npm - @zuplo/cli - Versions diffs - 6.70.15 → 6.70.21 - Mend

@zuplo/cli 6.70.15 → 6.70.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (203) hide show

package/dist/ca-certificate/create/handler.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { CreateArguments } from "../models.js";
+export declare function create(argv: CreateArguments): Promise<void>;
+//# sourceMappingURL=handler.d.ts.map

package/dist/ca-certificate/create/handler.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/ca-certificate/create/handler.ts"],"names":[],"mappings":"AAQA,OAAO,EAAiB,eAAe,EAAE,MAAM,cAAc,CAAC;AAO9D,wBAAsB,MAAM,CAAC,IAAI,EAAE,eAAe,iBAwDjD"}

package/dist/ca-certificate/create/handler.js ADDED Viewed

@@ -0,0 +1,46 @@
+import { readFileSync } from "node:fs";
+import { createApiClient } from "../../common/api/client.js";
+import { logger } from "../../common/logger.js";
+import { printDiagnosticsToConsole, printJsonToConsoleAndExitGracefully, printResultToConsole, } from "../../common/output.js";
+import { isValidationError, parseAndValidateCaCertificate, validateName, } from "../validation.js";
+export async function create(argv) {
+    const { account } = argv;
+    const nameError = validateName(argv.name);
+    if (nameError) {
+        printDiagnosticsToConsole(`Error: --name is invalid. ${nameError.message}`);
+        return;
+    }
+    let certificate;
+    try {
+        certificate = readFileSync(argv.cert, "utf-8");
+    }
+    catch (error) {
+        logger.error(error, "Failed to read CA certificate file");
+        printDiagnosticsToConsole(`Error: Failed to read CA certificate file at ${argv.cert}`, error instanceof Error ? error.message : String(error));
+        return;
+    }
+    const parsed = parseAndValidateCaCertificate(certificate);
+    if (isValidationError(parsed)) {
+        printDiagnosticsToConsole(`Error: ${argv.cert} is not a valid CA certificate. ${parsed.message}`, parsed.hint);
+        return;
+    }
+    const client = createApiClient({ authToken: argv.authToken });
+    const cert = await client.post(`/v1/accounts/${account}/client-mtls-ca-certificates`, {
+        operation: "Failed to create CA certificate",
+        errorMessage: "Error: Failed to create CA certificate. Check the arguments.",
+        body: {
+            name: argv.name,
+            certificate,
+        },
+    });
+    if (argv.output === "json") {
+        await printJsonToConsoleAndExitGracefully(cert);
+        return;
+    }
+    const subject = cert.certificateInfo.subject.replace(/\n/g, ", ");
+    printResultToConsole(`CA certificate '${cert.name}' (${cert.id}) created successfully\n` +
+        `  Subject: ${subject}\n` +
+        `  Valid from: ${cert.certificateInfo.validFrom}\n` +
+        `  Valid to: ${cert.certificateInfo.validTo}`);
+}
+//# sourceMappingURL=handler.js.map

package/dist/ca-certificate/create/handler.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"handler.js","sourceRoot":"","sources":["../../../src/ca-certificate/create/handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,oBAAoB,GACrB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,iBAAiB,EACjB,6BAA6B,EAC7B,YAAY,GACb,MAAM,kBAAkB,CAAC;AAE1B,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,IAAqB;IAChD,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAEzB,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1C,IAAI,SAAS,EAAE,CAAC;QACd,yBAAyB,CAAC,6BAA6B,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5E,OAAO;IACT,CAAC;IAED,IAAI,WAAmB,CAAC;IACxB,IAAI,CAAC;QACH,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACjD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,oCAAoC,CAAC,CAAC;QAC1D,yBAAyB,CACvB,gDAAgD,IAAI,CAAC,IAAI,EAAE,EAC3D,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CACvD,CAAC;QACF,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,6BAA6B,CAAC,WAAW,CAAC,CAAC;IAC1D,IAAI,iBAAiB,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,yBAAyB,CACvB,UAAU,IAAI,CAAC,IAAI,mCAAmC,MAAM,CAAC,OAAO,EAAE,EACtE,MAAM,CAAC,IAAI,CACZ,CAAC;QACF,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,eAAe,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IAC9D,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,IAAI,CAC5B,gBAAgB,OAAO,8BAA8B,EACrD;QACE,SAAS,EAAE,iCAAiC;QAC5C,YAAY,EACV,8DAA8D;QAChE,IAAI,EAAE;YACJ,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,WAAW;SACZ;KACF,CACF,CAAC;IAEF,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC3B,MAAM,mCAAmC,CAAC,IAAI,CAAC,CAAC;QAChD,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAClE,oBAAoB,CAClB,mBAAmB,IAAI,CAAC,IAAI,MAAM,IAAI,CAAC,EAAE,0BAA0B;QACjE,cAAc,OAAO,IAAI;QACzB,iBAAiB,IAAI,CAAC,eAAe,CAAC,SAAS,IAAI;QACnD,eAAe,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,CAChD,CAAC;AACJ,CAAC","sourcesContent":["import { readFileSync } from \"node:fs\";\nimport { createApiClient } from \"../../common/api/client.js\";\nimport { logger } from \"../../common/logger.js\";\nimport {\n printDiagnosticsToConsole,\n printJsonToConsoleAndExitGracefully,\n printResultToConsole,\n} from \"../../common/output.js\";\nimport { CaCertificate, CreateArguments } from \"../models.js\";\nimport {\n isValidationError,\n parseAndValidateCaCertificate,\n validateName,\n} from \"../validation.js\";\n\nexport async function create(argv: CreateArguments) {\n const { account } = argv;\n\n const nameError = validateName(argv.name);\n if (nameError) {\n printDiagnosticsToConsole(`Error: --name is invalid. ${nameError.message}`);\n return;\n }\n\n let certificate: string;\n try {\n certificate = readFileSync(argv.cert, \"utf-8\");\n } catch (error) {\n logger.error(error, \"Failed to read CA certificate file\");\n printDiagnosticsToConsole(\n `Error: Failed to read CA certificate file at ${argv.cert}`,\n error instanceof Error ? error.message : String(error)\n );\n return;\n }\n\n const parsed = parseAndValidateCaCertificate(certificate);\n if (isValidationError(parsed)) {\n printDiagnosticsToConsole(\n `Error: ${argv.cert} is not a valid CA certificate. ${parsed.message}`,\n parsed.hint\n );\n return;\n }\n\n const client = createApiClient({ authToken: argv.authToken });\n const cert = await client.post<CaCertificate>(\n `/v1/accounts/${account}/client-mtls-ca-certificates`,\n {\n operation: \"Failed to create CA certificate\",\n errorMessage:\n \"Error: Failed to create CA certificate. Check the arguments.\",\n body: {\n name: argv.name,\n certificate,\n },\n }\n );\n\n if (argv.output === \"json\") {\n await printJsonToConsoleAndExitGracefully(cert);\n return;\n }\n\n const subject = cert.certificateInfo.subject.replace(/\\n/g, \", \");\n printResultToConsole(\n `CA certificate '${cert.name}' (${cert.id}) created successfully\\n` +\n ` Subject: ${subject}\\n` +\n ` Valid from: ${cert.certificateInfo.validFrom}\\n` +\n ` Valid to: ${cert.certificateInfo.validTo}`\n );\n}\n"]}

package/dist/ca-certificate/delete/handler.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { DeleteArguments } from "../models.js";
+export declare function deleteCommand(argv: DeleteArguments): Promise<void>;
+//# sourceMappingURL=handler.d.ts.map

package/dist/ca-certificate/delete/handler.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/ca-certificate/delete/handler.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAE/C,wBAAsB,aAAa,CAAC,IAAI,EAAE,eAAe,iBAoBxD"}

package/dist/ca-certificate/delete/handler.js ADDED Viewed

@@ -0,0 +1,18 @@
+import { createApiClient } from "../../common/api/client.js";
+import { printJsonToConsoleAndExitGracefully, printResultToConsole, } from "../../common/output.js";
+export async function deleteCommand(argv) {
+    const { account } = argv;
+    const certId = argv["cert-id"];
+    const client = createApiClient({ authToken: argv.authToken });
+    await client.delete(`/v1/accounts/${account}/client-mtls-ca-certificates/${encodeURIComponent(certId)}`, {
+        operation: "Failed to delete CA certificate",
+        errorMessage: "Error: Failed to delete CA certificate.",
+        emptyResponse: true,
+    });
+    if (argv.output === "json") {
+        await printJsonToConsoleAndExitGracefully({ id: certId, deleted: true });
+        return;
+    }
+    printResultToConsole(`CA certificate ${certId} deleted successfully`);
+}
+//# sourceMappingURL=handler.js.map

package/dist/ca-certificate/delete/handler.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"handler.js","sourceRoot":"","sources":["../../../src/ca-certificate/delete/handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EACL,mCAAmC,EACnC,oBAAoB,GACrB,MAAM,wBAAwB,CAAC;AAGhC,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAAqB;IACvD,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACzB,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC;IAE/B,MAAM,MAAM,GAAG,eAAe,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IAC9D,MAAM,MAAM,CAAC,MAAM,CACjB,gBAAgB,OAAO,gCAAgC,kBAAkB,CAAC,MAAM,CAAC,EAAE,EACnF;QACE,SAAS,EAAE,iCAAiC;QAC5C,YAAY,EAAE,yCAAyC;QACvD,aAAa,EAAE,IAAI;KACpB,CACF,CAAC;IAEF,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC3B,MAAM,mCAAmC,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QACzE,OAAO;IACT,CAAC;IAED,oBAAoB,CAAC,kBAAkB,MAAM,uBAAuB,CAAC,CAAC;AACxE,CAAC","sourcesContent":["import { createApiClient } from \"../../common/api/client.js\";\nimport {\n printJsonToConsoleAndExitGracefully,\n printResultToConsole,\n} from \"../../common/output.js\";\nimport { DeleteArguments } from \"../models.js\";\n\nexport async function deleteCommand(argv: DeleteArguments) {\n const { account } = argv;\n const certId = argv[\"cert-id\"];\n\n const client = createApiClient({ authToken: argv.authToken });\n await client.delete(\n `/v1/accounts/${account}/client-mtls-ca-certificates/${encodeURIComponent(certId)}`,\n {\n operation: \"Failed to delete CA certificate\",\n errorMessage: \"Error: Failed to delete CA certificate.\",\n emptyResponse: true,\n }\n );\n\n if (argv.output === \"json\") {\n await printJsonToConsoleAndExitGracefully({ id: certId, deleted: true });\n return;\n }\n\n printResultToConsole(`CA certificate ${certId} deleted successfully`);\n}\n"]}

package/dist/ca-certificate/describe/handler.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { DescribeArguments } from "../models.js";
+export declare function describe(argv: DescribeArguments): Promise<void>;
+//# sourceMappingURL=handler.d.ts.map

package/dist/ca-certificate/describe/handler.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/ca-certificate/describe/handler.ts"],"names":[],"mappings":"AAMA,OAAO,EAA6B,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAK5E,wBAAsB,QAAQ,CAAC,IAAI,EAAE,iBAAiB,iBAuCrD"}

package/dist/ca-certificate/describe/handler.js ADDED Viewed

@@ -0,0 +1,32 @@
+import { createApiClient } from "../../common/api/client.js";
+import { printDiagnosticsToConsole, printJsonToConsoleAndExitGracefully, printResultToConsole, } from "../../common/output.js";
+export async function describe(argv) {
+    const { account } = argv;
+    const certId = argv["cert-id"];
+    const client = createApiClient({ authToken: argv.authToken });
+    const response = await client.get(`/v1/accounts/${account}/client-mtls-ca-certificates`, {
+        operation: "Failed to describe CA certificate",
+        errorMessage: "Error: Failed to describe CA certificate.",
+    });
+    const cert = response.data.find((c) => c.id === certId);
+    if (!cert) {
+        printDiagnosticsToConsole(`Error: CA certificate with ID '${certId}' not found in account '${account}'`);
+        return;
+    }
+    if (argv.output === "json") {
+        await printJsonToConsoleAndExitGracefully(cert);
+        return;
+    }
+    const subject = cert.certificateInfo.subject.replace(/\n/g, ", ");
+    const issuer = cert.certificateInfo.issuer.replace(/\n/g, ", ");
+    printResultToConsole(`  ID: ${cert.id}\n` +
+        `  Name: ${cert.name}\n` +
+        `  Subject: ${subject}\n` +
+        `  Issuer: ${issuer}\n` +
+        `  Serial: ${cert.certificateInfo.serialNumber}\n` +
+        `  Valid from: ${cert.certificateInfo.validFrom}\n` +
+        `  Valid to: ${cert.certificateInfo.validTo}\n` +
+        `  Created: ${cert.createdOn}\n` +
+        `  Updated: ${cert.updatedOn}`);
+}
+//# sourceMappingURL=handler.js.map

package/dist/ca-certificate/describe/handler.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"handler.js","sourceRoot":"","sources":["../../../src/ca-certificate/describe/handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,oBAAoB,GACrB,MAAM,wBAAwB,CAAC;AAMhC,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,IAAuB;IACpD,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACzB,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC;IAE/B,MAAM,MAAM,GAAG,eAAe,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,GAAG,CAC/B,gBAAgB,OAAO,8BAA8B,EACrD;QACE,SAAS,EAAE,mCAAmC;QAC9C,YAAY,EAAE,2CAA2C;KAC1D,CACF,CAAC;IAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;IACxD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,yBAAyB,CACvB,kCAAkC,MAAM,2BAA2B,OAAO,GAAG,CAC9E,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC3B,MAAM,mCAAmC,CAAC,IAAI,CAAC,CAAC;QAChD,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAClE,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAChE,oBAAoB,CAClB,SAAS,IAAI,CAAC,EAAE,IAAI;QAClB,WAAW,IAAI,CAAC,IAAI,IAAI;QACxB,cAAc,OAAO,IAAI;QACzB,aAAa,MAAM,IAAI;QACvB,aAAa,IAAI,CAAC,eAAe,CAAC,YAAY,IAAI;QAClD,iBAAiB,IAAI,CAAC,eAAe,CAAC,SAAS,IAAI;QACnD,eAAe,IAAI,CAAC,eAAe,CAAC,OAAO,IAAI;QAC/C,cAAc,IAAI,CAAC,SAAS,IAAI;QAChC,cAAc,IAAI,CAAC,SAAS,EAAE,CACjC,CAAC;AACJ,CAAC","sourcesContent":["import { createApiClient } from \"../../common/api/client.js\";\nimport {\n printDiagnosticsToConsole,\n printJsonToConsoleAndExitGracefully,\n printResultToConsole,\n} from \"../../common/output.js\";\nimport { CaCertificateListResponse, DescribeArguments } from \"../models.js\";\n\n// developer-api does not currently expose GET /client-mtls-ca-certificates/{id},\n// so we fetch the list and filter client-side. Switch to a direct GET when the\n// route is added.\nexport async function describe(argv: DescribeArguments) {\n const { account } = argv;\n const certId = argv[\"cert-id\"];\n\n const client = createApiClient({ authToken: argv.authToken });\n const response = await client.get<CaCertificateListResponse>(\n `/v1/accounts/${account}/client-mtls-ca-certificates`,\n {\n operation: \"Failed to describe CA certificate\",\n errorMessage: \"Error: Failed to describe CA certificate.\",\n }\n );\n\n const cert = response.data.find((c) => c.id === certId);\n if (!cert) {\n printDiagnosticsToConsole(\n `Error: CA certificate with ID '${certId}' not found in account '${account}'`\n );\n return;\n }\n\n if (argv.output === \"json\") {\n await printJsonToConsoleAndExitGracefully(cert);\n return;\n }\n\n const subject = cert.certificateInfo.subject.replace(/\\n/g, \", \");\n const issuer = cert.certificateInfo.issuer.replace(/\\n/g, \", \");\n printResultToConsole(\n ` ID: ${cert.id}\\n` +\n ` Name: ${cert.name}\\n` +\n ` Subject: ${subject}\\n` +\n ` Issuer: ${issuer}\\n` +\n ` Serial: ${cert.certificateInfo.serialNumber}\\n` +\n ` Valid from: ${cert.certificateInfo.validFrom}\\n` +\n ` Valid to: ${cert.certificateInfo.validTo}\\n` +\n ` Created: ${cert.createdOn}\\n` +\n ` Updated: ${cert.updatedOn}`\n );\n}\n"]}

package/dist/ca-certificate/list/handler.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { ListArguments } from "../models.js";
+export declare function list(argv: ListArguments): Promise<void>;
+//# sourceMappingURL=handler.d.ts.map

package/dist/ca-certificate/list/handler.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/ca-certificate/list/handler.ts"],"names":[],"mappings":"AAKA,OAAO,EAA6B,aAAa,EAAE,MAAM,cAAc,CAAC;AAExE,wBAAsB,IAAI,CAAC,IAAI,EAAE,aAAa,iBAkC7C"}

package/dist/ca-certificate/list/handler.js ADDED Viewed

@@ -0,0 +1,28 @@
+import { createApiClient } from "../../common/api/client.js";
+import { printJsonToConsoleAndExitGracefully, printResultToConsole, } from "../../common/output.js";
+export async function list(argv) {
+    const { account } = argv;
+    const client = createApiClient({ authToken: argv.authToken });
+    const response = await client.get(`/v1/accounts/${account}/client-mtls-ca-certificates`, {
+        operation: "Failed to list CA certificates",
+        errorMessage: "Error: Failed to list CA certificates.",
+    });
+    if (argv.output === "json") {
+        await printJsonToConsoleAndExitGracefully(response);
+        return;
+    }
+    if (response.data.length === 0) {
+        printResultToConsole("No CA certificates found");
+        return;
+    }
+    printResultToConsole(`Found ${response.data.length} CA certificate(s):\n`);
+    for (const cert of response.data) {
+        const subject = cert.certificateInfo.subject.replace(/\n/g, ", ");
+        printResultToConsole(`  ID: ${cert.id}\n` +
+            `  Name: ${cert.name}\n` +
+            `  Subject: ${subject}\n` +
+            `  Valid from: ${cert.certificateInfo.validFrom}\n` +
+            `  Valid to: ${cert.certificateInfo.validTo}\n`);
+    }
+}
+//# sourceMappingURL=handler.js.map

package/dist/ca-certificate/list/handler.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"handler.js","sourceRoot":"","sources":["../../../src/ca-certificate/list/handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EACL,mCAAmC,EACnC,oBAAoB,GACrB,MAAM,wBAAwB,CAAC;AAGhC,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,IAAmB;IAC5C,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAEzB,MAAM,MAAM,GAAG,eAAe,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,GAAG,CAC/B,gBAAgB,OAAO,8BAA8B,EACrD;QACE,SAAS,EAAE,gCAAgC;QAC3C,YAAY,EAAE,wCAAwC;KACvD,CACF,CAAC;IAEF,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC3B,MAAM,mCAAmC,CAAC,QAAQ,CAAC,CAAC;QACpD,OAAO;IACT,CAAC;IAED,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,oBAAoB,CAAC,0BAA0B,CAAC,CAAC;QACjD,OAAO;IACT,CAAC;IAED,oBAAoB,CAAC,SAAS,QAAQ,CAAC,IAAI,CAAC,MAAM,uBAAuB,CAAC,CAAC;IAE3E,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAClE,oBAAoB,CAClB,SAAS,IAAI,CAAC,EAAE,IAAI;YAClB,WAAW,IAAI,CAAC,IAAI,IAAI;YACxB,cAAc,OAAO,IAAI;YACzB,iBAAiB,IAAI,CAAC,eAAe,CAAC,SAAS,IAAI;YACnD,eAAe,IAAI,CAAC,eAAe,CAAC,OAAO,IAAI,CAClD,CAAC;IACJ,CAAC;AACH,CAAC","sourcesContent":["import { createApiClient } from \"../../common/api/client.js\";\nimport {\n printJsonToConsoleAndExitGracefully,\n printResultToConsole,\n} from \"../../common/output.js\";\nimport { CaCertificateListResponse, ListArguments } from \"../models.js\";\n\nexport async function list(argv: ListArguments) {\n const { account } = argv;\n\n const client = createApiClient({ authToken: argv.authToken });\n const response = await client.get<CaCertificateListResponse>(\n `/v1/accounts/${account}/client-mtls-ca-certificates`,\n {\n operation: \"Failed to list CA certificates\",\n errorMessage: \"Error: Failed to list CA certificates.\",\n }\n );\n\n if (argv.output === \"json\") {\n await printJsonToConsoleAndExitGracefully(response);\n return;\n }\n\n if (response.data.length === 0) {\n printResultToConsole(\"No CA certificates found\");\n return;\n }\n\n printResultToConsole(`Found ${response.data.length} CA certificate(s):\\n`);\n\n for (const cert of response.data) {\n const subject = cert.certificateInfo.subject.replace(/\\n/g, \", \");\n printResultToConsole(\n ` ID: ${cert.id}\\n` +\n ` Name: ${cert.name}\\n` +\n ` Subject: ${subject}\\n` +\n ` Valid from: ${cert.certificateInfo.validFrom}\\n` +\n ` Valid to: ${cert.certificateInfo.validTo}\\n`\n );\n }\n}\n"]}

package/dist/ca-certificate/models.d.ts ADDED Viewed

@@ -0,0 +1,51 @@
+export interface CaCertificateInfo {
+  subject: string;
+  issuer: string;
+  validFrom: string;
+  validTo: string;
+  serialNumber: string;
+}
+export interface CaCertificate {
+  id: string;
+  name: string;
+  certificateInfo: CaCertificateInfo;
+  createdOn: string;
+  updatedOn: string;
+}
+export interface CaCertificateListResponse {
+  data: CaCertificate[];
+  offset: number;
+  limit: number;
+}
+export interface CreateArguments {
+  account: string;
+  authToken: string;
+  name: string;
+  cert: string;
+  output?: "default" | "json";
+}
+export interface ListArguments {
+  account: string;
+  authToken: string;
+  output?: "default" | "json";
+}
+export interface UpdateArguments {
+  account: string;
+  authToken: string;
+  "cert-id": string;
+  name: string;
+  output?: "default" | "json";
+}
+export interface DeleteArguments {
+  account: string;
+  authToken: string;
+  "cert-id": string;
+  output?: "default" | "json";
+}
+export interface DescribeArguments {
+  account: string;
+  authToken: string;
+  "cert-id": string;
+  output?: "default" | "json";
+}
+//# sourceMappingURL=models.d.ts.map

package/dist/ca-certificate/models.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"models.d.ts","sourceRoot":"","sources":["../../src/ca-certificate/models.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,iBAAiB,CAAC;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,yBAAyB;IACxC,IAAI,EAAE,aAAa,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,SAAS,GAAG,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,SAAS,GAAG,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,SAAS,GAAG,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,SAAS,GAAG,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,SAAS,GAAG,MAAM,CAAC;CAC7B"}

package/dist/ca-certificate/models.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=models.js.map

package/dist/ca-certificate/models.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"models.js","sourceRoot":"","sources":["../../src/ca-certificate/models.ts"],"names":[],"mappings":"","sourcesContent":["export interface CaCertificateInfo {\n subject: string;\n issuer: string;\n validFrom: string;\n validTo: string;\n serialNumber: string;\n}\n\nexport interface CaCertificate {\n id: string;\n name: string;\n certificateInfo: CaCertificateInfo;\n createdOn: string;\n updatedOn: string;\n}\n\nexport interface CaCertificateListResponse {\n data: CaCertificate[];\n offset: number;\n limit: number;\n}\n\nexport interface CreateArguments {\n account: string;\n authToken: string;\n name: string;\n cert: string;\n output?: \"default\" | \"json\";\n}\n\nexport interface ListArguments {\n account: string;\n authToken: string;\n output?: \"default\" | \"json\";\n}\n\nexport interface UpdateArguments {\n account: string;\n authToken: string;\n \"cert-id\": string;\n name: string;\n output?: \"default\" | \"json\";\n}\n\nexport interface DeleteArguments {\n account: string;\n authToken: string;\n \"cert-id\": string;\n output?: \"default\" | \"json\";\n}\n\nexport interface DescribeArguments {\n account: string;\n authToken: string;\n \"cert-id\": string;\n output?: \"default\" | \"json\";\n}\n"]}

package/dist/ca-certificate/update/handler.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { UpdateArguments } from "../models.js";
+export declare function update(argv: UpdateArguments): Promise<void>;
+//# sourceMappingURL=handler.d.ts.map

package/dist/ca-certificate/update/handler.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/ca-certificate/update/handler.ts"],"names":[],"mappings":"AAMA,OAAO,EAAiB,eAAe,EAAE,MAAM,cAAc,CAAC;AAG9D,wBAAsB,MAAM,CAAC,IAAI,EAAE,eAAe,iBA8BjD"}

package/dist/ca-certificate/update/handler.js ADDED Viewed

@@ -0,0 +1,26 @@
+import { createApiClient } from "../../common/api/client.js";
+import { printDiagnosticsToConsole, printJsonToConsoleAndExitGracefully, printResultToConsole, } from "../../common/output.js";
+import { validateName } from "../validation.js";
+export async function update(argv) {
+    const { account } = argv;
+    const certId = argv["cert-id"];
+    const nameError = validateName(argv.name);
+    if (nameError) {
+        printDiagnosticsToConsole(`Error: --name is invalid. ${nameError.message}`);
+        return;
+    }
+    const client = createApiClient({ authToken: argv.authToken });
+    const cert = await client.patch(`/v1/accounts/${account}/client-mtls-ca-certificates/${encodeURIComponent(certId)}`, {
+        operation: "Failed to update CA certificate",
+        errorMessage: "Error: Failed to update CA certificate.",
+        body: {
+            name: argv.name,
+        },
+    });
+    if (argv.output === "json") {
+        await printJsonToConsoleAndExitGracefully(cert);
+        return;
+    }
+    printResultToConsole(`CA certificate '${cert.name}' (${cert.id}) updated successfully`);
+}
+//# sourceMappingURL=handler.js.map

package/dist/ca-certificate/update/handler.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"handler.js","sourceRoot":"","sources":["../../../src/ca-certificate/update/handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,oBAAoB,GACrB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAEhD,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,IAAqB;IAChD,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACzB,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC;IAE/B,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1C,IAAI,SAAS,EAAE,CAAC;QACd,yBAAyB,CAAC,6BAA6B,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5E,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,eAAe,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IAC9D,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,KAAK,CAC7B,gBAAgB,OAAO,gCAAgC,kBAAkB,CAAC,MAAM,CAAC,EAAE,EACnF;QACE,SAAS,EAAE,iCAAiC;QAC5C,YAAY,EAAE,yCAAyC;QACvD,IAAI,EAAE;YACJ,IAAI,EAAE,IAAI,CAAC,IAAI;SAChB;KACF,CACF,CAAC;IAEF,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC3B,MAAM,mCAAmC,CAAC,IAAI,CAAC,CAAC;QAChD,OAAO;IACT,CAAC;IAED,oBAAoB,CAClB,mBAAmB,IAAI,CAAC,IAAI,MAAM,IAAI,CAAC,EAAE,wBAAwB,CAClE,CAAC;AACJ,CAAC","sourcesContent":["import { createApiClient } from \"../../common/api/client.js\";\nimport {\n printDiagnosticsToConsole,\n printJsonToConsoleAndExitGracefully,\n printResultToConsole,\n} from \"../../common/output.js\";\nimport { CaCertificate, UpdateArguments } from \"../models.js\";\nimport { validateName } from \"../validation.js\";\n\nexport async function update(argv: UpdateArguments) {\n const { account } = argv;\n const certId = argv[\"cert-id\"];\n\n const nameError = validateName(argv.name);\n if (nameError) {\n printDiagnosticsToConsole(`Error: --name is invalid. ${nameError.message}`);\n return;\n }\n\n const client = createApiClient({ authToken: argv.authToken });\n const cert = await client.patch<CaCertificate>(\n `/v1/accounts/${account}/client-mtls-ca-certificates/${encodeURIComponent(certId)}`,\n {\n operation: \"Failed to update CA certificate\",\n errorMessage: \"Error: Failed to update CA certificate.\",\n body: {\n name: argv.name,\n },\n }\n );\n\n if (argv.output === \"json\") {\n await printJsonToConsoleAndExitGracefully(cert);\n return;\n }\n\n printResultToConsole(\n `CA certificate '${cert.name}' (${cert.id}) updated successfully`\n );\n}\n"]}

package/dist/ca-certificate/validation.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+export interface ValidationError {
+  message: string;
+  hint?: string;
+}
+export declare function validateName(name: string): ValidationError | null;
+export interface PemCertificateDetails {
+  subject: string;
+  issuer: string;
+  validFrom: string;
+  validTo: string;
+  serialNumber: string;
+  isCa: boolean;
+}
+export declare function parseAndValidateCaCertificate(
+  pem: string,
+  now?: Date
+): PemCertificateDetails | ValidationError;
+export declare function isValidationError(
+  result: PemCertificateDetails | ValidationError
+): result is ValidationError;
+//# sourceMappingURL=validation.d.ts.map

package/dist/ca-certificate/validation.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../src/ca-certificate/validation.ts"],"names":[],"mappings":"AAwDA,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAID,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,GAAG,IAAI,CAmBjE;AAED,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,OAAO,CAAC;CACf;AAMD,wBAAgB,6BAA6B,CAC3C,GAAG,EAAE,MAAM,EACX,GAAG,GAAE,IAAiB,GACrB,qBAAqB,GAAG,eAAe,CAsEzC;AAED,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,qBAAqB,GAAG,eAAe,GAC9C,MAAM,IAAI,eAAe,CAE3B"}

package/dist/ca-certificate/validation.js ADDED Viewed

@@ -0,0 +1,135 @@
+import crypto from "node:crypto";
+const MAX_NAME_LENGTH = 120;
+const PEM_BEGIN = "-----BEGIN CERTIFICATE-----";
+const PEM_END = "-----END CERTIFICATE-----";
+const JS_VARIABLE_REGEX = /^[a-zA-Z_$][a-zA-Z0-9_$]*$/;
+const JS_RESERVED_KEYWORDS = new Set([
+    "break",
+    "case",
+    "catch",
+    "class",
+    "const",
+    "continue",
+    "debugger",
+    "default",
+    "delete",
+    "do",
+    "else",
+    "export",
+    "extends",
+    "finally",
+    "for",
+    "function",
+    "if",
+    "import",
+    "in",
+    "instanceof",
+    "let",
+    "new",
+    "return",
+    "super",
+    "switch",
+    "this",
+    "throw",
+    "try",
+    "typeof",
+    "var",
+    "void",
+    "while",
+    "with",
+    "yield",
+    "enum",
+    "implements",
+    "interface",
+    "package",
+    "private",
+    "protected",
+    "public",
+    "static",
+    "await",
+]);
+export function validateName(name) {
+    if (name.length === 0) {
+        return { message: "Name cannot be empty" };
+    }
+    if (name.length > MAX_NAME_LENGTH) {
+        return {
+            message: `Name must be ${MAX_NAME_LENGTH} characters or fewer (got ${name.length})`,
+        };
+    }
+    if (!JS_VARIABLE_REGEX.test(name)) {
+        return {
+            message: "Name must be a valid JavaScript variable name (start with a letter, _, or $, and contain only letters, digits, _, or $)",
+        };
+    }
+    if (JS_RESERVED_KEYWORDS.has(name.toLowerCase())) {
+        return { message: "Name cannot be a JavaScript reserved keyword" };
+    }
+    return null;
+}
+export function parseAndValidateCaCertificate(pem, now = new Date()) {
+    if (!pem.includes(PEM_BEGIN) || !pem.includes(PEM_END)) {
+        if (/-----BEGIN [A-Z0-9 ]*PRIVATE KEY-----/.test(pem)) {
+            return {
+                message: "File is a private key, not a certificate",
+                hint: "The `--cert` flag expects the public CA certificate, not a private key. " +
+                    "CA certs only contain the public half; the private key stays with your PKI. " +
+                    "If your CA is bundled in a single PEM file, pass it as-is — the certificate block will be picked up.",
+            };
+        }
+        if (/-----BEGIN CERTIFICATE REQUEST-----/.test(pem)) {
+            return {
+                message: "File is a certificate signing request (CSR), not a certificate",
+                hint: "A CSR is the request you send to a CA to get a certificate issued. Pass the issued CA certificate instead.",
+            };
+        }
+        if (/-----BEGIN [A-Z0-9 ]+-----/.test(pem)) {
+            return {
+                message: "File is a PEM block but not a certificate",
+                hint: `Expected a PEM block starting with "${PEM_BEGIN}".`,
+            };
+        }
+        return {
+            message: "File does not appear to be a PEM-encoded certificate",
+            hint: `Expected to find "${PEM_BEGIN}" and "${PEM_END}" in the file.\n` +
+                "If you have a DER-encoded certificate, convert it with:\n" +
+                "  openssl x509 -in <file> -inform der -out cert.pem",
+        };
+    }
+    let cert;
+    try {
+        cert = new crypto.X509Certificate(pem);
+    }
+    catch (err) {
+        return {
+            message: "Failed to parse certificate",
+            hint: err instanceof Error ? err.message : String(err),
+        };
+    }
+    if (!cert.ca) {
+        return {
+            message: "The certificate is not a CA certificate",
+            hint: "Expected a certificate with the CA basic constraint set to TRUE " +
+                "(typically the root or intermediate CA that signs your client certs), " +
+                "not a leaf/client certificate.",
+        };
+    }
+    const validTo = new Date(cert.validTo);
+    if (!Number.isNaN(validTo.getTime()) && validTo < now) {
+        return {
+            message: `Certificate has already expired (validTo=${cert.validTo})`,
+        };
+    }
+    return {
+        subject: cert.subject,
+        issuer: cert.issuer,
+        validFrom: cert.validFrom,
+        validTo: cert.validTo,
+        serialNumber: cert.serialNumber,
+        isCa: cert.ca,
+    };
+}
+export function isValidationError(result) {
+    return "message" in result;
+}
+//# sourceMappingURL=validation.js.map

package/dist/ca-certificate/validation.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"validation.js","sourceRoot":"","sources":["../../src/ca-certificate/validation.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,MAAM,eAAe,GAAG,GAAG,CAAC;AAC5B,MAAM,SAAS,GAAG,6BAA6B,CAAC;AAChD,MAAM,OAAO,GAAG,2BAA2B,CAAC;AAC5C,MAAM,iBAAiB,GAAG,4BAA4B,CAAC;AAKvD,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC;IACnC,OAAO;IACP,MAAM;IACN,OAAO;IACP,OAAO;IACP,OAAO;IACP,UAAU;IACV,UAAU;IACV,SAAS;IACT,QAAQ;IACR,IAAI;IACJ,MAAM;IACN,QAAQ;IACR,SAAS;IACT,SAAS;IACT,KAAK;IACL,UAAU;IACV,IAAI;IACJ,QAAQ;IACR,IAAI;IACJ,YAAY;IACZ,KAAK;IACL,KAAK;IACL,QAAQ;IACR,OAAO;IACP,QAAQ;IACR,MAAM;IACN,OAAO;IACP,KAAK;IACL,QAAQ;IACR,KAAK;IACL,MAAM;IACN,OAAO;IACP,MAAM;IACN,OAAO;IACP,MAAM;IACN,YAAY;IACZ,WAAW;IACX,SAAS;IACT,SAAS;IACT,WAAW;IACX,QAAQ;IACR,QAAQ;IACR,OAAO;CACR,CAAC,CAAC;AASH,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC;IAC7C,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,GAAG,eAAe,EAAE,CAAC;QAClC,OAAO;YACL,OAAO,EAAE,gBAAgB,eAAe,6BAA6B,IAAI,CAAC,MAAM,GAAG;SACpF,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAClC,OAAO;YACL,OAAO,EACL,yHAAyH;SAC5H,CAAC;IACJ,CAAC;IACD,IAAI,oBAAoB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QACjD,OAAO,EAAE,OAAO,EAAE,8CAA8C,EAAE,CAAC;IACrE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAeD,MAAM,UAAU,6BAA6B,CAC3C,GAAW,EACX,MAAY,IAAI,IAAI,EAAE;IAEtB,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAGvD,IAAI,uCAAuC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACtD,OAAO;gBACL,OAAO,EAAE,0CAA0C;gBACnD,IAAI,EACF,0EAA0E;oBAC1E,8EAA8E;oBAC9E,sGAAsG;aACzG,CAAC;QACJ,CAAC;QACD,IAAI,qCAAqC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACpD,OAAO;gBACL,OAAO,EACL,gEAAgE;gBAClE,IAAI,EAAE,4GAA4G;aACnH,CAAC;QACJ,CAAC;QACD,IAAI,4BAA4B,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAC3C,OAAO;gBACL,OAAO,EAAE,2CAA2C;gBACpD,IAAI,EAAE,uCAAuC,SAAS,IAAI;aAC3D,CAAC;QACJ,CAAC;QACD,OAAO;YACL,OAAO,EAAE,sDAAsD;YAC/D,IAAI,EACF,qBAAqB,SAAS,UAAU,OAAO,kBAAkB;gBACjE,2DAA2D;gBAC3D,qDAAqD;SACxD,CAAC;IACJ,CAAC;IAED,IAAI,IAA4B,CAAC;IACjC,IAAI,CAAC;QACH,IAAI,GAAG,IAAI,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,OAAO,EAAE,6BAA6B;YACtC,IAAI,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACvD,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;QACb,OAAO;YACL,OAAO,EAAE,yCAAyC;YAClD,IAAI,EACF,kEAAkE;gBAClE,wEAAwE;gBACxE,gCAAgC;SACnC,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,IAAI,OAAO,GAAG,GAAG,EAAE,CAAC;QACtD,OAAO;YACL,OAAO,EAAE,4CAA4C,IAAI,CAAC,OAAO,GAAG;SACrE,CAAC;IACJ,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,IAAI,EAAE,IAAI,CAAC,EAAE;KACd,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,MAA+C;IAE/C,OAAO,SAAS,IAAI,MAAM,CAAC;AAC7B,CAAC","sourcesContent":["import crypto from \"node:crypto\";\n\nconst MAX_NAME_LENGTH = 120;\nconst PEM_BEGIN = \"-----BEGIN CERTIFICATE-----\";\nconst PEM_END = \"-----END CERTIFICATE-----\";\nconst JS_VARIABLE_REGEX = /^[a-zA-Z_$][a-zA-Z0-9_$]*$/;\n\n// Kept in sync with tenant-api's reservedKeywords list in\n// apps/tenant-api/src/utils/certificate-validation.ts. Updating one without\n// the other lets bad names slip past the CLI and fail on the server.\nconst JS_RESERVED_KEYWORDS = new Set([\n \"break\",\n \"case\",\n \"catch\",\n \"class\",\n \"const\",\n \"continue\",\n \"debugger\",\n \"default\",\n \"delete\",\n \"do\",\n \"else\",\n \"export\",\n \"extends\",\n \"finally\",\n \"for\",\n \"function\",\n \"if\",\n \"import\",\n \"in\",\n \"instanceof\",\n \"let\",\n \"new\",\n \"return\",\n \"super\",\n \"switch\",\n \"this\",\n \"throw\",\n \"try\",\n \"typeof\",\n \"var\",\n \"void\",\n \"while\",\n \"with\",\n \"yield\",\n \"enum\",\n \"implements\",\n \"interface\",\n \"package\",\n \"private\",\n \"protected\",\n \"public\",\n \"static\",\n \"await\",\n]);\n\nexport interface ValidationError {\n message: string;\n hint?: string;\n}\n\n// Mirrors tenant-api's validateCertificateName so the CLI rejects bad names\n// before a network round trip.\nexport function validateName(name: string): ValidationError | null {\n if (name.length === 0) {\n return { message: \"Name cannot be empty\" };\n }\n if (name.length > MAX_NAME_LENGTH) {\n return {\n message: `Name must be ${MAX_NAME_LENGTH} characters or fewer (got ${name.length})`,\n };\n }\n if (!JS_VARIABLE_REGEX.test(name)) {\n return {\n message:\n \"Name must be a valid JavaScript variable name (start with a letter, _, or $, and contain only letters, digits, _, or $)\",\n };\n }\n if (JS_RESERVED_KEYWORDS.has(name.toLowerCase())) {\n return { message: \"Name cannot be a JavaScript reserved keyword\" };\n }\n return null;\n}\n\nexport interface PemCertificateDetails {\n subject: string;\n issuer: string;\n validFrom: string;\n validTo: string;\n serialNumber: string;\n isCa: boolean;\n}\n\n// Mirrors tenant-api's parseCertificateWithDetails. Returns the parsed\n// certificate details or a ValidationError that the CLI can surface directly,\n// avoiding a round trip when the input is obviously wrong.\n// `now` is injectable for testing the expiry branch portably.\nexport function parseAndValidateCaCertificate(\n pem: string,\n now: Date = new Date()\n): PemCertificateDetails | ValidationError {\n if (!pem.includes(PEM_BEGIN) || !pem.includes(PEM_END)) {\n // Detect common PEM header variants so the hint actually matches the\n // mistake the user made.\n if (/-----BEGIN [A-Z0-9 ]*PRIVATE KEY-----/.test(pem)) {\n return {\n message: \"File is a private key, not a certificate\",\n hint:\n \"The `--cert` flag expects the public CA certificate, not a private key. \" +\n \"CA certs only contain the public half; the private key stays with your PKI. \" +\n \"If your CA is bundled in a single PEM file, pass it as-is — the certificate block will be picked up.\",\n };\n }\n if (/-----BEGIN CERTIFICATE REQUEST-----/.test(pem)) {\n return {\n message:\n \"File is a certificate signing request (CSR), not a certificate\",\n hint: \"A CSR is the request you send to a CA to get a certificate issued. Pass the issued CA certificate instead.\",\n };\n }\n if (/-----BEGIN [A-Z0-9 ]+-----/.test(pem)) {\n return {\n message: \"File is a PEM block but not a certificate\",\n hint: `Expected a PEM block starting with \"${PEM_BEGIN}\".`,\n };\n }\n return {\n message: \"File does not appear to be a PEM-encoded certificate\",\n hint:\n `Expected to find \"${PEM_BEGIN}\" and \"${PEM_END}\" in the file.\\n` +\n \"If you have a DER-encoded certificate, convert it with:\\n\" +\n \" openssl x509 -in <file> -inform der -out cert.pem\",\n };\n }\n\n let cert: crypto.X509Certificate;\n try {\n cert = new crypto.X509Certificate(pem);\n } catch (err) {\n return {\n message: \"Failed to parse certificate\",\n hint: err instanceof Error ? err.message : String(err),\n };\n }\n\n if (!cert.ca) {\n return {\n message: \"The certificate is not a CA certificate\",\n hint:\n \"Expected a certificate with the CA basic constraint set to TRUE \" +\n \"(typically the root or intermediate CA that signs your client certs), \" +\n \"not a leaf/client certificate.\",\n };\n }\n\n const validTo = new Date(cert.validTo);\n if (!Number.isNaN(validTo.getTime()) && validTo < now) {\n return {\n message: `Certificate has already expired (validTo=${cert.validTo})`,\n };\n }\n\n return {\n subject: cert.subject,\n issuer: cert.issuer,\n validFrom: cert.validFrom,\n validTo: cert.validTo,\n serialNumber: cert.serialNumber,\n isCa: cert.ca,\n };\n}\n\nexport function isValidationError(\n result: PemCertificateDetails | ValidationError\n): result is ValidationError {\n return \"message\" in result;\n}\n"]}

package/dist/ca-certificate/validation.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=validation.test.d.ts.map

package/dist/ca-certificate/validation.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"validation.test.d.ts","sourceRoot":"","sources":["../../src/ca-certificate/validation.test.ts"],"names":[],"mappings":""}

package/dist/ca-certificate/validation.test.js ADDED Viewed

@@ -0,0 +1,131 @@
+import assert from "node:assert";
+import { describe, it } from "node:test";
+import { isValidationError, parseAndValidateCaCertificate, validateName, } from "./validation.js";
+const CA_PEM = `-----BEGIN CERTIFICATE-----
+MIIC5jCCAc6gAwIBAgIUB4s5BPjuGshWHSZKkNIJJ7W7alkwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBjYTAgFw0yNjA1MTMwMDA1NDFaGA8yMTI2MDQx
+OTAwMDU0MVowEjEQMA4GA1UEAwwHVGVzdCBjYTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAK+8kcIOYXC5SKCnnEmddLKiVSon8NoLn8RABel0op+5i3J2
+pnDBBWOy2nT5qWRI2N0tTK4tQn/jaGeiBP0BUu4z+Y/pcglveexyFWhtFstHyyUr
+yiwhBhX3NEWHZGr/VShriKxojnTwWONpgQwq7On7k+We3JK7IEASvKLxhC1+hcch
+CwP67zGDF6qJrfjBfdPSRoW8OomioTRyb7MyrWvRpKm/0rj9NYc7MxMYbgVffE6y
+IVQ4UCsVw74DdebfdzBSJOwNa+2Fe8AwQ3QMVbzfE3qs6+nviQ1EJA/h0kWgIrCI
+3JvGpJinI0kDXEYx/4BTHVNfg1UdCOqPxxdrS18CAwEAAaMyMDAwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQUuku+yW29ASY8vCZ7fBVA6L3r28YwDQYJKoZIhvcN
+AQELBQADggEBAFaYAde91xdpST+LlokhbWanr8xiUr7jdHemjxGvBi/Zxs2VQIj2
++1Bh0dpxGk670nSc/Bq8jcivoiGoaRxT5rFVhtQOpYLgo+wKqNoYfEoEPrIrT4PO
+seBrdMa9cduhs/Nx11Vgf5N56KomRO1a4AaIcvh6uGxrf1jfaCjaAKWTNNd9luzo
+/IsRikl4QN0pZ1lIxdOdVMFhCp8V/+oEO6aw2FhFZlZKA+XLELHQzPBpuubQocuT
+9dLovPbpFD2UwgvpjXQYjpr5btZx+iupHfiXq7WI6EI3eG5UgTuOpK8g9rLDiX9f
+ArcSyj6/ZV+MDtaEHyEJBdsp//aT6Kfpoek=
+-----END CERTIFICATE-----
+`;
+const LEAF_PEM = `-----BEGIN CERTIFICATE-----
+MIIC5zCCAc+gAwIBAgIUFG0P6P6J4YoBLyRH2pjt7RdV9sAwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJVGVzdCBsZWFmMCAXDTI2MDUxMzAwMDU0MVoYDzIxMjYw
+NDE5MDAwNTQxWjAUMRIwEAYDVQQDDAlUZXN0IGxlYWYwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDc1H+Z9qbmSsTR1tDVEvMN94ayec1UZ/17eIDY55ho
+N5UA3Blho2xLeXvWWpKpo6wTXONzpNak8qhccIGsuIogpparkYYPBG+86cofnGDC
+m/T9wa8eLTvyrIyPfUjkYVU7Gfmsq08pF/GZHIHcJg/xdTOLKE8WgJi15zwi1ZOE
+z/OtpGKlX2pnM7aq6mzUqamWo2WBPpFdtdLfCBtnUkoNtxWmn98Xj/AaoiBR0UAI
+C8UQAEAv3yaZ8pBZoLLn68kFgkOdNAPnX2zi6B6uk7LWA90JUneL+fPb/89muxl+
+uQ4NGgWINtG23OtELLtUIuNiZxEFEO0mxf+0pIYa/1VTAgMBAAGjLzAtMAwGA1Ud
+EwEB/wQCMAAwHQYDVR0OBBYEFP5YdepOBrpmYPdem5awTb3ByLZ7MA0GCSqGSIb3
+DQEBCwUAA4IBAQBZ9Bl8IcQ9VYxTQgO1U9wB+LcHJ2WXqVSQTlz+qwd+tyfnv0PM
+O5/ouSYiCj3IBQ42N3z+QhLgZgvfGcC6qFvG67A1WV7n7ZV5D7Yb9CqE+NPUbx3V
+3GFBkIAv7U+4TKYPSK2YPXCb/D3rtel2j31tcMtODoT0LrHbwaOCGd8G+15rxBjP
+dfHuC/nYYeKsplDhcdfemel73WbNzuqGNliQhEqhtlpGOhciHpd1Zlm7OgUINmCr
+rfRfSGvBGDkuNRQIEhnFZXYhD0iCM/6D56/VykaqaQz+bPr04d0e0KvusFGsmapN
+zC0Ztm1aNp0wB0vPNoEJrpQEmkB80cR1DXVR
+-----END CERTIFICATE-----
+`;
+describe("validateName", () => {
+    it("accepts valid names", () => {
+        assert.strictEqual(validateName("my_ca"), null);
+        assert.strictEqual(validateName("CA1"), null);
+        assert.strictEqual(validateName("$abc"), null);
+        assert.strictEqual(validateName("_underscore"), null);
+    });
+    it("rejects empty names", () => {
+        const result = validateName("");
+        assert.ok(result);
+        assert.match(result.message, /empty/i);
+    });
+    it("rejects names over 120 characters", () => {
+        const result = validateName("a".repeat(121));
+        assert.ok(result);
+        assert.match(result.message, /120 characters/);
+    });
+    it("rejects names starting with a digit", () => {
+        const result = validateName("1ca");
+        assert.ok(result);
+        assert.match(result.message, /JavaScript variable name/);
+    });
+    it("rejects names with hyphens or spaces", () => {
+        assert.ok(validateName("my-ca"));
+        assert.ok(validateName("my ca"));
+        assert.ok(validateName("ca.example"));
+    });
+    it("rejects JavaScript reserved keywords", () => {
+        for (const keyword of ["class", "delete", "import", "return", "await"]) {
+            const result = validateName(keyword);
+            assert.ok(result, `expected ${keyword} to be rejected`);
+            assert.match(result.message, /reserved keyword/);
+        }
+    });
+    it("rejects reserved keywords case-insensitively", () => {
+        assert.ok(validateName("CLASS"));
+        assert.ok(validateName("Delete"));
+    });
+});
+describe("parseAndValidateCaCertificate", () => {
+    it("rejects garbage input", () => {
+        const result = parseAndValidateCaCertificate("not a certificate");
+        assert.ok(isValidationError(result));
+        assert.match(result.message, /PEM-encoded/);
+        assert.match(result.hint ?? "", /openssl x509.*-inform der/);
+    });
+    it("rejects a PKCS#8 private key with a key-specific hint", () => {
+        const pem = `-----BEGIN PRIVATE KEY-----\nfoo\n-----END PRIVATE KEY-----`;
+        const result = parseAndValidateCaCertificate(pem);
+        assert.ok(isValidationError(result));
+        assert.match(result.message, /private key/i);
+        assert.match(result.hint ?? "", /public CA certificate/);
+    });
+    it("rejects an RSA private key with a key-specific hint", () => {
+        const pem = `-----BEGIN RSA PRIVATE KEY-----\nfoo\n-----END RSA PRIVATE KEY-----`;
+        const result = parseAndValidateCaCertificate(pem);
+        assert.ok(isValidationError(result));
+        assert.match(result.message, /private key/i);
+    });
+    it("rejects a CSR with a CSR-specific hint", () => {
+        const pem = `-----BEGIN CERTIFICATE REQUEST-----\nfoo\n-----END CERTIFICATE REQUEST-----`;
+        const result = parseAndValidateCaCertificate(pem);
+        assert.ok(isValidationError(result));
+        assert.match(result.message, /CSR|signing request/i);
+    });
+    it("rejects a PEM-shaped but corrupt certificate", () => {
+        const pem = `-----BEGIN CERTIFICATE-----\nnot-real-base64\n-----END CERTIFICATE-----`;
+        const result = parseAndValidateCaCertificate(pem);
+        assert.ok(isValidationError(result));
+        assert.match(result.message, /Failed to parse/);
+    });
+    it("accepts a valid CA certificate", () => {
+        const result = parseAndValidateCaCertificate(CA_PEM);
+        assert.ok(!isValidationError(result), JSON.stringify(result));
+        assert.strictEqual(result.isCa, true);
+        assert.match(result.subject, /Test ca/i);
+    });
+    it("rejects a leaf (non-CA) certificate", () => {
+        const result = parseAndValidateCaCertificate(LEAF_PEM);
+        assert.ok(isValidationError(result));
+        assert.match(result.message, /not a CA certificate/);
+    });
+    it("rejects a CA certificate that is expired relative to `now`", () => {
+        const farFuture = new Date("2200-01-01T00:00:00Z");
+        const result = parseAndValidateCaCertificate(CA_PEM, farFuture);
+        assert.ok(isValidationError(result));
+        assert.match(result.message, /expired/);
+    });
+});
+//# sourceMappingURL=validation.test.js.map