Added support for in-memory wallet (Issue #1671)

sharadraju · sharadraju · commit 23cef6962e22 · 2024-07-15T12:28:03.000+05:30
diff --git a/doc/src/release_notes.rst b/doc/src/release_notes.rst
@@ -13,6 +13,12 @@ node-oracledb `v6.6.0 <https://github.com/oracle/node-oracledb/compare/v6.5.1...
 Thin Mode Changes
 +++++++++++++++++
 
+#)  Added support for in-memory wallet by adding a new parameter ``walletContent``
+    of the type ``string`` which will let users pass the wallet content directly instead
+    of storing and reading it up from a file. 
+    `Issue #1671 <https://github.com/oracle/node-oracledb/issues/
+    1671>`__.
+    
 #)  Added support to use ``IFILE`` parameter to embed custom
     network configuration files in the :ref:`tnsnames.ora <tnsadmin>` file.
 
diff --git a/lib/oracledb.js b/lib/oracledb.js
@@ -177,6 +177,13 @@ async function _verifyOptions(options, inCreatePool) {
     outOptions.walletLocation = options.walletLocation;
   }
 
+  //wallet content must be a string
+  if (options.walletContent !== undefined) {
+    errors.assertParamPropValue(typeof options.walletContent === 'string', 1,
+      "walletContent");
+    outOptions.walletContent = options.walletContent;
+  }
+
   // edition must be a string
   if (options.edition !== undefined) {
     errors.assertParamPropValue(typeof options.edition === 'string', 1,
diff --git a/lib/thin/pool.js b/lib/thin/pool.js
@@ -64,6 +64,7 @@ class ThinPoolImpl extends PoolImpl {
     this._usedConnectionList = new Set();
     this._password = params.password;
     this._walletPassword = params.walletPassword;
+    this._walletContent = params.walletContent;
     this._obfuscatedPassword = [];
     this._obfuscatedWalletPassword = [];
     this._token = params.token;
@@ -88,6 +89,13 @@ class ThinPoolImpl extends PoolImpl {
       this._obfuscatedWalletPassword = obj.obfuscatedValue;
       this._userConfig.walletPassword = null;
     }
+    // wallet content obfuscation
+    if (this._walletContent !== undefined) {
+      const obj = protocolUtil.setObfuscatedValue(this._walletContent);
+      this._walletContent = obj.value;
+      this._obfuscatedWalletContent = obj.obfuscatedValue;
+      this._userConfig.walletConent = null;
+    }
     // token obfuscation
     if (this._token !== undefined) {
       const obj = protocolUtil.setObfuscatedValue(this._token);
@@ -172,6 +180,13 @@ class ThinPoolImpl extends PoolImpl {
           this._obfuscatedWalletPassword);
     }
 
+    // deobfuscate wallet content
+    if (clonedAttrs.walletContent === null) {
+      clonedAttrs.walletContent =
+            protocolUtil.getDeobfuscatedValue(this._walletContent,
+              this._obfuscatedWalletContent);
+    }
+
     // deobfuscate token and private key
     // check for token expiry
     if (clonedAttrs.token === null) {
diff --git a/lib/thin/sqlnet/networkSession.js b/lib/thin/sqlnet/networkSession.js
@@ -301,7 +301,7 @@ class NetworkSession {
     this.markerPkt = new Packet.MarkerPacket(this.sAtts.largeSDU);
     this.controlPkt = new Packet.ControlPacket();
     this.ntAdapter.largeSDU = this.sAtts.largeSDU;
-    this.sAtts.nt.wallet = null;
+    this.sAtts.clearWallet();
     this.sAtts.nt.walletPassword = null;
     return (true);
   }
@@ -328,6 +328,7 @@ class NetworkSession {
           this.ntAdapter.disconnect(constants.NSFIMM);
           this.ntAdapter = null;
         }
+        this.sAtts.clearWallet();
         connected = false;
         savedErr = err;
         try {
diff --git a/lib/thin/sqlnet/sessionAtts.js b/lib/thin/sqlnet/sessionAtts.js
@@ -77,6 +77,9 @@ class SessionAtts {
       if (typeof params.walletPassword === 'string') {
         this.nt.walletPassword = params.walletPassword;
       }
+      if (typeof params.walletContent === 'string') {
+        this.nt.wallet = params.walletContent;
+      }
       if (params.expireTime > 0) {
         this.nt.expireTime = params.expireTime * 1000 * 60;
       }
@@ -135,6 +138,15 @@ class SessionAtts {
     });
   }
 
+  /**
+   * Clear wallet
+   */
+  clearWallet() {
+    if (this.nt.wallet && Buffer.isBuffer(this.nt.wallet))
+      this.nt.wallet.fill(0);
+    this.nt.wallet = null;
+  }
+
   /**
    * Prepare attributes for connection, Generate Connection ID and read Wallet file
    *
@@ -151,7 +163,7 @@ class SessionAtts {
     }
     this.nt.connectionId = this.connectionId;
 
-    if (protocol && (protocol.toUpperCase() == "TCPS" && this.nt.walletFile)) {
+    if (protocol && (protocol.toUpperCase() == "TCPS" && !this.nt.wallet && this.nt.walletFile)) {
       this.nt.wallet = await this.readWalletFile();
     }
 

Original file line number	Diff line number	Diff line change
`@@ -77,6 +77,9 @@ class SessionAtts {`
`77`	`77`	`if (typeof params.walletPassword === 'string') {`
`78`	`78`	`this.nt.walletPassword = params.walletPassword;`
`79`	`79`	`}`
	`80`	`+ if (typeof params.walletContent === 'string') {`
	`81`	`+ this.nt.wallet = params.walletContent;`
	`82`	`+ }`
`80`	`83`	`if (params.expireTime > 0) {`
`81`	`84`	`this.nt.expireTime = params.expireTime * 1000 * 60;`
`82`	`85`	`}`
`@@ -135,6 +138,15 @@ class SessionAtts {`
`135`	`138`	`});`
`136`	`139`	`}`
`137`	`140`
	`141`	`+ /**`
	`142`	`+ * Clear wallet`
	`143`	`+ */`
	`144`	`+ clearWallet() {`
	`145`	`+ if (this.nt.wallet && Buffer.isBuffer(this.nt.wallet))`
	`146`	`+ this.nt.wallet.fill(0);`
	`147`	`+ this.nt.wallet = null;`
	`148`	`+ }`
	`149`	`+`
`138`	`150`	`/**`
`139`	`151`	`* Prepare attributes for connection, Generate Connection ID and read Wallet file`
`140`	`152`	`*`
`@@ -151,7 +163,7 @@ class SessionAtts {`
`151`	`163`	`}`
`152`	`164`	`this.nt.connectionId = this.connectionId;`
`153`	`165`
`154`		`- if (protocol && (protocol.toUpperCase() == "TCPS" && this.nt.walletFile)) {`
	`166`	`+ if (protocol && (protocol.toUpperCase() == "TCPS" && !this.nt.wallet && this.nt.walletFile)) {`
`155`	`167`	`this.nt.wallet = await this.readWalletFile();`
`156`	`168`	`}`
`157`	`169`