Adding ability to chose dataEncoding for publicKeyFingerPrint when doing JWE encryption

rossphelan · rossphelan · commit a4c599468bdc · 2022-07-14T16:21:06.000+01:00
Removing duplicate code
diff --git a/README.md b/README.md
@@ -290,7 +290,7 @@ const config = {
   ],
   mode: "JWE",
   encryptedValueFieldName: "encryptedData",
-  publicKeyFingerprintType: "certificate",
+  publicKeyFingerprintType: "publicKey",
   encryptionCertificate: "./path/to/public.cert",
   privateKey: "./path/to/your/private.key",
 };
@@ -394,7 +394,7 @@ const config = {
   ],
   mode: "JWE",
   encryptedValueFieldName: "encryptedData",
-  publicKeyFingerprintType: "certificate",
+  publicKeyFingerprintType: "publicKey",
   encryptionCertificate: "./path/to/public.cert",
   privateKey: "./path/to/your/private.key",
 };
@@ -443,7 +443,7 @@ const config = {
   ],
   mode: "JWE",
   encryptedValueFieldName: "encryptedData",
-  publicKeyFingerprintType: "certificate",
+  publicKeyFingerprintType: "publicKey",
   encryptionCertificate: "./path/to/public.cert",
   privateKey: "./path/to/your/private.key",
 };
diff --git a/lib/mcapi/crypto/jwe-crypto.js b/lib/mcapi/crypto/jwe-crypto.js
@@ -205,7 +205,7 @@ function computePublicFingerprint(config, encryptionCertificate) {
     return utils.computePublicFingerprint(
       config,
       forge.pki.certificateFromPem(encryptionCertificate),
-      c.BASE64
+      config.dataEncoding
     );
   } else {
     return null;
@@ -232,14 +232,25 @@ function isValidConfig(config) {
  */
 function validateFingerprint(config, contains) {
   const propertiesFingerprint = ["publicKeyFingerprintType"];
+  const propertiesOptionalDataEncoding = ["dataEncoding"];
   const propertiesOptionalFingerprint = ["publicKeyFingerprint"];
   if (
     !contains(propertiesOptionalFingerprint) &&
     config[propertiesFingerprint[0]] !== "certificate" &&
     config[propertiesFingerprint[0]] !== "publicKey"
   ) {
     throw Error(
-      "Config not valid: propertiesFingerprint should be: 'certificate' or 'publicKey'"
+      "Config not valid: publicKeyFingerprintType should be: 'certificate' or 'publicKey'"
+    );
+  }
+  if (
+    !contains(propertiesOptionalFingerprint) &&
+    config[propertiesFingerprint[0]] === "certificate" &&
+    !(config[propertiesOptionalDataEncoding[0]] === c.BASE64 ||
+    config[propertiesOptionalDataEncoding[0]] === c.HEX)
+  ) {
+    throw Error(
+      "Config not valid: if publicKeyFingerprintType is 'certificate' dataEncoding must be either 'base64' or 'hex'"
     );
   }
 }
diff --git a/lib/mcapi/encryption/field-level-encryption.js b/lib/mcapi/encryption/field-level-encryption.js
@@ -103,14 +103,7 @@ function encryptBody(path, body) {
   const elem = utils.elemFromPath(path.element, body);
   if (elem && elem.node) {
     const encryptedData = this.crypto.encryptData({ data: elem.node });
-    body = utils.mutateObjectProperty(path.obj, encryptedData, body);
-    // delete encrypted field if not overridden
-    if (
-      !utils.isJsonRoot(path.obj) &&
-      path.element !== path.obj + "." + this.config.encryptedValueFieldName
-    ) {
-      utils.deleteNode(path.element, body);
-    }
+    body = utils.addEncryptedDataToBody(encryptedData, path, this.config.encryptedValueFieldName, body);
   }
   return body;
 }
diff --git a/lib/mcapi/encryption/jwe-encryption.js b/lib/mcapi/encryption/jwe-encryption.js
@@ -67,14 +67,7 @@ function encryptBody(path, body) {
   const elem = utils.elemFromPath(path.element, body);
   if (elem && elem.node) {
     const encryptedData = this.crypto.encryptData({ data: elem.node });
-    body = utils.mutateObjectProperty(path.obj, encryptedData, body);
-    // delete encrypted field if not overridden
-    if (
-      !utils.isJsonRoot(path.obj) &&
-      path.element !== path.obj + "." + this.config.encryptedValueFieldName
-    ) {
-      utils.deleteNode(path.element, body);
-    }
+    body = utils.addEncryptedDataToBody(encryptedData, path, this.config.encryptedValueFieldName, body);
   }
   return body;
 }
diff --git a/lib/mcapi/utils/utils.js b/lib/mcapi/utils/utils.js
@@ -415,5 +415,17 @@ function hasEncryptionParam(encParams, bodyMap) {
   return encParams && encParams.length === 1 && bodyMap && bodyMap[0];
 }
 
+module.exports.addEncryptedDataToBody = function(encryptedData, path, encryptedValueFieldName, body) {
+  body = this.mutateObjectProperty(path.obj, encryptedData, body);
+  if (
+    !isJsonRoot(path.obj) &&
+    path.element !== path.obj + "." + encryptedValueFieldName
+  ) {
+    this.deleteNode(path.element, body);
+  }
+  return body;
+};
+
+
 
 
diff --git a/test/jwe-crypto.test.js b/test/jwe-crypto.test.js
@@ -92,7 +92,7 @@ describe("JWE Crypto", () => {
       delete config["publicKeyFingerprintType"];
       assert.throws(
         () => new Crypto(config),
-        /Config not valid: propertiesFingerprint should be: 'certificate' or 'publicKey'/
+        /Config not valid: publicKeyFingerprintType should be: 'certificate' or 'publicKey'/
       );
     });
 
@@ -108,16 +108,34 @@ describe("JWE Crypto", () => {
       config.publicKeyFingerprintType = "foobar";
       assert.throws(
         () => new Crypto(config),
-        /Config not valid: propertiesFingerprint should be: 'certificate' or 'publicKey'/
+        /Config not valid: publicKeyFingerprintType should be: 'certificate' or 'publicKey'/
       );
     });
 
-    it("with right publicKeyFingerprintType: certificate", () => {
+    it("with right publicKeyFingerprintType: certificate and dataEncoding: base64", () => {
       const config = JSON.parse(JSON.stringify(testConfig));
       config.publicKeyFingerprintType = "certificate";
+      config.dataEncoding = "base64";
       assert.doesNotThrow(() => new Crypto(config));
     });
 
+    it("with right publicKeyFingerprintType: certificate and dataEncoding: hex", () => {
+      const config = JSON.parse(JSON.stringify(testConfig));
+      config.publicKeyFingerprintType = "certificate";
+      config.dataEncoding = "hex";
+      assert.doesNotThrow(() => new Crypto(config));
+    });
+
+    it("with right publicKeyFingerprintType: certificate and dataEncoding: null", () => {
+      const config = JSON.parse(JSON.stringify(testConfig));
+      config.publicKeyFingerprintType = "certificate";
+      delete config["dataEncoding"];
+      assert.throws(
+        () => new Crypto(config),
+        /Config not valid: if publicKeyFingerprintType is 'certificate' dataEncoding must be either 'base64' or 'hex'/
+      );
+    });
+
     it("with right publicKeyFingerprintType: publicKey", () => {
       const config = JSON.parse(JSON.stringify(testConfig));
       config.publicKeyFingerprintType = "publicKey";
diff --git a/test/mock/jwe-config.js b/test/mock/jwe-config.js
@@ -64,6 +64,7 @@ module.exports = {
   mode: "JWE",
   encryptedValueFieldName: "encryptedData",
   publicKeyFingerprintType: "certificate",
+  dataEncoding: "base64",
   encryptionCertificate: "./test/res/test_certificate.cert",
   privateKey: "./test/res/test_key.der",
 };
