blockintel-gate-sdk 0.4.6 → 0.4.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +33 -2
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +33 -2
- package/dist/index.js.map +1 -1
- package/dist/pilot/index.cjs +1 -1
- package/dist/pilot/index.cjs.map +1 -1
- package/dist/pilot/index.js +1 -1
- package/dist/pilot/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -1212,7 +1212,7 @@ async function handleSignCommand(command, originalClient, gateClient, options) {
|
|
|
1212
1212
|
if (options.mode === "dry-run") {
|
|
1213
1213
|
return await originalClient.send(new SignCommand(command));
|
|
1214
1214
|
}
|
|
1215
|
-
const GATEWAY_STAGES = ["HARD_KMS_GATEWAY", "HARD_GCP_GATEWAY"
|
|
1215
|
+
const GATEWAY_STAGES = ["HARD_KMS_GATEWAY", "HARD_GCP_GATEWAY"];
|
|
1216
1216
|
const currentStage = gateClient.heartbeatManager?.getAdoptionStage?.();
|
|
1217
1217
|
if (currentStage && GATEWAY_STAGES.includes(currentStage)) {
|
|
1218
1218
|
emitMetric(options.metricsSink, "sign_success_total", labels);
|
|
@@ -3005,7 +3005,38 @@ var GcpKmsSigner = class {
|
|
|
3005
3005
|
if (!this.config.credentials) {
|
|
3006
3006
|
throw new Error("GCP credentials not configured");
|
|
3007
3007
|
}
|
|
3008
|
-
|
|
3008
|
+
const creds = typeof this.config.credentials === "string" ? JSON.parse(this.config.credentials) : this.config.credentials;
|
|
3009
|
+
if (!creds.client_email || !creds.private_key) {
|
|
3010
|
+
throw new Error("GCP credentials must contain client_email and private_key");
|
|
3011
|
+
}
|
|
3012
|
+
const crypto = await import('crypto');
|
|
3013
|
+
const now = Math.floor(Date.now() / 1e3);
|
|
3014
|
+
const header = Buffer.from(JSON.stringify({ alg: "RS256", typ: "JWT" })).toString("base64url");
|
|
3015
|
+
const payload = Buffer.from(JSON.stringify({
|
|
3016
|
+
iss: creds.client_email,
|
|
3017
|
+
scope: "https://www.googleapis.com/auth/cloudkms",
|
|
3018
|
+
aud: "https://oauth2.googleapis.com/token",
|
|
3019
|
+
iat: now,
|
|
3020
|
+
exp: now + 3600
|
|
3021
|
+
})).toString("base64url");
|
|
3022
|
+
const sigInput = `${header}.${payload}`;
|
|
3023
|
+
const sign = crypto.createSign("RSA-SHA256");
|
|
3024
|
+
sign.update(sigInput);
|
|
3025
|
+
const sig = sign.sign(creds.private_key, "base64url");
|
|
3026
|
+
const jwt = `${sigInput}.${sig}`;
|
|
3027
|
+
const tokenResponse = await fetch("https://oauth2.googleapis.com/token", {
|
|
3028
|
+
method: "POST",
|
|
3029
|
+
headers: { "Content-Type": "application/x-www-form-urlencoded" },
|
|
3030
|
+
body: `grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=${jwt}`
|
|
3031
|
+
});
|
|
3032
|
+
if (!tokenResponse.ok) {
|
|
3033
|
+
const errText = await tokenResponse.text();
|
|
3034
|
+
throw new Error(`GCP SA token exchange failed: ${tokenResponse.status} ${errText}`);
|
|
3035
|
+
}
|
|
3036
|
+
const data = await tokenResponse.json();
|
|
3037
|
+
this.accessToken = data.access_token;
|
|
3038
|
+
this.tokenExpiry = Date.now() + data.expires_in * 1e3;
|
|
3039
|
+
return data.access_token;
|
|
3009
3040
|
}
|
|
3010
3041
|
}
|
|
3011
3042
|
/**
|