UNPKG

@azure/cosmos

Version:

Microsoft Azure Cosmos DB Service Node.js SDK for NOSQL API

github.com/Azure/azure-sdk-for-js/tree/main/sdk/cosmosdb/cosmos/README.md

Azure/azure-sdk-for-js

60 lines 2.94 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
"use strict"; // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. Object.defineProperty(exports, "__esModule", { value: true }); exports.EncryptionKeyStoreProvider = void 0; const index_js_1 = require("../common/index.js"); const time_js_1 = require("../utils/time.js"); /** * Class to store encryption keys in unwrapped form and provide an interface for wrapping and unwrapping the keys. */ class EncryptionKeyStoreProvider { keyEncryptionKeyResolver; cacheTimeToLive; RsaOaepEncryptionAlgorithm = "RSA-OAEP"; // interval for clear cache to run cacheRefresher; // cache to store the unwrapped encryption key. Key is the path of the encryption key unwrappedEncryptionKeyCache; providerName; constructor(keyEncryptionKeyResolver, cacheTimeToLive) { this.keyEncryptionKeyResolver = keyEncryptionKeyResolver; this.cacheTimeToLive = cacheTimeToLive; this.keyEncryptionKeyResolver = keyEncryptionKeyResolver; this.providerName = keyEncryptionKeyResolver.encryptionKeyResolverName; this.unwrappedEncryptionKeyCache = {}; this.cacheTimeToLive = cacheTimeToLive; this.clearCacheOnTtlExpiry(); } async wrapKey(encryptionKeyId, algorithm, key) { const uInt8ArrayKey = new Uint8Array(key); const wrappedEncryptionKey = await this.keyEncryptionKeyResolver.wrapKey(encryptionKeyId, algorithm, uInt8ArrayKey); return Buffer.from(wrappedEncryptionKey); } async unwrapKey(encryptionKeyId, algorithm, wrappedKey) { if (this.cacheTimeToLive === 0) { const res = await this.keyEncryptionKeyResolver.unwrapKey(encryptionKeyId, algorithm, wrappedKey); return Buffer.from(res); } if (!this.unwrappedEncryptionKeyCache[encryptionKeyId]) { const wrappedKeyUint8Array = new Uint8Array(wrappedKey); const plainEncryptionKey = await this.keyEncryptionKeyResolver.unwrapKey(encryptionKeyId, algorithm, wrappedKeyUint8Array); const plainEncryptionKeyBuffer = Buffer.from(plainEncryptionKey); this.unwrappedEncryptionKeyCache[encryptionKeyId] = [new Date(), plainEncryptionKeyBuffer]; } return this.unwrappedEncryptionKeyCache[encryptionKeyId][1]; } async clearCacheOnTtlExpiry() { this.cacheRefresher = (0, time_js_1.startBackgroundTask)(async () => { const now = new Date(); for (const key in this.unwrappedEncryptionKeyCache) { if (now.getTime() - this.unwrappedEncryptionKeyCache[key][0].getTime() > this.cacheTimeToLive) { delete this.unwrappedEncryptionKeyCache[key]; } } }, index_js_1.Constants.EncryptionCacheRefreshIntervalInMs); } } exports.EncryptionKeyStoreProvider = EncryptionKeyStoreProvider; //# sourceMappingURL=EncryptionKeyStoreProvider.js.map