@naylence/advanced-security 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +33 -0
- package/NOTICE +5 -0
- package/README.md +101 -0
- package/dist/browser/index.js +157043 -0
- package/dist/browser/index.js.map +1 -0
- package/dist/cjs/browser.js +6 -0
- package/dist/cjs/browser.js.map +1 -0
- package/dist/cjs/index.js +7 -0
- package/dist/cjs/index.js.map +1 -0
- package/dist/cjs/naylence/fame/factory-manifest.js +24 -0
- package/dist/cjs/naylence/fame/factory-manifest.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/ca-service-client.js +284 -0
- package/dist/cjs/naylence/fame/security/cert/ca-service-client.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/ca-service-factory.js +65 -0
- package/dist/cjs/naylence/fame/security/cert/ca-service-factory.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/ca-types.js +36 -0
- package/dist/cjs/naylence/fame/security/cert/ca-types.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/default-ca-service-factory.js +70 -0
- package/dist/cjs/naylence/fame/security/cert/default-ca-service-factory.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/default-ca-service.js +270 -0
- package/dist/cjs/naylence/fame/security/cert/default-ca-service.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/default-certificate-manager-factory.js +77 -0
- package/dist/cjs/naylence/fame/security/cert/default-certificate-manager-factory.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/default-certificate-manager.js +675 -0
- package/dist/cjs/naylence/fame/security/cert/default-certificate-manager.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/grants.js +5 -0
- package/dist/cjs/naylence/fame/security/cert/grants.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/index.js +52 -0
- package/dist/cjs/naylence/fame/security/cert/index.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/internal-ca-service.js +793 -0
- package/dist/cjs/naylence/fame/security/cert/internal-ca-service.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/util.js +120 -0
- package/dist/cjs/naylence/fame/security/cert/util.js.map +1 -0
- package/dist/cjs/naylence/fame/security/encryption/channel/channel-encryption-manager-factory.js +89 -0
- package/dist/cjs/naylence/fame/security/encryption/channel/channel-encryption-manager-factory.js.map +1 -0
- package/dist/cjs/naylence/fame/security/encryption/channel/channel-encryption-manager.js +732 -0
- package/dist/cjs/naylence/fame/security/encryption/channel/channel-encryption-manager.js.map +1 -0
- package/dist/cjs/naylence/fame/security/encryption/channel/index.js +8 -0
- package/dist/cjs/naylence/fame/security/encryption/channel/index.js.map +1 -0
- package/dist/cjs/naylence/fame/security/encryption/composite-encryption-manager-factory.js +117 -0
- package/dist/cjs/naylence/fame/security/encryption/composite-encryption-manager-factory.js.map +1 -0
- package/dist/cjs/naylence/fame/security/encryption/composite-encryption-manager.js +325 -0
- package/dist/cjs/naylence/fame/security/encryption/composite-encryption-manager.js.map +1 -0
- package/dist/cjs/naylence/fame/security/encryption/default-secure-channel-manager-factory.js +57 -0
- package/dist/cjs/naylence/fame/security/encryption/default-secure-channel-manager-factory.js.map +1 -0
- package/dist/cjs/naylence/fame/security/encryption/default-secure-channel-manager.js +282 -0
- package/dist/cjs/naylence/fame/security/encryption/default-secure-channel-manager.js.map +1 -0
- package/dist/cjs/naylence/fame/security/encryption/encryption-manager-registry.js +173 -0
- package/dist/cjs/naylence/fame/security/encryption/encryption-manager-registry.js.map +1 -0
- package/dist/cjs/naylence/fame/security/encryption/index.js +16 -0
- package/dist/cjs/naylence/fame/security/encryption/index.js.map +1 -0
- package/dist/cjs/naylence/fame/security/encryption/sealed/index.js +8 -0
- package/dist/cjs/naylence/fame/security/encryption/sealed/index.js.map +1 -0
- package/dist/cjs/naylence/fame/security/encryption/sealed/x25519-encryption-manager-factory.js +86 -0
- package/dist/cjs/naylence/fame/security/encryption/sealed/x25519-encryption-manager-factory.js.map +1 -0
- package/dist/cjs/naylence/fame/security/encryption/sealed/x25519-encryption-manager.js +546 -0
- package/dist/cjs/naylence/fame/security/encryption/sealed/x25519-encryption-manager.js.map +1 -0
- package/dist/cjs/naylence/fame/security/index.js +11 -0
- package/dist/cjs/naylence/fame/security/index.js.map +1 -0
- package/dist/cjs/naylence/fame/security/keys/index.js +9 -0
- package/dist/cjs/naylence/fame/security/keys/index.js.map +1 -0
- package/dist/cjs/naylence/fame/security/keys/x5c-key-manager-factory.js +40 -0
- package/dist/cjs/naylence/fame/security/keys/x5c-key-manager-factory.js.map +1 -0
- package/dist/cjs/naylence/fame/security/keys/x5c-key-manager.js +441 -0
- package/dist/cjs/naylence/fame/security/keys/x5c-key-manager.js.map +1 -0
- package/dist/cjs/naylence/fame/security/register-advanced-security-factories.js +131 -0
- package/dist/cjs/naylence/fame/security/register-advanced-security-factories.js.map +1 -0
- package/dist/cjs/naylence/fame/security/signing/eddsa-envelope-signer-factory.js +71 -0
- package/dist/cjs/naylence/fame/security/signing/eddsa-envelope-signer-factory.js.map +1 -0
- package/dist/cjs/naylence/fame/security/signing/eddsa-envelope-verifier-factory.js +31 -0
- package/dist/cjs/naylence/fame/security/signing/eddsa-envelope-verifier-factory.js.map +1 -0
- package/dist/cjs/naylence/fame/security/signing/eddsa-envelope-verifier.js +176 -0
- package/dist/cjs/naylence/fame/security/signing/eddsa-envelope-verifier.js.map +1 -0
- package/dist/cjs/naylence/fame/stickiness/aft-helper.js +77 -0
- package/dist/cjs/naylence/fame/stickiness/aft-helper.js.map +1 -0
- package/dist/cjs/naylence/fame/stickiness/aft-load-balancer-stickiness-manager-factory.js +69 -0
- package/dist/cjs/naylence/fame/stickiness/aft-load-balancer-stickiness-manager-factory.js.map +1 -0
- package/dist/cjs/naylence/fame/stickiness/aft-load-balancer-stickiness-manager.js +451 -0
- package/dist/cjs/naylence/fame/stickiness/aft-load-balancer-stickiness-manager.js.map +1 -0
- package/dist/cjs/naylence/fame/stickiness/aft-model.js +62 -0
- package/dist/cjs/naylence/fame/stickiness/aft-model.js.map +1 -0
- package/dist/cjs/naylence/fame/stickiness/aft-replica-stickiness-manager-factory.js +54 -0
- package/dist/cjs/naylence/fame/stickiness/aft-replica-stickiness-manager-factory.js.map +1 -0
- package/dist/cjs/naylence/fame/stickiness/aft-replica-stickiness-manager.js +208 -0
- package/dist/cjs/naylence/fame/stickiness/aft-replica-stickiness-manager.js.map +1 -0
- package/dist/cjs/naylence/fame/stickiness/aft-signer.js +154 -0
- package/dist/cjs/naylence/fame/stickiness/aft-signer.js.map +1 -0
- package/dist/cjs/naylence/fame/stickiness/aft-utils.js +95 -0
- package/dist/cjs/naylence/fame/stickiness/aft-utils.js.map +1 -0
- package/dist/cjs/naylence/fame/stickiness/aft-verifier.js +297 -0
- package/dist/cjs/naylence/fame/stickiness/aft-verifier.js.map +1 -0
- package/dist/cjs/naylence/fame/stickiness/index.js +40 -0
- package/dist/cjs/naylence/fame/stickiness/index.js.map +1 -0
- package/dist/cjs/naylence/fame/stickiness/stickiness-mode.js +28 -0
- package/dist/cjs/naylence/fame/stickiness/stickiness-mode.js.map +1 -0
- package/dist/cjs/naylence/fame/welcome/advanced-welcome-service-factory.js +97 -0
- package/dist/cjs/naylence/fame/welcome/advanced-welcome-service-factory.js.map +1 -0
- package/dist/cjs/naylence/fame/welcome/advanced-welcome-service.js +216 -0
- package/dist/cjs/naylence/fame/welcome/advanced-welcome-service.js.map +1 -0
- package/dist/cjs/naylence/fame/welcome/index.js +9 -0
- package/dist/cjs/naylence/fame/welcome/index.js.map +1 -0
- package/dist/cjs/plugin.js +41 -0
- package/dist/cjs/plugin.js.map +1 -0
- package/dist/esm/browser.js +3 -0
- package/dist/esm/browser.js.map +1 -0
- package/dist/esm/index.js +4 -0
- package/dist/esm/index.js.map +1 -0
- package/dist/esm/naylence/fame/factory-manifest.js +21 -0
- package/dist/esm/naylence/fame/factory-manifest.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/ca-server.js +153 -0
- package/dist/esm/naylence/fame/security/cert/ca-server.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/ca-service-client.js +278 -0
- package/dist/esm/naylence/fame/security/cert/ca-service-client.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/ca-service-factory.js +61 -0
- package/dist/esm/naylence/fame/security/cert/ca-service-factory.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/ca-types.js +31 -0
- package/dist/esm/naylence/fame/security/cert/ca-types.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/default-ca-service-factory.js +66 -0
- package/dist/esm/naylence/fame/security/cert/default-ca-service-factory.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/default-ca-service.js +233 -0
- package/dist/esm/naylence/fame/security/cert/default-ca-service.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/default-certificate-manager-factory.js +73 -0
- package/dist/esm/naylence/fame/security/cert/default-certificate-manager-factory.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/default-certificate-manager.js +638 -0
- package/dist/esm/naylence/fame/security/cert/default-certificate-manager.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/grants.js +2 -0
- package/dist/esm/naylence/fame/security/cert/grants.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/index.js +12 -0
- package/dist/esm/naylence/fame/security/cert/index.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/internal-ca-service.js +750 -0
- package/dist/esm/naylence/fame/security/cert/internal-ca-service.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/util.js +116 -0
- package/dist/esm/naylence/fame/security/cert/util.js.map +1 -0
- package/dist/esm/naylence/fame/security/encryption/channel/channel-encryption-manager-factory.js +85 -0
- package/dist/esm/naylence/fame/security/encryption/channel/channel-encryption-manager-factory.js.map +1 -0
- package/dist/esm/naylence/fame/security/encryption/channel/channel-encryption-manager.js +728 -0
- package/dist/esm/naylence/fame/security/encryption/channel/channel-encryption-manager.js.map +1 -0
- package/dist/esm/naylence/fame/security/encryption/channel/index.js +3 -0
- package/dist/esm/naylence/fame/security/encryption/channel/index.js.map +1 -0
- package/dist/esm/naylence/fame/security/encryption/composite-encryption-manager-factory.js +113 -0
- package/dist/esm/naylence/fame/security/encryption/composite-encryption-manager-factory.js.map +1 -0
- package/dist/esm/naylence/fame/security/encryption/composite-encryption-manager.js +321 -0
- package/dist/esm/naylence/fame/security/encryption/composite-encryption-manager.js.map +1 -0
- package/dist/esm/naylence/fame/security/encryption/default-secure-channel-manager-factory.js +53 -0
- package/dist/esm/naylence/fame/security/encryption/default-secure-channel-manager-factory.js.map +1 -0
- package/dist/esm/naylence/fame/security/encryption/default-secure-channel-manager.js +278 -0
- package/dist/esm/naylence/fame/security/encryption/default-secure-channel-manager.js.map +1 -0
- package/dist/esm/naylence/fame/security/encryption/encryption-manager-registry.js +167 -0
- package/dist/esm/naylence/fame/security/encryption/encryption-manager-registry.js.map +1 -0
- package/dist/esm/naylence/fame/security/encryption/index.js +7 -0
- package/dist/esm/naylence/fame/security/encryption/index.js.map +1 -0
- package/dist/esm/naylence/fame/security/encryption/sealed/index.js +3 -0
- package/dist/esm/naylence/fame/security/encryption/sealed/index.js.map +1 -0
- package/dist/esm/naylence/fame/security/encryption/sealed/x25519-encryption-manager-factory.js +82 -0
- package/dist/esm/naylence/fame/security/encryption/sealed/x25519-encryption-manager-factory.js.map +1 -0
- package/dist/esm/naylence/fame/security/encryption/sealed/x25519-encryption-manager.js +542 -0
- package/dist/esm/naylence/fame/security/encryption/sealed/x25519-encryption-manager.js.map +1 -0
- package/dist/esm/naylence/fame/security/index.js +6 -0
- package/dist/esm/naylence/fame/security/index.js.map +1 -0
- package/dist/esm/naylence/fame/security/keys/index.js +3 -0
- package/dist/esm/naylence/fame/security/keys/index.js.map +1 -0
- package/dist/esm/naylence/fame/security/keys/x5c-key-manager-factory.js +36 -0
- package/dist/esm/naylence/fame/security/keys/x5c-key-manager-factory.js.map +1 -0
- package/dist/esm/naylence/fame/security/keys/x5c-key-manager.js +405 -0
- package/dist/esm/naylence/fame/security/keys/x5c-key-manager.js.map +1 -0
- package/dist/esm/naylence/fame/security/register-advanced-security-factories.js +95 -0
- package/dist/esm/naylence/fame/security/register-advanced-security-factories.js.map +1 -0
- package/dist/esm/naylence/fame/security/signing/eddsa-envelope-signer-factory.js +34 -0
- package/dist/esm/naylence/fame/security/signing/eddsa-envelope-signer-factory.js.map +1 -0
- package/dist/esm/naylence/fame/security/signing/eddsa-envelope-verifier-factory.js +27 -0
- package/dist/esm/naylence/fame/security/signing/eddsa-envelope-verifier-factory.js.map +1 -0
- package/dist/esm/naylence/fame/security/signing/eddsa-envelope-verifier.js +172 -0
- package/dist/esm/naylence/fame/security/signing/eddsa-envelope-verifier.js.map +1 -0
- package/dist/esm/naylence/fame/stickiness/aft-helper.js +72 -0
- package/dist/esm/naylence/fame/stickiness/aft-helper.js.map +1 -0
- package/dist/esm/naylence/fame/stickiness/aft-load-balancer-stickiness-manager-factory.js +65 -0
- package/dist/esm/naylence/fame/stickiness/aft-load-balancer-stickiness-manager-factory.js.map +1 -0
- package/dist/esm/naylence/fame/stickiness/aft-load-balancer-stickiness-manager.js +447 -0
- package/dist/esm/naylence/fame/stickiness/aft-load-balancer-stickiness-manager.js.map +1 -0
- package/dist/esm/naylence/fame/stickiness/aft-model.js +54 -0
- package/dist/esm/naylence/fame/stickiness/aft-model.js.map +1 -0
- package/dist/esm/naylence/fame/stickiness/aft-replica-stickiness-manager-factory.js +50 -0
- package/dist/esm/naylence/fame/stickiness/aft-replica-stickiness-manager-factory.js.map +1 -0
- package/dist/esm/naylence/fame/stickiness/aft-replica-stickiness-manager.js +203 -0
- package/dist/esm/naylence/fame/stickiness/aft-replica-stickiness-manager.js.map +1 -0
- package/dist/esm/naylence/fame/stickiness/aft-signer.js +147 -0
- package/dist/esm/naylence/fame/stickiness/aft-signer.js.map +1 -0
- package/dist/esm/naylence/fame/stickiness/aft-utils.js +90 -0
- package/dist/esm/naylence/fame/stickiness/aft-utils.js.map +1 -0
- package/dist/esm/naylence/fame/stickiness/aft-verifier.js +290 -0
- package/dist/esm/naylence/fame/stickiness/aft-verifier.js.map +1 -0
- package/dist/esm/naylence/fame/stickiness/index.js +11 -0
- package/dist/esm/naylence/fame/stickiness/index.js.map +1 -0
- package/dist/esm/naylence/fame/stickiness/stickiness-mode.js +24 -0
- package/dist/esm/naylence/fame/stickiness/stickiness-mode.js.map +1 -0
- package/dist/esm/naylence/fame/welcome/advanced-welcome-service-factory.js +93 -0
- package/dist/esm/naylence/fame/welcome/advanced-welcome-service-factory.js.map +1 -0
- package/dist/esm/naylence/fame/welcome/advanced-welcome-service.js +212 -0
- package/dist/esm/naylence/fame/welcome/advanced-welcome-service.js.map +1 -0
- package/dist/esm/naylence/fame/welcome/index.js +3 -0
- package/dist/esm/naylence/fame/welcome/index.js.map +1 -0
- package/dist/esm/plugin.js +37 -0
- package/dist/esm/plugin.js.map +1 -0
- package/dist/types/browser.d.ts +2 -0
- package/dist/types/browser.d.ts.map +1 -0
- package/dist/types/index.d.ts +4 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/naylence/fame/factory-manifest.d.ts +9 -0
- package/dist/types/naylence/fame/factory-manifest.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/ca-server.d.ts +19 -0
- package/dist/types/naylence/fame/security/cert/ca-server.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/ca-service-client.d.ts +75 -0
- package/dist/types/naylence/fame/security/cert/ca-service-client.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/ca-service-factory.d.ts +43 -0
- package/dist/types/naylence/fame/security/cert/ca-service-factory.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/ca-types.d.ts +97 -0
- package/dist/types/naylence/fame/security/cert/ca-types.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/default-ca-service-factory.d.ts +55 -0
- package/dist/types/naylence/fame/security/cert/default-ca-service-factory.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/default-ca-service.d.ts +84 -0
- package/dist/types/naylence/fame/security/cert/default-ca-service.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/default-certificate-manager-factory.d.ts +25 -0
- package/dist/types/naylence/fame/security/cert/default-certificate-manager-factory.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/default-certificate-manager.d.ts +38 -0
- package/dist/types/naylence/fame/security/cert/default-certificate-manager.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/grants.d.ts +2 -0
- package/dist/types/naylence/fame/security/cert/grants.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/index.d.ts +11 -0
- package/dist/types/naylence/fame/security/cert/index.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/internal-ca-service.d.ts +132 -0
- package/dist/types/naylence/fame/security/cert/internal-ca-service.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/util.d.ts +35 -0
- package/dist/types/naylence/fame/security/cert/util.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/encryption/channel/channel-encryption-manager-factory.d.ts +29 -0
- package/dist/types/naylence/fame/security/encryption/channel/channel-encryption-manager-factory.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/encryption/channel/channel-encryption-manager.d.ts +51 -0
- package/dist/types/naylence/fame/security/encryption/channel/channel-encryption-manager.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/encryption/channel/index.d.ts +3 -0
- package/dist/types/naylence/fame/security/encryption/channel/index.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/encryption/composite-encryption-manager-factory.d.ts +32 -0
- package/dist/types/naylence/fame/security/encryption/composite-encryption-manager-factory.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/encryption/composite-encryption-manager.d.ts +52 -0
- package/dist/types/naylence/fame/security/encryption/composite-encryption-manager.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/encryption/default-secure-channel-manager-factory.d.ts +23 -0
- package/dist/types/naylence/fame/security/encryption/default-secure-channel-manager-factory.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/encryption/default-secure-channel-manager.d.ts +37 -0
- package/dist/types/naylence/fame/security/encryption/default-secure-channel-manager.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/encryption/encryption-manager-registry.d.ts +34 -0
- package/dist/types/naylence/fame/security/encryption/encryption-manager-registry.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/encryption/index.d.ts +7 -0
- package/dist/types/naylence/fame/security/encryption/index.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/encryption/sealed/index.d.ts +3 -0
- package/dist/types/naylence/fame/security/encryption/sealed/index.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/encryption/sealed/x25519-encryption-manager-factory.d.ts +28 -0
- package/dist/types/naylence/fame/security/encryption/sealed/x25519-encryption-manager-factory.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/encryption/sealed/x25519-encryption-manager.d.ts +43 -0
- package/dist/types/naylence/fame/security/encryption/sealed/x25519-encryption-manager.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/index.d.ts +6 -0
- package/dist/types/naylence/fame/security/index.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/keys/index.d.ts +3 -0
- package/dist/types/naylence/fame/security/keys/index.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/keys/x5c-key-manager-factory.d.ts +19 -0
- package/dist/types/naylence/fame/security/keys/x5c-key-manager-factory.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/keys/x5c-key-manager.d.ts +39 -0
- package/dist/types/naylence/fame/security/keys/x5c-key-manager.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/register-advanced-security-factories.d.ts +8 -0
- package/dist/types/naylence/fame/security/register-advanced-security-factories.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/signing/eddsa-envelope-signer-factory.d.ts +20 -0
- package/dist/types/naylence/fame/security/signing/eddsa-envelope-signer-factory.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/signing/eddsa-envelope-verifier-factory.d.ts +21 -0
- package/dist/types/naylence/fame/security/signing/eddsa-envelope-verifier-factory.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/signing/eddsa-envelope-verifier.d.ts +17 -0
- package/dist/types/naylence/fame/security/signing/eddsa-envelope-verifier.d.ts.map +1 -0
- package/dist/types/naylence/fame/stickiness/aft-helper.d.ts +29 -0
- package/dist/types/naylence/fame/stickiness/aft-helper.d.ts.map +1 -0
- package/dist/types/naylence/fame/stickiness/aft-load-balancer-stickiness-manager-factory.d.ts +25 -0
- package/dist/types/naylence/fame/stickiness/aft-load-balancer-stickiness-manager-factory.d.ts.map +1 -0
- package/dist/types/naylence/fame/stickiness/aft-load-balancer-stickiness-manager.d.ts +33 -0
- package/dist/types/naylence/fame/stickiness/aft-load-balancer-stickiness-manager.d.ts.map +1 -0
- package/dist/types/naylence/fame/stickiness/aft-model.d.ts +33 -0
- package/dist/types/naylence/fame/stickiness/aft-model.d.ts.map +1 -0
- package/dist/types/naylence/fame/stickiness/aft-replica-stickiness-manager-factory.d.ts +23 -0
- package/dist/types/naylence/fame/stickiness/aft-replica-stickiness-manager-factory.d.ts.map +1 -0
- package/dist/types/naylence/fame/stickiness/aft-replica-stickiness-manager.d.ts +31 -0
- package/dist/types/naylence/fame/stickiness/aft-replica-stickiness-manager.d.ts.map +1 -0
- package/dist/types/naylence/fame/stickiness/aft-signer.d.ts +55 -0
- package/dist/types/naylence/fame/stickiness/aft-signer.d.ts.map +1 -0
- package/dist/types/naylence/fame/stickiness/aft-utils.d.ts +4 -0
- package/dist/types/naylence/fame/stickiness/aft-utils.d.ts.map +1 -0
- package/dist/types/naylence/fame/stickiness/aft-verifier.d.ts +50 -0
- package/dist/types/naylence/fame/stickiness/aft-verifier.d.ts.map +1 -0
- package/dist/types/naylence/fame/stickiness/index.d.ts +15 -0
- package/dist/types/naylence/fame/stickiness/index.d.ts.map +1 -0
- package/dist/types/naylence/fame/stickiness/stickiness-mode.d.ts +7 -0
- package/dist/types/naylence/fame/stickiness/stickiness-mode.d.ts.map +1 -0
- package/dist/types/naylence/fame/welcome/advanced-welcome-service-factory.d.ts +21 -0
- package/dist/types/naylence/fame/welcome/advanced-welcome-service-factory.d.ts.map +1 -0
- package/dist/types/naylence/fame/welcome/advanced-welcome-service.d.ts +21 -0
- package/dist/types/naylence/fame/welcome/advanced-welcome-service.d.ts.map +1 -0
- package/dist/types/naylence/fame/welcome/index.d.ts +3 -0
- package/dist/types/naylence/fame/welcome/index.d.ts.map +1 -0
- package/dist/types/plugin.d.ts +11 -0
- package/dist/types/plugin.d.ts.map +1 -0
- package/package.json +130 -0
|
@@ -0,0 +1,793 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Certificate Authority signing service for node certificates.
|
|
4
|
+
*
|
|
5
|
+
* Provides in-process API for issuing certificates with node physical
|
|
6
|
+
* and host-like logical address information using SPIFFE-compliant identities.
|
|
7
|
+
*/
|
|
8
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
9
|
+
if (k2 === undefined) k2 = k;
|
|
10
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
11
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
12
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
13
|
+
}
|
|
14
|
+
Object.defineProperty(o, k2, desc);
|
|
15
|
+
}) : (function(o, m, k, k2) {
|
|
16
|
+
if (k2 === undefined) k2 = k;
|
|
17
|
+
o[k2] = m[k];
|
|
18
|
+
}));
|
|
19
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
20
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
21
|
+
}) : function(o, v) {
|
|
22
|
+
o["default"] = v;
|
|
23
|
+
});
|
|
24
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
25
|
+
var ownKeys = function(o) {
|
|
26
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
27
|
+
var ar = [];
|
|
28
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
29
|
+
return ar;
|
|
30
|
+
};
|
|
31
|
+
return ownKeys(o);
|
|
32
|
+
};
|
|
33
|
+
return function (mod) {
|
|
34
|
+
if (mod && mod.__esModule) return mod;
|
|
35
|
+
var result = {};
|
|
36
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
37
|
+
__setModuleDefault(result, mod);
|
|
38
|
+
return result;
|
|
39
|
+
};
|
|
40
|
+
})();
|
|
41
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
42
|
+
exports.CASigningService = exports.NODE_ID_OID = exports.LOGICALS_OID = exports.SID_OID = void 0;
|
|
43
|
+
exports.createTestCA = createTestCA;
|
|
44
|
+
exports.extractSpiffeIdFromCert = extractSpiffeIdFromCert;
|
|
45
|
+
exports.extractSidFromCert = extractSidFromCert;
|
|
46
|
+
exports.extractNodeIdFromCert = extractNodeIdFromCert;
|
|
47
|
+
exports.extractLogicalHostsFromCert = extractLogicalHostsFromCert;
|
|
48
|
+
exports.extractSidFromSpiffeId = extractSidFromSpiffeId;
|
|
49
|
+
exports.verifyCertSidIntegrity = verifyCertSidIntegrity;
|
|
50
|
+
const asn1_schema_1 = require("@peculiar/asn1-schema");
|
|
51
|
+
const asn1_x509_1 = require("@peculiar/asn1-x509");
|
|
52
|
+
const asn1_csr_1 = require("@peculiar/asn1-csr");
|
|
53
|
+
const runtime_1 = require("@naylence/runtime");
|
|
54
|
+
const ca_types_js_1 = require("./ca-types.js");
|
|
55
|
+
// Certificate extension OIDs (using placeholder PEN)
|
|
56
|
+
exports.SID_OID = "1.3.6.1.4.1.58530.1";
|
|
57
|
+
exports.LOGICALS_OID = "1.3.6.1.4.1.58530.2";
|
|
58
|
+
exports.NODE_ID_OID = "1.3.6.1.4.1.58530.4";
|
|
59
|
+
const ED25519_OID = "1.3.101.112";
|
|
60
|
+
let x509ModulePromise = null;
|
|
61
|
+
let cryptoPromise = null;
|
|
62
|
+
let subtleCryptoPromise = null;
|
|
63
|
+
/**
|
|
64
|
+
* Lazy-load the @peculiar/x509 module.
|
|
65
|
+
*/
|
|
66
|
+
async function loadX509Module() {
|
|
67
|
+
if (!x509ModulePromise) {
|
|
68
|
+
x509ModulePromise = Promise.resolve().then(() => __importStar(require("@peculiar/x509"))).then((mod) => {
|
|
69
|
+
if (mod && typeof mod.X509Certificate === "function") {
|
|
70
|
+
return mod;
|
|
71
|
+
}
|
|
72
|
+
return null;
|
|
73
|
+
})
|
|
74
|
+
.catch((error) => {
|
|
75
|
+
console.error("Failed to load @peculiar/x509:", error);
|
|
76
|
+
return null;
|
|
77
|
+
});
|
|
78
|
+
}
|
|
79
|
+
return x509ModulePromise;
|
|
80
|
+
}
|
|
81
|
+
async function ensureCrypto() {
|
|
82
|
+
if (typeof globalThis.crypto !== "undefined" && globalThis.crypto.subtle) {
|
|
83
|
+
return globalThis.crypto;
|
|
84
|
+
}
|
|
85
|
+
if (!cryptoPromise) {
|
|
86
|
+
if (typeof process !== "undefined" &&
|
|
87
|
+
typeof process.versions?.node === "string") {
|
|
88
|
+
cryptoPromise = Promise.resolve().then(() => __importStar(require("crypto"))).then((cryptoModule) => {
|
|
89
|
+
const webcrypto = cryptoModule
|
|
90
|
+
.webcrypto;
|
|
91
|
+
if (!webcrypto || !webcrypto.subtle) {
|
|
92
|
+
throw new Error("WebCrypto API is not available in this Node.js runtime");
|
|
93
|
+
}
|
|
94
|
+
globalThis.crypto = webcrypto;
|
|
95
|
+
return webcrypto;
|
|
96
|
+
});
|
|
97
|
+
}
|
|
98
|
+
else {
|
|
99
|
+
cryptoPromise = Promise.reject(new Error("WebCrypto API is not available in this environment"));
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
return cryptoPromise;
|
|
103
|
+
}
|
|
104
|
+
async function getSubtleCrypto() {
|
|
105
|
+
if (!subtleCryptoPromise) {
|
|
106
|
+
subtleCryptoPromise = ensureCrypto().then((cryptoImpl) => cryptoImpl.subtle);
|
|
107
|
+
}
|
|
108
|
+
return subtleCryptoPromise;
|
|
109
|
+
}
|
|
110
|
+
async function importEd25519PrivateKey(pem, keyUsages = ["sign"]) {
|
|
111
|
+
const subtle = await getSubtleCrypto();
|
|
112
|
+
const der = pemToDer(pem);
|
|
113
|
+
try {
|
|
114
|
+
return await subtle.importKey("pkcs8", der, { name: "Ed25519" }, false, keyUsages);
|
|
115
|
+
}
|
|
116
|
+
catch (error) {
|
|
117
|
+
throw new Error(`Failed to import Ed25519 private key: ${error.message}`);
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
async function importEd25519PublicKey(pem, keyUsages = ["verify"]) {
|
|
121
|
+
const subtle = await getSubtleCrypto();
|
|
122
|
+
const der = pemToDer(pem);
|
|
123
|
+
try {
|
|
124
|
+
return await subtle.importKey("spki", der, { name: "Ed25519" }, true, keyUsages);
|
|
125
|
+
}
|
|
126
|
+
catch (error) {
|
|
127
|
+
throw new Error(`Failed to import Ed25519 public key: ${error.message}`);
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
async function computeKeyIdentifier(key) {
|
|
131
|
+
const subtle = await getSubtleCrypto();
|
|
132
|
+
let spki;
|
|
133
|
+
if (key instanceof ArrayBuffer) {
|
|
134
|
+
spki = key;
|
|
135
|
+
}
|
|
136
|
+
else if (ArrayBuffer.isView(key)) {
|
|
137
|
+
const view = new Uint8Array(key.buffer, key.byteOffset, key.byteLength);
|
|
138
|
+
spki = view.slice().buffer;
|
|
139
|
+
}
|
|
140
|
+
else {
|
|
141
|
+
spki = await subtle.exportKey("spki", key);
|
|
142
|
+
}
|
|
143
|
+
const digest = await subtle.digest("SHA-256", spki);
|
|
144
|
+
return new Uint8Array(digest);
|
|
145
|
+
}
|
|
146
|
+
function toArrayBuffer(view) {
|
|
147
|
+
return new Uint8Array(view).buffer;
|
|
148
|
+
}
|
|
149
|
+
function serializeAsn(value) {
|
|
150
|
+
return asn1_schema_1.AsnConvert.serialize(value);
|
|
151
|
+
}
|
|
152
|
+
function hexToArrayBuffer(hex) {
|
|
153
|
+
const normalized = hex.length % 2 === 0 ? hex : `0${hex}`;
|
|
154
|
+
const bytes = new Uint8Array(normalized.length / 2);
|
|
155
|
+
for (let i = 0; i < bytes.length; i += 1) {
|
|
156
|
+
const byte = normalized.slice(i * 2, i * 2 + 2);
|
|
157
|
+
bytes[i] = Number.parseInt(byte, 16);
|
|
158
|
+
}
|
|
159
|
+
return bytes.buffer;
|
|
160
|
+
}
|
|
161
|
+
function encodeBitString(data) {
|
|
162
|
+
const input = new Uint8Array(data);
|
|
163
|
+
const bitString = new Uint8Array(input.length + 1);
|
|
164
|
+
bitString.set(input, 1);
|
|
165
|
+
return bitString.buffer;
|
|
166
|
+
}
|
|
167
|
+
async function createEd25519Certificate(options) {
|
|
168
|
+
const subtle = await getSubtleCrypto();
|
|
169
|
+
await ensureCrypto();
|
|
170
|
+
const serialHex = generateSerialNumber();
|
|
171
|
+
const issuerName = cloneName(options.issuer);
|
|
172
|
+
const subjectName = cloneName(options.subject);
|
|
173
|
+
const subjectSpki = await subtle.exportKey("spki", options.subjectPublicKey);
|
|
174
|
+
const subjectPublicKeyInfo = asn1_schema_1.AsnConvert.parse(subjectSpki, asn1_x509_1.SubjectPublicKeyInfo);
|
|
175
|
+
subjectPublicKeyInfo.algorithm = new asn1_x509_1.AlgorithmIdentifier({
|
|
176
|
+
algorithm: ED25519_OID,
|
|
177
|
+
});
|
|
178
|
+
const signatureAlgorithm = new asn1_x509_1.AlgorithmIdentifier({
|
|
179
|
+
algorithm: ED25519_OID,
|
|
180
|
+
});
|
|
181
|
+
const extensions = options.extensions?.length
|
|
182
|
+
? new asn1_x509_1.Extensions(options.extensions.map((ext) => new asn1_x509_1.Extension({
|
|
183
|
+
extnID: ext.type,
|
|
184
|
+
critical: ext.critical,
|
|
185
|
+
extnValue: new asn1_schema_1.OctetString(ext.value),
|
|
186
|
+
})))
|
|
187
|
+
: undefined;
|
|
188
|
+
const tbsCertificate = new asn1_x509_1.TBSCertificate({
|
|
189
|
+
version: asn1_x509_1.Version.v3,
|
|
190
|
+
serialNumber: hexToArrayBuffer(serialHex),
|
|
191
|
+
signature: signatureAlgorithm,
|
|
192
|
+
issuer: issuerName,
|
|
193
|
+
validity: new asn1_x509_1.Validity({
|
|
194
|
+
notBefore: options.notBefore,
|
|
195
|
+
notAfter: options.notAfter,
|
|
196
|
+
}),
|
|
197
|
+
subject: subjectName,
|
|
198
|
+
subjectPublicKeyInfo,
|
|
199
|
+
extensions,
|
|
200
|
+
});
|
|
201
|
+
const tbsDer = asn1_schema_1.AsnConvert.serialize(tbsCertificate);
|
|
202
|
+
const signature = await subtle.sign("Ed25519", options.signingKey, tbsDer);
|
|
203
|
+
const certificate = new asn1_x509_1.Certificate({
|
|
204
|
+
tbsCertificate,
|
|
205
|
+
signatureAlgorithm,
|
|
206
|
+
signatureValue: encodeBitString(signature),
|
|
207
|
+
});
|
|
208
|
+
certificate.tbsCertificateRaw = tbsDer;
|
|
209
|
+
return asn1_schema_1.AsnConvert.serialize(certificate);
|
|
210
|
+
}
|
|
211
|
+
function derToPem(der, label) {
|
|
212
|
+
const base64 = bufferToBase64(der);
|
|
213
|
+
return `-----BEGIN ${label}-----\n${formatPem(base64)}\n-----END ${label}-----\n`;
|
|
214
|
+
}
|
|
215
|
+
function addDays(base, days) {
|
|
216
|
+
const result = new Date(base.getTime());
|
|
217
|
+
result.setUTCDate(result.getUTCDate() + days);
|
|
218
|
+
return result;
|
|
219
|
+
}
|
|
220
|
+
function generateSerialNumber(bytes = 16) {
|
|
221
|
+
const cryptoImpl = globalThis.crypto;
|
|
222
|
+
if (!cryptoImpl) {
|
|
223
|
+
throw new Error("Crypto API not initialized");
|
|
224
|
+
}
|
|
225
|
+
const random = new Uint8Array(bytes);
|
|
226
|
+
cryptoImpl.getRandomValues(random);
|
|
227
|
+
random[0] &= 0x7f;
|
|
228
|
+
return Array.from(random, (value) => value.toString(16).padStart(2, "0")).join("");
|
|
229
|
+
}
|
|
230
|
+
function getFameRootDomain() {
|
|
231
|
+
if (typeof process !== "undefined" && process.env?.FAME_ROOT) {
|
|
232
|
+
return process.env.FAME_ROOT;
|
|
233
|
+
}
|
|
234
|
+
return "fame.fabric";
|
|
235
|
+
}
|
|
236
|
+
const OID_COMMON_NAME = "2.5.4.3";
|
|
237
|
+
const OID_ORGANIZATIONAL_UNIT = "2.5.4.11";
|
|
238
|
+
const OID_ORGANIZATION = "2.5.4.10";
|
|
239
|
+
function createRelativeDistinguishedName(oid, value) {
|
|
240
|
+
return new asn1_x509_1.RelativeDistinguishedName([
|
|
241
|
+
new asn1_x509_1.AttributeTypeAndValue({
|
|
242
|
+
type: oid,
|
|
243
|
+
value: new asn1_x509_1.AttributeValue({ utf8String: value }),
|
|
244
|
+
}),
|
|
245
|
+
]);
|
|
246
|
+
}
|
|
247
|
+
function buildCertificateName(commonName, organization, organizationalUnit) {
|
|
248
|
+
const rdns = [
|
|
249
|
+
createRelativeDistinguishedName(OID_COMMON_NAME, commonName),
|
|
250
|
+
];
|
|
251
|
+
if (organizationalUnit) {
|
|
252
|
+
rdns.push(createRelativeDistinguishedName(OID_ORGANIZATIONAL_UNIT, organizationalUnit));
|
|
253
|
+
}
|
|
254
|
+
if (organization) {
|
|
255
|
+
rdns.push(createRelativeDistinguishedName(OID_ORGANIZATION, organization));
|
|
256
|
+
}
|
|
257
|
+
return new asn1_x509_1.Name(rdns);
|
|
258
|
+
}
|
|
259
|
+
function cloneName(name) {
|
|
260
|
+
return asn1_schema_1.AsnConvert.parse(asn1_schema_1.AsnConvert.serialize(name), asn1_x509_1.Name);
|
|
261
|
+
}
|
|
262
|
+
function getCertificateIdentity(cert) {
|
|
263
|
+
const parsed = asn1_schema_1.AsnConvert.parse(cert.rawData, asn1_x509_1.Certificate);
|
|
264
|
+
return {
|
|
265
|
+
name: cloneName(parsed.tbsCertificate.subject),
|
|
266
|
+
subjectPublicKeyInfo: asn1_schema_1.AsnConvert.serialize(parsed.tbsCertificate.subjectPublicKeyInfo),
|
|
267
|
+
};
|
|
268
|
+
}
|
|
269
|
+
async function buildCaExtensions(subjectPublicKey, issuerPublicKey, options) {
|
|
270
|
+
const extensions = [];
|
|
271
|
+
const basicConstraints = new asn1_x509_1.BasicConstraints({ cA: true });
|
|
272
|
+
if (options.pathLength !== null && options.pathLength !== undefined) {
|
|
273
|
+
basicConstraints.pathLenConstraint = options.pathLength;
|
|
274
|
+
}
|
|
275
|
+
extensions.push({
|
|
276
|
+
type: asn1_x509_1.id_ce_basicConstraints,
|
|
277
|
+
critical: true,
|
|
278
|
+
value: serializeAsn(basicConstraints),
|
|
279
|
+
});
|
|
280
|
+
const keyUsageFlags = asn1_x509_1.KeyUsageFlags.digitalSignature |
|
|
281
|
+
asn1_x509_1.KeyUsageFlags.keyCertSign |
|
|
282
|
+
asn1_x509_1.KeyUsageFlags.cRLSign;
|
|
283
|
+
extensions.push({
|
|
284
|
+
type: asn1_x509_1.id_ce_keyUsage,
|
|
285
|
+
critical: true,
|
|
286
|
+
value: serializeAsn(new asn1_x509_1.KeyUsage(keyUsageFlags)),
|
|
287
|
+
});
|
|
288
|
+
const subjectKeyId = await computeKeyIdentifier(subjectPublicKey);
|
|
289
|
+
extensions.push({
|
|
290
|
+
type: asn1_x509_1.id_ce_subjectKeyIdentifier,
|
|
291
|
+
critical: false,
|
|
292
|
+
value: serializeAsn(new asn1_x509_1.SubjectKeyIdentifier(subjectKeyId)),
|
|
293
|
+
});
|
|
294
|
+
const authorityKeyId = await computeKeyIdentifier(issuerPublicKey);
|
|
295
|
+
extensions.push({
|
|
296
|
+
type: asn1_x509_1.id_ce_authorityKeyIdentifier,
|
|
297
|
+
critical: false,
|
|
298
|
+
value: serializeAsn(new asn1_x509_1.AuthorityKeyIdentifier({
|
|
299
|
+
keyIdentifier: new asn1_x509_1.KeyIdentifier(authorityKeyId),
|
|
300
|
+
})),
|
|
301
|
+
});
|
|
302
|
+
if (options.permittedDnsDomains?.length) {
|
|
303
|
+
const permittedSubtrees = new asn1_x509_1.GeneralSubtrees(options.permittedDnsDomains.map((domain) => new asn1_x509_1.GeneralSubtree({ base: new asn1_x509_1.GeneralName({ dNSName: domain }) })));
|
|
304
|
+
const constraints = new asn1_x509_1.NameConstraints({ permittedSubtrees });
|
|
305
|
+
extensions.push({
|
|
306
|
+
type: asn1_x509_1.id_ce_nameConstraints,
|
|
307
|
+
critical: true,
|
|
308
|
+
value: serializeAsn(constraints),
|
|
309
|
+
});
|
|
310
|
+
}
|
|
311
|
+
return extensions;
|
|
312
|
+
}
|
|
313
|
+
async function buildLeafExtensions(publicKey, nodeSid, nodeId, spiffeId, logicalHosts, issuerPublicKey) {
|
|
314
|
+
const extensions = [];
|
|
315
|
+
extensions.push({
|
|
316
|
+
type: asn1_x509_1.id_ce_subjectAltName,
|
|
317
|
+
critical: false,
|
|
318
|
+
value: serializeAsn(new asn1_x509_1.SubjectAlternativeName([
|
|
319
|
+
new asn1_x509_1.GeneralName({ uniformResourceIdentifier: spiffeId }),
|
|
320
|
+
])),
|
|
321
|
+
});
|
|
322
|
+
const keyUsageFlags = asn1_x509_1.KeyUsageFlags.digitalSignature;
|
|
323
|
+
extensions.push({
|
|
324
|
+
type: asn1_x509_1.id_ce_keyUsage,
|
|
325
|
+
critical: true,
|
|
326
|
+
value: serializeAsn(new asn1_x509_1.KeyUsage(keyUsageFlags)),
|
|
327
|
+
});
|
|
328
|
+
extensions.push({
|
|
329
|
+
type: asn1_x509_1.id_ce_extKeyUsage,
|
|
330
|
+
critical: false,
|
|
331
|
+
value: serializeAsn(new asn1_x509_1.ExtendedKeyUsage([asn1_x509_1.id_kp_clientAuth, asn1_x509_1.id_kp_serverAuth])),
|
|
332
|
+
});
|
|
333
|
+
const subjectKeyId = await computeKeyIdentifier(publicKey);
|
|
334
|
+
extensions.push({
|
|
335
|
+
type: asn1_x509_1.id_ce_subjectKeyIdentifier,
|
|
336
|
+
critical: false,
|
|
337
|
+
value: serializeAsn(new asn1_x509_1.SubjectKeyIdentifier(subjectKeyId)),
|
|
338
|
+
});
|
|
339
|
+
const authorityKeyId = await computeKeyIdentifier(issuerPublicKey);
|
|
340
|
+
extensions.push({
|
|
341
|
+
type: asn1_x509_1.id_ce_authorityKeyIdentifier,
|
|
342
|
+
critical: false,
|
|
343
|
+
value: serializeAsn(new asn1_x509_1.AuthorityKeyIdentifier({
|
|
344
|
+
keyIdentifier: new asn1_x509_1.KeyIdentifier(authorityKeyId),
|
|
345
|
+
})),
|
|
346
|
+
});
|
|
347
|
+
extensions.push({
|
|
348
|
+
type: exports.SID_OID,
|
|
349
|
+
critical: false,
|
|
350
|
+
value: toArrayBuffer(new TextEncoder().encode(nodeSid)),
|
|
351
|
+
});
|
|
352
|
+
extensions.push({
|
|
353
|
+
type: exports.NODE_ID_OID,
|
|
354
|
+
critical: false,
|
|
355
|
+
value: toArrayBuffer(new TextEncoder().encode(nodeId)),
|
|
356
|
+
});
|
|
357
|
+
if (logicalHosts.length) {
|
|
358
|
+
const logicalsJson = JSON.stringify(logicalHosts);
|
|
359
|
+
extensions.push({
|
|
360
|
+
type: exports.LOGICALS_OID,
|
|
361
|
+
critical: false,
|
|
362
|
+
value: toArrayBuffer(new TextEncoder().encode(logicalsJson)),
|
|
363
|
+
});
|
|
364
|
+
}
|
|
365
|
+
return extensions;
|
|
366
|
+
}
|
|
367
|
+
/**
|
|
368
|
+
* In-process certificate signing service.
|
|
369
|
+
*
|
|
370
|
+
* Issues SPIFFE-compliant node certificates with Fame-specific extensions
|
|
371
|
+
* for physical paths and logical addresses.
|
|
372
|
+
*/
|
|
373
|
+
class CASigningService extends ca_types_js_1.CAService {
|
|
374
|
+
constructor(options) {
|
|
375
|
+
super();
|
|
376
|
+
this.rootCertPem = options.rootCertPem;
|
|
377
|
+
this.rootKeyPem = options.rootKeyPem;
|
|
378
|
+
this.intermediateCertPem = options.intermediateCertPem;
|
|
379
|
+
this.intermediateKeyPem = options.intermediateKeyPem;
|
|
380
|
+
}
|
|
381
|
+
async ensureRootMaterials() {
|
|
382
|
+
const x509 = await loadX509Module();
|
|
383
|
+
if (!x509) {
|
|
384
|
+
throw new Error("@peculiar/x509 module not available");
|
|
385
|
+
}
|
|
386
|
+
if (!this.rootCert) {
|
|
387
|
+
this.rootCert = new x509.X509Certificate(pemToDer(this.rootCertPem));
|
|
388
|
+
}
|
|
389
|
+
if (!this.rootKey) {
|
|
390
|
+
this.rootKey = await importEd25519PrivateKey(this.rootKeyPem);
|
|
391
|
+
}
|
|
392
|
+
return x509;
|
|
393
|
+
}
|
|
394
|
+
async ensureSigningMaterials() {
|
|
395
|
+
const x509 = await this.ensureRootMaterials();
|
|
396
|
+
if (this.intermediateCertPem && this.intermediateKeyPem) {
|
|
397
|
+
if (!this.signingCert) {
|
|
398
|
+
this.signingCert = new x509.X509Certificate(pemToDer(this.intermediateCertPem));
|
|
399
|
+
}
|
|
400
|
+
if (!this.signingKey) {
|
|
401
|
+
this.signingKey = await importEd25519PrivateKey(this.intermediateKeyPem);
|
|
402
|
+
}
|
|
403
|
+
}
|
|
404
|
+
else {
|
|
405
|
+
this.signingCert = this.rootCert;
|
|
406
|
+
this.signingKey = this.rootKey;
|
|
407
|
+
}
|
|
408
|
+
return x509;
|
|
409
|
+
}
|
|
410
|
+
getRootCertificate() {
|
|
411
|
+
if (!this.rootCert) {
|
|
412
|
+
throw new Error("Root certificate not initialized");
|
|
413
|
+
}
|
|
414
|
+
return this.rootCert;
|
|
415
|
+
}
|
|
416
|
+
getRootKey() {
|
|
417
|
+
if (!this.rootKey) {
|
|
418
|
+
throw new Error("Root private key not initialized");
|
|
419
|
+
}
|
|
420
|
+
return this.rootKey;
|
|
421
|
+
}
|
|
422
|
+
getSigningCertificate() {
|
|
423
|
+
if (!this.signingCert) {
|
|
424
|
+
throw new Error("Signing certificate not initialized");
|
|
425
|
+
}
|
|
426
|
+
return this.signingCert;
|
|
427
|
+
}
|
|
428
|
+
getSigningKey() {
|
|
429
|
+
if (!this.signingKey) {
|
|
430
|
+
throw new Error("Signing key not initialized");
|
|
431
|
+
}
|
|
432
|
+
return this.signingKey;
|
|
433
|
+
}
|
|
434
|
+
/**
|
|
435
|
+
* Issue a certificate from a CSR.
|
|
436
|
+
*
|
|
437
|
+
* Parses the PKCS#10 CSR, extracts the public key, calculates node SID,
|
|
438
|
+
* and signs a certificate. Mirrors Python's default_ca_service.issue_certificate.
|
|
439
|
+
*
|
|
440
|
+
* @param csr - Certificate signing request
|
|
441
|
+
* @returns Certificate issuance response with the signed certificate
|
|
442
|
+
*/
|
|
443
|
+
async issueCertificate(csr) {
|
|
444
|
+
// Parse PKCS#10 CSR to extract SubjectPublicKeyInfo
|
|
445
|
+
const csrDer = pemToDer(csr.csrPem);
|
|
446
|
+
const certRequest = asn1_schema_1.AsnConvert.parse(csrDer, asn1_csr_1.CertificationRequest);
|
|
447
|
+
const subjectPublicKeyInfo = certRequest.certificationRequestInfo.subjectPKInfo;
|
|
448
|
+
// Convert SubjectPublicKeyInfo to PEM format
|
|
449
|
+
const publicKeyDer = asn1_schema_1.AsnConvert.serialize(subjectPublicKeyInfo);
|
|
450
|
+
const publicKeyPem = derToPem(publicKeyDer, "PUBLIC KEY");
|
|
451
|
+
// Determine node SID and physical path (mirrors Python logic)
|
|
452
|
+
const physicalPath = csr.physicalPath || `/unknown/${csr.requesterId}`;
|
|
453
|
+
const nodeSid = (0, runtime_1.secureDigest)(physicalPath);
|
|
454
|
+
const logicals = csr.logicals || [];
|
|
455
|
+
// Issue the certificate (short-lived: 1 day)
|
|
456
|
+
const certificatePem = await this.signNodeCert(publicKeyPem, csr.requesterId, // Use requesterId as node_id
|
|
457
|
+
nodeSid, physicalPath, logicals, 1, // TTL: 1 day (matches Python)
|
|
458
|
+
undefined);
|
|
459
|
+
// Parse certificate to get expiration
|
|
460
|
+
const certDer = pemToDer(certificatePem);
|
|
461
|
+
const cert = asn1_schema_1.AsnConvert.parse(certDer, asn1_x509_1.Certificate);
|
|
462
|
+
const notAfter = cert.tbsCertificate.validity.notAfter.getTime();
|
|
463
|
+
const expiresAt = new Date(notAfter).toISOString();
|
|
464
|
+
return {
|
|
465
|
+
certificatePem,
|
|
466
|
+
expiresAt,
|
|
467
|
+
};
|
|
468
|
+
}
|
|
469
|
+
/**
|
|
470
|
+
* Sign a SPIFFE-compatible node certificate with SID-based identity.
|
|
471
|
+
*
|
|
472
|
+
* @param publicKeyPem - Node's public key in PEM format
|
|
473
|
+
* @param nodeId - Unique identifier for the node
|
|
474
|
+
* @param nodeSid - Node's pre-computed SID (base62-encoded)
|
|
475
|
+
* @param physicalPath - Physical path (for SID verification only)
|
|
476
|
+
* @param logicals - List of host-like logical addresses
|
|
477
|
+
* @param ttlDays - Certificate validity period in days
|
|
478
|
+
* @param spiffeTrustDomain - SPIFFE trust domain
|
|
479
|
+
* @returns PEM-encoded signed certificate
|
|
480
|
+
*/
|
|
481
|
+
async signNodeCert(publicKeyPem, nodeId, nodeSid, physicalPath, logicals, ttlDays = 365, spiffeTrustDomain = "naylence.fame") {
|
|
482
|
+
await this.ensureSigningMaterials();
|
|
483
|
+
const signingCert = this.getSigningCertificate();
|
|
484
|
+
const signingKey = this.getSigningKey();
|
|
485
|
+
const expectedSid = (0, runtime_1.secureDigest)(physicalPath);
|
|
486
|
+
if (expectedSid !== nodeSid) {
|
|
487
|
+
throw new Error("Provided SID does not match the computed SID for the physical path");
|
|
488
|
+
}
|
|
489
|
+
const logicalHosts = logicals ?? [];
|
|
490
|
+
for (const logical of logicalHosts) {
|
|
491
|
+
const [valid, error] = (0, runtime_1.validateHostLogical)(logical);
|
|
492
|
+
if (!valid) {
|
|
493
|
+
throw new Error(`Invalid logical host '${logical}': ${error ?? "unknown error"}`);
|
|
494
|
+
}
|
|
495
|
+
}
|
|
496
|
+
await ensureCrypto();
|
|
497
|
+
const publicKey = await importEd25519PublicKey(publicKeyPem, ["verify"]);
|
|
498
|
+
const issuerIdentity = getCertificateIdentity(signingCert);
|
|
499
|
+
const now = new Date();
|
|
500
|
+
const notBefore = new Date(now.getTime() - 60000);
|
|
501
|
+
const notAfter = addDays(now, ttlDays);
|
|
502
|
+
const spiffeId = `spiffe://${spiffeTrustDomain}/nodes/${nodeSid}`;
|
|
503
|
+
const extensions = await buildLeafExtensions(publicKey, nodeSid, nodeId, spiffeId, logicalHosts, issuerIdentity.subjectPublicKeyInfo);
|
|
504
|
+
const issuerName = issuerIdentity.name;
|
|
505
|
+
const subjectName = buildCertificateName(nodeSid, "Naylence Fame", "Fame Nodes");
|
|
506
|
+
const certDer = await createEd25519Certificate({
|
|
507
|
+
subject: subjectName,
|
|
508
|
+
issuer: issuerName,
|
|
509
|
+
subjectPublicKey: publicKey,
|
|
510
|
+
signingKey,
|
|
511
|
+
notBefore,
|
|
512
|
+
notAfter,
|
|
513
|
+
extensions,
|
|
514
|
+
});
|
|
515
|
+
return derToPem(certDer, "CERTIFICATE");
|
|
516
|
+
}
|
|
517
|
+
/**
|
|
518
|
+
* Create an intermediate CA certificate.
|
|
519
|
+
*
|
|
520
|
+
* @param publicKeyPem - Intermediate CA's public key in PEM format
|
|
521
|
+
* @param caName - Name for the intermediate CA
|
|
522
|
+
* @param permittedPaths - List of logical prefixes this CA can issue for
|
|
523
|
+
* @param ttlDays - Certificate validity period in days
|
|
524
|
+
* @returns PEM-encoded intermediate CA certificate
|
|
525
|
+
*/
|
|
526
|
+
async createIntermediateCA(publicKeyPem, caName, permittedPaths, ttlDays = 1825) {
|
|
527
|
+
await this.ensureRootMaterials();
|
|
528
|
+
const rootCert = this.getRootCertificate();
|
|
529
|
+
const rootKey = this.getRootKey();
|
|
530
|
+
await ensureCrypto();
|
|
531
|
+
const subjectPublicKey = await importEd25519PublicKey(publicKeyPem);
|
|
532
|
+
const now = new Date();
|
|
533
|
+
const notBefore = new Date(now.getTime() - 60000);
|
|
534
|
+
const notAfter = addDays(now, ttlDays);
|
|
535
|
+
const subjectName = buildCertificateName(caName, "Naylence Fame", "Fame Intermediate CAs");
|
|
536
|
+
const issuerIdentity = getCertificateIdentity(rootCert);
|
|
537
|
+
const extensions = await buildCaExtensions(subjectPublicKey, issuerIdentity.subjectPublicKeyInfo, {
|
|
538
|
+
pathLength: 0,
|
|
539
|
+
permittedDnsDomains: permittedPaths.length
|
|
540
|
+
? [getFameRootDomain()]
|
|
541
|
+
: undefined,
|
|
542
|
+
});
|
|
543
|
+
const certDer = await createEd25519Certificate({
|
|
544
|
+
subject: subjectName,
|
|
545
|
+
issuer: issuerIdentity.name,
|
|
546
|
+
subjectPublicKey,
|
|
547
|
+
signingKey: rootKey,
|
|
548
|
+
notBefore,
|
|
549
|
+
notAfter,
|
|
550
|
+
extensions,
|
|
551
|
+
});
|
|
552
|
+
return derToPem(certDer, "CERTIFICATE");
|
|
553
|
+
}
|
|
554
|
+
}
|
|
555
|
+
exports.CASigningService = CASigningService;
|
|
556
|
+
/**
|
|
557
|
+
* Create a test root CA for development/testing.
|
|
558
|
+
*
|
|
559
|
+
* Generates an Ed25519 key pair and self-signed root CA certificate.
|
|
560
|
+
*
|
|
561
|
+
* @returns Tuple of [rootCertPem, rootKeyPem]
|
|
562
|
+
*/
|
|
563
|
+
async function createTestCA() {
|
|
564
|
+
const subtle = await getSubtleCrypto();
|
|
565
|
+
await ensureCrypto();
|
|
566
|
+
const keyPair = await subtle.generateKey({
|
|
567
|
+
name: "Ed25519",
|
|
568
|
+
namedCurve: "Ed25519",
|
|
569
|
+
}, true, ["sign", "verify"]);
|
|
570
|
+
const privateKeyDer = await subtle.exportKey("pkcs8", keyPair.privateKey);
|
|
571
|
+
const publicKeyDer = await subtle.exportKey("spki", keyPair.publicKey);
|
|
572
|
+
const rootKeyPem = derToPem(privateKeyDer, "PRIVATE KEY");
|
|
573
|
+
const publicKeyPem = derToPem(publicKeyDer, "PUBLIC KEY");
|
|
574
|
+
const now = new Date();
|
|
575
|
+
const notBefore = new Date(now.getTime() - 60000);
|
|
576
|
+
const notAfter = addDays(now, 365 * 20);
|
|
577
|
+
const subjectName = buildCertificateName("Fame Test Root CA", "Naylence Fame");
|
|
578
|
+
const extensions = await buildCaExtensions(keyPair.publicKey, keyPair.publicKey, { pathLength: null });
|
|
579
|
+
const certDer = await createEd25519Certificate({
|
|
580
|
+
subject: subjectName,
|
|
581
|
+
issuer: subjectName,
|
|
582
|
+
subjectPublicKey: keyPair.publicKey,
|
|
583
|
+
signingKey: keyPair.privateKey,
|
|
584
|
+
notBefore,
|
|
585
|
+
notAfter,
|
|
586
|
+
extensions,
|
|
587
|
+
});
|
|
588
|
+
const rootCertPem = derToPem(certDer, "CERTIFICATE");
|
|
589
|
+
return [rootCertPem, rootKeyPem, publicKeyPem];
|
|
590
|
+
}
|
|
591
|
+
/**
|
|
592
|
+
* Extract SPIFFE ID from certificate SAN.
|
|
593
|
+
*
|
|
594
|
+
* @param certPem - Certificate in PEM format
|
|
595
|
+
* @returns SPIFFE ID string or null if not found
|
|
596
|
+
*/
|
|
597
|
+
async function extractSpiffeIdFromCert(certPem) {
|
|
598
|
+
const x509 = await loadX509Module();
|
|
599
|
+
if (!x509) {
|
|
600
|
+
throw new Error("@peculiar/x509 module not available");
|
|
601
|
+
}
|
|
602
|
+
try {
|
|
603
|
+
const certDer = pemToDer(certPem);
|
|
604
|
+
const cert = new x509.X509Certificate(certDer);
|
|
605
|
+
// TODO: Extract SAN extension and find SPIFFE URI
|
|
606
|
+
// This requires accessing the certificate extensions
|
|
607
|
+
console.log("Extracting SPIFFE ID from cert:", cert.subject);
|
|
608
|
+
return null;
|
|
609
|
+
}
|
|
610
|
+
catch (error) {
|
|
611
|
+
console.error("Failed to extract SPIFFE ID:", error);
|
|
612
|
+
return null;
|
|
613
|
+
}
|
|
614
|
+
}
|
|
615
|
+
/**
|
|
616
|
+
* Extract raw SID bytes from certificate extension.
|
|
617
|
+
*
|
|
618
|
+
* @param certPem - Certificate in PEM format
|
|
619
|
+
* @returns SID bytes or null if not found
|
|
620
|
+
*/
|
|
621
|
+
async function extractSidFromCert(certPem) {
|
|
622
|
+
const x509 = await loadX509Module();
|
|
623
|
+
if (!x509) {
|
|
624
|
+
throw new Error("@peculiar/x509 module not available");
|
|
625
|
+
}
|
|
626
|
+
try {
|
|
627
|
+
const certDer = pemToDer(certPem);
|
|
628
|
+
const cert = new x509.X509Certificate(certDer);
|
|
629
|
+
const sidExtension = cert.getExtension(exports.SID_OID);
|
|
630
|
+
if (sidExtension) {
|
|
631
|
+
return new Uint8Array(sidExtension);
|
|
632
|
+
}
|
|
633
|
+
return null;
|
|
634
|
+
}
|
|
635
|
+
catch (error) {
|
|
636
|
+
console.error("Failed to extract SID:", error);
|
|
637
|
+
return null;
|
|
638
|
+
}
|
|
639
|
+
}
|
|
640
|
+
/**
|
|
641
|
+
* Extract node ID from certificate extension.
|
|
642
|
+
*
|
|
643
|
+
* @param certPem - Certificate in PEM format
|
|
644
|
+
* @returns Node ID string or null if not found
|
|
645
|
+
*/
|
|
646
|
+
async function extractNodeIdFromCert(certPem) {
|
|
647
|
+
const x509 = await loadX509Module();
|
|
648
|
+
if (!x509) {
|
|
649
|
+
throw new Error("@peculiar/x509 module not available");
|
|
650
|
+
}
|
|
651
|
+
try {
|
|
652
|
+
const certDer = pemToDer(certPem);
|
|
653
|
+
const cert = new x509.X509Certificate(certDer);
|
|
654
|
+
const nodeIdExtension = cert.getExtension(exports.NODE_ID_OID);
|
|
655
|
+
if (nodeIdExtension) {
|
|
656
|
+
const decoder = new TextDecoder();
|
|
657
|
+
return decoder.decode(nodeIdExtension);
|
|
658
|
+
}
|
|
659
|
+
return null;
|
|
660
|
+
}
|
|
661
|
+
catch (error) {
|
|
662
|
+
console.error("Failed to extract node ID:", error);
|
|
663
|
+
return null;
|
|
664
|
+
}
|
|
665
|
+
}
|
|
666
|
+
/**
|
|
667
|
+
* Extract logical hosts from certificate private extension.
|
|
668
|
+
*
|
|
669
|
+
* @param certPem - Certificate in PEM format
|
|
670
|
+
* @returns List of logical host addresses, empty if none found
|
|
671
|
+
*/
|
|
672
|
+
async function extractLogicalHostsFromCert(certPem) {
|
|
673
|
+
const x509 = await loadX509Module();
|
|
674
|
+
if (!x509) {
|
|
675
|
+
throw new Error("@peculiar/x509 module not available");
|
|
676
|
+
}
|
|
677
|
+
try {
|
|
678
|
+
const certDer = pemToDer(certPem);
|
|
679
|
+
const cert = new x509.X509Certificate(certDer);
|
|
680
|
+
const logicalsExtension = cert.getExtension(exports.LOGICALS_OID);
|
|
681
|
+
if (logicalsExtension) {
|
|
682
|
+
const decoder = new TextDecoder();
|
|
683
|
+
const jsonStr = decoder.decode(logicalsExtension);
|
|
684
|
+
return JSON.parse(jsonStr);
|
|
685
|
+
}
|
|
686
|
+
return [];
|
|
687
|
+
}
|
|
688
|
+
catch (error) {
|
|
689
|
+
console.error("Failed to extract logical hosts:", error);
|
|
690
|
+
return [];
|
|
691
|
+
}
|
|
692
|
+
}
|
|
693
|
+
/**
|
|
694
|
+
* Extract the SID string from a SPIFFE ID.
|
|
695
|
+
*
|
|
696
|
+
* @param spiffeId - SPIFFE ID in format spiffe://trust-domain/nodes/<sid>
|
|
697
|
+
* @returns SID string (base62-encoded) or null if not a valid node SPIFFE ID
|
|
698
|
+
*/
|
|
699
|
+
function extractSidFromSpiffeId(spiffeId) {
|
|
700
|
+
if (!spiffeId.startsWith("spiffe://")) {
|
|
701
|
+
return null;
|
|
702
|
+
}
|
|
703
|
+
// Parse spiffe://trust-domain/nodes/<sid>
|
|
704
|
+
const parts = spiffeId.split("/");
|
|
705
|
+
if (parts.length >= 5 && parts[3] === "nodes") {
|
|
706
|
+
return parts[4] ?? null; // The SID string (base62-encoded)
|
|
707
|
+
}
|
|
708
|
+
return null;
|
|
709
|
+
}
|
|
710
|
+
/**
|
|
711
|
+
* Verify that the SID in the certificate matches the expected physical path.
|
|
712
|
+
*
|
|
713
|
+
* @param certPem - Certificate in PEM format
|
|
714
|
+
* @param physicalPath - The expected physical path to verify against
|
|
715
|
+
* @returns True if SID matches computed hash of physical path, False otherwise
|
|
716
|
+
*/
|
|
717
|
+
async function verifyCertSidIntegrity(certPem, physicalPath) {
|
|
718
|
+
const sidBytes = await extractSidFromCert(certPem);
|
|
719
|
+
if (!sidBytes) {
|
|
720
|
+
return false;
|
|
721
|
+
}
|
|
722
|
+
try {
|
|
723
|
+
const decoder = new TextDecoder();
|
|
724
|
+
const certSid = decoder.decode(sidBytes);
|
|
725
|
+
// Compute expected SID from physical path and compare
|
|
726
|
+
// TODO: Import secureDigest from runtime
|
|
727
|
+
// const expectedSid = secureDigest(physicalPath);
|
|
728
|
+
// return certSid === expectedSid;
|
|
729
|
+
console.log("Verifying SID integrity:", { certSid, physicalPath });
|
|
730
|
+
return false; // Placeholder until secureDigest is available
|
|
731
|
+
}
|
|
732
|
+
catch (error) {
|
|
733
|
+
console.error("Failed to verify SID integrity:", error);
|
|
734
|
+
return false;
|
|
735
|
+
}
|
|
736
|
+
}
|
|
737
|
+
// ============================================================================
|
|
738
|
+
// Utility Functions
|
|
739
|
+
// ============================================================================
|
|
740
|
+
/**
|
|
741
|
+
* Convert PEM to DER format as ArrayBuffer.
|
|
742
|
+
*/
|
|
743
|
+
function pemToDer(pem) {
|
|
744
|
+
const base64 = pem
|
|
745
|
+
.replace(/-----BEGIN[^-]+-----/, "")
|
|
746
|
+
.replace(/-----END[^-]+-----/, "")
|
|
747
|
+
.replace(/\s/g, "");
|
|
748
|
+
const bytes = base64ToBuffer(base64);
|
|
749
|
+
// Create a new ArrayBuffer and copy the data
|
|
750
|
+
const buffer = new ArrayBuffer(bytes.length);
|
|
751
|
+
const view = new Uint8Array(buffer);
|
|
752
|
+
view.set(bytes);
|
|
753
|
+
return buffer;
|
|
754
|
+
}
|
|
755
|
+
/**
|
|
756
|
+
* Convert base64 string to Uint8Array.
|
|
757
|
+
*/
|
|
758
|
+
function base64ToBuffer(base64) {
|
|
759
|
+
if (typeof Buffer !== "undefined") {
|
|
760
|
+
return Buffer.from(base64, "base64");
|
|
761
|
+
}
|
|
762
|
+
const binary = atob(base64);
|
|
763
|
+
const bytes = new Uint8Array(binary.length);
|
|
764
|
+
for (let i = 0; i < binary.length; i++) {
|
|
765
|
+
bytes[i] = binary.charCodeAt(i);
|
|
766
|
+
}
|
|
767
|
+
return bytes;
|
|
768
|
+
}
|
|
769
|
+
/**
|
|
770
|
+
* Convert ArrayBuffer to base64 string.
|
|
771
|
+
*/
|
|
772
|
+
function bufferToBase64(buffer) {
|
|
773
|
+
if (typeof Buffer !== "undefined") {
|
|
774
|
+
return Buffer.from(buffer).toString("base64");
|
|
775
|
+
}
|
|
776
|
+
const bytes = new Uint8Array(buffer);
|
|
777
|
+
let binary = "";
|
|
778
|
+
for (let i = 0; i < bytes.length; i++) {
|
|
779
|
+
binary += String.fromCharCode(bytes[i]);
|
|
780
|
+
}
|
|
781
|
+
return btoa(binary);
|
|
782
|
+
}
|
|
783
|
+
/**
|
|
784
|
+
* Format base64 string into 64-character lines.
|
|
785
|
+
*/
|
|
786
|
+
function formatPem(base64) {
|
|
787
|
+
const lines = [];
|
|
788
|
+
for (let i = 0; i < base64.length; i += 64) {
|
|
789
|
+
lines.push(base64.substring(i, Math.min(i + 64, base64.length)));
|
|
790
|
+
}
|
|
791
|
+
return lines.join("\n");
|
|
792
|
+
}
|
|
793
|
+
//# sourceMappingURL=internal-ca-service.js.map
|