@curiostack/cloudbuild-github/build/keymanager.js

"use strict";
/*
 * MIT License
 *
 * Copyright (c) 2017 Choko (choko@curioswitch.org)
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all
 * copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
    return new (P || (P = Promise))(function (resolve, reject) {
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
        function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
        step((generator = generator.apply(thisArg, _arguments || [])).next());
    });
};
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
const config_1 = __importDefault(require("./config"));
const gcloud_1 = __importDefault(require("./gcloud"));
class KeyManager {
    constructor() {
        this.decryptedKeys = new Map();
    }
    getGithubToken(repo) {
        return __awaiter(this, void 0, void 0, function* () {
            return this.getDecrypted(config_1.default.repos[repo].encryptedGithubToken, `GITHUB_TOKEN-${repo}`);
        });
    }
    getWebhookSecret() {
        return __awaiter(this, void 0, void 0, function* () {
            return this.getDecrypted(config_1.default.encryptedWebhookSecret, 'WEBHOOK_SECRET');
        });
    }
    getDecrypted(encryptedBase64, cacheKey) {
        return __awaiter(this, void 0, void 0, function* () {
            const cached = this.decryptedKeys.get(cacheKey);
            if (cached) {
                return cached;
            }
            const google = yield gcloud_1.default();
            const projectId = yield google.auth.getProjectId();
            console.log('Decrypting ', cacheKey);
            const response = yield google
                .cloudkms({ version: 'v1' })
                .projects.locations.keyRings.cryptoKeys.decrypt({
                name: `projects/${projectId}/locations/${config_1.default.kms.location}/keyRings/${config_1.default.kms.keyring}/cryptoKeys/${config_1.default.kms.key}`,
                requestBody: {
                    ciphertext: encryptedBase64,
                },
            });
            const decrypted = Buffer.from(response.data.plaintext, 'base64').toString('ascii');
            this.decryptedKeys.set(cacheKey, decrypted);
            return decrypted;
        });
    }
}
exports.KeyManager = KeyManager;
exports.keyManager = new KeyManager();
//# sourceMappingURL=keymanager.js.map