dosipas-ts 1.0.0

package/dist/signature-fixtures.js

@@ -0,0 +1,142 @@
+/**
+ * Signature fixture data extracted from real-world ticket barcodes.
+ *
+ * These fixtures contain the DER-encoded signatures and security metadata
+ * for use in signature verification unit tests.
+ *
+ * Source tickets: intercode6-ts/src/fixtures.ts
+ *   - SNCF_TER_TICKET_HEX
+ *   - SOLEA_TICKET_HEX
+ *   - CTS_TICKET_HEX
+ */
+// ---------------------------------------------------------------------------
+// SNCF TER ticket
+// ---------------------------------------------------------------------------
+export const SNCF_TER_SIGNATURES = {
+    /** Issuer RICS code (securityProviderNum) — used to look up level 1 key. */
+    securityProviderNum: 1187,
+    /** Key identifier — used with securityProviderNum to find the level 1 key. */
+    keyId: 1,
+    /** Level 1 key algorithm OID: DSA (no named curve). */
+    level1KeyAlg: '2.16.840.1.101.3.4.3.1',
+    /** Level 2 key algorithm OID: secp256r1 (P-256). */
+    level2KeyAlg: '1.2.840.10045.3.1.7',
+    /** Level 1 signing algorithm OID: DSA with SHA-224. */
+    level1SigningAlg: '2.16.840.1.101.3.4.3.1',
+    /** Level 2 signing algorithm OID: ECDSA with SHA-256. */
+    level2SigningAlg: '1.2.840.10045.4.3.2',
+    /**
+     * Level 1 signature — DER-encoded DSA signature (46 bytes).
+     *
+     * SEQUENCE {
+     *   INTEGER r (20 bytes): 7a71a4d9abdf2204ae40d6dd2dff4adb30df5e44
+     *   INTEGER s (20 bytes): 66856f3933964f825f1c825da94a5e3868ffe649
+     * }
+     */
+    level1SignatureHex: '302c02147a71a4d9abdf2204ae40d6dd2dff4adb30df5e44' +
+        '021466856f3933964f825f1c825da94a5e3868ffe649',
+    /**
+     * Level 2 signature — DER-encoded ECDSA P-256 signature (70 bytes).
+     *
+     * SEQUENCE {
+     *   INTEGER r (32 bytes): 24df3d92d8f23d0b01572732e3752ce179f65a8160128341b86f9772f6677a14
+     *   INTEGER s (32 bytes): 149d2950f3925fea703f4048eb3ada17649cdd2228ab5319cbd9c0d59d5cf603
+     * }
+     */
+    level2SignatureHex: '3044022024df3d92d8f23d0b01572732e3752ce179f65a81' +
+        '60128341b86f9772f6677a140220149d2950f3925fea703f' +
+        '4048eb3ada17649cdd2228ab5319cbd9c0d59d5cf603',
+};
+// ---------------------------------------------------------------------------
+// Soléa ticket
+// ---------------------------------------------------------------------------
+export const SOLEA_SIGNATURES = {
+    /** Issuer RICS code (securityProviderNum) — used to look up level 1 key. */
+    securityProviderNum: 1187,
+    /** Key identifier — used with securityProviderNum to find the level 1 key. */
+    keyId: 1,
+    /** Level 1 key algorithm OID: secp256r1 (P-256). */
+    level1KeyAlg: '1.2.840.10045.3.1.7',
+    /** Level 2 key algorithm OID: secp256r1 (P-256). */
+    level2KeyAlg: '1.2.840.10045.3.1.7',
+    /** Level 1 signing algorithm OID: ECDSA with SHA-256. */
+    level1SigningAlg: '1.2.840.10045.4.3.2',
+    /** Level 2 signing algorithm OID: ECDSA with SHA-256. */
+    level2SigningAlg: '1.2.840.10045.4.3.2',
+    /**
+     * Level 1 signature — DER-encoded ECDSA P-256 signature (71 bytes).
+     *
+     * SEQUENCE {
+     *   INTEGER r (33 bytes, 0x00-padded): 00c02fa08b4a288401a053dd250c1f748ae51d16b9aac26eacc09056695f0abe68
+     *   INTEGER s (32 bytes):              50c1f1b13a5e8e126441f84159e5b3188d505e73354492b8de369441daa7285b
+     * }
+     */
+    level1SignatureHex: '30450221' +
+        '00c02fa08b4a288401a053dd250c1f748ae51d16b9aac26e' +
+        'acc09056695f0abe68' +
+        '0220' +
+        '50c1f1b13a5e8e126441f84159e5b3188d505e73354492b8' +
+        'de369441daa7285b',
+    /**
+     * Level 2 signature — DER-encoded ECDSA P-256 signature (71 bytes).
+     *
+     * SEQUENCE {
+     *   INTEGER r (32 bytes):              2a79f008376051f020eae108d0e9950314cac19c4c580249be4b530ec2250ccb
+     *   INTEGER s (33 bytes, 0x00-padded): 00a00d805f051efcd130b17b76bf10969b626ed026423f6024d34446eae9168fa3
+     * }
+     */
+    level2SignatureHex: '30450220' +
+        '2a79f008376051f020eae108d0e9950314cac19c4c580249' +
+        'be4b530ec2250ccb' +
+        '0221' +
+        '00a00d805f051efcd130b17b76bf10969b626ed026423f60' +
+        '24d34446eae9168fa3',
+};
+// ---------------------------------------------------------------------------
+// CTS ticket
+// ---------------------------------------------------------------------------
+export const CTS_SIGNATURES = {
+    /** Issuer RICS code (securityProviderNum) — used to look up level 1 key. */
+    securityProviderNum: 1187,
+    /** Key identifier — used with securityProviderNum to find the level 1 key. */
+    keyId: 1,
+    /** Level 1 key algorithm OID: secp256r1 (P-256). */
+    level1KeyAlg: '1.2.840.10045.3.1.7',
+    /** Level 2 key algorithm OID: secp256r1 (P-256). */
+    level2KeyAlg: '1.2.840.10045.3.1.7',
+    /** Level 1 signing algorithm OID: ECDSA with SHA-256. */
+    level1SigningAlg: '1.2.840.10045.4.3.2',
+    /** Level 2 signing algorithm OID: ECDSA with SHA-256. */
+    level2SigningAlg: '1.2.840.10045.4.3.2',
+    /**
+     * Level 1 signature — DER-encoded ECDSA P-256 signature (72 bytes).
+     *
+     * SEQUENCE {
+     *   INTEGER r (33 bytes, 0x00-padded): 008974af39d91452785b211f49ec2e36302b2b73ec3b99f5cdba5f1bf5c9e7cb72
+     *   INTEGER s (33 bytes, 0x00-padded): 00f468337ab677c729a43b601c8df31f0c9c9923be5711ace720943c1f99b2a34b
+     * }
+     */
+    level1SignatureHex: '30460221' +
+        '008974af39d91452785b211f49ec2e36302b2b73ec3b99f5' +
+        'cdba5f1bf5c9e7cb72' +
+        '0221' +
+        '00f468337ab677c729a43b601c8df31f0c9c9923be5711ac' +
+        'e720943c1f99b2a34b',
+    /**
+     * Level 2 signature — DER-encoded ECDSA P-256 signature (71 bytes).
+     *
+     * SEQUENCE {
+     *   INTEGER r (32 bytes):              2a79f008376051f020eae108d0e9950314cac19c4c580249be4b530ec2250ccb
+     *   INTEGER s (33 bytes, 0x00-padded): 00a00d805f051efcd130b17b76bf10969b626ed026423f6024d34446eae9168fa3
+     * }
+     *
+     * Note: identical to Soléa level2Signature (same level 2 key pair).
+     */
+    level2SignatureHex: '30450220' +
+        '2a79f008376051f020eae108d0e9950314cac19c4c580249' +
+        'be4b530ec2250ccb' +
+        '0221' +
+        '00a00d805f051efcd130b17b76bf10969b626ed026423f60' +
+        '24d34446eae9168fa3',
+};
+//# sourceMappingURL=signature-fixtures.js.map

package/dist/signature-fixtures.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signature-fixtures.js","sourceRoot":"","sources":["../src/signature-fixtures.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAE9E,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,4EAA4E;IAC5E,mBAAmB,EAAE,IAAI;IACzB,8EAA8E;IAC9E,KAAK,EAAE,CAAC;IACR,uDAAuD;IACvD,YAAY,EAAE,wBAAwB;IACtC,oDAAoD;IACpD,YAAY,EAAE,qBAAqB;IACnC,uDAAuD;IACvD,gBAAgB,EAAE,wBAAwB;IAC1C,yDAAyD;IACzD,gBAAgB,EAAE,qBAAqB;IAEvC;;;;;;;OAOG;IACH,kBAAkB,EAChB,kDAAkD;QAClD,8CAA8C;IAEhD;;;;;;;OAOG;IACH,kBAAkB,EAChB,kDAAkD;QAClD,kDAAkD;QAClD,8CAA8C;CACxC,CAAC;AAEX,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,4EAA4E;IAC5E,mBAAmB,EAAE,IAAI;IACzB,8EAA8E;IAC9E,KAAK,EAAE,CAAC;IACR,oDAAoD;IACpD,YAAY,EAAE,qBAAqB;IACnC,oDAAoD;IACpD,YAAY,EAAE,qBAAqB;IACnC,yDAAyD;IACzD,gBAAgB,EAAE,qBAAqB;IACvC,yDAAyD;IACzD,gBAAgB,EAAE,qBAAqB;IAEvC;;;;;;;OAOG;IACH,kBAAkB,EAChB,UAAU;QACV,kDAAkD;QAClD,oBAAoB;QACpB,MAAM;QACN,kDAAkD;QAClD,kBAAkB;IAEpB;;;;;;;OAOG;IACH,kBAAkB,EAChB,UAAU;QACV,kDAAkD;QAClD,kBAAkB;QAClB,MAAM;QACN,kDAAkD;QAClD,oBAAoB;CACd,CAAC;AAEX,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,4EAA4E;IAC5E,mBAAmB,EAAE,IAAI;IACzB,8EAA8E;IAC9E,KAAK,EAAE,CAAC;IACR,oDAAoD;IACpD,YAAY,EAAE,qBAAqB;IACnC,oDAAoD;IACpD,YAAY,EAAE,qBAAqB;IACnC,yDAAyD;IACzD,gBAAgB,EAAE,qBAAqB;IACvC,yDAAyD;IACzD,gBAAgB,EAAE,qBAAqB;IAEvC;;;;;;;OAOG;IACH,kBAAkB,EAChB,UAAU;QACV,kDAAkD;QAClD,oBAAoB;QACpB,MAAM;QACN,kDAAkD;QAClD,oBAAoB;IAEtB;;;;;;;;;OASG;IACH,kBAAkB,EAChB,UAAU;QACV,kDAAkD;QAClD,kBAAkB;QAClB,MAAM;QACN,kDAAkD;QAClD,oBAAoB;CACd,CAAC"}

package/dist/signature-utils.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Signature format utilities for UIC barcode verification.
+ *
+ * Handles DER-to-raw conversion for ECDSA/DSA signatures and
+ * public key format detection/extraction.
+ */
+/**
+ * Parse a DER-encoded ECDSA/DSA signature into raw (r || s) concatenation.
+ *
+ * DER format:
+ *   SEQUENCE { INTEGER r, INTEGER s }
+ *
+ * Raw format:
+ *   r (componentLength bytes) || s (componentLength bytes)
+ *
+ * @param der - DER-encoded signature bytes
+ * @param componentLength - Byte length of each component (32 for P-256, 48 for P-384, etc.)
+ * @returns Raw (r || s) bytes
+ */
+export declare function derToRaw(der: Uint8Array, componentLength: number): Uint8Array;
+/**
+ * Extract the raw EC public key point from a key that may be in SPKI DER format
+ * or already a raw point (compressed or uncompressed).
+ *
+ * @param keyBytes - Public key bytes (SPKI DER or raw point)
+ * @returns Raw EC point bytes (compressed or uncompressed)
+ */
+export declare function extractEcPublicKeyPoint(keyBytes: Uint8Array): Uint8Array;
+//# sourceMappingURL=signature-utils.d.ts.map

package/dist/signature-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signature-utils.d.ts","sourceRoot":"","sources":["../src/signature-utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;;;;;;;;;;GAYG;AACH,wBAAgB,QAAQ,CAAC,GAAG,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,GAAG,UAAU,CA4C7E;AAUD;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,UAAU,GAAG,UAAU,CA4BxE"}

package/dist/signature-utils.js

@@ -0,0 +1,201 @@
+/**
+ * Signature format utilities for UIC barcode verification.
+ *
+ * Handles DER-to-raw conversion for ECDSA/DSA signatures and
+ * public key format detection/extraction.
+ */
+/**
+ * Parse a DER-encoded ECDSA/DSA signature into raw (r || s) concatenation.
+ *
+ * DER format:
+ *   SEQUENCE { INTEGER r, INTEGER s }
+ *
+ * Raw format:
+ *   r (componentLength bytes) || s (componentLength bytes)
+ *
+ * @param der - DER-encoded signature bytes
+ * @param componentLength - Byte length of each component (32 for P-256, 48 for P-384, etc.)
+ * @returns Raw (r || s) bytes
+ */
+export function derToRaw(der, componentLength) {
+    if (der[0] !== 0x30) {
+        throw new Error(`Invalid DER signature: expected SEQUENCE tag 0x30, got 0x${der[0].toString(16)}`);
+    }
+    // Parse SEQUENCE length
+    let offset = 1;
+    let seqLen = der[offset++];
+    if (seqLen & 0x80) {
+        const lenBytes = seqLen & 0x7f;
+        seqLen = 0;
+        for (let i = 0; i < lenBytes; i++) {
+            seqLen = (seqLen << 8) | der[offset++];
+        }
+    }
+    // Parse r INTEGER
+    if (der[offset++] !== 0x02) {
+        throw new Error('Invalid DER signature: expected INTEGER tag for r');
+    }
+    const rLen = der[offset++];
+    const rStart = offset;
+    offset += rLen;
+    // Parse s INTEGER
+    if (der[offset++] !== 0x02) {
+        throw new Error('Invalid DER signature: expected INTEGER tag for s');
+    }
+    const sLen = der[offset++];
+    const sStart = offset;
+    const raw = new Uint8Array(componentLength * 2);
+    // Copy r: strip leading 0x00 padding, right-align into componentLength bytes
+    const rPad = rLen > componentLength ? rLen - componentLength : 0;
+    const rDst = componentLength - (rLen - rPad);
+    raw.set(der.slice(rStart + rPad, rStart + rLen), rDst);
+    // Copy s: strip leading 0x00 padding, right-align into componentLength bytes
+    const sPad = sLen > componentLength ? sLen - componentLength : 0;
+    const sDst = componentLength + componentLength - (sLen - sPad);
+    raw.set(der.slice(sStart + sPad, sStart + sLen), sDst);
+    return raw;
+}
+/** SPKI header for EC P-256 (26 bytes: SEQUENCE > SEQUENCE > OID ecPublicKey > OID P-256 > BIT STRING). */
+const SPKI_P256_HEADER = new Uint8Array([
+    0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
+    0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
+    0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
+    0x42, 0x00,
+]);
+/**
+ * Extract the raw EC public key point from a key that may be in SPKI DER format
+ * or already a raw point (compressed or uncompressed).
+ *
+ * @param keyBytes - Public key bytes (SPKI DER or raw point)
+ * @returns Raw EC point bytes (compressed or uncompressed)
+ */
+export function extractEcPublicKeyPoint(keyBytes) {
+    // Already a raw point (uncompressed 0x04 or compressed 0x02/0x03)
+    if (keyBytes[0] === 0x04 || keyBytes[0] === 0x02 || keyBytes[0] === 0x03) {
+        return keyBytes;
+    }
+    // DER-encoded structure (starts with SEQUENCE tag 0x30)
+    if (keyBytes[0] === 0x30 && keyBytes.length > 33) {
+        // Check for P-256 SPKI header (91 bytes: 26 header + 65 point)
+        if (keyBytes.length === 91 && startsWith(keyBytes, SPKI_P256_HEADER)) {
+            return keyBytes.slice(26);
+        }
+        // Could be an X.509 certificate or an SPKI structure.
+        // Try extracting from X.509 first (certificates are longer, typically > 100 bytes),
+        // fall back to SPKI extraction.
+        if (keyBytes.length > 100) {
+            try {
+                return extractPointFromX509Certificate(keyBytes);
+            }
+            catch {
+                // Not a valid certificate, try as SPKI
+            }
+        }
+        return extractPointFromSpki(keyBytes);
+    }
+    throw new Error(`Unrecognized public key format: first byte 0x${keyBytes[0].toString(16)}, length ${keyBytes.length}`);
+}
+function startsWith(data, prefix) {
+    if (data.length < prefix.length)
+        return false;
+    for (let i = 0; i < prefix.length; i++) {
+        if (data[i] !== prefix[i])
+            return false;
+    }
+    return true;
+}
+/**
+ * Extract EC point from a generic SPKI DER structure.
+ * Walks the ASN.1 structure to find the BIT STRING containing the public key.
+ */
+function extractPointFromSpki(spki) {
+    let offset = 0;
+    // Outer SEQUENCE
+    if (spki[offset++] !== 0x30)
+        throw new Error('Expected SEQUENCE');
+    const outerLen = parseDerLength(spki, offset);
+    offset = outerLen.offset;
+    // AlgorithmIdentifier SEQUENCE (skip it)
+    if (spki[offset++] !== 0x30)
+        throw new Error('Expected AlgorithmIdentifier SEQUENCE');
+    const algLen = parseDerLength(spki, offset);
+    offset = algLen.offset + algLen.length;
+    // BIT STRING containing the public key
+    if (spki[offset++] !== 0x03)
+        throw new Error('Expected BIT STRING');
+    const bitStringLen = parseDerLength(spki, offset);
+    offset = bitStringLen.offset;
+    // Skip unused bits count byte (should be 0)
+    offset++;
+    // The rest is the raw public key point
+    return spki.slice(offset, offset + bitStringLen.length - 1);
+}
+/**
+ * Extract the EC public key point from a DER-encoded X.509 certificate.
+ *
+ * X.509 structure:
+ *   SEQUENCE {
+ *     SEQUENCE (tbsCertificate) {
+ *       [0] EXPLICIT version, INTEGER serial, SEQUENCE algo,
+ *       SEQUENCE issuer, SEQUENCE validity, SEQUENCE subject,
+ *       SEQUENCE (subjectPublicKeyInfo) { ... }
+ *     }
+ *     SEQUENCE (signatureAlgorithm), BIT STRING (signature)
+ *   }
+ *
+ * We walk through tbsCertificate fields to find the SPKI, then extract the key.
+ */
+function extractPointFromX509Certificate(cert) {
+    let offset = 0;
+    // Outer SEQUENCE
+    if (cert[offset++] !== 0x30)
+        throw new Error('Expected SEQUENCE (certificate)');
+    const certLen = parseDerLength(cert, offset);
+    offset = certLen.offset;
+    // tbsCertificate SEQUENCE
+    if (cert[offset++] !== 0x30)
+        throw new Error('Expected SEQUENCE (tbsCertificate)');
+    const tbsLen = parseDerLength(cert, offset);
+    offset = tbsLen.offset;
+    // [0] EXPLICIT version (optional, tag = 0xA0)
+    if (cert[offset] === 0xa0) {
+        offset++;
+        const vLen = parseDerLength(cert, offset);
+        offset = vLen.offset + vLen.length;
+    }
+    // INTEGER serialNumber
+    skipDerElement(cert, offset, (o) => { offset = o; });
+    // SEQUENCE signature (algorithm)
+    skipDerElement(cert, offset, (o) => { offset = o; });
+    // SEQUENCE issuer
+    skipDerElement(cert, offset, (o) => { offset = o; });
+    // SEQUENCE validity
+    skipDerElement(cert, offset, (o) => { offset = o; });
+    // SEQUENCE subject
+    skipDerElement(cert, offset, (o) => { offset = o; });
+    // SEQUENCE subjectPublicKeyInfo — this is the SPKI
+    if (cert[offset] !== 0x30)
+        throw new Error('Expected SEQUENCE (subjectPublicKeyInfo)');
+    const spkiStart = offset;
+    const spkiTagLen = parseDerLength(cert, offset + 1);
+    const spkiTotalLen = 1 + (spkiTagLen.offset - (offset + 1)) + spkiTagLen.length;
+    const spki = cert.slice(spkiStart, spkiStart + spkiTotalLen);
+    return extractPointFromSpki(spki);
+}
+function skipDerElement(data, offset, cb) {
+    offset++; // skip tag
+    const len = parseDerLength(data, offset);
+    cb(len.offset + len.length);
+}
+function parseDerLength(data, offset) {
+    let len = data[offset++];
+    if (len & 0x80) {
+        const numBytes = len & 0x7f;
+        len = 0;
+        for (let i = 0; i < numBytes; i++) {
+            len = (len << 8) | data[offset++];
+        }
+    }
+    return { length: len, offset };
+}
+//# sourceMappingURL=signature-utils.js.map

package/dist/signature-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signature-utils.js","sourceRoot":"","sources":["../src/signature-utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,QAAQ,CAAC,GAAe,EAAE,eAAuB;IAC/D,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,4DAA4D,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IACrG,CAAC;IAED,wBAAwB;IACxB,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,IAAI,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3B,IAAI,MAAM,GAAG,IAAI,EAAE,CAAC;QAClB,MAAM,QAAQ,GAAG,MAAM,GAAG,IAAI,CAAC;QAC/B,MAAM,GAAG,CAAC,CAAC;QACX,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC;YAClC,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,kBAAkB;IAClB,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IACD,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3B,MAAM,MAAM,GAAG,MAAM,CAAC;IACtB,MAAM,IAAI,IAAI,CAAC;IAEf,kBAAkB;IAClB,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IACD,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3B,MAAM,MAAM,GAAG,MAAM,CAAC;IAEtB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,eAAe,GAAG,CAAC,CAAC,CAAC;IAEhD,6EAA6E;IAC7E,MAAM,IAAI,GAAG,IAAI,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;IACjE,MAAM,IAAI,GAAG,eAAe,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IAC7C,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC,EAAE,IAAI,CAAC,CAAC;IAEvD,6EAA6E;IAC7E,MAAM,IAAI,GAAG,IAAI,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;IACjE,MAAM,IAAI,GAAG,eAAe,GAAG,eAAe,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IAC/D,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC,EAAE,IAAI,CAAC,CAAC;IAEvD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,2GAA2G;AAC3G,MAAM,gBAAgB,GAAG,IAAI,UAAU,CAAC;IACtC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAC9C,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAC9C,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IAC9C,IAAI,EAAE,IAAI;CACX,CAAC,CAAC;AAEH;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CAAC,QAAoB;IAC1D,kEAAkE;IAClE,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACzE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,wDAAwD;IACxD,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,QAAQ,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACjD,+DAA+D;QAC/D,IAAI,QAAQ,CAAC,MAAM,KAAK,EAAE,IAAI,UAAU,CAAC,QAAQ,EAAE,gBAAgB,CAAC,EAAE,CAAC;YACrE,OAAO,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC5B,CAAC;QAED,sDAAsD;QACtD,oFAAoF;QACpF,gCAAgC;QAChC,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YAC1B,IAAI,CAAC;gBACH,OAAO,+BAA+B,CAAC,QAAQ,CAAC,CAAC;YACnD,CAAC;YAAC,MAAM,CAAC;gBACP,uCAAuC;YACzC,CAAC;QACH,CAAC;QAED,OAAO,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,gDAAgD,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,YAAY,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;AACzH,CAAC;AAED,SAAS,UAAU,CAAC,IAAgB,EAAE,MAAkB;IACtD,IAAI,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC9C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;IAC1C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAAC,IAAgB;IAC5C,IAAI,MAAM,GAAG,CAAC,CAAC;IAEf,iBAAiB;IACjB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,KAAK,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IAClE,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC9C,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;IAEzB,yCAAyC;IACzC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,KAAK,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IACtF,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5C,MAAM,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAEvC,uCAAuC;IACvC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,KAAK,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,cAAc,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAClD,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;IAE7B,4CAA4C;IAC5C,MAAM,EAAE,CAAC;IAET,uCAAuC;IACvC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AAC9D,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,SAAS,+BAA+B,CAAC,IAAgB;IACvD,IAAI,MAAM,GAAG,CAAC,CAAC;IAEf,iBAAiB;IACjB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,KAAK,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IAChF,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC7C,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAExB,0BAA0B;IAC1B,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,KAAK,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACnF,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5C,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAEvB,8CAA8C;IAC9C,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;QAC1B,MAAM,EAAE,CAAC;QACT,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC1C,MAAM,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IACrC,CAAC;IAED,uBAAuB;IACvB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,GAAG,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAErD,iCAAiC;IACjC,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,GAAG,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAErD,kBAAkB;IAClB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,GAAG,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAErD,oBAAoB;IACpB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,GAAG,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAErD,mBAAmB;IACnB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,GAAG,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAErD,mDAAmD;IACnD,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IACvF,MAAM,SAAS,GAAG,MAAM,CAAC;IACzB,MAAM,UAAU,GAAG,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,CAAC,CAAC,CAAC;IACpD,MAAM,YAAY,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC;IAChF,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,SAAS,GAAG,YAAY,CAAC,CAAC;IAE7D,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,cAAc,CAAC,IAAgB,EAAE,MAAc,EAAE,EAA+B;IACvF,MAAM,EAAE,CAAC,CAAC,WAAW;IACrB,MAAM,GAAG,GAAG,cAAc,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACzC,EAAE,CAAC,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;AAC9B,CAAC;AAED,SAAS,cAAc,CAAC,IAAgB,EAAE,MAAc;IACtD,IAAI,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACzB,IAAI,GAAG,GAAG,IAAI,EAAE,CAAC;QACf,MAAM,QAAQ,GAAG,GAAG,GAAG,IAAI,CAAC;QAC5B,GAAG,GAAG,CAAC,CAAC;QACR,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC;YAClC,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;AACjC,CAAC"}

package/dist/signed-data.d.ts

@@ -0,0 +1,32 @@
+/** Extracted signed data bytes and security metadata from a UIC barcode. */
+export interface ExtractedSignedData {
+    /** The exact bytes of `level1Data` — signed by level1Signature. */
+    level1DataBytes: Uint8Array;
+    /** The exact bytes of `level2SignedData` — signed by level2Signature. */
+    level2SignedBytes: Uint8Array;
+    /** Security metadata extracted from the decoded header. */
+    security: {
+        securityProviderNum?: number;
+        securityProviderIA5?: string;
+        keyId?: number;
+        level1KeyAlg?: string;
+        level2KeyAlg?: string;
+        level1SigningAlg?: string;
+        level2SigningAlg?: string;
+        level2PublicKey?: Uint8Array;
+        level1Signature?: Uint8Array;
+        level2Signature?: Uint8Array;
+    };
+}
+/**
+ * Extract the signed data bytes and security metadata from a UIC barcode.
+ *
+ * This decodes the barcode header with metadata tracking, then reads the
+ * exact original bytes from the source buffer via `rawBytes`. No re-encoding
+ * is performed.
+ *
+ * @param bytes - The raw barcode payload bytes.
+ * @returns Extracted signed bytes and security metadata.
+ */
+export declare function extractSignedData(bytes: Uint8Array): ExtractedSignedData;
+//# sourceMappingURL=signed-data.d.ts.map

package/dist/signed-data.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signed-data.d.ts","sourceRoot":"","sources":["../src/signed-data.ts"],"names":[],"mappings":"AAuCA,4EAA4E;AAC5E,MAAM,WAAW,mBAAmB;IAClC,mEAAmE;IACnE,eAAe,EAAE,UAAU,CAAC;IAC5B,yEAAyE;IACzE,iBAAiB,EAAE,UAAU,CAAC;IAE9B,2DAA2D;IAC3D,QAAQ,EAAE;QACR,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,eAAe,CAAC,EAAE,UAAU,CAAC;QAC7B,eAAe,CAAC,EAAE,UAAU,CAAC;QAC7B,eAAe,CAAC,EAAE,UAAU,CAAC;KAC9B,CAAC;CACH;AAMD;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,UAAU,GAAG,mBAAmB,CA6CxE"}

package/dist/signed-data.js

@@ -0,0 +1,87 @@
+/**
+ * Signed data extraction for UIC barcode signature verification.
+ *
+ * Uses `decodeWithMetadata` to extract the exact original bytes that were
+ * signed, avoiding any re-encoding that could introduce mismatches.
+ */
+import { SchemaCodec, SchemaBuilder, BitBuffer, } from 'asn1-per-ts';
+import { HEADER_SCHEMAS } from './schemas';
+// ---------------------------------------------------------------------------
+// Codec cache (separate from decoder/encoder to avoid coupling)
+// ---------------------------------------------------------------------------
+const headerCodecCache = new Map();
+function getHeaderCodec(version) {
+    let codec = headerCodecCache.get(version);
+    if (codec)
+        return codec;
+    const schemas = HEADER_SCHEMAS[version];
+    if (!schemas) {
+        throw new Error(`No schema for header v${version}. Supported: v1, v2`);
+    }
+    codec = new SchemaCodec(schemas.UicBarcodeHeader);
+    headerCodecCache.set(version, codec);
+    return codec;
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+/**
+ * Extract the signed data bytes and security metadata from a UIC barcode.
+ *
+ * This decodes the barcode header with metadata tracking, then reads the
+ * exact original bytes from the source buffer via `rawBytes`. No re-encoding
+ * is performed.
+ *
+ * @param bytes - The raw barcode payload bytes.
+ * @returns Extracted signed bytes and security metadata.
+ */
+export function extractSignedData(bytes) {
+    // Peek the header version
+    const peekBuf = BitBuffer.from(bytes);
+    peekBuf.readBit(); // skip optional bitmap
+    const format = SchemaBuilder.build({ type: 'IA5String' }).decode(peekBuf);
+    const headerVersionMatch = format.match(/^U(\d+)$/);
+    if (!headerVersionMatch) {
+        throw new Error(`Unknown header format "${format}"`);
+    }
+    const headerVersion = parseInt(headerVersionMatch[1], 10);
+    // Decode with metadata to get exact byte positions
+    const codec = getHeaderCodec(headerVersion);
+    const root = codec.decodeWithMetadata(bytes);
+    // Navigate the metadata tree
+    const headerFields = root.value;
+    // level2SignedData node — its rawBytes are what level2Signature signs
+    const level2SignedDataNode = headerFields.level2SignedData;
+    const level2SignedBytes = level2SignedDataNode.meta.rawBytes;
+    // level1Data node — its rawBytes are what level1Signature signs
+    const l2Fields = level2SignedDataNode.value;
+    const level1DataNode = l2Fields.level1Data;
+    const level1DataBytes = level1DataNode.meta.rawBytes;
+    // Extract security metadata by stripping metadata from the relevant nodes
+    const l1Fields = level1DataNode.value;
+    const security = {
+        securityProviderNum: getNodeValue(l1Fields.securityProviderNum),
+        securityProviderIA5: getNodeValue(l1Fields.securityProviderIA5),
+        keyId: getNodeValue(l1Fields.keyId),
+        level1KeyAlg: getNodeValue(l1Fields.level1KeyAlg),
+        level2KeyAlg: getNodeValue(l1Fields.level2KeyAlg),
+        level1SigningAlg: getNodeValue(l1Fields.level1SigningAlg),
+        level2SigningAlg: getNodeValue(l1Fields.level2SigningAlg),
+        level2PublicKey: getNodeValue(l1Fields.level2PublicKey),
+        level1Signature: getNodeValue(l2Fields.level1Signature),
+        level2Signature: getNodeValue(headerFields.level2Signature),
+    };
+    return { level1DataBytes, level2SignedBytes, security };
+}
+/**
+ * Get the plain value from a DecodedNode, handling optional/absent fields.
+ */
+function getNodeValue(node) {
+    if (!node)
+        return undefined;
+    if (node.meta.optional && !node.meta.present && !node.meta.isDefault) {
+        return undefined;
+    }
+    return node.value;
+}
+//# sourceMappingURL=signed-data.js.map

package/dist/signed-data.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signed-data.js","sourceRoot":"","sources":["../src/signed-data.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EACL,WAAW,EACX,aAAa,EACb,SAAS,GAIV,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAE3C,8EAA8E;AAC9E,gEAAgE;AAChE,8EAA8E;AAE9E,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAuB,CAAC;AAExD,SAAS,cAAc,CAAC,OAAe;IACrC,IAAI,KAAK,GAAG,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC1C,IAAI,KAAK;QAAE,OAAO,KAAK,CAAC;IACxB,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IACxC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,yBAAyB,OAAO,qBAAqB,CAAC,CAAC;IACzE,CAAC;IACD,KAAK,GAAG,IAAI,WAAW,CAAC,OAAO,CAAC,gBAA8B,CAAC,CAAC;IAChE,gBAAgB,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,KAAK,CAAC;AACf,CAAC;AA4BD,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E;;;;;;;;;GASG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAiB;IACjD,0BAA0B;IAC1B,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,uBAAuB;IAC1C,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,WAAW,EAAgB,CAAC,CAAC,MAAM,CAAC,OAAO,CAAW,CAAC;IAElG,MAAM,kBAAkB,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IACpD,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,0BAA0B,MAAM,GAAG,CAAC,CAAC;IACvD,CAAC;IACD,MAAM,aAAa,GAAG,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAE1D,mDAAmD;IACnD,MAAM,KAAK,GAAG,cAAc,CAAC,aAAa,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAgB,KAAK,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAE1D,6BAA6B;IAC7B,MAAM,YAAY,GAAG,IAAI,CAAC,KAAoC,CAAC;IAE/D,sEAAsE;IACtE,MAAM,oBAAoB,GAAG,YAAY,CAAC,gBAAgB,CAAC;IAC3D,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC;IAE7D,gEAAgE;IAChE,MAAM,QAAQ,GAAG,oBAAoB,CAAC,KAAoC,CAAC;IAC3E,MAAM,cAAc,GAAG,QAAQ,CAAC,UAAU,CAAC;IAC3C,MAAM,eAAe,GAAG,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC;IAErD,0EAA0E;IAC1E,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAoC,CAAC;IAErE,MAAM,QAAQ,GAAoC;QAChD,mBAAmB,EAAE,YAAY,CAAC,QAAQ,CAAC,mBAAmB,CAAuB;QACrF,mBAAmB,EAAE,YAAY,CAAC,QAAQ,CAAC,mBAAmB,CAAuB;QACrF,KAAK,EAAE,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAuB;QACzD,YAAY,EAAE,YAAY,CAAC,QAAQ,CAAC,YAAY,CAAuB;QACvE,YAAY,EAAE,YAAY,CAAC,QAAQ,CAAC,YAAY,CAAuB;QACvE,gBAAgB,EAAE,YAAY,CAAC,QAAQ,CAAC,gBAAgB,CAAuB;QAC/E,gBAAgB,EAAE,YAAY,CAAC,QAAQ,CAAC,gBAAgB,CAAuB;QAC/E,eAAe,EAAE,YAAY,CAAC,QAAQ,CAAC,eAAe,CAA2B;QACjF,eAAe,EAAE,YAAY,CAAC,QAAQ,CAAC,eAAe,CAA2B;QACjF,eAAe,EAAE,YAAY,CAAC,YAAY,CAAC,eAAe,CAA2B;KACtF,CAAC;IAEF,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,QAAQ,EAAE,CAAC;AAC1D,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,IAA6B;IACjD,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAC;IAC5B,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;QACrE,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,IAAI,CAAC,KAAK,CAAC;AACpB,CAAC"}