@super-protocol/sdk-js 3.4.0 → 3.5.0-beta.1

package/dist/cjs/utils/order/validate-order.js

@@ -13,7 +13,7 @@ const defaultOptions = {
         return new Offer_js_1.default(offerId).isRestrictedByOfferType(type);
     },
     isRestrictionsPermitThatOffer(offerId, otherOfferId) {
-        return new Offer_js_1.default(offerId).isRestrictionsPermitThatOffer(otherOfferId);
+        return new Offer_js_1.default(offerId).isRestrictionsPermitThatOffer(otherOfferId.id, otherOfferId.version);
     },
 };
 const validatePort = (port) => {
@@ -50,21 +50,30 @@ const validateOrder = async (params, options = defaultOptions) => {
     if (!params.parentOrder)
         throw Error('Offer restricted by TEE, but no parent offer found');
     // Check if parent offer complies with restrictions
-    const restrictionsPermitParentOffer = await options.isRestrictionsPermitThatOffer(params.order.offerId, params.parentOrder.offerId);
+    const parentOrderOfferId = {
+        id: params.parentOrder.offerId,
+        version: 0,
+    };
+    const restrictionsPermitParentOffer = await options.isRestrictionsPermitThatOffer(params.order.offerId, parentOrderOfferId);
     if (!restrictionsPermitParentOffer)
         throw Error("Parent TEE offer doesn't comply with restrictions");
     if (params.parentOrder.offerType !== index_js_1.OfferType.TeeOffer)
         throw Error('Offer restricted by TEE, but parent offer is not TEE');
     // Check if each input offer (from parent order) complies with restrictions
     const inputOffersTypes = new Map();
-    await Promise.all(params.parentOrder.orderArgs.inputOffersIds.map(async (offerId) => {
-        if (offerId === params.order.offerId)
+    await Promise.all(params.parentOrder.orderArgs.inputOffersIds.map(async (inputOfferId, index) => {
+        if (inputOfferId === params.order.offerId)
             return true;
-        const type = await new Offer_js_1.default(offerId).getOfferType();
-        inputOffersTypes.set(type, true);
-        const restrictionsPermitParentOffer = await options.isRestrictionsPermitThatOffer(params.order.offerId, offerId);
+        const offerType = await new Offer_js_1.default(inputOfferId).getOfferType();
+        inputOffersTypes.set(offerType, true);
+        const inputOfferVersion = params.parentOrder.orderArgs.inputOffersVersions[index];
+        const otherInputOfferId = {
+            id: inputOfferId,
+            version: inputOfferVersion,
+        };
+        const restrictionsPermitParentOffer = await options.isRestrictionsPermitThatOffer(params.order.offerId, otherInputOfferId);
         if (!restrictionsPermitParentOffer)
-            throw Error(`TEE input offer ${type}: ${offerId} doesn't comply with restrictions`);
+            throw Error(`TEE input offer doesn't comply with restrictions (inputOfferId=${inputOfferId}, inputOfferVersion=${inputOfferVersion}, offerType=${offerType}, parentOrderOfferId=${params.parentOrder?.offerId})`);
     }));
     // Check if all required (by restrictions) offer types exist in input offers (from parent order)
     params.order.offerInfo.restrictions.types.forEach((type) => {
@@ -75,4 +84,4 @@ const validateOrder = async (params, options = defaultOptions) => {
     });
 };
 exports.validateOrder = validateOrder;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmFsaWRhdGUtb3JkZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvdXRpbHMvb3JkZXIvdmFsaWRhdGUtb3JkZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBQUEscURBQWdEO0FBQ2hELHFFQUEwQztBQUMxQyxtREFBNkQ7QUFHN0QsTUFBTSx3QkFBd0IsR0FBRyxDQUFDLHlCQUFVLENBQUMsQ0FBQztBQUU5QyxNQUFNLGNBQWMsR0FBeUI7SUFDM0MsdUJBQXVCLENBQUMsT0FBZSxFQUFFLElBQWU7UUFDdEQsT0FBTyxJQUFJLGtCQUFLLENBQUMsT0FBTyxDQUFDLENBQUMsdUJBQXVCLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDMUQsQ0FBQztJQUVELDZCQUE2QixDQUFDLE9BQWUsRUFBRSxZQUFvQjtRQUNqRSxPQUFPLElBQUksa0JBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyw2QkFBNkIsQ0FBQyxZQUFZLENBQUMsQ0FBQztJQUN4RSxDQUFDO0NBQ0YsQ0FBQztBQUVGLE1BQU0sWUFBWSxHQUFHLENBQUMsSUFBcUIsRUFBVSxFQUFFO0lBQ3JELE1BQU0sVUFBVSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUNoQyxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxVQUFVLENBQUMsSUFBSSxVQUFVLElBQUksQ0FBQyxJQUFJLFVBQVUsR0FBRyxLQUFLLEVBQUUsQ0FBQztRQUMzRSxNQUFNLElBQUksS0FBSyxDQUFDLHdCQUF3QixJQUFJLEVBQUUsQ0FBQyxDQUFDO0lBQ2xELENBQUM7SUFDRCxJQUFJLENBQUMsd0JBQXdCLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQUM7UUFDbkQsTUFBTSxJQUFJLEtBQUssQ0FBQyxRQUFRLFVBQVUsaUNBQWlDLENBQUMsQ0FBQztJQUN2RSxDQUFDO0lBQ0QsT0FBTyxVQUFVLENBQUM7QUFDcEIsQ0FBQyxDQUFDO0FBRUssTUFBTSxhQUFhLEdBQUcsS0FBSyxFQUNoQyxNQUEyQixFQUMzQixVQUFnQyxjQUFjLEVBQy9CLEVBQUU7SUFDakIsc0NBQXNDO0lBQ3RDLElBQUksTUFBTSxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsS0FBSyxLQUFLLHFCQUFVLENBQUMsS0FBSztRQUNuRCxNQUFNLEtBQUssQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDO0lBRWhELDhCQUE4QjtJQUM5QixNQUFNLGlCQUFpQixHQUFHLE1BQU0sSUFBSSxrQkFBSyxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUMsVUFBVSxDQUN4RSxNQUFNLENBQUMsS0FBSyxDQUFDLFlBQVksQ0FDMUIsQ0FBQztJQUNGLE1BQU0sYUFBYSxHQUFHLGlCQUFpQixDQUFDLElBQUksQ0FBQyxRQUFtQyxDQUFDO0lBQ2pGLElBQUksYUFBYSxFQUFFLENBQUM7UUFDbEIsTUFBTSxFQUFFLGNBQWMsRUFBRSxjQUFjLEVBQUUsR0FBRyxhQUFhLENBQUM7UUFFekQsSUFBSSxjQUFjLEVBQUUsQ0FBQztZQUNuQixZQUFZLENBQUMsY0FBYyxDQUFDLENBQUM7UUFDL0IsQ0FBQztRQUVELElBQUksY0FBYyxJQUFJLE1BQU0sQ0FBQyxLQUFLLENBQUMsU0FBUyxLQUFLLG9CQUFTLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDcEUsTUFBTSxJQUFJLEtBQUssQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO1FBQzNELENBQUM7SUFDSCxDQUFDO0lBRUQscUNBQXFDO0lBQ3JDLE1BQU0sc0JBQXNCLEdBQUcsTUFBTSxPQUFPLENBQUMsdUJBQXVCLENBQ2xFLE1BQU0sQ0FBQyxLQUFLLENBQUMsT0FBTyxFQUNwQixvQkFBUyxDQUFDLFFBQVEsQ0FDbkIsQ0FBQztJQUNGLElBQUksQ0FBQyxzQkFBc0I7UUFBRSxPQUFPO0lBRXBDLDhCQUE4QjtJQUM5QixJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVc7UUFBRSxNQUFNLEtBQUssQ0FBQyxvREFBb0QsQ0FBQyxDQUFDO0lBRTNGLG1EQUFtRDtJQUNuRCxNQUFNLDZCQUE2QixHQUFHLE1BQU0sT0FBTyxDQUFDLDZCQUE2QixDQUMvRSxNQUFNLENBQUMsS0FBSyxDQUFDLE9BQU8sRUFDcEIsTUFBTSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQzNCLENBQUM7SUFDRixJQUFJLENBQUMsNkJBQTZCO1FBQ2hDLE1BQU0sS0FBSyxDQUFDLG1EQUFtRCxDQUFDLENBQUM7SUFFbkUsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLFNBQVMsS0FBSyxvQkFBUyxDQUFDLFFBQVE7UUFDckQsTUFBTSxLQUFLLENBQUMsc0RBQXNELENBQUMsQ0FBQztJQUV0RSwyRUFBMkU7SUFDM0UsTUFBTSxnQkFBZ0IsR0FBNEIsSUFBSSxHQUFHLEVBQUUsQ0FBQztJQUM1RCxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQ2YsTUFBTSxDQUFDLFdBQVcsQ0FBQyxTQUFTLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxLQUFLLEVBQUUsT0FBTyxFQUFFLEVBQUU7UUFDaEUsSUFBSSxPQUFPLEtBQUssTUFBTSxDQUFDLEtBQUssQ0FBQyxPQUFPO1lBQUUsT0FBTyxJQUFJLENBQUM7UUFDbEQsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLGtCQUFLLENBQUMsT0FBTyxDQUFDLENBQUMsWUFBWSxFQUFFLENBQUM7UUFDckQsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQztRQUVqQyxNQUFNLDZCQUE2QixHQUFHLE1BQU0sT0FBTyxDQUFDLDZCQUE2QixDQUMvRSxNQUFNLENBQUMsS0FBSyxDQUFDLE9BQU8sRUFDcEIsT0FBTyxDQUNSLENBQUM7UUFDRixJQUFJLENBQUMsNkJBQTZCO1lBQ2hDLE1BQU0sS0FBSyxDQUFDLG1CQUFtQixJQUFJLEtBQUssT0FBTyxtQ0FBbUMsQ0FBQyxDQUFDO0lBQ3hGLENBQUMsQ0FBQyxDQUNILENBQUM7SUFFRixnR0FBZ0c7SUFDaEcsTUFBTSxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsWUFBWSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRTtRQUN6RCxJQUFJLElBQUksS0FBSyxvQkFBUyxDQUFDLFFBQVE7WUFBRSxPQUFPO1FBQ3hDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDO1lBQzdCLE1BQU0sS0FBSyxDQUNULG9CQUFvQixJQUFJLDhEQUE4RCxDQUN2RixDQUFDO0lBQ04sQ0FBQyxDQUFDLENBQUM7QUFDTCxDQUFDLENBQUM7QUF2RVcsUUFBQSxhQUFhLGlCQXVFeEIifQ==
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmFsaWRhdGUtb3JkZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvdXRpbHMvb3JkZXIvdmFsaWRhdGUtb3JkZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBQUEscURBQWdEO0FBQ2hELHFFQUEwQztBQUMxQyxtREFBK0U7QUFHL0UsTUFBTSx3QkFBd0IsR0FBRyxDQUFDLHlCQUFVLENBQUMsQ0FBQztBQUU5QyxNQUFNLGNBQWMsR0FBeUI7SUFDM0MsdUJBQXVCLENBQUMsT0FBZSxFQUFFLElBQWU7UUFDdEQsT0FBTyxJQUFJLGtCQUFLLENBQUMsT0FBTyxDQUFDLENBQUMsdUJBQXVCLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDMUQsQ0FBQztJQUVELDZCQUE2QixDQUFDLE9BQWUsRUFBRSxZQUE4QjtRQUMzRSxPQUFPLElBQUksa0JBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyw2QkFBNkIsQ0FBQyxZQUFZLENBQUMsRUFBRSxFQUFFLFlBQVksQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUNqRyxDQUFDO0NBQ0YsQ0FBQztBQUVGLE1BQU0sWUFBWSxHQUFHLENBQUMsSUFBcUIsRUFBVSxFQUFFO0lBQ3JELE1BQU0sVUFBVSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUNoQyxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxVQUFVLENBQUMsSUFBSSxVQUFVLElBQUksQ0FBQyxJQUFJLFVBQVUsR0FBRyxLQUFLLEVBQUUsQ0FBQztRQUMzRSxNQUFNLElBQUksS0FBSyxDQUFDLHdCQUF3QixJQUFJLEVBQUUsQ0FBQyxDQUFDO0lBQ2xELENBQUM7SUFDRCxJQUFJLENBQUMsd0JBQXdCLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQUM7UUFDbkQsTUFBTSxJQUFJLEtBQUssQ0FBQyxRQUFRLFVBQVUsaUNBQWlDLENBQUMsQ0FBQztJQUN2RSxDQUFDO0lBQ0QsT0FBTyxVQUFVLENBQUM7QUFDcEIsQ0FBQyxDQUFDO0FBRUssTUFBTSxhQUFhLEdBQUcsS0FBSyxFQUNoQyxNQUEyQixFQUMzQixVQUFnQyxjQUFjLEVBQy9CLEVBQUU7SUFDakIsc0NBQXNDO0lBQ3RDLElBQUksTUFBTSxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsS0FBSyxLQUFLLHFCQUFVLENBQUMsS0FBSztRQUNuRCxNQUFNLEtBQUssQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDO0lBRWhELDhCQUE4QjtJQUM5QixNQUFNLGlCQUFpQixHQUFHLE1BQU0sSUFBSSxrQkFBSyxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUMsVUFBVSxDQUN4RSxNQUFNLENBQUMsS0FBSyxDQUFDLFlBQVksQ0FDMUIsQ0FBQztJQUNGLE1BQU0sYUFBYSxHQUFHLGlCQUFpQixDQUFDLElBQUksQ0FBQyxRQUFtQyxDQUFDO0lBQ2pGLElBQUksYUFBYSxFQUFFLENBQUM7UUFDbEIsTUFBTSxFQUFFLGNBQWMsRUFBRSxjQUFjLEVBQUUsR0FBRyxhQUFhLENBQUM7UUFFekQsSUFBSSxjQUFjLEVBQUUsQ0FBQztZQUNuQixZQUFZLENBQUMsY0FBYyxDQUFDLENBQUM7UUFDL0IsQ0FBQztRQUVELElBQUksY0FBYyxJQUFJLE1BQU0sQ0FBQyxLQUFLLENBQUMsU0FBUyxLQUFLLG9CQUFTLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDcEUsTUFBTSxJQUFJLEtBQUssQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO1FBQzNELENBQUM7SUFDSCxDQUFDO0lBRUQscUNBQXFDO0lBQ3JDLE1BQU0sc0JBQXNCLEdBQUcsTUFBTSxPQUFPLENBQUMsdUJBQXVCLENBQ2xFLE1BQU0sQ0FBQyxLQUFLLENBQUMsT0FBTyxFQUNwQixvQkFBUyxDQUFDLFFBQVEsQ0FDbkIsQ0FBQztJQUNGLElBQUksQ0FBQyxzQkFBc0I7UUFBRSxPQUFPO0lBRXBDLDhCQUE4QjtJQUM5QixJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVc7UUFBRSxNQUFNLEtBQUssQ0FBQyxvREFBb0QsQ0FBQyxDQUFDO0lBRTNGLG1EQUFtRDtJQUNuRCxNQUFNLGtCQUFrQixHQUFHO1FBQ3pCLEVBQUUsRUFBRSxNQUFNLENBQUMsV0FBVyxDQUFDLE9BQU87UUFDOUIsT0FBTyxFQUFFLENBQUM7S0FDWCxDQUFDO0lBQ0YsTUFBTSw2QkFBNkIsR0FBRyxNQUFNLE9BQU8sQ0FBQyw2QkFBNkIsQ0FDL0UsTUFBTSxDQUFDLEtBQUssQ0FBQyxPQUFPLEVBQ3BCLGtCQUFrQixDQUNuQixDQUFDO0lBQ0YsSUFBSSxDQUFDLDZCQUE2QjtRQUNoQyxNQUFNLEtBQUssQ0FBQyxtREFBbUQsQ0FBQyxDQUFDO0lBRW5FLElBQUksTUFBTSxDQUFDLFdBQVcsQ0FBQyxTQUFTLEtBQUssb0JBQVMsQ0FBQyxRQUFRO1FBQ3JELE1BQU0sS0FBSyxDQUFDLHNEQUFzRCxDQUFDLENBQUM7SUFFdEUsMkVBQTJFO0lBQzNFLE1BQU0sZ0JBQWdCLEdBQTRCLElBQUksR0FBRyxFQUFFLENBQUM7SUFDNUQsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUNmLE1BQU0sQ0FBQyxXQUFXLENBQUMsU0FBUyxDQUFDLGNBQWMsQ0FBQyxHQUFHLENBQUMsS0FBSyxFQUFFLFlBQVksRUFBRSxLQUFLLEVBQUUsRUFBRTtRQUM1RSxJQUFJLFlBQVksS0FBSyxNQUFNLENBQUMsS0FBSyxDQUFDLE9BQU87WUFBRSxPQUFPLElBQUksQ0FBQztRQUV2RCxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksa0JBQUssQ0FBQyxZQUFZLENBQUMsQ0FBQyxZQUFZLEVBQUUsQ0FBQztRQUMvRCxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsU0FBUyxFQUFFLElBQUksQ0FBQyxDQUFDO1FBRXRDLE1BQU0saUJBQWlCLEdBQUcsTUFBTSxDQUFDLFdBQVksQ0FBQyxTQUFTLENBQUMsbUJBQW1CLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDbkYsTUFBTSxpQkFBaUIsR0FBRztZQUN4QixFQUFFLEVBQUUsWUFBWTtZQUNoQixPQUFPLEVBQUUsaUJBQWlCO1NBQzNCLENBQUM7UUFDRixNQUFNLDZCQUE2QixHQUFHLE1BQU0sT0FBTyxDQUFDLDZCQUE2QixDQUMvRSxNQUFNLENBQUMsS0FBSyxDQUFDLE9BQU8sRUFDcEIsaUJBQWlCLENBQ2xCLENBQUM7UUFDRixJQUFJLENBQUMsNkJBQTZCO1lBQ2hDLE1BQU0sS0FBSyxDQUNULGtFQUFrRSxZQUFZLHVCQUF1QixpQkFBaUIsZUFBZSxTQUFTLHdCQUF3QixNQUFNLENBQUMsV0FBVyxFQUFFLE9BQU8sR0FBRyxDQUNyTSxDQUFDO0lBQ04sQ0FBQyxDQUFDLENBQ0gsQ0FBQztJQUVGLGdHQUFnRztJQUNoRyxNQUFNLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxZQUFZLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFO1FBQ3pELElBQUksSUFBSSxLQUFLLG9CQUFTLENBQUMsUUFBUTtZQUFFLE9BQU87UUFDeEMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUM7WUFDN0IsTUFBTSxLQUFLLENBQ1Qsb0JBQW9CLElBQUksOERBQThELENBQ3ZGLENBQUM7SUFDTixDQUFDLENBQUMsQ0FBQztBQUNMLENBQUMsQ0FBQztBQW5GVyxRQUFBLGFBQWEsaUJBbUZ4QiJ9

package/dist/cjs/utils/order/versify.d.ts

@@ -0,0 +1,2 @@
+import { OrderInfo } from '../../types/index.js';
+export declare const versify: (info: OrderInfo, isTeeOffer: boolean) => Promise<OrderInfo>;

package/dist/cjs/utils/order/versify.js

@@ -0,0 +1,43 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.versify = void 0;
+const Offer_js_1 = __importDefault(require("../../models/Offer.js"));
+const versify = async (info, isTeeOffer) => {
+    const { offerId, offerVersion, args } = info;
+    const getActualOfferVersion = async (params) => {
+        if (params.isTeeOffer || params.offerId === '0') {
+            return params.offerVersion;
+        }
+        const actualVersion = params.offerVersion
+            ? params.offerVersion
+            : await new Offer_js_1.default(params.offerId).getLastVersionNumber();
+        return actualVersion || 0;
+    };
+    args.outputOfferVersion;
+    return {
+        ...info,
+        offerVersion: await getActualOfferVersion({
+            isTeeOffer,
+            offerId,
+            offerVersion,
+        }),
+        args: {
+            ...args,
+            outputOfferVersion: await getActualOfferVersion({
+                isTeeOffer,
+                offerId: args.outputOfferId,
+                offerVersion: args.outputOfferVersion,
+            }),
+            inputOffersVersions: await Promise.all(args.inputOffersVersions.map((offerVersion, index) => getActualOfferVersion({
+                isTeeOffer: false,
+                offerId: args.inputOffersIds[index],
+                offerVersion,
+            }))),
+        },
+    };
+};
+exports.versify = versify;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmVyc2lmeS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy91dGlscy9vcmRlci92ZXJzaWZ5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7OztBQUNBLHFFQUEwQztBQUVuQyxNQUFNLE9BQU8sR0FBRyxLQUFLLEVBQUUsSUFBZSxFQUFFLFVBQW1CLEVBQXNCLEVBQUU7SUFDeEYsTUFBTSxFQUFFLE9BQU8sRUFBRSxZQUFZLEVBQUUsSUFBSSxFQUFFLEdBQUcsSUFBSSxDQUFDO0lBQzdDLE1BQU0scUJBQXFCLEdBQUcsS0FBSyxFQUFFLE1BSXBDLEVBQW1CLEVBQUU7UUFDcEIsSUFBSSxNQUFNLENBQUMsVUFBVSxJQUFJLE1BQU0sQ0FBQyxPQUFPLEtBQUssR0FBRyxFQUFFLENBQUM7WUFDaEQsT0FBTyxNQUFNLENBQUMsWUFBWSxDQUFDO1FBQzdCLENBQUM7UUFFRCxNQUFNLGFBQWEsR0FBRyxNQUFNLENBQUMsWUFBWTtZQUN2QyxDQUFDLENBQUMsTUFBTSxDQUFDLFlBQVk7WUFDckIsQ0FBQyxDQUFDLE1BQU0sSUFBSSxrQkFBSyxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQyxvQkFBb0IsRUFBRSxDQUFDO1FBRTNELE9BQU8sYUFBYSxJQUFJLENBQUMsQ0FBQztJQUM1QixDQUFDLENBQUM7SUFFRixJQUFJLENBQUMsa0JBQWtCLENBQUM7SUFFeEIsT0FBTztRQUNMLEdBQUcsSUFBSTtRQUNQLFlBQVksRUFBRSxNQUFNLHFCQUFxQixDQUFDO1lBQ3hDLFVBQVU7WUFDVixPQUFPO1lBQ1AsWUFBWTtTQUNiLENBQUM7UUFDRixJQUFJLEVBQUU7WUFDSixHQUFHLElBQUk7WUFDUCxrQkFBa0IsRUFBRSxNQUFNLHFCQUFxQixDQUFDO2dCQUM5QyxVQUFVO2dCQUNWLE9BQU8sRUFBRSxJQUFJLENBQUMsYUFBYTtnQkFDM0IsWUFBWSxFQUFFLElBQUksQ0FBQyxrQkFBa0I7YUFDdEMsQ0FBQztZQUNGLG1CQUFtQixFQUFFLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FDcEMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLEdBQUcsQ0FBQyxDQUFDLFlBQVksRUFBRSxLQUFLLEVBQUUsRUFBRSxDQUNuRCxxQkFBcUIsQ0FBQztnQkFDcEIsVUFBVSxFQUFFLEtBQUs7Z0JBQ2pCLE9BQU8sRUFBRSxJQUFJLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQztnQkFDbkMsWUFBWTthQUNiLENBQUMsQ0FDSCxDQUNGO1NBQ0Y7S0FDRixDQUFDO0FBQ0osQ0FBQyxDQUFDO0FBN0NXLFFBQUEsT0FBTyxXQTZDbEIifQ==

package/dist/mjs/certificates/crl.d.ts

@@ -0,0 +1,6 @@
+import * as pkijs from 'pkijs';
+export declare class CRLHelper {
+    static getCRLFromCerts(certs: pkijs.Certificate[]): Promise<pkijs.CertificateRevocationList[]>;
+    private static getCRLRequestData;
+    private static getCRLResponse;
+}

package/dist/mjs/certificates/crl.js

@@ -0,0 +1,39 @@
+import * as pkijs from 'pkijs';
+import { CertificatesHelper } from './helper.js';
+import { OID_CRL_DISTRIBUTION_POINTS } from '../constants.js';
+import { helpers } from '../index.js';
+export class CRLHelper {
+    static async getCRLFromCerts(certs) {
+        const crlRequestsData = certs.map(this.getCRLRequestData).filter(Boolean);
+        if (!crlRequestsData.length) {
+            return [];
+        }
+        const crlResponseResults = await Promise.allSettled(crlRequestsData.map((reqData) => this.getCRLResponse(reqData)));
+        const rejectedCRLResponses = crlResponseResults
+            .filter(helpers.isRejected)
+            .map((result) => result.reason);
+        if (rejectedCRLResponses.length) {
+            throw new Error(`Can't get CRL responses for some certificates (reasons=${rejectedCRLResponses.join(';\n')})`);
+        }
+        return crlResponseResults.filter(helpers.isFulfilled).map((result) => result.value);
+    }
+    static getCRLRequestData(cert) {
+        const authorityExtension = CertificatesHelper.getExtensionValue(cert, OID_CRL_DISTRIBUTION_POINTS);
+        if (!authorityExtension) {
+            return;
+        }
+        const extensionValue = pkijs.ExtensionValueFactory.fromBER(OID_CRL_DISTRIBUTION_POINTS, authorityExtension);
+        const findType6DistributionPointExtension = (entry) => entry.type === 6;
+        const crlUrlDistributionPoints = extensionValue?.distributionPoints.find((point) => point.distributionPoint?.some(findType6DistributionPointExtension));
+        const crlUrl = crlUrlDistributionPoints?.distributionPoint?.find(findType6DistributionPointExtension)?.value;
+        if (!crlUrl) {
+            return;
+        }
+        return { crlUrl };
+    }
+    static async getCRLResponse(data) {
+        const response = await CertificatesHelper.downloadCertWithCache(data.crlUrl);
+        return pkijs.CertificateRevocationList.fromBER(response);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY3JsLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2NlcnRpZmljYXRlcy9jcmwudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLEtBQUssTUFBTSxPQUFPLENBQUM7QUFDL0IsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sYUFBYSxDQUFDO0FBQ2pELE9BQU8sRUFBRSwyQkFBMkIsRUFBRSxNQUFNLGlCQUFpQixDQUFDO0FBQzlELE9BQU8sRUFBRSxPQUFPLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFJdEMsTUFBTSxPQUFPLFNBQVM7SUFDcEIsTUFBTSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQzFCLEtBQTBCO1FBRTFCLE1BQU0sZUFBZSxHQUFHLEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBcUIsQ0FBQztRQUM5RixJQUFJLENBQUMsZUFBZSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQzVCLE9BQU8sRUFBRSxDQUFDO1FBQ1osQ0FBQztRQUVELE1BQU0sa0JBQWtCLEdBQUcsTUFBTSxPQUFPLENBQUMsVUFBVSxDQUNqRCxlQUFlLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQy9ELENBQUM7UUFFRixNQUFNLG9CQUFvQixHQUFHLGtCQUFrQjthQUM1QyxNQUFNLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQzthQUMxQixHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNsQyxJQUFJLG9CQUFvQixDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2hDLE1BQU0sSUFBSSxLQUFLLENBQ2IsMERBQTBELG9CQUFvQixDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUM5RixDQUFDO1FBQ0osQ0FBQztRQUVELE9BQU8sa0JBQWtCLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUN0RixDQUFDO0lBRU8sTUFBTSxDQUFDLGlCQUFpQixDQUFDLElBQXVCO1FBQ3RELE1BQU0sa0JBQWtCLEdBQUcsa0JBQWtCLENBQUMsaUJBQWlCLENBQzdELElBQUksRUFDSiwyQkFBMkIsQ0FDNUIsQ0FBQztRQUNGLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQ3hCLE9BQU87UUFDVCxDQUFDO1FBRUQsTUFBTSxjQUFjLEdBQUcsS0FBSyxDQUFDLHFCQUFxQixDQUFDLE9BQU8sQ0FDeEQsMkJBQTJCLEVBQzNCLGtCQUFrQixDQUNZLENBQUM7UUFFakMsTUFBTSxtQ0FBbUMsR0FBRyxDQUFDLEtBQXdCLEVBQVcsRUFBRSxDQUNoRixLQUFLLENBQUMsSUFBSSxLQUFLLENBQUMsQ0FBQztRQUVuQixNQUFNLHdCQUF3QixHQUFHLGNBQWMsRUFBRSxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUNoRixLQUFLLENBQUMsaUJBQXFELEVBQUUsSUFBSSxDQUNoRSxtQ0FBbUMsQ0FDcEMsQ0FDRixDQUFDO1FBQ0YsTUFBTSxNQUFNLEdBQ1Ysd0JBQXdCLEVBQUUsaUJBQzNCLEVBQUUsSUFBSSxDQUFDLG1DQUFtQyxDQUFDLEVBQUUsS0FBSyxDQUFDO1FBQ3BELElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNaLE9BQU87UUFDVCxDQUFDO1FBRUQsT0FBTyxFQUFFLE1BQU0sRUFBRSxDQUFDO0lBQ3BCLENBQUM7SUFFTyxNQUFNLENBQUMsS0FBSyxDQUFDLGNBQWMsQ0FDakMsSUFBb0I7UUFFcEIsTUFBTSxRQUFRLEdBQUcsTUFBTSxrQkFBa0IsQ0FBQyxxQkFBcUIsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFN0UsT0FBTyxLQUFLLENBQUMseUJBQXlCLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQzNELENBQUM7Q0FDRiJ9

package/dist/mjs/certificates/helper.d.ts

@@ -0,0 +1,23 @@
+/// <reference types="node" />
+import * as pkijs from 'pkijs';
+import { ValidateCertChainResult } from './types.js';
+export declare class CertificatesHelper {
+    private static downloadedCertificateCache;
+    static derToPem(data: ArrayBuffer): string;
+    static pemToDer(certPem: string): Uint8Array;
+    static splitPemCerts(certs: string): string[];
+    static getDomain(certPem: string): string | undefined;
+    static getExtensionValue(certParam: string | pkijs.Certificate, oid: string): Buffer | undefined;
+    static extractCAFromChain(certsPem: string): {
+        certs: string;
+        ca: string;
+    };
+    static pemChainToDer(certsPem: string): Uint8Array[];
+    static derChainToPem(certsDer: Uint8Array[]): string;
+    static downloadCertWithCache(url: string): Promise<Buffer>;
+    static sortCertsFromLeafToRoot(certsPem: string | string[]): pkijs.Certificate[];
+    static validateCertChain(certsPem: string | string[], caPem: string | string[], options?: {
+        offline?: boolean;
+    }): Promise<ValidateCertChainResult>;
+    private static toPkiCerts;
+}

package/dist/mjs/certificates/helper.js

@@ -0,0 +1,147 @@
+import _ from 'lodash';
+import axios from 'axios';
+import forge from 'node-forge';
+import * as pkijs from 'pkijs';
+import { createMemoryCache } from '../utils/cache/memory.js';
+import { OCSPHelper } from './ocsp.js';
+import { CRLHelper } from './crl.js';
+import { webcrypto } from 'crypto';
+//pkijs initCryptoEngine method doesn't work properly in nodejs
+//https://github.com/PeculiarVentures/PKI.js/blob/91c596be220c5010b38415a68bd100942dfd321e/src/CryptoEngine/CryptoEngineInit.ts#L4
+try {
+    pkijs.getEngine();
+}
+catch (err) {
+    if (err.message === `Please call 'setEngine' before call to 'getEngine'`) {
+        pkijs.setEngine('Node', new pkijs.CryptoEngine({ name: 'Node', crypto: webcrypto }));
+    }
+}
+export class CertificatesHelper {
+    static downloadedCertificateCache = createMemoryCache();
+    static derToPem(data) {
+        return forge.pem.encode({
+            contentDomain: null,
+            dekInfo: null,
+            headers: [],
+            procType: null,
+            type: 'CERTIFICATE',
+            body: Buffer.from(data).toString('binary'),
+        });
+    }
+    static pemToDer(certPem) {
+        return Buffer.from(forge.pki.pemToDer(certPem).bytes(), 'binary');
+    }
+    static splitPemCerts(certs) {
+        const pemRegex = /(-----BEGIN CERTIFICATE-----[\s\S]*?-----END CERTIFICATE-----)/g;
+        return certs.match(pemRegex) || [];
+    }
+    static getDomain(certPem) {
+        const cert = forge.pki.certificateFromPem(certPem);
+        return cert.subject.attributes.find((attribute) => attribute.name === 'commonName')
+            ?.value;
+    }
+    static getExtensionValue(certParam, oid) {
+        const cert = typeof certParam === 'string'
+            ? pkijs.Certificate.fromBER(CertificatesHelper.pemToDer(certParam))
+            : certParam;
+        const extension = cert.extensions?.find((ext) => ext.extnID === oid);
+        return extension && Buffer.from(extension.extnValue.valueBlock.toBER());
+    }
+    static extractCAFromChain(certsPem) {
+        const certs = CertificatesHelper.toPkiCerts(certsPem);
+        const splitCerts = _.partition(certs, (cert) => !cert.issuer.isEqual(cert.subject));
+        const toPemChain = (certs) => certs.map((cert) => CertificatesHelper.derToPem(cert.toSchema().toBER())).join('\n');
+        return {
+            certs: toPemChain(splitCerts[0]),
+            ca: toPemChain(splitCerts[1]),
+        };
+    }
+    static pemChainToDer(certsPem) {
+        const certs = CertificatesHelper.splitPemCerts(certsPem);
+        return certs.map((certPem) => CertificatesHelper.pemToDer(certPem));
+    }
+    static derChainToPem(certsDer) {
+        return certsDer.map(CertificatesHelper.derToPem).join('').trim();
+    }
+    static async downloadCertWithCache(url) {
+        const responseData = await CertificatesHelper.downloadedCertificateCache.wrap(url, async () => {
+            const response = await axios(url, {
+                responseType: 'arraybuffer',
+            });
+            return response?.data;
+        }, {
+            ttl: 5 * 60 * 1000, //5 min
+        });
+        return responseData;
+    }
+    static sortCertsFromLeafToRoot(certsPem) {
+        const allCerts = CertificatesHelper.toPkiCerts(certsPem);
+        const leafs = allCerts.filter((certToCheck) => !allCerts.some((certsToCheckWith) => certToCheck.subject.isEqual(certsToCheckWith.issuer)));
+        const buildChain = (leaf) => {
+            const chain = [leaf];
+            let currentCert = leaf;
+            do {
+                currentCert = allCerts.find((potentialIssuer) => currentCert?.issuer.isEqual(potentialIssuer.subject) &&
+                    !currentCert.subject.isEqual(currentCert.issuer));
+                if (currentCert) {
+                    chain.push(currentCert);
+                }
+            } while (currentCert);
+            return chain;
+        };
+        const chains = leafs.map(buildChain).sort((one, two) => two.length - one.length);
+        return chains.flat();
+    }
+    static async validateCertChain(certsPem, caPem, options = {}) {
+        const { offline } = options;
+        // reverse() is needed because pkijs expects certificates to be ordered from root to leaf
+        const sortedCerts = CertificatesHelper.sortCertsFromLeafToRoot(certsPem).reverse();
+        const ca = CertificatesHelper.toPkiCerts(caPem);
+        try {
+            const crls = offline ? [] : await CRLHelper.getCRLFromCerts(sortedCerts);
+            const ocspBaseResponses = offline
+                ? []
+                : await OCSPHelper.getOCSPResponseFromCerts(sortedCerts, ca);
+            const chainEngine = new pkijs.CertificateChainValidationEngine({
+                certs: sortedCerts,
+                trustedCerts: ca,
+                ocsps: ocspBaseResponses,
+                crls,
+            });
+            const verifyResult = await chainEngine.verify();
+            if (!verifyResult.result) {
+                return {
+                    isValid: false,
+                    errorMessage: verifyResult.resultMessage,
+                };
+            }
+            /**
+             * When verifying a certificate chain, chainEngine.verify() attempts to find a valid
+             * certification path using the provided certificates. It may ignore certificates that
+             * don't belong to the valid chain.
+             *
+             * This check ensures that all certificates we initially provided were actually used
+             * in the valid certification path that CertificateChainValidationEngine constructed.
+             * If any certificate was ignored/not used, we throw an error.
+             */
+            const isEachCertVerified = sortedCerts.every((cert) => verifyResult.certificatePath?.find((verifiedCert) => verifiedCert.serialNumber.isEqual(cert.serialNumber)));
+            if (!isEachCertVerified) {
+                throw new Error('Some of certificates do not belong to chain');
+            }
+            return {
+                isValid: true,
+            };
+        }
+        catch (err) {
+            return {
+                isValid: false,
+                errorMessage: err.message,
+            };
+        }
+    }
+    static toPkiCerts(certs) {
+        const certsArray = Array.isArray(certs) ? certs : CertificatesHelper.splitPemCerts(certs);
+        return certsArray.map((certPem) => pkijs.Certificate.fromBER(CertificatesHelper.pemToDer(certPem)));
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGVscGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2NlcnRpZmljYXRlcy9oZWxwZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxDQUFDLE1BQU0sUUFBUSxDQUFDO0FBQ3ZCLE9BQU8sS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUMxQixPQUFPLEtBQUssTUFBTSxZQUFZLENBQUM7QUFDL0IsT0FBTyxLQUFLLEtBQUssTUFBTSxPQUFPLENBQUM7QUFDL0IsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFFN0QsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLFdBQVcsQ0FBQztBQUN2QyxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sVUFBVSxDQUFDO0FBQ3JDLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxRQUFRLENBQUM7QUFFbkMsK0RBQStEO0FBQy9ELGtJQUFrSTtBQUNsSSxJQUFJLENBQUM7SUFDSCxLQUFLLENBQUMsU0FBUyxFQUFFLENBQUM7QUFDcEIsQ0FBQztBQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7SUFDYixJQUFLLEdBQWEsQ0FBQyxPQUFPLEtBQUssb0RBQW9ELEVBQUUsQ0FBQztRQUNwRixLQUFLLENBQUMsU0FBUyxDQUFDLE1BQU0sRUFBRSxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUMsRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxTQUFnQixFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQzlGLENBQUM7QUFDSCxDQUFDO0FBRUQsTUFBTSxPQUFPLGtCQUFrQjtJQUNyQixNQUFNLENBQUMsMEJBQTBCLEdBQUcsaUJBQWlCLEVBQUUsQ0FBQztJQUVoRSxNQUFNLENBQUMsUUFBUSxDQUFDLElBQWlCO1FBQy9CLE9BQU8sS0FBSyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUM7WUFDdEIsYUFBYSxFQUFFLElBQUk7WUFDbkIsT0FBTyxFQUFFLElBQUk7WUFDYixPQUFPLEVBQUUsRUFBRTtZQUNYLFFBQVEsRUFBRSxJQUFJO1lBQ2QsSUFBSSxFQUFFLGFBQWE7WUFDbkIsSUFBSSxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQztTQUMzQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsTUFBTSxDQUFDLFFBQVEsQ0FBQyxPQUFlO1FBQzdCLE9BQU8sTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQyxLQUFLLEVBQUUsRUFBRSxRQUFRLENBQUMsQ0FBQztJQUNwRSxDQUFDO0lBRUQsTUFBTSxDQUFDLGFBQWEsQ0FBQyxLQUFhO1FBQ2hDLE1BQU0sUUFBUSxHQUFHLGlFQUFpRSxDQUFDO1FBQ25GLE9BQU8sS0FBSyxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7SUFDckMsQ0FBQztJQUVELE1BQU0sQ0FBQyxTQUFTLENBQUMsT0FBZTtRQUM5QixNQUFNLElBQUksR0FBRyxLQUFLLENBQUMsR0FBRyxDQUFDLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ25ELE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUMsU0FBUyxFQUFFLEVBQUUsQ0FBQyxTQUFTLENBQUMsSUFBSSxLQUFLLFlBQVksQ0FBQztZQUNqRixFQUFFLEtBQWUsQ0FBQztJQUN0QixDQUFDO0lBRUQsTUFBTSxDQUFDLGlCQUFpQixDQUFDLFNBQXFDLEVBQUUsR0FBVztRQUN6RSxNQUFNLElBQUksR0FDUixPQUFPLFNBQVMsS0FBSyxRQUFRO1lBQzNCLENBQUMsQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDbkUsQ0FBQyxDQUFDLFNBQVMsQ0FBQztRQUNoQixNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsVUFBVSxFQUFFLElBQUksQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLE1BQU0sS0FBSyxHQUFHLENBQUMsQ0FBQztRQUNyRSxPQUFPLFNBQVMsSUFBSSxNQUFNLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUM7SUFDMUUsQ0FBQztJQUVELE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxRQUFnQjtRQUN4QyxNQUFNLEtBQUssR0FBRyxrQkFBa0IsQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDdEQsTUFBTSxVQUFVLEdBQUcsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7UUFFcEYsTUFBTSxVQUFVLEdBQUcsQ0FBQyxLQUEwQixFQUFVLEVBQUUsQ0FDeEQsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsa0JBQWtCLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBRXZGLE9BQU87WUFDTCxLQUFLLEVBQUUsVUFBVSxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNoQyxFQUFFLEVBQUUsVUFBVSxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztTQUM5QixDQUFDO0lBQ0osQ0FBQztJQUVELE1BQU0sQ0FBQyxhQUFhLENBQUMsUUFBZ0I7UUFDbkMsTUFBTSxLQUFLLEdBQUcsa0JBQWtCLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBRXpELE9BQU8sS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsa0JBQWtCLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7SUFDdEUsQ0FBQztJQUVELE1BQU0sQ0FBQyxhQUFhLENBQUMsUUFBc0I7UUFDekMsT0FBTyxRQUFRLENBQUMsR0FBRyxDQUFDLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQztJQUNuRSxDQUFDO0lBRUQsTUFBTSxDQUFDLEtBQUssQ0FBQyxxQkFBcUIsQ0FBQyxHQUFXO1FBQzVDLE1BQU0sWUFBWSxHQUFHLE1BQU0sa0JBQWtCLENBQUMsMEJBQTBCLENBQUMsSUFBSSxDQUMzRSxHQUFHLEVBQ0gsS0FBSyxJQUFJLEVBQUU7WUFDVCxNQUFNLFFBQVEsR0FBRyxNQUFNLEtBQUssQ0FBQyxHQUFHLEVBQUU7Z0JBQ2hDLFlBQVksRUFBRSxhQUFhO2FBQzVCLENBQUMsQ0FBQztZQUNILE9BQU8sUUFBUSxFQUFFLElBQUksQ0FBQztRQUN4QixDQUFDLEVBQ0Q7WUFDRSxHQUFHLEVBQUUsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLEVBQUUsT0FBTztTQUM1QixDQUNGLENBQUM7UUFFRixPQUFPLFlBQVksQ0FBQztJQUN0QixDQUFDO0lBRUQsTUFBTSxDQUFDLHVCQUF1QixDQUFDLFFBQTJCO1FBQ3hELE1BQU0sUUFBUSxHQUFHLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUV6RCxNQUFNLEtBQUssR0FBRyxRQUFRLENBQUMsTUFBTSxDQUMzQixDQUFDLFdBQVcsRUFBRSxFQUFFLENBQ2QsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUMsZ0JBQWdCLEVBQUUsRUFBRSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLGdCQUFnQixDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQzdGLENBQUM7UUFFRixNQUFNLFVBQVUsR0FBRyxDQUFDLElBQXVCLEVBQXVCLEVBQUU7WUFDbEUsTUFBTSxLQUFLLEdBQUcsQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUNyQixJQUFJLFdBQVcsR0FBa0MsSUFBSSxDQUFDO1lBRXRELEdBQUcsQ0FBQztnQkFDRixXQUFXLEdBQUcsUUFBUSxDQUFDLElBQUksQ0FDekIsQ0FBQyxlQUFlLEVBQUUsRUFBRSxDQUNsQixXQUFXLEVBQUUsTUFBTSxDQUFDLE9BQU8sQ0FBQyxlQUFlLENBQUMsT0FBTyxDQUFDO29CQUNwRCxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsQ0FDbkQsQ0FBQztnQkFFRixJQUFJLFdBQVcsRUFBRSxDQUFDO29CQUNoQixLQUFLLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO2dCQUMxQixDQUFDO1lBQ0gsQ0FBQyxRQUFRLFdBQVcsRUFBRTtZQUV0QixPQUFPLEtBQUssQ0FBQztRQUNmLENBQUMsQ0FBQztRQUVGLE1BQU0sTUFBTSxHQUFHLEtBQUssQ0FBQyxHQUFHLENBQUMsVUFBVSxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLE1BQU0sR0FBRyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDakYsT0FBTyxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUM7SUFDdkIsQ0FBQztJQUVELE1BQU0sQ0FBQyxLQUFLLENBQUMsaUJBQWlCLENBQzVCLFFBQTJCLEVBQzNCLEtBQXdCLEVBQ3hCLFVBQWlDLEVBQUU7UUFFbkMsTUFBTSxFQUFFLE9BQU8sRUFBRSxHQUFHLE9BQU8sQ0FBQztRQUU1Qix5RkFBeUY7UUFDekYsTUFBTSxXQUFXLEdBQUcsa0JBQWtCLENBQUMsdUJBQXVCLENBQUMsUUFBUSxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUM7UUFFbkYsTUFBTSxFQUFFLEdBQUcsa0JBQWtCLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRWhELElBQUksQ0FBQztZQUNILE1BQU0sSUFBSSxHQUFHLE9BQU8sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxNQUFNLFNBQVMsQ0FBQyxlQUFlLENBQUMsV0FBVyxDQUFDLENBQUM7WUFDekUsTUFBTSxpQkFBaUIsR0FBRyxPQUFPO2dCQUMvQixDQUFDLENBQUMsRUFBRTtnQkFDSixDQUFDLENBQUMsTUFBTSxVQUFVLENBQUMsd0JBQXdCLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBRS9ELE1BQU0sV0FBVyxHQUFHLElBQUksS0FBSyxDQUFDLGdDQUFnQyxDQUFDO2dCQUM3RCxLQUFLLEVBQUUsV0FBVztnQkFDbEIsWUFBWSxFQUFFLEVBQUU7Z0JBQ2hCLEtBQUssRUFBRSxpQkFBaUI7Z0JBQ3hCLElBQUk7YUFDTCxDQUFDLENBQUM7WUFFSCxNQUFNLFlBQVksR0FBRyxNQUFNLFdBQVcsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNoRCxJQUFJLENBQUMsWUFBWSxDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUN6QixPQUFPO29CQUNMLE9BQU8sRUFBRSxLQUFLO29CQUNkLFlBQVksRUFBRSxZQUFZLENBQUMsYUFBYTtpQkFDekMsQ0FBQztZQUNKLENBQUM7WUFFRDs7Ozs7Ozs7ZUFRRztZQUNILE1BQU0sa0JBQWtCLEdBQUcsV0FBVyxDQUFDLEtBQUssQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQ3BELFlBQVksQ0FBQyxlQUFlLEVBQUUsSUFBSSxDQUFDLENBQUMsWUFBWSxFQUFFLEVBQUUsQ0FDbEQsWUFBWSxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUNyRCxDQUNGLENBQUM7WUFDRixJQUFJLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztnQkFDeEIsTUFBTSxJQUFJLEtBQUssQ0FBQyw2Q0FBNkMsQ0FBQyxDQUFDO1lBQ2pFLENBQUM7WUFFRCxPQUFPO2dCQUNMLE9BQU8sRUFBRSxJQUFJO2FBQ2QsQ0FBQztRQUNKLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ2IsT0FBTztnQkFDTCxPQUFPLEVBQUUsS0FBSztnQkFDZCxZQUFZLEVBQUcsR0FBYSxDQUFDLE9BQU87YUFDckMsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0lBRU8sTUFBTSxDQUFDLFVBQVUsQ0FBQyxLQUF3QjtRQUNoRCxNQUFNLFVBQVUsR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLGtCQUFrQixDQUFDLGFBQWEsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUMxRixPQUFPLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUNoQyxLQUFLLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FDaEUsQ0FBQztJQUNKLENBQUMifQ==

package/dist/mjs/certificates/index.d.ts

@@ -0,0 +1,2 @@
+export * from './helper.js';
+export * from './types.js';

package/dist/mjs/certificates/index.js

@@ -0,0 +1,3 @@
+export * from './helper.js';
+export * from './types.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvY2VydGlmaWNhdGVzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLGNBQWMsYUFBYSxDQUFDO0FBQzVCLGNBQWMsWUFBWSxDQUFDIn0=

package/dist/mjs/certificates/ocsp.d.ts

@@ -0,0 +1,9 @@
+import * as pkijs from 'pkijs';
+export declare class OCSPHelper {
+    static getOCSPResponseFromCerts(certs: pkijs.Certificate[], ca: pkijs.Certificate[]): Promise<pkijs.BasicOCSPResponse[]>;
+    private static getOCSPRequestData;
+    private static getOCSPResponse;
+    private static sendOCSPRequest;
+    private static getNonceForRequest;
+    private static getNonceFromResponse;
+}

package/dist/mjs/certificates/ocsp.js

@@ -0,0 +1,94 @@
+import * as pkijs from 'pkijs';
+import * as asn1js from 'asn1js';
+import axios from 'axios';
+import { OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION, OID_OCSP_ACCESS_METHOD, OID_OCSP_ISSUER_ACCESS_METHOD, } from '../constants.js';
+import { CertificatesHelper } from './helper.js';
+import { constants, helpers } from '../index.js';
+export class OCSPHelper {
+    static async getOCSPResponseFromCerts(certs, ca) {
+        const ocspRequestsData = certs
+            .map(OCSPHelper.getOCSPRequestData)
+            .filter(Boolean);
+        if (!ocspRequestsData.length) {
+            return [];
+        }
+        const ocspResponseResults = await Promise.allSettled(ocspRequestsData.map((ocspReqData) => OCSPHelper.getOCSPResponse(ocspReqData, ca)));
+        const rejectedOCSPResponses = ocspResponseResults
+            .filter(helpers.isRejected)
+            .map((result) => result.reason);
+        if (rejectedOCSPResponses.length) {
+            throw new Error(`Can't get OCSP responses for some certificates (reasons=${rejectedOCSPResponses.join(';\n')})`);
+        }
+        return ocspResponseResults.filter(helpers.isFulfilled).map((result) => result.value);
+    }
+    static getOCSPRequestData(cert) {
+        const authorityExtension = CertificatesHelper.getExtensionValue(cert, OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION);
+        if (!authorityExtension) {
+            return;
+        }
+        const extensionValue = pkijs.ExtensionValueFactory.fromBER(OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION, authorityExtension);
+        const ocspUrl = extensionValue.accessDescriptions.find((desc) => desc.accessMethod === OID_OCSP_ACCESS_METHOD)?.accessLocation.value;
+        const issuerCertUrl = extensionValue.accessDescriptions.find((desc) => desc.accessMethod === OID_OCSP_ISSUER_ACCESS_METHOD)?.accessLocation.value;
+        if (!ocspUrl || !issuerCertUrl) {
+            // TODO: throw error?
+            return;
+        }
+        return { ocspUrl, issuerCertUrl, cert };
+    }
+    static async getOCSPResponse(data, ca) {
+        const { ocspUrl, issuerCertUrl, cert } = data;
+        const issuerCertRaw = await CertificatesHelper.downloadCertWithCache(issuerCertUrl);
+        const issuerCertificate = pkijs.Certificate.fromBER(issuerCertRaw);
+        const ocspReq = new pkijs.OCSPRequest();
+        await ocspReq.createForCertificate(cert, {
+            hashAlgorithm: 'SHA-256',
+            issuerCertificate,
+        });
+        const reqNonce = OCSPHelper.getNonceForRequest();
+        ocspReq.tbsRequest.requestExtensions = [
+            new pkijs.Extension({
+                extnID: constants.OID_OCSP_NONCE,
+                extnValue: new asn1js.OctetString({ valueHex: reqNonce.buffer }).toBER(),
+            }),
+        ];
+        const ocspBasicResp = await OCSPHelper.sendOCSPRequest(ocspUrl, ocspReq);
+        const respNonce = await OCSPHelper.getNonceFromResponse(ocspBasicResp);
+        if (respNonce && Buffer.compare(reqNonce, respNonce) !== 0) {
+            throw new Error(`OCSP nonces from request and response do not match`);
+        }
+        const trustedCerts = [];
+        if (!ocspBasicResp.certs) {
+            ocspBasicResp.certs = [issuerCertificate];
+            trustedCerts.push(...ca);
+        }
+        else {
+            trustedCerts.push(issuerCertificate);
+        }
+        await ocspBasicResp.verify({ trustedCerts });
+        return ocspBasicResp;
+    }
+    static async sendOCSPRequest(ocspUrl, ocspReq) {
+        const ocspResponse = await axios(ocspUrl, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/ocsp-request',
+            },
+            responseType: 'arraybuffer',
+            data: ocspReq.toSchema(true).toBER(),
+        });
+        const ocspRespSimpl = pkijs.OCSPResponse.fromBER(ocspResponse.data);
+        if (!ocspRespSimpl.responseBytes) {
+            throw new Error('"No "ResponseBytes" in the OCSP Response - nothing to verify');
+        }
+        const ocspBasicResp = pkijs.BasicOCSPResponse.fromBER(ocspRespSimpl.responseBytes.response.valueBlock.valueHexView);
+        return ocspBasicResp;
+    }
+    static getNonceForRequest() {
+        return pkijs.getRandomValues(new Uint8Array(32));
+    }
+    static getNonceFromResponse(ocspBasicResp) {
+        const nonceExtension = ocspBasicResp.tbsResponseData?.responseExtensions?.find((extension) => extension.extnID === constants.OID_OCSP_NONCE);
+        return nonceExtension?.extnValue.valueBlock.valueHexView;
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2NzcC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvb2NzcC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUMvQixPQUFPLEtBQUssTUFBTSxNQUFNLFFBQVEsQ0FBQztBQUNqQyxPQUFPLEtBQUssTUFBTSxPQUFPLENBQUM7QUFDMUIsT0FBTyxFQUNMLDBDQUEwQyxFQUMxQyxzQkFBc0IsRUFDdEIsNkJBQTZCLEdBQzlCLE1BQU0saUJBQWlCLENBQUM7QUFDekIsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sYUFBYSxDQUFDO0FBQ2pELE9BQU8sRUFBRSxTQUFTLEVBQUUsT0FBTyxFQUFFLE1BQU0sYUFBYSxDQUFDO0FBSWpELE1BQU0sT0FBTyxVQUFVO0lBQ3JCLE1BQU0sQ0FBQyxLQUFLLENBQUMsd0JBQXdCLENBQ25DLEtBQTBCLEVBQzFCLEVBQXVCO1FBRXZCLE1BQU0sZ0JBQWdCLEdBQUcsS0FBSzthQUMzQixHQUFHLENBQUMsVUFBVSxDQUFDLGtCQUFrQixDQUFDO2FBQ2xDLE1BQU0sQ0FBQyxPQUFPLENBQXNCLENBQUM7UUFFeEMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQzdCLE9BQU8sRUFBRSxDQUFDO1FBQ1osQ0FBQztRQUVELE1BQU0sbUJBQW1CLEdBQUcsTUFBTSxPQUFPLENBQUMsVUFBVSxDQUNsRCxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsQ0FBQyxXQUFXLEVBQUUsRUFBRSxDQUFDLFVBQVUsQ0FBQyxlQUFlLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQ25GLENBQUM7UUFFRixNQUFNLHFCQUFxQixHQUFHLG1CQUFtQjthQUM5QyxNQUFNLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQzthQUMxQixHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNsQyxJQUFJLHFCQUFxQixDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQ2IsMkRBQTJELHFCQUFxQixDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUNoRyxDQUFDO1FBQ0osQ0FBQztRQUVELE9BQU8sbUJBQW1CLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUN2RixDQUFDO0lBRU8sTUFBTSxDQUFDLGtCQUFrQixDQUFDLElBQXVCO1FBQ3ZELE1BQU0sa0JBQWtCLEdBQUcsa0JBQWtCLENBQUMsaUJBQWlCLENBQzdELElBQUksRUFDSiwwQ0FBMEMsQ0FDM0MsQ0FBQztRQUNGLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQ3hCLE9BQU87UUFDVCxDQUFDO1FBRUQsTUFBTSxjQUFjLEdBQUcsS0FBSyxDQUFDLHFCQUFxQixDQUFDLE9BQU8sQ0FDeEQsMENBQTBDLEVBQzFDLGtCQUFrQixDQUNFLENBQUM7UUFFdkIsTUFBTSxPQUFPLEdBQUcsY0FBYyxDQUFDLGtCQUFrQixDQUFDLElBQUksQ0FDcEQsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxZQUFZLEtBQUssc0JBQXNCLENBQ3ZELEVBQUUsY0FBYyxDQUFDLEtBQUssQ0FBQztRQUV4QixNQUFNLGFBQWEsR0FBRyxjQUFjLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUMxRCxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLFlBQVksS0FBSyw2QkFBNkIsQ0FDOUQsRUFBRSxjQUFjLENBQUMsS0FBSyxDQUFDO1FBRXhCLElBQUksQ0FBQyxPQUFPLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUMvQixxQkFBcUI7WUFDckIsT0FBTztRQUNULENBQUM7UUFFRCxPQUFPLEVBQUUsT0FBTyxFQUFFLGFBQWEsRUFBRSxJQUFJLEVBQUUsQ0FBQztJQUMxQyxDQUFDO0lBRU8sTUFBTSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQ2xDLElBQXFCLEVBQ3JCLEVBQXVCO1FBRXZCLE1BQU0sRUFBRSxPQUFPLEVBQUUsYUFBYSxFQUFFLElBQUksRUFBRSxHQUFHLElBQUksQ0FBQztRQUM5QyxNQUFNLGFBQWEsR0FBRyxNQUFNLGtCQUFrQixDQUFDLHFCQUFxQixDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ3BGLE1BQU0saUJBQWlCLEdBQUcsS0FBSyxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDLENBQUM7UUFDbkUsTUFBTSxPQUFPLEdBQUcsSUFBSSxLQUFLLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDeEMsTUFBTSxPQUFPLENBQUMsb0JBQW9CLENBQUMsSUFBSSxFQUFFO1lBQ3ZDLGFBQWEsRUFBRSxTQUFTO1lBQ3hCLGlCQUFpQjtTQUNsQixDQUFDLENBQUM7UUFDSCxNQUFNLFFBQVEsR0FBRyxVQUFVLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztRQUNqRCxPQUFPLENBQUMsVUFBVSxDQUFDLGlCQUFpQixHQUFHO1lBQ3JDLElBQUksS0FBSyxDQUFDLFNBQVMsQ0FBQztnQkFDbEIsTUFBTSxFQUFFLFNBQVMsQ0FBQyxjQUFjO2dCQUNoQyxTQUFTLEVBQUUsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLEVBQUUsUUFBUSxFQUFFLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLEtBQUssRUFBRTthQUN6RSxDQUFDO1NBQ0gsQ0FBQztRQUVGLE1BQU0sYUFBYSxHQUFHLE1BQU0sVUFBVSxDQUFDLGVBQWUsQ0FBQyxPQUFPLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFFekUsTUFBTSxTQUFTLEdBQUcsTUFBTSxVQUFVLENBQUMsb0JBQW9CLENBQUMsYUFBYSxDQUFDLENBQUM7UUFDdkUsSUFBSSxTQUFTLElBQUksTUFBTSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsU0FBUyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDM0QsTUFBTSxJQUFJLEtBQUssQ0FBQyxvREFBb0QsQ0FBQyxDQUFDO1FBQ3hFLENBQUM7UUFFRCxNQUFNLFlBQVksR0FBd0IsRUFBRSxDQUFDO1FBQzdDLElBQUksQ0FBQyxhQUFhLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDekIsYUFBYSxDQUFDLEtBQUssR0FBRyxDQUFDLGlCQUFpQixDQUFDLENBQUM7WUFDMUMsWUFBWSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDO1FBQzNCLENBQUM7YUFBTSxDQUFDO1lBQ04sWUFBWSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO1FBQ3ZDLENBQUM7UUFFRCxNQUFNLGFBQWEsQ0FBQyxNQUFNLENBQUMsRUFBRSxZQUFZLEVBQUUsQ0FBQyxDQUFDO1FBQzdDLE9BQU8sYUFBYSxDQUFDO0lBQ3ZCLENBQUM7SUFFTyxNQUFNLENBQUMsS0FBSyxDQUFDLGVBQWUsQ0FDbEMsT0FBZSxFQUNmLE9BQTBCO1FBRTFCLE1BQU0sWUFBWSxHQUFHLE1BQU0sS0FBSyxDQUFDLE9BQU8sRUFBRTtZQUN4QyxNQUFNLEVBQUUsTUFBTTtZQUNkLE9BQU8sRUFBRTtnQkFDUCxjQUFjLEVBQUUsMEJBQTBCO2FBQzNDO1lBQ0QsWUFBWSxFQUFFLGFBQWE7WUFDM0IsSUFBSSxFQUFFLE9BQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUMsS0FBSyxFQUFFO1NBQ3JDLENBQUMsQ0FBQztRQUVILE1BQU0sYUFBYSxHQUFHLEtBQUssQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNwRSxJQUFJLENBQUMsYUFBYSxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQUMsOERBQThELENBQUMsQ0FBQztRQUNsRixDQUFDO1FBRUQsTUFBTSxhQUFhLEdBQUcsS0FBSyxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbkQsYUFBYSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FDN0QsQ0FBQztRQUVGLE9BQU8sYUFBYSxDQUFDO0lBQ3ZCLENBQUM7SUFFTyxNQUFNLENBQUMsa0JBQWtCO1FBQy9CLE9BQU8sS0FBSyxDQUFDLGVBQWUsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQ25ELENBQUM7SUFFTyxNQUFNLENBQUMsb0JBQW9CLENBQ2pDLGFBQXNDO1FBRXRDLE1BQU0sY0FBYyxHQUFHLGFBQWEsQ0FBQyxlQUFlLEVBQUUsa0JBQWtCLEVBQUUsSUFBSSxDQUM1RSxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQUMsU0FBUyxDQUFDLE1BQU0sS0FBSyxTQUFTLENBQUMsY0FBYyxDQUM3RCxDQUFDO1FBQ0YsT0FBTyxjQUFjLEVBQUUsU0FBUyxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUM7SUFDM0QsQ0FBQztDQUNGIn0=

package/dist/mjs/certificates/types.d.ts

@@ -0,0 +1,4 @@
+export type ValidateCertChainResult = {
+    isValid: boolean;
+    errorMessage?: string;
+};

package/dist/mjs/certificates/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvY2VydGlmaWNhdGVzL3R5cGVzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiIifQ==

package/dist/mjs/constants.d.ts

@@ -32,5 +32,10 @@ export declare const OID_CUSTOM_EXTENSION_ORDER_REPORT = "1.3.6.1.3.8888.2";
 export declare const OID_CUSTOM_EXTENSION_ORDER_REPORT_HARDWARE_CONTEXT = "1.3.6.1.3.8888.2.1";
 export declare const OID_CUSTOM_EXTENSION_ORDER_REPORT_SIGNATURE_KEY_HASH = "1.3.6.1.3.8888.2.2";
 export declare const OID_CUSTOM_EXTENSION_ORDER_REPORT_WORKLOAD_INFO_HASH = "1.3.6.1.3.8888.2.3";
-export declare const OID_CUSTOM_EXTENSION_ORDER_REPORT_HASH = "1.3.6.1.3.8888.2.4";
+export declare const OID_CUSTOM_EXTENSION_USER_DATA = "1.3.6.1.3.8888.2.4";
+export declare const OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION = "1.3.6.1.5.5.7.1.1";
+export declare const OID_CRL_DISTRIBUTION_POINTS = "2.5.29.31";
+export declare const OID_OCSP_ACCESS_METHOD = "1.3.6.1.5.5.7.48.1";
+export declare const OID_OCSP_ISSUER_ACCESS_METHOD = "1.3.6.1.5.5.7.48.2";
+export declare const OID_OCSP_NONCE = "1.3.6.1.5.5.7.48.1.2";
 export declare const SUPERPROTOCOL_CA = "-----BEGIN CERTIFICATE-----\nMIIWgTCCFWmgAwIBAgIBATANBgkqhkiG9w0BAQsFADB2MSIwIAYDVQQDExlTdXBl\nclByb3RvY29sIFRFRSBSb290IENBMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkx\nETAPBgNVBAcTCE5ldyBZb3JrMRYwFAYDVQQKEw1TdXBlclByb3RvY29sMQswCQYD\nVQQLEwJJVDAeFw0yNDA4MDEwMDAwMDBaFw0zNDA4MDEwMDAwMDBaMHYxIjAgBgNV\nBAMTGVN1cGVyUHJvdG9jb2wgVEVFIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJOWTERMA8GA1UEBxMITmV3IFlvcmsxFjAUBgNVBAoTDVN1cGVyUHJvdG9j\nb2wxCzAJBgNVBAsTAklUMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nzglA7RQrU/3zTBOPToH8awa9H+bbuKIgXI7f04HIaLNSrbmiBM/4VndGHRJeW8YC\nNk9uI/A1asGn8YZZTwO9PoSFoxECcAicoVZBKCiu6rSwfCMtyrT96vSPgFM5rkJU\nkof7Sq+hiHM9gEyVgVnaj/bgqMFH6VbOQIRoXRp7TsfCGNrN5biOG4JZXN6i++jq\nZ8jRVWxJxmIOPenStyo56HxH77UzVmS6cP4h3ZSrU+dfzDzCt2DOYu70AL84xGEL\n8DrbzEkVsJ9hfgYEbrlqz1ZUxRK/sePzbpSMjLQgmpG19cO8Fiiw97zCMZ7cqaMm\nsw3QR+qDMr0F7/NwbVo3uwIDAQABo4ITGDCCExQwDAYDVR0TBAUwAwEB/zALBgNV\nHQ8EBAMCAvQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQW\nBBSQ7zEN1IhJiwxL6iijRvUGOEPTAzAmBgNVHREEHzAdghtjYS50ZWUtZGV2LnN1\ncGVycHJvdG9jb2wuaW8wghKPBgsGCSqGSIb4TYo5BgSCEn4DAAIAAAAAAAkADQCT\nmnIz95xMqZQKDbOVfwYHG66I9FykKwvt/jQQCevuIgAAAAALDhAP//8AAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAOcAAAAA\nAAAAGs00+IfPwYb3wq4VwoEW0198mjskxvWclPjltUG9B2UAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAADTqfKiANP6A8gnpfND4RC97piHrKl9gOTqwWHGu\na5edAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAJ+nweKqz+nQJEZBiHgbktLiaAZj+hbLMUzRQaXO\n5vUbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADKEAAAOBkNJBM9MpAE\n1ULeXAvIzhmBokK1V69OIzmM8/sCqbNFnU3UXTvkkwGMJyV0Hxmrx5zwONSlFa7Y\nZUFe6JaOZdAHH3Sp7tOMqu9V942UT6y+BHHTHbBW4BWqPppF2uhRn5lIBy8UZAS6\nWt6ZFEiOkCTQDGrMrV7EA/ABcYpZss0LDhAP//8AAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVAAAAAAAAAOcAAAAAAAAAzh2omsH1SoBy\nV8TlfHgUDLxmUtTVh9YPBYMSWieSvnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAIxPV3XXllA+lhN/d8aKgpoAVqyN7XAUCwgbCUSQxXv/AAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAJAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAKP9h/uxkPlnxiBt+FJ1sCWR3TZxtbgnqHBtPilCnsc/AAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD9bSJMCJpO6weDPAs3WXRDR3mnj9UdEZXL\nyaQ/Qviq6A3jVtUIoKhYOjL3W36u+zK1jbZ+90kgTbFuPcXo6VxdIAAAAQIDBAUG\nBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHwUAYg4AAC0tLS0tQkVHSU4gQ0VSVElG\nSUNBVEUtLS0tLQpNSUlFOGpDQ0JKaWdBd0lCQWdJVWZ3Nm44NU9Ob2FkQjh1TmVN\nd0ZtWS9iZWlRVXdDZ1lJS29aSXpqMEVBd0l3CmNERWlNQ0FHQTFVRUF3d1pTVzUw\nWld3Z1UwZFlJRkJEU3lCUWJHRjBabTl5YlNCRFFURWFNQmdHQTFVRUNnd1IKU1c1\nMFpXd2dRMjl5Y0c5eVlYUnBiMjR4RkRBU0JnTlZCQWNNQzFOaGJuUmhJRU5zWVhK\naE1Rc3dDUVlEVlFRSQpEQUpEUVRFTE1Ba0dBMVVFQmhNQ1ZWTXdIaGNOTWpNd016\nQTVNVGN3TVRFMFdoY05NekF3TXpBNU1UY3dNVEUwCldqQndNU0l3SUFZRFZRUURE\nQmxKYm5SbGJDQlRSMWdnVUVOTElFTmxjblJwWm1sallYUmxNUm93R0FZRFZRUUsK\nREJGSmJuUmxiQ0JEYjNKd2IzSmhkR2x2YmpFVU1CSUdBMVVFQnd3TFUyRnVkR0Vn\nUTJ4aGNtRXhDekFKQmdOVgpCQWdNQWtOQk1Rc3dDUVlEVlFRR0V3SlZVekJaTUJN\nR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCRk83CmlveHJwNFBoOXNwTXE2\nbDRKc05YSVVCeE9jR21rREFXNDJrZ3NBOWwvS3ZFNkRJRmpyLzF3UTdMcjRQdUln\nUEsKV2F3aHBrUnJYaDZadk5uWFpCZWpnZ01PTUlJRENqQWZCZ05WSFNNRUdEQVdn\nQlNWYjEzTnZSdmg2VUJKeWRUMApNODRCVnd2ZVZEQnJCZ05WSFI4RVpEQmlNR0Nn\nWHFCY2hscG9kSFJ3Y3pvdkwyRndhUzUwY25WemRHVmtjMlZ5CmRtbGpaWE11YVc1\nMFpXd3VZMjl0TDNObmVDOWpaWEowYVdacFkyRjBhVzl1TDNZMEwzQmphMk55YkQ5\nallUMXcKYkdGMFptOXliU1psYm1OdlpHbHVaejFrWlhJd0hRWURWUjBPQkJZRUZI\nZ2FucEY0VXV2SmpCZ2VEQmgvM0xvbAoxU3dwTUE0R0ExVWREd0VCL3dRRUF3SUd3\nREFNQmdOVkhSTUJBZjhFQWpBQU1JSUNPd1lKS29aSWh2aE5BUTBCCkJJSUNMREND\nQWlnd0hnWUtLb1pJaHZoTkFRMEJBUVFRUDVwUHZoK0VwcVMxSkpRdGVXN0JrREND\nQVdVR0NpcUcKU0liNFRRRU5BUUl3Z2dGVk1CQUdDeXFHU0liNFRRRU5BUUlCQWdF\nSE1CQUdDeXFHU0liNFRRRU5BUUlDQWdFSgpNQkFHQ3lxR1NJYjRUUUVOQVFJREFn\nRURNQkFHQ3lxR1NJYjRUUUVOQVFJRUFnRURNQkVHQ3lxR1NJYjRUUUVOCkFRSUZB\nZ0lBL3pBUkJnc3Foa2lHK0UwQkRRRUNCZ0lDQVA4d0VBWUxLb1pJaHZoTkFRMEJB\nZ2NDQVFBd0VBWUwKS29aSWh2aE5BUTBCQWdnQ0FRQXdFQVlMS29aSWh2aE5BUTBC\nQWdrQ0FRQXdFQVlMS29aSWh2aE5BUTBCQWdvQwpBUUF3RUFZTEtvWklodmhOQVEw\nQkFnc0NBUUF3RUFZTEtvWklodmhOQVEwQkFnd0NBUUF3RUFZTEtvWklodmhOCkFR\nMEJBZzBDQVFBd0VBWUxLb1pJaHZoTkFRMEJBZzRDQVFBd0VBWUxLb1pJaHZoTkFR\nMEJBZzhDQVFBd0VBWUwKS29aSWh2aE5BUTBCQWhBQ0FRQXdFQVlMS29aSWh2aE5B\nUTBCQWhFQ0FRMHdId1lMS29aSWh2aE5BUTBCQWhJRQpFQWNKQXdQLy93QUFBQUFB\nQUFBQUFBQXdFQVlLS29aSWh2aE5BUTBCQXdRQ0FBQXdGQVlLS29aSWh2aE5BUTBC\nCkJBUUdNR0JxQUFBQU1BOEdDaXFHU0liNFRRRU5BUVVLQVFFd0hnWUtLb1pJaHZo\nTkFRMEJCZ1FRVnZnMnVWdHYKMU1rM0xTYU9mSjRWSkRCRUJnb3Foa2lHK0UwQkRR\nRUhNRFl3RUFZTEtvWklodmhOQVEwQkJ3RUJBZjh3RUFZTApLb1pJaHZoTkFRMEJC\nd0lCQWY4d0VBWUxLb1pJaHZoTkFRMEJCd01CQWY4d0NnWUlLb1pJemowRUF3SURT\nQUF3ClJRSWhBSWVacWV6bGxETEZjcEFYVmlrellqVVFvOEtGVllqY05SOU14TXFh\nMHRjaUFpQUgvcGYzZ3VKMEhpTVkKWUN4QTRFZGZWcGVBZ3p3WnEweEpuNlNRN2tV\nK3BBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQotLS0tLUJFR0lOIENFUlRJ\nRklDQVRFLS0tLS0KTUlJQ2xqQ0NBajJnQXdJQkFnSVZBSlZ2WGMyOUcrSHBRRW5K\nMVBRenpnRlhDOTVVTUFvR0NDcUdTTTQ5QkFNQwpNR2d4R2pBWUJnTlZCQU1NRVVs\ndWRHVnNJRk5IV0NCU2IyOTBJRU5CTVJvd0dBWURWUVFLREJGSmJuUmxiQ0JECmIz\nSndiM0poZEdsdmJqRVVNQklHQTFVRUJ3d0xVMkZ1ZEdFZ1EyeGhjbUV4Q3pBSkJn\nTlZCQWdNQWtOQk1Rc3cKQ1FZRFZRUUdFd0pWVXpBZUZ3MHhPREExTWpFeE1EVXdN\nVEJhRncwek16QTFNakV4TURVd01UQmFNSEF4SWpBZwpCZ05WQkFNTUdVbHVkR1Zz\nSUZOSFdDQlFRMHNnVUd4aGRHWnZjbTBnUTBFeEdqQVlCZ05WQkFvTUVVbHVkR1Zz\nCklFTnZjbkJ2Y21GMGFXOXVNUlF3RWdZRFZRUUhEQXRUWVc1MFlTQkRiR0Z5WVRF\nTE1Ba0dBMVVFQ0F3Q1EwRXgKQ3pBSkJnTlZCQVlUQWxWVE1Ga3dFd1lIS29aSXpq\nMENBUVlJS29aSXpqMERBUWNEUWdBRU5TQi83dDIxbFhTTwoyQ3V6cHh3NzRlSkI3\nMkV5REdnVzVyWEN0eDJ0VlRMcTZoS2s2eitVaVJaQ25xUjdwc092Z3FGZVN4bG1U\nbEpsCmVUbWkyV1l6M3FPQnV6Q0J1REFmQmdOVkhTTUVHREFXZ0JRaVpReldXcDAw\naWZPRHRKVlN2MUFiT1NjR3JEQlMKQmdOVkhSOEVTekJKTUVlZ1JhQkRoa0ZvZEhS\nd2N6b3ZMMk5sY25ScFptbGpZWFJsY3k1MGNuVnpkR1ZrYzJWeQpkbWxqWlhNdWFX\nNTBaV3d1WTI5dEwwbHVkR1ZzVTBkWVVtOXZkRU5CTG1SbGNqQWRCZ05WSFE0RUZn\nUVVsVzlkCnpiMGI0ZWxBU2NuVTlEUE9BVmNMM2xRd0RnWURWUjBQQVFIL0JBUURB\nZ0VHTUJJR0ExVWRFd0VCL3dRSU1BWUIKQWY4Q0FRQXdDZ1lJS29aSXpqMEVBd0lE\nUndBd1JBSWdYc1ZraTB3K2k2VllHVzNVRi8yMnVhWGUwWUpEajFVZQpuQStUakQx\nYWk1Y0NJQ1liMVNBbUQ1eGtmVFZwdm80VW95aVNZeHJEV0xtVVI0Q0k5Tkt5ZlBO\nKwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNB\nVEUtLS0tLQpNSUlDanpDQ0FqU2dBd0lCQWdJVUltVU0xbHFkTkluemc3U1ZVcjlR\nR3prbkJxd3dDZ1lJS29aSXpqMEVBd0l3CmFERWFNQmdHQTFVRUF3d1JTVzUwWld3\nZ1UwZFlJRkp2YjNRZ1EwRXhHakFZQmdOVkJBb01FVWx1ZEdWc0lFTnYKY25CdmNt\nRjBhVzl1TVJRd0VnWURWUVFIREF0VFlXNTBZU0JEYkdGeVlURUxNQWtHQTFVRUNB\nd0NRMEV4Q3pBSgpCZ05WQkFZVEFsVlRNQjRYRFRFNE1EVXlNVEV3TkRVeE1Gb1hE\nVFE1TVRJek1USXpOVGsxT1Zvd2FERWFNQmdHCkExVUVBd3dSU1c1MFpXd2dVMGRZ\nSUZKdmIzUWdRMEV4R2pBWUJnTlZCQW9NRVVsdWRHVnNJRU52Y25CdmNtRjAKYVc5\ndU1SUXdFZ1lEVlFRSERBdFRZVzUwWVNCRGJHRnlZVEVMTUFrR0ExVUVDQXdDUTBF\neEN6QUpCZ05WQkFZVApBbFZUTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFR\nY0RRZ0FFQzZuRXdNRElZWk9qL2lQV3NDemFFS2k3CjFPaU9TTFJGaFdHamJuQlZK\nZlZua1k0dTNJamtEWVlMME14TzRtcXN5WWpsQmFsVFZZeEZQMnNKQks1emxLT0IK\ndXpDQnVEQWZCZ05WSFNNRUdEQVdnQlFpWlF6V1dwMDBpZk9EdEpWU3YxQWJPU2NH\nckRCU0JnTlZIUjhFU3pCSgpNRWVnUmFCRGhrRm9kSFJ3Y3pvdkwyTmxjblJwWm1s\nallYUmxjeTUwY25WemRHVmtjMlZ5ZG1salpYTXVhVzUwClpXd3VZMjl0TDBsdWRH\nVnNVMGRZVW05dmRFTkJMbVJsY2pBZEJnTlZIUTRFRmdRVUltVU0xbHFkTkluemc3\nU1YKVXI5UUd6a25CcXd3RGdZRFZSMFBBUUgvQkFRREFnRUdNQklHQTFVZEV3RUIv\nd1FJTUFZQkFmOENBUUV3Q2dZSQpLb1pJemowRUF3SURTUUF3UmdJaEFPVy81UWtS\nK1M5Q2lTRGNOb293THVQUkxzV0dmL1lpN0dTWDk0Qmd3VHdnCkFpRUE0SjBsckhv\nTXMrWG81by9zWDZPOVFXeEhSQXZaVUdPZFJRN2N2cVJYYXFJPQotLS0tLUVORCBD\nRVJUSUZJQ0FURS0tLS0tCgAwDQYJKoZIhvcNAQELBQADggEBAGHbT1NQEW0t5uYp\nmskVka8DDrgVEM8She2htuRXNeeTpaImsFWQhQeSqlK/yc3NH2/+RfGGu4UT/zgS\n4T/oLc8HosQFZxkvcESz1YKtSqHYhfuavlDuR6K0/RS6wy1dADvA6X3b57dJ81EP\nZ/dda6qpPxXBiwhpfcFJtpiP0tIYhS6LJgFnSAdEE9G1HwYUrCYsjQ2LCgBQDqYB\n9AWDmUBh8SSdRQzYJfmHG8LTXox/8mD9Hq8HPhzEzSFwu/Yy+KZX9uxEw0vPvmVI\nbalDQD+0bddS+Jvj4ELLmKRk/yX51Lqx6YYr0rSX7t9RaI9F9muzzQ4mWzWA6ief\nYwF1StA=\n-----END CERTIFICATE-----";

package/dist/mjs/constants.js

@@ -59,7 +59,12 @@ export const OID_CUSTOM_EXTENSION_ORDER_REPORT = '1.3.6.1.3.8888.2';
 export const OID_CUSTOM_EXTENSION_ORDER_REPORT_HARDWARE_CONTEXT = `${OID_CUSTOM_EXTENSION_ORDER_REPORT}.1`;
 export const OID_CUSTOM_EXTENSION_ORDER_REPORT_SIGNATURE_KEY_HASH = `${OID_CUSTOM_EXTENSION_ORDER_REPORT}.2`;
 export const OID_CUSTOM_EXTENSION_ORDER_REPORT_WORKLOAD_INFO_HASH = `${OID_CUSTOM_EXTENSION_ORDER_REPORT}.3`;
-export const OID_CUSTOM_EXTENSION_ORDER_REPORT_HASH = `${OID_CUSTOM_EXTENSION_ORDER_REPORT}.4`;
+export const OID_CUSTOM_EXTENSION_USER_DATA = `${OID_CUSTOM_EXTENSION_ORDER_REPORT}.4`;
+export const OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION = '1.3.6.1.5.5.7.1.1';
+export const OID_CRL_DISTRIBUTION_POINTS = '2.5.29.31';
+export const OID_OCSP_ACCESS_METHOD = '1.3.6.1.5.5.7.48.1';
+export const OID_OCSP_ISSUER_ACCESS_METHOD = '1.3.6.1.5.5.7.48.2';
+export const OID_OCSP_NONCE = '1.3.6.1.5.5.7.48.1.2';
 export const SUPERPROTOCOL_CA = `-----BEGIN CERTIFICATE-----
 MIIWgTCCFWmgAwIBAgIBATANBgkqhkiG9w0BAQsFADB2MSIwIAYDVQQDExlTdXBl
 clByb3RvY29sIFRFRSBSb290IENBMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkx
@@ -183,4 +188,4 @@ Z/dda6qpPxXBiwhpfcFJtpiP0tIYhS6LJgFnSAdEE9G1HwYUrCYsjQ2LCgBQDqYB
 balDQD+0bddS+Jvj4ELLmKRk/yX51Lqx6YYr0rSX7t9RaI9F9muzzQ4mWzWA6ief
 YwF1StA=
 -----END CERTIFICATE-----`;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uc3RhbnRzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2NvbnN0YW50cy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsUUFBUSxFQUFRLGFBQWEsRUFBRSxNQUFNLHdCQUF3QixDQUFDO0FBRXZFLE1BQU0sQ0FBQyxNQUFNLG9CQUFvQixHQUFHLHVCQUF1QixDQUFDO0FBQzVELE1BQU0sQ0FBQyxNQUFNLGVBQWUsR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7QUFDL0MsTUFBTSxDQUFDLE1BQU0sZUFBZSxHQUFHLE1BQU0sQ0FBQyxVQUFVLENBQUMsQ0FBQztBQUNsRCxNQUFNLENBQUMsTUFBTSx5QkFBeUIsR0FBRyxDQUFDLENBQUM7QUFDM0MsTUFBTSxDQUFDLE1BQU0seUJBQXlCLEdBQUcsR0FBRyxDQUFDO0FBQzdDLE1BQU0sQ0FBQyxNQUFNLDZCQUE2QixHQUFHLENBQUMsQ0FBQztBQUMvQyxNQUFNLENBQUMsTUFBTSxxQ0FBcUMsR0FBRyxHQUFHLENBQUM7QUFDekQsTUFBTSxDQUFDLE1BQU0sYUFBYSxHQUFHLEVBQUUsQ0FBQztBQUNoQyxNQUFNLENBQUMsTUFBTSxZQUFZLEdBQUcsRUFBRSxDQUFDO0FBQy9CLE1BQU0sQ0FBQyxNQUFNLE9BQU8sR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQztBQUNwQyxNQUFNLENBQUMsTUFBTSxRQUFRLEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQztBQUNoQyxNQUFNLENBQUMsTUFBTSxZQUFZLEdBQUcsQ0FBQyxHQUFHLEVBQUUsQ0FBQztBQUNuQyxNQUFNLENBQUMsTUFBTSwrQkFBK0IsR0FBRyxHQUFHLENBQUM7QUFDbkQsTUFBTSxDQUFDLE1BQU0sd0JBQXdCLEdBQUcsNENBQTRDLENBQUM7QUFDckYsTUFBTSxDQUFDLE1BQU0sOEJBQThCLEdBQUcsRUFBRSxDQUFDO0FBQ2pELE1BQU0sQ0FBQyxNQUFNLDhCQUE4QixHQUFHLElBQUksQ0FBQztBQUNuRCxNQUFNLENBQUMsTUFBTSxnQ0FBZ0MsR0FBRyxLQUFLLENBQUM7QUFDdEQsTUFBTSxDQUFDLE1BQU0scUJBQXFCLEdBQUcsR0FBRyxDQUFDO0FBQ3pDLE1BQU0sQ0FBQyxNQUFNLHFCQUFxQixHQUFHLEtBQUssQ0FBQztBQUMzQyxNQUFNLENBQUMsTUFBTSwyQkFBMkIsR0FBRyw0Q0FBNEMsQ0FBQztBQUN4RixNQUFNLENBQUMsTUFBTSwyQkFBMkIsR0FBRywwQ0FBMEMsQ0FBQztBQUN0RixNQUFNLENBQUMsTUFBTSxrQkFBa0IsR0FBRyxNQUFNLENBQUMsb0JBQW9CLENBQUMsQ0FBQztBQUMvRCxNQUFNLENBQUMsTUFBTSxpQkFBaUIsR0FBRyxNQUFNLENBQUMsU0FBUyxDQUFDLENBQUM7QUFDbkQsTUFBTSxDQUFDLE1BQU0scUJBQXFCLEdBQUcsQ0FBQyxDQUFDO0FBQ3ZDLE1BQU0sQ0FBQyxNQUFNLFVBQVUsR0FBRyxHQUFHLENBQUM7QUFDOUIsTUFBTSxDQUFDLE1BQU0sU0FBUyxHQUFTO0lBQzdCLElBQUksRUFBRSxrRUFBa0U7SUFDeEUsSUFBSSxFQUFFLGFBQWEsQ0FBQyxNQUFNO0lBQzFCLFFBQVEsRUFBRSxRQUFRLENBQUMsTUFBTTtDQUMxQixDQUFDO0FBQ0YsTUFBTSxDQUFDLE1BQU0sMkJBQTJCLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FDcEQsa0VBQWtFLEVBQ2xFLEtBQUssQ0FDTixDQUFDO0FBQ0YsTUFBTSxDQUFDLE1BQU0sOEJBQThCLEdBQUc7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OzswQkF3QnBCLENBQUM7QUFDM0IsTUFBTSxDQUFDLE1BQU0saUNBQWlDLEdBQUcsa0JBQWtCLENBQUM7QUFDcEUsTUFBTSxDQUFDLE1BQU0sa0RBQWtELEdBQUcsR0FBRyxpQ0FBaUMsSUFBSSxDQUFDO0FBQzNHLE1BQU0sQ0FBQyxNQUFNLG9EQUFvRCxHQUFHLEdBQUcsaUNBQWlDLElBQUksQ0FBQztBQUM3RyxNQUFNLENBQUMsTUFBTSxvREFBb0QsR0FBRyxHQUFHLGlDQUFpQyxJQUFJLENBQUM7QUFDN0csTUFBTSxDQUFDLE1BQU0sc0NBQXNDLEdBQUcsR0FBRyxpQ0FBaUMsSUFBSSxDQUFDO0FBQy9GLE1BQU0sQ0FBQyxNQUFNLGdCQUFnQixHQUFHOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OzswQkEwSE4sQ0FBQyJ9
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uc3RhbnRzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2NvbnN0YW50cy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsUUFBUSxFQUFRLGFBQWEsRUFBRSxNQUFNLHdCQUF3QixDQUFDO0FBRXZFLE1BQU0sQ0FBQyxNQUFNLG9CQUFvQixHQUFHLHVCQUF1QixDQUFDO0FBQzVELE1BQU0sQ0FBQyxNQUFNLGVBQWUsR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7QUFDL0MsTUFBTSxDQUFDLE1BQU0sZUFBZSxHQUFHLE1BQU0sQ0FBQyxVQUFVLENBQUMsQ0FBQztBQUNsRCxNQUFNLENBQUMsTUFBTSx5QkFBeUIsR0FBRyxDQUFDLENBQUM7QUFDM0MsTUFBTSxDQUFDLE1BQU0seUJBQXlCLEdBQUcsR0FBRyxDQUFDO0FBQzdDLE1BQU0sQ0FBQyxNQUFNLDZCQUE2QixHQUFHLENBQUMsQ0FBQztBQUMvQyxNQUFNLENBQUMsTUFBTSxxQ0FBcUMsR0FBRyxHQUFHLENBQUM7QUFDekQsTUFBTSxDQUFDLE1BQU0sYUFBYSxHQUFHLEVBQUUsQ0FBQztBQUNoQyxNQUFNLENBQUMsTUFBTSxZQUFZLEdBQUcsRUFBRSxDQUFDO0FBQy9CLE1BQU0sQ0FBQyxNQUFNLE9BQU8sR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQztBQUNwQyxNQUFNLENBQUMsTUFBTSxRQUFRLEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQztBQUNoQyxNQUFNLENBQUMsTUFBTSxZQUFZLEdBQUcsQ0FBQyxHQUFHLEVBQUUsQ0FBQztBQUNuQyxNQUFNLENBQUMsTUFBTSwrQkFBK0IsR0FBRyxHQUFHLENBQUM7QUFDbkQsTUFBTSxDQUFDLE1BQU0sd0JBQXdCLEdBQUcsNENBQTRDLENBQUM7QUFDckYsTUFBTSxDQUFDLE1BQU0sOEJBQThCLEdBQUcsRUFBRSxDQUFDO0FBQ2pELE1BQU0sQ0FBQyxNQUFNLDhCQUE4QixHQUFHLElBQUksQ0FBQztBQUNuRCxNQUFNLENBQUMsTUFBTSxnQ0FBZ0MsR0FBRyxLQUFLLENBQUM7QUFDdEQsTUFBTSxDQUFDLE1BQU0scUJBQXFCLEdBQUcsR0FBRyxDQUFDO0FBQ3pDLE1BQU0sQ0FBQyxNQUFNLHFCQUFxQixHQUFHLEtBQUssQ0FBQztBQUMzQyxNQUFNLENBQUMsTUFBTSwyQkFBMkIsR0FBRyw0Q0FBNEMsQ0FBQztBQUN4RixNQUFNLENBQUMsTUFBTSwyQkFBMkIsR0FBRywwQ0FBMEMsQ0FBQztBQUN0RixNQUFNLENBQUMsTUFBTSxrQkFBa0IsR0FBRyxNQUFNLENBQUMsb0JBQW9CLENBQUMsQ0FBQztBQUMvRCxNQUFNLENBQUMsTUFBTSxpQkFBaUIsR0FBRyxNQUFNLENBQUMsU0FBUyxDQUFDLENBQUM7QUFDbkQsTUFBTSxDQUFDLE1BQU0scUJBQXFCLEdBQUcsQ0FBQyxDQUFDO0FBQ3ZDLE1BQU0sQ0FBQyxNQUFNLFVBQVUsR0FBRyxHQUFHLENBQUM7QUFDOUIsTUFBTSxDQUFDLE1BQU0sU0FBUyxHQUFTO0lBQzdCLElBQUksRUFBRSxrRUFBa0U7SUFDeEUsSUFBSSxFQUFFLGFBQWEsQ0FBQyxNQUFNO0lBQzFCLFFBQVEsRUFBRSxRQUFRLENBQUMsTUFBTTtDQUMxQixDQUFDO0FBQ0YsTUFBTSxDQUFDLE1BQU0sMkJBQTJCLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FDcEQsa0VBQWtFLEVBQ2xFLEtBQUssQ0FDTixDQUFDO0FBQ0YsTUFBTSxDQUFDLE1BQU0sOEJBQThCLEdBQUc7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OzswQkF3QnBCLENBQUM7QUFDM0IsTUFBTSxDQUFDLE1BQU0saUNBQWlDLEdBQUcsa0JBQWtCLENBQUM7QUFDcEUsTUFBTSxDQUFDLE1BQU0sa0RBQWtELEdBQUcsR0FBRyxpQ0FBaUMsSUFBSSxDQUFDO0FBQzNHLE1BQU0sQ0FBQyxNQUFNLG9EQUFvRCxHQUFHLEdBQUcsaUNBQWlDLElBQUksQ0FBQztBQUM3RyxNQUFNLENBQUMsTUFBTSxvREFBb0QsR0FBRyxHQUFHLGlDQUFpQyxJQUFJLENBQUM7QUFDN0csTUFBTSxDQUFDLE1BQU0sOEJBQThCLEdBQUcsR0FBRyxpQ0FBaUMsSUFBSSxDQUFDO0FBQ3ZGLE1BQU0sQ0FBQyxNQUFNLDBDQUEwQyxHQUFHLG1CQUFtQixDQUFDO0FBQzlFLE1BQU0sQ0FBQyxNQUFNLDJCQUEyQixHQUFHLFdBQVcsQ0FBQztBQUN2RCxNQUFNLENBQUMsTUFBTSxzQkFBc0IsR0FBRyxvQkFBb0IsQ0FBQztBQUMzRCxNQUFNLENBQUMsTUFBTSw2QkFBNkIsR0FBRyxvQkFBb0IsQ0FBQztBQUNsRSxNQUFNLENBQUMsTUFBTSxjQUFjLEdBQUcsc0JBQXNCLENBQUM7QUFDckQsTUFBTSxDQUFDLE1BQU0sZ0JBQWdCLEdBQUc7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OzBCQTBITixDQUFDIn0=