@super-protocol/sdk-js 3.13.0-beta.0 → 3.13.0-beta.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/certificates/generator.js +15 -4
- package/dist/cjs/certificates/helper.d.ts +3 -2
- package/dist/cjs/certificates/helper.js +27 -3
- package/dist/cjs/certificates/ocsp.d.ts +6 -1
- package/dist/cjs/certificates/ocsp.js +179 -23
- package/dist/cjs/certificates/testing-generate.d.ts +1 -0
- package/dist/cjs/certificates/testing-generate.js +115 -0
- package/dist/cjs/certificates/types.d.ts +31 -1
- package/dist/cjs/certificates/types.js +8 -1
- package/dist/cjs/constants.d.ts +1 -0
- package/dist/cjs/constants.js +3 -2
- package/dist/cjs/utils/NonceTracker.d.ts +1 -0
- package/dist/cjs/utils/NonceTracker.js +6 -2
- package/dist/cjs/utils/TxManager.d.ts +1 -0
- package/dist/cjs/utils/TxManager.js +49 -27
- package/dist/mjs/certificates/generator.js +16 -5
- package/dist/mjs/certificates/helper.d.ts +3 -2
- package/dist/mjs/certificates/helper.js +27 -3
- package/dist/mjs/certificates/ocsp.d.ts +6 -1
- package/dist/mjs/certificates/ocsp.js +180 -24
- package/dist/mjs/certificates/testing-generate.d.ts +1 -0
- package/dist/mjs/certificates/testing-generate.js +110 -0
- package/dist/mjs/certificates/types.d.ts +31 -1
- package/dist/mjs/certificates/types.js +7 -2
- package/dist/mjs/constants.d.ts +1 -0
- package/dist/mjs/constants.js +2 -1
- package/dist/mjs/utils/NonceTracker.d.ts +1 -0
- package/dist/mjs/utils/NonceTracker.js +6 -2
- package/dist/mjs/utils/TxManager.d.ts +1 -0
- package/dist/mjs/utils/TxManager.js +50 -28
- package/package.json +4 -3
|
@@ -7,6 +7,13 @@ import { createMemoryCache } from '../utils/cache/memory.js';
|
|
|
7
7
|
import { OCSPHelper } from './ocsp.js';
|
|
8
8
|
import { CRLHelper } from './crl.js';
|
|
9
9
|
import './setup-crypto.js';
|
|
10
|
+
import { OID_CUSTOM_EXTENSION_CHALLENGE_CERTIFICATE_ID, OID_CUSTOM_EXTENSION_CHALLENGE_COMMON_ID, OID_CUSTOM_EXTENSION_CHALLENGE_ID, OID_CUSTOM_EXTENSION_NVIDIA_INFO_GPU, } from '@super-protocol/pki-common';
|
|
11
|
+
const oidsForOcspCheck = [
|
|
12
|
+
OID_CUSTOM_EXTENSION_CHALLENGE_ID,
|
|
13
|
+
OID_CUSTOM_EXTENSION_CHALLENGE_COMMON_ID,
|
|
14
|
+
OID_CUSTOM_EXTENSION_NVIDIA_INFO_GPU,
|
|
15
|
+
OID_CUSTOM_EXTENSION_CHALLENGE_CERTIFICATE_ID,
|
|
16
|
+
];
|
|
10
17
|
export class CertificatesHelper {
|
|
11
18
|
static downloadedCertificateCache = createMemoryCache();
|
|
12
19
|
static derToPem(data, type = 'CERTIFICATE') {
|
|
@@ -47,6 +54,9 @@ export class CertificatesHelper {
|
|
|
47
54
|
ca: toPemChain(splitCerts[1]),
|
|
48
55
|
};
|
|
49
56
|
}
|
|
57
|
+
static getIssuerBySubject(cert, certs) {
|
|
58
|
+
return certs.find((potentialIssuer) => cert.issuer.isEqual(potentialIssuer.subject));
|
|
59
|
+
}
|
|
50
60
|
static pemChainToDer(certsPem) {
|
|
51
61
|
const certs = CertificatesHelper.splitPemCerts(certsPem);
|
|
52
62
|
return certs.map((certPem) => CertificatesHelper.pemToDer(certPem));
|
|
@@ -69,7 +79,9 @@ export class CertificatesHelper {
|
|
|
69
79
|
return responseData;
|
|
70
80
|
}
|
|
71
81
|
static sortCertsFromLeafToRoot(certsPem) {
|
|
72
|
-
const allCerts =
|
|
82
|
+
const allCerts = typeof certsPem === 'string' || certsPem.every((cert) => typeof cert === 'string')
|
|
83
|
+
? CertificatesHelper.toPkiCerts(certsPem)
|
|
84
|
+
: certsPem;
|
|
73
85
|
const leafs = allCerts.filter((certToCheck) => !allCerts.some((certsToCheckWith) => certToCheck.subject.isEqual(certsToCheckWith.issuer)));
|
|
74
86
|
const buildChain = (leaf) => {
|
|
75
87
|
const chain = [leaf];
|
|
@@ -105,7 +117,19 @@ export class CertificatesHelper {
|
|
|
105
117
|
const crls = offline ? [] : await CRLHelper.getCRLFromCerts(sortedCerts);
|
|
106
118
|
const ocspBaseResponses = offline
|
|
107
119
|
? []
|
|
108
|
-
: await OCSPHelper.getOCSPResponseFromCerts(sortedCerts, ca);
|
|
120
|
+
: await OCSPHelper.getOCSPResponseFromCerts(sortedCerts, ca, oidsForOcspCheck);
|
|
121
|
+
if (ocspBaseResponses.length) {
|
|
122
|
+
ocspBaseResponses.forEach((ocspResponse) => {
|
|
123
|
+
if (!ocspResponse.certs) {
|
|
124
|
+
throw new Error('OCSP response does not contain certs');
|
|
125
|
+
}
|
|
126
|
+
const ocspSigner = CertificatesHelper.sortCertsFromLeafToRoot(ocspResponse.certs)[0];
|
|
127
|
+
const isSignerValid = OCSPHelper.canCertSignOCSPResponse(ocspSigner);
|
|
128
|
+
if (!isSignerValid) {
|
|
129
|
+
throw new Error('OCSP signer certificate does not have the OCSP signing extended key usage');
|
|
130
|
+
}
|
|
131
|
+
});
|
|
132
|
+
}
|
|
109
133
|
const chainEngine = new pkijs.CertificateChainValidationEngine({
|
|
110
134
|
certs: sortedCerts,
|
|
111
135
|
trustedCerts: ca,
|
|
@@ -148,4 +172,4 @@ export class CertificatesHelper {
|
|
|
148
172
|
return certsArray.map((certPem) => pkijs.Certificate.fromBER(CertificatesHelper.pemToDer(certPem)));
|
|
149
173
|
}
|
|
150
174
|
}
|
|
151
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
175
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGVscGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2NlcnRpZmljYXRlcy9oZWxwZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxDQUFDLE1BQU0sUUFBUSxDQUFDO0FBQ3ZCLE9BQU8sS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUMxQixPQUFPLEtBQUssTUFBTSxZQUFZLENBQUM7QUFDL0IsT0FBTyxLQUFLLEtBQUssTUFBTSxPQUFPLENBQUM7QUFDL0IsT0FBTyxFQUFFLHdCQUF3QixFQUFFLGVBQWUsRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBQzNFLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBRTdELE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxXQUFXLENBQUM7QUFDdkMsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLFVBQVUsQ0FBQztBQUNyQyxPQUFPLG1CQUFtQixDQUFDO0FBQzNCLE9BQU8sRUFDTCw2Q0FBNkMsRUFDN0Msd0NBQXdDLEVBQ3hDLGlDQUFpQyxFQUNqQyxvQ0FBb0MsR0FDckMsTUFBTSw0QkFBNEIsQ0FBQztBQUVwQyxNQUFNLGdCQUFnQixHQUFHO0lBQ3ZCLGlDQUFpQztJQUNqQyx3Q0FBd0M7SUFDeEMsb0NBQW9DO0lBQ3BDLDZDQUE2QztDQUM5QyxDQUFDO0FBRUYsTUFBTSxPQUFPLGtCQUFrQjtJQUNyQixNQUFNLENBQUMsMEJBQTBCLEdBQUcsaUJBQWlCLEVBQUUsQ0FBQztJQUVoRSxNQUFNLENBQUMsUUFBUSxDQUFDLElBQWlCLEVBQUUsT0FBZSxhQUFhO1FBQzdELE9BQU8sS0FBSyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUM7WUFDdEIsYUFBYSxFQUFFLElBQUk7WUFDbkIsT0FBTyxFQUFFLElBQUk7WUFDYixPQUFPLEVBQUUsRUFBRTtZQUNYLFFBQVEsRUFBRSxJQUFJO1lBQ2QsSUFBSTtZQUNKLElBQUksRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUM7U0FDM0MsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELE1BQU0sQ0FBQyxRQUFRLENBQUMsT0FBZTtRQUM3QixPQUFPLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsS0FBSyxFQUFFLEVBQUUsUUFBUSxDQUFDLENBQUM7SUFDcEUsQ0FBQztJQUVELE1BQU0sQ0FBQyxhQUFhLENBQUMsS0FBYTtRQUNoQyxNQUFNLFFBQVEsR0FBRyxpRUFBaUUsQ0FBQztRQUNuRixPQUFPLEtBQUssQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDO0lBQ3JDLENBQUM7SUFFRCxNQUFNLENBQUMsU0FBUyxDQUFDLE9BQWU7UUFDOUIsTUFBTSxJQUFJLEdBQUcsS0FBSyxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUNuRCxPQUFPLElBQUksQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQUMsU0FBUyxDQUFDLElBQUksS0FBSyxZQUFZLENBQUM7WUFDakYsRUFBRSxLQUFlLENBQUM7SUFDdEIsQ0FBQztJQUVELE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxTQUFxQyxFQUFFLEdBQVc7UUFDekUsTUFBTSxJQUFJLEdBQ1IsT0FBTyxTQUFTLEtBQUssUUFBUTtZQUMzQixDQUFDLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsa0JBQWtCLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ25FLENBQUMsQ0FBQyxTQUFTLENBQUM7UUFDaEIsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLFVBQVUsRUFBRSxJQUFJLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEtBQUssR0FBRyxDQUFDLENBQUM7UUFDckUsT0FBTyxTQUFTLElBQUksTUFBTSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLFVBQVUsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxDQUFDO0lBQzFFLENBQUM7SUFFRCxNQUFNLENBQUMsa0JBQWtCLENBQUMsUUFBZ0I7UUFDeEMsTUFBTSxLQUFLLEdBQUcsa0JBQWtCLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3RELE1BQU0sVUFBVSxHQUFHLENBQUMsQ0FBQyxTQUFTLENBQUMsS0FBSyxFQUFFLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDO1FBRXBGLE1BQU0sVUFBVSxHQUFHLENBQUMsS0FBMEIsRUFBVSxFQUFFLENBQ3hELEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUMsS0FBSyxFQUFFLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUV2RixPQUFPO1lBQ0wsS0FBSyxFQUFFLFVBQVUsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDaEMsRUFBRSxFQUFFLFVBQVUsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUM7U0FDOUIsQ0FBQztJQUNKLENBQUM7SUFFRCxNQUFNLENBQUMsa0JBQWtCLENBQ3ZCLElBQXVCLEVBQ3ZCLEtBQTBCO1FBRTFCLE9BQU8sS0FBSyxDQUFDLElBQUksQ0FBQyxDQUFDLGVBQWUsRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7SUFDdkYsQ0FBQztJQUVELE1BQU0sQ0FBQyxhQUFhLENBQUMsUUFBZ0I7UUFDbkMsTUFBTSxLQUFLLEdBQUcsa0JBQWtCLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBRXpELE9BQU8sS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsa0JBQWtCLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7SUFDdEUsQ0FBQztJQUVELE1BQU0sQ0FBQyxhQUFhLENBQUMsUUFBc0I7UUFDekMsT0FBTyxRQUFRO2FBQ1osR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUM7YUFDaEQsSUFBSSxDQUFDLEVBQUUsQ0FBQzthQUNSLElBQUksRUFBRSxDQUFDO0lBQ1osQ0FBQztJQUVELE1BQU0sQ0FBQyxLQUFLLENBQUMscUJBQXFCLENBQUMsR0FBVztRQUM1QyxNQUFNLFlBQVksR0FBRyxNQUFNLGtCQUFrQixDQUFDLDBCQUEwQixDQUFDLElBQUksQ0FDM0UsR0FBRyxFQUNILEtBQUssSUFBSSxFQUFFO1lBQ1QsTUFBTSxRQUFRLEdBQUcsTUFBTSxLQUFLLENBQUMsR0FBRyxFQUFFO2dCQUNoQyxZQUFZLEVBQUUsYUFBYTthQUM1QixDQUFDLENBQUM7WUFDSCxPQUFPLFFBQVEsRUFBRSxJQUFJLENBQUM7UUFDeEIsQ0FBQyxFQUNEO1lBQ0UsR0FBRyxFQUFFLENBQUMsR0FBRyxFQUFFLEdBQUcsSUFBSSxFQUFFLE9BQU87U0FDNUIsQ0FDRixDQUFDO1FBRUYsT0FBTyxZQUFZLENBQUM7SUFDdEIsQ0FBQztJQUVELE1BQU0sQ0FBQyx1QkFBdUIsQ0FDNUIsUUFBaUQ7UUFFakQsTUFBTSxRQUFRLEdBQ1osT0FBTyxRQUFRLEtBQUssUUFBUSxJQUFJLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLE9BQU8sSUFBSSxLQUFLLFFBQVEsQ0FBQztZQUNoRixDQUFDLENBQUMsa0JBQWtCLENBQUMsVUFBVSxDQUFDLFFBQTZCLENBQUM7WUFDOUQsQ0FBQyxDQUFFLFFBQWdDLENBQUM7UUFFeEMsTUFBTSxLQUFLLEdBQUcsUUFBUSxDQUFDLE1BQU0sQ0FDM0IsQ0FBQyxXQUFXLEVBQUUsRUFBRSxDQUNkLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDLGdCQUFnQixFQUFFLEVBQUUsQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUM3RixDQUFDO1FBRUYsTUFBTSxVQUFVLEdBQUcsQ0FBQyxJQUF1QixFQUF1QixFQUFFO1lBQ2xFLE1BQU0sS0FBSyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUM7WUFDckIsSUFBSSxXQUFXLEdBQWtDLElBQUksQ0FBQztZQUV0RCxHQUFHLENBQUM7Z0JBQ0YsV0FBVyxHQUFHLFFBQVEsQ0FBQyxJQUFJLENBQ3pCLENBQUMsZUFBZSxFQUFFLEVBQUUsQ0FDbEIsV0FBVyxFQUFFLE1BQU0sQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFDLE9BQU8sQ0FBQztvQkFDcEQsQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsTUFBTSxDQUFDLENBQ25ELENBQUM7Z0JBRUYsSUFBSSxXQUFXLEVBQUUsQ0FBQztvQkFDaEIsS0FBSyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQztnQkFDMUIsQ0FBQztZQUNILENBQUMsUUFBUSxXQUFXLEVBQUU7WUFFdEIsT0FBTyxLQUFLLENBQUM7UUFDZixDQUFDLENBQUM7UUFFRixNQUFNLE1BQU0sR0FBRyxLQUFLLENBQUMsR0FBRyxDQUFDLFVBQVUsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEdBQUcsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2pGLE9BQU8sTUFBTSxDQUFDLElBQUksRUFBRSxDQUFDO0lBQ3ZCLENBQUM7SUFFRCxNQUFNLENBQUMseUJBQXlCLENBQUMsT0FBZTtRQUM5QyxNQUFNLElBQUksR0FBRyxJQUFJLGVBQWUsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUMxQyxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDO1FBQ2pDLE9BQU8sU0FBUyxDQUFDLFNBQXlCLENBQUM7SUFDN0MsQ0FBQztJQUVELE1BQU0sQ0FBQyx3QkFBd0IsQ0FBQyxNQUFjO1FBQzVDLE1BQU0sR0FBRyxHQUFHLElBQUksd0JBQXdCLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDakQsTUFBTSxTQUFTLEdBQUcsR0FBRyxDQUFDLFNBQVMsQ0FBQztRQUNoQyxPQUFPLFNBQVMsQ0FBQyxTQUF5QixDQUFDO0lBQzdDLENBQUM7SUFFRCxNQUFNLENBQUMsS0FBSyxDQUFDLGlCQUFpQixDQUM1QixRQUEyQixFQUMzQixLQUF3QixFQUN4QixVQUFpQyxFQUFFO1FBRW5DLE1BQU0sRUFBRSxPQUFPLEVBQUUsR0FBRyxPQUFPLENBQUM7UUFFNUIseUZBQXlGO1FBQ3pGLE1BQU0sV0FBVyxHQUFHLGtCQUFrQixDQUFDLHVCQUF1QixDQUFDLFFBQVEsQ0FBQyxDQUFDLE9BQU8sRUFBRSxDQUFDO1FBRW5GLE1BQU0sRUFBRSxHQUFHLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUVoRCxJQUFJLENBQUM7WUFDSCxNQUFNLElBQUksR0FBRyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxTQUFTLENBQUMsZUFBZSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBQ3pFLE1BQU0saUJBQWlCLEdBQUcsT0FBTztnQkFDL0IsQ0FBQyxDQUFDLEVBQUU7Z0JBQ0osQ0FBQyxDQUFDLE1BQU0sVUFBVSxDQUFDLHdCQUF3QixDQUFDLFdBQVcsRUFBRSxFQUFFLEVBQUUsZ0JBQWdCLENBQUMsQ0FBQztZQUNqRixJQUFJLGlCQUFpQixDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUM3QixpQkFBaUIsQ0FBQyxPQUFPLENBQUMsQ0FBQyxZQUFZLEVBQUUsRUFBRTtvQkFDekMsSUFBSSxDQUFDLFlBQVksQ0FBQyxLQUFLLEVBQUUsQ0FBQzt3QkFDeEIsTUFBTSxJQUFJLEtBQUssQ0FBQyxzQ0FBc0MsQ0FBQyxDQUFDO29CQUMxRCxDQUFDO29CQUNELE1BQU0sVUFBVSxHQUFHLGtCQUFrQixDQUFDLHVCQUF1QixDQUFDLFlBQVksQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztvQkFDckYsTUFBTSxhQUFhLEdBQUcsVUFBVSxDQUFDLHVCQUF1QixDQUFDLFVBQVUsQ0FBQyxDQUFDO29CQUNyRSxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7d0JBQ25CLE1BQU0sSUFBSSxLQUFLLENBQ2IsMkVBQTJFLENBQzVFLENBQUM7b0JBQ0osQ0FBQztnQkFDSCxDQUFDLENBQUMsQ0FBQztZQUNMLENBQUM7WUFFRCxNQUFNLFdBQVcsR0FBRyxJQUFJLEtBQUssQ0FBQyxnQ0FBZ0MsQ0FBQztnQkFDN0QsS0FBSyxFQUFFLFdBQVc7Z0JBQ2xCLFlBQVksRUFBRSxFQUFFO2dCQUNoQixLQUFLLEVBQUUsaUJBQWlCO2dCQUN4QixJQUFJO2FBQ0wsQ0FBQyxDQUFDO1lBRUgsTUFBTSxZQUFZLEdBQUcsTUFBTSxXQUFXLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDaEQsSUFBSSxDQUFDLFlBQVksQ0FBQyxNQUFNLEVBQUUsQ0FBQztnQkFDekIsT0FBTztvQkFDTCxPQUFPLEVBQUUsS0FBSztvQkFDZCxZQUFZLEVBQUUsWUFBWSxDQUFDLGFBQWE7aUJBQ3pDLENBQUM7WUFDSixDQUFDO1lBRUQ7Ozs7Ozs7O2VBUUc7WUFDSCxNQUFNLGtCQUFrQixHQUFHLFdBQVcsQ0FBQyxLQUFLLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUNwRCxZQUFZLENBQUMsZUFBZSxFQUFFLElBQUksQ0FBQyxDQUFDLFlBQVksRUFBRSxFQUFFLENBQ2xELFlBQVksQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FDckQsQ0FDRixDQUFDO1lBQ0YsSUFBSSxDQUFDLGtCQUFrQixFQUFFLENBQUM7Z0JBQ3hCLE1BQU0sSUFBSSxLQUFLLENBQUMsNkNBQTZDLENBQUMsQ0FBQztZQUNqRSxDQUFDO1lBRUQsT0FBTztnQkFDTCxPQUFPLEVBQUUsSUFBSTthQUNkLENBQUM7UUFDSixDQUFDO1FBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNiLE9BQU87Z0JBQ0wsT0FBTyxFQUFFLEtBQUs7Z0JBQ2QsWUFBWSxFQUFHLEdBQWEsQ0FBQyxPQUFPO2FBQ3JDLENBQUM7UUFDSixDQUFDO0lBQ0gsQ0FBQztJQUVELE1BQU0sQ0FBQyxVQUFVLENBQUMsS0FBd0I7UUFDeEMsTUFBTSxVQUFVLEdBQUcsS0FBSyxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxrQkFBa0IsQ0FBQyxhQUFhLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDMUYsT0FBTyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FDaEMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsa0JBQWtCLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQ2hFLENBQUM7SUFDSixDQUFDIn0=
|
|
@@ -1,9 +1,14 @@
|
|
|
1
1
|
import * as pkijs from 'pkijs';
|
|
2
|
+
import { GenerateOcspResponseParams, ParsedOcspRequest } from '../index.js';
|
|
2
3
|
export declare class OCSPHelper {
|
|
3
|
-
static getOCSPResponseFromCerts(certs: pkijs.Certificate[], ca: pkijs.Certificate[]): Promise<pkijs.BasicOCSPResponse[]>;
|
|
4
|
+
static getOCSPResponseFromCerts(certs: pkijs.Certificate[], ca: pkijs.Certificate[], oidsToCheck?: string[]): Promise<pkijs.BasicOCSPResponse[]>;
|
|
5
|
+
static generateOCSPResponse(params: GenerateOcspResponseParams): Promise<ArrayBuffer>;
|
|
6
|
+
static parseOCSPRequest(ocspRequestBinary: ArrayBuffer): ParsedOcspRequest;
|
|
7
|
+
static canCertSignOCSPResponse(cert: pkijs.Certificate): boolean;
|
|
4
8
|
private static getOCSPRequestData;
|
|
5
9
|
private static getOCSPResponse;
|
|
6
10
|
private static sendOCSPRequest;
|
|
7
11
|
private static getNonceForRequest;
|
|
8
12
|
private static getNonceFromResponse;
|
|
13
|
+
private static getCertExtensionsToCheck;
|
|
9
14
|
}
|
|
@@ -1,18 +1,36 @@
|
|
|
1
|
+
import _ from 'lodash';
|
|
2
|
+
import forge from 'node-forge';
|
|
1
3
|
import * as pkijs from 'pkijs';
|
|
2
4
|
import * as asn1js from 'asn1js';
|
|
3
5
|
import axios from 'axios';
|
|
6
|
+
import { CertID, OCSPRequest, Request, TBSRequest } from '@peculiar/asn1-ocsp';
|
|
7
|
+
import { OctetString, AsnSerializer, AsnParser } from '@peculiar/asn1-schema';
|
|
8
|
+
import { AlgorithmIdentifier, Extensions, Extension } from '@peculiar/asn1-x509';
|
|
4
9
|
import { OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION, OID_OCSP_ACCESS_METHOD, OID_OCSP_ISSUER_ACCESS_METHOD, } from '../constants.js';
|
|
5
10
|
import { CertificatesHelper } from './helper.js';
|
|
6
|
-
import { constants, helpers } from '../index.js';
|
|
11
|
+
import { CryptoKeysTransformer, OcspCertStatus, constants, helpers, } from '../index.js';
|
|
12
|
+
import { ExtendedKeyUsage } from '@peculiar/x509';
|
|
13
|
+
const DEFAULT_REVOCATION_DATE = new Date('1970-01-01T00:00:00Z');
|
|
7
14
|
export class OCSPHelper {
|
|
8
|
-
static async getOCSPResponseFromCerts(certs, ca) {
|
|
15
|
+
static async getOCSPResponseFromCerts(certs, ca, oidsToCheck = []) {
|
|
9
16
|
const ocspRequestsData = certs
|
|
10
17
|
.map(OCSPHelper.getOCSPRequestData)
|
|
11
18
|
.filter(Boolean);
|
|
12
19
|
if (!ocspRequestsData.length) {
|
|
13
20
|
return [];
|
|
14
21
|
}
|
|
15
|
-
const
|
|
22
|
+
const groupByOcspUrl = _.groupBy(ocspRequestsData, 'ocspUrl');
|
|
23
|
+
const getOcspResponseParams = Object.entries(groupByOcspUrl).map(([ocspUrl, certParams]) => ({
|
|
24
|
+
ocspUrl,
|
|
25
|
+
certsWithIssuer: certParams.map(({ cert, issuerCertUrl }) => ({
|
|
26
|
+
cert,
|
|
27
|
+
issuerCertUrl,
|
|
28
|
+
issuerCert: CertificatesHelper.getIssuerBySubject(cert, [...certs, ...ca]),
|
|
29
|
+
})),
|
|
30
|
+
ca,
|
|
31
|
+
oidsToCheck,
|
|
32
|
+
}));
|
|
33
|
+
const ocspResponseResults = await Promise.allSettled(getOcspResponseParams.map((params) => OCSPHelper.getOCSPResponse(params)));
|
|
16
34
|
const rejectedOCSPResponses = ocspResponseResults
|
|
17
35
|
.filter(helpers.isRejected)
|
|
18
36
|
.map((result) => result.reason);
|
|
@@ -21,6 +39,104 @@ export class OCSPHelper {
|
|
|
21
39
|
}
|
|
22
40
|
return ocspResponseResults.filter(helpers.isFulfilled).map((result) => result.value);
|
|
23
41
|
}
|
|
42
|
+
static async generateOCSPResponse(params) {
|
|
43
|
+
const ocspBasicResp = new pkijs.BasicOCSPResponse();
|
|
44
|
+
const { issuerCertPem, caCertsPem, certs, privateKey, nonce } = params;
|
|
45
|
+
const { certs: issuerCertsPem } = CertificatesHelper.extractCAFromChain(`${issuerCertPem}\n${caCertsPem}`);
|
|
46
|
+
const issuerCert = CertificatesHelper.toPkiCerts(issuerCertPem)[0];
|
|
47
|
+
ocspBasicResp.tbsResponseData.responderID = issuerCert.subject;
|
|
48
|
+
ocspBasicResp.tbsResponseData.producedAt = new Date();
|
|
49
|
+
ocspBasicResp.certs = CertificatesHelper.toPkiCerts(issuerCertsPem);
|
|
50
|
+
for (const certData of certs) {
|
|
51
|
+
const { serialNumber, status, issuerKeyHash, issuerNameHash, hashAlgorithm, revocationDate } = certData;
|
|
52
|
+
const certID = new pkijs.CertID({
|
|
53
|
+
hashAlgorithm: new pkijs.AlgorithmIdentifier({
|
|
54
|
+
algorithmId: hashAlgorithm,
|
|
55
|
+
algorithmParams: new asn1js.Null(),
|
|
56
|
+
}),
|
|
57
|
+
issuerNameHash: new asn1js.OctetString({ valueHex: issuerNameHash }),
|
|
58
|
+
issuerKeyHash: new asn1js.OctetString({ valueHex: issuerKeyHash }),
|
|
59
|
+
serialNumber: new asn1js.Integer({ valueHex: serialNumber }),
|
|
60
|
+
});
|
|
61
|
+
const response = new pkijs.SingleResponse({
|
|
62
|
+
certID,
|
|
63
|
+
});
|
|
64
|
+
switch (status) {
|
|
65
|
+
case OcspCertStatus.OK:
|
|
66
|
+
case OcspCertStatus.Unknown:
|
|
67
|
+
response.certStatus = new asn1js.Primitive({
|
|
68
|
+
idBlock: {
|
|
69
|
+
tagClass: 3,
|
|
70
|
+
tagNumber: status,
|
|
71
|
+
},
|
|
72
|
+
});
|
|
73
|
+
break;
|
|
74
|
+
case OcspCertStatus.Revoked:
|
|
75
|
+
response.certStatus = new asn1js.Constructed({
|
|
76
|
+
idBlock: {
|
|
77
|
+
tagClass: 3,
|
|
78
|
+
tagNumber: status,
|
|
79
|
+
isConstructed: true,
|
|
80
|
+
},
|
|
81
|
+
value: [
|
|
82
|
+
new asn1js.GeneralizedTime({
|
|
83
|
+
valueDate: revocationDate || DEFAULT_REVOCATION_DATE,
|
|
84
|
+
}),
|
|
85
|
+
],
|
|
86
|
+
});
|
|
87
|
+
break;
|
|
88
|
+
default:
|
|
89
|
+
throw new Error(`Unknown OCSP certificate status: ${status}`);
|
|
90
|
+
}
|
|
91
|
+
response.thisUpdate = new Date();
|
|
92
|
+
ocspBasicResp.tbsResponseData.responses.push(response);
|
|
93
|
+
}
|
|
94
|
+
if (nonce) {
|
|
95
|
+
ocspBasicResp.tbsResponseData.responseExtensions = [
|
|
96
|
+
new pkijs.Extension({
|
|
97
|
+
extnID: constants.OID_OCSP_NONCE,
|
|
98
|
+
extnValue: new asn1js.OctetString({ valueHex: nonce }).toBER(),
|
|
99
|
+
}),
|
|
100
|
+
];
|
|
101
|
+
}
|
|
102
|
+
const privateCryptoKey = await CryptoKeysTransformer.pkcs8PemToCryptoKey(privateKey);
|
|
103
|
+
await ocspBasicResp.sign(privateCryptoKey, 'SHA-256');
|
|
104
|
+
const ocspBasicRespRaw = ocspBasicResp.toSchema().toBER(false);
|
|
105
|
+
const ocspResp = new pkijs.OCSPResponse({
|
|
106
|
+
responseStatus: new asn1js.Enumerated({ value: 0 }), // success
|
|
107
|
+
responseBytes: new pkijs.ResponseBytes({
|
|
108
|
+
responseType: pkijs.id_PKIX_OCSP_Basic,
|
|
109
|
+
response: new asn1js.OctetString({ valueHex: ocspBasicRespRaw }),
|
|
110
|
+
}),
|
|
111
|
+
});
|
|
112
|
+
return ocspResp.toSchema().toBER();
|
|
113
|
+
}
|
|
114
|
+
static parseOCSPRequest(ocspRequestBinary) {
|
|
115
|
+
const ocspRequest = AsnParser.parse(ocspRequestBinary, OCSPRequest);
|
|
116
|
+
const certRequests = ocspRequest.tbsRequest.requestList.map((request) => {
|
|
117
|
+
const reqCert = {
|
|
118
|
+
hashAlgorithm: request.reqCert.hashAlgorithm.algorithm,
|
|
119
|
+
issuerNameHash: Buffer.from(request.reqCert.issuerNameHash.buffer),
|
|
120
|
+
issuerKeyHash: Buffer.from(request.reqCert.issuerKeyHash.buffer),
|
|
121
|
+
serialNumber: request.reqCert.serialNumber,
|
|
122
|
+
};
|
|
123
|
+
const extensionsToCheck = request.singleRequestExtensions?.map((ext) => ({
|
|
124
|
+
oid: ext.extnID,
|
|
125
|
+
value: Buffer.from(ext.extnValue.buffer),
|
|
126
|
+
})) || [];
|
|
127
|
+
return { ...reqCert, extensionsToCheck };
|
|
128
|
+
});
|
|
129
|
+
const nonceExtension = ocspRequest.tbsRequest.requestExtensions?.find((ext) => ext.extnID === constants.OID_OCSP_NONCE);
|
|
130
|
+
const nonce = nonceExtension && nonceExtension.extnValue.buffer;
|
|
131
|
+
return { certRequests, nonce };
|
|
132
|
+
}
|
|
133
|
+
static canCertSignOCSPResponse(cert) {
|
|
134
|
+
const extKeysUsage = cert.extensions?.find((ext) => ext.extnID === forge.pki.oids['extKeyUsage']);
|
|
135
|
+
if (!extKeysUsage) {
|
|
136
|
+
return false;
|
|
137
|
+
}
|
|
138
|
+
return Boolean(extKeysUsage.parsedValue.keyPurposes.find((usage) => usage === ExtendedKeyUsage.ocspSigning));
|
|
139
|
+
}
|
|
24
140
|
static getOCSPRequestData(cert) {
|
|
25
141
|
const authorityExtension = CertificatesHelper.getExtensionValue(cert, OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION);
|
|
26
142
|
if (!authorityExtension) {
|
|
@@ -29,28 +145,60 @@ export class OCSPHelper {
|
|
|
29
145
|
const extensionValue = pkijs.ExtensionValueFactory.fromBER(OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION, authorityExtension);
|
|
30
146
|
const ocspUrl = extensionValue.accessDescriptions.find((desc) => desc.accessMethod === OID_OCSP_ACCESS_METHOD)?.accessLocation.value;
|
|
31
147
|
const issuerCertUrl = extensionValue.accessDescriptions.find((desc) => desc.accessMethod === OID_OCSP_ISSUER_ACCESS_METHOD)?.accessLocation.value;
|
|
32
|
-
if (!ocspUrl
|
|
33
|
-
// TODO: throw error?
|
|
148
|
+
if (!ocspUrl) {
|
|
34
149
|
return;
|
|
35
150
|
}
|
|
36
151
|
return { ocspUrl, issuerCertUrl, cert };
|
|
37
152
|
}
|
|
38
|
-
static async getOCSPResponse(
|
|
39
|
-
const { ocspUrl,
|
|
40
|
-
const
|
|
41
|
-
const
|
|
42
|
-
const
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
153
|
+
static async getOCSPResponse(params) {
|
|
154
|
+
const { ocspUrl, certsWithIssuer, ca, oidsToCheck } = params;
|
|
155
|
+
const requestList = [];
|
|
156
|
+
const issuerCertificates = [];
|
|
157
|
+
for (const { cert, issuerCert: issuerCertFromParams, issuerCertUrl } of certsWithIssuer) {
|
|
158
|
+
let issuerCertificate = issuerCertFromParams;
|
|
159
|
+
if (!issuerCertificate && issuerCertUrl) {
|
|
160
|
+
const issuerCertRaw = await CertificatesHelper.downloadCertWithCache(issuerCertUrl);
|
|
161
|
+
issuerCertificate = pkijs.Certificate.fromBER(issuerCertRaw);
|
|
162
|
+
}
|
|
163
|
+
if (!issuerCertificate) {
|
|
164
|
+
throw new Error(`No issuer certificate found for OCSP request for ${cert.subject}`);
|
|
165
|
+
}
|
|
166
|
+
if (!issuerCertificates.some((cert) => cert.subject.isEqual(issuerCertificate.subject))) {
|
|
167
|
+
issuerCertificates.push(issuerCertificate);
|
|
168
|
+
}
|
|
169
|
+
const certID = new pkijs.CertID();
|
|
170
|
+
await certID.createForCertificate(cert, {
|
|
171
|
+
hashAlgorithm: 'SHA-256',
|
|
172
|
+
issuerCertificate,
|
|
173
|
+
});
|
|
174
|
+
const request = new Request({
|
|
175
|
+
reqCert: new CertID({
|
|
176
|
+
hashAlgorithm: new AlgorithmIdentifier({
|
|
177
|
+
algorithm: certID.hashAlgorithm.algorithmId,
|
|
178
|
+
}),
|
|
179
|
+
issuerNameHash: new OctetString().fromASN(certID.issuerNameHash),
|
|
180
|
+
issuerKeyHash: new OctetString().fromASN(certID.issuerKeyHash),
|
|
181
|
+
serialNumber: certID.serialNumber.valueBlock.valueHex,
|
|
182
|
+
}),
|
|
183
|
+
});
|
|
184
|
+
const extensionsToCheck = OCSPHelper.getCertExtensionsToCheck(cert, oidsToCheck);
|
|
185
|
+
if (extensionsToCheck.length) {
|
|
186
|
+
request.singleRequestExtensions = new Extensions(extensionsToCheck.map((ext) => new Extension({ extnID: ext.oid, extnValue: new OctetString(ext.value) })));
|
|
187
|
+
}
|
|
188
|
+
requestList.push(request);
|
|
189
|
+
}
|
|
47
190
|
const reqNonce = OCSPHelper.getNonceForRequest();
|
|
48
|
-
ocspReq
|
|
49
|
-
new
|
|
50
|
-
|
|
51
|
-
|
|
191
|
+
const ocspReq = new OCSPRequest({
|
|
192
|
+
tbsRequest: new TBSRequest({
|
|
193
|
+
requestList,
|
|
194
|
+
requestExtensions: new Extensions([
|
|
195
|
+
new Extension({
|
|
196
|
+
extnID: constants.OID_OCSP_NONCE,
|
|
197
|
+
extnValue: new OctetString(reqNonce),
|
|
198
|
+
}),
|
|
199
|
+
]),
|
|
52
200
|
}),
|
|
53
|
-
|
|
201
|
+
});
|
|
54
202
|
const ocspBasicResp = await OCSPHelper.sendOCSPRequest(ocspUrl, ocspReq);
|
|
55
203
|
const respNonce = await OCSPHelper.getNonceFromResponse(ocspBasicResp);
|
|
56
204
|
if (respNonce && Buffer.compare(reqNonce, respNonce) !== 0) {
|
|
@@ -58,11 +206,11 @@ export class OCSPHelper {
|
|
|
58
206
|
}
|
|
59
207
|
const trustedCerts = [];
|
|
60
208
|
if (!ocspBasicResp.certs) {
|
|
61
|
-
ocspBasicResp.certs =
|
|
209
|
+
ocspBasicResp.certs = issuerCertificates;
|
|
62
210
|
trustedCerts.push(...ca);
|
|
63
211
|
}
|
|
64
212
|
else {
|
|
65
|
-
trustedCerts.push(
|
|
213
|
+
trustedCerts.push(...issuerCertificates);
|
|
66
214
|
}
|
|
67
215
|
await ocspBasicResp.verify({ trustedCerts });
|
|
68
216
|
return ocspBasicResp;
|
|
@@ -74,7 +222,7 @@ export class OCSPHelper {
|
|
|
74
222
|
'Content-Type': 'application/ocsp-request',
|
|
75
223
|
},
|
|
76
224
|
responseType: 'arraybuffer',
|
|
77
|
-
data:
|
|
225
|
+
data: AsnSerializer.serialize(ocspReq),
|
|
78
226
|
});
|
|
79
227
|
const ocspRespSimpl = pkijs.OCSPResponse.fromBER(ocspResponse.data);
|
|
80
228
|
if (!ocspRespSimpl.responseBytes) {
|
|
@@ -88,7 +236,15 @@ export class OCSPHelper {
|
|
|
88
236
|
}
|
|
89
237
|
static getNonceFromResponse(ocspBasicResp) {
|
|
90
238
|
const nonceExtension = ocspBasicResp.tbsResponseData?.responseExtensions?.find((extension) => extension.extnID === constants.OID_OCSP_NONCE);
|
|
91
|
-
return nonceExtension
|
|
239
|
+
return nonceExtension && Buffer.from(nonceExtension.parsedValue.valueBlock.valueHex);
|
|
240
|
+
}
|
|
241
|
+
static getCertExtensionsToCheck(cert, oidsToCheck) {
|
|
242
|
+
return oidsToCheck
|
|
243
|
+
.map((oid) => {
|
|
244
|
+
const value = CertificatesHelper.getExtensionValue(cert, oid);
|
|
245
|
+
return { oid, value };
|
|
246
|
+
})
|
|
247
|
+
.filter((ext) => Boolean(ext.value));
|
|
92
248
|
}
|
|
93
249
|
}
|
|
94
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2NzcC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvb2NzcC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUMvQixPQUFPLEtBQUssTUFBTSxNQUFNLFFBQVEsQ0FBQztBQUNqQyxPQUFPLEtBQUssTUFBTSxPQUFPLENBQUM7QUFDMUIsT0FBTyxFQUNMLDBDQUEwQyxFQUMxQyxzQkFBc0IsRUFDdEIsNkJBQTZCLEdBQzlCLE1BQU0saUJBQWlCLENBQUM7QUFDekIsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sYUFBYSxDQUFDO0FBQ2pELE9BQU8sRUFBRSxTQUFTLEVBQUUsT0FBTyxFQUFFLE1BQU0sYUFBYSxDQUFDO0FBSWpELE1BQU0sT0FBTyxVQUFVO0lBQ3JCLE1BQU0sQ0FBQyxLQUFLLENBQUMsd0JBQXdCLENBQ25DLEtBQTBCLEVBQzFCLEVBQXVCO1FBRXZCLE1BQU0sZ0JBQWdCLEdBQUcsS0FBSzthQUMzQixHQUFHLENBQUMsVUFBVSxDQUFDLGtCQUFrQixDQUFDO2FBQ2xDLE1BQU0sQ0FBQyxPQUFPLENBQXNCLENBQUM7UUFFeEMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQzdCLE9BQU8sRUFBRSxDQUFDO1FBQ1osQ0FBQztRQUVELE1BQU0sbUJBQW1CLEdBQUcsTUFBTSxPQUFPLENBQUMsVUFBVSxDQUNsRCxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsQ0FBQyxXQUFXLEVBQUUsRUFBRSxDQUFDLFVBQVUsQ0FBQyxlQUFlLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQ25GLENBQUM7UUFFRixNQUFNLHFCQUFxQixHQUFHLG1CQUFtQjthQUM5QyxNQUFNLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQzthQUMxQixHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNsQyxJQUFJLHFCQUFxQixDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQ2IsMkRBQTJELHFCQUFxQixDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUNoRyxDQUFDO1FBQ0osQ0FBQztRQUVELE9BQU8sbUJBQW1CLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUN2RixDQUFDO0lBRU8sTUFBTSxDQUFDLGtCQUFrQixDQUFDLElBQXVCO1FBQ3ZELE1BQU0sa0JBQWtCLEdBQUcsa0JBQWtCLENBQUMsaUJBQWlCLENBQzdELElBQUksRUFDSiwwQ0FBMEMsQ0FDM0MsQ0FBQztRQUNGLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQ3hCLE9BQU87UUFDVCxDQUFDO1FBRUQsTUFBTSxjQUFjLEdBQUcsS0FBSyxDQUFDLHFCQUFxQixDQUFDLE9BQU8sQ0FDeEQsMENBQTBDLEVBQzFDLGtCQUFrQixDQUNFLENBQUM7UUFFdkIsTUFBTSxPQUFPLEdBQUcsY0FBYyxDQUFDLGtCQUFrQixDQUFDLElBQUksQ0FDcEQsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxZQUFZLEtBQUssc0JBQXNCLENBQ3ZELEVBQUUsY0FBYyxDQUFDLEtBQUssQ0FBQztRQUV4QixNQUFNLGFBQWEsR0FBRyxjQUFjLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUMxRCxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLFlBQVksS0FBSyw2QkFBNkIsQ0FDOUQsRUFBRSxjQUFjLENBQUMsS0FBSyxDQUFDO1FBRXhCLElBQUksQ0FBQyxPQUFPLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUMvQixxQkFBcUI7WUFDckIsT0FBTztRQUNULENBQUM7UUFFRCxPQUFPLEVBQUUsT0FBTyxFQUFFLGFBQWEsRUFBRSxJQUFJLEVBQUUsQ0FBQztJQUMxQyxDQUFDO0lBRU8sTUFBTSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQ2xDLElBQXFCLEVBQ3JCLEVBQXVCO1FBRXZCLE1BQU0sRUFBRSxPQUFPLEVBQUUsYUFBYSxFQUFFLElBQUksRUFBRSxHQUFHLElBQUksQ0FBQztRQUM5QyxNQUFNLGFBQWEsR0FBRyxNQUFNLGtCQUFrQixDQUFDLHFCQUFxQixDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ3BGLE1BQU0saUJBQWlCLEdBQUcsS0FBSyxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDLENBQUM7UUFDbkUsTUFBTSxPQUFPLEdBQUcsSUFBSSxLQUFLLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDeEMsTUFBTSxPQUFPLENBQUMsb0JBQW9CLENBQUMsSUFBSSxFQUFFO1lBQ3ZDLGFBQWEsRUFBRSxTQUFTO1lBQ3hCLGlCQUFpQjtTQUNsQixDQUFDLENBQUM7UUFDSCxNQUFNLFFBQVEsR0FBRyxVQUFVLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztRQUNqRCxPQUFPLENBQUMsVUFBVSxDQUFDLGlCQUFpQixHQUFHO1lBQ3JDLElBQUksS0FBSyxDQUFDLFNBQVMsQ0FBQztnQkFDbEIsTUFBTSxFQUFFLFNBQVMsQ0FBQyxjQUFjO2dCQUNoQyxTQUFTLEVBQUUsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLEVBQUUsUUFBUSxFQUFFLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLEtBQUssRUFBRTthQUN6RSxDQUFDO1NBQ0gsQ0FBQztRQUVGLE1BQU0sYUFBYSxHQUFHLE1BQU0sVUFBVSxDQUFDLGVBQWUsQ0FBQyxPQUFPLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFFekUsTUFBTSxTQUFTLEdBQUcsTUFBTSxVQUFVLENBQUMsb0JBQW9CLENBQUMsYUFBYSxDQUFDLENBQUM7UUFDdkUsSUFBSSxTQUFTLElBQUksTUFBTSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsU0FBUyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDM0QsTUFBTSxJQUFJLEtBQUssQ0FBQyxvREFBb0QsQ0FBQyxDQUFDO1FBQ3hFLENBQUM7UUFFRCxNQUFNLFlBQVksR0FBd0IsRUFBRSxDQUFDO1FBQzdDLElBQUksQ0FBQyxhQUFhLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDekIsYUFBYSxDQUFDLEtBQUssR0FBRyxDQUFDLGlCQUFpQixDQUFDLENBQUM7WUFDMUMsWUFBWSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDO1FBQzNCLENBQUM7YUFBTSxDQUFDO1lBQ04sWUFBWSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO1FBQ3ZDLENBQUM7UUFFRCxNQUFNLGFBQWEsQ0FBQyxNQUFNLENBQUMsRUFBRSxZQUFZLEVBQUUsQ0FBQyxDQUFDO1FBQzdDLE9BQU8sYUFBYSxDQUFDO0lBQ3ZCLENBQUM7SUFFTyxNQUFNLENBQUMsS0FBSyxDQUFDLGVBQWUsQ0FDbEMsT0FBZSxFQUNmLE9BQTBCO1FBRTFCLE1BQU0sWUFBWSxHQUFHLE1BQU0sS0FBSyxDQUFDLE9BQU8sRUFBRTtZQUN4QyxNQUFNLEVBQUUsTUFBTTtZQUNkLE9BQU8sRUFBRTtnQkFDUCxjQUFjLEVBQUUsMEJBQTBCO2FBQzNDO1lBQ0QsWUFBWSxFQUFFLGFBQWE7WUFDM0IsSUFBSSxFQUFFLE9BQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUMsS0FBSyxFQUFFO1NBQ3JDLENBQUMsQ0FBQztRQUVILE1BQU0sYUFBYSxHQUFHLEtBQUssQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNwRSxJQUFJLENBQUMsYUFBYSxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQUMsOERBQThELENBQUMsQ0FBQztRQUNsRixDQUFDO1FBRUQsTUFBTSxhQUFhLEdBQUcsS0FBSyxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbkQsYUFBYSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FDN0QsQ0FBQztRQUVGLE9BQU8sYUFBYSxDQUFDO0lBQ3ZCLENBQUM7SUFFTyxNQUFNLENBQUMsa0JBQWtCO1FBQy9CLE9BQU8sS0FBSyxDQUFDLGVBQWUsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQ25ELENBQUM7SUFFTyxNQUFNLENBQUMsb0JBQW9CLENBQ2pDLGFBQXNDO1FBRXRDLE1BQU0sY0FBYyxHQUFHLGFBQWEsQ0FBQyxlQUFlLEVBQUUsa0JBQWtCLEVBQUUsSUFBSSxDQUM1RSxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQUMsU0FBUyxDQUFDLE1BQU0sS0FBSyxTQUFTLENBQUMsY0FBYyxDQUM3RCxDQUFDO1FBQ0YsT0FBTyxjQUFjLEVBQUUsU0FBUyxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUM7SUFDM0QsQ0FBQztDQUNGIn0=
|
|
250
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2NzcC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvb2NzcC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLENBQUMsTUFBTSxRQUFRLENBQUM7QUFDdkIsT0FBTyxLQUFLLE1BQU0sWUFBWSxDQUFDO0FBQy9CLE9BQU8sS0FBSyxLQUFLLE1BQU0sT0FBTyxDQUFDO0FBQy9CLE9BQU8sS0FBSyxNQUFNLE1BQU0sUUFBUSxDQUFDO0FBQ2pDLE9BQU8sS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUMxQixPQUFPLEVBQUUsTUFBTSxFQUFFLFdBQVcsRUFBRSxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0scUJBQXFCLENBQUM7QUFDL0UsT0FBTyxFQUFFLFdBQVcsRUFBRSxhQUFhLEVBQUUsU0FBUyxFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDOUUsT0FBTyxFQUFFLG1CQUFtQixFQUFFLFVBQVUsRUFBRSxTQUFTLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUNqRixPQUFPLEVBQ0wsMENBQTBDLEVBQzFDLHNCQUFzQixFQUN0Qiw2QkFBNkIsR0FDOUIsTUFBTSxpQkFBaUIsQ0FBQztBQUN6QixPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFDakQsT0FBTyxFQUNMLHFCQUFxQixFQUdyQixjQUFjLEVBRWQsU0FBUyxFQUNULE9BQU8sR0FDUixNQUFNLGFBQWEsQ0FBQztBQUNyQixPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQztBQWVsRCxNQUFNLHVCQUF1QixHQUFHLElBQUksSUFBSSxDQUFDLHNCQUFzQixDQUFDLENBQUM7QUFFakUsTUFBTSxPQUFPLFVBQVU7SUFDckIsTUFBTSxDQUFDLEtBQUssQ0FBQyx3QkFBd0IsQ0FDbkMsS0FBMEIsRUFDMUIsRUFBdUIsRUFDdkIsY0FBd0IsRUFBRTtRQUUxQixNQUFNLGdCQUFnQixHQUFHLEtBQUs7YUFDM0IsR0FBRyxDQUFDLFVBQVUsQ0FBQyxrQkFBa0IsQ0FBQzthQUNsQyxNQUFNLENBQUMsT0FBTyxDQUFzQixDQUFDO1FBQ3hDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUM3QixPQUFPLEVBQUUsQ0FBQztRQUNaLENBQUM7UUFFRCxNQUFNLGNBQWMsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUFDLGdCQUFnQixFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBQzlELE1BQU0scUJBQXFCLEdBQTRCLE1BQU0sQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLENBQUMsR0FBRyxDQUN2RixDQUFDLENBQUMsT0FBTyxFQUFFLFVBQVUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQzFCLE9BQU87WUFDUCxlQUFlLEVBQUUsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsSUFBSSxFQUFFLGFBQWEsRUFBRSxFQUFFLEVBQUUsQ0FBQyxDQUFDO2dCQUM1RCxJQUFJO2dCQUNKLGFBQWE7Z0JBQ2IsVUFBVSxFQUFFLGtCQUFrQixDQUFDLGtCQUFrQixDQUFDLElBQUksRUFBRSxDQUFDLEdBQUcsS0FBSyxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUM7YUFDM0UsQ0FBQyxDQUFDO1lBQ0gsRUFBRTtZQUNGLFdBQVc7U0FDWixDQUFDLENBQ0gsQ0FBQztRQUVGLE1BQU0sbUJBQW1CLEdBQUcsTUFBTSxPQUFPLENBQUMsVUFBVSxDQUNsRCxxQkFBcUIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLFVBQVUsQ0FBQyxlQUFlLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FDMUUsQ0FBQztRQUVGLE1BQU0scUJBQXFCLEdBQUcsbUJBQW1CO2FBQzlDLE1BQU0sQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDO2FBQzFCLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2xDLElBQUkscUJBQXFCLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDakMsTUFBTSxJQUFJLEtBQUssQ0FDYiwyREFBMkQscUJBQXFCLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQ2hHLENBQUM7UUFDSixDQUFDO1FBRUQsT0FBTyxtQkFBbUIsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQ3ZGLENBQUM7SUFFRCxNQUFNLENBQUMsS0FBSyxDQUFDLG9CQUFvQixDQUFDLE1BQWtDO1FBQ2xFLE1BQU0sYUFBYSxHQUFHLElBQUksS0FBSyxDQUFDLGlCQUFpQixFQUFFLENBQUM7UUFDcEQsTUFBTSxFQUFFLGFBQWEsRUFBRSxVQUFVLEVBQUUsS0FBSyxFQUFFLFVBQVUsRUFBRSxLQUFLLEVBQUUsR0FBRyxNQUFNLENBQUM7UUFDdkUsTUFBTSxFQUFFLEtBQUssRUFBRSxjQUFjLEVBQUUsR0FBRyxrQkFBa0IsQ0FBQyxrQkFBa0IsQ0FDckUsR0FBRyxhQUFhLEtBQUssVUFBVSxFQUFFLENBQ2xDLENBQUM7UUFDRixNQUFNLFVBQVUsR0FBRyxrQkFBa0IsQ0FBQyxVQUFVLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFFbkUsYUFBYSxDQUFDLGVBQWUsQ0FBQyxXQUFXLEdBQUcsVUFBVSxDQUFDLE9BQU8sQ0FBQztRQUMvRCxhQUFhLENBQUMsZUFBZSxDQUFDLFVBQVUsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO1FBQ3RELGFBQWEsQ0FBQyxLQUFLLEdBQUcsa0JBQWtCLENBQUMsVUFBVSxDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBRXBFLEtBQUssTUFBTSxRQUFRLElBQUksS0FBSyxFQUFFLENBQUM7WUFDN0IsTUFBTSxFQUFFLFlBQVksRUFBRSxNQUFNLEVBQUUsYUFBYSxFQUFFLGNBQWMsRUFBRSxhQUFhLEVBQUUsY0FBYyxFQUFFLEdBQzFGLFFBQVEsQ0FBQztZQUNYLE1BQU0sTUFBTSxHQUFHLElBQUksS0FBSyxDQUFDLE1BQU0sQ0FBQztnQkFDOUIsYUFBYSxFQUFFLElBQUksS0FBSyxDQUFDLG1CQUFtQixDQUFDO29CQUMzQyxXQUFXLEVBQUUsYUFBYTtvQkFDMUIsZUFBZSxFQUFFLElBQUksTUFBTSxDQUFDLElBQUksRUFBRTtpQkFDbkMsQ0FBQztnQkFDRixjQUFjLEVBQUUsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLEVBQUUsUUFBUSxFQUFFLGNBQWMsRUFBRSxDQUFDO2dCQUNwRSxhQUFhLEVBQUUsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLEVBQUUsUUFBUSxFQUFFLGFBQWEsRUFBRSxDQUFDO2dCQUNsRSxZQUFZLEVBQUUsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLEVBQUUsUUFBUSxFQUFFLFlBQVksRUFBRSxDQUFDO2FBQzdELENBQUMsQ0FBQztZQUVILE1BQU0sUUFBUSxHQUFHLElBQUksS0FBSyxDQUFDLGNBQWMsQ0FBQztnQkFDeEMsTUFBTTthQUNQLENBQUMsQ0FBQztZQUVILFFBQVEsTUFBTSxFQUFFLENBQUM7Z0JBQ2YsS0FBSyxjQUFjLENBQUMsRUFBRSxDQUFDO2dCQUN2QixLQUFLLGNBQWMsQ0FBQyxPQUFPO29CQUN6QixRQUFRLENBQUMsVUFBVSxHQUFHLElBQUksTUFBTSxDQUFDLFNBQVMsQ0FBQzt3QkFDekMsT0FBTyxFQUFFOzRCQUNQLFFBQVEsRUFBRSxDQUFDOzRCQUNYLFNBQVMsRUFBRSxNQUFNO3lCQUNsQjtxQkFDRixDQUFDLENBQUM7b0JBQ0gsTUFBTTtnQkFDUixLQUFLLGNBQWMsQ0FBQyxPQUFPO29CQUN6QixRQUFRLENBQUMsVUFBVSxHQUFHLElBQUksTUFBTSxDQUFDLFdBQVcsQ0FBQzt3QkFDM0MsT0FBTyxFQUFFOzRCQUNQLFFBQVEsRUFBRSxDQUFDOzRCQUNYLFNBQVMsRUFBRSxNQUFNOzRCQUNqQixhQUFhLEVBQUUsSUFBSTt5QkFDcEI7d0JBQ0QsS0FBSyxFQUFFOzRCQUNMLElBQUksTUFBTSxDQUFDLGVBQWUsQ0FBQztnQ0FDekIsU0FBUyxFQUFFLGNBQWMsSUFBSSx1QkFBdUI7NkJBQ3JELENBQUM7eUJBQ0g7cUJBQ0YsQ0FBQyxDQUFDO29CQUNILE1BQU07Z0JBQ1I7b0JBQ0UsTUFBTSxJQUFJLEtBQUssQ0FBQyxvQ0FBb0MsTUFBTSxFQUFFLENBQUMsQ0FBQztZQUNsRSxDQUFDO1lBRUQsUUFBUSxDQUFDLFVBQVUsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO1lBQ2pDLGFBQWEsQ0FBQyxlQUFlLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN6RCxDQUFDO1FBRUQsSUFBSSxLQUFLLEVBQUUsQ0FBQztZQUNWLGFBQWEsQ0FBQyxlQUFlLENBQUMsa0JBQWtCLEdBQUc7Z0JBQ2pELElBQUksS0FBSyxDQUFDLFNBQVMsQ0FBQztvQkFDbEIsTUFBTSxFQUFFLFNBQVMsQ0FBQyxjQUFjO29CQUNoQyxTQUFTLEVBQUUsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLEVBQUUsUUFBUSxFQUFFLEtBQUssRUFBRSxDQUFDLENBQUMsS0FBSyxFQUFFO2lCQUMvRCxDQUFDO2FBQ0gsQ0FBQztRQUNKLENBQUM7UUFFRCxNQUFNLGdCQUFnQixHQUFHLE1BQU0scUJBQXFCLENBQUMsbUJBQW1CLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDckYsTUFBTSxhQUFhLENBQUMsSUFBSSxDQUFDLGdCQUFnQixFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBRXRELE1BQU0sZ0JBQWdCLEdBQUcsYUFBYSxDQUFDLFFBQVEsRUFBRSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUUvRCxNQUFNLFFBQVEsR0FBRyxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUM7WUFDdEMsY0FBYyxFQUFFLElBQUksTUFBTSxDQUFDLFVBQVUsQ0FBQyxFQUFFLEtBQUssRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLFVBQVU7WUFDL0QsYUFBYSxFQUFFLElBQUksS0FBSyxDQUFDLGFBQWEsQ0FBQztnQkFDckMsWUFBWSxFQUFFLEtBQUssQ0FBQyxrQkFBa0I7Z0JBQ3RDLFFBQVEsRUFBRSxJQUFJLE1BQU0sQ0FBQyxXQUFXLENBQUMsRUFBRSxRQUFRLEVBQUUsZ0JBQWdCLEVBQUUsQ0FBQzthQUNqRSxDQUFDO1NBQ0gsQ0FBQyxDQUFDO1FBRUgsT0FBTyxRQUFRLENBQUMsUUFBUSxFQUFFLENBQUMsS0FBSyxFQUFFLENBQUM7SUFDckMsQ0FBQztJQUVELE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxpQkFBOEI7UUFDcEQsTUFBTSxXQUFXLEdBQUcsU0FBUyxDQUFDLEtBQUssQ0FBQyxpQkFBaUIsRUFBRSxXQUFXLENBQUMsQ0FBQztRQUNwRSxNQUFNLFlBQVksR0FBRyxXQUFXLENBQUMsVUFBVSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRTtZQUN0RSxNQUFNLE9BQU8sR0FBRztnQkFDZCxhQUFhLEVBQUUsT0FBTyxDQUFDLE9BQU8sQ0FBQyxhQUFhLENBQUMsU0FBUztnQkFDdEQsY0FBYyxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDO2dCQUNsRSxhQUFhLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLGFBQWEsQ0FBQyxNQUFNLENBQUM7Z0JBQ2hFLFlBQVksRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLFlBQVk7YUFDM0MsQ0FBQztZQUVGLE1BQU0saUJBQWlCLEdBQ3JCLE9BQU8sQ0FBQyx1QkFBdUIsRUFBRSxHQUFHLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLENBQUM7Z0JBQzdDLEdBQUcsRUFBRSxHQUFHLENBQUMsTUFBTTtnQkFDZixLQUFLLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQzthQUN6QyxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUM7WUFFWixPQUFPLEVBQUUsR0FBRyxPQUFPLEVBQUUsaUJBQWlCLEVBQUUsQ0FBQztRQUMzQyxDQUFDLENBQUMsQ0FBQztRQUVILE1BQU0sY0FBYyxHQUFHLFdBQVcsQ0FBQyxVQUFVLENBQUMsaUJBQWlCLEVBQUUsSUFBSSxDQUNuRSxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLE1BQU0sS0FBSyxTQUFTLENBQUMsY0FBYyxDQUNqRCxDQUFDO1FBQ0YsTUFBTSxLQUFLLEdBQUcsY0FBYyxJQUFJLGNBQWMsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDO1FBRWhFLE9BQU8sRUFBRSxZQUFZLEVBQUUsS0FBSyxFQUFFLENBQUM7SUFDakMsQ0FBQztJQUVELE1BQU0sQ0FBQyx1QkFBdUIsQ0FBQyxJQUF1QjtRQUNwRCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsVUFBVSxFQUFFLElBQUksQ0FDeEMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEtBQUssS0FBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDLENBQ3RELENBQUM7UUFDRixJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDbEIsT0FBTyxLQUFLLENBQUM7UUFDZixDQUFDO1FBRUQsT0FBTyxPQUFPLENBQ1osWUFBWSxDQUFDLFdBQVcsQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUN2QyxDQUFDLEtBQWEsRUFBRSxFQUFFLENBQUMsS0FBSyxLQUFLLGdCQUFnQixDQUFDLFdBQVcsQ0FDMUQsQ0FDRixDQUFDO0lBQ0osQ0FBQztJQUVPLE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxJQUF1QjtRQUN2RCxNQUFNLGtCQUFrQixHQUFHLGtCQUFrQixDQUFDLGlCQUFpQixDQUM3RCxJQUFJLEVBQ0osMENBQTBDLENBQzNDLENBQUM7UUFDRixJQUFJLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztZQUN4QixPQUFPO1FBQ1QsQ0FBQztRQUVELE1BQU0sY0FBYyxHQUFHLEtBQUssQ0FBQyxxQkFBcUIsQ0FBQyxPQUFPLENBQ3hELDBDQUEwQyxFQUMxQyxrQkFBa0IsQ0FDRSxDQUFDO1FBRXZCLE1BQU0sT0FBTyxHQUFHLGNBQWMsQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJLENBQ3BELENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsWUFBWSxLQUFLLHNCQUFzQixDQUN2RCxFQUFFLGNBQWMsQ0FBQyxLQUFLLENBQUM7UUFFeEIsTUFBTSxhQUFhLEdBQUcsY0FBYyxDQUFDLGtCQUFrQixDQUFDLElBQUksQ0FDMUQsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxZQUFZLEtBQUssNkJBQTZCLENBQzlELEVBQUUsY0FBYyxDQUFDLEtBQUssQ0FBQztRQUV4QixJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDYixPQUFPO1FBQ1QsQ0FBQztRQUVELE9BQU8sRUFBRSxPQUFPLEVBQUUsYUFBYSxFQUFFLElBQUksRUFBRSxDQUFDO0lBQzFDLENBQUM7SUFFTyxNQUFNLENBQUMsS0FBSyxDQUFDLGVBQWUsQ0FDbEMsTUFBNkI7UUFFN0IsTUFBTSxFQUFFLE9BQU8sRUFBRSxlQUFlLEVBQUUsRUFBRSxFQUFFLFdBQVcsRUFBRSxHQUFHLE1BQU0sQ0FBQztRQUM3RCxNQUFNLFdBQVcsR0FBYyxFQUFFLENBQUM7UUFDbEMsTUFBTSxrQkFBa0IsR0FBd0IsRUFBRSxDQUFDO1FBQ25ELEtBQUssTUFBTSxFQUFFLElBQUksRUFBRSxVQUFVLEVBQUUsb0JBQW9CLEVBQUUsYUFBYSxFQUFFLElBQUksZUFBZSxFQUFFLENBQUM7WUFDeEYsSUFBSSxpQkFBaUIsR0FBRyxvQkFBb0IsQ0FBQztZQUM3QyxJQUFJLENBQUMsaUJBQWlCLElBQUksYUFBYSxFQUFFLENBQUM7Z0JBQ3hDLE1BQU0sYUFBYSxHQUFHLE1BQU0sa0JBQWtCLENBQUMscUJBQXFCLENBQUMsYUFBYSxDQUFDLENBQUM7Z0JBQ3BGLGlCQUFpQixHQUFHLEtBQUssQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLGFBQWEsQ0FBQyxDQUFDO1lBQy9ELENBQUM7WUFDRCxJQUFJLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztnQkFDdkIsTUFBTSxJQUFJLEtBQUssQ0FBQyxvREFBb0QsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7WUFDdEYsQ0FBQztZQUNELElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLGlCQUFrQixDQUFDLE9BQU8sQ0FBQyxDQUFDLEVBQUUsQ0FBQztnQkFDekYsa0JBQWtCLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLENBQUM7WUFDN0MsQ0FBQztZQUVELE1BQU0sTUFBTSxHQUFHLElBQUksS0FBSyxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2xDLE1BQU0sTUFBTSxDQUFDLG9CQUFvQixDQUFDLElBQUksRUFBRTtnQkFDdEMsYUFBYSxFQUFFLFNBQVM7Z0JBQ3hCLGlCQUFpQjthQUNsQixDQUFDLENBQUM7WUFFSCxNQUFNLE9BQU8sR0FBRyxJQUFJLE9BQU8sQ0FBQztnQkFDMUIsT0FBTyxFQUFFLElBQUksTUFBTSxDQUFDO29CQUNsQixhQUFhLEVBQUUsSUFBSSxtQkFBbUIsQ0FBQzt3QkFDckMsU0FBUyxFQUFFLE1BQU0sQ0FBQyxhQUFhLENBQUMsV0FBVztxQkFDNUMsQ0FBQztvQkFDRixjQUFjLEVBQUUsSUFBSSxXQUFXLEVBQUUsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLGNBQWMsQ0FBQztvQkFDaEUsYUFBYSxFQUFFLElBQUksV0FBVyxFQUFFLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxhQUFhLENBQUM7b0JBQzlELFlBQVksRUFBRSxNQUFNLENBQUMsWUFBWSxDQUFDLFVBQVUsQ0FBQyxRQUFRO2lCQUN0RCxDQUFDO2FBQ0gsQ0FBQyxDQUFDO1lBRUgsTUFBTSxpQkFBaUIsR0FBRyxVQUFVLENBQUMsd0JBQXdCLENBQUMsSUFBSSxFQUFFLFdBQVcsQ0FBQyxDQUFDO1lBQ2pGLElBQUksaUJBQWlCLENBQUMsTUFBTSxFQUFFLENBQUM7Z0JBQzdCLE9BQU8sQ0FBQyx1QkFBdUIsR0FBRyxJQUFJLFVBQVUsQ0FDOUMsaUJBQWlCLENBQUMsR0FBRyxDQUNuQixDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsSUFBSSxTQUFTLENBQUMsRUFBRSxNQUFNLEVBQUUsR0FBRyxDQUFDLEdBQUcsRUFBRSxTQUFTLEVBQUUsSUFBSSxXQUFXLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsQ0FDbkYsQ0FDRixDQUFDO1lBQ0osQ0FBQztZQUVELFdBQVcsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDNUIsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLFVBQVUsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1FBQ2pELE1BQU0sT0FBTyxHQUFHLElBQUksV0FBVyxDQUFDO1lBQzlCLFVBQVUsRUFBRSxJQUFJLFVBQVUsQ0FBQztnQkFDekIsV0FBVztnQkFDWCxpQkFBaUIsRUFBRSxJQUFJLFVBQVUsQ0FBQztvQkFDaEMsSUFBSSxTQUFTLENBQUM7d0JBQ1osTUFBTSxFQUFFLFNBQVMsQ0FBQyxjQUFjO3dCQUNoQyxTQUFTLEVBQUUsSUFBSSxXQUFXLENBQUMsUUFBUSxDQUFDO3FCQUNyQyxDQUFDO2lCQUNILENBQUM7YUFDSCxDQUFDO1NBQ0gsQ0FBQyxDQUFDO1FBRUgsTUFBTSxhQUFhLEdBQUcsTUFBTSxVQUFVLENBQUMsZUFBZSxDQUFDLE9BQU8sRUFBRSxPQUFPLENBQUMsQ0FBQztRQUV6RSxNQUFNLFNBQVMsR0FBRyxNQUFNLFVBQVUsQ0FBQyxvQkFBb0IsQ0FBQyxhQUFhLENBQUMsQ0FBQztRQUN2RSxJQUFJLFNBQVMsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLFFBQVEsRUFBRSxTQUFTLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUMzRCxNQUFNLElBQUksS0FBSyxDQUFDLG9EQUFvRCxDQUFDLENBQUM7UUFDeEUsQ0FBQztRQUVELE1BQU0sWUFBWSxHQUF3QixFQUFFLENBQUM7UUFDN0MsSUFBSSxDQUFDLGFBQWEsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUN6QixhQUFhLENBQUMsS0FBSyxHQUFHLGtCQUFrQixDQUFDO1lBQ3pDLFlBQVksQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUMsQ0FBQztRQUMzQixDQUFDO2FBQU0sQ0FBQztZQUNOLFlBQVksQ0FBQyxJQUFJLENBQUMsR0FBRyxrQkFBa0IsQ0FBQyxDQUFDO1FBQzNDLENBQUM7UUFFRCxNQUFNLGFBQWEsQ0FBQyxNQUFNLENBQUMsRUFBRSxZQUFZLEVBQUUsQ0FBQyxDQUFDO1FBQzdDLE9BQU8sYUFBYSxDQUFDO0lBQ3ZCLENBQUM7SUFFTyxNQUFNLENBQUMsS0FBSyxDQUFDLGVBQWUsQ0FDbEMsT0FBZSxFQUNmLE9BQW9CO1FBRXBCLE1BQU0sWUFBWSxHQUFHLE1BQU0sS0FBSyxDQUFDLE9BQU8sRUFBRTtZQUN4QyxNQUFNLEVBQUUsTUFBTTtZQUNkLE9BQU8sRUFBRTtnQkFDUCxjQUFjLEVBQUUsMEJBQTBCO2FBQzNDO1lBQ0QsWUFBWSxFQUFFLGFBQWE7WUFDM0IsSUFBSSxFQUFFLGFBQWEsQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDO1NBQ3ZDLENBQUMsQ0FBQztRQUVILE1BQU0sYUFBYSxHQUFHLEtBQUssQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNwRSxJQUFJLENBQUMsYUFBYSxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQUMsOERBQThELENBQUMsQ0FBQztRQUNsRixDQUFDO1FBRUQsTUFBTSxhQUFhLEdBQUcsS0FBSyxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbkQsYUFBYSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FDN0QsQ0FBQztRQUVGLE9BQU8sYUFBYSxDQUFDO0lBQ3ZCLENBQUM7SUFFTyxNQUFNLENBQUMsa0JBQWtCO1FBQy9CLE9BQU8sS0FBSyxDQUFDLGVBQWUsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQ25ELENBQUM7SUFFTyxNQUFNLENBQUMsb0JBQW9CLENBQUMsYUFBc0M7UUFDeEUsTUFBTSxjQUFjLEdBQUcsYUFBYSxDQUFDLGVBQWUsRUFBRSxrQkFBa0IsRUFBRSxJQUFJLENBQzVFLENBQUMsU0FBUyxFQUFFLEVBQUUsQ0FBQyxTQUFTLENBQUMsTUFBTSxLQUFLLFNBQVMsQ0FBQyxjQUFjLENBQzdELENBQUM7UUFDRixPQUFPLGNBQWMsSUFBSSxNQUFNLENBQUMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQ3ZGLENBQUM7SUFFTyxNQUFNLENBQUMsd0JBQXdCLENBQ3JDLElBQXVCLEVBQ3ZCLFdBQXFCO1FBRXJCLE9BQU8sV0FBVzthQUNmLEdBQUcsQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFO1lBQ1gsTUFBTSxLQUFLLEdBQUcsa0JBQWtCLENBQUMsaUJBQWlCLENBQUMsSUFBSSxFQUFFLEdBQUcsQ0FBQyxDQUFDO1lBRTlELE9BQU8sRUFBRSxHQUFHLEVBQUUsS0FBSyxFQUFFLENBQUM7UUFDeEIsQ0FBQyxDQUFDO2FBQ0QsTUFBTSxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxDQUFzQixDQUFDO0lBQzlELENBQUM7Q0FDRiJ9
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,110 @@
|
|
|
1
|
+
import { OID_CUSTOM_EXTENSION_CHALLENGE_ID } from '@super-protocol/pki-common';
|
|
2
|
+
import { CertificateGenerator } from './generator.js';
|
|
3
|
+
import { CertificatesHelper } from './helper.js';
|
|
4
|
+
import fs from 'fs';
|
|
5
|
+
import { CryptoKeysTransformer } from '../utils/CryptoKeysTransformer.js';
|
|
6
|
+
import { OID_CUSTOM_EXTENSION_USER_DATA } from '../constants.js';
|
|
7
|
+
// const signatureAlgorithm: SignatureAlgorithm = 'ECDSA-P-256-SHA256';
|
|
8
|
+
const signatureAlgorithm = 'ECDSA-secp256k1-SHA256';
|
|
9
|
+
void (async () => {
|
|
10
|
+
const orderCertPem = await fs.promises.readFile('order_cert.crt', 'utf8');
|
|
11
|
+
const mrEnclave = CertificatesHelper.getExtensionValue(orderCertPem, OID_CUSTOM_EXTENSION_CHALLENGE_ID);
|
|
12
|
+
const userDataHashFromCert = CertificatesHelper.getExtensionValue(orderCertPem, OID_CUSTOM_EXTENSION_USER_DATA);
|
|
13
|
+
const rootSubject = {
|
|
14
|
+
country: 'US',
|
|
15
|
+
stateName: 'California',
|
|
16
|
+
localityName: 'San Francisco',
|
|
17
|
+
organization: 'Super Protocol',
|
|
18
|
+
organizationalUnit: 'Development',
|
|
19
|
+
commonName: 'Root CA',
|
|
20
|
+
};
|
|
21
|
+
const subroot1 = {
|
|
22
|
+
country: 'US',
|
|
23
|
+
stateName: 'California',
|
|
24
|
+
localityName: 'San Francisco',
|
|
25
|
+
organization: 'Super Protocol',
|
|
26
|
+
organizationalUnit: 'Development',
|
|
27
|
+
commonName: 'Subroot1 CA',
|
|
28
|
+
};
|
|
29
|
+
const subroot2 = {
|
|
30
|
+
country: 'US',
|
|
31
|
+
stateName: 'California',
|
|
32
|
+
localityName: 'San Francisco',
|
|
33
|
+
organization: 'Super Protocol',
|
|
34
|
+
organizationalUnit: 'Development',
|
|
35
|
+
commonName: 'Subroot Level 2 CA',
|
|
36
|
+
};
|
|
37
|
+
const rootCertKeys = await CertificateGenerator.generateKeys(signatureAlgorithm);
|
|
38
|
+
const rootPrivatePem = await CryptoKeysTransformer.cryptoKeyToPkcs8Pem(rootCertKeys.privateKey);
|
|
39
|
+
const rootPublicPem = await CryptoKeysTransformer.cryptoKeyToSpkiPem(rootCertKeys.publicKey);
|
|
40
|
+
const rootCertParams = {
|
|
41
|
+
subject: rootSubject,
|
|
42
|
+
issuer: rootSubject,
|
|
43
|
+
notAfter: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year
|
|
44
|
+
ca: true,
|
|
45
|
+
dnsNames: ['sp.superprotocol.io', 'superprotocol.io', '127.0.0.1'],
|
|
46
|
+
publicKey: rootPublicPem,
|
|
47
|
+
privateKey: rootPrivatePem,
|
|
48
|
+
};
|
|
49
|
+
const rootCert = await CertificateGenerator.generateCert(rootCertParams);
|
|
50
|
+
const alg = CertificatesHelper.getCertPublicKeyAlgorithm(rootCert);
|
|
51
|
+
alg;
|
|
52
|
+
const subroot1Keys = await CertificateGenerator.generateKeys(signatureAlgorithm);
|
|
53
|
+
const subroot1CertParams = {
|
|
54
|
+
subject: subroot1,
|
|
55
|
+
issuer: rootSubject,
|
|
56
|
+
privateKey: rootCertKeys.privateKey,
|
|
57
|
+
notAfter: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year
|
|
58
|
+
ca: true,
|
|
59
|
+
dnsNames: ['sp.superprotocol.io', 'superprotocol.io'],
|
|
60
|
+
customExtensions: [
|
|
61
|
+
{
|
|
62
|
+
oid: OID_CUSTOM_EXTENSION_USER_DATA,
|
|
63
|
+
value: userDataHashFromCert,
|
|
64
|
+
},
|
|
65
|
+
{
|
|
66
|
+
oid: '1.3.6.1.3.8888.1.1',
|
|
67
|
+
value: Buffer.from('tdx', 'utf8'),
|
|
68
|
+
},
|
|
69
|
+
{
|
|
70
|
+
oid: '1.3.6.1.3.8888.1.2',
|
|
71
|
+
value: mrEnclave,
|
|
72
|
+
},
|
|
73
|
+
],
|
|
74
|
+
publicKey: subroot1Keys.publicKey,
|
|
75
|
+
};
|
|
76
|
+
const subroot1Cert = await CertificateGenerator.generateCert(subroot1CertParams);
|
|
77
|
+
const subroot2Keys = await CertificateGenerator.generateKeys(signatureAlgorithm);
|
|
78
|
+
const subrootLevel2CertParams = {
|
|
79
|
+
subject: subroot2,
|
|
80
|
+
issuer: subroot1,
|
|
81
|
+
privateKey: subroot1Keys.privateKey,
|
|
82
|
+
notAfter: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year
|
|
83
|
+
ca: false,
|
|
84
|
+
dnsNames: ['sp.superprotocol.io', 'superprotocol.io'],
|
|
85
|
+
customExtensions: [
|
|
86
|
+
{
|
|
87
|
+
oid: OID_CUSTOM_EXTENSION_CHALLENGE_ID,
|
|
88
|
+
value: Buffer.from('tdx', 'utf8'),
|
|
89
|
+
},
|
|
90
|
+
{
|
|
91
|
+
oid: '1.3.6.1.3.8888.1.2',
|
|
92
|
+
value: mrEnclave,
|
|
93
|
+
},
|
|
94
|
+
],
|
|
95
|
+
publicKey: subroot2Keys.publicKey,
|
|
96
|
+
};
|
|
97
|
+
const subrootLevel2Cert = await CertificateGenerator.generateCert(subrootLevel2CertParams);
|
|
98
|
+
// const rootCertPem = CertificatesHelper.derToPem(rootCert.certificate.toSchema().toBER());
|
|
99
|
+
// const subroot1CertPem = CertificatesHelper.derToPem(subroot1Cert.certificate.toSchema().toBER());
|
|
100
|
+
// const subrootLevel2CertPem = CertificatesHelper.derToPem(
|
|
101
|
+
// subrootLevel2Cert.certificate.toSchema().toBER(),
|
|
102
|
+
// );
|
|
103
|
+
const certsPem = [subrootLevel2Cert, subroot1Cert];
|
|
104
|
+
const validateResult = await CertificatesHelper.validateCertChain(certsPem, rootCert);
|
|
105
|
+
console.log(JSON.stringify(validateResult, null, 2));
|
|
106
|
+
await fs.promises.writeFile(`pkijsCert-root-${signatureAlgorithm}.crt`, rootCert, 'utf8');
|
|
107
|
+
await fs.promises.writeFile(`pkijsCert-subroot1-${signatureAlgorithm}.crt`, subroot1Cert, 'utf8');
|
|
108
|
+
await fs.promises.writeFile(`pkijsCert-subroot2-${signatureAlgorithm}.crt`, subrootLevel2Cert, 'utf8');
|
|
109
|
+
})();
|
|
110
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidGVzdGluZy1nZW5lcmF0ZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvdGVzdGluZy1nZW5lcmF0ZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsaUNBQWlDLEVBQUUsTUFBTSw0QkFBNEIsQ0FBQztBQUMvRSxPQUFPLEVBQUUsb0JBQW9CLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQztBQUN0RCxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFFakQsT0FBTyxFQUFFLE1BQU0sSUFBSSxDQUFDO0FBQ3BCLE9BQU8sRUFBRSxxQkFBcUIsRUFBRSxNQUFNLG1DQUFtQyxDQUFDO0FBQzFFLE9BQU8sRUFBRSw4QkFBOEIsRUFBRSxNQUFNLGlCQUFpQixDQUFDO0FBRWpFLHVFQUF1RTtBQUN2RSxNQUFNLGtCQUFrQixHQUF1Qix3QkFBd0IsQ0FBQztBQUV4RSxLQUFLLENBQUMsS0FBSyxJQUFJLEVBQUU7SUFDZixNQUFNLFlBQVksR0FBRyxNQUFNLEVBQUUsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLGdCQUFnQixFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQzFFLE1BQU0sU0FBUyxHQUFHLGtCQUFrQixDQUFDLGlCQUFpQixDQUNwRCxZQUFZLEVBQ1osaUNBQWlDLENBQ2xDLENBQUM7SUFFRixNQUFNLG9CQUFvQixHQUFHLGtCQUFrQixDQUFDLGlCQUFpQixDQUMvRCxZQUFZLEVBQ1osOEJBQThCLENBQy9CLENBQUM7SUFFRixNQUFNLFdBQVcsR0FBRztRQUNsQixPQUFPLEVBQUUsSUFBSTtRQUNiLFNBQVMsRUFBRSxZQUFZO1FBQ3ZCLFlBQVksRUFBRSxlQUFlO1FBQzdCLFlBQVksRUFBRSxnQkFBZ0I7UUFDOUIsa0JBQWtCLEVBQUUsYUFBYTtRQUNqQyxVQUFVLEVBQUUsU0FBUztLQUN0QixDQUFDO0lBRUYsTUFBTSxRQUFRLEdBQUc7UUFDZixPQUFPLEVBQUUsSUFBSTtRQUNiLFNBQVMsRUFBRSxZQUFZO1FBQ3ZCLFlBQVksRUFBRSxlQUFlO1FBQzdCLFlBQVksRUFBRSxnQkFBZ0I7UUFDOUIsa0JBQWtCLEVBQUUsYUFBYTtRQUNqQyxVQUFVLEVBQUUsYUFBYTtLQUMxQixDQUFDO0lBRUYsTUFBTSxRQUFRLEdBQUc7UUFDZixPQUFPLEVBQUUsSUFBSTtRQUNiLFNBQVMsRUFBRSxZQUFZO1FBQ3ZCLFlBQVksRUFBRSxlQUFlO1FBQzdCLFlBQVksRUFBRSxnQkFBZ0I7UUFDOUIsa0JBQWtCLEVBQUUsYUFBYTtRQUNqQyxVQUFVLEVBQUUsb0JBQW9CO0tBQ2pDLENBQUM7SUFFRixNQUFNLFlBQVksR0FBRyxNQUFNLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO0lBQ2pGLE1BQU0sY0FBYyxHQUFHLE1BQU0scUJBQXFCLENBQUMsbUJBQW1CLENBQUMsWUFBWSxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQ2hHLE1BQU0sYUFBYSxHQUFHLE1BQU0scUJBQXFCLENBQUMsa0JBQWtCLENBQUMsWUFBWSxDQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQzdGLE1BQU0sY0FBYyxHQUF1QjtRQUN6QyxPQUFPLEVBQUUsV0FBVztRQUNwQixNQUFNLEVBQUUsV0FBVztRQUNuQixRQUFRLEVBQUUsSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLEdBQUcsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsRUFBRSxTQUFTO1FBQ3JFLEVBQUUsRUFBRSxJQUFJO1FBQ1IsUUFBUSxFQUFFLENBQUMscUJBQXFCLEVBQUUsa0JBQWtCLEVBQUUsV0FBVyxDQUFDO1FBQ2xFLFNBQVMsRUFBRSxhQUFhO1FBQ3hCLFVBQVUsRUFBRSxjQUFjO0tBQzNCLENBQUM7SUFDRixNQUFNLFFBQVEsR0FBRyxNQUFNLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUV6RSxNQUFNLEdBQUcsR0FBRyxrQkFBa0IsQ0FBQyx5QkFBeUIsQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUNuRSxHQUFHLENBQUM7SUFFSixNQUFNLFlBQVksR0FBRyxNQUFNLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO0lBQ2pGLE1BQU0sa0JBQWtCLEdBQXVCO1FBQzdDLE9BQU8sRUFBRSxRQUFRO1FBQ2pCLE1BQU0sRUFBRSxXQUFXO1FBQ25CLFVBQVUsRUFBRSxZQUFZLENBQUMsVUFBVTtRQUNuQyxRQUFRLEVBQUUsSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLEdBQUcsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsRUFBRSxTQUFTO1FBQ3JFLEVBQUUsRUFBRSxJQUFJO1FBQ1IsUUFBUSxFQUFFLENBQUMscUJBQXFCLEVBQUUsa0JBQWtCLENBQUM7UUFDckQsZ0JBQWdCLEVBQUU7WUFDaEI7Z0JBQ0UsR0FBRyxFQUFFLDhCQUE4QjtnQkFDbkMsS0FBSyxFQUFFLG9CQUFxQjthQUM3QjtZQUNEO2dCQUNFLEdBQUcsRUFBRSxvQkFBb0I7Z0JBQ3pCLEtBQUssRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLEtBQUssRUFBRSxNQUFNLENBQUM7YUFDbEM7WUFDRDtnQkFDRSxHQUFHLEVBQUUsb0JBQW9CO2dCQUN6QixLQUFLLEVBQUUsU0FBVTthQUNsQjtTQUNGO1FBQ0QsU0FBUyxFQUFFLFlBQVksQ0FBQyxTQUFTO0tBQ2xDLENBQUM7SUFDRixNQUFNLFlBQVksR0FBRyxNQUFNLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO0lBRWpGLE1BQU0sWUFBWSxHQUFHLE1BQU0sb0JBQW9CLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLENBQUM7SUFDakYsTUFBTSx1QkFBdUIsR0FBdUI7UUFDbEQsT0FBTyxFQUFFLFFBQVE7UUFDakIsTUFBTSxFQUFFLFFBQVE7UUFDaEIsVUFBVSxFQUFFLFlBQVksQ0FBQyxVQUFVO1FBQ25DLFFBQVEsRUFBRSxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLEdBQUcsR0FBRyxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxFQUFFLFNBQVM7UUFDckUsRUFBRSxFQUFFLEtBQUs7UUFDVCxRQUFRLEVBQUUsQ0FBQyxxQkFBcUIsRUFBRSxrQkFBa0IsQ0FBQztRQUNyRCxnQkFBZ0IsRUFBRTtZQUNoQjtnQkFDRSxHQUFHLEVBQUUsaUNBQWlDO2dCQUN0QyxLQUFLLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDO2FBQ2xDO1lBQ0Q7Z0JBQ0UsR0FBRyxFQUFFLG9CQUFvQjtnQkFDekIsS0FBSyxFQUFFLFNBQVU7YUFDbEI7U0FDRjtRQUNELFNBQVMsRUFBRSxZQUFZLENBQUMsU0FBUztLQUNsQyxDQUFDO0lBQ0YsTUFBTSxpQkFBaUIsR0FBRyxNQUFNLG9CQUFvQixDQUFDLFlBQVksQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO0lBRTNGLDRGQUE0RjtJQUM1RixvR0FBb0c7SUFDcEcsNERBQTREO0lBQzVELHNEQUFzRDtJQUN0RCxLQUFLO0lBRUwsTUFBTSxRQUFRLEdBQUcsQ0FBQyxpQkFBaUIsRUFBRSxZQUFZLENBQUMsQ0FBQztJQUVuRCxNQUFNLGNBQWMsR0FBRyxNQUFNLGtCQUFrQixDQUFDLGlCQUFpQixDQUFDLFFBQVEsRUFBRSxRQUFRLENBQUMsQ0FBQztJQUN0RixPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsY0FBYyxFQUFFLElBQUksRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBRXJELE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsa0JBQWtCLGtCQUFrQixNQUFNLEVBQUUsUUFBUSxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQzFGLE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsc0JBQXNCLGtCQUFrQixNQUFNLEVBQUUsWUFBWSxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQ2xHLE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQ3pCLHNCQUFzQixrQkFBa0IsTUFBTSxFQUM5QyxpQkFBaUIsRUFDakIsTUFBTSxDQUNQLENBQUM7QUFDSixDQUFDLENBQUMsRUFBRSxDQUFDIn0=
|
|
@@ -40,6 +40,10 @@ export type GenerateCertParams = PemOrCryptoKeys & {
|
|
|
40
40
|
dnsNames?: string[];
|
|
41
41
|
ca?: boolean;
|
|
42
42
|
ocspSigning?: boolean;
|
|
43
|
+
ocspExtension?: {
|
|
44
|
+
ocspUrl: string;
|
|
45
|
+
issuerCertUrl?: string;
|
|
46
|
+
};
|
|
43
47
|
customExtensions?: CustomExtension[];
|
|
44
48
|
};
|
|
45
49
|
export type GenerateCsrParams = PemOrCryptoKeys & {
|
|
@@ -54,7 +58,7 @@ export type ParsedCsr = {
|
|
|
54
58
|
dnsNames?: string[];
|
|
55
59
|
};
|
|
56
60
|
export type ParsedCert = {
|
|
57
|
-
|
|
61
|
+
serialNumberHex: string;
|
|
58
62
|
publicKey: CryptoKey;
|
|
59
63
|
subject: string;
|
|
60
64
|
issuer: string;
|
|
@@ -79,3 +83,29 @@ export type CertBinaryItem = {
|
|
|
79
83
|
oid?: string;
|
|
80
84
|
value: Uint8Array;
|
|
81
85
|
};
|
|
86
|
+
export type OcspCertData = {
|
|
87
|
+
issuerNameHash: ArrayBuffer;
|
|
88
|
+
issuerKeyHash: ArrayBuffer;
|
|
89
|
+
serialNumber: ArrayBuffer;
|
|
90
|
+
extensionsToCheck: CustomExtension[];
|
|
91
|
+
hashAlgorithm: string;
|
|
92
|
+
};
|
|
93
|
+
export type ParsedOcspRequest = {
|
|
94
|
+
certRequests: OcspCertData[];
|
|
95
|
+
nonce?: ArrayBuffer;
|
|
96
|
+
};
|
|
97
|
+
export declare enum OcspCertStatus {
|
|
98
|
+
OK = 0,
|
|
99
|
+
Revoked = 1,
|
|
100
|
+
Unknown = 2
|
|
101
|
+
}
|
|
102
|
+
export type GenerateOcspResponseParams = {
|
|
103
|
+
issuerCertPem: string;
|
|
104
|
+
caCertsPem: string;
|
|
105
|
+
certs: Array<Omit<OcspCertData, 'extensionsToCheck'> & {
|
|
106
|
+
status: OcspCertStatus;
|
|
107
|
+
revocationDate?: Date;
|
|
108
|
+
}>;
|
|
109
|
+
privateKey: string;
|
|
110
|
+
nonce?: ArrayBuffer;
|
|
111
|
+
};
|
|
@@ -1,2 +1,7 @@
|
|
|
1
|
-
export
|
|
2
|
-
|
|
1
|
+
export var OcspCertStatus;
|
|
2
|
+
(function (OcspCertStatus) {
|
|
3
|
+
OcspCertStatus[OcspCertStatus["OK"] = 0] = "OK";
|
|
4
|
+
OcspCertStatus[OcspCertStatus["Revoked"] = 1] = "Revoked";
|
|
5
|
+
OcspCertStatus[OcspCertStatus["Unknown"] = 2] = "Unknown";
|
|
6
|
+
})(OcspCertStatus || (OcspCertStatus = {}));
|
|
7
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvY2VydGlmaWNhdGVzL3R5cGVzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQWdIQSxNQUFNLENBQU4sSUFBWSxjQUlYO0FBSkQsV0FBWSxjQUFjO0lBQ3hCLCtDQUFNLENBQUE7SUFDTix5REFBVyxDQUFBO0lBQ1gseURBQVcsQ0FBQTtBQUNiLENBQUMsRUFKVyxjQUFjLEtBQWQsY0FBYyxRQUl6QiJ9
|
package/dist/mjs/constants.d.ts
CHANGED
|
@@ -15,6 +15,7 @@ export declare const BLOCK_SIZE_TO_FETCH_TRANSACTION = 500;
|
|
|
15
15
|
export declare const POLYGON_MATIC_EVENT_PATH = "0x0000000000000000000000000000000000001010";
|
|
16
16
|
export declare const BLOCKCHAIN_CALL_RETRY_ATTEMPTS = 20;
|
|
17
17
|
export declare const BLOCKCHAIN_CALL_RETRY_INTERVAL = 3000;
|
|
18
|
+
export declare const TRANSACTION_RETRY_ATTEMPTS = 3;
|
|
18
19
|
export declare const BLOCKCHAIN_BATCH_REQUEST_TIMEOUT = 10000;
|
|
19
20
|
export declare const MAX_RPC_BATCH_SIZE = 1000;
|
|
20
21
|
export declare const POLYGON_MAIN_CHAIN_ID = 137;
|
package/dist/mjs/constants.js
CHANGED
|
@@ -15,6 +15,7 @@ export const BLOCK_SIZE_TO_FETCH_TRANSACTION = 500;
|
|
|
15
15
|
export const POLYGON_MATIC_EVENT_PATH = '0x0000000000000000000000000000000000001010';
|
|
16
16
|
export const BLOCKCHAIN_CALL_RETRY_ATTEMPTS = 20;
|
|
17
17
|
export const BLOCKCHAIN_CALL_RETRY_INTERVAL = 3000;
|
|
18
|
+
export const TRANSACTION_RETRY_ATTEMPTS = 3;
|
|
18
19
|
export const BLOCKCHAIN_BATCH_REQUEST_TIMEOUT = 10000;
|
|
19
20
|
export const MAX_RPC_BATCH_SIZE = 1000;
|
|
20
21
|
export const POLYGON_MAIN_CHAIN_ID = 137;
|
|
@@ -199,4 +200,4 @@ Z/dda6qpPxXBiwhpfcFJtpiP0tIYhS6LJgFnSAdEE9G1HwYUrCYsjQ2LCgBQDqYB
|
|
|
199
200
|
balDQD+0bddS+Jvj4ELLmKRk/yX51Lqx6YYr0rSX7t9RaI9F9muzzQ4mWzWA6ief
|
|
200
201
|
YwF1StA=
|
|
201
202
|
-----END CERTIFICATE-----`;
|
|
202
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
203
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uc3RhbnRzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2NvbnN0YW50cy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsUUFBUSxFQUFRLGFBQWEsRUFBRSxNQUFNLHdCQUF3QixDQUFDO0FBRXZFLE1BQU0sQ0FBQyxNQUFNLG9CQUFvQixHQUFHLHVCQUF1QixDQUFDO0FBQzVELE1BQU0sQ0FBQyxNQUFNLGVBQWUsR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7QUFDL0MsTUFBTSxDQUFDLE1BQU0sZUFBZSxHQUFHLE1BQU0sQ0FBQyxVQUFVLENBQUMsQ0FBQztBQUNsRCxNQUFNLENBQUMsTUFBTSx5QkFBeUIsR0FBRyxDQUFDLENBQUM7QUFDM0MsTUFBTSxDQUFDLE1BQU0seUJBQXlCLEdBQUcsR0FBRyxDQUFDO0FBQzdDLE1BQU0sQ0FBQyxNQUFNLDZCQUE2QixHQUFHLENBQUMsQ0FBQztBQUMvQyxNQUFNLENBQUMsTUFBTSxxQ0FBcUMsR0FBRyxHQUFHLENBQUM7QUFDekQsTUFBTSxDQUFDLE1BQU0sYUFBYSxHQUFHLEVBQUUsQ0FBQztBQUNoQyxNQUFNLENBQUMsTUFBTSxZQUFZLEdBQUcsRUFBRSxDQUFDO0FBQy9CLE1BQU0sQ0FBQyxNQUFNLE9BQU8sR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQztBQUNwQyxNQUFNLENBQUMsTUFBTSxRQUFRLEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQztBQUNoQyxNQUFNLENBQUMsTUFBTSxZQUFZLEdBQUcsQ0FBQyxHQUFHLEVBQUUsQ0FBQztBQUNuQyxNQUFNLENBQUMsTUFBTSwrQkFBK0IsR0FBRyxHQUFHLENBQUM7QUFDbkQsTUFBTSxDQUFDLE1BQU0sd0JBQXdCLEdBQUcsNENBQTRDLENBQUM7QUFDckYsTUFBTSxDQUFDLE1BQU0sOEJBQThCLEdBQUcsRUFBRSxDQUFDO0FBQ2pELE1BQU0sQ0FBQyxNQUFNLDhCQUE4QixHQUFHLElBQUksQ0FBQztBQUNuRCxNQUFNLENBQUMsTUFBTSwwQkFBMEIsR0FBRyxDQUFDLENBQUM7QUFDNUMsTUFBTSxDQUFDLE1BQU0sZ0NBQWdDLEdBQUcsS0FBSyxDQUFDO0FBQ3RELE1BQU0sQ0FBQyxNQUFNLGtCQUFrQixHQUFHLElBQUksQ0FBQztBQUN2QyxNQUFNLENBQUMsTUFBTSxxQkFBcUIsR0FBRyxHQUFHLENBQUM7QUFDekMsTUFBTSxDQUFDLE1BQU0scUJBQXFCLEdBQUcsS0FBSyxDQUFDO0FBQzNDLE1BQU0sQ0FBQyxNQUFNLDJCQUEyQixHQUFHLDRDQUE0QyxDQUFDO0FBQ3hGLE1BQU0sQ0FBQyxNQUFNLDJCQUEyQixHQUFHLDBDQUEwQyxDQUFDO0FBQ3RGLE1BQU0sQ0FBQyxNQUFNLGtCQUFrQixHQUFHLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO0FBQy9ELE1BQU0sQ0FBQyxNQUFNLGlCQUFpQixHQUFHLE1BQU0sQ0FBQyxTQUFTLENBQUMsQ0FBQztBQUNuRCxNQUFNLENBQUMsTUFBTSxxQkFBcUIsR0FBRyxDQUFDLENBQUM7QUFDdkMsTUFBTSxDQUFDLE1BQU0sVUFBVSxHQUFHLEdBQUcsQ0FBQztBQUM5QixNQUFNLENBQUMsTUFBTSxTQUFTLEdBQVM7SUFDN0IsSUFBSSxFQUFFLGtFQUFrRTtJQUN4RSxJQUFJLEVBQUUsYUFBYSxDQUFDLE1BQU07SUFDMUIsUUFBUSxFQUFFLFFBQVEsQ0FBQyxNQUFNO0NBQzFCLENBQUM7QUFDRixNQUFNLENBQUMsTUFBTSwyQkFBMkIsR0FDdEMsa0VBQWtFLENBQUM7QUFDckUsTUFBTSxDQUFDLE1BQU0sd0JBQXdCLEdBQ25DLGtFQUFrRSxDQUFDO0FBRXJFLDBCQUEwQjtBQUMxQixNQUFNLENBQUMsTUFBTSxtQkFBbUIsR0FBRyxHQUFHLENBQUM7QUFDdkMsTUFBTSxDQUFDLE1BQU0sbUJBQW1CLEdBQUcsSUFBSSxDQUFDO0FBQ3hDLHFFQUFxRTtBQUNyRSx3Q0FBd0M7QUFFeEMsbUJBQW1CO0FBQ25CLE1BQU0sQ0FBQyxNQUFNLGtCQUFrQixHQUFHLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLDhCQUE4QjtBQUVqRiw0QkFBNEI7QUFDNUIsTUFBTSxDQUFDLE1BQU0sOEJBQThCLEdBQUcsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMscUJBQXFCO0FBRWhGLE1BQU0sQ0FBQyxNQUFNLDhCQUE4QixHQUFHOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7MEJBd0JwQixDQUFDO0FBQzNCLE1BQU0sQ0FBQyxNQUFNLGlDQUFpQyxHQUFHLGtCQUFrQixDQUFDO0FBQ3BFLE1BQU0sQ0FBQyxNQUFNLGtEQUFrRCxHQUFHLEdBQUcsaUNBQWlDLElBQUksQ0FBQztBQUMzRyxNQUFNLENBQUMsTUFBTSxvREFBb0QsR0FBRyxHQUFHLGlDQUFpQyxJQUFJLENBQUM7QUFDN0csTUFBTSxDQUFDLE1BQU0sb0RBQW9ELEdBQUcsR0FBRyxpQ0FBaUMsSUFBSSxDQUFDO0FBQzdHLE1BQU0sQ0FBQyxNQUFNLDhCQUE4QixHQUFHLEdBQUcsaUNBQWlDLElBQUksQ0FBQztBQUN2RixNQUFNLENBQUMsTUFBTSwwQ0FBMEMsR0FBRyxtQkFBbUIsQ0FBQztBQUM5RSxNQUFNLENBQUMsTUFBTSwyQkFBMkIsR0FBRyxXQUFXLENBQUM7QUFDdkQsTUFBTSxDQUFDLE1BQU0sc0JBQXNCLEdBQUcsb0JBQW9CLENBQUM7QUFDM0QsTUFBTSxDQUFDLE1BQU0sNkJBQTZCLEdBQUcsb0JBQW9CLENBQUM7QUFDbEUsTUFBTSxDQUFDLE1BQU0sY0FBYyxHQUFHLHNCQUFzQixDQUFDO0FBQ3JELE1BQU0sQ0FBQyxNQUFNLGdCQUFnQixHQUFHOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OzswQkEwSE4sQ0FBQyJ9
|