• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1"use strict";
2Object.defineProperty(exports, "__esModule", { value: true });
3exports.CAClient = void 0;
4const error_1 = require("../error");
5const external_1 = require("../external");
6const format_1 = require("./format");
7class CAClient {
8    constructor(options) {
9        this.fulcio = new external_1.Fulcio({
10            baseURL: options.fulcioBaseURL,
11            retry: options.retry,
12            timeout: options.timeout,
13        });
14    }
15    async createSigningCertificate(identityToken, publicKey, challenge) {
16        const request = (0, format_1.toCertificateRequest)(identityToken, publicKey, challenge);
17        try {
18            const resp = await this.fulcio.createSigningCertificate(request);
19            // Account for the fact that the response may contain either a
20            // signedCertificateEmbeddedSct or a signedCertificateDetachedSct.
21            const cert = resp.signedCertificateEmbeddedSct
22                ? resp.signedCertificateEmbeddedSct
23                : resp.signedCertificateDetachedSct;
24            // Return the first certificate in the chain, which is the signing
25            // certificate. Specifically not returning the rest of the chain to
26            // mitigate the risk of errors when verifying the certificate chain.
27            // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
28            return cert.chain.certificates.slice(0, 1);
29        }
30        catch (err) {
31            throw new error_1.InternalError({
32                code: 'CA_CREATE_SIGNING_CERTIFICATE_ERROR',
33                message: 'error creating signing certificate',
34                cause: err,
35            });
36        }
37    }
38}
39exports.CAClient = CAClient;
40