@webex/internal-plugin-encryption 3.8.0-next.15 → 3.8.0-next.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/encryption.js +15 -28
  2. package/dist/encryption.js.map +1 -1
  3. package/dist/kms.js +1 -1
  4. package/package.json +13 -13
  5. package/src/encryption.js +4 -19
  6. package/test/unit/spec/encryption.js +5 -2
package/dist/encryption.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
 
3
- var _Object$keys = require("@babel/runtime-corejs2/core-js/object/keys");
3
+ var _Object$keys2 = require("@babel/runtime-corejs2/core-js/object/keys");
4
4
  var _Object$getOwnPropertySymbols = require("@babel/runtime-corejs2/core-js/object/get-own-property-symbols");
5
5
  var _Object$getOwnPropertyDescriptor = require("@babel/runtime-corejs2/core-js/object/get-own-property-descriptor");
6
6
  var _Object$getOwnPropertyDescriptors = require("@babel/runtime-corejs2/core-js/object/get-own-property-descriptors");
@@ -13,6 +13,7 @@ _Object$defineProperty(exports, "__esModule", {
13
13
  exports.default = void 0;
14
14
  var _defineProperty2 = _interopRequireDefault(require("@babel/runtime-corejs2/helpers/defineProperty"));
15
15
  var _promise = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/promise"));
16
+ var _keys = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/object/keys"));
16
17
  var _stringify = _interopRequireDefault(require("@babel/runtime-corejs2/core-js/json/stringify"));
17
18
  var _events = require("events");
18
19
  var _url = _interopRequireDefault(require("url"));
@@ -22,7 +23,7 @@ var _nodeJose = _interopRequireDefault(require("node-jose"));
22
23
  var _nodeScr = _interopRequireDefault(require("node-scr"));
23
24
  var _ensureBuffer = _interopRequireDefault(require("./ensure-buffer"));
24
25
  var _kms = _interopRequireDefault(require("./kms"));
25
- function ownKeys(e, r) { var t = _Object$keys(e); if (_Object$getOwnPropertySymbols) { var o = _Object$getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return _Object$getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
26
+ function ownKeys(e, r) { var t = _Object$keys2(e); if (_Object$getOwnPropertySymbols) { var o = _Object$getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return _Object$getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
26
27
  function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { (0, _defineProperty2.default)(e, r, t[r]); }) : _Object$getOwnPropertyDescriptors ? _Object$defineProperties(e, _Object$getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { _Object$defineProperty(e, r, _Object$getOwnPropertyDescriptor(t, r)); }); } return e; } /*!
27
28
  * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.
28
29
  */
@@ -112,14 +113,13 @@ var Encryption = _webexCore.WebexPlugin.extend({
112
113
  * @returns {promise} url of the downloadable file
113
114
  */
114
115
  _fetchDownloadUrl: function _fetchDownloadUrl(fileUrl, options) {
115
- var _options$params,
116
- _this2 = this;
116
+ var _this2 = this;
117
117
  this.logger.info('encryption: retrieving download url for encrypted file');
118
118
  if (process.env.NODE_ENV !== 'production' && fileUrl.includes('localhost')) {
119
119
  this.logger.info('encryption: bypassing webex files because this looks to be a test file on localhost');
120
120
  return _promise.default.resolve(fileUrl);
121
121
  }
122
- if (options && options.useFileService === false) {
122
+ if ((options === null || options === void 0 ? void 0 : options.useFileService) === false) {
123
123
  if (!fileUrl.startsWith('https://')) {
124
124
  this.logger.error('encryption: direct file URLs must use HTTPS');
125
125
  return _promise.default.reject(new Error('Direct file URLs must use HTTPS'));
@@ -137,7 +137,7 @@ var Encryption = _webexCore.WebexPlugin.extend({
137
137
  return this.request({
138
138
  method: 'POST',
139
139
  uri: _url.default.format(endpointUrl),
140
- body: (options === null || options === void 0 ? void 0 : (_options$params = options.params) === null || _options$params === void 0 ? void 0 : _options$params.allow) != null ? _objectSpread(_objectSpread({}, inputBody), {}, {
140
+ body: options !== null && options !== void 0 && options.params && (0, _keys.default)(options.params).indexOf('allow') > -1 ? _objectSpread(_objectSpread({}, inputBody), {}, {
141
141
  allow: options.params.allow
142
142
  }) : inputBody
143
143
  }).then(function (res) {
@@ -172,31 +172,18 @@ var Encryption = _webexCore.WebexPlugin.extend({
172
172
  * Encrypt a SCR (Secure Content Resource) using the supplied key uri.
173
173
  *
174
174
  * @param {string} key - The uri of a key stored in KMS
175
- * @param {Object} scr - Plaintext
175
+ * @param {Object} scr - SCRObject
176
176
  * @param {Object} options
177
177
  * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role
178
178
  * @returns {string} Encrypted SCR
179
179
  */
180
180
  encryptScr: function encryptScr(key, scr, options) {
181
- var _this3 = this;
182
181
  /* istanbul ignore if */
183
182
  if (!scr.loc) {
184
183
  return _promise.default.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));
185
184
  }
186
-
187
- // first we get the scr json, then we create an SCR instance using the key json and then we create a JWE using the key jwk
188
185
  return this.getKey(key, options).then(function (k) {
189
- if (!(k !== null && k !== void 0 && k.jwk)) {
190
- _this3.logger.error('encryption: Invalid key or JWK');
191
- throw new Error('Invalid key or JWK');
192
- }
193
- return _nodeScr.default.fromJSON(scr).then(function (encScr) {
194
- if (!encScr) {
195
- _this3.logger.error('encryption: Failed to create SCR instance');
196
- throw new Error('Failed to create SCR instance');
197
- }
198
- return encScr.toJWE(k.jwk);
199
- });
186
+ return scr.toJWE(k.jwk);
200
187
  });
201
188
  },
202
189
  /**
@@ -209,9 +196,9 @@ var Encryption = _webexCore.WebexPlugin.extend({
209
196
  * @returns {string} Encrypted text
210
197
  */
211
198
  encryptText: function encryptText(key, plaintext, options) {
212
- var _this4 = this;
199
+ var _this3 = this;
213
200
  return this.getKey(key, options).then(function (k) {
214
- return _nodeJose.default.JWE.createEncrypt(_this4.config.joseOptions, {
201
+ return _nodeJose.default.JWE.createEncrypt(_this3.config.joseOptions, {
215
202
  key: k.jwk,
216
203
  header: {
217
204
  alg: 'dir'
@@ -229,7 +216,7 @@ var Encryption = _webexCore.WebexPlugin.extend({
229
216
  * @returns {string} Key
230
217
  */
231
218
  getKey: function getKey(uri) {
232
- var _this5 = this;
219
+ var _this4 = this;
233
220
  var _ref = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {},
234
221
  onBehalfOf = _ref.onBehalfOf;
235
222
  if (uri.jwk) {
@@ -242,17 +229,17 @@ var Encryption = _webexCore.WebexPlugin.extend({
242
229
  return this.unboundedStorage.get(storageKey).then(function (keyString) {
243
230
  return JSON.parse(keyString);
244
231
  }).then(function (keyObject) {
245
- return _this5.kms.asKey(keyObject);
232
+ return _this4.kms.asKey(keyObject);
246
233
  }).catch(function () {
247
- return _this5.kms.fetchKey({
234
+ return _this4.kms.fetchKey({
248
235
  uri: uri,
249
236
  onBehalfOf: onBehalfOf
250
237
  }).then((0, _common.tap)(function (key) {
251
- return _this5.unboundedStorage.put(storageKey, (0, _stringify.default)(key, replacer));
238
+ return _this4.unboundedStorage.put(storageKey, (0, _stringify.default)(key, replacer));
252
239
  }));
253
240
  });
254
241
  },
255
- version: "3.8.0-next.15"
242
+ version: "3.8.0-next.17"
256
243
  });
257
244
 
258
245
  /**
package/dist/encryption.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_events","require","_url","_interopRequireDefault","_webexCore","_common","_nodeJose","_nodeScr","_ensureBuffer","_kms","ownKeys","e","r","t","_Object$keys","_Object$getOwnPropertySymbols","o","filter","_Object$getOwnPropertyDescriptor","enumerable","push","apply","_objectSpread","arguments","length","Object","forEach","_defineProperty2","default","_Object$getOwnPropertyDescriptors","_Object$defineProperties","_Object$defineProperty","Encryption","WebexPlugin","extend","children","kms","KMS","namespace","processKmsMessageEvent","event","decryptBinary","scr","buffer","ensureBuffer","then","b","byteLength","_promise","reject","Error","decrypt","decryptScr","key","cipherScr","options","getKey","k","SCR","fromJWE","jwk","decryptText","ciphertext","jose","JWE","createDecrypt","result","plaintext","toString","download","fileUrl","_this","shunt","EventEmitter","promise","_fetchDownloadUrl","useFileService","uri","method","responseType","ret","request","transferEvents","res","body","proxyEvents","_options$params","_this2","logger","info","process","env","NODE_ENV","includes","resolve","startsWith","error","inputBody","endpoints","endpointUrl","url","parse","protocol","pathname","format","params","allow","warn","catch","err","concat","encryptBinary","file","create","encrypt","cdata","encryptScr","_this3","loc","fromJSON","encScr","toJWE","encryptText","_this4","createEncrypt","config","joseOptions","header","alg","reference","final","_this5","_ref","undefined","onBehalfOf","asKey","storageKey","unboundedStorage","get","keyString","JSON","keyObject","fetchKey","tap","put","_stringify","replacer","version","v","json","toJSON","_default","exports"],"sources":["encryption.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {EventEmitter} from 'events';\nimport url from 'url';\n\nimport {WebexPlugin} from '@webex/webex-core';\nimport {proxyEvents, tap, transferEvents} from '@webex/common';\nimport jose from 'node-jose';\nimport SCR from 'node-scr';\n\nimport ensureBuffer from './ensure-buffer';\nimport KMS from './kms';\n\nconst Encryption = WebexPlugin.extend({\n children: {\n kms: KMS,\n },\n\n namespace: 'Encryption',\n\n processKmsMessageEvent(event) {\n return this.kms.processKmsMessageEvent(event);\n },\n\n decryptBinary(scr, buffer) {\n return ensureBuffer(buffer).then((b) => {\n /* istanbul ignore if */\n if (buffer.length === 0 || buffer.byteLength === 0) {\n return Promise.reject(new Error('Attempted to decrypt zero-length buffer'));\n }\n\n return scr.decrypt(b);\n });\n },\n\n /**\n * Decrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} cipherScr - An encrypted SCR\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {Object} Decrypted SCR\n */\n decryptScr(key, cipherScr, options) {\n return this.getKey(key, options).then((k) => SCR.fromJWE(k.jwk, cipherScr));\n },\n\n /**\n * Decrypt text using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} ciphertext - Encrypted text\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Decrypted plaintext\n */\n decryptText(key, ciphertext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createDecrypt(k.jwk)\n .decrypt(ciphertext)\n .then((result) => result.plaintext.toString())\n );\n },\n\n /**\n * Validate and initiate a Download request for requested file\n * @param {Object} fileUrl - Plaintext\n * @param {Object} scr - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise}\n */\n download(fileUrl, scr, options) {\n /* istanbul ignore if */\n if (!fileUrl || !scr) {\n return Promise.reject(new Error('`scr` and `fileUrl` are required'));\n }\n\n const shunt = new EventEmitter();\n const promise = this._fetchDownloadUrl(fileUrl, {useFileService: true, ...options})\n .then((uri) => {\n // eslint-disable-next-line no-shadow\n const options = {\n method: 'GET',\n uri,\n responseType: 'buffer',\n };\n\n const ret = this.request(options);\n\n transferEvents('progress', options.download, shunt);\n\n return ret;\n })\n .then((res) => this.decryptBinary(scr, res.body));\n\n proxyEvents(shunt, promise);\n\n return promise;\n },\n\n /**\n * Fetch Download URL for the requested file\n * @param {Object} fileUrl - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise} url of the downloadable file\n */\n _fetchDownloadUrl(fileUrl, options) {\n this.logger.info('encryption: retrieving download url for encrypted file');\n\n if (process.env.NODE_ENV !== 'production' && fileUrl.includes('localhost')) {\n this.logger.info(\n 'encryption: bypassing webex files because this looks to be a test file on localhost'\n );\n\n return Promise.resolve(fileUrl);\n }\n\n if (options && options.useFileService === false) {\n if (!fileUrl.startsWith('https://')) {\n this.logger.error('encryption: direct file URLs must use HTTPS');\n\n return Promise.reject(new Error('Direct file URLs must use HTTPS'));\n }\n\n return Promise.resolve(fileUrl);\n }\n\n const inputBody = {\n endpoints: [fileUrl],\n };\n const endpointUrl = url.parse(fileUrl);\n\n // hardcode the url to use 'https' and the file service '/v1/download/endpoints' api\n endpointUrl.protocol = 'https';\n endpointUrl.pathname = '/v1/download/endpoints';\n\n return this.request({\n method: 'POST',\n uri: url.format(endpointUrl),\n body:\n options?.params?.allow != null\n ? {\n ...inputBody,\n allow: options.params.allow,\n }\n : inputBody,\n })\n .then((res) => {\n // eslint-disable-next-line no-shadow\n const url = res.body.endpoints[fileUrl];\n\n if (!url) {\n this.logger.warn(\n 'encryption: could not determine download url for `fileUrl`; attempting to download `fileUrl` directly'\n );\n\n return fileUrl;\n }\n this.logger.info('encryption: retrieved download url for encrypted file');\n\n return url;\n })\n .catch((err) => {\n this.logger.warn(\n `encryption: ${err} could not determine download url for ${fileUrl}; attempting to download ${fileUrl} directly`\n );\n\n return fileUrl;\n });\n },\n\n encryptBinary(file) {\n return ensureBuffer(file).then((buffer) =>\n SCR.create().then((scr) =>\n scr\n .encrypt(buffer)\n .then(ensureBuffer)\n // eslint-disable-next-line max-nested-callbacks\n .then((cdata) => ({scr, cdata}))\n )\n );\n },\n\n /**\n * Encrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} scr - Plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted SCR\n */\n encryptScr(key, scr, options) {\n /* istanbul ignore if */\n if (!scr.loc) {\n return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));\n }\n\n // first we get the scr json, then we create an SCR instance using the key json and then we create a JWE using the key jwk\n return this.getKey(key, options).then((k) => {\n if (!k?.jwk) {\n this.logger.error('encryption: Invalid key or JWK');\n throw new Error('Invalid key or JWK');\n }\n\n return SCR.fromJSON(scr).then((encScr) => {\n if (!encScr) {\n this.logger.error('encryption: Failed to create SCR instance');\n throw new Error('Failed to create SCR instance');\n }\n\n return encScr.toJWE(k.jwk);\n });\n });\n },\n\n /**\n * Encrypt plaintext using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted text\n */\n encryptText(key, plaintext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createEncrypt(this.config.joseOptions, {\n key: k.jwk,\n header: {\n alg: 'dir',\n },\n reference: null,\n }).final(plaintext, 'utf8')\n );\n },\n\n /**\n * Fetch the key associated with the supplied KMS uri.\n *\n * @param {string} uri - The uri of a key stored in KMS\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Key\n */\n getKey(uri, {onBehalfOf} = {}) {\n if (uri.jwk) {\n return this.kms.asKey(uri);\n }\n\n let storageKey = uri;\n\n if (onBehalfOf) {\n storageKey += `/onBehalfOf/${onBehalfOf}`;\n }\n\n return this.unboundedStorage\n .get(storageKey)\n .then((keyString) => JSON.parse(keyString))\n .then((keyObject) => this.kms.asKey(keyObject))\n .catch(() =>\n this.kms\n .fetchKey({uri, onBehalfOf})\n .then(tap((key) => this.unboundedStorage.put(storageKey, JSON.stringify(key, replacer))))\n );\n },\n});\n\n/**\n * JSON.stringify replacer that ensures private key data is serialized.\n * @param {string} k\n * @param {mixed} v\n * @returns {mixed}\n */\nfunction replacer(k, v) {\n if (k === 'jwk') {\n // note: this[k] and v may be different representations of the same value\n // eslint-disable-next-line no-invalid-this\n const json = this[k].toJSON(true);\n\n return json;\n }\n\n return v;\n}\n\nexport default Encryption;\n"],"mappings":";;;;;;;;;;;;;;;;AAIA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAC,sBAAA,CAAAF,OAAA;AAEA,IAAAG,UAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,SAAA,GAAAH,sBAAA,CAAAF,OAAA;AACA,IAAAM,QAAA,GAAAJ,sBAAA,CAAAF,OAAA;AAEA,IAAAO,aAAA,GAAAL,sBAAA,CAAAF,OAAA;AACA,IAAAQ,IAAA,GAAAN,sBAAA,CAAAF,OAAA;AAAwB,SAAAS,QAAAC,CAAA,EAAAC,CAAA,QAAAC,CAAA,GAAAC,YAAA,CAAAH,CAAA,OAAAI,6BAAA,QAAAC,CAAA,GAAAD,6BAAA,CAAAJ,CAAA,GAAAC,CAAA,KAAAI,CAAA,GAAAA,CAAA,CAAAC,MAAA,WAAAL,CAAA,WAAAM,gCAAA,CAAAP,CAAA,EAAAC,CAAA,EAAAO,UAAA,OAAAN,CAAA,CAAAO,IAAA,CAAAC,KAAA,CAAAR,CAAA,EAAAG,CAAA,YAAAH,CAAA;AAAA,SAAAS,cAAAX,CAAA,aAAAC,CAAA,MAAAA,CAAA,GAAAW,SAAA,CAAAC,MAAA,EAAAZ,CAAA,UAAAC,CAAA,WAAAU,SAAA,CAAAX,CAAA,IAAAW,SAAA,CAAAX,CAAA,QAAAA,CAAA,OAAAF,OAAA,CAAAe,MAAA,CAAAZ,CAAA,OAAAa,OAAA,WAAAd,CAAA,QAAAe,gBAAA,CAAAC,OAAA,EAAAjB,CAAA,EAAAC,CAAA,EAAAC,CAAA,CAAAD,CAAA,SAAAiB,iCAAA,GAAAC,wBAAA,CAAAnB,CAAA,EAAAkB,iCAAA,CAAAhB,CAAA,KAAAH,OAAA,CAAAe,MAAA,CAAAZ,CAAA,GAAAa,OAAA,WAAAd,CAAA,IAAAmB,sBAAA,CAAApB,CAAA,EAAAC,CAAA,EAAAM,gCAAA,CAAAL,CAAA,EAAAD,CAAA,iBAAAD,CAAA,IAbxB;AACA;AACA;AAaA,IAAMqB,UAAU,GAAGC,sBAAW,CAACC,MAAM,CAAC;EACpCC,QAAQ,EAAE;IACRC,GAAG,EAAEC;EACP,CAAC;EAEDC,SAAS,EAAE,YAAY;EAEvBC,sBAAsB,WAAAA,uBAACC,KAAK,EAAE;IAC5B,OAAO,IAAI,CAACJ,GAAG,CAACG,sBAAsB,CAACC,KAAK,CAAC;EAC/C,CAAC;EAEDC,aAAa,WAAAA,cAACC,GAAG,EAAEC,MAAM,EAAE;IACzB,OAAO,IAAAC,qBAAY,EAACD,MAAM,CAAC,CAACE,IAAI,CAAC,UAACC,CAAC,EAAK;MACtC;MACA,IAAIH,MAAM,CAACnB,MAAM,KAAK,CAAC,IAAImB,MAAM,CAACI,UAAU,KAAK,CAAC,EAAE;QAClD,OAAOC,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,yCAAyC,CAAC,CAAC;MAC7E;MAEA,OAAOR,GAAG,CAACS,OAAO,CAACL,CAAC,CAAC;IACvB,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEM,UAAU,WAAAA,WAACC,GAAG,EAAEC,SAAS,EAAEC,OAAO,EAAE;IAClC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKC,gBAAG,CAACC,OAAO,CAACF,CAAC,CAACG,GAAG,EAAEN,SAAS,CAAC;IAAA,EAAC;EAC7E,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEO,WAAW,WAAAA,YAACR,GAAG,EAAES,UAAU,EAAEP,OAAO,EAAE;IACpC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAACC,aAAa,CAACR,CAAC,CAACG,GAAG,CAAC,CAC1BT,OAAO,CAACW,UAAU,CAAC,CACnBjB,IAAI,CAAC,UAACqB,MAAM;QAAA,OAAKA,MAAM,CAACC,SAAS,CAACC,QAAQ,CAAC,CAAC;MAAA,EAAC;IAAA,CAClD,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,QAAQ,WAAAA,SAACC,OAAO,EAAE5B,GAAG,EAAEa,OAAO,EAAE;IAAA,IAAAgB,KAAA;IAC9B;IACA,IAAI,CAACD,OAAO,IAAI,CAAC5B,GAAG,EAAE;MACpB,OAAOM,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtE;IAEA,IAAMsB,KAAK,GAAG,IAAIC,oBAAY,CAAC,CAAC;IAChC,IAAMC,OAAO,GAAG,IAAI,CAACC,iBAAiB,CAACL,OAAO,EAAAhD,aAAA;MAAGsD,cAAc,EAAE;IAAI,GAAKrB,OAAO,CAAC,CAAC,CAChFV,IAAI,CAAC,UAACgC,GAAG,EAAK;MACb;MACA,IAAMtB,OAAO,GAAG;QACduB,MAAM,EAAE,KAAK;QACbD,GAAG,EAAHA,GAAG;QACHE,YAAY,EAAE;MAChB,CAAC;MAED,IAAMC,GAAG,GAAGT,KAAI,CAACU,OAAO,CAAC1B,OAAO,CAAC;MAEjC,IAAA2B,sBAAc,EAAC,UAAU,EAAE3B,OAAO,CAACc,QAAQ,EAAEG,KAAK,CAAC;MAEnD,OAAOQ,GAAG;IACZ,CAAC,CAAC,CACDnC,IAAI,CAAC,UAACsC,GAAG;MAAA,OAAKZ,KAAI,CAAC9B,aAAa,CAACC,GAAG,EAAEyC,GAAG,CAACC,IAAI,CAAC;IAAA,EAAC;IAEnD,IAAAC,mBAAW,EAACb,KAAK,EAAEE,OAAO,CAAC;IAE3B,OAAOA,OAAO;EAChB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;EACEC,iBAAiB,WAAAA,kBAACL,OAAO,EAAEf,OAAO,EAAE;IAAA,IAAA+B,eAAA;MAAAC,MAAA;IAClC,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,wDAAwD,CAAC;IAE1E,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,IAAItB,OAAO,CAACuB,QAAQ,CAAC,WAAW,CAAC,EAAE;MAC1E,IAAI,CAACL,MAAM,CAACC,IAAI,CACd,qFACF,CAAC;MAED,OAAOzC,QAAA,CAAApB,OAAA,CAAQkE,OAAO,CAACxB,OAAO,CAAC;IACjC;IAEA,IAAIf,OAAO,IAAIA,OAAO,CAACqB,cAAc,KAAK,KAAK,EAAE;MAC/C,IAAI,CAACN,OAAO,CAACyB,UAAU,CAAC,UAAU,CAAC,EAAE;QACnC,IAAI,CAACP,MAAM,CAACQ,KAAK,CAAC,6CAA6C,CAAC;QAEhE,OAAOhD,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,iCAAiC,CAAC,CAAC;MACrE;MAEA,OAAOF,QAAA,CAAApB,OAAA,CAAQkE,OAAO,CAACxB,OAAO,CAAC;IACjC;IAEA,IAAM2B,SAAS,GAAG;MAChBC,SAAS,EAAE,CAAC5B,OAAO;IACrB,CAAC;IACD,IAAM6B,WAAW,GAAGC,YAAG,CAACC,KAAK,CAAC/B,OAAO,CAAC;;IAEtC;IACA6B,WAAW,CAACG,QAAQ,GAAG,OAAO;IAC9BH,WAAW,CAACI,QAAQ,GAAG,wBAAwB;IAE/C,OAAO,IAAI,CAACtB,OAAO,CAAC;MAClBH,MAAM,EAAE,MAAM;MACdD,GAAG,EAAEuB,YAAG,CAACI,MAAM,CAACL,WAAW,CAAC;MAC5Bf,IAAI,EACF,CAAA7B,OAAO,aAAPA,OAAO,wBAAA+B,eAAA,GAAP/B,OAAO,CAAEkD,MAAM,cAAAnB,eAAA,uBAAfA,eAAA,CAAiBoB,KAAK,KAAI,IAAI,GAAApF,aAAA,CAAAA,aAAA,KAErB2E,SAAS;QACZS,KAAK,EAAEnD,OAAO,CAACkD,MAAM,CAACC;MAAK,KAE7BT;IACR,CAAC,CAAC,CACCpD,IAAI,CAAC,UAACsC,GAAG,EAAK;MACb;MACA,IAAMiB,GAAG,GAAGjB,GAAG,CAACC,IAAI,CAACc,SAAS,CAAC5B,OAAO,CAAC;MAEvC,IAAI,CAAC8B,GAAG,EAAE;QACRb,MAAI,CAACC,MAAM,CAACmB,IAAI,CACd,uGACF,CAAC;QAED,OAAOrC,OAAO;MAChB;MACAiB,MAAI,CAACC,MAAM,CAACC,IAAI,CAAC,uDAAuD,CAAC;MAEzE,OAAOW,GAAG;IACZ,CAAC,CAAC,CACDQ,KAAK,CAAC,UAACC,GAAG,EAAK;MACdtB,MAAI,CAACC,MAAM,CAACmB,IAAI,gBAAAG,MAAA,CACCD,GAAG,4CAAAC,MAAA,CAAyCxC,OAAO,+BAAAwC,MAAA,CAA4BxC,OAAO,cACvG,CAAC;MAED,OAAOA,OAAO;IAChB,CAAC,CAAC;EACN,CAAC;EAEDyC,aAAa,WAAAA,cAACC,IAAI,EAAE;IAClB,OAAO,IAAApE,qBAAY,EAACoE,IAAI,CAAC,CAACnE,IAAI,CAAC,UAACF,MAAM;MAAA,OACpCe,gBAAG,CAACuD,MAAM,CAAC,CAAC,CAACpE,IAAI,CAAC,UAACH,GAAG;QAAA,OACpBA,GAAG,CACAwE,OAAO,CAACvE,MAAM,CAAC,CACfE,IAAI,CAACD,qBAAY;QAClB;QAAA,CACCC,IAAI,CAAC,UAACsE,KAAK;UAAA,OAAM;YAACzE,GAAG,EAAHA,GAAG;YAAEyE,KAAK,EAALA;UAAK,CAAC;QAAA,CAAC,CAAC;MAAA,CACpC,CAAC;IAAA,CACH,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,UAAU,WAAAA,WAAC/D,GAAG,EAAEX,GAAG,EAAEa,OAAO,EAAE;IAAA,IAAA8D,MAAA;IAC5B;IACA,IAAI,CAAC3E,GAAG,CAAC4E,GAAG,EAAE;MACZ,OAAOtE,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtF;;IAEA;IACA,OAAO,IAAI,CAACM,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC,EAAK;MAC3C,IAAI,EAACA,CAAC,aAADA,CAAC,eAADA,CAAC,CAAEG,GAAG,GAAE;QACXyD,MAAI,CAAC7B,MAAM,CAACQ,KAAK,CAAC,gCAAgC,CAAC;QACnD,MAAM,IAAI9C,KAAK,CAAC,oBAAoB,CAAC;MACvC;MAEA,OAAOQ,gBAAG,CAAC6D,QAAQ,CAAC7E,GAAG,CAAC,CAACG,IAAI,CAAC,UAAC2E,MAAM,EAAK;QACxC,IAAI,CAACA,MAAM,EAAE;UACXH,MAAI,CAAC7B,MAAM,CAACQ,KAAK,CAAC,2CAA2C,CAAC;UAC9D,MAAM,IAAI9C,KAAK,CAAC,+BAA+B,CAAC;QAClD;QAEA,OAAOsE,MAAM,CAACC,KAAK,CAAChE,CAAC,CAACG,GAAG,CAAC;MAC5B,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE8D,WAAW,WAAAA,YAACrE,GAAG,EAAEc,SAAS,EAAEZ,OAAO,EAAE;IAAA,IAAAoE,MAAA;IACnC,OAAO,IAAI,CAACnE,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAAC4D,aAAa,CAACD,MAAI,CAACE,MAAM,CAACC,WAAW,EAAE;QAC9CzE,GAAG,EAAEI,CAAC,CAACG,GAAG;QACVmE,MAAM,EAAE;UACNC,GAAG,EAAE;QACP,CAAC;QACDC,SAAS,EAAE;MACb,CAAC,CAAC,CAACC,KAAK,CAAC/D,SAAS,EAAE,MAAM,CAAC;IAAA,CAC7B,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEX,MAAM,WAAAA,OAACqB,GAAG,EAAqB;IAAA,IAAAsD,MAAA;IAAA,IAAAC,IAAA,GAAA7G,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA8G,SAAA,GAAA9G,SAAA,MAAJ,CAAC,CAAC;MAAhB+G,UAAU,GAAAF,IAAA,CAAVE,UAAU;IACrB,IAAIzD,GAAG,CAACjB,GAAG,EAAE;MACX,OAAO,IAAI,CAACxB,GAAG,CAACmG,KAAK,CAAC1D,GAAG,CAAC;IAC5B;IAEA,IAAI2D,UAAU,GAAG3D,GAAG;IAEpB,IAAIyD,UAAU,EAAE;MACdE,UAAU,mBAAA1B,MAAA,CAAmBwB,UAAU,CAAE;IAC3C;IAEA,OAAO,IAAI,CAACG,gBAAgB,CACzBC,GAAG,CAACF,UAAU,CAAC,CACf3F,IAAI,CAAC,UAAC8F,SAAS;MAAA,OAAKC,IAAI,CAACvC,KAAK,CAACsC,SAAS,CAAC;IAAA,EAAC,CAC1C9F,IAAI,CAAC,UAACgG,SAAS;MAAA,OAAKV,MAAI,CAAC/F,GAAG,CAACmG,KAAK,CAACM,SAAS,CAAC;IAAA,EAAC,CAC9CjC,KAAK,CAAC;MAAA,OACLuB,MAAI,CAAC/F,GAAG,CACL0G,QAAQ,CAAC;QAACjE,GAAG,EAAHA,GAAG;QAAEyD,UAAU,EAAVA;MAAU,CAAC,CAAC,CAC3BzF,IAAI,CAAC,IAAAkG,WAAG,EAAC,UAAC1F,GAAG;QAAA,OAAK8E,MAAI,CAACM,gBAAgB,CAACO,GAAG,CAACR,UAAU,EAAE,IAAAS,UAAA,CAAArH,OAAA,EAAeyB,GAAG,EAAE6F,QAAQ,CAAC,CAAC;MAAA,EAAC,CAAC;IAAA,CAC7F,CAAC;EACL,CAAC;EAAAC,OAAA;AACH,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA,SAASD,QAAQA,CAACzF,CAAC,EAAE2F,CAAC,EAAE;EACtB,IAAI3F,CAAC,KAAK,KAAK,EAAE;IACf;IACA;IACA,IAAM4F,IAAI,GAAG,IAAI,CAAC5F,CAAC,CAAC,CAAC6F,MAAM,CAAC,IAAI,CAAC;IAEjC,OAAOD,IAAI;EACb;EAEA,OAAOD,CAAC;AACV;AAAC,IAAAG,QAAA,GAAAC,OAAA,CAAA5H,OAAA,GAEcI,UAAU"}
1
+ {"version":3,"names":["_events","require","_url","_interopRequireDefault","_webexCore","_common","_nodeJose","_nodeScr","_ensureBuffer","_kms","ownKeys","e","r","t","_Object$keys2","_Object$getOwnPropertySymbols","o","filter","_Object$getOwnPropertyDescriptor","enumerable","push","apply","_objectSpread","arguments","length","Object","forEach","_defineProperty2","default","_Object$getOwnPropertyDescriptors","_Object$defineProperties","_Object$defineProperty","Encryption","WebexPlugin","extend","children","kms","KMS","namespace","processKmsMessageEvent","event","decryptBinary","scr","buffer","ensureBuffer","then","b","byteLength","_promise","reject","Error","decrypt","decryptScr","key","cipherScr","options","getKey","k","SCR","fromJWE","jwk","decryptText","ciphertext","jose","JWE","createDecrypt","result","plaintext","toString","download","fileUrl","_this","shunt","EventEmitter","promise","_fetchDownloadUrl","useFileService","uri","method","responseType","ret","request","transferEvents","res","body","proxyEvents","_this2","logger","info","process","env","NODE_ENV","includes","resolve","startsWith","error","inputBody","endpoints","endpointUrl","url","parse","protocol","pathname","format","params","_keys","indexOf","allow","warn","catch","err","concat","encryptBinary","file","create","encrypt","cdata","encryptScr","loc","toJWE","encryptText","_this3","createEncrypt","config","joseOptions","header","alg","reference","final","_this4","_ref","undefined","onBehalfOf","asKey","storageKey","unboundedStorage","get","keyString","JSON","keyObject","fetchKey","tap","put","_stringify","replacer","version","v","json","toJSON","_default","exports"],"sources":["encryption.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {EventEmitter} from 'events';\nimport url from 'url';\n\nimport {WebexPlugin} from '@webex/webex-core';\nimport {proxyEvents, tap, transferEvents} from '@webex/common';\nimport jose from 'node-jose';\nimport SCR from 'node-scr';\n\nimport ensureBuffer from './ensure-buffer';\nimport KMS from './kms';\n\nconst Encryption = WebexPlugin.extend({\n children: {\n kms: KMS,\n },\n\n namespace: 'Encryption',\n\n processKmsMessageEvent(event) {\n return this.kms.processKmsMessageEvent(event);\n },\n\n decryptBinary(scr, buffer) {\n return ensureBuffer(buffer).then((b) => {\n /* istanbul ignore if */\n if (buffer.length === 0 || buffer.byteLength === 0) {\n return Promise.reject(new Error('Attempted to decrypt zero-length buffer'));\n }\n\n return scr.decrypt(b);\n });\n },\n\n /**\n * Decrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} cipherScr - An encrypted SCR\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {Object} Decrypted SCR\n */\n decryptScr(key, cipherScr, options) {\n return this.getKey(key, options).then((k) => SCR.fromJWE(k.jwk, cipherScr));\n },\n\n /**\n * Decrypt text using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} ciphertext - Encrypted text\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Decrypted plaintext\n */\n decryptText(key, ciphertext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createDecrypt(k.jwk)\n .decrypt(ciphertext)\n .then((result) => result.plaintext.toString())\n );\n },\n\n /**\n * Validate and initiate a Download request for requested file\n * @param {Object} fileUrl - Plaintext\n * @param {Object} scr - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise}\n */\n download(fileUrl, scr, options) {\n /* istanbul ignore if */\n if (!fileUrl || !scr) {\n return Promise.reject(new Error('`scr` and `fileUrl` are required'));\n }\n\n const shunt = new EventEmitter();\n const promise = this._fetchDownloadUrl(fileUrl, {useFileService: true, ...options})\n .then((uri) => {\n // eslint-disable-next-line no-shadow\n const options = {\n method: 'GET',\n uri,\n responseType: 'buffer',\n };\n\n const ret = this.request(options);\n\n transferEvents('progress', options.download, shunt);\n\n return ret;\n })\n .then((res) => this.decryptBinary(scr, res.body));\n\n proxyEvents(shunt, promise);\n\n return promise;\n },\n\n /**\n * Fetch Download URL for the requested file\n * @param {Object} fileUrl - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise} url of the downloadable file\n */\n _fetchDownloadUrl(fileUrl, options) {\n this.logger.info('encryption: retrieving download url for encrypted file');\n\n if (process.env.NODE_ENV !== 'production' && fileUrl.includes('localhost')) {\n this.logger.info(\n 'encryption: bypassing webex files because this looks to be a test file on localhost'\n );\n\n return Promise.resolve(fileUrl);\n }\n\n if (options?.useFileService === false) {\n if (!fileUrl.startsWith('https://')) {\n this.logger.error('encryption: direct file URLs must use HTTPS');\n\n return Promise.reject(new Error('Direct file URLs must use HTTPS'));\n }\n\n return Promise.resolve(fileUrl);\n }\n\n const inputBody = {\n endpoints: [fileUrl],\n };\n const endpointUrl = url.parse(fileUrl);\n\n // hardcode the url to use 'https' and the file service '/v1/download/endpoints' api\n endpointUrl.protocol = 'https';\n endpointUrl.pathname = '/v1/download/endpoints';\n\n return this.request({\n method: 'POST',\n uri: url.format(endpointUrl),\n body:\n options?.params && Object.keys(options.params).indexOf('allow') > -1\n ? {\n ...inputBody,\n allow: options.params.allow,\n }\n : inputBody,\n })\n .then((res) => {\n // eslint-disable-next-line no-shadow\n const url = res.body.endpoints[fileUrl];\n\n if (!url) {\n this.logger.warn(\n 'encryption: could not determine download url for `fileUrl`; attempting to download `fileUrl` directly'\n );\n\n return fileUrl;\n }\n this.logger.info('encryption: retrieved download url for encrypted file');\n\n return url;\n })\n .catch((err) => {\n this.logger.warn(\n `encryption: ${err} could not determine download url for ${fileUrl}; attempting to download ${fileUrl} directly`\n );\n\n return fileUrl;\n });\n },\n\n encryptBinary(file) {\n return ensureBuffer(file).then((buffer) =>\n SCR.create().then((scr) =>\n scr\n .encrypt(buffer)\n .then(ensureBuffer)\n // eslint-disable-next-line max-nested-callbacks\n .then((cdata) => ({scr, cdata}))\n )\n );\n },\n\n /**\n * Encrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} scr - SCRObject\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted SCR\n */\n encryptScr(key, scr, options) {\n /* istanbul ignore if */\n if (!scr.loc) {\n return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));\n }\n\n return this.getKey(key, options).then((k) => scr.toJWE(k.jwk));\n },\n\n /**\n * Encrypt plaintext using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted text\n */\n encryptText(key, plaintext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createEncrypt(this.config.joseOptions, {\n key: k.jwk,\n header: {\n alg: 'dir',\n },\n reference: null,\n }).final(plaintext, 'utf8')\n );\n },\n\n /**\n * Fetch the key associated with the supplied KMS uri.\n *\n * @param {string} uri - The uri of a key stored in KMS\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Key\n */\n getKey(uri, {onBehalfOf} = {}) {\n if (uri.jwk) {\n return this.kms.asKey(uri);\n }\n\n let storageKey = uri;\n\n if (onBehalfOf) {\n storageKey += `/onBehalfOf/${onBehalfOf}`;\n }\n\n return this.unboundedStorage\n .get(storageKey)\n .then((keyString) => JSON.parse(keyString))\n .then((keyObject) => this.kms.asKey(keyObject))\n .catch(() =>\n this.kms\n .fetchKey({uri, onBehalfOf})\n .then(tap((key) => this.unboundedStorage.put(storageKey, JSON.stringify(key, replacer))))\n );\n },\n});\n\n/**\n * JSON.stringify replacer that ensures private key data is serialized.\n * @param {string} k\n * @param {mixed} v\n * @returns {mixed}\n */\nfunction replacer(k, v) {\n if (k === 'jwk') {\n // note: this[k] and v may be different representations of the same value\n // eslint-disable-next-line no-invalid-this\n const json = this[k].toJSON(true);\n\n return json;\n }\n\n return v;\n}\n\nexport default Encryption;\n"],"mappings":";;;;;;;;;;;;;;;;;AAIA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAC,sBAAA,CAAAF,OAAA;AAEA,IAAAG,UAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,SAAA,GAAAH,sBAAA,CAAAF,OAAA;AACA,IAAAM,QAAA,GAAAJ,sBAAA,CAAAF,OAAA;AAEA,IAAAO,aAAA,GAAAL,sBAAA,CAAAF,OAAA;AACA,IAAAQ,IAAA,GAAAN,sBAAA,CAAAF,OAAA;AAAwB,SAAAS,QAAAC,CAAA,EAAAC,CAAA,QAAAC,CAAA,GAAAC,aAAA,CAAAH,CAAA,OAAAI,6BAAA,QAAAC,CAAA,GAAAD,6BAAA,CAAAJ,CAAA,GAAAC,CAAA,KAAAI,CAAA,GAAAA,CAAA,CAAAC,MAAA,WAAAL,CAAA,WAAAM,gCAAA,CAAAP,CAAA,EAAAC,CAAA,EAAAO,UAAA,OAAAN,CAAA,CAAAO,IAAA,CAAAC,KAAA,CAAAR,CAAA,EAAAG,CAAA,YAAAH,CAAA;AAAA,SAAAS,cAAAX,CAAA,aAAAC,CAAA,MAAAA,CAAA,GAAAW,SAAA,CAAAC,MAAA,EAAAZ,CAAA,UAAAC,CAAA,WAAAU,SAAA,CAAAX,CAAA,IAAAW,SAAA,CAAAX,CAAA,QAAAA,CAAA,OAAAF,OAAA,CAAAe,MAAA,CAAAZ,CAAA,OAAAa,OAAA,WAAAd,CAAA,QAAAe,gBAAA,CAAAC,OAAA,EAAAjB,CAAA,EAAAC,CAAA,EAAAC,CAAA,CAAAD,CAAA,SAAAiB,iCAAA,GAAAC,wBAAA,CAAAnB,CAAA,EAAAkB,iCAAA,CAAAhB,CAAA,KAAAH,OAAA,CAAAe,MAAA,CAAAZ,CAAA,GAAAa,OAAA,WAAAd,CAAA,IAAAmB,sBAAA,CAAApB,CAAA,EAAAC,CAAA,EAAAM,gCAAA,CAAAL,CAAA,EAAAD,CAAA,iBAAAD,CAAA,IAbxB;AACA;AACA;AAaA,IAAMqB,UAAU,GAAGC,sBAAW,CAACC,MAAM,CAAC;EACpCC,QAAQ,EAAE;IACRC,GAAG,EAAEC;EACP,CAAC;EAEDC,SAAS,EAAE,YAAY;EAEvBC,sBAAsB,WAAAA,uBAACC,KAAK,EAAE;IAC5B,OAAO,IAAI,CAACJ,GAAG,CAACG,sBAAsB,CAACC,KAAK,CAAC;EAC/C,CAAC;EAEDC,aAAa,WAAAA,cAACC,GAAG,EAAEC,MAAM,EAAE;IACzB,OAAO,IAAAC,qBAAY,EAACD,MAAM,CAAC,CAACE,IAAI,CAAC,UAACC,CAAC,EAAK;MACtC;MACA,IAAIH,MAAM,CAACnB,MAAM,KAAK,CAAC,IAAImB,MAAM,CAACI,UAAU,KAAK,CAAC,EAAE;QAClD,OAAOC,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,yCAAyC,CAAC,CAAC;MAC7E;MAEA,OAAOR,GAAG,CAACS,OAAO,CAACL,CAAC,CAAC;IACvB,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEM,UAAU,WAAAA,WAACC,GAAG,EAAEC,SAAS,EAAEC,OAAO,EAAE;IAClC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKC,gBAAG,CAACC,OAAO,CAACF,CAAC,CAACG,GAAG,EAAEN,SAAS,CAAC;IAAA,EAAC;EAC7E,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEO,WAAW,WAAAA,YAACR,GAAG,EAAES,UAAU,EAAEP,OAAO,EAAE;IACpC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAACC,aAAa,CAACR,CAAC,CAACG,GAAG,CAAC,CAC1BT,OAAO,CAACW,UAAU,CAAC,CACnBjB,IAAI,CAAC,UAACqB,MAAM;QAAA,OAAKA,MAAM,CAACC,SAAS,CAACC,QAAQ,CAAC,CAAC;MAAA,EAAC;IAAA,CAClD,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,QAAQ,WAAAA,SAACC,OAAO,EAAE5B,GAAG,EAAEa,OAAO,EAAE;IAAA,IAAAgB,KAAA;IAC9B;IACA,IAAI,CAACD,OAAO,IAAI,CAAC5B,GAAG,EAAE;MACpB,OAAOM,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtE;IAEA,IAAMsB,KAAK,GAAG,IAAIC,oBAAY,CAAC,CAAC;IAChC,IAAMC,OAAO,GAAG,IAAI,CAACC,iBAAiB,CAACL,OAAO,EAAAhD,aAAA;MAAGsD,cAAc,EAAE;IAAI,GAAKrB,OAAO,CAAC,CAAC,CAChFV,IAAI,CAAC,UAACgC,GAAG,EAAK;MACb;MACA,IAAMtB,OAAO,GAAG;QACduB,MAAM,EAAE,KAAK;QACbD,GAAG,EAAHA,GAAG;QACHE,YAAY,EAAE;MAChB,CAAC;MAED,IAAMC,GAAG,GAAGT,KAAI,CAACU,OAAO,CAAC1B,OAAO,CAAC;MAEjC,IAAA2B,sBAAc,EAAC,UAAU,EAAE3B,OAAO,CAACc,QAAQ,EAAEG,KAAK,CAAC;MAEnD,OAAOQ,GAAG;IACZ,CAAC,CAAC,CACDnC,IAAI,CAAC,UAACsC,GAAG;MAAA,OAAKZ,KAAI,CAAC9B,aAAa,CAACC,GAAG,EAAEyC,GAAG,CAACC,IAAI,CAAC;IAAA,EAAC;IAEnD,IAAAC,mBAAW,EAACb,KAAK,EAAEE,OAAO,CAAC;IAE3B,OAAOA,OAAO;EAChB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;EACEC,iBAAiB,WAAAA,kBAACL,OAAO,EAAEf,OAAO,EAAE;IAAA,IAAA+B,MAAA;IAClC,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,wDAAwD,CAAC;IAE1E,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,IAAIrB,OAAO,CAACsB,QAAQ,CAAC,WAAW,CAAC,EAAE;MAC1E,IAAI,CAACL,MAAM,CAACC,IAAI,CACd,qFACF,CAAC;MAED,OAAOxC,QAAA,CAAApB,OAAA,CAAQiE,OAAO,CAACvB,OAAO,CAAC;IACjC;IAEA,IAAI,CAAAf,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEqB,cAAc,MAAK,KAAK,EAAE;MACrC,IAAI,CAACN,OAAO,CAACwB,UAAU,CAAC,UAAU,CAAC,EAAE;QACnC,IAAI,CAACP,MAAM,CAACQ,KAAK,CAAC,6CAA6C,CAAC;QAEhE,OAAO/C,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,iCAAiC,CAAC,CAAC;MACrE;MAEA,OAAOF,QAAA,CAAApB,OAAA,CAAQiE,OAAO,CAACvB,OAAO,CAAC;IACjC;IAEA,IAAM0B,SAAS,GAAG;MAChBC,SAAS,EAAE,CAAC3B,OAAO;IACrB,CAAC;IACD,IAAM4B,WAAW,GAAGC,YAAG,CAACC,KAAK,CAAC9B,OAAO,CAAC;;IAEtC;IACA4B,WAAW,CAACG,QAAQ,GAAG,OAAO;IAC9BH,WAAW,CAACI,QAAQ,GAAG,wBAAwB;IAE/C,OAAO,IAAI,CAACrB,OAAO,CAAC;MAClBH,MAAM,EAAE,MAAM;MACdD,GAAG,EAAEsB,YAAG,CAACI,MAAM,CAACL,WAAW,CAAC;MAC5Bd,IAAI,EACF7B,OAAO,aAAPA,OAAO,eAAPA,OAAO,CAAEiD,MAAM,IAAI,IAAAC,KAAA,CAAA7E,OAAA,EAAY2B,OAAO,CAACiD,MAAM,CAAC,CAACE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAApF,aAAA,CAAAA,aAAA,KAE3D0E,SAAS;QACZW,KAAK,EAAEpD,OAAO,CAACiD,MAAM,CAACG;MAAK,KAE7BX;IACR,CAAC,CAAC,CACCnD,IAAI,CAAC,UAACsC,GAAG,EAAK;MACb;MACA,IAAMgB,GAAG,GAAGhB,GAAG,CAACC,IAAI,CAACa,SAAS,CAAC3B,OAAO,CAAC;MAEvC,IAAI,CAAC6B,GAAG,EAAE;QACRb,MAAI,CAACC,MAAM,CAACqB,IAAI,CACd,uGACF,CAAC;QAED,OAAOtC,OAAO;MAChB;MACAgB,MAAI,CAACC,MAAM,CAACC,IAAI,CAAC,uDAAuD,CAAC;MAEzE,OAAOW,GAAG;IACZ,CAAC,CAAC,CACDU,KAAK,CAAC,UAACC,GAAG,EAAK;MACdxB,MAAI,CAACC,MAAM,CAACqB,IAAI,gBAAAG,MAAA,CACCD,GAAG,4CAAAC,MAAA,CAAyCzC,OAAO,+BAAAyC,MAAA,CAA4BzC,OAAO,cACvG,CAAC;MAED,OAAOA,OAAO;IAChB,CAAC,CAAC;EACN,CAAC;EAED0C,aAAa,WAAAA,cAACC,IAAI,EAAE;IAClB,OAAO,IAAArE,qBAAY,EAACqE,IAAI,CAAC,CAACpE,IAAI,CAAC,UAACF,MAAM;MAAA,OACpCe,gBAAG,CAACwD,MAAM,CAAC,CAAC,CAACrE,IAAI,CAAC,UAACH,GAAG;QAAA,OACpBA,GAAG,CACAyE,OAAO,CAACxE,MAAM,CAAC,CACfE,IAAI,CAACD,qBAAY;QAClB;QAAA,CACCC,IAAI,CAAC,UAACuE,KAAK;UAAA,OAAM;YAAC1E,GAAG,EAAHA,GAAG;YAAE0E,KAAK,EAALA;UAAK,CAAC;QAAA,CAAC,CAAC;MAAA,CACpC,CAAC;IAAA,CACH,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,UAAU,WAAAA,WAAChE,GAAG,EAAEX,GAAG,EAAEa,OAAO,EAAE;IAC5B;IACA,IAAI,CAACb,GAAG,CAAC4E,GAAG,EAAE;MACZ,OAAOtE,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtF;IAEA,OAAO,IAAI,CAACM,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKf,GAAG,CAAC6E,KAAK,CAAC9D,CAAC,CAACG,GAAG,CAAC;IAAA,EAAC;EAChE,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE4D,WAAW,WAAAA,YAACnE,GAAG,EAAEc,SAAS,EAAEZ,OAAO,EAAE;IAAA,IAAAkE,MAAA;IACnC,OAAO,IAAI,CAACjE,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAAC0D,aAAa,CAACD,MAAI,CAACE,MAAM,CAACC,WAAW,EAAE;QAC9CvE,GAAG,EAAEI,CAAC,CAACG,GAAG;QACViE,MAAM,EAAE;UACNC,GAAG,EAAE;QACP,CAAC;QACDC,SAAS,EAAE;MACb,CAAC,CAAC,CAACC,KAAK,CAAC7D,SAAS,EAAE,MAAM,CAAC;IAAA,CAC7B,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEX,MAAM,WAAAA,OAACqB,GAAG,EAAqB;IAAA,IAAAoD,MAAA;IAAA,IAAAC,IAAA,GAAA3G,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA4G,SAAA,GAAA5G,SAAA,MAAJ,CAAC,CAAC;MAAhB6G,UAAU,GAAAF,IAAA,CAAVE,UAAU;IACrB,IAAIvD,GAAG,CAACjB,GAAG,EAAE;MACX,OAAO,IAAI,CAACxB,GAAG,CAACiG,KAAK,CAACxD,GAAG,CAAC;IAC5B;IAEA,IAAIyD,UAAU,GAAGzD,GAAG;IAEpB,IAAIuD,UAAU,EAAE;MACdE,UAAU,mBAAAvB,MAAA,CAAmBqB,UAAU,CAAE;IAC3C;IAEA,OAAO,IAAI,CAACG,gBAAgB,CACzBC,GAAG,CAACF,UAAU,CAAC,CACfzF,IAAI,CAAC,UAAC4F,SAAS;MAAA,OAAKC,IAAI,CAACtC,KAAK,CAACqC,SAAS,CAAC;IAAA,EAAC,CAC1C5F,IAAI,CAAC,UAAC8F,SAAS;MAAA,OAAKV,MAAI,CAAC7F,GAAG,CAACiG,KAAK,CAACM,SAAS,CAAC;IAAA,EAAC,CAC9C9B,KAAK,CAAC;MAAA,OACLoB,MAAI,CAAC7F,GAAG,CACLwG,QAAQ,CAAC;QAAC/D,GAAG,EAAHA,GAAG;QAAEuD,UAAU,EAAVA;MAAU,CAAC,CAAC,CAC3BvF,IAAI,CAAC,IAAAgG,WAAG,EAAC,UAACxF,GAAG;QAAA,OAAK4E,MAAI,CAACM,gBAAgB,CAACO,GAAG,CAACR,UAAU,EAAE,IAAAS,UAAA,CAAAnH,OAAA,EAAeyB,GAAG,EAAE2F,QAAQ,CAAC,CAAC;MAAA,EAAC,CAAC;IAAA,CAC7F,CAAC;EACL,CAAC;EAAAC,OAAA;AACH,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA,SAASD,QAAQA,CAACvF,CAAC,EAAEyF,CAAC,EAAE;EACtB,IAAIzF,CAAC,KAAK,KAAK,EAAE;IACf;IACA;IACA,IAAM0F,IAAI,GAAG,IAAI,CAAC1F,CAAC,CAAC,CAAC2F,MAAM,CAAC,IAAI,CAAC;IAEjC,OAAOD,IAAI;EACb;EAEA,OAAOD,CAAC;AACV;AAAC,IAAAG,QAAA,GAAAC,OAAA,CAAA1H,OAAA,GAEcI,UAAU"}
package/dist/kms.js CHANGED
@@ -809,7 +809,7 @@ var KMS = _webexCore.WebexPlugin.extend((_dec = (0, _common.oneFlight)({
809
809
  context.ephemeralKey = originalContext.ephemeralKey;
810
810
  return context;
811
811
  },
812
- version: "3.8.0-next.15"
812
+ version: "3.8.0-next.17"
813
813
  }, ((0, _applyDecoratedDescriptor2.default)(_obj, "fetchKey", [_dec], (0, _getOwnPropertyDescriptor.default)(_obj, "fetchKey"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "_getContext", [_common.oneFlight], (0, _getOwnPropertyDescriptor.default)(_obj, "_getContext"), _obj)), _obj)));
814
814
  var _default = exports.default = KMS;
815
815
  //# sourceMappingURL=kms.js.map
package/package.json CHANGED
@@ -28,23 +28,23 @@
28
28
  "@webex/eslint-config-legacy": "0.0.0",
29
29
  "@webex/jest-config-legacy": "0.0.0",
30
30
  "@webex/legacy-tools": "0.0.0",
31
- "@webex/test-helper-chai": "3.8.0-next.12",
32
- "@webex/test-helper-make-local-url": "3.8.0-next.12",
33
- "@webex/test-helper-mocha": "3.8.0-next.12",
34
- "@webex/test-helper-mock-webex": "3.8.0-next.12",
35
- "@webex/test-helper-test-users": "3.8.0-next.12",
31
+ "@webex/test-helper-chai": "3.8.0-next.13",
32
+ "@webex/test-helper-make-local-url": "3.8.0-next.13",
33
+ "@webex/test-helper-mocha": "3.8.0-next.13",
34
+ "@webex/test-helper-mock-webex": "3.8.0-next.13",
35
+ "@webex/test-helper-test-users": "3.8.0-next.13",
36
36
  "eslint": "^8.24.0",
37
37
  "prettier": "^2.7.1",
38
38
  "sinon": "^9.2.4"
39
39
  },
40
40
  "dependencies": {
41
- "@webex/common": "3.8.0-next.12",
42
- "@webex/common-timers": "3.8.0-next.12",
43
- "@webex/http-core": "3.8.0-next.12",
44
- "@webex/internal-plugin-device": "3.8.0-next.12",
45
- "@webex/internal-plugin-mercury": "3.8.0-next.14",
46
- "@webex/test-helper-file": "3.8.0-next.12",
47
- "@webex/webex-core": "3.8.0-next.12",
41
+ "@webex/common": "3.8.0-next.13",
42
+ "@webex/common-timers": "3.8.0-next.13",
43
+ "@webex/http-core": "3.8.0-next.13",
44
+ "@webex/internal-plugin-device": "3.8.0-next.13",
45
+ "@webex/internal-plugin-mercury": "3.8.0-next.15",
46
+ "@webex/test-helper-file": "3.8.0-next.13",
47
+ "@webex/webex-core": "3.8.0-next.13",
48
48
  "asn1js": "^2.0.26",
49
49
  "debug": "^4.3.4",
50
50
  "isomorphic-webcrypto": "^2.3.8",
@@ -67,5 +67,5 @@
67
67
  "test:style": "eslint ./src/**/*.*",
68
68
  "test:unit": "webex-legacy-tools test --unit --runner jest"
69
69
  },
70
- "version": "3.8.0-next.15"
70
+ "version": "3.8.0-next.17"
71
71
  }
package/src/encryption.js CHANGED
@@ -118,7 +118,7 @@ const Encryption = WebexPlugin.extend({
118
118
  return Promise.resolve(fileUrl);
119
119
  }
120
120
 
121
- if (options && options.useFileService === false) {
121
+ if (options?.useFileService === false) {
122
122
  if (!fileUrl.startsWith('https://')) {
123
123
  this.logger.error('encryption: direct file URLs must use HTTPS');
124
124
 
@@ -141,7 +141,7 @@ const Encryption = WebexPlugin.extend({
141
141
  method: 'POST',
142
142
  uri: url.format(endpointUrl),
143
143
  body:
144
- options?.params?.allow != null
144
+ options?.params && Object.keys(options.params).indexOf('allow') > -1
145
145
  ? {
146
146
  ...inputBody,
147
147
  allow: options.params.allow,
@@ -188,7 +188,7 @@ const Encryption = WebexPlugin.extend({
188
188
  * Encrypt a SCR (Secure Content Resource) using the supplied key uri.
189
189
  *
190
190
  * @param {string} key - The uri of a key stored in KMS
191
- * @param {Object} scr - Plaintext
191
+ * @param {Object} scr - SCRObject
192
192
  * @param {Object} options
193
193
  * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role
194
194
  * @returns {string} Encrypted SCR
@@ -199,22 +199,7 @@ const Encryption = WebexPlugin.extend({
199
199
  return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));
200
200
  }
201
201
 
202
- // first we get the scr json, then we create an SCR instance using the key json and then we create a JWE using the key jwk
203
- return this.getKey(key, options).then((k) => {
204
- if (!k?.jwk) {
205
- this.logger.error('encryption: Invalid key or JWK');
206
- throw new Error('Invalid key or JWK');
207
- }
208
-
209
- return SCR.fromJSON(scr).then((encScr) => {
210
- if (!encScr) {
211
- this.logger.error('encryption: Failed to create SCR instance');
212
- throw new Error('Failed to create SCR instance');
213
- }
214
-
215
- return encScr.toJWE(k.jwk);
216
- });
217
- });
202
+ return this.getKey(key, options).then((k) => scr.toJWE(k.jwk));
218
203
  },
219
204
 
220
205
  /**
package/test/unit/spec/encryption.js CHANGED
@@ -25,18 +25,21 @@ describe('internal-plugin-encryption', () => {
25
25
  const fileArray = [
26
26
  {
27
27
  url: 'https://files-api-intb1.ciscospark.com/v1/spaces/a0cba376-fc05-4b88-af4b-cfffa7465f9a/contents/1d3931e7-9e31-46bc-8084-d766a8f72c99/versions/5fa9caf87a98410aae49e0173856a974/bytes',
28
+ options: undefined
28
29
  },
29
30
  {
30
31
  url: 'https://files-api-intb2.ciscospark.com/v1/spaces/a0cba376-fc05-4b88-af4b-cfffa7465f9a/contents/1d3931e7-9e31-46bc-8084-d766a8f72c99/versions/5fa9caf87a98410aae49e0173856a974/bytes',
32
+ options: {params: {allow: false}}
31
33
  },
32
34
  {
33
35
  url: 'https://www.test-api.com/v1/spaces/test-path-name-space/contents/test-path-name-contents/versions/test-version/bytes',
36
+ options: {useFileService: true}
34
37
  },
35
38
  {
36
39
  url: 'http://www.test-api.com/v1/spaces/test-path-name-space/contents/test-path-name-contents/versions/test-version/bytes',
40
+ options: {useFileService: true, params: {allow: false}}
37
41
  },
38
42
  ];
39
- const options = undefined;
40
43
  let spyStub;
41
44
 
42
45
  beforeEach(() => {
@@ -44,7 +47,7 @@ describe('internal-plugin-encryption', () => {
44
47
 
45
48
  spyStub = sinon.stub(webex.internal.encryption, 'request').callsFake(returnStub);
46
49
 
47
- fileArray.forEach((file) => webex.internal.encryption._fetchDownloadUrl(file.url, options));
50
+ fileArray.forEach((file) => webex.internal.encryption._fetchDownloadUrl(file.url, file.options));
48
51
  });
49
52
 
50
53
  it('verifying file service uris', () => {