@eudiplo/backend documentation
  1. Classes
  2. PublicJwkCache

File

src/crypto/key/kms/public-jwk-cache.ts

Description

Tiny TTL cache for public JWKs returned by external KMS providers.

Public keys are immutable for the lifetime of a given external key id, but key rotation may rebind the same logical id to a new physical key — so we cap entries to a short TTL (default 5 minutes) rather than relying on explicit invalidation alone.

Index

Properties
Methods

Constructor

constructor(ttlMs: unknown)
Defined in src/crypto/key/kms/public-jwk-cache.ts:16
Parameters :
Name Type Optional
ttlMs unknown No

Properties

Private Readonly entries
Type : unknown
Default value : new Map< string, { jwk: JWK; expiresAt: number } >()
Defined in src/crypto/key/kms/public-jwk-cache.ts:12
Private Readonly ttlMs
Type : number
Defined in src/crypto/key/kms/public-jwk-cache.ts:16

Methods

clear
clear()
Defined in src/crypto/key/kms/public-jwk-cache.ts:40
Returns : void
get
get(key: string)
Defined in src/crypto/key/kms/public-jwk-cache.ts:22
Parameters :
Name Type Optional
key string No
Returns : JWK | undefined
invalidate
invalidate(key: string)
Defined in src/crypto/key/kms/public-jwk-cache.ts:36
Parameters :
Name Type Optional
key string No
Returns : void
set
set(key: string, jwk: JWK)
Defined in src/crypto/key/kms/public-jwk-cache.ts:32
Parameters :
Name Type Optional
key string No
jwk JWK No
Returns : void 
import type { JWK } from "jose";

/**
 * Tiny TTL cache for public JWKs returned by external KMS providers.
 *
 * Public keys are immutable for the lifetime of a given external key id,
 * but key rotation may rebind the same logical id to a new physical key
 * — so we cap entries to a short TTL (default 5 minutes) rather than
 * relying on explicit invalidation alone.
 */
export class PublicJwkCache {
    private readonly entries = new Map<
        string,
        { jwk: JWK; expiresAt: number }
    >();
    private readonly ttlMs: number;

    constructor(ttlMs = 5 * 60 * 1000) {
        this.ttlMs = ttlMs;
    }

    get(key: string): JWK | undefined {
        const entry = this.entries.get(key);
        if (!entry) return undefined;
        if (entry.expiresAt < Date.now()) {
            this.entries.delete(key);
            return undefined;
        }
        return entry.jwk;
    }

    set(key: string, jwk: JWK): void {
        this.entries.set(key, { jwk, expiresAt: Date.now() + this.ttlMs });
    }

    invalidate(key: string): void {
        this.entries.delete(key);
    }

    clear(): void {
        this.entries.clear();
    }
}

results matching ""

    No results matching ""