npm - @naylence/advanced-security - Versions diffs - 0.3.0 - Mend

@naylence/advanced-security 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (304) hide show

package/dist/esm/naylence/fame/security/cert/ca-service-client.js ADDED Viewed

@@ -0,0 +1,278 @@
+/**
+ * Certificate client for requesting certificates from a CA signing service.
+ *
+ * Provides async HTTP client to request certificates from the CA signing service.
+ */
+import { CertificateRequestError } from "./ca-types.js";
+// Simple logger for now - TODO: integrate with runtime logging
+const logger = {
+    debug: (_event, _meta) => {
+        // console.log(`[DEBUG] ${event}`, meta);
+    },
+    error: (_event, _meta) => {
+        console.error(`[ERROR] ${_event}`, _meta);
+    },
+};
+export const ENV_VAR_FAME_CA_SERVICE_URL = "FAME_CA_SERVICE_URL";
+/**
+ * Extract certificate information from a PEM certificate.
+ *
+ * Uses node-forge to parse X.509 certificates and extract metadata.
+ *
+ * @param _certPem - Certificate in PEM format (prefixed with underscore as currently unused)
+ * @returns Certificate information object
+ */
+export function extractCertificateInfo(_certPem) {
+    try {
+        // TODO: Implement using node-forge or similar library
+        // For now, return a placeholder
+        return {
+            subject: "TODO: Parse certificate",
+            issuer: "TODO: Parse certificate",
+            serialNumber: "TODO",
+            validFrom: new Date().toISOString(),
+            validUntil: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000).toISOString(),
+            status: "unknown",
+        };
+    }
+    catch (error) {
+        return {
+            subject: "",
+            issuer: "",
+            serialNumber: "",
+            validFrom: "",
+            validUntil: "",
+            status: "unknown",
+            error: `Failed to parse certificate: ${error}`,
+        };
+    }
+}
+/**
+ * Format certificate information in human-readable format.
+ *
+ * @param certPem - Certificate in PEM format
+ * @param certType - Type description for logging (e.g., "Certificate", "CA Certificate")
+ * @returns Formatted string with certificate details
+ */
+export function formatCertificateInfo(certPem, certType = "Certificate") {
+    const info = extractCertificateInfo(certPem);
+    if (info.error) {
+        return `=== ${certType} Information ===\n${info.error}`;
+    }
+    const lines = [
+        `=== ${certType} Information ===`,
+        `Subject: ${info.subject}`,
+        `Issuer: ${info.issuer}`,
+        `Serial Number: ${info.serialNumber}`,
+        `Valid From: ${info.validFrom}`,
+        `Valid Until: ${info.validUntil}`,
+    ];
+    if (info.subjectAlternativeNames && info.subjectAlternativeNames.length > 0) {
+        lines.push(`Subject Alternative Names: ${info.subjectAlternativeNames.join(", ")}`);
+    }
+    if (info.spiffeId) {
+        lines.push(`SPIFFE ID: ${info.spiffeId}`);
+    }
+    if (info.nodeSid) {
+        lines.push(`Node SID: ${info.nodeSid}`);
+    }
+    if (info.nodeId) {
+        lines.push(`Node ID: ${info.nodeId}`);
+    }
+    if (info.logicalHosts && info.logicalHosts.length > 0) {
+        lines.push(`Logical Hosts: ${info.logicalHosts.join(", ")}`);
+    }
+    // Add validity status
+    if (info.status === "valid" && info.daysRemaining !== undefined) {
+        if (info.daysRemaining > 0) {
+            lines.push(`Status: Valid (${info.daysRemaining} days remaining)`);
+        }
+        else if (info.hoursRemaining !== undefined && info.hoursRemaining > 0) {
+            if (info.minutesRemaining !== undefined && info.minutesRemaining > 0) {
+                lines.push(`Status: Valid (${info.hoursRemaining} hours, ${info.minutesRemaining} minutes remaining)`);
+            }
+            else {
+                lines.push(`Status: Valid (${info.hoursRemaining} hours remaining)`);
+            }
+        }
+        else if (info.minutesRemaining !== undefined) {
+            lines.push(`Status: Valid (${info.minutesRemaining} minutes remaining)`);
+        }
+    }
+    else if (info.status === "expired") {
+        lines.push("Status: Expired");
+    }
+    else if (info.status === "not_yet_valid") {
+        lines.push("Status: Not yet valid");
+    }
+    return lines.join("\n");
+}
+/**
+ * Client for requesting certificates from a CA signing service.
+ */
+export class CAServiceClient {
+    /**
+     * Create a new CA service client.
+     *
+     * @param connectionGrant - HTTP connection grant with CA service URL
+     * @param timeoutSeconds - Request timeout in seconds (default: 30)
+     */
+    constructor(connectionGrant, timeoutSeconds = 30.0) {
+        this.authHeader = null;
+        if (!connectionGrant || typeof connectionGrant.url !== "string") {
+            throw new Error("connectionGrant must have a valid url property");
+        }
+        this.connectionGrant = connectionGrant;
+        this.timeoutSeconds = timeoutSeconds;
+    }
+    /**
+     * Set the authorization header for outbound requests.
+     *
+     * @param authHeader - Authorization header value (e.g., "Bearer token")
+     */
+    setAuthHeader(authHeader) {
+        this.authHeader = authHeader;
+    }
+    /**
+     * Request a certificate from the CA service.
+     *
+     * @param csrPem - Certificate Signing Request in PEM format
+     * @param requesterId - ID of the node requesting the certificate
+     * @param physicalPath - Physical path for the node (optional)
+     * @param logicals - Logicals the node will serve (optional)
+     * @returns Tuple of [certificatePem, certificateChainPem]
+     * @throws {CertificateRequestError} If the request fails
+     */
+    async requestCertificate(csrPem, requesterId, physicalPath, logicals) {
+        const requestData = {
+            csr_pem: csrPem,
+            requester_id: requesterId,
+            physical_path: physicalPath,
+            logicals: logicals || [],
+        };
+        const url = `${this.connectionGrant.url.replace(/\/$/, "")}/sign`;
+        logger.debug("requesting_certificate", {
+            requester_id: requesterId,
+            ca_service_url: url,
+            physical_path: physicalPath,
+            logicals,
+        });
+        // Prepare headers
+        const headers = {
+            "Content-Type": "application/json",
+        };
+        if (this.authHeader) {
+            headers["Authorization"] = this.authHeader;
+        }
+        try {
+            // Create abort controller for timeout
+            const controller = new AbortController();
+            const timeoutId = setTimeout(() => controller.abort(), this.timeoutSeconds * 1000);
+            try {
+                const response = await fetch(url, {
+                    method: "POST",
+                    headers,
+                    body: JSON.stringify(requestData),
+                    signal: controller.signal,
+                });
+                clearTimeout(timeoutId);
+                if (response.ok) {
+                    const result = await response.json();
+                    const certificatePem = result.certificate_pem;
+                    const certificateChainPem = result.certificate_chain_pem || certificatePem;
+                    logger.debug("certificate_request_successful", {
+                        requester_id: requesterId,
+                        expires_at: result.expires_at,
+                    });
+                    // Extract and log certificate information with structured logging
+                    const certInfo = extractCertificateInfo(certificatePem);
+                    logger.debug("certificate_details", {
+                        requester_id: requesterId,
+                        certificate_type: "issued_certificate",
+                        ...certInfo,
+                    });
+                    // If we have a separate certificate chain, also log its details
+                    if (certificateChainPem !== certificatePem) {
+                        // Extract individual certificates from the chain
+                        const chainCerts = certificateChainPem
+                            .split("-----END CERTIFICATE-----\n")
+                            .slice(0, -1);
+                        for (let i = 0; i < chainCerts.length; i++) {
+                            const certBlock = chainCerts[i];
+                            if (certBlock && certBlock.trim()) {
+                                const certPemBlock = certBlock + "-----END CERTIFICATE-----\n";
+                                if (i === 0) {
+                                    // First cert in chain is usually the issued certificate
+                                    if (certPemBlock.trim() !== certificatePem.trim()) {
+                                        const chainCertInfo = extractCertificateInfo(certPemBlock);
+                                        logger.debug("certificate_chain_details", {
+                                            requester_id: requesterId,
+                                            certificate_type: "certificate_chain",
+                                            chain_index: i,
+                                            ...chainCertInfo,
+                                        });
+                                    }
+                                }
+                                else {
+                                    // Subsequent certs are intermediate/root CAs
+                                    const caCertInfo = extractCertificateInfo(certPemBlock);
+                                    logger.debug("certificate_chain_details", {
+                                        requester_id: requesterId,
+                                        certificate_type: "ca_certificate",
+                                        chain_index: i,
+                                        ...caCertInfo,
+                                    });
+                                }
+                            }
+                        }
+                    }
+                    return [certificatePem, certificateChainPem];
+                }
+                else {
+                    let errorDetail = "Unknown error";
+                    try {
+                        const bodyText = await response.text();
+                        try {
+                            const errorData = JSON.parse(bodyText);
+                            errorDetail = errorData.detail || bodyText;
+                        }
+                        catch {
+                            errorDetail = bodyText;
+                        }
+                    }
+                    catch {
+                        // Body read failed entirely
+                        errorDetail = `HTTP ${response.status}`;
+                    }
+                    logger.error("certificate_request_failed", {
+                        requester_id: requesterId,
+                        status_code: response.status,
+                        error: errorDetail,
+                    });
+                    throw new CertificateRequestError(`Certificate request failed (HTTP ${response.status}): ${errorDetail}`);
+                }
+            }
+            finally {
+                clearTimeout(timeoutId);
+            }
+        }
+        catch (error) {
+            if (error instanceof CertificateRequestError) {
+                throw error;
+            }
+            if (error instanceof Error && error.name === "AbortError") {
+                logger.error("certificate_request_timeout", {
+                    requester_id: requesterId,
+                    timeout_seconds: this.timeoutSeconds,
+                });
+                throw new CertificateRequestError(`Certificate request timed out after ${this.timeoutSeconds} seconds`);
+            }
+            logger.error("certificate_request_network_error", {
+                requester_id: requesterId,
+                error: String(error),
+            });
+            throw new CertificateRequestError(`Network error requesting certificate: ${error}`);
+        }
+    }
+}
+//# sourceMappingURL=ca-service-client.js.map

package/dist/esm/naylence/fame/security/cert/ca-service-client.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ca-service-client.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/ca-service-client.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AAExD,+DAA+D;AAC/D,MAAM,MAAM,GAAG;IACb,KAAK,EAAE,CAAC,MAAc,EAAE,KAA+B,EAAE,EAAE;QACzD,yCAAyC;IAC3C,CAAC;IACD,KAAK,EAAE,CAAC,MAAc,EAAE,KAA+B,EAAE,EAAE;QACzD,OAAO,CAAC,KAAK,CAAC,WAAW,MAAM,EAAE,EAAE,KAAK,CAAC,CAAC;IAC5C,CAAC;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,2BAA2B,GAAG,qBAAqB,CAAC;AAwBjE;;;;;;;GAOG;AACH,MAAM,UAAU,sBAAsB,CAAC,QAAgB;IACrD,IAAI,CAAC;QACH,sDAAsD;QACtD,gCAAgC;QAChC,OAAO;YACL,OAAO,EAAE,yBAAyB;YAClC,MAAM,EAAE,yBAAyB;YACjC,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,UAAU,EAAE,IAAI,IAAI,CAClB,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CACvC,CAAC,WAAW,EAAE;YACf,MAAM,EAAE,SAAS;SAClB,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,EAAE;YACX,MAAM,EAAE,EAAE;YACV,YAAY,EAAE,EAAE;YAChB,SAAS,EAAE,EAAE;YACb,UAAU,EAAE,EAAE;YACd,MAAM,EAAE,SAAS;YACjB,KAAK,EAAE,gCAAgC,KAAK,EAAE;SAC/C,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAAe,EACf,WAAmB,aAAa;IAEhC,MAAM,IAAI,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;IAE7C,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACf,OAAO,OAAO,QAAQ,qBAAqB,IAAI,CAAC,KAAK,EAAE,CAAC;IAC1D,CAAC;IAED,MAAM,KAAK,GAAG;QACZ,OAAO,QAAQ,kBAAkB;QACjC,YAAY,IAAI,CAAC,OAAO,EAAE;QAC1B,WAAW,IAAI,CAAC,MAAM,EAAE;QACxB,kBAAkB,IAAI,CAAC,YAAY,EAAE;QACrC,eAAe,IAAI,CAAC,SAAS,EAAE;QAC/B,gBAAgB,IAAI,CAAC,UAAU,EAAE;KAClC,CAAC;IAEF,IAAI,IAAI,CAAC,uBAAuB,IAAI,IAAI,CAAC,uBAAuB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5E,KAAK,CAAC,IAAI,CACR,8BAA8B,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACxE,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtD,KAAK,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,sBAAsB;IACtB,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO,IAAI,IAAI,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;QAChE,IAAI,IAAI,CAAC,aAAa,GAAG,CAAC,EAAE,CAAC;YAC3B,KAAK,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,aAAa,kBAAkB,CAAC,CAAC;QACrE,CAAC;aAAM,IAAI,IAAI,CAAC,cAAc,KAAK,SAAS,IAAI,IAAI,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;YACxE,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,IAAI,IAAI,CAAC,gBAAgB,GAAG,CAAC,EAAE,CAAC;gBACrE,KAAK,CAAC,IAAI,CACR,kBAAkB,IAAI,CAAC,cAAc,WAAW,IAAI,CAAC,gBAAgB,qBAAqB,CAC3F,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,cAAc,mBAAmB,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;aAAM,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;YAC/C,KAAK,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,gBAAgB,qBAAqB,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;SAAM,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QACrC,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAChC,CAAC;SAAM,IAAI,IAAI,CAAC,MAAM,KAAK,eAAe,EAAE,CAAC;QAC3C,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IACtC,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,eAAe;IAK1B;;;;;OAKG;IACH,YACE,eAAoC,EACpC,iBAAyB,IAAI;QAVvB,eAAU,GAAkB,IAAI,CAAC;QAYvC,IAAI,CAAC,eAAe,IAAI,OAAO,eAAe,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;YAChE,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;QAED,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QACvC,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;IACvC,CAAC;IAED;;;;OAIG;IACH,aAAa,CAAC,UAAkB;QAC9B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,kBAAkB,CACtB,MAAc,EACd,WAAmB,EACnB,YAAqB,EACrB,QAAmB;QAEnB,MAAM,WAAW,GAAG;YAClB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,WAAW;YACzB,aAAa,EAAE,YAAY;YAC3B,QAAQ,EAAE,QAAQ,IAAI,EAAE;SACzB,CAAC;QAEF,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,OAAO,CAAC;QAElE,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;YACrC,YAAY,EAAE,WAAW;YACzB,cAAc,EAAE,GAAG;YACnB,aAAa,EAAE,YAAY;YAC3B,QAAQ;SACT,CAAC,CAAC;QAEH,kBAAkB;QAClB,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,kBAAkB;SACnC,CAAC;QAEF,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,OAAO,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC;QAC7C,CAAC;QAED,IAAI,CAAC;YACH,sCAAsC;YACtC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,SAAS,GAAG,UAAU,CAC1B,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EACxB,IAAI,CAAC,cAAc,GAAG,IAAI,CAC3B,CAAC;YAEF,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;oBAChC,MAAM,EAAE,MAAM;oBACd,OAAO;oBACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC;oBACjC,MAAM,EAAE,UAAU,CAAC,MAAM;iBAC1B,CAAC,CAAC;gBAEH,YAAY,CAAC,SAAS,CAAC,CAAC;gBAExB,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;oBAChB,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;oBACrC,MAAM,cAAc,GAAW,MAAM,CAAC,eAAe,CAAC;oBACtD,MAAM,mBAAmB,GACvB,MAAM,CAAC,qBAAqB,IAAI,cAAc,CAAC;oBAEjD,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE;wBAC7C,YAAY,EAAE,WAAW;wBACzB,UAAU,EAAE,MAAM,CAAC,UAAU;qBAC9B,CAAC,CAAC;oBAEH,kEAAkE;oBAClE,MAAM,QAAQ,GAAG,sBAAsB,CAAC,cAAc,CAAC,CAAC;oBACxD,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE;wBAClC,YAAY,EAAE,WAAW;wBACzB,gBAAgB,EAAE,oBAAoB;wBACtC,GAAG,QAAQ;qBACZ,CAAC,CAAC;oBAEH,gEAAgE;oBAChE,IAAI,mBAAmB,KAAK,cAAc,EAAE,CAAC;wBAC3C,iDAAiD;wBACjD,MAAM,UAAU,GAAG,mBAAmB;6BACnC,KAAK,CAAC,6BAA6B,CAAC;6BACpC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;wBAEhB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;4BAC3C,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;4BAChC,IAAI,SAAS,IAAI,SAAS,CAAC,IAAI,EAAE,EAAE,CAAC;gCAClC,MAAM,YAAY,GAAG,SAAS,GAAG,6BAA6B,CAAC;gCAE/D,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;oCACZ,wDAAwD;oCACxD,IAAI,YAAY,CAAC,IAAI,EAAE,KAAK,cAAc,CAAC,IAAI,EAAE,EAAE,CAAC;wCAClD,MAAM,aAAa,GAAG,sBAAsB,CAAC,YAAY,CAAC,CAAC;wCAC3D,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE;4CACxC,YAAY,EAAE,WAAW;4CACzB,gBAAgB,EAAE,mBAAmB;4CACrC,WAAW,EAAE,CAAC;4CACd,GAAG,aAAa;yCACjB,CAAC,CAAC;oCACL,CAAC;gCACH,CAAC;qCAAM,CAAC;oCACN,6CAA6C;oCAC7C,MAAM,UAAU,GAAG,sBAAsB,CAAC,YAAY,CAAC,CAAC;oCACxD,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE;wCACxC,YAAY,EAAE,WAAW;wCACzB,gBAAgB,EAAE,gBAAgB;wCAClC,WAAW,EAAE,CAAC;wCACd,GAAG,UAAU;qCACd,CAAC,CAAC;gCACL,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;oBAED,OAAO,CAAC,cAAc,EAAE,mBAAmB,CAAC,CAAC;gBAC/C,CAAC;qBAAM,CAAC;oBACN,IAAI,WAAW,GAAG,eAAe,CAAC;oBAClC,IAAI,CAAC;wBACH,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;wBACvC,IAAI,CAAC;4BACH,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;4BACvC,WAAW,GAAG,SAAS,CAAC,MAAM,IAAI,QAAQ,CAAC;wBAC7C,CAAC;wBAAC,MAAM,CAAC;4BACP,WAAW,GAAG,QAAQ,CAAC;wBACzB,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,4BAA4B;wBAC5B,WAAW,GAAG,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;oBAC1C,CAAC;oBAED,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE;wBACzC,YAAY,EAAE,WAAW;wBACzB,WAAW,EAAE,QAAQ,CAAC,MAAM;wBAC5B,KAAK,EAAE,WAAW;qBACnB,CAAC,CAAC;oBAEH,MAAM,IAAI,uBAAuB,CAC/B,oCAAoC,QAAQ,CAAC,MAAM,MAAM,WAAW,EAAE,CACvE,CAAC;gBACJ,CAAC;YACH,CAAC;oBAAS,CAAC;gBACT,YAAY,CAAC,SAAS,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,uBAAuB,EAAE,CAAC;gBAC7C,MAAM,KAAK,CAAC;YACd,CAAC;YAED,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC1D,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE;oBAC1C,YAAY,EAAE,WAAW;oBACzB,eAAe,EAAE,IAAI,CAAC,cAAc;iBACrC,CAAC,CAAC;gBACH,MAAM,IAAI,uBAAuB,CAC/B,uCAAuC,IAAI,CAAC,cAAc,UAAU,CACrE,CAAC;YACJ,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE;gBAChD,YAAY,EAAE,WAAW;gBACzB,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC;aACrB,CAAC,CAAC;YACH,MAAM,IAAI,uBAAuB,CAC/B,yCAAyC,KAAK,EAAE,CACjD,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}

package/dist/esm/naylence/fame/security/cert/ca-service-factory.js ADDED Viewed

@@ -0,0 +1,61 @@
+/**
+ * Factory pattern for creating CA service instances.
+ *
+ * Provides a unified way to create CAService implementations from configuration.
+ */
+import { AbstractResourceFactory, createDefaultResource, createResource, } from "@naylence/factory";
+/**
+ * Factory for creating CAService instances.
+ *
+ * Supports multiple CAService implementations through the factory pattern.
+ */
+export class CAServiceFactory extends AbstractResourceFactory {
+    /**
+     * Create a CAService instance from configuration.
+     *
+     * @param config - Optional CAService configuration or dictionary
+     * @param options - Additional creation options
+     * @returns Configured CAService instance
+     */
+    static async createCAService(config, options) {
+        if (!config) {
+            // Use default CA service
+            const service = await createDefaultResource("CAServiceFactory", config, options);
+            if (!service) {
+                throw new Error("No default CA service factory registered");
+            }
+            return service;
+        }
+        if (typeof config === "object" && !("type" in config)) {
+            // No type specified, use default
+            const service = await createDefaultResource("CAServiceFactory", config, options);
+            if (!service) {
+                throw new Error("No default CA service factory registered");
+            }
+            return service;
+        }
+        // Create from specific type
+        const configObj = config instanceof Object && "type" in config
+            ? config
+            : { type: "CAService", ...config };
+        const service = await createResource("CAServiceFactory", configObj, options);
+        if (!service) {
+            throw new Error(`Failed to create CA service of type "${configObj.type}"`);
+        }
+        return service;
+    }
+}
+/**
+ * Base type for CA service factories.
+ */
+export const CA_SERVICE_FACTORY_BASE_TYPE = "CAServiceFactory";
+/**
+ * Factory metadata for CAServiceFactory.
+ */
+export const FACTORY_META = {
+    factoryId: "CAServiceFactory",
+    factoryType: CAServiceFactory,
+    resourceType: "CAService",
+    description: "Factory for creating Certificate Authority (CA) service instances",
+};
+//# sourceMappingURL=ca-service-factory.js.map

package/dist/esm/naylence/fame/security/cert/ca-service-factory.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ca-service-factory.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/ca-service-factory.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,cAAc,GACf,MAAM,mBAAmB,CAAC;AAU3B;;;;GAIG;AACH,MAAM,OAAgB,gBAEpB,SAAQ,uBAAqC;IAC7C;;;;;;OAMG;IACH,MAAM,CAAC,KAAK,CAAC,eAAe,CAC1B,MAAkD,EAClD,OAA+B;QAE/B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,yBAAyB;YACzB,MAAM,OAAO,GAAG,MAAM,qBAAqB,CACzC,kBAAkB,EAClB,MAAM,EACN,OAAO,CACR,CAAC;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;YAC9D,CAAC;YACD,OAAO,OAAoB,CAAC;QAC9B,CAAC;QAED,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,IAAI,MAAM,CAAC,EAAE,CAAC;YACtD,iCAAiC;YACjC,MAAM,OAAO,GAAG,MAAM,qBAAqB,CACzC,kBAAkB,EAClB,MAAM,EACN,OAAO,CACR,CAAC;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;YAC9D,CAAC;YACD,OAAO,OAAoB,CAAC;QAC9B,CAAC;QAED,4BAA4B;QAC5B,MAAM,SAAS,GACb,MAAM,YAAY,MAAM,IAAI,MAAM,IAAI,MAAM;YAC1C,CAAC,CAAE,MAA0B;YAC7B,CAAC,CAAE,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,MAAM,EAAsB,CAAC;QAE5D,MAAM,OAAO,GAAG,MAAM,cAAc,CAClC,kBAAkB,EAClB,SAAS,EACT,OAAO,CACR,CAAC;QACF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CACb,wCAAwC,SAAS,CAAC,IAAI,GAAG,CAC1D,CAAC;QACJ,CAAC;QACD,OAAO,OAAoB,CAAC;IAC9B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,kBAAkB,CAAC;AAE/D;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,SAAS,EAAE,kBAAkB;IAC7B,WAAW,EAAE,gBAAgB;IAC7B,YAAY,EAAE,WAAW;IACzB,WAAW,EACT,mEAAmE;CACtE,CAAC"}

package/dist/esm/naylence/fame/security/cert/ca-types.js ADDED Viewed

@@ -0,0 +1,31 @@
+/**
+ * Certificate Authority (CA) types and interfaces.
+ *
+ * Provides type definitions for CA service operations, certificate signing requests,
+ * and certificate issuance responses.
+ */
+/**
+ * Abstract CA signing service interface.
+ *
+ * Defines the contract for certificate authority services that can issue
+ * certificates from certificate signing requests.
+ */
+export class CAService {
+    /**
+     * Optional authorizer for request authentication.
+     */
+    get authorizer() {
+        return null;
+    }
+}
+/**
+ * Error thrown when a certificate request fails.
+ */
+export class CertificateRequestError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "CertificateRequestError";
+        Object.setPrototypeOf(this, CertificateRequestError.prototype);
+    }
+}
+//# sourceMappingURL=ca-types.js.map

package/dist/esm/naylence/fame/security/cert/ca-types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ca-types.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/ca-types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAyCH;;;;;GAKG;AACH,MAAM,OAAgB,SAAS;IAC7B;;OAEG;IACH,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC;IACd,CAAC;CAWF;AAED;;GAEG;AACH,MAAM,OAAO,uBAAwB,SAAQ,KAAK;IAChD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;QACtC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,uBAAuB,CAAC,SAAS,CAAC,CAAC;IACjE,CAAC;CACF"}

package/dist/esm/naylence/fame/security/cert/default-ca-service-factory.js ADDED Viewed

@@ -0,0 +1,66 @@
+/**
+ * Factory for creating DefaultCAService instances.
+ *
+ * Provides the default CA service implementation with environment variable support.
+ */
+import { AbstractResourceFactory } from "@naylence/factory";
+import { DefaultCAService } from "./default-ca-service.js";
+/**
+ * Factory metadata for DefaultCAServiceFactory.
+ */
+export const FACTORY_META = {
+    base: "CAServiceFactory",
+    key: "DefaultCAService",
+};
+/**
+ * Normalize configuration from snake_case or camelCase to standard format.
+ */
+function normalizeConfig(config) {
+    if (!config) {
+        return { type: "DefaultCAService" };
+    }
+    const { type: _ignoredType, ...rest } = config;
+    return {
+        ...rest,
+        type: "DefaultCAService",
+    };
+}
+/**
+ * Factory for creating DefaultCAService instances.
+ */
+export class DefaultCAServiceFactory extends AbstractResourceFactory {
+    constructor() {
+        super(...arguments);
+        this.type = "DefaultCAService";
+        this.isDefault = true;
+        this.priority = 100;
+    }
+    /**
+     * Create a DefaultCAService instance.
+     *
+     * @param config - DefaultCAService configuration
+     * @returns Configured DefaultCAService instance
+     */
+    async create(config, ..._factoryArgs) {
+        const normalizedConfig = normalizeConfig(config);
+        // Extract configuration with snake_case fallbacks
+        const caCertPem = normalizedConfig.caCertPem ?? normalizedConfig.ca_cert_pem;
+        const caKeyPem = normalizedConfig.caKeyPem ?? normalizedConfig.ca_key_pem;
+        const intermediateChainPem = normalizedConfig.intermediateChainPem ??
+            normalizedConfig.intermediate_chain_pem;
+        const signingCertPem = normalizedConfig.signingCertPem ?? normalizedConfig.signing_cert_pem;
+        const signingKeyPem = normalizedConfig.signingKeyPem ?? normalizedConfig.signing_key_pem;
+        // TODO: Create authorizer from config when AuthorizerFactory is available
+        const authorizer = undefined;
+        return new DefaultCAService({
+            caCertPem,
+            caKeyPem,
+            intermediateChainPem,
+            signingCertPem,
+            signingKeyPem,
+            authorizer,
+        });
+    }
+}
+export default DefaultCAServiceFactory;
+//# sourceMappingURL=default-ca-service-factory.js.map

package/dist/esm/naylence/fame/security/cert/default-ca-service-factory.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"default-ca-service-factory.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/default-ca-service-factory.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,uBAAuB,EAAE,MAAM,mBAAmB,CAAC;AAG5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAgC3D;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,IAAI,EAAE,kBAAkB;IACxB,GAAG,EAAE,kBAAkB;CACf,CAAC;AAEX;;GAEG;AACH,SAAS,eAAe,CACtB,MAAgE;IAEhE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC;IACtC,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,IAAI,EAAE,GAAG,MAAiC,CAAC;IAC1E,OAAO;QACL,GAAG,IAAI;QACP,IAAI,EAAE,kBAAkB;KACC,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,uBAAwB,SAAQ,uBAG5C;IAHD;;QAIkB,SAAI,GAAG,kBAAkB,CAAC;QAC1B,cAAS,GAAG,IAAI,CAAC;QACjB,aAAQ,GAAG,GAAG,CAAC;IAsCjC,CAAC;IApCC;;;;;OAKG;IACI,KAAK,CAAC,MAAM,CACjB,MAAgE,EAChE,GAAG,YAAuB;QAE1B,MAAM,gBAAgB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QAEjD,kDAAkD;QAClD,MAAM,SAAS,GACb,gBAAgB,CAAC,SAAS,IAAI,gBAAgB,CAAC,WAAW,CAAC;QAC7D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,IAAI,gBAAgB,CAAC,UAAU,CAAC;QAC1E,MAAM,oBAAoB,GACxB,gBAAgB,CAAC,oBAAoB;YACrC,gBAAgB,CAAC,sBAAsB,CAAC;QAC1C,MAAM,cAAc,GAClB,gBAAgB,CAAC,cAAc,IAAI,gBAAgB,CAAC,gBAAgB,CAAC;QACvE,MAAM,aAAa,GACjB,gBAAgB,CAAC,aAAa,IAAI,gBAAgB,CAAC,eAAe,CAAC;QAErE,0EAA0E;QAC1E,MAAM,UAAU,GAA2B,SAAS,CAAC;QAErD,OAAO,IAAI,gBAAgB,CAAC;YAC1B,SAAS;YACT,QAAQ;YACR,oBAAoB;YACpB,cAAc;YACd,aAAa;YACb,UAAU;SACX,CAAC,CAAC;IACL,CAAC;CACF;AAED,eAAe,uBAAuB,CAAC"}