@matter/protocol 0.16.0-alpha.0-20251231-3f257a678 → 0.16.0-alpha.0-20260104-11833ec59
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/bdx/BdxProtocol.d.ts +1 -0
- package/dist/cjs/bdx/BdxProtocol.d.ts.map +1 -1
- package/dist/cjs/bdx/BdxProtocol.js +42 -26
- package/dist/cjs/bdx/BdxProtocol.js.map +1 -1
- package/dist/cjs/certificate/CertificateAuthority.d.ts +30 -9
- package/dist/cjs/certificate/CertificateAuthority.d.ts.map +1 -1
- package/dist/cjs/certificate/CertificateAuthority.js +27 -14
- package/dist/cjs/certificate/CertificateAuthority.js.map +1 -1
- package/dist/cjs/peer/PeerSet.js +1 -1
- package/dist/esm/bdx/BdxProtocol.d.ts +1 -0
- package/dist/esm/bdx/BdxProtocol.d.ts.map +1 -1
- package/dist/esm/bdx/BdxProtocol.js +42 -26
- package/dist/esm/bdx/BdxProtocol.js.map +1 -1
- package/dist/esm/certificate/CertificateAuthority.d.ts +30 -9
- package/dist/esm/certificate/CertificateAuthority.d.ts.map +1 -1
- package/dist/esm/certificate/CertificateAuthority.js +27 -14
- package/dist/esm/certificate/CertificateAuthority.js.map +1 -1
- package/dist/esm/peer/PeerSet.js +1 -1
- package/package.json +6 -6
- package/src/bdx/BdxProtocol.ts +47 -30
- package/src/certificate/CertificateAuthority.ts +63 -25
- package/src/peer/PeerSet.ts +1 -1
|
@@ -23,6 +23,7 @@ export declare class BdxProtocol implements ProtocolHandler {
|
|
|
23
23
|
disablePeerForScope(peer: PeerAddress, storage: ScopedStorage, force?: boolean): Promise<void>;
|
|
24
24
|
onNewExchange(exchange: MessageExchange, message: Message): Promise<void>;
|
|
25
25
|
close(): Promise<void>;
|
|
26
|
+
sessionFor(peerAddress: PeerAddress, scope: string): BdxSession | undefined;
|
|
26
27
|
}
|
|
27
28
|
export declare namespace BdxProtocol {
|
|
28
29
|
interface Config extends BdxSessionConfiguration.Config {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"BdxProtocol.d.ts","sourceRoot":"","sources":["../../../src/bdx/BdxProtocol.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,aAAa,EAAoC,UAAU,EAAE,MAAM,UAAU,CAAC;AAC9G,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAEnD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAG/D,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAEnD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AAKvE,4BAA4B;AAC5B,qBAAa,WAAY,YAAW,eAAe;;IAC/C,QAAQ,CAAC,EAAE,KAAmB;IAC9B,QAAQ,CAAC,qBAAqB,QAAQ;IAMtC,MAAM,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,WAAW;IAO9C,IAAI,cAAc,2DAEjB;IAED,IAAI,aAAa,2DAEhB;IASD,kBAAkB,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,CAAC,EAAE,WAAW,CAAC,MAAM;IAenF,mBAAmB,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,KAAK,UAAQ;IAiB5E,aAAa,CAAC,QAAQ,EAAE,eAAe,EAAE,OAAO,EAAE,OAAO;
|
|
1
|
+
{"version":3,"file":"BdxProtocol.d.ts","sourceRoot":"","sources":["../../../src/bdx/BdxProtocol.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,aAAa,EAAoC,UAAU,EAAE,MAAM,UAAU,CAAC;AAC9G,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAEnD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAG/D,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAEnD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AAKvE,4BAA4B;AAC5B,qBAAa,WAAY,YAAW,eAAe;;IAC/C,QAAQ,CAAC,EAAE,KAAmB;IAC9B,QAAQ,CAAC,qBAAqB,QAAQ;IAMtC,MAAM,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,WAAW;IAO9C,IAAI,cAAc,2DAEjB;IAED,IAAI,aAAa,2DAEhB;IASD,kBAAkB,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,CAAC,EAAE,WAAW,CAAC,MAAM;IAenF,mBAAmB,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,KAAK,UAAQ;IAiB5E,aAAa,CAAC,QAAQ,EAAE,eAAe,EAAE,OAAO,EAAE,OAAO;IAiFzD,KAAK;IAQX,UAAU,CAAC,WAAW,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM;CAQrD;AAED,yBAAiB,WAAW,CAAC;IACzB,UAAiB,MAAO,SAAQ,uBAAuB,CAAC,MAAM;QAC1D,cAAc,CAAC,EAAE,QAAQ,CAAC;KAC7B;CACJ"}
|
|
@@ -99,34 +99,42 @@ class BdxProtocol {
|
|
|
99
99
|
switch (initMessageType) {
|
|
100
100
|
case import_types.BdxMessageType.SendInit:
|
|
101
101
|
case import_types.BdxMessageType.ReceiveInit:
|
|
102
|
-
|
|
103
|
-
`Initialize Session for ${import_types.BdxMessageType[initMessageType]} message on BDX protocol for exchange ${exchange.id}`
|
|
104
|
-
);
|
|
105
|
-
await exchange.nextMessage();
|
|
106
|
-
const { payload } = message;
|
|
107
|
-
const initMessage = new import_BdxInitMessagesSchema.BdxInitMessageSchema().decode(payload);
|
|
108
|
-
const { fileDesignator: messageFileDesignator } = initMessage;
|
|
109
|
-
const fd = new import_FileDesignator.FileDesignator(messageFileDesignator);
|
|
110
|
-
const [storageScope, fileDesignator] = fd.text.split("/");
|
|
111
|
-
const { storage, config } = this.#peerScopes.get(this.#peerScopeKey(exchange.session.peerAddress, storageScope)) ?? {};
|
|
112
|
-
if (storage === void 0 || fileDesignator === void 0) {
|
|
113
|
-
throw new import_BdxError.BdxError(
|
|
114
|
-
`No storage context found for BDX file designator "${fd.text}"`,
|
|
115
|
-
import_types.BdxStatusCode.FileDesignatorUnknown
|
|
116
|
-
);
|
|
117
|
-
}
|
|
118
|
-
const messenger = new import_BdxMessenger.BdxMessenger(exchange, config?.messageTimeout);
|
|
119
|
-
const bdxSession = import_BdxSession.BdxSession.fromMessage(messenger, {
|
|
120
|
-
initMessageType,
|
|
121
|
-
initMessage,
|
|
122
|
-
fileDesignator: new import_PersistedFileDesignator.PersistedFileDesignator(fileDesignator, storage),
|
|
123
|
-
...config
|
|
124
|
-
});
|
|
125
|
-
await this.#registerSession(messenger, bdxSession, storageScope);
|
|
102
|
+
let messenger = void 0;
|
|
126
103
|
try {
|
|
127
|
-
|
|
104
|
+
logger.debug(
|
|
105
|
+
`Initialize Session for ${import_types.BdxMessageType[initMessageType]} message on BDX protocol for exchange ${exchange.id}`
|
|
106
|
+
);
|
|
107
|
+
await exchange.nextMessage();
|
|
108
|
+
const { payload } = message;
|
|
109
|
+
const initMessage = new import_BdxInitMessagesSchema.BdxInitMessageSchema().decode(payload);
|
|
110
|
+
const { fileDesignator: messageFileDesignator } = initMessage;
|
|
111
|
+
const fd = new import_FileDesignator.FileDesignator(messageFileDesignator);
|
|
112
|
+
const [storageScope, fileDesignator] = fd.text.split("/");
|
|
113
|
+
const { storage, config } = this.#peerScopes.get(this.#peerScopeKey(exchange.session.peerAddress, storageScope)) ?? {};
|
|
114
|
+
if (storage === void 0 || fileDesignator === void 0) {
|
|
115
|
+
throw new import_BdxError.BdxError(
|
|
116
|
+
`No storage context found for BDX file designator "${fd.text}"`,
|
|
117
|
+
import_types.BdxStatusCode.FileDesignatorUnknown
|
|
118
|
+
);
|
|
119
|
+
}
|
|
120
|
+
messenger = new import_BdxMessenger.BdxMessenger(exchange, config?.messageTimeout);
|
|
121
|
+
const bdxSession = import_BdxSession.BdxSession.fromMessage(messenger, {
|
|
122
|
+
initMessageType,
|
|
123
|
+
initMessage,
|
|
124
|
+
fileDesignator: new import_PersistedFileDesignator.PersistedFileDesignator(fileDesignator, storage),
|
|
125
|
+
...config
|
|
126
|
+
});
|
|
127
|
+
await this.#registerSession(messenger, bdxSession, storageScope);
|
|
128
|
+
try {
|
|
129
|
+
await bdxSession.processTransfer();
|
|
130
|
+
} catch (error) {
|
|
131
|
+
logger.error(`Error processing BDX transfer:`, error);
|
|
132
|
+
}
|
|
128
133
|
} catch (error) {
|
|
129
|
-
|
|
134
|
+
import_BdxError.BdxError.accept(error);
|
|
135
|
+
await (messenger ?? new import_BdxMessenger.BdxMessenger(exchange)).sendError(error.code);
|
|
136
|
+
logger.warn(`BDX session failed with error:`, error);
|
|
137
|
+
return;
|
|
130
138
|
}
|
|
131
139
|
break;
|
|
132
140
|
default:
|
|
@@ -160,5 +168,13 @@ class BdxProtocol {
|
|
|
160
168
|
}
|
|
161
169
|
this.#activeBdxSessions.clear();
|
|
162
170
|
}
|
|
171
|
+
sessionFor(peerAddress, scope) {
|
|
172
|
+
for (const { session, scope: activeScope } of this.#activeBdxSessions.values()) {
|
|
173
|
+
if (import_PeerAddress.PeerAddress.is(peerAddress, session.peerAddress) && activeScope === scope) {
|
|
174
|
+
return session;
|
|
175
|
+
}
|
|
176
|
+
}
|
|
177
|
+
return void 0;
|
|
178
|
+
}
|
|
163
179
|
}
|
|
164
180
|
//# sourceMappingURL=BdxProtocol.js.map
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/bdx/BdxProtocol.ts"],
|
|
4
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,sBAAyB;AACzB,4BAA+B;AAC/B,qCAAwC;AAExC,qBAAmG;AACnG,yBAA4B;AAC5B,6BAAgC;AAGhC,2BAA8B;AAC9B,mBAA+D;AAE/D,0BAA6B;AAC7B,wBAA2B;AAE3B,mCAAqC;AArBrC;AAAA;AAAA;AAAA;AAAA;AAuBA,MAAM,SAAS,sBAAO,IAAI,aAAa;AAGhC,MAAM,YAAuC;AAAA,EACvC,KAAK;AAAA,EACL,wBAAwB;AAAA,EACxB,qBAAqB,oBAAI,IAA6D;AAAA,EAC/F,cAAc,oBAAI,IAAwF;AAAA,EAC1G,sBAAkB,2BAAiD;AAAA,EACnE,qBAAiB,2BAAiD;AAAA,EAElE,QAAQ,6BAAc,MAAM,EAAE,KAAkB;AAC5C,UAAM,WAAW,IAAI,YAAY;AACjC,QAAI,IAAI,sCAAe,EAAE,mBAAmB,QAAQ;AACpD,QAAI,IAAI,aAAa,QAAQ;AAC7B,WAAO;AAAA,EACX;AAAA,EAEA,IAAI,iBAAiB;AACjB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gBAAgB;AAChB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,cAAc,MAAmB,OAAgB;AAC7C,QAAI,UAAU,QAAW;AACrB,YAAM,IAAI,2BAAY,sEAAsE;AAAA,IAChG;AACA,WAAO,GAAG,KAAK,SAAS,CAAC,IAAI,KAAK;AAAA,EACtC;AAAA,EAEA,mBAAmB,MAAmB,SAAwB,QAA6B;AACvF,UAAM,eAAe,KAAK,cAAc,MAAM,QAAQ,KAAK;AAC3D,UAAM,cAAc,KAAK,YAAY,IAAI,YAAY;AACrD,QAAI,gBAAgB,QAAW;AAC3B,YAAM,EAAE,SAAS,iBAAiB,QAAQ,eAAe,IAAI;AAC7D,aAAO,KAAK,QAAQ,MAAM,cAAc;AACxC,UAAI,oBAAoB,eAAW,4BAAY,QAAQ,cAAc,GAAG;AACpE,eAAO;AAAA,MACX;AAAA,IACJ,OAAO;AACH,WAAK,YAAY,IAAI,cAAc,EAAE,MAAM,SAAS,OAAO,CAAC;AAAA,IAChE;AACA,WAAO;AAAA,EACX;AAAA,EAEA,MAAM,oBAAoB,MAAmB,SAAwB,QAAQ,OAAO;AAChF,QAAI,KAAK,mBAAmB,OAAO,GAAG;AAClC,iBAAW,EAAE,SAAS,MAAM,KAAK,KAAK,mBAAmB,OAAO,GAAG;AAC/D,YAAI,QAAQ,UAAU,SAAS,+BAAY,GAAG,MAAM,QAAQ,WAAW,GAAG;AACtE,cAAI,OAAO;AACP,kBAAM,QAAQ,MAAM,IAAI,2BAAY,6BAA6B,CAAC;AAClE;AAAA,UACJ;AACA,gBAAM,IAAI;AAAA,YACN,gCAAgC,IAAI,aAAa,KAAK;AAAA,UAC1D;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AACA,SAAK,YAAY,OAAO,KAAK,cAAc,MAAM,QAAQ,KAAK,CAAC;AAAA,EACnE;AAAA,EAEA,MAAM,cAAc,UAA2B,SAAkB;AAC7D,UAAM,kBAAkB,QAAQ,cAAc;AAC9C,uCAAc,OAAO,SAAS,OAAO;AAErC,YAAQ,iBAAiB;AAAA,MACrB,KAAK,4BAAe;AAAA,MACpB,KAAK,4BAAe;AAChB,
|
|
4
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,sBAAyB;AACzB,4BAA+B;AAC/B,qCAAwC;AAExC,qBAAmG;AACnG,yBAA4B;AAC5B,6BAAgC;AAGhC,2BAA8B;AAC9B,mBAA+D;AAE/D,0BAA6B;AAC7B,wBAA2B;AAE3B,mCAAqC;AArBrC;AAAA;AAAA;AAAA;AAAA;AAuBA,MAAM,SAAS,sBAAO,IAAI,aAAa;AAGhC,MAAM,YAAuC;AAAA,EACvC,KAAK;AAAA,EACL,wBAAwB;AAAA,EACxB,qBAAqB,oBAAI,IAA6D;AAAA,EAC/F,cAAc,oBAAI,IAAwF;AAAA,EAC1G,sBAAkB,2BAAiD;AAAA,EACnE,qBAAiB,2BAAiD;AAAA,EAElE,QAAQ,6BAAc,MAAM,EAAE,KAAkB;AAC5C,UAAM,WAAW,IAAI,YAAY;AACjC,QAAI,IAAI,sCAAe,EAAE,mBAAmB,QAAQ;AACpD,QAAI,IAAI,aAAa,QAAQ;AAC7B,WAAO;AAAA,EACX;AAAA,EAEA,IAAI,iBAAiB;AACjB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gBAAgB;AAChB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,cAAc,MAAmB,OAAgB;AAC7C,QAAI,UAAU,QAAW;AACrB,YAAM,IAAI,2BAAY,sEAAsE;AAAA,IAChG;AACA,WAAO,GAAG,KAAK,SAAS,CAAC,IAAI,KAAK;AAAA,EACtC;AAAA,EAEA,mBAAmB,MAAmB,SAAwB,QAA6B;AACvF,UAAM,eAAe,KAAK,cAAc,MAAM,QAAQ,KAAK;AAC3D,UAAM,cAAc,KAAK,YAAY,IAAI,YAAY;AACrD,QAAI,gBAAgB,QAAW;AAC3B,YAAM,EAAE,SAAS,iBAAiB,QAAQ,eAAe,IAAI;AAC7D,aAAO,KAAK,QAAQ,MAAM,cAAc;AACxC,UAAI,oBAAoB,eAAW,4BAAY,QAAQ,cAAc,GAAG;AACpE,eAAO;AAAA,MACX;AAAA,IACJ,OAAO;AACH,WAAK,YAAY,IAAI,cAAc,EAAE,MAAM,SAAS,OAAO,CAAC;AAAA,IAChE;AACA,WAAO;AAAA,EACX;AAAA,EAEA,MAAM,oBAAoB,MAAmB,SAAwB,QAAQ,OAAO;AAChF,QAAI,KAAK,mBAAmB,OAAO,GAAG;AAClC,iBAAW,EAAE,SAAS,MAAM,KAAK,KAAK,mBAAmB,OAAO,GAAG;AAC/D,YAAI,QAAQ,UAAU,SAAS,+BAAY,GAAG,MAAM,QAAQ,WAAW,GAAG;AACtE,cAAI,OAAO;AACP,kBAAM,QAAQ,MAAM,IAAI,2BAAY,6BAA6B,CAAC;AAClE;AAAA,UACJ;AACA,gBAAM,IAAI;AAAA,YACN,gCAAgC,IAAI,aAAa,KAAK;AAAA,UAC1D;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AACA,SAAK,YAAY,OAAO,KAAK,cAAc,MAAM,QAAQ,KAAK,CAAC;AAAA,EACnE;AAAA,EAEA,MAAM,cAAc,UAA2B,SAAkB;AAC7D,UAAM,kBAAkB,QAAQ,cAAc;AAC9C,uCAAc,OAAO,SAAS,OAAO;AAErC,YAAQ,iBAAiB;AAAA,MACrB,KAAK,4BAAe;AAAA,MACpB,KAAK,4BAAe;AAChB,YAAI,YAAsC;AAC1C,YAAI;AACA,iBAAO;AAAA,YACH,0BAA0B,4BAAe,eAAe,CAAC,yCAAyC,SAAS,EAAE;AAAA,UACjH;AACA,gBAAM,SAAS,YAAY;AAE3B,gBAAM,EAAE,QAAQ,IAAI;AAEpB,gBAAM,cAAc,IAAI,kDAAqB,EAAE,OAAO,OAAO;AAC7D,gBAAM,EAAE,gBAAgB,sBAAsB,IAAI;AAClD,gBAAM,KAAK,IAAI,qCAAe,qBAAqB;AACnD,gBAAM,CAAC,cAAc,cAAc,IAAI,GAAG,KAAK,MAAM,GAAG;AACxD,gBAAM,EAAE,SAAS,OAAO,IACpB,KAAK,YAAY,IAAI,KAAK,cAAc,SAAS,QAAQ,aAAa,YAAY,CAAC,KAAK,CAAC;AAC7F,cAAI,YAAY,UAAa,mBAAmB,QAAW;AACvD,kBAAM,IAAI;AAAA,cACN,qDAAqD,GAAG,IAAI;AAAA,cAC5D,2BAAc;AAAA,YAClB;AAAA,UACJ;AAEA,sBAAY,IAAI,iCAAa,UAAU,QAAQ,cAAc;AAE7D,gBAAM,aAAa,6BAAW,YAAY,WAAW;AAAA,YACjD;AAAA,YACA;AAAA,YACA,gBAAgB,IAAI,uDAAwB,gBAAgB,OAAO;AAAA,YACnE,GAAG;AAAA,UACP,CAAC;AACD,gBAAM,KAAK,iBAAiB,WAAW,YAAY,YAAY;AAE/D,cAAI;AACA,kBAAM,WAAW,gBAAgB;AAAA,UACrC,SAAS,OAAO;AACZ,mBAAO,MAAM,kCAAkC,KAAK;AAAA,UACxD;AAAA,QACJ,SAAS,OAAO;AACZ,mCAAS,OAAO,KAAK;AACrB,iBAAO,aAAa,IAAI,iCAAa,QAAQ,GAAG,UAAU,MAAM,IAAI;AAEpE,iBAAO,KAAK,kCAAkC,KAAK;AACnD;AAAA,QACJ;AACA;AAAA,MACJ;AACI,eAAO;AAAA,UACH,+BAA+B,4BAAe,eAAe,CAAC,oBAAoB,SAAS,EAAE;AAAA,QACjG;AACA,cAAM,IAAI,iCAAa,QAAQ,EAAE,UAAU,2BAAc,iBAAiB;AAAA,IAClF;AAAA,EACJ;AAAA;AAAA,EAGA,MAAM,iBAAiB,WAAyB,YAAwB,OAAe;AACnF,UAAM,WAAW,UAAU;AAC3B,QAAI,KAAK,mBAAmB,IAAI,QAAQ,GAAG;AACvC,aAAO,KAAK,4BAA4B,SAAS,EAAE,gCAAgC;AACnF,YAAM,UAAU,UAAU,2BAAc,iBAAiB;AACzD;AAAA,IACJ;AACA,SAAK,mBAAmB,IAAI,UAAU,EAAE,SAAS,YAAY,MAAM,CAAC;AAEpE,SAAK,gBAAgB,KAAK,YAAY,KAAK;AAE3C,eAAW,OAAO,GAAG,YAAY;AAC7B,aAAO,MAAM,4BAA4B,SAAS,EAAE,SAAS;AAC7D,WAAK,mBAAmB,OAAO,QAAQ;AACvC,YAAM,SAAS,MAAM;AAErB,WAAK,eAAe,KAAK,YAAY,KAAK;AAAA,IAC9C,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,QAAQ;AACV,WAAO,MAAM,qCAAqC,KAAK,mBAAmB,IAAI,kBAAkB;AAChG,eAAW,EAAE,QAAQ,KAAK,KAAK,mBAAmB,OAAO,GAAG;AACxD,YAAM,QAAQ,MAAM,IAAI,2BAAY,6BAA6B,CAAC;AAAA,IACtE;AACA,SAAK,mBAAmB,MAAM;AAAA,EAClC;AAAA,EAEA,WAAW,aAA0B,OAAe;AAChD,eAAW,EAAE,SAAS,OAAO,YAAY,KAAK,KAAK,mBAAmB,OAAO,GAAG;AAC5E,UAAI,+BAAY,GAAG,aAAa,QAAQ,WAAW,KAAK,gBAAgB,OAAO;AAC3E,eAAO;AAAA,MACX;AAAA,IACJ;AACA,WAAO;AAAA,EACX;AACJ;",
|
|
5
5
|
"names": []
|
|
6
6
|
}
|
|
@@ -11,9 +11,6 @@ import { CaseAuthenticatedTag, FabricId, NodeId } from "#types";
|
|
|
11
11
|
* Supports optional Intermediate Certificate Authority (ICAC) for 3-tier PKI hierarchy.
|
|
12
12
|
* When ICAC is enabled, the certificate chain becomes: RCAC -> ICAC -> NOC instead of RCAC -> NOC.
|
|
13
13
|
*
|
|
14
|
-
* Configuration:
|
|
15
|
-
* - intermediateCert: Enable/disable ICAC generation. Defaults to false (2-tier PKI).
|
|
16
|
-
*
|
|
17
14
|
* Behavior:
|
|
18
15
|
* - When ICAC exists, it is always used to sign NOCs (operational certificates)
|
|
19
16
|
* - When no ICAC exists, the root certificate signs NOCs directly
|
|
@@ -52,16 +49,40 @@ export declare class CertificateAuthority {
|
|
|
52
49
|
generateNoc(publicKey: Bytes, fabricId: FabricId, nodeId: NodeId, caseAuthenticatedTags?: CaseAuthenticatedTag[]): Promise<AllowSharedBufferSource>;
|
|
53
50
|
}
|
|
54
51
|
export declare namespace CertificateAuthority {
|
|
55
|
-
|
|
52
|
+
/** Base configuration fields shared by both 2-tier and 3-tier PKI */
|
|
53
|
+
type ConfigurationBase = {
|
|
56
54
|
rootCertId: bigint;
|
|
57
|
-
rootKeyPair: BinaryKeyPair;
|
|
58
55
|
rootKeyIdentifier: Bytes;
|
|
59
56
|
rootCertBytes: Bytes;
|
|
60
57
|
nextCertificateId: bigint;
|
|
61
|
-
icacCertId?: bigint;
|
|
62
|
-
icacKeyPair?: BinaryKeyPair;
|
|
63
|
-
icacKeyIdentifier?: Bytes;
|
|
64
|
-
icacCertBytes?: Bytes;
|
|
65
58
|
};
|
|
59
|
+
/**
|
|
60
|
+
* Configuration for 2-tier PKI (RCAC -> NOC).
|
|
61
|
+
* rootKeyPair is REQUIRED since RCAC signs NOCs directly.
|
|
62
|
+
*/
|
|
63
|
+
export type ConfigurationWithoutIcac = ConfigurationBase & {
|
|
64
|
+
rootKeyPair: BinaryKeyPair;
|
|
65
|
+
};
|
|
66
|
+
/**
|
|
67
|
+
* Configuration for 3-tier PKI (RCAC -> ICAC -> NOC).
|
|
68
|
+
* rootKeyPair is OPTIONAL since ICAC signs NOCs, not RCAC.
|
|
69
|
+
* This allows controllers to operate without access to the RCAC private key.
|
|
70
|
+
*/
|
|
71
|
+
export type ConfigurationWithIcac = ConfigurationBase & {
|
|
72
|
+
rootKeyPair?: BinaryKeyPair;
|
|
73
|
+
icacCertId: bigint;
|
|
74
|
+
icacKeyPair: BinaryKeyPair;
|
|
75
|
+
icacKeyIdentifier: Bytes;
|
|
76
|
+
icacCertBytes: Bytes;
|
|
77
|
+
};
|
|
78
|
+
/**
|
|
79
|
+
* Configuration for CertificateAuthority with external certificates.
|
|
80
|
+
*
|
|
81
|
+
* When using ICAC (3-tier PKI), the rootKeyPair can be omitted since NOCs are signed
|
|
82
|
+
* by the ICAC, not the RCAC. This allows controllers to operate without access to
|
|
83
|
+
* the RCAC private key.
|
|
84
|
+
*/
|
|
85
|
+
export type Configuration = ConfigurationWithoutIcac | ConfigurationWithIcac;
|
|
86
|
+
export {};
|
|
66
87
|
}
|
|
67
88
|
//# sourceMappingURL=CertificateAuthority.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CertificateAuthority.d.ts","sourceRoot":"","sources":["../../../src/certificate/CertificateAuthority.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACH,aAAa,EACb,KAAK,EACL,YAAY,EACZ,MAAM,EACN,WAAW,EACX,aAAa,EAKb,cAAc,EAKjB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAQhE
|
|
1
|
+
{"version":3,"file":"CertificateAuthority.d.ts","sourceRoot":"","sources":["../../../src/certificate/CertificateAuthority.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACH,aAAa,EACb,KAAK,EACL,YAAY,EACZ,MAAM,EACN,WAAW,EACX,aAAa,EAKb,cAAc,EAKjB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAQhE;;;;;;;;;;;;;;GAcG;AACH,qBAAa,oBAAoB;;IAU7B,IAAI,MAAM,WAET;IAED,IAAI,YAAY,uCAEf;IAED;;;;;OAKG;IACH,MAAM,CAAC,MAAM,CACT,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,cAAc,EACvB,wBAAwB,CAAC,EAAE,OAAO,GACnC,OAAO,CAAC,oBAAoB,CAAC;IAEhC;;;OAGG;IACH,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,oBAAoB,CAAC,aAAa,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAEzG;;;OAGG;IACH,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,wBAAwB,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC;gBAW5F,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,cAAc,GAAG,oBAAoB,CAAC,aAAa,GAAG,OAAO,EACvE,wBAAwB,CAAC,EAAE,OAAO;IA6CtC,MAAM,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,WAAW;IAO9C,IAAI,QAAQ,IAAI,KAAK,CAEpB;IAED,IAAI,QAAQ,IAAI,KAAK,GAAG,SAAS,CAKhC;IAED,IAAI,MAAM,IAAI,oBAAoB,CAAC,aAAa,CAkB/C;IAgEK,WAAW,CACb,SAAS,EAAE,KAAK,EAChB,QAAQ,EAAE,QAAQ,EAClB,MAAM,EAAE,MAAM,EACd,qBAAqB,CAAC,EAAE,oBAAoB,EAAE;CAkJrD;AASD,yBAAiB,oBAAoB,CAAC;IAClC,qEAAqE;IACrE,KAAK,iBAAiB,GAAG;QACrB,UAAU,EAAE,MAAM,CAAC;QACnB,iBAAiB,EAAE,KAAK,CAAC;QACzB,aAAa,EAAE,KAAK,CAAC;QACrB,iBAAiB,EAAE,MAAM,CAAC;KAC7B,CAAC;IAEF;;;OAGG;IACH,MAAM,MAAM,wBAAwB,GAAG,iBAAiB,GAAG;QACvD,WAAW,EAAE,aAAa,CAAC;KAC9B,CAAC;IAEF;;;;OAIG;IACH,MAAM,MAAM,qBAAqB,GAAG,iBAAiB,GAAG;QACpD,WAAW,CAAC,EAAE,aAAa,CAAC;QAC5B,UAAU,EAAE,MAAM,CAAC;QACnB,WAAW,EAAE,aAAa,CAAC;QAC3B,iBAAiB,EAAE,KAAK,CAAC;QACzB,aAAa,EAAE,KAAK,CAAC;KACxB,CAAC;IAEF;;;;;;OAMG;IACH,MAAM,MAAM,aAAa,GAAG,wBAAwB,GAAG,qBAAqB,CAAC;;CAChF"}
|
|
@@ -101,16 +101,19 @@ class CertificateAuthority {
|
|
|
101
101
|
get config() {
|
|
102
102
|
return {
|
|
103
103
|
rootCertId: this.#rootCertId,
|
|
104
|
-
rootKeyPair: this.construction.assert("root key pair", this.#rootKeyPair).keyPair,
|
|
105
104
|
rootKeyIdentifier: this.construction.assert("root key identifier", this.#rootKeyIdentifier),
|
|
106
105
|
rootCertBytes: this.construction.assert("root cert bytes", this.#rootCertBytes),
|
|
107
106
|
nextCertificateId: this.#nextCertificateId,
|
|
108
107
|
...this.#icacProps !== void 0 ? {
|
|
108
|
+
rootKeyPair: this.#rootKeyPair?.keyPair,
|
|
109
|
+
// rootKeyPair is optional when using ICAC
|
|
109
110
|
icacCertId: this.#icacProps.certId,
|
|
110
111
|
icacKeyPair: this.construction.assert("icac key pair", this.#icacProps.keyPair).keyPair,
|
|
111
112
|
icacKeyIdentifier: this.construction.assert("icac key identifier", this.#icacProps.keyIdentifier),
|
|
112
113
|
icacCertBytes: this.construction.assert("icac cert bytes", this.#icacProps.certBytes)
|
|
113
|
-
} : {
|
|
114
|
+
} : {
|
|
115
|
+
rootKeyPair: this.construction.assert("root key pair", this.#rootKeyPair).keyPair
|
|
116
|
+
}
|
|
114
117
|
};
|
|
115
118
|
}
|
|
116
119
|
async #generateRootCert() {
|
|
@@ -211,14 +214,16 @@ class CertificateAuthority {
|
|
|
211
214
|
return this.#rootKeyIdentifier;
|
|
212
215
|
}
|
|
213
216
|
#isValidStoredRootCertificate(certValues) {
|
|
214
|
-
return (typeof certValues.rootCertId === "number" || typeof certValues.rootCertId === "bigint") && (import_general.Bytes.isBytes(certValues.rootKeyPair) || typeof certValues.rootKeyPair === "object") && import_general.Bytes.isBytes(certValues.rootKeyIdentifier) && import_general.Bytes.isBytes(certValues.rootCertBytes) && (typeof certValues.nextCertificateId === "number" || typeof certValues.nextCertificateId === "bigint");
|
|
217
|
+
return (typeof certValues.rootCertId === "number" || typeof certValues.rootCertId === "bigint") && (certValues.rootKeyPair === void 0 || import_general.Bytes.isBytes(certValues.rootKeyPair) || typeof certValues.rootKeyPair === "object") && import_general.Bytes.isBytes(certValues.rootKeyIdentifier) && import_general.Bytes.isBytes(certValues.rootCertBytes) && (typeof certValues.nextCertificateId === "number" || typeof certValues.nextCertificateId === "bigint");
|
|
215
218
|
}
|
|
216
219
|
#isValidStoredIcacCertificate(certValues) {
|
|
217
220
|
return (typeof certValues.icacCertId === "number" || typeof certValues.icacCertId === "bigint") && (import_general.Bytes.isBytes(certValues.icacKeyPair) || typeof certValues.icacKeyPair === "object") && import_general.Bytes.isBytes(certValues.icacKeyIdentifier) && import_general.Bytes.isBytes(certValues.icacCertBytes);
|
|
218
221
|
}
|
|
219
222
|
#loadFromStorage(certValues, requireIcac) {
|
|
220
223
|
this.#rootCertId = BigInt(certValues.rootCertId);
|
|
221
|
-
|
|
224
|
+
if (certValues.rootKeyPair !== void 0) {
|
|
225
|
+
this.#rootKeyPair = (0, import_general.PrivateKey)(certValues.rootKeyPair);
|
|
226
|
+
}
|
|
222
227
|
this.#rootKeyIdentifier = certValues.rootKeyIdentifier;
|
|
223
228
|
this.#rootCertBytes = certValues.rootCertBytes;
|
|
224
229
|
this.#nextCertificateId = BigInt(certValues.nextCertificateId);
|
|
@@ -235,23 +240,31 @@ class CertificateAuthority {
|
|
|
235
240
|
keyIdentifier: certValues.icacKeyIdentifier,
|
|
236
241
|
certBytes: certValues.icacCertBytes
|
|
237
242
|
};
|
|
243
|
+
} else {
|
|
244
|
+
if (this.#rootKeyPair === void 0) {
|
|
245
|
+
throw new import_general.ImplementationError(
|
|
246
|
+
"rootKeyPair is required when not using ICAC (2-tier PKI requires RCAC private key to sign NOCs)"
|
|
247
|
+
);
|
|
248
|
+
}
|
|
238
249
|
}
|
|
239
250
|
}
|
|
240
251
|
#buildStorageData() {
|
|
241
|
-
|
|
252
|
+
return {
|
|
242
253
|
rootCertId: this.#rootCertId,
|
|
243
|
-
rootKeyPair: this.#initializedRootKeyPair.keyPair,
|
|
244
254
|
rootKeyIdentifier: this.#initializedRootKeyIdentifier,
|
|
245
255
|
rootCertBytes: this.#initializedRootCertBytes,
|
|
246
|
-
nextCertificateId: this.#nextCertificateId
|
|
256
|
+
nextCertificateId: this.#nextCertificateId,
|
|
257
|
+
...this.#icacProps ? {
|
|
258
|
+
rootKeyPair: this.#rootKeyPair?.keyPair,
|
|
259
|
+
// rootKeyPair is optional when using ICAC
|
|
260
|
+
icacCertId: this.#icacProps.certId,
|
|
261
|
+
icacKeyPair: this.#icacProps.keyPair.keyPair,
|
|
262
|
+
icacKeyIdentifier: this.#icacProps.keyIdentifier,
|
|
263
|
+
icacCertBytes: this.#icacProps.certBytes
|
|
264
|
+
} : {
|
|
265
|
+
rootKeyPair: this.#initializedRootKeyPair.keyPair
|
|
266
|
+
}
|
|
247
267
|
};
|
|
248
|
-
if (this.#icacProps) {
|
|
249
|
-
data.icacCertId = this.#icacProps.certId;
|
|
250
|
-
data.icacKeyPair = this.#icacProps.keyPair.keyPair;
|
|
251
|
-
data.icacKeyIdentifier = this.#icacProps.keyIdentifier;
|
|
252
|
-
data.icacCertBytes = this.#icacProps.certBytes;
|
|
253
|
-
}
|
|
254
|
-
return data;
|
|
255
268
|
}
|
|
256
269
|
#getSigningParameters() {
|
|
257
270
|
if (this.#icacProps) {
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/certificate/CertificateAuthority.ts"],
|
|
4
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,qBAgBO;AAEP,iBAA+B;AAC/B,kBAAqB;AACrB,iBAAoB;AACpB,kBAAqB;AA3BrB;AAAA;AAAA;AAAA;AAAA;AA6BA,MAAM,SAAS,sBAAO,IAAI,sBAAsB;
|
|
4
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,qBAgBO;AAEP,iBAA+B;AAC/B,kBAAqB;AACrB,iBAAoB;AACpB,kBAAqB;AA3BrB;AAAA;AAAA;AAAA;AAAA;AA6BA,MAAM,SAAS,sBAAO,IAAI,sBAAsB;AAiBzC,MAAM,qBAAqB;AAAA,EAC9B;AAAA,EACA,cAAc,OAAO,CAAC;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AAAA,EACA,qBAAqB,OAAO,CAAC;AAAA,EAC7B;AAAA,EACA;AAAA,EAEA,IAAI,SAAS;AACT,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,eAAe;AACf,WAAO,KAAK;AAAA,EAChB;AAAA,EA0BA,aAAa,OACT,QACA,SACA,0BACF;AACE,eAAO,yBAAS,sBAAsB,QAAQ,SAAS,wBAAwB;AAAA,EACnF;AAAA,EAEA,YACI,QACA,SACA,0BACF;AACE,SAAK,UAAU;AAEf,SAAK,oBAAgB,6BAAa,MAAM,YAAY;AAChD,UAAI,OAAO,YAAY,WAAW;AAC9B,mCAA2B;AAC3B,kBAAU;AAAA,MACd;AAEA,YAAM,aAAa,mBAAmB,gCAAiB,MAAM,QAAQ,OAAO,IAAK,WAAW,CAAC;AAI7F,YAAM,cAAc,4BAA4B,KAAK,8BAA8B,UAAU;AAE7F,UAAI,KAAK,8BAA8B,UAAU,GAAG;AAChD,aAAK,iBAAiB,YAAY,WAAW;AAC7C,eAAO;AAAA,UACH,qCAAqC,KAAK,WAAW,GAAG,KAAK,eAAe,SAAY,qBAAqB,KAAK,WAAW,MAAM,KAAK,EAAE;AAAA,QAC9I;AACA;AAAA,MACJ;AAEA,WAAK,eAAe,MAAM,KAAK,QAAQ,cAAc;AACrD,WAAK,qBAAqB,qBAAM,GAAG,MAAM,KAAK,QAAQ,YAAY,KAAK,aAAa,SAAS,CAAC,EAAE;AAAA,QAC5F;AAAA,QACA;AAAA,MACJ;AACA,WAAK,iBAAiB,MAAM,KAAK,kBAAkB;AAEnD,UAAI,aAAa;AACb,aAAK,aAAa,MAAM,KAAK,mBAAmB;AAAA,MACpD;AAEA,aAAO;AAAA,QACH,mCAAmC,KAAK,WAAW,GAAG,KAAK,eAAe,SAAY,qBAAqB,KAAK,WAAW,MAAM,KAAK,EAAE;AAAA,MAC5I;AAEA,UAAI,mBAAmB,+BAAgB;AACnC,cAAM,QAAQ,IAAI,KAAK,kBAAkB,CAAC;AAAA,MAC9C;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,QAAQ,6BAAc,MAAM,EAAE,KAAkB;AAC5C,UAAM,UAAU,IAAI,IAAI,6BAAc,EAAE,cAAc,cAAc;AACpE,UAAM,WAAW,IAAI,qBAAqB,IAAI,IAAI,qBAAM,GAAG,OAAO;AAClE,QAAI,IAAI,sBAAsB,QAAQ;AACtC,WAAO;AAAA,EACX;AAAA,EAEA,IAAI,WAAkB;AAClB,WAAO,KAAK,cAAc,OAAO,aAAa,KAAK,cAAc;AAAA,EACrE;AAAA,EAEA,IAAI,WAA8B;AAC9B,QAAI,CAAC,KAAK,YAAY;AAClB,aAAO;AAAA,IACX;AACA,WAAO,KAAK,cAAc,OAAO,aAAa,KAAK,WAAW,SAAS;AAAA,EAC3E;AAAA,EAEA,IAAI,SAA6C;AAC7C,WAAO;AAAA,MACH,YAAY,KAAK;AAAA,MACjB,mBAAmB,KAAK,aAAa,OAAO,uBAAuB,KAAK,kBAAkB;AAAA,MAC1F,eAAe,KAAK,aAAa,OAAO,mBAAmB,KAAK,cAAc;AAAA,MAC9E,mBAAmB,KAAK;AAAA,MACxB,GAAI,KAAK,eAAe,SAClB;AAAA,QACI,aAAa,KAAK,cAAc;AAAA;AAAA,QAChC,YAAY,KAAK,WAAW;AAAA,QAC5B,aAAa,KAAK,aAAa,OAAO,iBAAiB,KAAK,WAAW,OAAO,EAAE;AAAA,QAChF,mBAAmB,KAAK,aAAa,OAAO,uBAAuB,KAAK,WAAW,aAAa;AAAA,QAChG,eAAe,KAAK,aAAa,OAAO,mBAAmB,KAAK,WAAW,SAAS;AAAA,MACxF,IACA;AAAA,QACI,aAAa,KAAK,aAAa,OAAO,iBAAiB,KAAK,YAAY,EAAE;AAAA,MAC9E;AAAA,IACV;AAAA,EACJ;AAAA,EAEA,MAAM,oBAAoB;AACtB,UAAM,MAAM,oBAAK;AACjB,UAAM,OAAO,IAAI,iBAAK;AAAA,MAClB,cAAc,qBAAM,YAAQ,sBAAM,KAAK,WAAW,CAAC;AAAA,MACnD,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,MACpB,yBAAyB;AAAA,MACzB,QAAQ,EAAE,QAAQ,KAAK,YAAY;AAAA,MACnC,eAAW,2BAAe,KAAK,EAAE;AAAA,MACjC,cAAU,2BAAe,KAAK,EAAE;AAAA,MAChC,SAAS,EAAE,QAAQ,KAAK,YAAY;AAAA,MACpC,wBAAwB,KAAK,wBAAwB;AAAA,MACrD,YAAY;AAAA,QACR,kBAAkB,EAAE,MAAM,KAAK;AAAA,QAC/B,UAAU;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACb;AAAA,QACA,sBAAsB,KAAK;AAAA,QAC3B,wBAAwB,KAAK;AAAA,MACjC;AAAA,IACJ,CAAC;AACD,UAAM,KAAK,KAAK,KAAK,SAAS,KAAK,uBAAuB;AAC1D,WAAO,KAAK,YAAY;AAAA,EAC5B;AAAA,EAEA,MAAM,qBAAyC;AAC3C,UAAM,SAAS,KAAK;AACpB,UAAM,UAAU,MAAM,KAAK,QAAQ,cAAc;AACjD,UAAM,gBAAgB,qBAAM,GAAG,MAAM,KAAK,QAAQ,YAAY,QAAQ,SAAS,CAAC,EAAE,MAAM,GAAG,EAAE;AAE7F,UAAM,MAAM,oBAAK;AACjB,UAAM,OAAO,IAAI,iBAAK;AAAA,MAClB,cAAc,qBAAM,YAAQ,sBAAM,MAAM,CAAC;AAAA,MACzC,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,MACpB,yBAAyB;AAAA,MACzB,QAAQ,EAAE,QAAQ,KAAK,YAAY;AAAA,MACnC,eAAW,2BAAe,KAAK,EAAE;AAAA,MACjC,cAAU,2BAAe,KAAK,EAAE;AAAA,MAChC,SAAS,EAAE,QAAQ,OAAO;AAAA,MAC1B,wBAAwB,QAAQ;AAAA,MAChC,YAAY;AAAA,QACR,kBAAkB,EAAE,MAAM,KAAK;AAAA,QAC/B,UAAU;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACb;AAAA,QACA,sBAAsB;AAAA,QACtB,wBAAwB,KAAK;AAAA,MACjC;AAAA,IACJ,CAAC;AACD,UAAM,KAAK,KAAK,KAAK,SAAS,KAAK,uBAAuB;AAE1D,WAAO;AAAA,MACH;AAAA,MACA;AAAA,MACA;AAAA,MACA,WAAW,KAAK,YAAY;AAAA,IAChC;AAAA,EACJ;AAAA,EAEA,MAAM,YACF,WACA,UACA,QACA,uBACF;AACE,UAAM,MAAM,oBAAK;AACjB,UAAM,SAAS,KAAK;AAEpB,UAAM,EAAE,QAAQ,YAAY,eAAe,IAAI,KAAK,sBAAsB;AAE1E,UAAM,OAAO,IAAI,eAAI;AAAA,MACjB,cAAc,qBAAM,YAAQ,sBAAM,MAAM,CAAC;AAAA,MACzC,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,MACpB,yBAAyB;AAAA,MACzB;AAAA,MACA,eAAW,2BAAe,KAAK,EAAE;AAAA,MACjC,cAAU,2BAAe,KAAK,EAAE;AAAA,MAChC,SAAS,EAAE,UAAU,QAAQ,sBAAsB;AAAA,MACnD,wBAAwB;AAAA,MACxB,YAAY;AAAA,QACR,kBAAkB,EAAE,MAAM,MAAM;AAAA,QAChC,UAAU;AAAA,UACN,kBAAkB;AAAA,QACtB;AAAA,QACA,kBAAkB,CAAC,GAAG,CAAC;AAAA,QACvB,sBAAsB,qBAAM,GAAG,MAAM,KAAK,QAAQ,YAAY,SAAS,CAAC,EAAE,MAAM,GAAG,EAAE;AAAA,QACrF,wBAAwB;AAAA,MAC5B;AAAA,IACJ,CAAC;AACD,UAAM,KAAK,KAAK,KAAK,SAAS,UAAU;AACxC,WAAO,KAAK,YAAY;AAAA,EAC5B;AAAA,EAEA,IAAI,0BAA0B;AAC1B,QAAI,KAAK,iBAAiB,QAAW;AACjC,YAAM,IAAI,6BAAc,iCAAiC;AAAA,IAC7D;AACA,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gCAAgC;AAChC,QAAI,KAAK,uBAAuB,QAAW;AACvC,YAAM,IAAI,6BAAc,oCAAoC;AAAA,IAChE;AACA,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,8BAA8B,YAA8C;AACxE,YACK,OAAO,WAAW,eAAe,YAAY,OAAO,WAAW,eAAe,cAC9E,WAAW,gBAAgB,UACxB,qBAAM,QAAQ,WAAW,WAAW,KACpC,OAAO,WAAW,gBAAgB,aACtC,qBAAM,QAAQ,WAAW,iBAAiB,KAC1C,qBAAM,QAAQ,WAAW,aAAa,MACrC,OAAO,WAAW,sBAAsB,YAAY,OAAO,WAAW,sBAAsB;AAAA,EAErG;AAAA,EAEA,8BAA8B,YAA8C;AACxE,YACK,OAAO,WAAW,eAAe,YAAY,OAAO,WAAW,eAAe,cAC9E,qBAAM,QAAQ,WAAW,WAAW,KAAK,OAAO,WAAW,gBAAgB,aAC5E,qBAAM,QAAQ,WAAW,iBAAiB,KAC1C,qBAAM,QAAQ,WAAW,aAAa;AAAA,EAE9C;AAAA,EAEA,iBAAiB,YAAqC,aAA6B;AAC/E,SAAK,cAAc,OAAO,WAAW,UAA6B;AAClE,QAAI,WAAW,gBAAgB,QAAW;AAEtC,WAAK,mBAAe,2BAAW,WAAW,WAA4B;AAAA,IAC1E;AACA,SAAK,qBAAqB,WAAW;AACrC,SAAK,iBAAiB,WAAW;AACjC,SAAK,qBAAqB,OAAO,WAAW,iBAAoC;AAEhF,UAAM,UAAU,KAAK,8BAA8B,UAAU;AAC7D,QAAI,gBAAgB,UAAa,gBAAgB,SAAS;AACtD,YAAM,IAAI;AAAA,QACN,gDAAgD,OAAO,yCAAyC,WAAW;AAAA,MAC/G;AAAA,IACJ;AAEA,QAAI,SAAS;AACT,WAAK,aAAa;AAAA,QACd,QAAQ,OAAO,WAAW,UAA6B;AAAA,QACvD,aAAS,2BAAW,WAAW,WAA4B;AAAA,QAC3D,eAAe,WAAW;AAAA,QAC1B,WAAW,WAAW;AAAA,MAC1B;AAAA,IACJ,OAAO;AAEH,UAAI,KAAK,iBAAiB,QAAW;AACjC,cAAM,IAAI;AAAA,UACN;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ;AAAA,EAEA,oBAAwD;AACpD,WAAO;AAAA,MACH,YAAY,KAAK;AAAA,MACjB,mBAAmB,KAAK;AAAA,MACxB,eAAe,KAAK;AAAA,MACpB,mBAAmB,KAAK;AAAA,MACxB,GAAI,KAAK,aACH;AAAA,QACI,aAAa,KAAK,cAAc;AAAA;AAAA,QAChC,YAAY,KAAK,WAAW;AAAA,QAC5B,aAAa,KAAK,WAAW,QAAQ;AAAA,QACrC,mBAAmB,KAAK,WAAW;AAAA,QACnC,eAAe,KAAK,WAAW;AAAA,MACnC,IACA;AAAA,QACI,aAAa,KAAK,wBAAwB;AAAA,MAC9C;AAAA,IACV;AAAA,EACJ;AAAA,EAEA,wBAIE;AACE,QAAI,KAAK,YAAY;AACjB,aAAO;AAAA,QACH,QAAQ,EAAE,QAAQ,KAAK,WAAW,OAAO;AAAA,QACzC,YAAY,KAAK,WAAW;AAAA,QAC5B,gBAAgB,KAAK,WAAW;AAAA,MACpC;AAAA,IACJ;AAEA,WAAO;AAAA,MACH,QAAQ,EAAE,QAAQ,KAAK,YAAY;AAAA,MACnC,YAAY,KAAK;AAAA,MACjB,gBAAgB,KAAK;AAAA,IACzB;AAAA,EACJ;AAAA,EAEA,IAAI,4BAA4B;AAC5B,QAAI,KAAK,mBAAmB,QAAW;AACnC,YAAM,IAAI,6BAAc,mCAAmC;AAAA,IAC/D;AACA,WAAO,KAAK;AAAA,EAChB;AACJ;",
|
|
5
5
|
"names": []
|
|
6
6
|
}
|
package/dist/cjs/peer/PeerSet.js
CHANGED
|
@@ -553,7 +553,7 @@ class PeerSet {
|
|
|
553
553
|
};
|
|
554
554
|
const unsecuredSession = this.#sessions.createUnsecuredSession({
|
|
555
555
|
channel: operationalChannel,
|
|
556
|
-
// Use the session parameters from MDNS announcements when available and rest is assumed to be fall
|
|
556
|
+
// Use the session parameters from MDNS announcements when available and rest is assumed to be fall-backs
|
|
557
557
|
sessionParameters: mergedSessionParameters,
|
|
558
558
|
isInitiator: true
|
|
559
559
|
});
|
|
@@ -23,6 +23,7 @@ export declare class BdxProtocol implements ProtocolHandler {
|
|
|
23
23
|
disablePeerForScope(peer: PeerAddress, storage: ScopedStorage, force?: boolean): Promise<void>;
|
|
24
24
|
onNewExchange(exchange: MessageExchange, message: Message): Promise<void>;
|
|
25
25
|
close(): Promise<void>;
|
|
26
|
+
sessionFor(peerAddress: PeerAddress, scope: string): BdxSession | undefined;
|
|
26
27
|
}
|
|
27
28
|
export declare namespace BdxProtocol {
|
|
28
29
|
interface Config extends BdxSessionConfiguration.Config {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"BdxProtocol.d.ts","sourceRoot":"","sources":["../../../src/bdx/BdxProtocol.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,aAAa,EAAoC,UAAU,EAAE,MAAM,UAAU,CAAC;AAC9G,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAEnD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAG/D,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAEnD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AAKvE,4BAA4B;AAC5B,qBAAa,WAAY,YAAW,eAAe;;IAC/C,QAAQ,CAAC,EAAE,KAAmB;IAC9B,QAAQ,CAAC,qBAAqB,QAAQ;IAMtC,MAAM,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,WAAW;IAO9C,IAAI,cAAc,2DAEjB;IAED,IAAI,aAAa,2DAEhB;IASD,kBAAkB,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,CAAC,EAAE,WAAW,CAAC,MAAM;IAenF,mBAAmB,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,KAAK,UAAQ;IAiB5E,aAAa,CAAC,QAAQ,EAAE,eAAe,EAAE,OAAO,EAAE,OAAO;
|
|
1
|
+
{"version":3,"file":"BdxProtocol.d.ts","sourceRoot":"","sources":["../../../src/bdx/BdxProtocol.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,aAAa,EAAoC,UAAU,EAAE,MAAM,UAAU,CAAC;AAC9G,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAEnD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAG/D,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAEnD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AAKvE,4BAA4B;AAC5B,qBAAa,WAAY,YAAW,eAAe;;IAC/C,QAAQ,CAAC,EAAE,KAAmB;IAC9B,QAAQ,CAAC,qBAAqB,QAAQ;IAMtC,MAAM,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,WAAW;IAO9C,IAAI,cAAc,2DAEjB;IAED,IAAI,aAAa,2DAEhB;IASD,kBAAkB,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,CAAC,EAAE,WAAW,CAAC,MAAM;IAenF,mBAAmB,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,KAAK,UAAQ;IAiB5E,aAAa,CAAC,QAAQ,EAAE,eAAe,EAAE,OAAO,EAAE,OAAO;IAiFzD,KAAK;IAQX,UAAU,CAAC,WAAW,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM;CAQrD;AAED,yBAAiB,WAAW,CAAC;IACzB,UAAiB,MAAO,SAAQ,uBAAuB,CAAC,MAAM;QAC1D,cAAc,CAAC,EAAE,QAAQ,CAAC;KAC7B;CACJ"}
|
|
@@ -76,34 +76,42 @@ class BdxProtocol {
|
|
|
76
76
|
switch (initMessageType) {
|
|
77
77
|
case BdxMessageType.SendInit:
|
|
78
78
|
case BdxMessageType.ReceiveInit:
|
|
79
|
-
|
|
80
|
-
`Initialize Session for ${BdxMessageType[initMessageType]} message on BDX protocol for exchange ${exchange.id}`
|
|
81
|
-
);
|
|
82
|
-
await exchange.nextMessage();
|
|
83
|
-
const { payload } = message;
|
|
84
|
-
const initMessage = new BdxInitMessageSchema().decode(payload);
|
|
85
|
-
const { fileDesignator: messageFileDesignator } = initMessage;
|
|
86
|
-
const fd = new FileDesignator(messageFileDesignator);
|
|
87
|
-
const [storageScope, fileDesignator] = fd.text.split("/");
|
|
88
|
-
const { storage, config } = this.#peerScopes.get(this.#peerScopeKey(exchange.session.peerAddress, storageScope)) ?? {};
|
|
89
|
-
if (storage === void 0 || fileDesignator === void 0) {
|
|
90
|
-
throw new BdxError(
|
|
91
|
-
`No storage context found for BDX file designator "${fd.text}"`,
|
|
92
|
-
BdxStatusCode.FileDesignatorUnknown
|
|
93
|
-
);
|
|
94
|
-
}
|
|
95
|
-
const messenger = new BdxMessenger(exchange, config?.messageTimeout);
|
|
96
|
-
const bdxSession = BdxSession.fromMessage(messenger, {
|
|
97
|
-
initMessageType,
|
|
98
|
-
initMessage,
|
|
99
|
-
fileDesignator: new PersistedFileDesignator(fileDesignator, storage),
|
|
100
|
-
...config
|
|
101
|
-
});
|
|
102
|
-
await this.#registerSession(messenger, bdxSession, storageScope);
|
|
79
|
+
let messenger = void 0;
|
|
103
80
|
try {
|
|
104
|
-
|
|
81
|
+
logger.debug(
|
|
82
|
+
`Initialize Session for ${BdxMessageType[initMessageType]} message on BDX protocol for exchange ${exchange.id}`
|
|
83
|
+
);
|
|
84
|
+
await exchange.nextMessage();
|
|
85
|
+
const { payload } = message;
|
|
86
|
+
const initMessage = new BdxInitMessageSchema().decode(payload);
|
|
87
|
+
const { fileDesignator: messageFileDesignator } = initMessage;
|
|
88
|
+
const fd = new FileDesignator(messageFileDesignator);
|
|
89
|
+
const [storageScope, fileDesignator] = fd.text.split("/");
|
|
90
|
+
const { storage, config } = this.#peerScopes.get(this.#peerScopeKey(exchange.session.peerAddress, storageScope)) ?? {};
|
|
91
|
+
if (storage === void 0 || fileDesignator === void 0) {
|
|
92
|
+
throw new BdxError(
|
|
93
|
+
`No storage context found for BDX file designator "${fd.text}"`,
|
|
94
|
+
BdxStatusCode.FileDesignatorUnknown
|
|
95
|
+
);
|
|
96
|
+
}
|
|
97
|
+
messenger = new BdxMessenger(exchange, config?.messageTimeout);
|
|
98
|
+
const bdxSession = BdxSession.fromMessage(messenger, {
|
|
99
|
+
initMessageType,
|
|
100
|
+
initMessage,
|
|
101
|
+
fileDesignator: new PersistedFileDesignator(fileDesignator, storage),
|
|
102
|
+
...config
|
|
103
|
+
});
|
|
104
|
+
await this.#registerSession(messenger, bdxSession, storageScope);
|
|
105
|
+
try {
|
|
106
|
+
await bdxSession.processTransfer();
|
|
107
|
+
} catch (error) {
|
|
108
|
+
logger.error(`Error processing BDX transfer:`, error);
|
|
109
|
+
}
|
|
105
110
|
} catch (error) {
|
|
106
|
-
|
|
111
|
+
BdxError.accept(error);
|
|
112
|
+
await (messenger ?? new BdxMessenger(exchange)).sendError(error.code);
|
|
113
|
+
logger.warn(`BDX session failed with error:`, error);
|
|
114
|
+
return;
|
|
107
115
|
}
|
|
108
116
|
break;
|
|
109
117
|
default:
|
|
@@ -137,6 +145,14 @@ class BdxProtocol {
|
|
|
137
145
|
}
|
|
138
146
|
this.#activeBdxSessions.clear();
|
|
139
147
|
}
|
|
148
|
+
sessionFor(peerAddress, scope) {
|
|
149
|
+
for (const { session, scope: activeScope } of this.#activeBdxSessions.values()) {
|
|
150
|
+
if (PeerAddress.is(peerAddress, session.peerAddress) && activeScope === scope) {
|
|
151
|
+
return session;
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
return void 0;
|
|
155
|
+
}
|
|
140
156
|
}
|
|
141
157
|
export {
|
|
142
158
|
BdxProtocol
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/bdx/BdxProtocol.ts"],
|
|
4
|
-
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,SAAS,gBAAgB;AACzB,SAAS,sBAAsB;AAC/B,SAAS,+BAA+B;AAExC,SAAgC,eAAe,aAAa,QAAQ,aAAa,kBAAkB;AACnG,SAAS,mBAAmB;AAC5B,SAAS,uBAAuB;AAGhC,SAAS,qBAAqB;AAC9B,SAAS,iBAAiB,gBAAgB,qBAAqB;AAE/D,SAAS,oBAAoB;AAC7B,SAAS,kBAAkB;AAE3B,SAAS,4BAA4B;AAErC,MAAM,SAAS,OAAO,IAAI,aAAa;AAGhC,MAAM,YAAuC;AAAA,EACvC,KAAK;AAAA,EACL,wBAAwB;AAAA,EACxB,qBAAqB,oBAAI,IAA6D;AAAA,EAC/F,cAAc,oBAAI,IAAwF;AAAA,EAC1G,kBAAkB,WAAiD;AAAA,EACnE,iBAAiB,WAAiD;AAAA,EAElE,QAAQ,cAAc,MAAM,EAAE,KAAkB;AAC5C,UAAM,WAAW,IAAI,YAAY;AACjC,QAAI,IAAI,eAAe,EAAE,mBAAmB,QAAQ;AACpD,QAAI,IAAI,aAAa,QAAQ;AAC7B,WAAO;AAAA,EACX;AAAA,EAEA,IAAI,iBAAiB;AACjB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gBAAgB;AAChB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,cAAc,MAAmB,OAAgB;AAC7C,QAAI,UAAU,QAAW;AACrB,YAAM,IAAI,YAAY,sEAAsE;AAAA,IAChG;AACA,WAAO,GAAG,KAAK,SAAS,CAAC,IAAI,KAAK;AAAA,EACtC;AAAA,EAEA,mBAAmB,MAAmB,SAAwB,QAA6B;AACvF,UAAM,eAAe,KAAK,cAAc,MAAM,QAAQ,KAAK;AAC3D,UAAM,cAAc,KAAK,YAAY,IAAI,YAAY;AACrD,QAAI,gBAAgB,QAAW;AAC3B,YAAM,EAAE,SAAS,iBAAiB,QAAQ,eAAe,IAAI;AAC7D,aAAO,KAAK,QAAQ,MAAM,cAAc;AACxC,UAAI,oBAAoB,WAAW,YAAY,QAAQ,cAAc,GAAG;AACpE,eAAO;AAAA,MACX;AAAA,IACJ,OAAO;AACH,WAAK,YAAY,IAAI,cAAc,EAAE,MAAM,SAAS,OAAO,CAAC;AAAA,IAChE;AACA,WAAO;AAAA,EACX;AAAA,EAEA,MAAM,oBAAoB,MAAmB,SAAwB,QAAQ,OAAO;AAChF,QAAI,KAAK,mBAAmB,OAAO,GAAG;AAClC,iBAAW,EAAE,SAAS,MAAM,KAAK,KAAK,mBAAmB,OAAO,GAAG;AAC/D,YAAI,QAAQ,UAAU,SAAS,YAAY,GAAG,MAAM,QAAQ,WAAW,GAAG;AACtE,cAAI,OAAO;AACP,kBAAM,QAAQ,MAAM,IAAI,YAAY,6BAA6B,CAAC;AAClE;AAAA,UACJ;AACA,gBAAM,IAAI;AAAA,YACN,gCAAgC,IAAI,aAAa,KAAK;AAAA,UAC1D;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AACA,SAAK,YAAY,OAAO,KAAK,cAAc,MAAM,QAAQ,KAAK,CAAC;AAAA,EACnE;AAAA,EAEA,MAAM,cAAc,UAA2B,SAAkB;AAC7D,UAAM,kBAAkB,QAAQ,cAAc;AAC9C,kBAAc,OAAO,SAAS,OAAO;AAErC,YAAQ,iBAAiB;AAAA,MACrB,KAAK,eAAe;AAAA,MACpB,KAAK,eAAe;AAChB,
|
|
4
|
+
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,SAAS,gBAAgB;AACzB,SAAS,sBAAsB;AAC/B,SAAS,+BAA+B;AAExC,SAAgC,eAAe,aAAa,QAAQ,aAAa,kBAAkB;AACnG,SAAS,mBAAmB;AAC5B,SAAS,uBAAuB;AAGhC,SAAS,qBAAqB;AAC9B,SAAS,iBAAiB,gBAAgB,qBAAqB;AAE/D,SAAS,oBAAoB;AAC7B,SAAS,kBAAkB;AAE3B,SAAS,4BAA4B;AAErC,MAAM,SAAS,OAAO,IAAI,aAAa;AAGhC,MAAM,YAAuC;AAAA,EACvC,KAAK;AAAA,EACL,wBAAwB;AAAA,EACxB,qBAAqB,oBAAI,IAA6D;AAAA,EAC/F,cAAc,oBAAI,IAAwF;AAAA,EAC1G,kBAAkB,WAAiD;AAAA,EACnE,iBAAiB,WAAiD;AAAA,EAElE,QAAQ,cAAc,MAAM,EAAE,KAAkB;AAC5C,UAAM,WAAW,IAAI,YAAY;AACjC,QAAI,IAAI,eAAe,EAAE,mBAAmB,QAAQ;AACpD,QAAI,IAAI,aAAa,QAAQ;AAC7B,WAAO;AAAA,EACX;AAAA,EAEA,IAAI,iBAAiB;AACjB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gBAAgB;AAChB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,cAAc,MAAmB,OAAgB;AAC7C,QAAI,UAAU,QAAW;AACrB,YAAM,IAAI,YAAY,sEAAsE;AAAA,IAChG;AACA,WAAO,GAAG,KAAK,SAAS,CAAC,IAAI,KAAK;AAAA,EACtC;AAAA,EAEA,mBAAmB,MAAmB,SAAwB,QAA6B;AACvF,UAAM,eAAe,KAAK,cAAc,MAAM,QAAQ,KAAK;AAC3D,UAAM,cAAc,KAAK,YAAY,IAAI,YAAY;AACrD,QAAI,gBAAgB,QAAW;AAC3B,YAAM,EAAE,SAAS,iBAAiB,QAAQ,eAAe,IAAI;AAC7D,aAAO,KAAK,QAAQ,MAAM,cAAc;AACxC,UAAI,oBAAoB,WAAW,YAAY,QAAQ,cAAc,GAAG;AACpE,eAAO;AAAA,MACX;AAAA,IACJ,OAAO;AACH,WAAK,YAAY,IAAI,cAAc,EAAE,MAAM,SAAS,OAAO,CAAC;AAAA,IAChE;AACA,WAAO;AAAA,EACX;AAAA,EAEA,MAAM,oBAAoB,MAAmB,SAAwB,QAAQ,OAAO;AAChF,QAAI,KAAK,mBAAmB,OAAO,GAAG;AAClC,iBAAW,EAAE,SAAS,MAAM,KAAK,KAAK,mBAAmB,OAAO,GAAG;AAC/D,YAAI,QAAQ,UAAU,SAAS,YAAY,GAAG,MAAM,QAAQ,WAAW,GAAG;AACtE,cAAI,OAAO;AACP,kBAAM,QAAQ,MAAM,IAAI,YAAY,6BAA6B,CAAC;AAClE;AAAA,UACJ;AACA,gBAAM,IAAI;AAAA,YACN,gCAAgC,IAAI,aAAa,KAAK;AAAA,UAC1D;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AACA,SAAK,YAAY,OAAO,KAAK,cAAc,MAAM,QAAQ,KAAK,CAAC;AAAA,EACnE;AAAA,EAEA,MAAM,cAAc,UAA2B,SAAkB;AAC7D,UAAM,kBAAkB,QAAQ,cAAc;AAC9C,kBAAc,OAAO,SAAS,OAAO;AAErC,YAAQ,iBAAiB;AAAA,MACrB,KAAK,eAAe;AAAA,MACpB,KAAK,eAAe;AAChB,YAAI,YAAsC;AAC1C,YAAI;AACA,iBAAO;AAAA,YACH,0BAA0B,eAAe,eAAe,CAAC,yCAAyC,SAAS,EAAE;AAAA,UACjH;AACA,gBAAM,SAAS,YAAY;AAE3B,gBAAM,EAAE,QAAQ,IAAI;AAEpB,gBAAM,cAAc,IAAI,qBAAqB,EAAE,OAAO,OAAO;AAC7D,gBAAM,EAAE,gBAAgB,sBAAsB,IAAI;AAClD,gBAAM,KAAK,IAAI,eAAe,qBAAqB;AACnD,gBAAM,CAAC,cAAc,cAAc,IAAI,GAAG,KAAK,MAAM,GAAG;AACxD,gBAAM,EAAE,SAAS,OAAO,IACpB,KAAK,YAAY,IAAI,KAAK,cAAc,SAAS,QAAQ,aAAa,YAAY,CAAC,KAAK,CAAC;AAC7F,cAAI,YAAY,UAAa,mBAAmB,QAAW;AACvD,kBAAM,IAAI;AAAA,cACN,qDAAqD,GAAG,IAAI;AAAA,cAC5D,cAAc;AAAA,YAClB;AAAA,UACJ;AAEA,sBAAY,IAAI,aAAa,UAAU,QAAQ,cAAc;AAE7D,gBAAM,aAAa,WAAW,YAAY,WAAW;AAAA,YACjD;AAAA,YACA;AAAA,YACA,gBAAgB,IAAI,wBAAwB,gBAAgB,OAAO;AAAA,YACnE,GAAG;AAAA,UACP,CAAC;AACD,gBAAM,KAAK,iBAAiB,WAAW,YAAY,YAAY;AAE/D,cAAI;AACA,kBAAM,WAAW,gBAAgB;AAAA,UACrC,SAAS,OAAO;AACZ,mBAAO,MAAM,kCAAkC,KAAK;AAAA,UACxD;AAAA,QACJ,SAAS,OAAO;AACZ,mBAAS,OAAO,KAAK;AACrB,iBAAO,aAAa,IAAI,aAAa,QAAQ,GAAG,UAAU,MAAM,IAAI;AAEpE,iBAAO,KAAK,kCAAkC,KAAK;AACnD;AAAA,QACJ;AACA;AAAA,MACJ;AACI,eAAO;AAAA,UACH,+BAA+B,eAAe,eAAe,CAAC,oBAAoB,SAAS,EAAE;AAAA,QACjG;AACA,cAAM,IAAI,aAAa,QAAQ,EAAE,UAAU,cAAc,iBAAiB;AAAA,IAClF;AAAA,EACJ;AAAA;AAAA,EAGA,MAAM,iBAAiB,WAAyB,YAAwB,OAAe;AACnF,UAAM,WAAW,UAAU;AAC3B,QAAI,KAAK,mBAAmB,IAAI,QAAQ,GAAG;AACvC,aAAO,KAAK,4BAA4B,SAAS,EAAE,gCAAgC;AACnF,YAAM,UAAU,UAAU,cAAc,iBAAiB;AACzD;AAAA,IACJ;AACA,SAAK,mBAAmB,IAAI,UAAU,EAAE,SAAS,YAAY,MAAM,CAAC;AAEpE,SAAK,gBAAgB,KAAK,YAAY,KAAK;AAE3C,eAAW,OAAO,GAAG,YAAY;AAC7B,aAAO,MAAM,4BAA4B,SAAS,EAAE,SAAS;AAC7D,WAAK,mBAAmB,OAAO,QAAQ;AACvC,YAAM,SAAS,MAAM;AAErB,WAAK,eAAe,KAAK,YAAY,KAAK;AAAA,IAC9C,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,QAAQ;AACV,WAAO,MAAM,qCAAqC,KAAK,mBAAmB,IAAI,kBAAkB;AAChG,eAAW,EAAE,QAAQ,KAAK,KAAK,mBAAmB,OAAO,GAAG;AACxD,YAAM,QAAQ,MAAM,IAAI,YAAY,6BAA6B,CAAC;AAAA,IACtE;AACA,SAAK,mBAAmB,MAAM;AAAA,EAClC;AAAA,EAEA,WAAW,aAA0B,OAAe;AAChD,eAAW,EAAE,SAAS,OAAO,YAAY,KAAK,KAAK,mBAAmB,OAAO,GAAG;AAC5E,UAAI,YAAY,GAAG,aAAa,QAAQ,WAAW,KAAK,gBAAgB,OAAO;AAC3E,eAAO;AAAA,MACX;AAAA,IACJ;AACA,WAAO;AAAA,EACX;AACJ;",
|
|
5
5
|
"names": []
|
|
6
6
|
}
|
|
@@ -11,9 +11,6 @@ import { CaseAuthenticatedTag, FabricId, NodeId } from "#types";
|
|
|
11
11
|
* Supports optional Intermediate Certificate Authority (ICAC) for 3-tier PKI hierarchy.
|
|
12
12
|
* When ICAC is enabled, the certificate chain becomes: RCAC -> ICAC -> NOC instead of RCAC -> NOC.
|
|
13
13
|
*
|
|
14
|
-
* Configuration:
|
|
15
|
-
* - intermediateCert: Enable/disable ICAC generation. Defaults to false (2-tier PKI).
|
|
16
|
-
*
|
|
17
14
|
* Behavior:
|
|
18
15
|
* - When ICAC exists, it is always used to sign NOCs (operational certificates)
|
|
19
16
|
* - When no ICAC exists, the root certificate signs NOCs directly
|
|
@@ -52,16 +49,40 @@ export declare class CertificateAuthority {
|
|
|
52
49
|
generateNoc(publicKey: Bytes, fabricId: FabricId, nodeId: NodeId, caseAuthenticatedTags?: CaseAuthenticatedTag[]): Promise<AllowSharedBufferSource>;
|
|
53
50
|
}
|
|
54
51
|
export declare namespace CertificateAuthority {
|
|
55
|
-
|
|
52
|
+
/** Base configuration fields shared by both 2-tier and 3-tier PKI */
|
|
53
|
+
type ConfigurationBase = {
|
|
56
54
|
rootCertId: bigint;
|
|
57
|
-
rootKeyPair: BinaryKeyPair;
|
|
58
55
|
rootKeyIdentifier: Bytes;
|
|
59
56
|
rootCertBytes: Bytes;
|
|
60
57
|
nextCertificateId: bigint;
|
|
61
|
-
icacCertId?: bigint;
|
|
62
|
-
icacKeyPair?: BinaryKeyPair;
|
|
63
|
-
icacKeyIdentifier?: Bytes;
|
|
64
|
-
icacCertBytes?: Bytes;
|
|
65
58
|
};
|
|
59
|
+
/**
|
|
60
|
+
* Configuration for 2-tier PKI (RCAC -> NOC).
|
|
61
|
+
* rootKeyPair is REQUIRED since RCAC signs NOCs directly.
|
|
62
|
+
*/
|
|
63
|
+
export type ConfigurationWithoutIcac = ConfigurationBase & {
|
|
64
|
+
rootKeyPair: BinaryKeyPair;
|
|
65
|
+
};
|
|
66
|
+
/**
|
|
67
|
+
* Configuration for 3-tier PKI (RCAC -> ICAC -> NOC).
|
|
68
|
+
* rootKeyPair is OPTIONAL since ICAC signs NOCs, not RCAC.
|
|
69
|
+
* This allows controllers to operate without access to the RCAC private key.
|
|
70
|
+
*/
|
|
71
|
+
export type ConfigurationWithIcac = ConfigurationBase & {
|
|
72
|
+
rootKeyPair?: BinaryKeyPair;
|
|
73
|
+
icacCertId: bigint;
|
|
74
|
+
icacKeyPair: BinaryKeyPair;
|
|
75
|
+
icacKeyIdentifier: Bytes;
|
|
76
|
+
icacCertBytes: Bytes;
|
|
77
|
+
};
|
|
78
|
+
/**
|
|
79
|
+
* Configuration for CertificateAuthority with external certificates.
|
|
80
|
+
*
|
|
81
|
+
* When using ICAC (3-tier PKI), the rootKeyPair can be omitted since NOCs are signed
|
|
82
|
+
* by the ICAC, not the RCAC. This allows controllers to operate without access to
|
|
83
|
+
* the RCAC private key.
|
|
84
|
+
*/
|
|
85
|
+
export type Configuration = ConfigurationWithoutIcac | ConfigurationWithIcac;
|
|
86
|
+
export {};
|
|
66
87
|
}
|
|
67
88
|
//# sourceMappingURL=CertificateAuthority.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CertificateAuthority.d.ts","sourceRoot":"","sources":["../../../src/certificate/CertificateAuthority.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACH,aAAa,EACb,KAAK,EACL,YAAY,EACZ,MAAM,EACN,WAAW,EACX,aAAa,EAKb,cAAc,EAKjB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAQhE
|
|
1
|
+
{"version":3,"file":"CertificateAuthority.d.ts","sourceRoot":"","sources":["../../../src/certificate/CertificateAuthority.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACH,aAAa,EACb,KAAK,EACL,YAAY,EACZ,MAAM,EACN,WAAW,EACX,aAAa,EAKb,cAAc,EAKjB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAQhE;;;;;;;;;;;;;;GAcG;AACH,qBAAa,oBAAoB;;IAU7B,IAAI,MAAM,WAET;IAED,IAAI,YAAY,uCAEf;IAED;;;;;OAKG;IACH,MAAM,CAAC,MAAM,CACT,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,cAAc,EACvB,wBAAwB,CAAC,EAAE,OAAO,GACnC,OAAO,CAAC,oBAAoB,CAAC;IAEhC;;;OAGG;IACH,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,oBAAoB,CAAC,aAAa,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAEzG;;;OAGG;IACH,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,wBAAwB,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC;gBAW5F,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,cAAc,GAAG,oBAAoB,CAAC,aAAa,GAAG,OAAO,EACvE,wBAAwB,CAAC,EAAE,OAAO;IA6CtC,MAAM,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,WAAW;IAO9C,IAAI,QAAQ,IAAI,KAAK,CAEpB;IAED,IAAI,QAAQ,IAAI,KAAK,GAAG,SAAS,CAKhC;IAED,IAAI,MAAM,IAAI,oBAAoB,CAAC,aAAa,CAkB/C;IAgEK,WAAW,CACb,SAAS,EAAE,KAAK,EAChB,QAAQ,EAAE,QAAQ,EAClB,MAAM,EAAE,MAAM,EACd,qBAAqB,CAAC,EAAE,oBAAoB,EAAE;CAkJrD;AASD,yBAAiB,oBAAoB,CAAC;IAClC,qEAAqE;IACrE,KAAK,iBAAiB,GAAG;QACrB,UAAU,EAAE,MAAM,CAAC;QACnB,iBAAiB,EAAE,KAAK,CAAC;QACzB,aAAa,EAAE,KAAK,CAAC;QACrB,iBAAiB,EAAE,MAAM,CAAC;KAC7B,CAAC;IAEF;;;OAGG;IACH,MAAM,MAAM,wBAAwB,GAAG,iBAAiB,GAAG;QACvD,WAAW,EAAE,aAAa,CAAC;KAC9B,CAAC;IAEF;;;;OAIG;IACH,MAAM,MAAM,qBAAqB,GAAG,iBAAiB,GAAG;QACpD,WAAW,CAAC,EAAE,aAAa,CAAC;QAC5B,UAAU,EAAE,MAAM,CAAC;QACnB,WAAW,EAAE,aAAa,CAAC;QAC3B,iBAAiB,EAAE,KAAK,CAAC;QACzB,aAAa,EAAE,KAAK,CAAC;KACxB,CAAC;IAEF;;;;;;OAMG;IACH,MAAM,MAAM,aAAa,GAAG,wBAAwB,GAAG,qBAAqB,CAAC;;CAChF"}
|
|
@@ -92,16 +92,19 @@ class CertificateAuthority {
|
|
|
92
92
|
get config() {
|
|
93
93
|
return {
|
|
94
94
|
rootCertId: this.#rootCertId,
|
|
95
|
-
rootKeyPair: this.construction.assert("root key pair", this.#rootKeyPair).keyPair,
|
|
96
95
|
rootKeyIdentifier: this.construction.assert("root key identifier", this.#rootKeyIdentifier),
|
|
97
96
|
rootCertBytes: this.construction.assert("root cert bytes", this.#rootCertBytes),
|
|
98
97
|
nextCertificateId: this.#nextCertificateId,
|
|
99
98
|
...this.#icacProps !== void 0 ? {
|
|
99
|
+
rootKeyPair: this.#rootKeyPair?.keyPair,
|
|
100
|
+
// rootKeyPair is optional when using ICAC
|
|
100
101
|
icacCertId: this.#icacProps.certId,
|
|
101
102
|
icacKeyPair: this.construction.assert("icac key pair", this.#icacProps.keyPair).keyPair,
|
|
102
103
|
icacKeyIdentifier: this.construction.assert("icac key identifier", this.#icacProps.keyIdentifier),
|
|
103
104
|
icacCertBytes: this.construction.assert("icac cert bytes", this.#icacProps.certBytes)
|
|
104
|
-
} : {
|
|
105
|
+
} : {
|
|
106
|
+
rootKeyPair: this.construction.assert("root key pair", this.#rootKeyPair).keyPair
|
|
107
|
+
}
|
|
105
108
|
};
|
|
106
109
|
}
|
|
107
110
|
async #generateRootCert() {
|
|
@@ -202,14 +205,16 @@ class CertificateAuthority {
|
|
|
202
205
|
return this.#rootKeyIdentifier;
|
|
203
206
|
}
|
|
204
207
|
#isValidStoredRootCertificate(certValues) {
|
|
205
|
-
return (typeof certValues.rootCertId === "number" || typeof certValues.rootCertId === "bigint") && (Bytes.isBytes(certValues.rootKeyPair) || typeof certValues.rootKeyPair === "object") && Bytes.isBytes(certValues.rootKeyIdentifier) && Bytes.isBytes(certValues.rootCertBytes) && (typeof certValues.nextCertificateId === "number" || typeof certValues.nextCertificateId === "bigint");
|
|
208
|
+
return (typeof certValues.rootCertId === "number" || typeof certValues.rootCertId === "bigint") && (certValues.rootKeyPair === void 0 || Bytes.isBytes(certValues.rootKeyPair) || typeof certValues.rootKeyPair === "object") && Bytes.isBytes(certValues.rootKeyIdentifier) && Bytes.isBytes(certValues.rootCertBytes) && (typeof certValues.nextCertificateId === "number" || typeof certValues.nextCertificateId === "bigint");
|
|
206
209
|
}
|
|
207
210
|
#isValidStoredIcacCertificate(certValues) {
|
|
208
211
|
return (typeof certValues.icacCertId === "number" || typeof certValues.icacCertId === "bigint") && (Bytes.isBytes(certValues.icacKeyPair) || typeof certValues.icacKeyPair === "object") && Bytes.isBytes(certValues.icacKeyIdentifier) && Bytes.isBytes(certValues.icacCertBytes);
|
|
209
212
|
}
|
|
210
213
|
#loadFromStorage(certValues, requireIcac) {
|
|
211
214
|
this.#rootCertId = BigInt(certValues.rootCertId);
|
|
212
|
-
|
|
215
|
+
if (certValues.rootKeyPair !== void 0) {
|
|
216
|
+
this.#rootKeyPair = PrivateKey(certValues.rootKeyPair);
|
|
217
|
+
}
|
|
213
218
|
this.#rootKeyIdentifier = certValues.rootKeyIdentifier;
|
|
214
219
|
this.#rootCertBytes = certValues.rootCertBytes;
|
|
215
220
|
this.#nextCertificateId = BigInt(certValues.nextCertificateId);
|
|
@@ -226,23 +231,31 @@ class CertificateAuthority {
|
|
|
226
231
|
keyIdentifier: certValues.icacKeyIdentifier,
|
|
227
232
|
certBytes: certValues.icacCertBytes
|
|
228
233
|
};
|
|
234
|
+
} else {
|
|
235
|
+
if (this.#rootKeyPair === void 0) {
|
|
236
|
+
throw new ImplementationError(
|
|
237
|
+
"rootKeyPair is required when not using ICAC (2-tier PKI requires RCAC private key to sign NOCs)"
|
|
238
|
+
);
|
|
239
|
+
}
|
|
229
240
|
}
|
|
230
241
|
}
|
|
231
242
|
#buildStorageData() {
|
|
232
|
-
|
|
243
|
+
return {
|
|
233
244
|
rootCertId: this.#rootCertId,
|
|
234
|
-
rootKeyPair: this.#initializedRootKeyPair.keyPair,
|
|
235
245
|
rootKeyIdentifier: this.#initializedRootKeyIdentifier,
|
|
236
246
|
rootCertBytes: this.#initializedRootCertBytes,
|
|
237
|
-
nextCertificateId: this.#nextCertificateId
|
|
247
|
+
nextCertificateId: this.#nextCertificateId,
|
|
248
|
+
...this.#icacProps ? {
|
|
249
|
+
rootKeyPair: this.#rootKeyPair?.keyPair,
|
|
250
|
+
// rootKeyPair is optional when using ICAC
|
|
251
|
+
icacCertId: this.#icacProps.certId,
|
|
252
|
+
icacKeyPair: this.#icacProps.keyPair.keyPair,
|
|
253
|
+
icacKeyIdentifier: this.#icacProps.keyIdentifier,
|
|
254
|
+
icacCertBytes: this.#icacProps.certBytes
|
|
255
|
+
} : {
|
|
256
|
+
rootKeyPair: this.#initializedRootKeyPair.keyPair
|
|
257
|
+
}
|
|
238
258
|
};
|
|
239
|
-
if (this.#icacProps) {
|
|
240
|
-
data.icacCertId = this.#icacProps.certId;
|
|
241
|
-
data.icacKeyPair = this.#icacProps.keyPair.keyPair;
|
|
242
|
-
data.icacKeyIdentifier = this.#icacProps.keyIdentifier;
|
|
243
|
-
data.icacCertBytes = this.#icacProps.certBytes;
|
|
244
|
-
}
|
|
245
|
-
return data;
|
|
246
259
|
}
|
|
247
260
|
#getSigningParameters() {
|
|
248
261
|
if (this.#icacProps) {
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/certificate/CertificateAuthority.ts"],
|
|
4
|
-
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAMA;AAAA,EAEI;AAAA,EACA;AAAA,EACA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACG;AAEP,SAAS,sBAAsB;AAC/B,SAAS,YAAY;AACrB,SAAS,WAAW;AACpB,SAAS,YAAY;AAErB,MAAM,SAAS,OAAO,IAAI,sBAAsB;
|
|
4
|
+
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAMA;AAAA,EAEI;AAAA,EACA;AAAA,EACA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACG;AAEP,SAAS,sBAAsB;AAC/B,SAAS,YAAY;AACrB,SAAS,WAAW;AACpB,SAAS,YAAY;AAErB,MAAM,SAAS,OAAO,IAAI,sBAAsB;AAiBzC,MAAM,qBAAqB;AAAA,EAC9B;AAAA,EACA,cAAc,OAAO,CAAC;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AAAA,EACA,qBAAqB,OAAO,CAAC;AAAA,EAC7B;AAAA,EACA;AAAA,EAEA,IAAI,SAAS;AACT,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,eAAe;AACf,WAAO,KAAK;AAAA,EAChB;AAAA,EA0BA,aAAa,OACT,QACA,SACA,0BACF;AACE,WAAO,SAAS,sBAAsB,QAAQ,SAAS,wBAAwB;AAAA,EACnF;AAAA,EAEA,YACI,QACA,SACA,0BACF;AACE,SAAK,UAAU;AAEf,SAAK,gBAAgB,aAAa,MAAM,YAAY;AAChD,UAAI,OAAO,YAAY,WAAW;AAC9B,mCAA2B;AAC3B,kBAAU;AAAA,MACd;AAEA,YAAM,aAAa,mBAAmB,iBAAiB,MAAM,QAAQ,OAAO,IAAK,WAAW,CAAC;AAI7F,YAAM,cAAc,4BAA4B,KAAK,8BAA8B,UAAU;AAE7F,UAAI,KAAK,8BAA8B,UAAU,GAAG;AAChD,aAAK,iBAAiB,YAAY,WAAW;AAC7C,eAAO;AAAA,UACH,qCAAqC,KAAK,WAAW,GAAG,KAAK,eAAe,SAAY,qBAAqB,KAAK,WAAW,MAAM,KAAK,EAAE;AAAA,QAC9I;AACA;AAAA,MACJ;AAEA,WAAK,eAAe,MAAM,KAAK,QAAQ,cAAc;AACrD,WAAK,qBAAqB,MAAM,GAAG,MAAM,KAAK,QAAQ,YAAY,KAAK,aAAa,SAAS,CAAC,EAAE;AAAA,QAC5F;AAAA,QACA;AAAA,MACJ;AACA,WAAK,iBAAiB,MAAM,KAAK,kBAAkB;AAEnD,UAAI,aAAa;AACb,aAAK,aAAa,MAAM,KAAK,mBAAmB;AAAA,MACpD;AAEA,aAAO;AAAA,QACH,mCAAmC,KAAK,WAAW,GAAG,KAAK,eAAe,SAAY,qBAAqB,KAAK,WAAW,MAAM,KAAK,EAAE;AAAA,MAC5I;AAEA,UAAI,mBAAmB,gBAAgB;AACnC,cAAM,QAAQ,IAAI,KAAK,kBAAkB,CAAC;AAAA,MAC9C;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,QAAQ,cAAc,MAAM,EAAE,KAAkB;AAC5C,UAAM,UAAU,IAAI,IAAI,cAAc,EAAE,cAAc,cAAc;AACpE,UAAM,WAAW,IAAI,qBAAqB,IAAI,IAAI,MAAM,GAAG,OAAO;AAClE,QAAI,IAAI,sBAAsB,QAAQ;AACtC,WAAO;AAAA,EACX;AAAA,EAEA,IAAI,WAAkB;AAClB,WAAO,KAAK,cAAc,OAAO,aAAa,KAAK,cAAc;AAAA,EACrE;AAAA,EAEA,IAAI,WAA8B;AAC9B,QAAI,CAAC,KAAK,YAAY;AAClB,aAAO;AAAA,IACX;AACA,WAAO,KAAK,cAAc,OAAO,aAAa,KAAK,WAAW,SAAS;AAAA,EAC3E;AAAA,EAEA,IAAI,SAA6C;AAC7C,WAAO;AAAA,MACH,YAAY,KAAK;AAAA,MACjB,mBAAmB,KAAK,aAAa,OAAO,uBAAuB,KAAK,kBAAkB;AAAA,MAC1F,eAAe,KAAK,aAAa,OAAO,mBAAmB,KAAK,cAAc;AAAA,MAC9E,mBAAmB,KAAK;AAAA,MACxB,GAAI,KAAK,eAAe,SAClB;AAAA,QACI,aAAa,KAAK,cAAc;AAAA;AAAA,QAChC,YAAY,KAAK,WAAW;AAAA,QAC5B,aAAa,KAAK,aAAa,OAAO,iBAAiB,KAAK,WAAW,OAAO,EAAE;AAAA,QAChF,mBAAmB,KAAK,aAAa,OAAO,uBAAuB,KAAK,WAAW,aAAa;AAAA,QAChG,eAAe,KAAK,aAAa,OAAO,mBAAmB,KAAK,WAAW,SAAS;AAAA,MACxF,IACA;AAAA,QACI,aAAa,KAAK,aAAa,OAAO,iBAAiB,KAAK,YAAY,EAAE;AAAA,MAC9E;AAAA,IACV;AAAA,EACJ;AAAA,EAEA,MAAM,oBAAoB;AACtB,UAAM,MAAM,KAAK;AACjB,UAAM,OAAO,IAAI,KAAK;AAAA,MAClB,cAAc,MAAM,QAAQ,MAAM,KAAK,WAAW,CAAC;AAAA,MACnD,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,MACpB,yBAAyB;AAAA,MACzB,QAAQ,EAAE,QAAQ,KAAK,YAAY;AAAA,MACnC,WAAW,eAAe,KAAK,EAAE;AAAA,MACjC,UAAU,eAAe,KAAK,EAAE;AAAA,MAChC,SAAS,EAAE,QAAQ,KAAK,YAAY;AAAA,MACpC,wBAAwB,KAAK,wBAAwB;AAAA,MACrD,YAAY;AAAA,QACR,kBAAkB,EAAE,MAAM,KAAK;AAAA,QAC/B,UAAU;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACb;AAAA,QACA,sBAAsB,KAAK;AAAA,QAC3B,wBAAwB,KAAK;AAAA,MACjC;AAAA,IACJ,CAAC;AACD,UAAM,KAAK,KAAK,KAAK,SAAS,KAAK,uBAAuB;AAC1D,WAAO,KAAK,YAAY;AAAA,EAC5B;AAAA,EAEA,MAAM,qBAAyC;AAC3C,UAAM,SAAS,KAAK;AACpB,UAAM,UAAU,MAAM,KAAK,QAAQ,cAAc;AACjD,UAAM,gBAAgB,MAAM,GAAG,MAAM,KAAK,QAAQ,YAAY,QAAQ,SAAS,CAAC,EAAE,MAAM,GAAG,EAAE;AAE7F,UAAM,MAAM,KAAK;AACjB,UAAM,OAAO,IAAI,KAAK;AAAA,MAClB,cAAc,MAAM,QAAQ,MAAM,MAAM,CAAC;AAAA,MACzC,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,MACpB,yBAAyB;AAAA,MACzB,QAAQ,EAAE,QAAQ,KAAK,YAAY;AAAA,MACnC,WAAW,eAAe,KAAK,EAAE;AAAA,MACjC,UAAU,eAAe,KAAK,EAAE;AAAA,MAChC,SAAS,EAAE,QAAQ,OAAO;AAAA,MAC1B,wBAAwB,QAAQ;AAAA,MAChC,YAAY;AAAA,QACR,kBAAkB,EAAE,MAAM,KAAK;AAAA,QAC/B,UAAU;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACb;AAAA,QACA,sBAAsB;AAAA,QACtB,wBAAwB,KAAK;AAAA,MACjC;AAAA,IACJ,CAAC;AACD,UAAM,KAAK,KAAK,KAAK,SAAS,KAAK,uBAAuB;AAE1D,WAAO;AAAA,MACH;AAAA,MACA;AAAA,MACA;AAAA,MACA,WAAW,KAAK,YAAY;AAAA,IAChC;AAAA,EACJ;AAAA,EAEA,MAAM,YACF,WACA,UACA,QACA,uBACF;AACE,UAAM,MAAM,KAAK;AACjB,UAAM,SAAS,KAAK;AAEpB,UAAM,EAAE,QAAQ,YAAY,eAAe,IAAI,KAAK,sBAAsB;AAE1E,UAAM,OAAO,IAAI,IAAI;AAAA,MACjB,cAAc,MAAM,QAAQ,MAAM,MAAM,CAAC;AAAA,MACzC,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,MACpB,yBAAyB;AAAA,MACzB;AAAA,MACA,WAAW,eAAe,KAAK,EAAE;AAAA,MACjC,UAAU,eAAe,KAAK,EAAE;AAAA,MAChC,SAAS,EAAE,UAAU,QAAQ,sBAAsB;AAAA,MACnD,wBAAwB;AAAA,MACxB,YAAY;AAAA,QACR,kBAAkB,EAAE,MAAM,MAAM;AAAA,QAChC,UAAU;AAAA,UACN,kBAAkB;AAAA,QACtB;AAAA,QACA,kBAAkB,CAAC,GAAG,CAAC;AAAA,QACvB,sBAAsB,MAAM,GAAG,MAAM,KAAK,QAAQ,YAAY,SAAS,CAAC,EAAE,MAAM,GAAG,EAAE;AAAA,QACrF,wBAAwB;AAAA,MAC5B;AAAA,IACJ,CAAC;AACD,UAAM,KAAK,KAAK,KAAK,SAAS,UAAU;AACxC,WAAO,KAAK,YAAY;AAAA,EAC5B;AAAA,EAEA,IAAI,0BAA0B;AAC1B,QAAI,KAAK,iBAAiB,QAAW;AACjC,YAAM,IAAI,cAAc,iCAAiC;AAAA,IAC7D;AACA,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gCAAgC;AAChC,QAAI,KAAK,uBAAuB,QAAW;AACvC,YAAM,IAAI,cAAc,oCAAoC;AAAA,IAChE;AACA,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,8BAA8B,YAA8C;AACxE,YACK,OAAO,WAAW,eAAe,YAAY,OAAO,WAAW,eAAe,cAC9E,WAAW,gBAAgB,UACxB,MAAM,QAAQ,WAAW,WAAW,KACpC,OAAO,WAAW,gBAAgB,aACtC,MAAM,QAAQ,WAAW,iBAAiB,KAC1C,MAAM,QAAQ,WAAW,aAAa,MACrC,OAAO,WAAW,sBAAsB,YAAY,OAAO,WAAW,sBAAsB;AAAA,EAErG;AAAA,EAEA,8BAA8B,YAA8C;AACxE,YACK,OAAO,WAAW,eAAe,YAAY,OAAO,WAAW,eAAe,cAC9E,MAAM,QAAQ,WAAW,WAAW,KAAK,OAAO,WAAW,gBAAgB,aAC5E,MAAM,QAAQ,WAAW,iBAAiB,KAC1C,MAAM,QAAQ,WAAW,aAAa;AAAA,EAE9C;AAAA,EAEA,iBAAiB,YAAqC,aAA6B;AAC/E,SAAK,cAAc,OAAO,WAAW,UAA6B;AAClE,QAAI,WAAW,gBAAgB,QAAW;AAEtC,WAAK,eAAe,WAAW,WAAW,WAA4B;AAAA,IAC1E;AACA,SAAK,qBAAqB,WAAW;AACrC,SAAK,iBAAiB,WAAW;AACjC,SAAK,qBAAqB,OAAO,WAAW,iBAAoC;AAEhF,UAAM,UAAU,KAAK,8BAA8B,UAAU;AAC7D,QAAI,gBAAgB,UAAa,gBAAgB,SAAS;AACtD,YAAM,IAAI;AAAA,QACN,gDAAgD,OAAO,yCAAyC,WAAW;AAAA,MAC/G;AAAA,IACJ;AAEA,QAAI,SAAS;AACT,WAAK,aAAa;AAAA,QACd,QAAQ,OAAO,WAAW,UAA6B;AAAA,QACvD,SAAS,WAAW,WAAW,WAA4B;AAAA,QAC3D,eAAe,WAAW;AAAA,QAC1B,WAAW,WAAW;AAAA,MAC1B;AAAA,IACJ,OAAO;AAEH,UAAI,KAAK,iBAAiB,QAAW;AACjC,cAAM,IAAI;AAAA,UACN;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ;AAAA,EAEA,oBAAwD;AACpD,WAAO;AAAA,MACH,YAAY,KAAK;AAAA,MACjB,mBAAmB,KAAK;AAAA,MACxB,eAAe,KAAK;AAAA,MACpB,mBAAmB,KAAK;AAAA,MACxB,GAAI,KAAK,aACH;AAAA,QACI,aAAa,KAAK,cAAc;AAAA;AAAA,QAChC,YAAY,KAAK,WAAW;AAAA,QAC5B,aAAa,KAAK,WAAW,QAAQ;AAAA,QACrC,mBAAmB,KAAK,WAAW;AAAA,QACnC,eAAe,KAAK,WAAW;AAAA,MACnC,IACA;AAAA,QACI,aAAa,KAAK,wBAAwB;AAAA,MAC9C;AAAA,IACV;AAAA,EACJ;AAAA,EAEA,wBAIE;AACE,QAAI,KAAK,YAAY;AACjB,aAAO;AAAA,QACH,QAAQ,EAAE,QAAQ,KAAK,WAAW,OAAO;AAAA,QACzC,YAAY,KAAK,WAAW;AAAA,QAC5B,gBAAgB,KAAK,WAAW;AAAA,MACpC;AAAA,IACJ;AAEA,WAAO;AAAA,MACH,QAAQ,EAAE,QAAQ,KAAK,YAAY;AAAA,MACnC,YAAY,KAAK;AAAA,MACjB,gBAAgB,KAAK;AAAA,IACzB;AAAA,EACJ;AAAA,EAEA,IAAI,4BAA4B;AAC5B,QAAI,KAAK,mBAAmB,QAAW;AACnC,YAAM,IAAI,cAAc,mCAAmC;AAAA,IAC/D;AACA,WAAO,KAAK;AAAA,EAChB;AACJ;",
|
|
5
5
|
"names": []
|
|
6
6
|
}
|
package/dist/esm/peer/PeerSet.js
CHANGED
|
@@ -547,7 +547,7 @@ class PeerSet {
|
|
|
547
547
|
};
|
|
548
548
|
const unsecuredSession = this.#sessions.createUnsecuredSession({
|
|
549
549
|
channel: operationalChannel,
|
|
550
|
-
// Use the session parameters from MDNS announcements when available and rest is assumed to be fall
|
|
550
|
+
// Use the session parameters from MDNS announcements when available and rest is assumed to be fall-backs
|
|
551
551
|
sessionParameters: mergedSessionParameters,
|
|
552
552
|
isInitiator: true
|
|
553
553
|
});
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@matter/protocol",
|
|
3
|
-
"version": "0.16.0-alpha.0-
|
|
3
|
+
"version": "0.16.0-alpha.0-20260104-11833ec59",
|
|
4
4
|
"description": "Low-level APIs for Matter interaction",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"iot",
|
|
@@ -40,13 +40,13 @@
|
|
|
40
40
|
"#*": "./src/*"
|
|
41
41
|
},
|
|
42
42
|
"dependencies": {
|
|
43
|
-
"@matter/general": "0.16.0-alpha.0-
|
|
44
|
-
"@matter/model": "0.16.0-alpha.0-
|
|
45
|
-
"@matter/types": "0.16.0-alpha.0-
|
|
43
|
+
"@matter/general": "0.16.0-alpha.0-20260104-11833ec59",
|
|
44
|
+
"@matter/model": "0.16.0-alpha.0-20260104-11833ec59",
|
|
45
|
+
"@matter/types": "0.16.0-alpha.0-20260104-11833ec59"
|
|
46
46
|
},
|
|
47
47
|
"devDependencies": {
|
|
48
|
-
"@matter/tools": "0.16.0-alpha.0-
|
|
49
|
-
"@matter/testing": "0.16.0-alpha.0-
|
|
48
|
+
"@matter/tools": "0.16.0-alpha.0-20260104-11833ec59",
|
|
49
|
+
"@matter/testing": "0.16.0-alpha.0-20260104-11833ec59"
|
|
50
50
|
},
|
|
51
51
|
"files": [
|
|
52
52
|
"dist/**/*",
|
package/src/bdx/BdxProtocol.ts
CHANGED
|
@@ -93,42 +93,50 @@ export class BdxProtocol implements ProtocolHandler {
|
|
|
93
93
|
switch (initMessageType) {
|
|
94
94
|
case BdxMessageType.SendInit:
|
|
95
95
|
case BdxMessageType.ReceiveInit:
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
const { payload } = message;
|
|
102
|
-
|
|
103
|
-
const initMessage = new BdxInitMessageSchema().decode(payload);
|
|
104
|
-
const { fileDesignator: messageFileDesignator } = initMessage;
|
|
105
|
-
const fd = new FileDesignator(messageFileDesignator);
|
|
106
|
-
const [storageScope, fileDesignator] = fd.text.split("/");
|
|
107
|
-
const { storage, config } =
|
|
108
|
-
this.#peerScopes.get(this.#peerScopeKey(exchange.session.peerAddress, storageScope)) ?? {};
|
|
109
|
-
if (storage === undefined || fileDesignator === undefined) {
|
|
110
|
-
throw new BdxError(
|
|
111
|
-
`No storage context found for BDX file designator "${fd.text}"`,
|
|
112
|
-
BdxStatusCode.FileDesignatorUnknown,
|
|
96
|
+
let messenger: BdxMessenger | undefined = undefined;
|
|
97
|
+
try {
|
|
98
|
+
logger.debug(
|
|
99
|
+
`Initialize Session for ${BdxMessageType[initMessageType]} message on BDX protocol for exchange ${exchange.id}`,
|
|
113
100
|
);
|
|
114
|
-
|
|
101
|
+
await exchange.nextMessage(); // Read the message we just know
|
|
102
|
+
|
|
103
|
+
const { payload } = message;
|
|
104
|
+
|
|
105
|
+
const initMessage = new BdxInitMessageSchema().decode(payload);
|
|
106
|
+
const { fileDesignator: messageFileDesignator } = initMessage;
|
|
107
|
+
const fd = new FileDesignator(messageFileDesignator);
|
|
108
|
+
const [storageScope, fileDesignator] = fd.text.split("/");
|
|
109
|
+
const { storage, config } =
|
|
110
|
+
this.#peerScopes.get(this.#peerScopeKey(exchange.session.peerAddress, storageScope)) ?? {};
|
|
111
|
+
if (storage === undefined || fileDesignator === undefined) {
|
|
112
|
+
throw new BdxError(
|
|
113
|
+
`No storage context found for BDX file designator "${fd.text}"`,
|
|
114
|
+
BdxStatusCode.FileDesignatorUnknown,
|
|
115
|
+
);
|
|
116
|
+
}
|
|
115
117
|
|
|
116
|
-
|
|
118
|
+
messenger = new BdxMessenger(exchange, config?.messageTimeout);
|
|
117
119
|
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
120
|
+
const bdxSession = BdxSession.fromMessage(messenger, {
|
|
121
|
+
initMessageType,
|
|
122
|
+
initMessage,
|
|
123
|
+
fileDesignator: new PersistedFileDesignator(fileDesignator, storage),
|
|
124
|
+
...config,
|
|
125
|
+
});
|
|
126
|
+
await this.#registerSession(messenger, bdxSession, storageScope);
|
|
125
127
|
|
|
126
|
-
|
|
127
|
-
|
|
128
|
+
try {
|
|
129
|
+
await bdxSession.processTransfer();
|
|
130
|
+
} catch (error) {
|
|
131
|
+
logger.error(`Error processing BDX transfer:`, error);
|
|
132
|
+
}
|
|
128
133
|
} catch (error) {
|
|
129
|
-
|
|
130
|
-
|
|
134
|
+
BdxError.accept(error);
|
|
135
|
+
await (messenger ?? new BdxMessenger(exchange)).sendError(error.code);
|
|
131
136
|
|
|
137
|
+
logger.warn(`BDX session failed with error:`, error);
|
|
138
|
+
return;
|
|
139
|
+
}
|
|
132
140
|
break;
|
|
133
141
|
default:
|
|
134
142
|
logger.warn(
|
|
@@ -166,6 +174,15 @@ export class BdxProtocol implements ProtocolHandler {
|
|
|
166
174
|
}
|
|
167
175
|
this.#activeBdxSessions.clear();
|
|
168
176
|
}
|
|
177
|
+
|
|
178
|
+
sessionFor(peerAddress: PeerAddress, scope: string) {
|
|
179
|
+
for (const { session, scope: activeScope } of this.#activeBdxSessions.values()) {
|
|
180
|
+
if (PeerAddress.is(peerAddress, session.peerAddress) && activeScope === scope) {
|
|
181
|
+
return session;
|
|
182
|
+
}
|
|
183
|
+
}
|
|
184
|
+
return undefined;
|
|
185
|
+
}
|
|
169
186
|
}
|
|
170
187
|
|
|
171
188
|
export namespace BdxProtocol {
|
|
@@ -35,9 +35,6 @@ const logger = Logger.get("CertificateAuthority");
|
|
|
35
35
|
* Supports optional Intermediate Certificate Authority (ICAC) for 3-tier PKI hierarchy.
|
|
36
36
|
* When ICAC is enabled, the certificate chain becomes: RCAC -> ICAC -> NOC instead of RCAC -> NOC.
|
|
37
37
|
*
|
|
38
|
-
* Configuration:
|
|
39
|
-
* - intermediateCert: Enable/disable ICAC generation. Defaults to false (2-tier PKI).
|
|
40
|
-
*
|
|
41
38
|
* Behavior:
|
|
42
39
|
* - When ICAC exists, it is always used to sign NOCs (operational certificates)
|
|
43
40
|
* - When no ICAC exists, the root certificate signs NOCs directly
|
|
@@ -113,7 +110,7 @@ export class CertificateAuthority {
|
|
|
113
110
|
const certValues = options instanceof StorageContext ? await options.values() : (options ?? {});
|
|
114
111
|
|
|
115
112
|
// When generateIntermediateCert is set, we ensure it, or if a valid ICAC is stored then we require it
|
|
116
|
-
// else we check
|
|
113
|
+
// else we check what's in the storage and default to false
|
|
117
114
|
const requireIcac = generateIntermediateCert ?? this.#isValidStoredIcacCertificate(certValues);
|
|
118
115
|
|
|
119
116
|
if (this.#isValidStoredRootCertificate(certValues)) {
|
|
@@ -166,18 +163,20 @@ export class CertificateAuthority {
|
|
|
166
163
|
get config(): CertificateAuthority.Configuration {
|
|
167
164
|
return {
|
|
168
165
|
rootCertId: this.#rootCertId,
|
|
169
|
-
rootKeyPair: this.construction.assert("root key pair", this.#rootKeyPair).keyPair,
|
|
170
166
|
rootKeyIdentifier: this.construction.assert("root key identifier", this.#rootKeyIdentifier),
|
|
171
167
|
rootCertBytes: this.construction.assert("root cert bytes", this.#rootCertBytes),
|
|
172
168
|
nextCertificateId: this.#nextCertificateId,
|
|
173
169
|
...(this.#icacProps !== undefined
|
|
174
170
|
? {
|
|
171
|
+
rootKeyPair: this.#rootKeyPair?.keyPair, // rootKeyPair is optional when using ICAC
|
|
175
172
|
icacCertId: this.#icacProps.certId,
|
|
176
173
|
icacKeyPair: this.construction.assert("icac key pair", this.#icacProps.keyPair).keyPair,
|
|
177
174
|
icacKeyIdentifier: this.construction.assert("icac key identifier", this.#icacProps.keyIdentifier),
|
|
178
175
|
icacCertBytes: this.construction.assert("icac cert bytes", this.#icacProps.certBytes),
|
|
179
176
|
}
|
|
180
|
-
: {
|
|
177
|
+
: {
|
|
178
|
+
rootKeyPair: this.construction.assert("root key pair", this.#rootKeyPair).keyPair,
|
|
179
|
+
}),
|
|
181
180
|
};
|
|
182
181
|
}
|
|
183
182
|
|
|
@@ -295,7 +294,9 @@ export class CertificateAuthority {
|
|
|
295
294
|
#isValidStoredRootCertificate(certValues: Record<string, unknown>): boolean {
|
|
296
295
|
return (
|
|
297
296
|
(typeof certValues.rootCertId === "number" || typeof certValues.rootCertId === "bigint") &&
|
|
298
|
-
(
|
|
297
|
+
(certValues.rootKeyPair === undefined ||
|
|
298
|
+
Bytes.isBytes(certValues.rootKeyPair) ||
|
|
299
|
+
typeof certValues.rootKeyPair === "object") &&
|
|
299
300
|
Bytes.isBytes(certValues.rootKeyIdentifier) &&
|
|
300
301
|
Bytes.isBytes(certValues.rootCertBytes) &&
|
|
301
302
|
(typeof certValues.nextCertificateId === "number" || typeof certValues.nextCertificateId === "bigint")
|
|
@@ -313,7 +314,10 @@ export class CertificateAuthority {
|
|
|
313
314
|
|
|
314
315
|
#loadFromStorage(certValues: Record<string, unknown>, requireIcac?: boolean): void {
|
|
315
316
|
this.#rootCertId = BigInt(certValues.rootCertId as bigint | number);
|
|
316
|
-
|
|
317
|
+
if (certValues.rootKeyPair !== undefined) {
|
|
318
|
+
// rootKeyPair is optional when using ICAC (3-tier PKI without RCAC private key)
|
|
319
|
+
this.#rootKeyPair = PrivateKey(certValues.rootKeyPair as BinaryKeyPair);
|
|
320
|
+
}
|
|
317
321
|
this.#rootKeyIdentifier = certValues.rootKeyIdentifier as Bytes;
|
|
318
322
|
this.#rootCertBytes = certValues.rootCertBytes as Bytes;
|
|
319
323
|
this.#nextCertificateId = BigInt(certValues.nextCertificateId as bigint | number);
|
|
@@ -332,26 +336,34 @@ export class CertificateAuthority {
|
|
|
332
336
|
keyIdentifier: certValues.icacKeyIdentifier as Bytes,
|
|
333
337
|
certBytes: certValues.icacCertBytes as Bytes,
|
|
334
338
|
};
|
|
339
|
+
} else {
|
|
340
|
+
// Validate: when no ICAC, rootKeyPair is required for signing NOCs
|
|
341
|
+
if (this.#rootKeyPair === undefined) {
|
|
342
|
+
throw new ImplementationError(
|
|
343
|
+
"rootKeyPair is required when not using ICAC (2-tier PKI requires RCAC private key to sign NOCs)",
|
|
344
|
+
);
|
|
345
|
+
}
|
|
335
346
|
}
|
|
336
347
|
}
|
|
337
348
|
|
|
338
349
|
#buildStorageData(): CertificateAuthority.Configuration {
|
|
339
|
-
|
|
350
|
+
return {
|
|
340
351
|
rootCertId: this.#rootCertId,
|
|
341
|
-
rootKeyPair: this.#initializedRootKeyPair.keyPair,
|
|
342
352
|
rootKeyIdentifier: this.#initializedRootKeyIdentifier,
|
|
343
353
|
rootCertBytes: this.#initializedRootCertBytes,
|
|
344
354
|
nextCertificateId: this.#nextCertificateId,
|
|
355
|
+
...(this.#icacProps
|
|
356
|
+
? {
|
|
357
|
+
rootKeyPair: this.#rootKeyPair?.keyPair, // rootKeyPair is optional when using ICAC
|
|
358
|
+
icacCertId: this.#icacProps.certId,
|
|
359
|
+
icacKeyPair: this.#icacProps.keyPair.keyPair,
|
|
360
|
+
icacKeyIdentifier: this.#icacProps.keyIdentifier,
|
|
361
|
+
icacCertBytes: this.#icacProps.certBytes,
|
|
362
|
+
}
|
|
363
|
+
: {
|
|
364
|
+
rootKeyPair: this.#initializedRootKeyPair.keyPair,
|
|
365
|
+
}),
|
|
345
366
|
};
|
|
346
|
-
|
|
347
|
-
if (this.#icacProps) {
|
|
348
|
-
data.icacCertId = this.#icacProps.certId;
|
|
349
|
-
data.icacKeyPair = this.#icacProps.keyPair.keyPair;
|
|
350
|
-
data.icacKeyIdentifier = this.#icacProps.keyIdentifier;
|
|
351
|
-
data.icacCertBytes = this.#icacProps.certBytes;
|
|
352
|
-
}
|
|
353
|
-
|
|
354
|
-
return data;
|
|
355
367
|
}
|
|
356
368
|
|
|
357
369
|
#getSigningParameters(): {
|
|
@@ -390,15 +402,41 @@ interface IcacProps {
|
|
|
390
402
|
}
|
|
391
403
|
|
|
392
404
|
export namespace CertificateAuthority {
|
|
393
|
-
|
|
405
|
+
/** Base configuration fields shared by both 2-tier and 3-tier PKI */
|
|
406
|
+
type ConfigurationBase = {
|
|
394
407
|
rootCertId: bigint;
|
|
395
|
-
rootKeyPair: BinaryKeyPair;
|
|
396
408
|
rootKeyIdentifier: Bytes;
|
|
397
409
|
rootCertBytes: Bytes;
|
|
398
410
|
nextCertificateId: bigint;
|
|
399
|
-
icacCertId?: bigint;
|
|
400
|
-
icacKeyPair?: BinaryKeyPair;
|
|
401
|
-
icacKeyIdentifier?: Bytes;
|
|
402
|
-
icacCertBytes?: Bytes;
|
|
403
411
|
};
|
|
412
|
+
|
|
413
|
+
/**
|
|
414
|
+
* Configuration for 2-tier PKI (RCAC -> NOC).
|
|
415
|
+
* rootKeyPair is REQUIRED since RCAC signs NOCs directly.
|
|
416
|
+
*/
|
|
417
|
+
export type ConfigurationWithoutIcac = ConfigurationBase & {
|
|
418
|
+
rootKeyPair: BinaryKeyPair;
|
|
419
|
+
};
|
|
420
|
+
|
|
421
|
+
/**
|
|
422
|
+
* Configuration for 3-tier PKI (RCAC -> ICAC -> NOC).
|
|
423
|
+
* rootKeyPair is OPTIONAL since ICAC signs NOCs, not RCAC.
|
|
424
|
+
* This allows controllers to operate without access to the RCAC private key.
|
|
425
|
+
*/
|
|
426
|
+
export type ConfigurationWithIcac = ConfigurationBase & {
|
|
427
|
+
rootKeyPair?: BinaryKeyPair;
|
|
428
|
+
icacCertId: bigint;
|
|
429
|
+
icacKeyPair: BinaryKeyPair;
|
|
430
|
+
icacKeyIdentifier: Bytes;
|
|
431
|
+
icacCertBytes: Bytes;
|
|
432
|
+
};
|
|
433
|
+
|
|
434
|
+
/**
|
|
435
|
+
* Configuration for CertificateAuthority with external certificates.
|
|
436
|
+
*
|
|
437
|
+
* When using ICAC (3-tier PKI), the rootKeyPair can be omitted since NOCs are signed
|
|
438
|
+
* by the ICAC, not the RCAC. This allows controllers to operate without access to
|
|
439
|
+
* the RCAC private key.
|
|
440
|
+
*/
|
|
441
|
+
export type Configuration = ConfigurationWithoutIcac | ConfigurationWithIcac;
|
|
404
442
|
}
|
package/src/peer/PeerSet.ts
CHANGED
|
@@ -704,7 +704,7 @@ export class PeerSet implements ImmutableSet<Peer>, ObservableSet<Peer> {
|
|
|
704
704
|
|
|
705
705
|
const unsecuredSession = this.#sessions.createUnsecuredSession({
|
|
706
706
|
channel: operationalChannel,
|
|
707
|
-
// Use the session parameters from MDNS announcements when available and rest is assumed to be fall
|
|
707
|
+
// Use the session parameters from MDNS announcements when available and rest is assumed to be fall-backs
|
|
708
708
|
sessionParameters: mergedSessionParameters,
|
|
709
709
|
isInitiator: true,
|
|
710
710
|
});
|