Added flag to turn on/off debug logging
All checks were successful
Publish to Private NPM Registry / publish (push) Successful in 38s
All checks were successful
Publish to Private NPM Registry / publish (push) Successful in 38s
This commit is contained in:
Alan Bridgeman
parent
a5af6e447d
commit
1bb8d58a12
1 changed files with 57 additions and 20 deletions
|
|
@ -109,7 +109,9 @@ export class VaultKeys implements JWKTypes.KeyStore {
|
||||||
// Get the key from the local class variable
|
// Get the key from the local class variable
|
||||||
const nodeJoseKey = this.keys.find((key) => key.kid === kid);
|
const nodeJoseKey = this.keys.find((key) => key.kid === kid);
|
||||||
|
|
||||||
logMessage(`Returned key: ${JSON.stringify(nodeJoseKey)}`, LogLevel.DEBUG);
|
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
|
||||||
|
logMessage(`Returned key: ${JSON.stringify(nodeJoseKey)}`, LogLevel.DEBUG);
|
||||||
|
}
|
||||||
|
|
||||||
if(typeof nodeJoseKey === 'undefined') {
|
if(typeof nodeJoseKey === 'undefined') {
|
||||||
logMessage(`Key ${kid} not found in the Hashicorp Vault`, LogLevel.ERROR);
|
logMessage(`Key ${kid} not found in the Hashicorp Vault`, LogLevel.ERROR);
|
||||||
|
|
@ -131,7 +133,9 @@ export class VaultKeys implements JWKTypes.KeyStore {
|
||||||
// Convert the key to a JWK.Key object
|
// Convert the key to a JWK.Key object
|
||||||
const jwk = await JWK.asKey(key, form, extras);
|
const jwk = await JWK.asKey(key, form, extras);
|
||||||
|
|
||||||
logMessage(`Adding key ${JSON.stringify(jwk)} to the Hashicorp Vault...`, LogLevel.DEBUG);
|
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
|
||||||
|
logMessage(`Adding key ${JSON.stringify(jwk)} to the Hashicorp Vault...`, LogLevel.DEBUG);
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// Add the key to the Hashicorp Vault
|
// Add the key to the Hashicorp Vault
|
||||||
|
|
@ -184,7 +188,9 @@ export class VaultKeys implements JWKTypes.KeyStore {
|
||||||
* @returns The list of keys available in the KeyStore that match the filter (if provided) or all keys if no filter is provided
|
* @returns The list of keys available in the KeyStore that match the filter (if provided) or all keys if no filter is provided
|
||||||
*/
|
*/
|
||||||
all(filter?: JWKTypes.KeyStoreGetFilter): JWKTypes.Key[] {
|
all(filter?: JWKTypes.KeyStoreGetFilter): JWKTypes.Key[] {
|
||||||
logMessage('Getting all keys from the Hashicorp Vault...', LogLevel.DEBUG);
|
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
|
||||||
|
logMessage('Getting all keys from the Hashicorp Vault...', LogLevel.DEBUG);
|
||||||
|
}
|
||||||
|
|
||||||
/*let syncLock = false;
|
/*let syncLock = false;
|
||||||
let startTime = Date.now();
|
let startTime = Date.now();
|
||||||
|
|
@ -250,41 +256,61 @@ export class VaultKeys implements JWKTypes.KeyStore {
|
||||||
|
|
||||||
const keys = this.keys;
|
const keys = this.keys;
|
||||||
|
|
||||||
logMessage(`Returned keys: ${JSON.stringify(keys)}`, LogLevel.DEBUG);
|
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
|
||||||
|
logMessage(`Returned keys: ${JSON.stringify(keys)}`, LogLevel.DEBUG);
|
||||||
|
}
|
||||||
|
|
||||||
if(typeof filter === 'undefined') {
|
if(typeof filter === 'undefined') {
|
||||||
logMessage('No filter provided, returning all keys', LogLevel.DEBUG);
|
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
|
||||||
|
logMessage('No filter provided, returning all keys', LogLevel.DEBUG);
|
||||||
|
}
|
||||||
|
|
||||||
return keys;
|
return keys;
|
||||||
}
|
}
|
||||||
|
|
||||||
logMessage(`Starting key filtering (${JSON.stringify(filter)})...`, LogLevel.DEBUG);
|
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
|
||||||
|
logMessage(`Starting key filtering (${JSON.stringify(filter)})...`, LogLevel.DEBUG);
|
||||||
|
}
|
||||||
|
|
||||||
// Filter the keys based on the filter object provided
|
// Filter the keys based on the filter object provided
|
||||||
const filteredKeys = keys.filter((key) => {
|
const filteredKeys = keys.filter((key) => {
|
||||||
logMessage(`[all - filtering keys] Key: ${JSON.stringify(key)}`, LogLevel.DEBUG);
|
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
|
||||||
|
logMessage(`[all - filtering keys] Key: ${JSON.stringify(key)}`, LogLevel.DEBUG);
|
||||||
|
}
|
||||||
|
|
||||||
// Check if the `alg` (algorithm) filtering is set and if it matches the current key
|
// Check if the `alg` (algorithm) filtering is set and if it matches the current key
|
||||||
if(typeof filter.alg !== 'undefined' && key.alg !== filter.alg) {
|
if(typeof filter.alg !== 'undefined' && key.alg !== filter.alg) {
|
||||||
logMessage(`Key ${key.kid} does not match the algorithm filter ${filter.alg}`, LogLevel.DEBUG);
|
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
|
||||||
|
logMessage(`Key ${key.kid} does not match the algorithm filter ${filter.alg}`, LogLevel.DEBUG);
|
||||||
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if the `kty` (key type) filtering is set and if it matches the current key
|
// Check if the `kty` (key type) filtering is set and if it matches the current key
|
||||||
if(typeof filter.kty !== 'undefined' && key.kty !== filter.kty) {
|
if(typeof filter.kty !== 'undefined' && key.kty !== filter.kty) {
|
||||||
logMessage(`Key ${key.kid} does not match the key type filter ${filter.kty}`, LogLevel.DEBUG);
|
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
|
||||||
|
logMessage(`Key ${key.kid} does not match the key type filter ${filter.kty}`, LogLevel.DEBUG);
|
||||||
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if the `use` filtering is set and if it matches the current key
|
// Check if the `use` filtering is set and if it matches the current key
|
||||||
if(typeof filter.use !== 'undefined' && key.use !== filter.use) {
|
if(typeof filter.use !== 'undefined' && key.use !== filter.use) {
|
||||||
logMessage(`Key ${key.kid} does not match the use filter ${filter.use}`, LogLevel.DEBUG);
|
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
|
||||||
|
logMessage(`Key ${key.kid} does not match the use filter ${filter.use}`, LogLevel.DEBUG);
|
||||||
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
});
|
});
|
||||||
|
|
||||||
logMessage(`Filtered Keys: ${JSON.stringify(filteredKeys)}`, LogLevel.DEBUG);
|
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
|
||||||
|
logMessage(`Filtered Keys: ${JSON.stringify(filteredKeys)}`, LogLevel.DEBUG);
|
||||||
|
}
|
||||||
|
|
||||||
return filteredKeys;
|
return filteredKeys;
|
||||||
}
|
}
|
||||||
|
|
@ -302,8 +328,10 @@ export class VaultKeys implements JWKTypes.KeyStore {
|
||||||
keys.push(key.toJSON(exportPrivate));
|
keys.push(key.toJSON(exportPrivate));
|
||||||
});
|
});
|
||||||
|
|
||||||
logMessage(`KeyStore JSON: ${JSON.stringify({ keys })}`, LogLevel.DEBUG);
|
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
|
||||||
|
logMessage(`KeyStore JSON: ${JSON.stringify({ keys })}`, LogLevel.DEBUG);
|
||||||
|
}
|
||||||
|
|
||||||
return { keys: keys };
|
return { keys: keys };
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -322,10 +350,11 @@ export class VaultKeys implements JWKTypes.KeyStore {
|
||||||
throw new Error('size must be an integer for RSA and oct key types');
|
throw new Error('size must be an integer for RSA and oct key types');
|
||||||
}
|
}
|
||||||
|
|
||||||
logMessage(`Generating a new ${kty} key with size ${size}...`, LogLevel.DEBUG);
|
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
|
||||||
|
logMessage(`Generating a new ${kty} key with size ${size}...`, LogLevel.DEBUG);
|
||||||
|
logMessage(`Key properties: ${JSON.stringify(props)}`, LogLevel.DEBUG);
|
||||||
|
}
|
||||||
|
|
||||||
logMessage(`Key properties: ${JSON.stringify(props)}`, LogLevel.DEBUG);
|
|
||||||
|
|
||||||
// Get the key "factory" from the registry based on the key type (kty)
|
// Get the key "factory" from the registry based on the key type (kty)
|
||||||
//
|
//
|
||||||
// This essentially gets the proper instance of:
|
// This essentially gets the proper instance of:
|
||||||
|
|
@ -373,12 +402,16 @@ export class VaultKeys implements JWKTypes.KeyStore {
|
||||||
var self = this
|
var self = this
|
||||||
|
|
||||||
return promise.then((generatedKey: pki.rsa.PrivateKey | Bytes | { crv: 'P-256' | 'P-384' | 'P-521', x: Buffer<ArrayBuffer>, y: Buffer<ArrayBuffer>, d: Buffer<ArrayBuffer> }) => {
|
return promise.then((generatedKey: pki.rsa.PrivateKey | Bytes | { crv: 'P-256' | 'P-384' | 'P-521', x: Buffer<ArrayBuffer>, y: Buffer<ArrayBuffer>, d: Buffer<ArrayBuffer> }) => {
|
||||||
logMessage(`Generated key: ${JSON.stringify(generatedKey)}`, LogLevel.DEBUG);
|
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
|
||||||
|
logMessage(`Generated key: ${JSON.stringify(generatedKey)}`, LogLevel.DEBUG);
|
||||||
|
}
|
||||||
|
|
||||||
// merge props and the key type (kty) into the JWK object
|
// merge props and the key type (kty) into the JWK object
|
||||||
const jwk = merge(props, generatedKey, { kty: kty }) as string | object | JWKTypes.Key | Buffer | JWKTypes.RawKey;
|
const jwk = merge(props, generatedKey, { kty: kty }) as string | object | JWKTypes.Key | Buffer | JWKTypes.RawKey;
|
||||||
|
|
||||||
logMessage(`Generated (raw) JWK: ${JSON.stringify(jwk)}`, LogLevel.DEBUG);
|
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
|
||||||
|
logMessage(`Generated (raw) JWK: ${JSON.stringify(jwk)}`, LogLevel.DEBUG);
|
||||||
|
}
|
||||||
|
|
||||||
// Add the key to the KeyStore
|
// Add the key to the KeyStore
|
||||||
return self.add(jwk);
|
return self.add(jwk);
|
||||||
|
|
@ -419,7 +452,9 @@ export class VaultKeys implements JWKTypes.KeyStore {
|
||||||
return [];
|
return [];
|
||||||
}
|
}
|
||||||
|
|
||||||
logMessage(`Key list from Hashicorp Vault: ${JSON.stringify(keyList)}`, LogLevel.DEBUG);
|
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
|
||||||
|
logMessage(`Key list from Hashicorp Vault: ${JSON.stringify(keyList)}`, LogLevel.DEBUG);
|
||||||
|
}
|
||||||
|
|
||||||
// Loop over the keys in the Hashicorp Vault
|
// Loop over the keys in the Hashicorp Vault
|
||||||
for (const keyId of keyList.data.keys) {
|
for (const keyId of keyList.data.keys) {
|
||||||
|
|
@ -427,7 +462,9 @@ export class VaultKeys implements JWKTypes.KeyStore {
|
||||||
const keyData = await this.VAULT_CRED.getVaultClient().read(`secret/data/keys/${keyId}`);
|
const keyData = await this.VAULT_CRED.getVaultClient().read(`secret/data/keys/${keyId}`);
|
||||||
const key = keyData.data.data;
|
const key = keyData.data.data;
|
||||||
|
|
||||||
logMessage(`Adding key ${JSON.stringify(key)} to list`, LogLevel.DEBUG);
|
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
|
||||||
|
logMessage(`Adding key ${JSON.stringify(key)} to list`, LogLevel.DEBUG);
|
||||||
|
}
|
||||||
|
|
||||||
this.keys.push(await JWK.asKey(key));
|
this.keys.push(await JWK.asKey(key));
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue