harperdb 4.7.0-beta.3 → 4.7.0-beta.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/bin/harperdb.js +79 -79
- package/bin/lite.js +77 -77
- package/config/yaml/defaultConfig.yaml +1 -1
- package/json/systemSchema.json +30 -0
- package/launchServiceScripts/launchNatsIngestService.js +77 -77
- package/launchServiceScripts/launchNatsReplyService.js +77 -77
- package/launchServiceScripts/launchUpdateNodes4-0-0.js +77 -77
- package/npm-shrinkwrap.json +299 -291
- package/package.json +3 -1
- package/resources/Table.d.ts +34 -34
- package/resources/blob.d.ts +6 -3
- package/resources/openApi.d.ts +27 -0
- package/security/certificateVerification/certificateVerificationSource.d.ts +18 -0
- package/security/certificateVerification/configValidation.d.ts +14 -0
- package/security/certificateVerification/crlVerification.d.ts +29 -0
- package/security/certificateVerification/index.d.ts +31 -0
- package/security/certificateVerification/ocspVerification.d.ts +23 -0
- package/security/certificateVerification/types.d.ts +105 -0
- package/security/certificateVerification/verificationConfig.d.ts +29 -0
- package/security/certificateVerification/verificationUtils.d.ts +79 -0
- package/server/jobs/jobProcess.js +77 -77
- package/server/operationsServer.d.ts +13 -3
- package/server/replication/replicator.d.ts +6 -0
- package/server/threads/threadServer.js +77 -77
- package/studio/web/assets/index-BsZJSz4i.js +1 -0
- package/studio/web/assets/index-BwVqw4zI.js +453 -0
- package/studio/web/assets/index-OpljqLtb.css +4 -0
- package/studio/web/assets/profiler-CW5dV_9B.js +1 -0
- package/studio/web/assets/startRecording--YUj61DT.js +2 -0
- package/studio/web/index.html +2 -2
- package/studio/web/running.html +90 -0
- package/utility/hdbTerms.d.ts +22 -3
- package/utility/scripts/restartHdb.js +77 -77
- package/security/certificateVerification.d.ts +0 -87
- package/studio/web/assets/index-BqOgGOeU.js +0 -445
- package/studio/web/assets/index-C4VX60Fd.js +0 -1
- package/studio/web/assets/index-Dj8x6atJ.css +0 -4
- package/studio/web/assets/profiler-OUXA1uul.js +0 -1
- package/studio/web/assets/startRecording-D8PRkhto.js +0 -2
- /package/security/{pkijs-ed25519-patch.d.ts → certificateVerification/pkijs-ed25519-patch.d.ts} +0 -0
|
@@ -1,87 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Certificate verification for mTLS authentication
|
|
3
|
-
*
|
|
4
|
-
* This module provides certificate revocation checking for client certificates
|
|
5
|
-
* in mutual TLS (mTLS) connections. Currently supports OCSP (Online Certificate
|
|
6
|
-
* Status Protocol) with the ability to add CRL (Certificate Revocation List) support.
|
|
7
|
-
* Uses a system table, hdb_certificate_cache, for a certificate verification
|
|
8
|
-
* status cache.
|
|
9
|
-
*
|
|
10
|
-
* Default configuration:
|
|
11
|
-
* - Enabled by default when mTLS is configured
|
|
12
|
-
* - Timeout: 5 seconds
|
|
13
|
-
* - Cache TTL: 1 hour (success results)
|
|
14
|
-
* - Error Cache TTL: 5 minutes (error results, for faster recovery)
|
|
15
|
-
* - Failure mode: fail-open (allows connections if verification fails)
|
|
16
|
-
*/
|
|
17
|
-
import './pkijs-ed25519-patch.ts';
|
|
18
|
-
interface CertificateVerificationResult {
|
|
19
|
-
valid: boolean;
|
|
20
|
-
status: string;
|
|
21
|
-
cached?: boolean;
|
|
22
|
-
error?: string;
|
|
23
|
-
method?: 'ocsp' | 'crl' | 'disabled';
|
|
24
|
-
}
|
|
25
|
-
interface PeerCertificate {
|
|
26
|
-
subject?: {
|
|
27
|
-
CN?: string;
|
|
28
|
-
[key: string]: any;
|
|
29
|
-
};
|
|
30
|
-
raw?: Buffer;
|
|
31
|
-
issuerCertificate?: PeerCertificate;
|
|
32
|
-
}
|
|
33
|
-
interface CertificateVerificationConfig {
|
|
34
|
-
timeout?: number;
|
|
35
|
-
cacheTtl?: number;
|
|
36
|
-
errorCacheTtl?: number;
|
|
37
|
-
failureMode?: 'fail-open' | 'fail-closed';
|
|
38
|
-
}
|
|
39
|
-
interface CertificateChainEntry {
|
|
40
|
-
cert: Buffer;
|
|
41
|
-
issuer?: Buffer;
|
|
42
|
-
}
|
|
43
|
-
/**
|
|
44
|
-
* Determine if certificate verification should be performed based on configuration
|
|
45
|
-
* @param mtlsConfig - The mTLS configuration (can be boolean or object)
|
|
46
|
-
* @returns Configuration object or false if verification is disabled
|
|
47
|
-
*/
|
|
48
|
-
export declare function getCertificateVerificationConfig(mtlsConfig: boolean | Record<string, any> | null | undefined): false | CertificateVerificationConfig;
|
|
49
|
-
/**
|
|
50
|
-
* Verify certificate revocation status
|
|
51
|
-
* @param peerCertificate - Peer certificate object from TLS connection
|
|
52
|
-
* @param mtlsConfig - The mTLS configuration from the request
|
|
53
|
-
* @returns Promise resolving to verification result
|
|
54
|
-
*/
|
|
55
|
-
export declare function verifyCertificate(peerCertificate: PeerCertificate, mtlsConfig?: boolean | Record<string, any> | null): Promise<CertificateVerificationResult>;
|
|
56
|
-
/**
|
|
57
|
-
* Verify OCSP status of a client certificate
|
|
58
|
-
* @param certPem - Client certificate in PEM format or Buffer
|
|
59
|
-
* @param issuerPem - Issuer (CA) certificate in PEM format or Buffer
|
|
60
|
-
* @param config - Optional configuration object
|
|
61
|
-
* @param config.timeout - OCSP request timeout in milliseconds (default: 5000)
|
|
62
|
-
* @param config.cacheTtl - Cache TTL for successful results in milliseconds (default: 3600000)
|
|
63
|
-
* @param config.errorCacheTtl - Cache TTL for error results in milliseconds (default: 300000)
|
|
64
|
-
* @param config.failureMode - How to handle OCSP failures: 'fail-open' | 'fail-closed' (default: 'fail-open')
|
|
65
|
-
* @returns Promise resolving to verification result
|
|
66
|
-
*/
|
|
67
|
-
export declare function verifyOCSP(certPem: Buffer | string, issuerPem: Buffer | string, config?: CertificateVerificationConfig): Promise<CertificateVerificationResult>;
|
|
68
|
-
/**
|
|
69
|
-
* Set TTL configuration for the certificate cache
|
|
70
|
-
* @param ttlConfig - Configuration for cache expiration and eviction
|
|
71
|
-
*/
|
|
72
|
-
export declare function setCertificateCacheTTL(ttlConfig: {
|
|
73
|
-
expiration: number;
|
|
74
|
-
eviction?: number;
|
|
75
|
-
scanInterval?: number;
|
|
76
|
-
}): void;
|
|
77
|
-
/**
|
|
78
|
-
* Convert a buffer to PEM format
|
|
79
|
-
*/
|
|
80
|
-
export declare function bufferToPem(buffer: Buffer, type: string): string;
|
|
81
|
-
/**
|
|
82
|
-
* Extract certificate chain from peer certificate object
|
|
83
|
-
* @param peerCertificate - Peer certificate object from TLS connection
|
|
84
|
-
* @returns Certificate chain
|
|
85
|
-
*/
|
|
86
|
-
export declare function extractCertificateChain(peerCertificate: PeerCertificate): CertificateChainEntry[];
|
|
87
|
-
export {};
|