lemon-core/dist/cores/aws/aws-kms-service.d.ts

Lemon Serverless Micro-Service Platform

/// <reference types="node" />
/// <reference types="node" />
import AWS from 'aws-sdk';
import { SigningAlgorithmSpec } from 'aws-sdk/clients/kms';
import { CoreKmsService } from '../core-services';
declare type MySigningAlgorithm = SigningAlgorithmSpec;
/**
 * check if base64 string.
 */
export declare const isBase64: (text: string) => boolean;
/**
 * normal base64 to url encoded.
 */
export declare const fromBase64: (base64: string) => string;
/**
 * additional options for KMS signing.
 */
export interface AWSKMSSignOption {
    /**
     * algorithm used to sign and verify.
     * (default RSASSA_PKCS1_V1_5_SHA_256)
     */
    algorithm?: MySigningAlgorithm;
}
/**
 * class: `AWSKMSService`
 * - shared Key Management Service to encrypt/decrypt message.
 */
export declare class AWSKMSService implements CoreKmsService {
    /**
     * environ name of KMS KEY
     */
    static ENV_KMS_KEY_ID: string;
    static DEF_KMS_TARGET: string;
    private _keyId;
    private _options;
    constructor(keyId?: string, options?: AWSKMSSignOption);
    /**
     * get name of this
     */
    name: () => string;
    /**
     * hello
     */
    hello: () => string;
    /**
     * get key-id to encrypt.
     */
    keyId: () => string;
    protected _instance: AWS.KMS;
    /**
     * get KMS instance in stock
     */
    instance(): AWS.KMS;
    /**
     * Encrypt message
     *
     * @param {*} message
     */
    encrypt: (message: string) => Promise<string>;
    /**
     * Decrypt message
     *
     * @param {*} encryptedSecret
     */
    decrypt: (encryptedSecret: string) => Promise<string>;
    /**
     * make signature by message
     *
     * @param {*} message any string
     * @param forJwtSignature (option) flag to get JWT signature format.
     */
    sign: (message: string, forJwtSignature?: boolean) => Promise<string>;
    /**
     * verify signature in asymetric way
     * - it tooks around `30ms`
     *
     * @param {*} message any string
     * @param {*} signature signature of Buffer or string(in base64)
     */
    verify: (message: string, signature: Buffer | string) => Promise<boolean>;
    /**
     * retrieve public-key for asymetric verification.
     * - used to verify signature with JWT library w/o making request to AWS KMS.
     * - in general, cache this `public-key` to verify locally.
     *
     * @param encoding (optional) encoding type
     */
    getPublicKey: (encoding?: BufferEncoding) => Promise<string>;
    /**
     * it should be 'hello lemon'
     *
     * # Example
     * ```sh
     * # encrypt text
     * $ aws kms encrypt --profile <profile> --key-id <kms-key-id> --plaintext "hello lemon" --query CiphertextBlob --output text
     * ```
     */
    sample(): Promise<{
        KMS_KEY_ID: string;
        keyId: string;
        message: string;
        encrypted: string;
        decrypted: string;
    }>;
}
export {};