@vizamodo/aws-sts-core 0.4.25 → 0.4.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/sts/issue.js +21 -14
  2. package/package.json +1 -1
package/dist/sts/issue.js CHANGED
@@ -39,30 +39,37 @@ async function getSigningMaterial(input) {
39
39
  cachedPrivateKeyBase64 === input.privateKeyPkcs8Base64) {
40
40
  return { signingKey: cachedSigningKey, certBase64: cachedCertBase64 };
41
41
  }
42
- // Material rotated discard the stale resolved key so we re-import.
43
- if (cachedSigningKey) {
42
+ // If material rotated, reset promise so we re-import.
43
+ if (cachedSigningKey &&
44
+ (cachedCertBase64 !== input.certBase64 ||
45
+ cachedPrivateKeyBase64 !== input.privateKeyPkcs8Base64)) {
44
46
  signingKeyPromise = null;
45
47
  cachedSigningKey = null;
46
48
  }
47
49
  if (!signingKeyPromise) {
50
+ let keyBuffer;
48
51
  try {
49
- const keyBuffer = base64ToBytes(input.privateKeyPkcs8Base64);
50
- signingKeyPromise = crypto.subtle.importKey("pkcs8", keyBuffer, { name: "ECDSA", namedCurve: "P-256" }, false, ["sign"]);
52
+ keyBuffer = base64ToBytes(input.privateKeyPkcs8Base64);
51
53
  }
52
54
  catch {
53
55
  throw new InternalError("invalid_signing_material");
54
56
  }
57
+ signingKeyPromise = crypto.subtle
58
+ .importKey("pkcs8", keyBuffer, { name: "ECDSA", namedCurve: "P-256" }, false, ["sign"])
59
+ .then((key) => {
60
+ // ✅ Atomic assignment inside then (no race)
61
+ cachedSigningKey = key;
62
+ cachedCertBase64 = input.certBase64;
63
+ cachedPrivateKeyBase64 = input.privateKeyPkcs8Base64;
64
+ return key;
65
+ })
66
+ .catch(() => {
67
+ signingKeyPromise = null; // allow retry
68
+ throw new InternalError("invalid_signing_material");
69
+ });
55
70
  }
56
- try {
57
- cachedSigningKey = await signingKeyPromise;
58
- cachedCertBase64 = input.certBase64;
59
- cachedPrivateKeyBase64 = input.privateKeyPkcs8Base64;
60
- return { signingKey: cachedSigningKey, certBase64: cachedCertBase64 };
61
- }
62
- catch {
63
- signingKeyPromise = null; // allow retry on next call
64
- throw new InternalError("invalid_signing_material");
65
- }
71
+ const key = await signingKeyPromise;
72
+ return { signingKey: key, certBase64: input.certBase64 };
66
73
  }
67
74
  // ---------------------------------------------------------------------------
68
75
  // Profile TTL resolution
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@vizamodo/aws-sts-core",
3
- "version": "0.4.25",
3
+ "version": "0.4.27",
4
4
  "description": "Pure AWS STS + SigV4 (X509 Roles Anywhere) core logic",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",