@pkistudio/asn1defsifter 0.1.0

package/dist/pki-report-CX5tXXqU.js

@@ -0,0 +1,688 @@
+import { parseAsn1Definition as z } from "@pkistudio/asn1instancebuilder";
+import $ from "@pkistudio/pkistudiojs/core";
+import H from "@pkistudio/pkistudiojs/oid-resolver";
+const J = /* @__PURE__ */ new Map([
+  [1, "BOOLEAN"],
+  [2, "INTEGER"],
+  [3, "BIT STRING"],
+  [4, "OCTET STRING"],
+  [5, "NULL"],
+  [6, "OBJECT IDENTIFIER"],
+  [12, "UTF8String"],
+  [16, "SEQUENCE"],
+  [17, "SET"],
+  [19, "PrintableString"],
+  [22, "IA5String"],
+  [23, "UTCTime"],
+  [24, "GeneralizedTime"]
+]);
+function O(e) {
+  return e.tagName ? e.tagName : e.tagClass === "universal" ? J.get(e.tagNumber) ?? `UNIVERSAL ${e.tagNumber}` : `${e.tagClass.toUpperCase()} ${e.tagNumber}`;
+}
+function X(e) {
+  return `${e.tagClass}:${e.tagNumber}:${e.constructed ? "constructed" : "primitive"}`;
+}
+function R(e) {
+  switch (e) {
+    case "boolean":
+      return 1;
+    case "integer":
+    case "enumerated":
+      return e === "integer" ? 2 : 10;
+    case "bitString":
+      return 3;
+    case "octetString":
+      return 4;
+    case "null":
+      return 5;
+    case "objectIdentifier":
+      return 6;
+    case "utf8String":
+      return 12;
+    case "printableString":
+      return 19;
+    case "ia5String":
+      return 22;
+    case "utcTime":
+      return 23;
+    case "generalizedTime":
+      return 24;
+    default:
+      return;
+  }
+}
+function _(e, i) {
+  return [x(e, "$", i)];
+}
+function x(e, i, t) {
+  const n = t == null ? void 0 : t.matchedPaths.find((s) => s.nodePath === i), r = W(n == null ? void 0 : n.schemaPath, t == null ? void 0 : t.typeName);
+  return {
+    id: e.id,
+    tagName: O(e),
+    ...r,
+    schemaPath: n == null ? void 0 : n.schemaPath,
+    start: e.start,
+    end: e.end,
+    children: (e.children ?? []).map((s, a) => x(s, `${i}.${a}`, t))
+  };
+}
+function W(e, i) {
+  if (!e) return {};
+  const t = e.split(".").map((s) => s.replace(/\[\]$/, "")).filter((s) => s.length > 0 && !/^\[\d+\]$/.test(s)), n = [...t].reverse().find((s) => /^[a-z]/.test(s)), r = [...t].reverse().find((s) => s !== n && s !== i && /^[A-Z]/.test(s)) ?? (t.length === 1 ? t[0] : void 0);
+  return {
+    ...r ? { asn1Type: r } : {},
+    ...n ? { fieldName: n } : {}
+  };
+}
+function D(e) {
+  return Array.isArray(e) ? { modules: e } : "modules" in e ? e : { modules: [e] };
+}
+function Y(e) {
+  return D(e).modules.flatMap((t) => t.types.map((n) => ({ module: t, definition: n })));
+}
+function Z(e, i, t, n, r = "$") {
+  const s = { schema: t, evidence: [], diagnostics: [], ambiguities: [], matchedPaths: [] }, a = E(e, i, s, n, r);
+  return {
+    score: a,
+    possible: a > 0,
+    evidence: s.evidence,
+    diagnostics: s.diagnostics,
+    ambiguities: s.ambiguities,
+    matchedPaths: s.matchedPaths
+  };
+}
+function E(e, i, t, n, r) {
+  if (i.kind === "defined") {
+    const s = V(t.schema, i.typeName);
+    return s ? E(e, s, t, `${n}.${i.typeName}`, r) : (d(t, "warning", n, `Defined type ${i.typeName} is not available in module ${t.schema.name}.`), 0.15);
+  }
+  return i.kind === "tagged" ? te(e, i, t, n, r) : i.kind === "sequence" ? ie(e, i.fields, t, n, r, 16, "SEQUENCE") : i.kind === "set" ? re(e, i.fields, t, n, r) : i.kind === "choice" ? se(e, i.alternatives, t, n, r) : i.kind === "sequenceOf" ? y(e, i.elementType, t, n, r, 16, "SEQUENCE OF") : i.kind === "setOf" ? y(e, i.elementType, t, n, r, 17, "SET OF") : ee(e, i.kind, t, n, r);
+}
+function ee(e, i, t, n, r) {
+  const s = R(i);
+  return s === void 0 ? (d(t, "warning", n, `Primitive type ${i} is not supported by the current matcher.`), 0.2) : e.tagClass !== "universal" || e.tagNumber !== s ? (d(t, "error", r, `Expected ${i}, found ${h(e)}.`), 0) : (i === "objectIdentifier" && e.oid ? (g(t, r, `Node matches objectIdentifier with value ${e.oid}.`), e.oidName && g(t, r, `OID ${e.oid} resolves to ${e.oidName}.`)) : g(t, r, `Node matches ${i}.`), T(t, r, n), e.constructed ? 0.7 : 1);
+}
+function te(e, i, t, n, r) {
+  var u;
+  if (e.tagClass !== "context" || e.tagNumber !== i.tag.number)
+    return d(t, "error", r, `Expected context-specific tag [${i.tag.number}], found ${h(e)}.`), 0;
+  if (g(t, r, `Context-specific tag [${i.tag.number}] matches ${i.tag.mode} tagging.`), T(t, r, n), i.tag.mode === "explicit") {
+    const c = (u = e.children) == null ? void 0 : u[0];
+    return c ? 0.25 + 0.75 * E(c, i.type, t, `${n}.[${i.tag.number}]`, `${r}.0`) : (d(t, "error", r, "Expected explicitly tagged content, but the node has no child."), 0.45);
+  }
+  const s = P(i.type, t.schema);
+  if (s === void 0)
+    return t.ambiguities.push(`Implicit tag ${n} matched [${i.tag.number}], but the underlying universal tag could not be inferred.`), 0.65;
+  const a = { ...e, tagClass: "universal", tagNumber: s };
+  return 0.25 + 0.75 * E(a, i.type, t, n, r);
+}
+function ie(e, i, t, n, r, s, a) {
+  if (e.tagClass !== "universal" || e.tagNumber !== s || !e.constructed)
+    return d(t, "error", r, `Expected ${a}, found ${h(e)}.`), 0;
+  const u = e.children ?? [];
+  let c = 0, o = 0, l = 0;
+  g(t, r, `Root node matches ${a}.`), T(t, r, n);
+  for (const m of i) {
+    if (!u[c]) {
+      if (m.optional || m.defaultValue !== void 0) {
+        g(t, r, `Field ${m.name} is absent and allowed by OPTIONAL or DEFAULT.`), d(t, "info", `${n}.${m.name}`, `Field ${m.name} is absent and allowed by OPTIONAL or DEFAULT.`), o += I(m), l += 1;
+        continue;
+      }
+      d(t, "error", `${n}.${m.name}`, `Required field ${m.name} is missing.`), l += 1;
+      continue;
+    }
+    const S = ne(u, c, m, t, n, r);
+    if (S.score === 0 && (m.optional || m.defaultValue !== void 0)) {
+      g(t, `${n}.${m.name}`, `Field ${m.name} may be omitted.`), d(t, "info", `${n}.${m.name}`, `Field ${m.name} is absent and allowed by OPTIONAL or DEFAULT.`), o += I(m), l += 1;
+      continue;
+    }
+    S.score === 0 && C(t, S.branchState, !0), o += S.score, l += 1, c = S.nextIndex;
+  }
+  c < u.length && d(t, "warning", r, `${u.length - c} unexpected child node(s) remain after matching ${a}.`);
+  const f = l === 0 ? 0.85 : o / l, N = c < u.length ? 0.85 : 1;
+  return (0.25 + 0.75 * f) * N;
+}
+function ne(e, i, t, n, r, s) {
+  const a = e[i], u = `${r}.${t.name}`, c = `${s}.${i}`, o = U(n.schema), l = E(a, t.type, o, u, c);
+  return l > 0 ? (C(n, o), g(n, c, `Field ${t.name} is compatible with the child node.`), { nextIndex: i + 1, score: l, branchState: o }) : { nextIndex: i, score: l, branchState: o };
+}
+function re(e, i, t, n, r) {
+  if (e.tagClass !== "universal" || e.tagNumber !== 17 || !e.constructed)
+    return d(t, "error", r, `Expected SET, found ${h(e)}.`), 0;
+  const s = e.children ?? [], a = new Set(s.map((f, N) => N));
+  let u = 0, c = 0;
+  g(t, r, "Root node matches SET."), T(t, r, n);
+  for (const f of i) {
+    let N;
+    for (const m of a) {
+      const b = U(t.schema), S = E(s[m], f.type, b, `${n}.${f.name}`, `${r}.${m}`);
+      S > 0 && (!N || S > N.score) && (N = { childIndex: m, branchState: b, score: S });
+    }
+    if (N) {
+      a.delete(N.childIndex), C(t, N.branchState), g(t, `${r}.${N.childIndex}`, `SET field ${f.name} is compatible with this child node.`), u += N.score, c += 1;
+      continue;
+    }
+    if (f.optional || f.defaultValue !== void 0) {
+      g(t, r, `SET field ${f.name} is absent and allowed by OPTIONAL or DEFAULT.`), d(t, "info", `${n}.${f.name}`, `SET field ${f.name} is absent and allowed by OPTIONAL or DEFAULT.`), u += I(f), c += 1;
+      continue;
+    }
+    d(t, "error", `${n}.${f.name}`, `Required SET field ${f.name} is missing.`), c += 1;
+  }
+  a.size > 0 && d(t, "warning", r, `${a.size} unexpected child node(s) remain after matching SET.`);
+  const o = c === 0 ? 0.85 : u / c, l = a.size > 0 ? 0.85 : 1;
+  return (0.25 + 0.75 * o) * l;
+}
+function I(e) {
+  return e.optional || e.defaultValue !== void 0 ? 1 : 0;
+}
+function se(e, i, t, n, r) {
+  const s = i.map((c) => {
+    const o = { schema: t.schema, evidence: [], diagnostics: [], ambiguities: [], matchedPaths: [] }, l = E(e, c.type, o, `${n}.${c.name}`, r);
+    return { alternative: c, branchState: o, score: l };
+  }).sort((c, o) => o.score - c.score), a = s[0];
+  if (!a || a.score === 0)
+    return d(t, "error", r, `No CHOICE alternative matched ${n}.`), 0;
+  t.evidence.push(...a.branchState.evidence), t.diagnostics.push(...a.branchState.diagnostics.filter((c) => c.severity !== "error")), t.ambiguities.push(...a.branchState.ambiguities), t.matchedPaths.push(...a.branchState.matchedPaths), g(t, r, `CHOICE alternative ${a.alternative.name} is the strongest match.`);
+  const u = s.filter((c) => c !== a && Math.abs(c.score - a.score) < 0.05 && c.score > 0);
+  return u.length > 0 && t.ambiguities.push(`CHOICE ${n} has similarly scored alternatives: ${u.map((c) => c.alternative.name).join(", ")}.`), a.score;
+}
+function y(e, i, t, n, r, s, a) {
+  if (e.tagClass !== "universal" || e.tagNumber !== s || !e.constructed)
+    return d(t, "error", r, `Expected ${a}, found ${h(e)}.`), 0;
+  const u = e.children ?? [];
+  if (g(t, r, `Node matches ${a} container.`), T(t, r, n), u.length === 0) return 0.85;
+  const c = u.map((o, l) => E(o, i, t, `${n}[]`, `${r}.${l}`));
+  return c.reduce((o, l) => o + l, 0) / c.length;
+}
+function V(e, i) {
+  var t;
+  return (t = e.types.find((n) => n.name === i)) == null ? void 0 : t.type;
+}
+function P(e, i) {
+  if (e.kind === "defined") {
+    const t = V(i, e.typeName);
+    return t ? P(t, i) : void 0;
+  }
+  if (e.kind === "tagged") return e.tag.number;
+  if (e.kind === "sequence" || e.kind === "sequenceOf") return 16;
+  if (e.kind === "set" || e.kind === "setOf") return 17;
+  if (e.kind !== "choice")
+    return R(e.kind);
+}
+function g(e, i, t) {
+  e.evidence.push({ path: i, message: t });
+}
+function d(e, i, t, n) {
+  e.diagnostics.push({ severity: i, path: t, message: n });
+}
+function T(e, i, t) {
+  e.matchedPaths.push({ nodePath: i, schemaPath: t });
+}
+function U(e) {
+  return { schema: e, evidence: [], diagnostics: [], ambiguities: [], matchedPaths: [] };
+}
+function C(e, i, t = !1) {
+  e.evidence.push(...i.evidence), e.diagnostics.push(...i.diagnostics.filter((n) => t || n.severity !== "error")), e.ambiguities.push(...i.ambiguities), e.matchedPaths.push(...i.matchedPaths);
+}
+function h(e) {
+  return `${e.tagClass} tag ${e.tagNumber}`;
+}
+function ce(e) {
+  return Number.isNaN(e) ? 0 : Math.max(0, Math.min(1, Number(e.toFixed(4))));
+}
+function ae(e) {
+  return e >= 0.8 ? "high" : e >= 0.5 ? "medium" : "low";
+}
+function L(e, i) {
+  const t = i.maxResults ?? 20, n = i.minScore ?? Number.MIN_VALUE;
+  return Y(i.schemaCorpus).filter((r) => ue(r, i)).map(({ module: r, definition: s }) => {
+    const a = Z(e, s.type, r, s.name), u = ce(oe(e, r.name, s.name, a.score));
+    return {
+      typeName: s.name,
+      moduleName: r.name,
+      score: u,
+      confidence: ae(u),
+      evidence: a.evidence.map((c) => c.message),
+      diagnostics: a.diagnostics,
+      ambiguities: a.ambiguities,
+      matchedPaths: a.matchedPaths
+    };
+  }).filter((r) => r.score > 0 && r.score >= n).sort((r, s) => s.score - r.score || r.typeName.localeCompare(s.typeName)).slice(0, t);
+}
+function ue(e, i) {
+  const t = i.includeTypes ? new Set(i.includeTypes) : void 0, n = i.excludeTypes ? new Set(i.excludeTypes) : void 0, r = [e.definition.name, `${e.module.name}.${e.definition.name}`];
+  return !(t && !r.some((s) => t.has(s)) || n && r.some((s) => n.has(s)));
+}
+function oe(e, i, t, n) {
+  return i === "PkiComponents" && t === "RSAPublicKey" && !le(e) ? 0 : n;
+}
+function le(e) {
+  const i = e.children ?? [];
+  return e.tagClass === "universal" && e.tagNumber === 16 && e.constructed && i.length === 2 && i.every(me);
+}
+function me(e) {
+  return e.tagClass !== "universal" || e.tagNumber !== 2 || e.constructed ? !1 : !e.valueBytes || e.valueBytes.length === 0 ? !0 : (e.valueBytes[0] & 128) === 0 && e.valueBytes.some((i) => i !== 0);
+}
+function fe(e, i) {
+  const t = L(e, i);
+  return t.map((n) => ({
+    rootType: n.typeName,
+    moduleName: n.moduleName,
+    score: n.score,
+    confidence: n.confidence,
+    evidence: n.evidence,
+    diagnostics: n.diagnostics,
+    annotatedTree: _(e, n),
+    alternatives: t.filter((r) => r !== n)
+  }));
+}
+function de(e) {
+  var r;
+  const i = e.children ?? [], t = F(e), n = w(e);
+  return {
+    tagClass: e.tagClass,
+    tagNumber: e.tagNumber,
+    constructed: e.constructed,
+    tagName: O(e),
+    childCount: i.length,
+    childTagSequence: i.map(X),
+    oidValues: t,
+    oidNames: n,
+    primitiveValueKind: ge(e),
+    valueLength: (r = e.valueBytes) == null ? void 0 : r.length
+  };
+}
+function F(e) {
+  const i = e.oid ? [e.oid] : [], t = (e.children ?? []).flatMap(F);
+  return [...i, ...t];
+}
+function w(e) {
+  const i = e.oidName ? [e.oidName] : [], t = (e.children ?? []).flatMap(w);
+  return [...i, ...t];
+}
+function ge(e) {
+  if (!e.constructed && e.tagClass === "universal")
+    switch (e.tagNumber) {
+      case 1:
+        return "boolean";
+      case 2:
+        return "integer";
+      case 3:
+        return "bitString";
+      case 4:
+        return "octetString";
+      case 5:
+        return "null";
+      case 6:
+        return "objectIdentifier";
+      case 10:
+        return "enumerated";
+      case 12:
+        return "utf8String";
+      case 19:
+        return "printableString";
+      case 22:
+        return "ia5String";
+      case 23:
+        return "utcTime";
+      case 24:
+        return "generalizedTime";
+      default:
+        return;
+    }
+}
+function Ne(e) {
+  const i = Array.isArray(e) ? e : [e];
+  return D(i.map((t) => z(t)));
+}
+async function Se(e, i) {
+  return ($.parseInput(e, i).nodes ?? []).map(B);
+}
+function B(e) {
+  var t, n;
+  const i = e.oid ?? e.oidValue ?? Te(e);
+  return {
+    id: e.id,
+    tagClass: Ee(e.tagClass ?? e.className),
+    tagNumber: e.tagNumber ?? e.tag ?? 0,
+    constructed: e.constructed ?? e.isConstructed ?? !!((t = e.children) != null && t.length),
+    tagName: e.tagName,
+    valueBytes: p(e.valueBytes ?? e.contentBytes),
+    encodedBytes: p(e.bytes),
+    value: e.value,
+    oid: i,
+    oidName: i ? he(i) : void 0,
+    children: (n = e.children) == null ? void 0 : n.map(B),
+    start: e.start,
+    end: e.end
+  };
+}
+function Ee(e) {
+  return e === 0 || e === "universal" || e === "UNIVERSAL" ? "universal" : e === 1 || e === "application" || e === "APPLICATION" ? "application" : e === 2 || e === "context" || e === "context-specific" || e === "CONTEXT" ? "context" : e === 3 || e === "private" || e === "PRIVATE" ? "private" : "universal";
+}
+function p(e) {
+  if (e)
+    return e instanceof Uint8Array ? e : new Uint8Array(e);
+}
+function Te(e) {
+  if ((e.tagNumber ?? e.tag) !== 6) return;
+  const i = p(e.valueBytes ?? e.contentBytes);
+  if (!(!i || i.length === 0))
+    return $.decodeOid(i);
+}
+function he(e) {
+  return H.resolve(e) || void 0;
+}
+const be = `PkiComponents DEFINITIONS EXPLICIT TAGS ::= BEGIN
+Version ::= INTEGER { v1(0), v2(1), v3(2) }
+CertificateSerialNumber ::= INTEGER
+AlgorithmIdentifier ::= SEQUENCE {
+  algorithm OBJECT IDENTIFIER,
+  parameters CHOICE { null NULL, namedCurve OBJECT IDENTIFIER } OPTIONAL
+}
+AttributeTypeAndValue ::= SEQUENCE {
+  type OBJECT IDENTIFIER,
+  value DirectoryString
+}
+DirectoryString ::= CHOICE {
+  utf8String UTF8String,
+  printableString PrintableString,
+  ia5String IA5String
+}
+RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
+RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+Name ::= CHOICE {
+  rdnSequence RDNSequence
+}
+Time ::= CHOICE {
+  utcTime UTCTime,
+  generalizedTime GeneralizedTime
+}
+Validity ::= SEQUENCE {
+  notBefore Time,
+  notAfter Time
+}
+SubjectPublicKeyInfo ::= SEQUENCE {
+  algorithm AlgorithmIdentifier,
+  subjectPublicKey BIT STRING
+}
+RSAPublicKey ::= SEQUENCE {
+  modulus INTEGER,
+  publicExponent INTEGER
+}
+DSA-Sig-Value ::= SEQUENCE {
+  r INTEGER,
+  s INTEGER
+}
+ECDSA-Sig-Value ::= SEQUENCE {
+  r INTEGER,
+  s INTEGER
+}
+SignatureValue ::= BIT STRING
+Extension ::= SEQUENCE {
+  extnID OBJECT IDENTIFIER,
+  critical BOOLEAN DEFAULT FALSE,
+  extnValue OCTET STRING
+}
+Extensions ::= SEQUENCE OF Extension
+TBSCertificate ::= SEQUENCE {
+  version [0] EXPLICIT Version DEFAULT v1,
+  serialNumber CertificateSerialNumber,
+  signature AlgorithmIdentifier,
+  issuer Name,
+  validity Validity,
+  subject Name,
+  subjectPublicKeyInfo SubjectPublicKeyInfo,
+  issuerUniqueID [1] IMPLICIT BIT STRING OPTIONAL,
+  subjectUniqueID [2] IMPLICIT BIT STRING OPTIONAL,
+  extensions [3] EXPLICIT Extensions OPTIONAL
+}
+Certificate ::= SEQUENCE {
+  tbsCertificate TBSCertificate,
+  signatureAlgorithm AlgorithmIdentifier,
+  signatureValue SignatureValue
+}
+CertificationRequestInfo ::= SEQUENCE {
+  version INTEGER,
+  subject Name,
+  subjectPKInfo SubjectPublicKeyInfo,
+  attributes [0] IMPLICIT SET OF AttributeTypeAndValue OPTIONAL
+}
+CertificationRequest ::= SEQUENCE {
+  certificationRequestInfo CertificationRequestInfo,
+  signatureAlgorithm AlgorithmIdentifier,
+  signature SignatureValue
+}
+PrivateKeyInfo ::= SEQUENCE {
+  version INTEGER,
+  privateKeyAlgorithm AlgorithmIdentifier,
+  privateKey OCTET STRING,
+  attributes [0] IMPLICIT SET OF AttributeTypeAndValue OPTIONAL
+}
+ContentInfo ::= SEQUENCE {
+  contentType OBJECT IDENTIFIER,
+  content [0] EXPLICIT OCTET STRING OPTIONAL
+}
+END`;
+let v;
+function k() {
+  return v ?? (v = Ne(be)), v;
+}
+const Ie = {
+  components: [
+    "AlgorithmIdentifier",
+    "AttributeTypeAndValue",
+    "DirectoryString",
+    "DSA-Sig-Value",
+    "ECDSA-Sig-Value",
+    "Extension",
+    "Extensions",
+    "Name",
+    "RelativeDistinguishedName",
+    "RDNSequence",
+    "RSAPublicKey",
+    "SignatureValue",
+    "SubjectPublicKeyInfo",
+    "Time",
+    "Validity"
+  ],
+  x509: [
+    "Certificate",
+    "TBSCertificate",
+    "Version",
+    "CertificateSerialNumber",
+    "AlgorithmIdentifier",
+    "DSA-Sig-Value",
+    "ECDSA-Sig-Value",
+    "Name",
+    "Validity",
+    "RSAPublicKey",
+    "SignatureValue",
+    "SubjectPublicKeyInfo",
+    "Extension",
+    "Extensions"
+  ],
+  pkcs10: [
+    "CertificationRequest",
+    "CertificationRequestInfo",
+    "AlgorithmIdentifier",
+    "DSA-Sig-Value",
+    "ECDSA-Sig-Value",
+    "Name",
+    "RSAPublicKey",
+    "SignatureValue",
+    "SubjectPublicKeyInfo",
+    "AttributeTypeAndValue"
+  ],
+  pkcs8: [
+    "PrivateKeyInfo",
+    "AlgorithmIdentifier",
+    "AttributeTypeAndValue"
+  ],
+  cms: [
+    "ContentInfo",
+    "AlgorithmIdentifier"
+  ]
+};
+function pe(e) {
+  const i = Array.isArray(e) ? e : [e];
+  return [...new Set(i.flatMap((t) => Ie[t]))];
+}
+const Ce = /* @__PURE__ */ new Set(["DSA-Sig-Value", "ECDSA-Sig-Value"]);
+async function ye(e, i = {}) {
+  const t = await Se(e, i.parseOptions);
+  return G(t, i);
+}
+function G(e, i = {}) {
+  const t = i.schemaCorpus ?? k(), n = i.maxResults ?? 10, r = i.minScore, s = {
+    schemaCorpus: t,
+    maxResults: n,
+    minScore: r,
+    includeTypes: i.includeTypes,
+    excludeTypes: i.excludeTypes
+  };
+  return {
+    roots: (Array.isArray(e) ? e : [e]).map((u, c) => {
+      const o = K(u, s), l = Ae(o.candidates), f = $e(o.candidates);
+      return {
+        index: c,
+        ...i.includeNodes ? { node: u } : {},
+        ...o,
+        hypotheses: fe(u, s),
+        ...i.includeSubtrees ? { subtrees: ve(u, s, i, l, f) } : {}
+      };
+    })
+  };
+}
+function K(e, i) {
+  const t = L(e, i), n = M(t.flatMap((s) => s.diagnostics)), r = [...new Set(t.flatMap((s) => s.ambiguities))];
+  return {
+    features: de(e),
+    summary: j(t, n, r),
+    candidates: t,
+    diagnostics: n,
+    ambiguities: r
+  };
+}
+function ve(e, i, t, n, r) {
+  const s = t.maxSubtreeDepth ?? 3, a = t.maxSubtreeReports ?? 20, u = [];
+  return q(e, "$", 0, s, a, u, (c, o) => {
+    const l = Oe({
+      path: o,
+      ...t.includeNodes ? { node: c } : {},
+      ...K(c, i)
+    }, n, r);
+    return t.includeEmptySubtrees || l.candidates.length > 0 ? l : void 0;
+  }), u;
+}
+function Ae(e) {
+  const i = /* @__PURE__ */ new Set();
+  for (const t of e)
+    if (!(t.typeName !== "Certificate" && t.typeName !== "CertificationRequest" || t.score < 0.8))
+      for (const n of t.matchedPaths)
+        (n.schemaPath.endsWith(".signatureValue.SignatureValue") || n.schemaPath.endsWith(".signature.SignatureValue")) && i.add(n.nodePath);
+  return i;
+}
+function $e(e) {
+  const i = /* @__PURE__ */ new Set();
+  for (const t of e)
+    if (!(t.score < 0.8))
+      for (const n of t.matchedPaths)
+        n.schemaPath.endsWith(".subjectPublicKey") && i.add(n.nodePath);
+  return i;
+}
+function Oe(e, i, t) {
+  if (i.has(e.path)) return e;
+  const n = A(e.path, i), r = A(e.path, t), s = e.candidates.filter((c) => c.typeName !== "SignatureValue" && !(n && c.typeName === "RSAPublicKey") && !(r && Ce.has(c.typeName)));
+  if (s.length === e.candidates.length) return e;
+  const a = M(s.flatMap((c) => c.diagnostics)), u = [...new Set(s.flatMap((c) => c.ambiguities))];
+  return {
+    ...e,
+    candidates: s,
+    diagnostics: a,
+    ambiguities: u,
+    summary: j(s, a, u)
+  };
+}
+function A(e, i) {
+  for (const t of i)
+    if (e.startsWith(`${t}.`)) return !0;
+  return !1;
+}
+function q(e, i, t, n, r, s, a) {
+  if (!(t >= n || s.length >= r))
+    for (const [u, c] of (e.children ?? []).entries()) {
+      if (s.length >= r) return;
+      const o = `${i}.${u}`, l = a(c, o);
+      l && s.push(l), q(c, o, t + 1, n, r, s, a);
+    }
+}
+function j(e, i, t) {
+  const n = e[0] ? {
+    typeName: e[0].typeName,
+    moduleName: e[0].moduleName,
+    score: e[0].score,
+    confidence: e[0].confidence
+  } : void 0;
+  return {
+    candidateCount: e.length,
+    ...n ? { bestCandidate: n } : {},
+    diagnosticCounts: Re(i),
+    ambiguityCount: t.length
+  };
+}
+function Re(e) {
+  return e.reduce(
+    (i, t) => ({ ...i, [t.severity]: i[t.severity] + 1 }),
+    { info: 0, warning: 0, error: 0 }
+  );
+}
+function M(e) {
+  const i = /* @__PURE__ */ new Set();
+  return e.filter((t) => {
+    const n = `${t.severity}\0${t.path}\0${t.message}`;
+    return i.has(n) ? !1 : (i.add(n), !0);
+  });
+}
+async function Ue(e, i = {}) {
+  return ye(e, Q(i));
+}
+function Le(e, i = {}) {
+  return G(e, Q(i));
+}
+function Q(e) {
+  const { profiles: i, includeTypes: t, ...n } = e;
+  return {
+    ...n,
+    schemaCorpus: k(),
+    includeTypes: xe(i, t)
+  };
+}
+function xe(e, i) {
+  const t = e ? pe(e) : [], n = [.../* @__PURE__ */ new Set([...t, ...i ?? []])];
+  return n.length > 0 ? n : void 0;
+}
+export {
+  ae as a,
+  _ as b,
+  ce as c,
+  ye as d,
+  G as e,
+  Ue as f,
+  Le as g,
+  k as h,
+  D as i,
+  X as j,
+  de as k,
+  L as l,
+  O as m,
+  pe as n,
+  fe as o,
+  Y as p,
+  Z as q,
+  Ne as r,
+  Se as s,
+  be as t,
+  Ie as u,
+  B as v
+};