@nextera.one/axis-server-sdk 2.2.1 → 2.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/axis-sensor-GBEI3Fab.d.mts +209 -0
- package/dist/axis-sensor-GBEI3Fab.d.ts +209 -0
- package/dist/cce/index.d.mts +162 -0
- package/dist/cce/index.d.ts +162 -0
- package/dist/cce/index.js +1502 -0
- package/dist/cce/index.js.map +1 -0
- package/dist/cce/index.mjs +1442 -0
- package/dist/cce/index.mjs.map +1 -0
- package/dist/cce-pipeline-B-zUBHo3.d.mts +294 -0
- package/dist/cce-pipeline-DbGBSsCG.d.ts +294 -0
- package/dist/idel/index.d.mts +24 -0
- package/dist/idel/index.d.ts +24 -0
- package/dist/idel/index.js +306 -0
- package/dist/idel/index.js.map +1 -0
- package/dist/idel/index.mjs +279 -0
- package/dist/idel/index.mjs.map +1 -0
- package/dist/idel.types-DuUAcOnQ.d.mts +83 -0
- package/dist/idel.types-DuUAcOnQ.d.ts +83 -0
- package/dist/index-B2G6cbRL.d.mts +824 -0
- package/dist/index-DbSxdR0f.d.ts +824 -0
- package/dist/index-_S4fmVUJ.d.mts +501 -0
- package/dist/index-l3Hhirqb.d.ts +501 -0
- package/dist/index.d.mts +91 -1891
- package/dist/index.d.ts +91 -1891
- package/dist/index.js +9339 -5123
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +10326 -5816
- package/dist/index.mjs.map +1 -1
- package/dist/needle/index.d.mts +4 -0
- package/dist/needle/index.d.ts +4 -0
- package/dist/needle/index.js +3499 -0
- package/dist/needle/index.js.map +1 -0
- package/dist/needle/index.mjs +3528 -0
- package/dist/needle/index.mjs.map +1 -0
- package/dist/sensors/index.d.mts +5 -0
- package/dist/sensors/index.d.ts +5 -0
- package/dist/sensors/index.js +12860 -0
- package/dist/sensors/index.js.map +1 -0
- package/dist/sensors/index.mjs +12928 -0
- package/dist/sensors/index.mjs.map +1 -0
- package/dist/timeline/index.d.mts +54 -0
- package/dist/timeline/index.d.ts +54 -0
- package/dist/timeline/index.js +389 -0
- package/dist/timeline/index.js.map +1 -0
- package/dist/timeline/index.mjs +362 -0
- package/dist/timeline/index.mjs.map +1 -0
- package/dist/timeline.types-Cn0aqbUj.d.mts +125 -0
- package/dist/timeline.types-Cn0aqbUj.d.ts +125 -0
- package/package.json +28 -10
|
@@ -0,0 +1,162 @@
|
|
|
1
|
+
import { C as CceCapsuleClaims, a as CceExecutionContext, b as CceRequestEnvelope } from '../cce-pipeline-DbGBSsCG.js';
|
|
2
|
+
export { c as CCE_AES_KEY_BYTES, d as CCE_DERIVATION, e as CCE_ERROR, f as CCE_IV_BYTES, g as CCE_NONCE_BYTES, h as CCE_PROTOCOL_VERSION, i as CCE_TAG_BYTES, j as CceAlgorithm, k as CceAlgorithmDescriptor, l as CceAxisSigner, m as CceClientKeyEncryptor, n as CceConstraints, o as CceEncryptedKey, p as CceEncryptedPayload, q as CceError, r as CceErrorCode, s as CceHandler, t as CceHandlerContext, u as CceHandlerResult, v as CceKdfAlgorithm, w as CceKemAlgorithm, x as CcePipelineConfig, y as CcePipelineResult, z as CcePolicyContext, A as CcePolicyDecision, B as CcePolicyEvaluator, D as CceResponseEnvelope, E as CceResponseOptions, F as CceResponseStatus, G as CceSignature, H as CceVerificationState, I as CceWitnessRecord, J as CceWitnessStore, K as InMemoryCceWitnessStore, L as buildCceErrorResponse, M as buildCceResponse, N as buildWitnessRecord, O as executeCcePipeline, P as extractVerificationState } from '../cce-pipeline-DbGBSsCG.js';
|
|
3
|
+
import { A as AxisSensor, S as SensorInput, a as SensorDecision } from '../axis-sensor-GBEI3Fab.js';
|
|
4
|
+
|
|
5
|
+
interface CceDerivationInput {
|
|
6
|
+
axisLocalSecret: string;
|
|
7
|
+
capsule: CceCapsuleClaims;
|
|
8
|
+
requestNonce: string;
|
|
9
|
+
responseNonce?: string;
|
|
10
|
+
}
|
|
11
|
+
declare function deriveRequestExecutionKey(input: CceDerivationInput): Uint8Array;
|
|
12
|
+
declare function deriveResponseExecutionKey(input: CceDerivationInput & {
|
|
13
|
+
responseNonce: string;
|
|
14
|
+
}): Uint8Array;
|
|
15
|
+
declare function deriveWitnessKey(input: CceDerivationInput): Uint8Array;
|
|
16
|
+
declare function buildExecutionContext(input: CceDerivationInput, requestId: string): CceExecutionContext;
|
|
17
|
+
declare function generateCceNonce(): string;
|
|
18
|
+
|
|
19
|
+
interface CceAxisKeyProvider {
|
|
20
|
+
unwrapKey(encryptedKeyB64: string, algorithm: string, axisKid: string, ephemeralPkB64?: string): Promise<Uint8Array | null>;
|
|
21
|
+
}
|
|
22
|
+
interface CceAesGcmProvider {
|
|
23
|
+
decrypt(key: Uint8Array, iv: Uint8Array, ciphertext: Uint8Array, tag: Uint8Array, aad?: Uint8Array): Promise<Uint8Array | null>;
|
|
24
|
+
}
|
|
25
|
+
interface CcePayloadValidatorResult {
|
|
26
|
+
ok: boolean;
|
|
27
|
+
intent?: string;
|
|
28
|
+
code?: string;
|
|
29
|
+
reason?: string;
|
|
30
|
+
}
|
|
31
|
+
interface CcePayloadValidator {
|
|
32
|
+
validate(plaintext: Uint8Array, envelope: CceRequestEnvelope): Promise<CcePayloadValidatorResult>;
|
|
33
|
+
}
|
|
34
|
+
declare class CcePayloadDecryptionSensor implements AxisSensor {
|
|
35
|
+
private readonly keyProvider;
|
|
36
|
+
private readonly aesProvider;
|
|
37
|
+
private readonly maxPayloadBytes;
|
|
38
|
+
private readonly payloadValidator?;
|
|
39
|
+
readonly name = "cce.payload.decryption";
|
|
40
|
+
readonly order = 145;
|
|
41
|
+
readonly phase: "POST_DECODE";
|
|
42
|
+
constructor(keyProvider: CceAxisKeyProvider, aesProvider: CceAesGcmProvider, maxPayloadBytes?: number, payloadValidator?: CcePayloadValidator | undefined);
|
|
43
|
+
supports(input: SensorInput): boolean;
|
|
44
|
+
run(input: SensorInput): Promise<SensorDecision>;
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
declare function aesGcmEncrypt(key: Uint8Array, plaintext: Uint8Array, aad?: Uint8Array): {
|
|
48
|
+
iv: Uint8Array;
|
|
49
|
+
ciphertext: Uint8Array;
|
|
50
|
+
tag: Uint8Array;
|
|
51
|
+
};
|
|
52
|
+
declare function aesGcmDecrypt(key: Uint8Array, iv: Uint8Array, ciphertext: Uint8Array, tag: Uint8Array, aad?: Uint8Array): Uint8Array | null;
|
|
53
|
+
declare function generateAesKey(): Uint8Array;
|
|
54
|
+
declare function generateIv(): Uint8Array;
|
|
55
|
+
declare function base64UrlEncode(bytes: Uint8Array): string;
|
|
56
|
+
declare function base64UrlDecode(input: string): Uint8Array;
|
|
57
|
+
declare function hashPayload(payload: Uint8Array): string;
|
|
58
|
+
|
|
59
|
+
declare const nodeAesGcmProvider: CceAesGcmProvider;
|
|
60
|
+
|
|
61
|
+
declare class CceEnvelopeValidationSensor implements AxisSensor {
|
|
62
|
+
readonly name = "cce.envelope.validation";
|
|
63
|
+
readonly order = 5;
|
|
64
|
+
readonly phase: "PRE_DECODE";
|
|
65
|
+
supports(input: SensorInput): boolean;
|
|
66
|
+
run(input: SensorInput): Promise<SensorDecision>;
|
|
67
|
+
}
|
|
68
|
+
|
|
69
|
+
interface CceClientKeyResolver {
|
|
70
|
+
resolve(kid: string): Promise<{
|
|
71
|
+
publicKeyHex: string;
|
|
72
|
+
alg: string;
|
|
73
|
+
} | null>;
|
|
74
|
+
}
|
|
75
|
+
interface CceSignatureVerifier {
|
|
76
|
+
verify(message: Uint8Array, signatureHex: string, publicKeyHex: string, alg: string): Promise<boolean>;
|
|
77
|
+
}
|
|
78
|
+
declare class CceClientSignatureSensor implements AxisSensor {
|
|
79
|
+
private readonly keyResolver;
|
|
80
|
+
private readonly signatureVerifier;
|
|
81
|
+
readonly name = "cce.client.signature";
|
|
82
|
+
readonly order = 45;
|
|
83
|
+
readonly phase: "POST_DECODE";
|
|
84
|
+
constructor(keyResolver: CceClientKeyResolver, signatureVerifier: CceSignatureVerifier);
|
|
85
|
+
supports(input: SensorInput): boolean;
|
|
86
|
+
run(input: SensorInput): Promise<SensorDecision>;
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
interface CceIssuerKeyResolver {
|
|
90
|
+
resolve(kid: string): Promise<{
|
|
91
|
+
publicKeyHex: string;
|
|
92
|
+
} | null>;
|
|
93
|
+
}
|
|
94
|
+
interface CceCapsuleSignatureVerifier {
|
|
95
|
+
verify(claims: Omit<CceCapsuleClaims, "issuer_sig">, signature: {
|
|
96
|
+
alg: string;
|
|
97
|
+
kid: string;
|
|
98
|
+
value: string;
|
|
99
|
+
}, publicKeyHex: string): Promise<boolean>;
|
|
100
|
+
}
|
|
101
|
+
declare class CceCapsuleVerificationSensor implements AxisSensor {
|
|
102
|
+
private readonly issuerKeyResolver;
|
|
103
|
+
private readonly capsuleVerifier;
|
|
104
|
+
readonly name = "cce.capsule.verification";
|
|
105
|
+
readonly order = 50;
|
|
106
|
+
readonly phase: "POST_DECODE";
|
|
107
|
+
constructor(issuerKeyResolver: CceIssuerKeyResolver, capsuleVerifier: CceCapsuleSignatureVerifier);
|
|
108
|
+
supports(input: SensorInput): boolean;
|
|
109
|
+
run(input: SensorInput): Promise<SensorDecision>;
|
|
110
|
+
}
|
|
111
|
+
|
|
112
|
+
declare class CceTpsWindowSensor implements AxisSensor {
|
|
113
|
+
private readonly skewMs;
|
|
114
|
+
readonly name = "cce.tps.window";
|
|
115
|
+
readonly order = 92;
|
|
116
|
+
readonly phase: "POST_DECODE";
|
|
117
|
+
constructor(skewMs?: number);
|
|
118
|
+
supports(input: SensorInput): boolean;
|
|
119
|
+
run(input: SensorInput): Promise<SensorDecision>;
|
|
120
|
+
}
|
|
121
|
+
|
|
122
|
+
declare class CceAudienceIntentBindingSensor implements AxisSensor {
|
|
123
|
+
private readonly axisAudience;
|
|
124
|
+
readonly name = "cce.audience.intent.binding";
|
|
125
|
+
readonly order = 95;
|
|
126
|
+
readonly phase: "POST_DECODE";
|
|
127
|
+
constructor(axisAudience: string);
|
|
128
|
+
supports(input: SensorInput): boolean;
|
|
129
|
+
run(input: SensorInput): Promise<SensorDecision>;
|
|
130
|
+
}
|
|
131
|
+
|
|
132
|
+
interface CceReplayStore {
|
|
133
|
+
checkAndMark(key: string, ttlMs: number): Promise<boolean>;
|
|
134
|
+
isCapsuleConsumed(capsuleId: string): Promise<boolean>;
|
|
135
|
+
markCapsuleConsumed(capsuleId: string, ttlMs: number): Promise<void>;
|
|
136
|
+
isCapsuleRevoked(capsuleId: string): Promise<boolean>;
|
|
137
|
+
}
|
|
138
|
+
declare class InMemoryCceReplayStore implements CceReplayStore {
|
|
139
|
+
private nonces;
|
|
140
|
+
private consumed;
|
|
141
|
+
private revoked;
|
|
142
|
+
checkAndMark(key: string, ttlMs: number): Promise<boolean>;
|
|
143
|
+
isCapsuleConsumed(capsuleId: string): Promise<boolean>;
|
|
144
|
+
markCapsuleConsumed(capsuleId: string, _ttlMs: number): Promise<void>;
|
|
145
|
+
isCapsuleRevoked(capsuleId: string): Promise<boolean>;
|
|
146
|
+
revoke(capsuleId: string): void;
|
|
147
|
+
private cleanup;
|
|
148
|
+
}
|
|
149
|
+
declare class CceReplayProtectionSensor implements AxisSensor {
|
|
150
|
+
private readonly replayStore;
|
|
151
|
+
readonly name = "cce.replay.protection";
|
|
152
|
+
readonly order = 98;
|
|
153
|
+
readonly phase: "POST_DECODE";
|
|
154
|
+
private readonly nonceTtlMs;
|
|
155
|
+
constructor(replayStore: CceReplayStore, options?: {
|
|
156
|
+
nonceTtlMs?: number;
|
|
157
|
+
});
|
|
158
|
+
supports(input: SensorInput): boolean;
|
|
159
|
+
run(input: SensorInput): Promise<SensorDecision>;
|
|
160
|
+
}
|
|
161
|
+
|
|
162
|
+
export { type CceAesGcmProvider, CceAudienceIntentBindingSensor, type CceAxisKeyProvider, CceCapsuleClaims, type CceCapsuleSignatureVerifier, CceCapsuleVerificationSensor, type CceClientKeyResolver, CceClientSignatureSensor, type CceDerivationInput, CceEnvelopeValidationSensor, CceExecutionContext, type CceIssuerKeyResolver, CcePayloadDecryptionSensor, type CcePayloadValidator, type CcePayloadValidatorResult, CceReplayProtectionSensor, type CceReplayStore, CceRequestEnvelope, type CceSignatureVerifier, CceTpsWindowSensor, InMemoryCceReplayStore, aesGcmDecrypt, aesGcmEncrypt, base64UrlDecode, base64UrlEncode, buildExecutionContext, deriveRequestExecutionKey, deriveResponseExecutionKey, deriveWitnessKey, generateAesKey, generateCceNonce, generateIv, hashPayload, nodeAesGcmProvider };
|