@confluentinc/schemaregistry/dist/rules/encryption/azurekms/azure-client.js

Node.js client for Confluent Schema Registry

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.AzureKmsClient = void 0;
const azure_driver_1 = require("./azure-driver");
const keyvault_keys_1 = require("@azure/keyvault-keys");
class AzureKmsClient {
    constructor(keyUri, creds) {
        if (!keyUri.startsWith(azure_driver_1.AzureKmsDriver.PREFIX)) {
            throw new Error(`key uri must start with ${azure_driver_1.AzureKmsDriver.PREFIX}`);
        }
        this.keyUri = keyUri;
        this.keyId = keyUri.substring(azure_driver_1.AzureKmsDriver.PREFIX.length);
        this.kmsClient = new keyvault_keys_1.CryptographyClient(this.keyId, creds);
    }
    supported(keyUri) {
        return this.keyUri === keyUri;
    }
    async encrypt(plaintext) {
        const result = await this.kmsClient.encrypt(AzureKmsClient.ALGORITHM, plaintext);
        return Buffer.from(result.result);
    }
    async decrypt(ciphertext) {
        const result = await this.kmsClient.decrypt(AzureKmsClient.ALGORITHM, ciphertext);
        return Buffer.from(result.result);
    }
}
exports.AzureKmsClient = AzureKmsClient;
AzureKmsClient.ALGORITHM = 'RSA-OAEP-256';