@webex/internal-plugin-encryption 3.9.0 → 3.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/encryption.js +17 -1
  2. package/dist/encryption.js.map +1 -1
  3. package/dist/kms.js +1 -1
  4. package/package.json +14 -14
  5. package/src/encryption.js +17 -0
  6. package/test/integration/spec/encryption.js +102 -0
  7. package/test/unit/spec/encryption.js +72 -0
package/dist/encryption.js CHANGED
@@ -74,6 +74,22 @@ var Encryption = _webexCore.WebexPlugin.extend({
74
74
  });
75
75
  });
76
76
  },
77
+ /**
78
+ * Decrypt binary data using the supplied key uri.
79
+ *
80
+ * @param {string} kmsKeyUri - The uri of a key stored in KMS
81
+ * @param {string} JWE - Encrypted binary data as JWE
82
+ * @param {Object} options
83
+ * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role
84
+ * @returns {Buffer} Decrypted binary data as Buffer
85
+ */
86
+ decryptBinaryData: function decryptBinaryData(kmsKeyUri, JWE, options) {
87
+ return this.getKey(kmsKeyUri, options).then(function (k) {
88
+ return _nodeJose.default.JWE.createDecrypt(k.jwk).decrypt(JWE).then(function (result) {
89
+ return result.payload;
90
+ });
91
+ });
92
+ },
77
93
  /**
78
94
  * Validate and initiate a Download request for requested file
79
95
  * @param {Object} fileUrl - Plaintext
@@ -239,7 +255,7 @@ var Encryption = _webexCore.WebexPlugin.extend({
239
255
  }));
240
256
  });
241
257
  },
242
- version: "3.9.0"
258
+ version: "3.10.0"
243
259
  });
244
260
 
245
261
  /**
package/dist/encryption.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_events","require","_url","_interopRequireDefault","_webexCore","_common","_nodeJose","_nodeScr","_ensureBuffer","_kms","ownKeys","e","r","t","_Object$keys2","_Object$getOwnPropertySymbols","o","filter","_Object$getOwnPropertyDescriptor","enumerable","push","apply","_objectSpread","arguments","length","Object","forEach","_defineProperty2","default","_Object$getOwnPropertyDescriptors","_Object$defineProperties","_Object$defineProperty","Encryption","WebexPlugin","extend","children","kms","KMS","namespace","processKmsMessageEvent","event","decryptBinary","scr","buffer","ensureBuffer","then","b","byteLength","_promise","reject","Error","decrypt","decryptScr","key","cipherScr","options","getKey","k","SCR","fromJWE","jwk","decryptText","ciphertext","jose","JWE","createDecrypt","result","plaintext","toString","download","fileUrl","_this","shunt","EventEmitter","promise","_fetchDownloadUrl","useFileService","uri","method","responseType","ret","request","transferEvents","res","body","proxyEvents","_this2","logger","info","process","env","NODE_ENV","includes","resolve","startsWith","error","inputBody","endpoints","endpointUrl","url","parse","protocol","pathname","format","params","_keys","indexOf","allow","warn","catch","err","concat","encryptBinary","file","create","encrypt","cdata","encryptScr","loc","toJWE","encryptText","_this3","createEncrypt","config","joseOptions","header","alg","reference","final","_this4","_ref","undefined","onBehalfOf","asKey","storageKey","unboundedStorage","get","keyString","JSON","keyObject","fetchKey","tap","put","_stringify","replacer","version","v","json","toJSON","_default","exports"],"sources":["encryption.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {EventEmitter} from 'events';\nimport url from 'url';\n\nimport {WebexPlugin} from '@webex/webex-core';\nimport {proxyEvents, tap, transferEvents} from '@webex/common';\nimport jose from 'node-jose';\nimport SCR from 'node-scr';\n\nimport ensureBuffer from './ensure-buffer';\nimport KMS from './kms';\n\nconst Encryption = WebexPlugin.extend({\n children: {\n kms: KMS,\n },\n\n namespace: 'Encryption',\n\n processKmsMessageEvent(event) {\n return this.kms.processKmsMessageEvent(event);\n },\n\n decryptBinary(scr, buffer) {\n return ensureBuffer(buffer).then((b) => {\n /* istanbul ignore if */\n if (buffer.length === 0 || buffer.byteLength === 0) {\n return Promise.reject(new Error('Attempted to decrypt zero-length buffer'));\n }\n\n return scr.decrypt(b);\n });\n },\n\n /**\n * Decrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} cipherScr - An encrypted SCR\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {Object} Decrypted SCR\n */\n decryptScr(key, cipherScr, options) {\n return this.getKey(key, options).then((k) => SCR.fromJWE(k.jwk, cipherScr));\n },\n\n /**\n * Decrypt text using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} ciphertext - Encrypted text\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Decrypted plaintext\n */\n decryptText(key, ciphertext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createDecrypt(k.jwk)\n .decrypt(ciphertext)\n .then((result) => result.plaintext.toString())\n );\n },\n\n /**\n * Validate and initiate a Download request for requested file\n * @param {Object} fileUrl - Plaintext\n * @param {Object} scr - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise}\n */\n download(fileUrl, scr, options) {\n /* istanbul ignore if */\n if (!fileUrl || !scr) {\n return Promise.reject(new Error('`scr` and `fileUrl` are required'));\n }\n\n const shunt = new EventEmitter();\n const promise = this._fetchDownloadUrl(fileUrl, {useFileService: true, ...options})\n .then((uri) => {\n // eslint-disable-next-line no-shadow\n const options = {\n method: 'GET',\n uri,\n responseType: 'buffer',\n };\n\n const ret = this.request(options);\n\n transferEvents('progress', options.download, shunt);\n\n return ret;\n })\n .then((res) => this.decryptBinary(scr, res.body));\n\n proxyEvents(shunt, promise);\n\n return promise;\n },\n\n /**\n * Fetch Download URL for the requested file\n * @param {Object} fileUrl - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise} url of the downloadable file\n */\n _fetchDownloadUrl(fileUrl, options) {\n this.logger.info('encryption: retrieving download url for encrypted file');\n\n if (process.env.NODE_ENV !== 'production' && fileUrl.includes('localhost')) {\n this.logger.info(\n 'encryption: bypassing webex files because this looks to be a test file on localhost'\n );\n\n return Promise.resolve(fileUrl);\n }\n\n if (options?.useFileService === false) {\n if (!fileUrl.startsWith('https://')) {\n this.logger.error('encryption: direct file URLs must use HTTPS');\n\n return Promise.reject(new Error('Direct file URLs must use HTTPS'));\n }\n\n return Promise.resolve(fileUrl);\n }\n\n const inputBody = {\n endpoints: [fileUrl],\n };\n const endpointUrl = url.parse(fileUrl);\n\n // hardcode the url to use 'https' and the file service '/v1/download/endpoints' api\n endpointUrl.protocol = 'https';\n endpointUrl.pathname = '/v1/download/endpoints';\n\n return this.request({\n method: 'POST',\n uri: url.format(endpointUrl),\n body:\n options?.params && Object.keys(options.params).indexOf('allow') > -1\n ? {\n ...inputBody,\n allow: options.params.allow,\n }\n : inputBody,\n })\n .then((res) => {\n // eslint-disable-next-line no-shadow\n const url = res.body.endpoints[fileUrl];\n\n if (!url) {\n this.logger.warn(\n 'encryption: could not determine download url for `fileUrl`; attempting to download `fileUrl` directly'\n );\n\n return fileUrl;\n }\n this.logger.info('encryption: retrieved download url for encrypted file');\n\n return url;\n })\n .catch((err) => {\n this.logger.warn(\n `encryption: ${err} could not determine download url for ${fileUrl}; attempting to download ${fileUrl} directly`\n );\n\n return fileUrl;\n });\n },\n\n encryptBinary(file) {\n return ensureBuffer(file).then((buffer) =>\n SCR.create().then((scr) =>\n scr\n .encrypt(buffer)\n .then(ensureBuffer)\n // eslint-disable-next-line max-nested-callbacks\n .then((cdata) => ({scr, cdata}))\n )\n );\n },\n\n /**\n * Encrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} scr - SCRObject\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted SCR\n */\n encryptScr(key, scr, options) {\n /* istanbul ignore if */\n if (!scr.loc) {\n return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));\n }\n\n return this.getKey(key, options).then((k) => scr.toJWE(k.jwk));\n },\n\n /**\n * Encrypt plaintext using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted text\n */\n encryptText(key, plaintext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createEncrypt(this.config.joseOptions, {\n key: k.jwk,\n header: {\n alg: 'dir',\n },\n reference: null,\n }).final(plaintext, 'utf8')\n );\n },\n\n /**\n * Fetch the key associated with the supplied KMS uri.\n *\n * @param {string} uri - The uri of a key stored in KMS\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Key\n */\n getKey(uri, {onBehalfOf} = {}) {\n if (uri.jwk) {\n return this.kms.asKey(uri);\n }\n\n let storageKey = uri;\n\n if (onBehalfOf) {\n storageKey += `/onBehalfOf/${onBehalfOf}`;\n }\n\n return this.unboundedStorage\n .get(storageKey)\n .then((keyString) => JSON.parse(keyString))\n .then((keyObject) => this.kms.asKey(keyObject))\n .catch(() =>\n this.kms\n .fetchKey({uri, onBehalfOf})\n .then(tap((key) => this.unboundedStorage.put(storageKey, JSON.stringify(key, replacer))))\n );\n },\n});\n\n/**\n * JSON.stringify replacer that ensures private key data is serialized.\n * @param {string} k\n * @param {mixed} v\n * @returns {mixed}\n */\nfunction replacer(k, v) {\n if (k === 'jwk') {\n // note: this[k] and v may be different representations of the same value\n // eslint-disable-next-line no-invalid-this\n const json = this[k].toJSON(true);\n\n return json;\n }\n\n return v;\n}\n\nexport default Encryption;\n"],"mappings":";;;;;;;;;;;;;;;;;AAIA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAC,sBAAA,CAAAF,OAAA;AAEA,IAAAG,UAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,SAAA,GAAAH,sBAAA,CAAAF,OAAA;AACA,IAAAM,QAAA,GAAAJ,sBAAA,CAAAF,OAAA;AAEA,IAAAO,aAAA,GAAAL,sBAAA,CAAAF,OAAA;AACA,IAAAQ,IAAA,GAAAN,sBAAA,CAAAF,OAAA;AAAwB,SAAAS,QAAAC,CAAA,EAAAC,CAAA,QAAAC,CAAA,GAAAC,aAAA,CAAAH,CAAA,OAAAI,6BAAA,QAAAC,CAAA,GAAAD,6BAAA,CAAAJ,CAAA,GAAAC,CAAA,KAAAI,CAAA,GAAAA,CAAA,CAAAC,MAAA,WAAAL,CAAA,WAAAM,gCAAA,CAAAP,CAAA,EAAAC,CAAA,EAAAO,UAAA,OAAAN,CAAA,CAAAO,IAAA,CAAAC,KAAA,CAAAR,CAAA,EAAAG,CAAA,YAAAH,CAAA;AAAA,SAAAS,cAAAX,CAAA,aAAAC,CAAA,MAAAA,CAAA,GAAAW,SAAA,CAAAC,MAAA,EAAAZ,CAAA,UAAAC,CAAA,WAAAU,SAAA,CAAAX,CAAA,IAAAW,SAAA,CAAAX,CAAA,QAAAA,CAAA,OAAAF,OAAA,CAAAe,MAAA,CAAAZ,CAAA,OAAAa,OAAA,WAAAd,CAAA,QAAAe,gBAAA,CAAAC,OAAA,EAAAjB,CAAA,EAAAC,CAAA,EAAAC,CAAA,CAAAD,CAAA,SAAAiB,iCAAA,GAAAC,wBAAA,CAAAnB,CAAA,EAAAkB,iCAAA,CAAAhB,CAAA,KAAAH,OAAA,CAAAe,MAAA,CAAAZ,CAAA,GAAAa,OAAA,WAAAd,CAAA,IAAAmB,sBAAA,CAAApB,CAAA,EAAAC,CAAA,EAAAM,gCAAA,CAAAL,CAAA,EAAAD,CAAA,iBAAAD,CAAA,IAbxB;AACA;AACA;AAaA,IAAMqB,UAAU,GAAGC,sBAAW,CAACC,MAAM,CAAC;EACpCC,QAAQ,EAAE;IACRC,GAAG,EAAEC;EACP,CAAC;EAEDC,SAAS,EAAE,YAAY;EAEvBC,sBAAsB,WAAAA,uBAACC,KAAK,EAAE;IAC5B,OAAO,IAAI,CAACJ,GAAG,CAACG,sBAAsB,CAACC,KAAK,CAAC;EAC/C,CAAC;EAEDC,aAAa,WAAAA,cAACC,GAAG,EAAEC,MAAM,EAAE;IACzB,OAAO,IAAAC,qBAAY,EAACD,MAAM,CAAC,CAACE,IAAI,CAAC,UAACC,CAAC,EAAK;MACtC;MACA,IAAIH,MAAM,CAACnB,MAAM,KAAK,CAAC,IAAImB,MAAM,CAACI,UAAU,KAAK,CAAC,EAAE;QAClD,OAAOC,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,yCAAyC,CAAC,CAAC;MAC7E;MAEA,OAAOR,GAAG,CAACS,OAAO,CAACL,CAAC,CAAC;IACvB,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEM,UAAU,WAAAA,WAACC,GAAG,EAAEC,SAAS,EAAEC,OAAO,EAAE;IAClC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKC,gBAAG,CAACC,OAAO,CAACF,CAAC,CAACG,GAAG,EAAEN,SAAS,CAAC;IAAA,EAAC;EAC7E,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEO,WAAW,WAAAA,YAACR,GAAG,EAAES,UAAU,EAAEP,OAAO,EAAE;IACpC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAACC,aAAa,CAACR,CAAC,CAACG,GAAG,CAAC,CAC1BT,OAAO,CAACW,UAAU,CAAC,CACnBjB,IAAI,CAAC,UAACqB,MAAM;QAAA,OAAKA,MAAM,CAACC,SAAS,CAACC,QAAQ,CAAC,CAAC;MAAA,EAAC;IAAA,CAClD,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,QAAQ,WAAAA,SAACC,OAAO,EAAE5B,GAAG,EAAEa,OAAO,EAAE;IAAA,IAAAgB,KAAA;IAC9B;IACA,IAAI,CAACD,OAAO,IAAI,CAAC5B,GAAG,EAAE;MACpB,OAAOM,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtE;IAEA,IAAMsB,KAAK,GAAG,IAAIC,oBAAY,CAAC,CAAC;IAChC,IAAMC,OAAO,GAAG,IAAI,CAACC,iBAAiB,CAACL,OAAO,EAAAhD,aAAA;MAAGsD,cAAc,EAAE;IAAI,GAAKrB,OAAO,CAAC,CAAC,CAChFV,IAAI,CAAC,UAACgC,GAAG,EAAK;MACb;MACA,IAAMtB,OAAO,GAAG;QACduB,MAAM,EAAE,KAAK;QACbD,GAAG,EAAHA,GAAG;QACHE,YAAY,EAAE;MAChB,CAAC;MAED,IAAMC,GAAG,GAAGT,KAAI,CAACU,OAAO,CAAC1B,OAAO,CAAC;MAEjC,IAAA2B,sBAAc,EAAC,UAAU,EAAE3B,OAAO,CAACc,QAAQ,EAAEG,KAAK,CAAC;MAEnD,OAAOQ,GAAG;IACZ,CAAC,CAAC,CACDnC,IAAI,CAAC,UAACsC,GAAG;MAAA,OAAKZ,KAAI,CAAC9B,aAAa,CAACC,GAAG,EAAEyC,GAAG,CAACC,IAAI,CAAC;IAAA,EAAC;IAEnD,IAAAC,mBAAW,EAACb,KAAK,EAAEE,OAAO,CAAC;IAE3B,OAAOA,OAAO;EAChB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;EACEC,iBAAiB,WAAAA,kBAACL,OAAO,EAAEf,OAAO,EAAE;IAAA,IAAA+B,MAAA;IAClC,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,wDAAwD,CAAC;IAE1E,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,IAAIrB,OAAO,CAACsB,QAAQ,CAAC,WAAW,CAAC,EAAE;MAC1E,IAAI,CAACL,MAAM,CAACC,IAAI,CACd,qFACF,CAAC;MAED,OAAOxC,QAAA,CAAApB,OAAA,CAAQiE,OAAO,CAACvB,OAAO,CAAC;IACjC;IAEA,IAAI,CAAAf,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEqB,cAAc,MAAK,KAAK,EAAE;MACrC,IAAI,CAACN,OAAO,CAACwB,UAAU,CAAC,UAAU,CAAC,EAAE;QACnC,IAAI,CAACP,MAAM,CAACQ,KAAK,CAAC,6CAA6C,CAAC;QAEhE,OAAO/C,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,iCAAiC,CAAC,CAAC;MACrE;MAEA,OAAOF,QAAA,CAAApB,OAAA,CAAQiE,OAAO,CAACvB,OAAO,CAAC;IACjC;IAEA,IAAM0B,SAAS,GAAG;MAChBC,SAAS,EAAE,CAAC3B,OAAO;IACrB,CAAC;IACD,IAAM4B,WAAW,GAAGC,YAAG,CAACC,KAAK,CAAC9B,OAAO,CAAC;;IAEtC;IACA4B,WAAW,CAACG,QAAQ,GAAG,OAAO;IAC9BH,WAAW,CAACI,QAAQ,GAAG,wBAAwB;IAE/C,OAAO,IAAI,CAACrB,OAAO,CAAC;MAClBH,MAAM,EAAE,MAAM;MACdD,GAAG,EAAEsB,YAAG,CAACI,MAAM,CAACL,WAAW,CAAC;MAC5Bd,IAAI,EACF7B,OAAO,aAAPA,OAAO,eAAPA,OAAO,CAAEiD,MAAM,IAAI,IAAAC,KAAA,CAAA7E,OAAA,EAAY2B,OAAO,CAACiD,MAAM,CAAC,CAACE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAApF,aAAA,CAAAA,aAAA,KAE3D0E,SAAS;QACZW,KAAK,EAAEpD,OAAO,CAACiD,MAAM,CAACG;MAAK,KAE7BX;IACR,CAAC,CAAC,CACCnD,IAAI,CAAC,UAACsC,GAAG,EAAK;MACb;MACA,IAAMgB,GAAG,GAAGhB,GAAG,CAACC,IAAI,CAACa,SAAS,CAAC3B,OAAO,CAAC;MAEvC,IAAI,CAAC6B,GAAG,EAAE;QACRb,MAAI,CAACC,MAAM,CAACqB,IAAI,CACd,uGACF,CAAC;QAED,OAAOtC,OAAO;MAChB;MACAgB,MAAI,CAACC,MAAM,CAACC,IAAI,CAAC,uDAAuD,CAAC;MAEzE,OAAOW,GAAG;IACZ,CAAC,CAAC,CACDU,KAAK,CAAC,UAACC,GAAG,EAAK;MACdxB,MAAI,CAACC,MAAM,CAACqB,IAAI,gBAAAG,MAAA,CACCD,GAAG,4CAAAC,MAAA,CAAyCzC,OAAO,+BAAAyC,MAAA,CAA4BzC,OAAO,cACvG,CAAC;MAED,OAAOA,OAAO;IAChB,CAAC,CAAC;EACN,CAAC;EAED0C,aAAa,WAAAA,cAACC,IAAI,EAAE;IAClB,OAAO,IAAArE,qBAAY,EAACqE,IAAI,CAAC,CAACpE,IAAI,CAAC,UAACF,MAAM;MAAA,OACpCe,gBAAG,CAACwD,MAAM,CAAC,CAAC,CAACrE,IAAI,CAAC,UAACH,GAAG;QAAA,OACpBA,GAAG,CACAyE,OAAO,CAACxE,MAAM,CAAC,CACfE,IAAI,CAACD,qBAAY;QAClB;QAAA,CACCC,IAAI,CAAC,UAACuE,KAAK;UAAA,OAAM;YAAC1E,GAAG,EAAHA,GAAG;YAAE0E,KAAK,EAALA;UAAK,CAAC;QAAA,CAAC,CAAC;MAAA,CACpC,CAAC;IAAA,CACH,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,UAAU,WAAAA,WAAChE,GAAG,EAAEX,GAAG,EAAEa,OAAO,EAAE;IAC5B;IACA,IAAI,CAACb,GAAG,CAAC4E,GAAG,EAAE;MACZ,OAAOtE,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtF;IAEA,OAAO,IAAI,CAACM,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKf,GAAG,CAAC6E,KAAK,CAAC9D,CAAC,CAACG,GAAG,CAAC;IAAA,EAAC;EAChE,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE4D,WAAW,WAAAA,YAACnE,GAAG,EAAEc,SAAS,EAAEZ,OAAO,EAAE;IAAA,IAAAkE,MAAA;IACnC,OAAO,IAAI,CAACjE,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAAC0D,aAAa,CAACD,MAAI,CAACE,MAAM,CAACC,WAAW,EAAE;QAC9CvE,GAAG,EAAEI,CAAC,CAACG,GAAG;QACViE,MAAM,EAAE;UACNC,GAAG,EAAE;QACP,CAAC;QACDC,SAAS,EAAE;MACb,CAAC,CAAC,CAACC,KAAK,CAAC7D,SAAS,EAAE,MAAM,CAAC;IAAA,CAC7B,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEX,MAAM,WAAAA,OAACqB,GAAG,EAAqB;IAAA,IAAAoD,MAAA;IAAA,IAAAC,IAAA,GAAA3G,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA4G,SAAA,GAAA5G,SAAA,MAAJ,CAAC,CAAC;MAAhB6G,UAAU,GAAAF,IAAA,CAAVE,UAAU;IACrB,IAAIvD,GAAG,CAACjB,GAAG,EAAE;MACX,OAAO,IAAI,CAACxB,GAAG,CAACiG,KAAK,CAACxD,GAAG,CAAC;IAC5B;IAEA,IAAIyD,UAAU,GAAGzD,GAAG;IAEpB,IAAIuD,UAAU,EAAE;MACdE,UAAU,mBAAAvB,MAAA,CAAmBqB,UAAU,CAAE;IAC3C;IAEA,OAAO,IAAI,CAACG,gBAAgB,CACzBC,GAAG,CAACF,UAAU,CAAC,CACfzF,IAAI,CAAC,UAAC4F,SAAS;MAAA,OAAKC,IAAI,CAACtC,KAAK,CAACqC,SAAS,CAAC;IAAA,EAAC,CAC1C5F,IAAI,CAAC,UAAC8F,SAAS;MAAA,OAAKV,MAAI,CAAC7F,GAAG,CAACiG,KAAK,CAACM,SAAS,CAAC;IAAA,EAAC,CAC9C9B,KAAK,CAAC;MAAA,OACLoB,MAAI,CAAC7F,GAAG,CACLwG,QAAQ,CAAC;QAAC/D,GAAG,EAAHA,GAAG;QAAEuD,UAAU,EAAVA;MAAU,CAAC,CAAC,CAC3BvF,IAAI,CAAC,IAAAgG,WAAG,EAAC,UAACxF,GAAG;QAAA,OAAK4E,MAAI,CAACM,gBAAgB,CAACO,GAAG,CAACR,UAAU,EAAE,IAAAS,UAAA,CAAAnH,OAAA,EAAeyB,GAAG,EAAE2F,QAAQ,CAAC,CAAC;MAAA,EAAC,CAAC;IAAA,CAC7F,CAAC;EACL,CAAC;EAAAC,OAAA;AACH,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA,SAASD,QAAQA,CAACvF,CAAC,EAAEyF,CAAC,EAAE;EACtB,IAAIzF,CAAC,KAAK,KAAK,EAAE;IACf;IACA;IACA,IAAM0F,IAAI,GAAG,IAAI,CAAC1F,CAAC,CAAC,CAAC2F,MAAM,CAAC,IAAI,CAAC;IAEjC,OAAOD,IAAI;EACb;EAEA,OAAOD,CAAC;AACV;AAAC,IAAAG,QAAA,GAAAC,OAAA,CAAA1H,OAAA,GAEcI,UAAU"}
1
+ {"version":3,"names":["_events","require","_url","_interopRequireDefault","_webexCore","_common","_nodeJose","_nodeScr","_ensureBuffer","_kms","ownKeys","e","r","t","_Object$keys2","_Object$getOwnPropertySymbols","o","filter","_Object$getOwnPropertyDescriptor","enumerable","push","apply","_objectSpread","arguments","length","Object","forEach","_defineProperty2","default","_Object$getOwnPropertyDescriptors","_Object$defineProperties","_Object$defineProperty","Encryption","WebexPlugin","extend","children","kms","KMS","namespace","processKmsMessageEvent","event","decryptBinary","scr","buffer","ensureBuffer","then","b","byteLength","_promise","reject","Error","decrypt","decryptScr","key","cipherScr","options","getKey","k","SCR","fromJWE","jwk","decryptText","ciphertext","jose","JWE","createDecrypt","result","plaintext","toString","decryptBinaryData","kmsKeyUri","payload","download","fileUrl","_this","shunt","EventEmitter","promise","_fetchDownloadUrl","useFileService","uri","method","responseType","ret","request","transferEvents","res","body","proxyEvents","_this2","logger","info","process","env","NODE_ENV","includes","resolve","startsWith","error","inputBody","endpoints","endpointUrl","url","parse","protocol","pathname","format","params","_keys","indexOf","allow","warn","catch","err","concat","encryptBinary","file","create","encrypt","cdata","encryptScr","loc","toJWE","encryptText","_this3","createEncrypt","config","joseOptions","header","alg","reference","final","_this4","_ref","undefined","onBehalfOf","asKey","storageKey","unboundedStorage","get","keyString","JSON","keyObject","fetchKey","tap","put","_stringify","replacer","version","v","json","toJSON","_default","exports"],"sources":["encryption.js"],"sourcesContent":["/*!\n * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.\n */\n\nimport {EventEmitter} from 'events';\nimport url from 'url';\n\nimport {WebexPlugin} from '@webex/webex-core';\nimport {proxyEvents, tap, transferEvents} from '@webex/common';\nimport jose from 'node-jose';\nimport SCR from 'node-scr';\n\nimport ensureBuffer from './ensure-buffer';\nimport KMS from './kms';\n\nconst Encryption = WebexPlugin.extend({\n children: {\n kms: KMS,\n },\n\n namespace: 'Encryption',\n\n processKmsMessageEvent(event) {\n return this.kms.processKmsMessageEvent(event);\n },\n\n decryptBinary(scr, buffer) {\n return ensureBuffer(buffer).then((b) => {\n /* istanbul ignore if */\n if (buffer.length === 0 || buffer.byteLength === 0) {\n return Promise.reject(new Error('Attempted to decrypt zero-length buffer'));\n }\n\n return scr.decrypt(b);\n });\n },\n\n /**\n * Decrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} cipherScr - An encrypted SCR\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {Object} Decrypted SCR\n */\n decryptScr(key, cipherScr, options) {\n return this.getKey(key, options).then((k) => SCR.fromJWE(k.jwk, cipherScr));\n },\n\n /**\n * Decrypt text using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} ciphertext - Encrypted text\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Decrypted plaintext\n */\n decryptText(key, ciphertext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createDecrypt(k.jwk)\n .decrypt(ciphertext)\n .then((result) => result.plaintext.toString())\n );\n },\n\n /**\n * Decrypt binary data using the supplied key uri.\n *\n * @param {string} kmsKeyUri - The uri of a key stored in KMS\n * @param {string} JWE - Encrypted binary data as JWE\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {Buffer} Decrypted binary data as Buffer\n */\n decryptBinaryData(kmsKeyUri, JWE, options) {\n return this.getKey(kmsKeyUri, options).then((k) =>\n jose.JWE.createDecrypt(k.jwk)\n .decrypt(JWE)\n .then((result) => result.payload)\n );\n },\n\n /**\n * Validate and initiate a Download request for requested file\n * @param {Object} fileUrl - Plaintext\n * @param {Object} scr - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise}\n */\n download(fileUrl, scr, options) {\n /* istanbul ignore if */\n if (!fileUrl || !scr) {\n return Promise.reject(new Error('`scr` and `fileUrl` are required'));\n }\n\n const shunt = new EventEmitter();\n const promise = this._fetchDownloadUrl(fileUrl, {useFileService: true, ...options})\n .then((uri) => {\n // eslint-disable-next-line no-shadow\n const options = {\n method: 'GET',\n uri,\n responseType: 'buffer',\n };\n\n const ret = this.request(options);\n\n transferEvents('progress', options.download, shunt);\n\n return ret;\n })\n .then((res) => this.decryptBinary(scr, res.body));\n\n proxyEvents(shunt, promise);\n\n return promise;\n },\n\n /**\n * Fetch Download URL for the requested file\n * @param {Object} fileUrl - Plaintext\n * @param {Object} options - optional parameters to download a file\n * @returns {promise} url of the downloadable file\n */\n _fetchDownloadUrl(fileUrl, options) {\n this.logger.info('encryption: retrieving download url for encrypted file');\n\n if (process.env.NODE_ENV !== 'production' && fileUrl.includes('localhost')) {\n this.logger.info(\n 'encryption: bypassing webex files because this looks to be a test file on localhost'\n );\n\n return Promise.resolve(fileUrl);\n }\n\n if (options?.useFileService === false) {\n if (!fileUrl.startsWith('https://')) {\n this.logger.error('encryption: direct file URLs must use HTTPS');\n\n return Promise.reject(new Error('Direct file URLs must use HTTPS'));\n }\n\n return Promise.resolve(fileUrl);\n }\n\n const inputBody = {\n endpoints: [fileUrl],\n };\n const endpointUrl = url.parse(fileUrl);\n\n // hardcode the url to use 'https' and the file service '/v1/download/endpoints' api\n endpointUrl.protocol = 'https';\n endpointUrl.pathname = '/v1/download/endpoints';\n\n return this.request({\n method: 'POST',\n uri: url.format(endpointUrl),\n body:\n options?.params && Object.keys(options.params).indexOf('allow') > -1\n ? {\n ...inputBody,\n allow: options.params.allow,\n }\n : inputBody,\n })\n .then((res) => {\n // eslint-disable-next-line no-shadow\n const url = res.body.endpoints[fileUrl];\n\n if (!url) {\n this.logger.warn(\n 'encryption: could not determine download url for `fileUrl`; attempting to download `fileUrl` directly'\n );\n\n return fileUrl;\n }\n this.logger.info('encryption: retrieved download url for encrypted file');\n\n return url;\n })\n .catch((err) => {\n this.logger.warn(\n `encryption: ${err} could not determine download url for ${fileUrl}; attempting to download ${fileUrl} directly`\n );\n\n return fileUrl;\n });\n },\n\n encryptBinary(file) {\n return ensureBuffer(file).then((buffer) =>\n SCR.create().then((scr) =>\n scr\n .encrypt(buffer)\n .then(ensureBuffer)\n // eslint-disable-next-line max-nested-callbacks\n .then((cdata) => ({scr, cdata}))\n )\n );\n },\n\n /**\n * Encrypt a SCR (Secure Content Resource) using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {Object} scr - SCRObject\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted SCR\n */\n encryptScr(key, scr, options) {\n /* istanbul ignore if */\n if (!scr.loc) {\n return Promise.reject(new Error('Cannot encrypt `scr` without first setting `loc`'));\n }\n\n return this.getKey(key, options).then((k) => scr.toJWE(k.jwk));\n },\n\n /**\n * Encrypt plaintext using the supplied key uri.\n *\n * @param {string} key - The uri of a key stored in KMS\n * @param {string} plaintext\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Encrypted text\n */\n encryptText(key, plaintext, options) {\n return this.getKey(key, options).then((k) =>\n jose.JWE.createEncrypt(this.config.joseOptions, {\n key: k.jwk,\n header: {\n alg: 'dir',\n },\n reference: null,\n }).final(plaintext, 'utf8')\n );\n },\n\n /**\n * Fetch the key associated with the supplied KMS uri.\n *\n * @param {string} uri - The uri of a key stored in KMS\n * @param {Object} options\n * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role\n * @returns {string} Key\n */\n getKey(uri, {onBehalfOf} = {}) {\n if (uri.jwk) {\n return this.kms.asKey(uri);\n }\n\n let storageKey = uri;\n\n if (onBehalfOf) {\n storageKey += `/onBehalfOf/${onBehalfOf}`;\n }\n\n return this.unboundedStorage\n .get(storageKey)\n .then((keyString) => JSON.parse(keyString))\n .then((keyObject) => this.kms.asKey(keyObject))\n .catch(() =>\n this.kms\n .fetchKey({uri, onBehalfOf})\n .then(tap((key) => this.unboundedStorage.put(storageKey, JSON.stringify(key, replacer))))\n );\n },\n});\n\n/**\n * JSON.stringify replacer that ensures private key data is serialized.\n * @param {string} k\n * @param {mixed} v\n * @returns {mixed}\n */\nfunction replacer(k, v) {\n if (k === 'jwk') {\n // note: this[k] and v may be different representations of the same value\n // eslint-disable-next-line no-invalid-this\n const json = this[k].toJSON(true);\n\n return json;\n }\n\n return v;\n}\n\nexport default Encryption;\n"],"mappings":";;;;;;;;;;;;;;;;;AAIA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAC,sBAAA,CAAAF,OAAA;AAEA,IAAAG,UAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,SAAA,GAAAH,sBAAA,CAAAF,OAAA;AACA,IAAAM,QAAA,GAAAJ,sBAAA,CAAAF,OAAA;AAEA,IAAAO,aAAA,GAAAL,sBAAA,CAAAF,OAAA;AACA,IAAAQ,IAAA,GAAAN,sBAAA,CAAAF,OAAA;AAAwB,SAAAS,QAAAC,CAAA,EAAAC,CAAA,QAAAC,CAAA,GAAAC,aAAA,CAAAH,CAAA,OAAAI,6BAAA,QAAAC,CAAA,GAAAD,6BAAA,CAAAJ,CAAA,GAAAC,CAAA,KAAAI,CAAA,GAAAA,CAAA,CAAAC,MAAA,WAAAL,CAAA,WAAAM,gCAAA,CAAAP,CAAA,EAAAC,CAAA,EAAAO,UAAA,OAAAN,CAAA,CAAAO,IAAA,CAAAC,KAAA,CAAAR,CAAA,EAAAG,CAAA,YAAAH,CAAA;AAAA,SAAAS,cAAAX,CAAA,aAAAC,CAAA,MAAAA,CAAA,GAAAW,SAAA,CAAAC,MAAA,EAAAZ,CAAA,UAAAC,CAAA,WAAAU,SAAA,CAAAX,CAAA,IAAAW,SAAA,CAAAX,CAAA,QAAAA,CAAA,OAAAF,OAAA,CAAAe,MAAA,CAAAZ,CAAA,OAAAa,OAAA,WAAAd,CAAA,QAAAe,gBAAA,CAAAC,OAAA,EAAAjB,CAAA,EAAAC,CAAA,EAAAC,CAAA,CAAAD,CAAA,SAAAiB,iCAAA,GAAAC,wBAAA,CAAAnB,CAAA,EAAAkB,iCAAA,CAAAhB,CAAA,KAAAH,OAAA,CAAAe,MAAA,CAAAZ,CAAA,GAAAa,OAAA,WAAAd,CAAA,IAAAmB,sBAAA,CAAApB,CAAA,EAAAC,CAAA,EAAAM,gCAAA,CAAAL,CAAA,EAAAD,CAAA,iBAAAD,CAAA,IAbxB;AACA;AACA;AAaA,IAAMqB,UAAU,GAAGC,sBAAW,CAACC,MAAM,CAAC;EACpCC,QAAQ,EAAE;IACRC,GAAG,EAAEC;EACP,CAAC;EAEDC,SAAS,EAAE,YAAY;EAEvBC,sBAAsB,WAAAA,uBAACC,KAAK,EAAE;IAC5B,OAAO,IAAI,CAACJ,GAAG,CAACG,sBAAsB,CAACC,KAAK,CAAC;EAC/C,CAAC;EAEDC,aAAa,WAAAA,cAACC,GAAG,EAAEC,MAAM,EAAE;IACzB,OAAO,IAAAC,qBAAY,EAACD,MAAM,CAAC,CAACE,IAAI,CAAC,UAACC,CAAC,EAAK;MACtC;MACA,IAAIH,MAAM,CAACnB,MAAM,KAAK,CAAC,IAAImB,MAAM,CAACI,UAAU,KAAK,CAAC,EAAE;QAClD,OAAOC,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,yCAAyC,CAAC,CAAC;MAC7E;MAEA,OAAOR,GAAG,CAACS,OAAO,CAACL,CAAC,CAAC;IACvB,CAAC,CAAC;EACJ,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEM,UAAU,WAAAA,WAACC,GAAG,EAAEC,SAAS,EAAEC,OAAO,EAAE;IAClC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKC,gBAAG,CAACC,OAAO,CAACF,CAAC,CAACG,GAAG,EAAEN,SAAS,CAAC;IAAA,EAAC;EAC7E,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEO,WAAW,WAAAA,YAACR,GAAG,EAAES,UAAU,EAAEP,OAAO,EAAE;IACpC,OAAO,IAAI,CAACC,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAACC,aAAa,CAACR,CAAC,CAACG,GAAG,CAAC,CAC1BT,OAAO,CAACW,UAAU,CAAC,CACnBjB,IAAI,CAAC,UAACqB,MAAM;QAAA,OAAKA,MAAM,CAACC,SAAS,CAACC,QAAQ,CAAC,CAAC;MAAA,EAAC;IAAA,CAClD,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,iBAAiB,WAAAA,kBAACC,SAAS,EAAEN,GAAG,EAAET,OAAO,EAAE;IACzC,OAAO,IAAI,CAACC,MAAM,CAACc,SAAS,EAAEf,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAC5CM,iBAAI,CAACC,GAAG,CAACC,aAAa,CAACR,CAAC,CAACG,GAAG,CAAC,CAC1BT,OAAO,CAACa,GAAG,CAAC,CACZnB,IAAI,CAAC,UAACqB,MAAM;QAAA,OAAKA,MAAM,CAACK,OAAO;MAAA,EAAC;IAAA,CACrC,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;EACEC,QAAQ,WAAAA,SAACC,OAAO,EAAE/B,GAAG,EAAEa,OAAO,EAAE;IAAA,IAAAmB,KAAA;IAC9B;IACA,IAAI,CAACD,OAAO,IAAI,CAAC/B,GAAG,EAAE;MACpB,OAAOM,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtE;IAEA,IAAMyB,KAAK,GAAG,IAAIC,oBAAY,CAAC,CAAC;IAChC,IAAMC,OAAO,GAAG,IAAI,CAACC,iBAAiB,CAACL,OAAO,EAAAnD,aAAA;MAAGyD,cAAc,EAAE;IAAI,GAAKxB,OAAO,CAAC,CAAC,CAChFV,IAAI,CAAC,UAACmC,GAAG,EAAK;MACb;MACA,IAAMzB,OAAO,GAAG;QACd0B,MAAM,EAAE,KAAK;QACbD,GAAG,EAAHA,GAAG;QACHE,YAAY,EAAE;MAChB,CAAC;MAED,IAAMC,GAAG,GAAGT,KAAI,CAACU,OAAO,CAAC7B,OAAO,CAAC;MAEjC,IAAA8B,sBAAc,EAAC,UAAU,EAAE9B,OAAO,CAACiB,QAAQ,EAAEG,KAAK,CAAC;MAEnD,OAAOQ,GAAG;IACZ,CAAC,CAAC,CACDtC,IAAI,CAAC,UAACyC,GAAG;MAAA,OAAKZ,KAAI,CAACjC,aAAa,CAACC,GAAG,EAAE4C,GAAG,CAACC,IAAI,CAAC;IAAA,EAAC;IAEnD,IAAAC,mBAAW,EAACb,KAAK,EAAEE,OAAO,CAAC;IAE3B,OAAOA,OAAO;EAChB,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;EACEC,iBAAiB,WAAAA,kBAACL,OAAO,EAAElB,OAAO,EAAE;IAAA,IAAAkC,MAAA;IAClC,IAAI,CAACC,MAAM,CAACC,IAAI,CAAC,wDAAwD,CAAC;IAE1E,IAAIC,OAAO,CAACC,GAAG,CAACC,QAAQ,KAAK,YAAY,IAAIrB,OAAO,CAACsB,QAAQ,CAAC,WAAW,CAAC,EAAE;MAC1E,IAAI,CAACL,MAAM,CAACC,IAAI,CACd,qFACF,CAAC;MAED,OAAO3C,QAAA,CAAApB,OAAA,CAAQoE,OAAO,CAACvB,OAAO,CAAC;IACjC;IAEA,IAAI,CAAAlB,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEwB,cAAc,MAAK,KAAK,EAAE;MACrC,IAAI,CAACN,OAAO,CAACwB,UAAU,CAAC,UAAU,CAAC,EAAE;QACnC,IAAI,CAACP,MAAM,CAACQ,KAAK,CAAC,6CAA6C,CAAC;QAEhE,OAAOlD,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,iCAAiC,CAAC,CAAC;MACrE;MAEA,OAAOF,QAAA,CAAApB,OAAA,CAAQoE,OAAO,CAACvB,OAAO,CAAC;IACjC;IAEA,IAAM0B,SAAS,GAAG;MAChBC,SAAS,EAAE,CAAC3B,OAAO;IACrB,CAAC;IACD,IAAM4B,WAAW,GAAGC,YAAG,CAACC,KAAK,CAAC9B,OAAO,CAAC;;IAEtC;IACA4B,WAAW,CAACG,QAAQ,GAAG,OAAO;IAC9BH,WAAW,CAACI,QAAQ,GAAG,wBAAwB;IAE/C,OAAO,IAAI,CAACrB,OAAO,CAAC;MAClBH,MAAM,EAAE,MAAM;MACdD,GAAG,EAAEsB,YAAG,CAACI,MAAM,CAACL,WAAW,CAAC;MAC5Bd,IAAI,EACFhC,OAAO,aAAPA,OAAO,eAAPA,OAAO,CAAEoD,MAAM,IAAI,IAAAC,KAAA,CAAAhF,OAAA,EAAY2B,OAAO,CAACoD,MAAM,CAAC,CAACE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAAvF,aAAA,CAAAA,aAAA,KAE3D6E,SAAS;QACZW,KAAK,EAAEvD,OAAO,CAACoD,MAAM,CAACG;MAAK,KAE7BX;IACR,CAAC,CAAC,CACCtD,IAAI,CAAC,UAACyC,GAAG,EAAK;MACb;MACA,IAAMgB,GAAG,GAAGhB,GAAG,CAACC,IAAI,CAACa,SAAS,CAAC3B,OAAO,CAAC;MAEvC,IAAI,CAAC6B,GAAG,EAAE;QACRb,MAAI,CAACC,MAAM,CAACqB,IAAI,CACd,uGACF,CAAC;QAED,OAAOtC,OAAO;MAChB;MACAgB,MAAI,CAACC,MAAM,CAACC,IAAI,CAAC,uDAAuD,CAAC;MAEzE,OAAOW,GAAG;IACZ,CAAC,CAAC,CACDU,KAAK,CAAC,UAACC,GAAG,EAAK;MACdxB,MAAI,CAACC,MAAM,CAACqB,IAAI,gBAAAG,MAAA,CACCD,GAAG,4CAAAC,MAAA,CAAyCzC,OAAO,+BAAAyC,MAAA,CAA4BzC,OAAO,cACvG,CAAC;MAED,OAAOA,OAAO;IAChB,CAAC,CAAC;EACN,CAAC;EAED0C,aAAa,WAAAA,cAACC,IAAI,EAAE;IAClB,OAAO,IAAAxE,qBAAY,EAACwE,IAAI,CAAC,CAACvE,IAAI,CAAC,UAACF,MAAM;MAAA,OACpCe,gBAAG,CAAC2D,MAAM,CAAC,CAAC,CAACxE,IAAI,CAAC,UAACH,GAAG;QAAA,OACpBA,GAAG,CACA4E,OAAO,CAAC3E,MAAM,CAAC,CACfE,IAAI,CAACD,qBAAY;QAClB;QAAA,CACCC,IAAI,CAAC,UAAC0E,KAAK;UAAA,OAAM;YAAC7E,GAAG,EAAHA,GAAG;YAAE6E,KAAK,EAALA;UAAK,CAAC;QAAA,CAAC,CAAC;MAAA,CACpC,CAAC;IAAA,CACH,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACEC,UAAU,WAAAA,WAACnE,GAAG,EAAEX,GAAG,EAAEa,OAAO,EAAE;IAC5B;IACA,IAAI,CAACb,GAAG,CAAC+E,GAAG,EAAE;MACZ,OAAOzE,QAAA,CAAApB,OAAA,CAAQqB,MAAM,CAAC,IAAIC,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtF;IAEA,OAAO,IAAI,CAACM,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OAAKf,GAAG,CAACgF,KAAK,CAACjE,CAAC,CAACG,GAAG,CAAC;IAAA,EAAC;EAChE,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE+D,WAAW,WAAAA,YAACtE,GAAG,EAAEc,SAAS,EAAEZ,OAAO,EAAE;IAAA,IAAAqE,MAAA;IACnC,OAAO,IAAI,CAACpE,MAAM,CAACH,GAAG,EAAEE,OAAO,CAAC,CAACV,IAAI,CAAC,UAACY,CAAC;MAAA,OACtCM,iBAAI,CAACC,GAAG,CAAC6D,aAAa,CAACD,MAAI,CAACE,MAAM,CAACC,WAAW,EAAE;QAC9C1E,GAAG,EAAEI,CAAC,CAACG,GAAG;QACVoE,MAAM,EAAE;UACNC,GAAG,EAAE;QACP,CAAC;QACDC,SAAS,EAAE;MACb,CAAC,CAAC,CAACC,KAAK,CAAChE,SAAS,EAAE,MAAM,CAAC;IAAA,CAC7B,CAAC;EACH,CAAC;EAED;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACEX,MAAM,WAAAA,OAACwB,GAAG,EAAqB;IAAA,IAAAoD,MAAA;IAAA,IAAAC,IAAA,GAAA9G,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAA+G,SAAA,GAAA/G,SAAA,MAAJ,CAAC,CAAC;MAAhBgH,UAAU,GAAAF,IAAA,CAAVE,UAAU;IACrB,IAAIvD,GAAG,CAACpB,GAAG,EAAE;MACX,OAAO,IAAI,CAACxB,GAAG,CAACoG,KAAK,CAACxD,GAAG,CAAC;IAC5B;IAEA,IAAIyD,UAAU,GAAGzD,GAAG;IAEpB,IAAIuD,UAAU,EAAE;MACdE,UAAU,mBAAAvB,MAAA,CAAmBqB,UAAU,CAAE;IAC3C;IAEA,OAAO,IAAI,CAACG,gBAAgB,CACzBC,GAAG,CAACF,UAAU,CAAC,CACf5F,IAAI,CAAC,UAAC+F,SAAS;MAAA,OAAKC,IAAI,CAACtC,KAAK,CAACqC,SAAS,CAAC;IAAA,EAAC,CAC1C/F,IAAI,CAAC,UAACiG,SAAS;MAAA,OAAKV,MAAI,CAAChG,GAAG,CAACoG,KAAK,CAACM,SAAS,CAAC;IAAA,EAAC,CAC9C9B,KAAK,CAAC;MAAA,OACLoB,MAAI,CAAChG,GAAG,CACL2G,QAAQ,CAAC;QAAC/D,GAAG,EAAHA,GAAG;QAAEuD,UAAU,EAAVA;MAAU,CAAC,CAAC,CAC3B1F,IAAI,CAAC,IAAAmG,WAAG,EAAC,UAAC3F,GAAG;QAAA,OAAK+E,MAAI,CAACM,gBAAgB,CAACO,GAAG,CAACR,UAAU,EAAE,IAAAS,UAAA,CAAAtH,OAAA,EAAeyB,GAAG,EAAE8F,QAAQ,CAAC,CAAC;MAAA,EAAC,CAAC;IAAA,CAC7F,CAAC;EACL,CAAC;EAAAC,OAAA;AACH,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA,SAASD,QAAQA,CAAC1F,CAAC,EAAE4F,CAAC,EAAE;EACtB,IAAI5F,CAAC,KAAK,KAAK,EAAE;IACf;IACA;IACA,IAAM6F,IAAI,GAAG,IAAI,CAAC7F,CAAC,CAAC,CAAC8F,MAAM,CAAC,IAAI,CAAC;IAEjC,OAAOD,IAAI;EACb;EAEA,OAAOD,CAAC;AACV;AAAC,IAAAG,QAAA,GAAAC,OAAA,CAAA7H,OAAA,GAEcI,UAAU"}
package/dist/kms.js CHANGED
@@ -827,7 +827,7 @@ var KMS = _webexCore.WebexPlugin.extend((_dec = (0, _common.oneFlight)({
827
827
  context.ephemeralKey = originalContext.ephemeralKey;
828
828
  return context;
829
829
  },
830
- version: "3.9.0"
830
+ version: "3.10.0"
831
831
  }, ((0, _applyDecoratedDescriptor2.default)(_obj, "fetchKey", [_dec], (0, _getOwnPropertyDescriptor.default)(_obj, "fetchKey"), _obj), (0, _applyDecoratedDescriptor2.default)(_obj, "_getContext", [_common.oneFlight], (0, _getOwnPropertyDescriptor.default)(_obj, "_getContext"), _obj)), _obj)));
832
832
  var _default = exports.default = KMS;
833
833
  //# sourceMappingURL=kms.js.map
package/package.json CHANGED
@@ -10,7 +10,7 @@
10
10
  "directory": "packages/@webex/internal-plugin-encryption"
11
11
  },
12
12
  "engines": {
13
- "node": ">=16"
13
+ "node": ">=18"
14
14
  },
15
15
  "browser": {
16
16
  "./dist/ensure-buffer.js": "./dist/ensure-buffer.browser.js",
@@ -28,23 +28,23 @@
28
28
  "@webex/eslint-config-legacy": "0.0.0",
29
29
  "@webex/jest-config-legacy": "0.0.0",
30
30
  "@webex/legacy-tools": "0.0.0",
31
- "@webex/test-helper-chai": "3.9.0",
32
- "@webex/test-helper-make-local-url": "3.9.0",
33
- "@webex/test-helper-mocha": "3.9.0",
34
- "@webex/test-helper-mock-webex": "3.9.0",
35
- "@webex/test-helper-test-users": "3.9.0",
31
+ "@webex/test-helper-chai": "3.10.0",
32
+ "@webex/test-helper-make-local-url": "3.10.0",
33
+ "@webex/test-helper-mocha": "3.10.0",
34
+ "@webex/test-helper-mock-webex": "3.10.0",
35
+ "@webex/test-helper-test-users": "3.10.0",
36
36
  "eslint": "^8.24.0",
37
37
  "prettier": "^2.7.1",
38
38
  "sinon": "^9.2.4"
39
39
  },
40
40
  "dependencies": {
41
- "@webex/common": "3.9.0",
42
- "@webex/common-timers": "3.9.0",
43
- "@webex/http-core": "3.9.0",
44
- "@webex/internal-plugin-device": "3.9.0",
45
- "@webex/internal-plugin-mercury": "3.9.0",
46
- "@webex/test-helper-file": "3.9.0",
47
- "@webex/webex-core": "3.9.0",
41
+ "@webex/common": "3.10.0",
42
+ "@webex/common-timers": "3.10.0",
43
+ "@webex/http-core": "3.10.0",
44
+ "@webex/internal-plugin-device": "3.10.0",
45
+ "@webex/internal-plugin-mercury": "3.10.0",
46
+ "@webex/test-helper-file": "3.10.0",
47
+ "@webex/webex-core": "3.10.0",
48
48
  "asn1js": "^2.0.26",
49
49
  "debug": "^4.3.4",
50
50
  "isomorphic-webcrypto": "^2.3.8",
@@ -67,5 +67,5 @@
67
67
  "test:style": "eslint ./src/**/*.*",
68
68
  "test:unit": "webex-legacy-tools test --unit --runner jest"
69
69
  },
70
- "version": "3.9.0"
70
+ "version": "3.10.0"
71
71
  }
package/src/encryption.js CHANGED
@@ -65,6 +65,23 @@ const Encryption = WebexPlugin.extend({
65
65
  );
66
66
  },
67
67
 
68
+ /**
69
+ * Decrypt binary data using the supplied key uri.
70
+ *
71
+ * @param {string} kmsKeyUri - The uri of a key stored in KMS
72
+ * @param {string} JWE - Encrypted binary data as JWE
73
+ * @param {Object} options
74
+ * @param {string} options.onBehalfOf - Fetch the KMS key on behalf of another user (using the user's UUID), active user requires the 'spark.kms_orgagent' role
75
+ * @returns {Buffer} Decrypted binary data as Buffer
76
+ */
77
+ decryptBinaryData(kmsKeyUri, JWE, options) {
78
+ return this.getKey(kmsKeyUri, options).then((k) =>
79
+ jose.JWE.createDecrypt(k.jwk)
80
+ .decrypt(JWE)
81
+ .then((result) => result.payload)
82
+ );
83
+ },
84
+
68
85
  /**
69
86
  * Validate and initiate a Download request for requested file
70
87
  * @param {Object} fileUrl - Plaintext
package/test/integration/spec/encryption.js CHANGED
@@ -2,6 +2,7 @@
2
2
  * Copyright (c) 2015-2020 Cisco Systems, Inc. See LICENSE file.
3
3
  */
4
4
 
5
+ import '@webex/internal-plugin-metrics';
5
6
  import '@webex/internal-plugin-encryption';
6
7
 
7
8
  import {isBuffer} from '@webex/common';
@@ -93,6 +94,89 @@ describe('Encryption', function () {
93
94
  .then((plaintext) => assert.equal(plaintext, PLAINTEXT)));
94
95
  });
95
96
 
97
+ describe('#decryptBinaryData()', () => {
98
+ it('decrypts binary data', () =>
99
+ webex.internal.encryption
100
+ .encryptText(key, FILE.toString('base64'))
101
+ .then((ciphertext) => {
102
+ assert.notEqual(ciphertext, FILE.toString('base64'));
103
+
104
+ return webex.internal.encryption.decryptBinaryData(key, ciphertext);
105
+ })
106
+ .then((decryptedData) => {
107
+ assert.isTrue(isBuffer(decryptedData));
108
+ assert.equal(decryptedData.toString('base64'), FILE.toString('base64'));
109
+ }));
110
+
111
+ it('decrypts binary data with Buffer input', () => {
112
+ const binaryData = Buffer.from('test binary data', 'utf8');
113
+
114
+ return webex.internal.encryption
115
+ .encryptText(key, binaryData.toString('base64'))
116
+ .then((ciphertext) => {
117
+ assert.notEqual(ciphertext, binaryData.toString('base64'));
118
+
119
+ return webex.internal.encryption.decryptBinaryData(key, ciphertext);
120
+ })
121
+ .then((decryptedData) => {
122
+ assert.isTrue(isBuffer(decryptedData));
123
+ assert.equal(decryptedData.toString('utf8'), 'test binary data');
124
+ });
125
+ });
126
+
127
+ it('decrypts binary data with options parameter', () => {
128
+ const binaryData = Buffer.from('test binary data with options', 'utf8');
129
+
130
+ return webex.internal.encryption
131
+ .encryptText(key, binaryData.toString('base64'))
132
+ .then((ciphertext) => {
133
+ assert.notEqual(ciphertext, binaryData.toString('base64'));
134
+
135
+ return webex.internal.encryption.decryptBinaryData(key, ciphertext, {});
136
+ })
137
+ .then((decryptedData) => {
138
+ assert.isTrue(isBuffer(decryptedData));
139
+ assert.equal(decryptedData.toString('utf8'), 'test binary data with options');
140
+ });
141
+ });
142
+
143
+ it('decrypts binary data with dynamically generated 3000 character string', () => {
144
+ // Generate a 3000-character string dynamically using different character sets
145
+ const generateLargeString = (length) => {
146
+ const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()_+-=[]{}|;:,.<>?';
147
+ let result = '';
148
+ const charsLength = chars.length;
149
+
150
+ for (let i = 0; i < length; i++) {
151
+ // Use modulo to cycle through different patterns for variety
152
+ const index = (i * 7 + Math.floor(i / 100) * 3) % charsLength;
153
+ result += chars.charAt(index);
154
+ }
155
+
156
+ return result;
157
+ };
158
+
159
+ const largeString = generateLargeString(3000);
160
+ const binaryData = Buffer.from(largeString, 'utf8');
161
+
162
+ // Verify the string is exactly 3000 characters
163
+ assert.equal(largeString.length, 3000);
164
+
165
+ return webex.internal.encryption
166
+ .encryptText(key, binaryData.toString('base64'))
167
+ .then((ciphertext) => {
168
+ assert.notEqual(ciphertext, binaryData.toString('base64'));
169
+
170
+ return webex.internal.encryption.decryptBinaryData(key, ciphertext);
171
+ })
172
+ .then((decryptedData) => {
173
+ assert.isTrue(isBuffer(decryptedData));
174
+ assert.equal(decryptedData.toString('utf8'), largeString);
175
+ assert.equal(decryptedData.toString('utf8').length, 3000);
176
+ });
177
+ });
178
+ });
179
+
96
180
  describe('#getKey()', () => {
97
181
  let fetchKeySpy, otherWebex, otherUser, storageGetSpy;
98
182
 
@@ -361,6 +445,24 @@ describe('Encryption', function () {
361
445
  })
362
446
  .then((plaintext) => assert.equal(plaintext, PLAINTEXT)));
363
447
 
448
+ it('decrypt binary data', () => {
449
+ const binaryData = Buffer.from('compliance test binary data', 'utf8');
450
+
451
+ return webex.internal.encryption
452
+ .encryptText(key, binaryData.toString('base64'))
453
+ .then((ciphertext) => {
454
+ assert.notEqual(ciphertext, binaryData.toString('base64'));
455
+
456
+ return complianceUser.webex.internal.encryption.decryptBinaryData(key, ciphertext, {
457
+ onBehalfOf: user.id,
458
+ });
459
+ })
460
+ .then((decryptedData) => {
461
+ assert.isTrue(isBuffer(decryptedData));
462
+ assert.equal(decryptedData.toString('utf8'), 'compliance test binary data');
463
+ });
464
+ });
465
+
364
466
  it('encrypt and decrypt text', () =>
365
467
  complianceUser.webex.internal.encryption
366
468
  .encryptText(key, PLAINTEXT, {onBehalfOf: user.id})
package/test/unit/spec/encryption.js CHANGED
@@ -82,4 +82,76 @@ describe('internal-plugin-encryption', () => {
82
82
  });
83
83
  });
84
84
  });
85
+
86
+ describe('decryptBinaryData', () => {
87
+ let webex;
88
+
89
+ beforeEach(() => {
90
+ webex = new MockWebex({
91
+ children: {
92
+ encryption: Encryption,
93
+ },
94
+ });
95
+ });
96
+
97
+ describe('check decryptBinaryData()', () => {
98
+ const testKey = 'https://kms.example.com/keys/test-key-id';
99
+ const testJWE = 'eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0..test.encrypted.data';
100
+ const testOptions = {onBehalfOf: 'test-user-uuid'};
101
+ const mockJwk = {kty: 'oct', k: 'test-key-material'};
102
+ const mockKey = {jwk: mockJwk};
103
+ const mockDecryptedResult = {payload: Buffer.from('decrypted binary data')};
104
+ let getKeyStub;
105
+ let joseDecryptStub;
106
+
107
+ beforeEach(() => {
108
+ getKeyStub = sinon.stub(webex.internal.encryption, 'getKey').resolves(mockKey);
109
+
110
+ // Mock the jose.JWE.createDecrypt chain
111
+ const mockDecryptor = {
112
+ decrypt: sinon.stub().resolves(mockDecryptedResult)
113
+ };
114
+ joseDecryptStub = sinon.stub(require('node-jose').JWE, 'createDecrypt').returns(mockDecryptor);
115
+ });
116
+
117
+ it('should call getKey and jose.JWE.createDecrypt with correct parameters', async () => {
118
+ await webex.internal.encryption.decryptBinaryData(testKey, testJWE, testOptions);
119
+
120
+ assert.equal(getKeyStub.calledOnce, true);
121
+ assert.equal(getKeyStub.args[0][0], testKey);
122
+ assert.deepEqual(getKeyStub.args[0][1], testOptions);
123
+
124
+ assert.equal(joseDecryptStub.calledOnce, true);
125
+ assert.equal(joseDecryptStub.args[0][0], mockJwk);
126
+ });
127
+
128
+ it('should call decrypt with ciphertext', async () => {
129
+ await webex.internal.encryption.decryptBinaryData(testKey, testJWE, testOptions);
130
+
131
+ const mockDecryptor = joseDecryptStub.returnValues[0];
132
+ assert.equal(mockDecryptor.decrypt.calledOnce, true);
133
+ assert.equal(mockDecryptor.decrypt.args[0][0], testJWE);
134
+ });
135
+
136
+ it('should return the payload buffer', async () => {
137
+ const result = await webex.internal.encryption.decryptBinaryData(testKey, testJWE, testOptions);
138
+
139
+ assert.equal(result, mockDecryptedResult.payload);
140
+ assert.equal(Buffer.isBuffer(result), true);
141
+ });
142
+
143
+ it('should work without options parameter', async () => {
144
+ await webex.internal.encryption.decryptBinaryData(testKey, testJWE);
145
+
146
+ assert.equal(getKeyStub.calledOnce, true);
147
+ assert.equal(getKeyStub.args[0][0], testKey);
148
+ assert.equal(getKeyStub.args[0][1], undefined);
149
+ });
150
+
151
+ afterEach(() => {
152
+ getKeyStub.restore();
153
+ joseDecryptStub.restore();
154
+ });
155
+ });
156
+ });
85
157
  });