Bridgeman-Accessible/ba-auth_keystore_vault
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added flag to turn on/off debug logging
All checks were successful
Publish to Private NPM Registry / publish (push) Successful in 38s
Details

Browse source
This commit is contained in:
Alan Bridgeman 2026-02-21 13:24:09 -06:00
parent a5af6e447d
commit 1bb8d58a12
1 changed files with 57 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

75
src/VaultKeys.ts
View file

@ -109,7 +109,9 @@ export class VaultKeys implements JWKTypes.KeyStore {
// Get the key from the local class variable
const nodeJoseKey = this.keys.find((key) => key.kid === kid);
logMessage(`Returned key: ${JSON.stringify(nodeJoseKey)}`, LogLevel.DEBUG);
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
logMessage(`Returned key: ${JSON.stringify(nodeJoseKey)}`, LogLevel.DEBUG);
}
if(typeof nodeJoseKey === 'undefined') {
logMessage(`Key ${kid} not found in the Hashicorp Vault`, LogLevel.ERROR);
@ -131,7 +133,9 @@ export class VaultKeys implements JWKTypes.KeyStore {
// Convert the key to a JWK.Key object
const jwk = await JWK.asKey(key, form, extras);
logMessage(`Adding key ${JSON.stringify(jwk)} to the Hashicorp Vault...`, LogLevel.DEBUG);
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
logMessage(`Adding key ${JSON.stringify(jwk)} to the Hashicorp Vault...`, LogLevel.DEBUG);
}
try {
// Add the key to the Hashicorp Vault
@ -184,7 +188,9 @@ export class VaultKeys implements JWKTypes.KeyStore {
* @returns The list of keys available in the KeyStore that match the filter (if provided) or all keys if no filter is provided
*/
all(filter?: JWKTypes.KeyStoreGetFilter): JWKTypes.Key[] {
logMessage('Getting all keys from the Hashicorp Vault...', LogLevel.DEBUG);
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
logMessage('Getting all keys from the Hashicorp Vault...', LogLevel.DEBUG);
}
/*let syncLock = false;
let startTime = Date.now();
@ -250,41 +256,61 @@ export class VaultKeys implements JWKTypes.KeyStore {
const keys = this.keys;
logMessage(`Returned keys: ${JSON.stringify(keys)}`, LogLevel.DEBUG);
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
logMessage(`Returned keys: ${JSON.stringify(keys)}`, LogLevel.DEBUG);
}
if(typeof filter === 'undefined') {
logMessage('No filter provided, returning all keys', LogLevel.DEBUG);
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
logMessage('No filter provided, returning all keys', LogLevel.DEBUG);
}
return keys;
}
logMessage(`Starting key filtering (${JSON.stringify(filter)})...`, LogLevel.DEBUG);
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
logMessage(`Starting key filtering (${JSON.stringify(filter)})...`, LogLevel.DEBUG);
}
// Filter the keys based on the filter object provided
const filteredKeys = keys.filter((key) => {
logMessage(`[all - filtering keys] Key: ${JSON.stringify(key)}`, LogLevel.DEBUG);
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
logMessage(`[all - filtering keys] Key: ${JSON.stringify(key)}`, LogLevel.DEBUG);
}
// Check if the `alg` (algorithm) filtering is set and if it matches the current key
if(typeof filter.alg !== 'undefined' && key.alg !== filter.alg) {
logMessage(`Key ${key.kid} does not match the algorithm filter ${filter.alg}`, LogLevel.DEBUG);
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
logMessage(`Key ${key.kid} does not match the algorithm filter ${filter.alg}`, LogLevel.DEBUG);
}
return false;
}
// Check if the `kty` (key type) filtering is set and if it matches the current key
if(typeof filter.kty !== 'undefined' && key.kty !== filter.kty) {
logMessage(`Key ${key.kid} does not match the key type filter ${filter.kty}`, LogLevel.DEBUG);
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
logMessage(`Key ${key.kid} does not match the key type filter ${filter.kty}`, LogLevel.DEBUG);
}
return false;
}
// Check if the `use` filtering is set and if it matches the current key
if(typeof filter.use !== 'undefined' && key.use !== filter.use) {
logMessage(`Key ${key.kid} does not match the use filter ${filter.use}`, LogLevel.DEBUG);
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
logMessage(`Key ${key.kid} does not match the use filter ${filter.use}`, LogLevel.DEBUG);
}
return false;
}
return true;
});
logMessage(`Filtered Keys: ${JSON.stringify(filteredKeys)}`, LogLevel.DEBUG);
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
logMessage(`Filtered Keys: ${JSON.stringify(filteredKeys)}`, LogLevel.DEBUG);
}
return filteredKeys;
}
@ -302,7 +328,9 @@ export class VaultKeys implements JWKTypes.KeyStore {
keys.push(key.toJSON(exportPrivate));
});
logMessage(`KeyStore JSON: ${JSON.stringify({ keys })}`, LogLevel.DEBUG);
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
logMessage(`KeyStore JSON: ${JSON.stringify({ keys })}`, LogLevel.DEBUG);
}
return { keys: keys };
}
@ -322,9 +350,10 @@ export class VaultKeys implements JWKTypes.KeyStore {
throw new Error('size must be an integer for RSA and oct key types');
}
logMessage(`Generating a new ${kty} key with size ${size}...`, LogLevel.DEBUG);
logMessage(`Key properties: ${JSON.stringify(props)}`, LogLevel.DEBUG);
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
logMessage(`Generating a new ${kty} key with size ${size}...`, LogLevel.DEBUG);
logMessage(`Key properties: ${JSON.stringify(props)}`, LogLevel.DEBUG);
}
// Get the key "factory" from the registry based on the key type (kty)
//
@ -373,12 +402,16 @@ export class VaultKeys implements JWKTypes.KeyStore {
var self = this
return promise.then((generatedKey: pki.rsa.PrivateKey | Bytes | { crv: 'P-256' | 'P-384' | 'P-521', x: Buffer<ArrayBuffer>, y: Buffer<ArrayBuffer>, d: Buffer<ArrayBuffer> }) => {
logMessage(`Generated key: ${JSON.stringify(generatedKey)}`, LogLevel.DEBUG);
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
logMessage(`Generated key: ${JSON.stringify(generatedKey)}`, LogLevel.DEBUG);
}
// merge props and the key type (kty) into the JWK object
const jwk = merge(props, generatedKey, { kty: kty }) as string | object | JWKTypes.Key | Buffer | JWKTypes.RawKey;
logMessage(`Generated (raw) JWK: ${JSON.stringify(jwk)}`, LogLevel.DEBUG);
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
logMessage(`Generated (raw) JWK: ${JSON.stringify(jwk)}`, LogLevel.DEBUG);
}
// Add the key to the KeyStore
return self.add(jwk);
@ -419,7 +452,9 @@ export class VaultKeys implements JWKTypes.KeyStore {
return [];
}
logMessage(`Key list from Hashicorp Vault: ${JSON.stringify(keyList)}`, LogLevel.DEBUG);
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
logMessage(`Key list from Hashicorp Vault: ${JSON.stringify(keyList)}`, LogLevel.DEBUG);
}
// Loop over the keys in the Hashicorp Vault
for (const keyId of keyList.data.keys) {
@ -427,7 +462,9 @@ export class VaultKeys implements JWKTypes.KeyStore {
const keyData = await this.VAULT_CRED.getVaultClient().read(`secret/data/keys/${keyId}`);
const key = keyData.data.data;
logMessage(`Adding key ${JSON.stringify(key)} to list`, LogLevel.DEBUG);
if(typeof process.env.DEBUG_INTERSERVICE_COMMS !== 'undefined' && process.env.DEBUG_INTERSERVICE_COMMS === 'true') {
logMessage(`Adding key ${JSON.stringify(key)} to list`, LogLevel.DEBUG);
}
this.keys.push(await JWK.asKey(key));
}