@vizamodo/aws-sts-core 0.4.19 → 0.4.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/sts/issue.js +12 -0
- package/package.json +1 -1
package/dist/sts/issue.js
CHANGED
|
@@ -74,6 +74,12 @@ export async function issueAwsCredentials(input) {
|
|
|
74
74
|
const normalizedCert = normalizeCert(certBase64);
|
|
75
75
|
// No isolate cache — stale cached values caused wrong-serial bugs.
|
|
76
76
|
const certSerialDec = parseCertSerialDec(normalizedCert);
|
|
77
|
+
console.debug("[cert-serial-debug]", {
|
|
78
|
+
certLen: normalizedCert.length,
|
|
79
|
+
certPreview: normalizedCert.slice(0, 40),
|
|
80
|
+
certSerialDec,
|
|
81
|
+
certSerialHex: BigInt(certSerialDec).toString(16),
|
|
82
|
+
});
|
|
77
83
|
const cacheKey = `${region}|${roleArn}|${profileArn}|${trustAnchorArn}|${certSerialDec}`;
|
|
78
84
|
// BUG 1 KEPT: signing happens before getCachedOrFetch — runs on every
|
|
79
85
|
// request even when L1/L2 cache would have returned a hit.
|
|
@@ -191,13 +197,19 @@ function parseCertSerialDec(normalizedCertBase64) {
|
|
|
191
197
|
if (der[offset++] !== 0x30)
|
|
192
198
|
throw new Error("bad tbs");
|
|
193
199
|
readLen();
|
|
200
|
+
// Log raw DER bytes to diagnose parser mismatch
|
|
201
|
+
const rawBytes8to20 = Array.from(der.slice(8, 20)).map(b => b.toString(16).padStart(2, '0')).join(' ');
|
|
202
|
+
console.debug("[der-raw]", { rawBytes8to20, derLen: der.length });
|
|
203
|
+
const beforeVersionOffset = offset;
|
|
194
204
|
if (der[offset] === 0xa0) {
|
|
195
205
|
offset++;
|
|
196
206
|
offset += readLen();
|
|
197
207
|
}
|
|
208
|
+
const afterVersionOffset = offset;
|
|
198
209
|
if (der[offset++] !== 0x02)
|
|
199
210
|
throw new Error("bad serial tag");
|
|
200
211
|
const serialLen = readLen();
|
|
212
|
+
console.debug("[der-debug]", { beforeVersionOffset, afterVersionOffset, serialLen, serialByte0: der[offset]?.toString(16) });
|
|
201
213
|
if (offset + serialLen > der.length)
|
|
202
214
|
throw new Error("DER overflow");
|
|
203
215
|
let serial = der.slice(offset, offset + serialLen);
|