From 5a506537ddbddac86c164e35a0bb815fa5fc0ad7 Mon Sep 17 00:00:00 2001 From: Kess Plasmeier Date: Wed, 4 Mar 2026 11:34:04 -0800 Subject: [PATCH 1/2] reintroduce changes --- .github/workflows/ci_static-analysis.yaml | 2 +- .github/workflows/shared-ci.yml | 2 +- codebuild/browser18.yml | 17 ------ codebuild/compliance.yml | 15 ----- codebuild/nodejs16.yml | 19 ------- codebuild/nodejs18.yml | 19 ------- codebuild/nodejs20.yml | 23 -------- codebuild/release/prod-release.yml | 69 ----------------------- codebuild/release/publish.yml | 50 ---------------- codebuild/release/version.yml | 27 --------- codebuild/test_vectors/browser18.yml | 26 --------- codebuild/test_vectors/nodejs16.yml | 25 -------- codebuild/test_vectors/nodejs18.yml | 25 -------- codebuild/test_vectors/nodejs20.yml | 25 -------- modules/branch-keystore-node/package.json | 4 +- modules/material-management/package.json | 2 +- modules/serialize/package.json | 2 +- package-lock.json | 50 +++++++--------- package.json | 2 +- stream_mem_stress_test/package-lock.json | 12 ++-- 20 files changed, 34 insertions(+), 382 deletions(-) delete mode 100644 codebuild/browser18.yml delete mode 100644 codebuild/compliance.yml delete mode 100644 codebuild/nodejs16.yml delete mode 100644 codebuild/nodejs18.yml delete mode 100644 codebuild/nodejs20.yml delete mode 100644 codebuild/release/prod-release.yml delete mode 100644 codebuild/release/publish.yml delete mode 100644 codebuild/release/version.yml delete mode 100644 codebuild/test_vectors/browser18.yml delete mode 100644 codebuild/test_vectors/nodejs16.yml delete mode 100644 codebuild/test_vectors/nodejs18.yml delete mode 100644 codebuild/test_vectors/nodejs20.yml diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index f06333e47..eb05c10b5 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -12,4 +12,4 @@ jobs: steps: - uses: actions/checkout@v2 - name: not-grep - uses: mattsb42-meta/not-grep@1.0.0 + uses: mattsb42-meta/not-grep@1.0.1 diff --git a/.github/workflows/shared-ci.yml b/.github/workflows/shared-ci.yml index 74ef2c067..9d3e94972 100644 --- a/.github/workflows/shared-ci.yml +++ b/.github/workflows/shared-ci.yml @@ -22,7 +22,7 @@ jobs: strategy: fail-fast: false matrix: - node-version: ['18.x', '20.x', '22.x', 'latest'] + node-version: ['18.x', '20.x', '22.x', '24.x', 'latest'] test-type: ['node', 'browser'] # Determine test categories based on whether testing published packages or source code: # - Testing published packages: only run vector tests (don't have build artifacts to test coverage or compliance) diff --git a/codebuild/browser18.yml b/codebuild/browser18.yml deleted file mode 100644 index 19a17bb0d..000000000 --- a/codebuild/browser18.yml +++ /dev/null @@ -1,17 +0,0 @@ -version: 0.2 - -env: - variables: - NODE_OPTIONS: "--max-old-space-size=4096" - -phases: - install: - commands: - - n 18 - - npm ci --unsafe-perm - - npm run build - build: - commands: - - npm -v - - node -v - - npm run coverage-browser diff --git a/codebuild/compliance.yml b/codebuild/compliance.yml deleted file mode 100644 index 209f0116a..000000000 --- a/codebuild/compliance.yml +++ /dev/null @@ -1,15 +0,0 @@ -version: 0.2 - -env: - variables: - NODE_OPTIONS: "--max-old-space-size=4096" - -phases: - install: - commands: - - n 18 - - npm ci --unsafe-perm - build: - commands: - - npm run lint - - npm run test_conditions diff --git a/codebuild/nodejs16.yml b/codebuild/nodejs16.yml deleted file mode 100644 index fd7421a15..000000000 --- a/codebuild/nodejs16.yml +++ /dev/null @@ -1,19 +0,0 @@ -version: 0.2 - -env: - variables: - NODE_OPTIONS: "--max-old-space-size=4096" - -phases: - install: - commands: - - n 16 - - node -v - - npm -v - - npm ci --unsafe-perm - - npm run build - build: - commands: - - npm -v - - node -v - - npm run coverage-node diff --git a/codebuild/nodejs18.yml b/codebuild/nodejs18.yml deleted file mode 100644 index 6b43b4055..000000000 --- a/codebuild/nodejs18.yml +++ /dev/null @@ -1,19 +0,0 @@ -version: 0.2 - -env: - variables: - NODE_OPTIONS: "--max-old-space-size=4096" - -phases: - install: - commands: - - n 18 - - node -v - - npm -v - - npm ci --unsafe-perm - - npm run build - build: - commands: - - npm -v - - node -v - - npm run coverage-node diff --git a/codebuild/nodejs20.yml b/codebuild/nodejs20.yml deleted file mode 100644 index 76479dc0a..000000000 --- a/codebuild/nodejs20.yml +++ /dev/null @@ -1,23 +0,0 @@ -version: 0.2 - -env: - variables: - NODE_OPTIONS: "--max-old-space-size=4096" - -phases: - install: - commands: - - TMP_ROLE=$(aws sts assume-role --role-arn "arn:aws:iam::370957321024:role/GitHub-CI-MPL-Dafny-Role-us-west-2" --role-session-name "CB-TestVectorResources") - - export TMP_ROLE - - export AWS_ACCESS_KEY_ID=$(echo "${TMP_ROLE}" | jq -r '.Credentials.AccessKeyId') - - export AWS_SECRET_ACCESS_KEY=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SecretAccessKey') - - export AWS_SESSION_TOKEN=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SessionToken') - - aws sts get-caller-identity - - - n 20 - - node --version ; npm --version - - npm ci --unsafe-perm - - npm run build - build: - commands: - - npm run coverage-node diff --git a/codebuild/release/prod-release.yml b/codebuild/release/prod-release.yml deleted file mode 100644 index 40f574929..000000000 --- a/codebuild/release/prod-release.yml +++ /dev/null @@ -1,69 +0,0 @@ -version: 0.2 - -batch: - fast-fail: true - build-graph: - -# Lint and specification compliance - - identifier: compliance - buildspec: codebuild/compliance.yml - -# Unit Tests - - identifier: testNodejs20 - buildspec: codebuild/nodejs20.yml - env: - image: aws/codebuild/standard:5.0 - - identifier: testBrowser18 - buildspec: codebuild/browser18.yml - -# Integration Tests - - identifier: testVectorsNodejs20 - buildspec: codebuild/test_vectors/nodejs20.yml - env: - variables: - PUBLISH_LOCAL: "true" - image: aws/codebuild/standard:5.0 - - identifier: testVectorsBrowser18 - buildspec: codebuild/test_vectors/browser18.yml - env: - variables: - PUBLISH_LOCAL: "true" - image: aws/codebuild/standard:5.0 - -# Version the project and push git commits and tags - - identifier: version - depend-on: - - compliance - - testNodejs20 - - testBrowser18 - - testVectorsNodejs20 - - testVectorsBrowser18 - buildspec: codebuild/release/version.yml - env: - image: aws/codebuild/standard:6.0 - -# Publish the release to npm - - identifier: publish - depend-on: - - version - buildspec: codebuild/release/publish.yml - env: - image: aws/codebuild/standard:6.0 - -# Validate that the published versions are available - - identifier: validateNodejs - depend-on: - - publish - buildspec: codebuild/test_vectors/nodejs20.yml - env: - variables: - PUBLISH_LOCAL: "false" - image: aws/codebuild/standard:5.0 - - identifier: validateBrowser - depend-on: - - publish - buildspec: codebuild/test_vectors/browser18.yml - env: - variables: - PUBLISH_LOCAL: "false" - image: aws/codebuild/standard:5.0 diff --git a/codebuild/release/publish.yml b/codebuild/release/publish.yml deleted file mode 100644 index 3463e7b8d..000000000 --- a/codebuild/release/publish.yml +++ /dev/null @@ -1,50 +0,0 @@ -version: 0.2 - -env: - variables: - NODE_OPTIONS: "--max-old-space-size=4096" - BRANCH: "master" - # An explicit distribution tag - DIST_TAG: "latest" - secrets-manager: - OTP_SECRET_KEY: npm/aws-crypto-tools-ci-bot/2FA:OTP_SECRET_KEY - NPM_TOKEN: npm/aws-crypto-tools-ci-bot/2FA:NPM_TOKEN - -phases: - install: - commands: - - npm ci --unsafe-perm - # Install `otplib` to extract the OTP from the npm 2FA secret - - npm install otplib --no-save - - npm run build - runtime-versions: - nodejs: 16 - pre_build: - commands: - - git checkout $BRANCH - build: - commands: - # Extract the otp using the secrets environment variables from above. - # This will wait for the next token. This is because npm uses - # TOTP and the tokens time out after 30 seconds. If the process just - # extracted the token then the lifetime for this token - # would be very random. This will maximize the amount of time - # available on the OTP to publish. - - >- - OTP=`node -e " - auth=require('otplib').authenticator; - setTimeout(() => - console.log(auth.generate(process.env.OTP_SECRET_KEY)), - auth.timeRemaining() * 1000); - "` - # npm will only expand env vars inside .npmrc - # NOTE the ' this is to keep the env var NPM_TOKEN from expanding! - - echo '//registry.npmjs.org/:_authToken=${NPM_TOKEN}' > .npmrc - # Now we publish to npm. - # This is going to use the OTP generated above and the NPM_TOKEN - # environment variable. This will only publish things that are - # missing from npm. It is therefore safe to run repeatedly. - - npx lerna publish from-package --yes --otp $OTP --dist-tag $DIST_TAG - # remove after publishing - - rm .npmrc - diff --git a/codebuild/release/version.yml b/codebuild/release/version.yml deleted file mode 100644 index e5639ad1d..000000000 --- a/codebuild/release/version.yml +++ /dev/null @@ -1,27 +0,0 @@ -version: 0.2 - -env: - variables: - NODE_OPTIONS: "--max-old-space-size=4096" - BRANCH: "master" - # An explicit version bump - VERSION_BUMP: "" - git-credential-helper: yes - -phases: - install: - commands: - - npm ci --unsafe-perm - runtime-versions: - nodejs: 16 - pre_build: - commands: - - git config --global user.name "aws-crypto-tools-ci-bot" - - git config --global user.email "no-reply@noemail.local" - - git checkout $BRANCH - build: - commands: - # Generate new version and CHANGELOG entry and push it - - npx lerna version --conventional-commits --git-remote origin --yes ${VERSION_BUMP:+$VERSION_BUMP --force-publish} - # Log the commit for posterity - - git log -n 1 diff --git a/codebuild/test_vectors/browser18.yml b/codebuild/test_vectors/browser18.yml deleted file mode 100644 index 4ae2a8e97..000000000 --- a/codebuild/test_vectors/browser18.yml +++ /dev/null @@ -1,26 +0,0 @@ -version: 0.2 - -env: - variables: - NODE_OPTIONS: "--max-old-space-size=4096" - NPM_CONFIG_UNSAFE_PERM: true - -phases: - install: - commands: - - n 18 - - npm ci --unsafe-perm - - |- - if [ "$PUBLISH_LOCAL" = "true" ]; then - npm run build - fi - build: - commands: - - npm -v - - node -v - - |- - if [ "$PUBLISH_LOCAL" = "true" ]; then - npm run verdaccio-publish - fi - - npm run verdaccio-browser-decrypt - - npm run verdaccio-browser-encrypt diff --git a/codebuild/test_vectors/nodejs16.yml b/codebuild/test_vectors/nodejs16.yml deleted file mode 100644 index 42e78f246..000000000 --- a/codebuild/test_vectors/nodejs16.yml +++ /dev/null @@ -1,25 +0,0 @@ -version: 0.2 - -env: - variables: - NODE_OPTIONS: "--max-old-space-size=4096" - NPM_CONFIG_UNSAFE_PERM: true - -phases: - install: - commands: - - n 16 - - npm ci --unsafe-perm - - |- - if [ "$PUBLISH_LOCAL" = "true" ]; then - npm run build - fi - build: - commands: - - node -v - - |- - if [ "$PUBLISH_LOCAL" = "true" ]; then - npm run verdaccio-publish - fi - - npm run verdaccio-node-decrypt - - npm run verdaccio-node-encrypt diff --git a/codebuild/test_vectors/nodejs18.yml b/codebuild/test_vectors/nodejs18.yml deleted file mode 100644 index 982c2b1b7..000000000 --- a/codebuild/test_vectors/nodejs18.yml +++ /dev/null @@ -1,25 +0,0 @@ -version: 0.2 - -env: - variables: - NODE_OPTIONS: "--max-old-space-size=4096" - NPM_CONFIG_UNSAFE_PERM: true - -phases: - install: - commands: - - n 18 - - npm ci --unsafe-perm - - |- - if [ "$PUBLISH_LOCAL" = "true" ]; then - npm run build - fi - build: - commands: - - node -v - - |- - if [ "$PUBLISH_LOCAL" = "true" ]; then - npm run verdaccio-publish - fi - - npm run verdaccio-node-decrypt - - npm run verdaccio-node-encrypt diff --git a/codebuild/test_vectors/nodejs20.yml b/codebuild/test_vectors/nodejs20.yml deleted file mode 100644 index 3a2657beb..000000000 --- a/codebuild/test_vectors/nodejs20.yml +++ /dev/null @@ -1,25 +0,0 @@ -version: 0.2 - -env: - variables: - NODE_OPTIONS: "--max-old-space-size=4096" - NPM_CONFIG_UNSAFE_PERM: true - -phases: - install: - commands: - - n 20 - - npm ci --unsafe-perm - - |- - if [ "$PUBLISH_LOCAL" = "true" ]; then - npm run build - fi - build: - commands: - - node -v - - |- - if [ "$PUBLISH_LOCAL" = "true" ]; then - npm run verdaccio-publish - fi - - npm run verdaccio-node-decrypt - - npm run verdaccio-node-encrypt diff --git a/modules/branch-keystore-node/package.json b/modules/branch-keystore-node/package.json index 2dfce2519..da563dcd2 100644 --- a/modules/branch-keystore-node/package.json +++ b/modules/branch-keystore-node/package.json @@ -21,8 +21,10 @@ "dependencies": { "@aws-crypto/kms-keyring": "file:../kms-keyring", "@aws-sdk/client-dynamodb": "^3.616.0", + "@aws-sdk/client-kms": "^3.616.0", "@aws-sdk/util-dynamodb": "^3.616.0", - "tslib": "^2.2.0" + "tslib": "^2.2.0", + "uuid": "^9.0.0" }, "sideEffects": false, "main": "./build/main/src/index.js", diff --git a/modules/material-management/package.json b/modules/material-management/package.json index 00e72b2c2..bf11aa108 100644 --- a/modules/material-management/package.json +++ b/modules/material-management/package.json @@ -19,7 +19,7 @@ "license": "Apache-2.0", "dependencies": { "asn1.js": "^5.3.0", - "bn.js": "^5.1.1", + "bn.js": "^5.2.3", "tslib": "^2.2.0", "uuid": "^10.0.0" }, diff --git a/modules/serialize/package.json b/modules/serialize/package.json index f1211b3c3..e41f92ef9 100644 --- a/modules/serialize/package.json +++ b/modules/serialize/package.json @@ -19,7 +19,7 @@ "dependencies": { "@aws-crypto/material-management": "file:../material-management", "asn1.js": "^5.3.0", - "bn.js": "^5.1.1", + "bn.js": "^5.2.3", "tslib": "^2.2.0", "uuid": "^10.0.0" }, diff --git a/package-lock.json b/package-lock.json index 16310b417..09cf950de 100644 --- a/package-lock.json +++ b/package-lock.json @@ -48,7 +48,7 @@ "@aws-sdk/credential-provider-node": "^3.362.0", "@aws-sdk/util-base64": "^3.374.0", "@jsdevtools/coverage-istanbul-loader": "^3.0.5", - "@types/bn.js": "^5.1.0", + "@types/bn.js": "^5.2.0", "@types/chai": "^4.2.12", "@types/chai-as-promised": "^7.1.3", "@types/from2": "^2.3.0", @@ -98,8 +98,10 @@ "dependencies": { "@aws-crypto/kms-keyring": "file:../kms-keyring", "@aws-sdk/client-dynamodb": "^3.616.0", + "@aws-sdk/client-kms": "^3.616.0", "@aws-sdk/util-dynamodb": "^3.616.0", - "tslib": "^2.2.0" + "tslib": "^2.2.0", + "uuid": "^9.0.0" } }, "modules/cache-material": { @@ -567,7 +569,7 @@ "license": "Apache-2.0", "dependencies": { "asn1.js": "^5.3.0", - "bn.js": "^5.1.1", + "bn.js": "^5.2.3", "tslib": "^2.2.0", "uuid": "^10.0.0" } @@ -597,8 +599,9 @@ } }, "modules/material-management/node_modules/bn.js": { - "version": "5.2.1", - "license": "MIT" + "version": "5.2.3", + "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-5.2.3.tgz", + "integrity": "sha512-EAcmnPkxpntVL+DS7bO1zhcZNvCkxqtkd0ZY53h06GNQ3DEkkGZ/gKgmDv6DdZQGj9BgfSPKtJJ7Dp1GPP8f7w==" }, "modules/material-management/node_modules/uuid": { "version": "10.0.0", @@ -685,14 +688,15 @@ "dependencies": { "@aws-crypto/material-management": "file:../material-management", "asn1.js": "^5.3.0", - "bn.js": "^5.1.1", + "bn.js": "^5.2.3", "tslib": "^2.2.0", "uuid": "^10.0.0" } }, "modules/serialize/node_modules/bn.js": { - "version": "5.2.1", - "license": "MIT" + "version": "5.2.3", + "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-5.2.3.tgz", + "integrity": "sha512-EAcmnPkxpntVL+DS7bO1zhcZNvCkxqtkd0ZY53h06GNQ3DEkkGZ/gKgmDv6DdZQGj9BgfSPKtJJ7Dp1GPP8f7w==" }, "modules/serialize/node_modules/uuid": { "version": "10.0.0", @@ -711,23 +715,11 @@ "version": "4.0.1", "license": "Apache-2.0", "dependencies": { - "@aws-crypto/ie11-detection": "4.0.0", "@aws-crypto/supports-web-crypto": "5.2.0", "@aws-sdk/util-locate-window": "3.310.0", "tslib": "^2.2.0" } }, - "modules/web-crypto-backend/node_modules/@aws-crypto/ie11-detection": { - "version": "4.0.0", - "license": "Apache-2.0", - "dependencies": { - "tslib": "^1.11.1" - } - }, - "modules/web-crypto-backend/node_modules/@aws-crypto/ie11-detection/node_modules/tslib": { - "version": "1.14.1", - "license": "0BSD" - }, "modules/web-crypto-backend/node_modules/@aws-sdk/util-locate-window": { "version": "3.310.0", "license": "Apache-2.0", @@ -5174,11 +5166,10 @@ } }, "node_modules/@types/bn.js": { - "version": "5.1.5", - "resolved": "https://registry.npmjs.org/@types/bn.js/-/bn.js-5.1.5.tgz", - "integrity": "sha512-V46N0zwKRF5Q00AZ6hWtN0T8gGmDUaUzLWQvHFo5yThtVwK/VCenFY3wXVbOvNfajEpsTfQM4IN9k/d6gUVX3A==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@types/bn.js/-/bn.js-5.2.0.tgz", + "integrity": "sha512-DLbJ1BPqxvQhIGbeu8VbUC1DiAiahHtAYvA0ZEAa4P31F7IaArc8z3C3BRQdWX4mtLQuABG4yzp76ZrS02Ui1Q==", "dev": true, - "license": "MIT", "dependencies": { "@types/node": "*" } @@ -6863,7 +6854,7 @@ "integrity": "sha512-+I//4cYPccV8LdmBLiX8CYvf9Sp3vQsrqu2QNXRcrbiWvcx/UdlFiqUJJzxRQxgsZmvhXhn4cSKeSmoFjVdupA==", "license": "MIT", "dependencies": { - "bn.js": "^4.0.0", + "bn.js": "^4.12.3", "inherits": "^2.0.1", "minimalistic-assert": "^1.0.0", "safer-buffer": "^2.1.0" @@ -7168,10 +7159,9 @@ } }, "node_modules/bn.js": { - "version": "4.12.0", - "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz", - "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==", - "license": "MIT" + "version": "4.12.3", + "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.3.tgz", + "integrity": "sha512-fGTi3gxV/23FTYdAoUtLYp6qySe2KE3teyZitipKNRuVYcBkoP/bB3guXN/XVKUe9mxCHXnc9C4ocyz8OmgN0g==" }, "node_modules/body-parser": { "version": "1.20.3", @@ -9131,7 +9121,7 @@ "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.6.1.tgz", "integrity": "sha512-RaddvvMatK2LJHqFJ+YA4WysVN5Ita9E35botqIYspQ4TkRAlCicdzKOjlyv/1Za5RyTNn7di//eEV0uTAfe3g==", "dependencies": { - "bn.js": "^4.11.9", + "bn.js": "^4.12.3", "brorand": "^1.1.0", "hash.js": "^1.0.0", "hmac-drbg": "^1.0.1", diff --git a/package.json b/package.json index d90e57b09..f65d4de7a 100644 --- a/package.json +++ b/package.json @@ -102,7 +102,7 @@ "@aws-sdk/credential-provider-node": "^3.362.0", "@aws-sdk/util-base64": "^3.374.0", "@jsdevtools/coverage-istanbul-loader": "^3.0.5", - "@types/bn.js": "^5.1.0", + "@types/bn.js": "^5.2.0", "@types/chai": "^4.2.12", "@types/chai-as-promised": "^7.1.3", "@types/from2": "^2.3.0", diff --git a/stream_mem_stress_test/package-lock.json b/stream_mem_stress_test/package-lock.json index aff90328a..5ab1226df 100644 --- a/stream_mem_stress_test/package-lock.json +++ b/stream_mem_stress_test/package-lock.json @@ -116,7 +116,7 @@ "integrity": "sha512-bkxu2wr+Wk2KXpN/mDaGFbx2j5UoqqACAEecWzTpP8XafW9z8rzdVqtDp/3hUeytXrS0w+UwFtZQw1A946C5Ow==", "dependencies": { "asn1.js": "^5.3.0", - "bn.js": "^5.1.1", + "bn.js": "^5.2.3", "tslib": "^2.2.0" } }, @@ -169,7 +169,7 @@ "dependencies": { "@aws-crypto/material-management": "^3.1.0", "asn1.js": "^5.3.0", - "bn.js": "^5.1.1", + "bn.js": "^5.2.3", "tslib": "^2.2.0" } }, @@ -371,7 +371,7 @@ "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-5.4.1.tgz", "integrity": "sha512-+I//4cYPccV8LdmBLiX8CYvf9Sp3vQsrqu2QNXRcrbiWvcx/UdlFiqUJJzxRQxgsZmvhXhn4cSKeSmoFjVdupA==", "dependencies": { - "bn.js": "^4.0.0", + "bn.js": "^5.2.3", "inherits": "^2.0.1", "minimalistic-assert": "^1.0.0", "safer-buffer": "^2.1.0" @@ -1581,7 +1581,7 @@ "integrity": "sha512-bkxu2wr+Wk2KXpN/mDaGFbx2j5UoqqACAEecWzTpP8XafW9z8rzdVqtDp/3hUeytXrS0w+UwFtZQw1A946C5Ow==", "requires": { "asn1.js": "^5.3.0", - "bn.js": "^5.1.1", + "bn.js": "^5.2.3", "tslib": "^2.2.0" } }, @@ -1634,7 +1634,7 @@ "requires": { "@aws-crypto/material-management": "^3.1.0", "asn1.js": "^5.3.0", - "bn.js": "^5.1.1", + "bn.js": "^5.2.3", "tslib": "^2.2.0" } }, @@ -1818,7 +1818,7 @@ "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-5.4.1.tgz", "integrity": "sha512-+I//4cYPccV8LdmBLiX8CYvf9Sp3vQsrqu2QNXRcrbiWvcx/UdlFiqUJJzxRQxgsZmvhXhn4cSKeSmoFjVdupA==", "requires": { - "bn.js": "^4.0.0", + "bn.js": "^4.12.3", "inherits": "^2.0.1", "minimalistic-assert": "^1.0.0", "safer-buffer": "^2.1.0" From 7d6902e9f80e09434b2b901cf3317e056d872167 Mon Sep 17 00:00:00 2001 From: Kess Plasmeier Date: Wed, 4 Mar 2026 11:36:16 -0800 Subject: [PATCH 2/2] Revert "feat!: Drop IE11 (#1625)" This reverts commit 959e87f997a712dc18e2402aeec77da87a1400d6. --- modules/web-crypto-backend/package.json | 1 + .../web-crypto-backend/src/backend-factory.ts | 3 + .../src/promisify-ms-crypto.ts | 38 +++++ .../src/synchronous_random_values.ts | 5 + modules/web-crypto-backend/test/fixtures.ts | 149 +++++++++++++++++- .../test/promisify-ms-crypto.test.ts | 36 +++++ .../test/synchronous_random_values.test.ts | 12 +- package-lock.json | 12 ++ 8 files changed, 249 insertions(+), 7 deletions(-) create mode 100644 modules/web-crypto-backend/src/promisify-ms-crypto.ts create mode 100644 modules/web-crypto-backend/test/promisify-ms-crypto.test.ts diff --git a/modules/web-crypto-backend/package.json b/modules/web-crypto-backend/package.json index 38b70346f..9bb91371a 100644 --- a/modules/web-crypto-backend/package.json +++ b/modules/web-crypto-backend/package.json @@ -19,6 +19,7 @@ }, "license": "Apache-2.0", "dependencies": { + "@aws-crypto/ie11-detection": "4.0.0", "@aws-crypto/supports-web-crypto": "5.2.0", "@aws-sdk/util-locate-window": "3.310.0", "tslib": "^2.2.0" diff --git a/modules/web-crypto-backend/src/backend-factory.ts b/modules/web-crypto-backend/src/backend-factory.ts index df843a86a..289dd8a58 100644 --- a/modules/web-crypto-backend/src/backend-factory.ts +++ b/modules/web-crypto-backend/src/backend-factory.ts @@ -1,12 +1,14 @@ // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 +import { isMsWindow } from '@aws-crypto/ie11-detection' import { supportsWebCrypto, supportsSubtleCrypto, supportsZeroByteGCM, } from '@aws-crypto/supports-web-crypto' import { generateSynchronousRandomValues } from './synchronous_random_values' +import promisifyMsSubtleCrypto from './promisify-ms-crypto' type MaybeSubtleCrypto = SubtleCrypto | false export type WebCryptoBackend = @@ -138,6 +140,7 @@ export function pluckSubtleCrypto(window: Window): MaybeSubtleCrypto { // if needed webkitSubtle check should be added here // see: https://webkit.org/blog/7790/update-on-web-cryptography/ if (supportsWebCrypto(window)) return window.crypto.subtle + if (isMsWindow(window)) return promisifyMsSubtleCrypto(window.msCrypto.subtle) return false } diff --git a/modules/web-crypto-backend/src/promisify-ms-crypto.ts b/modules/web-crypto-backend/src/promisify-ms-crypto.ts new file mode 100644 index 000000000..4c17e629f --- /dev/null +++ b/modules/web-crypto-backend/src/promisify-ms-crypto.ts @@ -0,0 +1,38 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +import { MsSubtleCrypto } from '@aws-crypto/ie11-detection' + +type MsSubtleFunctions = keyof MsSubtleCrypto + +export default function promisifyMsSubtleCrypto(backend: MsSubtleCrypto) { + const usages: MsSubtleFunctions[] = [ + 'decrypt', + 'digest', + 'encrypt', + 'exportKey', + 'generateKey', + 'importKey', + 'sign', + 'verify', + ] + const decorateUsage = (fakeBackend: any, usage: MsSubtleFunctions) => + decorate(backend, fakeBackend, usage) + return usages.reduce(decorateUsage, {}) as SubtleCrypto +} + +function decorate( + subtle: MsSubtleCrypto, + fakeBackend: any, + name: MsSubtleFunctions +) { + fakeBackend[name] = async (...args: any[]) => { + return new Promise((resolve, reject) => { + // @ts-ignore + const operation = subtle[name](...args) + operation.oncomplete = () => resolve(operation.result) + operation.onerror = reject + }) + } + return fakeBackend +} diff --git a/modules/web-crypto-backend/src/synchronous_random_values.ts b/modules/web-crypto-backend/src/synchronous_random_values.ts index 86cfdba3e..0a0147c06 100644 --- a/modules/web-crypto-backend/src/synchronous_random_values.ts +++ b/modules/web-crypto-backend/src/synchronous_random_values.ts @@ -1,6 +1,7 @@ // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 +import { isMsWindow } from '@aws-crypto/ie11-detection' import { supportsSecureRandom } from '@aws-crypto/supports-web-crypto' import { locateWindow } from '@aws-sdk/util-locate-window' @@ -18,6 +19,10 @@ export function generateSynchronousRandomValues( return function synchronousRandomValues(byteLength: number): Uint8Array { if (supportsSecureRandom(globalScope)) { return globalScope.crypto.getRandomValues(new Uint8Array(byteLength)) + } else if (isMsWindow(globalScope)) { + const values = new Uint8Array(byteLength) + globalScope.msCrypto.getRandomValues(values) + return values } throw new Error(`Unable to locate a secure random source.`) diff --git a/modules/web-crypto-backend/test/fixtures.ts b/modules/web-crypto-backend/test/fixtures.ts index cc51f9fea..edddc884f 100644 --- a/modules/web-crypto-backend/test/fixtures.ts +++ b/modules/web-crypto-backend/test/fixtures.ts @@ -3,12 +3,7 @@ export const fakeWindowWebCryptoSupportsZeroByteGCM: Window = { crypto: { - getRandomValues: (array: Uint8Array) => { - for (let i = 0; i < array.length; i++) { - array[i] = Math.floor(Math.random() * 256) - } - return array - }, + getRandomValues: () => {}, subtle: { async decrypt() { return {} as any @@ -147,3 +142,145 @@ export const subtleFallbackZeroByteEncryptFail = { } as any export const subtleFallbackNoWebCrypto = {} as any + +export const fakeWindowIE11OnComplete = { + msCrypto: { + getRandomValues: (values: Uint8Array) => { + return values.fill(1) + }, + subtle: { + decrypt() { + const obj = {} as any + setTimeout(() => { + obj.result = true + obj.oncomplete() + }) + return obj + }, + digest() { + const obj = {} as any + setTimeout(() => { + obj.result = true + obj.oncomplete() + }) + return obj + }, + encrypt() { + const obj = {} as any + setTimeout(() => { + obj.result = true + obj.oncomplete() + }) + return obj + }, + exportKey() { + const obj = {} as any + setTimeout(() => { + obj.result = true + obj.oncomplete() + }) + return obj + }, + generateKey() { + const obj = {} as any + setTimeout(() => { + obj.result = true + obj.oncomplete() + }) + return obj + }, + importKey() { + const obj = {} as any + setTimeout(() => { + obj.result = true + obj.oncomplete() + }) + return obj + }, + sign() { + const obj = {} as any + setTimeout(() => { + obj.result = true + obj.oncomplete() + }) + return obj + }, + verify() { + const obj = {} as any + setTimeout(() => { + obj.result = true + obj.oncomplete() + }) + return obj + }, + }, + }, + MSInputMethodContext: {} as any, +} as any + +export const fakeWindowIE11OnError = { + msCrypto: { + getRandomValues: (values: Uint8Array) => { + return values.fill(1) + }, + subtle: { + decrypt() { + const obj = {} as any + setTimeout(() => { + obj.onerror(new Error('stub error')) + }) + return obj + }, + digest() { + const obj = {} as any + setTimeout(() => { + obj.onerror(new Error('stub error')) + }) + return obj + }, + encrypt() { + const obj = {} as any + setTimeout(() => { + obj.onerror(new Error('stub error')) + }) + return obj + }, + exportKey() { + const obj = {} as any + setTimeout(() => { + obj.onerror(new Error('stub error')) + }) + return obj + }, + generateKey() { + const obj = {} as any + setTimeout(() => { + obj.onerror(new Error('stub error')) + }) + return obj + }, + importKey() { + const obj = {} as any + setTimeout(() => { + obj.onerror(new Error('stub error')) + }) + return obj + }, + sign() { + const obj = {} as any + setTimeout(() => { + obj.onerror(new Error('stub error')) + }) + return obj + }, + verify() { + const obj = {} as any + setTimeout(() => { + obj.onerror(new Error('stub error')) + }) + return obj + }, + }, + }, + MSInputMethodContext: {} as any, +} as any diff --git a/modules/web-crypto-backend/test/promisify-ms-crypto.test.ts b/modules/web-crypto-backend/test/promisify-ms-crypto.test.ts new file mode 100644 index 000000000..7c420478f --- /dev/null +++ b/modules/web-crypto-backend/test/promisify-ms-crypto.test.ts @@ -0,0 +1,36 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/* eslint-env mocha */ + +import * as chai from 'chai' +import chaiAsPromised from 'chai-as-promised' +import promisifyMsSubtleCrypto from '../src/promisify-ms-crypto' +import * as fixtures from './fixtures' + +chai.use(chaiAsPromised) +const { expect } = chai + +/* These tests are very simple + * I am not testing every subtle function + * because the promisify code is all the same. + */ +describe('promisifyMsSubtleCrypto', () => { + const backendComplete = promisifyMsSubtleCrypto( + fixtures.fakeWindowIE11OnComplete.msCrypto.subtle + ) + const backendError = promisifyMsSubtleCrypto( + fixtures.fakeWindowIE11OnError.msCrypto.subtle + ) + + it('backendComplete:decrypt', async () => { + // @ts-ignore These methods are stubs, ignore ts errors + const test = await backendComplete.decrypt() + expect(test).to.equal(true) + }) + + it('backendError:decrypt', async () => { + // @ts-ignore These methods are stubs, ignore ts errors + await expect(backendError.decrypt()).to.rejectedWith(Error) + }) +}) diff --git a/modules/web-crypto-backend/test/synchronous_random_values.test.ts b/modules/web-crypto-backend/test/synchronous_random_values.test.ts index 8e3a06bf9..1c8d52456 100644 --- a/modules/web-crypto-backend/test/synchronous_random_values.test.ts +++ b/modules/web-crypto-backend/test/synchronous_random_values.test.ts @@ -5,15 +5,25 @@ import { expect } from 'chai' import { generateSynchronousRandomValues } from '../src/synchronous_random_values' +import { synchronousRandomValues } from '../src/index' import * as fixtures from './fixtures' describe('synchronousRandomValues', () => { it('should return random values', () => { + const test = synchronousRandomValues(5) + expect(test).to.be.instanceOf(Uint8Array) + expect(test).lengthOf(5) + }) + + it('should return msCrypto random values', () => { const synchronousRandomValues = generateSynchronousRandomValues( - fixtures.fakeWindowWebCryptoSupportsZeroByteGCM + fixtures.fakeWindowIE11OnComplete ) + const test = synchronousRandomValues(5) expect(test).to.be.instanceOf(Uint8Array) expect(test).lengthOf(5) + // The random is a stub, so I know the value + expect(test).to.deep.equal(new Uint8Array(5).fill(1)) }) }) diff --git a/package-lock.json b/package-lock.json index 09cf950de..419adf3fc 100644 --- a/package-lock.json +++ b/package-lock.json @@ -715,11 +715,23 @@ "version": "4.0.1", "license": "Apache-2.0", "dependencies": { + "@aws-crypto/ie11-detection": "4.0.0", "@aws-crypto/supports-web-crypto": "5.2.0", "@aws-sdk/util-locate-window": "3.310.0", "tslib": "^2.2.0" } }, + "modules/web-crypto-backend/node_modules/@aws-crypto/ie11-detection": { + "version": "4.0.0", + "license": "Apache-2.0", + "dependencies": { + "tslib": "^1.11.1" + } + }, + "modules/web-crypto-backend/node_modules/@aws-crypto/ie11-detection/node_modules/tslib": { + "version": "1.14.1", + "license": "0BSD" + }, "modules/web-crypto-backend/node_modules/@aws-sdk/util-locate-window": { "version": "3.310.0", "license": "Apache-2.0",