UNPKG

@salesforce/core

Version:

Core libraries to interact with SFDX projects, orgs, and APIs.

github.com/forcedotcom/sfdx-core

forcedotcom/sfdx-core

83 lines 3.01 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
"use strict"; /* * Copyright (c) 2020, salesforce.com, inc. * All rights reserved. * Licensed under the BSD 3-Clause license. * For full license text, see LICENSE.txt file in the repo root or https://opensource.org/licenses/BSD-3-Clause */ Object.defineProperty(exports, "__esModule", { value: true }); exports.SecureBuffer = void 0; const crypto = require("crypto"); const ts_types_1 = require("@salesforce/ts-types"); const cipherName = 'aes-256-cbc'; const cipherSize = 32; /** * Used to store and retrieve a sensitive information in memory. This is not meant for at rest encryption. * * ``` * const sString: SecureBuffer<string> = new SecureBuffer(); * sString.consume(secretTextBuffer); * const value: string = sString.value((buffer: Buffer): string => { * const password: string = buffer.toString('utf8'); * // doSomething with the password * // returns something of type <T> * return testReturnValue; * }); * ``` */ class SecureBuffer { constructor() { this.key = crypto.randomBytes(cipherSize); this.iv = crypto.randomBytes(16); } /** * Invokes a callback with a decrypted version of the buffer. * * @param cb The callback containing the decrypted buffer parameter that returns a desired. * typed object. It's important to understand that once the callback goes out of scope the buffer parameters is * overwritten with random data. Do not make a copy of this buffer and persist it! */ value(cb) { if (cb) { const cipher = crypto.createDecipheriv(cipherName, this.key, this.iv); const a = cipher.update((0, ts_types_1.ensure)(this.secret)); const b = cipher.final(); const c = Buffer.concat([a, b]); try { return cb(c); } finally { crypto.randomFillSync(a); crypto.randomFillSync(b); crypto.randomFillSync(c); } } } /** * Overwrites the value of the encrypted secret with random data. */ clear() { if (this.secret) { crypto.randomFillSync(this.secret); } const cipher = crypto.createCipheriv(cipherName, this.key, this.iv); this.secret = Buffer.concat([cipher.update(Buffer.from('')), cipher.final()]); } /** * Consumes a buffer of data that's intended to be secret. * * @param buffer Data to encrypt. The input buffer is overwritten with random data after it's encrypted * and assigned internally. */ consume(buffer) { let targetBuffer = buffer; if (!targetBuffer) { targetBuffer = Buffer.from(''); } const cipher = crypto.createCipheriv(cipherName, this.key, this.iv); this.secret = Buffer.concat([cipher.update(targetBuffer), cipher.final()]); crypto.randomFillSync(targetBuffer); } } exports.SecureBuffer = SecureBuffer; //# sourceMappingURL=secureBuffer.js.map