@tigthor/kokocrypt
Version:
Enhanced Fortress Edition - Secure, quantum-resistant, high-performance encryption package
102 lines • 4.19 kB
JavaScript
;
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.EnhancedEnvKeyProvider = void 0;
const common_1 = require("@nestjs/common");
const key_provider_1 = require("./key-provider");
const libsodium_wrappers_1 = __importDefault(require("libsodium-wrappers"));
let EnhancedEnvKeyProvider = class EnhancedEnvKeyProvider extends key_provider_1.KeyProvider {
constructor() {
super();
this.keys = new Map();
this.currentKeyId = '';
this.KEY_VALIDITY_PERIOD = 7 * 24 * 60 * 60 * 1000;
this.initializeFromEnv();
}
async initializeFromEnv() {
await libsodium_wrappers_1.default.ready;
const envKey = process.env.KOKOCRYPT_MASTER_KEY;
if (!envKey) {
throw new Error('KOKOCRYPT_MASTER_KEY environment variable not set');
}
const key = Buffer.from(envKey, 'base64');
if (key.length !== 64) {
throw new Error('Invalid key length - must be 64 bytes');
}
const now = Date.now();
const keyResult = {
key,
kid: `env-${now}`,
algorithm: 'XChaCha20-Poly1305',
createdAt: now,
expiresAt: now + this.KEY_VALIDITY_PERIOD
};
this.keys.set(keyResult.kid, keyResult);
this.currentKeyId = keyResult.kid;
}
async getCurrentKey() {
const currentKey = this.keys.get(this.currentKeyId);
if (!currentKey) {
await this.initializeFromEnv();
return this.getCurrentKey();
}
if (currentKey.expiresAt && currentKey.expiresAt < Date.now()) {
await this.rotateKeys();
return this.getCurrentKey();
}
return currentKey;
}
async getKey(kid) {
const keyResult = this.keys.get(kid);
return keyResult ? keyResult.key : null;
}
async rotateKeys() {
await libsodium_wrappers_1.default.ready;
const keypair = libsodium_wrappers_1.default.crypto_kx_keypair();
const newKey = Buffer.concat([keypair.privateKey, keypair.publicKey]);
const now = Date.now();
const keyResult = {
key: newKey,
kid: `env-${now}`,
algorithm: 'XChaCha20-Poly1305',
createdAt: now,
expiresAt: now + this.KEY_VALIDITY_PERIOD
};
this.keys.set(keyResult.kid, keyResult);
this.currentKeyId = keyResult.kid;
for (const [kid, key] of this.keys.entries()) {
if (key.expiresAt && key.expiresAt < now - (24 * 60 * 60 * 1000)) {
this.keys.delete(kid);
}
}
}
async storeKey(key, algorithm, expiresAt) {
const now = Date.now();
const keyResult = {
key,
kid: `custom-${now}`,
algorithm,
createdAt: now,
expiresAt: expiresAt || now + this.KEY_VALIDITY_PERIOD
};
this.keys.set(keyResult.kid, keyResult);
return keyResult;
}
};
exports.EnhancedEnvKeyProvider = EnhancedEnvKeyProvider;
exports.EnhancedEnvKeyProvider = EnhancedEnvKeyProvider = __decorate([
(0, common_1.Injectable)(),
__metadata("design:paramtypes", [])
], EnhancedEnvKeyProvider);
//# sourceMappingURL=enhanced-env.provider.js.map