npm - edockit - Versions diffs - 0.4.0-dev.1 → 0.4.1 - Mend

edockit 0.4.0-dev.1 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

package/CHANGELOG.md +36 -1
package/README.md +3 -7
package/dist/{certificate-3c9dcdac.js → certificate-85461237.js} +11 -11
package/dist/certificate-85461237.js.map +1 -0
package/dist/{certificate-c7123a37.js → certificate-e6d074b8.js} +11 -11
package/dist/certificate-e6d074b8.js.map +1 -0
package/dist/core/parser/types.d.ts +16 -0
package/dist/core/revocation/index.d.ts +1 -1
package/dist/core/revocation/ocsp.d.ts +21 -0
package/dist/core/trustedlist/build.d.ts +2 -1
package/dist/core/trustedlist/index.d.ts +13 -0
package/dist/core/trustedlist/loader.d.ts +14 -0
package/dist/core/trustedlist/types.d.ts +4 -0
package/dist/{identity-fca881b1.js → identity-2eb76bc9.js} +80 -7
package/dist/identity-2eb76bc9.js.map +1 -0
package/dist/{identity-c9e5052e.js → identity-d8910151.js} +77 -3
package/dist/identity-d8910151.js.map +1 -0
package/dist/index.cjs.js +3566 -164
package/dist/index.cjs.js.map +1 -1
package/dist/index.esm.js +3567 -165
package/dist/index.esm.js.map +1 -1
package/dist/index.umd.js +17 -17
package/dist/index.umd.js.map +1 -1
package/dist/{loader-ad1a5051.js → loader-776cb996.js} +21 -3
package/dist/loader-776cb996.js.map +1 -0
package/dist/{loader-7a0f771f.js → loader-9ce42535.js} +21 -2
package/dist/loader-9ce42535.js.map +1 -0
package/dist/{reference-provider-3838ebfb.js → reference-provider-1dd56087.js} +3 -3
package/dist/{reference-provider-3838ebfb.js.map → reference-provider-1dd56087.js.map} +1 -1
package/dist/{reference-provider-9bbbaab8.js → reference-provider-50466d83.js} +3 -3
package/dist/{reference-provider-9bbbaab8.js.map → reference-provider-50466d83.js.map} +1 -1
package/dist/trusted-list-build.cjs.js +65 -30
package/dist/trusted-list-build.cjs.js.map +1 -1
package/dist/trusted-list-build.esm.js +64 -28
package/dist/trusted-list-build.esm.js.map +1 -1
package/dist/trusted-list-bundled.cjs.js +4 -30392
package/dist/trusted-list-bundled.cjs.js.map +1 -1
package/dist/trusted-list-bundled.esm.js +4 -30392
package/dist/trusted-list-bundled.esm.js.map +1 -1
package/dist/trusted-list.cjs.js +3 -3
package/dist/trusted-list.esm.js +3 -3
package/package.json +8 -1
package/dist/certificate-3c9dcdac.js.map +0 -1
package/dist/certificate-c7123a37.js.map +0 -1
package/dist/identity-c9e5052e.js.map +0 -1
package/dist/identity-fca881b1.js.map +0 -1
package/dist/loader-7a0f771f.js.map +0 -1
package/dist/loader-ad1a5051.js.map +0 -1

package/CHANGELOG.md CHANGED Viewed

@@ -7,6 +7,32 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
+## [0.4.1] - 2026-06-26
+### Added
+- **Embedded XAdES RevocationValues exposed** - `SignatureInfo.revocationValues` exposes the raw embedded OCSP/CRL material (base64 DER) from `xades:UnsignedSignatureProperties`. These properties are unsigned, so edockit does **not** use them as a revocation verdict; they are provided for consumers performing their own authenticated long-term validation
+- **Trusted-list bundle identifier** - Compact trusted-list bundles and the bundled snapshot now carry a top-level `bundleId` (derived from `generatedAt`) so downstream consumers can identify a snapshot (previously `null`)
+- **Resilient trusted-list regeneration** - `npm run update-trusted-list` carries forward last-known-good services only when every advertised TSL endpoint for a territory explicitly fails to fetch or parse, so transient failures and HTTP 200 error pages cannot silently drop a country while valid empty TSLs and successful removals are not resurrected; it also falls back to Node's native http(s) client for endpoints that block undici's client fingerprint (e.g. Estonia's `sr.riik.ee`)
+### Changed
+- **Lighter live revocation** - The issuer certificate required to build an OCSP request is now also resolved from certificates embedded in the signature's `RevocationValues` OCSP responses, and OCSP issuer resolution requires a candidate whose key actually signed the certificate — a same-name certificate that did not issue it is rejected and the AIA lookup is used instead. When the container ships no certificate chain, this lets the small live OCSP query answer revocation instead of falling back to downloading the full CRL (verified end-to-end: `method: "ocsp"` instead of `"crl"` for the LV eID sample). The status in the embedded response is not trusted — a fresh OCSP query is still made
+- **Refreshed bundled EU trusted-list snapshot** - Regenerated from the EU LOTL with a fresh `generatedAt` and `bundleId`
+- **Declared direct dependencies** - `asn1js`, `@peculiar/asn1-schema`, and `@peculiar/asn1-x509` are now declared dependencies (previously relied on transitively)
+### Fixed
+- **Per-signature XAdES properties** - `parseSignatureElement` now reads `RevocationValues`, `CertificateValues`, `SigningTime`, and `SignatureTimeStamp` from the current signature element instead of document-wide, so a signature in a multi-signature document no longer inherits the first signature's embedded material (which would point OCSP issuer resolution at the wrong certs)
+- **Large national CRL parsing** - `parseCRL()` now parses CRLs that exceed asn1js's default `DEFAULT_MAX_NODES` (10000) DoS guard (e.g. the ~13k-entry Latvian LV eID CRL) by re-parsing with a raised, bounded node limit. Fixes `certificate_not_revoked_at_signing_time` returning `INDETERMINATE` with "Failed to parse CRL data" against `asn1js@^3.0.9`
+- **InclusiveNamespaces XPath warning** - Node XPath queries now resolve namespace prefixes via `xpath.useNamespaces` instead of misusing `xpath.select`'s third (`single`) argument as a resolver, eliminating noisy "XPath evaluation failed" errors during signature parsing
+### Security
+- **Dependency advisory cleanup** - Updated the only affected runtime dependency, `@xmldom/xmldom`, to 0.9.10 (resolves high-severity XML injection and serialization DoS advisories) and cleared all remaining `npm audit` findings in the dev/test toolchain via in-range bumps and `esbuild`/`js-yaml` overrides. `npm audit` now reports 0 vulnerabilities
+## [0.4.0] - 2026-03-19
 ### Added
 - **Verification checklist output** - `verifySignature()` can now return a structured `checklist` with per-check status details when `includeChecklist: true`
@@ -16,11 +42,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **Compact trusted-list bundle format** - Added local matching against compact JSON bundles with a dedicated provider contract
 - **Public Node-only trusted-list builder** - Added `edockit/trusted-list/build` for generating app-hosted trusted-list JSON, along with the repository `npm run update-trusted-list` script
+### Changed
+- **Trust-list aware validation status** - When a `trustListProvider` is configured and the signer's issuer is not found or not trusted at signing time, overall status is now `INDETERMINATE` (previously `VALID`). Also downgrades to `INDETERMINATE` when the trust-list provider throws an error.
+- **ESM-compatible module builds** - `@xmldom/xmldom` and `xpath` are now externalized in ESM/CJS builds with proper `import` statements, fixing `"XML DOM parser not available"` errors in Node.js ESM consumers
 ### Fixed
 - **SignatureTimeStamp canonicalization** - Respect the timestamp's declared canonicalization method when hashing `ds:SignatureValue`, fixing false `coversSignature: false` results for some real samples
 - **Skip LDAP CRL distribution points** - Filter out non-HTTP(S) URLs from CRL distribution points to avoid failed fetch attempts on unsupported protocols like LDAP
 - **Timestamp trust-list evaluation** - Trusted-list verification now checks timestamp authorities at the timestamp signing time instead of only checking the signer issuer side
+- **TypeScript 5.9 compatibility** - Fix `Uint8Array`/`BufferSource` type errors in Web Crypto API calls
+- **Package security updates** - Update transitive dependencies to resolve vulnerabilities in rollup, minimatch, koa, basic-ftp, diff, qs, and brace-expansion
 ## [0.3.0] - 2026-01-04
@@ -104,7 +137,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - File checksum verification (SHA-256/384/512)
 - Browser and Node.js support
-[Unreleased]: https://github.com/edgarsj/edockit/compare/v0.3.0...HEAD
+[Unreleased]: https://github.com/edgarsj/edockit/compare/v0.4.1...HEAD
+[0.4.1]: https://github.com/edgarsj/edockit/compare/v0.4.0...v0.4.1
+[0.4.0]: https://github.com/edgarsj/edockit/compare/v0.3.0...v0.4.0
 [0.3.0]: https://github.com/edgarsj/edockit/compare/v0.2.4...v0.3.0
 [0.2.4]: https://github.com/edgarsj/edockit/compare/v0.2.3...v0.2.4
 [0.2.3]: https://github.com/edgarsj/edockit/compare/v0.2.2...v0.2.3

package/README.md CHANGED Viewed

@@ -108,14 +108,11 @@ Use these if you need direct RFC 3161 parsing or verification outside `verifySig
 - Return a structured verification checklist for consumer applications
 - Match both signer issuers and timestamp authorities against a trusted list through an explicit provider contract
-## Testing Status
+## Compatibility
-The library has been tested with a limited set of real Latvian eDoc files. More testing is still needed with:
+The library has been used in production to verify ASiC-E containers across a range of signature algorithms, certificate authorities, and vendor implementations.
-- ASiC-E containers from more EU countries
-- files produced by different vendor implementations
-- more signature algorithm and certificate variations
-- more edge cases and malformed samples
+If the library fails to parse a valid container or does not recognize a signature format, please [open an issue](https://github.com/edgarsj/edockit/issues) or contact [edocviewer@zenomy.tech](mailto:edocviewer@zenomy.tech) and attach the sample file (if it does not contain sensitive or personal data). Real-world samples from other EU and non-EU countries are especially helpful.
 ## Contributing
@@ -124,4 +121,3 @@ Contributions are welcome, especially:
 - real-world ASiC-E samples from different countries
 - bug reports with reproducible files when possible
 - interoperability fixes
-- documentation improvements

package/dist/{certificate-3c9dcdac.js → certificate-85461237.js} RENAMED Viewed

@@ -116,10 +116,13 @@ function queryByXPath(parent, xpathExpression, namespaces = NAMESPACES) {
         // Node.js environment with xpath module
         else {
             const xpathLib = xpath;
-            const nsResolver = createNsResolverForNode(namespaces);
             // Use a try-catch here to handle specific XPath issues
             try {
-                const nodes = xpathLib.select(xpathExpression, parent, nsResolver);
+                // useNamespaces returns a select function that resolves prefixes (e.g. ec:)
+                // and always returns a node array. (xpath.select's 3rd arg is `single`, not a
+                // resolver, so passing the namespace map there silently breaks results.)
+                const selectWithNs = xpathLib.useNamespaces(namespaces);
+                const nodes = selectWithNs(xpathExpression, parent);
                 return nodes.length > 0 ? nodes[0] : null;
             }
             catch (err) {
@@ -177,10 +180,13 @@ function queryAllByXPath(parent, xpathExpression, namespaces = NAMESPACES) {
         // Node.js environment with xpath module
         else {
             const xpathLib = xpath;
-            const nsResolver = createNsResolverForNode(namespaces);
             // Use a try-catch here to handle specific XPath issues
             try {
-                const nodes = xpathLib.select(xpathExpression, parent, nsResolver);
+                // useNamespaces returns a select function that resolves prefixes (e.g. ec:)
+                // and always returns a node array. (xpath.select's 3rd arg is `single`, not a
+                // resolver, so passing the namespace map there silently breaks results.)
+                const selectWithNs = xpathLib.useNamespaces(namespaces);
+                const nodes = selectWithNs(xpathExpression, parent);
                 return nodes;
             }
             catch (err) {
@@ -218,12 +224,6 @@ function createNsResolverForBrowser(namespaces) {
         return namespaces[prefix] || null;
     };
 }
-/**
- * Helper function to create a namespace resolver for Node.js environments
- */
-function createNsResolverForNode(namespaces) {
-    return namespaces;
-}
 /**
  * Converts a CSS-like selector (with namespace support) to an XPath expression
  *
@@ -546,4 +546,4 @@ function formatValidityPeriod(certInfo) {
 }
 export { querySelector as a, checkCertificateValidity as b, createXMLParser as c, formatPEM as d, extractSignerInfo as e, formatValidityPeriod as f, getSignerDisplayName as g, parseCertificate as p, querySelectorAll as q, serializeToXML as s };
-//# sourceMappingURL=certificate-3c9dcdac.js.map
+//# sourceMappingURL=certificate-85461237.js.map

package/dist/certificate-85461237.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"certificate-85461237.js","sources":["../src/utils/xmlParser.ts","../src/core/certificate.ts"],"sourcesContent":[null,null],"names":[],"mappings":";;;;;;;;AAGA;;;;;;;AAOG;AACa,SAAA,8BAA8B,CAAC,MAAY,EAAE,QAAgB,EAAA;IAC3E,MAAM,OAAO,GAAc,EAAE,CAAC;IAC9B,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;;IAG3D,MAAM,eAAe,GAAyC,EAAE,CAAC;AACjE,IAAA,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE;AAC3B,QAAA,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AACjD,QAAA,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;AACtB,YAAA,eAAe,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;SAC1C;AAAM,aAAA,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;AAC7B,YAAA,eAAe,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;SACxD;KACF;;IAGD,SAAS,UAAU,CAAC,IAAU,EAAA;AAC5B,QAAA,IAAI,CAAC,IAAI;YAAE,OAAO;AAElB,QAAA,IAAI,IAAI,CAAC,QAAQ,KAAK,CAAC,EAAE;;YAEvB,MAAM,OAAO,GAAG,IAAe,CAAC;AAChC,YAAA,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;AAClC,YAAA,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;;AAGpC,YAAA,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE;;AAEjC,gBAAA,IAAI,GAAG,CAAC,EAAE,IAAI,QAAQ,KAAK,CAAG,EAAA,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,IAAI,CAAA,CAAE,EAAE;AAClD,oBAAA,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBACtB,MAAM;iBACP;;AAED,gBAAA,IAAI,SAAS,KAAK,GAAG,CAAC,IAAI,IAAI,QAAQ,KAAK,GAAG,CAAC,IAAI,EAAE;AACnD,oBAAA,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBACtB,MAAM;iBACP;;gBAED,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAA,CAAA,EAAI,GAAG,CAAC,IAAI,CAAA,CAAE,CAAC,EAAE;AACrC,oBAAA,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBACtB,MAAM;iBACP;aACF;SACF;;AAGD,QAAA,IAAI,IAAI,CAAC,UAAU,EAAE;AACnB,YAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;gBAC/C,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;aAChC;SACF;KACF;IAED,UAAU,CAAC,MAAM,CAAC,CAAC;AACnB,IAAA,OAAO,OAAO,CAAC;AACjB,CAAC;AAcD;AACO,MAAM,UAAU,GAAiB;AACtC,IAAA,EAAE,EAAE,oCAAoC;AACxC,IAAA,MAAM,EAAE,mCAAmC;AAC3C,IAAA,KAAK,EAAE,kCAAkC;AACzC,IAAA,EAAE,EAAE,yCAAyC;AAC7C,IAAA,SAAS,EAAE,yCAAyC;AACpD,IAAA,IAAI,EAAE,mCAAmC;AACzC,IAAA,MAAM,EAAE,kCAAkC;AAC1C,IAAA,KAAK,EAAE,mCAAmC;AAC1C,IAAA,QAAQ,EAAE,mCAAmC;AAC7C,IAAA,IAAI,EAAE,mCAAmC;CAC1C,CAAC;AAEF;;AAEG;SACa,eAAe,GAAA;;IAE7B,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,SAAS,EAAE;AACrD,QAAA,OAAO,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;KAC/B;;AAGD,IAAA,OAAO,IAAI,MAAM,CAAC,SAAS,EAAmC,CAAC;AACjE,CAAC;AAED;;;;;;;AAOG;AACG,SAAU,YAAY,CAC1B,MAA0B,EAC1B,eAAuB,EACvB,aAA2B,UAAU,EAAA;AAErC,IAAA,IAAI;;AAEF,QAAA,IAAI,OAAO,QAAQ,KAAK,WAAW,IAAI,OAAO,QAAQ,CAAC,QAAQ,KAAK,UAAU,EAAE;;AAE9E,YAAA,MAAM,QAAQ,GAAG,eAAe,IAAI,MAAM,GAAG,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC;YAC3E,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,CAAC,QAAQ,KAAK,UAAU,EAAE;;;AAGxD,gBAAA,OAAO,IAAI,CAAC;aACb;AACD,YAAA,MAAM,UAAU,GAAG,0BAA0B,CAAC,UAAU,CAAC,CAAC;AAC1D,YAAA,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAC9B,eAAe,EACf,MAAM,EACN,UAAU,EACV,WAAW,CAAC,uBAAuB,EACnC,IAAI,CACL,CAAC;YACF,OAAO,MAAM,CAAC,eAA0B,CAAC;SAC1C;;aAEI;YACH,MAAM,QAAQ,GAAG,KAAK,CAAC;;AAGvB,YAAA,IAAI;;;;gBAIF,MAAM,YAAY,GAAG,QAAQ,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;gBACxD,MAAM,KAAK,GAAG,YAAY,CAAC,eAAe,EAAE,MAAa,CAAW,CAAC;AACrE,gBAAA,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,GAAI,KAAK,CAAC,CAAC,CAAa,GAAG,IAAI,CAAC;aACxD;YAAC,OAAO,GAAY,EAAE;;gBAErB,IACE,OAAO,GAAG,KAAK,QAAQ;AACvB,oBAAA,GAAG,KAAK,IAAI;AACZ,oBAAA,SAAS,IAAI,GAAG;AAChB,oBAAA,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;oBAC/B,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAC5C;;oBAEA,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;AAChE,oBAAA,IAAI,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE;AACrB,wBAAA,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;AAC7B,wBAAA,MAAM,eAAe,GAAG,CAAsB,mBAAA,EAAA,WAAW,IAAI,CAAC;wBAC9D,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,eAAe,EAAE,MAAa,CAAQ,CAAC;AACrE,wBAAA,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;qBAC3C;iBACF;gBACD,MAAM,GAAG,CAAC;aACX;SACF;KACF;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,CAAC,KAAK,CAAC,CAAA,6BAAA,EAAgC,eAAe,CAAI,EAAA,CAAA,EAAE,CAAC,CAAC,CAAC;AACtE,QAAA,OAAO,IAAI,CAAC;KACb;AACH,CAAC;AAED;;;;;;;AAOG;AACG,SAAU,eAAe,CAC7B,MAA0B,EAC1B,eAAuB,EACvB,aAA2B,UAAU,EAAA;AAErC,IAAA,IAAI;;AAEF,QAAA,IAAI,OAAO,QAAQ,KAAK,WAAW,IAAI,OAAO,QAAQ,CAAC,QAAQ,KAAK,UAAU,EAAE;;AAE9E,YAAA,MAAM,QAAQ,GAAG,eAAe,IAAI,MAAM,GAAG,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC;YAC3E,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,CAAC,QAAQ,KAAK,UAAU,EAAE;;;AAGxD,gBAAA,OAAO,EAAE,CAAC;aACX;AACD,YAAA,MAAM,UAAU,GAAG,0BAA0B,CAAC,UAAU,CAAC,CAAC;AAC1D,YAAA,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAC9B,eAAe,EACf,MAAM,EACN,UAAU,EACV,WAAW,CAAC,0BAA0B,EACtC,IAAI,CACL,CAAC;YAEF,MAAM,QAAQ,GAAc,EAAE,CAAC;AAC/B,YAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC,EAAE,EAAE;gBAC9C,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAY,CAAC,CAAC;aAClD;AACD,YAAA,OAAO,QAAQ,CAAC;SACjB;;aAEI;YACH,MAAM,QAAQ,GAAG,KAAK,CAAC;;AAGvB,YAAA,IAAI;;;;gBAIF,MAAM,YAAY,GAAG,QAAQ,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;gBACxD,MAAM,KAAK,GAAG,YAAY,CAAC,eAAe,EAAE,MAAa,CAAW,CAAC;AACrE,gBAAA,OAAO,KAAkB,CAAC;aAC3B;YAAC,OAAO,GAAY,EAAE;;gBAErB,IACE,OAAO,GAAG,KAAK,QAAQ;AACvB,oBAAA,GAAG,KAAK,IAAI;AACZ,oBAAA,SAAS,IAAI,GAAG;AAChB,oBAAA,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;oBAC/B,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAC5C;;oBAEA,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;AAChE,oBAAA,IAAI,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE;AACrB,wBAAA,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;AAC7B,wBAAA,MAAM,eAAe,GAAG,CAAsB,mBAAA,EAAA,WAAW,IAAI,CAAC;wBAC9D,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,eAAe,EAAE,MAAa,CAAQ,CAAC;AACrE,wBAAA,OAAO,KAAkB,CAAC;qBAC3B;iBACF;gBACD,MAAM,GAAG,CAAC;aACX;SACF;KACF;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,CAAC,KAAK,CAAC,CAAA,6BAAA,EAAgC,eAAe,CAAI,EAAA,CAAA,EAAE,CAAC,CAAC,CAAC;AACtE,QAAA,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AAED;;AAEG;AACH,SAAS,0BAA0B,CAAC,UAAwB,EAAA;AAC1D,IAAA,OAAO,UAAU,MAAqB,EAAA;QACpC,IAAI,MAAM,KAAK,IAAI;AAAE,YAAA,OAAO,IAAI,CAAC;AACjC,QAAA,OAAO,UAAU,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC;AACpC,KAAC,CAAC;AACJ,CAAC;AAED;;;;;AAKG;AACG,SAAU,eAAe,CAAC,QAAgB,EAAA;;IAE9C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACvD,MAAM,UAAU,GAAa,EAAE,CAAC;AAEhC,IAAA,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE;;AAExB,QAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AAErD,QAAA,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;;;YAGzB,UAAU,CAAC,IAAI,CAAC,CAAsB,mBAAA,EAAA,QAAQ,CAAC,CAAC,CAAC,CAAI,EAAA,CAAA,CAAC,CAAC;SACxD;AAAM,aAAA,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;;;YAGhC,UAAU,CAAC,IAAI,CAAC,CAAA,GAAA,EAAM,QAAQ,CAAC,CAAC,CAAC,CAAI,CAAA,EAAA,QAAQ,CAAC,CAAC,CAAC,yBAAyB,QAAQ,CAAC,CAAC,CAAC,CAAA,EAAA,CAAI,CAAC,CAAC;SAC3F;KACF;;AAGD,IAAA,OAAO,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;AAOG;AACa,SAAA,aAAa,CAAC,MAA0B,EAAE,QAAgB,EAAA;;AAExE,IAAA,IAAI,OAAO,MAAM,CAAC,aAAa,KAAK,UAAU,EAAE;AAC9C,QAAA,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;AAC9C,YAAA,IAAI,MAAM;AAAE,gBAAA,OAAO,MAAM,CAAC;SAC3B;QAAC,OAAO,CAAC,EAAE;;SAEX;KACF;;IAGD,MAAM,QAAQ,GAAG,8BAA8B,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAClE,IAAA,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;AACvB,QAAA,OAAO,QAAQ,CAAC,CAAC,CAAC,CAAC;KACpB;;AAGD,IAAA,IAAI;AACF,QAAA,MAAM,SAAS,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;AAC5C,QAAA,OAAO,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;KACxC;IAAC,OAAO,CAAC,EAAE;AACV,QAAA,OAAO,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;AAC3E,QAAA,OAAO,IAAI,CAAC;KACb;AACH,CAAC;AAED;;;;;;;AAOG;AACa,SAAA,gBAAgB,CAAC,MAA0B,EAAE,QAAgB,EAAA;;AAE3E,IAAA,IAAI,OAAO,MAAM,CAAC,gBAAgB,KAAK,UAAU,EAAE;AACjD,QAAA,IAAI;YACF,MAAM,OAAO,GAAG,MAAM,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;AAClD,YAAA,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE;gBACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;AAC/B,gBAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;oBACvC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAY,CAAC,CAAC;iBACtC;AACD,gBAAA,OAAO,QAAQ,CAAC;aACjB;SACF;QAAC,OAAO,CAAC,EAAE;;SAEX;KACF;;IAGD,MAAM,QAAQ,GAAG,8BAA8B,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAClE,IAAA,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;AACvB,QAAA,OAAO,QAAQ,CAAC;KACjB;;AAGD,IAAA,IAAI;AACF,QAAA,MAAM,SAAS,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;AAC5C,QAAA,OAAO,eAAe,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;KAC3C;IAAC,OAAO,CAAC,EAAE;AACV,QAAA,OAAO,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;AAC3E,QAAA,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AAED;;AAEG;AACG,SAAU,cAAc,CAAC,IAAU,EAAA;;IAEvC,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,aAAa,EAAE;QACzD,OAAO,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;KAC3D;;IAGD,OAAO,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC,iBAAiB,CAAC,IAAW,CAAC,CAAC;AACnE;;ACpVA;;;;AAIG;AACG,SAAU,SAAS,CAAC,UAAmB,EAAA;AAC3C,IAAA,IAAI,CAAC,UAAU;AAAE,QAAA,OAAO,EAAE,CAAC;;IAG3B,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;;IAGnD,MAAM,KAAK,GAAG,EAAE,CAAC;AACjB,IAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;AAC/C,QAAA,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;KAC9C;;IAGD,OAAO,CAAA,6BAAA,EAAgC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,6BAA6B,CAAC;AACvF,CAAC;AAED;;;;AAIG;AACG,SAAU,iBAAiB,CAAC,WAA4B,EAAA;AAe5D,IAAA,MAAM,MAAM,GAAQ;QAClB,SAAS,EAAE,WAAW,CAAC,SAAS;QAChC,OAAO,EAAE,WAAW,CAAC,QAAQ;AAC7B,QAAA,MAAM,EAAE,EAAE;KACX,CAAC;;;AAKF,IAAA,IAAI;AACF,QAAA,IAAI,OAAO,WAAW,CAAC,OAAO,KAAK,QAAQ,IAAI,WAAW,CAAC,OAAO,KAAK,IAAI,EAAE;;AAE3E,YAAA,MAAM,OAAO,GAAG,WAAW,CAAC,OAAc,CAAC;AAC3C,YAAA,MAAM,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;AACvC,YAAA,MAAM,CAAC,YAAY,GAAG,OAAO,CAAC,gBAAgB,CAAC;AAC/C,YAAA,MAAM,CAAC,OAAO,GAAG,OAAO,CAAC,WAAW,CAAC;SACtC;;AAGD,QAAA,IAAI,OAAO,WAAW,CAAC,MAAM,KAAK,QAAQ,IAAI,WAAW,CAAC,MAAM,KAAK,IAAI,EAAE;AACzE,YAAA,MAAM,MAAM,GAAG,WAAW,CAAC,MAAa,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;YAC7C,MAAM,CAAC,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,gBAAgB,CAAC;YACrD,MAAM,CAAC,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,WAAW,CAAC;SAC5C;KACF;IAAC,OAAO,CAAC,EAAE;AACV,QAAA,OAAO,CAAC,IAAI,CAAC,8CAA8C,EAAE,CAAC,CAAC,CAAC;KACjE;;AAGD,IAAA,IAAI;AACF,QAAA,IAAI,OAAO,WAAW,CAAC,OAAO,KAAK,QAAQ,EAAE;AAC3C,YAAA,MAAM,UAAU,GAAG,WAAW,CAAC,OAAiB,CAAC;;YAGjD,MAAM,YAAY,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAC3C,YAAA,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE;AAC/B,gBAAA,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC5C,IAAI,GAAG,KAAK,IAAI;oBAAE,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,KAAK,CAAC;gBACjE,IAAI,GAAG,KAAK,GAAG;oBAAE,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,KAAK,CAAC;gBACpE,IAAI,GAAG,KAAK,GAAG;oBAAE,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,KAAK,CAAC;gBAC1D,IAAI,GAAG,KAAK,IAAI;AAAE,oBAAA,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC;AACzC,gBAAA,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,IAAI;AAAE,oBAAA,MAAM,CAAC,SAAS,GAAG,KAAK,CAAC;AAC1D,gBAAA,IAAI,GAAG,KAAK,cAAc,IAAI,GAAG,KAAK,SAAS;oBAC7C,MAAM,CAAC,YAAY,GAAG,KAAK,EAAE,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;aACtD;SACF;AAED,QAAA,IAAI,OAAO,WAAW,CAAC,MAAM,KAAK,QAAQ,EAAE;AAC1C,YAAA,MAAM,SAAS,GAAG,WAAW,CAAC,MAAgB,CAAC;;YAG/C,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AACzC,YAAA,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE;AAC9B,gBAAA,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC5C,IAAI,GAAG,KAAK,IAAI;AAAE,oBAAA,MAAM,CAAC,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,IAAI,KAAK,CAAC;gBAC/E,IAAI,GAAG,KAAK,GAAG;AAAE,oBAAA,MAAM,CAAC,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,IAAI,KAAK,CAAC;gBAClF,IAAI,GAAG,KAAK,GAAG;AAAE,oBAAA,MAAM,CAAC,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,KAAK,CAAC;aACzE;SACF;KACF;IAAC,OAAO,CAAC,EAAE;AACV,QAAA,OAAO,CAAC,IAAI,CAAC,8CAA8C,EAAE,CAAC,CAAC,CAAC;KACjE;;AAGD,IAAA,IAAI;QACF,IAAI,aAAa,IAAI,WAAW,IAAK,WAAmB,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC9E,YAAA,MAAM,WAAW,GAAI,WAAmB,CAAC,WAAW,CAAC;;AAErD,YAAA,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AACzE,YAAA,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AACnE,YAAA,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;AACtE,YAAA,MAAM,CAAC,YAAY;gBACjB,MAAM,CAAC,YAAY,IAAI,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;AACrF,YAAA,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;AAClE,YAAA,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;SAC7E;KACF;IAAC,OAAO,CAAC,EAAE;AACV,QAAA,OAAO,CAAC,IAAI,CAAC,iDAAiD,EAAE,CAAC,CAAC,CAAC;KACpE;;IAGD,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,WAAW,CAAC,YAAY,EAAE;AACpD,QAAA,MAAM,CAAC,YAAY,GAAG,WAAW,CAAC,YAAY,CAAC;KAChD;AAED,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;AAIG;AACI,eAAe,gBAAgB,CAAC,QAAgB,EAAA;AACrD,IAAA,IAAI;QACF,IAAI,OAAO,GAAG,QAAQ,CAAC;;QAGvB,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,6BAA6B,CAAC,EAAE;;YAErD,MAAM,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AAC1D,YAAA,OAAO,GAAG,SAAS,CAAC,eAAe,CAAC,CAAC;SACtC;AACD,QAAA,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,CAAC;AAC1C,QAAA,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAE3C,OAAO;AACL,YAAA,OAAO,EAAE;gBACP,UAAU,EAAE,UAAU,CAAC,UAAU;gBACjC,YAAY,EAAE,UAAU,CAAC,YAAY;gBACrC,OAAO,EAAE,UAAU,CAAC,OAAO;gBAC3B,OAAO,EAAE,UAAU,CAAC,OAAO;gBAC3B,SAAS,EAAE,UAAU,CAAC,SAAS;gBAC/B,YAAY,EAAE,UAAU,CAAC,YAAY;AACtC,aAAA;YACD,SAAS,EAAE,UAAU,CAAC,SAAS;YAC/B,OAAO,EAAE,UAAU,CAAC,OAAO;YAC3B,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,YAAY,EAAE,IAAI,CAAC,YAAY;SAChC,CAAC;KACH;IAAC,OAAO,KAAK,EAAE;AACd,QAAA,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;QACnD,MAAM,IAAI,KAAK,CACb,+BAA+B,IAAI,KAAK,YAAY,KAAK,GAAG,KAAK,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAC3F,CAAC;KACH;AACH,CAAC;AAED;;;;;AAKG;AACG,SAAU,wBAAwB,CACtC,IAAuC,EACvC,SAAkB,GAAA,IAAI,IAAI,EAAE,EAAA;;AAG5B,IAAA,MAAM,SAAS,GAAG,WAAW,IAAI,IAAI,GAAG,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;AACxE,IAAA,MAAM,OAAO,GAAG,UAAU,IAAI,IAAI,GAAG,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC;;AAGlE,IAAA,IAAI,SAAS,GAAG,SAAS,EAAE;QACzB,OAAO;AACL,YAAA,OAAO,EAAE,KAAK;AACd,YAAA,MAAM,EAAE,CAAyC,sCAAA,EAAA,SAAS,CAAC,WAAW,EAAE,CAAE,CAAA;SAC3E,CAAC;KACH;AAED,IAAA,IAAI,SAAS,GAAG,OAAO,EAAE;QACvB,OAAO;AACL,YAAA,OAAO,EAAE,KAAK;AACd,YAAA,MAAM,EAAE,CAAoC,iCAAA,EAAA,OAAO,CAAC,WAAW,EAAE,CAAE,CAAA;SACpE,CAAC;KACH;AAED,IAAA,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAyBD;;;;AAIG;AACG,SAAU,oBAAoB,CAAC,QAAyB,EAAA;AAC5D,IAAA,MAAM,EAAE,OAAO,EAAE,GAAG,QAAQ,CAAC;IAE7B,IAAI,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,OAAO,EAAE;QACxC,OAAO,CAAA,EAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,OAAO,CAAA,CAAE,CAAC;KAClD;AAED,IAAA,IAAI,OAAO,CAAC,UAAU,EAAE;QACtB,OAAO,OAAO,CAAC,UAAU,CAAC;KAC3B;;AAGD,IAAA,OAAO,OAAO,CAAC,YAAY,IAAI,gBAAgB,CAAC;AAClD,CAAC;AAED;;;;AAIG;AACG,SAAU,oBAAoB,CAAC,QAAyB,EAAA;AAC5D,IAAA,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,QAAQ,CAAC;AAExC,IAAA,MAAM,UAAU,GAAG,CAAC,IAAU,KAAI;AAChC,QAAA,OAAO,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE;AACxC,YAAA,IAAI,EAAE,SAAS;AACf,YAAA,KAAK,EAAE,MAAM;AACb,YAAA,GAAG,EAAE,SAAS;AACf,SAAA,CAAC,CAAC;AACL,KAAC,CAAC;IAEF,OAAO,CAAA,EAAG,UAAU,CAAC,SAAS,CAAC,CAAO,IAAA,EAAA,UAAU,CAAC,OAAO,CAAC,CAAA,CAAE,CAAC;AAC9D;;;;"}

package/dist/{certificate-c7123a37.js → certificate-e6d074b8.js} RENAMED Viewed

@@ -139,10 +139,13 @@ function queryByXPath(parent, xpathExpression, namespaces = NAMESPACES) {
         // Node.js environment with xpath module
         else {
             const xpathLib = xpath__namespace;
-            const nsResolver = createNsResolverForNode(namespaces);
             // Use a try-catch here to handle specific XPath issues
             try {
-                const nodes = xpathLib.select(xpathExpression, parent, nsResolver);
+                // useNamespaces returns a select function that resolves prefixes (e.g. ec:)
+                // and always returns a node array. (xpath.select's 3rd arg is `single`, not a
+                // resolver, so passing the namespace map there silently breaks results.)
+                const selectWithNs = xpathLib.useNamespaces(namespaces);
+                const nodes = selectWithNs(xpathExpression, parent);
                 return nodes.length > 0 ? nodes[0] : null;
             }
             catch (err) {
@@ -200,10 +203,13 @@ function queryAllByXPath(parent, xpathExpression, namespaces = NAMESPACES) {
         // Node.js environment with xpath module
         else {
             const xpathLib = xpath__namespace;
-            const nsResolver = createNsResolverForNode(namespaces);
             // Use a try-catch here to handle specific XPath issues
             try {
-                const nodes = xpathLib.select(xpathExpression, parent, nsResolver);
+                // useNamespaces returns a select function that resolves prefixes (e.g. ec:)
+                // and always returns a node array. (xpath.select's 3rd arg is `single`, not a
+                // resolver, so passing the namespace map there silently breaks results.)
+                const selectWithNs = xpathLib.useNamespaces(namespaces);
+                const nodes = selectWithNs(xpathExpression, parent);
                 return nodes;
             }
             catch (err) {
@@ -241,12 +247,6 @@ function createNsResolverForBrowser(namespaces) {
         return namespaces[prefix] || null;
     };
 }
-/**
- * Helper function to create a namespace resolver for Node.js environments
- */
-function createNsResolverForNode(namespaces) {
-    return namespaces;
-}
 /**
  * Converts a CSS-like selector (with namespace support) to an XPath expression
  *
@@ -578,4 +578,4 @@ exports.parseCertificate = parseCertificate;
 exports.querySelector = querySelector;
 exports.querySelectorAll = querySelectorAll;
 exports.serializeToXML = serializeToXML;
-//# sourceMappingURL=certificate-c7123a37.js.map
+//# sourceMappingURL=certificate-e6d074b8.js.map

package/dist/certificate-e6d074b8.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"certificate-e6d074b8.js","sources":["../src/utils/xmlParser.ts","../src/core/certificate.ts"],"sourcesContent":[null,null],"names":["xmldom","xpath","X509Certificate"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAGA;;;;;;;AAOG;AACa,SAAA,8BAA8B,CAAC,MAAY,EAAE,QAAgB,EAAA;IAC3E,MAAM,OAAO,GAAc,EAAE,CAAC;IAC9B,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;;IAG3D,MAAM,eAAe,GAAyC,EAAE,CAAC;AACjE,IAAA,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE;AAC3B,QAAA,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AACjD,QAAA,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;AACtB,YAAA,eAAe,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;SAC1C;AAAM,aAAA,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;AAC7B,YAAA,eAAe,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;SACxD;KACF;;IAGD,SAAS,UAAU,CAAC,IAAU,EAAA;AAC5B,QAAA,IAAI,CAAC,IAAI;YAAE,OAAO;AAElB,QAAA,IAAI,IAAI,CAAC,QAAQ,KAAK,CAAC,EAAE;;YAEvB,MAAM,OAAO,GAAG,IAAe,CAAC;AAChC,YAAA,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;AAClC,YAAA,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;;AAGpC,YAAA,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE;;AAEjC,gBAAA,IAAI,GAAG,CAAC,EAAE,IAAI,QAAQ,KAAK,CAAG,EAAA,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,IAAI,CAAA,CAAE,EAAE;AAClD,oBAAA,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBACtB,MAAM;iBACP;;AAED,gBAAA,IAAI,SAAS,KAAK,GAAG,CAAC,IAAI,IAAI,QAAQ,KAAK,GAAG,CAAC,IAAI,EAAE;AACnD,oBAAA,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBACtB,MAAM;iBACP;;gBAED,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAA,CAAA,EAAI,GAAG,CAAC,IAAI,CAAA,CAAE,CAAC,EAAE;AACrC,oBAAA,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBACtB,MAAM;iBACP;aACF;SACF;;AAGD,QAAA,IAAI,IAAI,CAAC,UAAU,EAAE;AACnB,YAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;gBAC/C,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;aAChC;SACF;KACF;IAED,UAAU,CAAC,MAAM,CAAC,CAAC;AACnB,IAAA,OAAO,OAAO,CAAC;AACjB,CAAC;AAcD;AACO,MAAM,UAAU,GAAiB;AACtC,IAAA,EAAE,EAAE,oCAAoC;AACxC,IAAA,MAAM,EAAE,mCAAmC;AAC3C,IAAA,KAAK,EAAE,kCAAkC;AACzC,IAAA,EAAE,EAAE,yCAAyC;AAC7C,IAAA,SAAS,EAAE,yCAAyC;AACpD,IAAA,IAAI,EAAE,mCAAmC;AACzC,IAAA,MAAM,EAAE,kCAAkC;AAC1C,IAAA,KAAK,EAAE,mCAAmC;AAC1C,IAAA,QAAQ,EAAE,mCAAmC;AAC7C,IAAA,IAAI,EAAE,mCAAmC;CAC1C,CAAC;AAEF;;AAEG;SACa,eAAe,GAAA;;IAE7B,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,SAAS,EAAE;AACrD,QAAA,OAAO,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;KAC/B;;AAGD,IAAA,OAAO,IAAIA,iBAAM,CAAC,SAAS,EAAmC,CAAC;AACjE,CAAC;AAED;;;;;;;AAOG;AACG,SAAU,YAAY,CAC1B,MAA0B,EAC1B,eAAuB,EACvB,aAA2B,UAAU,EAAA;AAErC,IAAA,IAAI;;AAEF,QAAA,IAAI,OAAO,QAAQ,KAAK,WAAW,IAAI,OAAO,QAAQ,CAAC,QAAQ,KAAK,UAAU,EAAE;;AAE9E,YAAA,MAAM,QAAQ,GAAG,eAAe,IAAI,MAAM,GAAG,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC;YAC3E,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,CAAC,QAAQ,KAAK,UAAU,EAAE;;;AAGxD,gBAAA,OAAO,IAAI,CAAC;aACb;AACD,YAAA,MAAM,UAAU,GAAG,0BAA0B,CAAC,UAAU,CAAC,CAAC;AAC1D,YAAA,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAC9B,eAAe,EACf,MAAM,EACN,UAAU,EACV,WAAW,CAAC,uBAAuB,EACnC,IAAI,CACL,CAAC;YACF,OAAO,MAAM,CAAC,eAA0B,CAAC;SAC1C;;aAEI;YACH,MAAM,QAAQ,GAAGC,gBAAK,CAAC;;AAGvB,YAAA,IAAI;;;;gBAIF,MAAM,YAAY,GAAG,QAAQ,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;gBACxD,MAAM,KAAK,GAAG,YAAY,CAAC,eAAe,EAAE,MAAa,CAAW,CAAC;AACrE,gBAAA,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,GAAI,KAAK,CAAC,CAAC,CAAa,GAAG,IAAI,CAAC;aACxD;YAAC,OAAO,GAAY,EAAE;;gBAErB,IACE,OAAO,GAAG,KAAK,QAAQ;AACvB,oBAAA,GAAG,KAAK,IAAI;AACZ,oBAAA,SAAS,IAAI,GAAG;AAChB,oBAAA,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;oBAC/B,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAC5C;;oBAEA,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;AAChE,oBAAA,IAAI,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE;AACrB,wBAAA,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;AAC7B,wBAAA,MAAM,eAAe,GAAG,CAAsB,mBAAA,EAAA,WAAW,IAAI,CAAC;wBAC9D,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,eAAe,EAAE,MAAa,CAAQ,CAAC;AACrE,wBAAA,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;qBAC3C;iBACF;gBACD,MAAM,GAAG,CAAC;aACX;SACF;KACF;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,CAAC,KAAK,CAAC,CAAA,6BAAA,EAAgC,eAAe,CAAI,EAAA,CAAA,EAAE,CAAC,CAAC,CAAC;AACtE,QAAA,OAAO,IAAI,CAAC;KACb;AACH,CAAC;AAED;;;;;;;AAOG;AACG,SAAU,eAAe,CAC7B,MAA0B,EAC1B,eAAuB,EACvB,aAA2B,UAAU,EAAA;AAErC,IAAA,IAAI;;AAEF,QAAA,IAAI,OAAO,QAAQ,KAAK,WAAW,IAAI,OAAO,QAAQ,CAAC,QAAQ,KAAK,UAAU,EAAE;;AAE9E,YAAA,MAAM,QAAQ,GAAG,eAAe,IAAI,MAAM,GAAG,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC;YAC3E,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,CAAC,QAAQ,KAAK,UAAU,EAAE;;;AAGxD,gBAAA,OAAO,EAAE,CAAC;aACX;AACD,YAAA,MAAM,UAAU,GAAG,0BAA0B,CAAC,UAAU,CAAC,CAAC;AAC1D,YAAA,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAC9B,eAAe,EACf,MAAM,EACN,UAAU,EACV,WAAW,CAAC,0BAA0B,EACtC,IAAI,CACL,CAAC;YAEF,MAAM,QAAQ,GAAc,EAAE,CAAC;AAC/B,YAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC,EAAE,EAAE;gBAC9C,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAY,CAAC,CAAC;aAClD;AACD,YAAA,OAAO,QAAQ,CAAC;SACjB;;aAEI;YACH,MAAM,QAAQ,GAAGA,gBAAK,CAAC;;AAGvB,YAAA,IAAI;;;;gBAIF,MAAM,YAAY,GAAG,QAAQ,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;gBACxD,MAAM,KAAK,GAAG,YAAY,CAAC,eAAe,EAAE,MAAa,CAAW,CAAC;AACrE,gBAAA,OAAO,KAAkB,CAAC;aAC3B;YAAC,OAAO,GAAY,EAAE;;gBAErB,IACE,OAAO,GAAG,KAAK,QAAQ;AACvB,oBAAA,GAAG,KAAK,IAAI;AACZ,oBAAA,SAAS,IAAI,GAAG;AAChB,oBAAA,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;oBAC/B,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAC5C;;oBAEA,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;AAChE,oBAAA,IAAI,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE;AACrB,wBAAA,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;AAC7B,wBAAA,MAAM,eAAe,GAAG,CAAsB,mBAAA,EAAA,WAAW,IAAI,CAAC;wBAC9D,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,eAAe,EAAE,MAAa,CAAQ,CAAC;AACrE,wBAAA,OAAO,KAAkB,CAAC;qBAC3B;iBACF;gBACD,MAAM,GAAG,CAAC;aACX;SACF;KACF;IAAC,OAAO,CAAC,EAAE;QACV,OAAO,CAAC,KAAK,CAAC,CAAA,6BAAA,EAAgC,eAAe,CAAI,EAAA,CAAA,EAAE,CAAC,CAAC,CAAC;AACtE,QAAA,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AAED;;AAEG;AACH,SAAS,0BAA0B,CAAC,UAAwB,EAAA;AAC1D,IAAA,OAAO,UAAU,MAAqB,EAAA;QACpC,IAAI,MAAM,KAAK,IAAI;AAAE,YAAA,OAAO,IAAI,CAAC;AACjC,QAAA,OAAO,UAAU,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC;AACpC,KAAC,CAAC;AACJ,CAAC;AAED;;;;;AAKG;AACG,SAAU,eAAe,CAAC,QAAgB,EAAA;;IAE9C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACvD,MAAM,UAAU,GAAa,EAAE,CAAC;AAEhC,IAAA,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE;;AAExB,QAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AAErD,QAAA,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;;;YAGzB,UAAU,CAAC,IAAI,CAAC,CAAsB,mBAAA,EAAA,QAAQ,CAAC,CAAC,CAAC,CAAI,EAAA,CAAA,CAAC,CAAC;SACxD;AAAM,aAAA,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;;;YAGhC,UAAU,CAAC,IAAI,CAAC,CAAA,GAAA,EAAM,QAAQ,CAAC,CAAC,CAAC,CAAI,CAAA,EAAA,QAAQ,CAAC,CAAC,CAAC,yBAAyB,QAAQ,CAAC,CAAC,CAAC,CAAA,EAAA,CAAI,CAAC,CAAC;SAC3F;KACF;;AAGD,IAAA,OAAO,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAChC,CAAC;AAED;;;;;;;AAOG;AACa,SAAA,aAAa,CAAC,MAA0B,EAAE,QAAgB,EAAA;;AAExE,IAAA,IAAI,OAAO,MAAM,CAAC,aAAa,KAAK,UAAU,EAAE;AAC9C,QAAA,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;AAC9C,YAAA,IAAI,MAAM;AAAE,gBAAA,OAAO,MAAM,CAAC;SAC3B;QAAC,OAAO,CAAC,EAAE;;SAEX;KACF;;IAGD,MAAM,QAAQ,GAAG,8BAA8B,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAClE,IAAA,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;AACvB,QAAA,OAAO,QAAQ,CAAC,CAAC,CAAC,CAAC;KACpB;;AAGD,IAAA,IAAI;AACF,QAAA,MAAM,SAAS,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;AAC5C,QAAA,OAAO,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;KACxC;IAAC,OAAO,CAAC,EAAE;AACV,QAAA,OAAO,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;AAC3E,QAAA,OAAO,IAAI,CAAC;KACb;AACH,CAAC;AAED;;;;;;;AAOG;AACa,SAAA,gBAAgB,CAAC,MAA0B,EAAE,QAAgB,EAAA;;AAE3E,IAAA,IAAI,OAAO,MAAM,CAAC,gBAAgB,KAAK,UAAU,EAAE;AACjD,QAAA,IAAI;YACF,MAAM,OAAO,GAAG,MAAM,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;AAClD,YAAA,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE;gBACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;AAC/B,gBAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;oBACvC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAY,CAAC,CAAC;iBACtC;AACD,gBAAA,OAAO,QAAQ,CAAC;aACjB;SACF;QAAC,OAAO,CAAC,EAAE;;SAEX;KACF;;IAGD,MAAM,QAAQ,GAAG,8BAA8B,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAClE,IAAA,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;AACvB,QAAA,OAAO,QAAQ,CAAC;KACjB;;AAGD,IAAA,IAAI;AACF,QAAA,MAAM,SAAS,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;AAC5C,QAAA,OAAO,eAAe,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;KAC3C;IAAC,OAAO,CAAC,EAAE;AACV,QAAA,OAAO,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;AAC3E,QAAA,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AAED;;AAEG;AACG,SAAU,cAAc,CAAC,IAAU,EAAA;;IAEvC,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,aAAa,EAAE;QACzD,OAAO,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;KAC3D;;IAGD,OAAO,IAAID,iBAAM,CAAC,aAAa,EAAE,CAAC,iBAAiB,CAAC,IAAW,CAAC,CAAC;AACnE;;ACpVA;;;;AAIG;AACG,SAAU,SAAS,CAAC,UAAmB,EAAA;AAC3C,IAAA,IAAI,CAAC,UAAU;AAAE,QAAA,OAAO,EAAE,CAAC;;IAG3B,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;;IAGnD,MAAM,KAAK,GAAG,EAAE,CAAC;AACjB,IAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;AAC/C,QAAA,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;KAC9C;;IAGD,OAAO,CAAA,6BAAA,EAAgC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,6BAA6B,CAAC;AACvF,CAAC;AAED;;;;AAIG;AACG,SAAU,iBAAiB,CAAC,WAA4B,EAAA;AAe5D,IAAA,MAAM,MAAM,GAAQ;QAClB,SAAS,EAAE,WAAW,CAAC,SAAS;QAChC,OAAO,EAAE,WAAW,CAAC,QAAQ;AAC7B,QAAA,MAAM,EAAE,EAAE;KACX,CAAC;;;AAKF,IAAA,IAAI;AACF,QAAA,IAAI,OAAO,WAAW,CAAC,OAAO,KAAK,QAAQ,IAAI,WAAW,CAAC,OAAO,KAAK,IAAI,EAAE;;AAE3E,YAAA,MAAM,OAAO,GAAG,WAAW,CAAC,OAAc,CAAC;AAC3C,YAAA,MAAM,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;AACvC,YAAA,MAAM,CAAC,YAAY,GAAG,OAAO,CAAC,gBAAgB,CAAC;AAC/C,YAAA,MAAM,CAAC,OAAO,GAAG,OAAO,CAAC,WAAW,CAAC;SACtC;;AAGD,QAAA,IAAI,OAAO,WAAW,CAAC,MAAM,KAAK,QAAQ,IAAI,WAAW,CAAC,MAAM,KAAK,IAAI,EAAE;AACzE,YAAA,MAAM,MAAM,GAAG,WAAW,CAAC,MAAa,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;YAC7C,MAAM,CAAC,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,gBAAgB,CAAC;YACrD,MAAM,CAAC,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,WAAW,CAAC;SAC5C;KACF;IAAC,OAAO,CAAC,EAAE;AACV,QAAA,OAAO,CAAC,IAAI,CAAC,8CAA8C,EAAE,CAAC,CAAC,CAAC;KACjE;;AAGD,IAAA,IAAI;AACF,QAAA,IAAI,OAAO,WAAW,CAAC,OAAO,KAAK,QAAQ,EAAE;AAC3C,YAAA,MAAM,UAAU,GAAG,WAAW,CAAC,OAAiB,CAAC;;YAGjD,MAAM,YAAY,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAC3C,YAAA,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE;AAC/B,gBAAA,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC5C,IAAI,GAAG,KAAK,IAAI;oBAAE,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,KAAK,CAAC;gBACjE,IAAI,GAAG,KAAK,GAAG;oBAAE,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,KAAK,CAAC;gBACpE,IAAI,GAAG,KAAK,GAAG;oBAAE,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,KAAK,CAAC;gBAC1D,IAAI,GAAG,KAAK,IAAI;AAAE,oBAAA,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC;AACzC,gBAAA,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,IAAI;AAAE,oBAAA,MAAM,CAAC,SAAS,GAAG,KAAK,CAAC;AAC1D,gBAAA,IAAI,GAAG,KAAK,cAAc,IAAI,GAAG,KAAK,SAAS;oBAC7C,MAAM,CAAC,YAAY,GAAG,KAAK,EAAE,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;aACtD;SACF;AAED,QAAA,IAAI,OAAO,WAAW,CAAC,MAAM,KAAK,QAAQ,EAAE;AAC1C,YAAA,MAAM,SAAS,GAAG,WAAW,CAAC,MAAgB,CAAC;;YAG/C,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AACzC,YAAA,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE;AAC9B,gBAAA,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC5C,IAAI,GAAG,KAAK,IAAI;AAAE,oBAAA,MAAM,CAAC,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,IAAI,KAAK,CAAC;gBAC/E,IAAI,GAAG,KAAK,GAAG;AAAE,oBAAA,MAAM,CAAC,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,IAAI,KAAK,CAAC;gBAClF,IAAI,GAAG,KAAK,GAAG;AAAE,oBAAA,MAAM,CAAC,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,KAAK,CAAC;aACzE;SACF;KACF;IAAC,OAAO,CAAC,EAAE;AACV,QAAA,OAAO,CAAC,IAAI,CAAC,8CAA8C,EAAE,CAAC,CAAC,CAAC;KACjE;;AAGD,IAAA,IAAI;QACF,IAAI,aAAa,IAAI,WAAW,IAAK,WAAmB,CAAC,WAAW,EAAE,QAAQ,EAAE;AAC9E,YAAA,MAAM,WAAW,GAAI,WAAmB,CAAC,WAAW,CAAC;;AAErD,YAAA,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AACzE,YAAA,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AACnE,YAAA,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;AACtE,YAAA,MAAM,CAAC,YAAY;gBACjB,MAAM,CAAC,YAAY,IAAI,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;AACrF,YAAA,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;AAClE,YAAA,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;SAC7E;KACF;IAAC,OAAO,CAAC,EAAE;AACV,QAAA,OAAO,CAAC,IAAI,CAAC,iDAAiD,EAAE,CAAC,CAAC,CAAC;KACpE;;IAGD,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,WAAW,CAAC,YAAY,EAAE;AACpD,QAAA,MAAM,CAAC,YAAY,GAAG,WAAW,CAAC,YAAY,CAAC;KAChD;AAED,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;AAIG;AACI,eAAe,gBAAgB,CAAC,QAAgB,EAAA;AACrD,IAAA,IAAI;QACF,IAAI,OAAO,GAAG,QAAQ,CAAC;;QAGvB,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,6BAA6B,CAAC,EAAE;;YAErD,MAAM,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AAC1D,YAAA,OAAO,GAAG,SAAS,CAAC,eAAe,CAAC,CAAC;SACtC;AACD,QAAA,MAAM,IAAI,GAAG,IAAIE,oBAAe,CAAC,OAAO,CAAC,CAAC;AAC1C,QAAA,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAE3C,OAAO;AACL,YAAA,OAAO,EAAE;gBACP,UAAU,EAAE,UAAU,CAAC,UAAU;gBACjC,YAAY,EAAE,UAAU,CAAC,YAAY;gBACrC,OAAO,EAAE,UAAU,CAAC,OAAO;gBAC3B,OAAO,EAAE,UAAU,CAAC,OAAO;gBAC3B,SAAS,EAAE,UAAU,CAAC,SAAS;gBAC/B,YAAY,EAAE,UAAU,CAAC,YAAY;AACtC,aAAA;YACD,SAAS,EAAE,UAAU,CAAC,SAAS;YAC/B,OAAO,EAAE,UAAU,CAAC,OAAO;YAC3B,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,YAAY,EAAE,IAAI,CAAC,YAAY;SAChC,CAAC;KACH;IAAC,OAAO,KAAK,EAAE;AACd,QAAA,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;QACnD,MAAM,IAAI,KAAK,CACb,+BAA+B,IAAI,KAAK,YAAY,KAAK,GAAG,KAAK,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAC3F,CAAC;KACH;AACH,CAAC;AAED;;;;;AAKG;AACG,SAAU,wBAAwB,CACtC,IAAuC,EACvC,SAAkB,GAAA,IAAI,IAAI,EAAE,EAAA;;AAG5B,IAAA,MAAM,SAAS,GAAG,WAAW,IAAI,IAAI,GAAG,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;AACxE,IAAA,MAAM,OAAO,GAAG,UAAU,IAAI,IAAI,GAAG,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC;;AAGlE,IAAA,IAAI,SAAS,GAAG,SAAS,EAAE;QACzB,OAAO;AACL,YAAA,OAAO,EAAE,KAAK;AACd,YAAA,MAAM,EAAE,CAAyC,sCAAA,EAAA,SAAS,CAAC,WAAW,EAAE,CAAE,CAAA;SAC3E,CAAC;KACH;AAED,IAAA,IAAI,SAAS,GAAG,OAAO,EAAE;QACvB,OAAO;AACL,YAAA,OAAO,EAAE,KAAK;AACd,YAAA,MAAM,EAAE,CAAoC,iCAAA,EAAA,OAAO,CAAC,WAAW,EAAE,CAAE,CAAA;SACpE,CAAC;KACH;AAED,IAAA,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAyBD;;;;AAIG;AACG,SAAU,oBAAoB,CAAC,QAAyB,EAAA;AAC5D,IAAA,MAAM,EAAE,OAAO,EAAE,GAAG,QAAQ,CAAC;IAE7B,IAAI,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,OAAO,EAAE;QACxC,OAAO,CAAA,EAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,OAAO,CAAA,CAAE,CAAC;KAClD;AAED,IAAA,IAAI,OAAO,CAAC,UAAU,EAAE;QACtB,OAAO,OAAO,CAAC,UAAU,CAAC;KAC3B;;AAGD,IAAA,OAAO,OAAO,CAAC,YAAY,IAAI,gBAAgB,CAAC;AAClD,CAAC;AAED;;;;AAIG;AACG,SAAU,oBAAoB,CAAC,QAAyB,EAAA;AAC5D,IAAA,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,QAAQ,CAAC;AAExC,IAAA,MAAM,UAAU,GAAG,CAAC,IAAU,KAAI;AAChC,QAAA,OAAO,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE;AACxC,YAAA,IAAI,EAAE,SAAS;AACf,YAAA,KAAK,EAAE,MAAM;AACb,YAAA,GAAG,EAAE,SAAS;AACf,SAAA,CAAC,CAAC;AACL,KAAC,CAAC;IAEF,OAAO,CAAA,EAAG,UAAU,CAAC,SAAS,CAAC,CAAO,IAAA,EAAA,UAAU,CAAC,OAAO,CAAC,CAAA,CAAE,CAAC;AAC9D;;;;;;;;;;;;;"}

package/dist/core/parser/types.d.ts CHANGED Viewed

@@ -40,4 +40,20 @@ export interface SignatureInfo {
     canonicalizationMethod?: string;
     /** RFC 3161 timestamp token (base64 encoded) from xades:EncapsulatedTimeStamp */
     signatureTimestamp?: string;
+    /**
+     * Raw embedded XAdES revocation material from
+     * xades:UnsignedSignatureProperties/xades:RevocationValues, as base64-encoded DER.
+     *
+     * NOTE: these values are exposed as-is and are NOT validated by edockit. They live
+     * in unsigned signature properties, so unless they are protected by a verified XAdES
+     * archive timestamp they are not authenticated and MUST NOT be trusted as a
+     * revocation verdict on their own. Verifying them requires checking the OCSP/CRL
+     * signature against a trusted issuer and enforcing freshness.
+     */
+    revocationValues?: {
+        /** base64-encoded DER OCSP responses (xades:OCSPValues/EncapsulatedOCSPValue) */
+        ocsp: string[];
+        /** base64-encoded DER CRLs (xades:CRLValues/EncapsulatedCRLValue) */
+        crl: string[];
+    };
 }

package/dist/core/revocation/index.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
 export { checkCertificateRevocation, checkCertificatesRevocation } from "./check";
 export { RevocationResult, RevocationCheckOptions, DEFAULT_REVOCATION_OPTIONS, OID } from "./types";
-export { extractOCSPUrls, extractCAIssuersUrls, findIssuerInChain, checkOCSP } from "./ocsp";
+export { extractOCSPUrls, extractCAIssuersUrls, findIssuerInChain, resolveIssuerFromChain, extractCertsFromOCSPResponses, checkOCSP, } from "./ocsp";
 export { extractCRLUrls, checkCRL } from "./crl";

package/dist/core/revocation/ocsp.d.ts CHANGED Viewed

@@ -19,6 +19,27 @@ export declare function extractCAIssuersUrls(cert: X509Certificate): string[];
  * @returns Issuer certificate or null if not found
  */
 export declare function findIssuerInChain(cert: X509Certificate, chain: string[]): X509Certificate | null;
+/**
+ * Extract any certificates carried inside embedded OCSP responses.
+ *
+ * OCSP responses frequently bundle the responder certificate and the issuer CA
+ * certificate. They are a useful offline source of the issuer certificate needed
+ * to build a (live) OCSP request when the container's certificate chain is empty.
+ *
+ * @param base64Responses Base64-encoded DER OCSP responses (from RevocationValues)
+ * @returns PEM-encoded certificates found in the responses
+ */
+export declare function extractCertsFromOCSPResponses(base64Responses: string[]): string[];
+/**
+ * Resolve the issuer certificate for a cert from a candidate chain, preferring a
+ * candidate whose key actually signed the cert. This avoids building an OCSP
+ * request against the wrong (e.g. tampered, same-name) issuer.
+ *
+ * @param cert Certificate to find the issuer for
+ * @param chain Candidate certificates (PEM)
+ * @returns The verified issuer certificate, or null
+ */
+export declare function resolveIssuerFromChain(cert: X509Certificate, chain: string[]): Promise<X509Certificate | null>;
 /**
  * Fetch issuer certificate from AIA extension
  * @param cert Certificate to fetch issuer for

package/dist/core/trustedlist/build.d.ts CHANGED Viewed

@@ -1,4 +1,6 @@
+import { formatTrustedListBundleId } from "./loader";
 import type { CompactTrustedListBundle, TrustedListBundleManifest, TrustedListFetchOptions, TrustedListSource } from "./types";
+export { formatTrustedListBundleId };
 export interface RenderTrustedListJsonOptions {
     pretty?: boolean;
 }
@@ -28,7 +30,6 @@ export interface GenerateTrustedListBundleOptions extends TrustedListFetchOption
     manifestOutputPath?: string;
     baseUrl?: string;
 }
-export declare function formatTrustedListBundleId(generatedAt: string): string;
 export declare function renderTrustedListJson(bundle: CompactTrustedListBundle, options?: RenderTrustedListJsonOptions): string;
 export declare function buildTrustedListManifest(bundle: CompactTrustedListBundle, options?: BuildTrustedListManifestOptions): {
     bundleId: string;

package/dist/core/trustedlist/index.d.ts CHANGED Viewed

@@ -8,11 +8,24 @@ export * from "./identity";
 export * from "./matcher";
 export * from "./reference-provider";
 export declare const DEFAULT_TRUSTED_LIST_SOURCES: TrustedListSource[];
+export interface TrustedListFetchDiagnostics {
+    /**
+     * Territories whose advertised TSL endpoints were all attempted and all
+     * failed to fetch or parse. Valid empty TSLs and successfully parsed removals
+     * are deliberately excluded.
+     */
+    unreachableTerritories: string[];
+}
+export interface TrustedListFetchResult {
+    bundle: CompactTrustedListBundle;
+    diagnostics: TrustedListFetchDiagnostics;
+}
 /**
  * Low-level live fetch helper for LOTL/TSL processing.
  *
  * Primarily intended for Node.js build/update tooling. Browser callers generally
  * need a proxy and should prefer the higher-level trusted-list update flow.
  */
+export declare function fetchTrustedListBundleWithDiagnostics(sources?: TrustedListSource[], fetchOptions?: TrustedListFetchOptions): Promise<TrustedListFetchResult>;
 export declare function fetchTrustedListBundle(sources?: TrustedListSource[], fetchOptions?: TrustedListFetchOptions): Promise<CompactTrustedListBundle>;
 export declare function updateTrustedList(sources?: TrustedListSource[], fetchOptions?: TrustedListFetchOptions): Promise<TrustedListData>;

package/dist/core/trustedlist/loader.d.ts CHANGED Viewed

@@ -1,5 +1,19 @@
 import type { CompactTrustedListBundle, TrustedListData, TrustedListSource, TrustedService } from "./types";
+/**
+ * Derive a stable, filesystem/URL-safe bundle id from a generatedAt timestamp,
+ * e.g. "2026-06-25T18:30:00.000Z" -> "2026-06-25T18-30-00Z".
+ */
+export declare function formatTrustedListBundleId(generatedAt: string): string;
 export declare function createEmptyTrustedListBundle(): CompactTrustedListBundle;
 export declare function buildTrustedListData(bundle: CompactTrustedListBundle): TrustedListData;
 export declare function buildCompactTrustedListBundle(services: TrustedService[], sources: TrustedListSource[], generatedAt?: string): CompactTrustedListBundle;
+/**
+ * Carry forward last-known-good services only for territories whose advertised
+ * TSL endpoints were explicitly observed as unreachable during this fetch.
+ *
+ * A territory merely being absent from the fresh bundle is not sufficient:
+ * absence can represent a legitimate removal and must not resurrect stale trust.
+ * A territory present in the fresh bundle always wins.
+ */
+export declare function mergeForwardUnreachableTerritories(fresh: CompactTrustedListBundle, previous: CompactTrustedListBundle, unreachableTerritories: ReadonlySet<string>): CompactTrustedListBundle;
 export declare function dedupeTrustedServices(services: TrustedService[]): TrustedService[];

package/dist/core/trustedlist/types.d.ts CHANGED Viewed

@@ -62,6 +62,8 @@ export interface TrustedListIndexes {
 }
 export interface TrustedListData {
     version: number;
+    /** Stable identifier for this snapshot, derived from generatedAt. */
+    bundleId?: string;
     generatedAt: string;
     sources: TrustedListSource[];
     services: TrustedListEntry[];
@@ -100,6 +102,8 @@ export type CompactTrustedService = [
 export type CompactTrustedListSource = [id: string, label: string, lotlUrl: string];
 export interface CompactTrustedListBundle {
     v: 2;
+    /** Stable identifier for this snapshot, derived from generatedAt. */
+    bundleId?: string;
     generatedAt: string;
     sources: CompactTrustedListSource[];
     dns: string[];

package/dist/{identity-fca881b1.js → identity-2eb76bc9.js} RENAMED Viewed

@@ -3,10 +3,10 @@
  * Copyright (c) 2025 Edgars Jēkabsons, ZenomyTech SIA
  */
 import { X509Certificate } from '@peculiar/x509';
-import { AsnParser, AsnConvert, OctetString } from '@peculiar/asn1-schema';
-import { CertID, Request, TBSRequest, OCSPRequest, OCSPResponse, OCSPResponseStatus, BasicOCSPResponse } from '@peculiar/asn1-ocsp';
+import { AsnConvert, AsnParser, OctetString } from '@peculiar/asn1-schema';
+import { OCSPResponse, BasicOCSPResponse, CertID, Request, TBSRequest, OCSPRequest, OCSPResponseStatus } from '@peculiar/asn1-ocsp';
 import { Certificate, AlgorithmIdentifier } from '@peculiar/asn1-x509';
-import { g as fetchIssuerCertificate, c as arrayBufferToPEM, h as fetchOCSP, i as hexToArrayBuffer, n as normalizeDistinguishedName, d as arrayBufferToHex, j as normalizeKeyIdentifier } from './normalize-50862581.js';
+import { b as base64ToArrayBuffer, g as fetchIssuerCertificate, c as arrayBufferToPEM, h as fetchOCSP, i as hexToArrayBuffer, n as normalizeDistinguishedName, d as arrayBufferToHex, j as normalizeKeyIdentifier } from './normalize-50862581.js';
 // src/core/revocation/ocsp.ts
 /**
@@ -87,6 +87,78 @@ function findIssuerInChain(cert, chain) {
     }
     return null;
 }
+/**
+ * Extract any certificates carried inside embedded OCSP responses.
+ *
+ * OCSP responses frequently bundle the responder certificate and the issuer CA
+ * certificate. They are a useful offline source of the issuer certificate needed
+ * to build a (live) OCSP request when the container's certificate chain is empty.
+ *
+ * @param base64Responses Base64-encoded DER OCSP responses (from RevocationValues)
+ * @returns PEM-encoded certificates found in the responses
+ */
+function extractCertsFromOCSPResponses(base64Responses) {
+    const pems = [];
+    for (const base64Response of base64Responses) {
+        try {
+            const response = AsnConvert.parse(base64ToArrayBuffer(base64Response), OCSPResponse);
+            if (!response.responseBytes) {
+                continue;
+            }
+            const basicResponse = AsnConvert.parse(response.responseBytes.response.buffer, BasicOCSPResponse);
+            for (const certificate of basicResponse.certs ?? []) {
+                try {
+                    const x509 = new X509Certificate(new Uint8Array(AsnConvert.serialize(certificate)));
+                    pems.push(x509.toString("pem"));
+                }
+                catch {
+                    // Skip certificates that fail to parse
+                }
+            }
+        }
+        catch {
+            // Skip responses that fail to parse
+        }
+    }
+    return pems;
+}
+/**
+ * Resolve the issuer certificate for a cert from a candidate chain, preferring a
+ * candidate whose key actually signed the cert. This avoids building an OCSP
+ * request against the wrong (e.g. tampered, same-name) issuer.
+ *
+ * @param cert Certificate to find the issuer for
+ * @param chain Candidate certificates (PEM)
+ * @returns The verified issuer certificate, or null
+ */
+async function resolveIssuerFromChain(cert, chain) {
+    const nameMatches = [];
+    for (const pemCert of chain) {
+        try {
+            const candidate = new X509Certificate(pemCert);
+            if (candidate.subject === cert.issuer) {
+                nameMatches.push(candidate);
+            }
+        }
+        catch {
+            // Skip invalid certificates
+        }
+    }
+    // Prefer a candidate that actually issued the certificate.
+    for (const candidate of nameMatches) {
+        try {
+            if (await cert.verify({ publicKey: candidate, signatureOnly: true })) {
+                return candidate;
+            }
+        }
+        catch {
+            // Verification not possible for this candidate; try the next.
+        }
+    }
+    // A same-name certificate with the wrong key must not suppress the safer AIA
+    // lookup. Only return a candidate that cryptographically issued the cert.
+    return null;
+}
 /**
  * Fetch issuer certificate from AIA extension
  * @param cert Certificate to fetch issuer for
@@ -309,8 +381,9 @@ async function checkOCSP(cert, issuerCert, options = {}) {
     // Try to find issuer certificate
     let issuer = issuerCert;
     if (!issuer) {
-        // Try certificate chain first
-        issuer = findIssuerInChain(cert, certificateChain);
+        // Try the certificate chain first (prefer a candidate that actually issued the
+        // cert). The chain may include certs recovered from embedded OCSP responses.
+        issuer = await resolveIssuerFromChain(cert, certificateChain);
     }
     if (!issuer) {
         // Try AIA extension
@@ -402,5 +475,5 @@ async function extractCertificateIdentityFromCertificate(certificatePem) {
     };
 }
-export { extractCertificateIdentityFromCertificate as a, checkOCSP as c, extractIssuerIdentityFromCertificate as e };
-//# sourceMappingURL=identity-fca881b1.js.map
+export { extractIssuerIdentityFromCertificate as a, extractCertificateIdentityFromCertificate as b, checkOCSP as c, extractCertsFromOCSPResponses as e };
+//# sourceMappingURL=identity-2eb76bc9.js.map

package/dist/identity-2eb76bc9.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"identity-2eb76bc9.js","sources":["../src/core/revocation/ocsp.ts","../src/core/trustedlist/identity.ts"],"sourcesContent":[null,null],"names":[],"mappings":";;;;;;;;;;AAAA;AAwBA;;AAEG;AACH,MAAM,yBAAyB,GAAG,mBAAmB,CAAC;AAEtD;;AAEG;AACH,MAAM,QAAQ,GAAG,eAAe,CAAC;AAEjC;;AAEG;AACH,eAAe,WAAW,CAAC,IAAiB,EAAA;IAC1C,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,MAAM,EAAE;QAClD,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;KAC5C;;AAED,IAAA,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC3C,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC/B,IAAA,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC;AAC9B,CAAC;AAED;;;;AAIG;AACG,SAAU,eAAe,CAAC,IAAqB,EAAA;AACnD,IAAA,IAAI;QACF,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAC9B,yBAAyB,CACa,CAAC;QACzC,IAAI,CAAC,MAAM,EAAE;AACX,YAAA,OAAO,EAAE,CAAC;SACX;;AAGD,QAAA,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,KAAK,CAAC,CAAC;KAC5E;AAAC,IAAA,MAAM;AACN,QAAA,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AAED;;;;AAIG;AACG,SAAU,oBAAoB,CAAC,IAAqB,EAAA;AACxD,IAAA,IAAI;QACF,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAC9B,yBAAyB,CACa,CAAC;QACzC,IAAI,CAAC,MAAM,EAAE;AACX,YAAA,OAAO,EAAE,CAAC;SACX;AAED,QAAA,OAAO,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,KAAK,CAAC,CAAC;KACjF;AAAC,IAAA,MAAM;AACN,QAAA,OAAO,EAAE,CAAC;KACX;AACH,CAAC;AAED;;;;;AAKG;AACa,SAAA,iBAAiB,CAAC,IAAqB,EAAE,KAAe,EAAA;AACtE,IAAA,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC;AAE/B,IAAA,KAAK,MAAM,OAAO,IAAI,KAAK,EAAE;AAC3B,QAAA,IAAI;AACF,YAAA,MAAM,SAAS,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,CAAC;;AAE/C,YAAA,IAAI,SAAS,CAAC,OAAO,KAAK,UAAU,EAAE;AACpC,gBAAA,OAAO,SAAS,CAAC;aAClB;SACF;AAAC,QAAA,MAAM;;SAEP;KACF;AAED,IAAA,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;AASG;AACG,SAAU,6BAA6B,CAAC,eAAyB,EAAA;IACrE,MAAM,IAAI,GAAa,EAAE,CAAC;AAE1B,IAAA,KAAK,MAAM,cAAc,IAAI,eAAe,EAAE;AAC5C,QAAA,IAAI;AACF,YAAA,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,mBAAmB,CAAC,cAAc,CAAC,EAAE,YAAY,CAAC,CAAC;AACrF,YAAA,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE;gBAC3B,SAAS;aACV;AACD,YAAA,MAAM,aAAa,GAAG,UAAU,CAAC,KAAK,CACpC,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,EACtC,iBAAiB,CAClB,CAAC;YACF,KAAK,MAAM,WAAW,IAAI,aAAa,CAAC,KAAK,IAAI,EAAE,EAAE;AACnD,gBAAA,IAAI;AACF,oBAAA,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;oBACpF,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;iBACjC;AAAC,gBAAA,MAAM;;iBAEP;aACF;SACF;AAAC,QAAA,MAAM;;SAEP;KACF;AAED,IAAA,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;AAQG;AACI,eAAe,sBAAsB,CAC1C,IAAqB,EACrB,KAAe,EAAA;IAEf,MAAM,WAAW,GAAsB,EAAE,CAAC;AAC1C,IAAA,KAAK,MAAM,OAAO,IAAI,KAAK,EAAE;AAC3B,QAAA,IAAI;AACF,YAAA,MAAM,SAAS,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,CAAC;YAC/C,IAAI,SAAS,CAAC,OAAO,KAAK,IAAI,CAAC,MAAM,EAAE;AACrC,gBAAA,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;aAC7B;SACF;AAAC,QAAA,MAAM;;SAEP;KACF;;AAGD,IAAA,KAAK,MAAM,SAAS,IAAI,WAAW,EAAE;AACnC,QAAA,IAAI;AACF,YAAA,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,EAAE;AACpE,gBAAA,OAAO,SAAS,CAAC;aAClB;SACF;AAAC,QAAA,MAAM;;SAEP;KACF;;;AAID,IAAA,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;AAMG;AACI,eAAe,kBAAkB,CACtC,IAAqB,EACrB,OAAA,GAAkB,IAAI,EACtB,QAAiB,EAAA;AAEjB,IAAA,MAAM,IAAI,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;AAExC,IAAA,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE;AACtB,QAAA,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;YACpE,IAAI,MAAM,CAAC,EAAE,IAAI,MAAM,CAAC,IAAI,EAAE;;AAE5B,gBAAA,IAAI;AACF,oBAAA,OAAO,IAAI,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;iBACzC;AAAC,gBAAA,MAAM;;oBAEN,MAAM,GAAG,GAAG,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;AAC1C,oBAAA,OAAO,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC;iBACjC;aACF;SACF;AAAC,QAAA,MAAM;;SAEP;KACF;AAED,IAAA,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;AAKG;AACI,eAAe,gBAAgB,CACpC,IAAqB,EACrB,UAA2B,EAAA;;;AAI3B,IAAA,MAAM,aAAa,GAAG,SAAS,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;AACvE,IAAA,MAAM,aAAa,GAAG,UAAU,CAAC,SAAS,CAAC,aAAa,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;AACjF,IAAA,MAAM,cAAc,GAAG,MAAM,WAAW,CAAC,aAAa,CAAC,CAAC;;AAGxD,IAAA,MAAM,aAAa,GAAG,MAAM,WAAW,CACrC,aAAa,CAAC,cAAc,CAAC,oBAAoB,CAAC,gBAAgB,CACnE,CAAC;;IAGF,MAAM,YAAY,GAAG,gBAAgB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;;AAGzD,IAAA,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC;QACxB,aAAa,EAAE,IAAI,mBAAmB,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AAC/D,QAAA,cAAc,EAAE,IAAI,WAAW,CAAC,cAAc,CAAC;AAC/C,QAAA,aAAa,EAAE,IAAI,WAAW,CAAC,aAAa,CAAC;AAC7C,QAAA,YAAY,EAAE,YAAY;AAC3B,KAAA,CAAC,CAAC;;IAGH,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;;AAGjD,IAAA,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC;QAChC,WAAW,EAAE,CAAC,OAAO,CAAC;AACvB,KAAA,CAAC,CAAC;;IAGH,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;AAEpD,IAAA,OAAO,UAAU,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;AAC3C,CAAC;AAED;;;;AAIG;AACG,SAAU,iBAAiB,CAAC,YAAyB,EAAA;AACzD,IAAA,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;AAEvB,IAAA,IAAI;QACF,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;;AAG9D,QAAA,QAAQ,QAAQ,CAAC,cAAc;YAC7B,KAAK,kBAAkB,CAAC,UAAU;gBAChC,MAAM;YACR,KAAK,kBAAkB,CAAC,gBAAgB;gBACtC,OAAO;AACL,oBAAA,OAAO,EAAE,KAAK;AACd,oBAAA,MAAM,EAAE,OAAO;AACf,oBAAA,MAAM,EAAE,MAAM;AACd,oBAAA,MAAM,EAAE,4CAA4C;AACpD,oBAAA,SAAS,EAAE,GAAG;iBACf,CAAC;YACJ,KAAK,kBAAkB,CAAC,aAAa;gBACnC,OAAO;AACL,oBAAA,OAAO,EAAE,KAAK;AACd,oBAAA,MAAM,EAAE,OAAO;AACf,oBAAA,MAAM,EAAE,MAAM;AACd,oBAAA,MAAM,EAAE,yCAAyC;AACjD,oBAAA,SAAS,EAAE,GAAG;iBACf,CAAC;YACJ,KAAK,kBAAkB,CAAC,QAAQ;gBAC9B,OAAO;AACL,oBAAA,OAAO,EAAE,KAAK;AACd,oBAAA,MAAM,EAAE,SAAS;AACjB,oBAAA,MAAM,EAAE,MAAM;AACd,oBAAA,MAAM,EAAE,oCAAoC;AAC5C,oBAAA,SAAS,EAAE,GAAG;iBACf,CAAC;YACJ,KAAK,kBAAkB,CAAC,WAAW;gBACjC,OAAO;AACL,oBAAA,OAAO,EAAE,KAAK;AACd,oBAAA,MAAM,EAAE,OAAO;AACf,oBAAA,MAAM,EAAE,MAAM;AACd,oBAAA,MAAM,EAAE,mCAAmC;AAC3C,oBAAA,SAAS,EAAE,GAAG;iBACf,CAAC;YACJ,KAAK,kBAAkB,CAAC,YAAY;gBAClC,OAAO;AACL,oBAAA,OAAO,EAAE,KAAK;AACd,oBAAA,MAAM,EAAE,OAAO;AACf,oBAAA,MAAM,EAAE,MAAM;AACd,oBAAA,MAAM,EAAE,uCAAuC;AAC/C,oBAAA,SAAS,EAAE,GAAG;iBACf,CAAC;AACJ,YAAA;gBACE,OAAO;AACL,oBAAA,OAAO,EAAE,KAAK;AACd,oBAAA,MAAM,EAAE,OAAO;AACf,oBAAA,MAAM,EAAE,MAAM;AACd,oBAAA,MAAM,EAAE,CAAA,wCAAA,EAA2C,QAAQ,CAAC,cAAc,CAAE,CAAA;AAC5E,oBAAA,SAAS,EAAE,GAAG;iBACf,CAAC;SACL;;AAGD,QAAA,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE;YAC3B,OAAO;AACL,gBAAA,OAAO,EAAE,KAAK;AACd,gBAAA,MAAM,EAAE,OAAO;AACf,gBAAA,MAAM,EAAE,MAAM;AACd,gBAAA,MAAM,EAAE,qCAAqC;AAC7C,gBAAA,SAAS,EAAE,GAAG;aACf,CAAC;SACH;;AAGD,QAAA,MAAM,aAAa,GAAG,UAAU,CAAC,KAAK,CACpC,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,EACtC,iBAAiB,CAClB,CAAC;;AAGF,QAAA,MAAM,SAAS,GAAG,aAAa,CAAC,eAAe,CAAC,SAAS,CAAC;QAC1D,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE;YACxC,OAAO;AACL,gBAAA,OAAO,EAAE,KAAK;AACd,gBAAA,MAAM,EAAE,OAAO;AACf,gBAAA,MAAM,EAAE,MAAM;AACd,gBAAA,MAAM,EAAE,8CAA8C;AACtD,gBAAA,SAAS,EAAE,GAAG;aACf,CAAC;SACH;AAED,QAAA,MAAM,cAAc,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;AACpC,QAAA,MAAM,UAAU,GAAG,cAAc,CAAC,UAAU,CAAC;;AAG7C,QAAA,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,EAAE;YACjC,OAAO;AACL,gBAAA,OAAO,EAAE,IAAI;AACb,gBAAA,MAAM,EAAE,MAAM;AACd,gBAAA,MAAM,EAAE,MAAM;AACd,gBAAA,SAAS,EAAE,GAAG;aACf,CAAC;SACH;AAAM,aAAA,IAAI,UAAU,CAAC,OAAO,EAAE;YAC7B,OAAO;AACL,gBAAA,OAAO,EAAE,KAAK;AACd,gBAAA,MAAM,EAAE,SAAS;AACjB,gBAAA,MAAM,EAAE,MAAM;AACd,gBAAA,MAAM,EACJ,UAAU,CAAC,OAAO,CAAC,gBAAgB,KAAK,SAAS;AAC/C,sBAAE,CAAgC,6BAAA,EAAA,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAG,CAAA,CAAA;AACxE,sBAAE,qBAAqB;AAC3B,gBAAA,SAAS,EAAE,UAAU,CAAC,OAAO,CAAC,cAAc;AAC5C,gBAAA,SAAS,EAAE,GAAG;aACf,CAAC;SACH;AAAM,aAAA,IAAI,UAAU,CAAC,OAAO,KAAK,SAAS,EAAE;YAC3C,OAAO;AACL,gBAAA,OAAO,EAAE,KAAK;AACd,gBAAA,MAAM,EAAE,SAAS;AACjB,gBAAA,MAAM,EAAE,MAAM;AACd,gBAAA,MAAM,EAAE,qDAAqD;AAC7D,gBAAA,SAAS,EAAE,GAAG;aACf,CAAC;SACH;QAED,OAAO;AACL,YAAA,OAAO,EAAE,KAAK;AACd,YAAA,MAAM,EAAE,OAAO;AACf,YAAA,MAAM,EAAE,MAAM;AACd,YAAA,MAAM,EAAE,gDAAgD;AACxD,YAAA,SAAS,EAAE,GAAG;SACf,CAAC;KACH;IAAC,OAAO,KAAK,EAAE;QACd,OAAO;AACL,YAAA,OAAO,EAAE,KAAK;AACd,YAAA,MAAM,EAAE,OAAO;AACf,YAAA,MAAM,EAAE,MAAM;AACd,YAAA,MAAM,EAAE,CAAkC,+BAAA,EAAA,KAAK,YAAY,KAAK,GAAG,KAAK,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAE,CAAA;AAClG,YAAA,SAAS,EAAE,GAAG;SACf,CAAC;KACH;AACH,CAAC;AAED;;;;;;AAMG;AACI,eAAe,SAAS,CAC7B,IAAqB,EACrB,UAAkC,EAClC,OAAA,GAAgF,EAAE,EAAA;AAElF,IAAA,MAAM,EAAE,OAAO,GAAG,IAAI,EAAE,gBAAgB,GAAG,EAAE,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;AACpE,IAAA,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;;AAGvB,IAAA,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;AACvC,IAAA,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;QACzB,OAAO;AACL,YAAA,OAAO,EAAE,KAAK;AACd,YAAA,MAAM,EAAE,SAAS;AACjB,YAAA,MAAM,EAAE,MAAM;AACd,YAAA,MAAM,EAAE,uCAAuC;AAC/C,YAAA,SAAS,EAAE,GAAG;SACf,CAAC;KACH;;IAGD,IAAI,MAAM,GAAG,UAAU,CAAC;IACxB,IAAI,CAAC,MAAM,EAAE;;;QAGX,MAAM,GAAG,MAAM,sBAAsB,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;KAC/D;IACD,IAAI,CAAC,MAAM,EAAE;;QAEX,MAAM,GAAG,MAAM,kBAAkB,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;KAC5D;IACD,IAAI,CAAC,MAAM,EAAE;QACX,OAAO;AACL,YAAA,OAAO,EAAE,KAAK;AACd,YAAA,MAAM,EAAE,SAAS;AACjB,YAAA,MAAM,EAAE,MAAM;AACd,YAAA,MAAM,EAAE,qDAAqD;AAC7D,YAAA,SAAS,EAAE,GAAG;SACf,CAAC;KACH;;AAGD,IAAA,IAAI,OAAoB,CAAC;AACzB,IAAA,IAAI;QACF,OAAO,GAAG,MAAM,gBAAgB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;KAChD;IAAC,OAAO,KAAK,EAAE;QACd,OAAO;AACL,YAAA,OAAO,EAAE,KAAK;AACd,YAAA,MAAM,EAAE,OAAO;AACf,YAAA,MAAM,EAAE,MAAM;AACd,YAAA,MAAM,EAAE,CAAiC,8BAAA,EAAA,KAAK,YAAY,KAAK,GAAG,KAAK,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAE,CAAA;AACjG,YAAA,SAAS,EAAE,GAAG;SACf,CAAC;KACH;;AAGD,IAAA,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE;AAC1B,QAAA,IAAI;AACF,YAAA,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;YAChE,IAAI,MAAM,CAAC,EAAE,IAAI,MAAM,CAAC,IAAI,EAAE;AAC5B,gBAAA,OAAO,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aACvC;SACF;AAAC,QAAA,MAAM;;SAEP;KACF;IAED,OAAO;AACL,QAAA,OAAO,EAAE,KAAK;AACd,QAAA,MAAM,EAAE,OAAO;AACf,QAAA,MAAM,EAAE,MAAM;AACd,QAAA,MAAM,EAAE,0BAA0B;AAClC,QAAA,SAAS,EAAE,GAAG;KACf,CAAC;AACJ;;AC1eA,MAAM,4BAA4B,GAAG,WAAW,CAAC;AACjD,MAAM,0BAA0B,GAAG,WAAW,CAAC;AAO/C,eAAe,gBAAgB,CAAC,KAAkB,EAAA;AAChD,IAAA,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;AAC5D,IAAA,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC;AAClC,CAAC;AAED,SAAS,4BAA4B,CAAC,WAA4B,EAAA;IAChE,MAAM,sBAAsB,GAAG,WAAW,CAAC,YAAY,CACrD,4BAA4B,CACa,CAAC;AAE5C,IAAA,OAAO,sBAAsB,CAAC,sBAAsB,EAAE,KAAK,CAAC,CAAC;AAC/D,CAAC;AAED,SAAS,0BAA0B,CAAC,WAA4B,EAAA;IAC9D,MAAM,oBAAoB,GAAG,WAAW,CAAC,YAAY,CACnD,0BAA0B,CACa,CAAC;AAE1C,IAAA,OAAO,sBAAsB,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAC;AAC7D,CAAC;AAEM,eAAe,oCAAoC,CACxD,cAAsB,EACtB,UAAwC,EAAE,EAAA;AAE1C,IAAA,MAAM,iBAAiB,GAAG,IAAI,eAAe,CAAC,cAAc,CAAC,CAAC;AAC9D,IAAA,IAAI,iBAAiB,GACnB,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC;UAC3D,iBAAiB,CAAC,iBAAiB,EAAE,OAAO,CAAC,gBAAgB,CAAC;UAC9D,IAAI,CAAC;AAEX,IAAA,IAAI,CAAC,iBAAiB,IAAI,OAAO,CAAC,YAAY,EAAE;AAC9C,QAAA,iBAAiB,GAAG,MAAM,kBAAkB,CAC1C,iBAAiB,EACjB,OAAO,CAAC,YAAY,CAAC,OAAO,EAC5B,OAAO,CAAC,YAAY,CAAC,QAAQ,CAC9B,CAAC;KACH;IAED,OAAO;AACL,QAAA,eAAe,EAAE,0BAA0B,CAAC,iBAAiB,CAAC,MAAM,CAAC;AACrE,QAAA,yBAAyB,EAAE,4BAA4B,CAAC,iBAAiB,CAAC;AAC1E,QAAA,iBAAiB,EAAE,iBAAiB;AAClC,cAAE;AACE,gBAAA,SAAS,EAAE,0BAA0B,CAAC,iBAAiB,CAAC,OAAO,CAAC;gBAChE,aAAa,EAAE,MAAM,gBAAgB,CAAC,iBAAiB,CAAC,SAAS,CAAC,OAAO,CAAC;AAC3E,aAAA;AACH,cAAE,IAAI;KACT,CAAC;AACJ,CAAC;AAEM,eAAe,yCAAyC,CAC7D,cAAsB,EAAA;AAEtB,IAAA,MAAM,WAAW,GAAG,IAAI,eAAe,CAAC,cAAc,CAAC,CAAC;IAExD,OAAO;AACL,QAAA,SAAS,EAAE,0BAA0B,CAAC,WAAW,CAAC,OAAO,CAAC;AAC1D,QAAA,uBAAuB,EAAE,0BAA0B,CAAC,WAAW,CAAC;QAChE,aAAa,EAAE,MAAM,gBAAgB,CAAC,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC;KACrE,CAAC;AACJ;;;;"}

package/dist/{identity-c9e5052e.js → identity-d8910151.js} RENAMED Viewed

@@ -89,6 +89,78 @@ function findIssuerInChain(cert, chain) {
     }
     return null;
 }
+/**
+ * Extract any certificates carried inside embedded OCSP responses.
+ *
+ * OCSP responses frequently bundle the responder certificate and the issuer CA
+ * certificate. They are a useful offline source of the issuer certificate needed
+ * to build a (live) OCSP request when the container's certificate chain is empty.
+ *
+ * @param base64Responses Base64-encoded DER OCSP responses (from RevocationValues)
+ * @returns PEM-encoded certificates found in the responses
+ */
+function extractCertsFromOCSPResponses(base64Responses) {
+    const pems = [];
+    for (const base64Response of base64Responses) {
+        try {
+            const response = asn1Schema.AsnConvert.parse(normalize.base64ToArrayBuffer(base64Response), asn1Ocsp.OCSPResponse);
+            if (!response.responseBytes) {
+                continue;
+            }
+            const basicResponse = asn1Schema.AsnConvert.parse(response.responseBytes.response.buffer, asn1Ocsp.BasicOCSPResponse);
+            for (const certificate of basicResponse.certs ?? []) {
+                try {
+                    const x509$1 = new x509.X509Certificate(new Uint8Array(asn1Schema.AsnConvert.serialize(certificate)));
+                    pems.push(x509$1.toString("pem"));
+                }
+                catch {
+                    // Skip certificates that fail to parse
+                }
+            }
+        }
+        catch {
+            // Skip responses that fail to parse
+        }
+    }
+    return pems;
+}
+/**
+ * Resolve the issuer certificate for a cert from a candidate chain, preferring a
+ * candidate whose key actually signed the cert. This avoids building an OCSP
+ * request against the wrong (e.g. tampered, same-name) issuer.
+ *
+ * @param cert Certificate to find the issuer for
+ * @param chain Candidate certificates (PEM)
+ * @returns The verified issuer certificate, or null
+ */
+async function resolveIssuerFromChain(cert, chain) {
+    const nameMatches = [];
+    for (const pemCert of chain) {
+        try {
+            const candidate = new x509.X509Certificate(pemCert);
+            if (candidate.subject === cert.issuer) {
+                nameMatches.push(candidate);
+            }
+        }
+        catch {
+            // Skip invalid certificates
+        }
+    }
+    // Prefer a candidate that actually issued the certificate.
+    for (const candidate of nameMatches) {
+        try {
+            if (await cert.verify({ publicKey: candidate, signatureOnly: true })) {
+                return candidate;
+            }
+        }
+        catch {
+            // Verification not possible for this candidate; try the next.
+        }
+    }
+    // A same-name certificate with the wrong key must not suppress the safer AIA
+    // lookup. Only return a candidate that cryptographically issued the cert.
+    return null;
+}
 /**
  * Fetch issuer certificate from AIA extension
  * @param cert Certificate to fetch issuer for
@@ -311,8 +383,9 @@ async function checkOCSP(cert, issuerCert, options = {}) {
     // Try to find issuer certificate
     let issuer = issuerCert;
     if (!issuer) {
-        // Try certificate chain first
-        issuer = findIssuerInChain(cert, certificateChain);
+        // Try the certificate chain first (prefer a candidate that actually issued the
+        // cert). The chain may include certs recovered from embedded OCSP responses.
+        issuer = await resolveIssuerFromChain(cert, certificateChain);
     }
     if (!issuer) {
         // Try AIA extension
@@ -406,5 +479,6 @@ async function extractCertificateIdentityFromCertificate(certificatePem) {
 exports.checkOCSP = checkOCSP;
 exports.extractCertificateIdentityFromCertificate = extractCertificateIdentityFromCertificate;
+exports.extractCertsFromOCSPResponses = extractCertsFromOCSPResponses;
 exports.extractIssuerIdentityFromCertificate = extractIssuerIdentityFromCertificate;
-//# sourceMappingURL=identity-c9e5052e.js.map
+//# sourceMappingURL=identity-d8910151.js.map