diff --git a/src/VaultKeys.ts b/src/VaultKeys.ts index d542749..23d2953 100644 --- a/src/VaultKeys.ts +++ b/src/VaultKeys.ts @@ -109,7 +109,9 @@ export class VaultKeys implements JWKTypes.KeyStore { // Get the key from the local class variable const nodeJoseKey = this.keys.find((key) => key.kid === kid); - logMessage(`Returned key: ${JSON.stringify(nodeJoseKey)}`, LogLevel.DEBUG); + if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') { + logMessage(`Returned key: ${JSON.stringify(nodeJoseKey)}`, LogLevel.DEBUG); + } if(typeof nodeJoseKey === 'undefined') { logMessage(`Key ${kid} not found in the Hashicorp Vault`, LogLevel.ERROR); @@ -131,7 +133,9 @@ export class VaultKeys implements JWKTypes.KeyStore { // Convert the key to a JWK.Key object const jwk = await JWK.asKey(key, form, extras); - logMessage(`Adding key ${JSON.stringify(jwk)} to the Hashicorp Vault...`, LogLevel.DEBUG); + if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') { + logMessage(`Adding key ${JSON.stringify(jwk)} to the Hashicorp Vault...`, LogLevel.DEBUG); + } try { // Add the key to the Hashicorp Vault @@ -184,7 +188,9 @@ export class VaultKeys implements JWKTypes.KeyStore { * @returns The list of keys available in the KeyStore that match the filter (if provided) or all keys if no filter is provided */ all(filter?: JWKTypes.KeyStoreGetFilter): JWKTypes.Key[] { - logMessage('Getting all keys from the Hashicorp Vault...', LogLevel.DEBUG); + if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') { + logMessage('Getting all keys from the Hashicorp Vault...', LogLevel.DEBUG); + } /*let syncLock = false; let startTime = Date.now(); @@ -250,41 +256,61 @@ export class VaultKeys implements JWKTypes.KeyStore { const keys = this.keys; - logMessage(`Returned keys: ${JSON.stringify(keys)}`, LogLevel.DEBUG); + if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') { + logMessage(`Returned keys: ${JSON.stringify(keys)}`, LogLevel.DEBUG); + } if(typeof filter === 'undefined') { - logMessage('No filter provided, returning all keys', LogLevel.DEBUG); + if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') { + logMessage('No filter provided, returning all keys', LogLevel.DEBUG); + } + return keys; } - logMessage(`Starting key filtering (${JSON.stringify(filter)})...`, LogLevel.DEBUG); + if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') { + logMessage(`Starting key filtering (${JSON.stringify(filter)})...`, LogLevel.DEBUG); + } // Filter the keys based on the filter object provided const filteredKeys = keys.filter((key) => { - logMessage(`[all - filtering keys] Key: ${JSON.stringify(key)}`, LogLevel.DEBUG); + if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') { + logMessage(`[all - filtering keys] Key: ${JSON.stringify(key)}`, LogLevel.DEBUG); + } // Check if the `alg` (algorithm) filtering is set and if it matches the current key if(typeof filter.alg !== 'undefined' && key.alg !== filter.alg) { - logMessage(`Key ${key.kid} does not match the algorithm filter ${filter.alg}`, LogLevel.DEBUG); + if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') { + logMessage(`Key ${key.kid} does not match the algorithm filter ${filter.alg}`, LogLevel.DEBUG); + } + return false; } // Check if the `kty` (key type) filtering is set and if it matches the current key if(typeof filter.kty !== 'undefined' && key.kty !== filter.kty) { - logMessage(`Key ${key.kid} does not match the key type filter ${filter.kty}`, LogLevel.DEBUG); + if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') { + logMessage(`Key ${key.kid} does not match the key type filter ${filter.kty}`, LogLevel.DEBUG); + } + return false; } // Check if the `use` filtering is set and if it matches the current key if(typeof filter.use !== 'undefined' && key.use !== filter.use) { - logMessage(`Key ${key.kid} does not match the use filter ${filter.use}`, LogLevel.DEBUG); + if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') { + logMessage(`Key ${key.kid} does not match the use filter ${filter.use}`, LogLevel.DEBUG); + } + return false; } return true; }); - logMessage(`Filtered Keys: ${JSON.stringify(filteredKeys)}`, LogLevel.DEBUG); + if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') { + logMessage(`Filtered Keys: ${JSON.stringify(filteredKeys)}`, LogLevel.DEBUG); + } return filteredKeys; } @@ -302,8 +328,10 @@ export class VaultKeys implements JWKTypes.KeyStore { keys.push(key.toJSON(exportPrivate)); }); - logMessage(`KeyStore JSON: ${JSON.stringify({ keys })}`, LogLevel.DEBUG); - + if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') { + logMessage(`KeyStore JSON: ${JSON.stringify({ keys })}`, LogLevel.DEBUG); + } + return { keys: keys }; } @@ -322,10 +350,11 @@ export class VaultKeys implements JWKTypes.KeyStore { throw new Error('size must be an integer for RSA and oct key types'); } - logMessage(`Generating a new ${kty} key with size ${size}...`, LogLevel.DEBUG); + if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') { + logMessage(`Generating a new ${kty} key with size ${size}...`, LogLevel.DEBUG); + logMessage(`Key properties: ${JSON.stringify(props)}`, LogLevel.DEBUG); + } - logMessage(`Key properties: ${JSON.stringify(props)}`, LogLevel.DEBUG); - // Get the key "factory" from the registry based on the key type (kty) // // This essentially gets the proper instance of: @@ -373,12 +402,16 @@ export class VaultKeys implements JWKTypes.KeyStore { var self = this return promise.then((generatedKey: pki.rsa.PrivateKey | Bytes | { crv: 'P-256' | 'P-384' | 'P-521', x: Buffer, y: Buffer, d: Buffer }) => { - logMessage(`Generated key: ${JSON.stringify(generatedKey)}`, LogLevel.DEBUG); + if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') { + logMessage(`Generated key: ${JSON.stringify(generatedKey)}`, LogLevel.DEBUG); + } // merge props and the key type (kty) into the JWK object const jwk = merge(props, generatedKey, { kty: kty }) as string | object | JWKTypes.Key | Buffer | JWKTypes.RawKey; - logMessage(`Generated (raw) JWK: ${JSON.stringify(jwk)}`, LogLevel.DEBUG); + if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') { + logMessage(`Generated (raw) JWK: ${JSON.stringify(jwk)}`, LogLevel.DEBUG); + } // Add the key to the KeyStore return self.add(jwk); @@ -419,7 +452,9 @@ export class VaultKeys implements JWKTypes.KeyStore { return []; } - logMessage(`Key list from Hashicorp Vault: ${JSON.stringify(keyList)}`, LogLevel.DEBUG); + if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') { + logMessage(`Key list from Hashicorp Vault: ${JSON.stringify(keyList)}`, LogLevel.DEBUG); + } // Loop over the keys in the Hashicorp Vault for (const keyId of keyList.data.keys) { @@ -427,7 +462,9 @@ export class VaultKeys implements JWKTypes.KeyStore { const keyData = await this.VAULT_CRED.getVaultClient().read(`secret/data/keys/${keyId}`); const key = keyData.data.data; - logMessage(`Adding key ${JSON.stringify(key)} to list`, LogLevel.DEBUG); + if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') { + logMessage(`Adding key ${JSON.stringify(key)} to list`, LogLevel.DEBUG); + } this.keys.push(await JWK.asKey(key)); }