@vizamodo/aws-sts-core 0.4.20 → 0.4.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/sts/issue.js +20 -26
  2. package/package.json +1 -1
package/dist/sts/issue.js CHANGED
@@ -74,12 +74,6 @@ export async function issueAwsCredentials(input) {
74
74
  const normalizedCert = normalizeCert(certBase64);
75
75
  // No isolate cache — stale cached values caused wrong-serial bugs.
76
76
  const certSerialDec = parseCertSerialDec(normalizedCert);
77
- console.debug("[cert-serial-debug]", {
78
- certLen: normalizedCert.length,
79
- certPreview: normalizedCert.slice(0, 40),
80
- certSerialDec,
81
- certSerialHex: BigInt(certSerialDec).toString(16),
82
- });
83
77
  const cacheKey = `${region}|${roleArn}|${profileArn}|${trustAnchorArn}|${certSerialDec}`;
84
78
  // BUG 1 KEPT: signing happens before getCachedOrFetch — runs on every
85
79
  // request even when L1/L2 cache would have returned a hit.
@@ -176,40 +170,40 @@ function normalizeCert(raw) {
176
170
  function parseCertSerialDec(normalizedCertBase64) {
177
171
  try {
178
172
  const der = base64ToBytes(normalizedCertBase64);
179
- let offset = 0;
180
- function readLen() {
181
- if (offset >= der.length)
173
+ // Use array pointer instead of closure-captured variable to avoid
174
+ // bundler (esbuild/wrangler) variable-rename bugs.
175
+ const p = [0];
176
+ function readLen(p) {
177
+ if (p[0] >= der.length)
182
178
  throw new Error("DER overflow");
183
- const b = der[offset++];
179
+ const b = der[p[0]++];
184
180
  if ((b & 0x80) === 0)
185
181
  return b;
186
182
  const n = b & 0x7f;
187
183
  let len = 0;
188
- if (offset + n > der.length)
184
+ if (p[0] + n > der.length)
189
185
  throw new Error("DER overflow");
190
186
  for (let i = 0; i < n; i++)
191
- len = (len << 8) | der[offset++];
187
+ len = (len << 8) | der[p[0]++];
192
188
  return len;
193
189
  }
194
- if (der[offset++] !== 0x30)
190
+ if (der[p[0]++] !== 0x30)
195
191
  throw new Error("bad cert");
196
- readLen();
197
- if (der[offset++] !== 0x30)
192
+ readLen(p);
193
+ if (der[p[0]++] !== 0x30)
198
194
  throw new Error("bad tbs");
199
- readLen();
200
- const beforeVersionOffset = offset;
201
- if (der[offset] === 0xa0) {
202
- offset++;
203
- offset += readLen();
195
+ readLen(p);
196
+ // Skip optional [0] EXPLICIT version field.
197
+ if (der[p[0]] === 0xa0) {
198
+ p[0]++;
199
+ p[0] += readLen(p);
204
200
  }
205
- const afterVersionOffset = offset;
206
- if (der[offset++] !== 0x02)
201
+ if (der[p[0]++] !== 0x02)
207
202
  throw new Error("bad serial tag");
208
- const serialLen = readLen();
209
- console.debug("[der-debug]", { beforeVersionOffset, afterVersionOffset, serialLen, serialByte0: der[offset]?.toString(16) });
210
- if (offset + serialLen > der.length)
203
+ const serialLen = readLen(p);
204
+ if (p[0] + serialLen > der.length)
211
205
  throw new Error("DER overflow");
212
- let serial = der.slice(offset, offset + serialLen);
206
+ let serial = der.slice(p[0], p[0] + serialLen);
213
207
  if (serial.length > 1 && serial[0] === 0x00)
214
208
  serial = serial.slice(1);
215
209
  let serialBig = 0n;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@vizamodo/aws-sts-core",
3
- "version": "0.4.20",
3
+ "version": "0.4.22",
4
4
  "description": "Pure AWS STS + SigV4 (X509 Roles Anywhere) core logic",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",