edockit 0.1.1-beta.0

package/dist/index.cjs.js

@@ -0,0 +1,1787 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var fflate = require('fflate');
+var x509 = require('@peculiar/x509');
+
+/**
+ * Recursive DOM traversal to find elements with a given tag name
+ * (Fallback method when XPath is not available or fails)
+ *
+ * @param parent The parent element to search within
+ * @param selector CSS-like selector with namespace support (e.g., "ds:SignedInfo, SignedInfo")
+ * @returns Array of matching elements
+ */
+function findElementsByTagNameRecursive(parent, selector) {
+    const results = [];
+    const selectors = selector.split(",").map((s) => s.trim());
+    // Parse each selector part to extract namespace and local name
+    const parsedSelectors = [];
+    for (const sel of selectors) {
+        const parts = sel.split(/\\:|:/).filter(Boolean);
+        if (parts.length === 1) {
+            parsedSelectors.push({ name: parts[0] });
+        }
+        else if (parts.length === 2) {
+            parsedSelectors.push({ ns: parts[0], name: parts[1] });
+        }
+    }
+    // Recursive search function - keep the original node references
+    function searchNode(node) {
+        if (!node)
+            return;
+        if (node.nodeType === 1) {
+            // Element node - make sure we're working with an actual DOM Element
+            const element = node;
+            const nodeName = element.nodeName;
+            const localName = element.localName;
+            // Check if this element matches any of our selectors
+            for (const sel of parsedSelectors) {
+                // Match by full nodeName (which might include namespace prefix)
+                if (sel.ns && nodeName === `${sel.ns}:${sel.name}`) {
+                    results.push(element); // Store the actual DOM element reference
+                    break;
+                }
+                // Match by local name only
+                if (localName === sel.name || nodeName === sel.name) {
+                    results.push(element); // Store the actual DOM element reference
+                    break;
+                }
+                // Match by checking if nodeName ends with the local name
+                if (nodeName.endsWith(`:${sel.name}`)) {
+                    results.push(element); // Store the actual DOM element reference
+                    break;
+                }
+            }
+        }
+        // Search all child nodes
+        if (node.childNodes) {
+            for (let i = 0; i < node.childNodes.length; i++) {
+                searchNode(node.childNodes[i]);
+            }
+        }
+    }
+    searchNode(parent);
+    return results;
+}
+// Known XML namespaces used in XML Signatures and related standards
+const NAMESPACES = {
+    ds: "http://www.w3.org/2000/09/xmldsig#",
+    dsig11: "http://www.w3.org/2009/xmldsig11#",
+    dsig2: "http://www.w3.org/2010/xmldsig2#",
+    ec: "http://www.w3.org/2001/10/xml-exc-c14n#",
+    dsig_more: "http://www.w3.org/2001/04/xmldsig-more#",
+    xenc: "http://www.w3.org/2001/04/xmlenc#",
+    xenc11: "http://www.w3.org/2009/xmlenc11#",
+    xades: "http://uri.etsi.org/01903/v1.3.2#",
+    xades141: "http://uri.etsi.org/01903/v1.4.1#",
+    asic: "http://uri.etsi.org/02918/v1.2.1#",
+};
+/**
+ * Create an XML parser that works in both browser and Node environments
+ */
+function createXMLParser() {
+    // Check if we're in a browser environment with native DOM support
+    if (typeof window !== "undefined" && window.DOMParser) {
+        return new window.DOMParser();
+    }
+    // We're in Node.js, so use xmldom
+    try {
+        // Import dynamically to avoid bundling issues
+        const { DOMParser } = require("@xmldom/xmldom");
+        return new DOMParser();
+    }
+    catch (e) {
+        throw new Error("XML DOM parser not available. In Node.js environments, please install @xmldom/xmldom package.");
+    }
+}
+/**
+ * Uses XPath to find a single element in an XML document
+ *
+ * @param parent The parent element or document to search within
+ * @param xpathExpression The XPath expression to evaluate
+ * @param namespaces Optional namespace mapping (defaults to common XML signature namespaces)
+ * @returns The found element or null
+ */
+function queryByXPath(parent, xpathExpression, namespaces = NAMESPACES) {
+    try {
+        // Browser environment with native XPath
+        if (typeof document !== "undefined" && document.evaluate) {
+            const nsResolver = createNsResolverForBrowser(namespaces);
+            const result = document.evaluate(xpathExpression, parent, nsResolver, XPathResult.FIRST_ORDERED_NODE_TYPE, null);
+            return result.singleNodeValue;
+        }
+        // Node.js environment with xpath module
+        else {
+            const xpath = require("xpath");
+            const nsResolver = createNsResolverForNode(namespaces);
+            // Use a try-catch here to handle specific XPath issues
+            try {
+                const nodes = xpath.select(xpathExpression, parent, nsResolver);
+                return nodes.length > 0 ? nodes[0] : null;
+            }
+            catch (err) {
+                // If we get a namespace error, try a simpler XPath with just local-name()
+                if (typeof err === "object" &&
+                    err !== null &&
+                    "message" in err &&
+                    typeof err.message === "string" &&
+                    err.message.includes("Cannot resolve QName")) {
+                    // Extract the element name we're looking for from the XPath
+                    const match = xpathExpression.match(/local-name\(\)='([^']+)'/);
+                    if (match && match[1]) {
+                        const elementName = match[1];
+                        const simplifiedXPath = `.//*[local-name()='${elementName}']`;
+                        const nodes = xpath.select(simplifiedXPath, parent);
+                        return nodes.length > 0 ? nodes[0] : null;
+                    }
+                }
+                throw err; // Re-throw if we couldn't handle it
+            }
+        }
+    }
+    catch (e) {
+        console.error(`XPath evaluation failed for "${xpathExpression}":`, e);
+        return null;
+    }
+}
+/**
+ * Uses XPath to find all matching elements in an XML document
+ *
+ * @param parent The parent element or document to search within
+ * @param xpathExpression The XPath expression to evaluate
+ * @param namespaces Optional namespace mapping (defaults to common XML signature namespaces)
+ * @returns Array of matching elements
+ */
+function queryAllByXPath(parent, xpathExpression, namespaces = NAMESPACES) {
+    try {
+        // Browser environment with native XPath
+        if (typeof document !== "undefined" && document.evaluate) {
+            const nsResolver = createNsResolverForBrowser(namespaces);
+            const result = document.evaluate(xpathExpression, parent, nsResolver, XPathResult.ORDERED_NODE_SNAPSHOT_TYPE, null);
+            const elements = [];
+            for (let i = 0; i < result.snapshotLength; i++) {
+                elements.push(result.snapshotItem(i));
+            }
+            return elements;
+        }
+        // Node.js environment with xpath module
+        else {
+            const xpath = require("xpath");
+            const nsResolver = createNsResolverForNode(namespaces);
+            // Use a try-catch here to handle specific XPath issues
+            try {
+                const nodes = xpath.select(xpathExpression, parent, nsResolver);
+                return nodes;
+            }
+            catch (err) {
+                // If we get a namespace error, try a simpler XPath with just local-name()
+                if (typeof err === "object" &&
+                    err !== null &&
+                    "message" in err &&
+                    typeof err.message === "string" &&
+                    err.message.includes("Cannot resolve QName")) {
+                    // Extract the element name we're looking for from the XPath
+                    const match = xpathExpression.match(/local-name\(\)='([^']+)'/);
+                    if (match && match[1]) {
+                        const elementName = match[1];
+                        const simplifiedXPath = `.//*[local-name()='${elementName}']`;
+                        const nodes = xpath.select(simplifiedXPath, parent);
+                        return nodes;
+                    }
+                }
+                throw err; // Re-throw if we couldn't handle it
+            }
+        }
+    }
+    catch (e) {
+        console.error(`XPath evaluation failed for "${xpathExpression}":`, e);
+        return [];
+    }
+}
+/**
+ * Helper function to create a namespace resolver for browser environments
+ */
+function createNsResolverForBrowser(namespaces) {
+    return function (prefix) {
+        if (prefix === null)
+            return null;
+        return namespaces[prefix] || null;
+    };
+}
+/**
+ * Helper function to create a namespace resolver for Node.js environments
+ */
+function createNsResolverForNode(namespaces) {
+    return namespaces;
+}
+/**
+ * Converts a CSS-like selector (with namespace support) to an XPath expression
+ *
+ * @param selector CSS-like selector (e.g., "ds:SignedInfo, SignedInfo")
+ * @returns Equivalent XPath expression
+ */
+function selectorToXPath(selector) {
+    // Split by comma to handle alternative selectors
+    const parts = selector.split(",").map((s) => s.trim());
+    const xpathParts = [];
+    for (const part of parts) {
+        // Handle namespaced selectors (both prefix:name and prefix\\:name formats)
+        const segments = part.split(/\\:|:/).filter(Boolean);
+        if (segments.length === 1) {
+            // Simple element name without namespace
+            // Match any element with the right local name
+            xpathParts.push(`.//*[local-name()='${segments[0]}']`);
+        }
+        else if (segments.length === 2) {
+            // Element with namespace prefix - only use local-name() or specific namespace prefix
+            // that we know is registered, avoiding the generic 'ns:' prefix
+            xpathParts.push(`.//${segments[0]}:${segments[1]} | .//*[local-name()='${segments[1]}']`);
+        }
+    }
+    // Join with | operator (XPath's OR)
+    return xpathParts.join(" | ");
+}
+/**
+ * Enhanced querySelector that uses XPath for better namespace handling
+ * (Drop-in replacement for the original querySelector function)
+ *
+ * @param parent The parent element or document to search within
+ * @param selector A CSS-like selector (with namespace handling)
+ * @returns The found element or null
+ */
+function querySelector(parent, selector) {
+    // First try native querySelector if we're in a browser
+    if (typeof parent.querySelector === "function") {
+        try {
+            const result = parent.querySelector(selector);
+            if (result)
+                return result;
+        }
+        catch (e) {
+            // Fallback to XPath if querySelector fails (e.g., due to namespace issues)
+        }
+    }
+    // First try with our enhanced DOM traversal methods (more reliable in some cases)
+    const elements = findElementsByTagNameRecursive(parent, selector);
+    if (elements.length > 0) {
+        return elements[0];
+    }
+    // Then try XPath as a fallback
+    try {
+        const xpath = selectorToXPath(selector);
+        return queryByXPath(parent, xpath);
+    }
+    catch (e) {
+        console.warn("XPath query failed, using direct DOM traversal as fallback");
+        return null;
+    }
+}
+/**
+ * Enhanced querySelectorAll that uses XPath for better namespace handling
+ * (Drop-in replacement for the original querySelectorAll function)
+ *
+ * @param parent The parent element or document to search within
+ * @param selector A CSS-like selector (with namespace handling)
+ * @returns Array of matching elements
+ */
+function querySelectorAll(parent, selector) {
+    // First try native querySelectorAll if we're in a browser
+    if (typeof parent.querySelectorAll === "function") {
+        try {
+            const results = parent.querySelectorAll(selector);
+            if (results.length > 0) {
+                const elements = [];
+                for (let i = 0; i < results.length; i++) {
+                    elements.push(results[i]);
+                }
+                return elements;
+            }
+        }
+        catch (e) {
+            // Fallback to XPath if querySelectorAll fails (e.g., due to namespace issues)
+        }
+    }
+    // First try with our enhanced DOM traversal methods (more reliable in some cases)
+    const elements = findElementsByTagNameRecursive(parent, selector);
+    if (elements.length > 0) {
+        return elements;
+    }
+    // Then try XPath as a fallback
+    try {
+        const xpath = selectorToXPath(selector);
+        return queryAllByXPath(parent, xpath);
+    }
+    catch (e) {
+        console.warn("XPath query failed, using direct DOM traversal as fallback");
+        return [];
+    }
+}
+/**
+ * Serialize a DOM node to XML string
+ */
+function serializeToXML(node) {
+    // Check if we're in a browser environment with native XMLSerializer
+    if (typeof window !== "undefined" && window.XMLSerializer) {
+        return new window.XMLSerializer().serializeToString(node);
+    }
+    // If we're using xmldom
+    try {
+        const { XMLSerializer } = require("@xmldom/xmldom");
+        return new XMLSerializer().serializeToString(node);
+    }
+    catch (e) {
+        throw new Error("XML Serializer not available. In Node.js environments, please install @xmldom/xmldom package.");
+    }
+}
+
+// Canonicalization method URIs
+const CANONICALIZATION_METHODS = {
+    default: "c14n",
+    "http://www.w3.org/TR/2001/REC-xml-c14n-20010315": "c14n",
+    "http://www.w3.org/2006/12/xml-c14n11": "c14n11",
+    "http://www.w3.org/2001/10/xml-exc-c14n#": "c14n_exc",
+};
+// Internal method implementations
+const methods = {
+    c14n: {
+        beforeChildren: () => "",
+        afterChildren: () => "",
+        betweenChildren: () => "",
+        afterElement: () => "",
+        isCanonicalizationMethod: "c14n",
+    },
+    c14n11: {
+        beforeChildren: (hasElementChildren, hasMixedContent) => {
+            // If it's mixed content, don't add newlines
+            if (hasMixedContent)
+                return "";
+            return hasElementChildren ? "\n" : "";
+        },
+        afterChildren: (hasElementChildren, hasMixedContent) => {
+            // If it's mixed content, don't add newlines
+            if (hasMixedContent)
+                return "";
+            return hasElementChildren ? "\n" : "";
+        },
+        betweenChildren: (prevIsElement, nextIsElement, hasMixedContent) => {
+            // If it's mixed content, don't add newlines between elements
+            if (hasMixedContent)
+                return "";
+            // Only add newline between elements
+            return prevIsElement && nextIsElement ? "\n" : "";
+        },
+        afterElement: () => "",
+        isCanonicalizationMethod: "c14n11",
+    },
+    c14n_exc: {
+        beforeChildren: () => "",
+        afterChildren: () => "",
+        betweenChildren: () => "",
+        afterElement: () => "",
+        isCanonicalizationMethod: "c14n_exc",
+    },
+};
+// Define these constants as they're used in the code
+const NODE_TYPES = {
+    ELEMENT_NODE: 1,
+    TEXT_NODE: 3,
+};
+class XMLCanonicalizer {
+    constructor(method = methods.c14n) {
+        this.method = method;
+    }
+    // Static method to get canonicalizer by URI
+    static fromMethod(methodUri) {
+        const methodKey = CANONICALIZATION_METHODS[methodUri];
+        if (!methodKey) {
+            throw new Error(`Unsupported canonicalization method: ${methodUri}`);
+        }
+        return new XMLCanonicalizer(methods[methodKey]);
+    }
+    setMethod(method) {
+        this.method = method;
+    }
+    static escapeXml(text) {
+        return text
+            .replace(/&/g, "&amp;")
+            .replace(/</g, "&lt;")
+            .replace(/>/g, "&gt;")
+            .replace(/"/g, "&quot;")
+            .replace(/'/g, "&apos;");
+    }
+    // Helper method to collect namespaces from ancestors
+    static collectNamespaces(node, visibleNamespaces = new Map()) {
+        let current = node;
+        while (current && current.nodeType === NODE_TYPES.ELEMENT_NODE) {
+            const element = current;
+            // Handle default namespace
+            const xmlnsAttr = element.getAttribute("xmlns");
+            if (xmlnsAttr !== null && !visibleNamespaces.has("")) {
+                visibleNamespaces.set("", xmlnsAttr);
+            }
+            // Handle prefixed namespaces
+            const attrs = element.attributes;
+            for (let i = 0; i < attrs.length; i++) {
+                const attr = attrs[i];
+                if (attr.name.startsWith("xmlns:")) {
+                    const prefix = attr.name.substring(6);
+                    if (!visibleNamespaces.has(prefix)) {
+                        visibleNamespaces.set(prefix, attr.value);
+                    }
+                }
+            }
+            current = current.parentNode;
+        }
+        return visibleNamespaces;
+    }
+    // Helper method to collect namespaces used in the specific element and its descendants
+    static collectUsedNamespaces(node, allVisibleNamespaces = new Map(), inclusivePrefixList = []) {
+        const usedNamespaces = new Map();
+        const visitedPrefixes = new Set(); // Track prefixes we've already processed
+        // Recursive function to check for namespace usage
+        function processNode(currentNode, isRoot = false) {
+            if (currentNode.nodeType === NODE_TYPES.ELEMENT_NODE) {
+                const element = currentNode;
+                // Check element's namespace
+                const elementNs = element.namespaceURI;
+                const elementPrefix = element.prefix || "";
+                if (elementPrefix && elementNs) {
+                    // If this is the root element or a prefix we haven't seen yet
+                    if (isRoot || !visitedPrefixes.has(elementPrefix)) {
+                        visitedPrefixes.add(elementPrefix);
+                        // If the namespace URI matches what we have in allVisibleNamespaces for this prefix
+                        const nsUri = allVisibleNamespaces.get(elementPrefix);
+                        if (nsUri && nsUri === elementNs && !usedNamespaces.has(elementPrefix)) {
+                            usedNamespaces.set(elementPrefix, nsUri);
+                        }
+                    }
+                }
+                // Check attributes for namespaces
+                const attrs = element.attributes;
+                for (let i = 0; i < attrs.length; i++) {
+                    const attr = attrs[i];
+                    if (attr.name.includes(":") && !attr.name.startsWith("xmlns:")) {
+                        const attrPrefix = attr.name.split(":")[0];
+                        // Only process this prefix if we haven't seen it before or it's the root element
+                        if (isRoot || !visitedPrefixes.has(attrPrefix)) {
+                            visitedPrefixes.add(attrPrefix);
+                            const nsUri = allVisibleNamespaces.get(attrPrefix);
+                            if (nsUri && !usedNamespaces.has(attrPrefix)) {
+                                usedNamespaces.set(attrPrefix, nsUri);
+                            }
+                        }
+                    }
+                }
+                // Include namespaces from inclusivePrefixList
+                for (const prefix of inclusivePrefixList) {
+                    const nsUri = allVisibleNamespaces.get(prefix);
+                    if (nsUri && !usedNamespaces.has(prefix)) {
+                        usedNamespaces.set(prefix, nsUri);
+                    }
+                }
+                // Process child nodes
+                for (let i = 0; i < currentNode.childNodes.length; i++) {
+                    processNode(currentNode.childNodes[i], false);
+                }
+            }
+        }
+        processNode(node, true); // Start with root = true
+        return usedNamespaces;
+    }
+    static isBase64Element(node) {
+        if (node.nodeType !== NODE_TYPES.ELEMENT_NODE)
+            return false;
+        const element = node;
+        const localName = element.localName || element.nodeName.split(":").pop() || "";
+        return this.base64Elements.has(localName);
+    }
+    // Method to analyze whitespace in document
+    static analyzeWhitespace(node) {
+        // If node is a document, use the document element
+        const rootNode = node.nodeType === NODE_TYPES.ELEMENT_NODE ? node : node.documentElement;
+        function analyzeNode(node) {
+            if (node.nodeType === NODE_TYPES.ELEMENT_NODE) {
+                // Initialize whitespace info
+                node._whitespace = {
+                    hasMixedContent: false,
+                    hasExistingLinebreaks: false,
+                    originalContent: {},
+                };
+                const children = Array.from(node.childNodes);
+                let hasTextContent = false;
+                let hasElementContent = false;
+                let hasLinebreaks = false;
+                // First, check if there's any non-whitespace text content
+                for (const child of children) {
+                    if (child.nodeType === NODE_TYPES.TEXT_NODE) {
+                        const text = child.nodeValue || "";
+                        if (text.trim().length > 0) {
+                            hasTextContent = true;
+                            break;
+                        }
+                    }
+                }
+                // Second, check if there are any element children
+                for (const child of children) {
+                    if (child.nodeType === NODE_TYPES.ELEMENT_NODE) {
+                        hasElementContent = true;
+                        break;
+                    }
+                }
+                // Now process all children and analyze recursively
+                for (let i = 0; i < children.length; i++) {
+                    const child = children[i];
+                    if (child.nodeType === NODE_TYPES.TEXT_NODE) {
+                        const text = child.nodeValue || "";
+                        // Store original text
+                        child._originalText = text;
+                        // Check for linebreaks in text
+                        if (text.includes("\n")) {
+                            hasLinebreaks = true;
+                        }
+                    }
+                    else if (child.nodeType === NODE_TYPES.ELEMENT_NODE) {
+                        // Recursively analyze child elements
+                        analyzeNode(child);
+                    }
+                }
+                // Set mixed content flag - true if there's both text content and element children
+                node._whitespace.hasMixedContent = hasTextContent && hasElementContent;
+                node._whitespace.hasExistingLinebreaks = hasLinebreaks;
+            }
+        }
+        analyzeNode(rootNode);
+    }
+    // Standard canonicalization method
+    canonicalize(node, visibleNamespaces = new Map(), options = { isStartingNode: true }) {
+        if (!node)
+            return "";
+        let result = "";
+        if (node.nodeType === NODE_TYPES.ELEMENT_NODE) {
+            // Create a new map for this element's visible namespaces
+            const elementVisibleNamespaces = new Map(visibleNamespaces);
+            const element = node;
+            // Collect namespaces declared on this element
+            // Handle default namespace
+            const xmlnsAttr = element.getAttribute("xmlns");
+            if (xmlnsAttr !== null) {
+                elementVisibleNamespaces.set("", xmlnsAttr);
+            }
+            // Handle prefixed namespaces
+            const nsAttrs = element.attributes;
+            for (let i = 0; i < nsAttrs.length; i++) {
+                const attr = nsAttrs[i];
+                if (attr.name.startsWith("xmlns:")) {
+                    const prefix = attr.name.substring(6);
+                    elementVisibleNamespaces.set(prefix, attr.value);
+                }
+            }
+            // Prepare the element's start tag
+            const prefix = element.prefix || "";
+            const localName = element.localName || element.nodeName.split(":").pop() || "";
+            const qName = prefix ? `${prefix}:${localName}` : localName;
+            result += "<" + qName;
+            // Handle namespaces based on whether it's the starting node
+            if (options.isStartingNode) {
+                // Collect all namespaces in scope for this element
+                const allNamespaces = XMLCanonicalizer.collectNamespaces(node);
+                // Include all namespaces that are in scope, sorted appropriately
+                const nsEntries = Array.from(allNamespaces.entries()).sort((a, b) => {
+                    if (a[0] === "")
+                        return -1;
+                    if (b[0] === "")
+                        return 1;
+                    return a[0].localeCompare(b[0]);
+                });
+                for (const [prefix, uri] of nsEntries) {
+                    if (prefix === "") {
+                        result += ` xmlns="${uri}"`;
+                    }
+                    else {
+                        result += ` xmlns:${prefix}="${uri}"`;
+                    }
+                }
+            }
+            else {
+                // For non-starting nodes, only include newly declared namespaces
+                const nsEntries = Array.from(elementVisibleNamespaces.entries())
+                    .filter(([p, uri]) => {
+                    // Include if:
+                    // 1. It's not in the parent's visible namespaces, or
+                    // 2. The URI is different from parent's
+                    return !visibleNamespaces.has(p) || visibleNamespaces.get(p) !== uri;
+                })
+                    .sort((a, b) => {
+                    if (a[0] === "")
+                        return -1;
+                    if (b[0] === "")
+                        return 1;
+                    return a[0].localeCompare(b[0]);
+                });
+                for (const [prefix, uri] of nsEntries) {
+                    if (prefix === "") {
+                        result += ` xmlns="${uri}"`;
+                    }
+                    else {
+                        result += ` xmlns:${prefix}="${uri}"`;
+                    }
+                }
+            }
+            // Handle attributes (sorted lexicographically)
+            const elementAttrs = element.attributes;
+            const attrArray = [];
+            for (let i = 0; i < elementAttrs.length; i++) {
+                const attr = elementAttrs[i];
+                if (!attr.name.startsWith("xmlns")) {
+                    attrArray.push(attr);
+                }
+            }
+            attrArray.sort((a, b) => a.name.localeCompare(b.name));
+            for (const attr of attrArray) {
+                result += ` ${attr.name}="${XMLCanonicalizer.escapeXml(attr.value)}"`;
+            }
+            result += ">";
+            // Process children
+            const children = Array.from(node.childNodes);
+            let hasElementChildren = false;
+            let lastWasElement = false;
+            const hasMixedContent = node._whitespace?.hasMixedContent || false;
+            // First pass to determine if we have element children
+            for (const child of children) {
+                if (child.nodeType === NODE_TYPES.ELEMENT_NODE) {
+                    hasElementChildren = true;
+                    break;
+                }
+            }
+            // Check if we need to add a newline for c14n11
+            // Don't add newlines for mixed content
+            const needsInitialNewline = this.method.isCanonicalizationMethod === "c14n11" &&
+                hasElementChildren &&
+                !node._whitespace?.hasExistingLinebreaks &&
+                !hasMixedContent;
+            // Add newline for c14n11 if needed
+            if (needsInitialNewline) {
+                result += this.method.beforeChildren(hasElementChildren, hasMixedContent);
+            }
+            // Process each child
+            for (let i = 0; i < children.length; i++) {
+                const child = children[i];
+                const isElement = child.nodeType === NODE_TYPES.ELEMENT_NODE;
+                const nextChild = i < children.length - 1 ? children[i + 1] : null;
+                nextChild && nextChild.nodeType === NODE_TYPES.ELEMENT_NODE;
+                // Handle text node
+                if (child.nodeType === NODE_TYPES.TEXT_NODE) {
+                    const text = child.nodeValue || "";
+                    if (XMLCanonicalizer.isBase64Element(node)) {
+                        // Special handling for base64 content
+                        result += text.replace(/\r/g, "&#xD;");
+                    }
+                    else {
+                        // Use the original text exactly as it was
+                        result += child._originalText || text;
+                    }
+                    lastWasElement = false;
+                    continue;
+                }
+                // Handle element node
+                if (isElement) {
+                    // Add newline between elements if needed for c14n11
+                    // Don't add newlines for mixed content
+                    if (lastWasElement &&
+                        this.method.isCanonicalizationMethod === "c14n11" &&
+                        !node._whitespace?.hasExistingLinebreaks &&
+                        !hasMixedContent) {
+                        result += this.method.betweenChildren(true, true, hasMixedContent);
+                    }
+                    // Recursively canonicalize the child element
+                    result += this.canonicalize(child, elementVisibleNamespaces, {
+                        isStartingNode: false,
+                    });
+                    lastWasElement = true;
+                }
+            }
+            // Add final newline for c14n11 if needed
+            // Don't add newlines for mixed content
+            if (needsInitialNewline) {
+                result += this.method.afterChildren(hasElementChildren, hasMixedContent);
+            }
+            result += "</" + qName + ">";
+        }
+        else if (node.nodeType === NODE_TYPES.TEXT_NODE) {
+            // For standalone text nodes
+            const text = node._originalText || node.nodeValue || "";
+            result += XMLCanonicalizer.escapeXml(text);
+        }
+        return result;
+    }
+    // Exclusive canonicalization implementation
+    canonicalizeExclusive(node, visibleNamespaces = new Map(), options = {}) {
+        if (!node)
+            return "";
+        const { inclusiveNamespacePrefixList = [], isStartingNode = true } = options;
+        let result = "";
+        if (node.nodeType === NODE_TYPES.ELEMENT_NODE) {
+            const element = node;
+            // First, collect all namespaces that are visible at this point
+            const allVisibleNamespaces = XMLCanonicalizer.collectNamespaces(element);
+            // Then, determine which namespaces are actually used in this subtree
+            const usedNamespaces = isStartingNode
+                ? XMLCanonicalizer.collectUsedNamespaces(element, allVisibleNamespaces, inclusiveNamespacePrefixList)
+                : new Map(); // For child elements, don't add any more namespaces
+            // Start the element opening tag
+            const prefix = element.prefix || "";
+            const localName = element.localName || element.nodeName.split(":").pop() || "";
+            const qName = prefix ? `${prefix}:${localName}` : localName;
+            result += "<" + qName;
+            // Add namespace declarations for used namespaces (only at the top level)
+            if (isStartingNode) {
+                const nsEntries = Array.from(usedNamespaces.entries()).sort((a, b) => {
+                    if (a[0] === "")
+                        return -1;
+                    if (b[0] === "")
+                        return 1;
+                    return a[0].localeCompare(b[0]);
+                });
+                for (const [prefix, uri] of nsEntries) {
+                    if (prefix === "") {
+                        result += ` xmlns="${uri}"`;
+                    }
+                    else {
+                        result += ` xmlns:${prefix}="${uri}"`;
+                    }
+                }
+            }
+            // Add attributes (sorted lexicographically)
+            const elementAttrs = element.attributes;
+            const attrArray = [];
+            for (let i = 0; i < elementAttrs.length; i++) {
+                const attr = elementAttrs[i];
+                if (!attr.name.startsWith("xmlns")) {
+                    attrArray.push(attr);
+                }
+            }
+            attrArray.sort((a, b) => a.name.localeCompare(b.name));
+            for (const attr of attrArray) {
+                result += ` ${attr.name}="${XMLCanonicalizer.escapeXml(attr.value)}"`;
+            }
+            result += ">";
+            // Process child nodes
+            const children = Array.from(node.childNodes);
+            for (let i = 0; i < children.length; i++) {
+                const child = children[i];
+                if (child.nodeType === NODE_TYPES.TEXT_NODE) {
+                    const text = child.nodeValue || "";
+                    if (XMLCanonicalizer.isBase64Element(node)) {
+                        // Special handling for base64 content
+                        result += text.replace(/\r/g, "&#xD;");
+                    }
+                    else {
+                        // Regular text handling
+                        result += XMLCanonicalizer.escapeXml(text);
+                    }
+                }
+                else if (child.nodeType === NODE_TYPES.ELEMENT_NODE) {
+                    // Recursively process child elements
+                    // For child elements, we pass the namespaces from the parent but mark as non-root
+                    result += this.canonicalizeExclusive(child, new Map([...visibleNamespaces, ...usedNamespaces]), // Pass all namespaces to children
+                    {
+                        inclusiveNamespacePrefixList,
+                        isStartingNode: false, // Mark as non-starting node
+                    });
+                }
+            }
+            // Close the element
+            result += "</" + qName + ">";
+        }
+        else if (node.nodeType === NODE_TYPES.TEXT_NODE) {
+            // Handle standalone text node
+            const text = node.nodeValue || "";
+            result += XMLCanonicalizer.escapeXml(text);
+        }
+        return result;
+    }
+    // Static methods for canonicalization
+    static c14n(node) {
+        // First analyze document whitespace
+        this.analyzeWhitespace(node);
+        // Then create canonicalizer and process the node
+        const canonicalizer = new XMLCanonicalizer(methods.c14n);
+        return canonicalizer.canonicalize(node);
+    }
+    static c14n11(node) {
+        // First analyze document whitespace
+        this.analyzeWhitespace(node);
+        // Then create canonicalizer and process the node
+        const canonicalizer = new XMLCanonicalizer(methods.c14n11);
+        return canonicalizer.canonicalize(node);
+    }
+    static c14n_exc(node, inclusiveNamespacePrefixList = []) {
+        // First analyze document whitespace
+        this.analyzeWhitespace(node);
+        // Create canonicalizer and process the node with exclusive canonicalization
+        const canonicalizer = new XMLCanonicalizer(methods.c14n_exc);
+        return canonicalizer.canonicalizeExclusive(node, new Map(), {
+            inclusiveNamespacePrefixList,
+        });
+    }
+    // Method that takes URI directly
+    static canonicalize(node, methodUri, options = {}) {
+        // Get the method from the URI
+        const methodKey = CANONICALIZATION_METHODS[methodUri] ||
+            CANONICALIZATION_METHODS.default;
+        switch (methodKey) {
+            case "c14n":
+                return this.c14n(node);
+            case "c14n11":
+                return this.c14n11(node);
+            case "c14n_exc":
+                return this.c14n_exc(node, options.inclusiveNamespacePrefixList || []);
+            default:
+                throw new Error(`Unsupported canonicalization method: ${methodUri}`);
+        }
+    }
+}
+XMLCanonicalizer.base64Elements = new Set([
+    "DigestValue",
+    "X509Certificate",
+    "EncapsulatedTimeStamp",
+    "EncapsulatedOCSPValue",
+    "IssuerSerialV2",
+]);
+
+/**
+ * Format a certificate string as a proper PEM certificate
+ * @param certBase64 Base64-encoded certificate
+ * @returns Formatted PEM certificate
+ */
+function formatPEM$1(certBase64) {
+    if (!certBase64)
+        return "";
+    // Remove any whitespace from the base64 string
+    const cleanBase64 = certBase64.replace(/\s+/g, "");
+    // Split the base64 into lines of 64 characters
+    const lines = [];
+    for (let i = 0; i < cleanBase64.length; i += 64) {
+        lines.push(cleanBase64.substring(i, i + 64));
+    }
+    // Format as PEM certificate
+    return `-----BEGIN CERTIFICATE-----\n${lines.join("\n")}\n-----END CERTIFICATE-----`;
+}
+/**
+ * Extract subject information from an X.509 certificate
+ * @param certificate X509Certificate instance
+ * @returns Signer information object
+ */
+function extractSignerInfo(certificate) {
+    const result = {
+        validFrom: certificate.notBefore,
+        validTo: certificate.notAfter,
+        issuer: {},
+    };
+    // Try to extract fields using various approaches
+    // Approach 1: Try direct access to typed subject properties
+    try {
+        if (typeof certificate.subject === "object" && certificate.subject !== null) {
+            // Handle subject properties
+            const subject = certificate.subject;
+            result.commonName = subject.commonName;
+            result.organization = subject.organizationName;
+            result.country = subject.countryName;
+        }
+        // Handle issuer properties
+        if (typeof certificate.issuer === "object" && certificate.issuer !== null) {
+            const issuer = certificate.issuer;
+            result.issuer.commonName = issuer.commonName;
+            result.issuer.organization = issuer.organizationName;
+            result.issuer.country = issuer.countryName;
+        }
+    }
+    catch (e) {
+        console.warn("Could not extract subject/issuer as objects:", e);
+    }
+    // Approach 2: Parse subject/issuer as strings if they are strings
+    try {
+        if (typeof certificate.subject === "string") {
+            const subjectStr = certificate.subject;
+            // Parse the string format (usually CN=name,O=org,C=country)
+            const subjectParts = subjectStr.split(",");
+            for (const part of subjectParts) {
+                const [key, value] = part.trim().split("=");
+                if (key === "CN")
+                    result.commonName = result.commonName || value;
+                if (key === "O")
+                    result.organization = result.organization || value;
+                if (key === "C")
+                    result.country = result.country || value;
+                if (key === "SN")
+                    result.surname = value;
+                if (key === "G" || key === "GN")
+                    result.givenName = value;
+                if (key === "SERIALNUMBER" || key === "2.5.4.5")
+                    result.serialNumber = value?.replace("PNOLV-", "");
+            }
+        }
+        if (typeof certificate.issuer === "string") {
+            const issuerStr = certificate.issuer;
+            // Parse the string format
+            const issuerParts = issuerStr.split(",");
+            for (const part of issuerParts) {
+                const [key, value] = part.trim().split("=");
+                if (key === "CN")
+                    result.issuer.commonName = result.issuer.commonName || value;
+                if (key === "O")
+                    result.issuer.organization = result.issuer.organization || value;
+                if (key === "C")
+                    result.issuer.country = result.issuer.country || value;
+            }
+        }
+    }
+    catch (e) {
+        console.warn("Could not extract subject/issuer as strings:", e);
+    }
+    // Approach 3: Try to use getField method if available
+    try {
+        if ("subjectName" in certificate && certificate.subjectName?.getField) {
+            const subjectName = certificate.subjectName;
+            // Only set if not already set from previous approaches
+            result.commonName = result.commonName || subjectName.getField("CN")?.[0];
+            result.surname = result.surname || subjectName.getField("SN")?.[0];
+            result.givenName = result.givenName || subjectName.getField("G")?.[0];
+            result.serialNumber =
+                result.serialNumber || subjectName.getField("2.5.4.5")?.[0]?.replace("PNOLV-", "");
+            result.country = result.country || subjectName.getField("C")?.[0];
+            result.organization = result.organization || subjectName.getField("O")?.[0];
+        }
+    }
+    catch (e) {
+        console.warn("Could not extract fields using getField method:", e);
+    }
+    // Get the serial number from the certificate if not found in subject
+    if (!result.serialNumber && certificate.serialNumber) {
+        result.serialNumber = certificate.serialNumber;
+    }
+    return result;
+}
+/**
+ * Parse a certificate from base64 data
+ * @param certData Base64-encoded certificate data
+ * @returns Parsed certificate information
+ */
+async function parseCertificate(certData) {
+    try {
+        let pemCert = certData;
+        // Check if it's already in PEM format, if not, convert it
+        if (!certData.includes("-----BEGIN CERTIFICATE-----")) {
+            // Only clean non-PEM format data before conversion
+            const cleanedCertData = certData.replace(/[\r\n\s]/g, "");
+            pemCert = formatPEM$1(cleanedCertData);
+        }
+        const cert = new x509.X509Certificate(pemCert);
+        const signerInfo = extractSignerInfo(cert);
+        return {
+            subject: {
+                commonName: signerInfo.commonName,
+                organization: signerInfo.organization,
+                country: signerInfo.country,
+                surname: signerInfo.surname,
+                givenName: signerInfo.givenName,
+                serialNumber: signerInfo.serialNumber,
+            },
+            validFrom: signerInfo.validFrom,
+            validTo: signerInfo.validTo,
+            issuer: signerInfo.issuer,
+            serialNumber: cert.serialNumber,
+        };
+    }
+    catch (error) {
+        console.error("Certificate parsing error:", error);
+        throw new Error("Failed to parse certificate: " + (error instanceof Error ? error.message : String(error)));
+    }
+}
+/**
+ * Check if a certificate was valid at a specific time
+ * @param cert Certificate object or info
+ * @param checkTime The time to check validity against (defaults to current time)
+ * @returns Validity check result
+ */
+function checkCertificateValidity(cert, checkTime = new Date()) {
+    // Extract validity dates based on input type
+    const validFrom = "notBefore" in cert ? cert.notBefore : cert.validFrom;
+    const validTo = "notAfter" in cert ? cert.notAfter : cert.validTo;
+    // Check if certificate is valid at the specified time
+    if (checkTime < validFrom) {
+        return {
+            isValid: false,
+            reason: `Certificate not yet valid. Valid from ${validFrom.toISOString()}`,
+        };
+    }
+    if (checkTime > validTo) {
+        return {
+            isValid: false,
+            reason: `Certificate expired. Valid until ${validTo.toISOString()}`,
+        };
+    }
+    return { isValid: true };
+}
+/**
+ * Helper function to get signer display name from certificate
+ * @param certInfo Certificate information
+ * @returns Formatted display name
+ */
+function getSignerDisplayName(certInfo) {
+    const { subject } = certInfo;
+    if (subject.givenName && subject.surname) {
+        return `${subject.givenName} ${subject.surname}`;
+    }
+    if (subject.commonName) {
+        return subject.commonName;
+    }
+    // Fallback to serial number if available
+    return subject.serialNumber || "Unknown Signer";
+}
+/**
+ * Helper function to format certificate validity period in a human-readable format
+ * @param certInfo Certificate information
+ * @returns Formatted validity period
+ */
+function formatValidityPeriod(certInfo) {
+    const { validFrom, validTo } = certInfo;
+    const formatDate = (date) => {
+        return date.toLocaleDateString(undefined, {
+            year: "numeric",
+            month: "long",
+            day: "numeric",
+        });
+    };
+    return `${formatDate(validFrom)} to ${formatDate(validTo)}`;
+}
+
+// src/core/parser/certificateUtils.ts
+/**
+ * Format a certificate string as a proper PEM certificate
+ * @param certBase64 Base64-encoded certificate
+ * @returns Formatted PEM certificate
+ */
+function formatPEM(certBase64) {
+    if (!certBase64)
+        return "";
+    // Remove any whitespace from the base64 string
+    const cleanBase64 = certBase64.replace(/\s+/g, "");
+    // Split the base64 into lines of 64 characters
+    const lines = [];
+    for (let i = 0; i < cleanBase64.length; i += 64) {
+        lines.push(cleanBase64.substring(i, i + 64));
+    }
+    // Format as PEM certificate
+    return `-----BEGIN CERTIFICATE-----\n${lines.join("\n")}\n-----END CERTIFICATE-----`;
+}
+
+// src/core/parser/signatureParser.ts
+/**
+ * Find signature files in the eDoc container
+ * @param files Map of filenames to file contents
+ * @returns Array of signature filenames
+ */
+function findSignatureFiles(files) {
+    // Signature files are typically named with patterns like:
+    // - signatures0.xml
+    // - META-INF/signatures*.xml
+    return Array.from(files.keys()).filter((filename) => filename.match(/META-INF\/signatures\d*\.xml$/) ||
+        filename.match(/META-INF\/.*signatures.*\.xml$/i));
+}
+/**
+ * Parse a signature file that contains a single signature
+ * @param xmlContent The XML file content
+ * @param filename The filename (for reference)
+ * @returns The parsed signature with raw XML content
+ */
+function parseSignatureFile(xmlContent, filename) {
+    const text = new TextDecoder().decode(xmlContent);
+    const parser = createXMLParser();
+    const xmlDoc = parser.parseFromString(text, "application/xml");
+    // Using our querySelector helper to find the signature element
+    const signatureElements = querySelectorAll(xmlDoc, "ds\\:Signature, Signature");
+    if (signatureElements.length === 0) {
+        console.warn(`No Signature elements found in ${filename}`);
+        // If we have ASiC-XAdES format, try to find signatures differently
+        if (text.includes("XAdESSignatures")) {
+            const rootElement = xmlDoc.documentElement;
+            // Try direct DOM traversal
+            if (rootElement) {
+                // Look for Signature elements as direct children
+                const directSignature = querySelector(rootElement, "ds\\:Signature, Signature");
+                if (directSignature) {
+                    let signatureInfo = parseSignatureElement(directSignature, xmlDoc);
+                    signatureInfo.rawXml = text;
+                    return signatureInfo;
+                }
+            }
+            // Fallback: parse as text
+            const mockSignature = parseBasicSignatureFromText(text);
+            if (mockSignature) {
+                return {
+                    ...mockSignature,
+                    rawXml: text,
+                };
+            }
+        }
+        return null;
+    }
+    // Parse the signature and add the raw XML
+    let signatureInfo = parseSignatureElement(signatureElements[0], xmlDoc);
+    signatureInfo.rawXml = text;
+    return signatureInfo;
+}
+/**
+ * Parse a single signature element using a browser-like approach
+ * @param signatureElement The signature element to parse
+ * @param xmlDoc The parent XML document
+ * @returns Parsed signature information
+ */
+function parseSignatureElement(signatureElement, xmlDoc) {
+    // Get signature ID
+    const signatureId = signatureElement.getAttribute("Id") || "unknown";
+    // Find SignedInfo just like in browser code
+    const signedInfo = querySelector(signatureElement, "ds\\:SignedInfo, SignedInfo");
+    //const signedInfo = queryByXPath(signatureElement, ".//*[local-name()='SignedInfo']");
+    if (!signedInfo) {
+        throw new Error("SignedInfo element not found");
+    }
+    // Get the canonicalization method
+    const c14nMethodEl = querySelector(signedInfo, "ds\\:CanonicalizationMethod, CanonicalizationMethod");
+    let canonicalizationMethod = CANONICALIZATION_METHODS.default;
+    if (c14nMethodEl) {
+        canonicalizationMethod = c14nMethodEl.getAttribute("Algorithm") || canonicalizationMethod;
+    }
+    // // Serialize the SignedInfo element to XML string
+    // let signedInfoXml = "";
+    // try {
+    //   // Use the serializeToXML utility function which handles browser/Node environments
+    //   signedInfoXml = serializeToXML(signedInfo);
+    // } catch (e) {
+    //   console.warn("Could not serialize SignedInfo element:", e);
+    // }
+    // Serialize the SignedInfo element to XML string
+    let signedInfoXml = "";
+    signedInfoXml = serializeToXML(signedInfo);
+    // try {
+    //   // First check if signedInfo is a valid node
+    //   if (!signedInfo) {
+    //     console.warn("SignedInfo element is undefined or null");
+    //     signedInfoXml = "";
+    //   } else if (signedInfo.nodeType === undefined) {
+    //     console.warn("SignedInfo doesn't appear to be a valid XML node:", signedInfo);
+    //     signedInfoXml = "";
+    //   } else {
+    //     // Try to use XMLSerializer if available in browser
+    //     if (typeof window !== "undefined" && window.XMLSerializer) {
+    //       signedInfoXml = new window.XMLSerializer().serializeToString(signedInfo);
+    //     } else {
+    //       // Node.js environment - use xmldom only
+    //       const xmldom = require("@xmldom/xmldom");
+    //       const serializer = new xmldom.XMLSerializer();
+    //       signedInfoXml = serializer.serializeToString(signedInfo);
+    //     }
+    //   }
+    // } catch (e) {
+    //   console.warn("Could not serialize SignedInfo element:", e);
+    // }
+    // Get signature method
+    const signatureMethod = querySelector(signedInfo, "ds\\:SignatureMethod, SignatureMethod");
+    const signatureAlgorithm = signatureMethod?.getAttribute("Algorithm") || "";
+    // Get signature value
+    const signatureValueEl = querySelector(signatureElement, "ds\\:SignatureValue, SignatureValue");
+    const signatureValue = signatureValueEl?.textContent?.replace(/\s+/g, "") || "";
+    // Get certificate
+    const certElement = querySelector(signatureElement, "ds\\:X509Certificate, X509Certificate");
+    let certificate = "";
+    let certificatePEM = "";
+    let signerInfo = undefined;
+    let publicKey = undefined;
+    if (!certElement) {
+        // Try to find via KeyInfo path
+        const keyInfo = querySelector(signatureElement, "ds\\:KeyInfo, KeyInfo");
+        if (keyInfo) {
+            const x509Data = querySelector(keyInfo, "ds\\:X509Data, X509Data");
+            if (x509Data) {
+                const nestedCert = querySelector(x509Data, "ds\\:X509Certificate, X509Certificate");
+                if (nestedCert) {
+                    certificate = nestedCert.textContent?.replace(/\s+/g, "") || "";
+                }
+            }
+        }
+    }
+    else {
+        certificate = certElement.textContent?.replace(/\s+/g, "") || "";
+    }
+    if (certificate) {
+        certificatePEM = formatPEM(certificate);
+        // Extract public key and signer info
+        try {
+            const x509$1 = new x509.X509Certificate(certificatePEM);
+            const algorithm = x509$1.publicKey.algorithm;
+            publicKey = {
+                algorithm: algorithm.name,
+                ...("namedCurve" in algorithm
+                    ? {
+                        namedCurve: algorithm.namedCurve,
+                    }
+                    : {}),
+                rawData: x509$1.publicKey.rawData,
+            };
+            // Extract signer information from certificate
+            signerInfo = extractSignerInfo(x509$1);
+        }
+        catch (error) {
+            console.error("Failed to extract certificate information:", error);
+        }
+    }
+    // Get signing time
+    const signingTimeElement = querySelector(xmlDoc, "xades\\:SigningTime, SigningTime");
+    const signingTime = signingTimeElement && signingTimeElement.textContent
+        ? new Date(signingTimeElement.textContent.trim())
+        : new Date();
+    // Get references and checksums
+    const references = [];
+    const signedChecksums = {};
+    const referenceElements = querySelectorAll(signedInfo, "ds\\:Reference, Reference");
+    for (const reference of referenceElements) {
+        const uri = reference.getAttribute("URI") || "";
+        const type = reference.getAttribute("Type") || "";
+        // Skip references that don't point to files or are SignedProperties
+        if (!uri || uri.startsWith("#") || type.includes("SignedProperties")) {
+            continue;
+        }
+        // Decode URI if needed (handle URL encoding like Sample%20File.pdf)
+        let decodedUri = uri;
+        try {
+            decodedUri = decodeURIComponent(uri);
+        }
+        catch (e) {
+            console.error(`Failed to decode URI: ${uri}`, e);
+        }
+        // Clean up URI
+        const cleanUri = decodedUri.startsWith("./") ? decodedUri.substring(2) : decodedUri;
+        references.push(cleanUri);
+        // Find DigestValue
+        const digestValueEl = querySelector(reference, "ds\\:DigestValue, DigestValue");
+        if (digestValueEl && digestValueEl.textContent) {
+            signedChecksums[cleanUri] = digestValueEl.textContent.replace(/\s+/g, "");
+        }
+    }
+    return {
+        id: signatureId,
+        signingTime,
+        certificate,
+        certificatePEM,
+        publicKey,
+        signerInfo,
+        signedChecksums,
+        references,
+        algorithm: signatureAlgorithm,
+        signatureValue,
+        signedInfoXml,
+        canonicalizationMethod,
+    };
+}
+/**
+ * Fallback for creating a basic signature from text when DOM parsing fails
+ * @param xmlText The full XML text
+ * @returns A basic signature or null if parsing fails
+ */
+function parseBasicSignatureFromText(xmlText) {
+    try {
+        // Extract signature ID
+        const idMatch = xmlText.match(/<ds:Signature[^>]*Id=["']([^"']*)["']/);
+        const id = idMatch && idMatch[1] ? idMatch[1] : "unknown";
+        // Extract signature value
+        const sigValueMatch = xmlText.match(/<ds:SignatureValue[^>]*>([\s\S]*?)<\/ds:SignatureValue>/);
+        const signatureValue = sigValueMatch && sigValueMatch[1] ? sigValueMatch[1].replace(/\s+/g, "") : "";
+        // Extract certificate
+        const certMatch = xmlText.match(/<ds:X509Certificate>([\s\S]*?)<\/ds:X509Certificate>/);
+        const certificate = certMatch && certMatch[1] ? certMatch[1].replace(/\s+/g, "") : "";
+        // Extract algorithm
+        const algoMatch = xmlText.match(/<ds:SignatureMethod[^>]*Algorithm=["']([^"']*)["']/);
+        const algorithm = algoMatch && algoMatch[1] ? algoMatch[1] : "";
+        // Extract signing time
+        const timeMatch = xmlText.match(/<xades:SigningTime>([\s\S]*?)<\/xades:SigningTime>/);
+        const signingTime = timeMatch && timeMatch[1] ? new Date(timeMatch[1].trim()) : new Date();
+        // Extract references
+        const references = [];
+        const signedChecksums = {};
+        // Use regex to find all references
+        const refRegex = /<ds:Reference[^>]*URI=["']([^#][^"']*)["'][^>]*>[\s\S]*?<ds:DigestValue>([\s\S]*?)<\/ds:DigestValue>/g;
+        let refMatch;
+        while ((refMatch = refRegex.exec(xmlText)) !== null) {
+            if (refMatch[1] && !refMatch[1].startsWith("#")) {
+                const uri = decodeURIComponent(refMatch[1]);
+                references.push(uri);
+                if (refMatch[2]) {
+                    signedChecksums[uri] = refMatch[2].replace(/\s+/g, "");
+                }
+            }
+        }
+        // Format the PEM certificate
+        const certificatePEM = formatPEM(certificate);
+        return {
+            id,
+            signingTime,
+            certificate,
+            certificatePEM,
+            signedChecksums,
+            references,
+            algorithm,
+            signatureValue,
+        };
+    }
+    catch (error) {
+        console.error("Error in fallback text parsing:", error);
+        return null;
+    }
+}
+
+/**
+ * Parse an eDoc container from a buffer
+ * @param edocBuffer The raw eDoc file content
+ * @returns Parsed container with files, document file list, metadata file list, signed file list, and signatures
+ */
+function parseEdoc(edocBuffer) {
+    try {
+        // Unzip the eDoc container
+        const unzipped = fflate.unzipSync(edocBuffer);
+        // Convert to Maps for easier access
+        const files = new Map();
+        const documentFileList = [];
+        const metadataFileList = [];
+        Object.entries(unzipped).forEach(([filename, content]) => {
+            files.set(filename, content);
+            // Separate files into document and metadata categories
+            if (filename.startsWith("META-INF/") || filename === "mimetype") {
+                metadataFileList.push(filename);
+            }
+            else {
+                documentFileList.push(filename);
+            }
+        });
+        // Find and parse signatures
+        const signatures = [];
+        const signatureFiles = findSignatureFiles(files);
+        const signedFileSet = new Set();
+        for (const sigFile of signatureFiles) {
+            const sigContent = files.get(sigFile);
+            if (sigContent) {
+                try {
+                    // Parse signatures from the file - could contain multiple
+                    const fileSignature = parseSignatureFile(sigContent, sigFile);
+                    if (fileSignature) {
+                        signatures.push(fileSignature);
+                        // Add referenced files to the set of signed files
+                        if (fileSignature.references && fileSignature.references.length > 0) {
+                            fileSignature.references.forEach((ref) => {
+                                // Only add files that actually exist in the container
+                                if (files.has(ref)) {
+                                    signedFileSet.add(ref);
+                                }
+                            });
+                        }
+                    }
+                }
+                catch (error) {
+                    console.error(`Error parsing signature ${sigFile}:`, error);
+                }
+            }
+        }
+        const signedFileList = Array.from(signedFileSet);
+        return {
+            files,
+            documentFileList,
+            metadataFileList,
+            signedFileList,
+            signatures,
+        };
+    }
+    catch (error) {
+        throw new Error(`Failed to parse eDoc container: ${error instanceof Error ? error.message : String(error)}`);
+    }
+}
+
+/**
+ * Detects if code is running in a browser environment
+ * @returns true if in browser, false otherwise
+ */
+function isBrowser() {
+    return (typeof window !== "undefined" &&
+        typeof window.crypto !== "undefined" &&
+        typeof window.crypto.subtle !== "undefined");
+}
+/**
+ * Compute a digest (hash) of file content with browser/node compatibility
+ * @param fileContent The file content as Uint8Array
+ * @param algorithm The digest algorithm to use (e.g., 'SHA-256')
+ * @returns Promise with Base64-encoded digest
+ */
+async function computeDigest(fileContent, algorithm) {
+    // Normalize algorithm name
+    const normalizedAlgo = algorithm.replace(/-/g, "").toLowerCase();
+    let hashAlgo;
+    // Map algorithm URIs to crypto algorithm names
+    if (normalizedAlgo.includes("sha256")) {
+        hashAlgo = "sha256";
+    }
+    else if (normalizedAlgo.includes("sha1")) {
+        hashAlgo = "sha1";
+    }
+    else if (normalizedAlgo.includes("sha384")) {
+        hashAlgo = "sha384";
+    }
+    else if (normalizedAlgo.includes("sha512")) {
+        hashAlgo = "sha512";
+    }
+    else {
+        throw new Error(`Unsupported digest algorithm: ${algorithm}`);
+    }
+    if (isBrowser()) {
+        return browserDigest(fileContent, hashAlgo);
+    }
+    else {
+        return nodeDigest(fileContent, hashAlgo);
+    }
+}
+/**
+ * Compute digest using Web Crypto API in browser
+ * @param fileContent Uint8Array of file content
+ * @param hashAlgo Normalized hash algorithm name
+ * @returns Promise with Base64-encoded digest
+ */
+async function browserDigest(fileContent, hashAlgo) {
+    // Map to Web Crypto API algorithm names
+    const browserAlgoMap = {
+        sha1: "SHA-1",
+        sha256: "SHA-256",
+        sha384: "SHA-384",
+        sha512: "SHA-512",
+    };
+    const browserAlgo = browserAlgoMap[hashAlgo];
+    if (!browserAlgo) {
+        throw new Error(`Unsupported browser digest algorithm: ${hashAlgo}`);
+    }
+    const hashBuffer = await window.crypto.subtle.digest(browserAlgo, fileContent);
+    // Convert ArrayBuffer to Base64
+    const hashArray = Array.from(new Uint8Array(hashBuffer));
+    const hashBase64 = btoa(String.fromCharCode.apply(null, hashArray));
+    return hashBase64;
+}
+/**
+ * Compute digest using Node.js crypto module
+ * @param fileContent Uint8Array of file content
+ * @param hashAlgo Normalized hash algorithm name
+ * @returns Promise with Base64-encoded digest
+ */
+function nodeDigest(fileContent, hashAlgo) {
+    return new Promise((resolve, reject) => {
+        try {
+            // Dynamically import Node.js crypto
+            const crypto = require("crypto");
+            const hash = crypto.createHash(hashAlgo);
+            hash.update(Buffer.from(fileContent));
+            resolve(hash.digest("base64"));
+        }
+        catch (error) {
+            reject(new Error(`Node digest computation failed: ${error instanceof Error ? error.message : String(error)}`));
+        }
+    });
+}
+/**
+ * Verify checksums of files against signature
+ * @param signature The signature information
+ * @param files Map of filenames to file contents
+ * @returns Promise with verification results for each file
+ */
+async function verifyChecksums(signature, files) {
+    const results = {};
+    let allValid = true;
+    // Determine hash algorithm from signature algorithm or use default
+    let digestAlgorithm = "SHA-256";
+    if (signature.algorithm) {
+        if (signature.algorithm.includes("sha1")) {
+            digestAlgorithm = "SHA-1";
+        }
+        else if (signature.algorithm.includes("sha384")) {
+            digestAlgorithm = "SHA-384";
+        }
+        else if (signature.algorithm.includes("sha512")) {
+            digestAlgorithm = "SHA-512";
+        }
+    }
+    const checksumPromises = Object.entries(signature.signedChecksums).map(async ([filename, expectedChecksum]) => {
+        // Check if file exists in the container
+        const fileContent = files.get(filename);
+        if (!fileContent) {
+            // File not found - this could be due to URI encoding or path format
+            // Try to find by file basename
+            const basename = filename.includes("/") ? filename.split("/").pop() : filename;
+            let foundMatch = false;
+            if (basename) {
+                for (const [containerFilename, content] of files.entries()) {
+                    if (containerFilename.endsWith(basename)) {
+                        // Found a match by basename
+                        const actualChecksum = await computeDigest(content, digestAlgorithm);
+                        const matches = expectedChecksum === actualChecksum;
+                        results[filename] = {
+                            expected: expectedChecksum,
+                            actual: actualChecksum,
+                            matches,
+                            fileFound: true,
+                        };
+                        if (!matches)
+                            allValid = false;
+                        foundMatch = true;
+                        break;
+                    }
+                }
+            }
+            if (!foundMatch) {
+                // Really not found
+                results[filename] = {
+                    expected: expectedChecksum,
+                    actual: "",
+                    matches: false,
+                    fileFound: false,
+                };
+                allValid = false;
+            }
+        }
+        else {
+            // File found directly - verify checksum
+            const actualChecksum = await computeDigest(fileContent, digestAlgorithm);
+            const matches = expectedChecksum === actualChecksum;
+            results[filename] = {
+                expected: expectedChecksum,
+                actual: actualChecksum,
+                matches,
+                fileFound: true,
+            };
+            if (!matches)
+                allValid = false;
+        }
+    });
+    // Wait for all checksums to be verified
+    await Promise.all(checksumPromises);
+    return {
+        isValid: allValid,
+        details: results,
+    };
+}
+/**
+ * Verify certificate validity
+ * @param certificatePEM PEM-formatted certificate
+ * @param verifyTime Time to check validity against
+ * @returns Certificate verification result
+ */
+async function verifyCertificate(certificatePEM, verifyTime = new Date()) {
+    try {
+        const cert = new x509.X509Certificate(certificatePEM);
+        const validityResult = checkCertificateValidity(cert, verifyTime);
+        // Parse certificate info
+        const certInfo = await parseCertificate(certificatePEM);
+        return {
+            isValid: validityResult.isValid,
+            reason: validityResult.reason,
+            info: certInfo,
+        };
+    }
+    catch (error) {
+        return {
+            isValid: false,
+            reason: `Certificate parsing error: ${error instanceof Error ? error.message : String(error)}`,
+        };
+    }
+}
+/**
+ * Safely get the crypto.subtle implementation in either browser or Node.js
+ * @returns The SubtleCrypto interface
+ */
+function getCryptoSubtle() {
+    if (isBrowser()) {
+        return window.crypto.subtle;
+    }
+    else {
+        // In Node.js environment
+        return crypto.subtle;
+    }
+}
+/**
+ * Base64 decode a string in a cross-platform way
+ * @param base64 Base64 encoded string
+ * @returns Uint8Array of decoded bytes
+ */
+function base64ToUint8Array(base64) {
+    if (typeof atob === "function") {
+        // Browser approach
+        const binaryString = atob(base64);
+        const bytes = new Uint8Array(binaryString.length);
+        for (let i = 0; i < binaryString.length; i++) {
+            bytes[i] = binaryString.charCodeAt(i);
+        }
+        return bytes;
+    }
+    else {
+        // Node.js approach
+        const buffer = Buffer.from(base64, "base64");
+        return new Uint8Array(buffer);
+    }
+}
+/**
+ * Verify the XML signature specifically using SignedInfo and SignatureValue
+ * @param signatureXml The XML string of the SignedInfo element
+ * @param signatureValue The base64-encoded signature value
+ * @param publicKeyData The public key raw data
+ * @param algorithm Key algorithm details
+ * @param canonicalizationMethod The canonicalization method used
+ * @returns Signature verification result
+ */
+async function verifySignedInfo(signatureXml, signatureValue, publicKeyData, algorithm, canonicalizationMethod) {
+    try {
+        // Parse the SignedInfo XML
+        const parser = createXMLParser();
+        const xmlDoc = parser.parseFromString(signatureXml, "application/xml");
+        const signedInfo = querySelector(xmlDoc, "ds:SignedInfo");
+        if (!signedInfo) {
+            return {
+                isValid: false,
+                reason: "SignedInfo element not found in provided XML",
+            };
+        }
+        // Determine canonicalization method
+        const c14nMethod = canonicalizationMethod || CANONICALIZATION_METHODS.default;
+        // Canonicalize the SignedInfo element
+        const canonicalizedSignedInfo = XMLCanonicalizer.canonicalize(signedInfo, c14nMethod);
+        // Clean up signature value (remove whitespace)
+        const cleanSignatureValue = signatureValue.replace(/\s+/g, "");
+        // Convert base64 signature to binary
+        let signatureBytes;
+        try {
+            signatureBytes = base64ToUint8Array(cleanSignatureValue);
+        }
+        catch (error) {
+            return {
+                isValid: false,
+                reason: `Failed to decode signature value: ${error instanceof Error ? error.message : String(error)}`,
+            };
+        }
+        // Import the public key
+        let publicKey;
+        try {
+            const subtle = getCryptoSubtle();
+            publicKey = await subtle.importKey("spki", publicKeyData, algorithm, false, ["verify"]);
+        }
+        catch (error) {
+            return {
+                isValid: false,
+                reason: `Failed to import public key: ${error instanceof Error ? error.message : String(error)}`,
+            };
+        }
+        // Verify the signature
+        const signedData = new TextEncoder().encode(canonicalizedSignedInfo);
+        try {
+            const subtle = getCryptoSubtle();
+            const result = await subtle.verify(algorithm, publicKey, signatureBytes, signedData);
+            return {
+                isValid: result,
+                reason: result ? undefined : "Signature verification failed",
+            };
+        }
+        catch (error) {
+            return {
+                isValid: false,
+                reason: `Signature verification error: ${error instanceof Error ? error.message : String(error)}`,
+            };
+        }
+    }
+    catch (error) {
+        return {
+            isValid: false,
+            reason: `SignedInfo verification error: ${error instanceof Error ? error.message : String(error)}`,
+        };
+    }
+}
+/**
+ * Verify a complete signature (certificate, checksums, and signature)
+ * @param signatureInfo Signature information
+ * @param files File contents
+ * @param options Verification options
+ * @returns Complete verification result
+ */
+async function verifySignature(signatureInfo, files, options = {}) {
+    const errors = [];
+    // Verify certificate
+    const certResult = await verifyCertificate(signatureInfo.certificatePEM, options.verifyTime || signatureInfo.signingTime);
+    // Verify checksums
+    const checksumResult = options.verifyChecksums !== false
+        ? await verifyChecksums(signatureInfo, files)
+        : { isValid: true, details: {} };
+    // Verify XML signature if we have the necessary components
+    let signatureResult = { isValid: true };
+    if (options.verifySignatures !== false &&
+        signatureInfo.rawXml &&
+        signatureInfo.signatureValue &&
+        signatureInfo.publicKey) {
+        // Determine algorithm
+        const algorithm = signatureInfo.algorithm || "";
+        const keyAlgorithm = {
+            name: "RSASSA-PKCS1-v1_5",
+            hash: "SHA-256",
+        };
+        if (algorithm.includes("ecdsa-sha256")) {
+            keyAlgorithm.name = "ECDSA";
+            keyAlgorithm.hash = "SHA-256";
+            if (signatureInfo.publicKey.namedCurve) {
+                keyAlgorithm.namedCurve = signatureInfo.publicKey.namedCurve;
+            }
+        }
+        else if (algorithm.includes("rsa-sha1")) {
+            keyAlgorithm.hash = "SHA-1";
+        }
+        signatureResult = await verifySignedInfo(signatureInfo.rawXml, signatureInfo.signatureValue, signatureInfo.publicKey.rawData, keyAlgorithm, signatureInfo.canonicalizationMethod);
+        if (!signatureResult.isValid) {
+            errors.push(signatureResult.reason || "XML signature verification failed");
+        }
+    }
+    else if (options.verifySignatures !== false) {
+        // Missing information for signature verification
+        const missingComponents = [];
+        if (!signatureInfo.rawXml)
+            missingComponents.push("Signature XML");
+        if (!signatureInfo.signatureValue)
+            missingComponents.push("SignatureValue");
+        if (!signatureInfo.publicKey)
+            missingComponents.push("Public Key");
+        errors.push(`Cannot verify XML signature: missing ${missingComponents.join(", ")}`);
+        signatureResult = {
+            isValid: false,
+            reason: `Missing required components: ${missingComponents.join(", ")}`,
+        };
+    }
+    // Determine overall validity
+    const isValid = certResult.isValid && checksumResult.isValid && signatureResult.isValid;
+    // Return the complete result
+    return {
+        isValid,
+        certificate: certResult,
+        checksums: checksumResult,
+        signature: options.verifySignatures !== false ? signatureResult : undefined,
+        errors: errors.length > 0 ? errors : undefined,
+    };
+}
+
+exports.CANONICALIZATION_METHODS = CANONICALIZATION_METHODS;
+exports.XMLCanonicalizer = XMLCanonicalizer;
+exports.formatValidityPeriod = formatValidityPeriod;
+exports.getSignerDisplayName = getSignerDisplayName;
+exports.parseCertificate = parseCertificate;
+exports.parseEdoc = parseEdoc;
+exports.verifyChecksums = verifyChecksums;
+exports.verifySignature = verifySignature;
+//# sourceMappingURL=index.cjs.js.map