npm - @webex/internal-plugin-encryption - Versions diffs - 3.8.0-next.13 → 3.8.0-next.15 - Mend

@webex/internal-plugin-encryption 3.8.0-next.13 → 3.8.0-next.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/encryption.js CHANGED Viewed

@@ -87,7 +87,9 @@ var Encryption = _webexCore.WebexPlugin.extend({
       return _promise.default.reject(new Error('`scr` and `fileUrl` are required'));
     }
     var shunt = new _events.EventEmitter();
-    var promise = this._fetchDownloadUrl(fileUrl, options).then(function (uri) {
+    var promise = this._fetchDownloadUrl(fileUrl, _objectSpread({
+      useFileService: true
+    }, options)).then(function (uri) {
       // eslint-disable-next-line no-shadow
       var options = {
         method: 'GET',
@@ -110,12 +112,20 @@ var Encryption = _webexCore.WebexPlugin.extend({
    * @returns {promise} url of the downloadable file
    */
   _fetchDownloadUrl: function _fetchDownloadUrl(fileUrl, options) {
-    var _this2 = this;
+    var _options$params,
+      _this2 = this;
     this.logger.info('encryption: retrieving download url for encrypted file');
     if (process.env.NODE_ENV !== 'production' && fileUrl.includes('localhost')) {
       this.logger.info('encryption: bypassing webex files because this looks to be a test file on localhost');
       return _promise.default.resolve(fileUrl);
     }
+    if (options && options.useFileService === false) {
+      if (!fileUrl.startsWith('https://')) {
+        this.logger.error('encryption: direct file URLs must use HTTPS');
+        return _promise.default.reject(new Error('Direct file URLs must use HTTPS'));
+      }
+      return _promise.default.resolve(fileUrl);
+    }
     var inputBody = {
       endpoints: [fileUrl]
     };
@@ -127,7 +137,7 @@ var Encryption = _webexCore.WebexPlugin.extend({
     return this.request({
       method: 'POST',
       uri: _url.default.format(endpointUrl),
-      body: options ? _objectSpread(_objectSpread({}, inputBody), {}, {
+      body: (options === null || options === void 0 ? void 0 : (_options$params = options.params) === null || _options$params === void 0 ? void 0 : _options$params.allow) != null ? _objectSpread(_objectSpread({}, inputBody), {}, {
         allow: options.params.allow
       }) : inputBody
     }).then(function (res) {
@@ -168,12 +178,25 @@ var Encryption = _webexCore.WebexPlugin.extend({
    * @returns {string} Encrypted SCR
    */
   encryptScr: function encryptScr(key, scr, options) {
+    var _this3 = this;
     /* istanbul ignore if */
     if (!scr.loc) {
       return _promise.default.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));
     }
+    // first we get the scr json, then we create an SCR instance using the key json and then we create a JWE using the key jwk
     return this.getKey(key, options).then(function (k) {
-      return scr.toJWE(k.jwk);
+      if (!(k !== null && k !== void 0 && k.jwk)) {
+        _this3.logger.error('encryption: Invalid key or JWK');
+        throw new Error('Invalid key or JWK');
+      }
+      return _nodeScr.default.fromJSON(scr).then(function (encScr) {
+        if (!encScr) {
+          _this3.logger.error('encryption: Failed to create SCR instance');
+          throw new Error('Failed to create SCR instance');
+        }
+        return encScr.toJWE(k.jwk);
+      });
     });
   },
   /**
@@ -186,9 +209,9 @@ var Encryption = _webexCore.WebexPlugin.extend({
    * @returns {string} Encrypted text
    */
   encryptText: function encryptText(key, plaintext, options) {
-    var _this3 = this;
+    var _this4 = this;
     return this.getKey(key, options).then(function (k) {
-      return _nodeJose.default.JWE.createEncrypt(_this3.config.joseOptions, {
+      return _nodeJose.default.JWE.createEncrypt(_this4.config.joseOptions, {
         key: k.jwk,
         header: {
           alg: 'dir'
@@ -206,7 +229,7 @@ var Encryption = _webexCore.WebexPlugin.extend({
    * @returns {string} Key
    */
   getKey: function getKey(uri) {
-    var _this4 = this;
+    var _this5 = this;
     var _ref = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {},
       onBehalfOf = _ref.onBehalfOf;
     if (uri.jwk) {
@@ -219,17 +242,17 @@ var Encryption = _webexCore.WebexPlugin.extend({
     return this.unboundedStorage.get(storageKey).then(function (keyString) {
       return JSON.parse(keyString);
     }).then(function (keyObject) {
-      return _this4.kms.asKey(keyObject);
+      return _this5.kms.asKey(keyObject);
     }).catch(function () {
-      return _this4.kms.fetchKey({
+      return _this5.kms.fetchKey({
         uri: uri,
         onBehalfOf: onBehalfOf
       }).then((0, _common.tap)(function (key) {
-        return _this4.unboundedStorage.put(storageKey, (0, _stringify.default)(key, replacer));
+        return _this5.unboundedStorage.put(storageKey, (0, _stringify.default)(key, replacer));
       }));
     });
   },
-  version: "3.8.0-next.13"
+  version: "3.8.0-next.15"
 });
 /**

package/dist/encryption.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["_events","require","_url","_interopRequireDefault","_webexCore","_common","_nodeJose","_nodeScr","_ensureBuffer","_kms","ownKeys","e","r","t","_Object$keys","_Object$getOwnPropertySymbols","o","filter","_Object$getOwnPropertyDescriptor","enumerable","push","apply","_objectSpread","arguments","length","Object","forEach","_defineProperty2","default","_Object$getOwnPropertyDescriptors","_Object$defineProperties","_Object$defineProperty","Encryption","WebexPlugin","extend","children","kms","KMS","namespace","processKmsMessageEvent","event","decryptBinary","scr","buffer","ensureBuffer","then","b","byteLength","_promise","reject","Error","decrypt","decryptScr","key","cipherScr","options","getKey","k","SCR","fromJWE","jwk","decryptText","ciphertext","jose","JWE","createDecrypt","result","plaintext","toString","download","fileUrl","_this","shunt","EventEmitter","promise","_fetchDownloadUrl","uri","method","responseType","ret","request","transferEvents","res","body","proxyEvents","_this2","logger","info","process","env","NODE_ENV","includes","resolve","inputBody","endpoints","endpointUrl","url","parse","protocol","pathname","format","allow","params","warn","catch","err","concat","encryptBinary","file","create","encrypt","cdata","encryptScr","loc","toJWE","encryptText","_this3","createEncrypt","config","joseOptions","header","alg","reference","final","_this4","_ref","undefined","onBehalfOf","asKey","storageKey","unboundedStorage","get","keyString","JSON","keyObject","fetchKey","tap","put","_stringify","replacer","version","v","json","toJSON","_default","exports"],"sources":["encryption.js"],"sourcesContent":["/!\n Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n /\n\nimport {EventEmitter} from 'events';\nimport url from 'url';\n\nimport {WebexPlugin} from '@webex/webex-core';\nimport {proxyEvents, tap, transferEvents} from '@webex/common';\nimport jose from 'node-jose';\nimport SCR from 'node-scr';\n\nimport ensureBuffer from './ensure-buffer';\nimport KMS from './kms';\n\nconst Encryption = WebexPlugin.extend({\n children: {\n kms: KMS,\n },\n\n namespace: 'Encryption',\n\n processKmsMessageEvent(event) {\n return this.kms.processKmsMessageEvent(event);\n },\n\n decryptBinary(scr, buffer) {\n return ensureBuffer(buffer).then((b) => {\n / istanbul ignore if /\n if (buffer.length === 0 \|\| buffer.byteLength === 0) {\n return Promise.reject(new Error('Attempted to decrypt zero-length buffer'));\n }\n\n return scr.decrypt(b);\n });\n },\n\n /\n Decrypt a SCR (Secure Content Resource) using the supplied key uri.\n \n @param {string} key - The uri of a key stored in KMS\n * @param {Object} cipherScr - An encrypted SCR\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {Object} Decrypted SCR\n /\n decryptScr(key, cipherScr, options) {\n return this.getKey(key, options).then((k) => SCR.fromJWE(k.jwk, cipherScr));\n },\n\n /\n Decrypt text using the supplied key uri.\n \n @param {string} key - The uri of a key stored in KMS\n * @param {string} ciphertext - Encrypted text\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Decrypted plaintext\n /\n decryptText(key, ciphertext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createDecrypt(k.jwk)\n .decrypt(ciphertext)\n .then((result) => result.plaintext.toString())\n );\n },\n\n /\n Validate and initiate a Download request for requested file\n * @param {Object} fileUrl - Plaintext\n * @param {Object} scr - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise}\n /\n download(fileUrl, scr, options) {\n / istanbul ignore if /\n if (!fileUrl \|\| !scr) {\n return Promise.reject(new Error('`scr` and `fileUrl` are required'));\n }\n\n const shunt = new EventEmitter();\n const promise = this._fetchDownloadUrl(fileUrl, options)\n .then((uri) => {\n // eslint-disable-next-line no-shadow\n const options = {\n method: 'GET',\n uri,\n responseType: 'buffer',\n };\n\n const ret = this.request(options);\n\n transferEvents('progress', options.download, shunt);\n\n return ret;\n })\n .then((res) => this.decryptBinary(scr, res.body));\n\n proxyEvents(shunt, promise);\n\n return promise;\n },\n\n /\n Fetch Download URL for the requested file\n * @param {Object} fileUrl - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise} url of the downloadable file\n /\n _fetchDownloadUrl(fileUrl, options) {\n this.logger.info('encryption: retrieving download url for encrypted file');\n\n if (process.env.NODE_ENV !== 'production' && fileUrl.includes('localhost')) {\n this.logger.info(\n 'encryption: bypassing webex files because this looks to be a test file on localhost'\n );\n\n return Promise.resolve(fileUrl);\n }\n\n const inputBody = {\n endpoints: [fileUrl],\n };\n const endpointUrl = url.parse(fileUrl);\n\n // hardcode the url to use 'https' and the file service '/v1/download/endpoints' api\n endpointUrl.protocol = 'https';\n endpointUrl.pathname = '/v1/download/endpoints';\n\n return this.request({\n method: 'POST',\n uri: url.format(endpointUrl),\n body: options\n ? {\n ...inputBody,\n allow: options.params.allow,\n }\n : inputBody,\n })\n .then((res) => {\n // eslint-disable-next-line no-shadow\n const url = res.body.endpoints[fileUrl];\n\n if (!url) {\n this.logger.warn(\n 'encryption: could not determine download url for `fileUrl`; attempting to download `fileUrl` directly'\n );\n\n return fileUrl;\n }\n this.logger.info('encryption: retrieved download url for encrypted file');\n\n return url;\n })\n .catch((err) => {\n this.logger.warn(\n `encryption: ${err} could not determine download url for ${fileUrl}; attempting to download ${fileUrl} directly`\n );\n\n return fileUrl;\n });\n },\n\n encryptBinary(file) {\n return ensureBuffer(file).then((buffer) =>\n SCR.create().then((scr) =>\n scr\n .encrypt(buffer)\n .then(ensureBuffer)\n // eslint-disable-next-line max-nested-callbacks\n .then((cdata) => ({scr, cdata}))\n )\n );\n },\n\n /\n Encrypt a SCR (Secure Content Resource) using the supplied key uri.\n \n @param {string} key - The uri of a key stored in KMS\n * @param {Object} scr - Plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted SCR\n /\n encryptScr(key, scr, options) {\n / istanbul ignore if /\n if (!scr.loc) {\n return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));\n }\n\n return this.getKey(key, options).then((k) => scr.toJWE(k.jwk));\n },\n\n /\n Encrypt plaintext using the supplied key uri.\n \n @param {string} key - The uri of a key stored in KMS\n * @param {string} plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted text\n /\n encryptText(key, plaintext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createEncrypt(this.config.joseOptions, {\n key: k.jwk,\n header: {\n alg: 'dir',\n },\n reference: null,\n }).final(plaintext, 'utf8')\n );\n },\n\n /\n Fetch the key associated with the supplied KMS uri.\n \n @param {string} uri - The uri of a key stored in KMS\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Key\n /\n getKey(uri, {onBehalfOf} = {}) {\n if (uri.jwk) {\n return this.kms.asKey(uri);\n }\n\n let storageKey = uri;\n\n if (onBehalfOf) {\n storageKey += `/onBehalfOf/${onBehalfOf}`;\n }\n\n return this.unboundedStorage\n .get(storageKey)\n .then((keyString) => JSON.parse(keyString))\n .then((keyObject) => this.kms.asKey(keyObject))\n .catch(() =>\n this.kms\n .fetchKey({uri, onBehalfOf})\n .then(tap((key) => this.unboundedStorage.put(storageKey, JSON.stringify(key, replacer))))\n );\n },\n});\n\n/\n JSON.stringify replacer that ensures private key data is serialized.\n * @param {string} k\n * @param {mixed} v\n * @returns {mixed}\n */\nfunction replacer(k, v) {\n if (k === 'jwk') {\n // note: this[k] and v may be different representations of the same value\n // eslint-disable-next-line no-invalid-this\n const json = this[k].toJSON(true);\n\n return json;\n }\n\n return v;\n}\n\nexport default Encryption;\n"],"mappings":";;;;;;;;;;;;;;;;AAIA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAC,sBAAA,CAAAF,OAAA;AAEA,IAAAG,UAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,SAAA,GAAAH,sBAAA,CAAAF,OAAA;AACA,IAAAM,QAAA,GAAAJ,sBAAA,CAAAF,OAAA;AAEA,IAAAO,aAAA,GAAAL,sBAAA,CAAAF,OAAA;AACA,IAAAQ,IAAA,GAAAN,sBAAA,CAAAF,OAAA;AAAwB,SAAAS,QAAAC,CAAA,EAAAC,CAAA,QAAAC,CAAA,GAAAC,YAAA,CAAAH,CAAA,OAAAI,6BAAA,QAAAC,CAAA,GAAAD,6BAAA,CAAAJ,CAAA,GAAAC,CAAA,KAAAI,CAAA,GAAAA,CAAA,CAAAC,MAAA,WAAAL,CAAA,WAAAM,gCAAA,CAAAP,CAAA,EAAAC,CAAA,EAAAO,UAAA,OAAAN,CAAA,CAAAO,IAAA,CAAAC,KAAA,CAAAR,CAAA,EAAAG,CAAA,YAAAH,CAAA;AAAA,SAAAS,cAAAX,CAAA,aAAAC,CAAA,MAAAA,CAAA,GAAAW,SAAA,CAAAC,MAAA,EAAAZ,CAAA,UAAAC,CAAA,WAAAU,SAAA,CAAAX,CAAA,IAAAW,SAAA,CAAAX,CAAA,QAAAA,CAAA,OAAAF,OAAA,CAAAe,MAAA,CAAAZ,CAAA,OAAAa,OAAA,WAAAd,CAAA,QAAAe,gBAAA,CAAAC,OAAA,EAAAjB,CAAA,EAAAC,CAAA,EAAAC,CAAA,CAAAD,CAAA,SAAAiB,iCAAA,GAAAC,wBAAA,CAAAnB,CAAA,EAAAkB,iCAAA,CAAAhB,CAAA,KAAAH,OAAA,CAAAe,MAAA,CAAAZ,CAAA,GAAAa,OAAA,WAAAd,CAAA,IAAAmB,sBAAA,CAAApB,CAAA,EAAAC,CAAA,EAAAM,gCAAA,CAAAL,CAAA,EAAAD,CAAA,iBAAAD,CAAA,IAbxB;AACA;AACA;AAaA,IAAMqB,UAAU,GAAGC,sBAAW,CAACC,MAAM,CAAC;EACpCC,QAAQ,EAAE;IACRC,GAAG,EAAEC;EACP,CAAC;EAEDC,SAAS,EAAE,YAAY;EAEvBC,sBAAsB,WAAAA,uBAACC,KAAK,EAAE;IAC5B,OAAO,IAAI,CAACJ,GAAG,CAACG,sBAAsB,CAACC,KAAK,CAAC;EAC/C,CAAC;EAEDC,aAAa,WAAAA,cAACC,GAAG,EAAEC,MAAM,EAAE;IACzB,OAAO,IAAAC,qBAAY,EAACD,MAAM,CAAC,CAACE,IAAI,CAAC,UAACC,CAAC,EAAK;MACtC;MACA,IAAIH,MAAM,CAACnB,MAAM,KAAK,CAAC,IAAImB,MAAM,CAACI,UAAU,KAAK,CAAC,EAAE;QAClD,OAAOC,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,yCAAyC,CAAC,CAAC;MAC7E;MAEA,OAAOR,GAAG,CAACS,OAAO,CAACL,CAAC,CAAC;IACvB,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEM,UAAU,WAAAA,WAACC,GAAG,EAAEC,SAAS,EAAEC,OAAO,EAAE;IAClC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKC,gBAAG,CAACC,OAAO,CAACF,CAAC,CAACG,GAAG,EAAEN,SAAS,CAAC;IAAA,EAAC;EAC7E,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEO,WAAW,WAAAA,YAACR,GAAG,EAAES,UAAU,EAAEP,OAAO,EAAE;IACpC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAACC,aAAa,CAACR,CAAC,CAACG,GAAG,CAAC,CAC1BT,OAAO,CAACW,UAAU,CAAC,CACnBjB,IAAI,CAAC,UAACqB,MAAM;QAAA,OAAKA,MAAM,CAACC,SAAS,CAACC,QAAQ,CAAC,CAAC;MAAA,EAAC;IAAA,CAClD,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,QAAQ,WAAAA,SAACC,OAAO,EAAE5B,GAAG,EAAEa,OAAO,EAAE;IAAA,IAAAgB,KAAA;IAC9B;IACA,IAAI,CAACD,OAAO,IAAI,CAAC5B,GAAG,EAAE;MACpB,OAAOM,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtE;IAEA,IAAMsB,KAAK,GAAG,IAAIC,oBAAY,CAAC,CAAC;IAChC,IAAMC,OAAO,GAAG,IAAI,CAACC,iBAAiB,CAACL,OAAO,EAAEf,OAAO,CAAC,CACrDV,IAAI,CAAC,UAAC+B,GAAG,EAAK;MACb;MACA,IAAMrB,OAAO,GAAG;QACdsB,MAAM,EAAE,KAAK;QACbD,GAAG,EAAHA,GAAG;QACHE,YAAY,EAAE;MAChB,CAAC;MAED,IAAMC,GAAG,GAAGR,KAAI,CAACS,OAAO,CAACzB,OAAO,CAAC;MAEjC,IAAA0B,sBAAc,EAAC,UAAU,EAAE1B,OAAO,CAACc,QAAQ,EAAEG,KAAK,CAAC;MAEnD,OAAOO,GAAG;IACZ,CAAC,CAAC,CACDlC,IAAI,CAAC,UAACqC,GAAG;MAAA,OAAKX,KAAI,CAAC9B,aAAa,CAACC,GAAG,EAAEwC,GAAG,CAACC,IAAI,CAAC;IAAA,EAAC;IAEnD,IAAAC,mBAAW,EAACZ,KAAK,EAAEE,OAAO,CAAC;IAE3B,OAAOA,OAAO;EAChB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;EACEC,iBAAiB,WAAAA,kBAACL,OAAO,EAAEf,OAAO,EAAE;IAAA,IAAA8B,MAAA;IAClC,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,wDAAwD,CAAC;IAE1E,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,IAAIpB,OAAO,CAACqB,QAAQ,CAAC,WAAW,CAAC,EAAE;MAC1E,IAAI,CAACL,MAAM,CAACC,IAAI,CACd,qFACF,CAAC;MAED,OAAOvC,QAAA,CAAApB,OAAA,CAAQgE,OAAO,CAACtB,OAAO,CAAC;IACjC;IAEA,IAAMuB,SAAS,GAAG;MAChBC,SAAS,EAAE,CAACxB,OAAO;IACrB,CAAC;IACD,IAAMyB,WAAW,GAAGC,YAAG,CAACC,KAAK,CAAC3B,OAAO,CAAC;;IAEtC;IACAyB,WAAW,CAACG,QAAQ,GAAG,OAAO;IAC9BH,WAAW,CAACI,QAAQ,GAAG,wBAAwB;IAE/C,OAAO,IAAI,CAACnB,OAAO,CAAC;MAClBH,MAAM,EAAE,MAAM;MACdD,GAAG,EAAEoB,YAAG,CAACI,MAAM,CAACL,WAAW,CAAC;MAC5BZ,IAAI,EAAE5B,OAAO,GAAAjC,aAAA,CAAAA,aAAA,KAEJuE,SAAS;QACZQ,KAAK,EAAE9C,OAAO,CAAC+C,MAAM,CAACD;MAAK,KAE7BR;IACN,CAAC,CAAC,CACChD,IAAI,CAAC,UAACqC,GAAG,EAAK;MACb;MACA,IAAMc,GAAG,GAAGd,GAAG,CAACC,IAAI,CAACW,SAAS,CAACxB,OAAO,CAAC;MAEvC,IAAI,CAAC0B,GAAG,EAAE;QACRX,MAAI,CAACC,MAAM,CAACiB,IAAI,CACd,uGACF,CAAC;QAED,OAAOjC,OAAO;MAChB;MACAe,MAAI,CAACC,MAAM,CAACC,IAAI,CAAC,uDAAuD,CAAC;MAEzE,OAAOS,GAAG;IACZ,CAAC,CAAC,CACDQ,KAAK,CAAC,UAACC,GAAG,EAAK;MACdpB,MAAI,CAACC,MAAM,CAACiB,IAAI,gBAAAG,MAAA,CACCD,GAAG,4CAAAC,MAAA,CAAyCpC,OAAO,+BAAAoC,MAAA,CAA4BpC,OAAO,cACvG,CAAC;MAED,OAAOA,OAAO;IAChB,CAAC,CAAC;EACN,CAAC;EAEDqC,aAAa,WAAAA,cAACC,IAAI,EAAE;IAClB,OAAO,IAAAhE,qBAAY,EAACgE,IAAI,CAAC,CAAC/D,IAAI,CAAC,UAACF,MAAM;MAAA,OACpCe,gBAAG,CAACmD,MAAM,CAAC,CAAC,CAAChE,IAAI,CAAC,UAACH,GAAG;QAAA,OACpBA,GAAG,CACAoE,OAAO,CAACnE,MAAM,CAAC,CACfE,IAAI,CAACD,qBAAY;QAClB;QAAA,CACCC,IAAI,CAAC,UAACkE,KAAK;UAAA,OAAM;YAACrE,GAAG,EAAHA,GAAG;YAAEqE,KAAK,EAALA;UAAK,CAAC;QAAA,CAAC,CAAC;MAAA,CACpC,CAAC;IAAA,CACH,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,UAAU,WAAAA,WAAC3D,GAAG,EAAEX,GAAG,EAAEa,OAAO,EAAE;IAC5B;IACA,IAAI,CAACb,GAAG,CAACuE,GAAG,EAAE;MACZ,OAAOjE,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtF;IAEA,OAAO,IAAI,CAACM,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKf,GAAG,CAACwE,KAAK,CAACzD,CAAC,CAACG,GAAG,CAAC;IAAA,EAAC;EAChE,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEuD,WAAW,WAAAA,YAAC9D,GAAG,EAAEc,SAAS,EAAEZ,OAAO,EAAE;IAAA,IAAA6D,MAAA;IACnC,OAAO,IAAI,CAAC5D,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAACqD,aAAa,CAACD,MAAI,CAACE,MAAM,CAACC,WAAW,EAAE;QAC9ClE,GAAG,EAAEI,CAAC,CAACG,GAAG;QACV4D,MAAM,EAAE;UACNC,GAAG,EAAE;QACP,CAAC;QACDC,SAAS,EAAE;MACb,CAAC,CAAC,CAACC,KAAK,CAACxD,SAAS,EAAE,MAAM,CAAC;IAAA,CAC7B,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEX,MAAM,WAAAA,OAACoB,GAAG,EAAqB;IAAA,IAAAgD,MAAA;IAAA,IAAAC,IAAA,GAAAtG,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAuG,SAAA,GAAAvG,SAAA,MAAJ,CAAC,CAAC;MAAhBwG,UAAU,GAAAF,IAAA,CAAVE,UAAU;IACrB,IAAInD,GAAG,CAAChB,GAAG,EAAE;MACX,OAAO,IAAI,CAACxB,GAAG,CAAC4F,KAAK,CAACpD,GAAG,CAAC;IAC5B;IAEA,IAAIqD,UAAU,GAAGrD,GAAG;IAEpB,IAAImD,UAAU,EAAE;MACdE,UAAU,mBAAAvB,MAAA,CAAmBqB,UAAU,CAAE;IAC3C;IAEA,OAAO,IAAI,CAACG,gBAAgB,CACzBC,GAAG,CAACF,UAAU,CAAC,CACfpF,IAAI,CAAC,UAACuF,SAAS;MAAA,OAAKC,IAAI,CAACpC,KAAK,CAACmC,SAAS,CAAC;IAAA,EAAC,CAC1CvF,IAAI,CAAC,UAACyF,SAAS;MAAA,OAAKV,MAAI,CAACxF,GAAG,CAAC4F,KAAK,CAACM,SAAS,CAAC;IAAA,EAAC,CAC9C9B,KAAK,CAAC;MAAA,OACLoB,MAAI,CAACxF,GAAG,CACLmG,QAAQ,CAAC;QAAC3D,GAAG,EAAHA,GAAG;QAAEmD,UAAU,EAAVA;MAAU,CAAC,CAAC,CAC3BlF,IAAI,CAAC,IAAA2F,WAAG,EAAC,UAACnF,GAAG;QAAA,OAAKuE,MAAI,CAACM,gBAAgB,CAACO,GAAG,CAACR,UAAU,EAAE,IAAAS,UAAA,CAAA9G,OAAA,EAAeyB,GAAG,EAAEsF,QAAQ,CAAC,CAAC;MAAA,EAAC,CAAC;IAAA,CAC7F,CAAC;EACL,CAAC;EAAAC,OAAA;AACH,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA,SAASD,QAAQA,CAAClF,CAAC,EAAEoF,CAAC,EAAE;EACtB,IAAIpF,CAAC,KAAK,KAAK,EAAE;IACf;IACA;IACA,IAAMqF,IAAI,GAAG,IAAI,CAACrF,CAAC,CAAC,CAACsF,MAAM,CAAC,IAAI,CAAC;IAEjC,OAAOD,IAAI;EACb;EAEA,OAAOD,CAAC;AACV;AAAC,IAAAG,QAAA,GAAAC,OAAA,CAAArH,OAAA,GAEcI,UAAU"}
1	+ {"version":3,"names":["_events","require","_url","_interopRequireDefault","_webexCore","_common","_nodeJose","_nodeScr","_ensureBuffer","_kms","ownKeys","e","r","t","_Object$keys","_Object$getOwnPropertySymbols","o","filter","_Object$getOwnPropertyDescriptor","enumerable","push","apply","_objectSpread","arguments","length","Object","forEach","_defineProperty2","default","_Object$getOwnPropertyDescriptors","_Object$defineProperties","_Object$defineProperty","Encryption","WebexPlugin","extend","children","kms","KMS","namespace","processKmsMessageEvent","event","decryptBinary","scr","buffer","ensureBuffer","then","b","byteLength","_promise","reject","Error","decrypt","decryptScr","key","cipherScr","options","getKey","k","SCR","fromJWE","jwk","decryptText","ciphertext","jose","JWE","createDecrypt","result","plaintext","toString","download","fileUrl","_this","shunt","EventEmitter","promise","_fetchDownloadUrl","useFileService","uri","method","responseType","ret","request","transferEvents","res","body","proxyEvents","_options$params","_this2","logger","info","process","env","NODE_ENV","includes","resolve","startsWith","error","inputBody","endpoints","endpointUrl","url","parse","protocol","pathname","format","params","allow","warn","catch","err","concat","encryptBinary","file","create","encrypt","cdata","encryptScr","_this3","loc","fromJSON","encScr","toJWE","encryptText","_this4","createEncrypt","config","joseOptions","header","alg","reference","final","_this5","_ref","undefined","onBehalfOf","asKey","storageKey","unboundedStorage","get","keyString","JSON","keyObject","fetchKey","tap","put","_stringify","replacer","version","v","json","toJSON","_default","exports"],"sources":["encryption.js"],"sourcesContent":["/!\n Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n /\n\nimport {EventEmitter} from 'events';\nimport url from 'url';\n\nimport {WebexPlugin} from '@webex/webex-core';\nimport {proxyEvents, tap, transferEvents} from '@webex/common';\nimport jose from 'node-jose';\nimport SCR from 'node-scr';\n\nimport ensureBuffer from './ensure-buffer';\nimport KMS from './kms';\n\nconst Encryption = WebexPlugin.extend({\n children: {\n kms: KMS,\n },\n\n namespace: 'Encryption',\n\n processKmsMessageEvent(event) {\n return this.kms.processKmsMessageEvent(event);\n },\n\n decryptBinary(scr, buffer) {\n return ensureBuffer(buffer).then((b) => {\n / istanbul ignore if /\n if (buffer.length === 0 \|\| buffer.byteLength === 0) {\n return Promise.reject(new Error('Attempted to decrypt zero-length buffer'));\n }\n\n return scr.decrypt(b);\n });\n },\n\n /\n Decrypt a SCR (Secure Content Resource) using the supplied key uri.\n \n @param {string} key - The uri of a key stored in KMS\n * @param {Object} cipherScr - An encrypted SCR\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {Object} Decrypted SCR\n /\n decryptScr(key, cipherScr, options) {\n return this.getKey(key, options).then((k) => SCR.fromJWE(k.jwk, cipherScr));\n },\n\n /\n Decrypt text using the supplied key uri.\n \n @param {string} key - The uri of a key stored in KMS\n * @param {string} ciphertext - Encrypted text\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Decrypted plaintext\n /\n decryptText(key, ciphertext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createDecrypt(k.jwk)\n .decrypt(ciphertext)\n .then((result) => result.plaintext.toString())\n );\n },\n\n /\n Validate and initiate a Download request for requested file\n * @param {Object} fileUrl - Plaintext\n * @param {Object} scr - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise}\n /\n download(fileUrl, scr, options) {\n / istanbul ignore if /\n if (!fileUrl \|\| !scr) {\n return Promise.reject(new Error('`scr` and `fileUrl` are required'));\n }\n\n const shunt = new EventEmitter();\n const promise = this._fetchDownloadUrl(fileUrl, {useFileService: true, ...options})\n .then((uri) => {\n // eslint-disable-next-line no-shadow\n const options = {\n method: 'GET',\n uri,\n responseType: 'buffer',\n };\n\n const ret = this.request(options);\n\n transferEvents('progress', options.download, shunt);\n\n return ret;\n })\n .then((res) => this.decryptBinary(scr, res.body));\n\n proxyEvents(shunt, promise);\n\n return promise;\n },\n\n /\n Fetch Download URL for the requested file\n * @param {Object} fileUrl - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise} url of the downloadable file\n /\n _fetchDownloadUrl(fileUrl, options) {\n this.logger.info('encryption: retrieving download url for encrypted file');\n\n if (process.env.NODE_ENV !== 'production' && fileUrl.includes('localhost')) {\n this.logger.info(\n 'encryption: bypassing webex files because this looks to be a test file on localhost'\n );\n\n return Promise.resolve(fileUrl);\n }\n\n if (options && options.useFileService === false) {\n if (!fileUrl.startsWith('https://')) {\n this.logger.error('encryption: direct file URLs must use HTTPS');\n\n return Promise.reject(new Error('Direct file URLs must use HTTPS'));\n }\n\n return Promise.resolve(fileUrl);\n }\n\n const inputBody = {\n endpoints: [fileUrl],\n };\n const endpointUrl = url.parse(fileUrl);\n\n // hardcode the url to use 'https' and the file service '/v1/download/endpoints' api\n endpointUrl.protocol = 'https';\n endpointUrl.pathname = '/v1/download/endpoints';\n\n return this.request({\n method: 'POST',\n uri: url.format(endpointUrl),\n body:\n options?.params?.allow != null\n ? {\n ...inputBody,\n allow: options.params.allow,\n }\n : inputBody,\n })\n .then((res) => {\n // eslint-disable-next-line no-shadow\n const url = res.body.endpoints[fileUrl];\n\n if (!url) {\n this.logger.warn(\n 'encryption: could not determine download url for `fileUrl`; attempting to download `fileUrl` directly'\n );\n\n return fileUrl;\n }\n this.logger.info('encryption: retrieved download url for encrypted file');\n\n return url;\n })\n .catch((err) => {\n this.logger.warn(\n `encryption: ${err} could not determine download url for ${fileUrl}; attempting to download ${fileUrl} directly`\n );\n\n return fileUrl;\n });\n },\n\n encryptBinary(file) {\n return ensureBuffer(file).then((buffer) =>\n SCR.create().then((scr) =>\n scr\n .encrypt(buffer)\n .then(ensureBuffer)\n // eslint-disable-next-line max-nested-callbacks\n .then((cdata) => ({scr, cdata}))\n )\n );\n },\n\n /\n Encrypt a SCR (Secure Content Resource) using the supplied key uri.\n \n @param {string} key - The uri of a key stored in KMS\n * @param {Object} scr - Plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted SCR\n /\n encryptScr(key, scr, options) {\n / istanbul ignore if /\n if (!scr.loc) {\n return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));\n }\n\n // first we get the scr json, then we create an SCR instance using the key json and then we create a JWE using the key jwk\n return this.getKey(key, options).then((k) => {\n if (!k?.jwk) {\n this.logger.error('encryption: Invalid key or JWK');\n throw new Error('Invalid key or JWK');\n }\n\n return SCR.fromJSON(scr).then((encScr) => {\n if (!encScr) {\n this.logger.error('encryption: Failed to create SCR instance');\n throw new Error('Failed to create SCR instance');\n }\n\n return encScr.toJWE(k.jwk);\n });\n });\n },\n\n /\n Encrypt plaintext using the supplied key uri.\n \n @param {string} key - The uri of a key stored in KMS\n * @param {string} plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted text\n /\n encryptText(key, plaintext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createEncrypt(this.config.joseOptions, {\n key: k.jwk,\n header: {\n alg: 'dir',\n },\n reference: null,\n }).final(plaintext, 'utf8')\n );\n },\n\n /\n Fetch the key associated with the supplied KMS uri.\n \n @param {string} uri - The uri of a key stored in KMS\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Key\n /\n getKey(uri, {onBehalfOf} = {}) {\n if (uri.jwk) {\n return this.kms.asKey(uri);\n }\n\n let storageKey = uri;\n\n if (onBehalfOf) {\n storageKey += `/onBehalfOf/${onBehalfOf}`;\n }\n\n return this.unboundedStorage\n .get(storageKey)\n .then((keyString) => JSON.parse(keyString))\n .then((keyObject) => this.kms.asKey(keyObject))\n .catch(() =>\n this.kms\n .fetchKey({uri, onBehalfOf})\n .then(tap((key) => this.unboundedStorage.put(storageKey, JSON.stringify(key, replacer))))\n );\n },\n});\n\n/\n JSON.stringify replacer that ensures private key data is serialized.\n * @param {string} k\n * @param {mixed} v\n * @returns {mixed}\n */\nfunction replacer(k, v) {\n if (k === 'jwk') {\n // note: this[k] and v may be different representations of the same value\n // eslint-disable-next-line no-invalid-this\n const json = this[k].toJSON(true);\n\n return json;\n }\n\n return v;\n}\n\nexport default Encryption;\n"],"mappings":";;;;;;;;;;;;;;;;AAIA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAC,sBAAA,CAAAF,OAAA;AAEA,IAAAG,UAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,SAAA,GAAAH,sBAAA,CAAAF,OAAA;AACA,IAAAM,QAAA,GAAAJ,sBAAA,CAAAF,OAAA;AAEA,IAAAO,aAAA,GAAAL,sBAAA,CAAAF,OAAA;AACA,IAAAQ,IAAA,GAAAN,sBAAA,CAAAF,OAAA;AAAwB,SAAAS,QAAAC,CAAA,EAAAC,CAAA,QAAAC,CAAA,GAAAC,YAAA,CAAAH,CAAA,OAAAI,6BAAA,QAAAC,CAAA,GAAAD,6BAAA,CAAAJ,CAAA,GAAAC,CAAA,KAAAI,CAAA,GAAAA,CAAA,CAAAC,MAAA,WAAAL,CAAA,WAAAM,gCAAA,CAAAP,CAAA,EAAAC,CAAA,EAAAO,UAAA,OAAAN,CAAA,CAAAO,IAAA,CAAAC,KAAA,CAAAR,CAAA,EAAAG,CAAA,YAAAH,CAAA;AAAA,SAAAS,cAAAX,CAAA,aAAAC,CAAA,MAAAA,CAAA,GAAAW,SAAA,CAAAC,MAAA,EAAAZ,CAAA,UAAAC,CAAA,WAAAU,SAAA,CAAAX,CAAA,IAAAW,SAAA,CAAAX,CAAA,QAAAA,CAAA,OAAAF,OAAA,CAAAe,MAAA,CAAAZ,CAAA,OAAAa,OAAA,WAAAd,CAAA,QAAAe,gBAAA,CAAAC,OAAA,EAAAjB,CAAA,EAAAC,CAAA,EAAAC,CAAA,CAAAD,CAAA,SAAAiB,iCAAA,GAAAC,wBAAA,CAAAnB,CAAA,EAAAkB,iCAAA,CAAAhB,CAAA,KAAAH,OAAA,CAAAe,MAAA,CAAAZ,CAAA,GAAAa,OAAA,WAAAd,CAAA,IAAAmB,sBAAA,CAAApB,CAAA,EAAAC,CAAA,EAAAM,gCAAA,CAAAL,CAAA,EAAAD,CAAA,iBAAAD,CAAA,IAbxB;AACA;AACA;AAaA,IAAMqB,UAAU,GAAGC,sBAAW,CAACC,MAAM,CAAC;EACpCC,QAAQ,EAAE;IACRC,GAAG,EAAEC;EACP,CAAC;EAEDC,SAAS,EAAE,YAAY;EAEvBC,sBAAsB,WAAAA,uBAACC,KAAK,EAAE;IAC5B,OAAO,IAAI,CAACJ,GAAG,CAACG,sBAAsB,CAACC,KAAK,CAAC;EAC/C,CAAC;EAEDC,aAAa,WAAAA,cAACC,GAAG,EAAEC,MAAM,EAAE;IACzB,OAAO,IAAAC,qBAAY,EAACD,MAAM,CAAC,CAACE,IAAI,CAAC,UAACC,CAAC,EAAK;MACtC;MACA,IAAIH,MAAM,CAACnB,MAAM,KAAK,CAAC,IAAImB,MAAM,CAACI,UAAU,KAAK,CAAC,EAAE;QAClD,OAAOC,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,yCAAyC,CAAC,CAAC;MAC7E;MAEA,OAAOR,GAAG,CAACS,OAAO,CAACL,CAAC,CAAC;IACvB,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEM,UAAU,WAAAA,WAACC,GAAG,EAAEC,SAAS,EAAEC,OAAO,EAAE;IAClC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKC,gBAAG,CAACC,OAAO,CAACF,CAAC,CAACG,GAAG,EAAEN,SAAS,CAAC;IAAA,EAAC;EAC7E,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEO,WAAW,WAAAA,YAACR,GAAG,EAAES,UAAU,EAAEP,OAAO,EAAE;IACpC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAACC,aAAa,CAACR,CAAC,CAACG,GAAG,CAAC,CAC1BT,OAAO,CAACW,UAAU,CAAC,CACnBjB,IAAI,CAAC,UAACqB,MAAM;QAAA,OAAKA,MAAM,CAACC,SAAS,CAACC,QAAQ,CAAC,CAAC;MAAA,EAAC;IAAA,CAClD,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,QAAQ,WAAAA,SAACC,OAAO,EAAE5B,GAAG,EAAEa,OAAO,EAAE;IAAA,IAAAgB,KAAA;IAC9B;IACA,IAAI,CAACD,OAAO,IAAI,CAAC5B,GAAG,EAAE;MACpB,OAAOM,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtE;IAEA,IAAMsB,KAAK,GAAG,IAAIC,oBAAY,CAAC,CAAC;IAChC,IAAMC,OAAO,GAAG,IAAI,CAACC,iBAAiB,CAACL,OAAO,EAAAhD,aAAA;MAAGsD,cAAc,EAAE;IAAI,GAAKrB,OAAO,CAAC,CAAC,CAChFV,IAAI,CAAC,UAACgC,GAAG,EAAK;MACb;MACA,IAAMtB,OAAO,GAAG;QACduB,MAAM,EAAE,KAAK;QACbD,GAAG,EAAHA,GAAG;QACHE,YAAY,EAAE;MAChB,CAAC;MAED,IAAMC,GAAG,GAAGT,KAAI,CAACU,OAAO,CAAC1B,OAAO,CAAC;MAEjC,IAAA2B,sBAAc,EAAC,UAAU,EAAE3B,OAAO,CAACc,QAAQ,EAAEG,KAAK,CAAC;MAEnD,OAAOQ,GAAG;IACZ,CAAC,CAAC,CACDnC,IAAI,CAAC,UAACsC,GAAG;MAAA,OAAKZ,KAAI,CAAC9B,aAAa,CAACC,GAAG,EAAEyC,GAAG,CAACC,IAAI,CAAC;IAAA,EAAC;IAEnD,IAAAC,mBAAW,EAACb,KAAK,EAAEE,OAAO,CAAC;IAE3B,OAAOA,OAAO;EAChB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;EACEC,iBAAiB,WAAAA,kBAACL,OAAO,EAAEf,OAAO,EAAE;IAAA,IAAA+B,eAAA;MAAAC,MAAA;IAClC,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,wDAAwD,CAAC;IAE1E,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,IAAItB,OAAO,CAACuB,QAAQ,CAAC,WAAW,CAAC,EAAE;MAC1E,IAAI,CAACL,MAAM,CAACC,IAAI,CACd,qFACF,CAAC;MAED,OAAOzC,QAAA,CAAApB,OAAA,CAAQkE,OAAO,CAACxB,OAAO,CAAC;IACjC;IAEA,IAAIf,OAAO,IAAIA,OAAO,CAACqB,cAAc,KAAK,KAAK,EAAE;MAC/C,IAAI,CAACN,OAAO,CAACyB,UAAU,CAAC,UAAU,CAAC,EAAE;QACnC,IAAI,CAACP,MAAM,CAACQ,KAAK,CAAC,6CAA6C,CAAC;QAEhE,OAAOhD,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,iCAAiC,CAAC,CAAC;MACrE;MAEA,OAAOF,QAAA,CAAApB,OAAA,CAAQkE,OAAO,CAACxB,OAAO,CAAC;IACjC;IAEA,IAAM2B,SAAS,GAAG;MAChBC,SAAS,EAAE,CAAC5B,OAAO;IACrB,CAAC;IACD,IAAM6B,WAAW,GAAGC,YAAG,CAACC,KAAK,CAAC/B,OAAO,CAAC;;IAEtC;IACA6B,WAAW,CAACG,QAAQ,GAAG,OAAO;IAC9BH,WAAW,CAACI,QAAQ,GAAG,wBAAwB;IAE/C,OAAO,IAAI,CAACtB,OAAO,CAAC;MAClBH,MAAM,EAAE,MAAM;MACdD,GAAG,EAAEuB,YAAG,CAACI,MAAM,CAACL,WAAW,CAAC;MAC5Bf,IAAI,EACF,CAAA7B,OAAO,aAAPA,OAAO,wBAAA+B,eAAA,GAAP/B,OAAO,CAAEkD,MAAM,cAAAnB,eAAA,uBAAfA,eAAA,CAAiBoB,KAAK,KAAI,IAAI,GAAApF,aAAA,CAAAA,aAAA,KAErB2E,SAAS;QACZS,KAAK,EAAEnD,OAAO,CAACkD,MAAM,CAACC;MAAK,KAE7BT;IACR,CAAC,CAAC,CACCpD,IAAI,CAAC,UAACsC,GAAG,EAAK;MACb;MACA,IAAMiB,GAAG,GAAGjB,GAAG,CAACC,IAAI,CAACc,SAAS,CAAC5B,OAAO,CAAC;MAEvC,IAAI,CAAC8B,GAAG,EAAE;QACRb,MAAI,CAACC,MAAM,CAACmB,IAAI,CACd,uGACF,CAAC;QAED,OAAOrC,OAAO;MAChB;MACAiB,MAAI,CAACC,MAAM,CAACC,IAAI,CAAC,uDAAuD,CAAC;MAEzE,OAAOW,GAAG;IACZ,CAAC,CAAC,CACDQ,KAAK,CAAC,UAACC,GAAG,EAAK;MACdtB,MAAI,CAACC,MAAM,CAACmB,IAAI,gBAAAG,MAAA,CACCD,GAAG,4CAAAC,MAAA,CAAyCxC,OAAO,+BAAAwC,MAAA,CAA4BxC,OAAO,cACvG,CAAC;MAED,OAAOA,OAAO;IAChB,CAAC,CAAC;EACN,CAAC;EAEDyC,aAAa,WAAAA,cAACC,IAAI,EAAE;IAClB,OAAO,IAAApE,qBAAY,EAACoE,IAAI,CAAC,CAACnE,IAAI,CAAC,UAACF,MAAM;MAAA,OACpCe,gBAAG,CAACuD,MAAM,CAAC,CAAC,CAACpE,IAAI,CAAC,UAACH,GAAG;QAAA,OACpBA,GAAG,CACAwE,OAAO,CAACvE,MAAM,CAAC,CACfE,IAAI,CAACD,qBAAY;QAClB;QAAA,CACCC,IAAI,CAAC,UAACsE,KAAK;UAAA,OAAM;YAACzE,GAAG,EAAHA,GAAG;YAAEyE,KAAK,EAALA;UAAK,CAAC;QAAA,CAAC,CAAC;MAAA,CACpC,CAAC;IAAA,CACH,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,UAAU,WAAAA,WAAC/D,GAAG,EAAEX,GAAG,EAAEa,OAAO,EAAE;IAAA,IAAA8D,MAAA;IAC5B;IACA,IAAI,CAAC3E,GAAG,CAAC4E,GAAG,EAAE;MACZ,OAAOtE,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtF;;IAEA;IACA,OAAO,IAAI,CAACM,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC,EAAK;MAC3C,IAAI,EAACA,CAAC,aAADA,CAAC,eAADA,CAAC,CAAEG,GAAG,GAAE;QACXyD,MAAI,CAAC7B,MAAM,CAACQ,KAAK,CAAC,gCAAgC,CAAC;QACnD,MAAM,IAAI9C,KAAK,CAAC,oBAAoB,CAAC;MACvC;MAEA,OAAOQ,gBAAG,CAAC6D,QAAQ,CAAC7E,GAAG,CAAC,CAACG,IAAI,CAAC,UAAC2E,MAAM,EAAK;QACxC,IAAI,CAACA,MAAM,EAAE;UACXH,MAAI,CAAC7B,MAAM,CAACQ,KAAK,CAAC,2CAA2C,CAAC;UAC9D,MAAM,IAAI9C,KAAK,CAAC,+BAA+B,CAAC;QAClD;QAEA,OAAOsE,MAAM,CAACC,KAAK,CAAChE,CAAC,CAACG,GAAG,CAAC;MAC5B,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE8D,WAAW,WAAAA,YAACrE,GAAG,EAAEc,SAAS,EAAEZ,OAAO,EAAE;IAAA,IAAAoE,MAAA;IACnC,OAAO,IAAI,CAACnE,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAAC4D,aAAa,CAACD,MAAI,CAACE,MAAM,CAACC,WAAW,EAAE;QAC9CzE,GAAG,EAAEI,CAAC,CAACG,GAAG;QACVmE,MAAM,EAAE;UACNC,GAAG,EAAE;QACP,CAAC;QACDC,SAAS,EAAE;MACb,CAAC,CAAC,CAACC,KAAK,CAAC/D,SAAS,EAAE,MAAM,CAAC;IAAA,CAC7B,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEX,MAAM,WAAAA,OAACqB,GAAG,EAAqB;IAAA,IAAAsD,MAAA;IAAA,IAAAC,IAAA,GAAA7G,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8G,SAAA,GAAA9G,SAAA,MAAJ,CAAC,CAAC;MAAhB+G,UAAU,GAAAF,IAAA,CAAVE,UAAU;IACrB,IAAIzD,GAAG,CAACjB,GAAG,EAAE;MACX,OAAO,IAAI,CAACxB,GAAG,CAACmG,KAAK,CAAC1D,GAAG,CAAC;IAC5B;IAEA,IAAI2D,UAAU,GAAG3D,GAAG;IAEpB,IAAIyD,UAAU,EAAE;MACdE,UAAU,mBAAA1B,MAAA,CAAmBwB,UAAU,CAAE;IAC3C;IAEA,OAAO,IAAI,CAACG,gBAAgB,CACzBC,GAAG,CAACF,UAAU,CAAC,CACf3F,IAAI,CAAC,UAAC8F,SAAS;MAAA,OAAKC,IAAI,CAACvC,KAAK,CAACsC,SAAS,CAAC;IAAA,EAAC,CAC1C9F,IAAI,CAAC,UAACgG,SAAS;MAAA,OAAKV,MAAI,CAAC/F,GAAG,CAACmG,KAAK,CAACM,SAAS,CAAC;IAAA,EAAC,CAC9CjC,KAAK,CAAC;MAAA,OACLuB,MAAI,CAAC/F,GAAG,CACL0G,QAAQ,CAAC;QAACjE,GAAG,EAAHA,GAAG;QAAEyD,UAAU,EAAVA;MAAU,CAAC,CAAC,CAC3BzF,IAAI,CAAC,IAAAkG,WAAG,EAAC,UAAC1F,GAAG;QAAA,OAAK8E,MAAI,CAACM,gBAAgB,CAACO,GAAG,CAACR,UAAU,EAAE,IAAAS,UAAA,CAAArH,OAAA,EAAeyB,GAAG,EAAE6F,QAAQ,CAAC,CAAC;MAAA,EAAC,CAAC;IAAA,CAC7F,CAAC;EACL,CAAC;EAAAC,OAAA;AACH,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA,SAASD,QAAQA,CAACzF,CAAC,EAAE2F,CAAC,EAAE;EACtB,IAAI3F,CAAC,KAAK,KAAK,EAAE;IACf;IACA;IACA,IAAM4F,IAAI,GAAG,IAAI,CAAC5F,CAAC,CAAC,CAAC6F,MAAM,CAAC,IAAI,CAAC;IAEjC,OAAOD,IAAI;EACb;EAEA,OAAOD,CAAC;AACV;AAAC,IAAAG,QAAA,GAAAC,OAAA,CAAA5H,OAAA,GAEcI,UAAU"}

package/dist/kms.js CHANGED Viewed

@@ -809,7 +809,7 @@ var KMS = _webexCore.WebexPlugin.extend((_dec = (0, _common.oneFlight)({
     context.ephemeralKey = originalContext.ephemeralKey;
     return context;
   },
-  version: "3.8.0-next.13"
+  version: "3.8.0-next.15"
 }, ((0, _applyDecoratedDescriptor2.default)(_obj, "fetchKey", [_dec], (0, _getOwnPropertyDescriptor.default)(_obj, "fetchKey"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "_getContext", [_common.oneFlight], (0, _getOwnPropertyDescriptor.default)(_obj, "_getContext"), _obj)), _obj)));
 var _default = exports.default = KMS;
 //# sourceMappingURL=kms.js.map

package/package.json CHANGED Viewed

@@ -28,23 +28,23 @@
     "@webex/eslint-config-legacy": "0.0.0",
     "@webex/jest-config-legacy": "0.0.0",
     "@webex/legacy-tools": "0.0.0",
-    "@webex/test-helper-chai": "3.8.0-next.11",
-    "@webex/test-helper-make-local-url": "3.8.0-next.11",
-    "@webex/test-helper-mocha": "3.8.0-next.11",
-    "@webex/test-helper-mock-webex": "3.8.0-next.11",
-    "@webex/test-helper-test-users": "3.8.0-next.11",
+    "@webex/test-helper-chai": "3.8.0-next.12",
+    "@webex/test-helper-make-local-url": "3.8.0-next.12",
+    "@webex/test-helper-mocha": "3.8.0-next.12",
+    "@webex/test-helper-mock-webex": "3.8.0-next.12",
+    "@webex/test-helper-test-users": "3.8.0-next.12",
     "eslint": "^8.24.0",
     "prettier": "^2.7.1",
     "sinon": "^9.2.4"
   },
   "dependencies": {
-    "@webex/common": "3.8.0-next.11",
-    "@webex/common-timers": "3.8.0-next.11",
-    "@webex/http-core": "3.8.0-next.11",
-    "@webex/internal-plugin-device": "3.8.0-next.11",
-    "@webex/internal-plugin-mercury": "3.8.0-next.13",
-    "@webex/test-helper-file": "3.8.0-next.11",
-    "@webex/webex-core": "3.8.0-next.11",
+    "@webex/common": "3.8.0-next.12",
+    "@webex/common-timers": "3.8.0-next.12",
+    "@webex/http-core": "3.8.0-next.12",
+    "@webex/internal-plugin-device": "3.8.0-next.12",
+    "@webex/internal-plugin-mercury": "3.8.0-next.14",
+    "@webex/test-helper-file": "3.8.0-next.12",
+    "@webex/webex-core": "3.8.0-next.12",
     "asn1js": "^2.0.26",
     "debug": "^4.3.4",
     "isomorphic-webcrypto": "^2.3.8",
@@ -67,5 +67,5 @@
     "test:style": "eslint ./src/**/*.*",
     "test:unit": "webex-legacy-tools test --unit --runner jest"
   },
-  "version": "3.8.0-next.13"
+  "version": "3.8.0-next.15"
 }

package/src/encryption.js CHANGED Viewed

@@ -79,7 +79,7 @@ const Encryption = WebexPlugin.extend({
     }
     const shunt = new EventEmitter();
-    const promise = this._fetchDownloadUrl(fileUrl, options)
+    const promise = this._fetchDownloadUrl(fileUrl, {useFileService: true, ...options})
       .then((uri) => {
         // eslint-disable-next-line no-shadow
         const options = {
@@ -118,6 +118,16 @@ const Encryption = WebexPlugin.extend({
       return Promise.resolve(fileUrl);
     }
+    if (options && options.useFileService === false) {
+      if (!fileUrl.startsWith('https://')) {
+        this.logger.error('encryption: direct file URLs must use HTTPS');
+        return Promise.reject(new Error('Direct file URLs must use HTTPS'));
+      }
+      return Promise.resolve(fileUrl);
+    }
     const inputBody = {
       endpoints: [fileUrl],
     };
@@ -130,12 +140,13 @@ const Encryption = WebexPlugin.extend({
     return this.request({
       method: 'POST',
       uri: url.format(endpointUrl),
-      body: options
-        ? {
-            ...inputBody,
-            allow: options.params.allow,
-          }
-        : inputBody,
+      body:
+        options?.params?.allow != null
+          ? {
+              ...inputBody,
+              allow: options.params.allow,
+            }
+          : inputBody,
     })
       .then((res) => {
         // eslint-disable-next-line no-shadow
@@ -188,7 +199,22 @@ const Encryption = WebexPlugin.extend({
       return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));
     }
-    return this.getKey(key, options).then((k) => scr.toJWE(k.jwk));
+    // first we get the scr json, then we create an SCR instance using the key json and then we create a JWE using the key jwk
+    return this.getKey(key, options).then((k) => {
+      if (!k?.jwk) {
+        this.logger.error('encryption: Invalid key or JWK');
+        throw new Error('Invalid key or JWK');
+      }
+      return SCR.fromJSON(scr).then((encScr) => {
+        if (!encScr) {
+          this.logger.error('encryption: Failed to create SCR instance');
+          throw new Error('Failed to create SCR instance');
+        }
+        return encScr.toJWE(k.jwk);
+      });
+    });
   },
   /**