@super-protocol/pki-client 1.6.5 → 1.6.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/challengeProvider/challengeProviderCertificate.d.ts +14 -0
- package/dist/challengeProvider/challengeProviderCertificate.js +71 -0
- package/dist/challengeProvider/index.d.ts +1 -0
- package/dist/challengeProvider/index.js +2 -1
- package/dist/pkiClientConfig.d.ts +22 -2
- package/dist/pkiClientConfig.js +22 -2
- package/dist/pkiClientFactory.js +10 -8
- package/package.json +1 -1
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { ChallengeProvider } from './challengeProvider';
|
|
2
|
+
import { Challenge } from '@super-protocol/pki-common';
|
|
3
|
+
export declare class ChallengeProviderCertificate implements ChallengeProvider {
|
|
4
|
+
private readonly orderCertsPath;
|
|
5
|
+
private readonly publicKeyPem;
|
|
6
|
+
private orderCert;
|
|
7
|
+
private orderCaBundle;
|
|
8
|
+
private orderPrivateKey;
|
|
9
|
+
private initialized;
|
|
10
|
+
constructor(orderCertsPath: string, publicKeyPem: string);
|
|
11
|
+
generateChallenge(): Promise<Challenge>;
|
|
12
|
+
private readOrderCerts;
|
|
13
|
+
private signPublicKey;
|
|
14
|
+
}
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
+
if (mod && mod.__esModule) return mod;
|
|
20
|
+
var result = {};
|
|
21
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
+
__setModuleDefault(result, mod);
|
|
23
|
+
return result;
|
|
24
|
+
};
|
|
25
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
+
exports.ChallengeProviderCertificate = void 0;
|
|
27
|
+
const pki_common_1 = require("@super-protocol/pki-common");
|
|
28
|
+
const fs = __importStar(require("fs/promises"));
|
|
29
|
+
const path = __importStar(require("path"));
|
|
30
|
+
const forge = __importStar(require("node-forge"));
|
|
31
|
+
class ChallengeProviderCertificate {
|
|
32
|
+
orderCertsPath;
|
|
33
|
+
publicKeyPem;
|
|
34
|
+
orderCert;
|
|
35
|
+
orderCaBundle;
|
|
36
|
+
orderPrivateKey;
|
|
37
|
+
initialized = false;
|
|
38
|
+
constructor(orderCertsPath, publicKeyPem) {
|
|
39
|
+
this.orderCertsPath = orderCertsPath;
|
|
40
|
+
this.publicKeyPem = publicKeyPem;
|
|
41
|
+
}
|
|
42
|
+
async generateChallenge() {
|
|
43
|
+
if (!this.initialized) {
|
|
44
|
+
try {
|
|
45
|
+
await this.readOrderCerts();
|
|
46
|
+
this.initialized = true;
|
|
47
|
+
}
|
|
48
|
+
catch (error) {
|
|
49
|
+
throw new Error(`Error on reading order certificate files: ${error.message}`);
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
return {
|
|
53
|
+
type: pki_common_1.ChallengeType.Certificate,
|
|
54
|
+
userDataSignatureBase64: this.signPublicKey(this.publicKeyPem),
|
|
55
|
+
orderCertificate: this.orderCert,
|
|
56
|
+
orderCABundle: this.orderCaBundle,
|
|
57
|
+
};
|
|
58
|
+
}
|
|
59
|
+
async readOrderCerts() {
|
|
60
|
+
this.orderCert = await fs.readFile(path.join(this.orderCertsPath, 'order_cert.crt'), 'utf8');
|
|
61
|
+
this.orderPrivateKey = await fs.readFile(path.join(this.orderCertsPath, 'order_cert.key'), 'utf8');
|
|
62
|
+
this.orderCaBundle = await fs.readFile(path.join(this.orderCertsPath, 'order_cert_ca_bundle.crt'), 'utf8');
|
|
63
|
+
}
|
|
64
|
+
signPublicKey(publicKeyPem) {
|
|
65
|
+
const privateKey = forge.pki.privateKeyFromPem(this.orderPrivateKey);
|
|
66
|
+
const signature = privateKey.sign((0, pki_common_1.getPublicKeyDigestRaw)(publicKeyPem));
|
|
67
|
+
return forge.util.encode64(signature);
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
exports.ChallengeProviderCertificate = ChallengeProviderCertificate;
|
|
71
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2hhbGxlbmdlUHJvdmlkZXJDZXJ0aWZpY2F0ZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9jaGFsbGVuZ2VQcm92aWRlci9jaGFsbGVuZ2VQcm92aWRlckNlcnRpZmljYXRlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQ0EsMkRBSW9DO0FBQ3BDLGdEQUFrQztBQUNsQywyQ0FBNkI7QUFDN0Isa0RBQW9DO0FBRXBDLE1BQWEsNEJBQTRCO0lBT2hCO0lBQ0E7SUFQYixTQUFTLENBQVU7SUFDbkIsYUFBYSxDQUFVO0lBQ3ZCLGVBQWUsQ0FBVTtJQUN6QixXQUFXLEdBQUcsS0FBSyxDQUFDO0lBRTVCLFlBQ3FCLGNBQXNCLEVBQ3RCLFlBQW9CO1FBRHBCLG1CQUFjLEdBQWQsY0FBYyxDQUFRO1FBQ3RCLGlCQUFZLEdBQVosWUFBWSxDQUFRO0lBQ3RDLENBQUM7SUFDSixLQUFLLENBQUMsaUJBQWlCO1FBQ25CLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDcEIsSUFBSSxDQUFDO2dCQUNELE1BQU0sSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO2dCQUM1QixJQUFJLENBQUMsV0FBVyxHQUFHLElBQUksQ0FBQztZQUM1QixDQUFDO1lBQUMsT0FBTyxLQUFVLEVBQUUsQ0FBQztnQkFDbEIsTUFBTSxJQUFJLEtBQUssQ0FDWCw2Q0FBNkMsS0FBSyxDQUFDLE9BQU8sRUFBRSxDQUMvRCxDQUFDO1lBQ04sQ0FBQztRQUNMLENBQUM7UUFDRCxPQUFPO1lBQ0gsSUFBSSxFQUFFLDBCQUFhLENBQUMsV0FBVztZQUMvQix1QkFBdUIsRUFBRSxJQUFJLENBQUMsYUFBYSxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUM7WUFDOUQsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLFNBQVM7WUFDaEMsYUFBYSxFQUFFLElBQUksQ0FBQyxhQUFhO1NBQ3BDLENBQUM7SUFDTixDQUFDO0lBQ08sS0FBSyxDQUFDLGNBQWM7UUFDeEIsSUFBSSxDQUFDLFNBQVMsR0FBRyxNQUFNLEVBQUUsQ0FBQyxRQUFRLENBQzlCLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGNBQWMsRUFBRSxnQkFBZ0IsQ0FBQyxFQUNoRCxNQUFNLENBQ1QsQ0FBQztRQUNGLElBQUksQ0FBQyxlQUFlLEdBQUcsTUFBTSxFQUFFLENBQUMsUUFBUSxDQUNwQyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxjQUFjLEVBQUUsZ0JBQWdCLENBQUMsRUFDaEQsTUFBTSxDQUNULENBQUM7UUFDRixJQUFJLENBQUMsYUFBYSxHQUFHLE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FDbEMsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxFQUFFLDBCQUEwQixDQUFDLEVBQzFELE1BQU0sQ0FDVCxDQUFDO0lBQ04sQ0FBQztJQUVPLGFBQWEsQ0FBQyxZQUFvQjtRQUN0QyxNQUFNLFVBQVUsR0FBRyxLQUFLLENBQUMsR0FBRyxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsQ0FBQztRQUNyRSxNQUFNLFNBQVMsR0FBRyxVQUFVLENBQUMsSUFBSSxDQUFDLElBQUEsa0NBQXFCLEVBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQztRQUN2RSxPQUFPLEtBQUssQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQzFDLENBQUM7Q0FDSjtBQWhERCxvRUFnREMifQ==
|
|
@@ -20,4 +20,5 @@ __exportStar(require("./challengeProviderTdx"), exports);
|
|
|
20
20
|
__exportStar(require("./challengeProviderUntrusted"), exports);
|
|
21
21
|
__exportStar(require("./challengeProviderSevSnp"), exports);
|
|
22
22
|
__exportStar(require("./challengeNvidiaCCHelper"), exports);
|
|
23
|
-
|
|
23
|
+
__exportStar(require("./challengeProviderCertificate"), exports);
|
|
24
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvY2hhbGxlbmdlUHJvdmlkZXIvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLHNEQUFvQztBQUNwQyx5REFBdUM7QUFDdkMseURBQXVDO0FBQ3ZDLCtEQUE2QztBQUM3Qyw0REFBMEM7QUFDMUMsNERBQTBDO0FBQzFDLGlFQUErQyJ9
|
|
@@ -3,7 +3,17 @@ import { Static } from '@sinclair/typebox';
|
|
|
3
3
|
declare const PkiClientConfigSchema: import("@sinclair/typebox").TObject<{
|
|
4
4
|
clientCertProvider: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TObject<{
|
|
5
5
|
type: import("@sinclair/typebox").TLiteral<"pki-ca">;
|
|
6
|
-
|
|
6
|
+
challenge: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TObject<{
|
|
7
|
+
type: import("@sinclair/typebox").TLiteral<ChallengeType.Untrusted>;
|
|
8
|
+
idHex: import("@sinclair/typebox").TString<string>;
|
|
9
|
+
commonIdHex: import("@sinclair/typebox").TString<string>;
|
|
10
|
+
}>, import("@sinclair/typebox").TObject<{
|
|
11
|
+
type: import("@sinclair/typebox").TLiteral<ChallengeType.TDX>;
|
|
12
|
+
}>, import("@sinclair/typebox").TObject<{
|
|
13
|
+
type: import("@sinclair/typebox").TLiteral<ChallengeType.SEVSNP>;
|
|
14
|
+
}>, import("@sinclair/typebox").TObject<{
|
|
15
|
+
type: import("@sinclair/typebox").TLiteral<ChallengeType.SGXDCAP>;
|
|
16
|
+
}>]>;
|
|
7
17
|
baseUrl: import("@sinclair/typebox").TString<string>;
|
|
8
18
|
caBundle: import("@sinclair/typebox").TString<string>;
|
|
9
19
|
}>, import("@sinclair/typebox").TObject<{
|
|
@@ -17,7 +27,17 @@ export type PkiClientConfig = Static<typeof PkiClientConfigSchema>;
|
|
|
17
27
|
export declare const PkiClientConfigSchemaCompiled: import("@sinclair/typebox/compiler").TypeCheck<import("@sinclair/typebox").TObject<{
|
|
18
28
|
clientCertProvider: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TObject<{
|
|
19
29
|
type: import("@sinclair/typebox").TLiteral<"pki-ca">;
|
|
20
|
-
|
|
30
|
+
challenge: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TObject<{
|
|
31
|
+
type: import("@sinclair/typebox").TLiteral<ChallengeType.Untrusted>;
|
|
32
|
+
idHex: import("@sinclair/typebox").TString<string>;
|
|
33
|
+
commonIdHex: import("@sinclair/typebox").TString<string>;
|
|
34
|
+
}>, import("@sinclair/typebox").TObject<{
|
|
35
|
+
type: import("@sinclair/typebox").TLiteral<ChallengeType.TDX>;
|
|
36
|
+
}>, import("@sinclair/typebox").TObject<{
|
|
37
|
+
type: import("@sinclair/typebox").TLiteral<ChallengeType.SEVSNP>;
|
|
38
|
+
}>, import("@sinclair/typebox").TObject<{
|
|
39
|
+
type: import("@sinclair/typebox").TLiteral<ChallengeType.SGXDCAP>;
|
|
40
|
+
}>]>;
|
|
21
41
|
baseUrl: import("@sinclair/typebox").TString<string>;
|
|
22
42
|
caBundle: import("@sinclair/typebox").TString<string>;
|
|
23
43
|
}>, import("@sinclair/typebox").TObject<{
|
package/dist/pkiClientConfig.js
CHANGED
|
@@ -4,9 +4,29 @@ exports.PkiClientConfigSchemaCompiled = void 0;
|
|
|
4
4
|
const pki_common_1 = require("@super-protocol/pki-common");
|
|
5
5
|
const typebox_1 = require("@sinclair/typebox");
|
|
6
6
|
const compiler_1 = require("@sinclair/typebox/compiler");
|
|
7
|
+
const CaTeePkiCertProviderChallengeUntrusted = typebox_1.Type.Object({
|
|
8
|
+
type: typebox_1.Type.Literal(pki_common_1.ChallengeType.Untrusted),
|
|
9
|
+
idHex: typebox_1.Type.String({ minLength: 1 }),
|
|
10
|
+
commonIdHex: typebox_1.Type.String({ minLength: 1 }),
|
|
11
|
+
});
|
|
12
|
+
const CaTeePkiCertProviderChallengeTDX = typebox_1.Type.Object({
|
|
13
|
+
type: typebox_1.Type.Literal(pki_common_1.ChallengeType.TDX),
|
|
14
|
+
});
|
|
15
|
+
const CaTeePkiCertProviderChallengeSEV = typebox_1.Type.Object({
|
|
16
|
+
type: typebox_1.Type.Literal(pki_common_1.ChallengeType.SEVSNP),
|
|
17
|
+
});
|
|
18
|
+
const CaTeePkiCertProviderChallengeSGX = typebox_1.Type.Object({
|
|
19
|
+
type: typebox_1.Type.Literal(pki_common_1.ChallengeType.SGXDCAP),
|
|
20
|
+
});
|
|
21
|
+
const CaTeePkiCertProviderChallenge = typebox_1.Type.Union([
|
|
22
|
+
CaTeePkiCertProviderChallengeUntrusted,
|
|
23
|
+
CaTeePkiCertProviderChallengeTDX,
|
|
24
|
+
CaTeePkiCertProviderChallengeSEV,
|
|
25
|
+
CaTeePkiCertProviderChallengeSGX,
|
|
26
|
+
]);
|
|
7
27
|
const CaTeePkiCertProviderConfigSchema = typebox_1.Type.Object({
|
|
8
28
|
type: typebox_1.Type.Literal('pki-ca'),
|
|
9
|
-
|
|
29
|
+
challenge: CaTeePkiCertProviderChallenge,
|
|
10
30
|
baseUrl: typebox_1.Type.String({ minLength: 1 }),
|
|
11
31
|
caBundle: typebox_1.Type.String({ minLength: 1 }),
|
|
12
32
|
});
|
|
@@ -24,4 +44,4 @@ const PkiClientConfigSchema = typebox_1.Type.Object({
|
|
|
24
44
|
clientCertProvider: TeePkiCertProviderConfigSchema,
|
|
25
45
|
});
|
|
26
46
|
exports.PkiClientConfigSchemaCompiled = compiler_1.TypeCompiler.Compile(PkiClientConfigSchema);
|
|
27
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
47
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGtpQ2xpZW50Q29uZmlnLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3BraUNsaWVudENvbmZpZy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwyREFBMkQ7QUFDM0QsK0NBQWlEO0FBQ2pELHlEQUEwRDtBQUUxRCxNQUFNLHNDQUFzQyxHQUFHLGNBQUksQ0FBQyxNQUFNLENBQUM7SUFDdkQsSUFBSSxFQUFFLGNBQUksQ0FBQyxPQUFPLENBQUMsMEJBQWEsQ0FBQyxTQUFTLENBQUM7SUFDM0MsS0FBSyxFQUFFLGNBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxTQUFTLEVBQUUsQ0FBQyxFQUFFLENBQUM7SUFDcEMsV0FBVyxFQUFFLGNBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxTQUFTLEVBQUUsQ0FBQyxFQUFFLENBQUM7Q0FDN0MsQ0FBQyxDQUFDO0FBRUgsTUFBTSxnQ0FBZ0MsR0FBRyxjQUFJLENBQUMsTUFBTSxDQUFDO0lBQ2pELElBQUksRUFBRSxjQUFJLENBQUMsT0FBTyxDQUFDLDBCQUFhLENBQUMsR0FBRyxDQUFDO0NBQ3hDLENBQUMsQ0FBQztBQUVILE1BQU0sZ0NBQWdDLEdBQUcsY0FBSSxDQUFDLE1BQU0sQ0FBQztJQUNqRCxJQUFJLEVBQUUsY0FBSSxDQUFDLE9BQU8sQ0FBQywwQkFBYSxDQUFDLE1BQU0sQ0FBQztDQUMzQyxDQUFDLENBQUM7QUFFSCxNQUFNLGdDQUFnQyxHQUFHLGNBQUksQ0FBQyxNQUFNLENBQUM7SUFDakQsSUFBSSxFQUFFLGNBQUksQ0FBQyxPQUFPLENBQUMsMEJBQWEsQ0FBQyxPQUFPLENBQUM7Q0FDNUMsQ0FBQyxDQUFDO0FBRUgsTUFBTSw2QkFBNkIsR0FBRyxjQUFJLENBQUMsS0FBSyxDQUFDO0lBQzdDLHNDQUFzQztJQUN0QyxnQ0FBZ0M7SUFDaEMsZ0NBQWdDO0lBQ2hDLGdDQUFnQztDQUNuQyxDQUFDLENBQUM7QUFFSCxNQUFNLGdDQUFnQyxHQUFHLGNBQUksQ0FBQyxNQUFNLENBQUM7SUFDakQsSUFBSSxFQUFFLGNBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDO0lBQzVCLFNBQVMsRUFBRSw2QkFBNkI7SUFDeEMsT0FBTyxFQUFFLGNBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxTQUFTLEVBQUUsQ0FBQyxFQUFFLENBQUM7SUFDdEMsUUFBUSxFQUFFLGNBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxTQUFTLEVBQUUsQ0FBQyxFQUFFLENBQUM7Q0FDMUMsQ0FBQyxDQUFDO0FBRUgsTUFBTSxvQ0FBb0MsR0FBRyxjQUFJLENBQUMsTUFBTSxDQUFDO0lBQ3JELElBQUksRUFBRSxjQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQztJQUM1QixPQUFPLEVBQUUsY0FBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLFNBQVMsRUFBRSxDQUFDLEVBQUUsQ0FBQztJQUN0QyxZQUFZLEVBQUUsY0FBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLFNBQVMsRUFBRSxDQUFDLEVBQUUsQ0FBQztJQUMzQyxhQUFhLEVBQUUsY0FBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLFNBQVMsRUFBRSxDQUFDLEVBQUUsQ0FBQztDQUMvQyxDQUFDLENBQUM7QUFFSCxNQUFNLDhCQUE4QixHQUFHLGNBQUksQ0FBQyxLQUFLLENBQUM7SUFDOUMsZ0NBQWdDO0lBQ2hDLG9DQUFvQztDQUN2QyxDQUFDLENBQUM7QUFFSCxNQUFNLHFCQUFxQixHQUFHLGNBQUksQ0FBQyxNQUFNLENBQUM7SUFDdEMsa0JBQWtCLEVBQUUsOEJBQThCO0NBQ3JELENBQUMsQ0FBQztBQUlVLFFBQUEsNkJBQTZCLEdBQUcsdUJBQVksQ0FBQyxPQUFPLENBQzdELHFCQUFxQixDQUN4QixDQUFDIn0=
|
package/dist/pkiClientFactory.js
CHANGED
|
@@ -54,11 +54,12 @@ class PkiClientFactory {
|
|
|
54
54
|
this.certPromise = this.getCertificate();
|
|
55
55
|
}
|
|
56
56
|
async getHTTPSAgent() {
|
|
57
|
-
const
|
|
57
|
+
const certs = await this.certPromise;
|
|
58
|
+
const { cert, intermediateCertificates, ca } = (0, pki_common_1.extractIntermediateCertificates)(certs);
|
|
58
59
|
const httpsAgent = new node_https_1.default.Agent({
|
|
59
|
-
ca: [...tls.rootCertificates,
|
|
60
|
-
cert: cert
|
|
61
|
-
key:
|
|
60
|
+
ca: [...tls.rootCertificates, ca],
|
|
61
|
+
cert: cert + intermediateCertificates,
|
|
62
|
+
key: certs.keyPair.privateKeyPem,
|
|
62
63
|
});
|
|
63
64
|
return httpsAgent;
|
|
64
65
|
}
|
|
@@ -80,9 +81,10 @@ class PkiClientFactory {
|
|
|
80
81
|
};
|
|
81
82
|
case 'pki-ca':
|
|
82
83
|
let challengeProvider;
|
|
83
|
-
|
|
84
|
+
const challengeType = this.config.clientCertProvider.challenge.type;
|
|
85
|
+
switch (challengeType) {
|
|
84
86
|
case pki_common_1.ChallengeType.Untrusted:
|
|
85
|
-
challengeProvider = new challengeProvider_1.ChallengeProviderUntrusted(Buffer.from(
|
|
87
|
+
challengeProvider = new challengeProvider_1.ChallengeProviderUntrusted(Buffer.from(this.config.clientCertProvider.challenge.idHex, 'hex'));
|
|
86
88
|
break;
|
|
87
89
|
case pki_common_1.ChallengeType.SGXDCAP:
|
|
88
90
|
challengeProvider = new challengeProvider_1.ChallengeProviderSgx();
|
|
@@ -94,7 +96,7 @@ class PkiClientFactory {
|
|
|
94
96
|
challengeProvider = new challengeProvider_1.ChallengeProviderSevSnp();
|
|
95
97
|
break;
|
|
96
98
|
default:
|
|
97
|
-
throw new Error(`Challenge type "${
|
|
99
|
+
throw new Error(`Challenge type "${challengeType} is not supported yet"`);
|
|
98
100
|
}
|
|
99
101
|
const attestationServiceClient = new pki_api_client_1.StaticAttestationServiceClient(this.config.clientCertProvider.baseUrl, this.config.clientCertProvider.caBundle);
|
|
100
102
|
const pkiClient = new pkiClient_1.PkiClient({
|
|
@@ -106,4 +108,4 @@ class PkiClientFactory {
|
|
|
106
108
|
}
|
|
107
109
|
}
|
|
108
110
|
exports.PkiClientFactory = PkiClientFactory;
|
|
109
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
111
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGtpQ2xpZW50RmFjdG9yeS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9wa2lDbGllbnRGYWN0b3J5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsdURBRzJCO0FBQzNCLDJEQU02QjtBQUM3QiwyREFJb0M7QUFDcEMsbUVBQWdGO0FBQ2hGLDJDQUF3QztBQUN4Qyw0REFBK0I7QUFDL0IsdUNBQXlCO0FBQ3pCLDJDQUE2QjtBQUM3Qix5Q0FBMkI7QUFFM0IsTUFBYSxnQkFBZ0I7SUFjSTtJQWJaLFdBQVcsQ0FBNkI7SUFFbEQsTUFBTSxDQUFDLEtBQUssQ0FBQyxjQUFjLENBQUMsSUFBWTtRQUMzQyxNQUFNLElBQUksR0FBRyxNQUFNLEVBQUUsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxNQUFNLENBQUMsQ0FBQztRQUN0RCxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBb0IsQ0FBQztRQUNuRCxNQUFNLFdBQVcsR0FBRywrQ0FBNkIsQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDaEUsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ2YsTUFBTSxLQUFLLEdBQUcsK0NBQTZCLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ25FLE1BQU0sSUFBSSxLQUFLLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDO1FBQzNDLENBQUM7UUFDRCxPQUFPLElBQUksZ0JBQWdCLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVELFlBQTZCLE1BQXVCO1FBQXZCLFdBQU0sR0FBTixNQUFNLENBQWlCO1FBQ2hELElBQUksQ0FBQyxXQUFXLEdBQUcsSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO0lBQzdDLENBQUM7SUFFRCxLQUFLLENBQUMsYUFBYTtRQUNmLE1BQU0sS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQztRQUNyQyxNQUFNLEVBQUUsSUFBSSxFQUFFLHdCQUF3QixFQUFFLEVBQUUsRUFBRSxHQUN4QyxJQUFBLDRDQUErQixFQUFDLEtBQUssQ0FBQyxDQUFDO1FBQzNDLE1BQU0sVUFBVSxHQUFHLElBQUksb0JBQUssQ0FBQyxLQUFLLENBQUM7WUFDL0IsRUFBRSxFQUFFLENBQUMsR0FBRyxHQUFHLENBQUMsZ0JBQWdCLEVBQUUsRUFBRSxDQUFDO1lBQ2pDLElBQUksRUFBRSxJQUFJLEdBQUcsd0JBQXdCO1lBQ3JDLEdBQUcsRUFBRSxLQUFLLENBQUMsT0FBTyxDQUFDLGFBQWE7U0FDbkMsQ0FBQyxDQUFDO1FBQ0gsT0FBTyxVQUFVLENBQUM7SUFDdEIsQ0FBQztJQUVELEtBQUssQ0FBQyxPQUFPO1FBQ1QsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDO1FBQ3BDLE9BQU8sSUFBSSxDQUFDO0lBQ2hCLENBQUM7SUFFTyxLQUFLLENBQUMsY0FBYztRQUN4QixRQUFRLElBQUksQ0FBQyxNQUFNLENBQUMsa0JBQWtCLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDMUMsS0FBSyxRQUFRO2dCQUNULE9BQU87b0JBQ0gsT0FBTyxFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsa0JBQWtCLENBQUMsT0FBTztvQkFDL0MsT0FBTyxFQUFFO3dCQUNMLFlBQVksRUFDUixJQUFJLENBQUMsTUFBTSxDQUFDLGtCQUFrQixDQUFDLFlBQVk7d0JBQy9DLGFBQWEsRUFDVCxJQUFJLENBQUMsTUFBTSxDQUFDLGtCQUFrQixDQUFDLGFBQWE7cUJBQ25EO29CQUNELFFBQVEsRUFBRSxFQUFFO29CQUNaLE9BQU8sRUFBRSxDQUFDLEVBQUUsQ0FBQztpQkFDaEIsQ0FBQztZQUNOLEtBQUssUUFBUTtnQkFDVCxJQUFJLGlCQUFvQyxDQUFDO2dCQUN6QyxNQUFNLGFBQWEsR0FDZixJQUFJLENBQUMsTUFBTSxDQUFDLGtCQUFrQixDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUM7Z0JBQ2xELFFBQVEsYUFBYSxFQUFFLENBQUM7b0JBQ3BCLEtBQUssMEJBQWEsQ0FBQyxTQUFTO3dCQUN4QixpQkFBaUIsR0FBRyxJQUFJLDhDQUEwQixDQUM5QyxNQUFNLENBQUMsSUFBSSxDQUNQLElBQUksQ0FBQyxNQUFNLENBQUMsa0JBQWtCLENBQUMsU0FBUyxDQUFDLEtBQUssRUFDOUMsS0FBSyxDQUNSLENBQ0osQ0FBQzt3QkFDRixNQUFNO29CQUNWLEtBQUssMEJBQWEsQ0FBQyxPQUFPO3dCQUN0QixpQkFBaUIsR0FBRyxJQUFJLHdDQUFvQixFQUFFLENBQUM7d0JBQy9DLE1BQU07b0JBQ1YsS0FBSywwQkFBYSxDQUFDLEdBQUc7d0JBQ2xCLGlCQUFpQixHQUFHLElBQUksd0NBQW9CLEVBQUUsQ0FBQzt3QkFDL0MsTUFBTTtvQkFDVixLQUFLLDBCQUFhLENBQUMsTUFBTTt3QkFDckIsaUJBQWlCLEdBQUcsSUFBSSwyQ0FBdUIsRUFBRSxDQUFDO3dCQUNsRCxNQUFNO29CQUNWO3dCQUNJLE1BQU0sSUFBSSxLQUFLLENBQ1gsbUJBQW1CLGFBQWEsd0JBQXdCLENBQzNELENBQUM7Z0JBQ1YsQ0FBQztnQkFDRCxNQUFNLHdCQUF3QixHQUMxQixJQUFJLCtDQUE4QixDQUM5QixJQUFJLENBQUMsTUFBTSxDQUFDLGtCQUFrQixDQUFDLE9BQU8sRUFDdEMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQzFDLENBQUM7Z0JBQ04sTUFBTSxTQUFTLEdBQUcsSUFBSSxxQkFBUyxDQUFDO29CQUM1QixpQkFBaUI7b0JBQ2pCLHdCQUF3QjtpQkFDM0IsQ0FBQyxDQUFDO2dCQUNILE9BQU8sTUFBTSxTQUFTLENBQUMsc0JBQXNCLENBQUMsQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDO1FBQ3JFLENBQUM7SUFDTCxDQUFDO0NBQ0o7QUF4RkQsNENBd0ZDIn0=
|