private generateAndStoreRsaKeys()

in lib/ide-services-resources.ts [538:614]

• 64 lines of code
• 6 McCabe index (conditional complexity)

  private generateAndStoreRsaKeys() {
    // Create the Lambda function for RSA generation using Node.js runtime
    const rsaGeneratorFunction = new lambda.Function(this, 'RSAGeneratorFunction', {
      runtime: lambda.Runtime.NODEJS_18_X,
      handler: 'index.handler',
      timeout: cdk.Duration.minutes(5),
      code: lambda.Code.fromInline(`
const crypto = require('crypto');

exports.handler = async (event, context) => {
    console.log('Event:', JSON.stringify(event, null, 2));
    
    try {
        const requestType = event.RequestType || 'Create';
        
        if (requestType === 'Create' || requestType === 'Update') {
            // Generate RSA key pair
            const { publicKey, privateKey } = crypto.generateKeyPairSync('rsa', {
                modulusLength: 2048,
                publicKeyEncoding: {
                    type: 'spki',
                    format: 'pem'
                },
                privateKeyEncoding: {
                    type: 'pkcs8',
                    format: 'pem'
                }
            });
            
            console.log('RSA key pair generated successfully');
            
            return {
                PhysicalResourceId: 'RSAKeyPair-' + Date.now(),
                Data: {
                    public_key: publicKey,
                    private_key: privateKey
                }
            };
        } else {
            // For Delete operations, just return success
            return {
                PhysicalResourceId: event.PhysicalResourceId || 'RSAKeyPair'
            };
        }
        
    } catch (error) {
        console.error('Error generating RSA keys:', error);
        throw new Error(\`Failed to generate RSA keys: \${error.message}\`);
    }
};
    `),
    });

    // Create a custom resource to generate RSA key pair using the Lambda function
    const rsaGeneratorProvider = new cr.Provider(this, 'RSAGeneratorProvider', {
      onEventHandler: rsaGeneratorFunction,
    });

    const generateRSAKeys = new cdk.CustomResource(this, 'GenerateRSAKeys', {
      serviceToken: rsaGeneratorProvider.serviceToken,
      properties: {
        // Force update by adding timestamp
        Timestamp: Date.now().toString()
      }
    });

    // Create a secret in AWS Secrets Manager for mellum RSA keys with generated values
    const mellumSecret = new secretsmanager.Secret(this, 'MellumRSAKeys', {
      secretName: `ide-services-mellum-rsa-keys-${this.stackName}`,
      description: 'RSA public and private keys for Mellum authentication',
      secretObjectValue: {
        public_key: cdk.SecretValue.unsafePlainText(generateRSAKeys.getAtt('public_key').toString()),
        private_key: cdk.SecretValue.unsafePlainText(generateRSAKeys.getAtt('private_key').toString())
      }
    });
    return mellumSecret;
  }