@ripwords/myinvois-client 0.3.6 → 0.4.0

package/dist/index15.cjs

@@ -1,29 +1,329 @@
+const require_document = require('./document-B11B5lqd.cjs');
+require('./formatIdValue-i67o4kyD.cjs');
+const crypto = require_document.__toESM(require("crypto"));
 
-//#region src/types/notifications.d.ts
-let NotificationTypeEnum = /* @__PURE__ */ function(NotificationTypeEnum$1) {
-	NotificationTypeEnum$1[NotificationTypeEnum$1["Profile data validation"] = 3] = "Profile data validation";
-	NotificationTypeEnum$1[NotificationTypeEnum$1["Document received"] = 6] = "Document received";
-	NotificationTypeEnum$1[NotificationTypeEnum$1["Document validated"] = 7] = "Document validated";
-	NotificationTypeEnum$1[NotificationTypeEnum$1["Document cancelled"] = 8] = "Document cancelled";
-	NotificationTypeEnum$1[NotificationTypeEnum$1["User profile changed"] = 10] = "User profile changed";
-	NotificationTypeEnum$1[NotificationTypeEnum$1["Taxpayer profile changed"] = 11] = "Taxpayer profile changed";
-	NotificationTypeEnum$1[NotificationTypeEnum$1["Document rejection initiated"] = 15] = "Document rejection initiated";
-	NotificationTypeEnum$1[NotificationTypeEnum$1["ERP data validation"] = 26] = "ERP data validation";
-	NotificationTypeEnum$1[NotificationTypeEnum$1["Documents processing summary"] = 33] = "Documents processing summary";
-	NotificationTypeEnum$1[NotificationTypeEnum$1["Document Template Published"] = 34] = "Document Template Published";
-	NotificationTypeEnum$1[NotificationTypeEnum$1["Document Template Deletion"] = 35] = "Document Template Deletion";
-	return NotificationTypeEnum$1;
-}({});
-let NotificationStatusEnum = /* @__PURE__ */ function(NotificationStatusEnum$1) {
-	NotificationStatusEnum$1[NotificationStatusEnum$1["New"] = 1] = "New";
-	NotificationStatusEnum$1[NotificationStatusEnum$1["Pending"] = 2] = "Pending";
-	NotificationStatusEnum$1[NotificationStatusEnum$1["Batched"] = 3] = "Batched";
-	NotificationStatusEnum$1[NotificationStatusEnum$1["Delivered"] = 4] = "Delivered";
-	NotificationStatusEnum$1[NotificationStatusEnum$1["Error"] = 5] = "Error";
-	return NotificationStatusEnum$1;
-}({});
+//#region src/utils/signature-diagnostics.ts
+/**
+* Analyzes certificate for MyInvois compatibility issues
+*/
+function analyzeCertificateForDiagnostics(certificatePem) {
+	const issues = [];
+	const recommendations = [];
+	try {
+		const cert = new crypto.default.X509Certificate(certificatePem);
+		const certInfo = require_document.extractCertificateInfo(certificatePem);
+		const parseSubjectFields = (dn) => {
+			const fields = {};
+			dn.split("\n").forEach((line) => {
+				const trimmed = line.trim();
+				if (trimmed.includes("=")) {
+					const [key, ...valueParts] = trimmed.split("=");
+					if (key) fields[key.trim()] = valueParts.join("=").trim();
+				}
+			});
+			return fields;
+		};
+		const subjectFields = parseSubjectFields(cert.subject);
+		const organizationIdentifier = subjectFields["organizationIdentifier"] || subjectFields["2.5.4.97"];
+		const serialNumber = subjectFields["serialNumber"];
+		if (!organizationIdentifier) {
+			issues.push("DS311: Certificate missing organizationIdentifier field (TIN)");
+			recommendations.push("CRITICAL: Generate new certificate with organizationIdentifier matching your MyInvois TIN");
+			recommendations.push("Portal Error: \"Signer of invoice doesn't match the submitter of document. TIN doesn't match with the OI.\"");
+		} else if (organizationIdentifier.length < 10) {
+			issues.push("DS311: OrganizationIdentifier (TIN) appears too short - may cause submission rejection");
+			recommendations.push("Verify TIN format matches exactly what is registered in MyInvois");
+		}
+		if (!serialNumber) {
+			issues.push("DS312: Certificate missing serialNumber field (business registration)");
+			recommendations.push("CRITICAL: Generate new certificate with serialNumber matching your business registration");
+			recommendations.push("Portal Error: \"Submitter registration/identity number doesn't match with the certificate SERIALNUMBER.\"");
+		}
+		if (cert.issuer === cert.subject) {
+			issues.push("DS329: Self-signed certificate detected - will fail chain of trust validation");
+			recommendations.push("BLOCKING: Obtain certificate from MyInvois-approved CA:");
+			recommendations.push("• MSC Trustgate Sdn Bhd");
+			recommendations.push("• DigiCert Sdn Bhd");
+			recommendations.push("• Cybersign Asia Sdn Bhd");
+			recommendations.push("Portal Error: \"Certificate is not valid according to the chain of trust validation or has been issued by an untrusted certificate authority.\"");
+		} else {
+			const issuerName = cert.issuer.toLowerCase();
+			const approvedCAs = [
+				"msc trustgate",
+				"digicert",
+				"cybersign"
+			];
+			const isFromApprovedCA = approvedCAs.some((ca) => issuerName.includes(ca));
+			if (!isFromApprovedCA) {
+				issues.push("DS329: Certificate may not be from MyInvois-approved CA");
+				recommendations.push("Verify certificate was issued by an approved CA for MyInvois");
+			}
+		}
+		const rawIssuer = cert.issuer;
+		const normalizedIssuer = certInfo.issuerName;
+		const normalizedIssuerIssues = [
+			{
+				check: normalizedIssuer.includes("\n"),
+				issue: "Normalized issuer still contains newlines"
+			},
+			{
+				check: normalizedIssuer.includes("  "),
+				issue: "Normalized issuer contains double spaces"
+			},
+			{
+				check: /=\s+/.test(normalizedIssuer),
+				issue: "Normalized issuer has spaces after equals"
+			},
+			{
+				check: /\s+=/.test(normalizedIssuer),
+				issue: "Normalized issuer has spaces before equals"
+			},
+			{
+				check: normalizedIssuer.includes("\r"),
+				issue: "Normalized issuer contains carriage returns"
+			}
+		];
+		const hasActualFormatIssues = normalizedIssuerIssues.some(({ check, issue }) => {
+			if (check) {
+				issues.push(`DS326: ${issue} - will cause X509IssuerName mismatch`);
+				return true;
+			}
+			return false;
+		});
+		const hasRawIssuesButNormalizedOk = rawIssuer.includes("\n") && !normalizedIssuer.includes("\n");
+		if (hasActualFormatIssues) {
+			recommendations.push("CRITICAL: Fix issuer name normalization in signature generation");
+			recommendations.push("Portal Error: \"Certificate X509IssuerName doesn't match the X509IssuerName value provided in the signed properties section.\"");
+			recommendations.push("The normalization function is not properly formatting the issuer name");
+			recommendations.push("Debug: Check document.ts extractCertificateInfo() normalization logic");
+		} else if (hasRawIssuesButNormalizedOk) console.log("ℹ️  Note: Raw certificate issuer has newlines but normalization is handling them correctly");
+		const now = /* @__PURE__ */ new Date();
+		const validFrom = new Date(cert.validFrom);
+		const validTo = new Date(cert.validTo);
+		if (now < validFrom) {
+			issues.push("DS329: Certificate not yet valid (future start date)");
+			recommendations.push("Wait until certificate validity period begins");
+		}
+		if (now > validTo) {
+			issues.push("DS329: Certificate has expired");
+			recommendations.push("BLOCKING: Renew certificate - expired certificates are rejected");
+		}
+		try {
+			if (cert.keyUsage && !cert.keyUsage.includes("digital signature")) {
+				issues.push("DS333: Certificate lacks digitalSignature key usage");
+				recommendations.push("Generate new certificate with digitalSignature key usage enabled");
+			}
+		} catch {
+			console.log("Note: Could not check key usage extensions");
+		}
+		return {
+			organizationIdentifier,
+			serialNumber,
+			issuerName: certInfo.issuerName,
+			subjectName: certInfo.subjectName,
+			issues,
+			recommendations
+		};
+	} catch (error) {
+		issues.push(`Certificate parsing failed: ${error}`);
+		recommendations.push("Verify certificate format and validity");
+		return {
+			issuerName: "",
+			subjectName: "",
+			issues,
+			recommendations
+		};
+	}
+}
+/**
+* Analyzes signature generation for potential issues
+*/
+function analyzeSignatureForDiagnostics(invoices, certificatePem) {
+	const issues = [];
+	const recommendations = [];
+	try {
+		const documentDigest = require_document.calculateDocumentDigest(invoices);
+		const certificateDigest = require_document.calculateCertificateDigest(certificatePem);
+		const certInfo = require_document.extractCertificateInfo(certificatePem);
+		const signingTime = (/* @__PURE__ */ new Date()).toISOString();
+		const signedProperties = require_document.createSignedProperties(certificateDigest, signingTime, certInfo.issuerName, certInfo.serialNumber);
+		const signedPropertiesDigest = require_document.calculateSignedPropertiesDigest(signedProperties);
+		if (documentDigest.length === 0) {
+			issues.push("DS333: Document digest generation failed");
+			recommendations.push("CRITICAL: Verify document serialization excludes UBLExtensions/Signature");
+			recommendations.push("Portal Error: \"Document signature value is not a valid signature of the document digest using the public key of the certificate provided.\"");
+		}
+		if (certificateDigest.length === 0) {
+			issues.push("DS333: Certificate digest generation failed");
+			recommendations.push("CRITICAL: Verify certificate format and encoding");
+			recommendations.push("Certificate must be properly base64 encoded without headers/footers");
+		}
+		if (signedPropertiesDigest.length === 0) {
+			issues.push("DS333: Signed properties digest generation failed");
+			recommendations.push("CRITICAL: Verify signed properties structure and canonicalization");
+			recommendations.push("Check XML canonicalization (C14N) is applied correctly");
+		}
+		try {
+			const cert = new crypto.default.X509Certificate(certificatePem);
+			const publicKey = cert.publicKey;
+			const keyDetails = publicKey.asymmetricKeyDetails;
+			if (keyDetails) {
+				if (publicKey.asymmetricKeyType === "rsa" && keyDetails.modulusLength && keyDetails.modulusLength < 2048) {
+					issues.push("DS333: RSA key size too small (minimum 2048 bits required)");
+					recommendations.push("CRITICAL: Generate new certificate with RSA 2048+ bits");
+				}
+				const supportedKeyTypes = ["rsa", "ec"];
+				if (!supportedKeyTypes.includes(publicKey.asymmetricKeyType || "")) {
+					issues.push(`DS333: Unsupported key type: ${publicKey.asymmetricKeyType}`);
+					recommendations.push("CRITICAL: Use RSA or EC key types for MyInvois compatibility");
+				}
+			}
+			const certBuffer = Buffer.from(certificatePem.replace(/-----[^-]+-----/g, "").replace(/\s/g, ""), "base64");
+			if (certBuffer.length === 0) {
+				issues.push("DS333: Certificate encoding appears invalid");
+				recommendations.push("CRITICAL: Verify certificate is properly PEM encoded");
+			}
+		} catch (error) {
+			issues.push(`DS333: Certificate validation failed - ${error}`);
+			recommendations.push("CRITICAL: Verify certificate format and structure are valid");
+		}
+		const isValidBase64 = (str) => {
+			try {
+				return Buffer.from(str, "base64").toString("base64") === str;
+			} catch {
+				return false;
+			}
+		};
+		if (documentDigest && !isValidBase64(documentDigest)) {
+			issues.push("DS333: Document digest is not valid base64 format");
+			recommendations.push("Ensure digest is properly base64 encoded");
+		}
+		if (certificateDigest && !isValidBase64(certificateDigest)) {
+			issues.push("DS333: Certificate digest is not valid base64 format");
+			recommendations.push("Ensure certificate digest is properly base64 encoded");
+		}
+		if (signedPropertiesDigest && !isValidBase64(signedPropertiesDigest)) {
+			issues.push("DS333: Signed properties digest is not valid base64 format");
+			recommendations.push("Ensure signed properties digest is properly base64 encoded");
+		}
+		return {
+			documentDigest,
+			certificateDigest,
+			signedPropertiesDigest,
+			issues,
+			recommendations
+		};
+	} catch (error) {
+		issues.push(`Signature analysis failed: ${error}`);
+		recommendations.push("Review signature generation implementation");
+		return {
+			documentDigest: "",
+			certificateDigest: "",
+			signedPropertiesDigest: "",
+			issues,
+			recommendations
+		};
+	}
+}
+/**
+* Comprehensive signature diagnostics
+*/
+function diagnoseSignatureIssues(invoices, certificatePem) {
+	const certificateAnalysis = analyzeCertificateForDiagnostics(certificatePem);
+	const signatureAnalysis = analyzeSignatureForDiagnostics(invoices, certificatePem);
+	const certificateIssues = certificateAnalysis.issues.length;
+	const signatureIssues = signatureAnalysis.issues.length;
+	return {
+		certificateAnalysis,
+		signatureAnalysis,
+		summary: {
+			totalIssues: certificateIssues + signatureIssues,
+			certificateIssues,
+			signatureIssues
+		}
+	};
+}
+/**
+* Prints diagnostic results in a formatted way
+*/
+function printDiagnostics(result) {
+	console.log("\n🔍 MyInvois Signature Diagnostics Report");
+	console.log("=".repeat(60));
+	console.log("\n📜 CERTIFICATE ANALYSIS");
+	console.log("-".repeat(30));
+	console.log(`  Issuer: ${result.certificateAnalysis.issuerName}`);
+	console.log(`  Subject: ${result.certificateAnalysis.subjectName}`);
+	if (result.certificateAnalysis.organizationIdentifier) console.log(`  Organization ID (TIN): ${result.certificateAnalysis.organizationIdentifier}`);
+	if (result.certificateAnalysis.serialNumber) console.log(`  Serial Number: ${result.certificateAnalysis.serialNumber}`);
+	if (result.certificateAnalysis.issues.length > 0) {
+		console.log("\n  🚨 Certificate Issues:");
+		result.certificateAnalysis.issues.forEach((issue, index) => {
+			console.log(`    ${index + 1}. ${issue}`);
+		});
+	}
+	if (result.certificateAnalysis.recommendations.length > 0) {
+		console.log("\n  💡 Certificate Recommendations:");
+		result.certificateAnalysis.recommendations.forEach((rec, index) => {
+			console.log(`    ${index + 1}. ${rec}`);
+		});
+	}
+	console.log("\n🔐 SIGNATURE ANALYSIS");
+	console.log("-".repeat(30));
+	console.log(`  Document Digest: ${result.signatureAnalysis.documentDigest.substring(0, 32)}...`);
+	console.log(`  Certificate Digest: ${result.signatureAnalysis.certificateDigest.substring(0, 32)}...`);
+	console.log(`  Signed Properties Digest: ${result.signatureAnalysis.signedPropertiesDigest.substring(0, 32)}...`);
+	if (result.signatureAnalysis.issues.length > 0) {
+		console.log("\n  🚨 Signature Issues:");
+		result.signatureAnalysis.issues.forEach((issue, index) => {
+			console.log(`    ${index + 1}. ${issue}`);
+		});
+	}
+	if (result.signatureAnalysis.recommendations.length > 0) {
+		console.log("\n  💡 Signature Recommendations:");
+		result.signatureAnalysis.recommendations.forEach((rec, index) => {
+			console.log(`    ${index + 1}. ${rec}`);
+		});
+	}
+	console.log("\n📊 SUMMARY");
+	console.log("-".repeat(30));
+	console.log(`  Total Issues Found: ${result.summary.totalIssues}`);
+	console.log(`  Certificate Issues: ${result.summary.certificateIssues}`);
+	console.log(`  Signature Issues: ${result.summary.signatureIssues}`);
+	if (result.summary.totalIssues === 0) {
+		console.log("\n  ✅ No issues detected in current analysis");
+		console.log("  🎉 Certificate and signature implementation appear valid");
+	} else {
+		console.log("\n  ⚠️  Issues detected - review recommendations above");
+		const hasDS311 = result.certificateAnalysis.issues.some((issue) => issue.includes("DS311"));
+		const hasDS312 = result.certificateAnalysis.issues.some((issue) => issue.includes("DS312"));
+		const hasDS326 = result.certificateAnalysis.issues.some((issue) => issue.includes("DS326"));
+		const hasDS329 = result.certificateAnalysis.issues.some((issue) => issue.includes("DS329"));
+		const hasDS333 = result.signatureAnalysis.issues.some((issue) => issue.includes("DS333"));
+		console.log("\n  🎯 MYINVOIS PORTAL ERROR ANALYSIS:");
+		if (hasDS311) console.log("     ❌ DS311 - TIN mismatch between certificate and submitter");
+		if (hasDS312) console.log("     ❌ DS312 - Registration number mismatch with certificate");
+		if (hasDS326) console.log("     ❌ DS326 - X509IssuerName format inconsistency");
+		if (hasDS329) console.log("     ❌ DS329 - Certificate trust chain validation failure");
+		if (hasDS333) console.log("     ❌ DS333 - Document signature validation failure");
+		if (result.summary.certificateIssues > 0) {
+			console.log("\n  🚨 PRIMARY ACTION REQUIRED:");
+			console.log("     Certificate issues must be resolved first");
+			console.log("     Self-generated certificates cannot pass MyInvois validation");
+		}
+		if (result.summary.signatureIssues > 0) {
+			console.log("\n  ⚙️  SECONDARY ACTION:");
+			console.log("     Review and optimize signature implementation");
+		}
+		console.log("\n  📋 NEXT STEPS:");
+		console.log("     1. Address BLOCKING/CRITICAL issues first");
+		console.log("     2. Test with updated certificate/implementation");
+		console.log("     3. Re-run diagnostics to verify fixes");
+		console.log("     4. Submit test document to MyInvois portal");
+	}
+	console.log("\n" + "=".repeat(60));
+}
 
 //#endregion
-exports.NotificationStatusEnum = NotificationStatusEnum;
-exports.NotificationTypeEnum = NotificationTypeEnum;
+exports.diagnoseSignatureIssues = diagnoseSignatureIssues;
+exports.printDiagnostics = printDiagnostics;
 //# sourceMappingURL=index15.cjs.map

package/dist/index15.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"index15.cjs","names":[],"sources":["../src/types/notifications.d.ts"],"sourcesContent":["export type NotificationType = 3 | 6 | 7 | 8 | 10 | 11 | 15 | 26 | 33 | 34 | 35\n\nexport enum NotificationTypeEnum {\n  'Profile data validation' = 3,\n  'Document received' = 6,\n  'Document validated' = 7,\n  'Document cancelled' = 8,\n  'User profile changed' = 10,\n  'Taxpayer profile changed' = 11,\n  'Document rejection initiated' = 15,\n  'ERP data validation' = 26,\n  'Documents processing summary' = 33,\n  'Document Template Published' = 34,\n  'Document Template Deletion' = 35,\n}\n\nexport type NotificationStatus = 1 | 2 | 3 | 4 | 5\n\nexport enum NotificationStatusEnum {\n  'New' = 1,\n  'Pending' = 2,\n  'Batched' = 3,\n  'Delivered' = 4,\n  'Error' = 5,\n}\n\nexport type NotificationDeliveryAttempt = {\n  attemptDateTime: string\n  status: string\n  statusDetails: string\n}\n\nexport type NotificationMetadata = {\n  hasNext: boolean\n}\n\nexport type Notification = {\n  notificationId: string\n  receiverNName: string\n  notificationDeliveryId: string\n  creationDateTime: string\n  receivedDateTime: string\n  notificationSubject: string\n  deliveredDateTime: string\n  typeId: string\n  typeName: string\n  finalMessage: string\n  address: string\n  language: string\n  status: string\n  deliveryAttempts: NotificationDeliveryAttempt[]\n}\n\nexport type NotificationResponse = {\n  notifications: Notification[]\n  metadata: NotificationMetadata\n}\n\nexport type NotificationSearchParams = {\n  dateFrom?: string\n  dateTo?: string\n  type?: NotificationType\n  language?: string\n  status?: NotificationStatus\n  pageNo?: number\n  pageSize?: number\n}\n"],"mappings":";;AAEA,IAAY,wEAAL;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACD;AAID,IAAY,4EAAL;AACL;AACA;AACA;AACA;AACA;;AACD"}
+{"version":3,"file":"index15.cjs","names":["certificatePem: string","issues: string[]","recommendations: string[]","dn: string","fields: Record<string, string>","invoices: InvoiceV1_1[]","str: string","result: DiagnosticResult"],"sources":["../src/utils/signature-diagnostics.ts"],"sourcesContent":["import crypto from 'crypto'\nimport type { InvoiceV1_1 } from '../types'\nimport {\n  extractCertificateInfo,\n  calculateDocumentDigest,\n  calculateSignedPropertiesDigest,\n  createSignedProperties,\n  calculateCertificateDigest,\n} from './document'\n\nexport interface CertificateAnalysisResult {\n  organizationIdentifier?: string\n  serialNumber?: string\n  issuerName: string\n  subjectName: string\n  issues: string[]\n  recommendations: string[]\n}\n\nexport interface SignatureAnalysisResult {\n  documentDigest: string\n  certificateDigest: string\n  signedPropertiesDigest: string\n  issues: string[]\n  recommendations: string[]\n}\n\nexport interface DiagnosticResult {\n  certificateAnalysis: CertificateAnalysisResult\n  signatureAnalysis: SignatureAnalysisResult\n  summary: {\n    totalIssues: number\n    certificateIssues: number\n    signatureIssues: number\n  }\n}\n\n/**\n * Analyzes certificate for MyInvois compatibility issues\n */\nfunction analyzeCertificateForDiagnostics(\n  certificatePem: string,\n): CertificateAnalysisResult {\n  const issues: string[] = []\n  const recommendations: string[] = []\n\n  try {\n    const cert = new crypto.X509Certificate(certificatePem)\n    const certInfo = extractCertificateInfo(certificatePem)\n\n    // Parse subject fields for MyInvois analysis\n    const parseSubjectFields = (dn: string) => {\n      const fields: Record<string, string> = {}\n      dn.split('\\n').forEach(line => {\n        const trimmed = line.trim()\n        if (trimmed.includes('=')) {\n          const [key, ...valueParts] = trimmed.split('=')\n          if (key) {\n            fields[key.trim()] = valueParts.join('=').trim()\n          }\n        }\n      })\n      return fields\n    }\n\n    const subjectFields = parseSubjectFields(cert.subject)\n    const organizationIdentifier =\n      subjectFields['organizationIdentifier'] || subjectFields['2.5.4.97']\n    const serialNumber = subjectFields['serialNumber']\n\n    // DS311 - TIN Mismatch Analysis\n    if (!organizationIdentifier) {\n      issues.push(\n        'DS311: Certificate missing organizationIdentifier field (TIN)',\n      )\n      recommendations.push(\n        'CRITICAL: Generate new certificate with organizationIdentifier matching your MyInvois TIN',\n      )\n      recommendations.push(\n        'Portal Error: \"Signer of invoice doesn\\'t match the submitter of document. TIN doesn\\'t match with the OI.\"',\n      )\n    } else {\n      // Additional TIN format validation\n      if (organizationIdentifier.length < 10) {\n        issues.push(\n          'DS311: OrganizationIdentifier (TIN) appears too short - may cause submission rejection',\n        )\n        recommendations.push(\n          'Verify TIN format matches exactly what is registered in MyInvois',\n        )\n      }\n    }\n\n    // DS312 - Registration Number Analysis\n    if (!serialNumber) {\n      issues.push(\n        'DS312: Certificate missing serialNumber field (business registration)',\n      )\n      recommendations.push(\n        'CRITICAL: Generate new certificate with serialNumber matching your business registration',\n      )\n      recommendations.push(\n        'Portal Error: \"Submitter registration/identity number doesn\\'t match with the certificate SERIALNUMBER.\"',\n      )\n    }\n\n    // DS329 - Certificate Trust Analysis\n    if (cert.issuer === cert.subject) {\n      issues.push(\n        'DS329: Self-signed certificate detected - will fail chain of trust validation',\n      )\n      recommendations.push(\n        'BLOCKING: Obtain certificate from MyInvois-approved CA:',\n      )\n      recommendations.push('• MSC Trustgate Sdn Bhd')\n      recommendations.push('• DigiCert Sdn Bhd')\n      recommendations.push('• Cybersign Asia Sdn Bhd')\n      recommendations.push(\n        'Portal Error: \"Certificate is not valid according to the chain of trust validation or has been issued by an untrusted certificate authority.\"',\n      )\n    } else {\n      // Check if issuer looks like a known CA\n      const issuerName = cert.issuer.toLowerCase()\n      const approvedCAs = ['msc trustgate', 'digicert', 'cybersign']\n      const isFromApprovedCA = approvedCAs.some(ca => issuerName.includes(ca))\n\n      if (!isFromApprovedCA) {\n        issues.push('DS329: Certificate may not be from MyInvois-approved CA')\n        recommendations.push(\n          'Verify certificate was issued by an approved CA for MyInvois',\n        )\n      }\n    }\n\n    // DS326 - Issuer Name Format Analysis (Enhanced)\n    const rawIssuer = cert.issuer\n    const normalizedIssuer = certInfo.issuerName\n\n    // Check for issues in the NORMALIZED issuer (these are actual problems)\n    const normalizedIssuerIssues = [\n      {\n        check: normalizedIssuer.includes('\\n'),\n        issue: 'Normalized issuer still contains newlines',\n      },\n      {\n        check: normalizedIssuer.includes('  '),\n        issue: 'Normalized issuer contains double spaces',\n      },\n      {\n        check: /=\\s+/.test(normalizedIssuer),\n        issue: 'Normalized issuer has spaces after equals',\n      },\n      {\n        check: /\\s+=/.test(normalizedIssuer),\n        issue: 'Normalized issuer has spaces before equals',\n      },\n      {\n        check: normalizedIssuer.includes('\\r'),\n        issue: 'Normalized issuer contains carriage returns',\n      },\n    ]\n\n    // Only report actual issues in the normalized version that will cause portal errors\n    const hasActualFormatIssues = normalizedIssuerIssues.some(\n      ({ check, issue }) => {\n        if (check) {\n          issues.push(`DS326: ${issue} - will cause X509IssuerName mismatch`)\n          return true\n        }\n        return false\n      },\n    )\n\n    // Check if raw issuer has issues but normalized version is OK (informational)\n    const hasRawIssuesButNormalizedOk =\n      rawIssuer.includes('\\n') && !normalizedIssuer.includes('\\n')\n\n    if (hasActualFormatIssues) {\n      recommendations.push(\n        'CRITICAL: Fix issuer name normalization in signature generation',\n      )\n      recommendations.push(\n        'Portal Error: \"Certificate X509IssuerName doesn\\'t match the X509IssuerName value provided in the signed properties section.\"',\n      )\n      recommendations.push(\n        'The normalization function is not properly formatting the issuer name',\n      )\n      recommendations.push(\n        'Debug: Check document.ts extractCertificateInfo() normalization logic',\n      )\n    } else if (hasRawIssuesButNormalizedOk) {\n      // This is informational - normalization is working correctly\n      console.log(\n        'ℹ️  Note: Raw certificate issuer has newlines but normalization is handling them correctly',\n      )\n    }\n\n    // Additional certificate validity checks\n    const now = new Date()\n    const validFrom = new Date(cert.validFrom)\n    const validTo = new Date(cert.validTo)\n\n    if (now < validFrom) {\n      issues.push('DS329: Certificate not yet valid (future start date)')\n      recommendations.push('Wait until certificate validity period begins')\n    }\n\n    if (now > validTo) {\n      issues.push('DS329: Certificate has expired')\n      recommendations.push(\n        'BLOCKING: Renew certificate - expired certificates are rejected',\n      )\n    }\n\n    // Check certificate key usage (if available)\n    try {\n      if (cert.keyUsage && !cert.keyUsage.includes('digital signature')) {\n        issues.push('DS333: Certificate lacks digitalSignature key usage')\n        recommendations.push(\n          'Generate new certificate with digitalSignature key usage enabled',\n        )\n      }\n    } catch {\n      // Key usage might not be available in all certificates\n      console.log('Note: Could not check key usage extensions')\n    }\n\n    return {\n      organizationIdentifier,\n      serialNumber,\n      issuerName: certInfo.issuerName,\n      subjectName: certInfo.subjectName,\n      issues,\n      recommendations,\n    }\n  } catch (error) {\n    issues.push(`Certificate parsing failed: ${error}`)\n    recommendations.push('Verify certificate format and validity')\n\n    return {\n      issuerName: '',\n      subjectName: '',\n      issues,\n      recommendations,\n    }\n  }\n}\n\n/**\n * Analyzes signature generation for potential issues\n */\nfunction analyzeSignatureForDiagnostics(\n  invoices: InvoiceV1_1[],\n  certificatePem: string,\n): SignatureAnalysisResult {\n  const issues: string[] = []\n  const recommendations: string[] = []\n\n  try {\n    // Step 1: Document digest\n    const documentDigest = calculateDocumentDigest(invoices)\n\n    // Step 2: Certificate digest\n    const certificateDigest = calculateCertificateDigest(certificatePem)\n\n    // Step 3: Extract certificate info\n    const certInfo = extractCertificateInfo(certificatePem)\n    const signingTime = new Date().toISOString()\n\n    // Step 4: Create signed properties\n    const signedProperties = createSignedProperties(\n      certificateDigest,\n      signingTime,\n      certInfo.issuerName,\n      certInfo.serialNumber,\n    )\n\n    // Step 5: Signed properties digest\n    const signedPropertiesDigest =\n      calculateSignedPropertiesDigest(signedProperties)\n\n    // DS333 - Document Signature Validation\n    if (documentDigest.length === 0) {\n      issues.push('DS333: Document digest generation failed')\n      recommendations.push(\n        'CRITICAL: Verify document serialization excludes UBLExtensions/Signature',\n      )\n      recommendations.push(\n        'Portal Error: \"Document signature value is not a valid signature of the document digest using the public key of the certificate provided.\"',\n      )\n    }\n\n    if (certificateDigest.length === 0) {\n      issues.push('DS333: Certificate digest generation failed')\n      recommendations.push('CRITICAL: Verify certificate format and encoding')\n      recommendations.push(\n        'Certificate must be properly base64 encoded without headers/footers',\n      )\n    }\n\n    if (signedPropertiesDigest.length === 0) {\n      issues.push('DS333: Signed properties digest generation failed')\n      recommendations.push(\n        'CRITICAL: Verify signed properties structure and canonicalization',\n      )\n      recommendations.push(\n        'Check XML canonicalization (C14N) is applied correctly',\n      )\n    }\n\n    // Additional DS333 checks\n    try {\n      const cert = new crypto.X509Certificate(certificatePem)\n\n      // Verify the certificate has the required algorithms for MyInvois\n      const publicKey = cert.publicKey\n      const keyDetails = publicKey.asymmetricKeyDetails\n\n      if (keyDetails) {\n        // Check if key size is adequate for RSA (minimum 2048 bits)\n        if (\n          publicKey.asymmetricKeyType === 'rsa' &&\n          keyDetails.modulusLength &&\n          keyDetails.modulusLength < 2048\n        ) {\n          issues.push(\n            'DS333: RSA key size too small (minimum 2048 bits required)',\n          )\n          recommendations.push(\n            'CRITICAL: Generate new certificate with RSA 2048+ bits',\n          )\n        }\n\n        // Check supported key types\n        const supportedKeyTypes = ['rsa', 'ec']\n        if (!supportedKeyTypes.includes(publicKey.asymmetricKeyType || '')) {\n          issues.push(\n            `DS333: Unsupported key type: ${publicKey.asymmetricKeyType}`,\n          )\n          recommendations.push(\n            'CRITICAL: Use RSA or EC key types for MyInvois compatibility',\n          )\n        }\n      }\n\n      // Test certificate format validity\n      const certBuffer = Buffer.from(\n        certificatePem.replace(/-----[^-]+-----/g, '').replace(/\\s/g, ''),\n        'base64',\n      )\n      if (certBuffer.length === 0) {\n        issues.push('DS333: Certificate encoding appears invalid')\n        recommendations.push(\n          'CRITICAL: Verify certificate is properly PEM encoded',\n        )\n      }\n    } catch (error) {\n      issues.push(`DS333: Certificate validation failed - ${error}`)\n      recommendations.push(\n        'CRITICAL: Verify certificate format and structure are valid',\n      )\n    }\n\n    // Validate digest formats (should be base64)\n    const isValidBase64 = (str: string) => {\n      try {\n        return Buffer.from(str, 'base64').toString('base64') === str\n      } catch {\n        return false\n      }\n    }\n\n    if (documentDigest && !isValidBase64(documentDigest)) {\n      issues.push('DS333: Document digest is not valid base64 format')\n      recommendations.push('Ensure digest is properly base64 encoded')\n    }\n\n    if (certificateDigest && !isValidBase64(certificateDigest)) {\n      issues.push('DS333: Certificate digest is not valid base64 format')\n      recommendations.push(\n        'Ensure certificate digest is properly base64 encoded',\n      )\n    }\n\n    if (signedPropertiesDigest && !isValidBase64(signedPropertiesDigest)) {\n      issues.push('DS333: Signed properties digest is not valid base64 format')\n      recommendations.push(\n        'Ensure signed properties digest is properly base64 encoded',\n      )\n    }\n\n    return {\n      documentDigest,\n      certificateDigest,\n      signedPropertiesDigest,\n      issues,\n      recommendations,\n    }\n  } catch (error) {\n    issues.push(`Signature analysis failed: ${error}`)\n    recommendations.push('Review signature generation implementation')\n\n    return {\n      documentDigest: '',\n      certificateDigest: '',\n      signedPropertiesDigest: '',\n      issues,\n      recommendations,\n    }\n  }\n}\n\n/**\n * Comprehensive signature diagnostics\n */\nexport function diagnoseSignatureIssues(\n  invoices: InvoiceV1_1[],\n  certificatePem: string,\n): DiagnosticResult {\n  const certificateAnalysis = analyzeCertificateForDiagnostics(certificatePem)\n  const signatureAnalysis = analyzeSignatureForDiagnostics(\n    invoices,\n    certificatePem,\n  )\n\n  const certificateIssues = certificateAnalysis.issues.length\n  const signatureIssues = signatureAnalysis.issues.length\n\n  return {\n    certificateAnalysis,\n    signatureAnalysis,\n    summary: {\n      totalIssues: certificateIssues + signatureIssues,\n      certificateIssues,\n      signatureIssues,\n    },\n  }\n}\n\n/**\n * Prints diagnostic results in a formatted way\n */\nexport function printDiagnostics(result: DiagnosticResult): void {\n  console.log('\\n🔍 MyInvois Signature Diagnostics Report')\n  console.log('='.repeat(60))\n\n  // Certificate Analysis\n  console.log('\\n📜 CERTIFICATE ANALYSIS')\n  console.log('-'.repeat(30))\n\n  console.log(`  Issuer: ${result.certificateAnalysis.issuerName}`)\n  console.log(`  Subject: ${result.certificateAnalysis.subjectName}`)\n\n  if (result.certificateAnalysis.organizationIdentifier) {\n    console.log(\n      `  Organization ID (TIN): ${result.certificateAnalysis.organizationIdentifier}`,\n    )\n  }\n\n  if (result.certificateAnalysis.serialNumber) {\n    console.log(`  Serial Number: ${result.certificateAnalysis.serialNumber}`)\n  }\n\n  if (result.certificateAnalysis.issues.length > 0) {\n    console.log('\\n  🚨 Certificate Issues:')\n    result.certificateAnalysis.issues.forEach((issue, index) => {\n      console.log(`    ${index + 1}. ${issue}`)\n    })\n  }\n\n  if (result.certificateAnalysis.recommendations.length > 0) {\n    console.log('\\n  💡 Certificate Recommendations:')\n    result.certificateAnalysis.recommendations.forEach((rec, index) => {\n      console.log(`    ${index + 1}. ${rec}`)\n    })\n  }\n\n  // Signature Analysis\n  console.log('\\n🔐 SIGNATURE ANALYSIS')\n  console.log('-'.repeat(30))\n\n  console.log(\n    `  Document Digest: ${result.signatureAnalysis.documentDigest.substring(0, 32)}...`,\n  )\n  console.log(\n    `  Certificate Digest: ${result.signatureAnalysis.certificateDigest.substring(0, 32)}...`,\n  )\n  console.log(\n    `  Signed Properties Digest: ${result.signatureAnalysis.signedPropertiesDigest.substring(0, 32)}...`,\n  )\n\n  if (result.signatureAnalysis.issues.length > 0) {\n    console.log('\\n  🚨 Signature Issues:')\n    result.signatureAnalysis.issues.forEach((issue, index) => {\n      console.log(`    ${index + 1}. ${issue}`)\n    })\n  }\n\n  if (result.signatureAnalysis.recommendations.length > 0) {\n    console.log('\\n  💡 Signature Recommendations:')\n    result.signatureAnalysis.recommendations.forEach((rec, index) => {\n      console.log(`    ${index + 1}. ${rec}`)\n    })\n  }\n\n  // Summary\n  console.log('\\n📊 SUMMARY')\n  console.log('-'.repeat(30))\n  console.log(`  Total Issues Found: ${result.summary.totalIssues}`)\n  console.log(`  Certificate Issues: ${result.summary.certificateIssues}`)\n  console.log(`  Signature Issues: ${result.summary.signatureIssues}`)\n\n  if (result.summary.totalIssues === 0) {\n    console.log('\\n  ✅ No issues detected in current analysis')\n    console.log('  🎉 Certificate and signature implementation appear valid')\n  } else {\n    console.log('\\n  ⚠️  Issues detected - review recommendations above')\n\n    // Check for specific portal errors\n    const hasDS311 = result.certificateAnalysis.issues.some(issue =>\n      issue.includes('DS311'),\n    )\n    const hasDS312 = result.certificateAnalysis.issues.some(issue =>\n      issue.includes('DS312'),\n    )\n    const hasDS326 = result.certificateAnalysis.issues.some(issue =>\n      issue.includes('DS326'),\n    )\n    const hasDS329 = result.certificateAnalysis.issues.some(issue =>\n      issue.includes('DS329'),\n    )\n    const hasDS333 = result.signatureAnalysis.issues.some(issue =>\n      issue.includes('DS333'),\n    )\n\n    console.log('\\n  🎯 MYINVOIS PORTAL ERROR ANALYSIS:')\n\n    if (hasDS311) {\n      console.log(\n        '     ❌ DS311 - TIN mismatch between certificate and submitter',\n      )\n    }\n\n    if (hasDS312) {\n      console.log(\n        '     ❌ DS312 - Registration number mismatch with certificate',\n      )\n    }\n\n    if (hasDS326) {\n      console.log('     ❌ DS326 - X509IssuerName format inconsistency')\n    }\n\n    if (hasDS329) {\n      console.log('     ❌ DS329 - Certificate trust chain validation failure')\n    }\n\n    if (hasDS333) {\n      console.log('     ❌ DS333 - Document signature validation failure')\n    }\n\n    if (result.summary.certificateIssues > 0) {\n      console.log('\\n  🚨 PRIMARY ACTION REQUIRED:')\n      console.log('     Certificate issues must be resolved first')\n      console.log(\n        '     Self-generated certificates cannot pass MyInvois validation',\n      )\n    }\n\n    if (result.summary.signatureIssues > 0) {\n      console.log('\\n  ⚙️  SECONDARY ACTION:')\n      console.log('     Review and optimize signature implementation')\n    }\n\n    console.log('\\n  📋 NEXT STEPS:')\n    console.log('     1. Address BLOCKING/CRITICAL issues first')\n    console.log('     2. Test with updated certificate/implementation')\n    console.log('     3. Re-run diagnostics to verify fixes')\n    console.log('     4. Submit test document to MyInvois portal')\n  }\n\n  console.log('\\n' + '='.repeat(60))\n}\n"],"mappings":";;;;;;;;AAwCA,SAAS,iCACPA,gBAC2B;CAC3B,MAAMC,SAAmB,CAAE;CAC3B,MAAMC,kBAA4B,CAAE;AAEpC,KAAI;EACF,MAAM,OAAO,IAAI,eAAO,gBAAgB;EACxC,MAAM,WAAW,wCAAuB,eAAe;EAGvD,MAAM,qBAAqB,CAACC,OAAe;GACzC,MAAMC,SAAiC,CAAE;AACzC,MAAG,MAAM,KAAK,CAAC,QAAQ,UAAQ;IAC7B,MAAM,UAAU,KAAK,MAAM;AAC3B,QAAI,QAAQ,SAAS,IAAI,EAAE;KACzB,MAAM,CAAC,KAAK,GAAG,WAAW,GAAG,QAAQ,MAAM,IAAI;AAC/C,SAAI,IACF,QAAO,IAAI,MAAM,IAAI,WAAW,KAAK,IAAI,CAAC,MAAM;IAEnD;GACF,EAAC;AACF,UAAO;EACR;EAED,MAAM,gBAAgB,mBAAmB,KAAK,QAAQ;EACtD,MAAM,yBACJ,cAAc,6BAA6B,cAAc;EAC3D,MAAM,eAAe,cAAc;AAGnC,OAAK,wBAAwB;AAC3B,UAAO,KACL,gEACD;AACD,mBAAgB,KACd,4FACD;AACD,mBAAgB,KACd,8GACD;EACF,WAEK,uBAAuB,SAAS,IAAI;AACtC,UAAO,KACL,yFACD;AACD,mBAAgB,KACd,mEACD;EACF;AAIH,OAAK,cAAc;AACjB,UAAO,KACL,wEACD;AACD,mBAAgB,KACd,2FACD;AACD,mBAAgB,KACd,4GACD;EACF;AAGD,MAAI,KAAK,WAAW,KAAK,SAAS;AAChC,UAAO,KACL,gFACD;AACD,mBAAgB,KACd,0DACD;AACD,mBAAgB,KAAK,0BAA0B;AAC/C,mBAAgB,KAAK,qBAAqB;AAC1C,mBAAgB,KAAK,2BAA2B;AAChD,mBAAgB,KACd,kJACD;EACF,OAAM;GAEL,MAAM,aAAa,KAAK,OAAO,aAAa;GAC5C,MAAM,cAAc;IAAC;IAAiB;IAAY;GAAY;GAC9D,MAAM,mBAAmB,YAAY,KAAK,QAAM,WAAW,SAAS,GAAG,CAAC;AAExE,QAAK,kBAAkB;AACrB,WAAO,KAAK,0DAA0D;AACtE,oBAAgB,KACd,+DACD;GACF;EACF;EAGD,MAAM,YAAY,KAAK;EACvB,MAAM,mBAAmB,SAAS;EAGlC,MAAM,yBAAyB;GAC7B;IACE,OAAO,iBAAiB,SAAS,KAAK;IACtC,OAAO;GACR;GACD;IACE,OAAO,iBAAiB,SAAS,KAAK;IACtC,OAAO;GACR;GACD;IACE,OAAO,OAAO,KAAK,iBAAiB;IACpC,OAAO;GACR;GACD;IACE,OAAO,OAAO,KAAK,iBAAiB;IACpC,OAAO;GACR;GACD;IACE,OAAO,iBAAiB,SAAS,KAAK;IACtC,OAAO;GACR;EACF;EAGD,MAAM,wBAAwB,uBAAuB,KACnD,CAAC,EAAE,OAAO,OAAO,KAAK;AACpB,OAAI,OAAO;AACT,WAAO,MAAM,SAAS,MAAM,uCAAuC;AACnE,WAAO;GACR;AACD,UAAO;EACR,EACF;EAGD,MAAM,8BACJ,UAAU,SAAS,KAAK,KAAK,iBAAiB,SAAS,KAAK;AAE9D,MAAI,uBAAuB;AACzB,mBAAgB,KACd,kEACD;AACD,mBAAgB,KACd,iIACD;AACD,mBAAgB,KACd,wEACD;AACD,mBAAgB,KACd,wEACD;EACF,WAAU,4BAET,SAAQ,IACN,6FACD;EAIH,MAAM,sBAAM,IAAI;EAChB,MAAM,YAAY,IAAI,KAAK,KAAK;EAChC,MAAM,UAAU,IAAI,KAAK,KAAK;AAE9B,MAAI,MAAM,WAAW;AACnB,UAAO,KAAK,uDAAuD;AACnE,mBAAgB,KAAK,gDAAgD;EACtE;AAED,MAAI,MAAM,SAAS;AACjB,UAAO,KAAK,iCAAiC;AAC7C,mBAAgB,KACd,kEACD;EACF;AAGD,MAAI;AACF,OAAI,KAAK,aAAa,KAAK,SAAS,SAAS,oBAAoB,EAAE;AACjE,WAAO,KAAK,sDAAsD;AAClE,oBAAgB,KACd,mEACD;GACF;EACF,QAAO;AAEN,WAAQ,IAAI,6CAA6C;EAC1D;AAED,SAAO;GACL;GACA;GACA,YAAY,SAAS;GACrB,aAAa,SAAS;GACtB;GACA;EACD;CACF,SAAQ,OAAO;AACd,SAAO,MAAM,8BAA8B,MAAM,EAAE;AACnD,kBAAgB,KAAK,yCAAyC;AAE9D,SAAO;GACL,YAAY;GACZ,aAAa;GACb;GACA;EACD;CACF;AACF;;;;AAKD,SAAS,+BACPC,UACAL,gBACyB;CACzB,MAAMC,SAAmB,CAAE;CAC3B,MAAMC,kBAA4B,CAAE;AAEpC,KAAI;EAEF,MAAM,iBAAiB,yCAAwB,SAAS;EAGxD,MAAM,oBAAoB,4CAA2B,eAAe;EAGpE,MAAM,WAAW,wCAAuB,eAAe;EACvD,MAAM,cAAc,qBAAI,QAAO,aAAa;EAG5C,MAAM,mBAAmB,wCACvB,mBACA,aACA,SAAS,YACT,SAAS,aACV;EAGD,MAAM,yBACJ,iDAAgC,iBAAiB;AAGnD,MAAI,eAAe,WAAW,GAAG;AAC/B,UAAO,KAAK,2CAA2C;AACvD,mBAAgB,KACd,2EACD;AACD,mBAAgB,KACd,+IACD;EACF;AAED,MAAI,kBAAkB,WAAW,GAAG;AAClC,UAAO,KAAK,8CAA8C;AAC1D,mBAAgB,KAAK,mDAAmD;AACxE,mBAAgB,KACd,sEACD;EACF;AAED,MAAI,uBAAuB,WAAW,GAAG;AACvC,UAAO,KAAK,oDAAoD;AAChE,mBAAgB,KACd,oEACD;AACD,mBAAgB,KACd,yDACD;EACF;AAGD,MAAI;GACF,MAAM,OAAO,IAAI,eAAO,gBAAgB;GAGxC,MAAM,YAAY,KAAK;GACvB,MAAM,aAAa,UAAU;AAE7B,OAAI,YAAY;AAEd,QACE,UAAU,sBAAsB,SAChC,WAAW,iBACX,WAAW,gBAAgB,MAC3B;AACA,YAAO,KACL,6DACD;AACD,qBAAgB,KACd,yDACD;IACF;IAGD,MAAM,oBAAoB,CAAC,OAAO,IAAK;AACvC,SAAK,kBAAkB,SAAS,UAAU,qBAAqB,GAAG,EAAE;AAClE,YAAO,MACJ,+BAA+B,UAAU,kBAAkB,EAC7D;AACD,qBAAgB,KACd,+DACD;IACF;GACF;GAGD,MAAM,aAAa,OAAO,KACxB,eAAe,QAAQ,oBAAoB,GAAG,CAAC,QAAQ,OAAO,GAAG,EACjE,SACD;AACD,OAAI,WAAW,WAAW,GAAG;AAC3B,WAAO,KAAK,8CAA8C;AAC1D,oBAAgB,KACd,uDACD;GACF;EACF,SAAQ,OAAO;AACd,UAAO,MAAM,yCAAyC,MAAM,EAAE;AAC9D,mBAAgB,KACd,8DACD;EACF;EAGD,MAAM,gBAAgB,CAACI,QAAgB;AACrC,OAAI;AACF,WAAO,OAAO,KAAK,KAAK,SAAS,CAAC,SAAS,SAAS,KAAK;GAC1D,QAAO;AACN,WAAO;GACR;EACF;AAED,MAAI,mBAAmB,cAAc,eAAe,EAAE;AACpD,UAAO,KAAK,oDAAoD;AAChE,mBAAgB,KAAK,2CAA2C;EACjE;AAED,MAAI,sBAAsB,cAAc,kBAAkB,EAAE;AAC1D,UAAO,KAAK,uDAAuD;AACnE,mBAAgB,KACd,uDACD;EACF;AAED,MAAI,2BAA2B,cAAc,uBAAuB,EAAE;AACpE,UAAO,KAAK,6DAA6D;AACzE,mBAAgB,KACd,6DACD;EACF;AAED,SAAO;GACL;GACA;GACA;GACA;GACA;EACD;CACF,SAAQ,OAAO;AACd,SAAO,MAAM,6BAA6B,MAAM,EAAE;AAClD,kBAAgB,KAAK,6CAA6C;AAElE,SAAO;GACL,gBAAgB;GAChB,mBAAmB;GACnB,wBAAwB;GACxB;GACA;EACD;CACF;AACF;;;;AAKD,SAAgB,wBACdD,UACAL,gBACkB;CAClB,MAAM,sBAAsB,iCAAiC,eAAe;CAC5E,MAAM,oBAAoB,+BACxB,UACA,eACD;CAED,MAAM,oBAAoB,oBAAoB,OAAO;CACrD,MAAM,kBAAkB,kBAAkB,OAAO;AAEjD,QAAO;EACL;EACA;EACA,SAAS;GACP,aAAa,oBAAoB;GACjC;GACA;EACD;CACF;AACF;;;;AAKD,SAAgB,iBAAiBO,QAAgC;AAC/D,SAAQ,IAAI,6CAA6C;AACzD,SAAQ,IAAI,IAAI,OAAO,GAAG,CAAC;AAG3B,SAAQ,IAAI,4BAA4B;AACxC,SAAQ,IAAI,IAAI,OAAO,GAAG,CAAC;AAE3B,SAAQ,KAAK,YAAY,OAAO,oBAAoB,WAAW,EAAE;AACjE,SAAQ,KAAK,aAAa,OAAO,oBAAoB,YAAY,EAAE;AAEnE,KAAI,OAAO,oBAAoB,uBAC7B,SAAQ,KACL,2BAA2B,OAAO,oBAAoB,uBAAuB,EAC/E;AAGH,KAAI,OAAO,oBAAoB,aAC7B,SAAQ,KAAK,mBAAmB,OAAO,oBAAoB,aAAa,EAAE;AAG5E,KAAI,OAAO,oBAAoB,OAAO,SAAS,GAAG;AAChD,UAAQ,IAAI,6BAA6B;AACzC,SAAO,oBAAoB,OAAO,QAAQ,CAAC,OAAO,UAAU;AAC1D,WAAQ,KAAK,MAAM,QAAQ,EAAE,IAAI,MAAM,EAAE;EAC1C,EAAC;CACH;AAED,KAAI,OAAO,oBAAoB,gBAAgB,SAAS,GAAG;AACzD,UAAQ,IAAI,sCAAsC;AAClD,SAAO,oBAAoB,gBAAgB,QAAQ,CAAC,KAAK,UAAU;AACjE,WAAQ,KAAK,MAAM,QAAQ,EAAE,IAAI,IAAI,EAAE;EACxC,EAAC;CACH;AAGD,SAAQ,IAAI,0BAA0B;AACtC,SAAQ,IAAI,IAAI,OAAO,GAAG,CAAC;AAE3B,SAAQ,KACL,qBAAqB,OAAO,kBAAkB,eAAe,UAAU,GAAG,GAAG,CAAC,KAChF;AACD,SAAQ,KACL,wBAAwB,OAAO,kBAAkB,kBAAkB,UAAU,GAAG,GAAG,CAAC,KACtF;AACD,SAAQ,KACL,8BAA8B,OAAO,kBAAkB,uBAAuB,UAAU,GAAG,GAAG,CAAC,KACjG;AAED,KAAI,OAAO,kBAAkB,OAAO,SAAS,GAAG;AAC9C,UAAQ,IAAI,2BAA2B;AACvC,SAAO,kBAAkB,OAAO,QAAQ,CAAC,OAAO,UAAU;AACxD,WAAQ,KAAK,MAAM,QAAQ,EAAE,IAAI,MAAM,EAAE;EAC1C,EAAC;CACH;AAED,KAAI,OAAO,kBAAkB,gBAAgB,SAAS,GAAG;AACvD,UAAQ,IAAI,oCAAoC;AAChD,SAAO,kBAAkB,gBAAgB,QAAQ,CAAC,KAAK,UAAU;AAC/D,WAAQ,KAAK,MAAM,QAAQ,EAAE,IAAI,IAAI,EAAE;EACxC,EAAC;CACH;AAGD,SAAQ,IAAI,eAAe;AAC3B,SAAQ,IAAI,IAAI,OAAO,GAAG,CAAC;AAC3B,SAAQ,KAAK,wBAAwB,OAAO,QAAQ,YAAY,EAAE;AAClE,SAAQ,KAAK,wBAAwB,OAAO,QAAQ,kBAAkB,EAAE;AACxE,SAAQ,KAAK,sBAAsB,OAAO,QAAQ,gBAAgB,EAAE;AAEpE,KAAI,OAAO,QAAQ,gBAAgB,GAAG;AACpC,UAAQ,IAAI,+CAA+C;AAC3D,UAAQ,IAAI,6DAA6D;CAC1E,OAAM;AACL,UAAQ,IAAI,yDAAyD;EAGrE,MAAM,WAAW,OAAO,oBAAoB,OAAO,KAAK,WACtD,MAAM,SAAS,QAAQ,CACxB;EACD,MAAM,WAAW,OAAO,oBAAoB,OAAO,KAAK,WACtD,MAAM,SAAS,QAAQ,CACxB;EACD,MAAM,WAAW,OAAO,oBAAoB,OAAO,KAAK,WACtD,MAAM,SAAS,QAAQ,CACxB;EACD,MAAM,WAAW,OAAO,oBAAoB,OAAO,KAAK,WACtD,MAAM,SAAS,QAAQ,CACxB;EACD,MAAM,WAAW,OAAO,kBAAkB,OAAO,KAAK,WACpD,MAAM,SAAS,QAAQ,CACxB;AAED,UAAQ,IAAI,yCAAyC;AAErD,MAAI,SACF,SAAQ,IACN,gEACD;AAGH,MAAI,SACF,SAAQ,IACN,+DACD;AAGH,MAAI,SACF,SAAQ,IAAI,qDAAqD;AAGnE,MAAI,SACF,SAAQ,IAAI,4DAA4D;AAG1E,MAAI,SACF,SAAQ,IAAI,uDAAuD;AAGrE,MAAI,OAAO,QAAQ,oBAAoB,GAAG;AACxC,WAAQ,IAAI,kCAAkC;AAC9C,WAAQ,IAAI,iDAAiD;AAC7D,WAAQ,IACN,mEACD;EACF;AAED,MAAI,OAAO,QAAQ,kBAAkB,GAAG;AACtC,WAAQ,IAAI,4BAA4B;AACxC,WAAQ,IAAI,oDAAoD;EACjE;AAED,UAAQ,IAAI,qBAAqB;AACjC,UAAQ,IAAI,iDAAiD;AAC7D,UAAQ,IAAI,uDAAuD;AACnE,UAAQ,IAAI,6CAA6C;AACzD,UAAQ,IAAI,kDAAkD;CAC/D;AAED,SAAQ,IAAI,OAAO,IAAI,OAAO,GAAG,CAAC;AACnC"}

package/dist/index16.cjs

@@ -1,25 +1,193 @@
 
-//#region src/types/payment-modes.d.ts
+//#region src/utils/validation.ts
 /**
-* Enum representing the allowed payment mode codes with descriptive names.
-* Provides a more readable way to reference payment modes.
-*
-* @example
-* const mode = PaymentModeCodeEnum.Cash;
-* console.log(mode); // Output: "01"
+* Validates TIN format based on registration type
 */
-let PaymentModeCodeEnum = /* @__PURE__ */ function(PaymentModeCodeEnum$1) {
-	PaymentModeCodeEnum$1["Cash"] = "01";
-	PaymentModeCodeEnum$1["Cheque"] = "02";
-	PaymentModeCodeEnum$1["BankTransfer"] = "03";
-	PaymentModeCodeEnum$1["CreditCard"] = "04";
-	PaymentModeCodeEnum$1["DebitCard"] = "05";
-	PaymentModeCodeEnum$1["EWalletDigitalWallet"] = "06";
-	PaymentModeCodeEnum$1["DigitalBank"] = "07";
-	PaymentModeCodeEnum$1["Others"] = "08";
-	return PaymentModeCodeEnum$1;
-}({});
+const validateTIN = (tin, registrationType) => {
+	const errors = [];
+	if (!tin) {
+		errors.push({
+			field: "tin",
+			code: "TIN_REQUIRED",
+			message: "TIN is required",
+			severity: "error"
+		});
+		return errors;
+	}
+	if (registrationType === "BRN" && !tin.startsWith("C")) errors.push({
+		field: "tin",
+		code: "TIN_FORMAT_INVALID",
+		message: "Company TIN should start with \"C\" for BRN registration",
+		severity: "warning"
+	});
+	if (registrationType === "NRIC" && !tin.startsWith("IG")) errors.push({
+		field: "tin",
+		code: "TIN_FORMAT_INVALID",
+		message: "Individual TIN should start with \"IG\" for NRIC registration",
+		severity: "warning"
+	});
+	if (tin.length > 14) errors.push({
+		field: "tin",
+		code: "TIN_LENGTH_INVALID",
+		message: "TIN cannot exceed 14 characters",
+		severity: "error"
+	});
+	return errors;
+};
+/**
+* Validates contact number format (E.164 standard)
+*/
+const validateContactNumber = (contactNumber) => {
+	const errors = [];
+	if (!contactNumber || contactNumber === "NA") return errors;
+	const e164Regex = /^\+[1-9]\d{1,14}$/;
+	if (!e164Regex.test(contactNumber)) errors.push({
+		field: "contactNumber",
+		code: "CONTACT_FORMAT_INVALID",
+		message: "Contact number must be in E.164 format (e.g., +60123456789)",
+		severity: "error"
+	});
+	if (contactNumber.length < 8) errors.push({
+		field: "contactNumber",
+		code: "CONTACT_LENGTH_INVALID",
+		message: "Contact number must be at least 8 characters",
+		severity: "error"
+	});
+	return errors;
+};
+/**
+* Validates monetary amounts
+*/
+const validateMonetaryAmount = (amount, fieldName, maxDigits = 18, maxDecimals = 2) => {
+	const errors = [];
+	if (amount < 0) errors.push({
+		field: fieldName,
+		code: "AMOUNT_NEGATIVE",
+		message: `${fieldName} cannot be negative`,
+		severity: "error"
+	});
+	const amountStr = amount.toString();
+	const [integerPart, decimalPart] = amountStr.split(".");
+	if (integerPart && integerPart.length > maxDigits - maxDecimals) errors.push({
+		field: fieldName,
+		code: "AMOUNT_DIGITS_EXCEEDED",
+		message: `${fieldName} exceeds maximum ${maxDigits} digits`,
+		severity: "error"
+	});
+	if (decimalPart && decimalPart.length > maxDecimals) errors.push({
+		field: fieldName,
+		code: "AMOUNT_DECIMALS_EXCEEDED",
+		message: `${fieldName} exceeds maximum ${maxDecimals} decimal places`,
+		severity: "error"
+	});
+	return errors;
+};
+/**
+* Validates line item tax calculation consistency for both fixed rate and percentage taxation
+*/
+const validateLineItemTax = (item, index) => {
+	const errors = [];
+	const tolerance = .01;
+	const hasFixedRate = item.taxPerUnitAmount !== void 0 && item.baseUnitMeasure !== void 0;
+	const hasPercentageRate = item.taxRate !== void 0;
+	if (!hasFixedRate && !hasPercentageRate) {
+		errors.push({
+			field: `lineItem[${index}]`,
+			code: "TAX_METHOD_MISSING",
+			message: `Line item ${index + 1} must specify either taxRate (for percentage) or taxPerUnitAmount + baseUnitMeasure (for fixed rate)`,
+			severity: "error"
+		});
+		return errors;
+	}
+	if (hasFixedRate && hasPercentageRate) errors.push({
+		field: `lineItem[${index}]`,
+		code: "TAX_METHOD_CONFLICT",
+		message: `Line item ${index + 1} cannot have both percentage and fixed rate tax methods`,
+		severity: "error"
+	});
+	if (hasFixedRate) {
+		if (item.baseUnitMeasureCode === void 0) errors.push({
+			field: `lineItem[${index}].baseUnitMeasureCode`,
+			code: "UNIT_CODE_MISSING",
+			message: `Line item ${index + 1} with fixed rate tax must specify baseUnitMeasureCode`,
+			severity: "error"
+		});
+		const expectedTaxAmount = item.taxPerUnitAmount * item.baseUnitMeasure;
+		if (Math.abs(item.taxAmount - expectedTaxAmount) > tolerance) errors.push({
+			field: `lineItem[${index}].taxAmount`,
+			code: "FIXED_TAX_CALCULATION_MISMATCH",
+			message: `Line item ${index + 1} tax amount (${item.taxAmount}) doesn't match fixed rate calculation (${item.taxPerUnitAmount} × ${item.baseUnitMeasure} = ${expectedTaxAmount})`,
+			severity: "error"
+		});
+	}
+	if (hasPercentageRate && !hasFixedRate) {
+		const expectedTaxAmount = item.totalTaxableAmountPerLine * item.taxRate / 100;
+		if (Math.abs(item.taxAmount - expectedTaxAmount) > tolerance) errors.push({
+			field: `lineItem[${index}].taxAmount`,
+			code: "PERCENTAGE_TAX_CALCULATION_MISMATCH",
+			message: `Line item ${index + 1} tax amount (${item.taxAmount}) doesn't match percentage calculation (${item.totalTaxableAmountPerLine} × ${item.taxRate}% = ${expectedTaxAmount})`,
+			severity: "error"
+		});
+	}
+	return errors;
+};
+/**
+* Validates tax calculation consistency
+*/
+const validateTaxCalculations = (invoice) => {
+	const errors = [];
+	invoice.invoiceLineItems.forEach((item, index) => {
+		errors.push(...validateLineItemTax(item, index));
+	});
+	const expectedTaxExclusive = invoice.invoiceLineItems.reduce((sum, item) => sum + item.totalTaxableAmountPerLine, 0);
+	const expectedTaxAmount = invoice.invoiceLineItems.reduce((sum, item) => sum + item.taxAmount, 0);
+	const tolerance = .01;
+	if (Math.abs(invoice.legalMonetaryTotal.taxExclusiveAmount - expectedTaxExclusive) > tolerance) errors.push({
+		field: "legalMonetaryTotal.taxExclusiveAmount",
+		code: "TAX_EXCLUSIVE_MISMATCH",
+		message: `Tax exclusive amount (${invoice.legalMonetaryTotal.taxExclusiveAmount}) doesn't match sum of line items (${expectedTaxExclusive})`,
+		severity: "error"
+	});
+	if (Math.abs(invoice.taxTotal.taxAmount - expectedTaxAmount) > tolerance) errors.push({
+		field: "taxTotal.taxAmount",
+		code: "TAX_AMOUNT_MISMATCH",
+		message: `Tax amount (${invoice.taxTotal.taxAmount}) doesn't match sum of line item taxes (${expectedTaxAmount})`,
+		severity: "error"
+	});
+	return errors;
+};
+/**
+* Main validation function for complete invoice
+*/
+const validateInvoice = (invoice) => {
+	const allErrors = [];
+	allErrors.push(...validateTIN(invoice.supplier.tin, invoice.supplier.registrationType));
+	allErrors.push(...validateTIN(invoice.buyer.tin, invoice.buyer.registrationType));
+	allErrors.push(...validateContactNumber(invoice.supplier.contactNumber));
+	allErrors.push(...validateContactNumber(invoice.buyer.contactNumber));
+	allErrors.push(...validateMonetaryAmount(invoice.legalMonetaryTotal.taxExclusiveAmount, "taxExclusiveAmount"));
+	allErrors.push(...validateMonetaryAmount(invoice.legalMonetaryTotal.payableAmount, "payableAmount"));
+	allErrors.push(...validateMonetaryAmount(invoice.taxTotal.taxAmount, "taxAmount"));
+	invoice.invoiceLineItems.forEach((item, index) => {
+		allErrors.push(...validateMonetaryAmount(item.unitPrice, `lineItem[${index}].unitPrice`));
+		allErrors.push(...validateMonetaryAmount(item.taxAmount, `lineItem[${index}].taxAmount`));
+		allErrors.push(...validateMonetaryAmount(item.totalTaxableAmountPerLine, `lineItem[${index}].totalTaxableAmountPerLine`));
+	});
+	allErrors.push(...validateTaxCalculations(invoice));
+	const errors = allErrors.filter((e) => e.severity === "error");
+	const warnings = allErrors.filter((e) => e.severity === "warning");
+	return {
+		isValid: errors.length === 0,
+		errors,
+		warnings
+	};
+};
 
 //#endregion
-exports.PaymentModeCodeEnum = PaymentModeCodeEnum;
+exports.validateContactNumber = validateContactNumber;
+exports.validateInvoice = validateInvoice;
+exports.validateLineItemTax = validateLineItemTax;
+exports.validateMonetaryAmount = validateMonetaryAmount;
+exports.validateTIN = validateTIN;
+exports.validateTaxCalculations = validateTaxCalculations;
 //# sourceMappingURL=index16.cjs.map