ts-spiffe
Version:
typescript client for spiffe
136 lines • 5.86 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.AdminSpireClient = void 0;
const entry_grpc_client_1 = require("../proto/private/spire/api/server/entry.grpc-client");
const grpc_js_1 = require("@grpc/grpc-js");
const CertificateUtils_1 = require("../internal/CertificateUtils");
const Logger_1 = require("../internal/Logger");
class AdminSpireClient {
constructor(config) {
this.logger = new Logger_1.Logger(AdminSpireClient);
this.config = config;
}
batchCreateEntry(request) {
return this.getGrpcClient().then((client) => {
return new Promise((resolve, reject) => {
return client.batchCreateEntry(request, (error, response) => {
if (error) {
reject(new Error('An error occurred: ' + error));
}
else {
resolve(response);
}
});
});
});
}
batchUpdateEntry(request) {
return this.getGrpcClient().then((client) => {
return new Promise((resolve, reject) => {
return client.batchUpdateEntry(request, (error, response) => {
if (error) {
reject(new Error('An error occurred: ' + error));
}
else {
resolve(response);
}
});
});
});
}
getEntry(request) {
return this.getGrpcClient().then((client) => {
return new Promise((resolve, reject) => {
return client.getEntry(request, (error, response) => {
if (error) {
reject(new Error('An error occurred: ' + error));
}
else {
resolve(response);
}
});
});
});
}
setX509(x509Svid) {
this.x509 = x509Svid;
}
getGrpcClient() {
let address = ((this.config?.spireEndpoint) !== undefined) ? this.config?.spireEndpoint : "http://localhost:8080";
if (address === "") {
address = "localhost:8080";
}
return this.getCredentials().then((credentials) => {
const opts = {
//'grpc.ssl_target_name_override': 'server.fs.com',
"grpc.keepalive_permit_without_calls": 1,
"grpc.keepalive_time_ms": 15000,
"grpc.keepalive_timeout_ms": 1000,
"grpc.service_config": JSON.stringify({
loadBalancingConfig: [{ round_robin: {} }]
})
};
return new entry_grpc_client_1.EntryClient(address, credentials, opts);
});
}
getCredentials() {
if (this.x509 === undefined)
return new Promise((resolve, _reject) => {
resolve(grpc_js_1.ChannelCredentials.createInsecure());
});
else {
const rootPromise = this.x509?.getBundleAsPEM();
const leafPromise = this.x509?.getLeafAsPEM();
const intermediatePromise = this.x509?.getIntermediateAsPEM();
const keyPromise = this.x509?.getKeyAsPEM();
return new Promise((resolve, _reject) => {
rootPromise.then((rootPEM) => {
leafPromise.then((leafPEM) => {
intermediatePromise.then((intermediatePEM) => {
keyPromise.then((privateKeyPEM) => {
if (rootPEM === undefined)
throw new Error("no root certificate");
if (leafPEM === undefined)
throw new Error("no certificate");
if (intermediatePEM === undefined)
throw new Error("no certificate");
if (privateKeyPEM === undefined)
throw new Error("no certificate");
this.logger.debug(rootPEM);
this.logger.debug(leafPEM);
this.logger.debug(intermediatePEM);
this.logger.debug(privateKeyPEM);
const verifyOptions = {
checkServerIdentity(hostname, cert) {
return undefined;
}
};
resolve(grpc_js_1.ChannelCredentials.createSsl(Buffer.from(rootPEM), Buffer.from(privateKeyPEM.toString()), Buffer.from(leafPEM + "\n" + intermediatePEM), verifyOptions));
});
});
});
});
});
}
}
getPEM(rootResult) {
const rootDER = rootResult.toSchema().toBER(false);
const rootBuf = Buffer.from(new Uint8Array(rootDER).buffer);
return `-----BEGIN CERTIFICATE-----\n${rootBuf.toString("base64")}\n-----END CERTIFICATE-----`;
}
derToPem(derBase64) {
const derBuffer = Buffer.from(derBase64, 'base64');
const header = '-----BEGIN PRIVATE KEY-----';
const footer = '-----END PRIVATE KEY-----';
return [header, derBuffer.toString('base64'), footer].join('\n');
}
async getCertificate(base64) {
return new Promise((resolve, _reject) => {
CertificateUtils_1.CertificateUtils.parseX509DER(base64).then((result) => {
resolve(result);
});
});
}
}
exports.AdminSpireClient = AdminSpireClient;
//# sourceMappingURL=AdminSpireClient.js.map