Mastercard · joseph-neeraj · Nov 15, 2023 · Nov 14, 2023
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -8,6 +8,7 @@
   },
   "main": "src/index.js",
   "scripts": {
+    "check": "npm test && npm run lint && npm run minify",
     "test": "jest",
     "minify": "mkdirp dist && browserify src/index.js | uglifyjs -o dist/mastercard-postman-encryption-lib.min.js",
     "lint": "eslint '**/*.js' || (echo \"Run 'npm run lint:fix' to fix most errors\" && exit 1)",
@@ -20,7 +21,7 @@
   "license": "ISC",
   "dependencies": {
     "js-sha256": "^0.10.1",
-    "mastercard-client-encryption": "^1.9.0",
+    "mastercard-client-encryption": "^1.10.0",
     "node-jose": "^2.2.0"
   },
   "devDependencies": {

diff --git a/src/jwe.js b/src/jwe.js
@@ -1,5 +1,6 @@
 const jose = require('node-jose');
 const { validateEnv } = require('./util');
+const { EncryptionUtils } = require('mastercard-client-encryption');
 
 function jweEncryption(pm) {
   validateEnv(['pathToRawData', 'pathToEncryptedData', 'publicKeyFingerprint', 'encryptionCert'], pm.environment);
@@ -8,34 +9,14 @@ function jweEncryption(pm) {
     const reqBody = JSON.parse(pm.request.body.raw);
     const pathToRawData = pm.environment.get('pathToRawData');
     const pathToEncryptedData = pm.environment.get('pathToEncryptedData');
-    const encryptedProperty = pm.environment.get('encryptedProperty') ?? 'encryptedData';
+    const encryptedValueFieldName = pm.environment.get('encryptedValueFieldName') ?? 'encryptedData';
     const publicKeyFingerprint = pm.environment.get('publicKeyFingerprint');
     const encryptionCertificate = pm.environment.get('encryptionCert');
 
-    // Get element in payload to encrypt
-    let tmpIn = reqBody;
-    let prevIn = null;
-
-    const paths = pathToRawData.split('.');
-    paths.forEach((e) => {
-      if (pathToRawData !== '$' && !Object.prototype.hasOwnProperty.call(tmpIn, e)) {
-        tmpIn[e] = {};
-      }
-      prevIn = tmpIn;
-      tmpIn = tmpIn[e];
-    });
-    const elem = pathToRawData.split('.').pop();
-    const target = pathToRawData !== '$' ? prevIn[elem] : reqBody;
-
-    // Get output path of encrypted payload
-    let outPath = reqBody;
-    const pathsOut = pathToEncryptedData.split('.');
-    pathsOut.forEach((e) => {
-      if (pathToEncryptedData !== '$' && !Object.prototype.hasOwnProperty.call(outPath, e)) {
-        outPath[e] = {};
-      }
-      outPath = outPath[e];
-    });
+    const encryptionTarget = EncryptionUtils.elemFromPath(pathToRawData, reqBody);
+    if (!encryptionTarget || !encryptionTarget.node) {
+      return resolve(reqBody);
+    }
 
     const keystore = jose.JWK.createKeyStore();
     return (
@@ -44,7 +25,7 @@ function jweEncryption(pm) {
 
         // Encrypt payload and attach to request body
         .then((publicKey) => {
-          const buffer = Buffer.from(JSON.stringify(target));
+          const buffer = Buffer.from(JSON.stringify(encryptionTarget.node));
           return jose.JWE.createEncrypt(
             {
               format: 'compact',
@@ -57,20 +38,14 @@ function jweEncryption(pm) {
             .final();
         })
         .then((encrypted) => {
-          if (pathToEncryptedData !== '$') {
-            outPath[encryptedProperty] = encrypted;
-          } else {
-            if (pathToRawData === '$') {
-              const properties = Object.keys(reqBody);
-              properties.forEach((e) => {
-                delete reqBody[e];
-              });
-            }
-            reqBody[encryptedProperty] = encrypted;
-          }
-          delete prevIn[elem];
-
-          resolve(reqBody);
+          // mirror what the mastercard encryption lib does
+          const encryptedReqBody = EncryptionUtils.addEncryptedDataToBody(
+            { [encryptedValueFieldName]: encrypted },
+            { element: pathToRawData, obj: pathToEncryptedData },
+            encryptedValueFieldName,
+            reqBody,
+          );
+          resolve(encryptedReqBody);
         })
     );
   });

diff --git a/test/jwe.test.js b/test/jwe.test.js
@@ -1,16 +1,19 @@
 const { jweEncryption } = require('../src/jwe');
 const fs = require('fs');
 const path = require('path');
+const EncryptionUtils = require('mastercard-client-encryption').EncryptionUtils;
 
 describe(`Tests for ${jweEncryption.name}()`, () => {
   // the postman object
   const pm = {};
   const encryptionCert = fs.readFileSync(path.resolve(__dirname, './res/encryption_cert_pubic_key.pem'));
   beforeEach(() => {
+    jest.restoreAllMocks();
+
     const environment = {
       pathToRawData: '$',
       pathToEncryptedData: '$',
-      encryptedProperty: 'encryptedData',
+      encryptedValueFieldName: 'encryptedData',
       encryptionCert,
       publicKeyFingerprint: 'abcdef',
     };
@@ -19,6 +22,23 @@ describe(`Tests for ${jweEncryption.name}()`, () => {
     pm.request = { method: 'post', body: {} };
   });
 
+  test(`Returns unencrypted object if finding the element to be encrypted fails`, async () => {
+    pm.environment.set('pathToRawData', '$');
+    pm.environment.set('pathToEncryptedData', '$');
+
+    const requestBody = {
+      a: 'b',
+      c: 'd',
+    };
+    pm.request.body.raw = JSON.stringify(requestBody);
+
+    jest.spyOn(EncryptionUtils, 'elemFromPath').mockReturnValue(null);
+
+    const encryptionResult = await jweEncryption(pm);
+
+    expect(encryptionResult).toEqual(requestBody);
+  });
+
   test('Encrypts a request object when the encryption path is the root of the request object', async () => {
     pm.environment.set('pathToRawData', '$');
     pm.environment.set('pathToEncryptedData', '$');
@@ -28,20 +48,20 @@ describe(`Tests for ${jweEncryption.name}()`, () => {
       c: 'd',
     });
 
-    const mockUpdateFn = jest.fn();
-    pm.request.body.update = mockUpdateFn;
-
     const expectedBodyFormat = {
       encryptedData: 'the encrypted request body',
     };
 
     const actualEncryptedBody = await jweEncryption(pm);
 
     expect(Object.keys(actualEncryptedBody)).toEqual(Object.keys(expectedBodyFormat));
+    expect(actualEncryptedBody.encryptedData).not.toBe(undefined);
+    expect(actualEncryptedBody.encryptedData).not.toBe(null);
   });
 
   test('Encrypts a request object when the encryption path is nested in the request object', async () => {
     pm.request.body.raw = JSON.stringify({
+      irrelevantProperty: 'this should be preserved',
       path: {
         to: {
           foo: {
@@ -55,19 +75,19 @@ describe(`Tests for ${jweEncryption.name}()`, () => {
     pm.environment.set('pathToRawData', 'path.to.foo');
     pm.environment.set('pathToEncryptedData', 'path.to.encryptedFoo');
 
-    const mockUpdateFn = jest.fn();
-    pm.request.body.update = mockUpdateFn;
-
     const expectedBodyFormat = {
-      encryptedData: 'the encrypted request body',
+      irrelevantProperty: 'this should be preserved',
+      path: {
+        to: {
+          encryptedFoo: 'the encrypted request body',
+        },
+      },
     };
 
     const actualEncryptedBody = await jweEncryption(pm);
 
     expect(actualEncryptedBody.path.to.encryptedFoo).not.toBe(undefined);
     expect(actualEncryptedBody.path.to.encryptedFoo).not.toBe(null);
-    expect(Object.keys(actualEncryptedBody.path.to.encryptedFoo).sort()).toEqual(
-      Object.keys(expectedBodyFormat).sort(),
-    );
+    expect(Object.keys(actualEncryptedBody).sort()).toEqual(Object.keys(expectedBodyFormat).sort());
   });
 });