npm - @naylence/advanced-security - Versions diffs - 0.3.0 - Mend

@naylence/advanced-security 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (304) hide show

package/dist/cjs/browser.js ADDED Viewed

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+// Browser-friendly entry point. Limit exports to APIs that are safe for browser usage.
+tslib_1.__exportStar(require("./index.js"), exports);
+//# sourceMappingURL=browser.js.map

package/dist/cjs/browser.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"browser.js","sourceRoot":"","sources":["../../src/browser.ts"],"names":[],"mappings":";;;AAAA,uFAAuF;AACvF,qDAA2B"}

package/dist/cjs/index.js ADDED Viewed

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./naylence/fame/security/index.js"), exports);
+tslib_1.__exportStar(require("./naylence/fame/stickiness/index.js"), exports);
+tslib_1.__exportStar(require("./naylence/fame/welcome/index.js"), exports);
+//# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAAA,4EAAkD;AAClD,8EAAoD;AACpD,2EAAiD"}

package/dist/cjs/naylence/fame/factory-manifest.js ADDED Viewed

@@ -0,0 +1,24 @@
+"use strict";
+/**
+ * AUTO-GENERATED FILE. DO NOT EDIT DIRECTLY.
+ * Generated by scripts/generate-factory-manifest.mjs
+ *
+ * Provides the list of advanced security factory modules for registration.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MODULES = void 0;
+exports.MODULES = [
+    "./security/cert/default-ca-service-factory.js",
+    "./security/cert/default-certificate-manager-factory.js",
+    "./security/encryption/channel/channel-encryption-manager-factory.js",
+    "./security/encryption/composite-encryption-manager-factory.js",
+    "./security/encryption/default-secure-channel-manager-factory.js",
+    "./security/encryption/sealed/x25519-encryption-manager-factory.js",
+    "./security/keys/x5c-key-manager-factory.js",
+    "./security/signing/eddsa-envelope-signer-factory.js",
+    "./security/signing/eddsa-envelope-verifier-factory.js",
+    "./stickiness/aft-load-balancer-stickiness-manager-factory.js",
+    "./stickiness/aft-replica-stickiness-manager-factory.js",
+    "./welcome/advanced-welcome-service-factory.js"
+];
+//# sourceMappingURL=factory-manifest.js.map

package/dist/cjs/naylence/fame/factory-manifest.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"factory-manifest.js","sourceRoot":"","sources":["../../../../src/naylence/fame/factory-manifest.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEU,QAAA,OAAO,GAAG;IACrB,+CAA+C;IAC/C,wDAAwD;IACxD,qEAAqE;IACrE,+DAA+D;IAC/D,iEAAiE;IACjE,mEAAmE;IACnE,4CAA4C;IAC5C,qDAAqD;IACrD,uDAAuD;IACvD,8DAA8D;IAC9D,wDAAwD;IACxD,+CAA+C;CACvC,CAAC"}

package/dist/cjs/naylence/fame/security/cert/ca-service-client.js ADDED Viewed

@@ -0,0 +1,284 @@
+"use strict";
+/**
+ * Certificate client for requesting certificates from a CA signing service.
+ *
+ * Provides async HTTP client to request certificates from the CA signing service.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CAServiceClient = exports.ENV_VAR_FAME_CA_SERVICE_URL = void 0;
+exports.extractCertificateInfo = extractCertificateInfo;
+exports.formatCertificateInfo = formatCertificateInfo;
+const ca_types_js_1 = require("./ca-types.js");
+// Simple logger for now - TODO: integrate with runtime logging
+const logger = {
+    debug: (_event, _meta) => {
+        // console.log(`[DEBUG] ${event}`, meta);
+    },
+    error: (_event, _meta) => {
+        console.error(`[ERROR] ${_event}`, _meta);
+    },
+};
+exports.ENV_VAR_FAME_CA_SERVICE_URL = "FAME_CA_SERVICE_URL";
+/**
+ * Extract certificate information from a PEM certificate.
+ *
+ * Uses node-forge to parse X.509 certificates and extract metadata.
+ *
+ * @param _certPem - Certificate in PEM format (prefixed with underscore as currently unused)
+ * @returns Certificate information object
+ */
+function extractCertificateInfo(_certPem) {
+    try {
+        // TODO: Implement using node-forge or similar library
+        // For now, return a placeholder
+        return {
+            subject: "TODO: Parse certificate",
+            issuer: "TODO: Parse certificate",
+            serialNumber: "TODO",
+            validFrom: new Date().toISOString(),
+            validUntil: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000).toISOString(),
+            status: "unknown",
+        };
+    }
+    catch (error) {
+        return {
+            subject: "",
+            issuer: "",
+            serialNumber: "",
+            validFrom: "",
+            validUntil: "",
+            status: "unknown",
+            error: `Failed to parse certificate: ${error}`,
+        };
+    }
+}
+/**
+ * Format certificate information in human-readable format.
+ *
+ * @param certPem - Certificate in PEM format
+ * @param certType - Type description for logging (e.g., "Certificate", "CA Certificate")
+ * @returns Formatted string with certificate details
+ */
+function formatCertificateInfo(certPem, certType = "Certificate") {
+    const info = extractCertificateInfo(certPem);
+    if (info.error) {
+        return `=== ${certType} Information ===\n${info.error}`;
+    }
+    const lines = [
+        `=== ${certType} Information ===`,
+        `Subject: ${info.subject}`,
+        `Issuer: ${info.issuer}`,
+        `Serial Number: ${info.serialNumber}`,
+        `Valid From: ${info.validFrom}`,
+        `Valid Until: ${info.validUntil}`,
+    ];
+    if (info.subjectAlternativeNames && info.subjectAlternativeNames.length > 0) {
+        lines.push(`Subject Alternative Names: ${info.subjectAlternativeNames.join(", ")}`);
+    }
+    if (info.spiffeId) {
+        lines.push(`SPIFFE ID: ${info.spiffeId}`);
+    }
+    if (info.nodeSid) {
+        lines.push(`Node SID: ${info.nodeSid}`);
+    }
+    if (info.nodeId) {
+        lines.push(`Node ID: ${info.nodeId}`);
+    }
+    if (info.logicalHosts && info.logicalHosts.length > 0) {
+        lines.push(`Logical Hosts: ${info.logicalHosts.join(", ")}`);
+    }
+    // Add validity status
+    if (info.status === "valid" && info.daysRemaining !== undefined) {
+        if (info.daysRemaining > 0) {
+            lines.push(`Status: Valid (${info.daysRemaining} days remaining)`);
+        }
+        else if (info.hoursRemaining !== undefined && info.hoursRemaining > 0) {
+            if (info.minutesRemaining !== undefined && info.minutesRemaining > 0) {
+                lines.push(`Status: Valid (${info.hoursRemaining} hours, ${info.minutesRemaining} minutes remaining)`);
+            }
+            else {
+                lines.push(`Status: Valid (${info.hoursRemaining} hours remaining)`);
+            }
+        }
+        else if (info.minutesRemaining !== undefined) {
+            lines.push(`Status: Valid (${info.minutesRemaining} minutes remaining)`);
+        }
+    }
+    else if (info.status === "expired") {
+        lines.push("Status: Expired");
+    }
+    else if (info.status === "not_yet_valid") {
+        lines.push("Status: Not yet valid");
+    }
+    return lines.join("\n");
+}
+/**
+ * Client for requesting certificates from a CA signing service.
+ */
+class CAServiceClient {
+    /**
+     * Create a new CA service client.
+     *
+     * @param connectionGrant - HTTP connection grant with CA service URL
+     * @param timeoutSeconds - Request timeout in seconds (default: 30)
+     */
+    constructor(connectionGrant, timeoutSeconds = 30.0) {
+        this.authHeader = null;
+        if (!connectionGrant || typeof connectionGrant.url !== "string") {
+            throw new Error("connectionGrant must have a valid url property");
+        }
+        this.connectionGrant = connectionGrant;
+        this.timeoutSeconds = timeoutSeconds;
+    }
+    /**
+     * Set the authorization header for outbound requests.
+     *
+     * @param authHeader - Authorization header value (e.g., "Bearer token")
+     */
+    setAuthHeader(authHeader) {
+        this.authHeader = authHeader;
+    }
+    /**
+     * Request a certificate from the CA service.
+     *
+     * @param csrPem - Certificate Signing Request in PEM format
+     * @param requesterId - ID of the node requesting the certificate
+     * @param physicalPath - Physical path for the node (optional)
+     * @param logicals - Logicals the node will serve (optional)
+     * @returns Tuple of [certificatePem, certificateChainPem]
+     * @throws {CertificateRequestError} If the request fails
+     */
+    async requestCertificate(csrPem, requesterId, physicalPath, logicals) {
+        const requestData = {
+            csr_pem: csrPem,
+            requester_id: requesterId,
+            physical_path: physicalPath,
+            logicals: logicals || [],
+        };
+        const url = `${this.connectionGrant.url.replace(/\/$/, "")}/sign`;
+        logger.debug("requesting_certificate", {
+            requester_id: requesterId,
+            ca_service_url: url,
+            physical_path: physicalPath,
+            logicals,
+        });
+        // Prepare headers
+        const headers = {
+            "Content-Type": "application/json",
+        };
+        if (this.authHeader) {
+            headers["Authorization"] = this.authHeader;
+        }
+        try {
+            // Create abort controller for timeout
+            const controller = new AbortController();
+            const timeoutId = setTimeout(() => controller.abort(), this.timeoutSeconds * 1000);
+            try {
+                const response = await fetch(url, {
+                    method: "POST",
+                    headers,
+                    body: JSON.stringify(requestData),
+                    signal: controller.signal,
+                });
+                clearTimeout(timeoutId);
+                if (response.ok) {
+                    const result = await response.json();
+                    const certificatePem = result.certificate_pem;
+                    const certificateChainPem = result.certificate_chain_pem || certificatePem;
+                    logger.debug("certificate_request_successful", {
+                        requester_id: requesterId,
+                        expires_at: result.expires_at,
+                    });
+                    // Extract and log certificate information with structured logging
+                    const certInfo = extractCertificateInfo(certificatePem);
+                    logger.debug("certificate_details", {
+                        requester_id: requesterId,
+                        certificate_type: "issued_certificate",
+                        ...certInfo,
+                    });
+                    // If we have a separate certificate chain, also log its details
+                    if (certificateChainPem !== certificatePem) {
+                        // Extract individual certificates from the chain
+                        const chainCerts = certificateChainPem
+                            .split("-----END CERTIFICATE-----\n")
+                            .slice(0, -1);
+                        for (let i = 0; i < chainCerts.length; i++) {
+                            const certBlock = chainCerts[i];
+                            if (certBlock && certBlock.trim()) {
+                                const certPemBlock = certBlock + "-----END CERTIFICATE-----\n";
+                                if (i === 0) {
+                                    // First cert in chain is usually the issued certificate
+                                    if (certPemBlock.trim() !== certificatePem.trim()) {
+                                        const chainCertInfo = extractCertificateInfo(certPemBlock);
+                                        logger.debug("certificate_chain_details", {
+                                            requester_id: requesterId,
+                                            certificate_type: "certificate_chain",
+                                            chain_index: i,
+                                            ...chainCertInfo,
+                                        });
+                                    }
+                                }
+                                else {
+                                    // Subsequent certs are intermediate/root CAs
+                                    const caCertInfo = extractCertificateInfo(certPemBlock);
+                                    logger.debug("certificate_chain_details", {
+                                        requester_id: requesterId,
+                                        certificate_type: "ca_certificate",
+                                        chain_index: i,
+                                        ...caCertInfo,
+                                    });
+                                }
+                            }
+                        }
+                    }
+                    return [certificatePem, certificateChainPem];
+                }
+                else {
+                    let errorDetail = "Unknown error";
+                    try {
+                        const bodyText = await response.text();
+                        try {
+                            const errorData = JSON.parse(bodyText);
+                            errorDetail = errorData.detail || bodyText;
+                        }
+                        catch {
+                            errorDetail = bodyText;
+                        }
+                    }
+                    catch {
+                        // Body read failed entirely
+                        errorDetail = `HTTP ${response.status}`;
+                    }
+                    logger.error("certificate_request_failed", {
+                        requester_id: requesterId,
+                        status_code: response.status,
+                        error: errorDetail,
+                    });
+                    throw new ca_types_js_1.CertificateRequestError(`Certificate request failed (HTTP ${response.status}): ${errorDetail}`);
+                }
+            }
+            finally {
+                clearTimeout(timeoutId);
+            }
+        }
+        catch (error) {
+            if (error instanceof ca_types_js_1.CertificateRequestError) {
+                throw error;
+            }
+            if (error instanceof Error && error.name === "AbortError") {
+                logger.error("certificate_request_timeout", {
+                    requester_id: requesterId,
+                    timeout_seconds: this.timeoutSeconds,
+                });
+                throw new ca_types_js_1.CertificateRequestError(`Certificate request timed out after ${this.timeoutSeconds} seconds`);
+            }
+            logger.error("certificate_request_network_error", {
+                requester_id: requesterId,
+                error: String(error),
+            });
+            throw new ca_types_js_1.CertificateRequestError(`Network error requesting certificate: ${error}`);
+        }
+    }
+}
+exports.CAServiceClient = CAServiceClient;
+//# sourceMappingURL=ca-service-client.js.map

package/dist/cjs/naylence/fame/security/cert/ca-service-client.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ca-service-client.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/ca-service-client.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AA+CH,wDAyBC;AASD,sDA+DC;AA7ID,+CAAwD;AAExD,+DAA+D;AAC/D,MAAM,MAAM,GAAG;IACb,KAAK,EAAE,CAAC,MAAc,EAAE,KAA+B,EAAE,EAAE;QACzD,yCAAyC;IAC3C,CAAC;IACD,KAAK,EAAE,CAAC,MAAc,EAAE,KAA+B,EAAE,EAAE;QACzD,OAAO,CAAC,KAAK,CAAC,WAAW,MAAM,EAAE,EAAE,KAAK,CAAC,CAAC;IAC5C,CAAC;CACF,CAAC;AAEW,QAAA,2BAA2B,GAAG,qBAAqB,CAAC;AAwBjE;;;;;;;GAOG;AACH,SAAgB,sBAAsB,CAAC,QAAgB;IACrD,IAAI,CAAC;QACH,sDAAsD;QACtD,gCAAgC;QAChC,OAAO;YACL,OAAO,EAAE,yBAAyB;YAClC,MAAM,EAAE,yBAAyB;YACjC,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,UAAU,EAAE,IAAI,IAAI,CAClB,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CACvC,CAAC,WAAW,EAAE;YACf,MAAM,EAAE,SAAS;SAClB,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,EAAE;YACX,MAAM,EAAE,EAAE;YACV,YAAY,EAAE,EAAE;YAChB,SAAS,EAAE,EAAE;YACb,UAAU,EAAE,EAAE;YACd,MAAM,EAAE,SAAS;YACjB,KAAK,EAAE,gCAAgC,KAAK,EAAE;SAC/C,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,qBAAqB,CACnC,OAAe,EACf,WAAmB,aAAa;IAEhC,MAAM,IAAI,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;IAE7C,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACf,OAAO,OAAO,QAAQ,qBAAqB,IAAI,CAAC,KAAK,EAAE,CAAC;IAC1D,CAAC;IAED,MAAM,KAAK,GAAG;QACZ,OAAO,QAAQ,kBAAkB;QACjC,YAAY,IAAI,CAAC,OAAO,EAAE;QAC1B,WAAW,IAAI,CAAC,MAAM,EAAE;QACxB,kBAAkB,IAAI,CAAC,YAAY,EAAE;QACrC,eAAe,IAAI,CAAC,SAAS,EAAE;QAC/B,gBAAgB,IAAI,CAAC,UAAU,EAAE;KAClC,CAAC;IAEF,IAAI,IAAI,CAAC,uBAAuB,IAAI,IAAI,CAAC,uBAAuB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5E,KAAK,CAAC,IAAI,CACR,8BAA8B,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACxE,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtD,KAAK,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,sBAAsB;IACtB,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO,IAAI,IAAI,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;QAChE,IAAI,IAAI,CAAC,aAAa,GAAG,CAAC,EAAE,CAAC;YAC3B,KAAK,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,aAAa,kBAAkB,CAAC,CAAC;QACrE,CAAC;aAAM,IAAI,IAAI,CAAC,cAAc,KAAK,SAAS,IAAI,IAAI,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;YACxE,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,IAAI,IAAI,CAAC,gBAAgB,GAAG,CAAC,EAAE,CAAC;gBACrE,KAAK,CAAC,IAAI,CACR,kBAAkB,IAAI,CAAC,cAAc,WAAW,IAAI,CAAC,gBAAgB,qBAAqB,CAC3F,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,cAAc,mBAAmB,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;aAAM,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;YAC/C,KAAK,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,gBAAgB,qBAAqB,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;SAAM,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QACrC,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAChC,CAAC;SAAM,IAAI,IAAI,CAAC,MAAM,KAAK,eAAe,EAAE,CAAC;QAC3C,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IACtC,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAa,eAAe;IAK1B;;;;;OAKG;IACH,YACE,eAAoC,EACpC,iBAAyB,IAAI;QAVvB,eAAU,GAAkB,IAAI,CAAC;QAYvC,IAAI,CAAC,eAAe,IAAI,OAAO,eAAe,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;YAChE,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;QAED,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QACvC,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;IACvC,CAAC;IAED;;;;OAIG;IACH,aAAa,CAAC,UAAkB;QAC9B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,kBAAkB,CACtB,MAAc,EACd,WAAmB,EACnB,YAAqB,EACrB,QAAmB;QAEnB,MAAM,WAAW,GAAG;YAClB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,WAAW;YACzB,aAAa,EAAE,YAAY;YAC3B,QAAQ,EAAE,QAAQ,IAAI,EAAE;SACzB,CAAC;QAEF,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,OAAO,CAAC;QAElE,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE;YACrC,YAAY,EAAE,WAAW;YACzB,cAAc,EAAE,GAAG;YACnB,aAAa,EAAE,YAAY;YAC3B,QAAQ;SACT,CAAC,CAAC;QAEH,kBAAkB;QAClB,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,kBAAkB;SACnC,CAAC;QAEF,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,OAAO,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC;QAC7C,CAAC;QAED,IAAI,CAAC;YACH,sCAAsC;YACtC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,SAAS,GAAG,UAAU,CAC1B,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EACxB,IAAI,CAAC,cAAc,GAAG,IAAI,CAC3B,CAAC;YAEF,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;oBAChC,MAAM,EAAE,MAAM;oBACd,OAAO;oBACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC;oBACjC,MAAM,EAAE,UAAU,CAAC,MAAM;iBAC1B,CAAC,CAAC;gBAEH,YAAY,CAAC,SAAS,CAAC,CAAC;gBAExB,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;oBAChB,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;oBACrC,MAAM,cAAc,GAAW,MAAM,CAAC,eAAe,CAAC;oBACtD,MAAM,mBAAmB,GACvB,MAAM,CAAC,qBAAqB,IAAI,cAAc,CAAC;oBAEjD,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE;wBAC7C,YAAY,EAAE,WAAW;wBACzB,UAAU,EAAE,MAAM,CAAC,UAAU;qBAC9B,CAAC,CAAC;oBAEH,kEAAkE;oBAClE,MAAM,QAAQ,GAAG,sBAAsB,CAAC,cAAc,CAAC,CAAC;oBACxD,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE;wBAClC,YAAY,EAAE,WAAW;wBACzB,gBAAgB,EAAE,oBAAoB;wBACtC,GAAG,QAAQ;qBACZ,CAAC,CAAC;oBAEH,gEAAgE;oBAChE,IAAI,mBAAmB,KAAK,cAAc,EAAE,CAAC;wBAC3C,iDAAiD;wBACjD,MAAM,UAAU,GAAG,mBAAmB;6BACnC,KAAK,CAAC,6BAA6B,CAAC;6BACpC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;wBAEhB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;4BAC3C,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;4BAChC,IAAI,SAAS,IAAI,SAAS,CAAC,IAAI,EAAE,EAAE,CAAC;gCAClC,MAAM,YAAY,GAAG,SAAS,GAAG,6BAA6B,CAAC;gCAE/D,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;oCACZ,wDAAwD;oCACxD,IAAI,YAAY,CAAC,IAAI,EAAE,KAAK,cAAc,CAAC,IAAI,EAAE,EAAE,CAAC;wCAClD,MAAM,aAAa,GAAG,sBAAsB,CAAC,YAAY,CAAC,CAAC;wCAC3D,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE;4CACxC,YAAY,EAAE,WAAW;4CACzB,gBAAgB,EAAE,mBAAmB;4CACrC,WAAW,EAAE,CAAC;4CACd,GAAG,aAAa;yCACjB,CAAC,CAAC;oCACL,CAAC;gCACH,CAAC;qCAAM,CAAC;oCACN,6CAA6C;oCAC7C,MAAM,UAAU,GAAG,sBAAsB,CAAC,YAAY,CAAC,CAAC;oCACxD,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE;wCACxC,YAAY,EAAE,WAAW;wCACzB,gBAAgB,EAAE,gBAAgB;wCAClC,WAAW,EAAE,CAAC;wCACd,GAAG,UAAU;qCACd,CAAC,CAAC;gCACL,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;oBAED,OAAO,CAAC,cAAc,EAAE,mBAAmB,CAAC,CAAC;gBAC/C,CAAC;qBAAM,CAAC;oBACN,IAAI,WAAW,GAAG,eAAe,CAAC;oBAClC,IAAI,CAAC;wBACH,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;wBACvC,IAAI,CAAC;4BACH,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;4BACvC,WAAW,GAAG,SAAS,CAAC,MAAM,IAAI,QAAQ,CAAC;wBAC7C,CAAC;wBAAC,MAAM,CAAC;4BACP,WAAW,GAAG,QAAQ,CAAC;wBACzB,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,4BAA4B;wBAC5B,WAAW,GAAG,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;oBAC1C,CAAC;oBAED,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE;wBACzC,YAAY,EAAE,WAAW;wBACzB,WAAW,EAAE,QAAQ,CAAC,MAAM;wBAC5B,KAAK,EAAE,WAAW;qBACnB,CAAC,CAAC;oBAEH,MAAM,IAAI,qCAAuB,CAC/B,oCAAoC,QAAQ,CAAC,MAAM,MAAM,WAAW,EAAE,CACvE,CAAC;gBACJ,CAAC;YACH,CAAC;oBAAS,CAAC;gBACT,YAAY,CAAC,SAAS,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,qCAAuB,EAAE,CAAC;gBAC7C,MAAM,KAAK,CAAC;YACd,CAAC;YAED,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC1D,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE;oBAC1C,YAAY,EAAE,WAAW;oBACzB,eAAe,EAAE,IAAI,CAAC,cAAc;iBACrC,CAAC,CAAC;gBACH,MAAM,IAAI,qCAAuB,CAC/B,uCAAuC,IAAI,CAAC,cAAc,UAAU,CACrE,CAAC;YACJ,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE;gBAChD,YAAY,EAAE,WAAW;gBACzB,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC;aACrB,CAAC,CAAC;YACH,MAAM,IAAI,qCAAuB,CAC/B,yCAAyC,KAAK,EAAE,CACjD,CAAC;QACJ,CAAC;IACH,CAAC;CACF;AAxMD,0CAwMC"}

package/dist/cjs/naylence/fame/security/cert/ca-service-factory.js ADDED Viewed

@@ -0,0 +1,65 @@
+"use strict";
+/**
+ * Factory pattern for creating CA service instances.
+ *
+ * Provides a unified way to create CAService implementations from configuration.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FACTORY_META = exports.CA_SERVICE_FACTORY_BASE_TYPE = exports.CAServiceFactory = void 0;
+const factory_1 = require("@naylence/factory");
+/**
+ * Factory for creating CAService instances.
+ *
+ * Supports multiple CAService implementations through the factory pattern.
+ */
+class CAServiceFactory extends factory_1.AbstractResourceFactory {
+    /**
+     * Create a CAService instance from configuration.
+     *
+     * @param config - Optional CAService configuration or dictionary
+     * @param options - Additional creation options
+     * @returns Configured CAService instance
+     */
+    static async createCAService(config, options) {
+        if (!config) {
+            // Use default CA service
+            const service = await (0, factory_1.createDefaultResource)("CAServiceFactory", config, options);
+            if (!service) {
+                throw new Error("No default CA service factory registered");
+            }
+            return service;
+        }
+        if (typeof config === "object" && !("type" in config)) {
+            // No type specified, use default
+            const service = await (0, factory_1.createDefaultResource)("CAServiceFactory", config, options);
+            if (!service) {
+                throw new Error("No default CA service factory registered");
+            }
+            return service;
+        }
+        // Create from specific type
+        const configObj = config instanceof Object && "type" in config
+            ? config
+            : { type: "CAService", ...config };
+        const service = await (0, factory_1.createResource)("CAServiceFactory", configObj, options);
+        if (!service) {
+            throw new Error(`Failed to create CA service of type "${configObj.type}"`);
+        }
+        return service;
+    }
+}
+exports.CAServiceFactory = CAServiceFactory;
+/**
+ * Base type for CA service factories.
+ */
+exports.CA_SERVICE_FACTORY_BASE_TYPE = "CAServiceFactory";
+/**
+ * Factory metadata for CAServiceFactory.
+ */
+exports.FACTORY_META = {
+    factoryId: "CAServiceFactory",
+    factoryType: CAServiceFactory,
+    resourceType: "CAService",
+    description: "Factory for creating Certificate Authority (CA) service instances",
+};
+//# sourceMappingURL=ca-service-factory.js.map

package/dist/cjs/naylence/fame/security/cert/ca-service-factory.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ca-service-factory.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/ca-service-factory.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAGH,+CAI2B;AAU3B;;;;GAIG;AACH,MAAsB,gBAEpB,SAAQ,iCAAqC;IAC7C;;;;;;OAMG;IACH,MAAM,CAAC,KAAK,CAAC,eAAe,CAC1B,MAAkD,EAClD,OAA+B;QAE/B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,yBAAyB;YACzB,MAAM,OAAO,GAAG,MAAM,IAAA,+BAAqB,EACzC,kBAAkB,EAClB,MAAM,EACN,OAAO,CACR,CAAC;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;YAC9D,CAAC;YACD,OAAO,OAAoB,CAAC;QAC9B,CAAC;QAED,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,IAAI,MAAM,CAAC,EAAE,CAAC;YACtD,iCAAiC;YACjC,MAAM,OAAO,GAAG,MAAM,IAAA,+BAAqB,EACzC,kBAAkB,EAClB,MAAM,EACN,OAAO,CACR,CAAC;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;YAC9D,CAAC;YACD,OAAO,OAAoB,CAAC;QAC9B,CAAC;QAED,4BAA4B;QAC5B,MAAM,SAAS,GACb,MAAM,YAAY,MAAM,IAAI,MAAM,IAAI,MAAM;YAC1C,CAAC,CAAE,MAA0B;YAC7B,CAAC,CAAE,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,MAAM,EAAsB,CAAC;QAE5D,MAAM,OAAO,GAAG,MAAM,IAAA,wBAAc,EAClC,kBAAkB,EAClB,SAAS,EACT,OAAO,CACR,CAAC;QACF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CACb,wCAAwC,SAAS,CAAC,IAAI,GAAG,CAC1D,CAAC;QACJ,CAAC;QACD,OAAO,OAAoB,CAAC;IAC9B,CAAC;CACF;AA1DD,4CA0DC;AAED;;GAEG;AACU,QAAA,4BAA4B,GAAG,kBAAkB,CAAC;AAE/D;;GAEG;AACU,QAAA,YAAY,GAAG;IAC1B,SAAS,EAAE,kBAAkB;IAC7B,WAAW,EAAE,gBAAgB;IAC7B,YAAY,EAAE,WAAW;IACzB,WAAW,EACT,mEAAmE;CACtE,CAAC"}

package/dist/cjs/naylence/fame/security/cert/ca-types.js ADDED Viewed

@@ -0,0 +1,36 @@
+"use strict";
+/**
+ * Certificate Authority (CA) types and interfaces.
+ *
+ * Provides type definitions for CA service operations, certificate signing requests,
+ * and certificate issuance responses.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CertificateRequestError = exports.CAService = void 0;
+/**
+ * Abstract CA signing service interface.
+ *
+ * Defines the contract for certificate authority services that can issue
+ * certificates from certificate signing requests.
+ */
+class CAService {
+    /**
+     * Optional authorizer for request authentication.
+     */
+    get authorizer() {
+        return null;
+    }
+}
+exports.CAService = CAService;
+/**
+ * Error thrown when a certificate request fails.
+ */
+class CertificateRequestError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "CertificateRequestError";
+        Object.setPrototypeOf(this, CertificateRequestError.prototype);
+    }
+}
+exports.CertificateRequestError = CertificateRequestError;
+//# sourceMappingURL=ca-types.js.map

package/dist/cjs/naylence/fame/security/cert/ca-types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ca-types.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/ca-types.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAyCH;;;;;GAKG;AACH,MAAsB,SAAS;IAC7B;;OAEG;IACH,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC;IACd,CAAC;CAWF;AAjBD,8BAiBC;AAED;;GAEG;AACH,MAAa,uBAAwB,SAAQ,KAAK;IAChD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;QACtC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,uBAAuB,CAAC,SAAS,CAAC,CAAC;IACjE,CAAC;CACF;AAND,0DAMC"}

package/dist/cjs/naylence/fame/security/cert/default-ca-service-factory.js ADDED Viewed

@@ -0,0 +1,70 @@
+"use strict";
+/**
+ * Factory for creating DefaultCAService instances.
+ *
+ * Provides the default CA service implementation with environment variable support.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultCAServiceFactory = exports.FACTORY_META = void 0;
+const factory_1 = require("@naylence/factory");
+const default_ca_service_js_1 = require("./default-ca-service.js");
+/**
+ * Factory metadata for DefaultCAServiceFactory.
+ */
+exports.FACTORY_META = {
+    base: "CAServiceFactory",
+    key: "DefaultCAService",
+};
+/**
+ * Normalize configuration from snake_case or camelCase to standard format.
+ */
+function normalizeConfig(config) {
+    if (!config) {
+        return { type: "DefaultCAService" };
+    }
+    const { type: _ignoredType, ...rest } = config;
+    return {
+        ...rest,
+        type: "DefaultCAService",
+    };
+}
+/**
+ * Factory for creating DefaultCAService instances.
+ */
+class DefaultCAServiceFactory extends factory_1.AbstractResourceFactory {
+    constructor() {
+        super(...arguments);
+        this.type = "DefaultCAService";
+        this.isDefault = true;
+        this.priority = 100;
+    }
+    /**
+     * Create a DefaultCAService instance.
+     *
+     * @param config - DefaultCAService configuration
+     * @returns Configured DefaultCAService instance
+     */
+    async create(config, ..._factoryArgs) {
+        const normalizedConfig = normalizeConfig(config);
+        // Extract configuration with snake_case fallbacks
+        const caCertPem = normalizedConfig.caCertPem ?? normalizedConfig.ca_cert_pem;
+        const caKeyPem = normalizedConfig.caKeyPem ?? normalizedConfig.ca_key_pem;
+        const intermediateChainPem = normalizedConfig.intermediateChainPem ??
+            normalizedConfig.intermediate_chain_pem;
+        const signingCertPem = normalizedConfig.signingCertPem ?? normalizedConfig.signing_cert_pem;
+        const signingKeyPem = normalizedConfig.signingKeyPem ?? normalizedConfig.signing_key_pem;
+        // TODO: Create authorizer from config when AuthorizerFactory is available
+        const authorizer = undefined;
+        return new default_ca_service_js_1.DefaultCAService({
+            caCertPem,
+            caKeyPem,
+            intermediateChainPem,
+            signingCertPem,
+            signingKeyPem,
+            authorizer,
+        });
+    }
+}
+exports.DefaultCAServiceFactory = DefaultCAServiceFactory;
+exports.default = DefaultCAServiceFactory;
+//# sourceMappingURL=default-ca-service-factory.js.map

package/dist/cjs/naylence/fame/security/cert/default-ca-service-factory.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"default-ca-service-factory.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/default-ca-service-factory.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAGH,+CAA4D;AAG5D,mEAA2D;AAgC3D;;GAEG;AACU,QAAA,YAAY,GAAG;IAC1B,IAAI,EAAE,kBAAkB;IACxB,GAAG,EAAE,kBAAkB;CACf,CAAC;AAEX;;GAEG;AACH,SAAS,eAAe,CACtB,MAAgE;IAEhE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC;IACtC,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,IAAI,EAAE,GAAG,MAAiC,CAAC;IAC1E,OAAO;QACL,GAAG,IAAI;QACP,IAAI,EAAE,kBAAkB;KACC,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,MAAa,uBAAwB,SAAQ,iCAG5C;IAHD;;QAIkB,SAAI,GAAG,kBAAkB,CAAC;QAC1B,cAAS,GAAG,IAAI,CAAC;QACjB,aAAQ,GAAG,GAAG,CAAC;IAsCjC,CAAC;IApCC;;;;;OAKG;IACI,KAAK,CAAC,MAAM,CACjB,MAAgE,EAChE,GAAG,YAAuB;QAE1B,MAAM,gBAAgB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QAEjD,kDAAkD;QAClD,MAAM,SAAS,GACb,gBAAgB,CAAC,SAAS,IAAI,gBAAgB,CAAC,WAAW,CAAC;QAC7D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,IAAI,gBAAgB,CAAC,UAAU,CAAC;QAC1E,MAAM,oBAAoB,GACxB,gBAAgB,CAAC,oBAAoB;YACrC,gBAAgB,CAAC,sBAAsB,CAAC;QAC1C,MAAM,cAAc,GAClB,gBAAgB,CAAC,cAAc,IAAI,gBAAgB,CAAC,gBAAgB,CAAC;QACvE,MAAM,aAAa,GACjB,gBAAgB,CAAC,aAAa,IAAI,gBAAgB,CAAC,eAAe,CAAC;QAErE,0EAA0E;QAC1E,MAAM,UAAU,GAA2B,SAAS,CAAC;QAErD,OAAO,IAAI,wCAAgB,CAAC;YAC1B,SAAS;YACT,QAAQ;YACR,oBAAoB;YACpB,cAAc;YACd,aAAa;YACb,UAAU;SACX,CAAC,CAAC;IACL,CAAC;CACF;AA5CD,0DA4CC;AAED,kBAAe,uBAAuB,CAAC"}