npm - @credo-ts/core - Versions diffs - 0.6.0-pr-2392-20251010173905 → 0.6.0-pr-2457-20251016083534 - Mend

@credo-ts/core 0.6.0-pr-2392-20251010173905 → 0.6.0-pr-2457-20251016083534

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (985) hide show

package/build/modules/x509/X509Certificate.d.mts CHANGED Viewed

@@ -1,7 +1,8 @@
+import { AnyUint8Array } from "../../types.mjs";
 import { CredoWebCrypto } from "../../crypto/webcrypto/CredoWebCrypto.mjs";
 import { X509CreateCertificateOptions } from "./X509ServiceOptions.mjs";
-import { AgentContext } from "../../agent/context/AgentContext.mjs";
 import { PublicJwk } from "../kms/jwk/PublicJwk.mjs";
+import { AgentContext } from "../../agent/context/AgentContext.mjs";
 import * as x509 from "@peculiar/x509";
 //#region src/modules/x509/X509Certificate.d.ts
@@ -27,18 +28,18 @@ declare enum X509ExtendedKeyUsage {
 }
 type X509CertificateOptions = {
   publicJwk: PublicJwk;
-  privateKey?: Uint8Array;
+  privateKey?: AnyUint8Array;
   x509Certificate: x509.X509Certificate;
 };
 declare class X509Certificate {
   publicJwk: PublicJwk;
-  privateKey?: Uint8Array;
+  privateKey?: AnyUint8Array;
   private x509Certificate;
   private constructor();
   set keyId(keyId: string);
   get keyId(): string;
   get hasKeyId(): boolean;
-  static fromRawCertificate(rawCertificate: Uint8Array): X509Certificate;
+  static fromRawCertificate(rawCertificate: AnyUint8Array): X509Certificate;
   static fromEncodedCertificate(encodedCertificate: string): X509Certificate;
   private static parseCertificate;
   private getMatchingExtensions;
@@ -104,7 +105,6 @@ declare class X509Certificate {
    * @param format the format to export to, defaults to `pem`
    */
   toString(format?: 'asn' | 'pem' | 'hex' | 'base64' | 'text' | 'base64url'): string;
-  private toJSON;
   equal(certificate: X509Certificate): boolean;
 }
 //#endregion

package/build/modules/x509/X509Certificate.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"X509Certificate.d.mts","names":[],"sources":["../../../src/modules/x509/X509Certificate.ts"],"sourcesContent":[],"mappings":"~~;;;;;;;aAgCY~~,YAAA;;;;EAAA,gBAAY,GAAA,CAAA;EAYZ,YAAA,GAAA,EAAA;EAUA,WAAA,GAAA,EAAA;EAAsB,OAAA,GAAA,EAAA;cACrB,GAAA,GAAA;cACE,GAAA,GAAA;;AACwB,aAb3B,oBAAA;EAgBC,UAAA,GAAA,mBAAe;EAAA,UAAA,GAAA,mBAAA;aACR,GAAA,mBAAA;iBACE,GAAA,mBAAA;cAqB6B,GAAA,mBAAA;~~aAAa~~,GAAA,mBAAA;~~OAKI~~,GAAA,iBAAA;;AAsBzC,KAxDf,sBAAA,GAwDe;aAvDd;eACE;iBA6GM,EA5GF,IAAA,CAAK,eA4GH;;AAoCiB,cA7IzB,eAAA,CA6IyB;WAAyC,EA5I3D,SA4I2D;YAAc,CAAA,EA3IvE,~~UA2IuE~~;UAAA,eAAA;UA6FvF,WAAA,CAAA;MACA,KAAA,CAAA,KAAA,EAAA,MAAA;MACA,KAAA,CAAA,CAAA,EAAA,MAAA;MAEkB,QAAA,CAAA,CAAA,EAAA,OAAA;SACN,kBAAA,CAAA,cAAA,EAxNiC,~~UAwNjC~~,CAAA,~~EAxN8C~~,~~eAwN9C~~;SAcH,sBAAA,CAAA,kBAAA,EAAA,MAAA,CAAA,EAjOqD,eAiOrD;iBAAc,gBAAA;UAiCkB,qBAAA;MAAY,cAAA,CAAA,CAAA,EA5OhC,UA4OgC,CA5OhC,WA4OgC,CAAA;;;~~IAsC~~/B,KAAA,EAAA,MAAA;EAAe,CAAA,EAAA;;;;;;;;;;;~~kBA3NtB~~;0BAwBgB;;yBAYC,yCAAyC,iBAAc,QAAA;;;;;;;;sBAiGrE;gBACN;;;;;;;;;;;;gBAcH,iBAAc;;;;kCAiCkB,eAAY~~;;;;;;;;;;;;;;;;;;;;qBAsC~~/B"}
1	+ {"version":3,"file":"X509Certificate.d.mts","names":[],"sources":["../../../src/modules/x509/X509Certificate.ts"],"sourcesContent":[],"mappings":";;;;;;;;aA+BY,YAAA;;;;EAAA,gBAAY,GAAA,CAAA;EAYZ,YAAA,GAAA,EAAA;EAUA,WAAA,GAAA,EAAA;EAAsB,OAAA,GAAA,EAAA;cACrB,GAAA,GAAA;cACE,GAAA,GAAA;;AACwB,aAb3B,oBAAA;EAgBC,UAAA,GAAA,mBAAe;EAAA,UAAA,GAAA,mBAAA;aACR,GAAA,mBAAA;iBACE,GAAA,mBAAA;cAqB6B,GAAA,mBAAA;aAAgB,GAAA,mBAAA;OAKC,GAAA,iBAAA;;AAsBzC,KAxDf,sBAAA,GAwDe;aAvDd;eACE;iBA6GM,EA5GF,IAAA,CAAK,eA4GH;;AAoCiB,cA7IzB,eAAA,CA6IyB;WAAyC,EA5I3D,SA4I2D;YAAc,CAAA,EA3IvE,aA2IuE;UAAA,eAAA;UA6FvF,WAAA,CAAA;MACA,KAAA,CAAA,KAAA,EAAA,MAAA;MACA,KAAA,CAAA,CAAA,EAAA,MAAA;MAEkB,QAAA,CAAA,CAAA,EAAA,OAAA;SACN,kBAAA,CAAA,cAAA,EAxNiC,aAwNjC,CAAA,EAxNiD,eAwNjD;SAcH,sBAAA,CAAA,kBAAA,EAAA,MAAA,CAAA,EAjOqD,eAiOrD;iBAAc,gBAAA;UAiCkB,qBAAA;MAAY,cAAA,CAAA,CAAA,EA5OhC,UA4OgC,CA5OhC,WA4OgC,CAAA;;;IAkC/B,KAAA,EAAA,MAAA;EAAe,CAAA,EAAA;;;;;;;;;;;kBAvNtB;0BAwBgB;;yBAYC,yCAAyC,iBAAc,QAAA;;;;;;;;sBAiGrE;gBACN;;;;;;;;;;;;gBAcH,iBAAc;;;;kCAiCkB,eAAY;;;;;;;;;;;;;;;;;;;qBAkC/B"}

package/build/modules/x509/X509Certificate.d.ts CHANGED Viewed

@@ -1,7 +1,8 @@
+import { AnyUint8Array } from "../../types.js";
 import { CredoWebCrypto } from "../../crypto/webcrypto/CredoWebCrypto.js";
 import { X509CreateCertificateOptions } from "./X509ServiceOptions.js";
-import { AgentContext } from "../../agent/context/AgentContext.js";
 import { PublicJwk } from "../kms/jwk/PublicJwk.js";
+import { AgentContext } from "../../agent/context/AgentContext.js";
 import * as x509 from "@peculiar/x509";
 //#region src/modules/x509/X509Certificate.d.ts
@@ -27,18 +28,18 @@ declare enum X509ExtendedKeyUsage {
 }
 type X509CertificateOptions = {
   publicJwk: PublicJwk;
-  privateKey?: Uint8Array;
+  privateKey?: AnyUint8Array;
   x509Certificate: x509.X509Certificate;
 };
 declare class X509Certificate {
   publicJwk: PublicJwk;
-  privateKey?: Uint8Array;
+  privateKey?: AnyUint8Array;
   private x509Certificate;
   private constructor();
   set keyId(keyId: string);
   get keyId(): string;
   get hasKeyId(): boolean;
-  static fromRawCertificate(rawCertificate: Uint8Array): X509Certificate;
+  static fromRawCertificate(rawCertificate: AnyUint8Array): X509Certificate;
   static fromEncodedCertificate(encodedCertificate: string): X509Certificate;
   private static parseCertificate;
   private getMatchingExtensions;
@@ -104,7 +105,6 @@ declare class X509Certificate {
    * @param format the format to export to, defaults to `pem`
    */
   toString(format?: 'asn' | 'pem' | 'hex' | 'base64' | 'text' | 'base64url'): string;
-  private toJSON;
   equal(certificate: X509Certificate): boolean;
 }
 //#endregion

package/build/modules/x509/X509Certificate.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"X509Certificate.d.ts","names":[],"sources":["../../../src/modules/x509/X509Certificate.ts"],"sourcesContent":[],"mappings":"~~;;;;;;;aAgCY~~,YAAA;;EAAA,cAAA,GAAY,CAAA;EAYZ,eAAA,GAAA,CAAA;EAUA,gBAAA,GAAA,CAAA;EAAsB,YAAA,GAAA,EAAA;aACrB,GAAA,EAAA;SACE,GAAA,EAAA;cACS,GAAA,GAAA;EAAe,YAAA,GAAA,GAAA;AAGvC;AAA4B,aAhBhB,oBAAA;YAiBQ,GAAA,mBAAA;YACE,GAAA,mBAAA;aAqB6B,GAAA,mBAAA;~~iBAAa~~,GAAA,mBAAA;~~cAKI~~,GAAA,mBAAA;aAsBzC,GAAA,mBAAA;OAAA,GAAA,iBAAA;;KAxDf,sBAAA;WA+GS,EA9GR,SA8GQ;YAwBgB,CAAA,EArItB,~~UAqIsB~~;iBAYC,EAhJnB,IAAA,CAAK,eAgJc;;AAAuD,cA7IhF,eAAA,CA6IgF;WAAA,EA5IzE,SA4IyE;YA6FvF,CAAA,EAxOgB,~~UAwOhB~~;UACA,eAAA;UACA,WAAA,CAAA;MAEkB,KAAA,CAAA,KAAA,EAAA,MAAA;MACN,KAAA,CAAA,CAAA,EAAA,MAAA;MAcH,QAAA,CAAA,CAAA,EAAA,OAAA;SAAc,kBAAA,CAAA,cAAA,EAtOsB,~~UAsOtB~~,CAAA,~~EAtOmC~~,~~eAsOnC~~;SAiCkB,sBAAA,CAAA,kBAAA,EAAA,MAAA,CAAA,EAlQqB,eAkQrB;iBAAY,gBAAA;;wBA5OhC,WAAA;~~MAkRC~~,uBAAA,CAAA,CAAA,EAAA;IAAe,IAAA,sBAAA;;;;;;;;;;;;;~~kBA3NtB~~;0BAwBgB;;yBAYC,yCAAyC,iBAAc,QAAA;;;;;;;;sBAiGrE;gBACN;;;;;;;;;;;;gBAcH,iBAAc;;;;kCAiCkB,eAAY~~;;;;;;;;;;;;;;;;;;;;qBAsC~~/B"}
1	+ {"version":3,"file":"X509Certificate.d.ts","names":[],"sources":["../../../src/modules/x509/X509Certificate.ts"],"sourcesContent":[],"mappings":";;;;;;;;aA+BY,YAAA;;EAAA,cAAA,GAAY,CAAA;EAYZ,eAAA,GAAA,CAAA;EAUA,gBAAA,GAAA,CAAA;EAAsB,YAAA,GAAA,EAAA;aACrB,GAAA,EAAA;SACE,GAAA,EAAA;cACS,GAAA,GAAA;EAAe,YAAA,GAAA,GAAA;AAGvC;AAA4B,aAhBhB,oBAAA;YAiBQ,GAAA,mBAAA;YACE,GAAA,mBAAA;aAqB6B,GAAA,mBAAA;iBAAgB,GAAA,mBAAA;cAKC,GAAA,mBAAA;aAsBzC,GAAA,mBAAA;OAAA,GAAA,iBAAA;;KAxDf,sBAAA;WA+GS,EA9GR,SA8GQ;YAwBgB,CAAA,EArItB,aAqIsB;iBAYC,EAhJnB,IAAA,CAAK,eAgJc;;AAAuD,cA7IhF,eAAA,CA6IgF;WAAA,EA5IzE,SA4IyE;YA6FvF,CAAA,EAxOgB,aAwOhB;UACA,eAAA;UACA,WAAA,CAAA;MAEkB,KAAA,CAAA,KAAA,EAAA,MAAA;MACN,KAAA,CAAA,CAAA,EAAA,MAAA;MAcH,QAAA,CAAA,CAAA,EAAA,OAAA;SAAc,kBAAA,CAAA,cAAA,EAtOsB,aAsOtB,CAAA,EAtOsC,eAsOtC;SAiCkB,sBAAA,CAAA,kBAAA,EAAA,MAAA,CAAA,EAlQqB,eAkQrB;iBAAY,gBAAA;;wBA5OhC,WAAA;MA8QC,uBAAA,CAAA,CAAA,EAAA;IAAe,IAAA,sBAAA;;;;;;;;;;;;;kBAvNtB;0BAwBgB;;yBAYC,yCAAyC,iBAAc,QAAA;;;;;;;;sBAiGrE;gBACN;;;;;;;;;;;;gBAcH,iBAAc;;;;kCAiCkB,eAAY;;;;;;;;;;;;;;;;;;;qBAkC/B"}

package/build/modules/x509/X509Certificate.js CHANGED Viewed

@@ -1,7 +1,6 @@
 const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.js');
-const require_X509Error = require('./X509Error.js');
 const require_TypedArrayEncoder = require('../../utils/TypedArrayEncoder.js');
 require('../../utils/index.js');
 const require_equals = require('../kms/jwk/equals.js');
@@ -11,15 +10,16 @@ const require_keyAlgorithmConversion = require('../../crypto/webcrypto/utils/key
 require('../../crypto/webcrypto/utils/index.js');
 const require_CredoWebCrypto = require('../../crypto/webcrypto/CredoWebCrypto.js');
 require('../../crypto/webcrypto/index.js');
-const require_nameConversion = require('./utils/nameConversion.js');
 const require_extensions = require('./utils/extensions.js');
+const require_X509Error = require('./X509Error.js');
+const require_nameConversion = require('./utils/nameConversion.js');
 require('./utils/index.js');
-let __peculiar_x509 = require("@peculiar/x509");
-__peculiar_x509 = require_rolldown_runtime.__toESM(__peculiar_x509);
 let __peculiar_asn1_schema = require("@peculiar/asn1-schema");
 __peculiar_asn1_schema = require_rolldown_runtime.__toESM(__peculiar_asn1_schema);
 let __peculiar_asn1_x509 = require("@peculiar/asn1-x509");
 __peculiar_asn1_x509 = require_rolldown_runtime.__toESM(__peculiar_asn1_x509);
+let __peculiar_x509 = require("@peculiar/x509");
+__peculiar_x509 = require_rolldown_runtime.__toESM(__peculiar_x509);
 //#region src/modules/x509/X509Certificate.ts
 let X509KeyUsage = /* @__PURE__ */ function(X509KeyUsage$1) {
@@ -229,9 +229,6 @@ var X509Certificate = class X509Certificate {
 	toString(format) {
 		return this.x509Certificate.toString(format ?? "pem");
 	}
-	toJSON() {
-		return this.toString();
-	}
 	equal(certificate) {
 		const parsedOther = new __peculiar_x509.X509Certificate(certificate.rawCertificate);
 		return this.x509Certificate.equal(parsedOther);

package/build/modules/x509/X509Certificate.mjs CHANGED Viewed

@@ -1,6 +1,5 @@
-import { X509Error } from "./X509Error.mjs";
 import { TypedArrayEncoder } from "../../utils/TypedArrayEncoder.mjs";
 import "../../utils/index.mjs";
 import { assymetricPublicJwkMatches } from "../kms/jwk/equals.mjs";
@@ -10,12 +9,13 @@ import { publicJwkToCryptoKeyAlgorithm, spkiToPublicJwk } from "../../crypto/web
 import "../../crypto/webcrypto/utils/index.mjs";
 import { CredoWebCrypto } from "../../crypto/webcrypto/CredoWebCrypto.mjs";
 import "../../crypto/webcrypto/index.mjs";
-import { convertName } from "./utils/nameConversion.mjs";
 import { createAuthorityKeyIdentifierExtension, createBasicConstraintsExtension, createCrlDistributionPointsExtension, createExtendedKeyUsagesExtension, createIssuerAlternativeNameExtension, createKeyUsagesExtension, createSubjectAlternativeNameExtension, createSubjectKeyIdentifierExtension } from "./utils/extensions.mjs";
+import { X509Error } from "./X509Error.mjs";
+import { convertName } from "./utils/nameConversion.mjs";
 import "./utils/index.mjs";
-import * as x509 from "@peculiar/x509";
 import { AsnParser } from "@peculiar/asn1-schema";
 import { SubjectPublicKeyInfo, id_ce_authorityKeyIdentifier, id_ce_extKeyUsage, id_ce_issuerAltName, id_ce_keyUsage, id_ce_subjectAltName, id_ce_subjectKeyIdentifier } from "@peculiar/asn1-x509";
+import * as x509 from "@peculiar/x509";
 //#region src/modules/x509/X509Certificate.ts
 let X509KeyUsage = /* @__PURE__ */ function(X509KeyUsage$1) {
@@ -225,9 +225,6 @@ var X509Certificate = class X509Certificate {
 	toString(format) {
 		return this.x509Certificate.toString(format ?? "pem");
 	}
-	toJSON() {
-		return this.toString();
-	}
 	equal(certificate) {
 		const parsedOther = new x509.X509Certificate(certificate.rawCertificate);
 		return this.x509Certificate.equal(parsedOther);

package/build/modules/x509/X509Certificate.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"X509Certificate.mjs","names":["extensions: Array<x509.Extension \| undefined>","certificate","certificateInstance","publicCryptoKey: CredoWebCryptoKey \| undefined"],"sources":["../../../src/modules/x509/X509Certificate.ts"],"sourcesContent":["import type { AgentContext } from '../../agent'\nimport type { X509CreateCertificateOptions } from './X509ServiceOptions'\n\nimport { AsnParser } from '@peculiar/asn1-schema'\nimport {\n SubjectPublicKeyInfo,\n id_ce_authorityKeyIdentifier,\n id_ce_extKeyUsage,\n id_ce_issuerAltName,\n id_ce_keyUsage,\n id_ce_subjectAltName,\n id_ce_subjectKeyIdentifier,\n} from '@peculiar/asn1-x509'\nimport * as x509 from '@peculiar/x509'\nimport { CredoWebCrypto, CredoWebCryptoKey } from '../../crypto/webcrypto'\nimport { publicJwkToCryptoKeyAlgorithm, spkiToPublicJwk } from '../../crypto/webcrypto/utils'\nimport { TypedArrayEncoder } from '../../utils'\n\nimport { PublicJwk, assymetricPublicJwkMatches } from '../kms'\nimport { X509Error } from './X509Error'\nimport {\n convertName,\n createAuthorityKeyIdentifierExtension,\n createBasicConstraintsExtension,\n createCrlDistributionPointsExtension,\n createExtendedKeyUsagesExtension,\n createIssuerAlternativeNameExtension,\n createKeyUsagesExtension,\n createSubjectAlternativeNameExtension,\n createSubjectKeyIdentifierExtension,\n} from './utils'\n\nexport enum X509KeyUsage {\n DigitalSignature = 1,\n NonRepudiation = 2,\n KeyEncipherment = 4,\n DataEncipherment = 8,\n KeyAgreement = 16,\n KeyCertSign = 32,\n CrlSign = 64,\n EncipherOnly = 128,\n DecipherOnly = 256,\n}\n\nexport enum X509ExtendedKeyUsage {\n ServerAuth = '1.3.6.1.5.5.7.3.1',\n ClientAuth = '1.3.6.1.5.5.7.3.2',\n CodeSigning = '1.3.6.1.5.5.7.3.3',\n EmailProtection = '1.3.6.1.5.5.7.3.4',\n TimeStamping = '1.3.6.1.5.5.7.3.8',\n OcspSigning = '1.3.6.1.5.5.7.3.9',\n MdlDs = '1.0.18013.5.1.2',\n}\n\nexport type X509CertificateOptions = {\n publicJwk: PublicJwk\n privateKey?: Uint8Array\n x509Certificate: x509.X509Certificate\n}\n\nexport class X509Certificate {\n public publicJwk: PublicJwk\n public privateKey?: Uint8Array\n private x509Certificate: x509.X509Certificate\n\n private constructor(options: X509CertificateOptions) {\n this.publicJwk = options.publicJwk\n this.privateKey = options.privateKey\n this.x509Certificate = options.x509Certificate\n }\n\n public set keyId(keyId: string) {\n this.publicJwk.keyId = keyId\n }\n\n public get keyId(): string {\n return this.publicJwk.keyId\n }\n\n public get hasKeyId(): boolean {\n return this.publicJwk.hasKeyId\n }\n\n public static fromRawCertificate(rawCertificate: Uint8Array): X509Certificate {\n const certificate = new x509.X509Certificate(rawCertificate)\n return X509Certificate.parseCertificate(certificate)\n }\n\n public static fromEncodedCertificate(encodedCertificate: string): X509Certificate {\n const certificate = new x509.X509Certificate(encodedCertificate)\n return X509Certificate.parseCertificate(certificate)\n }\n\n private static parseCertificate(certificate: x509.X509Certificate): X509Certificate {\n const spki = AsnParser.parse(certificate.publicKey.rawData, SubjectPublicKeyInfo)\n const privateKey = certificate.privateKey ? new Uint8Array(certificate.privateKey.rawData) : undefined\n\n const publicJwk = spkiToPublicJwk(spki)\n\n return new X509Certificate({\n publicJwk,\n privateKey,\n x509Certificate: certificate,\n })\n }\n\n private getMatchingExtensions<T = { critical: boolean }>(objectIdentifier: string): Array<T> \| undefined {\n return this.x509Certificate.extensions.filter((e) => e.type === objectIdentifier) as Array<T> \| undefined\n }\n\n public get rawCertificate() {\n return new Uint8Array(this.x509Certificate.rawData)\n }\n\n public get subjectAlternativeNames() {\n const san = this.getMatchingExtensions<x509.SubjectAlternativeNameExtension>(id_ce_subjectAltName)\n return san?.flatMap((s) => s.names.items).map((i) => ({ type: i.type, value: i.value })) ?? []\n }\n\n public get issuerAlternativeNames() {\n const ian = this.getMatchingExtensions<x509.IssuerAlternativeNameExtension>(id_ce_issuerAltName)\n return ian?.flatMap((i) => i.names.items).map((i) => ({ type: i.type, value: i.value })) ?? []\n }\n\n public get sanDnsNames() {\n return this.subjectAlternativeNames.filter((san) => san.type === 'dns').map((san) => san.value)\n }\n\n public get sanUriNames() {\n return this.subjectAlternativeNames.filter((ian) => ian.type === 'url').map((ian) => ian.value)\n }\n\n public get ianDnsNames() {\n return this.issuerAlternativeNames.filter((san) => san.type === 'dns').map((san) => san.value)\n }\n\n public get ianUriNames() {\n return this.issuerAlternativeNames.filter((ian) => ian.type === 'url').map((ian) => ian.value)\n }\n\n public get authorityKeyIdentifier() {\n const keyIds = this.getMatchingExtensions<x509.AuthorityKeyIdentifierExtension>(id_ce_authorityKeyIdentifier)?.map(\n (e) => e.keyId\n )\n\n if (keyIds && keyIds.length > 1) {\n throw new X509Error('Multiple Authority Key Identifiers are not allowed')\n }\n\n return keyIds?.[0]\n }\n\n public get subjectKeyIdentifier() {\n const keyIds = this.getMatchingExtensions<x509.SubjectKeyIdentifierExtension>(id_ce_subjectKeyIdentifier)?.map(\n (e) => e.keyId\n )\n\n if (keyIds && keyIds.length > 1) {\n throw new X509Error('Multiple Subject Key Identifiers are not allowed')\n }\n\n return keyIds?.[0]\n }\n\n // biome-ignore lint/suspicious/useGetterReturn: <explanation>\n public get keyUsage() {\n const keyUsages = this.getMatchingExtensions<x509.KeyUsagesExtension>(id_ce_keyUsage)?.map((e) => e.usages)\n\n if (keyUsages && keyUsages.length > 1) {\n throw new X509Error('Multiple Key Usages are not allowed')\n }\n\n if (keyUsages) {\n return Object.values(X509KeyUsage)\n .filter((key): key is number => typeof key === 'number')\n .filter((flagValue) => (keyUsages[0] & flagValue) === flagValue)\n .map((flagValue) => flagValue as X509KeyUsage)\n }\n }\n\n public get extendedKeyUsage() {\n const extendedKeyUsages = this.getMatchingExtensions<x509.ExtendedKeyUsageExtension>(id_ce_extKeyUsage)?.map(\n (e) => e.usages\n )\n\n if (extendedKeyUsages && extendedKeyUsages.length > 1) {\n throw new X509Error('Multiple Key Usages are not allowed')\n }\n\n return extendedKeyUsages?.[0] as X509ExtendedKeyUsage \| undefined\n }\n\n public isExtensionCritical(id: string): boolean {\n const extension = this.getMatchingExtensions(id)\n if (!extension) {\n throw new X509Error(`extension with id '${id}' is not found`)\n }\n\n return !!extension[0].critical\n }\n\n public static async create(options: X509CreateCertificateOptions, webCrypto: CredoWebCrypto) {\n const subjectPublicKey = options.subjectPublicKey ?? options.authorityKey\n const isSelfSignedCertificate = assymetricPublicJwkMatches(options.authorityKey.toJson(), subjectPublicKey.toJson())\n\n const signingKey = new CredoWebCryptoKey(\n options.authorityKey,\n publicJwkToCryptoKeyAlgorithm(options.authorityKey),\n false,\n 'private',\n ['sign']\n )\n const publicKey = new CredoWebCryptoKey(\n subjectPublicKey,\n publicJwkToCryptoKeyAlgorithm(options.authorityKey),\n true,\n 'public',\n ['verify']\n )\n\n const issuerName = convertName(options.issuer)\n\n const extensions: Array<x509.Extension \| undefined> = []\n extensions.push(\n createSubjectKeyIdentifierExtension(options.extensions?.subjectKeyIdentifier, { publicJwk: subjectPublicKey })\n )\n extensions.push(createKeyUsagesExtension(options.extensions?.keyUsage))\n extensions.push(createExtendedKeyUsagesExtension(options.extensions?.extendedKeyUsage))\n extensions.push(\n createAuthorityKeyIdentifierExtension(options.extensions?.authorityKeyIdentifier, {\n publicJwk: options.authorityKey,\n })\n )\n extensions.push(createIssuerAlternativeNameExtension(options.extensions?.issuerAlternativeName))\n extensions.push(createSubjectAlternativeNameExtension(options.extensions?.subjectAlternativeName))\n extensions.push(createBasicConstraintsExtension(options.extensions?.basicConstraints))\n extensions.push(createCrlDistributionPointsExtension(options.extensions?.crlDistributionPoints))\n\n if (isSelfSignedCertificate) {\n if (options.subject) {\n throw new X509Error('Do not provide a subject name when the certificate is supposed to be self signed')\n }\n\n const certificate = await x509.X509CertificateGenerator.createSelfSigned(\n {\n keys: { publicKey, privateKey: signingKey },\n name: issuerName,\n notBefore: options.validity?.notBefore,\n notAfter: options.validity?.notAfter,\n extensions: extensions.filter((e) => e !== undefined),\n serialNumber: options.serialNumber,\n },\n webCrypto\n )\n\n const certificateInstance = X509Certificate.parseCertificate(certificate)\n if (subjectPublicKey.hasKeyId) certificateInstance.publicJwk.keyId = subjectPublicKey.keyId\n return certificateInstance\n }\n\n if (!options.subject) {\n throw new X509Error('Provide a subject name when the certificate is not supposed to be self signed')\n }\n\n const subjectName = convertName(options.subject)\n\n const certificate = await x509.X509CertificateGenerator.create(\n {\n signingKey,\n publicKey,\n issuer: issuerName,\n subject: subjectName,\n notBefore: options.validity?.notBefore,\n notAfter: options.validity?.notAfter,\n extensions: extensions.filter((e) => e !== undefined),\n },\n webCrypto\n )\n\n const certificateInstance = X509Certificate.parseCertificate(certificate)\n if (subjectPublicKey.hasKeyId) certificateInstance.publicJwk.keyId = subjectPublicKey.keyId\n return certificateInstance\n }\n\n public get subject() {\n return this.x509Certificate.subject\n }\n\n public get issuer() {\n return this.x509Certificate.issuer\n }\n\n public async verify(\n {\n verificationDate = new Date(),\n publicJwk,\n skipSignatureVerification = false,\n }: {\n verificationDate: Date\n publicJwk?: PublicJwk\n\n /*\n Whether to skip the verification of the signature and only perform other checks (such\n * as whether the certificate is not expired).\n \n This can be useful when an non-self-signed certificate is directly trusted, and it may\n * not be possible to verify the certifcate as the root/intermediate certificate containing\n * the key of the signer/intermediate is not present.\n \n @default false\n /\n skipSignatureVerification?: boolean\n },\n webCrypto: CredoWebCrypto\n ) {\n let publicCryptoKey: CredoWebCryptoKey \| undefined\n if (publicJwk) {\n const cryptoKeyAlgorithm = publicJwkToCryptoKeyAlgorithm(publicJwk)\n publicCryptoKey = new CredoWebCryptoKey(publicJwk, cryptoKeyAlgorithm, true, 'public', ['verify'])\n }\n\n // We use the library to validate the signature, but the date is manually verified\n const isSignatureValid = skipSignatureVerification\n ? true\n : await this.x509Certificate.verify({ signatureOnly: true, publicKey: publicCryptoKey }, webCrypto)\n const time = verificationDate.getTime()\n\n const isNotBeforeValid = this.x509Certificate.notBefore.getTime() <= time\n const isNotAfterValid = time <= this.x509Certificate.notAfter.getTime()\n\n if (!isSignatureValid) {\n throw new X509Error(`Certificate: '${this.x509Certificate.subject}' has an invalid signature`)\n }\n\n if (!isNotBeforeValid) {\n throw new X509Error(`Certificate: '${this.x509Certificate.subject}' used before it is allowed`)\n }\n\n if (!isNotAfterValid) {\n throw new X509Error(`Certificate: '${this.x509Certificate.subject}' used after it is allowed`)\n }\n }\n\n /\n Get the thumprint of the X509 certificate in hex format.\n /\n public async getThumprintInHex(agentContext: AgentContext) {\n const thumbprint = await this.x509Certificate.getThumbprint(new CredoWebCrypto(agentContext))\n const thumbprintHex = TypedArrayEncoder.toHex(new Uint8Array(thumbprint))\n\n return thumbprintHex\n }\n\n /\n Get the data elements of the x509 certificate\n /\n public get data() {\n return {\n issuerName: this.x509Certificate.issuerName.toString(),\n issuer: this.x509Certificate.issuer,\n subjectName: this.x509Certificate.subjectName.toString(),\n subject: this.x509Certificate.subject,\n serialNumber: this.x509Certificate.serialNumber,\n pem: this.x509Certificate.toString(),\n notBefore: this.x509Certificate.notBefore,\n notAfter: this.x509Certificate.notAfter,\n }\n }\n\n public getIssuerNameField(field: string) {\n return this.x509Certificate.issuerName.getField(field)\n }\n\n /\n @param format the format to export to, defaults to `pem`\n */\n public toString(format?: 'asn' \| 'pem' \| 'hex' \| 'base64' \| 'text' \| 'base64url') {\n return this.x509Certificate.toString(format ?? 'pem')\n }\n\n private toJSON() {\n return this.toString()\n }\n\n public equal(certificate: X509Certificate) {\n const parsedOther = new x509.X509Certificate(certificate.rawCertificate)\n\n return this.x509Certificate.equal(parsedOther)\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAgCA,IAAY,wDAAL;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AAGF,IAAY,wEAAL;AACL;AACA;AACA;AACA;AACA;AACA;AACA;;;AASF,IAAa,kBAAb,MAAa,gBAAgB;CAK3B,AAAQ,YAAY,SAAiC;AACnD,OAAK,YAAY,QAAQ;AACzB,OAAK,aAAa,QAAQ;AAC1B,OAAK,kBAAkB,QAAQ;;CAGjC,IAAW,MAAM,OAAe;AAC9B,OAAK,UAAU,QAAQ;;CAGzB,IAAW,QAAgB;AACzB,SAAO,KAAK,UAAU;;CAGxB,IAAW,WAAoB;AAC7B,SAAO,KAAK,UAAU;;CAGxB,OAAc,mBAAmB,gBAA6C;EAC5E,MAAM,cAAc,IAAI,KAAK,gBAAgB,eAAe;AAC5D,SAAO,gBAAgB,iBAAiB,YAAY;;CAGtD,OAAc,uBAAuB,oBAA6C;EAChF,MAAM,cAAc,IAAI,KAAK,gBAAgB,mBAAmB;AAChE,SAAO,gBAAgB,iBAAiB,YAAY;;CAGtD,OAAe,iBAAiB,aAAoD;EAClF,MAAM,OAAO,UAAU,MAAM,YAAY,UAAU,SAAS,qBAAqB;EACjF,MAAM,aAAa,YAAY,aAAa,IAAI,WAAW,YAAY,WAAW,QAAQ,GAAG;AAI7F,SAAO,IAAI,gBAAgB;GACzB,WAHgB,gBAAgB,KAAK;GAIrC;GACA,iBAAiB;GAClB,CAAC;;CAGJ,AAAQ,sBAAiD,kBAAgD;AACvG,SAAO,KAAK,gBAAgB,WAAW,QAAQ,MAAM,EAAE,SAAS,iBAAiB;;CAGnF,IAAW,iBAAiB;AAC1B,SAAO,IAAI,WAAW,KAAK,gBAAgB,QAAQ;;CAGrD,IAAW,0BAA0B;AAEnC,SADY,KAAK,sBAA4D,qBAAqB,EACtF,SAAS,MAAM,EAAE,MAAM,MAAM,CAAC,KAAK,OAAO;GAAE,MAAM,EAAE;GAAM,OAAO,EAAE;GAAO,EAAE,IAAI,EAAE;;CAGhG,IAAW,yBAAyB;AAElC,SADY,KAAK,sBAA2D,oBAAoB,EACpF,SAAS,MAAM,EAAE,MAAM,MAAM,CAAC,KAAK,OAAO;GAAE,MAAM,EAAE;GAAM,OAAO,EAAE;GAAO,EAAE,IAAI,EAAE;;CAGhG,IAAW,cAAc;AACvB,SAAO,KAAK,wBAAwB,QAAQ,QAAQ,IAAI,SAAS,MAAM,CAAC,KAAK,QAAQ,IAAI,MAAM;;CAGjG,IAAW,cAAc;AACvB,SAAO,KAAK,wBAAwB,QAAQ,QAAQ,IAAI,SAAS,MAAM,CAAC,KAAK,QAAQ,IAAI,MAAM;;CAGjG,IAAW,cAAc;AACvB,SAAO,KAAK,uBAAuB,QAAQ,QAAQ,IAAI,SAAS,MAAM,CAAC,KAAK,QAAQ,IAAI,MAAM;;CAGhG,IAAW,cAAc;AACvB,SAAO,KAAK,uBAAuB,QAAQ,QAAQ,IAAI,SAAS,MAAM,CAAC,KAAK,QAAQ,IAAI,MAAM;;CAGhG,IAAW,yBAAyB;EAClC,MAAM,SAAS,KAAK,sBAA4D,6BAA6B,EAAE,KAC5G,MAAM,EAAE,MACV;AAED,MAAI,UAAU,OAAO,SAAS,EAC5B,OAAM,IAAI,UAAU,qDAAqD;AAG3E,SAAO,SAAS;;CAGlB,IAAW,uBAAuB;EAChC,MAAM,SAAS,KAAK,sBAA0D,2BAA2B,EAAE,KACxG,MAAM,EAAE,MACV;AAED,MAAI,UAAU,OAAO,SAAS,EAC5B,OAAM,IAAI,UAAU,mDAAmD;AAGzE,SAAO,SAAS;;CAIlB,IAAW,WAAW;EACpB,MAAM,YAAY,KAAK,sBAA+C,eAAe,EAAE,KAAK,MAAM,EAAE,OAAO;AAE3G,MAAI,aAAa,UAAU,SAAS,EAClC,OAAM,IAAI,UAAU,sCAAsC;AAG5D,MAAI,UACF,QAAO,OAAO,OAAO,aAAa,CAC/B,QAAQ,QAAuB,OAAO,QAAQ,SAAS,CACvD,QAAQ,eAAe,UAAU,KAAK,eAAe,UAAU,CAC/D,KAAK,cAAc,UAA0B;;CAIpD,IAAW,mBAAmB;EAC5B,MAAM,oBAAoB,KAAK,sBAAsD,kBAAkB,EAAE,KACtG,MAAM,EAAE,OACV;AAED,MAAI,qBAAqB,kBAAkB,SAAS,EAClD,OAAM,IAAI,UAAU,sCAAsC;AAG5D,SAAO,oBAAoB;;CAG7B,AAAO,oBAAoB,IAAqB;EAC9C,MAAM,YAAY,KAAK,sBAAsB,GAAG;AAChD,MAAI,CAAC,UACH,OAAM,IAAI,UAAU,sBAAsB,GAAG,gBAAgB;AAG/D,SAAO,CAAC,CAAC,UAAU,GAAG;;CAGxB,aAAoB,OAAO,SAAuC,WAA2B;EAC3F,MAAM,mBAAmB,QAAQ,oBAAoB,QAAQ;EAC7D,MAAM,0BAA0B,2BAA2B,QAAQ,aAAa,QAAQ,EAAE,iBAAiB,QAAQ,CAAC;EAEpH,MAAM,aAAa,IAAI,kBACrB,QAAQ,cACR,8BAA8B,QAAQ,aAAa,EACnD,OACA,WACA,CAAC,OAAO,CACT;EACD,MAAM,YAAY,IAAI,kBACpB,kBACA,8BAA8B,QAAQ,aAAa,EACnD,MACA,UACA,CAAC,SAAS,CACX;EAED,MAAM,aAAa,YAAY,QAAQ,OAAO;EAE9C,MAAMA,aAAgD,EAAE;AACxD,aAAW,KACT,oCAAoC,QAAQ,YAAY,sBAAsB,EAAE,WAAW,kBAAkB,CAAC,CAC/G;AACD,aAAW,KAAK,yBAAyB,QAAQ,YAAY,SAAS,CAAC;AACvE,aAAW,KAAK,iCAAiC,QAAQ,YAAY,iBAAiB,CAAC;AACvF,aAAW,KACT,sCAAsC,QAAQ,YAAY,wBAAwB,EAChF,WAAW,QAAQ,cACpB,CAAC,CACH;AACD,aAAW,KAAK,qCAAqC,QAAQ,YAAY,sBAAsB,CAAC;AAChG,aAAW,KAAK,sCAAsC,QAAQ,YAAY,uBAAuB,CAAC;AAClG,aAAW,KAAK,gCAAgC,QAAQ,YAAY,iBAAiB,CAAC;AACtF,aAAW,KAAK,qCAAqC,QAAQ,YAAY,sBAAsB,CAAC;AAEhG,MAAI,yBAAyB;AAC3B,OAAI,QAAQ,QACV,OAAM,IAAI,UAAU,mFAAmF;GAGzG,MAAMC,gBAAc,MAAM,KAAK,yBAAyB,iBACtD;IACE,MAAM;KAAE;KAAW,YAAY;KAAY;IAC3C,MAAM;IACN,WAAW,QAAQ,UAAU;IAC7B,UAAU,QAAQ,UAAU;IAC5B,YAAY,WAAW,QAAQ,MAAM,MAAM,OAAU;IACrD,cAAc,QAAQ;IACvB,EACD,UACD;GAED,MAAMC,wBAAsB,gBAAgB,iBAAiBD,cAAY;AACzE,OAAI,iBAAiB,SAAU,uBAAoB,UAAU,QAAQ,iBAAiB;AACtF,UAAOC;;AAGT,MAAI,CAAC,QAAQ,QACX,OAAM,IAAI,UAAU,gFAAgF;EAGtG,MAAM,cAAc,YAAY,QAAQ,QAAQ;EAEhD,MAAM,cAAc,MAAM,KAAK,yBAAyB,OACtD;GACE;GACA;GACA,QAAQ;GACR,SAAS;GACT,WAAW,QAAQ,UAAU;GAC7B,UAAU,QAAQ,UAAU;GAC5B,YAAY,WAAW,QAAQ,MAAM,MAAM,OAAU;GACtD,EACD,UACD;EAED,MAAM,sBAAsB,gBAAgB,iBAAiB,YAAY;AACzE,MAAI,iBAAiB,SAAU,qBAAoB,UAAU,QAAQ,iBAAiB;AACtF,SAAO;;CAGT,IAAW,UAAU;AACnB,SAAO,KAAK,gBAAgB;;CAG9B,IAAW,SAAS;AAClB,SAAO,KAAK,gBAAgB;;CAG9B,MAAa,OACX,EACE,mCAAmB,IAAI,MAAM,EAC7B,WACA,4BAA4B,SAiB9B,WACA;EACA,IAAIC;AACJ,MAAI,UAEF,mBAAkB,IAAI,kBAAkB,WADb,8BAA8B,UAAU,EACI,MAAM,UAAU,CAAC,SAAS,CAAC;EAIpG,MAAM,mBAAmB,4BACrB,OACA,MAAM,KAAK,gBAAgB,OAAO;GAAE,eAAe;GAAM,WAAW;GAAiB,EAAE,UAAU;EACrG,MAAM,OAAO,iBAAiB,SAAS;EAEvC,MAAM,mBAAmB,KAAK,gBAAgB,UAAU,SAAS,IAAI;EACrE,MAAM,kBAAkB,QAAQ,KAAK,gBAAgB,SAAS,SAAS;AAEvE,MAAI,CAAC,iBACH,OAAM,IAAI,UAAU,iBAAiB,KAAK,gBAAgB,QAAQ,4BAA4B;AAGhG,MAAI,CAAC,iBACH,OAAM,IAAI,UAAU,iBAAiB,KAAK,gBAAgB,QAAQ,6BAA6B;AAGjG,MAAI,CAAC,gBACH,OAAM,IAAI,UAAU,iBAAiB,KAAK,gBAAgB,QAAQ,4BAA4B;;;;;CAOlG,MAAa,kBAAkB,cAA4B;EACzD,MAAM,aAAa,MAAM,KAAK,gBAAgB,cAAc,IAAI,eAAe,aAAa,CAAC;AAG7F,SAFsB,kBAAkB,MAAM,IAAI,WAAW,WAAW,CAAC;;;;;CAQ3E,IAAW,OAAO;AAChB,SAAO;GACL,YAAY,KAAK,gBAAgB,WAAW,UAAU;GACtD,QAAQ,KAAK,gBAAgB;GAC7B,aAAa,KAAK,gBAAgB,YAAY,UAAU;GACxD,SAAS,KAAK,gBAAgB;GAC9B,cAAc,KAAK,gBAAgB;GACnC,KAAK,KAAK,gBAAgB,UAAU;GACpC,WAAW,KAAK,gBAAgB;GAChC,UAAU,KAAK,gBAAgB;GAChC;;CAGH,AAAO,mBAAmB,OAAe;AACvC,SAAO,KAAK,gBAAgB,WAAW,SAAS,MAAM;;;;;CAMxD,AAAO,SAAS,QAAkE;AAChF,SAAO,KAAK,gBAAgB,SAAS,UAAU,MAAM;;CAGvD,AAAQ,SAAS;AACf,SAAO,KAAK,UAAU;;CAGxB,AAAO,MAAM,aAA8B;EACzC,MAAM,cAAc,IAAI,KAAK,gBAAgB,YAAY,eAAe;AAExE,SAAO,KAAK,gBAAgB,MAAM,YAAY"}
1	+ {"version":3,"file":"X509Certificate.mjs","names":["extensions: Array<x509.Extension \| undefined>","certificate","certificateInstance","publicCryptoKey: CredoWebCryptoKey \| undefined"],"sources":["../../../src/modules/x509/X509Certificate.ts"],"sourcesContent":["import { AsnParser } from '@peculiar/asn1-schema'\nimport {\n id_ce_authorityKeyIdentifier,\n id_ce_extKeyUsage,\n id_ce_issuerAltName,\n id_ce_keyUsage,\n id_ce_subjectAltName,\n id_ce_subjectKeyIdentifier,\n SubjectPublicKeyInfo,\n} from '@peculiar/asn1-x509'\nimport * as x509 from '@peculiar/x509'\nimport type { AgentContext } from '../../agent'\nimport { CredoWebCrypto, CredoWebCryptoKey } from '../../crypto/webcrypto'\nimport { publicJwkToCryptoKeyAlgorithm, spkiToPublicJwk } from '../../crypto/webcrypto/utils'\nimport type { AnyUint8Array } from '../../types'\nimport { TypedArrayEncoder } from '../../utils'\nimport { assymetricPublicJwkMatches, PublicJwk } from '../kms'\nimport {\n convertName,\n createAuthorityKeyIdentifierExtension,\n createBasicConstraintsExtension,\n createCrlDistributionPointsExtension,\n createExtendedKeyUsagesExtension,\n createIssuerAlternativeNameExtension,\n createKeyUsagesExtension,\n createSubjectAlternativeNameExtension,\n createSubjectKeyIdentifierExtension,\n} from './utils'\nimport { X509Error } from './X509Error'\nimport type { X509CreateCertificateOptions } from './X509ServiceOptions'\n\nexport enum X509KeyUsage {\n DigitalSignature = 1,\n NonRepudiation = 2,\n KeyEncipherment = 4,\n DataEncipherment = 8,\n KeyAgreement = 16,\n KeyCertSign = 32,\n CrlSign = 64,\n EncipherOnly = 128,\n DecipherOnly = 256,\n}\n\nexport enum X509ExtendedKeyUsage {\n ServerAuth = '1.3.6.1.5.5.7.3.1',\n ClientAuth = '1.3.6.1.5.5.7.3.2',\n CodeSigning = '1.3.6.1.5.5.7.3.3',\n EmailProtection = '1.3.6.1.5.5.7.3.4',\n TimeStamping = '1.3.6.1.5.5.7.3.8',\n OcspSigning = '1.3.6.1.5.5.7.3.9',\n MdlDs = '1.0.18013.5.1.2',\n}\n\nexport type X509CertificateOptions = {\n publicJwk: PublicJwk\n privateKey?: AnyUint8Array\n x509Certificate: x509.X509Certificate\n}\n\nexport class X509Certificate {\n public publicJwk: PublicJwk\n public privateKey?: AnyUint8Array\n private x509Certificate: x509.X509Certificate\n\n private constructor(options: X509CertificateOptions) {\n this.publicJwk = options.publicJwk\n this.privateKey = options.privateKey\n this.x509Certificate = options.x509Certificate\n }\n\n public set keyId(keyId: string) {\n this.publicJwk.keyId = keyId\n }\n\n public get keyId(): string {\n return this.publicJwk.keyId\n }\n\n public get hasKeyId(): boolean {\n return this.publicJwk.hasKeyId\n }\n\n public static fromRawCertificate(rawCertificate: AnyUint8Array): X509Certificate {\n const certificate = new x509.X509Certificate(rawCertificate)\n return X509Certificate.parseCertificate(certificate)\n }\n\n public static fromEncodedCertificate(encodedCertificate: string): X509Certificate {\n const certificate = new x509.X509Certificate(encodedCertificate)\n return X509Certificate.parseCertificate(certificate)\n }\n\n private static parseCertificate(certificate: x509.X509Certificate): X509Certificate {\n const spki = AsnParser.parse(certificate.publicKey.rawData, SubjectPublicKeyInfo)\n const privateKey = certificate.privateKey ? new Uint8Array(certificate.privateKey.rawData) : undefined\n\n const publicJwk = spkiToPublicJwk(spki)\n\n return new X509Certificate({\n publicJwk,\n privateKey,\n x509Certificate: certificate,\n })\n }\n\n private getMatchingExtensions<T = { critical: boolean }>(objectIdentifier: string): Array<T> \| undefined {\n return this.x509Certificate.extensions.filter((e) => e.type === objectIdentifier) as Array<T> \| undefined\n }\n\n public get rawCertificate() {\n return new Uint8Array(this.x509Certificate.rawData)\n }\n\n public get subjectAlternativeNames() {\n const san = this.getMatchingExtensions<x509.SubjectAlternativeNameExtension>(id_ce_subjectAltName)\n return san?.flatMap((s) => s.names.items).map((i) => ({ type: i.type, value: i.value })) ?? []\n }\n\n public get issuerAlternativeNames() {\n const ian = this.getMatchingExtensions<x509.IssuerAlternativeNameExtension>(id_ce_issuerAltName)\n return ian?.flatMap((i) => i.names.items).map((i) => ({ type: i.type, value: i.value })) ?? []\n }\n\n public get sanDnsNames() {\n return this.subjectAlternativeNames.filter((san) => san.type === 'dns').map((san) => san.value)\n }\n\n public get sanUriNames() {\n return this.subjectAlternativeNames.filter((ian) => ian.type === 'url').map((ian) => ian.value)\n }\n\n public get ianDnsNames() {\n return this.issuerAlternativeNames.filter((san) => san.type === 'dns').map((san) => san.value)\n }\n\n public get ianUriNames() {\n return this.issuerAlternativeNames.filter((ian) => ian.type === 'url').map((ian) => ian.value)\n }\n\n public get authorityKeyIdentifier() {\n const keyIds = this.getMatchingExtensions<x509.AuthorityKeyIdentifierExtension>(id_ce_authorityKeyIdentifier)?.map(\n (e) => e.keyId\n )\n\n if (keyIds && keyIds.length > 1) {\n throw new X509Error('Multiple Authority Key Identifiers are not allowed')\n }\n\n return keyIds?.[0]\n }\n\n public get subjectKeyIdentifier() {\n const keyIds = this.getMatchingExtensions<x509.SubjectKeyIdentifierExtension>(id_ce_subjectKeyIdentifier)?.map(\n (e) => e.keyId\n )\n\n if (keyIds && keyIds.length > 1) {\n throw new X509Error('Multiple Subject Key Identifiers are not allowed')\n }\n\n return keyIds?.[0]\n }\n\n // biome-ignore lint/suspicious/useGetterReturn: no explanation\n public get keyUsage() {\n const keyUsages = this.getMatchingExtensions<x509.KeyUsagesExtension>(id_ce_keyUsage)?.map((e) => e.usages)\n\n if (keyUsages && keyUsages.length > 1) {\n throw new X509Error('Multiple Key Usages are not allowed')\n }\n\n if (keyUsages) {\n return Object.values(X509KeyUsage)\n .filter((key): key is number => typeof key === 'number')\n .filter((flagValue) => (keyUsages[0] & flagValue) === flagValue)\n .map((flagValue) => flagValue as X509KeyUsage)\n }\n }\n\n public get extendedKeyUsage() {\n const extendedKeyUsages = this.getMatchingExtensions<x509.ExtendedKeyUsageExtension>(id_ce_extKeyUsage)?.map(\n (e) => e.usages\n )\n\n if (extendedKeyUsages && extendedKeyUsages.length > 1) {\n throw new X509Error('Multiple Key Usages are not allowed')\n }\n\n return extendedKeyUsages?.[0] as X509ExtendedKeyUsage \| undefined\n }\n\n public isExtensionCritical(id: string): boolean {\n const extension = this.getMatchingExtensions(id)\n if (!extension) {\n throw new X509Error(`extension with id '${id}' is not found`)\n }\n\n return !!extension[0].critical\n }\n\n public static async create(options: X509CreateCertificateOptions, webCrypto: CredoWebCrypto) {\n const subjectPublicKey = options.subjectPublicKey ?? options.authorityKey\n const isSelfSignedCertificate = assymetricPublicJwkMatches(options.authorityKey.toJson(), subjectPublicKey.toJson())\n\n const signingKey = new CredoWebCryptoKey(\n options.authorityKey,\n publicJwkToCryptoKeyAlgorithm(options.authorityKey),\n false,\n 'private',\n ['sign']\n )\n const publicKey = new CredoWebCryptoKey(\n subjectPublicKey,\n publicJwkToCryptoKeyAlgorithm(options.authorityKey),\n true,\n 'public',\n ['verify']\n )\n\n const issuerName = convertName(options.issuer)\n\n const extensions: Array<x509.Extension \| undefined> = []\n extensions.push(\n createSubjectKeyIdentifierExtension(options.extensions?.subjectKeyIdentifier, { publicJwk: subjectPublicKey })\n )\n extensions.push(createKeyUsagesExtension(options.extensions?.keyUsage))\n extensions.push(createExtendedKeyUsagesExtension(options.extensions?.extendedKeyUsage))\n extensions.push(\n createAuthorityKeyIdentifierExtension(options.extensions?.authorityKeyIdentifier, {\n publicJwk: options.authorityKey,\n })\n )\n extensions.push(createIssuerAlternativeNameExtension(options.extensions?.issuerAlternativeName))\n extensions.push(createSubjectAlternativeNameExtension(options.extensions?.subjectAlternativeName))\n extensions.push(createBasicConstraintsExtension(options.extensions?.basicConstraints))\n extensions.push(createCrlDistributionPointsExtension(options.extensions?.crlDistributionPoints))\n\n if (isSelfSignedCertificate) {\n if (options.subject) {\n throw new X509Error('Do not provide a subject name when the certificate is supposed to be self signed')\n }\n\n const certificate = await x509.X509CertificateGenerator.createSelfSigned(\n {\n keys: { publicKey, privateKey: signingKey },\n name: issuerName,\n notBefore: options.validity?.notBefore,\n notAfter: options.validity?.notAfter,\n extensions: extensions.filter((e) => e !== undefined),\n serialNumber: options.serialNumber,\n },\n webCrypto\n )\n\n const certificateInstance = X509Certificate.parseCertificate(certificate)\n if (subjectPublicKey.hasKeyId) certificateInstance.publicJwk.keyId = subjectPublicKey.keyId\n return certificateInstance\n }\n\n if (!options.subject) {\n throw new X509Error('Provide a subject name when the certificate is not supposed to be self signed')\n }\n\n const subjectName = convertName(options.subject)\n\n const certificate = await x509.X509CertificateGenerator.create(\n {\n signingKey,\n publicKey,\n issuer: issuerName,\n subject: subjectName,\n notBefore: options.validity?.notBefore,\n notAfter: options.validity?.notAfter,\n extensions: extensions.filter((e) => e !== undefined),\n },\n webCrypto\n )\n\n const certificateInstance = X509Certificate.parseCertificate(certificate)\n if (subjectPublicKey.hasKeyId) certificateInstance.publicJwk.keyId = subjectPublicKey.keyId\n return certificateInstance\n }\n\n public get subject() {\n return this.x509Certificate.subject\n }\n\n public get issuer() {\n return this.x509Certificate.issuer\n }\n\n public async verify(\n {\n verificationDate = new Date(),\n publicJwk,\n skipSignatureVerification = false,\n }: {\n verificationDate: Date\n publicJwk?: PublicJwk\n\n /*\n Whether to skip the verification of the signature and only perform other checks (such\n * as whether the certificate is not expired).\n \n This can be useful when an non-self-signed certificate is directly trusted, and it may\n * not be possible to verify the certifcate as the root/intermediate certificate containing\n * the key of the signer/intermediate is not present.\n \n @default false\n /\n skipSignatureVerification?: boolean\n },\n webCrypto: CredoWebCrypto\n ) {\n let publicCryptoKey: CredoWebCryptoKey \| undefined\n if (publicJwk) {\n const cryptoKeyAlgorithm = publicJwkToCryptoKeyAlgorithm(publicJwk)\n publicCryptoKey = new CredoWebCryptoKey(publicJwk, cryptoKeyAlgorithm, true, 'public', ['verify'])\n }\n\n // We use the library to validate the signature, but the date is manually verified\n const isSignatureValid = skipSignatureVerification\n ? true\n : await this.x509Certificate.verify({ signatureOnly: true, publicKey: publicCryptoKey }, webCrypto)\n const time = verificationDate.getTime()\n\n const isNotBeforeValid = this.x509Certificate.notBefore.getTime() <= time\n const isNotAfterValid = time <= this.x509Certificate.notAfter.getTime()\n\n if (!isSignatureValid) {\n throw new X509Error(`Certificate: '${this.x509Certificate.subject}' has an invalid signature`)\n }\n\n if (!isNotBeforeValid) {\n throw new X509Error(`Certificate: '${this.x509Certificate.subject}' used before it is allowed`)\n }\n\n if (!isNotAfterValid) {\n throw new X509Error(`Certificate: '${this.x509Certificate.subject}' used after it is allowed`)\n }\n }\n\n /\n Get the thumprint of the X509 certificate in hex format.\n /\n public async getThumprintInHex(agentContext: AgentContext) {\n const thumbprint = await this.x509Certificate.getThumbprint(new CredoWebCrypto(agentContext))\n const thumbprintHex = TypedArrayEncoder.toHex(new Uint8Array(thumbprint))\n\n return thumbprintHex\n }\n\n /\n Get the data elements of the x509 certificate\n /\n public get data() {\n return {\n issuerName: this.x509Certificate.issuerName.toString(),\n issuer: this.x509Certificate.issuer,\n subjectName: this.x509Certificate.subjectName.toString(),\n subject: this.x509Certificate.subject,\n serialNumber: this.x509Certificate.serialNumber,\n pem: this.x509Certificate.toString(),\n notBefore: this.x509Certificate.notBefore,\n notAfter: this.x509Certificate.notAfter,\n }\n }\n\n public getIssuerNameField(field: string) {\n return this.x509Certificate.issuerName.getField(field)\n }\n\n /\n @param format the format to export to, defaults to `pem`\n */\n public toString(format?: 'asn' \| 'pem' \| 'hex' \| 'base64' \| 'text' \| 'base64url') {\n return this.x509Certificate.toString(format ?? 'pem')\n }\n\n public equal(certificate: X509Certificate) {\n const parsedOther = new x509.X509Certificate(certificate.rawCertificate)\n\n return this.x509Certificate.equal(parsedOther)\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AA+BA,IAAY,wDAAL;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AAGF,IAAY,wEAAL;AACL;AACA;AACA;AACA;AACA;AACA;AACA;;;AASF,IAAa,kBAAb,MAAa,gBAAgB;CAK3B,AAAQ,YAAY,SAAiC;AACnD,OAAK,YAAY,QAAQ;AACzB,OAAK,aAAa,QAAQ;AAC1B,OAAK,kBAAkB,QAAQ;;CAGjC,IAAW,MAAM,OAAe;AAC9B,OAAK,UAAU,QAAQ;;CAGzB,IAAW,QAAgB;AACzB,SAAO,KAAK,UAAU;;CAGxB,IAAW,WAAoB;AAC7B,SAAO,KAAK,UAAU;;CAGxB,OAAc,mBAAmB,gBAAgD;EAC/E,MAAM,cAAc,IAAI,KAAK,gBAAgB,eAAe;AAC5D,SAAO,gBAAgB,iBAAiB,YAAY;;CAGtD,OAAc,uBAAuB,oBAA6C;EAChF,MAAM,cAAc,IAAI,KAAK,gBAAgB,mBAAmB;AAChE,SAAO,gBAAgB,iBAAiB,YAAY;;CAGtD,OAAe,iBAAiB,aAAoD;EAClF,MAAM,OAAO,UAAU,MAAM,YAAY,UAAU,SAAS,qBAAqB;EACjF,MAAM,aAAa,YAAY,aAAa,IAAI,WAAW,YAAY,WAAW,QAAQ,GAAG;AAI7F,SAAO,IAAI,gBAAgB;GACzB,WAHgB,gBAAgB,KAAK;GAIrC;GACA,iBAAiB;GAClB,CAAC;;CAGJ,AAAQ,sBAAiD,kBAAgD;AACvG,SAAO,KAAK,gBAAgB,WAAW,QAAQ,MAAM,EAAE,SAAS,iBAAiB;;CAGnF,IAAW,iBAAiB;AAC1B,SAAO,IAAI,WAAW,KAAK,gBAAgB,QAAQ;;CAGrD,IAAW,0BAA0B;AAEnC,SADY,KAAK,sBAA4D,qBAAqB,EACtF,SAAS,MAAM,EAAE,MAAM,MAAM,CAAC,KAAK,OAAO;GAAE,MAAM,EAAE;GAAM,OAAO,EAAE;GAAO,EAAE,IAAI,EAAE;;CAGhG,IAAW,yBAAyB;AAElC,SADY,KAAK,sBAA2D,oBAAoB,EACpF,SAAS,MAAM,EAAE,MAAM,MAAM,CAAC,KAAK,OAAO;GAAE,MAAM,EAAE;GAAM,OAAO,EAAE;GAAO,EAAE,IAAI,EAAE;;CAGhG,IAAW,cAAc;AACvB,SAAO,KAAK,wBAAwB,QAAQ,QAAQ,IAAI,SAAS,MAAM,CAAC,KAAK,QAAQ,IAAI,MAAM;;CAGjG,IAAW,cAAc;AACvB,SAAO,KAAK,wBAAwB,QAAQ,QAAQ,IAAI,SAAS,MAAM,CAAC,KAAK,QAAQ,IAAI,MAAM;;CAGjG,IAAW,cAAc;AACvB,SAAO,KAAK,uBAAuB,QAAQ,QAAQ,IAAI,SAAS,MAAM,CAAC,KAAK,QAAQ,IAAI,MAAM;;CAGhG,IAAW,cAAc;AACvB,SAAO,KAAK,uBAAuB,QAAQ,QAAQ,IAAI,SAAS,MAAM,CAAC,KAAK,QAAQ,IAAI,MAAM;;CAGhG,IAAW,yBAAyB;EAClC,MAAM,SAAS,KAAK,sBAA4D,6BAA6B,EAAE,KAC5G,MAAM,EAAE,MACV;AAED,MAAI,UAAU,OAAO,SAAS,EAC5B,OAAM,IAAI,UAAU,qDAAqD;AAG3E,SAAO,SAAS;;CAGlB,IAAW,uBAAuB;EAChC,MAAM,SAAS,KAAK,sBAA0D,2BAA2B,EAAE,KACxG,MAAM,EAAE,MACV;AAED,MAAI,UAAU,OAAO,SAAS,EAC5B,OAAM,IAAI,UAAU,mDAAmD;AAGzE,SAAO,SAAS;;CAIlB,IAAW,WAAW;EACpB,MAAM,YAAY,KAAK,sBAA+C,eAAe,EAAE,KAAK,MAAM,EAAE,OAAO;AAE3G,MAAI,aAAa,UAAU,SAAS,EAClC,OAAM,IAAI,UAAU,sCAAsC;AAG5D,MAAI,UACF,QAAO,OAAO,OAAO,aAAa,CAC/B,QAAQ,QAAuB,OAAO,QAAQ,SAAS,CACvD,QAAQ,eAAe,UAAU,KAAK,eAAe,UAAU,CAC/D,KAAK,cAAc,UAA0B;;CAIpD,IAAW,mBAAmB;EAC5B,MAAM,oBAAoB,KAAK,sBAAsD,kBAAkB,EAAE,KACtG,MAAM,EAAE,OACV;AAED,MAAI,qBAAqB,kBAAkB,SAAS,EAClD,OAAM,IAAI,UAAU,sCAAsC;AAG5D,SAAO,oBAAoB;;CAG7B,AAAO,oBAAoB,IAAqB;EAC9C,MAAM,YAAY,KAAK,sBAAsB,GAAG;AAChD,MAAI,CAAC,UACH,OAAM,IAAI,UAAU,sBAAsB,GAAG,gBAAgB;AAG/D,SAAO,CAAC,CAAC,UAAU,GAAG;;CAGxB,aAAoB,OAAO,SAAuC,WAA2B;EAC3F,MAAM,mBAAmB,QAAQ,oBAAoB,QAAQ;EAC7D,MAAM,0BAA0B,2BAA2B,QAAQ,aAAa,QAAQ,EAAE,iBAAiB,QAAQ,CAAC;EAEpH,MAAM,aAAa,IAAI,kBACrB,QAAQ,cACR,8BAA8B,QAAQ,aAAa,EACnD,OACA,WACA,CAAC,OAAO,CACT;EACD,MAAM,YAAY,IAAI,kBACpB,kBACA,8BAA8B,QAAQ,aAAa,EACnD,MACA,UACA,CAAC,SAAS,CACX;EAED,MAAM,aAAa,YAAY,QAAQ,OAAO;EAE9C,MAAMA,aAAgD,EAAE;AACxD,aAAW,KACT,oCAAoC,QAAQ,YAAY,sBAAsB,EAAE,WAAW,kBAAkB,CAAC,CAC/G;AACD,aAAW,KAAK,yBAAyB,QAAQ,YAAY,SAAS,CAAC;AACvE,aAAW,KAAK,iCAAiC,QAAQ,YAAY,iBAAiB,CAAC;AACvF,aAAW,KACT,sCAAsC,QAAQ,YAAY,wBAAwB,EAChF,WAAW,QAAQ,cACpB,CAAC,CACH;AACD,aAAW,KAAK,qCAAqC,QAAQ,YAAY,sBAAsB,CAAC;AAChG,aAAW,KAAK,sCAAsC,QAAQ,YAAY,uBAAuB,CAAC;AAClG,aAAW,KAAK,gCAAgC,QAAQ,YAAY,iBAAiB,CAAC;AACtF,aAAW,KAAK,qCAAqC,QAAQ,YAAY,sBAAsB,CAAC;AAEhG,MAAI,yBAAyB;AAC3B,OAAI,QAAQ,QACV,OAAM,IAAI,UAAU,mFAAmF;GAGzG,MAAMC,gBAAc,MAAM,KAAK,yBAAyB,iBACtD;IACE,MAAM;KAAE;KAAW,YAAY;KAAY;IAC3C,MAAM;IACN,WAAW,QAAQ,UAAU;IAC7B,UAAU,QAAQ,UAAU;IAC5B,YAAY,WAAW,QAAQ,MAAM,MAAM,OAAU;IACrD,cAAc,QAAQ;IACvB,EACD,UACD;GAED,MAAMC,wBAAsB,gBAAgB,iBAAiBD,cAAY;AACzE,OAAI,iBAAiB,SAAU,uBAAoB,UAAU,QAAQ,iBAAiB;AACtF,UAAOC;;AAGT,MAAI,CAAC,QAAQ,QACX,OAAM,IAAI,UAAU,gFAAgF;EAGtG,MAAM,cAAc,YAAY,QAAQ,QAAQ;EAEhD,MAAM,cAAc,MAAM,KAAK,yBAAyB,OACtD;GACE;GACA;GACA,QAAQ;GACR,SAAS;GACT,WAAW,QAAQ,UAAU;GAC7B,UAAU,QAAQ,UAAU;GAC5B,YAAY,WAAW,QAAQ,MAAM,MAAM,OAAU;GACtD,EACD,UACD;EAED,MAAM,sBAAsB,gBAAgB,iBAAiB,YAAY;AACzE,MAAI,iBAAiB,SAAU,qBAAoB,UAAU,QAAQ,iBAAiB;AACtF,SAAO;;CAGT,IAAW,UAAU;AACnB,SAAO,KAAK,gBAAgB;;CAG9B,IAAW,SAAS;AAClB,SAAO,KAAK,gBAAgB;;CAG9B,MAAa,OACX,EACE,mCAAmB,IAAI,MAAM,EAC7B,WACA,4BAA4B,SAiB9B,WACA;EACA,IAAIC;AACJ,MAAI,UAEF,mBAAkB,IAAI,kBAAkB,WADb,8BAA8B,UAAU,EACI,MAAM,UAAU,CAAC,SAAS,CAAC;EAIpG,MAAM,mBAAmB,4BACrB,OACA,MAAM,KAAK,gBAAgB,OAAO;GAAE,eAAe;GAAM,WAAW;GAAiB,EAAE,UAAU;EACrG,MAAM,OAAO,iBAAiB,SAAS;EAEvC,MAAM,mBAAmB,KAAK,gBAAgB,UAAU,SAAS,IAAI;EACrE,MAAM,kBAAkB,QAAQ,KAAK,gBAAgB,SAAS,SAAS;AAEvE,MAAI,CAAC,iBACH,OAAM,IAAI,UAAU,iBAAiB,KAAK,gBAAgB,QAAQ,4BAA4B;AAGhG,MAAI,CAAC,iBACH,OAAM,IAAI,UAAU,iBAAiB,KAAK,gBAAgB,QAAQ,6BAA6B;AAGjG,MAAI,CAAC,gBACH,OAAM,IAAI,UAAU,iBAAiB,KAAK,gBAAgB,QAAQ,4BAA4B;;;;;CAOlG,MAAa,kBAAkB,cAA4B;EACzD,MAAM,aAAa,MAAM,KAAK,gBAAgB,cAAc,IAAI,eAAe,aAAa,CAAC;AAG7F,SAFsB,kBAAkB,MAAM,IAAI,WAAW,WAAW,CAAC;;;;;CAQ3E,IAAW,OAAO;AAChB,SAAO;GACL,YAAY,KAAK,gBAAgB,WAAW,UAAU;GACtD,QAAQ,KAAK,gBAAgB;GAC7B,aAAa,KAAK,gBAAgB,YAAY,UAAU;GACxD,SAAS,KAAK,gBAAgB;GAC9B,cAAc,KAAK,gBAAgB;GACnC,KAAK,KAAK,gBAAgB,UAAU;GACpC,WAAW,KAAK,gBAAgB;GAChC,UAAU,KAAK,gBAAgB;GAChC;;CAGH,AAAO,mBAAmB,OAAe;AACvC,SAAO,KAAK,gBAAgB,WAAW,SAAS,MAAM;;;;;CAMxD,AAAO,SAAS,QAAkE;AAChF,SAAO,KAAK,gBAAgB,SAAS,UAAU,MAAM;;CAGvD,AAAO,MAAM,aAA8B;EACzC,MAAM,cAAc,IAAI,KAAK,gBAAgB,YAAY,eAAe;AAExE,SAAO,KAAK,gBAAgB,MAAM,YAAY"}

package/build/modules/x509/X509Module.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"X509Module.d.mts","names":[],"sources":["../../../src/modules/x509/X509Module.ts"],"sourcesContent":[],"mappings":";;;;;;;;;~~cAYa~~,UAAA,YAAsB;EAAtB,SAAA,GAAA,EAAW,OACH,OADG;EAAA,SAAA,MAAA,EAGE,gBAHF;aACH,CAAA,OAAA,CAAA,EAIU,uBAJV;;;;UADc,CAAA,iBAAA,EAYE,iBAZF,CAAA,EAAA,IAAA"}
1	+ {"version":3,"file":"X509Module.d.mts","names":[],"sources":["../../../src/modules/x509/X509Module.ts"],"sourcesContent":[],"mappings":";;;;;;;;;cAUa,UAAA,YAAsB;EAAtB,SAAA,GAAA,EAAW,OACH,OADG;EAAA,SAAA,MAAA,EAGE,gBAHF;aACH,CAAA,OAAA,CAAA,EAIU,uBAJV;;;;UADc,CAAA,iBAAA,EAYE,iBAZF,CAAA,EAAA,IAAA"}

package/build/modules/x509/X509Module.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"X509Module.d.ts","names":[],"sources":["../../../src/modules/x509/X509Module.ts"],"sourcesContent":[],"mappings":";;;;;;;;;~~AAYA~~;AAAwB,cAAX,UAAA,YAAsB,MAAX,CAAA;WACH,GAAA,EAAA,OAAA,OAAA;WAEK,MAAA,EAAA,gBAAA;aAEK,CAAA,OAAA,CAAA,EAAA,uBAAA;;;;8BAOM"}
1	+ {"version":3,"file":"X509Module.d.ts","names":[],"sources":["../../../src/modules/x509/X509Module.ts"],"sourcesContent":[],"mappings":";;;;;;;;;AAUA;AAAwB,cAAX,UAAA,YAAsB,MAAX,CAAA;WACH,GAAA,EAAA,OAAA,OAAA;WAEK,MAAA,EAAA,gBAAA;aAEK,CAAA,OAAA,CAAA,EAAA,uBAAA;;;;8BAOM"}

package/build/modules/x509/X509Module.js CHANGED Viewed

@@ -1,8 +1,8 @@
 const require_AgentConfig = require('../../agent/AgentConfig.js');
-const require_X509Service = require('./X509Service.js');
 const require_X509ModuleConfig = require('./X509ModuleConfig.js');
+const require_X509Service = require('./X509Service.js');
 const require_X509Api = require('./X509Api.js');
 //#region src/modules/x509/X509Module.ts

package/build/modules/x509/X509Module.mjs CHANGED Viewed

@@ -1,8 +1,8 @@
 import { AgentConfig } from "../../agent/AgentConfig.mjs";
-import { X509Service } from "./X509Service.mjs";
 import { X509ModuleConfig } from "./X509ModuleConfig.mjs";
+import { X509Service } from "./X509Service.mjs";
 import { X509Api } from "./X509Api.mjs";
 //#region src/modules/x509/X509Module.ts

package/build/modules/x509/X509Module.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"X509Module.mjs","names":[],"sources":["../../../src/modules/x509/X509Module.ts"],"sourcesContent":["import ~~type~~ { ~~DependencyManager,~~ ~~Module~~ } from '../../~~plugins~~'\nimport type { ~~X509ModuleConfigOptions~~ } from '~~./X509ModuleConfig~~'\n\nimport { ~~AgentConfig~~ } from '~~../../agent/AgentConfig~~'\n\nimport { ~~X509Api~~ } from './~~X509Api~~'\nimport { X509ModuleConfig } from './X509ModuleConfig'\nimport { X509Service } from './X509Service'\n\n/*\n @public\n /\nexport class X509Module implements Module {\n public readonly api = X509Api\n\n public readonly config: X509ModuleConfig\n\n public constructor(options?: X509ModuleConfigOptions) {\n this.config = new X509ModuleConfig(options)\n }\n\n /\n Registers the dependencies of the sd-jwt-vc module on the dependency manager.\n */\n public register(dependencyManager: DependencyManager) {\n // Warn about experimental module\n dependencyManager\n .resolve(AgentConfig)\n .logger.warn(\n \"The 'X509' module is experimental and could have unexpected breaking changes. When using this module, make sure to use strict versions for all @credo-ts packages.\"\n )\n\n // Register config\n dependencyManager.registerInstance(X509ModuleConfig, this.config)\n\n // Services\n dependencyManager.registerSingleton(X509Service)\n }\n}\n"],"mappings":";;;;;;;;;;;~~AAYA~~,IAAa,aAAb,MAA0C;CAKxC,AAAO,YAAY,SAAmC;OAJtC,MAAM;AAKpB,OAAK,SAAS,IAAI,iBAAiB,QAAQ;;;;;CAM7C,AAAO,SAAS,mBAAsC;AAEpD,oBACG,QAAQ,YAAY,CACpB,OAAO,KACN,qKACD;AAGH,oBAAkB,iBAAiB,kBAAkB,KAAK,OAAO;AAGjE,oBAAkB,kBAAkB,YAAY"}
1	+ {"version":3,"file":"X509Module.mjs","names":[],"sources":["../../../src/modules/x509/X509Module.ts"],"sourcesContent":["import { AgentConfig } from '../../agent/AgentConfig'\nimport type { DependencyManager, Module } from '../../plugins'\nimport { X509Api } from './X509Api'\nimport type { X509ModuleConfigOptions } from './X509ModuleConfig'\nimport { X509ModuleConfig } from './X509ModuleConfig'\nimport { X509Service } from './X509Service'\n\n/*\n @public\n /\nexport class X509Module implements Module {\n public readonly api = X509Api\n\n public readonly config: X509ModuleConfig\n\n public constructor(options?: X509ModuleConfigOptions) {\n this.config = new X509ModuleConfig(options)\n }\n\n /\n Registers the dependencies of the sd-jwt-vc module on the dependency manager.\n */\n public register(dependencyManager: DependencyManager) {\n // Warn about experimental module\n dependencyManager\n .resolve(AgentConfig)\n .logger.warn(\n \"The 'X509' module is experimental and could have unexpected breaking changes. When using this module, make sure to use strict versions for all @credo-ts packages.\"\n )\n\n // Register config\n dependencyManager.registerInstance(X509ModuleConfig, this.config)\n\n // Services\n dependencyManager.registerSingleton(X509Service)\n }\n}\n"],"mappings":";;;;;;;;;;;AAUA,IAAa,aAAb,MAA0C;CAKxC,AAAO,YAAY,SAAmC;OAJtC,MAAM;AAKpB,OAAK,SAAS,IAAI,iBAAiB,QAAQ;;;;;CAM7C,AAAO,SAAS,mBAAsC;AAEpD,oBACG,QAAQ,YAAY,CACpB,OAAO,KACN,qKACD;AAGH,oBAAkB,iBAAiB,kBAAkB,KAAK,OAAO;AAGjE,oBAAkB,kBAAkB,YAAY"}

package/build/modules/x509/X509ModuleConfig.d.mts CHANGED Viewed

@@ -1,9 +1,9 @@
+import { X509Certificate } from "./X509Certificate.mjs";
+import { SdJwtVc } from "../sd-jwt-vc/SdJwtVcService.mjs";
 import { JwtPayload } from "../../crypto/jose/jwt/JwtPayload.mjs";
 import { W3cJwtVerifiableCredential } from "../vc/jwt-vc/W3cJwtVerifiableCredential.mjs";
 import { W3cJwtVerifiablePresentation } from "../vc/jwt-vc/W3cJwtVerifiablePresentation.mjs";
-import { X509Certificate } from "./X509Certificate.mjs";
 import { Mdoc } from "../mdoc/Mdoc.mjs";
-import { SdJwtVc } from "../sd-jwt-vc/SdJwtVcService.mjs";
 import { AgentContext } from "../../agent/context/AgentContext.mjs";
 //#region src/modules/x509/X509ModuleConfig.d.ts

package/build/modules/x509/X509ModuleConfig.d.ts CHANGED Viewed

@@ -1,9 +1,9 @@
+import { X509Certificate } from "./X509Certificate.js";
+import { SdJwtVc } from "../sd-jwt-vc/SdJwtVcService.js";
 import { JwtPayload } from "../../crypto/jose/jwt/JwtPayload.js";
 import { W3cJwtVerifiableCredential } from "../vc/jwt-vc/W3cJwtVerifiableCredential.js";
 import { W3cJwtVerifiablePresentation } from "../vc/jwt-vc/W3cJwtVerifiablePresentation.js";
-import { X509Certificate } from "./X509Certificate.js";
 import { Mdoc } from "../mdoc/Mdoc.js";
-import { SdJwtVc } from "../sd-jwt-vc/SdJwtVcService.js";
 import { AgentContext } from "../../agent/context/AgentContext.js";
 //#region src/modules/x509/X509ModuleConfig.d.ts

package/build/modules/x509/X509Service.d.mts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { X509Certificate } from "./X509Certificate.mjs";
 import { X509CreateCertificateOptions, X509GetLeafCertificateOptions, X509ParseCertificateOptions, X509ValidateCertificateChainOptions } from "./X509ServiceOptions.mjs";
+import { X509Certificate } from "./X509Certificate.mjs";
 import { AgentContext } from "../../agent/context/AgentContext.mjs";
 //#region src/modules/x509/X509Service.d.ts

package/build/modules/x509/X509Service.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"X509Service.d.mts","names":[],"sources":["../../../src/modules/x509/X509Service.ts"],"sourcesContent":[],"mappings":";;;;;~~cAkBa~~,WAAA;;;;AAFb;;;;;;;;;;;;;;;SA4IM,wBAAA,CAAA,YAAA,EAtHY,YAsHZ,EAAA;IAAA,gBAAA;IAAA,WAAA;IAAA,gBAAA;IAAA;EAAA,CAAA,EAhHC,mCAgHD,CAAA,EAhHoC,OAgHpC,CAhHoC,eAgHpC,EAAA,CAAA;;;;;;SASmG,gBAAA,CAAA,aAAA,EAnBtF,YAmBsF,EAAA;IAAA;EAAA,CAAA,EAlB7E,2BAkB6E,CAAA,EAjBpG,eAiBoG;EAAA,OAAA,kBAAA,CAAA,aAAA,EAVtF,YAUsF,EAAA;IAAA;EAAA,CAAA,EAT/E,6BAS+E,CAAA,EARpG,eAQoG;yCAAnD,uBAAuB,+BAA4B,QAAA"}
1	+ {"version":3,"file":"X509Service.d.mts","names":[],"sources":["../../../src/modules/x509/X509Service.ts"],"sourcesContent":[],"mappings":";;;;;cAea,WAAA;;;;AAFb;;;;;;;;;;;;;;;SA4IM,wBAAA,CAAA,YAAA,EAtHY,YAsHZ,EAAA;IAAA,gBAAA;IAAA,WAAA;IAAA,gBAAA;IAAA;EAAA,CAAA,EAhHC,mCAgHD,CAAA,EAhHoC,OAgHpC,CAhHoC,eAgHpC,EAAA,CAAA;;;;;;SASmG,gBAAA,CAAA,aAAA,EAnBtF,YAmBsF,EAAA;IAAA;EAAA,CAAA,EAlB7E,2BAkB6E,CAAA,EAjBpG,eAiBoG;EAAA,OAAA,kBAAA,CAAA,aAAA,EAVtF,YAUsF,EAAA;IAAA;EAAA,CAAA,EAT/E,6BAS+E,CAAA,EARpG,eAQoG;yCAAnD,uBAAuB,+BAA4B,QAAA"}

package/build/modules/x509/X509Service.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { X509Certificate } from "./X509Certificate.js";
 import { X509CreateCertificateOptions, X509GetLeafCertificateOptions, X509ParseCertificateOptions, X509ValidateCertificateChainOptions } from "./X509ServiceOptions.js";
+import { X509Certificate } from "./X509Certificate.js";
 import { AgentContext } from "../../agent/context/AgentContext.js";
 //#region src/modules/x509/X509Service.d.ts

package/build/modules/x509/X509Service.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"X509Service.d.ts","names":[],"sources":["../../../src/modules/x509/X509Service.ts"],"sourcesContent":[],"mappings":";;;;;~~cAkBa~~,WAAA;;AAFb;;;;;;;;;;;;;;;;;SA6IK,wBAAA,CAAA,YAAA,EAvHa,YAuHb,EAAA;IAAA,gBAAA;IAAA,WAAA;IAAA,gBAAA;IAAA;EAAA,CAAA,EAjHE,mCAiHF,CAAA,EAjHqC,OAiHrC,CAjHqC,eAiHrC,EAAA,CAAA;;;;;;yCAXc;;KACS,8BACvB;2CAOc;;KACO,gCACrB;yCAQiD,uBAAuB,+BAA4B,QAAA"}
1	+ {"version":3,"file":"X509Service.d.ts","names":[],"sources":["../../../src/modules/x509/X509Service.ts"],"sourcesContent":[],"mappings":";;;;;cAea,WAAA;;AAFb;;;;;;;;;;;;;;;;;SA6IK,wBAAA,CAAA,YAAA,EAvHa,YAuHb,EAAA;IAAA,gBAAA;IAAA,WAAA;IAAA,gBAAA;IAAA;EAAA,CAAA,EAjHE,mCAiHF,CAAA,EAjHqC,OAiHrC,CAjHqC,eAiHrC,EAAA,CAAA;;;;;;yCAXc;;KACS,8BACvB;2CAOc;;KACO,gCACrB;yCAQiD,uBAAuB,+BAA4B,QAAA"}

package/build/modules/x509/X509Service.js CHANGED Viewed

@@ -1,16 +1,16 @@
 const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.js');
-const require_X509Error = require('./X509Error.js');
 const require_decorate = require('../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorate.js');
 require('../../agent/index.js');
 const require_CredoWebCrypto = require('../../crypto/webcrypto/CredoWebCrypto.js');
 require('../../crypto/webcrypto/index.js');
+const require_X509Error = require('./X509Error.js');
 const require_X509Certificate = require('./X509Certificate.js');
-let __peculiar_x509 = require("@peculiar/x509");
-__peculiar_x509 = require_rolldown_runtime.__toESM(__peculiar_x509);
 let tsyringe = require("tsyringe");
 tsyringe = require_rolldown_runtime.__toESM(tsyringe);
+let __peculiar_x509 = require("@peculiar/x509");
+__peculiar_x509 = require_rolldown_runtime.__toESM(__peculiar_x509);
 //#region src/modules/x509/X509Service.ts
 let X509Service = class X509Service$1 {
@@ -45,7 +45,7 @@ let X509Service = class X509Service$1 {
 		}
 		let parsedChain = (await new __peculiar_x509.X509ChainBuilder({ certificates: certificatesToBuildChain }).build(parsedLeafCertificate, webCrypto)).map((c) => require_X509Certificate.X509Certificate.fromRawCertificate(new Uint8Array(c.rawData))).reverse();
 		if (parsedChain.length < certificateChain.length) throw new require_X509Error.X509Error("Could not parse the full chain. Likely due to incorrect ordering");
-		let previousCertificate = void 0;
+		let previousCertificate;
 		if (trustedCertificates) {
 			const parsedTrustedCertificates = trustedCertificates.map((trustedCertificate) => require_X509Certificate.X509Certificate.fromEncodedCertificate(trustedCertificate));
 			const trustedCertificateIndex = parsedChain.findIndex((cert) => parsedTrustedCertificates.some((tCert) => cert.equal(tCert)));

package/build/modules/x509/X509Service.mjs CHANGED Viewed

@@ -1,13 +1,13 @@
-import { X509Error } from "./X509Error.mjs";
 import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorate.mjs";
 import "../../agent/index.mjs";
 import { CredoWebCrypto } from "../../crypto/webcrypto/CredoWebCrypto.mjs";
 import "../../crypto/webcrypto/index.mjs";
+import { X509Error } from "./X509Error.mjs";
 import { X509Certificate } from "./X509Certificate.mjs";
-import * as x509 from "@peculiar/x509";
 import { injectable } from "tsyringe";
+import * as x509 from "@peculiar/x509";
 //#region src/modules/x509/X509Service.ts
 let X509Service = class X509Service$1 {
@@ -42,7 +42,7 @@ let X509Service = class X509Service$1 {
 		}
 		let parsedChain = (await new x509.X509ChainBuilder({ certificates: certificatesToBuildChain }).build(parsedLeafCertificate, webCrypto)).map((c) => X509Certificate.fromRawCertificate(new Uint8Array(c.rawData))).reverse();
 		if (parsedChain.length < certificateChain.length) throw new X509Error("Could not parse the full chain. Likely due to incorrect ordering");
-		let previousCertificate = void 0;
+		let previousCertificate;
 		if (trustedCertificates) {
 			const parsedTrustedCertificates = trustedCertificates.map((trustedCertificate) => X509Certificate.fromEncodedCertificate(trustedCertificate));
 			const trustedCertificateIndex = parsedChain.findIndex((cert) => parsedTrustedCertificates.some((tCert) => cert.equal(tCert)));

package/build/modules/x509/X509Service.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"X509Service.mjs","names":["X509Service","parsedLeafCertificate: x509.X509Certificate","certificatesToBuildChain: x509.X509Certificate[]","previousCertificate: X509Certificate \| undefined"],"sources":["../../../src/modules/x509/X509Service.ts"],"sourcesContent":["import ~~type {\n X509CreateCertificateOptions,\n X509GetLeafCertificateOptions,\n X509ParseCertificateOptions,\n X509ValidateCertificateChainOptions,\n} from './X509ServiceOptions'\n\nimport~~ * as x509 from '@peculiar/x509'\nimport { injectable } from 'tsyringe'\n\nimport { AgentContext } from '../../agent'\nimport { CredoWebCrypto } from '../../crypto/webcrypto'\n\nimport { X509Certificate } from './X509Certificate'\nimport { X509Error } from './X509Error'\n\n@injectable()\n// biome-ignore lint/complexity/noStaticOnlyClass: <explanation>\nexport class X509Service {\n /*\n \n * Validate a chain of X.509 certificates according to RFC 5280\n \n This function requires a list of base64 encoded certificates and, optionally, a certificate that should be found in the chain.\n * If no certificate is provided, it will just assume the leaf certificate\n \n The leaf certificate should be the 0th index and the root the last\n \n The Issuer of the certificate is found with the following algorithm:\n * - Check if there is an AuthorityKeyIdentifierExtension\n * - Go through all the other certificates and see if the SubjectKeyIdentifier is equal to thje AuthorityKeyIdentifier\n * - If they are equal, the certificate is verified and returned as the issuer\n \n Additional validation:\n * - Make sure atleast a single certificate is in the chain\n * - Check whether a certificate in the chain matches with a trusted certificate\n /\n public static async validateCertificateChain(\n agentContext: AgentContext,\n {\n certificateChain,\n certificate = certificateChain[0],\n verificationDate = new Date(),\n trustedCertificates,\n }: X509ValidateCertificateChainOptions\n ) {\n if (certificateChain.length === 0) throw new X509Error('Certificate chain is empty')\n const webCrypto = new CredoWebCrypto(agentContext)\n\n let parsedLeafCertificate: x509.X509Certificate\n let certificatesToBuildChain: x509.X509Certificate[]\n try {\n parsedLeafCertificate = new x509.X509Certificate(certificate)\n certificatesToBuildChain = [...certificateChain, ...(trustedCertificates ?? [])].map(\n (c) => new x509.X509Certificate(c)\n )\n } catch (error) {\n throw new X509Error('Error during parsing of x509 certificate', { cause: error })\n }\n\n const certificateChainBuilder = new x509.X509ChainBuilder({\n certificates: certificatesToBuildChain,\n })\n\n const chain = await certificateChainBuilder.build(parsedLeafCertificate, webCrypto)\n\n // The chain is reversed here as the `x5c` header (the expected input),\n // has the leaf certificate as the first entry, while the `x509` library expects this as the last\n let parsedChain = chain.map((c) => X509Certificate.fromRawCertificate(new Uint8Array(c.rawData))).reverse()\n\n // We allow longer parsed chain, in case the root cert was not part of the chain, but in the\n // list of trusted certificates\n if (parsedChain.length < certificateChain.length) {\n throw new X509Error('Could not parse the full chain. Likely due to incorrect ordering')\n }\n\n let previousCertificate: X509Certificate \| undefined ~~= undefined~~\n\n if (trustedCertificates) {\n const parsedTrustedCertificates = trustedCertificates.map((trustedCertificate) =>\n X509Certificate.fromEncodedCertificate(trustedCertificate)\n )\n\n const trustedCertificateIndex = parsedChain.findIndex((cert) =>\n parsedTrustedCertificates.some((tCert) => cert.equal(tCert))\n )\n\n if (trustedCertificateIndex === -1) {\n throw new X509Error('No trusted certificate was found while validating the X.509 chain')\n }\n\n if (trustedCertificateIndex > 0) {\n // When we trust a certificate other than the first certificate in the provided chain we keep a reference to the\n // previous certificate as we need the key of this certificate to verify the first certificate in the chain as\n // it's not self-sigend.\n previousCertificate = parsedChain[trustedCertificateIndex - 1]\n\n // Pop everything off before the index of the trusted certificate (those are more root) as it is not relevant for validation\n parsedChain = parsedChain.slice(trustedCertificateIndex)\n }\n }\n\n // Verify the certificate with the publicKey of the certificate above\n for (let i = 0; i < parsedChain.length; i++) {\n const cert = parsedChain[i]\n const publicJwk = previousCertificate ? previousCertificate.publicJwk : undefined\n\n // The only scenario where this will trigger is if the trusted certificates and the x509 chain both do not contain the\n // intermediate/root certificate needed. E.g. for ISO 18013-5 mDL the root cert MUST NOT be in the chain. If the signer\n // certificate is then trusted, it will fail, as we can't verify the signer certifciate without having access to the signer\n // key of the root certificate.\n // See also https://github.com/openid/OpenID4VCI/issues/62\n //\n // In this case we could skip the signature verification (not other verifications), as we already trust the signer certificate,\n // but i think the purpose of ISO 18013-5 mDL is that you trust the root certificate. If we can't verify the whole chain e.g.\n // when we receive a credential we have the chance it will fail later on.\n const skipSignatureVerification = i === 0 && trustedCertificates && !publicJwk\n // NOTE: at some point we might want to change this to throw an error instead of skipping the signature verification of the trusted\n // but it would basically prevent mDOCs from unknown issuers to be verified in the wallet. Verifiers should only trust the root certificate\n // anyway.\n // if (i === 0 && trustedCertificates && cert.issuer !== cert.subject && !publicKey) {\n // throw new X509Error(\n // 'Unable to verify the certificate chain. A non-self-signed certificate is the first certificate in the chain, and no parent certificate was found in the trusted certificates, meaning the first certificate in the chain cannot be verified. Ensure the certificate is added '\n // )\n // }\n\n await cert.verify(\n {\n publicJwk,\n verificationDate,\n skipSignatureVerification,\n },\n webCrypto\n )\n previousCertificate = cert\n }\n\n return parsedChain\n }\n\n /\n \n * Parses a base64-encoded X.509 certificate into a {@link X509Certificate}\n \n /\n public static parseCertificate(\n _agentContext: AgentContext,\n { encodedCertificate }: X509ParseCertificateOptions\n ): X509Certificate {\n const certificate = X509Certificate.fromEncodedCertificate(encodedCertificate)\n\n return certificate\n }\n\n public static getLeafCertificate(\n _agentContext: AgentContext,\n { certificateChain }: X509GetLeafCertificateOptions\n ): X509Certificate {\n if (certificateChain.length === 0) throw new X509Error('Certificate chain is empty')\n\n const certificate = X509Certificate.fromEncodedCertificate(certificateChain[0])\n\n return certificate\n }\n\n public static async createCertificate(agentContext: AgentContext, options: X509CreateCertificateOptions) {\n const webCrypto = new CredoWebCrypto(agentContext)\n\n const certificate = await X509Certificate.create(options, webCrypto)\n\n return certificate\n }\n}\n"],"mappings":";;;;;;;;;;;;~~AAkBO~~,wBAAMA,cAAY;;;;;;;;;;;;;;;;;;;CAmBvB,aAAoB,yBAClB,cACA,EACE,kBACA,cAAc,iBAAiB,IAC/B,mCAAmB,IAAI,MAAM,EAC7B,uBAEF;AACA,MAAI,iBAAiB,WAAW,EAAG,OAAM,IAAI,UAAU,6BAA6B;EACpF,MAAM,YAAY,IAAI,eAAe,aAAa;EAElD,IAAIC;EACJ,IAAIC;AACJ,MAAI;AACF,2BAAwB,IAAI,KAAK,gBAAgB,YAAY;AAC7D,8BAA2B,CAAC,GAAG,kBAAkB,GAAI,uBAAuB,EAAE,CAAE,CAAC,KAC9E,MAAM,IAAI,KAAK,gBAAgB,EAAE,CACnC;WACM,OAAO;AACd,SAAM,IAAI,UAAU,4CAA4C,EAAE,OAAO,OAAO,CAAC;;EAWnF,IAAI,eAJU,MAJkB,IAAI,KAAK,iBAAiB,EACxD,cAAc,0BACf,CAAC,CAE0C,MAAM,uBAAuB,UAAU,EAI3D,KAAK,MAAM,gBAAgB,mBAAmB,IAAI,WAAW,EAAE,QAAQ,CAAC,CAAC,CAAC,SAAS;AAI3G,MAAI,YAAY,SAAS,iBAAiB,OACxC,OAAM,IAAI,UAAU,mEAAmE;EAGzF,IAAIC~~,sBAAmD~~;~~AAEvD~~,MAAI,qBAAqB;GACvB,MAAM,4BAA4B,oBAAoB,KAAK,uBACzD,gBAAgB,uBAAuB,mBAAmB,CAC3D;GAED,MAAM,0BAA0B,YAAY,WAAW,SACrD,0BAA0B,MAAM,UAAU,KAAK,MAAM,MAAM,CAAC,CAC7D;AAED,OAAI,4BAA4B,GAC9B,OAAM,IAAI,UAAU,oEAAoE;AAG1F,OAAI,0BAA0B,GAAG;AAI/B,0BAAsB,YAAY,0BAA0B;AAG5D,kBAAc,YAAY,MAAM,wBAAwB;;;AAK5D,OAAK,IAAI,IAAI,GAAG,IAAI,YAAY,QAAQ,KAAK;GAC3C,MAAM,OAAO,YAAY;GACzB,MAAM,YAAY,sBAAsB,oBAAoB,YAAY;GAWxE,MAAM,4BAA4B,MAAM,KAAK,uBAAuB,CAAC;AAUrE,SAAM,KAAK,OACT;IACE;IACA;IACA;IACD,EACD,UACD;AACD,yBAAsB;;AAGxB,SAAO;;;;;;;CAQT,OAAc,iBACZ,eACA,EAAE,sBACe;AAGjB,SAFoB,gBAAgB,uBAAuB,mBAAmB;;CAKhF,OAAc,mBACZ,eACA,EAAE,oBACe;AACjB,MAAI,iBAAiB,WAAW,EAAG,OAAM,IAAI,UAAU,6BAA6B;AAIpF,SAFoB,gBAAgB,uBAAuB,iBAAiB,GAAG;;CAKjF,aAAoB,kBAAkB,cAA4B,SAAuC;EACvG,MAAM,YAAY,IAAI,eAAe,aAAa;AAIlD,SAFoB,MAAM,gBAAgB,OAAO,SAAS,UAAU;;;0BAxJvE,YAAY"}
1	+ {"version":3,"file":"X509Service.mjs","names":["X509Service","parsedLeafCertificate: x509.X509Certificate","certificatesToBuildChain: x509.X509Certificate[]","previousCertificate: X509Certificate \| undefined"],"sources":["../../../src/modules/x509/X509Service.ts"],"sourcesContent":["import * as x509 from '@peculiar/x509'\nimport { injectable } from 'tsyringe'\nimport { AgentContext } from '../../agent'\nimport { CredoWebCrypto } from '../../crypto/webcrypto'\nimport { X509Certificate } from './X509Certificate'\nimport { X509Error } from './X509Error'\nimport type {\n X509CreateCertificateOptions,\n X509GetLeafCertificateOptions,\n X509ParseCertificateOptions,\n X509ValidateCertificateChainOptions,\n} from './X509ServiceOptions'\n\n@injectable()\n// biome-ignore lint/complexity/noStaticOnlyClass: no explanation\nexport class X509Service {\n /*\n \n * Validate a chain of X.509 certificates according to RFC 5280\n \n This function requires a list of base64 encoded certificates and, optionally, a certificate that should be found in the chain.\n * If no certificate is provided, it will just assume the leaf certificate\n \n The leaf certificate should be the 0th index and the root the last\n \n The Issuer of the certificate is found with the following algorithm:\n * - Check if there is an AuthorityKeyIdentifierExtension\n * - Go through all the other certificates and see if the SubjectKeyIdentifier is equal to thje AuthorityKeyIdentifier\n * - If they are equal, the certificate is verified and returned as the issuer\n \n Additional validation:\n * - Make sure atleast a single certificate is in the chain\n * - Check whether a certificate in the chain matches with a trusted certificate\n /\n public static async validateCertificateChain(\n agentContext: AgentContext,\n {\n certificateChain,\n certificate = certificateChain[0],\n verificationDate = new Date(),\n trustedCertificates,\n }: X509ValidateCertificateChainOptions\n ) {\n if (certificateChain.length === 0) throw new X509Error('Certificate chain is empty')\n const webCrypto = new CredoWebCrypto(agentContext)\n\n let parsedLeafCertificate: x509.X509Certificate\n let certificatesToBuildChain: x509.X509Certificate[]\n try {\n parsedLeafCertificate = new x509.X509Certificate(certificate)\n certificatesToBuildChain = [...certificateChain, ...(trustedCertificates ?? [])].map(\n (c) => new x509.X509Certificate(c)\n )\n } catch (error) {\n throw new X509Error('Error during parsing of x509 certificate', { cause: error })\n }\n\n const certificateChainBuilder = new x509.X509ChainBuilder({\n certificates: certificatesToBuildChain,\n })\n\n const chain = await certificateChainBuilder.build(parsedLeafCertificate, webCrypto)\n\n // The chain is reversed here as the `x5c` header (the expected input),\n // has the leaf certificate as the first entry, while the `x509` library expects this as the last\n let parsedChain = chain.map((c) => X509Certificate.fromRawCertificate(new Uint8Array(c.rawData))).reverse()\n\n // We allow longer parsed chain, in case the root cert was not part of the chain, but in the\n // list of trusted certificates\n if (parsedChain.length < certificateChain.length) {\n throw new X509Error('Could not parse the full chain. Likely due to incorrect ordering')\n }\n\n let previousCertificate: X509Certificate \| undefined\n\n if (trustedCertificates) {\n const parsedTrustedCertificates = trustedCertificates.map((trustedCertificate) =>\n X509Certificate.fromEncodedCertificate(trustedCertificate)\n )\n\n const trustedCertificateIndex = parsedChain.findIndex((cert) =>\n parsedTrustedCertificates.some((tCert) => cert.equal(tCert))\n )\n\n if (trustedCertificateIndex === -1) {\n throw new X509Error('No trusted certificate was found while validating the X.509 chain')\n }\n\n if (trustedCertificateIndex > 0) {\n // When we trust a certificate other than the first certificate in the provided chain we keep a reference to the\n // previous certificate as we need the key of this certificate to verify the first certificate in the chain as\n // it's not self-sigend.\n previousCertificate = parsedChain[trustedCertificateIndex - 1]\n\n // Pop everything off before the index of the trusted certificate (those are more root) as it is not relevant for validation\n parsedChain = parsedChain.slice(trustedCertificateIndex)\n }\n }\n\n // Verify the certificate with the publicKey of the certificate above\n for (let i = 0; i < parsedChain.length; i++) {\n const cert = parsedChain[i]\n const publicJwk = previousCertificate ? previousCertificate.publicJwk : undefined\n\n // The only scenario where this will trigger is if the trusted certificates and the x509 chain both do not contain the\n // intermediate/root certificate needed. E.g. for ISO 18013-5 mDL the root cert MUST NOT be in the chain. If the signer\n // certificate is then trusted, it will fail, as we can't verify the signer certifciate without having access to the signer\n // key of the root certificate.\n // See also https://github.com/openid/OpenID4VCI/issues/62\n //\n // In this case we could skip the signature verification (not other verifications), as we already trust the signer certificate,\n // but i think the purpose of ISO 18013-5 mDL is that you trust the root certificate. If we can't verify the whole chain e.g.\n // when we receive a credential we have the chance it will fail later on.\n const skipSignatureVerification = i === 0 && trustedCertificates && !publicJwk\n // NOTE: at some point we might want to change this to throw an error instead of skipping the signature verification of the trusted\n // but it would basically prevent mDOCs from unknown issuers to be verified in the wallet. Verifiers should only trust the root certificate\n // anyway.\n // if (i === 0 && trustedCertificates && cert.issuer !== cert.subject && !publicKey) {\n // throw new X509Error(\n // 'Unable to verify the certificate chain. A non-self-signed certificate is the first certificate in the chain, and no parent certificate was found in the trusted certificates, meaning the first certificate in the chain cannot be verified. Ensure the certificate is added '\n // )\n // }\n\n await cert.verify(\n {\n publicJwk,\n verificationDate,\n skipSignatureVerification,\n },\n webCrypto\n )\n previousCertificate = cert\n }\n\n return parsedChain\n }\n\n /\n \n * Parses a base64-encoded X.509 certificate into a {@link X509Certificate}\n \n /\n public static parseCertificate(\n _agentContext: AgentContext,\n { encodedCertificate }: X509ParseCertificateOptions\n ): X509Certificate {\n const certificate = X509Certificate.fromEncodedCertificate(encodedCertificate)\n\n return certificate\n }\n\n public static getLeafCertificate(\n _agentContext: AgentContext,\n { certificateChain }: X509GetLeafCertificateOptions\n ): X509Certificate {\n if (certificateChain.length === 0) throw new X509Error('Certificate chain is empty')\n\n const certificate = X509Certificate.fromEncodedCertificate(certificateChain[0])\n\n return certificate\n }\n\n public static async createCertificate(agentContext: AgentContext, options: X509CreateCertificateOptions) {\n const webCrypto = new CredoWebCrypto(agentContext)\n\n const certificate = await X509Certificate.create(options, webCrypto)\n\n return certificate\n }\n}\n"],"mappings":";;;;;;;;;;;;AAeO,wBAAMA,cAAY;;;;;;;;;;;;;;;;;;;CAmBvB,aAAoB,yBAClB,cACA,EACE,kBACA,cAAc,iBAAiB,IAC/B,mCAAmB,IAAI,MAAM,EAC7B,uBAEF;AACA,MAAI,iBAAiB,WAAW,EAAG,OAAM,IAAI,UAAU,6BAA6B;EACpF,MAAM,YAAY,IAAI,eAAe,aAAa;EAElD,IAAIC;EACJ,IAAIC;AACJ,MAAI;AACF,2BAAwB,IAAI,KAAK,gBAAgB,YAAY;AAC7D,8BAA2B,CAAC,GAAG,kBAAkB,GAAI,uBAAuB,EAAE,CAAE,CAAC,KAC9E,MAAM,IAAI,KAAK,gBAAgB,EAAE,CACnC;WACM,OAAO;AACd,SAAM,IAAI,UAAU,4CAA4C,EAAE,OAAO,OAAO,CAAC;;EAWnF,IAAI,eAJU,MAJkB,IAAI,KAAK,iBAAiB,EACxD,cAAc,0BACf,CAAC,CAE0C,MAAM,uBAAuB,UAAU,EAI3D,KAAK,MAAM,gBAAgB,mBAAmB,IAAI,WAAW,EAAE,QAAQ,CAAC,CAAC,CAAC,SAAS;AAI3G,MAAI,YAAY,SAAS,iBAAiB,OACxC,OAAM,IAAI,UAAU,mEAAmE;EAGzF,IAAIC;AAEJ,MAAI,qBAAqB;GACvB,MAAM,4BAA4B,oBAAoB,KAAK,uBACzD,gBAAgB,uBAAuB,mBAAmB,CAC3D;GAED,MAAM,0BAA0B,YAAY,WAAW,SACrD,0BAA0B,MAAM,UAAU,KAAK,MAAM,MAAM,CAAC,CAC7D;AAED,OAAI,4BAA4B,GAC9B,OAAM,IAAI,UAAU,oEAAoE;AAG1F,OAAI,0BAA0B,GAAG;AAI/B,0BAAsB,YAAY,0BAA0B;AAG5D,kBAAc,YAAY,MAAM,wBAAwB;;;AAK5D,OAAK,IAAI,IAAI,GAAG,IAAI,YAAY,QAAQ,KAAK;GAC3C,MAAM,OAAO,YAAY;GACzB,MAAM,YAAY,sBAAsB,oBAAoB,YAAY;GAWxE,MAAM,4BAA4B,MAAM,KAAK,uBAAuB,CAAC;AAUrE,SAAM,KAAK,OACT;IACE;IACA;IACA;IACD,EACD,UACD;AACD,yBAAsB;;AAGxB,SAAO;;;;;;;CAQT,OAAc,iBACZ,eACA,EAAE,sBACe;AAGjB,SAFoB,gBAAgB,uBAAuB,mBAAmB;;CAKhF,OAAc,mBACZ,eACA,EAAE,oBACe;AACjB,MAAI,iBAAiB,WAAW,EAAG,OAAM,IAAI,UAAU,6BAA6B;AAIpF,SAFoB,gBAAgB,uBAAuB,iBAAiB,GAAG;;CAKjF,aAAoB,kBAAkB,cAA4B,SAAuC;EACvG,MAAM,YAAY,IAAI,eAAe,aAAa;AAIlD,SAFoB,MAAM,gBAAgB,OAAO,SAAS,UAAU;;;0BAxJvE,YAAY"}

package/build/modules/x509/extraction.d.mts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { Jwt } from "../../crypto/jose/jwt/Jwt.mjs";
 import { X509Certificate } from "./X509Certificate.mjs";
+import { Jwt } from "../../crypto/jose/jwt/Jwt.mjs";
 //#region src/modules/x509/extraction.d.ts
 declare function extractX509CertificatesFromJwt(jwt: Jwt): X509Certificate[] | undefined;

package/build/modules/x509/extraction.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { Jwt } from "../../crypto/jose/jwt/Jwt.js";
 import { X509Certificate } from "./X509Certificate.js";
+import { Jwt } from "../../crypto/jose/jwt/Jwt.js";
 //#region src/modules/x509/extraction.d.ts
 declare function extractX509CertificatesFromJwt(jwt: Jwt): X509Certificate[] | undefined;

package/build/modules/x509/index.js CHANGED Viewed

@@ -1,13 +1,13 @@
+const require_extensions = require('./utils/extensions.js');
 const require_X509Error = require('./X509Error.js');
 const require_nameConversion = require('./utils/nameConversion.js');
-const require_extensions = require('./utils/extensions.js');
 require('./utils/index.js');
 const require_X509Certificate = require('./X509Certificate.js');
-const require_X509Service = require('./X509Service.js');
+const require_extraction = require('./extraction.js');
 const require_X509ModuleConfig = require('./X509ModuleConfig.js');
+const require_X509Service = require('./X509Service.js');
 const require_X509Api = require('./X509Api.js');
 const require_X509Module = require('./X509Module.js');
 require('./X509ServiceOptions.js');
-const require_extraction = require('./extraction.js');

package/build/modules/x509/index.mjs CHANGED Viewed

@@ -1,13 +1,13 @@
+import { createAuthorityKeyIdentifierExtension, createBasicConstraintsExtension, createCrlDistributionPointsExtension, createExtendedKeyUsagesExtension, createIssuerAlternativeNameExtension, createKeyUsagesExtension, createSubjectAlternativeNameExtension, createSubjectKeyIdentifierExtension } from "./utils/extensions.mjs";
 import { X509Error } from "./X509Error.mjs";
 import { convertName } from "./utils/nameConversion.mjs";
-import { createAuthorityKeyIdentifierExtension, createBasicConstraintsExtension, createCrlDistributionPointsExtension, createExtendedKeyUsagesExtension, createIssuerAlternativeNameExtension, createKeyUsagesExtension, createSubjectAlternativeNameExtension, createSubjectKeyIdentifierExtension } from "./utils/extensions.mjs";
 import "./utils/index.mjs";
 import { X509Certificate, X509ExtendedKeyUsage, X509KeyUsage } from "./X509Certificate.mjs";
-import { X509Service } from "./X509Service.mjs";
+import { extractX509CertificatesFromJwt } from "./extraction.mjs";
 import { X509ModuleConfig } from "./X509ModuleConfig.mjs";
+import { X509Service } from "./X509Service.mjs";
 import { X509Api } from "./X509Api.mjs";
 import { X509Module } from "./X509Module.mjs";
 import "./X509ServiceOptions.mjs";
-import { extractX509CertificatesFromJwt } from "./extraction.mjs";

package/build/modules/x509/utils/extensions.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"extensions.d.mts","names":[],"sources":["../../../../src/modules/x509/utils/extensions.ts"],"sourcesContent":[],"mappings":";;;;;~~cAiBa~~,+CACF;aACuB;MAAW;cAUhC,oCAAqC,iDAA4C;AAZjF,cAoBA,gCAVZ,EAAA,CAAA,OAAA,EAUyD,gCAVzD,CAAA,kBAAA,CAAA,EAAA,GAU6G,yBAV7G,GAAA,SAAA;AAAA,cAgBY,qCAhBZ,EAAA,CAAA,OAAA,EAiBU,gCAjBV,CAAA,wBAAA,CAAA,EAAA,iBAAA,EAAA;WATU,EA2BuB,SA3BvB;MA2BkC,+BA1BX,GAAA,SAAA;AAAW,cAoChC,oCApCgC,EAAA,CAAA,OAAA,EAqClC,gCArCkC,CAAA,uBAAA,CAAA,EAAA,GAqCuB,8BArCvB,GAAA,SAAA;AAAA,cA4ChC,qCA5CgC,EAAA,CAAA,OAAA,EA6ClC,gCA7CkC,CAAA,wBAAA,CAAA,EAAA,GA6CwB,+BA7CxB,GAAA,SAAA;AAUhC,cA0CA,+BApCZ,EAAA,CAAA,OAAA,EAoCwD,gCApCxD,CAAA,kBAAA,CAAA,EAAA,GAoC4G,yBApC5G,GAAA,SAAA;AAAA,cA0CY,oCA1CZ,EAAA,CAAA,OAAA,EA2CU,gCA3CV,CAAA,uBAAA,CAAA,EAAA,GA2CmE,8BA3CnE,GAAA,SAAA"}
1	+ {"version":3,"file":"extensions.d.mts","names":[],"sources":["../../../../src/modules/x509/utils/extensions.ts"],"sourcesContent":[],"mappings":";;;;;cAgBa,+CACF;aACuB;MAAW;cAUhC,oCAAqC,iDAA4C;AAZjF,cAoBA,gCAVZ,EAAA,CAAA,OAAA,EAUyD,gCAVzD,CAAA,kBAAA,CAAA,EAAA,GAU6G,yBAV7G,GAAA,SAAA;AAAA,cAgBY,qCAhBZ,EAAA,CAAA,OAAA,EAiBU,gCAjBV,CAAA,wBAAA,CAAA,EAAA,iBAAA,EAAA;WATU,EA2BuB,SA3BvB;MA2BkC,+BA1BX,GAAA,SAAA;AAAW,cAoChC,oCApCgC,EAAA,CAAA,OAAA,EAqClC,gCArCkC,CAAA,uBAAA,CAAA,EAAA,GAqCuB,8BArCvB,GAAA,SAAA;AAAA,cA4ChC,qCA5CgC,EAAA,CAAA,OAAA,EA6ClC,gCA7CkC,CAAA,wBAAA,CAAA,EAAA,GA6CwB,+BA7CxB,GAAA,SAAA;AAUhC,cA0CA,+BApCZ,EAAA,CAAA,OAAA,EAoCwD,gCApCxD,CAAA,kBAAA,CAAA,EAAA,GAoC4G,yBApC5G,GAAA,SAAA;AAAA,cA0CY,oCA1CZ,EAAA,CAAA,OAAA,EA2CU,gCA3CV,CAAA,uBAAA,CAAA,EAAA,GA2CmE,8BA3CnE,GAAA,SAAA"}

package/build/modules/x509/utils/extensions.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"extensions.d.ts","names":[],"sources":["../../../../src/modules/x509/utils/extensions.ts"],"sourcesContent":[],"mappings":";;;;;~~cAiBa~~,+CACF;aACuB;AAFlC,CAAA,EAAA,GAE6C,6BAFhC,GAAA,SAUZ;AAAA,cAEY,wBAFZ,EAAA,CAAA,OAAA,EAEiD,gCAFjD,CAAA,UAAA,CAAA,EAAA,GAE6F,kBAF7F,GAAA,SAAA;AATU,cAmBE,gCAnBF,EAAA,CAAA,OAAA,EAmB+C,gCAnB/C,CAAA,kBAAA,CAAA,EAAA,GAmBmG,yBAnBnG,GAAA,SAAA;AACuB,cAwBrB,qCAxBqB,EAAA,CAAA,OAAA,EAyBvB,gCAzBuB,CAAA,wBAAA,CAAA,EAAA,iBAAA,EAAA;WAAW,EA0BX,SA1BW;CAAA,EAAA,GA0BA,+BA1BA,GAAA,SAAA;AAUhC,cA0BA,oCApBZ,EAAA,CAAA,OAAA,EAqBU,gCArBV,CAAA,uBAAA,CAAA,EAAA,GAqBmE,8BArBnE,GAAA,SAAA;AAAA,cA4BY,qCA5BZ,EAAA,CAAA,OAAA,EA6BU,gCA7BV,CAAA,wBAAA,CAAA,EAAA,GA6BoE,+BA7BpE,GAAA,SAAA;AANiD,cA0CrC,+BA1CqC,EAAA,CAAA,OAAA,EA0CO,gCA1CP,CAAA,kBAAA,CAAA,EAAA,GA0C2D,yBA1C3D,GAAA,SAAA;AAA4C,cAgDjF,oCAhDiF,EAAA,CAAA,OAAA,EAiDnF,gCAjDmF,CAAA,uBAAA,CAAA,EAAA,GAiD1B,8BAjD0B,GAAA,SAAA"}
1	+ {"version":3,"file":"extensions.d.ts","names":[],"sources":["../../../../src/modules/x509/utils/extensions.ts"],"sourcesContent":[],"mappings":";;;;;cAgBa,+CACF;aACuB;AAFlC,CAAA,EAAA,GAE6C,6BAFhC,GAAA,SAUZ;AAAA,cAEY,wBAFZ,EAAA,CAAA,OAAA,EAEiD,gCAFjD,CAAA,UAAA,CAAA,EAAA,GAE6F,kBAF7F,GAAA,SAAA;AATU,cAmBE,gCAnBF,EAAA,CAAA,OAAA,EAmB+C,gCAnB/C,CAAA,kBAAA,CAAA,EAAA,GAmBmG,yBAnBnG,GAAA,SAAA;AACuB,cAwBrB,qCAxBqB,EAAA,CAAA,OAAA,EAyBvB,gCAzBuB,CAAA,wBAAA,CAAA,EAAA,iBAAA,EAAA;WAAW,EA0BX,SA1BW;CAAA,EAAA,GA0BA,+BA1BA,GAAA,SAAA;AAUhC,cA0BA,oCApBZ,EAAA,CAAA,OAAA,EAqBU,gCArBV,CAAA,uBAAA,CAAA,EAAA,GAqBmE,8BArBnE,GAAA,SAAA;AAAA,cA4BY,qCA5BZ,EAAA,CAAA,OAAA,EA6BU,gCA7BV,CAAA,wBAAA,CAAA,EAAA,GA6BoE,+BA7BpE,GAAA,SAAA;AANiD,cA0CrC,+BA1CqC,EAAA,CAAA,OAAA,EA0CO,gCA1CP,CAAA,kBAAA,CAAA,EAAA,GA0C2D,yBA1C3D,GAAA,SAAA;AAA4C,cAgDjF,oCAhDiF,EAAA,CAAA,OAAA,EAiDnF,gCAjDmF,CAAA,uBAAA,CAAA,EAAA,GAiD1B,8BAjD0B,GAAA,SAAA"}

package/build/modules/x509/utils/extensions.js CHANGED Viewed

@@ -1,8 +1,8 @@
 const require_rolldown_runtime = require('../../../_virtual/rolldown_runtime.js');
-const require_Hasher = require('../../../crypto/hashes/Hasher.js');
 const require_TypedArrayEncoder = require('../../../utils/TypedArrayEncoder.js');
+const require_Hasher = require('../../../crypto/hashes/Hasher.js');
 require('../../../utils/index.js');
 require('../../kms/index.js');
 const require_keyAlgorithmConversion = require('../../../crypto/webcrypto/utils/keyAlgorithmConversion.js');

package/build/modules/x509/utils/extensions.mjs CHANGED Viewed

@@ -1,7 +1,7 @@
-import { Hasher } from "../../../crypto/hashes/Hasher.mjs";
 import { TypedArrayEncoder } from "../../../utils/TypedArrayEncoder.mjs";
+import { Hasher } from "../../../crypto/hashes/Hasher.mjs";
 import "../../../utils/index.mjs";
 import "../../kms/index.mjs";
 import { publicJwkToSpki } from "../../../crypto/webcrypto/utils/keyAlgorithmConversion.mjs";

package/build/modules/x509/utils/extensions.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"extensions.mjs","names":[],"sources":["../../../../src/modules/x509/utils/extensions.ts"],"sourcesContent":["import { ~~Hasher } from '../../../crypto/hashes/Hasher'~~\~~nimport type { X509CertificateExtensionsOptions } from '../X509ServiceOptions'\~~n~~\nimport {\n~~ AuthorityKeyIdentifierExtension,\n BasicConstraintsExtension,\n CRLDistributionPointsExtension,\n ExtendedKeyUsageExtension,\n IssuerAlternativeNameExtension,\n KeyUsagesExtension,\n SubjectAlternativeNameExtension,\n SubjectKeyIdentifierExtension,\n} from '@peculiar/x509'\nimport { publicJwkToSpki } from '../../../crypto/webcrypto/utils'\nimport { TypedArrayEncoder } from '../../../utils'\nimport { PublicJwk } from '../../kms'\n\nexport const createSubjectKeyIdentifierExtension = (\n options: X509CertificateExtensionsOptions['subjectKeyIdentifier'],\n additionalOptions: { publicJwk: PublicJwk }\n) => {\n if (!options \|\| !options.include) return\n\n const spki = publicJwkToSpki(additionalOptions.publicJwk)\n const hash = Hasher.hash(new Uint8Array(spki.subjectPublicKey), 'SHA-1')\n\n return new SubjectKeyIdentifierExtension(TypedArrayEncoder.toHex(hash))\n}\n\nexport const createKeyUsagesExtension = (options: X509CertificateExtensionsOptions['keyUsage']) => {\n if (!options) return\n\n const flags = options.usages.reduce((prev, curr) => prev \| curr, 0)\n\n return new KeyUsagesExtension(flags, options.markAsCritical)\n}\n\nexport const createExtendedKeyUsagesExtension = (options: X509CertificateExtensionsOptions['extendedKeyUsage']) => {\n if (!options) return\n\n return new ExtendedKeyUsageExtension(options.usages, options.markAsCritical)\n}\n\nexport const createAuthorityKeyIdentifierExtension = (\n options: X509CertificateExtensionsOptions['authorityKeyIdentifier'],\n additionalOptions: { publicJwk: PublicJwk }\n) => {\n if (!options) return\n\n const spki = publicJwkToSpki(additionalOptions.publicJwk)\n const hash = Hasher.hash(new Uint8Array(spki.subjectPublicKey), 'SHA-1')\n\n return new AuthorityKeyIdentifierExtension(TypedArrayEncoder.toHex(hash), options.markAsCritical)\n}\n\nexport const createIssuerAlternativeNameExtension = (\n options: X509CertificateExtensionsOptions['issuerAlternativeName']\n) => {\n if (!options) return\n\n return new IssuerAlternativeNameExtension(options.name, options.markAsCritical)\n}\n\nexport const createSubjectAlternativeNameExtension = (\n options: X509CertificateExtensionsOptions['subjectAlternativeName']\n) => {\n if (!options) return\n\n return new SubjectAlternativeNameExtension(options.name, options.markAsCritical)\n}\n\nexport const createBasicConstraintsExtension = (options: X509CertificateExtensionsOptions['basicConstraints']) => {\n if (!options) return\n\n return new BasicConstraintsExtension(options.ca, options.pathLenConstraint, options.markAsCritical)\n}\n\nexport const createCrlDistributionPointsExtension = (\n options: X509CertificateExtensionsOptions['crlDistributionPoints']\n) => {\n if (!options) return\n\n return new CRLDistributionPointsExtension(options.urls, options.markAsCritical)\n}\n"],"mappings":";;;;;;;;;;;~~AAiBA~~,MAAa,uCACX,SACA,sBACG;AACH,KAAI,CAAC,WAAW,CAAC,QAAQ,QAAS;CAElC,MAAM,OAAO,gBAAgB,kBAAkB,UAAU;CACzD,MAAM,OAAO,OAAO,KAAK,IAAI,WAAW,KAAK,iBAAiB,EAAE,QAAQ;AAExE,QAAO,IAAI,8BAA8B,kBAAkB,MAAM,KAAK,CAAC;;AAGzE,MAAa,4BAA4B,YAA0D;AACjG,KAAI,CAAC,QAAS;AAId,QAAO,IAAI,mBAFG,QAAQ,OAAO,QAAQ,MAAM,SAAS,OAAO,MAAM,EAAE,EAE9B,QAAQ,eAAe;;AAG9D,MAAa,oCAAoC,YAAkE;AACjH,KAAI,CAAC,QAAS;AAEd,QAAO,IAAI,0BAA0B,QAAQ,QAAQ,QAAQ,eAAe;;AAG9E,MAAa,yCACX,SACA,sBACG;AACH,KAAI,CAAC,QAAS;CAEd,MAAM,OAAO,gBAAgB,kBAAkB,UAAU;CACzD,MAAM,OAAO,OAAO,KAAK,IAAI,WAAW,KAAK,iBAAiB,EAAE,QAAQ;AAExE,QAAO,IAAI,gCAAgC,kBAAkB,MAAM,KAAK,EAAE,QAAQ,eAAe;;AAGnG,MAAa,wCACX,YACG;AACH,KAAI,CAAC,QAAS;AAEd,QAAO,IAAI,+BAA+B,QAAQ,MAAM,QAAQ,eAAe;;AAGjF,MAAa,yCACX,YACG;AACH,KAAI,CAAC,QAAS;AAEd,QAAO,IAAI,gCAAgC,QAAQ,MAAM,QAAQ,eAAe;;AAGlF,MAAa,mCAAmC,YAAkE;AAChH,KAAI,CAAC,QAAS;AAEd,QAAO,IAAI,0BAA0B,QAAQ,IAAI,QAAQ,mBAAmB,QAAQ,eAAe;;AAGrG,MAAa,wCACX,YACG;AACH,KAAI,CAAC,QAAS;AAEd,QAAO,IAAI,+BAA+B,QAAQ,MAAM,QAAQ,eAAe"}
1	+ {"version":3,"file":"extensions.mjs","names":[],"sources":["../../../../src/modules/x509/utils/extensions.ts"],"sourcesContent":["import {\n AuthorityKeyIdentifierExtension,\n BasicConstraintsExtension,\n CRLDistributionPointsExtension,\n ExtendedKeyUsageExtension,\n IssuerAlternativeNameExtension,\n KeyUsagesExtension,\n SubjectAlternativeNameExtension,\n SubjectKeyIdentifierExtension,\n} from '@peculiar/x509'\nimport { Hasher } from '../../../crypto/hashes/Hasher'\nimport { publicJwkToSpki } from '../../../crypto/webcrypto/utils'\nimport { TypedArrayEncoder } from '../../../utils'\nimport { PublicJwk } from '../../kms'\nimport type { X509CertificateExtensionsOptions } from '../X509ServiceOptions'\n\nexport const createSubjectKeyIdentifierExtension = (\n options: X509CertificateExtensionsOptions['subjectKeyIdentifier'],\n additionalOptions: { publicJwk: PublicJwk }\n) => {\n if (!options \|\| !options.include) return\n\n const spki = publicJwkToSpki(additionalOptions.publicJwk)\n const hash = Hasher.hash(new Uint8Array(spki.subjectPublicKey), 'SHA-1')\n\n return new SubjectKeyIdentifierExtension(TypedArrayEncoder.toHex(hash))\n}\n\nexport const createKeyUsagesExtension = (options: X509CertificateExtensionsOptions['keyUsage']) => {\n if (!options) return\n\n const flags = options.usages.reduce((prev, curr) => prev \| curr, 0)\n\n return new KeyUsagesExtension(flags, options.markAsCritical)\n}\n\nexport const createExtendedKeyUsagesExtension = (options: X509CertificateExtensionsOptions['extendedKeyUsage']) => {\n if (!options) return\n\n return new ExtendedKeyUsageExtension(options.usages, options.markAsCritical)\n}\n\nexport const createAuthorityKeyIdentifierExtension = (\n options: X509CertificateExtensionsOptions['authorityKeyIdentifier'],\n additionalOptions: { publicJwk: PublicJwk }\n) => {\n if (!options) return\n\n const spki = publicJwkToSpki(additionalOptions.publicJwk)\n const hash = Hasher.hash(new Uint8Array(spki.subjectPublicKey), 'SHA-1')\n\n return new AuthorityKeyIdentifierExtension(TypedArrayEncoder.toHex(hash), options.markAsCritical)\n}\n\nexport const createIssuerAlternativeNameExtension = (\n options: X509CertificateExtensionsOptions['issuerAlternativeName']\n) => {\n if (!options) return\n\n return new IssuerAlternativeNameExtension(options.name, options.markAsCritical)\n}\n\nexport const createSubjectAlternativeNameExtension = (\n options: X509CertificateExtensionsOptions['subjectAlternativeName']\n) => {\n if (!options) return\n\n return new SubjectAlternativeNameExtension(options.name, options.markAsCritical)\n}\n\nexport const createBasicConstraintsExtension = (options: X509CertificateExtensionsOptions['basicConstraints']) => {\n if (!options) return\n\n return new BasicConstraintsExtension(options.ca, options.pathLenConstraint, options.markAsCritical)\n}\n\nexport const createCrlDistributionPointsExtension = (\n options: X509CertificateExtensionsOptions['crlDistributionPoints']\n) => {\n if (!options) return\n\n return new CRLDistributionPointsExtension(options.urls, options.markAsCritical)\n}\n"],"mappings":";;;;;;;;;;;AAgBA,MAAa,uCACX,SACA,sBACG;AACH,KAAI,CAAC,WAAW,CAAC,QAAQ,QAAS;CAElC,MAAM,OAAO,gBAAgB,kBAAkB,UAAU;CACzD,MAAM,OAAO,OAAO,KAAK,IAAI,WAAW,KAAK,iBAAiB,EAAE,QAAQ;AAExE,QAAO,IAAI,8BAA8B,kBAAkB,MAAM,KAAK,CAAC;;AAGzE,MAAa,4BAA4B,YAA0D;AACjG,KAAI,CAAC,QAAS;AAId,QAAO,IAAI,mBAFG,QAAQ,OAAO,QAAQ,MAAM,SAAS,OAAO,MAAM,EAAE,EAE9B,QAAQ,eAAe;;AAG9D,MAAa,oCAAoC,YAAkE;AACjH,KAAI,CAAC,QAAS;AAEd,QAAO,IAAI,0BAA0B,QAAQ,QAAQ,QAAQ,eAAe;;AAG9E,MAAa,yCACX,SACA,sBACG;AACH,KAAI,CAAC,QAAS;CAEd,MAAM,OAAO,gBAAgB,kBAAkB,UAAU;CACzD,MAAM,OAAO,OAAO,KAAK,IAAI,WAAW,KAAK,iBAAiB,EAAE,QAAQ;AAExE,QAAO,IAAI,gCAAgC,kBAAkB,MAAM,KAAK,EAAE,QAAQ,eAAe;;AAGnG,MAAa,wCACX,YACG;AACH,KAAI,CAAC,QAAS;AAEd,QAAO,IAAI,+BAA+B,QAAQ,MAAM,QAAQ,eAAe;;AAGjF,MAAa,yCACX,YACG;AACH,KAAI,CAAC,QAAS;AAEd,QAAO,IAAI,gCAAgC,QAAQ,MAAM,QAAQ,eAAe;;AAGlF,MAAa,mCAAmC,YAAkE;AAChH,KAAI,CAAC,QAAS;AAEd,QAAO,IAAI,0BAA0B,QAAQ,IAAI,QAAQ,mBAAmB,QAAQ,eAAe;;AAGrG,MAAa,wCACX,YACG;AACH,KAAI,CAAC,QAAS;AAEd,QAAO,IAAI,+BAA+B,QAAQ,MAAM,QAAQ,eAAe"}

package/build/modules/x509/utils/index.js CHANGED Viewed

@@ -1,4 +1,4 @@
-const require_nameConversion = require('./nameConversion.js');
 const require_extensions = require('./extensions.js');
+const require_nameConversion = require('./nameConversion.js');

package/build/modules/x509/utils/index.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-import { convertName } from "./nameConversion.mjs";
 import { createAuthorityKeyIdentifierExtension, createBasicConstraintsExtension, createCrlDistributionPointsExtension, createExtendedKeyUsagesExtension, createIssuerAlternativeNameExtension, createKeyUsagesExtension, createSubjectAlternativeNameExtension, createSubjectKeyIdentifierExtension } from "./extensions.mjs";
+import { convertName } from "./nameConversion.mjs";

package/build/modules/x509/utils/nameConversion.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"nameConversion.d.mts","names":[],"sources":["../../../../src/modules/x509/utils/nameConversion.ts"],"sourcesContent":[],"mappings":";;;~~cAIa~~,6BAA8B"}
1	+ {"version":3,"file":"nameConversion.d.mts","names":[],"sources":["../../../../src/modules/x509/utils/nameConversion.ts"],"sourcesContent":[],"mappings":";;;cAGa,6BAA8B"}