(config)
| 660 | } |
| 661 | |
| 662 | _parseKmsAWS(config) { |
| 663 | if (!config.kmsAWS) { |
| 664 | return {}; |
| 665 | } |
| 666 | let kmsAWS = {}; |
| 667 | |
| 668 | const { providerName, region, endpoint, ak, sk, tls, noAwsArn } = config.kmsAWS; |
| 669 | |
| 670 | assert(providerName, 'Configuration Error: providerName must be defined in kmsAWS'); |
| 671 | assert(isValidProvider(providerName), |
| 672 | 'Configuration Error: kmsAWS.providerNamer must be lowercase alphanumeric only'); |
| 673 | assert(endpoint, 'Configuration Error: endpoint must be defined in kmsAWS'); |
| 674 | assert(ak, 'Configuration Error: ak must be defined in kmsAWS'); |
| 675 | assert(sk, 'Configuration Error: sk must be defined in kmsAWS'); |
| 676 | assert(['undefined', 'boolean'].some(type => type === typeof noAwsArn), |
| 677 | 'Configuration Error:: kmsAWS.noAwsArn must be a boolean or not set'); |
| 678 | |
| 679 | kmsAWS = { |
| 680 | providerName, |
| 681 | endpoint, |
| 682 | ak, |
| 683 | sk, |
| 684 | }; |
| 685 | |
| 686 | if (region) { |
| 687 | kmsAWS.region = region; |
| 688 | } |
| 689 | |
| 690 | if (noAwsArn) { |
| 691 | kmsAWS.noAwsArn = noAwsArn; |
| 692 | } |
| 693 | |
| 694 | if (tls) { |
| 695 | kmsAWS.tls = {}; |
| 696 | if (tls.rejectUnauthorized !== undefined) { |
| 697 | assert(typeof tls.rejectUnauthorized === 'boolean'); |
| 698 | kmsAWS.tls.rejectUnauthorized = tls.rejectUnauthorized; |
| 699 | } |
| 700 | // min & max TLS: One of 'TLSv1.3', 'TLSv1.2', 'TLSv1.1', or 'TLSv1' |
| 701 | // (see https://nodejs.org/api/tls.html#tlscreatesecurecontextoptions) |
| 702 | if (tls.minVersion !== undefined) { |
| 703 | assert(typeof tls.minVersion === 'string', |
| 704 | 'bad config: KMS AWS TLS minVersion must be a string'); |
| 705 | kmsAWS.tls.minVersion = tls.minVersion; |
| 706 | } |
| 707 | if (tls.maxVersion !== undefined) { |
| 708 | assert(typeof tls.maxVersion === 'string', |
| 709 | 'bad config: KMS AWS TLS maxVersion must be a string'); |
| 710 | kmsAWS.tls.maxVersion = tls.maxVersion; |
| 711 | } |
| 712 | if (tls.ca !== undefined) { |
| 713 | kmsAWS.tls.ca = this._loadTlsFileArray(tls.ca); |
| 714 | } |
| 715 | if (tls.cert !== undefined) { |
| 716 | kmsAWS.tls.cert = this._loadTlsFileArray(tls.cert); |
| 717 | } |
| 718 | if (tls.key !== undefined) { |
| 719 | kmsAWS.tls.key = this._loadTlsFileArray(tls.key); |
no test coverage detected