npm - @matter/protocol - Versions diffs - 0.15.0-alpha.0-20250616-4b3754906 → 0.15.0-alpha.0-20250619-df2264f15 - Mend

@matter/protocol 0.15.0-alpha.0-20250616-4b3754906 → 0.15.0-alpha.0-20250619-df2264f15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (207) hide show

package/dist/cjs/certificate/kinds/Rcac.js ADDED Viewed

@@ -0,0 +1,119 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var Rcac_exports = {};
+__export(Rcac_exports, {
+  Rcac: () => Rcac
+});
+module.exports = __toCommonJS(Rcac_exports);
+var import_general = require("#general");
+var import_types = require("#types");
+var import_common = require("./common.js");
+var import_base = require("./definitions/base.js");
+var import_operational = require("./definitions/operational.js");
+var import_OperationalBase = require("./OperationalBase.js");
+/**
+ * @license
+ * Copyright 2022-2025 Matter.js Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+class Rcac extends import_OperationalBase.OperationalBase {
+  /** Construct the class from a Tlv version of the certificate */
+  static fromTlv(tlv) {
+    return new Rcac(import_operational.OperationalCertificate.TlvRcac.decode(tlv));
+  }
+  /** Validates all basic certificate fields on construction. */
+  validateFields() {
+    const {
+      extensions: {
+        basicConstraints: { isCa }
+      }
+    } = this.cert;
+    if (!isCa) {
+      throw new import_common.CertificateError("Root certificate must be a CA.");
+    }
+  }
+  /**
+   * Encodes the certificate with the signature as Matter Tlv.
+   * If the certificate is not signed, it throws a CertificateError.
+   */
+  asSignedTlv() {
+    return import_operational.OperationalCertificate.TlvRcac.encode({ ...this.cert, signature: this.signature });
+  }
+  /**
+   * Verify requirements a Matter Root certificate must fulfill.
+   * Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
+   */
+  async verify(crypto) {
+    this.generalVerify();
+    const { subject, extensions } = this.cert;
+    const { fabricId, rcacId } = subject;
+    const { basicConstraints, subjectKeyIdentifier, authorityKeyIdentifier } = extensions;
+    if ("nodeId" in subject) {
+      throw new import_common.CertificateError(`Root certificate must not contain a nodeId.`);
+    }
+    if (fabricId !== void 0) {
+      if (Array.isArray(fabricId)) {
+        throw new import_common.CertificateError(`Invalid fabricId in NoC certificate: ${import_general.Diagnostic.json(fabricId)}`);
+      }
+      if (fabricId === (0, import_types.FabricId)(0)) {
+        throw new import_common.CertificateError(`Invalid fabricId in NoC certificate: ${import_general.Diagnostic.json(fabricId)}`);
+      }
+    }
+    if ("icacId" in subject) {
+      throw new import_common.CertificateError(`Root certificate must not contain an icacId.`);
+    }
+    if (rcacId === void 0 || Array.isArray(rcacId)) {
+      throw new import_common.CertificateError(`Invalid rcacId in Root certificate: ${import_general.Diagnostic.json(rcacId)}`);
+    }
+    if ("caseAuthenticatedTags" in subject) {
+      throw new import_common.CertificateError(`Root certificate must not contain a caseAuthenticatedTags.`);
+    }
+    if (basicConstraints.isCa !== true) {
+      throw new import_common.CertificateError(`Root certificate must have isCa set to true.`);
+    }
+    const keyUsage = import_base.ExtensionKeyUsageSchema.encode(extensions.keyUsage);
+    if (keyUsage !== 96 && keyUsage !== 97) {
+      throw new import_common.CertificateError(
+        `Root certificate keyUsage must have keyCertSign and CRLSign and optionally digitalSignature set.`
+      );
+    }
+    if (extensions.extendedKeyUsage !== void 0) {
+      throw new import_common.CertificateError(`Root certificate must not have extendedKeyUsage set.`);
+    }
+    if (subjectKeyIdentifier === void 0) {
+      throw new import_common.CertificateError(`Root certificate must have subjectKeyIdentifier set.`);
+    }
+    if (subjectKeyIdentifier.length !== 20) {
+      throw new import_common.CertificateError(`Root certificate subjectKeyIdentifier must be 160 bit.`);
+    }
+    if (authorityKeyIdentifier === void 0) {
+      throw new import_common.CertificateError(`Root certificate must have authorityKeyIdentifier set.`);
+    }
+    if (authorityKeyIdentifier.length !== 20) {
+      throw new import_common.CertificateError(`Root certificate authorityKeyIdentifier must be 160 bit.`);
+    }
+    if (!import_general.Bytes.areEqual(authorityKeyIdentifier, subjectKeyIdentifier)) {
+      throw new import_common.CertificateError(
+        `Root certificate authorityKeyIdentifier must be equal to subjectKeyIdentifier.`
+      );
+    }
+    await crypto.verifyEcdsa((0, import_general.PublicKey)(this.cert.ellipticCurvePublicKey), this.asUnsignedAsn1(), this.signature);
+  }
+}
+//# sourceMappingURL=Rcac.js.map

package/dist/cjs/certificate/kinds/Rcac.js.map ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/certificate/kinds/Rcac.ts"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,qBAAqD;AACrD,mBAAyB;AACzB,oBAAiC;AACjC,kBAAwC;AACxC,yBAAuC;AACvC,6BAAgC;AAXhC;AAAA;AAAA;AAAA;AAAA;AAaO,MAAM,aAAa,uCAA6C;AAAA;AAAA,EAEnE,OAAO,QAAQ,KAAuB;AAClC,WAAO,IAAI,KAAK,0CAAuB,QAAQ,OAAO,GAAG,CAAC;AAAA,EAC9D;AAAA;AAAA,EAGU,iBAAiB;AACvB,UAAM;AAAA,MACF,YAAY;AAAA,QACR,kBAAkB,EAAE,KAAK;AAAA,MAC7B;AAAA,IACJ,IAAI,KAAK;AACT,QAAI,CAAC,MAAM;AACP,YAAM,IAAI,+BAAiB,gCAAgC;AAAA,IAC/D;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cAAc;AACV,WAAO,0CAAuB,QAAQ,OAAO,EAAE,GAAG,KAAK,MAAM,WAAW,KAAK,UAAU,CAAC;AAAA,EAC5F;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,OAAO,QAAgB;AACzB,SAAK,cAAc;AAEnB,UAAM,EAAE,SAAS,WAAW,IAAI,KAAK;AACrC,UAAM,EAAE,UAAU,OAAO,IAAI;AAC7B,UAAM,EAAE,kBAAkB,sBAAsB,uBAAuB,IAAI;AAG3E,QAAI,YAAY,SAAS;AACrB,YAAM,IAAI,+BAAiB,6CAA6C;AAAA,IAC5E;AAGA,QAAI,aAAa,QAAW;AACxB,UAAI,MAAM,QAAQ,QAAQ,GAAG;AACzB,cAAM,IAAI,+BAAiB,wCAAwC,0BAAW,KAAK,QAAQ,CAAC,EAAE;AAAA,MAClG;AAEA,UAAI,iBAAa,uBAAS,CAAC,GAAG;AAC1B,cAAM,IAAI,+BAAiB,wCAAwC,0BAAW,KAAK,QAAQ,CAAC,EAAE;AAAA,MAClG;AAAA,IACJ;AAGA,QAAI,YAAY,SAAS;AACrB,YAAM,IAAI,+BAAiB,8CAA8C;AAAA,IAC7E;AAGA,QAAI,WAAW,UAAa,MAAM,QAAQ,MAAM,GAAG;AAC/C,YAAM,IAAI,+BAAiB,uCAAuC,0BAAW,KAAK,MAAM,CAAC,EAAE;AAAA,IAC/F;AAGA,QAAI,2BAA2B,SAAS;AACpC,YAAM,IAAI,+BAAiB,4DAA4D;AAAA,IAC3F;AAGA,QAAI,iBAAiB,SAAS,MAAM;AAChC,YAAM,IAAI,+BAAiB,8CAA8C;AAAA,IAC7E;AAIA,UAAM,WAAW,oCAAwB,OAAO,WAAW,QAAQ;AACnE,QAAI,aAAa,MAAU,aAAa,IAAQ;AAC5C,YAAM,IAAI;AAAA,QACN;AAAA,MACJ;AAAA,IACJ;AAGA,QAAI,WAAW,qBAAqB,QAAW;AAC3C,YAAM,IAAI,+BAAiB,sDAAsD;AAAA,IACrF;AAGA,QAAI,yBAAyB,QAAW;AACpC,YAAM,IAAI,+BAAiB,sDAAsD;AAAA,IACrF;AACA,QAAI,qBAAqB,WAAW,IAAI;AACpC,YAAM,IAAI,+BAAiB,wDAAwD;AAAA,IACvF;AAGA,QAAI,2BAA2B,QAAW;AACtC,YAAM,IAAI,+BAAiB,wDAAwD;AAAA,IACvF;AACA,QAAI,uBAAuB,WAAW,IAAI;AACtC,YAAM,IAAI,+BAAiB,0DAA0D;AAAA,IACzF;AAGA,QAAI,CAAC,qBAAM,SAAS,wBAAwB,oBAAoB,GAAG;AAC/D,YAAM,IAAI;AAAA,QACN;AAAA,MACJ;AAAA,IACJ;AAEA,UAAM,OAAO,gBAAY,0BAAU,KAAK,KAAK,sBAAsB,GAAG,KAAK,eAAe,GAAG,KAAK,SAAS;AAAA,EAC/G;AACJ;",
+  "names": []
+}

package/dist/cjs/certificate/kinds/X509Base.d.ts ADDED Viewed

@@ -0,0 +1,92 @@
+/**
+ * @license
+ * Copyright 2022-2025 Matter.js Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { Crypto, DerType, Key } from "#general";
+import { Unsigned } from "./common.js";
+import { X509Certificate } from "./definitions/base.js";
+/**
+ * Abstract definition of a X.509 certificate that can be signed and converted to ASN.1 DER format.
+ * It also provides two static methods to create a certificate signing request (CSR) and to extract the public key
+ * from a CSR.
+ */
+export declare abstract class X509Base<CT extends X509Certificate> {
+    #private;
+    constructor(cert: CT | Unsigned<CT>);
+    get cert(): Unsigned<CT>;
+    get isSigned(): boolean;
+    /**
+     * Get the signature of the certificate.
+     * If the certificate is not signed, it throws a CertificateError.
+     */
+    get signature(): Uint8Array;
+    /**
+     * Set the signature of the certificate.
+     * If the certificate is already signed, it throws a CertificateError.
+     */
+    set signature(signature: Uint8Array);
+    /**
+     * Sign the certificate using the provided crypto and key.
+     * It throws a CertificateError if the certificate is already signed.
+     */
+    sign(crypto: Crypto, key: JsonWebKey): Promise<void>;
+    /**
+     * Convert the certificate to ASN.1 DER format without signature.
+     */
+    asUnsignedAsn1(): Uint8Array<ArrayBufferLike>;
+    /**
+     * Build the ASN.1 DER structure for the certificate.
+     */
+    protected genericBuildAsn1Structure({ serialNumber, notBefore, notAfter, issuer, subject, ellipticCurvePublicKey, extensions, }: Unsigned<CT>): {
+        version: {
+            _tag: number;
+            _bytes: Uint8Array<ArrayBuffer>;
+        };
+        serialNumber: {
+            _type: DerType;
+            _raw: any;
+        };
+        signatureAlgorithm: any;
+        issuer: {
+            [field: string]: any[];
+        };
+        validity: {
+            notBefore: Date;
+            notAfter: Date;
+        };
+        subject: {
+            [field: string]: any[];
+        };
+        publicKey: {
+            type: {
+                algorithm: {
+                    _tag: number;
+                    _bytes: Uint8Array<ArrayBuffer>;
+                };
+                curve: {
+                    _tag: number;
+                    _bytes: Uint8Array<ArrayBuffer>;
+                };
+            };
+            bytes: {
+                _tag: number;
+                _bytes: Uint8Array<ArrayBufferLike>;
+                _padding: number;
+            };
+        };
+        extensions: {
+            _tag: number;
+            _bytes: Uint8Array<ArrayBuffer>;
+        };
+    };
+    /**
+     * Create a Certificate Signing Request (CSR) in ASN.1 DER format.
+     */
+    static createCertificateSigningRequest(crypto: Crypto, key: Key): Promise<Uint8Array<ArrayBufferLike>>;
+    /**
+     * Extract the public key from a Certificate Signing Request (CSR) in ASN.1 DER format.
+     */
+    static getPublicKeyFromCsr(crypto: Crypto, csr: Uint8Array): Promise<Uint8Array<ArrayBufferLike>>;
+}
+//# sourceMappingURL=X509Base.d.ts.map

package/dist/cjs/certificate/kinds/X509Base.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"X509Base.d.ts","sourceRoot":"","sources":["../../../../src/certificate/kinds/X509Base.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAGH,MAAM,EAKN,OAAO,EACP,GAAG,EAMN,MAAM,UAAU,CAAC;AAElB,OAAO,EAA8C,QAAQ,EAAE,MAAM,aAAa,CAAC;AAYnF,OAAO,EAAoD,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAG1G;;;;GAIG;AACH,8BAAsB,QAAQ,CAAC,EAAE,SAAS,eAAe;;gBAIzC,IAAI,EAAE,EAAE,GAAG,QAAQ,CAAC,EAAE,CAAC;IAOnC,IAAI,IAAI,IAAI,QAAQ,CAAC,EAAE,CAAC,CAEvB;IAED,IAAI,QAAQ,YAEX;IAED;;;OAGG;IACH,IAAI,SAAS,IAWY,UAAU,CANlC;IAED;;;OAGG;IACH,IAAI,SAAS,CAAC,SAAS,EAAE,UAAU,EAKlC;IAED;;;OAGG;IACG,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU;IAI1C;;OAEG;IACH,cAAc,IAAI,UAAU,CAAC,eAAe,CAAC;IAiM7C;;OAEG;IACH,SAAS,CAAC,yBAAyB,CAAC,EAChC,YAAY,EACZ,SAAS,EACT,QAAQ,EACR,MAAM,EACN,OAAO,EACP,sBAAsB,EACtB,UAAU,GACb,EAAE,QAAQ,CAAC,EAAE,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAsBf;;OAEG;WACU,+BAA+B,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG;IAerE;;OAEG;WACU,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU;CAqCnE"}

package/dist/cjs/certificate/kinds/X509Base.js ADDED Viewed

@@ -0,0 +1,344 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var X509Base_exports = {};
+__export(X509Base_exports, {
+  X509Base: () => X509Base
+});
+module.exports = __toCommonJS(X509Base_exports);
+var import_general = require("#general");
+var import_types = require("#types");
+var import_common = require("./common.js");
+var import_asn = require("./definitions/asn.js");
+var import_base = require("./definitions/base.js");
+/**
+ * @license
+ * Copyright 2022-2025 Matter.js Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+class X509Base {
+  #signature;
+  #cert;
+  constructor(cert) {
+    this.#cert = cert;
+    if ("signature" in cert) {
+      this.#signature = cert.signature;
+    }
+  }
+  get cert() {
+    return this.#cert;
+  }
+  get isSigned() {
+    return this.#signature !== void 0;
+  }
+  /**
+   * Get the signature of the certificate.
+   * If the certificate is not signed, it throws a CertificateError.
+   */
+  get signature() {
+    if (this.#signature === void 0) {
+      throw new import_common.CertificateError("Certificate is not signed");
+    }
+    return this.#signature;
+  }
+  /**
+   * Set the signature of the certificate.
+   * If the certificate is already signed, it throws a CertificateError.
+   */
+  set signature(signature) {
+    if (this.isSigned) {
+      throw new import_common.CertificateError("Certificate is already signed");
+    }
+    this.#signature = signature;
+  }
+  /**
+   * Sign the certificate using the provided crypto and key.
+   * It throws a CertificateError if the certificate is already signed.
+   */
+  async sign(crypto, key) {
+    this.signature = await crypto.signEcdsa(key, this.asUnsignedAsn1());
+  }
+  /**
+   * Convert the certificate to ASN.1 DER format without signature.
+   */
+  asUnsignedAsn1() {
+    const certBytes = import_general.DerCodec.encode(this.genericBuildAsn1Structure(this.cert));
+    (0, import_common.assertCertificateDerSize)(certBytes);
+    return certBytes;
+  }
+  /**
+   * Convert the subject or issuer field of the certificate to ASN.1 DER format.
+   * Preserve order of keys from original subject and also copy potential custom elements
+   */
+  #subjectOrIssuerToAsn1(data) {
+    const asn = {};
+    Object.entries(data).forEach(([key, value]) => {
+      if (value === void 0) {
+        return;
+      }
+      switch (key) {
+        case "commonName":
+          asn.commonName = import_general.X520.CommonName(value);
+          break;
+        case "sureName":
+          asn.sureName = import_general.X520.SurName(value);
+          break;
+        case "serialNum":
+          asn.serialNum = import_general.X520.SerialNumber(value);
+          break;
+        case "countryName":
+          asn.countryName = import_general.X520.CountryName(value);
+          break;
+        case "localityName":
+          asn.localityName = import_general.X520.LocalityName(value);
+          break;
+        case "stateOrProvinceName":
+          asn.stateOrProvinceName = import_general.X520.StateOrProvinceName(value);
+          break;
+        case "orgName":
+          asn.orgName = import_general.X520.OrganisationName(value);
+          break;
+        case "orgUnitName":
+          asn.orgUnitName = import_general.X520.OrganizationalUnitName(value);
+          break;
+        case "title":
+          asn.title = import_general.X520.Title(value);
+          break;
+        case "name":
+          asn.name = import_general.X520.Name(value);
+          break;
+        case "givenName":
+          asn.givenName = import_general.X520.GivenName(value);
+          break;
+        case "initials":
+          asn.initials = import_general.X520.Initials(value);
+          break;
+        case "genQualifier":
+          asn.genQualifier = import_general.X520.GenerationQualifier(value);
+          break;
+        case "dnQualifier":
+          asn.dnQualifier = import_general.X520.DnQualifier(value);
+          break;
+        case "pseudonym":
+          asn.pseudonym = import_general.X520.Pseudonym(value);
+          break;
+        case "domainComponent":
+          asn.domainComponent = import_general.X520.DomainComponent(value);
+          break;
+        case "nodeId":
+          asn.nodeId = (0, import_asn.NodeId_Matter)(value);
+          break;
+        case "firmwareSigningId":
+          asn.firmwareSigningId = (0, import_asn.FirmwareSigningId_Matter)(value);
+          break;
+        case "icacId":
+          asn.icacId = (0, import_asn.IcacId_Matter)(value);
+          break;
+        case "rcacId":
+          asn.rcacId = (0, import_asn.RcacId_Matter)(value);
+          break;
+        case "fabricId":
+          asn.fabricId = (0, import_asn.FabricId_Matter)(value);
+          break;
+        case "caseAuthenticatedTags":
+          const caseAuthenticatedTags = value;
+          import_types.CaseAuthenticatedTag.validateNocTagList(caseAuthenticatedTags);
+          const cat0 = caseAuthenticatedTags[0];
+          const cat1 = caseAuthenticatedTags[1];
+          const cat2 = caseAuthenticatedTags[2];
+          if (cat0 !== void 0) {
+            asn.caseAuthenticatedTag0 = (0, import_asn.NocCat_Matter)(cat0);
+          }
+          if (cat1 !== void 0) {
+            asn.caseAuthenticatedTag1 = (0, import_asn.NocCat_Matter)(cat1);
+          }
+          if (cat2 !== void 0) {
+            asn.caseAuthenticatedTag2 = (0, import_asn.NocCat_Matter)(cat2);
+          }
+          break;
+        case "vendorId":
+          asn.vendorId = (0, import_asn.VendorId_Matter)(value);
+          break;
+        case "productId":
+          asn.productId = (0, import_asn.ProductId_Matter)(value);
+          break;
+        case "commonNamePs":
+          asn.commonNamePs = import_general.X520.CommonName(value, true);
+          break;
+        case "sureNamePs":
+          asn.sureNamePs = import_general.X520.SurName(value, true);
+          break;
+        case "serialNumPs":
+          asn.serialNumPs = import_general.X520.SerialNumber(value, true);
+          break;
+        case "countryNamePs":
+          asn.countryNamePs = import_general.X520.CountryName(value, true);
+          break;
+        case "localityNamePs":
+          asn.localityNamePs = import_general.X520.LocalityName(value, true);
+          break;
+        case "stateOrProvinceNamePs":
+          asn.stateOrProvinceNamePs = import_general.X520.StateOrProvinceName(value, true);
+          break;
+        case "orgNamePs":
+          asn.orgNamePs = import_general.X520.OrganisationName(value, true);
+          break;
+        case "orgUnitNamePs":
+          asn.orgUnitNamePs = import_general.X520.OrganizationalUnitName(value, true);
+          break;
+        case "titlePs":
+          asn.titlePs = import_general.X520.Title(value, true);
+          break;
+        case "namePs":
+          asn.namePs = import_general.X520.Name(value, true);
+          break;
+        case "givenNamePs":
+          asn.givenNamePs = import_general.X520.GivenName(value, true);
+          break;
+        case "initialsPs":
+          asn.initialsPs = import_general.X520.Initials(value, true);
+          break;
+        case "genQualifierPs":
+          asn.genQualifierPs = import_general.X520.GenerationQualifier(value, true);
+          break;
+        case "dnQualifierPs":
+          asn.dnQualifierPs = import_general.X520.DnQualifier(value, true);
+          break;
+        case "pseudonymPs":
+          asn.pseudonymPs = import_general.X520.Pseudonym(value, true);
+          break;
+      }
+    });
+    return asn;
+  }
+  /**
+   * Convert the extensions of the certificate to ASN.1 DER format.
+   */
+  #extensionsToAsn1(extensions) {
+    const asn = {};
+    Object.entries(extensions).forEach(([key, value]) => {
+      if (value === void 0) {
+        return;
+      }
+      switch (key) {
+        case "basicConstraints":
+          asn.basicConstraints = import_general.X509.BasicConstraints(value);
+          break;
+        case "keyUsage":
+          asn.keyUsage = import_general.X509.KeyUsage(
+            import_base.ExtensionKeyUsageSchema.encode(
+              value
+            )
+          );
+          break;
+        case "extendedKeyUsage":
+          asn.extendedKeyUsage = import_general.X509.ExtendedKeyUsage(value);
+          break;
+        case "subjectKeyIdentifier":
+          asn.subjectKeyIdentifier = import_general.X509.SubjectKeyIdentifier(value);
+          break;
+        case "authorityKeyIdentifier":
+          asn.authorityKeyIdentifier = import_general.X509.AuthorityKeyIdentifier(value);
+          break;
+        case "futureExtension":
+          asn.futureExtension = (0, import_general.RawBytes)(import_general.Bytes.concat(...value ?? []));
+          break;
+      }
+    });
+    return asn;
+  }
+  /**
+   * Build the ASN.1 DER structure for the certificate.
+   */
+  genericBuildAsn1Structure({
+    serialNumber,
+    notBefore,
+    notAfter,
+    issuer,
+    subject,
+    ellipticCurvePublicKey,
+    extensions
+  }) {
+    const {
+      basicConstraints: { isCa, pathLen }
+    } = extensions;
+    if (!isCa && pathLen !== void 0) {
+      throw new import_common.CertificateError("Path length must be undefined for non-CA certificates.");
+    }
+    return {
+      version: (0, import_general.ContextTagged)(0, 2),
+      // v3
+      serialNumber: (0, import_general.DatatypeOverride)(import_general.DerType.Integer, serialNumber),
+      signatureAlgorithm: import_general.X962.EcdsaWithSHA256,
+      issuer: this.#subjectOrIssuerToAsn1(issuer),
+      validity: {
+        notBefore: (0, import_asn.matterToJsDate)(notBefore),
+        notAfter: (0, import_asn.matterToJsDate)(notAfter)
+      },
+      subject: this.#subjectOrIssuerToAsn1(subject),
+      publicKey: import_general.X962.PublicKeyEcPrime256v1(ellipticCurvePublicKey),
+      extensions: (0, import_general.ContextTagged)(3, this.#extensionsToAsn1(extensions))
+    };
+  }
+  /**
+   * Create a Certificate Signing Request (CSR) in ASN.1 DER format.
+   */
+  static async createCertificateSigningRequest(crypto, key) {
+    const request = {
+      version: 0,
+      subject: { organization: import_general.X520.OrganisationName("CSR") },
+      publicKey: import_general.X962.PublicKeyEcPrime256v1(key.publicKey),
+      endSignedBytes: (0, import_general.ContextTagged)(0)
+    };
+    return import_general.DerCodec.encode({
+      request,
+      signAlgorithm: import_general.X962.EcdsaWithSHA256,
+      signature: (0, import_general.DerBitString)(await crypto.signEcdsa(key, import_general.DerCodec.encode(request), "der"))
+    });
+  }
+  /**
+   * Extract the public key from a Certificate Signing Request (CSR) in ASN.1 DER format.
+   */
+  static async getPublicKeyFromCsr(crypto, csr) {
+    const { [import_general.DerKey.Elements]: rootElements } = import_general.DerCodec.decode(csr);
+    if (rootElements?.length !== 3) throw new import_common.CertificateError("Invalid CSR data");
+    const [requestNode, signAlgorithmNode, signatureNode] = rootElements;
+    const { [import_general.DerKey.Elements]: requestElements } = requestNode;
+    if (requestElements?.length !== 4) throw new import_common.CertificateError("Invalid CSR data");
+    const [versionNode, _subjectNode, publicKeyNode] = requestElements;
+    const requestVersion = versionNode[import_general.DerKey.Bytes][0];
+    if (requestVersion !== 0) throw new import_common.CertificateError(`Unsupported request version ${requestVersion}`);
+    const { [import_general.DerKey.Elements]: publicKeyElements } = publicKeyNode;
+    if (publicKeyElements?.length !== 2) throw new import_common.CertificateError("Invalid CSR data");
+    const [_publicKeyTypeNode, publicKeyBytesNode] = publicKeyElements;
+    const publicKey = publicKeyBytesNode[import_general.DerKey.Bytes];
+    if (signAlgorithmNode[import_general.DerKey.Elements]?.[0]?.[import_general.DerKey.Bytes] === void 0 || !import_general.Bytes.areEqual(
+      import_general.X962.EcdsaWithSHA256[import_general.DerKey.ObjectId][import_general.DerKey.Bytes],
+      signAlgorithmNode[import_general.DerKey.Elements]?.[0]?.[import_general.DerKey.Bytes]
+    ))
+      throw new import_common.CertificateError("Unsupported signature type");
+    await crypto.verifyEcdsa(
+      (0, import_general.PublicKey)(publicKey),
+      import_general.DerCodec.encode(requestNode),
+      signatureNode[import_general.DerKey.Bytes],
+      "der"
+    );
+    return publicKey;
+  }
+}
+//# sourceMappingURL=X509Base.js.map

package/dist/cjs/certificate/kinds/X509Base.js.map ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/certificate/kinds/X509Base.ts"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,qBAeO;AACP,mBAA2F;AAC3F,oBAAqE;AACrE,iBAUO;AACP,kBAAkF;AAnClF;AAAA;AAAA;AAAA;AAAA;AA2CO,MAAe,SAAqC;AAAA,EACvD;AAAA,EACA;AAAA,EAEA,YAAY,MAAyB;AACjC,SAAK,QAAQ;AACb,QAAI,eAAe,MAAM;AACrB,WAAK,aAAa,KAAK;AAAA,IAC3B;AAAA,EACJ;AAAA,EAEA,IAAI,OAAqB;AACrB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,WAAW;AACX,WAAO,KAAK,eAAe;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,IAAI,YAAY;AACZ,QAAI,KAAK,eAAe,QAAW;AAC/B,YAAM,IAAI,+BAAiB,2BAA2B;AAAA,IAC1D;AACA,WAAO,KAAK;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,IAAI,UAAU,WAAuB;AACjC,QAAI,KAAK,UAAU;AACf,YAAM,IAAI,+BAAiB,+BAA+B;AAAA,IAC9D;AACA,SAAK,aAAa;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,KAAK,QAAgB,KAAiB;AACxC,SAAK,YAAY,MAAM,OAAO,UAAU,KAAK,KAAK,eAAe,CAAC;AAAA,EACtE;AAAA;AAAA;AAAA;AAAA,EAKA,iBAA8C;AAC1C,UAAM,YAAY,wBAAS,OAAO,KAAK,0BAA0B,KAAK,IAAI,CAAC;AAC3E,gDAAyB,SAAS;AAClC,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,uBAAuB,MAAgC;AACnD,UAAM,MAAM,CAAC;AACb,WAAO,QAAQ,IAAI,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAC3C,UAAI,UAAU,QAAW;AACrB;AAAA,MACJ;AACA,cAAQ,KAAK;AAAA,QACT,KAAK;AACD,cAAI,aAAa,oBAAK,WAAW,KAAe;AAChD;AAAA,QACJ,KAAK;AACD,cAAI,WAAW,oBAAK,QAAQ,KAAe;AAC3C;AAAA,QACJ,KAAK;AACD,cAAI,YAAY,oBAAK,aAAa,KAAe;AACjD;AAAA,QACJ,KAAK;AACD,cAAI,cAAc,oBAAK,YAAY,KAAe;AAClD;AAAA,QACJ,KAAK;AACD,cAAI,eAAe,oBAAK,aAAa,KAAe;AACpD;AAAA,QACJ,KAAK;AACD,cAAI,sBAAsB,oBAAK,oBAAoB,KAAe;AAClE;AAAA,QACJ,KAAK;AACD,cAAI,UAAU,oBAAK,iBAAiB,KAAe;AACnD;AAAA,QACJ,KAAK;AACD,cAAI,cAAc,oBAAK,uBAAuB,KAAe;AAC7D;AAAA,QACJ,KAAK;AACD,cAAI,QAAQ,oBAAK,MAAM,KAAe;AACtC;AAAA,QACJ,KAAK;AACD,cAAI,OAAO,oBAAK,KAAK,KAAe;AACpC;AAAA,QACJ,KAAK;AACD,cAAI,YAAY,oBAAK,UAAU,KAAe;AAC9C;AAAA,QACJ,KAAK;AACD,cAAI,WAAW,oBAAK,SAAS,KAAe;AAC5C;AAAA,QACJ,KAAK;AACD,cAAI,eAAe,oBAAK,oBAAoB,KAAe;AAC3D;AAAA,QACJ,KAAK;AACD,cAAI,cAAc,oBAAK,YAAY,KAAe;AAClD;AAAA,QACJ,KAAK;AACD,cAAI,YAAY,oBAAK,UAAU,KAAe;AAC9C;AAAA,QACJ,KAAK;AACD,cAAI,kBAAkB,oBAAK,gBAAgB,KAAe;AAC1D;AAAA,QACJ,KAAK;AACD,cAAI,aAAS,0BAAc,KAAe;AAC1C;AAAA,QACJ,KAAK;AACD,cAAI,wBAAoB,qCAAyB,KAAe;AAChE;AAAA,QACJ,KAAK;AACD,cAAI,aAAS,0BAAc,KAAwB;AACnD;AAAA,QACJ,KAAK;AACD,cAAI,aAAS,0BAAc,KAAwB;AACnD;AAAA,QACJ,KAAK;AACD,cAAI,eAAW,4BAAgB,KAAiB;AAChD;AAAA,QACJ,KAAK;AAID,gBAAM,wBAAwB;AAC9B,4CAAqB,mBAAmB,qBAAqB;AAE7D,gBAAM,OAAO,sBAAsB,CAAC;AACpC,gBAAM,OAAO,sBAAsB,CAAC;AACpC,gBAAM,OAAO,sBAAsB,CAAC;AACpC,cAAI,SAAS,QAAW;AACpB,gBAAI,4BAAwB,0BAAc,IAAI;AAAA,UAClD;AACA,cAAI,SAAS,QAAW;AACpB,gBAAI,4BAAwB,0BAAc,IAAI;AAAA,UAClD;AACA,cAAI,SAAS,QAAW;AACpB,gBAAI,4BAAwB,0BAAc,IAAI;AAAA,UAClD;AACA;AAAA,QACJ,KAAK;AACD,cAAI,eAAW,4BAAgB,KAAiB;AAChD;AAAA,QACJ,KAAK;AACD,cAAI,gBAAY,6BAAiB,KAAe;AAChD;AAAA,QACJ,KAAK;AACD,cAAI,eAAe,oBAAK,WAAW,OAAiB,IAAI;AACxD;AAAA,QACJ,KAAK;AACD,cAAI,aAAa,oBAAK,QAAQ,OAAiB,IAAI;AACnD;AAAA,QACJ,KAAK;AACD,cAAI,cAAc,oBAAK,aAAa,OAAiB,IAAI;AACzD;AAAA,QACJ,KAAK;AACD,cAAI,gBAAgB,oBAAK,YAAY,OAAiB,IAAI;AAC1D;AAAA,QACJ,KAAK;AACD,cAAI,iBAAiB,oBAAK,aAAa,OAAiB,IAAI;AAC5D;AAAA,QACJ,KAAK;AACD,cAAI,wBAAwB,oBAAK,oBAAoB,OAAiB,IAAI;AAC1E;AAAA,QACJ,KAAK;AACD,cAAI,YAAY,oBAAK,iBAAiB,OAAiB,IAAI;AAC3D;AAAA,QACJ,KAAK;AACD,cAAI,gBAAgB,oBAAK,uBAAuB,OAAiB,IAAI;AACrE;AAAA,QACJ,KAAK;AACD,cAAI,UAAU,oBAAK,MAAM,OAAiB,IAAI;AAC9C;AAAA,QACJ,KAAK;AACD,cAAI,SAAS,oBAAK,KAAK,OAAiB,IAAI;AAC5C;AAAA,QACJ,KAAK;AACD,cAAI,cAAc,oBAAK,UAAU,OAAiB,IAAI;AACtD;AAAA,QACJ,KAAK;AACD,cAAI,aAAa,oBAAK,SAAS,OAAiB,IAAI;AACpD;AAAA,QACJ,KAAK;AACD,cAAI,iBAAiB,oBAAK,oBAAoB,OAAiB,IAAI;AACnE;AAAA,QACJ,KAAK;AACD,cAAI,gBAAgB,oBAAK,YAAY,OAAiB,IAAI;AAC1D;AAAA,QACJ,KAAK;AACD,cAAI,cAAc,oBAAK,UAAU,OAAiB,IAAI;AACtD;AAAA,MACR;AAAA,IACJ,CAAC;AACD,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA,EAKA,kBAAkB,YAAkC;AAChD,UAAM,MAAM,CAAC;AACb,WAAO,QAAQ,UAAU,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AACjD,UAAI,UAAU,QAAW;AACrB;AAAA,MACJ;AACA,cAAQ,KAAK;AAAA,QACT,KAAK;AACD,cAAI,mBAAmB,oBAAK,iBAAiB,KAAK;AAClD;AAAA,QACJ,KAAK;AACD,cAAI,WAAW,oBAAK;AAAA,YAChB,oCAAwB;AAAA,cACpB;AAAA,YACJ;AAAA,UACJ;AACA;AAAA,QACJ,KAAK;AACD,cAAI,mBAAmB,oBAAK,iBAAiB,KAA6B;AAC1E;AAAA,QACJ,KAAK;AACD,cAAI,uBAAuB,oBAAK,qBAAqB,KAAmB;AACxE;AAAA,QACJ,KAAK;AACD,cAAI,yBAAyB,oBAAK,uBAAuB,KAAmB;AAC5E;AAAA,QACJ,KAAK;AACD,cAAI,sBAAkB,yBAAS,qBAAM,OAAO,GAAK,SAAsC,CAAC,CAAE,CAAC;AAC3F;AAAA,MACR;AAAA,IACJ,CAAC;AACD,WAAO;AAAA,EACX;AAAA;AAAA;AAAA;AAAA,EAKU,0BAA0B;AAAA,IAChC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ,GAAiB;AACb,UAAM;AAAA,MACF,kBAAkB,EAAE,MAAM,QAAQ;AAAA,IACtC,IAAI;AACJ,QAAI,CAAC,QAAQ,YAAY,QAAW;AAChC,YAAM,IAAI,+BAAiB,wDAAwD;AAAA,IACvF;AACA,WAAO;AAAA,MACH,aAAS,8BAAc,GAAG,CAAC;AAAA;AAAA,MAC3B,kBAAc,iCAAiB,uBAAQ,SAAS,YAAY;AAAA,MAC5D,oBAAoB,oBAAK;AAAA,MACzB,QAAQ,KAAK,uBAAuB,MAAM;AAAA,MAC1C,UAAU;AAAA,QACN,eAAW,2BAAe,SAAS;AAAA,QACnC,cAAU,2BAAe,QAAQ;AAAA,MACrC;AAAA,MACA,SAAS,KAAK,uBAAuB,OAAO;AAAA,MAC5C,WAAW,oBAAK,sBAAsB,sBAAsB;AAAA,MAC5D,gBAAY,8BAAc,GAAG,KAAK,kBAAkB,UAAU,CAAC;AAAA,IACnE;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,gCAAgC,QAAgB,KAAU;AACnE,UAAM,UAAU;AAAA,MACZ,SAAS;AAAA,MACT,SAAS,EAAE,cAAc,oBAAK,iBAAiB,KAAK,EAAE;AAAA,MACtD,WAAW,oBAAK,sBAAsB,IAAI,SAAS;AAAA,MACnD,oBAAgB,8BAAc,CAAC;AAAA,IACnC;AAEA,WAAO,wBAAS,OAAO;AAAA,MACnB;AAAA,MACA,eAAe,oBAAK;AAAA,MACpB,eAAW,6BAAa,MAAM,OAAO,UAAU,KAAK,wBAAS,OAAO,OAAO,GAAG,KAAK,CAAC;AAAA,IACxF,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,oBAAoB,QAAgB,KAAiB;AAC9D,UAAM,EAAE,CAAC,sBAAO,QAAQ,GAAG,aAAa,IAAI,wBAAS,OAAO,GAAG;AAC/D,QAAI,cAAc,WAAW,EAAG,OAAM,IAAI,+BAAiB,kBAAkB;AAC7E,UAAM,CAAC,aAAa,mBAAmB,aAAa,IAAI;AAGxD,UAAM,EAAE,CAAC,sBAAO,QAAQ,GAAG,gBAAgB,IAAI;AAC/C,QAAI,iBAAiB,WAAW,EAAG,OAAM,IAAI,+BAAiB,kBAAkB;AAChF,UAAM,CAAC,aAAa,cAAc,aAAa,IAAI;AACnD,UAAM,iBAAiB,YAAY,sBAAO,KAAK,EAAE,CAAC;AAClD,QAAI,mBAAmB,EAAG,OAAM,IAAI,+BAAiB,+BAA+B,cAAc,EAAE;AAGpG,UAAM,EAAE,CAAC,sBAAO,QAAQ,GAAG,kBAAkB,IAAI;AACjD,QAAI,mBAAmB,WAAW,EAAG,OAAM,IAAI,+BAAiB,kBAAkB;AAClF,UAAM,CAAC,oBAAoB,kBAAkB,IAAI;AAEjD,UAAM,YAAY,mBAAmB,sBAAO,KAAK;AAGjD,QACI,kBAAkB,sBAAO,QAAQ,IAAI,CAAC,IAAI,sBAAO,KAAK,MAAM,UAC5D,CAAC,qBAAM;AAAA,MACH,oBAAK,gBAAgB,sBAAO,QAAQ,EAAE,sBAAO,KAAK;AAAA,MAClD,kBAAkB,sBAAO,QAAQ,IAAI,CAAC,IAAI,sBAAO,KAAK;AAAA,IAC1D;AAEA,YAAM,IAAI,+BAAiB,4BAA4B;AAC3D,UAAM,OAAO;AAAA,UACT,0BAAU,SAAS;AAAA,MACnB,wBAAS,OAAO,WAAW;AAAA,MAC3B,cAAc,sBAAO,KAAK;AAAA,MAC1B;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AACJ;",
+  "names": []
+}

package/dist/cjs/certificate/kinds/common.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+/**
+ * @license
+ * Copyright 2022-2025 Matter.js Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { MatterError } from "#general";
+/**
+ * Matter specific Certificate Sizes
+ * @see {@link MatterSpecification.v13.Core} 6.1.3.
+ */
+export declare const MAX_DER_CERTIFICATE_SIZE = 600;
+export declare class CertificateError extends MatterError {
+}
+export type Unsigned<Type> = {
+    [Property in keyof Type as Exclude<Property, "signature">]: Type[Property];
+};
+export declare function assertCertificateDerSize(certBytes: Uint8Array): void;
+//# sourceMappingURL=common.d.ts.map

package/dist/cjs/certificate/kinds/common.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"common.d.ts","sourceRoot":"","sources":["../../../../src/certificate/kinds/common.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAuB,WAAW,EAAE,MAAM,UAAU,CAAC;AAE5D;;;GAGG;AACH,eAAO,MAAM,wBAAwB,MAAM,CAAC;AAE5C,qBAAa,gBAAiB,SAAQ,WAAW;CAAG;AAEpD,MAAM,MAAM,QAAQ,CAAC,IAAI,IAAI;KAAG,QAAQ,IAAI,MAAM,IAAI,IAAI,OAAO,CAAC,QAAQ,EAAE,WAAW,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC;CAAE,CAAC;AAE5G,wBAAgB,wBAAwB,CAAC,SAAS,EAAE,UAAU,QAM7D"}

package/dist/cjs/certificate/kinds/common.js ADDED Viewed

@@ -0,0 +1,42 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var common_exports = {};
+__export(common_exports, {
+  CertificateError: () => CertificateError,
+  MAX_DER_CERTIFICATE_SIZE: () => MAX_DER_CERTIFICATE_SIZE,
+  assertCertificateDerSize: () => assertCertificateDerSize
+});
+module.exports = __toCommonJS(common_exports);
+var import_general = require("#general");
+/**
+ * @license
+ * Copyright 2022-2025 Matter.js Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+const MAX_DER_CERTIFICATE_SIZE = 600;
+class CertificateError extends import_general.MatterError {
+}
+function assertCertificateDerSize(certBytes) {
+  if (certBytes.length > MAX_DER_CERTIFICATE_SIZE) {
+    throw new import_general.ImplementationError(
+      `Certificate to generate is too big: ${certBytes.length} bytes instead of max ${MAX_DER_CERTIFICATE_SIZE} bytes`
+    );
+  }
+}
+//# sourceMappingURL=common.js.map

package/dist/cjs/certificate/kinds/common.js.map ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/certificate/kinds/common.ts"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAKA,qBAAiD;AALjD;AAAA;AAAA;AAAA;AAAA;AAWO,MAAM,2BAA2B;AAEjC,MAAM,yBAAyB,2BAAY;AAAC;AAI5C,SAAS,yBAAyB,WAAuB;AAC5D,MAAI,UAAU,SAAS,0BAA0B;AAC7C,UAAM,IAAI;AAAA,MACN,uCAAuC,UAAU,MAAM,yBAAyB,wBAAwB;AAAA,IAC5G;AAAA,EACJ;AACJ;",
+  "names": []
+}