@super-protocol/pki-client 1.3.9 → 1.5.0

package/dist/challengeProvider/challengeProviderTdx.d.ts

@@ -0,0 +1,6 @@
+/// <reference types="node" />
+import { ChallengeProvider } from './challengeProvider';
+import { Challenge } from '@super-protocol/pki-common';
+export declare class ChallengeProviderTdx implements ChallengeProvider {
+    generateChallenge(userData: Buffer): Promise<Challenge>;
+}

package/dist/challengeProvider/challengeProviderTdx.js

@@ -0,0 +1,42 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ChallengeProviderTdx = void 0;
+const pki_common_1 = require("@super-protocol/pki-common");
+class ChallengeProviderTdx {
+    async generateChallenge(userData) {
+        // This module depends on native library that cannot be compiled for all architectures / operating systems.
+        // That is why we load it dynamically and use only when it's really needed.
+        const { SgxNative } = await Promise.resolve().then(() => __importStar(require('@super-protocol/addons-tee')));
+        const dcapVerifyService = new SgxNative.DcapQuoteVerifyService();
+        const quoteData = await dcapVerifyService.generateTDXQuote(userData);
+        return {
+            type: pki_common_1.ChallengeType.TDX,
+            quoteBase64: quoteData.toString('base64'),
+        };
+    }
+}
+exports.ChallengeProviderTdx = ChallengeProviderTdx;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2hhbGxlbmdlUHJvdmlkZXJUZHguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvY2hhbGxlbmdlUHJvdmlkZXIvY2hhbGxlbmdlUHJvdmlkZXJUZHgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFDQSwyREFBc0U7QUFFdEUsTUFBYSxvQkFBb0I7SUFDN0IsS0FBSyxDQUFDLGlCQUFpQixDQUFDLFFBQWdCO1FBQ3BDLDJHQUEyRztRQUMzRywyRUFBMkU7UUFDM0UsTUFBTSxFQUFFLFNBQVMsRUFBRSxHQUFHLHdEQUFhLDRCQUE0QixHQUFDLENBQUM7UUFFakUsTUFBTSxpQkFBaUIsR0FBRyxJQUFJLFNBQVMsQ0FBQyxzQkFBc0IsRUFBRSxDQUFDO1FBRWpFLE1BQU0sU0FBUyxHQUFHLE1BQU0saUJBQWlCLENBQUMsZ0JBQWdCLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDckUsT0FBTztZQUNILElBQUksRUFBRSwwQkFBYSxDQUFDLEdBQUc7WUFDdkIsV0FBVyxFQUFFLFNBQVMsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDO1NBQzVDLENBQUM7SUFDTixDQUFDO0NBQ0o7QUFkRCxvREFjQyJ9

package/dist/challengeProvider/index.d.ts

@@ -1,3 +1,4 @@
 export * from './challengeProvider';
 export * from './challengeProviderSgx';
+export * from './challengeProviderTdx';
 export * from './challengeProviderUntrusted';

package/dist/challengeProvider/index.js

@@ -16,5 +16,6 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./challengeProvider"), exports);
 __exportStar(require("./challengeProviderSgx"), exports);
+__exportStar(require("./challengeProviderTdx"), exports);
 __exportStar(require("./challengeProviderUntrusted"), exports);
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvY2hhbGxlbmdlUHJvdmlkZXIvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLHNEQUFvQztBQUNwQyx5REFBdUM7QUFDdkMsK0RBQTZDIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvY2hhbGxlbmdlUHJvdmlkZXIvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLHNEQUFvQztBQUNwQyx5REFBdUM7QUFDdkMseURBQXVDO0FBQ3ZDLCtEQUE2QyJ9

package/dist/index.d.ts

@@ -1,2 +1,4 @@
 export * from './challengeProvider';
 export * from './pkiClient';
+export * from './pkiClientConfig';
+export * from './pkiClientFactory';

package/dist/index.js

@@ -16,4 +16,6 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./challengeProvider"), exports);
 __exportStar(require("./pkiClient"), exports);
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLHNEQUFvQztBQUNwQyw4Q0FBNEIifQ==
+__exportStar(require("./pkiClientConfig"), exports);
+__exportStar(require("./pkiClientFactory"), exports);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLHNEQUFvQztBQUNwQyw4Q0FBNEI7QUFDNUIsb0RBQWtDO0FBQ2xDLHFEQUFtQyJ9

package/dist/pkiClient.d.ts

@@ -1,4 +1,4 @@
-import { TeeSslCertificate } from '@super-protocol/pki-common';
+import { CertificateType, TeeSslCertificate, TeeSslCertificateFromCsr } from '@super-protocol/pki-common';
 import { ChallengeProvider } from './challengeProvider';
 import { AttestationServiceClient } from '@super-protocol/pki-api-client';
 export interface SgxPkiClientOptions {
@@ -6,10 +6,16 @@ export interface SgxPkiClientOptions {
     challengeProvider?: ChallengeProvider;
     attestationServiceClient?: AttestationServiceClient;
 }
+export interface GenerateCertificateOptions {
+    certType: CertificateType;
+}
 export declare class PkiClient {
     private readonly keyPair;
     private readonly challengeProvider;
     private readonly attestationServiceClient;
+    private readonly defaultOptions;
     constructor(options?: SgxPkiClientOptions);
-    generateSslCertificate(domains: string[]): Promise<TeeSslCertificate>;
+    generateSslCertificate(domains: string[], options?: GenerateCertificateOptions): Promise<TeeSslCertificate>;
+    generateSslCertificateFromCsr(csrPem: string, options?: GenerateCertificateOptions): Promise<TeeSslCertificateFromCsr>;
+    private generateChallenge;
 }

package/dist/pkiClient.js

@@ -48,6 +48,9 @@ class PkiClient {
     keyPair;
     challengeProvider;
     attestationServiceClient;
+    defaultOptions = {
+        certType: pki_common_1.CertificateType.Basic,
+    };
     constructor(options = {}) {
         if (options.privateKeyPem) {
             this.keyPair = {
@@ -64,14 +67,15 @@ class PkiClient {
             options.attestationServiceClient ||
                 new pki_api_client_1.StaticAttestationServiceClient(AS_BASE_URL, AS_CA);
     }
-    async generateSslCertificate(domains) {
+    async generateSslCertificate(domains, options = this.defaultOptions) {
         const keys = this.keyPair;
-        const publicKeyHash = (0, pki_common_1.getPublicKeyHash)(keys.publicKeyPem);
-        const challenge = await this.challengeProvider.generateChallenge(publicKeyHash);
+        const challenge = await this.generateChallenge(keys.publicKeyPem);
         const cert = await this.attestationServiceClient.generateCertificate({
             domains,
             publicKeyPem: keys.publicKeyPem,
             challenge,
+        }, {
+            type: options.certType,
         });
         return {
             certPem: cert.certPem,
@@ -80,6 +84,25 @@ class PkiClient {
             keyPair: keys,
         };
     }
+    async generateSslCertificateFromCsr(csrPem, options = this.defaultOptions) {
+        const publicKey = (0, pki_common_1.getPublicKeyFromCsr)(csrPem);
+        const challenge = await this.generateChallenge(publicKey);
+        const cert = await this.attestationServiceClient.generateCertificateFromCsr({
+            csrPem,
+            challenge,
+        }, {
+            type: options.certType,
+        });
+        return {
+            certPem: cert.certPem,
+            caBundle: cert.rootCertsPem,
+            domains: cert.domains,
+        };
+    }
+    generateChallenge(publicKeyPem) {
+        const publicKeyHash = (0, pki_common_1.getPublicKeyPemHash)(publicKeyPem);
+        return this.challengeProvider.generateChallenge(publicKeyHash);
+    }
 }
 exports.PkiClient = PkiClient;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGtpQ2xpZW50LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3BraUNsaWVudC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwyREFNb0M7QUFDcEMsMkRBQThFO0FBQzlFLG1FQUd3QztBQUV4QyxNQUFNLFdBQVcsR0FBRyxnREFBZ0QsQ0FBQztBQUNyRSxNQUFNLEtBQUssR0FBRzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OEJBc0NnQixDQUFDO0FBUS9CLE1BQWEsU0FBUztJQUNELE9BQU8sQ0FBYTtJQUNwQixpQkFBaUIsQ0FBb0I7SUFDckMsd0JBQXdCLENBQTJCO0lBRXBFLFlBQVksVUFBK0IsRUFBRTtRQUN6QyxJQUFJLE9BQU8sQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUN4QixJQUFJLENBQUMsT0FBTyxHQUFHO2dCQUNYLGFBQWEsRUFBRSxPQUFPLENBQUMsYUFBYTtnQkFDcEMsWUFBWSxFQUFFLElBQUEsb0NBQXVCLEVBQUMsT0FBTyxDQUFDLGFBQWEsQ0FBQzthQUMvRCxDQUFDO1FBQ04sQ0FBQzthQUFNLENBQUM7WUFDSixJQUFJLENBQUMsT0FBTyxHQUFHLElBQUEsNEJBQWUsR0FBRSxDQUFDO1FBQ3JDLENBQUM7UUFDRCxJQUFJLENBQUMsaUJBQWlCO1lBQ2xCLE9BQU8sQ0FBQyxpQkFBaUIsSUFBSSxJQUFJLHdDQUFvQixFQUFFLENBQUM7UUFDNUQsSUFBSSxDQUFDLHdCQUF3QjtZQUN6QixPQUFPLENBQUMsd0JBQXdCO2dCQUNoQyxJQUFJLCtDQUE4QixDQUFDLFdBQVcsRUFBRSxLQUFLLENBQUMsQ0FBQztJQUMvRCxDQUFDO0lBRUQsS0FBSyxDQUFDLHNCQUFzQixDQUN4QixPQUFpQjtRQUVqQixNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDO1FBQzFCLE1BQU0sYUFBYSxHQUFHLElBQUEsNkJBQWdCLEVBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDO1FBQzFELE1BQU0sU0FBUyxHQUNYLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLGlCQUFpQixDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ2xFLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLHdCQUF3QixDQUFDLG1CQUFtQixDQUFDO1lBQ2pFLE9BQU87WUFDUCxZQUFZLEVBQUUsSUFBSSxDQUFDLFlBQVk7WUFDL0IsU0FBUztTQUNaLENBQUMsQ0FBQztRQUNILE9BQU87WUFDSCxPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU87WUFDckIsUUFBUSxFQUFFLElBQUksQ0FBQyxZQUFZO1lBQzNCLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTztZQUNyQixPQUFPLEVBQUUsSUFBSTtTQUNoQixDQUFDO0lBQ04sQ0FBQztDQUNKO0FBeENELDhCQXdDQyJ9
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGtpQ2xpZW50LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3BraUNsaWVudC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwyREFVb0M7QUFDcEMsMkRBQThFO0FBQzlFLG1FQUd3QztBQUV4QyxNQUFNLFdBQVcsR0FBRyxnREFBZ0QsQ0FBQztBQUNyRSxNQUFNLEtBQUssR0FBRzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OEJBc0NnQixDQUFDO0FBWS9CLE1BQWEsU0FBUztJQUNELE9BQU8sQ0FBYTtJQUNwQixpQkFBaUIsQ0FBb0I7SUFDckMsd0JBQXdCLENBQTJCO0lBQ25ELGNBQWMsR0FBRztRQUM5QixRQUFRLEVBQUUsNEJBQWUsQ0FBQyxLQUFLO0tBQ2xDLENBQUM7SUFFRixZQUFZLFVBQStCLEVBQUU7UUFDekMsSUFBSSxPQUFPLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDeEIsSUFBSSxDQUFDLE9BQU8sR0FBRztnQkFDWCxhQUFhLEVBQUUsT0FBTyxDQUFDLGFBQWE7Z0JBQ3BDLFlBQVksRUFBRSxJQUFBLG9DQUF1QixFQUFDLE9BQU8sQ0FBQyxhQUFhLENBQUM7YUFDL0QsQ0FBQztRQUNOLENBQUM7YUFBTSxDQUFDO1lBQ0osSUFBSSxDQUFDLE9BQU8sR0FBRyxJQUFBLDRCQUFlLEdBQUUsQ0FBQztRQUNyQyxDQUFDO1FBQ0QsSUFBSSxDQUFDLGlCQUFpQjtZQUNsQixPQUFPLENBQUMsaUJBQWlCLElBQUksSUFBSSx3Q0FBb0IsRUFBRSxDQUFDO1FBQzVELElBQUksQ0FBQyx3QkFBd0I7WUFDekIsT0FBTyxDQUFDLHdCQUF3QjtnQkFDaEMsSUFBSSwrQ0FBOEIsQ0FBQyxXQUFXLEVBQUUsS0FBSyxDQUFDLENBQUM7SUFDL0QsQ0FBQztJQUVELEtBQUssQ0FBQyxzQkFBc0IsQ0FDeEIsT0FBaUIsRUFDakIsVUFBc0MsSUFBSSxDQUFDLGNBQWM7UUFFekQsTUFBTSxJQUFJLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQztRQUMxQixNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDbEUsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsd0JBQXdCLENBQUMsbUJBQW1CLENBQ2hFO1lBQ0ksT0FBTztZQUNQLFlBQVksRUFBRSxJQUFJLENBQUMsWUFBWTtZQUMvQixTQUFTO1NBQ1osRUFDRDtZQUNJLElBQUksRUFBRSxPQUFPLENBQUMsUUFBUTtTQUN6QixDQUNKLENBQUM7UUFDRixPQUFPO1lBQ0gsT0FBTyxFQUFFLElBQUksQ0FBQyxPQUFPO1lBQ3JCLFFBQVEsRUFBRSxJQUFJLENBQUMsWUFBWTtZQUMzQixPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU87WUFDckIsT0FBTyxFQUFFLElBQUk7U0FDaEIsQ0FBQztJQUNOLENBQUM7SUFFRCxLQUFLLENBQUMsNkJBQTZCLENBQy9CLE1BQWMsRUFDZCxVQUFzQyxJQUFJLENBQUMsY0FBYztRQUV6RCxNQUFNLFNBQVMsR0FBRyxJQUFBLGdDQUFtQixFQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQzlDLE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQzFELE1BQU0sSUFBSSxHQUNOLE1BQU0sSUFBSSxDQUFDLHdCQUF3QixDQUFDLDBCQUEwQixDQUMxRDtZQUNJLE1BQU07WUFDTixTQUFTO1NBQ1osRUFDRDtZQUNJLElBQUksRUFBRSxPQUFPLENBQUMsUUFBUTtTQUN6QixDQUNKLENBQUM7UUFFTixPQUFPO1lBQ0gsT0FBTyxFQUFFLElBQUksQ0FBQyxPQUFPO1lBQ3JCLFFBQVEsRUFBRSxJQUFJLENBQUMsWUFBWTtZQUMzQixPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU87U0FDeEIsQ0FBQztJQUNOLENBQUM7SUFFTyxpQkFBaUIsQ0FBQyxZQUFvQjtRQUMxQyxNQUFNLGFBQWEsR0FBRyxJQUFBLGdDQUFtQixFQUFDLFlBQVksQ0FBQyxDQUFDO1FBQ3hELE9BQU8sSUFBSSxDQUFDLGlCQUFpQixDQUFDLGlCQUFpQixDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ25FLENBQUM7Q0FDSjtBQTVFRCw4QkE0RUMifQ==

package/dist/pkiClientConfig.d.ts

@@ -0,0 +1,30 @@
+import { ChallengeType } from '@super-protocol/pki-common';
+import { Static } from '@sinclair/typebox';
+declare const PkiClientConfigSchema: import("@sinclair/typebox").TObject<{
+    clientCertProvider: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TObject<{
+        type: import("@sinclair/typebox").TLiteral<"pki-ca">;
+        challengeType: import("@sinclair/typebox").TEnum<typeof ChallengeType>;
+        baseUrl: import("@sinclair/typebox").TString<string>;
+        caBundle: import("@sinclair/typebox").TString<string>;
+    }>, import("@sinclair/typebox").TObject<{
+        type: import("@sinclair/typebox").TLiteral<"static">;
+        certPem: import("@sinclair/typebox").TString<string>;
+        publicKeyPem: import("@sinclair/typebox").TString<string>;
+        privateKeyPem: import("@sinclair/typebox").TString<string>;
+    }>]>;
+}>;
+export type PkiClientConfig = Static<typeof PkiClientConfigSchema>;
+export declare const PkiClientConfigSchemaCompiled: import("@sinclair/typebox/compiler").TypeCheck<import("@sinclair/typebox").TObject<{
+    clientCertProvider: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TObject<{
+        type: import("@sinclair/typebox").TLiteral<"pki-ca">;
+        challengeType: import("@sinclair/typebox").TEnum<typeof ChallengeType>;
+        baseUrl: import("@sinclair/typebox").TString<string>;
+        caBundle: import("@sinclair/typebox").TString<string>;
+    }>, import("@sinclair/typebox").TObject<{
+        type: import("@sinclair/typebox").TLiteral<"static">;
+        certPem: import("@sinclair/typebox").TString<string>;
+        publicKeyPem: import("@sinclair/typebox").TString<string>;
+        privateKeyPem: import("@sinclair/typebox").TString<string>;
+    }>]>;
+}>>;
+export {};

package/dist/pkiClientConfig.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PkiClientConfigSchemaCompiled = void 0;
+const pki_common_1 = require("@super-protocol/pki-common");
+const typebox_1 = require("@sinclair/typebox");
+const compiler_1 = require("@sinclair/typebox/compiler");
+const CaTeePkiCertProviderConfigSchema = typebox_1.Type.Object({
+    type: typebox_1.Type.Literal('pki-ca'),
+    challengeType: typebox_1.Type.Enum(pki_common_1.ChallengeType),
+    baseUrl: typebox_1.Type.String({ minLength: 1 }),
+    caBundle: typebox_1.Type.String({ minLength: 1 }),
+});
+const StaticTeePkiCertProviderConfigSchema = typebox_1.Type.Object({
+    type: typebox_1.Type.Literal('static'),
+    certPem: typebox_1.Type.String({ minLength: 1 }),
+    publicKeyPem: typebox_1.Type.String({ minLength: 1 }),
+    privateKeyPem: typebox_1.Type.String({ minLength: 1 }),
+});
+const TeePkiCertProviderConfigSchema = typebox_1.Type.Union([
+    CaTeePkiCertProviderConfigSchema,
+    StaticTeePkiCertProviderConfigSchema,
+]);
+const PkiClientConfigSchema = typebox_1.Type.Object({
+    clientCertProvider: TeePkiCertProviderConfigSchema,
+});
+exports.PkiClientConfigSchemaCompiled = compiler_1.TypeCompiler.Compile(PkiClientConfigSchema);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGtpQ2xpZW50Q29uZmlnLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3BraUNsaWVudENvbmZpZy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwyREFBMkQ7QUFDM0QsK0NBQWlEO0FBQ2pELHlEQUEwRDtBQUUxRCxNQUFNLGdDQUFnQyxHQUFHLGNBQUksQ0FBQyxNQUFNLENBQUM7SUFDakQsSUFBSSxFQUFFLGNBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDO0lBQzVCLGFBQWEsRUFBRSxjQUFJLENBQUMsSUFBSSxDQUFDLDBCQUFhLENBQUM7SUFDdkMsT0FBTyxFQUFFLGNBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxTQUFTLEVBQUUsQ0FBQyxFQUFFLENBQUM7SUFDdEMsUUFBUSxFQUFFLGNBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxTQUFTLEVBQUUsQ0FBQyxFQUFFLENBQUM7Q0FDMUMsQ0FBQyxDQUFDO0FBRUgsTUFBTSxvQ0FBb0MsR0FBRyxjQUFJLENBQUMsTUFBTSxDQUFDO0lBQ3JELElBQUksRUFBRSxjQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQztJQUM1QixPQUFPLEVBQUUsY0FBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLFNBQVMsRUFBRSxDQUFDLEVBQUUsQ0FBQztJQUN0QyxZQUFZLEVBQUUsY0FBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLFNBQVMsRUFBRSxDQUFDLEVBQUUsQ0FBQztJQUMzQyxhQUFhLEVBQUUsY0FBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLFNBQVMsRUFBRSxDQUFDLEVBQUUsQ0FBQztDQUMvQyxDQUFDLENBQUM7QUFFSCxNQUFNLDhCQUE4QixHQUFHLGNBQUksQ0FBQyxLQUFLLENBQUM7SUFDOUMsZ0NBQWdDO0lBQ2hDLG9DQUFvQztDQUN2QyxDQUFDLENBQUM7QUFFSCxNQUFNLHFCQUFxQixHQUFHLGNBQUksQ0FBQyxNQUFNLENBQUM7SUFDdEMsa0JBQWtCLEVBQUUsOEJBQThCO0NBQ3JELENBQUMsQ0FBQztBQUlVLFFBQUEsNkJBQTZCLEdBQUcsdUJBQVksQ0FBQyxPQUFPLENBQzdELHFCQUFxQixDQUN4QixDQUFDIn0=

package/dist/pkiClientFactory.d.ts

@@ -0,0 +1,13 @@
+/// <reference types="node" />
+import { PkiClientConfig } from './pkiClientConfig';
+import { TeeSslCertificate } from '@super-protocol/pki-common';
+import https from 'node:https';
+export declare class PkiClientFactory {
+    private readonly config;
+    private readonly certPromise;
+    static fromConfigYaml(path: string): Promise<PkiClientFactory>;
+    constructor(config: PkiClientConfig);
+    getHTTPSAgent(): Promise<https.Agent>;
+    getCert(): Promise<TeeSslCertificate>;
+    private getCertificate;
+}

package/dist/pkiClientFactory.js

@@ -0,0 +1,106 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PkiClientFactory = void 0;
+const pkiClientConfig_1 = require("./pkiClientConfig");
+const challengeProvider_1 = require("./challengeProvider");
+const pki_common_1 = require("@super-protocol/pki-common");
+const pki_api_client_1 = require("@super-protocol/pki-api-client");
+const pkiClient_1 = require("./pkiClient");
+const node_https_1 = __importDefault(require("node:https"));
+const fs = __importStar(require("fs"));
+const yaml = __importStar(require("yaml"));
+const tls = __importStar(require("tls"));
+class PkiClientFactory {
+    config;
+    certPromise;
+    static async fromConfigYaml(path) {
+        const data = await fs.promises.readFile(path, 'utf8');
+        const config = yaml.parse(data);
+        const checkResult = pkiClientConfig_1.PkiClientConfigSchemaCompiled.Check(config);
+        if (!checkResult) {
+            const error = pkiClientConfig_1.PkiClientConfigSchemaCompiled.Errors(config).First();
+            throw new Error(JSON.stringify(error));
+        }
+        return new PkiClientFactory(config);
+    }
+    constructor(config) {
+        this.config = config;
+        this.certPromise = this.getCertificate();
+    }
+    async getHTTPSAgent() {
+        const cert = await this.certPromise;
+        const httpsAgent = new node_https_1.default.Agent({
+            ca: [...tls.rootCertificates, cert.caBundle],
+            cert: cert.certPem,
+            key: cert.keyPair.privateKeyPem,
+        });
+        return httpsAgent;
+    }
+    async getCert() {
+        const cert = await this.certPromise;
+        return cert;
+    }
+    async getCertificate() {
+        switch (this.config.clientCertProvider.type) {
+            case 'static':
+                return {
+                    certPem: this.config.clientCertProvider.certPem,
+                    keyPair: {
+                        publicKeyPem: this.config.clientCertProvider.publicKeyPem,
+                        privateKeyPem: this.config.clientCertProvider.privateKeyPem,
+                    },
+                    caBundle: '',
+                    domains: [''],
+                };
+            case 'pki-ca':
+                let challengeProvider;
+                switch (this.config.clientCertProvider.challengeType) {
+                    case pki_common_1.ChallengeType.Untrusted:
+                        challengeProvider = new challengeProvider_1.ChallengeProviderUntrusted(Buffer.from('none', 'ascii'));
+                        break;
+                    case pki_common_1.ChallengeType.SGXDCAP:
+                        challengeProvider = new challengeProvider_1.ChallengeProviderSgx();
+                        break;
+                    case pki_common_1.ChallengeType.TDX:
+                        challengeProvider = new challengeProvider_1.ChallengeProviderTdx();
+                        break;
+                    default:
+                        throw new Error(`Challenge type "${this.config.clientCertProvider.challengeType} is not supported yet"`);
+                }
+                const attestationServiceClient = new pki_api_client_1.StaticAttestationServiceClient(this.config.clientCertProvider.baseUrl, this.config.clientCertProvider.caBundle);
+                const pkiClient = new pkiClient_1.PkiClient({
+                    challengeProvider,
+                    attestationServiceClient,
+                });
+                return await pkiClient.generateSslCertificate(['localhost']);
+        }
+    }
+}
+exports.PkiClientFactory = PkiClientFactory;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGtpQ2xpZW50RmFjdG9yeS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9wa2lDbGllbnRGYWN0b3J5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsdURBRzJCO0FBQzNCLDJEQUs2QjtBQUM3QiwyREFBOEU7QUFDOUUsbUVBQWdGO0FBQ2hGLDJDQUF3QztBQUN4Qyw0REFBK0I7QUFDL0IsdUNBQXlCO0FBQ3pCLDJDQUE2QjtBQUM3Qix5Q0FBMkI7QUFFM0IsTUFBYSxnQkFBZ0I7SUFjSTtJQWJaLFdBQVcsQ0FBNkI7SUFFbEQsTUFBTSxDQUFDLEtBQUssQ0FBQyxjQUFjLENBQUMsSUFBWTtRQUMzQyxNQUFNLElBQUksR0FBRyxNQUFNLEVBQUUsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxNQUFNLENBQUMsQ0FBQztRQUN0RCxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBb0IsQ0FBQztRQUNuRCxNQUFNLFdBQVcsR0FBRywrQ0FBNkIsQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDaEUsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ2YsTUFBTSxLQUFLLEdBQUcsK0NBQTZCLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ25FLE1BQU0sSUFBSSxLQUFLLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDO1FBQzNDLENBQUM7UUFDRCxPQUFPLElBQUksZ0JBQWdCLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVELFlBQTZCLE1BQXVCO1FBQXZCLFdBQU0sR0FBTixNQUFNLENBQWlCO1FBQ2hELElBQUksQ0FBQyxXQUFXLEdBQUcsSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO0lBQzdDLENBQUM7SUFFRCxLQUFLLENBQUMsYUFBYTtRQUNmLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQztRQUNwQyxNQUFNLFVBQVUsR0FBRyxJQUFJLG9CQUFLLENBQUMsS0FBSyxDQUFDO1lBQy9CLEVBQUUsRUFBRSxDQUFDLEdBQUcsR0FBRyxDQUFDLGdCQUFnQixFQUFFLElBQUksQ0FBQyxRQUFRLENBQUM7WUFDNUMsSUFBSSxFQUFFLElBQUksQ0FBQyxPQUFPO1lBQ2xCLEdBQUcsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLGFBQWE7U0FDbEMsQ0FBQyxDQUFDO1FBQ0gsT0FBTyxVQUFVLENBQUM7SUFDdEIsQ0FBQztJQUVELEtBQUssQ0FBQyxPQUFPO1FBQ1QsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDO1FBQ3BDLE9BQU8sSUFBSSxDQUFDO0lBQ2hCLENBQUM7SUFFTyxLQUFLLENBQUMsY0FBYztRQUN4QixRQUFRLElBQUksQ0FBQyxNQUFNLENBQUMsa0JBQWtCLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDMUMsS0FBSyxRQUFRO2dCQUNULE9BQU87b0JBQ0gsT0FBTyxFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsa0JBQWtCLENBQUMsT0FBTztvQkFDL0MsT0FBTyxFQUFFO3dCQUNMLFlBQVksRUFDUixJQUFJLENBQUMsTUFBTSxDQUFDLGtCQUFrQixDQUFDLFlBQVk7d0JBQy9DLGFBQWEsRUFDVCxJQUFJLENBQUMsTUFBTSxDQUFDLGtCQUFrQixDQUFDLGFBQWE7cUJBQ25EO29CQUNELFFBQVEsRUFBRSxFQUFFO29CQUNaLE9BQU8sRUFBRSxDQUFDLEVBQUUsQ0FBQztpQkFDaEIsQ0FBQztZQUNOLEtBQUssUUFBUTtnQkFDVCxJQUFJLGlCQUFvQyxDQUFDO2dCQUN6QyxRQUFRLElBQUksQ0FBQyxNQUFNLENBQUMsa0JBQWtCLENBQUMsYUFBYSxFQUFFLENBQUM7b0JBQ25ELEtBQUssMEJBQWEsQ0FBQyxTQUFTO3dCQUN4QixpQkFBaUIsR0FBRyxJQUFJLDhDQUEwQixDQUM5QyxNQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxPQUFPLENBQUMsQ0FDL0IsQ0FBQzt3QkFDRixNQUFNO29CQUNWLEtBQUssMEJBQWEsQ0FBQyxPQUFPO3dCQUN0QixpQkFBaUIsR0FBRyxJQUFJLHdDQUFvQixFQUFFLENBQUM7d0JBQy9DLE1BQU07b0JBQ1YsS0FBSywwQkFBYSxDQUFDLEdBQUc7d0JBQ2xCLGlCQUFpQixHQUFHLElBQUksd0NBQW9CLEVBQUUsQ0FBQzt3QkFDL0MsTUFBTTtvQkFDVjt3QkFDSSxNQUFNLElBQUksS0FBSyxDQUNYLG1CQUFtQixJQUFJLENBQUMsTUFBTSxDQUFDLGtCQUFrQixDQUFDLGFBQWEsd0JBQXdCLENBQzFGLENBQUM7Z0JBQ1YsQ0FBQztnQkFDRCxNQUFNLHdCQUF3QixHQUMxQixJQUFJLCtDQUE4QixDQUM5QixJQUFJLENBQUMsTUFBTSxDQUFDLGtCQUFrQixDQUFDLE9BQU8sRUFDdEMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQzFDLENBQUM7Z0JBQ04sTUFBTSxTQUFTLEdBQUcsSUFBSSxxQkFBUyxDQUFDO29CQUM1QixpQkFBaUI7b0JBQ2pCLHdCQUF3QjtpQkFDM0IsQ0FBQyxDQUFDO2dCQUNILE9BQU8sTUFBTSxTQUFTLENBQUMsc0JBQXNCLENBQUMsQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDO1FBQ3JFLENBQUM7SUFDTCxDQUFDO0NBQ0o7QUE5RUQsNENBOEVDIn0=

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@super-protocol/pki-client",
-  "version": "1.3.9",
+  "version": "1.5.0",
   "public": true,
   "description": "",
   "main": "dist/index.js",
@@ -15,14 +15,15 @@
   "scripts": {
     "build": "tsc -b",
     "lint": "eslint --max-warnings=0 src",
-    "lint:fix": "eslint --fix src",
-    "publish": "npm publish --access public"
+    "lint:fix": "eslint --fix src"
   },
   "author": "Super Protocol",
   "license": "ISC",
   "dependencies": {
+    "@super-protocol/addons-tee": "^0.8.16",
     "@super-protocol/pki-api-client": "*",
     "@super-protocol/pki-common": "*",
-    "@super-protocol/tee-lib": "^0.2.6"
+    "@super-protocol/tee-lib": "^0.2.6",
+    "yaml": "^2.6.0"
   }
 }