@am92/kms
Version:
Key Management Service
149 lines (148 loc) • 5.4 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.AwsKms = void 0;
const client_kms_1 = require("@aws-sdk/client-kms");
const AwsKmsError_1 = require("./AwsKmsError");
const ERRORS_1 = require("./ERRORS");
/**
* Class to execute KMS methods using AWS KMS
*
* @class
*/
class AwsKms {
/**
* Configurations used for AWS KMS
*/
CONFIG;
/**
* AWS KMS client instance
*/
client;
/**
* Creates an instance of AwsKms.
*
* @constructor
* @param config
*/
constructor(config) {
this.CONFIG = validateConfig(config);
const { AWS_CONNECTION_CONFIG = {} } = this.CONFIG;
this.client = new client_kms_1.KMSClient(AWS_CONNECTION_CONFIG);
this.generateDataKey = this.generateDataKey.bind(this);
this.generateDataKeyPair = this.generateDataKeyPair.bind(this);
this.encrypt = this.encrypt.bind(this);
this.decrypt = this.decrypt.bind(this);
}
/**
* Generates encryption keys for symmetric encryption algorithm
*
* @async
* @returns
*/
async generateDataKey() {
try {
const { AWS_KEY_ID, KEY_SPEC, KEY_FORMAT } = this.CONFIG;
const params = {
KeyId: AWS_KEY_ID,
KeySpec: KEY_SPEC
};
const command = new client_kms_1.GenerateDataKeyCommand(params);
const response = await this.client.send(command);
const { CiphertextBlob, Plaintext } = response;
const encryptedDataKey = Buffer.from(CiphertextBlob || []).toString(KEY_FORMAT);
const dataKey = Buffer.from(Plaintext || []).toString(KEY_FORMAT);
const dataKeyObject = { dataKey, encryptedDataKey };
return dataKeyObject;
}
catch (error) {
throw new AwsKmsError_1.AwsKmsError(error, ERRORS_1.GENERATE_DATA_KEY_ERROR);
}
}
/**
* Generates encryption keys for asymmetric encryption algorithm
*
* @async
* @returns
*/
async generateDataKeyPair() {
try {
const { AWS_KEY_ID, KEY_PAIR_SPEC, KEY_FORMAT } = this.CONFIG;
const params = {
KeyId: AWS_KEY_ID,
KeyPairSpec: KEY_PAIR_SPEC
};
const command = new client_kms_1.GenerateDataKeyPairCommand(params);
const response = await this.client.send(command);
const { PrivateKeyCiphertextBlob, PrivateKeyPlaintext, PublicKey } = response;
const encryptedPrivateKey = Buffer.from(PrivateKeyCiphertextBlob || []).toString(KEY_FORMAT);
const privateKey = Buffer.from(PrivateKeyPlaintext || []).toString(KEY_FORMAT);
const publicKey = Buffer.from(PublicKey || []).toString(KEY_FORMAT);
const dataKeyPairObject = {
privateKey,
publicKey,
encryptedPrivateKey
};
return dataKeyPairObject;
}
catch (error) {
throw new AwsKmsError_1.AwsKmsError(error, ERRORS_1.GENERATE_DATA_KEY_PAIR_ERROR);
}
}
/**
* Encrypts a given string using AES-256-CBC
*
* @async
* @param [plainText='']
* @param [options]
* @returns
*/
async encrypt(plainText = '', options) {
try {
const { AWS_KEY_ID, CIPHER_TEXT_FORMAT, PLAIN_TEXT_FORMAT } = this.CONFIG;
const { cipherTextFormat = CIPHER_TEXT_FORMAT, plainTextFormat = PLAIN_TEXT_FORMAT } = options || {};
const Plaintext = new Uint8Array(Buffer.from(plainText, plainTextFormat));
const params = { KeyId: AWS_KEY_ID, Plaintext };
const command = new client_kms_1.EncryptCommand(params);
const response = await this.client.send(command);
const { CiphertextBlob } = response;
const ciphertext = Buffer.from(CiphertextBlob || []).toString(cipherTextFormat);
return ciphertext;
}
catch (error) {
throw new AwsKmsError_1.AwsKmsError(error, ERRORS_1.ENCRYPT_ERROR);
}
}
/**
* Decrypts a given string using AES-256-CBC
*
* @async
* @param [ciphertext='']
* @param [options]
* @returns
*/
async decrypt(ciphertext = '', options) {
try {
const { AWS_KEY_ID, CIPHER_TEXT_FORMAT, PLAIN_TEXT_FORMAT } = this.CONFIG;
const { cipherTextFormat = CIPHER_TEXT_FORMAT, plainTextFormat = PLAIN_TEXT_FORMAT } = options || {};
const CiphertextBlob = new Uint8Array(Buffer.from(ciphertext, cipherTextFormat));
const params = { KeyId: AWS_KEY_ID, CiphertextBlob };
const command = new client_kms_1.DecryptCommand(params);
const response = await this.client.send(command);
const { Plaintext } = response;
const plaintext = Buffer.from(Plaintext || []).toString(plainTextFormat);
return plaintext;
}
catch (error) {
throw new AwsKmsError_1.AwsKmsError(error, ERRORS_1.DECRYPT_ERROR);
}
}
}
exports.AwsKms = AwsKms;
/** @ignore */
function validateConfig(config) {
const { AWS_KEY_ID } = config;
if (!AWS_KEY_ID) {
throw new AwsKmsError_1.AwsKmsError(config, ERRORS_1.INVALID_CONFIG_ERROR);
}
return config;
}