diff --git a/kms/createKeyAsymmetricDecrypt.js b/kms/createKeyAsymmetricDecrypt.js index 6bfaee0522..e688fdbefa 100644 --- a/kms/createKeyAsymmetricDecrypt.js +++ b/kms/createKeyAsymmetricDecrypt.js @@ -47,6 +47,10 @@ async function main( versionTemplate: { algorithm: 'RSA_DECRYPT_OAEP_2048_SHA256', }, + + // Optional: customize how long key versions should be kept before + // destroying. + destroyScheduledDuration: {seconds: 60 * 60 * 24}, }, }); @@ -59,8 +63,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/createKeyAsymmetricSign.js b/kms/createKeyAsymmetricSign.js index 9d0314dc14..73a998984b 100644 --- a/kms/createKeyAsymmetricSign.js +++ b/kms/createKeyAsymmetricSign.js @@ -47,6 +47,10 @@ async function main( versionTemplate: { algorithm: 'RSA_SIGN_PKCS1_2048_SHA256', }, + + // Optional: customize how long key versions should be kept before + // destroying. + destroyScheduledDuration: {seconds: 60 * 60 * 24}, }, }); @@ -59,8 +63,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/createKeyHsm.js b/kms/createKeyHsm.js index 5ccdc94767..9592c3e770 100644 --- a/kms/createKeyHsm.js +++ b/kms/createKeyHsm.js @@ -48,6 +48,10 @@ async function main( algorithm: 'GOOGLE_SYMMETRIC_ENCRYPTION', protectionLevel: 'HSM', }, + + // Optional: customize how long key versions should be kept before + // destroying. + destroyScheduledDuration: {seconds: 60 * 60 * 24}, }, }); @@ -60,8 +64,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/createKeyLabels.js b/kms/createKeyLabels.js index 71460cf523..412eca44d8 100644 --- a/kms/createKeyLabels.js +++ b/kms/createKeyLabels.js @@ -63,8 +63,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/createKeyMac.js b/kms/createKeyMac.js new file mode 100644 index 0000000000..ce117b2be6 --- /dev/null +++ b/kms/createKeyMac.js @@ -0,0 +1,76 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +'use strict'; + +async function main( + projectId = 'my-project', + locationId = 'us-east1', + keyRingId = 'my-key-ring', + id = 'my-mac-key' +) { + // [START kms_create_key_mac] + // + // TODO(developer): Uncomment these variables before running the sample. + // + // const projectId = 'my-project'; + // const locationId = 'us-east1'; + // const keyRingId = 'my-key-ring'; + // const id = 'my-mac-key'; + + // Imports the Cloud KMS library + const {KeyManagementServiceClient} = require('@google-cloud/kms'); + + // Instantiates a client + const client = new KeyManagementServiceClient(); + + // Build the parent key ring name + const keyRingName = client.keyRingPath(projectId, locationId, keyRingId); + + async function createKeyMac() { + const [key] = await client.createCryptoKey({ + parent: keyRingName, + cryptoKeyId: id, + cryptoKey: { + purpose: 'MAC', + versionTemplate: { + algorithm: 'HMAC_SHA256', + }, + + // Optional: customize how long key versions should be kept before + // destroying. + destroyScheduledDuration: {seconds: 60 * 60 * 24}, + }, + }); + + console.log(`Created mac key: ${key.name}`); + return key; + } + + return createKeyMac(); + // [END kms_create_key_mac] +} +module.exports.main = main; + +/* c8 ignore next 10 */ +if (require.main === module) { + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); +} diff --git a/kms/createKeyRing.js b/kms/createKeyRing.js index 90820afa40..36b2110fa9 100644 --- a/kms/createKeyRing.js +++ b/kms/createKeyRing.js @@ -51,8 +51,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/createKeyRotationSchedule.js b/kms/createKeyRotationSchedule.js index 93d0d04c54..23f3d5fe44 100644 --- a/kms/createKeyRotationSchedule.js +++ b/kms/createKeyRotationSchedule.js @@ -69,8 +69,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/createKeySymmetricEncryptDecrypt.js b/kms/createKeySymmetricEncryptDecrypt.js index 6f1ab1df00..e4677347bd 100644 --- a/kms/createKeySymmetricEncryptDecrypt.js +++ b/kms/createKeySymmetricEncryptDecrypt.js @@ -59,8 +59,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/createKeyVersion.js b/kms/createKeyVersion.js index 03747cb7b0..5230f7638e 100644 --- a/kms/createKeyVersion.js +++ b/kms/createKeyVersion.js @@ -52,8 +52,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/decryptAsymmetric.js b/kms/decryptAsymmetric.js index ba96281367..d7bf5134e3 100644 --- a/kms/decryptAsymmetric.js +++ b/kms/decryptAsymmetric.js @@ -89,8 +89,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/decryptSymmetric.js b/kms/decryptSymmetric.js index 0401ed0351..0291717ab2 100644 --- a/kms/decryptSymmetric.js +++ b/kms/decryptSymmetric.js @@ -75,8 +75,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/destroyKeyVersion.js b/kms/destroyKeyVersion.js index b5511cc258..0a6571325b 100644 --- a/kms/destroyKeyVersion.js +++ b/kms/destroyKeyVersion.js @@ -60,8 +60,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/disableKeyVersion.js b/kms/disableKeyVersion.js index 976094c660..a16db8e2c4 100644 --- a/kms/disableKeyVersion.js +++ b/kms/disableKeyVersion.js @@ -66,8 +66,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/enableKeyVersion.js b/kms/enableKeyVersion.js index d73ade3e4f..dec512b380 100644 --- a/kms/enableKeyVersion.js +++ b/kms/enableKeyVersion.js @@ -66,8 +66,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/encryptAsymmetric.js b/kms/encryptAsymmetric.js index 45fd2c5d6a..bea1311c93 100644 --- a/kms/encryptAsymmetric.js +++ b/kms/encryptAsymmetric.js @@ -93,8 +93,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/encryptSymmetric.js b/kms/encryptSymmetric.js index 9158b04b8a..283492b111 100644 --- a/kms/encryptSymmetric.js +++ b/kms/encryptSymmetric.js @@ -77,8 +77,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/generateRandomBytes.js b/kms/generateRandomBytes.js new file mode 100644 index 0000000000..6f0dc17f58 --- /dev/null +++ b/kms/generateRandomBytes.js @@ -0,0 +1,65 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +'use strict'; + +async function main( + projectId = 'my-project', + locationId = 'us-east1', + numBytes = 256 +) { + // [START kms_generate_random_bytes] + // + // TODO(developer): Uncomment these variables before running the sample. + // + // const projectId = 'my-project'; + // const locationId = 'us-east1'; + // const numBytes = 256; + + // Imports the Cloud KMS library + const {KeyManagementServiceClient} = require('@google-cloud/kms'); + + // Instantiates a client + const client = new KeyManagementServiceClient(); + + // Build the location name + const locationName = client.locationPath(projectId, locationId); + + async function generateRandomBytes() { + const [randomBytesResponse] = await client.generateRandomBytes({ + location: locationName, + lengthBytes: numBytes, + protectionLevel: 'HSM', + }); + + console.log(`Random bytes: ${randomBytesResponse.data.toString('base64')}`); + return randomBytesResponse; + } + + return generateRandomBytes(); + // [END kms_generate_random_bytes] +} +module.exports.main = main; + +/* c8 ignore next 10 */ +if (require.main === module) { + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); +} diff --git a/kms/getKeyLabels.js b/kms/getKeyLabels.js index 728b124e2c..bee79d4833 100644 --- a/kms/getKeyLabels.js +++ b/kms/getKeyLabels.js @@ -55,8 +55,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/getKeyVersionAttestation.js b/kms/getKeyVersionAttestation.js index dbd621e6b5..4674873e43 100644 --- a/kms/getKeyVersionAttestation.js +++ b/kms/getKeyVersionAttestation.js @@ -67,8 +67,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/getPublicKey.js b/kms/getPublicKey.js index d70a337de8..f47a9f7803 100644 --- a/kms/getPublicKey.js +++ b/kms/getPublicKey.js @@ -71,8 +71,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/iamAddMember.js b/kms/iamAddMember.js index 4010167c0a..7ab63acddf 100644 --- a/kms/iamAddMember.js +++ b/kms/iamAddMember.js @@ -75,8 +75,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/iamGetPolicy.js b/kms/iamGetPolicy.js index c28bd3e2ea..bccabc8042 100644 --- a/kms/iamGetPolicy.js +++ b/kms/iamGetPolicy.js @@ -67,8 +67,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/iamRemoveMember.js b/kms/iamRemoveMember.js index b920ef7954..2f6f2cd9e9 100644 --- a/kms/iamRemoveMember.js +++ b/kms/iamRemoveMember.js @@ -82,8 +82,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/quickstart.js b/kms/quickstart.js index 503a8dcddf..9253bd221d 100644 --- a/kms/quickstart.js +++ b/kms/quickstart.js @@ -48,8 +48,14 @@ async function main(projectId = 'my-project', locationId = 'us-east1') { } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/restoreKeyVersion.js b/kms/restoreKeyVersion.js index e2121f6d63..f4366a0d7c 100644 --- a/kms/restoreKeyVersion.js +++ b/kms/restoreKeyVersion.js @@ -60,8 +60,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/signAsymmetric.js b/kms/signAsymmetric.js index 08b40d9df5..3b6dd0aa5b 100644 --- a/kms/signAsymmetric.js +++ b/kms/signAsymmetric.js @@ -101,8 +101,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/signMac.js b/kms/signMac.js new file mode 100644 index 0000000000..69a800b817 --- /dev/null +++ b/kms/signMac.js @@ -0,0 +1,82 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +'use strict'; + +async function main( + projectId = 'your-project-id', + locationId = 'us-east1', + keyRingId = 'my-key-ring', + keyId = 'my-key', + versionId = '123', + data = Buffer.from('...') +) { + // [START kms_sign_mac] + // + // TODO(developer): Uncomment these variables before running the sample. + // + // const projectId = 'your-project-id'; + // const locationId = 'us-east1'; + // const keyRingId = 'my-key-ring'; + // const keyId = 'my-key'; + // const versionId = '123'; + // const data = Buffer.from('...'); + + // Imports the Cloud KMS library + const {KeyManagementServiceClient} = require('@google-cloud/kms'); + + // Instantiates a client + const client = new KeyManagementServiceClient(); + + // Build the version name + const versionName = client.cryptoKeyVersionPath( + projectId, + locationId, + keyRingId, + keyId, + versionId + ); + + async function signMac() { + // Sign the data with Cloud KMS + const [signResponse] = await client.macSign({ + name: versionName, + data: data, + }); + + // Example of how to display signature. Because the signature is in a binary + // format, you need to encode the output before printing it to a console or + // displaying it on a screen. + const encoded = signResponse.mac.toString('base64'); + console.log(`Signature: ${encoded}`); + + return signResponse; + } + + return signMac(); + // [END kms_sign_mac] +} +module.exports.main = main; + +/* c8 ignore next 10 */ +if (require.main === module) { + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); +} diff --git a/kms/test/kms.test.js b/kms/test/kms.test.js index 5bda07cc7e..57eeb776a7 100644 --- a/kms/test/kms.test.js +++ b/kms/test/kms.test.js @@ -30,6 +30,7 @@ const asymmetricSignEcKeyId = v4(); const asymmetricSignRsaKeyId = v4(); const hsmKeyId = v4(); const symmetricKeyId = v4(); +const hmacKeyId = v4(); const nodeMajorVersion = parseInt(process.version.match(/v?(\d+).*/)[1]); @@ -181,6 +182,31 @@ describe('Cloud KMS samples', () => { ), 'ENABLED' ); + + await client.createCryptoKey({ + parent: client.keyRingPath(projectId, locationId, keyRingId), + cryptoKeyId: hmacKeyId, + cryptoKey: { + purpose: 'MAC', + versionTemplate: { + algorithm: 'HMAC_SHA256', + }, + labels: { + foo: 'bar', + zip: 'zap', + }, + }, + }); + await waitForState( + client.cryptoKeyVersionPath( + projectId, + locationId, + keyRingId, + hmacKeyId, + 1 + ), + 'ENABLED' + ); }); beforeEach(async () => { @@ -255,6 +281,13 @@ describe('Cloud KMS samples', () => { assert.equal(key.labels.cost_center, 'cc1234'); }); + it('creates mac keys', async () => { + const sample = require('../createKeyMac'); + const key = await sample.main(projectId, locationId, keyRingId, v4()); + assert.equal(key.purpose, 'MAC'); + assert.equal(key.versionTemplate.algorithm, 'HMAC_SHA256'); + }); + it('creates key rings', async () => { const sample = require('../createKeyRing'); const keyRing = await sample.main(projectId, locationId, v4()); @@ -452,6 +485,12 @@ describe('Cloud KMS samples', () => { assert.equal(decryptResponse.plaintext.toString('utf8'), plaintext); }); + it('generates random bytes', async () => { + const sample = require('../generateRandomBytes'); + const result = await sample.main(projectId, locationId, 256); + assert.equal(result.data.length, 256); + }); + it('gets keys with labels', async () => { const sample = require('../getKeyLabels'); const key = await sample.main( @@ -626,6 +665,34 @@ describe('Cloud KMS samples', () => { assert.isTrue(verified); }); + it('signs with mac keys', async () => { + const data = 'my data'; + + const sample = require('../signMac'); + const result = await sample.main( + projectId, + locationId, + keyRingId, + hmacKeyId, + 1, + Buffer.from(data) + ); + + const [verifyResponse] = await client.macVerify({ + name: client.cryptoKeyVersionPath( + projectId, + locationId, + keyRingId, + hmacKeyId, + 1 + ), + data: Buffer.from(data), + mac: result.mac, + }); + + assert.isTrue(verifyResponse.success); + }); + it('adds rotation schedules', async () => { const sample = require('../updateKeyAddRotation'); const key = await sample.main( @@ -757,4 +824,32 @@ describe('Cloud KMS samples', () => { assert.isTrue(verified); }); + + it('verifies with mac keys', async () => { + const data = 'my data'; + + const [signResponse] = await client.macSign({ + name: client.cryptoKeyVersionPath( + projectId, + locationId, + keyRingId, + hmacKeyId, + 1 + ), + data: Buffer.from(data), + }); + + const sample = require('../verifyMac'); + const result = await sample.main( + projectId, + locationId, + keyRingId, + hmacKeyId, + 1, + Buffer.from(data), + signResponse.mac + ); + + assert.isTrue(result.success); + }); }); diff --git a/kms/updateKeyAddRotation.js b/kms/updateKeyAddRotation.js index d00bca8dac..634675bc31 100644 --- a/kms/updateKeyAddRotation.js +++ b/kms/updateKeyAddRotation.js @@ -68,8 +68,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/updateKeyRemoveLabels.js b/kms/updateKeyRemoveLabels.js index 6981ea1322..bef2b533cf 100644 --- a/kms/updateKeyRemoveLabels.js +++ b/kms/updateKeyRemoveLabels.js @@ -59,8 +59,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/updateKeyRemoveRotation.js b/kms/updateKeyRemoveRotation.js index fcd5ae8210..2e355f06c4 100644 --- a/kms/updateKeyRemoveRotation.js +++ b/kms/updateKeyRemoveRotation.js @@ -59,8 +59,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/updateKeySetPrimary.js b/kms/updateKeySetPrimary.js index 5da1768dc6..046de0b24b 100644 --- a/kms/updateKeySetPrimary.js +++ b/kms/updateKeySetPrimary.js @@ -55,8 +55,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/updateKeyUpdateLabels.js b/kms/updateKeyUpdateLabels.js index 2325994df3..d23ef89500 100644 --- a/kms/updateKeyUpdateLabels.js +++ b/kms/updateKeyUpdateLabels.js @@ -61,8 +61,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/verifyAsymmetricEc.js b/kms/verifyAsymmetricEc.js index 71b6b1ae49..ce0c3997cf 100644 --- a/kms/verifyAsymmetricEc.js +++ b/kms/verifyAsymmetricEc.js @@ -77,8 +77,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/verifyAsymmetricRsa.js b/kms/verifyAsymmetricRsa.js index 7fef55e94d..d380355c42 100644 --- a/kms/verifyAsymmetricRsa.js +++ b/kms/verifyAsymmetricRsa.js @@ -78,8 +78,14 @@ async function main( } module.exports.main = main; -/* c8 ignore next 4 */ +/* c8 ignore next 10 */ if (require.main === module) { - const args = process.argv.slice(2); - main(...args).catch(console.error); + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); } diff --git a/kms/verifyMac.js b/kms/verifyMac.js new file mode 100644 index 0000000000..fa880d493c --- /dev/null +++ b/kms/verifyMac.js @@ -0,0 +1,80 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +'use strict'; + +async function main( + projectId = 'your-project-id', + locationId = 'us-east1', + keyRingId = 'my-key-ring', + keyId = 'my-key', + versionId = '123', + data = Buffer.from('...'), + signature = Buffer.from('...') +) { + // [START kms_verify_mac] + // + // TODO(developer): Uncomment these variables before running the sample. + // + // const projectId = 'your-project-id'; + // const locationId = 'us-east1'; + // const keyRingId = 'my-key-ring'; + // const keyId = 'my-key'; + // const versionId = '123'; + // const data = Buffer.from('...'); + // const signature = Buffer.from('...'); + + // Imports the Cloud KMS library + const {KeyManagementServiceClient} = require('@google-cloud/kms'); + + // Instantiates a client + const client = new KeyManagementServiceClient(); + + // Build the version name + const versionName = client.cryptoKeyVersionPath( + projectId, + locationId, + keyRingId, + keyId, + versionId + ); + + async function verifyMac() { + // Verify the data with Cloud KMS + const [verifyResponse] = await client.macVerify({ + name: versionName, + data: data, + mac: signature, + }); + + console.log(`Verified: ${verifyResponse.success}`); + return verifyResponse; + } + + return verifyMac(); + // [END kms_verify_mac] +} +module.exports.main = main; + +/* c8 ignore next 10 */ +if (require.main === module) { + main(...process.argv.slice(2)).catch(err => { + console.error(err.message); + process.exitCode = 1; + }); + process.on('unhandledRejection', err => { + console.error(err.message); + process.exitCode = 1; + }); +}