@f-o-t/e-signature 1.3.1 → 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/README.md +4 -4
  2. package/dist/detect-position.d.ts.map +1 -1
  3. package/dist/{index-e7qwas47.js → index-cj97mfbz.js} +37 -33
  4. package/dist/index-cj97mfbz.js.map +15 -0
  5. package/dist/index.js +1 -1
  6. package/dist/plugins/react/index.js +1 -1
  7. package/dist/sign-pdf.d.ts.map +1 -1
  8. package/package.json +2 -2
  9. package/dist/index-e7qwas47.js.map +0 -15
package/README.md CHANGED
@@ -72,12 +72,12 @@ function SignForm() {
72
72
 
73
73
  ### Using `appearance: "auto"`
74
74
 
75
- Pass `appearance: "auto"` to let `signPdf` automatically detect where to place the visual signature based on the signer's certificate information:
75
+ Pass `appearance: "auto"` to let `signPdf` automatically detect where to place the visual signature based on the signer's certificate information. **By default, auto mode stamps every page** of the PDF:
76
76
 
77
77
  ```ts
78
78
  const signed = await signPdf(pdfBytes, {
79
79
  certificate: { p12, password: "secret" },
80
- appearance: "auto", // auto-detect signing position
80
+ appearance: "auto", // stamps all pages automatically
81
81
  });
82
82
  ```
83
83
 
@@ -89,8 +89,8 @@ For more control, call `detectSigningPosition()` to inspect the detected positio
89
89
  import { detectSigningPosition } from "@f-o-t/e-signature";
90
90
 
91
91
  const position = detectSigningPosition(pdfBytes, {
92
- signerName: "Lucas Furtado Barbosa",
93
- organization: "VERSA SOLUCOES LTDA",
92
+ signerName: "John Doe",
93
+ organization: "Acme Corp",
94
94
  });
95
95
 
96
96
  if (position) {
package/dist/detect-position.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"detect-position.d.ts","sourceRoot":"","sources":["../src/detect-position.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAoB1E;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CAClC,OAAO,EAAE,UAAU,EACnB,OAAO,GAAE,qBAA0B,GACnC,gBAAgB,GAAG,IAAI,CAiIzB"}
1
+ {"version":3,"file":"detect-position.d.ts","sourceRoot":"","sources":["../src/detect-position.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAoB1E;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CAClC,OAAO,EAAE,UAAU,EACnB,OAAO,GAAE,qBAA0B,GACnC,gBAAgB,GAAG,IAAI,CAqIzB"}
package/dist/{index-e7qwas47.js → index-cj97mfbz.js} RENAMED
@@ -26,7 +26,8 @@ function detectSigningPosition(pdfData, options = {}) {
26
26
  return null;
27
27
  const signals = [];
28
28
  const preferredPage = options.preferredPage === -1 ? pages.length - 1 : options.preferredPage ?? pages.length - 1;
29
- for (let i = 0;i < pages.length; i++) {
29
+ const scanStart = Math.max(0, pages.length - 3);
30
+ for (let i = scanStart;i < pages.length; i++) {
30
31
  const page = pages[i];
31
32
  const text = page.content.toLowerCase();
32
33
  if (options.signerName) {
@@ -401,7 +402,7 @@ function drawSignatureAppearance(doc, page, appearance, certInfo, options) {
401
402
  });
402
403
  return doc.embedPng(qrPng);
403
404
  })();
404
- qrSize = Math.min(100, height - 20);
405
+ qrSize = Math.min(80, height - 20);
405
406
  page.drawImage(qrImage, {
406
407
  x: x + 10,
407
408
  y: y + 10,
@@ -419,26 +420,26 @@ function drawSignatureAppearance(doc, page, appearance, certInfo, options) {
419
420
  });
420
421
  }
421
422
  const linkText = "validar.iti.gov.br";
422
- const linkX = x + width / 2 - linkText.length * 2.5;
423
+ const linkX = x + width / 2 - linkText.length * 2;
423
424
  page.drawText(linkText, {
424
425
  x: linkX,
425
- y: y - 12,
426
- size: 8,
426
+ y: y - 10,
427
+ size: 6,
427
428
  color: "#888888"
428
429
  });
429
430
  }
430
431
  function drawCertInfo(page, certInfo, opts) {
431
432
  const textX = opts.x + opts.qrOffset;
432
- let textY = opts.y + opts.height - 20;
433
- const fontSize = 10;
434
- const lineHeight = 14;
433
+ let textY = opts.y + opts.height - 16;
434
+ const fontSize = 7.5;
435
+ const lineHeight = 10;
435
436
  page.drawText("ASSINADO DIGITALMENTE", {
436
437
  x: textX,
437
438
  y: textY,
438
- size: 12,
439
+ size: 9,
439
440
  color: "#008000"
440
441
  });
441
- textY -= lineHeight * 1.5;
442
+ textY -= lineHeight * 1.3;
442
443
  if (certInfo) {
443
444
  const signerName = certInfo.subject.commonName || "N/A";
444
445
  page.drawText(`Signat\xE1rio: ${signerName}`, {
@@ -540,32 +541,31 @@ async function signPdf(pdf, options) {
540
541
  certInfo = parseCertificate(opts.certificate.p12, opts.certificate.password);
541
542
  } catch {}
542
543
  const doc = loadPdf(pdfBytes);
543
- let resolvedAppearance = opts.appearance;
544
+ let resolvedAppearance;
545
+ let autoAppearances;
544
546
  if (opts.appearance === "auto") {
547
+ const width = 350;
548
+ const height = 120;
545
549
  const detected = detectSigningPosition(pdfBytes, {
546
550
  signerName: certInfo?.subject.commonName ?? undefined,
547
551
  organization: certInfo?.subject.organization ?? undefined,
548
552
  preferredPage: -1,
549
- width: 350,
550
- height: 120
553
+ width,
554
+ height
551
555
  });
552
- if (detected) {
553
- resolvedAppearance = {
554
- x: detected.x,
555
- y: detected.y,
556
- width: 350,
557
- height: 120,
558
- page: detected.page
559
- };
560
- } else {
561
- resolvedAppearance = {
562
- x: 50,
563
- y: 700,
564
- width: 350,
565
- height: 120,
566
- page: 0
567
- };
556
+ const baseX = detected?.x ?? 50;
557
+ const baseY = detected?.y ?? 700;
558
+ autoAppearances = [];
559
+ for (let i = 0;i < doc.pageCount; i++) {
560
+ autoAppearances.push({
561
+ x: baseX,
562
+ y: baseY,
563
+ width,
564
+ height,
565
+ page: i
566
+ });
568
567
  }
568
+ resolvedAppearance = false;
569
569
  } else {
570
570
  resolvedAppearance = opts.appearance === false ? false : opts.appearance;
571
571
  }
@@ -582,10 +582,14 @@ async function signPdf(pdf, options) {
582
582
  pdfData: pdfBytes
583
583
  });
584
584
  }
585
- if (opts.appearances && opts.appearances.length > 0) {
586
- const needsQr = opts.appearances.some((a) => a.showQrCode !== false);
585
+ const allAppearances = [
586
+ ...autoAppearances ?? [],
587
+ ...opts.appearances ?? []
588
+ ];
589
+ if (allAppearances.length > 0) {
590
+ const needsQr = allAppearances.some((a) => a.showQrCode !== false);
587
591
  const sharedQrImage = needsQr ? precomputeSharedQrImage(doc, certInfo, pdfBytes, opts.qrCode) : undefined;
588
- for (const app of opts.appearances) {
592
+ for (const app of allAppearances) {
589
593
  const pageIndex = app.page ?? 0;
590
594
  if (pageIndex < 0 || pageIndex >= doc.pageCount) {
591
595
  throw new PdfSignError(`Invalid page index ${pageIndex} in appearances. PDF has ${doc.pageCount} pages.`);
@@ -677,4 +681,4 @@ class PdfSignError extends Error {
677
681
 
678
682
  export { detectSigningPosition, clearPolicyCache, buildSigningCertificateV2, buildSignaturePolicy, ICP_BRASIL_OIDS, SignaturePolicyError, pdfSignOptionsSchema, TIMESTAMP_SERVERS, TIMESTAMP_TOKEN_OID, requestTimestamp, TimestampError, signPdf, PdfSignError };
679
683
 
680
- //# debugId=7527099A32B0EC4564756E2164756E21
684
+ //# debugId=21D845BC86F33D9F64756E2164756E21
package/dist/index-cj97mfbz.js.map ADDED
@@ -0,0 +1,15 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../src/detect-position.ts", "../src/icp-brasil.ts", "../src/schemas.ts", "../src/timestamp.ts", "../src/sign-pdf.ts", "../src/appearance.ts"],
4
+ "sourcesContent": [
5
+ "import { PDFReader } from \"@f-o-t/pdf\";\nimport type { DetectedPosition, DetectPositionOptions } from \"./types.ts\";\n\nconst KEYWORD_PATTERNS = [\n \"assinatura\",\n \"assine\",\n \"representante\",\n \"responsável\",\n \"responsavel\",\n \"signatário\",\n \"signatario\",\n];\n\nconst LINE_PATTERN = /_{5,}|-{5,}/;\n\ntype Signal = {\n page: number;\n weight: number;\n position: number; // 0=top, 1=bottom as fraction of page\n};\n\n/**\n * Detect the best position to place a digital signature on a PDF.\n *\n * Uses weighted scoring across three signal types:\n * - Signer name match (weight 3)\n * - Horizontal line patterns (weight 2)\n * - Signature keywords (weight 1)\n *\n * Returns null if the PDF cannot be parsed.\n */\nexport function detectSigningPosition(\n pdfData: Uint8Array,\n options: DetectPositionOptions = {},\n): DetectedPosition | null {\n let pages;\n try {\n const reader = new PDFReader(pdfData);\n const parsed = reader.parse();\n pages = parsed.pages;\n } catch {\n return null;\n }\n\n if (pages.length === 0) return null;\n\n const signals: Signal[] = [];\n const preferredPage =\n options.preferredPage === -1\n ? pages.length - 1\n : (options.preferredPage ?? pages.length - 1);\n\n // Only scan the last few pages for signals — signatures are\n // almost always near the end, and scanning every page of a\n // large document is expensive (causes browser freezes).\n const scanStart = Math.max(0, pages.length - 3);\n for (let i = scanStart; i < pages.length; i++) {\n const page = pages[i]!;\n const text = page.content.toLowerCase();\n\n // Signal 1: Signer name (weight 3)\n if (options.signerName) {\n const name = options.signerName.toLowerCase();\n if (text.includes(name)) {\n const idx = text.indexOf(name);\n const position = text.length > 0 ? idx / text.length : 0.5;\n signals.push({ page: i, weight: 3, position });\n }\n }\n\n // Signal 1b: Organization name (weight 2.5)\n if (options.organization) {\n const org = options.organization.toLowerCase();\n if (text.includes(org)) {\n const idx = text.indexOf(org);\n const position = text.length > 0 ? idx / text.length : 0.5;\n signals.push({ page: i, weight: 2.5, position });\n }\n }\n\n // Signal 2: Line patterns (weight 2)\n if (LINE_PATTERN.test(text)) {\n const idx = text.search(LINE_PATTERN);\n const position = text.length > 0 ? idx / text.length : 0.5;\n signals.push({ page: i, weight: 2, position });\n }\n\n // Signal 3: Keywords (weight 1)\n for (const keyword of KEYWORD_PATTERNS) {\n if (text.includes(keyword)) {\n const idx = text.indexOf(keyword);\n const position = text.length > 0 ? idx / text.length : 0.5;\n signals.push({ page: i, weight: 1, position });\n break;\n }\n }\n }\n\n // No signals: fallback to bottom of last page\n if (signals.length === 0) {\n const lastPage = pages[pages.length - 1]!;\n return {\n page: pages.length - 1,\n x: 50,\n y: lastPage.size.height - 150,\n confidence: 0.1,\n };\n }\n\n // Group signals by page\n const pageScores = new Map<\n number,\n { totalWeight: number; bestPosition: number; bestWeight: number }\n >();\n for (const signal of signals) {\n const existing = pageScores.get(signal.page);\n if (existing) {\n existing.totalWeight += signal.weight;\n if (signal.weight > existing.bestWeight) {\n existing.bestWeight = signal.weight;\n existing.bestPosition = signal.position;\n }\n } else {\n pageScores.set(signal.page, {\n totalWeight: signal.weight,\n bestPosition: signal.position,\n bestWeight: signal.weight,\n });\n }\n }\n\n // Boost preferred page\n const preferredScore = pageScores.get(preferredPage);\n if (preferredScore) {\n preferredScore.totalWeight *= 1.2;\n }\n\n // Pick best page\n let bestPage = preferredPage;\n let bestScore = 0;\n for (const [page, score] of pageScores) {\n if (score.totalWeight > bestScore) {\n bestScore = score.totalWeight;\n bestPage = page;\n }\n }\n\n const pageInfo = pages[bestPage]!;\n const pageScore = pageScores.get(bestPage)!;\n\n // Position above the best match\n const yFraction = pageScore.bestPosition;\n const sigHeight = options.height ?? 120;\n const yFromTop = Math.max(\n 10,\n yFraction * pageInfo.size.height - sigHeight - 20,\n );\n\n const maxWeight = 3 + 2.5 + 2 + 1;\n const confidence = Math.min(1, bestScore / maxWeight);\n\n return {\n page: bestPage,\n x: options.width ? (pageInfo.size.width - options.width) / 2 : 50,\n y: yFromTop,\n confidence,\n };\n}\n",
6
+ "/**\n * ICP-Brasil Attributes for PAdES Signatures\n *\n * Implements the id-aa-signingCertificateV2 (RFC 5035) and\n * id-aa-ets-sigPolicyId attributes required by ICP-Brasil.\n *\n * Uses @f-o-t/asn1 for ASN.1 construction and @f-o-t/crypto for hashing.\n */\n\nimport {\n type Asn1Node,\n contextTag,\n decodeDer,\n encodeDer,\n ia5String,\n nullValue,\n octetString,\n oid,\n sequence,\n} from \"@f-o-t/asn1\";\nimport { hash } from \"@f-o-t/crypto\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\n/** SHA-256 Algorithm OID */\nconst SHA256_OID = \"2.16.840.1.101.3.4.2.1\";\n\n/** id-aa-signingCertificateV2 OID (RFC 5035) */\nconst SIGNING_CERTIFICATE_V2_OID = \"1.2.840.113549.1.9.16.2.47\";\n\n/** id-aa-ets-sigPolicyId OID */\nconst SIGNATURE_POLICY_OID = \"1.2.840.113549.1.9.16.2.15\";\n\n/** ICP-Brasil PAdES Policy (PA_PAdES_AD_RB_v1_1) */\nconst POLICY_CONFIG = {\n OID: \"2.16.76.1.7.1.11.1.1\",\n URL: \"http://politicas.icpbrasil.gov.br/PA_PAdES_AD_RB_v1_1.der\",\n} as const;\n\n/** id-spq-ets-uri OID */\nconst SPQ_ETS_URI_OID = \"1.2.840.113549.1.9.16.5.1\";\n\n// ---------------------------------------------------------------------------\n// Cached policy data\n// ---------------------------------------------------------------------------\n\nlet cachedPolicyData: {\n hashAlgOid: string;\n policyHash: Uint8Array;\n} | null = null;\n\n/**\n * Clear the cached signature policy data.\n * Useful for testing or forcing a re-download.\n */\nexport function clearPolicyCache(): void {\n cachedPolicyData = null;\n}\n\n// ---------------------------------------------------------------------------\n// Signing Certificate V2\n// ---------------------------------------------------------------------------\n\n/**\n * Build the id-aa-signingCertificateV2 attribute value (DER-encoded).\n *\n * This attribute links the signature to the specific certificate used to\n * create it, preventing substitution attacks.\n *\n * ASN.1 structure (RFC 5035):\n *\n * SigningCertificateV2 ::= SEQUENCE {\n * certs SEQUENCE OF ESSCertIDv2\n * }\n *\n * ESSCertIDv2 ::= SEQUENCE {\n * hashAlgorithm AlgorithmIdentifier DEFAULT {algorithm id-sha256},\n * certHash Hash,\n * issuerSerial IssuerSerial OPTIONAL\n * }\n *\n * IssuerSerial ::= SEQUENCE {\n * issuer GeneralNames,\n * serialNumber CertificateSerialNumber\n * }\n *\n * @param certDer - DER-encoded X.509 certificate\n * @returns DER-encoded SigningCertificateV2 value\n */\nexport function buildSigningCertificateV2(certDer: Uint8Array): Uint8Array {\n // 1. Hash the DER certificate with SHA-256\n const certHash = hash(\"sha256\", certDer);\n\n // 2. Build AlgorithmIdentifier for SHA-256\n const hashAlgId = sequence(oid(SHA256_OID), nullValue());\n\n // 3. Extract issuer and serial number from the certificate\n const cert = decodeDer(certDer);\n const tbsCert = (cert.value as Asn1Node[])[0]!;\n const tbs = tbsCert.value as Asn1Node[];\n\n // version is [0] EXPLICIT, so tbs[0] may be version context tag\n let idx = 0;\n if (tbs[0]!.class === \"context\" && tbs[0]!.tag === 0) {\n idx = 1;\n }\n\n const serialNumber = tbs[idx]!; // INTEGER\n const issuerName = tbs[idx + 2]!; // Name SEQUENCE\n\n // 4. Build IssuerSerial\n // IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber INTEGER }\n // GeneralNames ::= SEQUENCE OF GeneralName\n // GeneralName ::= directoryName [4] Name\n const generalName = contextTag(4, [issuerName]);\n const generalNames = sequence(generalName);\n const issuerSerial = sequence(generalNames, serialNumber);\n\n // 5. Build ESSCertIDv2\n const essCertIdV2 = sequence(hashAlgId, octetString(certHash), issuerSerial);\n\n // 6. Build SigningCertificateV2\n const signingCertV2 = sequence(\n // certs SEQUENCE OF ESSCertIDv2\n sequence(essCertIdV2),\n );\n\n return encodeDer(signingCertV2);\n}\n\n// ---------------------------------------------------------------------------\n// Signature Policy\n// ---------------------------------------------------------------------------\n\n/**\n * Download and parse the ICP-Brasil signature policy DER file.\n * Extracts the embedded signPolicyHash from the ASN.1 structure.\n */\nasync function downloadAndParsePolicyDocument(): Promise<{\n hashAlgOid: string;\n policyHash: Uint8Array;\n}> {\n if (cachedPolicyData) {\n return cachedPolicyData;\n }\n\n const response = await fetch(POLICY_CONFIG.URL, {\n signal: AbortSignal.timeout(10000),\n });\n\n if (!response.ok) {\n throw new SignaturePolicyError(\n `Failed to download signature policy: HTTP ${response.status}`,\n );\n }\n\n const arrayBuffer = await response.arrayBuffer();\n const data = new Uint8Array(arrayBuffer);\n\n if (data.length === 0 || data[0] !== 0x30) {\n throw new SignaturePolicyError(\"Invalid DER format in policy document\");\n }\n\n // Parse the ASN.1 structure:\n // SignaturePolicy ::= SEQUENCE {\n // signPolicyHashAlg AlgorithmIdentifier,\n // signPolicyInfo SignaturePolicyInfo,\n // signPolicyHash OCTET STRING\n // }\n const asn1 = decodeDer(data);\n const children = asn1.value as Asn1Node[];\n\n if (!Array.isArray(children) || children.length < 3) {\n throw new SignaturePolicyError(\n `Unexpected policy structure: expected 3+ children, got ${children?.length}`,\n );\n }\n\n // Child[0] = AlgorithmIdentifier\n const algIdChildren = children[0]!.value as Asn1Node[];\n if (!Array.isArray(algIdChildren) || algIdChildren.length === 0) {\n throw new SignaturePolicyError(\"Invalid AlgorithmIdentifier in policy\");\n }\n\n const { bytesToOid } = await import(\"@f-o-t/asn1\");\n const hashAlgOid = bytesToOid(algIdChildren[0]!.value as Uint8Array);\n\n // Child[2] = signPolicyHash (OCTET STRING)\n const hashNode = children[2]!;\n if (hashNode.tag !== 0x04) {\n throw new SignaturePolicyError(\n `Expected OCTET STRING at child[2], got tag 0x${hashNode.tag.toString(16)}`,\n );\n }\n\n cachedPolicyData = {\n hashAlgOid,\n policyHash: hashNode.value as Uint8Array,\n };\n\n return cachedPolicyData;\n}\n\n/**\n * Build the id-aa-ets-sigPolicyId attribute value (DER-encoded).\n *\n * Downloads the ICP-Brasil PAdES signature policy and extracts the\n * embedded signPolicyHash to build the attribute.\n *\n * @returns DER-encoded SignaturePolicyIdentifier value\n */\nexport async function buildSignaturePolicy(): Promise<Uint8Array> {\n const { hashAlgOid, policyHash } = await downloadAndParsePolicyDocument();\n\n // AlgorithmIdentifier for hash (no NULL — matches policy encoding)\n const hashAlgId = sequence(oid(hashAlgOid));\n\n // SigPolicyHash (OtherHashAlgAndValue)\n const sigPolicyHash = sequence(hashAlgId, octetString(policyHash));\n\n // SigPolicyQualifiers with policy URL\n const sigPolicyQualifiers = sequence(\n sequence(\n // id-spq-ets-uri\n oid(SPQ_ETS_URI_OID),\n // Policy URL as IA5String\n ia5String(POLICY_CONFIG.URL),\n ),\n );\n\n // SignaturePolicyId\n const signaturePolicyId = sequence(\n // sigPolicyId (policy OID)\n oid(POLICY_CONFIG.OID),\n // sigPolicyHash\n sigPolicyHash,\n // sigPolicyQualifiers\n sigPolicyQualifiers,\n );\n\n return encodeDer(signaturePolicyId);\n}\n\n/**\n * Attribute OID constants for external use\n */\nexport const ICP_BRASIL_OIDS = {\n signingCertificateV2: SIGNING_CERTIFICATE_V2_OID,\n signaturePolicy: SIGNATURE_POLICY_OID,\n} as const;\n\n// ---------------------------------------------------------------------------\n// Errors\n// ---------------------------------------------------------------------------\n\nexport class SignaturePolicyError extends Error {\n constructor(message: string) {\n super(message);\n this.name = \"SignaturePolicyError\";\n }\n}\n",
7
+ "/**\n * Zod schemas for input validation\n */\n\nimport { z } from \"zod\";\n\nconst signatureAppearanceSchema = z.object({\n x: z.number(),\n y: z.number(),\n width: z.number().positive(),\n height: z.number().positive(),\n page: z.number().int().min(0).optional(),\n showQrCode: z.boolean().optional(),\n showCertInfo: z.boolean().optional(),\n});\n\nconst qrCodeConfigSchema = z.object({\n data: z.string().optional(),\n size: z.number().int().positive().optional(),\n});\n\nexport const pdfSignOptionsSchema = z.object({\n certificate: z.object({\n p12: z.instanceof(Uint8Array).refine((v) => v.length > 0, {\n message: \"P12 data must not be empty\",\n }),\n password: z.string(),\n name: z.string().optional(),\n }),\n reason: z.string().optional(),\n location: z.string().optional(),\n contactInfo: z.string().optional(),\n policy: z.enum([\"pades-ades\", \"pades-icp-brasil\"]).optional(),\n timestamp: z.boolean().optional(),\n tsaUrl: z.string().url().optional(),\n tsaTimeout: z.number().positive().optional(),\n tsaRetries: z.number().int().min(0).optional(),\n tsaFallbackUrls: z.array(z.string().url()).optional(),\n onTimestampError: z\n .function({ input: z.tuple([z.unknown()]), output: z.void() })\n .optional(),\n appearance: z\n .union([signatureAppearanceSchema, z.literal(\"auto\"), z.literal(false)])\n .optional(),\n appearances: z.array(signatureAppearanceSchema).optional(),\n qrCode: qrCodeConfigSchema.optional(),\n docMdpPermission: z\n .union([z.literal(1), z.literal(2), z.literal(3)])\n .optional(),\n});\n",
8
+ "/**\n * RFC 3161 Timestamp Client\n *\n * Requests trusted timestamps from TSA servers using native fetch.\n * Builds the TimeStampReq using @f-o-t/asn1 instead of forge.\n */\n\nimport {\n type Asn1Node,\n boolean as asn1Boolean,\n decodeDer,\n encodeDer,\n integer,\n octetString,\n oid,\n sequence,\n} from \"@f-o-t/asn1\";\nimport { hash } from \"@f-o-t/crypto\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\n/** Well-known hash algorithm OIDs */\nconst HASH_OIDS: Record<string, string> = {\n sha256: \"2.16.840.1.101.3.4.2.1\",\n sha384: \"2.16.840.1.101.3.4.2.2\",\n sha512: \"2.16.840.1.101.3.4.2.3\",\n};\n\n/** ICP-Brasil Approved Timestamp Servers */\nexport const TIMESTAMP_SERVERS = {\n VALID: \"http://timestamp.valid.com.br/tsa\",\n SAFEWEB: \"http://tsa.safeweb.com.br/tsa/tsa\",\n CERTISIGN: \"http://timestamp.certisign.com.br\",\n} as const;\n\n/** id-smime-aa-timeStampToken OID */\nexport const TIMESTAMP_TOKEN_OID = \"1.2.840.113549.1.9.16.2.14\";\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\n/**\n * Request a timestamp from a TSA server with retry and fallback support.\n *\n * @param dataToTimestamp - The data to timestamp (usually the signature value)\n * @param tsaUrl - URL of the primary timestamp server\n * @param hashAlgorithm - Hash algorithm to use (default: \"sha256\")\n * @param options - Resilience options (timeout, retries, fallback URLs)\n * @returns DER-encoded TimeStampToken\n */\nexport async function requestTimestamp(\n dataToTimestamp: Uint8Array,\n tsaUrl: string,\n hashAlgorithm: \"sha256\" | \"sha384\" | \"sha512\" = \"sha256\",\n options?: {\n tsaTimeout?: number;\n tsaRetries?: number;\n tsaFallbackUrls?: string[];\n },\n): Promise<Uint8Array> {\n // 1. Hash the data\n const messageHash = hash(hashAlgorithm, dataToTimestamp);\n\n // 2. Build TimeStampReq\n const timestampReq = buildTimestampRequest(messageHash, hashAlgorithm);\n\n const tsaTimeout = options?.tsaTimeout ?? 10000;\n const tsaRetries = options?.tsaRetries ?? 0;\n const tsaFallbackUrls = options?.tsaFallbackUrls ?? [];\n\n let lastError: Error | undefined;\n\n // 3. Try primary server: 1 initial attempt + tsaRetries retries\n for (let attempt = 1; attempt <= 1 + tsaRetries; attempt++) {\n if (attempt > 1) {\n await sleep(2 ** (attempt - 2) * 1000);\n }\n try {\n return await fetchTimestamp(tsaUrl, timestampReq, tsaTimeout);\n } catch (err) {\n lastError = err instanceof Error ? err : new Error(String(err));\n }\n }\n\n // 4. Try fallback servers (one attempt each, no delay)\n for (const fallbackUrl of tsaFallbackUrls) {\n try {\n return await fetchTimestamp(fallbackUrl, timestampReq, tsaTimeout);\n } catch (err) {\n lastError = err instanceof Error ? err : new Error(String(err));\n }\n }\n\n // 5. All servers failed\n const fallbackList =\n tsaFallbackUrls.length > 0\n ? `, fallbacks: [${tsaFallbackUrls.join(\", \")}]`\n : \"\";\n throw new TimestampError(\n `TSA request failed: all servers unreachable (primary: ${tsaUrl}${fallbackList}). Last error: ${lastError?.message ?? \"unknown\"}`,\n );\n}\n\n// ---------------------------------------------------------------------------\n// Internal\n// ---------------------------------------------------------------------------\n\nfunction sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\n/**\n * Perform a single TSA fetch attempt, wrapping network errors with a descriptive message.\n */\nasync function fetchTimestamp(\n url: string,\n timestampReq: Uint8Array,\n timeoutMs: number,\n): Promise<Uint8Array> {\n let response: Response;\n try {\n response = await fetch(url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/timestamp-query\",\n },\n body: timestampReq as unknown as BodyInit,\n signal: AbortSignal.timeout(timeoutMs),\n });\n } catch (err) {\n const msg = err instanceof Error ? err.message : String(err);\n throw new Error(`TSA server unreachable: ${url} — ${msg}`);\n }\n\n if (!response.ok) {\n throw new TimestampError(`TSA returned HTTP ${response.status}`);\n }\n\n const respBuffer = new Uint8Array(await response.arrayBuffer());\n return extractTimestampToken(respBuffer);\n}\n\n/**\n * Build a TimeStampReq (RFC 3161) as DER bytes.\n *\n * TimeStampReq ::= SEQUENCE {\n * version INTEGER { v1(1) },\n * messageImprint MessageImprint,\n * certReq BOOLEAN DEFAULT FALSE\n * }\n *\n * MessageImprint ::= SEQUENCE {\n * hashAlgorithm AlgorithmIdentifier,\n * hashedMessage OCTET STRING\n * }\n */\nfunction buildTimestampRequest(\n messageHash: Uint8Array,\n hashAlgorithm: string,\n): Uint8Array {\n const hashOid = HASH_OIDS[hashAlgorithm];\n if (!hashOid) {\n throw new TimestampError(`Unsupported hash algorithm: ${hashAlgorithm}`);\n }\n\n const timestampReq = sequence(\n // version = 1\n integer(1),\n // messageImprint\n sequence(\n // hashAlgorithm AlgorithmIdentifier\n sequence(oid(hashOid)),\n // hashedMessage OCTET STRING\n octetString(messageHash),\n ),\n // certReq = TRUE (request certificate in response)\n asn1Boolean(true),\n );\n\n return encodeDer(timestampReq);\n}\n\n/**\n * Extract the TimeStampToken from a TimeStampResp.\n *\n * TimeStampResp ::= SEQUENCE {\n * status PKIStatusInfo,\n * timeStampToken TimeStampToken OPTIONAL\n * }\n *\n * PKIStatusInfo ::= SEQUENCE {\n * status PKIStatus, -- INTEGER\n * ...\n * }\n */\nfunction extractTimestampToken(respDer: Uint8Array): Uint8Array {\n let resp: Asn1Node;\n try {\n resp = decodeDer(respDer);\n } catch {\n throw new TimestampError(\"Invalid timestamp response: not valid DER\");\n }\n\n const children = resp.value as Asn1Node[];\n if (!Array.isArray(children) || children.length < 1) {\n throw new TimestampError(\n \"Invalid timestamp response: unexpected structure\",\n );\n }\n\n // Check status\n const statusInfo = children[0]!.value as Asn1Node[];\n const statusBytes = statusInfo[0]!.value as Uint8Array;\n // Status 0 = granted, 1 = grantedWithMods\n const statusValue = statusBytes[statusBytes.length - 1]!;\n if (statusValue !== 0 && statusValue !== 1) {\n throw new TimestampError(\n `Timestamp request rejected with status: ${statusValue}`,\n );\n }\n\n // Extract token (second child)\n if (!children[1]) {\n throw new TimestampError(\"Timestamp response does not contain a token\");\n }\n\n return encodeDer(children[1]);\n}\n\n// ---------------------------------------------------------------------------\n// Errors\n// ---------------------------------------------------------------------------\n\nexport class TimestampError extends Error {\n constructor(message: string) {\n super(message);\n this.name = \"TimestampError\";\n }\n}\n",
9
+ "/**\n * PDF Signing — Main Entry Point\n *\n * Signs a PDF document using PAdES format with optional ICP-Brasil compliance.\n *\n * Flow:\n * 1. Parse certificate for display info\n * 2. Load PDF and draw visual appearance\n * 3. Save PDF with signature placeholder\n * 4. Find byte range and extract bytes to sign\n * 5. Build CMS/PKCS#7 SignedData with ICP-Brasil attributes\n * 6. Embed signature into PDF\n */\n\nimport type { Asn1Node } from \"@f-o-t/asn1\";\nimport { decodeDer } from \"@f-o-t/asn1\";\nimport type { CmsAttribute } from \"@f-o-t/crypto\";\nimport {\n appendUnauthAttributes,\n createSignedData,\n parsePkcs12,\n} from \"@f-o-t/crypto\";\nimport type { CertificateInfo } from \"@f-o-t/digital-certificate\";\nimport { parseCertificate } from \"@f-o-t/digital-certificate\";\nimport {\n embedSignature,\n extractBytesToSign,\n findByteRange,\n loadPdf,\n} from \"@f-o-t/pdf/plugins/editing\";\nimport {\n drawSignatureAppearance,\n precomputeSharedQrImage,\n} from \"./appearance.ts\";\nimport { detectSigningPosition } from \"./detect-position.ts\";\nimport {\n buildSignaturePolicy,\n buildSigningCertificateV2,\n ICP_BRASIL_OIDS,\n} from \"./icp-brasil.ts\";\nimport { pdfSignOptionsSchema } from \"./schemas.ts\";\nimport { requestTimestamp, TIMESTAMP_TOKEN_OID } from \"./timestamp.ts\";\nimport type { PdfSignOptions, SignatureAppearance } from \"./types.ts\";\n\n/**\n * Sign a PDF document with a digital certificate.\n *\n * Supports PAdES-BES and PAdES with ICP-Brasil compliance\n * (signing-certificate-v2 and signature-policy attributes).\n *\n * @param pdf - The PDF document as a Uint8Array or ReadableStream<Uint8Array>\n * @param options - Signing options\n * @returns The signed PDF as a Uint8Array\n *\n * @example\n * ```ts\n * const signedPdf = await signPdf(pdfBytes, {\n * certificate: { p12, password: \"secret\" },\n * reason: \"Document approval\",\n * location: \"Corporate Office\",\n * policy: \"pades-icp-brasil\",\n * });\n * ```\n */\nexport async function signPdf(\n pdf: Uint8Array | ReadableStream<Uint8Array>,\n options: PdfSignOptions,\n): Promise<Uint8Array> {\n // Accumulate ReadableStream into Uint8Array if needed\n let pdfBytes: Uint8Array;\n if (pdf instanceof ReadableStream) {\n const chunks: Uint8Array[] = [];\n const reader = pdf.getReader();\n try {\n while (true) {\n const { done, value } = await reader.read();\n if (done) break;\n if (value) chunks.push(value);\n }\n } finally {\n reader.releaseLock();\n }\n const totalLength = chunks.reduce((sum, c) => sum + c.length, 0);\n pdfBytes = new Uint8Array(totalLength);\n let offset = 0;\n for (const chunk of chunks) {\n pdfBytes.set(chunk, offset);\n offset += chunk.length;\n }\n } else {\n pdfBytes = pdf;\n }\n\n // Validate input\n const opts = pdfSignOptionsSchema.parse(options);\n\n // 1. Parse PKCS#12 early — needed both for display info and for sizing the\n // signature placeholder accurately based on the actual certificate chain length.\n const { certificate, privateKey, chain } = await parsePkcs12(\n opts.certificate.p12,\n opts.certificate.password,\n );\n\n // 1b. Parse certificate for rich display info (CPF/CNPJ, subject CN, etc.)\n let certInfo: CertificateInfo | null = null;\n try {\n certInfo = parseCertificate(\n opts.certificate.p12,\n opts.certificate.password,\n );\n } catch {\n // If parsing fails, continue without cert info for display\n }\n\n // 2. Load PDF via editing plugin\n const doc = loadPdf(pdfBytes);\n\n // Resolve \"auto\" appearance — stamp on ALL pages\n let resolvedAppearance: Exclude<typeof opts.appearance, \"auto\"> | undefined;\n let autoAppearances: SignatureAppearance[] | undefined;\n\n if (opts.appearance === \"auto\") {\n const width = 350;\n const height = 120;\n\n // Try to detect best position on a representative page\n const detected = detectSigningPosition(pdfBytes, {\n signerName: certInfo?.subject.commonName ?? undefined,\n organization: certInfo?.subject.organization ?? undefined,\n preferredPage: -1,\n width,\n height,\n });\n\n const baseX = detected?.x ?? 50;\n const baseY = detected?.y ?? 700;\n\n // Generate one appearance per page\n autoAppearances = [];\n for (let i = 0; i < doc.pageCount; i++) {\n autoAppearances.push({\n x: baseX,\n y: baseY,\n width,\n height,\n page: i,\n });\n }\n\n // Clear single appearance — we use appearances[] instead\n resolvedAppearance = false;\n } else {\n resolvedAppearance = opts.appearance === false ? false : opts.appearance;\n }\n\n // 3. Draw visual signature appearance if requested\n if (resolvedAppearance !== false && resolvedAppearance) {\n const pageIndex = resolvedAppearance.page ?? 0;\n\n if (pageIndex < 0 || pageIndex >= doc.pageCount) {\n throw new PdfSignError(\n `Invalid page index: ${pageIndex}. PDF has ${doc.pageCount} pages.`,\n );\n }\n\n const page = doc.getPage(pageIndex);\n\n drawSignatureAppearance(doc, page, resolvedAppearance, certInfo, {\n reason: opts.reason,\n location: opts.location,\n qrCode: opts.qrCode,\n pdfData: pdfBytes,\n });\n }\n\n // 3b. Draw multiple visual signature appearances\n const allAppearances = [\n ...(autoAppearances ?? []),\n ...(opts.appearances ?? []),\n ];\n\n if (allAppearances.length > 0) {\n const needsQr = allAppearances.some((a) => a.showQrCode !== false);\n const sharedQrImage = needsQr\n ? precomputeSharedQrImage(doc, certInfo, pdfBytes, opts.qrCode)\n : undefined;\n\n for (const app of allAppearances) {\n const pageIndex = app.page ?? 0;\n\n if (pageIndex < 0 || pageIndex >= doc.pageCount) {\n throw new PdfSignError(\n `Invalid page index ${pageIndex} in appearances. PDF has ${doc.pageCount} pages.`,\n );\n }\n\n const page = doc.getPage(pageIndex);\n\n drawSignatureAppearance(doc, page, app, certInfo, {\n reason: opts.reason,\n location: opts.location,\n qrCode: opts.qrCode,\n pdfData: pdfBytes,\n preEmbeddedQr: sharedQrImage,\n });\n }\n }\n\n // 4. Save with signature placeholder\n const signerName =\n certInfo?.subject.commonName ||\n opts.certificate.name ||\n \"Digital Signature\";\n\n // Dynamic placeholder size: base 8 KB + 2× actual cert chain + 4 KB for a\n // timestamp token (if configured). Prevents \"Signature too large\" failures for\n // certificates with long chains (5+ certs) or large RSA keys.\n const certChainBytes =\n certificate.length + chain.reduce((sum, c) => sum + c.length, 0);\n const signatureLength = Math.max(\n 16384,\n certChainBytes * 2 + (opts.tsaUrl ? 4096 : 0) + 8192,\n );\n\n // Which page hosts the widget annotation — must match the visual appearance\n // page so PDF readers navigate to the right page when a signature is clicked.\n const appearancePage = resolvedAppearance\n ? ((resolvedAppearance as { page?: number }).page ?? 0)\n : (opts.appearances?.[0]?.page ?? 0);\n\n const { pdf: pdfWithPlaceholder } = doc.saveWithPlaceholder({\n reason: opts.reason || \"Digitally signed\",\n name: signerName,\n location: opts.location,\n contactInfo: opts.contactInfo,\n signatureLength,\n docMdpPermission: opts.docMdpPermission ?? 2,\n appearancePage,\n });\n\n // 5. Find byte range and extract bytes to sign\n const { byteRange } = findByteRange(pdfWithPlaceholder);\n const bytesToSign = extractBytesToSign(pdfWithPlaceholder, byteRange);\n\n // 6. Cryptographic material already parsed in step 1\n\n // 7. Build ICP-Brasil authenticated attributes if needed\n const authenticatedAttributes: CmsAttribute[] = [];\n\n if (opts.policy === \"pades-icp-brasil\") {\n // signing-certificate-v2\n const sigCertV2 = buildSigningCertificateV2(certificate);\n authenticatedAttributes.push({\n oid: ICP_BRASIL_OIDS.signingCertificateV2,\n values: [sigCertV2],\n });\n\n // signature-policy\n try {\n const sigPolicy = await buildSignaturePolicy();\n authenticatedAttributes.push({\n oid: ICP_BRASIL_OIDS.signaturePolicy,\n values: [sigPolicy],\n });\n } catch {\n // Policy download failure is non-fatal\n // The signature will still be valid PAdES-BES\n }\n }\n\n // 8. Build unauthenticated attributes\n const unauthenticatedAttributes: CmsAttribute[] = [];\n\n // 9. Create CMS/PKCS#7 SignedData\n const signedData = await createSignedData({\n content: bytesToSign,\n certificate,\n privateKey,\n chain,\n hashAlgorithm: \"sha256\",\n authenticatedAttributes:\n authenticatedAttributes.length > 0\n ? authenticatedAttributes\n : undefined,\n unauthenticatedAttributes:\n unauthenticatedAttributes.length > 0\n ? unauthenticatedAttributes\n : undefined,\n detached: true,\n });\n\n // 10. Optionally request timestamp and embed as unauthenticated attribute\n if (opts.timestamp && opts.tsaUrl) {\n try {\n const tsToken = await requestTimestamp(\n extractSignatureValue(signedData),\n opts.tsaUrl,\n \"sha256\",\n {\n tsaTimeout: opts.tsaTimeout,\n tsaRetries: opts.tsaRetries,\n tsaFallbackUrls: opts.tsaFallbackUrls,\n },\n );\n unauthenticatedAttributes.push({\n oid: TIMESTAMP_TOKEN_OID,\n values: [tsToken],\n });\n } catch (err) {\n // Timestamp failure is non-fatal\n opts.onTimestampError?.(err);\n }\n }\n\n // 11. Patch timestamp token into SignedData as unauthenticated attribute (no re-signing)\n const finalSignedData = appendUnauthAttributes(\n signedData,\n unauthenticatedAttributes,\n );\n\n // 12. Embed signature into PDF\n return embedSignature(pdfWithPlaceholder, finalSignedData);\n}\n\n// ---------------------------------------------------------------------------\n// Internal helpers\n// ---------------------------------------------------------------------------\n\n/**\n * Extract the raw signature value bytes from a DER-encoded CMS ContentInfo.\n *\n * Per CAdES (ETSI EN 319 122-1) / RFC 5126 §5.5.1, the id-smime-aa-timeStampToken\n * attribute must be a timestamp over the SignerInfo.signature octets, not the\n * full ContentInfo blob.\n *\n * ContentInfo → [0] EXPLICIT → SignedData → signerInfos[0] → signature OCTET STRING\n */\nfunction extractSignatureValue(contentInfoDer: Uint8Array): Uint8Array {\n const contentInfo = decodeDer(contentInfoDer);\n const signedDataNode = (\n (contentInfo.value as Asn1Node[])[1]!.value as Asn1Node[]\n )[0]!;\n // signerInfos is always the last child of SignedData per RFC 5652\n const signerInfosSet = (signedDataNode.value as Asn1Node[]).at(-1)!;\n const signerInfo = (signerInfosSet.value as Asn1Node[])[0]!;\n const signatureNode = (signerInfo.value as Asn1Node[])[5]!;\n return signatureNode.value as Uint8Array;\n}\n\n// ---------------------------------------------------------------------------\n// Errors\n// ---------------------------------------------------------------------------\n\nexport class PdfSignError extends Error {\n constructor(message: string) {\n super(message);\n this.name = \"PdfSignError\";\n }\n}\n",
10
+ "/**\n * Visual Signature Appearance\n *\n * Draws certificate information and QR code on the PDF page\n * following the ICP-Brasil standard visual signature layout.\n */\n\nimport type { CertificateInfo } from \"@f-o-t/digital-certificate\";\nimport type {\n PdfDocument,\n PdfImage,\n PdfPage,\n} from \"@f-o-t/pdf/plugins/editing\";\nimport { generateQrCode } from \"@f-o-t/qrcode\";\nimport type { QrCodeConfig, SignatureAppearance } from \"./types.ts\";\n\nconst VALIDATION_URL = \"https://validar.iti.gov.br\";\n\n/**\n * Draw the visual signature appearance on a PDF page.\n *\n * Includes optional QR code and certificate information text\n * inside a bordered rectangle following ICP-Brasil layout.\n */\nexport function drawSignatureAppearance(\n doc: PdfDocument,\n page: PdfPage,\n appearance: SignatureAppearance,\n certInfo: CertificateInfo | null,\n options: {\n reason?: string;\n location?: string;\n qrCode?: QrCodeConfig;\n pdfData: Uint8Array;\n preEmbeddedQr?: PdfImage;\n },\n): void {\n const { x, width, height } = appearance;\n const showQrCode = appearance.showQrCode !== false;\n const showCertInfo = appearance.showCertInfo !== false;\n\n // Convert from top-left origin (user-facing) to PDF bottom-left origin.\n const y = page.height - appearance.y - height;\n\n // Draw bordered rectangle around the signature area\n page.drawRectangle({\n x,\n y,\n width,\n height,\n borderColor: \"#C0C0C0\",\n borderWidth: 1,\n });\n\n let qrSize = 0;\n\n // Draw QR code if requested (enabled by default)\n if (showQrCode) {\n const qrImage =\n options.preEmbeddedQr ??\n (() => {\n const qrData = options.qrCode?.data ?? VALIDATION_URL;\n const qrPng = generateQrCode(qrData, {\n size: options.qrCode?.size ?? 100,\n });\n return doc.embedPng(qrPng);\n })();\n\n qrSize = Math.min(80, height - 20);\n\n page.drawImage(qrImage, {\n x: x + 10,\n y: y + 10,\n width: qrSize,\n height: qrSize,\n });\n }\n\n // Draw certificate info text\n if (showCertInfo) {\n drawCertInfo(page, certInfo, {\n x,\n y,\n width,\n height,\n qrOffset: qrSize > 0 ? qrSize + 20 : 10,\n });\n }\n\n // Reference link below the box\n const linkText = \"validar.iti.gov.br\";\n const linkX = x + width / 2 - linkText.length * 2;\n page.drawText(linkText, {\n x: linkX,\n y: y - 10,\n size: 6,\n color: \"#888888\",\n });\n}\n\n/**\n * Draw certificate information text on the page following ICP-Brasil layout.\n */\nfunction drawCertInfo(\n page: PdfPage,\n certInfo: CertificateInfo | null,\n opts: {\n x: number;\n y: number;\n width: number;\n height: number;\n qrOffset: number;\n },\n): void {\n const textX = opts.x + opts.qrOffset;\n let textY = opts.y + opts.height - 16;\n const fontSize = 7.5;\n const lineHeight = 10;\n\n // Green header\n page.drawText(\"ASSINADO DIGITALMENTE\", {\n x: textX,\n y: textY,\n size: 9,\n color: \"#008000\",\n });\n textY -= lineHeight * 1.3;\n\n if (certInfo) {\n // Signer name\n const signerName = certInfo.subject.commonName || \"N/A\";\n page.drawText(`Signatário: ${signerName}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n\n // Organization (if available)\n if (certInfo.subject.organization) {\n page.drawText(`Empresa: ${certInfo.subject.organization}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n }\n\n // CNPJ or CPF\n if (certInfo.brazilian.cnpj) {\n const cnpj = formatCnpj(certInfo.brazilian.cnpj);\n page.drawText(`CNPJ: ${cnpj}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n } else if (certInfo.brazilian.cpf) {\n const cpf = formatCpf(certInfo.brazilian.cpf);\n page.drawText(`CPF: ${cpf}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n }\n\n // Date and time\n const now = new Date();\n const dateStr = now.toLocaleDateString(\"pt-BR\");\n const timeStr = now.toLocaleTimeString(\"pt-BR\");\n page.drawText(`Data: ${dateStr} ${timeStr}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n\n // Certificate type\n page.drawText(\"Certificado: ICP-Brasil (A1)\", {\n x: textX,\n y: textY,\n size: fontSize,\n });\n } else {\n // Fallback if cert info not available\n page.drawText(\"Assinatura Digital\", {\n x: textX,\n y: textY,\n size: fontSize,\n });\n }\n}\n\n/**\n * Pre-compute the QR code image and embed it once into the PDF document.\n * Call this before an appearances loop so all appearances share a single XObject.\n */\nexport function precomputeSharedQrImage(\n doc: PdfDocument,\n certInfo: CertificateInfo | null,\n pdfData: Uint8Array,\n qrConfig?: QrCodeConfig,\n): PdfImage {\n const qrData = qrConfig?.data ?? VALIDATION_URL;\n const qrPng = generateQrCode(qrData, { size: qrConfig?.size ?? 100 });\n return doc.embedPng(qrPng);\n}\n\n/**\n * Format a CNPJ number with punctuation\n */\nfunction formatCnpj(cnpj: string): string {\n return cnpj.replace(/(\\d{2})(\\d{3})(\\d{3})(\\d{4})(\\d{2})/, \"$1.$2.$3/$4-$5\");\n}\n\n/**\n * Format a CPF number with punctuation\n */\nfunction formatCpf(cpf: string): string {\n return cpf.replace(/(\\d{3})(\\d{3})(\\d{3})(\\d{2})/, \"$1.$2.$3-$4\");\n}\n"
11
+ ],
12
+ "mappings": ";;;;AAAA;AAGA,IAAM,mBAAmB;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACH;AAEA,IAAM,eAAe;AAkBd,SAAS,qBAAqB,CAClC,SACA,UAAiC,CAAC,GACV;AAAA,EACxB,IAAI;AAAA,EACJ,IAAI;AAAA,IACD,MAAM,SAAS,IAAI,UAAU,OAAO;AAAA,IACpC,MAAM,SAAS,OAAO,MAAM;AAAA,IAC5B,QAAQ,OAAO;AAAA,IAChB,MAAM;AAAA,IACL,OAAO;AAAA;AAAA,EAGV,IAAI,MAAM,WAAW;AAAA,IAAG,OAAO;AAAA,EAE/B,MAAM,UAAoB,CAAC;AAAA,EAC3B,MAAM,gBACH,QAAQ,kBAAkB,KACrB,MAAM,SAAS,IACd,QAAQ,iBAAiB,MAAM,SAAS;AAAA,EAKjD,MAAM,YAAY,KAAK,IAAI,GAAG,MAAM,SAAS,CAAC;AAAA,EAC9C,SAAS,IAAI,UAAW,IAAI,MAAM,QAAQ,KAAK;AAAA,IAC5C,MAAM,OAAO,MAAM;AAAA,IACnB,MAAM,OAAO,KAAK,QAAQ,YAAY;AAAA,IAGtC,IAAI,QAAQ,YAAY;AAAA,MACrB,MAAM,OAAO,QAAQ,WAAW,YAAY;AAAA,MAC5C,IAAI,KAAK,SAAS,IAAI,GAAG;AAAA,QACtB,MAAM,MAAM,KAAK,QAAQ,IAAI;AAAA,QAC7B,MAAM,WAAW,KAAK,SAAS,IAAI,MAAM,KAAK,SAAS;AAAA,QACvD,QAAQ,KAAK,EAAE,MAAM,GAAG,QAAQ,GAAG,SAAS,CAAC;AAAA,MAChD;AAAA,IACH;AAAA,IAGA,IAAI,QAAQ,cAAc;AAAA,MACvB,MAAM,MAAM,QAAQ,aAAa,YAAY;AAAA,MAC7C,IAAI,KAAK,SAAS,GAAG,GAAG;AAAA,QACrB,MAAM,MAAM,KAAK,QAAQ,GAAG;AAAA,QAC5B,MAAM,WAAW,KAAK,SAAS,IAAI,MAAM,KAAK,SAAS;AAAA,QACvD,QAAQ,KAAK,EAAE,MAAM,GAAG,QAAQ,KAAK,SAAS,CAAC;AAAA,MAClD;AAAA,IACH;AAAA,IAGA,IAAI,aAAa,KAAK,IAAI,GAAG;AAAA,MAC1B,MAAM,MAAM,KAAK,OAAO,YAAY;AAAA,MACpC,MAAM,WAAW,KAAK,SAAS,IAAI,MAAM,KAAK,SAAS;AAAA,MACvD,QAAQ,KAAK,EAAE,MAAM,GAAG,QAAQ,GAAG,SAAS,CAAC;AAAA,IAChD;AAAA,IAGA,WAAW,WAAW,kBAAkB;AAAA,MACrC,IAAI,KAAK,SAAS,OAAO,GAAG;AAAA,QACzB,MAAM,MAAM,KAAK,QAAQ,OAAO;AAAA,QAChC,MAAM,WAAW,KAAK,SAAS,IAAI,MAAM,KAAK,SAAS;AAAA,QACvD,QAAQ,KAAK,EAAE,MAAM,GAAG,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC7C;AAAA,MACH;AAAA,IACH;AAAA,EACH;AAAA,EAGA,IAAI,QAAQ,WAAW,GAAG;AAAA,IACvB,MAAM,WAAW,MAAM,MAAM,SAAS;AAAA,IACtC,OAAO;AAAA,MACJ,MAAM,MAAM,SAAS;AAAA,MACrB,GAAG;AAAA,MACH,GAAG,SAAS,KAAK,SAAS;AAAA,MAC1B,YAAY;AAAA,IACf;AAAA,EACH;AAAA,EAGA,MAAM,aAAa,IAAI;AAAA,EAIvB,WAAW,UAAU,SAAS;AAAA,IAC3B,MAAM,WAAW,WAAW,IAAI,OAAO,IAAI;AAAA,IAC3C,IAAI,UAAU;AAAA,MACX,SAAS,eAAe,OAAO;AAAA,MAC/B,IAAI,OAAO,SAAS,SAAS,YAAY;AAAA,QACtC,SAAS,aAAa,OAAO;AAAA,QAC7B,SAAS,eAAe,OAAO;AAAA,MAClC;AAAA,IACH,EAAO;AAAA,MACJ,WAAW,IAAI,OAAO,MAAM;AAAA,QACzB,aAAa,OAAO;AAAA,QACpB,cAAc,OAAO;AAAA,QACrB,YAAY,OAAO;AAAA,MACtB,CAAC;AAAA;AAAA,EAEP;AAAA,EAGA,MAAM,iBAAiB,WAAW,IAAI,aAAa;AAAA,EACnD,IAAI,gBAAgB;AAAA,IACjB,eAAe,eAAe;AAAA,EACjC;AAAA,EAGA,IAAI,WAAW;AAAA,EACf,IAAI,YAAY;AAAA,EAChB,YAAY,MAAM,UAAU,YAAY;AAAA,IACrC,IAAI,MAAM,cAAc,WAAW;AAAA,MAChC,YAAY,MAAM;AAAA,MAClB,WAAW;AAAA,IACd;AAAA,EACH;AAAA,EAEA,MAAM,WAAW,MAAM;AAAA,EACvB,MAAM,YAAY,WAAW,IAAI,QAAQ;AAAA,EAGzC,MAAM,YAAY,UAAU;AAAA,EAC5B,MAAM,YAAY,QAAQ,UAAU;AAAA,EACpC,MAAM,WAAW,KAAK,IACnB,IACA,YAAY,SAAS,KAAK,SAAS,YAAY,EAClD;AAAA,EAEA,MAAM,YAAY,IAAI,MAAM,IAAI;AAAA,EAChC,MAAM,aAAa,KAAK,IAAI,GAAG,YAAY,SAAS;AAAA,EAEpD,OAAO;AAAA,IACJ,MAAM;AAAA,IACN,GAAG,QAAQ,SAAS,SAAS,KAAK,QAAQ,QAAQ,SAAS,IAAI;AAAA,IAC/D,GAAG;AAAA,IACH;AAAA,EACH;AAAA;;;AC7JH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAWA;AAOA,IAAM,aAAa;AAGnB,IAAM,6BAA6B;AAGnC,IAAM,uBAAuB;AAG7B,IAAM,gBAAgB;AAAA,EACnB,KAAK;AAAA,EACL,KAAK;AACR;AAGA,IAAM,kBAAkB;AAMxB,IAAI,mBAGO;AAMJ,SAAS,gBAAgB,GAAS;AAAA,EACtC,mBAAmB;AAAA;AAiCf,SAAS,yBAAyB,CAAC,SAAiC;AAAA,EAExE,MAAM,WAAW,KAAK,UAAU,OAAO;AAAA,EAGvC,MAAM,YAAY,SAAS,IAAI,UAAU,GAAG,UAAU,CAAC;AAAA,EAGvD,MAAM,OAAO,UAAU,OAAO;AAAA,EAC9B,MAAM,UAAW,KAAK,MAAqB;AAAA,EAC3C,MAAM,MAAM,QAAQ;AAAA,EAGpB,IAAI,MAAM;AAAA,EACV,IAAI,IAAI,GAAI,UAAU,aAAa,IAAI,GAAI,QAAQ,GAAG;AAAA,IACnD,MAAM;AAAA,EACT;AAAA,EAEA,MAAM,eAAe,IAAI;AAAA,EACzB,MAAM,aAAa,IAAI,MAAM;AAAA,EAM7B,MAAM,cAAc,WAAW,GAAG,CAAC,UAAU,CAAC;AAAA,EAC9C,MAAM,eAAe,SAAS,WAAW;AAAA,EACzC,MAAM,eAAe,SAAS,cAAc,YAAY;AAAA,EAGxD,MAAM,cAAc,SAAS,WAAW,YAAY,QAAQ,GAAG,YAAY;AAAA,EAG3E,MAAM,gBAAgB,SAEnB,SAAS,WAAW,CACvB;AAAA,EAEA,OAAO,UAAU,aAAa;AAAA;AAWjC,eAAe,8BAA8B,GAG1C;AAAA,EACA,IAAI,kBAAkB;AAAA,IACnB,OAAO;AAAA,EACV;AAAA,EAEA,MAAM,WAAW,MAAM,MAAM,cAAc,KAAK;AAAA,IAC7C,QAAQ,YAAY,QAAQ,GAAK;AAAA,EACpC,CAAC;AAAA,EAED,IAAI,CAAC,SAAS,IAAI;AAAA,IACf,MAAM,IAAI,qBACP,6CAA6C,SAAS,QACzD;AAAA,EACH;AAAA,EAEA,MAAM,cAAc,MAAM,SAAS,YAAY;AAAA,EAC/C,MAAM,OAAO,IAAI,WAAW,WAAW;AAAA,EAEvC,IAAI,KAAK,WAAW,KAAK,KAAK,OAAO,IAAM;AAAA,IACxC,MAAM,IAAI,qBAAqB,uCAAuC;AAAA,EACzE;AAAA,EAQA,MAAM,OAAO,UAAU,IAAI;AAAA,EAC3B,MAAM,WAAW,KAAK;AAAA,EAEtB,IAAI,CAAC,MAAM,QAAQ,QAAQ,KAAK,SAAS,SAAS,GAAG;AAAA,IAClD,MAAM,IAAI,qBACP,0DAA0D,UAAU,QACvE;AAAA,EACH;AAAA,EAGA,MAAM,gBAAgB,SAAS,GAAI;AAAA,EACnC,IAAI,CAAC,MAAM,QAAQ,aAAa,KAAK,cAAc,WAAW,GAAG;AAAA,IAC9D,MAAM,IAAI,qBAAqB,uCAAuC;AAAA,EACzE;AAAA,EAEA,QAAQ,eAAe,MAAa;AAAA,EACpC,MAAM,aAAa,WAAW,cAAc,GAAI,KAAmB;AAAA,EAGnE,MAAM,WAAW,SAAS;AAAA,EAC1B,IAAI,SAAS,QAAQ,GAAM;AAAA,IACxB,MAAM,IAAI,qBACP,gDAAgD,SAAS,IAAI,SAAS,EAAE,GAC3E;AAAA,EACH;AAAA,EAEA,mBAAmB;AAAA,IAChB;AAAA,IACA,YAAY,SAAS;AAAA,EACxB;AAAA,EAEA,OAAO;AAAA;AAWV,eAAsB,oBAAoB,GAAwB;AAAA,EAC/D,QAAQ,YAAY,eAAe,MAAM,+BAA+B;AAAA,EAGxE,MAAM,YAAY,SAAS,IAAI,UAAU,CAAC;AAAA,EAG1C,MAAM,gBAAgB,SAAS,WAAW,YAAY,UAAU,CAAC;AAAA,EAGjE,MAAM,sBAAsB,SACzB,SAEG,IAAI,eAAe,GAEnB,UAAU,cAAc,GAAG,CAC9B,CACH;AAAA,EAGA,MAAM,oBAAoB,SAEvB,IAAI,cAAc,GAAG,GAErB,eAEA,mBACH;AAAA,EAEA,OAAO,UAAU,iBAAiB;AAAA;AAM9B,IAAM,kBAAkB;AAAA,EAC5B,sBAAsB;AAAA,EACtB,iBAAiB;AACpB;AAAA;AAMO,MAAM,6BAA6B,MAAM;AAAA,EAC7C,WAAW,CAAC,SAAiB;AAAA,IAC1B,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAElB;;;AClQA;AAEA,IAAM,4BAA4B,EAAE,OAAO;AAAA,EACxC,GAAG,EAAE,OAAO;AAAA,EACZ,GAAG,EAAE,OAAO;AAAA,EACZ,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACvC,YAAY,EAAE,QAAQ,EAAE,SAAS;AAAA,EACjC,cAAc,EAAE,QAAQ,EAAE,SAAS;AACtC,CAAC;AAED,IAAM,qBAAqB,EAAE,OAAO;AAAA,EACjC,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC1B,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAC9C,CAAC;AAEM,IAAM,uBAAuB,EAAE,OAAO;AAAA,EAC1C,aAAa,EAAE,OAAO;AAAA,IACnB,KAAK,EAAE,WAAW,UAAU,EAAE,OAAO,CAAC,MAAM,EAAE,SAAS,GAAG;AAAA,MACvD,SAAS;AAAA,IACZ,CAAC;AAAA,IACD,UAAU,EAAE,OAAO;AAAA,IACnB,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,CAAC;AAAA,EACD,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,aAAa,EAAE,OAAO,EAAE,SAAS;AAAA,EACjC,QAAQ,EAAE,KAAK,CAAC,cAAc,kBAAkB,CAAC,EAAE,SAAS;AAAA,EAC5D,WAAW,EAAE,QAAQ,EAAE,SAAS;AAAA,EAChC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EAClC,YAAY,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC3C,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EAC7C,iBAAiB,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACpD,kBAAkB,EACd,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC,GAAG,QAAQ,EAAE,KAAK,EAAE,CAAC,EAC5D,SAAS;AAAA,EACb,YAAY,EACR,MAAM,CAAC,2BAA2B,EAAE,QAAQ,MAAM,GAAG,EAAE,QAAQ,KAAK,CAAC,CAAC,EACtE,SAAS;AAAA,EACb,aAAa,EAAE,MAAM,yBAAyB,EAAE,SAAS;AAAA,EACzD,QAAQ,mBAAmB,SAAS;AAAA,EACpC,kBAAkB,EACd,MAAM,CAAC,EAAE,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,EAChD,SAAS;AAChB,CAAC;;;AC1CD;AAAA,aAEG;AAAA,eACA;AAAA,eACA;AAAA;AAAA,iBAEA;AAAA,SACA;AAAA,cACA;AAAA;AAEH,iBAAS;AAOT,IAAM,YAAoC;AAAA,EACvC,QAAQ;AAAA,EACR,QAAQ;AAAA,EACR,QAAQ;AACX;AAGO,IAAM,oBAAoB;AAAA,EAC9B,OAAO;AAAA,EACP,SAAS;AAAA,EACT,WAAW;AACd;AAGO,IAAM,sBAAsB;AAenC,eAAsB,gBAAgB,CACnC,iBACA,QACA,gBAAgD,UAChD,SAKoB;AAAA,EAEpB,MAAM,cAAc,MAAK,eAAe,eAAe;AAAA,EAGvD,MAAM,eAAe,sBAAsB,aAAa,aAAa;AAAA,EAErE,MAAM,aAAa,SAAS,cAAc;AAAA,EAC1C,MAAM,aAAa,SAAS,cAAc;AAAA,EAC1C,MAAM,kBAAkB,SAAS,mBAAmB,CAAC;AAAA,EAErD,IAAI;AAAA,EAGJ,SAAS,UAAU,EAAG,WAAW,IAAI,YAAY,WAAW;AAAA,IACzD,IAAI,UAAU,GAAG;AAAA,MACd,MAAM,MAAM,MAAM,UAAU,KAAK,IAAI;AAAA,IACxC;AAAA,IACA,IAAI;AAAA,MACD,OAAO,MAAM,eAAe,QAAQ,cAAc,UAAU;AAAA,MAC7D,OAAO,KAAK;AAAA,MACX,YAAY,eAAe,QAAQ,MAAM,IAAI,MAAM,OAAO,GAAG,CAAC;AAAA;AAAA,EAEpE;AAAA,EAGA,WAAW,eAAe,iBAAiB;AAAA,IACxC,IAAI;AAAA,MACD,OAAO,MAAM,eAAe,aAAa,cAAc,UAAU;AAAA,MAClE,OAAO,KAAK;AAAA,MACX,YAAY,eAAe,QAAQ,MAAM,IAAI,MAAM,OAAO,GAAG,CAAC;AAAA;AAAA,EAEpE;AAAA,EAGA,MAAM,eACH,gBAAgB,SAAS,IACpB,iBAAiB,gBAAgB,KAAK,IAAI,OAC1C;AAAA,EACR,MAAM,IAAI,eACP,yDAAyD,SAAS,8BAA8B,WAAW,WAAW,WACzH;AAAA;AAOH,SAAS,KAAK,CAAC,IAA2B;AAAA,EACvC,OAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AAAA;AAM1D,eAAe,cAAc,CAC1B,KACA,cACA,WACoB;AAAA,EACpB,IAAI;AAAA,EACJ,IAAI;AAAA,IACD,WAAW,MAAM,MAAM,KAAK;AAAA,MACzB,QAAQ;AAAA,MACR,SAAS;AAAA,QACN,gBAAgB;AAAA,MACnB;AAAA,MACA,MAAM;AAAA,MACN,QAAQ,YAAY,QAAQ,SAAS;AAAA,IACxC,CAAC;AAAA,IACF,OAAO,KAAK;AAAA,IACX,MAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,IAC3D,MAAM,IAAI,MAAM,2BAA2B,cAAQ,KAAK;AAAA;AAAA,EAG3D,IAAI,CAAC,SAAS,IAAI;AAAA,IACf,MAAM,IAAI,eAAe,qBAAqB,SAAS,QAAQ;AAAA,EAClE;AAAA,EAEA,MAAM,aAAa,IAAI,WAAW,MAAM,SAAS,YAAY,CAAC;AAAA,EAC9D,OAAO,sBAAsB,UAAU;AAAA;AAiB1C,SAAS,qBAAqB,CAC3B,aACA,eACW;AAAA,EACX,MAAM,UAAU,UAAU;AAAA,EAC1B,IAAI,CAAC,SAAS;AAAA,IACX,MAAM,IAAI,eAAe,+BAA+B,eAAe;AAAA,EAC1E;AAAA,EAEA,MAAM,eAAe,UAElB,QAAQ,CAAC,GAET,UAEG,UAAS,KAAI,OAAO,CAAC,GAErB,aAAY,WAAW,CAC1B,GAEA,YAAY,IAAI,CACnB;AAAA,EAEA,OAAO,WAAU,YAAY;AAAA;AAgBhC,SAAS,qBAAqB,CAAC,SAAiC;AAAA,EAC7D,IAAI;AAAA,EACJ,IAAI;AAAA,IACD,OAAO,WAAU,OAAO;AAAA,IACzB,MAAM;AAAA,IACL,MAAM,IAAI,eAAe,2CAA2C;AAAA;AAAA,EAGvE,MAAM,WAAW,KAAK;AAAA,EACtB,IAAI,CAAC,MAAM,QAAQ,QAAQ,KAAK,SAAS,SAAS,GAAG;AAAA,IAClD,MAAM,IAAI,eACP,kDACH;AAAA,EACH;AAAA,EAGA,MAAM,aAAa,SAAS,GAAI;AAAA,EAChC,MAAM,cAAc,WAAW,GAAI;AAAA,EAEnC,MAAM,cAAc,YAAY,YAAY,SAAS;AAAA,EACrD,IAAI,gBAAgB,KAAK,gBAAgB,GAAG;AAAA,IACzC,MAAM,IAAI,eACP,2CAA2C,aAC9C;AAAA,EACH;AAAA,EAGA,IAAI,CAAC,SAAS,IAAI;AAAA,IACf,MAAM,IAAI,eAAe,6CAA6C;AAAA,EACzE;AAAA,EAEA,OAAO,WAAU,SAAS,EAAE;AAAA;AAAA;AAOxB,MAAM,uBAAuB,MAAM;AAAA,EACvC,WAAW,CAAC,SAAiB;AAAA,IAC1B,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAElB;;;AClOA,sBAAS;AAET;AAAA;AAAA;AAAA;AAAA;AAMA;AACA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACXA;AAGA,IAAM,iBAAiB;AAQhB,SAAS,uBAAuB,CACpC,KACA,MACA,YACA,UACA,SAOK;AAAA,EACL,QAAQ,GAAG,OAAO,WAAW;AAAA,EAC7B,MAAM,aAAa,WAAW,eAAe;AAAA,EAC7C,MAAM,eAAe,WAAW,iBAAiB;AAAA,EAGjD,MAAM,IAAI,KAAK,SAAS,WAAW,IAAI;AAAA,EAGvC,KAAK,cAAc;AAAA,IAChB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,aAAa;AAAA,IACb,aAAa;AAAA,EAChB,CAAC;AAAA,EAED,IAAI,SAAS;AAAA,EAGb,IAAI,YAAY;AAAA,IACb,MAAM,UACH,QAAQ,kBACP,MAAM;AAAA,MACJ,MAAM,SAAS,QAAQ,QAAQ,QAAQ;AAAA,MACvC,MAAM,QAAQ,eAAe,QAAQ;AAAA,QAClC,MAAM,QAAQ,QAAQ,QAAQ;AAAA,MACjC,CAAC;AAAA,MACD,OAAO,IAAI,SAAS,KAAK;AAAA,OACzB;AAAA,IAEN,SAAS,KAAK,IAAI,IAAI,SAAS,EAAE;AAAA,IAEjC,KAAK,UAAU,SAAS;AAAA,MACrB,GAAG,IAAI;AAAA,MACP,GAAG,IAAI;AAAA,MACP,OAAO;AAAA,MACP,QAAQ;AAAA,IACX,CAAC;AAAA,EACJ;AAAA,EAGA,IAAI,cAAc;AAAA,IACf,aAAa,MAAM,UAAU;AAAA,MAC1B;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU,SAAS,IAAI,SAAS,KAAK;AAAA,IACxC,CAAC;AAAA,EACJ;AAAA,EAGA,MAAM,WAAW;AAAA,EACjB,MAAM,QAAQ,IAAI,QAAQ,IAAI,SAAS,SAAS;AAAA,EAChD,KAAK,SAAS,UAAU;AAAA,IACrB,GAAG;AAAA,IACH,GAAG,IAAI;AAAA,IACP,MAAM;AAAA,IACN,OAAO;AAAA,EACV,CAAC;AAAA;AAMJ,SAAS,YAAY,CAClB,MACA,UACA,MAOK;AAAA,EACL,MAAM,QAAQ,KAAK,IAAI,KAAK;AAAA,EAC5B,IAAI,QAAQ,KAAK,IAAI,KAAK,SAAS;AAAA,EACnC,MAAM,WAAW;AAAA,EACjB,MAAM,aAAa;AAAA,EAGnB,KAAK,SAAS,yBAAyB;AAAA,IACpC,GAAG;AAAA,IACH,GAAG;AAAA,IACH,MAAM;AAAA,IACN,OAAO;AAAA,EACV,CAAC;AAAA,EACD,SAAS,aAAa;AAAA,EAEtB,IAAI,UAAU;AAAA,IAEX,MAAM,aAAa,SAAS,QAAQ,cAAc;AAAA,IAClD,KAAK,SAAS,kBAAc,cAAc;AAAA,MACvC,GAAG;AAAA,MACH,GAAG;AAAA,MACH,MAAM;AAAA,IACT,CAAC;AAAA,IACD,SAAS;AAAA,IAGT,IAAI,SAAS,QAAQ,cAAc;AAAA,MAChC,KAAK,SAAS,YAAY,SAAS,QAAQ,gBAAgB;AAAA,QACxD,GAAG;AAAA,QACH,GAAG;AAAA,QACH,MAAM;AAAA,MACT,CAAC;AAAA,MACD,SAAS;AAAA,IACZ;AAAA,IAGA,IAAI,SAAS,UAAU,MAAM;AAAA,MAC1B,MAAM,OAAO,WAAW,SAAS,UAAU,IAAI;AAAA,MAC/C,KAAK,SAAS,SAAS,QAAQ;AAAA,QAC5B,GAAG;AAAA,QACH,GAAG;AAAA,QACH,MAAM;AAAA,MACT,CAAC;AAAA,MACD,SAAS;AAAA,IACZ,EAAO,SAAI,SAAS,UAAU,KAAK;AAAA,MAChC,MAAM,MAAM,UAAU,SAAS,UAAU,GAAG;AAAA,MAC5C,KAAK,SAAS,QAAQ,OAAO;AAAA,QAC1B,GAAG;AAAA,QACH,GAAG;AAAA,QACH,MAAM;AAAA,MACT,CAAC;AAAA,MACD,SAAS;AAAA,IACZ;AAAA,IAGA,MAAM,MAAM,IAAI;AAAA,IAChB,MAAM,UAAU,IAAI,mBAAmB,OAAO;AAAA,IAC9C,MAAM,UAAU,IAAI,mBAAmB,OAAO;AAAA,IAC9C,KAAK,SAAS,SAAS,WAAW,WAAW;AAAA,MAC1C,GAAG;AAAA,MACH,GAAG;AAAA,MACH,MAAM;AAAA,IACT,CAAC;AAAA,IACD,SAAS;AAAA,IAGT,KAAK,SAAS,gCAAgC;AAAA,MAC3C,GAAG;AAAA,MACH,GAAG;AAAA,MACH,MAAM;AAAA,IACT,CAAC;AAAA,EACJ,EAAO;AAAA,IAEJ,KAAK,SAAS,sBAAsB;AAAA,MACjC,GAAG;AAAA,MACH,GAAG;AAAA,MACH,MAAM;AAAA,IACT,CAAC;AAAA;AAAA;AAQA,SAAS,uBAAuB,CACpC,KACA,UACA,SACA,UACS;AAAA,EACT,MAAM,SAAS,UAAU,QAAQ;AAAA,EACjC,MAAM,QAAQ,eAAe,QAAQ,EAAE,MAAM,UAAU,QAAQ,IAAI,CAAC;AAAA,EACpE,OAAO,IAAI,SAAS,KAAK;AAAA;AAM5B,SAAS,UAAU,CAAC,MAAsB;AAAA,EACvC,OAAO,KAAK,QAAQ,uCAAuC,gBAAgB;AAAA;AAM9E,SAAS,SAAS,CAAC,KAAqB;AAAA,EACrC,OAAO,IAAI,QAAQ,gCAAgC,aAAa;AAAA;;;AD5JnE,eAAsB,OAAO,CAC1B,KACA,SACoB;AAAA,EAEpB,IAAI;AAAA,EACJ,IAAI,eAAe,gBAAgB;AAAA,IAChC,MAAM,SAAuB,CAAC;AAAA,IAC9B,MAAM,SAAS,IAAI,UAAU;AAAA,IAC7B,IAAI;AAAA,MACD,OAAO,MAAM;AAAA,QACV,QAAQ,MAAM,UAAU,MAAM,OAAO,KAAK;AAAA,QAC1C,IAAI;AAAA,UAAM;AAAA,QACV,IAAI;AAAA,UAAO,OAAO,KAAK,KAAK;AAAA,MAC/B;AAAA,cACD;AAAA,MACC,OAAO,YAAY;AAAA;AAAA,IAEtB,MAAM,cAAc,OAAO,OAAO,CAAC,KAAK,MAAM,MAAM,EAAE,QAAQ,CAAC;AAAA,IAC/D,WAAW,IAAI,WAAW,WAAW;AAAA,IACrC,IAAI,SAAS;AAAA,IACb,WAAW,SAAS,QAAQ;AAAA,MACzB,SAAS,IAAI,OAAO,MAAM;AAAA,MAC1B,UAAU,MAAM;AAAA,IACnB;AAAA,EACH,EAAO;AAAA,IACJ,WAAW;AAAA;AAAA,EAId,MAAM,OAAO,qBAAqB,MAAM,OAAO;AAAA,EAI/C,QAAQ,aAAa,YAAY,UAAU,MAAM,YAC9C,KAAK,YAAY,KACjB,KAAK,YAAY,QACpB;AAAA,EAGA,IAAI,WAAmC;AAAA,EACvC,IAAI;AAAA,IACD,WAAW,iBACR,KAAK,YAAY,KACjB,KAAK,YAAY,QACpB;AAAA,IACD,MAAM;AAAA,EAKR,MAAM,MAAM,QAAQ,QAAQ;AAAA,EAG5B,IAAI;AAAA,EACJ,IAAI;AAAA,EAEJ,IAAI,KAAK,eAAe,QAAQ;AAAA,IAC7B,MAAM,QAAQ;AAAA,IACd,MAAM,SAAS;AAAA,IAGf,MAAM,WAAW,sBAAsB,UAAU;AAAA,MAC9C,YAAY,UAAU,QAAQ,cAAc;AAAA,MAC5C,cAAc,UAAU,QAAQ,gBAAgB;AAAA,MAChD,eAAe;AAAA,MACf;AAAA,MACA;AAAA,IACH,CAAC;AAAA,IAED,MAAM,QAAQ,UAAU,KAAK;AAAA,IAC7B,MAAM,QAAQ,UAAU,KAAK;AAAA,IAG7B,kBAAkB,CAAC;AAAA,IACnB,SAAS,IAAI,EAAG,IAAI,IAAI,WAAW,KAAK;AAAA,MACrC,gBAAgB,KAAK;AAAA,QAClB,GAAG;AAAA,QACH,GAAG;AAAA,QACH;AAAA,QACA;AAAA,QACA,MAAM;AAAA,MACT,CAAC;AAAA,IACJ;AAAA,IAGA,qBAAqB;AAAA,EACxB,EAAO;AAAA,IACJ,qBAAqB,KAAK,eAAe,QAAQ,QAAQ,KAAK;AAAA;AAAA,EAIjE,IAAI,uBAAuB,SAAS,oBAAoB;AAAA,IACrD,MAAM,YAAY,mBAAmB,QAAQ;AAAA,IAE7C,IAAI,YAAY,KAAK,aAAa,IAAI,WAAW;AAAA,MAC9C,MAAM,IAAI,aACP,uBAAuB,sBAAsB,IAAI,kBACpD;AAAA,IACH;AAAA,IAEA,MAAM,OAAO,IAAI,QAAQ,SAAS;AAAA,IAElC,wBAAwB,KAAK,MAAM,oBAAoB,UAAU;AAAA,MAC9D,QAAQ,KAAK;AAAA,MACb,UAAU,KAAK;AAAA,MACf,QAAQ,KAAK;AAAA,MACb,SAAS;AAAA,IACZ,CAAC;AAAA,EACJ;AAAA,EAGA,MAAM,iBAAiB;AAAA,IACpB,GAAI,mBAAmB,CAAC;AAAA,IACxB,GAAI,KAAK,eAAe,CAAC;AAAA,EAC5B;AAAA,EAEA,IAAI,eAAe,SAAS,GAAG;AAAA,IAC5B,MAAM,UAAU,eAAe,KAAK,CAAC,MAAM,EAAE,eAAe,KAAK;AAAA,IACjE,MAAM,gBAAgB,UACjB,wBAAwB,KAAK,UAAU,UAAU,KAAK,MAAM,IAC5D;AAAA,IAEL,WAAW,OAAO,gBAAgB;AAAA,MAC/B,MAAM,YAAY,IAAI,QAAQ;AAAA,MAE9B,IAAI,YAAY,KAAK,aAAa,IAAI,WAAW;AAAA,QAC9C,MAAM,IAAI,aACP,sBAAsB,qCAAqC,IAAI,kBAClE;AAAA,MACH;AAAA,MAEA,MAAM,OAAO,IAAI,QAAQ,SAAS;AAAA,MAElC,wBAAwB,KAAK,MAAM,KAAK,UAAU;AAAA,QAC/C,QAAQ,KAAK;AAAA,QACb,UAAU,KAAK;AAAA,QACf,QAAQ,KAAK;AAAA,QACb,SAAS;AAAA,QACT,eAAe;AAAA,MAClB,CAAC;AAAA,IACJ;AAAA,EACH;AAAA,EAGA,MAAM,aACH,UAAU,QAAQ,cAClB,KAAK,YAAY,QACjB;AAAA,EAKH,MAAM,iBACH,YAAY,SAAS,MAAM,OAAO,CAAC,KAAK,MAAM,MAAM,EAAE,QAAQ,CAAC;AAAA,EAClE,MAAM,kBAAkB,KAAK,IAC1B,OACA,iBAAiB,KAAK,KAAK,SAAS,OAAO,KAAK,IACnD;AAAA,EAIA,MAAM,iBAAiB,qBAChB,mBAAyC,QAAQ,IAClD,KAAK,cAAc,IAAI,QAAQ;AAAA,EAErC,QAAQ,KAAK,uBAAuB,IAAI,oBAAoB;AAAA,IACzD,QAAQ,KAAK,UAAU;AAAA,IACvB,MAAM;AAAA,IACN,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB;AAAA,IACA,kBAAkB,KAAK,oBAAoB;AAAA,IAC3C;AAAA,EACH,CAAC;AAAA,EAGD,QAAQ,cAAc,cAAc,kBAAkB;AAAA,EACtD,MAAM,cAAc,mBAAmB,oBAAoB,SAAS;AAAA,EAKpE,MAAM,0BAA0C,CAAC;AAAA,EAEjD,IAAI,KAAK,WAAW,oBAAoB;AAAA,IAErC,MAAM,YAAY,0BAA0B,WAAW;AAAA,IACvD,wBAAwB,KAAK;AAAA,MAC1B,KAAK,gBAAgB;AAAA,MACrB,QAAQ,CAAC,SAAS;AAAA,IACrB,CAAC;AAAA,IAGD,IAAI;AAAA,MACD,MAAM,YAAY,MAAM,qBAAqB;AAAA,MAC7C,wBAAwB,KAAK;AAAA,QAC1B,KAAK,gBAAgB;AAAA,QACrB,QAAQ,CAAC,SAAS;AAAA,MACrB,CAAC;AAAA,MACF,MAAM;AAAA,EAIX;AAAA,EAGA,MAAM,4BAA4C,CAAC;AAAA,EAGnD,MAAM,aAAa,MAAM,iBAAiB;AAAA,IACvC,SAAS;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,IACA,eAAe;AAAA,IACf,yBACG,wBAAwB,SAAS,IAC5B,0BACA;AAAA,IACR,2BACG,0BAA0B,SAAS,IAC9B,4BACA;AAAA,IACR,UAAU;AAAA,EACb,CAAC;AAAA,EAGD,IAAI,KAAK,aAAa,KAAK,QAAQ;AAAA,IAChC,IAAI;AAAA,MACD,MAAM,UAAU,MAAM,iBACnB,sBAAsB,UAAU,GAChC,KAAK,QACL,UACA;AAAA,QACG,YAAY,KAAK;AAAA,QACjB,YAAY,KAAK;AAAA,QACjB,iBAAiB,KAAK;AAAA,MACzB,CACH;AAAA,MACA,0BAA0B,KAAK;AAAA,QAC5B,KAAK;AAAA,QACL,QAAQ,CAAC,OAAO;AAAA,MACnB,CAAC;AAAA,MACF,OAAO,KAAK;AAAA,MAEX,KAAK,mBAAmB,GAAG;AAAA;AAAA,EAEjC;AAAA,EAGA,MAAM,kBAAkB,uBACrB,YACA,yBACH;AAAA,EAGA,OAAO,eAAe,oBAAoB,eAAe;AAAA;AAgB5D,SAAS,qBAAqB,CAAC,gBAAwC;AAAA,EACpE,MAAM,cAAc,WAAU,cAAc;AAAA,EAC5C,MAAM,iBACF,YAAY,MAAqB,GAAI,MACvC;AAAA,EAEF,MAAM,iBAAkB,eAAe,MAAqB,GAAG,EAAE;AAAA,EACjE,MAAM,aAAc,eAAe,MAAqB;AAAA,EACxD,MAAM,gBAAiB,WAAW,MAAqB;AAAA,EACvD,OAAO,cAAc;AAAA;AAAA;AAOjB,MAAM,qBAAqB,MAAM;AAAA,EACrC,WAAW,CAAC,SAAiB;AAAA,IAC1B,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAElB;",
13
+ "debugId": "21D845BC86F33D9F64756E2164756E21",
14
+ "names": []
15
+ }
package/dist/index.js CHANGED
@@ -13,7 +13,7 @@ import {
13
13
  pdfSignOptionsSchema,
14
14
  requestTimestamp,
15
15
  signPdf
16
- } from "./index-e7qwas47.js";
16
+ } from "./index-cj97mfbz.js";
17
17
 
18
18
  // src/batch.ts
19
19
  async function* signPdfBatch(files, options) {
package/dist/plugins/react/index.js CHANGED
@@ -1,7 +1,7 @@
1
1
  // @bun
2
2
  import {
3
3
  signPdf
4
- } from "../../index-e7qwas47.js";
4
+ } from "../../index-cj97mfbz.js";
5
5
 
6
6
  // src/plugins/react/index.ts
7
7
  import { useCallback, useReducer } from "react";
package/dist/sign-pdf.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sign-pdf.d.ts","sourceRoot":"","sources":["../src/sign-pdf.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AA8BH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEjD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,OAAO,CAC1B,GAAG,EAAE,UAAU,GAAG,cAAc,CAAC,UAAU,CAAC,EAC5C,OAAO,EAAE,cAAc,GACvB,OAAO,CAAC,UAAU,CAAC,CA2PrB;AA+BD,qBAAa,YAAa,SAAQ,KAAK;gBACxB,OAAO,EAAE,MAAM;CAI7B"}
1
+ {"version":3,"file":"sign-pdf.d.ts","sourceRoot":"","sources":["../src/sign-pdf.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AA8BH,OAAO,KAAK,EAAE,cAAc,EAAuB,MAAM,YAAY,CAAC;AAEtE;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,OAAO,CAC1B,GAAG,EAAE,UAAU,GAAG,cAAc,CAAC,UAAU,CAAC,EAC5C,OAAO,EAAE,cAAc,GACvB,OAAO,CAAC,UAAU,CAAC,CA+PrB;AA+BD,qBAAa,YAAa,SAAQ,KAAK;gBACxB,OAAO,EAAE,MAAM;CAI7B"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@f-o-t/e-signature",
3
- "version": "1.3.1",
3
+ "version": "1.4.1",
4
4
  "description": "PAdES PDF signing with ICP-Brasil compliance",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",
@@ -33,7 +33,7 @@
33
33
  "@f-o-t/asn1": "^1.0.0",
34
34
  "@f-o-t/crypto": "^1.3.0",
35
35
  "@f-o-t/digital-certificate": "^2.3.0",
36
- "@f-o-t/pdf": "^0.3.10",
36
+ "@f-o-t/pdf": "^0.4.0",
37
37
  "@f-o-t/qrcode": "^1.0.2",
38
38
  "zod": "^4.3.6"
39
39
  },
package/dist/index-e7qwas47.js.map DELETED
@@ -1,15 +0,0 @@
1
- {
2
- "version": 3,
3
- "sources": ["../src/detect-position.ts", "../src/icp-brasil.ts", "../src/schemas.ts", "../src/timestamp.ts", "../src/sign-pdf.ts", "../src/appearance.ts"],
4
- "sourcesContent": [
5
- "import { PDFReader } from \"@f-o-t/pdf\";\nimport type { DetectedPosition, DetectPositionOptions } from \"./types.ts\";\n\nconst KEYWORD_PATTERNS = [\n \"assinatura\",\n \"assine\",\n \"representante\",\n \"responsável\",\n \"responsavel\",\n \"signatário\",\n \"signatario\",\n];\n\nconst LINE_PATTERN = /_{5,}|-{5,}/;\n\ntype Signal = {\n page: number;\n weight: number;\n position: number; // 0=top, 1=bottom as fraction of page\n};\n\n/**\n * Detect the best position to place a digital signature on a PDF.\n *\n * Uses weighted scoring across three signal types:\n * - Signer name match (weight 3)\n * - Horizontal line patterns (weight 2)\n * - Signature keywords (weight 1)\n *\n * Returns null if the PDF cannot be parsed.\n */\nexport function detectSigningPosition(\n pdfData: Uint8Array,\n options: DetectPositionOptions = {},\n): DetectedPosition | null {\n let pages;\n try {\n const reader = new PDFReader(pdfData);\n const parsed = reader.parse();\n pages = parsed.pages;\n } catch {\n return null;\n }\n\n if (pages.length === 0) return null;\n\n const signals: Signal[] = [];\n const preferredPage =\n options.preferredPage === -1\n ? pages.length - 1\n : (options.preferredPage ?? pages.length - 1);\n\n for (let i = 0; i < pages.length; i++) {\n const page = pages[i]!;\n const text = page.content.toLowerCase();\n\n // Signal 1: Signer name (weight 3)\n if (options.signerName) {\n const name = options.signerName.toLowerCase();\n if (text.includes(name)) {\n const idx = text.indexOf(name);\n const position = text.length > 0 ? idx / text.length : 0.5;\n signals.push({ page: i, weight: 3, position });\n }\n }\n\n // Signal 1b: Organization name (weight 2.5)\n if (options.organization) {\n const org = options.organization.toLowerCase();\n if (text.includes(org)) {\n const idx = text.indexOf(org);\n const position = text.length > 0 ? idx / text.length : 0.5;\n signals.push({ page: i, weight: 2.5, position });\n }\n }\n\n // Signal 2: Line patterns (weight 2)\n if (LINE_PATTERN.test(text)) {\n const idx = text.search(LINE_PATTERN);\n const position = text.length > 0 ? idx / text.length : 0.5;\n signals.push({ page: i, weight: 2, position });\n }\n\n // Signal 3: Keywords (weight 1)\n for (const keyword of KEYWORD_PATTERNS) {\n if (text.includes(keyword)) {\n const idx = text.indexOf(keyword);\n const position = text.length > 0 ? idx / text.length : 0.5;\n signals.push({ page: i, weight: 1, position });\n break;\n }\n }\n }\n\n // No signals: fallback to bottom of last page\n if (signals.length === 0) {\n const lastPage = pages[pages.length - 1]!;\n return {\n page: pages.length - 1,\n x: 50,\n y: lastPage.size.height - 150,\n confidence: 0.1,\n };\n }\n\n // Group signals by page\n const pageScores = new Map<\n number,\n { totalWeight: number; bestPosition: number; bestWeight: number }\n >();\n for (const signal of signals) {\n const existing = pageScores.get(signal.page);\n if (existing) {\n existing.totalWeight += signal.weight;\n if (signal.weight > existing.bestWeight) {\n existing.bestWeight = signal.weight;\n existing.bestPosition = signal.position;\n }\n } else {\n pageScores.set(signal.page, {\n totalWeight: signal.weight,\n bestPosition: signal.position,\n bestWeight: signal.weight,\n });\n }\n }\n\n // Boost preferred page\n const preferredScore = pageScores.get(preferredPage);\n if (preferredScore) {\n preferredScore.totalWeight *= 1.2;\n }\n\n // Pick best page\n let bestPage = preferredPage;\n let bestScore = 0;\n for (const [page, score] of pageScores) {\n if (score.totalWeight > bestScore) {\n bestScore = score.totalWeight;\n bestPage = page;\n }\n }\n\n const pageInfo = pages[bestPage]!;\n const pageScore = pageScores.get(bestPage)!;\n\n // Position above the best match\n const yFraction = pageScore.bestPosition;\n const sigHeight = options.height ?? 120;\n const yFromTop = Math.max(\n 10,\n yFraction * pageInfo.size.height - sigHeight - 20,\n );\n\n const maxWeight = 3 + 2.5 + 2 + 1;\n const confidence = Math.min(1, bestScore / maxWeight);\n\n return {\n page: bestPage,\n x: options.width ? (pageInfo.size.width - options.width) / 2 : 50,\n y: yFromTop,\n confidence,\n };\n}\n",
6
- "/**\n * ICP-Brasil Attributes for PAdES Signatures\n *\n * Implements the id-aa-signingCertificateV2 (RFC 5035) and\n * id-aa-ets-sigPolicyId attributes required by ICP-Brasil.\n *\n * Uses @f-o-t/asn1 for ASN.1 construction and @f-o-t/crypto for hashing.\n */\n\nimport {\n type Asn1Node,\n contextTag,\n decodeDer,\n encodeDer,\n ia5String,\n nullValue,\n octetString,\n oid,\n sequence,\n} from \"@f-o-t/asn1\";\nimport { hash } from \"@f-o-t/crypto\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\n/** SHA-256 Algorithm OID */\nconst SHA256_OID = \"2.16.840.1.101.3.4.2.1\";\n\n/** id-aa-signingCertificateV2 OID (RFC 5035) */\nconst SIGNING_CERTIFICATE_V2_OID = \"1.2.840.113549.1.9.16.2.47\";\n\n/** id-aa-ets-sigPolicyId OID */\nconst SIGNATURE_POLICY_OID = \"1.2.840.113549.1.9.16.2.15\";\n\n/** ICP-Brasil PAdES Policy (PA_PAdES_AD_RB_v1_1) */\nconst POLICY_CONFIG = {\n OID: \"2.16.76.1.7.1.11.1.1\",\n URL: \"http://politicas.icpbrasil.gov.br/PA_PAdES_AD_RB_v1_1.der\",\n} as const;\n\n/** id-spq-ets-uri OID */\nconst SPQ_ETS_URI_OID = \"1.2.840.113549.1.9.16.5.1\";\n\n// ---------------------------------------------------------------------------\n// Cached policy data\n// ---------------------------------------------------------------------------\n\nlet cachedPolicyData: {\n hashAlgOid: string;\n policyHash: Uint8Array;\n} | null = null;\n\n/**\n * Clear the cached signature policy data.\n * Useful for testing or forcing a re-download.\n */\nexport function clearPolicyCache(): void {\n cachedPolicyData = null;\n}\n\n// ---------------------------------------------------------------------------\n// Signing Certificate V2\n// ---------------------------------------------------------------------------\n\n/**\n * Build the id-aa-signingCertificateV2 attribute value (DER-encoded).\n *\n * This attribute links the signature to the specific certificate used to\n * create it, preventing substitution attacks.\n *\n * ASN.1 structure (RFC 5035):\n *\n * SigningCertificateV2 ::= SEQUENCE {\n * certs SEQUENCE OF ESSCertIDv2\n * }\n *\n * ESSCertIDv2 ::= SEQUENCE {\n * hashAlgorithm AlgorithmIdentifier DEFAULT {algorithm id-sha256},\n * certHash Hash,\n * issuerSerial IssuerSerial OPTIONAL\n * }\n *\n * IssuerSerial ::= SEQUENCE {\n * issuer GeneralNames,\n * serialNumber CertificateSerialNumber\n * }\n *\n * @param certDer - DER-encoded X.509 certificate\n * @returns DER-encoded SigningCertificateV2 value\n */\nexport function buildSigningCertificateV2(certDer: Uint8Array): Uint8Array {\n // 1. Hash the DER certificate with SHA-256\n const certHash = hash(\"sha256\", certDer);\n\n // 2. Build AlgorithmIdentifier for SHA-256\n const hashAlgId = sequence(oid(SHA256_OID), nullValue());\n\n // 3. Extract issuer and serial number from the certificate\n const cert = decodeDer(certDer);\n const tbsCert = (cert.value as Asn1Node[])[0]!;\n const tbs = tbsCert.value as Asn1Node[];\n\n // version is [0] EXPLICIT, so tbs[0] may be version context tag\n let idx = 0;\n if (tbs[0]!.class === \"context\" && tbs[0]!.tag === 0) {\n idx = 1;\n }\n\n const serialNumber = tbs[idx]!; // INTEGER\n const issuerName = tbs[idx + 2]!; // Name SEQUENCE\n\n // 4. Build IssuerSerial\n // IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber INTEGER }\n // GeneralNames ::= SEQUENCE OF GeneralName\n // GeneralName ::= directoryName [4] Name\n const generalName = contextTag(4, [issuerName]);\n const generalNames = sequence(generalName);\n const issuerSerial = sequence(generalNames, serialNumber);\n\n // 5. Build ESSCertIDv2\n const essCertIdV2 = sequence(hashAlgId, octetString(certHash), issuerSerial);\n\n // 6. Build SigningCertificateV2\n const signingCertV2 = sequence(\n // certs SEQUENCE OF ESSCertIDv2\n sequence(essCertIdV2),\n );\n\n return encodeDer(signingCertV2);\n}\n\n// ---------------------------------------------------------------------------\n// Signature Policy\n// ---------------------------------------------------------------------------\n\n/**\n * Download and parse the ICP-Brasil signature policy DER file.\n * Extracts the embedded signPolicyHash from the ASN.1 structure.\n */\nasync function downloadAndParsePolicyDocument(): Promise<{\n hashAlgOid: string;\n policyHash: Uint8Array;\n}> {\n if (cachedPolicyData) {\n return cachedPolicyData;\n }\n\n const response = await fetch(POLICY_CONFIG.URL, {\n signal: AbortSignal.timeout(10000),\n });\n\n if (!response.ok) {\n throw new SignaturePolicyError(\n `Failed to download signature policy: HTTP ${response.status}`,\n );\n }\n\n const arrayBuffer = await response.arrayBuffer();\n const data = new Uint8Array(arrayBuffer);\n\n if (data.length === 0 || data[0] !== 0x30) {\n throw new SignaturePolicyError(\"Invalid DER format in policy document\");\n }\n\n // Parse the ASN.1 structure:\n // SignaturePolicy ::= SEQUENCE {\n // signPolicyHashAlg AlgorithmIdentifier,\n // signPolicyInfo SignaturePolicyInfo,\n // signPolicyHash OCTET STRING\n // }\n const asn1 = decodeDer(data);\n const children = asn1.value as Asn1Node[];\n\n if (!Array.isArray(children) || children.length < 3) {\n throw new SignaturePolicyError(\n `Unexpected policy structure: expected 3+ children, got ${children?.length}`,\n );\n }\n\n // Child[0] = AlgorithmIdentifier\n const algIdChildren = children[0]!.value as Asn1Node[];\n if (!Array.isArray(algIdChildren) || algIdChildren.length === 0) {\n throw new SignaturePolicyError(\"Invalid AlgorithmIdentifier in policy\");\n }\n\n const { bytesToOid } = await import(\"@f-o-t/asn1\");\n const hashAlgOid = bytesToOid(algIdChildren[0]!.value as Uint8Array);\n\n // Child[2] = signPolicyHash (OCTET STRING)\n const hashNode = children[2]!;\n if (hashNode.tag !== 0x04) {\n throw new SignaturePolicyError(\n `Expected OCTET STRING at child[2], got tag 0x${hashNode.tag.toString(16)}`,\n );\n }\n\n cachedPolicyData = {\n hashAlgOid,\n policyHash: hashNode.value as Uint8Array,\n };\n\n return cachedPolicyData;\n}\n\n/**\n * Build the id-aa-ets-sigPolicyId attribute value (DER-encoded).\n *\n * Downloads the ICP-Brasil PAdES signature policy and extracts the\n * embedded signPolicyHash to build the attribute.\n *\n * @returns DER-encoded SignaturePolicyIdentifier value\n */\nexport async function buildSignaturePolicy(): Promise<Uint8Array> {\n const { hashAlgOid, policyHash } = await downloadAndParsePolicyDocument();\n\n // AlgorithmIdentifier for hash (no NULL — matches policy encoding)\n const hashAlgId = sequence(oid(hashAlgOid));\n\n // SigPolicyHash (OtherHashAlgAndValue)\n const sigPolicyHash = sequence(hashAlgId, octetString(policyHash));\n\n // SigPolicyQualifiers with policy URL\n const sigPolicyQualifiers = sequence(\n sequence(\n // id-spq-ets-uri\n oid(SPQ_ETS_URI_OID),\n // Policy URL as IA5String\n ia5String(POLICY_CONFIG.URL),\n ),\n );\n\n // SignaturePolicyId\n const signaturePolicyId = sequence(\n // sigPolicyId (policy OID)\n oid(POLICY_CONFIG.OID),\n // sigPolicyHash\n sigPolicyHash,\n // sigPolicyQualifiers\n sigPolicyQualifiers,\n );\n\n return encodeDer(signaturePolicyId);\n}\n\n/**\n * Attribute OID constants for external use\n */\nexport const ICP_BRASIL_OIDS = {\n signingCertificateV2: SIGNING_CERTIFICATE_V2_OID,\n signaturePolicy: SIGNATURE_POLICY_OID,\n} as const;\n\n// ---------------------------------------------------------------------------\n// Errors\n// ---------------------------------------------------------------------------\n\nexport class SignaturePolicyError extends Error {\n constructor(message: string) {\n super(message);\n this.name = \"SignaturePolicyError\";\n }\n}\n",
7
- "/**\n * Zod schemas for input validation\n */\n\nimport { z } from \"zod\";\n\nconst signatureAppearanceSchema = z.object({\n x: z.number(),\n y: z.number(),\n width: z.number().positive(),\n height: z.number().positive(),\n page: z.number().int().min(0).optional(),\n showQrCode: z.boolean().optional(),\n showCertInfo: z.boolean().optional(),\n});\n\nconst qrCodeConfigSchema = z.object({\n data: z.string().optional(),\n size: z.number().int().positive().optional(),\n});\n\nexport const pdfSignOptionsSchema = z.object({\n certificate: z.object({\n p12: z.instanceof(Uint8Array).refine((v) => v.length > 0, {\n message: \"P12 data must not be empty\",\n }),\n password: z.string(),\n name: z.string().optional(),\n }),\n reason: z.string().optional(),\n location: z.string().optional(),\n contactInfo: z.string().optional(),\n policy: z.enum([\"pades-ades\", \"pades-icp-brasil\"]).optional(),\n timestamp: z.boolean().optional(),\n tsaUrl: z.string().url().optional(),\n tsaTimeout: z.number().positive().optional(),\n tsaRetries: z.number().int().min(0).optional(),\n tsaFallbackUrls: z.array(z.string().url()).optional(),\n onTimestampError: z\n .function({ input: z.tuple([z.unknown()]), output: z.void() })\n .optional(),\n appearance: z\n .union([signatureAppearanceSchema, z.literal(\"auto\"), z.literal(false)])\n .optional(),\n appearances: z.array(signatureAppearanceSchema).optional(),\n qrCode: qrCodeConfigSchema.optional(),\n docMdpPermission: z\n .union([z.literal(1), z.literal(2), z.literal(3)])\n .optional(),\n});\n",
8
- "/**\n * RFC 3161 Timestamp Client\n *\n * Requests trusted timestamps from TSA servers using native fetch.\n * Builds the TimeStampReq using @f-o-t/asn1 instead of forge.\n */\n\nimport {\n type Asn1Node,\n boolean as asn1Boolean,\n decodeDer,\n encodeDer,\n integer,\n octetString,\n oid,\n sequence,\n} from \"@f-o-t/asn1\";\nimport { hash } from \"@f-o-t/crypto\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\n/** Well-known hash algorithm OIDs */\nconst HASH_OIDS: Record<string, string> = {\n sha256: \"2.16.840.1.101.3.4.2.1\",\n sha384: \"2.16.840.1.101.3.4.2.2\",\n sha512: \"2.16.840.1.101.3.4.2.3\",\n};\n\n/** ICP-Brasil Approved Timestamp Servers */\nexport const TIMESTAMP_SERVERS = {\n VALID: \"http://timestamp.valid.com.br/tsa\",\n SAFEWEB: \"http://tsa.safeweb.com.br/tsa/tsa\",\n CERTISIGN: \"http://timestamp.certisign.com.br\",\n} as const;\n\n/** id-smime-aa-timeStampToken OID */\nexport const TIMESTAMP_TOKEN_OID = \"1.2.840.113549.1.9.16.2.14\";\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\n/**\n * Request a timestamp from a TSA server with retry and fallback support.\n *\n * @param dataToTimestamp - The data to timestamp (usually the signature value)\n * @param tsaUrl - URL of the primary timestamp server\n * @param hashAlgorithm - Hash algorithm to use (default: \"sha256\")\n * @param options - Resilience options (timeout, retries, fallback URLs)\n * @returns DER-encoded TimeStampToken\n */\nexport async function requestTimestamp(\n dataToTimestamp: Uint8Array,\n tsaUrl: string,\n hashAlgorithm: \"sha256\" | \"sha384\" | \"sha512\" = \"sha256\",\n options?: {\n tsaTimeout?: number;\n tsaRetries?: number;\n tsaFallbackUrls?: string[];\n },\n): Promise<Uint8Array> {\n // 1. Hash the data\n const messageHash = hash(hashAlgorithm, dataToTimestamp);\n\n // 2. Build TimeStampReq\n const timestampReq = buildTimestampRequest(messageHash, hashAlgorithm);\n\n const tsaTimeout = options?.tsaTimeout ?? 10000;\n const tsaRetries = options?.tsaRetries ?? 0;\n const tsaFallbackUrls = options?.tsaFallbackUrls ?? [];\n\n let lastError: Error | undefined;\n\n // 3. Try primary server: 1 initial attempt + tsaRetries retries\n for (let attempt = 1; attempt <= 1 + tsaRetries; attempt++) {\n if (attempt > 1) {\n await sleep(2 ** (attempt - 2) * 1000);\n }\n try {\n return await fetchTimestamp(tsaUrl, timestampReq, tsaTimeout);\n } catch (err) {\n lastError = err instanceof Error ? err : new Error(String(err));\n }\n }\n\n // 4. Try fallback servers (one attempt each, no delay)\n for (const fallbackUrl of tsaFallbackUrls) {\n try {\n return await fetchTimestamp(fallbackUrl, timestampReq, tsaTimeout);\n } catch (err) {\n lastError = err instanceof Error ? err : new Error(String(err));\n }\n }\n\n // 5. All servers failed\n const fallbackList =\n tsaFallbackUrls.length > 0\n ? `, fallbacks: [${tsaFallbackUrls.join(\", \")}]`\n : \"\";\n throw new TimestampError(\n `TSA request failed: all servers unreachable (primary: ${tsaUrl}${fallbackList}). Last error: ${lastError?.message ?? \"unknown\"}`,\n );\n}\n\n// ---------------------------------------------------------------------------\n// Internal\n// ---------------------------------------------------------------------------\n\nfunction sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\n/**\n * Perform a single TSA fetch attempt, wrapping network errors with a descriptive message.\n */\nasync function fetchTimestamp(\n url: string,\n timestampReq: Uint8Array,\n timeoutMs: number,\n): Promise<Uint8Array> {\n let response: Response;\n try {\n response = await fetch(url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/timestamp-query\",\n },\n body: timestampReq as unknown as BodyInit,\n signal: AbortSignal.timeout(timeoutMs),\n });\n } catch (err) {\n const msg = err instanceof Error ? err.message : String(err);\n throw new Error(`TSA server unreachable: ${url} — ${msg}`);\n }\n\n if (!response.ok) {\n throw new TimestampError(`TSA returned HTTP ${response.status}`);\n }\n\n const respBuffer = new Uint8Array(await response.arrayBuffer());\n return extractTimestampToken(respBuffer);\n}\n\n/**\n * Build a TimeStampReq (RFC 3161) as DER bytes.\n *\n * TimeStampReq ::= SEQUENCE {\n * version INTEGER { v1(1) },\n * messageImprint MessageImprint,\n * certReq BOOLEAN DEFAULT FALSE\n * }\n *\n * MessageImprint ::= SEQUENCE {\n * hashAlgorithm AlgorithmIdentifier,\n * hashedMessage OCTET STRING\n * }\n */\nfunction buildTimestampRequest(\n messageHash: Uint8Array,\n hashAlgorithm: string,\n): Uint8Array {\n const hashOid = HASH_OIDS[hashAlgorithm];\n if (!hashOid) {\n throw new TimestampError(`Unsupported hash algorithm: ${hashAlgorithm}`);\n }\n\n const timestampReq = sequence(\n // version = 1\n integer(1),\n // messageImprint\n sequence(\n // hashAlgorithm AlgorithmIdentifier\n sequence(oid(hashOid)),\n // hashedMessage OCTET STRING\n octetString(messageHash),\n ),\n // certReq = TRUE (request certificate in response)\n asn1Boolean(true),\n );\n\n return encodeDer(timestampReq);\n}\n\n/**\n * Extract the TimeStampToken from a TimeStampResp.\n *\n * TimeStampResp ::= SEQUENCE {\n * status PKIStatusInfo,\n * timeStampToken TimeStampToken OPTIONAL\n * }\n *\n * PKIStatusInfo ::= SEQUENCE {\n * status PKIStatus, -- INTEGER\n * ...\n * }\n */\nfunction extractTimestampToken(respDer: Uint8Array): Uint8Array {\n let resp: Asn1Node;\n try {\n resp = decodeDer(respDer);\n } catch {\n throw new TimestampError(\"Invalid timestamp response: not valid DER\");\n }\n\n const children = resp.value as Asn1Node[];\n if (!Array.isArray(children) || children.length < 1) {\n throw new TimestampError(\n \"Invalid timestamp response: unexpected structure\",\n );\n }\n\n // Check status\n const statusInfo = children[0]!.value as Asn1Node[];\n const statusBytes = statusInfo[0]!.value as Uint8Array;\n // Status 0 = granted, 1 = grantedWithMods\n const statusValue = statusBytes[statusBytes.length - 1]!;\n if (statusValue !== 0 && statusValue !== 1) {\n throw new TimestampError(\n `Timestamp request rejected with status: ${statusValue}`,\n );\n }\n\n // Extract token (second child)\n if (!children[1]) {\n throw new TimestampError(\"Timestamp response does not contain a token\");\n }\n\n return encodeDer(children[1]);\n}\n\n// ---------------------------------------------------------------------------\n// Errors\n// ---------------------------------------------------------------------------\n\nexport class TimestampError extends Error {\n constructor(message: string) {\n super(message);\n this.name = \"TimestampError\";\n }\n}\n",
9
- "/**\n * PDF Signing — Main Entry Point\n *\n * Signs a PDF document using PAdES format with optional ICP-Brasil compliance.\n *\n * Flow:\n * 1. Parse certificate for display info\n * 2. Load PDF and draw visual appearance\n * 3. Save PDF with signature placeholder\n * 4. Find byte range and extract bytes to sign\n * 5. Build CMS/PKCS#7 SignedData with ICP-Brasil attributes\n * 6. Embed signature into PDF\n */\n\nimport type { Asn1Node } from \"@f-o-t/asn1\";\nimport { decodeDer } from \"@f-o-t/asn1\";\nimport type { CmsAttribute } from \"@f-o-t/crypto\";\nimport {\n appendUnauthAttributes,\n createSignedData,\n parsePkcs12,\n} from \"@f-o-t/crypto\";\nimport type { CertificateInfo } from \"@f-o-t/digital-certificate\";\nimport { parseCertificate } from \"@f-o-t/digital-certificate\";\nimport {\n embedSignature,\n extractBytesToSign,\n findByteRange,\n loadPdf,\n} from \"@f-o-t/pdf/plugins/editing\";\nimport {\n drawSignatureAppearance,\n precomputeSharedQrImage,\n} from \"./appearance.ts\";\nimport { detectSigningPosition } from \"./detect-position.ts\";\nimport {\n buildSignaturePolicy,\n buildSigningCertificateV2,\n ICP_BRASIL_OIDS,\n} from \"./icp-brasil.ts\";\nimport { pdfSignOptionsSchema } from \"./schemas.ts\";\nimport { requestTimestamp, TIMESTAMP_TOKEN_OID } from \"./timestamp.ts\";\nimport type { PdfSignOptions } from \"./types.ts\";\n\n/**\n * Sign a PDF document with a digital certificate.\n *\n * Supports PAdES-BES and PAdES with ICP-Brasil compliance\n * (signing-certificate-v2 and signature-policy attributes).\n *\n * @param pdf - The PDF document as a Uint8Array or ReadableStream<Uint8Array>\n * @param options - Signing options\n * @returns The signed PDF as a Uint8Array\n *\n * @example\n * ```ts\n * const signedPdf = await signPdf(pdfBytes, {\n * certificate: { p12, password: \"secret\" },\n * reason: \"Document approval\",\n * location: \"Corporate Office\",\n * policy: \"pades-icp-brasil\",\n * });\n * ```\n */\nexport async function signPdf(\n pdf: Uint8Array | ReadableStream<Uint8Array>,\n options: PdfSignOptions,\n): Promise<Uint8Array> {\n // Accumulate ReadableStream into Uint8Array if needed\n let pdfBytes: Uint8Array;\n if (pdf instanceof ReadableStream) {\n const chunks: Uint8Array[] = [];\n const reader = pdf.getReader();\n try {\n while (true) {\n const { done, value } = await reader.read();\n if (done) break;\n if (value) chunks.push(value);\n }\n } finally {\n reader.releaseLock();\n }\n const totalLength = chunks.reduce((sum, c) => sum + c.length, 0);\n pdfBytes = new Uint8Array(totalLength);\n let offset = 0;\n for (const chunk of chunks) {\n pdfBytes.set(chunk, offset);\n offset += chunk.length;\n }\n } else {\n pdfBytes = pdf;\n }\n\n // Validate input\n const opts = pdfSignOptionsSchema.parse(options);\n\n // 1. Parse PKCS#12 early — needed both for display info and for sizing the\n // signature placeholder accurately based on the actual certificate chain length.\n const { certificate, privateKey, chain } = await parsePkcs12(\n opts.certificate.p12,\n opts.certificate.password,\n );\n\n // 1b. Parse certificate for rich display info (CPF/CNPJ, subject CN, etc.)\n let certInfo: CertificateInfo | null = null;\n try {\n certInfo = parseCertificate(\n opts.certificate.p12,\n opts.certificate.password,\n );\n } catch {\n // If parsing fails, continue without cert info for display\n }\n\n // 2. Load PDF via editing plugin\n const doc = loadPdf(pdfBytes);\n\n // Resolve \"auto\" appearance via position detection\n let resolvedAppearance = opts.appearance as\n | Exclude<typeof opts.appearance, \"auto\">\n | undefined;\n if (opts.appearance === \"auto\") {\n const detected = detectSigningPosition(pdfBytes, {\n signerName: certInfo?.subject.commonName ?? undefined,\n organization: certInfo?.subject.organization ?? undefined,\n preferredPage: -1,\n width: 350,\n height: 120,\n });\n\n if (detected) {\n resolvedAppearance = {\n x: detected.x,\n y: detected.y,\n width: 350,\n height: 120,\n page: detected.page,\n };\n } else {\n // Fallback: bottom of first page\n resolvedAppearance = {\n x: 50,\n y: 700,\n width: 350,\n height: 120,\n page: 0,\n };\n }\n } else {\n resolvedAppearance = opts.appearance === false ? false : opts.appearance;\n }\n\n // 3. Draw visual signature appearance if requested\n if (resolvedAppearance !== false && resolvedAppearance) {\n const pageIndex = resolvedAppearance.page ?? 0;\n\n if (pageIndex < 0 || pageIndex >= doc.pageCount) {\n throw new PdfSignError(\n `Invalid page index: ${pageIndex}. PDF has ${doc.pageCount} pages.`,\n );\n }\n\n const page = doc.getPage(pageIndex);\n\n drawSignatureAppearance(doc, page, resolvedAppearance, certInfo, {\n reason: opts.reason,\n location: opts.location,\n qrCode: opts.qrCode,\n pdfData: pdfBytes,\n });\n }\n\n // 3b. Draw multiple visual signature appearances if provided\n if (opts.appearances && opts.appearances.length > 0) {\n // Pre-embed the QR image once so all appearances share a single PDF XObject.\n // This collapses N embedPng calls (and N IDAT buffer allocations) into 1.\n const needsQr = opts.appearances.some((a) => a.showQrCode !== false);\n // Pre-embed the QR once. Safe to pass to all appearances — drawSignatureAppearance\n // ignores it when showQrCode is false (inner guard in appearance.ts).\n const sharedQrImage = needsQr\n ? precomputeSharedQrImage(doc, certInfo, pdfBytes, opts.qrCode)\n : undefined;\n\n for (const app of opts.appearances) {\n const pageIndex = app.page ?? 0;\n\n if (pageIndex < 0 || pageIndex >= doc.pageCount) {\n throw new PdfSignError(\n `Invalid page index ${pageIndex} in appearances. PDF has ${doc.pageCount} pages.`,\n );\n }\n\n const page = doc.getPage(pageIndex);\n\n drawSignatureAppearance(doc, page, app, certInfo, {\n reason: opts.reason,\n location: opts.location,\n qrCode: opts.qrCode,\n pdfData: pdfBytes,\n preEmbeddedQr: sharedQrImage,\n });\n }\n }\n\n // 4. Save with signature placeholder\n const signerName =\n certInfo?.subject.commonName ||\n opts.certificate.name ||\n \"Digital Signature\";\n\n // Dynamic placeholder size: base 8 KB + 2× actual cert chain + 4 KB for a\n // timestamp token (if configured). Prevents \"Signature too large\" failures for\n // certificates with long chains (5+ certs) or large RSA keys.\n const certChainBytes =\n certificate.length + chain.reduce((sum, c) => sum + c.length, 0);\n const signatureLength = Math.max(\n 16384,\n certChainBytes * 2 + (opts.tsaUrl ? 4096 : 0) + 8192,\n );\n\n // Which page hosts the widget annotation — must match the visual appearance\n // page so PDF readers navigate to the right page when a signature is clicked.\n const appearancePage = resolvedAppearance\n ? ((resolvedAppearance as { page?: number }).page ?? 0)\n : (opts.appearances?.[0]?.page ?? 0);\n\n const { pdf: pdfWithPlaceholder } = doc.saveWithPlaceholder({\n reason: opts.reason || \"Digitally signed\",\n name: signerName,\n location: opts.location,\n contactInfo: opts.contactInfo,\n signatureLength,\n docMdpPermission: opts.docMdpPermission ?? 2,\n appearancePage,\n });\n\n // 5. Find byte range and extract bytes to sign\n const { byteRange } = findByteRange(pdfWithPlaceholder);\n const bytesToSign = extractBytesToSign(pdfWithPlaceholder, byteRange);\n\n // 6. Cryptographic material already parsed in step 1\n\n // 7. Build ICP-Brasil authenticated attributes if needed\n const authenticatedAttributes: CmsAttribute[] = [];\n\n if (opts.policy === \"pades-icp-brasil\") {\n // signing-certificate-v2\n const sigCertV2 = buildSigningCertificateV2(certificate);\n authenticatedAttributes.push({\n oid: ICP_BRASIL_OIDS.signingCertificateV2,\n values: [sigCertV2],\n });\n\n // signature-policy\n try {\n const sigPolicy = await buildSignaturePolicy();\n authenticatedAttributes.push({\n oid: ICP_BRASIL_OIDS.signaturePolicy,\n values: [sigPolicy],\n });\n } catch {\n // Policy download failure is non-fatal\n // The signature will still be valid PAdES-BES\n }\n }\n\n // 8. Build unauthenticated attributes\n const unauthenticatedAttributes: CmsAttribute[] = [];\n\n // 9. Create CMS/PKCS#7 SignedData\n const signedData = await createSignedData({\n content: bytesToSign,\n certificate,\n privateKey,\n chain,\n hashAlgorithm: \"sha256\",\n authenticatedAttributes:\n authenticatedAttributes.length > 0\n ? authenticatedAttributes\n : undefined,\n unauthenticatedAttributes:\n unauthenticatedAttributes.length > 0\n ? unauthenticatedAttributes\n : undefined,\n detached: true,\n });\n\n // 10. Optionally request timestamp and embed as unauthenticated attribute\n if (opts.timestamp && opts.tsaUrl) {\n try {\n const tsToken = await requestTimestamp(\n extractSignatureValue(signedData),\n opts.tsaUrl,\n \"sha256\",\n {\n tsaTimeout: opts.tsaTimeout,\n tsaRetries: opts.tsaRetries,\n tsaFallbackUrls: opts.tsaFallbackUrls,\n },\n );\n unauthenticatedAttributes.push({\n oid: TIMESTAMP_TOKEN_OID,\n values: [tsToken],\n });\n } catch (err) {\n // Timestamp failure is non-fatal\n opts.onTimestampError?.(err);\n }\n }\n\n // 11. Patch timestamp token into SignedData as unauthenticated attribute (no re-signing)\n const finalSignedData = appendUnauthAttributes(\n signedData,\n unauthenticatedAttributes,\n );\n\n // 12. Embed signature into PDF\n return embedSignature(pdfWithPlaceholder, finalSignedData);\n}\n\n// ---------------------------------------------------------------------------\n// Internal helpers\n// ---------------------------------------------------------------------------\n\n/**\n * Extract the raw signature value bytes from a DER-encoded CMS ContentInfo.\n *\n * Per CAdES (ETSI EN 319 122-1) / RFC 5126 §5.5.1, the id-smime-aa-timeStampToken\n * attribute must be a timestamp over the SignerInfo.signature octets, not the\n * full ContentInfo blob.\n *\n * ContentInfo → [0] EXPLICIT → SignedData → signerInfos[0] → signature OCTET STRING\n */\nfunction extractSignatureValue(contentInfoDer: Uint8Array): Uint8Array {\n const contentInfo = decodeDer(contentInfoDer);\n const signedDataNode = (\n (contentInfo.value as Asn1Node[])[1]!.value as Asn1Node[]\n )[0]!;\n // signerInfos is always the last child of SignedData per RFC 5652\n const signerInfosSet = (signedDataNode.value as Asn1Node[]).at(-1)!;\n const signerInfo = (signerInfosSet.value as Asn1Node[])[0]!;\n const signatureNode = (signerInfo.value as Asn1Node[])[5]!;\n return signatureNode.value as Uint8Array;\n}\n\n// ---------------------------------------------------------------------------\n// Errors\n// ---------------------------------------------------------------------------\n\nexport class PdfSignError extends Error {\n constructor(message: string) {\n super(message);\n this.name = \"PdfSignError\";\n }\n}\n",
10
- "/**\n * Visual Signature Appearance\n *\n * Draws certificate information and QR code on the PDF page\n * following the ICP-Brasil standard visual signature layout.\n */\n\nimport type { CertificateInfo } from \"@f-o-t/digital-certificate\";\nimport type {\n PdfDocument,\n PdfImage,\n PdfPage,\n} from \"@f-o-t/pdf/plugins/editing\";\nimport { generateQrCode } from \"@f-o-t/qrcode\";\nimport type { QrCodeConfig, SignatureAppearance } from \"./types.ts\";\n\nconst VALIDATION_URL = \"https://validar.iti.gov.br\";\n\n/**\n * Draw the visual signature appearance on a PDF page.\n *\n * Includes optional QR code and certificate information text\n * inside a bordered rectangle following ICP-Brasil layout.\n */\nexport function drawSignatureAppearance(\n doc: PdfDocument,\n page: PdfPage,\n appearance: SignatureAppearance,\n certInfo: CertificateInfo | null,\n options: {\n reason?: string;\n location?: string;\n qrCode?: QrCodeConfig;\n pdfData: Uint8Array;\n preEmbeddedQr?: PdfImage;\n },\n): void {\n const { x, width, height } = appearance;\n const showQrCode = appearance.showQrCode !== false;\n const showCertInfo = appearance.showCertInfo !== false;\n\n // Convert from top-left origin (user-facing) to PDF bottom-left origin.\n const y = page.height - appearance.y - height;\n\n // Draw bordered rectangle around the signature area\n page.drawRectangle({\n x,\n y,\n width,\n height,\n borderColor: \"#C0C0C0\",\n borderWidth: 1,\n });\n\n let qrSize = 0;\n\n // Draw QR code if requested (enabled by default)\n if (showQrCode) {\n const qrImage =\n options.preEmbeddedQr ??\n (() => {\n const qrData = options.qrCode?.data ?? VALIDATION_URL;\n const qrPng = generateQrCode(qrData, {\n size: options.qrCode?.size ?? 100,\n });\n return doc.embedPng(qrPng);\n })();\n\n qrSize = Math.min(100, height - 20);\n\n page.drawImage(qrImage, {\n x: x + 10,\n y: y + 10,\n width: qrSize,\n height: qrSize,\n });\n }\n\n // Draw certificate info text\n if (showCertInfo) {\n drawCertInfo(page, certInfo, {\n x,\n y,\n width,\n height,\n qrOffset: qrSize > 0 ? qrSize + 20 : 10,\n });\n }\n\n // Reference link below the box\n const linkText = \"validar.iti.gov.br\";\n const linkX = x + width / 2 - linkText.length * 2.5;\n page.drawText(linkText, {\n x: linkX,\n y: y - 12,\n size: 8,\n color: \"#888888\",\n });\n}\n\n/**\n * Draw certificate information text on the page following ICP-Brasil layout.\n */\nfunction drawCertInfo(\n page: PdfPage,\n certInfo: CertificateInfo | null,\n opts: {\n x: number;\n y: number;\n width: number;\n height: number;\n qrOffset: number;\n },\n): void {\n const textX = opts.x + opts.qrOffset;\n let textY = opts.y + opts.height - 20;\n const fontSize = 10;\n const lineHeight = 14;\n\n // Green header\n page.drawText(\"ASSINADO DIGITALMENTE\", {\n x: textX,\n y: textY,\n size: 12,\n color: \"#008000\",\n });\n textY -= lineHeight * 1.5;\n\n if (certInfo) {\n // Signer name\n const signerName = certInfo.subject.commonName || \"N/A\";\n page.drawText(`Signatário: ${signerName}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n\n // Organization (if available)\n if (certInfo.subject.organization) {\n page.drawText(`Empresa: ${certInfo.subject.organization}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n }\n\n // CNPJ or CPF\n if (certInfo.brazilian.cnpj) {\n const cnpj = formatCnpj(certInfo.brazilian.cnpj);\n page.drawText(`CNPJ: ${cnpj}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n } else if (certInfo.brazilian.cpf) {\n const cpf = formatCpf(certInfo.brazilian.cpf);\n page.drawText(`CPF: ${cpf}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n }\n\n // Date and time\n const now = new Date();\n const dateStr = now.toLocaleDateString(\"pt-BR\");\n const timeStr = now.toLocaleTimeString(\"pt-BR\");\n page.drawText(`Data: ${dateStr} ${timeStr}`, {\n x: textX,\n y: textY,\n size: fontSize,\n });\n textY -= lineHeight;\n\n // Certificate type\n page.drawText(\"Certificado: ICP-Brasil (A1)\", {\n x: textX,\n y: textY,\n size: fontSize,\n });\n } else {\n // Fallback if cert info not available\n page.drawText(\"Assinatura Digital\", {\n x: textX,\n y: textY,\n size: fontSize,\n });\n }\n}\n\n/**\n * Pre-compute the QR code image and embed it once into the PDF document.\n * Call this before an appearances loop so all appearances share a single XObject.\n */\nexport function precomputeSharedQrImage(\n doc: PdfDocument,\n certInfo: CertificateInfo | null,\n pdfData: Uint8Array,\n qrConfig?: QrCodeConfig,\n): PdfImage {\n const qrData = qrConfig?.data ?? VALIDATION_URL;\n const qrPng = generateQrCode(qrData, { size: qrConfig?.size ?? 100 });\n return doc.embedPng(qrPng);\n}\n\n/**\n * Format a CNPJ number with punctuation\n */\nfunction formatCnpj(cnpj: string): string {\n return cnpj.replace(/(\\d{2})(\\d{3})(\\d{3})(\\d{4})(\\d{2})/, \"$1.$2.$3/$4-$5\");\n}\n\n/**\n * Format a CPF number with punctuation\n */\nfunction formatCpf(cpf: string): string {\n return cpf.replace(/(\\d{3})(\\d{3})(\\d{3})(\\d{2})/, \"$1.$2.$3-$4\");\n}\n"
11
- ],
12
- "mappings": ";;;;AAAA;AAGA,IAAM,mBAAmB;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACH;AAEA,IAAM,eAAe;AAkBd,SAAS,qBAAqB,CAClC,SACA,UAAiC,CAAC,GACV;AAAA,EACxB,IAAI;AAAA,EACJ,IAAI;AAAA,IACD,MAAM,SAAS,IAAI,UAAU,OAAO;AAAA,IACpC,MAAM,SAAS,OAAO,MAAM;AAAA,IAC5B,QAAQ,OAAO;AAAA,IAChB,MAAM;AAAA,IACL,OAAO;AAAA;AAAA,EAGV,IAAI,MAAM,WAAW;AAAA,IAAG,OAAO;AAAA,EAE/B,MAAM,UAAoB,CAAC;AAAA,EAC3B,MAAM,gBACH,QAAQ,kBAAkB,KACrB,MAAM,SAAS,IACd,QAAQ,iBAAiB,MAAM,SAAS;AAAA,EAEjD,SAAS,IAAI,EAAG,IAAI,MAAM,QAAQ,KAAK;AAAA,IACpC,MAAM,OAAO,MAAM;AAAA,IACnB,MAAM,OAAO,KAAK,QAAQ,YAAY;AAAA,IAGtC,IAAI,QAAQ,YAAY;AAAA,MACrB,MAAM,OAAO,QAAQ,WAAW,YAAY;AAAA,MAC5C,IAAI,KAAK,SAAS,IAAI,GAAG;AAAA,QACtB,MAAM,MAAM,KAAK,QAAQ,IAAI;AAAA,QAC7B,MAAM,WAAW,KAAK,SAAS,IAAI,MAAM,KAAK,SAAS;AAAA,QACvD,QAAQ,KAAK,EAAE,MAAM,GAAG,QAAQ,GAAG,SAAS,CAAC;AAAA,MAChD;AAAA,IACH;AAAA,IAGA,IAAI,QAAQ,cAAc;AAAA,MACvB,MAAM,MAAM,QAAQ,aAAa,YAAY;AAAA,MAC7C,IAAI,KAAK,SAAS,GAAG,GAAG;AAAA,QACrB,MAAM,MAAM,KAAK,QAAQ,GAAG;AAAA,QAC5B,MAAM,WAAW,KAAK,SAAS,IAAI,MAAM,KAAK,SAAS;AAAA,QACvD,QAAQ,KAAK,EAAE,MAAM,GAAG,QAAQ,KAAK,SAAS,CAAC;AAAA,MAClD;AAAA,IACH;AAAA,IAGA,IAAI,aAAa,KAAK,IAAI,GAAG;AAAA,MAC1B,MAAM,MAAM,KAAK,OAAO,YAAY;AAAA,MACpC,MAAM,WAAW,KAAK,SAAS,IAAI,MAAM,KAAK,SAAS;AAAA,MACvD,QAAQ,KAAK,EAAE,MAAM,GAAG,QAAQ,GAAG,SAAS,CAAC;AAAA,IAChD;AAAA,IAGA,WAAW,WAAW,kBAAkB;AAAA,MACrC,IAAI,KAAK,SAAS,OAAO,GAAG;AAAA,QACzB,MAAM,MAAM,KAAK,QAAQ,OAAO;AAAA,QAChC,MAAM,WAAW,KAAK,SAAS,IAAI,MAAM,KAAK,SAAS;AAAA,QACvD,QAAQ,KAAK,EAAE,MAAM,GAAG,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC7C;AAAA,MACH;AAAA,IACH;AAAA,EACH;AAAA,EAGA,IAAI,QAAQ,WAAW,GAAG;AAAA,IACvB,MAAM,WAAW,MAAM,MAAM,SAAS;AAAA,IACtC,OAAO;AAAA,MACJ,MAAM,MAAM,SAAS;AAAA,MACrB,GAAG;AAAA,MACH,GAAG,SAAS,KAAK,SAAS;AAAA,MAC1B,YAAY;AAAA,IACf;AAAA,EACH;AAAA,EAGA,MAAM,aAAa,IAAI;AAAA,EAIvB,WAAW,UAAU,SAAS;AAAA,IAC3B,MAAM,WAAW,WAAW,IAAI,OAAO,IAAI;AAAA,IAC3C,IAAI,UAAU;AAAA,MACX,SAAS,eAAe,OAAO;AAAA,MAC/B,IAAI,OAAO,SAAS,SAAS,YAAY;AAAA,QACtC,SAAS,aAAa,OAAO;AAAA,QAC7B,SAAS,eAAe,OAAO;AAAA,MAClC;AAAA,IACH,EAAO;AAAA,MACJ,WAAW,IAAI,OAAO,MAAM;AAAA,QACzB,aAAa,OAAO;AAAA,QACpB,cAAc,OAAO;AAAA,QACrB,YAAY,OAAO;AAAA,MACtB,CAAC;AAAA;AAAA,EAEP;AAAA,EAGA,MAAM,iBAAiB,WAAW,IAAI,aAAa;AAAA,EACnD,IAAI,gBAAgB;AAAA,IACjB,eAAe,eAAe;AAAA,EACjC;AAAA,EAGA,IAAI,WAAW;AAAA,EACf,IAAI,YAAY;AAAA,EAChB,YAAY,MAAM,UAAU,YAAY;AAAA,IACrC,IAAI,MAAM,cAAc,WAAW;AAAA,MAChC,YAAY,MAAM;AAAA,MAClB,WAAW;AAAA,IACd;AAAA,EACH;AAAA,EAEA,MAAM,WAAW,MAAM;AAAA,EACvB,MAAM,YAAY,WAAW,IAAI,QAAQ;AAAA,EAGzC,MAAM,YAAY,UAAU;AAAA,EAC5B,MAAM,YAAY,QAAQ,UAAU;AAAA,EACpC,MAAM,WAAW,KAAK,IACnB,IACA,YAAY,SAAS,KAAK,SAAS,YAAY,EAClD;AAAA,EAEA,MAAM,YAAY,IAAI,MAAM,IAAI;AAAA,EAChC,MAAM,aAAa,KAAK,IAAI,GAAG,YAAY,SAAS;AAAA,EAEpD,OAAO;AAAA,IACJ,MAAM;AAAA,IACN,GAAG,QAAQ,SAAS,SAAS,KAAK,QAAQ,QAAQ,SAAS,IAAI;AAAA,IAC/D,GAAG;AAAA,IACH;AAAA,EACH;AAAA;;;ACzJH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAWA;AAOA,IAAM,aAAa;AAGnB,IAAM,6BAA6B;AAGnC,IAAM,uBAAuB;AAG7B,IAAM,gBAAgB;AAAA,EACnB,KAAK;AAAA,EACL,KAAK;AACR;AAGA,IAAM,kBAAkB;AAMxB,IAAI,mBAGO;AAMJ,SAAS,gBAAgB,GAAS;AAAA,EACtC,mBAAmB;AAAA;AAiCf,SAAS,yBAAyB,CAAC,SAAiC;AAAA,EAExE,MAAM,WAAW,KAAK,UAAU,OAAO;AAAA,EAGvC,MAAM,YAAY,SAAS,IAAI,UAAU,GAAG,UAAU,CAAC;AAAA,EAGvD,MAAM,OAAO,UAAU,OAAO;AAAA,EAC9B,MAAM,UAAW,KAAK,MAAqB;AAAA,EAC3C,MAAM,MAAM,QAAQ;AAAA,EAGpB,IAAI,MAAM;AAAA,EACV,IAAI,IAAI,GAAI,UAAU,aAAa,IAAI,GAAI,QAAQ,GAAG;AAAA,IACnD,MAAM;AAAA,EACT;AAAA,EAEA,MAAM,eAAe,IAAI;AAAA,EACzB,MAAM,aAAa,IAAI,MAAM;AAAA,EAM7B,MAAM,cAAc,WAAW,GAAG,CAAC,UAAU,CAAC;AAAA,EAC9C,MAAM,eAAe,SAAS,WAAW;AAAA,EACzC,MAAM,eAAe,SAAS,cAAc,YAAY;AAAA,EAGxD,MAAM,cAAc,SAAS,WAAW,YAAY,QAAQ,GAAG,YAAY;AAAA,EAG3E,MAAM,gBAAgB,SAEnB,SAAS,WAAW,CACvB;AAAA,EAEA,OAAO,UAAU,aAAa;AAAA;AAWjC,eAAe,8BAA8B,GAG1C;AAAA,EACA,IAAI,kBAAkB;AAAA,IACnB,OAAO;AAAA,EACV;AAAA,EAEA,MAAM,WAAW,MAAM,MAAM,cAAc,KAAK;AAAA,IAC7C,QAAQ,YAAY,QAAQ,GAAK;AAAA,EACpC,CAAC;AAAA,EAED,IAAI,CAAC,SAAS,IAAI;AAAA,IACf,MAAM,IAAI,qBACP,6CAA6C,SAAS,QACzD;AAAA,EACH;AAAA,EAEA,MAAM,cAAc,MAAM,SAAS,YAAY;AAAA,EAC/C,MAAM,OAAO,IAAI,WAAW,WAAW;AAAA,EAEvC,IAAI,KAAK,WAAW,KAAK,KAAK,OAAO,IAAM;AAAA,IACxC,MAAM,IAAI,qBAAqB,uCAAuC;AAAA,EACzE;AAAA,EAQA,MAAM,OAAO,UAAU,IAAI;AAAA,EAC3B,MAAM,WAAW,KAAK;AAAA,EAEtB,IAAI,CAAC,MAAM,QAAQ,QAAQ,KAAK,SAAS,SAAS,GAAG;AAAA,IAClD,MAAM,IAAI,qBACP,0DAA0D,UAAU,QACvE;AAAA,EACH;AAAA,EAGA,MAAM,gBAAgB,SAAS,GAAI;AAAA,EACnC,IAAI,CAAC,MAAM,QAAQ,aAAa,KAAK,cAAc,WAAW,GAAG;AAAA,IAC9D,MAAM,IAAI,qBAAqB,uCAAuC;AAAA,EACzE;AAAA,EAEA,QAAQ,eAAe,MAAa;AAAA,EACpC,MAAM,aAAa,WAAW,cAAc,GAAI,KAAmB;AAAA,EAGnE,MAAM,WAAW,SAAS;AAAA,EAC1B,IAAI,SAAS,QAAQ,GAAM;AAAA,IACxB,MAAM,IAAI,qBACP,gDAAgD,SAAS,IAAI,SAAS,EAAE,GAC3E;AAAA,EACH;AAAA,EAEA,mBAAmB;AAAA,IAChB;AAAA,IACA,YAAY,SAAS;AAAA,EACxB;AAAA,EAEA,OAAO;AAAA;AAWV,eAAsB,oBAAoB,GAAwB;AAAA,EAC/D,QAAQ,YAAY,eAAe,MAAM,+BAA+B;AAAA,EAGxE,MAAM,YAAY,SAAS,IAAI,UAAU,CAAC;AAAA,EAG1C,MAAM,gBAAgB,SAAS,WAAW,YAAY,UAAU,CAAC;AAAA,EAGjE,MAAM,sBAAsB,SACzB,SAEG,IAAI,eAAe,GAEnB,UAAU,cAAc,GAAG,CAC9B,CACH;AAAA,EAGA,MAAM,oBAAoB,SAEvB,IAAI,cAAc,GAAG,GAErB,eAEA,mBACH;AAAA,EAEA,OAAO,UAAU,iBAAiB;AAAA;AAM9B,IAAM,kBAAkB;AAAA,EAC5B,sBAAsB;AAAA,EACtB,iBAAiB;AACpB;AAAA;AAMO,MAAM,6BAA6B,MAAM;AAAA,EAC7C,WAAW,CAAC,SAAiB;AAAA,IAC1B,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAElB;;;AClQA;AAEA,IAAM,4BAA4B,EAAE,OAAO;AAAA,EACxC,GAAG,EAAE,OAAO;AAAA,EACZ,GAAG,EAAE,OAAO;AAAA,EACZ,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACvC,YAAY,EAAE,QAAQ,EAAE,SAAS;AAAA,EACjC,cAAc,EAAE,QAAQ,EAAE,SAAS;AACtC,CAAC;AAED,IAAM,qBAAqB,EAAE,OAAO;AAAA,EACjC,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC1B,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAC9C,CAAC;AAEM,IAAM,uBAAuB,EAAE,OAAO;AAAA,EAC1C,aAAa,EAAE,OAAO;AAAA,IACnB,KAAK,EAAE,WAAW,UAAU,EAAE,OAAO,CAAC,MAAM,EAAE,SAAS,GAAG;AAAA,MACvD,SAAS;AAAA,IACZ,CAAC;AAAA,IACD,UAAU,EAAE,OAAO;AAAA,IACnB,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,CAAC;AAAA,EACD,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,aAAa,EAAE,OAAO,EAAE,SAAS;AAAA,EACjC,QAAQ,EAAE,KAAK,CAAC,cAAc,kBAAkB,CAAC,EAAE,SAAS;AAAA,EAC5D,WAAW,EAAE,QAAQ,EAAE,SAAS;AAAA,EAChC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EAClC,YAAY,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC3C,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EAC7C,iBAAiB,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS;AAAA,EACpD,kBAAkB,EACd,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC,GAAG,QAAQ,EAAE,KAAK,EAAE,CAAC,EAC5D,SAAS;AAAA,EACb,YAAY,EACR,MAAM,CAAC,2BAA2B,EAAE,QAAQ,MAAM,GAAG,EAAE,QAAQ,KAAK,CAAC,CAAC,EACtE,SAAS;AAAA,EACb,aAAa,EAAE,MAAM,yBAAyB,EAAE,SAAS;AAAA,EACzD,QAAQ,mBAAmB,SAAS;AAAA,EACpC,kBAAkB,EACd,MAAM,CAAC,EAAE,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,EAChD,SAAS;AAChB,CAAC;;;AC1CD;AAAA,aAEG;AAAA,eACA;AAAA,eACA;AAAA;AAAA,iBAEA;AAAA,SACA;AAAA,cACA;AAAA;AAEH,iBAAS;AAOT,IAAM,YAAoC;AAAA,EACvC,QAAQ;AAAA,EACR,QAAQ;AAAA,EACR,QAAQ;AACX;AAGO,IAAM,oBAAoB;AAAA,EAC9B,OAAO;AAAA,EACP,SAAS;AAAA,EACT,WAAW;AACd;AAGO,IAAM,sBAAsB;AAenC,eAAsB,gBAAgB,CACnC,iBACA,QACA,gBAAgD,UAChD,SAKoB;AAAA,EAEpB,MAAM,cAAc,MAAK,eAAe,eAAe;AAAA,EAGvD,MAAM,eAAe,sBAAsB,aAAa,aAAa;AAAA,EAErE,MAAM,aAAa,SAAS,cAAc;AAAA,EAC1C,MAAM,aAAa,SAAS,cAAc;AAAA,EAC1C,MAAM,kBAAkB,SAAS,mBAAmB,CAAC;AAAA,EAErD,IAAI;AAAA,EAGJ,SAAS,UAAU,EAAG,WAAW,IAAI,YAAY,WAAW;AAAA,IACzD,IAAI,UAAU,GAAG;AAAA,MACd,MAAM,MAAM,MAAM,UAAU,KAAK,IAAI;AAAA,IACxC;AAAA,IACA,IAAI;AAAA,MACD,OAAO,MAAM,eAAe,QAAQ,cAAc,UAAU;AAAA,MAC7D,OAAO,KAAK;AAAA,MACX,YAAY,eAAe,QAAQ,MAAM,IAAI,MAAM,OAAO,GAAG,CAAC;AAAA;AAAA,EAEpE;AAAA,EAGA,WAAW,eAAe,iBAAiB;AAAA,IACxC,IAAI;AAAA,MACD,OAAO,MAAM,eAAe,aAAa,cAAc,UAAU;AAAA,MAClE,OAAO,KAAK;AAAA,MACX,YAAY,eAAe,QAAQ,MAAM,IAAI,MAAM,OAAO,GAAG,CAAC;AAAA;AAAA,EAEpE;AAAA,EAGA,MAAM,eACH,gBAAgB,SAAS,IACpB,iBAAiB,gBAAgB,KAAK,IAAI,OAC1C;AAAA,EACR,MAAM,IAAI,eACP,yDAAyD,SAAS,8BAA8B,WAAW,WAAW,WACzH;AAAA;AAOH,SAAS,KAAK,CAAC,IAA2B;AAAA,EACvC,OAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AAAA;AAM1D,eAAe,cAAc,CAC1B,KACA,cACA,WACoB;AAAA,EACpB,IAAI;AAAA,EACJ,IAAI;AAAA,IACD,WAAW,MAAM,MAAM,KAAK;AAAA,MACzB,QAAQ;AAAA,MACR,SAAS;AAAA,QACN,gBAAgB;AAAA,MACnB;AAAA,MACA,MAAM;AAAA,MACN,QAAQ,YAAY,QAAQ,SAAS;AAAA,IACxC,CAAC;AAAA,IACF,OAAO,KAAK;AAAA,IACX,MAAM,MAAM,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,IAC3D,MAAM,IAAI,MAAM,2BAA2B,cAAQ,KAAK;AAAA;AAAA,EAG3D,IAAI,CAAC,SAAS,IAAI;AAAA,IACf,MAAM,IAAI,eAAe,qBAAqB,SAAS,QAAQ;AAAA,EAClE;AAAA,EAEA,MAAM,aAAa,IAAI,WAAW,MAAM,SAAS,YAAY,CAAC;AAAA,EAC9D,OAAO,sBAAsB,UAAU;AAAA;AAiB1C,SAAS,qBAAqB,CAC3B,aACA,eACW;AAAA,EACX,MAAM,UAAU,UAAU;AAAA,EAC1B,IAAI,CAAC,SAAS;AAAA,IACX,MAAM,IAAI,eAAe,+BAA+B,eAAe;AAAA,EAC1E;AAAA,EAEA,MAAM,eAAe,UAElB,QAAQ,CAAC,GAET,UAEG,UAAS,KAAI,OAAO,CAAC,GAErB,aAAY,WAAW,CAC1B,GAEA,YAAY,IAAI,CACnB;AAAA,EAEA,OAAO,WAAU,YAAY;AAAA;AAgBhC,SAAS,qBAAqB,CAAC,SAAiC;AAAA,EAC7D,IAAI;AAAA,EACJ,IAAI;AAAA,IACD,OAAO,WAAU,OAAO;AAAA,IACzB,MAAM;AAAA,IACL,MAAM,IAAI,eAAe,2CAA2C;AAAA;AAAA,EAGvE,MAAM,WAAW,KAAK;AAAA,EACtB,IAAI,CAAC,MAAM,QAAQ,QAAQ,KAAK,SAAS,SAAS,GAAG;AAAA,IAClD,MAAM,IAAI,eACP,kDACH;AAAA,EACH;AAAA,EAGA,MAAM,aAAa,SAAS,GAAI;AAAA,EAChC,MAAM,cAAc,WAAW,GAAI;AAAA,EAEnC,MAAM,cAAc,YAAY,YAAY,SAAS;AAAA,EACrD,IAAI,gBAAgB,KAAK,gBAAgB,GAAG;AAAA,IACzC,MAAM,IAAI,eACP,2CAA2C,aAC9C;AAAA,EACH;AAAA,EAGA,IAAI,CAAC,SAAS,IAAI;AAAA,IACf,MAAM,IAAI,eAAe,6CAA6C;AAAA,EACzE;AAAA,EAEA,OAAO,WAAU,SAAS,EAAE;AAAA;AAAA;AAOxB,MAAM,uBAAuB,MAAM;AAAA,EACvC,WAAW,CAAC,SAAiB;AAAA,IAC1B,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAElB;;;AClOA,sBAAS;AAET;AAAA;AAAA;AAAA;AAAA;AAMA;AACA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACXA;AAGA,IAAM,iBAAiB;AAQhB,SAAS,uBAAuB,CACpC,KACA,MACA,YACA,UACA,SAOK;AAAA,EACL,QAAQ,GAAG,OAAO,WAAW;AAAA,EAC7B,MAAM,aAAa,WAAW,eAAe;AAAA,EAC7C,MAAM,eAAe,WAAW,iBAAiB;AAAA,EAGjD,MAAM,IAAI,KAAK,SAAS,WAAW,IAAI;AAAA,EAGvC,KAAK,cAAc;AAAA,IAChB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,aAAa;AAAA,IACb,aAAa;AAAA,EAChB,CAAC;AAAA,EAED,IAAI,SAAS;AAAA,EAGb,IAAI,YAAY;AAAA,IACb,MAAM,UACH,QAAQ,kBACP,MAAM;AAAA,MACJ,MAAM,SAAS,QAAQ,QAAQ,QAAQ;AAAA,MACvC,MAAM,QAAQ,eAAe,QAAQ;AAAA,QAClC,MAAM,QAAQ,QAAQ,QAAQ;AAAA,MACjC,CAAC;AAAA,MACD,OAAO,IAAI,SAAS,KAAK;AAAA,OACzB;AAAA,IAEN,SAAS,KAAK,IAAI,KAAK,SAAS,EAAE;AAAA,IAElC,KAAK,UAAU,SAAS;AAAA,MACrB,GAAG,IAAI;AAAA,MACP,GAAG,IAAI;AAAA,MACP,OAAO;AAAA,MACP,QAAQ;AAAA,IACX,CAAC;AAAA,EACJ;AAAA,EAGA,IAAI,cAAc;AAAA,IACf,aAAa,MAAM,UAAU;AAAA,MAC1B;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU,SAAS,IAAI,SAAS,KAAK;AAAA,IACxC,CAAC;AAAA,EACJ;AAAA,EAGA,MAAM,WAAW;AAAA,EACjB,MAAM,QAAQ,IAAI,QAAQ,IAAI,SAAS,SAAS;AAAA,EAChD,KAAK,SAAS,UAAU;AAAA,IACrB,GAAG;AAAA,IACH,GAAG,IAAI;AAAA,IACP,MAAM;AAAA,IACN,OAAO;AAAA,EACV,CAAC;AAAA;AAMJ,SAAS,YAAY,CAClB,MACA,UACA,MAOK;AAAA,EACL,MAAM,QAAQ,KAAK,IAAI,KAAK;AAAA,EAC5B,IAAI,QAAQ,KAAK,IAAI,KAAK,SAAS;AAAA,EACnC,MAAM,WAAW;AAAA,EACjB,MAAM,aAAa;AAAA,EAGnB,KAAK,SAAS,yBAAyB;AAAA,IACpC,GAAG;AAAA,IACH,GAAG;AAAA,IACH,MAAM;AAAA,IACN,OAAO;AAAA,EACV,CAAC;AAAA,EACD,SAAS,aAAa;AAAA,EAEtB,IAAI,UAAU;AAAA,IAEX,MAAM,aAAa,SAAS,QAAQ,cAAc;AAAA,IAClD,KAAK,SAAS,kBAAc,cAAc;AAAA,MACvC,GAAG;AAAA,MACH,GAAG;AAAA,MACH,MAAM;AAAA,IACT,CAAC;AAAA,IACD,SAAS;AAAA,IAGT,IAAI,SAAS,QAAQ,cAAc;AAAA,MAChC,KAAK,SAAS,YAAY,SAAS,QAAQ,gBAAgB;AAAA,QACxD,GAAG;AAAA,QACH,GAAG;AAAA,QACH,MAAM;AAAA,MACT,CAAC;AAAA,MACD,SAAS;AAAA,IACZ;AAAA,IAGA,IAAI,SAAS,UAAU,MAAM;AAAA,MAC1B,MAAM,OAAO,WAAW,SAAS,UAAU,IAAI;AAAA,MAC/C,KAAK,SAAS,SAAS,QAAQ;AAAA,QAC5B,GAAG;AAAA,QACH,GAAG;AAAA,QACH,MAAM;AAAA,MACT,CAAC;AAAA,MACD,SAAS;AAAA,IACZ,EAAO,SAAI,SAAS,UAAU,KAAK;AAAA,MAChC,MAAM,MAAM,UAAU,SAAS,UAAU,GAAG;AAAA,MAC5C,KAAK,SAAS,QAAQ,OAAO;AAAA,QAC1B,GAAG;AAAA,QACH,GAAG;AAAA,QACH,MAAM;AAAA,MACT,CAAC;AAAA,MACD,SAAS;AAAA,IACZ;AAAA,IAGA,MAAM,MAAM,IAAI;AAAA,IAChB,MAAM,UAAU,IAAI,mBAAmB,OAAO;AAAA,IAC9C,MAAM,UAAU,IAAI,mBAAmB,OAAO;AAAA,IAC9C,KAAK,SAAS,SAAS,WAAW,WAAW;AAAA,MAC1C,GAAG;AAAA,MACH,GAAG;AAAA,MACH,MAAM;AAAA,IACT,CAAC;AAAA,IACD,SAAS;AAAA,IAGT,KAAK,SAAS,gCAAgC;AAAA,MAC3C,GAAG;AAAA,MACH,GAAG;AAAA,MACH,MAAM;AAAA,IACT,CAAC;AAAA,EACJ,EAAO;AAAA,IAEJ,KAAK,SAAS,sBAAsB;AAAA,MACjC,GAAG;AAAA,MACH,GAAG;AAAA,MACH,MAAM;AAAA,IACT,CAAC;AAAA;AAAA;AAQA,SAAS,uBAAuB,CACpC,KACA,UACA,SACA,UACS;AAAA,EACT,MAAM,SAAS,UAAU,QAAQ;AAAA,EACjC,MAAM,QAAQ,eAAe,QAAQ,EAAE,MAAM,UAAU,QAAQ,IAAI,CAAC;AAAA,EACpE,OAAO,IAAI,SAAS,KAAK;AAAA;AAM5B,SAAS,UAAU,CAAC,MAAsB;AAAA,EACvC,OAAO,KAAK,QAAQ,uCAAuC,gBAAgB;AAAA;AAM9E,SAAS,SAAS,CAAC,KAAqB;AAAA,EACrC,OAAO,IAAI,QAAQ,gCAAgC,aAAa;AAAA;;;AD5JnE,eAAsB,OAAO,CAC1B,KACA,SACoB;AAAA,EAEpB,IAAI;AAAA,EACJ,IAAI,eAAe,gBAAgB;AAAA,IAChC,MAAM,SAAuB,CAAC;AAAA,IAC9B,MAAM,SAAS,IAAI,UAAU;AAAA,IAC7B,IAAI;AAAA,MACD,OAAO,MAAM;AAAA,QACV,QAAQ,MAAM,UAAU,MAAM,OAAO,KAAK;AAAA,QAC1C,IAAI;AAAA,UAAM;AAAA,QACV,IAAI;AAAA,UAAO,OAAO,KAAK,KAAK;AAAA,MAC/B;AAAA,cACD;AAAA,MACC,OAAO,YAAY;AAAA;AAAA,IAEtB,MAAM,cAAc,OAAO,OAAO,CAAC,KAAK,MAAM,MAAM,EAAE,QAAQ,CAAC;AAAA,IAC/D,WAAW,IAAI,WAAW,WAAW;AAAA,IACrC,IAAI,SAAS;AAAA,IACb,WAAW,SAAS,QAAQ;AAAA,MACzB,SAAS,IAAI,OAAO,MAAM;AAAA,MAC1B,UAAU,MAAM;AAAA,IACnB;AAAA,EACH,EAAO;AAAA,IACJ,WAAW;AAAA;AAAA,EAId,MAAM,OAAO,qBAAqB,MAAM,OAAO;AAAA,EAI/C,QAAQ,aAAa,YAAY,UAAU,MAAM,YAC9C,KAAK,YAAY,KACjB,KAAK,YAAY,QACpB;AAAA,EAGA,IAAI,WAAmC;AAAA,EACvC,IAAI;AAAA,IACD,WAAW,iBACR,KAAK,YAAY,KACjB,KAAK,YAAY,QACpB;AAAA,IACD,MAAM;AAAA,EAKR,MAAM,MAAM,QAAQ,QAAQ;AAAA,EAG5B,IAAI,qBAAqB,KAAK;AAAA,EAG9B,IAAI,KAAK,eAAe,QAAQ;AAAA,IAC7B,MAAM,WAAW,sBAAsB,UAAU;AAAA,MAC9C,YAAY,UAAU,QAAQ,cAAc;AAAA,MAC5C,cAAc,UAAU,QAAQ,gBAAgB;AAAA,MAChD,eAAe;AAAA,MACf,OAAO;AAAA,MACP,QAAQ;AAAA,IACX,CAAC;AAAA,IAED,IAAI,UAAU;AAAA,MACX,qBAAqB;AAAA,QAClB,GAAG,SAAS;AAAA,QACZ,GAAG,SAAS;AAAA,QACZ,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,MAAM,SAAS;AAAA,MAClB;AAAA,IACH,EAAO;AAAA,MAEJ,qBAAqB;AAAA,QAClB,GAAG;AAAA,QACH,GAAG;AAAA,QACH,OAAO;AAAA,QACP,QAAQ;AAAA,QACR,MAAM;AAAA,MACT;AAAA;AAAA,EAEN,EAAO;AAAA,IACJ,qBAAqB,KAAK,eAAe,QAAQ,QAAQ,KAAK;AAAA;AAAA,EAIjE,IAAI,uBAAuB,SAAS,oBAAoB;AAAA,IACrD,MAAM,YAAY,mBAAmB,QAAQ;AAAA,IAE7C,IAAI,YAAY,KAAK,aAAa,IAAI,WAAW;AAAA,MAC9C,MAAM,IAAI,aACP,uBAAuB,sBAAsB,IAAI,kBACpD;AAAA,IACH;AAAA,IAEA,MAAM,OAAO,IAAI,QAAQ,SAAS;AAAA,IAElC,wBAAwB,KAAK,MAAM,oBAAoB,UAAU;AAAA,MAC9D,QAAQ,KAAK;AAAA,MACb,UAAU,KAAK;AAAA,MACf,QAAQ,KAAK;AAAA,MACb,SAAS;AAAA,IACZ,CAAC;AAAA,EACJ;AAAA,EAGA,IAAI,KAAK,eAAe,KAAK,YAAY,SAAS,GAAG;AAAA,IAGlD,MAAM,UAAU,KAAK,YAAY,KAAK,CAAC,MAAM,EAAE,eAAe,KAAK;AAAA,IAGnE,MAAM,gBAAgB,UACjB,wBAAwB,KAAK,UAAU,UAAU,KAAK,MAAM,IAC5D;AAAA,IAEL,WAAW,OAAO,KAAK,aAAa;AAAA,MACjC,MAAM,YAAY,IAAI,QAAQ;AAAA,MAE9B,IAAI,YAAY,KAAK,aAAa,IAAI,WAAW;AAAA,QAC9C,MAAM,IAAI,aACP,sBAAsB,qCAAqC,IAAI,kBAClE;AAAA,MACH;AAAA,MAEA,MAAM,OAAO,IAAI,QAAQ,SAAS;AAAA,MAElC,wBAAwB,KAAK,MAAM,KAAK,UAAU;AAAA,QAC/C,QAAQ,KAAK;AAAA,QACb,UAAU,KAAK;AAAA,QACf,QAAQ,KAAK;AAAA,QACb,SAAS;AAAA,QACT,eAAe;AAAA,MAClB,CAAC;AAAA,IACJ;AAAA,EACH;AAAA,EAGA,MAAM,aACH,UAAU,QAAQ,cAClB,KAAK,YAAY,QACjB;AAAA,EAKH,MAAM,iBACH,YAAY,SAAS,MAAM,OAAO,CAAC,KAAK,MAAM,MAAM,EAAE,QAAQ,CAAC;AAAA,EAClE,MAAM,kBAAkB,KAAK,IAC1B,OACA,iBAAiB,KAAK,KAAK,SAAS,OAAO,KAAK,IACnD;AAAA,EAIA,MAAM,iBAAiB,qBAChB,mBAAyC,QAAQ,IAClD,KAAK,cAAc,IAAI,QAAQ;AAAA,EAErC,QAAQ,KAAK,uBAAuB,IAAI,oBAAoB;AAAA,IACzD,QAAQ,KAAK,UAAU;AAAA,IACvB,MAAM;AAAA,IACN,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB;AAAA,IACA,kBAAkB,KAAK,oBAAoB;AAAA,IAC3C;AAAA,EACH,CAAC;AAAA,EAGD,QAAQ,cAAc,cAAc,kBAAkB;AAAA,EACtD,MAAM,cAAc,mBAAmB,oBAAoB,SAAS;AAAA,EAKpE,MAAM,0BAA0C,CAAC;AAAA,EAEjD,IAAI,KAAK,WAAW,oBAAoB;AAAA,IAErC,MAAM,YAAY,0BAA0B,WAAW;AAAA,IACvD,wBAAwB,KAAK;AAAA,MAC1B,KAAK,gBAAgB;AAAA,MACrB,QAAQ,CAAC,SAAS;AAAA,IACrB,CAAC;AAAA,IAGD,IAAI;AAAA,MACD,MAAM,YAAY,MAAM,qBAAqB;AAAA,MAC7C,wBAAwB,KAAK;AAAA,QAC1B,KAAK,gBAAgB;AAAA,QACrB,QAAQ,CAAC,SAAS;AAAA,MACrB,CAAC;AAAA,MACF,MAAM;AAAA,EAIX;AAAA,EAGA,MAAM,4BAA4C,CAAC;AAAA,EAGnD,MAAM,aAAa,MAAM,iBAAiB;AAAA,IACvC,SAAS;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,IACA,eAAe;AAAA,IACf,yBACG,wBAAwB,SAAS,IAC5B,0BACA;AAAA,IACR,2BACG,0BAA0B,SAAS,IAC9B,4BACA;AAAA,IACR,UAAU;AAAA,EACb,CAAC;AAAA,EAGD,IAAI,KAAK,aAAa,KAAK,QAAQ;AAAA,IAChC,IAAI;AAAA,MACD,MAAM,UAAU,MAAM,iBACnB,sBAAsB,UAAU,GAChC,KAAK,QACL,UACA;AAAA,QACG,YAAY,KAAK;AAAA,QACjB,YAAY,KAAK;AAAA,QACjB,iBAAiB,KAAK;AAAA,MACzB,CACH;AAAA,MACA,0BAA0B,KAAK;AAAA,QAC5B,KAAK;AAAA,QACL,QAAQ,CAAC,OAAO;AAAA,MACnB,CAAC;AAAA,MACF,OAAO,KAAK;AAAA,MAEX,KAAK,mBAAmB,GAAG;AAAA;AAAA,EAEjC;AAAA,EAGA,MAAM,kBAAkB,uBACrB,YACA,yBACH;AAAA,EAGA,OAAO,eAAe,oBAAoB,eAAe;AAAA;AAgB5D,SAAS,qBAAqB,CAAC,gBAAwC;AAAA,EACpE,MAAM,cAAc,WAAU,cAAc;AAAA,EAC5C,MAAM,iBACF,YAAY,MAAqB,GAAI,MACvC;AAAA,EAEF,MAAM,iBAAkB,eAAe,MAAqB,GAAG,EAAE;AAAA,EACjE,MAAM,aAAc,eAAe,MAAqB;AAAA,EACxD,MAAM,gBAAiB,WAAW,MAAqB;AAAA,EACvD,OAAO,cAAc;AAAA;AAAA;AAOjB,MAAM,qBAAqB,MAAM;AAAA,EACrC,WAAW,CAAC,SAAiB;AAAA,IAC1B,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAElB;",
13
- "debugId": "7527099A32B0EC4564756E2164756E21",
14
- "names": []
15
- }