@ripwords/myinvois-client 0.1.3 → 0.1.4

package/dist/utils/signature-diagnostics.js

@@ -1,326 +0,0 @@
-import { calculateCertificateDigest, calculateDocumentDigest, calculateSignedPropertiesDigest, createSignedProperties, extractCertificateInfo } from "../document-D6VKMAtx.js";
-import crypto from "crypto";
-
-//#region src/utils/signature-diagnostics.ts
-/**
-* Analyzes certificate for MyInvois compatibility issues
-*/
-function analyzeCertificateForDiagnostics(certificatePem) {
-	const issues = [];
-	const recommendations = [];
-	try {
-		const cert = new crypto.X509Certificate(certificatePem);
-		const certInfo = extractCertificateInfo(certificatePem);
-		const parseSubjectFields = (dn) => {
-			const fields = {};
-			dn.split("\n").forEach((line) => {
-				const trimmed = line.trim();
-				if (trimmed.includes("=")) {
-					const [key, ...valueParts] = trimmed.split("=");
-					if (key) fields[key.trim()] = valueParts.join("=").trim();
-				}
-			});
-			return fields;
-		};
-		const subjectFields = parseSubjectFields(cert.subject);
-		const organizationIdentifier = subjectFields["organizationIdentifier"] || subjectFields["2.5.4.97"];
-		const serialNumber = subjectFields["serialNumber"];
-		if (!organizationIdentifier) {
-			issues.push("DS311: Certificate missing organizationIdentifier field (TIN)");
-			recommendations.push("CRITICAL: Generate new certificate with organizationIdentifier matching your MyInvois TIN");
-			recommendations.push("Portal Error: \"Signer of invoice doesn't match the submitter of document. TIN doesn't match with the OI.\"");
-		} else if (organizationIdentifier.length < 10) {
-			issues.push("DS311: OrganizationIdentifier (TIN) appears too short - may cause submission rejection");
-			recommendations.push("Verify TIN format matches exactly what is registered in MyInvois");
-		}
-		if (!serialNumber) {
-			issues.push("DS312: Certificate missing serialNumber field (business registration)");
-			recommendations.push("CRITICAL: Generate new certificate with serialNumber matching your business registration");
-			recommendations.push("Portal Error: \"Submitter registration/identity number doesn't match with the certificate SERIALNUMBER.\"");
-		}
-		if (cert.issuer === cert.subject) {
-			issues.push("DS329: Self-signed certificate detected - will fail chain of trust validation");
-			recommendations.push("BLOCKING: Obtain certificate from MyInvois-approved CA:");
-			recommendations.push("• MSC Trustgate Sdn Bhd");
-			recommendations.push("• DigiCert Sdn Bhd");
-			recommendations.push("• Cybersign Asia Sdn Bhd");
-			recommendations.push("Portal Error: \"Certificate is not valid according to the chain of trust validation or has been issued by an untrusted certificate authority.\"");
-		} else {
-			const issuerName = cert.issuer.toLowerCase();
-			const approvedCAs = [
-				"msc trustgate",
-				"digicert",
-				"cybersign"
-			];
-			const isFromApprovedCA = approvedCAs.some((ca) => issuerName.includes(ca));
-			if (!isFromApprovedCA) {
-				issues.push("DS329: Certificate may not be from MyInvois-approved CA");
-				recommendations.push("Verify certificate was issued by an approved CA for MyInvois");
-			}
-		}
-		const rawIssuer = cert.issuer;
-		const normalizedIssuer = certInfo.issuerName;
-		const normalizedIssuerIssues = [
-			{
-				check: normalizedIssuer.includes("\n"),
-				issue: "Normalized issuer still contains newlines"
-			},
-			{
-				check: normalizedIssuer.includes("  "),
-				issue: "Normalized issuer contains double spaces"
-			},
-			{
-				check: /=\s+/.test(normalizedIssuer),
-				issue: "Normalized issuer has spaces after equals"
-			},
-			{
-				check: /\s+=/.test(normalizedIssuer),
-				issue: "Normalized issuer has spaces before equals"
-			},
-			{
-				check: normalizedIssuer.includes("\r"),
-				issue: "Normalized issuer contains carriage returns"
-			}
-		];
-		const hasActualFormatIssues = normalizedIssuerIssues.some(({ check, issue }) => {
-			if (check) {
-				issues.push(`DS326: ${issue} - will cause X509IssuerName mismatch`);
-				return true;
-			}
-			return false;
-		});
-		const hasRawIssuesButNormalizedOk = rawIssuer.includes("\n") && !normalizedIssuer.includes("\n");
-		if (hasActualFormatIssues) {
-			recommendations.push("CRITICAL: Fix issuer name normalization in signature generation");
-			recommendations.push("Portal Error: \"Certificate X509IssuerName doesn't match the X509IssuerName value provided in the signed properties section.\"");
-			recommendations.push("The normalization function is not properly formatting the issuer name");
-			recommendations.push("Debug: Check document.ts extractCertificateInfo() normalization logic");
-		} else if (hasRawIssuesButNormalizedOk) console.log("ℹ️  Note: Raw certificate issuer has newlines but normalization is handling them correctly");
-		const now = /* @__PURE__ */ new Date();
-		const validFrom = new Date(cert.validFrom);
-		const validTo = new Date(cert.validTo);
-		if (now < validFrom) {
-			issues.push("DS329: Certificate not yet valid (future start date)");
-			recommendations.push("Wait until certificate validity period begins");
-		}
-		if (now > validTo) {
-			issues.push("DS329: Certificate has expired");
-			recommendations.push("BLOCKING: Renew certificate - expired certificates are rejected");
-		}
-		try {
-			if (cert.keyUsage && !cert.keyUsage.includes("digital signature")) {
-				issues.push("DS333: Certificate lacks digitalSignature key usage");
-				recommendations.push("Generate new certificate with digitalSignature key usage enabled");
-			}
-		} catch {
-			console.log("Note: Could not check key usage extensions");
-		}
-		return {
-			organizationIdentifier,
-			serialNumber,
-			issuerName: certInfo.issuerName,
-			subjectName: certInfo.subjectName,
-			issues,
-			recommendations
-		};
-	} catch (error) {
-		issues.push(`Certificate parsing failed: ${error}`);
-		recommendations.push("Verify certificate format and validity");
-		return {
-			issuerName: "",
-			subjectName: "",
-			issues,
-			recommendations
-		};
-	}
-}
-/**
-* Analyzes signature generation for potential issues
-*/
-function analyzeSignatureForDiagnostics(invoices, certificatePem) {
-	const issues = [];
-	const recommendations = [];
-	try {
-		const documentDigest = calculateDocumentDigest(invoices);
-		const certificateDigest = calculateCertificateDigest(certificatePem);
-		const certInfo = extractCertificateInfo(certificatePem);
-		const signingTime = (/* @__PURE__ */ new Date()).toISOString();
-		const signedProperties = createSignedProperties(certificateDigest, signingTime, certInfo.issuerName, certInfo.serialNumber);
-		const signedPropertiesDigest = calculateSignedPropertiesDigest(signedProperties);
-		if (documentDigest.length === 0) {
-			issues.push("DS333: Document digest generation failed");
-			recommendations.push("CRITICAL: Verify document serialization excludes UBLExtensions/Signature");
-			recommendations.push("Portal Error: \"Document signature value is not a valid signature of the document digest using the public key of the certificate provided.\"");
-		}
-		if (certificateDigest.length === 0) {
-			issues.push("DS333: Certificate digest generation failed");
-			recommendations.push("CRITICAL: Verify certificate format and encoding");
-			recommendations.push("Certificate must be properly base64 encoded without headers/footers");
-		}
-		if (signedPropertiesDigest.length === 0) {
-			issues.push("DS333: Signed properties digest generation failed");
-			recommendations.push("CRITICAL: Verify signed properties structure and canonicalization");
-			recommendations.push("Check XML canonicalization (C14N) is applied correctly");
-		}
-		try {
-			const cert = new crypto.X509Certificate(certificatePem);
-			const publicKey = cert.publicKey;
-			const keyDetails = publicKey.asymmetricKeyDetails;
-			if (keyDetails) {
-				if (publicKey.asymmetricKeyType === "rsa" && keyDetails.modulusLength && keyDetails.modulusLength < 2048) {
-					issues.push("DS333: RSA key size too small (minimum 2048 bits required)");
-					recommendations.push("CRITICAL: Generate new certificate with RSA 2048+ bits");
-				}
-				const supportedKeyTypes = ["rsa", "ec"];
-				if (!supportedKeyTypes.includes(publicKey.asymmetricKeyType || "")) {
-					issues.push(`DS333: Unsupported key type: ${publicKey.asymmetricKeyType}`);
-					recommendations.push("CRITICAL: Use RSA or EC key types for MyInvois compatibility");
-				}
-			}
-			const certBuffer = Buffer.from(certificatePem.replace(/-----[^-]+-----/g, "").replace(/\s/g, ""), "base64");
-			if (certBuffer.length === 0) {
-				issues.push("DS333: Certificate encoding appears invalid");
-				recommendations.push("CRITICAL: Verify certificate is properly PEM encoded");
-			}
-		} catch (error) {
-			issues.push(`DS333: Certificate validation failed - ${error}`);
-			recommendations.push("CRITICAL: Verify certificate format and structure are valid");
-		}
-		const isValidBase64 = (str) => {
-			try {
-				return Buffer.from(str, "base64").toString("base64") === str;
-			} catch {
-				return false;
-			}
-		};
-		if (documentDigest && !isValidBase64(documentDigest)) {
-			issues.push("DS333: Document digest is not valid base64 format");
-			recommendations.push("Ensure digest is properly base64 encoded");
-		}
-		if (certificateDigest && !isValidBase64(certificateDigest)) {
-			issues.push("DS333: Certificate digest is not valid base64 format");
-			recommendations.push("Ensure certificate digest is properly base64 encoded");
-		}
-		if (signedPropertiesDigest && !isValidBase64(signedPropertiesDigest)) {
-			issues.push("DS333: Signed properties digest is not valid base64 format");
-			recommendations.push("Ensure signed properties digest is properly base64 encoded");
-		}
-		return {
-			documentDigest,
-			certificateDigest,
-			signedPropertiesDigest,
-			issues,
-			recommendations
-		};
-	} catch (error) {
-		issues.push(`Signature analysis failed: ${error}`);
-		recommendations.push("Review signature generation implementation");
-		return {
-			documentDigest: "",
-			certificateDigest: "",
-			signedPropertiesDigest: "",
-			issues,
-			recommendations
-		};
-	}
-}
-/**
-* Comprehensive signature diagnostics
-*/
-function diagnoseSignatureIssues(invoices, certificatePem) {
-	const certificateAnalysis = analyzeCertificateForDiagnostics(certificatePem);
-	const signatureAnalysis = analyzeSignatureForDiagnostics(invoices, certificatePem);
-	const certificateIssues = certificateAnalysis.issues.length;
-	const signatureIssues = signatureAnalysis.issues.length;
-	return {
-		certificateAnalysis,
-		signatureAnalysis,
-		summary: {
-			totalIssues: certificateIssues + signatureIssues,
-			certificateIssues,
-			signatureIssues
-		}
-	};
-}
-/**
-* Prints diagnostic results in a formatted way
-*/
-function printDiagnostics(result) {
-	console.log("\n🔍 MyInvois Signature Diagnostics Report");
-	console.log("=".repeat(60));
-	console.log("\n📜 CERTIFICATE ANALYSIS");
-	console.log("-".repeat(30));
-	console.log(`  Issuer: ${result.certificateAnalysis.issuerName}`);
-	console.log(`  Subject: ${result.certificateAnalysis.subjectName}`);
-	if (result.certificateAnalysis.organizationIdentifier) console.log(`  Organization ID (TIN): ${result.certificateAnalysis.organizationIdentifier}`);
-	if (result.certificateAnalysis.serialNumber) console.log(`  Serial Number: ${result.certificateAnalysis.serialNumber}`);
-	if (result.certificateAnalysis.issues.length > 0) {
-		console.log("\n  🚨 Certificate Issues:");
-		result.certificateAnalysis.issues.forEach((issue, index) => {
-			console.log(`    ${index + 1}. ${issue}`);
-		});
-	}
-	if (result.certificateAnalysis.recommendations.length > 0) {
-		console.log("\n  💡 Certificate Recommendations:");
-		result.certificateAnalysis.recommendations.forEach((rec, index) => {
-			console.log(`    ${index + 1}. ${rec}`);
-		});
-	}
-	console.log("\n🔐 SIGNATURE ANALYSIS");
-	console.log("-".repeat(30));
-	console.log(`  Document Digest: ${result.signatureAnalysis.documentDigest.substring(0, 32)}...`);
-	console.log(`  Certificate Digest: ${result.signatureAnalysis.certificateDigest.substring(0, 32)}...`);
-	console.log(`  Signed Properties Digest: ${result.signatureAnalysis.signedPropertiesDigest.substring(0, 32)}...`);
-	if (result.signatureAnalysis.issues.length > 0) {
-		console.log("\n  🚨 Signature Issues:");
-		result.signatureAnalysis.issues.forEach((issue, index) => {
-			console.log(`    ${index + 1}. ${issue}`);
-		});
-	}
-	if (result.signatureAnalysis.recommendations.length > 0) {
-		console.log("\n  💡 Signature Recommendations:");
-		result.signatureAnalysis.recommendations.forEach((rec, index) => {
-			console.log(`    ${index + 1}. ${rec}`);
-		});
-	}
-	console.log("\n📊 SUMMARY");
-	console.log("-".repeat(30));
-	console.log(`  Total Issues Found: ${result.summary.totalIssues}`);
-	console.log(`  Certificate Issues: ${result.summary.certificateIssues}`);
-	console.log(`  Signature Issues: ${result.summary.signatureIssues}`);
-	if (result.summary.totalIssues === 0) {
-		console.log("\n  ✅ No issues detected in current analysis");
-		console.log("  🎉 Certificate and signature implementation appear valid");
-	} else {
-		console.log("\n  ⚠️  Issues detected - review recommendations above");
-		const hasDS311 = result.certificateAnalysis.issues.some((issue) => issue.includes("DS311"));
-		const hasDS312 = result.certificateAnalysis.issues.some((issue) => issue.includes("DS312"));
-		const hasDS326 = result.certificateAnalysis.issues.some((issue) => issue.includes("DS326"));
-		const hasDS329 = result.certificateAnalysis.issues.some((issue) => issue.includes("DS329"));
-		const hasDS333 = result.signatureAnalysis.issues.some((issue) => issue.includes("DS333"));
-		console.log("\n  🎯 MYINVOIS PORTAL ERROR ANALYSIS:");
-		if (hasDS311) console.log("     ❌ DS311 - TIN mismatch between certificate and submitter");
-		if (hasDS312) console.log("     ❌ DS312 - Registration number mismatch with certificate");
-		if (hasDS326) console.log("     ❌ DS326 - X509IssuerName format inconsistency");
-		if (hasDS329) console.log("     ❌ DS329 - Certificate trust chain validation failure");
-		if (hasDS333) console.log("     ❌ DS333 - Document signature validation failure");
-		if (result.summary.certificateIssues > 0) {
-			console.log("\n  🚨 PRIMARY ACTION REQUIRED:");
-			console.log("     Certificate issues must be resolved first");
-			console.log("     Self-generated certificates cannot pass MyInvois validation");
-		}
-		if (result.summary.signatureIssues > 0) {
-			console.log("\n  ⚙️  SECONDARY ACTION:");
-			console.log("     Review and optimize signature implementation");
-		}
-		console.log("\n  📋 NEXT STEPS:");
-		console.log("     1. Address BLOCKING/CRITICAL issues first");
-		console.log("     2. Test with updated certificate/implementation");
-		console.log("     3. Re-run diagnostics to verify fixes");
-		console.log("     4. Submit test document to MyInvois portal");
-	}
-	console.log("\n" + "=".repeat(60));
-}
-
-//#endregion
-export { diagnoseSignatureIssues, printDiagnostics };

package/dist/utils/validation.d.ts

@@ -1,46 +0,0 @@
-import { InvoiceV1_1 } from "../types/documents/index.js";
-
-//#region src/utils/validation.d.ts
-
-/**
-* MyInvois Invoice Validation Utilities
-*
-* Provides comprehensive validation for invoice data before document generation
-* and submission to ensure compliance with MyInvois business rules and format requirements.
-*/
-interface ValidationResult {
-  isValid: boolean;
-  errors: ValidationError[];
-  warnings: ValidationWarning[];
-}
-interface ValidationError {
-  field: string;
-  code: string;
-  message: string;
-  severity: "error" | "warning";
-}
-interface ValidationWarning extends ValidationError {
-  severity: "warning";
-}
-/**
-* Validates TIN format based on registration type
-*/
-declare const validateTIN: (tin: string, registrationType?: string) => ValidationError[];
-/**
-* Validates contact number format (E.164 standard)
-*/
-declare const validateContactNumber: (contactNumber: string) => ValidationError[];
-/**
-* Validates monetary amounts
-*/
-declare const validateMonetaryAmount: (amount: number, fieldName: string, maxDigits?: number, maxDecimals?: number) => ValidationError[];
-/**
-* Validates tax calculation consistency
-*/
-declare const validateTaxCalculations: (invoice: InvoiceV1_1) => ValidationError[];
-/**
-* Main validation function for complete invoice
-*/
-declare const validateInvoice: (invoice: InvoiceV1_1) => ValidationResult;
-//#endregion
-export { ValidationError, ValidationResult, ValidationWarning, validateContactNumber, validateInvoice, validateMonetaryAmount, validateTIN, validateTaxCalculations };

package/dist/utils/validation.js

@@ -1,134 +0,0 @@
-//#region src/utils/validation.ts
-/**
-* Validates TIN format based on registration type
-*/
-const validateTIN = (tin, registrationType) => {
-	const errors = [];
-	if (!tin) {
-		errors.push({
-			field: "tin",
-			code: "TIN_REQUIRED",
-			message: "TIN is required",
-			severity: "error"
-		});
-		return errors;
-	}
-	if (registrationType === "BRN" && !tin.startsWith("C")) errors.push({
-		field: "tin",
-		code: "TIN_FORMAT_INVALID",
-		message: "Company TIN should start with \"C\" for BRN registration",
-		severity: "warning"
-	});
-	if (registrationType === "NRIC" && !tin.startsWith("IG")) errors.push({
-		field: "tin",
-		code: "TIN_FORMAT_INVALID",
-		message: "Individual TIN should start with \"IG\" for NRIC registration",
-		severity: "warning"
-	});
-	if (tin.length > 14) errors.push({
-		field: "tin",
-		code: "TIN_LENGTH_INVALID",
-		message: "TIN cannot exceed 14 characters",
-		severity: "error"
-	});
-	return errors;
-};
-/**
-* Validates contact number format (E.164 standard)
-*/
-const validateContactNumber = (contactNumber) => {
-	const errors = [];
-	if (!contactNumber || contactNumber === "NA") return errors;
-	const e164Regex = /^\+[1-9]\d{1,14}$/;
-	if (!e164Regex.test(contactNumber)) errors.push({
-		field: "contactNumber",
-		code: "CONTACT_FORMAT_INVALID",
-		message: "Contact number must be in E.164 format (e.g., +60123456789)",
-		severity: "error"
-	});
-	if (contactNumber.length < 8) errors.push({
-		field: "contactNumber",
-		code: "CONTACT_LENGTH_INVALID",
-		message: "Contact number must be at least 8 characters",
-		severity: "error"
-	});
-	return errors;
-};
-/**
-* Validates monetary amounts
-*/
-const validateMonetaryAmount = (amount, fieldName, maxDigits = 18, maxDecimals = 2) => {
-	const errors = [];
-	if (amount < 0) errors.push({
-		field: fieldName,
-		code: "AMOUNT_NEGATIVE",
-		message: `${fieldName} cannot be negative`,
-		severity: "error"
-	});
-	const amountStr = amount.toString();
-	const [integerPart, decimalPart] = amountStr.split(".");
-	if (integerPart && integerPart.length > maxDigits - maxDecimals) errors.push({
-		field: fieldName,
-		code: "AMOUNT_DIGITS_EXCEEDED",
-		message: `${fieldName} exceeds maximum ${maxDigits} digits`,
-		severity: "error"
-	});
-	if (decimalPart && decimalPart.length > maxDecimals) errors.push({
-		field: fieldName,
-		code: "AMOUNT_DECIMALS_EXCEEDED",
-		message: `${fieldName} exceeds maximum ${maxDecimals} decimal places`,
-		severity: "error"
-	});
-	return errors;
-};
-/**
-* Validates tax calculation consistency
-*/
-const validateTaxCalculations = (invoice) => {
-	const errors = [];
-	const expectedTaxExclusive = invoice.invoiceLineItems.reduce((sum, item) => sum + item.totalTaxableAmountPerLine, 0);
-	const expectedTaxAmount = invoice.invoiceLineItems.reduce((sum, item) => sum + item.taxAmount, 0);
-	const tolerance = .01;
-	if (Math.abs(invoice.legalMonetaryTotal.taxExclusiveAmount - expectedTaxExclusive) > tolerance) errors.push({
-		field: "legalMonetaryTotal.taxExclusiveAmount",
-		code: "TAX_EXCLUSIVE_MISMATCH",
-		message: `Tax exclusive amount (${invoice.legalMonetaryTotal.taxExclusiveAmount}) doesn't match sum of line items (${expectedTaxExclusive})`,
-		severity: "error"
-	});
-	if (Math.abs(invoice.taxTotal.taxAmount - expectedTaxAmount) > tolerance) errors.push({
-		field: "taxTotal.taxAmount",
-		code: "TAX_AMOUNT_MISMATCH",
-		message: `Tax amount (${invoice.taxTotal.taxAmount}) doesn't match sum of line item taxes (${expectedTaxAmount})`,
-		severity: "error"
-	});
-	return errors;
-};
-/**
-* Main validation function for complete invoice
-*/
-const validateInvoice = (invoice) => {
-	const allErrors = [];
-	allErrors.push(...validateTIN(invoice.supplier.tin, invoice.supplier.registrationType));
-	allErrors.push(...validateTIN(invoice.buyer.tin, invoice.buyer.registrationType));
-	allErrors.push(...validateContactNumber(invoice.supplier.contactNumber));
-	allErrors.push(...validateContactNumber(invoice.buyer.contactNumber));
-	allErrors.push(...validateMonetaryAmount(invoice.legalMonetaryTotal.taxExclusiveAmount, "taxExclusiveAmount"));
-	allErrors.push(...validateMonetaryAmount(invoice.legalMonetaryTotal.payableAmount, "payableAmount"));
-	allErrors.push(...validateMonetaryAmount(invoice.taxTotal.taxAmount, "taxAmount"));
-	invoice.invoiceLineItems.forEach((item, index) => {
-		allErrors.push(...validateMonetaryAmount(item.unitPrice, `lineItem[${index}].unitPrice`));
-		allErrors.push(...validateMonetaryAmount(item.taxAmount, `lineItem[${index}].taxAmount`));
-		allErrors.push(...validateMonetaryAmount(item.totalTaxableAmountPerLine, `lineItem[${index}].totalTaxableAmountPerLine`));
-	});
-	allErrors.push(...validateTaxCalculations(invoice));
-	const errors = allErrors.filter((e) => e.severity === "error");
-	const warnings = allErrors.filter((e) => e.severity === "warning");
-	return {
-		isValid: errors.length === 0,
-		errors,
-		warnings
-	};
-};
-
-//#endregion
-export { validateContactNumber, validateInvoice, validateMonetaryAmount, validateTIN, validateTaxCalculations };