@f-o-t/e-signature 1.2.8 → 1.2.10

package/README.md

@@ -16,6 +16,56 @@ bun add @f-o-t/e-signature
 - RFC 3161 timestamp support
 - QR code generation for signature verification
 - Configurable DocMDP permissions for document modification control
+- **Browser compatible** — no `Buffer` or Node-only APIs; runs in browsers, Edge Runtime, and Cloudflare Workers
+
+## React Hook
+
+### `useSignPdf(): UseSignPdfReturn`
+
+React hook for client-side PDF signing. Import from `@f-o-t/e-signature/plugins/react` (requires `react >= 18` as a peer dependency).
+
+```tsx
+import { useSignPdf } from "@f-o-t/e-signature/plugins/react";
+
+function SignForm() {
+  const { sign, isSigning, isDone, isError, result, error, download, reset } = useSignPdf();
+
+  async function handleSubmit(pdfFile: File, p12File: File) {
+    try {
+      await sign({
+        pdf: pdfFile,       // File, Blob, or Uint8Array
+        p12: p12File,       // File, Blob, or Uint8Array
+        password: "secret",
+        options: { reason: "Approval", location: "São Paulo", policy: "pades-icp-brasil" },
+      });
+    } catch {
+      // error state is also set on the hook
+    }
+  }
+
+  if (isSigning) return <p>Signing…</p>;
+  if (isError)   return <p>Error: {error?.message}</p>;
+  if (isDone)    return <button onClick={() => download("signed.pdf")}>Download</button>;
+  return <button onClick={() => handleSubmit(myPdf, myCert)}>Sign</button>;
+}
+```
+
+**Return value:**
+
+| Property | Type | Description |
+|---|---|---|
+| `status` | `"idle" \| "signing" \| "done" \| "error"` | Current lifecycle state |
+| `isIdle` | `boolean` | No operation in progress |
+| `isSigning` | `boolean` | Signing is running |
+| `isDone` | `boolean` | Last sign call succeeded |
+| `isError` | `boolean` | Last sign call failed |
+| `result` | `Uint8Array \| null` | Signed PDF bytes (non-null when `isDone`) |
+| `error` | `Error \| null` | Failure reason (non-null when `isError`) |
+| `sign(input)` | `(SignInput) => Promise<Uint8Array \| undefined>` | Trigger signing; concurrent calls while signing are ignored (returns `undefined`) |
+| `download(filename?)` | `(string?) => void` | Trigger browser download of signed PDF; no-op if not done |
+| `reset()` | `() => void` | Return to idle, clearing result and error |
+
+`pdf` and `p12` accept `File`, `Blob`, or `Uint8Array` — the hook converts `File`/`Blob` to `Uint8Array` automatically before calling `signPdf`.
 
 ## API
 

package/dist/index-jpks8xrw.js

@@ -0,0 +1,541 @@
+// @bun
+var __require = import.meta.require;
+
+// src/icp-brasil.ts
+import {
+  contextTag,
+  decodeDer,
+  encodeDer,
+  ia5String,
+  nullValue,
+  octetString,
+  oid,
+  sequence
+} from "@f-o-t/asn1";
+import { hash } from "@f-o-t/crypto";
+var SHA256_OID = "2.16.840.1.101.3.4.2.1";
+var SIGNING_CERTIFICATE_V2_OID = "1.2.840.113549.1.9.16.2.47";
+var SIGNATURE_POLICY_OID = "1.2.840.113549.1.9.16.2.15";
+var POLICY_CONFIG = {
+  OID: "2.16.76.1.7.1.11.1.1",
+  URL: "http://politicas.icpbrasil.gov.br/PA_PAdES_AD_RB_v1_1.der"
+};
+var SPQ_ETS_URI_OID = "1.2.840.113549.1.9.16.5.1";
+var cachedPolicyData = null;
+function clearPolicyCache() {
+  cachedPolicyData = null;
+}
+function buildSigningCertificateV2(certDer) {
+  const certHash = hash("sha256", certDer);
+  const hashAlgId = sequence(oid(SHA256_OID), nullValue());
+  const cert = decodeDer(certDer);
+  const tbsCert = cert.value[0];
+  const tbs = tbsCert.value;
+  let idx = 0;
+  if (tbs[0].class === "context" && tbs[0].tag === 0) {
+    idx = 1;
+  }
+  const serialNumber = tbs[idx];
+  const issuerName = tbs[idx + 2];
+  const generalName = contextTag(4, [issuerName]);
+  const generalNames = sequence(generalName);
+  const issuerSerial = sequence(generalNames, serialNumber);
+  const essCertIdV2 = sequence(hashAlgId, octetString(certHash), issuerSerial);
+  const signingCertV2 = sequence(sequence(essCertIdV2));
+  return encodeDer(signingCertV2);
+}
+async function downloadAndParsePolicyDocument() {
+  if (cachedPolicyData) {
+    return cachedPolicyData;
+  }
+  const response = await fetch(POLICY_CONFIG.URL);
+  if (!response.ok) {
+    throw new SignaturePolicyError(`Failed to download signature policy: HTTP ${response.status}`);
+  }
+  const arrayBuffer = await response.arrayBuffer();
+  const data = new Uint8Array(arrayBuffer);
+  if (data.length === 0 || data[0] !== 48) {
+    throw new SignaturePolicyError("Invalid DER format in policy document");
+  }
+  const asn1 = decodeDer(data);
+  const children = asn1.value;
+  if (!Array.isArray(children) || children.length < 3) {
+    throw new SignaturePolicyError(`Unexpected policy structure: expected 3+ children, got ${children?.length}`);
+  }
+  const algIdChildren = children[0].value;
+  if (!Array.isArray(algIdChildren) || algIdChildren.length === 0) {
+    throw new SignaturePolicyError("Invalid AlgorithmIdentifier in policy");
+  }
+  const { bytesToOid } = await import("@f-o-t/asn1");
+  const hashAlgOid = bytesToOid(algIdChildren[0].value);
+  const hashNode = children[2];
+  if (hashNode.tag !== 4) {
+    throw new SignaturePolicyError(`Expected OCTET STRING at child[2], got tag 0x${hashNode.tag.toString(16)}`);
+  }
+  cachedPolicyData = {
+    hashAlgOid,
+    policyHash: hashNode.value
+  };
+  return cachedPolicyData;
+}
+async function buildSignaturePolicy() {
+  const { hashAlgOid, policyHash } = await downloadAndParsePolicyDocument();
+  const hashAlgId = sequence(oid(hashAlgOid));
+  const sigPolicyHash = sequence(hashAlgId, octetString(policyHash));
+  const sigPolicyQualifiers = sequence(sequence(oid(SPQ_ETS_URI_OID), ia5String(POLICY_CONFIG.URL)));
+  const signaturePolicyId = sequence(oid(POLICY_CONFIG.OID), sigPolicyHash, sigPolicyQualifiers);
+  return encodeDer(signaturePolicyId);
+}
+var ICP_BRASIL_OIDS = {
+  signingCertificateV2: SIGNING_CERTIFICATE_V2_OID,
+  signaturePolicy: SIGNATURE_POLICY_OID
+};
+
+class SignaturePolicyError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "SignaturePolicyError";
+  }
+}
+
+// src/schemas.ts
+import { z } from "zod";
+var signatureAppearanceSchema = z.object({
+  x: z.number(),
+  y: z.number(),
+  width: z.number().positive(),
+  height: z.number().positive(),
+  page: z.number().int().min(0).optional(),
+  showQrCode: z.boolean().optional(),
+  showCertInfo: z.boolean().optional()
+});
+var qrCodeConfigSchema = z.object({
+  data: z.string().optional(),
+  size: z.number().int().positive().optional()
+});
+var pdfSignOptionsSchema = z.object({
+  certificate: z.object({
+    p12: z.instanceof(Uint8Array).refine((v) => v.length > 0, {
+      message: "P12 data must not be empty"
+    }),
+    password: z.string(),
+    name: z.string().optional()
+  }),
+  reason: z.string().optional(),
+  location: z.string().optional(),
+  contactInfo: z.string().optional(),
+  policy: z.enum(["pades-ades", "pades-icp-brasil"]).optional(),
+  timestamp: z.boolean().optional(),
+  tsaUrl: z.string().url().optional(),
+  tsaTimeout: z.number().positive().optional(),
+  tsaRetries: z.number().int().min(0).optional(),
+  tsaFallbackUrls: z.array(z.string().url()).optional(),
+  onTimestampError: z.function({ input: z.tuple([z.unknown()]), output: z.void() }).optional(),
+  appearance: z.union([signatureAppearanceSchema, z.literal(false)]).optional(),
+  appearances: z.array(signatureAppearanceSchema).optional(),
+  qrCode: qrCodeConfigSchema.optional(),
+  docMdpPermission: z.union([z.literal(1), z.literal(2), z.literal(3)]).optional()
+});
+
+// src/timestamp.ts
+import {
+  boolean as asn1Boolean,
+  decodeDer as decodeDer2,
+  encodeDer as encodeDer2,
+  integer,
+  octetString as octetString2,
+  oid as oid2,
+  sequence as sequence2
+} from "@f-o-t/asn1";
+import { hash as hash2 } from "@f-o-t/crypto";
+var HASH_OIDS = {
+  sha256: "2.16.840.1.101.3.4.2.1",
+  sha384: "2.16.840.1.101.3.4.2.2",
+  sha512: "2.16.840.1.101.3.4.2.3"
+};
+var TIMESTAMP_SERVERS = {
+  VALID: "http://timestamp.valid.com.br/tsa",
+  SAFEWEB: "http://tsa.safeweb.com.br/tsa/tsa",
+  CERTISIGN: "http://timestamp.certisign.com.br"
+};
+var TIMESTAMP_TOKEN_OID = "1.2.840.113549.1.9.16.2.14";
+async function requestTimestamp(dataToTimestamp, tsaUrl, hashAlgorithm = "sha256", options) {
+  const messageHash = hash2(hashAlgorithm, dataToTimestamp);
+  const timestampReq = buildTimestampRequest(messageHash, hashAlgorithm);
+  const tsaTimeout = options?.tsaTimeout ?? 1e4;
+  const tsaRetries = options?.tsaRetries ?? 0;
+  const tsaFallbackUrls = options?.tsaFallbackUrls ?? [];
+  let lastError;
+  for (let attempt = 1;attempt <= 1 + tsaRetries; attempt++) {
+    if (attempt > 1) {
+      await sleep(2 ** (attempt - 2) * 1000);
+    }
+    try {
+      return await fetchTimestamp(tsaUrl, timestampReq, tsaTimeout);
+    } catch (err) {
+      lastError = err instanceof Error ? err : new Error(String(err));
+    }
+  }
+  for (const fallbackUrl of tsaFallbackUrls) {
+    try {
+      return await fetchTimestamp(fallbackUrl, timestampReq, tsaTimeout);
+    } catch (err) {
+      lastError = err instanceof Error ? err : new Error(String(err));
+    }
+  }
+  const fallbackList = tsaFallbackUrls.length > 0 ? `, fallbacks: [${tsaFallbackUrls.join(", ")}]` : "";
+  throw new TimestampError(`TSA request failed: all servers unreachable (primary: ${tsaUrl}${fallbackList}). Last error: ${lastError?.message ?? "unknown"}`);
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+async function fetchTimestamp(url, timestampReq, timeoutMs) {
+  let response;
+  try {
+    response = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/timestamp-query"
+      },
+      body: timestampReq,
+      signal: AbortSignal.timeout(timeoutMs)
+    });
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    throw new Error(`TSA server unreachable: ${url} \u2014 ${msg}`);
+  }
+  if (!response.ok) {
+    throw new TimestampError(`TSA returned HTTP ${response.status}`);
+  }
+  const respBuffer = new Uint8Array(await response.arrayBuffer());
+  return extractTimestampToken(respBuffer);
+}
+function buildTimestampRequest(messageHash, hashAlgorithm) {
+  const hashOid = HASH_OIDS[hashAlgorithm];
+  if (!hashOid) {
+    throw new TimestampError(`Unsupported hash algorithm: ${hashAlgorithm}`);
+  }
+  const timestampReq = sequence2(integer(1), sequence2(sequence2(oid2(hashOid)), octetString2(messageHash)), asn1Boolean(true));
+  return encodeDer2(timestampReq);
+}
+function extractTimestampToken(respDer) {
+  let resp;
+  try {
+    resp = decodeDer2(respDer);
+  } catch {
+    throw new TimestampError("Invalid timestamp response: not valid DER");
+  }
+  const children = resp.value;
+  if (!Array.isArray(children) || children.length < 1) {
+    throw new TimestampError("Invalid timestamp response: unexpected structure");
+  }
+  const statusInfo = children[0].value;
+  const statusBytes = statusInfo[0].value;
+  const statusValue = statusBytes[statusBytes.length - 1];
+  if (statusValue !== 0 && statusValue !== 1) {
+    throw new TimestampError(`Timestamp request rejected with status: ${statusValue}`);
+  }
+  if (!children[1]) {
+    throw new TimestampError("Timestamp response does not contain a token");
+  }
+  return encodeDer2(children[1]);
+}
+
+class TimestampError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "TimestampError";
+  }
+}
+
+// src/sign-pdf.ts
+import { decodeDer as decodeDer3 } from "@f-o-t/asn1";
+import {
+  appendUnauthAttributes,
+  createSignedData,
+  parsePkcs12
+} from "@f-o-t/crypto";
+import { parseCertificate } from "@f-o-t/digital-certificate";
+import {
+  embedSignature,
+  extractBytesToSign,
+  findByteRange,
+  loadPdf
+} from "@f-o-t/pdf/plugins/editing";
+
+// src/appearance.ts
+import { hash as hash3 } from "@f-o-t/crypto";
+import { generateQrCode } from "@f-o-t/qrcode";
+function drawSignatureAppearance(doc, page, appearance, certInfo, options) {
+  const { x, width, height } = appearance;
+  const showQrCode = appearance.showQrCode !== false;
+  const showCertInfo = appearance.showCertInfo !== false;
+  const y = page.height - appearance.y - height;
+  let qrSize = 0;
+  if (showQrCode) {
+    const qrImage = options.preEmbeddedQr ?? (() => {
+      const qrData = options.qrCode?.data ?? createVerificationData(certInfo, options.pdfData);
+      const qrPng = generateQrCode(qrData, {
+        size: options.qrCode?.size ?? 100
+      });
+      return doc.embedPng(qrPng);
+    })();
+    qrSize = Math.min(100, height - 20);
+    page.drawImage(qrImage, {
+      x: x + 10,
+      y: y + 10,
+      width: qrSize,
+      height: qrSize
+    });
+  }
+  if (showCertInfo) {
+    drawCertInfo(page, certInfo, {
+      x,
+      y,
+      width,
+      height,
+      qrOffset: qrSize > 0 ? qrSize + 20 : 10,
+      reason: options.reason,
+      location: options.location
+    });
+  }
+}
+function drawCertInfo(page, certInfo, opts) {
+  const textX = opts.x + opts.qrOffset;
+  let textY = opts.y + opts.height - 20;
+  const fontSize = 10;
+  const lineHeight = 14;
+  page.drawText("ASSINADO DIGITALMENTE", {
+    x: textX,
+    y: textY,
+    size: 12
+  });
+  textY -= lineHeight * 1.5;
+  if (certInfo) {
+    const signerName = certInfo.subject.commonName || "N/A";
+    page.drawText(`Assinado por: ${signerName}`, {
+      x: textX,
+      y: textY,
+      size: fontSize
+    });
+    textY -= lineHeight;
+    if (certInfo.brazilian.cnpj) {
+      const cnpj = formatCnpj(certInfo.brazilian.cnpj);
+      page.drawText(`CNPJ: ${cnpj}`, {
+        x: textX,
+        y: textY,
+        size: fontSize
+      });
+      textY -= lineHeight;
+    } else if (certInfo.brazilian.cpf) {
+      const cpf = formatCpf(certInfo.brazilian.cpf);
+      page.drawText(`CPF: ${cpf}`, {
+        x: textX,
+        y: textY,
+        size: fontSize
+      });
+      textY -= lineHeight;
+    }
+    const now = new Date;
+    const dateStr = now.toLocaleDateString("pt-BR");
+    const timeStr = now.toLocaleTimeString("pt-BR");
+    page.drawText(`Data: ${dateStr} ${timeStr}`, {
+      x: textX,
+      y: textY,
+      size: fontSize
+    });
+    textY -= lineHeight;
+    if (opts.location) {
+      page.drawText(`Local: ${opts.location}`, {
+        x: textX,
+        y: textY,
+        size: fontSize - 1
+      });
+    }
+  } else {
+    page.drawText(`Signed: ${opts.reason || "Digital Signature"}`, {
+      x: textX,
+      y: textY,
+      size: fontSize
+    });
+    textY -= lineHeight;
+    if (opts.location) {
+      page.drawText(`Location: ${opts.location}`, {
+        x: textX,
+        y: textY,
+        size: fontSize
+      });
+    }
+  }
+}
+function precomputeSharedQrImage(doc, certInfo, pdfData, qrConfig) {
+  const qrData = qrConfig?.data ?? createVerificationData(certInfo, pdfData);
+  const qrPng = generateQrCode(qrData, { size: qrConfig?.size ?? 100 });
+  return doc.embedPng(qrPng);
+}
+function createVerificationData(certInfo, pdfData) {
+  const documentHash = toHex(hash3("sha256", pdfData));
+  const timestamp = new Date().toISOString();
+  if (certInfo) {
+    const certFingerprint = certInfo.fingerprint;
+    return `https://validar.iti.gov.br/?` + `doc=${documentHash.substring(0, 16)}&` + `cert=${certFingerprint.substring(0, 16)}&` + `time=${encodeURIComponent(timestamp)}`;
+  }
+  return `https://validar.iti.gov.br/?doc=${documentHash.substring(0, 16)}&time=${encodeURIComponent(timestamp)}`;
+}
+function formatCnpj(cnpj) {
+  return cnpj.replace(/(\d{2})(\d{3})(\d{3})(\d{4})(\d{2})/, "$1.$2.$3/$4-$5");
+}
+function formatCpf(cpf) {
+  return cpf.replace(/(\d{3})(\d{3})(\d{3})(\d{2})/, "$1.$2.$3-$4");
+}
+function toHex(data) {
+  const chars = [];
+  for (let i = 0;i < data.length; i++) {
+    chars.push(data[i].toString(16).padStart(2, "0"));
+  }
+  return chars.join("");
+}
+
+// src/sign-pdf.ts
+async function signPdf(pdf, options) {
+  let pdfBytes;
+  if (pdf instanceof ReadableStream) {
+    const chunks = [];
+    const reader = pdf.getReader();
+    try {
+      while (true) {
+        const { done, value } = await reader.read();
+        if (done)
+          break;
+        if (value)
+          chunks.push(value);
+      }
+    } finally {
+      reader.releaseLock();
+    }
+    const totalLength = chunks.reduce((sum, c) => sum + c.length, 0);
+    pdfBytes = new Uint8Array(totalLength);
+    let offset = 0;
+    for (const chunk of chunks) {
+      pdfBytes.set(chunk, offset);
+      offset += chunk.length;
+    }
+  } else {
+    pdfBytes = pdf;
+  }
+  const opts = pdfSignOptionsSchema.parse(options);
+  const { certificate, privateKey, chain } = parsePkcs12(opts.certificate.p12, opts.certificate.password);
+  let certInfo = null;
+  try {
+    certInfo = parseCertificate(opts.certificate.p12, opts.certificate.password);
+  } catch {}
+  const doc = loadPdf(pdfBytes);
+  if (opts.appearance !== false && opts.appearance) {
+    const pageIndex = opts.appearance.page ?? 0;
+    if (pageIndex < 0 || pageIndex >= doc.pageCount) {
+      throw new PdfSignError(`Invalid page index: ${pageIndex}. PDF has ${doc.pageCount} pages.`);
+    }
+    const page = doc.getPage(pageIndex);
+    drawSignatureAppearance(doc, page, opts.appearance, certInfo, {
+      reason: opts.reason,
+      location: opts.location,
+      qrCode: opts.qrCode,
+      pdfData: pdfBytes
+    });
+  }
+  if (opts.appearances && opts.appearances.length > 0) {
+    const needsQr = opts.appearances.some((a) => a.showQrCode !== false);
+    const sharedQrImage = needsQr ? precomputeSharedQrImage(doc, certInfo, pdfBytes, opts.qrCode) : undefined;
+    for (const app of opts.appearances) {
+      const pageIndex = app.page ?? 0;
+      if (pageIndex < 0 || pageIndex >= doc.pageCount) {
+        throw new PdfSignError(`Invalid page index ${pageIndex} in appearances. PDF has ${doc.pageCount} pages.`);
+      }
+      const page = doc.getPage(pageIndex);
+      drawSignatureAppearance(doc, page, app, certInfo, {
+        reason: opts.reason,
+        location: opts.location,
+        qrCode: opts.qrCode,
+        pdfData: pdfBytes,
+        preEmbeddedQr: sharedQrImage
+      });
+    }
+  }
+  const signerName = certInfo?.subject.commonName || opts.certificate.name || "Digital Signature";
+  const certChainBytes = certificate.length + chain.reduce((sum, c) => sum + c.length, 0);
+  const signatureLength = Math.max(16384, certChainBytes * 2 + (opts.tsaUrl ? 4096 : 0) + 8192);
+  const appearancePage = opts.appearance ? opts.appearance.page ?? 0 : opts.appearances?.[0]?.page ?? 0;
+  const { pdf: pdfWithPlaceholder } = doc.saveWithPlaceholder({
+    reason: opts.reason || "Digitally signed",
+    name: signerName,
+    location: opts.location,
+    contactInfo: opts.contactInfo,
+    signatureLength,
+    docMdpPermission: opts.docMdpPermission ?? 2,
+    appearancePage
+  });
+  const { byteRange } = findByteRange(pdfWithPlaceholder);
+  const bytesToSign = extractBytesToSign(pdfWithPlaceholder, byteRange);
+  const authenticatedAttributes = [];
+  if (opts.policy === "pades-icp-brasil") {
+    const sigCertV2 = buildSigningCertificateV2(certificate);
+    authenticatedAttributes.push({
+      oid: ICP_BRASIL_OIDS.signingCertificateV2,
+      values: [sigCertV2]
+    });
+    try {
+      const sigPolicy = await buildSignaturePolicy();
+      authenticatedAttributes.push({
+        oid: ICP_BRASIL_OIDS.signaturePolicy,
+        values: [sigPolicy]
+      });
+    } catch {}
+  }
+  const unauthenticatedAttributes = [];
+  const signedData = createSignedData({
+    content: bytesToSign,
+    certificate,
+    privateKey,
+    chain,
+    hashAlgorithm: "sha256",
+    authenticatedAttributes: authenticatedAttributes.length > 0 ? authenticatedAttributes : undefined,
+    unauthenticatedAttributes: unauthenticatedAttributes.length > 0 ? unauthenticatedAttributes : undefined,
+    detached: true
+  });
+  if (opts.timestamp && opts.tsaUrl) {
+    try {
+      const tsToken = await requestTimestamp(extractSignatureValue(signedData), opts.tsaUrl, "sha256", {
+        tsaTimeout: opts.tsaTimeout,
+        tsaRetries: opts.tsaRetries,
+        tsaFallbackUrls: opts.tsaFallbackUrls
+      });
+      unauthenticatedAttributes.push({
+        oid: TIMESTAMP_TOKEN_OID,
+        values: [tsToken]
+      });
+    } catch (err) {
+      opts.onTimestampError?.(err);
+    }
+  }
+  const finalSignedData = appendUnauthAttributes(signedData, unauthenticatedAttributes);
+  return embedSignature(pdfWithPlaceholder, finalSignedData);
+}
+function extractSignatureValue(contentInfoDer) {
+  const contentInfo = decodeDer3(contentInfoDer);
+  const signedDataNode = contentInfo.value[1].value[0];
+  const signerInfosSet = signedDataNode.value.at(-1);
+  const signerInfo = signerInfosSet.value[0];
+  const signatureNode = signerInfo.value[5];
+  return signatureNode.value;
+}
+
+class PdfSignError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "PdfSignError";
+  }
+}
+
+export { clearPolicyCache, buildSigningCertificateV2, buildSignaturePolicy, ICP_BRASIL_OIDS, SignaturePolicyError, pdfSignOptionsSchema, TIMESTAMP_SERVERS, TIMESTAMP_TOKEN_OID, requestTimestamp, TimestampError, signPdf, PdfSignError };
+
+//# debugId=7AE89559679974C564756E2164756E21