@super-protocol/sdk-js 3.13.0-beta.0 → 3.13.0-beta.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/certificates/generator.js +15 -4
- package/dist/cjs/certificates/helper.d.ts +4 -2
- package/dist/cjs/certificates/helper.js +30 -16
- package/dist/cjs/certificates/ocsp.d.ts +6 -1
- package/dist/cjs/certificates/ocsp.js +203 -29
- package/dist/cjs/certificates/testing-generate.d.ts +1 -0
- package/dist/cjs/certificates/testing-generate.js +115 -0
- package/dist/cjs/certificates/types.d.ts +31 -1
- package/dist/cjs/certificates/types.js +8 -1
- package/dist/cjs/constants.d.ts +1 -0
- package/dist/cjs/constants.js +3 -2
- package/dist/cjs/utils/NonceTracker.d.ts +1 -0
- package/dist/cjs/utils/NonceTracker.js +6 -2
- package/dist/cjs/utils/TxManager.d.ts +1 -0
- package/dist/cjs/utils/TxManager.js +49 -27
- package/dist/mjs/certificates/generator.js +16 -5
- package/dist/mjs/certificates/helper.d.ts +4 -2
- package/dist/mjs/certificates/helper.js +30 -16
- package/dist/mjs/certificates/ocsp.d.ts +6 -1
- package/dist/mjs/certificates/ocsp.js +204 -30
- package/dist/mjs/certificates/testing-generate.d.ts +1 -0
- package/dist/mjs/certificates/testing-generate.js +110 -0
- package/dist/mjs/certificates/types.d.ts +31 -1
- package/dist/mjs/certificates/types.js +7 -2
- package/dist/mjs/constants.d.ts +1 -0
- package/dist/mjs/constants.js +2 -1
- package/dist/mjs/utils/NonceTracker.d.ts +1 -0
- package/dist/mjs/utils/NonceTracker.js +6 -2
- package/dist/mjs/utils/TxManager.d.ts +1 -0
- package/dist/mjs/utils/TxManager.js +50 -28
- package/package.json +4 -3
|
@@ -7,6 +7,13 @@ import { createMemoryCache } from '../utils/cache/memory.js';
|
|
|
7
7
|
import { OCSPHelper } from './ocsp.js';
|
|
8
8
|
import { CRLHelper } from './crl.js';
|
|
9
9
|
import './setup-crypto.js';
|
|
10
|
+
import { OID_CUSTOM_EXTENSION_CHALLENGE_CERTIFICATE_ID, OID_CUSTOM_EXTENSION_CHALLENGE_COMMON_ID, OID_CUSTOM_EXTENSION_CHALLENGE_ID, OID_CUSTOM_EXTENSION_NVIDIA_INFO_GPU, } from '@super-protocol/pki-common';
|
|
11
|
+
const oidsForOcspCheck = [
|
|
12
|
+
OID_CUSTOM_EXTENSION_CHALLENGE_ID,
|
|
13
|
+
OID_CUSTOM_EXTENSION_CHALLENGE_COMMON_ID,
|
|
14
|
+
OID_CUSTOM_EXTENSION_NVIDIA_INFO_GPU,
|
|
15
|
+
OID_CUSTOM_EXTENSION_CHALLENGE_CERTIFICATE_ID,
|
|
16
|
+
];
|
|
10
17
|
export class CertificatesHelper {
|
|
11
18
|
static downloadedCertificateCache = createMemoryCache();
|
|
12
19
|
static derToPem(data, type = 'CERTIFICATE') {
|
|
@@ -47,6 +54,9 @@ export class CertificatesHelper {
|
|
|
47
54
|
ca: toPemChain(splitCerts[1]),
|
|
48
55
|
};
|
|
49
56
|
}
|
|
57
|
+
static getIssuerBySubject(cert, certs) {
|
|
58
|
+
return certs.find((potentialIssuer) => cert.issuer.isEqual(potentialIssuer.subject));
|
|
59
|
+
}
|
|
50
60
|
static pemChainToDer(certsPem) {
|
|
51
61
|
const certs = CertificatesHelper.splitPemCerts(certsPem);
|
|
52
62
|
return certs.map((certPem) => CertificatesHelper.pemToDer(certPem));
|
|
@@ -68,22 +78,26 @@ export class CertificatesHelper {
|
|
|
68
78
|
});
|
|
69
79
|
return responseData;
|
|
70
80
|
}
|
|
81
|
+
static buildChain(leaf, potentialIssuers) {
|
|
82
|
+
const chain = [leaf];
|
|
83
|
+
let currentCert = leaf;
|
|
84
|
+
do {
|
|
85
|
+
currentCert = potentialIssuers.find((potentialIssuer) => currentCert?.issuer.isEqual(potentialIssuer.subject) &&
|
|
86
|
+
!currentCert.subject.isEqual(currentCert.issuer));
|
|
87
|
+
if (currentCert) {
|
|
88
|
+
chain.push(currentCert);
|
|
89
|
+
}
|
|
90
|
+
} while (currentCert);
|
|
91
|
+
return chain;
|
|
92
|
+
}
|
|
71
93
|
static sortCertsFromLeafToRoot(certsPem) {
|
|
72
|
-
const allCerts =
|
|
94
|
+
const allCerts = typeof certsPem === 'string' || certsPem.every((cert) => typeof cert === 'string')
|
|
95
|
+
? CertificatesHelper.toPkiCerts(certsPem)
|
|
96
|
+
: certsPem;
|
|
73
97
|
const leafs = allCerts.filter((certToCheck) => !allCerts.some((certsToCheckWith) => certToCheck.subject.isEqual(certsToCheckWith.issuer)));
|
|
74
|
-
const
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
do {
|
|
78
|
-
currentCert = allCerts.find((potentialIssuer) => currentCert?.issuer.isEqual(potentialIssuer.subject) &&
|
|
79
|
-
!currentCert.subject.isEqual(currentCert.issuer));
|
|
80
|
-
if (currentCert) {
|
|
81
|
-
chain.push(currentCert);
|
|
82
|
-
}
|
|
83
|
-
} while (currentCert);
|
|
84
|
-
return chain;
|
|
85
|
-
};
|
|
86
|
-
const chains = leafs.map(buildChain).sort((one, two) => two.length - one.length);
|
|
98
|
+
const chains = leafs
|
|
99
|
+
.map((leaf) => CertificatesHelper.buildChain(leaf, allCerts))
|
|
100
|
+
.sort((one, two) => two.length - one.length);
|
|
87
101
|
return chains.flat();
|
|
88
102
|
}
|
|
89
103
|
static getCertPublicKeyAlgorithm(certPem) {
|
|
@@ -105,7 +119,7 @@ export class CertificatesHelper {
|
|
|
105
119
|
const crls = offline ? [] : await CRLHelper.getCRLFromCerts(sortedCerts);
|
|
106
120
|
const ocspBaseResponses = offline
|
|
107
121
|
? []
|
|
108
|
-
: await OCSPHelper.getOCSPResponseFromCerts(sortedCerts, ca);
|
|
122
|
+
: await OCSPHelper.getOCSPResponseFromCerts(sortedCerts, ca, oidsForOcspCheck);
|
|
109
123
|
const chainEngine = new pkijs.CertificateChainValidationEngine({
|
|
110
124
|
certs: sortedCerts,
|
|
111
125
|
trustedCerts: ca,
|
|
@@ -148,4 +162,4 @@ export class CertificatesHelper {
|
|
|
148
162
|
return certsArray.map((certPem) => pkijs.Certificate.fromBER(CertificatesHelper.pemToDer(certPem)));
|
|
149
163
|
}
|
|
150
164
|
}
|
|
151
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
165
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGVscGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2NlcnRpZmljYXRlcy9oZWxwZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxDQUFDLE1BQU0sUUFBUSxDQUFDO0FBQ3ZCLE9BQU8sS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUMxQixPQUFPLEtBQUssTUFBTSxZQUFZLENBQUM7QUFDL0IsT0FBTyxLQUFLLEtBQUssTUFBTSxPQUFPLENBQUM7QUFDL0IsT0FBTyxFQUFFLHdCQUF3QixFQUFFLGVBQWUsRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBQzNFLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBRTdELE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxXQUFXLENBQUM7QUFDdkMsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLFVBQVUsQ0FBQztBQUNyQyxPQUFPLG1CQUFtQixDQUFDO0FBQzNCLE9BQU8sRUFDTCw2Q0FBNkMsRUFDN0Msd0NBQXdDLEVBQ3hDLGlDQUFpQyxFQUNqQyxvQ0FBb0MsR0FDckMsTUFBTSw0QkFBNEIsQ0FBQztBQUVwQyxNQUFNLGdCQUFnQixHQUFHO0lBQ3ZCLGlDQUFpQztJQUNqQyx3Q0FBd0M7SUFDeEMsb0NBQW9DO0lBQ3BDLDZDQUE2QztDQUM5QyxDQUFDO0FBRUYsTUFBTSxPQUFPLGtCQUFrQjtJQUNyQixNQUFNLENBQUMsMEJBQTBCLEdBQUcsaUJBQWlCLEVBQUUsQ0FBQztJQUVoRSxNQUFNLENBQUMsUUFBUSxDQUFDLElBQWlCLEVBQUUsT0FBZSxhQUFhO1FBQzdELE9BQU8sS0FBSyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUM7WUFDdEIsYUFBYSxFQUFFLElBQUk7WUFDbkIsT0FBTyxFQUFFLElBQUk7WUFDYixPQUFPLEVBQUUsRUFBRTtZQUNYLFFBQVEsRUFBRSxJQUFJO1lBQ2QsSUFBSTtZQUNKLElBQUksRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUM7U0FDM0MsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELE1BQU0sQ0FBQyxRQUFRLENBQUMsT0FBZTtRQUM3QixPQUFPLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsS0FBSyxFQUFFLEVBQUUsUUFBUSxDQUFDLENBQUM7SUFDcEUsQ0FBQztJQUVELE1BQU0sQ0FBQyxhQUFhLENBQUMsS0FBYTtRQUNoQyxNQUFNLFFBQVEsR0FBRyxpRUFBaUUsQ0FBQztRQUNuRixPQUFPLEtBQUssQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDO0lBQ3JDLENBQUM7SUFFRCxNQUFNLENBQUMsU0FBUyxDQUFDLE9BQWU7UUFDOUIsTUFBTSxJQUFJLEdBQUcsS0FBSyxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUNuRCxPQUFPLElBQUksQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQUMsU0FBUyxDQUFDLElBQUksS0FBSyxZQUFZLENBQUM7WUFDakYsRUFBRSxLQUFlLENBQUM7SUFDdEIsQ0FBQztJQUVELE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxTQUFxQyxFQUFFLEdBQVc7UUFDekUsTUFBTSxJQUFJLEdBQ1IsT0FBTyxTQUFTLEtBQUssUUFBUTtZQUMzQixDQUFDLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsa0JBQWtCLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ25FLENBQUMsQ0FBQyxTQUFTLENBQUM7UUFDaEIsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLFVBQVUsRUFBRSxJQUFJLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEtBQUssR0FBRyxDQUFDLENBQUM7UUFDckUsT0FBTyxTQUFTLElBQUksTUFBTSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLFVBQVUsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxDQUFDO0lBQzFFLENBQUM7SUFFRCxNQUFNLENBQUMsa0JBQWtCLENBQUMsUUFBZ0I7UUFDeEMsTUFBTSxLQUFLLEdBQUcsa0JBQWtCLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3RELE1BQU0sVUFBVSxHQUFHLENBQUMsQ0FBQyxTQUFTLENBQUMsS0FBSyxFQUFFLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDO1FBRXBGLE1BQU0sVUFBVSxHQUFHLENBQUMsS0FBMEIsRUFBVSxFQUFFLENBQ3hELEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUMsS0FBSyxFQUFFLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUV2RixPQUFPO1lBQ0wsS0FBSyxFQUFFLFVBQVUsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDaEMsRUFBRSxFQUFFLFVBQVUsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUM7U0FDOUIsQ0FBQztJQUNKLENBQUM7SUFFRCxNQUFNLENBQUMsa0JBQWtCLENBQ3ZCLElBQXVCLEVBQ3ZCLEtBQTBCO1FBRTFCLE9BQU8sS0FBSyxDQUFDLElBQUksQ0FBQyxDQUFDLGVBQWUsRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7SUFDdkYsQ0FBQztJQUVELE1BQU0sQ0FBQyxhQUFhLENBQUMsUUFBZ0I7UUFDbkMsTUFBTSxLQUFLLEdBQUcsa0JBQWtCLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBRXpELE9BQU8sS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsa0JBQWtCLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7SUFDdEUsQ0FBQztJQUVELE1BQU0sQ0FBQyxhQUFhLENBQUMsUUFBc0I7UUFDekMsT0FBTyxRQUFRO2FBQ1osR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUM7YUFDaEQsSUFBSSxDQUFDLEVBQUUsQ0FBQzthQUNSLElBQUksRUFBRSxDQUFDO0lBQ1osQ0FBQztJQUVELE1BQU0sQ0FBQyxLQUFLLENBQUMscUJBQXFCLENBQUMsR0FBVztRQUM1QyxNQUFNLFlBQVksR0FBRyxNQUFNLGtCQUFrQixDQUFDLDBCQUEwQixDQUFDLElBQUksQ0FDM0UsR0FBRyxFQUNILEtBQUssSUFBSSxFQUFFO1lBQ1QsTUFBTSxRQUFRLEdBQUcsTUFBTSxLQUFLLENBQUMsR0FBRyxFQUFFO2dCQUNoQyxZQUFZLEVBQUUsYUFBYTthQUM1QixDQUFDLENBQUM7WUFDSCxPQUFPLFFBQVEsRUFBRSxJQUFJLENBQUM7UUFDeEIsQ0FBQyxFQUNEO1lBQ0UsR0FBRyxFQUFFLENBQUMsR0FBRyxFQUFFLEdBQUcsSUFBSSxFQUFFLE9BQU87U0FDNUIsQ0FDRixDQUFDO1FBRUYsT0FBTyxZQUFZLENBQUM7SUFDdEIsQ0FBQztJQUVELE1BQU0sQ0FBQyxVQUFVLENBQ2YsSUFBdUIsRUFDdkIsZ0JBQXFDO1FBRXJDLE1BQU0sS0FBSyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDckIsSUFBSSxXQUFXLEdBQWtDLElBQUksQ0FBQztRQUV0RCxHQUFHLENBQUM7WUFDRixXQUFXLEdBQUcsZ0JBQWdCLENBQUMsSUFBSSxDQUNqQyxDQUFDLGVBQWUsRUFBRSxFQUFFLENBQ2xCLFdBQVcsRUFBRSxNQUFNLENBQUMsT0FBTyxDQUFDLGVBQWUsQ0FBQyxPQUFPLENBQUM7Z0JBQ3BELENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLE1BQU0sQ0FBQyxDQUNuRCxDQUFDO1lBRUYsSUFBSSxXQUFXLEVBQUUsQ0FBQztnQkFDaEIsS0FBSyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQztZQUMxQixDQUFDO1FBQ0gsQ0FBQyxRQUFRLFdBQVcsRUFBRTtRQUV0QixPQUFPLEtBQUssQ0FBQztJQUNmLENBQUM7SUFFRCxNQUFNLENBQUMsdUJBQXVCLENBQzVCLFFBQWlEO1FBRWpELE1BQU0sUUFBUSxHQUNaLE9BQU8sUUFBUSxLQUFLLFFBQVEsSUFBSSxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxPQUFPLElBQUksS0FBSyxRQUFRLENBQUM7WUFDaEYsQ0FBQyxDQUFDLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxRQUE2QixDQUFDO1lBQzlELENBQUMsQ0FBRSxRQUFnQyxDQUFDO1FBRXhDLE1BQU0sS0FBSyxHQUFHLFFBQVEsQ0FBQyxNQUFNLENBQzNCLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FDZCxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQyxnQkFBZ0IsRUFBRSxFQUFFLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsZ0JBQWdCLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FDN0YsQ0FBQztRQUVGLE1BQU0sTUFBTSxHQUFHLEtBQUs7YUFDakIsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxrQkFBa0IsQ0FBQyxVQUFVLENBQUMsSUFBSSxFQUFFLFFBQVEsQ0FBQyxDQUFDO2FBQzVELElBQUksQ0FBQyxDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEdBQUcsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQy9DLE9BQU8sTUFBTSxDQUFDLElBQUksRUFBRSxDQUFDO0lBQ3ZCLENBQUM7SUFFRCxNQUFNLENBQUMseUJBQXlCLENBQUMsT0FBZTtRQUM5QyxNQUFNLElBQUksR0FBRyxJQUFJLGVBQWUsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUMxQyxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDO1FBQ2pDLE9BQU8sU0FBUyxDQUFDLFNBQXlCLENBQUM7SUFDN0MsQ0FBQztJQUVELE1BQU0sQ0FBQyx3QkFBd0IsQ0FBQyxNQUFjO1FBQzVDLE1BQU0sR0FBRyxHQUFHLElBQUksd0JBQXdCLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDakQsTUFBTSxTQUFTLEdBQUcsR0FBRyxDQUFDLFNBQVMsQ0FBQztRQUNoQyxPQUFPLFNBQVMsQ0FBQyxTQUF5QixDQUFDO0lBQzdDLENBQUM7SUFFRCxNQUFNLENBQUMsS0FBSyxDQUFDLGlCQUFpQixDQUM1QixRQUEyQixFQUMzQixLQUF3QixFQUN4QixVQUFpQyxFQUFFO1FBRW5DLE1BQU0sRUFBRSxPQUFPLEVBQUUsR0FBRyxPQUFPLENBQUM7UUFFNUIseUZBQXlGO1FBQ3pGLE1BQU0sV0FBVyxHQUFHLGtCQUFrQixDQUFDLHVCQUF1QixDQUFDLFFBQVEsQ0FBQyxDQUFDLE9BQU8sRUFBRSxDQUFDO1FBRW5GLE1BQU0sRUFBRSxHQUFHLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUVoRCxJQUFJLENBQUM7WUFDSCxNQUFNLElBQUksR0FBRyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxTQUFTLENBQUMsZUFBZSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBQ3pFLE1BQU0saUJBQWlCLEdBQUcsT0FBTztnQkFDL0IsQ0FBQyxDQUFDLEVBQUU7Z0JBQ0osQ0FBQyxDQUFDLE1BQU0sVUFBVSxDQUFDLHdCQUF3QixDQUFDLFdBQVcsRUFBRSxFQUFFLEVBQUUsZ0JBQWdCLENBQUMsQ0FBQztZQUVqRixNQUFNLFdBQVcsR0FBRyxJQUFJLEtBQUssQ0FBQyxnQ0FBZ0MsQ0FBQztnQkFDN0QsS0FBSyxFQUFFLFdBQVc7Z0JBQ2xCLFlBQVksRUFBRSxFQUFFO2dCQUNoQixLQUFLLEVBQUUsaUJBQWlCO2dCQUN4QixJQUFJO2FBQ0wsQ0FBQyxDQUFDO1lBRUgsTUFBTSxZQUFZLEdBQUcsTUFBTSxXQUFXLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDaEQsSUFBSSxDQUFDLFlBQVksQ0FBQyxNQUFNLEVBQUUsQ0FBQztnQkFDekIsT0FBTztvQkFDTCxPQUFPLEVBQUUsS0FBSztvQkFDZCxZQUFZLEVBQUUsWUFBWSxDQUFDLGFBQWE7aUJBQ3pDLENBQUM7WUFDSixDQUFDO1lBRUQ7Ozs7Ozs7O2VBUUc7WUFDSCxNQUFNLGtCQUFrQixHQUFHLFdBQVcsQ0FBQyxLQUFLLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUNwRCxZQUFZLENBQUMsZUFBZSxFQUFFLElBQUksQ0FBQyxDQUFDLFlBQVksRUFBRSxFQUFFLENBQ2xELFlBQVksQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FDckQsQ0FDRixDQUFDO1lBQ0YsSUFBSSxDQUFDLGtCQUFrQixFQUFFLENBQUM7Z0JBQ3hCLE1BQU0sSUFBSSxLQUFLLENBQUMsNkNBQTZDLENBQUMsQ0FBQztZQUNqRSxDQUFDO1lBRUQsT0FBTztnQkFDTCxPQUFPLEVBQUUsSUFBSTthQUNkLENBQUM7UUFDSixDQUFDO1FBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNiLE9BQU87Z0JBQ0wsT0FBTyxFQUFFLEtBQUs7Z0JBQ2QsWUFBWSxFQUFHLEdBQWEsQ0FBQyxPQUFPO2FBQ3JDLENBQUM7UUFDSixDQUFDO0lBQ0gsQ0FBQztJQUVELE1BQU0sQ0FBQyxVQUFVLENBQUMsS0FBd0I7UUFDeEMsTUFBTSxVQUFVLEdBQUcsS0FBSyxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxrQkFBa0IsQ0FBQyxhQUFhLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDMUYsT0FBTyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FDaEMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsa0JBQWtCLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQ2hFLENBQUM7SUFDSixDQUFDIn0=
|
|
@@ -1,9 +1,14 @@
|
|
|
1
1
|
import * as pkijs from 'pkijs';
|
|
2
|
+
import { GenerateOcspResponseParams, ParsedOcspRequest } from '../index.js';
|
|
2
3
|
export declare class OCSPHelper {
|
|
3
|
-
static getOCSPResponseFromCerts(certs: pkijs.Certificate[], ca: pkijs.Certificate[]): Promise<pkijs.BasicOCSPResponse[]>;
|
|
4
|
+
static getOCSPResponseFromCerts(certs: pkijs.Certificate[], ca: pkijs.Certificate[], oidsToCheck?: string[]): Promise<pkijs.BasicOCSPResponse[]>;
|
|
5
|
+
static generateOCSPResponse(params: GenerateOcspResponseParams): Promise<ArrayBuffer>;
|
|
6
|
+
static parseOCSPRequest(ocspRequestBinary: ArrayBuffer): ParsedOcspRequest;
|
|
7
|
+
private static canCertSignOCSPResponse;
|
|
4
8
|
private static getOCSPRequestData;
|
|
5
9
|
private static getOCSPResponse;
|
|
6
10
|
private static sendOCSPRequest;
|
|
7
11
|
private static getNonceForRequest;
|
|
8
12
|
private static getNonceFromResponse;
|
|
13
|
+
private static getCertExtensionsToCheck;
|
|
9
14
|
}
|
|
@@ -1,26 +1,142 @@
|
|
|
1
|
+
import _ from 'lodash';
|
|
2
|
+
import forge from 'node-forge';
|
|
1
3
|
import * as pkijs from 'pkijs';
|
|
2
4
|
import * as asn1js from 'asn1js';
|
|
3
5
|
import axios from 'axios';
|
|
6
|
+
import { CertID, OCSPRequest, Request, TBSRequest } from '@peculiar/asn1-ocsp';
|
|
7
|
+
import { OctetString, AsnSerializer, AsnParser } from '@peculiar/asn1-schema';
|
|
8
|
+
import { AlgorithmIdentifier, Extensions, Extension } from '@peculiar/asn1-x509';
|
|
4
9
|
import { OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION, OID_OCSP_ACCESS_METHOD, OID_OCSP_ISSUER_ACCESS_METHOD, } from '../constants.js';
|
|
5
10
|
import { CertificatesHelper } from './helper.js';
|
|
6
|
-
import { constants, helpers } from '../index.js';
|
|
11
|
+
import { CryptoKeysTransformer, OcspCertStatus, constants, helpers, } from '../index.js';
|
|
12
|
+
import { ExtendedKeyUsage } from '@peculiar/x509';
|
|
13
|
+
const DEFAULT_REVOCATION_DATE = new Date('1970-01-01T00:00:00Z');
|
|
7
14
|
export class OCSPHelper {
|
|
8
|
-
static async getOCSPResponseFromCerts(certs, ca) {
|
|
15
|
+
static async getOCSPResponseFromCerts(certs, ca, oidsToCheck = []) {
|
|
9
16
|
const ocspRequestsData = certs
|
|
10
17
|
.map(OCSPHelper.getOCSPRequestData)
|
|
11
18
|
.filter(Boolean);
|
|
12
19
|
if (!ocspRequestsData.length) {
|
|
13
20
|
return [];
|
|
14
21
|
}
|
|
15
|
-
const
|
|
22
|
+
const groupByOcspUrl = _.groupBy(ocspRequestsData, 'ocspUrl');
|
|
23
|
+
const getOcspResponseParams = Object.entries(groupByOcspUrl).map(([ocspUrl, certParams]) => ({
|
|
24
|
+
ocspUrl,
|
|
25
|
+
certsWithIssuer: certParams.map(({ cert, issuerCertUrl }) => ({
|
|
26
|
+
cert,
|
|
27
|
+
issuerCertUrl,
|
|
28
|
+
issuerCert: CertificatesHelper.getIssuerBySubject(cert, [...certs, ...ca]),
|
|
29
|
+
})),
|
|
30
|
+
ca,
|
|
31
|
+
oidsToCheck,
|
|
32
|
+
}));
|
|
33
|
+
const ocspResponseResults = await Promise.allSettled(getOcspResponseParams.map((params) => OCSPHelper.getOCSPResponse(params)));
|
|
16
34
|
const rejectedOCSPResponses = ocspResponseResults
|
|
17
35
|
.filter(helpers.isRejected)
|
|
18
36
|
.map((result) => result.reason);
|
|
19
37
|
if (rejectedOCSPResponses.length) {
|
|
20
|
-
throw new Error(`Can't get OCSP responses for some certificates (reasons=${rejectedOCSPResponses.join(';\n')})`);
|
|
38
|
+
throw new Error(`Can't get valid OCSP responses for some of certificates (reasons=${rejectedOCSPResponses.join(';\n')})`);
|
|
21
39
|
}
|
|
22
40
|
return ocspResponseResults.filter(helpers.isFulfilled).map((result) => result.value);
|
|
23
41
|
}
|
|
42
|
+
static async generateOCSPResponse(params) {
|
|
43
|
+
const ocspBasicResp = new pkijs.BasicOCSPResponse();
|
|
44
|
+
const { issuerPem: issuerCertPem, caCertsPem, certs, privateKey, nonce } = params;
|
|
45
|
+
const { certs: issuerCertsPem } = CertificatesHelper.extractCAFromChain(`${issuerCertPem}\n${caCertsPem || ''}`);
|
|
46
|
+
const issuerCert = CertificatesHelper.toPkiCerts(issuerCertPem)[0];
|
|
47
|
+
ocspBasicResp.tbsResponseData.responderID = issuerCert.subject;
|
|
48
|
+
ocspBasicResp.tbsResponseData.producedAt = new Date();
|
|
49
|
+
ocspBasicResp.certs = CertificatesHelper.toPkiCerts(issuerCertsPem);
|
|
50
|
+
for (const certData of certs) {
|
|
51
|
+
const { serialNumber, status, issuerKeyHash, issuerNameHash, hashAlgorithm, revocationDate } = certData;
|
|
52
|
+
const certID = new pkijs.CertID({
|
|
53
|
+
hashAlgorithm: new pkijs.AlgorithmIdentifier({
|
|
54
|
+
algorithmId: hashAlgorithm,
|
|
55
|
+
algorithmParams: new asn1js.Null(),
|
|
56
|
+
}),
|
|
57
|
+
issuerNameHash: new asn1js.OctetString({ valueHex: issuerNameHash }),
|
|
58
|
+
issuerKeyHash: new asn1js.OctetString({ valueHex: issuerKeyHash }),
|
|
59
|
+
serialNumber: new asn1js.Integer({ valueHex: serialNumber }),
|
|
60
|
+
});
|
|
61
|
+
const response = new pkijs.SingleResponse({
|
|
62
|
+
certID,
|
|
63
|
+
});
|
|
64
|
+
switch (status) {
|
|
65
|
+
case OcspCertStatus.OK:
|
|
66
|
+
case OcspCertStatus.Unknown:
|
|
67
|
+
response.certStatus = new asn1js.Primitive({
|
|
68
|
+
idBlock: {
|
|
69
|
+
tagClass: 3,
|
|
70
|
+
tagNumber: status,
|
|
71
|
+
},
|
|
72
|
+
});
|
|
73
|
+
break;
|
|
74
|
+
case OcspCertStatus.Revoked:
|
|
75
|
+
response.certStatus = new asn1js.Constructed({
|
|
76
|
+
idBlock: {
|
|
77
|
+
tagClass: 3,
|
|
78
|
+
tagNumber: status,
|
|
79
|
+
isConstructed: true,
|
|
80
|
+
},
|
|
81
|
+
value: [
|
|
82
|
+
new asn1js.GeneralizedTime({
|
|
83
|
+
valueDate: revocationDate || DEFAULT_REVOCATION_DATE,
|
|
84
|
+
}),
|
|
85
|
+
],
|
|
86
|
+
});
|
|
87
|
+
break;
|
|
88
|
+
default:
|
|
89
|
+
throw new Error(`Unknown OCSP certificate status: ${status}`);
|
|
90
|
+
}
|
|
91
|
+
response.thisUpdate = new Date();
|
|
92
|
+
ocspBasicResp.tbsResponseData.responses.push(response);
|
|
93
|
+
}
|
|
94
|
+
if (nonce) {
|
|
95
|
+
ocspBasicResp.tbsResponseData.responseExtensions = [
|
|
96
|
+
new pkijs.Extension({
|
|
97
|
+
extnID: constants.OID_OCSP_NONCE,
|
|
98
|
+
extnValue: new asn1js.OctetString({ valueHex: nonce }).toBER(),
|
|
99
|
+
}),
|
|
100
|
+
];
|
|
101
|
+
}
|
|
102
|
+
const privateCryptoKey = await CryptoKeysTransformer.pkcs8PemToCryptoKey(privateKey);
|
|
103
|
+
await ocspBasicResp.sign(privateCryptoKey, 'SHA-256');
|
|
104
|
+
const ocspBasicRespRaw = ocspBasicResp.toSchema().toBER(false);
|
|
105
|
+
const ocspResp = new pkijs.OCSPResponse({
|
|
106
|
+
responseStatus: new asn1js.Enumerated({ value: 0 }), // success
|
|
107
|
+
responseBytes: new pkijs.ResponseBytes({
|
|
108
|
+
responseType: pkijs.id_PKIX_OCSP_Basic,
|
|
109
|
+
response: new asn1js.OctetString({ valueHex: ocspBasicRespRaw }),
|
|
110
|
+
}),
|
|
111
|
+
});
|
|
112
|
+
return ocspResp.toSchema().toBER();
|
|
113
|
+
}
|
|
114
|
+
static parseOCSPRequest(ocspRequestBinary) {
|
|
115
|
+
const ocspRequest = AsnParser.parse(ocspRequestBinary, OCSPRequest);
|
|
116
|
+
const certRequests = ocspRequest.tbsRequest.requestList.map((request) => {
|
|
117
|
+
const reqCert = {
|
|
118
|
+
hashAlgorithm: request.reqCert.hashAlgorithm.algorithm,
|
|
119
|
+
issuerNameHash: Buffer.from(request.reqCert.issuerNameHash.buffer),
|
|
120
|
+
issuerKeyHash: Buffer.from(request.reqCert.issuerKeyHash.buffer),
|
|
121
|
+
serialNumber: request.reqCert.serialNumber,
|
|
122
|
+
};
|
|
123
|
+
const extensionsToCheck = request.singleRequestExtensions?.map((ext) => ({
|
|
124
|
+
oid: ext.extnID,
|
|
125
|
+
value: Buffer.from(ext.extnValue.buffer),
|
|
126
|
+
})) || [];
|
|
127
|
+
return { ...reqCert, extensionsToCheck };
|
|
128
|
+
});
|
|
129
|
+
const nonceExtension = ocspRequest.tbsRequest.requestExtensions?.find((ext) => ext.extnID === constants.OID_OCSP_NONCE);
|
|
130
|
+
const nonce = nonceExtension && nonceExtension.extnValue.buffer;
|
|
131
|
+
return { certRequests, nonce };
|
|
132
|
+
}
|
|
133
|
+
static canCertSignOCSPResponse(cert) {
|
|
134
|
+
const extKeysUsage = cert.extensions?.find((ext) => ext.extnID === forge.pki.oids['extKeyUsage']);
|
|
135
|
+
if (!extKeysUsage) {
|
|
136
|
+
return false;
|
|
137
|
+
}
|
|
138
|
+
return Boolean(extKeysUsage.parsedValue.keyPurposes.find((usage) => usage === ExtendedKeyUsage.ocspSigning));
|
|
139
|
+
}
|
|
24
140
|
static getOCSPRequestData(cert) {
|
|
25
141
|
const authorityExtension = CertificatesHelper.getExtensionValue(cert, OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION);
|
|
26
142
|
if (!authorityExtension) {
|
|
@@ -29,42 +145,92 @@ export class OCSPHelper {
|
|
|
29
145
|
const extensionValue = pkijs.ExtensionValueFactory.fromBER(OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION, authorityExtension);
|
|
30
146
|
const ocspUrl = extensionValue.accessDescriptions.find((desc) => desc.accessMethod === OID_OCSP_ACCESS_METHOD)?.accessLocation.value;
|
|
31
147
|
const issuerCertUrl = extensionValue.accessDescriptions.find((desc) => desc.accessMethod === OID_OCSP_ISSUER_ACCESS_METHOD)?.accessLocation.value;
|
|
32
|
-
if (!ocspUrl
|
|
33
|
-
// TODO: throw error?
|
|
148
|
+
if (!ocspUrl) {
|
|
34
149
|
return;
|
|
35
150
|
}
|
|
36
151
|
return { ocspUrl, issuerCertUrl, cert };
|
|
37
152
|
}
|
|
38
|
-
static async getOCSPResponse(
|
|
39
|
-
const { ocspUrl,
|
|
40
|
-
const
|
|
41
|
-
const
|
|
42
|
-
const
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
}
|
|
153
|
+
static async getOCSPResponse(params) {
|
|
154
|
+
const { ocspUrl, certsWithIssuer, ca, oidsToCheck } = params;
|
|
155
|
+
const requestList = [];
|
|
156
|
+
const issuerCertificates = [];
|
|
157
|
+
const addIssuerCertIfNotExists = (cert) => {
|
|
158
|
+
if (!issuerCertificates.some((c) => c.subject.isEqual(cert.subject))) {
|
|
159
|
+
issuerCertificates.push(cert);
|
|
160
|
+
}
|
|
161
|
+
};
|
|
162
|
+
for (const { cert, issuerCert: issuerCertFromParams, issuerCertUrl } of certsWithIssuer) {
|
|
163
|
+
let issuerCertificate = issuerCertFromParams;
|
|
164
|
+
if (!issuerCertificate && issuerCertUrl) {
|
|
165
|
+
const issuerCertRaw = await CertificatesHelper.downloadCertWithCache(issuerCertUrl);
|
|
166
|
+
issuerCertificate = pkijs.Certificate.fromBER(issuerCertRaw);
|
|
167
|
+
}
|
|
168
|
+
if (!issuerCertificate) {
|
|
169
|
+
throw new Error(`No issuer certificate found for OCSP request for ${cert.subject}`);
|
|
170
|
+
}
|
|
171
|
+
addIssuerCertIfNotExists(issuerCertificate);
|
|
172
|
+
addIssuerCertIfNotExists(cert);
|
|
173
|
+
const certID = new pkijs.CertID();
|
|
174
|
+
await certID.createForCertificate(cert, {
|
|
175
|
+
hashAlgorithm: 'SHA-256',
|
|
176
|
+
issuerCertificate,
|
|
177
|
+
});
|
|
178
|
+
const request = new Request({
|
|
179
|
+
reqCert: new CertID({
|
|
180
|
+
hashAlgorithm: new AlgorithmIdentifier({
|
|
181
|
+
algorithm: certID.hashAlgorithm.algorithmId,
|
|
182
|
+
}),
|
|
183
|
+
issuerNameHash: new OctetString().fromASN(certID.issuerNameHash),
|
|
184
|
+
issuerKeyHash: new OctetString().fromASN(certID.issuerKeyHash),
|
|
185
|
+
serialNumber: certID.serialNumber.valueBlock.valueHex,
|
|
186
|
+
}),
|
|
187
|
+
});
|
|
188
|
+
const extensionsToCheck = OCSPHelper.getCertExtensionsToCheck(cert, oidsToCheck);
|
|
189
|
+
if (extensionsToCheck.length) {
|
|
190
|
+
request.singleRequestExtensions = new Extensions(extensionsToCheck.map((ext) => new Extension({ extnID: ext.oid, extnValue: new OctetString(ext.value) })));
|
|
191
|
+
}
|
|
192
|
+
requestList.push(request);
|
|
193
|
+
}
|
|
47
194
|
const reqNonce = OCSPHelper.getNonceForRequest();
|
|
48
|
-
ocspReq
|
|
49
|
-
new
|
|
50
|
-
|
|
51
|
-
|
|
195
|
+
const ocspReq = new OCSPRequest({
|
|
196
|
+
tbsRequest: new TBSRequest({
|
|
197
|
+
requestList,
|
|
198
|
+
requestExtensions: new Extensions([
|
|
199
|
+
new Extension({
|
|
200
|
+
extnID: constants.OID_OCSP_NONCE,
|
|
201
|
+
extnValue: new OctetString(reqNonce),
|
|
202
|
+
}),
|
|
203
|
+
]),
|
|
52
204
|
}),
|
|
53
|
-
|
|
205
|
+
});
|
|
54
206
|
const ocspBasicResp = await OCSPHelper.sendOCSPRequest(ocspUrl, ocspReq);
|
|
55
207
|
const respNonce = await OCSPHelper.getNonceFromResponse(ocspBasicResp);
|
|
56
208
|
if (respNonce && Buffer.compare(reqNonce, respNonce) !== 0) {
|
|
57
209
|
throw new Error(`OCSP nonces from request and response do not match`);
|
|
58
210
|
}
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
ocspBasicResp.certs = [issuerCertificate];
|
|
62
|
-
trustedCerts.push(...ca);
|
|
211
|
+
if (!ocspBasicResp.certs?.length) {
|
|
212
|
+
ocspBasicResp.certs = issuerCertificates;
|
|
63
213
|
}
|
|
64
|
-
|
|
65
|
-
|
|
214
|
+
const signers = ocspBasicResp.certs.filter((cert) => cert.subject.isEqual(ocspBasicResp.tbsResponseData.responderID));
|
|
215
|
+
if (!signers.length) {
|
|
216
|
+
throw new Error('No OCSP signer certificate found');
|
|
217
|
+
}
|
|
218
|
+
if (signers.length > 1) {
|
|
219
|
+
throw new Error('Prohibited attempt to replace OCSP signer');
|
|
220
|
+
}
|
|
221
|
+
const signerChain = CertificatesHelper.buildChain(signers[0], [
|
|
222
|
+
...ocspBasicResp.certs,
|
|
223
|
+
...issuerCertificates,
|
|
224
|
+
]);
|
|
225
|
+
ocspBasicResp.certs = signerChain;
|
|
226
|
+
const isValid = await ocspBasicResp.verify({ trustedCerts: ca });
|
|
227
|
+
if (!isValid) {
|
|
228
|
+
throw new Error('OCSP response verification failed');
|
|
229
|
+
}
|
|
230
|
+
const isSignerValid = OCSPHelper.canCertSignOCSPResponse(signers[0]);
|
|
231
|
+
if (!isSignerValid) {
|
|
232
|
+
throw new Error('OCSP signer certificate does not have the OCSP signing extended key usage');
|
|
66
233
|
}
|
|
67
|
-
await ocspBasicResp.verify({ trustedCerts });
|
|
68
234
|
return ocspBasicResp;
|
|
69
235
|
}
|
|
70
236
|
static async sendOCSPRequest(ocspUrl, ocspReq) {
|
|
@@ -74,7 +240,7 @@ export class OCSPHelper {
|
|
|
74
240
|
'Content-Type': 'application/ocsp-request',
|
|
75
241
|
},
|
|
76
242
|
responseType: 'arraybuffer',
|
|
77
|
-
data:
|
|
243
|
+
data: AsnSerializer.serialize(ocspReq),
|
|
78
244
|
});
|
|
79
245
|
const ocspRespSimpl = pkijs.OCSPResponse.fromBER(ocspResponse.data);
|
|
80
246
|
if (!ocspRespSimpl.responseBytes) {
|
|
@@ -88,7 +254,15 @@ export class OCSPHelper {
|
|
|
88
254
|
}
|
|
89
255
|
static getNonceFromResponse(ocspBasicResp) {
|
|
90
256
|
const nonceExtension = ocspBasicResp.tbsResponseData?.responseExtensions?.find((extension) => extension.extnID === constants.OID_OCSP_NONCE);
|
|
91
|
-
return nonceExtension
|
|
257
|
+
return nonceExtension && Buffer.from(nonceExtension.parsedValue.valueBlock.valueHex);
|
|
258
|
+
}
|
|
259
|
+
static getCertExtensionsToCheck(cert, oidsToCheck) {
|
|
260
|
+
return oidsToCheck
|
|
261
|
+
.map((oid) => {
|
|
262
|
+
const value = CertificatesHelper.getExtensionValue(cert, oid);
|
|
263
|
+
return { oid, value };
|
|
264
|
+
})
|
|
265
|
+
.filter((ext) => Boolean(ext.value));
|
|
92
266
|
}
|
|
93
267
|
}
|
|
94
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2NzcC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvb2NzcC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUMvQixPQUFPLEtBQUssTUFBTSxNQUFNLFFBQVEsQ0FBQztBQUNqQyxPQUFPLEtBQUssTUFBTSxPQUFPLENBQUM7QUFDMUIsT0FBTyxFQUNMLDBDQUEwQyxFQUMxQyxzQkFBc0IsRUFDdEIsNkJBQTZCLEdBQzlCLE1BQU0saUJBQWlCLENBQUM7QUFDekIsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sYUFBYSxDQUFDO0FBQ2pELE9BQU8sRUFBRSxTQUFTLEVBQUUsT0FBTyxFQUFFLE1BQU0sYUFBYSxDQUFDO0FBSWpELE1BQU0sT0FBTyxVQUFVO0lBQ3JCLE1BQU0sQ0FBQyxLQUFLLENBQUMsd0JBQXdCLENBQ25DLEtBQTBCLEVBQzFCLEVBQXVCO1FBRXZCLE1BQU0sZ0JBQWdCLEdBQUcsS0FBSzthQUMzQixHQUFHLENBQUMsVUFBVSxDQUFDLGtCQUFrQixDQUFDO2FBQ2xDLE1BQU0sQ0FBQyxPQUFPLENBQXNCLENBQUM7UUFFeEMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQzdCLE9BQU8sRUFBRSxDQUFDO1FBQ1osQ0FBQztRQUVELE1BQU0sbUJBQW1CLEdBQUcsTUFBTSxPQUFPLENBQUMsVUFBVSxDQUNsRCxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsQ0FBQyxXQUFXLEVBQUUsRUFBRSxDQUFDLFVBQVUsQ0FBQyxlQUFlLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQ25GLENBQUM7UUFFRixNQUFNLHFCQUFxQixHQUFHLG1CQUFtQjthQUM5QyxNQUFNLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQzthQUMxQixHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNsQyxJQUFJLHFCQUFxQixDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQ2IsMkRBQTJELHFCQUFxQixDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUNoRyxDQUFDO1FBQ0osQ0FBQztRQUVELE9BQU8sbUJBQW1CLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUN2RixDQUFDO0lBRU8sTUFBTSxDQUFDLGtCQUFrQixDQUFDLElBQXVCO1FBQ3ZELE1BQU0sa0JBQWtCLEdBQUcsa0JBQWtCLENBQUMsaUJBQWlCLENBQzdELElBQUksRUFDSiwwQ0FBMEMsQ0FDM0MsQ0FBQztRQUNGLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQ3hCLE9BQU87UUFDVCxDQUFDO1FBRUQsTUFBTSxjQUFjLEdBQUcsS0FBSyxDQUFDLHFCQUFxQixDQUFDLE9BQU8sQ0FDeEQsMENBQTBDLEVBQzFDLGtCQUFrQixDQUNFLENBQUM7UUFFdkIsTUFBTSxPQUFPLEdBQUcsY0FBYyxDQUFDLGtCQUFrQixDQUFDLElBQUksQ0FDcEQsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxZQUFZLEtBQUssc0JBQXNCLENBQ3ZELEVBQUUsY0FBYyxDQUFDLEtBQUssQ0FBQztRQUV4QixNQUFNLGFBQWEsR0FBRyxjQUFjLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUMxRCxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLFlBQVksS0FBSyw2QkFBNkIsQ0FDOUQsRUFBRSxjQUFjLENBQUMsS0FBSyxDQUFDO1FBRXhCLElBQUksQ0FBQyxPQUFPLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUMvQixxQkFBcUI7WUFDckIsT0FBTztRQUNULENBQUM7UUFFRCxPQUFPLEVBQUUsT0FBTyxFQUFFLGFBQWEsRUFBRSxJQUFJLEVBQUUsQ0FBQztJQUMxQyxDQUFDO0lBRU8sTUFBTSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQ2xDLElBQXFCLEVBQ3JCLEVBQXVCO1FBRXZCLE1BQU0sRUFBRSxPQUFPLEVBQUUsYUFBYSxFQUFFLElBQUksRUFBRSxHQUFHLElBQUksQ0FBQztRQUM5QyxNQUFNLGFBQWEsR0FBRyxNQUFNLGtCQUFrQixDQUFDLHFCQUFxQixDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ3BGLE1BQU0saUJBQWlCLEdBQUcsS0FBSyxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDLENBQUM7UUFDbkUsTUFBTSxPQUFPLEdBQUcsSUFBSSxLQUFLLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDeEMsTUFBTSxPQUFPLENBQUMsb0JBQW9CLENBQUMsSUFBSSxFQUFFO1lBQ3ZDLGFBQWEsRUFBRSxTQUFTO1lBQ3hCLGlCQUFpQjtTQUNsQixDQUFDLENBQUM7UUFDSCxNQUFNLFFBQVEsR0FBRyxVQUFVLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztRQUNqRCxPQUFPLENBQUMsVUFBVSxDQUFDLGlCQUFpQixHQUFHO1lBQ3JDLElBQUksS0FBSyxDQUFDLFNBQVMsQ0FBQztnQkFDbEIsTUFBTSxFQUFFLFNBQVMsQ0FBQyxjQUFjO2dCQUNoQyxTQUFTLEVBQUUsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLEVBQUUsUUFBUSxFQUFFLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLEtBQUssRUFBRTthQUN6RSxDQUFDO1NBQ0gsQ0FBQztRQUVGLE1BQU0sYUFBYSxHQUFHLE1BQU0sVUFBVSxDQUFDLGVBQWUsQ0FBQyxPQUFPLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFFekUsTUFBTSxTQUFTLEdBQUcsTUFBTSxVQUFVLENBQUMsb0JBQW9CLENBQUMsYUFBYSxDQUFDLENBQUM7UUFDdkUsSUFBSSxTQUFTLElBQUksTUFBTSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsU0FBUyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDM0QsTUFBTSxJQUFJLEtBQUssQ0FBQyxvREFBb0QsQ0FBQyxDQUFDO1FBQ3hFLENBQUM7UUFFRCxNQUFNLFlBQVksR0FBd0IsRUFBRSxDQUFDO1FBQzdDLElBQUksQ0FBQyxhQUFhLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDekIsYUFBYSxDQUFDLEtBQUssR0FBRyxDQUFDLGlCQUFpQixDQUFDLENBQUM7WUFDMUMsWUFBWSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDO1FBQzNCLENBQUM7YUFBTSxDQUFDO1lBQ04sWUFBWSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO1FBQ3ZDLENBQUM7UUFFRCxNQUFNLGFBQWEsQ0FBQyxNQUFNLENBQUMsRUFBRSxZQUFZLEVBQUUsQ0FBQyxDQUFDO1FBQzdDLE9BQU8sYUFBYSxDQUFDO0lBQ3ZCLENBQUM7SUFFTyxNQUFNLENBQUMsS0FBSyxDQUFDLGVBQWUsQ0FDbEMsT0FBZSxFQUNmLE9BQTBCO1FBRTFCLE1BQU0sWUFBWSxHQUFHLE1BQU0sS0FBSyxDQUFDLE9BQU8sRUFBRTtZQUN4QyxNQUFNLEVBQUUsTUFBTTtZQUNkLE9BQU8sRUFBRTtnQkFDUCxjQUFjLEVBQUUsMEJBQTBCO2FBQzNDO1lBQ0QsWUFBWSxFQUFFLGFBQWE7WUFDM0IsSUFBSSxFQUFFLE9BQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUMsS0FBSyxFQUFFO1NBQ3JDLENBQUMsQ0FBQztRQUVILE1BQU0sYUFBYSxHQUFHLEtBQUssQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNwRSxJQUFJLENBQUMsYUFBYSxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQUMsOERBQThELENBQUMsQ0FBQztRQUNsRixDQUFDO1FBRUQsTUFBTSxhQUFhLEdBQUcsS0FBSyxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbkQsYUFBYSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FDN0QsQ0FBQztRQUVGLE9BQU8sYUFBYSxDQUFDO0lBQ3ZCLENBQUM7SUFFTyxNQUFNLENBQUMsa0JBQWtCO1FBQy9CLE9BQU8sS0FBSyxDQUFDLGVBQWUsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQ25ELENBQUM7SUFFTyxNQUFNLENBQUMsb0JBQW9CLENBQ2pDLGFBQXNDO1FBRXRDLE1BQU0sY0FBYyxHQUFHLGFBQWEsQ0FBQyxlQUFlLEVBQUUsa0JBQWtCLEVBQUUsSUFBSSxDQUM1RSxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQUMsU0FBUyxDQUFDLE1BQU0sS0FBSyxTQUFTLENBQUMsY0FBYyxDQUM3RCxDQUFDO1FBQ0YsT0FBTyxjQUFjLEVBQUUsU0FBUyxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUM7SUFDM0QsQ0FBQztDQUNGIn0=
|
|
268
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2NzcC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvb2NzcC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLENBQUMsTUFBTSxRQUFRLENBQUM7QUFDdkIsT0FBTyxLQUFLLE1BQU0sWUFBWSxDQUFDO0FBQy9CLE9BQU8sS0FBSyxLQUFLLE1BQU0sT0FBTyxDQUFDO0FBQy9CLE9BQU8sS0FBSyxNQUFNLE1BQU0sUUFBUSxDQUFDO0FBQ2pDLE9BQU8sS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUMxQixPQUFPLEVBQUUsTUFBTSxFQUFFLFdBQVcsRUFBRSxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0scUJBQXFCLENBQUM7QUFDL0UsT0FBTyxFQUFFLFdBQVcsRUFBRSxhQUFhLEVBQUUsU0FBUyxFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDOUUsT0FBTyxFQUFFLG1CQUFtQixFQUFFLFVBQVUsRUFBRSxTQUFTLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUNqRixPQUFPLEVBQ0wsMENBQTBDLEVBQzFDLHNCQUFzQixFQUN0Qiw2QkFBNkIsR0FDOUIsTUFBTSxpQkFBaUIsQ0FBQztBQUN6QixPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFDakQsT0FBTyxFQUNMLHFCQUFxQixFQUdyQixjQUFjLEVBRWQsU0FBUyxFQUNULE9BQU8sR0FDUixNQUFNLGFBQWEsQ0FBQztBQUNyQixPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQztBQWVsRCxNQUFNLHVCQUF1QixHQUFHLElBQUksSUFBSSxDQUFDLHNCQUFzQixDQUFDLENBQUM7QUFFakUsTUFBTSxPQUFPLFVBQVU7SUFDckIsTUFBTSxDQUFDLEtBQUssQ0FBQyx3QkFBd0IsQ0FDbkMsS0FBMEIsRUFDMUIsRUFBdUIsRUFDdkIsY0FBd0IsRUFBRTtRQUUxQixNQUFNLGdCQUFnQixHQUFHLEtBQUs7YUFDM0IsR0FBRyxDQUFDLFVBQVUsQ0FBQyxrQkFBa0IsQ0FBQzthQUNsQyxNQUFNLENBQUMsT0FBTyxDQUFzQixDQUFDO1FBQ3hDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUM3QixPQUFPLEVBQUUsQ0FBQztRQUNaLENBQUM7UUFFRCxNQUFNLGNBQWMsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUFDLGdCQUFnQixFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBQzlELE1BQU0scUJBQXFCLEdBQTRCLE1BQU0sQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLENBQUMsR0FBRyxDQUN2RixDQUFDLENBQUMsT0FBTyxFQUFFLFVBQVUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQzFCLE9BQU87WUFDUCxlQUFlLEVBQUUsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsSUFBSSxFQUFFLGFBQWEsRUFBRSxFQUFFLEVBQUUsQ0FBQyxDQUFDO2dCQUM1RCxJQUFJO2dCQUNKLGFBQWE7Z0JBQ2IsVUFBVSxFQUFFLGtCQUFrQixDQUFDLGtCQUFrQixDQUFDLElBQUksRUFBRSxDQUFDLEdBQUcsS0FBSyxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUM7YUFDM0UsQ0FBQyxDQUFDO1lBQ0gsRUFBRTtZQUNGLFdBQVc7U0FDWixDQUFDLENBQ0gsQ0FBQztRQUVGLE1BQU0sbUJBQW1CLEdBQUcsTUFBTSxPQUFPLENBQUMsVUFBVSxDQUNsRCxxQkFBcUIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLFVBQVUsQ0FBQyxlQUFlLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FDMUUsQ0FBQztRQUVGLE1BQU0scUJBQXFCLEdBQUcsbUJBQW1CO2FBQzlDLE1BQU0sQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDO2FBQzFCLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2xDLElBQUkscUJBQXFCLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDakMsTUFBTSxJQUFJLEtBQUssQ0FDYixvRUFBb0UscUJBQXFCLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQ3pHLENBQUM7UUFDSixDQUFDO1FBRUQsT0FBTyxtQkFBbUIsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQ3ZGLENBQUM7SUFFRCxNQUFNLENBQUMsS0FBSyxDQUFDLG9CQUFvQixDQUFDLE1BQWtDO1FBQ2xFLE1BQU0sYUFBYSxHQUFHLElBQUksS0FBSyxDQUFDLGlCQUFpQixFQUFFLENBQUM7UUFDcEQsTUFBTSxFQUFFLFNBQVMsRUFBRSxhQUFhLEVBQUUsVUFBVSxFQUFFLEtBQUssRUFBRSxVQUFVLEVBQUUsS0FBSyxFQUFFLEdBQUcsTUFBTSxDQUFDO1FBQ2xGLE1BQU0sRUFBRSxLQUFLLEVBQUUsY0FBYyxFQUFFLEdBQUcsa0JBQWtCLENBQUMsa0JBQWtCLENBQ3JFLEdBQUcsYUFBYSxLQUFLLFVBQVUsSUFBSSxFQUFFLEVBQUUsQ0FDeEMsQ0FBQztRQUNGLE1BQU0sVUFBVSxHQUFHLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUVuRSxhQUFhLENBQUMsZUFBZSxDQUFDLFdBQVcsR0FBRyxVQUFVLENBQUMsT0FBTyxDQUFDO1FBQy9ELGFBQWEsQ0FBQyxlQUFlLENBQUMsVUFBVSxHQUFHLElBQUksSUFBSSxFQUFFLENBQUM7UUFDdEQsYUFBYSxDQUFDLEtBQUssR0FBRyxrQkFBa0IsQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDLENBQUM7UUFFcEUsS0FBSyxNQUFNLFFBQVEsSUFBSSxLQUFLLEVBQUUsQ0FBQztZQUM3QixNQUFNLEVBQUUsWUFBWSxFQUFFLE1BQU0sRUFBRSxhQUFhLEVBQUUsY0FBYyxFQUFFLGFBQWEsRUFBRSxjQUFjLEVBQUUsR0FDMUYsUUFBUSxDQUFDO1lBQ1gsTUFBTSxNQUFNLEdBQUcsSUFBSSxLQUFLLENBQUMsTUFBTSxDQUFDO2dCQUM5QixhQUFhLEVBQUUsSUFBSSxLQUFLLENBQUMsbUJBQW1CLENBQUM7b0JBQzNDLFdBQVcsRUFBRSxhQUFhO29CQUMxQixlQUFlLEVBQUUsSUFBSSxNQUFNLENBQUMsSUFBSSxFQUFFO2lCQUNuQyxDQUFDO2dCQUNGLGNBQWMsRUFBRSxJQUFJLE1BQU0sQ0FBQyxXQUFXLENBQUMsRUFBRSxRQUFRLEVBQUUsY0FBYyxFQUFFLENBQUM7Z0JBQ3BFLGFBQWEsRUFBRSxJQUFJLE1BQU0sQ0FBQyxXQUFXLENBQUMsRUFBRSxRQUFRLEVBQUUsYUFBYSxFQUFFLENBQUM7Z0JBQ2xFLFlBQVksRUFBRSxJQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMsRUFBRSxRQUFRLEVBQUUsWUFBWSxFQUFFLENBQUM7YUFDN0QsQ0FBQyxDQUFDO1lBRUgsTUFBTSxRQUFRLEdBQUcsSUFBSSxLQUFLLENBQUMsY0FBYyxDQUFDO2dCQUN4QyxNQUFNO2FBQ1AsQ0FBQyxDQUFDO1lBRUgsUUFBUSxNQUFNLEVBQUUsQ0FBQztnQkFDZixLQUFLLGNBQWMsQ0FBQyxFQUFFLENBQUM7Z0JBQ3ZCLEtBQUssY0FBYyxDQUFDLE9BQU87b0JBQ3pCLFFBQVEsQ0FBQyxVQUFVLEdBQUcsSUFBSSxNQUFNLENBQUMsU0FBUyxDQUFDO3dCQUN6QyxPQUFPLEVBQUU7NEJBQ1AsUUFBUSxFQUFFLENBQUM7NEJBQ1gsU0FBUyxFQUFFLE1BQU07eUJBQ2xCO3FCQUNGLENBQUMsQ0FBQztvQkFDSCxNQUFNO2dCQUNSLEtBQUssY0FBYyxDQUFDLE9BQU87b0JBQ3pCLFFBQVEsQ0FBQyxVQUFVLEdBQUcsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDO3dCQUMzQyxPQUFPLEVBQUU7NEJBQ1AsUUFBUSxFQUFFLENBQUM7NEJBQ1gsU0FBUyxFQUFFLE1BQU07NEJBQ2pCLGFBQWEsRUFBRSxJQUFJO3lCQUNwQjt3QkFDRCxLQUFLLEVBQUU7NEJBQ0wsSUFBSSxNQUFNLENBQUMsZUFBZSxDQUFDO2dDQUN6QixTQUFTLEVBQUUsY0FBYyxJQUFJLHVCQUF1Qjs2QkFDckQsQ0FBQzt5QkFDSDtxQkFDRixDQUFDLENBQUM7b0JBQ0gsTUFBTTtnQkFDUjtvQkFDRSxNQUFNLElBQUksS0FBSyxDQUFDLG9DQUFvQyxNQUFNLEVBQUUsQ0FBQyxDQUFDO1lBQ2xFLENBQUM7WUFFRCxRQUFRLENBQUMsVUFBVSxHQUFHLElBQUksSUFBSSxFQUFFLENBQUM7WUFDakMsYUFBYSxDQUFDLGVBQWUsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3pELENBQUM7UUFFRCxJQUFJLEtBQUssRUFBRSxDQUFDO1lBQ1YsYUFBYSxDQUFDLGVBQWUsQ0FBQyxrQkFBa0IsR0FBRztnQkFDakQsSUFBSSxLQUFLLENBQUMsU0FBUyxDQUFDO29CQUNsQixNQUFNLEVBQUUsU0FBUyxDQUFDLGNBQWM7b0JBQ2hDLFNBQVMsRUFBRSxJQUFJLE1BQU0sQ0FBQyxXQUFXLENBQUMsRUFBRSxRQUFRLEVBQUUsS0FBSyxFQUFFLENBQUMsQ0FBQyxLQUFLLEVBQUU7aUJBQy9ELENBQUM7YUFDSCxDQUFDO1FBQ0osQ0FBQztRQUVELE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxxQkFBcUIsQ0FBQyxtQkFBbUIsQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUNyRixNQUFNLGFBQWEsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsU0FBUyxDQUFDLENBQUM7UUFFdEQsTUFBTSxnQkFBZ0IsR0FBRyxhQUFhLENBQUMsUUFBUSxFQUFFLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRS9ELE1BQU0sUUFBUSxHQUFHLElBQUksS0FBSyxDQUFDLFlBQVksQ0FBQztZQUN0QyxjQUFjLEVBQUUsSUFBSSxNQUFNLENBQUMsVUFBVSxDQUFDLEVBQUUsS0FBSyxFQUFFLENBQUMsRUFBRSxDQUFDLEVBQUUsVUFBVTtZQUMvRCxhQUFhLEVBQUUsSUFBSSxLQUFLLENBQUMsYUFBYSxDQUFDO2dCQUNyQyxZQUFZLEVBQUUsS0FBSyxDQUFDLGtCQUFrQjtnQkFDdEMsUUFBUSxFQUFFLElBQUksTUFBTSxDQUFDLFdBQVcsQ0FBQyxFQUFFLFFBQVEsRUFBRSxnQkFBZ0IsRUFBRSxDQUFDO2FBQ2pFLENBQUM7U0FDSCxDQUFDLENBQUM7UUFFSCxPQUFPLFFBQVEsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxLQUFLLEVBQUUsQ0FBQztJQUNyQyxDQUFDO0lBRUQsTUFBTSxDQUFDLGdCQUFnQixDQUFDLGlCQUE4QjtRQUNwRCxNQUFNLFdBQVcsR0FBRyxTQUFTLENBQUMsS0FBSyxDQUFDLGlCQUFpQixFQUFFLFdBQVcsQ0FBQyxDQUFDO1FBQ3BFLE1BQU0sWUFBWSxHQUFHLFdBQVcsQ0FBQyxVQUFVLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFO1lBQ3RFLE1BQU0sT0FBTyxHQUFHO2dCQUNkLGFBQWEsRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLGFBQWEsQ0FBQyxTQUFTO2dCQUN0RCxjQUFjLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLGNBQWMsQ0FBQyxNQUFNLENBQUM7Z0JBQ2xFLGFBQWEsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQztnQkFDaEUsWUFBWSxFQUFFLE9BQU8sQ0FBQyxPQUFPLENBQUMsWUFBWTthQUMzQyxDQUFDO1lBRUYsTUFBTSxpQkFBaUIsR0FDckIsT0FBTyxDQUFDLHVCQUF1QixFQUFFLEdBQUcsQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsQ0FBQztnQkFDN0MsR0FBRyxFQUFFLEdBQUcsQ0FBQyxNQUFNO2dCQUNmLEtBQUssRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDO2FBQ3pDLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUVaLE9BQU8sRUFBRSxHQUFHLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxDQUFDO1FBQzNDLENBQUMsQ0FBQyxDQUFDO1FBRUgsTUFBTSxjQUFjLEdBQUcsV0FBVyxDQUFDLFVBQVUsQ0FBQyxpQkFBaUIsRUFBRSxJQUFJLENBQ25FLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsTUFBTSxLQUFLLFNBQVMsQ0FBQyxjQUFjLENBQ2pELENBQUM7UUFDRixNQUFNLEtBQUssR0FBRyxjQUFjLElBQUksY0FBYyxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUM7UUFFaEUsT0FBTyxFQUFFLFlBQVksRUFBRSxLQUFLLEVBQUUsQ0FBQztJQUNqQyxDQUFDO0lBRU8sTUFBTSxDQUFDLHVCQUF1QixDQUFDLElBQXVCO1FBQzVELE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUN4QyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLE1BQU0sS0FBSyxLQUFLLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsQ0FDdEQsQ0FBQztRQUNGLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUNsQixPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7UUFFRCxPQUFPLE9BQU8sQ0FDWixZQUFZLENBQUMsV0FBVyxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQ3ZDLENBQUMsS0FBYSxFQUFFLEVBQUUsQ0FBQyxLQUFLLEtBQUssZ0JBQWdCLENBQUMsV0FBVyxDQUMxRCxDQUNGLENBQUM7SUFDSixDQUFDO0lBRU8sTUFBTSxDQUFDLGtCQUFrQixDQUFDLElBQXVCO1FBQ3ZELE1BQU0sa0JBQWtCLEdBQUcsa0JBQWtCLENBQUMsaUJBQWlCLENBQzdELElBQUksRUFDSiwwQ0FBMEMsQ0FDM0MsQ0FBQztRQUNGLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQ3hCLE9BQU87UUFDVCxDQUFDO1FBRUQsTUFBTSxjQUFjLEdBQUcsS0FBSyxDQUFDLHFCQUFxQixDQUFDLE9BQU8sQ0FDeEQsMENBQTBDLEVBQzFDLGtCQUFrQixDQUNFLENBQUM7UUFFdkIsTUFBTSxPQUFPLEdBQUcsY0FBYyxDQUFDLGtCQUFrQixDQUFDLElBQUksQ0FDcEQsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxZQUFZLEtBQUssc0JBQXNCLENBQ3ZELEVBQUUsY0FBYyxDQUFDLEtBQUssQ0FBQztRQUV4QixNQUFNLGFBQWEsR0FBRyxjQUFjLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUMxRCxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLFlBQVksS0FBSyw2QkFBNkIsQ0FDOUQsRUFBRSxjQUFjLENBQUMsS0FBSyxDQUFDO1FBRXhCLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNiLE9BQU87UUFDVCxDQUFDO1FBRUQsT0FBTyxFQUFFLE9BQU8sRUFBRSxhQUFhLEVBQUUsSUFBSSxFQUFFLENBQUM7SUFDMUMsQ0FBQztJQUVPLE1BQU0sQ0FBQyxLQUFLLENBQUMsZUFBZSxDQUNsQyxNQUE2QjtRQUU3QixNQUFNLEVBQUUsT0FBTyxFQUFFLGVBQWUsRUFBRSxFQUFFLEVBQUUsV0FBVyxFQUFFLEdBQUcsTUFBTSxDQUFDO1FBQzdELE1BQU0sV0FBVyxHQUFjLEVBQUUsQ0FBQztRQUNsQyxNQUFNLGtCQUFrQixHQUF3QixFQUFFLENBQUM7UUFFbkQsTUFBTSx3QkFBd0IsR0FBRyxDQUFDLElBQXVCLEVBQVEsRUFBRTtZQUNqRSxJQUFJLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUMsRUFBRSxDQUFDO2dCQUNyRSxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUM7WUFDaEMsQ0FBQztRQUNILENBQUMsQ0FBQztRQUNGLEtBQUssTUFBTSxFQUFFLElBQUksRUFBRSxVQUFVLEVBQUUsb0JBQW9CLEVBQUUsYUFBYSxFQUFFLElBQUksZUFBZSxFQUFFLENBQUM7WUFDeEYsSUFBSSxpQkFBaUIsR0FBRyxvQkFBb0IsQ0FBQztZQUM3QyxJQUFJLENBQUMsaUJBQWlCLElBQUksYUFBYSxFQUFFLENBQUM7Z0JBQ3hDLE1BQU0sYUFBYSxHQUFHLE1BQU0sa0JBQWtCLENBQUMscUJBQXFCLENBQUMsYUFBYSxDQUFDLENBQUM7Z0JBQ3BGLGlCQUFpQixHQUFHLEtBQUssQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLGFBQWEsQ0FBQyxDQUFDO1lBQy9ELENBQUM7WUFDRCxJQUFJLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztnQkFDdkIsTUFBTSxJQUFJLEtBQUssQ0FBQyxvREFBb0QsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7WUFDdEYsQ0FBQztZQUVELHdCQUF3QixDQUFDLGlCQUFpQixDQUFDLENBQUM7WUFDNUMsd0JBQXdCLENBQUMsSUFBSSxDQUFDLENBQUM7WUFFL0IsTUFBTSxNQUFNLEdBQUcsSUFBSSxLQUFLLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDbEMsTUFBTSxNQUFNLENBQUMsb0JBQW9CLENBQUMsSUFBSSxFQUFFO2dCQUN0QyxhQUFhLEVBQUUsU0FBUztnQkFDeEIsaUJBQWlCO2FBQ2xCLENBQUMsQ0FBQztZQUVILE1BQU0sT0FBTyxHQUFHLElBQUksT0FBTyxDQUFDO2dCQUMxQixPQUFPLEVBQUUsSUFBSSxNQUFNLENBQUM7b0JBQ2xCLGFBQWEsRUFBRSxJQUFJLG1CQUFtQixDQUFDO3dCQUNyQyxTQUFTLEVBQUUsTUFBTSxDQUFDLGFBQWEsQ0FBQyxXQUFXO3FCQUM1QyxDQUFDO29CQUNGLGNBQWMsRUFBRSxJQUFJLFdBQVcsRUFBRSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsY0FBYyxDQUFDO29CQUNoRSxhQUFhLEVBQUUsSUFBSSxXQUFXLEVBQUUsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLGFBQWEsQ0FBQztvQkFDOUQsWUFBWSxFQUFFLE1BQU0sQ0FBQyxZQUFZLENBQUMsVUFBVSxDQUFDLFFBQVE7aUJBQ3RELENBQUM7YUFDSCxDQUFDLENBQUM7WUFFSCxNQUFNLGlCQUFpQixHQUFHLFVBQVUsQ0FBQyx3QkFBd0IsQ0FBQyxJQUFJLEVBQUUsV0FBVyxDQUFDLENBQUM7WUFDakYsSUFBSSxpQkFBaUIsQ0FBQyxNQUFNLEVBQUUsQ0FBQztnQkFDN0IsT0FBTyxDQUFDLHVCQUF1QixHQUFHLElBQUksVUFBVSxDQUM5QyxpQkFBaUIsQ0FBQyxHQUFHLENBQ25CLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxJQUFJLFNBQVMsQ0FBQyxFQUFFLE1BQU0sRUFBRSxHQUFHLENBQUMsR0FBRyxFQUFFLFNBQVMsRUFBRSxJQUFJLFdBQVcsQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxDQUNuRixDQUNGLENBQUM7WUFDSixDQUFDO1lBRUQsV0FBVyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUM1QixDQUFDO1FBRUQsTUFBTSxRQUFRLEdBQUcsVUFBVSxDQUFDLGtCQUFrQixFQUFFLENBQUM7UUFDakQsTUFBTSxPQUFPLEdBQUcsSUFBSSxXQUFXLENBQUM7WUFDOUIsVUFBVSxFQUFFLElBQUksVUFBVSxDQUFDO2dCQUN6QixXQUFXO2dCQUNYLGlCQUFpQixFQUFFLElBQUksVUFBVSxDQUFDO29CQUNoQyxJQUFJLFNBQVMsQ0FBQzt3QkFDWixNQUFNLEVBQUUsU0FBUyxDQUFDLGNBQWM7d0JBQ2hDLFNBQVMsRUFBRSxJQUFJLFdBQVcsQ0FBQyxRQUFRLENBQUM7cUJBQ3JDLENBQUM7aUJBQ0gsQ0FBQzthQUNILENBQUM7U0FDSCxDQUFDLENBQUM7UUFFSCxNQUFNLGFBQWEsR0FBRyxNQUFNLFVBQVUsQ0FBQyxlQUFlLENBQUMsT0FBTyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBRXpFLE1BQU0sU0FBUyxHQUFHLE1BQU0sVUFBVSxDQUFDLG9CQUFvQixDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ3ZFLElBQUksU0FBUyxJQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMsUUFBUSxFQUFFLFNBQVMsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQzNELE1BQU0sSUFBSSxLQUFLLENBQUMsb0RBQW9ELENBQUMsQ0FBQztRQUN4RSxDQUFDO1FBRUQsSUFBSSxDQUFDLGFBQWEsQ0FBQyxLQUFLLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDakMsYUFBYSxDQUFDLEtBQUssR0FBRyxrQkFBa0IsQ0FBQztRQUMzQyxDQUFDO1FBRUQsTUFBTSxPQUFPLEdBQUcsYUFBYSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUNsRCxJQUFJLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxhQUFhLENBQUMsZUFBZSxDQUFDLFdBQVcsQ0FBQyxDQUNoRSxDQUFDO1FBQ0YsSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNwQixNQUFNLElBQUksS0FBSyxDQUFDLGtDQUFrQyxDQUFDLENBQUM7UUFDdEQsQ0FBQztRQUNELElBQUksT0FBTyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUN2QixNQUFNLElBQUksS0FBSyxDQUFDLDJDQUEyQyxDQUFDLENBQUM7UUFDL0QsQ0FBQztRQUVELE1BQU0sV0FBVyxHQUFHLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUU7WUFDNUQsR0FBRyxhQUFhLENBQUMsS0FBSztZQUN0QixHQUFHLGtCQUFrQjtTQUN0QixDQUFDLENBQUM7UUFDSCxhQUFhLENBQUMsS0FBSyxHQUFHLFdBQVcsQ0FBQztRQUNsQyxNQUFNLE9BQU8sR0FBRyxNQUFNLGFBQWEsQ0FBQyxNQUFNLENBQUMsRUFBRSxZQUFZLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQztRQUNqRSxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDYixNQUFNLElBQUksS0FBSyxDQUFDLG1DQUFtQyxDQUFDLENBQUM7UUFDdkQsQ0FBQztRQUVELE1BQU0sYUFBYSxHQUFHLFVBQVUsQ0FBQyx1QkFBdUIsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNyRSxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDbkIsTUFBTSxJQUFJLEtBQUssQ0FBQywyRUFBMkUsQ0FBQyxDQUFDO1FBQy9GLENBQUM7UUFFRCxPQUFPLGFBQWEsQ0FBQztJQUN2QixDQUFDO0lBRU8sTUFBTSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQ2xDLE9BQWUsRUFDZixPQUFvQjtRQUVwQixNQUFNLFlBQVksR0FBRyxNQUFNLEtBQUssQ0FBQyxPQUFPLEVBQUU7WUFDeEMsTUFBTSxFQUFFLE1BQU07WUFDZCxPQUFPLEVBQUU7Z0JBQ1AsY0FBYyxFQUFFLDBCQUEwQjthQUMzQztZQUNELFlBQVksRUFBRSxhQUFhO1lBQzNCLElBQUksRUFBRSxhQUFhLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQztTQUN2QyxDQUFDLENBQUM7UUFFSCxNQUFNLGFBQWEsR0FBRyxLQUFLLENBQUMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDcEUsSUFBSSxDQUFDLGFBQWEsQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUNqQyxNQUFNLElBQUksS0FBSyxDQUFDLDhEQUE4RCxDQUFDLENBQUM7UUFDbEYsQ0FBQztRQUVELE1BQU0sYUFBYSxHQUFHLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ25ELGFBQWEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQzdELENBQUM7UUFFRixPQUFPLGFBQWEsQ0FBQztJQUN2QixDQUFDO0lBRU8sTUFBTSxDQUFDLGtCQUFrQjtRQUMvQixPQUFPLEtBQUssQ0FBQyxlQUFlLENBQUMsSUFBSSxVQUFVLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztJQUNuRCxDQUFDO0lBRU8sTUFBTSxDQUFDLG9CQUFvQixDQUFDLGFBQXNDO1FBQ3hFLE1BQU0sY0FBYyxHQUFHLGFBQWEsQ0FBQyxlQUFlLEVBQUUsa0JBQWtCLEVBQUUsSUFBSSxDQUM1RSxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQUMsU0FBUyxDQUFDLE1BQU0sS0FBSyxTQUFTLENBQUMsY0FBYyxDQUM3RCxDQUFDO1FBQ0YsT0FBTyxjQUFjLElBQUksTUFBTSxDQUFDLElBQUksQ0FBQyxjQUFjLENBQUMsV0FBVyxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUN2RixDQUFDO0lBRU8sTUFBTSxDQUFDLHdCQUF3QixDQUNyQyxJQUF1QixFQUN2QixXQUFxQjtRQUVyQixPQUFPLFdBQVc7YUFDZixHQUFHLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRTtZQUNYLE1BQU0sS0FBSyxHQUFHLGtCQUFrQixDQUFDLGlCQUFpQixDQUFDLElBQUksRUFBRSxHQUFHLENBQUMsQ0FBQztZQUU5RCxPQUFPLEVBQUUsR0FBRyxFQUFFLEtBQUssRUFBRSxDQUFDO1FBQ3hCLENBQUMsQ0FBQzthQUNELE1BQU0sQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsQ0FBc0IsQ0FBQztJQUM5RCxDQUFDO0NBQ0YifQ==
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,110 @@
|
|
|
1
|
+
import { OID_CUSTOM_EXTENSION_CHALLENGE_ID } from '@super-protocol/pki-common';
|
|
2
|
+
import { CertificateGenerator } from './generator.js';
|
|
3
|
+
import { CertificatesHelper } from './helper.js';
|
|
4
|
+
import fs from 'fs';
|
|
5
|
+
import { CryptoKeysTransformer } from '../utils/CryptoKeysTransformer.js';
|
|
6
|
+
import { OID_CUSTOM_EXTENSION_USER_DATA } from '../constants.js';
|
|
7
|
+
// const signatureAlgorithm: SignatureAlgorithm = 'ECDSA-P-256-SHA256';
|
|
8
|
+
const signatureAlgorithm = 'ECDSA-secp256k1-SHA256';
|
|
9
|
+
void (async () => {
|
|
10
|
+
const orderCertPem = await fs.promises.readFile('order_cert.crt', 'utf8');
|
|
11
|
+
const mrEnclave = CertificatesHelper.getExtensionValue(orderCertPem, OID_CUSTOM_EXTENSION_CHALLENGE_ID);
|
|
12
|
+
const userDataHashFromCert = CertificatesHelper.getExtensionValue(orderCertPem, OID_CUSTOM_EXTENSION_USER_DATA);
|
|
13
|
+
const rootSubject = {
|
|
14
|
+
country: 'US',
|
|
15
|
+
stateName: 'California',
|
|
16
|
+
localityName: 'San Francisco',
|
|
17
|
+
organization: 'Super Protocol',
|
|
18
|
+
organizationalUnit: 'Development',
|
|
19
|
+
commonName: 'Root CA',
|
|
20
|
+
};
|
|
21
|
+
const subroot1 = {
|
|
22
|
+
country: 'US',
|
|
23
|
+
stateName: 'California',
|
|
24
|
+
localityName: 'San Francisco',
|
|
25
|
+
organization: 'Super Protocol',
|
|
26
|
+
organizationalUnit: 'Development',
|
|
27
|
+
commonName: 'Subroot1 CA',
|
|
28
|
+
};
|
|
29
|
+
const subroot2 = {
|
|
30
|
+
country: 'US',
|
|
31
|
+
stateName: 'California',
|
|
32
|
+
localityName: 'San Francisco',
|
|
33
|
+
organization: 'Super Protocol',
|
|
34
|
+
organizationalUnit: 'Development',
|
|
35
|
+
commonName: 'Subroot Level 2 CA',
|
|
36
|
+
};
|
|
37
|
+
const rootCertKeys = await CertificateGenerator.generateKeys(signatureAlgorithm);
|
|
38
|
+
const rootPrivatePem = await CryptoKeysTransformer.cryptoKeyToPkcs8Pem(rootCertKeys.privateKey);
|
|
39
|
+
const rootPublicPem = await CryptoKeysTransformer.cryptoKeyToSpkiPem(rootCertKeys.publicKey);
|
|
40
|
+
const rootCertParams = {
|
|
41
|
+
subject: rootSubject,
|
|
42
|
+
issuer: rootSubject,
|
|
43
|
+
notAfter: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year
|
|
44
|
+
ca: true,
|
|
45
|
+
dnsNames: ['sp.superprotocol.io', 'superprotocol.io', '127.0.0.1'],
|
|
46
|
+
publicKey: rootPublicPem,
|
|
47
|
+
privateKey: rootPrivatePem,
|
|
48
|
+
};
|
|
49
|
+
const rootCert = await CertificateGenerator.generateCert(rootCertParams);
|
|
50
|
+
const alg = CertificatesHelper.getCertPublicKeyAlgorithm(rootCert);
|
|
51
|
+
alg;
|
|
52
|
+
const subroot1Keys = await CertificateGenerator.generateKeys(signatureAlgorithm);
|
|
53
|
+
const subroot1CertParams = {
|
|
54
|
+
subject: subroot1,
|
|
55
|
+
issuer: rootSubject,
|
|
56
|
+
privateKey: rootCertKeys.privateKey,
|
|
57
|
+
notAfter: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year
|
|
58
|
+
ca: true,
|
|
59
|
+
dnsNames: ['sp.superprotocol.io', 'superprotocol.io'],
|
|
60
|
+
customExtensions: [
|
|
61
|
+
{
|
|
62
|
+
oid: OID_CUSTOM_EXTENSION_USER_DATA,
|
|
63
|
+
value: userDataHashFromCert,
|
|
64
|
+
},
|
|
65
|
+
{
|
|
66
|
+
oid: '1.3.6.1.3.8888.1.1',
|
|
67
|
+
value: Buffer.from('tdx', 'utf8'),
|
|
68
|
+
},
|
|
69
|
+
{
|
|
70
|
+
oid: '1.3.6.1.3.8888.1.2',
|
|
71
|
+
value: mrEnclave,
|
|
72
|
+
},
|
|
73
|
+
],
|
|
74
|
+
publicKey: subroot1Keys.publicKey,
|
|
75
|
+
};
|
|
76
|
+
const subroot1Cert = await CertificateGenerator.generateCert(subroot1CertParams);
|
|
77
|
+
const subroot2Keys = await CertificateGenerator.generateKeys(signatureAlgorithm);
|
|
78
|
+
const subrootLevel2CertParams = {
|
|
79
|
+
subject: subroot2,
|
|
80
|
+
issuer: subroot1,
|
|
81
|
+
privateKey: subroot1Keys.privateKey,
|
|
82
|
+
notAfter: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year
|
|
83
|
+
ca: false,
|
|
84
|
+
dnsNames: ['sp.superprotocol.io', 'superprotocol.io'],
|
|
85
|
+
customExtensions: [
|
|
86
|
+
{
|
|
87
|
+
oid: OID_CUSTOM_EXTENSION_CHALLENGE_ID,
|
|
88
|
+
value: Buffer.from('tdx', 'utf8'),
|
|
89
|
+
},
|
|
90
|
+
{
|
|
91
|
+
oid: '1.3.6.1.3.8888.1.2',
|
|
92
|
+
value: mrEnclave,
|
|
93
|
+
},
|
|
94
|
+
],
|
|
95
|
+
publicKey: subroot2Keys.publicKey,
|
|
96
|
+
};
|
|
97
|
+
const subrootLevel2Cert = await CertificateGenerator.generateCert(subrootLevel2CertParams);
|
|
98
|
+
// const rootCertPem = CertificatesHelper.derToPem(rootCert.certificate.toSchema().toBER());
|
|
99
|
+
// const subroot1CertPem = CertificatesHelper.derToPem(subroot1Cert.certificate.toSchema().toBER());
|
|
100
|
+
// const subrootLevel2CertPem = CertificatesHelper.derToPem(
|
|
101
|
+
// subrootLevel2Cert.certificate.toSchema().toBER(),
|
|
102
|
+
// );
|
|
103
|
+
const certsPem = [subrootLevel2Cert, subroot1Cert];
|
|
104
|
+
const validateResult = await CertificatesHelper.validateCertChain(certsPem, rootCert);
|
|
105
|
+
console.log(JSON.stringify(validateResult, null, 2));
|
|
106
|
+
await fs.promises.writeFile(`pkijsCert-root-${signatureAlgorithm}.crt`, rootCert, 'utf8');
|
|
107
|
+
await fs.promises.writeFile(`pkijsCert-subroot1-${signatureAlgorithm}.crt`, subroot1Cert, 'utf8');
|
|
108
|
+
await fs.promises.writeFile(`pkijsCert-subroot2-${signatureAlgorithm}.crt`, subrootLevel2Cert, 'utf8');
|
|
109
|
+
})();
|
|
110
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidGVzdGluZy1nZW5lcmF0ZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvdGVzdGluZy1nZW5lcmF0ZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsaUNBQWlDLEVBQUUsTUFBTSw0QkFBNEIsQ0FBQztBQUMvRSxPQUFPLEVBQUUsb0JBQW9CLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQztBQUN0RCxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFFakQsT0FBTyxFQUFFLE1BQU0sSUFBSSxDQUFDO0FBQ3BCLE9BQU8sRUFBRSxxQkFBcUIsRUFBRSxNQUFNLG1DQUFtQyxDQUFDO0FBQzFFLE9BQU8sRUFBRSw4QkFBOEIsRUFBRSxNQUFNLGlCQUFpQixDQUFDO0FBRWpFLHVFQUF1RTtBQUN2RSxNQUFNLGtCQUFrQixHQUF1Qix3QkFBd0IsQ0FBQztBQUV4RSxLQUFLLENBQUMsS0FBSyxJQUFJLEVBQUU7SUFDZixNQUFNLFlBQVksR0FBRyxNQUFNLEVBQUUsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLGdCQUFnQixFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQzFFLE1BQU0sU0FBUyxHQUFHLGtCQUFrQixDQUFDLGlCQUFpQixDQUNwRCxZQUFZLEVBQ1osaUNBQWlDLENBQ2xDLENBQUM7SUFFRixNQUFNLG9CQUFvQixHQUFHLGtCQUFrQixDQUFDLGlCQUFpQixDQUMvRCxZQUFZLEVBQ1osOEJBQThCLENBQy9CLENBQUM7SUFFRixNQUFNLFdBQVcsR0FBRztRQUNsQixPQUFPLEVBQUUsSUFBSTtRQUNiLFNBQVMsRUFBRSxZQUFZO1FBQ3ZCLFlBQVksRUFBRSxlQUFlO1FBQzdCLFlBQVksRUFBRSxnQkFBZ0I7UUFDOUIsa0JBQWtCLEVBQUUsYUFBYTtRQUNqQyxVQUFVLEVBQUUsU0FBUztLQUN0QixDQUFDO0lBRUYsTUFBTSxRQUFRLEdBQUc7UUFDZixPQUFPLEVBQUUsSUFBSTtRQUNiLFNBQVMsRUFBRSxZQUFZO1FBQ3ZCLFlBQVksRUFBRSxlQUFlO1FBQzdCLFlBQVksRUFBRSxnQkFBZ0I7UUFDOUIsa0JBQWtCLEVBQUUsYUFBYTtRQUNqQyxVQUFVLEVBQUUsYUFBYTtLQUMxQixDQUFDO0lBRUYsTUFBTSxRQUFRLEdBQUc7UUFDZixPQUFPLEVBQUUsSUFBSTtRQUNiLFNBQVMsRUFBRSxZQUFZO1FBQ3ZCLFlBQVksRUFBRSxlQUFlO1FBQzdCLFlBQVksRUFBRSxnQkFBZ0I7UUFDOUIsa0JBQWtCLEVBQUUsYUFBYTtRQUNqQyxVQUFVLEVBQUUsb0JBQW9CO0tBQ2pDLENBQUM7SUFFRixNQUFNLFlBQVksR0FBRyxNQUFNLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO0lBQ2pGLE1BQU0sY0FBYyxHQUFHLE1BQU0scUJBQXFCLENBQUMsbUJBQW1CLENBQUMsWUFBWSxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQ2hHLE1BQU0sYUFBYSxHQUFHLE1BQU0scUJBQXFCLENBQUMsa0JBQWtCLENBQUMsWUFBWSxDQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQzdGLE1BQU0sY0FBYyxHQUF1QjtRQUN6QyxPQUFPLEVBQUUsV0FBVztRQUNwQixNQUFNLEVBQUUsV0FBVztRQUNuQixRQUFRLEVBQUUsSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLEdBQUcsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsRUFBRSxTQUFTO1FBQ3JFLEVBQUUsRUFBRSxJQUFJO1FBQ1IsUUFBUSxFQUFFLENBQUMscUJBQXFCLEVBQUUsa0JBQWtCLEVBQUUsV0FBVyxDQUFDO1FBQ2xFLFNBQVMsRUFBRSxhQUFhO1FBQ3hCLFVBQVUsRUFBRSxjQUFjO0tBQzNCLENBQUM7SUFDRixNQUFNLFFBQVEsR0FBRyxNQUFNLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUV6RSxNQUFNLEdBQUcsR0FBRyxrQkFBa0IsQ0FBQyx5QkFBeUIsQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUNuRSxHQUFHLENBQUM7SUFFSixNQUFNLFlBQVksR0FBRyxNQUFNLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO0lBQ2pGLE1BQU0sa0JBQWtCLEdBQXVCO1FBQzdDLE9BQU8sRUFBRSxRQUFRO1FBQ2pCLE1BQU0sRUFBRSxXQUFXO1FBQ25CLFVBQVUsRUFBRSxZQUFZLENBQUMsVUFBVTtRQUNuQyxRQUFRLEVBQUUsSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLEdBQUcsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsRUFBRSxTQUFTO1FBQ3JFLEVBQUUsRUFBRSxJQUFJO1FBQ1IsUUFBUSxFQUFFLENBQUMscUJBQXFCLEVBQUUsa0JBQWtCLENBQUM7UUFDckQsZ0JBQWdCLEVBQUU7WUFDaEI7Z0JBQ0UsR0FBRyxFQUFFLDhCQUE4QjtnQkFDbkMsS0FBSyxFQUFFLG9CQUFxQjthQUM3QjtZQUNEO2dCQUNFLEdBQUcsRUFBRSxvQkFBb0I7Z0JBQ3pCLEtBQUssRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLEtBQUssRUFBRSxNQUFNLENBQUM7YUFDbEM7WUFDRDtnQkFDRSxHQUFHLEVBQUUsb0JBQW9CO2dCQUN6QixLQUFLLEVBQUUsU0FBVTthQUNsQjtTQUNGO1FBQ0QsU0FBUyxFQUFFLFlBQVksQ0FBQyxTQUFTO0tBQ2xDLENBQUM7SUFDRixNQUFNLFlBQVksR0FBRyxNQUFNLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO0lBRWpGLE1BQU0sWUFBWSxHQUFHLE1BQU0sb0JBQW9CLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLENBQUM7SUFDakYsTUFBTSx1QkFBdUIsR0FBdUI7UUFDbEQsT0FBTyxFQUFFLFFBQVE7UUFDakIsTUFBTSxFQUFFLFFBQVE7UUFDaEIsVUFBVSxFQUFFLFlBQVksQ0FBQyxVQUFVO1FBQ25DLFFBQVEsRUFBRSxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLEdBQUcsR0FBRyxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxFQUFFLFNBQVM7UUFDckUsRUFBRSxFQUFFLEtBQUs7UUFDVCxRQUFRLEVBQUUsQ0FBQyxxQkFBcUIsRUFBRSxrQkFBa0IsQ0FBQztRQUNyRCxnQkFBZ0IsRUFBRTtZQUNoQjtnQkFDRSxHQUFHLEVBQUUsaUNBQWlDO2dCQUN0QyxLQUFLLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDO2FBQ2xDO1lBQ0Q7Z0JBQ0UsR0FBRyxFQUFFLG9CQUFvQjtnQkFDekIsS0FBSyxFQUFFLFNBQVU7YUFDbEI7U0FDRjtRQUNELFNBQVMsRUFBRSxZQUFZLENBQUMsU0FBUztLQUNsQyxDQUFDO0lBQ0YsTUFBTSxpQkFBaUIsR0FBRyxNQUFNLG9CQUFvQixDQUFDLFlBQVksQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO0lBRTNGLDRGQUE0RjtJQUM1RixvR0FBb0c7SUFDcEcsNERBQTREO0lBQzVELHNEQUFzRDtJQUN0RCxLQUFLO0lBRUwsTUFBTSxRQUFRLEdBQUcsQ0FBQyxpQkFBaUIsRUFBRSxZQUFZLENBQUMsQ0FBQztJQUVuRCxNQUFNLGNBQWMsR0FBRyxNQUFNLGtCQUFrQixDQUFDLGlCQUFpQixDQUFDLFFBQVEsRUFBRSxRQUFRLENBQUMsQ0FBQztJQUN0RixPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsY0FBYyxFQUFFLElBQUksRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBRXJELE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsa0JBQWtCLGtCQUFrQixNQUFNLEVBQUUsUUFBUSxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQzFGLE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsc0JBQXNCLGtCQUFrQixNQUFNLEVBQUUsWUFBWSxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQ2xHLE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQ3pCLHNCQUFzQixrQkFBa0IsTUFBTSxFQUM5QyxpQkFBaUIsRUFDakIsTUFBTSxDQUNQLENBQUM7QUFDSixDQUFDLENBQUMsRUFBRSxDQUFDIn0=
|
|
@@ -40,6 +40,10 @@ export type GenerateCertParams = PemOrCryptoKeys & {
|
|
|
40
40
|
dnsNames?: string[];
|
|
41
41
|
ca?: boolean;
|
|
42
42
|
ocspSigning?: boolean;
|
|
43
|
+
ocspExtension?: {
|
|
44
|
+
ocspUrl: string;
|
|
45
|
+
issuerCertUrl?: string;
|
|
46
|
+
};
|
|
43
47
|
customExtensions?: CustomExtension[];
|
|
44
48
|
};
|
|
45
49
|
export type GenerateCsrParams = PemOrCryptoKeys & {
|
|
@@ -54,7 +58,7 @@ export type ParsedCsr = {
|
|
|
54
58
|
dnsNames?: string[];
|
|
55
59
|
};
|
|
56
60
|
export type ParsedCert = {
|
|
57
|
-
|
|
61
|
+
serialNumberHex: string;
|
|
58
62
|
publicKey: CryptoKey;
|
|
59
63
|
subject: string;
|
|
60
64
|
issuer: string;
|
|
@@ -79,3 +83,29 @@ export type CertBinaryItem = {
|
|
|
79
83
|
oid?: string;
|
|
80
84
|
value: Uint8Array;
|
|
81
85
|
};
|
|
86
|
+
export type OcspCertData = {
|
|
87
|
+
issuerNameHash: ArrayBuffer;
|
|
88
|
+
issuerKeyHash: ArrayBuffer;
|
|
89
|
+
serialNumber: ArrayBuffer;
|
|
90
|
+
extensionsToCheck: CustomExtension[];
|
|
91
|
+
hashAlgorithm: string;
|
|
92
|
+
};
|
|
93
|
+
export type ParsedOcspRequest = {
|
|
94
|
+
certRequests: OcspCertData[];
|
|
95
|
+
nonce?: ArrayBuffer;
|
|
96
|
+
};
|
|
97
|
+
export declare enum OcspCertStatus {
|
|
98
|
+
OK = 0,
|
|
99
|
+
Revoked = 1,
|
|
100
|
+
Unknown = 2
|
|
101
|
+
}
|
|
102
|
+
export type GenerateOcspResponseParams = {
|
|
103
|
+
issuerPem: string;
|
|
104
|
+
caCertsPem?: string;
|
|
105
|
+
certs: Array<Omit<OcspCertData, 'extensionsToCheck'> & {
|
|
106
|
+
status: OcspCertStatus;
|
|
107
|
+
revocationDate?: Date;
|
|
108
|
+
}>;
|
|
109
|
+
privateKey: string;
|
|
110
|
+
nonce?: ArrayBuffer;
|
|
111
|
+
};
|
|
@@ -1,2 +1,7 @@
|
|
|
1
|
-
export
|
|
2
|
-
|
|
1
|
+
export var OcspCertStatus;
|
|
2
|
+
(function (OcspCertStatus) {
|
|
3
|
+
OcspCertStatus[OcspCertStatus["OK"] = 0] = "OK";
|
|
4
|
+
OcspCertStatus[OcspCertStatus["Revoked"] = 1] = "Revoked";
|
|
5
|
+
OcspCertStatus[OcspCertStatus["Unknown"] = 2] = "Unknown";
|
|
6
|
+
})(OcspCertStatus || (OcspCertStatus = {}));
|
|
7
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvY2VydGlmaWNhdGVzL3R5cGVzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQWdIQSxNQUFNLENBQU4sSUFBWSxjQUlYO0FBSkQsV0FBWSxjQUFjO0lBQ3hCLCtDQUFNLENBQUE7SUFDTix5REFBVyxDQUFBO0lBQ1gseURBQVcsQ0FBQTtBQUNiLENBQUMsRUFKVyxjQUFjLEtBQWQsY0FBYyxRQUl6QiJ9
|