@sphereon/ssi-sdk-ext.x509-utils 0.26.1-next.5 → 0.26.1-next.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/x509/x509-utils.d.ts +2 -1
- package/dist/x509/x509-utils.d.ts.map +1 -1
- package/dist/x509/x509-utils.js +10 -3
- package/dist/x509/x509-utils.js.map +1 -1
- package/dist/x509/x509-validator.d.ts +23 -1
- package/dist/x509/x509-validator.d.ts.map +1 -1
- package/dist/x509/x509-validator.js +118 -3
- package/dist/x509/x509-validator.js.map +1 -1
- package/package.json +7 -2
- package/src/x509/x509-utils.ts +11 -5
- package/src/x509/x509-validator.ts +209 -2
|
@@ -1,8 +1,9 @@
|
|
|
1
|
+
import { X509Certificate } from '@peculiar/x509';
|
|
1
2
|
import { Certificate } from 'pkijs';
|
|
2
3
|
import { KeyVisibility } from '../types';
|
|
3
4
|
export declare function pemCertChainTox5c(cert: string, maxDepth?: number): string[];
|
|
4
5
|
export declare function x5cToPemCertChain(x5c: string[], maxDepth?: number): string;
|
|
5
|
-
export declare const pemOrDerToX509Certificate: (cert: string | Uint8Array) => Certificate;
|
|
6
|
+
export declare const pemOrDerToX509Certificate: (cert: string | Uint8Array | X509Certificate) => Certificate;
|
|
6
7
|
export declare const areCertificatesEqual: (cert1: Certificate, cert2: Certificate) => boolean;
|
|
7
8
|
export declare const toKeyObject: (PEM: string, visibility?: KeyVisibility) => {
|
|
8
9
|
pem: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"x509-utils.d.ts","sourceRoot":"","sources":["../../src/x509/x509-utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,OAAO,CAAA;AAInC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAIxC,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAuB3E;AAED,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAU1E;AAED,eAAO,MAAM,yBAAyB,SAAU,MAAM,GAAG,UAAU,KAAG,
|
|
1
|
+
{"version":3,"file":"x509-utils.d.ts","sourceRoot":"","sources":["../../src/x509/x509-utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,OAAO,CAAA;AAInC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAIxC,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAuB3E;AAED,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAU1E;AAED,eAAO,MAAM,yBAAyB,SAAU,MAAM,GAAG,UAAU,GAAG,eAAe,KAAG,WAcvF,CAAA;AAED,eAAO,MAAM,oBAAoB,UAAW,WAAW,SAAS,WAAW,KAAG,OAE7E,CAAA;AAED,eAAO,MAAM,WAAW,QAAS,MAAM,eAAc,aAAa;;;;;CAWjE,CAAA;AAED,eAAO,MAAM,QAAQ,QAAS,UAAU,eAAc,aAAa,KAAc,MAEhF,CAAA;AAED,eAAO,MAAM,QAAQ,QAAS,MAAM,eAAc,aAAa,KAAc,UAE5E,CAAA;AACD,eAAO,MAAM,oBAAoB,QAAS,MAAM,WAE/C,CAAA;AAED,eAAO,MAAM,qBAAqB,QAAS,UAAU,eAAc,aAAa,KAAc,MAM7F,CAAA;AAED,eAAO,MAAM,mBAAmB,QAAS,MAAM,WAU9C,CAAA;AAED,eAAO,MAAM,QAAQ,QAAS,MAAM,cAAc,MAAM,KAAG,MAc1D,CAAA;AAED,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAOnD;AAED;;;;GAIG;AACH,eAAO,MAAM,WAAW,UAAW,MAAM,kBAAkB,QAAQ,GAAG,WAAW,GAAG,WAAW,GAAG,cAAc,WAG/G,CAAA;AAED,eAAO,MAAM,WAAW,UAAW,MAAM,GAAG,MAAM,GAAG,MAAM,mBAAmB,QAAQ,GAAG,WAAW,GAAG,WAAW,GAAG,cAAc,KAAG,MAMrI,CAAA;AAED,eAAO,MAAM,QAAQ,QAAS,MAAM,QAAQ,aAAa,KAAG,MAa3D,CAAA;AAED,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE5C;AAED,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,YAAY,GAAG,iBAAiB,GAAG,aAAa,GAAG,aAAa,GAAG,MAAM,CAW3H"}
|
package/dist/x509/x509-utils.js
CHANGED
|
@@ -73,13 +73,20 @@ function x5cToPemCertChain(x5c, maxDepth) {
|
|
|
73
73
|
return pem;
|
|
74
74
|
}
|
|
75
75
|
const pemOrDerToX509Certificate = (cert) => {
|
|
76
|
-
|
|
76
|
+
let DER = typeof cert === 'string' ? cert : undefined;
|
|
77
|
+
if (typeof cert === 'object' && !(cert instanceof Uint8Array)) {
|
|
78
|
+
// X509Certificate object
|
|
79
|
+
return pkijs_1.Certificate.fromBER(cert.rawData);
|
|
80
|
+
}
|
|
81
|
+
else if (typeof cert !== 'string') {
|
|
77
82
|
return pkijs_1.Certificate.fromBER(cert);
|
|
78
83
|
}
|
|
79
|
-
|
|
80
|
-
if (cert.includes('CERTIFICATE')) {
|
|
84
|
+
else if (cert.includes('CERTIFICATE')) {
|
|
81
85
|
DER = PEMToDer(cert);
|
|
82
86
|
}
|
|
87
|
+
if (!DER) {
|
|
88
|
+
throw Error('Invalid cert input value supplied. PEM, DER, Bytes and X509Certificate object are supported');
|
|
89
|
+
}
|
|
83
90
|
return pkijs_1.Certificate.fromBER(u8a.fromString(DER, 'base64pad'));
|
|
84
91
|
};
|
|
85
92
|
exports.pemOrDerToX509Certificate = pemOrDerToX509Certificate;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"x509-utils.js","sourceRoot":"","sources":["../../src/x509/x509-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"x509-utils.js","sourceRoot":"","sources":["../../src/x509/x509-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AASA,8CAuBC;AAED,8CAUC;AAkFD,kCAOC;AAmCD,4BAEC;AAED,4BAWC;AAtLD,iCAAmC;AACnC,iDAAkC;AAClC,aAAa;AACb,yDAAgC;AAGhC,2BAA2B;AAC3B,+DAA+D;AAC/D,SAAgB,iBAAiB,CAAC,IAAY,EAAE,QAAiB;IAC/D,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,CAAC,CAAA;IACd,CAAC;IACD;;;;;;OAMG;IAEH,MAAM,YAAY,GAAG,IAAI;SACtB,OAAO,CAAC,kBAAkB,EAAE,GAAG,CAAC;SAChC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;IACrB,IAAI,GAAG,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC;QAClD,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAA;IACrB,CAAC,CAAC,CAAA;IACF,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;QACjB,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAA;IAC/B,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,SAAgB,iBAAiB,CAAC,GAAa,EAAE,QAAiB;IAChE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,CAAC,CAAA;IACd,CAAC;IACD,MAAM,MAAM,GAAG,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;IAC3E,IAAI,GAAG,GAAG,EAAE,CAAA;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAChC,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,CAAA;IACxC,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAEM,MAAM,yBAAyB,GAAG,CAAC,IAA2C,EAAe,EAAE;IACpG,IAAI,GAAG,GAAuB,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAA;IACzE,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,YAAY,UAAU,CAAC,EAAE,CAAC;QAC9D,yBAAyB;QACzB,OAAO,mBAAW,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAC1C,CAAC;SAAM,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACpC,OAAO,mBAAW,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;IAClC,CAAC;SAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QACxC,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAA;IACtB,CAAC;IACD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,KAAK,CAAC,6FAA6F,CAAC,CAAA;IAC5G,CAAC;IACD,OAAO,mBAAW,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC,CAAA;AAC9D,CAAC,CAAA;AAdY,QAAA,yBAAyB,6BAcrC;AAEM,MAAM,oBAAoB,GAAG,CAAC,KAAkB,EAAE,KAAkB,EAAW,EAAE;IACtF,OAAO,KAAK,CAAC,cAAc,CAAC,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;AAC3D,CAAC,CAAA;AAFY,QAAA,oBAAoB,wBAEhC;AAEM,MAAM,WAAW,GAAG,CAAC,GAAW,EAAE,aAA4B,QAAQ,EAAE,EAAE;IAC/E,MAAM,GAAG,GAAG,IAAA,gBAAQ,EAAC,GAAG,EAAE,UAAU,CAAC,CAAA;IACrC,MAAM,aAAa,GAAkB,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAA;IACjE,MAAM,MAAM,GAAG,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,IAAA,4BAAoB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAA,2BAAmB,EAAC,GAAG,CAAC,CAAA;IAEjG,OAAO;QACL,GAAG,EAAE,IAAA,gBAAQ,EAAC,MAAM,EAAE,UAAU,CAAC;QACjC,GAAG;QACH,MAAM;QACN,OAAO,EAAE,aAAa;KACvB,CAAA;AACH,CAAC,CAAA;AAXY,QAAA,WAAW,eAWvB;AAEM,MAAM,QAAQ,GAAG,CAAC,GAAe,EAAE,aAA4B,QAAQ,EAAU,EAAE;IACxF,OAAO,eAAK,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,eAAe,CAAC,CAAA;AAC3G,CAAC,CAAA;AAFY,QAAA,QAAQ,YAEpB;AAEM,MAAM,QAAQ,GAAG,CAAC,GAAW,EAAE,aAA4B,QAAQ,EAAc,EAAE;IACxF,OAAO,eAAK,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;AACjD,CAAC,CAAA;AAFY,QAAA,QAAQ,YAEpB;AACM,MAAM,oBAAoB,GAAG,CAAC,GAAW,EAAE,EAAE;IAClD,OAAO,IAAA,gBAAQ,EAAC,GAAG,CAAC,CAAA;AACtB,CAAC,CAAA;AAFY,QAAA,oBAAoB,wBAEhC;AAEM,MAAM,qBAAqB,GAAG,CAAC,GAAe,EAAE,aAA4B,QAAQ,EAAU,EAAE;IACrG,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,OAAO,IAAA,4BAAoB,EAAC,IAAA,gBAAQ,EAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAA;IACvD,CAAC;SAAM,CAAC;QACN,OAAO,IAAA,2BAAmB,EAAC,IAAA,gBAAQ,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAA;IACrD,CAAC;AACH,CAAC,CAAA;AANY,QAAA,qBAAqB,yBAMjC;AAEM,MAAM,mBAAmB,GAAG,CAAC,GAAW,EAAE,EAAE;IACjD,MAAM,GAAG,GAAG,IAAA,gBAAQ,EAAC,GAAG,CAAC,CAAA;IACzB,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QAChC,MAAM,KAAK,CAAC,4DAA4D,CAAC,CAAA;IAC3E,CAAC;SAAM,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACpC,OAAO,GAAG,CAAA;IACZ,CAAC;IACD,MAAM,SAAS,GAAG,IAAA,gBAAQ,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;IACzC,MAAM,SAAS,GAAG,IAAA,gBAAQ,EAAC,SAAS,EAAE,QAAQ,CAAC,CAAA;IAC/C,OAAO,IAAA,gBAAQ,EAAC,SAAS,CAAC,CAAA;AAC5B,CAAC,CAAA;AAVY,QAAA,mBAAmB,uBAU/B;AAEM,MAAM,QAAQ,GAAG,CAAC,GAAW,EAAE,SAAkB,EAAU,EAAE;IAClE,IAAI,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QACrC,MAAM,KAAK,CAAC,yBAAyB,SAAS,EAAE,CAAC,CAAA;IACnD,CAAC;IAED,IAAI,WAAmB,CAAA;IACvB,IAAI,SAAS,EAAE,CAAC;QACd,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,kBAAkB,GAAG,SAAS,GAAG,OAAO,CAAC,EAAE,EAAE,CAAC,CAAA;QACnF,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,WAAW,GAAG,SAAS,GAAG,YAAY,CAAC,EAAE,EAAE,CAAC,CAAA;IAC3F,CAAC;SAAM,CAAC;QACN,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,4BAA4B,EAAE,EAAE,CAAC,CAAA;QAC3D,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,0BAA0B,EAAE,EAAE,CAAC,CAAA;IACnE,CAAC;IACD,OAAO,IAAA,mBAAW,EAAC,WAAW,EAAE,WAAW,CAAC,CAAA;AAC9C,CAAC,CAAA;AAdY,QAAA,QAAQ,YAcpB;AAED,SAAgB,WAAW,CAAC,GAAW;IACrC,MAAM,WAAW,GAAG,GAAG;SACpB,OAAO,CAAC,4BAA4B,EAAE,EAAE,CAAC;SACzC,OAAO,CAAC,0BAA0B,EAAE,EAAE,CAAC;SACvC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;IAErB,OAAO,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,WAAW,CAAC,CAAA;AACjD,CAAC;AAED;;;;GAIG;AACI,MAAM,WAAW,GAAG,CAAC,KAAa,EAAE,aAAqE,EAAE,EAAE;IAClH,MAAM,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,wBAAwB,EAAE,EAAE,CAAC,CAAA;IACpE,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ,CAAC,CAAA;AAC9G,CAAC,CAAA;AAHY,QAAA,WAAW,eAGvB;AAEM,MAAM,WAAW,GAAG,CAAC,KAA+B,EAAE,cAAsE,EAAU,EAAE;IAC7I,IAAI,GAAG,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;IAChE,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,GAAG,GAAG,IAAI,GAAG,EAAE,CAAA;IACjB,CAAC;IACD,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,WAAW,CAAC,CAAA;AACnG,CAAC,CAAA;AANY,QAAA,WAAW,eAMvB;AAEM,MAAM,QAAQ,GAAG,CAAC,GAAW,EAAE,IAAmB,EAAU,EAAE;IACnE,MAAM,MAAM,GAAG,IAAA,mBAAW,EAAC,GAAG,EAAE,WAAW,CAAC,CAAA;IAC5C,MAAM,SAAS,GAAG,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,YAAY,CAAA;IACvE,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC,CAAA;QACvC,IAAI,CAAC;YACH,IAAA,gBAAQ,EAAC,GAAG,CAAC,CAAA,CAAC,yCAAyC;YACvD,OAAO,GAAG,CAAA;QACZ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC,CAAA;QACxC,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC,CAAA;AACpC,CAAC,CAAA;AAbY,QAAA,QAAQ,YAapB;AAED,SAAgB,QAAQ,CAAC,GAAW;IAClC,OAAO,GAAG,CAAC,OAAO,CAAC,6CAA6C,EAAE,EAAE,CAAC,CAAA;AACvE,CAAC;AAED,SAAgB,QAAQ,CAAC,IAAY,EAAE,SAA4E;IACjH,MAAM,GAAG,GAAG,SAAS,aAAT,SAAS,cAAT,SAAS,GAAI,aAAa,CAAA;IACtC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,8BAA8B;QAC9B,OAAO,IAAI,CAAA;IACb,CAAC;IACD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;IACtC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,KAAK,CAAC,mCAAmC,CAAC,CAAA;IAClD,CAAC;IACD,OAAO,cAAc,GAAG,UAAU,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,GAAG,SAAS,CAAA;AAChF,CAAC"}
|
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
import { SubjectPublicKeyInfo } from '@peculiar/asn1-x509';
|
|
2
|
+
import { AlgorithmProvider, X509Certificate } from '@peculiar/x509';
|
|
3
|
+
import { JWK } from '@sphereon/ssi-types';
|
|
1
4
|
import { Certificate } from 'pkijs';
|
|
2
5
|
export type DNInfo = {
|
|
3
6
|
DN: string;
|
|
@@ -22,6 +25,7 @@ export type X509ValidationResult = {
|
|
|
22
25
|
message: string;
|
|
23
26
|
verificationTime: Date;
|
|
24
27
|
certificateChain?: Array<CertificateInfo>;
|
|
28
|
+
trustAnchor?: CertificateInfo;
|
|
25
29
|
client?: {
|
|
26
30
|
clientId: string;
|
|
27
31
|
clientIdScheme: ClientIdScheme;
|
|
@@ -34,11 +38,29 @@ export type X509CertificateChainValidationOpts = {
|
|
|
34
38
|
trustRootWhenNoAnchors?: boolean;
|
|
35
39
|
allowSingleNoCAChainElement?: boolean;
|
|
36
40
|
blindlyTrustedAnchors?: string[];
|
|
41
|
+
disallowReversedChain?: boolean;
|
|
37
42
|
client?: {
|
|
38
43
|
clientId: string;
|
|
39
44
|
clientIdScheme: ClientIdScheme;
|
|
40
45
|
};
|
|
41
46
|
};
|
|
47
|
+
export declare const validateX509CertificateChain: ({ chain: pemOrDerChain, trustAnchors, verificationTime, opts, }: {
|
|
48
|
+
chain: (Uint8Array | string)[];
|
|
49
|
+
trustAnchors?: string[];
|
|
50
|
+
verificationTime?: Date;
|
|
51
|
+
opts?: X509CertificateChainValidationOpts;
|
|
52
|
+
}) => Promise<X509ValidationResult>;
|
|
53
|
+
export declare const getX509AlgorithmProvider: () => AlgorithmProvider;
|
|
54
|
+
export type ParsedCertificate = {
|
|
55
|
+
publicKeyInfo: SubjectPublicKeyInfo;
|
|
56
|
+
publicKeyJwk: JWK;
|
|
57
|
+
publicKeyRaw: Uint8Array;
|
|
58
|
+
publicKeyAlgorithm: Algorithm;
|
|
59
|
+
certificateInfo: CertificateInfo;
|
|
60
|
+
certificate: Certificate;
|
|
61
|
+
x509Certificate: X509Certificate;
|
|
62
|
+
};
|
|
63
|
+
export declare const parseCertificate: (rawCert: string | Uint8Array) => Promise<ParsedCertificate>;
|
|
42
64
|
/**
|
|
43
65
|
*
|
|
44
66
|
* @param pemOrDerChain The order must be that the Certs signing another cert must come one after another. So first the signing cert, then any cert signing that cert and so on
|
|
@@ -46,7 +68,7 @@ export type X509CertificateChainValidationOpts = {
|
|
|
46
68
|
* @param verificationTime
|
|
47
69
|
* @param opts
|
|
48
70
|
*/
|
|
49
|
-
export declare const
|
|
71
|
+
export declare const validateX509CertificateChainOrg: ({ chain: pemOrDerChain, trustAnchors, verificationTime, opts, }: {
|
|
50
72
|
chain: (Uint8Array | string)[];
|
|
51
73
|
trustAnchors?: string[];
|
|
52
74
|
verificationTime?: Date;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"x509-validator.d.ts","sourceRoot":"","sources":["../../src/x509/x509-validator.ts"],"names":[],"mappings":"AACA,OAAO,EAGL,WAAW,EAMZ,MAAM,OAAO,CAAA;
|
|
1
|
+
{"version":3,"file":"x509-validator.d.ts","sourceRoot":"","sources":["../../src/x509/x509-validator.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAC1D,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAEnE,OAAO,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAA;AAEzC,OAAO,EAGL,WAAW,EAMZ,MAAM,OAAO,CAAA;AAKd,MAAM,MAAM,MAAM,GAAG;IACnB,EAAE,EAAE,MAAM,CAAA;IACV,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACnC,CAAA;AAED,MAAM,MAAM,eAAe,GAAG;IAC5B,WAAW,CAAC,EAAE,GAAG,CAAA;IACjB,SAAS,EAAE,IAAI,CAAA;IACf,QAAQ,EAAE,IAAI,CAAA;IACd,YAAY,CAAC,EAAE,GAAG,CAAA;IAClB,MAAM,EAAE;QACN,EAAE,EAAE,MAAM,CAAA;KACX,CAAA;IACD,OAAO,EAAE;QACP,EAAE,EAAE,MAAM,CAAA;QACV,uBAAuB,EAAE,sBAAsB,EAAE,CAAA;KAClD,CAAA;CACF,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,KAAK,EAAE,OAAO,CAAA;IACd,QAAQ,EAAE,OAAO,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,gBAAgB,EAAE,IAAI,CAAA;IACtB,gBAAgB,CAAC,EAAE,KAAK,CAAC,eAAe,CAAC,CAAA;IACzC,WAAW,CAAC,EAAE,eAAe,CAAA;IAC7B,MAAM,CAAC,EAAE;QAEP,QAAQ,EAAE,MAAM,CAAA;QAChB,cAAc,EAAE,cAAc,CAAA;KAC/B,CAAA;CACF,CAAA;AAsBD,eAAO,MAAM,kBAAkB,gBAChB,WAAW,SACjB;IACL,aAAa,EAAE,6BAA6B,GAAG,6BAA6B,EAAE,CAAA;CAC/E,KACA,OAAO,CAAC,eAAe,CAazB,CAAA;AAED,MAAM,MAAM,kCAAkC,GAAG;IAE/C,sBAAsB,CAAC,EAAE,OAAO,CAAA;IAEhC,2BAA2B,CAAC,EAAE,OAAO,CAAA;IAGrC,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAA;IAEhC,qBAAqB,CAAC,EAAE,OAAO,CAAA;IAE/B,MAAM,CAAC,EAAE;QAEP,QAAQ,EAAE,MAAM,CAAA;QAChB,cAAc,EAAE,cAAc,CAAA;KAC/B,CAAA;CACF,CAAA;AAED,eAAO,MAAM,4BAA4B,oEAUtC;IACD,KAAK,EAAE,CAAC,UAAU,GAAG,MAAM,CAAC,EAAE,CAAA;IAC9B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;IACvB,gBAAgB,CAAC,EAAE,IAAI,CAAA;IACvB,IAAI,CAAC,EAAE,kCAAkC,CAAA;CAC1C,KAAG,OAAO,CAAC,oBAAoB,CAS/B,CAAA;AA6ID,eAAO,MAAM,wBAAwB,QAAO,iBAE3C,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,aAAa,EAAE,oBAAoB,CAAA;IACnC,YAAY,EAAE,GAAG,CAAA;IACjB,YAAY,EAAE,UAAU,CAAA;IACxB,kBAAkB,EAAE,SAAS,CAAA;IAC7B,eAAe,EAAE,eAAe,CAAA;IAChC,WAAW,EAAE,WAAW,CAAA;IACxB,eAAe,EAAE,eAAe,CAAA;CACjC,CAAA;AAED,eAAO,MAAM,gBAAgB,YAAmB,MAAM,GAAG,UAAU,KAAG,OAAO,CAAC,iBAAiB,CAiB9F,CAAA;AAED;;;;;;GAMG;AACH,eAAO,MAAM,+BAA+B,oEASzC;IACD,KAAK,EAAE,CAAC,UAAU,GAAG,MAAM,CAAC,EAAE,CAAA;IAC9B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;IACvB,gBAAgB,CAAC,EAAE,IAAI,CAAA;IACvB,IAAI,CAAC,EAAE,kCAAkC,CAAA;CAC1C,KAAG,OAAO,CAAC,oBAAoB,CAoG/B,CAAA;AAgBD,eAAO,MAAM,WAAW,SAAU,WAAW,KAAG,MAK/C,CAAA;AAED,eAAO,MAAM,YAAY,SAAU,WAAW,KAAG,MAKhD,CAAA;AAgBD,eAAO,MAAM,iCAAiC,iBAAwB,MAAM,GAAG,UAAU,GAAG,WAAW,KAAG,OAAO,CAAC,UAAU,CAiB3H,CAAA;AAED;;;;;;;;;;GAUG;AACH,oBAAY,6BAA6B;IACvC,UAAU,IAAI,CAAE,QAAQ;IACxB,OAAO,IAAI;IACX,yBAAyB,IAAI;IAC7B,SAAS,IAAI;CACd;AAED,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,MAAM,CAAA;IACb,IAAI,EAAE,6BAA6B,CAAA;CACpC;AAED,MAAM,MAAM,cAAc,GAAG,cAAc,GAAG,cAAc,CAAA;AAE5D,eAAO,MAAM,sCAAsC,gBAAiB,WAAW,YAAY,MAAM,kBAAkB,cAAc,KAAG,IAUnI,CAAA;AAED,eAAO,MAAM,6CAA6C,gBAC3C,WAAW,YACd,MAAM,kBACA,cAAc,KAC7B,OAAO,CAAC,oBAAoB,CAoB9B,CAAA;AAED,eAAO,MAAM,0BAA0B,gBACxB,WAAW,SACjB;IACL,UAAU,CAAC,EAAE,6BAA6B,GAAG,6BAA6B,EAAE,CAAA;IAE5E,oBAAoB,CAAC,EAAE,cAAc,CAAA;CACtC,KACA,sBAAsB,EAsBxB,CAAA"}
|
|
@@ -35,9 +35,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
35
35
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
36
36
|
};
|
|
37
37
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
38
|
-
exports.getSubjectAlternativeNames = exports.validateCertificateChainMatchesClientIdScheme = exports.assertCertificateMatchesClientIdScheme = exports.SubjectAlternativeGeneralName = exports.getCertificateSubjectPublicKeyJWK = exports.getSubjectDN = exports.getIssuerDN = exports.validateX509CertificateChain = exports.getCertificateInfo = void 0;
|
|
38
|
+
exports.getSubjectAlternativeNames = exports.validateCertificateChainMatchesClientIdScheme = exports.assertCertificateMatchesClientIdScheme = exports.SubjectAlternativeGeneralName = exports.getCertificateSubjectPublicKeyJWK = exports.getSubjectDN = exports.getIssuerDN = exports.validateX509CertificateChainOrg = exports.parseCertificate = exports.getX509AlgorithmProvider = exports.validateX509CertificateChain = exports.getCertificateInfo = void 0;
|
|
39
|
+
const asn1_schema_1 = require("@peculiar/asn1-schema");
|
|
40
|
+
const asn1_x509_1 = require("@peculiar/asn1-x509");
|
|
41
|
+
const x509_1 = require("@peculiar/x509");
|
|
39
42
|
const js_x509_utils_1 = __importDefault(require("js-x509-utils"));
|
|
40
43
|
const pkijs_1 = require("pkijs");
|
|
44
|
+
const tsyringe_1 = require("tsyringe");
|
|
41
45
|
const u8a = __importStar(require("uint8arrays"));
|
|
42
46
|
const x509_utils_1 = require("./x509-utils");
|
|
43
47
|
const defaultCryptoEngine = () => {
|
|
@@ -76,6 +80,117 @@ const getCertificateInfo = (certificate, opts) => __awaiter(void 0, void 0, void
|
|
|
76
80
|
};
|
|
77
81
|
});
|
|
78
82
|
exports.getCertificateInfo = getCertificateInfo;
|
|
83
|
+
const validateX509CertificateChain = (_a) => __awaiter(void 0, [_a], void 0, function* ({ chain: pemOrDerChain, trustAnchors, verificationTime = new Date(), opts = {
|
|
84
|
+
trustRootWhenNoAnchors: false,
|
|
85
|
+
allowSingleNoCAChainElement: true,
|
|
86
|
+
blindlyTrustedAnchors: [],
|
|
87
|
+
disallowReversedChain: false,
|
|
88
|
+
}, }) {
|
|
89
|
+
// We allow 1 reversal. We reverse by default as the implementation expects the root ca first, whilst x5c is the opposite. Reversed becomes true if the impl reverses the chain
|
|
90
|
+
return yield validateX509CertificateChainImpl({
|
|
91
|
+
reversed: false,
|
|
92
|
+
chain: pemOrDerChain.reverse(),
|
|
93
|
+
trustAnchors,
|
|
94
|
+
verificationTime,
|
|
95
|
+
opts,
|
|
96
|
+
});
|
|
97
|
+
});
|
|
98
|
+
exports.validateX509CertificateChain = validateX509CertificateChain;
|
|
99
|
+
const validateX509CertificateChainImpl = (_a) => __awaiter(void 0, [_a], void 0, function* ({ reversed, chain: pemOrDerChain, trustAnchors, verificationTime: verifyAt, opts, }) {
|
|
100
|
+
var _b, _c, _d, _e, _f;
|
|
101
|
+
const verificationTime = typeof verifyAt === 'string' ? new Date(verifyAt) : verifyAt;
|
|
102
|
+
const { trustRootWhenNoAnchors = false, allowSingleNoCAChainElement = true, blindlyTrustedAnchors = [], disallowReversedChain = false, client, } = opts;
|
|
103
|
+
const trustedPEMs = trustRootWhenNoAnchors && !trustAnchors ? [pemOrDerChain[pemOrDerChain.length - 1]] : trustAnchors;
|
|
104
|
+
if (pemOrDerChain.length === 0) {
|
|
105
|
+
return {
|
|
106
|
+
error: true,
|
|
107
|
+
critical: true,
|
|
108
|
+
message: 'Certificate chain in DER or PEM format must not be empty',
|
|
109
|
+
verificationTime,
|
|
110
|
+
};
|
|
111
|
+
}
|
|
112
|
+
defaultCryptoEngine();
|
|
113
|
+
// x5c always starts with the leaf cert at index 0 and then the cas. Our internal pkijs service expects it the other way around
|
|
114
|
+
const chain = yield Promise.all(pemOrDerChain.map((raw) => (0, exports.parseCertificate)(raw)));
|
|
115
|
+
const trustedCerts = trustedPEMs ? yield Promise.all(trustedPEMs.map((raw) => (0, exports.parseCertificate)(raw))) : undefined;
|
|
116
|
+
const blindlyTrusted = (_b = (yield Promise.all(blindlyTrustedAnchors.map((raw) => (0, exports.parseCertificate)(raw))))) !== null && _b !== void 0 ? _b : [];
|
|
117
|
+
const leafCert = chain[chain.length - 1];
|
|
118
|
+
const chainLength = chain.length;
|
|
119
|
+
var foundTrustAnchor = undefined;
|
|
120
|
+
for (let i = 0; i < chainLength; i++) {
|
|
121
|
+
const cert = chain[i];
|
|
122
|
+
const prevCert = i > 0 ? chain[i - 1] : undefined;
|
|
123
|
+
if (blindlyTrusted.some((trusted) => (0, x509_utils_1.areCertificatesEqual)(trusted.certificate, cert.certificate))) {
|
|
124
|
+
console.log(`Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`);
|
|
125
|
+
return Object.assign({ error: false, critical: false, message: `Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`, verificationTime, certificateChain: chain.map((cert) => cert.certificateInfo) }, (client && { client }));
|
|
126
|
+
}
|
|
127
|
+
if (i > 0) {
|
|
128
|
+
if (cert.x509Certificate.issuer !== chain[i - 1].x509Certificate.subject) {
|
|
129
|
+
if (!reversed && !disallowReversedChain) {
|
|
130
|
+
return yield validateX509CertificateChainImpl({
|
|
131
|
+
reversed: true,
|
|
132
|
+
chain: pemOrDerChain.reverse(),
|
|
133
|
+
opts,
|
|
134
|
+
verificationTime,
|
|
135
|
+
trustAnchors,
|
|
136
|
+
});
|
|
137
|
+
}
|
|
138
|
+
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, verificationTime }, (client && { client }));
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
const result = yield cert.x509Certificate.verify({
|
|
142
|
+
date: verificationTime,
|
|
143
|
+
publicKey: (_c = prevCert === null || prevCert === void 0 ? void 0 : prevCert.x509Certificate) === null || _c === void 0 ? void 0 : _c.publicKey,
|
|
144
|
+
}, (_f = (_e = (_d = (0, pkijs_1.getCrypto)()) === null || _d === void 0 ? void 0 : _d.crypto) !== null && _e !== void 0 ? _e : crypto) !== null && _f !== void 0 ? _f : global.crypto);
|
|
145
|
+
if (!result) {
|
|
146
|
+
if (i == 0 && !reversed && !disallowReversedChain) {
|
|
147
|
+
return yield validateX509CertificateChainImpl({
|
|
148
|
+
reversed: true,
|
|
149
|
+
chain: pemOrDerChain.reverse(),
|
|
150
|
+
opts,
|
|
151
|
+
verificationTime,
|
|
152
|
+
trustAnchors,
|
|
153
|
+
});
|
|
154
|
+
}
|
|
155
|
+
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, verificationTime }, (client && { client }));
|
|
156
|
+
}
|
|
157
|
+
foundTrustAnchor = foundTrustAnchor !== null && foundTrustAnchor !== void 0 ? foundTrustAnchor : trustedCerts === null || trustedCerts === void 0 ? void 0 : trustedCerts.find((trusted) => isSameCertificate(trusted.x509Certificate, cert.x509Certificate));
|
|
158
|
+
if (i === 0 && chainLength === 1 && allowSingleNoCAChainElement) {
|
|
159
|
+
return Object.assign({ error: false, critical: false, message: `Certificate chain succeeded as allow single cert result is allowed: ${leafCert.certificateInfo.subject.dn.DN}.`, trustAnchor: foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo, verificationTime }, (client && { client }));
|
|
160
|
+
}
|
|
161
|
+
}
|
|
162
|
+
if (foundTrustAnchor) {
|
|
163
|
+
return Object.assign({ error: false, critical: false, message: `Certificate chain was valid`, trustAnchor: foundTrustAnchor === null || foundTrustAnchor === void 0 ? void 0 : foundTrustAnchor.certificateInfo, verificationTime }, (client && { client }));
|
|
164
|
+
}
|
|
165
|
+
return Object.assign({ error: true, critical: true, message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`, verificationTime }, (client && { client }));
|
|
166
|
+
});
|
|
167
|
+
const isSameCertificate = (cert1, cert2) => {
|
|
168
|
+
return cert1.rawData.toString() === cert2.rawData.toString();
|
|
169
|
+
};
|
|
170
|
+
const algorithmProvider = tsyringe_1.container.resolve(x509_1.AlgorithmProvider);
|
|
171
|
+
const getX509AlgorithmProvider = () => {
|
|
172
|
+
return algorithmProvider;
|
|
173
|
+
};
|
|
174
|
+
exports.getX509AlgorithmProvider = getX509AlgorithmProvider;
|
|
175
|
+
const parseCertificate = (rawCert) => __awaiter(void 0, void 0, void 0, function* () {
|
|
176
|
+
const x509Certificate = new x509_1.X509Certificate(rawCert);
|
|
177
|
+
const publicKeyInfo = asn1_schema_1.AsnParser.parse(x509Certificate.publicKey.rawData, asn1_x509_1.SubjectPublicKeyInfo);
|
|
178
|
+
const publicKeyRaw = new Uint8Array(publicKeyInfo.subjectPublicKey);
|
|
179
|
+
const publicKeyJwk = (yield (0, exports.getCertificateSubjectPublicKeyJWK)(new Uint8Array(x509Certificate.rawData)));
|
|
180
|
+
const certificate = (0, x509_utils_1.pemOrDerToX509Certificate)(rawCert);
|
|
181
|
+
const certificateInfo = yield (0, exports.getCertificateInfo)(certificate);
|
|
182
|
+
const publicKeyAlgorithm = (0, exports.getX509AlgorithmProvider)().toWebAlgorithm(publicKeyInfo.algorithm);
|
|
183
|
+
return {
|
|
184
|
+
publicKeyAlgorithm,
|
|
185
|
+
publicKeyInfo,
|
|
186
|
+
publicKeyJwk,
|
|
187
|
+
publicKeyRaw,
|
|
188
|
+
certificateInfo,
|
|
189
|
+
certificate,
|
|
190
|
+
x509Certificate,
|
|
191
|
+
};
|
|
192
|
+
});
|
|
193
|
+
exports.parseCertificate = parseCertificate;
|
|
79
194
|
/**
|
|
80
195
|
*
|
|
81
196
|
* @param pemOrDerChain The order must be that the Certs signing another cert must come one after another. So first the signing cert, then any cert signing that cert and so on
|
|
@@ -83,7 +198,7 @@ exports.getCertificateInfo = getCertificateInfo;
|
|
|
83
198
|
* @param verificationTime
|
|
84
199
|
* @param opts
|
|
85
200
|
*/
|
|
86
|
-
const
|
|
201
|
+
const validateX509CertificateChainOrg = (_a) => __awaiter(void 0, [_a], void 0, function* ({ chain: pemOrDerChain, trustAnchors, verificationTime = new Date(), opts = {
|
|
87
202
|
trustRootWhenNoAnchors: false,
|
|
88
203
|
allowSingleNoCAChainElement: true,
|
|
89
204
|
blindlyTrustedAnchors: [],
|
|
@@ -150,7 +265,7 @@ const validateX509CertificateChain = (_a) => __awaiter(void 0, [_a], void 0, fun
|
|
|
150
265
|
return Object.assign({ error: true, critical: true, message: `Certificate chain was invalid, ${(_b = error.message) !== null && _b !== void 0 ? _b : '<unknown error>'}`, verificationTime }, (client && { client }));
|
|
151
266
|
}
|
|
152
267
|
});
|
|
153
|
-
exports.
|
|
268
|
+
exports.validateX509CertificateChainOrg = validateX509CertificateChainOrg;
|
|
154
269
|
const rdnmap = {
|
|
155
270
|
'2.5.4.6': 'C',
|
|
156
271
|
'2.5.4.10': 'O',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"x509-validator.js","sourceRoot":"","sources":["../../src/x509/x509-validator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,kEAAgC;AAChC,iCASc;AACd,iDAAkC;AAClC,6CAAkE;AAkClE,MAAM,mBAAmB,GAAG,GAAG,EAAE;IAC/B,IAAI,OAAO,IAAI,KAAK,WAAW,EAAE,CAAC;QAChC,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;YACrB,IAAI,UAAU,GAAG,WAAW,CAAA;YAC5B,IAAI,cAAc,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAClC,UAAU,GAAG,QAAQ,CAAA;YACvB,CAAC;YACD,IAAA,iBAAS,EAAC,UAAU,EAAE,IAAI,oBAAY,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAA;QAC/E,CAAC;IACH,CAAC;SAAM,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,WAAW,IAAI,MAAM,EAAE,CAAC;QAClE,MAAM,IAAI,GAAG,YAAY,CAAA;QACzB,MAAM,UAAU,GAAG,MAAM,CAAC,SAAS,CAAA;QACnC,aAAa;QACb,IAAA,iBAAS,EAAC,IAAI,EAAE,IAAI,oBAAY,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC,CAAA;IACjE,CAAC;SAAM,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,OAAO,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;QACjF,MAAM,IAAI,GAAG,QAAQ,CAAA;QACrB,IAAA,iBAAS,EAAC,IAAI,EAAE,IAAI,oBAAY,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAA;IAC7D,CAAC;AACH,CAAC,CAAA;AAEM,MAAM,kBAAkB,GAAG,CAChC,WAAwB,EACxB,IAEC,EACyB,EAAE;IAC5B,MAAM,YAAY,GAAG,MAAM,IAAA,yCAAiC,EAAC,WAAW,CAAC,CAAA;IACzE,OAAO;QACL,MAAM,EAAE,EAAE,EAAE,EAAE,IAAA,mBAAW,EAAC,WAAW,CAAC,EAAE;QACxC,OAAO,EAAE;YACP,EAAE,EAAE,IAAA,oBAAY,EAAC,WAAW,CAAC;YAC7B,uBAAuB,EAAE,IAAA,kCAA0B,EAAC,WAAW,EAAE,EAAE,UAAU,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,aAAa,EAAE,CAAC;SACtG;QACD,YAAY,EAAE,YAAY;QAC1B,SAAS,EAAE,WAAW,CAAC,SAAS,CAAC,KAAK;QACtC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,KAAK;QACpC,cAAc;KACW,CAAA;AAC7B,CAAC,CAAA,CAAA;AAlBY,QAAA,kBAAkB,sBAkB9B;AAkBD;;;;;;GAMG;AACI,MAAM,4BAA4B,GAAG,KAcV,EAAE,4CAde,EACjD,KAAK,EAAE,aAAa,EACpB,YAAY,EACZ,gBAAgB,GAAG,IAAI,IAAI,EAAE,EAC7B,IAAI,GAAG;IACL,sBAAsB,EAAE,KAAK;IAC7B,2BAA2B,EAAE,IAAI;IACjC,qBAAqB,EAAE,EAAE;CAC1B,GAMF;;IACC,MAAM,EAAE,sBAAsB,GAAG,KAAK,EAAE,2BAA2B,GAAG,IAAI,EAAE,qBAAqB,GAAG,EAAE,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;IACvH,MAAM,WAAW,GAAG,sBAAsB,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAA;IAEtH,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL,KAAK,EAAE,IAAI;YACX,QAAQ,EAAE,IAAI;YACd,OAAO,EAAE,0DAA0D;YACnE,gBAAgB;SACjB,CAAA;IACH,CAAC;IAED,+HAA+H;IAC/H,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC,sCAAyB,CAAC,CAAC,OAAO,EAAE,CAAA;IACpE,MAAM,YAAY,GAAG,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,sCAAyB,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IACzF,mBAAmB,EAAE,CAAA;IAErB,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,OAAO,aAAa,CAAC,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAA;QACxH,MAAM,IAAI,GAAG,IAAA,sCAAyB,EAAC,UAAU,CAAC,CAAA;QAClD,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,UAAU,GAAG,MAAM,IAAA,qDAA6C,EAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,cAAc,CAAC,CAAA;YACpH,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO,UAAU,CAAA;YACnB,CAAC;QACH,CAAC;QACD,IAAI,qBAAqB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,iHAAiH,CAAC,CAAA;YAC9H,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,iHAAiH,EAC1H,gBAAgB,EAChB,gBAAgB,EAAE,CAAC,MAAM,IAAA,0BAAkB,EAAC,IAAI,CAAC,CAAC,IAC/C,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QACD,IAAI,2BAA2B,EAAE,CAAC;YAChC,MAAM,SAAS,GAAG,IAAA,oBAAY,EAAC,IAAI,CAAC,CAAC,EAAE,CAAA;YACvC,IAAI,CAAC,IAAA,mBAAW,EAAC,IAAI,CAAC,CAAC,EAAE,IAAI,IAAA,mBAAW,EAAC,IAAI,CAAC,CAAC,EAAE,KAAK,SAAS,EAAE,CAAC;gBAChE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAA;gBAClC,uBACE,KAAK,EAAE,CAAC,MAAM,EACd,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,oCAAoC,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,GAAG,EAC9F,gBAAgB,EAChB,gBAAgB,EAAE,CAAC,MAAM,IAAA,0BAAkB,EAAC,IAAI,CAAC,CAAC,IAC/C,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,gBAAgB,GAAG,IAAI,wCAAgC,CAAC;QAC5D,KAAK,CAAC,oCAAoC;QAC1C,SAAS,EAAE,gBAAgB;QAC3B,YAAY;KACb,CAAC,CAAA;IAEF,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,CAAA;QACpD,IAAI,CAAC,YAAY,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;YAC1D,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,YAAY,CAAC,aAAa,KAAK,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,CAAC,sCAAsC,EAChH,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QACD,MAAM,QAAQ,GAAG,YAAY,CAAC,eAAe,CAAA;QAC7C,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,kBAAkB,GAAG,MAAM,IAAA,qDAA6C,EAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,cAAc,CAAC,CAAA;YAChI,IAAI,kBAAkB,CAAC,KAAK,EAAE,CAAC;gBAC7B,OAAO,kBAAkB,CAAA;YAC3B,CAAC;QACH,CAAC;QACD,MAAM,SAAS,GAA2B,MAAM,OAAO,CAAC,GAAG,CACzD,QAAQ,CAAC,GAAG,CAAC,CAAO,WAAW,EAAE,EAAE;YACjC,OAAO,IAAA,0BAAkB,EAAC,WAAW,CAAC,CAAA;QACxC,CAAC,CAAA,CAAC,CACH,CAAA;QACD,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,6BAA6B,EACtC,gBAAgB,EAChB,gBAAgB,EAAE,SAAS,IACxB,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;IACH,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,kCAAkC,MAAA,KAAK,CAAC,OAAO,mCAAI,iBAAiB,EAAE,EAC/E,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;IACH,CAAC;AACH,CAAC,CAAA,CAAA;AAlHY,QAAA,4BAA4B,gCAkHxC;AAED,MAAM,MAAM,GAA2B;IACrC,SAAS,EAAE,GAAG;IACd,UAAU,EAAE,GAAG;IACf,UAAU,EAAE,IAAI;IAChB,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,GAAG;IACd,SAAS,EAAE,IAAI;IACf,UAAU,EAAE,GAAG;IACf,UAAU,EAAE,IAAI;IAChB,UAAU,EAAE,GAAG;IACf,SAAS,EAAE,IAAI;IACf,sBAAsB,EAAE,QAAQ;CACjC,CAAA;AAEM,MAAM,WAAW,GAAG,CAAC,IAAiB,EAAU,EAAE;IACvD,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;QAC3C,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;KACpD,CAAA;AACH,CAAC,CAAA;AALY,QAAA,WAAW,eAKvB;AAEM,MAAM,YAAY,GAAG,CAAC,IAAiB,EAAU,EAAE;IACxD,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;QAC5C,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;KACrD,CAAA;AACH,CAAC,CAAA;AALY,QAAA,YAAY,gBAKxB;AAED,MAAM,WAAW,GAAG,CAAC,cAAuC,EAA0B,EAAE;;IACtF,MAAM,EAAE,GAA2B,EAAE,CAAA;IACrC,KAAK,MAAM,YAAY,IAAI,cAAc,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAG,MAAA,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,mCAAI,YAAY,CAAC,IAAI,CAAA;QAC3D,EAAE,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAA;IAC1C,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC,CAAA;AACD,MAAM,WAAW,GAAG,CAAC,cAAuC,EAAU,EAAE;IACtE,OAAO,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;SAC/C,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC;SACxC,IAAI,CAAC,GAAG,CAAC,CAAA;AACd,CAAC,CAAA;AAEM,MAAM,iCAAiC,GAAG,CAAO,YAA+C,EAAuB,EAAE;IAC9H,MAAM,WAAW,GACf,OAAO,YAAY,KAAK,QAAQ;QAC9B,CAAC,CAAC,YAAY;QACd,CAAC,CAAC,YAAY,YAAY,UAAU;YACpC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY,EAAE,WAAW,CAAC;YACzC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACrC,MAAM,GAAG,GAAG,IAAA,qBAAQ,EAAC,WAAW,CAAC,CAAA;IACjC,MAAM,WAAW,GAAG,IAAA,sCAAyB,EAAC,GAAG,CAAC,CAAA;IAClD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,iBAAS,EAAC,IAAI,CAAC,CAAC,MAAM,CAAA;QACrC,MAAM,EAAE,GAAG,MAAM,WAAW,CAAC,YAAY,EAAE,CAAA;QAC3C,OAAO,MAAM,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;IAC1C,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,CAAC,CAAA;IACpE,CAAC;IACD,OAAO,MAAM,uBAAI,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;AACrC,CAAC,CAAA,CAAA;AAjBY,QAAA,iCAAiC,qCAiB7C;AAED;;;;;;;;;;GAUG;AACH,IAAY,6BAKX;AALD,WAAY,6BAA6B;IACvC,6FAAc,CAAA;IACd,uFAAW,CAAA;IACX,2HAA6B,CAAA;IAC7B,2FAAa,CAAA;AACf,CAAC,EALW,6BAA6B,6CAA7B,6BAA6B,QAKxC;AASM,MAAM,sCAAsC,GAAG,CAAC,WAAwB,EAAE,QAAgB,EAAE,cAA8B,EAAQ,EAAE;IACzI,MAAM,IAAI,GAAG,IAAA,kCAA0B,EAAC,WAAW,EAAE,EAAE,oBAAoB,EAAE,cAAc,EAAE,CAAC,CAAA;IAC9F,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAA;IAClE,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,KAAK,CACT,oBAAoB,cAAc,0EAChC,IAAA,oBAAY,EAAC,WAAW,CAAC,CAAC,EAC5B,WAAW,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CACpD,CAAA;IACH,CAAC;AACH,CAAC,CAAA;AAVY,QAAA,sCAAsC,0CAUlD;AAEM,MAAM,6CAA6C,GAAG,CAC3D,WAAwB,EACxB,QAAgB,EAChB,cAA8B,EACC,EAAE;IACjC,MAAM,MAAM,GAAG;QACb,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,IAAI;QACd,OAAO,EAAE,aAAa,QAAQ,gDAAgD,cAAc,EAAE;QAC9F,MAAM,EAAE;YACN,QAAQ;YACR,cAAc;SACf;QACD,gBAAgB,EAAE,CAAC,MAAM,IAAA,0BAAkB,EAAC,WAAW,CAAC,CAAC;QACzD,gBAAgB,EAAE,IAAI,IAAI,EAAE;KAC7B,CAAA;IACD,IAAI,CAAC;QACH,IAAA,8CAAsC,EAAC,WAAW,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAA;IAC/E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,MAAM,CAAA;IACf,CAAC;IACD,MAAM,CAAC,KAAK,GAAG,KAAK,CAAA;IACpB,MAAM,CAAC,OAAO,GAAG,aAAa,QAAQ,4CAA4C,cAAc,EAAE,CAAA;IAClG,OAAO,MAAM,CAAA;AACf,CAAC,CAAA,CAAA;AAxBY,QAAA,6CAA6C,iDAwBzD;AAEM,MAAM,0BAA0B,GAAG,CACxC,WAAwB,EACxB,IAIC,EACyB,EAAE;;IAC5B,IAAI,UAA2C,CAAA;IAC/C,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,oBAAoB,EAAE,CAAC;QAC/B,UAAU;YACR,IAAI,CAAC,oBAAoB,KAAK,cAAc;gBAC1C,CAAC,CAAC,CAAC,6BAA6B,CAAC,OAAO,CAAC;gBACzC,CAAC,CAAC,CAAC,6BAA6B,CAAC,yBAAyB,CAAC,CAAA;IACjE,CAAC;SAAM,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,UAAU,EAAE,CAAC;QAC5B,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACnF,CAAC;SAAM,CAAC;QACN,UAAU,GAAG,CAAC,6BAA6B,CAAC,OAAO,EAAE,6BAA6B,CAAC,yBAAyB,CAAC,CAAA;IAC/G,CAAC;IACD,MAAM,WAAW,GAAG,MAAA,MAAA,WAAW,CAAC,UAAU,0CAAE,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,KAAK,yBAAiB,CAAC,0CAAE,WAAsB,CAAA;IACnH,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,EAAE,CAAA;IACX,CAAC;IACD,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAA;IAC9C,OAAO,QAAQ;SACZ,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;SACtD,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;QACf,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAmC,CAAA;IACtF,CAAC,CAAC,CAAA;AACN,CAAC,CAAA;AA7BY,QAAA,0BAA0B,8BA6BtC"}
|
|
1
|
+
{"version":3,"file":"x509-validator.js","sourceRoot":"","sources":["../../src/x509/x509-validator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uDAAiD;AACjD,mDAA0D;AAC1D,yCAAmE;AAGnE,kEAAgC;AAChC,iCASc;AACd,uCAAoC;AACpC,iDAAkC;AAClC,6CAAwF;AAmCxF,MAAM,mBAAmB,GAAG,GAAG,EAAE;IAC/B,IAAI,OAAO,IAAI,KAAK,WAAW,EAAE,CAAC;QAChC,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;YACrB,IAAI,UAAU,GAAG,WAAW,CAAA;YAC5B,IAAI,cAAc,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAClC,UAAU,GAAG,QAAQ,CAAA;YACvB,CAAC;YACD,IAAA,iBAAS,EAAC,UAAU,EAAE,IAAI,oBAAY,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAA;QAC/E,CAAC;IACH,CAAC;SAAM,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,WAAW,IAAI,MAAM,EAAE,CAAC;QAClE,MAAM,IAAI,GAAG,YAAY,CAAA;QACzB,MAAM,UAAU,GAAG,MAAM,CAAC,SAAS,CAAA;QACnC,aAAa;QACb,IAAA,iBAAS,EAAC,IAAI,EAAE,IAAI,oBAAY,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC,CAAA;IACjE,CAAC;SAAM,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,OAAO,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;QACjF,MAAM,IAAI,GAAG,QAAQ,CAAA;QACrB,IAAA,iBAAS,EAAC,IAAI,EAAE,IAAI,oBAAY,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAA;IAC7D,CAAC;AACH,CAAC,CAAA;AAEM,MAAM,kBAAkB,GAAG,CAChC,WAAwB,EACxB,IAEC,EACyB,EAAE;IAC5B,MAAM,YAAY,GAAG,MAAM,IAAA,yCAAiC,EAAC,WAAW,CAAC,CAAA;IACzE,OAAO;QACL,MAAM,EAAE,EAAE,EAAE,EAAE,IAAA,mBAAW,EAAC,WAAW,CAAC,EAAE;QACxC,OAAO,EAAE;YACP,EAAE,EAAE,IAAA,oBAAY,EAAC,WAAW,CAAC;YAC7B,uBAAuB,EAAE,IAAA,kCAA0B,EAAC,WAAW,EAAE,EAAE,UAAU,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,aAAa,EAAE,CAAC;SACtG;QACD,YAAY,EAAE,YAAY;QAC1B,SAAS,EAAE,WAAW,CAAC,SAAS,CAAC,KAAK;QACtC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,KAAK;QACpC,cAAc;KACW,CAAA;AAC7B,CAAC,CAAA,CAAA;AAlBY,QAAA,kBAAkB,sBAkB9B;AAoBM,MAAM,4BAA4B,GAAG,KAeV,EAAE,4CAfe,EACjD,KAAK,EAAE,aAAa,EACpB,YAAY,EACZ,gBAAgB,GAAG,IAAI,IAAI,EAAE,EAC7B,IAAI,GAAG;IACL,sBAAsB,EAAE,KAAK;IAC7B,2BAA2B,EAAE,IAAI;IACjC,qBAAqB,EAAE,EAAE;IACzB,qBAAqB,EAAE,KAAK;CAC7B,GAMF;IACC,+KAA+K;IAC/K,OAAO,MAAM,gCAAgC,CAAC;QAC5C,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE;QAC9B,YAAY;QACZ,gBAAgB;QAChB,IAAI;KACL,CAAC,CAAA;AACJ,CAAC,CAAA,CAAA;AAxBY,QAAA,4BAA4B,gCAwBxC;AACD,MAAM,gCAAgC,GAAG,KAYP,EAAE,4CAZY,EAC9C,QAAQ,EACR,KAAK,EAAE,aAAa,EACpB,YAAY,EACZ,gBAAgB,EAAE,QAAQ,EAC1B,IAAI,GAOL;;IACC,MAAM,gBAAgB,GAAS,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAA;IAC3F,MAAM,EACJ,sBAAsB,GAAG,KAAK,EAC9B,2BAA2B,GAAG,IAAI,EAClC,qBAAqB,GAAG,EAAE,EAC1B,qBAAqB,GAAG,KAAK,EAC7B,MAAM,GACP,GAAG,IAAI,CAAA;IACR,MAAM,WAAW,GAAG,sBAAsB,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAA;IAEtH,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL,KAAK,EAAE,IAAI;YACX,QAAQ,EAAE,IAAI;YACd,OAAO,EAAE,0DAA0D;YACnE,gBAAgB;SACjB,CAAA;IACH,CAAC;IACD,mBAAmB,EAAE,CAAA;IAErB,+HAA+H;IAC/H,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IAClF,MAAM,YAAY,GAAG,WAAW,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IACjH,MAAM,cAAc,GAAG,MAAA,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,mCAAI,EAAE,CAAA;IAC3G,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;IAExC,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAA;IAChC,IAAI,gBAAgB,GAAkC,SAAS,CAAA;IAC/D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACrB,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QACjD,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAA,iCAAoB,EAAC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YAClG,OAAO,CAAC,GAAG,CAAC,iHAAiH,CAAC,CAAA;YAC9H,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,iHAAiH,EAC1H,gBAAgB,EAChB,gBAAgB,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,IACxD,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACV,IAAI,IAAI,CAAC,eAAe,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC;gBACzE,IAAI,CAAC,QAAQ,IAAI,CAAC,qBAAqB,EAAE,CAAC;oBACxC,OAAO,MAAM,gCAAgC,CAAC;wBAC5C,QAAQ,EAAE,IAAI;wBACd,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE;wBAC9B,IAAI;wBACJ,gBAAgB;wBAChB,YAAY;qBACb,CAAC,CAAA;gBACJ,CAAC;gBACD,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;YACH,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAC9C;YACE,IAAI,EAAE,gBAAgB;YACtB,SAAS,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,eAAe,0CAAE,SAAS;SAChD,EACD,MAAA,MAAA,MAAA,IAAA,iBAAS,GAAE,0CAAE,MAAM,mCAAI,MAAM,mCAAI,MAAM,CAAC,MAAM,CAC/C,CAAA;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBAClD,OAAO,MAAM,gCAAgC,CAAC;oBAC5C,QAAQ,EAAE,IAAI;oBACd,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE;oBAC9B,IAAI;oBACJ,gBAAgB;oBAChB,YAAY;iBACb,CAAC,CAAA;YACJ,CAAC;YACD,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QAED,gBAAgB,GAAG,gBAAgB,aAAhB,gBAAgB,cAAhB,gBAAgB,GAAI,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC,eAAe,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC,CAAA;QAExI,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,KAAK,CAAC,IAAI,2BAA2B,EAAE,CAAC;YAChE,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,uEAAuE,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EACzH,WAAW,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAC9C,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;IACH,CAAC;IAED,IAAI,gBAAgB,EAAE,CAAC;QACrB,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,6BAA6B,EACtC,WAAW,EAAE,gBAAgB,aAAhB,gBAAgB,uBAAhB,gBAAgB,CAAE,eAAe,EAC9C,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;IACH,CAAC;IAED,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,2CAA2C,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,GAAG,EAC7F,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;AACH,CAAC,CAAA,CAAA;AAED,MAAM,iBAAiB,GAAG,CAAC,KAAsB,EAAE,KAAsB,EAAW,EAAE;IACpF,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,KAAK,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAA;AAC9D,CAAC,CAAA;AAED,MAAM,iBAAiB,GAAsB,oBAAS,CAAC,OAAO,CAAC,wBAAiB,CAAC,CAAA;AAC1E,MAAM,wBAAwB,GAAG,GAAsB,EAAE;IAC9D,OAAO,iBAAiB,CAAA;AAC1B,CAAC,CAAA;AAFY,QAAA,wBAAwB,4BAEpC;AAYM,MAAM,gBAAgB,GAAG,CAAO,OAA4B,EAA8B,EAAE;IACjG,MAAM,eAAe,GAAG,IAAI,sBAAe,CAAC,OAAO,CAAC,CAAA;IACpD,MAAM,aAAa,GAAG,uBAAS,CAAC,KAAK,CAAC,eAAe,CAAC,SAAS,CAAC,OAAO,EAAE,gCAAoB,CAAC,CAAA;IAC9F,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAA;IACnE,MAAM,YAAY,GAAQ,CAAC,MAAM,IAAA,yCAAiC,EAAC,IAAI,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAQ,CAAA;IACnH,MAAM,WAAW,GAAG,IAAA,sCAAyB,EAAC,OAAO,CAAC,CAAA;IACtD,MAAM,eAAe,GAAG,MAAM,IAAA,0BAAkB,EAAC,WAAW,CAAC,CAAA;IAC7D,MAAM,kBAAkB,GAAG,IAAA,gCAAwB,GAAE,CAAC,cAAc,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;IAC7F,OAAO;QACL,kBAAkB;QAClB,aAAa;QACb,YAAY;QACZ,YAAY;QACZ,eAAe;QACf,WAAW;QACX,eAAe;KAChB,CAAA;AACH,CAAC,CAAA,CAAA;AAjBY,QAAA,gBAAgB,oBAiB5B;AAED;;;;;;GAMG;AACI,MAAM,+BAA+B,GAAG,KAcb,EAAE,4CAdkB,EACpD,KAAK,EAAE,aAAa,EACpB,YAAY,EACZ,gBAAgB,GAAG,IAAI,IAAI,EAAE,EAC7B,IAAI,GAAG;IACL,sBAAsB,EAAE,KAAK;IAC7B,2BAA2B,EAAE,IAAI;IACjC,qBAAqB,EAAE,EAAE;CAC1B,GAMF;;IACC,MAAM,EAAE,sBAAsB,GAAG,KAAK,EAAE,2BAA2B,GAAG,IAAI,EAAE,qBAAqB,GAAG,EAAE,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;IACvH,MAAM,WAAW,GAAG,sBAAsB,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAA;IAEtH,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL,KAAK,EAAE,IAAI;YACX,QAAQ,EAAE,IAAI;YACd,OAAO,EAAE,0DAA0D;YACnE,gBAAgB;SACjB,CAAA;IACH,CAAC;IAED,+HAA+H;IAC/H,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC,sCAAyB,CAAC,CAAC,OAAO,EAAE,CAAA;IACpE,MAAM,YAAY,GAAG,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,sCAAyB,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IACzF,mBAAmB,EAAE,CAAA;IAErB,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,OAAO,aAAa,CAAC,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAA;QACxH,MAAM,IAAI,GAAG,IAAA,sCAAyB,EAAC,UAAU,CAAC,CAAA;QAClD,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,UAAU,GAAG,MAAM,IAAA,qDAA6C,EAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,cAAc,CAAC,CAAA;YACpH,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO,UAAU,CAAA;YACnB,CAAC;QACH,CAAC;QACD,IAAI,qBAAqB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,iHAAiH,CAAC,CAAA;YAC9H,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,iHAAiH,EAC1H,gBAAgB,EAChB,gBAAgB,EAAE,CAAC,MAAM,IAAA,0BAAkB,EAAC,IAAI,CAAC,CAAC,IAC/C,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QACD,IAAI,2BAA2B,EAAE,CAAC;YAChC,MAAM,SAAS,GAAG,IAAA,oBAAY,EAAC,IAAI,CAAC,CAAC,EAAE,CAAA;YACvC,IAAI,CAAC,IAAA,mBAAW,EAAC,IAAI,CAAC,CAAC,EAAE,IAAI,IAAA,mBAAW,EAAC,IAAI,CAAC,CAAC,EAAE,KAAK,SAAS,EAAE,CAAC;gBAChE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAA;gBAClC,uBACE,KAAK,EAAE,CAAC,MAAM,EACd,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,oCAAoC,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,GAAG,EAC9F,gBAAgB,EAChB,gBAAgB,EAAE,CAAC,MAAM,IAAA,0BAAkB,EAAC,IAAI,CAAC,CAAC,IAC/C,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,gBAAgB,GAAG,IAAI,wCAAgC,CAAC;QAC5D,KAAK,CAAC,oCAAoC;QAC1C,SAAS,EAAE,gBAAgB;QAC3B,YAAY;KACb,CAAC,CAAA;IAEF,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,CAAA;QACpD,IAAI,CAAC,YAAY,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;YAC1D,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,YAAY,CAAC,aAAa,KAAK,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,CAAC,sCAAsC,EAChH,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;QACH,CAAC;QACD,MAAM,QAAQ,GAAG,YAAY,CAAC,eAAe,CAAA;QAC7C,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,kBAAkB,GAAG,MAAM,IAAA,qDAA6C,EAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,cAAc,CAAC,CAAA;YAChI,IAAI,kBAAkB,CAAC,KAAK,EAAE,CAAC;gBAC7B,OAAO,kBAAkB,CAAA;YAC3B,CAAC;QACH,CAAC;QACD,MAAM,SAAS,GAA2B,MAAM,OAAO,CAAC,GAAG,CACzD,QAAQ,CAAC,GAAG,CAAC,CAAO,WAAW,EAAE,EAAE;YACjC,OAAO,IAAA,0BAAkB,EAAC,WAAW,CAAC,CAAA;QACxC,CAAC,CAAA,CAAC,CACH,CAAA;QACD,uBACE,KAAK,EAAE,KAAK,EACZ,QAAQ,EAAE,KAAK,EACf,OAAO,EAAE,6BAA6B,EACtC,gBAAgB,EAChB,gBAAgB,EAAE,SAAS,IACxB,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;IACH,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,uBACE,KAAK,EAAE,IAAI,EACX,QAAQ,EAAE,IAAI,EACd,OAAO,EAAE,kCAAkC,MAAA,KAAK,CAAC,OAAO,mCAAI,iBAAiB,EAAE,EAC/E,gBAAgB,IACb,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAC1B;IACH,CAAC;AACH,CAAC,CAAA,CAAA;AAlHY,QAAA,+BAA+B,mCAkH3C;AAED,MAAM,MAAM,GAA2B;IACrC,SAAS,EAAE,GAAG;IACd,UAAU,EAAE,GAAG;IACf,UAAU,EAAE,IAAI;IAChB,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,GAAG;IACd,SAAS,EAAE,IAAI;IACf,UAAU,EAAE,GAAG;IACf,UAAU,EAAE,IAAI;IAChB,UAAU,EAAE,GAAG;IACf,SAAS,EAAE,IAAI;IACf,sBAAsB,EAAE,QAAQ;CACjC,CAAA;AAEM,MAAM,WAAW,GAAG,CAAC,IAAiB,EAAU,EAAE;IACvD,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;QAC3C,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;KACpD,CAAA;AACH,CAAC,CAAA;AALY,QAAA,WAAW,eAKvB;AAEM,MAAM,YAAY,GAAG,CAAC,IAAiB,EAAU,EAAE;IACxD,OAAO;QACL,EAAE,EAAE,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;QAC5C,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;KACrD,CAAA;AACH,CAAC,CAAA;AALY,QAAA,YAAY,gBAKxB;AAED,MAAM,WAAW,GAAG,CAAC,cAAuC,EAA0B,EAAE;;IACtF,MAAM,EAAE,GAA2B,EAAE,CAAA;IACrC,KAAK,MAAM,YAAY,IAAI,cAAc,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAG,MAAA,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,mCAAI,YAAY,CAAC,IAAI,CAAA;QAC3D,EAAE,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAA;IAC1C,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC,CAAA;AACD,MAAM,WAAW,GAAG,CAAC,cAAuC,EAAU,EAAE;IACtE,OAAO,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;SAC/C,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC;SACxC,IAAI,CAAC,GAAG,CAAC,CAAA;AACd,CAAC,CAAA;AAEM,MAAM,iCAAiC,GAAG,CAAO,YAA+C,EAAuB,EAAE;IAC9H,MAAM,WAAW,GACf,OAAO,YAAY,KAAK,QAAQ;QAC9B,CAAC,CAAC,YAAY;QACd,CAAC,CAAC,YAAY,YAAY,UAAU;YACpC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY,EAAE,WAAW,CAAC;YACzC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACrC,MAAM,GAAG,GAAG,IAAA,qBAAQ,EAAC,WAAW,CAAC,CAAA;IACjC,MAAM,WAAW,GAAG,IAAA,sCAAyB,EAAC,GAAG,CAAC,CAAA;IAClD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,iBAAS,EAAC,IAAI,CAAC,CAAC,MAAM,CAAA;QACrC,MAAM,EAAE,GAAG,MAAM,WAAW,CAAC,YAAY,EAAE,CAAA;QAC3C,OAAO,MAAM,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;IAC1C,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,CAAC,CAAA;IACpE,CAAC;IACD,OAAO,MAAM,uBAAI,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;AACrC,CAAC,CAAA,CAAA;AAjBY,QAAA,iCAAiC,qCAiB7C;AAED;;;;;;;;;;GAUG;AACH,IAAY,6BAKX;AALD,WAAY,6BAA6B;IACvC,6FAAc,CAAA;IACd,uFAAW,CAAA;IACX,2HAA6B,CAAA;IAC7B,2FAAa,CAAA;AACf,CAAC,EALW,6BAA6B,6CAA7B,6BAA6B,QAKxC;AASM,MAAM,sCAAsC,GAAG,CAAC,WAAwB,EAAE,QAAgB,EAAE,cAA8B,EAAQ,EAAE;IACzI,MAAM,IAAI,GAAG,IAAA,kCAA0B,EAAC,WAAW,EAAE,EAAE,oBAAoB,EAAE,cAAc,EAAE,CAAC,CAAA;IAC9F,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAA;IAClE,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,KAAK,CACT,oBAAoB,cAAc,0EAChC,IAAA,oBAAY,EAAC,WAAW,CAAC,CAAC,EAC5B,WAAW,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CACpD,CAAA;IACH,CAAC;AACH,CAAC,CAAA;AAVY,QAAA,sCAAsC,0CAUlD;AAEM,MAAM,6CAA6C,GAAG,CAC3D,WAAwB,EACxB,QAAgB,EAChB,cAA8B,EACC,EAAE;IACjC,MAAM,MAAM,GAAG;QACb,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,IAAI;QACd,OAAO,EAAE,aAAa,QAAQ,gDAAgD,cAAc,EAAE;QAC9F,MAAM,EAAE;YACN,QAAQ;YACR,cAAc;SACf;QACD,gBAAgB,EAAE,CAAC,MAAM,IAAA,0BAAkB,EAAC,WAAW,CAAC,CAAC;QACzD,gBAAgB,EAAE,IAAI,IAAI,EAAE;KAC7B,CAAA;IACD,IAAI,CAAC;QACH,IAAA,8CAAsC,EAAC,WAAW,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAA;IAC/E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,MAAM,CAAA;IACf,CAAC;IACD,MAAM,CAAC,KAAK,GAAG,KAAK,CAAA;IACpB,MAAM,CAAC,OAAO,GAAG,aAAa,QAAQ,4CAA4C,cAAc,EAAE,CAAA;IAClG,OAAO,MAAM,CAAA;AACf,CAAC,CAAA,CAAA;AAxBY,QAAA,6CAA6C,iDAwBzD;AAEM,MAAM,0BAA0B,GAAG,CACxC,WAAwB,EACxB,IAIC,EACyB,EAAE;;IAC5B,IAAI,UAA2C,CAAA;IAC/C,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,oBAAoB,EAAE,CAAC;QAC/B,UAAU;YACR,IAAI,CAAC,oBAAoB,KAAK,cAAc;gBAC1C,CAAC,CAAC,CAAC,6BAA6B,CAAC,OAAO,CAAC;gBACzC,CAAC,CAAC,CAAC,6BAA6B,CAAC,yBAAyB,CAAC,CAAA;IACjE,CAAC;SAAM,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,UAAU,EAAE,CAAC;QAC5B,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACnF,CAAC;SAAM,CAAC;QACN,UAAU,GAAG,CAAC,6BAA6B,CAAC,OAAO,EAAE,6BAA6B,CAAC,yBAAyB,CAAC,CAAA;IAC/G,CAAC;IACD,MAAM,WAAW,GAAG,MAAA,MAAA,WAAW,CAAC,UAAU,0CAAE,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,KAAK,yBAAiB,CAAC,0CAAE,WAAsB,CAAA;IACnH,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,EAAE,CAAA;IACX,CAAC;IACD,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAA;IAC9C,OAAO,QAAQ;SACZ,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;SACtD,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;QACf,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAmC,CAAA;IACtF,CAAC,CAAC,CAAA;AACN,CAAC,CAAA;AA7BY,QAAA,0BAA0B,8BA6BtC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sphereon/ssi-sdk-ext.x509-utils",
|
|
3
3
|
"description": "Sphereon SSI-SDK plugin functions for X.509 Certificate handling.",
|
|
4
|
-
"version": "0.26.1-next.
|
|
4
|
+
"version": "0.26.1-next.9+a173106",
|
|
5
5
|
"source": "src/index.ts",
|
|
6
6
|
"main": "dist/index.js",
|
|
7
7
|
"types": "dist/index.d.ts",
|
|
@@ -10,10 +10,15 @@
|
|
|
10
10
|
"build:clean": "tsc --build --clean && tsc --build"
|
|
11
11
|
},
|
|
12
12
|
"dependencies": {
|
|
13
|
+
"@peculiar/asn1-schema": "^2.3.13",
|
|
14
|
+
"@peculiar/asn1-x509": "^2.3.13",
|
|
15
|
+
"@peculiar/x509": "^1.12.3",
|
|
16
|
+
"@sphereon/ssi-types": "^0.31.0",
|
|
13
17
|
"@trust/keyto": "^1.0.1",
|
|
14
18
|
"debug": "^4.3.4",
|
|
15
19
|
"js-x509-utils": "^1.0.7",
|
|
16
20
|
"pkijs": "^3.2.4",
|
|
21
|
+
"tsyringe": "^4.8.0",
|
|
17
22
|
"uint8arrays": "^3.1.1"
|
|
18
23
|
},
|
|
19
24
|
"devDependencies": {
|
|
@@ -37,5 +42,5 @@
|
|
|
37
42
|
"DID",
|
|
38
43
|
"Veramo"
|
|
39
44
|
],
|
|
40
|
-
"gitHead": "
|
|
45
|
+
"gitHead": "a173106e58c2e78b94a35f02be00aee1fea14b74"
|
|
41
46
|
}
|
package/src/x509/x509-utils.ts
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { X509Certificate } from '@peculiar/x509'
|
|
1
2
|
import { Certificate } from 'pkijs'
|
|
2
3
|
import * as u8a from 'uint8arrays'
|
|
3
4
|
// @ts-ignore
|
|
@@ -43,14 +44,19 @@ export function x5cToPemCertChain(x5c: string[], maxDepth?: number): string {
|
|
|
43
44
|
return pem
|
|
44
45
|
}
|
|
45
46
|
|
|
46
|
-
export const pemOrDerToX509Certificate = (cert: string | Uint8Array): Certificate => {
|
|
47
|
-
|
|
47
|
+
export const pemOrDerToX509Certificate = (cert: string | Uint8Array | X509Certificate): Certificate => {
|
|
48
|
+
let DER: string | undefined = typeof cert === 'string' ? cert : undefined
|
|
49
|
+
if (typeof cert === 'object' && !(cert instanceof Uint8Array)) {
|
|
50
|
+
// X509Certificate object
|
|
51
|
+
return Certificate.fromBER(cert.rawData)
|
|
52
|
+
} else if (typeof cert !== 'string') {
|
|
48
53
|
return Certificate.fromBER(cert)
|
|
49
|
-
}
|
|
50
|
-
let DER = cert
|
|
51
|
-
if (cert.includes('CERTIFICATE')) {
|
|
54
|
+
} else if (cert.includes('CERTIFICATE')) {
|
|
52
55
|
DER = PEMToDer(cert)
|
|
53
56
|
}
|
|
57
|
+
if (!DER) {
|
|
58
|
+
throw Error('Invalid cert input value supplied. PEM, DER, Bytes and X509Certificate object are supported')
|
|
59
|
+
}
|
|
54
60
|
return Certificate.fromBER(u8a.fromString(DER, 'base64pad'))
|
|
55
61
|
}
|
|
56
62
|
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
import { AsnParser } from '@peculiar/asn1-schema'
|
|
2
|
+
import { SubjectPublicKeyInfo } from '@peculiar/asn1-x509'
|
|
3
|
+
import { AlgorithmProvider, X509Certificate } from '@peculiar/x509'
|
|
4
|
+
// import {calculateJwkThumbprint} from "@sphereon/ssi-sdk-ext.key-utils";
|
|
5
|
+
import { JWK } from '@sphereon/ssi-types'
|
|
1
6
|
import x509 from 'js-x509-utils'
|
|
2
7
|
import {
|
|
3
8
|
AltName,
|
|
@@ -9,8 +14,9 @@ import {
|
|
|
9
14
|
id_SubjectAltName,
|
|
10
15
|
setEngine,
|
|
11
16
|
} from 'pkijs'
|
|
17
|
+
import { container } from 'tsyringe'
|
|
12
18
|
import * as u8a from 'uint8arrays'
|
|
13
|
-
import { derToPEM, pemOrDerToX509Certificate } from './x509-utils'
|
|
19
|
+
import { areCertificatesEqual, derToPEM, pemOrDerToX509Certificate } from './x509-utils'
|
|
14
20
|
|
|
15
21
|
export type DNInfo = {
|
|
16
22
|
DN: string
|
|
@@ -37,6 +43,7 @@ export type X509ValidationResult = {
|
|
|
37
43
|
message: string
|
|
38
44
|
verificationTime: Date
|
|
39
45
|
certificateChain?: Array<CertificateInfo>
|
|
46
|
+
trustAnchor?: CertificateInfo
|
|
40
47
|
client?: {
|
|
41
48
|
// In case client id and scheme were passed in we return them for easy access. It means they are validated
|
|
42
49
|
clientId: string
|
|
@@ -93,6 +100,8 @@ export type X509CertificateChainValidationOpts = {
|
|
|
93
100
|
// Similar to regular trust anchors, but no validation is performed whatsoever. Do not use in production settings! Can be handy with self generated certificates as we perform many validations, making it hard to test with self-signed certs. Only applied in case a chain with 1 element is passed in to really make sure people do not abuse this option
|
|
94
101
|
blindlyTrustedAnchors?: string[]
|
|
95
102
|
|
|
103
|
+
disallowReversedChain?: boolean
|
|
104
|
+
|
|
96
105
|
client?: {
|
|
97
106
|
// If provided both are required. Validates the leaf certificate against the clientId and scheme
|
|
98
107
|
clientId: string
|
|
@@ -100,6 +109,204 @@ export type X509CertificateChainValidationOpts = {
|
|
|
100
109
|
}
|
|
101
110
|
}
|
|
102
111
|
|
|
112
|
+
export const validateX509CertificateChain = async ({
|
|
113
|
+
chain: pemOrDerChain,
|
|
114
|
+
trustAnchors,
|
|
115
|
+
verificationTime = new Date(),
|
|
116
|
+
opts = {
|
|
117
|
+
trustRootWhenNoAnchors: false,
|
|
118
|
+
allowSingleNoCAChainElement: true,
|
|
119
|
+
blindlyTrustedAnchors: [],
|
|
120
|
+
disallowReversedChain: false,
|
|
121
|
+
},
|
|
122
|
+
}: {
|
|
123
|
+
chain: (Uint8Array | string)[]
|
|
124
|
+
trustAnchors?: string[]
|
|
125
|
+
verificationTime?: Date
|
|
126
|
+
opts?: X509CertificateChainValidationOpts
|
|
127
|
+
}): Promise<X509ValidationResult> => {
|
|
128
|
+
// We allow 1 reversal. We reverse by default as the implementation expects the root ca first, whilst x5c is the opposite. Reversed becomes true if the impl reverses the chain
|
|
129
|
+
return await validateX509CertificateChainImpl({
|
|
130
|
+
reversed: false,
|
|
131
|
+
chain: pemOrDerChain.reverse(),
|
|
132
|
+
trustAnchors,
|
|
133
|
+
verificationTime,
|
|
134
|
+
opts,
|
|
135
|
+
})
|
|
136
|
+
}
|
|
137
|
+
const validateX509CertificateChainImpl = async ({
|
|
138
|
+
reversed,
|
|
139
|
+
chain: pemOrDerChain,
|
|
140
|
+
trustAnchors,
|
|
141
|
+
verificationTime: verifyAt,
|
|
142
|
+
opts,
|
|
143
|
+
}: {
|
|
144
|
+
reversed: boolean
|
|
145
|
+
chain: (Uint8Array | string)[]
|
|
146
|
+
trustAnchors?: string[]
|
|
147
|
+
verificationTime: Date | string // string for REST API
|
|
148
|
+
opts: X509CertificateChainValidationOpts
|
|
149
|
+
}): Promise<X509ValidationResult> => {
|
|
150
|
+
const verificationTime: Date = typeof verifyAt === 'string' ? new Date(verifyAt) : verifyAt
|
|
151
|
+
const {
|
|
152
|
+
trustRootWhenNoAnchors = false,
|
|
153
|
+
allowSingleNoCAChainElement = true,
|
|
154
|
+
blindlyTrustedAnchors = [],
|
|
155
|
+
disallowReversedChain = false,
|
|
156
|
+
client,
|
|
157
|
+
} = opts
|
|
158
|
+
const trustedPEMs = trustRootWhenNoAnchors && !trustAnchors ? [pemOrDerChain[pemOrDerChain.length - 1]] : trustAnchors
|
|
159
|
+
|
|
160
|
+
if (pemOrDerChain.length === 0) {
|
|
161
|
+
return {
|
|
162
|
+
error: true,
|
|
163
|
+
critical: true,
|
|
164
|
+
message: 'Certificate chain in DER or PEM format must not be empty',
|
|
165
|
+
verificationTime,
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
defaultCryptoEngine()
|
|
169
|
+
|
|
170
|
+
// x5c always starts with the leaf cert at index 0 and then the cas. Our internal pkijs service expects it the other way around
|
|
171
|
+
const chain = await Promise.all(pemOrDerChain.map((raw) => parseCertificate(raw)))
|
|
172
|
+
const trustedCerts = trustedPEMs ? await Promise.all(trustedPEMs.map((raw) => parseCertificate(raw))) : undefined
|
|
173
|
+
const blindlyTrusted = (await Promise.all(blindlyTrustedAnchors.map((raw) => parseCertificate(raw)))) ?? []
|
|
174
|
+
const leafCert = chain[chain.length - 1]
|
|
175
|
+
|
|
176
|
+
const chainLength = chain.length
|
|
177
|
+
var foundTrustAnchor: ParsedCertificate | undefined = undefined
|
|
178
|
+
for (let i = 0; i < chainLength; i++) {
|
|
179
|
+
const cert = chain[i]
|
|
180
|
+
const prevCert = i > 0 ? chain[i - 1] : undefined
|
|
181
|
+
if (blindlyTrusted.some((trusted) => areCertificatesEqual(trusted.certificate, cert.certificate))) {
|
|
182
|
+
console.log(`Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`)
|
|
183
|
+
return {
|
|
184
|
+
error: false,
|
|
185
|
+
critical: false,
|
|
186
|
+
message: `Certificate chain validation success as single cert if blindly trusted. WARNING: ONLY USE FOR TESTING PURPOSES.`,
|
|
187
|
+
verificationTime,
|
|
188
|
+
certificateChain: chain.map((cert) => cert.certificateInfo),
|
|
189
|
+
...(client && { client }),
|
|
190
|
+
}
|
|
191
|
+
}
|
|
192
|
+
if (i > 0) {
|
|
193
|
+
if (cert.x509Certificate.issuer !== chain[i - 1].x509Certificate.subject) {
|
|
194
|
+
if (!reversed && !disallowReversedChain) {
|
|
195
|
+
return await validateX509CertificateChainImpl({
|
|
196
|
+
reversed: true,
|
|
197
|
+
chain: pemOrDerChain.reverse(),
|
|
198
|
+
opts,
|
|
199
|
+
verificationTime,
|
|
200
|
+
trustAnchors,
|
|
201
|
+
})
|
|
202
|
+
}
|
|
203
|
+
return {
|
|
204
|
+
error: true,
|
|
205
|
+
critical: true,
|
|
206
|
+
message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`,
|
|
207
|
+
verificationTime,
|
|
208
|
+
...(client && { client }),
|
|
209
|
+
}
|
|
210
|
+
}
|
|
211
|
+
}
|
|
212
|
+
const result = await cert.x509Certificate.verify(
|
|
213
|
+
{
|
|
214
|
+
date: verificationTime,
|
|
215
|
+
publicKey: prevCert?.x509Certificate?.publicKey,
|
|
216
|
+
},
|
|
217
|
+
getCrypto()?.crypto ?? crypto ?? global.crypto
|
|
218
|
+
)
|
|
219
|
+
if (!result) {
|
|
220
|
+
if (i == 0 && !reversed && !disallowReversedChain) {
|
|
221
|
+
return await validateX509CertificateChainImpl({
|
|
222
|
+
reversed: true,
|
|
223
|
+
chain: pemOrDerChain.reverse(),
|
|
224
|
+
opts,
|
|
225
|
+
verificationTime,
|
|
226
|
+
trustAnchors,
|
|
227
|
+
})
|
|
228
|
+
}
|
|
229
|
+
return {
|
|
230
|
+
error: true,
|
|
231
|
+
critical: true,
|
|
232
|
+
message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`,
|
|
233
|
+
verificationTime,
|
|
234
|
+
...(client && { client }),
|
|
235
|
+
}
|
|
236
|
+
}
|
|
237
|
+
|
|
238
|
+
foundTrustAnchor = foundTrustAnchor ?? trustedCerts?.find((trusted) => isSameCertificate(trusted.x509Certificate, cert.x509Certificate))
|
|
239
|
+
|
|
240
|
+
if (i === 0 && chainLength === 1 && allowSingleNoCAChainElement) {
|
|
241
|
+
return {
|
|
242
|
+
error: false,
|
|
243
|
+
critical: false,
|
|
244
|
+
message: `Certificate chain succeeded as allow single cert result is allowed: ${leafCert.certificateInfo.subject.dn.DN}.`,
|
|
245
|
+
trustAnchor: foundTrustAnchor?.certificateInfo,
|
|
246
|
+
verificationTime,
|
|
247
|
+
...(client && { client }),
|
|
248
|
+
}
|
|
249
|
+
}
|
|
250
|
+
}
|
|
251
|
+
|
|
252
|
+
if (foundTrustAnchor) {
|
|
253
|
+
return {
|
|
254
|
+
error: false,
|
|
255
|
+
critical: false,
|
|
256
|
+
message: `Certificate chain was valid`,
|
|
257
|
+
trustAnchor: foundTrustAnchor?.certificateInfo,
|
|
258
|
+
verificationTime,
|
|
259
|
+
...(client && { client }),
|
|
260
|
+
}
|
|
261
|
+
}
|
|
262
|
+
|
|
263
|
+
return {
|
|
264
|
+
error: true,
|
|
265
|
+
critical: true,
|
|
266
|
+
message: `Certificate chain validation failed for ${leafCert.certificateInfo.subject.dn.DN}.`,
|
|
267
|
+
verificationTime,
|
|
268
|
+
...(client && { client }),
|
|
269
|
+
}
|
|
270
|
+
}
|
|
271
|
+
|
|
272
|
+
const isSameCertificate = (cert1: X509Certificate, cert2: X509Certificate): boolean => {
|
|
273
|
+
return cert1.rawData.toString() === cert2.rawData.toString()
|
|
274
|
+
}
|
|
275
|
+
|
|
276
|
+
const algorithmProvider: AlgorithmProvider = container.resolve(AlgorithmProvider)
|
|
277
|
+
export const getX509AlgorithmProvider = (): AlgorithmProvider => {
|
|
278
|
+
return algorithmProvider
|
|
279
|
+
}
|
|
280
|
+
|
|
281
|
+
export type ParsedCertificate = {
|
|
282
|
+
publicKeyInfo: SubjectPublicKeyInfo
|
|
283
|
+
publicKeyJwk: JWK
|
|
284
|
+
publicKeyRaw: Uint8Array
|
|
285
|
+
publicKeyAlgorithm: Algorithm
|
|
286
|
+
certificateInfo: CertificateInfo
|
|
287
|
+
certificate: Certificate
|
|
288
|
+
x509Certificate: X509Certificate
|
|
289
|
+
}
|
|
290
|
+
|
|
291
|
+
export const parseCertificate = async (rawCert: string | Uint8Array): Promise<ParsedCertificate> => {
|
|
292
|
+
const x509Certificate = new X509Certificate(rawCert)
|
|
293
|
+
const publicKeyInfo = AsnParser.parse(x509Certificate.publicKey.rawData, SubjectPublicKeyInfo)
|
|
294
|
+
const publicKeyRaw = new Uint8Array(publicKeyInfo.subjectPublicKey)
|
|
295
|
+
const publicKeyJwk: JWK = (await getCertificateSubjectPublicKeyJWK(new Uint8Array(x509Certificate.rawData))) as JWK
|
|
296
|
+
const certificate = pemOrDerToX509Certificate(rawCert)
|
|
297
|
+
const certificateInfo = await getCertificateInfo(certificate)
|
|
298
|
+
const publicKeyAlgorithm = getX509AlgorithmProvider().toWebAlgorithm(publicKeyInfo.algorithm)
|
|
299
|
+
return {
|
|
300
|
+
publicKeyAlgorithm,
|
|
301
|
+
publicKeyInfo,
|
|
302
|
+
publicKeyJwk,
|
|
303
|
+
publicKeyRaw,
|
|
304
|
+
certificateInfo,
|
|
305
|
+
certificate,
|
|
306
|
+
x509Certificate,
|
|
307
|
+
}
|
|
308
|
+
}
|
|
309
|
+
|
|
103
310
|
/**
|
|
104
311
|
*
|
|
105
312
|
* @param pemOrDerChain The order must be that the Certs signing another cert must come one after another. So first the signing cert, then any cert signing that cert and so on
|
|
@@ -107,7 +314,7 @@ export type X509CertificateChainValidationOpts = {
|
|
|
107
314
|
* @param verificationTime
|
|
108
315
|
* @param opts
|
|
109
316
|
*/
|
|
110
|
-
export const
|
|
317
|
+
export const validateX509CertificateChainOrg = async ({
|
|
111
318
|
chain: pemOrDerChain,
|
|
112
319
|
trustAnchors,
|
|
113
320
|
verificationTime = new Date(),
|