@webex/internal-plugin-encryption 3.8.0-next.13 → 3.8.0-next.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/encryption.js +65 -28
  2. package/dist/encryption.js.map +1 -1
  3. package/dist/kms.js +1 -1
  4. package/package.json +13 -13
  5. package/src/encryption.js +28 -3
package/dist/encryption.js CHANGED
@@ -11,7 +11,9 @@ _Object$defineProperty(exports, "__esModule", {
11
11
  value: true
12
12
  });
13
13
  exports.default = void 0;
14
+ var _regenerator = _interopRequireDefault(require("@babel/runtime-corejs2/regenerator"));
14
15
  var _defineProperty2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/defineProperty"));
16
+ var _asyncToGenerator2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/asyncToGenerator"));
15
17
  var _promise = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/promise"));
16
18
  var _stringify = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/json/stringify"));
17
19
  var _events = require("events");
@@ -82,26 +84,41 @@ var Encryption = _webexCore.WebexPlugin.extend({
82
84
  */
83
85
  download: function download(fileUrl, scr, options) {
84
86
  var _this = this;
85
- /* istanbul ignore if */
86
- if (!fileUrl || !scr) {
87
- return _promise.default.reject(new Error('`scr` and `fileUrl` are required'));
88
- }
89
- var shunt = new _events.EventEmitter();
90
- var promise = this._fetchDownloadUrl(fileUrl, options).then(function (uri) {
91
- // eslint-disable-next-line no-shadow
92
- var options = {
93
- method: 'GET',
94
- uri: uri,
95
- responseType: 'buffer'
96
- };
97
- var ret = _this.request(options);
98
- (0, _common.transferEvents)('progress', options.download, shunt);
99
- return ret;
100
- }).then(function (res) {
101
- return _this.decryptBinary(scr, res.body);
102
- });
103
- (0, _common.proxyEvents)(shunt, promise);
104
- return promise;
87
+ return (0, _asyncToGenerator2.default)( /*#__PURE__*/_regenerator.default.mark(function _callee() {
88
+ var shunt, promise;
89
+ return _regenerator.default.wrap(function _callee$(_context) {
90
+ while (1) switch (_context.prev = _context.next) {
91
+ case 0:
92
+ if (!(!fileUrl || !scr)) {
93
+ _context.next = 2;
94
+ break;
95
+ }
96
+ return _context.abrupt("return", _promise.default.reject(new Error('`scr` and `fileUrl` are required')));
97
+ case 2:
98
+ shunt = new _events.EventEmitter();
99
+ promise = _this._fetchDownloadUrl(fileUrl, _objectSpread({
100
+ useFileService: true
101
+ }, options)).then(function (uri) {
102
+ // eslint-disable-next-line no-shadow
103
+ var options = {
104
+ method: 'GET',
105
+ uri: uri,
106
+ responseType: 'buffer'
107
+ };
108
+ var ret = _this.request(options);
109
+ (0, _common.transferEvents)('progress', options.download, shunt);
110
+ return ret;
111
+ }).then(function (res) {
112
+ return _this.decryptBinary(scr, res.body);
113
+ });
114
+ (0, _common.proxyEvents)(shunt, promise);
115
+ return _context.abrupt("return", promise);
116
+ case 6:
117
+ case "end":
118
+ return _context.stop();
119
+ }
120
+ }, _callee);
121
+ }))();
105
122
  },
106
123
  /**
107
124
  * Fetch Download URL for the requested file
@@ -116,6 +133,13 @@ var Encryption = _webexCore.WebexPlugin.extend({
116
133
  this.logger.info('encryption: bypassing webex files because this looks to be a test file on localhost');
117
134
  return _promise.default.resolve(fileUrl);
118
135
  }
136
+ if (options && options.useFileService === false) {
137
+ if (!fileUrl.startsWith('https://')) {
138
+ this.logger.error('encryption: direct file URLs must use HTTPS');
139
+ return _promise.default.reject(new Error('Direct file URLs must use HTTPS'));
140
+ }
141
+ return _promise.default.resolve(fileUrl);
142
+ }
119
143
  var inputBody = {
120
144
  endpoints: [fileUrl]
121
145
  };
@@ -168,12 +192,25 @@ var Encryption = _webexCore.WebexPlugin.extend({
168
192
  * @returns {string} Encrypted SCR
169
193
  */
170
194
  encryptScr: function encryptScr(key, scr, options) {
195
+ var _this3 = this;
171
196
  /* istanbul ignore if */
172
197
  if (!scr.loc) {
173
198
  return _promise.default.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));
174
199
  }
200
+
201
+ // first we get the scr json, then we create an SCR instance using the key json and then we create a JWE using the key jwk
175
202
  return this.getKey(key, options).then(function (k) {
176
- return scr.toJWE(k.jwk);
203
+ if (!(k !== null && k !== void 0 && k.jwk)) {
204
+ _this3.logger.error('encryption: Invalid key or JWK');
205
+ throw new Error('Invalid key or JWK');
206
+ }
207
+ return _nodeScr.default.fromJSON(scr).then(function (encScr) {
208
+ if (!encScr) {
209
+ _this3.logger.error('encryption: Failed to create SCR instance');
210
+ throw new Error('Failed to create SCR instance');
211
+ }
212
+ return encScr.toJWE(k.jwk);
213
+ });
177
214
  });
178
215
  },
179
216
  /**
@@ -186,9 +223,9 @@ var Encryption = _webexCore.WebexPlugin.extend({
186
223
  * @returns {string} Encrypted text
187
224
  */
188
225
  encryptText: function encryptText(key, plaintext, options) {
189
- var _this3 = this;
226
+ var _this4 = this;
190
227
  return this.getKey(key, options).then(function (k) {
191
- return _nodeJose.default.JWE.createEncrypt(_this3.config.joseOptions, {
228
+ return _nodeJose.default.JWE.createEncrypt(_this4.config.joseOptions, {
192
229
  key: k.jwk,
193
230
  header: {
194
231
  alg: 'dir'
@@ -206,7 +243,7 @@ var Encryption = _webexCore.WebexPlugin.extend({
206
243
  * @returns {string} Key
207
244
  */
208
245
  getKey: function getKey(uri) {
209
- var _this4 = this;
246
+ var _this5 = this;
210
247
  var _ref = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {},
211
248
  onBehalfOf = _ref.onBehalfOf;
212
249
  if (uri.jwk) {
@@ -219,17 +256,17 @@ var Encryption = _webexCore.WebexPlugin.extend({
219
256
  return this.unboundedStorage.get(storageKey).then(function (keyString) {
220
257
  return JSON.parse(keyString);
221
258
  }).then(function (keyObject) {
222
- return _this4.kms.asKey(keyObject);
259
+ return _this5.kms.asKey(keyObject);
223
260
  }).catch(function () {
224
- return _this4.kms.fetchKey({
261
+ return _this5.kms.fetchKey({
225
262
  uri: uri,
226
263
  onBehalfOf: onBehalfOf
227
264
  }).then((0, _common.tap)(function (key) {
228
- return _this4.unboundedStorage.put(storageKey, (0, _stringify.default)(key, replacer));
265
+ return _this5.unboundedStorage.put(storageKey, (0, _stringify.default)(key, replacer));
229
266
  }));
230
267
  });
231
268
  },
232
- version: "3.8.0-next.13"
269
+ version: "3.8.0-next.14"
233
270
  });
234
271
 
235
272
  /**
package/dist/encryption.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_events","require","_url","_interopRequireDefault","_webexCore","_common","_nodeJose","_nodeScr","_ensureBuffer","_kms","ownKeys","e","r","t","_Object$keys","_Object$getOwnPropertySymbols","o","filter","_Object$getOwnPropertyDescriptor","enumerable","push","apply","_objectSpread","arguments","length","Object","forEach","_defineProperty2","default","_Object$getOwnPropertyDescriptors","_Object$defineProperties","_Object$defineProperty","Encryption","WebexPlugin","extend","children","kms","KMS","namespace","processKmsMessageEvent","event","decryptBinary","scr","buffer","ensureBuffer","then","b","byteLength","_promise","reject","Error","decrypt","decryptScr","key","cipherScr","options","getKey","k","SCR","fromJWE","jwk","decryptText","ciphertext","jose","JWE","createDecrypt","result","plaintext","toString","download","fileUrl","_this","shunt","EventEmitter","promise","_fetchDownloadUrl","uri","method","responseType","ret","request","transferEvents","res","body","proxyEvents","_this2","logger","info","process","env","NODE_ENV","includes","resolve","inputBody","endpoints","endpointUrl","url","parse","protocol","pathname","format","allow","params","warn","catch","err","concat","encryptBinary","file","create","encrypt","cdata","encryptScr","loc","toJWE","encryptText","_this3","createEncrypt","config","joseOptions","header","alg","reference","final","_this4","_ref","undefined","onBehalfOf","asKey","storageKey","unboundedStorage","get","keyString","JSON","keyObject","fetchKey","tap","put","_stringify","replacer","version","v","json","toJSON","_default","exports"],"sources":["encryption.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {EventEmitter} from 'events';\nimport url from 'url';\n\nimport {WebexPlugin} from '@webex/webex-core';\nimport {proxyEvents, tap, transferEvents} from '@webex/common';\nimport jose from 'node-jose';\nimport SCR from 'node-scr';\n\nimport ensureBuffer from './ensure-buffer';\nimport KMS from './kms';\n\nconst Encryption = WebexPlugin.extend({\n children: {\n kms: KMS,\n },\n\n namespace: 'Encryption',\n\n processKmsMessageEvent(event) {\n return this.kms.processKmsMessageEvent(event);\n },\n\n decryptBinary(scr, buffer) {\n return ensureBuffer(buffer).then((b) => {\n /* istanbul ignore if */\n if (buffer.length === 0 || buffer.byteLength === 0) {\n return Promise.reject(new Error('Attempted to decrypt zero-length buffer'));\n }\n\n return scr.decrypt(b);\n });\n },\n\n /**\n * Decrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} cipherScr - An encrypted SCR\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {Object} Decrypted SCR\n */\n decryptScr(key, cipherScr, options) {\n return this.getKey(key, options).then((k) => SCR.fromJWE(k.jwk, cipherScr));\n },\n\n /**\n * Decrypt text using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} ciphertext - Encrypted text\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Decrypted plaintext\n */\n decryptText(key, ciphertext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createDecrypt(k.jwk)\n .decrypt(ciphertext)\n .then((result) => result.plaintext.toString())\n );\n },\n\n /**\n * Validate and initiate a Download request for requested file\n * @param {Object} fileUrl - Plaintext\n * @param {Object} scr - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise}\n */\n download(fileUrl, scr, options) {\n /* istanbul ignore if */\n if (!fileUrl || !scr) {\n return Promise.reject(new Error('`scr` and `fileUrl` are required'));\n }\n\n const shunt = new EventEmitter();\n const promise = this._fetchDownloadUrl(fileUrl, options)\n .then((uri) => {\n // eslint-disable-next-line no-shadow\n const options = {\n method: 'GET',\n uri,\n responseType: 'buffer',\n };\n\n const ret = this.request(options);\n\n transferEvents('progress', options.download, shunt);\n\n return ret;\n })\n .then((res) => this.decryptBinary(scr, res.body));\n\n proxyEvents(shunt, promise);\n\n return promise;\n },\n\n /**\n * Fetch Download URL for the requested file\n * @param {Object} fileUrl - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise} url of the downloadable file\n */\n _fetchDownloadUrl(fileUrl, options) {\n this.logger.info('encryption: retrieving download url for encrypted file');\n\n if (process.env.NODE_ENV !== 'production' && fileUrl.includes('localhost')) {\n this.logger.info(\n 'encryption: bypassing webex files because this looks to be a test file on localhost'\n );\n\n return Promise.resolve(fileUrl);\n }\n\n const inputBody = {\n endpoints: [fileUrl],\n };\n const endpointUrl = url.parse(fileUrl);\n\n // hardcode the url to use 'https' and the file service '/v1/download/endpoints' api\n endpointUrl.protocol = 'https';\n endpointUrl.pathname = '/v1/download/endpoints';\n\n return this.request({\n method: 'POST',\n uri: url.format(endpointUrl),\n body: options\n ? {\n ...inputBody,\n allow: options.params.allow,\n }\n : inputBody,\n })\n .then((res) => {\n // eslint-disable-next-line no-shadow\n const url = res.body.endpoints[fileUrl];\n\n if (!url) {\n this.logger.warn(\n 'encryption: could not determine download url for `fileUrl`; attempting to download `fileUrl` directly'\n );\n\n return fileUrl;\n }\n this.logger.info('encryption: retrieved download url for encrypted file');\n\n return url;\n })\n .catch((err) => {\n this.logger.warn(\n `encryption: ${err} could not determine download url for ${fileUrl}; attempting to download ${fileUrl} directly`\n );\n\n return fileUrl;\n });\n },\n\n encryptBinary(file) {\n return ensureBuffer(file).then((buffer) =>\n SCR.create().then((scr) =>\n scr\n .encrypt(buffer)\n .then(ensureBuffer)\n // eslint-disable-next-line max-nested-callbacks\n .then((cdata) => ({scr, cdata}))\n )\n );\n },\n\n /**\n * Encrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} scr - Plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted SCR\n */\n encryptScr(key, scr, options) {\n /* istanbul ignore if */\n if (!scr.loc) {\n return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));\n }\n\n return this.getKey(key, options).then((k) => scr.toJWE(k.jwk));\n },\n\n /**\n * Encrypt plaintext using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted text\n */\n encryptText(key, plaintext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createEncrypt(this.config.joseOptions, {\n key: k.jwk,\n header: {\n alg: 'dir',\n },\n reference: null,\n }).final(plaintext, 'utf8')\n );\n },\n\n /**\n * Fetch the key associated with the supplied KMS uri.\n *\n * @param {string} uri - The uri of a key stored in KMS\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Key\n */\n getKey(uri, {onBehalfOf} = {}) {\n if (uri.jwk) {\n return this.kms.asKey(uri);\n }\n\n let storageKey = uri;\n\n if (onBehalfOf) {\n storageKey += `/onBehalfOf/${onBehalfOf}`;\n }\n\n return this.unboundedStorage\n .get(storageKey)\n .then((keyString) => JSON.parse(keyString))\n .then((keyObject) => this.kms.asKey(keyObject))\n .catch(() =>\n this.kms\n .fetchKey({uri, onBehalfOf})\n .then(tap((key) => this.unboundedStorage.put(storageKey, JSON.stringify(key, replacer))))\n );\n },\n});\n\n/**\n * JSON.stringify replacer that ensures private key data is serialized.\n * @param {string} k\n * @param {mixed} v\n * @returns {mixed}\n */\nfunction replacer(k, v) {\n if (k === 'jwk') {\n // note: this[k] and v may be different representations of the same value\n // eslint-disable-next-line no-invalid-this\n const json = this[k].toJSON(true);\n\n return json;\n }\n\n return v;\n}\n\nexport default Encryption;\n"],"mappings":";;;;;;;;;;;;;;;;AAIA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAC,sBAAA,CAAAF,OAAA;AAEA,IAAAG,UAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,SAAA,GAAAH,sBAAA,CAAAF,OAAA;AACA,IAAAM,QAAA,GAAAJ,sBAAA,CAAAF,OAAA;AAEA,IAAAO,aAAA,GAAAL,sBAAA,CAAAF,OAAA;AACA,IAAAQ,IAAA,GAAAN,sBAAA,CAAAF,OAAA;AAAwB,SAAAS,QAAAC,CAAA,EAAAC,CAAA,QAAAC,CAAA,GAAAC,YAAA,CAAAH,CAAA,OAAAI,6BAAA,QAAAC,CAAA,GAAAD,6BAAA,CAAAJ,CAAA,GAAAC,CAAA,KAAAI,CAAA,GAAAA,CAAA,CAAAC,MAAA,WAAAL,CAAA,WAAAM,gCAAA,CAAAP,CAAA,EAAAC,CAAA,EAAAO,UAAA,OAAAN,CAAA,CAAAO,IAAA,CAAAC,KAAA,CAAAR,CAAA,EAAAG,CAAA,YAAAH,CAAA;AAAA,SAAAS,cAAAX,CAAA,aAAAC,CAAA,MAAAA,CAAA,GAAAW,SAAA,CAAAC,MAAA,EAAAZ,CAAA,UAAAC,CAAA,WAAAU,SAAA,CAAAX,CAAA,IAAAW,SAAA,CAAAX,CAAA,QAAAA,CAAA,OAAAF,OAAA,CAAAe,MAAA,CAAAZ,CAAA,OAAAa,OAAA,WAAAd,CAAA,QAAAe,gBAAA,CAAAC,OAAA,EAAAjB,CAAA,EAAAC,CAAA,EAAAC,CAAA,CAAAD,CAAA,SAAAiB,iCAAA,GAAAC,wBAAA,CAAAnB,CAAA,EAAAkB,iCAAA,CAAAhB,CAAA,KAAAH,OAAA,CAAAe,MAAA,CAAAZ,CAAA,GAAAa,OAAA,WAAAd,CAAA,IAAAmB,sBAAA,CAAApB,CAAA,EAAAC,CAAA,EAAAM,gCAAA,CAAAL,CAAA,EAAAD,CAAA,iBAAAD,CAAA,IAbxB;AACA;AACA;AAaA,IAAMqB,UAAU,GAAGC,sBAAW,CAACC,MAAM,CAAC;EACpCC,QAAQ,EAAE;IACRC,GAAG,EAAEC;EACP,CAAC;EAEDC,SAAS,EAAE,YAAY;EAEvBC,sBAAsB,WAAAA,uBAACC,KAAK,EAAE;IAC5B,OAAO,IAAI,CAACJ,GAAG,CAACG,sBAAsB,CAACC,KAAK,CAAC;EAC/C,CAAC;EAEDC,aAAa,WAAAA,cAACC,GAAG,EAAEC,MAAM,EAAE;IACzB,OAAO,IAAAC,qBAAY,EAACD,MAAM,CAAC,CAACE,IAAI,CAAC,UAACC,CAAC,EAAK;MACtC;MACA,IAAIH,MAAM,CAACnB,MAAM,KAAK,CAAC,IAAImB,MAAM,CAACI,UAAU,KAAK,CAAC,EAAE;QAClD,OAAOC,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,yCAAyC,CAAC,CAAC;MAC7E;MAEA,OAAOR,GAAG,CAACS,OAAO,CAACL,CAAC,CAAC;IACvB,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEM,UAAU,WAAAA,WAACC,GAAG,EAAEC,SAAS,EAAEC,OAAO,EAAE;IAClC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKC,gBAAG,CAACC,OAAO,CAACF,CAAC,CAACG,GAAG,EAAEN,SAAS,CAAC;IAAA,EAAC;EAC7E,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEO,WAAW,WAAAA,YAACR,GAAG,EAAES,UAAU,EAAEP,OAAO,EAAE;IACpC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAACC,aAAa,CAACR,CAAC,CAACG,GAAG,CAAC,CAC1BT,OAAO,CAACW,UAAU,CAAC,CACnBjB,IAAI,CAAC,UAACqB,MAAM;QAAA,OAAKA,MAAM,CAACC,SAAS,CAACC,QAAQ,CAAC,CAAC;MAAA,EAAC;IAAA,CAClD,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,QAAQ,WAAAA,SAACC,OAAO,EAAE5B,GAAG,EAAEa,OAAO,EAAE;IAAA,IAAAgB,KAAA;IAC9B;IACA,IAAI,CAACD,OAAO,IAAI,CAAC5B,GAAG,EAAE;MACpB,OAAOM,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtE;IAEA,IAAMsB,KAAK,GAAG,IAAIC,oBAAY,CAAC,CAAC;IAChC,IAAMC,OAAO,GAAG,IAAI,CAACC,iBAAiB,CAACL,OAAO,EAAEf,OAAO,CAAC,CACrDV,IAAI,CAAC,UAAC+B,GAAG,EAAK;MACb;MACA,IAAMrB,OAAO,GAAG;QACdsB,MAAM,EAAE,KAAK;QACbD,GAAG,EAAHA,GAAG;QACHE,YAAY,EAAE;MAChB,CAAC;MAED,IAAMC,GAAG,GAAGR,KAAI,CAACS,OAAO,CAACzB,OAAO,CAAC;MAEjC,IAAA0B,sBAAc,EAAC,UAAU,EAAE1B,OAAO,CAACc,QAAQ,EAAEG,KAAK,CAAC;MAEnD,OAAOO,GAAG;IACZ,CAAC,CAAC,CACDlC,IAAI,CAAC,UAACqC,GAAG;MAAA,OAAKX,KAAI,CAAC9B,aAAa,CAACC,GAAG,EAAEwC,GAAG,CAACC,IAAI,CAAC;IAAA,EAAC;IAEnD,IAAAC,mBAAW,EAACZ,KAAK,EAAEE,OAAO,CAAC;IAE3B,OAAOA,OAAO;EAChB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;EACEC,iBAAiB,WAAAA,kBAACL,OAAO,EAAEf,OAAO,EAAE;IAAA,IAAA8B,MAAA;IAClC,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,wDAAwD,CAAC;IAE1E,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,IAAIpB,OAAO,CAACqB,QAAQ,CAAC,WAAW,CAAC,EAAE;MAC1E,IAAI,CAACL,MAAM,CAACC,IAAI,CACd,qFACF,CAAC;MAED,OAAOvC,QAAA,CAAApB,OAAA,CAAQgE,OAAO,CAACtB,OAAO,CAAC;IACjC;IAEA,IAAMuB,SAAS,GAAG;MAChBC,SAAS,EAAE,CAACxB,OAAO;IACrB,CAAC;IACD,IAAMyB,WAAW,GAAGC,YAAG,CAACC,KAAK,CAAC3B,OAAO,CAAC;;IAEtC;IACAyB,WAAW,CAACG,QAAQ,GAAG,OAAO;IAC9BH,WAAW,CAACI,QAAQ,GAAG,wBAAwB;IAE/C,OAAO,IAAI,CAACnB,OAAO,CAAC;MAClBH,MAAM,EAAE,MAAM;MACdD,GAAG,EAAEoB,YAAG,CAACI,MAAM,CAACL,WAAW,CAAC;MAC5BZ,IAAI,EAAE5B,OAAO,GAAAjC,aAAA,CAAAA,aAAA,KAEJuE,SAAS;QACZQ,KAAK,EAAE9C,OAAO,CAAC+C,MAAM,CAACD;MAAK,KAE7BR;IACN,CAAC,CAAC,CACChD,IAAI,CAAC,UAACqC,GAAG,EAAK;MACb;MACA,IAAMc,GAAG,GAAGd,GAAG,CAACC,IAAI,CAACW,SAAS,CAACxB,OAAO,CAAC;MAEvC,IAAI,CAAC0B,GAAG,EAAE;QACRX,MAAI,CAACC,MAAM,CAACiB,IAAI,CACd,uGACF,CAAC;QAED,OAAOjC,OAAO;MAChB;MACAe,MAAI,CAACC,MAAM,CAACC,IAAI,CAAC,uDAAuD,CAAC;MAEzE,OAAOS,GAAG;IACZ,CAAC,CAAC,CACDQ,KAAK,CAAC,UAACC,GAAG,EAAK;MACdpB,MAAI,CAACC,MAAM,CAACiB,IAAI,gBAAAG,MAAA,CACCD,GAAG,4CAAAC,MAAA,CAAyCpC,OAAO,+BAAAoC,MAAA,CAA4BpC,OAAO,cACvG,CAAC;MAED,OAAOA,OAAO;IAChB,CAAC,CAAC;EACN,CAAC;EAEDqC,aAAa,WAAAA,cAACC,IAAI,EAAE;IAClB,OAAO,IAAAhE,qBAAY,EAACgE,IAAI,CAAC,CAAC/D,IAAI,CAAC,UAACF,MAAM;MAAA,OACpCe,gBAAG,CAACmD,MAAM,CAAC,CAAC,CAAChE,IAAI,CAAC,UAACH,GAAG;QAAA,OACpBA,GAAG,CACAoE,OAAO,CAACnE,MAAM,CAAC,CACfE,IAAI,CAACD,qBAAY;QAClB;QAAA,CACCC,IAAI,CAAC,UAACkE,KAAK;UAAA,OAAM;YAACrE,GAAG,EAAHA,GAAG;YAAEqE,KAAK,EAALA;UAAK,CAAC;QAAA,CAAC,CAAC;MAAA,CACpC,CAAC;IAAA,CACH,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,UAAU,WAAAA,WAAC3D,GAAG,EAAEX,GAAG,EAAEa,OAAO,EAAE;IAC5B;IACA,IAAI,CAACb,GAAG,CAACuE,GAAG,EAAE;MACZ,OAAOjE,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtF;IAEA,OAAO,IAAI,CAACM,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKf,GAAG,CAACwE,KAAK,CAACzD,CAAC,CAACG,GAAG,CAAC;IAAA,EAAC;EAChE,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEuD,WAAW,WAAAA,YAAC9D,GAAG,EAAEc,SAAS,EAAEZ,OAAO,EAAE;IAAA,IAAA6D,MAAA;IACnC,OAAO,IAAI,CAAC5D,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAACqD,aAAa,CAACD,MAAI,CAACE,MAAM,CAACC,WAAW,EAAE;QAC9ClE,GAAG,EAAEI,CAAC,CAACG,GAAG;QACV4D,MAAM,EAAE;UACNC,GAAG,EAAE;QACP,CAAC;QACDC,SAAS,EAAE;MACb,CAAC,CAAC,CAACC,KAAK,CAACxD,SAAS,EAAE,MAAM,CAAC;IAAA,CAC7B,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEX,MAAM,WAAAA,OAACoB,GAAG,EAAqB;IAAA,IAAAgD,MAAA;IAAA,IAAAC,IAAA,GAAAtG,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAuG,SAAA,GAAAvG,SAAA,MAAJ,CAAC,CAAC;MAAhBwG,UAAU,GAAAF,IAAA,CAAVE,UAAU;IACrB,IAAInD,GAAG,CAAChB,GAAG,EAAE;MACX,OAAO,IAAI,CAACxB,GAAG,CAAC4F,KAAK,CAACpD,GAAG,CAAC;IAC5B;IAEA,IAAIqD,UAAU,GAAGrD,GAAG;IAEpB,IAAImD,UAAU,EAAE;MACdE,UAAU,mBAAAvB,MAAA,CAAmBqB,UAAU,CAAE;IAC3C;IAEA,OAAO,IAAI,CAACG,gBAAgB,CACzBC,GAAG,CAACF,UAAU,CAAC,CACfpF,IAAI,CAAC,UAACuF,SAAS;MAAA,OAAKC,IAAI,CAACpC,KAAK,CAACmC,SAAS,CAAC;IAAA,EAAC,CAC1CvF,IAAI,CAAC,UAACyF,SAAS;MAAA,OAAKV,MAAI,CAACxF,GAAG,CAAC4F,KAAK,CAACM,SAAS,CAAC;IAAA,EAAC,CAC9C9B,KAAK,CAAC;MAAA,OACLoB,MAAI,CAACxF,GAAG,CACLmG,QAAQ,CAAC;QAAC3D,GAAG,EAAHA,GAAG;QAAEmD,UAAU,EAAVA;MAAU,CAAC,CAAC,CAC3BlF,IAAI,CAAC,IAAA2F,WAAG,EAAC,UAACnF,GAAG;QAAA,OAAKuE,MAAI,CAACM,gBAAgB,CAACO,GAAG,CAACR,UAAU,EAAE,IAAAS,UAAA,CAAA9G,OAAA,EAAeyB,GAAG,EAAEsF,QAAQ,CAAC,CAAC;MAAA,EAAC,CAAC;IAAA,CAC7F,CAAC;EACL,CAAC;EAAAC,OAAA;AACH,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA,SAASD,QAAQA,CAAClF,CAAC,EAAEoF,CAAC,EAAE;EACtB,IAAIpF,CAAC,KAAK,KAAK,EAAE;IACf;IACA;IACA,IAAMqF,IAAI,GAAG,IAAI,CAACrF,CAAC,CAAC,CAACsF,MAAM,CAAC,IAAI,CAAC;IAEjC,OAAOD,IAAI;EACb;EAEA,OAAOD,CAAC;AACV;AAAC,IAAAG,QAAA,GAAAC,OAAA,CAAArH,OAAA,GAEcI,UAAU"}
1
+ {"version":3,"names":["_events","require","_url","_interopRequireDefault","_webexCore","_common","_nodeJose","_nodeScr","_ensureBuffer","_kms","ownKeys","e","r","t","_Object$keys","_Object$getOwnPropertySymbols","o","filter","_Object$getOwnPropertyDescriptor","enumerable","push","apply","_objectSpread","arguments","length","Object","forEach","_defineProperty2","default","_Object$getOwnPropertyDescriptors","_Object$defineProperties","_Object$defineProperty","Encryption","WebexPlugin","extend","children","kms","KMS","namespace","processKmsMessageEvent","event","decryptBinary","scr","buffer","ensureBuffer","then","b","byteLength","_promise","reject","Error","decrypt","decryptScr","key","cipherScr","options","getKey","k","SCR","fromJWE","jwk","decryptText","ciphertext","jose","JWE","createDecrypt","result","plaintext","toString","download","fileUrl","_this","_asyncToGenerator2","_regenerator","mark","_callee","shunt","promise","wrap","_callee$","_context","prev","next","abrupt","EventEmitter","_fetchDownloadUrl","useFileService","uri","method","responseType","ret","request","transferEvents","res","body","proxyEvents","stop","_this2","logger","info","process","env","NODE_ENV","includes","resolve","startsWith","error","inputBody","endpoints","endpointUrl","url","parse","protocol","pathname","format","allow","params","warn","catch","err","concat","encryptBinary","file","create","encrypt","cdata","encryptScr","_this3","loc","fromJSON","encScr","toJWE","encryptText","_this4","createEncrypt","config","joseOptions","header","alg","reference","final","_this5","_ref","undefined","onBehalfOf","asKey","storageKey","unboundedStorage","get","keyString","JSON","keyObject","fetchKey","tap","put","_stringify","replacer","version","v","json","toJSON","_default","exports"],"sources":["encryption.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {EventEmitter} from 'events';\nimport url from 'url';\n\nimport {WebexPlugin} from '@webex/webex-core';\nimport {proxyEvents, tap, transferEvents} from '@webex/common';\nimport jose from 'node-jose';\nimport SCR from 'node-scr';\n\nimport ensureBuffer from './ensure-buffer';\nimport KMS from './kms';\n\nconst Encryption = WebexPlugin.extend({\n children: {\n kms: KMS,\n },\n\n namespace: 'Encryption',\n\n processKmsMessageEvent(event) {\n return this.kms.processKmsMessageEvent(event);\n },\n\n decryptBinary(scr, buffer) {\n return ensureBuffer(buffer).then((b) => {\n /* istanbul ignore if */\n if (buffer.length === 0 || buffer.byteLength === 0) {\n return Promise.reject(new Error('Attempted to decrypt zero-length buffer'));\n }\n\n return scr.decrypt(b);\n });\n },\n\n /**\n * Decrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} cipherScr - An encrypted SCR\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {Object} Decrypted SCR\n */\n decryptScr(key, cipherScr, options) {\n return this.getKey(key, options).then((k) => SCR.fromJWE(k.jwk, cipherScr));\n },\n\n /**\n * Decrypt text using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} ciphertext - Encrypted text\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Decrypted plaintext\n */\n decryptText(key, ciphertext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createDecrypt(k.jwk)\n .decrypt(ciphertext)\n .then((result) => result.plaintext.toString())\n );\n },\n\n /**\n * Validate and initiate a Download request for requested file\n * @param {Object} fileUrl - Plaintext\n * @param {Object} scr - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise}\n */\n async download(fileUrl, scr, options) {\n /* istanbul ignore if */\n if (!fileUrl || !scr) {\n return Promise.reject(new Error('`scr` and `fileUrl` are required'));\n }\n\n const shunt = new EventEmitter();\n const promise = this._fetchDownloadUrl(fileUrl, {useFileService: true, ...options})\n .then((uri) => {\n // eslint-disable-next-line no-shadow\n const options = {\n method: 'GET',\n uri,\n responseType: 'buffer',\n };\n\n const ret = this.request(options);\n\n transferEvents('progress', options.download, shunt);\n\n return ret;\n })\n .then((res) => this.decryptBinary(scr, res.body));\n\n proxyEvents(shunt, promise);\n\n return promise;\n },\n\n /**\n * Fetch Download URL for the requested file\n * @param {Object} fileUrl - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise} url of the downloadable file\n */\n _fetchDownloadUrl(fileUrl, options) {\n this.logger.info('encryption: retrieving download url for encrypted file');\n\n if (process.env.NODE_ENV !== 'production' && fileUrl.includes('localhost')) {\n this.logger.info(\n 'encryption: bypassing webex files because this looks to be a test file on localhost'\n );\n\n return Promise.resolve(fileUrl);\n }\n\n if (options && options.useFileService === false) {\n if (!fileUrl.startsWith('https://')) {\n this.logger.error('encryption: direct file URLs must use HTTPS');\n\n return Promise.reject(new Error('Direct file URLs must use HTTPS'));\n }\n\n return Promise.resolve(fileUrl);\n }\n\n const inputBody = {\n endpoints: [fileUrl],\n };\n const endpointUrl = url.parse(fileUrl);\n\n // hardcode the url to use 'https' and the file service '/v1/download/endpoints' api\n endpointUrl.protocol = 'https';\n endpointUrl.pathname = '/v1/download/endpoints';\n\n return this.request({\n method: 'POST',\n uri: url.format(endpointUrl),\n body: options\n ? {\n ...inputBody,\n allow: options.params.allow,\n }\n : inputBody,\n })\n .then((res) => {\n // eslint-disable-next-line no-shadow\n const url = res.body.endpoints[fileUrl];\n\n if (!url) {\n this.logger.warn(\n 'encryption: could not determine download url for `fileUrl`; attempting to download `fileUrl` directly'\n );\n\n return fileUrl;\n }\n this.logger.info('encryption: retrieved download url for encrypted file');\n\n return url;\n })\n .catch((err) => {\n this.logger.warn(\n `encryption: ${err} could not determine download url for ${fileUrl}; attempting to download ${fileUrl} directly`\n );\n\n return fileUrl;\n });\n },\n\n encryptBinary(file) {\n return ensureBuffer(file).then((buffer) =>\n SCR.create().then((scr) =>\n scr\n .encrypt(buffer)\n .then(ensureBuffer)\n // eslint-disable-next-line max-nested-callbacks\n .then((cdata) => ({scr, cdata}))\n )\n );\n },\n\n /**\n * Encrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} scr - Plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted SCR\n */\n encryptScr(key, scr, options) {\n /* istanbul ignore if */\n if (!scr.loc) {\n return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));\n }\n\n // first we get the scr json, then we create an SCR instance using the key json and then we create a JWE using the key jwk\n return this.getKey(key, options).then((k) => {\n if (!k?.jwk) {\n this.logger.error('encryption: Invalid key or JWK');\n throw new Error('Invalid key or JWK');\n }\n\n return SCR.fromJSON(scr).then((encScr) => {\n if (!encScr) {\n this.logger.error('encryption: Failed to create SCR instance');\n throw new Error('Failed to create SCR instance');\n }\n\n return encScr.toJWE(k.jwk);\n });\n });\n },\n\n /**\n * Encrypt plaintext using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted text\n */\n encryptText(key, plaintext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createEncrypt(this.config.joseOptions, {\n key: k.jwk,\n header: {\n alg: 'dir',\n },\n reference: null,\n }).final(plaintext, 'utf8')\n );\n },\n\n /**\n * Fetch the key associated with the supplied KMS uri.\n *\n * @param {string} uri - The uri of a key stored in KMS\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Key\n */\n getKey(uri, {onBehalfOf} = {}) {\n if (uri.jwk) {\n return this.kms.asKey(uri);\n }\n\n let storageKey = uri;\n\n if (onBehalfOf) {\n storageKey += `/onBehalfOf/${onBehalfOf}`;\n }\n\n return this.unboundedStorage\n .get(storageKey)\n .then((keyString) => JSON.parse(keyString))\n .then((keyObject) => this.kms.asKey(keyObject))\n .catch(() =>\n this.kms\n .fetchKey({uri, onBehalfOf})\n .then(tap((key) => this.unboundedStorage.put(storageKey, JSON.stringify(key, replacer))))\n );\n },\n});\n\n/**\n * JSON.stringify replacer that ensures private key data is serialized.\n * @param {string} k\n * @param {mixed} v\n * @returns {mixed}\n */\nfunction replacer(k, v) {\n if (k === 'jwk') {\n // note: this[k] and v may be different representations of the same value\n // eslint-disable-next-line no-invalid-this\n const json = this[k].toJSON(true);\n\n return json;\n }\n\n return v;\n}\n\nexport default Encryption;\n"],"mappings":";;;;;;;;;;;;;;;;;;AAIA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAC,sBAAA,CAAAF,OAAA;AAEA,IAAAG,UAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,SAAA,GAAAH,sBAAA,CAAAF,OAAA;AACA,IAAAM,QAAA,GAAAJ,sBAAA,CAAAF,OAAA;AAEA,IAAAO,aAAA,GAAAL,sBAAA,CAAAF,OAAA;AACA,IAAAQ,IAAA,GAAAN,sBAAA,CAAAF,OAAA;AAAwB,SAAAS,QAAAC,CAAA,EAAAC,CAAA,QAAAC,CAAA,GAAAC,YAAA,CAAAH,CAAA,OAAAI,6BAAA,QAAAC,CAAA,GAAAD,6BAAA,CAAAJ,CAAA,GAAAC,CAAA,KAAAI,CAAA,GAAAA,CAAA,CAAAC,MAAA,WAAAL,CAAA,WAAAM,gCAAA,CAAAP,CAAA,EAAAC,CAAA,EAAAO,UAAA,OAAAN,CAAA,CAAAO,IAAA,CAAAC,KAAA,CAAAR,CAAA,EAAAG,CAAA,YAAAH,CAAA;AAAA,SAAAS,cAAAX,CAAA,aAAAC,CAAA,MAAAA,CAAA,GAAAW,SAAA,CAAAC,MAAA,EAAAZ,CAAA,UAAAC,CAAA,WAAAU,SAAA,CAAAX,CAAA,IAAAW,SAAA,CAAAX,CAAA,QAAAA,CAAA,OAAAF,OAAA,CAAAe,MAAA,CAAAZ,CAAA,OAAAa,OAAA,WAAAd,CAAA,QAAAe,gBAAA,CAAAC,OAAA,EAAAjB,CAAA,EAAAC,CAAA,EAAAC,CAAA,CAAAD,CAAA,SAAAiB,iCAAA,GAAAC,wBAAA,CAAAnB,CAAA,EAAAkB,iCAAA,CAAAhB,CAAA,KAAAH,OAAA,CAAAe,MAAA,CAAAZ,CAAA,GAAAa,OAAA,WAAAd,CAAA,IAAAmB,sBAAA,CAAApB,CAAA,EAAAC,CAAA,EAAAM,gCAAA,CAAAL,CAAA,EAAAD,CAAA,iBAAAD,CAAA,IAbxB;AACA;AACA;AAaA,IAAMqB,UAAU,GAAGC,sBAAW,CAACC,MAAM,CAAC;EACpCC,QAAQ,EAAE;IACRC,GAAG,EAAEC;EACP,CAAC;EAEDC,SAAS,EAAE,YAAY;EAEvBC,sBAAsB,WAAAA,uBAACC,KAAK,EAAE;IAC5B,OAAO,IAAI,CAACJ,GAAG,CAACG,sBAAsB,CAACC,KAAK,CAAC;EAC/C,CAAC;EAEDC,aAAa,WAAAA,cAACC,GAAG,EAAEC,MAAM,EAAE;IACzB,OAAO,IAAAC,qBAAY,EAACD,MAAM,CAAC,CAACE,IAAI,CAAC,UAACC,CAAC,EAAK;MACtC;MACA,IAAIH,MAAM,CAACnB,MAAM,KAAK,CAAC,IAAImB,MAAM,CAACI,UAAU,KAAK,CAAC,EAAE;QAClD,OAAOC,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,yCAAyC,CAAC,CAAC;MAC7E;MAEA,OAAOR,GAAG,CAACS,OAAO,CAACL,CAAC,CAAC;IACvB,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEM,UAAU,WAAAA,WAACC,GAAG,EAAEC,SAAS,EAAEC,OAAO,EAAE;IAClC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKC,gBAAG,CAACC,OAAO,CAACF,CAAC,CAACG,GAAG,EAAEN,SAAS,CAAC;IAAA,EAAC;EAC7E,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEO,WAAW,WAAAA,YAACR,GAAG,EAAES,UAAU,EAAEP,OAAO,EAAE;IACpC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAACC,aAAa,CAACR,CAAC,CAACG,GAAG,CAAC,CAC1BT,OAAO,CAACW,UAAU,CAAC,CACnBjB,IAAI,CAAC,UAACqB,MAAM;QAAA,OAAKA,MAAM,CAACC,SAAS,CAACC,QAAQ,CAAC,CAAC;MAAA,EAAC;IAAA,CAClD,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACQC,QAAQ,WAAAA,SAACC,OAAO,EAAE5B,GAAG,EAAEa,OAAO,EAAE;IAAA,IAAAgB,KAAA;IAAA,WAAAC,kBAAA,CAAA5C,OAAA,gBAAA6C,YAAA,CAAA7C,OAAA,CAAA8C,IAAA,UAAAC,QAAA;MAAA,IAAAC,KAAA,EAAAC,OAAA;MAAA,OAAAJ,YAAA,CAAA7C,OAAA,CAAAkD,IAAA,UAAAC,SAAAC,QAAA;QAAA,kBAAAA,QAAA,CAAAC,IAAA,GAAAD,QAAA,CAAAE,IAAA;UAAA;YAAA,MAEhC,CAACZ,OAAO,IAAI,CAAC5B,GAAG;cAAAsC,QAAA,CAAAE,IAAA;cAAA;YAAA;YAAA,OAAAF,QAAA,CAAAG,MAAA,WACXnC,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kCAAkC,CAAC,CAAC;UAAA;YAGhE0B,KAAK,GAAG,IAAIQ,oBAAY,CAAC,CAAC;YAC1BP,OAAO,GAAGN,KAAI,CAACc,iBAAiB,CAACf,OAAO,EAAAhD,aAAA;cAAGgE,cAAc,EAAE;YAAI,GAAK/B,OAAO,CAAC,CAAC,CAChFV,IAAI,CAAC,UAAC0C,GAAG,EAAK;cACb;cACA,IAAMhC,OAAO,GAAG;gBACdiC,MAAM,EAAE,KAAK;gBACbD,GAAG,EAAHA,GAAG;gBACHE,YAAY,EAAE;cAChB,CAAC;cAED,IAAMC,GAAG,GAAGnB,KAAI,CAACoB,OAAO,CAACpC,OAAO,CAAC;cAEjC,IAAAqC,sBAAc,EAAC,UAAU,EAAErC,OAAO,CAACc,QAAQ,EAAEO,KAAK,CAAC;cAEnD,OAAOc,GAAG;YACZ,CAAC,CAAC,CACD7C,IAAI,CAAC,UAACgD,GAAG;cAAA,OAAKtB,KAAI,CAAC9B,aAAa,CAACC,GAAG,EAAEmD,GAAG,CAACC,IAAI,CAAC;YAAA,EAAC;YAEnD,IAAAC,mBAAW,EAACnB,KAAK,EAAEC,OAAO,CAAC;YAAC,OAAAG,QAAA,CAAAG,MAAA,WAErBN,OAAO;UAAA;UAAA;YAAA,OAAAG,QAAA,CAAAgB,IAAA;QAAA;MAAA,GAAArB,OAAA;IAAA;EAChB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;EACEU,iBAAiB,WAAAA,kBAACf,OAAO,EAAEf,OAAO,EAAE;IAAA,IAAA0C,MAAA;IAClC,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,wDAAwD,CAAC;IAE1E,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,IAAIhC,OAAO,CAACiC,QAAQ,CAAC,WAAW,CAAC,EAAE;MAC1E,IAAI,CAACL,MAAM,CAACC,IAAI,CACd,qFACF,CAAC;MAED,OAAOnD,QAAA,CAAApB,OAAA,CAAQ4E,OAAO,CAAClC,OAAO,CAAC;IACjC;IAEA,IAAIf,OAAO,IAAIA,OAAO,CAAC+B,cAAc,KAAK,KAAK,EAAE;MAC/C,IAAI,CAAChB,OAAO,CAACmC,UAAU,CAAC,UAAU,CAAC,EAAE;QACnC,IAAI,CAACP,MAAM,CAACQ,KAAK,CAAC,6CAA6C,CAAC;QAEhE,OAAO1D,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,iCAAiC,CAAC,CAAC;MACrE;MAEA,OAAOF,QAAA,CAAApB,OAAA,CAAQ4E,OAAO,CAAClC,OAAO,CAAC;IACjC;IAEA,IAAMqC,SAAS,GAAG;MAChBC,SAAS,EAAE,CAACtC,OAAO;IACrB,CAAC;IACD,IAAMuC,WAAW,GAAGC,YAAG,CAACC,KAAK,CAACzC,OAAO,CAAC;;IAEtC;IACAuC,WAAW,CAACG,QAAQ,GAAG,OAAO;IAC9BH,WAAW,CAACI,QAAQ,GAAG,wBAAwB;IAE/C,OAAO,IAAI,CAACtB,OAAO,CAAC;MAClBH,MAAM,EAAE,MAAM;MACdD,GAAG,EAAEuB,YAAG,CAACI,MAAM,CAACL,WAAW,CAAC;MAC5Bf,IAAI,EAAEvC,OAAO,GAAAjC,aAAA,CAAAA,aAAA,KAEJqF,SAAS;QACZQ,KAAK,EAAE5D,OAAO,CAAC6D,MAAM,CAACD;MAAK,KAE7BR;IACN,CAAC,CAAC,CACC9D,IAAI,CAAC,UAACgD,GAAG,EAAK;MACb;MACA,IAAMiB,GAAG,GAAGjB,GAAG,CAACC,IAAI,CAACc,SAAS,CAACtC,OAAO,CAAC;MAEvC,IAAI,CAACwC,GAAG,EAAE;QACRb,MAAI,CAACC,MAAM,CAACmB,IAAI,CACd,uGACF,CAAC;QAED,OAAO/C,OAAO;MAChB;MACA2B,MAAI,CAACC,MAAM,CAACC,IAAI,CAAC,uDAAuD,CAAC;MAEzE,OAAOW,GAAG;IACZ,CAAC,CAAC,CACDQ,KAAK,CAAC,UAACC,GAAG,EAAK;MACdtB,MAAI,CAACC,MAAM,CAACmB,IAAI,gBAAAG,MAAA,CACCD,GAAG,4CAAAC,MAAA,CAAyClD,OAAO,+BAAAkD,MAAA,CAA4BlD,OAAO,cACvG,CAAC;MAED,OAAOA,OAAO;IAChB,CAAC,CAAC;EACN,CAAC;EAEDmD,aAAa,WAAAA,cAACC,IAAI,EAAE;IAClB,OAAO,IAAA9E,qBAAY,EAAC8E,IAAI,CAAC,CAAC7E,IAAI,CAAC,UAACF,MAAM;MAAA,OACpCe,gBAAG,CAACiE,MAAM,CAAC,CAAC,CAAC9E,IAAI,CAAC,UAACH,GAAG;QAAA,OACpBA,GAAG,CACAkF,OAAO,CAACjF,MAAM,CAAC,CACfE,IAAI,CAACD,qBAAY;QAClB;QAAA,CACCC,IAAI,CAAC,UAACgF,KAAK;UAAA,OAAM;YAACnF,GAAG,EAAHA,GAAG;YAAEmF,KAAK,EAALA;UAAK,CAAC;QAAA,CAAC,CAAC;MAAA,CACpC,CAAC;IAAA,CACH,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,UAAU,WAAAA,WAACzE,GAAG,EAAEX,GAAG,EAAEa,OAAO,EAAE;IAAA,IAAAwE,MAAA;IAC5B;IACA,IAAI,CAACrF,GAAG,CAACsF,GAAG,EAAE;MACZ,OAAOhF,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtF;;IAEA;IACA,OAAO,IAAI,CAACM,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC,EAAK;MAC3C,IAAI,EAACA,CAAC,aAADA,CAAC,eAADA,CAAC,CAAEG,GAAG,GAAE;QACXmE,MAAI,CAAC7B,MAAM,CAACQ,KAAK,CAAC,gCAAgC,CAAC;QACnD,MAAM,IAAIxD,KAAK,CAAC,oBAAoB,CAAC;MACvC;MAEA,OAAOQ,gBAAG,CAACuE,QAAQ,CAACvF,GAAG,CAAC,CAACG,IAAI,CAAC,UAACqF,MAAM,EAAK;QACxC,IAAI,CAACA,MAAM,EAAE;UACXH,MAAI,CAAC7B,MAAM,CAACQ,KAAK,CAAC,2CAA2C,CAAC;UAC9D,MAAM,IAAIxD,KAAK,CAAC,+BAA+B,CAAC;QAClD;QAEA,OAAOgF,MAAM,CAACC,KAAK,CAAC1E,CAAC,CAACG,GAAG,CAAC;MAC5B,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEwE,WAAW,WAAAA,YAAC/E,GAAG,EAAEc,SAAS,EAAEZ,OAAO,EAAE;IAAA,IAAA8E,MAAA;IACnC,OAAO,IAAI,CAAC7E,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAACsE,aAAa,CAACD,MAAI,CAACE,MAAM,CAACC,WAAW,EAAE;QAC9CnF,GAAG,EAAEI,CAAC,CAACG,GAAG;QACV6E,MAAM,EAAE;UACNC,GAAG,EAAE;QACP,CAAC;QACDC,SAAS,EAAE;MACb,CAAC,CAAC,CAACC,KAAK,CAACzE,SAAS,EAAE,MAAM,CAAC;IAAA,CAC7B,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEX,MAAM,WAAAA,OAAC+B,GAAG,EAAqB;IAAA,IAAAsD,MAAA;IAAA,IAAAC,IAAA,GAAAvH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAwH,SAAA,GAAAxH,SAAA,MAAJ,CAAC,CAAC;MAAhByH,UAAU,GAAAF,IAAA,CAAVE,UAAU;IACrB,IAAIzD,GAAG,CAAC3B,GAAG,EAAE;MACX,OAAO,IAAI,CAACxB,GAAG,CAAC6G,KAAK,CAAC1D,GAAG,CAAC;IAC5B;IAEA,IAAI2D,UAAU,GAAG3D,GAAG;IAEpB,IAAIyD,UAAU,EAAE;MACdE,UAAU,mBAAA1B,MAAA,CAAmBwB,UAAU,CAAE;IAC3C;IAEA,OAAO,IAAI,CAACG,gBAAgB,CACzBC,GAAG,CAACF,UAAU,CAAC,CACfrG,IAAI,CAAC,UAACwG,SAAS;MAAA,OAAKC,IAAI,CAACvC,KAAK,CAACsC,SAAS,CAAC;IAAA,EAAC,CAC1CxG,IAAI,CAAC,UAAC0G,SAAS;MAAA,OAAKV,MAAI,CAACzG,GAAG,CAAC6G,KAAK,CAACM,SAAS,CAAC;IAAA,EAAC,CAC9CjC,KAAK,CAAC;MAAA,OACLuB,MAAI,CAACzG,GAAG,CACLoH,QAAQ,CAAC;QAACjE,GAAG,EAAHA,GAAG;QAAEyD,UAAU,EAAVA;MAAU,CAAC,CAAC,CAC3BnG,IAAI,CAAC,IAAA4G,WAAG,EAAC,UAACpG,GAAG;QAAA,OAAKwF,MAAI,CAACM,gBAAgB,CAACO,GAAG,CAACR,UAAU,EAAE,IAAAS,UAAA,CAAA/H,OAAA,EAAeyB,GAAG,EAAEuG,QAAQ,CAAC,CAAC;MAAA,EAAC,CAAC;IAAA,CAC7F,CAAC;EACL,CAAC;EAAAC,OAAA;AACH,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA,SAASD,QAAQA,CAACnG,CAAC,EAAEqG,CAAC,EAAE;EACtB,IAAIrG,CAAC,KAAK,KAAK,EAAE;IACf;IACA;IACA,IAAMsG,IAAI,GAAG,IAAI,CAACtG,CAAC,CAAC,CAACuG,MAAM,CAAC,IAAI,CAAC;IAEjC,OAAOD,IAAI;EACb;EAEA,OAAOD,CAAC;AACV;AAAC,IAAAG,QAAA,GAAAC,OAAA,CAAAtI,OAAA,GAEcI,UAAU"}
package/dist/kms.js CHANGED
@@ -809,7 +809,7 @@ var KMS = _webexCore.WebexPlugin.extend((_dec = (0, _common.oneFlight)({
809
809
  context.ephemeralKey = originalContext.ephemeralKey;
810
810
  return context;
811
811
  },
812
- version: "3.8.0-next.13"
812
+ version: "3.8.0-next.14"
813
813
  }, ((0, _applyDecoratedDescriptor2.default)(_obj, "fetchKey", [_dec], (0, _getOwnPropertyDescriptor.default)(_obj, "fetchKey"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "_getContext", [_common.oneFlight], (0, _getOwnPropertyDescriptor.default)(_obj, "_getContext"), _obj)), _obj)));
814
814
  var _default = exports.default = KMS;
815
815
  //# sourceMappingURL=kms.js.map
package/package.json CHANGED
@@ -28,23 +28,23 @@
28
28
  "@webex/eslint-config-legacy": "0.0.0",
29
29
  "@webex/jest-config-legacy": "0.0.0",
30
30
  "@webex/legacy-tools": "0.0.0",
31
- "@webex/test-helper-chai": "3.8.0-next.11",
32
- "@webex/test-helper-make-local-url": "3.8.0-next.11",
33
- "@webex/test-helper-mocha": "3.8.0-next.11",
34
- "@webex/test-helper-mock-webex": "3.8.0-next.11",
35
- "@webex/test-helper-test-users": "3.8.0-next.11",
31
+ "@webex/test-helper-chai": "3.8.0-next.12",
32
+ "@webex/test-helper-make-local-url": "3.8.0-next.12",
33
+ "@webex/test-helper-mocha": "3.8.0-next.12",
34
+ "@webex/test-helper-mock-webex": "3.8.0-next.12",
35
+ "@webex/test-helper-test-users": "3.8.0-next.12",
36
36
  "eslint": "^8.24.0",
37
37
  "prettier": "^2.7.1",
38
38
  "sinon": "^9.2.4"
39
39
  },
40
40
  "dependencies": {
41
- "@webex/common": "3.8.0-next.11",
42
- "@webex/common-timers": "3.8.0-next.11",
43
- "@webex/http-core": "3.8.0-next.11",
44
- "@webex/internal-plugin-device": "3.8.0-next.11",
45
- "@webex/internal-plugin-mercury": "3.8.0-next.13",
46
- "@webex/test-helper-file": "3.8.0-next.11",
47
- "@webex/webex-core": "3.8.0-next.11",
41
+ "@webex/common": "3.8.0-next.12",
42
+ "@webex/common-timers": "3.8.0-next.12",
43
+ "@webex/http-core": "3.8.0-next.12",
44
+ "@webex/internal-plugin-device": "3.8.0-next.12",
45
+ "@webex/internal-plugin-mercury": "3.8.0-next.14",
46
+ "@webex/test-helper-file": "3.8.0-next.12",
47
+ "@webex/webex-core": "3.8.0-next.12",
48
48
  "asn1js": "^2.0.26",
49
49
  "debug": "^4.3.4",
50
50
  "isomorphic-webcrypto": "^2.3.8",
@@ -67,5 +67,5 @@
67
67
  "test:style": "eslint ./src/**/*.*",
68
68
  "test:unit": "webex-legacy-tools test --unit --runner jest"
69
69
  },
70
- "version": "3.8.0-next.13"
70
+ "version": "3.8.0-next.14"
71
71
  }
package/src/encryption.js CHANGED
@@ -72,14 +72,14 @@ const Encryption = WebexPlugin.extend({
72
72
  * @param {Object} options - optional parameters to download a file
73
73
  * @returns {promise}
74
74
  */
75
- download(fileUrl, scr, options) {
75
+ async download(fileUrl, scr, options) {
76
76
  /* istanbul ignore if */
77
77
  if (!fileUrl || !scr) {
78
78
  return Promise.reject(new Error('`scr` and `fileUrl` are required'));
79
79
  }
80
80
 
81
81
  const shunt = new EventEmitter();
82
- const promise = this._fetchDownloadUrl(fileUrl, options)
82
+ const promise = this._fetchDownloadUrl(fileUrl, {useFileService: true, ...options})
83
83
  .then((uri) => {
84
84
  // eslint-disable-next-line no-shadow
85
85
  const options = {
@@ -118,6 +118,16 @@ const Encryption = WebexPlugin.extend({
118
118
  return Promise.resolve(fileUrl);
119
119
  }
120
120
 
121
+ if (options && options.useFileService === false) {
122
+ if (!fileUrl.startsWith('https://')) {
123
+ this.logger.error('encryption: direct file URLs must use HTTPS');
124
+
125
+ return Promise.reject(new Error('Direct file URLs must use HTTPS'));
126
+ }
127
+
128
+ return Promise.resolve(fileUrl);
129
+ }
130
+
121
131
  const inputBody = {
122
132
  endpoints: [fileUrl],
123
133
  };
@@ -188,7 +198,22 @@ const Encryption = WebexPlugin.extend({
188
198
  return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));
189
199
  }
190
200
 
191
- return this.getKey(key, options).then((k) => scr.toJWE(k.jwk));
201
+ // first we get the scr json, then we create an SCR instance using the key json and then we create a JWE using the key jwk
202
+ return this.getKey(key, options).then((k) => {
203
+ if (!k?.jwk) {
204
+ this.logger.error('encryption: Invalid key or JWK');
205
+ throw new Error('Invalid key or JWK');
206
+ }
207
+
208
+ return SCR.fromJSON(scr).then((encScr) => {
209
+ if (!encScr) {
210
+ this.logger.error('encryption: Failed to create SCR instance');
211
+ throw new Error('Failed to create SCR instance');
212
+ }
213
+
214
+ return encScr.toJWE(k.jwk);
215
+ });
216
+ });
192
217
  },
193
218
 
194
219
  /**