Skip to content

Commit e838024

Browse files
seebeesseebees
committed
kms-keyring-browser
cache client default kms-keyring-browser
1 parent 6d47acd commit e838024

File tree

2 files changed

+94
-66
lines changed

2 files changed

+94
-66
lines changed

modules/kms-keyring-browser/src/index.ts

Lines changed: 1 addition & 66 deletions
Original file line numberDiff line numberDiff line change
@@ -13,69 +13,4 @@
1313
* limitations under the License.
1414
*/
1515

16-
import {
17-
KmsKeyring,
18-
KmsKeyringInput, // eslint-disable-line no-unused-vars
19-
KMSConstructible, // eslint-disable-line no-unused-vars
20-
KmsClientSupplier, // eslint-disable-line no-unused-vars
21-
getClient,
22-
limitRegions,
23-
excludeRegions,
24-
cacheClients
25-
} from '@aws-crypto/kms-keyring'
26-
import {
27-
WebCryptoAlgorithmSuite, // eslint-disable-line no-unused-vars
28-
WebCryptoEncryptionMaterial, // eslint-disable-line no-unused-vars
29-
WebCryptoDecryptionMaterial, // eslint-disable-line no-unused-vars
30-
EncryptionContext, // eslint-disable-line no-unused-vars
31-
EncryptedDataKey, // eslint-disable-line no-unused-vars
32-
immutableClass,
33-
importCryptoKey
34-
} from '@aws-crypto/material-management-browser'
35-
import { getWebCryptoBackend } from '@aws-crypto/web-crypto-backend'
36-
import { KMS, KMSConfiguration } from '@aws-sdk/client-kms-browser' // eslint-disable-line no-unused-vars
37-
38-
export type KmsKeyringWebCryptoInput = KmsKeyringInput<KMS>
39-
export type KMSWebCryptoConstructible = KMSConstructible<KMS, KMSConfiguration>
40-
export type KmsWebCryptoClientSupplier = KmsClientSupplier<KMS>
41-
42-
export class KmsKeyringNode extends KmsKeyring<WebCryptoAlgorithmSuite, KMS> {
43-
async _onEncrypt (material: WebCryptoEncryptionMaterial, context?: EncryptionContext) {
44-
const _material = await super._onEncrypt(material, context)
45-
46-
/* Check for early return (Postcondition): If a cryptoKey has already been imported, return. */
47-
if (_material.hasUnencryptedDataKey && _material.hasCryptoKey) {
48-
return _material
49-
}
50-
51-
const backend = await getWebCryptoBackend()
52-
const cryptoKey = await importCryptoKey(backend, _material)
53-
// The trace is only set when the material does not already have
54-
// an hasUnencryptedDataKey. This is an implementation detail :(
55-
const [trace] = _material.keyringTrace
56-
57-
return _material.setCryptoKey(cryptoKey, trace)
58-
}
59-
60-
async _onDecrypt (material: WebCryptoDecryptionMaterial, encryptedDataKeys: EncryptedDataKey[], context?: EncryptionContext) {
61-
const _material = await super._onDecrypt(material, encryptedDataKeys, context)
62-
63-
/* Check for early return (Postcondition): If a cryptoKey has already been imported, return. */
64-
if (_material.hasUnencryptedDataKey && _material.hasCryptoKey) {
65-
return _material
66-
}
67-
68-
const backend = await getWebCryptoBackend()
69-
const cryptoKey = await importCryptoKey(backend, _material)
70-
// Now that a cryptoKey has been imported, the unencrypted data key can be zeroed.
71-
_material.zeroUnencryptedDataKey()
72-
// The trace is only set when the material does not already have
73-
// an hasUnencryptedDataKey. This is an implementation detail :(
74-
const [trace] = _material.keyringTrace
75-
76-
return _material.setCryptoKey(cryptoKey, trace)
77-
}
78-
}
79-
immutableClass(KmsKeyringNode)
80-
81-
export { getClient, limitRegions, excludeRegions, cacheClients }
16+
export * from './kms_keyring_browser'

modules/kms-keyring-browser/src/kms_keyring_browser.ts

Lines changed: 93 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,93 @@
1+
/*
2+
* Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use
5+
* this file except in compliance with the License. A copy of the License is
6+
* located at
7+
*
8+
* http://aws.amazon.com/apache2.0/
9+
*
10+
* or in the "license" file accompanying this file. This file is distributed on an
11+
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
12+
* implied. See the License for the specific language governing permissions and
13+
* limitations under the License.
14+
*/
15+
16+
import {
17+
KmsKeyring,
18+
KmsKeyringInput, // eslint-disable-line no-unused-vars
19+
KMSConstructible, // eslint-disable-line no-unused-vars
20+
KmsClientSupplier, // eslint-disable-line no-unused-vars
21+
getClient,
22+
limitRegions,
23+
excludeRegions,
24+
cacheClients
25+
} from '@aws-crypto/kms-keyring'
26+
import {
27+
WebCryptoAlgorithmSuite, // eslint-disable-line no-unused-vars
28+
WebCryptoEncryptionMaterial, // eslint-disable-line no-unused-vars
29+
WebCryptoDecryptionMaterial, // eslint-disable-line no-unused-vars
30+
EncryptionContext, // eslint-disable-line no-unused-vars
31+
EncryptedDataKey, // eslint-disable-line no-unused-vars
32+
immutableClass,
33+
importCryptoKey
34+
} from '@aws-crypto/material-management-browser'
35+
import { getWebCryptoBackend } from '@aws-crypto/web-crypto-backend'
36+
import { KMS, KMSConfiguration } from '@aws-sdk/client-kms-browser' // eslint-disable-line no-unused-vars
37+
38+
const getKmsClient = getClient(KMS)
39+
const cacheKmsClients = cacheClients(getKmsClient)
40+
41+
export type KmsKeyringWebCryptoInput = Partial<KmsKeyringInput<KMS>>
42+
export type KMSWebCryptoConstructible = KMSConstructible<KMS, KMSConfiguration>
43+
export type KmsWebCryptoClientSupplier = KmsClientSupplier<KMS>
44+
45+
export class KmsKeyringNode extends KmsKeyring<WebCryptoAlgorithmSuite, KMS> {
46+
constructor ({
47+
clientProvider = cacheKmsClients,
48+
kmsKeys,
49+
generatorKmsKey,
50+
grantTokens
51+
}: KmsKeyringWebCryptoInput) {
52+
super({ clientProvider, kmsKeys, generatorKmsKey, grantTokens })
53+
}
54+
55+
async _onEncrypt (material: WebCryptoEncryptionMaterial, context?: EncryptionContext) {
56+
const _material = await super._onEncrypt(material, context)
57+
58+
/* Check for early return (Postcondition): If a cryptoKey has already been imported, return. */
59+
if (_material.hasUnencryptedDataKey && _material.hasCryptoKey) {
60+
return _material
61+
}
62+
63+
const backend = await getWebCryptoBackend()
64+
const cryptoKey = await importCryptoKey(backend, _material)
65+
// The trace is only set when the material does not already have
66+
// an hasUnencryptedDataKey. This is an implementation detail :(
67+
const [trace] = _material.keyringTrace
68+
69+
return _material.setCryptoKey(cryptoKey, trace)
70+
}
71+
72+
async _onDecrypt (material: WebCryptoDecryptionMaterial, encryptedDataKeys: EncryptedDataKey[], context?: EncryptionContext) {
73+
const _material = await super._onDecrypt(material, encryptedDataKeys, context)
74+
75+
/* Check for early return (Postcondition): If a cryptoKey has already been imported, return. */
76+
if (_material.hasUnencryptedDataKey && _material.hasCryptoKey) {
77+
return _material
78+
}
79+
80+
const backend = await getWebCryptoBackend()
81+
const cryptoKey = await importCryptoKey(backend, _material)
82+
// Now that a cryptoKey has been imported, the unencrypted data key can be zeroed.
83+
_material.zeroUnencryptedDataKey()
84+
// The trace is only set when the material does not already have
85+
// an hasUnencryptedDataKey. This is an implementation detail :(
86+
const [trace] = _material.keyringTrace
87+
88+
return _material.setCryptoKey(cryptoKey, trace)
89+
}
90+
}
91+
immutableClass(KmsKeyringNode)
92+
93+
export { getClient, cacheKmsClients, limitRegions, excludeRegions, cacheClients }

0 commit comments

Comments
 (0)