UNPKG

@relaycorp/webcrypto-kms

Version:

WebCrypto-compatible client for Key Management Services like GCP KMS

docs.relaycorp.tech/webcrypto-kms-js/

relaycorp/webcrypto-kms-js

44 lines 1.79 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
import { KeyManagementServiceClient } from '@google-cloud/kms'; import { initKmsProviderFromEnv } from '../index'; import { PLAINTEXT, verifyAsymmetricSignature } from './utils'; import { RSA_PSS_CREATION_ALGORITHM, RSA_PSS_SIGN_ALGORITHM } from '../testUtils/webcrypto'; if (!process.env.GOOGLE_APPLICATION_CREDENTIALS) { throw new Error('GOOGLE_APPLICATION_CREDENTIALS must be defined'); } let provider; let keyPair; beforeAll(async () => { provider = await initKmsProviderFromEnv('GCP'); await createKeyRingIfMissing(process.env.GCP_KMS_KEYRING, process.env.GCP_KMS_LOCATION); keyPair = await provider.generateKey(RSA_PSS_CREATION_ALGORITHM, true, ['sign', 'verify']); }); afterAll(async () => { if (keyPair) { await provider?.destroyKey(keyPair.privateKey); } await provider?.close(); }); test('GCP KMS', async () => { const { publicKey, privateKey } = keyPair; const signature = await provider.sign(RSA_PSS_SIGN_ALGORITHM, privateKey, PLAINTEXT); await expect(verifyAsymmetricSignature(publicKey, signature, PLAINTEXT)).resolves.toBe(true); }); export async function createKeyRingIfMissing(keyRingId, location) { const kmsClient = new KeyManagementServiceClient(); const project = await kmsClient.getProjectId(); const keyRingName = kmsClient.keyRingPath(project, location, keyRingId); try { await kmsClient.getKeyRing({ name: keyRingName }); } catch (err) { if (err.code !== 5) { throw err; } // Key ring was not found const locationPath = kmsClient.locationPath(project, location); await kmsClient.createKeyRing({ parent: locationPath, keyRingId }); } await kmsClient.close(); return keyRingName; } //# sourceMappingURL=gcp.test.js.map