@super-protocol/sdk-js 3.12.1-beta.2 → 3.13.0-beta.0

package/dist/mjs/certificates/generator.js

@@ -0,0 +1,230 @@
+import assert from 'assert';
+import { randomUUID } from 'crypto';
+import forge from 'node-forge';
+import { X509CertificateGenerator, BasicConstraintsExtension, ExtendedKeyUsageExtension, Extension, SubjectAlternativeNameExtension, ExtendedKeyUsage, KeyUsageFlags, KeyUsagesExtension, Pkcs10CertificateRequestGenerator, Pkcs10CertificateRequest, X509Certificate, } from '@peculiar/x509';
+import { cryptoProvider } from './setup-crypto.js';
+import { CryptoKeysTransformer } from '../utils/CryptoKeysTransformer.js';
+import { isIpAddress } from '../utils/helper.js';
+const MAX_X509_SERIAL = BigInt('0x' + 'F'.repeat(40));
+const principalAttributeMap = {
+    commonName: 'CN',
+    country: 'C',
+    localityName: 'L',
+    stateName: 'ST',
+    organization: 'O',
+    organizationalUnit: 'OU',
+};
+const notAllowedCertificateCustomExtensions = [...Object.values(forge.pki.oids)];
+export class CertificateGenerator {
+    /**
+     * Generates certificate based on the provided parameters.
+     * @param params - Parameters for generating the certificate.
+     * @returns The generated certificate in PEM format.
+     */
+    static async generateCert(params) {
+        const ca = Boolean(params.ca);
+        const { publicKey, privateKey } = await CertificateGenerator.getCryptoKeys(params);
+        const signingAlgorithm = publicKey.algorithm;
+        const extensions = [new BasicConstraintsExtension(ca, undefined, true)];
+        const extendedKeyUsageItems = [];
+        if (signingAlgorithm.namedCurve !== 'K-256' && params.dnsNames?.length) {
+            const generalNames = params.dnsNames.map((dnsName) => ({
+                type: (isIpAddress(dnsName) ? 'ip' : 'dns'),
+                value: dnsName,
+            }));
+            extensions.push(new SubjectAlternativeNameExtension(generalNames));
+            extendedKeyUsageItems.push(...[ExtendedKeyUsage.serverAuth, ExtendedKeyUsage.clientAuth]);
+        }
+        if (params.ocspSigning) {
+            extendedKeyUsageItems.push(ExtendedKeyUsage.ocspSigning);
+        }
+        if (extendedKeyUsageItems.length) {
+            extensions.push(new ExtendedKeyUsageExtension(extendedKeyUsageItems, false));
+        }
+        let keyUsageFlags = KeyUsageFlags.digitalSignature | KeyUsageFlags.keyEncipherment;
+        if (params.ca) {
+            keyUsageFlags |= KeyUsageFlags.keyCertSign;
+        }
+        extensions.push(new KeyUsagesExtension(keyUsageFlags, true));
+        if (params.customExtensions?.length) {
+            const filteredExtensions = params.customExtensions.filter((ext) => !notAllowedCertificateCustomExtensions.includes(ext.oid));
+            for (const customExtension of filteredExtensions) {
+                if (!customExtension.oid || !customExtension.value) {
+                    throw new Error('Custom extension OID and value are required');
+                }
+                extensions.push(new Extension(customExtension.oid, false, customExtension.value));
+            }
+        }
+        const createCertificateParams = {
+            serialNumber: CertificateGenerator.generateSerialNumber(),
+            issuer: CertificateGenerator.getPrincipalInfo(params.issuer),
+            subject: CertificateGenerator.getPrincipalInfo(params.subject),
+            notBefore: new Date(),
+            notAfter: params.notAfter,
+            publicKey,
+            signingKey: privateKey,
+            signingAlgorithm,
+            extensions,
+        };
+        const cert = await X509CertificateGenerator.create(createCertificateParams);
+        return cert.toString('pem');
+    }
+    /**
+     * Generates a pair of cryptographic keys based on the specified signature algorithm.
+     * @param signatureAlgorithm - The algorithm to use for key generation.
+     * @returns A promise that resolves to a CryptoKeyPair containing the public and private keys.
+     */
+    static generateKeys(signatureAlgorithm) {
+        const algorithm = CertificateGenerator.getAlgorithm(signatureAlgorithm);
+        return cryptoProvider.subtle.generateKey(algorithm, true, ['sign', 'verify']);
+    }
+    /**
+     * Generates a Certificate Signing Request (CSR) based on the provided parameters.
+     * @param params - Parameters for generating the CSR.
+     * @returns The generated CSR in PEM format.
+     */
+    static async generateCsr(params) {
+        const keys = await CertificateGenerator.getCryptoKeys(params);
+        const signingAlgorithm = keys.publicKey.algorithm;
+        signingAlgorithm.hash = { name: 'SHA-256' };
+        const extensions = [];
+        if (signingAlgorithm.namedCurve !== 'K-256' && params.dnsNames?.length) {
+            const generalNames = params.dnsNames.map((dnsName) => ({
+                type: (isIpAddress(dnsName) ? 'ip' : 'dns'),
+                value: dnsName,
+            }));
+            extensions.push(new SubjectAlternativeNameExtension(generalNames));
+        }
+        if (params.customExtensions?.length) {
+            for (const customExtension of params.customExtensions) {
+                if (!customExtension.oid || !customExtension.value) {
+                    throw new Error(`Some custom extension missed OID or value`);
+                }
+                extensions.push(new Extension(customExtension.oid, false, customExtension.value));
+            }
+        }
+        const createCsrParams = {
+            name: CertificateGenerator.getPrincipalInfo(params.subject),
+            keys,
+            signingAlgorithm,
+            extensions,
+        };
+        const csr = await Pkcs10CertificateRequestGenerator.create(createCsrParams);
+        return csr.toString('pem');
+    }
+    /**
+     * Checks and parses a certificate in PEM format.
+     * @param certPem - The certificate in PEM format.
+     * @returns An object containing the parsed certificate details.
+     */
+    static async checkAndParseCert(certPem) {
+        const cert = new X509Certificate(certPem);
+        if (cert.issuer === cert.subject) {
+            const isValid = await cert.verify();
+            if (!isValid) {
+                throw new Error('Self-signed certificate signature verification failed');
+            }
+        }
+        const publicKey = await cryptoProvider.subtle.importKey('spki', cert.publicKey.rawData, Object.assign(cert.signatureAlgorithm, cert.publicKey.algorithm), true, ['verify']);
+        return {
+            serialNumber: cert.serialNumber,
+            publicKey,
+            subject: cert.subject,
+            issuer: cert.issuer,
+            notBefore: cert.notBefore,
+            notAfter: cert.notAfter,
+            dnsNames: CertificateGenerator.extractDnsNamesFromExtensions(cert.extensions),
+            extensions: cert.extensions
+                .filter((ext) => ext.type !== forge.pki.oids['subjectAltName'])
+                .map((ext) => ({
+                oid: ext.type,
+                value: Buffer.from(ext.value),
+            })),
+        };
+    }
+    /**
+     * Checks and parses a Certificate Signing Request (CSR) in PEM format.
+     * @param csrPem - The CSR in PEM format.
+     * @returns An object containing the parsed CSR details.
+     */
+    static async checkAndParseCsr(csrPem) {
+        const csr = new Pkcs10CertificateRequest(csrPem);
+        const isValid = await csr.verify();
+        if (!isValid) {
+            throw new Error('CSR signature verification failed');
+        }
+        const publicKey = await cryptoProvider.subtle.importKey('spki', csr.publicKey.rawData, Object.assign(csr.signatureAlgorithm, csr.publicKey.algorithm), true, ['verify']);
+        const parsedCsr = {
+            subject: csr.subject,
+            publicKey,
+            dnsNames: CertificateGenerator.extractDnsNamesFromExtensions(csr.extensions),
+            extensions: csr.extensions
+                .filter((ext) => ext.type !== forge.pki.oids['subjectAltName'])
+                .map((ext) => ({
+                oid: ext.type,
+                value: Buffer.from(ext.value),
+            })),
+        };
+        return parsedCsr;
+    }
+    static async getCryptoKeys({ privateKey, publicKey }) {
+        const [pubKey, privKey] = await Promise.all([
+            typeof publicKey === 'string'
+                ? CryptoKeysTransformer.spkiPemToCryptoKey(publicKey)
+                : publicKey,
+            typeof privateKey === 'string'
+                ? CryptoKeysTransformer.pkcs8PemToCryptoKey(privateKey)
+                : privateKey,
+        ]);
+        assert.deepEqual(pubKey.algorithm, privKey.algorithm, 'Both keys must have same algorithm defined');
+        return { publicKey: pubKey, privateKey: privKey };
+    }
+    static generateSerialNumber() {
+        const uuid = randomUUID().replace(/-/g, '');
+        const serial = BigInt('0x' + uuid) % MAX_X509_SERIAL;
+        return serial.toString();
+    }
+    static getPrincipalInfo(principal) {
+        if (typeof principal === 'string') {
+            return principal;
+        }
+        if (!principal.commonName) {
+            throw new Error('Common name is required');
+        }
+        return Object.entries(principal)
+            .map(([key, value]) => `${principalAttributeMap[key] || key}=${value}`)
+            .join(',');
+    }
+    static getAlgorithm(signatureAlgorithm) {
+        switch (signatureAlgorithm) {
+            case 'RSASSA-PKCS1-SHA256':
+                return {
+                    name: 'RSASSA-PKCS1-v1_5',
+                    hash: 'SHA-256',
+                    publicExponent: new Uint8Array([1, 0, 1]), // 65537
+                    modulusLength: 2048,
+                };
+            case 'ECDSA-P-256-SHA256':
+                return {
+                    name: 'ECDSA',
+                    namedCurve: 'P-256',
+                };
+            case 'ECDSA-secp256k1-SHA256':
+                return {
+                    name: 'ECDSA',
+                    namedCurve: 'K-256',
+                };
+            default:
+                throw new Error(`Unsupported signature algorithm: ${signatureAlgorithm}`);
+        }
+    }
+    static extractDnsNamesFromExtensions(extensions) {
+        const subjectAltNameExt = extensions.find((ext) => ext.type === forge.pki.oids['subjectAltName']);
+        if (!subjectAltNameExt) {
+            return;
+        }
+        const dnsNames = subjectAltNameExt.names.items.map((item) => item.value);
+        return dnsNames;
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ2VuZXJhdG9yLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2NlcnRpZmljYXRlcy9nZW5lcmF0b3IudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxNQUFNLE1BQU0sUUFBUSxDQUFDO0FBQzVCLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxRQUFRLENBQUM7QUFDcEMsT0FBTyxLQUFLLE1BQU0sWUFBWSxDQUFDO0FBQy9CLE9BQU8sRUFFTCx3QkFBd0IsRUFDeEIseUJBQXlCLEVBQ3pCLHlCQUF5QixFQUN6QixTQUFTLEVBQ1QsK0JBQStCLEVBRy9CLGdCQUFnQixFQUNoQixhQUFhLEVBQ2Isa0JBQWtCLEVBQ2xCLGlDQUFpQyxFQUVqQyx3QkFBd0IsRUFDeEIsZUFBZSxHQUNoQixNQUFNLGdCQUFnQixDQUFDO0FBV3hCLE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSxtQkFBbUIsQ0FBQztBQUNuRCxPQUFPLEVBQUUscUJBQXFCLEVBQUUsTUFBTSxtQ0FBbUMsQ0FBQztBQUMxRSxPQUFPLEVBQUUsV0FBVyxFQUFFLE1BQU0sb0JBQW9CLENBQUM7QUFFakQsTUFBTSxlQUFlLEdBQUcsTUFBTSxDQUFDLElBQUksR0FBRyxHQUFHLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUM7QUFFdEQsTUFBTSxxQkFBcUIsR0FBMkI7SUFDcEQsVUFBVSxFQUFFLElBQUk7SUFDaEIsT0FBTyxFQUFFLEdBQUc7SUFDWixZQUFZLEVBQUUsR0FBRztJQUNqQixTQUFTLEVBQUUsSUFBSTtJQUNmLFlBQVksRUFBRSxHQUFHO0lBQ2pCLGtCQUFrQixFQUFFLElBQUk7Q0FDekIsQ0FBQztBQUVGLE1BQU0scUNBQXFDLEdBQUcsQ0FBQyxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO0FBRWpGLE1BQU0sT0FBTyxvQkFBb0I7SUFDL0I7Ozs7T0FJRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsWUFBWSxDQUFDLE1BQTBCO1FBQ2xELE1BQU0sRUFBRSxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLENBQUM7UUFFOUIsTUFBTSxFQUFFLFNBQVMsRUFBRSxVQUFVLEVBQUUsR0FBRyxNQUFNLG9CQUFvQixDQUFDLGFBQWEsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNuRixNQUFNLGdCQUFnQixHQUFHLFNBQVMsQ0FBQyxTQUF5QixDQUFDO1FBRTdELE1BQU0sVUFBVSxHQUFnQixDQUFDLElBQUkseUJBQXlCLENBQUMsRUFBRSxFQUFFLFNBQVMsRUFBRSxJQUFJLENBQUMsQ0FBQyxDQUFDO1FBRXJGLE1BQU0scUJBQXFCLEdBQXVCLEVBQUUsQ0FBQztRQUVyRCxJQUFJLGdCQUFnQixDQUFDLFVBQVUsS0FBSyxPQUFPLElBQUksTUFBTSxDQUFDLFFBQVEsRUFBRSxNQUFNLEVBQUUsQ0FBQztZQUN2RSxNQUFNLFlBQVksR0FBcUIsTUFBTSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLENBQUM7Z0JBQ3ZFLElBQUksRUFBRSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQW9CO2dCQUM5RCxLQUFLLEVBQUUsT0FBTzthQUNmLENBQUMsQ0FBQyxDQUFDO1lBQ0osVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLCtCQUErQixDQUFDLFlBQVksQ0FBQyxDQUFDLENBQUM7WUFFbkUscUJBQXFCLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxnQkFBZ0IsQ0FBQyxVQUFVLEVBQUUsZ0JBQWdCLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQztRQUM1RixDQUFDO1FBRUQsSUFBSSxNQUFNLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDdkIscUJBQXFCLENBQUMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQzNELENBQUM7UUFFRCxJQUFJLHFCQUFxQixDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2pDLFVBQVUsQ0FBQyxJQUFJLENBQUMsSUFBSSx5QkFBeUIsQ0FBQyxxQkFBcUIsRUFBRSxLQUFLLENBQUMsQ0FBQyxDQUFDO1FBQy9FLENBQUM7UUFFRCxJQUFJLGFBQWEsR0FBRyxhQUFhLENBQUMsZ0JBQWdCLEdBQUcsYUFBYSxDQUFDLGVBQWUsQ0FBQztRQUNuRixJQUFJLE1BQU0sQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNkLGFBQWEsSUFBSSxhQUFhLENBQUMsV0FBVyxDQUFDO1FBQzdDLENBQUM7UUFDRCxVQUFVLENBQUMsSUFBSSxDQUFDLElBQUksa0JBQWtCLENBQUMsYUFBYSxFQUFFLElBQUksQ0FBQyxDQUFDLENBQUM7UUFFN0QsSUFBSSxNQUFNLENBQUMsZ0JBQWdCLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDcEMsTUFBTSxrQkFBa0IsR0FBRyxNQUFNLENBQUMsZ0JBQWdCLENBQUMsTUFBTSxDQUN2RCxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsQ0FBQyxxQ0FBcUMsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxDQUNsRSxDQUFDO1lBQ0YsS0FBSyxNQUFNLGVBQWUsSUFBSSxrQkFBa0IsRUFBRSxDQUFDO2dCQUNqRCxJQUFJLENBQUMsZUFBZSxDQUFDLEdBQUcsSUFBSSxDQUFDLGVBQWUsQ0FBQyxLQUFLLEVBQUUsQ0FBQztvQkFDbkQsTUFBTSxJQUFJLEtBQUssQ0FBQyw2Q0FBNkMsQ0FBQyxDQUFDO2dCQUNqRSxDQUFDO2dCQUNELFVBQVUsQ0FBQyxJQUFJLENBQUMsSUFBSSxTQUFTLENBQUMsZUFBZSxDQUFDLEdBQUcsRUFBRSxLQUFLLEVBQUUsZUFBZSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7WUFDcEYsQ0FBQztRQUNILENBQUM7UUFFRCxNQUFNLHVCQUF1QixHQUFnQztZQUMzRCxZQUFZLEVBQUUsb0JBQW9CLENBQUMsb0JBQW9CLEVBQUU7WUFDekQsTUFBTSxFQUFFLG9CQUFvQixDQUFDLGdCQUFnQixDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUM7WUFDNUQsT0FBTyxFQUFFLG9CQUFvQixDQUFDLGdCQUFnQixDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUM7WUFDOUQsU0FBUyxFQUFFLElBQUksSUFBSSxFQUFFO1lBQ3JCLFFBQVEsRUFBRSxNQUFNLENBQUMsUUFBUTtZQUN6QixTQUFTO1lBQ1QsVUFBVSxFQUFFLFVBQVU7WUFDdEIsZ0JBQWdCO1lBQ2hCLFVBQVU7U0FDWCxDQUFDO1FBRUYsTUFBTSxJQUFJLEdBQUcsTUFBTSx3QkFBd0IsQ0FBQyxNQUFNLENBQUMsdUJBQXVCLENBQUMsQ0FBQztRQUU1RSxPQUFPLElBQUksQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUM7SUFDOUIsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxNQUFNLENBQUMsWUFBWSxDQUFDLGtCQUFzQztRQUN4RCxNQUFNLFNBQVMsR0FBRyxvQkFBb0IsQ0FBQyxZQUFZLENBQUMsa0JBQWtCLENBQUMsQ0FBQztRQUN4RSxPQUFPLGNBQWMsQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLFNBQVMsRUFBRSxJQUFJLEVBQUUsQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLENBQUMsQ0FBQztJQUNoRixDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLE1BQXlCO1FBQ2hELE1BQU0sSUFBSSxHQUFHLE1BQU0sb0JBQW9CLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQzlELE1BQU0sZ0JBQWdCLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxTQUF5QixDQUFDO1FBQ2xFLGdCQUFnQixDQUFDLElBQUksR0FBRyxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsQ0FBQztRQUU1QyxNQUFNLFVBQVUsR0FBZ0IsRUFBRSxDQUFDO1FBRW5DLElBQUksZ0JBQWdCLENBQUMsVUFBVSxLQUFLLE9BQU8sSUFBSSxNQUFNLENBQUMsUUFBUSxFQUFFLE1BQU0sRUFBRSxDQUFDO1lBQ3ZFLE1BQU0sWUFBWSxHQUFxQixNQUFNLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsQ0FBQztnQkFDdkUsSUFBSSxFQUFFLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBb0I7Z0JBQzlELEtBQUssRUFBRSxPQUFPO2FBQ2YsQ0FBQyxDQUFDLENBQUM7WUFDSixVQUFVLENBQUMsSUFBSSxDQUFDLElBQUksK0JBQStCLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQztRQUNyRSxDQUFDO1FBRUQsSUFBSSxNQUFNLENBQUMsZ0JBQWdCLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDcEMsS0FBSyxNQUFNLGVBQWUsSUFBSSxNQUFNLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztnQkFDdEQsSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLElBQUksQ0FBQyxlQUFlLENBQUMsS0FBSyxFQUFFLENBQUM7b0JBQ25ELE1BQU0sSUFBSSxLQUFLLENBQUMsMkNBQTJDLENBQUMsQ0FBQztnQkFDL0QsQ0FBQztnQkFDRCxVQUFVLENBQUMsSUFBSSxDQUFDLElBQUksU0FBUyxDQUFDLGVBQWUsQ0FBQyxHQUFHLEVBQUUsS0FBSyxFQUFFLGVBQWUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDO1lBQ3BGLENBQUM7UUFDSCxDQUFDO1FBRUQsTUFBTSxlQUFlLEdBQXlDO1lBQzVELElBQUksRUFBRSxvQkFBb0IsQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDO1lBQzNELElBQUk7WUFDSixnQkFBZ0I7WUFDaEIsVUFBVTtTQUNYLENBQUM7UUFFRixNQUFNLEdBQUcsR0FBRyxNQUFNLGlDQUFpQyxDQUFDLE1BQU0sQ0FBQyxlQUFlLENBQUMsQ0FBQztRQUU1RSxPQUFPLEdBQUcsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUM7SUFDN0IsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLGlCQUFpQixDQUFDLE9BQWU7UUFDNUMsTUFBTSxJQUFJLEdBQUcsSUFBSSxlQUFlLENBQUMsT0FBTyxDQUFDLENBQUM7UUFFMUMsSUFBSSxJQUFJLENBQUMsTUFBTSxLQUFLLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNqQyxNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNwQyxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7Z0JBQ2IsTUFBTSxJQUFJLEtBQUssQ0FBQyx1REFBdUQsQ0FBQyxDQUFDO1lBQzNFLENBQUM7UUFDSCxDQUFDO1FBRUQsTUFBTSxTQUFTLEdBQUcsTUFBTSxjQUFjLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FDckQsTUFBTSxFQUNOLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxFQUN0QixNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxFQUNoRSxJQUFJLEVBQ0osQ0FBQyxRQUFRLENBQUMsQ0FDWCxDQUFDO1FBRUYsT0FBTztZQUNMLFlBQVksRUFBRSxJQUFJLENBQUMsWUFBWTtZQUMvQixTQUFTO1lBQ1QsT0FBTyxFQUFFLElBQUksQ0FBQyxPQUFPO1lBQ3JCLE1BQU0sRUFBRSxJQUFJLENBQUMsTUFBTTtZQUNuQixTQUFTLEVBQUUsSUFBSSxDQUFDLFNBQVM7WUFDekIsUUFBUSxFQUFFLElBQUksQ0FBQyxRQUFRO1lBQ3ZCLFFBQVEsRUFBRSxvQkFBb0IsQ0FBQyw2QkFBNkIsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDO1lBQzdFLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTtpQkFDeEIsTUFBTSxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsSUFBSSxLQUFLLEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLENBQUM7aUJBQzlELEdBQUcsQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsQ0FBQztnQkFDYixHQUFHLEVBQUUsR0FBRyxDQUFDLElBQUk7Z0JBQ2IsS0FBSyxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQzthQUM5QixDQUFDLENBQUM7U0FDTixDQUFDO0lBQ0osQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLGdCQUFnQixDQUFDLE1BQWM7UUFDMUMsTUFBTSxHQUFHLEdBQUcsSUFBSSx3QkFBd0IsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUVqRCxNQUFNLE9BQU8sR0FBRyxNQUFNLEdBQUcsQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUNuQyxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDYixNQUFNLElBQUksS0FBSyxDQUFDLG1DQUFtQyxDQUFDLENBQUM7UUFDdkQsQ0FBQztRQUVELE1BQU0sU0FBUyxHQUFHLE1BQU0sY0FBYyxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQ3JELE1BQU0sRUFDTixHQUFHLENBQUMsU0FBUyxDQUFDLE9BQU8sRUFDckIsTUFBTSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsa0JBQWtCLEVBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsRUFDOUQsSUFBSSxFQUNKLENBQUMsUUFBUSxDQUFDLENBQ1gsQ0FBQztRQUVGLE1BQU0sU0FBUyxHQUFjO1lBQzNCLE9BQU8sRUFBRSxHQUFHLENBQUMsT0FBTztZQUNwQixTQUFTO1lBQ1QsUUFBUSxFQUFFLG9CQUFvQixDQUFDLDZCQUE2QixDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQUM7WUFDNUUsVUFBVSxFQUFFLEdBQUcsQ0FBQyxVQUFVO2lCQUN2QixNQUFNLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEtBQUssS0FBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztpQkFDOUQsR0FBRyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxDQUFDO2dCQUNiLEdBQUcsRUFBRSxHQUFHLENBQUMsSUFBSTtnQkFDYixLQUFLLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDO2FBQzlCLENBQUMsQ0FBQztTQUNOLENBQUM7UUFFRixPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0lBRU8sTUFBTSxDQUFDLEtBQUssQ0FBQyxhQUFhLENBQUMsRUFBRSxVQUFVLEVBQUUsU0FBUyxFQUFtQjtRQUkzRSxNQUFNLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxHQUFHLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQztZQUMxQyxPQUFPLFNBQVMsS0FBSyxRQUFRO2dCQUMzQixDQUFDLENBQUMscUJBQXFCLENBQUMsa0JBQWtCLENBQUMsU0FBUyxDQUFDO2dCQUNyRCxDQUFDLENBQUMsU0FBUztZQUNiLE9BQU8sVUFBVSxLQUFLLFFBQVE7Z0JBQzVCLENBQUMsQ0FBQyxxQkFBcUIsQ0FBQyxtQkFBbUIsQ0FBQyxVQUFVLENBQUM7Z0JBQ3ZELENBQUMsQ0FBQyxVQUFVO1NBQ2YsQ0FBQyxDQUFDO1FBRUgsTUFBTSxDQUFDLFNBQVMsQ0FDZCxNQUFNLENBQUMsU0FBUyxFQUNoQixPQUFPLENBQUMsU0FBUyxFQUNqQiw0Q0FBNEMsQ0FDN0MsQ0FBQztRQUVGLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxFQUFFLFVBQVUsRUFBRSxPQUFPLEVBQUUsQ0FBQztJQUNwRCxDQUFDO0lBRU8sTUFBTSxDQUFDLG9CQUFvQjtRQUNqQyxNQUFNLElBQUksR0FBRyxVQUFVLEVBQUUsQ0FBQyxPQUFPLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQzVDLE1BQU0sTUFBTSxHQUFHLE1BQU0sQ0FBQyxJQUFJLEdBQUcsSUFBSSxDQUFDLEdBQUcsZUFBZSxDQUFDO1FBQ3JELE9BQU8sTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDO0lBQzNCLENBQUM7SUFFTyxNQUFNLENBQUMsZ0JBQWdCLENBQUMsU0FBd0M7UUFDdEUsSUFBSSxPQUFPLFNBQVMsS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUNsQyxPQUFPLFNBQVMsQ0FBQztRQUNuQixDQUFDO1FBRUQsSUFBSSxDQUFDLFNBQVMsQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUMxQixNQUFNLElBQUksS0FBSyxDQUFDLHlCQUF5QixDQUFDLENBQUM7UUFDN0MsQ0FBQztRQUVELE9BQU8sTUFBTSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUM7YUFDN0IsR0FBRyxDQUFDLENBQUMsQ0FBQyxHQUFHLEVBQUUsS0FBSyxDQUFDLEVBQUUsRUFBRSxDQUFDLEdBQUcscUJBQXFCLENBQUMsR0FBRyxDQUFDLElBQUksR0FBRyxJQUFJLEtBQUssRUFBRSxDQUFDO2FBQ3RFLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNmLENBQUM7SUFFTyxNQUFNLENBQUMsWUFBWSxDQUFDLGtCQUEwQjtRQUNwRCxRQUFRLGtCQUFrQixFQUFFLENBQUM7WUFDM0IsS0FBSyxxQkFBcUI7Z0JBQ3hCLE9BQU87b0JBQ0wsSUFBSSxFQUFFLG1CQUFtQjtvQkFDekIsSUFBSSxFQUFFLFNBQVM7b0JBQ2YsY0FBYyxFQUFFLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxFQUFFLFFBQVE7b0JBQ25ELGFBQWEsRUFBRSxJQUFJO2lCQUNwQixDQUFDO1lBQ0osS0FBSyxvQkFBb0I7Z0JBQ3ZCLE9BQU87b0JBQ0wsSUFBSSxFQUFFLE9BQU87b0JBQ2IsVUFBVSxFQUFFLE9BQU87aUJBQ3BCLENBQUM7WUFDSixLQUFLLHdCQUF3QjtnQkFDM0IsT0FBTztvQkFDTCxJQUFJLEVBQUUsT0FBTztvQkFDYixVQUFVLEVBQUUsT0FBTztpQkFDcEIsQ0FBQztZQUNKO2dCQUNFLE1BQU0sSUFBSSxLQUFLLENBQUMsb0NBQW9DLGtCQUFrQixFQUFFLENBQUMsQ0FBQztRQUM5RSxDQUFDO0lBQ0gsQ0FBQztJQUVPLE1BQU0sQ0FBQyw2QkFBNkIsQ0FBQyxVQUF1QjtRQUNsRSxNQUFNLGlCQUFpQixHQUFHLFVBQVUsQ0FBQyxJQUFJLENBQ3ZDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsSUFBSSxLQUFLLEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLENBQ1IsQ0FBQztRQUNqRCxJQUFJLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztZQUN2QixPQUFPO1FBQ1QsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLGlCQUFpQixDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDekUsT0FBTyxRQUFRLENBQUM7SUFDbEIsQ0FBQztDQUNGIn0=

package/dist/mjs/certificates/helper.d.ts

@@ -1,9 +1,10 @@
 /// <reference types="node" />
 import * as pkijs from 'pkijs';
-import { ValidateCertChainResult } from './types.js';
+import { AlgorithmObj, ValidateCertChainResult } from './types.js';
+import './setup-crypto.js';
 export declare class CertificatesHelper {
     private static downloadedCertificateCache;
-    static derToPem(data: ArrayBuffer): string;
+    static derToPem(data: ArrayBuffer, type?: string): string;
     static pemToDer(certPem: string): Uint8Array;
     static splitPemCerts(certs: string): string[];
     static getDomain(certPem: string): string | undefined;
@@ -16,6 +17,8 @@ export declare class CertificatesHelper {
     static derChainToPem(certsDer: Uint8Array[]): string;
     static downloadCertWithCache(url: string): Promise<Buffer>;
     static sortCertsFromLeafToRoot(certsPem: string | string[]): pkijs.Certificate[];
+    static getCertPublicKeyAlgorithm(certPem: string): AlgorithmObj;
+    static getCsrPublicKeyAlgorithm(csrPem: string): AlgorithmObj;
     static validateCertChain(certsPem: string | string[], caPem: string | string[], options?: {
         offline?: boolean;
     }): Promise<ValidateCertChainResult>;

package/dist/mjs/certificates/helper.js

@@ -2,29 +2,20 @@ import _ from 'lodash';
 import axios from 'axios';
 import forge from 'node-forge';
 import * as pkijs from 'pkijs';
+import { Pkcs10CertificateRequest, X509Certificate } from '@peculiar/x509';
 import { createMemoryCache } from '../utils/cache/memory.js';
 import { OCSPHelper } from './ocsp.js';
 import { CRLHelper } from './crl.js';
-import { webcrypto } from 'crypto';
-//pkijs initCryptoEngine method doesn't work properly in nodejs
-//https://github.com/PeculiarVentures/PKI.js/blob/91c596be220c5010b38415a68bd100942dfd321e/src/CryptoEngine/CryptoEngineInit.ts#L4
-try {
-    pkijs.getEngine();
-}
-catch (err) {
-    if (err.message === `Please call 'setEngine' before call to 'getEngine'`) {
-        pkijs.setEngine('Node', new pkijs.CryptoEngine({ name: 'Node', crypto: webcrypto }));
-    }
-}
+import './setup-crypto.js';
 export class CertificatesHelper {
     static downloadedCertificateCache = createMemoryCache();
-    static derToPem(data) {
+    static derToPem(data, type = 'CERTIFICATE') {
         return forge.pem.encode({
             contentDomain: null,
             dekInfo: null,
             headers: [],
             procType: null,
-            type: 'CERTIFICATE',
+            type,
             body: Buffer.from(data).toString('binary'),
         });
     }
@@ -61,7 +52,10 @@ export class CertificatesHelper {
         return certs.map((certPem) => CertificatesHelper.pemToDer(certPem));
     }
     static derChainToPem(certsDer) {
-        return certsDer.map(CertificatesHelper.derToPem).join('').trim();
+        return certsDer
+            .map((cert) => CertificatesHelper.derToPem(cert))
+            .join('')
+            .trim();
     }
     static async downloadCertWithCache(url) {
         const responseData = await CertificatesHelper.downloadedCertificateCache.wrap(url, async () => {
@@ -92,6 +86,16 @@ export class CertificatesHelper {
         const chains = leafs.map(buildChain).sort((one, two) => two.length - one.length);
         return chains.flat();
     }
+    static getCertPublicKeyAlgorithm(certPem) {
+        const cert = new X509Certificate(certPem);
+        const publicKey = cert.publicKey;
+        return publicKey.algorithm;
+    }
+    static getCsrPublicKeyAlgorithm(csrPem) {
+        const csr = new Pkcs10CertificateRequest(csrPem);
+        const publicKey = csr.publicKey;
+        return publicKey.algorithm;
+    }
     static async validateCertChain(certsPem, caPem, options = {}) {
         const { offline } = options;
         // reverse() is needed because pkijs expects certificates to be ordered from root to leaf
@@ -144,4 +148,4 @@ export class CertificatesHelper {
         return certsArray.map((certPem) => pkijs.Certificate.fromBER(CertificatesHelper.pemToDer(certPem)));
     }
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGVscGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2NlcnRpZmljYXRlcy9oZWxwZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxDQUFDLE1BQU0sUUFBUSxDQUFDO0FBQ3ZCLE9BQU8sS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUMxQixPQUFPLEtBQUssTUFBTSxZQUFZLENBQUM7QUFDL0IsT0FBTyxLQUFLLEtBQUssTUFBTSxPQUFPLENBQUM7QUFDL0IsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFFN0QsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLFdBQVcsQ0FBQztBQUN2QyxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sVUFBVSxDQUFDO0FBQ3JDLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxRQUFRLENBQUM7QUFFbkMsK0RBQStEO0FBQy9ELGtJQUFrSTtBQUNsSSxJQUFJLENBQUM7SUFDSCxLQUFLLENBQUMsU0FBUyxFQUFFLENBQUM7QUFDcEIsQ0FBQztBQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7SUFDYixJQUFLLEdBQWEsQ0FBQyxPQUFPLEtBQUssb0RBQW9ELEVBQUUsQ0FBQztRQUNwRixLQUFLLENBQUMsU0FBUyxDQUFDLE1BQU0sRUFBRSxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUMsRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxTQUFnQixFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQzlGLENBQUM7QUFDSCxDQUFDO0FBRUQsTUFBTSxPQUFPLGtCQUFrQjtJQUNyQixNQUFNLENBQUMsMEJBQTBCLEdBQUcsaUJBQWlCLEVBQUUsQ0FBQztJQUVoRSxNQUFNLENBQUMsUUFBUSxDQUFDLElBQWlCO1FBQy9CLE9BQU8sS0FBSyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUM7WUFDdEIsYUFBYSxFQUFFLElBQUk7WUFDbkIsT0FBTyxFQUFFLElBQUk7WUFDYixPQUFPLEVBQUUsRUFBRTtZQUNYLFFBQVEsRUFBRSxJQUFJO1lBQ2QsSUFBSSxFQUFFLGFBQWE7WUFDbkIsSUFBSSxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQztTQUMzQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsTUFBTSxDQUFDLFFBQVEsQ0FBQyxPQUFlO1FBQzdCLE9BQU8sTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQyxLQUFLLEVBQUUsRUFBRSxRQUFRLENBQUMsQ0FBQztJQUNwRSxDQUFDO0lBRUQsTUFBTSxDQUFDLGFBQWEsQ0FBQyxLQUFhO1FBQ2hDLE1BQU0sUUFBUSxHQUFHLGlFQUFpRSxDQUFDO1FBQ25GLE9BQU8sS0FBSyxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7SUFDckMsQ0FBQztJQUVELE1BQU0sQ0FBQyxTQUFTLENBQUMsT0FBZTtRQUM5QixNQUFNLElBQUksR0FBRyxLQUFLLENBQUMsR0FBRyxDQUFDLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ25ELE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUMsU0FBUyxFQUFFLEVBQUUsQ0FBQyxTQUFTLENBQUMsSUFBSSxLQUFLLFlBQVksQ0FBQztZQUNqRixFQUFFLEtBQWUsQ0FBQztJQUN0QixDQUFDO0lBRUQsTUFBTSxDQUFDLGlCQUFpQixDQUFDLFNBQXFDLEVBQUUsR0FBVztRQUN6RSxNQUFNLElBQUksR0FDUixPQUFPLFNBQVMsS0FBSyxRQUFRO1lBQzNCLENBQUMsQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDbkUsQ0FBQyxDQUFDLFNBQVMsQ0FBQztRQUNoQixNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsVUFBVSxFQUFFLElBQUksQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLE1BQU0sS0FBSyxHQUFHLENBQUMsQ0FBQztRQUNyRSxPQUFPLFNBQVMsSUFBSSxNQUFNLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUM7SUFDMUUsQ0FBQztJQUVELE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxRQUFnQjtRQUN4QyxNQUFNLEtBQUssR0FBRyxrQkFBa0IsQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDdEQsTUFBTSxVQUFVLEdBQUcsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7UUFFcEYsTUFBTSxVQUFVLEdBQUcsQ0FBQyxLQUEwQixFQUFVLEVBQUUsQ0FDeEQsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsa0JBQWtCLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBRXZGLE9BQU87WUFDTCxLQUFLLEVBQUUsVUFBVSxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNoQyxFQUFFLEVBQUUsVUFBVSxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztTQUM5QixDQUFDO0lBQ0osQ0FBQztJQUVELE1BQU0sQ0FBQyxhQUFhLENBQUMsUUFBZ0I7UUFDbkMsTUFBTSxLQUFLLEdBQUcsa0JBQWtCLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBRXpELE9BQU8sS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsa0JBQWtCLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7SUFDdEUsQ0FBQztJQUVELE1BQU0sQ0FBQyxhQUFhLENBQUMsUUFBc0I7UUFDekMsT0FBTyxRQUFRLENBQUMsR0FBRyxDQUFDLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQztJQUNuRSxDQUFDO0lBRUQsTUFBTSxDQUFDLEtBQUssQ0FBQyxxQkFBcUIsQ0FBQyxHQUFXO1FBQzVDLE1BQU0sWUFBWSxHQUFHLE1BQU0sa0JBQWtCLENBQUMsMEJBQTBCLENBQUMsSUFBSSxDQUMzRSxHQUFHLEVBQ0gsS0FBSyxJQUFJLEVBQUU7WUFDVCxNQUFNLFFBQVEsR0FBRyxNQUFNLEtBQUssQ0FBQyxHQUFHLEVBQUU7Z0JBQ2hDLFlBQVksRUFBRSxhQUFhO2FBQzVCLENBQUMsQ0FBQztZQUNILE9BQU8sUUFBUSxFQUFFLElBQUksQ0FBQztRQUN4QixDQUFDLEVBQ0Q7WUFDRSxHQUFHLEVBQUUsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLEVBQUUsT0FBTztTQUM1QixDQUNGLENBQUM7UUFFRixPQUFPLFlBQVksQ0FBQztJQUN0QixDQUFDO0lBRUQsTUFBTSxDQUFDLHVCQUF1QixDQUFDLFFBQTJCO1FBQ3hELE1BQU0sUUFBUSxHQUFHLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUV6RCxNQUFNLEtBQUssR0FBRyxRQUFRLENBQUMsTUFBTSxDQUMzQixDQUFDLFdBQVcsRUFBRSxFQUFFLENBQ2QsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUMsZ0JBQWdCLEVBQUUsRUFBRSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLGdCQUFnQixDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQzdGLENBQUM7UUFFRixNQUFNLFVBQVUsR0FBRyxDQUFDLElBQXVCLEVBQXVCLEVBQUU7WUFDbEUsTUFBTSxLQUFLLEdBQUcsQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUNyQixJQUFJLFdBQVcsR0FBa0MsSUFBSSxDQUFDO1lBRXRELEdBQUcsQ0FBQztnQkFDRixXQUFXLEdBQUcsUUFBUSxDQUFDLElBQUksQ0FDekIsQ0FBQyxlQUFlLEVBQUUsRUFBRSxDQUNsQixXQUFXLEVBQUUsTUFBTSxDQUFDLE9BQU8sQ0FBQyxlQUFlLENBQUMsT0FBTyxDQUFDO29CQUNwRCxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsQ0FDbkQsQ0FBQztnQkFFRixJQUFJLFdBQVcsRUFBRSxDQUFDO29CQUNoQixLQUFLLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO2dCQUMxQixDQUFDO1lBQ0gsQ0FBQyxRQUFRLFdBQVcsRUFBRTtZQUV0QixPQUFPLEtBQUssQ0FBQztRQUNmLENBQUMsQ0FBQztRQUVGLE1BQU0sTUFBTSxHQUFHLEtBQUssQ0FBQyxHQUFHLENBQUMsVUFBVSxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLE1BQU0sR0FBRyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDakYsT0FBTyxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUM7SUFDdkIsQ0FBQztJQUVELE1BQU0sQ0FBQyxLQUFLLENBQUMsaUJBQWlCLENBQzVCLFFBQTJCLEVBQzNCLEtBQXdCLEVBQ3hCLFVBQWlDLEVBQUU7UUFFbkMsTUFBTSxFQUFFLE9BQU8sRUFBRSxHQUFHLE9BQU8sQ0FBQztRQUU1Qix5RkFBeUY7UUFDekYsTUFBTSxXQUFXLEdBQUcsa0JBQWtCLENBQUMsdUJBQXVCLENBQUMsUUFBUSxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUM7UUFFbkYsTUFBTSxFQUFFLEdBQUcsa0JBQWtCLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRWhELElBQUksQ0FBQztZQUNILE1BQU0sSUFBSSxHQUFHLE9BQU8sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxNQUFNLFNBQVMsQ0FBQyxlQUFlLENBQUMsV0FBVyxDQUFDLENBQUM7WUFDekUsTUFBTSxpQkFBaUIsR0FBRyxPQUFPO2dCQUMvQixDQUFDLENBQUMsRUFBRTtnQkFDSixDQUFDLENBQUMsTUFBTSxVQUFVLENBQUMsd0JBQXdCLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBRS9ELE1BQU0sV0FBVyxHQUFHLElBQUksS0FBSyxDQUFDLGdDQUFnQyxDQUFDO2dCQUM3RCxLQUFLLEVBQUUsV0FBVztnQkFDbEIsWUFBWSxFQUFFLEVBQUU7Z0JBQ2hCLEtBQUssRUFBRSxpQkFBaUI7Z0JBQ3hCLElBQUk7YUFDTCxDQUFDLENBQUM7WUFFSCxNQUFNLFlBQVksR0FBRyxNQUFNLFdBQVcsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNoRCxJQUFJLENBQUMsWUFBWSxDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUN6QixPQUFPO29CQUNMLE9BQU8sRUFBRSxLQUFLO29CQUNkLFlBQVksRUFBRSxZQUFZLENBQUMsYUFBYTtpQkFDekMsQ0FBQztZQUNKLENBQUM7WUFFRDs7Ozs7Ozs7ZUFRRztZQUNILE1BQU0sa0JBQWtCLEdBQUcsV0FBVyxDQUFDLEtBQUssQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQ3BELFlBQVksQ0FBQyxlQUFlLEVBQUUsSUFBSSxDQUFDLENBQUMsWUFBWSxFQUFFLEVBQUUsQ0FDbEQsWUFBWSxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUNyRCxDQUNGLENBQUM7WUFDRixJQUFJLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztnQkFDeEIsTUFBTSxJQUFJLEtBQUssQ0FBQyw2Q0FBNkMsQ0FBQyxDQUFDO1lBQ2pFLENBQUM7WUFFRCxPQUFPO2dCQUNMLE9BQU8sRUFBRSxJQUFJO2FBQ2QsQ0FBQztRQUNKLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ2IsT0FBTztnQkFDTCxPQUFPLEVBQUUsS0FBSztnQkFDZCxZQUFZLEVBQUcsR0FBYSxDQUFDLE9BQU87YUFDckMsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0lBRU8sTUFBTSxDQUFDLFVBQVUsQ0FBQyxLQUF3QjtRQUNoRCxNQUFNLFVBQVUsR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLGtCQUFrQixDQUFDLGFBQWEsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUMxRixPQUFPLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUNoQyxLQUFLLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FDaEUsQ0FBQztJQUNKLENBQUMifQ==
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGVscGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2NlcnRpZmljYXRlcy9oZWxwZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxDQUFDLE1BQU0sUUFBUSxDQUFDO0FBQ3ZCLE9BQU8sS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUMxQixPQUFPLEtBQUssTUFBTSxZQUFZLENBQUM7QUFDL0IsT0FBTyxLQUFLLEtBQUssTUFBTSxPQUFPLENBQUM7QUFDL0IsT0FBTyxFQUFFLHdCQUF3QixFQUFFLGVBQWUsRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBQzNFLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBRTdELE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxXQUFXLENBQUM7QUFDdkMsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLFVBQVUsQ0FBQztBQUNyQyxPQUFPLG1CQUFtQixDQUFDO0FBRTNCLE1BQU0sT0FBTyxrQkFBa0I7SUFDckIsTUFBTSxDQUFDLDBCQUEwQixHQUFHLGlCQUFpQixFQUFFLENBQUM7SUFFaEUsTUFBTSxDQUFDLFFBQVEsQ0FBQyxJQUFpQixFQUFFLE9BQWUsYUFBYTtRQUM3RCxPQUFPLEtBQUssQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDO1lBQ3RCLGFBQWEsRUFBRSxJQUFJO1lBQ25CLE9BQU8sRUFBRSxJQUFJO1lBQ2IsT0FBTyxFQUFFLEVBQUU7WUFDWCxRQUFRLEVBQUUsSUFBSTtZQUNkLElBQUk7WUFDSixJQUFJLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDO1NBQzNDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxNQUFNLENBQUMsUUFBUSxDQUFDLE9BQWU7UUFDN0IsT0FBTyxNQUFNLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDLEtBQUssRUFBRSxFQUFFLFFBQVEsQ0FBQyxDQUFDO0lBQ3BFLENBQUM7SUFFRCxNQUFNLENBQUMsYUFBYSxDQUFDLEtBQWE7UUFDaEMsTUFBTSxRQUFRLEdBQUcsaUVBQWlFLENBQUM7UUFDbkYsT0FBTyxLQUFLLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxJQUFJLEVBQUUsQ0FBQztJQUNyQyxDQUFDO0lBRUQsTUFBTSxDQUFDLFNBQVMsQ0FBQyxPQUFlO1FBQzlCLE1BQU0sSUFBSSxHQUFHLEtBQUssQ0FBQyxHQUFHLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDbkQsT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxTQUFTLEVBQUUsRUFBRSxDQUFDLFNBQVMsQ0FBQyxJQUFJLEtBQUssWUFBWSxDQUFDO1lBQ2pGLEVBQUUsS0FBZSxDQUFDO0lBQ3RCLENBQUM7SUFFRCxNQUFNLENBQUMsaUJBQWlCLENBQUMsU0FBcUMsRUFBRSxHQUFXO1FBQ3pFLE1BQU0sSUFBSSxHQUNSLE9BQU8sU0FBUyxLQUFLLFFBQVE7WUFDM0IsQ0FBQyxDQUFDLEtBQUssQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUNuRSxDQUFDLENBQUMsU0FBUyxDQUFDO1FBQ2hCLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsTUFBTSxLQUFLLEdBQUcsQ0FBQyxDQUFDO1FBQ3JFLE9BQU8sU0FBUyxJQUFJLE1BQU0sQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxVQUFVLENBQUMsS0FBSyxFQUFFLENBQUMsQ0FBQztJQUMxRSxDQUFDO0lBRUQsTUFBTSxDQUFDLGtCQUFrQixDQUFDLFFBQWdCO1FBQ3hDLE1BQU0sS0FBSyxHQUFHLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN0RCxNQUFNLFVBQVUsR0FBRyxDQUFDLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztRQUVwRixNQUFNLFVBQVUsR0FBRyxDQUFDLEtBQTBCLEVBQVUsRUFBRSxDQUN4RCxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFdkYsT0FBTztZQUNMLEtBQUssRUFBRSxVQUFVLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ2hDLEVBQUUsRUFBRSxVQUFVLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDO1NBQzlCLENBQUM7SUFDSixDQUFDO0lBRUQsTUFBTSxDQUFDLGFBQWEsQ0FBQyxRQUFnQjtRQUNuQyxNQUFNLEtBQUssR0FBRyxrQkFBa0IsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLENBQUM7UUFFekQsT0FBTyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztJQUN0RSxDQUFDO0lBRUQsTUFBTSxDQUFDLGFBQWEsQ0FBQyxRQUFzQjtRQUN6QyxPQUFPLFFBQVE7YUFDWixHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQzthQUNoRCxJQUFJLENBQUMsRUFBRSxDQUFDO2FBQ1IsSUFBSSxFQUFFLENBQUM7SUFDWixDQUFDO0lBRUQsTUFBTSxDQUFDLEtBQUssQ0FBQyxxQkFBcUIsQ0FBQyxHQUFXO1FBQzVDLE1BQU0sWUFBWSxHQUFHLE1BQU0sa0JBQWtCLENBQUMsMEJBQTBCLENBQUMsSUFBSSxDQUMzRSxHQUFHLEVBQ0gsS0FBSyxJQUFJLEVBQUU7WUFDVCxNQUFNLFFBQVEsR0FBRyxNQUFNLEtBQUssQ0FBQyxHQUFHLEVBQUU7Z0JBQ2hDLFlBQVksRUFBRSxhQUFhO2FBQzVCLENBQUMsQ0FBQztZQUNILE9BQU8sUUFBUSxFQUFFLElBQUksQ0FBQztRQUN4QixDQUFDLEVBQ0Q7WUFDRSxHQUFHLEVBQUUsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLEVBQUUsT0FBTztTQUM1QixDQUNGLENBQUM7UUFFRixPQUFPLFlBQVksQ0FBQztJQUN0QixDQUFDO0lBRUQsTUFBTSxDQUFDLHVCQUF1QixDQUFDLFFBQTJCO1FBQ3hELE1BQU0sUUFBUSxHQUFHLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUV6RCxNQUFNLEtBQUssR0FBRyxRQUFRLENBQUMsTUFBTSxDQUMzQixDQUFDLFdBQVcsRUFBRSxFQUFFLENBQ2QsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUMsZ0JBQWdCLEVBQUUsRUFBRSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLGdCQUFnQixDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQzdGLENBQUM7UUFFRixNQUFNLFVBQVUsR0FBRyxDQUFDLElBQXVCLEVBQXVCLEVBQUU7WUFDbEUsTUFBTSxLQUFLLEdBQUcsQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUNyQixJQUFJLFdBQVcsR0FBa0MsSUFBSSxDQUFDO1lBRXRELEdBQUcsQ0FBQztnQkFDRixXQUFXLEdBQUcsUUFBUSxDQUFDLElBQUksQ0FDekIsQ0FBQyxlQUFlLEVBQUUsRUFBRSxDQUNsQixXQUFXLEVBQUUsTUFBTSxDQUFDLE9BQU8sQ0FBQyxlQUFlLENBQUMsT0FBTyxDQUFDO29CQUNwRCxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsQ0FDbkQsQ0FBQztnQkFFRixJQUFJLFdBQVcsRUFBRSxDQUFDO29CQUNoQixLQUFLLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO2dCQUMxQixDQUFDO1lBQ0gsQ0FBQyxRQUFRLFdBQVcsRUFBRTtZQUV0QixPQUFPLEtBQUssQ0FBQztRQUNmLENBQUMsQ0FBQztRQUVGLE1BQU0sTUFBTSxHQUFHLEtBQUssQ0FBQyxHQUFHLENBQUMsVUFBVSxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLE1BQU0sR0FBRyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDakYsT0FBTyxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUM7SUFDdkIsQ0FBQztJQUVELE1BQU0sQ0FBQyx5QkFBeUIsQ0FBQyxPQUFlO1FBQzlDLE1BQU0sSUFBSSxHQUFHLElBQUksZUFBZSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzFDLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUM7UUFDakMsT0FBTyxTQUFTLENBQUMsU0FBeUIsQ0FBQztJQUM3QyxDQUFDO0lBRUQsTUFBTSxDQUFDLHdCQUF3QixDQUFDLE1BQWM7UUFDNUMsTUFBTSxHQUFHLEdBQUcsSUFBSSx3QkFBd0IsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNqRCxNQUFNLFNBQVMsR0FBRyxHQUFHLENBQUMsU0FBUyxDQUFDO1FBQ2hDLE9BQU8sU0FBUyxDQUFDLFNBQXlCLENBQUM7SUFDN0MsQ0FBQztJQUVELE1BQU0sQ0FBQyxLQUFLLENBQUMsaUJBQWlCLENBQzVCLFFBQTJCLEVBQzNCLEtBQXdCLEVBQ3hCLFVBQWlDLEVBQUU7UUFFbkMsTUFBTSxFQUFFLE9BQU8sRUFBRSxHQUFHLE9BQU8sQ0FBQztRQUU1Qix5RkFBeUY7UUFDekYsTUFBTSxXQUFXLEdBQUcsa0JBQWtCLENBQUMsdUJBQXVCLENBQUMsUUFBUSxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUM7UUFFbkYsTUFBTSxFQUFFLEdBQUcsa0JBQWtCLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRWhELElBQUksQ0FBQztZQUNILE1BQU0sSUFBSSxHQUFHLE9BQU8sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxNQUFNLFNBQVMsQ0FBQyxlQUFlLENBQUMsV0FBVyxDQUFDLENBQUM7WUFDekUsTUFBTSxpQkFBaUIsR0FBRyxPQUFPO2dCQUMvQixDQUFDLENBQUMsRUFBRTtnQkFDSixDQUFDLENBQUMsTUFBTSxVQUFVLENBQUMsd0JBQXdCLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBRS9ELE1BQU0sV0FBVyxHQUFHLElBQUksS0FBSyxDQUFDLGdDQUFnQyxDQUFDO2dCQUM3RCxLQUFLLEVBQUUsV0FBVztnQkFDbEIsWUFBWSxFQUFFLEVBQUU7Z0JBQ2hCLEtBQUssRUFBRSxpQkFBaUI7Z0JBQ3hCLElBQUk7YUFDTCxDQUFDLENBQUM7WUFFSCxNQUFNLFlBQVksR0FBRyxNQUFNLFdBQVcsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNoRCxJQUFJLENBQUMsWUFBWSxDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUN6QixPQUFPO29CQUNMLE9BQU8sRUFBRSxLQUFLO29CQUNkLFlBQVksRUFBRSxZQUFZLENBQUMsYUFBYTtpQkFDekMsQ0FBQztZQUNKLENBQUM7WUFFRDs7Ozs7Ozs7ZUFRRztZQUNILE1BQU0sa0JBQWtCLEdBQUcsV0FBVyxDQUFDLEtBQUssQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQ3BELFlBQVksQ0FBQyxlQUFlLEVBQUUsSUFBSSxDQUFDLENBQUMsWUFBWSxFQUFFLEVBQUUsQ0FDbEQsWUFBWSxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUNyRCxDQUNGLENBQUM7WUFDRixJQUFJLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztnQkFDeEIsTUFBTSxJQUFJLEtBQUssQ0FBQyw2Q0FBNkMsQ0FBQyxDQUFDO1lBQ2pFLENBQUM7WUFFRCxPQUFPO2dCQUNMLE9BQU8sRUFBRSxJQUFJO2FBQ2QsQ0FBQztRQUNKLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ2IsT0FBTztnQkFDTCxPQUFPLEVBQUUsS0FBSztnQkFDZCxZQUFZLEVBQUcsR0FBYSxDQUFDLE9BQU87YUFDckMsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0lBRU8sTUFBTSxDQUFDLFVBQVUsQ0FBQyxLQUF3QjtRQUNoRCxNQUFNLFVBQVUsR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLGtCQUFrQixDQUFDLGFBQWEsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUMxRixPQUFPLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUNoQyxLQUFLLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FDaEUsQ0FBQztJQUNKLENBQUMifQ==

package/dist/mjs/certificates/index.d.ts

@@ -1,3 +1,4 @@
 export * from './helper.js';
 export * from './types.js';
 export * from './serializer.js';
+export * from './generator.js';

package/dist/mjs/certificates/index.js

@@ -1,4 +1,5 @@
 export * from './helper.js';
 export * from './types.js';
 export * from './serializer.js';
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvY2VydGlmaWNhdGVzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLGNBQWMsYUFBYSxDQUFDO0FBQzVCLGNBQWMsWUFBWSxDQUFDO0FBQzNCLGNBQWMsaUJBQWlCLENBQUMifQ==
+export * from './generator.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvY2VydGlmaWNhdGVzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLGNBQWMsYUFBYSxDQUFDO0FBQzVCLGNBQWMsWUFBWSxDQUFDO0FBQzNCLGNBQWMsaUJBQWlCLENBQUM7QUFDaEMsY0FBYyxnQkFBZ0IsQ0FBQyJ9

package/dist/mjs/certificates/serializer.d.ts

@@ -1,5 +1,10 @@
+import { BlockchainCert } from './types.js';
+export declare const BLOCKCHAIN_CERT_TBS_PARTS: string[];
 export declare class CertificateSerializer {
     static serializeCertChain(certChainPem: string): string;
     static deserializeCertChain(input: string): string;
     static isSerializedCertChain(certChainBase64: string): boolean;
+    static serializeForBlockchain(certPem: string): BlockchainCert;
+    static deserializeFromBlockchain(data: BlockchainCert): string;
+    private static getPart;
 }

package/dist/mjs/certificates/serializer.js

@@ -1,6 +1,20 @@
+import forge from 'node-forge';
+import _ from 'lodash';
+import { CertificateBinarySplitter, CertificateNonOidParts } from './binary-splitter.js';
 import { CertificatesHelper } from './helper.js';
+import { OID_CUSTOM_EXTENSION_USER_DATA } from '../constants.js';
+import { OID_CUSTOM_EXTENSION_CHALLENGE_COMMON_ID, OID_CUSTOM_EXTENSION_CHALLENGE_ID, } from '@super-protocol/pki-common';
 const CERTS_CHAIN_DELIMITER = ';';
 const CERTS_SERIALIZATION_PREFIX = 'certs:';
+export const BLOCKCHAIN_CERT_TBS_PARTS = [
+    'serialNumber',
+    'expirationDate',
+    'publicKey',
+    'ca',
+    'userData',
+    'mrEnclave',
+    'mrSigner',
+];
 export class CertificateSerializer {
     static serializeCertChain(certChainPem) {
         const certsDer = CertificatesHelper.pemChainToDer(certChainPem);
@@ -19,5 +33,84 @@ export class CertificateSerializer {
     static isSerializedCertChain(certChainBase64) {
         return certChainBase64.startsWith(CERTS_SERIALIZATION_PREFIX);
     }
+    static serializeForBlockchain(certPem) {
+        const certAlgorithm = CertificatesHelper.getCertPublicKeyAlgorithm(certPem);
+        if (certAlgorithm.name !== 'ECDSA' || certAlgorithm.namedCurve !== 'K-256') {
+            throw new Error(`Unsupported certificate algorithm: ${certAlgorithm.name}${certAlgorithm.namedCurve ? `with curve ${certAlgorithm.namedCurve}` : ''}. Only ECDSA with secp256k1 curve is supported.`);
+        }
+        const certDer = CertificatesHelper.pemToDer(certPem);
+        const parts = new CertificateBinarySplitter(certDer).split([
+            CertificateNonOidParts.SERIAL_NUMBER,
+            CertificateNonOidParts.SIGNATURE,
+            CertificateNonOidParts.NOT_AFTER,
+            CertificateNonOidParts.SUBJECT_PUBLIC_KEY_INFO,
+        ], [
+            forge.pki.oids['basicConstraints'],
+            OID_CUSTOM_EXTENSION_USER_DATA,
+            OID_CUSTOM_EXTENSION_CHALLENGE_ID,
+            OID_CUSTOM_EXTENSION_CHALLENGE_COMMON_ID,
+        ]);
+        const [nonSerializedParts, serializedParts] = _.partition(parts, (part) => part instanceof Uint8Array);
+        const expirationDate = CertificateSerializer.getPart(serializedParts, 'notAfter');
+        const serial = CertificateSerializer.getPart(serializedParts, 'serialNumber');
+        const publicKey = CertificateSerializer.getPart(serializedParts, 'publicKey');
+        const ca = CertificateSerializer.getPart(serializedParts, forge.pki.oids['basicConstraints']);
+        const userData = CertificateSerializer.getPart(serializedParts, OID_CUSTOM_EXTENSION_USER_DATA, false);
+        const mrEnclave = CertificateSerializer.getPart(serializedParts, OID_CUSTOM_EXTENSION_CHALLENGE_ID, false);
+        const mrSigner = CertificateSerializer.getPart(serializedParts, OID_CUSTOM_EXTENSION_CHALLENGE_COMMON_ID, false);
+        const signature = CertificateSerializer.getPart(serializedParts, 'signature');
+        if (serializedParts.length !== 0) {
+            throw new Error(`Unexpected serialized parts found in certificate: ${serializedParts.map((part) => part.name || part.oid).join(', ')}`);
+        }
+        return {
+            nonSerializedParts,
+            expirationDate: expirationDate.value,
+            ca: ca.value,
+            userData: userData?.value,
+            serialNumber: serial.value,
+            signature: signature.value,
+            publicKey: publicKey.value,
+            mrEnclave: mrEnclave?.value,
+            mrSigner: mrSigner?.value,
+        };
+    }
+    static deserializeFromBlockchain(data) {
+        const bufferParts = [];
+        bufferParts.push(Buffer.from(data.nonSerializedParts[0]));
+        bufferParts.push(Buffer.from(data.nonSerializedParts[1]));
+        let partIndex = 2;
+        for (const field of BLOCKCHAIN_CERT_TBS_PARTS) {
+            const value = data[field];
+            if (value) {
+                bufferParts.push(Buffer.from(value));
+                if (partIndex < data.nonSerializedParts.length) {
+                    bufferParts.push(Buffer.from(data.nonSerializedParts[partIndex++]));
+                }
+            }
+        }
+        // adding signature part
+        // if no custom extensions, it is needed to add additional block with keyUsage extension
+        // if custom extension present - keyUsage extension will be a part of block before this custom extension
+        // 3 - because asn1 bytes between r and s values are 2 or 3 bytes long (2 for positive value, 3 for negative value)
+        if (data.nonSerializedParts[partIndex]?.byteLength > 3) {
+            bufferParts.push(Buffer.from(data.nonSerializedParts[partIndex++]));
+        }
+        const rValue = data.signature.slice(0, 32);
+        bufferParts.push(Buffer.from(rValue));
+        if (partIndex < data.nonSerializedParts.length) {
+            bufferParts.push(Buffer.from(data.nonSerializedParts[partIndex++]));
+        }
+        const sValue = data.signature.slice(32, 64);
+        bufferParts.push(Buffer.from(sValue));
+        const certDer = Buffer.concat(bufferParts);
+        return CertificatesHelper.derToPem(certDer);
+    }
+    static getPart(parts, nameOrOid, mandatory = true) {
+        const part = _.remove(parts, (part) => part.name === nameOrOid || part.oid === nameOrOid)[0];
+        if (!part && mandatory) {
+            throw new Error(`Part with name or OID "${nameOrOid}" not found in certificate`);
+        }
+        return part;
+    }
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VyaWFsaXplci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvc2VyaWFsaXplci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFFakQsTUFBTSxxQkFBcUIsR0FBRyxHQUFHLENBQUM7QUFDbEMsTUFBTSwwQkFBMEIsR0FBRyxRQUFRLENBQUM7QUFFNUMsTUFBTSxPQUFPLHFCQUFxQjtJQUNoQyxNQUFNLENBQUMsa0JBQWtCLENBQUMsWUFBb0I7UUFDNUMsTUFBTSxRQUFRLEdBQUcsa0JBQWtCLENBQUMsYUFBYSxDQUFDLFlBQVksQ0FBQyxDQUFDO1FBRWhFLE9BQU8sR0FBRywwQkFBMEIsR0FBRyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxxQkFBcUIsQ0FBQyxFQUFFLENBQUM7SUFDcEksQ0FBQztJQUVELE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxLQUFhO1FBQ3ZDLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLDBCQUEwQixDQUFDLEVBQUUsQ0FBQztZQUNsRCxNQUFNLElBQUksS0FBSyxDQUFDLG1CQUFtQiwwQkFBMEIsWUFBWSxDQUFDLENBQUM7UUFDN0UsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLEtBQUs7YUFDbkIsS0FBSyxDQUFDLDBCQUEwQixDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ3JDLEVBQUUsS0FBSyxDQUFDLHFCQUFxQixDQUFDO1lBQzlCLEVBQUUsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxRQUFRLENBQUMsQ0FBQyxDQUFDO1FBQy9DLE9BQU8sa0JBQWtCLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRCxNQUFNLENBQUMscUJBQXFCLENBQUMsZUFBdUI7UUFDbEQsT0FBTyxlQUFlLENBQUMsVUFBVSxDQUFDLDBCQUEwQixDQUFDLENBQUM7SUFDaEUsQ0FBQztDQUNGIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VyaWFsaXplci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvc2VyaWFsaXplci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssTUFBTSxZQUFZLENBQUM7QUFDL0IsT0FBTyxDQUFDLE1BQU0sUUFBUSxDQUFDO0FBQ3ZCLE9BQU8sRUFBRSx5QkFBeUIsRUFBRSxzQkFBc0IsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ3pGLE9BQU8sRUFBRSxrQkFBa0IsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUNqRCxPQUFPLEVBQUUsOEJBQThCLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQztBQUNqRSxPQUFPLEVBQ0wsd0NBQXdDLEVBQ3hDLGlDQUFpQyxHQUNsQyxNQUFNLDRCQUE0QixDQUFDO0FBR3BDLE1BQU0scUJBQXFCLEdBQUcsR0FBRyxDQUFDO0FBQ2xDLE1BQU0sMEJBQTBCLEdBQUcsUUFBUSxDQUFDO0FBRTVDLE1BQU0sQ0FBQyxNQUFNLHlCQUF5QixHQUFHO0lBQ3ZDLGNBQWM7SUFDZCxnQkFBZ0I7SUFDaEIsV0FBVztJQUNYLElBQUk7SUFDSixVQUFVO0lBQ1YsV0FBVztJQUNYLFVBQVU7Q0FDWCxDQUFDO0FBRUYsTUFBTSxPQUFPLHFCQUFxQjtJQUNoQyxNQUFNLENBQUMsa0JBQWtCLENBQUMsWUFBb0I7UUFDNUMsTUFBTSxRQUFRLEdBQUcsa0JBQWtCLENBQUMsYUFBYSxDQUFDLFlBQVksQ0FBQyxDQUFDO1FBRWhFLE9BQU8sR0FBRywwQkFBMEIsR0FBRyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxxQkFBcUIsQ0FBQyxFQUFFLENBQUM7SUFDcEksQ0FBQztJQUVELE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxLQUFhO1FBQ3ZDLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLDBCQUEwQixDQUFDLEVBQUUsQ0FBQztZQUNsRCxNQUFNLElBQUksS0FBSyxDQUFDLG1CQUFtQiwwQkFBMEIsWUFBWSxDQUFDLENBQUM7UUFDN0UsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLEtBQUs7YUFDbkIsS0FBSyxDQUFDLDBCQUEwQixDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ3JDLEVBQUUsS0FBSyxDQUFDLHFCQUFxQixDQUFDO1lBQzlCLEVBQUUsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxRQUFRLENBQUMsQ0FBQyxDQUFDO1FBQy9DLE9BQU8sa0JBQWtCLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRCxNQUFNLENBQUMscUJBQXFCLENBQUMsZUFBdUI7UUFDbEQsT0FBTyxlQUFlLENBQUMsVUFBVSxDQUFDLDBCQUEwQixDQUFDLENBQUM7SUFDaEUsQ0FBQztJQUVELE1BQU0sQ0FBQyxzQkFBc0IsQ0FBQyxPQUFlO1FBQzNDLE1BQU0sYUFBYSxHQUFHLGtCQUFrQixDQUFDLHlCQUF5QixDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzVFLElBQUksYUFBYSxDQUFDLElBQUksS0FBSyxPQUFPLElBQUksYUFBYSxDQUFDLFVBQVUsS0FBSyxPQUFPLEVBQUUsQ0FBQztZQUMzRSxNQUFNLElBQUksS0FBSyxDQUNiLHNDQUFzQyxhQUFhLENBQUMsSUFBSSxHQUFHLGFBQWEsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLGNBQWMsYUFBYSxDQUFDLFVBQVUsRUFBRSxDQUFDLENBQUMsQ0FBQyxFQUFFLGlEQUFpRCxDQUNyTCxDQUFDO1FBQ0osQ0FBQztRQUVELE1BQU0sT0FBTyxHQUFHLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUVyRCxNQUFNLEtBQUssR0FBRyxJQUFJLHlCQUF5QixDQUFDLE9BQU8sQ0FBQyxDQUFDLEtBQUssQ0FDeEQ7WUFDRSxzQkFBc0IsQ0FBQyxhQUFhO1lBQ3BDLHNCQUFzQixDQUFDLFNBQVM7WUFDaEMsc0JBQXNCLENBQUMsU0FBUztZQUNoQyxzQkFBc0IsQ0FBQyx1QkFBdUI7U0FDL0MsRUFDRDtZQUNFLEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDO1lBQ2xDLDhCQUE4QjtZQUM5QixpQ0FBaUM7WUFDakMsd0NBQXdDO1NBQ3pDLENBQ0YsQ0FBQztRQUVGLE1BQU0sQ0FBQyxrQkFBa0IsRUFBRSxlQUFlLENBQUMsR0FBRyxDQUFDLENBQUMsU0FBUyxDQUN2RCxLQUFLLEVBQ0wsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksWUFBWSxVQUFVLENBQ0QsQ0FBQztRQUV0QyxNQUFNLGNBQWMsR0FBRyxxQkFBcUIsQ0FBQyxPQUFPLENBQUMsZUFBZSxFQUFFLFVBQVUsQ0FBQyxDQUFDO1FBQ2xGLE1BQU0sTUFBTSxHQUFHLHFCQUFxQixDQUFDLE9BQU8sQ0FBQyxlQUFlLEVBQUUsY0FBYyxDQUFDLENBQUM7UUFDOUUsTUFBTSxTQUFTLEdBQUcscUJBQXFCLENBQUMsT0FBTyxDQUFDLGVBQWUsRUFBRSxXQUFXLENBQUMsQ0FBQztRQUM5RSxNQUFNLEVBQUUsR0FBRyxxQkFBcUIsQ0FBQyxPQUFPLENBQUMsZUFBZSxFQUFFLEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLENBQUMsQ0FBQztRQUM5RixNQUFNLFFBQVEsR0FBRyxxQkFBcUIsQ0FBQyxPQUFPLENBQzVDLGVBQWUsRUFDZiw4QkFBOEIsRUFDOUIsS0FBSyxDQUNOLENBQUM7UUFDRixNQUFNLFNBQVMsR0FBRyxxQkFBcUIsQ0FBQyxPQUFPLENBQzdDLGVBQWUsRUFDZixpQ0FBaUMsRUFDakMsS0FBSyxDQUNOLENBQUM7UUFDRixNQUFNLFFBQVEsR0FBRyxxQkFBcUIsQ0FBQyxPQUFPLENBQzVDLGVBQWUsRUFDZix3Q0FBd0MsRUFDeEMsS0FBSyxDQUNOLENBQUM7UUFDRixNQUFNLFNBQVMsR0FBRyxxQkFBcUIsQ0FBQyxPQUFPLENBQUMsZUFBZSxFQUFFLFdBQVcsQ0FBQyxDQUFDO1FBRTlFLElBQUksZUFBZSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUNqQyxNQUFNLElBQUksS0FBSyxDQUNiLHFEQUFxRCxlQUFlLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsSUFBSSxJQUFJLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FDdkgsQ0FBQztRQUNKLENBQUM7UUFFRCxPQUFPO1lBQ0wsa0JBQWtCO1lBQ2xCLGNBQWMsRUFBRSxjQUFjLENBQUMsS0FBSztZQUNwQyxFQUFFLEVBQUUsRUFBRSxDQUFDLEtBQUs7WUFDWixRQUFRLEVBQUUsUUFBUSxFQUFFLEtBQUs7WUFDekIsWUFBWSxFQUFFLE1BQU0sQ0FBQyxLQUFLO1lBQzFCLFNBQVMsRUFBRSxTQUFTLENBQUMsS0FBSztZQUMxQixTQUFTLEVBQUUsU0FBUyxDQUFDLEtBQUs7WUFDMUIsU0FBUyxFQUFFLFNBQVMsRUFBRSxLQUFLO1lBQzNCLFFBQVEsRUFBRSxRQUFRLEVBQUUsS0FBSztTQUMxQixDQUFDO0lBQ0osQ0FBQztJQUVELE1BQU0sQ0FBQyx5QkFBeUIsQ0FBQyxJQUFvQjtRQUNuRCxNQUFNLFdBQVcsR0FBYSxFQUFFLENBQUM7UUFFakMsV0FBVyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDMUQsV0FBVyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFFMUQsSUFBSSxTQUFTLEdBQUcsQ0FBQyxDQUFDO1FBRWxCLEtBQUssTUFBTSxLQUFLLElBQUkseUJBQXlCLEVBQUUsQ0FBQztZQUM5QyxNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsS0FBNkIsQ0FBQyxDQUFDO1lBQ2xELElBQUksS0FBSyxFQUFFLENBQUM7Z0JBQ1YsV0FBVyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEtBQW1CLENBQUMsQ0FBQyxDQUFDO2dCQUNuRCxJQUFJLFNBQVMsR0FBRyxJQUFJLENBQUMsa0JBQWtCLENBQUMsTUFBTSxFQUFFLENBQUM7b0JBQy9DLFdBQVcsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUM7Z0JBQ3RFLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELHdCQUF3QjtRQUN4Qix3RkFBd0Y7UUFDeEYsd0dBQXdHO1FBQ3hHLG1IQUFtSDtRQUNuSCxJQUFJLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxTQUFTLENBQUMsRUFBRSxVQUFVLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDdkQsV0FBVyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxTQUFTLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUN0RSxDQUFDO1FBRUQsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQzNDLFdBQVcsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFvQixDQUFDLENBQUMsQ0FBQztRQUNwRCxJQUFJLFNBQVMsR0FBRyxJQUFJLENBQUMsa0JBQWtCLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDL0MsV0FBVyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxTQUFTLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUN0RSxDQUFDO1FBQ0QsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQzVDLFdBQVcsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFvQixDQUFDLENBQUMsQ0FBQztRQUVwRCxNQUFNLE9BQU8sR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQzNDLE9BQU8sa0JBQWtCLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQzlDLENBQUM7SUFFTyxNQUFNLENBQUMsT0FBTyxDQUNwQixLQUF1QixFQUN2QixTQUFpQixFQUNqQixTQUFTLEdBQUcsSUFBSTtRQUVoQixNQUFNLElBQUksR0FBRyxDQUFDLENBQUMsTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLElBQUksS0FBSyxTQUFTLElBQUksSUFBSSxDQUFDLEdBQUcsS0FBSyxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUM3RixJQUFJLENBQUMsSUFBSSxJQUFJLFNBQVMsRUFBRSxDQUFDO1lBQ3ZCLE1BQU0sSUFBSSxLQUFLLENBQUMsMEJBQTBCLFNBQVMsNEJBQTRCLENBQUMsQ0FBQztRQUNuRixDQUFDO1FBRUQsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0NBQ0YifQ==

package/dist/mjs/certificates/setup-crypto.d.ts

@@ -0,0 +1,3 @@
+import webcrypto from '@peculiar/webcrypto';
+declare const cryptoProvider: webcrypto.Crypto;
+export { cryptoProvider };

package/dist/mjs/certificates/setup-crypto.js

@@ -0,0 +1,22 @@
+import * as x509 from '@peculiar/x509';
+import webcrypto from '@peculiar/webcrypto';
+import * as pkijs from 'pkijs';
+const cryptoProvider = new webcrypto.Crypto();
+x509.cryptoProvider.set(cryptoProvider);
+pkijs.setEngine('Node', new pkijs.CryptoEngine({ name: 'Node', crypto: cryptoProvider }));
+pkijs.ECNamedCurves.register('K-256', '1.3.132.0.10', 32);
+const originGetAlgorithmByOIDFn = pkijs.CryptoEngine.prototype.getAlgorithmByOID;
+function getAlgorithmByOID(oid, safety, target) {
+    if (oid === '1.3.132.0.10') {
+        return {
+            name: 'K-256',
+        };
+    }
+    return originGetAlgorithmByOIDFn(oid, safety, target);
+}
+pkijs.CryptoEngine.prototype.getAlgorithmByOID = getAlgorithmByOID;
+x509.PemConverter.isPem = (data) => {
+    return typeof data === 'string' && data.startsWith('-----BEGIN');
+};
+export { cryptoProvider };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2V0dXAtY3J5cHRvLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2NlcnRpZmljYXRlcy9zZXR1cC1jcnlwdG8udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLElBQUksTUFBTSxnQkFBZ0IsQ0FBQztBQUN2QyxPQUFPLFNBQVMsTUFBTSxxQkFBcUIsQ0FBQztBQUM1QyxPQUFPLEtBQUssS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUUvQixNQUFNLGNBQWMsR0FBRyxJQUFJLFNBQVMsQ0FBQyxNQUFNLEVBQUUsQ0FBQztBQUU5QyxJQUFJLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxjQUFjLENBQUMsQ0FBQztBQUV4QyxLQUFLLENBQUMsU0FBUyxDQUFDLE1BQU0sRUFBRSxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUMsRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxjQUFjLEVBQUUsQ0FBQyxDQUFDLENBQUM7QUFFMUYsS0FBSyxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsT0FBTyxFQUFFLGNBQWMsRUFBRSxFQUFFLENBQUMsQ0FBQztBQUUxRCxNQUFNLHlCQUF5QixHQUFHLEtBQUssQ0FBQyxZQUFZLENBQUMsU0FBUyxDQUFDLGlCQUFpQixDQUFDO0FBQ2pGLFNBQVMsaUJBQWlCLENBQUMsR0FBVyxFQUFFLE1BQWdCLEVBQUUsTUFBZTtJQUN2RSxJQUFJLEdBQUcsS0FBSyxjQUFjLEVBQUUsQ0FBQztRQUMzQixPQUFPO1lBQ0wsSUFBSSxFQUFFLE9BQU87U0FDZCxDQUFDO0lBQ0osQ0FBQztJQUVELE9BQU8seUJBQXlCLENBQUMsR0FBRyxFQUFFLE1BQU0sRUFBRSxNQUFNLENBQUMsQ0FBQztBQUN4RCxDQUFDO0FBQ0QsS0FBSyxDQUFDLFlBQVksQ0FBQyxTQUFTLENBQUMsaUJBQWlCLEdBQUcsaUJBQWlCLENBQUM7QUFFbkUsSUFBSSxDQUFDLFlBQVksQ0FBQyxLQUFLLEdBQUcsQ0FBQyxJQUFZLEVBQWtCLEVBQUU7SUFDekQsT0FBTyxPQUFPLElBQUksS0FBSyxRQUFRLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUMsQ0FBQztBQUNuRSxDQUFDLENBQUM7QUFFRixPQUFPLEVBQUUsY0FBYyxFQUFFLENBQUMifQ==

package/dist/mjs/certificates/types.d.ts

@@ -1,4 +1,81 @@
+/// <reference types="node" />
 export type ValidateCertChainResult = {
     isValid: boolean;
     errorMessage?: string;
 };
+export type SignatureAlgorithm = 'RSASSA-PKCS1-SHA256' | 'ECDSA-secp256k1-SHA256' | 'ECDSA-P-256-SHA256';
+export type AlgorithmObj = {
+    name: string;
+    namedCurve?: string;
+    hash?: {
+        name: string;
+    };
+};
+export type CustomExtension = {
+    oid: string;
+    value: Buffer;
+};
+export type CertificatePrincipal = {
+    country?: string;
+    stateName?: string;
+    localityName: string;
+    organization?: string;
+    organizationalUnit?: string;
+    commonName: string;
+};
+export type PemOrCryptoKeys = {
+    /**
+     * spki format for PEM
+     */
+    publicKey: string | CryptoKey;
+    /**
+     * pkcs8 format for PEM
+     */
+    privateKey: string | CryptoKey;
+};
+export type GenerateCertParams = PemOrCryptoKeys & {
+    subject: CertificatePrincipal | string;
+    issuer: CertificatePrincipal | string;
+    notAfter: Date;
+    dnsNames?: string[];
+    ca?: boolean;
+    ocspSigning?: boolean;
+    customExtensions?: CustomExtension[];
+};
+export type GenerateCsrParams = PemOrCryptoKeys & {
+    subject: CertificatePrincipal | string;
+    dnsNames?: string[];
+    customExtensions?: CustomExtension[];
+};
+export type ParsedCsr = {
+    publicKey: CryptoKey;
+    subject: string;
+    extensions: CustomExtension[];
+    dnsNames?: string[];
+};
+export type ParsedCert = {
+    serialNumber: string;
+    publicKey: CryptoKey;
+    subject: string;
+    issuer: string;
+    notBefore: Date;
+    notAfter: Date;
+    extensions: CustomExtension[];
+    dnsNames?: string[];
+};
+export type BlockchainCert = {
+    nonSerializedParts: Uint8Array[];
+    expirationDate: Uint8Array;
+    ca: Uint8Array;
+    userData?: Uint8Array;
+    serialNumber: Uint8Array;
+    signature: Uint8Array;
+    publicKey: Uint8Array;
+    mrEnclave?: Uint8Array;
+    mrSigner?: Uint8Array;
+};
+export type CertBinaryItem = {
+    name: string;
+    oid?: string;
+    value: Uint8Array;
+};