@webex/internal-plugin-encryption 3.0.0-bnr.4 → 3.0.0-next.1

package/package.json

@@ -1,6 +1,5 @@
 {
   "name": "@webex/internal-plugin-encryption",
-  "version": "3.0.0-bnr.4",
   "description": "",
   "license": "MIT",
   "main": "dist/index.js",
@@ -24,22 +23,28 @@
     ]
   },
   "devDependencies": {
-    "@webex/test-helper-chai": "workspace:^",
-    "@webex/test-helper-make-local-url": "workspace:^",
-    "@webex/test-helper-mocha": "workspace:^",
-    "@webex/test-helper-mock-webex": "workspace:^",
-    "@webex/test-helper-test-users": "workspace:^",
+    "@babel/core": "^7.17.10",
+    "@webex/babel-config-legacy": "0.0.0",
+    "@webex/eslint-config-legacy": "0.0.0",
+    "@webex/jest-config-legacy": "0.0.0",
+    "@webex/legacy-tools": "0.0.0",
+    "@webex/test-helper-chai": "3.0.0-next.1",
+    "@webex/test-helper-make-local-url": "3.0.0-next.1",
+    "@webex/test-helper-mocha": "3.0.0-next.1",
+    "@webex/test-helper-mock-webex": "3.0.0-next.1",
+    "@webex/test-helper-test-users": "3.0.0-next.1",
+    "eslint": "^8.24.0",
+    "prettier": "^2.7.1",
     "sinon": "^9.2.4"
   },
   "dependencies": {
-    "@webex/common": "workspace:^",
-    "@webex/common-timers": "workspace:^",
-    "@webex/http-core": "workspace:^",
-    "@webex/internal-plugin-device": "workspace:^",
-    "@webex/internal-plugin-encryption": "workspace:^",
-    "@webex/internal-plugin-mercury": "workspace:^",
-    "@webex/test-helper-file": "workspace:^",
-    "@webex/webex-core": "workspace:^",
+    "@webex/common": "3.0.0-next.1",
+    "@webex/common-timers": "3.0.0-next.1",
+    "@webex/http-core": "3.0.0-next.1",
+    "@webex/internal-plugin-device": "3.0.0-next.1",
+    "@webex/internal-plugin-mercury": "3.0.0-next.1",
+    "@webex/test-helper-file": "3.0.0-next.1",
+    "@webex/webex-core": "3.0.0-next.1",
     "asn1js": "^2.0.26",
     "debug": "^4.3.4",
     "isomorphic-webcrypto": "^2.3.8",
@@ -51,5 +56,16 @@
     "safe-buffer": "^5.2.0",
     "uuid": "^3.3.2",
     "valid-url": "^1.0.9"
-  }
-}
+  },
+  "scripts": {
+    "build": "yarn build:src",
+    "build:src": "webex-legacy-tools build -dest \"./dist\" -src \"./src\" -js -ts -maps",
+    "deploy:npm": "yarn npm publish",
+    "test": "yarn test:style && yarn test:unit && yarn test:integration && yarn test:browser",
+    "test:browser": "webex-legacy-tools test --integration --runner karma",
+    "test:integration": "webex-legacy-tools test --integration --runner mocha",
+    "test:style": "eslint ./src/**/*.*",
+    "test:unit": "webex-legacy-tools test --unit --runner jest"
+  },
+  "version": "3.0.0-next.1"
+}

package/process

@@ -0,0 +1 @@
+module.exports = {browser: true};

package/src/constants.js

@@ -0,0 +1,3 @@
+export const KMS_KEY_REVOKE_FAILURE = 'event:kms:key:revoke:encryption:failure';
+export const KMS_KEY_REVOKE_ERROR_STATUS = 405;
+export const KMS_KEY_REVOKE_ERROR_CODES = [405005, 405006];

package/src/encryption.js

@@ -67,19 +67,19 @@ const Encryption = WebexPlugin.extend({
 
   /**
    * Validate and initiate a Download request for requested file
-   *
+   * @param {Object} fileUrl - Plaintext
    * @param {Object} scr - Plaintext
    * @param {Object} options - optional parameters to download a file
    * @returns {promise}
    */
-  download(scr, options) {
+  download(fileUrl, scr, options) {
     /* istanbul ignore if */
-    if (!scr.loc) {
-      return Promise.reject(new Error('`scr.loc` is required'));
+    if (!fileUrl || !scr) {
+      return Promise.reject(new Error('`scr` and `fileUrl` are required'));
     }
 
     const shunt = new EventEmitter();
-    const promise = this._fetchDownloadUrl(scr, options)
+    const promise = this._fetchDownloadUrl(fileUrl, options)
       .then((uri) => {
         // eslint-disable-next-line no-shadow
         const options = {
@@ -103,26 +103,25 @@ const Encryption = WebexPlugin.extend({
 
   /**
    * Fetch Download URL for the requested file
-   *
-   * @param {Object} scr - Plaintext
+   * @param {Object} fileUrl - Plaintext
    * @param {Object} options - optional parameters to download a file
    * @returns {promise} url of the downloadable file
    */
-  _fetchDownloadUrl(scr, options) {
+  _fetchDownloadUrl(fileUrl, options) {
     this.logger.info('encryption: retrieving download url for encrypted file');
 
-    if (process.env.NODE_ENV !== 'production' && scr.loc.includes('localhost')) {
+    if (process.env.NODE_ENV !== 'production' && fileUrl.includes('localhost')) {
       this.logger.info(
         'encryption: bypassing webex files because this looks to be a test file on localhost'
       );
 
-      return Promise.resolve(scr.loc);
+      return Promise.resolve(fileUrl);
     }
 
     const inputBody = {
-      endpoints: [scr.loc],
+      endpoints: [fileUrl],
     };
-    const endpointUrl = url.parse(scr.loc);
+    const endpointUrl = url.parse(fileUrl);
 
     // hardcode the url to use 'https' and the file service '/v1/download/endpoints' api
     endpointUrl.protocol = 'https';
@@ -137,21 +136,29 @@ const Encryption = WebexPlugin.extend({
             allow: options.params.allow,
           }
         : inputBody,
-    }).then((res) => {
-      // eslint-disable-next-line no-shadow
-      const url = res.body.endpoints[scr.loc];
+    })
+      .then((res) => {
+        // eslint-disable-next-line no-shadow
+        const url = res.body.endpoints[fileUrl];
+
+        if (!url) {
+          this.logger.warn(
+            'encryption: could not determine download url for `fileUrl`; attempting to download `fileUrl` directly'
+          );
 
-      if (!url) {
+          return fileUrl;
+        }
+        this.logger.info('encryption: retrieved download url for encrypted file');
+
+        return url;
+      })
+      .catch((err) => {
         this.logger.warn(
-          'encryption: could not determine download url for `scr.loc`; attempting to download `scr.loc` directly'
+          `encryption: ${err} could not determine download url for ${fileUrl}; attempting to download ${fileUrl} directly`
         );
 
-        return scr.loc;
-      }
-      this.logger.info('encryption: retrieved download url for encrypted file');
-
-      return url;
-    });
+        return fileUrl;
+      });
   },
 
   encryptBinary(file) {

package/src/kms-batcher.js

@@ -5,7 +5,7 @@
 import {safeSetTimeout} from '@webex/common-timers';
 import {Batcher} from '@webex/webex-core';
 
-import {KmsError, KmsTimeoutError} from './kms-errors';
+import {KmsError, KmsTimeoutError, handleKmsKeyRevokedEncryptionFailure} from './kms-errors';
 
 export const TIMEOUT_SYMBOL = Symbol('TIMEOUT_SYMBOL');
 
@@ -133,6 +133,8 @@ const KmsBatcher = Batcher.extend({
    * @returns {Promise}
    */
   handleItemFailure(item, reason) {
+    handleKmsKeyRevokedEncryptionFailure(item, this.webex);
+
     return this.getDeferredForResponse(item).then((defer) => {
       defer.reject(reason || new KmsError(item.body));
     });

package/src/kms-certificate-validation.js

@@ -29,7 +29,7 @@ const VALID_KID_PROTOCOL = 'kms:';
 
 const X509_COMMON_NAME_KEY = '2.5.4.3';
 
-const X509_SUBJECT_ALT_NAME_KEY = '2.5.29.17';
+export const X509_SUBJECT_ALT_NAME_KEY = '2.5.29.17';
 
 /**
  * Customize Error so the SDK knows to quit retrying and notify
@@ -101,7 +101,7 @@ const validateKidHeader = ({kid}) => {
  * @throws {KMSError} if unable to validate certificate against KMS credentials
  * @returns {void}
  */
-const validateCommonName = ([certificate], {kid}) => {
+export const validateCommonName = ([certificate], {kid}) => {
   const kidHostname = parseUrl(kid).hostname;
   let validationSuccessful = false;
 
@@ -112,7 +112,7 @@ const validateCommonName = ([certificate], {kid}) => {
         const {altNames} = extension.parsedValue;
 
         for (const entry of altNames) {
-          const san = entry.value;
+          const san = entry.value.toLowerCase();
 
           validationSuccessful = san === kidHostname;
           if (validationSuccessful) {

package/src/kms-errors.js

@@ -5,6 +5,12 @@
 import {Exception} from '@webex/common';
 import {WebexHttpError} from '@webex/webex-core';
 
+import {
+  KMS_KEY_REVOKE_ERROR_CODES,
+  KMS_KEY_REVOKE_FAILURE,
+  KMS_KEY_REVOKE_ERROR_STATUS,
+} from './constants';
+
 /**
  * Error class for KMS errors
  */
@@ -50,6 +56,14 @@ export class KmsError extends Exception {
       message += `\nKMS_REQUEST_ID: ${body.requestId}`;
     }
 
+    if (body.statusCode) {
+      message += `\nKMS_STATUS_CODE: ${body.statusCode}`;
+    }
+
+    if (body.errorCode) {
+      message += `\nKMS_ErrorCode: ${body.errorCode}`;
+    }
+
     return message;
   }
 }
@@ -137,3 +151,17 @@ export class DryError extends WebexHttpError {
     return message;
   }
 }
+
+/**
+ * Function triggers an event when specific encryption failures are received.
+ */
+
+// eslint-disable-next-line consistent-return
+export const handleKmsKeyRevokedEncryptionFailure = (item, webex) => {
+  if (
+    item.status === KMS_KEY_REVOKE_ERROR_STATUS &&
+    KMS_KEY_REVOKE_ERROR_CODES.includes(item.body.errorCode)
+  ) {
+    webex.internal.encryption.trigger(KMS_KEY_REVOKE_FAILURE);
+  }
+};

package/src/kms.js

@@ -275,14 +275,15 @@ const KMS = WebexPlugin.extend({
    * @param {Object} options
    * @param {UUID} options.assignedOrgId the orgId
    * @param {string} options.customerMasterKey the master key
+   * @param {boolean} options.awsKms enable amazon aws keys
    * @returns {Promise.<UploadCmkResponse>} response of upload CMK api
    */
-  uploadCustomerMasterKey({assignedOrgId, customerMasterKey}) {
+  uploadCustomerMasterKey({assignedOrgId, customerMasterKey, awsKms = false}) {
     this.logger.info('kms: upload customer master key for byok');
 
     return this.request({
       method: 'create',
-      uri: '/cmk',
+      uri: awsKms ? '/awsKmsCmk' : '/cmk',
       assignedOrgId,
       customerMasterKey,
       requestId: uuid.v4(),
@@ -297,14 +298,15 @@ const KMS = WebexPlugin.extend({
    * get all customer master keys for one org.
    * @param {Object} options
    * @param {UUID} options.assignedOrgId the orgId
+   * @param {boolean} options.awsKms enable amazon aws keys
    * @returns {Promise.<ActivateCmkResponse>} response of list CMKs api
    */
-  listAllCustomerMasterKey({assignedOrgId}) {
+  listAllCustomerMasterKey({assignedOrgId, awsKms = false}) {
     this.logger.info('kms: get all customer master keys for byok');
 
     return this.request({
       method: 'retrieve',
-      uri: '/cmk',
+      uri: awsKms ? '/awsKmsCmk' : '/cmk',
       assignedOrgId,
       requestId: uuid.v4(),
     }).then((res) => {
@@ -361,14 +363,15 @@ const KMS = WebexPlugin.extend({
    * this is for test case. it will delete all CMKs, no matter what their status is. This is mainly for test purpose
    * @param {Object} options
    * @param {UUID} options.assignedOrgId the orgId
+   * @param {boolean} options.awsKms enable amazon aws keys
    * @returns {Promise.<{status, requestId}>}
    */
-  deleteAllCustomerMasterKeys({assignedOrgId}) {
+  deleteAllCustomerMasterKeys({assignedOrgId, awsKms = false}) {
     this.logger.info('kms: delete all customer master keys at the same time');
 
     return this.request({
       method: 'delete',
-      uri: '/cmk',
+      uri: awsKms ? '/awsKmsCmk' : '/cmk',
       assignedOrgId,
       requestId: uuid.v4(),
     }).then((res) => {

package/test/integration/spec/encryption.js

@@ -158,7 +158,8 @@ describe('Encryption', function () {
         }));
   });
 
-  describe('#download()', () => {
+  // SPARK-413317
+  describe.skip('#download()', () => {
     it('downloads and decrypts an encrypted file', () =>
       webex.internal.encryption
         .encryptBinary(FILE)

package/test/integration/spec/kms.js

@@ -425,7 +425,6 @@ describe('Encryption', function () {
     describe('upload customer master key', () => {
       let uploadedkeyId;
 
-      /* eslint-disable no-unused-expressions */
       skipInBrowser(it)('upload customer master key', () =>
         webex.internal.encryption.kms
           .deleteAllCustomerMasterKeys({assignedOrgId: spock.orgId})

package/test/unit/spec/encryption.js

@@ -22,18 +22,18 @@ describe('internal-plugin-encryption', () => {
     });
 
     describe('check _fetchDownloadUrl()', () => {
-      const scrArray = [
+      const fileArray = [
         {
-          loc: 'https://files-api-intb1.ciscospark.com/v1/spaces/a0cba376-fc05-4b88-af4b-cfffa7465f9a/contents/1d3931e7-9e31-46bc-8084-d766a8f72c99/versions/5fa9caf87a98410aae49e0173856a974/bytes',
+          url: 'https://files-api-intb1.ciscospark.com/v1/spaces/a0cba376-fc05-4b88-af4b-cfffa7465f9a/contents/1d3931e7-9e31-46bc-8084-d766a8f72c99/versions/5fa9caf87a98410aae49e0173856a974/bytes',
         },
         {
-          loc: 'https://files-api-intb2.ciscospark.com/v1/spaces/a0cba376-fc05-4b88-af4b-cfffa7465f9a/contents/1d3931e7-9e31-46bc-8084-d766a8f72c99/versions/5fa9caf87a98410aae49e0173856a974/bytes',
+          url: 'https://files-api-intb2.ciscospark.com/v1/spaces/a0cba376-fc05-4b88-af4b-cfffa7465f9a/contents/1d3931e7-9e31-46bc-8084-d766a8f72c99/versions/5fa9caf87a98410aae49e0173856a974/bytes',
         },
         {
-          loc: 'https://www.test-api.com/v1/spaces/test-path-name-space/contents/test-path-name-contents/versions/test-version/bytes',
+          url: 'https://www.test-api.com/v1/spaces/test-path-name-space/contents/test-path-name-contents/versions/test-version/bytes',
         },
         {
-          loc: 'http://www.test-api.com/v1/spaces/test-path-name-space/contents/test-path-name-contents/versions/test-version/bytes',
+          url: 'http://www.test-api.com/v1/spaces/test-path-name-space/contents/test-path-name-contents/versions/test-version/bytes',
         },
       ];
       const options = undefined;
@@ -44,7 +44,7 @@ describe('internal-plugin-encryption', () => {
 
         spyStub = sinon.stub(webex.internal.encryption, 'request').callsFake(returnStub);
 
-        scrArray.forEach((scr) => webex.internal.encryption._fetchDownloadUrl(scr, options));
+        fileArray.forEach((file) => webex.internal.encryption._fetchDownloadUrl(file.url, options));
       });
 
       it('verifying file service uris', () => {
@@ -68,10 +68,10 @@ describe('internal-plugin-encryption', () => {
       });
 
       it('verifying endpoints', () => {
-        assert.equal(spyStub.args[0][0].body.endpoints[0], scrArray[0].loc);
-        assert.equal(spyStub.args[1][0].body.endpoints[0], scrArray[1].loc);
-        assert.equal(spyStub.args[2][0].body.endpoints[0], scrArray[2].loc);
-        assert.equal(spyStub.args[3][0].body.endpoints[0], scrArray[3].loc);
+        assert.equal(spyStub.args[0][0].body.endpoints[0], fileArray[0].url);
+        assert.equal(spyStub.args[1][0].body.endpoints[0], fileArray[1].url);
+        assert.equal(spyStub.args[2][0].body.endpoints[0], fileArray[2].url);
+        assert.equal(spyStub.args[3][0].body.endpoints[0], fileArray[3].url);
       });
 
       afterEach(() => {

package/test/unit/spec/kms-certificate-validation.js

@@ -1,6 +1,6 @@
 import {assert} from '@webex/test-helper-chai';
 
-import validateCert, {KMSError} from '../../../src/kms-certificate-validation';
+import validateCert, {KMSError, validateCommonName, X509_SUBJECT_ALT_NAME_KEY} from '../../../src/kms-certificate-validation';
 
 const caroots = [
   'MIID6TCCAtGgAwIBAgIURmBu688C9oUIJXlykr1J3fi5H4kwDQYJKoZIhvcNAQELBQAwgYMxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhDb2xvcmFkbzEPMA0GA1UEBwwGRGVudmVyMRAwDgYDVQQKDAdFeGFtcGxlMR8wHQYDVQQDDBZodHRwczovL2NhLmV4YW1wbGUuY29tMR0wGwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTAeFw0yMDAyMDYyMDIyMDhaFw00MDAyMDEyMDIyMDhaMIGDMQswCQYDVQQGEwJVUzERMA8GA1UECAwIQ29sb3JhZG8xDzANBgNVBAcMBkRlbnZlcjEQMA4GA1UECgwHRXhhbXBsZTEfMB0GA1UEAwwWaHR0cHM6Ly9jYS5leGFtcGxlLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7TaDWldwjU65y4fnNDIuNu4dZi3bZvaN9nJ3A8D9pwFcNx3DL5cPpafAkJuE/2ZBrsZxJWKwXLQFuNE9V3XVslv0OPgEZVfY5AKuPhVezRqEqsCdUgODMkJat6PE02r0NZRFpBiRCThh0wY5u/tiTiPgjHwEPhBEyLgcJ6FOWLn9wBsS4SvBzfppYGL5GW1G0eN9yORnKKgqkgyf0x8FvTMyVSjtkhcI/kA/8061sl4DFG6sefQmAOVvH7tp7YmN+jpQ7cOKQtjOpZS6Gp22u7LEI0/qb5n2QvjjcUQM81mN6CZ8nciWXRgjBhdAJJhmyMvcx8rnVb6vtU26fCaetAgMBAAGjUzBRMB0GA1UdDgQWBBRZiCyKaTYL94gwhxzktYg32qMOYjAfBgNVHSMEGDAWgBRZiCyKaTYL94gwhxzktYg32qMOYjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQATa2QkTGcj8IPjItnvg23ihlRjHdFHn6lB7uYPhcDurwRlBrlC2/OB44P3dHB9tEPbV4unoF9ftEKO3nNY3HUDcPrQwRqkPftlYYr4/6z/jnmNBRgiDICVaiTZNlX54fLiPsSAbIymPWLLLNtq17vjVEcfGUXhi/F+EkN/uXZ4yH6RK0YjBRwPV9cfziz1YsF2WVYVYtQErf+NTjnYR5S4Ba2kEqhI5j7mNhiafPNODaOchHcaRMvfWcBhlHt+atwNyPxNr4NP+cDjAWg0I8xAUdbZGQiRJecjkctolLHsfZXj+ulEv3eaKw7gSo3Aekexw8aZS7soy+VM1fzmLopw',
@@ -163,3 +163,36 @@ describe('internal-plugin-encryption', () => {
     });
   });
 });
+
+describe('validateCommonName', () => {
+
+  const checkValidate = (SAN, kidHostname) => {
+    validateCommonName(
+      [
+        {
+          extensions: [
+            {
+              extnID: X509_SUBJECT_ALT_NAME_KEY,
+              parsedValue: {
+                altNames: [{value: 'Example.com'}],
+              },
+            },
+          ],
+        },
+      ],
+      {kid: 'https://Example.com'}
+    );
+  }
+
+  it('handles mixed case SAN', () => {
+    checkValidate('Example.com', 'https://Example.com');
+  });
+
+  it('handles different case SAN', () => {
+    checkValidate('ExAmpLe.cOm', 'https://example.com');
+  });
+
+  it('handles different case kid hostname', () => {
+    checkValidate('example.com', 'https://ExAmpLe.cOm');
+  });
+});

package/test/unit/spec/kms-errors.js

@@ -0,0 +1,70 @@
+import {assert} from '@webex/test-helper-chai';
+import {handleKmsKeyRevokedEncryptionFailure} from '../../../src/kms-errors'
+import sinon from 'sinon';
+
+describe('handleKmsKeyRevokedEncryptionFailure', () => {
+
+    it('triggers `event:kms:key:revoke:encryption:failure` event when correct error code is detected', () => {
+        const webex = {
+            internal: {
+                encryption: {
+                trigger: sinon.spy()
+              },
+            },
+          }
+
+        const item = {
+            status: 405,
+            body: {
+                errorCode: 405005,
+            }
+        }
+
+        handleKmsKeyRevokedEncryptionFailure(item, webex);
+        
+        assert.calledOnce(webex.internal.encryption.trigger);
+        assert.calledWithExactly(webex.internal.encryption.trigger, `event:kms:key:revoke:encryption:failure`);
+    });
+
+    it('does not trigger `event:kms:key:revoke:encryption:failure` event when correct status but wrong error code is detected', () => {
+        const webex = {
+            internal: {
+                encryption: {
+                trigger: sinon.spy()
+              },
+            },
+          }
+
+        const item = {
+            status: 405,
+            body: {
+                errorCode: 405009,
+            }
+        }
+
+        handleKmsKeyRevokedEncryptionFailure(item, webex);
+         
+        assert.notCalled(webex.internal.encryption.trigger);
+       });
+
+       it('does not trigger `event:kms:key:revoke:encryption:failure` event when wrong status but correct error code is detected', () => {
+        const webex = {
+            internal: {
+                encryption: {
+                trigger: sinon.spy()
+              },
+            },
+          }
+
+        const item = {
+            status: 403,
+            body: {
+                errorCode: 405005,
+            }
+        }
+
+        handleKmsKeyRevokedEncryptionFailure(item, webex);
+         
+        assert.notCalled(webex.internal.encryption.trigger);
+       });
+});

package/test/unit/spec/kms.js

@@ -0,0 +1,103 @@
+/*!
+ * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.
+ */
+/* eslint-disable no-underscore-dangle */
+import Url from 'url';
+
+import {assert} from '@webex/test-helper-chai';
+import MockWebex from '@webex/test-helper-mock-webex';
+import sinon from 'sinon';
+import Encryption from '@webex/internal-plugin-encryption';
+import {KmsError} from '../../../dist/kms-errors';
+
+describe('internal-plugin-encryption', () => {
+  describe('kms', () => {
+    let webex;
+
+    beforeEach(() => {
+      webex = new MockWebex({
+        children: {
+          encryption: Encryption,
+        },
+      });
+    });
+
+    describe('key management', () => {
+      const options = undefined;
+      let spyStub;
+
+      beforeEach(() => {
+        const returnStub = (obj) => Promise.resolve(obj);
+
+        spyStub = sinon.stub(webex.internal.encryption.kms, 'request').callsFake(returnStub);
+      });
+
+      afterEach(() => {
+        spyStub.resetHistory();
+      });
+
+      it('listAllCustomerMasterKey', async () => {
+        await webex.internal.encryption.kms.listAllCustomerMasterKey({
+          assignedOrgId: 'xx-sds-assdf',
+          awsKms: false,
+        });
+
+        await webex.internal.encryption.kms.listAllCustomerMasterKey({
+          assignedOrgId: 'xx-sds-assdf',
+          awsKms: true,
+        });
+
+        assert.equal(spyStub.args[0][0].uri, '/cmk');
+        assert.equal(spyStub.args[1][0].uri, '/awsKmsCmk');
+      });
+
+      it('uploadCustomerMasterKey', async () => {
+        await webex.internal.encryption.kms.uploadCustomerMasterKey({
+          assignedOrgId: 'xx-sds-assdf',
+          awsKms: false,
+        });
+
+        await webex.internal.encryption.kms.uploadCustomerMasterKey({
+          assignedOrgId: 'xx-sds-assdf',
+          awsKms: true,
+        });
+
+        assert.equal(spyStub.args[0][0].uri, '/cmk');
+        assert.equal(spyStub.args[1][0].uri, '/awsKmsCmk');
+      });
+
+      it('deleteAllCustomerMasterKeys', async () => {
+        await webex.internal.encryption.kms.deleteAllCustomerMasterKeys({
+          assignedOrgId: 'xx-sds-assdf',
+          awsKms: false,
+        });
+
+        await webex.internal.encryption.kms.deleteAllCustomerMasterKeys({
+          assignedOrgId: 'xx-sds-assdf',
+          awsKms: true,
+        });
+
+        assert.equal(spyStub.args[0][0].uri, '/cmk');
+        assert.equal(spyStub.args[1][0].uri, '/awsKmsCmk');
+      });
+    });
+
+    describe('KMS error', () => {
+      it('KMSError', async () => {
+        const error = new KmsError({
+          status: 404,
+          errorCode: 30005,
+          reason: 'cannot fetch keys',
+          requestId: '3434343',
+        });
+        assert.equal(
+          error.toString(),
+          'KmsError: cannot fetch keys\n' +
+            'KMS_RESPONSE_STATUS: 404\n' +
+            'KMS_REQUEST_ID: 3434343\n' +
+            'KMS_ErrorCode: 30005'
+        );
+      });
+    });
+  });
+});

package/dist/types/config.d.ts

@@ -1,16 +0,0 @@
-declare namespace _default {
-    namespace encryption {
-        namespace joseOptions {
-            const compact: boolean;
-            const contentAlg: string;
-            const protect: string;
-        }
-        const kmsInitialTimeout: number;
-        const kmsMaxTimeout: number;
-        const ecdhMaxTimeout: number;
-        const batcherWait: number;
-        const batcherMaxCalls: number;
-        const batcherMaxWait: number;
-    }
-}
-export default _default;

package/dist/types/encryption.d.ts

@@ -1,2 +0,0 @@
-export default Encryption;
-declare const Encryption: any;

package/dist/types/ensure-buffer.browser.d.ts

@@ -1,10 +0,0 @@
-/*!
- * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.
- */
-/**
- * Ensures the provider buffer is, indeed, an ArrayBuffer; converts File and
- * Blob objects to ArrayBuffers.
- * @param {mixed} buffer
- * @returns {Promise<ArrayBuffer>}
- */
-export default function ensureBuffer(buffer: mixed): Promise<ArrayBuffer>;

package/dist/types/ensure-buffer.d.ts

@@ -1,7 +0,0 @@
-/**
- * Ensures the provider Buffer is, indeed, a Buffer; sometimes, they seem to be
- * byte-arrays instead of proper Buffer objects.
- * @param {mixed} buffer
- * @returns {Promise<Buffer>}
- */
-export default function ensureBuffer(buffer: mixed): Promise<Buffer>;

package/dist/types/index.d.ts

@@ -1,3 +0,0 @@
-export { default } from "./encryption";
-export { default as KMS } from "./kms";
-export { KmsError, DryError } from "./kms-errors";

package/dist/types/kms-batcher.d.ts

@@ -1,6 +0,0 @@
-export const TIMEOUT_SYMBOL: unique symbol;
-export default KmsBatcher;
-/**
- * @class
- */
-declare const KmsBatcher: any;