* parseEncryptionXml - Parses and validates a ServerSideEncryptionConfiguration xml document * @param {object} xml - ServerSideEncryptionConfiguration doc * @param {object} log - logger * @param {ServerSideEncryptionInfo~callback} cb - callback * @returns {undefined}
(xml, log, cb)
| 27 | * @returns {undefined} |
| 28 | */ |
| 29 | function parseEncryptionXml(xml, log, cb) { |
| 30 | return parseString(xml, (err, parsed) => { |
| 31 | if (err) { |
| 32 | log.trace('xml parsing failed', { |
| 33 | error: err, |
| 34 | method: 'parseEncryptionXml', |
| 35 | }); |
| 36 | log.debug('invalid xml', { xml }); |
| 37 | return cb(errors.MalformedXML); |
| 38 | } |
| 39 | |
| 40 | if (!parsed |
| 41 | || !parsed.ServerSideEncryptionConfiguration |
| 42 | || !parsed.ServerSideEncryptionConfiguration.Rule) { |
| 43 | log.trace('error in sse config, invalid ServerSideEncryptionConfiguration section', { |
| 44 | method: 'parseEncryptionXml', |
| 45 | }); |
| 46 | return cb(errors.MalformedXML); |
| 47 | } |
| 48 | |
| 49 | const { Rule } = parsed.ServerSideEncryptionConfiguration; |
| 50 | |
| 51 | if (!Array.isArray(Rule) |
| 52 | || Rule.length > 1 |
| 53 | || !Rule[0] |
| 54 | || !Rule[0].ApplyServerSideEncryptionByDefault |
| 55 | || !Rule[0].ApplyServerSideEncryptionByDefault[0]) { |
| 56 | log.trace('error in sse config, invalid ApplyServerSideEncryptionByDefault section', { |
| 57 | method: 'parseEncryptionXml', |
| 58 | }); |
| 59 | return cb(errors.MalformedXML); |
| 60 | } |
| 61 | |
| 62 | const [encConfig] = Rule[0].ApplyServerSideEncryptionByDefault; |
| 63 | |
| 64 | if (!encConfig.SSEAlgorithm || !encConfig.SSEAlgorithm[0]) { |
| 65 | log.trace('error in sse config, no SSEAlgorithm provided', { |
| 66 | method: 'parseEncryptionXml', |
| 67 | }); |
| 68 | return cb(errors.MalformedXML); |
| 69 | } |
| 70 | |
| 71 | const [algorithm] = encConfig.SSEAlgorithm; |
| 72 | |
| 73 | if (algorithm !== 'AES256' && algorithm !== 'aws:kms') { |
| 74 | log.trace('error in sse config, unknown SSEAlgorithm', { |
| 75 | method: 'parseEncryptionXml', |
| 76 | }); |
| 77 | return cb(errors.MalformedXML); |
| 78 | } |
| 79 | |
| 80 | const result = { algorithm, mandatory: true }; |
| 81 | |
| 82 | if (encConfig.KMSMasterKeyID) { |
| 83 | if (algorithm === 'AES256') { |
| 84 | log.trace('error in sse config, can not specify KMSMasterKeyID when using AES256', { |
| 85 | method: 'parseEncryptionXml', |
| 86 | }); |
no test coverage detected