1 | "use strict";
|
2 | var __importDefault = (this && this.__importDefault) || function (mod) {
|
3 | return (mod && mod.__esModule) ? mod : { "default": mod };
|
4 | };
|
5 | Object.defineProperty(exports, "__esModule", { value: true });
|
6 | exports.KMS = void 0;
|
7 | const aws_sdk_1 = __importDefault(require("aws-sdk"));
|
8 | const errors_1 = require("@cumulus/errors");
|
9 | const util_1 = require("./util");
|
10 | const KMSDecryptionFailed = errors_1.createErrorType('KMSDecryptionFailed');
|
11 | class KMS {
|
12 | static async encrypt(text, kmsId) {
|
13 | util_1.deprecate('@cumulus/common/key-pair-provider', '1.17.0', '@cumulus/aws-client/KMS.encrypt');
|
14 | const params = {
|
15 | KeyId: kmsId,
|
16 | Plaintext: text,
|
17 | };
|
18 | const kms = new aws_sdk_1.default.KMS();
|
19 | const { CiphertextBlob } = await kms.encrypt(params).promise();
|
20 | if (!CiphertextBlob) {
|
21 | throw new Error('Encryption failed, undefined CiphertextBlob returned');
|
22 | }
|
23 | return CiphertextBlob.toString('base64');
|
24 | }
|
25 | static async decrypt(text) {
|
26 | util_1.deprecate('@cumulus/common/key-pair-provider', '1.17.0', '@cumulus/aws-client/KMS.decryptBase64String');
|
27 | const params = {
|
28 | CiphertextBlob: Buffer.from(text, 'base64'),
|
29 | };
|
30 | const kms = new aws_sdk_1.default.KMS();
|
31 | try {
|
32 | const { Plaintext } = await kms.decrypt(params).promise();
|
33 | if (!Plaintext) {
|
34 | throw new Error('Decryption failed, undefined Plaintext returned');
|
35 | }
|
36 | return Plaintext.toString();
|
37 | }
|
38 | catch (error) {
|
39 | if (error.toString().includes('InvalidCiphertextException')) {
|
40 | throw new KMSDecryptionFailed('Decrypting the secure text failed. The provided text is invalid');
|
41 | }
|
42 | throw error;
|
43 | }
|
44 | }
|
45 | }
|
46 | exports.KMS = KMS;
|
47 |
|
\ | No newline at end of file |