@super-protocol/swarm-contracts-sdk 0.0.1-beta.1

package/dist/cjs/certificates/ocsp.js

@@ -0,0 +1,320 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OCSPHelper = void 0;
+const lodash_1 = __importDefault(require("lodash"));
+const node_forge_1 = __importDefault(require("node-forge"));
+const pkijs = __importStar(require("pkijs"));
+const asn1js = __importStar(require("asn1js"));
+const axios_1 = __importDefault(require("axios"));
+const asn1_ocsp_1 = require("@peculiar/asn1-ocsp");
+const asn1_schema_1 = require("@peculiar/asn1-schema");
+const asn1_x509_1 = require("@peculiar/asn1-x509");
+const constants_js_1 = require("../constants.js");
+const helper_js_1 = require("./helper.js");
+const index_js_1 = require("../index.js");
+const x509_1 = require("@peculiar/x509");
+const tryWithInterval_js_1 = require("../utils/helpers/tryWithInterval.js");
+const DEFAULT_REVOCATION_DATE = new Date('1970-01-01T00:00:00Z');
+class OCSPHelper {
+    static async getOCSPResponseFromCerts(certs, ca, oidsToCheck = []) {
+        const ocspRequestsData = certs
+            .map(OCSPHelper.getOCSPRequestData)
+            .filter(Boolean);
+        if (!ocspRequestsData.length) {
+            return [];
+        }
+        const groupByOcspUrl = lodash_1.default.groupBy(ocspRequestsData, 'ocspUrl');
+        const getOcspResponseParams = Object.entries(groupByOcspUrl).map(([ocspUrl, certParams]) => ({
+            ocspUrl,
+            certsWithIssuer: certParams.map(({ certWithKeyIdent, issuerCertUrl }) => ({
+                cert: certWithKeyIdent.cert,
+                issuerCertUrl,
+                issuerCert: helper_js_1.CertificatesHelper.getIssuer(certWithKeyIdent, [...certs, ...ca])?.cert,
+            })),
+            ca: ca.map((certWithKeyIdent) => certWithKeyIdent.cert),
+            oidsToCheck,
+        }));
+        const ocspResponseResults = await Promise.allSettled(getOcspResponseParams.map((params) => OCSPHelper.getOCSPResponse(params)));
+        const rejectedOCSPResponses = ocspResponseResults
+            .filter(index_js_1.helpers.isRejected)
+            .map((result) => result.reason);
+        if (rejectedOCSPResponses.length) {
+            throw new Error(`Can't get valid OCSP responses for some of certificates (reasons=${rejectedOCSPResponses.join(';\n')})`);
+        }
+        return ocspResponseResults.filter(index_js_1.helpers.isFulfilled).map((result) => result.value);
+    }
+    static async generateOCSPResponse(params) {
+        const ocspBasicResp = new pkijs.BasicOCSPResponse();
+        const { issuerPem: issuerCertPem, caCertsPem, certs, privateKey, nonce } = params;
+        const { certs: issuerCertsPem } = helper_js_1.CertificatesHelper.extractCAFromChain(`${issuerCertPem}\n${caCertsPem || ''}`);
+        const issuerCert = helper_js_1.CertificatesHelper.toPkiCerts(issuerCertPem)[0];
+        ocspBasicResp.tbsResponseData.responderID = issuerCert.subject;
+        ocspBasicResp.tbsResponseData.producedAt = new Date();
+        ocspBasicResp.certs = helper_js_1.CertificatesHelper.toPkiCerts(issuerCertsPem);
+        for (const certData of certs) {
+            const { serialNumber, status, issuerKeyHash, issuerNameHash, hashAlgorithm, revocationDate } = certData;
+            const certID = new pkijs.CertID({
+                hashAlgorithm: new pkijs.AlgorithmIdentifier({
+                    algorithmId: hashAlgorithm,
+                    algorithmParams: new asn1js.Null(),
+                }),
+                issuerNameHash: new asn1js.OctetString({ valueHex: issuerNameHash }),
+                issuerKeyHash: new asn1js.OctetString({ valueHex: issuerKeyHash }),
+                serialNumber: new asn1js.Integer({ valueHex: serialNumber }),
+            });
+            const response = new pkijs.SingleResponse({
+                certID,
+            });
+            switch (status) {
+                case index_js_1.OcspCertStatus.OK:
+                case index_js_1.OcspCertStatus.Unknown:
+                    response.certStatus = new asn1js.Primitive({
+                        idBlock: {
+                            tagClass: 3,
+                            tagNumber: status,
+                        },
+                    });
+                    break;
+                case index_js_1.OcspCertStatus.Revoked:
+                    response.certStatus = new asn1js.Constructed({
+                        idBlock: {
+                            tagClass: 3,
+                            tagNumber: status,
+                            isConstructed: true,
+                        },
+                        value: [
+                            new asn1js.GeneralizedTime({
+                                valueDate: revocationDate || DEFAULT_REVOCATION_DATE,
+                            }),
+                        ],
+                    });
+                    break;
+                default:
+                    throw new Error(`Unknown OCSP certificate status: ${status}`);
+            }
+            response.thisUpdate = new Date();
+            ocspBasicResp.tbsResponseData.responses.push(response);
+        }
+        if (nonce) {
+            ocspBasicResp.tbsResponseData.responseExtensions = [
+                new pkijs.Extension({
+                    extnID: index_js_1.constants.OID_OCSP_NONCE,
+                    extnValue: nonce,
+                }),
+            ];
+        }
+        const privateCryptoKey = await index_js_1.CryptoKeysTransformer.pkcs8PemToCryptoKey(privateKey);
+        await ocspBasicResp.sign(privateCryptoKey, 'SHA-256');
+        const ocspBasicRespRaw = ocspBasicResp.toSchema().toBER(false);
+        const ocspResp = new pkijs.OCSPResponse({
+            responseStatus: new asn1js.Enumerated({ value: 0 }), // success
+            responseBytes: new pkijs.ResponseBytes({
+                responseType: pkijs.id_PKIX_OCSP_Basic,
+                response: new asn1js.OctetString({ valueHex: ocspBasicRespRaw }),
+            }),
+        });
+        return ocspResp.toSchema().toBER();
+    }
+    static parseOCSPRequest(ocspRequestBinary) {
+        const ocspRequest = asn1_schema_1.AsnParser.parse(ocspRequestBinary, asn1_ocsp_1.OCSPRequest);
+        const certRequests = ocspRequest.tbsRequest.requestList.map((request) => {
+            const reqCert = {
+                hashAlgorithm: request.reqCert.hashAlgorithm.algorithm,
+                issuerNameHash: Buffer.from(request.reqCert.issuerNameHash.buffer),
+                issuerKeyHash: Buffer.from(request.reqCert.issuerKeyHash.buffer),
+                serialNumber: request.reqCert.serialNumber,
+            };
+            const extensionsToCheck = request.singleRequestExtensions?.map((ext) => ({
+                oid: ext.extnID,
+                value: Buffer.from(ext.extnValue.buffer),
+            })) || [];
+            return { ...reqCert, extensionsToCheck };
+        });
+        const nonceExtension = ocspRequest.tbsRequest.requestExtensions?.find((ext) => ext.extnID === index_js_1.constants.OID_OCSP_NONCE);
+        const nonce = nonceExtension && nonceExtension.extnValue.buffer;
+        return { certRequests, nonce };
+    }
+    static canCertSignOCSPResponse(cert, certsWithIssuer) {
+        if (certsWithIssuer.length &&
+            certsWithIssuer.every((certWithIssuer) => cert.toString() === certWithIssuer.issuerCert?.toString())) {
+            return true;
+        }
+        const extKeysUsage = cert.extensions?.find((ext) => ext.extnID === node_forge_1.default.pki.oids['extKeyUsage']);
+        if (!extKeysUsage) {
+            return false;
+        }
+        return Boolean(extKeysUsage.parsedValue.keyPurposes.find((usage) => usage === x509_1.ExtendedKeyUsage.ocspSigning));
+    }
+    static getOCSPRequestData(certWithKeyIdent) {
+        const authorityExtension = helper_js_1.CertificatesHelper.getExtensionValue(certWithKeyIdent.cert, constants_js_1.OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION);
+        if (!authorityExtension) {
+            return;
+        }
+        const extensionValue = pkijs.ExtensionValueFactory.fromBER(constants_js_1.OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION, authorityExtension);
+        const ocspUrl = extensionValue.accessDescriptions.find((desc) => desc.accessMethod === constants_js_1.OID_OCSP_ACCESS_METHOD)?.accessLocation.value;
+        const issuerCertUrl = extensionValue.accessDescriptions.find((desc) => desc.accessMethod === constants_js_1.OID_OCSP_ISSUER_ACCESS_METHOD)?.accessLocation.value;
+        if (!ocspUrl) {
+            return;
+        }
+        return { ocspUrl, issuerCertUrl, certWithKeyIdent };
+    }
+    static async getOCSPResponse(params) {
+        const { ocspUrl, certsWithIssuer, ca, oidsToCheck } = params;
+        const requestList = [];
+        const issuerCertificates = [];
+        const addIssuerCertIfNotExists = (cert) => {
+            if (!issuerCertificates.some((c) => c.subject.isEqual(cert.subject))) {
+                issuerCertificates.push(cert);
+            }
+        };
+        for (const certWithIssuer of certsWithIssuer) {
+            if (!certWithIssuer.issuerCert && certWithIssuer.issuerCertUrl) {
+                const issuerCertRaw = await helper_js_1.CertificatesHelper.downloadCertWithCache(certWithIssuer.issuerCertUrl);
+                certWithIssuer.issuerCert = pkijs.Certificate.fromBER(issuerCertRaw);
+            }
+            if (!certWithIssuer.issuerCert) {
+                throw new Error(`No issuer certificate found for OCSP request for ${certWithIssuer.cert.subject}`);
+            }
+            addIssuerCertIfNotExists(certWithIssuer.issuerCert);
+            addIssuerCertIfNotExists(certWithIssuer.cert);
+            const certID = new pkijs.CertID();
+            await certID.createForCertificate(certWithIssuer.cert, {
+                hashAlgorithm: 'SHA-1',
+                issuerCertificate: certWithIssuer.issuerCert,
+            });
+            const request = new asn1_ocsp_1.Request({
+                reqCert: new asn1_ocsp_1.CertID({
+                    hashAlgorithm: new asn1_x509_1.AlgorithmIdentifier({
+                        algorithm: certID.hashAlgorithm.algorithmId,
+                    }),
+                    issuerNameHash: new asn1_schema_1.OctetString().fromASN(certID.issuerNameHash),
+                    issuerKeyHash: new asn1_schema_1.OctetString().fromASN(certID.issuerKeyHash),
+                    serialNumber: certID.serialNumber.valueBlock.valueHex,
+                }),
+            });
+            const extensionsToCheck = OCSPHelper.getCertExtensionsToCheck(certWithIssuer.cert, oidsToCheck);
+            if (extensionsToCheck.length) {
+                request.singleRequestExtensions = new asn1_x509_1.Extensions(extensionsToCheck.map((ext) => new asn1_x509_1.Extension({ extnID: ext.oid, extnValue: new asn1_schema_1.OctetString(ext.value) })));
+            }
+            requestList.push(request);
+        }
+        const reqNonce = OCSPHelper.getNonceForRequest();
+        const ocspReq = new asn1_ocsp_1.OCSPRequest({
+            tbsRequest: new asn1_ocsp_1.TBSRequest({
+                requestList,
+                requestExtensions: new asn1_x509_1.Extensions([
+                    new asn1_x509_1.Extension({
+                        extnID: index_js_1.constants.OID_OCSP_NONCE,
+                        extnValue: new asn1_schema_1.OctetString(reqNonce),
+                    }),
+                ]),
+            }),
+        });
+        const ocspBasicResp = await OCSPHelper.sendOCSPRequest(ocspUrl, ocspReq);
+        const respNonce = await OCSPHelper.getNonceFromResponse(ocspBasicResp);
+        if (respNonce && Buffer.compare(reqNonce, respNonce) !== 0) {
+            throw new Error(`OCSP nonces from request and response do not match`);
+        }
+        if (!ocspBasicResp.certs?.length) {
+            ocspBasicResp.certs = issuerCertificates;
+        }
+        const certsWithKeyIdentifier = await Promise.all(ocspBasicResp.certs.map(async (cert) => {
+            let keyIdentifier = cert.extensions
+                ?.find((ext) => ext.extnID === node_forge_1.default.pki.oids['subjectKeyIdentifier'])
+                ?.parsedValue.valueBlock.toBER();
+            if (!keyIdentifier) {
+                keyIdentifier = await cert.getKeyHash();
+            }
+            return {
+                cert,
+                keyIdentifier: Buffer.from(keyIdentifier),
+            };
+        }));
+        const signers = certsWithKeyIdentifier.filter(({ cert, keyIdentifier }) => cert.subject.isEqual(ocspBasicResp.tbsResponseData.responderID) ||
+            (ocspBasicResp.tbsResponseData?.responderID?.valueBlock &&
+                Buffer.compare(keyIdentifier, Buffer.from(ocspBasicResp.tbsResponseData?.responderID?.valueBlock?.toBER())) === 0));
+        if (!signers.length) {
+            throw new Error('No OCSP signer certificate found');
+        }
+        if (signers.length > 1) {
+            throw new Error('Prohibited attempt to replace OCSP signer');
+        }
+        const signerChain = helper_js_1.CertificatesHelper.buildChain(signers[0], [
+            ...ocspBasicResp.certs,
+            ...issuerCertificates,
+        ]);
+        ocspBasicResp.certs = signerChain.map((certWithKeyIdentifiers) => certWithKeyIdentifiers.cert);
+        const isSignerValid = OCSPHelper.canCertSignOCSPResponse(signers[0].cert, params.certsWithIssuer);
+        if (!isSignerValid) {
+            throw new Error('OCSP signer certificate does not have the OCSP signing extended key usage');
+        }
+        const isValid = await ocspBasicResp.verify({ trustedCerts: ca });
+        if (!isValid) {
+            throw new Error('OCSP response verification failed');
+        }
+        return ocspBasicResp;
+    }
+    static async sendOCSPRequest(ocspUrl, ocspReq) {
+        const ocspResponse = await (0, tryWithInterval_js_1.tryWithInterval)({
+            handler: async () => await (0, axios_1.default)(ocspUrl, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/ocsp-request',
+                },
+                responseType: 'arraybuffer',
+                data: asn1_schema_1.AsnSerializer.serialize(ocspReq),
+            }),
+            retryInterval: 1000,
+            retryMax: 3,
+        });
+        const ocspRespSimpl = pkijs.OCSPResponse.fromBER(ocspResponse.data);
+        if (!ocspRespSimpl.responseBytes) {
+            throw new Error('"No "ResponseBytes" in the OCSP Response - nothing to verify');
+        }
+        const ocspBasicResp = pkijs.BasicOCSPResponse.fromBER(ocspRespSimpl.responseBytes.response.valueBlock.valueHexView);
+        return ocspBasicResp;
+    }
+    static getNonceForRequest() {
+        return pkijs.getRandomValues(new Uint8Array(32));
+    }
+    static getNonceFromResponse(ocspBasicResp) {
+        const nonceExtension = ocspBasicResp.tbsResponseData?.responseExtensions?.find((extension) => extension.extnID === index_js_1.constants.OID_OCSP_NONCE);
+        return nonceExtension && Buffer.from(nonceExtension.extnValue.valueBlock.valueHex);
+    }
+    static getCertExtensionsToCheck(cert, oidsToCheck) {
+        return oidsToCheck
+            .map((oid) => {
+            const value = helper_js_1.CertificatesHelper.getExtensionValue(cert, oid);
+            return { oid, value };
+        })
+            .filter((ext) => Boolean(ext.value));
+    }
+}
+exports.OCSPHelper = OCSPHelper;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2NzcC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvb2NzcC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLG9EQUF1QjtBQUN2Qiw0REFBK0I7QUFDL0IsNkNBQStCO0FBQy9CLCtDQUFpQztBQUNqQyxrREFBMEI7QUFDMUIsbURBQStFO0FBQy9FLHVEQUE4RTtBQUM5RSxtREFBaUY7QUFDakYsa0RBSXlCO0FBQ3pCLDJDQUFpRDtBQUNqRCwwQ0FTcUI7QUFDckIseUNBQWtEO0FBQ2xELDRFQUFzRTtBQW1CdEUsTUFBTSx1QkFBdUIsR0FBRyxJQUFJLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDO0FBRWpFLE1BQWEsVUFBVTtJQUNyQixNQUFNLENBQUMsS0FBSyxDQUFDLHdCQUF3QixDQUNuQyxLQUErQixFQUMvQixFQUE0QixFQUM1QixjQUF3QixFQUFFO1FBRTFCLE1BQU0sZ0JBQWdCLEdBQUcsS0FBSzthQUMzQixHQUFHLENBQUMsVUFBVSxDQUFDLGtCQUFrQixDQUFDO2FBQ2xDLE1BQU0sQ0FBQyxPQUFPLENBQXNCLENBQUM7UUFDeEMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQzdCLE9BQU8sRUFBRSxDQUFDO1FBQ1osQ0FBQztRQUVELE1BQU0sY0FBYyxHQUFHLGdCQUFDLENBQUMsT0FBTyxDQUFDLGdCQUFnQixFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBQzlELE1BQU0scUJBQXFCLEdBQTRCLE1BQU0sQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLENBQUMsR0FBRyxDQUN2RixDQUFDLENBQUMsT0FBTyxFQUFFLFVBQVUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQzFCLE9BQU87WUFDUCxlQUFlLEVBQUUsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsZ0JBQWdCLEVBQUUsYUFBYSxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUM7Z0JBQ3hFLElBQUksRUFBRSxnQkFBZ0IsQ0FBQyxJQUFJO2dCQUMzQixhQUFhO2dCQUNiLFVBQVUsRUFBRSw4QkFBa0IsQ0FBQyxTQUFTLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQyxHQUFHLEtBQUssRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUFDLEVBQUUsSUFBSTthQUNwRixDQUFDLENBQUM7WUFDSCxFQUFFLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxDQUFDLGdCQUFnQixFQUFFLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUM7WUFDdkQsV0FBVztTQUNaLENBQUMsQ0FDSCxDQUFDO1FBRUYsTUFBTSxtQkFBbUIsR0FBRyxNQUFNLE9BQU8sQ0FBQyxVQUFVLENBQ2xELHFCQUFxQixDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsVUFBVSxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUMxRSxDQUFDO1FBRUYsTUFBTSxxQkFBcUIsR0FBRyxtQkFBbUI7YUFDOUMsTUFBTSxDQUFDLGtCQUFPLENBQUMsVUFBVSxDQUFDO2FBQzFCLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2xDLElBQUkscUJBQXFCLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDakMsTUFBTSxJQUFJLEtBQUssQ0FDYixvRUFBb0UscUJBQXFCLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQ3pHLENBQUM7UUFDSixDQUFDO1FBRUQsT0FBTyxtQkFBbUIsQ0FBQyxNQUFNLENBQUMsa0JBQU8sQ0FBQyxXQUFXLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUN2RixDQUFDO0lBRUQsTUFBTSxDQUFDLEtBQUssQ0FBQyxvQkFBb0IsQ0FBQyxNQUFrQztRQUNsRSxNQUFNLGFBQWEsR0FBRyxJQUFJLEtBQUssQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO1FBQ3BELE1BQU0sRUFBRSxTQUFTLEVBQUUsYUFBYSxFQUFFLFVBQVUsRUFBRSxLQUFLLEVBQUUsVUFBVSxFQUFFLEtBQUssRUFBRSxHQUFHLE1BQU0sQ0FBQztRQUNsRixNQUFNLEVBQUUsS0FBSyxFQUFFLGNBQWMsRUFBRSxHQUFHLDhCQUFrQixDQUFDLGtCQUFrQixDQUNyRSxHQUFHLGFBQWEsS0FBSyxVQUFVLElBQUksRUFBRSxFQUFFLENBQ3hDLENBQUM7UUFDRixNQUFNLFVBQVUsR0FBRyw4QkFBa0IsQ0FBQyxVQUFVLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFFbkUsYUFBYSxDQUFDLGVBQWUsQ0FBQyxXQUFXLEdBQUcsVUFBVSxDQUFDLE9BQU8sQ0FBQztRQUMvRCxhQUFhLENBQUMsZUFBZSxDQUFDLFVBQVUsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO1FBQ3RELGFBQWEsQ0FBQyxLQUFLLEdBQUcsOEJBQWtCLENBQUMsVUFBVSxDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBRXBFLEtBQUssTUFBTSxRQUFRLElBQUksS0FBSyxFQUFFLENBQUM7WUFDN0IsTUFBTSxFQUFFLFlBQVksRUFBRSxNQUFNLEVBQUUsYUFBYSxFQUFFLGNBQWMsRUFBRSxhQUFhLEVBQUUsY0FBYyxFQUFFLEdBQzFGLFFBQVEsQ0FBQztZQUNYLE1BQU0sTUFBTSxHQUFHLElBQUksS0FBSyxDQUFDLE1BQU0sQ0FBQztnQkFDOUIsYUFBYSxFQUFFLElBQUksS0FBSyxDQUFDLG1CQUFtQixDQUFDO29CQUMzQyxXQUFXLEVBQUUsYUFBYTtvQkFDMUIsZUFBZSxFQUFFLElBQUksTUFBTSxDQUFDLElBQUksRUFBRTtpQkFDbkMsQ0FBQztnQkFDRixjQUFjLEVBQUUsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLEVBQUUsUUFBUSxFQUFFLGNBQWMsRUFBRSxDQUFDO2dCQUNwRSxhQUFhLEVBQUUsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLEVBQUUsUUFBUSxFQUFFLGFBQWEsRUFBRSxDQUFDO2dCQUNsRSxZQUFZLEVBQUUsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLEVBQUUsUUFBUSxFQUFFLFlBQVksRUFBRSxDQUFDO2FBQzdELENBQUMsQ0FBQztZQUVILE1BQU0sUUFBUSxHQUFHLElBQUksS0FBSyxDQUFDLGNBQWMsQ0FBQztnQkFDeEMsTUFBTTthQUNQLENBQUMsQ0FBQztZQUVILFFBQVEsTUFBTSxFQUFFLENBQUM7Z0JBQ2YsS0FBSyx5QkFBYyxDQUFDLEVBQUUsQ0FBQztnQkFDdkIsS0FBSyx5QkFBYyxDQUFDLE9BQU87b0JBQ3pCLFFBQVEsQ0FBQyxVQUFVLEdBQUcsSUFBSSxNQUFNLENBQUMsU0FBUyxDQUFDO3dCQUN6QyxPQUFPLEVBQUU7NEJBQ1AsUUFBUSxFQUFFLENBQUM7NEJBQ1gsU0FBUyxFQUFFLE1BQU07eUJBQ2xCO3FCQUNGLENBQUMsQ0FBQztvQkFDSCxNQUFNO2dCQUNSLEtBQUsseUJBQWMsQ0FBQyxPQUFPO29CQUN6QixRQUFRLENBQUMsVUFBVSxHQUFHLElBQUksTUFBTSxDQUFDLFdBQVcsQ0FBQzt3QkFDM0MsT0FBTyxFQUFFOzRCQUNQLFFBQVEsRUFBRSxDQUFDOzRCQUNYLFNBQVMsRUFBRSxNQUFNOzRCQUNqQixhQUFhLEVBQUUsSUFBSTt5QkFDcEI7d0JBQ0QsS0FBSyxFQUFFOzRCQUNMLElBQUksTUFBTSxDQUFDLGVBQWUsQ0FBQztnQ0FDekIsU0FBUyxFQUFFLGNBQWMsSUFBSSx1QkFBdUI7NkJBQ3JELENBQUM7eUJBQ0g7cUJBQ0YsQ0FBQyxDQUFDO29CQUNILE1BQU07Z0JBQ1I7b0JBQ0UsTUFBTSxJQUFJLEtBQUssQ0FBQyxvQ0FBb0MsTUFBTSxFQUFFLENBQUMsQ0FBQztZQUNsRSxDQUFDO1lBRUQsUUFBUSxDQUFDLFVBQVUsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO1lBQ2pDLGFBQWEsQ0FBQyxlQUFlLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN6RCxDQUFDO1FBRUQsSUFBSSxLQUFLLEVBQUUsQ0FBQztZQUNWLGFBQWEsQ0FBQyxlQUFlLENBQUMsa0JBQWtCLEdBQUc7Z0JBQ2pELElBQUksS0FBSyxDQUFDLFNBQVMsQ0FBQztvQkFDbEIsTUFBTSxFQUFFLG9CQUFTLENBQUMsY0FBYztvQkFDaEMsU0FBUyxFQUFFLEtBQUs7aUJBQ2pCLENBQUM7YUFDSCxDQUFDO1FBQ0osQ0FBQztRQUVELE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxnQ0FBcUIsQ0FBQyxtQkFBbUIsQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUNyRixNQUFNLGFBQWEsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsU0FBUyxDQUFDLENBQUM7UUFFdEQsTUFBTSxnQkFBZ0IsR0FBRyxhQUFhLENBQUMsUUFBUSxFQUFFLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRS9ELE1BQU0sUUFBUSxHQUFHLElBQUksS0FBSyxDQUFDLFlBQVksQ0FBQztZQUN0QyxjQUFjLEVBQUUsSUFBSSxNQUFNLENBQUMsVUFBVSxDQUFDLEVBQUUsS0FBSyxFQUFFLENBQUMsRUFBRSxDQUFDLEVBQUUsVUFBVTtZQUMvRCxhQUFhLEVBQUUsSUFBSSxLQUFLLENBQUMsYUFBYSxDQUFDO2dCQUNyQyxZQUFZLEVBQUUsS0FBSyxDQUFDLGtCQUFrQjtnQkFDdEMsUUFBUSxFQUFFLElBQUksTUFBTSxDQUFDLFdBQVcsQ0FBQyxFQUFFLFFBQVEsRUFBRSxnQkFBZ0IsRUFBRSxDQUFDO2FBQ2pFLENBQUM7U0FDSCxDQUFDLENBQUM7UUFFSCxPQUFPLFFBQVEsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxLQUFLLEVBQUUsQ0FBQztJQUNyQyxDQUFDO0lBRUQsTUFBTSxDQUFDLGdCQUFnQixDQUFDLGlCQUE4QjtRQUNwRCxNQUFNLFdBQVcsR0FBRyx1QkFBUyxDQUFDLEtBQUssQ0FBQyxpQkFBaUIsRUFBRSx1QkFBVyxDQUFDLENBQUM7UUFDcEUsTUFBTSxZQUFZLEdBQUcsV0FBVyxDQUFDLFVBQVUsQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUU7WUFDdEUsTUFBTSxPQUFPLEdBQUc7Z0JBQ2QsYUFBYSxFQUFFLE9BQU8sQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDLFNBQVM7Z0JBQ3RELGNBQWMsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLE1BQU0sQ0FBQztnQkFDbEUsYUFBYSxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxhQUFhLENBQUMsTUFBTSxDQUFDO2dCQUNoRSxZQUFZLEVBQUUsT0FBTyxDQUFDLE9BQU8sQ0FBQyxZQUFZO2FBQzNDLENBQUM7WUFFRixNQUFNLGlCQUFpQixHQUNyQixPQUFPLENBQUMsdUJBQXVCLEVBQUUsR0FBRyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxDQUFDO2dCQUM3QyxHQUFHLEVBQUUsR0FBRyxDQUFDLE1BQU07Z0JBQ2YsS0FBSyxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUM7YUFDekMsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO1lBRVosT0FBTyxFQUFFLEdBQUcsT0FBTyxFQUFFLGlCQUFpQixFQUFFLENBQUM7UUFDM0MsQ0FBQyxDQUFDLENBQUM7UUFFSCxNQUFNLGNBQWMsR0FBRyxXQUFXLENBQUMsVUFBVSxDQUFDLGlCQUFpQixFQUFFLElBQUksQ0FDbkUsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEtBQUssb0JBQVMsQ0FBQyxjQUFjLENBQ2pELENBQUM7UUFDRixNQUFNLEtBQUssR0FBRyxjQUFjLElBQUksY0FBYyxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUM7UUFFaEUsT0FBTyxFQUFFLFlBQVksRUFBRSxLQUFLLEVBQUUsQ0FBQztJQUNqQyxDQUFDO0lBRU8sTUFBTSxDQUFDLHVCQUF1QixDQUNwQyxJQUF1QixFQUN2QixlQUF5RDtRQUV6RCxJQUNFLGVBQWUsQ0FBQyxNQUFNO1lBQ3RCLGVBQWUsQ0FBQyxLQUFLLENBQ25CLENBQUMsY0FBYyxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsUUFBUSxFQUFFLEtBQUssY0FBYyxDQUFDLFVBQVUsRUFBRSxRQUFRLEVBQUUsQ0FDOUUsRUFDRCxDQUFDO1lBQ0QsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBRUQsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLFVBQVUsRUFBRSxJQUFJLENBQ3hDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsTUFBTSxLQUFLLG9CQUFLLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsQ0FDdEQsQ0FBQztRQUNGLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUNsQixPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7UUFFRCxPQUFPLE9BQU8sQ0FDWixZQUFZLENBQUMsV0FBVyxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQ3ZDLENBQUMsS0FBYSxFQUFFLEVBQUUsQ0FBQyxLQUFLLEtBQUssdUJBQWdCLENBQUMsV0FBVyxDQUMxRCxDQUNGLENBQUM7SUFDSixDQUFDO0lBRU8sTUFBTSxDQUFDLGtCQUFrQixDQUMvQixnQkFBd0M7UUFFeEMsTUFBTSxrQkFBa0IsR0FBRyw4QkFBa0IsQ0FBQyxpQkFBaUIsQ0FDN0QsZ0JBQWdCLENBQUMsSUFBSSxFQUNyQix5REFBMEMsQ0FDM0MsQ0FBQztRQUNGLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQ3hCLE9BQU87UUFDVCxDQUFDO1FBRUQsTUFBTSxjQUFjLEdBQUcsS0FBSyxDQUFDLHFCQUFxQixDQUFDLE9BQU8sQ0FDeEQseURBQTBDLEVBQzFDLGtCQUFrQixDQUNFLENBQUM7UUFFdkIsTUFBTSxPQUFPLEdBQUcsY0FBYyxDQUFDLGtCQUFrQixDQUFDLElBQUksQ0FDcEQsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxZQUFZLEtBQUsscUNBQXNCLENBQ3ZELEVBQUUsY0FBYyxDQUFDLEtBQUssQ0FBQztRQUV4QixNQUFNLGFBQWEsR0FBRyxjQUFjLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUMxRCxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLFlBQVksS0FBSyw0Q0FBNkIsQ0FDOUQsRUFBRSxjQUFjLENBQUMsS0FBSyxDQUFDO1FBRXhCLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNiLE9BQU87UUFDVCxDQUFDO1FBRUQsT0FBTyxFQUFFLE9BQU8sRUFBRSxhQUFhLEVBQUUsZ0JBQWdCLEVBQUUsQ0FBQztJQUN0RCxDQUFDO0lBRU8sTUFBTSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQ2xDLE1BQTZCO1FBRTdCLE1BQU0sRUFBRSxPQUFPLEVBQUUsZUFBZSxFQUFFLEVBQUUsRUFBRSxXQUFXLEVBQUUsR0FBRyxNQUFNLENBQUM7UUFDN0QsTUFBTSxXQUFXLEdBQWMsRUFBRSxDQUFDO1FBQ2xDLE1BQU0sa0JBQWtCLEdBQXdCLEVBQUUsQ0FBQztRQUVuRCxNQUFNLHdCQUF3QixHQUFHLENBQUMsSUFBdUIsRUFBUSxFQUFFO1lBQ2pFLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxFQUFFLENBQUM7Z0JBQ3JFLGtCQUFrQixDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUNoQyxDQUFDO1FBQ0gsQ0FBQyxDQUFDO1FBQ0YsS0FBSyxNQUFNLGNBQWMsSUFBSSxlQUFlLEVBQUUsQ0FBQztZQUM3QyxJQUFJLENBQUMsY0FBYyxDQUFDLFVBQVUsSUFBSSxjQUFjLENBQUMsYUFBYSxFQUFFLENBQUM7Z0JBQy9ELE1BQU0sYUFBYSxHQUFHLE1BQU0sOEJBQWtCLENBQUMscUJBQXFCLENBQ2xFLGNBQWMsQ0FBQyxhQUFhLENBQzdCLENBQUM7Z0JBQ0YsY0FBYyxDQUFDLFVBQVUsR0FBRyxLQUFLLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxhQUFhLENBQUMsQ0FBQztZQUN2RSxDQUFDO1lBQ0QsSUFBSSxDQUFDLGNBQWMsQ0FBQyxVQUFVLEVBQUUsQ0FBQztnQkFDL0IsTUFBTSxJQUFJLEtBQUssQ0FDYixvREFBb0QsY0FBYyxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FDbEYsQ0FBQztZQUNKLENBQUM7WUFFRCx3QkFBd0IsQ0FBQyxjQUFjLENBQUMsVUFBVSxDQUFDLENBQUM7WUFDcEQsd0JBQXdCLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxDQUFDO1lBRTlDLE1BQU0sTUFBTSxHQUFHLElBQUksS0FBSyxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2xDLE1BQU0sTUFBTSxDQUFDLG9CQUFvQixDQUFDLGNBQWMsQ0FBQyxJQUFJLEVBQUU7Z0JBQ3JELGFBQWEsRUFBRSxPQUFPO2dCQUN0QixpQkFBaUIsRUFBRSxjQUFjLENBQUMsVUFBVTthQUM3QyxDQUFDLENBQUM7WUFFSCxNQUFNLE9BQU8sR0FBRyxJQUFJLG1CQUFPLENBQUM7Z0JBQzFCLE9BQU8sRUFBRSxJQUFJLGtCQUFNLENBQUM7b0JBQ2xCLGFBQWEsRUFBRSxJQUFJLCtCQUFtQixDQUFDO3dCQUNyQyxTQUFTLEVBQUUsTUFBTSxDQUFDLGFBQWEsQ0FBQyxXQUFXO3FCQUM1QyxDQUFDO29CQUNGLGNBQWMsRUFBRSxJQUFJLHlCQUFXLEVBQUUsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLGNBQWMsQ0FBQztvQkFDaEUsYUFBYSxFQUFFLElBQUkseUJBQVcsRUFBRSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsYUFBYSxDQUFDO29CQUM5RCxZQUFZLEVBQUUsTUFBTSxDQUFDLFlBQVksQ0FBQyxVQUFVLENBQUMsUUFBUTtpQkFDdEQsQ0FBQzthQUNILENBQUMsQ0FBQztZQUVILE1BQU0saUJBQWlCLEdBQUcsVUFBVSxDQUFDLHdCQUF3QixDQUMzRCxjQUFjLENBQUMsSUFBSSxFQUNuQixXQUFXLENBQ1osQ0FBQztZQUNGLElBQUksaUJBQWlCLENBQUMsTUFBTSxFQUFFLENBQUM7Z0JBQzdCLE9BQU8sQ0FBQyx1QkFBdUIsR0FBRyxJQUFJLHNCQUFVLENBQzlDLGlCQUFpQixDQUFDLEdBQUcsQ0FDbkIsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLElBQUkscUJBQVMsQ0FBQyxFQUFFLE1BQU0sRUFBRSxHQUFHLENBQUMsR0FBRyxFQUFFLFNBQVMsRUFBRSxJQUFJLHlCQUFXLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsQ0FDbkYsQ0FDRixDQUFDO1lBQ0osQ0FBQztZQUVELFdBQVcsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDNUIsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLFVBQVUsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1FBQ2pELE1BQU0sT0FBTyxHQUFHLElBQUksdUJBQVcsQ0FBQztZQUM5QixVQUFVLEVBQUUsSUFBSSxzQkFBVSxDQUFDO2dCQUN6QixXQUFXO2dCQUNYLGlCQUFpQixFQUFFLElBQUksc0JBQVUsQ0FBQztvQkFDaEMsSUFBSSxxQkFBUyxDQUFDO3dCQUNaLE1BQU0sRUFBRSxvQkFBUyxDQUFDLGNBQWM7d0JBQ2hDLFNBQVMsRUFBRSxJQUFJLHlCQUFXLENBQUMsUUFBUSxDQUFDO3FCQUNyQyxDQUFDO2lCQUNILENBQUM7YUFDSCxDQUFDO1NBQ0gsQ0FBQyxDQUFDO1FBRUgsTUFBTSxhQUFhLEdBQUcsTUFBTSxVQUFVLENBQUMsZUFBZSxDQUFDLE9BQU8sRUFBRSxPQUFPLENBQUMsQ0FBQztRQUV6RSxNQUFNLFNBQVMsR0FBRyxNQUFNLFVBQVUsQ0FBQyxvQkFBb0IsQ0FBQyxhQUFhLENBQUMsQ0FBQztRQUN2RSxJQUFJLFNBQVMsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLFFBQVEsRUFBRSxTQUFTLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUMzRCxNQUFNLElBQUksS0FBSyxDQUFDLG9EQUFvRCxDQUFDLENBQUM7UUFDeEUsQ0FBQztRQUVELElBQUksQ0FBQyxhQUFhLENBQUMsS0FBSyxFQUFFLE1BQU0sRUFBRSxDQUFDO1lBQ2pDLGFBQWEsQ0FBQyxLQUFLLEdBQUcsa0JBQWtCLENBQUM7UUFDM0MsQ0FBQztRQUVELE1BQU0sc0JBQXNCLEdBQUcsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUM5QyxhQUFhLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxLQUFLLEVBQUUsSUFBSSxFQUFFLEVBQUU7WUFDckMsSUFBSSxhQUFhLEdBQUcsSUFBSSxDQUFDLFVBQVU7Z0JBQ2pDLEVBQUUsSUFBSSxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsTUFBTSxLQUFLLG9CQUFLLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDO2dCQUN0RSxFQUFFLFdBQVcsQ0FBQyxVQUFVLENBQUMsS0FBSyxFQUE2QixDQUFDO1lBQzlELElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztnQkFDbkIsYUFBYSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQzFDLENBQUM7WUFFRCxPQUFPO2dCQUNMLElBQUk7Z0JBQ0osYUFBYSxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDO2FBQzFDLENBQUM7UUFDSixDQUFDLENBQUMsQ0FDSCxDQUFDO1FBRUYsTUFBTSxPQUFPLEdBQUcsc0JBQXNCLENBQUMsTUFBTSxDQUMzQyxDQUFDLEVBQUUsSUFBSSxFQUFFLGFBQWEsRUFBRSxFQUFFLEVBQUUsQ0FDMUIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDLGVBQWUsQ0FBQyxXQUFXLENBQUM7WUFDL0QsQ0FBQyxhQUFhLENBQUMsZUFBZSxFQUFFLFdBQVcsRUFBRSxVQUFVO2dCQUNyRCxNQUFNLENBQUMsT0FBTyxDQUNaLGFBQWEsRUFDYixNQUFNLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxlQUFlLEVBQUUsV0FBVyxFQUFFLFVBQVUsRUFBRSxLQUFLLEVBQUUsQ0FBQyxDQUM3RSxLQUFLLENBQUMsQ0FBQyxDQUNiLENBQUM7UUFDRixJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ3BCLE1BQU0sSUFBSSxLQUFLLENBQUMsa0NBQWtDLENBQUMsQ0FBQztRQUN0RCxDQUFDO1FBQ0QsSUFBSSxPQUFPLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ3ZCLE1BQU0sSUFBSSxLQUFLLENBQUMsMkNBQTJDLENBQUMsQ0FBQztRQUMvRCxDQUFDO1FBRUQsTUFBTSxXQUFXLEdBQUcsOEJBQWtCLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsRUFBRTtZQUM1RCxHQUFHLGFBQWEsQ0FBQyxLQUFLO1lBQ3RCLEdBQUcsa0JBQWtCO1NBQ3RCLENBQUMsQ0FBQztRQUNILGFBQWEsQ0FBQyxLQUFLLEdBQUcsV0FBVyxDQUFDLEdBQUcsQ0FBQyxDQUFDLHNCQUFzQixFQUFFLEVBQUUsQ0FBQyxzQkFBc0IsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUUvRixNQUFNLGFBQWEsR0FBRyxVQUFVLENBQUMsdUJBQXVCLENBQ3RELE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLEVBQ2YsTUFBTSxDQUFDLGVBQWUsQ0FDdkIsQ0FBQztRQUNGLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUNuQixNQUFNLElBQUksS0FBSyxDQUFDLDJFQUEyRSxDQUFDLENBQUM7UUFDL0YsQ0FBQztRQUVELE1BQU0sT0FBTyxHQUFHLE1BQU0sYUFBYSxDQUFDLE1BQU0sQ0FBQyxFQUFFLFlBQVksRUFBRSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ2pFLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNiLE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQztRQUN2RCxDQUFDO1FBRUQsT0FBTyxhQUFhLENBQUM7SUFDdkIsQ0FBQztJQUVPLE1BQU0sQ0FBQyxLQUFLLENBQUMsZUFBZSxDQUNsQyxPQUFlLEVBQ2YsT0FBb0I7UUFFcEIsTUFBTSxZQUFZLEdBQUcsTUFBTSxJQUFBLG9DQUFlLEVBQUM7WUFDekMsT0FBTyxFQUFFLEtBQUssSUFBSSxFQUFFLENBQ2xCLE1BQU0sSUFBQSxlQUFLLEVBQUMsT0FBTyxFQUFFO2dCQUNuQixNQUFNLEVBQUUsTUFBTTtnQkFDZCxPQUFPLEVBQUU7b0JBQ1AsY0FBYyxFQUFFLDBCQUEwQjtpQkFDM0M7Z0JBQ0QsWUFBWSxFQUFFLGFBQWE7Z0JBQzNCLElBQUksRUFBRSwyQkFBYSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUM7YUFDdkMsQ0FBQztZQUNKLGFBQWEsRUFBRSxJQUFJO1lBQ25CLFFBQVEsRUFBRSxDQUFDO1NBQ1osQ0FBQyxDQUFDO1FBRUgsTUFBTSxhQUFhLEdBQUcsS0FBSyxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ3BFLElBQUksQ0FBQyxhQUFhLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDakMsTUFBTSxJQUFJLEtBQUssQ0FBQyw4REFBOEQsQ0FBQyxDQUFDO1FBQ2xGLENBQUM7UUFFRCxNQUFNLGFBQWEsR0FBRyxLQUFLLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUNuRCxhQUFhLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUM3RCxDQUFDO1FBRUYsT0FBTyxhQUFhLENBQUM7SUFDdkIsQ0FBQztJQUVPLE1BQU0sQ0FBQyxrQkFBa0I7UUFDL0IsT0FBTyxLQUFLLENBQUMsZUFBZSxDQUFDLElBQUksVUFBVSxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUM7SUFDbkQsQ0FBQztJQUVPLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxhQUFzQztRQUN4RSxNQUFNLGNBQWMsR0FBRyxhQUFhLENBQUMsZUFBZSxFQUFFLGtCQUFrQixFQUFFLElBQUksQ0FDNUUsQ0FBQyxTQUFTLEVBQUUsRUFBRSxDQUFDLFNBQVMsQ0FBQyxNQUFNLEtBQUssb0JBQVMsQ0FBQyxjQUFjLENBQzdELENBQUM7UUFDRixPQUFPLGNBQWMsSUFBSSxNQUFNLENBQUMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQ3JGLENBQUM7SUFFTyxNQUFNLENBQUMsd0JBQXdCLENBQ3JDLElBQXVCLEVBQ3ZCLFdBQXFCO1FBRXJCLE9BQU8sV0FBVzthQUNmLEdBQUcsQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFO1lBQ1gsTUFBTSxLQUFLLEdBQUcsOEJBQWtCLENBQUMsaUJBQWlCLENBQUMsSUFBSSxFQUFFLEdBQUcsQ0FBQyxDQUFDO1lBRTlELE9BQU8sRUFBRSxHQUFHLEVBQUUsS0FBSyxFQUFFLENBQUM7UUFDeEIsQ0FBQyxDQUFDO2FBQ0QsTUFBTSxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxDQUFzQixDQUFDO0lBQzlELENBQUM7Q0FDRjtBQXJaRCxnQ0FxWkMifQ==

package/dist/cjs/certificates/serializer.d.ts

@@ -0,0 +1,13 @@
+import { BufferedChunkedX509Cert } from './types.js';
+import { ChunkedX509Cert } from '@super-protocol/dto-js';
+export declare const BLOCKCHAIN_CERT_TBS_PARTS: string[];
+export declare class CertificateSerializer {
+    static serializeCertChain(certChainPem: string): string;
+    static deserializeCertChain(input: string): string;
+    static isSerializedCertChain(certChainBase64: string): boolean;
+    static serializeForBlockchain(certPem: string): ChunkedX509Cert;
+    static deserializeFromBlockchain(blockchainCert: ChunkedX509Cert): string;
+    private static removeLeadingZerosIfNeeded;
+    private static getPart;
+    static chunkedToBufferedChunkedX509Cert(blockchainCert: ChunkedX509Cert): BufferedChunkedX509Cert;
+}

package/dist/cjs/certificates/serializer.js

@@ -0,0 +1,142 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CertificateSerializer = exports.BLOCKCHAIN_CERT_TBS_PARTS = void 0;
+const node_forge_1 = __importDefault(require("node-forge"));
+const lodash_1 = __importDefault(require("lodash"));
+const binary_splitter_js_1 = require("./binary-splitter.js");
+const helper_js_1 = require("./helper.js");
+const constants_js_1 = require("../constants.js");
+const pki_common_1 = require("@super-protocol/pki-common");
+const helper_js_2 = require("../utils/helper.js");
+const CERTS_CHAIN_DELIMITER = ';';
+const CERTS_SERIALIZATION_PREFIX = 'certs:';
+exports.BLOCKCHAIN_CERT_TBS_PARTS = [
+    'serialNumber',
+    'expirationDate',
+    'publicKey',
+    'ca',
+    'userData',
+    'mrEnclave',
+    'mrSigner',
+];
+class CertificateSerializer {
+    static serializeCertChain(certChainPem) {
+        const certsDer = helper_js_1.CertificatesHelper.pemChainToDer(certChainPem);
+        return `${CERTS_SERIALIZATION_PREFIX}${certsDer.map((cert) => Buffer.from(cert).toString('base64')).join(CERTS_CHAIN_DELIMITER)}`;
+    }
+    static deserializeCertChain(input) {
+        if (!input.startsWith(CERTS_SERIALIZATION_PREFIX)) {
+            throw new Error(`Missing prefix "${CERTS_SERIALIZATION_PREFIX}" in input`);
+        }
+        const certsDer = input
+            .split(CERTS_SERIALIZATION_PREFIX)[1]
+            ?.split(CERTS_CHAIN_DELIMITER)
+            ?.map((cert) => Buffer.from(cert, 'base64'));
+        return helper_js_1.CertificatesHelper.derChainToPem(certsDer);
+    }
+    static isSerializedCertChain(certChainBase64) {
+        return certChainBase64.startsWith(CERTS_SERIALIZATION_PREFIX);
+    }
+    static serializeForBlockchain(certPem) {
+        const certAlgorithm = helper_js_1.CertificatesHelper.getCertPublicKeyAlgorithm(certPem);
+        if (certAlgorithm.name !== 'ECDSA' || certAlgorithm.namedCurve !== 'K-256') {
+            throw new Error(`Unsupported certificate algorithm: ${certAlgorithm.name}${certAlgorithm.namedCurve ? `with curve ${certAlgorithm.namedCurve}` : ''}. Only ECDSA with secp256k1 curve is supported.`);
+        }
+        const certDer = helper_js_1.CertificatesHelper.pemToDer(certPem);
+        const parts = new binary_splitter_js_1.CertificateBinarySplitter(certDer).split([
+            binary_splitter_js_1.CertificateNonOidParts.SERIAL_NUMBER,
+            binary_splitter_js_1.CertificateNonOidParts.SIGNATURE,
+            binary_splitter_js_1.CertificateNonOidParts.NOT_AFTER,
+            binary_splitter_js_1.CertificateNonOidParts.SUBJECT_PUBLIC_KEY_INFO,
+        ], [
+            node_forge_1.default.pki.oids['basicConstraints'],
+            constants_js_1.OID_CUSTOM_EXTENSION_USER_DATA,
+            pki_common_1.OID_CUSTOM_EXTENSION_CHALLENGE_ID,
+            pki_common_1.OID_CUSTOM_EXTENSION_CHALLENGE_COMMON_ID,
+        ]);
+        const [nonSerializedParts, serializedParts] = lodash_1.default.partition(parts, (part) => part instanceof Uint8Array);
+        const expirationDate = CertificateSerializer.getPart(serializedParts, 'notAfter');
+        const serial = CertificateSerializer.getPart(serializedParts, 'serialNumber');
+        const publicKey = CertificateSerializer.getPart(serializedParts, 'publicKey');
+        const ca = CertificateSerializer.getPart(serializedParts, node_forge_1.default.pki.oids['basicConstraints']);
+        const userData = CertificateSerializer.getPart(serializedParts, constants_js_1.OID_CUSTOM_EXTENSION_USER_DATA, false);
+        const mrEnclave = CertificateSerializer.getPart(serializedParts, pki_common_1.OID_CUSTOM_EXTENSION_CHALLENGE_ID, false);
+        const mrSigner = CertificateSerializer.getPart(serializedParts, pki_common_1.OID_CUSTOM_EXTENSION_CHALLENGE_COMMON_ID, false);
+        const signature = CertificateSerializer.getPart(serializedParts, 'signature');
+        if (serializedParts.length !== 0) {
+            throw new Error(`Unexpected serialized parts found in certificate: ${serializedParts.map((part) => part.name || part.oid).join(', ')}`);
+        }
+        return {
+            nonSerializedParts: nonSerializedParts.map(helper_js_2.toBlockchainHex),
+            expirationDate: (0, helper_js_2.toBlockchainHex)(expirationDate.value),
+            ca: (0, helper_js_2.toBlockchainHex)(ca.value),
+            userData: (0, helper_js_2.toBlockchainHex)(userData?.value),
+            serialNumber: (0, helper_js_2.toBlockchainHex)(serial.value),
+            signature: (0, helper_js_2.toBlockchainHex)(signature.value),
+            publicKey: (0, helper_js_2.toBlockchainHex)(publicKey.value),
+            mrEnclave: (0, helper_js_2.toBlockchainHex)(mrEnclave?.value),
+            mrSigner: (0, helper_js_2.toBlockchainHex)(mrSigner?.value),
+        };
+    }
+    static deserializeFromBlockchain(blockchainCert) {
+        const data = CertificateSerializer.chunkedToBufferedChunkedX509Cert(blockchainCert);
+        const bufferParts = [];
+        bufferParts.push(Buffer.from(data.nonSerializedParts[0]));
+        bufferParts.push(Buffer.from(data.nonSerializedParts[1]));
+        let partIndex = 2;
+        for (const field of exports.BLOCKCHAIN_CERT_TBS_PARTS) {
+            const value = data[field];
+            if (value) {
+                bufferParts.push(Buffer.from(value));
+                if (partIndex < data.nonSerializedParts.length) {
+                    bufferParts.push(Buffer.from(data.nonSerializedParts[partIndex++]));
+                }
+            }
+        }
+        // adding signature part
+        // we need to left exactly one non-serialized part (bytes r and s values)
+        for (; partIndex < data.nonSerializedParts.length - 1; partIndex++) {
+            bufferParts.push(Buffer.from(data.nonSerializedParts[partIndex]));
+        }
+        const rValue = data.signature.slice(0, 32);
+        bufferParts.push(Buffer.from(CertificateSerializer.removeLeadingZerosIfNeeded(rValue)));
+        if (partIndex < data.nonSerializedParts.length) {
+            bufferParts.push(Buffer.from(data.nonSerializedParts[partIndex++]));
+        }
+        const sValue = data.signature.slice(32, 64);
+        bufferParts.push(Buffer.from(CertificateSerializer.removeLeadingZerosIfNeeded(sValue)));
+        const certDer = Buffer.concat(bufferParts);
+        return helper_js_1.CertificatesHelper.derToPem(certDer);
+    }
+    static removeLeadingZerosIfNeeded(value) {
+        if (value[0] !== 0 || (value[0] === 0 && value[1] > 127)) {
+            return value;
+        }
+        return value.slice(1);
+    }
+    static getPart(parts, nameOrOid, mandatory = true) {
+        const part = lodash_1.default.remove(parts, (part) => part.name === nameOrOid || part.oid === nameOrOid)[0];
+        if (!part && mandatory) {
+            throw new Error(`Part with name or OID "${nameOrOid}" not found in certificate`);
+        }
+        return part;
+    }
+    static chunkedToBufferedChunkedX509Cert(blockchainCert) {
+        return {
+            nonSerializedParts: blockchainCert.nonSerializedParts.map((part) => (0, helper_js_2.fromBlockchainHex)(part)),
+            expirationDate: (0, helper_js_2.fromBlockchainHex)(blockchainCert.expirationDate),
+            ca: (0, helper_js_2.fromBlockchainHex)(blockchainCert.ca),
+            userData: (0, helper_js_2.fromBlockchainHexOptional)(blockchainCert.userData),
+            publicKey: (0, helper_js_2.fromBlockchainHex)(blockchainCert.publicKey),
+            serialNumber: (0, helper_js_2.fromBlockchainHex)(blockchainCert.serialNumber),
+            mrEnclave: (0, helper_js_2.fromBlockchainHexOptional)(blockchainCert.mrEnclave),
+            mrSigner: (0, helper_js_2.fromBlockchainHexOptional)(blockchainCert.mrSigner),
+            signature: (0, helper_js_2.fromBlockchainHex)(blockchainCert.signature),
+        };
+    }
+}
+exports.CertificateSerializer = CertificateSerializer;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VyaWFsaXplci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvc2VyaWFsaXplci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7QUFBQSw0REFBK0I7QUFDL0Isb0RBQXVCO0FBQ3ZCLDZEQUF5RjtBQUN6RiwyQ0FBaUQ7QUFDakQsa0RBQWlFO0FBQ2pFLDJEQUdvQztBQUdwQyxrREFBbUc7QUFFbkcsTUFBTSxxQkFBcUIsR0FBRyxHQUFHLENBQUM7QUFDbEMsTUFBTSwwQkFBMEIsR0FBRyxRQUFRLENBQUM7QUFFL0IsUUFBQSx5QkFBeUIsR0FBRztJQUN2QyxjQUFjO0lBQ2QsZ0JBQWdCO0lBQ2hCLFdBQVc7SUFDWCxJQUFJO0lBQ0osVUFBVTtJQUNWLFdBQVc7SUFDWCxVQUFVO0NBQ1gsQ0FBQztBQUVGLE1BQWEscUJBQXFCO0lBQ2hDLE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxZQUFvQjtRQUM1QyxNQUFNLFFBQVEsR0FBRyw4QkFBa0IsQ0FBQyxhQUFhLENBQUMsWUFBWSxDQUFDLENBQUM7UUFFaEUsT0FBTyxHQUFHLDBCQUEwQixHQUFHLFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLHFCQUFxQixDQUFDLEVBQUUsQ0FBQztJQUNwSSxDQUFDO0lBRUQsTUFBTSxDQUFDLG9CQUFvQixDQUFDLEtBQWE7UUFDdkMsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsMEJBQTBCLENBQUMsRUFBRSxDQUFDO1lBQ2xELE1BQU0sSUFBSSxLQUFLLENBQUMsbUJBQW1CLDBCQUEwQixZQUFZLENBQUMsQ0FBQztRQUM3RSxDQUFDO1FBRUQsTUFBTSxRQUFRLEdBQUcsS0FBSzthQUNuQixLQUFLLENBQUMsMEJBQTBCLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDckMsRUFBRSxLQUFLLENBQUMscUJBQXFCLENBQUM7WUFDOUIsRUFBRSxHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLFFBQVEsQ0FBQyxDQUFDLENBQUM7UUFDL0MsT0FBTyw4QkFBa0IsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLENBQUM7SUFDcEQsQ0FBQztJQUVELE1BQU0sQ0FBQyxxQkFBcUIsQ0FBQyxlQUF1QjtRQUNsRCxPQUFPLGVBQWUsQ0FBQyxVQUFVLENBQUMsMEJBQTBCLENBQUMsQ0FBQztJQUNoRSxDQUFDO0lBRUQsTUFBTSxDQUFDLHNCQUFzQixDQUFDLE9BQWU7UUFDM0MsTUFBTSxhQUFhLEdBQUcsOEJBQWtCLENBQUMseUJBQXlCLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDNUUsSUFBSSxhQUFhLENBQUMsSUFBSSxLQUFLLE9BQU8sSUFBSSxhQUFhLENBQUMsVUFBVSxLQUFLLE9BQU8sRUFBRSxDQUFDO1lBQzNFLE1BQU0sSUFBSSxLQUFLLENBQ2Isc0NBQXNDLGFBQWEsQ0FBQyxJQUFJLEdBQUcsYUFBYSxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsY0FBYyxhQUFhLENBQUMsVUFBVSxFQUFFLENBQUMsQ0FBQyxDQUFDLEVBQUUsaURBQWlELENBQ3JMLENBQUM7UUFDSixDQUFDO1FBRUQsTUFBTSxPQUFPLEdBQUcsOEJBQWtCLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBRXJELE1BQU0sS0FBSyxHQUFHLElBQUksOENBQXlCLENBQUMsT0FBTyxDQUFDLENBQUMsS0FBSyxDQUN4RDtZQUNFLDJDQUFzQixDQUFDLGFBQWE7WUFDcEMsMkNBQXNCLENBQUMsU0FBUztZQUNoQywyQ0FBc0IsQ0FBQyxTQUFTO1lBQ2hDLDJDQUFzQixDQUFDLHVCQUF1QjtTQUMvQyxFQUNEO1lBQ0Usb0JBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDO1lBQ2xDLDZDQUE4QjtZQUM5Qiw4Q0FBaUM7WUFDakMscURBQXdDO1NBQ3pDLENBQ0YsQ0FBQztRQUVGLE1BQU0sQ0FBQyxrQkFBa0IsRUFBRSxlQUFlLENBQUMsR0FBRyxnQkFBQyxDQUFDLFNBQVMsQ0FDdkQsS0FBSyxFQUNMLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLFlBQVksVUFBVSxDQUNELENBQUM7UUFFdEMsTUFBTSxjQUFjLEdBQUcscUJBQXFCLENBQUMsT0FBTyxDQUFDLGVBQWUsRUFBRSxVQUFVLENBQUMsQ0FBQztRQUNsRixNQUFNLE1BQU0sR0FBRyxxQkFBcUIsQ0FBQyxPQUFPLENBQUMsZUFBZSxFQUFFLGNBQWMsQ0FBQyxDQUFDO1FBQzlFLE1BQU0sU0FBUyxHQUFHLHFCQUFxQixDQUFDLE9BQU8sQ0FBQyxlQUFlLEVBQUUsV0FBVyxDQUFDLENBQUM7UUFDOUUsTUFBTSxFQUFFLEdBQUcscUJBQXFCLENBQUMsT0FBTyxDQUFDLGVBQWUsRUFBRSxvQkFBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxDQUFDO1FBQzlGLE1BQU0sUUFBUSxHQUFHLHFCQUFxQixDQUFDLE9BQU8sQ0FDNUMsZUFBZSxFQUNmLDZDQUE4QixFQUM5QixLQUFLLENBQ04sQ0FBQztRQUNGLE1BQU0sU0FBUyxHQUFHLHFCQUFxQixDQUFDLE9BQU8sQ0FDN0MsZUFBZSxFQUNmLDhDQUFpQyxFQUNqQyxLQUFLLENBQ04sQ0FBQztRQUNGLE1BQU0sUUFBUSxHQUFHLHFCQUFxQixDQUFDLE9BQU8sQ0FDNUMsZUFBZSxFQUNmLHFEQUF3QyxFQUN4QyxLQUFLLENBQ04sQ0FBQztRQUNGLE1BQU0sU0FBUyxHQUFHLHFCQUFxQixDQUFDLE9BQU8sQ0FBQyxlQUFlLEVBQUUsV0FBVyxDQUFDLENBQUM7UUFFOUUsSUFBSSxlQUFlLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQ2IscURBQXFELGVBQWUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxJQUFJLElBQUksSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUN2SCxDQUFDO1FBQ0osQ0FBQztRQUVELE9BQU87WUFDTCxrQkFBa0IsRUFBRSxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsMkJBQWUsQ0FBQztZQUMzRCxjQUFjLEVBQUUsSUFBQSwyQkFBZSxFQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUM7WUFDckQsRUFBRSxFQUFFLElBQUEsMkJBQWUsRUFBQyxFQUFFLENBQUMsS0FBSyxDQUFDO1lBQzdCLFFBQVEsRUFBRSxJQUFBLDJCQUFlLEVBQUMsUUFBUSxFQUFFLEtBQUssQ0FBQztZQUMxQyxZQUFZLEVBQUUsSUFBQSwyQkFBZSxFQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUM7WUFDM0MsU0FBUyxFQUFFLElBQUEsMkJBQWUsRUFBQyxTQUFTLENBQUMsS0FBSyxDQUFDO1lBQzNDLFNBQVMsRUFBRSxJQUFBLDJCQUFlLEVBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQztZQUMzQyxTQUFTLEVBQUUsSUFBQSwyQkFBZSxFQUFDLFNBQVMsRUFBRSxLQUFLLENBQUM7WUFDNUMsUUFBUSxFQUFFLElBQUEsMkJBQWUsRUFBQyxRQUFRLEVBQUUsS0FBSyxDQUFDO1NBQzNDLENBQUM7SUFDSixDQUFDO0lBRUQsTUFBTSxDQUFDLHlCQUF5QixDQUFDLGNBQStCO1FBQzlELE1BQU0sSUFBSSxHQUFHLHFCQUFxQixDQUFDLGdDQUFnQyxDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBRXBGLE1BQU0sV0FBVyxHQUFhLEVBQUUsQ0FBQztRQUVqQyxXQUFXLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUMxRCxXQUFXLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUUxRCxJQUFJLFNBQVMsR0FBRyxDQUFDLENBQUM7UUFFbEIsS0FBSyxNQUFNLEtBQUssSUFBSSxpQ0FBeUIsRUFBRSxDQUFDO1lBQzlDLE1BQU0sS0FBSyxHQUFHLElBQUksQ0FBQyxLQUEwQixDQUFDLENBQUM7WUFDL0MsSUFBSSxLQUFLLEVBQUUsQ0FBQztnQkFDVixXQUFXLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBbUIsQ0FBQyxDQUFDLENBQUM7Z0JBQ25ELElBQUksU0FBUyxHQUFHLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxNQUFNLEVBQUUsQ0FBQztvQkFDL0MsV0FBVyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxTQUFTLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQztnQkFDdEUsQ0FBQztZQUNILENBQUM7UUFDSCxDQUFDO1FBRUQsd0JBQXdCO1FBQ3hCLHlFQUF5RTtRQUN6RSxPQUFPLFNBQVMsR0FBRyxJQUFJLENBQUMsa0JBQWtCLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxTQUFTLEVBQUUsRUFBRSxDQUFDO1lBQ25FLFdBQVcsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ3BFLENBQUM7UUFFRCxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDM0MsV0FBVyxDQUFDLElBQUksQ0FDZCxNQUFNLENBQUMsSUFBSSxDQUFDLHFCQUFxQixDQUFDLDBCQUEwQixDQUFDLE1BQW9CLENBQUMsQ0FBQyxDQUNwRixDQUFDO1FBQ0YsSUFBSSxTQUFTLEdBQUcsSUFBSSxDQUFDLGtCQUFrQixDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQy9DLFdBQVcsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDdEUsQ0FBQztRQUNELE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQztRQUM1QyxXQUFXLENBQUMsSUFBSSxDQUNkLE1BQU0sQ0FBQyxJQUFJLENBQUMscUJBQXFCLENBQUMsMEJBQTBCLENBQUMsTUFBb0IsQ0FBQyxDQUFDLENBQ3BGLENBQUM7UUFFRixNQUFNLE9BQU8sR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQzNDLE9BQU8sOEJBQWtCLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQzlDLENBQUM7SUFFTyxNQUFNLENBQUMsMEJBQTBCLENBQUMsS0FBaUI7UUFDekQsSUFBSSxLQUFLLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsSUFBSSxLQUFLLENBQUMsQ0FBQyxDQUFDLEdBQUcsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUN6RCxPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7UUFFRCxPQUFPLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDeEIsQ0FBQztJQUVPLE1BQU0sQ0FBQyxPQUFPLENBQ3BCLEtBQXVCLEVBQ3ZCLFNBQWlCLEVBQ2pCLFNBQVMsR0FBRyxJQUFJO1FBRWhCLE1BQU0sSUFBSSxHQUFHLGdCQUFDLENBQUMsTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLElBQUksS0FBSyxTQUFTLElBQUksSUFBSSxDQUFDLEdBQUcsS0FBSyxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUM3RixJQUFJLENBQUMsSUFBSSxJQUFJLFNBQVMsRUFBRSxDQUFDO1lBQ3ZCLE1BQU0sSUFBSSxLQUFLLENBQUMsMEJBQTBCLFNBQVMsNEJBQTRCLENBQUMsQ0FBQztRQUNuRixDQUFDO1FBRUQsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBRUQsTUFBTSxDQUFDLGdDQUFnQyxDQUNyQyxjQUErQjtRQUUvQixPQUFPO1lBQ0wsa0JBQWtCLEVBQUUsY0FBYyxDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBQSw2QkFBaUIsRUFBQyxJQUFJLENBQUMsQ0FBQztZQUM1RixjQUFjLEVBQUUsSUFBQSw2QkFBaUIsRUFBQyxjQUFjLENBQUMsY0FBYyxDQUFDO1lBQ2hFLEVBQUUsRUFBRSxJQUFBLDZCQUFpQixFQUFDLGNBQWMsQ0FBQyxFQUFFLENBQUM7WUFDeEMsUUFBUSxFQUFFLElBQUEscUNBQXlCLEVBQUMsY0FBYyxDQUFDLFFBQVEsQ0FBQztZQUM1RCxTQUFTLEVBQUUsSUFBQSw2QkFBaUIsRUFBQyxjQUFjLENBQUMsU0FBUyxDQUFDO1lBQ3RELFlBQVksRUFBRSxJQUFBLDZCQUFpQixFQUFDLGNBQWMsQ0FBQyxZQUFZLENBQUM7WUFDNUQsU0FBUyxFQUFFLElBQUEscUNBQXlCLEVBQUMsY0FBYyxDQUFDLFNBQVMsQ0FBQztZQUM5RCxRQUFRLEVBQUUsSUFBQSxxQ0FBeUIsRUFBQyxjQUFjLENBQUMsUUFBUSxDQUFDO1lBQzVELFNBQVMsRUFBRSxJQUFBLDZCQUFpQixFQUFDLGNBQWMsQ0FBQyxTQUFTLENBQUM7U0FDdkQsQ0FBQztJQUNKLENBQUM7Q0FDRjtBQTNLRCxzREEyS0MifQ==

package/dist/cjs/certificates/setup-crypto.d.ts

@@ -0,0 +1,3 @@
+import * as webcrypto from '@peculiar/webcrypto';
+declare const cryptoProvider: webcrypto.Crypto;
+export { cryptoProvider };

package/dist/cjs/certificates/setup-crypto.js

@@ -0,0 +1,48 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.cryptoProvider = void 0;
+const x509 = __importStar(require("@peculiar/x509"));
+const webcrypto = __importStar(require("@peculiar/webcrypto"));
+const pkijs = __importStar(require("pkijs"));
+const cryptoProvider = new webcrypto.Crypto();
+exports.cryptoProvider = cryptoProvider;
+x509.cryptoProvider.set(cryptoProvider);
+pkijs.setEngine('Node', new pkijs.CryptoEngine({ name: 'Node', crypto: cryptoProvider }));
+pkijs.ECNamedCurves.register('K-256', '1.3.132.0.10', 32);
+const originGetAlgorithmByOIDFn = pkijs.CryptoEngine.prototype.getAlgorithmByOID;
+function getAlgorithmByOID(oid, safety, target) {
+    if (oid === '1.3.132.0.10') {
+        return {
+            name: 'K-256',
+        };
+    }
+    return originGetAlgorithmByOIDFn(oid, safety, target);
+}
+pkijs.CryptoEngine.prototype.getAlgorithmByOID = getAlgorithmByOID;
+x509.PemConverter.isPem = (data) => {
+    return typeof data === 'string' && data.startsWith('-----BEGIN');
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2V0dXAtY3J5cHRvLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2NlcnRpZmljYXRlcy9zZXR1cC1jcnlwdG8udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSxxREFBdUM7QUFDdkMsK0RBQWlEO0FBQ2pELDZDQUErQjtBQUUvQixNQUFNLGNBQWMsR0FBRyxJQUFJLFNBQVMsQ0FBQyxNQUFNLEVBQUUsQ0FBQztBQXdCckMsd0NBQWM7QUF0QnZCLElBQUksQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDLGNBQWMsQ0FBQyxDQUFDO0FBRXhDLEtBQUssQ0FBQyxTQUFTLENBQUMsTUFBTSxFQUFFLElBQUksS0FBSyxDQUFDLFlBQVksQ0FBQyxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLGNBQWMsRUFBRSxDQUFDLENBQUMsQ0FBQztBQUUxRixLQUFLLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxPQUFPLEVBQUUsY0FBYyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0FBRTFELE1BQU0seUJBQXlCLEdBQUcsS0FBSyxDQUFDLFlBQVksQ0FBQyxTQUFTLENBQUMsaUJBQWlCLENBQUM7QUFDakYsU0FBUyxpQkFBaUIsQ0FBQyxHQUFXLEVBQUUsTUFBZ0IsRUFBRSxNQUFlO0lBQ3ZFLElBQUksR0FBRyxLQUFLLGNBQWMsRUFBRSxDQUFDO1FBQzNCLE9BQU87WUFDTCxJQUFJLEVBQUUsT0FBTztTQUNkLENBQUM7SUFDSixDQUFDO0lBRUQsT0FBTyx5QkFBeUIsQ0FBQyxHQUFHLEVBQUUsTUFBTSxFQUFFLE1BQU0sQ0FBQyxDQUFDO0FBQ3hELENBQUM7QUFDRCxLQUFLLENBQUMsWUFBWSxDQUFDLFNBQVMsQ0FBQyxpQkFBaUIsR0FBRyxpQkFBaUIsQ0FBQztBQUVuRSxJQUFJLENBQUMsWUFBWSxDQUFDLEtBQUssR0FBRyxDQUFDLElBQVksRUFBa0IsRUFBRTtJQUN6RCxPQUFPLE9BQU8sSUFBSSxLQUFLLFFBQVEsSUFBSSxJQUFJLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FBQyxDQUFDO0FBQ25FLENBQUMsQ0FBQyJ9