npm - @naylence/advanced-security - Versions diffs - 0.3.5-test.101 → 0.3.5-test.104 - Mend

@naylence/advanced-security 0.3.5-test.101 → 0.3.5-test.104

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (170) hide show

package/dist/cjs/browser.js CHANGED Viewed

@@ -6,6 +6,7 @@
 // Package version
 export { VERSION } from './version.js';
 export { validateJwkX5cCertificate, publicKeyFromX5c, } from "./naylence/fame/security/cert/util.js";
+export { createEd25519Csr, } from "./naylence/fame/security/cert/browser-csr.js";
 export { GRANT_PURPOSE_CA_SIGN } from "./naylence/fame/security/cert/grants.js";
 export { CAServiceClient, ENV_VAR_FAME_CA_SERVICE_URL, extractCertificateInfo, formatCertificateInfo, } from "./naylence/fame/security/cert/ca-service-client.js";
 export * from "./naylence/fame/security/encryption/index.js";

package/dist/cjs/browser.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"browser.js","sourceRoot":"","sources":["../../src/browser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,kBAAkB;AAClB,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,OAAO,EACN,yBAAyB,EAGzB,gBAAgB,GAEhB,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EAAE,qBAAqB,EAAE,MAAM,yCAAyC,CAAC;AAChF,OAAO,EACN,eAAe,EAGf,2BAA2B,EAC3B,sBAAsB,EACtB,qBAAqB,GACrB,MAAM,oDAAoD,CAAC;AAE5D,cAAc,8CAA8C,CAAC;AAE7D,OAAO,EACN,kCAAkC,EAClC,YAAY,IAAI,2CAA2C,GAE3D,MAAM,mEAAmE,CAAC;AAC3E,OAAO,EACN,oCAAoC,EACpC,YAAY,IAAI,6CAA6C,GAE7D,MAAM,qEAAqE,CAAC;AAC7E,OAAO,EACN,qBAAqB,GAGrB,MAAM,6DAA6D,CAAC;AAErE,cAAc,wCAAwC,CAAC;AAEvD,OAAO,EACN,iCAAiC,GAEjC,MAAM,kEAAkE,CAAC;AAE1E,cAAc,qCAAqC,CAAC;AACpD,cAAc,kCAAkC,CAAC"}
1	+ {"version":3,"file":"browser.js","sourceRoot":"","sources":["../../src/browser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,kBAAkB;AAClB,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,OAAO,EACN,yBAAyB,EAGzB,gBAAgB,GAEhB,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EACN,gBAAgB,GAEhB,MAAM,8CAA8C,CAAC;AAEtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,yCAAyC,CAAC;AAChF,OAAO,EACN,eAAe,EAGf,2BAA2B,EAC3B,sBAAsB,EACtB,qBAAqB,GACrB,MAAM,oDAAoD,CAAC;AAE5D,cAAc,8CAA8C,CAAC;AAE7D,OAAO,EACN,kCAAkC,EAClC,YAAY,IAAI,2CAA2C,GAE3D,MAAM,mEAAmE,CAAC;AAC3E,OAAO,EACN,oCAAoC,EACpC,YAAY,IAAI,6CAA6C,GAE7D,MAAM,qEAAqE,CAAC;AAC7E,OAAO,EACN,qBAAqB,GAGrB,MAAM,6DAA6D,CAAC;AAErE,cAAc,wCAAwC,CAAC;AAEvD,OAAO,EACN,iCAAiC,GAEjC,MAAM,kEAAkE,CAAC;AAE1E,cAAc,qCAAqC,CAAC;AACpD,cAAc,kCAAkC,CAAC"}

package/dist/cjs/naylence/fame/factory-manifest.js CHANGED Viewed

@@ -7,6 +7,8 @@
 export const MODULES = [
     "./security/cert/default-ca-service-factory.js",
     "./security/cert/default-certificate-manager-factory.js",
+    "./security/cert/trust-store/browser-trust-store-provider-factory.js",
+    "./security/cert/trust-store/node-trust-store-provider-factory.js",
     "./security/encryption/channel/channel-encryption-manager-factory.js",
     "./security/encryption/composite-encryption-manager-factory.js",
     "./security/encryption/default-secure-channel-manager-factory.js",
@@ -18,4 +20,20 @@ export const MODULES = [
     "./stickiness/aft-replica-stickiness-manager-factory.js",
     "./welcome/advanced-welcome-service-factory.js"
 ];
+export const MODULE_LOADERS = {
+    "./security/cert/default-ca-service-factory.js": () => import("./security/cert/default-ca-service-factory.js"),
+    "./security/cert/default-certificate-manager-factory.js": () => import("./security/cert/default-certificate-manager-factory.js"),
+    "./security/cert/trust-store/browser-trust-store-provider-factory.js": () => import("./security/cert/trust-store/browser-trust-store-provider-factory.js"),
+    "./security/cert/trust-store/node-trust-store-provider-factory.js": () => import("./security/cert/trust-store/node-trust-store-provider-factory.js"),
+    "./security/encryption/channel/channel-encryption-manager-factory.js": () => import("./security/encryption/channel/channel-encryption-manager-factory.js"),
+    "./security/encryption/composite-encryption-manager-factory.js": () => import("./security/encryption/composite-encryption-manager-factory.js"),
+    "./security/encryption/default-secure-channel-manager-factory.js": () => import("./security/encryption/default-secure-channel-manager-factory.js"),
+    "./security/encryption/sealed/x25519-encryption-manager-factory.js": () => import("./security/encryption/sealed/x25519-encryption-manager-factory.js"),
+    "./security/keys/x5c-key-manager-factory.js": () => import("./security/keys/x5c-key-manager-factory.js"),
+    "./security/signing/eddsa-envelope-signer-factory.js": () => import("./security/signing/eddsa-envelope-signer-factory.js"),
+    "./security/signing/eddsa-envelope-verifier-factory.js": () => import("./security/signing/eddsa-envelope-verifier-factory.js"),
+    "./stickiness/aft-load-balancer-stickiness-manager-factory.js": () => import("./stickiness/aft-load-balancer-stickiness-manager-factory.js"),
+    "./stickiness/aft-replica-stickiness-manager-factory.js": () => import("./stickiness/aft-replica-stickiness-manager-factory.js"),
+    "./welcome/advanced-welcome-service-factory.js": () => import("./welcome/advanced-welcome-service-factory.js"),
+};
 //# sourceMappingURL=factory-manifest.js.map

package/dist/cjs/naylence/fame/factory-manifest.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"factory-manifest.js","sourceRoot":"","sources":["../../../../src/naylence/fame/factory-manifest.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,CAAC,MAAM,OAAO,GAAG;IACrB,+CAA+C;IAC/C,wDAAwD;IACxD,qEAAqE;IACrE,+DAA+D;IAC/D,iEAAiE;IACjE,mEAAmE;IACnE,4CAA4C;IAC5C,qDAAqD;IACrD,uDAAuD;IACvD,8DAA8D;IAC9D,wDAAwD;IACxD,+CAA+C;CACvC,CAAC"}
1	+ {"version":3,"file":"factory-manifest.js","sourceRoot":"","sources":["../../../../src/naylence/fame/factory-manifest.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,CAAC,MAAM,OAAO,GAAG;IACrB,+CAA+C;IAC/C,wDAAwD;IACxD,qEAAqE;IACrE,kEAAkE;IAClE,qEAAqE;IACrE,+DAA+D;IAC/D,iEAAiE;IACjE,mEAAmE;IACnE,4CAA4C;IAC5C,qDAAqD;IACrD,uDAAuD;IACvD,8DAA8D;IAC9D,wDAAwD;IACxD,+CAA+C;CACvC,CAAC;AAKX,MAAM,CAAC,MAAM,cAAc,GAAmD;IAC5E,+CAA+C,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,+CAA+C,CAAC;IAC9G,wDAAwD,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,wDAAwD,CAAC;IAChI,qEAAqE,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,qEAAqE,CAAC;IAC1J,kEAAkE,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,kEAAkE,CAAC;IACpJ,qEAAqE,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,qEAAqE,CAAC;IAC1J,+DAA+D,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,+DAA+D,CAAC;IAC9I,iEAAiE,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,iEAAiE,CAAC;IAClJ,mEAAmE,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,mEAAmE,CAAC;IACtJ,4CAA4C,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,4CAA4C,CAAC;IACxG,qDAAqD,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,qDAAqD,CAAC;IAC1H,uDAAuD,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,uDAAuD,CAAC;IAC9H,8DAA8D,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,8DAA8D,CAAC;IAC5I,wDAAwD,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,wDAAwD,CAAC;IAChI,+CAA+C,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,+CAA+C,CAAC;CAC/G,CAAC"}

package/dist/cjs/naylence/fame/security/cert/browser-csr.js ADDED Viewed

@@ -0,0 +1,103 @@
+import { AsnConvert, OctetString } from "@peculiar/asn1-schema";
+import { Attributes, CertificationRequest, CertificationRequestInfo, } from "@peculiar/asn1-csr";
+import { AlgorithmIdentifier, Attribute, AttributeTypeAndValue, AttributeValue, Extension, Extensions, GeneralName, Name, RelativeDistinguishedName, SubjectAlternativeName, SubjectPublicKeyInfo, id_ce_subjectAltName, } from "@peculiar/asn1-x509";
+const ED25519_OID = "1.3.101.112";
+const OID_COMMON_NAME = "2.5.4.3";
+const LOGICAL_URI_PREFIX = "naylence://";
+function ensureSubtleCrypto() {
+    const instance = globalThis.crypto?.subtle;
+    if (!instance) {
+        throw new Error("WebCrypto subtle API is required to create a CSR");
+    }
+    return instance;
+}
+function buildSubject(commonName) {
+    if (!commonName || typeof commonName !== "string") {
+        throw new Error("commonName must be a non-empty string");
+    }
+    return new Name([
+        new RelativeDistinguishedName([
+            new AttributeTypeAndValue({
+                type: OID_COMMON_NAME,
+                value: new AttributeValue({ utf8String: commonName }),
+            }),
+        ]),
+    ]);
+}
+function arrayBufferToBase64(buffer) {
+    const bytes = new Uint8Array(buffer);
+    if (typeof globalThis.Buffer?.from === "function") {
+        return globalThis.Buffer.from(bytes).toString("base64");
+    }
+    let binary = "";
+    const chunkSize = 0x8000;
+    for (let offset = 0; offset < bytes.length; offset += chunkSize) {
+        const slice = bytes.subarray(offset, offset + chunkSize);
+        binary += String.fromCharCode(...slice);
+    }
+    if (typeof globalThis.btoa !== "function") {
+        throw new Error("Base64 encoding not available in this environment");
+    }
+    return globalThis.btoa(binary);
+}
+function derToPem(der, label) {
+    const base64 = arrayBufferToBase64(der);
+    const lines = [];
+    for (let index = 0; index < base64.length; index += 64) {
+        lines.push(base64.slice(index, index + 64));
+    }
+    return `-----BEGIN ${label}-----\n${lines.join("\n")}\n-----END ${label}-----\n`;
+}
+export async function createEd25519Csr(options) {
+    const subtle = ensureSubtleCrypto();
+    const { privateKey, publicKey, commonName } = options;
+    if (!(privateKey instanceof CryptoKey) || privateKey.type !== "private") {
+        throw new Error("privateKey must be a CryptoKey of type 'private'");
+    }
+    if (!(publicKey instanceof CryptoKey) || publicKey.type !== "public") {
+        throw new Error("publicKey must be a CryptoKey of type 'public'");
+    }
+    const subject = buildSubject(commonName);
+    const spkiDer = await subtle.exportKey("spki", publicKey);
+    const subjectPublicKeyInfo = AsnConvert.parse(spkiDer, SubjectPublicKeyInfo);
+    const attributes = new Attributes();
+    const sanitizedLogicals = Array.isArray(options.logicals)
+        ? options.logicals
+            .map((logical) => logical.trim())
+            .filter((logical) => logical.length > 0)
+        : [];
+    if (sanitizedLogicals.length > 0) {
+        const san = new SubjectAlternativeName(sanitizedLogicals.map((logical) => new GeneralName({
+            uniformResourceIdentifier: `${LOGICAL_URI_PREFIX}${logical}`,
+        })));
+        const extensions = new Extensions([
+            new Extension({
+                extnID: id_ce_subjectAltName,
+                critical: false,
+                extnValue: new OctetString(AsnConvert.serialize(san)),
+            }),
+        ]);
+        attributes.push(new Attribute({
+            type: "1.2.840.113549.1.9.14",
+            values: [AsnConvert.serialize(extensions)],
+        }));
+    }
+    const requestInfo = new CertificationRequestInfo({
+        subject,
+        subjectPKInfo: subjectPublicKeyInfo,
+        attributes,
+    });
+    const requestInfoDer = AsnConvert.serialize(requestInfo);
+    const signature = await subtle.sign("Ed25519", privateKey, requestInfoDer);
+    const certificationRequest = new CertificationRequest({
+        certificationRequestInfo: requestInfo,
+        signatureAlgorithm: new AlgorithmIdentifier({
+            algorithm: ED25519_OID,
+        }),
+        signature,
+    });
+    const csrDer = AsnConvert.serialize(certificationRequest);
+    const csrPem = derToPem(csrDer, "CERTIFICATE REQUEST");
+    return { csrPem, csrDer };
+}
+//# sourceMappingURL=browser-csr.js.map

package/dist/cjs/naylence/fame/security/cert/browser-csr.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"browser-csr.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/browser-csr.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EACN,UAAU,EACV,oBAAoB,EACpB,wBAAwB,GACxB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACN,mBAAmB,EACnB,SAAS,EACT,qBAAqB,EACrB,cAAc,EACd,SAAS,EACT,UAAU,EACV,WAAW,EACX,IAAI,EACJ,yBAAyB,EACzB,sBAAsB,EACtB,oBAAoB,EACpB,oBAAoB,GACpB,MAAM,qBAAqB,CAAC;AAI7B,MAAM,WAAW,GAAG,aAAa,CAAC;AAClC,MAAM,eAAe,GAAG,SAAS,CAAC;AAClC,MAAM,kBAAkB,GAAG,aAAa,CAAC;AASzC,SAAS,kBAAkB;IAC1B,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC;IAC3C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACrE,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC;AAED,SAAS,YAAY,CAAC,UAAkB;IACvC,IAAI,CAAC,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,IAAI,IAAI,CAAC;QACf,IAAI,yBAAyB,CAAC;YAC7B,IAAI,qBAAqB,CAAC;gBACzB,IAAI,EAAE,eAAe;gBACrB,KAAK,EAAE,IAAI,cAAc,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;aACrD,CAAC;SACF,CAAC;KACF,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAmB;IAC/C,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IAErC,IAAI,OAAO,UAAU,CAAC,MAAM,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;QACnD,OAAO,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,SAAS,GAAG,MAAM,CAAC;IACzB,KAAK,IAAI,MAAM,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC,MAAM,EAAE,MAAM,IAAI,SAAS,EAAE,CAAC;QACjE,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;QACzD,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,OAAO,UAAU,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACtE,CAAC;IAED,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,QAAQ,CAAC,GAAgB,EAAE,KAAa;IAChD,MAAM,MAAM,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,IAAI,EAAE,EAAE,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,GAAG,EAAE,CAAC,CAAC,CAAC;IAC7C,CAAC;IAED,OAAO,cAAc,KAAK,UAAU,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,KAAK,SAAS,CAAC;AAClF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACrC,OAAgC;IAEhC,MAAM,MAAM,GAAG,kBAAkB,EAAE,CAAC;IACpC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAEtD,IAAI,CAAC,CAAC,UAAU,YAAY,SAAS,CAAC,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QACzE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACrE,CAAC;IAED,IAAI,CAAC,CAAC,SAAS,YAAY,SAAS,CAAC,IAAI,SAAS,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtE,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAC1D,MAAM,oBAAoB,GAAG,UAAU,CAAC,KAAK,CAC5C,OAAO,EACP,oBAAoB,CACpB,CAAC;IAEF,MAAM,UAAU,GAAG,IAAI,UAAU,EAAE,CAAC;IACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;QACxD,CAAC,CAAC,OAAO,CAAC,QAAQ;aACf,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;aAChC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;QAC1C,CAAC,CAAC,EAAE,CAAC;IAEN,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClC,MAAM,GAAG,GAAG,IAAI,sBAAsB,CACrC,iBAAiB,CAAC,GAAG,CACpB,CAAC,OAAO,EAAE,EAAE,CACX,IAAI,WAAW,CAAC;YACf,yBAAyB,EAAE,GAAG,kBAAkB,GAAG,OAAO,EAAE;SAC5D,CAAC,CACH,CACD,CAAC;QAEF,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC;YACjC,IAAI,SAAS,CAAC;gBACb,MAAM,EAAE,oBAAoB;gBAC5B,QAAQ,EAAE,KAAK;gBACf,SAAS,EAAE,IAAI,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;aACrD,CAAC;SACF,CAAC,CAAC;QAEH,UAAU,CAAC,IAAI,CACd,IAAI,SAAS,CAAC;YACb,IAAI,EAAE,uBAAuB;YAC7B,MAAM,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;SAC1C,CAAC,CACF,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,wBAAwB,CAAC;QAChD,OAAO;QACP,aAAa,EAAE,oBAAoB;QACnC,UAAU;KACV,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,UAAU,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;IAE3E,MAAM,oBAAoB,GAAG,IAAI,oBAAoB,CAAC;QACrD,wBAAwB,EAAE,WAAW;QACrC,kBAAkB,EAAE,IAAI,mBAAmB,CAAC;YAC3C,SAAS,EAAE,WAAW;SACtB,CAAC;QACF,SAAS;KACT,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;IAC1D,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;IAEvD,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC3B,CAAC"}

package/dist/cjs/naylence/fame/security/cert/ca-server-cli.js ADDED Viewed

@@ -0,0 +1,30 @@
+#!/usr/bin/env node
+import { pathToFileURL } from "node:url";
+import { main } from "./ca-server.js";
+function isDirectExecution() {
+    if (typeof process === "undefined") {
+        return false;
+    }
+    const entry = process.argv?.[1];
+    if (typeof entry !== "string" || entry.length === 0) {
+        return false;
+    }
+    const entryUrl = pathToFileURL(entry).href;
+    return import.meta.url === entryUrl;
+}
+function registerSignalHandlers() {
+    const handleShutdown = (signal) => {
+        console.log("[INFO] ca_server_shutting_down", { signal });
+        process.exit(0);
+    };
+    process.on("SIGTERM", () => handleShutdown("SIGTERM"));
+    process.on("SIGINT", () => handleShutdown("SIGINT"));
+}
+if (isDirectExecution()) {
+    registerSignalHandlers();
+    main().catch((error) => {
+        console.error("Fatal error:", error);
+        process.exit(1);
+    });
+}
+//# sourceMappingURL=ca-server-cli.js.map

package/dist/cjs/naylence/fame/security/cert/ca-server-cli.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ca-server-cli.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/ca-server-cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAEtC,SAAS,iBAAiB;IACxB,IAAI,OAAO,OAAO,KAAK,WAAW,EAAE,CAAC;QACnC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAChC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC;IAC3C,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,QAAQ,CAAC;AACtC,CAAC;AAED,SAAS,sBAAsB;IAC7B,MAAM,cAAc,GAAG,CAAC,MAAsB,EAAE,EAAE;QAChD,OAAO,CAAC,GAAG,CAAC,gCAAgC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,CAAC;IACvD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;AACvD,CAAC;AAED,IAAI,iBAAiB,EAAE,EAAE,CAAC;IACxB,sBAAsB,EAAE,CAAC;IAEzB,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;QACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;QACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/cjs/naylence/fame/security/cert/ca-server.js ADDED Viewed

@@ -0,0 +1,171 @@
+/**
+ * CA Server - Certificate Authority HTTP endpoint
+ *
+ * Provides certificate issuance via HTTP using Fastify.
+ * Mirrors the Python ca_server.py implementation.
+ */
+import { sha256 } from "@noble/hashes/sha256.js";
+import Fastify from "fastify";
+import { CAServiceFactory } from "./ca-service-factory.js";
+// Simple console logger for CA server
+const logger = {
+    info: (event, meta) => {
+        console.log(`[INFO] ${event}`, meta || "");
+    },
+    warning: (event, meta) => {
+        console.warn(`[WARNING] ${event}`, meta || "");
+    },
+    error: (event, meta) => {
+        console.error(`[ERROR] ${event}`, meta || "");
+    },
+    debug: (event, meta) => {
+        const logLevel = (process.env.FAME_LOG_LEVEL || "info").toLowerCase();
+        if (logLevel === "debug" || logLevel === "trace") {
+            console.log(`[DEBUG] ${event}`, meta || "");
+        }
+    },
+};
+const ENV_VAR_FAME_APP_HOST = "FAME_APP_HOST";
+const ENV_VAR_FAME_APP_PORT = "FAME_APP_PORT";
+/**
+ * Create CA router with certificate signing endpoint.
+ * Mirrors Python's create_ca_router functionality.
+ */
+function createCaRouter(fastify, caService, prefix = "/fame/v1/ca") {
+    // Certificate signing endpoint
+    fastify.post(`${prefix}/sign`, {
+        schema: {
+            body: {
+                type: "object",
+                required: ["csr_pem", "requester_id"],
+                properties: {
+                    csr_pem: { type: "string" },
+                    requester_id: { type: "string" },
+                    physical_path: { type: "string" },
+                    logicals: { type: "array", items: { type: "string" } },
+                },
+            },
+        },
+    }, async (request, reply) => {
+        try {
+            const csrRequest = request.body;
+            if (!csrRequest || !csrRequest.requester_id) {
+                return reply.status(400).send({
+                    error: "invalid_request",
+                    message: "CSR must include requester_id",
+                });
+            }
+            logger.debug("ca_cert_request_received", {
+                requester_id: csrRequest.requester_id,
+                physical_path: csrRequest.physical_path,
+                logicals: csrRequest.logicals,
+            });
+            // Authenticate if authorizer is configured
+            if (caService.authorizer) {
+                // TODO: Implement authentication when authorizer interface is defined
+                logger.warning("authentication_not_yet_implemented", {
+                    authorizer_configured: true,
+                });
+            }
+            // Convert snake_case request to camelCase for TypeScript interface
+            const csrForService = {
+                csrPem: csrRequest.csr_pem,
+                requesterId: csrRequest.requester_id,
+                physicalPath: csrRequest.physical_path,
+                logicals: csrRequest.logicals,
+            };
+            // Issue certificate
+            const result = await caService.issueCertificate(csrForService);
+            const response = {
+                certificate_pem: result.certificatePem,
+                certificate_chain_pem: result.certificateChainPem,
+                expires_at: result.expiresAt,
+            };
+            return reply.send(response);
+        }
+        catch (error) {
+            logger.error("ca_cert_issuance_failed", {
+                error: error instanceof Error ? error.message : String(error),
+            });
+            return reply.status(500).send({
+                error: "issuance_failed",
+                message: error instanceof Error ? error.message : "Unknown error",
+            });
+        }
+    });
+    // Health check
+    fastify.get("/health", async () => {
+        return { status: "healthy", service: "ca-server" };
+    });
+    const trustBundlePath = "/.well-known/naylence/trust-bundle.json";
+    fastify.get(trustBundlePath, async (request, reply) => {
+        const bundle = await caService.getTrustBundle();
+        if (!bundle) {
+            return reply.status(404).send({
+                error: "trust_bundle_unavailable",
+            });
+        }
+        const payload = JSON.stringify(bundle);
+        const etag = `"${computeEtag(payload)}"`;
+        const requestEtag = request.headers["if-none-match"];
+        if (typeof requestEtag === "string" && requestEtag.replace(/W\//u, "") === etag.replace(/W\//u, "")) {
+            return reply
+                .status(304)
+                .header("ETag", etag)
+                .header("Cache-Control", trustBundleCacheControl())
+                .send();
+        }
+        return reply
+            .header("Content-Type", "application/json")
+            .header("Cache-Control", trustBundleCacheControl())
+            .header("ETag", etag)
+            .send(bundle);
+    });
+}
+/**
+ * Create Fastify application with CA service lifespan management.
+ * Mirrors Python's FastAPI lifespan pattern.
+ */
+async function createApp() {
+    // Disable Fastify's built-in logger to avoid configuration conflicts
+    const fastify = Fastify({
+        logger: false,
+    });
+    // Register advanced security factories (including CA service factory)
+    const { registerAdvancedSecurityPluginFactories } = await import("../../../../plugin.js");
+    await registerAdvancedSecurityPluginFactories();
+    // Create CA service (mirrors Python's lifespan startup)
+    const caService = await CAServiceFactory.createCAService();
+    // Register CA router
+    createCaRouter(fastify, caService);
+    return { app: fastify, caService };
+}
+async function main() {
+    try {
+        const { app } = await createApp();
+        const host = process.env[ENV_VAR_FAME_APP_HOST] || "0.0.0.0";
+        const port = parseInt(process.env[ENV_VAR_FAME_APP_PORT] || "8098", 10);
+        await app.listen({ host, port });
+        logger.info("ca_server_started", { host, port });
+        console.log(`\n📍 CA Server listening on http://${host}:${port}`);
+        console.log(`🔐 Certificate endpoint: http://${host}:${port}/fame/v1/ca/sign\n`);
+    }
+    catch (error) {
+        logger.error("ca_server_startup_failed", {
+            error: error instanceof Error ? error.message : String(error),
+        });
+        process.exit(1);
+    }
+}
+export { createApp, main };
+function computeEtag(payload) {
+    const encoder = new TextEncoder();
+    const digest = sha256(encoder.encode(payload));
+    return Array.from(digest)
+        .map((byte) => byte.toString(16).padStart(2, "0"))
+        .join("");
+}
+function trustBundleCacheControl() {
+    return "public, max-age=3600, stale-while-revalidate=86400";
+}
+//# sourceMappingURL=ca-server.js.map

package/dist/cjs/naylence/fame/security/cert/ca-server.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ca-server.js","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/ca-server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AACjD,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAG3D,sCAAsC;AACtC,MAAM,MAAM,GAAG;IACb,IAAI,EAAE,CAAC,KAAa,EAAE,IAA8B,EAAE,EAAE;QACtD,OAAO,CAAC,GAAG,CAAC,UAAU,KAAK,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,EAAE,CAAC,KAAa,EAAE,IAA8B,EAAE,EAAE;QACzD,OAAO,CAAC,IAAI,CAAC,aAAa,KAAK,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IACD,KAAK,EAAE,CAAC,KAAa,EAAE,IAA8B,EAAE,EAAE;QACvD,OAAO,CAAC,KAAK,CAAC,WAAW,KAAK,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC;IACD,KAAK,EAAE,CAAC,KAAa,EAAE,IAA8B,EAAE,EAAE;QACvD,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QACtE,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjD,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;CACF,CAAC;AAEF,MAAM,qBAAqB,GAAG,eAAe,CAAC;AAC9C,MAAM,qBAAqB,GAAG,eAAe,CAAC;AAe9C;;;GAGG;AACH,SAAS,cAAc,CACrB,OAAwB,EACxB,SAAoB,EACpB,SAAiB,aAAa;IAE9B,+BAA+B;IAC/B,OAAO,CAAC,IAAI,CACV,GAAG,MAAM,OAAO,EAChB;QACE,MAAM,EAAE;YACN,IAAI,EAAE;gBACJ,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,CAAC,SAAS,EAAE,cAAc,CAAC;gBACrC,UAAU,EAAE;oBACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC3B,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAChC,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACjC,QAAQ,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;iBACvD;aACF;SACF;KACF,EACD,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;YAEhC,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;gBAC5C,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBAC5B,KAAK,EAAE,iBAAiB;oBACxB,OAAO,EAAE,+BAA+B;iBACzC,CAAC,CAAC;YACL,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE;gBACvC,YAAY,EAAE,UAAU,CAAC,YAAY;gBACrC,aAAa,EAAE,UAAU,CAAC,aAAa;gBACvC,QAAQ,EAAE,UAAU,CAAC,QAAQ;aAC9B,CAAC,CAAC;YAEH,2CAA2C;YAC3C,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;gBACzB,sEAAsE;gBACtE,MAAM,CAAC,OAAO,CAAC,oCAAoC,EAAE;oBACnD,qBAAqB,EAAE,IAAI;iBAC5B,CAAC,CAAC;YACL,CAAC;YAED,mEAAmE;YACnE,MAAM,aAAa,GAAG;gBACpB,MAAM,EAAE,UAAU,CAAC,OAAO;gBAC1B,WAAW,EAAE,UAAU,CAAC,YAAY;gBACpC,YAAY,EAAE,UAAU,CAAC,aAAa;gBACtC,QAAQ,EAAE,UAAU,CAAC,QAAQ;aAC9B,CAAC;YAEF,oBAAoB;YACpB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;YAE/D,MAAM,QAAQ,GAAgC;gBAC5C,eAAe,EAAE,MAAM,CAAC,cAAc;gBACtC,qBAAqB,EAAE,MAAM,CAAC,mBAAmB;gBACjD,UAAU,EAAE,MAAM,CAAC,SAAS;aAC7B,CAAC;YAEF,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;gBACtC,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YAEH,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC5B,KAAK,EAAE,iBAAiB;gBACxB,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;aAClE,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CACF,CAAC;IAEF,eAAe;IACf,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,IAAI,EAAE;QAChC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,MAAM,eAAe,GAAG,yCAAyC,CAAC;IAElE,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACpD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,cAAc,EAAE,CAAC;QAChD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC5B,KAAK,EAAE,0BAA0B;aAClC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,IAAI,GAAG,IAAI,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC;QACzC,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAErD,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC;YACpG,OAAO,KAAK;iBACT,MAAM,CAAC,GAAG,CAAC;iBACX,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC;iBACpB,MAAM,CAAC,eAAe,EAAE,uBAAuB,EAAE,CAAC;iBAClD,IAAI,EAAE,CAAC;QACZ,CAAC;QAED,OAAO,KAAK;aACT,MAAM,CAAC,cAAc,EAAE,kBAAkB,CAAC;aAC1C,MAAM,CAAC,eAAe,EAAE,uBAAuB,EAAE,CAAC;aAClD,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC;aACpB,IAAI,CAAC,MAAoC,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,SAAS;IAItB,qEAAqE;IACrE,MAAM,OAAO,GAAG,OAAO,CAAC;QACtB,MAAM,EAAE,KAAK;KACd,CAAC,CAAC;IAEH,sEAAsE;IACtE,MAAM,EAAE,uCAAuC,EAAE,GAAG,MAAM,MAAM,CAC9D,uBAAuB,CACxB,CAAC;IACF,MAAM,uCAAuC,EAAE,CAAC;IAEhD,wDAAwD;IACxD,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,eAAe,EAAE,CAAC;IAE3D,qBAAqB;IACrB,cAAc,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAEnC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AACrC,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC;QAElC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,SAAS,CAAC;QAC7D,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;QAExE,MAAM,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAEjC,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,sCAAsC,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;QAClE,OAAO,CAAC,GAAG,CACT,mCAAmC,IAAI,IAAI,IAAI,oBAAoB,CACpE,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE;YACvC,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,CAAC,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AAE3B,SAAS,WAAW,CAAC,OAAe;IAClC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;IAC/C,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;SACtB,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SACjD,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED,SAAS,uBAAuB;IAC9B,OAAO,oDAAoD,CAAC;AAC9D,CAAC"}