signalk-ssl 0.1.6 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/plugin/crypto.d.ts
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import 'reflect-metadata';
|
|
1
2
|
import type { FingerprintAlgorithm, GenerateCaInput, GeneratedCa, SignLeafInput, SignedLeaf } from './types.js';
|
|
2
3
|
export declare const generateKeyPair: () => Promise<CryptoKeyPair>;
|
|
3
4
|
export declare const generateCa: (input: GenerateCaInput) => Promise<GeneratedCa>;
|
package/dist/plugin/crypto.js
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
// `@peculiar/x509` v2 wires `tsyringe` for DI, which requires the
|
|
2
|
+
// reflect-metadata polyfill loaded before any peculiar/x509 import is
|
|
3
|
+
// resolved. Putting it first in this file guarantees the side-effect
|
|
4
|
+
// runs ahead of every other import the module-graph pulls below.
|
|
5
|
+
import 'reflect-metadata';
|
|
1
6
|
import { createPrivateKey, randomBytes, webcrypto } from 'node:crypto';
|
|
2
7
|
import { AuthorityKeyIdentifierExtension, BasicConstraintsExtension, cryptoProvider, ExtendedKeyUsage, ExtendedKeyUsageExtension, KeyUsageFlags, KeyUsagesExtension, SubjectAlternativeNameExtension, SubjectKeyIdentifierExtension, X509Certificate, X509CertificateGenerator } from '@peculiar/x509';
|
|
3
8
|
// Build the DN as a structured JsonName so @peculiar/x509 handles RFC 4514
|
package/dist/plugin/index.d.ts
CHANGED
package/dist/plugin/index.js
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
// `@peculiar/x509` v2 (transitively imported via ./service -> ./crypto)
|
|
2
|
+
// requires reflect-metadata to be loaded before any peculiar/x509 import
|
|
3
|
+
// resolves. Side-effect import placed first to satisfy the polyfill order
|
|
4
|
+
// at module-graph resolution time.
|
|
5
|
+
import 'reflect-metadata';
|
|
1
6
|
import { CertStore } from './storage.js';
|
|
2
7
|
import { PassphraseSource } from './passphrase-source.js';
|
|
3
8
|
import { SslService } from './service.js';
|
package/dist/plugin/schema.d.ts
CHANGED
|
@@ -4,8 +4,8 @@ export declare const SansSchema: import("@sinclair/typebox").TObject<{
|
|
|
4
4
|
ipAddresses: import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>;
|
|
5
5
|
}>;
|
|
6
6
|
export declare const ImportSchema: import("@sinclair/typebox").TObject<{
|
|
7
|
-
caCertPath: import("@sinclair/typebox").TString
|
|
8
|
-
caKeyPath: import("@sinclair/typebox").TString
|
|
7
|
+
caCertPath: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
8
|
+
caKeyPath: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
9
9
|
}>;
|
|
10
10
|
export declare const ConfigSchema: import("@sinclair/typebox").TObject<{
|
|
11
11
|
mode: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TLiteral<"generate">, import("@sinclair/typebox").TLiteral<"import">]>;
|
|
@@ -19,8 +19,8 @@ export declare const ConfigSchema: import("@sinclair/typebox").TObject<{
|
|
|
19
19
|
}>;
|
|
20
20
|
passphraseMode: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TLiteral<"env">, import("@sinclair/typebox").TLiteral<"webapp">, import("@sinclair/typebox").TLiteral<"convenience">]>;
|
|
21
21
|
import: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TObject<{
|
|
22
|
-
caCertPath: import("@sinclair/typebox").TString
|
|
23
|
-
caKeyPath: import("@sinclair/typebox").TString
|
|
22
|
+
caCertPath: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
23
|
+
caKeyPath: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
24
24
|
}>>;
|
|
25
25
|
renewalThresholdDays: import("@sinclair/typebox").TInteger;
|
|
26
26
|
clockSkewHours: import("@sinclair/typebox").TInteger;
|
package/dist/plugin/schema.js
CHANGED
|
@@ -4,8 +4,19 @@ export const SansSchema = Type.Object({
|
|
|
4
4
|
ipAddresses: Type.Array(Type.String(), { default: [] })
|
|
5
5
|
}, { title: 'Subject Alternative Names' });
|
|
6
6
|
export const ImportSchema = Type.Object({
|
|
7
|
-
caCertPath: Type.String({
|
|
8
|
-
|
|
7
|
+
caCertPath: Type.Optional(Type.String({
|
|
8
|
+
title: 'CA certificate file path',
|
|
9
|
+
description: 'Only used when mode = import. Leave blank for generate mode.',
|
|
10
|
+
default: ''
|
|
11
|
+
})),
|
|
12
|
+
caKeyPath: Type.Optional(Type.String({
|
|
13
|
+
title: 'CA private-key file path (encrypted PKCS#8)',
|
|
14
|
+
description: 'Only used when mode = import. Leave blank for generate mode.',
|
|
15
|
+
default: ''
|
|
16
|
+
}))
|
|
17
|
+
}, {
|
|
18
|
+
title: 'Import (only used when mode = import)',
|
|
19
|
+
description: 'Paths to an existing CA cert + encrypted private key on disk. Ignored in generate mode.'
|
|
9
20
|
});
|
|
10
21
|
export const ConfigSchema = Type.Object({
|
|
11
22
|
mode: Type.Union([Type.Literal('generate'), Type.Literal('import')], {
|
package/dist/plugin/service.js
CHANGED
|
@@ -72,12 +72,15 @@ export class SslService {
|
|
|
72
72
|
}
|
|
73
73
|
async importCa(passphrase) {
|
|
74
74
|
const importCfg = this.deps.config.import;
|
|
75
|
-
|
|
76
|
-
|
|
75
|
+
const caCertPath = importCfg?.caCertPath ?? '';
|
|
76
|
+
const caKeyPath = importCfg?.caKeyPath ?? '';
|
|
77
|
+
if (caCertPath === '' || caKeyPath === '') {
|
|
78
|
+
throw new Error('import mode requires both "Import → CA certificate file path" and ' +
|
|
79
|
+
'"Import → CA private-key file path (encrypted PKCS#8)" to be set in the plugin config.');
|
|
77
80
|
}
|
|
78
81
|
const [certificatePem, encryptedKeyPem] = await Promise.all([
|
|
79
|
-
readFile(
|
|
80
|
-
readFile(
|
|
82
|
+
readFile(caCertPath, 'utf8'),
|
|
83
|
+
readFile(caKeyPath, 'utf8')
|
|
81
84
|
]);
|
|
82
85
|
// Validate the key actually decrypts before persisting — fail fast.
|
|
83
86
|
await decryptPrivateKeyPkcs8(encryptedKeyPem, passphrase);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "signalk-ssl",
|
|
3
|
-
"version": "0.1
|
|
3
|
+
"version": "0.2.1",
|
|
4
4
|
"description": "SSL/TLS certificate management plugin for SignalK Node Server — generate a local CA, issue server certs, distribute the root via QR to phones/tablets",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/plugin/index.js",
|
|
@@ -64,12 +64,13 @@
|
|
|
64
64
|
"@signalk/server-api": "^2.0.0"
|
|
65
65
|
},
|
|
66
66
|
"dependencies": {
|
|
67
|
-
"@peculiar/x509": "^
|
|
67
|
+
"@peculiar/x509": "^2.0.0",
|
|
68
68
|
"@sinclair/typebox": "^0.34.49",
|
|
69
|
-
"qrcode": "^1.5.4"
|
|
69
|
+
"qrcode": "^1.5.4",
|
|
70
|
+
"reflect-metadata": "^0.2.2"
|
|
70
71
|
},
|
|
71
72
|
"devDependencies": {
|
|
72
|
-
"@eslint/js": "^
|
|
73
|
+
"@eslint/js": "^10.0.1",
|
|
73
74
|
"@hookform/resolvers": "^5.4.0",
|
|
74
75
|
"@signalk/server-api": "^2.0.0",
|
|
75
76
|
"@tailwindcss/vite": "^4.3.0",
|
|
@@ -82,8 +83,8 @@
|
|
|
82
83
|
"@types/react": "^19.2.15",
|
|
83
84
|
"@types/react-dom": "^19.2.3",
|
|
84
85
|
"@vitejs/plugin-react": "^6.0.2",
|
|
85
|
-
"@vitest/coverage-v8": "^
|
|
86
|
-
"eslint": "^
|
|
86
|
+
"@vitest/coverage-v8": "^4.1.7",
|
|
87
|
+
"eslint": "^10.4.0",
|
|
87
88
|
"eslint-config-prettier": "^10.1.8",
|
|
88
89
|
"eslint-plugin-prettier": "^5.5.4",
|
|
89
90
|
"jsdom": "^29.1.1",
|
|
@@ -96,7 +97,7 @@
|
|
|
96
97
|
"typescript": "^6.0.3",
|
|
97
98
|
"typescript-eslint": "^8.33.1",
|
|
98
99
|
"vite": "^8.0.14",
|
|
99
|
-
"vitest": "^
|
|
100
|
+
"vitest": "^4.1.7",
|
|
100
101
|
"wouter": "^3.10.0",
|
|
101
102
|
"zod": "^4.4.3"
|
|
102
103
|
}
|