@naylence/advanced-security 0.3.6 → 0.3.7-test.112
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/browser/index.cjs +9864 -0
- package/dist/browser/index.mjs +9811 -0
- package/dist/cjs/advanced-security-isomorphic.js +82 -0
- package/dist/cjs/advanced-security-isomorphic.js.map +1 -0
- package/dist/cjs/browser.js +24 -5
- package/dist/cjs/browser.js.map +1 -1
- package/dist/cjs/index.js +1 -6
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/install-env.js +2 -0
- package/dist/cjs/install-env.js.map +1 -0
- package/dist/cjs/naylence/fame/factory-manifest.js +19 -4
- package/dist/cjs/naylence/fame/factory-manifest.js.map +1 -1
- package/dist/cjs/naylence/fame/security/cert/browser-csr.js +103 -0
- package/dist/cjs/naylence/fame/security/cert/browser-csr.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/ca-server-cli.js +30 -0
- package/dist/cjs/naylence/fame/security/cert/ca-server-cli.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/ca-server.js +223 -0
- package/dist/cjs/naylence/fame/security/cert/ca-server.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/ca-service-client.js +340 -39
- package/dist/cjs/naylence/fame/security/cert/ca-service-client.js.map +1 -1
- package/dist/cjs/naylence/fame/security/cert/ca-service-factory.js +7 -11
- package/dist/cjs/naylence/fame/security/cert/ca-service-factory.js.map +1 -1
- package/dist/cjs/naylence/fame/security/cert/ca-types.js +10 -7
- package/dist/cjs/naylence/fame/security/cert/ca-types.js.map +1 -1
- package/dist/cjs/naylence/fame/security/cert/csr-types.js +2 -0
- package/dist/cjs/naylence/fame/security/cert/csr-types.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/default-ca-service-factory.js +6 -10
- package/dist/cjs/naylence/fame/security/cert/default-ca-service-factory.js.map +1 -1
- package/dist/cjs/naylence/fame/security/cert/default-ca-service.js +130 -66
- package/dist/cjs/naylence/fame/security/cert/default-ca-service.js.map +1 -1
- package/dist/cjs/naylence/fame/security/cert/default-certificate-manager-factory.js +12 -16
- package/dist/cjs/naylence/fame/security/cert/default-certificate-manager-factory.js.map +1 -1
- package/dist/cjs/naylence/fame/security/cert/default-certificate-manager.js +262 -122
- package/dist/cjs/naylence/fame/security/cert/default-certificate-manager.js.map +1 -1
- package/dist/cjs/naylence/fame/security/cert/grants.js +1 -4
- package/dist/cjs/naylence/fame/security/cert/grants.js.map +1 -1
- package/dist/cjs/naylence/fame/security/cert/index.js +16 -50
- package/dist/cjs/naylence/fame/security/cert/index.js.map +1 -1
- package/dist/cjs/naylence/fame/security/cert/internal-ca-service.js +77 -123
- package/dist/cjs/naylence/fame/security/cert/internal-ca-service.js.map +1 -1
- package/dist/cjs/naylence/fame/security/cert/node-ed25519-csr.js +156 -0
- package/dist/cjs/naylence/fame/security/cert/node-ed25519-csr.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/oid-constants.js +7 -0
- package/dist/cjs/naylence/fame/security/cert/oid-constants.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/anchor-utils.js +119 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/anchor-utils.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/browser-trust-store-provider-factory.js +82 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/browser-trust-store-provider-factory.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/env-provider.js +168 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/env-provider.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/fame-ca-certs-parser.js +257 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/fame-ca-certs-parser.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/http-bundle-provider.js +497 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/http-bundle-provider.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/http-signed-bundle-provider.js +2 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/http-signed-bundle-provider.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/node-trust-store-provider-factory.js +61 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/node-trust-store-provider-factory.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/static-bundle-provider.js +44 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/static-bundle-provider.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/trust-store-provider-factory.js +40 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/trust-store-provider-factory.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/trust-store-provider.js +2 -0
- package/dist/cjs/naylence/fame/security/cert/trust-store/trust-store-provider.js.map +1 -0
- package/dist/cjs/naylence/fame/security/cert/util.js +25 -30
- package/dist/cjs/naylence/fame/security/cert/util.js.map +1 -1
- package/dist/cjs/naylence/fame/security/encryption/channel/channel-encryption-manager-factory.js +10 -14
- package/dist/cjs/naylence/fame/security/encryption/channel/channel-encryption-manager-factory.js.map +1 -1
- package/dist/cjs/naylence/fame/security/encryption/channel/channel-encryption-manager.js +59 -48
- package/dist/cjs/naylence/fame/security/encryption/channel/channel-encryption-manager.js.map +1 -1
- package/dist/cjs/naylence/fame/security/encryption/channel/index.js +2 -7
- package/dist/cjs/naylence/fame/security/encryption/channel/index.js.map +1 -1
- package/dist/cjs/naylence/fame/security/encryption/composite-encryption-manager-factory.js +10 -14
- package/dist/cjs/naylence/fame/security/encryption/composite-encryption-manager-factory.js.map +1 -1
- package/dist/cjs/naylence/fame/security/encryption/composite-encryption-manager.js +7 -11
- package/dist/cjs/naylence/fame/security/encryption/composite-encryption-manager.js.map +1 -1
- package/dist/cjs/naylence/fame/security/encryption/default-secure-channel-manager-factory.js +7 -11
- package/dist/cjs/naylence/fame/security/encryption/default-secure-channel-manager-factory.js.map +1 -1
- package/dist/cjs/naylence/fame/security/encryption/default-secure-channel-manager.js +19 -23
- package/dist/cjs/naylence/fame/security/encryption/default-secure-channel-manager.js.map +1 -1
- package/dist/cjs/naylence/fame/security/encryption/encryption-manager-registry.js +9 -15
- package/dist/cjs/naylence/fame/security/encryption/encryption-manager-registry.js.map +1 -1
- package/dist/cjs/naylence/fame/security/encryption/index.js +6 -15
- package/dist/cjs/naylence/fame/security/encryption/index.js.map +1 -1
- package/dist/cjs/naylence/fame/security/encryption/sealed/index.js +2 -7
- package/dist/cjs/naylence/fame/security/encryption/sealed/index.js.map +1 -1
- package/dist/cjs/naylence/fame/security/encryption/sealed/x25519-encryption-manager-factory.js +8 -12
- package/dist/cjs/naylence/fame/security/encryption/sealed/x25519-encryption-manager-factory.js.map +1 -1
- package/dist/cjs/naylence/fame/security/encryption/sealed/x25519-encryption-manager.js +26 -30
- package/dist/cjs/naylence/fame/security/encryption/sealed/x25519-encryption-manager.js.map +1 -1
- package/dist/cjs/naylence/fame/security/index.js +5 -10
- package/dist/cjs/naylence/fame/security/index.js.map +1 -1
- package/dist/cjs/naylence/fame/security/keys/index.js +2 -8
- package/dist/cjs/naylence/fame/security/keys/index.js.map +1 -1
- package/dist/cjs/naylence/fame/security/keys/x5c-key-manager-factory.js +9 -13
- package/dist/cjs/naylence/fame/security/keys/x5c-key-manager-factory.js.map +1 -1
- package/dist/cjs/naylence/fame/security/keys/x5c-key-manager.js +16 -52
- package/dist/cjs/naylence/fame/security/keys/x5c-key-manager.js.map +1 -1
- package/dist/cjs/naylence/fame/security/register-advanced-security-factories.js +220 -68
- package/dist/cjs/naylence/fame/security/register-advanced-security-factories.js.map +1 -1
- package/dist/cjs/naylence/fame/security/signing/eddsa-envelope-signer-factory.js +6 -43
- package/dist/cjs/naylence/fame/security/signing/eddsa-envelope-signer-factory.js.map +1 -1
- package/dist/cjs/naylence/fame/security/signing/eddsa-envelope-verifier-factory.js +14 -12
- package/dist/cjs/naylence/fame/security/signing/eddsa-envelope-verifier-factory.js.map +1 -1
- package/dist/cjs/naylence/fame/security/signing/eddsa-envelope-verifier.js +72 -125
- package/dist/cjs/naylence/fame/security/signing/eddsa-envelope-verifier.js.map +1 -1
- package/dist/cjs/naylence/fame/stickiness/aft-helper.js +8 -13
- package/dist/cjs/naylence/fame/stickiness/aft-helper.js.map +1 -1
- package/dist/cjs/naylence/fame/stickiness/aft-load-balancer-stickiness-manager-factory.js +12 -16
- package/dist/cjs/naylence/fame/stickiness/aft-load-balancer-stickiness-manager-factory.js.map +1 -1
- package/dist/cjs/naylence/fame/stickiness/aft-load-balancer-stickiness-manager.js +10 -14
- package/dist/cjs/naylence/fame/stickiness/aft-load-balancer-stickiness-manager.js.map +1 -1
- package/dist/cjs/naylence/fame/stickiness/aft-model.js +6 -14
- package/dist/cjs/naylence/fame/stickiness/aft-model.js.map +1 -1
- package/dist/cjs/naylence/fame/stickiness/aft-replica-stickiness-manager-factory.js +12 -16
- package/dist/cjs/naylence/fame/stickiness/aft-replica-stickiness-manager-factory.js.map +1 -1
- package/dist/cjs/naylence/fame/stickiness/aft-replica-stickiness-manager.js +13 -18
- package/dist/cjs/naylence/fame/stickiness/aft-replica-stickiness-manager.js.map +1 -1
- package/dist/cjs/naylence/fame/stickiness/aft-signer.js +23 -30
- package/dist/cjs/naylence/fame/stickiness/aft-signer.js.map +1 -1
- package/dist/cjs/naylence/fame/stickiness/aft-utils.js +3 -8
- package/dist/cjs/naylence/fame/stickiness/aft-utils.js.map +1 -1
- package/dist/cjs/naylence/fame/stickiness/aft-verifier.js +21 -28
- package/dist/cjs/naylence/fame/stickiness/aft-verifier.js.map +1 -1
- package/dist/cjs/naylence/fame/stickiness/index.js +10 -39
- package/dist/cjs/naylence/fame/stickiness/index.js.map +1 -1
- package/dist/cjs/naylence/fame/stickiness/stickiness-mode.js +3 -7
- package/dist/cjs/naylence/fame/stickiness/stickiness-mode.js.map +1 -1
- package/dist/cjs/naylence/fame/welcome/advanced-welcome-service-factory.js +14 -18
- package/dist/cjs/naylence/fame/welcome/advanced-welcome-service-factory.js.map +1 -1
- package/dist/cjs/naylence/fame/welcome/advanced-welcome-service.js +14 -18
- package/dist/cjs/naylence/fame/welcome/advanced-welcome-service.js.map +1 -1
- package/dist/cjs/naylence/fame/welcome/index.js +2 -8
- package/dist/cjs/naylence/fame/welcome/index.js.map +1 -1
- package/dist/cjs/node.js +11 -0
- package/dist/cjs/node.js.map +1 -0
- package/dist/cjs/plugin.js +8 -10
- package/dist/cjs/plugin.js.map +1 -1
- package/dist/cjs/version.js +8 -0
- package/dist/cjs/version.js.map +1 -0
- package/dist/esm/advanced-security-isomorphic.js +82 -0
- package/dist/esm/advanced-security-isomorphic.js.map +1 -0
- package/dist/esm/browser.js +24 -2
- package/dist/esm/browser.js.map +1 -1
- package/dist/esm/index.js +1 -3
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/install-env.js +2 -0
- package/dist/esm/install-env.js.map +1 -0
- package/dist/esm/naylence/fame/factory-manifest.js +18 -0
- package/dist/esm/naylence/fame/factory-manifest.js.map +1 -1
- package/dist/esm/naylence/fame/security/cert/browser-csr.js +103 -0
- package/dist/esm/naylence/fame/security/cert/browser-csr.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/ca-server-cli.js +30 -0
- package/dist/esm/naylence/fame/security/cert/ca-server-cli.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/ca-server.js +87 -17
- package/dist/esm/naylence/fame/security/cert/ca-server.js.map +1 -1
- package/dist/esm/naylence/fame/security/cert/ca-service-client.js +331 -24
- package/dist/esm/naylence/fame/security/cert/ca-service-client.js.map +1 -1
- package/dist/esm/naylence/fame/security/cert/ca-types.js +8 -0
- package/dist/esm/naylence/fame/security/cert/ca-types.js.map +1 -1
- package/dist/esm/naylence/fame/security/cert/csr-types.js +2 -0
- package/dist/esm/naylence/fame/security/cert/csr-types.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/default-ca-service.js +102 -1
- package/dist/esm/naylence/fame/security/cert/default-ca-service.js.map +1 -1
- package/dist/esm/naylence/fame/security/cert/default-certificate-manager-factory.js +2 -2
- package/dist/esm/naylence/fame/security/cert/default-certificate-manager-factory.js.map +1 -1
- package/dist/esm/naylence/fame/security/cert/default-certificate-manager.js +241 -64
- package/dist/esm/naylence/fame/security/cert/default-certificate-manager.js.map +1 -1
- package/dist/esm/naylence/fame/security/cert/index.js +7 -1
- package/dist/esm/naylence/fame/security/cert/index.js.map +1 -1
- package/dist/esm/naylence/fame/security/cert/internal-ca-service.js +3 -6
- package/dist/esm/naylence/fame/security/cert/internal-ca-service.js.map +1 -1
- package/dist/esm/naylence/fame/security/cert/node-ed25519-csr.js +156 -0
- package/dist/esm/naylence/fame/security/cert/node-ed25519-csr.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/oid-constants.js +7 -0
- package/dist/esm/naylence/fame/security/cert/oid-constants.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/anchor-utils.js +119 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/anchor-utils.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/browser-trust-store-provider-factory.js +82 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/browser-trust-store-provider-factory.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/env-provider.js +168 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/env-provider.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/fame-ca-certs-parser.js +257 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/fame-ca-certs-parser.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/http-bundle-provider.js +497 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/http-bundle-provider.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/http-signed-bundle-provider.js +2 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/http-signed-bundle-provider.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/node-trust-store-provider-factory.js +61 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/node-trust-store-provider-factory.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/static-bundle-provider.js +44 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/static-bundle-provider.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/trust-store-provider-factory.js +40 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/trust-store-provider-factory.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/trust-store-provider.js +2 -0
- package/dist/esm/naylence/fame/security/cert/trust-store/trust-store-provider.js.map +1 -0
- package/dist/esm/naylence/fame/security/cert/util.js +2 -3
- package/dist/esm/naylence/fame/security/cert/util.js.map +1 -1
- package/dist/esm/naylence/fame/security/encryption/channel/channel-encryption-manager.js +27 -12
- package/dist/esm/naylence/fame/security/encryption/channel/channel-encryption-manager.js.map +1 -1
- package/dist/esm/naylence/fame/security/register-advanced-security-factories.js +214 -26
- package/dist/esm/naylence/fame/security/register-advanced-security-factories.js.map +1 -1
- package/dist/esm/naylence/fame/security/signing/eddsa-envelope-verifier-factory.js +6 -0
- package/dist/esm/naylence/fame/security/signing/eddsa-envelope-verifier-factory.js.map +1 -1
- package/dist/esm/naylence/fame/security/signing/eddsa-envelope-verifier.js +43 -59
- package/dist/esm/naylence/fame/security/signing/eddsa-envelope-verifier.js.map +1 -1
- package/dist/esm/node.js +11 -0
- package/dist/esm/node.js.map +1 -0
- package/dist/esm/plugin.js +2 -0
- package/dist/esm/plugin.js.map +1 -1
- package/dist/esm/version.js +8 -0
- package/dist/esm/version.js.map +1 -0
- package/dist/node/index.cjs +9855 -0
- package/dist/node/index.mjs +9800 -0
- package/dist/node/node.cjs +10139 -0
- package/dist/node/node.mjs +10046 -0
- package/dist/types/advanced-security-isomorphic.d.ts +24 -0
- package/dist/types/advanced-security-isomorphic.d.ts.map +1 -0
- package/dist/types/browser.d.ts +18 -1
- package/dist/types/browser.d.ts.map +1 -1
- package/dist/types/index.d.ts +1 -3
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/install-env.d.ts +3 -0
- package/dist/types/install-env.d.ts.map +1 -0
- package/dist/types/naylence/fame/factory-manifest.d.ts +3 -1
- package/dist/types/naylence/fame/factory-manifest.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/cert/browser-csr.d.ts +9 -0
- package/dist/types/naylence/fame/security/cert/browser-csr.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/ca-server-cli.d.ts +3 -0
- package/dist/types/naylence/fame/security/cert/ca-server-cli.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/ca-server.d.ts +2 -2
- package/dist/types/naylence/fame/security/cert/ca-server.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/cert/ca-service-client.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/cert/ca-types.d.ts +32 -0
- package/dist/types/naylence/fame/security/cert/ca-types.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/cert/csr-types.d.ts +5 -0
- package/dist/types/naylence/fame/security/cert/csr-types.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/default-ca-service.d.ts +2 -1
- package/dist/types/naylence/fame/security/cert/default-ca-service.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/cert/default-certificate-manager-factory.d.ts +1 -1
- package/dist/types/naylence/fame/security/cert/default-certificate-manager-factory.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/cert/default-certificate-manager.d.ts +32 -0
- package/dist/types/naylence/fame/security/cert/default-certificate-manager.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/cert/index.d.ts +9 -1
- package/dist/types/naylence/fame/security/cert/index.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/cert/internal-ca-service.d.ts +0 -3
- package/dist/types/naylence/fame/security/cert/internal-ca-service.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/cert/node-ed25519-csr.d.ts +9 -0
- package/dist/types/naylence/fame/security/cert/node-ed25519-csr.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/oid-constants.d.ts +7 -0
- package/dist/types/naylence/fame/security/cert/oid-constants.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/trust-store/anchor-utils.d.ts +12 -0
- package/dist/types/naylence/fame/security/cert/trust-store/anchor-utils.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/trust-store/browser-trust-store-provider-factory.d.ts +29 -0
- package/dist/types/naylence/fame/security/cert/trust-store/browser-trust-store-provider-factory.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/trust-store/env-provider.d.ts +7 -0
- package/dist/types/naylence/fame/security/cert/trust-store/env-provider.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/trust-store/fame-ca-certs-parser.d.ts +9 -0
- package/dist/types/naylence/fame/security/cert/trust-store/fame-ca-certs-parser.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/trust-store/http-bundle-provider.d.ts +35 -0
- package/dist/types/naylence/fame/security/cert/trust-store/http-bundle-provider.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/trust-store/http-signed-bundle-provider.d.ts +2 -0
- package/dist/types/naylence/fame/security/cert/trust-store/http-signed-bundle-provider.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/trust-store/node-trust-store-provider-factory.d.ts +23 -0
- package/dist/types/naylence/fame/security/cert/trust-store/node-trust-store-provider-factory.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/trust-store/static-bundle-provider.d.ts +15 -0
- package/dist/types/naylence/fame/security/cert/trust-store/static-bundle-provider.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/trust-store/trust-store-provider-factory.d.ts +28 -0
- package/dist/types/naylence/fame/security/cert/trust-store/trust-store-provider-factory.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/trust-store/trust-store-provider.d.ts +43 -0
- package/dist/types/naylence/fame/security/cert/trust-store/trust-store-provider.d.ts.map +1 -0
- package/dist/types/naylence/fame/security/cert/util.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/encryption/channel/channel-encryption-manager.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/register-advanced-security-factories.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/signing/eddsa-envelope-verifier-factory.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/signing/eddsa-envelope-verifier.d.ts +5 -0
- package/dist/types/naylence/fame/security/signing/eddsa-envelope-verifier.d.ts.map +1 -1
- package/dist/types/node.d.ts +11 -0
- package/dist/types/node.d.ts.map +1 -0
- package/dist/types/plugin.d.ts.map +1 -1
- package/dist/types/version.d.ts +6 -0
- package/dist/types/version.d.ts.map +1 -0
- package/package.json +88 -15
- package/dist/browser/index.js +0 -25070
- package/dist/browser/index.js.map +0 -1
|
@@ -1,15 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.isSignedAft = isSignedAft;
|
|
4
|
-
exports.sanitizeStickinessScope = sanitizeStickinessScope;
|
|
5
|
-
exports.serializeAftHeader = serializeAftHeader;
|
|
6
|
-
exports.serializeAftClaims = serializeAftClaims;
|
|
7
|
-
exports.createAftPayload = createAftPayload;
|
|
8
|
-
exports.describeSecurityLevel = describeSecurityLevel;
|
|
9
|
-
function isSignedAft(payload) {
|
|
1
|
+
export function isSignedAft(payload) {
|
|
10
2
|
return payload.header.alg !== "none";
|
|
11
3
|
}
|
|
12
|
-
function sanitizeStickinessScope(scope) {
|
|
4
|
+
export function sanitizeStickinessScope(scope) {
|
|
13
5
|
if (!scope) {
|
|
14
6
|
return undefined;
|
|
15
7
|
}
|
|
@@ -22,13 +14,13 @@ function sanitizeStickinessScope(scope) {
|
|
|
22
14
|
}
|
|
23
15
|
return undefined;
|
|
24
16
|
}
|
|
25
|
-
function serializeAftHeader(header) {
|
|
17
|
+
export function serializeAftHeader(header) {
|
|
26
18
|
return JSON.stringify({
|
|
27
19
|
alg: header.alg,
|
|
28
20
|
kid: header.kid,
|
|
29
21
|
});
|
|
30
22
|
}
|
|
31
|
-
function serializeAftClaims(claims) {
|
|
23
|
+
export function serializeAftClaims(claims) {
|
|
32
24
|
const payload = {
|
|
33
25
|
sid: claims.sid,
|
|
34
26
|
exp: claims.exp,
|
|
@@ -41,7 +33,7 @@ function serializeAftClaims(claims) {
|
|
|
41
33
|
}
|
|
42
34
|
return JSON.stringify(payload);
|
|
43
35
|
}
|
|
44
|
-
function createAftPayload(options) {
|
|
36
|
+
export function createAftPayload(options) {
|
|
45
37
|
const { sid, ttlSeconds, kid, algorithm, scope = null, clientSid = null, now = () => Math.floor(Date.now() / 1000), } = options;
|
|
46
38
|
const exp = now() + Math.max(0, Math.floor(ttlSeconds));
|
|
47
39
|
const sanitizedScope = sanitizeStickinessScope(scope);
|
|
@@ -56,7 +48,7 @@ function createAftPayload(options) {
|
|
|
56
48
|
};
|
|
57
49
|
return { header, claims };
|
|
58
50
|
}
|
|
59
|
-
function describeSecurityLevel(mode) {
|
|
51
|
+
export function describeSecurityLevel(mode) {
|
|
60
52
|
return mode;
|
|
61
53
|
}
|
|
62
54
|
//# sourceMappingURL=aft-model.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aft-model.js","sourceRoot":"","sources":["../../../../../src/naylence/fame/stickiness/aft-model.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"aft-model.js","sourceRoot":"","sources":["../../../../../src/naylence/fame/stickiness/aft-model.ts"],"names":[],"mappings":"AAmBA,MAAM,UAAU,WAAW,CACzB,OAA2C;IAE3C,OAAO,OAAO,CAAC,MAAM,CAAC,GAAG,KAAK,MAAM,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,KAAqB;IAErB,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC9C,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,UAAU,KAAK,MAAM,IAAI,UAAU,KAAK,MAAM,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;QAC5E,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,MAAiB;IAClD,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,GAAG,EAAE,MAAM,CAAC,GAAG;KAChB,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,MAAiB;IAClD,MAAM,OAAO,GAA4B;QACvC,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,GAAG,EAAE,MAAM,CAAC,GAAG;KAChB,CAAC;IAEF,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,IAAI,MAAM,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5D,OAAO,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;IAC3B,CAAC;IAED,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1E,OAAO,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IACzC,CAAC;IAED,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;AACjC,CAAC;AAYD,MAAM,UAAU,gBAAgB,CAAC,OAAgC;IAC/D,MAAM,EACJ,GAAG,EACH,UAAU,EACV,GAAG,EACH,SAAS,EACT,KAAK,GAAG,IAAI,EACZ,SAAS,GAAG,IAAI,EAChB,GAAG,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAC1C,GAAG,OAAO,CAAC;IAEZ,MAAM,GAAG,GAAG,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC;IAExD,MAAM,cAAc,GAAG,uBAAuB,CAAC,KAAK,CAAC,CAAC;IACtD,MAAM,MAAM,GAAc,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC;IAClD,MAAM,MAAM,GAAc;QACxB,GAAG;QACH,GAAG;QACH,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAClD,GAAG,CAAC,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC;YACvD,CAAC,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE;YAC3B,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;IAEF,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,IAAoB;IACxD,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -1,21 +1,18 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
const
|
|
5
|
-
|
|
6
|
-
const stickiness_mode_js_1 = require("./stickiness-mode.js");
|
|
7
|
-
exports.FACTORY_META = {
|
|
8
|
-
base: runtime_1.REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE,
|
|
1
|
+
import { REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE, ReplicaStickinessManagerFactory, } from "@naylence/runtime";
|
|
2
|
+
import { AFTReplicaStickinessManager } from "./aft-replica-stickiness-manager.js";
|
|
3
|
+
import { StickinessMode, normalizeStickinessMode } from "./stickiness-mode.js";
|
|
4
|
+
export const FACTORY_META = {
|
|
5
|
+
base: REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE,
|
|
9
6
|
key: "AFTReplicaStickinessManager",
|
|
10
7
|
};
|
|
11
8
|
const DEFAULT_VALUES = {
|
|
12
|
-
securityLevel:
|
|
9
|
+
securityLevel: StickinessMode.SIGNED_OPTIONAL,
|
|
13
10
|
maxTtlSec: 7200,
|
|
14
11
|
};
|
|
15
12
|
function normalizeConfig(config) {
|
|
16
13
|
const record = (config ?? {});
|
|
17
14
|
const normalizedSecurity = record.securityLevel
|
|
18
|
-
?
|
|
15
|
+
? normalizeStickinessMode(record.securityLevel)
|
|
19
16
|
: DEFAULT_VALUES.securityLevel;
|
|
20
17
|
const securityLevel = normalizedSecurity ?? DEFAULT_VALUES.securityLevel;
|
|
21
18
|
const maxTtlSecValue = typeof record.maxTtlSec === "number" && Number.isFinite(record.maxTtlSec)
|
|
@@ -28,27 +25,26 @@ function normalizeConfig(config) {
|
|
|
28
25
|
maxTtlSec: maxTtlSecValue,
|
|
29
26
|
};
|
|
30
27
|
}
|
|
31
|
-
class AFTReplicaStickinessManagerFactory extends
|
|
28
|
+
export class AFTReplicaStickinessManagerFactory extends ReplicaStickinessManagerFactory {
|
|
32
29
|
constructor() {
|
|
33
30
|
super(...arguments);
|
|
34
|
-
this.type =
|
|
31
|
+
this.type = FACTORY_META.key;
|
|
35
32
|
this.isDefault = true;
|
|
36
33
|
}
|
|
37
34
|
async create(config, dependencies) {
|
|
38
35
|
const resolvedConfig = normalizeConfig(config);
|
|
39
36
|
const helper = dependencies?.aftHelper ?? null;
|
|
40
|
-
const securityLevel =
|
|
37
|
+
const securityLevel = normalizeStickinessMode(resolvedConfig.securityLevel ?? DEFAULT_VALUES.securityLevel) ?? DEFAULT_VALUES.securityLevel;
|
|
41
38
|
const maxTtlSec = typeof resolvedConfig.maxTtlSec === "number" &&
|
|
42
39
|
Number.isFinite(resolvedConfig.maxTtlSec)
|
|
43
40
|
? Math.max(0, Math.floor(resolvedConfig.maxTtlSec))
|
|
44
41
|
: DEFAULT_VALUES.maxTtlSec;
|
|
45
|
-
return new
|
|
42
|
+
return new AFTReplicaStickinessManager({
|
|
46
43
|
securityLevel,
|
|
47
44
|
maxTtlSec,
|
|
48
45
|
aftHelper: helper,
|
|
49
46
|
});
|
|
50
47
|
}
|
|
51
48
|
}
|
|
52
|
-
|
|
53
|
-
exports.default = AFTReplicaStickinessManagerFactory;
|
|
49
|
+
export default AFTReplicaStickinessManagerFactory;
|
|
54
50
|
//# sourceMappingURL=aft-replica-stickiness-manager-factory.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aft-replica-stickiness-manager-factory.js","sourceRoot":"","sources":["../../../../../src/naylence/fame/stickiness/aft-replica-stickiness-manager-factory.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"aft-replica-stickiness-manager-factory.js","sourceRoot":"","sources":["../../../../../src/naylence/fame/stickiness/aft-replica-stickiness-manager-factory.ts"],"names":[],"mappings":"AACA,OAAO,EACL,4CAA4C,EAC5C,+BAA+B,GAEhC,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAC;AAClF,OAAO,EAAE,cAAc,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAa/E,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,IAAI,EAAE,4CAA4C;IAClD,GAAG,EAAE,6BAA6B;CAC1B,CAAC;AAEX,MAAM,cAAc,GAAG;IACrB,aAAa,EAAE,cAAc,CAAC,eAAe;IAC7C,SAAS,EAAE,IAAI;CACP,CAAC;AAEX,SAAS,eAAe,CACtB,MAA2E;IAE3E,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,EAAE,CAA4B,CAAC;IAEzD,MAAM,kBAAkB,GAAG,MAAM,CAAC,aAAa;QAC7C,CAAC,CAAC,uBAAuB,CAAC,MAAM,CAAC,aAAwC,CAAC;QAC1E,CAAC,CAAC,cAAc,CAAC,aAAa,CAAC;IAEjC,MAAM,aAAa,GAAG,kBAAkB,IAAI,cAAc,CAAC,aAAa,CAAC;IACzE,MAAM,cAAc,GAClB,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC;QACvE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC3C,CAAC,CAAC,cAAc,CAAC,SAAS,CAAC;IAE/B,OAAO;QACL,GAAG,MAAM;QACT,IAAI,EAAE,6BAA6B;QACnC,aAAa;QACb,SAAS,EAAE,cAAc;KACW,CAAC;AACzC,CAAC;AAED,MAAM,OAAO,kCAAmC,SAAQ,+BAAkE;IAA1H;;QACkB,SAAI,GAAG,YAAY,CAAC,GAAG,CAAC;QACxB,cAAS,GAAG,IAAI,CAAC;IAwBnC,CAAC;IAtBQ,KAAK,CAAC,MAAM,CACjB,MAA2E,EAC3E,YAA6D;QAE7D,MAAM,cAAc,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,YAAY,EAAE,SAAS,IAAI,IAAI,CAAC;QAC/C,MAAM,aAAa,GACjB,uBAAuB,CACrB,cAAc,CAAC,aAAa,IAAI,cAAc,CAAC,aAAa,CAC7D,IAAI,cAAc,CAAC,aAAa,CAAC;QACpC,MAAM,SAAS,GACb,OAAO,cAAc,CAAC,SAAS,KAAK,QAAQ;YAC5C,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAC,SAAS,CAAC;YACvC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;YACnD,CAAC,CAAC,cAAc,CAAC,SAAS,CAAC;QAE/B,OAAO,IAAI,2BAA2B,CAAC;YACrC,aAAa;YACb,SAAS;YACT,SAAS,EAAE,MAAM;SAClB,CAAC,CAAC;IACL,CAAC;CACF;AAED,eAAe,kCAAkC,CAAC"}
|
|
@@ -1,13 +1,9 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
const
|
|
7
|
-
const runtime_2 = require("@naylence/runtime");
|
|
8
|
-
const aft_helper_js_1 = require("./aft-helper.js");
|
|
9
|
-
const stickiness_mode_js_1 = require("./stickiness-mode.js");
|
|
10
|
-
const logger = (0, runtime_2.getLogger)("naylence.fame.stickiness.aft_replica_stickiness_manager");
|
|
1
|
+
import { DeliveryOriginType } from "@naylence/core";
|
|
2
|
+
import { BaseNodeEventListener } from "@naylence/runtime";
|
|
3
|
+
import { getLogger } from "@naylence/runtime";
|
|
4
|
+
import { createAftHelper, DEFAULT_STICKINESS_SECURITY_LEVEL, } from "./aft-helper.js";
|
|
5
|
+
import { StickinessMode, normalizeStickinessMode } from "./stickiness-mode.js";
|
|
6
|
+
const logger = getLogger("naylence.fame.stickiness.aft_replica_stickiness_manager");
|
|
11
7
|
function isStickinessRequired(context) {
|
|
12
8
|
if (typeof context.stickinessRequired === "boolean") {
|
|
13
9
|
return context.stickinessRequired;
|
|
@@ -17,11 +13,11 @@ function isStickinessRequired(context) {
|
|
|
17
13
|
}
|
|
18
14
|
return false;
|
|
19
15
|
}
|
|
20
|
-
class AFTReplicaStickinessManager extends
|
|
16
|
+
export class AFTReplicaStickinessManager extends BaseNodeEventListener {
|
|
21
17
|
constructor(options = {}) {
|
|
22
18
|
super();
|
|
23
19
|
this.securityLevel =
|
|
24
|
-
|
|
20
|
+
normalizeStickinessMode(options.securityLevel ?? DEFAULT_STICKINESS_SECURITY_LEVEL) ?? DEFAULT_STICKINESS_SECURITY_LEVEL;
|
|
25
21
|
this.aftHelper = options.aftHelper ?? null;
|
|
26
22
|
this.maxTtlSec = options.maxTtlSec ?? 7200;
|
|
27
23
|
this.isInitialized = this.aftHelper !== null;
|
|
@@ -66,7 +62,7 @@ class AFTReplicaStickinessManager extends runtime_1.BaseNodeEventListener {
|
|
|
66
62
|
}
|
|
67
63
|
const stickinessContext = context;
|
|
68
64
|
if (isStickinessRequired(stickinessContext) &&
|
|
69
|
-
context.originType ===
|
|
65
|
+
context.originType === DeliveryOriginType.LOCAL) {
|
|
70
66
|
if (this.negotiatedStickiness) {
|
|
71
67
|
const negotiated = this.negotiatedStickiness;
|
|
72
68
|
if (negotiated.enabled === false ||
|
|
@@ -162,7 +158,7 @@ class AFTReplicaStickinessManager extends runtime_1.BaseNodeEventListener {
|
|
|
162
158
|
const privateKeyPem = typeof cryptoProvider.signingPrivatePem === "string"
|
|
163
159
|
? cryptoProvider.signingPrivatePem
|
|
164
160
|
: null;
|
|
165
|
-
if (this.securityLevel ===
|
|
161
|
+
if (this.securityLevel === StickinessMode.STRICT && !privateKeyPem) {
|
|
166
162
|
logger.error("aft_replica_stickiness_manager_initialization_failed", {
|
|
167
163
|
node_id: node.id ?? "unknown",
|
|
168
164
|
error: "Missing signing private key for strict security level",
|
|
@@ -170,7 +166,7 @@ class AFTReplicaStickinessManager extends runtime_1.BaseNodeEventListener {
|
|
|
170
166
|
return;
|
|
171
167
|
}
|
|
172
168
|
try {
|
|
173
|
-
const helper =
|
|
169
|
+
const helper = createAftHelper({
|
|
174
170
|
securityLevel: this.securityLevel,
|
|
175
171
|
nodeSid,
|
|
176
172
|
kid: keyId,
|
|
@@ -200,9 +196,8 @@ class AFTReplicaStickinessManager extends runtime_1.BaseNodeEventListener {
|
|
|
200
196
|
return this.aftHelper;
|
|
201
197
|
}
|
|
202
198
|
}
|
|
203
|
-
|
|
204
|
-
function createAftReplicaStickinessManager(aftHelper) {
|
|
199
|
+
export function createAftReplicaStickinessManager(aftHelper) {
|
|
205
200
|
return new AFTReplicaStickinessManager({ aftHelper });
|
|
206
201
|
}
|
|
207
|
-
|
|
202
|
+
export default AFTReplicaStickinessManager;
|
|
208
203
|
//# sourceMappingURL=aft-replica-stickiness-manager.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aft-replica-stickiness-manager.js","sourceRoot":"","sources":["../../../../../src/naylence/fame/stickiness/aft-replica-stickiness-manager.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"aft-replica-stickiness-manager.js","sourceRoot":"","sources":["../../../../../src/naylence/fame/stickiness/aft-replica-stickiness-manager.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAE1D,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAG9C,OAAO,EACL,eAAe,EACf,iCAAiC,GAClC,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EAAE,cAAc,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAG/E,MAAM,MAAM,GAAG,SAAS,CACtB,yDAAyD,CAC1D,CAAC;AASF,SAAS,oBAAoB,CAAC,OAA+B;IAC3D,IAAI,OAAO,OAAO,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;QACpD,OAAO,OAAO,CAAC,kBAAkB,CAAC;IACpC,CAAC;IACD,IAAI,OAAO,OAAO,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;QACrD,OAAO,OAAO,CAAC,mBAAmB,CAAC;IACrC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAQD,MAAM,OAAO,2BACX,SAAQ,qBAAqB;IAS7B,YAAmB,UAA8C,EAAE;QACjE,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,aAAa;YAChB,uBAAuB,CACrB,OAAO,CAAC,aAAa,IAAI,iCAAiC,CAC3D,IAAI,iCAAiC,CAAC;QACzC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC;QAC3C,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC;QAC3C,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,SAAS,KAAK,IAAI,CAAC;QAC7C,IAAI,CAAC,oBAAoB,GAAG,IAAI,CAAC;QAEjC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,MAAM,CAAC,KAAK,CAAC,4CAA4C,EAAE;gBACzD,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI;gBACnD,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,aAAa;gBACnD,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS;aACtC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,KAAK,CAAC,wCAAwC,EAAE;gBACrD,cAAc,EAAE,IAAI,CAAC,aAAa;gBAClC,WAAW,EAAE,IAAI,CAAC,SAAS;aAC5B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEM,KAAK;QACV,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;IACtE,CAAC;IAEM,MAAM,CAAC,UAA6B;QACzC,IAAI,CAAC,oBAAoB,GAAG,UAAU,IAAI,IAAI,CAAC;QAC/C,MAAM,CAAC,KAAK,CAAC,+BAA+B,EAAE;YAC5C,OAAO,EAAE,UAAU,EAAE,OAAO,IAAI,IAAI;YACpC,IAAI,EAAE,UAAU,EAAE,IAAI,IAAI,IAAI;YAC9B,GAAG,EAAE,UAAU,EAAE,MAAM,IAAI,IAAI;SAChC,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,iBAAiB,CAC5B,KAAe,EACf,QAAsB,EACtB,OAA6B;QAE7B,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC;QAC9B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,CAAC,KAAK,CAAC,qCAAqC,EAAE;gBAClD,WAAW,EAAE,QAAQ,CAAC,EAAE;gBACxB,eAAe,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI;gBAC3C,MAAM,EAAE,iBAAiB;aAC1B,CAAC,CAAC;YACH,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,MAAM,iBAAiB,GAAG,OAAiC,CAAC;QAE5D,IACE,oBAAoB,CAAC,iBAAiB,CAAC;YACvC,OAAO,CAAC,UAAU,KAAK,kBAAkB,CAAC,KAAK,EAC/C,CAAC;YACD,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAC9B,MAAM,UAAU,GAAG,IAAI,CAAC,oBAAoB,CAAC;gBAC7C,IACE,UAAU,CAAC,OAAO,KAAK,KAAK;oBAC5B,CAAC,UAAU,CAAC,IAAI,KAAK,IAAI;wBACvB,UAAU,CAAC,IAAI,KAAK,SAAS;wBAC7B,UAAU,CAAC,IAAI,KAAK,KAAK,CAAC,EAC5B,CAAC;oBACD,MAAM,CAAC,KAAK,CAAC,qCAAqC,EAAE;wBAClD,WAAW,EAAE,QAAQ,CAAC,EAAE;wBACxB,WAAW,EAAE,UAAU,CAAC,IAAI,IAAI,IAAI;wBACpC,cAAc,EAAE,UAAU,CAAC,OAAO,IAAI,IAAI;qBAC3C,CAAC,CAAC;oBACH,OAAO,QAAQ,CAAC;gBAClB,CAAC;YACH,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,+CAA+C,EAAE;gBAC5D,WAAW,EAAE,QAAQ,CAAC,EAAE;gBACxB,cAAc,EAAE,OAAO,CAAC,YAAY,IAAI,IAAI;gBAC5C,eAAe,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI;aAC5C,CAAC,CAAC;YAEH,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,QAAQ,EAAE;gBACvD,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,MAAM;gBACb,OAAO,EAAE,iBAAiB;aAC3B,CAAC,CAAC;YAEH,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,CAAC,KAAK,CAAC,6CAA6C,EAAE;oBAC1D,WAAW,EAAE,QAAQ,CAAC,EAAE;oBACxB,cAAc,EAAE,OAAO,CAAC,YAAY,IAAI,IAAI;oBAC5C,eAAe,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI;iBAC5C,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE;oBAC7C,WAAW,EAAE,QAAQ,CAAC,EAAE;oBACxB,eAAe,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI;oBAC3C,MAAM,EAAE,uBAAuB;iBAChC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,IAAc;QACvC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;YACrC,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YAC/B,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC7B,MAAM,CAAC,KAAK,CAAC,4CAA4C,EAAE;gBACzD,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,SAAS;gBAC7B,QAAQ,EAAE,IAAI,CAAC,GAAG;gBAClB,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,aAAa;aACpD,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YACrB,MAAM,CAAC,OAAO,CAAC,iDAAiD,EAAE;gBAChE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,SAAS;aAC9B,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,KAAK,CAAC,iDAAiD,EAAE;gBAC9D,SAAS,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,IAAI,OAAO,IAAI;aACjD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEM,aAAa,CAAC,OAAe;QAClC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,IAAI,CAAC,SAAS,CAAC,OAAO,GAAG,OAAO,CAAC;YACjC,MAAM,CAAC,KAAK,CAAC,4CAA4C,EAAE;gBACzD,OAAO,EAAE,OAAO;aACjB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAAC,IAAc;QAC9C,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC;QACzB,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,yDAAyD,EAAE;gBACtE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,SAAS;aAC9B,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC;QACnD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,CAAC,KAAK,CACV,qEAAqE,EACrE;gBACE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,SAAS;aAC9B,CACF,CAAC;YACF,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GACT,OAAO,cAAc,CAAC,cAAc,KAAK,QAAQ;YACjD,cAAc,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC;YACtC,CAAC,CAAC,cAAc,CAAC,cAAc;YAC/B,CAAC,CAAC,gBAAgB,CAAC;QACvB,MAAM,aAAa,GACjB,OAAO,cAAc,CAAC,iBAAiB,KAAK,QAAQ;YAClD,CAAC,CAAC,cAAc,CAAC,iBAAiB;YAClC,CAAC,CAAC,IAAI,CAAC;QAEX,IAAI,IAAI,CAAC,aAAa,KAAK,cAAc,CAAC,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;YACnE,MAAM,CAAC,KAAK,CAAC,sDAAsD,EAAE;gBACnE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,SAAS;gBAC7B,KAAK,EAAE,uDAAuD;aAC/D,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,eAAe,CAAC;gBAC7B,aAAa,EAAE,IAAI,CAAC,aAAa;gBACjC,OAAO;gBACP,GAAG,EAAE,KAAK;gBACV,aAAa;gBACb,SAAS,EAAE,IAAI,CAAC,SAAS;aAC1B,CAAC,CAAC;YACH,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC;YACxB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAE1B,MAAM,CAAC,KAAK,CAAC,4CAA4C,EAAE;gBACzD,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,SAAS;gBAC7B,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE,KAAK;gBACb,cAAc,EAAE,MAAM,CAAC,MAAM,CAAC,aAAa;aAC5C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,sDAAsD,EAAE;gBACnE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,SAAS;gBAC7B,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,SAAS,EAAE,MAAM,IAAI,IAAI,CAAC;IACxC,CAAC;IAEM,SAAS;QACd,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;CACF;AAED,MAAM,UAAU,iCAAiC,CAC/C,SAAoB;IAEpB,OAAO,IAAI,2BAA2B,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;AACxD,CAAC;AAED,eAAe,2BAA2B,CAAC"}
|
|
@@ -1,13 +1,9 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
const
|
|
7
|
-
const aft_model_js_1 = require("./aft-model.js");
|
|
8
|
-
const aft_utils_js_1 = require("./aft-utils.js");
|
|
9
|
-
const stickiness_mode_js_1 = require("./stickiness-mode.js");
|
|
10
|
-
const logger = (0, runtime_1.getLogger)("naylence.fame.stickiness.aft_signer");
|
|
1
|
+
import { importPKCS8, SignJWT } from "jose";
|
|
2
|
+
import { getLogger } from "@naylence/runtime";
|
|
3
|
+
import { createAftPayload, serializeAftClaims, serializeAftHeader, } from "./aft-model.js";
|
|
4
|
+
import { base64UrlEncode } from "./aft-utils.js";
|
|
5
|
+
import { StickinessMode } from "./stickiness-mode.js";
|
|
6
|
+
const logger = getLogger("naylence.fame.stickiness.aft_signer");
|
|
11
7
|
class AbstractAFTSigner {
|
|
12
8
|
constructor(kid, maxTtlSec = 7200) {
|
|
13
9
|
this.kid = kid;
|
|
@@ -27,7 +23,7 @@ class AbstractAFTSigner {
|
|
|
27
23
|
}
|
|
28
24
|
createPayload(options, algorithm) {
|
|
29
25
|
const ttl = this.clampTtl(options.ttlSec);
|
|
30
|
-
return
|
|
26
|
+
return createAftPayload({
|
|
31
27
|
sid: options.sid,
|
|
32
28
|
kid: this.kid,
|
|
33
29
|
algorithm,
|
|
@@ -37,36 +33,34 @@ class AbstractAFTSigner {
|
|
|
37
33
|
});
|
|
38
34
|
}
|
|
39
35
|
}
|
|
40
|
-
class UnsignedAFTSigner extends AbstractAFTSigner {
|
|
36
|
+
export class UnsignedAFTSigner extends AbstractAFTSigner {
|
|
41
37
|
constructor(kid, maxTtlSec = 7200) {
|
|
42
38
|
super(kid, maxTtlSec);
|
|
43
39
|
}
|
|
44
40
|
get securityLevel() {
|
|
45
|
-
return
|
|
41
|
+
return StickinessMode.SIGNED_OPTIONAL;
|
|
46
42
|
}
|
|
47
43
|
async signAft(options) {
|
|
48
44
|
const payload = this.createPayload(options, "none");
|
|
49
|
-
const headerJson =
|
|
50
|
-
const claimsJson =
|
|
51
|
-
const headerB64 =
|
|
52
|
-
const payloadB64 =
|
|
45
|
+
const headerJson = serializeAftHeader(payload.header);
|
|
46
|
+
const claimsJson = serializeAftClaims(payload.claims);
|
|
47
|
+
const headerB64 = base64UrlEncode(headerJson);
|
|
48
|
+
const payloadB64 = base64UrlEncode(claimsJson);
|
|
53
49
|
return `${headerB64}.${payloadB64}.`;
|
|
54
50
|
}
|
|
55
51
|
}
|
|
56
|
-
|
|
57
|
-
class NoAFTSigner extends AbstractAFTSigner {
|
|
52
|
+
export class NoAFTSigner extends AbstractAFTSigner {
|
|
58
53
|
constructor() {
|
|
59
54
|
super("none", 0);
|
|
60
55
|
}
|
|
61
56
|
get securityLevel() {
|
|
62
|
-
return
|
|
57
|
+
return StickinessMode.SID_ONLY;
|
|
63
58
|
}
|
|
64
59
|
async signAft() {
|
|
65
60
|
return "";
|
|
66
61
|
}
|
|
67
62
|
}
|
|
68
|
-
|
|
69
|
-
class SignedAFTSigner extends AbstractAFTSigner {
|
|
63
|
+
export class SignedAFTSigner extends AbstractAFTSigner {
|
|
70
64
|
constructor(options) {
|
|
71
65
|
super(options.kid, options.maxTtlSec ?? 7200);
|
|
72
66
|
this.cryptoKeyPromise = null;
|
|
@@ -74,7 +68,7 @@ class SignedAFTSigner extends AbstractAFTSigner {
|
|
|
74
68
|
this.algorithm = options.algorithm ?? "EdDSA";
|
|
75
69
|
}
|
|
76
70
|
get securityLevel() {
|
|
77
|
-
return
|
|
71
|
+
return StickinessMode.STRICT;
|
|
78
72
|
}
|
|
79
73
|
async signAft(options) {
|
|
80
74
|
const payload = this.createPayload(options, this.algorithm);
|
|
@@ -93,7 +87,7 @@ class SignedAFTSigner extends AbstractAFTSigner {
|
|
|
93
87
|
const now = Math.floor(Date.now() / 1000);
|
|
94
88
|
const exp = payload.claims.exp;
|
|
95
89
|
try {
|
|
96
|
-
const token = await new
|
|
90
|
+
const token = await new SignJWT(claimsPayload)
|
|
97
91
|
.setProtectedHeader({ alg: this.algorithm, kid: this.kid })
|
|
98
92
|
.setIssuedAt(now)
|
|
99
93
|
.setExpirationTime(exp)
|
|
@@ -111,7 +105,7 @@ class SignedAFTSigner extends AbstractAFTSigner {
|
|
|
111
105
|
}
|
|
112
106
|
async resolveKey() {
|
|
113
107
|
if (!this.cryptoKeyPromise) {
|
|
114
|
-
this.cryptoKeyPromise =
|
|
108
|
+
this.cryptoKeyPromise = importPKCS8(this.privateKeyPem, this.algorithm).catch((error) => {
|
|
115
109
|
this.cryptoKeyPromise = null;
|
|
116
110
|
logger.error("aft_private_key_import_failed", {
|
|
117
111
|
kid: this.kid,
|
|
@@ -124,17 +118,16 @@ class SignedAFTSigner extends AbstractAFTSigner {
|
|
|
124
118
|
return this.cryptoKeyPromise;
|
|
125
119
|
}
|
|
126
120
|
}
|
|
127
|
-
|
|
128
|
-
function createAftSigner(options) {
|
|
121
|
+
export function createAftSigner(options) {
|
|
129
122
|
const { securityLevel, kid, privateKeyPem = null, algorithm = "EdDSA", maxTtlSec = 7200, } = options;
|
|
130
123
|
switch (securityLevel) {
|
|
131
|
-
case
|
|
124
|
+
case StickinessMode.STRICT: {
|
|
132
125
|
if (!privateKeyPem) {
|
|
133
126
|
throw new Error("Private key PEM required for strict security level");
|
|
134
127
|
}
|
|
135
128
|
return new SignedAFTSigner({ kid, privateKeyPem, algorithm, maxTtlSec });
|
|
136
129
|
}
|
|
137
|
-
case
|
|
130
|
+
case StickinessMode.SIGNED_OPTIONAL: {
|
|
138
131
|
if (privateKeyPem) {
|
|
139
132
|
return new SignedAFTSigner({
|
|
140
133
|
kid,
|
|
@@ -145,7 +138,7 @@ function createAftSigner(options) {
|
|
|
145
138
|
}
|
|
146
139
|
return new UnsignedAFTSigner(kid, maxTtlSec);
|
|
147
140
|
}
|
|
148
|
-
case
|
|
141
|
+
case StickinessMode.SID_ONLY:
|
|
149
142
|
return new NoAFTSigner();
|
|
150
143
|
default:
|
|
151
144
|
throw new Error(`Unknown security level: ${securityLevel}`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aft-signer.js","sourceRoot":"","sources":["../../../../../src/naylence/fame/stickiness/aft-signer.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"aft-signer.js","sourceRoot":"","sources":["../../../../../src/naylence/fame/stickiness/aft-signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE9C,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,kBAAkB,GAEnB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,MAAM,MAAM,GAAG,SAAS,CAAC,qCAAqC,CAAC,CAAC;AAchE,MAAe,iBAAiB;IAI9B,YAAsB,GAAW,EAAE,YAAoB,IAAI;QACzD,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAMS,QAAQ,CAAC,MAA0B;QAC3C,MAAM,SAAS,GACb,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;YACnD,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC;YACrB,CAAC,CAAC,CAAC,CAAC;QACR,IAAI,IAAI,CAAC,SAAS,IAAI,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,CAAC;QACX,CAAC;QACD,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QACtC,CAAC;QACD,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IACzD,CAAC;IAES,aAAa,CACrB,OAAuB,EACvB,SAAiB;QAEjB,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC1C,OAAO,gBAAgB,CAAC;YACtB,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,SAAS;YACT,UAAU,EAAE,GAAG;YACf,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;YAC5B,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI;SACrC,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,OAAO,iBAAkB,SAAQ,iBAAiB;IACtD,YAAmB,GAAW,EAAE,YAAoB,IAAI;QACtD,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IACxB,CAAC;IAED,IAAW,aAAa;QACtB,OAAO,cAAc,CAAC,eAAe,CAAC;IACxC,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,OAAuB;QAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAEpD,MAAM,UAAU,GAAG,kBAAkB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACtD,MAAM,UAAU,GAAG,kBAAkB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAEtD,MAAM,SAAS,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;QAC9C,MAAM,UAAU,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;QAE/C,OAAO,GAAG,SAAS,IAAI,UAAU,GAAG,CAAC;IACvC,CAAC;CACF;AAED,MAAM,OAAO,WAAY,SAAQ,iBAAiB;IAChD;QACE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACnB,CAAC;IAED,IAAW,aAAa;QACtB,OAAO,cAAc,CAAC,QAAQ,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,OAAO;QAClB,OAAO,EAAE,CAAC;IACZ,CAAC;CACF;AAED,MAAM,OAAO,eAAgB,SAAQ,iBAAiB;IAKpD,YAAmB,OAKlB;QACC,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,CAAC;QARxC,qBAAgB,GAA8B,IAAI,CAAC;QASzD,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAC3C,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC;IAChD,CAAC;IAED,IAAW,aAAa;QACtB,OAAO,cAAc,CAAC,MAAM,CAAC;IAC/B,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,OAAuB;QAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAC5D,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAEpC,MAAM,aAAa,GAA4B;YAC7C,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG;SACxB,CAAC;QAEF,IACE,OAAO,OAAO,CAAC,MAAM,CAAC,GAAG,KAAK,QAAQ;YACtC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,EAC7B,CAAC;YACD,aAAa,CAAC,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC;QACzC,CAAC;QAED,IACE,OAAO,OAAO,CAAC,MAAM,CAAC,UAAU,KAAK,QAAQ;YAC7C,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EACpC,CAAC;YACD,aAAa,CAAC,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC;QACvD,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC;QAE/B,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,IAAI,OAAO,CAAC,aAAa,CAAC;iBAC3C,kBAAkB,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;iBAC1D,WAAW,CAAC,GAAG,CAAC;iBAChB,iBAAiB,CAAC,GAAG,CAAC;iBACtB,IAAI,CAAC,GAAG,CAAC,CAAC;YAEb,OAAO,KAAK,CAAC;QACf,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE;gBACjC,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,MAAM,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,UAAU;QACtB,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC3B,IAAI,CAAC,gBAAgB,GAAG,WAAW,CACjC,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,SAAS,CACf,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;gBAChB,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;gBAC7B,MAAM,CAAC,KAAK,CAAC,+BAA+B,EAAE;oBAC5C,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,SAAS,EAAE,IAAI,CAAC,SAAS;oBACzB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC9D,CAAC,CAAC;gBACH,MAAM,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YAClE,CAAC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;CACF;AAUD,MAAM,UAAU,eAAe,CAAC,OAA+B;IAC7D,MAAM,EACJ,aAAa,EACb,GAAG,EACH,aAAa,GAAG,IAAI,EACpB,SAAS,GAAG,OAAO,EACnB,SAAS,GAAG,IAAI,GACjB,GAAG,OAAO,CAAC;IAEZ,QAAQ,aAAa,EAAE,CAAC;QACtB,KAAK,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC;YAC3B,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;YACxE,CAAC;YACD,OAAO,IAAI,eAAe,CAAC,EAAE,GAAG,EAAE,aAAa,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;QAC3E,CAAC;QACD,KAAK,cAAc,CAAC,eAAe,CAAC,CAAC,CAAC;YACpC,IAAI,aAAa,EAAE,CAAC;gBAClB,OAAO,IAAI,eAAe,CAAC;oBACzB,GAAG;oBACH,aAAa;oBACb,SAAS;oBACT,SAAS;iBACV,CAAC,CAAC;YACL,CAAC;YACD,OAAO,IAAI,iBAAiB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAC/C,CAAC;QACD,KAAK,cAAc,CAAC,QAAQ;YAC1B,OAAO,IAAI,WAAW,EAAE,CAAC;QAC3B;YACE,MAAM,IAAI,KAAK,CAAC,2BAA2B,aAAa,EAAE,CAAC,CAAC;IAChE,CAAC;AACH,CAAC"}
|
|
@@ -1,8 +1,3 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.base64UrlEncode = base64UrlEncode;
|
|
4
|
-
exports.base64UrlDecode = base64UrlDecode;
|
|
5
|
-
exports.utf8Decode = utf8Decode;
|
|
6
1
|
function toUint8Array(data) {
|
|
7
2
|
if (typeof data === "string") {
|
|
8
3
|
if (typeof TextEncoder !== "undefined") {
|
|
@@ -19,7 +14,7 @@ function toUint8Array(data) {
|
|
|
19
14
|
}
|
|
20
15
|
return data;
|
|
21
16
|
}
|
|
22
|
-
function base64UrlEncode(data) {
|
|
17
|
+
export function base64UrlEncode(data) {
|
|
23
18
|
const bytes = toUint8Array(data);
|
|
24
19
|
let base64;
|
|
25
20
|
if (typeof Buffer !== "undefined") {
|
|
@@ -48,7 +43,7 @@ function base64UrlEncode(data) {
|
|
|
48
43
|
}
|
|
49
44
|
return base64.replace(/=+$/u, "").replace(/\+/gu, "-").replace(/\//gu, "_");
|
|
50
45
|
}
|
|
51
|
-
function base64UrlDecode(data) {
|
|
46
|
+
export function base64UrlDecode(data) {
|
|
52
47
|
const normalized = data.replace(/-/gu, "+").replace(/_/gu, "/");
|
|
53
48
|
const padding = normalized.length % 4 === 0 ? "" : "=".repeat(4 - (normalized.length % 4));
|
|
54
49
|
const base64 = normalized + padding;
|
|
@@ -76,7 +71,7 @@ function base64UrlDecode(data) {
|
|
|
76
71
|
}
|
|
77
72
|
return bytes;
|
|
78
73
|
}
|
|
79
|
-
function utf8Decode(data) {
|
|
74
|
+
export function utf8Decode(data) {
|
|
80
75
|
if (typeof TextDecoder !== "undefined") {
|
|
81
76
|
return new TextDecoder().decode(data);
|
|
82
77
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aft-utils.js","sourceRoot":"","sources":["../../../../../src/naylence/fame/stickiness/aft-utils.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"aft-utils.js","sourceRoot":"","sources":["../../../../../src/naylence/fame/stickiness/aft-utils.ts"],"names":[],"mappings":"AAAA,SAAS,YAAY,CAAC,IAAyB;IAC7C,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,IAAI,OAAO,WAAW,KAAK,WAAW,EAAE,CAAC;YACvC,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACxC,CAAC;QAED,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACpC,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACxC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC9B,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,IAAyB;IACvD,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAEjC,IAAI,MAAc,CAAC;IACnB,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACjD,CAAC;SAAM,CAAC;QACN,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC;QACjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;QAED,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE,CAAC;YAC/B,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;QACxB,CAAC;aAAM,IACL,OAAO,UAAU,KAAK,WAAW;YACjC,MAAM,IAAI,UAAU;YACpB,OAAQ,UAAiC,CAAC,IAAI,KAAK,UAAU,EAC7D,CAAC;YACD,MAAM,GAAI,UAAgD,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC1E,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;AAC9E,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAChE,MAAM,OAAO,GACX,UAAU,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;IAC7E,MAAM,MAAM,GAAG,UAAU,GAAG,OAAO,CAAC;IAEpC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IACvD,CAAC;IAED,IAAI,MAAc,CAAC;IACnB,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE,CAAC;QAC/B,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IACxB,CAAC;SAAM,IACL,OAAO,UAAU,KAAK,WAAW;QACjC,MAAM,IAAI,UAAU;QACpB,OAAQ,UAAiC,CAAC,IAAI,KAAK,UAAU,EAC7D,CAAC;QACD,MAAM,GAAI,UAAgD,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC1E,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrE,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACtC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC3B,KAAK,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC;QACtB,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,IAAgB;IACzC,IAAI,OAAO,WAAW,KAAK,WAAW,EAAE,CAAC;QACvC,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACzB,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC3B,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IACD,OAAO,kBAAkB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;AACzC,CAAC"}
|
|
@@ -1,12 +1,8 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
const
|
|
6
|
-
const runtime_1 = require("@naylence/runtime");
|
|
7
|
-
const aft_utils_js_1 = require("./aft-utils.js");
|
|
8
|
-
const stickiness_mode_js_1 = require("./stickiness-mode.js");
|
|
9
|
-
const logger = (0, runtime_1.getLogger)("naylence.fame.stickiness.aft_verifier");
|
|
1
|
+
import { compactVerify, importJWK, importSPKI } from "jose";
|
|
2
|
+
import { getLogger } from "@naylence/runtime";
|
|
3
|
+
import { base64UrlDecode, utf8Decode } from "./aft-utils.js";
|
|
4
|
+
import { StickinessMode } from "./stickiness-mode.js";
|
|
5
|
+
const logger = getLogger("naylence.fame.stickiness.aft_verifier");
|
|
10
6
|
function decodeToken(token) {
|
|
11
7
|
const parts = token.split(".");
|
|
12
8
|
if (parts.length !== 3) {
|
|
@@ -17,8 +13,8 @@ function decodeToken(token) {
|
|
|
17
13
|
return null;
|
|
18
14
|
}
|
|
19
15
|
try {
|
|
20
|
-
const headerJson =
|
|
21
|
-
const payloadJson =
|
|
16
|
+
const headerJson = utf8Decode(base64UrlDecode(headerB64));
|
|
17
|
+
const payloadJson = utf8Decode(base64UrlDecode(payloadB64));
|
|
22
18
|
const headerData = JSON.parse(headerJson);
|
|
23
19
|
const payloadData = JSON.parse(payloadJson);
|
|
24
20
|
const header = {
|
|
@@ -130,13 +126,13 @@ class BaseAFTVerifier {
|
|
|
130
126
|
};
|
|
131
127
|
}
|
|
132
128
|
}
|
|
133
|
-
class StrictAFTVerifier extends BaseAFTVerifier {
|
|
129
|
+
export class StrictAFTVerifier extends BaseAFTVerifier {
|
|
134
130
|
constructor(keyProvider, defaultTtlSec = 30) {
|
|
135
131
|
super(defaultTtlSec);
|
|
136
132
|
this.keyProvider = keyProvider;
|
|
137
133
|
}
|
|
138
134
|
get securityLevel() {
|
|
139
|
-
return
|
|
135
|
+
return StickinessMode.STRICT;
|
|
140
136
|
}
|
|
141
137
|
async verifySignature(token, header) {
|
|
142
138
|
if (header.alg === "none") {
|
|
@@ -158,7 +154,7 @@ class StrictAFTVerifier extends BaseAFTVerifier {
|
|
|
158
154
|
return false;
|
|
159
155
|
}
|
|
160
156
|
try {
|
|
161
|
-
const { protectedHeader } = await
|
|
157
|
+
const { protectedHeader } = await compactVerify(token, key);
|
|
162
158
|
return protectedHeader.alg === header.alg;
|
|
163
159
|
}
|
|
164
160
|
catch (error) {
|
|
@@ -171,14 +167,13 @@ class StrictAFTVerifier extends BaseAFTVerifier {
|
|
|
171
167
|
}
|
|
172
168
|
}
|
|
173
169
|
}
|
|
174
|
-
|
|
175
|
-
class SignedOptionalAFTVerifier extends BaseAFTVerifier {
|
|
170
|
+
export class SignedOptionalAFTVerifier extends BaseAFTVerifier {
|
|
176
171
|
constructor(keyProvider, defaultTtlSec = 30) {
|
|
177
172
|
super(defaultTtlSec);
|
|
178
173
|
this.keyProvider = keyProvider;
|
|
179
174
|
}
|
|
180
175
|
get securityLevel() {
|
|
181
|
-
return
|
|
176
|
+
return StickinessMode.SIGNED_OPTIONAL;
|
|
182
177
|
}
|
|
183
178
|
async verifySignature(token, header) {
|
|
184
179
|
if (header.alg === "none") {
|
|
@@ -203,7 +198,7 @@ class SignedOptionalAFTVerifier extends BaseAFTVerifier {
|
|
|
203
198
|
return false;
|
|
204
199
|
}
|
|
205
200
|
try {
|
|
206
|
-
const { protectedHeader } = await
|
|
201
|
+
const { protectedHeader } = await compactVerify(token, key);
|
|
207
202
|
return protectedHeader.alg === header.alg;
|
|
208
203
|
}
|
|
209
204
|
catch (error) {
|
|
@@ -216,13 +211,12 @@ class SignedOptionalAFTVerifier extends BaseAFTVerifier {
|
|
|
216
211
|
}
|
|
217
212
|
}
|
|
218
213
|
}
|
|
219
|
-
|
|
220
|
-
class SidOnlyAFTVerifier extends BaseAFTVerifier {
|
|
214
|
+
export class SidOnlyAFTVerifier extends BaseAFTVerifier {
|
|
221
215
|
constructor(defaultTtlSec = 30) {
|
|
222
216
|
super(defaultTtlSec);
|
|
223
217
|
}
|
|
224
218
|
get securityLevel() {
|
|
225
|
-
return
|
|
219
|
+
return StickinessMode.SID_ONLY;
|
|
226
220
|
}
|
|
227
221
|
async verify(_token, _expectedSid) {
|
|
228
222
|
return {
|
|
@@ -235,12 +229,11 @@ class SidOnlyAFTVerifier extends BaseAFTVerifier {
|
|
|
235
229
|
return false;
|
|
236
230
|
}
|
|
237
231
|
}
|
|
238
|
-
exports.SidOnlyAFTVerifier = SidOnlyAFTVerifier;
|
|
239
232
|
async function resolveVerificationKey(keyRecord, algorithm) {
|
|
240
233
|
const jwkCandidate = keyRecord;
|
|
241
234
|
if (typeof jwkCandidate.kty === "string") {
|
|
242
235
|
try {
|
|
243
|
-
const key = await
|
|
236
|
+
const key = await importJWK(jwkCandidate, algorithm);
|
|
244
237
|
return key;
|
|
245
238
|
}
|
|
246
239
|
catch (error) {
|
|
@@ -261,7 +254,7 @@ async function resolveVerificationKey(keyRecord, algorithm) {
|
|
|
261
254
|
}
|
|
262
255
|
if (typeof pem === "string" && pem.length > 0) {
|
|
263
256
|
try {
|
|
264
|
-
const key = await
|
|
257
|
+
const key = await importSPKI(pem, algorithm);
|
|
265
258
|
return key;
|
|
266
259
|
}
|
|
267
260
|
catch (error) {
|
|
@@ -278,17 +271,17 @@ async function resolveVerificationKey(keyRecord, algorithm) {
|
|
|
278
271
|
});
|
|
279
272
|
return null;
|
|
280
273
|
}
|
|
281
|
-
function createAftVerifier(options) {
|
|
274
|
+
export function createAftVerifier(options) {
|
|
282
275
|
const { securityLevel, keyProvider, defaultTtlSec = 30 } = options;
|
|
283
276
|
switch (securityLevel) {
|
|
284
|
-
case
|
|
277
|
+
case StickinessMode.STRICT:
|
|
285
278
|
if (!keyProvider) {
|
|
286
279
|
throw new Error("StrictAFTVerifier requires a KeyProvider instance");
|
|
287
280
|
}
|
|
288
281
|
return new StrictAFTVerifier(keyProvider, defaultTtlSec);
|
|
289
|
-
case
|
|
282
|
+
case StickinessMode.SIGNED_OPTIONAL:
|
|
290
283
|
return new SignedOptionalAFTVerifier(keyProvider, defaultTtlSec);
|
|
291
|
-
case
|
|
284
|
+
case StickinessMode.SID_ONLY:
|
|
292
285
|
return new SidOnlyAFTVerifier(defaultTtlSec);
|
|
293
286
|
default:
|
|
294
287
|
throw new Error(`Unknown security level: ${securityLevel}`);
|