@relaycorp/webcrypto-kms
Version:
WebCrypto-compatible client for Key Management Services like GCP KMS
48 lines • 1.93 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.createKeyRingIfMissing = void 0;
const kms_1 = require("@google-cloud/kms");
const index_1 = require("../index");
const utils_1 = require("./utils");
const webcrypto_1 = require("../testUtils/webcrypto");
if (!process.env.GOOGLE_APPLICATION_CREDENTIALS) {
throw new Error('GOOGLE_APPLICATION_CREDENTIALS must be defined');
}
let provider;
let keyPair;
beforeAll(async () => {
provider = await (0, index_1.initKmsProviderFromEnv)('GCP');
await createKeyRingIfMissing(process.env.GCP_KMS_KEYRING, process.env.GCP_KMS_LOCATION);
keyPair = await provider.generateKey(webcrypto_1.RSA_PSS_CREATION_ALGORITHM, true, ['sign', 'verify']);
});
afterAll(async () => {
if (keyPair) {
await provider?.destroyKey(keyPair.privateKey);
}
await provider?.close();
});
test('GCP KMS', async () => {
const { publicKey, privateKey } = keyPair;
const signature = await provider.sign(webcrypto_1.RSA_PSS_SIGN_ALGORITHM, privateKey, utils_1.PLAINTEXT);
await expect((0, utils_1.verifyAsymmetricSignature)(publicKey, signature, utils_1.PLAINTEXT)).resolves.toBe(true);
});
async function createKeyRingIfMissing(keyRingId, location) {
const kmsClient = new kms_1.KeyManagementServiceClient();
const project = await kmsClient.getProjectId();
const keyRingName = kmsClient.keyRingPath(project, location, keyRingId);
try {
await kmsClient.getKeyRing({ name: keyRingName });
}
catch (err) {
if (err.code !== 5) {
throw err;
}
// Key ring was not found
const locationPath = kmsClient.locationPath(project, location);
await kmsClient.createKeyRing({ parent: locationPath, keyRingId });
}
await kmsClient.close();
return keyRingName;
}
exports.createKeyRingIfMissing = createKeyRingIfMissing;
//# sourceMappingURL=gcp.test.js.map