {
-    const {encode} = jose.util.base64url;
-
-    const publicKey = certificate.subjectPublicKeyInfo.subjectPublicKey;
-    const asn1PublicCert = fromBER(publicKey.valueBlock.valueHex);
-    const publicCert = new RSAPublicKey({schema: asn1PublicCert.result});
-    const publicExponentHex = publicCert.publicExponent.valueBlock.valueHex;
-    const modulusHex = publicCert.modulus.valueBlock.valueHex;
-
-    if (publicExponent !== encode(publicExponentHex)) {
-      throwError('Public exponent is invalid');
-    }
-    if (modulus !== encode(modulusHex)) {
-      throwError('Modulus is invalid');
-    }
-  };
+const validatePublicCertificate = ([certificate], {e: publicExponent, n: modulus}) => {
+  const {encode} = jose.util.base64url;
+
+  const publicKey = certificate.subjectPublicKeyInfo.subjectPublicKey;
+  const asn1PublicCert = fromBER(publicKey.valueBlock.valueHex);
+  const publicCert = new RSAPublicKey({schema: asn1PublicCert.result});
+  const publicExponentHex = publicCert.publicExponent.valueBlock.valueHex;
+  const modulusHex = publicCert.modulus.valueBlock.valueHex;
+
+  if (publicExponent !== encode(publicExponentHex)) {
+    throwError('Public exponent is invalid');
+  }
+  if (modulus !== encode(modulusHex)) {
+    throwError('Modulus is invalid');
+  }
+};
 
 /**
  * Validates the list of certificates against the CAs provided
@@ -187,17 +186,14 @@ const validatePublicCertificate =
 const validateCertificatesSignature = (certificates, caroots = []) => {
   const certificateEngine = new CertificateChainValidationEngine({
     trustedCerts: caroots.map(decodeCert),
-    certs: certificates
+    certs: certificates,
   });
 
-  return certificateEngine.verify()
-    .then(({result, resultCode, resultMessage}) => {
-      if (!result) {
-        throwError(
-          `Certificate Validation failed [${resultCode}]: ${resultMessage}`
-        );
-      }
-    });
+  return certificateEngine.verify().then(({result, resultCode, resultMessage}) => {
+    if (!result) {
+      throwError(`Certificate Validation failed [${resultCode}]: ${resultMessage}`);
+    }
+  });
 };
 
 /**
@@ -210,25 +206,27 @@ const validateCertificatesSignature = (certificates, caroots = []) => {
  *   validate the KMS
  * @returns {Promise} when resolved will return the jwt
  */
-const validateKMS = (caroots) => (jwt = {}) => Promise.resolve()
-  .then(() => {
-    validateKtyHeader(jwt);
-    validateKidHeader(jwt);
-
-    if (!(isArray(jwt.x5c) && jwt.x5c.length > 0)) {
-      throwError('JWK does not contain a list of certificates');
-    }
-    const certificates = jwt.x5c.map(decodeCert);
+const validateKMS =
+  (caroots) =>
+  (jwt = {}) =>
+    Promise.resolve().then(() => {
+      validateKtyHeader(jwt);
+      validateKidHeader(jwt);
+
+      if (!(isArray(jwt.x5c) && jwt.x5c.length > 0)) {
+        throwError('JWK does not contain a list of certificates');
+      }
+      const certificates = jwt.x5c.map(decodeCert);
 
-    validateCommonName(certificates, jwt);
-    validatePublicCertificate(certificates, jwt);
+      validateCommonName(certificates, jwt);
+      validatePublicCertificate(certificates, jwt);
 
-    // Skip validating signatures if no CA roots were provided
-    const promise = caroots ?
-      validateCertificatesSignature(certificates, caroots) : Promise.resolve();
+      // Skip validating signatures if no CA roots were provided
+      const promise = caroots
+        ? validateCertificatesSignature(certificates, caroots)
+        : Promise.resolve();
 
-    return promise
-      .then(() => jwt);
-  });
+      return promise.then(() => jwt);
+    });
 
 export default validateKMS;

package/src/kms-dry-error-interceptor.js

@@ -24,7 +24,10 @@ export default class KmsDryErrorInterceptor extends Interceptor {
    * @returns {Promise}
    */
   onResponseError(options, reason) {
-    if (reason instanceof DryError && reason.message.match(/Failed to resolve authorization token in KmsMessage request for user/)) {
+    if (
+      reason instanceof DryError &&
+      reason.message.match(/Failed to resolve authorization token in KmsMessage request for user/)
+    ) {
       this.webex.logger.error('DRY Request Failed due to kms/test-user flakiness');
       this.webex.logger.error(reason);
 
@@ -43,13 +46,14 @@ export default class KmsDryErrorInterceptor extends Interceptor {
   replay(options, reason) {
     if (options.replayCount) {
       options.replayCount += 1;
-    }
-    else {
+    } else {
       options.replayCount = 1;
     }
 
     if (options.replayCount > this.webex.config.maxAuthenticationReplays) {
-      this.webex.logger.error(`kms: failed after ${this.webex.config.maxAuthenticationReplays} replay attempts`);
+      this.webex.logger.error(
+        `kms: failed after ${this.webex.config.maxAuthenticationReplays} replay attempts`
+      );
 
       return Promise.reject(reason);
     }

package/src/kms-errors.js

@@ -9,7 +9,8 @@ import {WebexHttpError} from '@webex/webex-core';
  * Error class for KMS errors
  */
 export class KmsError extends Exception {
-  static defaultMessage = 'An unknown error occurred while communicating with the kms. This implies we received an error response without a body.';
+  static defaultMessage =
+    'An unknown error occurred while communicating with the kms. This implies we received an error response without a body.';
 
   /**
    * @param {HttpResponse} body
@@ -21,20 +22,20 @@ export class KmsError extends Exception {
     Object.defineProperties(this, {
       body: {
         enumerable: false,
-        value: body
+        value: body,
       },
       reason: {
         enumerable: false,
-        value: body.reason
+        value: body.reason,
       },
       requestId: {
         enumerable: false,
-        value: body.requestId
+        value: body.requestId,
       },
       status: {
         enumerable: false,
-        value: body.status
-      }
+        value: body.status,
+      },
     });
 
     let message = typeof body === 'string' ? body : body.reason;
@@ -63,7 +64,9 @@ export class KmsTimeoutError extends KmsError {
    * @returns {string}
    */
   parse({request = {}, timeout} = {}) {
-    let message = `The KMS did not respond within ${timeout ? `${timeout} milliseconds` : 'a timely fashion'}`;
+    let message = `The KMS did not respond within ${
+      timeout ? `${timeout} milliseconds` : 'a timely fashion'
+    }`;
 
     if (request) {
       if (request.method && request.uri) {
@@ -100,12 +103,12 @@ export class DryError extends WebexHttpError {
     }
     if (this.options.url) {
       message += `\n${this.options.method} ${this.options.url}`;
-    }
-    else if (this.options.uri) {
+    } else if (this.options.uri) {
       message += `\n${this.options.method} ${this.options.uri}`;
-    }
-    else {
-      message += `\n${this.options.method} ${this.options.service.toUpperCase()}/${this.options.resource}`;
+    } else {
+      message += `\n${this.options.method} ${this.options.service.toUpperCase()}/${
+        this.options.resource
+      }`;
     }
     message += `\nWEBEX_TRACKING_ID: ${this.options.headers.trackingid}`;
 
@@ -119,16 +122,16 @@ export class DryError extends WebexHttpError {
     Object.defineProperties(this, {
       reason: {
         enumerable: false,
-        value: body.reason
+        value: body.reason,
       },
       requestId: {
         enumerable: false,
-        value: body.requestId
+        value: body.requestId,
       },
       status: {
         enumerable: false,
-        value: body.status
-      }
+        value: body.status,
+      },
     });
 
     return message;