@cumulus/common/kms.js

Common utilities used across tasks

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.KMS = void 0;
const services_1 = require("@cumulus/aws-client/services");
const errors_1 = require("@cumulus/errors");
const util_1 = require("./util");
const KMSDecryptionFailed = (0, errors_1.createErrorType)('KMSDecryptionFailed');
class KMS {
    static async encrypt(text, kmsId) {
        (0, util_1.deprecate)('@cumulus/common/key-pair-provider', '1.17.0', '@cumulus/aws-client/KMS.encrypt');
        const params = {
            KeyId: kmsId,
            Plaintext: new TextEncoder().encode(text),
        };
        const { CiphertextBlob } = await (0, services_1.kms)().encrypt(params);
        if (!CiphertextBlob) {
            throw new Error('Encryption failed, undefined CiphertextBlob returned');
        }
        return Buffer.from(CiphertextBlob).toString('base64');
    }
    static async decrypt(text) {
        (0, util_1.deprecate)('@cumulus/common/key-pair-provider', '1.17.0', '@cumulus/aws-client/KMS.decryptBase64String');
        const params = {
            CiphertextBlob: Buffer.from(text, 'base64'),
        };
        try {
            const { Plaintext } = await (0, services_1.kms)().decrypt(params);
            if (!Plaintext) {
                throw new Error('Decryption failed, undefined Plaintext returned');
            }
            return Buffer.from(Plaintext).toString();
        }
        catch (error) {
            if (error.toString().includes('InvalidCiphertextException')) {
                throw new KMSDecryptionFailed('Decrypting the secure text failed. The provided text is invalid');
            }
            throw error;
        }
    }
}
exports.KMS = KMS;
//# sourceMappingURL=kms.js.map