Use pure js crypto provider instead of web crypto provider (#256)

Also minor refactoring ot move json validation after rules
confluentinc · Feb 10, 2025 · 26710e6 · 26710e6
1 parent 82d5a08
commit 26710e6
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 14 deletions.
diff --git a/schemaregistry/rules/encryption/tink/aes_siv.ts b/schemaregistry/rules/encryption/tink/aes_siv.ts
@@ -6,8 +6,7 @@
 import {Aead} from './aead';
 
 // @ts-expect-error miscreant does not have types
-import {SIV, WebCryptoProvider} from "@hackbg/miscreant-esm";
-import * as crypto from 'crypto';
+import {SIV, SoftCryptoProvider} from "@hackbg/miscreant-esm";
 
 /**
  * Implementation of AES-SIV.
@@ -22,16 +21,16 @@ export class AesSiv extends Aead {
    */
   async encrypt(plaintext: Uint8Array, associatedData?: Uint8Array):
       Promise<Uint8Array> {
-    let key = await SIV.importKey(this.key, "AES-CMAC-SIV", new WebCryptoProvider(crypto));
-    return key.seal(plaintext, [associatedData]);
+    let key = await SIV.importKey(this.key, "AES-CMAC-SIV", new SoftCryptoProvider());
+    return key.seal(plaintext, associatedData != null ? [associatedData] : []);
   }
 
   /**
    */
   async decrypt(ciphertext: Uint8Array, associatedData?: Uint8Array):
       Promise<Uint8Array> {
-    let key = await SIV.importKey(this.key, "AES-CMAC-SIV", new WebCryptoProvider(crypto));
-    return key.open(ciphertext, [associatedData]);
+    let key = await SIV.importKey(this.key, "AES-CMAC-SIV", new SoftCryptoProvider());
+    return key.open(ciphertext, associatedData != null? [associatedData] : []);
   }
 }
 

diff --git a/schemaregistry/serde/json.ts b/schemaregistry/serde/json.ts
@@ -190,13 +190,6 @@ export class JsonDeserializer extends Deserializer implements JsonSerde {
     }
 
     const info = await this.getSchema(topic, payload)
-    if ((this.conf as JsonSerdeConfig).validate) {
-      const validate = await this.toValidateFunction(info)
-      if (validate != null && !validate(JSON.parse(payload.subarray(5).toString()))) {
-        throw new SerializationError('Invalid message')
-      }
-
-    }
     const subject = this.subjectName(topic, info)
     const readerMeta = await this.getReaderSchema(subject)
     let migrations: Migration[] = []
@@ -215,6 +208,12 @@ export class JsonDeserializer extends Deserializer implements JsonSerde {
       target = info
     }
     msg = this.executeRules(subject, topic, RuleMode.READ, null, target, msg, null)
+    if ((this.conf as JsonSerdeConfig).validate) {
+      const validate = await this.toValidateFunction(info)
+      if (validate != null && !validate(JSON.parse(msg))) {
+        throw new SerializationError('Invalid message')
+      }
+    }
     return msg
   }
 

diff --git a/schemaregistry/serde/serde.ts b/schemaregistry/serde/serde.ts
@@ -272,7 +272,7 @@ export abstract class Serializer extends Serde {
   async getId(topic: string, msg: any, info?: SchemaInfo, format?: string): Promise<[number, SchemaInfo]> {
     let autoRegister = this.config().autoRegisterSchemas
     let useSchemaId = this.config().useSchemaId
-    let useLatestWithMetadata = this.conf.useLatestWithMetadata
+    let useLatestWithMetadata = this.config().useLatestWithMetadata
     let useLatest = this.config().useLatestVersion
     let normalizeSchema = this.config().normalizeSchemas