@webex/internal-plugin-encryption 3.8.0-next.15 → 3.8.0-next.16

package/dist/encryption.js

@@ -1,6 +1,6 @@
 "use strict";
 
-var _Object$keys = require("@babel/runtime-corejs2/core-js/object/keys");
+var _Object$keys2 = require("@babel/runtime-corejs2/core-js/object/keys");
 var _Object$getOwnPropertySymbols = require("@babel/runtime-corejs2/core-js/object/get-own-property-symbols");
 var _Object$getOwnPropertyDescriptor = require("@babel/runtime-corejs2/core-js/object/get-own-property-descriptor");
 var _Object$getOwnPropertyDescriptors = require("@babel/runtime-corejs2/core-js/object/get-own-property-descriptors");
@@ -13,6 +13,7 @@ _Object$defineProperty(exports, "__esModule", {
 exports.default = void 0;
 var _defineProperty2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/defineProperty"));
 var _promise = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/promise"));
+var _keys = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/object/keys"));
 var _stringify = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/json/stringify"));
 var _events = require("events");
 var _url = _interopRequireDefault(require("url"));
@@ -22,7 +23,7 @@ var _nodeJose = _interopRequireDefault(require("node-jose"));
 var _nodeScr = _interopRequireDefault(require("node-scr"));
 var _ensureBuffer = _interopRequireDefault(require("./ensure-buffer"));
 var _kms = _interopRequireDefault(require("./kms"));
-function ownKeys(e, r) { var t = _Object$keys(e); if (_Object$getOwnPropertySymbols) { var o = _Object$getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return _Object$getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
+function ownKeys(e, r) { var t = _Object$keys2(e); if (_Object$getOwnPropertySymbols) { var o = _Object$getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return _Object$getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
 function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { (0, _defineProperty2.default)(e, r, t[r]); }) : _Object$getOwnPropertyDescriptors ? _Object$defineProperties(e, _Object$getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { _Object$defineProperty(e, r, _Object$getOwnPropertyDescriptor(t, r)); }); } return e; } /*!
  * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.
  */
@@ -112,14 +113,13 @@ var Encryption = _webexCore.WebexPlugin.extend({
    * @returns {promise} url of the downloadable file
    */
   _fetchDownloadUrl: function _fetchDownloadUrl(fileUrl, options) {
-    var _options$params,
-      _this2 = this;
+    var _this2 = this;
     this.logger.info('encryption: retrieving download url for encrypted file');
     if (process.env.NODE_ENV !== 'production' && fileUrl.includes('localhost')) {
       this.logger.info('encryption: bypassing webex files because this looks to be a test file on localhost');
       return _promise.default.resolve(fileUrl);
     }
-    if (options && options.useFileService === false) {
+    if ((options === null || options === void 0 ? void 0 : options.useFileService) === false) {
       if (!fileUrl.startsWith('https://')) {
         this.logger.error('encryption: direct file URLs must use HTTPS');
         return _promise.default.reject(new Error('Direct file URLs must use HTTPS'));
@@ -137,7 +137,7 @@ var Encryption = _webexCore.WebexPlugin.extend({
     return this.request({
       method: 'POST',
       uri: _url.default.format(endpointUrl),
-      body: (options === null || options === void 0 ? void 0 : (_options$params = options.params) === null || _options$params === void 0 ? void 0 : _options$params.allow) != null ? _objectSpread(_objectSpread({}, inputBody), {}, {
+      body: options !== null && options !== void 0 && options.params && (0, _keys.default)(options.params).indexOf('allow') > -1 ? _objectSpread(_objectSpread({}, inputBody), {}, {
         allow: options.params.allow
       }) : inputBody
     }).then(function (res) {
@@ -172,31 +172,18 @@ var Encryption = _webexCore.WebexPlugin.extend({
    * Encrypt a SCR (Secure Content Resource) using the supplied key uri.
    *
    * @param {string} key - The uri of a key stored in KMS
-   * @param {Object} scr - Plaintext
+   * @param {Object} scr - SCRObject
    * @param {Object} options
    * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role
    * @returns {string} Encrypted SCR
    */
   encryptScr: function encryptScr(key, scr, options) {
-    var _this3 = this;
     /* istanbul ignore if */
     if (!scr.loc) {
       return _promise.default.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));
     }
-
-    // first we get the scr json, then we create an SCR instance using the key json and then we create a JWE using the key jwk
     return this.getKey(key, options).then(function (k) {
-      if (!(k !== null && k !== void 0 && k.jwk)) {
-        _this3.logger.error('encryption: Invalid key or JWK');
-        throw new Error('Invalid key or JWK');
-      }
-      return _nodeScr.default.fromJSON(scr).then(function (encScr) {
-        if (!encScr) {
-          _this3.logger.error('encryption: Failed to create SCR instance');
-          throw new Error('Failed to create SCR instance');
-        }
-        return encScr.toJWE(k.jwk);
-      });
+      return scr.toJWE(k.jwk);
     });
   },
   /**
@@ -209,9 +196,9 @@ var Encryption = _webexCore.WebexPlugin.extend({
    * @returns {string} Encrypted text
    */
   encryptText: function encryptText(key, plaintext, options) {
-    var _this4 = this;
+    var _this3 = this;
     return this.getKey(key, options).then(function (k) {
-      return _nodeJose.default.JWE.createEncrypt(_this4.config.joseOptions, {
+      return _nodeJose.default.JWE.createEncrypt(_this3.config.joseOptions, {
         key: k.jwk,
         header: {
           alg: 'dir'
@@ -229,7 +216,7 @@ var Encryption = _webexCore.WebexPlugin.extend({
    * @returns {string} Key
    */
   getKey: function getKey(uri) {
-    var _this5 = this;
+    var _this4 = this;
     var _ref = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {},
       onBehalfOf = _ref.onBehalfOf;
     if (uri.jwk) {
@@ -242,17 +229,17 @@ var Encryption = _webexCore.WebexPlugin.extend({
     return this.unboundedStorage.get(storageKey).then(function (keyString) {
       return JSON.parse(keyString);
     }).then(function (keyObject) {
-      return _this5.kms.asKey(keyObject);
+      return _this4.kms.asKey(keyObject);
     }).catch(function () {
-      return _this5.kms.fetchKey({
+      return _this4.kms.fetchKey({
         uri: uri,
         onBehalfOf: onBehalfOf
       }).then((0, _common.tap)(function (key) {
-        return _this5.unboundedStorage.put(storageKey, (0, _stringify.default)(key, replacer));
+        return _this4.unboundedStorage.put(storageKey, (0, _stringify.default)(key, replacer));
       }));
     });
   },
-  version: "3.8.0-next.15"
+  version: "3.8.0-next.16"
 });
 
 /**

package/dist/encryption.js.map

@@ -1 +1 @@
-{"version":3,"names":["_events","require","_url","_interopRequireDefault","_webexCore","_common","_nodeJose","_nodeScr","_ensureBuffer","_kms","ownKeys","e","r","t","_Object$keys","_Object$getOwnPropertySymbols","o","filter","_Object$getOwnPropertyDescriptor","enumerable","push","apply","_objectSpread","arguments","length","Object","forEach","_defineProperty2","default","_Object$getOwnPropertyDescriptors","_Object$defineProperties","_Object$defineProperty","Encryption","WebexPlugin","extend","children","kms","KMS","namespace","processKmsMessageEvent","event","decryptBinary","scr","buffer","ensureBuffer","then","b","byteLength","_promise","reject","Error","decrypt","decryptScr","key","cipherScr","options","getKey","k","SCR","fromJWE","jwk","decryptText","ciphertext","jose","JWE","createDecrypt","result","plaintext","toString","download","fileUrl","_this","shunt","EventEmitter","promise","_fetchDownloadUrl","useFileService","uri","method","responseType","ret","request","transferEvents","res","body","proxyEvents","_options$params","_this2","logger","info","process","env","NODE_ENV","includes","resolve","startsWith","error","inputBody","endpoints","endpointUrl","url","parse","protocol","pathname","format","params","allow","warn","catch","err","concat","encryptBinary","file","create","encrypt","cdata","encryptScr","_this3","loc","fromJSON","encScr","toJWE","encryptText","_this4","createEncrypt","config","joseOptions","header","alg","reference","final","_this5","_ref","undefined","onBehalfOf","asKey","storageKey","unboundedStorage","get","keyString","JSON","keyObject","fetchKey","tap","put","_stringify","replacer","version","v","json","toJSON","_default","exports"],"sources":["encryption.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {EventEmitter} from 'events';\nimport url from 'url';\n\nimport {WebexPlugin} from '@webex/webex-core';\nimport {proxyEvents, tap, transferEvents} from '@webex/common';\nimport jose from 'node-jose';\nimport SCR from 'node-scr';\n\nimport ensureBuffer from './ensure-buffer';\nimport KMS from './kms';\n\nconst Encryption = WebexPlugin.extend({\n  children: {\n    kms: KMS,\n  },\n\n  namespace: 'Encryption',\n\n  processKmsMessageEvent(event) {\n    return this.kms.processKmsMessageEvent(event);\n  },\n\n  decryptBinary(scr, buffer) {\n    return ensureBuffer(buffer).then((b) => {\n      /* istanbul ignore if */\n      if (buffer.length === 0 || buffer.byteLength === 0) {\n        return Promise.reject(new Error('Attempted to decrypt zero-length buffer'));\n      }\n\n      return scr.decrypt(b);\n    });\n  },\n\n  /**\n   * Decrypt a SCR (Secure Content Resource) using the supplied key uri.\n   *\n   * @param {string} key - The uri of a key stored in KMS\n   * @param {Object} cipherScr - An encrypted SCR\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {Object} Decrypted SCR\n   */\n  decryptScr(key, cipherScr, options) {\n    return this.getKey(key, options).then((k) => SCR.fromJWE(k.jwk, cipherScr));\n  },\n\n  /**\n   * Decrypt text using the supplied key uri.\n   *\n   * @param {string} key - The uri of a key stored in KMS\n   * @param {string} ciphertext - Encrypted text\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {string} Decrypted plaintext\n   */\n  decryptText(key, ciphertext, options) {\n    return this.getKey(key, options).then((k) =>\n      jose.JWE.createDecrypt(k.jwk)\n        .decrypt(ciphertext)\n        .then((result) => result.plaintext.toString())\n    );\n  },\n\n  /**\n   * Validate and initiate a Download request for requested file\n   * @param {Object} fileUrl - Plaintext\n   * @param {Object} scr - Plaintext\n   * @param {Object} options - optional parameters to download a file\n   * @returns {promise}\n   */\n  download(fileUrl, scr, options) {\n    /* istanbul ignore if */\n    if (!fileUrl || !scr) {\n      return Promise.reject(new Error('`scr` and `fileUrl` are required'));\n    }\n\n    const shunt = new EventEmitter();\n    const promise = this._fetchDownloadUrl(fileUrl, {useFileService: true, ...options})\n      .then((uri) => {\n        // eslint-disable-next-line no-shadow\n        const options = {\n          method: 'GET',\n          uri,\n          responseType: 'buffer',\n        };\n\n        const ret = this.request(options);\n\n        transferEvents('progress', options.download, shunt);\n\n        return ret;\n      })\n      .then((res) => this.decryptBinary(scr, res.body));\n\n    proxyEvents(shunt, promise);\n\n    return promise;\n  },\n\n  /**\n   * Fetch Download URL for the requested file\n   * @param {Object} fileUrl - Plaintext\n   * @param {Object} options - optional parameters to download a file\n   * @returns {promise} url of the downloadable file\n   */\n  _fetchDownloadUrl(fileUrl, options) {\n    this.logger.info('encryption: retrieving download url for encrypted file');\n\n    if (process.env.NODE_ENV !== 'production' && fileUrl.includes('localhost')) {\n      this.logger.info(\n        'encryption: bypassing webex files because this looks to be a test file on localhost'\n      );\n\n      return Promise.resolve(fileUrl);\n    }\n\n    if (options && options.useFileService === false) {\n      if (!fileUrl.startsWith('https://')) {\n        this.logger.error('encryption: direct file URLs must use HTTPS');\n\n        return Promise.reject(new Error('Direct file URLs must use HTTPS'));\n      }\n\n      return Promise.resolve(fileUrl);\n    }\n\n    const inputBody = {\n      endpoints: [fileUrl],\n    };\n    const endpointUrl = url.parse(fileUrl);\n\n    // hardcode the url to use 'https' and the file service '/v1/download/endpoints' api\n    endpointUrl.protocol = 'https';\n    endpointUrl.pathname = '/v1/download/endpoints';\n\n    return this.request({\n      method: 'POST',\n      uri: url.format(endpointUrl),\n      body:\n        options?.params?.allow != null\n          ? {\n              ...inputBody,\n              allow: options.params.allow,\n            }\n          : inputBody,\n    })\n      .then((res) => {\n        // eslint-disable-next-line no-shadow\n        const url = res.body.endpoints[fileUrl];\n\n        if (!url) {\n          this.logger.warn(\n            'encryption: could not determine download url for `fileUrl`; attempting to download `fileUrl` directly'\n          );\n\n          return fileUrl;\n        }\n        this.logger.info('encryption: retrieved download url for encrypted file');\n\n        return url;\n      })\n      .catch((err) => {\n        this.logger.warn(\n          `encryption: ${err} could not determine download url for ${fileUrl}; attempting to download ${fileUrl} directly`\n        );\n\n        return fileUrl;\n      });\n  },\n\n  encryptBinary(file) {\n    return ensureBuffer(file).then((buffer) =>\n      SCR.create().then((scr) =>\n        scr\n          .encrypt(buffer)\n          .then(ensureBuffer)\n          // eslint-disable-next-line max-nested-callbacks\n          .then((cdata) => ({scr, cdata}))\n      )\n    );\n  },\n\n  /**\n   * Encrypt a SCR (Secure Content Resource) using the supplied key uri.\n   *\n   * @param {string} key - The uri of a key stored in KMS\n   * @param {Object} scr - Plaintext\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {string} Encrypted SCR\n   */\n  encryptScr(key, scr, options) {\n    /* istanbul ignore if */\n    if (!scr.loc) {\n      return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));\n    }\n\n    // first we get the scr json, then we create an SCR instance using the key json and then we create a JWE using the key jwk\n    return this.getKey(key, options).then((k) => {\n      if (!k?.jwk) {\n        this.logger.error('encryption: Invalid key or JWK');\n        throw new Error('Invalid key or JWK');\n      }\n\n      return SCR.fromJSON(scr).then((encScr) => {\n        if (!encScr) {\n          this.logger.error('encryption: Failed to create SCR instance');\n          throw new Error('Failed to create SCR instance');\n        }\n\n        return encScr.toJWE(k.jwk);\n      });\n    });\n  },\n\n  /**\n   * Encrypt plaintext using the supplied key uri.\n   *\n   * @param {string} key - The uri of a key stored in KMS\n   * @param {string} plaintext\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {string} Encrypted text\n   */\n  encryptText(key, plaintext, options) {\n    return this.getKey(key, options).then((k) =>\n      jose.JWE.createEncrypt(this.config.joseOptions, {\n        key: k.jwk,\n        header: {\n          alg: 'dir',\n        },\n        reference: null,\n      }).final(plaintext, 'utf8')\n    );\n  },\n\n  /**\n   * Fetch the key associated with the supplied KMS uri.\n   *\n   * @param {string} uri - The uri of a key stored in KMS\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {string} Key\n   */\n  getKey(uri, {onBehalfOf} = {}) {\n    if (uri.jwk) {\n      return this.kms.asKey(uri);\n    }\n\n    let storageKey = uri;\n\n    if (onBehalfOf) {\n      storageKey += `/onBehalfOf/${onBehalfOf}`;\n    }\n\n    return this.unboundedStorage\n      .get(storageKey)\n      .then((keyString) => JSON.parse(keyString))\n      .then((keyObject) => this.kms.asKey(keyObject))\n      .catch(() =>\n        this.kms\n          .fetchKey({uri, onBehalfOf})\n          .then(tap((key) => this.unboundedStorage.put(storageKey, JSON.stringify(key, replacer))))\n      );\n  },\n});\n\n/**\n * JSON.stringify replacer that ensures private key data is serialized.\n * @param {string} k\n * @param {mixed} v\n * @returns {mixed}\n */\nfunction replacer(k, v) {\n  if (k === 'jwk') {\n    // note: this[k] and v may be different representations of the same value\n    // eslint-disable-next-line no-invalid-this\n    const json = this[k].toJSON(true);\n\n    return json;\n  }\n\n  return v;\n}\n\nexport default Encryption;\n"],"mappings":";;;;;;;;;;;;;;;;AAIA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAC,sBAAA,CAAAF,OAAA;AAEA,IAAAG,UAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,SAAA,GAAAH,sBAAA,CAAAF,OAAA;AACA,IAAAM,QAAA,GAAAJ,sBAAA,CAAAF,OAAA;AAEA,IAAAO,aAAA,GAAAL,sBAAA,CAAAF,OAAA;AACA,IAAAQ,IAAA,GAAAN,sBAAA,CAAAF,OAAA;AAAwB,SAAAS,QAAAC,CAAA,EAAAC,CAAA,QAAAC,CAAA,GAAAC,YAAA,CAAAH,CAAA,OAAAI,6BAAA,QAAAC,CAAA,GAAAD,6BAAA,CAAAJ,CAAA,GAAAC,CAAA,KAAAI,CAAA,GAAAA,CAAA,CAAAC,MAAA,WAAAL,CAAA,WAAAM,gCAAA,CAAAP,CAAA,EAAAC,CAAA,EAAAO,UAAA,OAAAN,CAAA,CAAAO,IAAA,CAAAC,KAAA,CAAAR,CAAA,EAAAG,CAAA,YAAAH,CAAA;AAAA,SAAAS,cAAAX,CAAA,aAAAC,CAAA,MAAAA,CAAA,GAAAW,SAAA,CAAAC,MAAA,EAAAZ,CAAA,UAAAC,CAAA,WAAAU,SAAA,CAAAX,CAAA,IAAAW,SAAA,CAAAX,CAAA,QAAAA,CAAA,OAAAF,OAAA,CAAAe,MAAA,CAAAZ,CAAA,OAAAa,OAAA,WAAAd,CAAA,QAAAe,gBAAA,CAAAC,OAAA,EAAAjB,CAAA,EAAAC,CAAA,EAAAC,CAAA,CAAAD,CAAA,SAAAiB,iCAAA,GAAAC,wBAAA,CAAAnB,CAAA,EAAAkB,iCAAA,CAAAhB,CAAA,KAAAH,OAAA,CAAAe,MAAA,CAAAZ,CAAA,GAAAa,OAAA,WAAAd,CAAA,IAAAmB,sBAAA,CAAApB,CAAA,EAAAC,CAAA,EAAAM,gCAAA,CAAAL,CAAA,EAAAD,CAAA,iBAAAD,CAAA,IAbxB;AACA;AACA;AAaA,IAAMqB,UAAU,GAAGC,sBAAW,CAACC,MAAM,CAAC;EACpCC,QAAQ,EAAE;IACRC,GAAG,EAAEC;EACP,CAAC;EAEDC,SAAS,EAAE,YAAY;EAEvBC,sBAAsB,WAAAA,uBAACC,KAAK,EAAE;IAC5B,OAAO,IAAI,CAACJ,GAAG,CAACG,sBAAsB,CAACC,KAAK,CAAC;EAC/C,CAAC;EAEDC,aAAa,WAAAA,cAACC,GAAG,EAAEC,MAAM,EAAE;IACzB,OAAO,IAAAC,qBAAY,EAACD,MAAM,CAAC,CAACE,IAAI,CAAC,UAACC,CAAC,EAAK;MACtC;MACA,IAAIH,MAAM,CAACnB,MAAM,KAAK,CAAC,IAAImB,MAAM,CAACI,UAAU,KAAK,CAAC,EAAE;QAClD,OAAOC,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,yCAAyC,CAAC,CAAC;MAC7E;MAEA,OAAOR,GAAG,CAACS,OAAO,CAACL,CAAC,CAAC;IACvB,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEM,UAAU,WAAAA,WAACC,GAAG,EAAEC,SAAS,EAAEC,OAAO,EAAE;IAClC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKC,gBAAG,CAACC,OAAO,CAACF,CAAC,CAACG,GAAG,EAAEN,SAAS,CAAC;IAAA,EAAC;EAC7E,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEO,WAAW,WAAAA,YAACR,GAAG,EAAES,UAAU,EAAEP,OAAO,EAAE;IACpC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAACC,aAAa,CAACR,CAAC,CAACG,GAAG,CAAC,CAC1BT,OAAO,CAACW,UAAU,CAAC,CACnBjB,IAAI,CAAC,UAACqB,MAAM;QAAA,OAAKA,MAAM,CAACC,SAAS,CAACC,QAAQ,CAAC,CAAC;MAAA,EAAC;IAAA,CAClD,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,QAAQ,WAAAA,SAACC,OAAO,EAAE5B,GAAG,EAAEa,OAAO,EAAE;IAAA,IAAAgB,KAAA;IAC9B;IACA,IAAI,CAACD,OAAO,IAAI,CAAC5B,GAAG,EAAE;MACpB,OAAOM,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtE;IAEA,IAAMsB,KAAK,GAAG,IAAIC,oBAAY,CAAC,CAAC;IAChC,IAAMC,OAAO,GAAG,IAAI,CAACC,iBAAiB,CAACL,OAAO,EAAAhD,aAAA;MAAGsD,cAAc,EAAE;IAAI,GAAKrB,OAAO,CAAC,CAAC,CAChFV,IAAI,CAAC,UAACgC,GAAG,EAAK;MACb;MACA,IAAMtB,OAAO,GAAG;QACduB,MAAM,EAAE,KAAK;QACbD,GAAG,EAAHA,GAAG;QACHE,YAAY,EAAE;MAChB,CAAC;MAED,IAAMC,GAAG,GAAGT,KAAI,CAACU,OAAO,CAAC1B,OAAO,CAAC;MAEjC,IAAA2B,sBAAc,EAAC,UAAU,EAAE3B,OAAO,CAACc,QAAQ,EAAEG,KAAK,CAAC;MAEnD,OAAOQ,GAAG;IACZ,CAAC,CAAC,CACDnC,IAAI,CAAC,UAACsC,GAAG;MAAA,OAAKZ,KAAI,CAAC9B,aAAa,CAACC,GAAG,EAAEyC,GAAG,CAACC,IAAI,CAAC;IAAA,EAAC;IAEnD,IAAAC,mBAAW,EAACb,KAAK,EAAEE,OAAO,CAAC;IAE3B,OAAOA,OAAO;EAChB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;EACEC,iBAAiB,WAAAA,kBAACL,OAAO,EAAEf,OAAO,EAAE;IAAA,IAAA+B,eAAA;MAAAC,MAAA;IAClC,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,wDAAwD,CAAC;IAE1E,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,IAAItB,OAAO,CAACuB,QAAQ,CAAC,WAAW,CAAC,EAAE;MAC1E,IAAI,CAACL,MAAM,CAACC,IAAI,CACd,qFACF,CAAC;MAED,OAAOzC,QAAA,CAAApB,OAAA,CAAQkE,OAAO,CAACxB,OAAO,CAAC;IACjC;IAEA,IAAIf,OAAO,IAAIA,OAAO,CAACqB,cAAc,KAAK,KAAK,EAAE;MAC/C,IAAI,CAACN,OAAO,CAACyB,UAAU,CAAC,UAAU,CAAC,EAAE;QACnC,IAAI,CAACP,MAAM,CAACQ,KAAK,CAAC,6CAA6C,CAAC;QAEhE,OAAOhD,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,iCAAiC,CAAC,CAAC;MACrE;MAEA,OAAOF,QAAA,CAAApB,OAAA,CAAQkE,OAAO,CAACxB,OAAO,CAAC;IACjC;IAEA,IAAM2B,SAAS,GAAG;MAChBC,SAAS,EAAE,CAAC5B,OAAO;IACrB,CAAC;IACD,IAAM6B,WAAW,GAAGC,YAAG,CAACC,KAAK,CAAC/B,OAAO,CAAC;;IAEtC;IACA6B,WAAW,CAACG,QAAQ,GAAG,OAAO;IAC9BH,WAAW,CAACI,QAAQ,GAAG,wBAAwB;IAE/C,OAAO,IAAI,CAACtB,OAAO,CAAC;MAClBH,MAAM,EAAE,MAAM;MACdD,GAAG,EAAEuB,YAAG,CAACI,MAAM,CAACL,WAAW,CAAC;MAC5Bf,IAAI,EACF,CAAA7B,OAAO,aAAPA,OAAO,wBAAA+B,eAAA,GAAP/B,OAAO,CAAEkD,MAAM,cAAAnB,eAAA,uBAAfA,eAAA,CAAiBoB,KAAK,KAAI,IAAI,GAAApF,aAAA,CAAAA,aAAA,KAErB2E,SAAS;QACZS,KAAK,EAAEnD,OAAO,CAACkD,MAAM,CAACC;MAAK,KAE7BT;IACR,CAAC,CAAC,CACCpD,IAAI,CAAC,UAACsC,GAAG,EAAK;MACb;MACA,IAAMiB,GAAG,GAAGjB,GAAG,CAACC,IAAI,CAACc,SAAS,CAAC5B,OAAO,CAAC;MAEvC,IAAI,CAAC8B,GAAG,EAAE;QACRb,MAAI,CAACC,MAAM,CAACmB,IAAI,CACd,uGACF,CAAC;QAED,OAAOrC,OAAO;MAChB;MACAiB,MAAI,CAACC,MAAM,CAACC,IAAI,CAAC,uDAAuD,CAAC;MAEzE,OAAOW,GAAG;IACZ,CAAC,CAAC,CACDQ,KAAK,CAAC,UAACC,GAAG,EAAK;MACdtB,MAAI,CAACC,MAAM,CAACmB,IAAI,gBAAAG,MAAA,CACCD,GAAG,4CAAAC,MAAA,CAAyCxC,OAAO,+BAAAwC,MAAA,CAA4BxC,OAAO,cACvG,CAAC;MAED,OAAOA,OAAO;IAChB,CAAC,CAAC;EACN,CAAC;EAEDyC,aAAa,WAAAA,cAACC,IAAI,EAAE;IAClB,OAAO,IAAApE,qBAAY,EAACoE,IAAI,CAAC,CAACnE,IAAI,CAAC,UAACF,MAAM;MAAA,OACpCe,gBAAG,CAACuD,MAAM,CAAC,CAAC,CAACpE,IAAI,CAAC,UAACH,GAAG;QAAA,OACpBA,GAAG,CACAwE,OAAO,CAACvE,MAAM,CAAC,CACfE,IAAI,CAACD,qBAAY;QAClB;QAAA,CACCC,IAAI,CAAC,UAACsE,KAAK;UAAA,OAAM;YAACzE,GAAG,EAAHA,GAAG;YAAEyE,KAAK,EAALA;UAAK,CAAC;QAAA,CAAC,CAAC;MAAA,CACpC,CAAC;IAAA,CACH,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,UAAU,WAAAA,WAAC/D,GAAG,EAAEX,GAAG,EAAEa,OAAO,EAAE;IAAA,IAAA8D,MAAA;IAC5B;IACA,IAAI,CAAC3E,GAAG,CAAC4E,GAAG,EAAE;MACZ,OAAOtE,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtF;;IAEA;IACA,OAAO,IAAI,CAACM,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC,EAAK;MAC3C,IAAI,EAACA,CAAC,aAADA,CAAC,eAADA,CAAC,CAAEG,GAAG,GAAE;QACXyD,MAAI,CAAC7B,MAAM,CAACQ,KAAK,CAAC,gCAAgC,CAAC;QACnD,MAAM,IAAI9C,KAAK,CAAC,oBAAoB,CAAC;MACvC;MAEA,OAAOQ,gBAAG,CAAC6D,QAAQ,CAAC7E,GAAG,CAAC,CAACG,IAAI,CAAC,UAAC2E,MAAM,EAAK;QACxC,IAAI,CAACA,MAAM,EAAE;UACXH,MAAI,CAAC7B,MAAM,CAACQ,KAAK,CAAC,2CAA2C,CAAC;UAC9D,MAAM,IAAI9C,KAAK,CAAC,+BAA+B,CAAC;QAClD;QAEA,OAAOsE,MAAM,CAACC,KAAK,CAAChE,CAAC,CAACG,GAAG,CAAC;MAC5B,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE8D,WAAW,WAAAA,YAACrE,GAAG,EAAEc,SAAS,EAAEZ,OAAO,EAAE;IAAA,IAAAoE,MAAA;IACnC,OAAO,IAAI,CAACnE,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAAC4D,aAAa,CAACD,MAAI,CAACE,MAAM,CAACC,WAAW,EAAE;QAC9CzE,GAAG,EAAEI,CAAC,CAACG,GAAG;QACVmE,MAAM,EAAE;UACNC,GAAG,EAAE;QACP,CAAC;QACDC,SAAS,EAAE;MACb,CAAC,CAAC,CAACC,KAAK,CAAC/D,SAAS,EAAE,MAAM,CAAC;IAAA,CAC7B,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEX,MAAM,WAAAA,OAACqB,GAAG,EAAqB;IAAA,IAAAsD,MAAA;IAAA,IAAAC,IAAA,GAAA7G,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8G,SAAA,GAAA9G,SAAA,MAAJ,CAAC,CAAC;MAAhB+G,UAAU,GAAAF,IAAA,CAAVE,UAAU;IACrB,IAAIzD,GAAG,CAACjB,GAAG,EAAE;MACX,OAAO,IAAI,CAACxB,GAAG,CAACmG,KAAK,CAAC1D,GAAG,CAAC;IAC5B;IAEA,IAAI2D,UAAU,GAAG3D,GAAG;IAEpB,IAAIyD,UAAU,EAAE;MACdE,UAAU,mBAAA1B,MAAA,CAAmBwB,UAAU,CAAE;IAC3C;IAEA,OAAO,IAAI,CAACG,gBAAgB,CACzBC,GAAG,CAACF,UAAU,CAAC,CACf3F,IAAI,CAAC,UAAC8F,SAAS;MAAA,OAAKC,IAAI,CAACvC,KAAK,CAACsC,SAAS,CAAC;IAAA,EAAC,CAC1C9F,IAAI,CAAC,UAACgG,SAAS;MAAA,OAAKV,MAAI,CAAC/F,GAAG,CAACmG,KAAK,CAACM,SAAS,CAAC;IAAA,EAAC,CAC9CjC,KAAK,CAAC;MAAA,OACLuB,MAAI,CAAC/F,GAAG,CACL0G,QAAQ,CAAC;QAACjE,GAAG,EAAHA,GAAG;QAAEyD,UAAU,EAAVA;MAAU,CAAC,CAAC,CAC3BzF,IAAI,CAAC,IAAAkG,WAAG,EAAC,UAAC1F,GAAG;QAAA,OAAK8E,MAAI,CAACM,gBAAgB,CAACO,GAAG,CAACR,UAAU,EAAE,IAAAS,UAAA,CAAArH,OAAA,EAAeyB,GAAG,EAAE6F,QAAQ,CAAC,CAAC;MAAA,EAAC,CAAC;IAAA,CAC7F,CAAC;EACL,CAAC;EAAAC,OAAA;AACH,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA,SAASD,QAAQA,CAACzF,CAAC,EAAE2F,CAAC,EAAE;EACtB,IAAI3F,CAAC,KAAK,KAAK,EAAE;IACf;IACA;IACA,IAAM4F,IAAI,GAAG,IAAI,CAAC5F,CAAC,CAAC,CAAC6F,MAAM,CAAC,IAAI,CAAC;IAEjC,OAAOD,IAAI;EACb;EAEA,OAAOD,CAAC;AACV;AAAC,IAAAG,QAAA,GAAAC,OAAA,CAAA5H,OAAA,GAEcI,UAAU"}
+{"version":3,"names":["_events","require","_url","_interopRequireDefault","_webexCore","_common","_nodeJose","_nodeScr","_ensureBuffer","_kms","ownKeys","e","r","t","_Object$keys2","_Object$getOwnPropertySymbols","o","filter","_Object$getOwnPropertyDescriptor","enumerable","push","apply","_objectSpread","arguments","length","Object","forEach","_defineProperty2","default","_Object$getOwnPropertyDescriptors","_Object$defineProperties","_Object$defineProperty","Encryption","WebexPlugin","extend","children","kms","KMS","namespace","processKmsMessageEvent","event","decryptBinary","scr","buffer","ensureBuffer","then","b","byteLength","_promise","reject","Error","decrypt","decryptScr","key","cipherScr","options","getKey","k","SCR","fromJWE","jwk","decryptText","ciphertext","jose","JWE","createDecrypt","result","plaintext","toString","download","fileUrl","_this","shunt","EventEmitter","promise","_fetchDownloadUrl","useFileService","uri","method","responseType","ret","request","transferEvents","res","body","proxyEvents","_this2","logger","info","process","env","NODE_ENV","includes","resolve","startsWith","error","inputBody","endpoints","endpointUrl","url","parse","protocol","pathname","format","params","_keys","indexOf","allow","warn","catch","err","concat","encryptBinary","file","create","encrypt","cdata","encryptScr","loc","toJWE","encryptText","_this3","createEncrypt","config","joseOptions","header","alg","reference","final","_this4","_ref","undefined","onBehalfOf","asKey","storageKey","unboundedStorage","get","keyString","JSON","keyObject","fetchKey","tap","put","_stringify","replacer","version","v","json","toJSON","_default","exports"],"sources":["encryption.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {EventEmitter} from 'events';\nimport url from 'url';\n\nimport {WebexPlugin} from '@webex/webex-core';\nimport {proxyEvents, tap, transferEvents} from '@webex/common';\nimport jose from 'node-jose';\nimport SCR from 'node-scr';\n\nimport ensureBuffer from './ensure-buffer';\nimport KMS from './kms';\n\nconst Encryption = WebexPlugin.extend({\n  children: {\n    kms: KMS,\n  },\n\n  namespace: 'Encryption',\n\n  processKmsMessageEvent(event) {\n    return this.kms.processKmsMessageEvent(event);\n  },\n\n  decryptBinary(scr, buffer) {\n    return ensureBuffer(buffer).then((b) => {\n      /* istanbul ignore if */\n      if (buffer.length === 0 || buffer.byteLength === 0) {\n        return Promise.reject(new Error('Attempted to decrypt zero-length buffer'));\n      }\n\n      return scr.decrypt(b);\n    });\n  },\n\n  /**\n   * Decrypt a SCR (Secure Content Resource) using the supplied key uri.\n   *\n   * @param {string} key - The uri of a key stored in KMS\n   * @param {Object} cipherScr - An encrypted SCR\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {Object} Decrypted SCR\n   */\n  decryptScr(key, cipherScr, options) {\n    return this.getKey(key, options).then((k) => SCR.fromJWE(k.jwk, cipherScr));\n  },\n\n  /**\n   * Decrypt text using the supplied key uri.\n   *\n   * @param {string} key - The uri of a key stored in KMS\n   * @param {string} ciphertext - Encrypted text\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {string} Decrypted plaintext\n   */\n  decryptText(key, ciphertext, options) {\n    return this.getKey(key, options).then((k) =>\n      jose.JWE.createDecrypt(k.jwk)\n        .decrypt(ciphertext)\n        .then((result) => result.plaintext.toString())\n    );\n  },\n\n  /**\n   * Validate and initiate a Download request for requested file\n   * @param {Object} fileUrl - Plaintext\n   * @param {Object} scr - Plaintext\n   * @param {Object} options - optional parameters to download a file\n   * @returns {promise}\n   */\n  download(fileUrl, scr, options) {\n    /* istanbul ignore if */\n    if (!fileUrl || !scr) {\n      return Promise.reject(new Error('`scr` and `fileUrl` are required'));\n    }\n\n    const shunt = new EventEmitter();\n    const promise = this._fetchDownloadUrl(fileUrl, {useFileService: true, ...options})\n      .then((uri) => {\n        // eslint-disable-next-line no-shadow\n        const options = {\n          method: 'GET',\n          uri,\n          responseType: 'buffer',\n        };\n\n        const ret = this.request(options);\n\n        transferEvents('progress', options.download, shunt);\n\n        return ret;\n      })\n      .then((res) => this.decryptBinary(scr, res.body));\n\n    proxyEvents(shunt, promise);\n\n    return promise;\n  },\n\n  /**\n   * Fetch Download URL for the requested file\n   * @param {Object} fileUrl - Plaintext\n   * @param {Object} options - optional parameters to download a file\n   * @returns {promise} url of the downloadable file\n   */\n  _fetchDownloadUrl(fileUrl, options) {\n    this.logger.info('encryption: retrieving download url for encrypted file');\n\n    if (process.env.NODE_ENV !== 'production' && fileUrl.includes('localhost')) {\n      this.logger.info(\n        'encryption: bypassing webex files because this looks to be a test file on localhost'\n      );\n\n      return Promise.resolve(fileUrl);\n    }\n\n    if (options?.useFileService === false) {\n      if (!fileUrl.startsWith('https://')) {\n        this.logger.error('encryption: direct file URLs must use HTTPS');\n\n        return Promise.reject(new Error('Direct file URLs must use HTTPS'));\n      }\n\n      return Promise.resolve(fileUrl);\n    }\n\n    const inputBody = {\n      endpoints: [fileUrl],\n    };\n    const endpointUrl = url.parse(fileUrl);\n\n    // hardcode the url to use 'https' and the file service '/v1/download/endpoints' api\n    endpointUrl.protocol = 'https';\n    endpointUrl.pathname = '/v1/download/endpoints';\n\n    return this.request({\n      method: 'POST',\n      uri: url.format(endpointUrl),\n      body:\n        options?.params && Object.keys(options.params).indexOf('allow') > -1\n          ? {\n              ...inputBody,\n              allow: options.params.allow,\n            }\n          : inputBody,\n    })\n      .then((res) => {\n        // eslint-disable-next-line no-shadow\n        const url = res.body.endpoints[fileUrl];\n\n        if (!url) {\n          this.logger.warn(\n            'encryption: could not determine download url for `fileUrl`; attempting to download `fileUrl` directly'\n          );\n\n          return fileUrl;\n        }\n        this.logger.info('encryption: retrieved download url for encrypted file');\n\n        return url;\n      })\n      .catch((err) => {\n        this.logger.warn(\n          `encryption: ${err} could not determine download url for ${fileUrl}; attempting to download ${fileUrl} directly`\n        );\n\n        return fileUrl;\n      });\n  },\n\n  encryptBinary(file) {\n    return ensureBuffer(file).then((buffer) =>\n      SCR.create().then((scr) =>\n        scr\n          .encrypt(buffer)\n          .then(ensureBuffer)\n          // eslint-disable-next-line max-nested-callbacks\n          .then((cdata) => ({scr, cdata}))\n      )\n    );\n  },\n\n  /**\n   * Encrypt a SCR (Secure Content Resource) using the supplied key uri.\n   *\n   * @param {string} key - The uri of a key stored in KMS\n   * @param {Object} scr - SCRObject\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {string} Encrypted SCR\n   */\n  encryptScr(key, scr, options) {\n    /* istanbul ignore if */\n    if (!scr.loc) {\n      return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));\n    }\n\n    return this.getKey(key, options).then((k) => scr.toJWE(k.jwk));\n  },\n\n  /**\n   * Encrypt plaintext using the supplied key uri.\n   *\n   * @param {string} key - The uri of a key stored in KMS\n   * @param {string} plaintext\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {string} Encrypted text\n   */\n  encryptText(key, plaintext, options) {\n    return this.getKey(key, options).then((k) =>\n      jose.JWE.createEncrypt(this.config.joseOptions, {\n        key: k.jwk,\n        header: {\n          alg: 'dir',\n        },\n        reference: null,\n      }).final(plaintext, 'utf8')\n    );\n  },\n\n  /**\n   * Fetch the key associated with the supplied KMS uri.\n   *\n   * @param {string} uri - The uri of a key stored in KMS\n   * @param {Object} options\n   * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n   * @returns {string} Key\n   */\n  getKey(uri, {onBehalfOf} = {}) {\n    if (uri.jwk) {\n      return this.kms.asKey(uri);\n    }\n\n    let storageKey = uri;\n\n    if (onBehalfOf) {\n      storageKey += `/onBehalfOf/${onBehalfOf}`;\n    }\n\n    return this.unboundedStorage\n      .get(storageKey)\n      .then((keyString) => JSON.parse(keyString))\n      .then((keyObject) => this.kms.asKey(keyObject))\n      .catch(() =>\n        this.kms\n          .fetchKey({uri, onBehalfOf})\n          .then(tap((key) => this.unboundedStorage.put(storageKey, JSON.stringify(key, replacer))))\n      );\n  },\n});\n\n/**\n * JSON.stringify replacer that ensures private key data is serialized.\n * @param {string} k\n * @param {mixed} v\n * @returns {mixed}\n */\nfunction replacer(k, v) {\n  if (k === 'jwk') {\n    // note: this[k] and v may be different representations of the same value\n    // eslint-disable-next-line no-invalid-this\n    const json = this[k].toJSON(true);\n\n    return json;\n  }\n\n  return v;\n}\n\nexport default Encryption;\n"],"mappings":";;;;;;;;;;;;;;;;;AAIA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAC,sBAAA,CAAAF,OAAA;AAEA,IAAAG,UAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,SAAA,GAAAH,sBAAA,CAAAF,OAAA;AACA,IAAAM,QAAA,GAAAJ,sBAAA,CAAAF,OAAA;AAEA,IAAAO,aAAA,GAAAL,sBAAA,CAAAF,OAAA;AACA,IAAAQ,IAAA,GAAAN,sBAAA,CAAAF,OAAA;AAAwB,SAAAS,QAAAC,CAAA,EAAAC,CAAA,QAAAC,CAAA,GAAAC,aAAA,CAAAH,CAAA,OAAAI,6BAAA,QAAAC,CAAA,GAAAD,6BAAA,CAAAJ,CAAA,GAAAC,CAAA,KAAAI,CAAA,GAAAA,CAAA,CAAAC,MAAA,WAAAL,CAAA,WAAAM,gCAAA,CAAAP,CAAA,EAAAC,CAAA,EAAAO,UAAA,OAAAN,CAAA,CAAAO,IAAA,CAAAC,KAAA,CAAAR,CAAA,EAAAG,CAAA,YAAAH,CAAA;AAAA,SAAAS,cAAAX,CAAA,aAAAC,CAAA,MAAAA,CAAA,GAAAW,SAAA,CAAAC,MAAA,EAAAZ,CAAA,UAAAC,CAAA,WAAAU,SAAA,CAAAX,CAAA,IAAAW,SAAA,CAAAX,CAAA,QAAAA,CAAA,OAAAF,OAAA,CAAAe,MAAA,CAAAZ,CAAA,OAAAa,OAAA,WAAAd,CAAA,QAAAe,gBAAA,CAAAC,OAAA,EAAAjB,CAAA,EAAAC,CAAA,EAAAC,CAAA,CAAAD,CAAA,SAAAiB,iCAAA,GAAAC,wBAAA,CAAAnB,CAAA,EAAAkB,iCAAA,CAAAhB,CAAA,KAAAH,OAAA,CAAAe,MAAA,CAAAZ,CAAA,GAAAa,OAAA,WAAAd,CAAA,IAAAmB,sBAAA,CAAApB,CAAA,EAAAC,CAAA,EAAAM,gCAAA,CAAAL,CAAA,EAAAD,CAAA,iBAAAD,CAAA,IAbxB;AACA;AACA;AAaA,IAAMqB,UAAU,GAAGC,sBAAW,CAACC,MAAM,CAAC;EACpCC,QAAQ,EAAE;IACRC,GAAG,EAAEC;EACP,CAAC;EAEDC,SAAS,EAAE,YAAY;EAEvBC,sBAAsB,WAAAA,uBAACC,KAAK,EAAE;IAC5B,OAAO,IAAI,CAACJ,GAAG,CAACG,sBAAsB,CAACC,KAAK,CAAC;EAC/C,CAAC;EAEDC,aAAa,WAAAA,cAACC,GAAG,EAAEC,MAAM,EAAE;IACzB,OAAO,IAAAC,qBAAY,EAACD,MAAM,CAAC,CAACE,IAAI,CAAC,UAACC,CAAC,EAAK;MACtC;MACA,IAAIH,MAAM,CAACnB,MAAM,KAAK,CAAC,IAAImB,MAAM,CAACI,UAAU,KAAK,CAAC,EAAE;QAClD,OAAOC,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,yCAAyC,CAAC,CAAC;MAC7E;MAEA,OAAOR,GAAG,CAACS,OAAO,CAACL,CAAC,CAAC;IACvB,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEM,UAAU,WAAAA,WAACC,GAAG,EAAEC,SAAS,EAAEC,OAAO,EAAE;IAClC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKC,gBAAG,CAACC,OAAO,CAACF,CAAC,CAACG,GAAG,EAAEN,SAAS,CAAC;IAAA,EAAC;EAC7E,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEO,WAAW,WAAAA,YAACR,GAAG,EAAES,UAAU,EAAEP,OAAO,EAAE;IACpC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAACC,aAAa,CAACR,CAAC,CAACG,GAAG,CAAC,CAC1BT,OAAO,CAACW,UAAU,CAAC,CACnBjB,IAAI,CAAC,UAACqB,MAAM;QAAA,OAAKA,MAAM,CAACC,SAAS,CAACC,QAAQ,CAAC,CAAC;MAAA,EAAC;IAAA,CAClD,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,QAAQ,WAAAA,SAACC,OAAO,EAAE5B,GAAG,EAAEa,OAAO,EAAE;IAAA,IAAAgB,KAAA;IAC9B;IACA,IAAI,CAACD,OAAO,IAAI,CAAC5B,GAAG,EAAE;MACpB,OAAOM,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtE;IAEA,IAAMsB,KAAK,GAAG,IAAIC,oBAAY,CAAC,CAAC;IAChC,IAAMC,OAAO,GAAG,IAAI,CAACC,iBAAiB,CAACL,OAAO,EAAAhD,aAAA;MAAGsD,cAAc,EAAE;IAAI,GAAKrB,OAAO,CAAC,CAAC,CAChFV,IAAI,CAAC,UAACgC,GAAG,EAAK;MACb;MACA,IAAMtB,OAAO,GAAG;QACduB,MAAM,EAAE,KAAK;QACbD,GAAG,EAAHA,GAAG;QACHE,YAAY,EAAE;MAChB,CAAC;MAED,IAAMC,GAAG,GAAGT,KAAI,CAACU,OAAO,CAAC1B,OAAO,CAAC;MAEjC,IAAA2B,sBAAc,EAAC,UAAU,EAAE3B,OAAO,CAACc,QAAQ,EAAEG,KAAK,CAAC;MAEnD,OAAOQ,GAAG;IACZ,CAAC,CAAC,CACDnC,IAAI,CAAC,UAACsC,GAAG;MAAA,OAAKZ,KAAI,CAAC9B,aAAa,CAACC,GAAG,EAAEyC,GAAG,CAACC,IAAI,CAAC;IAAA,EAAC;IAEnD,IAAAC,mBAAW,EAACb,KAAK,EAAEE,OAAO,CAAC;IAE3B,OAAOA,OAAO;EAChB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;EACEC,iBAAiB,WAAAA,kBAACL,OAAO,EAAEf,OAAO,EAAE;IAAA,IAAA+B,MAAA;IAClC,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,wDAAwD,CAAC;IAE1E,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,IAAIrB,OAAO,CAACsB,QAAQ,CAAC,WAAW,CAAC,EAAE;MAC1E,IAAI,CAACL,MAAM,CAACC,IAAI,CACd,qFACF,CAAC;MAED,OAAOxC,QAAA,CAAApB,OAAA,CAAQiE,OAAO,CAACvB,OAAO,CAAC;IACjC;IAEA,IAAI,CAAAf,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEqB,cAAc,MAAK,KAAK,EAAE;MACrC,IAAI,CAACN,OAAO,CAACwB,UAAU,CAAC,UAAU,CAAC,EAAE;QACnC,IAAI,CAACP,MAAM,CAACQ,KAAK,CAAC,6CAA6C,CAAC;QAEhE,OAAO/C,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,iCAAiC,CAAC,CAAC;MACrE;MAEA,OAAOF,QAAA,CAAApB,OAAA,CAAQiE,OAAO,CAACvB,OAAO,CAAC;IACjC;IAEA,IAAM0B,SAAS,GAAG;MAChBC,SAAS,EAAE,CAAC3B,OAAO;IACrB,CAAC;IACD,IAAM4B,WAAW,GAAGC,YAAG,CAACC,KAAK,CAAC9B,OAAO,CAAC;;IAEtC;IACA4B,WAAW,CAACG,QAAQ,GAAG,OAAO;IAC9BH,WAAW,CAACI,QAAQ,GAAG,wBAAwB;IAE/C,OAAO,IAAI,CAACrB,OAAO,CAAC;MAClBH,MAAM,EAAE,MAAM;MACdD,GAAG,EAAEsB,YAAG,CAACI,MAAM,CAACL,WAAW,CAAC;MAC5Bd,IAAI,EACF7B,OAAO,aAAPA,OAAO,eAAPA,OAAO,CAAEiD,MAAM,IAAI,IAAAC,KAAA,CAAA7E,OAAA,EAAY2B,OAAO,CAACiD,MAAM,CAAC,CAACE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAApF,aAAA,CAAAA,aAAA,KAE3D0E,SAAS;QACZW,KAAK,EAAEpD,OAAO,CAACiD,MAAM,CAACG;MAAK,KAE7BX;IACR,CAAC,CAAC,CACCnD,IAAI,CAAC,UAACsC,GAAG,EAAK;MACb;MACA,IAAMgB,GAAG,GAAGhB,GAAG,CAACC,IAAI,CAACa,SAAS,CAAC3B,OAAO,CAAC;MAEvC,IAAI,CAAC6B,GAAG,EAAE;QACRb,MAAI,CAACC,MAAM,CAACqB,IAAI,CACd,uGACF,CAAC;QAED,OAAOtC,OAAO;MAChB;MACAgB,MAAI,CAACC,MAAM,CAACC,IAAI,CAAC,uDAAuD,CAAC;MAEzE,OAAOW,GAAG;IACZ,CAAC,CAAC,CACDU,KAAK,CAAC,UAACC,GAAG,EAAK;MACdxB,MAAI,CAACC,MAAM,CAACqB,IAAI,gBAAAG,MAAA,CACCD,GAAG,4CAAAC,MAAA,CAAyCzC,OAAO,+BAAAyC,MAAA,CAA4BzC,OAAO,cACvG,CAAC;MAED,OAAOA,OAAO;IAChB,CAAC,CAAC;EACN,CAAC;EAED0C,aAAa,WAAAA,cAACC,IAAI,EAAE;IAClB,OAAO,IAAArE,qBAAY,EAACqE,IAAI,CAAC,CAACpE,IAAI,CAAC,UAACF,MAAM;MAAA,OACpCe,gBAAG,CAACwD,MAAM,CAAC,CAAC,CAACrE,IAAI,CAAC,UAACH,GAAG;QAAA,OACpBA,GAAG,CACAyE,OAAO,CAACxE,MAAM,CAAC,CACfE,IAAI,CAACD,qBAAY;QAClB;QAAA,CACCC,IAAI,CAAC,UAACuE,KAAK;UAAA,OAAM;YAAC1E,GAAG,EAAHA,GAAG;YAAE0E,KAAK,EAALA;UAAK,CAAC;QAAA,CAAC,CAAC;MAAA,CACpC,CAAC;IAAA,CACH,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,UAAU,WAAAA,WAAChE,GAAG,EAAEX,GAAG,EAAEa,OAAO,EAAE;IAC5B;IACA,IAAI,CAACb,GAAG,CAAC4E,GAAG,EAAE;MACZ,OAAOtE,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtF;IAEA,OAAO,IAAI,CAACM,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKf,GAAG,CAAC6E,KAAK,CAAC9D,CAAC,CAACG,GAAG,CAAC;IAAA,EAAC;EAChE,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE4D,WAAW,WAAAA,YAACnE,GAAG,EAAEc,SAAS,EAAEZ,OAAO,EAAE;IAAA,IAAAkE,MAAA;IACnC,OAAO,IAAI,CAACjE,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAAC0D,aAAa,CAACD,MAAI,CAACE,MAAM,CAACC,WAAW,EAAE;QAC9CvE,GAAG,EAAEI,CAAC,CAACG,GAAG;QACViE,MAAM,EAAE;UACNC,GAAG,EAAE;QACP,CAAC;QACDC,SAAS,EAAE;MACb,CAAC,CAAC,CAACC,KAAK,CAAC7D,SAAS,EAAE,MAAM,CAAC;IAAA,CAC7B,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEX,MAAM,WAAAA,OAACqB,GAAG,EAAqB;IAAA,IAAAoD,MAAA;IAAA,IAAAC,IAAA,GAAA3G,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA4G,SAAA,GAAA5G,SAAA,MAAJ,CAAC,CAAC;MAAhB6G,UAAU,GAAAF,IAAA,CAAVE,UAAU;IACrB,IAAIvD,GAAG,CAACjB,GAAG,EAAE;MACX,OAAO,IAAI,CAACxB,GAAG,CAACiG,KAAK,CAACxD,GAAG,CAAC;IAC5B;IAEA,IAAIyD,UAAU,GAAGzD,GAAG;IAEpB,IAAIuD,UAAU,EAAE;MACdE,UAAU,mBAAAvB,MAAA,CAAmBqB,UAAU,CAAE;IAC3C;IAEA,OAAO,IAAI,CAACG,gBAAgB,CACzBC,GAAG,CAACF,UAAU,CAAC,CACfzF,IAAI,CAAC,UAAC4F,SAAS;MAAA,OAAKC,IAAI,CAACtC,KAAK,CAACqC,SAAS,CAAC;IAAA,EAAC,CAC1C5F,IAAI,CAAC,UAAC8F,SAAS;MAAA,OAAKV,MAAI,CAAC7F,GAAG,CAACiG,KAAK,CAACM,SAAS,CAAC;IAAA,EAAC,CAC9C9B,KAAK,CAAC;MAAA,OACLoB,MAAI,CAAC7F,GAAG,CACLwG,QAAQ,CAAC;QAAC/D,GAAG,EAAHA,GAAG;QAAEuD,UAAU,EAAVA;MAAU,CAAC,CAAC,CAC3BvF,IAAI,CAAC,IAAAgG,WAAG,EAAC,UAACxF,GAAG;QAAA,OAAK4E,MAAI,CAACM,gBAAgB,CAACO,GAAG,CAACR,UAAU,EAAE,IAAAS,UAAA,CAAAnH,OAAA,EAAeyB,GAAG,EAAE2F,QAAQ,CAAC,CAAC;MAAA,EAAC,CAAC;IAAA,CAC7F,CAAC;EACL,CAAC;EAAAC,OAAA;AACH,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA,SAASD,QAAQA,CAACvF,CAAC,EAAEyF,CAAC,EAAE;EACtB,IAAIzF,CAAC,KAAK,KAAK,EAAE;IACf;IACA;IACA,IAAM0F,IAAI,GAAG,IAAI,CAAC1F,CAAC,CAAC,CAAC2F,MAAM,CAAC,IAAI,CAAC;IAEjC,OAAOD,IAAI;EACb;EAEA,OAAOD,CAAC;AACV;AAAC,IAAAG,QAAA,GAAAC,OAAA,CAAA1H,OAAA,GAEcI,UAAU"}

package/dist/kms.js

@@ -809,7 +809,7 @@ var KMS = _webexCore.WebexPlugin.extend((_dec = (0, _common.oneFlight)({
     context.ephemeralKey = originalContext.ephemeralKey;
     return context;
   },
-  version: "3.8.0-next.15"
+  version: "3.8.0-next.16"
 }, ((0, _applyDecoratedDescriptor2.default)(_obj, "fetchKey", [_dec], (0, _getOwnPropertyDescriptor.default)(_obj, "fetchKey"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "_getContext", [_common.oneFlight], (0, _getOwnPropertyDescriptor.default)(_obj, "_getContext"), _obj)), _obj)));
 var _default = exports.default = KMS;
 //# sourceMappingURL=kms.js.map

package/package.json

@@ -67,5 +67,5 @@
     "test:style": "eslint ./src/**/*.*",
     "test:unit": "webex-legacy-tools test --unit --runner jest"
   },
-  "version": "3.8.0-next.15"
+  "version": "3.8.0-next.16"
 }

package/src/encryption.js

@@ -118,7 +118,7 @@ const Encryption = WebexPlugin.extend({
       return Promise.resolve(fileUrl);
     }
 
-    if (options && options.useFileService === false) {
+    if (options?.useFileService === false) {
       if (!fileUrl.startsWith('https://')) {
         this.logger.error('encryption: direct file URLs must use HTTPS');
 
@@ -141,7 +141,7 @@ const Encryption = WebexPlugin.extend({
       method: 'POST',
       uri: url.format(endpointUrl),
       body:
-        options?.params?.allow != null
+        options?.params && Object.keys(options.params).indexOf('allow') > -1
           ? {
               ...inputBody,
               allow: options.params.allow,
@@ -188,7 +188,7 @@ const Encryption = WebexPlugin.extend({
    * Encrypt a SCR (Secure Content Resource) using the supplied key uri.
    *
    * @param {string} key - The uri of a key stored in KMS
-   * @param {Object} scr - Plaintext
+   * @param {Object} scr - SCRObject
    * @param {Object} options
    * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role
    * @returns {string} Encrypted SCR
@@ -199,22 +199,7 @@ const Encryption = WebexPlugin.extend({
       return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));
     }
 
-    // first we get the scr json, then we create an SCR instance using the key json and then we create a JWE using the key jwk
-    return this.getKey(key, options).then((k) => {
-      if (!k?.jwk) {
-        this.logger.error('encryption: Invalid key or JWK');
-        throw new Error('Invalid key or JWK');
-      }
-
-      return SCR.fromJSON(scr).then((encScr) => {
-        if (!encScr) {
-          this.logger.error('encryption: Failed to create SCR instance');
-          throw new Error('Failed to create SCR instance');
-        }
-
-        return encScr.toJWE(k.jwk);
-      });
-    });
+    return this.getKey(key, options).then((k) => scr.toJWE(k.jwk));
   },
 
   /**

package/test/unit/spec/encryption.js

@@ -25,18 +25,21 @@ describe('internal-plugin-encryption', () => {
       const fileArray = [
         {
           url: 'https://files-api-intb1.ciscospark.com/v1/spaces/a0cba376-fc05-4b88-af4b-cfffa7465f9a/contents/1d3931e7-9e31-46bc-8084-d766a8f72c99/versions/5fa9caf87a98410aae49e0173856a974/bytes',
+          options: undefined
         },
         {
           url: 'https://files-api-intb2.ciscospark.com/v1/spaces/a0cba376-fc05-4b88-af4b-cfffa7465f9a/contents/1d3931e7-9e31-46bc-8084-d766a8f72c99/versions/5fa9caf87a98410aae49e0173856a974/bytes',
+          options: {params: {allow: false}}
         },
         {
           url: 'https://www.test-api.com/v1/spaces/test-path-name-space/contents/test-path-name-contents/versions/test-version/bytes',
+          options: {useFileService: true}
         },
         {
           url: 'http://www.test-api.com/v1/spaces/test-path-name-space/contents/test-path-name-contents/versions/test-version/bytes',
+          options: {useFileService: true, params: {allow: false}}
         },
       ];
-      const options = undefined;
       let spyStub;
 
       beforeEach(() => {
@@ -44,7 +47,7 @@ describe('internal-plugin-encryption', () => {
 
         spyStub = sinon.stub(webex.internal.encryption, 'request').callsFake(returnStub);
 
-        fileArray.forEach((file) => webex.internal.encryption._fetchDownloadUrl(file.url, options));
+        fileArray.forEach((file) => webex.internal.encryption._fetchDownloadUrl(file.url, file.options));
       });
 
       it('verifying file service uris', () => {