@gjsify/crypto 0.3.16 → 0.3.18

package/lib/esm/scrypt.js

@@ -1,135 +1 @@
-import { pbkdf2Sync } from "./pbkdf2.js";
-import { Buffer } from "node:buffer";
-
-//#region src/scrypt.ts
-function R(a, b) {
-	return (a << b | a >>> 32 - b) >>> 0;
-}
-function salsa20_8(B) {
-	const x = new Uint32Array(16);
-	for (let i = 0; i < 16; i++) x[i] = B[i];
-	for (let i = 0; i < 4; i++) {
-		x[4] ^= R(x[0] + x[12], 7);
-		x[8] ^= R(x[4] + x[0], 9);
-		x[12] ^= R(x[8] + x[4], 13);
-		x[0] ^= R(x[12] + x[8], 18);
-		x[9] ^= R(x[5] + x[1], 7);
-		x[13] ^= R(x[9] + x[5], 9);
-		x[1] ^= R(x[13] + x[9], 13);
-		x[5] ^= R(x[1] + x[13], 18);
-		x[14] ^= R(x[10] + x[6], 7);
-		x[2] ^= R(x[14] + x[10], 9);
-		x[6] ^= R(x[2] + x[14], 13);
-		x[10] ^= R(x[6] + x[2], 18);
-		x[3] ^= R(x[15] + x[11], 7);
-		x[7] ^= R(x[3] + x[15], 9);
-		x[11] ^= R(x[7] + x[3], 13);
-		x[15] ^= R(x[11] + x[7], 18);
-		x[1] ^= R(x[0] + x[3], 7);
-		x[2] ^= R(x[1] + x[0], 9);
-		x[3] ^= R(x[2] + x[1], 13);
-		x[0] ^= R(x[3] + x[2], 18);
-		x[6] ^= R(x[5] + x[4], 7);
-		x[7] ^= R(x[6] + x[5], 9);
-		x[4] ^= R(x[7] + x[6], 13);
-		x[5] ^= R(x[4] + x[7], 18);
-		x[11] ^= R(x[10] + x[9], 7);
-		x[8] ^= R(x[11] + x[10], 9);
-		x[9] ^= R(x[8] + x[11], 13);
-		x[10] ^= R(x[9] + x[8], 18);
-		x[12] ^= R(x[15] + x[14], 7);
-		x[13] ^= R(x[12] + x[15], 9);
-		x[14] ^= R(x[13] + x[12], 13);
-		x[15] ^= R(x[14] + x[13], 18);
-	}
-	for (let i = 0; i < 16; i++) B[i] = B[i] + x[i] >>> 0;
-}
-function blockMix(B, r) {
-	const blockWords = 2 * r * 16;
-	const X = new Uint32Array(16);
-	for (let i = 0; i < 16; i++) X[i] = B[blockWords - 16 + i];
-	const Y = new Uint32Array(blockWords);
-	for (let i = 0; i < 2 * r; i++) {
-		for (let j = 0; j < 16; j++) X[j] ^= B[i * 16 + j];
-		salsa20_8(X);
-		for (let j = 0; j < 16; j++) Y[i * 16 + j] = X[j];
-	}
-	for (let i = 0; i < r; i++) {
-		for (let j = 0; j < 16; j++) B[i * 16 + j] = Y[2 * i * 16 + j];
-	}
-	for (let i = 0; i < r; i++) {
-		for (let j = 0; j < 16; j++) B[(r + i) * 16 + j] = Y[(2 * i + 1) * 16 + j];
-	}
-}
-function roMix(B, N, r) {
-	const blockWords = 2 * r * 16;
-	const V = new Array(N);
-	for (let i = 0; i < N; i++) {
-		V[i] = new Uint32Array(B);
-		blockMix(B, r);
-	}
-	for (let i = 0; i < N; i++) {
-		const j = B[blockWords - 16] & N - 1;
-		for (let k = 0; k < blockWords; k++) B[k] ^= V[j][k];
-		blockMix(B, r);
-	}
-}
-function bytesToWords(bytes) {
-	const words = new Uint32Array(bytes.length / 4);
-	for (let i = 0; i < words.length; i++) {
-		words[i] = bytes[i * 4] | bytes[i * 4 + 1] << 8 | bytes[i * 4 + 2] << 16 | bytes[i * 4 + 3] << 24;
-	}
-	return words;
-}
-function wordsToBytes(words) {
-	const bytes = new Uint8Array(words.length * 4);
-	for (let i = 0; i < words.length; i++) {
-		bytes[i * 4] = words[i] & 255;
-		bytes[i * 4 + 1] = words[i] >> 8 & 255;
-		bytes[i * 4 + 2] = words[i] >> 16 & 255;
-		bytes[i * 4 + 3] = words[i] >> 24 & 255;
-	}
-	return bytes;
-}
-function scryptCore(password, salt, N, r, p, keyLen) {
-	const blockSize = 128 * r;
-	const B = pbkdf2Sync(password, salt, 1, p * blockSize, "sha256");
-	for (let i = 0; i < p; i++) {
-		const blockBytes = new Uint8Array(B.buffer, B.byteOffset + i * blockSize, blockSize);
-		const blockWords = bytesToWords(blockBytes);
-		roMix(blockWords, N, r);
-		const result = wordsToBytes(blockWords);
-		blockBytes.set(result);
-	}
-	return pbkdf2Sync(password, B, 1, keyLen, "sha256");
-}
-function scryptSync(password, salt, keylen, options) {
-	const pwd = typeof password === "string" ? Buffer.from(password) : Buffer.from(password);
-	const slt = typeof salt === "string" ? Buffer.from(salt) : Buffer.from(salt);
-	const N = options?.N ?? 16384;
-	const r = options?.r ?? 8;
-	const p = options?.p ?? 1;
-	if (N <= 0 || (N & N - 1) !== 0) {
-		throw new Error("N must be a positive power of 2");
-	}
-	return scryptCore(pwd, slt, N, r, p, keylen);
-}
-function scrypt(password, salt, keylen, optionsOrCallback, callback) {
-	let options = {};
-	let cb;
-	if (typeof optionsOrCallback === "function") {
-		cb = optionsOrCallback;
-	} else {
-		options = optionsOrCallback;
-		cb = callback;
-	}
-	try {
-		const result = scryptSync(password, salt, keylen, options);
-		setTimeout(() => cb(null, result), 0);
-	} catch (err) {
-		setTimeout(() => cb(err instanceof Error ? err : new Error(String(err)), Buffer.alloc(0)), 0);
-	}
-}
-
-//#endregion
-export { scrypt, scryptSync };
+import{pbkdf2Sync as e}from"./pbkdf2.js";import{Buffer as t}from"node:buffer";function n(e,t){return(e<<t|e>>>32-t)>>>0}function r(e){let t=new Uint32Array(16);for(let n=0;n<16;n++)t[n]=e[n];for(let e=0;e<4;e++)t[4]^=n(t[0]+t[12],7),t[8]^=n(t[4]+t[0],9),t[12]^=n(t[8]+t[4],13),t[0]^=n(t[12]+t[8],18),t[9]^=n(t[5]+t[1],7),t[13]^=n(t[9]+t[5],9),t[1]^=n(t[13]+t[9],13),t[5]^=n(t[1]+t[13],18),t[14]^=n(t[10]+t[6],7),t[2]^=n(t[14]+t[10],9),t[6]^=n(t[2]+t[14],13),t[10]^=n(t[6]+t[2],18),t[3]^=n(t[15]+t[11],7),t[7]^=n(t[3]+t[15],9),t[11]^=n(t[7]+t[3],13),t[15]^=n(t[11]+t[7],18),t[1]^=n(t[0]+t[3],7),t[2]^=n(t[1]+t[0],9),t[3]^=n(t[2]+t[1],13),t[0]^=n(t[3]+t[2],18),t[6]^=n(t[5]+t[4],7),t[7]^=n(t[6]+t[5],9),t[4]^=n(t[7]+t[6],13),t[5]^=n(t[4]+t[7],18),t[11]^=n(t[10]+t[9],7),t[8]^=n(t[11]+t[10],9),t[9]^=n(t[8]+t[11],13),t[10]^=n(t[9]+t[8],18),t[12]^=n(t[15]+t[14],7),t[13]^=n(t[12]+t[15],9),t[14]^=n(t[13]+t[12],13),t[15]^=n(t[14]+t[13],18);for(let n=0;n<16;n++)e[n]=e[n]+t[n]>>>0}function i(e,t){let n=2*t*16,i=new Uint32Array(16);for(let t=0;t<16;t++)i[t]=e[n-16+t];let a=new Uint32Array(n);for(let n=0;n<2*t;n++){for(let t=0;t<16;t++)i[t]^=e[n*16+t];r(i);for(let e=0;e<16;e++)a[n*16+e]=i[e]}for(let n=0;n<t;n++)for(let t=0;t<16;t++)e[n*16+t]=a[2*n*16+t];for(let n=0;n<t;n++)for(let r=0;r<16;r++)e[(t+n)*16+r]=a[(2*n+1)*16+r]}function a(e,t,n){let r=2*n*16,a=Array(t);for(let r=0;r<t;r++)a[r]=new Uint32Array(e),i(e,n);for(let o=0;o<t;o++){let o=e[r-16]&t-1;for(let t=0;t<r;t++)e[t]^=a[o][t];i(e,n)}}function o(e){let t=new Uint32Array(e.length/4);for(let n=0;n<t.length;n++)t[n]=e[n*4]|e[n*4+1]<<8|e[n*4+2]<<16|e[n*4+3]<<24;return t}function s(e){let t=new Uint8Array(e.length*4);for(let n=0;n<e.length;n++)t[n*4]=e[n]&255,t[n*4+1]=e[n]>>8&255,t[n*4+2]=e[n]>>16&255,t[n*4+3]=e[n]>>24&255;return t}function c(t,n,r,i,c,l){let u=128*i,d=e(t,n,1,c*u,`sha256`);for(let e=0;e<c;e++){let t=new Uint8Array(d.buffer,d.byteOffset+e*u,u),n=o(t);a(n,r,i);let c=s(n);t.set(c)}return e(t,d,1,l,`sha256`)}function l(e,n,r,i){let a=t.from(e),o=t.from(n),s=i?.N??16384,l=i?.r??8,u=i?.p??1;if(s<=0||s&s-1)throw Error(`N must be a positive power of 2`);return c(a,o,s,l,u,r)}function u(e,n,r,i,a){let o={},s;typeof i==`function`?s=i:(o=i,s=a);try{let t=l(e,n,r,o);setTimeout(()=>s(null,t),0)}catch(e){setTimeout(()=>s(e instanceof Error?e:Error(String(e)),t.alloc(0)),0)}}export{u as scrypt,l as scryptSync};

package/lib/esm/sign.js

@@ -1,278 +1 @@
-import { parsePemKey, rsaKeySize } from "./asn1.js";
-import { bigIntToBytes, bytesToBigInt, modPow } from "./bigint-math.js";
-import { Hash } from "./hash.js";
-import { Buffer } from "node:buffer";
-
-//#region src/sign.ts
-/**
-* DigestInfo DER prefix bytes for each supported hash algorithm.
-* These encode: SEQUENCE { SEQUENCE { OID hashAlg, NULL }, OCTET STRING hashValue }
-* excluding the actual hash value at the end.
-*/
-const DIGEST_INFO_PREFIX = {
-	sha1: new Uint8Array([
-		48,
-		33,
-		48,
-		9,
-		6,
-		5,
-		43,
-		14,
-		3,
-		2,
-		26,
-		5,
-		0,
-		4,
-		20
-	]),
-	sha256: new Uint8Array([
-		48,
-		49,
-		48,
-		13,
-		6,
-		9,
-		96,
-		134,
-		72,
-		1,
-		101,
-		3,
-		4,
-		2,
-		1,
-		5,
-		0,
-		4,
-		32
-	]),
-	sha512: new Uint8Array([
-		48,
-		81,
-		48,
-		13,
-		6,
-		9,
-		96,
-		134,
-		72,
-		1,
-		101,
-		3,
-		4,
-		2,
-		3,
-		5,
-		0,
-		4,
-		64
-	])
-};
-/**
-* Normalize algorithm strings like "RSA-SHA256", "SHA256", "sha256" to
-* the canonical hash name used internally (e.g. "sha256").
-*/
-function normalizeSignAlgorithm(algorithm) {
-	let alg = algorithm.toLowerCase().replace(/-/g, "");
-	if (alg.startsWith("rsa")) {
-		alg = alg.slice(3);
-	}
-	if (!DIGEST_INFO_PREFIX[alg]) {
-		throw new Error(`Unsupported algorithm: ${algorithm}. Supported: RSA-SHA1, RSA-SHA256, RSA-SHA512`);
-	}
-	return alg;
-}
-function extractPem(key) {
-	if (typeof key === "string") {
-		return key;
-	}
-	if (Buffer.isBuffer(key) || key instanceof Uint8Array) {
-		return Buffer.from(key).toString("utf8");
-	}
-	if (key && typeof key === "object" && "key" in key) {
-		const k = key.key;
-		if (typeof k === "string") return k;
-		if (Buffer.isBuffer(k) || k instanceof Uint8Array) return Buffer.from(k).toString("utf8");
-	}
-	throw new TypeError("Invalid key argument");
-}
-/**
-* The Sign class generates RSA PKCS#1 v1.5 signatures.
-*
-* Usage:
-*   const sign = createSign('RSA-SHA256');
-*   sign.update('data');
-*   const signature = sign.sign(privateKey);
-*/
-var Sign = class {
-	_algorithm;
-	_hash;
-	_finalized = false;
-	constructor(algorithm) {
-		this._algorithm = normalizeSignAlgorithm(algorithm);
-		this._hash = new Hash(this._algorithm);
-	}
-	/**
-	* Update the Sign object with the given data.
-	*/
-	update(data, inputEncoding) {
-		if (this._finalized) {
-			throw new Error("Sign was already finalized");
-		}
-		this._hash.update(data, inputEncoding);
-		return this;
-	}
-	/**
-	* Compute the signature using the private key.
-	* Returns the signature as a Buffer (or string if outputEncoding is given).
-	*/
-	sign(privateKey, outputEncoding) {
-		if (this._finalized) {
-			throw new Error("Sign was already finalized");
-		}
-		this._finalized = true;
-		const digest = this._hash.digest();
-		const pem = extractPem(privateKey);
-		const parsed = parsePemKey(pem);
-		if (parsed.type !== "rsa-private") {
-			throw new Error("privateKey must be an RSA private key");
-		}
-		const { n, e, d } = parsed.components;
-		const keyLen = rsaKeySize(n);
-		const prefix = DIGEST_INFO_PREFIX[this._algorithm];
-		const digestInfo = new Uint8Array(prefix.length + digest.length);
-		digestInfo.set(prefix, 0);
-		digestInfo.set(digest, prefix.length);
-		const padLen = keyLen - digestInfo.length - 3;
-		if (padLen < 8) {
-			throw new Error("Key is too short for the specified hash algorithm");
-		}
-		const em = new Uint8Array(keyLen);
-		em[0] = 0;
-		em[1] = 1;
-		for (let i = 2; i < 2 + padLen; i++) {
-			em[i] = 255;
-		}
-		em[2 + padLen] = 0;
-		em.set(digestInfo, 3 + padLen);
-		const m = bytesToBigInt(em);
-		const s = modPow(m, d, n);
-		const sigBytes = bigIntToBytes(s, keyLen);
-		const sigBuf = Buffer.from(sigBytes);
-		if (outputEncoding) {
-			return sigBuf.toString(outputEncoding);
-		}
-		return sigBuf;
-	}
-};
-/**
-* The Verify class verifies RSA PKCS#1 v1.5 signatures.
-*
-* Usage:
-*   const verify = createVerify('RSA-SHA256');
-*   verify.update('data');
-*   const ok = verify.verify(publicKey, signature);
-*/
-var Verify = class {
-	_algorithm;
-	_hash;
-	_finalized = false;
-	constructor(algorithm) {
-		this._algorithm = normalizeSignAlgorithm(algorithm);
-		this._hash = new Hash(this._algorithm);
-	}
-	/**
-	* Update the Verify object with the given data.
-	*/
-	update(data, inputEncoding) {
-		if (this._finalized) {
-			throw new Error("Verify was already finalized");
-		}
-		this._hash.update(data, inputEncoding);
-		return this;
-	}
-	/**
-	* Verify the signature against the public key.
-	* Returns true if the signature is valid, false otherwise.
-	*/
-	verify(publicKey, signature, signatureEncoding) {
-		if (this._finalized) {
-			throw new Error("Verify was already finalized");
-		}
-		this._finalized = true;
-		const digest = this._hash.digest();
-		const pem = extractPem(publicKey);
-		const parsed = parsePemKey(pem);
-		let n;
-		let e;
-		if (parsed.type === "rsa-public") {
-			n = parsed.components.n;
-			e = parsed.components.e;
-		} else if (parsed.type === "rsa-private") {
-			n = parsed.components.n;
-			e = parsed.components.e;
-		} else {
-			throw new Error("publicKey must be an RSA public or private key");
-		}
-		const keyLen = rsaKeySize(n);
-		let sigBytes;
-		if (typeof signature === "string") {
-			sigBytes = Buffer.from(signature, signatureEncoding || "base64");
-		} else {
-			sigBytes = signature instanceof Uint8Array ? signature : Buffer.from(signature);
-		}
-		if (sigBytes.length !== keyLen) {
-			return false;
-		}
-		const s = bytesToBigInt(sigBytes);
-		if (s >= n) {
-			return false;
-		}
-		const m = modPow(s, e, n);
-		const em = bigIntToBytes(m, keyLen);
-		if (em[0] !== 0 || em[1] !== 1) {
-			return false;
-		}
-		let sepIdx = 2;
-		while (sepIdx < em.length && em[sepIdx] === 255) {
-			sepIdx++;
-		}
-		if (sepIdx >= em.length || em[sepIdx] !== 0) {
-			return false;
-		}
-		if (sepIdx - 2 < 8) {
-			return false;
-		}
-		sepIdx++;
-		const recoveredDigestInfo = em.slice(sepIdx);
-		const prefix = DIGEST_INFO_PREFIX[this._algorithm];
-		const expectedDigestInfo = new Uint8Array(prefix.length + digest.length);
-		expectedDigestInfo.set(prefix, 0);
-		expectedDigestInfo.set(digest, prefix.length);
-		if (recoveredDigestInfo.length !== expectedDigestInfo.length) {
-			return false;
-		}
-		let diff = 0;
-		for (let i = 0; i < recoveredDigestInfo.length; i++) {
-			diff |= recoveredDigestInfo[i] ^ expectedDigestInfo[i];
-		}
-		return diff === 0;
-	}
-};
-/**
-* Create and return a Sign object for the given algorithm.
-*/
-function createSign(algorithm) {
-	return new Sign(algorithm);
-}
-/**
-* Create and return a Verify object for the given algorithm.
-*/
-function createVerify(algorithm) {
-	return new Verify(algorithm);
-}
-
-//#endregion
-export { Sign, Verify, createSign, createVerify };
+import{parsePemKey as e,rsaKeySize as t}from"./asn1.js";import{bigIntToBytes as n,bytesToBigInt as r,modPow as i}from"./bigint-math.js";import{Hash as a}from"./hash.js";import{Buffer as o}from"node:buffer";const s={sha1:new Uint8Array([48,33,48,9,6,5,43,14,3,2,26,5,0,4,20]),sha256:new Uint8Array([48,49,48,13,6,9,96,134,72,1,101,3,4,2,1,5,0,4,32]),sha512:new Uint8Array([48,81,48,13,6,9,96,134,72,1,101,3,4,2,3,5,0,4,64])};function c(e){let t=e.toLowerCase().replace(/-/g,``);if(t.startsWith(`rsa`)&&(t=t.slice(3)),!s[t])throw Error(`Unsupported algorithm: ${e}. Supported: RSA-SHA1, RSA-SHA256, RSA-SHA512`);return t}function l(e){if(typeof e==`string`)return e;if(o.isBuffer(e)||e instanceof Uint8Array)return o.from(e).toString(`utf8`);if(e&&typeof e==`object`&&`key`in e){let t=e.key;if(typeof t==`string`)return t;if(o.isBuffer(t)||t instanceof Uint8Array)return o.from(t).toString(`utf8`)}throw TypeError(`Invalid key argument`)}var u=class{_algorithm;_hash;_finalized=!1;constructor(e){this._algorithm=c(e),this._hash=new a(this._algorithm)}update(e,t){if(this._finalized)throw Error(`Sign was already finalized`);return this._hash.update(e,t),this}sign(a,c){if(this._finalized)throw Error(`Sign was already finalized`);this._finalized=!0;let u=this._hash.digest(),d=e(l(a));if(d.type!==`rsa-private`)throw Error(`privateKey must be an RSA private key`);let{n:f,e:p,d:m}=d.components,h=t(f),g=s[this._algorithm],_=new Uint8Array(g.length+u.length);_.set(g,0),_.set(u,g.length);let v=h-_.length-3;if(v<8)throw Error(`Key is too short for the specified hash algorithm`);let y=new Uint8Array(h);y[0]=0,y[1]=1;for(let e=2;e<2+v;e++)y[e]=255;y[2+v]=0,y.set(_,3+v);let b=n(i(r(y),m,f),h),x=o.from(b);return c?x.toString(c):x}},d=class{_algorithm;_hash;_finalized=!1;constructor(e){this._algorithm=c(e),this._hash=new a(this._algorithm)}update(e,t){if(this._finalized)throw Error(`Verify was already finalized`);return this._hash.update(e,t),this}verify(a,c,u){if(this._finalized)throw Error(`Verify was already finalized`);this._finalized=!0;let d=this._hash.digest(),f=e(l(a)),p,m;if(f.type===`rsa-public`)p=f.components.n,m=f.components.e;else if(f.type===`rsa-private`)p=f.components.n,m=f.components.e;else throw Error(`publicKey must be an RSA public or private key`);let h=t(p),g;if(g=typeof c==`string`?o.from(c,u||`base64`):c instanceof Uint8Array?c:o.from(c),g.length!==h)return!1;let _=r(g);if(_>=p)return!1;let v=n(i(_,m,p),h);if(v[0]!==0||v[1]!==1)return!1;let y=2;for(;y<v.length&&v[y]===255;)y++;if(y>=v.length||v[y]!==0||y-2<8)return!1;y++;let b=v.slice(y),x=s[this._algorithm],S=new Uint8Array(x.length+d.length);if(S.set(x,0),S.set(d,x.length),b.length!==S.length)return!1;let C=0;for(let e=0;e<b.length;e++)C|=b[e]^S[e];return C===0}};function f(e){return new u(e)}function p(e){return new d(e)}export{u as Sign,d as Verify,f as createSign,p as createVerify};

package/lib/esm/timing-safe-equal.js

@@ -1,18 +1 @@
-//#region src/timing-safe-equal.ts
-/**
-* Compare two buffers in constant time to prevent timing attacks.
-* Both buffers must have the same length.
-*/
-function timingSafeEqual(a, b) {
-	if (a.length !== b.length) {
-		throw new RangeError("Input buffers must have the same byte length");
-	}
-	let result = 0;
-	for (let i = 0; i < a.length; i++) {
-		result |= a[i] ^ b[i];
-	}
-	return result === 0;
-}
-
-//#endregion
-export { timingSafeEqual };
+function e(e,t){if(e.length!==t.length)throw RangeError(`Input buffers must have the same byte length`);let n=0;for(let r=0;r<e.length;r++)n|=e[r]^t[r];return n===0}export{e as timingSafeEqual};

package/lib/esm/x509.js

@@ -1,223 +1 @@
-import { derToPem, encodeSubjectPublicKeyInfo, parseX509, parseX509Der } from "./asn1.js";
-import { KeyObject } from "./key-object.js";
-import { createHash } from "./index.js";
-import { Buffer } from "node:buffer";
-
-//#region src/x509.ts
-/**
-* X509Certificate encapsulates an X.509 certificate and provides
-* read-only access to its information.
-*/
-var X509Certificate = class {
-	_components;
-	_pem;
-	constructor(buf) {
-		if (typeof buf === "string") {
-			this._pem = buf;
-			this._components = parseX509(buf);
-		} else {
-			const bufData = Buffer.isBuffer(buf) ? buf : Buffer.from(buf);
-			const str = bufData.toString("utf8");
-			if (str.includes("-----BEGIN CERTIFICATE-----")) {
-				this._pem = str;
-				this._components = parseX509(str);
-			} else {
-				this._components = parseX509Der(new Uint8Array(bufData.buffer, bufData.byteOffset, bufData.byteLength));
-				this._pem = derToPem(this._components.raw, "CERTIFICATE");
-			}
-		}
-	}
-	/** The DER encoded certificate data. */
-	get raw() {
-		return Buffer.from(this._components.raw);
-	}
-	/** The serial number of the certificate as a hex string. */
-	get serialNumber() {
-		return this._components.serialNumber.toString(16).toUpperCase();
-	}
-	/** The subject of the certificate. */
-	get subject() {
-		return this._components.subject;
-	}
-	/** The issuer of the certificate. */
-	get issuer() {
-		return this._components.issuer;
-	}
-	/** The start date of the certificate validity period. */
-	get validFrom() {
-		return this._components.validFrom.toUTCString();
-	}
-	/** The end date of the certificate validity period. */
-	get validTo() {
-		return this._components.validTo.toUTCString();
-	}
-	/** SHA-1 fingerprint of the certificate. */
-	get fingerprint() {
-		const hash = createHash("sha1").update(this._components.raw).digest();
-		return formatFingerprint(hash);
-	}
-	/** SHA-256 fingerprint of the certificate. */
-	get fingerprint256() {
-		const hash = createHash("sha256").update(this._components.raw).digest();
-		return formatFingerprint(hash);
-	}
-	/** SHA-512 fingerprint of the certificate. */
-	get fingerprint512() {
-		const hash = createHash("sha512").update(this._components.raw).digest();
-		return formatFingerprint(hash);
-	}
-	/** The public key of the certificate as a KeyObject. */
-	get publicKey() {
-		if (!this._components.publicKey) {
-			throw new Error("Certificate does not contain a supported public key type");
-		}
-		const der = encodeSubjectPublicKeyInfo(this._components.publicKey);
-		const pem = derToPem(der, "PUBLIC KEY");
-		return new KeyObject("public", {
-			parsed: {
-				type: "rsa-public",
-				components: this._components.publicKey
-			},
-			pem
-		});
-	}
-	/** The Subject Alternative Name extension, if present. */
-	get subjectAltName() {
-		if (!this._components.subjectAltName || this._components.subjectAltName.length === 0) {
-			return undefined;
-		}
-		return this._components.subjectAltName.join(", ");
-	}
-	/** The key usage extension (stub — returns undefined). */
-	get keyUsage() {
-		return undefined;
-	}
-	/** Information access extension (stub — returns undefined). */
-	get infoAccess() {
-		return undefined;
-	}
-	/** Whether this certificate is a CA certificate. */
-	get ca() {
-		return false;
-	}
-	/**
-	* Check whether the certificate matches the given hostname.
-	*/
-	checkHost(name) {
-		const cnMatch = this._components.subject.match(/CN=([^,]+)/);
-		if (cnMatch) {
-			const cn = cnMatch[1].trim();
-			if (matchHostname(cn, name)) return cn;
-		}
-		if (this._components.subjectAltName) {
-			for (const san of this._components.subjectAltName) {
-				if (san.startsWith("DNS:")) {
-					const dnsName = san.substring(4);
-					if (matchHostname(dnsName, name)) return dnsName;
-				}
-			}
-		}
-		return undefined;
-	}
-	/**
-	* Check whether the certificate matches the given email address.
-	*/
-	checkEmail(email) {
-		const emailLower = email.toLowerCase();
-		const emailMatch = this._components.subject.match(/emailAddress=([^,]+)/);
-		if (emailMatch && emailMatch[1].toLowerCase() === emailLower) {
-			return emailMatch[1];
-		}
-		return undefined;
-	}
-	/**
-	* Check whether the certificate matches the given IP address.
-	*/
-	checkIP(ip) {
-		if (this._components.subjectAltName) {
-			for (const san of this._components.subjectAltName) {
-				if (san.startsWith("IP Address:") && san.substring(11) === ip) {
-					return ip;
-				}
-			}
-		}
-		return undefined;
-	}
-	/**
-	* Verify the certificate signature using the given public key.
-	*/
-	verify(_publicKey) {
-		return true;
-	}
-	/**
-	* Check whether this certificate was issued by the given issuer certificate.
-	*/
-	checkIssued(otherCert) {
-		return this.issuer === otherCert.subject;
-	}
-	/**
-	* Returns a legacy certificate object for compatibility.
-	*/
-	toLegacyObject() {
-		return {
-			subject: parseDNToObject(this._components.subject),
-			issuer: parseDNToObject(this._components.issuer),
-			valid_from: this.validFrom,
-			valid_to: this.validTo,
-			serialNumber: this.serialNumber,
-			fingerprint: this.fingerprint,
-			fingerprint256: this.fingerprint256
-		};
-	}
-	/**
-	* Returns the PEM-encoded certificate.
-	*/
-	toString() {
-		return this._pem;
-	}
-	/**
-	* Returns the PEM-encoded certificate in JSON context.
-	*/
-	toJSON() {
-		return this._pem;
-	}
-	get [Symbol.toStringTag]() {
-		return "X509Certificate";
-	}
-};
-function formatFingerprint(hash) {
-	const hex = hash.toString("hex").toUpperCase();
-	const parts = [];
-	for (let i = 0; i < hex.length; i += 2) {
-		parts.push(hex.substring(i, i + 2));
-	}
-	return parts.join(":");
-}
-function matchHostname(pattern, hostname) {
-	const patternLower = pattern.toLowerCase();
-	const hostLower = hostname.toLowerCase();
-	if (patternLower === hostLower) return true;
-	if (patternLower.startsWith("*.")) {
-		const suffix = patternLower.substring(2);
-		const hostParts = hostLower.split(".");
-		if (hostParts.length >= 2) {
-			const hostSuffix = hostParts.slice(1).join(".");
-			return hostSuffix === suffix;
-		}
-	}
-	return false;
-}
-function parseDNToObject(dn) {
-	const result = {};
-	const parts = dn.split(", ");
-	for (const part of parts) {
-		const eqIdx = part.indexOf("=");
-		if (eqIdx > 0) {
-			result[part.substring(0, eqIdx)] = part.substring(eqIdx + 1);
-		}
-	}
-	return result;
-}
-
-//#endregion
-export { X509Certificate };
+import{derToPem as e,encodeSubjectPublicKeyInfo as t,parseX509 as n,parseX509Der as r}from"./asn1.js";import{KeyObject as i}from"./key-object.js";import{createHash as a}from"./index.js";import{Buffer as o}from"node:buffer";var s=class{_components;_pem;constructor(t){if(typeof t==`string`)this._pem=t,this._components=n(t);else{let i=o.isBuffer(t)?t:o.from(t),a=i.toString(`utf8`);a.includes(`-----BEGIN CERTIFICATE-----`)?(this._pem=a,this._components=n(a)):(this._components=r(new Uint8Array(i.buffer,i.byteOffset,i.byteLength)),this._pem=e(this._components.raw,`CERTIFICATE`))}}get raw(){return o.from(this._components.raw)}get serialNumber(){return this._components.serialNumber.toString(16).toUpperCase()}get subject(){return this._components.subject}get issuer(){return this._components.issuer}get validFrom(){return this._components.validFrom.toUTCString()}get validTo(){return this._components.validTo.toUTCString()}get fingerprint(){return c(a(`sha1`).update(this._components.raw).digest())}get fingerprint256(){return c(a(`sha256`).update(this._components.raw).digest())}get fingerprint512(){return c(a(`sha512`).update(this._components.raw).digest())}get publicKey(){if(!this._components.publicKey)throw Error(`Certificate does not contain a supported public key type`);let n=e(t(this._components.publicKey),`PUBLIC KEY`);return new i(`public`,{parsed:{type:`rsa-public`,components:this._components.publicKey},pem:n})}get subjectAltName(){if(!(!this._components.subjectAltName||this._components.subjectAltName.length===0))return this._components.subjectAltName.join(`, `)}get keyUsage(){}get infoAccess(){}get ca(){return!1}checkHost(e){let t=this._components.subject.match(/CN=([^,]+)/);if(t){let n=t[1].trim();if(l(n,e))return n}if(this._components.subjectAltName){for(let t of this._components.subjectAltName)if(t.startsWith(`DNS:`)){let n=t.substring(4);if(l(n,e))return n}}}checkEmail(e){let t=e.toLowerCase(),n=this._components.subject.match(/emailAddress=([^,]+)/);if(n&&n[1].toLowerCase()===t)return n[1]}checkIP(e){if(this._components.subjectAltName){for(let t of this._components.subjectAltName)if(t.startsWith(`IP Address:`)&&t.substring(11)===e)return e}}verify(e){return!0}checkIssued(e){return this.issuer===e.subject}toLegacyObject(){return{subject:u(this._components.subject),issuer:u(this._components.issuer),valid_from:this.validFrom,valid_to:this.validTo,serialNumber:this.serialNumber,fingerprint:this.fingerprint,fingerprint256:this.fingerprint256}}toString(){return this._pem}toJSON(){return this._pem}get[Symbol.toStringTag](){return`X509Certificate`}};function c(e){let t=e.toString(`hex`).toUpperCase(),n=[];for(let e=0;e<t.length;e+=2)n.push(t.substring(e,e+2));return n.join(`:`)}function l(e,t){let n=e.toLowerCase(),r=t.toLowerCase();if(n===r)return!0;if(n.startsWith(`*.`)){let e=n.substring(2),t=r.split(`.`);if(t.length>=2)return t.slice(1).join(`.`)===e}return!1}function u(e){let t={},n=e.split(`, `);for(let e of n){let n=e.indexOf(`=`);n>0&&(t[e.substring(0,n)]=e.substring(n+1))}return t}export{s as X509Certificate};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gjsify/crypto",
-  "version": "0.3.16",
+  "version": "0.3.18",
   "description": "Node.js crypto module for Gjs",
   "type": "module",
   "module": "lib/esm/index.js",
@@ -30,16 +30,16 @@
     "crypto"
   ],
   "devDependencies": {
-    "@gjsify/cli": "^0.3.16",
-    "@gjsify/unit": "^0.3.16",
+    "@gjsify/cli": "^0.3.18",
+    "@gjsify/unit": "^0.3.18",
     "@types/diffie-hellman": "^5.0.3",
-    "@types/node": "^25.6.0",
+    "@types/node": "^25.6.2",
     "typescript": "^6.0.3"
   },
   "dependencies": {
-    "@girs/glib-2.0": "2.88.0-4.0.0-rc.9",
-    "@gjsify/buffer": "^0.3.16",
-    "@gjsify/stream": "^0.3.16",
-    "@gjsify/utils": "^0.3.16"
+    "@girs/glib-2.0": "2.88.0-4.0.0-rc.14",
+    "@gjsify/buffer": "^0.3.18",
+    "@gjsify/stream": "^0.3.18",
+    "@gjsify/utils": "^0.3.18"
   }
 }