fe4dffde15
Adds single-use enrollment token table, service, and controller enabling remote peer gateways to enroll into a pending federation grant via CSR submission. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
36 lines
976 B
TypeScript
36 lines
976 B
TypeScript
/**
|
|
* DTOs for the federation enrollment flow (FED-M2-07).
|
|
*
|
|
* CreateEnrollmentTokenDto — admin generates a single-use enrollment token
|
|
* RedeemEnrollmentTokenDto — remote peer submits CSR to redeem the token
|
|
*/
|
|
|
|
import { IsInt, IsNotEmpty, IsOptional, IsString, IsUUID, Max, Min } from 'class-validator';
|
|
|
|
export class CreateEnrollmentTokenDto {
|
|
/** UUID of the federation grant this token will activate on redemption. */
|
|
@IsUUID()
|
|
grantId!: string;
|
|
|
|
/** UUID of the peer record that will receive the issued cert on redemption. */
|
|
@IsUUID()
|
|
peerId!: string;
|
|
|
|
/**
|
|
* Token lifetime in seconds. Default 900 (15 min). Min 60. Max 900.
|
|
* After this time the token is rejected even if unused.
|
|
*/
|
|
@IsOptional()
|
|
@IsInt()
|
|
@Min(60)
|
|
@Max(900)
|
|
ttlSeconds: number = 900;
|
|
}
|
|
|
|
export class RedeemEnrollmentTokenDto {
|
|
/** PEM-encoded PKCS#10 Certificate Signing Request from the remote peer. */
|
|
@IsString()
|
|
@IsNotEmpty()
|
|
csrPem!: string;
|
|
}
|