constructor()

in modules/raw-rsa-keyring-node/src/raw_rsa_keyring_node.ts [75:153]

• 68 lines of code
• 8 McCabe index (conditional complexity)

  constructor(input: RawRsaKeyringNodeInput) {
    super()

    const {
      rsaKey,
      keyName,
      keyNamespace,
      padding = constants.RSA_PKCS1_OAEP_PADDING,
      oaepHash,
    } = input
    const { publicKey, privateKey } = rsaKey
    /* Precondition: RsaKeyringNode needs either a public or a private key to operate. */
    needs(publicKey || privateKey, 'No Key provided.')
    /* Precondition: RsaKeyringNode needs identifying information for encrypt and decrypt. */
    needs(keyName && keyNamespace, 'Identifying information must be defined.')
    /* Precondition: The AWS ESDK only supports specific hash values for OAEP padding. */
    needs(
      padding === constants.RSA_PKCS1_OAEP_PADDING
        ? oaepHashSupported
          ? supportedOaepHash.includes(oaepHash)
          : !oaepHash || oaepHash === 'sha1'
        : !oaepHash,
      'Unsupported oaepHash'
    )

    const _wrapKey = async (material: NodeEncryptionMaterial) => {
      /* Precondition: Public key must be defined to support encrypt. */
      if (!publicKey)
        throw new Error(
          'No public key defined in constructor.  Encrypt disabled.'
        )
      const { buffer, byteOffset, byteLength } = unwrapDataKey(
        material.getUnencryptedDataKey()
      )
      const encryptedDataKey = publicEncrypt(
        { key: publicKey, padding, oaepHash } as RsaPublicKey,
        Buffer.from(buffer, byteOffset, byteLength)
      )
      const providerInfo = this.keyName
      const providerId = this.keyNamespace
      const flag = KeyringTraceFlag.WRAPPING_KEY_ENCRYPTED_DATA_KEY
      const edk = new EncryptedDataKey({
        encryptedDataKey,
        providerInfo,
        providerId,
      })
      return material.addEncryptedDataKey(edk, flag)
    }

    const _unwrapKey = async (
      material: NodeDecryptionMaterial,
      edk: EncryptedDataKey
    ) => {
      /* Precondition: Private key must be defined to support decrypt. */
      if (!privateKey)
        throw new Error(
          'No private key defined in constructor.  Decrypt disabled.'
        )

      const trace: KeyringTrace = {
        keyName: this.keyName,
        keyNamespace: this.keyNamespace,
        flags: KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY,
      }

      const { buffer, byteOffset, byteLength } = edk.encryptedDataKey
      const encryptedDataKey = Buffer.from(buffer, byteOffset, byteLength)
      const unencryptedDataKey = privateDecrypt(
        { key: privateKey, padding, oaepHash } as RsaPrivateKey,
        encryptedDataKey
      )
      return material.setUnencryptedDataKey(unencryptedDataKey, trace)
    }

    readOnlyProperty(this, 'keyName', keyName)
    readOnlyProperty(this, 'keyNamespace', keyNamespace)
    readOnlyProperty(this, '_wrapKey', _wrapKey)
    readOnlyProperty(this, '_unwrapKey', _unwrapKey)
  }