@super-protocol/pki-client 1.6.4 → 1.6.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/challengeProvider/challengeProviderCertificate.d.ts +14 -0
- package/dist/challengeProvider/challengeProviderCertificate.js +71 -0
- package/dist/challengeProvider/{challengeProviderSnp.d.ts → challengeProviderSevSnp.d.ts} +1 -1
- package/dist/challengeProvider/{challengeProviderSnp.js → challengeProviderSevSnp.js} +5 -5
- package/dist/challengeProvider/index.d.ts +2 -1
- package/dist/challengeProvider/index.js +3 -2
- package/dist/pkiClientConfig.d.ts +22 -2
- package/dist/pkiClientConfig.js +22 -2
- package/dist/pkiClientFactory.js +12 -10
- package/package.json +1 -1
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { ChallengeProvider } from './challengeProvider';
|
|
2
|
+
import { Challenge } from '@super-protocol/pki-common';
|
|
3
|
+
export declare class ChallengeProviderCertificate implements ChallengeProvider {
|
|
4
|
+
private readonly orderCertsPath;
|
|
5
|
+
private readonly publicKeyPem;
|
|
6
|
+
private orderCert;
|
|
7
|
+
private orderCaBundle;
|
|
8
|
+
private orderPrivateKey;
|
|
9
|
+
private initialized;
|
|
10
|
+
constructor(orderCertsPath: string, publicKeyPem: string);
|
|
11
|
+
generateChallenge(): Promise<Challenge>;
|
|
12
|
+
private readOrderCerts;
|
|
13
|
+
private signPublicKey;
|
|
14
|
+
}
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
+
if (mod && mod.__esModule) return mod;
|
|
20
|
+
var result = {};
|
|
21
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
+
__setModuleDefault(result, mod);
|
|
23
|
+
return result;
|
|
24
|
+
};
|
|
25
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
+
exports.ChallengeProviderCertificate = void 0;
|
|
27
|
+
const pki_common_1 = require("@super-protocol/pki-common");
|
|
28
|
+
const fs = __importStar(require("fs/promises"));
|
|
29
|
+
const path = __importStar(require("path"));
|
|
30
|
+
const forge = __importStar(require("node-forge"));
|
|
31
|
+
class ChallengeProviderCertificate {
|
|
32
|
+
orderCertsPath;
|
|
33
|
+
publicKeyPem;
|
|
34
|
+
orderCert;
|
|
35
|
+
orderCaBundle;
|
|
36
|
+
orderPrivateKey;
|
|
37
|
+
initialized = false;
|
|
38
|
+
constructor(orderCertsPath, publicKeyPem) {
|
|
39
|
+
this.orderCertsPath = orderCertsPath;
|
|
40
|
+
this.publicKeyPem = publicKeyPem;
|
|
41
|
+
}
|
|
42
|
+
async generateChallenge() {
|
|
43
|
+
if (!this.initialized) {
|
|
44
|
+
try {
|
|
45
|
+
await this.readOrderCerts();
|
|
46
|
+
this.initialized = true;
|
|
47
|
+
}
|
|
48
|
+
catch (error) {
|
|
49
|
+
throw new Error(`Error on reading order certificate files: ${error.message}`);
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
return {
|
|
53
|
+
type: pki_common_1.ChallengeType.Certificate,
|
|
54
|
+
userDataSignatureBase64: this.signPublicKey(this.publicKeyPem),
|
|
55
|
+
orderCertificate: this.orderCert,
|
|
56
|
+
orderCABundle: this.orderCaBundle,
|
|
57
|
+
};
|
|
58
|
+
}
|
|
59
|
+
async readOrderCerts() {
|
|
60
|
+
this.orderCert = await fs.readFile(path.join(this.orderCertsPath, 'order_cert.crt'), 'utf8');
|
|
61
|
+
this.orderPrivateKey = await fs.readFile(path.join(this.orderCertsPath, 'order_cert.key'), 'utf8');
|
|
62
|
+
this.orderCaBundle = await fs.readFile(path.join(this.orderCertsPath, 'order_cert_ca_bundle.crt'), 'utf8');
|
|
63
|
+
}
|
|
64
|
+
signPublicKey(publicKeyPem) {
|
|
65
|
+
const privateKey = forge.pki.privateKeyFromPem(this.orderPrivateKey);
|
|
66
|
+
const signature = privateKey.sign((0, pki_common_1.getPublicKeyDigestRaw)(publicKeyPem));
|
|
67
|
+
return forge.util.encode64(signature);
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
exports.ChallengeProviderCertificate = ChallengeProviderCertificate;
|
|
71
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2hhbGxlbmdlUHJvdmlkZXJDZXJ0aWZpY2F0ZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9jaGFsbGVuZ2VQcm92aWRlci9jaGFsbGVuZ2VQcm92aWRlckNlcnRpZmljYXRlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQ0EsMkRBSW9DO0FBQ3BDLGdEQUFrQztBQUNsQywyQ0FBNkI7QUFDN0Isa0RBQW9DO0FBRXBDLE1BQWEsNEJBQTRCO0lBT2hCO0lBQ0E7SUFQYixTQUFTLENBQVU7SUFDbkIsYUFBYSxDQUFVO0lBQ3ZCLGVBQWUsQ0FBVTtJQUN6QixXQUFXLEdBQUcsS0FBSyxDQUFDO0lBRTVCLFlBQ3FCLGNBQXNCLEVBQ3RCLFlBQW9CO1FBRHBCLG1CQUFjLEdBQWQsY0FBYyxDQUFRO1FBQ3RCLGlCQUFZLEdBQVosWUFBWSxDQUFRO0lBQ3RDLENBQUM7SUFDSixLQUFLLENBQUMsaUJBQWlCO1FBQ25CLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDcEIsSUFBSSxDQUFDO2dCQUNELE1BQU0sSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO2dCQUM1QixJQUFJLENBQUMsV0FBVyxHQUFHLElBQUksQ0FBQztZQUM1QixDQUFDO1lBQUMsT0FBTyxLQUFVLEVBQUUsQ0FBQztnQkFDbEIsTUFBTSxJQUFJLEtBQUssQ0FDWCw2Q0FBNkMsS0FBSyxDQUFDLE9BQU8sRUFBRSxDQUMvRCxDQUFDO1lBQ04sQ0FBQztRQUNMLENBQUM7UUFDRCxPQUFPO1lBQ0gsSUFBSSxFQUFFLDBCQUFhLENBQUMsV0FBVztZQUMvQix1QkFBdUIsRUFBRSxJQUFJLENBQUMsYUFBYSxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUM7WUFDOUQsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLFNBQVM7WUFDaEMsYUFBYSxFQUFFLElBQUksQ0FBQyxhQUFhO1NBQ3BDLENBQUM7SUFDTixDQUFDO0lBQ08sS0FBSyxDQUFDLGNBQWM7UUFDeEIsSUFBSSxDQUFDLFNBQVMsR0FBRyxNQUFNLEVBQUUsQ0FBQyxRQUFRLENBQzlCLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGNBQWMsRUFBRSxnQkFBZ0IsQ0FBQyxFQUNoRCxNQUFNLENBQ1QsQ0FBQztRQUNGLElBQUksQ0FBQyxlQUFlLEdBQUcsTUFBTSxFQUFFLENBQUMsUUFBUSxDQUNwQyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxjQUFjLEVBQUUsZ0JBQWdCLENBQUMsRUFDaEQsTUFBTSxDQUNULENBQUM7UUFDRixJQUFJLENBQUMsYUFBYSxHQUFHLE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FDbEMsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxFQUFFLDBCQUEwQixDQUFDLEVBQzFELE1BQU0sQ0FDVCxDQUFDO0lBQ04sQ0FBQztJQUVPLGFBQWEsQ0FBQyxZQUFvQjtRQUN0QyxNQUFNLFVBQVUsR0FBRyxLQUFLLENBQUMsR0FBRyxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsQ0FBQztRQUNyRSxNQUFNLFNBQVMsR0FBRyxVQUFVLENBQUMsSUFBSSxDQUFDLElBQUEsa0NBQXFCLEVBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQztRQUN2RSxPQUFPLEtBQUssQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQzFDLENBQUM7Q0FDSjtBQWhERCxvRUFnREMifQ==
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
2
|
import { ChallengeProvider } from './challengeProvider';
|
|
3
3
|
import { Challenge } from '@super-protocol/pki-common';
|
|
4
|
-
export declare class
|
|
4
|
+
export declare class ChallengeProviderSevSnp implements ChallengeProvider {
|
|
5
5
|
generateChallenge(userData: Buffer): Promise<Challenge>;
|
|
6
6
|
}
|
|
@@ -23,10 +23,10 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
|
|
23
23
|
return result;
|
|
24
24
|
};
|
|
25
25
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
-
exports.
|
|
26
|
+
exports.ChallengeProviderSevSnp = void 0;
|
|
27
27
|
const challengeNvidiaCCHelper_1 = require("./challengeNvidiaCCHelper");
|
|
28
28
|
const pki_common_1 = require("@super-protocol/pki-common");
|
|
29
|
-
class
|
|
29
|
+
class ChallengeProviderSevSnp {
|
|
30
30
|
async generateChallenge(userData) {
|
|
31
31
|
// This module depends on native library that cannot be compiled for all architectures / operating systems.
|
|
32
32
|
// That is why we load it dynamically and use only when it's really needed.
|
|
@@ -34,11 +34,11 @@ class ChallengeProviderSNP {
|
|
|
34
34
|
const { challengeData, nvidiaTokens } = await challengeNvidiaCCHelper_1.ChallengeNvidiaCCHelper.getTokenAndCombinedChallengeData(userData);
|
|
35
35
|
const report = await SgxNative.SevSNP.generateSNPReportWithChain(challengeData);
|
|
36
36
|
return {
|
|
37
|
-
type: pki_common_1.ChallengeType.
|
|
37
|
+
type: pki_common_1.ChallengeType.SEVSNP,
|
|
38
38
|
serializedReportBase64: SgxNative.SevSNP.serializeSNPReport(report).toString('base64'),
|
|
39
39
|
nvidiaTokens,
|
|
40
40
|
};
|
|
41
41
|
}
|
|
42
42
|
}
|
|
43
|
-
exports.
|
|
44
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
43
|
+
exports.ChallengeProviderSevSnp = ChallengeProviderSevSnp;
|
|
44
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2hhbGxlbmdlUHJvdmlkZXJTZXZTbnAuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvY2hhbGxlbmdlUHJvdmlkZXIvY2hhbGxlbmdlUHJvdmlkZXJTZXZTbnAudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSx1RUFBb0U7QUFFcEUsMkRBQXNFO0FBRXRFLE1BQWEsdUJBQXVCO0lBQ2hDLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxRQUFnQjtRQUNwQywyR0FBMkc7UUFDM0csMkVBQTJFO1FBQzNFLE1BQU0sRUFBRSxTQUFTLEVBQUUsR0FBRyx3REFBYSw0QkFBNEIsR0FBQyxDQUFDO1FBRWpFLE1BQU0sRUFBRSxhQUFhLEVBQUUsWUFBWSxFQUFFLEdBQ2pDLE1BQU0saURBQXVCLENBQUMsZ0NBQWdDLENBQzFELFFBQVEsQ0FDWCxDQUFDO1FBQ04sTUFBTSxNQUFNLEdBQ1IsTUFBTSxTQUFTLENBQUMsTUFBTSxDQUFDLDBCQUEwQixDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ3JFLE9BQU87WUFDSCxJQUFJLEVBQUUsMEJBQWEsQ0FBQyxNQUFNO1lBQzFCLHNCQUFzQixFQUNsQixTQUFTLENBQUMsTUFBTSxDQUFDLGtCQUFrQixDQUFDLE1BQU0sQ0FBQyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUM7WUFDbEUsWUFBWTtTQUNmLENBQUM7SUFDTixDQUFDO0NBQ0o7QUFuQkQsMERBbUJDIn0=
|
|
@@ -2,5 +2,6 @@ export * from './challengeProvider';
|
|
|
2
2
|
export * from './challengeProviderSgx';
|
|
3
3
|
export * from './challengeProviderTdx';
|
|
4
4
|
export * from './challengeProviderUntrusted';
|
|
5
|
-
export * from './
|
|
5
|
+
export * from './challengeProviderSevSnp';
|
|
6
6
|
export * from './challengeNvidiaCCHelper';
|
|
7
|
+
export * from './challengeProviderCertificate';
|
|
@@ -18,6 +18,7 @@ __exportStar(require("./challengeProvider"), exports);
|
|
|
18
18
|
__exportStar(require("./challengeProviderSgx"), exports);
|
|
19
19
|
__exportStar(require("./challengeProviderTdx"), exports);
|
|
20
20
|
__exportStar(require("./challengeProviderUntrusted"), exports);
|
|
21
|
-
__exportStar(require("./
|
|
21
|
+
__exportStar(require("./challengeProviderSevSnp"), exports);
|
|
22
22
|
__exportStar(require("./challengeNvidiaCCHelper"), exports);
|
|
23
|
-
|
|
23
|
+
__exportStar(require("./challengeProviderCertificate"), exports);
|
|
24
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvY2hhbGxlbmdlUHJvdmlkZXIvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLHNEQUFvQztBQUNwQyx5REFBdUM7QUFDdkMseURBQXVDO0FBQ3ZDLCtEQUE2QztBQUM3Qyw0REFBMEM7QUFDMUMsNERBQTBDO0FBQzFDLGlFQUErQyJ9
|
|
@@ -3,7 +3,17 @@ import { Static } from '@sinclair/typebox';
|
|
|
3
3
|
declare const PkiClientConfigSchema: import("@sinclair/typebox").TObject<{
|
|
4
4
|
clientCertProvider: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TObject<{
|
|
5
5
|
type: import("@sinclair/typebox").TLiteral<"pki-ca">;
|
|
6
|
-
|
|
6
|
+
challenge: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TObject<{
|
|
7
|
+
type: import("@sinclair/typebox").TLiteral<ChallengeType.Untrusted>;
|
|
8
|
+
idHex: import("@sinclair/typebox").TString<string>;
|
|
9
|
+
commonIdHex: import("@sinclair/typebox").TString<string>;
|
|
10
|
+
}>, import("@sinclair/typebox").TObject<{
|
|
11
|
+
type: import("@sinclair/typebox").TLiteral<ChallengeType.TDX>;
|
|
12
|
+
}>, import("@sinclair/typebox").TObject<{
|
|
13
|
+
type: import("@sinclair/typebox").TLiteral<ChallengeType.SEVSNP>;
|
|
14
|
+
}>, import("@sinclair/typebox").TObject<{
|
|
15
|
+
type: import("@sinclair/typebox").TLiteral<ChallengeType.SGXDCAP>;
|
|
16
|
+
}>]>;
|
|
7
17
|
baseUrl: import("@sinclair/typebox").TString<string>;
|
|
8
18
|
caBundle: import("@sinclair/typebox").TString<string>;
|
|
9
19
|
}>, import("@sinclair/typebox").TObject<{
|
|
@@ -17,7 +27,17 @@ export type PkiClientConfig = Static<typeof PkiClientConfigSchema>;
|
|
|
17
27
|
export declare const PkiClientConfigSchemaCompiled: import("@sinclair/typebox/compiler").TypeCheck<import("@sinclair/typebox").TObject<{
|
|
18
28
|
clientCertProvider: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TObject<{
|
|
19
29
|
type: import("@sinclair/typebox").TLiteral<"pki-ca">;
|
|
20
|
-
|
|
30
|
+
challenge: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TObject<{
|
|
31
|
+
type: import("@sinclair/typebox").TLiteral<ChallengeType.Untrusted>;
|
|
32
|
+
idHex: import("@sinclair/typebox").TString<string>;
|
|
33
|
+
commonIdHex: import("@sinclair/typebox").TString<string>;
|
|
34
|
+
}>, import("@sinclair/typebox").TObject<{
|
|
35
|
+
type: import("@sinclair/typebox").TLiteral<ChallengeType.TDX>;
|
|
36
|
+
}>, import("@sinclair/typebox").TObject<{
|
|
37
|
+
type: import("@sinclair/typebox").TLiteral<ChallengeType.SEVSNP>;
|
|
38
|
+
}>, import("@sinclair/typebox").TObject<{
|
|
39
|
+
type: import("@sinclair/typebox").TLiteral<ChallengeType.SGXDCAP>;
|
|
40
|
+
}>]>;
|
|
21
41
|
baseUrl: import("@sinclair/typebox").TString<string>;
|
|
22
42
|
caBundle: import("@sinclair/typebox").TString<string>;
|
|
23
43
|
}>, import("@sinclair/typebox").TObject<{
|
package/dist/pkiClientConfig.js
CHANGED
|
@@ -4,9 +4,29 @@ exports.PkiClientConfigSchemaCompiled = void 0;
|
|
|
4
4
|
const pki_common_1 = require("@super-protocol/pki-common");
|
|
5
5
|
const typebox_1 = require("@sinclair/typebox");
|
|
6
6
|
const compiler_1 = require("@sinclair/typebox/compiler");
|
|
7
|
+
const CaTeePkiCertProviderChallengeUntrusted = typebox_1.Type.Object({
|
|
8
|
+
type: typebox_1.Type.Literal(pki_common_1.ChallengeType.Untrusted),
|
|
9
|
+
idHex: typebox_1.Type.String({ minLength: 1 }),
|
|
10
|
+
commonIdHex: typebox_1.Type.String({ minLength: 1 }),
|
|
11
|
+
});
|
|
12
|
+
const CaTeePkiCertProviderChallengeTDX = typebox_1.Type.Object({
|
|
13
|
+
type: typebox_1.Type.Literal(pki_common_1.ChallengeType.TDX),
|
|
14
|
+
});
|
|
15
|
+
const CaTeePkiCertProviderChallengeSEV = typebox_1.Type.Object({
|
|
16
|
+
type: typebox_1.Type.Literal(pki_common_1.ChallengeType.SEVSNP),
|
|
17
|
+
});
|
|
18
|
+
const CaTeePkiCertProviderChallengeSGX = typebox_1.Type.Object({
|
|
19
|
+
type: typebox_1.Type.Literal(pki_common_1.ChallengeType.SGXDCAP),
|
|
20
|
+
});
|
|
21
|
+
const CaTeePkiCertProviderChallenge = typebox_1.Type.Union([
|
|
22
|
+
CaTeePkiCertProviderChallengeUntrusted,
|
|
23
|
+
CaTeePkiCertProviderChallengeTDX,
|
|
24
|
+
CaTeePkiCertProviderChallengeSEV,
|
|
25
|
+
CaTeePkiCertProviderChallengeSGX,
|
|
26
|
+
]);
|
|
7
27
|
const CaTeePkiCertProviderConfigSchema = typebox_1.Type.Object({
|
|
8
28
|
type: typebox_1.Type.Literal('pki-ca'),
|
|
9
|
-
|
|
29
|
+
challenge: CaTeePkiCertProviderChallenge,
|
|
10
30
|
baseUrl: typebox_1.Type.String({ minLength: 1 }),
|
|
11
31
|
caBundle: typebox_1.Type.String({ minLength: 1 }),
|
|
12
32
|
});
|
|
@@ -24,4 +44,4 @@ const PkiClientConfigSchema = typebox_1.Type.Object({
|
|
|
24
44
|
clientCertProvider: TeePkiCertProviderConfigSchema,
|
|
25
45
|
});
|
|
26
46
|
exports.PkiClientConfigSchemaCompiled = compiler_1.TypeCompiler.Compile(PkiClientConfigSchema);
|
|
27
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
47
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGtpQ2xpZW50Q29uZmlnLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3BraUNsaWVudENvbmZpZy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwyREFBMkQ7QUFDM0QsK0NBQWlEO0FBQ2pELHlEQUEwRDtBQUUxRCxNQUFNLHNDQUFzQyxHQUFHLGNBQUksQ0FBQyxNQUFNLENBQUM7SUFDdkQsSUFBSSxFQUFFLGNBQUksQ0FBQyxPQUFPLENBQUMsMEJBQWEsQ0FBQyxTQUFTLENBQUM7SUFDM0MsS0FBSyxFQUFFLGNBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxTQUFTLEVBQUUsQ0FBQyxFQUFFLENBQUM7SUFDcEMsV0FBVyxFQUFFLGNBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxTQUFTLEVBQUUsQ0FBQyxFQUFFLENBQUM7Q0FDN0MsQ0FBQyxDQUFDO0FBRUgsTUFBTSxnQ0FBZ0MsR0FBRyxjQUFJLENBQUMsTUFBTSxDQUFDO0lBQ2pELElBQUksRUFBRSxjQUFJLENBQUMsT0FBTyxDQUFDLDBCQUFhLENBQUMsR0FBRyxDQUFDO0NBQ3hDLENBQUMsQ0FBQztBQUVILE1BQU0sZ0NBQWdDLEdBQUcsY0FBSSxDQUFDLE1BQU0sQ0FBQztJQUNqRCxJQUFJLEVBQUUsY0FBSSxDQUFDLE9BQU8sQ0FBQywwQkFBYSxDQUFDLE1BQU0sQ0FBQztDQUMzQyxDQUFDLENBQUM7QUFFSCxNQUFNLGdDQUFnQyxHQUFHLGNBQUksQ0FBQyxNQUFNLENBQUM7SUFDakQsSUFBSSxFQUFFLGNBQUksQ0FBQyxPQUFPLENBQUMsMEJBQWEsQ0FBQyxPQUFPLENBQUM7Q0FDNUMsQ0FBQyxDQUFDO0FBRUgsTUFBTSw2QkFBNkIsR0FBRyxjQUFJLENBQUMsS0FBSyxDQUFDO0lBQzdDLHNDQUFzQztJQUN0QyxnQ0FBZ0M7SUFDaEMsZ0NBQWdDO0lBQ2hDLGdDQUFnQztDQUNuQyxDQUFDLENBQUM7QUFFSCxNQUFNLGdDQUFnQyxHQUFHLGNBQUksQ0FBQyxNQUFNLENBQUM7SUFDakQsSUFBSSxFQUFFLGNBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDO0lBQzVCLFNBQVMsRUFBRSw2QkFBNkI7SUFDeEMsT0FBTyxFQUFFLGNBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxTQUFTLEVBQUUsQ0FBQyxFQUFFLENBQUM7SUFDdEMsUUFBUSxFQUFFLGNBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxTQUFTLEVBQUUsQ0FBQyxFQUFFLENBQUM7Q0FDMUMsQ0FBQyxDQUFDO0FBRUgsTUFBTSxvQ0FBb0MsR0FBRyxjQUFJLENBQUMsTUFBTSxDQUFDO0lBQ3JELElBQUksRUFBRSxjQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQztJQUM1QixPQUFPLEVBQUUsY0FBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLFNBQVMsRUFBRSxDQUFDLEVBQUUsQ0FBQztJQUN0QyxZQUFZLEVBQUUsY0FBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLFNBQVMsRUFBRSxDQUFDLEVBQUUsQ0FBQztJQUMzQyxhQUFhLEVBQUUsY0FBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLFNBQVMsRUFBRSxDQUFDLEVBQUUsQ0FBQztDQUMvQyxDQUFDLENBQUM7QUFFSCxNQUFNLDhCQUE4QixHQUFHLGNBQUksQ0FBQyxLQUFLLENBQUM7SUFDOUMsZ0NBQWdDO0lBQ2hDLG9DQUFvQztDQUN2QyxDQUFDLENBQUM7QUFFSCxNQUFNLHFCQUFxQixHQUFHLGNBQUksQ0FBQyxNQUFNLENBQUM7SUFDdEMsa0JBQWtCLEVBQUUsOEJBQThCO0NBQ3JELENBQUMsQ0FBQztBQUlVLFFBQUEsNkJBQTZCLEdBQUcsdUJBQVksQ0FBQyxPQUFPLENBQzdELHFCQUFxQixDQUN4QixDQUFDIn0=
|
package/dist/pkiClientFactory.js
CHANGED
|
@@ -54,11 +54,12 @@ class PkiClientFactory {
|
|
|
54
54
|
this.certPromise = this.getCertificate();
|
|
55
55
|
}
|
|
56
56
|
async getHTTPSAgent() {
|
|
57
|
-
const
|
|
57
|
+
const certs = await this.certPromise;
|
|
58
|
+
const { cert, intermediateCertificates, ca } = (0, pki_common_1.extractIntermediateCertificates)(certs);
|
|
58
59
|
const httpsAgent = new node_https_1.default.Agent({
|
|
59
|
-
ca: [...tls.rootCertificates,
|
|
60
|
-
cert: cert
|
|
61
|
-
key:
|
|
60
|
+
ca: [...tls.rootCertificates, ca],
|
|
61
|
+
cert: cert + intermediateCertificates,
|
|
62
|
+
key: certs.keyPair.privateKeyPem,
|
|
62
63
|
});
|
|
63
64
|
return httpsAgent;
|
|
64
65
|
}
|
|
@@ -80,9 +81,10 @@ class PkiClientFactory {
|
|
|
80
81
|
};
|
|
81
82
|
case 'pki-ca':
|
|
82
83
|
let challengeProvider;
|
|
83
|
-
|
|
84
|
+
const challengeType = this.config.clientCertProvider.challenge.type;
|
|
85
|
+
switch (challengeType) {
|
|
84
86
|
case pki_common_1.ChallengeType.Untrusted:
|
|
85
|
-
challengeProvider = new challengeProvider_1.ChallengeProviderUntrusted(Buffer.from(
|
|
87
|
+
challengeProvider = new challengeProvider_1.ChallengeProviderUntrusted(Buffer.from(this.config.clientCertProvider.challenge.idHex, 'hex'));
|
|
86
88
|
break;
|
|
87
89
|
case pki_common_1.ChallengeType.SGXDCAP:
|
|
88
90
|
challengeProvider = new challengeProvider_1.ChallengeProviderSgx();
|
|
@@ -90,11 +92,11 @@ class PkiClientFactory {
|
|
|
90
92
|
case pki_common_1.ChallengeType.TDX:
|
|
91
93
|
challengeProvider = new challengeProvider_1.ChallengeProviderTdx();
|
|
92
94
|
break;
|
|
93
|
-
case pki_common_1.ChallengeType.
|
|
94
|
-
challengeProvider = new challengeProvider_1.
|
|
95
|
+
case pki_common_1.ChallengeType.SEVSNP:
|
|
96
|
+
challengeProvider = new challengeProvider_1.ChallengeProviderSevSnp();
|
|
95
97
|
break;
|
|
96
98
|
default:
|
|
97
|
-
throw new Error(`Challenge type "${
|
|
99
|
+
throw new Error(`Challenge type "${challengeType} is not supported yet"`);
|
|
98
100
|
}
|
|
99
101
|
const attestationServiceClient = new pki_api_client_1.StaticAttestationServiceClient(this.config.clientCertProvider.baseUrl, this.config.clientCertProvider.caBundle);
|
|
100
102
|
const pkiClient = new pkiClient_1.PkiClient({
|
|
@@ -106,4 +108,4 @@ class PkiClientFactory {
|
|
|
106
108
|
}
|
|
107
109
|
}
|
|
108
110
|
exports.PkiClientFactory = PkiClientFactory;
|
|
109
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
111
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGtpQ2xpZW50RmFjdG9yeS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9wa2lDbGllbnRGYWN0b3J5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsdURBRzJCO0FBQzNCLDJEQU02QjtBQUM3QiwyREFJb0M7QUFDcEMsbUVBQWdGO0FBQ2hGLDJDQUF3QztBQUN4Qyw0REFBK0I7QUFDL0IsdUNBQXlCO0FBQ3pCLDJDQUE2QjtBQUM3Qix5Q0FBMkI7QUFFM0IsTUFBYSxnQkFBZ0I7SUFjSTtJQWJaLFdBQVcsQ0FBNkI7SUFFbEQsTUFBTSxDQUFDLEtBQUssQ0FBQyxjQUFjLENBQUMsSUFBWTtRQUMzQyxNQUFNLElBQUksR0FBRyxNQUFNLEVBQUUsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxNQUFNLENBQUMsQ0FBQztRQUN0RCxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBb0IsQ0FBQztRQUNuRCxNQUFNLFdBQVcsR0FBRywrQ0FBNkIsQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDaEUsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ2YsTUFBTSxLQUFLLEdBQUcsK0NBQTZCLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ25FLE1BQU0sSUFBSSxLQUFLLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDO1FBQzNDLENBQUM7UUFDRCxPQUFPLElBQUksZ0JBQWdCLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVELFlBQTZCLE1BQXVCO1FBQXZCLFdBQU0sR0FBTixNQUFNLENBQWlCO1FBQ2hELElBQUksQ0FBQyxXQUFXLEdBQUcsSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO0lBQzdDLENBQUM7SUFFRCxLQUFLLENBQUMsYUFBYTtRQUNmLE1BQU0sS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQztRQUNyQyxNQUFNLEVBQUUsSUFBSSxFQUFFLHdCQUF3QixFQUFFLEVBQUUsRUFBRSxHQUN4QyxJQUFBLDRDQUErQixFQUFDLEtBQUssQ0FBQyxDQUFDO1FBQzNDLE1BQU0sVUFBVSxHQUFHLElBQUksb0JBQUssQ0FBQyxLQUFLLENBQUM7WUFDL0IsRUFBRSxFQUFFLENBQUMsR0FBRyxHQUFHLENBQUMsZ0JBQWdCLEVBQUUsRUFBRSxDQUFDO1lBQ2pDLElBQUksRUFBRSxJQUFJLEdBQUcsd0JBQXdCO1lBQ3JDLEdBQUcsRUFBRSxLQUFLLENBQUMsT0FBTyxDQUFDLGFBQWE7U0FDbkMsQ0FBQyxDQUFDO1FBQ0gsT0FBTyxVQUFVLENBQUM7SUFDdEIsQ0FBQztJQUVELEtBQUssQ0FBQyxPQUFPO1FBQ1QsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDO1FBQ3BDLE9BQU8sSUFBSSxDQUFDO0lBQ2hCLENBQUM7SUFFTyxLQUFLLENBQUMsY0FBYztRQUN4QixRQUFRLElBQUksQ0FBQyxNQUFNLENBQUMsa0JBQWtCLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDMUMsS0FBSyxRQUFRO2dCQUNULE9BQU87b0JBQ0gsT0FBTyxFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsa0JBQWtCLENBQUMsT0FBTztvQkFDL0MsT0FBTyxFQUFFO3dCQUNMLFlBQVksRUFDUixJQUFJLENBQUMsTUFBTSxDQUFDLGtCQUFrQixDQUFDLFlBQVk7d0JBQy9DLGFBQWEsRUFDVCxJQUFJLENBQUMsTUFBTSxDQUFDLGtCQUFrQixDQUFDLGFBQWE7cUJBQ25EO29CQUNELFFBQVEsRUFBRSxFQUFFO29CQUNaLE9BQU8sRUFBRSxDQUFDLEVBQUUsQ0FBQztpQkFDaEIsQ0FBQztZQUNOLEtBQUssUUFBUTtnQkFDVCxJQUFJLGlCQUFvQyxDQUFDO2dCQUN6QyxNQUFNLGFBQWEsR0FDZixJQUFJLENBQUMsTUFBTSxDQUFDLGtCQUFrQixDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUM7Z0JBQ2xELFFBQVEsYUFBYSxFQUFFLENBQUM7b0JBQ3BCLEtBQUssMEJBQWEsQ0FBQyxTQUFTO3dCQUN4QixpQkFBaUIsR0FBRyxJQUFJLDhDQUEwQixDQUM5QyxNQUFNLENBQUMsSUFBSSxDQUNQLElBQUksQ0FBQyxNQUFNLENBQUMsa0JBQWtCLENBQUMsU0FBUyxDQUFDLEtBQUssRUFDOUMsS0FBSyxDQUNSLENBQ0osQ0FBQzt3QkFDRixNQUFNO29CQUNWLEtBQUssMEJBQWEsQ0FBQyxPQUFPO3dCQUN0QixpQkFBaUIsR0FBRyxJQUFJLHdDQUFvQixFQUFFLENBQUM7d0JBQy9DLE1BQU07b0JBQ1YsS0FBSywwQkFBYSxDQUFDLEdBQUc7d0JBQ2xCLGlCQUFpQixHQUFHLElBQUksd0NBQW9CLEVBQUUsQ0FBQzt3QkFDL0MsTUFBTTtvQkFDVixLQUFLLDBCQUFhLENBQUMsTUFBTTt3QkFDckIsaUJBQWlCLEdBQUcsSUFBSSwyQ0FBdUIsRUFBRSxDQUFDO3dCQUNsRCxNQUFNO29CQUNWO3dCQUNJLE1BQU0sSUFBSSxLQUFLLENBQ1gsbUJBQW1CLGFBQWEsd0JBQXdCLENBQzNELENBQUM7Z0JBQ1YsQ0FBQztnQkFDRCxNQUFNLHdCQUF3QixHQUMxQixJQUFJLCtDQUE4QixDQUM5QixJQUFJLENBQUMsTUFBTSxDQUFDLGtCQUFrQixDQUFDLE9BQU8sRUFDdEMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQzFDLENBQUM7Z0JBQ04sTUFBTSxTQUFTLEdBQUcsSUFBSSxxQkFBUyxDQUFDO29CQUM1QixpQkFBaUI7b0JBQ2pCLHdCQUF3QjtpQkFDM0IsQ0FBQyxDQUFDO2dCQUNILE9BQU8sTUFBTSxTQUFTLENBQUMsc0JBQXNCLENBQUMsQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDO1FBQ3JFLENBQUM7SUFDTCxDQUFDO0NBQ0o7QUF4RkQsNENBd0ZDIn0=
|