@naylence/runtime 0.3.5-test.923 → 0.3.5-test.924
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/browser/index.cjs +212 -136
- package/dist/browser/index.mjs +204 -131
- package/dist/cjs/naylence/fame/factory-manifest.js +2 -0
- package/dist/cjs/naylence/fame/security/default-security-manager-factory.js +12 -4
- package/dist/cjs/naylence/fame/security/index.js +6 -1
- package/dist/cjs/naylence/fame/security/trust-store/noop-trust-store-provider-factory.js +23 -0
- package/dist/cjs/naylence/fame/security/trust-store/trust-store-provider-factory.js +44 -0
- package/dist/cjs/naylence/fame/security/trust-store/trust-store-provider.js +2 -0
- package/dist/cjs/version.js +2 -2
- package/dist/esm/naylence/fame/factory-manifest.js +2 -0
- package/dist/esm/naylence/fame/security/default-security-manager-factory.js +12 -4
- package/dist/esm/naylence/fame/security/index.js +2 -0
- package/dist/esm/naylence/fame/security/trust-store/noop-trust-store-provider-factory.js +19 -0
- package/dist/esm/naylence/fame/security/trust-store/trust-store-provider-factory.js +39 -0
- package/dist/esm/naylence/fame/security/trust-store/trust-store-provider.js +1 -0
- package/dist/esm/version.js +2 -2
- package/dist/node/index.cjs +208 -132
- package/dist/node/index.mjs +204 -131
- package/dist/node/node.cjs +208 -132
- package/dist/node/node.mjs +204 -131
- package/dist/types/naylence/fame/factory-manifest.d.ts +1 -1
- package/dist/types/naylence/fame/security/default-security-manager-factory.d.ts +3 -0
- package/dist/types/naylence/fame/security/index.d.ts +3 -0
- package/dist/types/naylence/fame/security/security-manager-factory.d.ts +2 -0
- package/dist/types/naylence/fame/security/trust-store/noop-trust-store-provider-factory.d.ts +18 -0
- package/dist/types/naylence/fame/security/trust-store/trust-store-provider-factory.d.ts +27 -0
- package/dist/types/naylence/fame/security/trust-store/trust-store-provider.d.ts +42 -0
- package/dist/types/version.d.ts +1 -1
- package/package.json +1 -1
|
@@ -96,6 +96,7 @@ exports.MODULES = [
|
|
|
96
96
|
"./security/policy/no-security-policy-factory.js",
|
|
97
97
|
"./security/signing/eddsa-envelope-signer-factory.js",
|
|
98
98
|
"./security/signing/eddsa-envelope-verifier-factory.js",
|
|
99
|
+
"./security/trust-store/noop-trust-store-provider-factory.js",
|
|
99
100
|
"./sentinel/capability-aware-routing-policy-factory.js",
|
|
100
101
|
"./sentinel/composite-routing-policy-factory.js",
|
|
101
102
|
"./sentinel/hybrid-path-routing-policy-factory.js",
|
|
@@ -170,6 +171,7 @@ exports.MODULE_LOADERS = {
|
|
|
170
171
|
"./security/policy/no-security-policy-factory.js": () => Promise.resolve().then(() => __importStar(require("./security/policy/no-security-policy-factory.js"))),
|
|
171
172
|
"./security/signing/eddsa-envelope-signer-factory.js": () => Promise.resolve().then(() => __importStar(require("./security/signing/eddsa-envelope-signer-factory.js"))),
|
|
172
173
|
"./security/signing/eddsa-envelope-verifier-factory.js": () => Promise.resolve().then(() => __importStar(require("./security/signing/eddsa-envelope-verifier-factory.js"))),
|
|
174
|
+
"./security/trust-store/noop-trust-store-provider-factory.js": () => Promise.resolve().then(() => __importStar(require("./security/trust-store/noop-trust-store-provider-factory.js"))),
|
|
173
175
|
"./sentinel/capability-aware-routing-policy-factory.js": () => Promise.resolve().then(() => __importStar(require("./sentinel/capability-aware-routing-policy-factory.js"))),
|
|
174
176
|
"./sentinel/composite-routing-policy-factory.js": () => Promise.resolve().then(() => __importStar(require("./sentinel/composite-routing-policy-factory.js"))),
|
|
175
177
|
"./sentinel/hybrid-path-routing-policy-factory.js": () => Promise.resolve().then(() => __importStar(require("./sentinel/hybrid-path-routing-policy-factory.js"))),
|
|
@@ -15,6 +15,7 @@ const envelope_verifier_js_1 = require("./signing/envelope-verifier.js");
|
|
|
15
15
|
const default_security_manager_js_1 = require("./default-security-manager.js");
|
|
16
16
|
const security_manager_factory_js_1 = require("./security-manager-factory.js");
|
|
17
17
|
const logging_js_1 = require("../util/logging.js");
|
|
18
|
+
const trust_store_provider_factory_js_1 = require("./trust-store/trust-store-provider-factory.js");
|
|
18
19
|
const logger = (0, logging_js_1.getLogger)('naylence.fame.security.default_security_manager_factory');
|
|
19
20
|
function normalizeDefaultSecurityManagerConfig(config) {
|
|
20
21
|
if (!config) {
|
|
@@ -47,6 +48,7 @@ function normalizeDefaultSecurityManagerConfig(config) {
|
|
|
47
48
|
ensureAlias('keyValidator', 'key_validator');
|
|
48
49
|
ensureAlias('eventListeners', 'event_listeners');
|
|
49
50
|
ensureAlias('cryptoProvider', 'crypto_provider');
|
|
51
|
+
ensureAlias('trustStoreProvider', 'trust_store_provider');
|
|
50
52
|
return normalized;
|
|
51
53
|
}
|
|
52
54
|
exports.FACTORY_META = {
|
|
@@ -95,6 +97,7 @@ class DefaultSecurityManagerFactory extends security_manager_factory_js_1.Securi
|
|
|
95
97
|
const certificateManager = DefaultSecurityManagerFactory.extractInstance(config, 'certificateManager', 'certificate_manager');
|
|
96
98
|
const secureChannelManager = DefaultSecurityManagerFactory.extractInstance(config, 'secureChannelManager', 'secure_channel_manager');
|
|
97
99
|
const cryptoProvider = DefaultSecurityManagerFactory.extractInstance(config, 'cryptoProvider', 'crypto_provider');
|
|
100
|
+
const trustStoreProvider = DefaultSecurityManagerFactory.extractInstance(config, 'trustStoreProvider', 'trust_store_provider');
|
|
98
101
|
const listenersSource = overrides?.eventListeners ??
|
|
99
102
|
config.eventListeners ??
|
|
100
103
|
config.event_listeners;
|
|
@@ -114,10 +117,11 @@ class DefaultSecurityManagerFactory extends security_manager_factory_js_1.Securi
|
|
|
114
117
|
secureChannelManager,
|
|
115
118
|
eventListeners,
|
|
116
119
|
cryptoProvider: cryptoProvider ?? null,
|
|
120
|
+
trustStoreProvider: trustStoreProvider ?? null,
|
|
117
121
|
};
|
|
118
122
|
}
|
|
119
123
|
static async buildSecurityManager(options) {
|
|
120
|
-
let { config, createOptions, policy, envelopeSigner, envelopeVerifier, encryptionManager, keyStore, keyManager, keyValidator, authorizer, certificateManager, secureChannelManager, eventListeners, cryptoProvider, } = options;
|
|
124
|
+
let { config, createOptions, policy, envelopeSigner, envelopeVerifier, encryptionManager, keyStore, keyManager, keyValidator, authorizer, certificateManager, secureChannelManager, eventListeners, cryptoProvider, trustStoreProvider, } = options;
|
|
121
125
|
if (!keyStore) {
|
|
122
126
|
keyStore = await DefaultSecurityManagerFactory.getOrCreateKeyStore(config, createOptions ?? null);
|
|
123
127
|
}
|
|
@@ -130,6 +134,10 @@ class DefaultSecurityManagerFactory extends security_manager_factory_js_1.Securi
|
|
|
130
134
|
if (!policy) {
|
|
131
135
|
throw new Error('DefaultSecurityManagerFactory could not resolve a SecurityPolicy');
|
|
132
136
|
}
|
|
137
|
+
if (!trustStoreProvider) {
|
|
138
|
+
trustStoreProvider =
|
|
139
|
+
await trust_store_provider_factory_js_1.TrustStoreProviderFactory.createTrustStoreProvider();
|
|
140
|
+
}
|
|
133
141
|
if (!keyManager) {
|
|
134
142
|
keyManager =
|
|
135
143
|
await DefaultSecurityManagerFactory.createKeyManagerFromConfig(config, policy, keyStore, createOptions ?? null);
|
|
@@ -140,7 +148,7 @@ class DefaultSecurityManagerFactory extends security_manager_factory_js_1.Securi
|
|
|
140
148
|
}
|
|
141
149
|
if (!envelopeVerifier) {
|
|
142
150
|
envelopeVerifier =
|
|
143
|
-
await DefaultSecurityManagerFactory.createEnvelopeVerifierFromConfig(config, policy, keyManager);
|
|
151
|
+
await DefaultSecurityManagerFactory.createEnvelopeVerifierFromConfig(config, policy, keyManager, trustStoreProvider);
|
|
144
152
|
}
|
|
145
153
|
if (!encryptionManager || !secureChannelManager) {
|
|
146
154
|
const encryptionResult = await DefaultSecurityManagerFactory.createEncryptionManagerFromConfig(config, policy, keyManager, secureChannelManager, cryptoProvider ?? null);
|
|
@@ -240,7 +248,7 @@ class DefaultSecurityManagerFactory extends security_manager_factory_js_1.Securi
|
|
|
240
248
|
throw error instanceof Error ? error : new Error(String(error));
|
|
241
249
|
}
|
|
242
250
|
}
|
|
243
|
-
static async createEnvelopeVerifierFromConfig(config, policy, keyManager) {
|
|
251
|
+
static async createEnvelopeVerifierFromConfig(config, policy, keyManager, trustStoreProvider) {
|
|
244
252
|
const verifierConfig = config.envelope_verifier ?? config.envelopeVerifier ?? null;
|
|
245
253
|
if (verifierConfig &&
|
|
246
254
|
DefaultSecurityManagerFactory.isConfigLike(verifierConfig)) {
|
|
@@ -264,7 +272,7 @@ class DefaultSecurityManagerFactory extends security_manager_factory_js_1.Securi
|
|
|
264
272
|
}
|
|
265
273
|
const signing = policy.signing ?? null;
|
|
266
274
|
return await envelope_verifier_js_1.EnvelopeVerifierFactory.createEnvelopeVerifier(null, {
|
|
267
|
-
factoryArgs: [keyManager, signing ?? null],
|
|
275
|
+
factoryArgs: [keyManager, signing ?? null, { trustStoreProvider }],
|
|
268
276
|
});
|
|
269
277
|
}
|
|
270
278
|
catch (error) {
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.PROFILE_NAME_OPEN = exports.PROFILE_NAME_GATED_CALLBACK = exports.PROFILE_NAME_GATED = exports.PROFILE_NAME_OVERLAY_CALLBACK = exports.PROFILE_NAME_OVERLAY = exports.PROFILE_NAME_STRICT_OVERLAY = exports.ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = exports.ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER = exports.ENV_VAR_HMAC_SECRET = exports.ENV_VAR_DEFAULT_ENCRYPTION_LEVEL = exports.ENV_VAR_JWKS_URL = exports.ENV_VAR_JWT_AUDIENCE = exports.ENV_VAR_JWT_ALGORITHM = exports.ENV_VAR_JWT_TRUSTED_ISSUER = exports.CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE = exports.EdDSAEnvelopeSigner = exports.encodeUtf8 = exports.immutableHeaders = exports.frameDigest = exports.decodeBase64Url = exports.canonicalJson = exports.SigningConfigClass = exports.SECURITY_MANAGER_FACTORY_BASE_TYPE = exports.SECURITY_POLICY_FACTORY_BASE_TYPE = exports.KEY_STORE_FACTORY_BASE_TYPE = exports.ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE = exports.KEY_MANAGER_FACTORY_BASE_TYPE = exports.SecureChannelManagerFactory = exports.SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE = exports.ENCRYPTION_MANAGER_FACTORY_BASE_TYPE = exports.CertificateManagerFactory = exports.CERTIFICATE_MANAGER_FACTORY_BASE_TYPE = exports.TokenProviderFactory = exports.TOKEN_PROVIDER_FACTORY_BASE_TYPE = exports.TokenVerifierFactory = exports.TOKEN_VERIFIER_FACTORY_BASE_TYPE = exports.TokenIssuerFactory = exports.TOKEN_ISSUER_FACTORY_BASE_TYPE = exports.AuthInjectionStrategyFactory = exports.AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE = exports.AuthorizerFactory = exports.AUTHORIZER_FACTORY_BASE_TYPE = void 0;
|
|
3
|
+
exports.PROFILE_NAME_OPEN = exports.PROFILE_NAME_GATED_CALLBACK = exports.PROFILE_NAME_GATED = exports.PROFILE_NAME_OVERLAY_CALLBACK = exports.PROFILE_NAME_OVERLAY = exports.PROFILE_NAME_STRICT_OVERLAY = exports.ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = exports.ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER = exports.ENV_VAR_HMAC_SECRET = exports.ENV_VAR_DEFAULT_ENCRYPTION_LEVEL = exports.ENV_VAR_JWKS_URL = exports.ENV_VAR_JWT_AUDIENCE = exports.ENV_VAR_JWT_ALGORITHM = exports.ENV_VAR_JWT_TRUSTED_ISSUER = exports.CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE = exports.EdDSAEnvelopeSigner = exports.encodeUtf8 = exports.immutableHeaders = exports.frameDigest = exports.decodeBase64Url = exports.canonicalJson = exports.SigningConfigClass = exports.SECURITY_MANAGER_FACTORY_BASE_TYPE = exports.SECURITY_POLICY_FACTORY_BASE_TYPE = exports.KEY_STORE_FACTORY_BASE_TYPE = exports.ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE = exports.KEY_MANAGER_FACTORY_BASE_TYPE = exports.SecureChannelManagerFactory = exports.SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE = exports.ENCRYPTION_MANAGER_FACTORY_BASE_TYPE = exports.NoopTrustStoreProvider = exports.TrustStoreProviderFactory = exports.TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE = exports.CertificateManagerFactory = exports.CERTIFICATE_MANAGER_FACTORY_BASE_TYPE = exports.TokenProviderFactory = exports.TOKEN_PROVIDER_FACTORY_BASE_TYPE = exports.TokenVerifierFactory = exports.TOKEN_VERIFIER_FACTORY_BASE_TYPE = exports.TokenIssuerFactory = exports.TOKEN_ISSUER_FACTORY_BASE_TYPE = exports.AuthInjectionStrategyFactory = exports.AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE = exports.AuthorizerFactory = exports.AUTHORIZER_FACTORY_BASE_TYPE = void 0;
|
|
4
4
|
const tslib_1 = require("tslib");
|
|
5
5
|
tslib_1.__exportStar(require("./auth/authorizer.js"), exports);
|
|
6
6
|
var authorizer_factory_js_1 = require("./auth/authorizer-factory.js");
|
|
@@ -28,6 +28,11 @@ tslib_1.__exportStar(require("./cert/certificate-manager.js"), exports);
|
|
|
28
28
|
var certificate_manager_factory_js_1 = require("./cert/certificate-manager-factory.js");
|
|
29
29
|
Object.defineProperty(exports, "CERTIFICATE_MANAGER_FACTORY_BASE_TYPE", { enumerable: true, get: function () { return certificate_manager_factory_js_1.CERTIFICATE_MANAGER_FACTORY_BASE_TYPE; } });
|
|
30
30
|
Object.defineProperty(exports, "CertificateManagerFactory", { enumerable: true, get: function () { return certificate_manager_factory_js_1.CertificateManagerFactory; } });
|
|
31
|
+
tslib_1.__exportStar(require("./trust-store/trust-store-provider.js"), exports);
|
|
32
|
+
var trust_store_provider_factory_js_1 = require("./trust-store/trust-store-provider-factory.js");
|
|
33
|
+
Object.defineProperty(exports, "TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE", { enumerable: true, get: function () { return trust_store_provider_factory_js_1.TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE; } });
|
|
34
|
+
Object.defineProperty(exports, "TrustStoreProviderFactory", { enumerable: true, get: function () { return trust_store_provider_factory_js_1.TrustStoreProviderFactory; } });
|
|
35
|
+
Object.defineProperty(exports, "NoopTrustStoreProvider", { enumerable: true, get: function () { return trust_store_provider_factory_js_1.NoopTrustStoreProvider; } });
|
|
31
36
|
tslib_1.__exportStar(require("./encryption/encryption-manager.js"), exports);
|
|
32
37
|
var encryption_manager_factory_js_1 = require("./encryption/encryption-manager-factory.js");
|
|
33
38
|
Object.defineProperty(exports, "ENCRYPTION_MANAGER_FACTORY_BASE_TYPE", { enumerable: true, get: function () { return encryption_manager_factory_js_1.ENCRYPTION_MANAGER_FACTORY_BASE_TYPE; } });
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.NoopTrustStoreProviderFactory = exports.FACTORY_META = void 0;
|
|
4
|
+
const trust_store_provider_factory_js_1 = require("./trust-store-provider-factory.js");
|
|
5
|
+
exports.FACTORY_META = {
|
|
6
|
+
base: trust_store_provider_factory_js_1.TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE,
|
|
7
|
+
key: "NoopTrustStoreProvider",
|
|
8
|
+
isDefault: true,
|
|
9
|
+
priority: 10,
|
|
10
|
+
};
|
|
11
|
+
class NoopTrustStoreProviderFactory extends trust_store_provider_factory_js_1.TrustStoreProviderFactory {
|
|
12
|
+
constructor() {
|
|
13
|
+
super(...arguments);
|
|
14
|
+
this.type = "NoopTrustStoreProvider";
|
|
15
|
+
this.isDefault = true;
|
|
16
|
+
this.priority = 10;
|
|
17
|
+
}
|
|
18
|
+
async create(_config, ..._factoryArgs) {
|
|
19
|
+
return new trust_store_provider_factory_js_1.NoopTrustStoreProvider();
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
exports.NoopTrustStoreProviderFactory = NoopTrustStoreProviderFactory;
|
|
23
|
+
exports.default = NoopTrustStoreProviderFactory;
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.NoopTrustStoreProvider = exports.TrustStoreProviderFactory = exports.TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE = void 0;
|
|
4
|
+
const factory_1 = require("@naylence/factory");
|
|
5
|
+
const DEFAULT_UNCONFIGURED_MESSAGE = "Trust store is not configured. Set FAME_CA_CERTS to a PEM value, a file path, a data URI, or an HTTPS bundle URL.";
|
|
6
|
+
exports.TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE = "TrustStoreProviderFactory";
|
|
7
|
+
class TrustStoreProviderFactory extends factory_1.AbstractResourceFactory {
|
|
8
|
+
createUnconfiguredProvider(reason) {
|
|
9
|
+
return new NoopTrustStoreProvider(reason ?? DEFAULT_UNCONFIGURED_MESSAGE);
|
|
10
|
+
}
|
|
11
|
+
static async createTrustStoreProvider(config, options = {}) {
|
|
12
|
+
const { dependencies, factoryArgs, ...restOptions } = options;
|
|
13
|
+
const mergedFactoryArgs = [
|
|
14
|
+
...(dependencies ? [dependencies] : []),
|
|
15
|
+
...(factoryArgs ?? []),
|
|
16
|
+
];
|
|
17
|
+
const creationOptions = {
|
|
18
|
+
...restOptions,
|
|
19
|
+
factoryArgs: mergedFactoryArgs,
|
|
20
|
+
};
|
|
21
|
+
if (config) {
|
|
22
|
+
const instance = await (0, factory_1.createResource)(exports.TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, config, creationOptions);
|
|
23
|
+
return instance ?? new NoopTrustStoreProvider();
|
|
24
|
+
}
|
|
25
|
+
const instance = await (0, factory_1.createDefaultResource)(exports.TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, null, creationOptions);
|
|
26
|
+
return instance ?? new NoopTrustStoreProvider();
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
exports.TrustStoreProviderFactory = TrustStoreProviderFactory;
|
|
30
|
+
class NoopTrustStoreProvider {
|
|
31
|
+
constructor(reason = DEFAULT_UNCONFIGURED_MESSAGE) {
|
|
32
|
+
this.reason = reason;
|
|
33
|
+
}
|
|
34
|
+
async getTrustStorePem() {
|
|
35
|
+
throw new Error(this.reason);
|
|
36
|
+
}
|
|
37
|
+
async getRoots() {
|
|
38
|
+
return [];
|
|
39
|
+
}
|
|
40
|
+
async initialize() {
|
|
41
|
+
// No-op for the placeholder provider.
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
exports.NoopTrustStoreProvider = NoopTrustStoreProvider;
|
package/dist/cjs/version.js
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
// This file is auto-generated during build - do not edit manually
|
|
3
|
-
// Generated from package.json version: 0.3.5-test.
|
|
3
|
+
// Generated from package.json version: 0.3.5-test.924
|
|
4
4
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
5
5
|
exports.VERSION = void 0;
|
|
6
6
|
/**
|
|
7
7
|
* The package version, injected at build time.
|
|
8
8
|
* @internal
|
|
9
9
|
*/
|
|
10
|
-
exports.VERSION = '0.3.5-test.
|
|
10
|
+
exports.VERSION = '0.3.5-test.924';
|
|
@@ -60,6 +60,7 @@ export const MODULES = [
|
|
|
60
60
|
"./security/policy/no-security-policy-factory.js",
|
|
61
61
|
"./security/signing/eddsa-envelope-signer-factory.js",
|
|
62
62
|
"./security/signing/eddsa-envelope-verifier-factory.js",
|
|
63
|
+
"./security/trust-store/noop-trust-store-provider-factory.js",
|
|
63
64
|
"./sentinel/capability-aware-routing-policy-factory.js",
|
|
64
65
|
"./sentinel/composite-routing-policy-factory.js",
|
|
65
66
|
"./sentinel/hybrid-path-routing-policy-factory.js",
|
|
@@ -134,6 +135,7 @@ export const MODULE_LOADERS = {
|
|
|
134
135
|
"./security/policy/no-security-policy-factory.js": () => import("./security/policy/no-security-policy-factory.js"),
|
|
135
136
|
"./security/signing/eddsa-envelope-signer-factory.js": () => import("./security/signing/eddsa-envelope-signer-factory.js"),
|
|
136
137
|
"./security/signing/eddsa-envelope-verifier-factory.js": () => import("./security/signing/eddsa-envelope-verifier-factory.js"),
|
|
138
|
+
"./security/trust-store/noop-trust-store-provider-factory.js": () => import("./security/trust-store/noop-trust-store-provider-factory.js"),
|
|
137
139
|
"./sentinel/capability-aware-routing-policy-factory.js": () => import("./sentinel/capability-aware-routing-policy-factory.js"),
|
|
138
140
|
"./sentinel/composite-routing-policy-factory.js": () => import("./sentinel/composite-routing-policy-factory.js"),
|
|
139
141
|
"./sentinel/hybrid-path-routing-policy-factory.js": () => import("./sentinel/hybrid-path-routing-policy-factory.js"),
|
|
@@ -12,6 +12,7 @@ import { EnvelopeVerifierFactory } from './signing/envelope-verifier.js';
|
|
|
12
12
|
import { DefaultSecurityManager } from './default-security-manager.js';
|
|
13
13
|
import { SecurityManagerFactory, SECURITY_MANAGER_FACTORY_BASE_TYPE, } from './security-manager-factory.js';
|
|
14
14
|
import { getLogger } from '../util/logging.js';
|
|
15
|
+
import { TrustStoreProviderFactory } from './trust-store/trust-store-provider-factory.js';
|
|
15
16
|
const logger = getLogger('naylence.fame.security.default_security_manager_factory');
|
|
16
17
|
function normalizeDefaultSecurityManagerConfig(config) {
|
|
17
18
|
if (!config) {
|
|
@@ -44,6 +45,7 @@ function normalizeDefaultSecurityManagerConfig(config) {
|
|
|
44
45
|
ensureAlias('keyValidator', 'key_validator');
|
|
45
46
|
ensureAlias('eventListeners', 'event_listeners');
|
|
46
47
|
ensureAlias('cryptoProvider', 'crypto_provider');
|
|
48
|
+
ensureAlias('trustStoreProvider', 'trust_store_provider');
|
|
47
49
|
return normalized;
|
|
48
50
|
}
|
|
49
51
|
export const FACTORY_META = {
|
|
@@ -92,6 +94,7 @@ export class DefaultSecurityManagerFactory extends SecurityManagerFactory {
|
|
|
92
94
|
const certificateManager = DefaultSecurityManagerFactory.extractInstance(config, 'certificateManager', 'certificate_manager');
|
|
93
95
|
const secureChannelManager = DefaultSecurityManagerFactory.extractInstance(config, 'secureChannelManager', 'secure_channel_manager');
|
|
94
96
|
const cryptoProvider = DefaultSecurityManagerFactory.extractInstance(config, 'cryptoProvider', 'crypto_provider');
|
|
97
|
+
const trustStoreProvider = DefaultSecurityManagerFactory.extractInstance(config, 'trustStoreProvider', 'trust_store_provider');
|
|
95
98
|
const listenersSource = overrides?.eventListeners ??
|
|
96
99
|
config.eventListeners ??
|
|
97
100
|
config.event_listeners;
|
|
@@ -111,10 +114,11 @@ export class DefaultSecurityManagerFactory extends SecurityManagerFactory {
|
|
|
111
114
|
secureChannelManager,
|
|
112
115
|
eventListeners,
|
|
113
116
|
cryptoProvider: cryptoProvider ?? null,
|
|
117
|
+
trustStoreProvider: trustStoreProvider ?? null,
|
|
114
118
|
};
|
|
115
119
|
}
|
|
116
120
|
static async buildSecurityManager(options) {
|
|
117
|
-
let { config, createOptions, policy, envelopeSigner, envelopeVerifier, encryptionManager, keyStore, keyManager, keyValidator, authorizer, certificateManager, secureChannelManager, eventListeners, cryptoProvider, } = options;
|
|
121
|
+
let { config, createOptions, policy, envelopeSigner, envelopeVerifier, encryptionManager, keyStore, keyManager, keyValidator, authorizer, certificateManager, secureChannelManager, eventListeners, cryptoProvider, trustStoreProvider, } = options;
|
|
118
122
|
if (!keyStore) {
|
|
119
123
|
keyStore = await DefaultSecurityManagerFactory.getOrCreateKeyStore(config, createOptions ?? null);
|
|
120
124
|
}
|
|
@@ -127,6 +131,10 @@ export class DefaultSecurityManagerFactory extends SecurityManagerFactory {
|
|
|
127
131
|
if (!policy) {
|
|
128
132
|
throw new Error('DefaultSecurityManagerFactory could not resolve a SecurityPolicy');
|
|
129
133
|
}
|
|
134
|
+
if (!trustStoreProvider) {
|
|
135
|
+
trustStoreProvider =
|
|
136
|
+
await TrustStoreProviderFactory.createTrustStoreProvider();
|
|
137
|
+
}
|
|
130
138
|
if (!keyManager) {
|
|
131
139
|
keyManager =
|
|
132
140
|
await DefaultSecurityManagerFactory.createKeyManagerFromConfig(config, policy, keyStore, createOptions ?? null);
|
|
@@ -137,7 +145,7 @@ export class DefaultSecurityManagerFactory extends SecurityManagerFactory {
|
|
|
137
145
|
}
|
|
138
146
|
if (!envelopeVerifier) {
|
|
139
147
|
envelopeVerifier =
|
|
140
|
-
await DefaultSecurityManagerFactory.createEnvelopeVerifierFromConfig(config, policy, keyManager);
|
|
148
|
+
await DefaultSecurityManagerFactory.createEnvelopeVerifierFromConfig(config, policy, keyManager, trustStoreProvider);
|
|
141
149
|
}
|
|
142
150
|
if (!encryptionManager || !secureChannelManager) {
|
|
143
151
|
const encryptionResult = await DefaultSecurityManagerFactory.createEncryptionManagerFromConfig(config, policy, keyManager, secureChannelManager, cryptoProvider ?? null);
|
|
@@ -237,7 +245,7 @@ export class DefaultSecurityManagerFactory extends SecurityManagerFactory {
|
|
|
237
245
|
throw error instanceof Error ? error : new Error(String(error));
|
|
238
246
|
}
|
|
239
247
|
}
|
|
240
|
-
static async createEnvelopeVerifierFromConfig(config, policy, keyManager) {
|
|
248
|
+
static async createEnvelopeVerifierFromConfig(config, policy, keyManager, trustStoreProvider) {
|
|
241
249
|
const verifierConfig = config.envelope_verifier ?? config.envelopeVerifier ?? null;
|
|
242
250
|
if (verifierConfig &&
|
|
243
251
|
DefaultSecurityManagerFactory.isConfigLike(verifierConfig)) {
|
|
@@ -261,7 +269,7 @@ export class DefaultSecurityManagerFactory extends SecurityManagerFactory {
|
|
|
261
269
|
}
|
|
262
270
|
const signing = policy.signing ?? null;
|
|
263
271
|
return await EnvelopeVerifierFactory.createEnvelopeVerifier(null, {
|
|
264
|
-
factoryArgs: [keyManager, signing ?? null],
|
|
272
|
+
factoryArgs: [keyManager, signing ?? null, { trustStoreProvider }],
|
|
265
273
|
});
|
|
266
274
|
}
|
|
267
275
|
catch (error) {
|
|
@@ -12,6 +12,8 @@ export { TOKEN_PROVIDER_FACTORY_BASE_TYPE, TokenProviderFactory, } from './auth/
|
|
|
12
12
|
export * from './auth/token.js';
|
|
13
13
|
export * from './cert/certificate-manager.js';
|
|
14
14
|
export { CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CertificateManagerFactory, } from './cert/certificate-manager-factory.js';
|
|
15
|
+
export * from './trust-store/trust-store-provider.js';
|
|
16
|
+
export { TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, TrustStoreProviderFactory, NoopTrustStoreProvider, } from './trust-store/trust-store-provider-factory.js';
|
|
15
17
|
export * from './encryption/encryption-manager.js';
|
|
16
18
|
export { ENCRYPTION_MANAGER_FACTORY_BASE_TYPE } from './encryption/encryption-manager-factory.js';
|
|
17
19
|
export * from './encryption/encryption-manager-factory.js';
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { NoopTrustStoreProvider, TrustStoreProviderFactory, TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, } from "./trust-store-provider-factory.js";
|
|
2
|
+
export const FACTORY_META = {
|
|
3
|
+
base: TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE,
|
|
4
|
+
key: "NoopTrustStoreProvider",
|
|
5
|
+
isDefault: true,
|
|
6
|
+
priority: 10,
|
|
7
|
+
};
|
|
8
|
+
export class NoopTrustStoreProviderFactory extends TrustStoreProviderFactory {
|
|
9
|
+
constructor() {
|
|
10
|
+
super(...arguments);
|
|
11
|
+
this.type = "NoopTrustStoreProvider";
|
|
12
|
+
this.isDefault = true;
|
|
13
|
+
this.priority = 10;
|
|
14
|
+
}
|
|
15
|
+
async create(_config, ..._factoryArgs) {
|
|
16
|
+
return new NoopTrustStoreProvider();
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
export default NoopTrustStoreProviderFactory;
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
import { AbstractResourceFactory, createDefaultResource, createResource, } from "@naylence/factory";
|
|
2
|
+
const DEFAULT_UNCONFIGURED_MESSAGE = "Trust store is not configured. Set FAME_CA_CERTS to a PEM value, a file path, a data URI, or an HTTPS bundle URL.";
|
|
3
|
+
export const TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE = "TrustStoreProviderFactory";
|
|
4
|
+
export class TrustStoreProviderFactory extends AbstractResourceFactory {
|
|
5
|
+
createUnconfiguredProvider(reason) {
|
|
6
|
+
return new NoopTrustStoreProvider(reason ?? DEFAULT_UNCONFIGURED_MESSAGE);
|
|
7
|
+
}
|
|
8
|
+
static async createTrustStoreProvider(config, options = {}) {
|
|
9
|
+
const { dependencies, factoryArgs, ...restOptions } = options;
|
|
10
|
+
const mergedFactoryArgs = [
|
|
11
|
+
...(dependencies ? [dependencies] : []),
|
|
12
|
+
...(factoryArgs ?? []),
|
|
13
|
+
];
|
|
14
|
+
const creationOptions = {
|
|
15
|
+
...restOptions,
|
|
16
|
+
factoryArgs: mergedFactoryArgs,
|
|
17
|
+
};
|
|
18
|
+
if (config) {
|
|
19
|
+
const instance = await createResource(TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, config, creationOptions);
|
|
20
|
+
return instance ?? new NoopTrustStoreProvider();
|
|
21
|
+
}
|
|
22
|
+
const instance = await createDefaultResource(TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, null, creationOptions);
|
|
23
|
+
return instance ?? new NoopTrustStoreProvider();
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
export class NoopTrustStoreProvider {
|
|
27
|
+
constructor(reason = DEFAULT_UNCONFIGURED_MESSAGE) {
|
|
28
|
+
this.reason = reason;
|
|
29
|
+
}
|
|
30
|
+
async getTrustStorePem() {
|
|
31
|
+
throw new Error(this.reason);
|
|
32
|
+
}
|
|
33
|
+
async getRoots() {
|
|
34
|
+
return [];
|
|
35
|
+
}
|
|
36
|
+
async initialize() {
|
|
37
|
+
// No-op for the placeholder provider.
|
|
38
|
+
}
|
|
39
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
package/dist/esm/version.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
// This file is auto-generated during build - do not edit manually
|
|
2
|
-
// Generated from package.json version: 0.3.5-test.
|
|
2
|
+
// Generated from package.json version: 0.3.5-test.924
|
|
3
3
|
/**
|
|
4
4
|
* The package version, injected at build time.
|
|
5
5
|
* @internal
|
|
6
6
|
*/
|
|
7
|
-
export const VERSION = '0.3.5-test.
|
|
7
|
+
export const VERSION = '0.3.5-test.924';
|