From ab0ff8095131dce54ba110d5b0390430400cad67 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Tue, 10 Feb 2026 10:51:14 -0800 Subject: [PATCH 1/5] m --- modules/web-crypto-backend/package.json | 1 - .../web-crypto-backend/src/backend-factory.ts | 3 - .../src/promisify-ms-crypto.ts | 38 ----- .../src/synchronous_random_values.ts | 5 - modules/web-crypto-backend/test/fixtures.ts | 149 +----------------- .../test/promisify-ms-crypto.test.ts | 36 ----- .../test/synchronous_random_values.test.ts | 12 +- package-lock.json | 12 -- 8 files changed, 7 insertions(+), 249 deletions(-) delete mode 100644 modules/web-crypto-backend/src/promisify-ms-crypto.ts delete mode 100644 modules/web-crypto-backend/test/promisify-ms-crypto.test.ts diff --git a/modules/web-crypto-backend/package.json b/modules/web-crypto-backend/package.json index 9bb91371a..38b70346f 100644 --- a/modules/web-crypto-backend/package.json +++ b/modules/web-crypto-backend/package.json @@ -19,7 +19,6 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-crypto/ie11-detection": "4.0.0", "@aws-crypto/supports-web-crypto": "5.2.0", "@aws-sdk/util-locate-window": "3.310.0", "tslib": "^2.2.0" diff --git a/modules/web-crypto-backend/src/backend-factory.ts b/modules/web-crypto-backend/src/backend-factory.ts index 289dd8a58..df843a86a 100644 --- a/modules/web-crypto-backend/src/backend-factory.ts +++ b/modules/web-crypto-backend/src/backend-factory.ts @@ -1,14 +1,12 @@ // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 -import { isMsWindow } from '@aws-crypto/ie11-detection' import { supportsWebCrypto, supportsSubtleCrypto, supportsZeroByteGCM, } from '@aws-crypto/supports-web-crypto' import { generateSynchronousRandomValues } from './synchronous_random_values' -import promisifyMsSubtleCrypto from './promisify-ms-crypto' type MaybeSubtleCrypto = SubtleCrypto | false export type WebCryptoBackend = @@ -140,7 +138,6 @@ export function pluckSubtleCrypto(window: Window): MaybeSubtleCrypto { // if needed webkitSubtle check should be added here // see: https://webkit.org/blog/7790/update-on-web-cryptography/ if (supportsWebCrypto(window)) return window.crypto.subtle - if (isMsWindow(window)) return promisifyMsSubtleCrypto(window.msCrypto.subtle) return false } diff --git a/modules/web-crypto-backend/src/promisify-ms-crypto.ts b/modules/web-crypto-backend/src/promisify-ms-crypto.ts deleted file mode 100644 index 4c17e629f..000000000 --- a/modules/web-crypto-backend/src/promisify-ms-crypto.ts +++ /dev/null @@ -1,38 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -import { MsSubtleCrypto } from '@aws-crypto/ie11-detection' - -type MsSubtleFunctions = keyof MsSubtleCrypto - -export default function promisifyMsSubtleCrypto(backend: MsSubtleCrypto) { - const usages: MsSubtleFunctions[] = [ - 'decrypt', - 'digest', - 'encrypt', - 'exportKey', - 'generateKey', - 'importKey', - 'sign', - 'verify', - ] - const decorateUsage = (fakeBackend: any, usage: MsSubtleFunctions) => - decorate(backend, fakeBackend, usage) - return usages.reduce(decorateUsage, {}) as SubtleCrypto -} - -function decorate( - subtle: MsSubtleCrypto, - fakeBackend: any, - name: MsSubtleFunctions -) { - fakeBackend[name] = async (...args: any[]) => { - return new Promise((resolve, reject) => { - // @ts-ignore - const operation = subtle[name](...args) - operation.oncomplete = () => resolve(operation.result) - operation.onerror = reject - }) - } - return fakeBackend -} diff --git a/modules/web-crypto-backend/src/synchronous_random_values.ts b/modules/web-crypto-backend/src/synchronous_random_values.ts index 0a0147c06..86cfdba3e 100644 --- a/modules/web-crypto-backend/src/synchronous_random_values.ts +++ b/modules/web-crypto-backend/src/synchronous_random_values.ts @@ -1,7 +1,6 @@ // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 -import { isMsWindow } from '@aws-crypto/ie11-detection' import { supportsSecureRandom } from '@aws-crypto/supports-web-crypto' import { locateWindow } from '@aws-sdk/util-locate-window' @@ -19,10 +18,6 @@ export function generateSynchronousRandomValues( return function synchronousRandomValues(byteLength: number): Uint8Array { if (supportsSecureRandom(globalScope)) { return globalScope.crypto.getRandomValues(new Uint8Array(byteLength)) - } else if (isMsWindow(globalScope)) { - const values = new Uint8Array(byteLength) - globalScope.msCrypto.getRandomValues(values) - return values } throw new Error(`Unable to locate a secure random source.`) diff --git a/modules/web-crypto-backend/test/fixtures.ts b/modules/web-crypto-backend/test/fixtures.ts index edddc884f..cc51f9fea 100644 --- a/modules/web-crypto-backend/test/fixtures.ts +++ b/modules/web-crypto-backend/test/fixtures.ts @@ -3,7 +3,12 @@ export const fakeWindowWebCryptoSupportsZeroByteGCM: Window = { crypto: { - getRandomValues: () => {}, + getRandomValues: (array: Uint8Array) => { + for (let i = 0; i < array.length; i++) { + array[i] = Math.floor(Math.random() * 256) + } + return array + }, subtle: { async decrypt() { return {} as any @@ -142,145 +147,3 @@ export const subtleFallbackZeroByteEncryptFail = { } as any export const subtleFallbackNoWebCrypto = {} as any - -export const fakeWindowIE11OnComplete = { - msCrypto: { - getRandomValues: (values: Uint8Array) => { - return values.fill(1) - }, - subtle: { - decrypt() { - const obj = {} as any - setTimeout(() => { - obj.result = true - obj.oncomplete() - }) - return obj - }, - digest() { - const obj = {} as any - setTimeout(() => { - obj.result = true - obj.oncomplete() - }) - return obj - }, - encrypt() { - const obj = {} as any - setTimeout(() => { - obj.result = true - obj.oncomplete() - }) - return obj - }, - exportKey() { - const obj = {} as any - setTimeout(() => { - obj.result = true - obj.oncomplete() - }) - return obj - }, - generateKey() { - const obj = {} as any - setTimeout(() => { - obj.result = true - obj.oncomplete() - }) - return obj - }, - importKey() { - const obj = {} as any - setTimeout(() => { - obj.result = true - obj.oncomplete() - }) - return obj - }, - sign() { - const obj = {} as any - setTimeout(() => { - obj.result = true - obj.oncomplete() - }) - return obj - }, - verify() { - const obj = {} as any - setTimeout(() => { - obj.result = true - obj.oncomplete() - }) - return obj - }, - }, - }, - MSInputMethodContext: {} as any, -} as any - -export const fakeWindowIE11OnError = { - msCrypto: { - getRandomValues: (values: Uint8Array) => { - return values.fill(1) - }, - subtle: { - decrypt() { - const obj = {} as any - setTimeout(() => { - obj.onerror(new Error('stub error')) - }) - return obj - }, - digest() { - const obj = {} as any - setTimeout(() => { - obj.onerror(new Error('stub error')) - }) - return obj - }, - encrypt() { - const obj = {} as any - setTimeout(() => { - obj.onerror(new Error('stub error')) - }) - return obj - }, - exportKey() { - const obj = {} as any - setTimeout(() => { - obj.onerror(new Error('stub error')) - }) - return obj - }, - generateKey() { - const obj = {} as any - setTimeout(() => { - obj.onerror(new Error('stub error')) - }) - return obj - }, - importKey() { - const obj = {} as any - setTimeout(() => { - obj.onerror(new Error('stub error')) - }) - return obj - }, - sign() { - const obj = {} as any - setTimeout(() => { - obj.onerror(new Error('stub error')) - }) - return obj - }, - verify() { - const obj = {} as any - setTimeout(() => { - obj.onerror(new Error('stub error')) - }) - return obj - }, - }, - }, - MSInputMethodContext: {} as any, -} as any diff --git a/modules/web-crypto-backend/test/promisify-ms-crypto.test.ts b/modules/web-crypto-backend/test/promisify-ms-crypto.test.ts deleted file mode 100644 index 7c420478f..000000000 --- a/modules/web-crypto-backend/test/promisify-ms-crypto.test.ts +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -/* eslint-env mocha */ - -import * as chai from 'chai' -import chaiAsPromised from 'chai-as-promised' -import promisifyMsSubtleCrypto from '../src/promisify-ms-crypto' -import * as fixtures from './fixtures' - -chai.use(chaiAsPromised) -const { expect } = chai - -/* These tests are very simple - * I am not testing every subtle function - * because the promisify code is all the same. - */ -describe('promisifyMsSubtleCrypto', () => { - const backendComplete = promisifyMsSubtleCrypto( - fixtures.fakeWindowIE11OnComplete.msCrypto.subtle - ) - const backendError = promisifyMsSubtleCrypto( - fixtures.fakeWindowIE11OnError.msCrypto.subtle - ) - - it('backendComplete:decrypt', async () => { - // @ts-ignore These methods are stubs, ignore ts errors - const test = await backendComplete.decrypt() - expect(test).to.equal(true) - }) - - it('backendError:decrypt', async () => { - // @ts-ignore These methods are stubs, ignore ts errors - await expect(backendError.decrypt()).to.rejectedWith(Error) - }) -}) diff --git a/modules/web-crypto-backend/test/synchronous_random_values.test.ts b/modules/web-crypto-backend/test/synchronous_random_values.test.ts index 1c8d52456..8e3a06bf9 100644 --- a/modules/web-crypto-backend/test/synchronous_random_values.test.ts +++ b/modules/web-crypto-backend/test/synchronous_random_values.test.ts @@ -5,25 +5,15 @@ import { expect } from 'chai' import { generateSynchronousRandomValues } from '../src/synchronous_random_values' -import { synchronousRandomValues } from '../src/index' import * as fixtures from './fixtures' describe('synchronousRandomValues', () => { it('should return random values', () => { - const test = synchronousRandomValues(5) - expect(test).to.be.instanceOf(Uint8Array) - expect(test).lengthOf(5) - }) - - it('should return msCrypto random values', () => { const synchronousRandomValues = generateSynchronousRandomValues( - fixtures.fakeWindowIE11OnComplete + fixtures.fakeWindowWebCryptoSupportsZeroByteGCM ) - const test = synchronousRandomValues(5) expect(test).to.be.instanceOf(Uint8Array) expect(test).lengthOf(5) - // The random is a stub, so I know the value - expect(test).to.deep.equal(new Uint8Array(5).fill(1)) }) }) diff --git a/package-lock.json b/package-lock.json index 16310b417..e5bea0bb0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -711,23 +711,11 @@ "version": "4.0.1", "license": "Apache-2.0", "dependencies": { - "@aws-crypto/ie11-detection": "4.0.0", "@aws-crypto/supports-web-crypto": "5.2.0", "@aws-sdk/util-locate-window": "3.310.0", "tslib": "^2.2.0" } }, - "modules/web-crypto-backend/node_modules/@aws-crypto/ie11-detection": { - "version": "4.0.0", - "license": "Apache-2.0", - "dependencies": { - "tslib": "^1.11.1" - } - }, - "modules/web-crypto-backend/node_modules/@aws-crypto/ie11-detection/node_modules/tslib": { - "version": "1.14.1", - "license": "0BSD" - }, "modules/web-crypto-backend/node_modules/@aws-sdk/util-locate-window": { "version": "3.310.0", "license": "Apache-2.0", From 4ef1727abbf04b3b20592ef412ae35be800b2d59 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Tue, 10 Feb 2026 10:57:25 -0800 Subject: [PATCH 2/5] m --- .github/workflows/ci_static-analysis.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index f06333e47..9ce52081b 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -11,5 +11,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 + # not-grep uses "pkg_resources" which is not supported by Python 3.14 + - name: Set up Python 3.13 + uses: actions/setup-python@v4 + with: + python-version: '3.13' - name: not-grep uses: mattsb42-meta/not-grep@1.0.0 From 3f9dfcbe4ae41382c2dac2d2b122272a1b65c9b9 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Tue, 10 Feb 2026 10:59:47 -0800 Subject: [PATCH 3/5] m --- .github/workflows/ci_static-analysis.yaml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index 9ce52081b..9608a2b38 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -11,10 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - # not-grep uses "pkg_resources" which is not supported by Python 3.14 - - name: Set up Python 3.13 - uses: actions/setup-python@v4 - with: - python-version: '3.13' + - name: Upgrade setuptools + run: python -m pip install --upgrade setuptools - name: not-grep uses: mattsb42-meta/not-grep@1.0.0 From 6f7e4be9d2c10d7d5d3cf3668caad086d2bbfd31 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Tue, 10 Feb 2026 11:06:14 -0800 Subject: [PATCH 4/5] m --- .github/workflows/ci_static-analysis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index 9608a2b38..36aa1186f 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -12,6 +12,6 @@ jobs: steps: - uses: actions/checkout@v2 - name: Upgrade setuptools - run: python -m pip install --upgrade setuptools + run: python -m pip install "setuptools<81" - name: not-grep uses: mattsb42-meta/not-grep@1.0.0 From e6d9bfd23db326be1b61dc5d2472b2680a4ac7e9 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Tue, 10 Feb 2026 15:07:08 -0800 Subject: [PATCH 5/5] Apply suggestion from @lucasmcdonald3 --- .github/workflows/ci_static-analysis.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index 36aa1186f..f06333e47 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -11,7 +11,5 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: Upgrade setuptools - run: python -m pip install "setuptools<81" - name: not-grep uses: mattsb42-meta/not-grep@1.0.0