@vizamodo/aws-sts-core 0.1.47 → 0.1.50

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/sts/issue.js +46 -22
  2. package/package.json +1 -1
package/dist/sts/issue.js CHANGED
@@ -58,31 +58,46 @@ export async function issueAwsCredentials(input) {
58
58
  .replace(/-----END CERTIFICATE-----/g, "")
59
59
  .replace(/\s+/g, "");
60
60
  // --- REFACTOR: Parser ASN.1 an toàn để lấy Serial Number (DECIMAL) ---
61
+ // --- MINIMAL DER WALK: extract serial number ---
61
62
  let certSerialDec;
62
63
  try {
63
- const certDer = base64ToArrayBuffer(normalizedCert);
64
- const derBytes = new Uint8Array(certDer);
64
+ const der = new Uint8Array(base64ToArrayBuffer(normalizedCert));
65
65
  let offset = 0;
66
- // X509v3 structure check
67
- if (derBytes[offset++] !== 0x30)
68
- throw new Error("Not a sequence");
69
- offset += derBytes[offset] & 0x80 ? (derBytes[offset] & 0x7f) + 1 : 1;
70
- if (derBytes[offset++] !== 0x30)
71
- throw new Error("Not a sequence");
72
- offset += derBytes[offset] & 0x80 ? (derBytes[offset] & 0x7f) + 1 : 1;
73
- // INTEGER (Serial Number)
74
- if (derBytes[offset++] !== 0x02)
75
- throw new Error("Not an integer");
76
- const serialLength = derBytes[offset++];
77
- // Bounds check
78
- if (offset + serialLength > derBytes.length)
79
- throw new Error("Bounds error");
80
- const serialBytes = derBytes.slice(offset, offset + serialLength);
81
- // Convert to Decimal string
82
- certSerialDec = BigInt("0x" + Array.from(serialBytes)
83
- .map((b) => b.toString(16).padStart(2, "0"))
84
- .join(""))
85
- .toString();
66
+ // helper: read DER length (short + long form)
67
+ function readLen() {
68
+ const b = der[offset++];
69
+ if ((b & 0x80) === 0)
70
+ return b;
71
+ const n = b & 0x7f;
72
+ let len = 0;
73
+ for (let i = 0; i < n; i++) {
74
+ len = (len << 8) | der[offset++];
75
+ }
76
+ return len;
77
+ }
78
+ // Certificate SEQUENCE
79
+ if (der[offset++] !== 0x30)
80
+ throw new Error("bad cert");
81
+ readLen();
82
+ // TBSCertificate SEQUENCE
83
+ if (der[offset++] !== 0x30)
84
+ throw new Error("bad tbs");
85
+ readLen();
86
+ // Optional version [0] EXPLICIT (0xa0)
87
+ if (der[offset] === 0xa0) {
88
+ offset++; // tag
89
+ const vLen = readLen(); // length
90
+ offset += vLen; // skip full version block
91
+ }
92
+ // SerialNumber INTEGER
93
+ if (der[offset++] !== 0x02)
94
+ throw new Error("bad serial tag");
95
+ const serialLen = readLen();
96
+ const serial = der.slice(offset, offset + serialLen);
97
+ certSerialDec = BigInt("0x" +
98
+ Array.from(serial)
99
+ .map(b => b.toString(16).padStart(2, "0"))
100
+ .join("")).toString();
86
101
  }
87
102
  catch (e) {
88
103
  console.error("[issueAwsCredentials] Failed to parse cert serial", e);
@@ -138,6 +153,15 @@ export async function issueAwsCredentials(input) {
138
153
  }
139
154
  const json = await res.json();
140
155
  const creds = json?.credentialSet?.[0]?.credentials;
156
+ console.log("[issueAwsCredentials][aws-response]", {
157
+ raw: json,
158
+ });
159
+ console.log("[issueAwsCredentials][parsed-credentials]", {
160
+ accessKeyId: creds?.accessKeyId,
161
+ secretAccessKey: creds.secretAccessKey,
162
+ sessionToken: creds.sessionToken,
163
+ expiration: creds?.expiration,
164
+ });
141
165
  return {
142
166
  accessKeyId: creds.accessKeyId,
143
167
  secretAccessKey: creds.secretAccessKey,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@vizamodo/aws-sts-core",
3
- "version": "0.1.47",
3
+ "version": "0.1.50",
4
4
  "description": "Pure AWS STS + SigV4 (X509 Roles Anywhere) core logic",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",