@sphereon/ssi-sdk-ext.x509-utils 0.26.1-next.26 → 0.26.1-next.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"x509-validator.d.ts","sourceRoot":"","sources":["../../src/x509/x509-validator.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAC1D,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAEnE,OAAO,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAA;AAEzC,OAAO,EAAkC,WAAW,EAAyD,MAAM,OAAO,CAAA;
|
|
1
|
+
{"version":3,"file":"x509-validator.d.ts","sourceRoot":"","sources":["../../src/x509/x509-validator.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAC1D,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAEnE,OAAO,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAA;AAEzC,OAAO,EAAkC,WAAW,EAAyD,MAAM,OAAO,CAAA;AAM1H,MAAM,MAAM,MAAM,GAAG;IACnB,EAAE,EAAE,MAAM,CAAA;IACV,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACnC,CAAA;AAED,MAAM,MAAM,eAAe,GAAG;IAC5B,WAAW,CAAC,EAAE,GAAG,CAAA;IACjB,SAAS,EAAE,IAAI,CAAA;IACf,QAAQ,EAAE,IAAI,CAAA;IACd,YAAY,CAAC,EAAE,GAAG,CAAA;IAClB,MAAM,EAAE;QACN,EAAE,EAAE,MAAM,CAAA;KACX,CAAA;IACD,OAAO,EAAE;QACP,EAAE,EAAE,MAAM,CAAA;QACV,uBAAuB,EAAE,sBAAsB,EAAE,CAAA;KAClD,CAAA;CACF,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,KAAK,EAAE,OAAO,CAAA;IACd,QAAQ,EAAE,OAAO,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,gBAAgB,EAAE,IAAI,CAAA;IACtB,gBAAgB,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,CAAA;IACzC,WAAW,CAAC,EAAE,eAAe,CAAA;IAC7B,MAAM,CAAC,EAAE;QAEP,QAAQ,EAAE,MAAM,CAAA;QAChB,cAAc,EAAE,cAAc,CAAA;KAC/B,CAAA;CACF,CAAA;AAQD,eAAO,MAAM,kBAAkB,gBAChB,WAAW,SACjB;IACL,aAAa,EAAE,6BAA6B,GAAG,6BAA6B,EAAE,CAAA;CAC/E,KACA,OAAO,CAAC,eAAe,CAgBzB,CAAA;AAED,MAAM,MAAM,kCAAkC,GAAG;IAE/C,sBAAsB,CAAC,EAAE,OAAO,CAAA;IAEhC,2BAA2B,CAAC,EAAE,OAAO,CAAA;IAGrC,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAA;IAEhC,qBAAqB,CAAC,EAAE,OAAO,CAAA;IAE/B,MAAM,CAAC,EAAE;QAEP,QAAQ,EAAE,MAAM,CAAA;QAChB,cAAc,EAAE,cAAc,CAAA;KAC/B,CAAA;CACF,CAAA;AAED,eAAO,MAAM,4BAA4B,oEAUtC;IACD,KAAK,EAAE,CAAC,UAAU,GAAG,MAAM,CAAC,EAAE,CAAA;IAC9B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;IACvB,gBAAgB,CAAC,EAAE,IAAI,CAAA;IACvB,IAAI,CAAC,EAAE,kCAAkC,CAAA;CAC1C,KAAG,OAAO,CAAC,oBAAoB,CAS/B,CAAA;AA6KD,eAAO,MAAM,wBAAwB,QAAO,iBAE3C,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,aAAa,EAAE,oBAAoB,CAAA;IACnC,YAAY,CAAC,EAAE,GAAG,CAAA;IAClB,YAAY,EAAE,UAAU,CAAA;IACxB,kBAAkB,EAAE,SAAS,CAAA;IAC7B,eAAe,EAAE,eAAe,CAAA;IAChC,WAAW,EAAE,WAAW,CAAA;IACxB,eAAe,EAAE,eAAe,CAAA;CACjC,CAAA;AAED,eAAO,MAAM,gBAAgB,YAAmB,MAAM,GAAG,UAAU,KAAG,OAAO,CAAC,iBAAiB,CAsB9F,CAAA;AAwJD,eAAO,MAAM,WAAW,SAAU,WAAW,KAAG,MAK/C,CAAA;AAED,eAAO,MAAM,YAAY,SAAU,WAAW,KAAG,MAKhD,CAAA;AAgBD,eAAO,MAAM,iCAAiC,iBAAwB,MAAM,GAAG,UAAU,GAAG,WAAW,KAAG,OAAO,CAAC,GAAG,CA4BpH,CAAA;AAED;;;;;;;;;;GAUG;AACH,oBAAY,6BAA6B;IACvC,UAAU,IAAI,CAAE,QAAQ;IACxB,OAAO,IAAI;IACX,yBAAyB,IAAI;IAC7B,SAAS,IAAI;CACd;AAED,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,MAAM,CAAA;IACb,IAAI,EAAE,6BAA6B,CAAA;CACpC;AAED,MAAM,MAAM,cAAc,GAAG,cAAc,GAAG,cAAc,CAAA;AAE5D,eAAO,MAAM,sCAAsC,gBAAiB,WAAW,YAAY,MAAM,kBAAkB,cAAc,KAAG,IAUnI,CAAA;AAED,eAAO,MAAM,6CAA6C,gBAC3C,WAAW,YACd,MAAM,kBACA,cAAc,KAC7B,OAAO,CAAC,oBAAoB,CAoB9B,CAAA;AAED,eAAO,MAAM,0BAA0B,gBACxB,WAAW,SACjB;IACL,UAAU,CAAC,EAAE,6BAA6B,GAAG,6BAA6B,EAAE,CAAA;IAE5E,oBAAoB,CAAC,EAAE,cAAc,CAAA;CACtC,KACA,sBAAsB,EAsBxB,CAAA"}
|
|
@@ -43,10 +43,11 @@ const js_x509_utils_1 = __importDefault(require("js-x509-utils"));
|
|
|
43
43
|
const pkijs_1 = require("pkijs");
|
|
44
44
|
const tsyringe_1 = require("tsyringe");
|
|
45
45
|
const u8a = __importStar(require("uint8arrays"));
|
|
46
|
+
const crypto_1 = require("./crypto");
|
|
46
47
|
const x509_utils_1 = require("./x509-utils");
|
|
47
48
|
const defaultCryptoEngine = () => {
|
|
48
49
|
const name = 'crypto';
|
|
49
|
-
(0, pkijs_1.setEngine)(name, new pkijs_1.CryptoEngine({ name, crypto:
|
|
50
|
+
(0, pkijs_1.setEngine)(name, new pkijs_1.CryptoEngine({ name, crypto: (0, crypto_1.globalCrypto)(false) }));
|
|
50
51
|
return (0, pkijs_1.getCrypto)(true);
|
|
51
52
|
};
|
|
52
53
|
const getCertificateInfo = (certificate, opts) => __awaiter(void 0, void 0, void 0, function* () {
|
|
@@ -77,7 +78,7 @@ const validateX509CertificateChain = (_a) => __awaiter(void 0, [_a], void 0, fun
|
|
|
77
78
|
// We allow 1 reversal. We reverse by default as the implementation expects the root ca first, whilst x5c is the opposite. Reversed becomes true if the impl reverses the chain
|
|
78
79
|
return yield validateX509CertificateChainImpl({
|
|
79
80
|
reversed: false,
|
|
80
|
-
chain: pemOrDerChain.reverse(),
|
|
81
|
+
chain: [...pemOrDerChain].reverse(),
|
|
81
82
|
trustAnchors,
|
|
82
83
|
verificationTime,
|
|
83
84
|
opts,
|
|
@@ -98,8 +99,10 @@ const validateX509CertificateChainImpl = (_a) => __awaiter(void 0, [_a], void 0,
|
|
|
98
99
|
};
|
|
99
100
|
}
|
|
100
101
|
defaultCryptoEngine();
|
|
101
|
-
// x5c always starts with the leaf cert at index 0 and then the cas. Our internal pkijs service expects it the other way around
|
|
102
|
+
// x5c always starts with the leaf cert at index 0 and then the cas. Our internal pkijs service expects it the other way around. Before calling this function the change has been revered
|
|
102
103
|
const chain = yield Promise.all(pemOrDerChain.map((raw) => (0, exports.parseCertificate)(raw)));
|
|
104
|
+
const x5cOrdereredChain = reversed ? [...chain] : [...chain].reverse();
|
|
105
|
+
console.log(`x5c orderered chain (reverse: ${reversed}): ${x5cOrdereredChain.map((cert) => cert.certificateInfo.subject.dn.DN).join(', ')}`);
|
|
103
106
|
const trustedCerts = trustedPEMs ? yield Promise.all(trustedPEMs.map((raw) => (0, exports.parseCertificate)(raw))) : undefined;
|
|
104
107
|
const blindlyTrusted = (_b = (yield Promise.all(blindlyTrustedAnchors.map((raw) => {
|
|
105
108
|
try {
|
|
@@ -111,7 +114,7 @@ const validateX509CertificateChainImpl = (_a) => __awaiter(void 0, [_a], void 0,
|
|
|
111
114
|
return undefined;
|
|
112
115
|
}
|
|
113
116
|
}))).filter((cert) => cert !== undefined)) !== null && _b !== void 0 ? _b : [];
|
|
114
|
-
const leafCert =
|
|
117
|
+
const leafCert = x5cOrdereredChain[0];
|
|
115
118
|
const chainLength = chain.length;
|
|
116
119
|
var foundTrustAnchor = undefined;
|
|
117
120
|
for (let i = 0; i < chainLength; i++) {
|
|
@@ -120,20 +123,20 @@ const validateX509CertificateChainImpl = (_a) => __awaiter(void 0, [_a], void 0,
|
|
|
120
123
|
const blindlyTrustedCert = blindlyTrusted.find((trusted) => (0, x509_utils_1.areCertificatesEqual)(trusted.certificate, currentCert.certificate));
|
|
121
124
|
if (blindlyTrustedCert) {
|
|
122
125
|
console.log(`Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`);
|
|
123
|
-
return Object.assign({ error: false, critical: false, message: `Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`, detailMessage: `Blindly trusted certificate ${blindlyTrustedCert.certificateInfo.subject.dn.DN} was found in the chain.`, trustAnchor: blindlyTrustedCert === null || blindlyTrustedCert === void 0 ? void 0 : blindlyTrustedCert.certificateInfo, verificationTime, certificateChain:
|
|
126
|
+
return Object.assign({ error: false, critical: false, message: `Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`, detailMessage: `Blindly trusted certificate ${blindlyTrustedCert.certificateInfo.subject.dn.DN} was found in the chain.`, trustAnchor: blindlyTrustedCert === null || blindlyTrustedCert === void 0 ? void 0 : blindlyTrustedCert.certificateInfo, verificationTime, certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo) }, (client && { client }));
|
|
124
127
|
}
|
|
125
128
|
if (previousCert) {
|
|
126
129
|
if (currentCert.x509Certificate.issuer !== previousCert.x509Certificate.subject) {
|
|
127
130
|
if (!reversed && !disallowReversedChain) {
|
|
128
131
|
return yield validateX509CertificateChainImpl({
|
|
129
132
|
reversed: true,
|
|
130
|
-
chain: pemOrDerChain.reverse(),
|
|
133
|
+
chain: [...pemOrDerChain].reverse(),
|
|
131
134
|
opts,
|
|
132
135
|
verificationTime,
|
|
133
136
|
trustAnchors,
|
|
134
137
|
});
|
|
135
138
|
}
|
|
136
|
-
return Object.assign({ error: true, critical: true, certificateChain:
|
|
139
|
+
return Object.assign({ error: true, critical: true, certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo), message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, detailMessage: `The certificate ${currentCert.certificateInfo.subject.dn.DN} with issuer ${currentCert.x509Certificate.issuer}, is not signed by the previous certificate ${previousCert === null || previousCert === void 0 ? void 0 : previousCert.certificateInfo.subject.dn.DN} with subject string ${previousCert === null || previousCert === void 0 ? void 0 : previousCert.x509Certificate.subject}.`, verificationTime }, (client && { client }));
|
|
137
140
|
}
|
|
138
141
|
}
|
|
139
142
|
const result = yield currentCert.x509Certificate.verify({
|
|
@@ -144,23 +147,23 @@ const validateX509CertificateChainImpl = (_a) => __awaiter(void 0, [_a], void 0,
|
|
|
144
147
|
if (i == 0 && !reversed && !disallowReversedChain) {
|
|
145
148
|
return yield validateX509CertificateChainImpl({
|
|
146
149
|
reversed: true,
|
|
147
|
-
chain: pemOrDerChain.reverse(),
|
|
150
|
+
chain: [...pemOrDerChain].reverse(),
|
|
148
151
|
opts,
|
|
149
152
|
verificationTime,
|
|
150
153
|
trustAnchors,
|
|
151
154
|
});
|
|
152
155
|
}
|
|
153
|
-
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, certificateChain:
|
|
156
|
+
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo), detailMessage: `Verification of the certificate ${currentCert.certificateInfo.subject.dn.DN} with issuer ${currentCert.x509Certificate.issuer} failed. Public key: ${JSON.stringify(currentCert.certificateInfo.publicKeyJWK)}.`, verificationTime }, (client && { client }));
|
|
154
157
|
}
|
|
155
158
|
foundTrustAnchor = foundTrustAnchor !== null && foundTrustAnchor !== void 0 ? foundTrustAnchor : trustedCerts === null || trustedCerts === void 0 ? void 0 : trustedCerts.find((trusted) => isSameCertificate(trusted.x509Certificate, currentCert.x509Certificate));
|
|
156
159
|
if (i === 0 && chainLength === 1 && allowSingleNoCAChainElement) {
|
|
157
|
-
return Object.assign({ error: false, critical: false, message: `Certificate chain succeeded as allow single cert result is allowed: ${leafCert.certificateInfo.subject.dn.DN}.`, certificateChain:
|
|
160
|
+
return Object.assign({ error: false, critical: false, message: `Certificate chain succeeded as allow single cert result is allowed: ${leafCert.certificateInfo.subject.dn.DN}.`, certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo), trustAnchor: foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo, verificationTime }, (client && { client }));
|
|
158
161
|
}
|
|
159
162
|
}
|
|
160
163
|
if (foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo) {
|
|
161
|
-
return Object.assign({ error: false, critical: false, message: `Certificate chain was valid`, certificateChain:
|
|
164
|
+
return Object.assign({ error: false, critical: false, message: `Certificate chain was valid`, certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo), detailMessage: `The leaf certificate ${leafCert.certificateInfo.subject.dn.DN} is part of a chain with trust anchor ${foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo.subject.dn.DN}.`, trustAnchor: foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo, verificationTime }, (client && { client }));
|
|
162
165
|
}
|
|
163
|
-
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, certificateChain:
|
|
166
|
+
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo), detailMessage: `No trust anchor was found in the chain. between (intermediate) CA ${x5cOrdereredChain[chain.length - 1].certificateInfo.subject.dn.DN} and leaf ${x5cOrdereredChain[0].certificateInfo.subject.dn.DN}.`, verificationTime }, (client && { client }));
|
|
164
167
|
});
|
|
165
168
|
const isSameCertificate = (cert1, cert2) => {
|
|
166
169
|
return cert1.rawData.toString() === cert2.rawData.toString();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"x509-validator.js","sourceRoot":"","sources":["../../src/x509/x509-validator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uDAAiD;AACjD,mDAA0D;AAC1D,yCAAmE;AAGnE,kEAAgC;AAChC,iCAA0H;AAC1H,uCAAoC;AACpC,iDAAkC;AAClC,6CAAwF;AAoCxF,MAAM,mBAAmB,GAAG,GAAG,EAAE;IAC/B,MAAM,IAAI,GAAG,QAAQ,CAAA;IACrB,IAAA,iBAAS,EAAC,IAAI,EAAE,IAAI,oBAAY,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAA;IAC3D,OAAO,IAAA,iBAAS,EAAC,IAAI,CAAC,CAAA;AACxB,CAAC,CAAA;AAEM,MAAM,kBAAkB,GAAG,CAChC,WAAwB,EACxB,IAEC,EACyB,EAAE;IAC5B,IAAI,YAA6B,CAAA;IACjC,IAAI,CAAC;QACH,YAAY,GAAG,CAAC,MAAM,IAAA,yCAAiC,EAAC,WAAW,CAAC,CAAQ,CAAA;IAC9E,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC,CAAA,CAAC;IACd,OAAO;QACL,MAAM,EAAE,EAAE,EAAE,EAAE,IAAA,mBAAW,EAAC,WAAW,CAAC,EAAE;QACxC,OAAO,EAAE;YACP,EAAE,EAAE,IAAA,oBAAY,EAAC,WAAW,CAAC;YAC7B,uBAAuB,EAAE,IAAA,kCAA0B,EAAC,WAAW,EAAE,EAAE,UAAU,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,aAAa,EAAE,CAAC;SACtG;QACD,YAAY;QACZ,SAAS,EAAE,WAAW,CAAC,SAAS,CAAC,KAAK;QACtC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,KAAK;QACpC,cAAc;KACW,CAAA;AAC7B,CAAC,CAAA,CAAA;AArBY,QAAA,kBAAkB,sBAqB9B;AAoBM,MAAM,4BAA4B,GAAG,KAeV,EAAE,4CAfe,EACjD,KAAK,EAAE,aAAa,EACpB,YAAY,EACZ,gBAAgB,GAAG,IAAI,IAAI,EAAE,EAC7B,IAAI,GAAG;IACL,sBAAsB,EAAE,KAAK;IAC7B,2BAA2B,EAAE,IAAI;IACjC,qBAAqB,EAAE,EAAE;IACzB,qBAAqB,EAAE,KAAK;CAC7B,GAMF;IACC,+KAA+K;IAC/K,OAAO,MAAM,gCAAgC,CAAC;QAC5C,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE;QAC9B,YAAY;QACZ,gBAAgB;QAChB,IAAI;KACL,CAAC,CAAA;AACJ,CAAC,CAAA,CAAA;AAxBY,QAAA,4BAA4B,gCAwBxC;AACD,MAAM,gCAAgC,GAAG,KAYP,EAAE,4CAZY,EAC9C,QAAQ,EACR,KAAK,EAAE,aAAa,EACpB,YAAY,EACZ,gBAAgB,EAAE,QAAQ,EAC1B,IAAI,GAOL;;IACC,MAAM,gBAAgB,GAAS,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAA;IAC3F,MAAM,EACJ,sBAAsB,GAAG,KAAK,EAC9B,2BAA2B,GAAG,IAAI,EAClC,qBAAqB,GAAG,EAAE,EAC1B,qBAAqB,GAAG,KAAK,EAC7B,MAAM,GACP,GAAG,IAAI,CAAA;IACR,MAAM,WAAW,GAAG,sBAAsB,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAA;IAEtH,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL,KAAK,EAAE,IAAI;YACX,QAAQ,EAAE,IAAI;YACd,OAAO,EAAE,0DAA0D;YACnE,gBAAgB;SACjB,CAAA;IACH,CAAC;IACD,mBAAmB,EAAE,CAAA;IAErB,+HAA+H;IAC/H,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IAClF,MAAM,YAAY,GAAG,WAAW,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IACjH,MAAM,cAAc,GAClB,MAAA,CACE,MAAM,OAAO,CAAC,GAAG,CACf,qBAAqB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QAChC,IAAI,CAAC;YACH,OAAO,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAA;QAC9B,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,aAAa;YACb,OAAO,CAAC,GAAG,CAAC,+CAA+C,GAAG,YAAY,CAAC,CAAC,OAAO,EAAE,CAAC,CAAA;YACtF,OAAO,SAAS,CAAA;QAClB,CAAC;IACH,CAAC,CAAC,CACH,CACF,CAAC,MAAM,CAAC,CAAC,IAAI,EAA6B,EAAE,CAAC,IAAI,KAAK,SAAS,CAAC,mCAAI,EAAE,CAAA;IACzE,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;IAExC,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAA;IAChC,IAAI,gBAAgB,GAAkC,SAAS,CAAA;IAC/D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QAC5B,MAAM,YAAY,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QACrD,MAAM,kBAAkB,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAA,iCAAoB,EAAC,OAAO,CAAC,WAAW,EAAE,WAAW,CAAC,WAAW,CAAC,CAAC,CAAA;QAC/H,IAAI,kBAAkB,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,iHAAiH,CAAC,CAAA;YAC9H,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,iHAAiH,EAC1H,aAAa,EAAE,+BAA+B,kBAAkB,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,0BAA0B,EACxH,WAAW,EAAE,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,eAAe,EAChD,gBAAgB,EAChB,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,IACxD,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QACD,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,WAAW,CAAC,eAAe,CAAC,MAAM,KAAK,YAAY,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC;gBAChF,IAAI,CAAC,QAAQ,IAAI,CAAC,qBAAqB,EAAE,CAAC;oBACxC,OAAO,MAAM,gCAAgC,CAAC;wBAC5C,QAAQ,EAAE,IAAI;wBACd,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE;wBAC9B,IAAI;wBACJ,gBAAgB;wBAChB,YAAY;qBACb,CAAC,CAAA;gBACJ,CAAC;gBACD,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EAC3D,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,aAAa,EAAE,mBAAmB,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,gBAAgB,WAAW,CAAC,eAAe,CAAC,MAAM,+CAA+C,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,wBAAwB,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,eAAe,CAAC,OAAO,GAAG,EACvR,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;YACH,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,eAAe,CAAC,MAAM,CACrD;YACE,IAAI,EAAE,gBAAgB;YACtB,SAAS,EAAE,MAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,eAAe,0CAAE,SAAS;SACpD,EACD,MAAA,MAAA,MAAA,IAAA,iBAAS,GAAE,0CAAE,MAAM,mCAAI,MAAM,mCAAI,MAAM,CAAC,MAAM,CAC/C,CAAA;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBAClD,OAAO,MAAM,gCAAgC,CAAC;oBAC5C,QAAQ,EAAE,IAAI;oBACd,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE;oBAC9B,IAAI;oBACJ,gBAAgB;oBAChB,YAAY;iBACb,CAAC,CAAA;YACJ,CAAC;YACD,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EAC3D,aAAa,EAAE,mCAAmC,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,gBACzF,WAAW,CAAC,eAAe,CAAC,MAC9B,wBAAwB,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,eAAe,CAAC,YAAY,CAAC,GAAG,EACnF,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QAED,gBAAgB,GAAG,gBAAgB,aAAhB,gBAAgB,cAAhB,gBAAgB,GAAI,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC,eAAe,EAAE,WAAW,CAAC,eAAe,CAAC,CAAC,CAAA;QAE/I,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,KAAK,CAAC,IAAI,2BAA2B,EAAE,CAAC;YAChE,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,uEAAuE,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EACzH,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EAC3D,WAAW,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAC9C,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;IACH,CAAC;IAED,IAAI,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAAE,CAAC;QACtC,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,6BAA6B,EACtC,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EAC3D,aAAa,EAAE,wBAAwB,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,yCAAyC,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EACxK,WAAW,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAC9C,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;IACH,CAAC;IAED,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EAC3D,aAAa,EAAE,mDAAmD,KAAK,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,QACtG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EACrD,GAAG,EACH,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;AACH,CAAC,CAAA,CAAA;AAED,MAAM,iBAAiB,GAAG,CAAC,KAAsB,EAAE,KAAsB,EAAW,EAAE;IACpF,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,KAAK,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAA;AAC9D,CAAC,CAAA;AAED,MAAM,iBAAiB,GAAsB,oBAAS,CAAC,OAAO,CAAC,wBAAiB,CAAC,CAAA;AAC1E,MAAM,wBAAwB,GAAG,GAAsB,EAAE;IAC9D,OAAO,iBAAiB,CAAA;AAC1B,CAAC,CAAA;AAFY,QAAA,wBAAwB,4BAEpC;AAYM,MAAM,gBAAgB,GAAG,CAAO,OAA4B,EAA8B,EAAE;IACjG,MAAM,eAAe,GAAG,IAAI,sBAAe,CAAC,OAAO,CAAC,CAAA;IACpD,MAAM,aAAa,GAAG,uBAAS,CAAC,KAAK,CAAC,eAAe,CAAC,SAAS,CAAC,OAAO,EAAE,gCAAoB,CAAC,CAAA;IAC9F,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAA;IACnE,IAAI,YAAY,GAAoB,SAAS,CAAA;IAC7C,IAAI,CAAC;QACH,YAAY,GAAG,CAAC,MAAM,IAAA,yCAAiC,EAAC,IAAI,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAQ,CAAA;IAC1G,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;IAC1B,CAAC;IACD,MAAM,WAAW,GAAG,IAAA,sCAAyB,EAAC,OAAO,CAAC,CAAA;IACtD,MAAM,eAAe,GAAG,MAAM,IAAA,0BAAkB,EAAC,WAAW,CAAC,CAAA;IAC7D,MAAM,kBAAkB,GAAG,IAAA,gCAAwB,GAAE,CAAC,cAAc,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;IAC7F,OAAO;QACL,kBAAkB;QAClB,aAAa;QACb,YAAY;QACZ,YAAY;QACZ,eAAe;QACf,WAAW;QACX,eAAe;KAChB,CAAA;AACH,CAAC,CAAA,CAAA;AAtBY,QAAA,gBAAgB,oBAsB5B;AACD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAuIE;AAEF,MAAM,MAAM,GAA2B;IACrC,SAAS,EAAE,GAAG;IACd,UAAU,EAAE,GAAG;IACf,UAAU,EAAE,IAAI;IAChB,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,GAAG;IACd,SAAS,EAAE,IAAI;IACf,UAAU,EAAE,GAAG;IACf,UAAU,EAAE,IAAI;IAChB,UAAU,EAAE,GAAG;IACf,SAAS,EAAE,IAAI;IACf,sBAAsB,EAAE,QAAQ;CACjC,CAAA;AAEM,MAAM,WAAW,GAAG,CAAC,IAAiB,EAAU,EAAE;IACvD,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;QAC3C,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;KACpD,CAAA;AACH,CAAC,CAAA;AALY,QAAA,WAAW,eAKvB;AAEM,MAAM,YAAY,GAAG,CAAC,IAAiB,EAAU,EAAE;IACxD,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;QAC5C,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;KACrD,CAAA;AACH,CAAC,CAAA;AALY,QAAA,YAAY,gBAKxB;AAED,MAAM,WAAW,GAAG,CAAC,cAAuC,EAA0B,EAAE;;IACtF,MAAM,EAAE,GAA2B,EAAE,CAAA;IACrC,KAAK,MAAM,YAAY,IAAI,cAAc,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAG,MAAA,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,mCAAI,YAAY,CAAC,IAAI,CAAA;QAC3D,EAAE,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAA;IAC1C,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC,CAAA;AACD,MAAM,WAAW,GAAG,CAAC,cAAuC,EAAU,EAAE;IACtE,OAAO,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;SAC/C,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC;SACxC,IAAI,CAAC,GAAG,CAAC,CAAA;AACd,CAAC,CAAA;AAEM,MAAM,iCAAiC,GAAG,CAAO,YAA+C,EAAgB,EAAE;IACvH,MAAM,WAAW,GACf,OAAO,YAAY,KAAK,QAAQ;QAC9B,CAAC,CAAC,YAAY;QACd,CAAC,CAAC,YAAY,YAAY,UAAU;YACpC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY,EAAE,WAAW,CAAC;YACzC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACrC,MAAM,GAAG,GAAG,IAAA,qBAAQ,EAAC,WAAW,CAAC,CAAA;IACjC,MAAM,WAAW,GAAG,IAAA,sCAAyB,EAAC,GAAG,CAAC,CAAA;IAClD,IAAI,GAAoB,CAAA;IACxB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,iBAAS,EAAC,IAAI,CAAC,CAAC,MAAM,CAAA;QACrC,MAAM,EAAE,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAA;QAC3E,GAAG,GAAG,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC,CAAoB,CAAA;IAC9D,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,CAAC,CAAA;IACpE,CAAC;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,IAAI,CAAC;YACH,GAAG,GAAG,CAAC,MAAM,uBAAI,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,CAAQ,CAAA;QAC7C,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,+CAA+C,EAAE,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,CAAC,CAAA;QAC9E,CAAC;IACH,CAAC;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,KAAK,CAAC,sCAAsC,GAAG,EAAE,CAAC,CAAA;IAC1D,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC,CAAA,CAAA;AA5BY,QAAA,iCAAiC,qCA4B7C;AAED;;;;;;;;;;GAUG;AACH,IAAY,6BAKX;AALD,WAAY,6BAA6B;IACvC,6FAAc,CAAA;IACd,uFAAW,CAAA;IACX,2HAA6B,CAAA;IAC7B,2FAAa,CAAA;AACf,CAAC,EALW,6BAA6B,6CAA7B,6BAA6B,QAKxC;AASM,MAAM,sCAAsC,GAAG,CAAC,WAAwB,EAAE,QAAgB,EAAE,cAA8B,EAAQ,EAAE;IACzI,MAAM,IAAI,GAAG,IAAA,kCAA0B,EAAC,WAAW,EAAE,EAAE,oBAAoB,EAAE,cAAc,EAAE,CAAC,CAAA;IAC9F,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAA;IAClE,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,KAAK,CACT,oBAAoB,cAAc,0EAChC,IAAA,oBAAY,EAAC,WAAW,CAAC,CAAC,EAC5B,WAAW,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CACpD,CAAA;IACH,CAAC;AACH,CAAC,CAAA;AAVY,QAAA,sCAAsC,0CAUlD;AAEM,MAAM,6CAA6C,GAAG,CAC3D,WAAwB,EACxB,QAAgB,EAChB,cAA8B,EACC,EAAE;IACjC,MAAM,MAAM,GAAG;QACb,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,IAAI;QACd,OAAO,EAAE,aAAa,QAAQ,gDAAgD,cAAc,EAAE;QAC9F,MAAM,EAAE;YACN,QAAQ;YACR,cAAc;SACf;QACD,gBAAgB,EAAE,CAAC,MAAM,IAAA,0BAAkB,EAAC,WAAW,CAAC,CAAC;QACzD,gBAAgB,EAAE,IAAI,IAAI,EAAE;KAC7B,CAAA;IACD,IAAI,CAAC;QACH,IAAA,8CAAsC,EAAC,WAAW,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAA;IAC/E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,MAAM,CAAA;IACf,CAAC;IACD,MAAM,CAAC,KAAK,GAAG,KAAK,CAAA;IACpB,MAAM,CAAC,OAAO,GAAG,aAAa,QAAQ,4CAA4C,cAAc,EAAE,CAAA;IAClG,OAAO,MAAM,CAAA;AACf,CAAC,CAAA,CAAA;AAxBY,QAAA,6CAA6C,iDAwBzD;AAEM,MAAM,0BAA0B,GAAG,CACxC,WAAwB,EACxB,IAIC,EACyB,EAAE;;IAC5B,IAAI,UAA2C,CAAA;IAC/C,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,oBAAoB,EAAE,CAAC;QAC/B,UAAU;YACR,IAAI,CAAC,oBAAoB,KAAK,cAAc;gBAC1C,CAAC,CAAC,CAAC,6BAA6B,CAAC,OAAO,CAAC;gBACzC,CAAC,CAAC,CAAC,6BAA6B,CAAC,yBAAyB,CAAC,CAAA;IACjE,CAAC;SAAM,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,UAAU,EAAE,CAAC;QAC5B,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACnF,CAAC;SAAM,CAAC;QACN,UAAU,GAAG,CAAC,6BAA6B,CAAC,OAAO,EAAE,6BAA6B,CAAC,yBAAyB,CAAC,CAAA;IAC/G,CAAC;IACD,MAAM,WAAW,GAAG,MAAA,MAAA,WAAW,CAAC,UAAU,0CAAE,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,KAAK,yBAAiB,CAAC,0CAAE,WAAsB,CAAA;IACnH,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,EAAE,CAAA;IACX,CAAC;IACD,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAA;IAC9C,OAAO,QAAQ;SACZ,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;SACtD,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;QACf,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAmC,CAAA;IACtF,CAAC,CAAC,CAAA;AACN,CAAC,CAAA;AA7BY,QAAA,0BAA0B,8BA6BtC"}
|
|
1
|
+
{"version":3,"file":"x509-validator.js","sourceRoot":"","sources":["../../src/x509/x509-validator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uDAAiD;AACjD,mDAA0D;AAC1D,yCAAmE;AAGnE,kEAAgC;AAChC,iCAA0H;AAC1H,uCAAoC;AACpC,iDAAkC;AAClC,qCAAsC;AACtC,6CAAwF;AAoCxF,MAAM,mBAAmB,GAAG,GAAG,EAAE;IAC/B,MAAM,IAAI,GAAG,QAAQ,CAAA;IACrB,IAAA,iBAAS,EAAC,IAAI,EAAE,IAAI,oBAAY,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAA,qBAAY,EAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAA;IACxE,OAAO,IAAA,iBAAS,EAAC,IAAI,CAAC,CAAA;AACxB,CAAC,CAAA;AAEM,MAAM,kBAAkB,GAAG,CAChC,WAAwB,EACxB,IAEC,EACyB,EAAE;IAC5B,IAAI,YAA6B,CAAA;IACjC,IAAI,CAAC;QACH,YAAY,GAAG,CAAC,MAAM,IAAA,yCAAiC,EAAC,WAAW,CAAC,CAAQ,CAAA;IAC9E,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC,CAAA,CAAC;IACd,OAAO;QACL,MAAM,EAAE,EAAE,EAAE,EAAE,IAAA,mBAAW,EAAC,WAAW,CAAC,EAAE;QACxC,OAAO,EAAE;YACP,EAAE,EAAE,IAAA,oBAAY,EAAC,WAAW,CAAC;YAC7B,uBAAuB,EAAE,IAAA,kCAA0B,EAAC,WAAW,EAAE,EAAE,UAAU,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,aAAa,EAAE,CAAC;SACtG;QACD,YAAY;QACZ,SAAS,EAAE,WAAW,CAAC,SAAS,CAAC,KAAK;QACtC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,KAAK;QACpC,cAAc;KACW,CAAA;AAC7B,CAAC,CAAA,CAAA;AArBY,QAAA,kBAAkB,sBAqB9B;AAoBM,MAAM,4BAA4B,GAAG,KAeV,EAAE,4CAfe,EACjD,KAAK,EAAE,aAAa,EACpB,YAAY,EACZ,gBAAgB,GAAG,IAAI,IAAI,EAAE,EAC7B,IAAI,GAAG;IACL,sBAAsB,EAAE,KAAK;IAC7B,2BAA2B,EAAE,IAAI;IACjC,qBAAqB,EAAE,EAAE;IACzB,qBAAqB,EAAE,KAAK;CAC7B,GAMF;IACC,+KAA+K;IAC/K,OAAO,MAAM,gCAAgC,CAAC;QAC5C,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,CAAC,GAAG,aAAa,CAAC,CAAC,OAAO,EAAE;QACnC,YAAY;QACZ,gBAAgB;QAChB,IAAI;KACL,CAAC,CAAA;AACJ,CAAC,CAAA,CAAA;AAxBY,QAAA,4BAA4B,gCAwBxC;AACD,MAAM,gCAAgC,GAAG,KAYP,EAAE,4CAZY,EAC9C,QAAQ,EACR,KAAK,EAAE,aAAa,EACpB,YAAY,EACZ,gBAAgB,EAAE,QAAQ,EAC1B,IAAI,GAOL;;IACC,MAAM,gBAAgB,GAAS,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAA;IAC3F,MAAM,EACJ,sBAAsB,GAAG,KAAK,EAC9B,2BAA2B,GAAG,IAAI,EAClC,qBAAqB,GAAG,EAAE,EAC1B,qBAAqB,GAAG,KAAK,EAC7B,MAAM,GACP,GAAG,IAAI,CAAA;IACR,MAAM,WAAW,GAAG,sBAAsB,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAA;IAEtH,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL,KAAK,EAAE,IAAI;YACX,QAAQ,EAAE,IAAI;YACd,OAAO,EAAE,0DAA0D;YACnE,gBAAgB;SACjB,CAAA;IACH,CAAC;IACD,mBAAmB,EAAE,CAAA;IAErB,yLAAyL;IACzL,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IAClF,MAAM,iBAAiB,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,OAAO,EAAE,CAAA;IACtE,OAAO,CAAC,GAAG,CAAC,iCAAiC,QAAQ,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAE5I,MAAM,YAAY,GAAG,WAAW,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IACjH,MAAM,cAAc,GAClB,MAAA,CACE,MAAM,OAAO,CAAC,GAAG,CACf,qBAAqB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QAChC,IAAI,CAAC;YACH,OAAO,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAA;QAC9B,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,aAAa;YACb,OAAO,CAAC,GAAG,CAAC,+CAA+C,GAAG,YAAY,CAAC,CAAC,OAAO,EAAE,CAAC,CAAA;YACtF,OAAO,SAAS,CAAA;QAClB,CAAC;IACH,CAAC,CAAC,CACH,CACF,CAAC,MAAM,CAAC,CAAC,IAAI,EAA6B,EAAE,CAAC,IAAI,KAAK,SAAS,CAAC,mCAAI,EAAE,CAAA;IACzE,MAAM,QAAQ,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAA;IAErC,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAA;IAChC,IAAI,gBAAgB,GAAkC,SAAS,CAAA;IAC/D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QAC5B,MAAM,YAAY,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QACrD,MAAM,kBAAkB,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAA,iCAAoB,EAAC,OAAO,CAAC,WAAW,EAAE,WAAW,CAAC,WAAW,CAAC,CAAC,CAAA;QAC/H,IAAI,kBAAkB,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,iHAAiH,CAAC,CAAA;YAC9H,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,iHAAiH,EAC1H,aAAa,EAAE,+BAA+B,kBAAkB,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,0BAA0B,EACxH,WAAW,EAAE,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,eAAe,EAChD,gBAAgB,EAChB,gBAAgB,EAAE,iBAAiB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,IACpE,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QACD,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,WAAW,CAAC,eAAe,CAAC,MAAM,KAAK,YAAY,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC;gBAChF,IAAI,CAAC,QAAQ,IAAI,CAAC,qBAAqB,EAAE,CAAC;oBACxC,OAAO,MAAM,gCAAgC,CAAC;wBAC5C,QAAQ,EAAE,IAAI;wBACd,KAAK,EAAE,CAAC,GAAG,aAAa,CAAC,CAAC,OAAO,EAAE;wBACnC,IAAI;wBACJ,gBAAgB;wBAChB,YAAY;qBACb,CAAC,CAAA;gBACJ,CAAC;gBACD,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,gBAAgB,EAAE,iBAAiB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EACvE,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,aAAa,EAAE,mBAAmB,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,gBAAgB,WAAW,CAAC,eAAe,CAAC,MAAM,+CAA+C,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,wBAAwB,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,eAAe,CAAC,OAAO,GAAG,EACvR,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;YACH,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,eAAe,CAAC,MAAM,CACrD;YACE,IAAI,EAAE,gBAAgB;YACtB,SAAS,EAAE,MAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,eAAe,0CAAE,SAAS;SACpD,EACD,MAAA,MAAA,MAAA,IAAA,iBAAS,GAAE,0CAAE,MAAM,mCAAI,MAAM,mCAAI,MAAM,CAAC,MAAM,CAC/C,CAAA;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBAClD,OAAO,MAAM,gCAAgC,CAAC;oBAC5C,QAAQ,EAAE,IAAI;oBACd,KAAK,EAAE,CAAC,GAAG,aAAa,CAAC,CAAC,OAAO,EAAE;oBACnC,IAAI;oBACJ,gBAAgB;oBAChB,YAAY;iBACb,CAAC,CAAA;YACJ,CAAC;YACD,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,gBAAgB,EAAE,iBAAiB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EACvE,aAAa,EAAE,mCAAmC,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,gBACzF,WAAW,CAAC,eAAe,CAAC,MAC9B,wBAAwB,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,eAAe,CAAC,YAAY,CAAC,GAAG,EACnF,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QAED,gBAAgB,GAAG,gBAAgB,aAAhB,gBAAgB,cAAhB,gBAAgB,GAAI,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC,eAAe,EAAE,WAAW,CAAC,eAAe,CAAC,CAAC,CAAA;QAE/I,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,KAAK,CAAC,IAAI,2BAA2B,EAAE,CAAC;YAChE,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,uEAAuE,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EACzH,gBAAgB,EAAE,iBAAiB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EACvE,WAAW,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAC9C,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;IACH,CAAC;IAED,IAAI,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAAE,CAAC;QACtC,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,6BAA6B,EACtC,gBAAgB,EAAE,iBAAiB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EACvE,aAAa,EAAE,wBAAwB,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,yCAAyC,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EACxK,WAAW,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAC9C,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;IACH,CAAC;IAED,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,gBAAgB,EAAE,iBAAiB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EACvE,aAAa,EAAE,qEAAqE,iBAAiB,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,aACjJ,iBAAiB,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EACpD,GAAG,EACH,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;AACH,CAAC,CAAA,CAAA;AAED,MAAM,iBAAiB,GAAG,CAAC,KAAsB,EAAE,KAAsB,EAAW,EAAE;IACpF,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,KAAK,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAA;AAC9D,CAAC,CAAA;AAED,MAAM,iBAAiB,GAAsB,oBAAS,CAAC,OAAO,CAAC,wBAAiB,CAAC,CAAA;AAC1E,MAAM,wBAAwB,GAAG,GAAsB,EAAE;IAC9D,OAAO,iBAAiB,CAAA;AAC1B,CAAC,CAAA;AAFY,QAAA,wBAAwB,4BAEpC;AAYM,MAAM,gBAAgB,GAAG,CAAO,OAA4B,EAA8B,EAAE;IACjG,MAAM,eAAe,GAAG,IAAI,sBAAe,CAAC,OAAO,CAAC,CAAA;IACpD,MAAM,aAAa,GAAG,uBAAS,CAAC,KAAK,CAAC,eAAe,CAAC,SAAS,CAAC,OAAO,EAAE,gCAAoB,CAAC,CAAA;IAC9F,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAA;IACnE,IAAI,YAAY,GAAoB,SAAS,CAAA;IAC7C,IAAI,CAAC;QACH,YAAY,GAAG,CAAC,MAAM,IAAA,yCAAiC,EAAC,IAAI,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAQ,CAAA;IAC1G,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;IAC1B,CAAC;IACD,MAAM,WAAW,GAAG,IAAA,sCAAyB,EAAC,OAAO,CAAC,CAAA;IACtD,MAAM,eAAe,GAAG,MAAM,IAAA,0BAAkB,EAAC,WAAW,CAAC,CAAA;IAC7D,MAAM,kBAAkB,GAAG,IAAA,gCAAwB,GAAE,CAAC,cAAc,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;IAC7F,OAAO;QACL,kBAAkB;QAClB,aAAa;QACb,YAAY;QACZ,YAAY;QACZ,eAAe;QACf,WAAW;QACX,eAAe;KAChB,CAAA;AACH,CAAC,CAAA,CAAA;AAtBY,QAAA,gBAAgB,oBAsB5B;AACD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAuIE;AAEF,MAAM,MAAM,GAA2B;IACrC,SAAS,EAAE,GAAG;IACd,UAAU,EAAE,GAAG;IACf,UAAU,EAAE,IAAI;IAChB,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,GAAG;IACd,SAAS,EAAE,IAAI;IACf,UAAU,EAAE,GAAG;IACf,UAAU,EAAE,IAAI;IAChB,UAAU,EAAE,GAAG;IACf,SAAS,EAAE,IAAI;IACf,sBAAsB,EAAE,QAAQ;CACjC,CAAA;AAEM,MAAM,WAAW,GAAG,CAAC,IAAiB,EAAU,EAAE;IACvD,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;QAC3C,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;KACpD,CAAA;AACH,CAAC,CAAA;AALY,QAAA,WAAW,eAKvB;AAEM,MAAM,YAAY,GAAG,CAAC,IAAiB,EAAU,EAAE;IACxD,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;QAC5C,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;KACrD,CAAA;AACH,CAAC,CAAA;AALY,QAAA,YAAY,gBAKxB;AAED,MAAM,WAAW,GAAG,CAAC,cAAuC,EAA0B,EAAE;;IACtF,MAAM,EAAE,GAA2B,EAAE,CAAA;IACrC,KAAK,MAAM,YAAY,IAAI,cAAc,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAG,MAAA,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,mCAAI,YAAY,CAAC,IAAI,CAAA;QAC3D,EAAE,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAA;IAC1C,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC,CAAA;AACD,MAAM,WAAW,GAAG,CAAC,cAAuC,EAAU,EAAE;IACtE,OAAO,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;SAC/C,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC;SACxC,IAAI,CAAC,GAAG,CAAC,CAAA;AACd,CAAC,CAAA;AAEM,MAAM,iCAAiC,GAAG,CAAO,YAA+C,EAAgB,EAAE;IACvH,MAAM,WAAW,GACf,OAAO,YAAY,KAAK,QAAQ;QAC9B,CAAC,CAAC,YAAY;QACd,CAAC,CAAC,YAAY,YAAY,UAAU;YACpC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY,EAAE,WAAW,CAAC;YACzC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACrC,MAAM,GAAG,GAAG,IAAA,qBAAQ,EAAC,WAAW,CAAC,CAAA;IACjC,MAAM,WAAW,GAAG,IAAA,sCAAyB,EAAC,GAAG,CAAC,CAAA;IAClD,IAAI,GAAoB,CAAA;IACxB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,iBAAS,EAAC,IAAI,CAAC,CAAC,MAAM,CAAA;QACrC,MAAM,EAAE,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAA;QAC3E,GAAG,GAAG,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC,CAAoB,CAAA;IAC9D,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,CAAC,CAAA;IACpE,CAAC;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,IAAI,CAAC;YACH,GAAG,GAAG,CAAC,MAAM,uBAAI,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,CAAQ,CAAA;QAC7C,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,+CAA+C,EAAE,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,CAAC,CAAA;QAC9E,CAAC;IACH,CAAC;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,KAAK,CAAC,sCAAsC,GAAG,EAAE,CAAC,CAAA;IAC1D,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC,CAAA,CAAA;AA5BY,QAAA,iCAAiC,qCA4B7C;AAED;;;;;;;;;;GAUG;AACH,IAAY,6BAKX;AALD,WAAY,6BAA6B;IACvC,6FAAc,CAAA;IACd,uFAAW,CAAA;IACX,2HAA6B,CAAA;IAC7B,2FAAa,CAAA;AACf,CAAC,EALW,6BAA6B,6CAA7B,6BAA6B,QAKxC;AASM,MAAM,sCAAsC,GAAG,CAAC,WAAwB,EAAE,QAAgB,EAAE,cAA8B,EAAQ,EAAE;IACzI,MAAM,IAAI,GAAG,IAAA,kCAA0B,EAAC,WAAW,EAAE,EAAE,oBAAoB,EAAE,cAAc,EAAE,CAAC,CAAA;IAC9F,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAA;IAClE,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,KAAK,CACT,oBAAoB,cAAc,0EAChC,IAAA,oBAAY,EAAC,WAAW,CAAC,CAAC,EAC5B,WAAW,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CACpD,CAAA;IACH,CAAC;AACH,CAAC,CAAA;AAVY,QAAA,sCAAsC,0CAUlD;AAEM,MAAM,6CAA6C,GAAG,CAC3D,WAAwB,EACxB,QAAgB,EAChB,cAA8B,EACC,EAAE;IACjC,MAAM,MAAM,GAAG;QACb,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,IAAI;QACd,OAAO,EAAE,aAAa,QAAQ,gDAAgD,cAAc,EAAE;QAC9F,MAAM,EAAE;YACN,QAAQ;YACR,cAAc;SACf;QACD,gBAAgB,EAAE,CAAC,MAAM,IAAA,0BAAkB,EAAC,WAAW,CAAC,CAAC;QACzD,gBAAgB,EAAE,IAAI,IAAI,EAAE;KAC7B,CAAA;IACD,IAAI,CAAC;QACH,IAAA,8CAAsC,EAAC,WAAW,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAA;IAC/E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,MAAM,CAAA;IACf,CAAC;IACD,MAAM,CAAC,KAAK,GAAG,KAAK,CAAA;IACpB,MAAM,CAAC,OAAO,GAAG,aAAa,QAAQ,4CAA4C,cAAc,EAAE,CAAA;IAClG,OAAO,MAAM,CAAA;AACf,CAAC,CAAA,CAAA;AAxBY,QAAA,6CAA6C,iDAwBzD;AAEM,MAAM,0BAA0B,GAAG,CACxC,WAAwB,EACxB,IAIC,EACyB,EAAE;;IAC5B,IAAI,UAA2C,CAAA;IAC/C,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,oBAAoB,EAAE,CAAC;QAC/B,UAAU;YACR,IAAI,CAAC,oBAAoB,KAAK,cAAc;gBAC1C,CAAC,CAAC,CAAC,6BAA6B,CAAC,OAAO,CAAC;gBACzC,CAAC,CAAC,CAAC,6BAA6B,CAAC,yBAAyB,CAAC,CAAA;IACjE,CAAC;SAAM,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,UAAU,EAAE,CAAC;QAC5B,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACnF,CAAC;SAAM,CAAC;QACN,UAAU,GAAG,CAAC,6BAA6B,CAAC,OAAO,EAAE,6BAA6B,CAAC,yBAAyB,CAAC,CAAA;IAC/G,CAAC;IACD,MAAM,WAAW,GAAG,MAAA,MAAA,WAAW,CAAC,UAAU,0CAAE,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,KAAK,yBAAiB,CAAC,0CAAE,WAAsB,CAAA;IACnH,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,EAAE,CAAA;IACX,CAAC;IACD,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAA;IAC9C,OAAO,QAAQ;SACZ,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;SACtD,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;QACf,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAmC,CAAA;IACtF,CAAC,CAAC,CAAA;AACN,CAAC,CAAA;AA7BY,QAAA,0BAA0B,8BA6BtC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sphereon/ssi-sdk-ext.x509-utils",
|
|
3
3
|
"description": "Sphereon SSI-SDK plugin functions for X.509 Certificate handling.",
|
|
4
|
-
"version": "0.26.1-next.
|
|
4
|
+
"version": "0.26.1-next.28+683ddb7",
|
|
5
5
|
"source": "src/index.ts",
|
|
6
6
|
"main": "dist/index.js",
|
|
7
7
|
"types": "dist/index.d.ts",
|
|
@@ -42,5 +42,5 @@
|
|
|
42
42
|
"DID",
|
|
43
43
|
"Veramo"
|
|
44
44
|
],
|
|
45
|
-
"gitHead": "
|
|
45
|
+
"gitHead": "683ddb776b3b6d8e54bcf944cc4c32c7a7fecefc"
|
|
46
46
|
}
|
|
@@ -7,6 +7,7 @@ import x509 from 'js-x509-utils'
|
|
|
7
7
|
import { AltName, AttributeTypeAndValue, Certificate, CryptoEngine, getCrypto, id_SubjectAltName, setEngine } from 'pkijs'
|
|
8
8
|
import { container } from 'tsyringe'
|
|
9
9
|
import * as u8a from 'uint8arrays'
|
|
10
|
+
import {globalCrypto} from "./crypto";
|
|
10
11
|
import { areCertificatesEqual, derToPEM, pemOrDerToX509Certificate } from './x509-utils'
|
|
11
12
|
|
|
12
13
|
export type DNInfo = {
|
|
@@ -45,7 +46,7 @@ export type X509ValidationResult = {
|
|
|
45
46
|
|
|
46
47
|
const defaultCryptoEngine = () => {
|
|
47
48
|
const name = 'crypto'
|
|
48
|
-
setEngine(name, new CryptoEngine({ name, crypto:
|
|
49
|
+
setEngine(name, new CryptoEngine({ name, crypto: globalCrypto(false) }))
|
|
49
50
|
return getCrypto(true)
|
|
50
51
|
}
|
|
51
52
|
|
|
@@ -109,7 +110,7 @@ export const validateX509CertificateChain = async ({
|
|
|
109
110
|
// We allow 1 reversal. We reverse by default as the implementation expects the root ca first, whilst x5c is the opposite. Reversed becomes true if the impl reverses the chain
|
|
110
111
|
return await validateX509CertificateChainImpl({
|
|
111
112
|
reversed: false,
|
|
112
|
-
chain: pemOrDerChain.reverse(),
|
|
113
|
+
chain: [...pemOrDerChain].reverse(),
|
|
113
114
|
trustAnchors,
|
|
114
115
|
verificationTime,
|
|
115
116
|
opts,
|
|
@@ -148,8 +149,11 @@ const validateX509CertificateChainImpl = async ({
|
|
|
148
149
|
}
|
|
149
150
|
defaultCryptoEngine()
|
|
150
151
|
|
|
151
|
-
// x5c always starts with the leaf cert at index 0 and then the cas. Our internal pkijs service expects it the other way around
|
|
152
|
+
// x5c always starts with the leaf cert at index 0 and then the cas. Our internal pkijs service expects it the other way around. Before calling this function the change has been revered
|
|
152
153
|
const chain = await Promise.all(pemOrDerChain.map((raw) => parseCertificate(raw)))
|
|
154
|
+
const x5cOrdereredChain = reversed ? [...chain] : [...chain].reverse()
|
|
155
|
+
console.log(`x5c orderered chain (reverse: ${reversed}): ${x5cOrdereredChain.map((cert) => cert.certificateInfo.subject.dn.DN).join(', ')}`)
|
|
156
|
+
|
|
153
157
|
const trustedCerts = trustedPEMs ? await Promise.all(trustedPEMs.map((raw) => parseCertificate(raw))) : undefined
|
|
154
158
|
const blindlyTrusted =
|
|
155
159
|
(
|
|
@@ -165,7 +169,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
165
169
|
})
|
|
166
170
|
)
|
|
167
171
|
).filter((cert): cert is ParsedCertificate => cert !== undefined) ?? []
|
|
168
|
-
const leafCert =
|
|
172
|
+
const leafCert = x5cOrdereredChain[0]
|
|
169
173
|
|
|
170
174
|
const chainLength = chain.length
|
|
171
175
|
var foundTrustAnchor: ParsedCertificate | undefined = undefined
|
|
@@ -182,7 +186,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
182
186
|
detailMessage: `Blindly trusted certificate ${blindlyTrustedCert.certificateInfo.subject.dn.DN} was found in the chain.`,
|
|
183
187
|
trustAnchor: blindlyTrustedCert?.certificateInfo,
|
|
184
188
|
verificationTime,
|
|
185
|
-
certificateChain:
|
|
189
|
+
certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo),
|
|
186
190
|
...(client && { client }),
|
|
187
191
|
}
|
|
188
192
|
}
|
|
@@ -191,7 +195,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
191
195
|
if (!reversed && !disallowReversedChain) {
|
|
192
196
|
return await validateX509CertificateChainImpl({
|
|
193
197
|
reversed: true,
|
|
194
|
-
chain: pemOrDerChain.reverse(),
|
|
198
|
+
chain: [...pemOrDerChain].reverse(),
|
|
195
199
|
opts,
|
|
196
200
|
verificationTime,
|
|
197
201
|
trustAnchors,
|
|
@@ -200,7 +204,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
200
204
|
return {
|
|
201
205
|
error: true,
|
|
202
206
|
critical: true,
|
|
203
|
-
certificateChain:
|
|
207
|
+
certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo),
|
|
204
208
|
message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`,
|
|
205
209
|
detailMessage: `The certificate ${currentCert.certificateInfo.subject.dn.DN} with issuer ${currentCert.x509Certificate.issuer}, is not signed by the previous certificate ${previousCert?.certificateInfo.subject.dn.DN} with subject string ${previousCert?.x509Certificate.subject}.`,
|
|
206
210
|
verificationTime,
|
|
@@ -219,7 +223,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
219
223
|
if (i == 0 && !reversed && !disallowReversedChain) {
|
|
220
224
|
return await validateX509CertificateChainImpl({
|
|
221
225
|
reversed: true,
|
|
222
|
-
chain: pemOrDerChain.reverse(),
|
|
226
|
+
chain: [...pemOrDerChain].reverse(),
|
|
223
227
|
opts,
|
|
224
228
|
verificationTime,
|
|
225
229
|
trustAnchors,
|
|
@@ -229,7 +233,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
229
233
|
error: true,
|
|
230
234
|
critical: true,
|
|
231
235
|
message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`,
|
|
232
|
-
certificateChain:
|
|
236
|
+
certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo),
|
|
233
237
|
detailMessage: `Verification of the certificate ${currentCert.certificateInfo.subject.dn.DN} with issuer ${
|
|
234
238
|
currentCert.x509Certificate.issuer
|
|
235
239
|
} failed. Public key: ${JSON.stringify(currentCert.certificateInfo.publicKeyJWK)}.`,
|
|
@@ -245,7 +249,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
245
249
|
error: false,
|
|
246
250
|
critical: false,
|
|
247
251
|
message: `Certificate chain succeeded as allow single cert result is allowed: ${leafCert.certificateInfo.subject.dn.DN}.`,
|
|
248
|
-
certificateChain:
|
|
252
|
+
certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo),
|
|
249
253
|
trustAnchor: foundTrustAnchor?.certificateInfo,
|
|
250
254
|
verificationTime,
|
|
251
255
|
...(client && { client }),
|
|
@@ -258,7 +262,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
258
262
|
error: false,
|
|
259
263
|
critical: false,
|
|
260
264
|
message: `Certificate chain was valid`,
|
|
261
|
-
certificateChain:
|
|
265
|
+
certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo),
|
|
262
266
|
detailMessage: `The leaf certificate ${leafCert.certificateInfo.subject.dn.DN} is part of a chain with trust anchor ${foundTrustAnchor?.certificateInfo.subject.dn.DN}.`,
|
|
263
267
|
trustAnchor: foundTrustAnchor?.certificateInfo,
|
|
264
268
|
verificationTime,
|
|
@@ -270,9 +274,9 @@ const validateX509CertificateChainImpl = async ({
|
|
|
270
274
|
error: true,
|
|
271
275
|
critical: true,
|
|
272
276
|
message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`,
|
|
273
|
-
certificateChain:
|
|
274
|
-
detailMessage: `No trust anchor was found in the chain. between ${chain
|
|
275
|
-
|
|
277
|
+
certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo),
|
|
278
|
+
detailMessage: `No trust anchor was found in the chain. between (intermediate) CA ${x5cOrdereredChain[chain.length - 1].certificateInfo.subject.dn.DN} and leaf ${
|
|
279
|
+
x5cOrdereredChain[0].certificateInfo.subject.dn.DN
|
|
276
280
|
}.`,
|
|
277
281
|
verificationTime,
|
|
278
282
|
...(client && { client }),
|