@strivve/strivve-sdk
Advanced tools
Comparing version 3.0.1 to 3.0.3
@@ -85,8 +85,8 @@ "use strict"; | ||
var package_json_1 = require("../../package.json"); | ||
//import { HttpsProxyAgent } from "https-proxy-agent"; | ||
var https_proxy_agent_1 = require("https-proxy-agent"); | ||
var CardsavrSession = /** @class */ (function () { | ||
function CardsavrSession(baseUrl, sessionKey, appName, rejectUnauthorized, cardsavrCert, proxy, debug) { | ||
var _this = this; | ||
if (rejectUnauthorized === void 0) { rejectUnauthorized = true; } | ||
if (debug === void 0) { debug = false; } | ||
var _this = this; | ||
this.setSessionHeaders = function (headersObject) { | ||
@@ -172,3 +172,3 @@ Object.assign(_this._headers, headersObject); | ||
agent = (this._proxy) ? | ||
/*new HttpsProxyAgent(this._proxy) */ undefined : | ||
new https_proxy_agent_1.HttpsProxyAgent(this._proxy) : | ||
new https_1.Agent(__assign({ rejectUnauthorized: this._rejectUnauthorized }, (this._cardsavrCert && { ca: this._cardsavrCert }))); | ||
@@ -175,0 +175,0 @@ config = Object.assign(config, { |
@@ -12,3 +12,3 @@ /// <reference types="node" /> | ||
static decryptResponse(key: string, body: any): Promise<any>; | ||
static decryptAES256(b64cipherText: string, b64IV: string, b64Key: string): Promise<any>; | ||
static decryptAES256(b64cipherText: string, b64IV: string, b64Key: string, alg?: string): Promise<any>; | ||
} | ||
@@ -15,0 +15,0 @@ export declare class Signing { |
@@ -190,7 +190,3 @@ "use strict"; | ||
stringParts = body.encrypted_body.split("$"); | ||
if (stringParts[1].length != 16) { | ||
// Not a proper 16-byte base64-encoded IV | ||
throw new Error("Response body is not properly encrypted."); | ||
} | ||
req = this.decryptAES256(stringParts[0], stringParts[1], key); | ||
req = this.decryptAES256(stringParts[0], stringParts[1], key, stringParts[2]); | ||
return [4 /*yield*/, req]; | ||
@@ -202,11 +198,16 @@ case 1: return [2 /*return*/, _a.sent()]; | ||
}; | ||
Encryption.decryptAES256 = function (b64cipherText, b64IV, b64Key) { | ||
Encryption.decryptAES256 = function (b64cipherText, b64IV, b64Key, alg) { | ||
return __awaiter(this, void 0, void 0, function () { | ||
var binaryEncryptionKey, encrypted_buf, _a, encoded, auth_tag, iv, decryptor, decryptedJSON, decryptedString, decryptKey, clearTextBuffer, clearText; | ||
var predicted_alg, binaryEncryptionKey, iv, encrypted_buf, _a, encoded, auth_tag, decryptor, decryptedJSON, decryptedString, ALG, decryptKey, clearTextBuffer, clearText; | ||
return __generator(this, function (_b) { | ||
switch (_b.label) { | ||
case 0: | ||
predicted_alg = b64IV.length === 16 ? "aes-256-gcm" : (b64IV.length === 24 ? "aes-256-cbc" : undefined); | ||
if (!predicted_alg || (alg && alg != predicted_alg)) { | ||
// Not a proper length for base64-encoded IV, doesn't care about alg, not supported except in-browser | ||
throw new Error("Response body is not properly encrypted."); | ||
} | ||
if (!!browserCrypto) return [3 /*break*/, 1]; | ||
binaryEncryptionKey = Buffer.alloc(32); | ||
binaryEncryptionKey.write(b64Key, "base64"); | ||
binaryEncryptionKey = Buffer.from(b64Key, "base64"); | ||
iv = Buffer.from(b64IV, "base64"); | ||
encrypted_buf = Buffer.from(b64cipherText, "base64"); | ||
@@ -217,4 +218,3 @@ _a = [ | ||
], encoded = _a[0], auth_tag = _a[1]; | ||
iv = Buffer.from(b64IV, "base64"); | ||
decryptor = crypto.createDecipheriv("aes-256-gcm", binaryEncryptionKey, iv); | ||
decryptor = crypto.createDecipheriv(predicted_alg, binaryEncryptionKey, iv); | ||
decryptor.setAuthTag(auth_tag); | ||
@@ -224,7 +224,9 @@ decryptedJSON = Buffer.concat([decryptor.update(encoded), decryptor.final()]); | ||
return [2 /*return*/, JSON.parse(decryptedString)]; | ||
case 1: return [4 /*yield*/, browserCrypto.subtle.importKey("raw", WebConversions.base64ToArrayBuffer(b64Key), "AES-GCM", false, ["decrypt"])]; | ||
case 1: | ||
ALG = predicted_alg.replace("-256-", "-").toUpperCase(); | ||
return [4 /*yield*/, browserCrypto.subtle.importKey("raw", WebConversions.base64ToArrayBuffer(b64Key), ALG, false, ["decrypt"])]; | ||
case 2: | ||
decryptKey = _b.sent(); | ||
return [4 /*yield*/, browserCrypto.subtle.decrypt({ | ||
name: "AES-GCM", | ||
name: ALG, | ||
iv: WebConversions.base64ToArrayBuffer(b64IV) | ||
@@ -231,0 +233,0 @@ }, decryptKey, |
{ | ||
"name": "@strivve/strivve-sdk", | ||
"version": "3.0.1", | ||
"version": "3.0.3", | ||
"description": "", | ||
@@ -49,2 +49,3 @@ "directories": { | ||
"eslint": "^8.52.0", | ||
"https-proxy-agent": "^7.0.2", | ||
"log-timestamp": "^0.3.0", | ||
@@ -51,0 +52,0 @@ "net": "^1.0.2", |
@@ -11,3 +11,3 @@ "use strict"; | ||
import {version} from "../../package.json"; | ||
//import { HttpsProxyAgent } from "https-proxy-agent"; | ||
import { HttpsProxyAgent } from "https-proxy-agent"; | ||
@@ -131,3 +131,3 @@ export class CardsavrSession { | ||
const agent = (this._proxy) ? | ||
/*new HttpsProxyAgent(this._proxy) */ undefined : | ||
new HttpsProxyAgent(this._proxy) : | ||
new HTTPSAgent({ | ||
@@ -134,0 +134,0 @@ rejectUnauthorized : this._rejectUnauthorized, |
@@ -154,10 +154,11 @@ import * as crypto from "crypto"; | ||
const predicted_alg = b64IV.length === 16 ? "aes-256-gcm" : (b64IV.length === 24 ? "aes-256-cbc" : undefined); | ||
if (!predicted_alg || (alg && alg != predicted_alg)) { | ||
// Not a proper length for base64-encoded IV, doesn't care about alg, not supported except in-browser | ||
throw new Error("Response body is not properly encrypted."); | ||
} | ||
if (!browserCrypto) { | ||
// decryption has support for both gcm and cdc for backward compatibility (CU config.json) | ||
const predicted_alg = b64IV.length === 16 ? "aes-256-gcm" : (b64IV.length === 24 ? "aes-256-cbc" : undefined); | ||
if (!predicted_alg || (alg && alg != predicted_alg)) { | ||
// Not a proper 16-byte base64-encoded IV, doesn't care about alg, not supported except in-browser | ||
throw new Error("Response body is not properly encrypted."); | ||
} | ||
const binaryEncryptionKey = Buffer.from(b64Key, "base64"); | ||
@@ -167,9 +168,8 @@ const iv = Buffer.from(b64IV, "base64"); | ||
const [encoded, auth_tag] = predicted_alg === "aes-256-gcm" ? [ | ||
const [encoded, auth_tag] = [ | ||
encrypted_buf.subarray(0, encrypted_buf.length - 16), | ||
encrypted_buf.subarray(encrypted_buf.length - 16, encrypted_buf.length) | ||
] : [encrypted_buf, Buffer.from("")]; | ||
encrypted_buf.subarray(encrypted_buf.length - 16, encrypted_buf.length)]; | ||
const decryptor = crypto.createDecipheriv(predicted_alg, binaryEncryptionKey, iv); | ||
if (auth_tag) { (decryptor as crypto.DecipherGCM).setAuthTag(auth_tag); } | ||
(decryptor as crypto.DecipherGCM).setAuthTag(auth_tag); | ||
@@ -182,11 +182,7 @@ const decryptedJSON = Buffer.concat([decryptor.update(encoded), decryptor.final()]); | ||
if (b64IV.length !== 16) { | ||
// Not a proper 16-byte base64-encoded IV, doesn't care about alg, not supported except in-browser | ||
throw new Error("Response body is not properly encrypted."); | ||
} | ||
const ALG = predicted_alg.replace("-256-", "-").toUpperCase(); | ||
const decryptKey = await browserCrypto.subtle.importKey( | ||
"raw", | ||
WebConversions.base64ToArrayBuffer(b64Key), | ||
"AES-GCM", | ||
ALG, | ||
false, ["decrypt"] | ||
@@ -196,3 +192,3 @@ ); | ||
const clearTextBuffer = await browserCrypto.subtle.decrypt({ | ||
name : "AES-GCM", | ||
name : ALG, | ||
iv : WebConversions.base64ToArrayBuffer(b64IV) | ||
@@ -199,0 +195,0 @@ }, |
@@ -8,3 +8,3 @@ { | ||
"outDir": "../lib/", | ||
// "rootDir": ".", | ||
"rootDir": ".", | ||
"esModuleInterop": true, | ||
@@ -11,0 +11,0 @@ "strict": true, |
@@ -8,3 +8,3 @@ { | ||
"outDir": ".", | ||
// "rootDir": ".", | ||
"rootDir": ".", | ||
"esModuleInterop": true, | ||
@@ -11,0 +11,0 @@ "strict": true, |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
710422
7
89
11537
3
+ Addedhttps-proxy-agent@^7.0.2
+ Addedagent-base@7.1.1(transitive)
+ Addedhttps-proxy-agent@7.0.4(transitive)