npm - @naylence/advanced-security - Versions diffs - 0.3.7-test.114 → 0.3.7-test.116 - Mend

@naylence/advanced-security 0.3.7-test.114 → 0.3.7-test.116

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (421) hide show

package/dist/types/naylence/fame/security/cert/default-certificate-manager.d.ts ADDED Viewed

@@ -0,0 +1,70 @@
+import type { NodeWelcomeFrame, SecuritySettings } from "@naylence/core";
+import { SigningConfigClass, type SigningConfigOptions, type CertificateManager, type NodeLike, type SigningConfig } from "@naylence/runtime";
+export type SigningConfigInstance = InstanceType<typeof SigningConfigClass>;
+export interface DefaultCertificateManagerOptions {
+    readonly signing?: SigningConfigInstance | SigningConfigOptions | SigningConfig | null;
+    readonly securitySettings?: SecuritySettings | null;
+    readonly caServiceUrl?: string | null;
+    readonly cryptoProvider?: unknown | null;
+    readonly crypto_provider?: unknown | null;
+    /**
+     * Optional certificate material source that is preferred before falling back to environment variables.
+     * Accepts either a static material object or a function that resolves it lazily for browser runtimes.
+     */
+    readonly certificateMaterial?: CertificateMaterialSource | null;
+    /**
+     * Optional trust-store PEM source used when validating x509 chains outside of Node environments.
+     */
+    readonly trustStorePem?: TrustStorePemSource | null;
+    /**
+     * Optional hook invoked after certificate material is stored, enabling custom persistence (e.g., IndexedDB).
+     */
+    readonly persistCertificateMaterial?: CertificatePersistenceHook | null;
+}
+type CertificateMaterial = {
+    readonly certificatePem: string;
+    readonly certificateChainPem: string | null;
+};
+type MaybePromise<T> = T | Promise<T>;
+type CertificateMaterialSource = CertificateMaterial | (() => MaybePromise<CertificateMaterial | null>);
+type TrustStorePemSource = string | (() => MaybePromise<string | null>);
+type CertificatePersistenceHook = (material: CertificateMaterial, context: {
+    nodeId: string | null;
+}) => MaybePromise<void>;
+export declare class DefaultCertificateManager implements CertificateManager {
+    readonly priority = 1500;
+    private signing;
+    private securitySettings;
+    private readonly caServiceUrl;
+    private readonly cryptoProviderOverride;
+    private readonly certificateMaterialResolver;
+    private readonly trustStorePemResolver;
+    private readonly certificatePersistenceHook;
+    private node;
+    private pendingWelcomeFrame;
+    constructor(options?: DefaultCertificateManagerOptions);
+    setSigning(signing: SigningConfigInstance | SigningConfigOptions | null): void;
+    setSecuritySettings(securitySettings: SecuritySettings | null): void;
+    onNodeStarted(node: NodeLike): Promise<void>;
+    onWelcome(welcomeFrame: NodeWelcomeFrame): Promise<void>;
+    ensureCertificate(welcomeFrame: NodeWelcomeFrame, options?: {
+        caServiceUrl?: string | null;
+    }): Promise<boolean>;
+    private requiresCertificates;
+    private prepareProviderContext;
+    private prepareProviderForWelcome;
+    private resolveCryptoProvider;
+    private ensureExistingCertificateIsTrusted;
+    private resolveCertificateMaterialFromInjectedSources;
+    private resolveCertificateMaterialFromProvider;
+    private getCaSignGrant;
+    private requestCertificateFromCa;
+    private createAuthStrategyForGrant;
+    private validateProviderCertificate;
+    private resolveTrustStorePemValue;
+    private resolveTrustStorePemFromProvider;
+    private storeCertificateMaterial;
+    private buildCertificateSigningRequest;
+}
+export default DefaultCertificateManager;
+//# sourceMappingURL=default-certificate-manager.d.ts.map

package/dist/types/naylence/fame/security/cert/default-certificate-manager.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"default-certificate-manager.d.ts","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/default-certificate-manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAEzE,OAAO,EAGL,kBAAkB,EAGlB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,QAAQ,EACb,KAAK,aAAa,EACnB,MAAM,mBAAmB,CAAC;AAe3B,MAAM,MAAM,qBAAqB,GAAG,YAAY,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAE5E,MAAM,WAAW,gCAAgC;IAC/C,QAAQ,CAAC,OAAO,CAAC,EACb,qBAAqB,GACrB,oBAAoB,GACpB,aAAa,GACb,IAAI,CAAC;IACT,QAAQ,CAAC,gBAAgB,CAAC,EAAE,gBAAgB,GAAG,IAAI,CAAC;IACpD,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,QAAQ,CAAC,cAAc,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;IACzC,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;IAC1C;;;OAGG;IACH,QAAQ,CAAC,mBAAmB,CAAC,EAAE,yBAAyB,GAAG,IAAI,CAAC;IAChE;;OAEG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE,mBAAmB,GAAG,IAAI,CAAC;IACpD;;OAEG;IACH,QAAQ,CAAC,0BAA0B,CAAC,EAAE,0BAA0B,GAAG,IAAI,CAAC;CACzE;AAED,KAAK,mBAAmB,GAAG;IACzB,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7C,CAAC;AAEF,KAAK,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;AAEtC,KAAK,yBAAyB,GAC1B,mBAAmB,GACnB,CAAC,MAAM,YAAY,CAAC,mBAAmB,GAAG,IAAI,CAAC,CAAC,CAAC;AAErD,KAAK,mBAAmB,GAAG,MAAM,GAAG,CAAC,MAAM,YAAY,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC;AAExE,KAAK,0BAA0B,GAAG,CAChC,QAAQ,EAAE,mBAAmB,EAC7B,OAAO,EAAE;IAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,KAC/B,YAAY,CAAC,IAAI,CAAC,CAAC;AA8CxB,qBAAa,yBAA0B,YAAW,kBAAkB;IAClE,SAAgB,QAAQ,QAAQ;IAEhC,OAAO,CAAC,OAAO,CAAwB;IACvC,OAAO,CAAC,gBAAgB,CAA0B;IAClD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAgB;IAC7C,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAiB;IACxD,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAqC;IACjF,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAA+B;IACrE,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAAoC;IAC/E,OAAO,CAAC,IAAI,CAAyB;IACrC,OAAO,CAAC,mBAAmB,CAAiC;gBAEzC,OAAO,GAAE,gCAAqC;IAkB1D,UAAU,CACf,OAAO,EAAE,qBAAqB,GAAG,oBAAoB,GAAG,IAAI,GAC3D,IAAI;IAIA,mBAAmB,CAAC,gBAAgB,EAAE,gBAAgB,GAAG,IAAI,GAAG,IAAI;IAI9D,aAAa,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAuC5C,SAAS,CAAC,YAAY,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC;IAoCxD,iBAAiB,CAC5B,YAAY,EAAE,gBAAgB,EAC9B,OAAO,CAAC,EAAE;QAAE,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,GACzC,OAAO,CAAC,OAAO,CAAC;IA+HnB,OAAO,CAAC,oBAAoB;IAsB5B,OAAO,CAAC,sBAAsB;IAsB9B,OAAO,CAAC,yBAAyB;IAwBjC,OAAO,CAAC,qBAAqB;YAcf,kCAAkC;YAsBlC,6CAA6C;YAmC7C,sCAAsC;IAoBpD,OAAO,CAAC,cAAc;YAoCR,wBAAwB;YAsHxB,0BAA0B;YAkB1B,2BAA2B;YAqF3B,yBAAyB;YAwCzB,gCAAgC;YAoBhC,wBAAwB;YA8CxB,8BAA8B;CAmD7C;AAwRD,eAAe,yBAAyB,CAAC"}

package/dist/types/naylence/fame/security/cert/grants.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare const GRANT_PURPOSE_CA_SIGN: "ca_sign";
2	+ //# sourceMappingURL=grants.d.ts.map

package/dist/types/naylence/fame/security/cert/grants.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"grants.d.ts","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/grants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,qBAAqB,EAAG,SAAkB,CAAC"}

package/dist/types/naylence/fame/security/cert/index.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+export { validateJwkX5cCertificate, type ValidateJwkX5cCertificateOptions, type ValidateJwkX5cCertificateResult, publicKeyFromX5c, type PublicKeyFromX5cOptions, } from "./util.js";
+export { GRANT_PURPOSE_CA_SIGN } from "./grants.js";
+export { createEd25519CsrFromPem, type CreateEd25519CsrFromPemOptions, } from "./node-ed25519-csr.js";
+export { createEd25519Csr, type CreateEd25519CsrOptions, } from "./browser-csr.js";
+export { type CreatedEd25519Csr } from "./csr-types.js";
+export { DefaultCertificateManager, type DefaultCertificateManagerOptions, type SigningConfigInstance as DefaultCertificateManagerSigningConfigInstance, } from "./default-certificate-manager.js";
+export { DefaultCertificateManagerFactory, FACTORY_META as DEFAULT_CERTIFICATE_MANAGER_FACTORY_META, type DefaultCertificateManagerConfig, } from "./default-certificate-manager-factory.js";
+export type { TrustStoreProvider } from "./trust-store/trust-store-provider.js";
+export { TrustStoreProviderFactory, NullTrustStoreProvider, TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, type TrustStoreProviderConfig, type TrustStoreProviderDependencies, } from "./trust-store/trust-store-provider-factory.js";
+export { EnvTrustStoreProviderFactory, FACTORY_META as ENV_TRUST_STORE_PROVIDER_FACTORY_META, type EnvTrustStoreProviderConfig, } from "./trust-store/node-trust-store-provider-factory.js";
+export { BrowserTrustStoreProviderFactory, FACTORY_META as BROWSER_TRUST_STORE_PROVIDER_FACTORY_META, type BrowserTrustStoreProviderConfig, } from "./trust-store/browser-trust-store-provider-factory.js";
+export { type Authorizer, type CertificateSigningRequest, type CertificateIssuanceResponse, CAService, CertificateRequestError, type CertificateInfo, } from "./ca-types.js";
+export { CAServiceClient, extractCertificateInfo, formatCertificateInfo, type HttpConnectionGrant, type CertificateRequestResponse, ENV_VAR_FAME_CA_SERVICE_URL, } from "./ca-service-client.js";
+export { CASigningService, type CASigningServiceOptions, createTestCA, extractSpiffeIdFromCert, extractSidFromCert, extractNodeIdFromCert, extractLogicalHostsFromCert, extractSidFromSpiffeId, verifyCertSidIntegrity, } from "./internal-ca-service.js";
+export { SID_OID, LOGICALS_OID, NODE_ID_OID } from "./oid-constants.js";
+export { DefaultCAService, type DefaultCAServiceOptions, ENV_FAME_CA_CERT_FILE, ENV_FAME_CA_CERT_PEM, ENV_FAME_CA_KEY_FILE, ENV_FAME_CA_KEY_PEM, ENV_FAME_INTERMEDIATE_CHAIN_FILE, ENV_FAME_INTERMEDIATE_CHAIN_PEM, ENV_FAME_SIGNING_CERT_FILE, ENV_FAME_SIGNING_CERT_PEM, ENV_FAME_SIGNING_KEY_FILE, ENV_FAME_SIGNING_KEY_PEM, } from "./default-ca-service.js";
+export { CAServiceFactory, type CAServiceConfig, CA_SERVICE_FACTORY_BASE_TYPE, } from "./ca-service-factory.js";
+export { DefaultCAServiceFactory, type DefaultCAServiceConfig, } from "./default-ca-service-factory.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/types/naylence/fame/security/cert/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,yBAAyB,EACzB,KAAK,gCAAgC,EACrC,KAAK,+BAA+B,EACpC,gBAAgB,EAChB,KAAK,uBAAuB,GAC7B,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EACL,uBAAuB,EACvB,KAAK,8BAA8B,GACpC,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,gBAAgB,EAChB,KAAK,uBAAuB,GAC7B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,KAAK,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,EACL,yBAAyB,EACzB,KAAK,gCAAgC,EACrC,KAAK,qBAAqB,IAAI,8CAA8C,GAC7E,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EACL,gCAAgC,EAChC,YAAY,IAAI,wCAAwC,EACxD,KAAK,+BAA+B,GACrC,MAAM,0CAA0C,CAAC;AAClD,YAAY,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,EACL,yBAAyB,EACzB,sBAAsB,EACtB,sCAAsC,EACtC,KAAK,wBAAwB,EAC7B,KAAK,8BAA8B,GACpC,MAAM,+CAA+C,CAAC;AACvD,OAAO,EACL,4BAA4B,EAC5B,YAAY,IAAI,qCAAqC,EACrD,KAAK,2BAA2B,GACjC,MAAM,oDAAoD,CAAC;AAC5D,OAAO,EACL,gCAAgC,EAChC,YAAY,IAAI,yCAAyC,EACzD,KAAK,+BAA+B,GACrC,MAAM,uDAAuD,CAAC;AAG/D,OAAO,EACL,KAAK,UAAU,EACf,KAAK,yBAAyB,EAC9B,KAAK,2BAA2B,EAChC,SAAS,EACT,uBAAuB,EACvB,KAAK,eAAe,GACrB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,eAAe,EACf,sBAAsB,EACtB,qBAAqB,EACrB,KAAK,mBAAmB,EACxB,KAAK,0BAA0B,EAC/B,2BAA2B,GAC5B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,gBAAgB,EAChB,KAAK,uBAAuB,EAC5B,YAAY,EACZ,uBAAuB,EACvB,kBAAkB,EAClB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,EACL,gBAAgB,EAChB,KAAK,uBAAuB,EAC5B,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,EACnB,gCAAgC,EAChC,+BAA+B,EAC/B,0BAA0B,EAC1B,yBAAyB,EACzB,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,gBAAgB,EAChB,KAAK,eAAe,EACpB,4BAA4B,GAC7B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,uBAAuB,EACvB,KAAK,sBAAsB,GAC5B,MAAM,iCAAiC,CAAC"}

package/dist/types/naylence/fame/security/cert/internal-ca-service.d.ts ADDED Viewed

@@ -0,0 +1,129 @@
+/**
+ * Certificate Authority signing service for node certificates.
+ *
+ * Provides in-process API for issuing certificates with node physical
+ * and host-like logical address information using SPIFFE-compliant identities.
+ */
+import type { CertificateIssuanceResponse, CertificateSigningRequest } from "./ca-types.js";
+import { CAService } from "./ca-types.js";
+/**
+ * Options for CASigningService.
+ */
+export interface CASigningServiceOptions {
+    /** Root CA certificate in PEM format */
+    rootCertPem: string;
+    /** Root CA private key in PEM format */
+    rootKeyPem: string;
+    /** Optional intermediate CA certificate in PEM format */
+    intermediateCertPem?: string;
+    /** Optional intermediate CA private key in PEM format */
+    intermediateKeyPem?: string;
+}
+/**
+ * In-process certificate signing service.
+ *
+ * Issues SPIFFE-compliant node certificates with Fame-specific extensions
+ * for physical paths and logical addresses.
+ */
+export declare class CASigningService extends CAService {
+    private readonly rootCertPem;
+    private readonly rootKeyPem;
+    private readonly intermediateCertPem?;
+    private readonly intermediateKeyPem?;
+    private rootCert?;
+    private rootKey?;
+    private signingCert?;
+    private signingKey?;
+    constructor(options: CASigningServiceOptions);
+    private ensureRootMaterials;
+    private ensureSigningMaterials;
+    private getRootCertificate;
+    private getRootKey;
+    private getSigningCertificate;
+    private getSigningKey;
+    /**
+     * Issue a certificate from a CSR.
+     *
+     * Parses the PKCS#10 CSR, extracts the public key, calculates node SID,
+     * and signs a certificate. Mirrors Python's default_ca_service.issue_certificate.
+     *
+     * @param csr - Certificate signing request
+     * @returns Certificate issuance response with the signed certificate
+     */
+    issueCertificate(csr: CertificateSigningRequest): Promise<CertificateIssuanceResponse>;
+    /**
+     * Sign a SPIFFE-compatible node certificate with SID-based identity.
+     *
+     * @param publicKeyPem - Node's public key in PEM format
+     * @param nodeId - Unique identifier for the node
+     * @param nodeSid - Node's pre-computed SID (base62-encoded)
+     * @param physicalPath - Physical path (for SID verification only)
+     * @param logicals - List of host-like logical addresses
+     * @param ttlDays - Certificate validity period in days
+     * @param spiffeTrustDomain - SPIFFE trust domain
+     * @returns PEM-encoded signed certificate
+     */
+    signNodeCert(publicKeyPem: string, nodeId: string, nodeSid: string, physicalPath: string, logicals: string[], ttlDays?: number, spiffeTrustDomain?: string): Promise<string>;
+    /**
+     * Create an intermediate CA certificate.
+     *
+     * @param publicKeyPem - Intermediate CA's public key in PEM format
+     * @param caName - Name for the intermediate CA
+     * @param permittedPaths - List of logical prefixes this CA can issue for
+     * @param ttlDays - Certificate validity period in days
+     * @returns PEM-encoded intermediate CA certificate
+     */
+    createIntermediateCA(publicKeyPem: string, caName: string, permittedPaths: string[], ttlDays?: number): Promise<string>;
+}
+/**
+ * Create a test root CA for development/testing.
+ *
+ * Generates an Ed25519 key pair and self-signed root CA certificate.
+ *
+ * @returns Tuple of [rootCertPem, rootKeyPem]
+ */
+export declare function createTestCA(): Promise<[string, string, string]>;
+/**
+ * Extract SPIFFE ID from certificate SAN.
+ *
+ * @param certPem - Certificate in PEM format
+ * @returns SPIFFE ID string or null if not found
+ */
+export declare function extractSpiffeIdFromCert(certPem: string): Promise<string | null>;
+/**
+ * Extract raw SID bytes from certificate extension.
+ *
+ * @param certPem - Certificate in PEM format
+ * @returns SID bytes or null if not found
+ */
+export declare function extractSidFromCert(certPem: string): Promise<Uint8Array | null>;
+/**
+ * Extract node ID from certificate extension.
+ *
+ * @param certPem - Certificate in PEM format
+ * @returns Node ID string or null if not found
+ */
+export declare function extractNodeIdFromCert(certPem: string): Promise<string | null>;
+/**
+ * Extract logical hosts from certificate private extension.
+ *
+ * @param certPem - Certificate in PEM format
+ * @returns List of logical host addresses, empty if none found
+ */
+export declare function extractLogicalHostsFromCert(certPem: string): Promise<string[]>;
+/**
+ * Extract the SID string from a SPIFFE ID.
+ *
+ * @param spiffeId - SPIFFE ID in format spiffe://trust-domain/nodes/<sid>
+ * @returns SID string (base62-encoded) or null if not a valid node SPIFFE ID
+ */
+export declare function extractSidFromSpiffeId(spiffeId: string): string | null;
+/**
+ * Verify that the SID in the certificate matches the expected physical path.
+ *
+ * @param certPem - Certificate in PEM format
+ * @param physicalPath - The expected physical path to verify against
+ * @returns True if SID matches computed hash of physical path, False otherwise
+ */
+export declare function verifyCertSidIntegrity(certPem: string, physicalPath: string): Promise<boolean>;
+//# sourceMappingURL=internal-ca-service.d.ts.map

package/dist/types/naylence/fame/security/cert/internal-ca-service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"internal-ca-service.d.ts","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/internal-ca-service.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAwCH,OAAO,KAAK,EACV,2BAA2B,EAC3B,yBAAyB,EAC1B,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAqe1C;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,wCAAwC;IACxC,WAAW,EAAE,MAAM,CAAC;IAEpB,wCAAwC;IACxC,UAAU,EAAE,MAAM,CAAC;IAEnB,yDAAyD;IACzD,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAE7B,yDAAyD;IACzD,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED;;;;;GAKG;AACH,qBAAa,gBAAiB,SAAQ,SAAS;IAC7C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAS;IAC9C,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAS;IAE7C,OAAO,CAAC,QAAQ,CAAC,CAA0B;IAC3C,OAAO,CAAC,OAAO,CAAC,CAAY;IAC5B,OAAO,CAAC,WAAW,CAAC,CAA0B;IAC9C,OAAO,CAAC,UAAU,CAAC,CAAY;gBAEnB,OAAO,EAAE,uBAAuB;YAS9B,mBAAmB;YAiBnB,sBAAsB;IAuBpC,OAAO,CAAC,kBAAkB;IAO1B,OAAO,CAAC,UAAU;IAOlB,OAAO,CAAC,qBAAqB;IAO7B,OAAO,CAAC,aAAa;IAOrB;;;;;;;;OAQG;IACG,gBAAgB,CACpB,GAAG,EAAE,yBAAyB,GAC7B,OAAO,CAAC,2BAA2B,CAAC;IAuCvC;;;;;;;;;;;OAWG;IACG,YAAY,CAChB,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,EAAE,EAClB,OAAO,GAAE,MAAY,EACrB,iBAAiB,GAAE,MAAwB,GAC1C,OAAO,CAAC,MAAM,CAAC;IAyDlB;;;;;;;;OAQG;IACG,oBAAoB,CACxB,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,MAAM,EAAE,EACxB,OAAO,GAAE,MAAa,GACrB,OAAO,CAAC,MAAM,CAAC;CA2CnB;AAED;;;;;;GAMG;AACH,wBAAsB,YAAY,IAAI,OAAO,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CA8CtE;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAmBxB;AAED;;;;;GAKG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAoB5B;AAED;;;;;GAKG;AACH,wBAAsB,qBAAqB,CACzC,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAqBxB;AAED;;;;;GAKG;AACH,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,EAAE,CAAC,CAsBnB;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAYtE;AAED;;;;;;GAMG;AACH,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,OAAO,CAAC,CAqBlB"}

package/dist/types/naylence/fame/security/cert/node-ed25519-csr.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import { CreatedEd25519Csr } from "./csr-types.js";
+export interface CreateEd25519CsrFromPemOptions {
+    readonly privateKeyPem: string;
+    readonly publicKeyPem: string;
+    readonly commonName: string;
+    readonly logicals?: readonly string[];
+}
+export declare function createEd25519CsrFromPem(options: CreateEd25519CsrFromPemOptions): Promise<CreatedEd25519Csr>;
+//# sourceMappingURL=node-ed25519-csr.d.ts.map

package/dist/types/naylence/fame/security/cert/node-ed25519-csr.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"node-ed25519-csr.d.ts","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/node-ed25519-csr.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAQnD,MAAM,WAAW,8BAA8B;IAC7C,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,QAAQ,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CACvC;AAED,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,8BAA8B,GACtC,OAAO,CAAC,iBAAiB,CAAC,CA+C5B"}

package/dist/types/naylence/fame/security/cert/oid-constants.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * Common certificate extension OIDs shared across server and client logic.
+ */
+export declare const SID_OID = "1.3.6.1.4.1.58530.1";
+export declare const LOGICALS_OID = "1.3.6.1.4.1.58530.2";
+export declare const NODE_ID_OID = "1.3.6.1.4.1.58530.4";
+//# sourceMappingURL=oid-constants.d.ts.map

package/dist/types/naylence/fame/security/cert/oid-constants.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"oid-constants.d.ts","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/oid-constants.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,eAAO,MAAM,OAAO,wBAAwB,CAAC;AAC7C,eAAO,MAAM,YAAY,wBAAwB,CAAC;AAClD,eAAO,MAAM,WAAW,wBAAwB,CAAC"}

package/dist/types/naylence/fame/security/cert/trust-store/anchor-utils.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import type { TrustAnchor } from "./trust-store-provider.js";
+export declare function isPem(value: string | null | undefined): value is string;
+export declare function extractPemBlocks(value: string): string[];
+export declare function pemChainToAnchors(pem: string): TrustAnchor[];
+export declare function anchorsToPem(anchors: Iterable<TrustAnchor>): string;
+export declare function normalizePem(pem: string): string;
+export declare function computeSpkiSha256(pem: string): string | null;
+export declare function withComputedSpki(anchors: readonly TrustAnchor[]): TrustAnchor[];
+export declare function dataUriToPem(dataUri: string): string | null;
+export declare function toBase64Url(data: Uint8Array): string;
+export declare function parsePemOrThrow(pem: string): string;
+//# sourceMappingURL=anchor-utils.d.ts.map

package/dist/types/naylence/fame/security/cert/trust-store/anchor-utils.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"anchor-utils.d.ts","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/cert/trust-store/anchor-utils.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAQ7D,wBAAgB,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,KAAK,IAAI,MAAM,CAEvE;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAaxD;AAED,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,EAAE,CAM5D;AAED,wBAAgB,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,WAAW,CAAC,GAAG,MAAM,CAQnE;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAGhD;AAED,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAiB5D;AAED,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,SAAS,WAAW,EAAE,GAC9B,WAAW,EAAE,CAaf;AAED,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAW3D;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,CAQpD;AAED,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAMnD"}

package/dist/types/naylence/fame/security/cert/trust-store/browser-trust-store-provider-factory.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import type { TrustStoreProvider } from "./trust-store-provider.js";
+import { TrustStoreProviderFactory, type TrustStoreProviderConfig } from "./trust-store-provider-factory.js";
+export interface BrowserTrustStoreProviderConfig extends TrustStoreProviderConfig {
+    readonly type: "BrowserTrustStoreProvider";
+    readonly url?: string | null;
+    readonly hashPins?: readonly string[] | null;
+    readonly allowedSpkis?: readonly string[] | null;
+    readonly allowTofu?: boolean | null;
+    readonly refreshIntervalMs?: number | null;
+    readonly env?: Record<string, unknown> | null;
+    readonly enforcePinsInBrowser?: boolean | null;
+}
+export declare const FACTORY_META: {
+    readonly base: "TrustStoreProviderFactory";
+    readonly key: "BrowserTrustStoreProvider";
+    readonly isDefault: boolean;
+    readonly priority: 10 | 100;
+};
+export declare class BrowserTrustStoreProviderFactory extends TrustStoreProviderFactory<BrowserTrustStoreProviderConfig> {
+    readonly type = "BrowserTrustStoreProvider";
+    readonly isDefault: boolean;
+    readonly priority: 10 | 100;
+    create(config?: BrowserTrustStoreProviderConfig | Record<string, unknown> | null, ...factoryArgs: unknown[]): Promise<TrustStoreProvider>;
+    private createHttpProviderFromConfig;
+    private normalizeConfig;
+    private extractDependencies;
+}
+export default BrowserTrustStoreProviderFactory;
+//# sourceMappingURL=browser-trust-store-provider-factory.d.ts.map

package/dist/types/naylence/fame/security/cert/trust-store/browser-trust-store-provider-factory.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"browser-trust-store-provider-factory.d.ts","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/cert/trust-store/browser-trust-store-provider-factory.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAEL,yBAAyB,EACzB,KAAK,wBAAwB,EAE9B,MAAM,mCAAmC,CAAC;AAE3C,MAAM,WAAW,+BAAgC,SAAQ,wBAAwB;IAC/E,QAAQ,CAAC,IAAI,EAAE,2BAA2B,CAAC;IAC3C,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,QAAQ,CAAC,QAAQ,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;IAC7C,QAAQ,CAAC,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAC;IACjD,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;IACpC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3C,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC9C,QAAQ,CAAC,oBAAoB,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;CAChD;AAED,eAAO,MAAM,YAAY;;;;;CAKf,CAAC;AAEX,qBAAa,gCAAiC,SAAQ,yBAAyB,CAAC,+BAA+B,CAAC;IAC9G,SAAgB,IAAI,+BAA+B;IACnD,SAAgB,SAAS,UAA0B;IACnD,SAAgB,QAAQ,WAAyB;IAEpC,MAAM,CACjB,MAAM,CAAC,EAAE,+BAA+B,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,EACzE,GAAG,WAAW,EAAE,OAAO,EAAE,GACxB,OAAO,CAAC,kBAAkB,CAAC;IAuB9B,OAAO,CAAC,4BAA4B;IAwBpC,OAAO,CAAC,eAAe;IAmBvB,OAAO,CAAC,mBAAmB;CAc5B;AAUD,eAAe,gCAAgC,CAAC"}

package/dist/types/naylence/fame/security/cert/trust-store/env-provider.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { TrustStoreProvider } from "./trust-store-provider.js";
+export interface CreateTrustStoreProviderOptions {
+    readonly env?: Record<string, unknown> | null;
+    readonly requirePinsInBrowser?: boolean;
+}
+export declare function createTrustStoreProviderFromEnv(options?: CreateTrustStoreProviderOptions): Promise<TrustStoreProvider | null>;
+//# sourceMappingURL=env-provider.d.ts.map

package/dist/types/naylence/fame/security/cert/trust-store/env-provider.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"env-provider.d.ts","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/cert/trust-store/env-provider.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAOV,kBAAkB,EACnB,MAAM,2BAA2B,CAAC;AAEnC,MAAM,WAAW,+BAA+B;IAC9C,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC9C,QAAQ,CAAC,oBAAoB,CAAC,EAAE,OAAO,CAAC;CACzC;AAED,wBAAsB,+BAA+B,CACnD,OAAO,GAAE,+BAAoC,GAC5C,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CA6BpC"}

package/dist/types/naylence/fame/security/cert/trust-store/fame-ca-certs-parser.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import type { TrustBundleSource } from "./trust-store-provider.js";
+export interface ParseFameCaCertsOptions {
+    readonly hashPins?: string | string[] | null;
+    readonly allowedSpkis?: string | string[] | null;
+    readonly allowTofu?: string | boolean | null;
+    readonly refreshIntervalMs?: string | number | null;
+}
+export declare function parseFameCaCerts(rawSources: unknown, options?: ParseFameCaCertsOptions): TrustBundleSource[];
+//# sourceMappingURL=fame-ca-certs-parser.d.ts.map

package/dist/types/naylence/fame/security/cert/trust-store/fame-ca-certs-parser.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"fame-ca-certs-parser.d.ts","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/cert/trust-store/fame-ca-certs-parser.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAKV,iBAAiB,EAElB,MAAM,2BAA2B,CAAC;AAEnC,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,IAAI,CAAC;IAC7C,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,IAAI,CAAC;IACjD,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,IAAI,CAAC;IAC7C,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;CACrD;AAID,wBAAgB,gBAAgB,CAC9B,UAAU,EAAE,OAAO,EACnB,OAAO,GAAE,uBAA4B,GACpC,iBAAiB,EAAE,CAoDrB"}

package/dist/types/naylence/fame/security/cert/trust-store/http-bundle-provider.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import type { TrustAnchor, TrustStoreProvider, TrustBundlePins } from "./trust-store-provider.js";
+export interface HttpBundleProviderOptions extends TrustBundlePins {
+    readonly url: string;
+    readonly cacheKey?: string;
+    readonly enforcePinsInBrowser?: boolean;
+    readonly allowInsecureHttp?: boolean;
+}
+export declare class HttpBundleProvider implements TrustStoreProvider {
+    private readonly url;
+    private readonly refreshIntervalMs;
+    private readonly hashPins;
+    private readonly allowedSpkis;
+    private readonly allowTofu;
+    private readonly enforceBrowserPins;
+    private readonly cacheKey;
+    private readonly allowInsecureHttp;
+    private lastFetched;
+    private etag;
+    private lastKnownHash;
+    private version;
+    private anchors;
+    private inflight;
+    private readonly listeners;
+    private initialized;
+    private pemChain;
+    constructor(options: HttpBundleProviderOptions);
+    getRoots(): Promise<readonly TrustAnchor[]>;
+    getTrustStorePem(): Promise<string>;
+    onUpdate(callback: () => void): () => void;
+    initialize(): Promise<void>;
+    private applyCachedEntry;
+    private fetchLatest;
+    private notifyListeners;
+}
+//# sourceMappingURL=http-bundle-provider.d.ts.map

package/dist/types/naylence/fame/security/cert/trust-store/http-bundle-provider.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"http-bundle-provider.d.ts","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/cert/trust-store/http-bundle-provider.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EACV,WAAW,EACX,kBAAkB,EAClB,eAAe,EAChB,MAAM,2BAA2B,CAAC;AAUnC,MAAM,WAAW,yBAA0B,SAAQ,eAAe;IAChE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,oBAAoB,CAAC,EAAE,OAAO,CAAC;IACxC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,OAAO,CAAC;CACtC;AAsDD,qBAAa,kBAAmB,YAAW,kBAAkB;IAC3D,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAM;IAC1B,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAS;IAC3C,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAoB;IAC7C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAoB;IACjD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAU;IACpC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAU;IAC7C,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAU;IAE5C,OAAO,CAAC,WAAW,CAAK;IACxB,OAAO,CAAC,IAAI,CAAuB;IACnC,OAAO,CAAC,aAAa,CAAuB;IAC5C,OAAO,CAAC,OAAO,CAAuB;IACtC,OAAO,CAAC,OAAO,CAA8B;IAC7C,OAAO,CAAC,QAAQ,CAAuC;IACvD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAyB;IACnD,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,QAAQ,CAAuB;gBAEpB,OAAO,EAAE,yBAAyB;IAiDxC,QAAQ,IAAI,OAAO,CAAC,SAAS,WAAW,EAAE,CAAC;IA6B3C,gBAAgB,IAAI,OAAO,CAAC,MAAM,CAAC;IAiBzC,QAAQ,CAAC,QAAQ,EAAE,MAAM,IAAI,GAAG,MAAM,IAAI;IAOpC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAmBxC,OAAO,CAAC,gBAAgB;YASV,WAAW;IAkFzB,OAAO,CAAC,eAAe;CASxB"}

package/dist/types/naylence/fame/security/cert/trust-store/http-signed-bundle-provider.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { HttpBundleProvider } from "./http-bundle-provider.js";
2	+ //# sourceMappingURL=http-signed-bundle-provider.d.ts.map

package/dist/types/naylence/fame/security/cert/trust-store/http-signed-bundle-provider.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"http-signed-bundle-provider.d.ts","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/cert/trust-store/http-signed-bundle-provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC"}

package/dist/types/naylence/fame/security/cert/trust-store/node-trust-store-provider-factory.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import type { TrustStoreProvider } from "./trust-store-provider.js";
+import { TrustStoreProviderFactory, type TrustStoreProviderConfig } from "./trust-store-provider-factory.js";
+export interface EnvTrustStoreProviderConfig extends TrustStoreProviderConfig {
+    readonly type: "EnvTrustStoreProvider";
+    readonly env?: Record<string, unknown> | null;
+    readonly requirePinsInBrowser?: boolean;
+}
+export declare const FACTORY_META: {
+    readonly base: "TrustStoreProviderFactory";
+    readonly key: "EnvTrustStoreProvider";
+    readonly isDefault: boolean;
+    readonly priority: 0 | 100;
+};
+export declare class EnvTrustStoreProviderFactory extends TrustStoreProviderFactory<EnvTrustStoreProviderConfig> {
+    readonly type = "EnvTrustStoreProvider";
+    readonly isDefault: boolean;
+    readonly priority: 0 | 100;
+    create(config?: EnvTrustStoreProviderConfig | Record<string, unknown> | null, ...factoryArgs: unknown[]): Promise<TrustStoreProvider>;
+    private normalizeConfig;
+    private extractDependencies;
+}
+export default EnvTrustStoreProviderFactory;
+//# sourceMappingURL=node-trust-store-provider-factory.d.ts.map

package/dist/types/naylence/fame/security/cert/trust-store/node-trust-store-provider-factory.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"node-trust-store-provider-factory.d.ts","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/cert/trust-store/node-trust-store-provider-factory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAEL,yBAAyB,EACzB,KAAK,wBAAwB,EAE9B,MAAM,mCAAmC,CAAC;AAG3C,MAAM,WAAW,2BAA4B,SAAQ,wBAAwB;IAC3E,QAAQ,CAAC,IAAI,EAAE,uBAAuB,CAAC;IACvC,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC9C,QAAQ,CAAC,oBAAoB,CAAC,EAAE,OAAO,CAAC;CACzC;AAED,eAAO,MAAM,YAAY;;;;;CAKf,CAAC;AAEX,qBAAa,4BAA6B,SAAQ,yBAAyB,CAAC,2BAA2B,CAAC;IACtG,SAAgB,IAAI,2BAA2B;IAC/C,SAAgB,SAAS,UAA0B;IACnD,SAAgB,QAAQ,UAAyB;IAEpC,MAAM,CACjB,MAAM,CAAC,EAAE,2BAA2B,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,EACrE,GAAG,WAAW,EAAE,OAAO,EAAE,GACxB,OAAO,CAAC,kBAAkB,CAAC;IAqB9B,OAAO,CAAC,eAAe;IAmBvB,OAAO,CAAC,mBAAmB;CAc5B;AAUD,eAAe,4BAA4B,CAAC"}

package/dist/types/naylence/fame/security/cert/trust-store/static-bundle-provider.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { TrustAnchor, TrustStoreProvider } from "./trust-store-provider.js";
+export interface StaticBundleProviderOptions {
+    readonly label?: string;
+}
+export declare class StaticBundleProvider implements TrustStoreProvider {
+    private readonly anchors;
+    private readonly pemChain;
+    constructor(anchors: Iterable<TrustAnchor>);
+    getRoots(): Promise<readonly TrustAnchor[]>;
+    getTrustStorePem(): Promise<string>;
+}
+export declare function loadPemFromFile(path: string): Promise<string>;
+export declare function createProviderFromPem(pem: string): StaticBundleProvider;
+export declare function createProviderFromDataUri(dataUri: string): StaticBundleProvider;
+//# sourceMappingURL=static-bundle-provider.d.ts.map

package/dist/types/naylence/fame/security/cert/trust-store/static-bundle-provider.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"static-bundle-provider.d.ts","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/cert/trust-store/static-bundle-provider.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAEjF,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,qBAAa,oBAAqB,YAAW,kBAAkB;IAC7D,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyB;IACjD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;gBAEf,OAAO,EAAE,QAAQ,CAAC,WAAW,CAAC;IASpC,QAAQ,IAAI,OAAO,CAAC,SAAS,WAAW,EAAE,CAAC;IAI3C,gBAAgB,IAAI,OAAO,CAAC,MAAM,CAAC;CAMjD;AAED,wBAAsB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAQnE;AAED,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,oBAAoB,CAEvE;AAED,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,oBAAoB,CAM/E"}

package/dist/types/naylence/fame/security/cert/trust-store/trust-store-provider-factory.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import type { CreateResourceOptions, ResourceConfig } from "@naylence/factory";
+import { AbstractResourceFactory } from "@naylence/factory";
+import type { TrustAnchor, TrustStoreProvider } from "./trust-store-provider.js";
+export interface TrustStoreProviderConfig extends ResourceConfig {
+    readonly type: string;
+}
+export interface TrustStoreProviderDependencies {
+    readonly env?: Record<string, unknown> | null;
+    readonly [key: string]: unknown;
+}
+export interface CreateTrustStoreProviderOptions extends Omit<CreateResourceOptions, "factoryArgs"> {
+    readonly factoryArgs?: unknown[];
+    readonly dependencies?: TrustStoreProviderDependencies;
+}
+export declare const TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE = "TrustStoreProviderFactory";
+export declare abstract class TrustStoreProviderFactory<C extends TrustStoreProviderConfig = TrustStoreProviderConfig> extends AbstractResourceFactory<TrustStoreProvider, C> {
+    abstract create(config?: C | Record<string, unknown> | null, ...factoryArgs: unknown[]): Promise<TrustStoreProvider>;
+    protected createUnconfiguredProvider(reason?: string): TrustStoreProvider;
+    static createTrustStoreProvider<C extends TrustStoreProviderConfig = TrustStoreProviderConfig>(config?: C | Record<string, unknown> | null, options?: CreateTrustStoreProviderOptions): Promise<TrustStoreProvider>;
+}
+export declare class NullTrustStoreProvider implements TrustStoreProvider {
+    private readonly reason;
+    constructor(reason?: string);
+    getTrustStorePem(): Promise<string>;
+    getRoots(): Promise<readonly TrustAnchor[]>;
+    initialize(): Promise<void>;
+}
+//# sourceMappingURL=trust-store-provider-factory.d.ts.map

package/dist/types/naylence/fame/security/cert/trust-store/trust-store-provider-factory.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"trust-store-provider-factory.d.ts","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/cert/trust-store/trust-store-provider-factory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC/E,OAAO,EACL,uBAAuB,EAGxB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,KAAK,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAEjF,MAAM,WAAW,wBAAyB,SAAQ,cAAc;IAC9D,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,8BAA8B;IAC7C,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC9C,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACjC;AAED,MAAM,WAAW,+BACf,SAAQ,IAAI,CAAC,qBAAqB,EAAE,aAAa,CAAC;IAClD,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,EAAE,CAAC;IACjC,QAAQ,CAAC,YAAY,CAAC,EAAE,8BAA8B,CAAC;CACxD;AAKD,eAAO,MAAM,sCAAsC,8BAA8B,CAAC;AAElF,8BAAsB,yBAAyB,CAC7C,CAAC,SAAS,wBAAwB,GAAG,wBAAwB,CAC7D,SAAQ,uBAAuB,CAAC,kBAAkB,EAAE,CAAC,CAAC;aACtC,MAAM,CACpB,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,EAC3C,GAAG,WAAW,EAAE,OAAO,EAAE,GACxB,OAAO,CAAC,kBAAkB,CAAC;IAE9B,SAAS,CAAC,0BAA0B,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,kBAAkB;WAIrD,wBAAwB,CAC1C,CAAC,SAAS,wBAAwB,GAAG,wBAAwB,EAE7D,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,EAC3C,OAAO,GAAE,+BAAoC,GAC5C,OAAO,CAAC,kBAAkB,CAAC;CA6B/B;AAED,qBAAa,sBAAuB,YAAW,kBAAkB;IAC/D,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;gBAEb,MAAM,GAAE,MAAqC;IAInD,gBAAgB,IAAI,OAAO,CAAC,MAAM,CAAC;IAInC,QAAQ,IAAI,OAAO,CAAC,SAAS,WAAW,EAAE,CAAC;IAI3C,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;CAGzC"}

package/dist/types/naylence/fame/security/cert/trust-store/trust-store-provider.d.ts ADDED Viewed

@@ -0,0 +1,43 @@
+export interface TrustAnchor {
+    readonly pem: string;
+    readonly kid?: string;
+    readonly notBefore?: string;
+    readonly notAfter?: string;
+    readonly spkiSha256?: string;
+    readonly version?: number;
+}
+export interface TrustStoreProvider {
+    /**
+     * Resolve the PEM-encoded trust bundle used for certificate verification. Implementations
+     * should normalize line endings and return the same material they expose via {@link getRoots}.
+     */
+    getTrustStorePem(): Promise<string>;
+    getRoots(): Promise<readonly TrustAnchor[]>;
+    onUpdate?(callback: () => void): () => void;
+    initialize?(): Promise<void> | void;
+}
+export type TrustBundleSourceType = "INLINE_PEM" | "DATA_PEM" | "FILE" | "HTTPS_BUNDLE";
+export interface TrustBundlePins {
+    readonly hashPins?: readonly string[];
+    readonly allowedSpkis?: readonly string[];
+    readonly allowTofu?: boolean;
+    readonly refreshIntervalMs?: number;
+}
+export interface InlinePemSource {
+    readonly type: "INLINE_PEM";
+    readonly pem: string;
+}
+export interface DataPemSource {
+    readonly type: "DATA_PEM";
+    readonly dataUri: string;
+}
+export interface FilePemSource {
+    readonly type: "FILE";
+    readonly path: string;
+}
+export interface HttpsBundleSource extends TrustBundlePins {
+    readonly type: "HTTPS_BUNDLE";
+    readonly url: string;
+}
+export type TrustBundleSource = InlinePemSource | DataPemSource | FilePemSource | HttpsBundleSource;
+//# sourceMappingURL=trust-store-provider.d.ts.map

package/dist/types/naylence/fame/security/cert/trust-store/trust-store-provider.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"trust-store-provider.d.ts","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/cert/trust-store/trust-store-provider.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,kBAAkB;IACjC;;;OAGG;IACH,gBAAgB,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IACpC,QAAQ,IAAI,OAAO,CAAC,SAAS,WAAW,EAAE,CAAC,CAAC;IAC5C,QAAQ,CAAC,CAAC,QAAQ,EAAE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC;IAC5C,UAAU,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CACrC;AAED,MAAM,MAAM,qBAAqB,GAC7B,YAAY,GACZ,UAAU,GACV,MAAM,GACN,cAAc,CAAC;AAEnB,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,QAAQ,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACtC,QAAQ,CAAC,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC1C,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC;IAC7B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;CACrC;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,iBAAkB,SAAQ,eAAe;IACxD,QAAQ,CAAC,IAAI,EAAE,cAAc,CAAC;IAC9B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,MAAM,iBAAiB,GACzB,eAAe,GACf,aAAa,GACb,aAAa,GACb,iBAAiB,CAAC"}

package/dist/types/naylence/fame/security/cert/util.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import { Certificate } from "@peculiar/asn1-x509";
+export interface ValidateJwkX5cCertificateOptions {
+    jwk: Record<string, unknown>;
+    trustStorePem?: string | null;
+    enforceNameConstraints?: boolean;
+    strict?: boolean;
+}
+export interface ValidateJwkX5cCertificateResult {
+    isValid: boolean;
+    error?: string;
+}
+export interface PublicKeyFromX5cOptions {
+    trustStorePem?: string | null;
+    enforceNameConstraints?: boolean;
+    returnCertificate?: boolean;
+}
+export declare function publicKeyFromX5c(x5c: string[], options?: PublicKeyFromX5cOptions): Uint8Array;
+export declare function publicKeyFromX5c(x5c: string[], options: PublicKeyFromX5cOptions & {
+    returnCertificate: true;
+}): {
+    publicKey: Uint8Array;
+    certificate: Certificate;
+};
+export declare function validateJwkX5cCertificate(options: ValidateJwkX5cCertificateOptions): ValidateJwkX5cCertificateResult;
+//# sourceMappingURL=util.d.ts.map

package/dist/types/naylence/fame/security/cert/util.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/util.ts"],"names":[],"mappings":"AACA,OAAO,EACL,WAAW,EAQZ,MAAM,qBAAqB,CAAC;AA2B7B,MAAM,WAAW,gCAAgC;IAC/C,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC7B,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,+BAA+B;IAC9C,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,uBAAuB;IACtC,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED,wBAAgB,gBAAgB,CAC9B,GAAG,EAAE,MAAM,EAAE,EACb,OAAO,CAAC,EAAE,uBAAuB,GAChC,UAAU,CAAC;AACd,wBAAgB,gBAAgB,CAC9B,GAAG,EAAE,MAAM,EAAE,EACb,OAAO,EAAE,uBAAuB,GAAG;IAAE,iBAAiB,EAAE,IAAI,CAAA;CAAE,GAC7D;IAAE,SAAS,EAAE,UAAU,CAAC;IAAC,WAAW,EAAE,WAAW,CAAA;CAAE,CAAC;AA+DvD,wBAAgB,yBAAyB,CACvC,OAAO,EAAE,gCAAgC,GACxC,+BAA+B,CAgDjC"}

package/dist/types/naylence/fame/security/encryption/channel/channel-encryption-manager-factory.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import { EncryptionManagerFactory, type EncryptionManagerConfig } from "@naylence/runtime";
+import { type EncryptionManager, type EncryptionOptions } from "@naylence/runtime";
+export interface ChannelEncryptionManagerConfig extends EncryptionManagerConfig {
+    readonly type: "ChannelEncryptionManager";
+    readonly priority: number;
+    readonly supportedAlgorithms: readonly string[];
+    readonly encryptionType: string;
+}
+export declare const FACTORY_META: {
+    readonly base: "EncryptionManagerFactory";
+    readonly key: "ChannelEncryptionManager";
+};
+export declare class ChannelEncryptionManagerFactory extends EncryptionManagerFactory<ChannelEncryptionManagerConfig> {
+    readonly type: "ChannelEncryptionManager";
+    readonly priority: number;
+    private readonly supportedAlgorithms;
+    private readonly encryptionType;
+    constructor(config?: Partial<ChannelEncryptionManagerConfig> | null);
+    getSupportedAlgorithms(): readonly string[];
+    getEncryptionType(): string;
+    supportsOptions(opts?: EncryptionOptions | null): boolean;
+    create(_config?: ChannelEncryptionManagerConfig | Record<string, unknown> | null, ...factoryArgs: unknown[]): Promise<EncryptionManager>;
+    private resolveDependencies;
+    private resolveSecureChannelManager;
+    private resolveNodeLike;
+    private resolveTaskSpawner;
+}
+export default ChannelEncryptionManagerFactory;
+//# sourceMappingURL=channel-encryption-manager-factory.d.ts.map

package/dist/types/naylence/fame/security/encryption/channel/channel-encryption-manager-factory.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"channel-encryption-manager-factory.d.ts","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/encryption/channel/channel-encryption-manager-factory.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,wBAAwB,EACxB,KAAK,uBAAuB,EAE7B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,KAAK,iBAAiB,EACtB,KAAK,iBAAiB,EACvB,MAAM,mBAAmB,CAAC;AAa3B,MAAM,WAAW,8BACf,SAAQ,uBAAuB;IAC/B,QAAQ,CAAC,IAAI,EAAE,0BAA0B,CAAC;IAC1C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,mBAAmB,EAAE,SAAS,MAAM,EAAE,CAAC;IAChD,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;CACjC;AAID,eAAO,MAAM,YAAY;;;CAGf,CAAC;AAEX,qBAAa,+BAAgC,SAAQ,wBAAwB,CAAC,8BAA8B,CAAC;IAC3G,SAAgB,IAAI,6BAAoB;IACxC,SAAgB,QAAQ,EAAE,MAAM,CAAC;IAEjC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAoB;IACxD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAS;gBAE5B,MAAM,CAAC,EAAE,OAAO,CAAC,8BAA8B,CAAC,GAAG,IAAI;IAQ5D,sBAAsB,IAAI,SAAS,MAAM,EAAE;IAI3C,iBAAiB,IAAI,MAAM;IAI3B,eAAe,CAAC,IAAI,CAAC,EAAE,iBAAiB,GAAG,IAAI,GAAG,OAAO;IAWnD,MAAM,CACjB,OAAO,CAAC,EAAE,8BAA8B,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,EACzE,GAAG,WAAW,EAAE,OAAO,EAAE,GACxB,OAAO,CAAC,iBAAiB,CAAC;IAiB7B,OAAO,CAAC,mBAAmB;IAkB3B,OAAO,CAAC,2BAA2B;IAYnC,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,kBAAkB;CA0B3B;AAED,eAAe,+BAA+B,CAAC"}