@naylence/advanced-security 0.3.3 → 0.3.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/browser/index.js +7514 -7041
- package/dist/browser/index.js.map +1 -1
- package/dist/cjs/naylence/fame/security/cert/default-ca-service.js +33 -3
- package/dist/cjs/naylence/fame/security/cert/default-ca-service.js.map +1 -1
- package/dist/cjs/naylence/fame/security/cert/index.js.map +1 -1
- package/dist/cjs/naylence/fame/security/cert/util.js +481 -81
- package/dist/cjs/naylence/fame/security/cert/util.js.map +1 -1
- package/dist/cjs/naylence/fame/security/signing/eddsa-envelope-verifier.js +69 -3
- package/dist/cjs/naylence/fame/security/signing/eddsa-envelope-verifier.js.map +1 -1
- package/dist/esm/naylence/fame/security/cert/default-ca-service.js +33 -3
- package/dist/esm/naylence/fame/security/cert/default-ca-service.js.map +1 -1
- package/dist/esm/naylence/fame/security/cert/index.js.map +1 -1
- package/dist/esm/naylence/fame/security/cert/util.js +481 -81
- package/dist/esm/naylence/fame/security/cert/util.js.map +1 -1
- package/dist/esm/naylence/fame/security/signing/eddsa-envelope-verifier.js +36 -3
- package/dist/esm/naylence/fame/security/signing/eddsa-envelope-verifier.js.map +1 -1
- package/dist/types/naylence/fame/security/cert/default-ca-service.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/cert/index.d.ts +1 -1
- package/dist/types/naylence/fame/security/cert/index.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/cert/util.d.ts +13 -23
- package/dist/types/naylence/fame/security/cert/util.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/signing/eddsa-envelope-verifier.d.ts.map +1 -1
- package/package.json +2 -2
|
@@ -50,14 +50,13 @@ function ensureNobleSha512Fallback() {
|
|
|
50
50
|
};
|
|
51
51
|
}
|
|
52
52
|
}
|
|
53
|
-
function normalizeCertificateKey(jwk, signingConfig) {
|
|
53
|
+
function normalizeCertificateKey(jwk, signingConfig, trustStorePem) {
|
|
54
54
|
if (!Array.isArray(jwk.x5c) || jwk.x5c.length === 0) {
|
|
55
55
|
return null;
|
|
56
56
|
}
|
|
57
57
|
if (signingConfig.signingMaterial !== SigningMaterial.X509_CHAIN) {
|
|
58
58
|
throw new Error("Certificate keys are disabled by signing policy");
|
|
59
59
|
}
|
|
60
|
-
const trustStorePem = process.env.FAME_CA_CERTS;
|
|
61
60
|
if (!trustStorePem) {
|
|
62
61
|
throw new Error("FAME_CA_CERTS environment variable must be set to a PEM file containing trusted CA certs when using certificate-based verification");
|
|
63
62
|
}
|
|
@@ -71,7 +70,8 @@ function normalizeCertificateKey(jwk, signingConfig) {
|
|
|
71
70
|
return encodeBase64Url(publicKey);
|
|
72
71
|
}
|
|
73
72
|
async function loadPublicKey(jwk, signingConfig) {
|
|
74
|
-
const
|
|
73
|
+
const trustStorePem = await resolveTrustStorePem();
|
|
74
|
+
const certificateKey = normalizeCertificateKey(jwk, signingConfig, trustStorePem);
|
|
75
75
|
const candidate = certificateKey ??
|
|
76
76
|
(typeof jwk.x === "string"
|
|
77
77
|
? jwk.x
|
|
@@ -83,6 +83,39 @@ async function loadPublicKey(jwk, signingConfig) {
|
|
|
83
83
|
}
|
|
84
84
|
return decodeBase64Url(candidate);
|
|
85
85
|
}
|
|
86
|
+
function hasProcessEnv() {
|
|
87
|
+
return typeof process !== "undefined" && typeof process.env !== "undefined";
|
|
88
|
+
}
|
|
89
|
+
function isNodeProcess() {
|
|
90
|
+
return (typeof process !== "undefined" &&
|
|
91
|
+
typeof process.release !== "undefined" &&
|
|
92
|
+
process.release?.name === "node");
|
|
93
|
+
}
|
|
94
|
+
async function resolveTrustStorePem() {
|
|
95
|
+
if (!hasProcessEnv()) {
|
|
96
|
+
return null;
|
|
97
|
+
}
|
|
98
|
+
const rawValue = process.env?.FAME_CA_CERTS ?? null;
|
|
99
|
+
if (!rawValue || rawValue.trim().length === 0) {
|
|
100
|
+
return null;
|
|
101
|
+
}
|
|
102
|
+
const trimmed = rawValue.replace(/\r/gu, "").trim();
|
|
103
|
+
if (trimmed.startsWith("-----BEGIN")) {
|
|
104
|
+
return trimmed;
|
|
105
|
+
}
|
|
106
|
+
if (!isNodeProcess()) {
|
|
107
|
+
throw new Error("FAME_CA_CERTS must contain PEM-encoded certificates when running outside of Node.js");
|
|
108
|
+
}
|
|
109
|
+
try {
|
|
110
|
+
const fs = await import("node:fs/promises");
|
|
111
|
+
const content = await fs.readFile(trimmed, "utf8");
|
|
112
|
+
return content.replace(/\r/gu, "").trim();
|
|
113
|
+
}
|
|
114
|
+
catch (error) {
|
|
115
|
+
const reason = error instanceof Error ? error.message : String(error);
|
|
116
|
+
throw new Error(`Failed to read trust store from ${trimmed}: ${reason}`);
|
|
117
|
+
}
|
|
118
|
+
}
|
|
86
119
|
export class EdDSAEnvelopeVerifier {
|
|
87
120
|
constructor(keyProvider, options = {}) {
|
|
88
121
|
this.keyProvider = keyProvider;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"eddsa-envelope-verifier.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/signing/eddsa-envelope-verifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,IAAI,KAAK,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EACL,kBAAkB,EAClB,YAAY,GAEb,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,aAAa,EACb,eAAe,EACf,WAAW,EACX,gBAAgB,GACjB,MAAM,2EAA2E,CAAC;AACnF,OAAO,EAAE,UAAU,EAAE,MAAM,iEAAiE,CAAC;AAC7F,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAanD,SAAS,YAAY,CAAC,KAAc,EAAE,KAAa;IACjD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,6BAA6B,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,WAAW,CAAC,KAA4B;IAC/C,OAAQ,KAA2B,CAAC,IAAI,KAAK,MAAM,CAAC;AACtD,CAAC;AAED,SAAS,eAAe,CAAC,KAAiB;IACxC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;aACtB,QAAQ,CAAC,QAAQ,CAAC;aAClB,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;aACpB,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;aACpB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACzB,CAAC;IAED,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC,MAAM,CAAC;aAChB,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;aACpB,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;aACpB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACzB,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;AACrE,CAAC;AAED,SAAS,yBAAyB;IAChC,MAAM,QAAQ,GAAG,KAGhB,CAAC;IAEF,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;QACrB,QAAQ,CAAC,MAAM,GAAG,CAAC,OAAmB,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC;QACzB,QAAQ,CAAC,UAAU,GAAG,CAAC,GAAG,QAAsB,EAAc,EAAE;YAC9D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC1B,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAE,CAAC,CAAC;YAC9B,CAAC;YAED,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,CAAC,GAAG,QAAQ,CAAC,CAAC;YAChD,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC1B,CAAC,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAC9B,GAAgB,EAChB,aAA4B;IAE5B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,aAAa,CAAC,eAAe,KAAK,eAAe,CAAC,UAAU,EAAE,CAAC;QACjE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrE,CAAC;IAED,
|
|
1
|
+
{"version":3,"file":"eddsa-envelope-verifier.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/signing/eddsa-envelope-verifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,IAAI,KAAK,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EACL,kBAAkB,EAClB,YAAY,GAEb,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,aAAa,EACb,eAAe,EACf,WAAW,EACX,gBAAgB,GACjB,MAAM,2EAA2E,CAAC;AACnF,OAAO,EAAE,UAAU,EAAE,MAAM,iEAAiE,CAAC;AAC7F,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAanD,SAAS,YAAY,CAAC,KAAc,EAAE,KAAa;IACjD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,6BAA6B,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,WAAW,CAAC,KAA4B;IAC/C,OAAQ,KAA2B,CAAC,IAAI,KAAK,MAAM,CAAC;AACtD,CAAC;AAED,SAAS,eAAe,CAAC,KAAiB;IACxC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;aACtB,QAAQ,CAAC,QAAQ,CAAC;aAClB,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;aACpB,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;aACpB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACzB,CAAC;IAED,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC,MAAM,CAAC;aAChB,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;aACpB,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;aACpB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACzB,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;AACrE,CAAC;AAED,SAAS,yBAAyB;IAChC,MAAM,QAAQ,GAAG,KAGhB,CAAC;IAEF,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;QACrB,QAAQ,CAAC,MAAM,GAAG,CAAC,OAAmB,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC;QACzB,QAAQ,CAAC,UAAU,GAAG,CAAC,GAAG,QAAsB,EAAc,EAAE;YAC9D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC1B,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAE,CAAC,CAAC;YAC9B,CAAC;YAED,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,CAAC,GAAG,QAAQ,CAAC,CAAC;YAChD,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC1B,CAAC,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAC9B,GAAgB,EAChB,aAA4B,EAC5B,aAA4B;IAE5B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,aAAa,CAAC,eAAe,KAAK,eAAe,CAAC,UAAU,EAAE,CAAC;QACjE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrE,CAAC;IAED,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CACb,oIAAoI,CACrI,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,gBAAgB,CAAC,GAAG,CAAC,GAAe,EAAE;QACtD,sBAAsB,EAAE,aAAa,CAAC,2BAA2B;QACjE,aAAa;KACd,CAAC,CAAC;IAEH,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACzE,CAAC;IAED,OAAO,eAAe,CAAC,SAAS,CAAC,CAAC;AACpC,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,GAAgB,EAChB,aAA4B;IAE5B,MAAM,aAAa,GAAG,MAAM,oBAAoB,EAAE,CAAC;IACnD,MAAM,cAAc,GAAG,uBAAuB,CAC5C,GAAG,EACH,aAAa,EACb,aAAa,CACd,CAAC;IAEF,MAAM,SAAS,GACb,cAAc;QACd,CAAC,OAAO,GAAG,CAAC,CAAC,KAAK,QAAQ;YACxB,CAAC,CAAC,GAAG,CAAC,CAAC;YACP,CAAC,CAAC,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ;gBAC7B,CAAC,CAAC,GAAG,CAAC,KAAK;gBACX,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAEjB,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IAED,OAAO,eAAe,CAAC,SAAS,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,aAAa;IACpB,OAAO,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,WAAW,CAAC;AAC9E,CAAC;AAED,SAAS,aAAa;IACpB,OAAO,CACL,OAAO,OAAO,KAAK,WAAW;QAC9B,OAAO,OAAO,CAAC,OAAO,KAAK,WAAW;QACtC,OAAO,CAAC,OAAO,EAAE,IAAI,KAAK,MAAM,CACjC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,aAAa,IAAI,IAAI,CAAC;IACpD,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACpD,IAAI,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACrC,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CACb,qFAAqF,CACtF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAC5C,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACnD,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC5C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,MAAM,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACtE,MAAM,IAAI,KAAK,CAAC,mCAAmC,OAAO,KAAK,MAAM,EAAE,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC;AAMD,MAAM,OAAO,qBAAqB;IAKhC,YACE,WAAwB,EACxB,UAAwC,EAAE;QAE1C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,IAAI,kBAAkB,EAAE,CAAC;QACvE,yBAAyB,EAAE,CAAC;IAC9B,CAAC;IAEM,KAAK,CAAC,cAAc,CACzB,QAAsB,EACtB,UAAwD,EAAE;QAE1D,MAAM,eAAe,GAAG,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC;QAC1C,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,GAAG,GAAG,YAAY,CACtB,eAAe,CAAC,GAAG,EACnB,gCAAgC,CACjC,CAAC;QACF,MAAM,cAAc,GAAG,YAAY,CACjC,eAAe,CAAC,GAAG,EACnB,gCAAgC,CACjC,CAAC;QAEF,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAuB,CAAC;QACvE,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,EAAE,CAAC,CAAC;QAC5C,CAAC;QAED,IAAI,CAAC;YACH,kBAAkB,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,kBAAkB,EAAE,CAAC;gBACxC,MAAM,IAAI,KAAK,CACb,OAAO,GAAG,8BAA8B,KAAK,CAAC,OAAO,EAAE,CACxD,CAAC;YACJ,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;QAED,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,IAAI,CAAC;QAElD,IAAI,aAAqB,CAAC;QAC1B,IAAI,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAChC,IAAI,YAAY,EAAE,CAAC;gBACjB,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;oBACvB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;gBACjE,CAAC;gBACD,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC;gBAC7C,MAAM,aAAa,GAAG,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;gBACnE,MAAM,YAAY,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;gBACjD,IAAI,YAAY,KAAK,QAAQ,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;oBACvC,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;gBAC1D,CAAC;gBACD,aAAa,GAAG,YAAY,CAAC;YAC/B,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;oBACvB,MAAM,IAAI,KAAK,CACb,2EAA2E,CAC5E,CAAC;gBACJ,CAAC;gBACD,aAAa,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACpC,CAAC;QACH,CAAC;aAAM,CAAC;YACN,aAAa,GAAG,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC9C,CAAC;QAED,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,aAAa,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC5D,MAAM,GAAG,GAAG,IAAI,UAAU,CACxB,UAAU,CAAC,GAAG,CAAC,CAAC,MAAM;YACpB,CAAC;YACD,UAAU,CAAC,SAAS,CAAC,CAAC,MAAM;YAC5B,CAAC;YACD,UAAU,CAAC,aAAa,CAAC,CAAC,MAAM,CACnC,CAAC;QAEF,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;QACjC,MAAM,QAAQ,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;QACvC,MAAM,WAAW,GAAG,UAAU,CAAC,aAAa,CAAC,CAAC;QAC9C,IAAI,MAAM,GAAG,CAAC,CAAC;QAEf,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC1B,MAAM,IAAI,QAAQ,CAAC,MAAM,CAAC;QAC1B,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;QACnB,MAAM,IAAI,CAAC,CAAC;QAEZ,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC1B,MAAM,IAAI,QAAQ,CAAC,MAAM,CAAC;QAC1B,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;QACnB,MAAM,IAAI,CAAC,CAAC;QAEZ,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QAE7B,MAAM,cAAc,GAAG,eAAe,CAAC,cAAc,CAAC,CAAC;QACvD,IAAI,cAAc,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAC/D,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACzD,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,cAAc,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;QAC3D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"default-ca-service.d.ts","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/default-ca-service.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,UAAU,EACV,2BAA2B,EAC3B,yBAAyB,EAC1B,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAG1C;;GAEG;AACH,eAAO,MAAM,qBAAqB,sBAAsB,CAAC;AACzD,eAAO,MAAM,oBAAoB,qBAAqB,CAAC;AACvD,eAAO,MAAM,oBAAoB,qBAAqB,CAAC;AACvD,eAAO,MAAM,mBAAmB,oBAAoB,CAAC;AACrD,eAAO,MAAM,gCAAgC,iCAAiC,CAAC;AAC/E,eAAO,MAAM,+BAA+B,gCAAgC,CAAC;AAC7E,eAAO,MAAM,0BAA0B,2BAA2B,CAAC;AACnE,eAAO,MAAM,yBAAyB,0BAA0B,CAAC;AACjE,eAAO,MAAM,yBAAyB,0BAA0B,CAAC;AACjE,eAAO,MAAM,wBAAwB,yBAAyB,CAAC;AAE/D;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,wCAAwC;IACxC,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,wCAAwC;IACxC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,8DAA8D;IAC9D,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAE9B,mEAAmE;IACnE,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,yDAAyD;IACzD,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,+CAA+C;IAC/C,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB;AAaD;;;;;;;GAOG;AACH,qBAAa,gBAAiB,SAAQ,SAAS;IAC7C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAS;IAC/C,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAS;IACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAa;gBAErC,OAAO,GAAE,uBAA4B;IAWjD,IAAI,UAAU,IAAI,UAAU,GAAG,IAAI,CAElC;IAED;;;;OAIG;YACW,gBAAgB;IAwF9B;;;;;OAKG;YACW,gBAAgB;IAsB9B;;;;;OAKG;IACH,OAAO,CAAC,qBAAqB;IAsB7B;;;;;OAKG;IACG,gBAAgB,CACpB,GAAG,EAAE,yBAAyB,GAC7B,OAAO,CAAC,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"default-ca-service.d.ts","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/default-ca-service.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,UAAU,EACV,2BAA2B,EAC3B,yBAAyB,EAC1B,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAG1C;;GAEG;AACH,eAAO,MAAM,qBAAqB,sBAAsB,CAAC;AACzD,eAAO,MAAM,oBAAoB,qBAAqB,CAAC;AACvD,eAAO,MAAM,oBAAoB,qBAAqB,CAAC;AACvD,eAAO,MAAM,mBAAmB,oBAAoB,CAAC;AACrD,eAAO,MAAM,gCAAgC,iCAAiC,CAAC;AAC/E,eAAO,MAAM,+BAA+B,gCAAgC,CAAC;AAC7E,eAAO,MAAM,0BAA0B,2BAA2B,CAAC;AACnE,eAAO,MAAM,yBAAyB,0BAA0B,CAAC;AACjE,eAAO,MAAM,yBAAyB,0BAA0B,CAAC;AACjE,eAAO,MAAM,wBAAwB,yBAAyB,CAAC;AAE/D;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,wCAAwC;IACxC,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,wCAAwC;IACxC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,8DAA8D;IAC9D,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAE9B,mEAAmE;IACnE,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,yDAAyD;IACzD,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,+CAA+C;IAC/C,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB;AAaD;;;;;;;GAOG;AACH,qBAAa,gBAAiB,SAAQ,SAAS;IAC7C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAS;IAC/C,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAS;IACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAa;gBAErC,OAAO,GAAE,uBAA4B;IAWjD,IAAI,UAAU,IAAI,UAAU,GAAG,IAAI,CAElC;IAED;;;;OAIG;YACW,gBAAgB;IAwF9B;;;;;OAKG;YACW,gBAAgB;IAsB9B;;;;;OAKG;IACH,OAAO,CAAC,qBAAqB;IAsB7B;;;;;OAKG;IACG,gBAAgB,CACpB,GAAG,EAAE,yBAAyB,GAC7B,OAAO,CAAC,2BAA2B,CAAC;CAqGxC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { validateJwkX5cCertificate, type ValidateJwkX5cCertificateOptions, type ValidateJwkX5cCertificateResult, publicKeyFromX5c, } from "./util.js";
|
|
1
|
+
export { validateJwkX5cCertificate, type ValidateJwkX5cCertificateOptions, type ValidateJwkX5cCertificateResult, publicKeyFromX5c, type PublicKeyFromX5cOptions, } from "./util.js";
|
|
2
2
|
export { GRANT_PURPOSE_CA_SIGN } from "./grants.js";
|
|
3
3
|
export { DefaultCertificateManager, type DefaultCertificateManagerOptions, type SigningConfigInstance as DefaultCertificateManagerSigningConfigInstance, } from "./default-certificate-manager.js";
|
|
4
4
|
export { DefaultCertificateManagerFactory, FACTORY_META as DEFAULT_CERTIFICATE_MANAGER_FACTORY_META, type DefaultCertificateManagerConfig, } from "./default-certificate-manager-factory.js";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,yBAAyB,EACzB,KAAK,gCAAgC,EACrC,KAAK,+BAA+B,EACpC,gBAAgB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,yBAAyB,EACzB,KAAK,gCAAgC,EACrC,KAAK,+BAA+B,EACpC,gBAAgB,EAChB,KAAK,uBAAuB,GAC7B,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EACL,yBAAyB,EACzB,KAAK,gCAAgC,EACrC,KAAK,qBAAqB,IAAI,8CAA8C,GAC7E,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EACL,gCAAgC,EAChC,YAAY,IAAI,wCAAwC,EACxD,KAAK,+BAA+B,GACrC,MAAM,0CAA0C,CAAC;AAGlD,OAAO,EACL,KAAK,UAAU,EACf,KAAK,yBAAyB,EAC9B,KAAK,2BAA2B,EAChC,SAAS,EACT,uBAAuB,EACvB,KAAK,eAAe,GACrB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,eAAe,EACf,sBAAsB,EACtB,qBAAqB,EACrB,KAAK,mBAAmB,EACxB,KAAK,0BAA0B,EAC/B,2BAA2B,GAC5B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,gBAAgB,EAChB,KAAK,uBAAuB,EAC5B,OAAO,EACP,YAAY,EACZ,WAAW,EACX,YAAY,EACZ,uBAAuB,EACvB,kBAAkB,EAClB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,gBAAgB,EAChB,KAAK,uBAAuB,EAC5B,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,EACnB,gCAAgC,EAChC,+BAA+B,EAC/B,0BAA0B,EAC1B,yBAAyB,EACzB,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,gBAAgB,EAChB,KAAK,eAAe,EACpB,4BAA4B,GAC7B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,uBAAuB,EACvB,KAAK,sBAAsB,GAC5B,MAAM,iCAAiC,CAAC"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { Certificate } from "@peculiar/asn1-x509";
|
|
1
2
|
export interface ValidateJwkX5cCertificateOptions {
|
|
2
3
|
jwk: Record<string, unknown>;
|
|
3
4
|
trustStorePem?: string | null;
|
|
@@ -8,28 +9,17 @@ export interface ValidateJwkX5cCertificateResult {
|
|
|
8
9
|
isValid: boolean;
|
|
9
10
|
error?: string;
|
|
10
11
|
}
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
*
|
|
14
|
-
* NOTE: The full certificate chain validation logic from the Python runtime
|
|
15
|
-
* is still being ported. This implementation performs lightweight structure
|
|
16
|
-
* checks and defers deep X.509 validation until the remaining modules are
|
|
17
|
-
* available.
|
|
18
|
-
*/
|
|
19
|
-
export declare function validateJwkX5cCertificate(options: ValidateJwkX5cCertificateOptions): ValidateJwkX5cCertificateResult;
|
|
20
|
-
/**
|
|
21
|
-
* Extract public key from X.509 certificate chain.
|
|
22
|
-
*
|
|
23
|
-
* Parses the leaf certificate from an x5c array and extracts the raw public key bytes.
|
|
24
|
-
* For Ed25519 certificates, this returns the 32-byte public key.
|
|
25
|
-
*
|
|
26
|
-
* @param x5c - Array of base64-encoded DER certificates (leaf first)
|
|
27
|
-
* @param options - Validation options
|
|
28
|
-
* @returns The raw public key bytes from the leaf certificate
|
|
29
|
-
* @throws Error if certificate parsing or validation fails
|
|
30
|
-
*/
|
|
31
|
-
export declare function publicKeyFromX5c(x5c: string[], options?: {
|
|
12
|
+
export interface PublicKeyFromX5cOptions {
|
|
13
|
+
trustStorePem?: string | null;
|
|
32
14
|
enforceNameConstraints?: boolean;
|
|
33
|
-
|
|
34
|
-
}
|
|
15
|
+
returnCertificate?: boolean;
|
|
16
|
+
}
|
|
17
|
+
export declare function publicKeyFromX5c(x5c: string[], options?: PublicKeyFromX5cOptions): Uint8Array;
|
|
18
|
+
export declare function publicKeyFromX5c(x5c: string[], options: PublicKeyFromX5cOptions & {
|
|
19
|
+
returnCertificate: true;
|
|
20
|
+
}): {
|
|
21
|
+
publicKey: Uint8Array;
|
|
22
|
+
certificate: Certificate;
|
|
23
|
+
};
|
|
24
|
+
export declare function validateJwkX5cCertificate(options: ValidateJwkX5cCertificateOptions): ValidateJwkX5cCertificateResult;
|
|
35
25
|
//# sourceMappingURL=util.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/util.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/util.ts"],"names":[],"mappings":"AACA,OAAO,EACL,WAAW,EAQZ,MAAM,qBAAqB,CAAC;AA4B7B,MAAM,WAAW,gCAAgC;IAC/C,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC7B,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,+BAA+B;IAC9C,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,uBAAuB;IACtC,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED,wBAAgB,gBAAgB,CAC9B,GAAG,EAAE,MAAM,EAAE,EACb,OAAO,CAAC,EAAE,uBAAuB,GAChC,UAAU,CAAC;AACd,wBAAgB,gBAAgB,CAC9B,GAAG,EAAE,MAAM,EAAE,EACb,OAAO,EAAE,uBAAuB,GAAG;IAAE,iBAAiB,EAAE,IAAI,CAAA;CAAE,GAC7D;IAAE,SAAS,EAAE,UAAU,CAAC;IAAC,WAAW,EAAE,WAAW,CAAA;CAAE,CAAC;AA+DvD,wBAAgB,yBAAyB,CACvC,OAAO,EAAE,gCAAgC,GACxC,+BAA+B,CAgDjC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"eddsa-envelope-verifier.d.ts","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/signing/eddsa-envelope-verifier.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAa,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9D,OAAO,EACL,kBAAkB,EAElB,KAAK,WAAW,EACjB,MAAM,mBAAmB,CAAC;AAW3B,KAAK,aAAa,GAAG,YAAY,CAAC,OAAO,kBAAkB,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"eddsa-envelope-verifier.d.ts","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/signing/eddsa-envelope-verifier.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAa,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9D,OAAO,EACL,kBAAkB,EAElB,KAAK,WAAW,EACjB,MAAM,mBAAmB,CAAC;AAW3B,KAAK,aAAa,GAAG,YAAY,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAwK7D,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,CAAC,aAAa,CAAC,EAAE,aAAa,GAAG,IAAI,CAAC;CAC/C;AAED,qBAAa,qBAAqB;IAChC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;IAE1C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAgB;gBAG5C,WAAW,EAAE,WAAW,EACxB,OAAO,GAAE,4BAAiC;IAO/B,cAAc,CACzB,QAAQ,EAAE,YAAY,EACtB,OAAO,GAAE;QAAE,YAAY,CAAC,EAAE,OAAO,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAO,GACzD,OAAO,CAAC,OAAO,CAAC;CAsGpB;AAED,YAAY,EAAE,aAAa,IAAI,qBAAqB,EAAE,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@naylence/advanced-security",
|
|
3
|
-
"version": "0.3.
|
|
3
|
+
"version": "0.3.5",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "Advanced security utilities for the Naylence Fame runtime implemented in TypeScript.",
|
|
6
6
|
"author": "Naylence Dev <naylencedev@gmail.com>",
|
|
@@ -70,7 +70,7 @@
|
|
|
70
70
|
"prepublishOnly": "npm run build && npm test"
|
|
71
71
|
},
|
|
72
72
|
"dependencies": {
|
|
73
|
-
"@naylence/runtime": "^0.3.
|
|
73
|
+
"@naylence/runtime": "^0.3.3",
|
|
74
74
|
"@noble/ciphers": "^2.0.1",
|
|
75
75
|
"@noble/curves": "^1.4.0",
|
|
76
76
|
"@noble/ed25519": "^2.1.0",
|