edockit 0.2.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/dist/core/timestamp/types.d.ts +3 -1
  3. package/dist/index.cjs.js +20 -5
  4. package/dist/index.cjs.js.map +1 -1
  5. package/dist/index.esm.js +20 -5
  6. package/dist/index.esm.js.map +1 -1
  7. package/dist/index.umd.js +2 -2
  8. package/dist/index.umd.js.map +1 -1
  9. package/package.json +1 -1
package/dist/index.umd.js CHANGED
@@ -1,7 +1,7 @@
1
1
  var rl=Object.defineProperty,il=Object.defineProperties;var ol=Object.getOwnPropertyDescriptors;var ri=Object.getOwnPropertySymbols;var ra=Object.prototype.hasOwnProperty,ia=Object.prototype.propertyIsEnumerable;var ta=(x,R,V)=>R in x?rl(x,R,{enumerable:!0,configurable:!0,writable:!0,value:V}):x[R]=V,T=(x,R)=>{for(var V in R||(R={}))ra.call(R,V)&&ta(x,V,R[V]);if(ri)for(var V of ri(R))ia.call(R,V)&&ta(x,V,R[V]);return x},L=(x,R)=>il(x,ol(R));var D=(x,R)=>{var V={};for(var ie in x)ra.call(x,ie)&&R.indexOf(ie)<0&&(V[ie]=x[ie]);if(x!=null&&ri)for(var ie of ri(x))R.indexOf(ie)<0&&ia.call(x,ie)&&(V[ie]=x[ie]);return V};/*!
2
2
  * MIT License
3
3
  * Copyright (c) 2025 Edgars Jēkabsons, ZenomyTech SIA
4
- */(function(x,R){typeof exports=="object"&&typeof module!="undefined"?R(exports,require("fflate"),require("@peculiar/x509")):typeof define=="function"&&define.amd?define(["exports","fflate","@peculiar/x509"],R):(x=typeof globalThis!="undefined"?globalThis:x||self,R(x.edockit={},x.fflate,x.peculiarX509))})(this,function(x,R,V){"use strict";function ie(r,e){const t=[],i=e.split(",").map(s=>s.trim()),o=[];for(const s of i){const c=s.split(/\\:|:/).filter(Boolean);c.length===1?o.push({name:c[0]}):c.length===2&&o.push({ns:c[0],name:c[1]})}function n(s){if(s){if(s.nodeType===1){const c=s,u=c.nodeName,f=c.localName;for(const p of o){if(p.ns&&u===`${p.ns}:${p.name}`){t.push(c);break}if(f===p.name||u===p.name){t.push(c);break}if(u.endsWith(`:${p.name}`)){t.push(c);break}}}if(s.childNodes)for(let c=0;c<s.childNodes.length;c++)n(s.childNodes[c])}}return n(r),t}const Wo={ds:"http://www.w3.org/2000/09/xmldsig#",dsig11:"http://www.w3.org/2009/xmldsig11#",dsig2:"http://www.w3.org/2010/xmldsig2#",ec:"http://www.w3.org/2001/10/xml-exc-c14n#",dsig_more:"http://www.w3.org/2001/04/xmldsig-more#",xenc:"http://www.w3.org/2001/04/xmlenc#",xenc11:"http://www.w3.org/2009/xmlenc11#",xades:"http://uri.etsi.org/01903/v1.3.2#",xades141:"http://uri.etsi.org/01903/v1.4.1#",asic:"http://uri.etsi.org/02918/v1.2.1#"};function Jo(){if(typeof window!="undefined"&&window.DOMParser)return new window.DOMParser;try{const{DOMParser:r}=require("@xmldom/xmldom");return new r}catch(r){throw new Error("XML DOM parser not available. In Node.js environments, please install @xmldom/xmldom package.")}}function oa(r,e,t=Wo){try{if(typeof document!="undefined"&&document.evaluate){const i=Ko(t);return document.evaluate(e,r,i,XPathResult.FIRST_ORDERED_NODE_TYPE,null).singleNodeValue}else{const i=require("xpath"),o=t;try{const n=i.select(e,r,o);return n.length>0?n[0]:null}catch(n){if(typeof n=="object"&&n!==null&&"message"in n&&typeof n.message=="string"&&n.message.includes("Cannot resolve QName")){const s=e.match(/local-name\(\)='([^']+)'/);if(s&&s[1]){const c=`.//*[local-name()='${s[1]}']`,u=i.select(c,r);return u.length>0?u[0]:null}}throw n}}}catch(i){return console.error(`XPath evaluation failed for "${e}":`,i),null}}function na(r,e,t=Wo){try{if(typeof document!="undefined"&&document.evaluate){const i=Ko(t),o=document.evaluate(e,r,i,XPathResult.ORDERED_NODE_SNAPSHOT_TYPE,null),n=[];for(let s=0;s<o.snapshotLength;s++)n.push(o.snapshotItem(s));return n}else{const i=require("xpath"),o=t;try{return i.select(e,r,o)}catch(n){if(typeof n=="object"&&n!==null&&"message"in n&&typeof n.message=="string"&&n.message.includes("Cannot resolve QName")){const s=e.match(/local-name\(\)='([^']+)'/);if(s&&s[1]){const c=`.//*[local-name()='${s[1]}']`;return i.select(c,r)}}throw n}}}catch(i){return console.error(`XPath evaluation failed for "${e}":`,i),[]}}function Ko(r){return function(e){return e===null?null:r[e]||null}}function Yo(r){const e=r.split(",").map(i=>i.trim()),t=[];for(const i of e){const o=i.split(/\\:|:/).filter(Boolean);o.length===1?t.push(`.//*[local-name()='${o[0]}']`):o.length===2&&t.push(`.//${o[0]}:${o[1]} | .//*[local-name()='${o[1]}']`)}return t.join(" | ")}function K(r,e){if(typeof r.querySelector=="function")try{const i=r.querySelector(e);if(i)return i}catch(i){}const t=ie(r,e);if(t.length>0)return t[0];try{const i=Yo(e);return oa(r,i)}catch(i){return console.warn("XPath query failed, using direct DOM traversal as fallback"),null}}function Xt(r,e){if(typeof r.querySelectorAll=="function")try{const i=r.querySelectorAll(e);if(i.length>0){const o=[];for(let n=0;n<i.length;n++)o.push(i[n]);return o}}catch(i){}const t=ie(r,e);if(t.length>0)return t;try{const i=Yo(e);return na(r,i)}catch(i){return console.warn("XPath query failed, using direct DOM traversal as fallback"),[]}}function sa(r){if(typeof window!="undefined"&&window.XMLSerializer)return new window.XMLSerializer().serializeToString(r);try{const{XMLSerializer:e}=require("@xmldom/xmldom");return new e().serializeToString(r)}catch(e){throw new Error("XML Serializer not available. In Node.js environments, please install @xmldom/xmldom package.")}}const Je={default:"c14n","http://www.w3.org/TR/2001/REC-xml-c14n-20010315":"c14n","http://www.w3.org/2006/12/xml-c14n11":"c14n11","http://www.w3.org/2001/10/xml-exc-c14n#":"c14n_exc"},mt={c14n:{beforeChildren:()=>"",afterChildren:()=>"",betweenChildren:()=>"",afterElement:()=>"",isCanonicalizationMethod:"c14n"},c14n11:{beforeChildren:(r,e)=>e?"":r?`
4
+ */(function(x,R){typeof exports=="object"&&typeof module!="undefined"?R(exports,require("fflate"),require("@peculiar/x509")):typeof define=="function"&&define.amd?define(["exports","fflate","@peculiar/x509"],R):(x=typeof globalThis!="undefined"?globalThis:x||self,R(x.edockit={},x.fflate,x.peculiarX509))})(this,function(x,R,V){"use strict";function ie(r,e){const t=[],i=e.split(",").map(s=>s.trim()),o=[];for(const s of i){const c=s.split(/\\:|:/).filter(Boolean);c.length===1?o.push({name:c[0]}):c.length===2&&o.push({ns:c[0],name:c[1]})}function n(s){if(s){if(s.nodeType===1){const c=s,u=c.nodeName,f=c.localName;for(const p of o){if(p.ns&&u===`${p.ns}:${p.name}`){t.push(c);break}if(f===p.name||u===p.name){t.push(c);break}if(u.endsWith(`:${p.name}`)){t.push(c);break}}}if(s.childNodes)for(let c=0;c<s.childNodes.length;c++)n(s.childNodes[c])}}return n(r),t}const Wo={ds:"http://www.w3.org/2000/09/xmldsig#",dsig11:"http://www.w3.org/2009/xmldsig11#",dsig2:"http://www.w3.org/2010/xmldsig2#",ec:"http://www.w3.org/2001/10/xml-exc-c14n#",dsig_more:"http://www.w3.org/2001/04/xmldsig-more#",xenc:"http://www.w3.org/2001/04/xmlenc#",xenc11:"http://www.w3.org/2009/xmlenc11#",xades:"http://uri.etsi.org/01903/v1.3.2#",xades141:"http://uri.etsi.org/01903/v1.4.1#",asic:"http://uri.etsi.org/02918/v1.2.1#"};function Jo(){if(typeof window!="undefined"&&window.DOMParser)return new window.DOMParser;try{const{DOMParser:r}=require("@xmldom/xmldom");return new r}catch(r){throw new Error("XML DOM parser not available. In Node.js environments, please install @xmldom/xmldom package.")}}function oa(r,e,t=Wo){try{if(typeof document!="undefined"&&typeof document.evaluate=="function"){const i="ownerDocument"in r?r.ownerDocument:r;if(!i||typeof i.evaluate!="function")return null;const o=Ko(t);return i.evaluate(e,r,o,XPathResult.FIRST_ORDERED_NODE_TYPE,null).singleNodeValue}else{const i=require("xpath"),o=t;try{const n=i.select(e,r,o);return n.length>0?n[0]:null}catch(n){if(typeof n=="object"&&n!==null&&"message"in n&&typeof n.message=="string"&&n.message.includes("Cannot resolve QName")){const s=e.match(/local-name\(\)='([^']+)'/);if(s&&s[1]){const c=`.//*[local-name()='${s[1]}']`,u=i.select(c,r);return u.length>0?u[0]:null}}throw n}}}catch(i){return console.error(`XPath evaluation failed for "${e}":`,i),null}}function na(r,e,t=Wo){try{if(typeof document!="undefined"&&typeof document.evaluate=="function"){const i="ownerDocument"in r?r.ownerDocument:r;if(!i||typeof i.evaluate!="function")return[];const o=Ko(t),n=i.evaluate(e,r,o,XPathResult.ORDERED_NODE_SNAPSHOT_TYPE,null),s=[];for(let c=0;c<n.snapshotLength;c++)s.push(n.snapshotItem(c));return s}else{const i=require("xpath"),o=t;try{return i.select(e,r,o)}catch(n){if(typeof n=="object"&&n!==null&&"message"in n&&typeof n.message=="string"&&n.message.includes("Cannot resolve QName")){const s=e.match(/local-name\(\)='([^']+)'/);if(s&&s[1]){const c=`.//*[local-name()='${s[1]}']`;return i.select(c,r)}}throw n}}}catch(i){return console.error(`XPath evaluation failed for "${e}":`,i),[]}}function Ko(r){return function(e){return e===null?null:r[e]||null}}function Yo(r){const e=r.split(",").map(i=>i.trim()),t=[];for(const i of e){const o=i.split(/\\:|:/).filter(Boolean);o.length===1?t.push(`.//*[local-name()='${o[0]}']`):o.length===2&&t.push(`.//${o[0]}:${o[1]} | .//*[local-name()='${o[1]}']`)}return t.join(" | ")}function K(r,e){if(typeof r.querySelector=="function")try{const i=r.querySelector(e);if(i)return i}catch(i){}const t=ie(r,e);if(t.length>0)return t[0];try{const i=Yo(e);return oa(r,i)}catch(i){return console.warn("XPath query failed, using direct DOM traversal as fallback"),null}}function Xt(r,e){if(typeof r.querySelectorAll=="function")try{const i=r.querySelectorAll(e);if(i.length>0){const o=[];for(let n=0;n<i.length;n++)o.push(i[n]);return o}}catch(i){}const t=ie(r,e);if(t.length>0)return t;try{const i=Yo(e);return na(r,i)}catch(i){return console.warn("XPath query failed, using direct DOM traversal as fallback"),[]}}function sa(r){if(typeof window!="undefined"&&window.XMLSerializer)return new window.XMLSerializer().serializeToString(r);try{const{XMLSerializer:e}=require("@xmldom/xmldom");return new e().serializeToString(r)}catch(e){throw new Error("XML Serializer not available. In Node.js environments, please install @xmldom/xmldom package.")}}const Je={default:"c14n","http://www.w3.org/TR/2001/REC-xml-c14n-20010315":"c14n","http://www.w3.org/2006/12/xml-c14n11":"c14n11","http://www.w3.org/2001/10/xml-exc-c14n#":"c14n_exc"},mt={c14n:{beforeChildren:()=>"",afterChildren:()=>"",betweenChildren:()=>"",afterElement:()=>"",isCanonicalizationMethod:"c14n"},c14n11:{beforeChildren:(r,e)=>e?"":r?`
5
5
  `:"",afterChildren:(r,e)=>e?"":r?`
6
6
  `:"",betweenChildren:(r,e,t)=>t?"":r&&e?`
7
7
  `:"",afterElement:()=>"",isCanonicalizationMethod:"c14n11"},c14n_exc:{beforeChildren:()=>"",afterChildren:()=>"",betweenChildren:()=>"",afterElement:()=>"",isCanonicalizationMethod:"c14n_exc"}},H={ELEMENT_NODE:1,TEXT_NODE:3};class P{constructor(e=mt.c14n){this.method=e}static fromMethod(e){const t=Je[e];if(!t)throw new Error(`Unsupported canonicalization method: ${e}`);return new P(mt[t])}setMethod(e){this.method=e}static escapeXml(e){return e.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&apos;")}static collectNamespaces(e,t=new Map){let i=e;for(;i&&i.nodeType===H.ELEMENT_NODE;){const o=i,n=o.getAttribute("xmlns");n!==null&&!t.has("")&&t.set("",n);const s=o.attributes;for(let c=0;c<s.length;c++){const u=s[c];if(u.name.startsWith("xmlns:")){const f=u.name.substring(6);t.has(f)||t.set(f,u.value)}}i=i.parentNode}return t}static collectUsedNamespaces(e,t=new Map,i=[]){const o=new Map,n=new Set;function s(c,u=!1){if(c.nodeType===H.ELEMENT_NODE){const f=c,p=f.namespaceURI,d=f.prefix||"";if(d&&p&&(u||!n.has(d))){n.add(d);const y=t.get(d);y&&y===p&&!o.has(d)&&o.set(d,y)}const w=f.attributes;for(let y=0;y<w.length;y++){const g=w[y];if(g.name.includes(":")&&!g.name.startsWith("xmlns:")){const B=g.name.split(":")[0];if(u||!n.has(B)){n.add(B);const m=t.get(B);m&&!o.has(B)&&o.set(B,m)}}}for(const y of i){const g=t.get(y);g&&!o.has(y)&&o.set(y,g)}for(let y=0;y<c.childNodes.length;y++)s(c.childNodes[y],!1)}}return s(e,!0),o}static isBase64Element(e){if(e.nodeType!==H.ELEMENT_NODE)return!1;const t=e,i=t.localName||t.nodeName.split(":").pop()||"";return this.base64Elements.has(i)}static analyzeWhitespace(e){const t=e.nodeType===H.ELEMENT_NODE?e:e.documentElement;function i(o){if(o.nodeType===H.ELEMENT_NODE){o._whitespace={hasMixedContent:!1,hasExistingLinebreaks:!1,originalContent:{}};const n=Array.from(o.childNodes);let s=!1,c=!1,u=!1;for(const f of n)if(f.nodeType===H.TEXT_NODE&&(f.nodeValue||"").trim().length>0){s=!0;break}for(const f of n)if(f.nodeType===H.ELEMENT_NODE){c=!0;break}for(let f=0;f<n.length;f++){const p=n[f];if(p.nodeType===H.TEXT_NODE){const d=p.nodeValue||"";p._originalText=d,d.includes(`
@@ -78,5 +78,5 @@ ${t.join(`
78
78
  -----END ${e}-----`}var Or=(r,e,t)=>new Promise((i,o)=>{var n=u=>{try{c(t.next(u))}catch(f){o(f)}},s=u=>{try{c(t.throw(u))}catch(f){o(f)}},c=u=>u.done?i(u.value):Promise.resolve(u.value).then(n,s);c((t=t.apply(r,e)).next())});const Vs="1.3.6.1.5.5.7.1.1",Sc="1.3.14.3.2.26";function js(r){return Or(this,null,function*(){if(typeof crypto!="undefined"&&crypto.subtle)return crypto.subtle.digest("SHA-1",r);const e=require("crypto").createHash("sha1");return e.update(Buffer.from(r)),e.digest().buffer})}function Bc(r){try{const e=r.getExtension(Vs);return e?e.ocsp.filter(t=>t.type==="url").map(t=>t.value):[]}catch(e){return[]}}function kc(r){try{const e=r.getExtension(Vs);return e?e.caIssuers.filter(t=>t.type==="url").map(t=>t.value):[]}catch(e){return[]}}function xc(r,e){const t=r.issuer;for(const i of e)try{const o=new V.X509Certificate(i);if(o.subject===t)return o}catch(o){}return null}function Nc(r,e=5e3,t){return Or(this,null,function*(){const i=kc(r);for(const o of i)try{const n=yield wc(o,e,t);if(n.ok&&n.data)try{return new V.X509Certificate(n.data)}catch(s){const c=Ts(n.data);return new V.X509Certificate(c)}}catch(n){}return null})}function Cc(r,e){return Or(this,null,function*(){const t=ce.serialize(e.subjectName.toJSON()),i=yield js(t),o=yield js(e.publicKey.rawData),n=Ac(r.serialNumber),s=new Ne({hashAlgorithm:new k({algorithm:Sc}),issuerNameHash:new C(i),issuerKeyHash:new C(o),serialNumber:n}),c=new Cr({reqCert:s}),u=new qe({requestList:[c]}),f=new no({tbsRequest:u});return ce.serialize(f)})}function Ec(r){const e=new Date;try{const t=ce.parse(r,ao);switch(t.responseStatus){case Ce.successful:break;case Ce.malformedRequest:return{isValid:!1,status:"error",method:"ocsp",reason:"OCSP responder returned: malformed request",checkedAt:e};case Ce.internalError:return{isValid:!1,status:"error",method:"ocsp",reason:"OCSP responder returned: internal error",checkedAt:e};case Ce.tryLater:return{isValid:!1,status:"unknown",method:"ocsp",reason:"OCSP responder returned: try later",checkedAt:e};case Ce.sigRequired:return{isValid:!1,status:"error",method:"ocsp",reason:"OCSP responder requires signature",checkedAt:e};case Ce.unauthorized:return{isValid:!1,status:"error",method:"ocsp",reason:"OCSP responder returned: unauthorized",checkedAt:e};default:return{isValid:!1,status:"error",method:"ocsp",reason:`OCSP responder returned unknown status: ${t.responseStatus}`,checkedAt:e}}if(!t.responseBytes)return{isValid:!1,status:"error",method:"ocsp",reason:"OCSP response has no response bytes",checkedAt:e};const i=ce.parse(t.responseBytes.response.buffer,Vt).tbsResponseData.responses;if(!i||i.length===0)return{isValid:!1,status:"error",method:"ocsp",reason:"OCSP response contains no certificate status",checkedAt:e};const o=i[0].certStatus;return o.good!==void 0?{isValid:!0,status:"good",method:"ocsp",checkedAt:e}:o.revoked?{isValid:!1,status:"revoked",method:"ocsp",reason:o.revoked.revocationReason!==void 0?`Certificate revoked (reason: ${o.revoked.revocationReason})`:"Certificate revoked",revokedAt:o.revoked.revocationTime,checkedAt:e}:o.unknown!==void 0?{isValid:!1,status:"unknown",method:"ocsp",reason:"OCSP responder does not know about this certificate",checkedAt:e}:{isValid:!1,status:"error",method:"ocsp",reason:"Unexpected certificate status in OCSP response",checkedAt:e}}catch(t){return{isValid:!1,status:"error",method:"ocsp",reason:`Failed to parse OCSP response: ${t instanceof Error?t.message:String(t)}`,checkedAt:e}}}function Ic(r,e){return Or(this,arguments,function*(t,i,o={}){const{timeout:n=5e3,certificateChain:s=[],proxyUrl:c}=o,u=new Date,f=Bc(t);if(f.length===0)return{isValid:!1,status:"unknown",method:"ocsp",reason:"Certificate has no OCSP responder URL",checkedAt:u};let p=i;if(p||(p=xc(t,s)),p||(p=yield Nc(t,n,c)),!p)return{isValid:!1,status:"unknown",method:"ocsp",reason:"Could not find or fetch issuer certificate for OCSP",checkedAt:u};let d;try{d=yield Cc(t,p)}catch(w){return{isValid:!1,status:"error",method:"ocsp",reason:`Failed to build OCSP request: ${w instanceof Error?w.message:String(w)}`,checkedAt:u}}for(const w of f)try{const y=yield vc(w,d,n,c);if(y.ok&&y.data)return Ec(y.data)}catch(y){}return{isValid:!1,status:"error",method:"ocsp",reason:"All OCSP requests failed",checkedAt:u}})}var Oc=(r,e,t)=>new Promise((i,o)=>{var n=u=>{try{c(t.next(u))}catch(f){o(f)}},s=u=>{try{c(t.throw(u))}catch(f){o(f)}},c=u=>u.done?i(u.value):Promise.resolve(u.value).then(n,s);c((t=t.apply(r,e)).next())});const Tc="2.5.29.31";function Vc(r){try{const e=r.getExtension(Tc);if(!e)return[];const t=[];for(const i of e.distributionPoints)if(i.distributionPoint){const o=i.distributionPoint;if("fullName"in o&&o.fullName)for(const n of o.fullName)n.uniformResourceIdentifier&&t.push(n.uniformResourceIdentifier)}return t}catch(e){return[]}}function jc(r,e){const t=e.toLowerCase().replace(/^0+(?=.)/,"")||"0";for(const i of r.entries)if((i.serialNumber.toLowerCase().replace(/^0+(?=.)/,"")||"0")===t)return{isRevoked:!0,revokedAt:i.revocationDate,reason:i.reason};return{isRevoked:!1}}function Uc(r){try{return new V.X509Crl(r)}catch(e){try{const t=`-----BEGIN X509 CRL-----
79
79
  ${(Os(r).match(/.{1,64}/g)||[]).join(`
80
80
  `)}
81
- -----END X509 CRL-----`;return new V.X509Crl(t)}catch(t){return null}}}function Dc(r){return Oc(this,arguments,function*(e,t={}){const{timeout:i=1e4,proxyUrl:o}=t,n=new Date,s=Vc(e);if(s.length===0)return{isValid:!1,status:"unknown",method:"crl",reason:"Certificate has no CRL distribution point",checkedAt:n};const c=[];for(const u of s)try{const f=yield mc(u,i,o);if(!f.ok||!f.data){c.push(`${u}: ${f.error||"Failed to fetch"}`);continue}const p=Uc(f.data);if(!p){c.push(`${u}: Failed to parse CRL data`);continue}const d=jc(p,e.serialNumber);return d.isRevoked?{isValid:!1,status:"revoked",method:"crl",reason:d.reason!==void 0?`Certificate revoked (reason code: ${d.reason})`:"Certificate revoked",revokedAt:d.revokedAt,checkedAt:n}:{isValid:!0,status:"good",method:"crl",checkedAt:n}}catch(f){c.push(`${u}: ${f instanceof Error?f.message:String(f)}`)}return{isValid:!1,status:"error",method:"crl",reason:`All CRL checks failed: ${c.join("; ")}`,checkedAt:n}})}var Rc=Object.defineProperty,Us=Object.getOwnPropertySymbols,Lc=Object.prototype.hasOwnProperty,Hc=Object.prototype.propertyIsEnumerable,Ds=(r,e,t)=>e in r?Rc(r,e,{enumerable:!0,configurable:!0,writable:!0,value:t}):r[e]=t,Rs=(r,e)=>{for(var t in e||(e={}))Lc.call(e,t)&&Ds(r,t,e[t]);if(Us)for(var t of Us(e))Hc.call(e,t)&&Ds(r,t,e[t]);return r},$c=(r,e,t)=>new Promise((i,o)=>{var n=u=>{try{c(t.next(u))}catch(f){o(f)}},s=u=>{try{c(t.throw(u))}catch(f){o(f)}},c=u=>u.done?i(u.value):Promise.resolve(u.value).then(n,s);c((t=t.apply(r,e)).next())});function uo(r){return $c(this,arguments,function*(e,t={}){const i=new Date,o=Rs(Rs({},Sa),t);let n;try{n=typeof e=="string"?new V.X509Certificate(e):e}catch(f){return{isValid:!1,status:"error",method:"none",reason:`Failed to parse certificate: ${f instanceof Error?f.message:String(f)}`,checkedAt:i}}let s=null,c=null;if(o.ocspEnabled&&(s=yield Ic(n,null,{timeout:o.ocspTimeout,certificateChain:o.certificateChain,proxyUrl:t.proxyUrl}),s.status==="good"||s.status==="revoked"))return s;if(o.crlEnabled&&(c=yield Dc(n,{timeout:o.crlTimeout,proxyUrl:t.proxyUrl}),c.status==="good"||c.status==="revoked"))return c;const u=[];return s!=null&&s.reason&&u.push(`OCSP: ${s.reason}`),c!=null&&c.reason&&u.push(`CRL: ${c.reason}`),{isValid:!1,status:"unknown",method:"none",reason:u.length>0?u.join("; "):"No revocation checking method available",checkedAt:i}})}class at{constructor(e={}){this.issuer=new Z,this.serialNumber=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:Z})],at.prototype,"issuer",void 0),a([l({type:h.Integer,converter:re})],at.prototype,"serialNumber",void 0);let ct=class{constructor(e={}){Object.assign(this,e)}};a([l({type:Ot,context:0,implicit:!0})],ct.prototype,"subjectKeyIdentifier",void 0),a([l({type:at})],ct.prototype,"issuerAndSerialNumber",void 0),ct=a([A({type:v.Choice})],ct);var Ee;(function(r){r[r.v0=0]="v0",r[r.v1=1]="v1",r[r.v2=2]="v2",r[r.v3=3]="v3",r[r.v4=4]="v4",r[r.v5=5]="v5"})(Ee||(Ee={}));let jt=class extends k{};jt=a([A({type:v.Sequence})],jt);let Tr=class extends k{};Tr=a([A({type:v.Sequence})],Tr);let we=class extends k{};we=a([A({type:v.Sequence})],we);let Vr=class extends k{};Vr=a([A({type:v.Sequence})],Vr);let Ls=class extends k{};Ls=a([A({type:v.Sequence})],Ls);let fo=class extends k{};fo=a([A({type:v.Sequence})],fo);class Ut{constructor(e={}){this.attrType="",this.attrValues=[],Object.assign(this,e)}}a([l({type:h.ObjectIdentifier})],Ut.prototype,"attrType",void 0),a([l({type:h.Any,repeated:"set"})],Ut.prototype,"attrValues",void 0);var ho;class Ie{constructor(e={}){this.version=Ee.v0,this.sid=new ct,this.digestAlgorithm=new jt,this.signatureAlgorithm=new Tr,this.signature=new C,Object.assign(this,e)}}a([l({type:h.Integer})],Ie.prototype,"version",void 0),a([l({type:ct})],Ie.prototype,"sid",void 0),a([l({type:jt})],Ie.prototype,"digestAlgorithm",void 0),a([l({type:Ut,repeated:"set",context:0,implicit:!0,optional:!0,raw:!0})],Ie.prototype,"signedAttrs",void 0),a([l({type:Tr})],Ie.prototype,"signatureAlgorithm",void 0),a([l({type:C})],Ie.prototype,"signature",void 0),a([l({type:Ut,repeated:"set",context:1,implicit:!0,optional:!0})],Ie.prototype,"unsignedAttrs",void 0);let jr=ho=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,ho.prototype)}};jr=ho=a([A({type:v.Set,itemType:Ie})],jr);let Hs=class extends Ie{};Hs=a([A({type:v.Sequence})],Hs);let $s=class extends z{};$s=a([A({type:v.Choice})],$s);class po{constructor(e={}){this.acIssuer=new E,this.acSerial=0,this.attrs=[],Object.assign(this,e)}}a([l({type:E})],po.prototype,"acIssuer",void 0),a([l({type:h.Integer})],po.prototype,"acSerial",void 0),a([l({type:It,repeated:"sequence"})],po.prototype,"attrs",void 0);var yo;let Ur=yo=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,yo.prototype)}};Ur=yo=a([A({type:v.Sequence,itemType:h.ObjectIdentifier})],Ur);class Dr{constructor(e={}){this.permitUnSpecified=!0,Object.assign(this,e)}}a([l({type:h.Integer,optional:!0})],Dr.prototype,"pathLenConstraint",void 0),a([l({type:Ur,implicit:!0,context:0,optional:!0})],Dr.prototype,"permittedAttrs",void 0),a([l({type:Ur,implicit:!0,context:1,optional:!0})],Dr.prototype,"excludedAttrs",void 0),a([l({type:h.Boolean,defaultValue:!0})],Dr.prototype,"permitUnSpecified",void 0);class Fe{constructor(e={}){this.issuer=new ue,this.serial=new ArrayBuffer(0),this.issuerUID=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:ue})],Fe.prototype,"issuer",void 0),a([l({type:h.Integer,converter:re})],Fe.prototype,"serial",void 0),a([l({type:h.BitString,optional:!0})],Fe.prototype,"issuerUID",void 0);var go;(function(r){r[r.publicKey=0]="publicKey",r[r.publicKeyCert=1]="publicKeyCert",r[r.otherObjectTypes=2]="otherObjectTypes"})(go||(go={}));class Ge{constructor(e={}){this.digestedObjectType=go.publicKey,this.digestAlgorithm=new k,this.objectDigest=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:h.Enumerated})],Ge.prototype,"digestedObjectType",void 0),a([l({type:h.ObjectIdentifier,optional:!0})],Ge.prototype,"otherObjectTypeID",void 0),a([l({type:k})],Ge.prototype,"digestAlgorithm",void 0),a([l({type:h.BitString})],Ge.prototype,"objectDigest",void 0);class Rr{constructor(e={}){Object.assign(this,e)}}a([l({type:ue,optional:!0})],Rr.prototype,"issuerName",void 0),a([l({type:Fe,context:0,implicit:!0,optional:!0})],Rr.prototype,"baseCertificateID",void 0),a([l({type:Ge,context:1,implicit:!0,optional:!0})],Rr.prototype,"objectDigestInfo",void 0);let lt=class{constructor(e={}){Object.assign(this,e)}};a([l({type:E,repeated:"sequence"})],lt.prototype,"v1Form",void 0),a([l({type:Rr,context:0,implicit:!0})],lt.prototype,"v2Form",void 0),lt=a([A({type:v.Choice})],lt);class Lr{constructor(e={}){this.notBeforeTime=new Date,this.notAfterTime=new Date,Object.assign(this,e)}}a([l({type:h.GeneralizedTime})],Lr.prototype,"notBeforeTime",void 0),a([l({type:h.GeneralizedTime})],Lr.prototype,"notAfterTime",void 0);class Dt{constructor(e={}){Object.assign(this,e)}}a([l({type:Fe,implicit:!0,context:0,optional:!0})],Dt.prototype,"baseCertificateID",void 0),a([l({type:ue,implicit:!0,context:1,optional:!0})],Dt.prototype,"entityName",void 0),a([l({type:Ge,implicit:!0,context:2,optional:!0})],Dt.prototype,"objectDigestInfo",void 0);var vo;(function(r){r[r.v2=1]="v2"})(vo||(vo={}));class he{constructor(e={}){this.version=vo.v2,this.holder=new Dt,this.issuer=new lt,this.signature=new k,this.serialNumber=new ArrayBuffer(0),this.attrCertValidityPeriod=new Lr,this.attributes=[],Object.assign(this,e)}}a([l({type:h.Integer})],he.prototype,"version",void 0),a([l({type:Dt})],he.prototype,"holder",void 0),a([l({type:lt})],he.prototype,"issuer",void 0),a([l({type:k})],he.prototype,"signature",void 0),a([l({type:h.Integer,converter:re})],he.prototype,"serialNumber",void 0),a([l({type:Lr})],he.prototype,"attrCertValidityPeriod",void 0),a([l({type:It,repeated:"sequence"})],he.prototype,"attributes",void 0),a([l({type:h.BitString,optional:!0})],he.prototype,"issuerUniqueID",void 0),a([l({type:rt,optional:!0})],he.prototype,"extensions",void 0);class Hr{constructor(e={}){this.acinfo=new he,this.signatureAlgorithm=new k,this.signatureValue=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:he})],Hr.prototype,"acinfo",void 0),a([l({type:k})],Hr.prototype,"signatureAlgorithm",void 0),a([l({type:h.BitString})],Hr.prototype,"signatureValue",void 0);var $r;(function(r){r[r.unmarked=1]="unmarked",r[r.unclassified=2]="unclassified",r[r.restricted=4]="restricted",r[r.confidential=8]="confidential",r[r.secret=16]="secret",r[r.topSecret=32]="topSecret"})($r||($r={}));class mo extends pr{}class wo{constructor(e={}){this.type="",this.value=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:h.ObjectIdentifier,implicit:!0,context:0})],wo.prototype,"type",void 0),a([l({type:h.Any,implicit:!0,context:1})],wo.prototype,"value",void 0);class bo{constructor(e={}){this.policyId="",this.classList=new mo($r.unclassified),Object.assign(this,e)}}a([l({type:h.ObjectIdentifier})],bo.prototype,"policyId",void 0),a([l({type:mo,defaultValue:new mo($r.unclassified)})],bo.prototype,"classList",void 0),a([l({type:wo,repeated:"set"})],bo.prototype,"securityCategories",void 0);class Mr{constructor(e={}){Object.assign(this,e)}}a([l({type:C})],Mr.prototype,"cotets",void 0),a([l({type:h.ObjectIdentifier})],Mr.prototype,"oid",void 0),a([l({type:h.Utf8String})],Mr.prototype,"string",void 0);class Ms{constructor(e={}){this.values=[],Object.assign(this,e)}}a([l({type:ue,implicit:!0,context:0,optional:!0})],Ms.prototype,"policyAuthority",void 0),a([l({type:Mr,repeated:"sequence"})],Ms.prototype,"values",void 0);var Ao;class Pr{constructor(e={}){this.targetCertificate=new Fe,Object.assign(this,e)}}a([l({type:Fe})],Pr.prototype,"targetCertificate",void 0),a([l({type:E,optional:!0})],Pr.prototype,"targetName",void 0),a([l({type:Ge,optional:!0})],Pr.prototype,"certDigestInfo",void 0);let ut=class{constructor(e={}){Object.assign(this,e)}};a([l({type:E,context:0,implicit:!0})],ut.prototype,"targetName",void 0),a([l({type:E,context:1,implicit:!0})],ut.prototype,"targetGroup",void 0),a([l({type:Pr,context:2,implicit:!0})],ut.prototype,"targetCert",void 0),ut=a([A({type:v.Choice})],ut);let So=Ao=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,Ao.prototype)}};So=Ao=a([A({type:v.Sequence,itemType:ut})],So);var Bo;let Ps=Bo=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,Bo.prototype)}};Ps=Bo=a([A({type:v.Sequence,itemType:So})],Ps);class _s{constructor(e={}){Object.assign(this,e)}}a([l({type:ue,implicit:!0,context:0,optional:!0})],_s.prototype,"roleAuthority",void 0),a([l({type:E,implicit:!0,context:1})],_s.prototype,"roleName",void 0);class ko{constructor(e={}){this.service=new E,this.ident=new E,Object.assign(this,e)}}a([l({type:E})],ko.prototype,"service",void 0),a([l({type:E})],ko.prototype,"ident",void 0),a([l({type:C,optional:!0})],ko.prototype,"authInfo",void 0);var xo;class No{constructor(e={}){this.otherCertFormat="",this.otherCert=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:h.ObjectIdentifier})],No.prototype,"otherCertFormat",void 0),a([l({type:h.Any})],No.prototype,"otherCert",void 0);let ft=class{constructor(e={}){Object.assign(this,e)}};a([l({type:it})],ft.prototype,"certificate",void 0),a([l({type:Hr,context:2,implicit:!0})],ft.prototype,"v2AttrCert",void 0),a([l({type:No,context:3,implicit:!0})],ft.prototype,"other",void 0),ft=a([A({type:v.Choice})],ft);let _r=xo=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,xo.prototype)}};_r=xo=a([A({type:v.Set,itemType:ft})],_r);class qr{constructor(e={}){this.contentType="",this.content=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:h.ObjectIdentifier})],qr.prototype,"contentType",void 0),a([l({type:h.Any,context:0})],qr.prototype,"content",void 0);let Rt=class{constructor(e={}){Object.assign(this,e)}};a([l({type:C})],Rt.prototype,"single",void 0),a([l({type:h.Any})],Rt.prototype,"any",void 0),Rt=a([A({type:v.Choice})],Rt);class Fr{constructor(e={}){this.eContentType="",Object.assign(this,e)}}a([l({type:h.ObjectIdentifier})],Fr.prototype,"eContentType",void 0),a([l({type:Rt,context:0,optional:!0})],Fr.prototype,"eContent",void 0);let Lt=class{constructor(e={}){Object.assign(this,e)}};a([l({type:C,context:0,implicit:!0,optional:!0})],Lt.prototype,"value",void 0),a([l({type:C,converter:Ka,context:0,implicit:!0,optional:!0,repeated:"sequence"})],Lt.prototype,"constructedValue",void 0),Lt=a([A({type:v.Choice})],Lt);class Ht{constructor(e={}){this.contentType="",this.contentEncryptionAlgorithm=new Vr,Object.assign(this,e)}}a([l({type:h.ObjectIdentifier})],Ht.prototype,"contentType",void 0),a([l({type:Vr})],Ht.prototype,"contentEncryptionAlgorithm",void 0),a([l({type:Lt,optional:!0})],Ht.prototype,"encryptedContent",void 0);class Gr{constructor(e={}){this.keyAttrId="",Object.assign(this,e)}}a([l({type:h.ObjectIdentifier})],Gr.prototype,"keyAttrId",void 0),a([l({type:h.Any,optional:!0})],Gr.prototype,"keyAttr",void 0);var Co;class zr{constructor(e={}){this.subjectKeyIdentifier=new Ot,Object.assign(this,e)}}a([l({type:Ot})],zr.prototype,"subjectKeyIdentifier",void 0),a([l({type:h.GeneralizedTime,optional:!0})],zr.prototype,"date",void 0),a([l({type:Gr,optional:!0})],zr.prototype,"other",void 0);let ht=class{constructor(e={}){Object.assign(this,e)}};a([l({type:zr,context:0,implicit:!0,optional:!0})],ht.prototype,"rKeyId",void 0),a([l({type:at,optional:!0})],ht.prototype,"issuerAndSerialNumber",void 0),ht=a([A({type:v.Choice})],ht);class Eo{constructor(e={}){this.rid=new ht,this.encryptedKey=new C,Object.assign(this,e)}}a([l({type:ht})],Eo.prototype,"rid",void 0),a([l({type:C})],Eo.prototype,"encryptedKey",void 0);let Xr=Co=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,Co.prototype)}};Xr=Co=a([A({type:v.Sequence,itemType:Eo})],Xr);class Io{constructor(e={}){this.algorithm=new k,this.publicKey=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:k})],Io.prototype,"algorithm",void 0),a([l({type:h.BitString})],Io.prototype,"publicKey",void 0);let ze=class{constructor(e={}){Object.assign(this,e)}};a([l({type:Ot,context:0,implicit:!0,optional:!0})],ze.prototype,"subjectKeyIdentifier",void 0),a([l({type:Io,context:1,implicit:!0,optional:!0})],ze.prototype,"originatorKey",void 0),a([l({type:at,optional:!0})],ze.prototype,"issuerAndSerialNumber",void 0),ze=a([A({type:v.Choice})],ze);class pt{constructor(e={}){this.version=Ee.v3,this.originator=new ze,this.keyEncryptionAlgorithm=new we,this.recipientEncryptedKeys=new Xr,Object.assign(this,e)}}a([l({type:h.Integer})],pt.prototype,"version",void 0),a([l({type:ze,context:0})],pt.prototype,"originator",void 0),a([l({type:C,context:1,optional:!0})],pt.prototype,"ukm",void 0),a([l({type:we})],pt.prototype,"keyEncryptionAlgorithm",void 0),a([l({type:Xr})],pt.prototype,"recipientEncryptedKeys",void 0);let dt=class{constructor(e={}){Object.assign(this,e)}};a([l({type:Ot,context:0,implicit:!0})],dt.prototype,"subjectKeyIdentifier",void 0),a([l({type:at})],dt.prototype,"issuerAndSerialNumber",void 0),dt=a([A({type:v.Choice})],dt);class $t{constructor(e={}){this.version=Ee.v0,this.rid=new dt,this.keyEncryptionAlgorithm=new we,this.encryptedKey=new C,Object.assign(this,e)}}a([l({type:h.Integer})],$t.prototype,"version",void 0),a([l({type:dt})],$t.prototype,"rid",void 0),a([l({type:we})],$t.prototype,"keyEncryptionAlgorithm",void 0),a([l({type:C})],$t.prototype,"encryptedKey",void 0);class Mt{constructor(e={}){this.keyIdentifier=new C,Object.assign(this,e)}}a([l({type:C})],Mt.prototype,"keyIdentifier",void 0),a([l({type:h.GeneralizedTime,optional:!0})],Mt.prototype,"date",void 0),a([l({type:Gr,optional:!0})],Mt.prototype,"other",void 0);class Pt{constructor(e={}){this.version=Ee.v4,this.kekid=new Mt,this.keyEncryptionAlgorithm=new we,this.encryptedKey=new C,Object.assign(this,e)}}a([l({type:h.Integer})],Pt.prototype,"version",void 0),a([l({type:Mt})],Pt.prototype,"kekid",void 0),a([l({type:we})],Pt.prototype,"keyEncryptionAlgorithm",void 0),a([l({type:C})],Pt.prototype,"encryptedKey",void 0);class _t{constructor(e={}){this.version=Ee.v0,this.keyEncryptionAlgorithm=new we,this.encryptedKey=new C,Object.assign(this,e)}}a([l({type:h.Integer})],_t.prototype,"version",void 0),a([l({type:fo,context:0,optional:!0})],_t.prototype,"keyDerivationAlgorithm",void 0),a([l({type:we})],_t.prototype,"keyEncryptionAlgorithm",void 0),a([l({type:C})],_t.prototype,"encryptedKey",void 0);class Oo{constructor(e={}){this.oriType="",this.oriValue=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:h.ObjectIdentifier})],Oo.prototype,"oriType",void 0),a([l({type:h.Any})],Oo.prototype,"oriValue",void 0);let Ve=class{constructor(e={}){Object.assign(this,e)}};a([l({type:$t,optional:!0})],Ve.prototype,"ktri",void 0),a([l({type:pt,context:1,implicit:!0,optional:!0})],Ve.prototype,"kari",void 0),a([l({type:Pt,context:2,implicit:!0,optional:!0})],Ve.prototype,"kekri",void 0),a([l({type:_t,context:3,implicit:!0,optional:!0})],Ve.prototype,"pwri",void 0),a([l({type:Oo,context:4,implicit:!0,optional:!0})],Ve.prototype,"ori",void 0),Ve=a([A({type:v.Choice})],Ve);var To;let Wr=To=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,To.prototype)}};Wr=To=a([A({type:v.Set,itemType:Ve})],Wr);var Vo;class Jr{constructor(e={}){this.otherRevInfoFormat="",this.otherRevInfo=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:h.ObjectIdentifier})],Jr.prototype,"otherRevInfoFormat",void 0),a([l({type:h.Any})],Jr.prototype,"otherRevInfo",void 0);let Kr=class{constructor(e={}){this.other=new Jr,Object.assign(this,e)}};a([l({type:Jr,context:1,implicit:!0})],Kr.prototype,"other",void 0),Kr=a([A({type:v.Choice})],Kr);let Yr=Vo=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,Vo.prototype)}};Yr=Vo=a([A({type:v.Set,itemType:Kr})],Yr);class jo{constructor(e={}){Object.assign(this,e)}}a([l({type:_r,context:0,implicit:!0,optional:!0})],jo.prototype,"certs",void 0),a([l({type:Yr,context:1,implicit:!0,optional:!0})],jo.prototype,"crls",void 0);var Uo;let Do=Uo=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,Uo.prototype)}};Do=Uo=a([A({type:v.Set,itemType:Ut})],Do);class qt{constructor(e={}){this.version=Ee.v0,this.recipientInfos=new Wr,this.encryptedContentInfo=new Ht,Object.assign(this,e)}}a([l({type:h.Integer})],qt.prototype,"version",void 0),a([l({type:jo,context:0,implicit:!0,optional:!0})],qt.prototype,"originatorInfo",void 0),a([l({type:Wr})],qt.prototype,"recipientInfos",void 0),a([l({type:Ht})],qt.prototype,"encryptedContentInfo",void 0),a([l({type:Do,context:1,implicit:!0,optional:!0})],qt.prototype,"unprotectedAttrs",void 0);var Ro;let Zr=Ro=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,Ro.prototype)}};Zr=Ro=a([A({type:v.Set,itemType:jt})],Zr);class Xe{constructor(e={}){this.version=Ee.v0,this.digestAlgorithms=new Zr,this.encapContentInfo=new Fr,this.signerInfos=new jr,Object.assign(this,e)}}a([l({type:h.Integer})],Xe.prototype,"version",void 0),a([l({type:Zr})],Xe.prototype,"digestAlgorithms",void 0),a([l({type:Fr})],Xe.prototype,"encapContentInfo",void 0),a([l({type:_r,context:0,implicit:!0,optional:!0})],Xe.prototype,"certificates",void 0),a([l({type:Yr,context:1,implicit:!0,optional:!0})],Xe.prototype,"crls",void 0),a([l({type:jr})],Xe.prototype,"signerInfos",void 0);class Qr{constructor(e={}){this.seconds=0,Object.assign(this,e)}}a([l({type:h.Integer,optional:!0})],Qr.prototype,"seconds",void 0),a([l({type:h.Integer,context:0,implicit:!0,optional:!0})],Qr.prototype,"millis",void 0),a([l({type:h.Integer,context:1,implicit:!0,optional:!0})],Qr.prototype,"micros",void 0);class yt{constructor(e={}){this.hashAlgorithm=new k,this.hashedMessage=new C,Object.assign(this,e)}}a([l({type:k})],yt.prototype,"hashAlgorithm",void 0),a([l({type:C})],yt.prototype,"hashedMessage",void 0);var pe;(function(r){r[r.badAlg=1]="badAlg",r[r.badRequest=2]="badRequest",r[r.badDataFormat=16]="badDataFormat",r[r.timeNotAvailable=8192]="timeNotAvailable",r[r.unacceptedPolicy=16384]="unacceptedPolicy",r[r.unacceptedExtension=32768]="unacceptedExtension",r[r.addInfoNotAvailable=65536]="addInfoNotAvailable",r[r.systemFailure=16777216]="systemFailure"})(pe||(pe={}));class Mc extends pr{toJSON(){const e=this.toNumber(),t=[];return e&pe.addInfoNotAvailable&&t.push("addInfoNotAvailable"),e&pe.badAlg&&t.push("badAlg"),e&pe.badDataFormat&&t.push("badDataFormat"),e&pe.badRequest&&t.push("badRequest"),e&pe.systemFailure&&t.push("systemFailure"),e&pe.systemFailure&&t.push("systemFailure"),e&pe.timeNotAvailable&&t.push("timeNotAvailable"),e&pe.unacceptedExtension&&t.push("unacceptedExtension"),e&pe.unacceptedPolicy&&t.push("unacceptedPolicy"),t}toString(){return`[${this.toJSON().join(", ")}]`}}var Lo;(function(r){r[r.granted=0]="granted",r[r.grantedWithMods=1]="grantedWithMods",r[r.rejection=2]="rejection",r[r.waiting=3]="waiting",r[r.revocationWarning=4]="revocationWarning",r[r.revocationNotification=5]="revocationNotification"})(Lo||(Lo={}));var Ho;let $o=Ho=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,Ho.prototype)}};$o=Ho=a([A({type:v.Sequence,itemType:h.Utf8String})],$o);class Ft{constructor(e={}){this.status=Lo.granted,Object.assign(this,e)}}a([l({type:h.Integer})],Ft.prototype,"status",void 0),a([l({type:$o,optional:!0})],Ft.prototype,"statusString",void 0),a([l({type:Mc,optional:!0})],Ft.prototype,"failInfo",void 0);var Mo;(function(r){r[r.v1=1]="v1"})(Mo||(Mo={}));class gt{constructor(e={}){this.version=Mo.v1,this.messageImprint=new yt,this.certReq=!1,Object.assign(this,e)}}a([l({type:h.Integer})],gt.prototype,"version",void 0),a([l({type:yt})],gt.prototype,"messageImprint",void 0),a([l({type:h.ObjectIdentifier,optional:!0})],gt.prototype,"reqPolicy",void 0),a([l({type:h.Integer,converter:re,optional:!0})],gt.prototype,"nonce",void 0),a([l({type:h.Boolean,defaultValue:!1})],gt.prototype,"certReq",void 0),a([l({type:rt,optional:!0,context:0,implicit:!0})],gt.prototype,"extensions",void 0);let Po=class extends qr{};Po=a([A({type:v.Sequence})],Po);class qs{constructor(e={}){this.status=new Ft,Object.assign(this,e)}}a([l({type:Ft})],qs.prototype,"status",void 0),a([l({type:Po,optional:!0})],qs.prototype,"timeStampToken",void 0);var _o;(function(r){r[r.v1=1]="v1"})(_o||(_o={}));class de{constructor(e={}){this.version=_o.v1,this.policy="",this.messageImprint=new yt,this.serialNumber=new ArrayBuffer(0),this.genTime=new Date,this.ordering=!1,Object.assign(this,e)}}a([l({type:h.Integer})],de.prototype,"version",void 0),a([l({type:h.ObjectIdentifier})],de.prototype,"policy",void 0),a([l({type:yt})],de.prototype,"messageImprint",void 0),a([l({type:h.Integer,converter:re})],de.prototype,"serialNumber",void 0),a([l({type:h.GeneralizedTime})],de.prototype,"genTime",void 0),a([l({type:Qr,optional:!0})],de.prototype,"accuracy",void 0),a([l({type:h.Boolean,defaultValue:!1})],de.prototype,"ordering",void 0),a([l({type:h.Integer,converter:re,optional:!0})],de.prototype,"nonce",void 0),a([l({type:E,context:0,optional:!0})],de.prototype,"tsa",void 0),a([l({type:rt,context:1,implicit:!0,optional:!0})],de.prototype,"extensions",void 0);var qo=(r,e,t)=>new Promise((i,o)=>{var n=u=>{try{c(t.next(u))}catch(f){o(f)}},s=u=>{try{c(t.throw(u))}catch(f){o(f)}},c=u=>u.done?i(u.value):Promise.resolve(u.value).then(n,s);c((t=t.apply(r,e)).next())});const Pc="1.2.840.113549.1.7.2",_c="1.2.840.113549.1.9.16.1.4";function qc(r){return{"1.3.14.3.2.26":"SHA-1","2.16.840.1.101.3.4.2.1":"SHA-256","2.16.840.1.101.3.4.2.2":"SHA-384","2.16.840.1.101.3.4.2.3":"SHA-512"}[r]||r}function Fo(r){try{const e=lo(r),t=ce.parse(e,qr);if(t.contentType!==Pc)return console.warn("Timestamp is not SignedData"),null;const i=ce.parse(t.content,Xe);if(i.encapContentInfo.eContentType!==_c)return console.warn("SignedData does not contain TSTInfo"),null;if(!i.encapContentInfo.eContent)return console.warn("No eContent in SignedData"),null;const o=i.encapContentInfo.eContent;let n;o.single?n=o.single.buffer:o.any?n=o.any:n=ce.serialize(o);const s=ce.parse(n,de);let c;if(i.certificates&&i.certificates.length>0){const p=i.certificates[0];"certificate"in p&&p.certificate&&(c=Ts(ce.serialize(p.certificate)))}let u;s.tsa&&(s.tsa.directoryName?u=s.tsa.directoryName.toString():s.tsa.uniformResourceIdentifier&&(u=s.tsa.uniformResourceIdentifier));let f;return s.accuracy&&(f=(s.accuracy.seconds||0)+(s.accuracy.millis||0)/1e3+(s.accuracy.micros||0)/1e6),{genTime:s.genTime,policy:s.policy,serialNumber:Ir(s.serialNumber),hashAlgorithm:qc(s.messageImprint.hashAlgorithm.algorithm),messageImprint:Ir(s.messageImprint.hashedMessage.buffer),tsaName:u,tsaCertificate:c,accuracy:f}}catch(e){return console.error("Failed to parse timestamp:",e instanceof Error?e.message:String(e)),null}}function Fs(r,e){return qo(this,null,function*(){const t={"SHA-1":"SHA-1","SHA-256":"SHA-256","SHA-384":"SHA-384","SHA-512":"SHA-512"}[e];if(!t)throw new Error(`Unsupported hash algorithm: ${e}`);if(typeof crypto!="undefined"&&crypto.subtle)return crypto.subtle.digest(t,r);const i=require("crypto").createHash(e.toLowerCase().replace("-",""));return i.update(Buffer.from(r)),i.digest().buffer})}function Fc(r,e){return qo(this,null,function*(){try{const t=r.messageImprint.toLowerCase(),i=lo(e),o=yield Fs(i,r.hashAlgorithm);if(Ir(o).toLowerCase()===t)return!0;const n=new TextEncoder().encode(e),s=yield Fs(n.buffer,r.hashAlgorithm);return Ir(s).toLowerCase()===t}catch(t){return console.error("Failed to verify timestamp coverage:",t instanceof Error?t.message:String(t)),!1}})}function Gs(r){return qo(this,arguments,function*(e,t={}){const i=Fo(e);if(!i)return{isValid:!1,reason:"Failed to parse timestamp token"};let o,n;t.signatureValue&&(o=yield Fc(i,t.signatureValue),o||(n="Could not verify timestamp covers signature (implementation-specific hashing)"));let s;if(t.verifyTsaCertificate&&i.tsaCertificate)try{const c=new V.X509Certificate(i.tsaCertificate);if(i.genTime<c.notBefore||i.genTime>c.notAfter)return{isValid:!1,info:i,coversSignature:o,reason:`TSA certificate was not valid at timestamp time (${i.genTime.toISOString()})`};if(t.checkTsaRevocation!==!1)try{if(s=yield uo(c),s.status==="revoked")return{isValid:!1,info:i,coversSignature:o,tsaRevocation:s,reason:`TSA certificate has been revoked: ${s.reason||"No reason provided"}`}}catch(u){s={isValid:!1,status:"error",method:"none",reason:`TSA revocation check failed: ${u instanceof Error?u.message:String(u)}`,checkedAt:new Date}}}catch(c){return{isValid:!1,info:i,coversSignature:o,reason:`Failed to verify TSA certificate: ${c instanceof Error?c.message:String(c)}`}}return{isValid:!0,info:i,coversSignature:o,tsaRevocation:s,reason:n}})}function Gc(r){const e=Fo(r);return(e==null?void 0:e.genTime)||null}var zc=Object.defineProperty,zs=Object.getOwnPropertySymbols,Xc=Object.prototype.hasOwnProperty,Wc=Object.prototype.propertyIsEnumerable,Xs=(r,e,t)=>e in r?zc(r,e,{enumerable:!0,configurable:!0,writable:!0,value:t}):r[e]=t,Ws=(r,e)=>{for(var t in e||(e={}))Xc.call(e,t)&&Xs(r,t,e[t]);if(zs)for(var t of zs(e))Wc.call(e,t)&&Xs(r,t,e[t]);return r},We=(r,e,t)=>new Promise((i,o)=>{var n=u=>{try{c(t.next(u))}catch(f){o(f)}},s=u=>{try{c(t.throw(u))}catch(f){o(f)}},c=u=>u.done?i(u.value):Promise.resolve(u.value).then(n,s);c((t=t.apply(r,e)).next())});function ei(){return typeof window!="undefined"&&typeof window.crypto!="undefined"&&typeof window.crypto.subtle!="undefined"}function Js(r,e){return We(this,null,function*(){const t=e.replace(/-/g,"").toLowerCase();let i;if(t.includes("sha256"))i="sha256";else if(t.includes("sha1"))i="sha1";else if(t.includes("sha384"))i="sha384";else if(t.includes("sha512"))i="sha512";else throw new Error(`Unsupported digest algorithm: ${e}`);return ei()?Jc(r,i):Kc(r,i)})}function Jc(r,e){return We(this,null,function*(){const t={sha1:"SHA-1",sha256:"SHA-256",sha384:"SHA-384",sha512:"SHA-512"}[e];if(!t)throw new Error(`Unsupported browser digest algorithm: ${e}`);const i=yield window.crypto.subtle.digest(t,r),o=Array.from(new Uint8Array(i));return btoa(String.fromCharCode.apply(null,o))})}function Kc(r,e){return new Promise((t,i)=>{try{const o=require("crypto").createHash(e);o.update(Buffer.from(r)),t(o.digest("base64"))}catch(o){i(new Error(`Node digest computation failed: ${o instanceof Error?o.message:String(o)}`))}})}function Yc(r){const e=r.toLowerCase();return e.includes("sha512")?"SHA-512":e.includes("sha384")?"SHA-384":e.includes("sha256")?"SHA-256":e.includes("sha1")?"SHA-1":"SHA-256"}function Ks(r,e){return We(this,null,function*(){const t={};let i=!0,o="SHA-256";r.algorithm&&(r.algorithm.includes("sha1")?o="SHA-1":r.algorithm.includes("sha384")?o="SHA-384":r.algorithm.includes("sha512")&&(o="SHA-512"));const n=Object.entries(r.signedChecksums).map(s=>We(this,[s],function*([c,u]){var f;const p=(f=r.digestAlgorithms)!=null&&f[c]?Yc(r.digestAlgorithms[c]):o,d=e.get(c);if(d){const w=yield Js(d,p),y=u===w;t[c]={expected:u,actual:w,matches:y,fileFound:!0},y||(i=!1)}else{const w=c.includes("/")?c.split("/").pop():c;let y=!1;if(w){for(const[g,B]of e.entries())if(g.endsWith(w)){const m=yield Js(B,p),S=u===m;t[c]={expected:u,actual:m,matches:S,fileFound:!0},S||(i=!1),y=!0;break}}y||(t[c]={expected:u,actual:"",matches:!1,fileFound:!1},i=!1)}}));return yield Promise.all(n),{isValid:i,details:t}})}function Zc(r){return We(this,arguments,function*(e,t=new Date){try{const i=new V.X509Certificate(e),o=la(i,t),n=yield Qo(e);return{isValid:o.isValid,reason:o.reason,info:n}}catch(i){return{isValid:!1,reason:`Certificate parsing error: ${i instanceof Error?i.message:String(i)}`}}})}function Ys(){return ei()?window.crypto.subtle:crypto.subtle}function Qc(r,e,t,i,o){return We(this,null,function*(){try{const n=Jo().parseFromString(r,"application/xml"),s=K(n,"ds:SignedInfo");if(!s)return{isValid:!1,reason:"SignedInfo element not found in provided XML"};const c=o||Je.default,u=P.canonicalize(s,c),f=e.replace(/\s+/g,"");let p;try{p=bc(f)}catch(y){return{isValid:!1,reason:`Failed to decode signature value: ${y instanceof Error?y.message:String(y)}`}}let d;try{const y=Ys();ei()&&i.name==="RSASSA-PKCS1-v1_5"&&(t=Aa(t)),d=yield y.importKey("spki",t,i,!1,["verify"])}catch(y){const g=y instanceof Error?y:new Error(String(y));let B="Unknown reason",m="KEY_IMPORT_ERROR";if(g.name==="DataError"?(B="Key data format is invalid or incompatible",m="INVALID_KEY_FORMAT"):g.name==="NotSupportedError"?(B="Algorithm or parameters not supported",m="UNSUPPORTED_ALGORITHM"):g.message.includes("namedCurve")?(B="Missing or invalid namedCurve parameter",m="INVALID_CURVE"):g.message.includes("hash")&&(B="Incompatible or unsupported hash algorithm",m="INVALID_HASH"),i.name==="ECDSA"){const S=t.byteLength;B+=` (Key length: ${S})`}return{isValid:!1,reason:`Failed to import public key: ${B}`,errorDetails:{category:m,originalMessage:g.message,algorithm:Ws({},i),environment:ei()?"browser":"node",keyLength:t.byteLength}}}const w=new TextEncoder().encode(u);try{const y=yield Ys().verify(i,d,p,w);return{isValid:y,reason:y?void 0:"Signature verification failed"}}catch(y){return{isValid:!1,reason:`Signature verification error: ${y instanceof Error?y.message:String(y)}`}}}catch(n){return{isValid:!1,reason:`SignedInfo verification error: ${n instanceof Error?n.message:String(n)}`}}})}function el(r,e){return We(this,arguments,function*(t,i,o={}){var n;const s=[];let c,u=o.verifyTime||t.signingTime;t.signatureTimestamp&&o.verifyTimestamps!==!1&&(c=yield Gs(t.signatureTimestamp,{signatureValue:t.signatureValue,verifyTsaCertificate:!0}),c.isValid&&c.info?u=c.info.genTime:c.isValid||s.push(`Timestamp verification failed: ${c.reason||"Unknown reason"}`));const f=yield Zc(t.certificatePEM,u);if(!f.isValid){const y=`Certificate validation error: ${f.reason||"Unknown reason"}`;s.push(y)}if(o.checkRevocation!==!1&&f.isValid)try{const y=yield uo(t.certificatePEM,Ws({certificateChain:t.certificateChain},o.revocationOptions));f.revocation=y,y.status==="revoked"&&(f.isValid=!1,f.reason=y.reason||"Certificate has been revoked",s.push(`Certificate revoked: ${y.reason||"No reason provided"}`))}catch(y){f.revocation={isValid:!1,status:"error",method:"none",reason:`Revocation check failed: ${y instanceof Error?y.message:String(y)}`,checkedAt:new Date}}const p=o.verifyChecksums!==!1?yield Ks(t,i):{isValid:!0,details:{}};if(!p.isValid){const y=Object.entries(p.details).filter(([g,B])=>!B.matches).map(([g])=>g).join(", ");s.push(`Checksum validation failed for files: ${y}`)}let d={isValid:!0};if(o.verifySignatures!==!1&&t.rawXml&&t.signatureValue&&t.publicKey){const y=t.algorithm||"",g={name:"RSASSA-PKCS1-v1_5",hash:"SHA-256"};if(y.includes("ecdsa")&&t.publicKey.namedCurve&&(g.namedCurve=t.publicKey.namedCurve,g.name="ECDSA"),y.includes("ecdsa-sha256")?g.hash="SHA-256":y.includes("ecdsa-sha384")?g.hash="SHA-384":y.includes("ecdsa-sha512")?g.hash="SHA-512":y.includes("rsa-sha1")?g.hash="SHA-1":y.includes("rsa-pss")?(g.name="RSA-PSS",g.saltLength=32,y.includes("sha384")?(g.hash="SHA-384",g.saltLength=48):y.includes("sha512")?(g.hash="SHA-512",g.saltLength=64):g.hash="SHA-256"):y.includes("rsa-sha384")?g.hash="SHA-384":y.includes("rsa-sha512")&&(g.hash="SHA-512"),d=yield Qc(t.rawXml,t.signatureValue,t.publicKey.rawData,g,t.canonicalizationMethod),!d.isValid){let B=d.reason||"XML signature verification failed";if(d.errorDetails){const m=d.errorDetails;B+=` [Category: ${m.category}, Environment: ${m.environment}`,m.algorithm&&(B+=`, Algorithm: ${m.algorithm.name}`,m.algorithm.namedCurve&&(B+=`, Curve: ${m.algorithm.namedCurve}`)),m.keyLength&&(B+=`, Key length: ${m.keyLength} bytes`),B+="]"}s.push(B)}}else if(o.verifySignatures!==!1){const y=[];t.rawXml||y.push("Signature XML"),t.signatureValue||y.push("SignatureValue"),t.publicKey||y.push("Public Key"),s.push(`Cannot verify XML signature: missing ${y.join(", ")}`),d={isValid:!1,reason:`Missing required components: ${y.join(", ")}`}}const w=!t.signatureTimestamp||o.verifyTimestamps===!1||((n=c==null?void 0:c.isValid)!=null?n:!0);return{isValid:f.isValid&&p.isValid&&d.isValid&&w,certificate:f,checksums:p,signature:o.verifySignatures!==!1?d:void 0,timestamp:c,errors:s.length>0?s:void 0}})}x.CANONICALIZATION_METHODS=Je,x.XMLCanonicalizer=P,x.checkCertificateRevocation=uo,x.formatValidityPeriod=fa,x.getSignerDisplayName=ua,x.getTimestampTime=Gc,x.parseCertificate=Qo,x.parseEdoc=ba,x.parseTimestamp=Fo,x.verifyChecksums=Ks,x.verifySignature=el,x.verifyTimestamp=Gs,Object.defineProperty(x,"__esModule",{value:!0})});
81
+ -----END X509 CRL-----`;return new V.X509Crl(t)}catch(t){return null}}}function Dc(r){return Oc(this,arguments,function*(e,t={}){const{timeout:i=1e4,proxyUrl:o}=t,n=new Date,s=Vc(e);if(s.length===0)return{isValid:!1,status:"unknown",method:"crl",reason:"Certificate has no CRL distribution point",checkedAt:n};const c=[];for(const u of s)try{const f=yield mc(u,i,o);if(!f.ok||!f.data){c.push(`${u}: ${f.error||"Failed to fetch"}`);continue}const p=Uc(f.data);if(!p){c.push(`${u}: Failed to parse CRL data`);continue}const d=jc(p,e.serialNumber);return d.isRevoked?{isValid:!1,status:"revoked",method:"crl",reason:d.reason!==void 0?`Certificate revoked (reason code: ${d.reason})`:"Certificate revoked",revokedAt:d.revokedAt,checkedAt:n}:{isValid:!0,status:"good",method:"crl",checkedAt:n}}catch(f){c.push(`${u}: ${f instanceof Error?f.message:String(f)}`)}return{isValid:!1,status:"error",method:"crl",reason:`All CRL checks failed: ${c.join("; ")}`,checkedAt:n}})}var Rc=Object.defineProperty,Us=Object.getOwnPropertySymbols,Lc=Object.prototype.hasOwnProperty,Hc=Object.prototype.propertyIsEnumerable,Ds=(r,e,t)=>e in r?Rc(r,e,{enumerable:!0,configurable:!0,writable:!0,value:t}):r[e]=t,Rs=(r,e)=>{for(var t in e||(e={}))Lc.call(e,t)&&Ds(r,t,e[t]);if(Us)for(var t of Us(e))Hc.call(e,t)&&Ds(r,t,e[t]);return r},$c=(r,e,t)=>new Promise((i,o)=>{var n=u=>{try{c(t.next(u))}catch(f){o(f)}},s=u=>{try{c(t.throw(u))}catch(f){o(f)}},c=u=>u.done?i(u.value):Promise.resolve(u.value).then(n,s);c((t=t.apply(r,e)).next())});function uo(r){return $c(this,arguments,function*(e,t={}){const i=new Date,o=Rs(Rs({},Sa),t);let n;try{n=typeof e=="string"?new V.X509Certificate(e):e}catch(f){return{isValid:!1,status:"error",method:"none",reason:`Failed to parse certificate: ${f instanceof Error?f.message:String(f)}`,checkedAt:i}}let s=null,c=null;if(o.ocspEnabled&&(s=yield Ic(n,null,{timeout:o.ocspTimeout,certificateChain:o.certificateChain,proxyUrl:t.proxyUrl}),s.status==="good"||s.status==="revoked"))return s;if(o.crlEnabled&&(c=yield Dc(n,{timeout:o.crlTimeout,proxyUrl:t.proxyUrl}),c.status==="good"||c.status==="revoked"))return c;const u=[];return s!=null&&s.reason&&u.push(`OCSP: ${s.reason}`),c!=null&&c.reason&&u.push(`CRL: ${c.reason}`),{isValid:!1,status:"unknown",method:"none",reason:u.length>0?u.join("; "):"No revocation checking method available",checkedAt:i}})}class at{constructor(e={}){this.issuer=new Z,this.serialNumber=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:Z})],at.prototype,"issuer",void 0),a([l({type:h.Integer,converter:re})],at.prototype,"serialNumber",void 0);let ct=class{constructor(e={}){Object.assign(this,e)}};a([l({type:Ot,context:0,implicit:!0})],ct.prototype,"subjectKeyIdentifier",void 0),a([l({type:at})],ct.prototype,"issuerAndSerialNumber",void 0),ct=a([A({type:v.Choice})],ct);var Ee;(function(r){r[r.v0=0]="v0",r[r.v1=1]="v1",r[r.v2=2]="v2",r[r.v3=3]="v3",r[r.v4=4]="v4",r[r.v5=5]="v5"})(Ee||(Ee={}));let jt=class extends k{};jt=a([A({type:v.Sequence})],jt);let Tr=class extends k{};Tr=a([A({type:v.Sequence})],Tr);let we=class extends k{};we=a([A({type:v.Sequence})],we);let Vr=class extends k{};Vr=a([A({type:v.Sequence})],Vr);let Ls=class extends k{};Ls=a([A({type:v.Sequence})],Ls);let fo=class extends k{};fo=a([A({type:v.Sequence})],fo);class Ut{constructor(e={}){this.attrType="",this.attrValues=[],Object.assign(this,e)}}a([l({type:h.ObjectIdentifier})],Ut.prototype,"attrType",void 0),a([l({type:h.Any,repeated:"set"})],Ut.prototype,"attrValues",void 0);var ho;class Ie{constructor(e={}){this.version=Ee.v0,this.sid=new ct,this.digestAlgorithm=new jt,this.signatureAlgorithm=new Tr,this.signature=new C,Object.assign(this,e)}}a([l({type:h.Integer})],Ie.prototype,"version",void 0),a([l({type:ct})],Ie.prototype,"sid",void 0),a([l({type:jt})],Ie.prototype,"digestAlgorithm",void 0),a([l({type:Ut,repeated:"set",context:0,implicit:!0,optional:!0,raw:!0})],Ie.prototype,"signedAttrs",void 0),a([l({type:Tr})],Ie.prototype,"signatureAlgorithm",void 0),a([l({type:C})],Ie.prototype,"signature",void 0),a([l({type:Ut,repeated:"set",context:1,implicit:!0,optional:!0})],Ie.prototype,"unsignedAttrs",void 0);let jr=ho=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,ho.prototype)}};jr=ho=a([A({type:v.Set,itemType:Ie})],jr);let Hs=class extends Ie{};Hs=a([A({type:v.Sequence})],Hs);let $s=class extends z{};$s=a([A({type:v.Choice})],$s);class po{constructor(e={}){this.acIssuer=new E,this.acSerial=0,this.attrs=[],Object.assign(this,e)}}a([l({type:E})],po.prototype,"acIssuer",void 0),a([l({type:h.Integer})],po.prototype,"acSerial",void 0),a([l({type:It,repeated:"sequence"})],po.prototype,"attrs",void 0);var yo;let Ur=yo=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,yo.prototype)}};Ur=yo=a([A({type:v.Sequence,itemType:h.ObjectIdentifier})],Ur);class Dr{constructor(e={}){this.permitUnSpecified=!0,Object.assign(this,e)}}a([l({type:h.Integer,optional:!0})],Dr.prototype,"pathLenConstraint",void 0),a([l({type:Ur,implicit:!0,context:0,optional:!0})],Dr.prototype,"permittedAttrs",void 0),a([l({type:Ur,implicit:!0,context:1,optional:!0})],Dr.prototype,"excludedAttrs",void 0),a([l({type:h.Boolean,defaultValue:!0})],Dr.prototype,"permitUnSpecified",void 0);class Fe{constructor(e={}){this.issuer=new ue,this.serial=new ArrayBuffer(0),this.issuerUID=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:ue})],Fe.prototype,"issuer",void 0),a([l({type:h.Integer,converter:re})],Fe.prototype,"serial",void 0),a([l({type:h.BitString,optional:!0})],Fe.prototype,"issuerUID",void 0);var go;(function(r){r[r.publicKey=0]="publicKey",r[r.publicKeyCert=1]="publicKeyCert",r[r.otherObjectTypes=2]="otherObjectTypes"})(go||(go={}));class Ge{constructor(e={}){this.digestedObjectType=go.publicKey,this.digestAlgorithm=new k,this.objectDigest=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:h.Enumerated})],Ge.prototype,"digestedObjectType",void 0),a([l({type:h.ObjectIdentifier,optional:!0})],Ge.prototype,"otherObjectTypeID",void 0),a([l({type:k})],Ge.prototype,"digestAlgorithm",void 0),a([l({type:h.BitString})],Ge.prototype,"objectDigest",void 0);class Rr{constructor(e={}){Object.assign(this,e)}}a([l({type:ue,optional:!0})],Rr.prototype,"issuerName",void 0),a([l({type:Fe,context:0,implicit:!0,optional:!0})],Rr.prototype,"baseCertificateID",void 0),a([l({type:Ge,context:1,implicit:!0,optional:!0})],Rr.prototype,"objectDigestInfo",void 0);let lt=class{constructor(e={}){Object.assign(this,e)}};a([l({type:E,repeated:"sequence"})],lt.prototype,"v1Form",void 0),a([l({type:Rr,context:0,implicit:!0})],lt.prototype,"v2Form",void 0),lt=a([A({type:v.Choice})],lt);class Lr{constructor(e={}){this.notBeforeTime=new Date,this.notAfterTime=new Date,Object.assign(this,e)}}a([l({type:h.GeneralizedTime})],Lr.prototype,"notBeforeTime",void 0),a([l({type:h.GeneralizedTime})],Lr.prototype,"notAfterTime",void 0);class Dt{constructor(e={}){Object.assign(this,e)}}a([l({type:Fe,implicit:!0,context:0,optional:!0})],Dt.prototype,"baseCertificateID",void 0),a([l({type:ue,implicit:!0,context:1,optional:!0})],Dt.prototype,"entityName",void 0),a([l({type:Ge,implicit:!0,context:2,optional:!0})],Dt.prototype,"objectDigestInfo",void 0);var vo;(function(r){r[r.v2=1]="v2"})(vo||(vo={}));class he{constructor(e={}){this.version=vo.v2,this.holder=new Dt,this.issuer=new lt,this.signature=new k,this.serialNumber=new ArrayBuffer(0),this.attrCertValidityPeriod=new Lr,this.attributes=[],Object.assign(this,e)}}a([l({type:h.Integer})],he.prototype,"version",void 0),a([l({type:Dt})],he.prototype,"holder",void 0),a([l({type:lt})],he.prototype,"issuer",void 0),a([l({type:k})],he.prototype,"signature",void 0),a([l({type:h.Integer,converter:re})],he.prototype,"serialNumber",void 0),a([l({type:Lr})],he.prototype,"attrCertValidityPeriod",void 0),a([l({type:It,repeated:"sequence"})],he.prototype,"attributes",void 0),a([l({type:h.BitString,optional:!0})],he.prototype,"issuerUniqueID",void 0),a([l({type:rt,optional:!0})],he.prototype,"extensions",void 0);class Hr{constructor(e={}){this.acinfo=new he,this.signatureAlgorithm=new k,this.signatureValue=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:he})],Hr.prototype,"acinfo",void 0),a([l({type:k})],Hr.prototype,"signatureAlgorithm",void 0),a([l({type:h.BitString})],Hr.prototype,"signatureValue",void 0);var $r;(function(r){r[r.unmarked=1]="unmarked",r[r.unclassified=2]="unclassified",r[r.restricted=4]="restricted",r[r.confidential=8]="confidential",r[r.secret=16]="secret",r[r.topSecret=32]="topSecret"})($r||($r={}));class mo extends pr{}class wo{constructor(e={}){this.type="",this.value=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:h.ObjectIdentifier,implicit:!0,context:0})],wo.prototype,"type",void 0),a([l({type:h.Any,implicit:!0,context:1})],wo.prototype,"value",void 0);class bo{constructor(e={}){this.policyId="",this.classList=new mo($r.unclassified),Object.assign(this,e)}}a([l({type:h.ObjectIdentifier})],bo.prototype,"policyId",void 0),a([l({type:mo,defaultValue:new mo($r.unclassified)})],bo.prototype,"classList",void 0),a([l({type:wo,repeated:"set"})],bo.prototype,"securityCategories",void 0);class Mr{constructor(e={}){Object.assign(this,e)}}a([l({type:C})],Mr.prototype,"cotets",void 0),a([l({type:h.ObjectIdentifier})],Mr.prototype,"oid",void 0),a([l({type:h.Utf8String})],Mr.prototype,"string",void 0);class Ms{constructor(e={}){this.values=[],Object.assign(this,e)}}a([l({type:ue,implicit:!0,context:0,optional:!0})],Ms.prototype,"policyAuthority",void 0),a([l({type:Mr,repeated:"sequence"})],Ms.prototype,"values",void 0);var Ao;class Pr{constructor(e={}){this.targetCertificate=new Fe,Object.assign(this,e)}}a([l({type:Fe})],Pr.prototype,"targetCertificate",void 0),a([l({type:E,optional:!0})],Pr.prototype,"targetName",void 0),a([l({type:Ge,optional:!0})],Pr.prototype,"certDigestInfo",void 0);let ut=class{constructor(e={}){Object.assign(this,e)}};a([l({type:E,context:0,implicit:!0})],ut.prototype,"targetName",void 0),a([l({type:E,context:1,implicit:!0})],ut.prototype,"targetGroup",void 0),a([l({type:Pr,context:2,implicit:!0})],ut.prototype,"targetCert",void 0),ut=a([A({type:v.Choice})],ut);let So=Ao=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,Ao.prototype)}};So=Ao=a([A({type:v.Sequence,itemType:ut})],So);var Bo;let Ps=Bo=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,Bo.prototype)}};Ps=Bo=a([A({type:v.Sequence,itemType:So})],Ps);class _s{constructor(e={}){Object.assign(this,e)}}a([l({type:ue,implicit:!0,context:0,optional:!0})],_s.prototype,"roleAuthority",void 0),a([l({type:E,implicit:!0,context:1})],_s.prototype,"roleName",void 0);class ko{constructor(e={}){this.service=new E,this.ident=new E,Object.assign(this,e)}}a([l({type:E})],ko.prototype,"service",void 0),a([l({type:E})],ko.prototype,"ident",void 0),a([l({type:C,optional:!0})],ko.prototype,"authInfo",void 0);var xo;class No{constructor(e={}){this.otherCertFormat="",this.otherCert=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:h.ObjectIdentifier})],No.prototype,"otherCertFormat",void 0),a([l({type:h.Any})],No.prototype,"otherCert",void 0);let ft=class{constructor(e={}){Object.assign(this,e)}};a([l({type:it})],ft.prototype,"certificate",void 0),a([l({type:Hr,context:2,implicit:!0})],ft.prototype,"v2AttrCert",void 0),a([l({type:No,context:3,implicit:!0})],ft.prototype,"other",void 0),ft=a([A({type:v.Choice})],ft);let _r=xo=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,xo.prototype)}};_r=xo=a([A({type:v.Set,itemType:ft})],_r);class qr{constructor(e={}){this.contentType="",this.content=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:h.ObjectIdentifier})],qr.prototype,"contentType",void 0),a([l({type:h.Any,context:0})],qr.prototype,"content",void 0);let Rt=class{constructor(e={}){Object.assign(this,e)}};a([l({type:C})],Rt.prototype,"single",void 0),a([l({type:h.Any})],Rt.prototype,"any",void 0),Rt=a([A({type:v.Choice})],Rt);class Fr{constructor(e={}){this.eContentType="",Object.assign(this,e)}}a([l({type:h.ObjectIdentifier})],Fr.prototype,"eContentType",void 0),a([l({type:Rt,context:0,optional:!0})],Fr.prototype,"eContent",void 0);let Lt=class{constructor(e={}){Object.assign(this,e)}};a([l({type:C,context:0,implicit:!0,optional:!0})],Lt.prototype,"value",void 0),a([l({type:C,converter:Ka,context:0,implicit:!0,optional:!0,repeated:"sequence"})],Lt.prototype,"constructedValue",void 0),Lt=a([A({type:v.Choice})],Lt);class Ht{constructor(e={}){this.contentType="",this.contentEncryptionAlgorithm=new Vr,Object.assign(this,e)}}a([l({type:h.ObjectIdentifier})],Ht.prototype,"contentType",void 0),a([l({type:Vr})],Ht.prototype,"contentEncryptionAlgorithm",void 0),a([l({type:Lt,optional:!0})],Ht.prototype,"encryptedContent",void 0);class Gr{constructor(e={}){this.keyAttrId="",Object.assign(this,e)}}a([l({type:h.ObjectIdentifier})],Gr.prototype,"keyAttrId",void 0),a([l({type:h.Any,optional:!0})],Gr.prototype,"keyAttr",void 0);var Co;class zr{constructor(e={}){this.subjectKeyIdentifier=new Ot,Object.assign(this,e)}}a([l({type:Ot})],zr.prototype,"subjectKeyIdentifier",void 0),a([l({type:h.GeneralizedTime,optional:!0})],zr.prototype,"date",void 0),a([l({type:Gr,optional:!0})],zr.prototype,"other",void 0);let ht=class{constructor(e={}){Object.assign(this,e)}};a([l({type:zr,context:0,implicit:!0,optional:!0})],ht.prototype,"rKeyId",void 0),a([l({type:at,optional:!0})],ht.prototype,"issuerAndSerialNumber",void 0),ht=a([A({type:v.Choice})],ht);class Eo{constructor(e={}){this.rid=new ht,this.encryptedKey=new C,Object.assign(this,e)}}a([l({type:ht})],Eo.prototype,"rid",void 0),a([l({type:C})],Eo.prototype,"encryptedKey",void 0);let Xr=Co=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,Co.prototype)}};Xr=Co=a([A({type:v.Sequence,itemType:Eo})],Xr);class Io{constructor(e={}){this.algorithm=new k,this.publicKey=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:k})],Io.prototype,"algorithm",void 0),a([l({type:h.BitString})],Io.prototype,"publicKey",void 0);let ze=class{constructor(e={}){Object.assign(this,e)}};a([l({type:Ot,context:0,implicit:!0,optional:!0})],ze.prototype,"subjectKeyIdentifier",void 0),a([l({type:Io,context:1,implicit:!0,optional:!0})],ze.prototype,"originatorKey",void 0),a([l({type:at,optional:!0})],ze.prototype,"issuerAndSerialNumber",void 0),ze=a([A({type:v.Choice})],ze);class pt{constructor(e={}){this.version=Ee.v3,this.originator=new ze,this.keyEncryptionAlgorithm=new we,this.recipientEncryptedKeys=new Xr,Object.assign(this,e)}}a([l({type:h.Integer})],pt.prototype,"version",void 0),a([l({type:ze,context:0})],pt.prototype,"originator",void 0),a([l({type:C,context:1,optional:!0})],pt.prototype,"ukm",void 0),a([l({type:we})],pt.prototype,"keyEncryptionAlgorithm",void 0),a([l({type:Xr})],pt.prototype,"recipientEncryptedKeys",void 0);let dt=class{constructor(e={}){Object.assign(this,e)}};a([l({type:Ot,context:0,implicit:!0})],dt.prototype,"subjectKeyIdentifier",void 0),a([l({type:at})],dt.prototype,"issuerAndSerialNumber",void 0),dt=a([A({type:v.Choice})],dt);class $t{constructor(e={}){this.version=Ee.v0,this.rid=new dt,this.keyEncryptionAlgorithm=new we,this.encryptedKey=new C,Object.assign(this,e)}}a([l({type:h.Integer})],$t.prototype,"version",void 0),a([l({type:dt})],$t.prototype,"rid",void 0),a([l({type:we})],$t.prototype,"keyEncryptionAlgorithm",void 0),a([l({type:C})],$t.prototype,"encryptedKey",void 0);class Mt{constructor(e={}){this.keyIdentifier=new C,Object.assign(this,e)}}a([l({type:C})],Mt.prototype,"keyIdentifier",void 0),a([l({type:h.GeneralizedTime,optional:!0})],Mt.prototype,"date",void 0),a([l({type:Gr,optional:!0})],Mt.prototype,"other",void 0);class Pt{constructor(e={}){this.version=Ee.v4,this.kekid=new Mt,this.keyEncryptionAlgorithm=new we,this.encryptedKey=new C,Object.assign(this,e)}}a([l({type:h.Integer})],Pt.prototype,"version",void 0),a([l({type:Mt})],Pt.prototype,"kekid",void 0),a([l({type:we})],Pt.prototype,"keyEncryptionAlgorithm",void 0),a([l({type:C})],Pt.prototype,"encryptedKey",void 0);class _t{constructor(e={}){this.version=Ee.v0,this.keyEncryptionAlgorithm=new we,this.encryptedKey=new C,Object.assign(this,e)}}a([l({type:h.Integer})],_t.prototype,"version",void 0),a([l({type:fo,context:0,optional:!0})],_t.prototype,"keyDerivationAlgorithm",void 0),a([l({type:we})],_t.prototype,"keyEncryptionAlgorithm",void 0),a([l({type:C})],_t.prototype,"encryptedKey",void 0);class Oo{constructor(e={}){this.oriType="",this.oriValue=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:h.ObjectIdentifier})],Oo.prototype,"oriType",void 0),a([l({type:h.Any})],Oo.prototype,"oriValue",void 0);let Ve=class{constructor(e={}){Object.assign(this,e)}};a([l({type:$t,optional:!0})],Ve.prototype,"ktri",void 0),a([l({type:pt,context:1,implicit:!0,optional:!0})],Ve.prototype,"kari",void 0),a([l({type:Pt,context:2,implicit:!0,optional:!0})],Ve.prototype,"kekri",void 0),a([l({type:_t,context:3,implicit:!0,optional:!0})],Ve.prototype,"pwri",void 0),a([l({type:Oo,context:4,implicit:!0,optional:!0})],Ve.prototype,"ori",void 0),Ve=a([A({type:v.Choice})],Ve);var To;let Wr=To=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,To.prototype)}};Wr=To=a([A({type:v.Set,itemType:Ve})],Wr);var Vo;class Jr{constructor(e={}){this.otherRevInfoFormat="",this.otherRevInfo=new ArrayBuffer(0),Object.assign(this,e)}}a([l({type:h.ObjectIdentifier})],Jr.prototype,"otherRevInfoFormat",void 0),a([l({type:h.Any})],Jr.prototype,"otherRevInfo",void 0);let Kr=class{constructor(e={}){this.other=new Jr,Object.assign(this,e)}};a([l({type:Jr,context:1,implicit:!0})],Kr.prototype,"other",void 0),Kr=a([A({type:v.Choice})],Kr);let Yr=Vo=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,Vo.prototype)}};Yr=Vo=a([A({type:v.Set,itemType:Kr})],Yr);class jo{constructor(e={}){Object.assign(this,e)}}a([l({type:_r,context:0,implicit:!0,optional:!0})],jo.prototype,"certs",void 0),a([l({type:Yr,context:1,implicit:!0,optional:!0})],jo.prototype,"crls",void 0);var Uo;let Do=Uo=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,Uo.prototype)}};Do=Uo=a([A({type:v.Set,itemType:Ut})],Do);class qt{constructor(e={}){this.version=Ee.v0,this.recipientInfos=new Wr,this.encryptedContentInfo=new Ht,Object.assign(this,e)}}a([l({type:h.Integer})],qt.prototype,"version",void 0),a([l({type:jo,context:0,implicit:!0,optional:!0})],qt.prototype,"originatorInfo",void 0),a([l({type:Wr})],qt.prototype,"recipientInfos",void 0),a([l({type:Ht})],qt.prototype,"encryptedContentInfo",void 0),a([l({type:Do,context:1,implicit:!0,optional:!0})],qt.prototype,"unprotectedAttrs",void 0);var Ro;let Zr=Ro=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,Ro.prototype)}};Zr=Ro=a([A({type:v.Set,itemType:jt})],Zr);class Xe{constructor(e={}){this.version=Ee.v0,this.digestAlgorithms=new Zr,this.encapContentInfo=new Fr,this.signerInfos=new jr,Object.assign(this,e)}}a([l({type:h.Integer})],Xe.prototype,"version",void 0),a([l({type:Zr})],Xe.prototype,"digestAlgorithms",void 0),a([l({type:Fr})],Xe.prototype,"encapContentInfo",void 0),a([l({type:_r,context:0,implicit:!0,optional:!0})],Xe.prototype,"certificates",void 0),a([l({type:Yr,context:1,implicit:!0,optional:!0})],Xe.prototype,"crls",void 0),a([l({type:jr})],Xe.prototype,"signerInfos",void 0);class Qr{constructor(e={}){this.seconds=0,Object.assign(this,e)}}a([l({type:h.Integer,optional:!0})],Qr.prototype,"seconds",void 0),a([l({type:h.Integer,context:0,implicit:!0,optional:!0})],Qr.prototype,"millis",void 0),a([l({type:h.Integer,context:1,implicit:!0,optional:!0})],Qr.prototype,"micros",void 0);class yt{constructor(e={}){this.hashAlgorithm=new k,this.hashedMessage=new C,Object.assign(this,e)}}a([l({type:k})],yt.prototype,"hashAlgorithm",void 0),a([l({type:C})],yt.prototype,"hashedMessage",void 0);var pe;(function(r){r[r.badAlg=1]="badAlg",r[r.badRequest=2]="badRequest",r[r.badDataFormat=16]="badDataFormat",r[r.timeNotAvailable=8192]="timeNotAvailable",r[r.unacceptedPolicy=16384]="unacceptedPolicy",r[r.unacceptedExtension=32768]="unacceptedExtension",r[r.addInfoNotAvailable=65536]="addInfoNotAvailable",r[r.systemFailure=16777216]="systemFailure"})(pe||(pe={}));class Mc extends pr{toJSON(){const e=this.toNumber(),t=[];return e&pe.addInfoNotAvailable&&t.push("addInfoNotAvailable"),e&pe.badAlg&&t.push("badAlg"),e&pe.badDataFormat&&t.push("badDataFormat"),e&pe.badRequest&&t.push("badRequest"),e&pe.systemFailure&&t.push("systemFailure"),e&pe.systemFailure&&t.push("systemFailure"),e&pe.timeNotAvailable&&t.push("timeNotAvailable"),e&pe.unacceptedExtension&&t.push("unacceptedExtension"),e&pe.unacceptedPolicy&&t.push("unacceptedPolicy"),t}toString(){return`[${this.toJSON().join(", ")}]`}}var Lo;(function(r){r[r.granted=0]="granted",r[r.grantedWithMods=1]="grantedWithMods",r[r.rejection=2]="rejection",r[r.waiting=3]="waiting",r[r.revocationWarning=4]="revocationWarning",r[r.revocationNotification=5]="revocationNotification"})(Lo||(Lo={}));var Ho;let $o=Ho=class extends j{constructor(e){super(e),Object.setPrototypeOf(this,Ho.prototype)}};$o=Ho=a([A({type:v.Sequence,itemType:h.Utf8String})],$o);class Ft{constructor(e={}){this.status=Lo.granted,Object.assign(this,e)}}a([l({type:h.Integer})],Ft.prototype,"status",void 0),a([l({type:$o,optional:!0})],Ft.prototype,"statusString",void 0),a([l({type:Mc,optional:!0})],Ft.prototype,"failInfo",void 0);var Mo;(function(r){r[r.v1=1]="v1"})(Mo||(Mo={}));class gt{constructor(e={}){this.version=Mo.v1,this.messageImprint=new yt,this.certReq=!1,Object.assign(this,e)}}a([l({type:h.Integer})],gt.prototype,"version",void 0),a([l({type:yt})],gt.prototype,"messageImprint",void 0),a([l({type:h.ObjectIdentifier,optional:!0})],gt.prototype,"reqPolicy",void 0),a([l({type:h.Integer,converter:re,optional:!0})],gt.prototype,"nonce",void 0),a([l({type:h.Boolean,defaultValue:!1})],gt.prototype,"certReq",void 0),a([l({type:rt,optional:!0,context:0,implicit:!0})],gt.prototype,"extensions",void 0);let Po=class extends qr{};Po=a([A({type:v.Sequence})],Po);class qs{constructor(e={}){this.status=new Ft,Object.assign(this,e)}}a([l({type:Ft})],qs.prototype,"status",void 0),a([l({type:Po,optional:!0})],qs.prototype,"timeStampToken",void 0);var _o;(function(r){r[r.v1=1]="v1"})(_o||(_o={}));class de{constructor(e={}){this.version=_o.v1,this.policy="",this.messageImprint=new yt,this.serialNumber=new ArrayBuffer(0),this.genTime=new Date,this.ordering=!1,Object.assign(this,e)}}a([l({type:h.Integer})],de.prototype,"version",void 0),a([l({type:h.ObjectIdentifier})],de.prototype,"policy",void 0),a([l({type:yt})],de.prototype,"messageImprint",void 0),a([l({type:h.Integer,converter:re})],de.prototype,"serialNumber",void 0),a([l({type:h.GeneralizedTime})],de.prototype,"genTime",void 0),a([l({type:Qr,optional:!0})],de.prototype,"accuracy",void 0),a([l({type:h.Boolean,defaultValue:!1})],de.prototype,"ordering",void 0),a([l({type:h.Integer,converter:re,optional:!0})],de.prototype,"nonce",void 0),a([l({type:E,context:0,optional:!0})],de.prototype,"tsa",void 0),a([l({type:rt,context:1,implicit:!0,optional:!0})],de.prototype,"extensions",void 0);var qo=(r,e,t)=>new Promise((i,o)=>{var n=u=>{try{c(t.next(u))}catch(f){o(f)}},s=u=>{try{c(t.throw(u))}catch(f){o(f)}},c=u=>u.done?i(u.value):Promise.resolve(u.value).then(n,s);c((t=t.apply(r,e)).next())});const Pc="1.2.840.113549.1.7.2",_c="1.2.840.113549.1.9.16.1.4";function qc(r){return{"1.3.14.3.2.26":"SHA-1","2.16.840.1.101.3.4.2.1":"SHA-256","2.16.840.1.101.3.4.2.2":"SHA-384","2.16.840.1.101.3.4.2.3":"SHA-512"}[r]||r}function Fo(r){try{const e=lo(r),t=ce.parse(e,qr);if(t.contentType!==Pc)return console.warn("Timestamp is not SignedData"),null;const i=ce.parse(t.content,Xe);if(i.encapContentInfo.eContentType!==_c)return console.warn("SignedData does not contain TSTInfo"),null;if(!i.encapContentInfo.eContent)return console.warn("No eContent in SignedData"),null;const o=i.encapContentInfo.eContent;let n;o.single?n=o.single.buffer:o.any?n=o.any:n=ce.serialize(o);const s=ce.parse(n,de);let c;if(i.certificates&&i.certificates.length>0){const p=i.certificates[0];"certificate"in p&&p.certificate&&(c=Ts(ce.serialize(p.certificate)))}let u;s.tsa&&(s.tsa.directoryName?u=s.tsa.directoryName.toString():s.tsa.uniformResourceIdentifier&&(u=s.tsa.uniformResourceIdentifier));let f;return s.accuracy&&(f=(s.accuracy.seconds||0)+(s.accuracy.millis||0)/1e3+(s.accuracy.micros||0)/1e6),{genTime:s.genTime,policy:s.policy,serialNumber:Ir(s.serialNumber),hashAlgorithm:qc(s.messageImprint.hashAlgorithm.algorithm),messageImprint:Ir(s.messageImprint.hashedMessage.buffer),tsaName:u,tsaCertificate:c,accuracy:f}}catch(e){return console.error("Failed to parse timestamp:",e instanceof Error?e.message:String(e)),null}}function Fs(r,e){return qo(this,null,function*(){const t={"SHA-1":"SHA-1","SHA-256":"SHA-256","SHA-384":"SHA-384","SHA-512":"SHA-512"}[e];if(!t)throw new Error(`Unsupported hash algorithm: ${e}`);if(typeof crypto!="undefined"&&crypto.subtle)return crypto.subtle.digest(t,r);const i=require("crypto").createHash(e.toLowerCase().replace("-",""));return i.update(Buffer.from(r)),i.digest().buffer})}function Fc(r,e){return qo(this,null,function*(){try{const t=r.messageImprint.toLowerCase(),i=lo(e),o=yield Fs(i,r.hashAlgorithm);if(Ir(o).toLowerCase()===t)return!0;const n=new TextEncoder().encode(e),s=yield Fs(n.buffer,r.hashAlgorithm);return Ir(s).toLowerCase()===t}catch(t){return console.error("Failed to verify timestamp coverage:",t instanceof Error?t.message:String(t)),!1}})}function Gs(r){return qo(this,arguments,function*(e,t={}){const i=Fo(e);if(!i)return{isValid:!1,reason:"Failed to parse timestamp token"};let o,n;t.signatureValue&&(o=yield Fc(i,t.signatureValue),o||(n="Could not verify timestamp covers signature (implementation-specific hashing)"));let s;if(t.verifyTsaCertificate&&i.tsaCertificate)try{const c=new V.X509Certificate(i.tsaCertificate);if(i.genTime<c.notBefore||i.genTime>c.notAfter)return{isValid:!1,info:i,coversSignature:o,reason:`TSA certificate was not valid at timestamp time (${i.genTime.toISOString()})`};if(t.checkTsaRevocation!==!1)try{if(s=yield uo(c,t.revocationOptions),s.status==="revoked")return{isValid:!1,info:i,coversSignature:o,tsaRevocation:s,reason:`TSA certificate has been revoked: ${s.reason||"No reason provided"}`}}catch(u){s={isValid:!1,status:"error",method:"none",reason:`TSA revocation check failed: ${u instanceof Error?u.message:String(u)}`,checkedAt:new Date}}}catch(c){return{isValid:!1,info:i,coversSignature:o,reason:`Failed to verify TSA certificate: ${c instanceof Error?c.message:String(c)}`}}return{isValid:!0,info:i,coversSignature:o,tsaRevocation:s,reason:n}})}function Gc(r){const e=Fo(r);return(e==null?void 0:e.genTime)||null}var zc=Object.defineProperty,zs=Object.getOwnPropertySymbols,Xc=Object.prototype.hasOwnProperty,Wc=Object.prototype.propertyIsEnumerable,Xs=(r,e,t)=>e in r?zc(r,e,{enumerable:!0,configurable:!0,writable:!0,value:t}):r[e]=t,Ws=(r,e)=>{for(var t in e||(e={}))Xc.call(e,t)&&Xs(r,t,e[t]);if(zs)for(var t of zs(e))Wc.call(e,t)&&Xs(r,t,e[t]);return r},We=(r,e,t)=>new Promise((i,o)=>{var n=u=>{try{c(t.next(u))}catch(f){o(f)}},s=u=>{try{c(t.throw(u))}catch(f){o(f)}},c=u=>u.done?i(u.value):Promise.resolve(u.value).then(n,s);c((t=t.apply(r,e)).next())});function ei(){return typeof window!="undefined"&&typeof window.crypto!="undefined"&&typeof window.crypto.subtle!="undefined"}function Js(r,e){return We(this,null,function*(){const t=e.replace(/-/g,"").toLowerCase();let i;if(t.includes("sha256"))i="sha256";else if(t.includes("sha1"))i="sha1";else if(t.includes("sha384"))i="sha384";else if(t.includes("sha512"))i="sha512";else throw new Error(`Unsupported digest algorithm: ${e}`);return ei()?Jc(r,i):Kc(r,i)})}function Jc(r,e){return We(this,null,function*(){const t={sha1:"SHA-1",sha256:"SHA-256",sha384:"SHA-384",sha512:"SHA-512"}[e];if(!t)throw new Error(`Unsupported browser digest algorithm: ${e}`);const i=yield window.crypto.subtle.digest(t,r),o=Array.from(new Uint8Array(i));return btoa(String.fromCharCode.apply(null,o))})}function Kc(r,e){return new Promise((t,i)=>{try{const o=require("crypto").createHash(e);o.update(Buffer.from(r)),t(o.digest("base64"))}catch(o){i(new Error(`Node digest computation failed: ${o instanceof Error?o.message:String(o)}`))}})}function Yc(r){const e=r.toLowerCase();return e.includes("sha512")?"SHA-512":e.includes("sha384")?"SHA-384":e.includes("sha256")?"SHA-256":e.includes("sha1")?"SHA-1":"SHA-256"}function Ks(r,e){return We(this,null,function*(){const t={};let i=!0,o="SHA-256";r.algorithm&&(r.algorithm.includes("sha1")?o="SHA-1":r.algorithm.includes("sha384")?o="SHA-384":r.algorithm.includes("sha512")&&(o="SHA-512"));const n=Object.entries(r.signedChecksums).map(s=>We(this,[s],function*([c,u]){var f;const p=(f=r.digestAlgorithms)!=null&&f[c]?Yc(r.digestAlgorithms[c]):o,d=e.get(c);if(d){const w=yield Js(d,p),y=u===w;t[c]={expected:u,actual:w,matches:y,fileFound:!0},y||(i=!1)}else{const w=c.includes("/")?c.split("/").pop():c;let y=!1;if(w){for(const[g,B]of e.entries())if(g.endsWith(w)){const m=yield Js(B,p),S=u===m;t[c]={expected:u,actual:m,matches:S,fileFound:!0},S||(i=!1),y=!0;break}}y||(t[c]={expected:u,actual:"",matches:!1,fileFound:!1},i=!1)}}));return yield Promise.all(n),{isValid:i,details:t}})}function Zc(r){return We(this,arguments,function*(e,t=new Date){try{const i=new V.X509Certificate(e),o=la(i,t),n=yield Qo(e);return{isValid:o.isValid,reason:o.reason,info:n}}catch(i){return{isValid:!1,reason:`Certificate parsing error: ${i instanceof Error?i.message:String(i)}`}}})}function Ys(){return ei()?window.crypto.subtle:crypto.subtle}function Qc(r,e,t,i,o){return We(this,null,function*(){try{const n=Jo().parseFromString(r,"application/xml"),s=K(n,"ds:SignedInfo");if(!s)return{isValid:!1,reason:"SignedInfo element not found in provided XML"};const c=o||Je.default,u=P.canonicalize(s,c),f=e.replace(/\s+/g,"");let p;try{p=bc(f)}catch(y){return{isValid:!1,reason:`Failed to decode signature value: ${y instanceof Error?y.message:String(y)}`}}let d;try{const y=Ys();ei()&&i.name==="RSASSA-PKCS1-v1_5"&&(t=Aa(t)),d=yield y.importKey("spki",t,i,!1,["verify"])}catch(y){const g=y instanceof Error?y:new Error(String(y));let B="Unknown reason",m="KEY_IMPORT_ERROR";if(g.name==="DataError"?(B="Key data format is invalid or incompatible",m="INVALID_KEY_FORMAT"):g.name==="NotSupportedError"?(B="Algorithm or parameters not supported",m="UNSUPPORTED_ALGORITHM"):g.message.includes("namedCurve")?(B="Missing or invalid namedCurve parameter",m="INVALID_CURVE"):g.message.includes("hash")&&(B="Incompatible or unsupported hash algorithm",m="INVALID_HASH"),i.name==="ECDSA"){const S=t.byteLength;B+=` (Key length: ${S})`}return{isValid:!1,reason:`Failed to import public key: ${B}`,errorDetails:{category:m,originalMessage:g.message,algorithm:Ws({},i),environment:ei()?"browser":"node",keyLength:t.byteLength}}}const w=new TextEncoder().encode(u);try{const y=yield Ys().verify(i,d,p,w);return{isValid:y,reason:y?void 0:"Signature verification failed"}}catch(y){return{isValid:!1,reason:`Signature verification error: ${y instanceof Error?y.message:String(y)}`}}}catch(n){return{isValid:!1,reason:`SignedInfo verification error: ${n instanceof Error?n.message:String(n)}`}}})}function el(r,e){return We(this,arguments,function*(t,i,o={}){var n;const s=[];let c,u=o.verifyTime||t.signingTime;t.signatureTimestamp&&o.verifyTimestamps!==!1&&(c=yield Gs(t.signatureTimestamp,{signatureValue:t.signatureValue,verifyTsaCertificate:!0,revocationOptions:o.revocationOptions}),c.isValid&&c.info?u=c.info.genTime:c.isValid||s.push(`Timestamp verification failed: ${c.reason||"Unknown reason"}`));const f=yield Zc(t.certificatePEM,u);if(!f.isValid){const y=`Certificate validation error: ${f.reason||"Unknown reason"}`;s.push(y)}if(o.checkRevocation!==!1&&f.isValid)try{const y=yield uo(t.certificatePEM,Ws({certificateChain:t.certificateChain},o.revocationOptions));f.revocation=y,y.status==="revoked"&&(f.isValid=!1,f.reason=y.reason||"Certificate has been revoked",s.push(`Certificate revoked: ${y.reason||"No reason provided"}`))}catch(y){f.revocation={isValid:!1,status:"error",method:"none",reason:`Revocation check failed: ${y instanceof Error?y.message:String(y)}`,checkedAt:new Date}}const p=o.verifyChecksums!==!1?yield Ks(t,i):{isValid:!0,details:{}};if(!p.isValid){const y=Object.entries(p.details).filter(([g,B])=>!B.matches).map(([g])=>g).join(", ");s.push(`Checksum validation failed for files: ${y}`)}let d={isValid:!0};if(o.verifySignatures!==!1&&t.rawXml&&t.signatureValue&&t.publicKey){const y=t.algorithm||"",g={name:"RSASSA-PKCS1-v1_5",hash:"SHA-256"};if(y.includes("ecdsa")&&t.publicKey.namedCurve&&(g.namedCurve=t.publicKey.namedCurve,g.name="ECDSA"),y.includes("ecdsa-sha256")?g.hash="SHA-256":y.includes("ecdsa-sha384")?g.hash="SHA-384":y.includes("ecdsa-sha512")?g.hash="SHA-512":y.includes("rsa-sha1")?g.hash="SHA-1":y.includes("rsa-pss")?(g.name="RSA-PSS",g.saltLength=32,y.includes("sha384")?(g.hash="SHA-384",g.saltLength=48):y.includes("sha512")?(g.hash="SHA-512",g.saltLength=64):g.hash="SHA-256"):y.includes("rsa-sha384")?g.hash="SHA-384":y.includes("rsa-sha512")&&(g.hash="SHA-512"),d=yield Qc(t.rawXml,t.signatureValue,t.publicKey.rawData,g,t.canonicalizationMethod),!d.isValid){let B=d.reason||"XML signature verification failed";if(d.errorDetails){const m=d.errorDetails;B+=` [Category: ${m.category}, Environment: ${m.environment}`,m.algorithm&&(B+=`, Algorithm: ${m.algorithm.name}`,m.algorithm.namedCurve&&(B+=`, Curve: ${m.algorithm.namedCurve}`)),m.keyLength&&(B+=`, Key length: ${m.keyLength} bytes`),B+="]"}s.push(B)}}else if(o.verifySignatures!==!1){const y=[];t.rawXml||y.push("Signature XML"),t.signatureValue||y.push("SignatureValue"),t.publicKey||y.push("Public Key"),s.push(`Cannot verify XML signature: missing ${y.join(", ")}`),d={isValid:!1,reason:`Missing required components: ${y.join(", ")}`}}const w=!t.signatureTimestamp||o.verifyTimestamps===!1||((n=c==null?void 0:c.isValid)!=null?n:!0);return{isValid:f.isValid&&p.isValid&&d.isValid&&w,certificate:f,checksums:p,signature:o.verifySignatures!==!1?d:void 0,timestamp:c,errors:s.length>0?s:void 0}})}x.CANONICALIZATION_METHODS=Je,x.XMLCanonicalizer=P,x.checkCertificateRevocation=uo,x.formatValidityPeriod=fa,x.getSignerDisplayName=ua,x.getTimestampTime=Gc,x.parseCertificate=Qo,x.parseEdoc=ba,x.parseTimestamp=Fo,x.verifyChecksums=Ks,x.verifySignature=el,x.verifyTimestamp=Gs,Object.defineProperty(x,"__esModule",{value:!0})});
82
82
  //# sourceMappingURL=index.umd.js.map