@sphereon/ssi-sdk-ext.x509-utils 0.26.1-next.27 → 0.26.1-next.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"x509-validator.d.ts","sourceRoot":"","sources":["../../src/x509/x509-validator.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAC1D,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAEnE,OAAO,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAA;AAEzC,OAAO,EAAkC,WAAW,EAAyD,MAAM,OAAO,CAAA;AAM1H,MAAM,MAAM,MAAM,GAAG;IACnB,EAAE,EAAE,MAAM,CAAA;IACV,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACnC,CAAA;AAED,MAAM,MAAM,eAAe,GAAG;IAC5B,WAAW,CAAC,EAAE,GAAG,CAAA;IACjB,SAAS,EAAE,IAAI,CAAA;IACf,QAAQ,EAAE,IAAI,CAAA;IACd,YAAY,CAAC,EAAE,GAAG,CAAA;IAClB,MAAM,EAAE;QACN,EAAE,EAAE,MAAM,CAAA;KACX,CAAA;IACD,OAAO,EAAE;QACP,EAAE,EAAE,MAAM,CAAA;QACV,uBAAuB,EAAE,sBAAsB,EAAE,CAAA;KAClD,CAAA;CACF,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,KAAK,EAAE,OAAO,CAAA;IACd,QAAQ,EAAE,OAAO,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,gBAAgB,EAAE,IAAI,CAAA;IACtB,gBAAgB,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,CAAA;IACzC,WAAW,CAAC,EAAE,eAAe,CAAA;IAC7B,MAAM,CAAC,EAAE;QAEP,QAAQ,EAAE,MAAM,CAAA;QAChB,cAAc,EAAE,cAAc,CAAA;KAC/B,CAAA;CACF,CAAA;AAQD,eAAO,MAAM,kBAAkB,gBAChB,WAAW,SACjB;IACL,aAAa,EAAE,6BAA6B,GAAG,6BAA6B,EAAE,CAAA;CAC/E,KACA,OAAO,CAAC,eAAe,CAgBzB,CAAA;AAED,MAAM,MAAM,kCAAkC,GAAG;IAE/C,sBAAsB,CAAC,EAAE,OAAO,CAAA;IAEhC,2BAA2B,CAAC,EAAE,OAAO,CAAA;IAGrC,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAA;IAEhC,qBAAqB,CAAC,EAAE,OAAO,CAAA;IAE/B,MAAM,CAAC,EAAE;QAEP,QAAQ,EAAE,MAAM,CAAA;QAChB,cAAc,EAAE,cAAc,CAAA;KAC/B,CAAA;CACF,CAAA;AAED,eAAO,MAAM,4BAA4B,oEAUtC;IACD,KAAK,EAAE,CAAC,UAAU,GAAG,MAAM,CAAC,EAAE,CAAA;IAC9B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;IACvB,gBAAgB,CAAC,EAAE,IAAI,CAAA;IACvB,IAAI,CAAC,EAAE,kCAAkC,CAAA;CAC1C,KAAG,OAAO,CAAC,oBAAoB,CAS/B,CAAA;
|
|
1
|
+
{"version":3,"file":"x509-validator.d.ts","sourceRoot":"","sources":["../../src/x509/x509-validator.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAC1D,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAEnE,OAAO,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAA;AAEzC,OAAO,EAAkC,WAAW,EAAyD,MAAM,OAAO,CAAA;AAM1H,MAAM,MAAM,MAAM,GAAG;IACnB,EAAE,EAAE,MAAM,CAAA;IACV,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACnC,CAAA;AAED,MAAM,MAAM,eAAe,GAAG;IAC5B,WAAW,CAAC,EAAE,GAAG,CAAA;IACjB,SAAS,EAAE,IAAI,CAAA;IACf,QAAQ,EAAE,IAAI,CAAA;IACd,YAAY,CAAC,EAAE,GAAG,CAAA;IAClB,MAAM,EAAE;QACN,EAAE,EAAE,MAAM,CAAA;KACX,CAAA;IACD,OAAO,EAAE;QACP,EAAE,EAAE,MAAM,CAAA;QACV,uBAAuB,EAAE,sBAAsB,EAAE,CAAA;KAClD,CAAA;CACF,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,KAAK,EAAE,OAAO,CAAA;IACd,QAAQ,EAAE,OAAO,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,gBAAgB,EAAE,IAAI,CAAA;IACtB,gBAAgB,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,CAAA;IACzC,WAAW,CAAC,EAAE,eAAe,CAAA;IAC7B,MAAM,CAAC,EAAE;QAEP,QAAQ,EAAE,MAAM,CAAA;QAChB,cAAc,EAAE,cAAc,CAAA;KAC/B,CAAA;CACF,CAAA;AAQD,eAAO,MAAM,kBAAkB,gBAChB,WAAW,SACjB;IACL,aAAa,EAAE,6BAA6B,GAAG,6BAA6B,EAAE,CAAA;CAC/E,KACA,OAAO,CAAC,eAAe,CAgBzB,CAAA;AAED,MAAM,MAAM,kCAAkC,GAAG;IAE/C,sBAAsB,CAAC,EAAE,OAAO,CAAA;IAEhC,2BAA2B,CAAC,EAAE,OAAO,CAAA;IAGrC,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAA;IAEhC,qBAAqB,CAAC,EAAE,OAAO,CAAA;IAE/B,MAAM,CAAC,EAAE;QAEP,QAAQ,EAAE,MAAM,CAAA;QAChB,cAAc,EAAE,cAAc,CAAA;KAC/B,CAAA;CACF,CAAA;AAED,eAAO,MAAM,4BAA4B,oEAUtC;IACD,KAAK,EAAE,CAAC,UAAU,GAAG,MAAM,CAAC,EAAE,CAAA;IAC9B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;IACvB,gBAAgB,CAAC,EAAE,IAAI,CAAA;IACvB,IAAI,CAAC,EAAE,kCAAkC,CAAA;CAC1C,KAAG,OAAO,CAAC,oBAAoB,CAS/B,CAAA;AA6KD,eAAO,MAAM,wBAAwB,QAAO,iBAE3C,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,aAAa,EAAE,oBAAoB,CAAA;IACnC,YAAY,CAAC,EAAE,GAAG,CAAA;IAClB,YAAY,EAAE,UAAU,CAAA;IACxB,kBAAkB,EAAE,SAAS,CAAA;IAC7B,eAAe,EAAE,eAAe,CAAA;IAChC,WAAW,EAAE,WAAW,CAAA;IACxB,eAAe,EAAE,eAAe,CAAA;CACjC,CAAA;AAED,eAAO,MAAM,gBAAgB,YAAmB,MAAM,GAAG,UAAU,KAAG,OAAO,CAAC,iBAAiB,CAsB9F,CAAA;AAwJD,eAAO,MAAM,WAAW,SAAU,WAAW,KAAG,MAK/C,CAAA;AAED,eAAO,MAAM,YAAY,SAAU,WAAW,KAAG,MAKhD,CAAA;AAgBD,eAAO,MAAM,iCAAiC,iBAAwB,MAAM,GAAG,UAAU,GAAG,WAAW,KAAG,OAAO,CAAC,GAAG,CA4BpH,CAAA;AAED;;;;;;;;;;GAUG;AACH,oBAAY,6BAA6B;IACvC,UAAU,IAAI,CAAE,QAAQ;IACxB,OAAO,IAAI;IACX,yBAAyB,IAAI;IAC7B,SAAS,IAAI;CACd;AAED,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,MAAM,CAAA;IACb,IAAI,EAAE,6BAA6B,CAAA;CACpC;AAED,MAAM,MAAM,cAAc,GAAG,cAAc,GAAG,cAAc,CAAA;AAE5D,eAAO,MAAM,sCAAsC,gBAAiB,WAAW,YAAY,MAAM,kBAAkB,cAAc,KAAG,IAUnI,CAAA;AAED,eAAO,MAAM,6CAA6C,gBAC3C,WAAW,YACd,MAAM,kBACA,cAAc,KAC7B,OAAO,CAAC,oBAAoB,CAoB9B,CAAA;AAED,eAAO,MAAM,0BAA0B,gBACxB,WAAW,SACjB;IACL,UAAU,CAAC,EAAE,6BAA6B,GAAG,6BAA6B,EAAE,CAAA;IAE5E,oBAAoB,CAAC,EAAE,cAAc,CAAA;CACtC,KACA,sBAAsB,EAsBxB,CAAA"}
|
|
@@ -78,7 +78,7 @@ const validateX509CertificateChain = (_a) => __awaiter(void 0, [_a], void 0, fun
|
|
|
78
78
|
// We allow 1 reversal. We reverse by default as the implementation expects the root ca first, whilst x5c is the opposite. Reversed becomes true if the impl reverses the chain
|
|
79
79
|
return yield validateX509CertificateChainImpl({
|
|
80
80
|
reversed: false,
|
|
81
|
-
chain: pemOrDerChain.reverse(),
|
|
81
|
+
chain: [...pemOrDerChain].reverse(),
|
|
82
82
|
trustAnchors,
|
|
83
83
|
verificationTime,
|
|
84
84
|
opts,
|
|
@@ -99,8 +99,10 @@ const validateX509CertificateChainImpl = (_a) => __awaiter(void 0, [_a], void 0,
|
|
|
99
99
|
};
|
|
100
100
|
}
|
|
101
101
|
defaultCryptoEngine();
|
|
102
|
-
// x5c always starts with the leaf cert at index 0 and then the cas. Our internal pkijs service expects it the other way around
|
|
102
|
+
// x5c always starts with the leaf cert at index 0 and then the cas. Our internal pkijs service expects it the other way around. Before calling this function the change has been revered
|
|
103
103
|
const chain = yield Promise.all(pemOrDerChain.map((raw) => (0, exports.parseCertificate)(raw)));
|
|
104
|
+
const x5cOrdereredChain = reversed ? [...chain] : [...chain].reverse();
|
|
105
|
+
console.log(`x5c orderered chain (reverse: ${reversed}): ${x5cOrdereredChain.map((cert) => cert.certificateInfo.subject.dn.DN).join(', ')}`);
|
|
104
106
|
const trustedCerts = trustedPEMs ? yield Promise.all(trustedPEMs.map((raw) => (0, exports.parseCertificate)(raw))) : undefined;
|
|
105
107
|
const blindlyTrusted = (_b = (yield Promise.all(blindlyTrustedAnchors.map((raw) => {
|
|
106
108
|
try {
|
|
@@ -112,7 +114,7 @@ const validateX509CertificateChainImpl = (_a) => __awaiter(void 0, [_a], void 0,
|
|
|
112
114
|
return undefined;
|
|
113
115
|
}
|
|
114
116
|
}))).filter((cert) => cert !== undefined)) !== null && _b !== void 0 ? _b : [];
|
|
115
|
-
const leafCert =
|
|
117
|
+
const leafCert = x5cOrdereredChain[0];
|
|
116
118
|
const chainLength = chain.length;
|
|
117
119
|
var foundTrustAnchor = undefined;
|
|
118
120
|
for (let i = 0; i < chainLength; i++) {
|
|
@@ -121,20 +123,20 @@ const validateX509CertificateChainImpl = (_a) => __awaiter(void 0, [_a], void 0,
|
|
|
121
123
|
const blindlyTrustedCert = blindlyTrusted.find((trusted) => (0, x509_utils_1.areCertificatesEqual)(trusted.certificate, currentCert.certificate));
|
|
122
124
|
if (blindlyTrustedCert) {
|
|
123
125
|
console.log(`Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`);
|
|
124
|
-
return Object.assign({ error: false, critical: false, message: `Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`, detailMessage: `Blindly trusted certificate ${blindlyTrustedCert.certificateInfo.subject.dn.DN} was found in the chain.`, trustAnchor: blindlyTrustedCert === null || blindlyTrustedCert === void 0 ? void 0 : blindlyTrustedCert.certificateInfo, verificationTime, certificateChain:
|
|
126
|
+
return Object.assign({ error: false, critical: false, message: `Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`, detailMessage: `Blindly trusted certificate ${blindlyTrustedCert.certificateInfo.subject.dn.DN} was found in the chain.`, trustAnchor: blindlyTrustedCert === null || blindlyTrustedCert === void 0 ? void 0 : blindlyTrustedCert.certificateInfo, verificationTime, certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo) }, (client && { client }));
|
|
125
127
|
}
|
|
126
128
|
if (previousCert) {
|
|
127
129
|
if (currentCert.x509Certificate.issuer !== previousCert.x509Certificate.subject) {
|
|
128
130
|
if (!reversed && !disallowReversedChain) {
|
|
129
131
|
return yield validateX509CertificateChainImpl({
|
|
130
132
|
reversed: true,
|
|
131
|
-
chain: pemOrDerChain.reverse(),
|
|
133
|
+
chain: [...pemOrDerChain].reverse(),
|
|
132
134
|
opts,
|
|
133
135
|
verificationTime,
|
|
134
136
|
trustAnchors,
|
|
135
137
|
});
|
|
136
138
|
}
|
|
137
|
-
return Object.assign({ error: true, critical: true, certificateChain:
|
|
139
|
+
return Object.assign({ error: true, critical: true, certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo), message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, detailMessage: `The certificate ${currentCert.certificateInfo.subject.dn.DN} with issuer ${currentCert.x509Certificate.issuer}, is not signed by the previous certificate ${previousCert === null || previousCert === void 0 ? void 0 : previousCert.certificateInfo.subject.dn.DN} with subject string ${previousCert === null || previousCert === void 0 ? void 0 : previousCert.x509Certificate.subject}.`, verificationTime }, (client && { client }));
|
|
138
140
|
}
|
|
139
141
|
}
|
|
140
142
|
const result = yield currentCert.x509Certificate.verify({
|
|
@@ -145,23 +147,23 @@ const validateX509CertificateChainImpl = (_a) => __awaiter(void 0, [_a], void 0,
|
|
|
145
147
|
if (i == 0 && !reversed && !disallowReversedChain) {
|
|
146
148
|
return yield validateX509CertificateChainImpl({
|
|
147
149
|
reversed: true,
|
|
148
|
-
chain: pemOrDerChain.reverse(),
|
|
150
|
+
chain: [...pemOrDerChain].reverse(),
|
|
149
151
|
opts,
|
|
150
152
|
verificationTime,
|
|
151
153
|
trustAnchors,
|
|
152
154
|
});
|
|
153
155
|
}
|
|
154
|
-
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, certificateChain:
|
|
156
|
+
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo), detailMessage: `Verification of the certificate ${currentCert.certificateInfo.subject.dn.DN} with issuer ${currentCert.x509Certificate.issuer} failed. Public key: ${JSON.stringify(currentCert.certificateInfo.publicKeyJWK)}.`, verificationTime }, (client && { client }));
|
|
155
157
|
}
|
|
156
158
|
foundTrustAnchor = foundTrustAnchor !== null && foundTrustAnchor !== void 0 ? foundTrustAnchor : trustedCerts === null || trustedCerts === void 0 ? void 0 : trustedCerts.find((trusted) => isSameCertificate(trusted.x509Certificate, currentCert.x509Certificate));
|
|
157
159
|
if (i === 0 && chainLength === 1 && allowSingleNoCAChainElement) {
|
|
158
|
-
return Object.assign({ error: false, critical: false, message: `Certificate chain succeeded as allow single cert result is allowed: ${leafCert.certificateInfo.subject.dn.DN}.`, certificateChain:
|
|
160
|
+
return Object.assign({ error: false, critical: false, message: `Certificate chain succeeded as allow single cert result is allowed: ${leafCert.certificateInfo.subject.dn.DN}.`, certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo), trustAnchor: foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo, verificationTime }, (client && { client }));
|
|
159
161
|
}
|
|
160
162
|
}
|
|
161
163
|
if (foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo) {
|
|
162
|
-
return Object.assign({ error: false, critical: false, message: `Certificate chain was valid`, certificateChain:
|
|
164
|
+
return Object.assign({ error: false, critical: false, message: `Certificate chain was valid`, certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo), detailMessage: `The leaf certificate ${leafCert.certificateInfo.subject.dn.DN} is part of a chain with trust anchor ${foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo.subject.dn.DN}.`, trustAnchor: foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo, verificationTime }, (client && { client }));
|
|
163
165
|
}
|
|
164
|
-
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, certificateChain:
|
|
166
|
+
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo), detailMessage: `No trust anchor was found in the chain. between (intermediate) CA ${x5cOrdereredChain[chain.length - 1].certificateInfo.subject.dn.DN} and leaf ${x5cOrdereredChain[0].certificateInfo.subject.dn.DN}.`, verificationTime }, (client && { client }));
|
|
165
167
|
});
|
|
166
168
|
const isSameCertificate = (cert1, cert2) => {
|
|
167
169
|
return cert1.rawData.toString() === cert2.rawData.toString();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"x509-validator.js","sourceRoot":"","sources":["../../src/x509/x509-validator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uDAAiD;AACjD,mDAA0D;AAC1D,yCAAmE;AAGnE,kEAAgC;AAChC,iCAA0H;AAC1H,uCAAoC;AACpC,iDAAkC;AAClC,qCAAsC;AACtC,6CAAwF;AAoCxF,MAAM,mBAAmB,GAAG,GAAG,EAAE;IAC/B,MAAM,IAAI,GAAG,QAAQ,CAAA;IACrB,IAAA,iBAAS,EAAC,IAAI,EAAE,IAAI,oBAAY,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAA,qBAAY,EAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAA;IACxE,OAAO,IAAA,iBAAS,EAAC,IAAI,CAAC,CAAA;AACxB,CAAC,CAAA;AAEM,MAAM,kBAAkB,GAAG,CAChC,WAAwB,EACxB,IAEC,EACyB,EAAE;IAC5B,IAAI,YAA6B,CAAA;IACjC,IAAI,CAAC;QACH,YAAY,GAAG,CAAC,MAAM,IAAA,yCAAiC,EAAC,WAAW,CAAC,CAAQ,CAAA;IAC9E,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC,CAAA,CAAC;IACd,OAAO;QACL,MAAM,EAAE,EAAE,EAAE,EAAE,IAAA,mBAAW,EAAC,WAAW,CAAC,EAAE;QACxC,OAAO,EAAE;YACP,EAAE,EAAE,IAAA,oBAAY,EAAC,WAAW,CAAC;YAC7B,uBAAuB,EAAE,IAAA,kCAA0B,EAAC,WAAW,EAAE,EAAE,UAAU,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,aAAa,EAAE,CAAC;SACtG;QACD,YAAY;QACZ,SAAS,EAAE,WAAW,CAAC,SAAS,CAAC,KAAK;QACtC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,KAAK;QACpC,cAAc;KACW,CAAA;AAC7B,CAAC,CAAA,CAAA;AArBY,QAAA,kBAAkB,sBAqB9B;AAoBM,MAAM,4BAA4B,GAAG,KAeV,EAAE,4CAfe,EACjD,KAAK,EAAE,aAAa,EACpB,YAAY,EACZ,gBAAgB,GAAG,IAAI,IAAI,EAAE,EAC7B,IAAI,GAAG;IACL,sBAAsB,EAAE,KAAK;IAC7B,2BAA2B,EAAE,IAAI;IACjC,qBAAqB,EAAE,EAAE;IACzB,qBAAqB,EAAE,KAAK;CAC7B,GAMF;IACC,+KAA+K;IAC/K,OAAO,MAAM,gCAAgC,CAAC;QAC5C,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE;QAC9B,YAAY;QACZ,gBAAgB;QAChB,IAAI;KACL,CAAC,CAAA;AACJ,CAAC,CAAA,CAAA;AAxBY,QAAA,4BAA4B,gCAwBxC;AACD,MAAM,gCAAgC,GAAG,KAYP,EAAE,4CAZY,EAC9C,QAAQ,EACR,KAAK,EAAE,aAAa,EACpB,YAAY,EACZ,gBAAgB,EAAE,QAAQ,EAC1B,IAAI,GAOL;;IACC,MAAM,gBAAgB,GAAS,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAA;IAC3F,MAAM,EACJ,sBAAsB,GAAG,KAAK,EAC9B,2BAA2B,GAAG,IAAI,EAClC,qBAAqB,GAAG,EAAE,EAC1B,qBAAqB,GAAG,KAAK,EAC7B,MAAM,GACP,GAAG,IAAI,CAAA;IACR,MAAM,WAAW,GAAG,sBAAsB,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAA;IAEtH,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL,KAAK,EAAE,IAAI;YACX,QAAQ,EAAE,IAAI;YACd,OAAO,EAAE,0DAA0D;YACnE,gBAAgB;SACjB,CAAA;IACH,CAAC;IACD,mBAAmB,EAAE,CAAA;IAErB,+HAA+H;IAC/H,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IAClF,MAAM,YAAY,GAAG,WAAW,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IACjH,MAAM,cAAc,GAClB,MAAA,CACE,MAAM,OAAO,CAAC,GAAG,CACf,qBAAqB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QAChC,IAAI,CAAC;YACH,OAAO,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAA;QAC9B,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,aAAa;YACb,OAAO,CAAC,GAAG,CAAC,+CAA+C,GAAG,YAAY,CAAC,CAAC,OAAO,EAAE,CAAC,CAAA;YACtF,OAAO,SAAS,CAAA;QAClB,CAAC;IACH,CAAC,CAAC,CACH,CACF,CAAC,MAAM,CAAC,CAAC,IAAI,EAA6B,EAAE,CAAC,IAAI,KAAK,SAAS,CAAC,mCAAI,EAAE,CAAA;IACzE,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;IAExC,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAA;IAChC,IAAI,gBAAgB,GAAkC,SAAS,CAAA;IAC/D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QAC5B,MAAM,YAAY,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QACrD,MAAM,kBAAkB,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAA,iCAAoB,EAAC,OAAO,CAAC,WAAW,EAAE,WAAW,CAAC,WAAW,CAAC,CAAC,CAAA;QAC/H,IAAI,kBAAkB,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,iHAAiH,CAAC,CAAA;YAC9H,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,iHAAiH,EAC1H,aAAa,EAAE,+BAA+B,kBAAkB,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,0BAA0B,EACxH,WAAW,EAAE,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,eAAe,EAChD,gBAAgB,EAChB,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,IACxD,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QACD,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,WAAW,CAAC,eAAe,CAAC,MAAM,KAAK,YAAY,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC;gBAChF,IAAI,CAAC,QAAQ,IAAI,CAAC,qBAAqB,EAAE,CAAC;oBACxC,OAAO,MAAM,gCAAgC,CAAC;wBAC5C,QAAQ,EAAE,IAAI;wBACd,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE;wBAC9B,IAAI;wBACJ,gBAAgB;wBAChB,YAAY;qBACb,CAAC,CAAA;gBACJ,CAAC;gBACD,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EAC3D,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,aAAa,EAAE,mBAAmB,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,gBAAgB,WAAW,CAAC,eAAe,CAAC,MAAM,+CAA+C,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,wBAAwB,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,eAAe,CAAC,OAAO,GAAG,EACvR,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;YACH,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,eAAe,CAAC,MAAM,CACrD;YACE,IAAI,EAAE,gBAAgB;YACtB,SAAS,EAAE,MAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,eAAe,0CAAE,SAAS;SACpD,EACD,MAAA,MAAA,MAAA,IAAA,iBAAS,GAAE,0CAAE,MAAM,mCAAI,MAAM,mCAAI,MAAM,CAAC,MAAM,CAC/C,CAAA;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBAClD,OAAO,MAAM,gCAAgC,CAAC;oBAC5C,QAAQ,EAAE,IAAI;oBACd,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE;oBAC9B,IAAI;oBACJ,gBAAgB;oBAChB,YAAY;iBACb,CAAC,CAAA;YACJ,CAAC;YACD,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EAC3D,aAAa,EAAE,mCAAmC,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,gBACzF,WAAW,CAAC,eAAe,CAAC,MAC9B,wBAAwB,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,eAAe,CAAC,YAAY,CAAC,GAAG,EACnF,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QAED,gBAAgB,GAAG,gBAAgB,aAAhB,gBAAgB,cAAhB,gBAAgB,GAAI,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC,eAAe,EAAE,WAAW,CAAC,eAAe,CAAC,CAAC,CAAA;QAE/I,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,KAAK,CAAC,IAAI,2BAA2B,EAAE,CAAC;YAChE,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,uEAAuE,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EACzH,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EAC3D,WAAW,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAC9C,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;IACH,CAAC;IAED,IAAI,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAAE,CAAC;QACtC,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,6BAA6B,EACtC,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EAC3D,aAAa,EAAE,wBAAwB,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,yCAAyC,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EACxK,WAAW,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAC9C,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;IACH,CAAC;IAED,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EAC3D,aAAa,EAAE,mDAAmD,KAAK,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,QACtG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EACrD,GAAG,EACH,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;AACH,CAAC,CAAA,CAAA;AAED,MAAM,iBAAiB,GAAG,CAAC,KAAsB,EAAE,KAAsB,EAAW,EAAE;IACpF,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,KAAK,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAA;AAC9D,CAAC,CAAA;AAED,MAAM,iBAAiB,GAAsB,oBAAS,CAAC,OAAO,CAAC,wBAAiB,CAAC,CAAA;AAC1E,MAAM,wBAAwB,GAAG,GAAsB,EAAE;IAC9D,OAAO,iBAAiB,CAAA;AAC1B,CAAC,CAAA;AAFY,QAAA,wBAAwB,4BAEpC;AAYM,MAAM,gBAAgB,GAAG,CAAO,OAA4B,EAA8B,EAAE;IACjG,MAAM,eAAe,GAAG,IAAI,sBAAe,CAAC,OAAO,CAAC,CAAA;IACpD,MAAM,aAAa,GAAG,uBAAS,CAAC,KAAK,CAAC,eAAe,CAAC,SAAS,CAAC,OAAO,EAAE,gCAAoB,CAAC,CAAA;IAC9F,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAA;IACnE,IAAI,YAAY,GAAoB,SAAS,CAAA;IAC7C,IAAI,CAAC;QACH,YAAY,GAAG,CAAC,MAAM,IAAA,yCAAiC,EAAC,IAAI,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAQ,CAAA;IAC1G,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;IAC1B,CAAC;IACD,MAAM,WAAW,GAAG,IAAA,sCAAyB,EAAC,OAAO,CAAC,CAAA;IACtD,MAAM,eAAe,GAAG,MAAM,IAAA,0BAAkB,EAAC,WAAW,CAAC,CAAA;IAC7D,MAAM,kBAAkB,GAAG,IAAA,gCAAwB,GAAE,CAAC,cAAc,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;IAC7F,OAAO;QACL,kBAAkB;QAClB,aAAa;QACb,YAAY;QACZ,YAAY;QACZ,eAAe;QACf,WAAW;QACX,eAAe;KAChB,CAAA;AACH,CAAC,CAAA,CAAA;AAtBY,QAAA,gBAAgB,oBAsB5B;AACD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAuIE;AAEF,MAAM,MAAM,GAA2B;IACrC,SAAS,EAAE,GAAG;IACd,UAAU,EAAE,GAAG;IACf,UAAU,EAAE,IAAI;IAChB,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,GAAG;IACd,SAAS,EAAE,IAAI;IACf,UAAU,EAAE,GAAG;IACf,UAAU,EAAE,IAAI;IAChB,UAAU,EAAE,GAAG;IACf,SAAS,EAAE,IAAI;IACf,sBAAsB,EAAE,QAAQ;CACjC,CAAA;AAEM,MAAM,WAAW,GAAG,CAAC,IAAiB,EAAU,EAAE;IACvD,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;QAC3C,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;KACpD,CAAA;AACH,CAAC,CAAA;AALY,QAAA,WAAW,eAKvB;AAEM,MAAM,YAAY,GAAG,CAAC,IAAiB,EAAU,EAAE;IACxD,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;QAC5C,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;KACrD,CAAA;AACH,CAAC,CAAA;AALY,QAAA,YAAY,gBAKxB;AAED,MAAM,WAAW,GAAG,CAAC,cAAuC,EAA0B,EAAE;;IACtF,MAAM,EAAE,GAA2B,EAAE,CAAA;IACrC,KAAK,MAAM,YAAY,IAAI,cAAc,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAG,MAAA,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,mCAAI,YAAY,CAAC,IAAI,CAAA;QAC3D,EAAE,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAA;IAC1C,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC,CAAA;AACD,MAAM,WAAW,GAAG,CAAC,cAAuC,EAAU,EAAE;IACtE,OAAO,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;SAC/C,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC;SACxC,IAAI,CAAC,GAAG,CAAC,CAAA;AACd,CAAC,CAAA;AAEM,MAAM,iCAAiC,GAAG,CAAO,YAA+C,EAAgB,EAAE;IACvH,MAAM,WAAW,GACf,OAAO,YAAY,KAAK,QAAQ;QAC9B,CAAC,CAAC,YAAY;QACd,CAAC,CAAC,YAAY,YAAY,UAAU;YACpC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY,EAAE,WAAW,CAAC;YACzC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACrC,MAAM,GAAG,GAAG,IAAA,qBAAQ,EAAC,WAAW,CAAC,CAAA;IACjC,MAAM,WAAW,GAAG,IAAA,sCAAyB,EAAC,GAAG,CAAC,CAAA;IAClD,IAAI,GAAoB,CAAA;IACxB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,iBAAS,EAAC,IAAI,CAAC,CAAC,MAAM,CAAA;QACrC,MAAM,EAAE,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAA;QAC3E,GAAG,GAAG,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC,CAAoB,CAAA;IAC9D,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,CAAC,CAAA;IACpE,CAAC;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,IAAI,CAAC;YACH,GAAG,GAAG,CAAC,MAAM,uBAAI,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,CAAQ,CAAA;QAC7C,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,+CAA+C,EAAE,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,CAAC,CAAA;QAC9E,CAAC;IACH,CAAC;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,KAAK,CAAC,sCAAsC,GAAG,EAAE,CAAC,CAAA;IAC1D,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC,CAAA,CAAA;AA5BY,QAAA,iCAAiC,qCA4B7C;AAED;;;;;;;;;;GAUG;AACH,IAAY,6BAKX;AALD,WAAY,6BAA6B;IACvC,6FAAc,CAAA;IACd,uFAAW,CAAA;IACX,2HAA6B,CAAA;IAC7B,2FAAa,CAAA;AACf,CAAC,EALW,6BAA6B,6CAA7B,6BAA6B,QAKxC;AASM,MAAM,sCAAsC,GAAG,CAAC,WAAwB,EAAE,QAAgB,EAAE,cAA8B,EAAQ,EAAE;IACzI,MAAM,IAAI,GAAG,IAAA,kCAA0B,EAAC,WAAW,EAAE,EAAE,oBAAoB,EAAE,cAAc,EAAE,CAAC,CAAA;IAC9F,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAA;IAClE,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,KAAK,CACT,oBAAoB,cAAc,0EAChC,IAAA,oBAAY,EAAC,WAAW,CAAC,CAAC,EAC5B,WAAW,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CACpD,CAAA;IACH,CAAC;AACH,CAAC,CAAA;AAVY,QAAA,sCAAsC,0CAUlD;AAEM,MAAM,6CAA6C,GAAG,CAC3D,WAAwB,EACxB,QAAgB,EAChB,cAA8B,EACC,EAAE;IACjC,MAAM,MAAM,GAAG;QACb,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,IAAI;QACd,OAAO,EAAE,aAAa,QAAQ,gDAAgD,cAAc,EAAE;QAC9F,MAAM,EAAE;YACN,QAAQ;YACR,cAAc;SACf;QACD,gBAAgB,EAAE,CAAC,MAAM,IAAA,0BAAkB,EAAC,WAAW,CAAC,CAAC;QACzD,gBAAgB,EAAE,IAAI,IAAI,EAAE;KAC7B,CAAA;IACD,IAAI,CAAC;QACH,IAAA,8CAAsC,EAAC,WAAW,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAA;IAC/E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,MAAM,CAAA;IACf,CAAC;IACD,MAAM,CAAC,KAAK,GAAG,KAAK,CAAA;IACpB,MAAM,CAAC,OAAO,GAAG,aAAa,QAAQ,4CAA4C,cAAc,EAAE,CAAA;IAClG,OAAO,MAAM,CAAA;AACf,CAAC,CAAA,CAAA;AAxBY,QAAA,6CAA6C,iDAwBzD;AAEM,MAAM,0BAA0B,GAAG,CACxC,WAAwB,EACxB,IAIC,EACyB,EAAE;;IAC5B,IAAI,UAA2C,CAAA;IAC/C,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,oBAAoB,EAAE,CAAC;QAC/B,UAAU;YACR,IAAI,CAAC,oBAAoB,KAAK,cAAc;gBAC1C,CAAC,CAAC,CAAC,6BAA6B,CAAC,OAAO,CAAC;gBACzC,CAAC,CAAC,CAAC,6BAA6B,CAAC,yBAAyB,CAAC,CAAA;IACjE,CAAC;SAAM,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,UAAU,EAAE,CAAC;QAC5B,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACnF,CAAC;SAAM,CAAC;QACN,UAAU,GAAG,CAAC,6BAA6B,CAAC,OAAO,EAAE,6BAA6B,CAAC,yBAAyB,CAAC,CAAA;IAC/G,CAAC;IACD,MAAM,WAAW,GAAG,MAAA,MAAA,WAAW,CAAC,UAAU,0CAAE,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,KAAK,yBAAiB,CAAC,0CAAE,WAAsB,CAAA;IACnH,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,EAAE,CAAA;IACX,CAAC;IACD,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAA;IAC9C,OAAO,QAAQ;SACZ,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;SACtD,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;QACf,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAmC,CAAA;IACtF,CAAC,CAAC,CAAA;AACN,CAAC,CAAA;AA7BY,QAAA,0BAA0B,8BA6BtC"}
|
|
1
|
+
{"version":3,"file":"x509-validator.js","sourceRoot":"","sources":["../../src/x509/x509-validator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uDAAiD;AACjD,mDAA0D;AAC1D,yCAAmE;AAGnE,kEAAgC;AAChC,iCAA0H;AAC1H,uCAAoC;AACpC,iDAAkC;AAClC,qCAAsC;AACtC,6CAAwF;AAoCxF,MAAM,mBAAmB,GAAG,GAAG,EAAE;IAC/B,MAAM,IAAI,GAAG,QAAQ,CAAA;IACrB,IAAA,iBAAS,EAAC,IAAI,EAAE,IAAI,oBAAY,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAA,qBAAY,EAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAA;IACxE,OAAO,IAAA,iBAAS,EAAC,IAAI,CAAC,CAAA;AACxB,CAAC,CAAA;AAEM,MAAM,kBAAkB,GAAG,CAChC,WAAwB,EACxB,IAEC,EACyB,EAAE;IAC5B,IAAI,YAA6B,CAAA;IACjC,IAAI,CAAC;QACH,YAAY,GAAG,CAAC,MAAM,IAAA,yCAAiC,EAAC,WAAW,CAAC,CAAQ,CAAA;IAC9E,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC,CAAA,CAAC;IACd,OAAO;QACL,MAAM,EAAE,EAAE,EAAE,EAAE,IAAA,mBAAW,EAAC,WAAW,CAAC,EAAE;QACxC,OAAO,EAAE;YACP,EAAE,EAAE,IAAA,oBAAY,EAAC,WAAW,CAAC;YAC7B,uBAAuB,EAAE,IAAA,kCAA0B,EAAC,WAAW,EAAE,EAAE,UAAU,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,aAAa,EAAE,CAAC;SACtG;QACD,YAAY;QACZ,SAAS,EAAE,WAAW,CAAC,SAAS,CAAC,KAAK;QACtC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,KAAK;QACpC,cAAc;KACW,CAAA;AAC7B,CAAC,CAAA,CAAA;AArBY,QAAA,kBAAkB,sBAqB9B;AAoBM,MAAM,4BAA4B,GAAG,KAeV,EAAE,4CAfe,EACjD,KAAK,EAAE,aAAa,EACpB,YAAY,EACZ,gBAAgB,GAAG,IAAI,IAAI,EAAE,EAC7B,IAAI,GAAG;IACL,sBAAsB,EAAE,KAAK;IAC7B,2BAA2B,EAAE,IAAI;IACjC,qBAAqB,EAAE,EAAE;IACzB,qBAAqB,EAAE,KAAK;CAC7B,GAMF;IACC,+KAA+K;IAC/K,OAAO,MAAM,gCAAgC,CAAC;QAC5C,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,CAAC,GAAG,aAAa,CAAC,CAAC,OAAO,EAAE;QACnC,YAAY;QACZ,gBAAgB;QAChB,IAAI;KACL,CAAC,CAAA;AACJ,CAAC,CAAA,CAAA;AAxBY,QAAA,4BAA4B,gCAwBxC;AACD,MAAM,gCAAgC,GAAG,KAYP,EAAE,4CAZY,EAC9C,QAAQ,EACR,KAAK,EAAE,aAAa,EACpB,YAAY,EACZ,gBAAgB,EAAE,QAAQ,EAC1B,IAAI,GAOL;;IACC,MAAM,gBAAgB,GAAS,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAA;IAC3F,MAAM,EACJ,sBAAsB,GAAG,KAAK,EAC9B,2BAA2B,GAAG,IAAI,EAClC,qBAAqB,GAAG,EAAE,EAC1B,qBAAqB,GAAG,KAAK,EAC7B,MAAM,GACP,GAAG,IAAI,CAAA;IACR,MAAM,WAAW,GAAG,sBAAsB,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAA;IAEtH,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL,KAAK,EAAE,IAAI;YACX,QAAQ,EAAE,IAAI;YACd,OAAO,EAAE,0DAA0D;YACnE,gBAAgB;SACjB,CAAA;IACH,CAAC;IACD,mBAAmB,EAAE,CAAA;IAErB,yLAAyL;IACzL,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IAClF,MAAM,iBAAiB,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,OAAO,EAAE,CAAA;IACtE,OAAO,CAAC,GAAG,CAAC,iCAAiC,QAAQ,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAE5I,MAAM,YAAY,GAAG,WAAW,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IACjH,MAAM,cAAc,GAClB,MAAA,CACE,MAAM,OAAO,CAAC,GAAG,CACf,qBAAqB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QAChC,IAAI,CAAC;YACH,OAAO,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAA;QAC9B,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,aAAa;YACb,OAAO,CAAC,GAAG,CAAC,+CAA+C,GAAG,YAAY,CAAC,CAAC,OAAO,EAAE,CAAC,CAAA;YACtF,OAAO,SAAS,CAAA;QAClB,CAAC;IACH,CAAC,CAAC,CACH,CACF,CAAC,MAAM,CAAC,CAAC,IAAI,EAA6B,EAAE,CAAC,IAAI,KAAK,SAAS,CAAC,mCAAI,EAAE,CAAA;IACzE,MAAM,QAAQ,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAA;IAErC,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAA;IAChC,IAAI,gBAAgB,GAAkC,SAAS,CAAA;IAC/D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QAC5B,MAAM,YAAY,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QACrD,MAAM,kBAAkB,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAA,iCAAoB,EAAC,OAAO,CAAC,WAAW,EAAE,WAAW,CAAC,WAAW,CAAC,CAAC,CAAA;QAC/H,IAAI,kBAAkB,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,iHAAiH,CAAC,CAAA;YAC9H,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,iHAAiH,EAC1H,aAAa,EAAE,+BAA+B,kBAAkB,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,0BAA0B,EACxH,WAAW,EAAE,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,eAAe,EAChD,gBAAgB,EAChB,gBAAgB,EAAE,iBAAiB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,IACpE,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QACD,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,WAAW,CAAC,eAAe,CAAC,MAAM,KAAK,YAAY,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC;gBAChF,IAAI,CAAC,QAAQ,IAAI,CAAC,qBAAqB,EAAE,CAAC;oBACxC,OAAO,MAAM,gCAAgC,CAAC;wBAC5C,QAAQ,EAAE,IAAI;wBACd,KAAK,EAAE,CAAC,GAAG,aAAa,CAAC,CAAC,OAAO,EAAE;wBACnC,IAAI;wBACJ,gBAAgB;wBAChB,YAAY;qBACb,CAAC,CAAA;gBACJ,CAAC;gBACD,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,gBAAgB,EAAE,iBAAiB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EACvE,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,aAAa,EAAE,mBAAmB,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,gBAAgB,WAAW,CAAC,eAAe,CAAC,MAAM,+CAA+C,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,wBAAwB,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,eAAe,CAAC,OAAO,GAAG,EACvR,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;YACH,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,eAAe,CAAC,MAAM,CACrD;YACE,IAAI,EAAE,gBAAgB;YACtB,SAAS,EAAE,MAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,eAAe,0CAAE,SAAS;SACpD,EACD,MAAA,MAAA,MAAA,IAAA,iBAAS,GAAE,0CAAE,MAAM,mCAAI,MAAM,mCAAI,MAAM,CAAC,MAAM,CAC/C,CAAA;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBAClD,OAAO,MAAM,gCAAgC,CAAC;oBAC5C,QAAQ,EAAE,IAAI;oBACd,KAAK,EAAE,CAAC,GAAG,aAAa,CAAC,CAAC,OAAO,EAAE;oBACnC,IAAI;oBACJ,gBAAgB;oBAChB,YAAY;iBACb,CAAC,CAAA;YACJ,CAAC;YACD,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,gBAAgB,EAAE,iBAAiB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EACvE,aAAa,EAAE,mCAAmC,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,gBACzF,WAAW,CAAC,eAAe,CAAC,MAC9B,wBAAwB,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,eAAe,CAAC,YAAY,CAAC,GAAG,EACnF,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QAED,gBAAgB,GAAG,gBAAgB,aAAhB,gBAAgB,cAAhB,gBAAgB,GAAI,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC,eAAe,EAAE,WAAW,CAAC,eAAe,CAAC,CAAC,CAAA;QAE/I,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,KAAK,CAAC,IAAI,2BAA2B,EAAE,CAAC;YAChE,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,uEAAuE,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EACzH,gBAAgB,EAAE,iBAAiB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EACvE,WAAW,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAC9C,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;IACH,CAAC;IAED,IAAI,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAAE,CAAC;QACtC,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,6BAA6B,EACtC,gBAAgB,EAAE,iBAAiB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EACvE,aAAa,EAAE,wBAAwB,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,yCAAyC,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EACxK,WAAW,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAC9C,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;IACH,CAAC;IAED,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,gBAAgB,EAAE,iBAAiB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EACvE,aAAa,EAAE,qEAAqE,iBAAiB,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,aACjJ,iBAAiB,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EACpD,GAAG,EACH,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;AACH,CAAC,CAAA,CAAA;AAED,MAAM,iBAAiB,GAAG,CAAC,KAAsB,EAAE,KAAsB,EAAW,EAAE;IACpF,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,KAAK,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAA;AAC9D,CAAC,CAAA;AAED,MAAM,iBAAiB,GAAsB,oBAAS,CAAC,OAAO,CAAC,wBAAiB,CAAC,CAAA;AAC1E,MAAM,wBAAwB,GAAG,GAAsB,EAAE;IAC9D,OAAO,iBAAiB,CAAA;AAC1B,CAAC,CAAA;AAFY,QAAA,wBAAwB,4BAEpC;AAYM,MAAM,gBAAgB,GAAG,CAAO,OAA4B,EAA8B,EAAE;IACjG,MAAM,eAAe,GAAG,IAAI,sBAAe,CAAC,OAAO,CAAC,CAAA;IACpD,MAAM,aAAa,GAAG,uBAAS,CAAC,KAAK,CAAC,eAAe,CAAC,SAAS,CAAC,OAAO,EAAE,gCAAoB,CAAC,CAAA;IAC9F,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAA;IACnE,IAAI,YAAY,GAAoB,SAAS,CAAA;IAC7C,IAAI,CAAC;QACH,YAAY,GAAG,CAAC,MAAM,IAAA,yCAAiC,EAAC,IAAI,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAQ,CAAA;IAC1G,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;IAC1B,CAAC;IACD,MAAM,WAAW,GAAG,IAAA,sCAAyB,EAAC,OAAO,CAAC,CAAA;IACtD,MAAM,eAAe,GAAG,MAAM,IAAA,0BAAkB,EAAC,WAAW,CAAC,CAAA;IAC7D,MAAM,kBAAkB,GAAG,IAAA,gCAAwB,GAAE,CAAC,cAAc,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;IAC7F,OAAO;QACL,kBAAkB;QAClB,aAAa;QACb,YAAY;QACZ,YAAY;QACZ,eAAe;QACf,WAAW;QACX,eAAe;KAChB,CAAA;AACH,CAAC,CAAA,CAAA;AAtBY,QAAA,gBAAgB,oBAsB5B;AACD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAuIE;AAEF,MAAM,MAAM,GAA2B;IACrC,SAAS,EAAE,GAAG;IACd,UAAU,EAAE,GAAG;IACf,UAAU,EAAE,IAAI;IAChB,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,GAAG;IACd,SAAS,EAAE,IAAI;IACf,UAAU,EAAE,GAAG;IACf,UAAU,EAAE,IAAI;IAChB,UAAU,EAAE,GAAG;IACf,SAAS,EAAE,IAAI;IACf,sBAAsB,EAAE,QAAQ;CACjC,CAAA;AAEM,MAAM,WAAW,GAAG,CAAC,IAAiB,EAAU,EAAE;IACvD,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;QAC3C,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;KACpD,CAAA;AACH,CAAC,CAAA;AALY,QAAA,WAAW,eAKvB;AAEM,MAAM,YAAY,GAAG,CAAC,IAAiB,EAAU,EAAE;IACxD,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;QAC5C,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;KACrD,CAAA;AACH,CAAC,CAAA;AALY,QAAA,YAAY,gBAKxB;AAED,MAAM,WAAW,GAAG,CAAC,cAAuC,EAA0B,EAAE;;IACtF,MAAM,EAAE,GAA2B,EAAE,CAAA;IACrC,KAAK,MAAM,YAAY,IAAI,cAAc,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAG,MAAA,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,mCAAI,YAAY,CAAC,IAAI,CAAA;QAC3D,EAAE,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAA;IAC1C,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC,CAAA;AACD,MAAM,WAAW,GAAG,CAAC,cAAuC,EAAU,EAAE;IACtE,OAAO,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;SAC/C,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC;SACxC,IAAI,CAAC,GAAG,CAAC,CAAA;AACd,CAAC,CAAA;AAEM,MAAM,iCAAiC,GAAG,CAAO,YAA+C,EAAgB,EAAE;IACvH,MAAM,WAAW,GACf,OAAO,YAAY,KAAK,QAAQ;QAC9B,CAAC,CAAC,YAAY;QACd,CAAC,CAAC,YAAY,YAAY,UAAU;YACpC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY,EAAE,WAAW,CAAC;YACzC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACrC,MAAM,GAAG,GAAG,IAAA,qBAAQ,EAAC,WAAW,CAAC,CAAA;IACjC,MAAM,WAAW,GAAG,IAAA,sCAAyB,EAAC,GAAG,CAAC,CAAA;IAClD,IAAI,GAAoB,CAAA;IACxB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,iBAAS,EAAC,IAAI,CAAC,CAAC,MAAM,CAAA;QACrC,MAAM,EAAE,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAA;QAC3E,GAAG,GAAG,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC,CAAoB,CAAA;IAC9D,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,CAAC,CAAA;IACpE,CAAC;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,IAAI,CAAC;YACH,GAAG,GAAG,CAAC,MAAM,uBAAI,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,CAAQ,CAAA;QAC7C,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,+CAA+C,EAAE,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,CAAC,CAAA;QAC9E,CAAC;IACH,CAAC;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,KAAK,CAAC,sCAAsC,GAAG,EAAE,CAAC,CAAA;IAC1D,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC,CAAA,CAAA;AA5BY,QAAA,iCAAiC,qCA4B7C;AAED;;;;;;;;;;GAUG;AACH,IAAY,6BAKX;AALD,WAAY,6BAA6B;IACvC,6FAAc,CAAA;IACd,uFAAW,CAAA;IACX,2HAA6B,CAAA;IAC7B,2FAAa,CAAA;AACf,CAAC,EALW,6BAA6B,6CAA7B,6BAA6B,QAKxC;AASM,MAAM,sCAAsC,GAAG,CAAC,WAAwB,EAAE,QAAgB,EAAE,cAA8B,EAAQ,EAAE;IACzI,MAAM,IAAI,GAAG,IAAA,kCAA0B,EAAC,WAAW,EAAE,EAAE,oBAAoB,EAAE,cAAc,EAAE,CAAC,CAAA;IAC9F,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAA;IAClE,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,KAAK,CACT,oBAAoB,cAAc,0EAChC,IAAA,oBAAY,EAAC,WAAW,CAAC,CAAC,EAC5B,WAAW,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CACpD,CAAA;IACH,CAAC;AACH,CAAC,CAAA;AAVY,QAAA,sCAAsC,0CAUlD;AAEM,MAAM,6CAA6C,GAAG,CAC3D,WAAwB,EACxB,QAAgB,EAChB,cAA8B,EACC,EAAE;IACjC,MAAM,MAAM,GAAG;QACb,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,IAAI;QACd,OAAO,EAAE,aAAa,QAAQ,gDAAgD,cAAc,EAAE;QAC9F,MAAM,EAAE;YACN,QAAQ;YACR,cAAc;SACf;QACD,gBAAgB,EAAE,CAAC,MAAM,IAAA,0BAAkB,EAAC,WAAW,CAAC,CAAC;QACzD,gBAAgB,EAAE,IAAI,IAAI,EAAE;KAC7B,CAAA;IACD,IAAI,CAAC;QACH,IAAA,8CAAsC,EAAC,WAAW,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAA;IAC/E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,MAAM,CAAA;IACf,CAAC;IACD,MAAM,CAAC,KAAK,GAAG,KAAK,CAAA;IACpB,MAAM,CAAC,OAAO,GAAG,aAAa,QAAQ,4CAA4C,cAAc,EAAE,CAAA;IAClG,OAAO,MAAM,CAAA;AACf,CAAC,CAAA,CAAA;AAxBY,QAAA,6CAA6C,iDAwBzD;AAEM,MAAM,0BAA0B,GAAG,CACxC,WAAwB,EACxB,IAIC,EACyB,EAAE;;IAC5B,IAAI,UAA2C,CAAA;IAC/C,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,oBAAoB,EAAE,CAAC;QAC/B,UAAU;YACR,IAAI,CAAC,oBAAoB,KAAK,cAAc;gBAC1C,CAAC,CAAC,CAAC,6BAA6B,CAAC,OAAO,CAAC;gBACzC,CAAC,CAAC,CAAC,6BAA6B,CAAC,yBAAyB,CAAC,CAAA;IACjE,CAAC;SAAM,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,UAAU,EAAE,CAAC;QAC5B,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACnF,CAAC;SAAM,CAAC;QACN,UAAU,GAAG,CAAC,6BAA6B,CAAC,OAAO,EAAE,6BAA6B,CAAC,yBAAyB,CAAC,CAAA;IAC/G,CAAC;IACD,MAAM,WAAW,GAAG,MAAA,MAAA,WAAW,CAAC,UAAU,0CAAE,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,KAAK,yBAAiB,CAAC,0CAAE,WAAsB,CAAA;IACnH,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,EAAE,CAAA;IACX,CAAC;IACD,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAA;IAC9C,OAAO,QAAQ;SACZ,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;SACtD,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;QACf,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAmC,CAAA;IACtF,CAAC,CAAC,CAAA;AACN,CAAC,CAAA;AA7BY,QAAA,0BAA0B,8BA6BtC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sphereon/ssi-sdk-ext.x509-utils",
|
|
3
3
|
"description": "Sphereon SSI-SDK plugin functions for X.509 Certificate handling.",
|
|
4
|
-
"version": "0.26.1-next.
|
|
4
|
+
"version": "0.26.1-next.28+683ddb7",
|
|
5
5
|
"source": "src/index.ts",
|
|
6
6
|
"main": "dist/index.js",
|
|
7
7
|
"types": "dist/index.d.ts",
|
|
@@ -42,5 +42,5 @@
|
|
|
42
42
|
"DID",
|
|
43
43
|
"Veramo"
|
|
44
44
|
],
|
|
45
|
-
"gitHead": "
|
|
45
|
+
"gitHead": "683ddb776b3b6d8e54bcf944cc4c32c7a7fecefc"
|
|
46
46
|
}
|
|
@@ -110,7 +110,7 @@ export const validateX509CertificateChain = async ({
|
|
|
110
110
|
// We allow 1 reversal. We reverse by default as the implementation expects the root ca first, whilst x5c is the opposite. Reversed becomes true if the impl reverses the chain
|
|
111
111
|
return await validateX509CertificateChainImpl({
|
|
112
112
|
reversed: false,
|
|
113
|
-
chain: pemOrDerChain.reverse(),
|
|
113
|
+
chain: [...pemOrDerChain].reverse(),
|
|
114
114
|
trustAnchors,
|
|
115
115
|
verificationTime,
|
|
116
116
|
opts,
|
|
@@ -149,8 +149,11 @@ const validateX509CertificateChainImpl = async ({
|
|
|
149
149
|
}
|
|
150
150
|
defaultCryptoEngine()
|
|
151
151
|
|
|
152
|
-
// x5c always starts with the leaf cert at index 0 and then the cas. Our internal pkijs service expects it the other way around
|
|
152
|
+
// x5c always starts with the leaf cert at index 0 and then the cas. Our internal pkijs service expects it the other way around. Before calling this function the change has been revered
|
|
153
153
|
const chain = await Promise.all(pemOrDerChain.map((raw) => parseCertificate(raw)))
|
|
154
|
+
const x5cOrdereredChain = reversed ? [...chain] : [...chain].reverse()
|
|
155
|
+
console.log(`x5c orderered chain (reverse: ${reversed}): ${x5cOrdereredChain.map((cert) => cert.certificateInfo.subject.dn.DN).join(', ')}`)
|
|
156
|
+
|
|
154
157
|
const trustedCerts = trustedPEMs ? await Promise.all(trustedPEMs.map((raw) => parseCertificate(raw))) : undefined
|
|
155
158
|
const blindlyTrusted =
|
|
156
159
|
(
|
|
@@ -166,7 +169,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
166
169
|
})
|
|
167
170
|
)
|
|
168
171
|
).filter((cert): cert is ParsedCertificate => cert !== undefined) ?? []
|
|
169
|
-
const leafCert =
|
|
172
|
+
const leafCert = x5cOrdereredChain[0]
|
|
170
173
|
|
|
171
174
|
const chainLength = chain.length
|
|
172
175
|
var foundTrustAnchor: ParsedCertificate | undefined = undefined
|
|
@@ -183,7 +186,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
183
186
|
detailMessage: `Blindly trusted certificate ${blindlyTrustedCert.certificateInfo.subject.dn.DN} was found in the chain.`,
|
|
184
187
|
trustAnchor: blindlyTrustedCert?.certificateInfo,
|
|
185
188
|
verificationTime,
|
|
186
|
-
certificateChain:
|
|
189
|
+
certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo),
|
|
187
190
|
...(client && { client }),
|
|
188
191
|
}
|
|
189
192
|
}
|
|
@@ -192,7 +195,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
192
195
|
if (!reversed && !disallowReversedChain) {
|
|
193
196
|
return await validateX509CertificateChainImpl({
|
|
194
197
|
reversed: true,
|
|
195
|
-
chain: pemOrDerChain.reverse(),
|
|
198
|
+
chain: [...pemOrDerChain].reverse(),
|
|
196
199
|
opts,
|
|
197
200
|
verificationTime,
|
|
198
201
|
trustAnchors,
|
|
@@ -201,7 +204,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
201
204
|
return {
|
|
202
205
|
error: true,
|
|
203
206
|
critical: true,
|
|
204
|
-
certificateChain:
|
|
207
|
+
certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo),
|
|
205
208
|
message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`,
|
|
206
209
|
detailMessage: `The certificate ${currentCert.certificateInfo.subject.dn.DN} with issuer ${currentCert.x509Certificate.issuer}, is not signed by the previous certificate ${previousCert?.certificateInfo.subject.dn.DN} with subject string ${previousCert?.x509Certificate.subject}.`,
|
|
207
210
|
verificationTime,
|
|
@@ -220,7 +223,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
220
223
|
if (i == 0 && !reversed && !disallowReversedChain) {
|
|
221
224
|
return await validateX509CertificateChainImpl({
|
|
222
225
|
reversed: true,
|
|
223
|
-
chain: pemOrDerChain.reverse(),
|
|
226
|
+
chain: [...pemOrDerChain].reverse(),
|
|
224
227
|
opts,
|
|
225
228
|
verificationTime,
|
|
226
229
|
trustAnchors,
|
|
@@ -230,7 +233,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
230
233
|
error: true,
|
|
231
234
|
critical: true,
|
|
232
235
|
message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`,
|
|
233
|
-
certificateChain:
|
|
236
|
+
certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo),
|
|
234
237
|
detailMessage: `Verification of the certificate ${currentCert.certificateInfo.subject.dn.DN} with issuer ${
|
|
235
238
|
currentCert.x509Certificate.issuer
|
|
236
239
|
} failed. Public key: ${JSON.stringify(currentCert.certificateInfo.publicKeyJWK)}.`,
|
|
@@ -246,7 +249,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
246
249
|
error: false,
|
|
247
250
|
critical: false,
|
|
248
251
|
message: `Certificate chain succeeded as allow single cert result is allowed: ${leafCert.certificateInfo.subject.dn.DN}.`,
|
|
249
|
-
certificateChain:
|
|
252
|
+
certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo),
|
|
250
253
|
trustAnchor: foundTrustAnchor?.certificateInfo,
|
|
251
254
|
verificationTime,
|
|
252
255
|
...(client && { client }),
|
|
@@ -259,7 +262,7 @@ const validateX509CertificateChainImpl = async ({
|
|
|
259
262
|
error: false,
|
|
260
263
|
critical: false,
|
|
261
264
|
message: `Certificate chain was valid`,
|
|
262
|
-
certificateChain:
|
|
265
|
+
certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo),
|
|
263
266
|
detailMessage: `The leaf certificate ${leafCert.certificateInfo.subject.dn.DN} is part of a chain with trust anchor ${foundTrustAnchor?.certificateInfo.subject.dn.DN}.`,
|
|
264
267
|
trustAnchor: foundTrustAnchor?.certificateInfo,
|
|
265
268
|
verificationTime,
|
|
@@ -271,9 +274,9 @@ const validateX509CertificateChainImpl = async ({
|
|
|
271
274
|
error: true,
|
|
272
275
|
critical: true,
|
|
273
276
|
message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`,
|
|
274
|
-
certificateChain:
|
|
275
|
-
detailMessage: `No trust anchor was found in the chain. between ${chain
|
|
276
|
-
|
|
277
|
+
certificateChain: x5cOrdereredChain.map((cert) => cert.certificateInfo),
|
|
278
|
+
detailMessage: `No trust anchor was found in the chain. between (intermediate) CA ${x5cOrdereredChain[chain.length - 1].certificateInfo.subject.dn.DN} and leaf ${
|
|
279
|
+
x5cOrdereredChain[0].certificateInfo.subject.dn.DN
|
|
277
280
|
}.`,
|
|
278
281
|
verificationTime,
|
|
279
282
|
...(client && { client }),
|