@f-o-t/e-signature 1.2.18 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +34 -2
- package/dist/appearance.d.ts +3 -2
- package/dist/appearance.d.ts.map +1 -1
- package/dist/detect-position.d.ts +13 -0
- package/dist/detect-position.d.ts.map +1 -0
- package/dist/icp-brasil.d.ts.map +1 -1
- package/dist/{index-4tah5frp.js → index-e7qwas47.js} +187 -48
- package/dist/index-e7qwas47.js.map +15 -0
- package/dist/index.d.ts +2 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -2
- package/dist/index.js.map +2 -2
- package/dist/plugins/react/index.js +1 -1
- package/dist/schemas.d.ts +1 -1
- package/dist/sign-pdf.d.ts.map +1 -1
- package/dist/types.d.ts +30 -2
- package/dist/types.d.ts.map +1 -1
- package/package.json +2 -2
- package/dist/index-4tah5frp.js.map +0 -14
package/README.md
CHANGED
|
@@ -68,6 +68,38 @@ function SignForm() {
|
|
|
68
68
|
|
|
69
69
|
`pdf` and `p12` accept `File`, `Blob`, or `Uint8Array` — the hook converts `File`/`Blob` to `Uint8Array` automatically before calling `signPdf`.
|
|
70
70
|
|
|
71
|
+
## Automatic Signature Positioning
|
|
72
|
+
|
|
73
|
+
### Using `appearance: "auto"`
|
|
74
|
+
|
|
75
|
+
Pass `appearance: "auto"` to let `signPdf` automatically detect where to place the visual signature based on the signer's certificate information:
|
|
76
|
+
|
|
77
|
+
```ts
|
|
78
|
+
const signed = await signPdf(pdfBytes, {
|
|
79
|
+
certificate: { p12, password: "secret" },
|
|
80
|
+
appearance: "auto", // auto-detect signing position
|
|
81
|
+
});
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
### Using `detectSigningPosition()` directly
|
|
85
|
+
|
|
86
|
+
For more control, call `detectSigningPosition()` to inspect the detected position before signing:
|
|
87
|
+
|
|
88
|
+
```ts
|
|
89
|
+
import { detectSigningPosition } from "@f-o-t/e-signature";
|
|
90
|
+
|
|
91
|
+
const position = detectSigningPosition(pdfBytes, {
|
|
92
|
+
signerName: "Lucas Furtado Barbosa",
|
|
93
|
+
organization: "VERSA SOLUCOES LTDA",
|
|
94
|
+
});
|
|
95
|
+
|
|
96
|
+
if (position) {
|
|
97
|
+
console.log(`Page ${position.page}, confidence: ${position.confidence}`);
|
|
98
|
+
}
|
|
99
|
+
```
|
|
100
|
+
|
|
101
|
+
The function returns a `DetectedPosition` with `page`, `x`, `y`, `width`, `height`, and `confidence` fields, or `null` if no suitable position is found.
|
|
102
|
+
|
|
71
103
|
## API
|
|
72
104
|
|
|
73
105
|
### `signPdf(pdf: Uint8Array | ReadableStream<Uint8Array>, options: PdfSignOptions): Promise<Uint8Array>`
|
|
@@ -251,8 +283,8 @@ type PdfSignOptions = {
|
|
|
251
283
|
tsaFallbackUrls?: string[];
|
|
252
284
|
/** Called when timestamping fails (non-fatal). Receives the error for logging/metrics. */
|
|
253
285
|
onTimestampError?: (error: unknown) => void;
|
|
254
|
-
/** Single visual stamp (false to disable) */
|
|
255
|
-
appearance?: SignatureAppearance | false;
|
|
286
|
+
/** Single visual stamp (false to disable, "auto" for auto-detected positioning) */
|
|
287
|
+
appearance?: SignatureAppearance | "auto" | false;
|
|
256
288
|
/** Multiple visual stamps — renders one per entry, useful for multi-page documents */
|
|
257
289
|
appearances?: SignatureAppearance[];
|
|
258
290
|
qrCode?: QrCodeConfig;
|
package/dist/appearance.d.ts
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
* Visual Signature Appearance
|
|
3
3
|
*
|
|
4
4
|
* Draws certificate information and QR code on the PDF page
|
|
5
|
-
*
|
|
5
|
+
* following the ICP-Brasil standard visual signature layout.
|
|
6
6
|
*/
|
|
7
7
|
import type { CertificateInfo } from "@f-o-t/digital-certificate";
|
|
8
8
|
import type { PdfDocument, PdfImage, PdfPage } from "@f-o-t/pdf/plugins/editing";
|
|
@@ -10,7 +10,8 @@ import type { QrCodeConfig, SignatureAppearance } from "./types.ts";
|
|
|
10
10
|
/**
|
|
11
11
|
* Draw the visual signature appearance on a PDF page.
|
|
12
12
|
*
|
|
13
|
-
* Includes optional QR code and certificate information text
|
|
13
|
+
* Includes optional QR code and certificate information text
|
|
14
|
+
* inside a bordered rectangle following ICP-Brasil layout.
|
|
14
15
|
*/
|
|
15
16
|
export declare function drawSignatureAppearance(doc: PdfDocument, page: PdfPage, appearance: SignatureAppearance, certInfo: CertificateInfo | null, options: {
|
|
16
17
|
reason?: string;
|
package/dist/appearance.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"appearance.d.ts","sourceRoot":"","sources":["../src/appearance.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;
|
|
1
|
+
{"version":3,"file":"appearance.d.ts","sourceRoot":"","sources":["../src/appearance.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,KAAK,EACT,WAAW,EACX,QAAQ,EACR,OAAO,EACT,MAAM,4BAA4B,CAAC;AAEpC,OAAO,KAAK,EAAE,YAAY,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAIpE;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACpC,GAAG,EAAE,WAAW,EAChB,IAAI,EAAE,OAAO,EACb,UAAU,EAAE,mBAAmB,EAC/B,QAAQ,EAAE,eAAe,GAAG,IAAI,EAChC,OAAO,EAAE;IACN,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,OAAO,EAAE,UAAU,CAAC;IACpB,aAAa,CAAC,EAAE,QAAQ,CAAC;CAC3B,GACD,IAAI,CA8DN;AAgGD;;;GAGG;AACH,wBAAgB,uBAAuB,CACpC,GAAG,EAAE,WAAW,EAChB,QAAQ,EAAE,eAAe,GAAG,IAAI,EAChC,OAAO,EAAE,UAAU,EACnB,QAAQ,CAAC,EAAE,YAAY,GACvB,QAAQ,CAIV"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import type { DetectedPosition, DetectPositionOptions } from "./types.ts";
|
|
2
|
+
/**
|
|
3
|
+
* Detect the best position to place a digital signature on a PDF.
|
|
4
|
+
*
|
|
5
|
+
* Uses weighted scoring across three signal types:
|
|
6
|
+
* - Signer name match (weight 3)
|
|
7
|
+
* - Horizontal line patterns (weight 2)
|
|
8
|
+
* - Signature keywords (weight 1)
|
|
9
|
+
*
|
|
10
|
+
* Returns null if the PDF cannot be parsed.
|
|
11
|
+
*/
|
|
12
|
+
export declare function detectSigningPosition(pdfData: Uint8Array, options?: DetectPositionOptions): DetectedPosition | null;
|
|
13
|
+
//# sourceMappingURL=detect-position.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"detect-position.d.ts","sourceRoot":"","sources":["../src/detect-position.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAoB1E;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CAClC,OAAO,EAAE,UAAU,EACnB,OAAO,GAAE,qBAA0B,GACnC,gBAAgB,GAAG,IAAI,CAiIzB"}
|
package/dist/icp-brasil.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"icp-brasil.d.ts","sourceRoot":"","sources":["../src/icp-brasil.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AA8CH;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,IAAI,CAEvC;AAMD;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,UAAU,GAAG,UAAU,CAuCzE;
|
|
1
|
+
{"version":3,"file":"icp-brasil.d.ts","sourceRoot":"","sources":["../src/icp-brasil.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AA8CH;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,IAAI,CAEvC;AAMD;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,UAAU,GAAG,UAAU,CAuCzE;AA2ED;;;;;;;GAOG;AACH,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,UAAU,CAAC,CA8BhE;AAED;;GAEG;AACH,eAAO,MAAM,eAAe;;;CAGlB,CAAC;AAMX,qBAAa,oBAAqB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM;CAI7B"}
|
|
@@ -1,6 +1,117 @@
|
|
|
1
1
|
// @bun
|
|
2
2
|
var __require = import.meta.require;
|
|
3
3
|
|
|
4
|
+
// src/detect-position.ts
|
|
5
|
+
import { PDFReader } from "@f-o-t/pdf";
|
|
6
|
+
var KEYWORD_PATTERNS = [
|
|
7
|
+
"assinatura",
|
|
8
|
+
"assine",
|
|
9
|
+
"representante",
|
|
10
|
+
"respons\xE1vel",
|
|
11
|
+
"responsavel",
|
|
12
|
+
"signat\xE1rio",
|
|
13
|
+
"signatario"
|
|
14
|
+
];
|
|
15
|
+
var LINE_PATTERN = /_{5,}|-{5,}/;
|
|
16
|
+
function detectSigningPosition(pdfData, options = {}) {
|
|
17
|
+
let pages;
|
|
18
|
+
try {
|
|
19
|
+
const reader = new PDFReader(pdfData);
|
|
20
|
+
const parsed = reader.parse();
|
|
21
|
+
pages = parsed.pages;
|
|
22
|
+
} catch {
|
|
23
|
+
return null;
|
|
24
|
+
}
|
|
25
|
+
if (pages.length === 0)
|
|
26
|
+
return null;
|
|
27
|
+
const signals = [];
|
|
28
|
+
const preferredPage = options.preferredPage === -1 ? pages.length - 1 : options.preferredPage ?? pages.length - 1;
|
|
29
|
+
for (let i = 0;i < pages.length; i++) {
|
|
30
|
+
const page = pages[i];
|
|
31
|
+
const text = page.content.toLowerCase();
|
|
32
|
+
if (options.signerName) {
|
|
33
|
+
const name = options.signerName.toLowerCase();
|
|
34
|
+
if (text.includes(name)) {
|
|
35
|
+
const idx = text.indexOf(name);
|
|
36
|
+
const position = text.length > 0 ? idx / text.length : 0.5;
|
|
37
|
+
signals.push({ page: i, weight: 3, position });
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
if (options.organization) {
|
|
41
|
+
const org = options.organization.toLowerCase();
|
|
42
|
+
if (text.includes(org)) {
|
|
43
|
+
const idx = text.indexOf(org);
|
|
44
|
+
const position = text.length > 0 ? idx / text.length : 0.5;
|
|
45
|
+
signals.push({ page: i, weight: 2.5, position });
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
if (LINE_PATTERN.test(text)) {
|
|
49
|
+
const idx = text.search(LINE_PATTERN);
|
|
50
|
+
const position = text.length > 0 ? idx / text.length : 0.5;
|
|
51
|
+
signals.push({ page: i, weight: 2, position });
|
|
52
|
+
}
|
|
53
|
+
for (const keyword of KEYWORD_PATTERNS) {
|
|
54
|
+
if (text.includes(keyword)) {
|
|
55
|
+
const idx = text.indexOf(keyword);
|
|
56
|
+
const position = text.length > 0 ? idx / text.length : 0.5;
|
|
57
|
+
signals.push({ page: i, weight: 1, position });
|
|
58
|
+
break;
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
if (signals.length === 0) {
|
|
63
|
+
const lastPage = pages[pages.length - 1];
|
|
64
|
+
return {
|
|
65
|
+
page: pages.length - 1,
|
|
66
|
+
x: 50,
|
|
67
|
+
y: lastPage.size.height - 150,
|
|
68
|
+
confidence: 0.1
|
|
69
|
+
};
|
|
70
|
+
}
|
|
71
|
+
const pageScores = new Map;
|
|
72
|
+
for (const signal of signals) {
|
|
73
|
+
const existing = pageScores.get(signal.page);
|
|
74
|
+
if (existing) {
|
|
75
|
+
existing.totalWeight += signal.weight;
|
|
76
|
+
if (signal.weight > existing.bestWeight) {
|
|
77
|
+
existing.bestWeight = signal.weight;
|
|
78
|
+
existing.bestPosition = signal.position;
|
|
79
|
+
}
|
|
80
|
+
} else {
|
|
81
|
+
pageScores.set(signal.page, {
|
|
82
|
+
totalWeight: signal.weight,
|
|
83
|
+
bestPosition: signal.position,
|
|
84
|
+
bestWeight: signal.weight
|
|
85
|
+
});
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
const preferredScore = pageScores.get(preferredPage);
|
|
89
|
+
if (preferredScore) {
|
|
90
|
+
preferredScore.totalWeight *= 1.2;
|
|
91
|
+
}
|
|
92
|
+
let bestPage = preferredPage;
|
|
93
|
+
let bestScore = 0;
|
|
94
|
+
for (const [page, score] of pageScores) {
|
|
95
|
+
if (score.totalWeight > bestScore) {
|
|
96
|
+
bestScore = score.totalWeight;
|
|
97
|
+
bestPage = page;
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
const pageInfo = pages[bestPage];
|
|
101
|
+
const pageScore = pageScores.get(bestPage);
|
|
102
|
+
const yFraction = pageScore.bestPosition;
|
|
103
|
+
const sigHeight = options.height ?? 120;
|
|
104
|
+
const yFromTop = Math.max(10, yFraction * pageInfo.size.height - sigHeight - 20);
|
|
105
|
+
const maxWeight = 3 + 2.5 + 2 + 1;
|
|
106
|
+
const confidence = Math.min(1, bestScore / maxWeight);
|
|
107
|
+
return {
|
|
108
|
+
page: bestPage,
|
|
109
|
+
x: options.width ? (pageInfo.size.width - options.width) / 2 : 50,
|
|
110
|
+
y: yFromTop,
|
|
111
|
+
confidence
|
|
112
|
+
};
|
|
113
|
+
}
|
|
114
|
+
|
|
4
115
|
// src/icp-brasil.ts
|
|
5
116
|
import {
|
|
6
117
|
contextTag,
|
|
@@ -48,7 +159,9 @@ async function downloadAndParsePolicyDocument() {
|
|
|
48
159
|
if (cachedPolicyData) {
|
|
49
160
|
return cachedPolicyData;
|
|
50
161
|
}
|
|
51
|
-
const response = await fetch(POLICY_CONFIG.URL
|
|
162
|
+
const response = await fetch(POLICY_CONFIG.URL, {
|
|
163
|
+
signal: AbortSignal.timeout(1e4)
|
|
164
|
+
});
|
|
52
165
|
if (!response.ok) {
|
|
53
166
|
throw new SignaturePolicyError(`Failed to download signature policy: HTTP ${response.status}`);
|
|
54
167
|
}
|
|
@@ -131,7 +244,7 @@ var pdfSignOptionsSchema = z.object({
|
|
|
131
244
|
tsaRetries: z.number().int().min(0).optional(),
|
|
132
245
|
tsaFallbackUrls: z.array(z.string().url()).optional(),
|
|
133
246
|
onTimestampError: z.function({ input: z.tuple([z.unknown()]), output: z.void() }).optional(),
|
|
134
|
-
appearance: z.union([signatureAppearanceSchema, z.literal(false)]).optional(),
|
|
247
|
+
appearance: z.union([signatureAppearanceSchema, z.literal("auto"), z.literal(false)]).optional(),
|
|
135
248
|
appearances: z.array(signatureAppearanceSchema).optional(),
|
|
136
249
|
qrCode: qrCodeConfigSchema.optional(),
|
|
137
250
|
docMdpPermission: z.union([z.literal(1), z.literal(2), z.literal(3)]).optional()
|
|
@@ -264,17 +377,25 @@ import {
|
|
|
264
377
|
} from "@f-o-t/pdf/plugins/editing";
|
|
265
378
|
|
|
266
379
|
// src/appearance.ts
|
|
267
|
-
import { hash as hash3 } from "@f-o-t/crypto";
|
|
268
380
|
import { generateQrCode } from "@f-o-t/qrcode";
|
|
381
|
+
var VALIDATION_URL = "https://validar.iti.gov.br";
|
|
269
382
|
function drawSignatureAppearance(doc, page, appearance, certInfo, options) {
|
|
270
383
|
const { x, width, height } = appearance;
|
|
271
384
|
const showQrCode = appearance.showQrCode !== false;
|
|
272
385
|
const showCertInfo = appearance.showCertInfo !== false;
|
|
273
386
|
const y = page.height - appearance.y - height;
|
|
387
|
+
page.drawRectangle({
|
|
388
|
+
x,
|
|
389
|
+
y,
|
|
390
|
+
width,
|
|
391
|
+
height,
|
|
392
|
+
borderColor: "#C0C0C0",
|
|
393
|
+
borderWidth: 1
|
|
394
|
+
});
|
|
274
395
|
let qrSize = 0;
|
|
275
396
|
if (showQrCode) {
|
|
276
397
|
const qrImage = options.preEmbeddedQr ?? (() => {
|
|
277
|
-
const qrData = options.qrCode?.data ??
|
|
398
|
+
const qrData = options.qrCode?.data ?? VALIDATION_URL;
|
|
278
399
|
const qrPng = generateQrCode(qrData, {
|
|
279
400
|
size: options.qrCode?.size ?? 100
|
|
280
401
|
});
|
|
@@ -294,11 +415,17 @@ function drawSignatureAppearance(doc, page, appearance, certInfo, options) {
|
|
|
294
415
|
y,
|
|
295
416
|
width,
|
|
296
417
|
height,
|
|
297
|
-
qrOffset: qrSize > 0 ? qrSize + 20 : 10
|
|
298
|
-
reason: options.reason,
|
|
299
|
-
location: options.location
|
|
418
|
+
qrOffset: qrSize > 0 ? qrSize + 20 : 10
|
|
300
419
|
});
|
|
301
420
|
}
|
|
421
|
+
const linkText = "validar.iti.gov.br";
|
|
422
|
+
const linkX = x + width / 2 - linkText.length * 2.5;
|
|
423
|
+
page.drawText(linkText, {
|
|
424
|
+
x: linkX,
|
|
425
|
+
y: y - 12,
|
|
426
|
+
size: 8,
|
|
427
|
+
color: "#888888"
|
|
428
|
+
});
|
|
302
429
|
}
|
|
303
430
|
function drawCertInfo(page, certInfo, opts) {
|
|
304
431
|
const textX = opts.x + opts.qrOffset;
|
|
@@ -308,17 +435,26 @@ function drawCertInfo(page, certInfo, opts) {
|
|
|
308
435
|
page.drawText("ASSINADO DIGITALMENTE", {
|
|
309
436
|
x: textX,
|
|
310
437
|
y: textY,
|
|
311
|
-
size: 12
|
|
438
|
+
size: 12,
|
|
439
|
+
color: "#008000"
|
|
312
440
|
});
|
|
313
441
|
textY -= lineHeight * 1.5;
|
|
314
442
|
if (certInfo) {
|
|
315
443
|
const signerName = certInfo.subject.commonName || "N/A";
|
|
316
|
-
page.drawText(`
|
|
444
|
+
page.drawText(`Signat\xE1rio: ${signerName}`, {
|
|
317
445
|
x: textX,
|
|
318
446
|
y: textY,
|
|
319
447
|
size: fontSize
|
|
320
448
|
});
|
|
321
449
|
textY -= lineHeight;
|
|
450
|
+
if (certInfo.subject.organization) {
|
|
451
|
+
page.drawText(`Empresa: ${certInfo.subject.organization}`, {
|
|
452
|
+
x: textX,
|
|
453
|
+
y: textY,
|
|
454
|
+
size: fontSize
|
|
455
|
+
});
|
|
456
|
+
textY -= lineHeight;
|
|
457
|
+
}
|
|
322
458
|
if (certInfo.brazilian.cnpj) {
|
|
323
459
|
const cnpj = formatCnpj(certInfo.brazilian.cnpj);
|
|
324
460
|
page.drawText(`CNPJ: ${cnpj}`, {
|
|
@@ -345,56 +481,30 @@ function drawCertInfo(page, certInfo, opts) {
|
|
|
345
481
|
size: fontSize
|
|
346
482
|
});
|
|
347
483
|
textY -= lineHeight;
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
});
|
|
354
|
-
}
|
|
484
|
+
page.drawText("Certificado: ICP-Brasil (A1)", {
|
|
485
|
+
x: textX,
|
|
486
|
+
y: textY,
|
|
487
|
+
size: fontSize
|
|
488
|
+
});
|
|
355
489
|
} else {
|
|
356
|
-
page.drawText(
|
|
490
|
+
page.drawText("Assinatura Digital", {
|
|
357
491
|
x: textX,
|
|
358
492
|
y: textY,
|
|
359
493
|
size: fontSize
|
|
360
494
|
});
|
|
361
|
-
textY -= lineHeight;
|
|
362
|
-
if (opts.location) {
|
|
363
|
-
page.drawText(`Location: ${opts.location}`, {
|
|
364
|
-
x: textX,
|
|
365
|
-
y: textY,
|
|
366
|
-
size: fontSize
|
|
367
|
-
});
|
|
368
|
-
}
|
|
369
495
|
}
|
|
370
496
|
}
|
|
371
497
|
function precomputeSharedQrImage(doc, certInfo, pdfData, qrConfig) {
|
|
372
|
-
const qrData = qrConfig?.data ??
|
|
498
|
+
const qrData = qrConfig?.data ?? VALIDATION_URL;
|
|
373
499
|
const qrPng = generateQrCode(qrData, { size: qrConfig?.size ?? 100 });
|
|
374
500
|
return doc.embedPng(qrPng);
|
|
375
501
|
}
|
|
376
|
-
function createVerificationData(certInfo, pdfData) {
|
|
377
|
-
const documentHash = toHex(hash3("sha256", pdfData));
|
|
378
|
-
const timestamp = new Date().toISOString();
|
|
379
|
-
if (certInfo) {
|
|
380
|
-
const certFingerprint = certInfo.fingerprint;
|
|
381
|
-
return `https://validar.iti.gov.br/?` + `doc=${documentHash.substring(0, 16)}&` + `cert=${certFingerprint.substring(0, 16)}&` + `time=${encodeURIComponent(timestamp)}`;
|
|
382
|
-
}
|
|
383
|
-
return `https://validar.iti.gov.br/?doc=${documentHash.substring(0, 16)}&time=${encodeURIComponent(timestamp)}`;
|
|
384
|
-
}
|
|
385
502
|
function formatCnpj(cnpj) {
|
|
386
503
|
return cnpj.replace(/(\d{2})(\d{3})(\d{3})(\d{4})(\d{2})/, "$1.$2.$3/$4-$5");
|
|
387
504
|
}
|
|
388
505
|
function formatCpf(cpf) {
|
|
389
506
|
return cpf.replace(/(\d{3})(\d{3})(\d{3})(\d{2})/, "$1.$2.$3-$4");
|
|
390
507
|
}
|
|
391
|
-
function toHex(data) {
|
|
392
|
-
const chars = [];
|
|
393
|
-
for (let i = 0;i < data.length; i++) {
|
|
394
|
-
chars.push(data[i].toString(16).padStart(2, "0"));
|
|
395
|
-
}
|
|
396
|
-
return chars.join("");
|
|
397
|
-
}
|
|
398
508
|
|
|
399
509
|
// src/sign-pdf.ts
|
|
400
510
|
async function signPdf(pdf, options) {
|
|
@@ -430,13 +540,42 @@ async function signPdf(pdf, options) {
|
|
|
430
540
|
certInfo = parseCertificate(opts.certificate.p12, opts.certificate.password);
|
|
431
541
|
} catch {}
|
|
432
542
|
const doc = loadPdf(pdfBytes);
|
|
433
|
-
|
|
434
|
-
|
|
543
|
+
let resolvedAppearance = opts.appearance;
|
|
544
|
+
if (opts.appearance === "auto") {
|
|
545
|
+
const detected = detectSigningPosition(pdfBytes, {
|
|
546
|
+
signerName: certInfo?.subject.commonName ?? undefined,
|
|
547
|
+
organization: certInfo?.subject.organization ?? undefined,
|
|
548
|
+
preferredPage: -1,
|
|
549
|
+
width: 350,
|
|
550
|
+
height: 120
|
|
551
|
+
});
|
|
552
|
+
if (detected) {
|
|
553
|
+
resolvedAppearance = {
|
|
554
|
+
x: detected.x,
|
|
555
|
+
y: detected.y,
|
|
556
|
+
width: 350,
|
|
557
|
+
height: 120,
|
|
558
|
+
page: detected.page
|
|
559
|
+
};
|
|
560
|
+
} else {
|
|
561
|
+
resolvedAppearance = {
|
|
562
|
+
x: 50,
|
|
563
|
+
y: 700,
|
|
564
|
+
width: 350,
|
|
565
|
+
height: 120,
|
|
566
|
+
page: 0
|
|
567
|
+
};
|
|
568
|
+
}
|
|
569
|
+
} else {
|
|
570
|
+
resolvedAppearance = opts.appearance === false ? false : opts.appearance;
|
|
571
|
+
}
|
|
572
|
+
if (resolvedAppearance !== false && resolvedAppearance) {
|
|
573
|
+
const pageIndex = resolvedAppearance.page ?? 0;
|
|
435
574
|
if (pageIndex < 0 || pageIndex >= doc.pageCount) {
|
|
436
575
|
throw new PdfSignError(`Invalid page index: ${pageIndex}. PDF has ${doc.pageCount} pages.`);
|
|
437
576
|
}
|
|
438
577
|
const page = doc.getPage(pageIndex);
|
|
439
|
-
drawSignatureAppearance(doc, page,
|
|
578
|
+
drawSignatureAppearance(doc, page, resolvedAppearance, certInfo, {
|
|
440
579
|
reason: opts.reason,
|
|
441
580
|
location: opts.location,
|
|
442
581
|
qrCode: opts.qrCode,
|
|
@@ -464,7 +603,7 @@ async function signPdf(pdf, options) {
|
|
|
464
603
|
const signerName = certInfo?.subject.commonName || opts.certificate.name || "Digital Signature";
|
|
465
604
|
const certChainBytes = certificate.length + chain.reduce((sum, c) => sum + c.length, 0);
|
|
466
605
|
const signatureLength = Math.max(16384, certChainBytes * 2 + (opts.tsaUrl ? 4096 : 0) + 8192);
|
|
467
|
-
const appearancePage =
|
|
606
|
+
const appearancePage = resolvedAppearance ? resolvedAppearance.page ?? 0 : opts.appearances?.[0]?.page ?? 0;
|
|
468
607
|
const { pdf: pdfWithPlaceholder } = doc.saveWithPlaceholder({
|
|
469
608
|
reason: opts.reason || "Digitally signed",
|
|
470
609
|
name: signerName,
|
|
@@ -536,6 +675,6 @@ class PdfSignError extends Error {
|
|
|
536
675
|
}
|
|
537
676
|
}
|
|
538
677
|
|
|
539
|
-
export { clearPolicyCache, buildSigningCertificateV2, buildSignaturePolicy, ICP_BRASIL_OIDS, SignaturePolicyError, pdfSignOptionsSchema, TIMESTAMP_SERVERS, TIMESTAMP_TOKEN_OID, requestTimestamp, TimestampError, signPdf, PdfSignError };
|
|
678
|
+
export { detectSigningPosition, clearPolicyCache, buildSigningCertificateV2, buildSignaturePolicy, ICP_BRASIL_OIDS, SignaturePolicyError, pdfSignOptionsSchema, TIMESTAMP_SERVERS, TIMESTAMP_TOKEN_OID, requestTimestamp, TimestampError, signPdf, PdfSignError };
|
|
540
679
|
|
|
541
|
-
//# debugId=
|
|
680
|
+
//# debugId=7527099A32B0EC4564756E2164756E21
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
{
|
|
2
|
+
"version": 3,
|
|
3
|
+
"sources": ["../src/detect-position.ts", "../src/icp-brasil.ts", "../src/schemas.ts", "../src/timestamp.ts", "../src/sign-pdf.ts", "../src/appearance.ts"],
|
|
4
|
+
"sourcesContent": [
|
|
5
|
+
"import { PDFReader } from \"@f-o-t/pdf\";\nimport type { DetectedPosition, DetectPositionOptions } from \"./types.ts\";\n\nconst KEYWORD_PATTERNS = [\n \"assinatura\",\n \"assine\",\n \"representante\",\n \"responsável\",\n \"responsavel\",\n \"signatário\",\n \"signatario\",\n];\n\nconst LINE_PATTERN = /_{5,}|-{5,}/;\n\ntype Signal = {\n page: number;\n weight: number;\n position: number; // 0=top, 1=bottom as fraction of page\n};\n\n/**\n * Detect the best position to place a digital signature on a PDF.\n *\n * Uses weighted scoring across three signal types:\n * - Signer name match (weight 3)\n * - Horizontal line patterns (weight 2)\n * - Signature keywords (weight 1)\n *\n * Returns null if the PDF cannot be parsed.\n */\nexport function detectSigningPosition(\n pdfData: Uint8Array,\n options: DetectPositionOptions = {},\n): DetectedPosition | null {\n let pages;\n try {\n const reader = new PDFReader(pdfData);\n const parsed = reader.parse();\n pages = parsed.pages;\n } catch {\n return null;\n }\n\n if (pages.length === 0) return null;\n\n const signals: Signal[] = [];\n const preferredPage =\n options.preferredPage === -1\n ? pages.length - 1\n : (options.preferredPage ?? pages.length - 1);\n\n for (let i = 0; i < pages.length; i++) {\n const page = pages[i]!;\n const text = page.content.toLowerCase();\n\n // Signal 1: Signer name (weight 3)\n if (options.signerName) {\n const name = options.signerName.toLowerCase();\n if (text.includes(name)) {\n const idx = text.indexOf(name);\n const position = text.length > 0 ? idx / text.length : 0.5;\n signals.push({ page: i, weight: 3, position });\n }\n }\n\n // Signal 1b: Organization name (weight 2.5)\n if (options.organization) {\n const org = options.organization.toLowerCase();\n if (text.includes(org)) {\n const idx = text.indexOf(org);\n const position = text.length > 0 ? idx / text.length : 0.5;\n signals.push({ page: i, weight: 2.5, position });\n }\n }\n\n // Signal 2: Line patterns (weight 2)\n if (LINE_PATTERN.test(text)) {\n const idx = text.search(LINE_PATTERN);\n const position = text.length > 0 ? idx / text.length : 0.5;\n signals.push({ page: i, weight: 2, position });\n }\n\n // Signal 3: Keywords (weight 1)\n for (const keyword of KEYWORD_PATTERNS) {\n if (text.includes(keyword)) {\n const idx = text.indexOf(keyword);\n const position = text.length > 0 ? idx / text.length : 0.5;\n signals.push({ page: i, weight: 1, position });\n break;\n }\n }\n }\n\n // No signals: fallback to bottom of last page\n if (signals.length === 0) {\n const lastPage = pages[pages.length - 1]!;\n return {\n page: pages.length - 1,\n x: 50,\n y: lastPage.size.height - 150,\n confidence: 0.1,\n };\n }\n\n // Group signals by page\n const pageScores = new Map<\n number,\n { totalWeight: number; bestPosition: number; bestWeight: number }\n >();\n for (const signal of signals) {\n const existing = pageScores.get(signal.page);\n if (existing) {\n existing.totalWeight += signal.weight;\n if (signal.weight > existing.bestWeight) {\n existing.bestWeight = signal.weight;\n existing.bestPosition = signal.position;\n }\n } else {\n pageScores.set(signal.page, {\n totalWeight: signal.weight,\n bestPosition: signal.position,\n bestWeight: signal.weight,\n });\n }\n }\n\n // Boost preferred page\n const preferredScore = pageScores.get(preferredPage);\n if (preferredScore) {\n preferredScore.totalWeight *= 1.2;\n }\n\n // Pick best page\n let bestPage = preferredPage;\n let bestScore = 0;\n for (const [page, score] of pageScores) {\n if (score.totalWeight > bestScore) {\n bestScore = score.totalWeight;\n bestPage = page;\n }\n }\n\n const pageInfo = pages[bestPage]!;\n const pageScore = pageScores.get(bestPage)!;\n\n // Position above the best match\n const yFraction = pageScore.bestPosition;\n const sigHeight = options.height ?? 120;\n const yFromTop = Math.max(\n 10,\n yFraction * pageInfo.size.height - sigHeight - 20,\n );\n\n const maxWeight = 3 + 2.5 + 2 + 1;\n const confidence = Math.min(1, bestScore / maxWeight);\n\n return {\n page: bestPage,\n x: options.width ? (pageInfo.size.width - options.width) / 2 : 50,\n y: yFromTop,\n confidence,\n };\n}\n",
|
|
6
|
+
"/**\n * ICP-Brasil Attributes for PAdES Signatures\n *\n * Implements the id-aa-signingCertificateV2 (RFC 5035) and\n * id-aa-ets-sigPolicyId attributes required by ICP-Brasil.\n *\n * Uses @f-o-t/asn1 for ASN.1 construction and @f-o-t/crypto for hashing.\n */\n\nimport {\n type Asn1Node,\n contextTag,\n decodeDer,\n encodeDer,\n ia5String,\n nullValue,\n octetString,\n oid,\n sequence,\n} from \"@f-o-t/asn1\";\nimport { hash } from \"@f-o-t/crypto\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\n/** SHA-256 Algorithm OID */\nconst SHA256_OID = \"2.16.840.1.101.3.4.2.1\";\n\n/** id-aa-signingCertificateV2 OID (RFC 5035) */\nconst SIGNING_CERTIFICATE_V2_OID = \"1.2.840.113549.1.9.16.2.47\";\n\n/** id-aa-ets-sigPolicyId OID */\nconst SIGNATURE_POLICY_OID = \"1.2.840.113549.1.9.16.2.15\";\n\n/** ICP-Brasil PAdES Policy (PA_PAdES_AD_RB_v1_1) */\nconst POLICY_CONFIG = {\n OID: \"2.16.76.1.7.1.11.1.1\",\n URL: \"http://politicas.icpbrasil.gov.br/PA_PAdES_AD_RB_v1_1.der\",\n} as const;\n\n/** id-spq-ets-uri OID */\nconst SPQ_ETS_URI_OID = \"1.2.840.113549.1.9.16.5.1\";\n\n// ---------------------------------------------------------------------------\n// Cached policy data\n// ---------------------------------------------------------------------------\n\nlet cachedPolicyData: {\n hashAlgOid: string;\n policyHash: Uint8Array;\n} | null = null;\n\n/**\n * Clear the cached signature policy data.\n * Useful for testing or forcing a re-download.\n */\nexport function clearPolicyCache(): void {\n cachedPolicyData = null;\n}\n\n// ---------------------------------------------------------------------------\n// Signing Certificate V2\n// ---------------------------------------------------------------------------\n\n/**\n * Build the id-aa-signingCertificateV2 attribute value (DER-encoded).\n *\n * This attribute links the signature to the specific certificate used to\n * create it, preventing substitution attacks.\n *\n * ASN.1 structure (RFC 5035):\n *\n * SigningCertificateV2 ::= SEQUENCE {\n * certs SEQUENCE OF ESSCertIDv2\n * }\n *\n * ESSCertIDv2 ::= SEQUENCE {\n * hashAlgorithm AlgorithmIdentifier DEFAULT {algorithm id-sha256},\n * certHash Hash,\n * issuerSerial IssuerSerial OPTIONAL\n * }\n *\n * IssuerSerial ::= SEQUENCE {\n * issuer GeneralNames,\n * serialNumber CertificateSerialNumber\n * }\n *\n * @param certDer - DER-encoded X.509 certificate\n * @returns DER-encoded SigningCertificateV2 value\n */\nexport function buildSigningCertificateV2(certDer: Uint8Array): Uint8Array {\n // 1. Hash the DER certificate with SHA-256\n const certHash = hash(\"sha256\", certDer);\n\n // 2. Build AlgorithmIdentifier for SHA-256\n const hashAlgId = sequence(oid(SHA256_OID), nullValue());\n\n // 3. Extract issuer and serial number from the certificate\n const cert = decodeDer(certDer);\n const tbsCert = (cert.value as Asn1Node[])[0]!;\n const tbs = tbsCert.value as Asn1Node[];\n\n // version is [0] EXPLICIT, so tbs[0] may be version context tag\n let idx = 0;\n if (tbs[0]!.class === \"context\" && tbs[0]!.tag === 0) {\n idx = 1;\n }\n\n const serialNumber = tbs[idx]!; // INTEGER\n const issuerName = tbs[idx + 2]!; // Name SEQUENCE\n\n // 4. Build IssuerSerial\n // IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber INTEGER }\n // GeneralNames ::= SEQUENCE OF GeneralName\n // GeneralName ::= directoryName [4] Name\n const generalName = contextTag(4, [issuerName]);\n const generalNames = sequence(generalName);\n const issuerSerial = sequence(generalNames, serialNumber);\n\n // 5. Build ESSCertIDv2\n const essCertIdV2 = sequence(hashAlgId, octetString(certHash), issuerSerial);\n\n // 6. Build SigningCertificateV2\n const signingCertV2 = sequence(\n // certs SEQUENCE OF ESSCertIDv2\n sequence(essCertIdV2),\n );\n\n return encodeDer(signingCertV2);\n}\n\n// ---------------------------------------------------------------------------\n// Signature Policy\n// ---------------------------------------------------------------------------\n\n/**\n * Download and parse the ICP-Brasil signature policy DER file.\n * Extracts the embedded signPolicyHash from the ASN.1 structure.\n */\nasync function downloadAndParsePolicyDocument(): Promise<{\n hashAlgOid: string;\n policyHash: Uint8Array;\n}> {\n if (cachedPolicyData) {\n return cachedPolicyData;\n }\n\n const response = await fetch(POLICY_CONFIG.URL, {\n signal: AbortSignal.timeout(10000),\n });\n\n if (!response.ok) {\n throw new SignaturePolicyError(\n `Failed to download signature policy: HTTP ${response.status}`,\n );\n }\n\n const arrayBuffer = await response.arrayBuffer();\n const data = new Uint8Array(arrayBuffer);\n\n if (data.length === 0 || data[0] !== 0x30) {\n throw new SignaturePolicyError(\"Invalid DER format in policy document\");\n }\n\n // Parse the ASN.1 structure:\n // SignaturePolicy ::= SEQUENCE {\n // signPolicyHashAlg AlgorithmIdentifier,\n // signPolicyInfo SignaturePolicyInfo,\n // signPolicyHash OCTET STRING\n // }\n const asn1 = decodeDer(data);\n const children = asn1.value as Asn1Node[];\n\n if (!Array.isArray(children) || children.length < 3) {\n throw new SignaturePolicyError(\n `Unexpected policy structure: expected 3+ children, got ${children?.length}`,\n );\n }\n\n // Child[0] = AlgorithmIdentifier\n const algIdChildren = children[0]!.value as Asn1Node[];\n if (!Array.isArray(algIdChildren) || algIdChildren.length === 0) {\n throw new SignaturePolicyError(\"Invalid AlgorithmIdentifier in policy\");\n }\n\n const { bytesToOid } = await import(\"@f-o-t/asn1\");\n const hashAlgOid = bytesToOid(algIdChildren[0]!.value as Uint8Array);\n\n // Child[2] = signPolicyHash (OCTET STRING)\n const hashNode = children[2]!;\n if (hashNode.tag !== 0x04) {\n throw new SignaturePolicyError(\n `Expected OCTET STRING at child[2], got tag 0x${hashNode.tag.toString(16)}`,\n );\n }\n\n cachedPolicyData = {\n hashAlgOid,\n policyHash: hashNode.value as Uint8Array,\n };\n\n return cachedPolicyData;\n}\n\n/**\n * Build the id-aa-ets-sigPolicyId attribute value (DER-encoded).\n *\n * Downloads the ICP-Brasil PAdES signature policy and extracts the\n * embedded signPolicyHash to build the attribute.\n *\n * @returns DER-encoded SignaturePolicyIdentifier value\n */\nexport async function buildSignaturePolicy(): Promise<Uint8Array> {\n const { hashAlgOid, policyHash } = await downloadAndParsePolicyDocument();\n\n // AlgorithmIdentifier for hash (no NULL — matches policy encoding)\n const hashAlgId = sequence(oid(hashAlgOid));\n\n // SigPolicyHash (OtherHashAlgAndValue)\n const sigPolicyHash = sequence(hashAlgId, octetString(policyHash));\n\n // SigPolicyQualifiers with policy URL\n const sigPolicyQualifiers = sequence(\n sequence(\n // id-spq-ets-uri\n oid(SPQ_ETS_URI_OID),\n // Policy URL as IA5String\n ia5String(POLICY_CONFIG.URL),\n ),\n );\n\n // SignaturePolicyId\n const signaturePolicyId = sequence(\n // sigPolicyId (policy OID)\n oid(POLICY_CONFIG.OID),\n // sigPolicyHash\n sigPolicyHash,\n // sigPolicyQualifiers\n sigPolicyQualifiers,\n );\n\n return encodeDer(signaturePolicyId);\n}\n\n/**\n * Attribute OID constants for external use\n */\nexport const ICP_BRASIL_OIDS = {\n signingCertificateV2: SIGNING_CERTIFICATE_V2_OID,\n signaturePolicy: SIGNATURE_POLICY_OID,\n} as const;\n\n// ---------------------------------------------------------------------------\n// Errors\n// ---------------------------------------------------------------------------\n\nexport class SignaturePolicyError extends Error {\n constructor(message: string) {\n super(message);\n this.name = \"SignaturePolicyError\";\n }\n}\n",
|
|
7
|
+
"/**\n * Zod schemas for input validation\n */\n\nimport { z } from \"zod\";\n\nconst signatureAppearanceSchema = z.object({\n x: z.number(),\n y: z.number(),\n width: z.number().positive(),\n height: z.number().positive(),\n page: z.number().int().min(0).optional(),\n showQrCode: z.boolean().optional(),\n showCertInfo: z.boolean().optional(),\n});\n\nconst qrCodeConfigSchema = z.object({\n data: z.string().optional(),\n size: z.number().int().positive().optional(),\n});\n\nexport const pdfSignOptionsSchema = z.object({\n certificate: z.object({\n p12: z.instanceof(Uint8Array).refine((v) => v.length > 0, {\n message: \"P12 data must not be empty\",\n }),\n password: z.string(),\n name: z.string().optional(),\n }),\n reason: z.string().optional(),\n location: z.string().optional(),\n contactInfo: z.string().optional(),\n policy: z.enum([\"pades-ades\", \"pades-icp-brasil\"]).optional(),\n timestamp: z.boolean().optional(),\n tsaUrl: z.string().url().optional(),\n tsaTimeout: z.number().positive().optional(),\n tsaRetries: z.number().int().min(0).optional(),\n tsaFallbackUrls: z.array(z.string().url()).optional(),\n onTimestampError: z\n .function({ input: z.tuple([z.unknown()]), output: z.void() })\n .optional(),\n appearance: z\n .union([signatureAppearanceSchema, z.literal(\"auto\"), z.literal(false)])\n .optional(),\n appearances: z.array(signatureAppearanceSchema).optional(),\n qrCode: qrCodeConfigSchema.optional(),\n docMdpPermission: z\n .union([z.literal(1), z.literal(2), z.literal(3)])\n .optional(),\n});\n",
|
|
8
|
+
"/**\n * RFC 3161 Timestamp Client\n *\n * Requests trusted timestamps from TSA servers using native fetch.\n * Builds the TimeStampReq using @f-o-t/asn1 instead of forge.\n */\n\nimport {\n type Asn1Node,\n boolean as asn1Boolean,\n decodeDer,\n encodeDer,\n integer,\n octetString,\n oid,\n sequence,\n} from \"@f-o-t/asn1\";\nimport { hash } from \"@f-o-t/crypto\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\n/** Well-known hash algorithm OIDs */\nconst HASH_OIDS: Record<string, string> = {\n sha256: \"2.16.840.1.101.3.4.2.1\",\n sha384: \"2.16.840.1.101.3.4.2.2\",\n sha512: \"2.16.840.1.101.3.4.2.3\",\n};\n\n/** ICP-Brasil Approved Timestamp Servers */\nexport const TIMESTAMP_SERVERS = {\n VALID: \"http://timestamp.valid.com.br/tsa\",\n SAFEWEB: \"http://tsa.safeweb.com.br/tsa/tsa\",\n CERTISIGN: \"http://timestamp.certisign.com.br\",\n} as const;\n\n/** id-smime-aa-timeStampToken OID */\nexport const TIMESTAMP_TOKEN_OID = \"1.2.840.113549.1.9.16.2.14\";\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\n/**\n * Request a timestamp from a TSA server with retry and fallback support.\n *\n * @param dataToTimestamp - The data to timestamp (usually the signature value)\n * @param tsaUrl - URL of the primary timestamp server\n * @param hashAlgorithm - Hash algorithm to use (default: \"sha256\")\n * @param options - Resilience options (timeout, retries, fallback URLs)\n * @returns DER-encoded TimeStampToken\n */\nexport async function requestTimestamp(\n dataToTimestamp: Uint8Array,\n tsaUrl: string,\n hashAlgorithm: \"sha256\" | \"sha384\" | \"sha512\" = \"sha256\",\n options?: {\n tsaTimeout?: number;\n tsaRetries?: number;\n tsaFallbackUrls?: string[];\n },\n): Promise<Uint8Array> {\n // 1. Hash the data\n const messageHash = hash(hashAlgorithm, dataToTimestamp);\n\n // 2. Build TimeStampReq\n const timestampReq = buildTimestampRequest(messageHash, hashAlgorithm);\n\n const tsaTimeout = options?.tsaTimeout ?? 10000;\n const tsaRetries = options?.tsaRetries ?? 0;\n const tsaFallbackUrls = options?.tsaFallbackUrls ?? [];\n\n let lastError: Error | undefined;\n\n // 3. Try primary server: 1 initial attempt + tsaRetries retries\n for (let attempt = 1; attempt <= 1 + tsaRetries; attempt++) {\n if (attempt > 1) {\n await sleep(2 ** (attempt - 2) * 1000);\n }\n try {\n return await fetchTimestamp(tsaUrl, timestampReq, tsaTimeout);\n } catch (err) {\n lastError = err instanceof Error ? err : new Error(String(err));\n }\n }\n\n // 4. Try fallback servers (one attempt each, no delay)\n for (const fallbackUrl of tsaFallbackUrls) {\n try {\n return await fetchTimestamp(fallbackUrl, timestampReq, tsaTimeout);\n } catch (err) {\n lastError = err instanceof Error ? err : new Error(String(err));\n }\n }\n\n // 5. All servers failed\n const fallbackList =\n tsaFallbackUrls.length > 0\n ? `, fallbacks: [${tsaFallbackUrls.join(\", \")}]`\n : \"\";\n throw new TimestampError(\n `TSA request failed: all servers unreachable (primary: ${tsaUrl}${fallbackList}). Last error: ${lastError?.message ?? \"unknown\"}`,\n );\n}\n\n// ---------------------------------------------------------------------------\n// Internal\n// ---------------------------------------------------------------------------\n\nfunction sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\n/**\n * Perform a single TSA fetch attempt, wrapping network errors with a descriptive message.\n */\nasync function fetchTimestamp(\n url: string,\n timestampReq: Uint8Array,\n timeoutMs: number,\n): Promise<Uint8Array> {\n let response: Response;\n try {\n response = await fetch(url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/timestamp-query\",\n },\n body: timestampReq as unknown as BodyInit,\n signal: AbortSignal.timeout(timeoutMs),\n });\n } catch (err) {\n const msg = err instanceof Error ? err.message : String(err);\n throw new Error(`TSA server unreachable: ${url} — ${msg}`);\n }\n\n if (!response.ok) {\n throw new TimestampError(`TSA returned HTTP ${response.status}`);\n }\n\n const respBuffer = new Uint8Array(await response.arrayBuffer());\n return extractTimestampToken(respBuffer);\n}\n\n/**\n * Build a TimeStampReq (RFC 3161) as DER bytes.\n *\n * TimeStampReq ::= SEQUENCE {\n * version INTEGER { v1(1) },\n * messageImprint MessageImprint,\n * certReq BOOLEAN DEFAULT FALSE\n * }\n *\n * MessageImprint ::= SEQUENCE {\n * hashAlgorithm AlgorithmIdentifier,\n * hashedMessage OCTET STRING\n * }\n */\nfunction buildTimestampRequest(\n messageHash: Uint8Array,\n hashAlgorithm: string,\n): Uint8Array {\n const hashOid = HASH_OIDS[hashAlgorithm];\n if (!hashOid) {\n throw new TimestampError(`Unsupported hash algorithm: ${hashAlgorithm}`);\n }\n\n const timestampReq = sequence(\n // version = 1\n integer(1),\n // messageImprint\n sequence(\n // hashAlgorithm AlgorithmIdentifier\n sequence(oid(hashOid)),\n // hashedMessage OCTET STRING\n octetString(messageHash),\n ),\n // certReq = TRUE (request certificate in response)\n asn1Boolean(true),\n );\n\n return encodeDer(timestampReq);\n}\n\n/**\n * Extract the TimeStampToken from a TimeStampResp.\n *\n * TimeStampResp ::= SEQUENCE {\n * status PKIStatusInfo,\n * timeStampToken TimeStampToken OPTIONAL\n * }\n *\n * PKIStatusInfo ::= SEQUENCE {\n * status PKIStatus, -- INTEGER\n * ...\n * }\n */\nfunction extractTimestampToken(respDer: Uint8Array): Uint8Array {\n let resp: Asn1Node;\n try {\n resp = decodeDer(respDer);\n } catch {\n throw new TimestampError(\"Invalid timestamp response: not valid DER\");\n }\n\n const children = resp.value as Asn1Node[];\n if (!Array.isArray(children) || children.length < 1) {\n throw new TimestampError(\n \"Invalid timestamp response: unexpected structure\",\n );\n }\n\n // Check status\n const statusInfo = children[0]!.value as Asn1Node[];\n const statusBytes = statusInfo[0]!.value as Uint8Array;\n // Status 0 = granted, 1 = grantedWithMods\n const statusValue = statusBytes[statusBytes.length - 1]!;\n if (statusValue !== 0 && statusValue !== 1) {\n throw new TimestampError(\n `Timestamp request rejected with status: ${statusValue}`,\n );\n }\n\n // Extract token (second child)\n if (!children[1]) {\n throw new TimestampError(\"Timestamp response does not contain a token\");\n }\n\n return encodeDer(children[1]);\n}\n\n// ---------------------------------------------------------------------------\n// Errors\n// ---------------------------------------------------------------------------\n\nexport class TimestampError extends Error {\n constructor(message: string) {\n super(message);\n this.name = \"TimestampError\";\n }\n}\n",
|
|
9
|
+
"/**\n * PDF Signing — Main Entry Point\n *\n * Signs a PDF document using PAdES format with optional ICP-Brasil compliance.\n *\n * Flow:\n * 1. Parse certificate for display info\n * 2. Load PDF and draw visual appearance\n * 3. Save PDF with signature placeholder\n * 4. Find byte range and extract bytes to sign\n * 5. Build CMS/PKCS#7 SignedData with ICP-Brasil attributes\n * 6. Embed signature into PDF\n */\n\nimport type { Asn1Node } from \"@f-o-t/asn1\";\nimport { decodeDer } from \"@f-o-t/asn1\";\nimport type { CmsAttribute } from \"@f-o-t/crypto\";\nimport {\n appendUnauthAttributes,\n createSignedData,\n parsePkcs12,\n} from \"@f-o-t/crypto\";\nimport type { CertificateInfo } from \"@f-o-t/digital-certificate\";\nimport { parseCertificate } from \"@f-o-t/digital-certificate\";\nimport {\n embedSignature,\n extractBytesToSign,\n findByteRange,\n loadPdf,\n} from \"@f-o-t/pdf/plugins/editing\";\nimport {\n drawSignatureAppearance,\n precomputeSharedQrImage,\n} from \"./appearance.ts\";\nimport { detectSigningPosition } from \"./detect-position.ts\";\nimport {\n buildSignaturePolicy,\n buildSigningCertificateV2,\n ICP_BRASIL_OIDS,\n} from \"./icp-brasil.ts\";\nimport { pdfSignOptionsSchema } from \"./schemas.ts\";\nimport { requestTimestamp, TIMESTAMP_TOKEN_OID } from \"./timestamp.ts\";\nimport type { PdfSignOptions } from \"./types.ts\";\n\n/**\n * Sign a PDF document with a digital certificate.\n *\n * Supports PAdES-BES and PAdES with ICP-Brasil compliance\n * (signing-certificate-v2 and signature-policy attributes).\n *\n * @param pdf - The PDF document as a Uint8Array or ReadableStream<Uint8Array>\n * @param options - Signing options\n * @returns The signed PDF as a Uint8Array\n *\n * @example\n * ```ts\n * const signedPdf = await signPdf(pdfBytes, {\n * certificate: { p12, password: \"secret\" },\n * reason: \"Document approval\",\n * location: \"Corporate Office\",\n * policy: \"pades-icp-brasil\",\n * });\n * ```\n */\nexport async function signPdf(\n pdf: Uint8Array | ReadableStream<Uint8Array>,\n options: PdfSignOptions,\n): Promise<Uint8Array> {\n // Accumulate ReadableStream into Uint8Array if needed\n let pdfBytes: Uint8Array;\n if (pdf instanceof ReadableStream) {\n const chunks: Uint8Array[] = [];\n const reader = pdf.getReader();\n try {\n while (true) {\n const { done, value } = await reader.read();\n if (done) break;\n if (value) chunks.push(value);\n }\n } finally {\n reader.releaseLock();\n }\n const totalLength = chunks.reduce((sum, c) => sum + c.length, 0);\n pdfBytes = new Uint8Array(totalLength);\n let offset = 0;\n for (const chunk of chunks) {\n pdfBytes.set(chunk, offset);\n offset += chunk.length;\n }\n } else {\n pdfBytes = pdf;\n }\n\n // Validate input\n const opts = pdfSignOptionsSchema.parse(options);\n\n // 1. Parse PKCS#12 early — needed both for display info and for sizing the\n // signature placeholder accurately based on the actual certificate chain length.\n const { certificate, privateKey, chain } = await parsePkcs12(\n opts.certificate.p12,\n opts.certificate.password,\n );\n\n // 1b. Parse certificate for rich display info (CPF/CNPJ, subject CN, etc.)\n let certInfo: CertificateInfo | null = null;\n try {\n certInfo = parseCertificate(\n opts.certificate.p12,\n opts.certificate.password,\n );\n } catch {\n // If parsing fails, continue without cert info for display\n }\n\n // 2. Load PDF via editing plugin\n const doc = loadPdf(pdfBytes);\n\n // Resolve \"auto\" appearance via position detection\n let resolvedAppearance = opts.appearance as\n | Exclude<typeof opts.appearance, \"auto\">\n | undefined;\n if (opts.appearance === \"auto\") {\n const detected = detectSigningPosition(pdfBytes, {\n signerName: certInfo?.subject.commonName ?? undefined,\n organization: certInfo?.subject.organization ?? undefined,\n preferredPage: -1,\n width: 350,\n height: 120,\n });\n\n if (detected) {\n resolvedAppearance = {\n x: detected.x,\n y: detected.y,\n width: 350,\n height: 120,\n page: detected.page,\n };\n } else {\n // Fallback: bottom of first page\n resolvedAppearance = {\n x: 50,\n y: 700,\n width: 350,\n height: 120,\n page: 0,\n };\n }\n } else {\n resolvedAppearance = opts.appearance === false ? false : opts.appearance;\n }\n\n // 3. Draw visual signature appearance if requested\n if (resolvedAppearance !== false && resolvedAppearance) {\n const pageIndex = resolvedAppearance.page ?? 0;\n\n if (pageIndex < 0 || pageIndex >= doc.pageCount) {\n throw new PdfSignError(\n `Invalid page index: ${pageIndex}. PDF has ${doc.pageCount} pages.`,\n );\n }\n\n const page = doc.getPage(pageIndex);\n\n drawSignatureAppearance(doc, page, resolvedAppearance, certInfo, {\n reason: opts.reason,\n location: opts.location,\n qrCode: opts.qrCode,\n pdfData: pdfBytes,\n });\n }\n\n // 3b. Draw multiple visual signature appearances if provided\n if (opts.appearances && opts.appearances.length > 0) {\n // Pre-embed the QR image once so all appearances share a single PDF XObject.\n // This collapses N embedPng calls (and N IDAT buffer allocations) into 1.\n const needsQr = opts.appearances.some((a) => a.showQrCode !== false);\n // Pre-embed the QR once. Safe to pass to all appearances — drawSignatureAppearance\n // ignores it when showQrCode is false (inner guard in appearance.ts).\n const sharedQrImage = needsQr\n ? precomputeSharedQrImage(doc, certInfo, pdfBytes, opts.qrCode)\n : undefined;\n\n for (const app of opts.appearances) {\n const pageIndex = app.page ?? 0;\n\n if (pageIndex < 0 || pageIndex >= doc.pageCount) {\n throw new PdfSignError(\n `Invalid page index ${pageIndex} in appearances. PDF has ${doc.pageCount} pages.`,\n );\n }\n\n const page = doc.getPage(pageIndex);\n\n drawSignatureAppearance(doc, page, app, certInfo, {\n reason: opts.reason,\n location: opts.location,\n qrCode: opts.qrCode,\n pdfData: pdfBytes,\n preEmbeddedQr: sharedQrImage,\n });\n }\n }\n\n // 4. Save with signature placeholder\n const signerName =\n certInfo?.subject.commonName ||\n opts.certificate.name ||\n \"Digital Signature\";\n\n // Dynamic placeholder size: base 8 KB + 2× actual cert chain + 4 KB for a\n // timestamp token (if configured). Prevents \"Signature too large\" failures for\n // certificates with long chains (5+ certs) or large RSA keys.\n const certChainBytes =\n certificate.length + chain.reduce((sum, c) => sum + c.length, 0);\n const signatureLength = Math.max(\n 16384,\n certChainBytes * 2 + (opts.tsaUrl ? 4096 : 0) + 8192,\n );\n\n // Which page hosts the widget annotation — must match the visual appearance\n // page so PDF readers navigate to the right page when a signature is clicked.\n const appearancePage = resolvedAppearance\n ? ((resolvedAppearance as { page?: number }).page ?? 0)\n : (opts.appearances?.[0]?.page ?? 0);\n\n const { pdf: pdfWithPlaceholder } = doc.saveWithPlaceholder({\n reason: opts.reason || \"Digitally signed\",\n name: signerName,\n location: opts.location,\n contactInfo: opts.contactInfo,\n signatureLength,\n docMdpPermission: opts.docMdpPermission ?? 2,\n appearancePage,\n });\n\n // 5. Find byte range and extract bytes to sign\n const { byteRange } = findByteRange(pdfWithPlaceholder);\n const bytesToSign = extractBytesToSign(pdfWithPlaceholder, byteRange);\n\n // 6. Cryptographic material already parsed in step 1\n\n // 7. Build ICP-Brasil authenticated attributes if needed\n const authenticatedAttributes: CmsAttribute[] = [];\n\n if (opts.policy === \"pades-icp-brasil\") {\n // signing-certificate-v2\n const sigCertV2 = buildSigningCertificateV2(certificate);\n authenticatedAttributes.push({\n oid: ICP_BRASIL_OIDS.signingCertificateV2,\n values: [sigCertV2],\n });\n\n // signature-policy\n try {\n const sigPolicy = await buildSignaturePolicy();\n authenticatedAttributes.push({\n oid: ICP_BRASIL_OIDS.signaturePolicy,\n values: [sigPolicy],\n });\n } catch {\n // Policy download failure is non-fatal\n // The signature will still be valid PAdES-BES\n }\n }\n\n // 8. Build unauthenticated attributes\n const unauthenticatedAttributes: CmsAttribute[] = [];\n\n // 9. Create CMS/PKCS#7 SignedData\n const signedData = await createSignedData({\n content: bytesToSign,\n certificate,\n privateKey,\n chain,\n hashAlgorithm: \"sha256\",\n authenticatedAttributes:\n authenticatedAttributes.length > 0\n ? authenticatedAttributes\n : undefined,\n unauthenticatedAttributes:\n unauthenticatedAttributes.length > 0\n ? unauthenticatedAttributes\n : undefined,\n detached: true,\n });\n\n // 10. Optionally request timestamp and embed as unauthenticated attribute\n if (opts.timestamp && opts.tsaUrl) {\n try {\n const tsToken = await requestTimestamp(\n extractSignatureValue(signedData),\n opts.tsaUrl,\n \"sha256\",\n {\n tsaTimeout: opts.tsaTimeout,\n tsaRetries: opts.tsaRetries,\n tsaFallbackUrls: opts.tsaFallbackUrls,\n },\n );\n unauthenticatedAttributes.push({\n oid: TIMESTAMP_TOKEN_OID,\n values: [tsToken],\n });\n } catch (err) {\n // Timestamp failure is non-fatal\n opts.onTimestampError?.(err);\n }\n }\n\n // 11. Patch timestamp token into SignedData as unauthenticated attribute (no re-signing)\n const finalSignedData = appendUnauthAttributes(\n signedData,\n unauthenticatedAttributes,\n );\n\n // 12. Embed signature into PDF\n return embedSignature(pdfWithPlaceholder, finalSignedData);\n}\n\n// ---------------------------------------------------------------------------\n// Internal helpers\n// ---------------------------------------------------------------------------\n\n/**\n * Extract the raw signature value bytes from a DER-encoded CMS ContentInfo.\n *\n * Per CAdES (ETSI EN 319 122-1) / RFC 5126 §5.5.1, the id-smime-aa-timeStampToken\n * attribute must be a timestamp over the SignerInfo.signature octets, not the\n * full ContentInfo blob.\n *\n * ContentInfo → [0] EXPLICIT → SignedData → signerInfos[0] → signature OCTET STRING\n */\nfunction extractSignatureValue(contentInfoDer: Uint8Array): Uint8Array {\n const contentInfo = decodeDer(contentInfoDer);\n const signedDataNode = (\n (contentInfo.value as Asn1Node[])[1]!.value as Asn1Node[]\n )[0]!;\n // signerInfos is always the last child of SignedData per RFC 5652\n const signerInfosSet = (signedDataNode.value as Asn1Node[]).at(-1)!;\n const signerInfo = (signerInfosSet.value as Asn1Node[])[0]!;\n const signatureNode = (signerInfo.value as Asn1Node[])[5]!;\n return signatureNode.value as Uint8Array;\n}\n\n// ---------------------------------------------------------------------------\n// Errors\n// ---------------------------------------------------------------------------\n\nexport class PdfSignError extends Error {\n constructor(message: string) {\n super(message);\n this.name = \"PdfSignError\";\n }\n}\n",
|
|
10
|
+
"/**\n * Visual Signature Appearance\n *\n * Draws certificate information and QR code on the PDF page\n * following the ICP-Brasil standard visual signature layout.\n */\n\nimport type { CertificateInfo } from \"@f-o-t/digital-certificate\";\nimport type {\n PdfDocument,\n PdfImage,\n PdfPage,\n} from \"@f-o-t/pdf/plugins/editing\";\nimport { generateQrCode } from \"@f-o-t/qrcode\";\nimport type { QrCodeConfig, SignatureAppearance } from \"./types.ts\";\n\nconst VALIDATION_URL = \"https://validar.iti.gov.br\";\n\n/**\n * Draw the visual signature appearance on a PDF page.\n *\n * Includes optional QR code and certificate information text\n * inside a bordered rectangle following ICP-Brasil layout.\n */\nexport function drawSignatureAppearance(\n doc: PdfDocument,\n page: PdfPage,\n appearance: SignatureAppearance,\n certInfo: CertificateInfo | null,\n options: {\n reason?: string;\n location?: string;\n qrCode?: QrCodeConfig;\n pdfData: Uint8Array;\n preEmbeddedQr?: PdfImage;\n },\n): void {\n const { x, width, height } = appearance;\n const showQrCode = appearance.showQrCode !== false;\n const showCertInfo = appearance.showCertInfo !== false;\n\n // Convert from top-left origin (user-facing) to PDF bottom-left origin.\n const y = page.height - appearance.y - height;\n\n // Draw bordered rectangle around the signature area\n page.drawRectangle({\n x,\n y,\n width,\n height,\n borderColor: \"#C0C0C0\",\n borderWidth: 1,\n });\n\n let qrSize = 0;\n\n // Draw QR code if requested (enabled by default)\n if (showQrCode) {\n const qrImage =\n options.preEmbeddedQr ??\n (() => {\n const qrData = options.qrCode?.data ?? VALIDATION_URL;\n const qrPng = generateQrCode(qrData, {\n size: options.qrCode?.size ?? 100,\n });\n return doc.embedPng(qrPng);\n })();\n\n qrSize = Math.min(100, height - 20);\n\n page.drawImage(qrImage, {\n x: x + 10,\n y: y + 10,\n width: qrSize,\n height: qrSize,\n });\n }\n\n // Draw certificate info text\n if (showCertInfo) {\n drawCertInfo(page, certInfo, {\n x,\n y,\n width,\n height,\n qrOffset: qrSize > 0 ? qrSize + 20 : 10,\n });\n }\n\n // Reference link below the box\n const linkText = \"validar.iti.gov.br\";\n const linkX = x + width / 2 - linkText.length * 2.5;\n page.drawText(linkText, {\n x: linkX,\n y: y - 12,\n size: 8,\n color: \"#888888\",\n });\n}\n\n/**\n * Draw certificate information text on the page following ICP-Brasil layout.\n */\nfunction drawCertInfo(\n page: PdfPage,\n certInfo: CertificateInfo | null,\n opts: {\n x: number;\n y: number;\n width: number;\n height: number;\n qrOffset: number;\n },\n): void {\n const textX = opts.x + opts.qrOffset;\n let textY = opts.y + opts.height - 20;\n const fontSize = 10;\n const lineHeight = 14;\n\n // Green header\n page.drawText(\"ASSINADO DIGITALMENTE\", {\n x: textX,\n y: textY,\n size: 12,\n color: \"#008000\",\n });\n textY -= lineHeight * 1.5;\n\n if (certInfo) {\n // Signer name\n const signerName = certInfo.subject.commonName || \"N/A\";\n page.drawText(`Signatário: ${signerName}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n\n // Organization (if available)\n if (certInfo.subject.organization) {\n page.drawText(`Empresa: ${certInfo.subject.organization}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n }\n\n // CNPJ or CPF\n if (certInfo.brazilian.cnpj) {\n const cnpj = formatCnpj(certInfo.brazilian.cnpj);\n page.drawText(`CNPJ: ${cnpj}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n } else if (certInfo.brazilian.cpf) {\n const cpf = formatCpf(certInfo.brazilian.cpf);\n page.drawText(`CPF: ${cpf}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n }\n\n // Date and time\n const now = new Date();\n const dateStr = now.toLocaleDateString(\"pt-BR\");\n const timeStr = now.toLocaleTimeString(\"pt-BR\");\n page.drawText(`Data: ${dateStr} ${timeStr}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n\n // Certificate type\n page.drawText(\"Certificado: ICP-Brasil (A1)\", {\n x: textX,\n y: textY,\n size: fontSize,\n });\n } else {\n // Fallback if cert info not available\n page.drawText(\"Assinatura Digital\", {\n x: textX,\n y: textY,\n size: fontSize,\n });\n }\n}\n\n/**\n * Pre-compute the QR code image and embed it once into the PDF document.\n * Call this before an appearances loop so all appearances share a single XObject.\n */\nexport function precomputeSharedQrImage(\n doc: PdfDocument,\n certInfo: CertificateInfo | null,\n pdfData: Uint8Array,\n qrConfig?: QrCodeConfig,\n): PdfImage {\n const qrData = qrConfig?.data ?? VALIDATION_URL;\n const qrPng = generateQrCode(qrData, { size: qrConfig?.size ?? 100 });\n return doc.embedPng(qrPng);\n}\n\n/**\n * Format a CNPJ number with punctuation\n */\nfunction formatCnpj(cnpj: string): string {\n return cnpj.replace(/(\\d{2})(\\d{3})(\\d{3})(\\d{4})(\\d{2})/, \"$1.$2.$3/$4-$5\");\n}\n\n/**\n * Format a CPF number with punctuation\n */\nfunction formatCpf(cpf: string): string {\n return cpf.replace(/(\\d{3})(\\d{3})(\\d{3})(\\d{2})/, \"$1.$2.$3-$4\");\n}\n"
|
|
11
|
+
],
|
|
12
|
+
"mappings": ";;;;AAAA;AAGA,IAAM,mBAAmB;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACH;AAEA,IAAM,eAAe;AAkBd,SAAS,qBAAqB,CAClC,SACA,UAAiC,CAAC,GACV;AAAA,EACxB,IAAI;AAAA,EACJ,IAAI;AAAA,IACD,MAAM,SAAS,IAAI,UAAU,OAAO;AAAA,IACpC,MAAM,SAAS,OAAO,MAAM;AAAA,IAC5B,QAAQ,OAAO;AAAA,IAChB,MAAM;AAAA,IACL,OAAO;AAAA;AAAA,EAGV,IAAI,MAAM,WAAW;AAAA,IAAG,OAAO;AAAA,EAE/B,MAAM,UAAoB,CAAC;AAAA,EAC3B,MAAM,gBACH,QAAQ,kBAAkB,KACrB,MAAM,SAAS,IACd,QAAQ,iBAAiB,MAAM,SAAS;AAAA,EAEjD,SAAS,IAAI,EAAG,IAAI,MAAM,QAAQ,KAAK;AAAA,IACpC,MAAM,OAAO,MAAM;AAAA,IACnB,MAAM,OAAO,KAAK,QAAQ,YAAY;AAAA,IAGtC,IAAI,QAAQ,YAAY;AAAA,MACrB,MAAM,OAAO,QAAQ,WAAW,YAAY;AAAA,MAC5C,IAAI,KAAK,SAAS,IAAI,GAAG;AAAA,QACtB,MAAM,MAAM,KAAK,QAAQ,IAAI;AAAA,QAC7B,MAAM,WAAW,KAAK,SAAS,IAAI,MAAM,KAAK,SAAS;AAAA,QACvD,QAAQ,KAAK,EAAE,MAAM,GAAG,QAAQ,GAAG,SAAS,CAAC;AAAA,MAChD;AAAA,IACH;AAAA,IAGA,IAAI,QAAQ,cAAc;AAAA,MACvB,MAAM,MAAM,QAAQ,aAAa,YAAY;AAAA,MAC7C,IAAI,KAAK,SAAS,GAAG,GAAG;AAAA,QACrB,MAAM,MAAM,KAAK,QAAQ,GAAG;AAAA,QAC5B,MAAM,WAAW,KAAK,SAAS,IAAI,MAAM,KAAK,SAAS;AAAA,QACvD,QAAQ,KAAK,EAAE,MAAM,GAAG,QAAQ,KAAK,SAAS,CAAC;AAAA,MAClD;AAAA,IACH;AAAA,IAGA,IAAI,aAAa,KAAK,IAAI,GAAG;AAAA,MAC1B,MAAM,MAAM,KAAK,OAAO,YAAY;AAAA,MACpC,MAAM,WAAW,KAAK,SAAS,IAAI,MAAM,KAAK,SAAS;AAAA,MACvD,QAAQ,KAAK,EAAE,MAAM,GAAG,QAAQ,GAAG,SAAS,CAAC;AAAA,IAChD;AAAA,IAGA,WAAW,WAAW,kBAAkB;AAAA,MACrC,IAAI,KAAK,SAAS,OAAO,GAAG;AAAA,QACzB,MAAM,MAAM,KAAK,QAAQ,OAAO;AAAA,QAChC,MAAM,WAAW,KAAK,SAAS,IAAI,MAAM,KAAK,SAAS;AAAA,QACvD,QAAQ,KAAK,EAAE,MAAM,GAAG,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC7C;AAAA,MACH;AAAA,IACH;AAAA,EACH;AAAA,EAGA,IAAI,QAAQ,WAAW,GAAG;AAAA,IACvB,MAAM,WAAW,MAAM,MAAM,SAAS;AAAA,IACtC,OAAO;AAAA,MACJ,MAAM,MAAM,SAAS;AAAA,MACrB,GAAG;AAAA,MACH,GAAG,SAAS,KAAK,SAAS;AAAA,MAC1B,YAAY;AAAA,IACf;AAAA,EACH;AAAA,EAGA,MAAM,aAAa,IAAI;AAAA,EAIvB,WAAW,UAAU,SAAS;AAAA,IAC3B,MAAM,WAAW,WAAW,IAAI,OAAO,IAAI;AAAA,IAC3C,IAAI,UAAU;AAAA,MACX,SAAS,eAAe,OAAO;AAAA,MAC/B,IAAI,OAAO,SAAS,SAAS,YAAY;AAAA,QACtC,SAAS,aAAa,OAAO;AAAA,QAC7B,SAAS,eAAe,OAAO;AAAA,MAClC;AAAA,IACH,EAAO;AAAA,MACJ,WAAW,IAAI,OAAO,MAAM;AAAA,QACzB,aAAa,OAAO;AAAA,QACpB,cAAc,OAAO;AAAA,QACrB,YAAY,OAAO;AAAA,MACtB,CAAC;AAAA;AAAA,EAEP;AAAA,EAGA,MAAM,iBAAiB,WAAW,IAAI,aAAa;AAAA,EACnD,IAAI,gBAAgB;AAAA,IACjB,eAAe,eAAe;AAAA,EACjC;AAAA,EAGA,IAAI,WAAW;AAAA,EACf,IAAI,YAAY;AAAA,EAChB,YAAY,MAAM,UAAU,YAAY;AAAA,IACrC,IAAI,MAAM,cAAc,WAAW;AAAA,MAChC,YAAY,MAAM;AAAA,MAClB,WAAW;AAAA,IACd;AAAA,EACH;AAAA,EAEA,MAAM,WAAW,MAAM;AAAA,EACvB,MAAM,YAAY,WAAW,IAAI,QAAQ;AAAA,EAGzC,MAAM,YAAY,UAAU;AAAA,EAC5B,MAAM,YAAY,QAAQ,UAAU;AAAA,EACpC,MAAM,WAAW,KAAK,IACnB,IACA,YAAY,SAAS,KAAK,SAAS,YAAY,EAClD;AAAA,EAEA,MAAM,YAAY,IAAI,MAAM,IAAI;AAAA,EAChC,MAAM,aAAa,KAAK,IAAI,GAAG,YAAY,SAAS;AAAA,EAEpD,OAAO;AAAA,IACJ,MAAM;AAAA,IACN,GAAG,QAAQ,SAAS,SAAS,KAAK,QAAQ,QAAQ,SAAS,IAAI;AAAA,IAC/D,GAAG;AAAA,IACH;AAAA,EACH;AAAA;;;ACzJH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAWA;AAOA,IAAM,aAAa;AAGnB,IAAM,6BAA6B;AAGnC,IAAM,uBAAuB;AAG7B,IAAM,gBAAgB;AAAA,EACnB,KAAK;AAAA,EACL,KAAK;AACR;AAGA,IAAM,kBAAkB;AAMxB,IAAI,mBAGO;AAMJ,SAAS,gBAAgB,GAAS;AAAA,EACtC,mBAAmB;AAAA;AAiCf,SAAS,yBAAyB,CAAC,SAAiC;AAAA,EAExE,MAAM,WAAW,KAAK,UAAU,OAAO;AAAA,EAGvC,MAAM,YAAY,SAAS,IAAI,UAAU,GAAG,UAAU,CAAC;AAAA,EAGvD,MAAM,OAAO,UAAU,OAAO;AAAA,EAC9B,MAAM,UAAW,KAAK,MAAqB;AAAA,EAC3C,MAAM,MAAM,QAAQ;AAAA,EAGpB,IAAI,MAAM;AAAA,EACV,IAAI,IAAI,GAAI,UAAU,aAAa,IAAI,GAAI,QAAQ,GAAG;AAAA,IACnD,MAAM;AAAA,EACT;AAAA,EAEA,MAAM,eAAe,IAAI;AAAA,EACzB,MAAM,aAAa,IAAI,MAAM;AAAA,EAM7B,MAAM,cAAc,WAAW,GAAG,CAAC,UAAU,CAAC;AAAA,EAC9C,MAAM,eAAe,SAAS,WAAW;AAAA,EACzC,MAAM,eAAe,SAAS,cAAc,YAAY;AAAA,EAGxD,MAAM,cAAc,SAAS,WAAW,YAAY,QAAQ,GAAG,YAAY;AAAA,EAG3E,MAAM,gBAAgB,SAEnB,SAAS,WAAW,CACvB;AAAA,EAEA,OAAO,UAAU,aAAa;AAAA;AAWjC,eAAe,8BAA8B,GAG1C;AAAA,EACA,IAAI,kBAAkB;AAAA,IACnB,OAAO;AAAA,EACV;AAAA,EAEA,MAAM,WAAW,MAAM,MAAM,cAAc,KAAK;AAAA,IAC7C,QAAQ,YAAY,QAAQ,GAAK;AAAA,EACpC,CAAC;AAAA,EAED,IAAI,CAAC,SAAS,IAAI;AAAA,IACf,MAAM,IAAI,qBACP,6CAA6C,SAAS,QACzD;AAAA,EACH;AAAA,EAEA,MAAM,cAAc,MAAM,SAAS,YAAY;AAAA,EAC/C,MAAM,OAAO,IAAI,WAAW,WAAW;AAAA,EAEvC,IAAI,KAAK,WAAW,KAAK,KAAK,OAAO,IAAM;AAAA,IACxC,MAAM,IAAI,qBAAqB,uCAAuC;AAAA,EACzE;AAAA,EAQA,MAAM,OAAO,UAAU,IAAI;AAAA,EAC3B,MAAM,WAAW,KAAK;AAAA,EAEtB,IAAI,CAAC,MAAM,QAAQ,QAAQ,KAAK,SAAS,SAAS,GAAG;AAAA,IAClD,MAAM,IAAI,qBACP,0DAA0D,UAAU,QACvE;AAAA,EACH;AAAA,EAGA,MAAM,gBAAgB,SAAS,GAAI;AAAA,EACnC,IAAI,CAAC,MAAM,QAAQ,aAAa,KAAK,cAAc,WAAW,GAAG;AAAA,IAC9D,MAAM,IAAI,qBAAqB,uCAAuC;AAAA,EACzE;AAAA,EAEA,QAAQ,eAAe,MAAa;AAAA,EACpC,MAAM,aAAa,WAAW,cAAc,GAAI,KAAmB;AAAA,EAGnE,MAAM,WAAW,SAAS;AAAA,EAC1B,IAAI,SAAS,QAAQ,GAAM;AAAA,IACxB,MAAM,IAAI,qBACP,gDAAgD,SAAS,IAAI,SAAS,EAAE,GAC3E;AAAA,EACH;AAAA,EAEA,mBAAmB;AAAA,IAChB;AAAA,IACA,YAAY,SAAS;AAAA,EACxB;AAAA,EAEA,OAAO;AAAA;AAWV,eAAsB,oBAAoB,GAAwB;AAAA,EAC/D,QAAQ,YAAY,eAAe,MAAM,+BAA+B;AAAA,EAGxE,MAAM,YAAY,SAAS,IAAI,UAAU,CAAC;AAAA,EAG1C,MAAM,gBAAgB,SAAS,WAAW,YAAY,UAAU,CAAC;AAAA,EAGjE,MAAM,sBAAsB,SACzB,SAEG,IAAI,eAAe,GAEnB,UAAU,cAAc,GAAG,CAC9B,CACH;AAAA,EAGA,MAAM,oBAAoB,SAEvB,IAAI,cAAc,GAAG,GAErB,eAEA,mBACH;AAAA,EAEA,OAAO,UAAU,iBAAiB;AAAA;AAM9B,IAAM,kBAAkB;AAAA,EAC5B,sBAAsB;AAAA,EACtB,iBAAiB;AACpB;AAAA;AAMO,MAAM,6BAA6B,MAAM;AAAA,EAC7C,WAAW,CAAC,SAAiB;AAAA,IAC1B,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAElB;;;AClQA;AAEA,IAAM,4BAA4B,EAAE,OAAO;AAAA,EACxC,GAAG,EAAE,OAAO;AAAA,EACZ,GAAG,EAAE,OAAO;AAAA,EACZ,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACvC,YAAY,EAAE,QAAQ,EAAE,SAAS;AAAA,EACjC,cAAc,EAAE,QAAQ,EAAE,SAAS;AACtC,CAAC;AAED,IAAM,qBAAqB,EAAE,OAAO;AAAA,EACjC,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC1B,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAC9C,CAAC;AAEM,IAAM,uBAAuB,EAAE,OAAO;AAAA,EAC1C,aAAa,EAAE,OAAO;AAAA,IACnB,KAAK,EAAE,WAAW,UAAU,EAAE,OAAO,CAAC,MAAM,EAAE,SAAS,GAAG;AAAA,MACvD,SAAS;AAAA,IACZ,CAAC;AAAA,IACD,UAAU,EAAE,OAAO;AAAA,IACnB,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,CAAC;AAAA,EACD,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,aAAa,EAAE,OAAO,EAAE,SAAS;AAAA,EACjC,QAAQ,EAAE,KAAK,CAAC,cAAc,kBAAkB,CAAC,EAAE,SAAS;AAAA,EAC5D,WAAW,EAAE,QAAQ,EAAE,SAAS;AAAA,EAChC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EAClC,YAAY,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC3C,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EAC7C,iBAAiB,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACpD,kBAAkB,EACd,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC,GAAG,QAAQ,EAAE,KAAK,EAAE,CAAC,EAC5D,SAAS;AAAA,EACb,YAAY,EACR,MAAM,CAAC,2BAA2B,EAAE,QAAQ,MAAM,GAAG,EAAE,QAAQ,KAAK,CAAC,CAAC,EACtE,SAAS;AAAA,EACb,aAAa,EAAE,MAAM,yBAAyB,EAAE,SAAS;AAAA,EACzD,QAAQ,mBAAmB,SAAS;AAAA,EACpC,kBAAkB,EACd,MAAM,CAAC,EAAE,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,EAChD,SAAS;AAChB,CAAC;;;AC1CD;AAAA,aAEG;AAAA,eACA;AAAA,eACA;AAAA;AAAA,iBAEA;AAAA,SACA;AAAA,cACA;AAAA;AAEH,iBAAS;AAOT,IAAM,YAAoC;AAAA,EACvC,QAAQ;AAAA,EACR,QAAQ;AAAA,EACR,QAAQ;AACX;AAGO,IAAM,oBAAoB;AAAA,EAC9B,OAAO;AAAA,EACP,SAAS;AAAA,EACT,WAAW;AACd;AAGO,IAAM,sBAAsB;AAenC,eAAsB,gBAAgB,CACnC,iBACA,QACA,gBAAgD,UAChD,SAKoB;AAAA,EAEpB,MAAM,cAAc,MAAK,eAAe,eAAe;AAAA,EAGvD,MAAM,eAAe,sBAAsB,aAAa,aAAa;AAAA,EAErE,MAAM,aAAa,SAAS,cAAc;AAAA,EAC1C,MAAM,aAAa,SAAS,cAAc;AAAA,EAC1C,MAAM,kBAAkB,SAAS,mBAAmB,CAAC;AAAA,EAErD,IAAI;AAAA,EAGJ,SAAS,UAAU,EAAG,WAAW,IAAI,YAAY,WAAW;AAAA,IACzD,IAAI,UAAU,GAAG;AAAA,MACd,MAAM,MAAM,MAAM,UAAU,KAAK,IAAI;AAAA,IACxC;AAAA,IACA,IAAI;AAAA,MACD,OAAO,MAAM,eAAe,QAAQ,cAAc,UAAU;AAAA,MAC7D,OAAO,KAAK;AAAA,MACX,YAAY,eAAe,QAAQ,MAAM,IAAI,MAAM,OAAO,GAAG,CAAC;AAAA;AAAA,EAEpE;AAAA,EAGA,WAAW,eAAe,iBAAiB;AAAA,IACxC,IAAI;AAAA,MACD,OAAO,MAAM,eAAe,aAAa,cAAc,UAAU;AAAA,MAClE,OAAO,KAAK;AAAA,MACX,YAAY,eAAe,QAAQ,MAAM,IAAI,MAAM,OAAO,GAAG,CAAC;AAAA;AAAA,EAEpE;AAAA,EAGA,MAAM,eACH,gBAAgB,SAAS,IACpB,iBAAiB,gBAAgB,KAAK,IAAI,OAC1C;AAAA,EACR,MAAM,IAAI,eACP,yDAAyD,SAAS,8BAA8B,WAAW,WAAW,WACzH;AAAA;AAOH,SAAS,KAAK,CAAC,IAA2B;AAAA,EACvC,OAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AAAA;AAM1D,eAAe,cAAc,CAC1B,KACA,cACA,WACoB;AAAA,EACpB,IAAI;AAAA,EACJ,IAAI;AAAA,IACD,WAAW,MAAM,MAAM,KAAK;AAAA,MACzB,QAAQ;AAAA,MACR,SAAS;AAAA,QACN,gBAAgB;AAAA,MACnB;AAAA,MACA,MAAM;AAAA,MACN,QAAQ,YAAY,QAAQ,SAAS;AAAA,IACxC,CAAC;AAAA,IACF,OAAO,KAAK;AAAA,IACX,MAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,IAC3D,MAAM,IAAI,MAAM,2BAA2B,cAAQ,KAAK;AAAA;AAAA,EAG3D,IAAI,CAAC,SAAS,IAAI;AAAA,IACf,MAAM,IAAI,eAAe,qBAAqB,SAAS,QAAQ;AAAA,EAClE;AAAA,EAEA,MAAM,aAAa,IAAI,WAAW,MAAM,SAAS,YAAY,CAAC;AAAA,EAC9D,OAAO,sBAAsB,UAAU;AAAA;AAiB1C,SAAS,qBAAqB,CAC3B,aACA,eACW;AAAA,EACX,MAAM,UAAU,UAAU;AAAA,EAC1B,IAAI,CAAC,SAAS;AAAA,IACX,MAAM,IAAI,eAAe,+BAA+B,eAAe;AAAA,EAC1E;AAAA,EAEA,MAAM,eAAe,UAElB,QAAQ,CAAC,GAET,UAEG,UAAS,KAAI,OAAO,CAAC,GAErB,aAAY,WAAW,CAC1B,GAEA,YAAY,IAAI,CACnB;AAAA,EAEA,OAAO,WAAU,YAAY;AAAA;AAgBhC,SAAS,qBAAqB,CAAC,SAAiC;AAAA,EAC7D,IAAI;AAAA,EACJ,IAAI;AAAA,IACD,OAAO,WAAU,OAAO;AAAA,IACzB,MAAM;AAAA,IACL,MAAM,IAAI,eAAe,2CAA2C;AAAA;AAAA,EAGvE,MAAM,WAAW,KAAK;AAAA,EACtB,IAAI,CAAC,MAAM,QAAQ,QAAQ,KAAK,SAAS,SAAS,GAAG;AAAA,IAClD,MAAM,IAAI,eACP,kDACH;AAAA,EACH;AAAA,EAGA,MAAM,aAAa,SAAS,GAAI;AAAA,EAChC,MAAM,cAAc,WAAW,GAAI;AAAA,EAEnC,MAAM,cAAc,YAAY,YAAY,SAAS;AAAA,EACrD,IAAI,gBAAgB,KAAK,gBAAgB,GAAG;AAAA,IACzC,MAAM,IAAI,eACP,2CAA2C,aAC9C;AAAA,EACH;AAAA,EAGA,IAAI,CAAC,SAAS,IAAI;AAAA,IACf,MAAM,IAAI,eAAe,6CAA6C;AAAA,EACzE;AAAA,EAEA,OAAO,WAAU,SAAS,EAAE;AAAA;AAAA;AAOxB,MAAM,uBAAuB,MAAM;AAAA,EACvC,WAAW,CAAC,SAAiB;AAAA,IAC1B,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAElB;;;AClOA,sBAAS;AAET;AAAA;AAAA;AAAA;AAAA;AAMA;AACA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACXA;AAGA,IAAM,iBAAiB;AAQhB,SAAS,uBAAuB,CACpC,KACA,MACA,YACA,UACA,SAOK;AAAA,EACL,QAAQ,GAAG,OAAO,WAAW;AAAA,EAC7B,MAAM,aAAa,WAAW,eAAe;AAAA,EAC7C,MAAM,eAAe,WAAW,iBAAiB;AAAA,EAGjD,MAAM,IAAI,KAAK,SAAS,WAAW,IAAI;AAAA,EAGvC,KAAK,cAAc;AAAA,IAChB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,aAAa;AAAA,IACb,aAAa;AAAA,EAChB,CAAC;AAAA,EAED,IAAI,SAAS;AAAA,EAGb,IAAI,YAAY;AAAA,IACb,MAAM,UACH,QAAQ,kBACP,MAAM;AAAA,MACJ,MAAM,SAAS,QAAQ,QAAQ,QAAQ;AAAA,MACvC,MAAM,QAAQ,eAAe,QAAQ;AAAA,QAClC,MAAM,QAAQ,QAAQ,QAAQ;AAAA,MACjC,CAAC;AAAA,MACD,OAAO,IAAI,SAAS,KAAK;AAAA,OACzB;AAAA,IAEN,SAAS,KAAK,IAAI,KAAK,SAAS,EAAE;AAAA,IAElC,KAAK,UAAU,SAAS;AAAA,MACrB,GAAG,IAAI;AAAA,MACP,GAAG,IAAI;AAAA,MACP,OAAO;AAAA,MACP,QAAQ;AAAA,IACX,CAAC;AAAA,EACJ;AAAA,EAGA,IAAI,cAAc;AAAA,IACf,aAAa,MAAM,UAAU;AAAA,MAC1B;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU,SAAS,IAAI,SAAS,KAAK;AAAA,IACxC,CAAC;AAAA,EACJ;AAAA,EAGA,MAAM,WAAW;AAAA,EACjB,MAAM,QAAQ,IAAI,QAAQ,IAAI,SAAS,SAAS;AAAA,EAChD,KAAK,SAAS,UAAU;AAAA,IACrB,GAAG;AAAA,IACH,GAAG,IAAI;AAAA,IACP,MAAM;AAAA,IACN,OAAO;AAAA,EACV,CAAC;AAAA;AAMJ,SAAS,YAAY,CAClB,MACA,UACA,MAOK;AAAA,EACL,MAAM,QAAQ,KAAK,IAAI,KAAK;AAAA,EAC5B,IAAI,QAAQ,KAAK,IAAI,KAAK,SAAS;AAAA,EACnC,MAAM,WAAW;AAAA,EACjB,MAAM,aAAa;AAAA,EAGnB,KAAK,SAAS,yBAAyB;AAAA,IACpC,GAAG;AAAA,IACH,GAAG;AAAA,IACH,MAAM;AAAA,IACN,OAAO;AAAA,EACV,CAAC;AAAA,EACD,SAAS,aAAa;AAAA,EAEtB,IAAI,UAAU;AAAA,IAEX,MAAM,aAAa,SAAS,QAAQ,cAAc;AAAA,IAClD,KAAK,SAAS,kBAAc,cAAc;AAAA,MACvC,GAAG;AAAA,MACH,GAAG;AAAA,MACH,MAAM;AAAA,IACT,CAAC;AAAA,IACD,SAAS;AAAA,IAGT,IAAI,SAAS,QAAQ,cAAc;AAAA,MAChC,KAAK,SAAS,YAAY,SAAS,QAAQ,gBAAgB;AAAA,QACxD,GAAG;AAAA,QACH,GAAG;AAAA,QACH,MAAM;AAAA,MACT,CAAC;AAAA,MACD,SAAS;AAAA,IACZ;AAAA,IAGA,IAAI,SAAS,UAAU,MAAM;AAAA,MAC1B,MAAM,OAAO,WAAW,SAAS,UAAU,IAAI;AAAA,MAC/C,KAAK,SAAS,SAAS,QAAQ;AAAA,QAC5B,GAAG;AAAA,QACH,GAAG;AAAA,QACH,MAAM;AAAA,MACT,CAAC;AAAA,MACD,SAAS;AAAA,IACZ,EAAO,SAAI,SAAS,UAAU,KAAK;AAAA,MAChC,MAAM,MAAM,UAAU,SAAS,UAAU,GAAG;AAAA,MAC5C,KAAK,SAAS,QAAQ,OAAO;AAAA,QAC1B,GAAG;AAAA,QACH,GAAG;AAAA,QACH,MAAM;AAAA,MACT,CAAC;AAAA,MACD,SAAS;AAAA,IACZ;AAAA,IAGA,MAAM,MAAM,IAAI;AAAA,IAChB,MAAM,UAAU,IAAI,mBAAmB,OAAO;AAAA,IAC9C,MAAM,UAAU,IAAI,mBAAmB,OAAO;AAAA,IAC9C,KAAK,SAAS,SAAS,WAAW,WAAW;AAAA,MAC1C,GAAG;AAAA,MACH,GAAG;AAAA,MACH,MAAM;AAAA,IACT,CAAC;AAAA,IACD,SAAS;AAAA,IAGT,KAAK,SAAS,gCAAgC;AAAA,MAC3C,GAAG;AAAA,MACH,GAAG;AAAA,MACH,MAAM;AAAA,IACT,CAAC;AAAA,EACJ,EAAO;AAAA,IAEJ,KAAK,SAAS,sBAAsB;AAAA,MACjC,GAAG;AAAA,MACH,GAAG;AAAA,MACH,MAAM;AAAA,IACT,CAAC;AAAA;AAAA;AAQA,SAAS,uBAAuB,CACpC,KACA,UACA,SACA,UACS;AAAA,EACT,MAAM,SAAS,UAAU,QAAQ;AAAA,EACjC,MAAM,QAAQ,eAAe,QAAQ,EAAE,MAAM,UAAU,QAAQ,IAAI,CAAC;AAAA,EACpE,OAAO,IAAI,SAAS,KAAK;AAAA;AAM5B,SAAS,UAAU,CAAC,MAAsB;AAAA,EACvC,OAAO,KAAK,QAAQ,uCAAuC,gBAAgB;AAAA;AAM9E,SAAS,SAAS,CAAC,KAAqB;AAAA,EACrC,OAAO,IAAI,QAAQ,gCAAgC,aAAa;AAAA;;;AD5JnE,eAAsB,OAAO,CAC1B,KACA,SACoB;AAAA,EAEpB,IAAI;AAAA,EACJ,IAAI,eAAe,gBAAgB;AAAA,IAChC,MAAM,SAAuB,CAAC;AAAA,IAC9B,MAAM,SAAS,IAAI,UAAU;AAAA,IAC7B,IAAI;AAAA,MACD,OAAO,MAAM;AAAA,QACV,QAAQ,MAAM,UAAU,MAAM,OAAO,KAAK;AAAA,QAC1C,IAAI;AAAA,UAAM;AAAA,QACV,IAAI;AAAA,UAAO,OAAO,KAAK,KAAK;AAAA,MAC/B;AAAA,cACD;AAAA,MACC,OAAO,YAAY;AAAA;AAAA,IAEtB,MAAM,cAAc,OAAO,OAAO,CAAC,KAAK,MAAM,MAAM,EAAE,QAAQ,CAAC;AAAA,IAC/D,WAAW,IAAI,WAAW,WAAW;AAAA,IACrC,IAAI,SAAS;AAAA,IACb,WAAW,SAAS,QAAQ;AAAA,MACzB,SAAS,IAAI,OAAO,MAAM;AAAA,MAC1B,UAAU,MAAM;AAAA,IACnB;AAAA,EACH,EAAO;AAAA,IACJ,WAAW;AAAA;AAAA,EAId,MAAM,OAAO,qBAAqB,MAAM,OAAO;AAAA,EAI/C,QAAQ,aAAa,YAAY,UAAU,MAAM,YAC9C,KAAK,YAAY,KACjB,KAAK,YAAY,QACpB;AAAA,EAGA,IAAI,WAAmC;AAAA,EACvC,IAAI;AAAA,IACD,WAAW,iBACR,KAAK,YAAY,KACjB,KAAK,YAAY,QACpB;AAAA,IACD,MAAM;AAAA,EAKR,MAAM,MAAM,QAAQ,QAAQ;AAAA,EAG5B,IAAI,qBAAqB,KAAK;AAAA,EAG9B,IAAI,KAAK,eAAe,QAAQ;AAAA,IAC7B,MAAM,WAAW,sBAAsB,UAAU;AAAA,MAC9C,YAAY,UAAU,QAAQ,cAAc;AAAA,MAC5C,cAAc,UAAU,QAAQ,gBAAgB;AAAA,MAChD,eAAe;AAAA,MACf,OAAO;AAAA,MACP,QAAQ;AAAA,IACX,CAAC;AAAA,IAED,IAAI,UAAU;AAAA,MACX,qBAAqB;AAAA,QAClB,GAAG,SAAS;AAAA,QACZ,GAAG,SAAS;AAAA,QACZ,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,MAAM,SAAS;AAAA,MAClB;AAAA,IACH,EAAO;AAAA,MAEJ,qBAAqB;AAAA,QAClB,GAAG;AAAA,QACH,GAAG;AAAA,QACH,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,MAAM;AAAA,MACT;AAAA;AAAA,EAEN,EAAO;AAAA,IACJ,qBAAqB,KAAK,eAAe,QAAQ,QAAQ,KAAK;AAAA;AAAA,EAIjE,IAAI,uBAAuB,SAAS,oBAAoB;AAAA,IACrD,MAAM,YAAY,mBAAmB,QAAQ;AAAA,IAE7C,IAAI,YAAY,KAAK,aAAa,IAAI,WAAW;AAAA,MAC9C,MAAM,IAAI,aACP,uBAAuB,sBAAsB,IAAI,kBACpD;AAAA,IACH;AAAA,IAEA,MAAM,OAAO,IAAI,QAAQ,SAAS;AAAA,IAElC,wBAAwB,KAAK,MAAM,oBAAoB,UAAU;AAAA,MAC9D,QAAQ,KAAK;AAAA,MACb,UAAU,KAAK;AAAA,MACf,QAAQ,KAAK;AAAA,MACb,SAAS;AAAA,IACZ,CAAC;AAAA,EACJ;AAAA,EAGA,IAAI,KAAK,eAAe,KAAK,YAAY,SAAS,GAAG;AAAA,IAGlD,MAAM,UAAU,KAAK,YAAY,KAAK,CAAC,MAAM,EAAE,eAAe,KAAK;AAAA,IAGnE,MAAM,gBAAgB,UACjB,wBAAwB,KAAK,UAAU,UAAU,KAAK,MAAM,IAC5D;AAAA,IAEL,WAAW,OAAO,KAAK,aAAa;AAAA,MACjC,MAAM,YAAY,IAAI,QAAQ;AAAA,MAE9B,IAAI,YAAY,KAAK,aAAa,IAAI,WAAW;AAAA,QAC9C,MAAM,IAAI,aACP,sBAAsB,qCAAqC,IAAI,kBAClE;AAAA,MACH;AAAA,MAEA,MAAM,OAAO,IAAI,QAAQ,SAAS;AAAA,MAElC,wBAAwB,KAAK,MAAM,KAAK,UAAU;AAAA,QAC/C,QAAQ,KAAK;AAAA,QACb,UAAU,KAAK;AAAA,QACf,QAAQ,KAAK;AAAA,QACb,SAAS;AAAA,QACT,eAAe;AAAA,MAClB,CAAC;AAAA,IACJ;AAAA,EACH;AAAA,EAGA,MAAM,aACH,UAAU,QAAQ,cAClB,KAAK,YAAY,QACjB;AAAA,EAKH,MAAM,iBACH,YAAY,SAAS,MAAM,OAAO,CAAC,KAAK,MAAM,MAAM,EAAE,QAAQ,CAAC;AAAA,EAClE,MAAM,kBAAkB,KAAK,IAC1B,OACA,iBAAiB,KAAK,KAAK,SAAS,OAAO,KAAK,IACnD;AAAA,EAIA,MAAM,iBAAiB,qBAChB,mBAAyC,QAAQ,IAClD,KAAK,cAAc,IAAI,QAAQ;AAAA,EAErC,QAAQ,KAAK,uBAAuB,IAAI,oBAAoB;AAAA,IACzD,QAAQ,KAAK,UAAU;AAAA,IACvB,MAAM;AAAA,IACN,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB;AAAA,IACA,kBAAkB,KAAK,oBAAoB;AAAA,IAC3C;AAAA,EACH,CAAC;AAAA,EAGD,QAAQ,cAAc,cAAc,kBAAkB;AAAA,EACtD,MAAM,cAAc,mBAAmB,oBAAoB,SAAS;AAAA,EAKpE,MAAM,0BAA0C,CAAC;AAAA,EAEjD,IAAI,KAAK,WAAW,oBAAoB;AAAA,IAErC,MAAM,YAAY,0BAA0B,WAAW;AAAA,IACvD,wBAAwB,KAAK;AAAA,MAC1B,KAAK,gBAAgB;AAAA,MACrB,QAAQ,CAAC,SAAS;AAAA,IACrB,CAAC;AAAA,IAGD,IAAI;AAAA,MACD,MAAM,YAAY,MAAM,qBAAqB;AAAA,MAC7C,wBAAwB,KAAK;AAAA,QAC1B,KAAK,gBAAgB;AAAA,QACrB,QAAQ,CAAC,SAAS;AAAA,MACrB,CAAC;AAAA,MACF,MAAM;AAAA,EAIX;AAAA,EAGA,MAAM,4BAA4C,CAAC;AAAA,EAGnD,MAAM,aAAa,MAAM,iBAAiB;AAAA,IACvC,SAAS;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,IACA,eAAe;AAAA,IACf,yBACG,wBAAwB,SAAS,IAC5B,0BACA;AAAA,IACR,2BACG,0BAA0B,SAAS,IAC9B,4BACA;AAAA,IACR,UAAU;AAAA,EACb,CAAC;AAAA,EAGD,IAAI,KAAK,aAAa,KAAK,QAAQ;AAAA,IAChC,IAAI;AAAA,MACD,MAAM,UAAU,MAAM,iBACnB,sBAAsB,UAAU,GAChC,KAAK,QACL,UACA;AAAA,QACG,YAAY,KAAK;AAAA,QACjB,YAAY,KAAK;AAAA,QACjB,iBAAiB,KAAK;AAAA,MACzB,CACH;AAAA,MACA,0BAA0B,KAAK;AAAA,QAC5B,KAAK;AAAA,QACL,QAAQ,CAAC,OAAO;AAAA,MACnB,CAAC;AAAA,MACF,OAAO,KAAK;AAAA,MAEX,KAAK,mBAAmB,GAAG;AAAA;AAAA,EAEjC;AAAA,EAGA,MAAM,kBAAkB,uBACrB,YACA,yBACH;AAAA,EAGA,OAAO,eAAe,oBAAoB,eAAe;AAAA;AAgB5D,SAAS,qBAAqB,CAAC,gBAAwC;AAAA,EACpE,MAAM,cAAc,WAAU,cAAc;AAAA,EAC5C,MAAM,iBACF,YAAY,MAAqB,GAAI,MACvC;AAAA,EAEF,MAAM,iBAAkB,eAAe,MAAqB,GAAG,EAAE;AAAA,EACjE,MAAM,aAAc,eAAe,MAAqB;AAAA,EACxD,MAAM,gBAAiB,WAAW,MAAqB;AAAA,EACvD,OAAO,cAAc;AAAA;AAAA;AAOjB,MAAM,qBAAqB,MAAM;AAAA,EACrC,WAAW,CAAC,SAAiB;AAAA,IAC1B,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAElB;",
|
|
13
|
+
"debugId": "7527099A32B0EC4564756E2164756E21",
|
|
14
|
+
"names": []
|
|
15
|
+
}
|
package/dist/index.d.ts
CHANGED
|
@@ -8,9 +8,10 @@
|
|
|
8
8
|
*/
|
|
9
9
|
export type { BatchSignEvent, BatchSignInput } from "./batch.ts";
|
|
10
10
|
export { signPdfBatch, signPdfBatchToArray } from "./batch.ts";
|
|
11
|
+
export { detectSigningPosition } from "./detect-position.ts";
|
|
11
12
|
export { buildSignaturePolicy, buildSigningCertificateV2, clearPolicyCache, ICP_BRASIL_OIDS, SignaturePolicyError, } from "./icp-brasil.ts";
|
|
12
13
|
export { pdfSignOptionsSchema } from "./schemas.ts";
|
|
13
14
|
export { PdfSignError, signPdf } from "./sign-pdf.ts";
|
|
14
15
|
export { requestTimestamp, TIMESTAMP_SERVERS, TIMESTAMP_TOKEN_OID, TimestampError, } from "./timestamp.ts";
|
|
15
|
-
export type { PdfSignOptions, QrCodeConfig, SignatureAppearance, } from "./types.ts";
|
|
16
|
+
export type { DetectedPosition, DetectPositionOptions, PdfSignOptions, QrCodeConfig, SignatureAppearance, } from "./types.ts";
|
|
16
17
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,YAAY,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAC/D,OAAO,EACJ,oBAAoB,EACpB,yBAAyB,EACzB,gBAAgB,EAChB,eAAe,EACf,oBAAoB,GACtB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,EACJ,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,cAAc,GAChB,MAAM,gBAAgB,CAAC;AACxB,YAAY,EACT,cAAc,EACd,YAAY,EACZ,mBAAmB,GACrB,MAAM,YAAY,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,YAAY,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EACJ,oBAAoB,EACpB,yBAAyB,EACzB,gBAAgB,EAChB,eAAe,EACf,oBAAoB,GACtB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,EACJ,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,cAAc,GAChB,MAAM,gBAAgB,CAAC;AACxB,YAAY,EACT,gBAAgB,EAChB,qBAAqB,EACrB,cAAc,EACd,YAAY,EACZ,mBAAmB,GACrB,MAAM,YAAY,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -9,10 +9,11 @@ import {
|
|
|
9
9
|
buildSignaturePolicy,
|
|
10
10
|
buildSigningCertificateV2,
|
|
11
11
|
clearPolicyCache,
|
|
12
|
+
detectSigningPosition,
|
|
12
13
|
pdfSignOptionsSchema,
|
|
13
14
|
requestTimestamp,
|
|
14
15
|
signPdf
|
|
15
|
-
} from "./index-
|
|
16
|
+
} from "./index-e7qwas47.js";
|
|
16
17
|
|
|
17
18
|
// src/batch.ts
|
|
18
19
|
async function* signPdfBatch(files, options) {
|
|
@@ -72,6 +73,7 @@ export {
|
|
|
72
73
|
signPdf,
|
|
73
74
|
requestTimestamp,
|
|
74
75
|
pdfSignOptionsSchema,
|
|
76
|
+
detectSigningPosition,
|
|
75
77
|
clearPolicyCache,
|
|
76
78
|
buildSigningCertificateV2,
|
|
77
79
|
buildSignaturePolicy,
|
|
@@ -83,4 +85,4 @@ export {
|
|
|
83
85
|
ICP_BRASIL_OIDS
|
|
84
86
|
};
|
|
85
87
|
|
|
86
|
-
//# debugId=
|
|
88
|
+
//# debugId=31F738785901A9FF64756E2164756E21
|
package/dist/index.js.map
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
"sourcesContent": [
|
|
5
5
|
"import { signPdf } from \"./sign-pdf.ts\";\nimport type { PdfSignOptions } from \"./types.ts\";\n\n/**\n * Input for a single PDF in a batch signing operation.\n */\nexport type BatchSignInput = {\n /** Filename for identification in events */\n filename: string;\n /** PDF content as Uint8Array or ReadableStream */\n pdf: Uint8Array | ReadableStream<Uint8Array>;\n /** Per-file option overrides merged with base options */\n options?: Partial<PdfSignOptions>;\n};\n\n/**\n * Events emitted during batch signing.\n */\nexport type BatchSignEvent =\n | { type: \"file_start\"; fileIndex: number; filename: string }\n | {\n type: \"file_complete\";\n fileIndex: number;\n filename: string;\n signed: Uint8Array;\n }\n | { type: \"file_error\"; fileIndex: number; filename: string; error: string }\n | { type: \"batch_complete\"; totalFiles: number; errorCount: number };\n\n/**\n * Sign multiple PDFs sequentially, yielding progress events.\n *\n * Yields control between each signing operation to prevent blocking\n * the event loop under bulk load.\n *\n * @param files - Array of PDFs with filename and optional per-file options\n * @param options - Base signing options (per-file options override these)\n * @yields BatchSignEvent for each file start, completion, error, and batch complete\n */\nexport async function* signPdfBatch(\n files: BatchSignInput[],\n options: PdfSignOptions,\n): AsyncGenerator<BatchSignEvent> {\n let errorCount = 0;\n let processedCount = 0;\n\n for (let i = 0; i < files.length; i++) {\n const file = files[i];\n if (!file) continue;\n processedCount++;\n\n yield { type: \"file_start\", fileIndex: i, filename: file.filename };\n\n try {\n // Merge per-file options with base options (file.options takes priority)\n const mergedOptions: PdfSignOptions = { ...options, ...file.options };\n\n const signed = await signPdf(file.pdf, mergedOptions);\n\n yield {\n type: \"file_complete\",\n fileIndex: i,\n filename: file.filename,\n signed,\n };\n } catch (err) {\n errorCount++;\n yield {\n type: \"file_error\",\n fileIndex: i,\n filename: file.filename,\n error: err instanceof Error ? err.message : String(err),\n };\n }\n\n // Yield control between files to prevent event loop blocking\n await new Promise<void>((resolve) => setTimeout(resolve, 0));\n }\n\n yield { type: \"batch_complete\", totalFiles: processedCount, errorCount };\n}\n\n/**\n * Sign multiple PDFs sequentially, collecting all results.\n *\n * Convenience wrapper around {@link signPdfBatch} that collects all events\n * into an array of results.\n *\n * @param files - Array of PDFs with filename and optional per-file options\n * @param options - Base signing options\n * @returns Array of results with signed PDF bytes or error per file\n */\nexport async function signPdfBatchToArray(\n files: BatchSignInput[],\n options: PdfSignOptions,\n): Promise<{ filename: string; signed?: Uint8Array; error?: string }[]> {\n const results: { filename: string; signed?: Uint8Array; error?: string }[] =\n files.map((f) => ({ filename: f.filename }));\n\n for await (const event of signPdfBatch(files, options)) {\n switch (event.type) {\n case \"file_complete\": {\n const r = results[event.fileIndex];\n if (r) r.signed = event.signed;\n break;\n }\n case \"file_error\": {\n const r = results[event.fileIndex];\n if (r) r.error = event.error;\n break;\n }\n }\n }\n\n return results;\n}\n"
|
|
6
6
|
],
|
|
7
|
-
"mappings": "
|
|
8
|
-
"debugId": "
|
|
7
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAuCA,gBAAuB,YAAY,CAChC,OACA,SAC+B;AAAA,EAC/B,IAAI,aAAa;AAAA,EACjB,IAAI,iBAAiB;AAAA,EAErB,SAAS,IAAI,EAAG,IAAI,MAAM,QAAQ,KAAK;AAAA,IACpC,MAAM,OAAO,MAAM;AAAA,IACnB,IAAI,CAAC;AAAA,MAAM;AAAA,IACX;AAAA,IAEA,MAAM,EAAE,MAAM,cAAc,WAAW,GAAG,UAAU,KAAK,SAAS;AAAA,IAElE,IAAI;AAAA,MAED,MAAM,gBAAgC,KAAK,YAAY,KAAK,QAAQ;AAAA,MAEpE,MAAM,SAAS,MAAM,QAAQ,KAAK,KAAK,aAAa;AAAA,MAEpD,MAAM;AAAA,QACH,MAAM;AAAA,QACN,WAAW;AAAA,QACX,UAAU,KAAK;AAAA,QACf;AAAA,MACH;AAAA,MACD,OAAO,KAAK;AAAA,MACX;AAAA,MACA,MAAM;AAAA,QACH,MAAM;AAAA,QACN,WAAW;AAAA,QACX,UAAU,KAAK;AAAA,QACf,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,MACzD;AAAA;AAAA,IAIH,MAAM,IAAI,QAAc,CAAC,YAAY,WAAW,SAAS,CAAC,CAAC;AAAA,EAC9D;AAAA,EAEA,MAAM,EAAE,MAAM,kBAAkB,YAAY,gBAAgB,WAAW;AAAA;AAa1E,eAAsB,mBAAmB,CACtC,OACA,SACqE;AAAA,EACrE,MAAM,UACH,MAAM,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE;AAAA,EAE9C,iBAAiB,SAAS,aAAa,OAAO,OAAO,GAAG;AAAA,IACrD,QAAQ,MAAM;AAAA,WACN,iBAAiB;AAAA,QACnB,MAAM,IAAI,QAAQ,MAAM;AAAA,QACxB,IAAI;AAAA,UAAG,EAAE,SAAS,MAAM;AAAA,QACxB;AAAA,MACH;AAAA,WACK,cAAc;AAAA,QAChB,MAAM,IAAI,QAAQ,MAAM;AAAA,QACxB,IAAI;AAAA,UAAG,EAAE,QAAQ,MAAM;AAAA,QACvB;AAAA,MACH;AAAA;AAAA,EAEN;AAAA,EAEA,OAAO;AAAA;",
|
|
8
|
+
"debugId": "31F738785901A9FF64756E2164756E21",
|
|
9
9
|
"names": []
|
|
10
10
|
}
|
package/dist/schemas.d.ts
CHANGED
|
@@ -29,7 +29,7 @@ export declare const pdfSignOptionsSchema: z.ZodObject<{
|
|
|
29
29
|
page: z.ZodOptional<z.ZodNumber>;
|
|
30
30
|
showQrCode: z.ZodOptional<z.ZodBoolean>;
|
|
31
31
|
showCertInfo: z.ZodOptional<z.ZodBoolean>;
|
|
32
|
-
}, z.core.$strip>, z.ZodLiteral<false>]>>;
|
|
32
|
+
}, z.core.$strip>, z.ZodLiteral<"auto">, z.ZodLiteral<false>]>>;
|
|
33
33
|
appearances: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
34
34
|
x: z.ZodNumber;
|
|
35
35
|
y: z.ZodNumber;
|
package/dist/sign-pdf.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sign-pdf.d.ts","sourceRoot":"","sources":["../src/sign-pdf.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;
|
|
1
|
+
{"version":3,"file":"sign-pdf.d.ts","sourceRoot":"","sources":["../src/sign-pdf.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AA8BH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEjD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,OAAO,CAC1B,GAAG,EAAE,UAAU,GAAG,cAAc,CAAC,UAAU,CAAC,EAC5C,OAAO,EAAE,cAAc,GACvB,OAAO,CAAC,UAAU,CAAC,CA2PrB;AA+BD,qBAAa,YAAa,SAAQ,KAAK;gBACxB,OAAO,EAAE,MAAM;CAI7B"}
|
package/dist/types.d.ts
CHANGED
|
@@ -64,8 +64,8 @@ export type PdfSignOptions = {
|
|
|
64
64
|
tsaFallbackUrls?: string[];
|
|
65
65
|
/** Called when timestamping fails (non-fatal). Receives the error for logging/metrics. */
|
|
66
66
|
onTimestampError?: (error: unknown) => void;
|
|
67
|
-
/** Visual signature appearance (false to disable) */
|
|
68
|
-
appearance?: SignatureAppearance | false;
|
|
67
|
+
/** Visual signature appearance (false to disable, "auto" for auto-detection) */
|
|
68
|
+
appearance?: SignatureAppearance | "auto" | false;
|
|
69
69
|
/** Multiple visual signature appearances — renders a stamp on each specified page */
|
|
70
70
|
appearances?: SignatureAppearance[];
|
|
71
71
|
/** QR code configuration for the visual signature */
|
|
@@ -73,4 +73,32 @@ export type PdfSignOptions = {
|
|
|
73
73
|
/** DocMDP permission level: 1 = no changes, 2 = form fill + sign (default), 3 = form fill + sign + annotate */
|
|
74
74
|
docMdpPermission?: 1 | 2 | 3;
|
|
75
75
|
};
|
|
76
|
+
/**
|
|
77
|
+
* Result of automatic signature position detection
|
|
78
|
+
*/
|
|
79
|
+
export type DetectedPosition = {
|
|
80
|
+
/** Page index (0-based) */
|
|
81
|
+
page: number;
|
|
82
|
+
/** X coordinate from left (in points) */
|
|
83
|
+
x: number;
|
|
84
|
+
/** Y coordinate from top (in points, user-facing) */
|
|
85
|
+
y: number;
|
|
86
|
+
/** Confidence score (0-1) */
|
|
87
|
+
confidence: number;
|
|
88
|
+
};
|
|
89
|
+
/**
|
|
90
|
+
* Options for signature position detection
|
|
91
|
+
*/
|
|
92
|
+
export type DetectPositionOptions = {
|
|
93
|
+
/** Signer's full name to search for (from certificate CN) */
|
|
94
|
+
signerName?: string;
|
|
95
|
+
/** Company/organization name to search for */
|
|
96
|
+
organization?: string;
|
|
97
|
+
/** Preferred page to search first (-1 = last page, default) */
|
|
98
|
+
preferredPage?: number;
|
|
99
|
+
/** Default signature box width */
|
|
100
|
+
width?: number;
|
|
101
|
+
/** Default signature box height */
|
|
102
|
+
height?: number;
|
|
103
|
+
};
|
|
76
104
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAC/B,yCAAyC;IACzC,CAAC,EAAE,MAAM,CAAC;IACV,2CAA2C;IAC3C,CAAC,EAAE,MAAM,CAAC;IACV,yCAAyC;IACzC,KAAK,EAAE,MAAM,CAAC;IACd,0CAA0C;IAC1C,MAAM,EAAE,MAAM,CAAC;IACf,0CAA0C;IAC1C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,qDAAqD;IACrD,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,+DAA+D;IAC/D,YAAY,CAAC,EAAE,OAAO,CAAC;CACzB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACxB,uEAAuE;IACvE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,mDAAmD;IACnD,IAAI,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;IAC1B,8BAA8B;IAC9B,WAAW,EAAE;QACV,gCAAgC;QAChC,GAAG,EAAE,UAAU,CAAC;QAChB,oCAAoC;QACpC,QAAQ,EAAE,MAAM,CAAC;QACjB,2CAA2C;QAC3C,IAAI,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,yBAAyB;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,sCAAsC;IACtC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,0BAA0B;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,+FAA+F;IAC/F,MAAM,CAAC,EAAE,YAAY,GAAG,kBAAkB,CAAC;IAC3C,gDAAgD;IAChD,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,2BAA2B;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,qDAAqD;IACrD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iHAAiH;IACjH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,yEAAyE;IACzE,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,0FAA0F;IAC1F,gBAAgB,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,IAAI,CAAC;IAC5C,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAC/B,yCAAyC;IACzC,CAAC,EAAE,MAAM,CAAC;IACV,2CAA2C;IAC3C,CAAC,EAAE,MAAM,CAAC;IACV,yCAAyC;IACzC,KAAK,EAAE,MAAM,CAAC;IACd,0CAA0C;IAC1C,MAAM,EAAE,MAAM,CAAC;IACf,0CAA0C;IAC1C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,qDAAqD;IACrD,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,+DAA+D;IAC/D,YAAY,CAAC,EAAE,OAAO,CAAC;CACzB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACxB,uEAAuE;IACvE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,mDAAmD;IACnD,IAAI,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;IAC1B,8BAA8B;IAC9B,WAAW,EAAE;QACV,gCAAgC;QAChC,GAAG,EAAE,UAAU,CAAC;QAChB,oCAAoC;QACpC,QAAQ,EAAE,MAAM,CAAC;QACjB,2CAA2C;QAC3C,IAAI,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,yBAAyB;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,sCAAsC;IACtC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,0BAA0B;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,+FAA+F;IAC/F,MAAM,CAAC,EAAE,YAAY,GAAG,kBAAkB,CAAC;IAC3C,gDAAgD;IAChD,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,2BAA2B;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,qDAAqD;IACrD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iHAAiH;IACjH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,yEAAyE;IACzE,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,0FAA0F;IAC1F,gBAAgB,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,IAAI,CAAC;IAC5C,gFAAgF;IAChF,UAAU,CAAC,EAAE,mBAAmB,GAAG,MAAM,GAAG,KAAK,CAAC;IAClD,qFAAqF;IACrF,WAAW,CAAC,EAAE,mBAAmB,EAAE,CAAC;IACpC,qDAAqD;IACrD,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,+GAA+G;IAC/G,gBAAgB,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;CAC/B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC5B,2BAA2B;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,yCAAyC;IACzC,CAAC,EAAE,MAAM,CAAC;IACV,qDAAqD;IACrD,CAAC,EAAE,MAAM,CAAC;IACV,6BAA6B;IAC7B,UAAU,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG;IACjC,6DAA6D;IAC7D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,8CAA8C;IAC9C,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,+DAA+D;IAC/D,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,kCAAkC;IAClC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mCAAmC;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC;CAClB,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@f-o-t/e-signature",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.3.1",
|
|
4
4
|
"description": "PAdES PDF signing with ICP-Brasil compliance",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -33,7 +33,7 @@
|
|
|
33
33
|
"@f-o-t/asn1": "^1.0.0",
|
|
34
34
|
"@f-o-t/crypto": "^1.3.0",
|
|
35
35
|
"@f-o-t/digital-certificate": "^2.3.0",
|
|
36
|
-
"@f-o-t/pdf": "^0.3.
|
|
36
|
+
"@f-o-t/pdf": "^0.3.10",
|
|
37
37
|
"@f-o-t/qrcode": "^1.0.2",
|
|
38
38
|
"zod": "^4.3.6"
|
|
39
39
|
},
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"version": 3,
|
|
3
|
-
"sources": ["../src/icp-brasil.ts", "../src/schemas.ts", "../src/timestamp.ts", "../src/sign-pdf.ts", "../src/appearance.ts"],
|
|
4
|
-
"sourcesContent": [
|
|
5
|
-
"/**\n * ICP-Brasil Attributes for PAdES Signatures\n *\n * Implements the id-aa-signingCertificateV2 (RFC 5035) and\n * id-aa-ets-sigPolicyId attributes required by ICP-Brasil.\n *\n * Uses @f-o-t/asn1 for ASN.1 construction and @f-o-t/crypto for hashing.\n */\n\nimport {\n type Asn1Node,\n contextTag,\n decodeDer,\n encodeDer,\n ia5String,\n nullValue,\n octetString,\n oid,\n sequence,\n} from \"@f-o-t/asn1\";\nimport { hash } from \"@f-o-t/crypto\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\n/** SHA-256 Algorithm OID */\nconst SHA256_OID = \"2.16.840.1.101.3.4.2.1\";\n\n/** id-aa-signingCertificateV2 OID (RFC 5035) */\nconst SIGNING_CERTIFICATE_V2_OID = \"1.2.840.113549.1.9.16.2.47\";\n\n/** id-aa-ets-sigPolicyId OID */\nconst SIGNATURE_POLICY_OID = \"1.2.840.113549.1.9.16.2.15\";\n\n/** ICP-Brasil PAdES Policy (PA_PAdES_AD_RB_v1_1) */\nconst POLICY_CONFIG = {\n OID: \"2.16.76.1.7.1.11.1.1\",\n URL: \"http://politicas.icpbrasil.gov.br/PA_PAdES_AD_RB_v1_1.der\",\n} as const;\n\n/** id-spq-ets-uri OID */\nconst SPQ_ETS_URI_OID = \"1.2.840.113549.1.9.16.5.1\";\n\n// ---------------------------------------------------------------------------\n// Cached policy data\n// ---------------------------------------------------------------------------\n\nlet cachedPolicyData: {\n hashAlgOid: string;\n policyHash: Uint8Array;\n} | null = null;\n\n/**\n * Clear the cached signature policy data.\n * Useful for testing or forcing a re-download.\n */\nexport function clearPolicyCache(): void {\n cachedPolicyData = null;\n}\n\n// ---------------------------------------------------------------------------\n// Signing Certificate V2\n// ---------------------------------------------------------------------------\n\n/**\n * Build the id-aa-signingCertificateV2 attribute value (DER-encoded).\n *\n * This attribute links the signature to the specific certificate used to\n * create it, preventing substitution attacks.\n *\n * ASN.1 structure (RFC 5035):\n *\n * SigningCertificateV2 ::= SEQUENCE {\n * certs SEQUENCE OF ESSCertIDv2\n * }\n *\n * ESSCertIDv2 ::= SEQUENCE {\n * hashAlgorithm AlgorithmIdentifier DEFAULT {algorithm id-sha256},\n * certHash Hash,\n * issuerSerial IssuerSerial OPTIONAL\n * }\n *\n * IssuerSerial ::= SEQUENCE {\n * issuer GeneralNames,\n * serialNumber CertificateSerialNumber\n * }\n *\n * @param certDer - DER-encoded X.509 certificate\n * @returns DER-encoded SigningCertificateV2 value\n */\nexport function buildSigningCertificateV2(certDer: Uint8Array): Uint8Array {\n // 1. Hash the DER certificate with SHA-256\n const certHash = hash(\"sha256\", certDer);\n\n // 2. Build AlgorithmIdentifier for SHA-256\n const hashAlgId = sequence(oid(SHA256_OID), nullValue());\n\n // 3. Extract issuer and serial number from the certificate\n const cert = decodeDer(certDer);\n const tbsCert = (cert.value as Asn1Node[])[0]!;\n const tbs = tbsCert.value as Asn1Node[];\n\n // version is [0] EXPLICIT, so tbs[0] may be version context tag\n let idx = 0;\n if (tbs[0]!.class === \"context\" && tbs[0]!.tag === 0) {\n idx = 1;\n }\n\n const serialNumber = tbs[idx]!; // INTEGER\n const issuerName = tbs[idx + 2]!; // Name SEQUENCE\n\n // 4. Build IssuerSerial\n // IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber INTEGER }\n // GeneralNames ::= SEQUENCE OF GeneralName\n // GeneralName ::= directoryName [4] Name\n const generalName = contextTag(4, [issuerName]);\n const generalNames = sequence(generalName);\n const issuerSerial = sequence(generalNames, serialNumber);\n\n // 5. Build ESSCertIDv2\n const essCertIdV2 = sequence(hashAlgId, octetString(certHash), issuerSerial);\n\n // 6. Build SigningCertificateV2\n const signingCertV2 = sequence(\n // certs SEQUENCE OF ESSCertIDv2\n sequence(essCertIdV2),\n );\n\n return encodeDer(signingCertV2);\n}\n\n// ---------------------------------------------------------------------------\n// Signature Policy\n// ---------------------------------------------------------------------------\n\n/**\n * Download and parse the ICP-Brasil signature policy DER file.\n * Extracts the embedded signPolicyHash from the ASN.1 structure.\n */\nasync function downloadAndParsePolicyDocument(): Promise<{\n hashAlgOid: string;\n policyHash: Uint8Array;\n}> {\n if (cachedPolicyData) {\n return cachedPolicyData;\n }\n\n const response = await fetch(POLICY_CONFIG.URL);\n\n if (!response.ok) {\n throw new SignaturePolicyError(\n `Failed to download signature policy: HTTP ${response.status}`,\n );\n }\n\n const arrayBuffer = await response.arrayBuffer();\n const data = new Uint8Array(arrayBuffer);\n\n if (data.length === 0 || data[0] !== 0x30) {\n throw new SignaturePolicyError(\"Invalid DER format in policy document\");\n }\n\n // Parse the ASN.1 structure:\n // SignaturePolicy ::= SEQUENCE {\n // signPolicyHashAlg AlgorithmIdentifier,\n // signPolicyInfo SignaturePolicyInfo,\n // signPolicyHash OCTET STRING\n // }\n const asn1 = decodeDer(data);\n const children = asn1.value as Asn1Node[];\n\n if (!Array.isArray(children) || children.length < 3) {\n throw new SignaturePolicyError(\n `Unexpected policy structure: expected 3+ children, got ${children?.length}`,\n );\n }\n\n // Child[0] = AlgorithmIdentifier\n const algIdChildren = children[0]!.value as Asn1Node[];\n if (!Array.isArray(algIdChildren) || algIdChildren.length === 0) {\n throw new SignaturePolicyError(\"Invalid AlgorithmIdentifier in policy\");\n }\n\n const { bytesToOid } = await import(\"@f-o-t/asn1\");\n const hashAlgOid = bytesToOid(algIdChildren[0]!.value as Uint8Array);\n\n // Child[2] = signPolicyHash (OCTET STRING)\n const hashNode = children[2]!;\n if (hashNode.tag !== 0x04) {\n throw new SignaturePolicyError(\n `Expected OCTET STRING at child[2], got tag 0x${hashNode.tag.toString(16)}`,\n );\n }\n\n cachedPolicyData = {\n hashAlgOid,\n policyHash: hashNode.value as Uint8Array,\n };\n\n return cachedPolicyData;\n}\n\n/**\n * Build the id-aa-ets-sigPolicyId attribute value (DER-encoded).\n *\n * Downloads the ICP-Brasil PAdES signature policy and extracts the\n * embedded signPolicyHash to build the attribute.\n *\n * @returns DER-encoded SignaturePolicyIdentifier value\n */\nexport async function buildSignaturePolicy(): Promise<Uint8Array> {\n const { hashAlgOid, policyHash } = await downloadAndParsePolicyDocument();\n\n // AlgorithmIdentifier for hash (no NULL — matches policy encoding)\n const hashAlgId = sequence(oid(hashAlgOid));\n\n // SigPolicyHash (OtherHashAlgAndValue)\n const sigPolicyHash = sequence(hashAlgId, octetString(policyHash));\n\n // SigPolicyQualifiers with policy URL\n const sigPolicyQualifiers = sequence(\n sequence(\n // id-spq-ets-uri\n oid(SPQ_ETS_URI_OID),\n // Policy URL as IA5String\n ia5String(POLICY_CONFIG.URL),\n ),\n );\n\n // SignaturePolicyId\n const signaturePolicyId = sequence(\n // sigPolicyId (policy OID)\n oid(POLICY_CONFIG.OID),\n // sigPolicyHash\n sigPolicyHash,\n // sigPolicyQualifiers\n sigPolicyQualifiers,\n );\n\n return encodeDer(signaturePolicyId);\n}\n\n/**\n * Attribute OID constants for external use\n */\nexport const ICP_BRASIL_OIDS = {\n signingCertificateV2: SIGNING_CERTIFICATE_V2_OID,\n signaturePolicy: SIGNATURE_POLICY_OID,\n} as const;\n\n// ---------------------------------------------------------------------------\n// Errors\n// ---------------------------------------------------------------------------\n\nexport class SignaturePolicyError extends Error {\n constructor(message: string) {\n super(message);\n this.name = \"SignaturePolicyError\";\n }\n}\n",
|
|
6
|
-
"/**\n * Zod schemas for input validation\n */\n\nimport { z } from \"zod\";\n\nconst signatureAppearanceSchema = z.object({\n x: z.number(),\n y: z.number(),\n width: z.number().positive(),\n height: z.number().positive(),\n page: z.number().int().min(0).optional(),\n showQrCode: z.boolean().optional(),\n showCertInfo: z.boolean().optional(),\n});\n\nconst qrCodeConfigSchema = z.object({\n data: z.string().optional(),\n size: z.number().int().positive().optional(),\n});\n\nexport const pdfSignOptionsSchema = z.object({\n certificate: z.object({\n p12: z.instanceof(Uint8Array).refine((v) => v.length > 0, {\n message: \"P12 data must not be empty\",\n }),\n password: z.string(),\n name: z.string().optional(),\n }),\n reason: z.string().optional(),\n location: z.string().optional(),\n contactInfo: z.string().optional(),\n policy: z.enum([\"pades-ades\", \"pades-icp-brasil\"]).optional(),\n timestamp: z.boolean().optional(),\n tsaUrl: z.string().url().optional(),\n tsaTimeout: z.number().positive().optional(),\n tsaRetries: z.number().int().min(0).optional(),\n tsaFallbackUrls: z.array(z.string().url()).optional(),\n onTimestampError: z\n .function({ input: z.tuple([z.unknown()]), output: z.void() })\n .optional(),\n appearance: z\n .union([signatureAppearanceSchema, z.literal(false)])\n .optional(),\n appearances: z.array(signatureAppearanceSchema).optional(),\n qrCode: qrCodeConfigSchema.optional(),\n docMdpPermission: z\n .union([z.literal(1), z.literal(2), z.literal(3)])\n .optional(),\n});\n",
|
|
7
|
-
"/**\n * RFC 3161 Timestamp Client\n *\n * Requests trusted timestamps from TSA servers using native fetch.\n * Builds the TimeStampReq using @f-o-t/asn1 instead of forge.\n */\n\nimport {\n type Asn1Node,\n boolean as asn1Boolean,\n decodeDer,\n encodeDer,\n integer,\n octetString,\n oid,\n sequence,\n} from \"@f-o-t/asn1\";\nimport { hash } from \"@f-o-t/crypto\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\n/** Well-known hash algorithm OIDs */\nconst HASH_OIDS: Record<string, string> = {\n sha256: \"2.16.840.1.101.3.4.2.1\",\n sha384: \"2.16.840.1.101.3.4.2.2\",\n sha512: \"2.16.840.1.101.3.4.2.3\",\n};\n\n/** ICP-Brasil Approved Timestamp Servers */\nexport const TIMESTAMP_SERVERS = {\n VALID: \"http://timestamp.valid.com.br/tsa\",\n SAFEWEB: \"http://tsa.safeweb.com.br/tsa/tsa\",\n CERTISIGN: \"http://timestamp.certisign.com.br\",\n} as const;\n\n/** id-smime-aa-timeStampToken OID */\nexport const TIMESTAMP_TOKEN_OID = \"1.2.840.113549.1.9.16.2.14\";\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\n/**\n * Request a timestamp from a TSA server with retry and fallback support.\n *\n * @param dataToTimestamp - The data to timestamp (usually the signature value)\n * @param tsaUrl - URL of the primary timestamp server\n * @param hashAlgorithm - Hash algorithm to use (default: \"sha256\")\n * @param options - Resilience options (timeout, retries, fallback URLs)\n * @returns DER-encoded TimeStampToken\n */\nexport async function requestTimestamp(\n dataToTimestamp: Uint8Array,\n tsaUrl: string,\n hashAlgorithm: \"sha256\" | \"sha384\" | \"sha512\" = \"sha256\",\n options?: {\n tsaTimeout?: number;\n tsaRetries?: number;\n tsaFallbackUrls?: string[];\n },\n): Promise<Uint8Array> {\n // 1. Hash the data\n const messageHash = hash(hashAlgorithm, dataToTimestamp);\n\n // 2. Build TimeStampReq\n const timestampReq = buildTimestampRequest(messageHash, hashAlgorithm);\n\n const tsaTimeout = options?.tsaTimeout ?? 10000;\n const tsaRetries = options?.tsaRetries ?? 0;\n const tsaFallbackUrls = options?.tsaFallbackUrls ?? [];\n\n let lastError: Error | undefined;\n\n // 3. Try primary server: 1 initial attempt + tsaRetries retries\n for (let attempt = 1; attempt <= 1 + tsaRetries; attempt++) {\n if (attempt > 1) {\n await sleep(2 ** (attempt - 2) * 1000);\n }\n try {\n return await fetchTimestamp(tsaUrl, timestampReq, tsaTimeout);\n } catch (err) {\n lastError = err instanceof Error ? err : new Error(String(err));\n }\n }\n\n // 4. Try fallback servers (one attempt each, no delay)\n for (const fallbackUrl of tsaFallbackUrls) {\n try {\n return await fetchTimestamp(fallbackUrl, timestampReq, tsaTimeout);\n } catch (err) {\n lastError = err instanceof Error ? err : new Error(String(err));\n }\n }\n\n // 5. All servers failed\n const fallbackList =\n tsaFallbackUrls.length > 0\n ? `, fallbacks: [${tsaFallbackUrls.join(\", \")}]`\n : \"\";\n throw new TimestampError(\n `TSA request failed: all servers unreachable (primary: ${tsaUrl}${fallbackList}). Last error: ${lastError?.message ?? \"unknown\"}`,\n );\n}\n\n// ---------------------------------------------------------------------------\n// Internal\n// ---------------------------------------------------------------------------\n\nfunction sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\n/**\n * Perform a single TSA fetch attempt, wrapping network errors with a descriptive message.\n */\nasync function fetchTimestamp(\n url: string,\n timestampReq: Uint8Array,\n timeoutMs: number,\n): Promise<Uint8Array> {\n let response: Response;\n try {\n response = await fetch(url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/timestamp-query\",\n },\n body: timestampReq as unknown as BodyInit,\n signal: AbortSignal.timeout(timeoutMs),\n });\n } catch (err) {\n const msg = err instanceof Error ? err.message : String(err);\n throw new Error(`TSA server unreachable: ${url} — ${msg}`);\n }\n\n if (!response.ok) {\n throw new TimestampError(`TSA returned HTTP ${response.status}`);\n }\n\n const respBuffer = new Uint8Array(await response.arrayBuffer());\n return extractTimestampToken(respBuffer);\n}\n\n/**\n * Build a TimeStampReq (RFC 3161) as DER bytes.\n *\n * TimeStampReq ::= SEQUENCE {\n * version INTEGER { v1(1) },\n * messageImprint MessageImprint,\n * certReq BOOLEAN DEFAULT FALSE\n * }\n *\n * MessageImprint ::= SEQUENCE {\n * hashAlgorithm AlgorithmIdentifier,\n * hashedMessage OCTET STRING\n * }\n */\nfunction buildTimestampRequest(\n messageHash: Uint8Array,\n hashAlgorithm: string,\n): Uint8Array {\n const hashOid = HASH_OIDS[hashAlgorithm];\n if (!hashOid) {\n throw new TimestampError(`Unsupported hash algorithm: ${hashAlgorithm}`);\n }\n\n const timestampReq = sequence(\n // version = 1\n integer(1),\n // messageImprint\n sequence(\n // hashAlgorithm AlgorithmIdentifier\n sequence(oid(hashOid)),\n // hashedMessage OCTET STRING\n octetString(messageHash),\n ),\n // certReq = TRUE (request certificate in response)\n asn1Boolean(true),\n );\n\n return encodeDer(timestampReq);\n}\n\n/**\n * Extract the TimeStampToken from a TimeStampResp.\n *\n * TimeStampResp ::= SEQUENCE {\n * status PKIStatusInfo,\n * timeStampToken TimeStampToken OPTIONAL\n * }\n *\n * PKIStatusInfo ::= SEQUENCE {\n * status PKIStatus, -- INTEGER\n * ...\n * }\n */\nfunction extractTimestampToken(respDer: Uint8Array): Uint8Array {\n let resp: Asn1Node;\n try {\n resp = decodeDer(respDer);\n } catch {\n throw new TimestampError(\"Invalid timestamp response: not valid DER\");\n }\n\n const children = resp.value as Asn1Node[];\n if (!Array.isArray(children) || children.length < 1) {\n throw new TimestampError(\n \"Invalid timestamp response: unexpected structure\",\n );\n }\n\n // Check status\n const statusInfo = children[0]!.value as Asn1Node[];\n const statusBytes = statusInfo[0]!.value as Uint8Array;\n // Status 0 = granted, 1 = grantedWithMods\n const statusValue = statusBytes[statusBytes.length - 1]!;\n if (statusValue !== 0 && statusValue !== 1) {\n throw new TimestampError(\n `Timestamp request rejected with status: ${statusValue}`,\n );\n }\n\n // Extract token (second child)\n if (!children[1]) {\n throw new TimestampError(\"Timestamp response does not contain a token\");\n }\n\n return encodeDer(children[1]);\n}\n\n// ---------------------------------------------------------------------------\n// Errors\n// ---------------------------------------------------------------------------\n\nexport class TimestampError extends Error {\n constructor(message: string) {\n super(message);\n this.name = \"TimestampError\";\n }\n}\n",
|
|
8
|
-
"/**\n * PDF Signing — Main Entry Point\n *\n * Signs a PDF document using PAdES format with optional ICP-Brasil compliance.\n *\n * Flow:\n * 1. Parse certificate for display info\n * 2. Load PDF and draw visual appearance\n * 3. Save PDF with signature placeholder\n * 4. Find byte range and extract bytes to sign\n * 5. Build CMS/PKCS#7 SignedData with ICP-Brasil attributes\n * 6. Embed signature into PDF\n */\n\nimport type { Asn1Node } from \"@f-o-t/asn1\";\nimport { decodeDer } from \"@f-o-t/asn1\";\nimport type { CmsAttribute } from \"@f-o-t/crypto\";\nimport {\n appendUnauthAttributes,\n createSignedData,\n parsePkcs12,\n} from \"@f-o-t/crypto\";\nimport type { CertificateInfo } from \"@f-o-t/digital-certificate\";\nimport { parseCertificate } from \"@f-o-t/digital-certificate\";\nimport {\n embedSignature,\n extractBytesToSign,\n findByteRange,\n loadPdf,\n} from \"@f-o-t/pdf/plugins/editing\";\nimport {\n drawSignatureAppearance,\n precomputeSharedQrImage,\n} from \"./appearance.ts\";\nimport {\n buildSignaturePolicy,\n buildSigningCertificateV2,\n ICP_BRASIL_OIDS,\n} from \"./icp-brasil.ts\";\nimport { pdfSignOptionsSchema } from \"./schemas.ts\";\nimport { requestTimestamp, TIMESTAMP_TOKEN_OID } from \"./timestamp.ts\";\nimport type { PdfSignOptions } from \"./types.ts\";\n\n/**\n * Sign a PDF document with a digital certificate.\n *\n * Supports PAdES-BES and PAdES with ICP-Brasil compliance\n * (signing-certificate-v2 and signature-policy attributes).\n *\n * @param pdf - The PDF document as a Uint8Array or ReadableStream<Uint8Array>\n * @param options - Signing options\n * @returns The signed PDF as a Uint8Array\n *\n * @example\n * ```ts\n * const signedPdf = await signPdf(pdfBytes, {\n * certificate: { p12, password: \"secret\" },\n * reason: \"Document approval\",\n * location: \"Corporate Office\",\n * policy: \"pades-icp-brasil\",\n * });\n * ```\n */\nexport async function signPdf(\n pdf: Uint8Array | ReadableStream<Uint8Array>,\n options: PdfSignOptions,\n): Promise<Uint8Array> {\n // Accumulate ReadableStream into Uint8Array if needed\n let pdfBytes: Uint8Array;\n if (pdf instanceof ReadableStream) {\n const chunks: Uint8Array[] = [];\n const reader = pdf.getReader();\n try {\n while (true) {\n const { done, value } = await reader.read();\n if (done) break;\n if (value) chunks.push(value);\n }\n } finally {\n reader.releaseLock();\n }\n const totalLength = chunks.reduce((sum, c) => sum + c.length, 0);\n pdfBytes = new Uint8Array(totalLength);\n let offset = 0;\n for (const chunk of chunks) {\n pdfBytes.set(chunk, offset);\n offset += chunk.length;\n }\n } else {\n pdfBytes = pdf;\n }\n\n // Validate input\n const opts = pdfSignOptionsSchema.parse(options);\n\n // 1. Parse PKCS#12 early — needed both for display info and for sizing the\n // signature placeholder accurately based on the actual certificate chain length.\n const { certificate, privateKey, chain } = await parsePkcs12(\n opts.certificate.p12,\n opts.certificate.password,\n );\n\n // 1b. Parse certificate for rich display info (CPF/CNPJ, subject CN, etc.)\n let certInfo: CertificateInfo | null = null;\n try {\n certInfo = parseCertificate(\n opts.certificate.p12,\n opts.certificate.password,\n );\n } catch {\n // If parsing fails, continue without cert info for display\n }\n\n // 2. Load PDF via editing plugin\n const doc = loadPdf(pdfBytes);\n\n // 3. Draw visual signature appearance if requested\n if (opts.appearance !== false && opts.appearance) {\n const pageIndex = opts.appearance.page ?? 0;\n\n if (pageIndex < 0 || pageIndex >= doc.pageCount) {\n throw new PdfSignError(\n `Invalid page index: ${pageIndex}. PDF has ${doc.pageCount} pages.`,\n );\n }\n\n const page = doc.getPage(pageIndex);\n\n drawSignatureAppearance(doc, page, opts.appearance, certInfo, {\n reason: opts.reason,\n location: opts.location,\n qrCode: opts.qrCode,\n pdfData: pdfBytes,\n });\n }\n\n // 3b. Draw multiple visual signature appearances if provided\n if (opts.appearances && opts.appearances.length > 0) {\n // Pre-embed the QR image once so all appearances share a single PDF XObject.\n // This collapses N embedPng calls (and N IDAT buffer allocations) into 1.\n const needsQr = opts.appearances.some((a) => a.showQrCode !== false);\n // Pre-embed the QR once. Safe to pass to all appearances — drawSignatureAppearance\n // ignores it when showQrCode is false (inner guard in appearance.ts).\n const sharedQrImage = needsQr\n ? precomputeSharedQrImage(doc, certInfo, pdfBytes, opts.qrCode)\n : undefined;\n\n for (const app of opts.appearances) {\n const pageIndex = app.page ?? 0;\n\n if (pageIndex < 0 || pageIndex >= doc.pageCount) {\n throw new PdfSignError(\n `Invalid page index ${pageIndex} in appearances. PDF has ${doc.pageCount} pages.`,\n );\n }\n\n const page = doc.getPage(pageIndex);\n\n drawSignatureAppearance(doc, page, app, certInfo, {\n reason: opts.reason,\n location: opts.location,\n qrCode: opts.qrCode,\n pdfData: pdfBytes,\n preEmbeddedQr: sharedQrImage,\n });\n }\n }\n\n // 4. Save with signature placeholder\n const signerName =\n certInfo?.subject.commonName ||\n opts.certificate.name ||\n \"Digital Signature\";\n\n // Dynamic placeholder size: base 8 KB + 2× actual cert chain + 4 KB for a\n // timestamp token (if configured). Prevents \"Signature too large\" failures for\n // certificates with long chains (5+ certs) or large RSA keys.\n const certChainBytes =\n certificate.length + chain.reduce((sum, c) => sum + c.length, 0);\n const signatureLength = Math.max(\n 16384,\n certChainBytes * 2 + (opts.tsaUrl ? 4096 : 0) + 8192,\n );\n\n // Which page hosts the widget annotation — must match the visual appearance\n // page so PDF readers navigate to the right page when a signature is clicked.\n const appearancePage = opts.appearance\n ? ((opts.appearance as { page?: number }).page ?? 0)\n : (opts.appearances?.[0]?.page ?? 0);\n\n const { pdf: pdfWithPlaceholder } = doc.saveWithPlaceholder({\n reason: opts.reason || \"Digitally signed\",\n name: signerName,\n location: opts.location,\n contactInfo: opts.contactInfo,\n signatureLength,\n docMdpPermission: opts.docMdpPermission ?? 2,\n appearancePage,\n });\n\n // 5. Find byte range and extract bytes to sign\n const { byteRange } = findByteRange(pdfWithPlaceholder);\n const bytesToSign = extractBytesToSign(pdfWithPlaceholder, byteRange);\n\n // 6. Cryptographic material already parsed in step 1\n\n // 7. Build ICP-Brasil authenticated attributes if needed\n const authenticatedAttributes: CmsAttribute[] = [];\n\n if (opts.policy === \"pades-icp-brasil\") {\n // signing-certificate-v2\n const sigCertV2 = buildSigningCertificateV2(certificate);\n authenticatedAttributes.push({\n oid: ICP_BRASIL_OIDS.signingCertificateV2,\n values: [sigCertV2],\n });\n\n // signature-policy\n try {\n const sigPolicy = await buildSignaturePolicy();\n authenticatedAttributes.push({\n oid: ICP_BRASIL_OIDS.signaturePolicy,\n values: [sigPolicy],\n });\n } catch {\n // Policy download failure is non-fatal\n // The signature will still be valid PAdES-BES\n }\n }\n\n // 8. Build unauthenticated attributes\n const unauthenticatedAttributes: CmsAttribute[] = [];\n\n // 9. Create CMS/PKCS#7 SignedData\n const signedData = await createSignedData({\n content: bytesToSign,\n certificate,\n privateKey,\n chain,\n hashAlgorithm: \"sha256\",\n authenticatedAttributes:\n authenticatedAttributes.length > 0\n ? authenticatedAttributes\n : undefined,\n unauthenticatedAttributes:\n unauthenticatedAttributes.length > 0\n ? unauthenticatedAttributes\n : undefined,\n detached: true,\n });\n\n // 10. Optionally request timestamp and embed as unauthenticated attribute\n if (opts.timestamp && opts.tsaUrl) {\n try {\n const tsToken = await requestTimestamp(\n extractSignatureValue(signedData),\n opts.tsaUrl,\n \"sha256\",\n {\n tsaTimeout: opts.tsaTimeout,\n tsaRetries: opts.tsaRetries,\n tsaFallbackUrls: opts.tsaFallbackUrls,\n },\n );\n unauthenticatedAttributes.push({\n oid: TIMESTAMP_TOKEN_OID,\n values: [tsToken],\n });\n } catch (err) {\n // Timestamp failure is non-fatal\n opts.onTimestampError?.(err);\n }\n }\n\n // 11. Patch timestamp token into SignedData as unauthenticated attribute (no re-signing)\n const finalSignedData = appendUnauthAttributes(\n signedData,\n unauthenticatedAttributes,\n );\n\n // 12. Embed signature into PDF\n return embedSignature(pdfWithPlaceholder, finalSignedData);\n}\n\n// ---------------------------------------------------------------------------\n// Internal helpers\n// ---------------------------------------------------------------------------\n\n/**\n * Extract the raw signature value bytes from a DER-encoded CMS ContentInfo.\n *\n * Per CAdES (ETSI EN 319 122-1) / RFC 5126 §5.5.1, the id-smime-aa-timeStampToken\n * attribute must be a timestamp over the SignerInfo.signature octets, not the\n * full ContentInfo blob.\n *\n * ContentInfo → [0] EXPLICIT → SignedData → signerInfos[0] → signature OCTET STRING\n */\nfunction extractSignatureValue(contentInfoDer: Uint8Array): Uint8Array {\n const contentInfo = decodeDer(contentInfoDer);\n const signedDataNode = (\n (contentInfo.value as Asn1Node[])[1]!.value as Asn1Node[]\n )[0]!;\n // signerInfos is always the last child of SignedData per RFC 5652\n const signerInfosSet = (signedDataNode.value as Asn1Node[]).at(-1)!;\n const signerInfo = (signerInfosSet.value as Asn1Node[])[0]!;\n const signatureNode = (signerInfo.value as Asn1Node[])[5]!;\n return signatureNode.value as Uint8Array;\n}\n\n// ---------------------------------------------------------------------------\n// Errors\n// ---------------------------------------------------------------------------\n\nexport class PdfSignError extends Error {\n constructor(message: string) {\n super(message);\n this.name = \"PdfSignError\";\n }\n}\n",
|
|
9
|
-
"/**\n * Visual Signature Appearance\n *\n * Draws certificate information and QR code on the PDF page\n * for visible digital signatures.\n */\n\nimport { hash } from \"@f-o-t/crypto\";\nimport type { CertificateInfo } from \"@f-o-t/digital-certificate\";\nimport type {\n PdfDocument,\n PdfImage,\n PdfPage,\n} from \"@f-o-t/pdf/plugins/editing\";\nimport { generateQrCode } from \"@f-o-t/qrcode\";\nimport type { QrCodeConfig, SignatureAppearance } from \"./types.ts\";\n\n/**\n * Draw the visual signature appearance on a PDF page.\n *\n * Includes optional QR code and certificate information text.\n */\nexport function drawSignatureAppearance(\n doc: PdfDocument,\n page: PdfPage,\n appearance: SignatureAppearance,\n certInfo: CertificateInfo | null,\n options: {\n reason?: string;\n location?: string;\n qrCode?: QrCodeConfig;\n pdfData: Uint8Array;\n preEmbeddedQr?: PdfImage;\n },\n): void {\n const { x, width, height } = appearance;\n const showQrCode = appearance.showQrCode !== false;\n const showCertInfo = appearance.showCertInfo !== false;\n\n // Convert from top-left origin (user-facing) to PDF bottom-left origin.\n // Users specify y as distance from the top of the page, but PDF coordinates\n // have y=0 at the bottom.\n const y = page.height - appearance.y - height;\n\n let qrSize = 0;\n\n // Draw QR code if requested (enabled by default)\n if (showQrCode) {\n const qrImage =\n options.preEmbeddedQr ??\n (() => {\n const qrData =\n options.qrCode?.data ??\n createVerificationData(certInfo, options.pdfData);\n const qrPng = generateQrCode(qrData, {\n size: options.qrCode?.size ?? 100,\n });\n return doc.embedPng(qrPng);\n })();\n\n qrSize = Math.min(100, height - 20);\n\n page.drawImage(qrImage, {\n x: x + 10,\n y: y + 10,\n width: qrSize,\n height: qrSize,\n });\n }\n\n // Draw certificate info text\n if (showCertInfo) {\n drawCertInfo(page, certInfo, {\n x,\n y,\n width,\n height,\n qrOffset: qrSize > 0 ? qrSize + 20 : 10,\n reason: options.reason,\n location: options.location,\n });\n }\n}\n\n/**\n * Draw certificate information text on the page\n */\nfunction drawCertInfo(\n page: PdfPage,\n certInfo: CertificateInfo | null,\n opts: {\n x: number;\n y: number;\n width: number;\n height: number;\n qrOffset: number;\n reason?: string;\n location?: string;\n },\n): void {\n const textX = opts.x + opts.qrOffset;\n let textY = opts.y + opts.height - 20;\n const fontSize = 10;\n const lineHeight = 14;\n\n // Header\n page.drawText(\"ASSINADO DIGITALMENTE\", {\n x: textX,\n y: textY,\n size: 12,\n });\n textY -= lineHeight * 1.5;\n\n if (certInfo) {\n // Signer name\n const signerName = certInfo.subject.commonName || \"N/A\";\n page.drawText(`Assinado por: ${signerName}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n\n // CNPJ or CPF\n if (certInfo.brazilian.cnpj) {\n const cnpj = formatCnpj(certInfo.brazilian.cnpj);\n page.drawText(`CNPJ: ${cnpj}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n } else if (certInfo.brazilian.cpf) {\n const cpf = formatCpf(certInfo.brazilian.cpf);\n page.drawText(`CPF: ${cpf}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n }\n\n // Date and time\n const now = new Date();\n const dateStr = now.toLocaleDateString(\"pt-BR\");\n const timeStr = now.toLocaleTimeString(\"pt-BR\");\n page.drawText(`Data: ${dateStr} ${timeStr}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n\n // Location\n if (opts.location) {\n page.drawText(`Local: ${opts.location}`, {\n x: textX,\n y: textY,\n size: fontSize - 1,\n });\n }\n } else {\n // Fallback if cert info not available\n page.drawText(`Signed: ${opts.reason || \"Digital Signature\"}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n\n if (opts.location) {\n page.drawText(`Location: ${opts.location}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n }\n }\n}\n\n/**\n * Pre-compute the QR code image and embed it once into the PDF document.\n * Call this before an appearances loop so all appearances share a single XObject.\n */\nexport function precomputeSharedQrImage(\n doc: PdfDocument,\n certInfo: CertificateInfo | null,\n pdfData: Uint8Array,\n qrConfig?: QrCodeConfig,\n): PdfImage {\n const qrData = qrConfig?.data ?? createVerificationData(certInfo, pdfData);\n const qrPng = generateQrCode(qrData, { size: qrConfig?.size ?? 100 });\n return doc.embedPng(qrPng);\n}\n\n/**\n * Generate verification data for the QR code\n */\nfunction createVerificationData(\n certInfo: CertificateInfo | null,\n pdfData: Uint8Array,\n): string {\n const documentHash = toHex(hash(\"sha256\", pdfData));\n const timestamp = new Date().toISOString();\n\n if (certInfo) {\n const certFingerprint = certInfo.fingerprint;\n return (\n `https://validar.iti.gov.br/?` +\n `doc=${documentHash.substring(0, 16)}&` +\n `cert=${certFingerprint.substring(0, 16)}&` +\n `time=${encodeURIComponent(timestamp)}`\n );\n }\n\n return `https://validar.iti.gov.br/?doc=${documentHash.substring(0, 16)}&time=${encodeURIComponent(timestamp)}`;\n}\n\n/**\n * Format a CNPJ number with punctuation\n */\nfunction formatCnpj(cnpj: string): string {\n return cnpj.replace(/(\\d{2})(\\d{3})(\\d{3})(\\d{4})(\\d{2})/, \"$1.$2.$3/$4-$5\");\n}\n\n/**\n * Format a CPF number with punctuation\n */\nfunction formatCpf(cpf: string): string {\n return cpf.replace(/(\\d{3})(\\d{3})(\\d{3})(\\d{2})/, \"$1.$2.$3-$4\");\n}\n\n/**\n * Convert bytes to hex string\n */\nfunction toHex(data: Uint8Array): string {\n const chars: string[] = [];\n for (let i = 0; i < data.length; i++) {\n chars.push(data[i]!.toString(16).padStart(2, \"0\"));\n }\n return chars.join(\"\");\n}\n"
|
|
10
|
-
],
|
|
11
|
-
"mappings": ";;;;AASA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAWA;AAOA,IAAM,aAAa;AAGnB,IAAM,6BAA6B;AAGnC,IAAM,uBAAuB;AAG7B,IAAM,gBAAgB;AAAA,EACnB,KAAK;AAAA,EACL,KAAK;AACR;AAGA,IAAM,kBAAkB;AAMxB,IAAI,mBAGO;AAMJ,SAAS,gBAAgB,GAAS;AAAA,EACtC,mBAAmB;AAAA;AAiCf,SAAS,yBAAyB,CAAC,SAAiC;AAAA,EAExE,MAAM,WAAW,KAAK,UAAU,OAAO;AAAA,EAGvC,MAAM,YAAY,SAAS,IAAI,UAAU,GAAG,UAAU,CAAC;AAAA,EAGvD,MAAM,OAAO,UAAU,OAAO;AAAA,EAC9B,MAAM,UAAW,KAAK,MAAqB;AAAA,EAC3C,MAAM,MAAM,QAAQ;AAAA,EAGpB,IAAI,MAAM;AAAA,EACV,IAAI,IAAI,GAAI,UAAU,aAAa,IAAI,GAAI,QAAQ,GAAG;AAAA,IACnD,MAAM;AAAA,EACT;AAAA,EAEA,MAAM,eAAe,IAAI;AAAA,EACzB,MAAM,aAAa,IAAI,MAAM;AAAA,EAM7B,MAAM,cAAc,WAAW,GAAG,CAAC,UAAU,CAAC;AAAA,EAC9C,MAAM,eAAe,SAAS,WAAW;AAAA,EACzC,MAAM,eAAe,SAAS,cAAc,YAAY;AAAA,EAGxD,MAAM,cAAc,SAAS,WAAW,YAAY,QAAQ,GAAG,YAAY;AAAA,EAG3E,MAAM,gBAAgB,SAEnB,SAAS,WAAW,CACvB;AAAA,EAEA,OAAO,UAAU,aAAa;AAAA;AAWjC,eAAe,8BAA8B,GAG1C;AAAA,EACA,IAAI,kBAAkB;AAAA,IACnB,OAAO;AAAA,EACV;AAAA,EAEA,MAAM,WAAW,MAAM,MAAM,cAAc,GAAG;AAAA,EAE9C,IAAI,CAAC,SAAS,IAAI;AAAA,IACf,MAAM,IAAI,qBACP,6CAA6C,SAAS,QACzD;AAAA,EACH;AAAA,EAEA,MAAM,cAAc,MAAM,SAAS,YAAY;AAAA,EAC/C,MAAM,OAAO,IAAI,WAAW,WAAW;AAAA,EAEvC,IAAI,KAAK,WAAW,KAAK,KAAK,OAAO,IAAM;AAAA,IACxC,MAAM,IAAI,qBAAqB,uCAAuC;AAAA,EACzE;AAAA,EAQA,MAAM,OAAO,UAAU,IAAI;AAAA,EAC3B,MAAM,WAAW,KAAK;AAAA,EAEtB,IAAI,CAAC,MAAM,QAAQ,QAAQ,KAAK,SAAS,SAAS,GAAG;AAAA,IAClD,MAAM,IAAI,qBACP,0DAA0D,UAAU,QACvE;AAAA,EACH;AAAA,EAGA,MAAM,gBAAgB,SAAS,GAAI;AAAA,EACnC,IAAI,CAAC,MAAM,QAAQ,aAAa,KAAK,cAAc,WAAW,GAAG;AAAA,IAC9D,MAAM,IAAI,qBAAqB,uCAAuC;AAAA,EACzE;AAAA,EAEA,QAAQ,eAAe,MAAa;AAAA,EACpC,MAAM,aAAa,WAAW,cAAc,GAAI,KAAmB;AAAA,EAGnE,MAAM,WAAW,SAAS;AAAA,EAC1B,IAAI,SAAS,QAAQ,GAAM;AAAA,IACxB,MAAM,IAAI,qBACP,gDAAgD,SAAS,IAAI,SAAS,EAAE,GAC3E;AAAA,EACH;AAAA,EAEA,mBAAmB;AAAA,IAChB;AAAA,IACA,YAAY,SAAS;AAAA,EACxB;AAAA,EAEA,OAAO;AAAA;AAWV,eAAsB,oBAAoB,GAAwB;AAAA,EAC/D,QAAQ,YAAY,eAAe,MAAM,+BAA+B;AAAA,EAGxE,MAAM,YAAY,SAAS,IAAI,UAAU,CAAC;AAAA,EAG1C,MAAM,gBAAgB,SAAS,WAAW,YAAY,UAAU,CAAC;AAAA,EAGjE,MAAM,sBAAsB,SACzB,SAEG,IAAI,eAAe,GAEnB,UAAU,cAAc,GAAG,CAC9B,CACH;AAAA,EAGA,MAAM,oBAAoB,SAEvB,IAAI,cAAc,GAAG,GAErB,eAEA,mBACH;AAAA,EAEA,OAAO,UAAU,iBAAiB;AAAA;AAM9B,IAAM,kBAAkB;AAAA,EAC5B,sBAAsB;AAAA,EACtB,iBAAiB;AACpB;AAAA;AAMO,MAAM,6BAA6B,MAAM;AAAA,EAC7C,WAAW,CAAC,SAAiB;AAAA,IAC1B,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAElB;;;AChQA;AAEA,IAAM,4BAA4B,EAAE,OAAO;AAAA,EACxC,GAAG,EAAE,OAAO;AAAA,EACZ,GAAG,EAAE,OAAO;AAAA,EACZ,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACvC,YAAY,EAAE,QAAQ,EAAE,SAAS;AAAA,EACjC,cAAc,EAAE,QAAQ,EAAE,SAAS;AACtC,CAAC;AAED,IAAM,qBAAqB,EAAE,OAAO;AAAA,EACjC,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC1B,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAC9C,CAAC;AAEM,IAAM,uBAAuB,EAAE,OAAO;AAAA,EAC1C,aAAa,EAAE,OAAO;AAAA,IACnB,KAAK,EAAE,WAAW,UAAU,EAAE,OAAO,CAAC,MAAM,EAAE,SAAS,GAAG;AAAA,MACvD,SAAS;AAAA,IACZ,CAAC;AAAA,IACD,UAAU,EAAE,OAAO;AAAA,IACnB,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,CAAC;AAAA,EACD,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,aAAa,EAAE,OAAO,EAAE,SAAS;AAAA,EACjC,QAAQ,EAAE,KAAK,CAAC,cAAc,kBAAkB,CAAC,EAAE,SAAS;AAAA,EAC5D,WAAW,EAAE,QAAQ,EAAE,SAAS;AAAA,EAChC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EAClC,YAAY,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC3C,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EAC7C,iBAAiB,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACpD,kBAAkB,EACd,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC,GAAG,QAAQ,EAAE,KAAK,EAAE,CAAC,EAC5D,SAAS;AAAA,EACb,YAAY,EACR,MAAM,CAAC,2BAA2B,EAAE,QAAQ,KAAK,CAAC,CAAC,EACnD,SAAS;AAAA,EACb,aAAa,EAAE,MAAM,yBAAyB,EAAE,SAAS;AAAA,EACzD,QAAQ,mBAAmB,SAAS;AAAA,EACpC,kBAAkB,EACd,MAAM,CAAC,EAAE,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,EAChD,SAAS;AAChB,CAAC;;;AC1CD;AAAA,aAEG;AAAA,eACA;AAAA,eACA;AAAA;AAAA,iBAEA;AAAA,SACA;AAAA,cACA;AAAA;AAEH,iBAAS;AAOT,IAAM,YAAoC;AAAA,EACvC,QAAQ;AAAA,EACR,QAAQ;AAAA,EACR,QAAQ;AACX;AAGO,IAAM,oBAAoB;AAAA,EAC9B,OAAO;AAAA,EACP,SAAS;AAAA,EACT,WAAW;AACd;AAGO,IAAM,sBAAsB;AAenC,eAAsB,gBAAgB,CACnC,iBACA,QACA,gBAAgD,UAChD,SAKoB;AAAA,EAEpB,MAAM,cAAc,MAAK,eAAe,eAAe;AAAA,EAGvD,MAAM,eAAe,sBAAsB,aAAa,aAAa;AAAA,EAErE,MAAM,aAAa,SAAS,cAAc;AAAA,EAC1C,MAAM,aAAa,SAAS,cAAc;AAAA,EAC1C,MAAM,kBAAkB,SAAS,mBAAmB,CAAC;AAAA,EAErD,IAAI;AAAA,EAGJ,SAAS,UAAU,EAAG,WAAW,IAAI,YAAY,WAAW;AAAA,IACzD,IAAI,UAAU,GAAG;AAAA,MACd,MAAM,MAAM,MAAM,UAAU,KAAK,IAAI;AAAA,IACxC;AAAA,IACA,IAAI;AAAA,MACD,OAAO,MAAM,eAAe,QAAQ,cAAc,UAAU;AAAA,MAC7D,OAAO,KAAK;AAAA,MACX,YAAY,eAAe,QAAQ,MAAM,IAAI,MAAM,OAAO,GAAG,CAAC;AAAA;AAAA,EAEpE;AAAA,EAGA,WAAW,eAAe,iBAAiB;AAAA,IACxC,IAAI;AAAA,MACD,OAAO,MAAM,eAAe,aAAa,cAAc,UAAU;AAAA,MAClE,OAAO,KAAK;AAAA,MACX,YAAY,eAAe,QAAQ,MAAM,IAAI,MAAM,OAAO,GAAG,CAAC;AAAA;AAAA,EAEpE;AAAA,EAGA,MAAM,eACH,gBAAgB,SAAS,IACpB,iBAAiB,gBAAgB,KAAK,IAAI,OAC1C;AAAA,EACR,MAAM,IAAI,eACP,yDAAyD,SAAS,8BAA8B,WAAW,WAAW,WACzH;AAAA;AAOH,SAAS,KAAK,CAAC,IAA2B;AAAA,EACvC,OAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AAAA;AAM1D,eAAe,cAAc,CAC1B,KACA,cACA,WACoB;AAAA,EACpB,IAAI;AAAA,EACJ,IAAI;AAAA,IACD,WAAW,MAAM,MAAM,KAAK;AAAA,MACzB,QAAQ;AAAA,MACR,SAAS;AAAA,QACN,gBAAgB;AAAA,MACnB;AAAA,MACA,MAAM;AAAA,MACN,QAAQ,YAAY,QAAQ,SAAS;AAAA,IACxC,CAAC;AAAA,IACF,OAAO,KAAK;AAAA,IACX,MAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,IAC3D,MAAM,IAAI,MAAM,2BAA2B,cAAQ,KAAK;AAAA;AAAA,EAG3D,IAAI,CAAC,SAAS,IAAI;AAAA,IACf,MAAM,IAAI,eAAe,qBAAqB,SAAS,QAAQ;AAAA,EAClE;AAAA,EAEA,MAAM,aAAa,IAAI,WAAW,MAAM,SAAS,YAAY,CAAC;AAAA,EAC9D,OAAO,sBAAsB,UAAU;AAAA;AAiB1C,SAAS,qBAAqB,CAC3B,aACA,eACW;AAAA,EACX,MAAM,UAAU,UAAU;AAAA,EAC1B,IAAI,CAAC,SAAS;AAAA,IACX,MAAM,IAAI,eAAe,+BAA+B,eAAe;AAAA,EAC1E;AAAA,EAEA,MAAM,eAAe,UAElB,QAAQ,CAAC,GAET,UAEG,UAAS,KAAI,OAAO,CAAC,GAErB,aAAY,WAAW,CAC1B,GAEA,YAAY,IAAI,CACnB;AAAA,EAEA,OAAO,WAAU,YAAY;AAAA;AAgBhC,SAAS,qBAAqB,CAAC,SAAiC;AAAA,EAC7D,IAAI;AAAA,EACJ,IAAI;AAAA,IACD,OAAO,WAAU,OAAO;AAAA,IACzB,MAAM;AAAA,IACL,MAAM,IAAI,eAAe,2CAA2C;AAAA;AAAA,EAGvE,MAAM,WAAW,KAAK;AAAA,EACtB,IAAI,CAAC,MAAM,QAAQ,QAAQ,KAAK,SAAS,SAAS,GAAG;AAAA,IAClD,MAAM,IAAI,eACP,kDACH;AAAA,EACH;AAAA,EAGA,MAAM,aAAa,SAAS,GAAI;AAAA,EAChC,MAAM,cAAc,WAAW,GAAI;AAAA,EAEnC,MAAM,cAAc,YAAY,YAAY,SAAS;AAAA,EACrD,IAAI,gBAAgB,KAAK,gBAAgB,GAAG;AAAA,IACzC,MAAM,IAAI,eACP,2CAA2C,aAC9C;AAAA,EACH;AAAA,EAGA,IAAI,CAAC,SAAS,IAAI;AAAA,IACf,MAAM,IAAI,eAAe,6CAA6C;AAAA,EACzE;AAAA,EAEA,OAAO,WAAU,SAAS,EAAE;AAAA;AAAA;AAOxB,MAAM,uBAAuB,MAAM;AAAA,EACvC,WAAW,CAAC,SAAiB;AAAA,IAC1B,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAElB;;;AClOA,sBAAS;AAET;AAAA;AAAA;AAAA;AAAA;AAMA;AACA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACjBA,iBAAS;AAOT;AAQO,SAAS,uBAAuB,CACpC,KACA,MACA,YACA,UACA,SAOK;AAAA,EACL,QAAQ,GAAG,OAAO,WAAW;AAAA,EAC7B,MAAM,aAAa,WAAW,eAAe;AAAA,EAC7C,MAAM,eAAe,WAAW,iBAAiB;AAAA,EAKjD,MAAM,IAAI,KAAK,SAAS,WAAW,IAAI;AAAA,EAEvC,IAAI,SAAS;AAAA,EAGb,IAAI,YAAY;AAAA,IACb,MAAM,UACH,QAAQ,kBACP,MAAM;AAAA,MACJ,MAAM,SACH,QAAQ,QAAQ,QAChB,uBAAuB,UAAU,QAAQ,OAAO;AAAA,MACnD,MAAM,QAAQ,eAAe,QAAQ;AAAA,QAClC,MAAM,QAAQ,QAAQ,QAAQ;AAAA,MACjC,CAAC;AAAA,MACD,OAAO,IAAI,SAAS,KAAK;AAAA,OACzB;AAAA,IAEN,SAAS,KAAK,IAAI,KAAK,SAAS,EAAE;AAAA,IAElC,KAAK,UAAU,SAAS;AAAA,MACrB,GAAG,IAAI;AAAA,MACP,GAAG,IAAI;AAAA,MACP,OAAO;AAAA,MACP,QAAQ;AAAA,IACX,CAAC;AAAA,EACJ;AAAA,EAGA,IAAI,cAAc;AAAA,IACf,aAAa,MAAM,UAAU;AAAA,MAC1B;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU,SAAS,IAAI,SAAS,KAAK;AAAA,MACrC,QAAQ,QAAQ;AAAA,MAChB,UAAU,QAAQ;AAAA,IACrB,CAAC;AAAA,EACJ;AAAA;AAMH,SAAS,YAAY,CAClB,MACA,UACA,MASK;AAAA,EACL,MAAM,QAAQ,KAAK,IAAI,KAAK;AAAA,EAC5B,IAAI,QAAQ,KAAK,IAAI,KAAK,SAAS;AAAA,EACnC,MAAM,WAAW;AAAA,EACjB,MAAM,aAAa;AAAA,EAGnB,KAAK,SAAS,yBAAyB;AAAA,IACpC,GAAG;AAAA,IACH,GAAG;AAAA,IACH,MAAM;AAAA,EACT,CAAC;AAAA,EACD,SAAS,aAAa;AAAA,EAEtB,IAAI,UAAU;AAAA,IAEX,MAAM,aAAa,SAAS,QAAQ,cAAc;AAAA,IAClD,KAAK,SAAS,iBAAiB,cAAc;AAAA,MAC1C,GAAG;AAAA,MACH,GAAG;AAAA,MACH,MAAM;AAAA,IACT,CAAC;AAAA,IACD,SAAS;AAAA,IAGT,IAAI,SAAS,UAAU,MAAM;AAAA,MAC1B,MAAM,OAAO,WAAW,SAAS,UAAU,IAAI;AAAA,MAC/C,KAAK,SAAS,SAAS,QAAQ;AAAA,QAC5B,GAAG;AAAA,QACH,GAAG;AAAA,QACH,MAAM;AAAA,MACT,CAAC;AAAA,MACD,SAAS;AAAA,IACZ,EAAO,SAAI,SAAS,UAAU,KAAK;AAAA,MAChC,MAAM,MAAM,UAAU,SAAS,UAAU,GAAG;AAAA,MAC5C,KAAK,SAAS,QAAQ,OAAO;AAAA,QAC1B,GAAG;AAAA,QACH,GAAG;AAAA,QACH,MAAM;AAAA,MACT,CAAC;AAAA,MACD,SAAS;AAAA,IACZ;AAAA,IAGA,MAAM,MAAM,IAAI;AAAA,IAChB,MAAM,UAAU,IAAI,mBAAmB,OAAO;AAAA,IAC9C,MAAM,UAAU,IAAI,mBAAmB,OAAO;AAAA,IAC9C,KAAK,SAAS,SAAS,WAAW,WAAW;AAAA,MAC1C,GAAG;AAAA,MACH,GAAG;AAAA,MACH,MAAM;AAAA,IACT,CAAC;AAAA,IACD,SAAS;AAAA,IAGT,IAAI,KAAK,UAAU;AAAA,MAChB,KAAK,SAAS,UAAU,KAAK,YAAY;AAAA,QACtC,GAAG;AAAA,QACH,GAAG;AAAA,QACH,MAAM,WAAW;AAAA,MACpB,CAAC;AAAA,IACJ;AAAA,EACH,EAAO;AAAA,IAEJ,KAAK,SAAS,WAAW,KAAK,UAAU,uBAAuB;AAAA,MAC5D,GAAG;AAAA,MACH,GAAG;AAAA,MACH,MAAM;AAAA,IACT,CAAC;AAAA,IACD,SAAS;AAAA,IAET,IAAI,KAAK,UAAU;AAAA,MAChB,KAAK,SAAS,aAAa,KAAK,YAAY;AAAA,QACzC,GAAG;AAAA,QACH,GAAG;AAAA,QACH,MAAM;AAAA,MACT,CAAC;AAAA,IACJ;AAAA;AAAA;AAQC,SAAS,uBAAuB,CACpC,KACA,UACA,SACA,UACS;AAAA,EACT,MAAM,SAAS,UAAU,QAAQ,uBAAuB,UAAU,OAAO;AAAA,EACzE,MAAM,QAAQ,eAAe,QAAQ,EAAE,MAAM,UAAU,QAAQ,IAAI,CAAC;AAAA,EACpE,OAAO,IAAI,SAAS,KAAK;AAAA;AAM5B,SAAS,sBAAsB,CAC5B,UACA,SACO;AAAA,EACP,MAAM,eAAe,MAAM,MAAK,UAAU,OAAO,CAAC;AAAA,EAClD,MAAM,YAAY,IAAI,KAAK,EAAE,YAAY;AAAA,EAEzC,IAAI,UAAU;AAAA,IACX,MAAM,kBAAkB,SAAS;AAAA,IACjC,OACG,iCACA,OAAO,aAAa,UAAU,GAAG,EAAE,OACnC,QAAQ,gBAAgB,UAAU,GAAG,EAAE,OACvC,QAAQ,mBAAmB,SAAS;AAAA,EAE1C;AAAA,EAEA,OAAO,mCAAmC,aAAa,UAAU,GAAG,EAAE,UAAU,mBAAmB,SAAS;AAAA;AAM/G,SAAS,UAAU,CAAC,MAAsB;AAAA,EACvC,OAAO,KAAK,QAAQ,uCAAuC,gBAAgB;AAAA;AAM9E,SAAS,SAAS,CAAC,KAAqB;AAAA,EACrC,OAAO,IAAI,QAAQ,gCAAgC,aAAa;AAAA;AAMnE,SAAS,KAAK,CAAC,MAA0B;AAAA,EACtC,MAAM,QAAkB,CAAC;AAAA,EACzB,SAAS,IAAI,EAAG,IAAI,KAAK,QAAQ,KAAK;AAAA,IACnC,MAAM,KAAK,KAAK,GAAI,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC;AAAA,EACpD;AAAA,EACA,OAAO,MAAM,KAAK,EAAE;AAAA;;;ADjLvB,eAAsB,OAAO,CAC1B,KACA,SACoB;AAAA,EAEpB,IAAI;AAAA,EACJ,IAAI,eAAe,gBAAgB;AAAA,IAChC,MAAM,SAAuB,CAAC;AAAA,IAC9B,MAAM,SAAS,IAAI,UAAU;AAAA,IAC7B,IAAI;AAAA,MACD,OAAO,MAAM;AAAA,QACV,QAAQ,MAAM,UAAU,MAAM,OAAO,KAAK;AAAA,QAC1C,IAAI;AAAA,UAAM;AAAA,QACV,IAAI;AAAA,UAAO,OAAO,KAAK,KAAK;AAAA,MAC/B;AAAA,cACD;AAAA,MACC,OAAO,YAAY;AAAA;AAAA,IAEtB,MAAM,cAAc,OAAO,OAAO,CAAC,KAAK,MAAM,MAAM,EAAE,QAAQ,CAAC;AAAA,IAC/D,WAAW,IAAI,WAAW,WAAW;AAAA,IACrC,IAAI,SAAS;AAAA,IACb,WAAW,SAAS,QAAQ;AAAA,MACzB,SAAS,IAAI,OAAO,MAAM;AAAA,MAC1B,UAAU,MAAM;AAAA,IACnB;AAAA,EACH,EAAO;AAAA,IACJ,WAAW;AAAA;AAAA,EAId,MAAM,OAAO,qBAAqB,MAAM,OAAO;AAAA,EAI/C,QAAQ,aAAa,YAAY,UAAU,MAAM,YAC9C,KAAK,YAAY,KACjB,KAAK,YAAY,QACpB;AAAA,EAGA,IAAI,WAAmC;AAAA,EACvC,IAAI;AAAA,IACD,WAAW,iBACR,KAAK,YAAY,KACjB,KAAK,YAAY,QACpB;AAAA,IACD,MAAM;AAAA,EAKR,MAAM,MAAM,QAAQ,QAAQ;AAAA,EAG5B,IAAI,KAAK,eAAe,SAAS,KAAK,YAAY;AAAA,IAC/C,MAAM,YAAY,KAAK,WAAW,QAAQ;AAAA,IAE1C,IAAI,YAAY,KAAK,aAAa,IAAI,WAAW;AAAA,MAC9C,MAAM,IAAI,aACP,uBAAuB,sBAAsB,IAAI,kBACpD;AAAA,IACH;AAAA,IAEA,MAAM,OAAO,IAAI,QAAQ,SAAS;AAAA,IAElC,wBAAwB,KAAK,MAAM,KAAK,YAAY,UAAU;AAAA,MAC3D,QAAQ,KAAK;AAAA,MACb,UAAU,KAAK;AAAA,MACf,QAAQ,KAAK;AAAA,MACb,SAAS;AAAA,IACZ,CAAC;AAAA,EACJ;AAAA,EAGA,IAAI,KAAK,eAAe,KAAK,YAAY,SAAS,GAAG;AAAA,IAGlD,MAAM,UAAU,KAAK,YAAY,KAAK,CAAC,MAAM,EAAE,eAAe,KAAK;AAAA,IAGnE,MAAM,gBAAgB,UACjB,wBAAwB,KAAK,UAAU,UAAU,KAAK,MAAM,IAC5D;AAAA,IAEL,WAAW,OAAO,KAAK,aAAa;AAAA,MACjC,MAAM,YAAY,IAAI,QAAQ;AAAA,MAE9B,IAAI,YAAY,KAAK,aAAa,IAAI,WAAW;AAAA,QAC9C,MAAM,IAAI,aACP,sBAAsB,qCAAqC,IAAI,kBAClE;AAAA,MACH;AAAA,MAEA,MAAM,OAAO,IAAI,QAAQ,SAAS;AAAA,MAElC,wBAAwB,KAAK,MAAM,KAAK,UAAU;AAAA,QAC/C,QAAQ,KAAK;AAAA,QACb,UAAU,KAAK;AAAA,QACf,QAAQ,KAAK;AAAA,QACb,SAAS;AAAA,QACT,eAAe;AAAA,MAClB,CAAC;AAAA,IACJ;AAAA,EACH;AAAA,EAGA,MAAM,aACH,UAAU,QAAQ,cAClB,KAAK,YAAY,QACjB;AAAA,EAKH,MAAM,iBACH,YAAY,SAAS,MAAM,OAAO,CAAC,KAAK,MAAM,MAAM,EAAE,QAAQ,CAAC;AAAA,EAClE,MAAM,kBAAkB,KAAK,IAC1B,OACA,iBAAiB,KAAK,KAAK,SAAS,OAAO,KAAK,IACnD;AAAA,EAIA,MAAM,iBAAiB,KAAK,aACrB,KAAK,WAAiC,QAAQ,IAC/C,KAAK,cAAc,IAAI,QAAQ;AAAA,EAErC,QAAQ,KAAK,uBAAuB,IAAI,oBAAoB;AAAA,IACzD,QAAQ,KAAK,UAAU;AAAA,IACvB,MAAM;AAAA,IACN,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB;AAAA,IACA,kBAAkB,KAAK,oBAAoB;AAAA,IAC3C;AAAA,EACH,CAAC;AAAA,EAGD,QAAQ,cAAc,cAAc,kBAAkB;AAAA,EACtD,MAAM,cAAc,mBAAmB,oBAAoB,SAAS;AAAA,EAKpE,MAAM,0BAA0C,CAAC;AAAA,EAEjD,IAAI,KAAK,WAAW,oBAAoB;AAAA,IAErC,MAAM,YAAY,0BAA0B,WAAW;AAAA,IACvD,wBAAwB,KAAK;AAAA,MAC1B,KAAK,gBAAgB;AAAA,MACrB,QAAQ,CAAC,SAAS;AAAA,IACrB,CAAC;AAAA,IAGD,IAAI;AAAA,MACD,MAAM,YAAY,MAAM,qBAAqB;AAAA,MAC7C,wBAAwB,KAAK;AAAA,QAC1B,KAAK,gBAAgB;AAAA,QACrB,QAAQ,CAAC,SAAS;AAAA,MACrB,CAAC;AAAA,MACF,MAAM;AAAA,EAIX;AAAA,EAGA,MAAM,4BAA4C,CAAC;AAAA,EAGnD,MAAM,aAAa,MAAM,iBAAiB;AAAA,IACvC,SAAS;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,IACA,eAAe;AAAA,IACf,yBACG,wBAAwB,SAAS,IAC5B,0BACA;AAAA,IACR,2BACG,0BAA0B,SAAS,IAC9B,4BACA;AAAA,IACR,UAAU;AAAA,EACb,CAAC;AAAA,EAGD,IAAI,KAAK,aAAa,KAAK,QAAQ;AAAA,IAChC,IAAI;AAAA,MACD,MAAM,UAAU,MAAM,iBACnB,sBAAsB,UAAU,GAChC,KAAK,QACL,UACA;AAAA,QACG,YAAY,KAAK;AAAA,QACjB,YAAY,KAAK;AAAA,QACjB,iBAAiB,KAAK;AAAA,MACzB,CACH;AAAA,MACA,0BAA0B,KAAK;AAAA,QAC5B,KAAK;AAAA,QACL,QAAQ,CAAC,OAAO;AAAA,MACnB,CAAC;AAAA,MACF,OAAO,KAAK;AAAA,MAEX,KAAK,mBAAmB,GAAG;AAAA;AAAA,EAEjC;AAAA,EAGA,MAAM,kBAAkB,uBACrB,YACA,yBACH;AAAA,EAGA,OAAO,eAAe,oBAAoB,eAAe;AAAA;AAgB5D,SAAS,qBAAqB,CAAC,gBAAwC;AAAA,EACpE,MAAM,cAAc,WAAU,cAAc;AAAA,EAC5C,MAAM,iBACF,YAAY,MAAqB,GAAI,MACvC;AAAA,EAEF,MAAM,iBAAkB,eAAe,MAAqB,GAAG,EAAE;AAAA,EACjE,MAAM,aAAc,eAAe,MAAqB;AAAA,EACxD,MAAM,gBAAiB,WAAW,MAAqB;AAAA,EACvD,OAAO,cAAc;AAAA;AAAA;AAOjB,MAAM,qBAAqB,MAAM;AAAA,EACrC,WAAW,CAAC,SAAiB;AAAA,IAC1B,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAElB;",
|
|
12
|
-
"debugId": "30A57124A347C96364756E2164756E21",
|
|
13
|
-
"names": []
|
|
14
|
-
}
|