diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index f06333e47..36aa1186f 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -11,5 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 + - name: Upgrade setuptools + run: python -m pip install "setuptools<81" - name: not-grep uses: mattsb42-meta/not-grep@1.0.0 diff --git a/.github/workflows/shared-ci.yml b/.github/workflows/shared-ci.yml index 74ef2c067..f4d2d315e 100644 --- a/.github/workflows/shared-ci.yml +++ b/.github/workflows/shared-ci.yml @@ -22,7 +22,7 @@ jobs: strategy: fail-fast: false matrix: - node-version: ['18.x', '20.x', '22.x', 'latest'] + node-version: ['22.x', 'latest'] test-type: ['node', 'browser'] # Determine test categories based on whether testing published packages or source code: # - Testing published packages: only run vector tests (don't have build artifacts to test coverage or compliance) diff --git a/buildspec.yml b/buildspec.yml index 3f8d21987..c4ce35eaf 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -3,22 +3,10 @@ version: 0.2 batch: fast-fail: false build-list: - - identifier: testNodejs20 - buildspec: codebuild/nodejs20.yml - env: - image: aws/codebuild/standard:5.0 - - identifier: testNodejs18 - buildspec: codebuild/nodejs18.yml - env: - image: aws/codebuild/standard:5.0 - identifier: testNodejs16 buildspec: codebuild/nodejs16.yml env: image: aws/codebuild/standard:5.0 - - identifier: testBrowser18 - buildspec: codebuild/browser18.yml - env: - image: aws/codebuild/standard:5.0 - identifier: compliance buildspec: codebuild/compliance.yml env: @@ -29,21 +17,3 @@ batch: variables: PUBLISH_LOCAL: "true" image: aws/codebuild/standard:5.0 - - identifier: testVectorsNodejs18 - buildspec: codebuild/test_vectors/nodejs18.yml - env: - variables: - PUBLISH_LOCAL: "true" - image: aws/codebuild/standard:5.0 - - identifier: testVectorsNodejs20 - buildspec: codebuild/test_vectors/nodejs20.yml - env: - variables: - PUBLISH_LOCAL: "true" - image: aws/codebuild/standard:5.0 - - identifier: testVectorsBrowser18 - buildspec: codebuild/test_vectors/browser18.yml - env: - variables: - PUBLISH_LOCAL: "true" - image: aws/codebuild/standard:5.0 diff --git a/codebuild/browser18.yml b/codebuild/browser18.yml deleted file mode 100644 index 19a17bb0d..000000000 --- a/codebuild/browser18.yml +++ /dev/null @@ -1,17 +0,0 @@ -version: 0.2 - -env: - variables: - NODE_OPTIONS: "--max-old-space-size=4096" - -phases: - install: - commands: - - n 18 - - npm ci --unsafe-perm - - npm run build - build: - commands: - - npm -v - - node -v - - npm run coverage-browser diff --git a/codebuild/nodejs18.yml b/codebuild/nodejs18.yml deleted file mode 100644 index 6b43b4055..000000000 --- a/codebuild/nodejs18.yml +++ /dev/null @@ -1,19 +0,0 @@ -version: 0.2 - -env: - variables: - NODE_OPTIONS: "--max-old-space-size=4096" - -phases: - install: - commands: - - n 18 - - node -v - - npm -v - - npm ci --unsafe-perm - - npm run build - build: - commands: - - npm -v - - node -v - - npm run coverage-node diff --git a/codebuild/nodejs20.yml b/codebuild/nodejs20.yml deleted file mode 100644 index 76479dc0a..000000000 --- a/codebuild/nodejs20.yml +++ /dev/null @@ -1,23 +0,0 @@ -version: 0.2 - -env: - variables: - NODE_OPTIONS: "--max-old-space-size=4096" - -phases: - install: - commands: - - TMP_ROLE=$(aws sts assume-role --role-arn "arn:aws:iam::370957321024:role/GitHub-CI-MPL-Dafny-Role-us-west-2" --role-session-name "CB-TestVectorResources") - - export TMP_ROLE - - export AWS_ACCESS_KEY_ID=$(echo "${TMP_ROLE}" | jq -r '.Credentials.AccessKeyId') - - export AWS_SECRET_ACCESS_KEY=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SecretAccessKey') - - export AWS_SESSION_TOKEN=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SessionToken') - - aws sts get-caller-identity - - - n 20 - - node --version ; npm --version - - npm ci --unsafe-perm - - npm run build - build: - commands: - - npm run coverage-node diff --git a/codebuild/release/prod-release.yml b/codebuild/release/prod-release.yml index 40f574929..e8e41c052 100644 --- a/codebuild/release/prod-release.yml +++ b/codebuild/release/prod-release.yml @@ -9,22 +9,14 @@ batch: buildspec: codebuild/compliance.yml # Unit Tests - - identifier: testNodejs20 - buildspec: codebuild/nodejs20.yml + - identifier: testNodejs16 + buildspec: codebuild/nodejs16.yml env: image: aws/codebuild/standard:5.0 - - identifier: testBrowser18 - buildspec: codebuild/browser18.yml # Integration Tests - - identifier: testVectorsNodejs20 - buildspec: codebuild/test_vectors/nodejs20.yml - env: - variables: - PUBLISH_LOCAL: "true" - image: aws/codebuild/standard:5.0 - - identifier: testVectorsBrowser18 - buildspec: codebuild/test_vectors/browser18.yml + - identifier: testVectorsNodejs16 + buildspec: codebuild/test_vectors/nodejs16.yml env: variables: PUBLISH_LOCAL: "true" @@ -34,10 +26,8 @@ batch: - identifier: version depend-on: - compliance - - testNodejs20 - - testBrowser18 - - testVectorsNodejs20 - - testVectorsBrowser18 + - testNodejs16 + - testVectorsNodejs16 buildspec: codebuild/release/version.yml env: image: aws/codebuild/standard:6.0 @@ -54,15 +44,7 @@ batch: - identifier: validateNodejs depend-on: - publish - buildspec: codebuild/test_vectors/nodejs20.yml - env: - variables: - PUBLISH_LOCAL: "false" - image: aws/codebuild/standard:5.0 - - identifier: validateBrowser - depend-on: - - publish - buildspec: codebuild/test_vectors/browser18.yml + buildspec: codebuild/test_vectors/nodejs16.yml env: variables: PUBLISH_LOCAL: "false" diff --git a/codebuild/test_vectors/browser18.yml b/codebuild/test_vectors/browser18.yml deleted file mode 100644 index 4ae2a8e97..000000000 --- a/codebuild/test_vectors/browser18.yml +++ /dev/null @@ -1,26 +0,0 @@ -version: 0.2 - -env: - variables: - NODE_OPTIONS: "--max-old-space-size=4096" - NPM_CONFIG_UNSAFE_PERM: true - -phases: - install: - commands: - - n 18 - - npm ci --unsafe-perm - - |- - if [ "$PUBLISH_LOCAL" = "true" ]; then - npm run build - fi - build: - commands: - - npm -v - - node -v - - |- - if [ "$PUBLISH_LOCAL" = "true" ]; then - npm run verdaccio-publish - fi - - npm run verdaccio-browser-decrypt - - npm run verdaccio-browser-encrypt diff --git a/codebuild/test_vectors/nodejs18.yml b/codebuild/test_vectors/nodejs18.yml deleted file mode 100644 index 982c2b1b7..000000000 --- a/codebuild/test_vectors/nodejs18.yml +++ /dev/null @@ -1,25 +0,0 @@ -version: 0.2 - -env: - variables: - NODE_OPTIONS: "--max-old-space-size=4096" - NPM_CONFIG_UNSAFE_PERM: true - -phases: - install: - commands: - - n 18 - - npm ci --unsafe-perm - - |- - if [ "$PUBLISH_LOCAL" = "true" ]; then - npm run build - fi - build: - commands: - - node -v - - |- - if [ "$PUBLISH_LOCAL" = "true" ]; then - npm run verdaccio-publish - fi - - npm run verdaccio-node-decrypt - - npm run verdaccio-node-encrypt diff --git a/codebuild/test_vectors/nodejs20.yml b/codebuild/test_vectors/nodejs20.yml deleted file mode 100644 index 3a2657beb..000000000 --- a/codebuild/test_vectors/nodejs20.yml +++ /dev/null @@ -1,25 +0,0 @@ -version: 0.2 - -env: - variables: - NODE_OPTIONS: "--max-old-space-size=4096" - NPM_CONFIG_UNSAFE_PERM: true - -phases: - install: - commands: - - n 20 - - npm ci --unsafe-perm - - |- - if [ "$PUBLISH_LOCAL" = "true" ]; then - npm run build - fi - build: - commands: - - node -v - - |- - if [ "$PUBLISH_LOCAL" = "true" ]; then - npm run verdaccio-publish - fi - - npm run verdaccio-node-decrypt - - npm run verdaccio-node-encrypt diff --git a/modules/web-crypto-backend/package.json b/modules/web-crypto-backend/package.json index 9bb91371a..38b70346f 100644 --- a/modules/web-crypto-backend/package.json +++ b/modules/web-crypto-backend/package.json @@ -19,7 +19,6 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-crypto/ie11-detection": "4.0.0", "@aws-crypto/supports-web-crypto": "5.2.0", "@aws-sdk/util-locate-window": "3.310.0", "tslib": "^2.2.0" diff --git a/modules/web-crypto-backend/src/backend-factory.ts b/modules/web-crypto-backend/src/backend-factory.ts index 289dd8a58..df843a86a 100644 --- a/modules/web-crypto-backend/src/backend-factory.ts +++ b/modules/web-crypto-backend/src/backend-factory.ts @@ -1,14 +1,12 @@ // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 -import { isMsWindow } from '@aws-crypto/ie11-detection' import { supportsWebCrypto, supportsSubtleCrypto, supportsZeroByteGCM, } from '@aws-crypto/supports-web-crypto' import { generateSynchronousRandomValues } from './synchronous_random_values' -import promisifyMsSubtleCrypto from './promisify-ms-crypto' type MaybeSubtleCrypto = SubtleCrypto | false export type WebCryptoBackend = @@ -140,7 +138,6 @@ export function pluckSubtleCrypto(window: Window): MaybeSubtleCrypto { // if needed webkitSubtle check should be added here // see: https://webkit.org/blog/7790/update-on-web-cryptography/ if (supportsWebCrypto(window)) return window.crypto.subtle - if (isMsWindow(window)) return promisifyMsSubtleCrypto(window.msCrypto.subtle) return false } diff --git a/modules/web-crypto-backend/src/promisify-ms-crypto.ts b/modules/web-crypto-backend/src/promisify-ms-crypto.ts deleted file mode 100644 index 4c17e629f..000000000 --- a/modules/web-crypto-backend/src/promisify-ms-crypto.ts +++ /dev/null @@ -1,38 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -import { MsSubtleCrypto } from '@aws-crypto/ie11-detection' - -type MsSubtleFunctions = keyof MsSubtleCrypto - -export default function promisifyMsSubtleCrypto(backend: MsSubtleCrypto) { - const usages: MsSubtleFunctions[] = [ - 'decrypt', - 'digest', - 'encrypt', - 'exportKey', - 'generateKey', - 'importKey', - 'sign', - 'verify', - ] - const decorateUsage = (fakeBackend: any, usage: MsSubtleFunctions) => - decorate(backend, fakeBackend, usage) - return usages.reduce(decorateUsage, {}) as SubtleCrypto -} - -function decorate( - subtle: MsSubtleCrypto, - fakeBackend: any, - name: MsSubtleFunctions -) { - fakeBackend[name] = async (...args: any[]) => { - return new Promise((resolve, reject) => { - // @ts-ignore - const operation = subtle[name](...args) - operation.oncomplete = () => resolve(operation.result) - operation.onerror = reject - }) - } - return fakeBackend -} diff --git a/modules/web-crypto-backend/src/synchronous_random_values.ts b/modules/web-crypto-backend/src/synchronous_random_values.ts index 0a0147c06..86cfdba3e 100644 --- a/modules/web-crypto-backend/src/synchronous_random_values.ts +++ b/modules/web-crypto-backend/src/synchronous_random_values.ts @@ -1,7 +1,6 @@ // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 -import { isMsWindow } from '@aws-crypto/ie11-detection' import { supportsSecureRandom } from '@aws-crypto/supports-web-crypto' import { locateWindow } from '@aws-sdk/util-locate-window' @@ -19,10 +18,6 @@ export function generateSynchronousRandomValues( return function synchronousRandomValues(byteLength: number): Uint8Array { if (supportsSecureRandom(globalScope)) { return globalScope.crypto.getRandomValues(new Uint8Array(byteLength)) - } else if (isMsWindow(globalScope)) { - const values = new Uint8Array(byteLength) - globalScope.msCrypto.getRandomValues(values) - return values } throw new Error(`Unable to locate a secure random source.`) diff --git a/modules/web-crypto-backend/test/fixtures.ts b/modules/web-crypto-backend/test/fixtures.ts index edddc884f..cc51f9fea 100644 --- a/modules/web-crypto-backend/test/fixtures.ts +++ b/modules/web-crypto-backend/test/fixtures.ts @@ -3,7 +3,12 @@ export const fakeWindowWebCryptoSupportsZeroByteGCM: Window = { crypto: { - getRandomValues: () => {}, + getRandomValues: (array: Uint8Array) => { + for (let i = 0; i < array.length; i++) { + array[i] = Math.floor(Math.random() * 256) + } + return array + }, subtle: { async decrypt() { return {} as any @@ -142,145 +147,3 @@ export const subtleFallbackZeroByteEncryptFail = { } as any export const subtleFallbackNoWebCrypto = {} as any - -export const fakeWindowIE11OnComplete = { - msCrypto: { - getRandomValues: (values: Uint8Array) => { - return values.fill(1) - }, - subtle: { - decrypt() { - const obj = {} as any - setTimeout(() => { - obj.result = true - obj.oncomplete() - }) - return obj - }, - digest() { - const obj = {} as any - setTimeout(() => { - obj.result = true - obj.oncomplete() - }) - return obj - }, - encrypt() { - const obj = {} as any - setTimeout(() => { - obj.result = true - obj.oncomplete() - }) - return obj - }, - exportKey() { - const obj = {} as any - setTimeout(() => { - obj.result = true - obj.oncomplete() - }) - return obj - }, - generateKey() { - const obj = {} as any - setTimeout(() => { - obj.result = true - obj.oncomplete() - }) - return obj - }, - importKey() { - const obj = {} as any - setTimeout(() => { - obj.result = true - obj.oncomplete() - }) - return obj - }, - sign() { - const obj = {} as any - setTimeout(() => { - obj.result = true - obj.oncomplete() - }) - return obj - }, - verify() { - const obj = {} as any - setTimeout(() => { - obj.result = true - obj.oncomplete() - }) - return obj - }, - }, - }, - MSInputMethodContext: {} as any, -} as any - -export const fakeWindowIE11OnError = { - msCrypto: { - getRandomValues: (values: Uint8Array) => { - return values.fill(1) - }, - subtle: { - decrypt() { - const obj = {} as any - setTimeout(() => { - obj.onerror(new Error('stub error')) - }) - return obj - }, - digest() { - const obj = {} as any - setTimeout(() => { - obj.onerror(new Error('stub error')) - }) - return obj - }, - encrypt() { - const obj = {} as any - setTimeout(() => { - obj.onerror(new Error('stub error')) - }) - return obj - }, - exportKey() { - const obj = {} as any - setTimeout(() => { - obj.onerror(new Error('stub error')) - }) - return obj - }, - generateKey() { - const obj = {} as any - setTimeout(() => { - obj.onerror(new Error('stub error')) - }) - return obj - }, - importKey() { - const obj = {} as any - setTimeout(() => { - obj.onerror(new Error('stub error')) - }) - return obj - }, - sign() { - const obj = {} as any - setTimeout(() => { - obj.onerror(new Error('stub error')) - }) - return obj - }, - verify() { - const obj = {} as any - setTimeout(() => { - obj.onerror(new Error('stub error')) - }) - return obj - }, - }, - }, - MSInputMethodContext: {} as any, -} as any diff --git a/modules/web-crypto-backend/test/promisify-ms-crypto.test.ts b/modules/web-crypto-backend/test/promisify-ms-crypto.test.ts deleted file mode 100644 index 7c420478f..000000000 --- a/modules/web-crypto-backend/test/promisify-ms-crypto.test.ts +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -/* eslint-env mocha */ - -import * as chai from 'chai' -import chaiAsPromised from 'chai-as-promised' -import promisifyMsSubtleCrypto from '../src/promisify-ms-crypto' -import * as fixtures from './fixtures' - -chai.use(chaiAsPromised) -const { expect } = chai - -/* These tests are very simple - * I am not testing every subtle function - * because the promisify code is all the same. - */ -describe('promisifyMsSubtleCrypto', () => { - const backendComplete = promisifyMsSubtleCrypto( - fixtures.fakeWindowIE11OnComplete.msCrypto.subtle - ) - const backendError = promisifyMsSubtleCrypto( - fixtures.fakeWindowIE11OnError.msCrypto.subtle - ) - - it('backendComplete:decrypt', async () => { - // @ts-ignore These methods are stubs, ignore ts errors - const test = await backendComplete.decrypt() - expect(test).to.equal(true) - }) - - it('backendError:decrypt', async () => { - // @ts-ignore These methods are stubs, ignore ts errors - await expect(backendError.decrypt()).to.rejectedWith(Error) - }) -}) diff --git a/modules/web-crypto-backend/test/synchronous_random_values.test.ts b/modules/web-crypto-backend/test/synchronous_random_values.test.ts index 1c8d52456..8e3a06bf9 100644 --- a/modules/web-crypto-backend/test/synchronous_random_values.test.ts +++ b/modules/web-crypto-backend/test/synchronous_random_values.test.ts @@ -5,25 +5,15 @@ import { expect } from 'chai' import { generateSynchronousRandomValues } from '../src/synchronous_random_values' -import { synchronousRandomValues } from '../src/index' import * as fixtures from './fixtures' describe('synchronousRandomValues', () => { it('should return random values', () => { - const test = synchronousRandomValues(5) - expect(test).to.be.instanceOf(Uint8Array) - expect(test).lengthOf(5) - }) - - it('should return msCrypto random values', () => { const synchronousRandomValues = generateSynchronousRandomValues( - fixtures.fakeWindowIE11OnComplete + fixtures.fakeWindowWebCryptoSupportsZeroByteGCM ) - const test = synchronousRandomValues(5) expect(test).to.be.instanceOf(Uint8Array) expect(test).lengthOf(5) - // The random is a stub, so I know the value - expect(test).to.deep.equal(new Uint8Array(5).fill(1)) }) }) diff --git a/package-lock.json b/package-lock.json index 16310b417..e5bea0bb0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -711,23 +711,11 @@ "version": "4.0.1", "license": "Apache-2.0", "dependencies": { - "@aws-crypto/ie11-detection": "4.0.0", "@aws-crypto/supports-web-crypto": "5.2.0", "@aws-sdk/util-locate-window": "3.310.0", "tslib": "^2.2.0" } }, - "modules/web-crypto-backend/node_modules/@aws-crypto/ie11-detection": { - "version": "4.0.0", - "license": "Apache-2.0", - "dependencies": { - "tslib": "^1.11.1" - } - }, - "modules/web-crypto-backend/node_modules/@aws-crypto/ie11-detection/node_modules/tslib": { - "version": "1.14.1", - "license": "0BSD" - }, "modules/web-crypto-backend/node_modules/@aws-sdk/util-locate-window": { "version": "3.310.0", "license": "Apache-2.0",