@naylence/runtime 0.3.5-test.923 → 0.3.5-test.925
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/browser/index.cjs +218 -138
- package/dist/browser/index.mjs +210 -133
- package/dist/cjs/naylence/fame/factory-manifest.js +2 -0
- package/dist/cjs/naylence/fame/security/default-security-manager-factory.js +18 -6
- package/dist/cjs/naylence/fame/security/index.js +6 -1
- package/dist/cjs/naylence/fame/security/trust-store/noop-trust-store-provider-factory.js +23 -0
- package/dist/cjs/naylence/fame/security/trust-store/trust-store-provider-factory.js +44 -0
- package/dist/cjs/naylence/fame/security/trust-store/trust-store-provider.js +2 -0
- package/dist/cjs/version.js +2 -2
- package/dist/esm/naylence/fame/factory-manifest.js +2 -0
- package/dist/esm/naylence/fame/security/default-security-manager-factory.js +18 -6
- package/dist/esm/naylence/fame/security/index.js +2 -0
- package/dist/esm/naylence/fame/security/trust-store/noop-trust-store-provider-factory.js +19 -0
- package/dist/esm/naylence/fame/security/trust-store/trust-store-provider-factory.js +39 -0
- package/dist/esm/naylence/fame/security/trust-store/trust-store-provider.js +1 -0
- package/dist/esm/version.js +2 -2
- package/dist/node/index.cjs +214 -134
- package/dist/node/index.mjs +210 -133
- package/dist/node/node.cjs +214 -134
- package/dist/node/node.mjs +210 -133
- package/dist/types/naylence/fame/factory-manifest.d.ts +1 -1
- package/dist/types/naylence/fame/security/default-security-manager-factory.d.ts +3 -0
- package/dist/types/naylence/fame/security/index.d.ts +3 -0
- package/dist/types/naylence/fame/security/security-manager-factory.d.ts +2 -0
- package/dist/types/naylence/fame/security/trust-store/noop-trust-store-provider-factory.d.ts +18 -0
- package/dist/types/naylence/fame/security/trust-store/trust-store-provider-factory.d.ts +27 -0
- package/dist/types/naylence/fame/security/trust-store/trust-store-provider.d.ts +42 -0
- package/dist/types/version.d.ts +1 -1
- package/package.json +1 -1
|
@@ -96,6 +96,7 @@ exports.MODULES = [
|
|
|
96
96
|
"./security/policy/no-security-policy-factory.js",
|
|
97
97
|
"./security/signing/eddsa-envelope-signer-factory.js",
|
|
98
98
|
"./security/signing/eddsa-envelope-verifier-factory.js",
|
|
99
|
+
"./security/trust-store/noop-trust-store-provider-factory.js",
|
|
99
100
|
"./sentinel/capability-aware-routing-policy-factory.js",
|
|
100
101
|
"./sentinel/composite-routing-policy-factory.js",
|
|
101
102
|
"./sentinel/hybrid-path-routing-policy-factory.js",
|
|
@@ -170,6 +171,7 @@ exports.MODULE_LOADERS = {
|
|
|
170
171
|
"./security/policy/no-security-policy-factory.js": () => Promise.resolve().then(() => __importStar(require("./security/policy/no-security-policy-factory.js"))),
|
|
171
172
|
"./security/signing/eddsa-envelope-signer-factory.js": () => Promise.resolve().then(() => __importStar(require("./security/signing/eddsa-envelope-signer-factory.js"))),
|
|
172
173
|
"./security/signing/eddsa-envelope-verifier-factory.js": () => Promise.resolve().then(() => __importStar(require("./security/signing/eddsa-envelope-verifier-factory.js"))),
|
|
174
|
+
"./security/trust-store/noop-trust-store-provider-factory.js": () => Promise.resolve().then(() => __importStar(require("./security/trust-store/noop-trust-store-provider-factory.js"))),
|
|
173
175
|
"./sentinel/capability-aware-routing-policy-factory.js": () => Promise.resolve().then(() => __importStar(require("./sentinel/capability-aware-routing-policy-factory.js"))),
|
|
174
176
|
"./sentinel/composite-routing-policy-factory.js": () => Promise.resolve().then(() => __importStar(require("./sentinel/composite-routing-policy-factory.js"))),
|
|
175
177
|
"./sentinel/hybrid-path-routing-policy-factory.js": () => Promise.resolve().then(() => __importStar(require("./sentinel/hybrid-path-routing-policy-factory.js"))),
|
|
@@ -15,6 +15,7 @@ const envelope_verifier_js_1 = require("./signing/envelope-verifier.js");
|
|
|
15
15
|
const default_security_manager_js_1 = require("./default-security-manager.js");
|
|
16
16
|
const security_manager_factory_js_1 = require("./security-manager-factory.js");
|
|
17
17
|
const logging_js_1 = require("../util/logging.js");
|
|
18
|
+
const trust_store_provider_factory_js_1 = require("./trust-store/trust-store-provider-factory.js");
|
|
18
19
|
const logger = (0, logging_js_1.getLogger)('naylence.fame.security.default_security_manager_factory');
|
|
19
20
|
function normalizeDefaultSecurityManagerConfig(config) {
|
|
20
21
|
if (!config) {
|
|
@@ -47,6 +48,7 @@ function normalizeDefaultSecurityManagerConfig(config) {
|
|
|
47
48
|
ensureAlias('keyValidator', 'key_validator');
|
|
48
49
|
ensureAlias('eventListeners', 'event_listeners');
|
|
49
50
|
ensureAlias('cryptoProvider', 'crypto_provider');
|
|
51
|
+
ensureAlias('trustStoreProvider', 'trust_store_provider');
|
|
50
52
|
return normalized;
|
|
51
53
|
}
|
|
52
54
|
exports.FACTORY_META = {
|
|
@@ -95,6 +97,7 @@ class DefaultSecurityManagerFactory extends security_manager_factory_js_1.Securi
|
|
|
95
97
|
const certificateManager = DefaultSecurityManagerFactory.extractInstance(config, 'certificateManager', 'certificate_manager');
|
|
96
98
|
const secureChannelManager = DefaultSecurityManagerFactory.extractInstance(config, 'secureChannelManager', 'secure_channel_manager');
|
|
97
99
|
const cryptoProvider = DefaultSecurityManagerFactory.extractInstance(config, 'cryptoProvider', 'crypto_provider');
|
|
100
|
+
const trustStoreProvider = DefaultSecurityManagerFactory.extractInstance(config, 'trustStoreProvider', 'trust_store_provider');
|
|
98
101
|
const listenersSource = overrides?.eventListeners ??
|
|
99
102
|
config.eventListeners ??
|
|
100
103
|
config.event_listeners;
|
|
@@ -114,10 +117,11 @@ class DefaultSecurityManagerFactory extends security_manager_factory_js_1.Securi
|
|
|
114
117
|
secureChannelManager,
|
|
115
118
|
eventListeners,
|
|
116
119
|
cryptoProvider: cryptoProvider ?? null,
|
|
120
|
+
trustStoreProvider: trustStoreProvider ?? null,
|
|
117
121
|
};
|
|
118
122
|
}
|
|
119
123
|
static async buildSecurityManager(options) {
|
|
120
|
-
let { config, createOptions, policy, envelopeSigner, envelopeVerifier, encryptionManager, keyStore, keyManager, keyValidator, authorizer, certificateManager, secureChannelManager, eventListeners, cryptoProvider, } = options;
|
|
124
|
+
let { config, createOptions, policy, envelopeSigner, envelopeVerifier, encryptionManager, keyStore, keyManager, keyValidator, authorizer, certificateManager, secureChannelManager, eventListeners, cryptoProvider, trustStoreProvider, } = options;
|
|
121
125
|
if (!keyStore) {
|
|
122
126
|
keyStore = await DefaultSecurityManagerFactory.getOrCreateKeyStore(config, createOptions ?? null);
|
|
123
127
|
}
|
|
@@ -130,6 +134,10 @@ class DefaultSecurityManagerFactory extends security_manager_factory_js_1.Securi
|
|
|
130
134
|
if (!policy) {
|
|
131
135
|
throw new Error('DefaultSecurityManagerFactory could not resolve a SecurityPolicy');
|
|
132
136
|
}
|
|
137
|
+
if (!trustStoreProvider) {
|
|
138
|
+
trustStoreProvider =
|
|
139
|
+
await trust_store_provider_factory_js_1.TrustStoreProviderFactory.createTrustStoreProvider();
|
|
140
|
+
}
|
|
133
141
|
if (!keyManager) {
|
|
134
142
|
keyManager =
|
|
135
143
|
await DefaultSecurityManagerFactory.createKeyManagerFromConfig(config, policy, keyStore, createOptions ?? null);
|
|
@@ -140,7 +148,7 @@ class DefaultSecurityManagerFactory extends security_manager_factory_js_1.Securi
|
|
|
140
148
|
}
|
|
141
149
|
if (!envelopeVerifier) {
|
|
142
150
|
envelopeVerifier =
|
|
143
|
-
await DefaultSecurityManagerFactory.createEnvelopeVerifierFromConfig(config, policy, keyManager);
|
|
151
|
+
await DefaultSecurityManagerFactory.createEnvelopeVerifierFromConfig(config, policy, keyManager, trustStoreProvider);
|
|
144
152
|
}
|
|
145
153
|
if (!encryptionManager || !secureChannelManager) {
|
|
146
154
|
const encryptionResult = await DefaultSecurityManagerFactory.createEncryptionManagerFromConfig(config, policy, keyManager, secureChannelManager, cryptoProvider ?? null);
|
|
@@ -160,7 +168,7 @@ class DefaultSecurityManagerFactory extends security_manager_factory_js_1.Securi
|
|
|
160
168
|
}
|
|
161
169
|
if (!certificateManager) {
|
|
162
170
|
certificateManager =
|
|
163
|
-
await DefaultSecurityManagerFactory.createCertificateManagerFromConfig(config, policy);
|
|
171
|
+
await DefaultSecurityManagerFactory.createCertificateManagerFromConfig(config, policy, trustStoreProvider);
|
|
164
172
|
}
|
|
165
173
|
return new default_security_manager_js_1.DefaultSecurityManager(policy, envelopeSigner, envelopeVerifier, encryptionManager, keyManager, authorizer, certificateManager, secureChannelManager, keyValidator ?? null);
|
|
166
174
|
}
|
|
@@ -240,7 +248,7 @@ class DefaultSecurityManagerFactory extends security_manager_factory_js_1.Securi
|
|
|
240
248
|
throw error instanceof Error ? error : new Error(String(error));
|
|
241
249
|
}
|
|
242
250
|
}
|
|
243
|
-
static async createEnvelopeVerifierFromConfig(config, policy, keyManager) {
|
|
251
|
+
static async createEnvelopeVerifierFromConfig(config, policy, keyManager, trustStoreProvider) {
|
|
244
252
|
const verifierConfig = config.envelope_verifier ?? config.envelopeVerifier ?? null;
|
|
245
253
|
if (verifierConfig &&
|
|
246
254
|
DefaultSecurityManagerFactory.isConfigLike(verifierConfig)) {
|
|
@@ -264,7 +272,7 @@ class DefaultSecurityManagerFactory extends security_manager_factory_js_1.Securi
|
|
|
264
272
|
}
|
|
265
273
|
const signing = policy.signing ?? null;
|
|
266
274
|
return await envelope_verifier_js_1.EnvelopeVerifierFactory.createEnvelopeVerifier(null, {
|
|
267
|
-
factoryArgs: [keyManager, signing ?? null],
|
|
275
|
+
factoryArgs: [keyManager, signing ?? null, { trustStoreProvider }],
|
|
268
276
|
});
|
|
269
277
|
}
|
|
270
278
|
catch (error) {
|
|
@@ -416,7 +424,7 @@ class DefaultSecurityManagerFactory extends security_manager_factory_js_1.Securi
|
|
|
416
424
|
throw error instanceof Error ? error : new Error(String(error));
|
|
417
425
|
}
|
|
418
426
|
}
|
|
419
|
-
static async createCertificateManagerFromConfig(config, policy) {
|
|
427
|
+
static async createCertificateManagerFromConfig(config, policy, trustStoreProvider) {
|
|
420
428
|
const certificateConfig = config.certificate_manager ?? null;
|
|
421
429
|
if (certificateConfig &&
|
|
422
430
|
DefaultSecurityManagerFactory.isConfigLike(certificateConfig)) {
|
|
@@ -429,8 +437,12 @@ class DefaultSecurityManagerFactory extends security_manager_factory_js_1.Securi
|
|
|
429
437
|
return null;
|
|
430
438
|
}
|
|
431
439
|
const signing = policy.signing ?? null;
|
|
440
|
+
const trustStorePem = trustStoreProvider
|
|
441
|
+
? async () => await trustStoreProvider.getTrustStorePem()
|
|
442
|
+
: null;
|
|
432
443
|
return await certificate_manager_factory_js_1.CertificateManagerFactory.createCertificateManager(null, {
|
|
433
444
|
signing: signing ?? null,
|
|
445
|
+
factoryArgs: trustStorePem ? [trustStorePem] : [],
|
|
434
446
|
});
|
|
435
447
|
}
|
|
436
448
|
catch (error) {
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.PROFILE_NAME_OPEN = exports.PROFILE_NAME_GATED_CALLBACK = exports.PROFILE_NAME_GATED = exports.PROFILE_NAME_OVERLAY_CALLBACK = exports.PROFILE_NAME_OVERLAY = exports.PROFILE_NAME_STRICT_OVERLAY = exports.ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = exports.ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER = exports.ENV_VAR_HMAC_SECRET = exports.ENV_VAR_DEFAULT_ENCRYPTION_LEVEL = exports.ENV_VAR_JWKS_URL = exports.ENV_VAR_JWT_AUDIENCE = exports.ENV_VAR_JWT_ALGORITHM = exports.ENV_VAR_JWT_TRUSTED_ISSUER = exports.CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE = exports.EdDSAEnvelopeSigner = exports.encodeUtf8 = exports.immutableHeaders = exports.frameDigest = exports.decodeBase64Url = exports.canonicalJson = exports.SigningConfigClass = exports.SECURITY_MANAGER_FACTORY_BASE_TYPE = exports.SECURITY_POLICY_FACTORY_BASE_TYPE = exports.KEY_STORE_FACTORY_BASE_TYPE = exports.ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE = exports.KEY_MANAGER_FACTORY_BASE_TYPE = exports.SecureChannelManagerFactory = exports.SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE = exports.ENCRYPTION_MANAGER_FACTORY_BASE_TYPE = exports.CertificateManagerFactory = exports.CERTIFICATE_MANAGER_FACTORY_BASE_TYPE = exports.TokenProviderFactory = exports.TOKEN_PROVIDER_FACTORY_BASE_TYPE = exports.TokenVerifierFactory = exports.TOKEN_VERIFIER_FACTORY_BASE_TYPE = exports.TokenIssuerFactory = exports.TOKEN_ISSUER_FACTORY_BASE_TYPE = exports.AuthInjectionStrategyFactory = exports.AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE = exports.AuthorizerFactory = exports.AUTHORIZER_FACTORY_BASE_TYPE = void 0;
|
|
3
|
+
exports.PROFILE_NAME_OPEN = exports.PROFILE_NAME_GATED_CALLBACK = exports.PROFILE_NAME_GATED = exports.PROFILE_NAME_OVERLAY_CALLBACK = exports.PROFILE_NAME_OVERLAY = exports.PROFILE_NAME_STRICT_OVERLAY = exports.ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = exports.ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER = exports.ENV_VAR_HMAC_SECRET = exports.ENV_VAR_DEFAULT_ENCRYPTION_LEVEL = exports.ENV_VAR_JWKS_URL = exports.ENV_VAR_JWT_AUDIENCE = exports.ENV_VAR_JWT_ALGORITHM = exports.ENV_VAR_JWT_TRUSTED_ISSUER = exports.CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE = exports.EdDSAEnvelopeSigner = exports.encodeUtf8 = exports.immutableHeaders = exports.frameDigest = exports.decodeBase64Url = exports.canonicalJson = exports.SigningConfigClass = exports.SECURITY_MANAGER_FACTORY_BASE_TYPE = exports.SECURITY_POLICY_FACTORY_BASE_TYPE = exports.KEY_STORE_FACTORY_BASE_TYPE = exports.ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE = exports.KEY_MANAGER_FACTORY_BASE_TYPE = exports.SecureChannelManagerFactory = exports.SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE = exports.ENCRYPTION_MANAGER_FACTORY_BASE_TYPE = exports.NoopTrustStoreProvider = exports.TrustStoreProviderFactory = exports.TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE = exports.CertificateManagerFactory = exports.CERTIFICATE_MANAGER_FACTORY_BASE_TYPE = exports.TokenProviderFactory = exports.TOKEN_PROVIDER_FACTORY_BASE_TYPE = exports.TokenVerifierFactory = exports.TOKEN_VERIFIER_FACTORY_BASE_TYPE = exports.TokenIssuerFactory = exports.TOKEN_ISSUER_FACTORY_BASE_TYPE = exports.AuthInjectionStrategyFactory = exports.AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE = exports.AuthorizerFactory = exports.AUTHORIZER_FACTORY_BASE_TYPE = void 0;
|
|
4
4
|
const tslib_1 = require("tslib");
|
|
5
5
|
tslib_1.__exportStar(require("./auth/authorizer.js"), exports);
|
|
6
6
|
var authorizer_factory_js_1 = require("./auth/authorizer-factory.js");
|
|
@@ -28,6 +28,11 @@ tslib_1.__exportStar(require("./cert/certificate-manager.js"), exports);
|
|
|
28
28
|
var certificate_manager_factory_js_1 = require("./cert/certificate-manager-factory.js");
|
|
29
29
|
Object.defineProperty(exports, "CERTIFICATE_MANAGER_FACTORY_BASE_TYPE", { enumerable: true, get: function () { return certificate_manager_factory_js_1.CERTIFICATE_MANAGER_FACTORY_BASE_TYPE; } });
|
|
30
30
|
Object.defineProperty(exports, "CertificateManagerFactory", { enumerable: true, get: function () { return certificate_manager_factory_js_1.CertificateManagerFactory; } });
|
|
31
|
+
tslib_1.__exportStar(require("./trust-store/trust-store-provider.js"), exports);
|
|
32
|
+
var trust_store_provider_factory_js_1 = require("./trust-store/trust-store-provider-factory.js");
|
|
33
|
+
Object.defineProperty(exports, "TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE", { enumerable: true, get: function () { return trust_store_provider_factory_js_1.TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE; } });
|
|
34
|
+
Object.defineProperty(exports, "TrustStoreProviderFactory", { enumerable: true, get: function () { return trust_store_provider_factory_js_1.TrustStoreProviderFactory; } });
|
|
35
|
+
Object.defineProperty(exports, "NoopTrustStoreProvider", { enumerable: true, get: function () { return trust_store_provider_factory_js_1.NoopTrustStoreProvider; } });
|
|
31
36
|
tslib_1.__exportStar(require("./encryption/encryption-manager.js"), exports);
|
|
32
37
|
var encryption_manager_factory_js_1 = require("./encryption/encryption-manager-factory.js");
|
|
33
38
|
Object.defineProperty(exports, "ENCRYPTION_MANAGER_FACTORY_BASE_TYPE", { enumerable: true, get: function () { return encryption_manager_factory_js_1.ENCRYPTION_MANAGER_FACTORY_BASE_TYPE; } });
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.NoopTrustStoreProviderFactory = exports.FACTORY_META = void 0;
|
|
4
|
+
const trust_store_provider_factory_js_1 = require("./trust-store-provider-factory.js");
|
|
5
|
+
exports.FACTORY_META = {
|
|
6
|
+
base: trust_store_provider_factory_js_1.TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE,
|
|
7
|
+
key: "NoopTrustStoreProvider",
|
|
8
|
+
isDefault: true,
|
|
9
|
+
priority: 10,
|
|
10
|
+
};
|
|
11
|
+
class NoopTrustStoreProviderFactory extends trust_store_provider_factory_js_1.TrustStoreProviderFactory {
|
|
12
|
+
constructor() {
|
|
13
|
+
super(...arguments);
|
|
14
|
+
this.type = "NoopTrustStoreProvider";
|
|
15
|
+
this.isDefault = true;
|
|
16
|
+
this.priority = 10;
|
|
17
|
+
}
|
|
18
|
+
async create(_config, ..._factoryArgs) {
|
|
19
|
+
return new trust_store_provider_factory_js_1.NoopTrustStoreProvider();
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
exports.NoopTrustStoreProviderFactory = NoopTrustStoreProviderFactory;
|
|
23
|
+
exports.default = NoopTrustStoreProviderFactory;
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.NoopTrustStoreProvider = exports.TrustStoreProviderFactory = exports.TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE = void 0;
|
|
4
|
+
const factory_1 = require("@naylence/factory");
|
|
5
|
+
const DEFAULT_UNCONFIGURED_MESSAGE = "Trust store is not configured. Set FAME_CA_CERTS to a PEM value, a file path, a data URI, or an HTTPS bundle URL.";
|
|
6
|
+
exports.TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE = "TrustStoreProviderFactory";
|
|
7
|
+
class TrustStoreProviderFactory extends factory_1.AbstractResourceFactory {
|
|
8
|
+
createUnconfiguredProvider(reason) {
|
|
9
|
+
return new NoopTrustStoreProvider(reason ?? DEFAULT_UNCONFIGURED_MESSAGE);
|
|
10
|
+
}
|
|
11
|
+
static async createTrustStoreProvider(config, options = {}) {
|
|
12
|
+
const { dependencies, factoryArgs, ...restOptions } = options;
|
|
13
|
+
const mergedFactoryArgs = [
|
|
14
|
+
...(dependencies ? [dependencies] : []),
|
|
15
|
+
...(factoryArgs ?? []),
|
|
16
|
+
];
|
|
17
|
+
const creationOptions = {
|
|
18
|
+
...restOptions,
|
|
19
|
+
factoryArgs: mergedFactoryArgs,
|
|
20
|
+
};
|
|
21
|
+
if (config) {
|
|
22
|
+
const instance = await (0, factory_1.createResource)(exports.TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, config, creationOptions);
|
|
23
|
+
return instance ?? new NoopTrustStoreProvider();
|
|
24
|
+
}
|
|
25
|
+
const instance = await (0, factory_1.createDefaultResource)(exports.TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, null, creationOptions);
|
|
26
|
+
return instance ?? new NoopTrustStoreProvider();
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
exports.TrustStoreProviderFactory = TrustStoreProviderFactory;
|
|
30
|
+
class NoopTrustStoreProvider {
|
|
31
|
+
constructor(reason = DEFAULT_UNCONFIGURED_MESSAGE) {
|
|
32
|
+
this.reason = reason;
|
|
33
|
+
}
|
|
34
|
+
async getTrustStorePem() {
|
|
35
|
+
throw new Error(this.reason);
|
|
36
|
+
}
|
|
37
|
+
async getRoots() {
|
|
38
|
+
return [];
|
|
39
|
+
}
|
|
40
|
+
async initialize() {
|
|
41
|
+
// No-op for the placeholder provider.
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
exports.NoopTrustStoreProvider = NoopTrustStoreProvider;
|
package/dist/cjs/version.js
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
// This file is auto-generated during build - do not edit manually
|
|
3
|
-
// Generated from package.json version: 0.3.5-test.
|
|
3
|
+
// Generated from package.json version: 0.3.5-test.925
|
|
4
4
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
5
5
|
exports.VERSION = void 0;
|
|
6
6
|
/**
|
|
7
7
|
* The package version, injected at build time.
|
|
8
8
|
* @internal
|
|
9
9
|
*/
|
|
10
|
-
exports.VERSION = '0.3.5-test.
|
|
10
|
+
exports.VERSION = '0.3.5-test.925';
|
|
@@ -60,6 +60,7 @@ export const MODULES = [
|
|
|
60
60
|
"./security/policy/no-security-policy-factory.js",
|
|
61
61
|
"./security/signing/eddsa-envelope-signer-factory.js",
|
|
62
62
|
"./security/signing/eddsa-envelope-verifier-factory.js",
|
|
63
|
+
"./security/trust-store/noop-trust-store-provider-factory.js",
|
|
63
64
|
"./sentinel/capability-aware-routing-policy-factory.js",
|
|
64
65
|
"./sentinel/composite-routing-policy-factory.js",
|
|
65
66
|
"./sentinel/hybrid-path-routing-policy-factory.js",
|
|
@@ -134,6 +135,7 @@ export const MODULE_LOADERS = {
|
|
|
134
135
|
"./security/policy/no-security-policy-factory.js": () => import("./security/policy/no-security-policy-factory.js"),
|
|
135
136
|
"./security/signing/eddsa-envelope-signer-factory.js": () => import("./security/signing/eddsa-envelope-signer-factory.js"),
|
|
136
137
|
"./security/signing/eddsa-envelope-verifier-factory.js": () => import("./security/signing/eddsa-envelope-verifier-factory.js"),
|
|
138
|
+
"./security/trust-store/noop-trust-store-provider-factory.js": () => import("./security/trust-store/noop-trust-store-provider-factory.js"),
|
|
137
139
|
"./sentinel/capability-aware-routing-policy-factory.js": () => import("./sentinel/capability-aware-routing-policy-factory.js"),
|
|
138
140
|
"./sentinel/composite-routing-policy-factory.js": () => import("./sentinel/composite-routing-policy-factory.js"),
|
|
139
141
|
"./sentinel/hybrid-path-routing-policy-factory.js": () => import("./sentinel/hybrid-path-routing-policy-factory.js"),
|
|
@@ -12,6 +12,7 @@ import { EnvelopeVerifierFactory } from './signing/envelope-verifier.js';
|
|
|
12
12
|
import { DefaultSecurityManager } from './default-security-manager.js';
|
|
13
13
|
import { SecurityManagerFactory, SECURITY_MANAGER_FACTORY_BASE_TYPE, } from './security-manager-factory.js';
|
|
14
14
|
import { getLogger } from '../util/logging.js';
|
|
15
|
+
import { TrustStoreProviderFactory } from './trust-store/trust-store-provider-factory.js';
|
|
15
16
|
const logger = getLogger('naylence.fame.security.default_security_manager_factory');
|
|
16
17
|
function normalizeDefaultSecurityManagerConfig(config) {
|
|
17
18
|
if (!config) {
|
|
@@ -44,6 +45,7 @@ function normalizeDefaultSecurityManagerConfig(config) {
|
|
|
44
45
|
ensureAlias('keyValidator', 'key_validator');
|
|
45
46
|
ensureAlias('eventListeners', 'event_listeners');
|
|
46
47
|
ensureAlias('cryptoProvider', 'crypto_provider');
|
|
48
|
+
ensureAlias('trustStoreProvider', 'trust_store_provider');
|
|
47
49
|
return normalized;
|
|
48
50
|
}
|
|
49
51
|
export const FACTORY_META = {
|
|
@@ -92,6 +94,7 @@ export class DefaultSecurityManagerFactory extends SecurityManagerFactory {
|
|
|
92
94
|
const certificateManager = DefaultSecurityManagerFactory.extractInstance(config, 'certificateManager', 'certificate_manager');
|
|
93
95
|
const secureChannelManager = DefaultSecurityManagerFactory.extractInstance(config, 'secureChannelManager', 'secure_channel_manager');
|
|
94
96
|
const cryptoProvider = DefaultSecurityManagerFactory.extractInstance(config, 'cryptoProvider', 'crypto_provider');
|
|
97
|
+
const trustStoreProvider = DefaultSecurityManagerFactory.extractInstance(config, 'trustStoreProvider', 'trust_store_provider');
|
|
95
98
|
const listenersSource = overrides?.eventListeners ??
|
|
96
99
|
config.eventListeners ??
|
|
97
100
|
config.event_listeners;
|
|
@@ -111,10 +114,11 @@ export class DefaultSecurityManagerFactory extends SecurityManagerFactory {
|
|
|
111
114
|
secureChannelManager,
|
|
112
115
|
eventListeners,
|
|
113
116
|
cryptoProvider: cryptoProvider ?? null,
|
|
117
|
+
trustStoreProvider: trustStoreProvider ?? null,
|
|
114
118
|
};
|
|
115
119
|
}
|
|
116
120
|
static async buildSecurityManager(options) {
|
|
117
|
-
let { config, createOptions, policy, envelopeSigner, envelopeVerifier, encryptionManager, keyStore, keyManager, keyValidator, authorizer, certificateManager, secureChannelManager, eventListeners, cryptoProvider, } = options;
|
|
121
|
+
let { config, createOptions, policy, envelopeSigner, envelopeVerifier, encryptionManager, keyStore, keyManager, keyValidator, authorizer, certificateManager, secureChannelManager, eventListeners, cryptoProvider, trustStoreProvider, } = options;
|
|
118
122
|
if (!keyStore) {
|
|
119
123
|
keyStore = await DefaultSecurityManagerFactory.getOrCreateKeyStore(config, createOptions ?? null);
|
|
120
124
|
}
|
|
@@ -127,6 +131,10 @@ export class DefaultSecurityManagerFactory extends SecurityManagerFactory {
|
|
|
127
131
|
if (!policy) {
|
|
128
132
|
throw new Error('DefaultSecurityManagerFactory could not resolve a SecurityPolicy');
|
|
129
133
|
}
|
|
134
|
+
if (!trustStoreProvider) {
|
|
135
|
+
trustStoreProvider =
|
|
136
|
+
await TrustStoreProviderFactory.createTrustStoreProvider();
|
|
137
|
+
}
|
|
130
138
|
if (!keyManager) {
|
|
131
139
|
keyManager =
|
|
132
140
|
await DefaultSecurityManagerFactory.createKeyManagerFromConfig(config, policy, keyStore, createOptions ?? null);
|
|
@@ -137,7 +145,7 @@ export class DefaultSecurityManagerFactory extends SecurityManagerFactory {
|
|
|
137
145
|
}
|
|
138
146
|
if (!envelopeVerifier) {
|
|
139
147
|
envelopeVerifier =
|
|
140
|
-
await DefaultSecurityManagerFactory.createEnvelopeVerifierFromConfig(config, policy, keyManager);
|
|
148
|
+
await DefaultSecurityManagerFactory.createEnvelopeVerifierFromConfig(config, policy, keyManager, trustStoreProvider);
|
|
141
149
|
}
|
|
142
150
|
if (!encryptionManager || !secureChannelManager) {
|
|
143
151
|
const encryptionResult = await DefaultSecurityManagerFactory.createEncryptionManagerFromConfig(config, policy, keyManager, secureChannelManager, cryptoProvider ?? null);
|
|
@@ -157,7 +165,7 @@ export class DefaultSecurityManagerFactory extends SecurityManagerFactory {
|
|
|
157
165
|
}
|
|
158
166
|
if (!certificateManager) {
|
|
159
167
|
certificateManager =
|
|
160
|
-
await DefaultSecurityManagerFactory.createCertificateManagerFromConfig(config, policy);
|
|
168
|
+
await DefaultSecurityManagerFactory.createCertificateManagerFromConfig(config, policy, trustStoreProvider);
|
|
161
169
|
}
|
|
162
170
|
return new DefaultSecurityManager(policy, envelopeSigner, envelopeVerifier, encryptionManager, keyManager, authorizer, certificateManager, secureChannelManager, keyValidator ?? null);
|
|
163
171
|
}
|
|
@@ -237,7 +245,7 @@ export class DefaultSecurityManagerFactory extends SecurityManagerFactory {
|
|
|
237
245
|
throw error instanceof Error ? error : new Error(String(error));
|
|
238
246
|
}
|
|
239
247
|
}
|
|
240
|
-
static async createEnvelopeVerifierFromConfig(config, policy, keyManager) {
|
|
248
|
+
static async createEnvelopeVerifierFromConfig(config, policy, keyManager, trustStoreProvider) {
|
|
241
249
|
const verifierConfig = config.envelope_verifier ?? config.envelopeVerifier ?? null;
|
|
242
250
|
if (verifierConfig &&
|
|
243
251
|
DefaultSecurityManagerFactory.isConfigLike(verifierConfig)) {
|
|
@@ -261,7 +269,7 @@ export class DefaultSecurityManagerFactory extends SecurityManagerFactory {
|
|
|
261
269
|
}
|
|
262
270
|
const signing = policy.signing ?? null;
|
|
263
271
|
return await EnvelopeVerifierFactory.createEnvelopeVerifier(null, {
|
|
264
|
-
factoryArgs: [keyManager, signing ?? null],
|
|
272
|
+
factoryArgs: [keyManager, signing ?? null, { trustStoreProvider }],
|
|
265
273
|
});
|
|
266
274
|
}
|
|
267
275
|
catch (error) {
|
|
@@ -413,7 +421,7 @@ export class DefaultSecurityManagerFactory extends SecurityManagerFactory {
|
|
|
413
421
|
throw error instanceof Error ? error : new Error(String(error));
|
|
414
422
|
}
|
|
415
423
|
}
|
|
416
|
-
static async createCertificateManagerFromConfig(config, policy) {
|
|
424
|
+
static async createCertificateManagerFromConfig(config, policy, trustStoreProvider) {
|
|
417
425
|
const certificateConfig = config.certificate_manager ?? null;
|
|
418
426
|
if (certificateConfig &&
|
|
419
427
|
DefaultSecurityManagerFactory.isConfigLike(certificateConfig)) {
|
|
@@ -426,8 +434,12 @@ export class DefaultSecurityManagerFactory extends SecurityManagerFactory {
|
|
|
426
434
|
return null;
|
|
427
435
|
}
|
|
428
436
|
const signing = policy.signing ?? null;
|
|
437
|
+
const trustStorePem = trustStoreProvider
|
|
438
|
+
? async () => await trustStoreProvider.getTrustStorePem()
|
|
439
|
+
: null;
|
|
429
440
|
return await CertificateManagerFactory.createCertificateManager(null, {
|
|
430
441
|
signing: signing ?? null,
|
|
442
|
+
factoryArgs: trustStorePem ? [trustStorePem] : [],
|
|
431
443
|
});
|
|
432
444
|
}
|
|
433
445
|
catch (error) {
|
|
@@ -12,6 +12,8 @@ export { TOKEN_PROVIDER_FACTORY_BASE_TYPE, TokenProviderFactory, } from './auth/
|
|
|
12
12
|
export * from './auth/token.js';
|
|
13
13
|
export * from './cert/certificate-manager.js';
|
|
14
14
|
export { CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CertificateManagerFactory, } from './cert/certificate-manager-factory.js';
|
|
15
|
+
export * from './trust-store/trust-store-provider.js';
|
|
16
|
+
export { TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, TrustStoreProviderFactory, NoopTrustStoreProvider, } from './trust-store/trust-store-provider-factory.js';
|
|
15
17
|
export * from './encryption/encryption-manager.js';
|
|
16
18
|
export { ENCRYPTION_MANAGER_FACTORY_BASE_TYPE } from './encryption/encryption-manager-factory.js';
|
|
17
19
|
export * from './encryption/encryption-manager-factory.js';
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { NoopTrustStoreProvider, TrustStoreProviderFactory, TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, } from "./trust-store-provider-factory.js";
|
|
2
|
+
export const FACTORY_META = {
|
|
3
|
+
base: TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE,
|
|
4
|
+
key: "NoopTrustStoreProvider",
|
|
5
|
+
isDefault: true,
|
|
6
|
+
priority: 10,
|
|
7
|
+
};
|
|
8
|
+
export class NoopTrustStoreProviderFactory extends TrustStoreProviderFactory {
|
|
9
|
+
constructor() {
|
|
10
|
+
super(...arguments);
|
|
11
|
+
this.type = "NoopTrustStoreProvider";
|
|
12
|
+
this.isDefault = true;
|
|
13
|
+
this.priority = 10;
|
|
14
|
+
}
|
|
15
|
+
async create(_config, ..._factoryArgs) {
|
|
16
|
+
return new NoopTrustStoreProvider();
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
export default NoopTrustStoreProviderFactory;
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
import { AbstractResourceFactory, createDefaultResource, createResource, } from "@naylence/factory";
|
|
2
|
+
const DEFAULT_UNCONFIGURED_MESSAGE = "Trust store is not configured. Set FAME_CA_CERTS to a PEM value, a file path, a data URI, or an HTTPS bundle URL.";
|
|
3
|
+
export const TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE = "TrustStoreProviderFactory";
|
|
4
|
+
export class TrustStoreProviderFactory extends AbstractResourceFactory {
|
|
5
|
+
createUnconfiguredProvider(reason) {
|
|
6
|
+
return new NoopTrustStoreProvider(reason ?? DEFAULT_UNCONFIGURED_MESSAGE);
|
|
7
|
+
}
|
|
8
|
+
static async createTrustStoreProvider(config, options = {}) {
|
|
9
|
+
const { dependencies, factoryArgs, ...restOptions } = options;
|
|
10
|
+
const mergedFactoryArgs = [
|
|
11
|
+
...(dependencies ? [dependencies] : []),
|
|
12
|
+
...(factoryArgs ?? []),
|
|
13
|
+
];
|
|
14
|
+
const creationOptions = {
|
|
15
|
+
...restOptions,
|
|
16
|
+
factoryArgs: mergedFactoryArgs,
|
|
17
|
+
};
|
|
18
|
+
if (config) {
|
|
19
|
+
const instance = await createResource(TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, config, creationOptions);
|
|
20
|
+
return instance ?? new NoopTrustStoreProvider();
|
|
21
|
+
}
|
|
22
|
+
const instance = await createDefaultResource(TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, null, creationOptions);
|
|
23
|
+
return instance ?? new NoopTrustStoreProvider();
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
export class NoopTrustStoreProvider {
|
|
27
|
+
constructor(reason = DEFAULT_UNCONFIGURED_MESSAGE) {
|
|
28
|
+
this.reason = reason;
|
|
29
|
+
}
|
|
30
|
+
async getTrustStorePem() {
|
|
31
|
+
throw new Error(this.reason);
|
|
32
|
+
}
|
|
33
|
+
async getRoots() {
|
|
34
|
+
return [];
|
|
35
|
+
}
|
|
36
|
+
async initialize() {
|
|
37
|
+
// No-op for the placeholder provider.
|
|
38
|
+
}
|
|
39
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
package/dist/esm/version.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
// This file is auto-generated during build - do not edit manually
|
|
2
|
-
// Generated from package.json version: 0.3.5-test.
|
|
2
|
+
// Generated from package.json version: 0.3.5-test.925
|
|
3
3
|
/**
|
|
4
4
|
* The package version, injected at build time.
|
|
5
5
|
* @internal
|
|
6
6
|
*/
|
|
7
|
-
export const VERSION = '0.3.5-test.
|
|
7
|
+
export const VERSION = '0.3.5-test.925';
|