signalk-ssl 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/plugin/schema.d.ts +4 -4
- package/dist/plugin/schema.js +13 -2
- package/dist/plugin/service.js +7 -4
- package/package.json +1 -1
package/dist/plugin/schema.d.ts
CHANGED
|
@@ -4,8 +4,8 @@ export declare const SansSchema: import("@sinclair/typebox").TObject<{
|
|
|
4
4
|
ipAddresses: import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>;
|
|
5
5
|
}>;
|
|
6
6
|
export declare const ImportSchema: import("@sinclair/typebox").TObject<{
|
|
7
|
-
caCertPath: import("@sinclair/typebox").TString
|
|
8
|
-
caKeyPath: import("@sinclair/typebox").TString
|
|
7
|
+
caCertPath: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
8
|
+
caKeyPath: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
9
9
|
}>;
|
|
10
10
|
export declare const ConfigSchema: import("@sinclair/typebox").TObject<{
|
|
11
11
|
mode: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TLiteral<"generate">, import("@sinclair/typebox").TLiteral<"import">]>;
|
|
@@ -19,8 +19,8 @@ export declare const ConfigSchema: import("@sinclair/typebox").TObject<{
|
|
|
19
19
|
}>;
|
|
20
20
|
passphraseMode: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TLiteral<"env">, import("@sinclair/typebox").TLiteral<"webapp">, import("@sinclair/typebox").TLiteral<"convenience">]>;
|
|
21
21
|
import: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TObject<{
|
|
22
|
-
caCertPath: import("@sinclair/typebox").TString
|
|
23
|
-
caKeyPath: import("@sinclair/typebox").TString
|
|
22
|
+
caCertPath: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
23
|
+
caKeyPath: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
24
24
|
}>>;
|
|
25
25
|
renewalThresholdDays: import("@sinclair/typebox").TInteger;
|
|
26
26
|
clockSkewHours: import("@sinclair/typebox").TInteger;
|
package/dist/plugin/schema.js
CHANGED
|
@@ -4,8 +4,19 @@ export const SansSchema = Type.Object({
|
|
|
4
4
|
ipAddresses: Type.Array(Type.String(), { default: [] })
|
|
5
5
|
}, { title: 'Subject Alternative Names' });
|
|
6
6
|
export const ImportSchema = Type.Object({
|
|
7
|
-
caCertPath: Type.String({
|
|
8
|
-
|
|
7
|
+
caCertPath: Type.Optional(Type.String({
|
|
8
|
+
title: 'CA certificate file path',
|
|
9
|
+
description: 'Only used when mode = import. Leave blank for generate mode.',
|
|
10
|
+
default: ''
|
|
11
|
+
})),
|
|
12
|
+
caKeyPath: Type.Optional(Type.String({
|
|
13
|
+
title: 'CA private-key file path (encrypted PKCS#8)',
|
|
14
|
+
description: 'Only used when mode = import. Leave blank for generate mode.',
|
|
15
|
+
default: ''
|
|
16
|
+
}))
|
|
17
|
+
}, {
|
|
18
|
+
title: 'Import (only used when mode = import)',
|
|
19
|
+
description: 'Paths to an existing CA cert + encrypted private key on disk. Ignored in generate mode.'
|
|
9
20
|
});
|
|
10
21
|
export const ConfigSchema = Type.Object({
|
|
11
22
|
mode: Type.Union([Type.Literal('generate'), Type.Literal('import')], {
|
package/dist/plugin/service.js
CHANGED
|
@@ -72,12 +72,15 @@ export class SslService {
|
|
|
72
72
|
}
|
|
73
73
|
async importCa(passphrase) {
|
|
74
74
|
const importCfg = this.deps.config.import;
|
|
75
|
-
|
|
76
|
-
|
|
75
|
+
const caCertPath = importCfg?.caCertPath ?? '';
|
|
76
|
+
const caKeyPath = importCfg?.caKeyPath ?? '';
|
|
77
|
+
if (caCertPath === '' || caKeyPath === '') {
|
|
78
|
+
throw new Error('import mode requires both "Import → CA certificate file path" and ' +
|
|
79
|
+
'"Import → CA private-key file path (encrypted PKCS#8)" to be set in the plugin config.');
|
|
77
80
|
}
|
|
78
81
|
const [certificatePem, encryptedKeyPem] = await Promise.all([
|
|
79
|
-
readFile(
|
|
80
|
-
readFile(
|
|
82
|
+
readFile(caCertPath, 'utf8'),
|
|
83
|
+
readFile(caKeyPath, 'utf8')
|
|
81
84
|
]);
|
|
82
85
|
// Validate the key actually decrypts before persisting — fail fast.
|
|
83
86
|
await decryptPrivateKeyPkcs8(encryptedKeyPem, passphrase);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "signalk-ssl",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.1",
|
|
4
4
|
"description": "SSL/TLS certificate management plugin for SignalK Node Server — generate a local CA, issue server certs, distribute the root via QR to phones/tablets",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/plugin/index.js",
|