@etcsec-com/etc-collector 1.4.0

package/dist/services/audit/response-formatter.js

@@ -0,0 +1,240 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.formatADAuditResponse = formatADAuditResponse;
+const type_name_normalizer_1 = require("../../utils/type-name-normalizer");
+function classifyAccountsFinding(finding) {
+    const type = finding.type.toUpperCase();
+    if (type.includes('DISABLED') ||
+        type.includes('INACTIVE') ||
+        type.includes('EXPIRED') ||
+        type.includes('NEVER_LOGGED') ||
+        type.includes('LOCKED')) {
+        return 'status';
+    }
+    if (type.includes('ADMIN') ||
+        type.includes('PROTECTED_USERS') ||
+        type.includes('DOMAIN_CONTROLLER') ||
+        type.includes('ENTERPRISE_ADMIN') ||
+        type.includes('SCHEMA_ADMIN') ||
+        type.includes('SENSITIVE_DELEGATION')) {
+        return 'privileged';
+    }
+    if (type.includes('SERVICE') ||
+        type.includes('SPN') ||
+        type.includes('DELEGATION') ||
+        type.includes('CONSTRAINED') ||
+        type.includes('UNCONSTRAINED') ||
+        type.includes('RBCD')) {
+        return 'service';
+    }
+    return 'dangerous';
+}
+function toSectionFinding(finding) {
+    const result = {
+        type: (0, type_name_normalizer_1.normalizeTypeName)(finding.type),
+        severity: finding.severity,
+        title: finding.title,
+        description: finding.description,
+        count: finding.count,
+    };
+    if (finding.totalInstances !== undefined && finding.totalInstances !== finding.count) {
+        result.totalInstances = finding.totalInstances;
+    }
+    if (finding.affectedEntities && finding.affectedEntities.length > 0) {
+        result.affectedEntities = finding.affectedEntities;
+    }
+    if (finding.details && Object.keys(finding.details).length > 0) {
+        result.details = finding.details;
+    }
+    return result;
+}
+function createEmptySection() {
+    return { total: 0, findings: [] };
+}
+function formatDuration(ms) {
+    if (ms < 1000) {
+        return `${ms}ms`;
+    }
+    const seconds = ms / 1000;
+    if (seconds < 60) {
+        return `${seconds.toFixed(2)}s`;
+    }
+    const minutes = Math.floor(seconds / 60);
+    const remainingSeconds = seconds % 60;
+    return `${minutes}m ${remainingSeconds.toFixed(0)}s`;
+}
+function extractDomainName(baseDN) {
+    const parts = baseDN.match(/DC=([^,]+)/gi);
+    if (!parts)
+        return baseDN;
+    return parts.map((p) => p.replace(/DC=/i, '')).join('.');
+}
+function formatADAuditResponse(score, findings, stats, context) {
+    const security = {
+        passwords: createEmptySection(),
+        kerberos: createEmptySection(),
+        advanced: createEmptySection(),
+    };
+    const accounts = {
+        status: createEmptySection(),
+        privileged: createEmptySection(),
+        service: createEmptySection(),
+        dangerous: createEmptySection(),
+    };
+    const groups = createEmptySection();
+    const computers = createEmptySection();
+    const permissions = createEmptySection();
+    const temporal = createEmptySection();
+    const extendedConfig = createEmptySection();
+    const adcs = createEmptySection();
+    const gpoSecurity = createEmptySection();
+    const trustsAnalysis = createEmptySection();
+    for (const finding of findings) {
+        const sectionFinding = toSectionFinding(finding);
+        switch (finding.category) {
+            case 'passwords':
+                security.passwords.findings.push(sectionFinding);
+                security.passwords.total += finding.count;
+                break;
+            case 'kerberos':
+                security.kerberos.findings.push(sectionFinding);
+                security.kerberos.total += finding.count;
+                break;
+            case 'advanced':
+                security.advanced.findings.push(sectionFinding);
+                security.advanced.total += finding.count;
+                break;
+            case 'accounts': {
+                const subCategory = classifyAccountsFinding(finding);
+                accounts[subCategory].findings.push(sectionFinding);
+                accounts[subCategory].total += finding.count;
+                break;
+            }
+            case 'groups':
+                groups.findings.push(sectionFinding);
+                groups.total += finding.count;
+                break;
+            case 'computers':
+                computers.findings.push(sectionFinding);
+                computers.total += finding.count;
+                break;
+            case 'permissions':
+                permissions.findings.push(sectionFinding);
+                permissions.total += finding.count;
+                break;
+            case 'config':
+                extendedConfig.findings.push(sectionFinding);
+                extendedConfig.total += finding.count;
+                break;
+            case 'adcs':
+                adcs.findings.push(sectionFinding);
+                adcs.total += finding.count;
+                break;
+            case 'gpo':
+                gpoSecurity.findings.push(sectionFinding);
+                gpoSecurity.total += finding.count;
+                break;
+            case 'trusts':
+                trustsAnalysis.findings.push(sectionFinding);
+                trustsAnalysis.total += finding.count;
+                break;
+            default:
+                extendedConfig.findings.push(sectionFinding);
+                extendedConfig.total += finding.count;
+        }
+        const type = finding.type.toUpperCase();
+        if (type.includes('STALE') ||
+            type.includes('OLD_') ||
+            type.includes('_AGE') ||
+            type.includes('LAST_SET') ||
+            type.includes('_DAYS')) {
+            temporal.findings.push(sectionFinding);
+            temporal.total += finding.count;
+        }
+    }
+    const sortFindings = (a, b) => {
+        const severityOrder = { critical: 0, high: 1, medium: 2, low: 3 };
+        if (severityOrder[a.severity] !== severityOrder[b.severity]) {
+            return severityOrder[a.severity] - severityOrder[b.severity];
+        }
+        return b.count - a.count;
+    };
+    security.passwords.findings.sort(sortFindings);
+    security.kerberos.findings.sort(sortFindings);
+    security.advanced.findings.sort(sortFindings);
+    accounts.status.findings.sort(sortFindings);
+    accounts.privileged.findings.sort(sortFindings);
+    accounts.service.findings.sort(sortFindings);
+    accounts.dangerous.findings.sort(sortFindings);
+    groups.findings.sort(sortFindings);
+    computers.findings.sort(sortFindings);
+    permissions.findings.sort(sortFindings);
+    temporal.findings.sort(sortFindings);
+    extendedConfig.findings.sort(sortFindings);
+    adcs.findings.sort(sortFindings);
+    gpoSecurity.findings.sort(sortFindings);
+    trustsAnalysis.findings.sort(sortFindings);
+    return {
+        success: true,
+        provider: 'active-directory',
+        audit: {
+            metadata: {
+                provider: 'active-directory',
+                domain: {
+                    name: extractDomainName(context.domain.baseDN),
+                    baseDN: context.domain.baseDN,
+                    ldapUrl: context.domain.ldapUrl,
+                },
+                options: {
+                    includeDetails: context.options.includeDetails,
+                    includeComputers: context.options.includeComputers ?? true,
+                    includeConfig: context.options.includeConfig ?? true,
+                },
+                execution: {
+                    timestamp: context.timestamp.toISOString(),
+                    duration: formatDuration(context.executionTimeMs),
+                },
+            },
+            summary: {
+                objects: {
+                    users: stats.totalUsers,
+                    users_enabled: stats.enabledUsers,
+                    users_disabled: stats.disabledUsers,
+                    groups: stats.totalGroups,
+                    ous: stats.totalOUs,
+                    computers: stats.totalComputers,
+                },
+                risk: {
+                    score: score.score,
+                    rating: score.rating,
+                    findings: {
+                        critical: score.findings.critical,
+                        high: score.findings.high,
+                        medium: score.findings.medium,
+                        low: score.findings.low,
+                        total: score.findings.total,
+                        ...((() => {
+                            const totalInstances = findings.reduce((sum, f) => sum + (f.totalInstances ?? f.count), 0);
+                            return totalInstances !== score.findings.total
+                                ? { totalInstances }
+                                : {};
+                        })()),
+                    },
+                },
+            },
+            security,
+            accounts,
+            groups,
+            computers,
+            permissions,
+            temporal,
+            extendedConfig,
+            adcs,
+            gpoSecurity,
+            trustsAnalysis,
+            ...(context.domainConfig && { domainConfig: context.domainConfig }),
+            ...(context.attackGraph && { attackGraph: context.attackGraph }),
+        },
+    };
+}
+//# sourceMappingURL=response-formatter.js.map

package/dist/services/audit/response-formatter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"response-formatter.js","sourceRoot":"","sources":["../../../src/services/audit/response-formatter.ts"],"names":[],"mappings":";;AAuYA,sDAoNC;AA1kBD,2EAAqE;AA2QrE,SAAS,uBAAuB,CAAC,OAAgB;IAC/C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;IAGxC,IACE,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC;QACzB,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC;QACzB,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;QACxB,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC;QAC7B,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EACvB,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAGD,IACE,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;QACtB,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC;QAChC,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC;QAClC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC;QACjC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC;QAC7B,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EACrC,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IAGD,IACE,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;QACxB,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QACpB,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;QAC3B,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC;QAC5B,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC;QAC9B,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EACrB,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAGD,OAAO,WAAW,CAAC;AACrB,CAAC;AAMD,SAAS,gBAAgB,CAAC,OAAgB;IACxC,MAAM,MAAM,GAAmB;QAC7B,IAAI,EAAE,IAAA,wCAAiB,EAAC,OAAO,CAAC,IAAI,CAAC;QACrC,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,KAAK,EAAE,OAAO,CAAC,KAAK;KACrB,CAAC;IAGF,IAAI,OAAO,CAAC,cAAc,KAAK,SAAS,IAAI,OAAO,CAAC,cAAc,KAAK,OAAO,CAAC,KAAK,EAAE,CAAC;QACrF,MAAM,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;IACjD,CAAC;IAED,IAAI,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpE,MAAM,CAAC,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IACrD,CAAC;IAED,IAAI,OAAO,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/D,MAAM,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IACnC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAKD,SAAS,kBAAkB;IACzB,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;AACpC,CAAC;AAKD,SAAS,cAAc,CAAC,EAAU;IAChC,IAAI,EAAE,GAAG,IAAI,EAAE,CAAC;QACd,OAAO,GAAG,EAAE,IAAI,CAAC;IACnB,CAAC;IACD,MAAM,OAAO,GAAG,EAAE,GAAG,IAAI,CAAC;IAC1B,IAAI,OAAO,GAAG,EAAE,EAAE,CAAC;QACjB,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;IAClC,CAAC;IACD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC;IACzC,MAAM,gBAAgB,GAAG,OAAO,GAAG,EAAE,CAAC;IACtC,OAAO,GAAG,OAAO,KAAK,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;AACvD,CAAC;AAKD,SAAS,iBAAiB,CAAC,MAAc;IAEvC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IAC3C,IAAI,CAAC,KAAK;QAAE,OAAO,MAAM,CAAC;IAC1B,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC3D,CAAC;AAKD,SAAgB,qBAAqB,CACnC,KAAoB,EACpB,QAAmB,EACnB,KASC,EACD,OAAyB;IAGzB,MAAM,QAAQ,GAAoB;QAChC,SAAS,EAAE,kBAAkB,EAAE;QAC/B,QAAQ,EAAE,kBAAkB,EAAE;QAC9B,QAAQ,EAAE,kBAAkB,EAAE;KAC/B,CAAC;IAEF,MAAM,QAAQ,GAAoB;QAChC,MAAM,EAAE,kBAAkB,EAAE;QAC5B,UAAU,EAAE,kBAAkB,EAAE;QAChC,OAAO,EAAE,kBAAkB,EAAE;QAC7B,SAAS,EAAE,kBAAkB,EAAE;KAChC,CAAC;IAEF,MAAM,MAAM,GAAG,kBAAkB,EAAE,CAAC;IACpC,MAAM,SAAS,GAAG,kBAAkB,EAAE,CAAC;IACvC,MAAM,WAAW,GAAG,kBAAkB,EAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IACtC,MAAM,cAAc,GAAG,kBAAkB,EAAE,CAAC;IAC5C,MAAM,IAAI,GAAG,kBAAkB,EAAE,CAAC;IAClC,MAAM,WAAW,GAAG,kBAAkB,EAAE,CAAC;IACzC,MAAM,cAAc,GAAG,kBAAkB,EAAE,CAAC;IAG5C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAEjD,QAAQ,OAAO,CAAC,QAAQ,EAAE,CAAC;YACzB,KAAK,WAAW;gBACd,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBACjD,QAAQ,CAAC,SAAS,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;gBAC1C,MAAM;YAER,KAAK,UAAU;gBACb,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBAChD,QAAQ,CAAC,QAAQ,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;gBACzC,MAAM;YAER,KAAK,UAAU;gBACb,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBAChD,QAAQ,CAAC,QAAQ,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;gBACzC,MAAM;YAER,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,MAAM,WAAW,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;gBACrD,QAAQ,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBACpD,QAAQ,CAAC,WAAW,CAAC,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;gBAC7C,MAAM;YACR,CAAC;YAED,KAAK,QAAQ;gBACX,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBACrC,MAAM,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;gBAC9B,MAAM;YAER,KAAK,WAAW;gBACd,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBACxC,SAAS,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;gBACjC,MAAM;YAER,KAAK,aAAa;gBAChB,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBAC1C,WAAW,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;gBACnC,MAAM;YAER,KAAK,QAAQ;gBACX,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBAC7C,cAAc,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;gBACtC,MAAM;YAER,KAAK,MAAM;gBACT,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBACnC,IAAI,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;gBAC5B,MAAM;YAER,KAAK,KAAK;gBACR,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBAC1C,WAAW,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;gBACnC,MAAM;YAER,KAAK,QAAQ;gBACX,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBAC7C,cAAc,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;gBACtC,MAAM;YAER;gBAEE,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBAC7C,cAAc,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;QAC1C,CAAC;QAGD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QACxC,IACE,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;YACtB,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YACrB,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YACrB,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC;YACzB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EACtB,CAAC;YACD,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACvC,QAAQ,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;QAClC,CAAC;IACH,CAAC;IAGD,MAAM,YAAY,GAAG,CAAC,CAAiB,EAAE,CAAiB,EAAE,EAAE;QAC5D,MAAM,aAAa,GAA6B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC5F,IAAI,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5D,OAAO,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC/D,CAAC;QACD,OAAO,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;IAC3B,CAAC,CAAC;IAGF,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC/C,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC9C,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC9C,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC5C,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAChD,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC7C,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC/C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACnC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACtC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACxC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACrC,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC3C,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACjC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACxC,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAE3C,OAAO;QACL,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,kBAAkB;QAC5B,KAAK,EAAE;YACL,QAAQ,EAAE;gBACR,QAAQ,EAAE,kBAAkB;gBAC5B,MAAM,EAAE;oBACN,IAAI,EAAE,iBAAiB,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;oBAC9C,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM;oBAC7B,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO;iBAChC;gBACD,OAAO,EAAE;oBACP,cAAc,EAAE,OAAO,CAAC,OAAO,CAAC,cAAc;oBAC9C,gBAAgB,EAAE,OAAO,CAAC,OAAO,CAAC,gBAAgB,IAAI,IAAI;oBAC1D,aAAa,EAAE,OAAO,CAAC,OAAO,CAAC,aAAa,IAAI,IAAI;iBACrD;gBACD,SAAS,EAAE;oBACT,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE;oBAC1C,QAAQ,EAAE,cAAc,CAAC,OAAO,CAAC,eAAe,CAAC;iBAClD;aACF;YACD,OAAO,EAAE;gBACP,OAAO,EAAE;oBACP,KAAK,EAAE,KAAK,CAAC,UAAU;oBACvB,aAAa,EAAE,KAAK,CAAC,YAAY;oBACjC,cAAc,EAAE,KAAK,CAAC,aAAa;oBACnC,MAAM,EAAE,KAAK,CAAC,WAAW;oBACzB,GAAG,EAAE,KAAK,CAAC,QAAQ;oBACnB,SAAS,EAAE,KAAK,CAAC,cAAc;iBAChC;gBACD,IAAI,EAAE;oBACJ,KAAK,EAAE,KAAK,CAAC,KAAK;oBAClB,MAAM,EAAE,KAAK,CAAC,MAAM;oBACpB,QAAQ,EAAE;wBACR,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,QAAQ;wBACjC,IAAI,EAAE,KAAK,CAAC,QAAQ,CAAC,IAAI;wBACzB,MAAM,EAAE,KAAK,CAAC,QAAQ,CAAC,MAAM;wBAC7B,GAAG,EAAE,KAAK,CAAC,QAAQ,CAAC,GAAG;wBACvB,KAAK,EAAE,KAAK,CAAC,QAAQ,CAAC,KAAK;wBAE3B,GAAG,CAAC,CAAC,GAAG,EAAE;4BACR,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CACpC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,cAAc,IAAI,CAAC,CAAC,KAAK,CAAC,EAC/C,CAAC,CACF,CAAC;4BACF,OAAO,cAAc,KAAK,KAAK,CAAC,QAAQ,CAAC,KAAK;gCAC5C,CAAC,CAAC,EAAE,cAAc,EAAE;gCACpB,CAAC,CAAC,EAAE,CAAC;wBACT,CAAC,CAAC,EAAE,CAAC;qBACN;iBACF;aACF;YACD,QAAQ;YACR,QAAQ;YACR,MAAM;YACN,SAAS;YACT,WAAW;YACX,QAAQ;YACR,cAAc;YACd,IAAI;YACJ,WAAW;YACX,cAAc;YACd,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC;YACnE,GAAG,CAAC,OAAO,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC;SACjE;KACF,CAAC;AACJ,CAAC"}

package/dist/services/audit/scoring.service.d.ts

@@ -0,0 +1,15 @@
+import { Finding, FindingCounts, CategoryCounts } from '../../types/finding.types';
+export interface SecurityScore {
+    score: number;
+    rating: 'excellent' | 'good' | 'fair' | 'poor' | 'critical';
+    weightedPoints: number;
+    totalUsers: number;
+    findings: FindingCounts;
+    categories: CategoryCounts;
+}
+export declare function calculateSecurityScore(findings: Finding[], totalUsers: number): SecurityScore;
+export declare function getRatingDescription(rating: string): string;
+export declare function calculateCategoryScores(findings: Finding[]): Record<string, number>;
+export declare function getTopFindings(findings: Finding[], limit?: number): Finding[];
+export declare function generateSecuritySummary(score: SecurityScore): string;
+//# sourceMappingURL=scoring.service.d.ts.map

package/dist/services/audit/scoring.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scoring.service.d.ts","sourceRoot":"","sources":["../../../src/services/audit/scoring.service.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAY,MAAM,2BAA2B,CAAC;AAK7F,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;IAC5D,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,aAAa,CAAC;IACxB,UAAU,EAAE,cAAc,CAAC;CAC5B;AAmBD,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,UAAU,EAAE,MAAM,GAAG,aAAa,CAkE7F;AAsBD,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAU3D;AAQD,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAmCnF;AASD,wBAAgB,cAAc,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,KAAK,GAAE,MAAW,GAAG,OAAO,EAAE,CASjF;AAQD,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,aAAa,GAAG,MAAM,CAgBpE"}

package/dist/services/audit/scoring.service.js

@@ -0,0 +1,139 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.calculateSecurityScore = calculateSecurityScore;
+exports.getRatingDescription = getRatingDescription;
+exports.calculateCategoryScores = calculateCategoryScores;
+exports.getTopFindings = getTopFindings;
+exports.generateSecuritySummary = generateSecuritySummary;
+const SEVERITY_WEIGHTS = {
+    critical: 10,
+    high: 3,
+    medium: 1,
+    low: 0.2,
+};
+function calculateSecurityScore(findings, totalUsers) {
+    const counts = {
+        critical: 0,
+        high: 0,
+        medium: 0,
+        low: 0,
+        total: 0,
+    };
+    const categories = {
+        passwords: 0,
+        kerberos: 0,
+        accounts: 0,
+        groups: 0,
+        computers: 0,
+        advanced: 0,
+        permissions: 0,
+        config: 0,
+        adcs: 0,
+        gpo: 0,
+        trusts: 0,
+        'attack-paths': 0,
+        monitoring: 0,
+        compliance: 0,
+        network: 0,
+        identity: 0,
+        applications: 0,
+        conditionalAccess: 0,
+        privilegedAccess: 0,
+    };
+    findings.forEach((finding) => {
+        counts[finding.severity] += finding.count;
+        counts.total += finding.count;
+        categories[finding.category] += finding.count;
+    });
+    const weightedFindings = counts.critical * SEVERITY_WEIGHTS.critical +
+        counts.high * SEVERITY_WEIGHTS.high +
+        counts.medium * SEVERITY_WEIGHTS.medium +
+        counts.low * SEVERITY_WEIGHTS.low;
+    const totalEntities = Math.max(totalUsers, 1);
+    const ratio = weightedFindings / totalEntities;
+    const normalizedRatio = Math.log10(ratio + 1) * 50;
+    const score = Math.max(0, Math.min(100, 100 - normalizedRatio));
+    const rating = getSecurityRating(score);
+    return {
+        score: Math.round(score * 10) / 10,
+        rating,
+        weightedPoints: weightedFindings,
+        totalUsers,
+        findings: counts,
+        categories,
+    };
+}
+function getSecurityRating(score) {
+    if (score >= 90)
+        return 'excellent';
+    if (score >= 70)
+        return 'good';
+    if (score >= 50)
+        return 'fair';
+    if (score >= 30)
+        return 'poor';
+    return 'critical';
+}
+function getRatingDescription(rating) {
+    const descriptions = {
+        excellent: 'Excellent - Minimal vulnerabilities, strong security posture',
+        good: 'Good - Some issues to address, generally secure',
+        fair: 'Fair - Multiple vulnerabilities requiring attention',
+        poor: 'Poor - Significant security gaps, urgent remediation needed',
+        critical: 'Critical - Severe security risk, immediate action required',
+    };
+    return descriptions[rating] || 'Unknown rating';
+}
+function calculateCategoryScores(findings) {
+    const categoryScores = {
+        passwords: 100,
+        kerberos: 100,
+        accounts: 100,
+        groups: 100,
+        computers: 100,
+        advanced: 100,
+        permissions: 100,
+        config: 100,
+    };
+    const categoryFindings = findings.reduce((acc, finding) => {
+        if (!acc[finding.category]) {
+            acc[finding.category] = [];
+        }
+        acc[finding.category].push(finding);
+        return acc;
+    }, {});
+    Object.keys(categoryFindings).forEach((category) => {
+        const categoryFindingsList = categoryFindings[category];
+        if (!categoryFindingsList)
+            return;
+        const weightedPoints = categoryFindingsList.reduce((sum, finding) => {
+            return sum + finding.count * SEVERITY_WEIGHTS[finding.severity];
+        }, 0);
+        categoryScores[category] = Math.max(0, 100 - weightedPoints);
+    });
+    return categoryScores;
+}
+function getTopFindings(findings, limit = 10) {
+    const sorted = [...findings].sort((a, b) => {
+        const weightA = SEVERITY_WEIGHTS[a.severity] * a.count;
+        const weightB = SEVERITY_WEIGHTS[b.severity] * b.count;
+        return weightB - weightA;
+    });
+    return sorted.slice(0, limit);
+}
+function generateSecuritySummary(score) {
+    const { score: scoreValue, rating, findings } = score;
+    const lines = [
+        `Security Score: ${scoreValue}/100 (${rating.toUpperCase()})`,
+        getRatingDescription(rating),
+        '',
+        'Vulnerability Summary:',
+        `- Critical: ${findings.critical}`,
+        `- High: ${findings.high}`,
+        `- Medium: ${findings.medium}`,
+        `- Low: ${findings.low}`,
+        `- Total: ${findings.total}`,
+    ];
+    return lines.join('\n');
+}
+//# sourceMappingURL=scoring.service.js.map

package/dist/services/audit/scoring.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scoring.service.js","sourceRoot":"","sources":["../../../src/services/audit/scoring.service.ts"],"names":[],"mappings":";;AAkDA,wDAkEC;AAsBD,oDAUC;AAQD,0DAmCC;AASD,wCASC;AAQD,0DAgBC;AArMD,MAAM,gBAAgB,GAA6B;IACjD,QAAQ,EAAE,EAAE;IACZ,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,GAAG;CACT,CAAC;AASF,SAAgB,sBAAsB,CAAC,QAAmB,EAAE,UAAkB;IAE5E,MAAM,MAAM,GAAkB;QAC5B,QAAQ,EAAE,CAAC;QACX,IAAI,EAAE,CAAC;QACP,MAAM,EAAE,CAAC;QACT,GAAG,EAAE,CAAC;QACN,KAAK,EAAE,CAAC;KACT,CAAC;IAGF,MAAM,UAAU,GAAmB;QACjC,SAAS,EAAE,CAAC;QACZ,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,CAAC;QACX,MAAM,EAAE,CAAC;QACT,SAAS,EAAE,CAAC;QACZ,QAAQ,EAAE,CAAC;QACX,WAAW,EAAE,CAAC;QACd,MAAM,EAAE,CAAC;QACT,IAAI,EAAE,CAAC;QACP,GAAG,EAAE,CAAC;QACN,MAAM,EAAE,CAAC;QACT,cAAc,EAAE,CAAC;QACjB,UAAU,EAAE,CAAC;QACb,UAAU,EAAE,CAAC;QACb,OAAO,EAAE,CAAC;QACV,QAAQ,EAAE,CAAC;QACX,YAAY,EAAE,CAAC;QACf,iBAAiB,EAAE,CAAC;QACpB,gBAAgB,EAAE,CAAC;KACpB,CAAC;IAGF,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC3B,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC;QAC1C,MAAM,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;QAC9B,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC;IAChD,CAAC,CAAC,CAAC;IAGH,MAAM,gBAAgB,GACpB,MAAM,CAAC,QAAQ,GAAG,gBAAgB,CAAC,QAAQ;QAC3C,MAAM,CAAC,IAAI,GAAG,gBAAgB,CAAC,IAAI;QACnC,MAAM,CAAC,MAAM,GAAG,gBAAgB,CAAC,MAAM;QACvC,MAAM,CAAC,GAAG,GAAG,gBAAgB,CAAC,GAAG,CAAC;IAKpC,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IAC9C,MAAM,KAAK,GAAG,gBAAgB,GAAG,aAAa,CAAC;IAC/C,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;IACnD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,eAAe,CAAC,CAAC,CAAC;IAGhE,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAExC,OAAO;QACL,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,EAAE,CAAC,GAAG,EAAE;QAClC,MAAM;QACN,cAAc,EAAE,gBAAgB;QAChC,UAAU;QACV,QAAQ,EAAE,MAAM;QAChB,UAAU;KACX,CAAC;AACJ,CAAC;AAQD,SAAS,iBAAiB,CAAC,KAAa;IACtC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,WAAW,CAAC;IACpC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC;IAC/B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC;IAC/B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC;IAC/B,OAAO,UAAU,CAAC;AACpB,CAAC;AAQD,SAAgB,oBAAoB,CAAC,MAAc;IACjD,MAAM,YAAY,GAA2B;QAC3C,SAAS,EAAE,8DAA8D;QACzE,IAAI,EAAE,iDAAiD;QACvD,IAAI,EAAE,qDAAqD;QAC3D,IAAI,EAAE,6DAA6D;QACnE,QAAQ,EAAE,4DAA4D;KACvE,CAAC;IAEF,OAAO,YAAY,CAAC,MAAM,CAAC,IAAI,gBAAgB,CAAC;AAClD,CAAC;AAQD,SAAgB,uBAAuB,CAAC,QAAmB;IACzD,MAAM,cAAc,GAA2B;QAC7C,SAAS,EAAE,GAAG;QACd,QAAQ,EAAE,GAAG;QACb,QAAQ,EAAE,GAAG;QACb,MAAM,EAAE,GAAG;QACX,SAAS,EAAE,GAAG;QACd,QAAQ,EAAE,GAAG;QACb,WAAW,EAAE,GAAG;QAChB,MAAM,EAAE,GAAG;KACZ,CAAC;IAGF,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;QACxD,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3B,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;QAC7B,CAAC;QACD,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrC,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,EAA+B,CAAC,CAAC;IAGpC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QACjD,MAAM,oBAAoB,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACxD,IAAI,CAAC,oBAAoB;YAAE,OAAO;QAElC,MAAM,cAAc,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;YAClE,OAAO,GAAG,GAAG,OAAO,CAAC,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAClE,CAAC,EAAE,CAAC,CAAC,CAAC;QAGN,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,cAAc,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,OAAO,cAAc,CAAC;AACxB,CAAC;AASD,SAAgB,cAAc,CAAC,QAAmB,EAAE,QAAgB,EAAE;IAEpE,MAAM,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACzC,MAAM,OAAO,GAAG,gBAAgB,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;QACvD,MAAM,OAAO,GAAG,gBAAgB,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;QACvD,OAAO,OAAO,GAAG,OAAO,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;AAChC,CAAC;AAQD,SAAgB,uBAAuB,CAAC,KAAoB;IAC1D,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;IAEtD,MAAM,KAAK,GAAG;QACZ,mBAAmB,UAAU,SAAS,MAAM,CAAC,WAAW,EAAE,GAAG;QAC7D,oBAAoB,CAAC,MAAM,CAAC;QAC5B,EAAE;QACF,wBAAwB;QACxB,eAAe,QAAQ,CAAC,QAAQ,EAAE;QAClC,WAAW,QAAQ,CAAC,IAAI,EAAE;QAC1B,aAAa,QAAQ,CAAC,MAAM,EAAE;QAC9B,UAAU,QAAQ,CAAC,GAAG,EAAE;QACxB,YAAY,QAAQ,CAAC,KAAK,EAAE;KAC7B,CAAC;IAEF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/services/auth/crypto.service.d.ts

@@ -0,0 +1,19 @@
+export interface KeyPair {
+    privateKey: string;
+    publicKey: string;
+}
+export declare class CryptoService {
+    private privateKeyPath;
+    private publicKeyPath;
+    private privateKey;
+    private publicKey;
+    private logger;
+    constructor(privateKeyPath: string, publicKeyPath: string);
+    generateKeyPair(): KeyPair;
+    loadOrGenerateKeys(): Promise<void>;
+    getPrivateKey(): string;
+    getPublicKey(): string;
+    private saveKeys;
+    private validateKeyFormat;
+}
+//# sourceMappingURL=crypto.service.d.ts.map

package/dist/services/auth/crypto.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.service.d.ts","sourceRoot":"","sources":["../../../src/services/auth/crypto.service.ts"],"names":[],"mappings":"AA2BA,MAAM,WAAW,OAAO;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,qBAAa,aAAa;IAMtB,OAAO,CAAC,cAAc;IACtB,OAAO,CAAC,aAAa;IANvB,OAAO,CAAC,UAAU,CAAuB;IACzC,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,MAAM,CAAS;gBAGb,cAAc,EAAE,MAAM,EACtB,aAAa,EAAE,MAAM;IAgB/B,eAAe,IAAI,OAAO;IAiCpB,kBAAkB,IAAI,OAAO,CAAC,IAAI,CAAC;IAyDzC,aAAa,IAAI,MAAM;IAavB,YAAY,IAAI,MAAM;IAkBtB,OAAO,CAAC,QAAQ;IA6ChB,OAAO,CAAC,iBAAiB;CAQ1B"}

package/dist/services/auth/crypto.service.js

@@ -0,0 +1,135 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CryptoService = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const fs_1 = require("fs");
+const path_1 = require("path");
+const logger_1 = require("../../utils/logger");
+class CryptoService {
+    privateKeyPath;
+    publicKeyPath;
+    privateKey = null;
+    publicKey = null;
+    logger;
+    constructor(privateKeyPath, publicKeyPath) {
+        this.privateKeyPath = privateKeyPath;
+        this.publicKeyPath = publicKeyPath;
+        this.logger = logger_1.logger;
+    }
+    generateKeyPair() {
+        this.logger.info('Generating new RSA key pair (2048-bit)');
+        const { privateKey, publicKey } = crypto_1.default.generateKeyPairSync('rsa', {
+            modulusLength: 2048,
+            publicKeyEncoding: {
+                type: 'spki',
+                format: 'pem',
+            },
+            privateKeyEncoding: {
+                type: 'pkcs8',
+                format: 'pem',
+            },
+        });
+        this.logger.info('RSA key pair generated successfully');
+        return { privateKey, publicKey };
+    }
+    async loadOrGenerateKeys() {
+        const privateKeyExists = (0, fs_1.existsSync)(this.privateKeyPath);
+        const publicKeyExists = (0, fs_1.existsSync)(this.publicKeyPath);
+        if (privateKeyExists && publicKeyExists) {
+            this.logger.info('Loading existing RSA keys from filesystem', {
+                privateKeyPath: this.privateKeyPath,
+                publicKeyPath: this.publicKeyPath,
+            });
+            try {
+                this.privateKey = (0, fs_1.readFileSync)(this.privateKeyPath, 'utf-8');
+                this.publicKey = (0, fs_1.readFileSync)(this.publicKeyPath, 'utf-8');
+                this.validateKeyFormat(this.privateKey, 'PRIVATE KEY');
+                this.validateKeyFormat(this.publicKey, 'PUBLIC KEY');
+                this.logger.info('RSA keys loaded successfully from filesystem');
+            }
+            catch (error) {
+                const message = error instanceof Error ? error.message : 'Unknown error';
+                this.logger.error('Failed to load RSA keys from filesystem', { error: message });
+                throw new Error(`Failed to load RSA keys: ${message}`);
+            }
+        }
+        else {
+            if (privateKeyExists !== publicKeyExists) {
+                this.logger.warn('Only one key file exists, regenerating both', {
+                    privateKeyExists,
+                    publicKeyExists,
+                });
+            }
+            else {
+                this.logger.info('No existing keys found, generating new RSA key pair');
+            }
+            try {
+                const keyPair = this.generateKeyPair();
+                this.privateKey = keyPair.privateKey;
+                this.publicKey = keyPair.publicKey;
+                this.saveKeys(keyPair);
+                this.logger.info('RSA keys generated and saved successfully');
+            }
+            catch (error) {
+                const message = error instanceof Error ? error.message : 'Unknown error';
+                this.logger.error('Failed to generate and save RSA keys', { error: message });
+                throw new Error(`Failed to generate RSA keys: ${message}`);
+            }
+        }
+    }
+    getPrivateKey() {
+        if (!this.privateKey) {
+            throw new Error('Keys not loaded. Call loadOrGenerateKeys() first.');
+        }
+        return this.privateKey;
+    }
+    getPublicKey() {
+        if (!this.publicKey) {
+            throw new Error('Keys not loaded. Call loadOrGenerateKeys() first.');
+        }
+        return this.publicKey;
+    }
+    saveKeys(keyPair) {
+        try {
+            const privateKeyDir = (0, path_1.dirname)(this.privateKeyPath);
+            const publicKeyDir = (0, path_1.dirname)(this.publicKeyPath);
+            if (!(0, fs_1.existsSync)(privateKeyDir)) {
+                (0, fs_1.mkdirSync)(privateKeyDir, { recursive: true });
+                this.logger.debug('Created directory for private key', { path: privateKeyDir });
+            }
+            if (!(0, fs_1.existsSync)(publicKeyDir)) {
+                (0, fs_1.mkdirSync)(publicKeyDir, { recursive: true });
+                this.logger.debug('Created directory for public key', { path: publicKeyDir });
+            }
+            (0, fs_1.writeFileSync)(this.privateKeyPath, keyPair.privateKey, { mode: 0o600 });
+            (0, fs_1.chmodSync)(this.privateKeyPath, 0o600);
+            this.logger.debug('Private key saved', {
+                path: this.privateKeyPath,
+                permissions: '600',
+            });
+            (0, fs_1.writeFileSync)(this.publicKeyPath, keyPair.publicKey, { mode: 0o644 });
+            (0, fs_1.chmodSync)(this.publicKeyPath, 0o644);
+            this.logger.debug('Public key saved', {
+                path: this.publicKeyPath,
+                permissions: '644',
+            });
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : 'Unknown error';
+            this.logger.error('Failed to save keys to filesystem', { error: message });
+            throw new Error(`Failed to save keys: ${message}`);
+        }
+    }
+    validateKeyFormat(key, keyType) {
+        const beginMarker = `-----BEGIN ${keyType}-----`;
+        const endMarker = `-----END ${keyType}-----`;
+        if (!key.includes(beginMarker) || !key.includes(endMarker)) {
+            throw new Error(`Invalid ${keyType} format: missing PEM markers`);
+        }
+    }
+}
+exports.CryptoService = CryptoService;
+//# sourceMappingURL=crypto.service.js.map

package/dist/services/auth/crypto.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.service.js","sourceRoot":"","sources":["../../../src/services/auth/crypto.service.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAC5B,2BAAmF;AACnF,+BAA+B;AAE/B,+CAA4C;AA4B5C,MAAa,aAAa;IAMd;IACA;IANF,UAAU,GAAkB,IAAI,CAAC;IACjC,SAAS,GAAkB,IAAI,CAAC;IAChC,MAAM,CAAS;IAEvB,YACU,cAAsB,EACtB,aAAqB;QADrB,mBAAc,GAAd,cAAc,CAAQ;QACtB,kBAAa,GAAb,aAAa,CAAQ;QAE7B,IAAI,CAAC,MAAM,GAAG,eAAM,CAAC;IACvB,CAAC;IAaD,eAAe;QACb,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;QAE3D,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,gBAAM,CAAC,mBAAmB,CAAC,KAAK,EAAE;YAClE,aAAa,EAAE,IAAI;YACnB,iBAAiB,EAAE;gBACjB,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE,KAAK;aACd;YACD,kBAAkB,EAAE;gBAClB,IAAI,EAAE,OAAO;gBACb,MAAM,EAAE,KAAK;aACd;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACxD,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;IACnC,CAAC;IAgBD,KAAK,CAAC,kBAAkB;QACtB,MAAM,gBAAgB,GAAG,IAAA,eAAU,EAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACzD,MAAM,eAAe,GAAG,IAAA,eAAU,EAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAEvD,IAAI,gBAAgB,IAAI,eAAe,EAAE,CAAC;YAExC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2CAA2C,EAAE;gBAC5D,cAAc,EAAE,IAAI,CAAC,cAAc;gBACnC,aAAa,EAAE,IAAI,CAAC,aAAa;aAClC,CAAC,CAAC;YAEH,IAAI,CAAC;gBACH,IAAI,CAAC,UAAU,GAAG,IAAA,iBAAY,EAAC,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;gBAC7D,IAAI,CAAC,SAAS,GAAG,IAAA,iBAAY,EAAC,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;gBAG3D,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;gBACvD,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;gBAErD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;YACnE,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;gBACzE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;gBACjF,MAAM,IAAI,KAAK,CAAC,4BAA4B,OAAO,EAAE,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;aAAM,CAAC;YAEN,IAAI,gBAAgB,KAAK,eAAe,EAAE,CAAC;gBACzC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6CAA6C,EAAE;oBAC9D,gBAAgB;oBAChB,eAAe;iBAChB,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;YAC1E,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;gBACvC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;gBACrC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;gBAEnC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBACvB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;YAChE,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;gBACzE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;gBAC9E,MAAM,IAAI,KAAK,CAAC,gCAAgC,OAAO,EAAE,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;IACH,CAAC;IAQD,aAAa;QACX,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACvE,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAQD,YAAY;QACV,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACvE,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAaO,QAAQ,CAAC,OAAgB;QAC/B,IAAI,CAAC;YAEH,MAAM,aAAa,GAAG,IAAA,cAAO,EAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACnD,MAAM,YAAY,GAAG,IAAA,cAAO,EAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAEjD,IAAI,CAAC,IAAA,eAAU,EAAC,aAAa,CAAC,EAAE,CAAC;gBAC/B,IAAA,cAAS,EAAC,aAAa,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC9C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC,CAAC;YAClF,CAAC;YAED,IAAI,CAAC,IAAA,eAAU,EAAC,YAAY,CAAC,EAAE,CAAC;gBAC9B,IAAA,cAAS,EAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC7C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kCAAkC,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;YAChF,CAAC;YAGD,IAAA,kBAAa,EAAC,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YACxE,IAAA,cAAS,EAAC,IAAI,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;YACtC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE;gBACrC,IAAI,EAAE,IAAI,CAAC,cAAc;gBACzB,WAAW,EAAE,KAAK;aACnB,CAAC,CAAC;YAGH,IAAA,kBAAa,EAAC,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YACtE,IAAA,cAAS,EAAC,IAAI,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;YACrC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE;gBACpC,IAAI,EAAE,IAAI,CAAC,aAAa;gBACxB,WAAW,EAAE,KAAK;aACnB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YACzE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YAC3E,MAAM,IAAI,KAAK,CAAC,wBAAwB,OAAO,EAAE,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IASO,iBAAiB,CAAC,GAAW,EAAE,OAAe;QACpD,MAAM,WAAW,GAAG,cAAc,OAAO,OAAO,CAAC;QACjD,MAAM,SAAS,GAAG,YAAY,OAAO,OAAO,CAAC;QAE7C,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3D,MAAM,IAAI,KAAK,CAAC,WAAW,OAAO,8BAA8B,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;CACF;AArMD,sCAqMC"}

package/dist/services/auth/errors.d.ts

@@ -0,0 +1,19 @@
+export declare class TokenExpiredError extends Error {
+    constructor(message?: string);
+}
+export declare class TokenRevokedError extends Error {
+    constructor(message?: string);
+}
+export declare class UsageLimitExceededError extends Error {
+    constructor(message?: string);
+}
+export declare class TokenNotFoundError extends Error {
+    constructor(message?: string);
+}
+export declare class InvalidSignatureError extends Error {
+    constructor(message?: string);
+}
+export declare class InvalidTokenError extends Error {
+    constructor(message?: string);
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/services/auth/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/services/auth/errors.ts"],"names":[],"mappings":"AAMA,qBAAa,iBAAkB,SAAQ,KAAK;gBAC9B,OAAO,SAAsB;CAI1C;AAED,qBAAa,iBAAkB,SAAQ,KAAK;gBAC9B,OAAO,SAA2B;CAI/C;AAED,qBAAa,uBAAwB,SAAQ,KAAK;gBACpC,OAAO,SAA+B;CAInD;AAED,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,OAAO,SAAgC;CAIpD;AAED,qBAAa,qBAAsB,SAAQ,KAAK;gBAClC,OAAO,SAA4B;CAIhD;AAED,qBAAa,iBAAkB,SAAQ,KAAK;gBAC9B,OAAO,SAAkB;CAItC"}

package/dist/services/auth/errors.js

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InvalidTokenError = exports.InvalidSignatureError = exports.TokenNotFoundError = exports.UsageLimitExceededError = exports.TokenRevokedError = exports.TokenExpiredError = void 0;
+class TokenExpiredError extends Error {
+    constructor(message = 'Token has expired') {
+        super(message);
+        this.name = 'TokenExpiredError';
+    }
+}
+exports.TokenExpiredError = TokenExpiredError;
+class TokenRevokedError extends Error {
+    constructor(message = 'Token has been revoked') {
+        super(message);
+        this.name = 'TokenRevokedError';
+    }
+}
+exports.TokenRevokedError = TokenRevokedError;
+class UsageLimitExceededError extends Error {
+    constructor(message = 'Token usage limit exceeded') {
+        super(message);
+        this.name = 'UsageLimitExceededError';
+    }
+}
+exports.UsageLimitExceededError = UsageLimitExceededError;
+class TokenNotFoundError extends Error {
+    constructor(message = 'Token not found in database') {
+        super(message);
+        this.name = 'TokenNotFoundError';
+    }
+}
+exports.TokenNotFoundError = TokenNotFoundError;
+class InvalidSignatureError extends Error {
+    constructor(message = 'Invalid token signature') {
+        super(message);
+        this.name = 'InvalidSignatureError';
+    }
+}
+exports.InvalidSignatureError = InvalidSignatureError;
+class InvalidTokenError extends Error {
+    constructor(message = 'Invalid token') {
+        super(message);
+        this.name = 'InvalidTokenError';
+    }
+}
+exports.InvalidTokenError = InvalidTokenError;
+//# sourceMappingURL=errors.js.map