@@ -507,6 +507,114 @@ class Config extends EventEmitter {
507507 return kmsAWS ;
508508 }
509509
510+ _parseKmipTransport ( transportKmip ) {
511+ const transport = {
512+ /** Specify the request pipeline depth here.
513+ * If for some reason the server sends the replies
514+ * out of order and confuses the client, a value of 1
515+ * should be a convenient workaround for a server side bug.
516+ * The default value of 8 is fine and there is almost no
517+ * benefit to tune this value for performance improvement.
518+ * Note: 0 is not an appropriate value and will fall back to 1.
519+ */
520+ pipelineDepth : process . env . S3KMIP_PIPELINE_DEPTH || 8 ,
521+ tls : {
522+ port : process . env . S3KMIP_PORT || 5696 ,
523+ // ignore multiple hosts via env
524+ // prefer array of transport in config file
525+ // for customization per host
526+ host : process . env . S3KMIP_HOSTS || process . env . S3KMIP_HOST ,
527+ key : this . _loadTlsFile ( process . env . S3KMIP_KEY || undefined ) ,
528+ cert : this . _loadTlsFile ( process . env . S3KMIP_CERT ||
529+ undefined ) ,
530+ ca : ( process . env . S3KMIP_CA
531+ ? process . env . S3KMIP_CA . split ( ',' )
532+ : [ ] ) . map ( ca => this . _loadTlsFile ( ca ) ) ,
533+ } ,
534+ } ;
535+ if ( transportKmip . pipelineDepth ) {
536+ assert ( typeof transportKmip . pipelineDepth === 'number' ) ;
537+ transport . pipelineDepth = transportKmip . pipelineDepth ;
538+ }
539+ if ( transportKmip . tls ) {
540+ const { host, port, key, cert, ca } = transportKmip . tls ;
541+ if ( ! ! key !== ! ! cert ) {
542+ throw new Error ( 'bad config: KMIP TLS certificate ' +
543+ 'and key must come along' ) ;
544+ }
545+ if ( port ) {
546+ assert ( typeof port === 'number' ,
547+ 'bad config: KMIP TLS Port must be a number' ) ;
548+ transport . tls . port = port ;
549+ }
550+ if ( host ) {
551+ assert ( typeof host === 'string' ,
552+ 'bad config: KMIP TLS Host must be a string' ) ;
553+ transport . tls . host = host ;
554+ }
555+ if ( key ) {
556+ transport . tls . key = this . _loadTlsFile ( key ) ;
557+ }
558+ if ( cert ) {
559+ transport . tls . cert = this . _loadTlsFile ( cert ) ;
560+ }
561+ if ( Array . isArray ( ca ) ) {
562+ transport . tls . ca = ca . map ( ca => this . _loadTlsFile ( ca ) ) ;
563+ } else {
564+ transport . tls . ca = this . _loadTlsFile ( ca ) ;
565+ }
566+ }
567+ return transport ;
568+ }
569+
570+ _parseKmsKmip ( config ) {
571+ this . kmip = {
572+ client : {
573+ /** Enable this option if the KMIP Server supports
574+ * Create and Activate in one operation.
575+ * Leave it disabled to prevent clock desynchronisation
576+ * issues because the two steps creation uses server's
577+ * time for `now' instead of client specified activation date
578+ * which also targets the present instant.
579+ */
580+ compoundCreateActivate :
581+ ( process . env . S3KMIP_COMPOUND_CREATE === 'true' ) || false ,
582+ /** Set the bucket name attribute name here if the KMIP
583+ * server supports storing custom attributes along
584+ * with the keys.
585+ */
586+ bucketNameAttributeName :
587+ process . env . S3KMIP_BUCKET_ATTRIBUTE_NAME || '' ,
588+ } ,
589+ transport : this . _parseKmipTransport ( { } ) ,
590+ } ;
591+ if ( config . kmip ) {
592+ if ( config . kmip . client ) {
593+ if ( config . kmip . client . compoundCreateActivate ) {
594+ assert ( typeof config . kmip . client . compoundCreateActivate ===
595+ 'boolean' ) ;
596+ this . kmip . client . compoundCreateActivate =
597+ config . kmip . client . compoundCreateActivate ;
598+ }
599+ if ( config . kmip . client . bucketNameAttributeName ) {
600+ assert ( typeof config . kmip . client . bucketNameAttributeName ===
601+ 'string' ) ;
602+ this . kmip . client . bucketNameAttributeName =
603+ config . kmip . client . bucketNameAttributeName ;
604+ }
605+ }
606+ if ( config . kmip . transport ) {
607+ if ( Array . isArray ( config . kmip . transport ) ) {
608+ this . kmip . transport = config . kmip . transport . map ( t =>
609+ this . _parseKmipTransport ( t ) ) ;
610+ } else {
611+ this . kmip . transport =
612+ this . _parseKmipTransport ( config . kmip . transport ) ;
613+ }
614+ }
615+ }
616+ }
617+
510618 _getLocationConfig ( ) {
511619 let locationConfig ;
512620 try {
@@ -1055,110 +1163,7 @@ class Config extends EventEmitter {
10551163 }
10561164 }
10571165
1058- this . kmip = {
1059- client : {
1060- /* Enable this option if the KMIP Server supports
1061- * Create and Activate in one operation.
1062- * Leave it disabled to prevent clock desynchronisation
1063- * issues because the two steps creation uses server's
1064- * time for `now' instead of client specified activation date
1065- * which also targets the present instant.
1066- */
1067- compoundCreateActivate :
1068- ( process . env . S3KMIP_COMPOUND_CREATE === 'true' ) || false ,
1069- /* Set the bucket name attribute name here if the KMIP
1070- * server supports storing custom attributes along
1071- * with the keys.
1072- */
1073- bucketNameAttributeName :
1074- process . env . S3KMIP_BUCKET_ATTRIBUTE_NAME || '' ,
1075- } ,
1076- transport : {
1077- /* Specify the request pipeline depth here.
1078- * If for some reason the server sends the replies
1079- * out of order and confuses the client, a value of 1
1080- * should be a convenient workaround for a server side bug.
1081- * The default value of 8 is fine and there is almost no
1082- * benefit to tune this value for performance improvement.
1083- * Note: 0 is not an appropriate value and will fall back to 1.
1084- */
1085- pipelineDepth : process . env . S3KMIP_PIPELINE_DEPTH || 8 ,
1086- tls : {
1087- port : process . env . S3KMIP_PORT || 5696 ,
1088- /* TODO: HA is not implmented yet.
1089- * The code expects only one host, but the
1090- * configuration already permits to provide
1091- * plenty of them (separated with commas).
1092- * This comment must be removed, the
1093- * S3KMIP_HOSTS must be split and transformed
1094- * into an array of strings. And the 'host' attribute
1095- * must become 'hosts'
1096- */
1097- host : process . env . S3KMIP_HOSTS ,
1098- key : this . _loadTlsFile ( process . env . S3KMIP_KEY || undefined ) ,
1099- cert : this . _loadTlsFile ( process . env . S3KMIP_CERT ||
1100- undefined ) ,
1101- ca : ( process . env . S3KMIP_CA
1102- ? process . env . S3KMIP_CA . split ( ',' )
1103- : [ ] ) . map ( ca => this . _loadTlsFile ( ca ) ) ,
1104- } ,
1105- } ,
1106- } ;
1107- if ( config . kmip ) {
1108- if ( config . kmip . client ) {
1109- if ( config . kmip . client . compoundCreateActivate ) {
1110- assert ( typeof config . kmip . client . compoundCreateActivate ===
1111- 'boolean' ) ;
1112- this . kmip . client . compoundCreateActivate =
1113- config . kmip . client . compoundCreateActivate ;
1114- }
1115- if ( config . kmip . client . bucketNameAttributeName ) {
1116- assert ( typeof config . kmip . client . bucketNameAttributeName ===
1117- 'string' ) ;
1118- this . kmip . client . bucketNameAttributeName =
1119- config . kmip . client . bucketNameAttributeName ;
1120- }
1121- }
1122- if ( config . kmip . transport ) {
1123- if ( config . kmip . transport . pipelineDepth ) {
1124- assert ( typeof config . kmip . transport . pipelineDepth ===
1125- 'number' ) ;
1126- this . kmip . transport . pipelineDepth =
1127- config . kmip . transport . pipelineDepth ;
1128- }
1129- if ( config . kmip . transport . tls ) {
1130- const { host, port, key, cert, ca } =
1131- config . kmip . transport . tls ;
1132- if ( ! ! key !== ! ! cert ) {
1133- throw new Error ( 'bad config: KMIP TLS certificate ' +
1134- 'and key must come along' ) ;
1135- }
1136- if ( port ) {
1137- assert ( typeof port === 'number' ,
1138- 'bad config: KMIP TLS Port must be a number' ) ;
1139- this . kmip . transport . tls . port = port ;
1140- }
1141- if ( host ) {
1142- assert ( typeof host === 'string' ,
1143- 'bad config: KMIP TLS Host must be a string' ) ;
1144- this . kmip . transport . tls . host = host ;
1145- }
1146-
1147- if ( key ) {
1148- this . kmip . transport . tls . key = this . _loadTlsFile ( key ) ;
1149- }
1150- if ( cert ) {
1151- this . kmip . transport . tls . cert = this . _loadTlsFile ( cert ) ;
1152- }
1153- if ( Array . isArray ( ca ) ) {
1154- this . kmip . transport . tls . ca = ca . map ( ca => this . _loadTlsFile ( ca ) ) ;
1155- } else {
1156- this . kmip . transport . tls . ca = this . _loadTlsFile ( ca ) ;
1157- }
1158- }
1159- }
1160- }
1161-
1166+ this . _parseKmsKmip ( config ) ;
11621167 this . kmsAWS = this . _parseKmsAWS ( config ) ;
11631168
11641169 const globalEncryptionEnabled = config . globalEncryptionEnabled ;
0 commit comments