@webex/internal-plugin-encryption 3.0.0-bnr.5 → 3.0.0-next.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/.eslintrc.js +6 -0
  2. package/babel.config.js +3 -0
  3. package/dist/config.js +1 -2
  4. package/dist/config.js.map +1 -1
  5. package/dist/constants.js +11 -0
  6. package/dist/constants.js.map +1 -0
  7. package/dist/encryption.js +23 -20
  8. package/dist/encryption.js.map +1 -1
  9. package/dist/ensure-buffer.browser.js.map +1 -1
  10. package/dist/ensure-buffer.js.map +1 -1
  11. package/dist/index.js +5 -7
  12. package/dist/index.js.map +1 -1
  13. package/dist/kms-batcher.js +3 -4
  14. package/dist/kms-batcher.js.map +1 -1
  15. package/dist/kms-certificate-validation.js +8 -10
  16. package/dist/kms-certificate-validation.js.map +1 -1
  17. package/dist/kms-dry-error-interceptor.js +4 -3
  18. package/dist/kms-dry-error-interceptor.js.map +1 -1
  19. package/dist/kms-errors.js +23 -8
  20. package/dist/kms-errors.js.map +1 -1
  21. package/dist/kms.js +25 -14
  22. package/dist/kms.js.map +1 -1
  23. package/jest.config.js +3 -0
  24. package/package.json +32 -16
  25. package/process +1 -0
  26. package/src/constants.js +3 -0
  27. package/src/encryption.js +30 -23
  28. package/src/kms-batcher.js +3 -1
  29. package/src/kms-certificate-validation.js +3 -3
  30. package/src/kms-errors.js +28 -0
  31. package/src/kms.js +9 -6
  32. package/test/integration/spec/encryption.js +2 -1
  33. package/test/integration/spec/kms.js +0 -1
  34. package/test/unit/spec/encryption.js +10 -10
  35. package/test/unit/spec/kms-certificate-validation.js +34 -1
  36. package/test/unit/spec/kms-errors.js +70 -0
  37. package/test/unit/spec/kms.js +103 -0
  38. package/dist/types/config.d.ts +0 -16
  39. package/dist/types/encryption.d.ts +0 -2
  40. package/dist/types/ensure-buffer.browser.d.ts +0 -10
  41. package/dist/types/ensure-buffer.d.ts +0 -7
  42. package/dist/types/index.d.ts +0 -3
  43. package/dist/types/kms-batcher.d.ts +0 -6
  44. package/dist/types/kms-certificate-validation.d.ts +0 -24
  45. package/dist/types/kms-dry-error-interceptor.d.ts +0 -25
  46. package/dist/types/kms-errors.d.ts +0 -33
  47. package/dist/types/kms.d.ts +0 -5
package/.eslintrc.js ADDED
@@ -0,0 +1,6 @@
1
+ const config = {
2
+ root: true,
3
+ extends: ['@webex/eslint-config-legacy'],
4
+ };
5
+
6
+ module.exports = config;
package/babel.config.js ADDED
@@ -0,0 +1,3 @@
1
+ const babelConfigLegacy = require('@webex/babel-config-legacy');
2
+
3
+ module.exports = babelConfigLegacy;
package/dist/config.js CHANGED
@@ -8,7 +8,7 @@ exports.default = void 0;
8
8
  /*!
9
9
  * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.
10
10
  */
11
- var _default = {
11
+ var _default = exports.default = {
12
12
  encryption: {
13
13
  joseOptions: {
14
14
  compact: true,
@@ -48,5 +48,4 @@ var _default = {
48
48
  batcherMaxWait: 150
49
49
  }
50
50
  };
51
- exports.default = _default;
52
51
  //# sourceMappingURL=config.js.map
package/dist/config.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["encryption","joseOptions","compact","contentAlg","protect","kmsInitialTimeout","kmsMaxTimeout","ecdhMaxTimeout","batcherWait","batcherMaxCalls","batcherMaxWait"],"sources":["config.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nexport default {\n encryption: {\n joseOptions: {\n compact: true,\n contentAlg: 'A256GCM',\n protect: '*',\n },\n\n /**\n * Initial timeout before contacting KMS with a new request\n * @type {Number}\n */\n kmsInitialTimeout: 6000,\n\n /**\n * Maximum timeout before negotiating a new ECDH key\n * and contacting KMS with a new request\n * @type {Number}\n */\n kmsMaxTimeout: 32000,\n\n /**\n * Maximum timeout after negotiating several ECDH keys\n * @type {Number}\n */\n ecdhMaxTimeout: 32000 * 3,\n\n /**\n * Debounce wait before sending a kms request\n * @type {Number}\n */\n batcherWait: 50,\n\n /**\n * Maximum queue size before sending a kms request\n * @type {Number}\n */\n batcherMaxCalls: 50,\n\n /**\n * Debounce max wait before sending a kms metric\n * @type {Number}\n */\n batcherMaxWait: 150,\n },\n};\n"],"mappings":";;;;;;;AAAA;AACA;AACA;AAFA,eAIe;EACbA,UAAU,EAAE;IACVC,WAAW,EAAE;MACXC,OAAO,EAAE,IAAI;MACbC,UAAU,EAAE,SAAS;MACrBC,OAAO,EAAE;IACX,CAAC;IAED;AACJ;AACA;AACA;IACIC,iBAAiB,EAAE,IAAI;IAEvB;AACJ;AACA;AACA;AACA;IACIC,aAAa,EAAE,KAAK;IAEpB;AACJ;AACA;AACA;IACIC,cAAc,EAAE,KAAK,GAAG,CAAC;IAEzB;AACJ;AACA;AACA;IACIC,WAAW,EAAE,EAAE;IAEf;AACJ;AACA;AACA;IACIC,eAAe,EAAE,EAAE;IAEnB;AACJ;AACA;AACA;IACIC,cAAc,EAAE;EAClB;AACF,CAAC;AAAA"}
1
+ {"version":3,"names":["_default","exports","default","encryption","joseOptions","compact","contentAlg","protect","kmsInitialTimeout","kmsMaxTimeout","ecdhMaxTimeout","batcherWait","batcherMaxCalls","batcherMaxWait"],"sources":["config.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nexport default {\n encryption: {\n joseOptions: {\n compact: true,\n contentAlg: 'A256GCM',\n protect: '*',\n },\n\n /**\n * Initial timeout before contacting KMS with a new request\n * @type {Number}\n */\n kmsInitialTimeout: 6000,\n\n /**\n * Maximum timeout before negotiating a new ECDH key\n * and contacting KMS with a new request\n * @type {Number}\n */\n kmsMaxTimeout: 32000,\n\n /**\n * Maximum timeout after negotiating several ECDH keys\n * @type {Number}\n */\n ecdhMaxTimeout: 32000 * 3,\n\n /**\n * Debounce wait before sending a kms request\n * @type {Number}\n */\n batcherWait: 50,\n\n /**\n * Maximum queue size before sending a kms request\n * @type {Number}\n */\n batcherMaxCalls: 50,\n\n /**\n * Debounce max wait before sending a kms metric\n * @type {Number}\n */\n batcherMaxWait: 150,\n },\n};\n"],"mappings":";;;;;;;AAAA;AACA;AACA;AAFA,IAAAA,QAAA,GAAAC,OAAA,CAAAC,OAAA,GAIe;EACbC,UAAU,EAAE;IACVC,WAAW,EAAE;MACXC,OAAO,EAAE,IAAI;MACbC,UAAU,EAAE,SAAS;MACrBC,OAAO,EAAE;IACX,CAAC;IAED;AACJ;AACA;AACA;IACIC,iBAAiB,EAAE,IAAI;IAEvB;AACJ;AACA;AACA;AACA;IACIC,aAAa,EAAE,KAAK;IAEpB;AACJ;AACA;AACA;IACIC,cAAc,EAAE,KAAK,GAAG,CAAC;IAEzB;AACJ;AACA;AACA;IACIC,WAAW,EAAE,EAAE;IAEf;AACJ;AACA;AACA;IACIC,eAAe,EAAE,EAAE;IAEnB;AACJ;AACA;AACA;IACIC,cAAc,EAAE;EAClB;AACF,CAAC"}
package/dist/constants.js ADDED
@@ -0,0 +1,11 @@
1
+ "use strict";
2
+
3
+ var _Object$defineProperty = require("@babel/runtime-corejs2/core-js/object/define-property");
4
+ _Object$defineProperty(exports, "__esModule", {
5
+ value: true
6
+ });
7
+ exports.KMS_KEY_REVOKE_FAILURE = exports.KMS_KEY_REVOKE_ERROR_STATUS = exports.KMS_KEY_REVOKE_ERROR_CODES = void 0;
8
+ var KMS_KEY_REVOKE_FAILURE = exports.KMS_KEY_REVOKE_FAILURE = 'event:kms:key:revoke:encryption:failure';
9
+ var KMS_KEY_REVOKE_ERROR_STATUS = exports.KMS_KEY_REVOKE_ERROR_STATUS = 405;
10
+ var KMS_KEY_REVOKE_ERROR_CODES = exports.KMS_KEY_REVOKE_ERROR_CODES = [405005, 405006];
11
+ //# sourceMappingURL=constants.js.map
package/dist/constants.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"names":["KMS_KEY_REVOKE_FAILURE","exports","KMS_KEY_REVOKE_ERROR_STATUS","KMS_KEY_REVOKE_ERROR_CODES"],"sources":["constants.js"],"sourcesContent":["export const KMS_KEY_REVOKE_FAILURE = 'event:kms:key:revoke:encryption:failure';\nexport const KMS_KEY_REVOKE_ERROR_STATUS = 405;\nexport const KMS_KEY_REVOKE_ERROR_CODES = [405005, 405006];\n"],"mappings":";;;;;;;AAAO,IAAMA,sBAAsB,GAAAC,OAAA,CAAAD,sBAAA,GAAG,yCAAyC;AACxE,IAAME,2BAA2B,GAAAD,OAAA,CAAAC,2BAAA,GAAG,GAAG;AACvC,IAAMC,0BAA0B,GAAAF,OAAA,CAAAE,0BAAA,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC"}
package/dist/encryption.js CHANGED
@@ -22,8 +22,10 @@ var _nodeJose = _interopRequireDefault(require("node-jose"));
22
22
  var _nodeScr = _interopRequireDefault(require("node-scr"));
23
23
  var _ensureBuffer = _interopRequireDefault(require("./ensure-buffer"));
24
24
  var _kms = _interopRequireDefault(require("./kms"));
25
- function ownKeys(object, enumerableOnly) { var keys = _Object$keys(object); if (_Object$getOwnPropertySymbols) { var symbols = _Object$getOwnPropertySymbols(object); enumerableOnly && (symbols = symbols.filter(function (sym) { return _Object$getOwnPropertyDescriptor(object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
26
- function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? ownKeys(Object(source), !0).forEach(function (key) { (0, _defineProperty2.default)(target, key, source[key]); }) : _Object$getOwnPropertyDescriptors ? _Object$defineProperties(target, _Object$getOwnPropertyDescriptors(source)) : ownKeys(Object(source)).forEach(function (key) { _Object$defineProperty(target, key, _Object$getOwnPropertyDescriptor(source, key)); }); } return target; }
25
+ function ownKeys(e, r) { var t = _Object$keys(e); if (_Object$getOwnPropertySymbols) { var o = _Object$getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return _Object$getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
26
+ function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { (0, _defineProperty2.default)(e, r, t[r]); }) : _Object$getOwnPropertyDescriptors ? _Object$defineProperties(e, _Object$getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { _Object$defineProperty(e, r, _Object$getOwnPropertyDescriptor(t, r)); }); } return e; } /*!
27
+ * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.
28
+ */
27
29
  var Encryption = _webexCore.WebexPlugin.extend({
28
30
  children: {
29
31
  kms: _kms.default
@@ -73,19 +75,19 @@ var Encryption = _webexCore.WebexPlugin.extend({
73
75
  },
74
76
  /**
75
77
  * Validate and initiate a Download request for requested file
76
- *
78
+ * @param {Object} fileUrl - Plaintext
77
79
  * @param {Object} scr - Plaintext
78
80
  * @param {Object} options - optional parameters to download a file
79
81
  * @returns {promise}
80
82
  */
81
- download: function download(scr, options) {
83
+ download: function download(fileUrl, scr, options) {
82
84
  var _this = this;
83
85
  /* istanbul ignore if */
84
- if (!scr.loc) {
85
- return _promise.default.reject(new Error('`scr.loc` is required'));
86
+ if (!fileUrl || !scr) {
87
+ return _promise.default.reject(new Error('`scr` and `fileUrl` are required'));
86
88
  }
87
89
  var shunt = new _events.EventEmitter();
88
- var promise = this._fetchDownloadUrl(scr, options).then(function (uri) {
90
+ var promise = this._fetchDownloadUrl(fileUrl, options).then(function (uri) {
89
91
  // eslint-disable-next-line no-shadow
90
92
  var options = {
91
93
  method: 'GET',
@@ -103,22 +105,21 @@ var Encryption = _webexCore.WebexPlugin.extend({
103
105
  },
104
106
  /**
105
107
  * Fetch Download URL for the requested file
106
- *
107
- * @param {Object} scr - Plaintext
108
+ * @param {Object} fileUrl - Plaintext
108
109
  * @param {Object} options - optional parameters to download a file
109
110
  * @returns {promise} url of the downloadable file
110
111
  */
111
- _fetchDownloadUrl: function _fetchDownloadUrl(scr, options) {
112
+ _fetchDownloadUrl: function _fetchDownloadUrl(fileUrl, options) {
112
113
  var _this2 = this;
113
114
  this.logger.info('encryption: retrieving download url for encrypted file');
114
- if (process.env.NODE_ENV !== 'production' && scr.loc.includes('localhost')) {
115
+ if (process.env.NODE_ENV !== 'production' && fileUrl.includes('localhost')) {
115
116
  this.logger.info('encryption: bypassing webex files because this looks to be a test file on localhost');
116
- return _promise.default.resolve(scr.loc);
117
+ return _promise.default.resolve(fileUrl);
117
118
  }
118
119
  var inputBody = {
119
- endpoints: [scr.loc]
120
+ endpoints: [fileUrl]
120
121
  };
121
- var endpointUrl = _url.default.parse(scr.loc);
122
+ var endpointUrl = _url.default.parse(fileUrl);
122
123
 
123
124
  // hardcode the url to use 'https' and the file service '/v1/download/endpoints' api
124
125
  endpointUrl.protocol = 'https';
@@ -131,13 +132,16 @@ var Encryption = _webexCore.WebexPlugin.extend({
131
132
  }) : inputBody
132
133
  }).then(function (res) {
133
134
  // eslint-disable-next-line no-shadow
134
- var url = res.body.endpoints[scr.loc];
135
+ var url = res.body.endpoints[fileUrl];
135
136
  if (!url) {
136
- _this2.logger.warn('encryption: could not determine download url for `scr.loc`; attempting to download `scr.loc` directly');
137
- return scr.loc;
137
+ _this2.logger.warn('encryption: could not determine download url for `fileUrl`; attempting to download `fileUrl` directly');
138
+ return fileUrl;
138
139
  }
139
140
  _this2.logger.info('encryption: retrieved download url for encrypted file');
140
141
  return url;
142
+ }).catch(function (err) {
143
+ _this2.logger.warn("encryption: ".concat(err, " could not determine download url for ").concat(fileUrl, "; attempting to download ").concat(fileUrl, " directly"));
144
+ return fileUrl;
141
145
  });
142
146
  },
143
147
  encryptBinary: function encryptBinary(file) {
@@ -225,7 +229,7 @@ var Encryption = _webexCore.WebexPlugin.extend({
225
229
  }));
226
230
  });
227
231
  },
228
- version: "3.0.0-bnr.5"
232
+ version: "3.0.0-next.10"
229
233
  });
230
234
 
231
235
  /**
@@ -243,6 +247,5 @@ function replacer(k, v) {
243
247
  }
244
248
  return v;
245
249
  }
246
- var _default = Encryption;
247
- exports.default = _default;
250
+ var _default = exports.default = Encryption;
248
251
  //# sourceMappingURL=encryption.js.map
package/dist/encryption.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["Encryption","WebexPlugin","extend","children","kms","KMS","namespace","processKmsMessageEvent","event","decryptBinary","scr","buffer","ensureBuffer","then","b","length","byteLength","reject","Error","decrypt","decryptScr","key","cipherScr","options","getKey","k","SCR","fromJWE","jwk","decryptText","ciphertext","jose","JWE","createDecrypt","result","plaintext","toString","download","loc","shunt","EventEmitter","promise","_fetchDownloadUrl","uri","method","responseType","ret","request","transferEvents","res","body","proxyEvents","logger","info","process","env","NODE_ENV","includes","resolve","inputBody","endpoints","endpointUrl","url","parse","protocol","pathname","format","allow","params","warn","encryptBinary","file","create","encrypt","cdata","encryptScr","toJWE","encryptText","createEncrypt","config","joseOptions","header","alg","reference","final","onBehalfOf","asKey","storageKey","unboundedStorage","get","keyString","JSON","keyObject","catch","fetchKey","tap","put","replacer","v","json","toJSON"],"sources":["encryption.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {EventEmitter} from 'events';\nimport url from 'url';\n\nimport {WebexPlugin} from '@webex/webex-core';\nimport {proxyEvents, tap, transferEvents} from '@webex/common';\nimport jose from 'node-jose';\nimport SCR from 'node-scr';\n\nimport ensureBuffer from './ensure-buffer';\nimport KMS from './kms';\n\nconst Encryption = WebexPlugin.extend({\n children: {\n kms: KMS,\n },\n\n namespace: 'Encryption',\n\n processKmsMessageEvent(event) {\n return this.kms.processKmsMessageEvent(event);\n },\n\n decryptBinary(scr, buffer) {\n return ensureBuffer(buffer).then((b) => {\n /* istanbul ignore if */\n if (buffer.length === 0 || buffer.byteLength === 0) {\n return Promise.reject(new Error('Attempted to decrypt zero-length buffer'));\n }\n\n return scr.decrypt(b);\n });\n },\n\n /**\n * Decrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} cipherScr - An encrypted SCR\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {Object} Decrypted SCR\n */\n decryptScr(key, cipherScr, options) {\n return this.getKey(key, options).then((k) => SCR.fromJWE(k.jwk, cipherScr));\n },\n\n /**\n * Decrypt text using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} ciphertext - Encrypted text\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Decrypted plaintext\n */\n decryptText(key, ciphertext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createDecrypt(k.jwk)\n .decrypt(ciphertext)\n .then((result) => result.plaintext.toString())\n );\n },\n\n /**\n * Validate and initiate a Download request for requested file\n *\n * @param {Object} scr - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise}\n */\n download(scr, options) {\n /* istanbul ignore if */\n if (!scr.loc) {\n return Promise.reject(new Error('`scr.loc` is required'));\n }\n\n const shunt = new EventEmitter();\n const promise = this._fetchDownloadUrl(scr, options)\n .then((uri) => {\n // eslint-disable-next-line no-shadow\n const options = {\n method: 'GET',\n uri,\n responseType: 'buffer',\n };\n\n const ret = this.request(options);\n\n transferEvents('progress', options.download, shunt);\n\n return ret;\n })\n .then((res) => this.decryptBinary(scr, res.body));\n\n proxyEvents(shunt, promise);\n\n return promise;\n },\n\n /**\n * Fetch Download URL for the requested file\n *\n * @param {Object} scr - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise} url of the downloadable file\n */\n _fetchDownloadUrl(scr, options) {\n this.logger.info('encryption: retrieving download url for encrypted file');\n\n if (process.env.NODE_ENV !== 'production' && scr.loc.includes('localhost')) {\n this.logger.info(\n 'encryption: bypassing webex files because this looks to be a test file on localhost'\n );\n\n return Promise.resolve(scr.loc);\n }\n\n const inputBody = {\n endpoints: [scr.loc],\n };\n const endpointUrl = url.parse(scr.loc);\n\n // hardcode the url to use 'https' and the file service '/v1/download/endpoints' api\n endpointUrl.protocol = 'https';\n endpointUrl.pathname = '/v1/download/endpoints';\n\n return this.request({\n method: 'POST',\n uri: url.format(endpointUrl),\n body: options\n ? {\n ...inputBody,\n allow: options.params.allow,\n }\n : inputBody,\n }).then((res) => {\n // eslint-disable-next-line no-shadow\n const url = res.body.endpoints[scr.loc];\n\n if (!url) {\n this.logger.warn(\n 'encryption: could not determine download url for `scr.loc`; attempting to download `scr.loc` directly'\n );\n\n return scr.loc;\n }\n this.logger.info('encryption: retrieved download url for encrypted file');\n\n return url;\n });\n },\n\n encryptBinary(file) {\n return ensureBuffer(file).then((buffer) =>\n SCR.create().then((scr) =>\n scr\n .encrypt(buffer)\n .then(ensureBuffer)\n // eslint-disable-next-line max-nested-callbacks\n .then((cdata) => ({scr, cdata}))\n )\n );\n },\n\n /**\n * Encrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} scr - Plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted SCR\n */\n encryptScr(key, scr, options) {\n /* istanbul ignore if */\n if (!scr.loc) {\n return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));\n }\n\n return this.getKey(key, options).then((k) => scr.toJWE(k.jwk));\n },\n\n /**\n * Encrypt plaintext using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted text\n */\n encryptText(key, plaintext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createEncrypt(this.config.joseOptions, {\n key: k.jwk,\n header: {\n alg: 'dir',\n },\n reference: null,\n }).final(plaintext, 'utf8')\n );\n },\n\n /**\n * Fetch the key associated with the supplied KMS uri.\n *\n * @param {string} uri - The uri of a key stored in KMS\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Key\n */\n getKey(uri, {onBehalfOf} = {}) {\n if (uri.jwk) {\n return this.kms.asKey(uri);\n }\n\n let storageKey = uri;\n\n if (onBehalfOf) {\n storageKey += `/onBehalfOf/${onBehalfOf}`;\n }\n\n return this.unboundedStorage\n .get(storageKey)\n .then((keyString) => JSON.parse(keyString))\n .then((keyObject) => this.kms.asKey(keyObject))\n .catch(() =>\n this.kms\n .fetchKey({uri, onBehalfOf})\n .then(tap((key) => this.unboundedStorage.put(storageKey, JSON.stringify(key, replacer))))\n );\n },\n});\n\n/**\n * JSON.stringify replacer that ensures private key data is serialized.\n * @param {string} k\n * @param {mixed} v\n * @returns {mixed}\n */\nfunction replacer(k, v) {\n if (k === 'jwk') {\n // note: this[k] and v may be different representations of the same value\n // eslint-disable-next-line no-invalid-this\n const json = this[k].toJSON(true);\n\n return json;\n }\n\n return v;\n}\n\nexport default Encryption;\n"],"mappings":";;;;;;;;;;;;;;;;AAIA;AACA;AAEA;AACA;AACA;AACA;AAEA;AACA;AAAwB;AAAA;AAExB,IAAMA,UAAU,GAAGC,sBAAW,CAACC,MAAM,CAAC;EACpCC,QAAQ,EAAE;IACRC,GAAG,EAAEC;EACP,CAAC;EAEDC,SAAS,EAAE,YAAY;EAEvBC,sBAAsB,kCAACC,KAAK,EAAE;IAC5B,OAAO,IAAI,CAACJ,GAAG,CAACG,sBAAsB,CAACC,KAAK,CAAC;EAC/C,CAAC;EAEDC,aAAa,yBAACC,GAAG,EAAEC,MAAM,EAAE;IACzB,OAAO,IAAAC,qBAAY,EAACD,MAAM,CAAC,CAACE,IAAI,CAAC,UAACC,CAAC,EAAK;MACtC;MACA,IAAIH,MAAM,CAACI,MAAM,KAAK,CAAC,IAAIJ,MAAM,CAACK,UAAU,KAAK,CAAC,EAAE;QAClD,OAAO,iBAAQC,MAAM,CAAC,IAAIC,KAAK,CAAC,yCAAyC,CAAC,CAAC;MAC7E;MAEA,OAAOR,GAAG,CAACS,OAAO,CAACL,CAAC,CAAC;IACvB,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEM,UAAU,sBAACC,GAAG,EAAEC,SAAS,EAAEC,OAAO,EAAE;IAClC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKC,gBAAG,CAACC,OAAO,CAACF,CAAC,CAACG,GAAG,EAAEN,SAAS,CAAC;IAAA,EAAC;EAC7E,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEO,WAAW,uBAACR,GAAG,EAAES,UAAU,EAAEP,OAAO,EAAE;IACpC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAACC,aAAa,CAACR,CAAC,CAACG,GAAG,CAAC,CAC1BT,OAAO,CAACW,UAAU,CAAC,CACnBjB,IAAI,CAAC,UAACqB,MAAM;QAAA,OAAKA,MAAM,CAACC,SAAS,CAACC,QAAQ,EAAE;MAAA,EAAC;IAAA,EACjD;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,QAAQ,oBAAC3B,GAAG,EAAEa,OAAO,EAAE;IAAA;IACrB;IACA,IAAI,CAACb,GAAG,CAAC4B,GAAG,EAAE;MACZ,OAAO,iBAAQrB,MAAM,CAAC,IAAIC,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3D;IAEA,IAAMqB,KAAK,GAAG,IAAIC,oBAAY,EAAE;IAChC,IAAMC,OAAO,GAAG,IAAI,CAACC,iBAAiB,CAAChC,GAAG,EAAEa,OAAO,CAAC,CACjDV,IAAI,CAAC,UAAC8B,GAAG,EAAK;MACb;MACA,IAAMpB,OAAO,GAAG;QACdqB,MAAM,EAAE,KAAK;QACbD,GAAG,EAAHA,GAAG;QACHE,YAAY,EAAE;MAChB,CAAC;MAED,IAAMC,GAAG,GAAG,KAAI,CAACC,OAAO,CAACxB,OAAO,CAAC;MAEjC,IAAAyB,sBAAc,EAAC,UAAU,EAAEzB,OAAO,CAACc,QAAQ,EAAEE,KAAK,CAAC;MAEnD,OAAOO,GAAG;IACZ,CAAC,CAAC,CACDjC,IAAI,CAAC,UAACoC,GAAG;MAAA,OAAK,KAAI,CAACxC,aAAa,CAACC,GAAG,EAAEuC,GAAG,CAACC,IAAI,CAAC;IAAA,EAAC;IAEnD,IAAAC,mBAAW,EAACZ,KAAK,EAAEE,OAAO,CAAC;IAE3B,OAAOA,OAAO;EAChB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,iBAAiB,6BAAChC,GAAG,EAAEa,OAAO,EAAE;IAAA;IAC9B,IAAI,CAAC6B,MAAM,CAACC,IAAI,CAAC,wDAAwD,CAAC;IAE1E,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,IAAI9C,GAAG,CAAC4B,GAAG,CAACmB,QAAQ,CAAC,WAAW,CAAC,EAAE;MAC1E,IAAI,CAACL,MAAM,CAACC,IAAI,CACd,qFAAqF,CACtF;MAED,OAAO,iBAAQK,OAAO,CAAChD,GAAG,CAAC4B,GAAG,CAAC;IACjC;IAEA,IAAMqB,SAAS,GAAG;MAChBC,SAAS,EAAE,CAAClD,GAAG,CAAC4B,GAAG;IACrB,CAAC;IACD,IAAMuB,WAAW,GAAGC,YAAG,CAACC,KAAK,CAACrD,GAAG,CAAC4B,GAAG,CAAC;;IAEtC;IACAuB,WAAW,CAACG,QAAQ,GAAG,OAAO;IAC9BH,WAAW,CAACI,QAAQ,GAAG,wBAAwB;IAE/C,OAAO,IAAI,CAAClB,OAAO,CAAC;MAClBH,MAAM,EAAE,MAAM;MACdD,GAAG,EAAEmB,YAAG,CAACI,MAAM,CAACL,WAAW,CAAC;MAC5BX,IAAI,EAAE3B,OAAO,mCAEJoC,SAAS;QACZQ,KAAK,EAAE5C,OAAO,CAAC6C,MAAM,CAACD;MAAK,KAE7BR;IACN,CAAC,CAAC,CAAC9C,IAAI,CAAC,UAACoC,GAAG,EAAK;MACf;MACA,IAAMa,GAAG,GAAGb,GAAG,CAACC,IAAI,CAACU,SAAS,CAAClD,GAAG,CAAC4B,GAAG,CAAC;MAEvC,IAAI,CAACwB,GAAG,EAAE;QACR,MAAI,CAACV,MAAM,CAACiB,IAAI,CACd,uGAAuG,CACxG;QAED,OAAO3D,GAAG,CAAC4B,GAAG;MAChB;MACA,MAAI,CAACc,MAAM,CAACC,IAAI,CAAC,uDAAuD,CAAC;MAEzE,OAAOS,GAAG;IACZ,CAAC,CAAC;EACJ,CAAC;EAEDQ,aAAa,yBAACC,IAAI,EAAE;IAClB,OAAO,IAAA3D,qBAAY,EAAC2D,IAAI,CAAC,CAAC1D,IAAI,CAAC,UAACF,MAAM;MAAA,OACpCe,gBAAG,CAAC8C,MAAM,EAAE,CAAC3D,IAAI,CAAC,UAACH,GAAG;QAAA,OACpBA,GAAG,CACA+D,OAAO,CAAC9D,MAAM,CAAC,CACfE,IAAI,CAACD,qBAAY;QAClB;QAAA,CACCC,IAAI,CAAC,UAAC6D,KAAK;UAAA,OAAM;YAAChE,GAAG,EAAHA,GAAG;YAAEgE,KAAK,EAALA;UAAK,CAAC;QAAA,CAAC,CAAC;MAAA,EACnC;IAAA,EACF;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,UAAU,sBAACtD,GAAG,EAAEX,GAAG,EAAEa,OAAO,EAAE;IAC5B;IACA,IAAI,CAACb,GAAG,CAAC4B,GAAG,EAAE;MACZ,OAAO,iBAAQrB,MAAM,CAAC,IAAIC,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtF;IAEA,OAAO,IAAI,CAACM,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKf,GAAG,CAACkE,KAAK,CAACnD,CAAC,CAACG,GAAG,CAAC;IAAA,EAAC;EAChE,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEiD,WAAW,uBAACxD,GAAG,EAAEc,SAAS,EAAEZ,OAAO,EAAE;IAAA;IACnC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAAC8C,aAAa,CAAC,MAAI,CAACC,MAAM,CAACC,WAAW,EAAE;QAC9C3D,GAAG,EAAEI,CAAC,CAACG,GAAG;QACVqD,MAAM,EAAE;UACNC,GAAG,EAAE;QACP,CAAC;QACDC,SAAS,EAAE;MACb,CAAC,CAAC,CAACC,KAAK,CAACjD,SAAS,EAAE,MAAM,CAAC;IAAA,EAC5B;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEX,MAAM,kBAACmB,GAAG,EAAqB;IAAA;IAAA,+EAAJ,CAAC,CAAC;MAAhB0C,UAAU,QAAVA,UAAU;IACrB,IAAI1C,GAAG,CAACf,GAAG,EAAE;MACX,OAAO,IAAI,CAACxB,GAAG,CAACkF,KAAK,CAAC3C,GAAG,CAAC;IAC5B;IAEA,IAAI4C,UAAU,GAAG5C,GAAG;IAEpB,IAAI0C,UAAU,EAAE;MACdE,UAAU,0BAAmBF,UAAU,CAAE;IAC3C;IAEA,OAAO,IAAI,CAACG,gBAAgB,CACzBC,GAAG,CAACF,UAAU,CAAC,CACf1E,IAAI,CAAC,UAAC6E,SAAS;MAAA,OAAKC,IAAI,CAAC5B,KAAK,CAAC2B,SAAS,CAAC;IAAA,EAAC,CAC1C7E,IAAI,CAAC,UAAC+E,SAAS;MAAA,OAAK,MAAI,CAACxF,GAAG,CAACkF,KAAK,CAACM,SAAS,CAAC;IAAA,EAAC,CAC9CC,KAAK,CAAC;MAAA,OACL,MAAI,CAACzF,GAAG,CACL0F,QAAQ,CAAC;QAACnD,GAAG,EAAHA,GAAG;QAAE0C,UAAU,EAAVA;MAAU,CAAC,CAAC,CAC3BxE,IAAI,CAAC,IAAAkF,WAAG,EAAC,UAAC1E,GAAG;QAAA,OAAK,MAAI,CAACmE,gBAAgB,CAACQ,GAAG,CAACT,UAAU,EAAE,wBAAelE,GAAG,EAAE4E,QAAQ,CAAC,CAAC;MAAA,EAAC,CAAC;IAAA,EAC5F;EACL,CAAC;EAAA;AACH,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA,SAASA,QAAQ,CAACxE,CAAC,EAAEyE,CAAC,EAAE;EACtB,IAAIzE,CAAC,KAAK,KAAK,EAAE;IACf;IACA;IACA,IAAM0E,IAAI,GAAG,IAAI,CAAC1E,CAAC,CAAC,CAAC2E,MAAM,CAAC,IAAI,CAAC;IAEjC,OAAOD,IAAI;EACb;EAEA,OAAOD,CAAC;AACV;AAAC,eAEclG,UAAU;AAAA"}
1
+ {"version":3,"names":["_events","require","_url","_interopRequireDefault","_webexCore","_common","_nodeJose","_nodeScr","_ensureBuffer","_kms","ownKeys","e","r","t","_Object$keys","_Object$getOwnPropertySymbols","o","filter","_Object$getOwnPropertyDescriptor","enumerable","push","apply","_objectSpread","arguments","length","Object","forEach","_defineProperty2","default","_Object$getOwnPropertyDescriptors","_Object$defineProperties","_Object$defineProperty","Encryption","WebexPlugin","extend","children","kms","KMS","namespace","processKmsMessageEvent","event","decryptBinary","scr","buffer","ensureBuffer","then","b","byteLength","_promise","reject","Error","decrypt","decryptScr","key","cipherScr","options","getKey","k","SCR","fromJWE","jwk","decryptText","ciphertext","jose","JWE","createDecrypt","result","plaintext","toString","download","fileUrl","_this","shunt","EventEmitter","promise","_fetchDownloadUrl","uri","method","responseType","ret","request","transferEvents","res","body","proxyEvents","_this2","logger","info","process","env","NODE_ENV","includes","resolve","inputBody","endpoints","endpointUrl","url","parse","protocol","pathname","format","allow","params","warn","catch","err","concat","encryptBinary","file","create","encrypt","cdata","encryptScr","loc","toJWE","encryptText","_this3","createEncrypt","config","joseOptions","header","alg","reference","final","_this4","_ref","undefined","onBehalfOf","asKey","storageKey","unboundedStorage","get","keyString","JSON","keyObject","fetchKey","tap","put","_stringify","replacer","version","v","json","toJSON","_default","exports"],"sources":["encryption.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {EventEmitter} from 'events';\nimport url from 'url';\n\nimport {WebexPlugin} from '@webex/webex-core';\nimport {proxyEvents, tap, transferEvents} from '@webex/common';\nimport jose from 'node-jose';\nimport SCR from 'node-scr';\n\nimport ensureBuffer from './ensure-buffer';\nimport KMS from './kms';\n\nconst Encryption = WebexPlugin.extend({\n children: {\n kms: KMS,\n },\n\n namespace: 'Encryption',\n\n processKmsMessageEvent(event) {\n return this.kms.processKmsMessageEvent(event);\n },\n\n decryptBinary(scr, buffer) {\n return ensureBuffer(buffer).then((b) => {\n /* istanbul ignore if */\n if (buffer.length === 0 || buffer.byteLength === 0) {\n return Promise.reject(new Error('Attempted to decrypt zero-length buffer'));\n }\n\n return scr.decrypt(b);\n });\n },\n\n /**\n * Decrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} cipherScr - An encrypted SCR\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {Object} Decrypted SCR\n */\n decryptScr(key, cipherScr, options) {\n return this.getKey(key, options).then((k) => SCR.fromJWE(k.jwk, cipherScr));\n },\n\n /**\n * Decrypt text using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} ciphertext - Encrypted text\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Decrypted plaintext\n */\n decryptText(key, ciphertext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createDecrypt(k.jwk)\n .decrypt(ciphertext)\n .then((result) => result.plaintext.toString())\n );\n },\n\n /**\n * Validate and initiate a Download request for requested file\n * @param {Object} fileUrl - Plaintext\n * @param {Object} scr - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise}\n */\n download(fileUrl, scr, options) {\n /* istanbul ignore if */\n if (!fileUrl || !scr) {\n return Promise.reject(new Error('`scr` and `fileUrl` are required'));\n }\n\n const shunt = new EventEmitter();\n const promise = this._fetchDownloadUrl(fileUrl, options)\n .then((uri) => {\n // eslint-disable-next-line no-shadow\n const options = {\n method: 'GET',\n uri,\n responseType: 'buffer',\n };\n\n const ret = this.request(options);\n\n transferEvents('progress', options.download, shunt);\n\n return ret;\n })\n .then((res) => this.decryptBinary(scr, res.body));\n\n proxyEvents(shunt, promise);\n\n return promise;\n },\n\n /**\n * Fetch Download URL for the requested file\n * @param {Object} fileUrl - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise} url of the downloadable file\n */\n _fetchDownloadUrl(fileUrl, options) {\n this.logger.info('encryption: retrieving download url for encrypted file');\n\n if (process.env.NODE_ENV !== 'production' && fileUrl.includes('localhost')) {\n this.logger.info(\n 'encryption: bypassing webex files because this looks to be a test file on localhost'\n );\n\n return Promise.resolve(fileUrl);\n }\n\n const inputBody = {\n endpoints: [fileUrl],\n };\n const endpointUrl = url.parse(fileUrl);\n\n // hardcode the url to use 'https' and the file service '/v1/download/endpoints' api\n endpointUrl.protocol = 'https';\n endpointUrl.pathname = '/v1/download/endpoints';\n\n return this.request({\n method: 'POST',\n uri: url.format(endpointUrl),\n body: options\n ? {\n ...inputBody,\n allow: options.params.allow,\n }\n : inputBody,\n })\n .then((res) => {\n // eslint-disable-next-line no-shadow\n const url = res.body.endpoints[fileUrl];\n\n if (!url) {\n this.logger.warn(\n 'encryption: could not determine download url for `fileUrl`; attempting to download `fileUrl` directly'\n );\n\n return fileUrl;\n }\n this.logger.info('encryption: retrieved download url for encrypted file');\n\n return url;\n })\n .catch((err) => {\n this.logger.warn(\n `encryption: ${err} could not determine download url for ${fileUrl}; attempting to download ${fileUrl} directly`\n );\n\n return fileUrl;\n });\n },\n\n encryptBinary(file) {\n return ensureBuffer(file).then((buffer) =>\n SCR.create().then((scr) =>\n scr\n .encrypt(buffer)\n .then(ensureBuffer)\n // eslint-disable-next-line max-nested-callbacks\n .then((cdata) => ({scr, cdata}))\n )\n );\n },\n\n /**\n * Encrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} scr - Plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted SCR\n */\n encryptScr(key, scr, options) {\n /* istanbul ignore if */\n if (!scr.loc) {\n return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));\n }\n\n return this.getKey(key, options).then((k) => scr.toJWE(k.jwk));\n },\n\n /**\n * Encrypt plaintext using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted text\n */\n encryptText(key, plaintext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createEncrypt(this.config.joseOptions, {\n key: k.jwk,\n header: {\n alg: 'dir',\n },\n reference: null,\n }).final(plaintext, 'utf8')\n );\n },\n\n /**\n * Fetch the key associated with the supplied KMS uri.\n *\n * @param {string} uri - The uri of a key stored in KMS\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Key\n */\n getKey(uri, {onBehalfOf} = {}) {\n if (uri.jwk) {\n return this.kms.asKey(uri);\n }\n\n let storageKey = uri;\n\n if (onBehalfOf) {\n storageKey += `/onBehalfOf/${onBehalfOf}`;\n }\n\n return this.unboundedStorage\n .get(storageKey)\n .then((keyString) => JSON.parse(keyString))\n .then((keyObject) => this.kms.asKey(keyObject))\n .catch(() =>\n this.kms\n .fetchKey({uri, onBehalfOf})\n .then(tap((key) => this.unboundedStorage.put(storageKey, JSON.stringify(key, replacer))))\n );\n },\n});\n\n/**\n * JSON.stringify replacer that ensures private key data is serialized.\n * @param {string} k\n * @param {mixed} v\n * @returns {mixed}\n */\nfunction replacer(k, v) {\n if (k === 'jwk') {\n // note: this[k] and v may be different representations of the same value\n // eslint-disable-next-line no-invalid-this\n const json = this[k].toJSON(true);\n\n return json;\n }\n\n return v;\n}\n\nexport default Encryption;\n"],"mappings":";;;;;;;;;;;;;;;;AAIA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAC,sBAAA,CAAAF,OAAA;AAEA,IAAAG,UAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,SAAA,GAAAH,sBAAA,CAAAF,OAAA;AACA,IAAAM,QAAA,GAAAJ,sBAAA,CAAAF,OAAA;AAEA,IAAAO,aAAA,GAAAL,sBAAA,CAAAF,OAAA;AACA,IAAAQ,IAAA,GAAAN,sBAAA,CAAAF,OAAA;AAAwB,SAAAS,QAAAC,CAAA,EAAAC,CAAA,QAAAC,CAAA,GAAAC,YAAA,CAAAH,CAAA,OAAAI,6BAAA,QAAAC,CAAA,GAAAD,6BAAA,CAAAJ,CAAA,GAAAC,CAAA,KAAAI,CAAA,GAAAA,CAAA,CAAAC,MAAA,WAAAL,CAAA,WAAAM,gCAAA,CAAAP,CAAA,EAAAC,CAAA,EAAAO,UAAA,OAAAN,CAAA,CAAAO,IAAA,CAAAC,KAAA,CAAAR,CAAA,EAAAG,CAAA,YAAAH,CAAA;AAAA,SAAAS,cAAAX,CAAA,aAAAC,CAAA,MAAAA,CAAA,GAAAW,SAAA,CAAAC,MAAA,EAAAZ,CAAA,UAAAC,CAAA,WAAAU,SAAA,CAAAX,CAAA,IAAAW,SAAA,CAAAX,CAAA,QAAAA,CAAA,OAAAF,OAAA,CAAAe,MAAA,CAAAZ,CAAA,OAAAa,OAAA,WAAAd,CAAA,QAAAe,gBAAA,CAAAC,OAAA,EAAAjB,CAAA,EAAAC,CAAA,EAAAC,CAAA,CAAAD,CAAA,SAAAiB,iCAAA,GAAAC,wBAAA,CAAAnB,CAAA,EAAAkB,iCAAA,CAAAhB,CAAA,KAAAH,OAAA,CAAAe,MAAA,CAAAZ,CAAA,GAAAa,OAAA,WAAAd,CAAA,IAAAmB,sBAAA,CAAApB,CAAA,EAAAC,CAAA,EAAAM,gCAAA,CAAAL,CAAA,EAAAD,CAAA,iBAAAD,CAAA,IAbxB;AACA;AACA;AAaA,IAAMqB,UAAU,GAAGC,sBAAW,CAACC,MAAM,CAAC;EACpCC,QAAQ,EAAE;IACRC,GAAG,EAAEC;EACP,CAAC;EAEDC,SAAS,EAAE,YAAY;EAEvBC,sBAAsB,WAAAA,uBAACC,KAAK,EAAE;IAC5B,OAAO,IAAI,CAACJ,GAAG,CAACG,sBAAsB,CAACC,KAAK,CAAC;EAC/C,CAAC;EAEDC,aAAa,WAAAA,cAACC,GAAG,EAAEC,MAAM,EAAE;IACzB,OAAO,IAAAC,qBAAY,EAACD,MAAM,CAAC,CAACE,IAAI,CAAC,UAACC,CAAC,EAAK;MACtC;MACA,IAAIH,MAAM,CAACnB,MAAM,KAAK,CAAC,IAAImB,MAAM,CAACI,UAAU,KAAK,CAAC,EAAE;QAClD,OAAOC,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,yCAAyC,CAAC,CAAC;MAC7E;MAEA,OAAOR,GAAG,CAACS,OAAO,CAACL,CAAC,CAAC;IACvB,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEM,UAAU,WAAAA,WAACC,GAAG,EAAEC,SAAS,EAAEC,OAAO,EAAE;IAClC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKC,gBAAG,CAACC,OAAO,CAACF,CAAC,CAACG,GAAG,EAAEN,SAAS,CAAC;IAAA,EAAC;EAC7E,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEO,WAAW,WAAAA,YAACR,GAAG,EAAES,UAAU,EAAEP,OAAO,EAAE;IACpC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAACC,aAAa,CAACR,CAAC,CAACG,GAAG,CAAC,CAC1BT,OAAO,CAACW,UAAU,CAAC,CACnBjB,IAAI,CAAC,UAACqB,MAAM;QAAA,OAAKA,MAAM,CAACC,SAAS,CAACC,QAAQ,CAAC,CAAC;MAAA,EAAC;IAAA,CAClD,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,QAAQ,WAAAA,SAACC,OAAO,EAAE5B,GAAG,EAAEa,OAAO,EAAE;IAAA,IAAAgB,KAAA;IAC9B;IACA,IAAI,CAACD,OAAO,IAAI,CAAC5B,GAAG,EAAE;MACpB,OAAOM,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtE;IAEA,IAAMsB,KAAK,GAAG,IAAIC,oBAAY,CAAC,CAAC;IAChC,IAAMC,OAAO,GAAG,IAAI,CAACC,iBAAiB,CAACL,OAAO,EAAEf,OAAO,CAAC,CACrDV,IAAI,CAAC,UAAC+B,GAAG,EAAK;MACb;MACA,IAAMrB,OAAO,GAAG;QACdsB,MAAM,EAAE,KAAK;QACbD,GAAG,EAAHA,GAAG;QACHE,YAAY,EAAE;MAChB,CAAC;MAED,IAAMC,GAAG,GAAGR,KAAI,CAACS,OAAO,CAACzB,OAAO,CAAC;MAEjC,IAAA0B,sBAAc,EAAC,UAAU,EAAE1B,OAAO,CAACc,QAAQ,EAAEG,KAAK,CAAC;MAEnD,OAAOO,GAAG;IACZ,CAAC,CAAC,CACDlC,IAAI,CAAC,UAACqC,GAAG;MAAA,OAAKX,KAAI,CAAC9B,aAAa,CAACC,GAAG,EAAEwC,GAAG,CAACC,IAAI,CAAC;IAAA,EAAC;IAEnD,IAAAC,mBAAW,EAACZ,KAAK,EAAEE,OAAO,CAAC;IAE3B,OAAOA,OAAO;EAChB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;EACEC,iBAAiB,WAAAA,kBAACL,OAAO,EAAEf,OAAO,EAAE;IAAA,IAAA8B,MAAA;IAClC,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,wDAAwD,CAAC;IAE1E,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,IAAIpB,OAAO,CAACqB,QAAQ,CAAC,WAAW,CAAC,EAAE;MAC1E,IAAI,CAACL,MAAM,CAACC,IAAI,CACd,qFACF,CAAC;MAED,OAAOvC,QAAA,CAAApB,OAAA,CAAQgE,OAAO,CAACtB,OAAO,CAAC;IACjC;IAEA,IAAMuB,SAAS,GAAG;MAChBC,SAAS,EAAE,CAACxB,OAAO;IACrB,CAAC;IACD,IAAMyB,WAAW,GAAGC,YAAG,CAACC,KAAK,CAAC3B,OAAO,CAAC;;IAEtC;IACAyB,WAAW,CAACG,QAAQ,GAAG,OAAO;IAC9BH,WAAW,CAACI,QAAQ,GAAG,wBAAwB;IAE/C,OAAO,IAAI,CAACnB,OAAO,CAAC;MAClBH,MAAM,EAAE,MAAM;MACdD,GAAG,EAAEoB,YAAG,CAACI,MAAM,CAACL,WAAW,CAAC;MAC5BZ,IAAI,EAAE5B,OAAO,GAAAjC,aAAA,CAAAA,aAAA,KAEJuE,SAAS;QACZQ,KAAK,EAAE9C,OAAO,CAAC+C,MAAM,CAACD;MAAK,KAE7BR;IACN,CAAC,CAAC,CACChD,IAAI,CAAC,UAACqC,GAAG,EAAK;MACb;MACA,IAAMc,GAAG,GAAGd,GAAG,CAACC,IAAI,CAACW,SAAS,CAACxB,OAAO,CAAC;MAEvC,IAAI,CAAC0B,GAAG,EAAE;QACRX,MAAI,CAACC,MAAM,CAACiB,IAAI,CACd,uGACF,CAAC;QAED,OAAOjC,OAAO;MAChB;MACAe,MAAI,CAACC,MAAM,CAACC,IAAI,CAAC,uDAAuD,CAAC;MAEzE,OAAOS,GAAG;IACZ,CAAC,CAAC,CACDQ,KAAK,CAAC,UAACC,GAAG,EAAK;MACdpB,MAAI,CAACC,MAAM,CAACiB,IAAI,gBAAAG,MAAA,CACCD,GAAG,4CAAAC,MAAA,CAAyCpC,OAAO,+BAAAoC,MAAA,CAA4BpC,OAAO,cACvG,CAAC;MAED,OAAOA,OAAO;IAChB,CAAC,CAAC;EACN,CAAC;EAEDqC,aAAa,WAAAA,cAACC,IAAI,EAAE;IAClB,OAAO,IAAAhE,qBAAY,EAACgE,IAAI,CAAC,CAAC/D,IAAI,CAAC,UAACF,MAAM;MAAA,OACpCe,gBAAG,CAACmD,MAAM,CAAC,CAAC,CAAChE,IAAI,CAAC,UAACH,GAAG;QAAA,OACpBA,GAAG,CACAoE,OAAO,CAACnE,MAAM,CAAC,CACfE,IAAI,CAACD,qBAAY;QAClB;QAAA,CACCC,IAAI,CAAC,UAACkE,KAAK;UAAA,OAAM;YAACrE,GAAG,EAAHA,GAAG;YAAEqE,KAAK,EAALA;UAAK,CAAC;QAAA,CAAC,CAAC;MAAA,CACpC,CAAC;IAAA,CACH,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,UAAU,WAAAA,WAAC3D,GAAG,EAAEX,GAAG,EAAEa,OAAO,EAAE;IAC5B;IACA,IAAI,CAACb,GAAG,CAACuE,GAAG,EAAE;MACZ,OAAOjE,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtF;IAEA,OAAO,IAAI,CAACM,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKf,GAAG,CAACwE,KAAK,CAACzD,CAAC,CAACG,GAAG,CAAC;IAAA,EAAC;EAChE,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEuD,WAAW,WAAAA,YAAC9D,GAAG,EAAEc,SAAS,EAAEZ,OAAO,EAAE;IAAA,IAAA6D,MAAA;IACnC,OAAO,IAAI,CAAC5D,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAACqD,aAAa,CAACD,MAAI,CAACE,MAAM,CAACC,WAAW,EAAE;QAC9ClE,GAAG,EAAEI,CAAC,CAACG,GAAG;QACV4D,MAAM,EAAE;UACNC,GAAG,EAAE;QACP,CAAC;QACDC,SAAS,EAAE;MACb,CAAC,CAAC,CAACC,KAAK,CAACxD,SAAS,EAAE,MAAM,CAAC;IAAA,CAC7B,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEX,MAAM,WAAAA,OAACoB,GAAG,EAAqB;IAAA,IAAAgD,MAAA;IAAA,IAAAC,IAAA,GAAAtG,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAuG,SAAA,GAAAvG,SAAA,MAAJ,CAAC,CAAC;MAAhBwG,UAAU,GAAAF,IAAA,CAAVE,UAAU;IACrB,IAAInD,GAAG,CAAChB,GAAG,EAAE;MACX,OAAO,IAAI,CAACxB,GAAG,CAAC4F,KAAK,CAACpD,GAAG,CAAC;IAC5B;IAEA,IAAIqD,UAAU,GAAGrD,GAAG;IAEpB,IAAImD,UAAU,EAAE;MACdE,UAAU,mBAAAvB,MAAA,CAAmBqB,UAAU,CAAE;IAC3C;IAEA,OAAO,IAAI,CAACG,gBAAgB,CACzBC,GAAG,CAACF,UAAU,CAAC,CACfpF,IAAI,CAAC,UAACuF,SAAS;MAAA,OAAKC,IAAI,CAACpC,KAAK,CAACmC,SAAS,CAAC;IAAA,EAAC,CAC1CvF,IAAI,CAAC,UAACyF,SAAS;MAAA,OAAKV,MAAI,CAACxF,GAAG,CAAC4F,KAAK,CAACM,SAAS,CAAC;IAAA,EAAC,CAC9C9B,KAAK,CAAC;MAAA,OACLoB,MAAI,CAACxF,GAAG,CACLmG,QAAQ,CAAC;QAAC3D,GAAG,EAAHA,GAAG;QAAEmD,UAAU,EAAVA;MAAU,CAAC,CAAC,CAC3BlF,IAAI,CAAC,IAAA2F,WAAG,EAAC,UAACnF,GAAG;QAAA,OAAKuE,MAAI,CAACM,gBAAgB,CAACO,GAAG,CAACR,UAAU,EAAE,IAAAS,UAAA,CAAA9G,OAAA,EAAeyB,GAAG,EAAEsF,QAAQ,CAAC,CAAC;MAAA,EAAC,CAAC;IAAA,CAC7F,CAAC;EACL,CAAC;EAAAC,OAAA;AACH,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA,SAASD,QAAQA,CAAClF,CAAC,EAAEoF,CAAC,EAAE;EACtB,IAAIpF,CAAC,KAAK,KAAK,EAAE;IACf;IACA;IACA,IAAMqF,IAAI,GAAG,IAAI,CAACrF,CAAC,CAAC,CAACsF,MAAM,CAAC,IAAI,CAAC;IAEjC,OAAOD,IAAI;EACb;EAEA,OAAOD,CAAC;AACV;AAAC,IAAAG,QAAA,GAAAC,OAAA,CAAArH,OAAA,GAEcI,UAAU"}
package/dist/ensure-buffer.browser.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["ensureBuffer","buffer","ArrayBuffer","resolve","toArrayBuffer","reject","fr","FileReader","onload","Uint8Array","result","onerror","readAsArrayBuffer"],"sources":["ensure-buffer.browser.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n/* eslint-env: browser */\n\n/**\n * Ensures the provider buffer is, indeed, an ArrayBuffer; converts File and\n * Blob objects to ArrayBuffers.\n * @param {mixed} buffer\n * @returns {Promise<ArrayBuffer>}\n */\nexport default function ensureBuffer(buffer) {\n if (buffer instanceof ArrayBuffer) {\n return Promise.resolve(buffer);\n }\n\n if (buffer.toArrayBuffer) {\n return Promise.resolve(buffer.toArrayBuffer());\n }\n\n if (buffer.buffer) {\n return Promise.resolve(buffer.buffer);\n }\n\n return new Promise((resolve, reject) => {\n const fr = new FileReader();\n\n fr.onload = function onload() {\n resolve(new Uint8Array(this.result));\n };\n\n fr.onerror = reject;\n\n fr.readAsArrayBuffer(buffer);\n });\n}\n"],"mappings":";;;;;;;;;AAAA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACe,SAASA,YAAY,CAACC,MAAM,EAAE;EAC3C,IAAIA,MAAM,YAAYC,WAAW,EAAE;IACjC,OAAO,iBAAQC,OAAO,CAACF,MAAM,CAAC;EAChC;EAEA,IAAIA,MAAM,CAACG,aAAa,EAAE;IACxB,OAAO,iBAAQD,OAAO,CAACF,MAAM,CAACG,aAAa,EAAE,CAAC;EAChD;EAEA,IAAIH,MAAM,CAACA,MAAM,EAAE;IACjB,OAAO,iBAAQE,OAAO,CAACF,MAAM,CAACA,MAAM,CAAC;EACvC;EAEA,OAAO,qBAAY,UAACE,OAAO,EAAEE,MAAM,EAAK;IACtC,IAAMC,EAAE,GAAG,IAAIC,UAAU,EAAE;IAE3BD,EAAE,CAACE,MAAM,GAAG,SAASA,MAAM,GAAG;MAC5BL,OAAO,CAAC,IAAIM,UAAU,CAAC,IAAI,CAACC,MAAM,CAAC,CAAC;IACtC,CAAC;IAEDJ,EAAE,CAACK,OAAO,GAAGN,MAAM;IAEnBC,EAAE,CAACM,iBAAiB,CAACX,MAAM,CAAC;EAC9B,CAAC,CAAC;AACJ"}
1
+ {"version":3,"names":["ensureBuffer","buffer","ArrayBuffer","_promise","default","resolve","toArrayBuffer","reject","fr","FileReader","onload","Uint8Array","result","onerror","readAsArrayBuffer"],"sources":["ensure-buffer.browser.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n/* eslint-env: browser */\n\n/**\n * Ensures the provider buffer is, indeed, an ArrayBuffer; converts File and\n * Blob objects to ArrayBuffers.\n * @param {mixed} buffer\n * @returns {Promise<ArrayBuffer>}\n */\nexport default function ensureBuffer(buffer) {\n if (buffer instanceof ArrayBuffer) {\n return Promise.resolve(buffer);\n }\n\n if (buffer.toArrayBuffer) {\n return Promise.resolve(buffer.toArrayBuffer());\n }\n\n if (buffer.buffer) {\n return Promise.resolve(buffer.buffer);\n }\n\n return new Promise((resolve, reject) => {\n const fr = new FileReader();\n\n fr.onload = function onload() {\n resolve(new Uint8Array(this.result));\n };\n\n fr.onerror = reject;\n\n fr.readAsArrayBuffer(buffer);\n });\n}\n"],"mappings":";;;;;;;;;AAAA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACe,SAASA,YAAYA,CAACC,MAAM,EAAE;EAC3C,IAAIA,MAAM,YAAYC,WAAW,EAAE;IACjC,OAAOC,QAAA,CAAAC,OAAA,CAAQC,OAAO,CAACJ,MAAM,CAAC;EAChC;EAEA,IAAIA,MAAM,CAACK,aAAa,EAAE;IACxB,OAAOH,QAAA,CAAAC,OAAA,CAAQC,OAAO,CAACJ,MAAM,CAACK,aAAa,CAAC,CAAC,CAAC;EAChD;EAEA,IAAIL,MAAM,CAACA,MAAM,EAAE;IACjB,OAAOE,QAAA,CAAAC,OAAA,CAAQC,OAAO,CAACJ,MAAM,CAACA,MAAM,CAAC;EACvC;EAEA,OAAO,IAAAE,QAAA,CAAAC,OAAA,CAAY,UAACC,OAAO,EAAEE,MAAM,EAAK;IACtC,IAAMC,EAAE,GAAG,IAAIC,UAAU,CAAC,CAAC;IAE3BD,EAAE,CAACE,MAAM,GAAG,SAASA,MAAMA,CAAA,EAAG;MAC5BL,OAAO,CAAC,IAAIM,UAAU,CAAC,IAAI,CAACC,MAAM,CAAC,CAAC;IACtC,CAAC;IAEDJ,EAAE,CAACK,OAAO,GAAGN,MAAM;IAEnBC,EAAE,CAACM,iBAAiB,CAACb,MAAM,CAAC;EAC9B,CAAC,CAAC;AACJ"}
package/dist/ensure-buffer.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["ensureBuffer","buffer","isBuffer","reject","Error","resolve"],"sources":["ensure-buffer.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {isBuffer} from '@webex/common';\n\n/**\n * Ensures the provider Buffer is, indeed, a Buffer; sometimes, they seem to be\n * byte-arrays instead of proper Buffer objects.\n * @param {mixed} buffer\n * @returns {Promise<Buffer>}\n */\nexport default function ensureBuffer(buffer) {\n /* istanbul ignore if */\n if (!isBuffer(buffer)) {\n return Promise.reject(new Error('`buffer` must be a buffer'));\n }\n\n return Promise.resolve(buffer);\n}\n"],"mappings":";;;;;;;;;AAIA;AAJA;AACA;AACA;;AAIA;AACA;AACA;AACA;AACA;AACA;AACe,SAASA,YAAY,CAACC,MAAM,EAAE;EAC3C;EACA,IAAI,CAAC,IAAAC,gBAAQ,EAACD,MAAM,CAAC,EAAE;IACrB,OAAO,iBAAQE,MAAM,CAAC,IAAIC,KAAK,CAAC,2BAA2B,CAAC,CAAC;EAC/D;EAEA,OAAO,iBAAQC,OAAO,CAACJ,MAAM,CAAC;AAChC"}
1
+ {"version":3,"names":["_common","require","ensureBuffer","buffer","isBuffer","_promise","default","reject","Error","resolve"],"sources":["ensure-buffer.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {isBuffer} from '@webex/common';\n\n/**\n * Ensures the provider Buffer is, indeed, a Buffer; sometimes, they seem to be\n * byte-arrays instead of proper Buffer objects.\n * @param {mixed} buffer\n * @returns {Promise<Buffer>}\n */\nexport default function ensureBuffer(buffer) {\n /* istanbul ignore if */\n if (!isBuffer(buffer)) {\n return Promise.reject(new Error('`buffer` must be a buffer'));\n }\n\n return Promise.resolve(buffer);\n}\n"],"mappings":";;;;;;;;;AAIA,IAAAA,OAAA,GAAAC,OAAA;AAJA;AACA;AACA;;AAIA;AACA;AACA;AACA;AACA;AACA;AACe,SAASC,YAAYA,CAACC,MAAM,EAAE;EAC3C;EACA,IAAI,CAAC,IAAAC,gBAAQ,EAACD,MAAM,CAAC,EAAE;IACrB,OAAOE,QAAA,CAAAC,OAAA,CAAQC,MAAM,CAAC,IAAIC,KAAK,CAAC,2BAA2B,CAAC,CAAC;EAC/D;EAEA,OAAOH,QAAA,CAAAC,OAAA,CAAQG,OAAO,CAACN,MAAM,CAAC;AAChC"}
package/dist/index.js CHANGED
@@ -30,12 +30,10 @@ _Object$defineProperty(exports, "default", {
30
30
  }
31
31
  });
32
32
  var _promise = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/promise"));
33
- var _isString2 = _interopRequireDefault(require("lodash/isString"));
34
- var _isObject2 = _interopRequireDefault(require("lodash/isObject"));
35
- var _has2 = _interopRequireDefault(require("lodash/has"));
36
33
  require("@webex/internal-plugin-device");
37
34
  require("@webex/internal-plugin-mercury");
38
35
  var _webexCore = require("@webex/webex-core");
36
+ var _lodash = require("lodash");
39
37
  var _encryption = _interopRequireDefault(require("./encryption"));
40
38
  var _config = _interopRequireDefault(require("./config"));
41
39
  var _kmsErrors = require("./kms-errors");
@@ -65,10 +63,10 @@ if (process.env.NODE_ENV === 'test') {
65
63
  // I don't see any practical way to reduce complexity here.
66
64
  // eslint-disable-next-line complexity
67
65
  test: function test(ctx, options) {
68
- if (!(0, _has2.default)(options, 'body.kmsMessage')) {
66
+ if (!(0, _lodash.has)(options, 'body.kmsMessage')) {
69
67
  return _promise.default.resolve(false);
70
68
  }
71
- if (!(0, _isObject2.default)(options.body.kmsMessage)) {
69
+ if (!(0, _lodash.isObject)(options.body.kmsMessage)) {
72
70
  return _promise.default.resolve(false);
73
71
  }
74
72
 
@@ -94,7 +92,7 @@ if (process.env.NODE_ENV === 'test') {
94
92
  name: 'decryptKmsMessage',
95
93
  direction: 'inbound',
96
94
  test: function test(ctx, response) {
97
- return _promise.default.resolve((0, _has2.default)(response, 'body.kmsMessage') && (0, _isString2.default)(response.body.kmsMessage));
95
+ return _promise.default.resolve((0, _lodash.has)(response, 'body.kmsMessage') && (0, _lodash.isString)(response.body.kmsMessage));
98
96
  },
99
97
  extract: function extract(response) {
100
98
  return _promise.default.resolve(response.body);
@@ -118,7 +116,7 @@ if (process.env.NODE_ENV === 'test') {
118
116
  if (!object.kmsMessage) {
119
117
  return _promise.default.resolve();
120
118
  }
121
- if ((0, _isString2.default)(object.kmsMessage)) {
119
+ if ((0, _lodash.isString)(object.kmsMessage)) {
122
120
  return _promise.default.resolve();
123
121
  }
124
122
  return ctx.webex.internal.encryption.kms.prepareRequest(object.kmsMessage).then(function (req) {
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["interceptors","process","env","NODE_ENV","KmsDryErrorInterceptor","create","registerInternalPlugin","Encryption","payloadTransformer","predicates","name","direction","test","ctx","options","resolve","body","kmsMessage","keyUris","length","resourceUri","includes","uri","extract","response","reason","Boolean","errorCode","transforms","fn","object","webex","internal","encryption","kms","prepareRequest","then","req","wrapped","decryptKmsMessage","promises","errors","map","error","description","desc","push","message","all","reject","DryError","config"],"sources":["index.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n// Note: There's a bug where if bind gets replayed because of a timeout in which\n// the original request eventually completed, there'll be an error indicating\n// the key can't be bound (because it already has been). This could be mitigated\n// by using Promise.race to resolve replays (as more requests get enqueue for a\n// specific action, accept whichever one completes first).\n\nimport '@webex/internal-plugin-device';\n\nimport '@webex/internal-plugin-mercury';\n\nimport {registerInternalPlugin} from '@webex/webex-core';\nimport {has, isObject, isString} from 'lodash';\n\nimport Encryption from './encryption';\nimport config from './config';\nimport {DryError} from './kms-errors';\n\nimport KmsDryErrorInterceptor from './kms-dry-error-interceptor';\n\nlet interceptors;\n\nif (process.env.NODE_ENV === 'test') {\n interceptors = {\n KmsDryErrorInterceptor: KmsDryErrorInterceptor.create,\n };\n}\n\nregisterInternalPlugin('encryption', Encryption, {\n payloadTransformer: {\n predicates: [\n {\n name: 'encryptKmsMessage',\n direction: 'outbound',\n // I don't see any practical way to reduce complexity here.\n // eslint-disable-next-line complexity\n test(ctx, options) {\n if (!has(options, 'body.kmsMessage')) {\n return Promise.resolve(false);\n }\n\n if (!isObject(options.body.kmsMessage)) {\n return Promise.resolve(false);\n }\n\n // If this is a template for a kms message, assume another transform\n // will fill it in later. This is a bit of a leaky abstraction, but the\n // alternative is building a complex rules engine for controlling\n // ordering of transforms\n if (options.body.kmsMessage.keyUris && options.body.kmsMessage.keyUris.length === 0) {\n return Promise.resolve(false);\n }\n if (\n options.body.kmsMessage.resourceUri &&\n (options.body.kmsMessage.resourceUri.includes('<KRO>') ||\n options.body.kmsMessage.resourceUri.includes('<KEYURL>'))\n ) {\n return Promise.resolve(false);\n }\n if (\n options.body.kmsMessage.uri &&\n (options.body.kmsMessage.uri.includes('<KRO>') ||\n options.body.kmsMessage.uri.includes('<KEYURL>'))\n ) {\n return Promise.resolve(false);\n }\n\n return Promise.resolve(true);\n },\n extract(options) {\n return Promise.resolve(options.body);\n },\n },\n {\n name: 'decryptKmsMessage',\n direction: 'inbound',\n test(ctx, response) {\n return Promise.resolve(\n has(response, 'body.kmsMessage') && isString(response.body.kmsMessage)\n );\n },\n extract(response) {\n return Promise.resolve(response.body);\n },\n },\n {\n name: 'decryptErrorResponse',\n direction: 'inbound',\n test(ctx, reason) {\n return Promise.resolve(Boolean(reason.body && reason.body.errorCode === 1900000));\n },\n extract(reason) {\n return Promise.resolve(reason);\n },\n },\n ],\n transforms: [\n {\n name: 'encryptKmsMessage',\n fn(ctx, object) {\n if (!object) {\n return Promise.resolve();\n }\n\n if (!object.kmsMessage) {\n return Promise.resolve();\n }\n\n if (isString(object.kmsMessage)) {\n return Promise.resolve();\n }\n\n return ctx.webex.internal.encryption.kms.prepareRequest(object.kmsMessage).then((req) => {\n object.kmsMessage = req.wrapped;\n });\n },\n },\n {\n name: 'decryptKmsMessage',\n fn(ctx, object) {\n return ctx.webex.internal.encryption.kms\n .decryptKmsMessage(object.kmsMessage)\n .then((kmsMessage) => {\n object.kmsMessage = kmsMessage;\n });\n },\n },\n {\n name: 'decryptErrorResponse',\n fn(ctx, reason) {\n const promises = reason.body.errors.map((error) =>\n ctx.webex.internal.encryption.kms.decryptKmsMessage(error.description).then((desc) => {\n error.description = desc;\n })\n );\n\n promises.push(\n ctx.webex.internal.encryption.kms\n .decryptKmsMessage(reason.body.message)\n .then((kmsMessage) => {\n reason.body.message = kmsMessage;\n })\n );\n\n return Promise.all(promises).then(() => Promise.reject(new DryError(reason)));\n },\n },\n ],\n },\n interceptors,\n config,\n});\n\nexport {default} from './encryption';\nexport {default as KMS} from './kms';\nexport {KmsError, DryError} from './kms-errors';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAUA;AAEA;AAEA;AAGA;AACA;AACA;AAEA;AAwIA;AA7JA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAeA,IAAIA,YAAY;AAEhB,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,MAAM,EAAE;EACnCH,YAAY,GAAG;IACbI,sBAAsB,EAAEA,+BAAsB,CAACC;EACjD,CAAC;AACH;AAEA,IAAAC,iCAAsB,EAAC,YAAY,EAAEC,mBAAU,EAAE;EAC/CC,kBAAkB,EAAE;IAClBC,UAAU,EAAE,CACV;MACEC,IAAI,EAAE,mBAAmB;MACzBC,SAAS,EAAE,UAAU;MACrB;MACA;MACAC,IAAI,gBAACC,GAAG,EAAEC,OAAO,EAAE;QACjB,IAAI,CAAC,mBAAIA,OAAO,EAAE,iBAAiB,CAAC,EAAE;UACpC,OAAO,iBAAQC,OAAO,CAAC,KAAK,CAAC;QAC/B;QAEA,IAAI,CAAC,wBAASD,OAAO,CAACE,IAAI,CAACC,UAAU,CAAC,EAAE;UACtC,OAAO,iBAAQF,OAAO,CAAC,KAAK,CAAC;QAC/B;;QAEA;QACA;QACA;QACA;QACA,IAAID,OAAO,CAACE,IAAI,CAACC,UAAU,CAACC,OAAO,IAAIJ,OAAO,CAACE,IAAI,CAACC,UAAU,CAACC,OAAO,CAACC,MAAM,KAAK,CAAC,EAAE;UACnF,OAAO,iBAAQJ,OAAO,CAAC,KAAK,CAAC;QAC/B;QACA,IACED,OAAO,CAACE,IAAI,CAACC,UAAU,CAACG,WAAW,KAClCN,OAAO,CAACE,IAAI,CAACC,UAAU,CAACG,WAAW,CAACC,QAAQ,CAAC,OAAO,CAAC,IACpDP,OAAO,CAACE,IAAI,CAACC,UAAU,CAACG,WAAW,CAACC,QAAQ,CAAC,UAAU,CAAC,CAAC,EAC3D;UACA,OAAO,iBAAQN,OAAO,CAAC,KAAK,CAAC;QAC/B;QACA,IACED,OAAO,CAACE,IAAI,CAACC,UAAU,CAACK,GAAG,KAC1BR,OAAO,CAACE,IAAI,CAACC,UAAU,CAACK,GAAG,CAACD,QAAQ,CAAC,OAAO,CAAC,IAC5CP,OAAO,CAACE,IAAI,CAACC,UAAU,CAACK,GAAG,CAACD,QAAQ,CAAC,UAAU,CAAC,CAAC,EACnD;UACA,OAAO,iBAAQN,OAAO,CAAC,KAAK,CAAC;QAC/B;QAEA,OAAO,iBAAQA,OAAO,CAAC,IAAI,CAAC;MAC9B,CAAC;MACDQ,OAAO,mBAACT,OAAO,EAAE;QACf,OAAO,iBAAQC,OAAO,CAACD,OAAO,CAACE,IAAI,CAAC;MACtC;IACF,CAAC,EACD;MACEN,IAAI,EAAE,mBAAmB;MACzBC,SAAS,EAAE,SAAS;MACpBC,IAAI,gBAACC,GAAG,EAAEW,QAAQ,EAAE;QAClB,OAAO,iBAAQT,OAAO,CACpB,mBAAIS,QAAQ,EAAE,iBAAiB,CAAC,IAAI,wBAASA,QAAQ,CAACR,IAAI,CAACC,UAAU,CAAC,CACvE;MACH,CAAC;MACDM,OAAO,mBAACC,QAAQ,EAAE;QAChB,OAAO,iBAAQT,OAAO,CAACS,QAAQ,CAACR,IAAI,CAAC;MACvC;IACF,CAAC,EACD;MACEN,IAAI,EAAE,sBAAsB;MAC5BC,SAAS,EAAE,SAAS;MACpBC,IAAI,gBAACC,GAAG,EAAEY,MAAM,EAAE;QAChB,OAAO,iBAAQV,OAAO,CAACW,OAAO,CAACD,MAAM,CAACT,IAAI,IAAIS,MAAM,CAACT,IAAI,CAACW,SAAS,KAAK,OAAO,CAAC,CAAC;MACnF,CAAC;MACDJ,OAAO,mBAACE,MAAM,EAAE;QACd,OAAO,iBAAQV,OAAO,CAACU,MAAM,CAAC;MAChC;IACF,CAAC,CACF;IACDG,UAAU,EAAE,CACV;MACElB,IAAI,EAAE,mBAAmB;MACzBmB,EAAE,cAAChB,GAAG,EAAEiB,MAAM,EAAE;QACd,IAAI,CAACA,MAAM,EAAE;UACX,OAAO,iBAAQf,OAAO,EAAE;QAC1B;QAEA,IAAI,CAACe,MAAM,CAACb,UAAU,EAAE;UACtB,OAAO,iBAAQF,OAAO,EAAE;QAC1B;QAEA,IAAI,wBAASe,MAAM,CAACb,UAAU,CAAC,EAAE;UAC/B,OAAO,iBAAQF,OAAO,EAAE;QAC1B;QAEA,OAAOF,GAAG,CAACkB,KAAK,CAACC,QAAQ,CAACC,UAAU,CAACC,GAAG,CAACC,cAAc,CAACL,MAAM,CAACb,UAAU,CAAC,CAACmB,IAAI,CAAC,UAACC,GAAG,EAAK;UACvFP,MAAM,CAACb,UAAU,GAAGoB,GAAG,CAACC,OAAO;QACjC,CAAC,CAAC;MACJ;IACF,CAAC,EACD;MACE5B,IAAI,EAAE,mBAAmB;MACzBmB,EAAE,cAAChB,GAAG,EAAEiB,MAAM,EAAE;QACd,OAAOjB,GAAG,CAACkB,KAAK,CAACC,QAAQ,CAACC,UAAU,CAACC,GAAG,CACrCK,iBAAiB,CAACT,MAAM,CAACb,UAAU,CAAC,CACpCmB,IAAI,CAAC,UAACnB,UAAU,EAAK;UACpBa,MAAM,CAACb,UAAU,GAAGA,UAAU;QAChC,CAAC,CAAC;MACN;IACF,CAAC,EACD;MACEP,IAAI,EAAE,sBAAsB;MAC5BmB,EAAE,cAAChB,GAAG,EAAEY,MAAM,EAAE;QACd,IAAMe,QAAQ,GAAGf,MAAM,CAACT,IAAI,CAACyB,MAAM,CAACC,GAAG,CAAC,UAACC,KAAK;UAAA,OAC5C9B,GAAG,CAACkB,KAAK,CAACC,QAAQ,CAACC,UAAU,CAACC,GAAG,CAACK,iBAAiB,CAACI,KAAK,CAACC,WAAW,CAAC,CAACR,IAAI,CAAC,UAACS,IAAI,EAAK;YACpFF,KAAK,CAACC,WAAW,GAAGC,IAAI;UAC1B,CAAC,CAAC;QAAA,EACH;QAEDL,QAAQ,CAACM,IAAI,CACXjC,GAAG,CAACkB,KAAK,CAACC,QAAQ,CAACC,UAAU,CAACC,GAAG,CAC9BK,iBAAiB,CAACd,MAAM,CAACT,IAAI,CAAC+B,OAAO,CAAC,CACtCX,IAAI,CAAC,UAACnB,UAAU,EAAK;UACpBQ,MAAM,CAACT,IAAI,CAAC+B,OAAO,GAAG9B,UAAU;QAClC,CAAC,CAAC,CACL;QAED,OAAO,iBAAQ+B,GAAG,CAACR,QAAQ,CAAC,CAACJ,IAAI,CAAC;UAAA,OAAM,iBAAQa,MAAM,CAAC,IAAIC,mBAAQ,CAACzB,MAAM,CAAC,CAAC;QAAA,EAAC;MAC/E;IACF,CAAC;EAEL,CAAC;EACDzB,YAAY,EAAZA,YAAY;EACZmD,MAAM,EAANA;AACF,CAAC,CAAC"}
1
+ {"version":3,"names":["require","_webexCore","_lodash","_encryption","_interopRequireDefault","_config","_kmsErrors","_kmsDryErrorInterceptor","_kms","interceptors","process","env","NODE_ENV","KmsDryErrorInterceptor","create","registerInternalPlugin","Encryption","payloadTransformer","predicates","name","direction","test","ctx","options","has","_promise","default","resolve","isObject","body","kmsMessage","keyUris","length","resourceUri","includes","uri","extract","response","isString","reason","Boolean","errorCode","transforms","fn","object","webex","internal","encryption","kms","prepareRequest","then","req","wrapped","decryptKmsMessage","promises","errors","map","error","description","desc","push","message","all","reject","DryError","config"],"sources":["index.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\n// Note: There's a bug where if bind gets replayed because of a timeout in which\n// the original request eventually completed, there'll be an error indicating\n// the key can't be bound (because it already has been). This could be mitigated\n// by using Promise.race to resolve replays (as more requests get enqueue for a\n// specific action, accept whichever one completes first).\n\nimport '@webex/internal-plugin-device';\n\nimport '@webex/internal-plugin-mercury';\n\nimport {registerInternalPlugin} from '@webex/webex-core';\nimport {has, isObject, isString} from 'lodash';\n\nimport Encryption from './encryption';\nimport config from './config';\nimport {DryError} from './kms-errors';\n\nimport KmsDryErrorInterceptor from './kms-dry-error-interceptor';\n\nlet interceptors;\n\nif (process.env.NODE_ENV === 'test') {\n interceptors = {\n KmsDryErrorInterceptor: KmsDryErrorInterceptor.create,\n };\n}\n\nregisterInternalPlugin('encryption', Encryption, {\n payloadTransformer: {\n predicates: [\n {\n name: 'encryptKmsMessage',\n direction: 'outbound',\n // I don't see any practical way to reduce complexity here.\n // eslint-disable-next-line complexity\n test(ctx, options) {\n if (!has(options, 'body.kmsMessage')) {\n return Promise.resolve(false);\n }\n\n if (!isObject(options.body.kmsMessage)) {\n return Promise.resolve(false);\n }\n\n // If this is a template for a kms message, assume another transform\n // will fill it in later. This is a bit of a leaky abstraction, but the\n // alternative is building a complex rules engine for controlling\n // ordering of transforms\n if (options.body.kmsMessage.keyUris && options.body.kmsMessage.keyUris.length === 0) {\n return Promise.resolve(false);\n }\n if (\n options.body.kmsMessage.resourceUri &&\n (options.body.kmsMessage.resourceUri.includes('<KRO>') ||\n options.body.kmsMessage.resourceUri.includes('<KEYURL>'))\n ) {\n return Promise.resolve(false);\n }\n if (\n options.body.kmsMessage.uri &&\n (options.body.kmsMessage.uri.includes('<KRO>') ||\n options.body.kmsMessage.uri.includes('<KEYURL>'))\n ) {\n return Promise.resolve(false);\n }\n\n return Promise.resolve(true);\n },\n extract(options) {\n return Promise.resolve(options.body);\n },\n },\n {\n name: 'decryptKmsMessage',\n direction: 'inbound',\n test(ctx, response) {\n return Promise.resolve(\n has(response, 'body.kmsMessage') && isString(response.body.kmsMessage)\n );\n },\n extract(response) {\n return Promise.resolve(response.body);\n },\n },\n {\n name: 'decryptErrorResponse',\n direction: 'inbound',\n test(ctx, reason) {\n return Promise.resolve(Boolean(reason.body && reason.body.errorCode === 1900000));\n },\n extract(reason) {\n return Promise.resolve(reason);\n },\n },\n ],\n transforms: [\n {\n name: 'encryptKmsMessage',\n fn(ctx, object) {\n if (!object) {\n return Promise.resolve();\n }\n\n if (!object.kmsMessage) {\n return Promise.resolve();\n }\n\n if (isString(object.kmsMessage)) {\n return Promise.resolve();\n }\n\n return ctx.webex.internal.encryption.kms.prepareRequest(object.kmsMessage).then((req) => {\n object.kmsMessage = req.wrapped;\n });\n },\n },\n {\n name: 'decryptKmsMessage',\n fn(ctx, object) {\n return ctx.webex.internal.encryption.kms\n .decryptKmsMessage(object.kmsMessage)\n .then((kmsMessage) => {\n object.kmsMessage = kmsMessage;\n });\n },\n },\n {\n name: 'decryptErrorResponse',\n fn(ctx, reason) {\n const promises = reason.body.errors.map((error) =>\n ctx.webex.internal.encryption.kms.decryptKmsMessage(error.description).then((desc) => {\n error.description = desc;\n })\n );\n\n promises.push(\n ctx.webex.internal.encryption.kms\n .decryptKmsMessage(reason.body.message)\n .then((kmsMessage) => {\n reason.body.message = kmsMessage;\n })\n );\n\n return Promise.all(promises).then(() => Promise.reject(new DryError(reason)));\n },\n },\n ],\n },\n interceptors,\n config,\n});\n\nexport {default} from './encryption';\nexport {default as KMS} from './kms';\nexport {KmsError, DryError} from './kms-errors';\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAUAA,OAAA;AAEAA,OAAA;AAEA,IAAAC,UAAA,GAAAD,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AAEA,IAAAG,WAAA,GAAAC,sBAAA,CAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAD,sBAAA,CAAAJ,OAAA;AACA,IAAAM,UAAA,GAAAN,OAAA;AAEA,IAAAO,uBAAA,GAAAH,sBAAA,CAAAJ,OAAA;AAwIA,IAAAQ,IAAA,GAAAJ,sBAAA,CAAAJ,OAAA;AA7JA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAeA,IAAIS,YAAY;AAEhB,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,MAAM,EAAE;EACnCH,YAAY,GAAG;IACbI,sBAAsB,EAAEA,+BAAsB,CAACC;EACjD,CAAC;AACH;AAEA,IAAAC,iCAAsB,EAAC,YAAY,EAAEC,mBAAU,EAAE;EAC/CC,kBAAkB,EAAE;IAClBC,UAAU,EAAE,CACV;MACEC,IAAI,EAAE,mBAAmB;MACzBC,SAAS,EAAE,UAAU;MACrB;MACA;MACAC,IAAI,WAAAA,KAACC,GAAG,EAAEC,OAAO,EAAE;QACjB,IAAI,CAAC,IAAAC,WAAG,EAACD,OAAO,EAAE,iBAAiB,CAAC,EAAE;UACpC,OAAOE,QAAA,CAAAC,OAAA,CAAQC,OAAO,CAAC,KAAK,CAAC;QAC/B;QAEA,IAAI,CAAC,IAAAC,gBAAQ,EAACL,OAAO,CAACM,IAAI,CAACC,UAAU,CAAC,EAAE;UACtC,OAAOL,QAAA,CAAAC,OAAA,CAAQC,OAAO,CAAC,KAAK,CAAC;QAC/B;;QAEA;QACA;QACA;QACA;QACA,IAAIJ,OAAO,CAACM,IAAI,CAACC,UAAU,CAACC,OAAO,IAAIR,OAAO,CAACM,IAAI,CAACC,UAAU,CAACC,OAAO,CAACC,MAAM,KAAK,CAAC,EAAE;UACnF,OAAOP,QAAA,CAAAC,OAAA,CAAQC,OAAO,CAAC,KAAK,CAAC;QAC/B;QACA,IACEJ,OAAO,CAACM,IAAI,CAACC,UAAU,CAACG,WAAW,KAClCV,OAAO,CAACM,IAAI,CAACC,UAAU,CAACG,WAAW,CAACC,QAAQ,CAAC,OAAO,CAAC,IACpDX,OAAO,CAACM,IAAI,CAACC,UAAU,CAACG,WAAW,CAACC,QAAQ,CAAC,UAAU,CAAC,CAAC,EAC3D;UACA,OAAOT,QAAA,CAAAC,OAAA,CAAQC,OAAO,CAAC,KAAK,CAAC;QAC/B;QACA,IACEJ,OAAO,CAACM,IAAI,CAACC,UAAU,CAACK,GAAG,KAC1BZ,OAAO,CAACM,IAAI,CAACC,UAAU,CAACK,GAAG,CAACD,QAAQ,CAAC,OAAO,CAAC,IAC5CX,OAAO,CAACM,IAAI,CAACC,UAAU,CAACK,GAAG,CAACD,QAAQ,CAAC,UAAU,CAAC,CAAC,EACnD;UACA,OAAOT,QAAA,CAAAC,OAAA,CAAQC,OAAO,CAAC,KAAK,CAAC;QAC/B;QAEA,OAAOF,QAAA,CAAAC,OAAA,CAAQC,OAAO,CAAC,IAAI,CAAC;MAC9B,CAAC;MACDS,OAAO,WAAAA,QAACb,OAAO,EAAE;QACf,OAAOE,QAAA,CAAAC,OAAA,CAAQC,OAAO,CAACJ,OAAO,CAACM,IAAI,CAAC;MACtC;IACF,CAAC,EACD;MACEV,IAAI,EAAE,mBAAmB;MACzBC,SAAS,EAAE,SAAS;MACpBC,IAAI,WAAAA,KAACC,GAAG,EAAEe,QAAQ,EAAE;QAClB,OAAOZ,QAAA,CAAAC,OAAA,CAAQC,OAAO,CACpB,IAAAH,WAAG,EAACa,QAAQ,EAAE,iBAAiB,CAAC,IAAI,IAAAC,gBAAQ,EAACD,QAAQ,CAACR,IAAI,CAACC,UAAU,CACvE,CAAC;MACH,CAAC;MACDM,OAAO,WAAAA,QAACC,QAAQ,EAAE;QAChB,OAAOZ,QAAA,CAAAC,OAAA,CAAQC,OAAO,CAACU,QAAQ,CAACR,IAAI,CAAC;MACvC;IACF,CAAC,EACD;MACEV,IAAI,EAAE,sBAAsB;MAC5BC,SAAS,EAAE,SAAS;MACpBC,IAAI,WAAAA,KAACC,GAAG,EAAEiB,MAAM,EAAE;QAChB,OAAOd,QAAA,CAAAC,OAAA,CAAQC,OAAO,CAACa,OAAO,CAACD,MAAM,CAACV,IAAI,IAAIU,MAAM,CAACV,IAAI,CAACY,SAAS,KAAK,OAAO,CAAC,CAAC;MACnF,CAAC;MACDL,OAAO,WAAAA,QAACG,MAAM,EAAE;QACd,OAAOd,QAAA,CAAAC,OAAA,CAAQC,OAAO,CAACY,MAAM,CAAC;MAChC;IACF,CAAC,CACF;IACDG,UAAU,EAAE,CACV;MACEvB,IAAI,EAAE,mBAAmB;MACzBwB,EAAE,WAAAA,GAACrB,GAAG,EAAEsB,MAAM,EAAE;QACd,IAAI,CAACA,MAAM,EAAE;UACX,OAAOnB,QAAA,CAAAC,OAAA,CAAQC,OAAO,CAAC,CAAC;QAC1B;QAEA,IAAI,CAACiB,MAAM,CAACd,UAAU,EAAE;UACtB,OAAOL,QAAA,CAAAC,OAAA,CAAQC,OAAO,CAAC,CAAC;QAC1B;QAEA,IAAI,IAAAW,gBAAQ,EAACM,MAAM,CAACd,UAAU,CAAC,EAAE;UAC/B,OAAOL,QAAA,CAAAC,OAAA,CAAQC,OAAO,CAAC,CAAC;QAC1B;QAEA,OAAOL,GAAG,CAACuB,KAAK,CAACC,QAAQ,CAACC,UAAU,CAACC,GAAG,CAACC,cAAc,CAACL,MAAM,CAACd,UAAU,CAAC,CAACoB,IAAI,CAAC,UAACC,GAAG,EAAK;UACvFP,MAAM,CAACd,UAAU,GAAGqB,GAAG,CAACC,OAAO;QACjC,CAAC,CAAC;MACJ;IACF,CAAC,EACD;MACEjC,IAAI,EAAE,mBAAmB;MACzBwB,EAAE,WAAAA,GAACrB,GAAG,EAAEsB,MAAM,EAAE;QACd,OAAOtB,GAAG,CAACuB,KAAK,CAACC,QAAQ,CAACC,UAAU,CAACC,GAAG,CACrCK,iBAAiB,CAACT,MAAM,CAACd,UAAU,CAAC,CACpCoB,IAAI,CAAC,UAACpB,UAAU,EAAK;UACpBc,MAAM,CAACd,UAAU,GAAGA,UAAU;QAChC,CAAC,CAAC;MACN;IACF,CAAC,EACD;MACEX,IAAI,EAAE,sBAAsB;MAC5BwB,EAAE,WAAAA,GAACrB,GAAG,EAAEiB,MAAM,EAAE;QACd,IAAMe,QAAQ,GAAGf,MAAM,CAACV,IAAI,CAAC0B,MAAM,CAACC,GAAG,CAAC,UAACC,KAAK;UAAA,OAC5CnC,GAAG,CAACuB,KAAK,CAACC,QAAQ,CAACC,UAAU,CAACC,GAAG,CAACK,iBAAiB,CAACI,KAAK,CAACC,WAAW,CAAC,CAACR,IAAI,CAAC,UAACS,IAAI,EAAK;YACpFF,KAAK,CAACC,WAAW,GAAGC,IAAI;UAC1B,CAAC,CAAC;QAAA,CACJ,CAAC;QAEDL,QAAQ,CAACM,IAAI,CACXtC,GAAG,CAACuB,KAAK,CAACC,QAAQ,CAACC,UAAU,CAACC,GAAG,CAC9BK,iBAAiB,CAACd,MAAM,CAACV,IAAI,CAACgC,OAAO,CAAC,CACtCX,IAAI,CAAC,UAACpB,UAAU,EAAK;UACpBS,MAAM,CAACV,IAAI,CAACgC,OAAO,GAAG/B,UAAU;QAClC,CAAC,CACL,CAAC;QAED,OAAOL,QAAA,CAAAC,OAAA,CAAQoC,GAAG,CAACR,QAAQ,CAAC,CAACJ,IAAI,CAAC;UAAA,OAAMzB,QAAA,CAAAC,OAAA,CAAQqC,MAAM,CAAC,IAAIC,mBAAQ,CAACzB,MAAM,CAAC,CAAC;QAAA,EAAC;MAC/E;IACF,CAAC;EAEL,CAAC;EACD9B,YAAY,EAAZA,YAAY;EACZwD,MAAM,EAANA;AACF,CAAC,CAAC"}
package/dist/kms-batcher.js CHANGED
@@ -15,12 +15,11 @@ var _kmsErrors = require("./kms-errors");
15
15
  * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.
16
16
  */
17
17
 
18
- var TIMEOUT_SYMBOL = (0, _symbol.default)('TIMEOUT_SYMBOL');
18
+ var TIMEOUT_SYMBOL = exports.TIMEOUT_SYMBOL = (0, _symbol.default)('TIMEOUT_SYMBOL');
19
19
 
20
20
  /**
21
21
  * @class
22
22
  */
23
- exports.TIMEOUT_SYMBOL = TIMEOUT_SYMBOL;
24
23
  var KmsBatcher = _webexCore.Batcher.extend({
25
24
  namespace: 'Encryption',
26
25
  /**
@@ -131,6 +130,7 @@ var KmsBatcher = _webexCore.Batcher.extend({
131
130
  * @returns {Promise}
132
131
  */
133
132
  handleItemFailure: function handleItemFailure(item, reason) {
133
+ (0, _kmsErrors.handleKmsKeyRevokedEncryptionFailure)(item, this.webex);
134
134
  return this.getDeferredForResponse(item).then(function (defer) {
135
135
  defer.reject(reason || new _kmsErrors.KmsError(item.body));
136
136
  });
@@ -150,6 +150,5 @@ var KmsBatcher = _webexCore.Batcher.extend({
150
150
  return _promise.default.resolve(item.requestId);
151
151
  }
152
152
  });
153
- var _default = KmsBatcher;
154
- exports.default = _default;
153
+ var _default = exports.default = KmsBatcher;
155
154
  //# sourceMappingURL=kms-batcher.js.map
package/dist/kms-batcher.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["TIMEOUT_SYMBOL","KmsBatcher","Batcher","extend","namespace","processKmsMessageEvent","event","logger","info","all","encryption","kmsMessages","map","kmsMessage","resolve","process","env","NODE_ENV","body","acceptItem","prepareItem","item","getDeferredForRequest","then","defer","timeout","Error","timer","safeSetTimeout","warn","requestId","handleItemFailure","KmsTimeoutError","request","promise","clearTimeout","catch","prepareRequest","queue","webex","internal","kms","_getKMSCluster","cluster","destination","req","wrapped","submitHttpRequest","payload","length","method","service","resource","handleHttpSuccess","didItemFail","status","handleItemSuccess","getDeferredForResponse","reason","reject","KmsError","fingerprintRequest","fingerprintResponse"],"sources":["kms-batcher.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {safeSetTimeout} from '@webex/common-timers';\nimport {Batcher} from '@webex/webex-core';\n\nimport {KmsError, KmsTimeoutError} from './kms-errors';\n\nexport const TIMEOUT_SYMBOL = Symbol('TIMEOUT_SYMBOL');\n\n/**\n * @class\n */\nconst KmsBatcher = Batcher.extend({\n namespace: 'Encryption',\n\n /**\n * Accepts a kmsMessage event and passes its contents to acceptItem\n * @param {Object} event\n * @returns {Promise}\n */\n processKmsMessageEvent(event) {\n this.logger.info('kms-batcher: received kms message');\n\n return Promise.all(\n event.encryption.kmsMessages.map(\n (kmsMessage) =>\n new Promise((resolve) => {\n /* istanbul ignore else */\n if (process.env.NODE_ENV !== 'production') {\n this.logger.info('kms-batcher:', kmsMessage.body);\n }\n\n resolve(this.acceptItem(kmsMessage));\n })\n )\n );\n },\n\n /**\n * Attaches a timeout to the given KMS message\n * @param {Object} item\n * @returns {Promise<Object>}\n */\n prepareItem(item) {\n return this.getDeferredForRequest(item).then((defer) => {\n const timeout = item[TIMEOUT_SYMBOL];\n\n /* istanbul ignore if */\n if (!timeout) {\n throw new Error('timeout is required');\n }\n\n const timer = safeSetTimeout(() => {\n this.logger.warn(\n `kms: request timed out; request id: ${item.requestId}; timeout: ${timeout}`\n );\n this.handleItemFailure(\n item,\n new KmsTimeoutError({\n timeout,\n request: item,\n })\n );\n }, timeout);\n\n // Reminder: reassign `promise` is not a viable means of inserting into\n // the Promise chain\n defer.promise.then(() => clearTimeout(timer));\n defer.promise.catch(() => clearTimeout(timer));\n\n return item;\n });\n },\n\n /**\n * Attaches the final bits of cluster info to the payload\n * @param {Array} queue\n * @returns {Promise<Array>}\n */\n prepareRequest(queue) {\n return this.webex.internal.encryption.kms._getKMSCluster().then((cluster) => ({\n destination: cluster,\n kmsMessages: queue.map((req) => req.wrapped),\n }));\n },\n\n /**\n * @param {Object} payload\n * @returns {Promise<HttpResponseObject>}\n */\n submitHttpRequest(payload) {\n this.logger.info('kms: batched-request-length', payload.kmsMessages.length);\n\n return this.webex.request({\n method: 'POST',\n service: 'encryption',\n resource: '/kms/messages',\n body: payload,\n });\n },\n\n /**\n * Does nothing; the http response doesn't carry our response data\n * @returns {Promise}\n */\n handleHttpSuccess() {\n return Promise.resolve();\n },\n\n /**\n * @param {Object} item\n * @returns {Promise<boolean>}\n */\n didItemFail(item) {\n return Promise.resolve(item.status >= 400);\n },\n\n /**\n * @param {Object} item\n * @returns {Promise}\n */\n handleItemSuccess(item) {\n return this.getDeferredForResponse(item).then((defer) => {\n defer.resolve(item.body);\n });\n },\n\n /**\n * @param {Object} item\n * @param {KmsError} [reason]\n * @returns {Promise}\n */\n handleItemFailure(item, reason) {\n return this.getDeferredForResponse(item).then((defer) => {\n defer.reject(reason || new KmsError(item.body));\n });\n },\n\n /**\n * @param {Object} item\n * @returns {Promise}\n */\n fingerprintRequest(item) {\n return Promise.resolve(item.requestId);\n },\n\n /**\n * @param {Object} item\n * @returns {Promise}\n */\n fingerprintResponse(item) {\n return Promise.resolve(item.requestId);\n },\n});\n\nexport default KmsBatcher;\n"],"mappings":";;;;;;;;;;AAIA;AACA;AAEA;AAPA;AACA;AACA;;AAOO,IAAMA,cAAc,GAAG,qBAAO,gBAAgB,CAAC;;AAEtD;AACA;AACA;AAFA;AAGA,IAAMC,UAAU,GAAGC,kBAAO,CAACC,MAAM,CAAC;EAChCC,SAAS,EAAE,YAAY;EAEvB;AACF;AACA;AACA;AACA;EACEC,sBAAsB,kCAACC,KAAK,EAAE;IAAA;IAC5B,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,mCAAmC,CAAC;IAErD,OAAO,iBAAQC,GAAG,CAChBH,KAAK,CAACI,UAAU,CAACC,WAAW,CAACC,GAAG,CAC9B,UAACC,UAAU;MAAA,OACT,qBAAY,UAACC,OAAO,EAAK;QACvB;QACA,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,EAAE;UACzC,KAAI,CAACV,MAAM,CAACC,IAAI,CAAC,cAAc,EAAEK,UAAU,CAACK,IAAI,CAAC;QACnD;QAEAJ,OAAO,CAAC,KAAI,CAACK,UAAU,CAACN,UAAU,CAAC,CAAC;MACtC,CAAC,CAAC;IAAA,EACL,CACF;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;EACEO,WAAW,uBAACC,IAAI,EAAE;IAAA;IAChB,OAAO,IAAI,CAACC,qBAAqB,CAACD,IAAI,CAAC,CAACE,IAAI,CAAC,UAACC,KAAK,EAAK;MACtD,IAAMC,OAAO,GAAGJ,IAAI,CAACrB,cAAc,CAAC;;MAEpC;MACA,IAAI,CAACyB,OAAO,EAAE;QACZ,MAAM,IAAIC,KAAK,CAAC,qBAAqB,CAAC;MACxC;MAEA,IAAMC,KAAK,GAAG,IAAAC,4BAAc,EAAC,YAAM;QACjC,MAAI,CAACrB,MAAM,CAACsB,IAAI,+CACyBR,IAAI,CAACS,SAAS,wBAAcL,OAAO,EAC3E;QACD,MAAI,CAACM,iBAAiB,CACpBV,IAAI,EACJ,IAAIW,0BAAe,CAAC;UAClBP,OAAO,EAAPA,OAAO;UACPQ,OAAO,EAAEZ;QACX,CAAC,CAAC,CACH;MACH,CAAC,EAAEI,OAAO,CAAC;;MAEX;MACA;MACAD,KAAK,CAACU,OAAO,CAACX,IAAI,CAAC;QAAA,OAAMY,YAAY,CAACR,KAAK,CAAC;MAAA,EAAC;MAC7CH,KAAK,CAACU,OAAO,CAACE,KAAK,CAAC;QAAA,OAAMD,YAAY,CAACR,KAAK,CAAC;MAAA,EAAC;MAE9C,OAAON,IAAI;IACb,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;EACEgB,cAAc,0BAACC,KAAK,EAAE;IACpB,OAAO,IAAI,CAACC,KAAK,CAACC,QAAQ,CAAC9B,UAAU,CAAC+B,GAAG,CAACC,cAAc,EAAE,CAACnB,IAAI,CAAC,UAACoB,OAAO;MAAA,OAAM;QAC5EC,WAAW,EAAED,OAAO;QACpBhC,WAAW,EAAE2B,KAAK,CAAC1B,GAAG,CAAC,UAACiC,GAAG;UAAA,OAAKA,GAAG,CAACC,OAAO;QAAA;MAC7C,CAAC;IAAA,CAAC,CAAC;EACL,CAAC;EAED;AACF;AACA;AACA;EACEC,iBAAiB,6BAACC,OAAO,EAAE;IACzB,IAAI,CAACzC,MAAM,CAACC,IAAI,CAAC,6BAA6B,EAAEwC,OAAO,CAACrC,WAAW,CAACsC,MAAM,CAAC;IAE3E,OAAO,IAAI,CAACV,KAAK,CAACN,OAAO,CAAC;MACxBiB,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE,YAAY;MACrBC,QAAQ,EAAE,eAAe;MACzBlC,IAAI,EAAE8B;IACR,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;EACEK,iBAAiB,+BAAG;IAClB,OAAO,iBAAQvC,OAAO,EAAE;EAC1B,CAAC;EAED;AACF;AACA;AACA;EACEwC,WAAW,uBAACjC,IAAI,EAAE;IAChB,OAAO,iBAAQP,OAAO,CAACO,IAAI,CAACkC,MAAM,IAAI,GAAG,CAAC;EAC5C,CAAC;EAED;AACF;AACA;AACA;EACEC,iBAAiB,6BAACnC,IAAI,EAAE;IACtB,OAAO,IAAI,CAACoC,sBAAsB,CAACpC,IAAI,CAAC,CAACE,IAAI,CAAC,UAACC,KAAK,EAAK;MACvDA,KAAK,CAACV,OAAO,CAACO,IAAI,CAACH,IAAI,CAAC;IAC1B,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;EACEa,iBAAiB,6BAACV,IAAI,EAAEqC,MAAM,EAAE;IAC9B,OAAO,IAAI,CAACD,sBAAsB,CAACpC,IAAI,CAAC,CAACE,IAAI,CAAC,UAACC,KAAK,EAAK;MACvDA,KAAK,CAACmC,MAAM,CAACD,MAAM,IAAI,IAAIE,mBAAQ,CAACvC,IAAI,CAACH,IAAI,CAAC,CAAC;IACjD,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;EACE2C,kBAAkB,8BAACxC,IAAI,EAAE;IACvB,OAAO,iBAAQP,OAAO,CAACO,IAAI,CAACS,SAAS,CAAC;EACxC,CAAC;EAED;AACF;AACA;AACA;EACEgC,mBAAmB,+BAACzC,IAAI,EAAE;IACxB,OAAO,iBAAQP,OAAO,CAACO,IAAI,CAACS,SAAS,CAAC;EACxC;AACF,CAAC,CAAC;AAAC,eAEY7B,UAAU;AAAA"}
1
+ {"version":3,"names":["_commonTimers","require","_webexCore","_kmsErrors","TIMEOUT_SYMBOL","exports","_symbol","default","KmsBatcher","Batcher","extend","namespace","processKmsMessageEvent","event","_this","logger","info","_promise","all","encryption","kmsMessages","map","kmsMessage","resolve","process","env","NODE_ENV","body","acceptItem","prepareItem","item","_this2","getDeferredForRequest","then","defer","timeout","Error","timer","safeSetTimeout","warn","concat","requestId","handleItemFailure","KmsTimeoutError","request","promise","clearTimeout","catch","prepareRequest","queue","webex","internal","kms","_getKMSCluster","cluster","destination","req","wrapped","submitHttpRequest","payload","length","method","service","resource","handleHttpSuccess","didItemFail","status","handleItemSuccess","getDeferredForResponse","reason","handleKmsKeyRevokedEncryptionFailure","reject","KmsError","fingerprintRequest","fingerprintResponse","_default"],"sources":["kms-batcher.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {safeSetTimeout} from '@webex/common-timers';\nimport {Batcher} from '@webex/webex-core';\n\nimport {KmsError, KmsTimeoutError, handleKmsKeyRevokedEncryptionFailure} from './kms-errors';\n\nexport const TIMEOUT_SYMBOL = Symbol('TIMEOUT_SYMBOL');\n\n/**\n * @class\n */\nconst KmsBatcher = Batcher.extend({\n namespace: 'Encryption',\n\n /**\n * Accepts a kmsMessage event and passes its contents to acceptItem\n * @param {Object} event\n * @returns {Promise}\n */\n processKmsMessageEvent(event) {\n this.logger.info('kms-batcher: received kms message');\n\n return Promise.all(\n event.encryption.kmsMessages.map(\n (kmsMessage) =>\n new Promise((resolve) => {\n /* istanbul ignore else */\n if (process.env.NODE_ENV !== 'production') {\n this.logger.info('kms-batcher:', kmsMessage.body);\n }\n\n resolve(this.acceptItem(kmsMessage));\n })\n )\n );\n },\n\n /**\n * Attaches a timeout to the given KMS message\n * @param {Object} item\n * @returns {Promise<Object>}\n */\n prepareItem(item) {\n return this.getDeferredForRequest(item).then((defer) => {\n const timeout = item[TIMEOUT_SYMBOL];\n\n /* istanbul ignore if */\n if (!timeout) {\n throw new Error('timeout is required');\n }\n\n const timer = safeSetTimeout(() => {\n this.logger.warn(\n `kms: request timed out; request id: ${item.requestId}; timeout: ${timeout}`\n );\n this.handleItemFailure(\n item,\n new KmsTimeoutError({\n timeout,\n request: item,\n })\n );\n }, timeout);\n\n // Reminder: reassign `promise` is not a viable means of inserting into\n // the Promise chain\n defer.promise.then(() => clearTimeout(timer));\n defer.promise.catch(() => clearTimeout(timer));\n\n return item;\n });\n },\n\n /**\n * Attaches the final bits of cluster info to the payload\n * @param {Array} queue\n * @returns {Promise<Array>}\n */\n prepareRequest(queue) {\n return this.webex.internal.encryption.kms._getKMSCluster().then((cluster) => ({\n destination: cluster,\n kmsMessages: queue.map((req) => req.wrapped),\n }));\n },\n\n /**\n * @param {Object} payload\n * @returns {Promise<HttpResponseObject>}\n */\n submitHttpRequest(payload) {\n this.logger.info('kms: batched-request-length', payload.kmsMessages.length);\n\n return this.webex.request({\n method: 'POST',\n service: 'encryption',\n resource: '/kms/messages',\n body: payload,\n });\n },\n\n /**\n * Does nothing; the http response doesn't carry our response data\n * @returns {Promise}\n */\n handleHttpSuccess() {\n return Promise.resolve();\n },\n\n /**\n * @param {Object} item\n * @returns {Promise<boolean>}\n */\n didItemFail(item) {\n return Promise.resolve(item.status >= 400);\n },\n\n /**\n * @param {Object} item\n * @returns {Promise}\n */\n handleItemSuccess(item) {\n return this.getDeferredForResponse(item).then((defer) => {\n defer.resolve(item.body);\n });\n },\n\n /**\n * @param {Object} item\n * @param {KmsError} [reason]\n * @returns {Promise}\n */\n handleItemFailure(item, reason) {\n handleKmsKeyRevokedEncryptionFailure(item, this.webex);\n\n return this.getDeferredForResponse(item).then((defer) => {\n defer.reject(reason || new KmsError(item.body));\n });\n },\n\n /**\n * @param {Object} item\n * @returns {Promise}\n */\n fingerprintRequest(item) {\n return Promise.resolve(item.requestId);\n },\n\n /**\n * @param {Object} item\n * @returns {Promise}\n */\n fingerprintResponse(item) {\n return Promise.resolve(item.requestId);\n },\n});\n\nexport default KmsBatcher;\n"],"mappings":";;;;;;;;;;AAIA,IAAAA,aAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,UAAA,GAAAF,OAAA;AAPA;AACA;AACA;;AAOO,IAAMG,cAAc,GAAAC,OAAA,CAAAD,cAAA,GAAG,IAAAE,OAAA,CAAAC,OAAA,EAAO,gBAAgB,CAAC;;AAEtD;AACA;AACA;AACA,IAAMC,UAAU,GAAGC,kBAAO,CAACC,MAAM,CAAC;EAChCC,SAAS,EAAE,YAAY;EAEvB;AACF;AACA;AACA;AACA;EACEC,sBAAsB,WAAAA,uBAACC,KAAK,EAAE;IAAA,IAAAC,KAAA;IAC5B,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,mCAAmC,CAAC;IAErD,OAAOC,QAAA,CAAAV,OAAA,CAAQW,GAAG,CAChBL,KAAK,CAACM,UAAU,CAACC,WAAW,CAACC,GAAG,CAC9B,UAACC,UAAU;MAAA,OACT,IAAAL,QAAA,CAAAV,OAAA,CAAY,UAACgB,OAAO,EAAK;QACvB;QACA,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,EAAE;UACzCZ,KAAI,CAACC,MAAM,CAACC,IAAI,CAAC,cAAc,EAAEM,UAAU,CAACK,IAAI,CAAC;QACnD;QAEAJ,OAAO,CAACT,KAAI,CAACc,UAAU,CAACN,UAAU,CAAC,CAAC;MACtC,CAAC,CAAC;IAAA,CACN,CACF,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;EACEO,WAAW,WAAAA,YAACC,IAAI,EAAE;IAAA,IAAAC,MAAA;IAChB,OAAO,IAAI,CAACC,qBAAqB,CAACF,IAAI,CAAC,CAACG,IAAI,CAAC,UAACC,KAAK,EAAK;MACtD,IAAMC,OAAO,GAAGL,IAAI,CAAC1B,cAAc,CAAC;;MAEpC;MACA,IAAI,CAAC+B,OAAO,EAAE;QACZ,MAAM,IAAIC,KAAK,CAAC,qBAAqB,CAAC;MACxC;MAEA,IAAMC,KAAK,GAAG,IAAAC,4BAAc,EAAC,YAAM;QACjCP,MAAI,CAAChB,MAAM,CAACwB,IAAI,wCAAAC,MAAA,CACyBV,IAAI,CAACW,SAAS,iBAAAD,MAAA,CAAcL,OAAO,CAC5E,CAAC;QACDJ,MAAI,CAACW,iBAAiB,CACpBZ,IAAI,EACJ,IAAIa,0BAAe,CAAC;UAClBR,OAAO,EAAPA,OAAO;UACPS,OAAO,EAAEd;QACX,CAAC,CACH,CAAC;MACH,CAAC,EAAEK,OAAO,CAAC;;MAEX;MACA;MACAD,KAAK,CAACW,OAAO,CAACZ,IAAI,CAAC;QAAA,OAAMa,YAAY,CAACT,KAAK,CAAC;MAAA,EAAC;MAC7CH,KAAK,CAACW,OAAO,CAACE,KAAK,CAAC;QAAA,OAAMD,YAAY,CAACT,KAAK,CAAC;MAAA,EAAC;MAE9C,OAAOP,IAAI;IACb,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;EACEkB,cAAc,WAAAA,eAACC,KAAK,EAAE;IACpB,OAAO,IAAI,CAACC,KAAK,CAACC,QAAQ,CAAChC,UAAU,CAACiC,GAAG,CAACC,cAAc,CAAC,CAAC,CAACpB,IAAI,CAAC,UAACqB,OAAO;MAAA,OAAM;QAC5EC,WAAW,EAAED,OAAO;QACpBlC,WAAW,EAAE6B,KAAK,CAAC5B,GAAG,CAAC,UAACmC,GAAG;UAAA,OAAKA,GAAG,CAACC,OAAO;QAAA;MAC7C,CAAC;IAAA,CAAC,CAAC;EACL,CAAC;EAED;AACF;AACA;AACA;EACEC,iBAAiB,WAAAA,kBAACC,OAAO,EAAE;IACzB,IAAI,CAAC5C,MAAM,CAACC,IAAI,CAAC,6BAA6B,EAAE2C,OAAO,CAACvC,WAAW,CAACwC,MAAM,CAAC;IAE3E,OAAO,IAAI,CAACV,KAAK,CAACN,OAAO,CAAC;MACxBiB,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE,YAAY;MACrBC,QAAQ,EAAE,eAAe;MACzBpC,IAAI,EAAEgC;IACR,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;EACEK,iBAAiB,WAAAA,kBAAA,EAAG;IAClB,OAAO/C,QAAA,CAAAV,OAAA,CAAQgB,OAAO,CAAC,CAAC;EAC1B,CAAC;EAED;AACF;AACA;AACA;EACE0C,WAAW,WAAAA,YAACnC,IAAI,EAAE;IAChB,OAAOb,QAAA,CAAAV,OAAA,CAAQgB,OAAO,CAACO,IAAI,CAACoC,MAAM,IAAI,GAAG,CAAC;EAC5C,CAAC;EAED;AACF;AACA;AACA;EACEC,iBAAiB,WAAAA,kBAACrC,IAAI,EAAE;IACtB,OAAO,IAAI,CAACsC,sBAAsB,CAACtC,IAAI,CAAC,CAACG,IAAI,CAAC,UAACC,KAAK,EAAK;MACvDA,KAAK,CAACX,OAAO,CAACO,IAAI,CAACH,IAAI,CAAC;IAC1B,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;EACEe,iBAAiB,WAAAA,kBAACZ,IAAI,EAAEuC,MAAM,EAAE;IAC9B,IAAAC,+CAAoC,EAACxC,IAAI,EAAE,IAAI,CAACoB,KAAK,CAAC;IAEtD,OAAO,IAAI,CAACkB,sBAAsB,CAACtC,IAAI,CAAC,CAACG,IAAI,CAAC,UAACC,KAAK,EAAK;MACvDA,KAAK,CAACqC,MAAM,CAACF,MAAM,IAAI,IAAIG,mBAAQ,CAAC1C,IAAI,CAACH,IAAI,CAAC,CAAC;IACjD,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;EACE8C,kBAAkB,WAAAA,mBAAC3C,IAAI,EAAE;IACvB,OAAOb,QAAA,CAAAV,OAAA,CAAQgB,OAAO,CAACO,IAAI,CAACW,SAAS,CAAC;EACxC,CAAC;EAED;AACF;AACA;AACA;EACEiC,mBAAmB,WAAAA,oBAAC5C,IAAI,EAAE;IACxB,OAAOb,QAAA,CAAAV,OAAA,CAAQgB,OAAO,CAACO,IAAI,CAACW,SAAS,CAAC;EACxC;AACF,CAAC,CAAC;AAAC,IAAAkC,QAAA,GAAAtE,OAAA,CAAAE,OAAA,GAEYC,UAAU"}
package/dist/kms-certificate-validation.js CHANGED
@@ -10,7 +10,7 @@ var _interopRequireDefault = require("@babel/runtime-corejs2/helpers/interopRequ
10
10
  _Object$defineProperty(exports, "__esModule", {
11
11
  value: true
12
12
  });
13
- exports.default = exports.KMSError = void 0;
13
+ exports.validateCommonName = exports.default = exports.X509_SUBJECT_ALT_NAME_KEY = exports.KMSError = void 0;
14
14
  var _promise = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/promise"));
15
15
  var _slicedToArray2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/slicedToArray"));
16
16
  var _createClass2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/createClass"));
@@ -19,11 +19,11 @@ var _inherits2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/
19
19
  var _possibleConstructorReturn2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/possibleConstructorReturn"));
20
20
  var _getPrototypeOf2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/getPrototypeOf"));
21
21
  var _wrapNativeSuper2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/wrapNativeSuper"));
22
- var _isArray2 = _interopRequireDefault(require("lodash/isArray"));
23
22
  var _url = require("url");
24
23
  var _validUrl = require("valid-url");
25
24
  var _asn1js = require("asn1js");
26
25
  var _pkijs = require("pkijs");
26
+ var _lodash = require("lodash");
27
27
  var _nodeJose = _interopRequireDefault(require("node-jose"));
28
28
  var _isomorphicWebcrypto = _interopRequireDefault(require("isomorphic-webcrypto"));
29
29
  var _safeBuffer = require("safe-buffer");
@@ -40,13 +40,13 @@ function _isNativeReflectConstruct() { if (typeof Reflect === "undefined" || !_R
40
40
  var VALID_KTY = 'RSA';
41
41
  var VALID_KID_PROTOCOL = 'kms:';
42
42
  var X509_COMMON_NAME_KEY = '2.5.4.3';
43
- var X509_SUBJECT_ALT_NAME_KEY = '2.5.29.17';
43
+ var X509_SUBJECT_ALT_NAME_KEY = exports.X509_SUBJECT_ALT_NAME_KEY = '2.5.29.17';
44
44
 
45
45
  /**
46
46
  * Customize Error so the SDK knows to quit retrying and notify
47
47
  * the user
48
48
  */
49
- var KMSError = /*#__PURE__*/function (_Error) {
49
+ var KMSError = exports.KMSError = /*#__PURE__*/function (_Error) {
50
50
  (0, _inherits2.default)(KMSError, _Error);
51
51
  var _super = _createSuper(KMSError);
52
52
  /**
@@ -62,7 +62,6 @@ var KMSError = /*#__PURE__*/function (_Error) {
62
62
  }
63
63
  return (0, _createClass2.default)(KMSError);
64
64
  }( /*#__PURE__*/(0, _wrapNativeSuper2.default)(Error));
65
- exports.KMSError = KMSError;
66
65
  var throwError = function throwError(err) {
67
66
  throw new KMSError("INVALID KMS: ".concat(err));
68
67
  };
@@ -117,7 +116,7 @@ var validateKidHeader = function validateKidHeader(_ref2) {
117
116
  * @throws {KMSError} if unable to validate certificate against KMS credentials
118
117
  * @returns {void}
119
118
  */
120
- var validateCommonName = function validateCommonName(_ref3, _ref4) {
119
+ var validateCommonName = exports.validateCommonName = function validateCommonName(_ref3, _ref4) {
121
120
  var _ref5 = (0, _slicedToArray2.default)(_ref3, 1),
122
121
  certificate = _ref5[0];
123
122
  var kid = _ref4.kid;
@@ -137,7 +136,7 @@ var validateCommonName = function validateCommonName(_ref3, _ref4) {
137
136
  try {
138
137
  for (_iterator2.s(); !(_step2 = _iterator2.n()).done;) {
139
138
  var entry = _step2.value;
140
- var san = entry.value;
139
+ var san = entry.value.toLowerCase();
141
140
  validationSuccessful = san === kidHostname;
142
141
  if (validationSuccessful) {
143
142
  break;
@@ -257,7 +256,7 @@ var validateKMS = function validateKMS(caroots) {
257
256
  return _promise.default.resolve().then(function () {
258
257
  validateKtyHeader(jwt);
259
258
  validateKidHeader(jwt);
260
- if (!((0, _isArray2.default)(jwt.x5c) && jwt.x5c.length > 0)) {
259
+ if (!((0, _lodash.isArray)(jwt.x5c) && jwt.x5c.length > 0)) {
261
260
  throwError('JWK does not contain a list of certificates');
262
261
  }
263
262
  var certificates = jwt.x5c.map(decodeCert);
@@ -272,6 +271,5 @@ var validateKMS = function validateKMS(caroots) {
272
271
  });
273
272
  };
274
273
  };
275
- var _default = validateKMS;
276
- exports.default = _default;
274
+ var _default = exports.default = validateKMS;
277
275
  //# sourceMappingURL=kms-certificate-validation.js.map
package/dist/kms-certificate-validation.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["setEngine","crypto","CryptoEngine","name","subtle","VALID_KTY","VALID_KID_PROTOCOL","X509_COMMON_NAME_KEY","X509_SUBJECT_ALT_NAME_KEY","KMSError","message","kmsError","Error","throwError","err","decodeCert","pem","der","Buffer","from","ber","Uint8Array","buffer","asn1","fromBER","Certificate","schema","result","validateKtyHeader","kty","validateKidHeader","kid","isUri","parseUrl","protocol","validateCommonName","certificate","kidHostname","hostname","validationSuccessful","extensions","extension","extnID","altNames","parsedValue","entry","san","value","subjectAttributes","subject","typesAndValues","attribute","type","commonName","valueBlock","validatePublicCertificate","publicExponent","e","modulus","n","encode","jose","util","base64url","publicKey","subjectPublicKeyInfo","subjectPublicKey","asn1PublicCert","valueHex","publicCert","RSAPublicKey","publicExponentHex","modulusHex","validateCertificatesSignature","certificates","caroots","certificateEngine","CertificateChainValidationEngine","trustedCerts","map","certs","verify","then","resultCode","resultMessage","validateKMS","jwt","resolve","x5c","length","promise"],"sources":["kms-certificate-validation.js"],"sourcesContent":["import {parse as parseUrl} from 'url';\n\nimport {isUri} from 'valid-url';\nimport {fromBER} from 'asn1js';\nimport {\n Certificate,\n RSAPublicKey,\n CertificateChainValidationEngine,\n CryptoEngine,\n setEngine,\n} from 'pkijs';\nimport {isArray} from 'lodash';\nimport jose from 'node-jose';\nimport crypto from 'isomorphic-webcrypto';\nimport {Buffer} from 'safe-buffer';\n\nsetEngine(\n 'newEngine',\n crypto,\n new CryptoEngine({\n name: '',\n crypto,\n subtle: crypto.subtle,\n })\n);\n\nconst VALID_KTY = 'RSA';\nconst VALID_KID_PROTOCOL = 'kms:';\n\nconst X509_COMMON_NAME_KEY = '2.5.4.3';\n\nconst X509_SUBJECT_ALT_NAME_KEY = '2.5.29.17';\n\n/**\n * Customize Error so the SDK knows to quit retrying and notify\n * the user\n */\nexport class KMSError extends Error {\n /**\n * add kmsError field to notify\n * @param {string} message\n */\n constructor(message) {\n super(message);\n this.kmsError = true;\n }\n}\n\nconst throwError = (err) => {\n throw new KMSError(`INVALID KMS: ${err}`);\n};\n\n/**\n * Converts the PEM string to a pkijs certificate object\n * @param {string} pem PEM representation of a certificate\n * @returns {Certificate} pkijs object of the certificate\n */\nconst decodeCert = (pem) => {\n if (typeof pem !== 'string') {\n throwError('certificate needs to be a string');\n }\n\n const der = Buffer.from(pem, 'base64');\n const ber = new Uint8Array(der).buffer;\n\n const asn1 = fromBER(ber);\n\n return new Certificate({schema: asn1.result});\n};\n\n/**\n * Validate the 'kty' property of the KMS credentials\n * @param {Object} JWT KMS credentials\n * @param {string} JWT.kty type of certificate\n * @throws {KMSError} if kty is not a valid type\n * @returns {void}\n */\nconst validateKtyHeader = ({kty}) => {\n if (kty !== VALID_KTY) {\n throwError(`'kty' header must be '${VALID_KTY}'`);\n }\n};\n\nconst validateKidHeader = ({kid}) => {\n if (!isUri(kid)) {\n throwError(\"'kid' is not a valid URI\");\n }\n\n if (parseUrl(kid).protocol !== VALID_KID_PROTOCOL) {\n throwError(`'kid' protocol must be '${VALID_KID_PROTOCOL}'`);\n }\n};\n\n/**\n * Checks the first certificate matches the 'kid' in the JWT.\n * It first checks the Subject Alternative Name then it checks\n * the Common Name\n * @param {Certificate} certificate represents the KMS\n * @param {Object} JWT KMS credentials\n * @param {string} JWT.kid the uri of the KMS\n * @throws {KMSError} if unable to validate certificate against KMS credentials\n * @returns {void}\n */\nconst validateCommonName = ([certificate], {kid}) => {\n const kidHostname = parseUrl(kid).hostname;\n let validationSuccessful = false;\n\n if (certificate.extensions) {\n // Subject Alt Names are in here\n for (const extension of certificate.extensions) {\n if (extension.extnID === X509_SUBJECT_ALT_NAME_KEY) {\n const {altNames} = extension.parsedValue;\n\n for (const entry of altNames) {\n const san = entry.value;\n\n validationSuccessful = san === kidHostname;\n if (validationSuccessful) {\n break;\n }\n }\n\n if (validationSuccessful) {\n break;\n }\n }\n }\n }\n\n if (!validationSuccessful) {\n // Didn't match kid in the Subject Alt Names, checking the Common Name\n const subjectAttributes = certificate.subject.typesAndValues;\n\n for (const attribute of subjectAttributes) {\n if (attribute.type === X509_COMMON_NAME_KEY) {\n const commonName = attribute.value.valueBlock.value;\n\n validationSuccessful = commonName === kidHostname;\n if (validationSuccessful) {\n break;\n }\n }\n }\n }\n\n if (!validationSuccessful) {\n throwError(\"hostname of the 1st certificate does not match 'kid'\");\n }\n};\n\n/**\n * Validate the first KMS certificate against the information\n * provided in the JWT\n * @param {Certificate} certificate first certificate the identifies the KMS\n * @param {Object} JWT credentials of the KMS\n * @param {string} JWT.e Public exponent of the first certificate\n * @param {string} KWT.n Modulus of the first certificate\n * @throws {KMSError} if e or n doesn't match the first certificate\n * @returns {void}\n */\nconst validatePublicCertificate = ([certificate], {e: publicExponent, n: modulus}) => {\n const {encode} = jose.util.base64url;\n\n const publicKey = certificate.subjectPublicKeyInfo.subjectPublicKey;\n const asn1PublicCert = fromBER(publicKey.valueBlock.valueHex);\n const publicCert = new RSAPublicKey({schema: asn1PublicCert.result});\n const publicExponentHex = publicCert.publicExponent.valueBlock.valueHex;\n const modulusHex = publicCert.modulus.valueBlock.valueHex;\n\n if (publicExponent !== encode(publicExponentHex)) {\n throwError('Public exponent is invalid');\n }\n if (modulus !== encode(modulusHex)) {\n throwError('Modulus is invalid');\n }\n};\n\n/**\n * Validates the list of certificates against the CAs provided\n * @param {certificate[]} certificates list of certificates provided\n * by the KMS to certify itself\n * @param {string[]} [caroots=[]] list of Certificate Authorities used to\n * validate the KMS's certificates\n * @returns {Promise} rejects if unable to validate the certificates\n */\nconst validateCertificatesSignature = (certificates, caroots = []) => {\n const certificateEngine = new CertificateChainValidationEngine({\n trustedCerts: caroots.map(decodeCert),\n certs: certificates,\n });\n\n return certificateEngine.verify().then(({result, resultCode, resultMessage}) => {\n if (!result) {\n throwError(`Certificate Validation failed [${resultCode}]: ${resultMessage}`);\n }\n });\n};\n\n/**\n * Validates the information provided by the KMS. This is a curried function.\n * The first function takes the caroots param and returns a second function.\n * The second function takes the credentials of the KMS and validates it\n * @param {string[]} caroots PEM encoded certificates that will be used\n * as Certificate Authorities\n * @param {Object} jwt Object containing the fields necessary to\n * validate the KMS\n * @returns {Promise} when resolved will return the jwt\n */\nconst validateKMS =\n (caroots) =>\n (jwt = {}) =>\n Promise.resolve().then(() => {\n validateKtyHeader(jwt);\n validateKidHeader(jwt);\n\n if (!(isArray(jwt.x5c) && jwt.x5c.length > 0)) {\n throwError('JWK does not contain a list of certificates');\n }\n const certificates = jwt.x5c.map(decodeCert);\n\n validateCommonName(certificates, jwt);\n validatePublicCertificate(certificates, jwt);\n\n // Skip validating signatures if no CA roots were provided\n const promise = caroots\n ? validateCertificatesSignature(certificates, caroots)\n : Promise.resolve();\n\n return promise.then(() => jwt);\n });\n\nexport default validateKMS;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA;AAEA;AACA;AACA;AAQA;AACA;AACA;AAAmC;AAAA;AAAA;AAAA;AAAA;AAEnC,IAAAA,gBAAS,EACP,WAAW,EACXC,4BAAM,EACN,IAAIC,mBAAY,CAAC;EACfC,IAAI,EAAE,EAAE;EACRF,MAAM,EAANA,4BAAM;EACNG,MAAM,EAAEH,4BAAM,CAACG;AACjB,CAAC,CAAC,CACH;AAED,IAAMC,SAAS,GAAG,KAAK;AACvB,IAAMC,kBAAkB,GAAG,MAAM;AAEjC,IAAMC,oBAAoB,GAAG,SAAS;AAEtC,IAAMC,yBAAyB,GAAG,WAAW;;AAE7C;AACA;AACA;AACA;AAHA,IAIaC,QAAQ;EAAA;EAAA;EACnB;AACF;AACA;AACA;EACE,kBAAYC,OAAO,EAAE;IAAA;IAAA;IACnB,0BAAMA,OAAO;IACb,MAAKC,QAAQ,GAAG,IAAI;IAAC;EACvB;EAAC;AAAA,+CAR2BC,KAAK;AAAA;AAWnC,IAAMC,UAAU,GAAG,SAAbA,UAAU,CAAIC,GAAG,EAAK;EAC1B,MAAM,IAAIL,QAAQ,wBAAiBK,GAAG,EAAG;AAC3C,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA,IAAMC,UAAU,GAAG,SAAbA,UAAU,CAAIC,GAAG,EAAK;EAC1B,IAAI,OAAOA,GAAG,KAAK,QAAQ,EAAE;IAC3BH,UAAU,CAAC,kCAAkC,CAAC;EAChD;EAEA,IAAMI,GAAG,GAAGC,kBAAM,CAACC,IAAI,CAACH,GAAG,EAAE,QAAQ,CAAC;EACtC,IAAMI,GAAG,GAAG,IAAIC,UAAU,CAACJ,GAAG,CAAC,CAACK,MAAM;EAEtC,IAAMC,IAAI,GAAG,IAAAC,eAAO,EAACJ,GAAG,CAAC;EAEzB,OAAO,IAAIK,kBAAW,CAAC;IAACC,MAAM,EAAEH,IAAI,CAACI;EAAM,CAAC,CAAC;AAC/C,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMC,iBAAiB,GAAG,SAApBA,iBAAiB,OAAc;EAAA,IAATC,GAAG,QAAHA,GAAG;EAC7B,IAAIA,GAAG,KAAKxB,SAAS,EAAE;IACrBQ,UAAU,iCAA0BR,SAAS,OAAI;EACnD;AACF,CAAC;AAED,IAAMyB,iBAAiB,GAAG,SAApBA,iBAAiB,QAAc;EAAA,IAATC,GAAG,SAAHA,GAAG;EAC7B,IAAI,CAAC,IAAAC,eAAK,EAACD,GAAG,CAAC,EAAE;IACflB,UAAU,CAAC,0BAA0B,CAAC;EACxC;EAEA,IAAI,IAAAoB,UAAQ,EAACF,GAAG,CAAC,CAACG,QAAQ,KAAK5B,kBAAkB,EAAE;IACjDO,UAAU,mCAA4BP,kBAAkB,OAAI;EAC9D;AACF,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAM6B,kBAAkB,GAAG,SAArBA,kBAAkB,eAA6B;EAAA;IAAxBC,WAAW;EAAA,IAAIL,GAAG,SAAHA,GAAG;EAC7C,IAAMM,WAAW,GAAG,IAAAJ,UAAQ,EAACF,GAAG,CAAC,CAACO,QAAQ;EAC1C,IAAIC,oBAAoB,GAAG,KAAK;EAEhC,IAAIH,WAAW,CAACI,UAAU,EAAE;IAC1B;IAAA,2CACwBJ,WAAW,CAACI,UAAU;MAAA;IAAA;MAA9C,oDAAgD;QAAA,IAArCC,SAAS;QAClB,IAAIA,SAAS,CAACC,MAAM,KAAKlC,yBAAyB,EAAE;UAClD,IAAOmC,QAAQ,GAAIF,SAAS,CAACG,WAAW,CAAjCD,QAAQ;UAA0B,4CAErBA,QAAQ;YAAA;UAAA;YAA5B,uDAA8B;cAAA,IAAnBE,KAAK;cACd,IAAMC,GAAG,GAAGD,KAAK,CAACE,KAAK;cAEvBR,oBAAoB,GAAGO,GAAG,KAAKT,WAAW;cAC1C,IAAIE,oBAAoB,EAAE;gBACxB;cACF;YACF;UAAC;YAAA;UAAA;YAAA;UAAA;UAED,IAAIA,oBAAoB,EAAE;YACxB;UACF;QACF;MACF;IAAC;MAAA;IAAA;MAAA;IAAA;EACH;EAEA,IAAI,CAACA,oBAAoB,EAAE;IACzB;IACA,IAAMS,iBAAiB,GAAGZ,WAAW,CAACa,OAAO,CAACC,cAAc;IAAC,4CAErCF,iBAAiB;MAAA;IAAA;MAAzC,uDAA2C;QAAA,IAAhCG,SAAS;QAClB,IAAIA,SAAS,CAACC,IAAI,KAAK7C,oBAAoB,EAAE;UAC3C,IAAM8C,UAAU,GAAGF,SAAS,CAACJ,KAAK,CAACO,UAAU,CAACP,KAAK;UAEnDR,oBAAoB,GAAGc,UAAU,KAAKhB,WAAW;UACjD,IAAIE,oBAAoB,EAAE;YACxB;UACF;QACF;MACF;IAAC;MAAA;IAAA;MAAA;IAAA;EACH;EAEA,IAAI,CAACA,oBAAoB,EAAE;IACzB1B,UAAU,CAAC,sDAAsD,CAAC;EACpE;AACF,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAM0C,yBAAyB,GAAG,SAA5BA,yBAAyB,eAAuD;EAAA;IAAlDnB,WAAW;EAAA,IAAOoB,cAAc,SAAjBC,CAAC;IAAqBC,OAAO,SAAVC,CAAC;EACrE,IAAOC,MAAM,GAAIC,iBAAI,CAACC,IAAI,CAACC,SAAS,CAA7BH,MAAM;EAEb,IAAMI,SAAS,GAAG5B,WAAW,CAAC6B,oBAAoB,CAACC,gBAAgB;EACnE,IAAMC,cAAc,GAAG,IAAA3C,eAAO,EAACwC,SAAS,CAACV,UAAU,CAACc,QAAQ,CAAC;EAC7D,IAAMC,UAAU,GAAG,IAAIC,mBAAY,CAAC;IAAC5C,MAAM,EAAEyC,cAAc,CAACxC;EAAM,CAAC,CAAC;EACpE,IAAM4C,iBAAiB,GAAGF,UAAU,CAACb,cAAc,CAACF,UAAU,CAACc,QAAQ;EACvE,IAAMI,UAAU,GAAGH,UAAU,CAACX,OAAO,CAACJ,UAAU,CAACc,QAAQ;EAEzD,IAAIZ,cAAc,KAAKI,MAAM,CAACW,iBAAiB,CAAC,EAAE;IAChD1D,UAAU,CAAC,4BAA4B,CAAC;EAC1C;EACA,IAAI6C,OAAO,KAAKE,MAAM,CAACY,UAAU,CAAC,EAAE;IAClC3D,UAAU,CAAC,oBAAoB,CAAC;EAClC;AACF,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAM4D,6BAA6B,GAAG,SAAhCA,6BAA6B,CAAIC,YAAY,EAAmB;EAAA,IAAjBC,OAAO,uEAAG,EAAE;EAC/D,IAAMC,iBAAiB,GAAG,IAAIC,uCAAgC,CAAC;IAC7DC,YAAY,EAAEH,OAAO,CAACI,GAAG,CAAChE,UAAU,CAAC;IACrCiE,KAAK,EAAEN;EACT,CAAC,CAAC;EAEF,OAAOE,iBAAiB,CAACK,MAAM,EAAE,CAACC,IAAI,CAAC,iBAAyC;IAAA,IAAvCvD,MAAM,SAANA,MAAM;MAAEwD,UAAU,SAAVA,UAAU;MAAEC,aAAa,SAAbA,aAAa;IACxE,IAAI,CAACzD,MAAM,EAAE;MACXd,UAAU,0CAAmCsE,UAAU,gBAAMC,aAAa,EAAG;IAC/E;EACF,CAAC,CAAC;AACJ,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMC,WAAW,GACf,SADIA,WAAW,CACdV,OAAO;EAAA,OACR;IAAA,IAACW,GAAG,uEAAG,CAAC,CAAC;IAAA,OACP,iBAAQC,OAAO,EAAE,CAACL,IAAI,CAAC,YAAM;MAC3BtD,iBAAiB,CAAC0D,GAAG,CAAC;MACtBxD,iBAAiB,CAACwD,GAAG,CAAC;MAEtB,IAAI,EAAE,uBAAQA,GAAG,CAACE,GAAG,CAAC,IAAIF,GAAG,CAACE,GAAG,CAACC,MAAM,GAAG,CAAC,CAAC,EAAE;QAC7C5E,UAAU,CAAC,6CAA6C,CAAC;MAC3D;MACA,IAAM6D,YAAY,GAAGY,GAAG,CAACE,GAAG,CAACT,GAAG,CAAChE,UAAU,CAAC;MAE5CoB,kBAAkB,CAACuC,YAAY,EAAEY,GAAG,CAAC;MACrC/B,yBAAyB,CAACmB,YAAY,EAAEY,GAAG,CAAC;;MAE5C;MACA,IAAMI,OAAO,GAAGf,OAAO,GACnBF,6BAA6B,CAACC,YAAY,EAAEC,OAAO,CAAC,GACpD,iBAAQY,OAAO,EAAE;MAErB,OAAOG,OAAO,CAACR,IAAI,CAAC;QAAA,OAAMI,GAAG;MAAA,EAAC;IAChC,CAAC,CAAC;EAAA;AAAA;AAAC,eAEQD,WAAW;AAAA"}
1
+ {"version":3,"names":["_url","require","_validUrl","_asn1js","_pkijs","_lodash","_nodeJose","_interopRequireDefault","_isomorphicWebcrypto","_safeBuffer","_createForOfIteratorHelper","o","allowArrayLike","it","_Symbol","_Symbol$iterator","_Array$isArray","_unsupportedIterableToArray","length","i","F","s","n","done","value","e","_e","f","TypeError","normalCompletion","didErr","err","call","step","next","_e2","return","minLen","_arrayLikeToArray","Object","prototype","toString","slice","constructor","name","_Array$from","test","arr","len","arr2","Array","_createSuper","Derived","hasNativeReflectConstruct","_isNativeReflectConstruct","_createSuperInternal","Super","_getPrototypeOf2","default","result","NewTarget","_Reflect$construct","arguments","apply","_possibleConstructorReturn2","Reflect","sham","Proxy","Boolean","valueOf","setEngine","crypto","CryptoEngine","subtle","VALID_KTY","VALID_KID_PROTOCOL","X509_COMMON_NAME_KEY","X509_SUBJECT_ALT_NAME_KEY","exports","KMSError","_Error","_inherits2","_super","message","_this","_classCallCheck2","kmsError","_createClass2","_wrapNativeSuper2","Error","throwError","concat","decodeCert","pem","der","Buffer","from","ber","Uint8Array","buffer","asn1","fromBER","Certificate","schema","validateKtyHeader","_ref","kty","validateKidHeader","_ref2","kid","isUri","parseUrl","protocol","validateCommonName","_ref3","_ref4","_ref5","_slicedToArray2","certificate","kidHostname","hostname","validationSuccessful","extensions","_iterator","_step","extension","extnID","altNames","parsedValue","_iterator2","_step2","entry","san","toLowerCase","subjectAttributes","subject","typesAndValues","_iterator3","_step3","attribute","type","commonName","valueBlock","validatePublicCertificate","_ref6","_ref7","_ref8","publicExponent","modulus","encode","jose","util","base64url","publicKey","subjectPublicKeyInfo","subjectPublicKey","asn1PublicCert","valueHex","publicCert","RSAPublicKey","publicExponentHex","modulusHex","validateCertificatesSignature","certificates","caroots","undefined","certificateEngine","CertificateChainValidationEngine","trustedCerts","map","certs","verify","then","_ref9","resultCode","resultMessage","validateKMS","jwt","_promise","resolve","isArray","x5c","promise","_default"],"sources":["kms-certificate-validation.js"],"sourcesContent":["import {parse as parseUrl} from 'url';\n\nimport {isUri} from 'valid-url';\nimport {fromBER} from 'asn1js';\nimport {\n Certificate,\n RSAPublicKey,\n CertificateChainValidationEngine,\n CryptoEngine,\n setEngine,\n} from 'pkijs';\nimport {isArray} from 'lodash';\nimport jose from 'node-jose';\nimport crypto from 'isomorphic-webcrypto';\nimport {Buffer} from 'safe-buffer';\n\nsetEngine(\n 'newEngine',\n crypto,\n new CryptoEngine({\n name: '',\n crypto,\n subtle: crypto.subtle,\n })\n);\n\nconst VALID_KTY = 'RSA';\nconst VALID_KID_PROTOCOL = 'kms:';\n\nconst X509_COMMON_NAME_KEY = '2.5.4.3';\n\nexport const X509_SUBJECT_ALT_NAME_KEY = '2.5.29.17';\n\n/**\n * Customize Error so the SDK knows to quit retrying and notify\n * the user\n */\nexport class KMSError extends Error {\n /**\n * add kmsError field to notify\n * @param {string} message\n */\n constructor(message) {\n super(message);\n this.kmsError = true;\n }\n}\n\nconst throwError = (err) => {\n throw new KMSError(`INVALID KMS: ${err}`);\n};\n\n/**\n * Converts the PEM string to a pkijs certificate object\n * @param {string} pem PEM representation of a certificate\n * @returns {Certificate} pkijs object of the certificate\n */\nconst decodeCert = (pem) => {\n if (typeof pem !== 'string') {\n throwError('certificate needs to be a string');\n }\n\n const der = Buffer.from(pem, 'base64');\n const ber = new Uint8Array(der).buffer;\n\n const asn1 = fromBER(ber);\n\n return new Certificate({schema: asn1.result});\n};\n\n/**\n * Validate the 'kty' property of the KMS credentials\n * @param {Object} JWT KMS credentials\n * @param {string} JWT.kty type of certificate\n * @throws {KMSError} if kty is not a valid type\n * @returns {void}\n */\nconst validateKtyHeader = ({kty}) => {\n if (kty !== VALID_KTY) {\n throwError(`'kty' header must be '${VALID_KTY}'`);\n }\n};\n\nconst validateKidHeader = ({kid}) => {\n if (!isUri(kid)) {\n throwError(\"'kid' is not a valid URI\");\n }\n\n if (parseUrl(kid).protocol !== VALID_KID_PROTOCOL) {\n throwError(`'kid' protocol must be '${VALID_KID_PROTOCOL}'`);\n }\n};\n\n/**\n * Checks the first certificate matches the 'kid' in the JWT.\n * It first checks the Subject Alternative Name then it checks\n * the Common Name\n * @param {Certificate} certificate represents the KMS\n * @param {Object} JWT KMS credentials\n * @param {string} JWT.kid the uri of the KMS\n * @throws {KMSError} if unable to validate certificate against KMS credentials\n * @returns {void}\n */\nexport const validateCommonName = ([certificate], {kid}) => {\n const kidHostname = parseUrl(kid).hostname;\n let validationSuccessful = false;\n\n if (certificate.extensions) {\n // Subject Alt Names are in here\n for (const extension of certificate.extensions) {\n if (extension.extnID === X509_SUBJECT_ALT_NAME_KEY) {\n const {altNames} = extension.parsedValue;\n\n for (const entry of altNames) {\n const san = entry.value.toLowerCase();\n\n validationSuccessful = san === kidHostname;\n if (validationSuccessful) {\n break;\n }\n }\n\n if (validationSuccessful) {\n break;\n }\n }\n }\n }\n\n if (!validationSuccessful) {\n // Didn't match kid in the Subject Alt Names, checking the Common Name\n const subjectAttributes = certificate.subject.typesAndValues;\n\n for (const attribute of subjectAttributes) {\n if (attribute.type === X509_COMMON_NAME_KEY) {\n const commonName = attribute.value.valueBlock.value;\n\n validationSuccessful = commonName === kidHostname;\n if (validationSuccessful) {\n break;\n }\n }\n }\n }\n\n if (!validationSuccessful) {\n throwError(\"hostname of the 1st certificate does not match 'kid'\");\n }\n};\n\n/**\n * Validate the first KMS certificate against the information\n * provided in the JWT\n * @param {Certificate} certificate first certificate the identifies the KMS\n * @param {Object} JWT credentials of the KMS\n * @param {string} JWT.e Public exponent of the first certificate\n * @param {string} KWT.n Modulus of the first certificate\n * @throws {KMSError} if e or n doesn't match the first certificate\n * @returns {void}\n */\nconst validatePublicCertificate = ([certificate], {e: publicExponent, n: modulus}) => {\n const {encode} = jose.util.base64url;\n\n const publicKey = certificate.subjectPublicKeyInfo.subjectPublicKey;\n const asn1PublicCert = fromBER(publicKey.valueBlock.valueHex);\n const publicCert = new RSAPublicKey({schema: asn1PublicCert.result});\n const publicExponentHex = publicCert.publicExponent.valueBlock.valueHex;\n const modulusHex = publicCert.modulus.valueBlock.valueHex;\n\n if (publicExponent !== encode(publicExponentHex)) {\n throwError('Public exponent is invalid');\n }\n if (modulus !== encode(modulusHex)) {\n throwError('Modulus is invalid');\n }\n};\n\n/**\n * Validates the list of certificates against the CAs provided\n * @param {certificate[]} certificates list of certificates provided\n * by the KMS to certify itself\n * @param {string[]} [caroots=[]] list of Certificate Authorities used to\n * validate the KMS's certificates\n * @returns {Promise} rejects if unable to validate the certificates\n */\nconst validateCertificatesSignature = (certificates, caroots = []) => {\n const certificateEngine = new CertificateChainValidationEngine({\n trustedCerts: caroots.map(decodeCert),\n certs: certificates,\n });\n\n return certificateEngine.verify().then(({result, resultCode, resultMessage}) => {\n if (!result) {\n throwError(`Certificate Validation failed [${resultCode}]: ${resultMessage}`);\n }\n });\n};\n\n/**\n * Validates the information provided by the KMS. This is a curried function.\n * The first function takes the caroots param and returns a second function.\n * The second function takes the credentials of the KMS and validates it\n * @param {string[]} caroots PEM encoded certificates that will be used\n * as Certificate Authorities\n * @param {Object} jwt Object containing the fields necessary to\n * validate the KMS\n * @returns {Promise} when resolved will return the jwt\n */\nconst validateKMS =\n (caroots) =>\n (jwt = {}) =>\n Promise.resolve().then(() => {\n validateKtyHeader(jwt);\n validateKidHeader(jwt);\n\n if (!(isArray(jwt.x5c) && jwt.x5c.length > 0)) {\n throwError('JWK does not contain a list of certificates');\n }\n const certificates = jwt.x5c.map(decodeCert);\n\n validateCommonName(certificates, jwt);\n validatePublicCertificate(certificates, jwt);\n\n // Skip validating signatures if no CA roots were provided\n const promise = caroots\n ? validateCertificatesSignature(certificates, caroots)\n : Promise.resolve();\n\n return promise.then(() => jwt);\n });\n\nexport default validateKMS;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AAEA,IAAAC,SAAA,GAAAD,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AAOA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,SAAA,GAAAC,sBAAA,CAAAN,OAAA;AACA,IAAAO,oBAAA,GAAAD,sBAAA,CAAAN,OAAA;AACA,IAAAQ,WAAA,GAAAR,OAAA;AAAmC,SAAAS,2BAAAC,CAAA,EAAAC,cAAA,QAAAC,EAAA,UAAAC,OAAA,oBAAAH,CAAA,CAAAI,gBAAA,KAAAJ,CAAA,qBAAAE,EAAA,QAAAG,cAAA,CAAAL,CAAA,MAAAE,EAAA,GAAAI,2BAAA,CAAAN,CAAA,MAAAC,cAAA,IAAAD,CAAA,WAAAA,CAAA,CAAAO,MAAA,qBAAAL,EAAA,EAAAF,CAAA,GAAAE,EAAA,MAAAM,CAAA,UAAAC,CAAA,YAAAA,EAAA,eAAAC,CAAA,EAAAD,CAAA,EAAAE,CAAA,WAAAA,EAAA,QAAAH,CAAA,IAAAR,CAAA,CAAAO,MAAA,WAAAK,IAAA,mBAAAA,IAAA,SAAAC,KAAA,EAAAb,CAAA,CAAAQ,CAAA,UAAAM,CAAA,WAAAA,EAAAC,EAAA,UAAAA,EAAA,KAAAC,CAAA,EAAAP,CAAA,gBAAAQ,SAAA,iJAAAC,gBAAA,SAAAC,MAAA,UAAAC,GAAA,WAAAV,CAAA,WAAAA,EAAA,IAAAR,EAAA,GAAAA,EAAA,CAAAmB,IAAA,CAAArB,CAAA,MAAAW,CAAA,WAAAA,EAAA,QAAAW,IAAA,GAAApB,EAAA,CAAAqB,IAAA,IAAAL,gBAAA,GAAAI,IAAA,CAAAV,IAAA,SAAAU,IAAA,KAAAR,CAAA,WAAAA,EAAAU,GAAA,IAAAL,MAAA,SAAAC,GAAA,GAAAI,GAAA,KAAAR,CAAA,WAAAA,EAAA,eAAAE,gBAAA,IAAAhB,EAAA,CAAAuB,MAAA,UAAAvB,EAAA,CAAAuB,MAAA,oBAAAN,MAAA,QAAAC,GAAA;AAAA,SAAAd,4BAAAN,CAAA,EAAA0B,MAAA,SAAA1B,CAAA,qBAAAA,CAAA,sBAAA2B,iBAAA,CAAA3B,CAAA,EAAA0B,MAAA,OAAAf,CAAA,GAAAiB,MAAA,CAAAC,SAAA,CAAAC,QAAA,CAAAT,IAAA,CAAArB,CAAA,EAAA+B,KAAA,aAAApB,CAAA,iBAAAX,CAAA,CAAAgC,WAAA,EAAArB,CAAA,GAAAX,CAAA,CAAAgC,WAAA,CAAAC,IAAA,MAAAtB,CAAA,cAAAA,CAAA,mBAAAuB,WAAA,CAAAlC,CAAA,OAAAW,CAAA,+DAAAwB,IAAA,CAAAxB,CAAA,UAAAgB,iBAAA,CAAA3B,CAAA,EAAA0B,MAAA;AAAA,SAAAC,kBAAAS,GAAA,EAAAC,GAAA,QAAAA,GAAA,YAAAA,GAAA,GAAAD,GAAA,CAAA7B,MAAA,EAAA8B,GAAA,GAAAD,GAAA,CAAA7B,MAAA,WAAAC,CAAA,MAAA8B,IAAA,OAAAC,KAAA,CAAAF,GAAA,GAAA7B,CAAA,GAAA6B,GAAA,EAAA7B,CAAA,IAAA8B,IAAA,CAAA9B,CAAA,IAAA4B,GAAA,CAAA5B,CAAA,UAAA8B,IAAA;AAAA,SAAAE,aAAAC,OAAA,QAAAC,yBAAA,GAAAC,yBAAA,oBAAAC,qBAAA,QAAAC,KAAA,OAAAC,gBAAA,CAAAC,OAAA,EAAAN,OAAA,GAAAO,MAAA,MAAAN,yBAAA,QAAAO,SAAA,OAAAH,gBAAA,CAAAC,OAAA,QAAAf,WAAA,EAAAgB,MAAA,GAAAE,kBAAA,CAAAL,KAAA,EAAAM,SAAA,EAAAF,SAAA,YAAAD,MAAA,GAAAH,KAAA,CAAAO,KAAA,OAAAD,SAAA,gBAAAE,2BAAA,CAAAN,OAAA,QAAAC,MAAA;AAAA,SAAAL,0BAAA,eAAAW,OAAA,qBAAAJ,kBAAA,oBAAAA,kBAAA,CAAAK,IAAA,2BAAAC,KAAA,oCAAAC,OAAA,CAAA5B,SAAA,CAAA6B,OAAA,CAAArC,IAAA,CAAA6B,kBAAA,CAAAO,OAAA,8CAAA3C,CAAA;AAEnC,IAAA6C,gBAAS,EACP,WAAW,EACXC,4BAAM,EACN,IAAIC,mBAAY,CAAC;EACf5B,IAAI,EAAE,EAAE;EACR2B,MAAM,EAANA,4BAAM;EACNE,MAAM,EAAEF,4BAAM,CAACE;AACjB,CAAC,CACH,CAAC;AAED,IAAMC,SAAS,GAAG,KAAK;AACvB,IAAMC,kBAAkB,GAAG,MAAM;AAEjC,IAAMC,oBAAoB,GAAG,SAAS;AAE/B,IAAMC,yBAAyB,GAAAC,OAAA,CAAAD,yBAAA,GAAG,WAAW;;AAEpD;AACA;AACA;AACA;AAHA,IAIaE,QAAQ,GAAAD,OAAA,CAAAC,QAAA,0BAAAC,MAAA;EAAA,IAAAC,UAAA,CAAAvB,OAAA,EAAAqB,QAAA,EAAAC,MAAA;EAAA,IAAAE,MAAA,GAAA/B,YAAA,CAAA4B,QAAA;EACnB;AACF;AACA;AACA;EACE,SAAAA,SAAYI,OAAO,EAAE;IAAA,IAAAC,KAAA;IAAA,IAAAC,gBAAA,CAAA3B,OAAA,QAAAqB,QAAA;IACnBK,KAAA,GAAAF,MAAA,CAAAlD,IAAA,OAAMmD,OAAO;IACbC,KAAA,CAAKE,QAAQ,GAAG,IAAI;IAAC,OAAAF,KAAA;EACvB;EAAC,WAAAG,aAAA,CAAA7B,OAAA,EAAAqB,QAAA;AAAA,oBAAAS,iBAAA,CAAA9B,OAAA,EAR2B+B,KAAK;AAWnC,IAAMC,UAAU,GAAG,SAAbA,UAAUA,CAAI3D,GAAG,EAAK;EAC1B,MAAM,IAAIgD,QAAQ,iBAAAY,MAAA,CAAiB5D,GAAG,CAAE,CAAC;AAC3C,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA,IAAM6D,UAAU,GAAG,SAAbA,UAAUA,CAAIC,GAAG,EAAK;EAC1B,IAAI,OAAOA,GAAG,KAAK,QAAQ,EAAE;IAC3BH,UAAU,CAAC,kCAAkC,CAAC;EAChD;EAEA,IAAMI,GAAG,GAAGC,kBAAM,CAACC,IAAI,CAACH,GAAG,EAAE,QAAQ,CAAC;EACtC,IAAMI,GAAG,GAAG,IAAIC,UAAU,CAACJ,GAAG,CAAC,CAACK,MAAM;EAEtC,IAAMC,IAAI,GAAG,IAAAC,eAAO,EAACJ,GAAG,CAAC;EAEzB,OAAO,IAAIK,kBAAW,CAAC;IAACC,MAAM,EAAEH,IAAI,CAACzC;EAAM,CAAC,CAAC;AAC/C,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAM6C,iBAAiB,GAAG,SAApBA,iBAAiBA,CAAAC,IAAA,EAAc;EAAA,IAATC,GAAG,GAAAD,IAAA,CAAHC,GAAG;EAC7B,IAAIA,GAAG,KAAKhC,SAAS,EAAE;IACrBgB,UAAU,0BAAAC,MAAA,CAA0BjB,SAAS,MAAG,CAAC;EACnD;AACF,CAAC;AAED,IAAMiC,iBAAiB,GAAG,SAApBA,iBAAiBA,CAAAC,KAAA,EAAc;EAAA,IAATC,GAAG,GAAAD,KAAA,CAAHC,GAAG;EAC7B,IAAI,CAAC,IAAAC,eAAK,EAACD,GAAG,CAAC,EAAE;IACfnB,UAAU,CAAC,0BAA0B,CAAC;EACxC;EAEA,IAAI,IAAAqB,UAAQ,EAACF,GAAG,CAAC,CAACG,QAAQ,KAAKrC,kBAAkB,EAAE;IACjDe,UAAU,4BAAAC,MAAA,CAA4BhB,kBAAkB,MAAG,CAAC;EAC9D;AACF,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,IAAMsC,kBAAkB,GAAAnC,OAAA,CAAAmC,kBAAA,GAAG,SAArBA,kBAAkBA,CAAAC,KAAA,EAAAC,KAAA,EAA6B;EAAA,IAAAC,KAAA,OAAAC,eAAA,CAAA3D,OAAA,EAAAwD,KAAA;IAAxBI,WAAW,GAAAF,KAAA;EAAA,IAAIP,GAAG,GAAAM,KAAA,CAAHN,GAAG;EACpD,IAAMU,WAAW,GAAG,IAAAR,UAAQ,EAACF,GAAG,CAAC,CAACW,QAAQ;EAC1C,IAAIC,oBAAoB,GAAG,KAAK;EAEhC,IAAIH,WAAW,CAACI,UAAU,EAAE;IAC1B;IAAA,IAAAC,SAAA,GAAAjH,0BAAA,CACwB4G,WAAW,CAACI,UAAU;MAAAE,KAAA;IAAA;MAA9C,KAAAD,SAAA,CAAAtG,CAAA,MAAAuG,KAAA,GAAAD,SAAA,CAAArG,CAAA,IAAAC,IAAA,GAAgD;QAAA,IAArCsG,SAAS,GAAAD,KAAA,CAAApG,KAAA;QAClB,IAAIqG,SAAS,CAACC,MAAM,KAAKjD,yBAAyB,EAAE;UAClD,IAAOkD,QAAQ,GAAIF,SAAS,CAACG,WAAW,CAAjCD,QAAQ;UAA0B,IAAAE,UAAA,GAAAvH,0BAAA,CAErBqH,QAAQ;YAAAG,MAAA;UAAA;YAA5B,KAAAD,UAAA,CAAA5G,CAAA,MAAA6G,MAAA,GAAAD,UAAA,CAAA3G,CAAA,IAAAC,IAAA,GAA8B;cAAA,IAAnB4G,KAAK,GAAAD,MAAA,CAAA1G,KAAA;cACd,IAAM4G,GAAG,GAAGD,KAAK,CAAC3G,KAAK,CAAC6G,WAAW,CAAC,CAAC;cAErCZ,oBAAoB,GAAGW,GAAG,KAAKb,WAAW;cAC1C,IAAIE,oBAAoB,EAAE;gBACxB;cACF;YACF;UAAC,SAAA1F,GAAA;YAAAkG,UAAA,CAAAxG,CAAA,CAAAM,GAAA;UAAA;YAAAkG,UAAA,CAAAtG,CAAA;UAAA;UAED,IAAI8F,oBAAoB,EAAE;YACxB;UACF;QACF;MACF;IAAC,SAAA1F,GAAA;MAAA4F,SAAA,CAAAlG,CAAA,CAAAM,GAAA;IAAA;MAAA4F,SAAA,CAAAhG,CAAA;IAAA;EACH;EAEA,IAAI,CAAC8F,oBAAoB,EAAE;IACzB;IACA,IAAMa,iBAAiB,GAAGhB,WAAW,CAACiB,OAAO,CAACC,cAAc;IAAC,IAAAC,UAAA,GAAA/H,0BAAA,CAErC4H,iBAAiB;MAAAI,MAAA;IAAA;MAAzC,KAAAD,UAAA,CAAApH,CAAA,MAAAqH,MAAA,GAAAD,UAAA,CAAAnH,CAAA,IAAAC,IAAA,GAA2C;QAAA,IAAhCoH,SAAS,GAAAD,MAAA,CAAAlH,KAAA;QAClB,IAAImH,SAAS,CAACC,IAAI,KAAKhE,oBAAoB,EAAE;UAC3C,IAAMiE,UAAU,GAAGF,SAAS,CAACnH,KAAK,CAACsH,UAAU,CAACtH,KAAK;UAEnDiG,oBAAoB,GAAGoB,UAAU,KAAKtB,WAAW;UACjD,IAAIE,oBAAoB,EAAE;YACxB;UACF;QACF;MACF;IAAC,SAAA1F,GAAA;MAAA0G,UAAA,CAAAhH,CAAA,CAAAM,GAAA;IAAA;MAAA0G,UAAA,CAAA9G,CAAA;IAAA;EACH;EAEA,IAAI,CAAC8F,oBAAoB,EAAE;IACzB/B,UAAU,CAAC,sDAAsD,CAAC;EACpE;AACF,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMqD,yBAAyB,GAAG,SAA5BA,yBAAyBA,CAAAC,KAAA,EAAAC,KAAA,EAAuD;EAAA,IAAAC,KAAA,OAAA7B,eAAA,CAAA3D,OAAA,EAAAsF,KAAA;IAAlD1B,WAAW,GAAA4B,KAAA;EAAA,IAAOC,cAAc,GAAAF,KAAA,CAAjBxH,CAAC;IAAqB2H,OAAO,GAAAH,KAAA,CAAV3H,CAAC;EACrE,IAAO+H,MAAM,GAAIC,iBAAI,CAACC,IAAI,CAACC,SAAS,CAA7BH,MAAM;EAEb,IAAMI,SAAS,GAAGnC,WAAW,CAACoC,oBAAoB,CAACC,gBAAgB;EACnE,IAAMC,cAAc,GAAG,IAAAvD,eAAO,EAACoD,SAAS,CAACX,UAAU,CAACe,QAAQ,CAAC;EAC7D,IAAMC,UAAU,GAAG,IAAIC,mBAAY,CAAC;IAACxD,MAAM,EAAEqD,cAAc,CAACjG;EAAM,CAAC,CAAC;EACpE,IAAMqG,iBAAiB,GAAGF,UAAU,CAACX,cAAc,CAACL,UAAU,CAACe,QAAQ;EACvE,IAAMI,UAAU,GAAGH,UAAU,CAACV,OAAO,CAACN,UAAU,CAACe,QAAQ;EAEzD,IAAIV,cAAc,KAAKE,MAAM,CAACW,iBAAiB,CAAC,EAAE;IAChDtE,UAAU,CAAC,4BAA4B,CAAC;EAC1C;EACA,IAAI0D,OAAO,KAAKC,MAAM,CAACY,UAAU,CAAC,EAAE;IAClCvE,UAAU,CAAC,oBAAoB,CAAC;EAClC;AACF,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMwE,6BAA6B,GAAG,SAAhCA,6BAA6BA,CAAIC,YAAY,EAAmB;EAAA,IAAjBC,OAAO,GAAAtG,SAAA,CAAA5C,MAAA,QAAA4C,SAAA,QAAAuG,SAAA,GAAAvG,SAAA,MAAG,EAAE;EAC/D,IAAMwG,iBAAiB,GAAG,IAAIC,uCAAgC,CAAC;IAC7DC,YAAY,EAAEJ,OAAO,CAACK,GAAG,CAAC7E,UAAU,CAAC;IACrC8E,KAAK,EAAEP;EACT,CAAC,CAAC;EAEF,OAAOG,iBAAiB,CAACK,MAAM,CAAC,CAAC,CAACC,IAAI,CAAC,UAAAC,KAAA,EAAyC;IAAA,IAAvClH,MAAM,GAAAkH,KAAA,CAANlH,MAAM;MAAEmH,UAAU,GAAAD,KAAA,CAAVC,UAAU;MAAEC,aAAa,GAAAF,KAAA,CAAbE,aAAa;IACxE,IAAI,CAACpH,MAAM,EAAE;MACX+B,UAAU,mCAAAC,MAAA,CAAmCmF,UAAU,SAAAnF,MAAA,CAAMoF,aAAa,CAAE,CAAC;IAC/E;EACF,CAAC,CAAC;AACJ,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAMC,WAAW,GACf,SADIA,WAAWA,CACdZ,OAAO;EAAA,OACR;IAAA,IAACa,GAAG,GAAAnH,SAAA,CAAA5C,MAAA,QAAA4C,SAAA,QAAAuG,SAAA,GAAAvG,SAAA,MAAG,CAAC,CAAC;IAAA,OACPoH,QAAA,CAAAxH,OAAA,CAAQyH,OAAO,CAAC,CAAC,CAACP,IAAI,CAAC,YAAM;MAC3BpE,iBAAiB,CAACyE,GAAG,CAAC;MACtBtE,iBAAiB,CAACsE,GAAG,CAAC;MAEtB,IAAI,EAAE,IAAAG,eAAO,EAACH,GAAG,CAACI,GAAG,CAAC,IAAIJ,GAAG,CAACI,GAAG,CAACnK,MAAM,GAAG,CAAC,CAAC,EAAE;QAC7CwE,UAAU,CAAC,6CAA6C,CAAC;MAC3D;MACA,IAAMyE,YAAY,GAAGc,GAAG,CAACI,GAAG,CAACZ,GAAG,CAAC7E,UAAU,CAAC;MAE5CqB,kBAAkB,CAACkD,YAAY,EAAEc,GAAG,CAAC;MACrClC,yBAAyB,CAACoB,YAAY,EAAEc,GAAG,CAAC;;MAE5C;MACA,IAAMK,OAAO,GAAGlB,OAAO,GACnBF,6BAA6B,CAACC,YAAY,EAAEC,OAAO,CAAC,GACpDc,QAAA,CAAAxH,OAAA,CAAQyH,OAAO,CAAC,CAAC;MAErB,OAAOG,OAAO,CAACV,IAAI,CAAC;QAAA,OAAMK,GAAG;MAAA,EAAC;IAChC,CAAC,CAAC;EAAA;AAAA;AAAC,IAAAM,QAAA,GAAAzG,OAAA,CAAApB,OAAA,GAEQsH,WAAW"}