@salesforce/core
Version:
Core libraries to interact with SFDX projects, orgs, and APIs.
105 lines • 4.03 kB
JavaScript
;
/*
* Copyright (c) 2020, salesforce.com, inc.
* All rights reserved.
* Licensed under the BSD 3-Clause license.
* For full license text, see LICENSE.txt file in the repo root or https://opensource.org/licenses/BSD-3-Clause
*/
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.SecureBuffer = void 0;
const crypto = __importStar(require("node:crypto"));
const ts_types_1 = require("@salesforce/ts-types");
const cipherName = 'aes-256-cbc';
const cipherSize = 32;
/**
* Used to store and retrieve a sensitive information in memory. This is not meant for at rest encryption.
*
* ```
* const sString: SecureBuffer<string> = new SecureBuffer();
* sString.consume(secretTextBuffer);
* const value: string = sString.value((buffer: Buffer): string => {
* const password: string = buffer.toString('utf8');
* // doSomething with the password
* // returns something of type <T>
* return testReturnValue;
* });
* ```
*/
class SecureBuffer {
key = crypto.randomBytes(cipherSize);
iv = crypto.randomBytes(16);
secret;
/**
* Invokes a callback with a decrypted version of the buffer.
*
* @param cb The callback containing the decrypted buffer parameter that returns a desired.
* typed object. It's important to understand that once the callback goes out of scope the buffer parameters is
* overwritten with random data. Do not make a copy of this buffer and persist it!
*/
value(cb) {
if (cb) {
const cipher = crypto.createDecipheriv(cipherName, this.key, this.iv);
const a = cipher.update((0, ts_types_1.ensure)(this.secret));
const b = cipher.final();
const c = Buffer.concat([a, b]);
try {
return cb(c);
}
finally {
crypto.randomFillSync(a);
crypto.randomFillSync(b);
crypto.randomFillSync(c);
}
}
}
/**
* Overwrites the value of the encrypted secret with random data.
*/
clear() {
if (this.secret) {
crypto.randomFillSync(this.secret);
}
const cipher = crypto.createCipheriv(cipherName, this.key, this.iv);
this.secret = Buffer.concat([cipher.update(Buffer.from('')), cipher.final()]);
}
/**
* Consumes a buffer of data that's intended to be secret.
*
* @param buffer Data to encrypt. The input buffer is overwritten with random data after it's encrypted
* and assigned internally.
*/
consume(buffer) {
let targetBuffer = buffer;
if (!targetBuffer) {
targetBuffer = Buffer.from('');
}
const cipher = crypto.createCipheriv(cipherName, this.key, this.iv);
this.secret = Buffer.concat([cipher.update(targetBuffer), cipher.final()]);
crypto.randomFillSync(targetBuffer);
}
}
exports.SecureBuffer = SecureBuffer;
//# sourceMappingURL=secureBuffer.js.map