npm - @naylence/advanced-security - Versions diffs - 0.3.5-test.101 → 0.3.5-test.102 - Mend

@naylence/advanced-security 0.3.5-test.101 → 0.3.5-test.102

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (127) hide show

package/dist/esm/naylence/fame/factory-manifest.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"factory-manifest.js","sourceRoot":"","sources":["../../../../src/naylence/fame/factory-manifest.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,CAAC,MAAM,OAAO,GAAG;IACrB,+CAA+C;IAC/C,wDAAwD;IACxD,qEAAqE;IACrE,+DAA+D;IAC/D,iEAAiE;IACjE,mEAAmE;IACnE,4CAA4C;IAC5C,qDAAqD;IACrD,uDAAuD;IACvD,8DAA8D;IAC9D,wDAAwD;IACxD,+CAA+C;CACvC,CAAC"}
1	+ {"version":3,"file":"factory-manifest.js","sourceRoot":"","sources":["../../../../src/naylence/fame/factory-manifest.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,CAAC,MAAM,OAAO,GAAG;IACrB,+CAA+C;IAC/C,wDAAwD;IACxD,qEAAqE;IACrE,+DAA+D;IAC/D,iEAAiE;IACjE,mEAAmE;IACnE,4CAA4C;IAC5C,qDAAqD;IACrD,uDAAuD;IACvD,8DAA8D;IAC9D,wDAAwD;IACxD,+CAA+C;CACvC,CAAC;AAKX,MAAM,CAAC,MAAM,cAAc,GAAmD;IAC5E,+CAA+C,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,+CAA+C,CAAC;IAC9G,wDAAwD,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,wDAAwD,CAAC;IAChI,qEAAqE,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,qEAAqE,CAAC;IAC1J,+DAA+D,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,+DAA+D,CAAC;IAC9I,iEAAiE,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,iEAAiE,CAAC;IAClJ,mEAAmE,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,mEAAmE,CAAC;IACtJ,4CAA4C,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,4CAA4C,CAAC;IACxG,qDAAqD,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,qDAAqD,CAAC;IAC1H,uDAAuD,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,uDAAuD,CAAC;IAC9H,8DAA8D,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,8DAA8D,CAAC;IAC5I,wDAAwD,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,wDAAwD,CAAC;IAChI,+CAA+C,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,+CAA+C,CAAC;CAC/G,CAAC"}

package/dist/esm/naylence/fame/security/cert/browser-csr.js ADDED Viewed

@@ -0,0 +1,103 @@
+import { AsnConvert, OctetString } from "@peculiar/asn1-schema";
+import { Attributes, CertificationRequest, CertificationRequestInfo, } from "@peculiar/asn1-csr";
+import { AlgorithmIdentifier, Attribute, AttributeTypeAndValue, AttributeValue, Extension, Extensions, GeneralName, Name, RelativeDistinguishedName, SubjectAlternativeName, SubjectPublicKeyInfo, id_ce_subjectAltName, } from "@peculiar/asn1-x509";
+const ED25519_OID = "1.3.101.112";
+const OID_COMMON_NAME = "2.5.4.3";
+const LOGICAL_URI_PREFIX = "naylence://";
+function ensureSubtleCrypto() {
+    const instance = globalThis.crypto?.subtle;
+    if (!instance) {
+        throw new Error("WebCrypto subtle API is required to create a CSR");
+    }
+    return instance;
+}
+function buildSubject(commonName) {
+    if (!commonName || typeof commonName !== "string") {
+        throw new Error("commonName must be a non-empty string");
+    }
+    return new Name([
+        new RelativeDistinguishedName([
+            new AttributeTypeAndValue({
+                type: OID_COMMON_NAME,
+                value: new AttributeValue({ utf8String: commonName }),
+            }),
+        ]),
+    ]);
+}
+function arrayBufferToBase64(buffer) {
+    const bytes = new Uint8Array(buffer);
+    if (typeof globalThis.Buffer?.from === "function") {
+        return globalThis.Buffer.from(bytes).toString("base64");
+    }
+    let binary = "";
+    const chunkSize = 0x8000;
+    for (let offset = 0; offset < bytes.length; offset += chunkSize) {
+        const slice = bytes.subarray(offset, offset + chunkSize);
+        binary += String.fromCharCode(...slice);
+    }
+    if (typeof globalThis.btoa !== "function") {
+        throw new Error("Base64 encoding not available in this environment");
+    }
+    return globalThis.btoa(binary);
+}
+function derToPem(der, label) {
+    const base64 = arrayBufferToBase64(der);
+    const lines = [];
+    for (let index = 0; index < base64.length; index += 64) {
+        lines.push(base64.slice(index, index + 64));
+    }
+    return `-----BEGIN ${label}-----\n${lines.join("\n")}\n-----END ${label}-----\n`;
+}
+export async function createEd25519Csr(options) {
+    const subtle = ensureSubtleCrypto();
+    const { privateKey, publicKey, commonName } = options;
+    if (!(privateKey instanceof CryptoKey) || privateKey.type !== "private") {
+        throw new Error("privateKey must be a CryptoKey of type 'private'");
+    }
+    if (!(publicKey instanceof CryptoKey) || publicKey.type !== "public") {
+        throw new Error("publicKey must be a CryptoKey of type 'public'");
+    }
+    const subject = buildSubject(commonName);
+    const spkiDer = await subtle.exportKey("spki", publicKey);
+    const subjectPublicKeyInfo = AsnConvert.parse(spkiDer, SubjectPublicKeyInfo);
+    const attributes = new Attributes();
+    const sanitizedLogicals = Array.isArray(options.logicals)
+        ? options.logicals
+            .map((logical) => logical.trim())
+            .filter((logical) => logical.length > 0)
+        : [];
+    if (sanitizedLogicals.length > 0) {
+        const san = new SubjectAlternativeName(sanitizedLogicals.map((logical) => new GeneralName({
+            uniformResourceIdentifier: `${LOGICAL_URI_PREFIX}${logical}`,
+        })));
+        const extensions = new Extensions([
+            new Extension({
+                extnID: id_ce_subjectAltName,
+                critical: false,
+                extnValue: new OctetString(AsnConvert.serialize(san)),
+            }),
+        ]);
+        attributes.push(new Attribute({
+            type: "1.2.840.113549.1.9.14",
+            values: [AsnConvert.serialize(extensions)],
+        }));
+    }
+    const requestInfo = new CertificationRequestInfo({
+        subject,
+        subjectPKInfo: subjectPublicKeyInfo,
+        attributes,
+    });
+    const requestInfoDer = AsnConvert.serialize(requestInfo);
+    const signature = await subtle.sign("Ed25519", privateKey, requestInfoDer);
+    const certificationRequest = new CertificationRequest({
+        certificationRequestInfo: requestInfo,
+        signatureAlgorithm: new AlgorithmIdentifier({
+            algorithm: ED25519_OID,
+        }),
+        signature,
+    });
+    const csrDer = AsnConvert.serialize(certificationRequest);
+    const csrPem = derToPem(csrDer, "CERTIFICATE REQUEST");
+    return { csrPem, csrDer };
+}
+//# sourceMappingURL=browser-csr.js.map

package/dist/esm/naylence/fame/security/cert/browser-csr.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"browser-csr.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/browser-csr.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EACN,UAAU,EACV,oBAAoB,EACpB,wBAAwB,GACxB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACN,mBAAmB,EACnB,SAAS,EACT,qBAAqB,EACrB,cAAc,EACd,SAAS,EACT,UAAU,EACV,WAAW,EACX,IAAI,EACJ,yBAAyB,EACzB,sBAAsB,EACtB,oBAAoB,EACpB,oBAAoB,GACpB,MAAM,qBAAqB,CAAC;AAI7B,MAAM,WAAW,GAAG,aAAa,CAAC;AAClC,MAAM,eAAe,GAAG,SAAS,CAAC;AAClC,MAAM,kBAAkB,GAAG,aAAa,CAAC;AASzC,SAAS,kBAAkB;IAC1B,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC;IAC3C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACrE,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC;AAED,SAAS,YAAY,CAAC,UAAkB;IACvC,IAAI,CAAC,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,IAAI,IAAI,CAAC;QACf,IAAI,yBAAyB,CAAC;YAC7B,IAAI,qBAAqB,CAAC;gBACzB,IAAI,EAAE,eAAe;gBACrB,KAAK,EAAE,IAAI,cAAc,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;aACrD,CAAC;SACF,CAAC;KACF,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAmB;IAC/C,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IAErC,IAAI,OAAO,UAAU,CAAC,MAAM,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;QACnD,OAAO,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,SAAS,GAAG,MAAM,CAAC;IACzB,KAAK,IAAI,MAAM,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC,MAAM,EAAE,MAAM,IAAI,SAAS,EAAE,CAAC;QACjE,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;QACzD,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,OAAO,UAAU,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACtE,CAAC;IAED,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,QAAQ,CAAC,GAAgB,EAAE,KAAa;IAChD,MAAM,MAAM,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,IAAI,EAAE,EAAE,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,GAAG,EAAE,CAAC,CAAC,CAAC;IAC7C,CAAC;IAED,OAAO,cAAc,KAAK,UAAU,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,KAAK,SAAS,CAAC;AAClF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACrC,OAAgC;IAEhC,MAAM,MAAM,GAAG,kBAAkB,EAAE,CAAC;IACpC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAEtD,IAAI,CAAC,CAAC,UAAU,YAAY,SAAS,CAAC,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QACzE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACrE,CAAC;IAED,IAAI,CAAC,CAAC,SAAS,YAAY,SAAS,CAAC,IAAI,SAAS,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtE,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAC1D,MAAM,oBAAoB,GAAG,UAAU,CAAC,KAAK,CAC5C,OAAO,EACP,oBAAoB,CACpB,CAAC;IAEF,MAAM,UAAU,GAAG,IAAI,UAAU,EAAE,CAAC;IACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;QACxD,CAAC,CAAC,OAAO,CAAC,QAAQ;aACf,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;aAChC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;QAC1C,CAAC,CAAC,EAAE,CAAC;IAEN,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClC,MAAM,GAAG,GAAG,IAAI,sBAAsB,CACrC,iBAAiB,CAAC,GAAG,CACpB,CAAC,OAAO,EAAE,EAAE,CACX,IAAI,WAAW,CAAC;YACf,yBAAyB,EAAE,GAAG,kBAAkB,GAAG,OAAO,EAAE;SAC5D,CAAC,CACH,CACD,CAAC;QAEF,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC;YACjC,IAAI,SAAS,CAAC;gBACb,MAAM,EAAE,oBAAoB;gBAC5B,QAAQ,EAAE,KAAK;gBACf,SAAS,EAAE,IAAI,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;aACrD,CAAC;SACF,CAAC,CAAC;QAEH,UAAU,CAAC,IAAI,CACd,IAAI,SAAS,CAAC;YACb,IAAI,EAAE,uBAAuB;YAC7B,MAAM,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;SAC1C,CAAC,CACF,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,wBAAwB,CAAC;QAChD,OAAO;QACP,aAAa,EAAE,oBAAoB;QACnC,UAAU;KACV,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,UAAU,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;IAE3E,MAAM,oBAAoB,GAAG,IAAI,oBAAoB,CAAC;QACrD,wBAAwB,EAAE,WAAW;QACrC,kBAAkB,EAAE,IAAI,mBAAmB,CAAC;YAC3C,SAAS,EAAE,WAAW;SACtB,CAAC;QACF,SAAS;KACT,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;IAC1D,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;IAEvD,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC3B,CAAC"}

package/dist/esm/naylence/fame/security/cert/ca-server.js CHANGED Viewed

@@ -5,6 +5,7 @@
  * Provides certificate issuance via HTTP using Fastify.
  * Mirrors the Python ca_server.py implementation.
  */
+import { sha256 } from "@noble/hashes/sha256.js";
 import Fastify from "fastify";
 import { CAServiceFactory } from "./ca-service-factory.js";
 // Simple console logger for CA server
@@ -97,6 +98,30 @@ function createCaRouter(fastify, caService, prefix = "/fame/v1/ca") {
     fastify.get("/health", async () => {
         return { status: "healthy", service: "ca-server" };
     });
+    const trustBundlePath = "/.well-known/naylence/trust-bundle.json";
+    fastify.get(trustBundlePath, async (request, reply) => {
+        const bundle = await caService.getTrustBundle();
+        if (!bundle) {
+            return reply.status(404).send({
+                error: "trust_bundle_unavailable",
+            });
+        }
+        const payload = JSON.stringify(bundle);
+        const etag = `"${computeEtag(payload)}"`;
+        const requestEtag = request.headers["if-none-match"];
+        if (typeof requestEtag === "string" && requestEtag.replace(/W\//u, "") === etag.replace(/W\//u, "")) {
+            return reply
+                .status(304)
+                .header("ETag", etag)
+                .header("Cache-Control", trustBundleCacheControl())
+                .send();
+        }
+        return reply
+            .header("Content-Type", "application/json")
+            .header("Cache-Control", trustBundleCacheControl())
+            .header("ETag", etag)
+            .send(bundle);
+    });
 }
 /**
  * Create Fastify application with CA service lifespan management.
@@ -150,4 +175,14 @@ if (import.meta.url === `file://${process.argv[1]}`) {
     });
 }
 export { createApp };
+function computeEtag(payload) {
+    const encoder = new TextEncoder();
+    const digest = sha256(encoder.encode(payload));
+    return Array.from(digest)
+        .map((byte) => byte.toString(16).padStart(2, "0"))
+        .join("");
+}
+function trustBundleCacheControl() {
+    return "public, max-age=3600, stale-while-revalidate=86400";
+}
 //# sourceMappingURL=ca-server.js.map

package/dist/esm/naylence/fame/security/cert/ca-server.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ca-server.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/ca-server.ts"],"names":[],"mappings":";AACA;;;;;GAKG;AAEH,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAG3D,sCAAsC;AACtC,MAAM,MAAM,GAAG;IACb,IAAI,EAAE,CAAC,KAAa,EAAE,IAA8B,EAAE,EAAE;QACtD,OAAO,CAAC,GAAG,CAAC,UAAU,KAAK,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,EAAE,CAAC,KAAa,EAAE,IAA8B,EAAE,EAAE;QACzD,OAAO,CAAC,IAAI,CAAC,aAAa,KAAK,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IACD,KAAK,EAAE,CAAC,KAAa,EAAE,IAA8B,EAAE,EAAE;QACvD,OAAO,CAAC,KAAK,CAAC,WAAW,KAAK,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC;IACD,KAAK,EAAE,CAAC,KAAa,EAAE,IAA8B,EAAE,EAAE;QACvD,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QACtE,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjD,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;CACF,CAAC;AAEF,MAAM,qBAAqB,GAAG,eAAe,CAAC;AAC9C,MAAM,qBAAqB,GAAG,eAAe,CAAC;AAe9C;;;GAGG;AACH,SAAS,cAAc,CACrB,OAAwB,EACxB,SAAoB,EACpB,SAAiB,aAAa;IAE9B,+BAA+B;IAC/B,OAAO,CAAC,IAAI,CACV,GAAG,MAAM,OAAO,EAChB;QACE,MAAM,EAAE;YACN,IAAI,EAAE;gBACJ,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,CAAC,SAAS,EAAE,cAAc,CAAC;gBACrC,UAAU,EAAE;oBACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC3B,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAChC,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACjC,QAAQ,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;iBACvD;aACF;SACF;KACF,EACD,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;YAEhC,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;gBAC5C,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBAC5B,KAAK,EAAE,iBAAiB;oBACxB,OAAO,EAAE,+BAA+B;iBACzC,CAAC,CAAC;YACL,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE;gBACvC,YAAY,EAAE,UAAU,CAAC,YAAY;gBACrC,aAAa,EAAE,UAAU,CAAC,aAAa;gBACvC,QAAQ,EAAE,UAAU,CAAC,QAAQ;aAC9B,CAAC,CAAC;YAEH,2CAA2C;YAC3C,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;gBACzB,sEAAsE;gBACtE,MAAM,CAAC,OAAO,CAAC,oCAAoC,EAAE;oBACnD,qBAAqB,EAAE,IAAI;iBAC5B,CAAC,CAAC;YACL,CAAC;YAED,mEAAmE;YACnE,MAAM,aAAa,GAAG;gBACpB,MAAM,EAAE,UAAU,CAAC,OAAO;gBAC1B,WAAW,EAAE,UAAU,CAAC,YAAY;gBACpC,YAAY,EAAE,UAAU,CAAC,aAAa;gBACtC,QAAQ,EAAE,UAAU,CAAC,QAAQ;aAC9B,CAAC;YAEF,oBAAoB;YACpB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;YAE/D,MAAM,QAAQ,GAAgC;gBAC5C,eAAe,EAAE,MAAM,CAAC,cAAc;gBACtC,qBAAqB,EAAE,MAAM,CAAC,mBAAmB;gBACjD,UAAU,EAAE,MAAM,CAAC,SAAS;aAC7B,CAAC;YAEF,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACtC,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YAEH,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC5B,KAAK,EAAE,iBAAiB;gBACxB,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;aAClE,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CACF,CAAC;IAEF,eAAe;IACf,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,IAAI,EAAE;QAChC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,SAAS;IAItB,qEAAqE;IACrE,MAAM,OAAO,GAAG,OAAO,CAAC;QACtB,MAAM,EAAE,KAAK;KACd,CAAC,CAAC;IAEH,sEAAsE;IACtE,MAAM,EAAE,uCAAuC,EAAE,GAAG,MAAM,MAAM,CAC9D,uBAAuB,CACxB,CAAC;IACF,MAAM,uCAAuC,EAAE,CAAC;IAEhD,wDAAwD;IACxD,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,eAAe,EAAE,CAAC;IAE3D,qBAAqB;IACrB,cAAc,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAEnC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AACrC,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC;QAElC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,SAAS,CAAC;QAC7D,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;QAExE,MAAM,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAEjC,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,sCAAsC,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;QAClE,OAAO,CAAC,GAAG,CACT,mCAAmC,IAAI,IAAI,IAAI,oBAAoB,CACpE,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE;YACvC,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,CAAC,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,kBAAkB;AAClB,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;IACzB,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;IAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;IACxB,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC7D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,2BAA2B;AAC3B,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,UAAU,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IACpD,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;QACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;QACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,OAAO,EAAE,SAAS,EAAE,CAAC"}
1	+ {"version":3,"file":"ca-server.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/ca-server.ts"],"names":[],"mappings":";AACA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AACjD,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAG3D,sCAAsC;AACtC,MAAM,MAAM,GAAG;IACb,IAAI,EAAE,CAAC,KAAa,EAAE,IAA8B,EAAE,EAAE;QACtD,OAAO,CAAC,GAAG,CAAC,UAAU,KAAK,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,EAAE,CAAC,KAAa,EAAE,IAA8B,EAAE,EAAE;QACzD,OAAO,CAAC,IAAI,CAAC,aAAa,KAAK,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IACD,KAAK,EAAE,CAAC,KAAa,EAAE,IAA8B,EAAE,EAAE;QACvD,OAAO,CAAC,KAAK,CAAC,WAAW,KAAK,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC;IACD,KAAK,EAAE,CAAC,KAAa,EAAE,IAA8B,EAAE,EAAE;QACvD,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QACtE,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjD,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;CACF,CAAC;AAEF,MAAM,qBAAqB,GAAG,eAAe,CAAC;AAC9C,MAAM,qBAAqB,GAAG,eAAe,CAAC;AAe9C;;;GAGG;AACH,SAAS,cAAc,CACrB,OAAwB,EACxB,SAAoB,EACpB,SAAiB,aAAa;IAE9B,+BAA+B;IAC/B,OAAO,CAAC,IAAI,CACV,GAAG,MAAM,OAAO,EAChB;QACE,MAAM,EAAE;YACN,IAAI,EAAE;gBACJ,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,CAAC,SAAS,EAAE,cAAc,CAAC;gBACrC,UAAU,EAAE;oBACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC3B,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAChC,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACjC,QAAQ,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;iBACvD;aACF;SACF;KACF,EACD,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;YAEhC,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;gBAC5C,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBAC5B,KAAK,EAAE,iBAAiB;oBACxB,OAAO,EAAE,+BAA+B;iBACzC,CAAC,CAAC;YACL,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE;gBACvC,YAAY,EAAE,UAAU,CAAC,YAAY;gBACrC,aAAa,EAAE,UAAU,CAAC,aAAa;gBACvC,QAAQ,EAAE,UAAU,CAAC,QAAQ;aAC9B,CAAC,CAAC;YAEH,2CAA2C;YAC3C,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;gBACzB,sEAAsE;gBACtE,MAAM,CAAC,OAAO,CAAC,oCAAoC,EAAE;oBACnD,qBAAqB,EAAE,IAAI;iBAC5B,CAAC,CAAC;YACL,CAAC;YAED,mEAAmE;YACnE,MAAM,aAAa,GAAG;gBACpB,MAAM,EAAE,UAAU,CAAC,OAAO;gBAC1B,WAAW,EAAE,UAAU,CAAC,YAAY;gBACpC,YAAY,EAAE,UAAU,CAAC,aAAa;gBACtC,QAAQ,EAAE,UAAU,CAAC,QAAQ;aAC9B,CAAC;YAEF,oBAAoB;YACpB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;YAE/D,MAAM,QAAQ,GAAgC;gBAC5C,eAAe,EAAE,MAAM,CAAC,cAAc;gBACtC,qBAAqB,EAAE,MAAM,CAAC,mBAAmB;gBACjD,UAAU,EAAE,MAAM,CAAC,SAAS;aAC7B,CAAC;YAEF,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACtC,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YAEH,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC5B,KAAK,EAAE,iBAAiB;gBACxB,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;aAClE,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CACF,CAAC;IAEF,eAAe;IACf,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,IAAI,EAAE;QAChC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,MAAM,eAAe,GAAG,yCAAyC,CAAC;IAElE,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACpD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,cAAc,EAAE,CAAC;QAChD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC5B,KAAK,EAAE,0BAA0B;aAClC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,IAAI,GAAG,IAAI,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC;QACzC,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAErD,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC;YACpG,OAAO,KAAK;iBACT,MAAM,CAAC,GAAG,CAAC;iBACX,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC;iBACpB,MAAM,CAAC,eAAe,EAAE,uBAAuB,EAAE,CAAC;iBAClD,IAAI,EAAE,CAAC;QACZ,CAAC;QAED,OAAO,KAAK;aACT,MAAM,CAAC,cAAc,EAAE,kBAAkB,CAAC;aAC1C,MAAM,CAAC,eAAe,EAAE,uBAAuB,EAAE,CAAC;aAClD,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC;aACpB,IAAI,CAAC,MAAoC,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,SAAS;IAItB,qEAAqE;IACrE,MAAM,OAAO,GAAG,OAAO,CAAC;QACtB,MAAM,EAAE,KAAK;KACd,CAAC,CAAC;IAEH,sEAAsE;IACtE,MAAM,EAAE,uCAAuC,EAAE,GAAG,MAAM,MAAM,CAC9D,uBAAuB,CACxB,CAAC;IACF,MAAM,uCAAuC,EAAE,CAAC;IAEhD,wDAAwD;IACxD,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,eAAe,EAAE,CAAC;IAE3D,qBAAqB;IACrB,cAAc,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAEnC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AACrC,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC;QAElC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,SAAS,CAAC;QAC7D,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;QAExE,MAAM,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAEjC,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,sCAAsC,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;QAClE,OAAO,CAAC,GAAG,CACT,mCAAmC,IAAI,IAAI,IAAI,oBAAoB,CACpE,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE;YACvC,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,CAAC,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,kBAAkB;AAClB,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;IACzB,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;IAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;IACxB,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC7D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,2BAA2B;AAC3B,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,UAAU,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IACpD,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;QACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;QACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,OAAO,EAAE,SAAS,EAAE,CAAC;AAErB,SAAS,WAAW,CAAC,OAAe;IAClC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;IAC/C,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;SACtB,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SACjD,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED,SAAS,uBAAuB;IAC9B,OAAO,oDAAoD,CAAC;AAC9D,CAAC"}

package/dist/esm/naylence/fame/security/cert/ca-service-client.js CHANGED Viewed

@@ -3,7 +3,11 @@
  *
  * Provides async HTTP client to request certificates from the CA signing service.
  */
+import { AsnConvert } from "@peculiar/asn1-schema";
+import { Certificate, SubjectAlternativeName } from "@peculiar/asn1-x509";
+import { X509Certificate } from "@peculiar/x509";
 import { CertificateRequestError } from "./ca-types.js";
+import { LOGICALS_OID, NODE_ID_OID, SID_OID } from "./oid-constants.js";
 // Simple logger for now - TODO: integrate with runtime logging
 const logger = {
     debug: (_event, _meta) => {
@@ -24,16 +28,104 @@ export const ENV_VAR_FAME_CA_SERVICE_URL = "FAME_CA_SERVICE_URL";
  */
 export function extractCertificateInfo(_certPem) {
     try {
-        // TODO: Implement using node-forge or similar library
-        // For now, return a placeholder
-        return {
-            subject: "TODO: Parse certificate",
-            issuer: "TODO: Parse certificate",
-            serialNumber: "TODO",
-            validFrom: new Date().toISOString(),
-            validUntil: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000).toISOString(),
+        const pemBlock = extractFirstCertificatePem(_certPem);
+        if (!pemBlock) {
+            throw new Error("certificate PEM block not found");
+        }
+        const certDer = pemToArrayBuffer(pemBlock);
+        const certificate = new X509Certificate(certDer);
+        const certificateRecord = certificate;
+        const parsedCertificate = AsnConvert.parse(certDer, Certificate);
+        const subject = readOptionalStringProperty(certificateRecord, "subject") ??
+            formatDistinguishedName(parsedCertificate.tbsCertificate.subject);
+        const issuer = readOptionalStringProperty(certificateRecord, "issuer") ??
+            formatDistinguishedName(parsedCertificate.tbsCertificate.issuer);
+        const serialNumber = readOptionalStringProperty(certificateRecord, "serialNumber") ??
+            bytesToHex(parsedCertificate.tbsCertificate.serialNumber);
+        const validFromDate = readOptionalDateProperty(certificateRecord, "notBefore") ??
+            readValidityDate(parsedCertificate.tbsCertificate.validity.notBefore);
+        const validUntilDate = readOptionalDateProperty(certificateRecord, "notAfter") ??
+            readValidityDate(parsedCertificate.tbsCertificate.validity.notAfter);
+        if (!validFromDate || !validUntilDate) {
+            throw new Error("certificate validity period is missing");
+        }
+        const info = {
+            subject,
+            issuer,
+            serialNumber,
+            validFrom: validFromDate.toISOString(),
+            validUntil: validUntilDate.toISOString(),
             status: "unknown",
         };
+        const now = new Date();
+        if (now < validFromDate) {
+            info.status = "not_yet_valid";
+        }
+        else if (now > validUntilDate) {
+            info.status = "expired";
+        }
+        else {
+            info.status = "valid";
+            const diffMs = validUntilDate.getTime() - now.getTime();
+            info.daysRemaining = Math.floor(diffMs / (24 * 60 * 60 * 1000));
+            const hoursRemainder = diffMs % (24 * 60 * 60 * 1000);
+            info.hoursRemaining = Math.floor(hoursRemainder / (60 * 60 * 1000));
+            const minutesRemainder = hoursRemainder % (60 * 60 * 1000);
+            info.minutesRemaining = Math.floor(minutesRemainder / (60 * 1000));
+        }
+        const sanExtension = getExtensionValue(certificate, "2.5.29.17");
+        if (sanExtension && toUint8Array(sanExtension).length > 0) {
+            const san = AsnConvert.parse(sanExtension, SubjectAlternativeName);
+            const altNames = [];
+            for (const generalName of san) {
+                const name = generalName;
+                if (typeof name.uniformResourceIdentifier === "string") {
+                    altNames.push(name.uniformResourceIdentifier);
+                }
+                else if (typeof name.dNSName === "string") {
+                    altNames.push(name.dNSName);
+                }
+                else if (typeof name.rfc822Name === "string") {
+                    altNames.push(name.rfc822Name);
+                }
+                else if (name.iPAddress instanceof ArrayBuffer) {
+                    altNames.push(formatIpAddress(toUint8Array(name.iPAddress)));
+                }
+                else if (name.iPAddress && ArrayBuffer.isView(name.iPAddress)) {
+                    const view = name.iPAddress;
+                    altNames.push(formatIpAddress(new Uint8Array(view.buffer, view.byteOffset, view.byteLength)));
+                }
+            }
+            if (altNames.length > 0) {
+                info.subjectAlternativeNames = altNames;
+                const spiffe = altNames.find((value) => value.startsWith("spiffe://"));
+                if (spiffe) {
+                    info.spiffeId = spiffe;
+                }
+            }
+        }
+        const sidExtension = getExtensionValue(certificate, SID_OID);
+        if (sidExtension) {
+            info.nodeSid = decodeUtf8(sidExtension);
+        }
+        const nodeIdExtension = getExtensionValue(certificate, NODE_ID_OID);
+        if (nodeIdExtension) {
+            info.nodeId = decodeUtf8(nodeIdExtension);
+        }
+        const logicalsExtension = getExtensionValue(certificate, LOGICALS_OID);
+        if (logicalsExtension) {
+            try {
+                const logicalsJson = decodeUtf8(logicalsExtension);
+                const parsed = JSON.parse(logicalsJson);
+                if (Array.isArray(parsed)) {
+                    info.logicalHosts = parsed.filter((entry) => typeof entry === "string");
+                }
+            }
+            catch {
+                // Ignore malformed extension payload – certificate remains valid.
+            }
+        }
+        return info;
     }
     catch (error) {
         return {
@@ -43,7 +135,7 @@ export function extractCertificateInfo(_certPem) {
             validFrom: "",
             validUntil: "",
             status: "unknown",
-            error: `Failed to parse certificate: ${error}`,
+            error: `Failed to parse certificate: ${error instanceof Error ? error.message : String(error)}`,
         };
     }
 }
@@ -67,7 +159,7 @@ export function formatCertificateInfo(certPem, certType = "Certificate") {
         `Valid From: ${info.validFrom}`,
         `Valid Until: ${info.validUntil}`,
     ];
-    if (info.subjectAlternativeNames && info.subjectAlternativeNames.length > 0) {
+    if (info.subjectAlternativeNames?.length) {
         lines.push(`Subject Alternative Names: ${info.subjectAlternativeNames.join(", ")}`);
     }
     if (info.spiffeId) {
@@ -79,24 +171,27 @@ export function formatCertificateInfo(certPem, certType = "Certificate") {
     if (info.nodeId) {
         lines.push(`Node ID: ${info.nodeId}`);
     }
-    if (info.logicalHosts && info.logicalHosts.length > 0) {
+    if (info.logicalHosts?.length) {
         lines.push(`Logical Hosts: ${info.logicalHosts.join(", ")}`);
     }
-    // Add validity status
-    if (info.status === "valid" && info.daysRemaining !== undefined) {
-        if (info.daysRemaining > 0) {
-            lines.push(`Status: Valid (${info.daysRemaining} days remaining)`);
+    if (info.status === "valid") {
+        const pieces = [];
+        if (typeof info.daysRemaining === "number" && info.daysRemaining > 0) {
+            pieces.push(`${info.daysRemaining} days`);
         }
-        else if (info.hoursRemaining !== undefined && info.hoursRemaining > 0) {
-            if (info.minutesRemaining !== undefined && info.minutesRemaining > 0) {
-                lines.push(`Status: Valid (${info.hoursRemaining} hours, ${info.minutesRemaining} minutes remaining)`);
-            }
-            else {
-                lines.push(`Status: Valid (${info.hoursRemaining} hours remaining)`);
-            }
+        if (typeof info.hoursRemaining === "number" && info.hoursRemaining > 0) {
+            pieces.push(`${info.hoursRemaining} hours`);
+        }
+        if (typeof info.minutesRemaining === "number" &&
+            info.minutesRemaining > 0 &&
+            pieces.length === 0) {
+            pieces.push(`${info.minutesRemaining} minutes`);
         }
-        else if (info.minutesRemaining !== undefined) {
-            lines.push(`Status: Valid (${info.minutesRemaining} minutes remaining)`);
+        if (pieces.length > 0) {
+            lines.push(`Status: Valid (${pieces.join(", ")})`);
+        }
+        else {
+            lines.push("Status: Valid");
         }
     }
     else if (info.status === "expired") {
@@ -105,8 +200,220 @@ export function formatCertificateInfo(certPem, certType = "Certificate") {
     else if (info.status === "not_yet_valid") {
         lines.push("Status: Not yet valid");
     }
+    else {
+        lines.push("Status: Unknown");
+    }
     return lines.join("\n");
 }
+function extractFirstCertificatePem(pem) {
+    const match = pem.match(/-----BEGIN CERTIFICATE-----[\s\S]*?-----END CERTIFICATE-----/);
+    return match ? match[0] : null;
+}
+function pemToArrayBuffer(pem) {
+    const base64 = pem
+        .replace(/-----BEGIN CERTIFICATE-----/g, "")
+        .replace(/-----END CERTIFICATE-----/g, "")
+        .replace(/\s+/g, "");
+    if (typeof Buffer !== "undefined") {
+        const buffer = Buffer.from(base64, "base64");
+        const array = buffer.buffer.slice(buffer.byteOffset, buffer.byteOffset + buffer.byteLength);
+        return array;
+    }
+    if (typeof globalThis.atob === "function") {
+        const binary = globalThis.atob(base64);
+        const length = binary.length;
+        const bytes = new Uint8Array(length);
+        for (let index = 0; index < length; index += 1) {
+            bytes[index] = binary.charCodeAt(index);
+        }
+        return bytes.buffer;
+    }
+    throw new Error("Base64 decoding not supported in this environment");
+}
+function formatIpAddress(bytes) {
+    if (bytes.length === 4) {
+        return Array.from(bytes).join(".");
+    }
+    if (bytes.length === 16) {
+        const hextets = [];
+        for (let index = 0; index < 16; index += 2) {
+            const value = (bytes[index] << 8) | bytes[index + 1];
+            hextets.push(value.toString(16));
+        }
+        return hextets.join(":");
+    }
+    return Array.from(bytes)
+        .map((value) => value.toString(16).padStart(2, "0"))
+        .join("");
+}
+function toUint8Array(source) {
+    if (source instanceof ArrayBuffer) {
+        return new Uint8Array(source);
+    }
+    return new Uint8Array(source.buffer, source.byteOffset, source.byteLength);
+}
+function decodeUtf8(data) {
+    if (typeof TextDecoder !== "undefined") {
+        return new TextDecoder().decode(data);
+    }
+    if (typeof Buffer !== "undefined") {
+        const buffer = Buffer.from(data);
+        return buffer.toString("utf8");
+    }
+    throw new Error("TextDecoder not available in this environment");
+}
+function getExtensionValue(certificate, oid) {
+    const candidate = certificate;
+    if (typeof candidate.getExtension === "function") {
+        const result = candidate.getExtension(oid);
+        const buffer = tryExtractExtensionBuffer(result);
+        if (buffer) {
+            return buffer;
+        }
+    }
+    const { extensions } = candidate;
+    if (extensions) {
+        const iterable = toIterable(extensions);
+        for (const entry of iterable) {
+            const extensionRecord = entry;
+            if (!extensionRecord || extensionRecord.oid !== oid) {
+                continue;
+            }
+            const buffer = tryExtractExtensionBuffer(entry);
+            if (buffer) {
+                return buffer;
+            }
+        }
+    }
+    return null;
+}
+function readOptionalStringProperty(source, key) {
+    const value = source[key];
+    if (typeof value === "string" && value.length > 0) {
+        return value;
+    }
+    return undefined;
+}
+function readOptionalDateProperty(source, key) {
+    const value = source[key];
+    if (value instanceof Date) {
+        return value;
+    }
+    if (typeof value === "number" || typeof value === "string") {
+        const date = new Date(value);
+        if (!Number.isNaN(date.getTime())) {
+            return date;
+        }
+    }
+    return undefined;
+}
+function readValidityDate(candidate) {
+    if (!candidate) {
+        return undefined;
+    }
+    if (candidate instanceof Date) {
+        return candidate;
+    }
+    if (typeof candidate === "object" &&
+        candidate !== null &&
+        candidate) {
+        const timeObject = candidate;
+        if (timeObject.utcTime instanceof Date) {
+            return timeObject.utcTime;
+        }
+        if (timeObject.generalizedTime instanceof Date) {
+            return timeObject.generalizedTime;
+        }
+    }
+    return undefined;
+}
+function formatDistinguishedName(name) {
+    const rdns = Array.from(name);
+    if (rdns.length === 0) {
+        return "";
+    }
+    return rdns
+        .map((rdn) => Array.from(rdn)
+        .map((attribute) => `${oidToLabel(attribute.type)}=${attribute.value.toString()}`)
+        .join("+"))
+        .join(",");
+}
+function oidToLabel(oid) {
+    switch (oid) {
+        case "2.5.4.3":
+            return "CN";
+        case "2.5.4.6":
+            return "C";
+        case "2.5.4.7":
+            return "L";
+        case "2.5.4.8":
+            return "ST";
+        case "2.5.4.10":
+            return "O";
+        case "2.5.4.11":
+            return "OU";
+        default:
+            return oid;
+    }
+}
+function bytesToHex(data) {
+    const view = toUint8Array(data);
+    if (view.length === 0) {
+        return "";
+    }
+    return Array.from(view)
+        .map((byte) => byte.toString(16).padStart(2, "0"))
+        .join("");
+}
+function tryExtractExtensionBuffer(source) {
+    if (!source) {
+        return null;
+    }
+    if (isArrayBufferLike(source)) {
+        return cloneArrayBuffer(source);
+    }
+    if (typeof source === "object") {
+        const record = source;
+        const directValue = record.value;
+        if (isArrayBufferLike(directValue)) {
+            return cloneArrayBuffer(directValue);
+        }
+        const asn = record.asn;
+        if (asn) {
+            const extnValue = asn.extnValue;
+            if (isArrayBufferLike(extnValue)) {
+                return cloneArrayBuffer(extnValue);
+            }
+            if (extnValue &&
+                typeof extnValue === "object" &&
+                isArrayBufferLike(extnValue.buffer)) {
+                return cloneArrayBuffer(extnValue.buffer);
+            }
+        }
+    }
+    return null;
+}
+function isArrayBufferLike(value) {
+    return value instanceof ArrayBuffer || ArrayBuffer.isView(value);
+}
+function cloneArrayBuffer(value) {
+    const view = toUint8Array(value);
+    if (view.byteOffset === 0 &&
+        view.byteLength === view.buffer.byteLength &&
+        view.buffer instanceof ArrayBuffer) {
+        return view.buffer;
+    }
+    return view.slice().buffer;
+}
+function toIterable(value) {
+    if (typeof value === "object" && value && Symbol.iterator in value) {
+        return value;
+    }
+    if (Array.isArray(value)) {
+        return value;
+    }
+    return [];
+}
 /**
  * Client for requesting certificates from a CA signing service.
  */