58 lines
1.5 KiB
TypeScript
58 lines
1.5 KiB
TypeScript
/**
|
|
* DTOs for the Step-CA client service (FED-M2-04).
|
|
*
|
|
* IssueCertRequestDto — input to CaService.issueCert()
|
|
* IssuedCertDto — output from CaService.issueCert()
|
|
*/
|
|
|
|
import { IsInt, IsNotEmpty, IsOptional, IsString, IsUUID, Max, Min } from 'class-validator';
|
|
|
|
export class IssueCertRequestDto {
|
|
/**
|
|
* PEM-encoded PKCS#10 Certificate Signing Request.
|
|
* The CSR must already include the desired SANs.
|
|
*/
|
|
@IsString()
|
|
@IsNotEmpty()
|
|
csrPem!: string;
|
|
|
|
/**
|
|
* UUID of the federation_grants row this certificate is being issued for.
|
|
* Embedded as the `mosaic_grant_id` custom OID extension.
|
|
*/
|
|
@IsUUID()
|
|
grantId!: string;
|
|
|
|
/**
|
|
* UUID of the local user on whose behalf the cert is being issued.
|
|
* Embedded as the `mosaic_subject_user_id` custom OID extension.
|
|
*/
|
|
@IsUUID()
|
|
subjectUserId!: string;
|
|
|
|
/**
|
|
* Requested certificate validity in seconds.
|
|
* Hard cap: 900 s (15 minutes). Default: 300 s (5 minutes).
|
|
* The service will always clamp to 900 s regardless of this value.
|
|
*/
|
|
@IsOptional()
|
|
@IsInt()
|
|
@Min(60)
|
|
@Max(15 * 60)
|
|
ttlSeconds: number = 300;
|
|
}
|
|
|
|
export class IssuedCertDto {
|
|
/** PEM-encoded leaf certificate returned by step-ca. */
|
|
certPem!: string;
|
|
|
|
/**
|
|
* PEM-encoded full certificate chain (leaf + intermediates + root).
|
|
* Falls back to `certPem` when step-ca returns no `certChain` field.
|
|
*/
|
|
certChainPem!: string;
|
|
|
|
/** Decimal serial number string of the issued certificate. */
|
|
serialNumber!: string;
|
|
}
|