edockit 0.2.4 → 0.4.0-dev.0

package/dist/reference-provider-1cd85b7b.js

@@ -0,0 +1,217 @@
+/*!
+ * MIT License
+ * Copyright (c) 2025 Edgars Jēkabsons, ZenomyTech SIA
+ */
+'use strict';
+
+var loader = require('./loader-43d8e17a.js');
+var normalize = require('./normalize-60f2d7e6.js');
+var identity = require('./identity-1a3dddc3.js');
+
+function getTrustIntervalAtTime(service, time) {
+    const timeUnix = Math.floor(time.getTime() / 1000);
+    return (service.trustIntervals.find((interval) => {
+        const intervalEnd = interval.toUnix ?? Number.POSITIVE_INFINITY;
+        return timeUnix >= interval.fromUnix && timeUnix < intervalEnd;
+    }) || null);
+}
+function getMatchSubjectLabel(purpose) {
+    return purpose === "signature_issuer" ? "issuer" : "timestamp authority";
+}
+function buildPositiveDetail(purpose, confidence) {
+    if (purpose === "signature_issuer") {
+        if (confidence === "exact") {
+            return "Trusted-list issuer match by SPKI, trusted at the requested time";
+        }
+        if (confidence === "ski_dn") {
+            return "Trusted-list issuer match by SKI + DN, trusted at the requested time";
+        }
+        return "Trusted-list issuer match by DN, trusted at the requested time";
+    }
+    if (confidence === "exact") {
+        return "Trusted-list timestamp authority match by certificate SPKI, trusted at the requested time";
+    }
+    if (confidence === "ski_dn") {
+        return "Trusted-list timestamp authority match by SKI + DN, trusted at the requested time";
+    }
+    return "Trusted-list timestamp authority match by DN, trusted at the requested time";
+}
+function buildWeakDnOnlyDetail(purpose) {
+    return purpose === "signature_issuer"
+        ? "Only issuer DN matched trusted-list data; no SKI or issuer certificate SPKI match available"
+        : "Only timestamp authority DN matched trusted-list data; no SKI or certificate SPKI match available";
+}
+function buildTrustMatch(service, query, confidence) {
+    if (!query.time) {
+        return {
+            found: true,
+            confidence,
+            country: service.country,
+            detail: `Matching ${getMatchSubjectLabel(query.purpose)} found, but no verification time was provided`,
+        };
+    }
+    const activeInterval = getTrustIntervalAtTime(service, query.time);
+    if (!activeInterval) {
+        return {
+            found: true,
+            confidence,
+            country: service.country,
+            detail: `Matching ${getMatchSubjectLabel(query.purpose)} found, but service was not trusted at the requested time`,
+            trustedAtTime: false,
+        };
+    }
+    return {
+        found: true,
+        trustedAtTime: true,
+        confidence,
+        country: service.country,
+        detail: confidence === "dn_only"
+            ? buildWeakDnOnlyDetail(query.purpose)
+            : buildPositiveDetail(query.purpose, confidence),
+    };
+}
+function pickBestServiceMatch(services, query, confidence) {
+    if (!query.time) {
+        return buildTrustMatch(services[0], query, confidence);
+    }
+    const trustedService = services.find((service) => getTrustIntervalAtTime(service, query.time));
+    if (trustedService) {
+        return buildTrustMatch(trustedService, query, confidence);
+    }
+    return buildTrustMatch(services[0], query, confidence);
+}
+function filterServicesByPurpose(services, purpose) {
+    return (services || []).filter((service) => normalize.trustListPurposeMatchesMask(purpose, service.purposeMask));
+}
+function filterServicesBySubjectDn(services, subjectDn) {
+    if (!subjectDn) {
+        return services || [];
+    }
+    return (services || []).filter((service) => service.subjectDn === subjectDn);
+}
+function matchTrustListQuery(query, trustedListData) {
+    const normalizedSubjectDn = normalize.normalizeDistinguishedName(query.subjectDn);
+    const normalizedSpkiSha256Hex = normalize.normalizeHex(query.spkiSha256Hex);
+    const normalizedSkiHex = normalize.normalizeKeyIdentifier(query.skiHex);
+    if (normalizedSpkiSha256Hex) {
+        const exactMatches = filterServicesBySubjectDn(filterServicesByPurpose(trustedListData.indexes.bySpkiSha256.get(normalizedSpkiSha256Hex), query.purpose), normalizedSubjectDn);
+        if (exactMatches.length > 0) {
+            return pickBestServiceMatch(exactMatches, {
+                ...query,
+                spkiSha256Hex: normalizedSpkiSha256Hex,
+                subjectDn: normalizedSubjectDn,
+            }, "exact");
+        }
+    }
+    if (normalizedSkiHex && normalizedSubjectDn) {
+        const skiMatches = filterServicesBySubjectDn(filterServicesByPurpose(trustedListData.indexes.bySki.get(normalizedSkiHex), query.purpose), normalizedSubjectDn);
+        if (skiMatches.length > 0) {
+            return pickBestServiceMatch(skiMatches, {
+                ...query,
+                skiHex: normalizedSkiHex,
+                subjectDn: normalizedSubjectDn,
+            }, "ski_dn");
+        }
+    }
+    if (normalizedSubjectDn) {
+        const dnOnlyMatches = filterServicesByPurpose(trustedListData.indexes.bySubjectDn.get(normalizedSubjectDn), query.purpose);
+        if (dnOnlyMatches.length > 0) {
+            return pickBestServiceMatch(dnOnlyMatches, {
+                ...query,
+                subjectDn: normalizedSubjectDn,
+            }, "dn_only");
+        }
+    }
+    return {
+        found: false,
+        detail: `No matching ${getMatchSubjectLabel(query.purpose)} found in trusted-list data`,
+    };
+}
+function matchIssuerIdentityToTrustedList(issuerIdentity, trustedListData, options) {
+    const issuerCertificate = issuerIdentity.issuerCertificate
+        ? {
+            subjectDn: normalize.normalizeDistinguishedName(issuerIdentity.issuerCertificate.subjectDn),
+            spkiSha256Hex: normalize.normalizeHex(issuerIdentity.issuerCertificate.spkiSha256Hex),
+        }
+        : null;
+    return matchTrustListQuery({
+        purpose: "signature_issuer",
+        subjectDn: issuerIdentity.issuerSubjectDn,
+        skiHex: issuerIdentity.authorityKeyIdentifierHex,
+        spkiSha256Hex: issuerCertificate?.spkiSha256Hex,
+        time: options.time,
+    }, trustedListData);
+}
+async function matchCertificateIssuerToTrustedList(certificatePem, options) {
+    const issuerIdentity = await identity.extractIssuerIdentityFromCertificate(certificatePem, options);
+    return matchIssuerIdentityToTrustedList(issuerIdentity, options.trustedListData, {
+        time: options.time,
+    });
+}
+async function matchCertificateToTrustedList(certificatePem, options) {
+    const certificateIdentity = await identity.extractCertificateIdentityFromCertificate(certificatePem);
+    return matchTrustListQuery({
+        purpose: options.purpose || "timestamp_tsa",
+        subjectDn: certificateIdentity.subjectDn,
+        skiHex: certificateIdentity.subjectKeyIdentifierHex,
+        spkiSha256Hex: certificateIdentity.spkiSha256Hex,
+        time: options.time,
+    }, options.trustedListData);
+}
+
+function isTrustedListData(value) {
+    return "indexes" in value;
+}
+function createInMemoryTrustListProvider(trustedListData) {
+    return {
+        async match(query) {
+            return matchTrustListQuery(query, trustedListData);
+        },
+    };
+}
+async function loadTrustedListDataFromUrl(options) {
+    const fetchImpl = options.fetch ?? globalThis.fetch;
+    if (!fetchImpl) {
+        throw new Error("No fetch implementation available to load trusted-list data");
+    }
+    const response = await fetchImpl(options.url, {
+        method: "GET",
+        headers: options.headers,
+    });
+    if (!response.ok) {
+        throw new Error(`Failed to fetch trusted-list data from "${options.url}": HTTP ${response.status}`);
+    }
+    const bundle = (await response.json());
+    return loader.buildTrustedListData(bundle);
+}
+function createTrustListProvider(options) {
+    if (!options) {
+        throw new Error("createTrustListProvider requires either { data } or { url }. For bundled fallback use createBundledTrustListProvider from edockit/trusted-list/bundled.");
+    }
+    if ("data" in options) {
+        const trustedListData = isTrustedListData(options.data)
+            ? options.data
+            : loader.buildTrustedListData(options.data);
+        return createInMemoryTrustListProvider(trustedListData);
+    }
+    let trustedListDataPromise = null;
+    return {
+        async match(query) {
+            if (!trustedListDataPromise) {
+                trustedListDataPromise = loadTrustedListDataFromUrl(options).catch((error) => {
+                    trustedListDataPromise = null;
+                    throw error;
+                });
+            }
+            const trustedListData = await trustedListDataPromise;
+            return matchTrustListQuery(query, trustedListData);
+        },
+    };
+}
+
+exports.createTrustListProvider = createTrustListProvider;
+exports.matchCertificateIssuerToTrustedList = matchCertificateIssuerToTrustedList;
+exports.matchCertificateToTrustedList = matchCertificateToTrustedList;
+exports.matchIssuerIdentityToTrustedList = matchIssuerIdentityToTrustedList;
+exports.matchTrustListQuery = matchTrustListQuery;
+//# sourceMappingURL=reference-provider-1cd85b7b.js.map

package/dist/reference-provider-1cd85b7b.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"reference-provider-1cd85b7b.js","sources":["../src/core/trustedlist/matcher.ts","../src/core/trustedlist/reference-provider.ts"],"sourcesContent":[null,null],"names":["trustListPurposeMatchesMask","normalizeDistinguishedName","normalizeHex","normalizeKeyIdentifier","extractIssuerIdentityFromCertificate","extractCertificateIdentityFromCertificate","buildTrustedListData"],"mappings":";;;;;;;;;;AA0BA,SAAS,sBAAsB,CAAC,OAAyB,EAAE,IAAU,EAAA;AACnE,IAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;IAEnD,QACE,OAAO,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,QAAQ,KAAI;QACvC,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,IAAI,MAAM,CAAC,iBAAiB,CAAC;QAChE,OAAO,QAAQ,IAAI,QAAQ,CAAC,QAAQ,IAAI,QAAQ,GAAG,WAAW,CAAC;AACjE,KAAC,CAAC,IAAI,IAAI,EACV;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,OAA8B,EAAA;IAC1D,OAAO,OAAO,KAAK,kBAAkB,GAAG,QAAQ,GAAG,qBAAqB,CAAC;AAC3E,CAAC;AAED,SAAS,mBAAmB,CAC1B,OAA8B,EAC9B,UAA0C,EAAA;AAE1C,IAAA,IAAI,OAAO,KAAK,kBAAkB,EAAE;AAClC,QAAA,IAAI,UAAU,KAAK,OAAO,EAAE;AAC1B,YAAA,OAAO,kEAAkE,CAAC;SAC3E;AAED,QAAA,IAAI,UAAU,KAAK,QAAQ,EAAE;AAC3B,YAAA,OAAO,sEAAsE,CAAC;SAC/E;AAED,QAAA,OAAO,gEAAgE,CAAC;KACzE;AAED,IAAA,IAAI,UAAU,KAAK,OAAO,EAAE;AAC1B,QAAA,OAAO,2FAA2F,CAAC;KACpG;AAED,IAAA,IAAI,UAAU,KAAK,QAAQ,EAAE;AAC3B,QAAA,OAAO,mFAAmF,CAAC;KAC5F;AAED,IAAA,OAAO,6EAA6E,CAAC;AACvF,CAAC;AAED,SAAS,qBAAqB,CAAC,OAA8B,EAAA;IAC3D,OAAO,OAAO,KAAK,kBAAkB;AACnC,UAAE,6FAA6F;UAC7F,mGAAmG,CAAC;AAC1G,CAAC;AAED,SAAS,eAAe,CACtB,OAAyB,EACzB,KAAqB,EACrB,UAA0C,EAAA;AAE1C,IAAA,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE;QACf,OAAO;AACL,YAAA,KAAK,EAAE,IAAI;YACX,UAAU;YACV,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,YAAY,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,CAA+C,6CAAA,CAAA;SACvG,CAAC;KACH;IAED,MAAM,cAAc,GAAG,sBAAsB,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;IACnE,IAAI,CAAC,cAAc,EAAE;QACnB,OAAO;AACL,YAAA,KAAK,EAAE,IAAI;YACX,UAAU;YACV,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,YAAY,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,CAA2D,yDAAA,CAAA;AAClH,YAAA,aAAa,EAAE,KAAK;SACrB,CAAC;KACH;IAED,OAAO;AACL,QAAA,KAAK,EAAE,IAAI;AACX,QAAA,aAAa,EAAE,IAAI;QACnB,UAAU;QACV,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,MAAM,EACJ,UAAU,KAAK,SAAS;AACtB,cAAE,qBAAqB,CAAC,KAAK,CAAC,OAAO,CAAC;cACpC,mBAAmB,CAAC,KAAK,CAAC,OAAO,EAAE,UAAU,CAAC;KACrD,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAC3B,QAA4B,EAC5B,KAAqB,EACrB,UAA0C,EAAA;AAE1C,IAAA,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE;QACf,OAAO,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;KACxD;IAED,MAAM,cAAc,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,KAAK,sBAAsB,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/F,IAAI,cAAc,EAAE;QAClB,OAAO,eAAe,CAAC,cAAc,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;KAC3D;IAED,OAAO,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,uBAAuB,CAC9B,QAAwC,EACxC,OAA8B,EAAA;IAE9B,OAAO,CAAC,QAAQ,IAAI,EAAE,EAAE,MAAM,CAAC,CAAC,OAAO,KACrCA,qCAA2B,CAAC,OAAO,EAAE,OAAO,CAAC,WAAW,CAAC,CAC1D,CAAC;AACJ,CAAC;AAED,SAAS,yBAAyB,CAChC,QAAwC,EACxC,SAAyB,EAAA;IAEzB,IAAI,CAAC,SAAS,EAAE;QACd,OAAO,QAAQ,IAAI,EAAE,CAAC;KACvB;AAED,IAAA,OAAO,CAAC,QAAQ,IAAI,EAAE,EAAE,MAAM,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC;AAC/E,CAAC;AAEe,SAAA,mBAAmB,CACjC,KAAqB,EACrB,eAAgC,EAAA;IAEhC,MAAM,mBAAmB,GAAGC,oCAA0B,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACxE,MAAM,uBAAuB,GAAGC,sBAAY,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IAClE,MAAM,gBAAgB,GAAGC,gCAAsB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAE9D,IAAI,uBAAuB,EAAE;QAC3B,MAAM,YAAY,GAAG,yBAAyB,CAC5C,uBAAuB,CACrB,eAAe,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC,EACjE,KAAK,CAAC,OAAO,CACd,EACD,mBAAmB,CACpB,CAAC;AAEF,QAAA,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE;YAC3B,OAAO,oBAAoB,CACzB,YAAY,EACZ;AACE,gBAAA,GAAG,KAAK;AACR,gBAAA,aAAa,EAAE,uBAAuB;AACtC,gBAAA,SAAS,EAAE,mBAAmB;aAC/B,EACD,OAAO,CACR,CAAC;SACH;KACF;AAED,IAAA,IAAI,gBAAgB,IAAI,mBAAmB,EAAE;QAC3C,MAAM,UAAU,GAAG,yBAAyB,CAC1C,uBAAuB,CAAC,eAAe,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,KAAK,CAAC,OAAO,CAAC,EAC3F,mBAAmB,CACpB,CAAC;AAEF,QAAA,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE;YACzB,OAAO,oBAAoB,CACzB,UAAU,EACV;AACE,gBAAA,GAAG,KAAK;AACR,gBAAA,MAAM,EAAE,gBAAgB;AACxB,gBAAA,SAAS,EAAE,mBAAmB;aAC/B,EACD,QAAQ,CACT,CAAC;SACH;KACF;IAED,IAAI,mBAAmB,EAAE;AACvB,QAAA,MAAM,aAAa,GAAG,uBAAuB,CAC3C,eAAe,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAC5D,KAAK,CAAC,OAAO,CACd,CAAC;AAEF,QAAA,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE;YAC5B,OAAO,oBAAoB,CACzB,aAAa,EACb;AACE,gBAAA,GAAG,KAAK;AACR,gBAAA,SAAS,EAAE,mBAAmB;aAC/B,EACD,SAAS,CACV,CAAC;SACH;KACF;IAED,OAAO;AACL,QAAA,KAAK,EAAE,KAAK;QACZ,MAAM,EAAE,eAAe,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,CAA6B,2BAAA,CAAA;KACxF,CAAC;AACJ,CAAC;SAEe,gCAAgC,CAC9C,cAA8B,EAC9B,eAAgC,EAChC,OAA2B,EAAA;AAE3B,IAAA,MAAM,iBAAiB,GAAG,cAAc,CAAC,iBAAiB;AACxD,UAAE;YACE,SAAS,EAAEF,oCAA0B,CAAC,cAAc,CAAC,iBAAiB,CAAC,SAAS,CAAC;YACjF,aAAa,EAAEC,sBAAY,CAAC,cAAc,CAAC,iBAAiB,CAAC,aAAa,CAAC;AAC5E,SAAA;UACD,IAAI,CAAC;AAET,IAAA,OAAO,mBAAmB,CACxB;AACE,QAAA,OAAO,EAAE,kBAAkB;QAC3B,SAAS,EAAE,cAAc,CAAC,eAAe;QACzC,MAAM,EAAE,cAAc,CAAC,yBAAyB;QAChD,aAAa,EAAE,iBAAiB,EAAE,aAAa;QAC/C,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,EACD,eAAe,CAChB,CAAC;AACJ,CAAC;AAEM,eAAe,mCAAmC,CACvD,cAAsB,EACtB,OAAmD,EAAA;IAEnD,MAAM,cAAc,GAAG,MAAME,6CAAoC,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;AAE3F,IAAA,OAAO,gCAAgC,CAAC,cAAc,EAAE,OAAO,CAAC,eAAe,EAAE;QAC/E,IAAI,EAAE,OAAO,CAAC,IAAI;AACnB,KAAA,CAAC,CAAC;AACL,CAAC;AAEM,eAAe,6BAA6B,CACjD,cAAsB,EACtB,OAA6C,EAAA;AAE7C,IAAA,MAAM,mBAAmB,GAAG,MAAMC,kDAAyC,CAAC,cAAc,CAAC,CAAC;AAE5F,IAAA,OAAO,mBAAmB,CACxB;AACE,QAAA,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,eAAe;QAC3C,SAAS,EAAE,mBAAmB,CAAC,SAAS;QACxC,MAAM,EAAE,mBAAmB,CAAC,uBAAuB;QACnD,aAAa,EAAE,mBAAmB,CAAC,aAAa;QAChD,IAAI,EAAE,OAAO,CAAC,IAAI;AACnB,KAAA,EACD,OAAO,CAAC,eAAe,CACxB,CAAC;AACJ;;AC7PA,SAAS,iBAAiB,CACxB,KAAiD,EAAA;IAEjD,OAAO,SAAS,IAAI,KAAK,CAAC;AAC5B,CAAC;AAED,SAAS,+BAA+B,CAAC,eAAgC,EAAA;IACvE,OAAO;QACL,MAAM,KAAK,CAAC,KAAK,EAAA;AACf,YAAA,OAAO,mBAAmB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;SACpD;KACF,CAAC;AACJ,CAAC;AAED,eAAe,0BAA0B,CACvC,OAA8C,EAAA;IAE9C,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;IAEpD,IAAI,CAAC,SAAS,EAAE;AACd,QAAA,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;KAChF;IAED,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE;AAC5C,QAAA,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,OAAO,CAAC,OAAO;AACzB,KAAA,CAAC,CAAC;AAEH,IAAA,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;AAChB,QAAA,MAAM,IAAI,KAAK,CACb,CAAA,wCAAA,EAA2C,OAAO,CAAC,GAAG,CAAA,QAAA,EAAW,QAAQ,CAAC,MAAM,CAAA,CAAE,CACnF,CAAC;KACH;IAED,MAAM,MAAM,IAAI,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA6B,CAAC;AACnE,IAAA,OAAOC,2BAAoB,CAAC,MAAM,CAAC,CAAC;AACtC,CAAC;AAEK,SAAU,uBAAuB,CACrC,OAAuC,EAAA;IAEvC,IAAI,CAAC,OAAO,EAAE;AACZ,QAAA,MAAM,IAAI,KAAK,CACb,yJAAyJ,CAC1J,CAAC;KACH;AAED,IAAA,IAAI,MAAM,IAAI,OAAO,EAAE;AACrB,QAAA,MAAM,eAAe,GAAG,iBAAiB,CAAC,OAAO,CAAC,IAAI,CAAC;cACnD,OAAO,CAAC,IAAI;AACd,cAAEA,2BAAoB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;AACvC,QAAA,OAAO,+BAA+B,CAAC,eAAe,CAAC,CAAC;KACzD;IAED,IAAI,sBAAsB,GAAoC,IAAI,CAAC;IAEnE,OAAO;QACL,MAAM,KAAK,CAAC,KAAK,EAAA;YACf,IAAI,CAAC,sBAAsB,EAAE;gBAC3B,sBAAsB,GAAG,0BAA0B,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,KAAI;oBAC3E,sBAAsB,GAAG,IAAI,CAAC;AAC9B,oBAAA,MAAM,KAAK,CAAC;AACd,iBAAC,CAAC,CAAC;aACJ;AAED,YAAA,MAAM,eAAe,GAAG,MAAM,sBAAsB,CAAC;AACrD,YAAA,OAAO,mBAAmB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;SACpD;KACF,CAAC;AACJ;;;;;;;;"}

package/dist/reference-provider-53240217.js

@@ -0,0 +1,211 @@
+/*!
+ * MIT License
+ * Copyright (c) 2025 Edgars Jēkabsons, ZenomyTech SIA
+ */
+import { b as buildTrustedListData } from './loader-1ac52e12.js';
+import { X as normalizeDistinguishedName, a3 as normalizeHex, Y as normalizeKeyIdentifier, a4 as trustListPurposeMatchesMask } from './normalize-70da6516.js';
+import { e as extractIssuerIdentityFromCertificate, a as extractCertificateIdentityFromCertificate } from './identity-b3a70fc1.js';
+
+function getTrustIntervalAtTime(service, time) {
+    const timeUnix = Math.floor(time.getTime() / 1000);
+    return (service.trustIntervals.find((interval) => {
+        const intervalEnd = interval.toUnix ?? Number.POSITIVE_INFINITY;
+        return timeUnix >= interval.fromUnix && timeUnix < intervalEnd;
+    }) || null);
+}
+function getMatchSubjectLabel(purpose) {
+    return purpose === "signature_issuer" ? "issuer" : "timestamp authority";
+}
+function buildPositiveDetail(purpose, confidence) {
+    if (purpose === "signature_issuer") {
+        if (confidence === "exact") {
+            return "Trusted-list issuer match by SPKI, trusted at the requested time";
+        }
+        if (confidence === "ski_dn") {
+            return "Trusted-list issuer match by SKI + DN, trusted at the requested time";
+        }
+        return "Trusted-list issuer match by DN, trusted at the requested time";
+    }
+    if (confidence === "exact") {
+        return "Trusted-list timestamp authority match by certificate SPKI, trusted at the requested time";
+    }
+    if (confidence === "ski_dn") {
+        return "Trusted-list timestamp authority match by SKI + DN, trusted at the requested time";
+    }
+    return "Trusted-list timestamp authority match by DN, trusted at the requested time";
+}
+function buildWeakDnOnlyDetail(purpose) {
+    return purpose === "signature_issuer"
+        ? "Only issuer DN matched trusted-list data; no SKI or issuer certificate SPKI match available"
+        : "Only timestamp authority DN matched trusted-list data; no SKI or certificate SPKI match available";
+}
+function buildTrustMatch(service, query, confidence) {
+    if (!query.time) {
+        return {
+            found: true,
+            confidence,
+            country: service.country,
+            detail: `Matching ${getMatchSubjectLabel(query.purpose)} found, but no verification time was provided`,
+        };
+    }
+    const activeInterval = getTrustIntervalAtTime(service, query.time);
+    if (!activeInterval) {
+        return {
+            found: true,
+            confidence,
+            country: service.country,
+            detail: `Matching ${getMatchSubjectLabel(query.purpose)} found, but service was not trusted at the requested time`,
+            trustedAtTime: false,
+        };
+    }
+    return {
+        found: true,
+        trustedAtTime: true,
+        confidence,
+        country: service.country,
+        detail: confidence === "dn_only"
+            ? buildWeakDnOnlyDetail(query.purpose)
+            : buildPositiveDetail(query.purpose, confidence),
+    };
+}
+function pickBestServiceMatch(services, query, confidence) {
+    if (!query.time) {
+        return buildTrustMatch(services[0], query, confidence);
+    }
+    const trustedService = services.find((service) => getTrustIntervalAtTime(service, query.time));
+    if (trustedService) {
+        return buildTrustMatch(trustedService, query, confidence);
+    }
+    return buildTrustMatch(services[0], query, confidence);
+}
+function filterServicesByPurpose(services, purpose) {
+    return (services || []).filter((service) => trustListPurposeMatchesMask(purpose, service.purposeMask));
+}
+function filterServicesBySubjectDn(services, subjectDn) {
+    if (!subjectDn) {
+        return services || [];
+    }
+    return (services || []).filter((service) => service.subjectDn === subjectDn);
+}
+function matchTrustListQuery(query, trustedListData) {
+    const normalizedSubjectDn = normalizeDistinguishedName(query.subjectDn);
+    const normalizedSpkiSha256Hex = normalizeHex(query.spkiSha256Hex);
+    const normalizedSkiHex = normalizeKeyIdentifier(query.skiHex);
+    if (normalizedSpkiSha256Hex) {
+        const exactMatches = filterServicesBySubjectDn(filterServicesByPurpose(trustedListData.indexes.bySpkiSha256.get(normalizedSpkiSha256Hex), query.purpose), normalizedSubjectDn);
+        if (exactMatches.length > 0) {
+            return pickBestServiceMatch(exactMatches, {
+                ...query,
+                spkiSha256Hex: normalizedSpkiSha256Hex,
+                subjectDn: normalizedSubjectDn,
+            }, "exact");
+        }
+    }
+    if (normalizedSkiHex && normalizedSubjectDn) {
+        const skiMatches = filterServicesBySubjectDn(filterServicesByPurpose(trustedListData.indexes.bySki.get(normalizedSkiHex), query.purpose), normalizedSubjectDn);
+        if (skiMatches.length > 0) {
+            return pickBestServiceMatch(skiMatches, {
+                ...query,
+                skiHex: normalizedSkiHex,
+                subjectDn: normalizedSubjectDn,
+            }, "ski_dn");
+        }
+    }
+    if (normalizedSubjectDn) {
+        const dnOnlyMatches = filterServicesByPurpose(trustedListData.indexes.bySubjectDn.get(normalizedSubjectDn), query.purpose);
+        if (dnOnlyMatches.length > 0) {
+            return pickBestServiceMatch(dnOnlyMatches, {
+                ...query,
+                subjectDn: normalizedSubjectDn,
+            }, "dn_only");
+        }
+    }
+    return {
+        found: false,
+        detail: `No matching ${getMatchSubjectLabel(query.purpose)} found in trusted-list data`,
+    };
+}
+function matchIssuerIdentityToTrustedList(issuerIdentity, trustedListData, options) {
+    const issuerCertificate = issuerIdentity.issuerCertificate
+        ? {
+            subjectDn: normalizeDistinguishedName(issuerIdentity.issuerCertificate.subjectDn),
+            spkiSha256Hex: normalizeHex(issuerIdentity.issuerCertificate.spkiSha256Hex),
+        }
+        : null;
+    return matchTrustListQuery({
+        purpose: "signature_issuer",
+        subjectDn: issuerIdentity.issuerSubjectDn,
+        skiHex: issuerIdentity.authorityKeyIdentifierHex,
+        spkiSha256Hex: issuerCertificate?.spkiSha256Hex,
+        time: options.time,
+    }, trustedListData);
+}
+async function matchCertificateIssuerToTrustedList(certificatePem, options) {
+    const issuerIdentity = await extractIssuerIdentityFromCertificate(certificatePem, options);
+    return matchIssuerIdentityToTrustedList(issuerIdentity, options.trustedListData, {
+        time: options.time,
+    });
+}
+async function matchCertificateToTrustedList(certificatePem, options) {
+    const certificateIdentity = await extractCertificateIdentityFromCertificate(certificatePem);
+    return matchTrustListQuery({
+        purpose: options.purpose || "timestamp_tsa",
+        subjectDn: certificateIdentity.subjectDn,
+        skiHex: certificateIdentity.subjectKeyIdentifierHex,
+        spkiSha256Hex: certificateIdentity.spkiSha256Hex,
+        time: options.time,
+    }, options.trustedListData);
+}
+
+function isTrustedListData(value) {
+    return "indexes" in value;
+}
+function createInMemoryTrustListProvider(trustedListData) {
+    return {
+        async match(query) {
+            return matchTrustListQuery(query, trustedListData);
+        },
+    };
+}
+async function loadTrustedListDataFromUrl(options) {
+    const fetchImpl = options.fetch ?? globalThis.fetch;
+    if (!fetchImpl) {
+        throw new Error("No fetch implementation available to load trusted-list data");
+    }
+    const response = await fetchImpl(options.url, {
+        method: "GET",
+        headers: options.headers,
+    });
+    if (!response.ok) {
+        throw new Error(`Failed to fetch trusted-list data from "${options.url}": HTTP ${response.status}`);
+    }
+    const bundle = (await response.json());
+    return buildTrustedListData(bundle);
+}
+function createTrustListProvider(options) {
+    if (!options) {
+        throw new Error("createTrustListProvider requires either { data } or { url }. For bundled fallback use createBundledTrustListProvider from edockit/trusted-list/bundled.");
+    }
+    if ("data" in options) {
+        const trustedListData = isTrustedListData(options.data)
+            ? options.data
+            : buildTrustedListData(options.data);
+        return createInMemoryTrustListProvider(trustedListData);
+    }
+    let trustedListDataPromise = null;
+    return {
+        async match(query) {
+            if (!trustedListDataPromise) {
+                trustedListDataPromise = loadTrustedListDataFromUrl(options).catch((error) => {
+                    trustedListDataPromise = null;
+                    throw error;
+                });
+            }
+            const trustedListData = await trustedListDataPromise;
+            return matchTrustListQuery(query, trustedListData);
+        },
+    };
+}
+
+export { matchCertificateToTrustedList as a, matchIssuerIdentityToTrustedList as b, matchTrustListQuery as c, createTrustListProvider as d, matchCertificateIssuerToTrustedList as m };
+//# sourceMappingURL=reference-provider-53240217.js.map

package/dist/reference-provider-53240217.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"reference-provider-53240217.js","sources":["../src/core/trustedlist/matcher.ts","../src/core/trustedlist/reference-provider.ts"],"sourcesContent":[null,null],"names":[],"mappings":";;;;;;;;AA0BA,SAAS,sBAAsB,CAAC,OAAyB,EAAE,IAAU,EAAA;AACnE,IAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;IAEnD,QACE,OAAO,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,QAAQ,KAAI;QACvC,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,IAAI,MAAM,CAAC,iBAAiB,CAAC;QAChE,OAAO,QAAQ,IAAI,QAAQ,CAAC,QAAQ,IAAI,QAAQ,GAAG,WAAW,CAAC;AACjE,KAAC,CAAC,IAAI,IAAI,EACV;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,OAA8B,EAAA;IAC1D,OAAO,OAAO,KAAK,kBAAkB,GAAG,QAAQ,GAAG,qBAAqB,CAAC;AAC3E,CAAC;AAED,SAAS,mBAAmB,CAC1B,OAA8B,EAC9B,UAA0C,EAAA;AAE1C,IAAA,IAAI,OAAO,KAAK,kBAAkB,EAAE;AAClC,QAAA,IAAI,UAAU,KAAK,OAAO,EAAE;AAC1B,YAAA,OAAO,kEAAkE,CAAC;SAC3E;AAED,QAAA,IAAI,UAAU,KAAK,QAAQ,EAAE;AAC3B,YAAA,OAAO,sEAAsE,CAAC;SAC/E;AAED,QAAA,OAAO,gEAAgE,CAAC;KACzE;AAED,IAAA,IAAI,UAAU,KAAK,OAAO,EAAE;AAC1B,QAAA,OAAO,2FAA2F,CAAC;KACpG;AAED,IAAA,IAAI,UAAU,KAAK,QAAQ,EAAE;AAC3B,QAAA,OAAO,mFAAmF,CAAC;KAC5F;AAED,IAAA,OAAO,6EAA6E,CAAC;AACvF,CAAC;AAED,SAAS,qBAAqB,CAAC,OAA8B,EAAA;IAC3D,OAAO,OAAO,KAAK,kBAAkB;AACnC,UAAE,6FAA6F;UAC7F,mGAAmG,CAAC;AAC1G,CAAC;AAED,SAAS,eAAe,CACtB,OAAyB,EACzB,KAAqB,EACrB,UAA0C,EAAA;AAE1C,IAAA,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE;QACf,OAAO;AACL,YAAA,KAAK,EAAE,IAAI;YACX,UAAU;YACV,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,YAAY,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,CAA+C,6CAAA,CAAA;SACvG,CAAC;KACH;IAED,MAAM,cAAc,GAAG,sBAAsB,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;IACnE,IAAI,CAAC,cAAc,EAAE;QACnB,OAAO;AACL,YAAA,KAAK,EAAE,IAAI;YACX,UAAU;YACV,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,YAAY,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,CAA2D,yDAAA,CAAA;AAClH,YAAA,aAAa,EAAE,KAAK;SACrB,CAAC;KACH;IAED,OAAO;AACL,QAAA,KAAK,EAAE,IAAI;AACX,QAAA,aAAa,EAAE,IAAI;QACnB,UAAU;QACV,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,MAAM,EACJ,UAAU,KAAK,SAAS;AACtB,cAAE,qBAAqB,CAAC,KAAK,CAAC,OAAO,CAAC;cACpC,mBAAmB,CAAC,KAAK,CAAC,OAAO,EAAE,UAAU,CAAC;KACrD,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAC3B,QAA4B,EAC5B,KAAqB,EACrB,UAA0C,EAAA;AAE1C,IAAA,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE;QACf,OAAO,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;KACxD;IAED,MAAM,cAAc,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,KAAK,sBAAsB,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/F,IAAI,cAAc,EAAE;QAClB,OAAO,eAAe,CAAC,cAAc,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;KAC3D;IAED,OAAO,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,uBAAuB,CAC9B,QAAwC,EACxC,OAA8B,EAAA;IAE9B,OAAO,CAAC,QAAQ,IAAI,EAAE,EAAE,MAAM,CAAC,CAAC,OAAO,KACrC,2BAA2B,CAAC,OAAO,EAAE,OAAO,CAAC,WAAW,CAAC,CAC1D,CAAC;AACJ,CAAC;AAED,SAAS,yBAAyB,CAChC,QAAwC,EACxC,SAAyB,EAAA;IAEzB,IAAI,CAAC,SAAS,EAAE;QACd,OAAO,QAAQ,IAAI,EAAE,CAAC;KACvB;AAED,IAAA,OAAO,CAAC,QAAQ,IAAI,EAAE,EAAE,MAAM,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC;AAC/E,CAAC;AAEe,SAAA,mBAAmB,CACjC,KAAqB,EACrB,eAAgC,EAAA;IAEhC,MAAM,mBAAmB,GAAG,0BAA0B,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACxE,MAAM,uBAAuB,GAAG,YAAY,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IAClE,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAE9D,IAAI,uBAAuB,EAAE;QAC3B,MAAM,YAAY,GAAG,yBAAyB,CAC5C,uBAAuB,CACrB,eAAe,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC,EACjE,KAAK,CAAC,OAAO,CACd,EACD,mBAAmB,CACpB,CAAC;AAEF,QAAA,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE;YAC3B,OAAO,oBAAoB,CACzB,YAAY,EACZ;AACE,gBAAA,GAAG,KAAK;AACR,gBAAA,aAAa,EAAE,uBAAuB;AACtC,gBAAA,SAAS,EAAE,mBAAmB;aAC/B,EACD,OAAO,CACR,CAAC;SACH;KACF;AAED,IAAA,IAAI,gBAAgB,IAAI,mBAAmB,EAAE;QAC3C,MAAM,UAAU,GAAG,yBAAyB,CAC1C,uBAAuB,CAAC,eAAe,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,KAAK,CAAC,OAAO,CAAC,EAC3F,mBAAmB,CACpB,CAAC;AAEF,QAAA,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE;YACzB,OAAO,oBAAoB,CACzB,UAAU,EACV;AACE,gBAAA,GAAG,KAAK;AACR,gBAAA,MAAM,EAAE,gBAAgB;AACxB,gBAAA,SAAS,EAAE,mBAAmB;aAC/B,EACD,QAAQ,CACT,CAAC;SACH;KACF;IAED,IAAI,mBAAmB,EAAE;AACvB,QAAA,MAAM,aAAa,GAAG,uBAAuB,CAC3C,eAAe,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAC5D,KAAK,CAAC,OAAO,CACd,CAAC;AAEF,QAAA,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE;YAC5B,OAAO,oBAAoB,CACzB,aAAa,EACb;AACE,gBAAA,GAAG,KAAK;AACR,gBAAA,SAAS,EAAE,mBAAmB;aAC/B,EACD,SAAS,CACV,CAAC;SACH;KACF;IAED,OAAO;AACL,QAAA,KAAK,EAAE,KAAK;QACZ,MAAM,EAAE,eAAe,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,CAA6B,2BAAA,CAAA;KACxF,CAAC;AACJ,CAAC;SAEe,gCAAgC,CAC9C,cAA8B,EAC9B,eAAgC,EAChC,OAA2B,EAAA;AAE3B,IAAA,MAAM,iBAAiB,GAAG,cAAc,CAAC,iBAAiB;AACxD,UAAE;YACE,SAAS,EAAE,0BAA0B,CAAC,cAAc,CAAC,iBAAiB,CAAC,SAAS,CAAC;YACjF,aAAa,EAAE,YAAY,CAAC,cAAc,CAAC,iBAAiB,CAAC,aAAa,CAAC;AAC5E,SAAA;UACD,IAAI,CAAC;AAET,IAAA,OAAO,mBAAmB,CACxB;AACE,QAAA,OAAO,EAAE,kBAAkB;QAC3B,SAAS,EAAE,cAAc,CAAC,eAAe;QACzC,MAAM,EAAE,cAAc,CAAC,yBAAyB;QAChD,aAAa,EAAE,iBAAiB,EAAE,aAAa;QAC/C,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,EACD,eAAe,CAChB,CAAC;AACJ,CAAC;AAEM,eAAe,mCAAmC,CACvD,cAAsB,EACtB,OAAmD,EAAA;IAEnD,MAAM,cAAc,GAAG,MAAM,oCAAoC,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;AAE3F,IAAA,OAAO,gCAAgC,CAAC,cAAc,EAAE,OAAO,CAAC,eAAe,EAAE;QAC/E,IAAI,EAAE,OAAO,CAAC,IAAI;AACnB,KAAA,CAAC,CAAC;AACL,CAAC;AAEM,eAAe,6BAA6B,CACjD,cAAsB,EACtB,OAA6C,EAAA;AAE7C,IAAA,MAAM,mBAAmB,GAAG,MAAM,yCAAyC,CAAC,cAAc,CAAC,CAAC;AAE5F,IAAA,OAAO,mBAAmB,CACxB;AACE,QAAA,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,eAAe;QAC3C,SAAS,EAAE,mBAAmB,CAAC,SAAS;QACxC,MAAM,EAAE,mBAAmB,CAAC,uBAAuB;QACnD,aAAa,EAAE,mBAAmB,CAAC,aAAa;QAChD,IAAI,EAAE,OAAO,CAAC,IAAI;AACnB,KAAA,EACD,OAAO,CAAC,eAAe,CACxB,CAAC;AACJ;;AC7PA,SAAS,iBAAiB,CACxB,KAAiD,EAAA;IAEjD,OAAO,SAAS,IAAI,KAAK,CAAC;AAC5B,CAAC;AAED,SAAS,+BAA+B,CAAC,eAAgC,EAAA;IACvE,OAAO;QACL,MAAM,KAAK,CAAC,KAAK,EAAA;AACf,YAAA,OAAO,mBAAmB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;SACpD;KACF,CAAC;AACJ,CAAC;AAED,eAAe,0BAA0B,CACvC,OAA8C,EAAA;IAE9C,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;IAEpD,IAAI,CAAC,SAAS,EAAE;AACd,QAAA,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;KAChF;IAED,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE;AAC5C,QAAA,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,OAAO,CAAC,OAAO;AACzB,KAAA,CAAC,CAAC;AAEH,IAAA,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;AAChB,QAAA,MAAM,IAAI,KAAK,CACb,CAAA,wCAAA,EAA2C,OAAO,CAAC,GAAG,CAAA,QAAA,EAAW,QAAQ,CAAC,MAAM,CAAA,CAAE,CACnF,CAAC;KACH;IAED,MAAM,MAAM,IAAI,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA6B,CAAC;AACnE,IAAA,OAAO,oBAAoB,CAAC,MAAM,CAAC,CAAC;AACtC,CAAC;AAEK,SAAU,uBAAuB,CACrC,OAAuC,EAAA;IAEvC,IAAI,CAAC,OAAO,EAAE;AACZ,QAAA,MAAM,IAAI,KAAK,CACb,yJAAyJ,CAC1J,CAAC;KACH;AAED,IAAA,IAAI,MAAM,IAAI,OAAO,EAAE;AACrB,QAAA,MAAM,eAAe,GAAG,iBAAiB,CAAC,OAAO,CAAC,IAAI,CAAC;cACnD,OAAO,CAAC,IAAI;AACd,cAAE,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;AACvC,QAAA,OAAO,+BAA+B,CAAC,eAAe,CAAC,CAAC;KACzD;IAED,IAAI,sBAAsB,GAAoC,IAAI,CAAC;IAEnE,OAAO;QACL,MAAM,KAAK,CAAC,KAAK,EAAA;YACf,IAAI,CAAC,sBAAsB,EAAE;gBAC3B,sBAAsB,GAAG,0BAA0B,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,KAAI;oBAC3E,sBAAsB,GAAG,IAAI,CAAC;AAC9B,oBAAA,MAAM,KAAK,CAAC;AACd,iBAAC,CAAC,CAAC;aACJ;AAED,YAAA,MAAM,eAAe,GAAG,MAAM,sBAAsB,CAAC;AACrD,YAAA,OAAO,mBAAmB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;SACpD;KACF,CAAC;AACJ;;;;"}