1"use strict"; 2Object.defineProperty(exports, "__esModule", { value: true }); 3exports.CAClient = void 0; 4const error_1 = require("../error"); 5const external_1 = require("../external"); 6const format_1 = require("./format"); 7class CAClient { 8 constructor(options) { 9 this.fulcio = new external_1.Fulcio({ 10 baseURL: options.fulcioBaseURL, 11 retry: options.retry, 12 timeout: options.timeout, 13 }); 14 } 15 async createSigningCertificate(identityToken, publicKey, challenge) { 16 const request = (0, format_1.toCertificateRequest)(identityToken, publicKey, challenge); 17 try { 18 const resp = await this.fulcio.createSigningCertificate(request); 19 // Account for the fact that the response may contain either a 20 // signedCertificateEmbeddedSct or a signedCertificateDetachedSct. 21 const cert = resp.signedCertificateEmbeddedSct 22 ? resp.signedCertificateEmbeddedSct 23 : resp.signedCertificateDetachedSct; 24 // Return the first certificate in the chain, which is the signing 25 // certificate. Specifically not returning the rest of the chain to 26 // mitigate the risk of errors when verifying the certificate chain. 27 // eslint-disable-next-line @typescript-eslint/no-non-null-assertion 28 return cert.chain.certificates.slice(0, 1); 29 } 30 catch (err) { 31 throw new error_1.InternalError({ 32 code: 'CA_CREATE_SIGNING_CERTIFICATE_ERROR', 33 message: 'error creating signing certificate', 34 cause: err, 35 }); 36 } 37 } 38} 39exports.CAClient = CAClient; 40