@naylence/advanced-security 0.3.7-test.123 → 0.3.7-test.125
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/browser/index.cjs +24 -27
- package/dist/browser/index.mjs +26 -29
- package/dist/cjs/naylence/fame/security/cert/default-certificate-manager-factory.js +1 -2
- package/dist/cjs/naylence/fame/security/cert/default-certificate-manager-factory.js.map +1 -1
- package/dist/cjs/naylence/fame/security/cert/internal-ca-service.js +1 -1
- package/dist/cjs/naylence/fame/security/cert/internal-ca-service.js.map +1 -1
- package/dist/cjs/naylence/fame/security/cert/util.js +1 -1
- package/dist/cjs/naylence/fame/security/cert/util.js.map +1 -1
- package/dist/cjs/naylence/fame/security/signing/eddsa-envelope-signer-factory.js +1 -1
- package/dist/cjs/naylence/fame/security/signing/eddsa-envelope-signer-factory.js.map +1 -1
- package/dist/cjs/naylence/fame/security/signing/eddsa-envelope-verifier.js +1 -4
- package/dist/cjs/naylence/fame/security/signing/eddsa-envelope-verifier.js.map +1 -1
- package/dist/cjs/version.js +2 -2
- package/dist/esm/naylence/fame/security/cert/default-certificate-manager-factory.js +1 -2
- package/dist/esm/naylence/fame/security/cert/default-certificate-manager-factory.js.map +1 -1
- package/dist/esm/naylence/fame/security/cert/internal-ca-service.js +1 -1
- package/dist/esm/naylence/fame/security/cert/internal-ca-service.js.map +1 -1
- package/dist/esm/naylence/fame/security/cert/util.js +1 -1
- package/dist/esm/naylence/fame/security/cert/util.js.map +1 -1
- package/dist/esm/naylence/fame/security/signing/eddsa-envelope-signer-factory.js +1 -1
- package/dist/esm/naylence/fame/security/signing/eddsa-envelope-signer-factory.js.map +1 -1
- package/dist/esm/naylence/fame/security/signing/eddsa-envelope-verifier.js +1 -4
- package/dist/esm/naylence/fame/security/signing/eddsa-envelope-verifier.js.map +1 -1
- package/dist/esm/version.js +2 -2
- package/dist/node/index.cjs +24 -27
- package/dist/node/index.mjs +26 -29
- package/dist/node/node.cjs +25 -28
- package/dist/node/node.mjs +26 -29
- package/dist/types/naylence/fame/security/cert/default-certificate-manager-factory.d.ts +1 -3
- package/dist/types/naylence/fame/security/cert/default-certificate-manager-factory.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/signing/eddsa-envelope-signer-factory.d.ts +1 -2
- package/dist/types/naylence/fame/security/signing/eddsa-envelope-signer-factory.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/signing/eddsa-envelope-verifier.d.ts.map +1 -1
- package/dist/types/version.d.ts +1 -1
- package/package.json +2 -2
package/dist/node/index.mjs
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { getLogger, EncryptionResult, urlsafeBase64Decode, sealedDecrypt, sealedEncrypt, FIXED_PREFIX_LEN, urlsafeBase64Encode, EncryptionManagerFactory, ENCRYPTION_MANAGER_FACTORY_BASE_TYPE, requireCryptoSupport, SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE, SecureChannelManagerFactory, ENVELOPE_SIGNER_FACTORY_BASE_TYPE, EnvelopeSignerFactory, SigningConfigClass, validateSigningKey, JWKValidationError, decodeBase64Url, canonicalJson, secureDigest, frameDigest, immutableHeaders, encodeUtf8, ENVELOPE_VERIFIER_FACTORY_BASE_TYPE, EnvelopeVerifierFactory, TaskSpawner, getKeyStore, DefaultKeyManager, validateJwkComplete, currentTraceId, DeliveryOriginType, KEY_MANAGER_FACTORY_BASE_TYPE, KeyManagerFactory, KeyStoreFactory, BaseNodeEventListener, LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE, LoadBalancerStickinessManagerFactory, REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE, ReplicaStickinessManagerFactory, color, AnsiColor, validateHostLogicals, HTTP_CONNECTION_GRANT_TYPE, formatTimestamp, jsonDumps, WELCOME_SERVICE_FACTORY_BASE_TYPE, WelcomeServiceFactory, NodePlacementStrategyFactory, TransportProvisionerFactory, TokenIssuerFactory, AuthorizerFactory, validateHostLogical, AuthInjectionStrategyFactory, CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CertificateManagerFactory } from '@naylence/runtime';
|
|
2
2
|
import { ExtensionManager, AbstractResourceFactory, createResource, createDefaultResource, Registry } from '@naylence/factory';
|
|
3
3
|
import { AsnConvert, OctetString } from '@peculiar/asn1-schema';
|
|
4
4
|
import { Attributes, CertificationRequestInfo, CertificationRequest } from '@peculiar/asn1-csr';
|
|
@@ -6,8 +6,6 @@ import { Certificate, SubjectAlternativeName, NameConstraints, id_ce_subjectAltN
|
|
|
6
6
|
import { verify, etc } from '@noble/ed25519';
|
|
7
7
|
import { sha256, sha512 } from '@noble/hashes/sha2.js';
|
|
8
8
|
import { localDeliveryContext, createFameEnvelope, generateId, formatAddress, FameAddress, SigningMaterial, DeliveryOriginType as DeliveryOriginType$1 } from '@naylence/core';
|
|
9
|
-
import { decodeBase64Url, canonicalJson, frameDigest, immutableHeaders } from '@naylence/runtime/naylence/fame/security/signing/eddsa-signer-verifier.js';
|
|
10
|
-
import { encodeUtf8 } from '@naylence/runtime/naylence/fame/security/signing/eddsa-utils.js';
|
|
11
9
|
import { chacha20poly1305 } from '@noble/ciphers/chacha.js';
|
|
12
10
|
import { x25519 } from '@noble/curves/ed25519.js';
|
|
13
11
|
import { hkdf } from '@noble/hashes/hkdf.js';
|
|
@@ -15,15 +13,14 @@ import { utf8ToBytes, randomBytes as randomBytes$1 } from '@noble/hashes/utils.j
|
|
|
15
13
|
import { SignJWT, importPKCS8, compactVerify, importJWK, importSPKI } from 'jose';
|
|
16
14
|
import { sha256 as sha256$1 } from '@noble/hashes/sha256.js';
|
|
17
15
|
import { X509Certificate } from '@peculiar/x509';
|
|
18
|
-
import { getLogger, secureDigest as secureDigest$1, validateHostLogical, CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CertificateManagerFactory, SigningConfigClass as SigningConfigClass$1 } from '@naylence/runtime/node';
|
|
19
16
|
|
|
20
17
|
// This file is auto-generated during build - do not edit manually
|
|
21
|
-
// Generated from package.json version: 0.3.7-test.
|
|
18
|
+
// Generated from package.json version: 0.3.7-test.125
|
|
22
19
|
/**
|
|
23
20
|
* The package version, injected at build time.
|
|
24
21
|
* @internal
|
|
25
22
|
*/
|
|
26
|
-
const VERSION = '0.3.7-test.
|
|
23
|
+
const VERSION = '0.3.7-test.125';
|
|
27
24
|
|
|
28
25
|
const logger$h = getLogger("naylence.fame.security.cert.util");
|
|
29
26
|
const CACHE_LIMIT = 512;
|
|
@@ -1257,7 +1254,7 @@ class CAServiceClient {
|
|
|
1257
1254
|
}
|
|
1258
1255
|
}
|
|
1259
1256
|
|
|
1260
|
-
const logger$f = getLogger
|
|
1257
|
+
const logger$f = getLogger("naylence.fame.security.encryption.sealed.x25519_encryption_manager");
|
|
1261
1258
|
class X25519EncryptionManager {
|
|
1262
1259
|
constructor({ keyProvider, nodeLike = null, cryptoProvider = null, }) {
|
|
1263
1260
|
this.pendingEnvelopes = new Map();
|
|
@@ -1886,7 +1883,7 @@ var index$1 = /*#__PURE__*/Object.freeze({
|
|
|
1886
1883
|
X25519EncryptionManagerFactory: X25519EncryptionManagerFactory
|
|
1887
1884
|
});
|
|
1888
1885
|
|
|
1889
|
-
const logger$e = getLogger
|
|
1886
|
+
const logger$e = getLogger("naylence.fame.security.encryption.channel.channel_encryption_manager");
|
|
1890
1887
|
const SUPPORTED_CHANNEL_ALGORITHMS = ["chacha20-poly1305-channel"];
|
|
1891
1888
|
const CHANNEL_ENCRYPTION_ALGORITHM = "chacha20-poly1305-channel";
|
|
1892
1889
|
const HANDSHAKE_ALGORITHM = "CHACHA20P1305";
|
|
@@ -2620,7 +2617,7 @@ class ChannelEncryptionManager {
|
|
|
2620
2617
|
}
|
|
2621
2618
|
}
|
|
2622
2619
|
|
|
2623
|
-
const logger$d = getLogger
|
|
2620
|
+
const logger$d = getLogger("naylence.fame.security.encryption.channel.channel_encryption_manager_factory");
|
|
2624
2621
|
const DEFAULT_SUPPORTED_ALGORITHMS = ["chacha20-poly1305-channel"];
|
|
2625
2622
|
const FACTORY_META$c = {
|
|
2626
2623
|
base: ENCRYPTION_MANAGER_FACTORY_BASE_TYPE,
|
|
@@ -2714,7 +2711,7 @@ var index = /*#__PURE__*/Object.freeze({
|
|
|
2714
2711
|
ChannelEncryptionManagerFactory: ChannelEncryptionManagerFactory
|
|
2715
2712
|
});
|
|
2716
2713
|
|
|
2717
|
-
const logger$c = getLogger
|
|
2714
|
+
const logger$c = getLogger("naylence.fame.security.encryption.default_secure_channel_manager");
|
|
2718
2715
|
const DEFAULT_ALGORITHM = "CHACHA20P1305";
|
|
2719
2716
|
const CHANNEL_KEY_LENGTH = 32;
|
|
2720
2717
|
const NONCE_PREFIX_LENGTH = 4;
|
|
@@ -3044,7 +3041,7 @@ var defaultSecureChannelManagerFactory = /*#__PURE__*/Object.freeze({
|
|
|
3044
3041
|
default: DefaultSecureChannelManagerFactory
|
|
3045
3042
|
});
|
|
3046
3043
|
|
|
3047
|
-
const logger$b = getLogger
|
|
3044
|
+
const logger$b = getLogger("naylence.fame.security.encryption.encryption_manager_registry");
|
|
3048
3045
|
class EncryptionManagerFactoryRegistry {
|
|
3049
3046
|
constructor(autoDiscover = true) {
|
|
3050
3047
|
this.factories = [];
|
|
@@ -3205,7 +3202,7 @@ function getEncryptionManagerFactoryRegistry() {
|
|
|
3205
3202
|
return globalRegistry;
|
|
3206
3203
|
}
|
|
3207
3204
|
|
|
3208
|
-
const logger$a = getLogger
|
|
3205
|
+
const logger$a = getLogger("naylence.fame.security.encryption.composite_encryption_manager");
|
|
3209
3206
|
const DEFAULT_SEALED_ALGORITHMS = [
|
|
3210
3207
|
"X25519",
|
|
3211
3208
|
"ECDH-ES+A256GCM",
|
|
@@ -3524,7 +3521,7 @@ class CompositeEncryptionManager {
|
|
|
3524
3521
|
}
|
|
3525
3522
|
}
|
|
3526
3523
|
|
|
3527
|
-
const logger$9 = getLogger
|
|
3524
|
+
const logger$9 = getLogger("naylence.fame.security.encryption.composite_encryption_manager_factory");
|
|
3528
3525
|
const DEFAULT_PRIORITY = 1000;
|
|
3529
3526
|
const DEFAULT_ENCRYPTION_TYPE = "composite";
|
|
3530
3527
|
const FACTORY_META$a = {
|
|
@@ -3649,7 +3646,7 @@ const FACTORY_META$9 = {
|
|
|
3649
3646
|
let eddsaEnvelopeSignerModulePromise = null;
|
|
3650
3647
|
async function getEdDSAEnvelopeSignerModule() {
|
|
3651
3648
|
if (!eddsaEnvelopeSignerModulePromise) {
|
|
3652
|
-
eddsaEnvelopeSignerModulePromise = import('@naylence/runtime
|
|
3649
|
+
eddsaEnvelopeSignerModulePromise = import('@naylence/runtime');
|
|
3653
3650
|
}
|
|
3654
3651
|
return eddsaEnvelopeSignerModulePromise;
|
|
3655
3652
|
}
|
|
@@ -3935,7 +3932,7 @@ var eddsaEnvelopeVerifierFactory = /*#__PURE__*/Object.freeze({
|
|
|
3935
3932
|
default: AdvancedEdDSAEnvelopeVerifierFactory
|
|
3936
3933
|
});
|
|
3937
3934
|
|
|
3938
|
-
const logger$8 = getLogger
|
|
3935
|
+
const logger$8 = getLogger("naylence.fame.security.keys.x5c_key_manager");
|
|
3939
3936
|
let x509ModulePromise$1 = null;
|
|
3940
3937
|
async function loadX509Module$1() {
|
|
3941
3938
|
if (!x509ModulePromise$1) {
|
|
@@ -4539,7 +4536,7 @@ function utf8Decode(data) {
|
|
|
4539
4536
|
return decodeURIComponent(escape(str));
|
|
4540
4537
|
}
|
|
4541
4538
|
|
|
4542
|
-
const logger$7 = getLogger
|
|
4539
|
+
const logger$7 = getLogger("naylence.fame.stickiness.aft_signer");
|
|
4543
4540
|
class AbstractAFTSigner {
|
|
4544
4541
|
constructor(kid, maxTtlSec = 7200) {
|
|
4545
4542
|
this.kid = kid;
|
|
@@ -4681,7 +4678,7 @@ function createAftSigner(options) {
|
|
|
4681
4678
|
}
|
|
4682
4679
|
}
|
|
4683
4680
|
|
|
4684
|
-
const logger$6 = getLogger
|
|
4681
|
+
const logger$6 = getLogger("naylence.fame.stickiness.aft_helper");
|
|
4685
4682
|
class AFTHelper {
|
|
4686
4683
|
constructor(options) {
|
|
4687
4684
|
this.signer = options.signer;
|
|
@@ -4750,7 +4747,7 @@ function createAftHelper(options) {
|
|
|
4750
4747
|
}
|
|
4751
4748
|
const DEFAULT_STICKINESS_SECURITY_LEVEL = StickinessMode.SIGNED_OPTIONAL;
|
|
4752
4749
|
|
|
4753
|
-
const logger$5 = getLogger
|
|
4750
|
+
const logger$5 = getLogger("naylence.fame.stickiness.aft_verifier");
|
|
4754
4751
|
function decodeToken(token) {
|
|
4755
4752
|
const parts = token.split(".");
|
|
4756
4753
|
if (parts.length !== 3) {
|
|
@@ -5036,7 +5033,7 @@ function createAftVerifier(options) {
|
|
|
5036
5033
|
}
|
|
5037
5034
|
}
|
|
5038
5035
|
|
|
5039
|
-
const logger$4 = getLogger
|
|
5036
|
+
const logger$4 = getLogger("naylence.fame.stickiness.aft_load_balancer_stickiness_manager");
|
|
5040
5037
|
class AFTAssociation {
|
|
5041
5038
|
constructor(params) {
|
|
5042
5039
|
this.replicaId = params.replicaId;
|
|
@@ -5546,7 +5543,7 @@ var aftLoadBalancerStickinessManagerFactory = /*#__PURE__*/Object.freeze({
|
|
|
5546
5543
|
default: AFTLoadBalancerStickinessManagerFactory
|
|
5547
5544
|
});
|
|
5548
5545
|
|
|
5549
|
-
const logger$3 = getLogger
|
|
5546
|
+
const logger$3 = getLogger("naylence.fame.stickiness.aft_replica_stickiness_manager");
|
|
5550
5547
|
function isStickinessRequired(context) {
|
|
5551
5548
|
if (typeof context.stickinessRequired === "boolean") {
|
|
5552
5549
|
return context.stickinessRequired;
|
|
@@ -5796,7 +5793,7 @@ var aftReplicaStickinessManagerFactory = /*#__PURE__*/Object.freeze({
|
|
|
5796
5793
|
default: AFTReplicaStickinessManagerFactory
|
|
5797
5794
|
});
|
|
5798
5795
|
|
|
5799
|
-
const logger$2 = getLogger
|
|
5796
|
+
const logger$2 = getLogger("naylence.fame.welcome.advanced_welcome_service");
|
|
5800
5797
|
const ENV_VAR_SHOW_ENVELOPES = "FAME_SHOW_ENVELOPES";
|
|
5801
5798
|
const DEFAULT_TTL_SEC = 3600;
|
|
5802
5799
|
const showEnvelopes = typeof process !== "undefined" &&
|
|
@@ -6888,7 +6885,7 @@ class CASigningService extends CAService {
|
|
|
6888
6885
|
const publicKeyPem = derToPem(publicKeyDer, "PUBLIC KEY");
|
|
6889
6886
|
// Determine node SID and physical path (mirrors Python logic)
|
|
6890
6887
|
const physicalPath = csr.physicalPath || `/unknown/${csr.requesterId}`;
|
|
6891
|
-
const nodeSid = secureDigest
|
|
6888
|
+
const nodeSid = secureDigest(physicalPath);
|
|
6892
6889
|
const logicals = csr.logicals || [];
|
|
6893
6890
|
// Issue the certificate (short-lived: 1 day)
|
|
6894
6891
|
const certificatePem = await this.signNodeCert(publicKeyPem, csr.requesterId, // Use requesterId as node_id
|
|
@@ -6920,7 +6917,7 @@ class CASigningService extends CAService {
|
|
|
6920
6917
|
await this.ensureSigningMaterials();
|
|
6921
6918
|
const signingCert = this.getSigningCertificate();
|
|
6922
6919
|
const signingKey = this.getSigningKey();
|
|
6923
|
-
const expectedSid = secureDigest
|
|
6920
|
+
const expectedSid = secureDigest(physicalPath);
|
|
6924
6921
|
if (expectedSid !== nodeSid) {
|
|
6925
6922
|
throw new Error("Provided SID does not match the computed SID for the physical path");
|
|
6926
6923
|
}
|
|
@@ -7665,7 +7662,7 @@ function encodeBitString(signature) {
|
|
|
7665
7662
|
return result.buffer;
|
|
7666
7663
|
}
|
|
7667
7664
|
|
|
7668
|
-
const logger$1 = getLogger
|
|
7665
|
+
const logger$1 = getLogger("naylence.fame.security.cert.default_certificate_manager");
|
|
7669
7666
|
const CONNECTION_GRANTS_CAMEL = "connectionGrants";
|
|
7670
7667
|
const CONNECTION_GRANTS_SNAKE = "connection_grants";
|
|
7671
7668
|
class DefaultCertificateManager {
|
|
@@ -8499,18 +8496,18 @@ function normalizeSecuritySettings(config, explicit) {
|
|
|
8499
8496
|
return null;
|
|
8500
8497
|
}
|
|
8501
8498
|
function normalizeSigning(config, explicit) {
|
|
8502
|
-
if (explicit instanceof SigningConfigClass
|
|
8499
|
+
if (explicit instanceof SigningConfigClass) {
|
|
8503
8500
|
return explicit;
|
|
8504
8501
|
}
|
|
8505
8502
|
if (explicit && typeof explicit === "object") {
|
|
8506
|
-
return new SigningConfigClass
|
|
8503
|
+
return new SigningConfigClass(explicit);
|
|
8507
8504
|
}
|
|
8508
8505
|
const candidate = config.signing ?? null;
|
|
8509
|
-
if (candidate instanceof SigningConfigClass
|
|
8506
|
+
if (candidate instanceof SigningConfigClass) {
|
|
8510
8507
|
return candidate;
|
|
8511
8508
|
}
|
|
8512
8509
|
if (candidate && typeof candidate === "object") {
|
|
8513
|
-
return new SigningConfigClass
|
|
8510
|
+
return new SigningConfigClass(candidate);
|
|
8514
8511
|
}
|
|
8515
8512
|
return null;
|
|
8516
8513
|
}
|
|
@@ -8659,7 +8656,7 @@ function bytesToUtf8$1(data) {
|
|
|
8659
8656
|
|
|
8660
8657
|
const DEFAULT_REFRESH_INTERVAL_MS = 86400000; // 24 hours
|
|
8661
8658
|
const MIN_REFRESH_INTERVAL_MS = 60000; // 1 minute
|
|
8662
|
-
const logger = getLogger
|
|
8659
|
+
const logger = getLogger("naylence.fame.security.cert.trust_store.http_bundle_provider");
|
|
8663
8660
|
function isTruthyFlag(value) {
|
|
8664
8661
|
if (typeof value === "boolean") {
|
|
8665
8662
|
return value;
|
package/dist/node/node.cjs
CHANGED
|
@@ -4,30 +4,27 @@ var asn1Schema = require('@peculiar/asn1-schema');
|
|
|
4
4
|
var asn1X509 = require('@peculiar/asn1-x509');
|
|
5
5
|
var sha2_js = require('@noble/hashes/sha2.js');
|
|
6
6
|
var ed25519 = require('@noble/ed25519');
|
|
7
|
-
var
|
|
7
|
+
var runtime = require('@naylence/runtime');
|
|
8
8
|
var asn1Csr = require('@peculiar/asn1-csr');
|
|
9
9
|
var x509 = require('@peculiar/x509');
|
|
10
10
|
var core = require('@naylence/core');
|
|
11
|
-
var runtime = require('@naylence/runtime');
|
|
12
11
|
var chacha_js = require('@noble/ciphers/chacha.js');
|
|
13
12
|
var ed25519_js = require('@noble/curves/ed25519.js');
|
|
14
13
|
var hkdf_js = require('@noble/hashes/hkdf.js');
|
|
15
14
|
var utils_js = require('@noble/hashes/utils.js');
|
|
16
|
-
var eddsaSignerVerifier_js = require('@naylence/runtime/naylence/fame/security/signing/eddsa-signer-verifier.js');
|
|
17
|
-
var eddsaUtils_js = require('@naylence/runtime/naylence/fame/security/signing/eddsa-utils.js');
|
|
18
15
|
var factory = require('@naylence/factory');
|
|
19
16
|
var jose = require('jose');
|
|
20
17
|
var sha256_js = require('@noble/hashes/sha256.js');
|
|
21
18
|
|
|
22
19
|
// This file is auto-generated during build - do not edit manually
|
|
23
|
-
// Generated from package.json version: 0.3.7-test.
|
|
20
|
+
// Generated from package.json version: 0.3.7-test.125
|
|
24
21
|
/**
|
|
25
22
|
* The package version, injected at build time.
|
|
26
23
|
* @internal
|
|
27
24
|
*/
|
|
28
|
-
const VERSION = '0.3.7-test.
|
|
25
|
+
const VERSION = '0.3.7-test.125';
|
|
29
26
|
|
|
30
|
-
const logger$h =
|
|
27
|
+
const logger$h = runtime.getLogger("naylence.fame.security.cert.util");
|
|
31
28
|
const CACHE_LIMIT = 512;
|
|
32
29
|
const OID_ED25519 = "1.3.101.112";
|
|
33
30
|
const textEncoder = new TextEncoder();
|
|
@@ -3662,7 +3659,7 @@ const FACTORY_META$a = {
|
|
|
3662
3659
|
let eddsaEnvelopeSignerModulePromise = null;
|
|
3663
3660
|
async function getEdDSAEnvelopeSignerModule() {
|
|
3664
3661
|
if (!eddsaEnvelopeSignerModulePromise) {
|
|
3665
|
-
eddsaEnvelopeSignerModulePromise = import('@naylence/runtime
|
|
3662
|
+
eddsaEnvelopeSignerModulePromise = import('@naylence/runtime');
|
|
3666
3663
|
}
|
|
3667
3664
|
return eddsaEnvelopeSignerModulePromise;
|
|
3668
3665
|
}
|
|
@@ -3798,7 +3795,7 @@ class EdDSAEnvelopeVerifier {
|
|
|
3798
3795
|
}
|
|
3799
3796
|
throw error;
|
|
3800
3797
|
}
|
|
3801
|
-
const publicKey =
|
|
3798
|
+
const publicKey = runtime.decodeBase64Url(candidate);
|
|
3802
3799
|
return { normalizedJwk, publicKey };
|
|
3803
3800
|
}
|
|
3804
3801
|
async verifyEnvelope(envelope, options = {}) {
|
|
@@ -3821,7 +3818,7 @@ class EdDSAEnvelopeVerifier {
|
|
|
3821
3818
|
throw new Error("DataFrame missing payload digest (pd field)");
|
|
3822
3819
|
}
|
|
3823
3820
|
const payload = envelope.frame.payload ?? "";
|
|
3824
|
-
const payloadString = payload === "" ? "" :
|
|
3821
|
+
const payloadString = payload === "" ? "" : runtime.canonicalJson(payload);
|
|
3825
3822
|
const actualDigest = runtime.secureDigest(payloadString);
|
|
3826
3823
|
if (actualDigest !== envelope.frame.pd) {
|
|
3827
3824
|
throw new Error("Payload digest mismatch in DataFrame");
|
|
@@ -3836,18 +3833,18 @@ class EdDSAEnvelopeVerifier {
|
|
|
3836
3833
|
}
|
|
3837
3834
|
}
|
|
3838
3835
|
else {
|
|
3839
|
-
trustedDigest =
|
|
3836
|
+
trustedDigest = runtime.frameDigest(envelope.frame);
|
|
3840
3837
|
}
|
|
3841
3838
|
const sid = assertString(normalizedJwk.sid, "Signing key missing sid");
|
|
3842
|
-
const immutable =
|
|
3843
|
-
const tbs = new Uint8Array(
|
|
3839
|
+
const immutable = runtime.canonicalJson(runtime.immutableHeaders(envelope));
|
|
3840
|
+
const tbs = new Uint8Array(runtime.encodeUtf8(sid).length +
|
|
3844
3841
|
1 +
|
|
3845
|
-
|
|
3842
|
+
runtime.encodeUtf8(immutable).length +
|
|
3846
3843
|
1 +
|
|
3847
|
-
|
|
3848
|
-
const sidBytes =
|
|
3849
|
-
const immBytes =
|
|
3850
|
-
const digestBytes =
|
|
3844
|
+
runtime.encodeUtf8(trustedDigest).length);
|
|
3845
|
+
const sidBytes = runtime.encodeUtf8(sid);
|
|
3846
|
+
const immBytes = runtime.encodeUtf8(immutable);
|
|
3847
|
+
const digestBytes = runtime.encodeUtf8(trustedDigest);
|
|
3851
3848
|
let offset = 0;
|
|
3852
3849
|
tbs.set(sidBytes, offset);
|
|
3853
3850
|
offset += sidBytes.length;
|
|
@@ -3858,7 +3855,7 @@ class EdDSAEnvelopeVerifier {
|
|
|
3858
3855
|
tbs[offset] = 0x1f;
|
|
3859
3856
|
offset += 1;
|
|
3860
3857
|
tbs.set(digestBytes, offset);
|
|
3861
|
-
const signatureBytes =
|
|
3858
|
+
const signatureBytes = runtime.decodeBase64Url(signatureValue);
|
|
3862
3859
|
if (signatureBytes.length !== 64) {
|
|
3863
3860
|
throw new Error("Signature must be 64 bytes for Ed25519");
|
|
3864
3861
|
}
|
|
@@ -7473,7 +7470,7 @@ async function resolveTrustStorePemFromEnvironment() {
|
|
|
7473
7470
|
}
|
|
7474
7471
|
|
|
7475
7472
|
const FACTORY_META$4 = {
|
|
7476
|
-
base:
|
|
7473
|
+
base: runtime.CERTIFICATE_MANAGER_FACTORY_BASE_TYPE,
|
|
7477
7474
|
key: "DefaultCertificateManager",
|
|
7478
7475
|
};
|
|
7479
7476
|
function normalizeConfig$1(config) {
|
|
@@ -7500,18 +7497,18 @@ function normalizeSecuritySettings(config, explicit) {
|
|
|
7500
7497
|
return null;
|
|
7501
7498
|
}
|
|
7502
7499
|
function normalizeSigning(config, explicit) {
|
|
7503
|
-
if (explicit instanceof
|
|
7500
|
+
if (explicit instanceof runtime.SigningConfigClass) {
|
|
7504
7501
|
return explicit;
|
|
7505
7502
|
}
|
|
7506
7503
|
if (explicit && typeof explicit === "object") {
|
|
7507
|
-
return new
|
|
7504
|
+
return new runtime.SigningConfigClass(explicit);
|
|
7508
7505
|
}
|
|
7509
7506
|
const candidate = config.signing ?? null;
|
|
7510
|
-
if (candidate instanceof
|
|
7507
|
+
if (candidate instanceof runtime.SigningConfigClass) {
|
|
7511
7508
|
return candidate;
|
|
7512
7509
|
}
|
|
7513
7510
|
if (candidate && typeof candidate === "object") {
|
|
7514
|
-
return new
|
|
7511
|
+
return new runtime.SigningConfigClass(candidate);
|
|
7515
7512
|
}
|
|
7516
7513
|
return null;
|
|
7517
7514
|
}
|
|
@@ -7525,7 +7522,7 @@ function normalizeOptions(config, securitySettings, signing) {
|
|
|
7525
7522
|
cryptoProvider,
|
|
7526
7523
|
};
|
|
7527
7524
|
}
|
|
7528
|
-
class DefaultCertificateManagerFactory extends
|
|
7525
|
+
class DefaultCertificateManagerFactory extends runtime.CertificateManagerFactory {
|
|
7529
7526
|
constructor() {
|
|
7530
7527
|
super(...arguments);
|
|
7531
7528
|
this.type = "DefaultCertificateManager";
|
|
@@ -9168,7 +9165,7 @@ class CASigningService extends CAService {
|
|
|
9168
9165
|
const publicKeyPem = derToPem(publicKeyDer, "PUBLIC KEY");
|
|
9169
9166
|
// Determine node SID and physical path (mirrors Python logic)
|
|
9170
9167
|
const physicalPath = csr.physicalPath || `/unknown/${csr.requesterId}`;
|
|
9171
|
-
const nodeSid =
|
|
9168
|
+
const nodeSid = runtime.secureDigest(physicalPath);
|
|
9172
9169
|
const logicals = csr.logicals || [];
|
|
9173
9170
|
// Issue the certificate (short-lived: 1 day)
|
|
9174
9171
|
const certificatePem = await this.signNodeCert(publicKeyPem, csr.requesterId, // Use requesterId as node_id
|
|
@@ -9200,13 +9197,13 @@ class CASigningService extends CAService {
|
|
|
9200
9197
|
await this.ensureSigningMaterials();
|
|
9201
9198
|
const signingCert = this.getSigningCertificate();
|
|
9202
9199
|
const signingKey = this.getSigningKey();
|
|
9203
|
-
const expectedSid =
|
|
9200
|
+
const expectedSid = runtime.secureDigest(physicalPath);
|
|
9204
9201
|
if (expectedSid !== nodeSid) {
|
|
9205
9202
|
throw new Error("Provided SID does not match the computed SID for the physical path");
|
|
9206
9203
|
}
|
|
9207
9204
|
const logicalHosts = logicals ?? [];
|
|
9208
9205
|
for (const logical of logicalHosts) {
|
|
9209
|
-
const [valid, error] =
|
|
9206
|
+
const [valid, error] = runtime.validateHostLogical(logical);
|
|
9210
9207
|
if (!valid) {
|
|
9211
9208
|
throw new Error(`Invalid logical host '${logical}': ${error ?? "unknown error"}`);
|
|
9212
9209
|
}
|
package/dist/node/node.mjs
CHANGED
|
@@ -2,28 +2,25 @@ import { AsnConvert, OctetString } from '@peculiar/asn1-schema';
|
|
|
2
2
|
import { Certificate, id_ce_subjectAltName, SubjectAlternativeName, id_ce_nameConstraints, NameConstraints, Name, RelativeDistinguishedName, AttributeTypeAndValue, AttributeValue, SubjectPublicKeyInfo, GeneralName, Extensions, Extension, Attribute, AlgorithmIdentifier, TBSCertificate, Validity, Version, BasicConstraints, id_ce_basicConstraints, KeyUsageFlags, KeyUsage, id_ce_keyUsage, SubjectKeyIdentifier, id_ce_subjectKeyIdentifier, AuthorityKeyIdentifier, KeyIdentifier, id_ce_authorityKeyIdentifier, GeneralSubtrees, GeneralSubtree, ExtendedKeyUsage, id_kp_clientAuth, id_kp_serverAuth, id_ce_extKeyUsage } from '@peculiar/asn1-x509';
|
|
3
3
|
import { sha512, sha256 } from '@noble/hashes/sha2.js';
|
|
4
4
|
import { verify, etc } from '@noble/ed25519';
|
|
5
|
-
import { getLogger,
|
|
5
|
+
import { getLogger, EncryptionResult, urlsafeBase64Decode, sealedDecrypt, sealedEncrypt, FIXED_PREFIX_LEN, urlsafeBase64Encode, ENCRYPTION_MANAGER_FACTORY_BASE_TYPE, EncryptionManagerFactory, requireCryptoSupport, SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE, SecureChannelManagerFactory, ENVELOPE_SIGNER_FACTORY_BASE_TYPE, EnvelopeSignerFactory, SigningConfigClass, validateSigningKey, JWKValidationError, decodeBase64Url, canonicalJson, secureDigest, frameDigest, immutableHeaders, encodeUtf8, ENVELOPE_VERIFIER_FACTORY_BASE_TYPE, EnvelopeVerifierFactory, TaskSpawner, getKeyStore, DefaultKeyManager, validateJwkComplete, currentTraceId, DeliveryOriginType, KEY_MANAGER_FACTORY_BASE_TYPE, KeyManagerFactory, KeyStoreFactory, BaseNodeEventListener, LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE, LoadBalancerStickinessManagerFactory, REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE, ReplicaStickinessManagerFactory, color, formatTimestamp, AnsiColor, jsonDumps, validateHostLogicals, HTTP_CONNECTION_GRANT_TYPE, WELCOME_SERVICE_FACTORY_BASE_TYPE, WelcomeServiceFactory, NodePlacementStrategyFactory, TransportProvisionerFactory, TokenIssuerFactory, AuthorizerFactory, AuthInjectionStrategyFactory, CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CertificateManagerFactory, validateHostLogical } from '@naylence/runtime';
|
|
6
6
|
import { Attributes, CertificationRequestInfo, CertificationRequest } from '@peculiar/asn1-csr';
|
|
7
7
|
import { X509Certificate } from '@peculiar/x509';
|
|
8
8
|
import { localDeliveryContext, createFameEnvelope, FameAddress, generateId, formatAddress, SigningMaterial, DeliveryOriginType as DeliveryOriginType$1 } from '@naylence/core';
|
|
9
|
-
import { getLogger as getLogger$1, EncryptionResult, urlsafeBase64Decode, sealedDecrypt, sealedEncrypt, FIXED_PREFIX_LEN, urlsafeBase64Encode, ENCRYPTION_MANAGER_FACTORY_BASE_TYPE, EncryptionManagerFactory, requireCryptoSupport, SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE, SecureChannelManagerFactory, ENVELOPE_SIGNER_FACTORY_BASE_TYPE, EnvelopeSignerFactory, SigningConfigClass, validateSigningKey, JWKValidationError, secureDigest, ENVELOPE_VERIFIER_FACTORY_BASE_TYPE, EnvelopeVerifierFactory, TaskSpawner, getKeyStore, DefaultKeyManager, validateJwkComplete, currentTraceId, DeliveryOriginType, KEY_MANAGER_FACTORY_BASE_TYPE, KeyManagerFactory, KeyStoreFactory, BaseNodeEventListener, LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE, LoadBalancerStickinessManagerFactory, REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE, ReplicaStickinessManagerFactory, color, formatTimestamp, AnsiColor, jsonDumps, validateHostLogicals, HTTP_CONNECTION_GRANT_TYPE, WELCOME_SERVICE_FACTORY_BASE_TYPE, WelcomeServiceFactory, NodePlacementStrategyFactory, TransportProvisionerFactory, TokenIssuerFactory, AuthorizerFactory, AuthInjectionStrategyFactory } from '@naylence/runtime';
|
|
10
9
|
import { chacha20poly1305 } from '@noble/ciphers/chacha.js';
|
|
11
10
|
import { x25519 } from '@noble/curves/ed25519.js';
|
|
12
11
|
import { hkdf } from '@noble/hashes/hkdf.js';
|
|
13
12
|
import { utf8ToBytes, randomBytes as randomBytes$1 } from '@noble/hashes/utils.js';
|
|
14
|
-
import { decodeBase64Url, canonicalJson, frameDigest, immutableHeaders } from '@naylence/runtime/naylence/fame/security/signing/eddsa-signer-verifier.js';
|
|
15
|
-
import { encodeUtf8 } from '@naylence/runtime/naylence/fame/security/signing/eddsa-utils.js';
|
|
16
13
|
import { ExtensionManager, AbstractResourceFactory, createResource, createDefaultResource, Registry } from '@naylence/factory';
|
|
17
14
|
import { SignJWT, importPKCS8, compactVerify, importJWK, importSPKI } from 'jose';
|
|
18
15
|
import { sha256 as sha256$1 } from '@noble/hashes/sha256.js';
|
|
19
16
|
|
|
20
17
|
// This file is auto-generated during build - do not edit manually
|
|
21
|
-
// Generated from package.json version: 0.3.7-test.
|
|
18
|
+
// Generated from package.json version: 0.3.7-test.125
|
|
22
19
|
/**
|
|
23
20
|
* The package version, injected at build time.
|
|
24
21
|
* @internal
|
|
25
22
|
*/
|
|
26
|
-
const VERSION = '0.3.7-test.
|
|
23
|
+
const VERSION = '0.3.7-test.125';
|
|
27
24
|
|
|
28
25
|
const logger$h = getLogger("naylence.fame.security.cert.util");
|
|
29
26
|
const CACHE_LIMIT = 512;
|
|
@@ -1263,7 +1260,7 @@ class CAServiceClient {
|
|
|
1263
1260
|
}
|
|
1264
1261
|
}
|
|
1265
1262
|
|
|
1266
|
-
const logger$f = getLogger
|
|
1263
|
+
const logger$f = getLogger("naylence.fame.security.encryption.sealed.x25519_encryption_manager");
|
|
1267
1264
|
class X25519EncryptionManager {
|
|
1268
1265
|
constructor({ keyProvider, nodeLike = null, cryptoProvider = null, }) {
|
|
1269
1266
|
this.pendingEnvelopes = new Map();
|
|
@@ -1892,7 +1889,7 @@ var index$1 = /*#__PURE__*/Object.freeze({
|
|
|
1892
1889
|
X25519EncryptionManagerFactory: X25519EncryptionManagerFactory
|
|
1893
1890
|
});
|
|
1894
1891
|
|
|
1895
|
-
const logger$e = getLogger
|
|
1892
|
+
const logger$e = getLogger("naylence.fame.security.encryption.channel.channel_encryption_manager");
|
|
1896
1893
|
const SUPPORTED_CHANNEL_ALGORITHMS = ["chacha20-poly1305-channel"];
|
|
1897
1894
|
const CHANNEL_ENCRYPTION_ALGORITHM = "chacha20-poly1305-channel";
|
|
1898
1895
|
const HANDSHAKE_ALGORITHM = "CHACHA20P1305";
|
|
@@ -2628,7 +2625,7 @@ class ChannelEncryptionManager {
|
|
|
2628
2625
|
}
|
|
2629
2626
|
}
|
|
2630
2627
|
|
|
2631
|
-
const logger$d = getLogger
|
|
2628
|
+
const logger$d = getLogger("naylence.fame.security.encryption.channel.channel_encryption_manager_factory");
|
|
2632
2629
|
const DEFAULT_SUPPORTED_ALGORITHMS = ["chacha20-poly1305-channel"];
|
|
2633
2630
|
const FACTORY_META$d = {
|
|
2634
2631
|
base: ENCRYPTION_MANAGER_FACTORY_BASE_TYPE,
|
|
@@ -2722,7 +2719,7 @@ var index = /*#__PURE__*/Object.freeze({
|
|
|
2722
2719
|
ChannelEncryptionManagerFactory: ChannelEncryptionManagerFactory
|
|
2723
2720
|
});
|
|
2724
2721
|
|
|
2725
|
-
const logger$c = getLogger
|
|
2722
|
+
const logger$c = getLogger("naylence.fame.security.encryption.default_secure_channel_manager");
|
|
2726
2723
|
const DEFAULT_ALGORITHM = "CHACHA20P1305";
|
|
2727
2724
|
const CHANNEL_KEY_LENGTH = 32;
|
|
2728
2725
|
const NONCE_PREFIX_LENGTH = 4;
|
|
@@ -3052,7 +3049,7 @@ var defaultSecureChannelManagerFactory = /*#__PURE__*/Object.freeze({
|
|
|
3052
3049
|
default: DefaultSecureChannelManagerFactory
|
|
3053
3050
|
});
|
|
3054
3051
|
|
|
3055
|
-
const logger$b = getLogger
|
|
3052
|
+
const logger$b = getLogger("naylence.fame.security.encryption.encryption_manager_registry");
|
|
3056
3053
|
class EncryptionManagerFactoryRegistry {
|
|
3057
3054
|
constructor(autoDiscover = true) {
|
|
3058
3055
|
this.factories = [];
|
|
@@ -3216,7 +3213,7 @@ function registerEncryptionManagerFactory(factory) {
|
|
|
3216
3213
|
globalRegistry.registerFactory(factory);
|
|
3217
3214
|
}
|
|
3218
3215
|
|
|
3219
|
-
const logger$a = getLogger
|
|
3216
|
+
const logger$a = getLogger("naylence.fame.security.encryption.composite_encryption_manager");
|
|
3220
3217
|
const DEFAULT_SEALED_ALGORITHMS = [
|
|
3221
3218
|
"X25519",
|
|
3222
3219
|
"ECDH-ES+A256GCM",
|
|
@@ -3535,7 +3532,7 @@ class CompositeEncryptionManager {
|
|
|
3535
3532
|
}
|
|
3536
3533
|
}
|
|
3537
3534
|
|
|
3538
|
-
const logger$9 = getLogger
|
|
3535
|
+
const logger$9 = getLogger("naylence.fame.security.encryption.composite_encryption_manager_factory");
|
|
3539
3536
|
const DEFAULT_PRIORITY = 1000;
|
|
3540
3537
|
const DEFAULT_ENCRYPTION_TYPE = "composite";
|
|
3541
3538
|
const FACTORY_META$b = {
|
|
@@ -3660,7 +3657,7 @@ const FACTORY_META$a = {
|
|
|
3660
3657
|
let eddsaEnvelopeSignerModulePromise = null;
|
|
3661
3658
|
async function getEdDSAEnvelopeSignerModule() {
|
|
3662
3659
|
if (!eddsaEnvelopeSignerModulePromise) {
|
|
3663
|
-
eddsaEnvelopeSignerModulePromise = import('@naylence/runtime
|
|
3660
|
+
eddsaEnvelopeSignerModulePromise = import('@naylence/runtime');
|
|
3664
3661
|
}
|
|
3665
3662
|
return eddsaEnvelopeSignerModulePromise;
|
|
3666
3663
|
}
|
|
@@ -3946,7 +3943,7 @@ var eddsaEnvelopeVerifierFactory = /*#__PURE__*/Object.freeze({
|
|
|
3946
3943
|
default: AdvancedEdDSAEnvelopeVerifierFactory
|
|
3947
3944
|
});
|
|
3948
3945
|
|
|
3949
|
-
const logger$8 = getLogger
|
|
3946
|
+
const logger$8 = getLogger("naylence.fame.security.keys.x5c_key_manager");
|
|
3950
3947
|
let x509ModulePromise$1 = null;
|
|
3951
3948
|
async function loadX509Module$1() {
|
|
3952
3949
|
if (!x509ModulePromise$1) {
|
|
@@ -4557,7 +4554,7 @@ function utf8Decode(data) {
|
|
|
4557
4554
|
return decodeURIComponent(escape(str));
|
|
4558
4555
|
}
|
|
4559
4556
|
|
|
4560
|
-
const logger$7 = getLogger
|
|
4557
|
+
const logger$7 = getLogger("naylence.fame.stickiness.aft_signer");
|
|
4561
4558
|
class AbstractAFTSigner {
|
|
4562
4559
|
constructor(kid, maxTtlSec = 7200) {
|
|
4563
4560
|
this.kid = kid;
|
|
@@ -4699,7 +4696,7 @@ function createAftSigner(options) {
|
|
|
4699
4696
|
}
|
|
4700
4697
|
}
|
|
4701
4698
|
|
|
4702
|
-
const logger$6 = getLogger
|
|
4699
|
+
const logger$6 = getLogger("naylence.fame.stickiness.aft_helper");
|
|
4703
4700
|
class AFTHelper {
|
|
4704
4701
|
constructor(options) {
|
|
4705
4702
|
this.signer = options.signer;
|
|
@@ -4768,7 +4765,7 @@ function createAftHelper(options) {
|
|
|
4768
4765
|
}
|
|
4769
4766
|
const DEFAULT_STICKINESS_SECURITY_LEVEL = StickinessMode.SIGNED_OPTIONAL;
|
|
4770
4767
|
|
|
4771
|
-
const logger$5 = getLogger
|
|
4768
|
+
const logger$5 = getLogger("naylence.fame.stickiness.aft_verifier");
|
|
4772
4769
|
function decodeToken(token) {
|
|
4773
4770
|
const parts = token.split(".");
|
|
4774
4771
|
if (parts.length !== 3) {
|
|
@@ -5054,7 +5051,7 @@ function createAftVerifier(options) {
|
|
|
5054
5051
|
}
|
|
5055
5052
|
}
|
|
5056
5053
|
|
|
5057
|
-
const logger$4 = getLogger
|
|
5054
|
+
const logger$4 = getLogger("naylence.fame.stickiness.aft_load_balancer_stickiness_manager");
|
|
5058
5055
|
class AFTAssociation {
|
|
5059
5056
|
constructor(params) {
|
|
5060
5057
|
this.replicaId = params.replicaId;
|
|
@@ -5564,7 +5561,7 @@ var aftLoadBalancerStickinessManagerFactory = /*#__PURE__*/Object.freeze({
|
|
|
5564
5561
|
default: AFTLoadBalancerStickinessManagerFactory
|
|
5565
5562
|
});
|
|
5566
5563
|
|
|
5567
|
-
const logger$3 = getLogger
|
|
5564
|
+
const logger$3 = getLogger("naylence.fame.stickiness.aft_replica_stickiness_manager");
|
|
5568
5565
|
function isStickinessRequired(context) {
|
|
5569
5566
|
if (typeof context.stickinessRequired === "boolean") {
|
|
5570
5567
|
return context.stickinessRequired;
|
|
@@ -5814,7 +5811,7 @@ var aftReplicaStickinessManagerFactory = /*#__PURE__*/Object.freeze({
|
|
|
5814
5811
|
default: AFTReplicaStickinessManagerFactory
|
|
5815
5812
|
});
|
|
5816
5813
|
|
|
5817
|
-
const logger$2 = getLogger
|
|
5814
|
+
const logger$2 = getLogger("naylence.fame.welcome.advanced_welcome_service");
|
|
5818
5815
|
const ENV_VAR_SHOW_ENVELOPES = "FAME_SHOW_ENVELOPES";
|
|
5819
5816
|
const DEFAULT_TTL_SEC = 3600;
|
|
5820
5817
|
const showEnvelopes = typeof process !== "undefined" &&
|
|
@@ -6664,7 +6661,7 @@ function encodeBitString(signature) {
|
|
|
6664
6661
|
return result.buffer;
|
|
6665
6662
|
}
|
|
6666
6663
|
|
|
6667
|
-
const logger$1 = getLogger
|
|
6664
|
+
const logger$1 = getLogger("naylence.fame.security.cert.default_certificate_manager");
|
|
6668
6665
|
const CONNECTION_GRANTS_CAMEL = "connectionGrants";
|
|
6669
6666
|
const CONNECTION_GRANTS_SNAKE = "connection_grants";
|
|
6670
6667
|
class DefaultCertificateManager {
|
|
@@ -7498,18 +7495,18 @@ function normalizeSecuritySettings(config, explicit) {
|
|
|
7498
7495
|
return null;
|
|
7499
7496
|
}
|
|
7500
7497
|
function normalizeSigning(config, explicit) {
|
|
7501
|
-
if (explicit instanceof SigningConfigClass
|
|
7498
|
+
if (explicit instanceof SigningConfigClass) {
|
|
7502
7499
|
return explicit;
|
|
7503
7500
|
}
|
|
7504
7501
|
if (explicit && typeof explicit === "object") {
|
|
7505
|
-
return new SigningConfigClass
|
|
7502
|
+
return new SigningConfigClass(explicit);
|
|
7506
7503
|
}
|
|
7507
7504
|
const candidate = config.signing ?? null;
|
|
7508
|
-
if (candidate instanceof SigningConfigClass
|
|
7505
|
+
if (candidate instanceof SigningConfigClass) {
|
|
7509
7506
|
return candidate;
|
|
7510
7507
|
}
|
|
7511
7508
|
if (candidate && typeof candidate === "object") {
|
|
7512
|
-
return new SigningConfigClass
|
|
7509
|
+
return new SigningConfigClass(candidate);
|
|
7513
7510
|
}
|
|
7514
7511
|
return null;
|
|
7515
7512
|
}
|
|
@@ -7665,7 +7662,7 @@ function bytesToUtf8$1(data) {
|
|
|
7665
7662
|
|
|
7666
7663
|
const DEFAULT_REFRESH_INTERVAL_MS = 86400000; // 24 hours
|
|
7667
7664
|
const MIN_REFRESH_INTERVAL_MS = 60000; // 1 minute
|
|
7668
|
-
const logger = getLogger
|
|
7665
|
+
const logger = getLogger("naylence.fame.security.cert.trust_store.http_bundle_provider");
|
|
7669
7666
|
function isTruthyFlag(value) {
|
|
7670
7667
|
if (typeof value === "boolean") {
|
|
7671
7668
|
return value;
|
|
@@ -9166,7 +9163,7 @@ class CASigningService extends CAService {
|
|
|
9166
9163
|
const publicKeyPem = derToPem(publicKeyDer, "PUBLIC KEY");
|
|
9167
9164
|
// Determine node SID and physical path (mirrors Python logic)
|
|
9168
9165
|
const physicalPath = csr.physicalPath || `/unknown/${csr.requesterId}`;
|
|
9169
|
-
const nodeSid = secureDigest
|
|
9166
|
+
const nodeSid = secureDigest(physicalPath);
|
|
9170
9167
|
const logicals = csr.logicals || [];
|
|
9171
9168
|
// Issue the certificate (short-lived: 1 day)
|
|
9172
9169
|
const certificatePem = await this.signNodeCert(publicKeyPem, csr.requesterId, // Use requesterId as node_id
|
|
@@ -9198,7 +9195,7 @@ class CASigningService extends CAService {
|
|
|
9198
9195
|
await this.ensureSigningMaterials();
|
|
9199
9196
|
const signingCert = this.getSigningCertificate();
|
|
9200
9197
|
const signingKey = this.getSigningKey();
|
|
9201
|
-
const expectedSid = secureDigest
|
|
9198
|
+
const expectedSid = secureDigest(physicalPath);
|
|
9202
9199
|
if (expectedSid !== nodeSid) {
|
|
9203
9200
|
throw new Error("Provided SID does not match the computed SID for the physical path");
|
|
9204
9201
|
}
|
|
@@ -1,7 +1,5 @@
|
|
|
1
1
|
import type { SecuritySettings } from "@naylence/core";
|
|
2
|
-
import { CertificateManagerFactory, type CertificateManagerConfig } from "@naylence/runtime
|
|
3
|
-
import type { SigningConfig } from "@naylence/runtime";
|
|
4
|
-
import type { CertificateManager } from "@naylence/runtime";
|
|
2
|
+
import { CertificateManagerFactory, type CertificateManagerConfig, type SigningConfig, type CertificateManager } from "@naylence/runtime";
|
|
5
3
|
export interface DefaultCertificateManagerConfig extends CertificateManagerConfig {
|
|
6
4
|
type: "DefaultCertificateManager";
|
|
7
5
|
caServiceUrl?: string | null;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"default-certificate-manager-factory.d.ts","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/default-certificate-manager-factory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"default-certificate-manager-factory.d.ts","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/cert/default-certificate-manager-factory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAEL,yBAAyB,EAEzB,KAAK,wBAAwB,EAC7B,KAAK,aAAa,EAClB,KAAK,kBAAkB,EACxB,MAAM,mBAAmB,CAAC;AAQ3B,MAAM,WAAW,+BACf,SAAQ,wBAAwB;IAChC,IAAI,EAAE,2BAA2B,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,gBAAgB,CAAC,EAAE,gBAAgB,GAAG,IAAI,CAAC;IAC3C,iBAAiB,CAAC,EAAE,gBAAgB,GAAG,IAAI,CAAC;IAC5C,cAAc,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;IAChC,eAAe,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;CAClC;AAED,eAAO,MAAM,YAAY;;;CAGf,CAAC;AA6EX,qBAAa,gCAAiC,SAAQ,yBAAyB,CAAC,+BAA+B,CAAC;IAC9G,SAAgB,IAAI,+BAA+B;IACnD,SAAgB,SAAS,QAAQ;IACjC,SAAgB,QAAQ,OAAO;IAElB,MAAM,CACjB,MAAM,CAAC,EAAE,+BAA+B,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,EACzE,gBAAgB,CAAC,EAAE,gBAAgB,GAAG,IAAI,EAC1C,OAAO,CAAC,EAAE,aAAa,GAAG,IAAI,EAC9B,GAAG,YAAY,EAAE,OAAO,EAAE,GACzB,OAAO,CAAC,kBAAkB,CAAC;CAe/B;AAED,eAAe,gCAAgC,CAAC"}
|
|
@@ -1,6 +1,5 @@
|
|
|
1
|
-
import type { EnvelopeSigner } from "@naylence/runtime";
|
|
1
|
+
import type { EnvelopeSigner, EdDSAEnvelopeSignerOptions } from "@naylence/runtime";
|
|
2
2
|
import { EnvelopeSignerFactory, type EnvelopeSignerConfig } from "@naylence/runtime";
|
|
3
|
-
import type { EdDSAEnvelopeSignerOptions } from "@naylence/runtime/naylence/fame/security/signing/eddsa-envelope-signer.js";
|
|
4
3
|
export interface EdDSAEnvelopeSignerConfig extends EnvelopeSignerConfig {
|
|
5
4
|
readonly type: "EdDSAEnvelopeSigner";
|
|
6
5
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"eddsa-envelope-signer-factory.d.ts","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/signing/eddsa-envelope-signer-factory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"eddsa-envelope-signer-factory.d.ts","sourceRoot":"","sources":["../../../../../../src/naylence/fame/security/signing/eddsa-envelope-signer-factory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AACpF,OAAO,EAEL,qBAAqB,EACrB,KAAK,oBAAoB,EAC1B,MAAM,mBAAmB,CAAC;AAE3B,MAAM,WAAW,yBAA0B,SAAQ,oBAAoB;IACrE,QAAQ,CAAC,IAAI,EAAE,qBAAqB,CAAC;CACtC;AAED,eAAO,MAAM,YAAY;;;;;CAKf,CAAC;AAeX,qBAAa,kCAAmC,SAAQ,qBAAqB,CAAC,yBAAyB,CAAC;IACtG,SAAgB,IAAI,yBAAyB;IAC7C,SAAgB,SAAS,QAAQ;IACjC,SAAgB,QAAQ,OAAO;IAElB,MAAM,CACjB,OAAO,CAAC,EAAE,yBAAyB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,EACpE,OAAO,CAAC,EAAE,0BAA0B,GAAG,IAAI,GAC1C,OAAO,CAAC,cAAc,CAAC;CAY3B;AAED,eAAe,kCAAkC,CAAC"}
|