npm - @harperfast/harper-pro - Versions diffs - 5.0.0-alpha.2 → 5.0.0-alpha.3 - Mend

@harperfast/harper-pro 5.0.0-alpha.2 → 5.0.0-alpha.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

package/core/CONTRIBUTING.md +2 -0
package/core/package.json +2 -2
package/core/resources/DatabaseTransaction.ts +1 -1
package/core/resources/LMDBTransaction.ts +9 -4
package/core/resources/databases.ts +1 -1
package/core/unitTests/resources/permissions.test.js +7 -2
package/core/unitTests/resources/txn-tracking.test.js +10 -4
package/core/unitTests/resources/vectorIndex.test.js +1 -0
package/dist/bin/harper.js +1 -1
package/dist/bin/harper.js.map +1 -1
package/dist/core/resources/DatabaseTransaction.js +1 -1
package/dist/core/resources/DatabaseTransaction.js.map +1 -1
package/dist/core/resources/LMDBTransaction.js +9 -5
package/dist/core/resources/LMDBTransaction.js.map +1 -1
package/dist/core/resources/databases.js +1 -1
package/dist/core/resources/databases.js.map +1 -1
package/dist/licensing/usageLicensing.js +246 -0
package/dist/licensing/usageLicensing.js.map +1 -0
package/dist/licensing/validation.js +149 -0
package/dist/licensing/validation.js.map +1 -0
package/dist/replication/replicator.js +5 -2
package/dist/replication/replicator.js.map +1 -1
package/dist/replication/setNode.js +0 -1
package/dist/replication/setNode.js.map +1 -1
package/dist/security/certificate.js +206 -6
package/dist/security/certificate.js.map +1 -1
package/dist/security/keyService.js +58 -0
package/dist/security/keyService.js.map +1 -0
package/dist/security/sshKeyOperations.js +343 -0
package/dist/security/sshKeyOperations.js.map +1 -0
package/licensing/usageLicensing.ts +262 -0
package/licensing/validation.ts +191 -0
package/npm-shrinkwrap.json +253 -253
package/package.json +3 -2
package/replication/replicator.ts +6 -2
package/replication/setNode.ts +0 -1
package/security/certificate.ts +259 -7
package/security/keyService.ts +74 -0
package/security/sshKeyOperations.ts +405 -0
package/static/defaultConfig.yaml +2 -0

package/dist/security/certificate.js CHANGED Viewed

@@ -7,19 +7,27 @@ exports.signCertificate = signCertificate;
 exports.createCsr = createCsr;
 exports.getReplicationCert = getReplicationCert;
 exports.getReplicationCertAuth = getReplicationCertAuth;
+const joi_1 = __importDefault(require("joi"));
+const node_forge_1 = __importDefault(require("node-forge"));
+const promises_1 = require("node:fs/promises");
 const node_path_1 = require("node:path");
+const node_crypto_1 = require("node:crypto");
+const validationWrapper_js_1 = require("../core/validation/validationWrapper.js");
+const hdbError_js_1 = require("../core/utility/errors/hdbError.js");
 const keys_js_1 = require("../core/security/keys.js");
 const environmentManager_js_1 = __importDefault(require("../core/utility/environment/environmentManager.js"));
 const hdbTerms_ts_1 = require("../core/utility/hdbTerms.js");
-const node_fs_1 = require("node:fs");
-const node_forge_1 = __importDefault(require("node-forge"));
 const harper_logger_js_1 = __importDefault(require("../core/utility/logging/harper_logger.js"));
-const node_crypto_1 = require("node:crypto");
 const nodeName_ts_1 = require("../core/server/nodeName.js");
+const Server_ts_1 = require("../core/server/Server.js");
+const replicator_ts_1 = require("../replication/replicator.js");
 const { forComponent } = harper_logger_js_1.default;
 const logger = forComponent('certificate').conditional;
 const pki = node_forge_1.default.pki;
 const CERT_VALIDITY_DAYS = 3650;
+const fileExists = async (path) => (0, promises_1.access)(path, promises_1.constants.F_OK)
+    .then(() => true)
+    .catch(() => false);
 async function signCertificate(req) {
     const response = {};
     const hdbKeysDir = (0, node_path_1.join)(environmentManager_js_1.default.getHdbBasePath(), hdbTerms_ts_1.LICENSE_KEY_DIR_NAME);
@@ -36,8 +44,8 @@ async function signCertificate(req) {
                     cert_auth = cert;
                     break;
                 }
-                else if (cert.private_key_name && (0, node_fs_1.existsSync)((0, node_path_1.join)(hdbKeysDir, cert.private_key_name))) {
-                    private_key = (0, node_fs_1.readFileSync)((0, node_path_1.join)(hdbKeysDir, cert.private_key_name));
+                else if (cert.private_key_name && (await fileExists((0, node_path_1.join)(hdbKeysDir, cert.private_key_name)))) {
+                    private_key = await (0, promises_1.readFile)((0, node_path_1.join)(hdbKeysDir, cert.private_key_name));
                     cert_auth = cert;
                     break;
                 }
@@ -121,7 +129,7 @@ async function getReplicationCert() {
     const SNICallback = (0, keys_js_1.createTLSSelector)('operations-api');
     const secureTarget = {
         secureContexts: null,
-        setSecureContext: (_ctx) => { },
+        setSecureContext: () => { },
     };
     await SNICallback.initialize(secureTarget);
     const cert = secureTarget.secureContexts.get((0, nodeName_ts_1.getThisNodeName)());
@@ -139,4 +147,196 @@ async function getReplicationCertAuth() {
     const caName = repCert.issuer.match(/CN=(.*)/)?.[1];
     return (0, keys_js_1.getCertTable)().get(caName);
 }
+/**
+ * Adds or updates a certificate in the hdbCertificate table.
+ *
+ * If `private_key` is provided, it will be written to disk (as `<name>.pem`) rather than
+ * stored in the table. If no `private_key` is provided, existing stored keys are searched
+ * for one that matches the certificate. Non-CA certificates require a matching private key
+ * to be either provided or already stored.
+ *
+ * If `name` is omitted, the primary hostname (CN) is extracted from the certificate itself.
+ *
+ * @param req.name - Primary key for the hdbCertificate record. Falls back to the certificate's CN if omitted.
+ * @param req.certificate - PEM-encoded certificate string to add or update.
+ * @param req.is_authority - Whether this certificate is a Certificate Authority (CA).
+ *   CA certs do not require an associated private key, but can have one.
+ * @param req.private_key - Optional PEM-encoded private key. Written to disk and referenced
+ *   by name in the table. If omitted, existing keys are checked for a match.
+ * @param req.hosts - Optional list of hostnames this certificate is valid for.
+ * @param req.uses - Optional list of use cases this certificate is assigned to.
+ * @param req.ciphers - Optional cipher suite string associated with this certificate.
+ * @throws {ClientError} If the certificate is not a CA and no matching private key is found.
+ * @throws {ClientError} If `name` is omitted and the CN cannot be extracted from the certificate.
+ * @returns A replication response with a `message` confirming the certificate name added.
+ */
+async function addCertificate(req) {
+    const validation = (0, validationWrapper_js_1.validateBySchema)(req, joi_1.default.object({
+        name: joi_1.default.string().optional(),
+        certificate: joi_1.default.string().required(),
+        is_authority: joi_1.default.boolean().required(),
+        private_key: joi_1.default.string(),
+        hosts: joi_1.default.array(),
+        uses: joi_1.default.array(),
+    }));
+    if (validation)
+        throw new hdbError_js_1.ClientError(validation.message);
+    const { name, certificate, private_key, is_authority } = req;
+    const x509Cert = new node_crypto_1.X509Certificate(certificate);
+    // Track whether we found a matching key among existing keys, and which one.
+    let matchingKeyFound = false;
+    let existingPrivateKeyName;
+    const privateKeys = (0, keys_js_1.getPrivateKeys)();
+    if (private_key) {
+        // A key was provided — check if we already have it stored so we don't duplicate it.
+        for (const [keyName, key] of privateKeys) {
+            if (private_key === key) {
+                matchingKeyFound = true;
+                existingPrivateKeyName = keyName;
+                break;
+            }
+        }
+    }
+    else {
+        // No key provided — search existing keys to see if one matches this cert.
+        for (const [keyName, key] of privateKeys) {
+            if (x509Cert.checkPrivateKey((0, node_crypto_1.createPrivateKey)(key))) {
+                matchingKeyFound = true;
+                existingPrivateKeyName = keyName;
+                break;
+            }
+        }
+    }
+    // CA certs don't require a private key, but non-CA certs must have one either
+    // provided directly or already stored.
+    if (!is_authority && !private_key && !matchingKeyFound)
+        throw new hdbError_js_1.ClientError('A suitable private key was not found for this certificate');
+    // If no name was provided, fall back to extracting the CN from the cert itself.
+    let certCn;
+    if (!name) {
+        try {
+            certCn = (0, keys_js_1.getPrimaryHostName)(x509Cert);
+        }
+        catch (err) {
+            logger.error?.(err);
+        }
+        if (certCn == null)
+            throw new hdbError_js_1.ClientError('Error extracting certificate host name, please provide a name parameter');
+    }
+    const saniName = sanitizeName(name ?? certCn);
+    // Only write the key to disk if it's new (not already stored).
+    if (private_key && !matchingKeyFound) {
+        await (0, promises_1.writeFile)((0, node_path_1.join)(environmentManager_js_1.default.getHdbBasePath(), hdbTerms_ts_1.LICENSE_KEY_DIR_NAME, saniName + '.pem'), private_key);
+        privateKeys.set(saniName, private_key);
+    }
+    const record = {
+        name: name ?? certCn,
+        certificate,
+        is_authority,
+        hosts: req.hosts,
+        uses: req.uses,
+    };
+    // Attach private_key_name for non-CA certs, and for CA certs that have an associated key.
+    if (!is_authority || (is_authority && existingPrivateKeyName) || (is_authority && private_key)) {
+        record.private_key_name = existingPrivateKeyName ?? saniName + '.pem';
+    }
+    if (req.ciphers)
+        record.ciphers = req.ciphers;
+    await (0, keys_js_1.setCertTable)(record);
+    const response = await (0, replicator_ts_1.replicateOperation)(req);
+    response.message = 'Successfully added certificate: ' + saniName;
+    return response;
+}
+/**
+ * Removes a certificate from the hdbCertificate table.
+ *
+ * If the certificate has an associated private key file, it will be deleted from disk —
+ * but only if no other certificates reference the same key.
+ *
+ * @param req.name - Name of the certificate to remove. Must match an existing record.
+ * @throws {ClientError} If no certificate with the given name is found.
+ * @returns A replication response with a `message` confirming the certificate name removed.
+ */
+async function removeCertificate(req) {
+    const validation = (0, validationWrapper_js_1.validateBySchema)(req, joi_1.default.object({
+        name: joi_1.default.string().required(),
+    }));
+    if (validation)
+        throw new hdbError_js_1.ClientError(validation.message);
+    const { name } = req;
+    const certificateTable = (0, keys_js_1.getCertTable)();
+    const certRecord = await certificateTable.get(name);
+    if (!certRecord)
+        throw new hdbError_js_1.ClientError(`${name} not found`);
+    const { private_key_name } = certRecord;
+    if (private_key_name) {
+        const matchingKeys = Array.from(await certificateTable.search([{ attribute: 'private_key_name', value: private_key_name }]));
+        // Only delete the key file if this is the only cert referencing it.
+        if (matchingKeys.length === 1 && matchingKeys[0].name === name) {
+            try {
+                logger.info?.('Removing private key named', private_key_name);
+                await (0, promises_1.unlink)((0, node_path_1.join)(environmentManager_js_1.default.getHdbBasePath(), hdbTerms_ts_1.LICENSE_KEY_DIR_NAME, private_key_name));
+            }
+            catch (err) {
+                logger.error?.('Failed to remove private key file', private_key_name, err);
+            }
+        }
+    }
+    await certificateTable.delete(name);
+    const response = await (0, replicator_ts_1.replicateOperation)(req);
+    response.message = `Successfully removed ${name}`;
+    return response;
+}
+/**
+ * List all the records in hdbCertificate table
+ * @returns {Promise<*[]>}
+ */
+async function listCertificates() {
+    const certificateTable = (0, keys_js_1.getCertTable)();
+    let response = [];
+    for await (const cert of certificateTable.search([])) {
+        response.push(cert);
+    }
+    return response;
+}
+/**
+ * Used to sanitize a cert common name or the 'name' param used in cert ops
+ * @param cn
+ * @returns {*}
+ */
+function sanitizeName(cn) {
+    return cn.replace(/[^a-z0-9.]/gi, '-');
+}
+// These will register the operations for the operations API. For now the method and schema are ignored,
+// they are there for when build the REST interface for operations API
+Server_ts_1.server.registerOperation?.({
+    name: 'add_certificate',
+    execute: addCertificate,
+    httpMethod: 'PUT',
+    parametersSchema: [{ name: 'hostname', in: 'path', schema: { type: 'string' } }],
+});
+Server_ts_1.server.registerOperation?.({
+    name: 'remove_certificate',
+    execute: removeCertificate,
+    httpMethod: 'DELETE',
+    parametersSchema: [{ name: 'hostname', in: 'path', schema: { type: 'string' } }],
+});
+Server_ts_1.server.registerOperation?.({
+    name: 'list_certificates',
+    execute: listCertificates,
+    httpMethod: 'GET',
+    parametersSchema: [{ name: 'hostname', in: 'path', schema: { type: 'string' } }],
+});
+Server_ts_1.server.registerOperation?.({
+    name: 'create_csr',
+    execute: createCsr,
+    httpMethod: 'POST',
+    parametersSchema: [{ name: 'hostname', in: 'path', schema: { type: 'string' } }],
+});
+Server_ts_1.server.registerOperation?.({
+    name: 'sign_certificate',
+    execute: signCertificate,
+    httpMethod: 'POST',
+    parametersSchema: [{ name: 'hostname', in: 'path', schema: { type: 'string' } }],
+});
 //# sourceMappingURL=certificate.js.map

package/dist/security/certificate.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"certificate.js","sourceRoot":"","sources":["../../security/certificate.ts"],"names":[],"mappings":";;;;;AAuBA,0CAwEC;AACD,8BAmCC;AAED,gDAcC;AAED,wDAMC;AA3JD,yCAAiC;AACjC,sDASkC;AAClC,8GAAoE;AACpE,6DAAmE;AACnE,qCAAmD;AACnD,4DAA+B;AAC/B,gGAAoE;AACpE,6CAA8C;AAC9C,4DAA6D;AAC7D,MAAM,EAAE,YAAY,EAAE,GAAG,0BAAY,CAAC;AACtC,MAAM,MAAM,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC,WAAW,CAAC;AACvD,MAAM,GAAG,GAAG,oBAAK,CAAC,GAAG,CAAC;AACtB,MAAM,kBAAkB,GAAG,IAAI,CAAC;AAEzB,KAAK,UAAU,eAAe,CAAC,GAAG;IACxC,MAAM,QAAQ,GAAG,EAAE,CAAC;IACpB,MAAM,UAAU,GAAG,IAAA,gBAAI,EAAC,+BAAG,CAAC,cAAc,EAAE,EAAE,kCAAoB,CAAC,CAAC;IAEpE,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC;QACb,IAAI,WAAW,CAAC;QAChB,IAAI,SAAS,CAAC;QACd,MAAM,gBAAgB,GAAG,IAAA,sBAAY,GAAE,CAAC;QACxC,MAAM,WAAW,GAAG,IAAA,wBAAc,GAAE,CAAC;QACrC,2EAA2E;QAC3E,IAAI,KAAK,EAAE,MAAM,IAAI,IAAI,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;YACtD,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gCAAgC,CAAC,EAAE,CAAC;gBAC1F,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC;oBAC5C,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;oBACrD,SAAS,GAAG,IAAI,CAAC;oBACjB,MAAM;gBACP,CAAC;qBAAM,IAAI,IAAI,CAAC,gBAAgB,IAAI,IAAA,oBAAU,EAAC,IAAA,gBAAI,EAAC,UAAU,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC;oBACzF,WAAW,GAAG,IAAA,sBAAY,EAAC,IAAA,gBAAI,EAAC,UAAU,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;oBACpE,SAAS,GAAG,IAAI,CAAC;oBACjB,MAAM;gBACP,CAAC;YACF,CAAC;QACF,CAAC;QAED,kFAAkF;QAClF,IAAI,CAAC,WAAW,EAAE,CAAC;YAClB,MAAM,UAAU,GAAG,MAAM,IAAA,0BAAgB,GAAE,CAAC;YAC5C,SAAS,GAAG,UAAU,CAAC,EAAE,CAAC;YAC1B,WAAW,GAAG,UAAU,CAAC,WAAW,CAAC;QACtC,CAAC;QAED,WAAW,GAAG,GAAG,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;QACjD,QAAQ,CAAC,SAAS,GAAG,SAAS,CAAC,WAAW,CAAC;QAC3C,MAAM,SAAS,GAAG,GAAG,CAAC,kBAAkB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAChE,MAAM,CAAC,IAAI,EAAE,CAAC,6BAA6B,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QAC7D,MAAM,GAAG,GAAG,GAAG,CAAC,2BAA2B,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACrD,IAAI,CAAC;YACJ,GAAG,CAAC,MAAM,EAAE,CAAC;QACd,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,MAAM,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC;YACpB,OAAO,IAAI,KAAK,CAAC,uBAAuB,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC;QACzD,CAAC;QAED,MAAM,IAAI,GAAG,oBAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC;QAC3C,IAAI,CAAC,YAAY,GAAG,IAAA,8BAAoB,GAAE,CAAC;QAC3C,IAAI,CAAC,QAAQ,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAClC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,kBAAkB,CAAC,CAAC;QACxE,MAAM,CAAC,IAAI,EAAE,CAAC,6BAA6B,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAE5D,mBAAmB;QACnB,MAAM,CAAC,IAAI,EAAE,CAAC,qCAAqC,EAAE,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC7E,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAExC,iBAAiB;QACjB,MAAM,CAAC,IAAI,EAAE,CAAC,2BAA2B,EAAE,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACzE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE7C,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC,CAAC,UAAU,CAAC;QAC7E,MAAM,CAAC,IAAI,EAAE,CAAC,uCAAuC,EAAE,UAAU,CAAC,CAAC;QACnE,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;QAE/B,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,SAAS,CAAC;QAC/B,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,oBAAK,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAEjD,QAAQ,CAAC,WAAW,GAAG,GAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACnD,CAAC;SAAM,CAAC;QACP,MAAM,CAAC,IAAI,EAAE,CAAC,uCAAuC,EAAE,GAAG,CAAC,GAAG,EAAE,8BAA8B,CAAC,CAAC;IACjG,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC;AACM,KAAK,UAAU,SAAS;IAC9B,MAAM,GAAG,GAAG,MAAM,kBAAkB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,GAAG,CAAC,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACzD,MAAM,aAAa,GAAG,GAAG,CAAC,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE7D,MAAM,CAAC,IAAI,EAAE,CAAC,+BAA+B,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IAEzD,MAAM,GAAG,GAAG,GAAG,CAAC,0BAA0B,EAAE,CAAC;IAC7C,GAAG,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IAClC,MAAM,OAAO,GAAG;QACf;YACC,IAAI,EAAE,YAAY;YAClB,KAAK,EAAE,IAAA,uBAAa,GAAE;SACtB;QACD,GAAG,yBAAe;KAClB,CAAC;IACF,MAAM,CAAC,IAAI,EAAE,CAAC,2BAA2B,EAAE,OAAO,CAAC,CAAC;IACpD,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAExB,MAAM,UAAU,GAAG;QAClB;YACC,IAAI,EAAE,kBAAkB;YACxB,KAAK,EAAE,gBAAgB;SACvB;QACD;YACC,IAAI,EAAE,kBAAkB;YACxB,UAAU,EAAE,IAAA,wBAAc,GAAE;SAC5B;KACD,CAAC;IACF,MAAM,CAAC,IAAI,EAAE,CAAC,8BAA8B,EAAE,UAAU,CAAC,CAAC;IAC1D,GAAG,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;IAE9B,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAExB,OAAO,oBAAK,CAAC,GAAG,CAAC,yBAAyB,CAAC,GAAG,CAAC,CAAC;AACjD,CAAC;AAEM,KAAK,UAAU,kBAAkB;IACvC,MAAM,WAAW,GAAG,IAAA,2BAAiB,EAAC,gBAAgB,CAAC,CAAC;IACxD,MAAM,YAAY,GAAG;QACpB,cAAc,EAAE,IAAI;QACpB,gBAAgB,EAAE,CAAC,IAAI,EAAE,EAAE,GAAE,CAAC;KAC9B,CAAC;IACF,MAAM,WAAW,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,YAAY,CAAC,cAAc,CAAC,GAAG,CAAC,IAAA,6BAAe,GAAE,CAAC,CAAC;IAChE,IAAI,CAAC,IAAI;QAAE,OAAO;IAClB,MAAM,UAAU,GAAG,IAAI,6BAAe,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1D,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC;IAC9B,IAAI,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;IAEhC,OAAO,IAAI,CAAC;AACb,CAAC;AAEM,KAAK,UAAU,sBAAsB;IAC3C,IAAA,sBAAY,GAAE,CAAC;IACf,MAAM,OAAO,GAAG,CAAC,MAAM,kBAAkB,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;IAC1D,MAAM,OAAO,GAAG,IAAI,6BAAe,CAAC,OAAO,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACpD,OAAO,IAAA,sBAAY,GAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AACnC,CAAC"}
1	+ {"version":3,"file":"certificate.js","sourceRoot":"","sources":["../../security/certificate.ts"],"names":[],"mappings":";;;;;AAoCA,0CAwEC;AAED,8BAmCC;AAED,gDAcC;AAED,wDAMC;AAzKD,8CAAsB;AACtB,4DAA+B;AAC/B,+CAAkF;AAClF,yCAAiC;AACjC,6CAAgE;AAChE,kFAA2E;AAC3E,oEAAiE;AACjE,sDAWkC;AAClC,8GAAoE;AACpE,6DAAmE;AACnE,gGAAoE;AACpE,4DAA6D;AAC7D,wDAAkD;AAClD,gEAAkE;AAElE,MAAM,EAAE,YAAY,EAAE,GAAG,0BAAY,CAAC;AACtC,MAAM,MAAM,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC,WAAW,CAAC;AACvD,MAAM,GAAG,GAAG,oBAAK,CAAC,GAAG,CAAC;AACtB,MAAM,kBAAkB,GAAG,IAAI,CAAC;AAEhC,MAAM,UAAU,GAAG,KAAK,EAAE,IAAY,EAAoB,EAAE,CAC3D,IAAA,iBAAM,EAAC,IAAI,EAAE,oBAAS,CAAC,IAAI,CAAC;KAC1B,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;KAChB,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;AAEf,KAAK,UAAU,eAAe,CAAC,GAAG;IACxC,MAAM,QAAQ,GAAG,EAAE,CAAC;IACpB,MAAM,UAAU,GAAG,IAAA,gBAAI,EAAC,+BAAG,CAAC,cAAc,EAAE,EAAE,kCAAoB,CAAC,CAAC;IAEpE,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC;QACb,IAAI,WAAW,CAAC;QAChB,IAAI,SAAS,CAAC;QACd,MAAM,gBAAgB,GAAG,IAAA,sBAAY,GAAE,CAAC;QACxC,MAAM,WAAW,GAAwB,IAAA,wBAAc,GAAE,CAAC;QAC1D,2EAA2E;QAC3E,IAAI,KAAK,EAAE,MAAM,IAAI,IAAI,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;YACtD,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gCAAgC,CAAC,EAAE,CAAC;gBAC1F,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC;oBAC5C,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;oBACrD,SAAS,GAAG,IAAI,CAAC;oBACjB,MAAM;gBACP,CAAC;qBAAM,IAAI,IAAI,CAAC,gBAAgB,IAAI,CAAC,MAAM,UAAU,CAAC,IAAA,gBAAI,EAAC,UAAU,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,CAAC;oBACjG,WAAW,GAAG,MAAM,IAAA,mBAAQ,EAAC,IAAA,gBAAI,EAAC,UAAU,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;oBACtE,SAAS,GAAG,IAAI,CAAC;oBACjB,MAAM;gBACP,CAAC;YACF,CAAC;QACF,CAAC;QAED,kFAAkF;QAClF,IAAI,CAAC,WAAW,EAAE,CAAC;YAClB,MAAM,UAAU,GAAG,MAAM,IAAA,0BAAgB,GAAE,CAAC;YAC5C,SAAS,GAAG,UAAU,CAAC,EAAE,CAAC;YAC1B,WAAW,GAAG,UAAU,CAAC,WAAW,CAAC;QACtC,CAAC;QAED,WAAW,GAAG,GAAG,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;QACjD,QAAQ,CAAC,SAAS,GAAG,SAAS,CAAC,WAAW,CAAC;QAC3C,MAAM,SAAS,GAAG,GAAG,CAAC,kBAAkB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAChE,MAAM,CAAC,IAAI,EAAE,CAAC,6BAA6B,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QAC7D,MAAM,GAAG,GAAG,GAAG,CAAC,2BAA2B,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACrD,IAAI,CAAC;YACJ,GAAG,CAAC,MAAM,EAAE,CAAC;QACd,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,MAAM,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC;YACpB,OAAO,IAAI,KAAK,CAAC,uBAAuB,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC;QACzD,CAAC;QAED,MAAM,IAAI,GAAG,oBAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC;QAC3C,IAAI,CAAC,YAAY,GAAG,IAAA,8BAAoB,GAAE,CAAC;QAC3C,IAAI,CAAC,QAAQ,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAClC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,kBAAkB,CAAC,CAAC;QACxE,MAAM,CAAC,IAAI,EAAE,CAAC,6BAA6B,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAE5D,mBAAmB;QACnB,MAAM,CAAC,IAAI,EAAE,CAAC,qCAAqC,EAAE,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC7E,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAExC,iBAAiB;QACjB,MAAM,CAAC,IAAI,EAAE,CAAC,2BAA2B,EAAE,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACzE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE7C,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC,CAAC,UAAU,CAAC;QAC7E,MAAM,CAAC,IAAI,EAAE,CAAC,uCAAuC,EAAE,UAAU,CAAC,CAAC;QACnE,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;QAE/B,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,SAAS,CAAC;QAC/B,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,oBAAK,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAEjD,QAAQ,CAAC,WAAW,GAAG,GAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACnD,CAAC;SAAM,CAAC;QACP,MAAM,CAAC,IAAI,EAAE,CAAC,uCAAuC,EAAE,GAAG,CAAC,GAAG,EAAE,8BAA8B,CAAC,CAAC;IACjG,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC;AAEM,KAAK,UAAU,SAAS;IAC9B,MAAM,GAAG,GAAG,MAAM,kBAAkB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,GAAG,CAAC,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACzD,MAAM,aAAa,GAAG,GAAG,CAAC,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE7D,MAAM,CAAC,IAAI,EAAE,CAAC,+BAA+B,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IAEzD,MAAM,GAAG,GAAG,GAAG,CAAC,0BAA0B,EAAE,CAAC;IAC7C,GAAG,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IAClC,MAAM,OAAO,GAAG;QACf;YACC,IAAI,EAAE,YAAY;YAClB,KAAK,EAAE,IAAA,uBAAa,GAAE;SACtB;QACD,GAAG,yBAAe;KAClB,CAAC;IACF,MAAM,CAAC,IAAI,EAAE,CAAC,2BAA2B,EAAE,OAAO,CAAC,CAAC;IACpD,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAExB,MAAM,UAAU,GAAG;QAClB;YACC,IAAI,EAAE,kBAAkB;YACxB,KAAK,EAAE,gBAAgB;SACvB;QACD;YACC,IAAI,EAAE,kBAAkB;YACxB,UAAU,EAAE,IAAA,wBAAc,GAAE;SAC5B;KACD,CAAC;IACF,MAAM,CAAC,IAAI,EAAE,CAAC,8BAA8B,EAAE,UAAU,CAAC,CAAC;IAC1D,GAAG,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;IAE9B,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAExB,OAAO,oBAAK,CAAC,GAAG,CAAC,yBAAyB,CAAC,GAAG,CAAC,CAAC;AACjD,CAAC;AAEM,KAAK,UAAU,kBAAkB;IACvC,MAAM,WAAW,GAAG,IAAA,2BAAiB,EAAC,gBAAgB,CAAC,CAAC;IACxD,MAAM,YAAY,GAAG;QACpB,cAAc,EAAE,IAAI;QACpB,gBAAgB,EAAE,GAAG,EAAE,GAAE,CAAC;KAC1B,CAAC;IACF,MAAM,WAAW,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,YAAY,CAAC,cAAc,CAAC,GAAG,CAAC,IAAA,6BAAe,GAAE,CAAC,CAAC;IAChE,IAAI,CAAC,IAAI;QAAE,OAAO;IAClB,MAAM,UAAU,GAAG,IAAI,6BAAe,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1D,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC;IAC9B,IAAI,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;IAEhC,OAAO,IAAI,CAAC;AACb,CAAC;AAEM,KAAK,UAAU,sBAAsB;IAC3C,IAAA,sBAAY,GAAE,CAAC;IACf,MAAM,OAAO,GAAG,CAAC,MAAM,kBAAkB,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;IAC1D,MAAM,OAAO,GAAG,IAAI,6BAAe,CAAC,OAAO,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACpD,OAAO,IAAA,sBAAY,GAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AACnC,CAAC;AAsBD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,KAAK,UAAU,cAAc,CAAC,GAA0B;IACvD,MAAM,UAAU,GAAG,IAAA,uCAAgB,EAClC,GAAG,EACH,aAAG,CAAC,MAAM,CAAC;QACV,IAAI,EAAE,aAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC7B,WAAW,EAAE,aAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACpC,YAAY,EAAE,aAAG,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QACtC,WAAW,EAAE,aAAG,CAAC,MAAM,EAAE;QACzB,KAAK,EAAE,aAAG,CAAC,KAAK,EAAE;QAClB,IAAI,EAAE,aAAG,CAAC,KAAK,EAAE;KACjB,CAAC,CACF,CAAC;IACF,IAAI,UAAU;QAAE,MAAM,IAAI,yBAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE1D,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,GAAG,CAAC;IAC7D,MAAM,QAAQ,GAAG,IAAI,6BAAe,CAAC,WAAW,CAAC,CAAC;IAElD,4EAA4E;IAC5E,IAAI,gBAAgB,GAAY,KAAK,CAAC;IACtC,IAAI,sBAA0C,CAAC;IAC/C,MAAM,WAAW,GAAwB,IAAA,wBAAc,GAAE,CAAC;IAE1D,IAAI,WAAW,EAAE,CAAC;QACjB,oFAAoF;QACpF,KAAK,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,WAAW,EAAE,CAAC;YAC1C,IAAI,WAAW,KAAK,GAAG,EAAE,CAAC;gBACzB,gBAAgB,GAAG,IAAI,CAAC;gBACxB,sBAAsB,GAAG,OAAO,CAAC;gBACjC,MAAM;YACP,CAAC;QACF,CAAC;IACF,CAAC;SAAM,CAAC;QACP,0EAA0E;QAC1E,KAAK,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,WAAW,EAAE,CAAC;YAC1C,IAAI,QAAQ,CAAC,eAAe,CAAC,IAAA,8BAAgB,EAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBACrD,gBAAgB,GAAG,IAAI,CAAC;gBACxB,sBAAsB,GAAG,OAAO,CAAC;gBACjC,MAAM;YACP,CAAC;QACF,CAAC;IACF,CAAC;IAED,8EAA8E;IAC9E,uCAAuC;IACvC,IAAI,CAAC,YAAY,IAAI,CAAC,WAAW,IAAI,CAAC,gBAAgB;QACrD,MAAM,IAAI,yBAAW,CAAC,2DAA2D,CAAC,CAAC;IAEpF,gFAAgF;IAChF,IAAI,MAA0B,CAAC;IAC/B,IAAI,CAAC,IAAI,EAAE,CAAC;QACX,IAAI,CAAC;YACJ,MAAM,GAAG,IAAA,4BAAkB,EAAC,QAAQ,CAAC,CAAC;QACvC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,MAAM,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;QAED,IAAI,MAAM,IAAI,IAAI;YACjB,MAAM,IAAI,yBAAW,CAAC,yEAAyE,CAAC,CAAC;IACnG,CAAC;IAED,MAAM,QAAQ,GAAW,YAAY,CAAC,IAAI,IAAI,MAAO,CAAC,CAAC;IAEvD,+DAA+D;IAC/D,IAAI,WAAW,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtC,MAAM,IAAA,oBAAS,EAAC,IAAA,gBAAI,EAAC,+BAAG,CAAC,cAAc,EAAE,EAAE,kCAAoB,EAAE,QAAQ,GAAG,MAAM,CAAC,EAAE,WAAW,CAAC,CAAC;QAClG,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACxC,CAAC;IAED,MAAM,MAAM,GAAe;QAC1B,IAAI,EAAE,IAAI,IAAI,MAAO;QACrB,WAAW;QACX,YAAY;QACZ,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,IAAI,EAAE,GAAG,CAAC,IAAI;KACd,CAAC;IAEF,0FAA0F;IAC1F,IAAI,CAAC,YAAY,IAAI,CAAC,YAAY,IAAI,sBAAsB,CAAC,IAAI,CAAC,YAAY,IAAI,WAAW,CAAC,EAAE,CAAC;QAChG,MAAM,CAAC,gBAAgB,GAAG,sBAAsB,IAAI,QAAQ,GAAG,MAAM,CAAC;IACvE,CAAC;IAED,IAAI,GAAG,CAAC,OAAO;QAAE,MAAM,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;IAE9C,MAAM,IAAA,sBAAY,EAAC,MAAM,CAAC,CAAC;IAC3B,MAAM,QAAQ,GAAwB,MAAM,IAAA,kCAAkB,EAAC,GAAG,CAAC,CAAC;IACpE,QAAQ,CAAC,OAAO,GAAG,kCAAkC,GAAG,QAAQ,CAAC;IACjE,OAAO,QAAQ,CAAC;AACjB,CAAC;AAED;;;;;;;;;GASG;AACH,KAAK,UAAU,iBAAiB,CAAC,GAAqB;IACrD,MAAM,UAAU,GAAG,IAAA,uCAAgB,EAClC,GAAG,EACH,aAAG,CAAC,MAAM,CAAC;QACV,IAAI,EAAE,aAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC7B,CAAC,CACF,CAAC;IACF,IAAI,UAAU;QAAE,MAAM,IAAI,yBAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE1D,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC;IACrB,MAAM,gBAAgB,GAAG,IAAA,sBAAY,GAAE,CAAC;IACxC,MAAM,UAAU,GAAQ,MAAM,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACzD,IAAI,CAAC,UAAU;QAAE,MAAM,IAAI,yBAAW,CAAC,GAAG,IAAI,YAAY,CAAC,CAAC;IAE5D,MAAM,EAAE,gBAAgB,EAAE,GAAG,UAAU,CAAC;IACxC,IAAI,gBAAgB,EAAE,CAAC;QACtB,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAC9B,MAAM,gBAAgB,CAAC,MAAM,CAAC,CAAC,EAAE,SAAS,EAAE,kBAAkB,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAC3F,CAAC;QAEF,oEAAoE;QACpE,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YAChE,IAAI,CAAC;gBACJ,MAAM,CAAC,IAAI,EAAE,CAAC,4BAA4B,EAAE,gBAAgB,CAAC,CAAC;gBAC9D,MAAM,IAAA,iBAAM,EAAC,IAAA,gBAAI,EAAC,+BAAG,CAAC,cAAc,EAAE,EAAE,kCAAoB,EAAE,gBAAgB,CAAC,CAAC,CAAC;YAClF,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACd,MAAM,CAAC,KAAK,EAAE,CAAC,mCAAmC,EAAE,gBAAgB,EAAE,GAAG,CAAC,CAAC;YAC5E,CAAC;QACF,CAAC;IACF,CAAC;IAED,MAAM,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,QAAQ,GAAwB,MAAM,IAAA,kCAAkB,EAAC,GAAG,CAAC,CAAC;IACpE,QAAQ,CAAC,OAAO,GAAG,wBAAwB,IAAI,EAAE,CAAC;IAClD,OAAO,QAAQ,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,gBAAgB;IAC9B,MAAM,gBAAgB,GAAG,IAAA,sBAAY,GAAE,CAAC;IACxC,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,IAAI,KAAK,EAAE,MAAM,IAAI,IAAI,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;QACtD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrB,CAAC;IACD,OAAO,QAAQ,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,SAAS,YAAY,CAAC,EAAU;IAC/B,OAAO,EAAE,CAAC,OAAO,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;AACxC,CAAC;AAED,wGAAwG;AACxG,sEAAsE;AACtE,kBAAM,CAAC,iBAAiB,EAAE,CAAC;IAC1B,IAAI,EAAE,iBAAiB;IACvB,OAAO,EAAE,cAAc;IACvB,UAAU,EAAE,KAAK;IACjB,gBAAgB,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC;CAChF,CAAC,CAAC;AAEH,kBAAM,CAAC,iBAAiB,EAAE,CAAC;IAC1B,IAAI,EAAE,oBAAoB;IAC1B,OAAO,EAAE,iBAAiB;IAC1B,UAAU,EAAE,QAAQ;IACpB,gBAAgB,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC;CAChF,CAAC,CAAC;AAEH,kBAAM,CAAC,iBAAiB,EAAE,CAAC;IAC1B,IAAI,EAAE,mBAAmB;IACzB,OAAO,EAAE,gBAAgB;IACzB,UAAU,EAAE,KAAK;IACjB,gBAAgB,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC;CAChF,CAAC,CAAC;AAEH,kBAAM,CAAC,iBAAiB,EAAE,CAAC;IAC1B,IAAI,EAAE,YAAY;IAClB,OAAO,EAAE,SAAS;IAClB,UAAU,EAAE,MAAM;IAClB,gBAAgB,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC;CAChF,CAAC,CAAC;AAEH,kBAAM,CAAC,iBAAiB,EAAE,CAAC;IAC1B,IAAI,EAAE,kBAAkB;IACxB,OAAO,EAAE,eAAe;IACxB,UAAU,EAAE,MAAM;IAClB,gBAAgB,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC;CAChF,CAAC,CAAC"}

package/dist/security/keyService.js ADDED Viewed

@@ -0,0 +1,58 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const joi_1 = __importDefault(require("joi"));
+const validationWrapper_js_1 = require("../core/validation/validationWrapper.js");
+const hdbError_js_1 = require("../core/utility/errors/hdbError.js");
+const keys_js_1 = require("../core/security/keys.js");
+const tokenAuthentication_ts_1 = require("../core/security/tokenAuthentication.js");
+const Server_ts_1 = require("../core/server/Server.js");
+const jwtKeyMap = {
+    '.jwtPrivate': 'privateKey',
+    '.jwtPublic': 'publicKey',
+    '.jwtPass': 'passphrase',
+};
+/**
+ * Resolves a cryptographic key by name for use in replication or resource contexts.
+ *
+ * Supports JWT RSA keys (`.jwtPrivate`, `.jwtPublic`, `.jwtPass`) and arbitrary
+ * private keys managed by the key store.
+ *
+ * @param req - The request object. Must have `bypass_auth` set to `true` — direct
+ *              calls from the operations API are not permitted.
+ * @param req.name - The name of the key to retrieve.
+ * @returns The resolved key material as a string.
+ */
+async function keyResolver(req) {
+    // This is here to block this function from being called by operations API. It can be called by replication or a resource
+    if (req.bypass_auth !== true)
+        throw new hdbError_js_1.ClientError('Unauthorized', '401');
+    const validation = (0, validationWrapper_js_1.validateBySchema)(req, joi_1.default.object({
+        name: joi_1.default.string().required(),
+    }));
+    if (validation)
+        throw new hdbError_js_1.ClientError(validation.message);
+    const { name } = req;
+    // Handle JWT keys
+    const jwtField = jwtKeyMap[name];
+    if (jwtField) {
+        const jwt = await (0, tokenAuthentication_ts_1.getJWTRSAKeys)();
+        return jwt[jwtField];
+    }
+    // Handle private keys
+    const privateKeys = (0, keys_js_1.getPrivateKeys)();
+    const privateKey = privateKeys.get(name);
+    if (privateKey) {
+        return privateKey;
+    }
+    throw new hdbError_js_1.ClientError('Key not found');
+}
+Server_ts_1.server.registerOperation?.({
+    name: 'get_key',
+    execute: keyResolver,
+    httpMethod: 'GET',
+    parametersSchema: [{ name: 'hostname', in: 'path', schema: { type: 'string' } }],
+});
+//# sourceMappingURL=keyService.js.map

package/dist/security/keyService.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"keyService.js","sourceRoot":"","sources":["../../security/keyService.ts"],"names":[],"mappings":";;;;;AAAA,8CAAsB;AACtB,kFAA2E;AAC3E,oEAAiE;AACjE,sDAA0D;AAC1D,oFAAwE;AACxE,wDAAkD;AAIlD,MAAM,SAAS,GAAgC;IAC9C,aAAa,EAAE,YAAY;IAC3B,YAAY,EAAE,WAAW;IACzB,UAAU,EAAE,YAAY;CACxB,CAAC;AAaF;;;;;;;;;;GAUG;AACH,KAAK,UAAU,WAAW,CAAC,GAAuB;IACjD,yHAAyH;IACzH,IAAI,GAAG,CAAC,WAAW,KAAK,IAAI;QAAE,MAAM,IAAI,yBAAW,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IAE3E,MAAM,UAAU,GAAG,IAAA,uCAAgB,EAClC,GAAG,EACH,aAAG,CAAC,MAAM,CAAC;QACV,IAAI,EAAE,aAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC7B,CAAC,CACF,CAAC;IACF,IAAI,UAAU;QAAE,MAAM,IAAI,yBAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE1D,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC;IAErB,kBAAkB;IAClB,MAAM,QAAQ,GAAgB,SAAS,CAAC,IAAI,CAAC,CAAC;IAC9C,IAAI,QAAQ,EAAE,CAAC;QACd,MAAM,GAAG,GAAe,MAAM,IAAA,sCAAa,GAAE,CAAC;QAC9C,OAAO,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtB,CAAC;IAED,sBAAsB;IACtB,MAAM,WAAW,GAAG,IAAA,wBAAc,GAAE,CAAC;IACrC,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACzC,IAAI,UAAU,EAAE,CAAC;QAChB,OAAO,UAAU,CAAC;IACnB,CAAC;IAED,MAAM,IAAI,yBAAW,CAAC,eAAe,CAAC,CAAC;AACxC,CAAC;AAED,kBAAM,CAAC,iBAAiB,EAAE,CAAC;IAC1B,IAAI,EAAE,SAAS;IACf,OAAO,EAAE,WAAW;IACpB,UAAU,EAAE,KAAK;IACjB,gBAAgB,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC;CAChF,CAAC,CAAC"}