node-opcua-crypto 4.16.0 → 4.17.0

package/dist/index.js

@@ -119,8 +119,29 @@ __export(index_exports, {
 });
 module.exports = __toCommonJS(index_exports);
 
+// source/common.ts
+var import_node_crypto = __toESM(require("crypto"));
+var KeyObjectOrig = import_node_crypto.default.KeyObject;
+var { createPrivateKey: createPrivateKeyFromNodeJSCrypto } = import_node_crypto.default;
+function isKeyObject(mayBeKeyObject) {
+  if (KeyObjectOrig) {
+    return mayBeKeyObject instanceof KeyObjectOrig;
+  }
+  return typeof mayBeKeyObject === "object" && typeof mayBeKeyObject.type === "string";
+}
+var CertificatePurpose = /* @__PURE__ */ ((CertificatePurpose2) => {
+  CertificatePurpose2[CertificatePurpose2["NotSpecified"] = 0] = "NotSpecified";
+  CertificatePurpose2[CertificatePurpose2["ForCertificateAuthority"] = 1] = "ForCertificateAuthority";
+  CertificatePurpose2[CertificatePurpose2["ForApplication"] = 2] = "ForApplication";
+  CertificatePurpose2[CertificatePurpose2["ForUserAuthentication"] = 3] = "ForUserAuthentication";
+  return CertificatePurpose2;
+})(CertificatePurpose || {});
+
+// source/crypto_explore_certificate.ts
+var import_node_assert4 = __toESM(require("assert"));
+
 // source/asn1.ts
-var import_assert = __toESM(require("assert"));
+var import_node_assert = __toESM(require("assert"));
 
 // source/oid_map.ts
 var oid_map = {
@@ -456,7 +477,7 @@ var TagType = /* @__PURE__ */ ((TagType2) => {
 function readTag(buf, pos) {
   const start = pos;
   if (buf.length <= pos) {
-    throw new Error("Invalid position : buf.length=" + buf.length + " pos =" + pos);
+    throw new Error(`Invalid position : buf.length=${buf.length} pos=${pos}`);
   }
   const tag = buf.readUInt8(pos);
   pos += 1;
@@ -485,7 +506,8 @@ function readStruct(buf, blockInfo) {
   return blocks;
 }
 function parseBitString(buffer, start, end, maxLength) {
-  const unusedBit = buffer.readUInt8(start), lenBit = (end - start - 1 << 3) - unusedBit, intro = "(" + lenBit + " bit)\n";
+  const unusedBit = buffer.readUInt8(start), lenBit = (end - start - 1 << 3) - unusedBit, intro = `(${lenBit} bit)
+`;
   let s = "", skip = unusedBit;
   for (let i = end - 1; i > start; --i) {
     const b = buffer.readUInt8(i);
@@ -493,12 +515,12 @@ function parseBitString(buffer, start, end, maxLength) {
       s += b >> j & 1 ? "1" : "0";
     }
     skip = 0;
-    (0, import_assert.default)(s.length <= maxLength);
+    (0, import_node_assert.default)(s.length <= maxLength);
   }
   return intro + s;
 }
 function readBitString(buffer, block) {
-  (0, import_assert.default)(block.tag === 3 /* BIT_STRING */);
+  (0, import_node_assert.default)(block.tag === 3 /* BIT_STRING */);
   const data = getBlock(buffer, block);
   const ignore_bits = data.readUInt8(0);
   return {
@@ -511,14 +533,14 @@ function readBitString(buffer, block) {
 function formatBuffer2DigitHexWithColum(buffer) {
   const value = [];
   for (let i = 0; i < buffer.length; i++) {
-    value.push(("00" + buffer.readUInt8(i).toString(16)).substr(-2, 2));
+    value.push(`00${buffer.readUInt8(i).toString(16)}`.substr(-2, 2));
   }
   return value.join(":").toUpperCase().replace(/^(00:)*/, "");
 }
 function readOctetString(buffer, block) {
-  (0, import_assert.default)(block.tag === 4 /* OCTET_STRING */);
+  (0, import_node_assert.default)(block.tag === 4 /* OCTET_STRING */);
   const tag = readTag(buffer, block.position);
-  (0, import_assert.default)(tag.tag === 4 /* OCTET_STRING */);
+  (0, import_node_assert.default)(tag.tag === 4 /* OCTET_STRING */);
   const nbBytes = tag.length;
   const pos = tag.position;
   const b = buffer.subarray(pos, pos + nbBytes);
@@ -548,19 +570,19 @@ function parseOID(buffer, start, end) {
     if (!(v & 128)) {
       if (s === "") {
         const m = n < 80 ? n < 40 ? 0 : 1 : 2;
-        s = m + "." + (n - m * 40);
+        s = `${m}.${n - m * 40}`;
       } else {
-        s += "." + n.toString();
+        s += `.${n.toString()}`;
       }
       n = 0;
       bits = 0;
     }
   }
-  (0, import_assert.default)(bits === 0);
+  (0, import_node_assert.default)(bits === 0);
   return s;
 }
 function readObjectIdentifier(buffer, block) {
-  (0, import_assert.default)(block.tag === 6 /* OBJECT_IDENTIFIER */);
+  (0, import_node_assert.default)(block.tag === 6 /* OBJECT_IDENTIFIER */);
   const b = buffer.subarray(block.position, block.position + block.length);
   const oid = parseOID(b, 0, block.length);
   return {
@@ -588,17 +610,17 @@ function readSignatureValue(buffer, block) {
   return readSignatureValueBin(buffer, block).toString("hex");
 }
 function readLongIntegerValue(buffer, block) {
-  (0, import_assert.default)(block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
+  (0, import_node_assert.default)(block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
   const pos = block.position;
   const nbBytes = block.length;
   const buf = buffer.subarray(pos, pos + nbBytes);
   return buf;
 }
 function readIntegerValue(buffer, block) {
-  (0, import_assert.default)(block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
+  (0, import_node_assert.default)(block.tag === 2 /* INTEGER */, "expecting a INTEGER tag");
   let pos = block.position;
   const nbBytes = block.length;
-  (0, import_assert.default)(nbBytes < 4);
+  (0, import_node_assert.default)(nbBytes < 4);
   let value = 0;
   for (let i = 0; i < nbBytes; i++) {
     value = value * 256 + buffer.readUInt8(pos);
@@ -607,11 +629,11 @@ function readIntegerValue(buffer, block) {
   return value;
 }
 function readBooleanValue(buffer, block) {
-  (0, import_assert.default)(block.tag === 1 /* BOOLEAN */, "expecting a BOOLEAN tag. got " + TagType[block.tag]);
+  (0, import_node_assert.default)(block.tag === 1 /* BOOLEAN */, `expecting a BOOLEAN tag. got ${TagType[block.tag]}`);
   const pos = block.position;
   const nbBytes = block.length;
-  (0, import_assert.default)(nbBytes < 4);
-  const value = buffer.readUInt8(pos) ? true : false;
+  (0, import_node_assert.default)(nbBytes < 4);
+  const value = !!buffer.readUInt8(pos);
   return value;
 }
 function readVersionValue(buffer, block) {
@@ -663,7 +685,7 @@ function readValue(buffer, block) {
     case 24 /* GeneralizedTime */:
       return convertGeneralizedTime(getBlock(buffer, block).toString("ascii"));
     default:
-      throw new Error("Invalid tag 0x" + block.tag.toString(16));
+      throw new Error(`Invalid tag 0x${block.tag.toString(16)}`);
   }
 }
 function findBlockAtIndex(blocks, index) {
@@ -678,31 +700,229 @@ function readTime(buffer, block) {
 }
 
 // source/crypto_utils.ts
-var import_constants = __toESM(require("constants"));
-var import_assert4 = __toESM(require("assert"));
-var import_crypto = require("crypto");
-var import_hexy = __toESM(require("hexy"));
+var import_node_assert2 = __toESM(require("assert"));
+var import_node_constants = __toESM(require("constants"));
+var import_node_crypto2 = require("crypto");
+var import_jsrsasign = __toESM(require("jsrsasign"));
 
 // source/buffer_utils.ts
 var createFastUninitializedBuffer = Buffer.allocUnsafe ? Buffer.allocUnsafe : (size) => {
   return new Buffer(size);
 };
 
-// source/crypto_explore_certificate.ts
-var import_assert3 = __toESM(require("assert"));
+// source/hexy.ts
+function hexy(buffer, { width, format } = {}) {
+  width = width || 80;
+  if (format === "twos") {
+    width = 26 * 3;
+  }
+  const regex = new RegExp(`.{1,${width}}`, "g");
+  const regexTwos = new RegExp(`.{1,${2}}`, "g");
+  let fullHex = buffer.toString("hex");
+  if (format === "twos") {
+    fullHex = fullHex.match(regexTwos)?.join(" ") || "";
+  }
+  return fullHex.match(regex)?.join("\n") || "";
+}
+
+// source/crypto_utils.ts
+var PEM_REGEX = /^(-----BEGIN (.*)-----\r?\n([/+=a-zA-Z0-9\r\n]*)\r?\n-----END \2-----\r?\n?)/gm;
+var PEM_TYPE_REGEX = /^(-----BEGIN (.*)-----)/m;
+function identifyPemType(rawKey) {
+  if (Buffer.isBuffer(rawKey)) {
+    rawKey = rawKey.toString("utf8");
+  }
+  const match = PEM_TYPE_REGEX.exec(rawKey);
+  return !match ? void 0 : match[2];
+}
+function removeTrailingLF(str) {
+  const tmp = str.replace(/(\r|\n)+$/m, "").replace(/\r\n/gm, "\n");
+  return tmp;
+}
+function toPem(raw_key, pem) {
+  (0, import_node_assert2.default)(raw_key, "expecting a key");
+  (0, import_node_assert2.default)(typeof pem === "string");
+  let pemType = identifyPemType(raw_key);
+  if (pemType) {
+    return Buffer.isBuffer(raw_key) ? removeTrailingLF(raw_key.toString("utf8")) : removeTrailingLF(raw_key);
+  } else {
+    pemType = pem;
+    (0, import_node_assert2.default)(["CERTIFICATE REQUEST", "CERTIFICATE", "RSA PRIVATE KEY", "PUBLIC KEY", "X509 CRL"].indexOf(pemType) >= 0);
+    let b = raw_key.toString("base64");
+    let str = `-----BEGIN ${pemType}-----
+`;
+    while (b.length) {
+      str += `${b.substring(0, 64)}
+`;
+      b = b.substring(64);
+    }
+    str += `-----END ${pemType}-----`;
+    return str;
+  }
+}
+function convertPEMtoDER(raw_key) {
+  let match;
+  let _pemType;
+  let base64str;
+  const parts = [];
+  PEM_REGEX.lastIndex = 0;
+  match = PEM_REGEX.exec(raw_key);
+  while (match !== null) {
+    _pemType = match[2];
+    base64str = match[3];
+    base64str = base64str.replace(/\r?\n/g, "");
+    parts.push(Buffer.from(base64str, "base64"));
+    match = PEM_REGEX.exec(raw_key);
+  }
+  return combine_der(parts);
+}
+function hexDump(buffer, width) {
+  if (!buffer) {
+    return "<>";
+  }
+  width = width || 32;
+  if (buffer.length > 1024) {
+    return `${hexy(buffer.subarray(0, 1024), { width, format: "twos" })}
+ .... ( ${buffer.length})`;
+  } else {
+    return hexy(buffer, { width, format: "twos" });
+  }
+}
+function makeMessageChunkSignature(chunk, options) {
+  const signer = (0, import_node_crypto2.createSign)(options.algorithm);
+  signer.update(chunk);
+  const signature = signer.sign(options.privateKey.hidden);
+  (0, import_node_assert2.default)(!options.signatureLength || signature.length === options.signatureLength);
+  return signature;
+}
+function verifyMessageChunkSignature(blockToVerify, signature, options) {
+  const verify = (0, import_node_crypto2.createVerify)(options.algorithm);
+  verify.update(blockToVerify);
+  return verify.verify(options.publicKey, signature);
+}
+function makeSHA1Thumbprint(buffer) {
+  return (0, import_node_crypto2.createHash)("sha1").update(buffer).digest();
+}
+var RSA_PKCS1_OAEP_PADDING = import_node_constants.default.RSA_PKCS1_OAEP_PADDING;
+var RSA_PKCS1_PADDING = import_node_constants.default.RSA_PKCS1_PADDING;
+var PaddingAlgorithm = /* @__PURE__ */ ((PaddingAlgorithm2) => {
+  PaddingAlgorithm2[PaddingAlgorithm2["RSA_PKCS1_OAEP_PADDING"] = 4] = "RSA_PKCS1_OAEP_PADDING";
+  PaddingAlgorithm2[PaddingAlgorithm2["RSA_PKCS1_PADDING"] = 1] = "RSA_PKCS1_PADDING";
+  return PaddingAlgorithm2;
+})(PaddingAlgorithm || {});
+(0, import_node_assert2.default)(4 /* RSA_PKCS1_OAEP_PADDING */ === import_node_constants.default.RSA_PKCS1_OAEP_PADDING);
+(0, import_node_assert2.default)(1 /* RSA_PKCS1_PADDING */ === import_node_constants.default.RSA_PKCS1_PADDING);
+function publicEncrypt_native(buffer, publicKey, algorithm) {
+  if (algorithm === void 0) {
+    algorithm = 4 /* RSA_PKCS1_OAEP_PADDING */;
+  }
+  return (0, import_node_crypto2.publicEncrypt)(
+    {
+      key: publicKey,
+      padding: algorithm
+    },
+    buffer
+  );
+}
+function privateDecrypt_native(buffer, privateKey, algorithm) {
+  if (algorithm === void 0) {
+    algorithm = 4 /* RSA_PKCS1_OAEP_PADDING */;
+  }
+  try {
+    return (0, import_node_crypto2.privateDecrypt)(
+      {
+        key: privateKey.hidden,
+        padding: algorithm
+      },
+      buffer
+    );
+  } catch (_err) {
+    return Buffer.alloc(1);
+  }
+}
+var publicEncrypt = publicEncrypt_native;
+var privateDecrypt = privateDecrypt_native;
+function publicEncrypt_long(buffer, publicKey, blockSize, padding, paddingAlgorithm) {
+  if (paddingAlgorithm === void 0) {
+    paddingAlgorithm = 4 /* RSA_PKCS1_OAEP_PADDING */;
+  }
+  if (paddingAlgorithm === RSA_PKCS1_PADDING) {
+    padding = padding || 11;
+    if (padding !== 11) throw new Error("padding should be 11");
+  } else if (paddingAlgorithm === RSA_PKCS1_OAEP_PADDING) {
+    padding = padding || 42;
+    if (padding !== 42) throw new Error("padding should be 42");
+  } else {
+    throw new Error(`Invalid padding algorithm ${paddingAlgorithm}`);
+  }
+  const chunk_size = blockSize - padding;
+  const nbBlocks = Math.ceil(buffer.length / chunk_size);
+  const outputBuffer = createFastUninitializedBuffer(nbBlocks * blockSize);
+  for (let i = 0; i < nbBlocks; i++) {
+    const currentBlock = buffer.subarray(chunk_size * i, chunk_size * (i + 1));
+    const encrypted_chunk = publicEncrypt(currentBlock, publicKey, paddingAlgorithm);
+    if (encrypted_chunk.length !== blockSize) {
+      throw new Error(`publicEncrypt_long unexpected chunk length ${encrypted_chunk.length}  expecting ${blockSize}`);
+    }
+    encrypted_chunk.copy(outputBuffer, i * blockSize);
+  }
+  return outputBuffer;
+}
+function privateDecrypt_long(buffer, privateKey, blockSize, paddingAlgorithm) {
+  paddingAlgorithm = paddingAlgorithm || RSA_PKCS1_OAEP_PADDING;
+  if (paddingAlgorithm !== RSA_PKCS1_PADDING && paddingAlgorithm !== RSA_PKCS1_OAEP_PADDING) {
+    throw new Error(`Invalid padding algorithm ${paddingAlgorithm}`);
+  }
+  const nbBlocks = Math.ceil(buffer.length / blockSize);
+  const outputBuffer = createFastUninitializedBuffer(nbBlocks * blockSize);
+  let total_length = 0;
+  for (let i = 0; i < nbBlocks; i++) {
+    const currentBlock = buffer.subarray(blockSize * i, Math.min(blockSize * (i + 1), buffer.length));
+    const decrypted_buf = privateDecrypt(currentBlock, privateKey, paddingAlgorithm);
+    decrypted_buf.copy(outputBuffer, total_length);
+    total_length += decrypted_buf.length;
+  }
+  return outputBuffer.subarray(0, total_length);
+}
+function coerceCertificatePem(certificate) {
+  if (Buffer.isBuffer(certificate)) {
+    certificate = toPem(certificate, "CERTIFICATE");
+  }
+  (0, import_node_assert2.default)(typeof certificate === "string");
+  return certificate;
+}
+function extractPublicKeyFromCertificateSync(certificate) {
+  certificate = coerceCertificatePem(certificate);
+  const key = import_jsrsasign.default.KEYUTIL.getKey(certificate);
+  const publicKeyAsPem = import_jsrsasign.default.KEYUTIL.getPEM(key);
+  (0, import_node_assert2.default)(typeof publicKeyAsPem === "string");
+  return publicKeyAsPem;
+}
+function extractPublicKeyFromCertificate(certificate, callback) {
+  let err1 = null;
+  let keyPem;
+  try {
+    keyPem = extractPublicKeyFromCertificateSync(certificate);
+  } catch (err) {
+    err1 = err;
+  }
+  setImmediate(() => {
+    callback(err1, keyPem);
+  });
+}
 
 // source/directory_name.ts
-var import_assert2 = __toESM(require("assert"));
+var import_node_assert3 = __toESM(require("assert"));
 function readDirectoryName(buffer, block) {
   const set_blocks = readStruct(buffer, block);
   const names = {};
   for (const set_block of set_blocks) {
-    (0, import_assert2.default)(set_block.tag === 49);
+    (0, import_node_assert3.default)(set_block.tag === 49);
     const blocks = readStruct(buffer, set_block);
-    (0, import_assert2.default)(blocks.length === 1);
-    (0, import_assert2.default)(blocks[0].tag === 48);
+    (0, import_node_assert3.default)(blocks.length === 1);
+    (0, import_node_assert3.default)(blocks[0].tag === 48);
     const sequenceBlock = readStruct(buffer, blocks[0]);
-    (0, import_assert2.default)(sequenceBlock.length === 2);
+    (0, import_node_assert3.default)(sequenceBlock.length === 2);
     const type = readObjectIdentifier(buffer, sequenceBlock[0]);
     names[type.name] = readValue(buffer, sequenceBlock[1]);
   }
@@ -782,7 +1002,7 @@ function _readAuthorityKeyIdentifier(buffer) {
     // can be null for self-signed certf
   };
 }
-function readBasicConstraint2_5_29_19(buffer, block) {
+function readBasicConstraint2_5_29_19(buffer, _block) {
   const block_info = readTag(buffer, 0);
   const inner_blocks = readStruct(buffer, block_info).slice(0, 2);
   let cA = false;
@@ -827,14 +1047,14 @@ function _readGeneralNames(buffer, block) {
   }
   const n = {};
   for (const block2 of blocks) {
-    (0, import_assert3.default)((block2.tag & 128) === 128);
+    (0, import_node_assert4.default)((block2.tag & 128) === 128);
     const t2 = block2.tag & 127;
     const type = _data[t2];
     if (!type) {
-      console.log("_readGeneralNames: INVALID TYPE => " + t2 + " 0x" + t2.toString(16));
+      console.log(`_readGeneralNames: INVALID TYPE => ${t2} 0x${t2.toString(16)}`);
       continue;
     }
-    if (t2 == 32) {
+    if (t2 === 32) {
       n[type.name] = n[type.name] || [];
       const blocks2 = readStruct(buffer, block2);
       const name = readObjectIdentifier(buffer, blocks2[0]).name;
@@ -857,7 +1077,7 @@ function _readSubjectAltNames(buffer) {
   const block_info = readTag(buffer, 0);
   return _readGeneralNames(buffer, block_info);
 }
-function readKeyUsage(oid, buffer) {
+function readKeyUsage(_oid, buffer) {
   const block_info = readTag(buffer, 0);
   let b2 = 0;
   let b3 = 0;
@@ -887,7 +1107,7 @@ function readKeyUsage(oid, buffer) {
   };
 }
 function readExtKeyUsage(oid, buffer) {
-  (0, import_assert3.default)(oid === "2.5.29.37");
+  (0, import_node_assert4.default)(oid === "2.5.29.37");
   const block_info = readTag(buffer, 0);
   const inner_blocks = readStruct(buffer, block_info);
   const extKeyUsage = {
@@ -917,7 +1137,7 @@ function _readSubjectPublicKey(buffer) {
 function readExtension(buffer, block) {
   const inner_blocks = readStruct(buffer, block);
   if (inner_blocks.length === 3) {
-    (0, import_assert3.default)(inner_blocks[1].tag === 1 /* BOOLEAN */);
+    (0, import_node_assert4.default)(inner_blocks[1].tag === 1 /* BOOLEAN */);
     inner_blocks[1] = inner_blocks[2];
   }
   const identifier = readObjectIdentifier(buffer, inner_blocks[0]);
@@ -937,7 +1157,7 @@ function readExtension(buffer, block) {
       value = readBasicConstraint2_5_29_19(buf, inner_blocks[1]);
       break;
     case "certExtension":
-      value = "basicConstraints ( not implemented yet) " + buf.toString("hex");
+      value = `basicConstraints ( not implemented yet) ${buf.toString("hex")}`;
       break;
     case "extKeyUsage":
       value = readExtKeyUsage(identifier.oid, buf);
@@ -946,7 +1166,7 @@ function readExtension(buffer, block) {
       value = readKeyUsage(identifier.oid, buf);
       break;
     default:
-      value = "Unknown " + identifier.name + buf.toString("hex");
+      value = `Unknown ${identifier.name}${buf.toString("hex")}`;
   }
   return {
     identifier,
@@ -954,7 +1174,7 @@ function readExtension(buffer, block) {
   };
 }
 function _readExtensions(buffer, block) {
-  (0, import_assert3.default)(block.tag === 163);
+  (0, import_node_assert4.default)(block.tag === 163);
   let inner_blocks = readStruct(buffer, block);
   inner_blocks = readStruct(buffer, inner_blocks[0]);
   const extensions = inner_blocks.map((block2) => readExtension(buffer, block2));
@@ -993,10 +1213,17 @@ function _readSubjectECCPublicKeyInfo(buffer, block) {
 }
 function readTbsCertificate(buffer, block) {
   const blocks = readStruct(buffer, block);
-  let version, serialNumber, signature, issuer, validity, subject, subjectFingerPrint, extensions;
+  let _version;
+  let serialNumber;
+  let signature;
+  let issuer;
+  let validity;
+  let subject;
+  let subjectFingerPrint;
+  let extensions;
   let subjectPublicKeyInfo;
   if (blocks.length === 6) {
-    version = 1;
+    _version = 1;
     serialNumber = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, blocks[0]));
     signature = readAlgorithmIdentifier(buffer, blocks[1]);
     issuer = _readName(buffer, blocks[2]);
@@ -1010,7 +1237,7 @@ function readTbsCertificate(buffer, block) {
     if (!version_block) {
       throw new Error("cannot find version block");
     }
-    version = readVersionValue(buffer, version_block) + 1;
+    _version = readVersionValue(buffer, version_block) + 1;
     serialNumber = formatBuffer2DigitHexWithColum(readLongIntegerValue(buffer, blocks[1]));
     signature = readAlgorithmIdentifier(buffer, blocks[2]);
     issuer = _readName(buffer, blocks[3]);
@@ -1024,374 +1251,73 @@ function readTbsCertificate(buffer, block) {
         subjectPublicKeyInfo = _readSubjectPublicKeyInfo(buffer, blocks[6]);
         break;
       }
-      case "ecPublicKey":
       default: {
+        (0, import_node_assert4.default)(what_type === "ecPublicKey");
         subjectPublicKeyInfo = _readSubjectECCPublicKeyInfo(buffer, blocks[6]);
         break;
       }
     }
     const extensionBlock = findBlockAtIndex(blocks, 3);
     if (!extensionBlock) {
-      doDebug && console.log("X509 certificate is invalid : cannot find extension block version =" + version_block);
+      doDebug && console.log(`X509 certificate is invalid : cannot find extension block version = ${version_block}`);
       extensions = null;
     } else {
       extensions = _readExtensions(buffer, extensionBlock);
     }
-  }
-  return {
-    version,
-    serialNumber,
-    signature,
-    issuer,
-    validity,
-    subject,
-    subjectFingerPrint,
-    subjectPublicKeyInfo,
-    extensions
-  };
-}
-function exploreCertificate(certificate) {
-  (0, import_assert3.default)(Buffer.isBuffer(certificate));
-  if (!certificate._exploreCertificate_cache) {
-    const block_info = readTag(certificate, 0);
-    const blocks = readStruct(certificate, block_info);
-    certificate._exploreCertificate_cache = {
-      tbsCertificate: readTbsCertificate(certificate, blocks[0]),
-      signatureAlgorithm: readAlgorithmIdentifier(certificate, blocks[1]),
-      signatureValue: readSignatureValue(certificate, blocks[2])
-    };
-  }
-  return certificate._exploreCertificate_cache;
-}
-function split_der(certificateChain) {
-  const certificate_chain = [];
-  do {
-    const block_info = readTag(certificateChain, 0);
-    const length = block_info.position + block_info.length;
-    const der_certificate = certificateChain.subarray(0, length);
-    certificate_chain.push(der_certificate);
-    certificateChain = certificateChain.subarray(length);
-  } while (certificateChain.length > 0);
-  return certificate_chain;
-}
-function combine_der(certificates) {
-  for (const cert of certificates) {
-    const b = split_der(cert);
-    let sum = 0;
-    b.forEach((block) => {
-      const block_info = readTag(block, 0);
-      (0, import_assert3.default)(block_info.position + block_info.length === block.length);
-      sum += block.length;
-    });
-    (0, import_assert3.default)(sum === cert.length);
-  }
-  return Buffer.concat(certificates);
-}
-
-// source/crypto_utils.ts
-var import_jsrsasign = __toESM(require("jsrsasign"));
-var { hexy } = import_hexy.default;
-var PEM_REGEX = /^(-----BEGIN (.*)-----\r?\n([/+=a-zA-Z0-9\r\n]*)\r?\n-----END \2-----\r?\n?)/gm;
-var PEM_TYPE_REGEX = /^(-----BEGIN (.*)-----)/m;
-function identifyPemType(rawKey) {
-  if (Buffer.isBuffer(rawKey)) {
-    rawKey = rawKey.toString("utf8");
-  }
-  const match = PEM_TYPE_REGEX.exec(rawKey);
-  return !match ? void 0 : match[2];
-}
-function removeTrailingLF(str) {
-  const tmp = str.replace(/(\r|\n)+$/m, "").replace(/\r\n/gm, "\n");
-  return tmp;
-}
-function toPem(raw_key, pem) {
-  (0, import_assert4.default)(raw_key, "expecting a key");
-  (0, import_assert4.default)(typeof pem === "string");
-  let pemType = identifyPemType(raw_key);
-  if (pemType) {
-    return Buffer.isBuffer(raw_key) ? removeTrailingLF(raw_key.toString("utf8")) : removeTrailingLF(raw_key);
-  } else {
-    pemType = pem;
-    (0, import_assert4.default)(["CERTIFICATE REQUEST", "CERTIFICATE", "RSA PRIVATE KEY", "PUBLIC KEY", "X509 CRL"].indexOf(pemType) >= 0);
-    let b = raw_key.toString("base64");
-    let str = "-----BEGIN " + pemType + "-----\n";
-    while (b.length) {
-      str += b.substring(0, 64) + "\n";
-      b = b.substring(64);
-    }
-    str += "-----END " + pemType + "-----";
-    return str;
-  }
-}
-function convertPEMtoDER(raw_key) {
-  let match;
-  let pemType;
-  let base64str;
-  const parts = [];
-  PEM_REGEX.lastIndex = 0;
-  while ((match = PEM_REGEX.exec(raw_key)) !== null) {
-    pemType = match[2];
-    base64str = match[3];
-    base64str = base64str.replace(/\r?\n/g, "");
-    parts.push(Buffer.from(base64str, "base64"));
-  }
-  return combine_der(parts);
-}
-function hexDump(buffer, width) {
-  if (!buffer) {
-    return "<>";
-  }
-  width = width || 32;
-  if (buffer.length > 1024) {
-    return hexy(buffer.subarray(0, 1024), { width, format: "twos" }) + "\n .... ( " + buffer.length + ")";
-  } else {
-    return hexy(buffer, { width, format: "twos" });
-  }
-}
-function makeMessageChunkSignature(chunk, options) {
-  const signer = (0, import_crypto.createSign)(options.algorithm);
-  signer.update(chunk);
-  const signature = signer.sign(options.privateKey.hidden);
-  (0, import_assert4.default)(!options.signatureLength || signature.length === options.signatureLength);
-  return signature;
-}
-function verifyMessageChunkSignature(blockToVerify, signature, options) {
-  const verify = (0, import_crypto.createVerify)(options.algorithm);
-  verify.update(blockToVerify);
-  return verify.verify(options.publicKey, signature);
-}
-function makeSHA1Thumbprint(buffer) {
-  return (0, import_crypto.createHash)("sha1").update(buffer).digest();
-}
-var RSA_PKCS1_OAEP_PADDING = import_constants.default.RSA_PKCS1_OAEP_PADDING;
-var RSA_PKCS1_PADDING = import_constants.default.RSA_PKCS1_PADDING;
-var PaddingAlgorithm = /* @__PURE__ */ ((PaddingAlgorithm2) => {
-  PaddingAlgorithm2[PaddingAlgorithm2["RSA_PKCS1_OAEP_PADDING"] = 4] = "RSA_PKCS1_OAEP_PADDING";
-  PaddingAlgorithm2[PaddingAlgorithm2["RSA_PKCS1_PADDING"] = 1] = "RSA_PKCS1_PADDING";
-  return PaddingAlgorithm2;
-})(PaddingAlgorithm || {});
-(0, import_assert4.default)(4 /* RSA_PKCS1_OAEP_PADDING */ === import_constants.default.RSA_PKCS1_OAEP_PADDING);
-(0, import_assert4.default)(1 /* RSA_PKCS1_PADDING */ === import_constants.default.RSA_PKCS1_PADDING);
-function publicEncrypt_native(buffer, publicKey, algorithm) {
-  if (algorithm === void 0) {
-    algorithm = 4 /* RSA_PKCS1_OAEP_PADDING */;
-  }
-  return (0, import_crypto.publicEncrypt)(
-    {
-      key: publicKey,
-      padding: algorithm
-    },
-    buffer
-  );
-}
-function privateDecrypt_native(buffer, privateKey, algorithm) {
-  if (algorithm === void 0) {
-    algorithm = 4 /* RSA_PKCS1_OAEP_PADDING */;
-  }
-  try {
-    return (0, import_crypto.privateDecrypt)(
-      {
-        key: privateKey.hidden,
-        padding: algorithm
-      },
-      buffer
-    );
-  } catch (err) {
-    return Buffer.alloc(1);
-  }
-}
-var publicEncrypt = publicEncrypt_native;
-var privateDecrypt = privateDecrypt_native;
-function publicEncrypt_long(buffer, publicKey, blockSize, padding, paddingAlgorithm) {
-  if (paddingAlgorithm === void 0) {
-    paddingAlgorithm = 4 /* RSA_PKCS1_OAEP_PADDING */;
-  }
-  if (paddingAlgorithm === RSA_PKCS1_PADDING) {
-    padding = padding || 11;
-    if (padding !== 11) throw new Error("padding should be 11");
-  } else if (paddingAlgorithm === RSA_PKCS1_OAEP_PADDING) {
-    padding = padding || 42;
-    if (padding !== 42) throw new Error("padding should be 42");
-  } else {
-    throw new Error("Invalid padding algorithm " + paddingAlgorithm);
-  }
-  const chunk_size = blockSize - padding;
-  const nbBlocks = Math.ceil(buffer.length / chunk_size);
-  const outputBuffer = createFastUninitializedBuffer(nbBlocks * blockSize);
-  for (let i = 0; i < nbBlocks; i++) {
-    const currentBlock = buffer.subarray(chunk_size * i, chunk_size * (i + 1));
-    const encrypted_chunk = publicEncrypt(currentBlock, publicKey, paddingAlgorithm);
-    if (encrypted_chunk.length !== blockSize) {
-      throw new Error(`publicEncrypt_long unexpected chunk length ${encrypted_chunk.length}  expecting ${blockSize}`);
-    }
-    encrypted_chunk.copy(outputBuffer, i * blockSize);
-  }
-  return outputBuffer;
-}
-function privateDecrypt_long(buffer, privateKey, blockSize, paddingAlgorithm) {
-  paddingAlgorithm = paddingAlgorithm || RSA_PKCS1_OAEP_PADDING;
-  if (paddingAlgorithm !== RSA_PKCS1_PADDING && paddingAlgorithm !== RSA_PKCS1_OAEP_PADDING) {
-    throw new Error("Invalid padding algorithm " + paddingAlgorithm);
-  }
-  const nbBlocks = Math.ceil(buffer.length / blockSize);
-  const outputBuffer = createFastUninitializedBuffer(nbBlocks * blockSize);
-  let total_length = 0;
-  for (let i = 0; i < nbBlocks; i++) {
-    const currentBlock = buffer.subarray(blockSize * i, Math.min(blockSize * (i + 1), buffer.length));
-    const decrypted_buf = privateDecrypt(currentBlock, privateKey, paddingAlgorithm);
-    decrypted_buf.copy(outputBuffer, total_length);
-    total_length += decrypted_buf.length;
-  }
-  return outputBuffer.subarray(0, total_length);
-}
-function coerceCertificatePem(certificate) {
-  if (Buffer.isBuffer(certificate)) {
-    certificate = toPem(certificate, "CERTIFICATE");
-  }
-  (0, import_assert4.default)(typeof certificate === "string");
-  return certificate;
-}
-function extractPublicKeyFromCertificateSync(certificate) {
-  certificate = coerceCertificatePem(certificate);
-  const key = import_jsrsasign.default.KEYUTIL.getKey(certificate);
-  const publicKeyAsPem = import_jsrsasign.default.KEYUTIL.getPEM(key);
-  (0, import_assert4.default)(typeof publicKeyAsPem === "string");
-  return publicKeyAsPem;
-}
-function extractPublicKeyFromCertificate(certificate, callback) {
-  let err1 = null;
-  let keyPem;
-  try {
-    keyPem = extractPublicKeyFromCertificateSync(certificate);
-  } catch (err) {
-    err1 = err;
-  }
-  setImmediate(() => {
-    callback(err1, keyPem);
-  });
-}
-
-// source/explore_private_key.ts
-function f(buffer, b) {
-  return buffer.subarray(b.position + 1, b.position + b.length);
-}
-var doDebug2 = !!process.env.DEBUG;
-function explorePrivateKey(privateKey2) {
-  const privateKey1 = privateKey2.hidden;
-  const privateKey = typeof privateKey1 === "string" ? convertPEMtoDER(privateKey1) : privateKey1.export({ format: "der", type: "pkcs1" });
-  const block_info = readTag(privateKey, 0);
-  const blocks = readStruct(privateKey, block_info);
-  if (blocks.length === 9) {
-    const version2 = f(privateKey, blocks[0]);
-    const modulus2 = f(privateKey, blocks[1]);
-    const publicExponent2 = f(privateKey, blocks[2]);
-    const privateExponent2 = f(privateKey, blocks[3]);
-    const prime12 = f(privateKey, blocks[4]);
-    const prime22 = f(privateKey, blocks[5]);
-    const exponent12 = f(privateKey, blocks[6]);
-    const exponent22 = f(privateKey, blocks[7]);
-    return {
-      version: version2,
-      modulus: modulus2,
-      publicExponent: publicExponent2,
-      privateExponent: privateExponent2,
-      prime1: prime12,
-      prime2: prime22,
-      exponent1: exponent12,
-      exponent2: exponent22
-    };
-  }
-  if (doDebug2) {
-    console.log("-------------------- private key:");
-    console.log(block_info);
-    console.log(
-      blocks.map((b2) => ({
-        tag: TagType[b2.tag] + " 0x" + b2.tag.toString(16),
-        l: b2.length,
-        p: b2.position,
-        buff: privateKey.subarray(b2.position, b2.position + b2.length).toString("hex")
-      }))
-    );
-  }
-  const b = blocks[2];
-  const bb = privateKey.subarray(b.position, b.position + b.length);
-  const block_info1 = readTag(bb, 0);
-  const blocks1 = readStruct(bb, block_info1);
-  if (doDebug2) {
-    console.log(
-      blocks1.map((b2) => ({
-        tag: TagType[b2.tag] + " 0x" + b2.tag.toString(16),
-        l: b2.length,
-        p: b2.position,
-        buff: bb.subarray(b2.position, b2.position + b2.length).toString("hex")
-      }))
-    );
-  }
-  const version = f(bb, blocks1[0]);
-  const modulus = f(bb, blocks1[1]);
-  const publicExponent = f(bb, blocks1[2]);
-  const privateExponent = f(bb, blocks1[3]);
-  const prime1 = f(bb, blocks1[4]);
-  const prime2 = f(bb, blocks1[5]);
-  const exponent1 = f(bb, blocks1[6]);
-  const exponent2 = f(bb, blocks1[7]);
+  }
   return {
-    version,
-    modulus,
-    publicExponent,
-    privateExponent,
-    prime1,
-    prime2,
-    exponent1,
-    exponent2
+    version: _version,
+    serialNumber,
+    signature,
+    issuer,
+    validity,
+    subject,
+    subjectFingerPrint,
+    subjectPublicKeyInfo,
+    extensions
   };
 }
-
-// source/public_private_match.ts
-function publicKeyAndPrivateKeyMatches(certificate, privateKey) {
-  const i = exploreCertificate(certificate);
-  const j = explorePrivateKey(privateKey);
-  const modulus1 = i.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.modulus;
-  const modulus2 = j.modulus;
-  if (modulus1.length != modulus2.length) {
-    return false;
+function exploreCertificate(certificate) {
+  (0, import_node_assert4.default)(Buffer.isBuffer(certificate));
+  const certificate_priv = certificate;
+  if (!certificate_priv._exploreCertificate_cache) {
+    const block_info = readTag(certificate, 0);
+    const blocks = readStruct(certificate, block_info);
+    certificate_priv._exploreCertificate_cache = {
+      tbsCertificate: readTbsCertificate(certificate, blocks[0]),
+      signatureAlgorithm: readAlgorithmIdentifier(certificate, blocks[1]),
+      signatureValue: readSignatureValue(certificate, blocks[2])
+    };
   }
-  return modulus1.toString("hex") === modulus2.toString("hex");
-}
-function certificateMatchesPrivateKeyPEM(certificate, privateKey, blockSize) {
-  const initialBuffer = Buffer.from("Lorem Ipsum");
-  const encryptedBuffer = publicEncrypt_long(initialBuffer, certificate, blockSize);
-  const decryptedBuffer = privateDecrypt_long(encryptedBuffer, privateKey, blockSize);
-  const finalString = decryptedBuffer.toString("utf-8");
-  return initialBuffer.toString("utf-8") === finalString;
+  return certificate_priv._exploreCertificate_cache;
 }
-function certificateMatchesPrivateKey(certificate, privateKey) {
-  const e = explorePrivateKey(privateKey);
-  const blockSize = e.modulus.length;
-  const certificatePEM = toPem(certificate, "CERTIFICATE");
-  return certificateMatchesPrivateKeyPEM(certificatePEM, privateKey, blockSize);
+function split_der(certificateChain) {
+  const certificate_chain = [];
+  do {
+    const block_info = readTag(certificateChain, 0);
+    const length = block_info.position + block_info.length;
+    const der_certificate = certificateChain.subarray(0, length);
+    certificate_chain.push(der_certificate);
+    certificateChain = certificateChain.subarray(length);
+  } while (certificateChain.length > 0);
+  return certificate_chain;
 }
-
-// source/common.ts
-var import_crypto2 = __toESM(require("crypto"));
-var KeyObjectOrig = import_crypto2.default.KeyObject;
-var { createPrivateKey: createPrivateKeyFromNodeJSCrypto } = import_crypto2.default;
-function isKeyObject(mayBeKeyObject) {
-  if (KeyObjectOrig) {
-    return mayBeKeyObject instanceof KeyObjectOrig;
+function combine_der(certificates) {
+  for (const cert of certificates) {
+    const b = split_der(cert);
+    let sum = 0;
+    b.forEach((block) => {
+      const block_info = readTag(block, 0);
+      (0, import_node_assert4.default)(block_info.position + block_info.length === block.length);
+      sum += block.length;
+    });
+    (0, import_node_assert4.default)(sum === cert.length);
   }
-  return typeof mayBeKeyObject === "object" && typeof mayBeKeyObject.type === "string";
+  return Buffer.concat(certificates);
 }
-var CertificatePurpose = /* @__PURE__ */ ((CertificatePurpose2) => {
-  CertificatePurpose2[CertificatePurpose2["NotSpecified"] = 0] = "NotSpecified";
-  CertificatePurpose2[CertificatePurpose2["ForCertificateAuthority"] = 1] = "ForCertificateAuthority";
-  CertificatePurpose2[CertificatePurpose2["ForApplication"] = 2] = "ForApplication";
-  CertificatePurpose2[CertificatePurpose2["ForUserAuthentication"] = 3] = "ForUserAuthentication";
-  return CertificatePurpose2;
-})(CertificatePurpose || {});
 
 // source/crypto_utils2.ts
-var import_assert5 = __toESM(require("assert"));
+var import_node_assert5 = __toESM(require("assert"));
 var import_jsrsasign2 = __toESM(require("jsrsasign"));
 function rsaLengthPrivateKey(key) {
   const keyPem = typeof key.hidden === "string" ? key.hidden : key.hidden.export({ type: "pkcs1", format: "pem" }).toString();
@@ -1402,8 +1328,8 @@ function toPem2(raw_key, pem) {
   if (raw_key.hidden) {
     return toPem2(raw_key.hidden, pem);
   }
-  (0, import_assert5.default)(raw_key, "expecting a key");
-  (0, import_assert5.default)(typeof pem === "string");
+  (0, import_node_assert5.default)(raw_key, "expecting a key");
+  (0, import_node_assert5.default)(typeof pem === "string");
   if (isKeyObject(raw_key)) {
     const _raw_key = raw_key;
     if (pem === "RSA PRIVATE KEY") {
@@ -1423,40 +1349,40 @@ function coercePublicKeyPem(publicKey) {
   if (isKeyObject(publicKey)) {
     return publicKey.export({ format: "pem", type: "spki" }).toString();
   }
-  (0, import_assert5.default)(typeof publicKey === "string");
+  (0, import_node_assert5.default)(typeof publicKey === "string");
   return publicKey;
 }
 function coerceRsaPublicKeyPem(publicKey) {
   if (isKeyObject(publicKey)) {
     return publicKey.export({ format: "pem", type: "spki" }).toString();
   }
-  (0, import_assert5.default)(typeof publicKey === "string");
+  (0, import_node_assert5.default)(typeof publicKey === "string");
   return publicKey;
 }
 function rsaLengthPublicKey(key) {
   key = coercePublicKeyPem(key);
-  (0, import_assert5.default)(typeof key === "string");
+  (0, import_node_assert5.default)(typeof key === "string");
   const a = import_jsrsasign2.default.KEYUTIL.getKey(key);
   return a.n.toString(16).length / 2;
 }
 function rsaLengthRsaPublicKey(key) {
   key = coerceRsaPublicKeyPem(key);
-  (0, import_assert5.default)(typeof key === "string");
+  (0, import_node_assert5.default)(typeof key === "string");
   const a = import_jsrsasign2.default.KEYUTIL.getKey(key);
   return a.n.toString(16).length / 2;
 }
 
 // source/derived_keys.ts
-var import_assert7 = __toESM(require("assert"));
-var import_crypto3 = require("crypto");
+var import_node_assert7 = __toESM(require("assert"));
+var import_node_crypto3 = require("crypto");
 
 // source/explore_certificate.ts
-var import_assert6 = __toESM(require("assert"));
+var import_node_assert6 = __toESM(require("assert"));
 function coerceCertificate(certificate) {
   if (typeof certificate === "string") {
     certificate = convertPEMtoDER(certificate);
   }
-  (0, import_assert6.default)(Buffer.isBuffer(certificate));
+  (0, import_node_assert6.default)(Buffer.isBuffer(certificate));
   return certificate;
 }
 function exploreCertificateInfo(certificate) {
@@ -1470,21 +1396,21 @@ function exploreCertificateInfo(certificate) {
     subject: certInfo.tbsCertificate.subject
   };
   if (!(data.publicKeyLength === 512 || data.publicKeyLength === 384 || data.publicKeyLength === 256 || data.publicKeyLength === 128)) {
-    throw new Error("Invalid public key length (expecting 128,256,384 or 512)" + data.publicKeyLength);
+    throw new Error(`Invalid public key length (expecting 128,256,384 or 512): ${data.publicKeyLength}`);
   }
   return data;
 }
 
 // source/derived_keys.ts
 function HMAC_HASH(sha1or256, secret, message) {
-  return (0, import_crypto3.createHmac)(sha1or256, secret).update(message).digest();
+  return (0, import_node_crypto3.createHmac)(sha1or256, secret).update(message).digest();
 }
 function plus(buf1, buf2) {
   return Buffer.concat([buf1, buf2]);
 }
 function makePseudoRandomBuffer(secret, seed, minLength, sha1or256) {
-  (0, import_assert7.default)(Buffer.isBuffer(seed));
-  (0, import_assert7.default)(sha1or256 === "SHA1" || sha1or256 === "SHA256");
+  (0, import_node_assert7.default)(Buffer.isBuffer(seed));
+  (0, import_node_assert7.default)(sha1or256 === "SHA1" || sha1or256 === "SHA256");
   const a = [];
   a[0] = seed;
   let index = 1;
@@ -1497,12 +1423,12 @@ function makePseudoRandomBuffer(secret, seed, minLength, sha1or256) {
   return p_hash.subarray(0, minLength);
 }
 function computeDerivedKeys(secret, seed, options) {
-  (0, import_assert7.default)(Number.isFinite(options.signatureLength));
-  (0, import_assert7.default)(Number.isFinite(options.encryptingKeyLength));
-  (0, import_assert7.default)(Number.isFinite(options.encryptingBlockSize));
-  (0, import_assert7.default)(typeof options.algorithm === "string");
+  (0, import_node_assert7.default)(Number.isFinite(options.signatureLength));
+  (0, import_node_assert7.default)(Number.isFinite(options.encryptingKeyLength));
+  (0, import_node_assert7.default)(Number.isFinite(options.encryptingBlockSize));
+  (0, import_node_assert7.default)(typeof options.algorithm === "string");
   options.sha1or256 = options.sha1or256 || "SHA1";
-  (0, import_assert7.default)(typeof options.sha1or256 === "string");
+  (0, import_node_assert7.default)(typeof options.sha1or256 === "string");
   const offset1 = options.signingKeyLength;
   const offset2 = offset1 + options.encryptingKeyLength;
   const minLength = offset2 + options.encryptingBlockSize;
@@ -1527,7 +1453,7 @@ function removePadding(buffer) {
   return reduceLength(buffer, nbPaddingBytes);
 }
 function verifyChunkSignature(chunk, options) {
-  (0, import_assert7.default)(Buffer.isBuffer(chunk));
+  (0, import_node_assert7.default)(Buffer.isBuffer(chunk));
   let signatureLength = options.signatureLength || 0;
   if (signatureLength === 0) {
     const cert = exploreCertificateInfo(options.publicKey);
@@ -1538,23 +1464,23 @@ function verifyChunkSignature(chunk, options) {
   return verifyMessageChunkSignature(block_to_verify, signature, options);
 }
 function computePaddingFooter(buffer, derivedKeys) {
-  (0, import_assert7.default)(Object.prototype.hasOwnProperty.call(derivedKeys, "encryptingBlockSize"));
+  (0, import_node_assert7.default)(Object.hasOwn(derivedKeys, "encryptingBlockSize"));
   const paddingSize = derivedKeys.encryptingBlockSize - (buffer.length + 1) % derivedKeys.encryptingBlockSize;
   const padding = createFastUninitializedBuffer(paddingSize + 1);
   padding.fill(paddingSize);
   return padding;
 }
 function derivedKeys_algorithm(derivedKeys) {
-  (0, import_assert7.default)(Object.prototype.hasOwnProperty.call(derivedKeys, "algorithm"));
+  (0, import_node_assert7.default)(Object.hasOwn(derivedKeys, "algorithm"));
   const algorithm = derivedKeys.algorithm || "aes-128-cbc";
-  (0, import_assert7.default)(algorithm === "aes-128-cbc" || algorithm === "aes-256-cbc");
+  (0, import_node_assert7.default)(algorithm === "aes-128-cbc" || algorithm === "aes-256-cbc");
   return algorithm;
 }
 function encryptBufferWithDerivedKeys(buffer, derivedKeys) {
   const algorithm = derivedKeys_algorithm(derivedKeys);
   const key = derivedKeys.encryptingKey;
   const initVector = derivedKeys.initializationVector;
-  const cipher = (0, import_crypto3.createCipheriv)(algorithm, key, initVector);
+  const cipher = (0, import_node_crypto3.createCipheriv)(algorithm, key, initVector);
   cipher.setAutoPadding(false);
   const encrypted_chunks = [];
   encrypted_chunks.push(cipher.update(buffer));
@@ -1565,7 +1491,7 @@ function decryptBufferWithDerivedKeys(buffer, derivedKeys) {
   const algorithm = derivedKeys_algorithm(derivedKeys);
   const key = derivedKeys.encryptingKey;
   const initVector = derivedKeys.initializationVector;
-  const cipher = (0, import_crypto3.createDecipheriv)(algorithm, key, initVector);
+  const cipher = (0, import_node_crypto3.createDecipheriv)(algorithm, key, initVector);
   cipher.setAutoPadding(false);
   const decrypted_chunks = [];
   decrypted_chunks.push(cipher.update(buffer));
@@ -1573,12 +1499,12 @@ function decryptBufferWithDerivedKeys(buffer, derivedKeys) {
   return Buffer.concat(decrypted_chunks);
 }
 function makeMessageChunkSignatureWithDerivedKeys(message, derivedKeys) {
-  (0, import_assert7.default)(Buffer.isBuffer(message));
-  (0, import_assert7.default)(Buffer.isBuffer(derivedKeys.signingKey));
-  (0, import_assert7.default)(typeof derivedKeys.sha1or256 === "string");
-  (0, import_assert7.default)(derivedKeys.sha1or256 === "SHA1" || derivedKeys.sha1or256 === "SHA256");
-  const signature = (0, import_crypto3.createHmac)(derivedKeys.sha1or256, derivedKeys.signingKey).update(message).digest();
-  (0, import_assert7.default)(signature.length === derivedKeys.signatureLength);
+  (0, import_node_assert7.default)(Buffer.isBuffer(message));
+  (0, import_node_assert7.default)(Buffer.isBuffer(derivedKeys.signingKey));
+  (0, import_node_assert7.default)(typeof derivedKeys.sha1or256 === "string");
+  (0, import_node_assert7.default)(derivedKeys.sha1or256 === "SHA1" || derivedKeys.sha1or256 === "SHA256");
+  const signature = (0, import_node_crypto3.createHmac)(derivedKeys.sha1or256, derivedKeys.signingKey).update(message).digest();
+  (0, import_node_assert7.default)(signature.length === derivedKeys.signatureLength);
   return signature;
 }
 function verifyChunkSignatureWithDerivedKeys(chunk, derivedKeys) {
@@ -1623,7 +1549,7 @@ function _readTbsCertList(buffer, blockInfo) {
   const blocks = readStruct(buffer, blockInfo);
   const hasOptionalVersion = blocks[0].tag === 2 /* INTEGER */;
   if (hasOptionalVersion) {
-    const version = readIntegerValue(buffer, blocks[0]);
+    const _version = readIntegerValue(buffer, blocks[0]);
     const signature = readAlgorithmIdentifier(buffer, blocks[1]);
     const issuer = readNameForCrl(buffer, blocks[2]);
     const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(getBlock(buffer, blocks[2])));
@@ -1642,7 +1568,7 @@ function _readTbsCertList(buffer, blockInfo) {
         });
       }
     }
-    const ext0 = findBlockAtIndex(blocks, 0);
+    const _ext0 = findBlockAtIndex(blocks, 0);
     return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates };
   } else {
     const signature = readAlgorithmIdentifier(buffer, blocks[0]);
@@ -1682,10 +1608,21 @@ function _readExtensionRequest(buffer) {
   const extensions = inner_blocks.map((block1) => readExtension(buffer, block1));
   const result = {};
   for (const e of extensions) {
-    result[e.identifier.name] = e.value;
+    switch (e.identifier.name) {
+      case "basicConstraints":
+        result.basicConstraints = e.value;
+        break;
+      case "keyUsage":
+        result.keyUsage = e.value;
+        break;
+      case "subjectAltName":
+        result.subjectAltName = e.value;
+        break;
+      default:
+        break;
+    }
   }
-  const { basicConstraints, keyUsage, subjectAltName } = result;
-  return { basicConstraints, keyUsage, subjectAltName };
+  return result;
 }
 function readCertificationRequestInfo(buffer, block) {
   const blocks = readStruct(buffer, block);
@@ -1713,16 +1650,117 @@ function exploreCertificateSigningRequest(crl) {
   return csrInfo;
 }
 
+// source/explore_private_key.ts
+function f(buffer, b) {
+  return buffer.subarray(b.position + 1, b.position + b.length);
+}
+var doDebug2 = !!process.env.DEBUG;
+function explorePrivateKey(privateKey2) {
+  const privateKey1 = privateKey2.hidden;
+  const privateKey = typeof privateKey1 === "string" ? convertPEMtoDER(privateKey1) : privateKey1.export({ format: "der", type: "pkcs1" });
+  const block_info = readTag(privateKey, 0);
+  const blocks = readStruct(privateKey, block_info);
+  if (blocks.length === 9) {
+    const version2 = f(privateKey, blocks[0]);
+    const modulus2 = f(privateKey, blocks[1]);
+    const publicExponent2 = f(privateKey, blocks[2]);
+    const privateExponent2 = f(privateKey, blocks[3]);
+    const prime12 = f(privateKey, blocks[4]);
+    const prime22 = f(privateKey, blocks[5]);
+    const exponent12 = f(privateKey, blocks[6]);
+    const exponent22 = f(privateKey, blocks[7]);
+    return {
+      version: version2,
+      modulus: modulus2,
+      publicExponent: publicExponent2,
+      privateExponent: privateExponent2,
+      prime1: prime12,
+      prime2: prime22,
+      exponent1: exponent12,
+      exponent2: exponent22
+    };
+  }
+  if (doDebug2) {
+    console.log("-------------------- private key:");
+    console.log(block_info);
+    console.log(
+      blocks.map((b2) => ({
+        tag: `${TagType[b2.tag]} 0x${b2.tag.toString(16)}`,
+        l: b2.length,
+        p: b2.position,
+        buff: privateKey.subarray(b2.position, b2.position + b2.length).toString("hex")
+      }))
+    );
+  }
+  const b = blocks[2];
+  const bb = privateKey.subarray(b.position, b.position + b.length);
+  const block_info1 = readTag(bb, 0);
+  const blocks1 = readStruct(bb, block_info1);
+  if (doDebug2) {
+    console.log(
+      blocks1.map((b2) => ({
+        tag: `${TagType[b2.tag]} 0x${b2.tag.toString(16)}`,
+        l: b2.length,
+        p: b2.position,
+        buff: bb.subarray(b2.position, b2.position + b2.length).toString("hex")
+      }))
+    );
+  }
+  const version = f(bb, blocks1[0]);
+  const modulus = f(bb, blocks1[1]);
+  const publicExponent = f(bb, blocks1[2]);
+  const privateExponent = f(bb, blocks1[3]);
+  const prime1 = f(bb, blocks1[4]);
+  const prime2 = f(bb, blocks1[5]);
+  const exponent1 = f(bb, blocks1[6]);
+  const exponent2 = f(bb, blocks1[7]);
+  return {
+    version,
+    modulus,
+    publicExponent,
+    privateExponent,
+    prime1,
+    prime2,
+    exponent1,
+    exponent2
+  };
+}
+
 // source/make_private_key_from_pem.ts
 function makePrivateKeyFromPem(privateKeyInPem) {
   return { hidden: privateKeyInPem };
 }
 
 // source/make_private_key_thumbprint.ts
-function makePrivateKeyThumbPrint(privateKey) {
+function makePrivateKeyThumbPrint(_privateKey) {
   return Buffer.alloc(0);
 }
 
+// source/public_private_match.ts
+function publicKeyAndPrivateKeyMatches(certificate, privateKey) {
+  const i = exploreCertificate(certificate);
+  const j = explorePrivateKey(privateKey);
+  const modulus1 = i.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.modulus;
+  const modulus2 = j.modulus;
+  if (modulus1.length !== modulus2.length) {
+    return false;
+  }
+  return modulus1.toString("hex") === modulus2.toString("hex");
+}
+function certificateMatchesPrivateKeyPEM(certificate, privateKey, blockSize) {
+  const initialBuffer = Buffer.from("Lorem Ipsum");
+  const encryptedBuffer = publicEncrypt_long(initialBuffer, certificate, blockSize);
+  const decryptedBuffer = privateDecrypt_long(encryptedBuffer, privateKey, blockSize);
+  const finalString = decryptedBuffer.toString("utf-8");
+  return initialBuffer.toString("utf-8") === finalString;
+}
+function certificateMatchesPrivateKey(certificate, privateKey) {
+  const e = explorePrivateKey(privateKey);
+  const blockSize = e.modulus.length;
+  const certificatePEM = toPem(certificate, "CERTIFICATE");
+  return certificateMatchesPrivateKeyPEM(certificatePEM, privateKey, blockSize);
+}
+
 // source/subject.ts
 var _keys = {
   C: "country",
@@ -1765,11 +1803,11 @@ var Subject = class _Subject {
       }
       const s = element.split("=");
       if (s.length !== 2) {
-        throw new Error("invalid format for " + element);
+        throw new Error(`invalid format for ${element}`);
       }
       const longName = _keys[s[0]];
       if (!longName) {
-        throw new Error("Invalid field found in subject name " + s[0]);
+        throw new Error(`Invalid field found in subject name ${s[0]}`);
       }
       const value = s[1];
       options[longName] = unquote(Buffer.from(value, "ascii").toString("utf8"));
@@ -1779,25 +1817,25 @@ var Subject = class _Subject {
   toStringInternal(sep) {
     const tmp = [];
     if (this.country) {
-      tmp.push("C=" + enquoteIfNecessary(this.country));
+      tmp.push(`C=${enquoteIfNecessary(this.country)}`);
     }
     if (this.state) {
-      tmp.push("ST=" + enquoteIfNecessary(this.state));
+      tmp.push(`ST=${enquoteIfNecessary(this.state)}`);
     }
     if (this.locality) {
-      tmp.push("L=" + enquoteIfNecessary(this.locality));
+      tmp.push(`L=${enquoteIfNecessary(this.locality)}`);
     }
     if (this.organization) {
-      tmp.push("O=" + enquoteIfNecessary(this.organization));
+      tmp.push(`O=${enquoteIfNecessary(this.organization)}`);
     }
     if (this.organizationalUnit) {
-      tmp.push("OU=" + enquoteIfNecessary(this.organizationalUnit));
+      tmp.push(`OU=${enquoteIfNecessary(this.organizationalUnit)}`);
     }
     if (this.commonName) {
-      tmp.push("CN=" + enquoteIfNecessary(this.commonName));
+      tmp.push(`CN=${enquoteIfNecessary(this.commonName)}`);
     }
     if (this.domainComponent) {
-      tmp.push("DC=" + enquoteIfNecessary(this.domainComponent));
+      tmp.push(`DC=${enquoteIfNecessary(this.domainComponent)}`);
     }
     return tmp.join(sep);
   }
@@ -1806,12 +1844,12 @@ var Subject = class _Subject {
   }
   toString() {
     const t2 = this.toStringForOPCUA();
-    return t2 ? "/" + t2 : t2;
+    return t2 ? `/${t2}` : t2;
   }
 };
 
 // source/verify_certificate_signature.ts
-var import_crypto4 = require("crypto");
+var import_node_crypto4 = require("crypto");
 function verifyCertificateOrClrSignature(certificateOrCrl, parentCertificate) {
   const block_info = readTag(certificateOrCrl, 0);
   const blocks = readStruct(certificateOrCrl, block_info);
@@ -1820,7 +1858,7 @@ function verifyCertificateOrClrSignature(certificateOrCrl, parentCertificate) {
   const signatureValue = readSignatureValueBin(certificateOrCrl, blocks[2]);
   const p = split_der(parentCertificate)[0];
   const certPem = toPem(p, "CERTIFICATE");
-  const verify = (0, import_crypto4.createVerify)(signatureAlgorithm.identifier);
+  const verify = (0, import_node_crypto4.createVerify)(signatureAlgorithm.identifier);
   verify.update(bufferToBeSigned);
   verify.end();
   return verify.verify(certPem, signatureValue);
@@ -1836,8 +1874,8 @@ async function verifyCertificateChain(certificateChain) {
     const cert = certificateChain[index - 1];
     const certParent = certificateChain[index];
     const certParentInfo = exploreCertificate(certParent);
-    const keyUsage = certParentInfo.tbsCertificate.extensions.keyUsage;
-    if (!keyUsage.keyCertSign) {
+    const keyUsage = certParentInfo.tbsCertificate.extensions?.keyUsage;
+    if (!keyUsage || !keyUsage.keyCertSign) {
       return {
         status: "BadCertificateIssuerUseNotAllowed",
         reason: "One of the certificate in the chain has not keyUsage set for Certificate Signing"
@@ -1877,15 +1915,15 @@ async function verifyCertificateChain(certificateChain) {
 }
 
 // source/x509/_crypto.ts
-var x509 = __toESM(require("@peculiar/x509"));
+var import_node_crypto5 = __toESM(require("crypto"));
 var import_webcrypto = require("@peculiar/webcrypto");
-var import_crypto5 = __toESM(require("crypto"));
+var x509 = __toESM(require("@peculiar/x509"));
 var x5092 = __toESM(require("@peculiar/x509"));
 var doDebug3 = false;
 var _crypto;
 var ignoreCrypto = process.env.IGNORE_SUBTLE_FROM_CRYPTO;
 if (typeof window === "undefined") {
-  _crypto = import_crypto5.default;
+  _crypto = import_node_crypto5.default;
   if (!_crypto?.subtle || ignoreCrypto) {
     _crypto = new import_webcrypto.Crypto();
     doDebug3 && console.warn("using @peculiar/webcrypto");
@@ -1899,7 +1937,7 @@ if (typeof window === "undefined") {
   x509.cryptoProvider.set(crypto);
 }
 function getCrypto() {
-  return _crypto || crypto || require("crypto");
+  return _crypto || crypto || import_node_crypto5.default;
 }
 
 // source/x509/create_key_pair.ts
@@ -1925,7 +1963,7 @@ async function privateKeyToPEM(privateKey) {
 }
 async function derToPrivateKey(privDer) {
   const crypto3 = getCrypto();
-  return await crypto3.subtle.importKey(
+  const importedKey = await crypto3.subtle.importKey(
     "pkcs8",
     privDer,
     {
@@ -1944,6 +1982,7 @@ async function derToPrivateKey(privDer) {
       //    "deriveBits"
     ]
   );
+  return importedKey;
 }
 async function pemToPrivateKey(pem) {
   const privDer = x5092.PemConverter.decode(pem);
@@ -1961,24 +2000,46 @@ function coercePEMorDerToPrivateKey(privateKeyInDerOrPem) {
   throw new Error("not implemented");
 }
 async function _coercePrivateKey(privateKey) {
-  const KeyObject4 = crypto2.KeyObject;
+  const KeyObject = crypto2.KeyObject;
   if (Buffer.isBuffer(privateKey)) {
     const privateKey1 = await derToPrivateKey(privateKey);
-    return KeyObject4.from(privateKey1);
+    return KeyObject.from(privateKey1);
   } else if (typeof privateKey === "string") {
     try {
       const privateKey1 = await pemToPrivateKey(privateKey);
-      return KeyObject4.from(privateKey1);
+      return KeyObject.from(privateKey1);
     } catch (err) {
       doDebug4 && console.log(privateKey);
       throw err;
     }
-  } else if (privateKey instanceof KeyObject4) {
+  } else if (isKeyObject(privateKey)) {
     return privateKey;
   }
   throw new Error("Invalid privateKey");
 }
 
+// source/x509/_build_public_key.ts
+async function buildPublicKey(privateKey) {
+  const crypto3 = getCrypto();
+  const jwk = await crypto3.subtle.exportKey("jwk", privateKey);
+  delete jwk.d;
+  delete jwk.dp;
+  delete jwk.dq;
+  delete jwk.q;
+  delete jwk.qi;
+  jwk.key_ops = [
+    "encrypt",
+    "sign"
+    // "wrapKey"
+  ];
+  const publicKey = await crypto3.subtle.importKey("jwk", jwk, { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-256" } }, true, [
+    //   "encrypt",
+    //     "sign",
+    // "wrapKey",
+  ]);
+  return publicKey;
+}
+
 // source/x509/_get_attributes.ts
 var keyUsageApplication = x5092.KeyUsageFlags.keyEncipherment | x5092.KeyUsageFlags.nonRepudiation | x5092.KeyUsageFlags.dataEncipherment | x5092.KeyUsageFlags.keyCertSign | x5092.KeyUsageFlags.digitalSignature;
 var keyUsageCA = x5092.KeyUsageFlags.keyCertSign | x5092.KeyUsageFlags.cRLSign;
@@ -1987,19 +2048,19 @@ function getAttributes(purpose) {
   let keyUsageExtension = [];
   let usages;
   let nsComment;
-  let extension;
+  let _extension;
   switch (purpose) {
     case 1 /* ForCertificateAuthority */:
-      extension = "v3_ca";
+      _extension = "v3_ca";
       basicConstraints = new x5092.BasicConstraintsExtension(true, void 0, false);
       usages = keyUsageCA;
       keyUsageExtension = [];
       nsComment = "Self-signed certificate for CA generated by Node-OPCUA Certificate utility V2";
       break;
-    case 2 /* ForApplication */:
-    case 3 /* ForUserAuthentication */:
+    // case CertificatePurpose.ForApplication:
+    // case CertificatePurpose.ForUserAuthentication:
     default:
-      extension = "v3_selfsigned";
+      _extension = "v3_selfsigned";
       basicConstraints = new x5092.BasicConstraintsExtension(false, void 0, true);
       usages = keyUsageApplication;
       keyUsageExtension = [x5092.ExtendedKeyUsage.serverAuth, x5092.ExtendedKeyUsage.clientAuth];
@@ -2009,28 +2070,6 @@ function getAttributes(purpose) {
   return { nsComment, basicConstraints, keyUsageExtension, usages };
 }
 
-// source/x509/_build_public_key.ts
-async function buildPublicKey(privateKey) {
-  const crypto3 = getCrypto();
-  const jwk = await crypto3.subtle.exportKey("jwk", privateKey);
-  delete jwk.d;
-  delete jwk.dp;
-  delete jwk.dq;
-  delete jwk.q;
-  delete jwk.qi;
-  jwk.key_ops = [
-    "encrypt",
-    "sign"
-    // "wrapKey"
-  ];
-  const publicKey = await crypto3.subtle.importKey("jwk", jwk, { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-256" } }, true, [
-    //   "encrypt",
-    //     "sign",
-    // "wrapKey",
-  ]);
-  return publicKey;
-}
-
 // source/x509/create_certificate_signing_request.ts
 async function createCertificateSigningRequest({
   privateKey,
@@ -2054,9 +2093,15 @@ async function createCertificateSigningRequest({
     publicKey
   };
   const alternativeNameExtensions = [];
-  dns && dns.forEach((d) => alternativeNameExtensions.push({ type: "dns", value: d }));
-  ip && ip.forEach((d) => alternativeNameExtensions.push({ type: "ip", value: d }));
-  applicationUri && alternativeNameExtensions.push({ type: "url", value: applicationUri });
+  for (const d of dns ?? []) {
+    alternativeNameExtensions.push({ type: "dns", value: d });
+  }
+  for (const d of ip ?? []) {
+    alternativeNameExtensions.push({ type: "ip", value: d });
+  }
+  if (applicationUri) {
+    alternativeNameExtensions.push({ type: "url", value: applicationUri });
+  }
   const { basicConstraints, usages } = getAttributes(purpose);
   const s = new Subject(subject || "");
   const s1 = s.toStringInternal(", ");
@@ -2209,7 +2254,7 @@ var BufferSourceConverter = class _BufferSourceConverter {
   }
 };
 var STRING_TYPE = "string";
-var HEX_REGEX = /^[0-9a-f]+$/i;
+var HEX_REGEX = /^[0-9a-f\s]+$/i;
 var BASE64_REGEX = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/;
 var BASE64URL_REGEX = /^[a-zA-Z0-9-_]+$/;
 var Utf8Converter = class {
@@ -2657,19 +2702,19 @@ var BIT_STRING_NAME = "BIT STRING";
 function HexBlock(BaseClass) {
   var _a2;
   return _a2 = class Some extends BaseClass {
-    constructor(...args) {
-      var _a3;
-      super(...args);
-      const params = args[0] || {};
-      this.isHexOnly = (_a3 = params.isHexOnly) !== null && _a3 !== void 0 ? _a3 : false;
-      this.valueHexView = params.valueHex ? BufferSourceConverter.toUint8Array(params.valueHex) : EMPTY_VIEW;
-    }
     get valueHex() {
       return this.valueHexView.slice().buffer;
     }
     set valueHex(value) {
       this.valueHexView = new Uint8Array(value);
     }
+    constructor(...args) {
+      var _b;
+      super(...args);
+      const params = args[0] || {};
+      this.isHexOnly = (_b = params.isHexOnly) !== null && _b !== void 0 ? _b : false;
+      this.valueHexView = params.valueHex ? BufferSourceConverter.toUint8Array(params.valueHex) : EMPTY_VIEW;
+    }
     fromBER(inputBuffer, inputOffset, inputLength) {
       const view = inputBuffer instanceof ArrayBuffer ? new Uint8Array(inputBuffer) : inputBuffer;
       if (!checkBufferParams(this, view, inputOffset, inputLength)) {
@@ -2704,12 +2749,6 @@ function HexBlock(BaseClass) {
   }, _a2.NAME = "hexBlock", _a2;
 }
 var LocalBaseBlock = class {
-  constructor({ blockLength = 0, error = EMPTY_STRING, warnings = [], valueBeforeDecode = EMPTY_VIEW } = {}) {
-    this.blockLength = blockLength;
-    this.error = error;
-    this.warnings = warnings;
-    this.valueBeforeDecodeView = BufferSourceConverter.toUint8Array(valueBeforeDecode);
-  }
   static blockName() {
     return this.NAME;
   }
@@ -2719,6 +2758,12 @@ var LocalBaseBlock = class {
   set valueBeforeDecode(value) {
     this.valueBeforeDecodeView = new Uint8Array(value);
   }
+  constructor({ blockLength = 0, error = EMPTY_STRING, warnings = [], valueBeforeDecode = EMPTY_VIEW } = {}) {
+    this.blockLength = blockLength;
+    this.error = error;
+    this.warnings = warnings;
+    this.valueBeforeDecodeView = BufferSourceConverter.toUint8Array(valueBeforeDecode);
+  }
   toJSON() {
     return {
       blockName: this.constructor.NAME,
@@ -2731,10 +2776,10 @@ var LocalBaseBlock = class {
 };
 LocalBaseBlock.NAME = "baseBlock";
 var ValueBlock = class extends LocalBaseBlock {
-  fromBER(inputBuffer, inputOffset, inputLength) {
+  fromBER(_inputBuffer, _inputOffset, _inputLength) {
     throw TypeError("User need to make a specific function in a class which extends 'ValueBlock'");
   }
-  toBER(sizeOnly, writer) {
+  toBER(_sizeOnly, _writer) {
     throw TypeError("User need to make a specific function in a class which extends 'ValueBlock'");
   }
 };
@@ -3075,7 +3120,9 @@ var BaseBlock = class extends LocalBaseBlock {
     return Convert.ToHex(this.toBER());
   }
   onAsciiEncoding() {
-    return `${this.constructor.NAME} : ${Convert.ToHex(this.valueBlock.valueBeforeDecodeView)}`;
+    const name = this.constructor.NAME;
+    const value = Convert.ToHex(this.valueBlock.valueBeforeDecodeView);
+    return `${name} : ${value}`;
   }
   isEqual(other) {
     if (this === other) {
@@ -3091,6 +3138,7 @@ var BaseBlock = class extends LocalBaseBlock {
 };
 BaseBlock.NAME = "BaseBlock";
 function prepareIndefiniteForm(baseBlock) {
+  var _a2;
   if (baseBlock instanceof typeStore.Constructed) {
     for (const value of baseBlock.valueBlock.value) {
       if (prepareIndefiniteForm(value)) {
@@ -3098,21 +3146,21 @@ function prepareIndefiniteForm(baseBlock) {
       }
     }
   }
-  return !!baseBlock.lenBlock.isIndefiniteForm;
+  return !!((_a2 = baseBlock.lenBlock) === null || _a2 === void 0 ? void 0 : _a2.isIndefiniteForm);
 }
 var BaseStringBlock = class extends BaseBlock {
-  constructor({ value = EMPTY_STRING, ...parameters } = {}, stringValueBlockType) {
-    super(parameters, stringValueBlockType);
-    if (value) {
-      this.fromString(value);
-    }
-  }
   getValue() {
     return this.valueBlock.value;
   }
   setValue(value) {
     this.valueBlock.value = value;
   }
+  constructor({ value = EMPTY_STRING, ...parameters } = {}, stringValueBlockType) {
+    super(parameters, stringValueBlockType);
+    if (value) {
+      this.fromString(value);
+    }
+  }
   fromBER(inputBuffer, inputOffset, inputLength) {
     const resultOffset = this.valueBlock.fromBER(inputBuffer, inputOffset, this.lenBlock.isIndefiniteForm ? inputLength : this.lenBlock.length);
     if (resultOffset === -1) {
@@ -3471,10 +3519,10 @@ _a$v = Constructed;
 })();
 Constructed.NAME = "CONSTRUCTED";
 var LocalEndOfContentValueBlock = class extends ValueBlock {
-  fromBER(inputBuffer, inputOffset, inputLength) {
+  fromBER(inputBuffer, inputOffset, _inputLength) {
     return inputOffset;
   }
-  toBER(sizeOnly) {
+  toBER(_sizeOnly) {
     return EMPTY_BUFFER;
   }
 };
@@ -3535,17 +3583,6 @@ _a$t = Null;
 })();
 Null.NAME = "NULL";
 var LocalBooleanValueBlock = class extends HexBlock(ValueBlock) {
-  constructor({ value, ...parameters } = {}) {
-    super(parameters);
-    if (parameters.valueHex) {
-      this.valueHexView = BufferSourceConverter.toUint8Array(parameters.valueHex);
-    } else {
-      this.valueHexView = new Uint8Array(1);
-    }
-    if (value) {
-      this.value = value;
-    }
-  }
   get value() {
     for (const octet of this.valueHexView) {
       if (octet > 0) {
@@ -3557,6 +3594,17 @@ var LocalBooleanValueBlock = class extends HexBlock(ValueBlock) {
   set value(value) {
     this.valueHexView[0] = value ? 255 : 0;
   }
+  constructor({ value, ...parameters } = {}) {
+    super(parameters);
+    if (parameters.valueHex) {
+      this.valueHexView = BufferSourceConverter.toUint8Array(parameters.valueHex);
+    } else {
+      this.valueHexView = new Uint8Array(1);
+    }
+    if (value) {
+      this.value = value;
+    }
+  }
   fromBER(inputBuffer, inputOffset, inputLength) {
     const inputView = BufferSourceConverter.toUint8Array(inputBuffer);
     if (!checkBufferParams(this, inputView, inputOffset, inputLength)) {
@@ -3583,17 +3631,17 @@ var LocalBooleanValueBlock = class extends HexBlock(ValueBlock) {
 LocalBooleanValueBlock.NAME = "BooleanValueBlock";
 var _a$s;
 var Boolean = class extends BaseBlock {
-  constructor(parameters = {}) {
-    super(parameters, LocalBooleanValueBlock);
-    this.idBlock.tagClass = 1;
-    this.idBlock.tagNumber = 1;
-  }
   getValue() {
     return this.valueBlock.value;
   }
   setValue(value) {
     this.valueBlock.value = value;
   }
+  constructor(parameters = {}) {
+    super(parameters, LocalBooleanValueBlock);
+    this.idBlock.tagClass = 1;
+    this.idBlock.tagNumber = 1;
+  }
   onAsciiEncoding() {
     return `${this.constructor.NAME} : ${this.getValue}`;
   }
@@ -3651,7 +3699,7 @@ var LocalOctetStringValueBlock = class extends HexBlock(LocalConstructedValueBlo
 };
 LocalOctetStringValueBlock.NAME = "OctetStringValueBlock";
 var _a$r;
-var OctetString = class _OctetString extends BaseBlock {
+var OctetString = class extends BaseBlock {
   constructor({ idBlock = {}, lenBlock = {}, ...parameters } = {}) {
     var _b, _c;
     (_b = parameters.isConstructed) !== null && _b !== void 0 ? _b : parameters.isConstructed = !!((_c = parameters.value) === null || _c === void 0 ? void 0 : _c.length);
@@ -3689,7 +3737,7 @@ var OctetString = class _OctetString extends BaseBlock {
             this.valueBlock.value = [asn.result];
           }
         }
-      } catch (e) {
+      } catch {
       }
     }
     return super.fromBER(inputBuffer, inputOffset, inputLength);
@@ -3698,7 +3746,9 @@ var OctetString = class _OctetString extends BaseBlock {
     if (this.valueBlock.isConstructed || this.valueBlock.value && this.valueBlock.value.length) {
       return Constructed.prototype.onAsciiEncoding.call(this);
     }
-    return `${this.constructor.NAME} : ${Convert.ToHex(this.valueBlock.valueHexView)}`;
+    const name = this.constructor.NAME;
+    const value = Convert.ToHex(this.valueBlock.valueHexView);
+    return `${name} : ${value}`;
   }
   getValue() {
     if (!this.idBlock.isConstructed) {
@@ -3706,7 +3756,7 @@ var OctetString = class _OctetString extends BaseBlock {
     }
     const array = [];
     for (const content of this.valueBlock.value) {
-      if (content instanceof _OctetString) {
+      if (content instanceof _a$r) {
         array.push(content.valueBlock.valueHexView);
       }
     }
@@ -3776,7 +3826,7 @@ var LocalBitStringValueBlock = class extends HexBlock(LocalConstructedValueBlock
             this.value = [asn.result];
           }
         }
-      } catch (e) {
+      } catch {
       }
     }
     this.valueHexView = intBuffer.subarray(1);
@@ -3791,7 +3841,9 @@ var LocalBitStringValueBlock = class extends HexBlock(LocalConstructedValueBlock
       return new ArrayBuffer(this.valueHexView.byteLength + 1);
     }
     if (!this.valueHexView.byteLength) {
-      return EMPTY_BUFFER;
+      const empty = new Uint8Array(1);
+      empty[0] = 0;
+      return empty.buffer;
     }
     const retView = new Uint8Array(this.valueHexView.length + 1);
     retView[0] = this.unusedBits;
@@ -3841,7 +3893,9 @@ var BitString = class extends BaseBlock {
         bits.push(byte.toString(2).padStart(8, "0"));
       }
       const bitsStr = bits.join("");
-      return `${this.constructor.NAME} : ${bitsStr.substring(0, bitsStr.length - this.valueBlock.unusedBits)}`;
+      const name = this.constructor.NAME;
+      const value = bitsStr.substring(0, bitsStr.length - this.valueBlock.unusedBits);
+      return `${name} : ${value}`;
     }
   }
 };
@@ -3938,16 +3992,6 @@ function viewSub(first, second) {
   return firstViewCopy.slice();
 }
 var LocalIntegerValueBlock = class extends HexBlock(ValueBlock) {
-  constructor({ value, ...parameters } = {}) {
-    super(parameters);
-    this._valueDec = 0;
-    if (parameters.valueHex) {
-      this.setValueHex();
-    }
-    if (value !== void 0) {
-      this.valueDec = value;
-    }
-  }
   setValueHex() {
     if (this.valueHexView.length >= 4) {
       this.warnings.push("Too big Integer for decoding, hex only");
@@ -3960,6 +4004,16 @@ var LocalIntegerValueBlock = class extends HexBlock(ValueBlock) {
       }
     }
   }
+  constructor({ value, ...parameters } = {}) {
+    super(parameters);
+    this._valueDec = 0;
+    if (parameters.valueHex) {
+      this.setValueHex();
+    }
+    if (value !== void 0) {
+      this.valueDec = value;
+    }
+  }
   set valueDec(v) {
     this._valueDec = v;
     this.isHexOnly = false;
@@ -4072,7 +4126,7 @@ LocalIntegerValueBlock.NAME = "IntegerValueBlock";
   });
 })();
 var _a$o;
-var Integer = class _Integer extends BaseBlock {
+var Integer = class extends BaseBlock {
   constructor(parameters = {}) {
     super(parameters, LocalIntegerValueBlock);
     this.idBlock.tagClass = 1;
@@ -4102,18 +4156,16 @@ var Integer = class _Integer extends BaseBlock {
       }
       writer.write(view);
     }
-    const res = new _Integer({
-      valueHex: writer.final()
-    });
+    const res = new _a$o({ valueHex: writer.final() });
     return res;
   }
   convertToDER() {
-    const integer = new _Integer({ valueHex: this.valueBlock.valueHexView });
+    const integer = new _a$o({ valueHex: this.valueBlock.valueHexView });
     integer.valueBlock.toDER();
     return integer;
   }
   convertFromDER() {
-    return new _Integer({
+    return new _a$o({
       valueHex: this.valueBlock.valueHexView[0] === 0 ? this.valueBlock.valueHexView.subarray(1) : this.valueBlock.valueHexView
     });
   }
@@ -4376,17 +4428,17 @@ var LocalObjectIdentifierValueBlock = class extends ValueBlock {
 LocalObjectIdentifierValueBlock.NAME = "ObjectIdentifierValueBlock";
 var _a$m;
 var ObjectIdentifier = class extends BaseBlock {
-  constructor(parameters = {}) {
-    super(parameters, LocalObjectIdentifierValueBlock);
-    this.idBlock.tagClass = 1;
-    this.idBlock.tagNumber = 6;
-  }
   getValue() {
     return this.valueBlock.toString();
   }
   setValue(value) {
     this.valueBlock.fromString(value);
   }
+  constructor(parameters = {}) {
+    super(parameters, LocalObjectIdentifierValueBlock);
+    this.idBlock.tagClass = 1;
+    this.idBlock.tagNumber = 6;
+  }
   onAsciiEncoding() {
     return `${this.constructor.NAME} : ${this.valueBlock.toString() || "empty"}`;
   }
@@ -4506,7 +4558,7 @@ var LocalRelativeObjectIdentifierValueBlock = class extends ValueBlock {
     }
     return resultOffset;
   }
-  toBER(sizeOnly, writer) {
+  toBER(sizeOnly, _writer) {
     const retBuffers = [];
     for (let i = 0; i < this.value.length; i++) {
       const valueBuf = this.value[i].toBER(sizeOnly);
@@ -4568,17 +4620,17 @@ var LocalRelativeObjectIdentifierValueBlock = class extends ValueBlock {
 LocalRelativeObjectIdentifierValueBlock.NAME = "RelativeObjectIdentifierValueBlock";
 var _a$l;
 var RelativeObjectIdentifier = class extends BaseBlock {
-  constructor(parameters = {}) {
-    super(parameters, LocalRelativeObjectIdentifierValueBlock);
-    this.idBlock.tagClass = 1;
-    this.idBlock.tagNumber = 13;
-  }
   getValue() {
     return this.valueBlock.toString();
   }
   setValue(value) {
     this.valueBlock.fromString(value);
   }
+  constructor(parameters = {}) {
+    super(parameters, LocalRelativeObjectIdentifierValueBlock);
+    this.idBlock.tagClass = 1;
+    this.idBlock.tagNumber = 13;
+  }
   onAsciiEncoding() {
     return `${this.constructor.NAME} : ${this.valueBlock.toString() || "empty"}`;
   }
@@ -4975,7 +5027,8 @@ var GeneralizedTime = class extends UTCTime {
     this.millisecond = inputDate.getUTCMilliseconds();
   }
   toDate() {
-    return new Date(Date.UTC(this.year, this.month - 1, this.day, this.hour, this.minute, this.second, this.millisecond));
+    const utcDate = Date.UTC(this.year, this.month - 1, this.day, this.hour, this.minute, this.second, this.millisecond);
+    return new Date(utcDate);
   }
   fromString(inputString) {
     let isUTC = false;
@@ -5224,28 +5277,28 @@ var Repeated = class extends Any {
   }
 };
 var RawData = class {
-  constructor({ data = EMPTY_VIEW } = {}) {
-    this.dataView = BufferSourceConverter.toUint8Array(data);
-  }
   get data() {
     return this.dataView.slice().buffer;
   }
   set data(value) {
     this.dataView = BufferSourceConverter.toUint8Array(value);
   }
+  constructor({ data = EMPTY_VIEW } = {}) {
+    this.dataView = BufferSourceConverter.toUint8Array(data);
+  }
   fromBER(inputBuffer, inputOffset, inputLength) {
     const endLength = inputOffset + inputLength;
     this.dataView = BufferSourceConverter.toUint8Array(inputBuffer).subarray(inputOffset, endLength);
     return endLength;
   }
-  toBER(sizeOnly) {
+  toBER(_sizeOnly) {
     return this.dataView.slice().buffer;
   }
 };
 function compareSchema(root, inputData, inputSchema) {
   if (inputSchema instanceof Choice) {
-    for (let j = 0; j < inputSchema.value.length; j++) {
-      const result = compareSchema(root, inputData, inputSchema.value[j]);
+    for (const element of inputSchema.value) {
+      const result = compareSchema(root, inputData, element);
       if (result.verified) {
         return {
           verified: true,
@@ -5256,9 +5309,7 @@ function compareSchema(root, inputData, inputSchema) {
     {
       const _result = {
         verified: false,
-        result: {
-          error: "Wrong values for Choice type"
-        }
+        result: { error: "Wrong values for Choice type" }
       };
       if (inputSchema.hasOwnProperty(NAME))
         _result.name = inputSchema.name;
@@ -5404,9 +5455,7 @@ function compareSchema(root, inputData, inputSchema) {
     let admission = 0;
     let result = {
       verified: false,
-      result: {
-        error: "Unknown error"
-      }
+      result: { error: "Unknown error" }
     };
     let maxLength = inputSchema.valueBlock.value.length;
     if (maxLength > 0) {
@@ -5783,10 +5832,7 @@ var AsnSchemaStorage = class {
     }
   }
   createDefault(target) {
-    const schema = {
-      type: AsnTypeTypes.Sequence,
-      items: {}
-    };
+    const schema = { type: AsnTypeTypes.Sequence, items: {} };
     const parentSchema = this.findParentSchema(target);
     if (parentSchema) {
       Object.assign(schema, parentSchema);
@@ -5828,26 +5874,14 @@ var AsnSchemaStorage = class {
         const Container = item.repeated === "set" ? Set : Sequence;
         asn1Item = new Container({
           name: "",
-          value: [
-            new Repeated({
-              name,
-              value: asn1Item
-            })
-          ]
+          value: [new Repeated({ name, value: asn1Item })]
         });
       }
       if (item.context !== null && item.context !== void 0) {
         if (item.implicit) {
           if (typeof item.type === "number" || isConvertible(item.type)) {
             const Container = item.repeated ? Constructed : Primitive;
-            asn1Value.push(new Container({
-              name,
-              optional,
-              idBlock: {
-                tagClass: 3,
-                tagNumber: item.context
-              }
-            }));
+            asn1Value.push(new Container({ name, optional, idBlock: { tagClass: 3, tagNumber: item.context } }));
           } else {
             this.cache(item.type);
             const isRepeated = !!item.repeated;
@@ -5856,20 +5890,14 @@ var AsnSchemaStorage = class {
             asn1Value.push(new Constructed({
               name: !isRepeated ? name : "",
               optional,
-              idBlock: {
-                tagClass: 3,
-                tagNumber: item.context
-              },
+              idBlock: { tagClass: 3, tagNumber: item.context },
               value
             }));
           }
         } else {
           asn1Value.push(new Constructed({
             optional,
-            idBlock: {
-              tagClass: 3,
-              tagNumber: item.context
-            },
+            idBlock: { tagClass: 3, tagNumber: item.context },
             value: [asn1Item]
           }));
         }
@@ -5925,7 +5953,6 @@ var AsnParser = class {
     return res;
   }
   static fromASN(asn1Schema, target) {
-    var _a2;
     try {
       if (isConvertible(target)) {
         const value = new target();
@@ -5934,104 +5961,259 @@ var AsnParser = class {
       const schema = schemaStorage.get(target);
       schemaStorage.cache(target);
       let targetSchema = schema.schema;
-      if (asn1Schema.constructor === Constructed && schema.type !== AsnTypeTypes.Choice) {
-        targetSchema = new Constructed({
-          idBlock: {
-            tagClass: 3,
-            tagNumber: asn1Schema.idBlock.tagNumber
-          },
-          value: schema.schema.valueBlock.value
-        });
-        for (const key in schema.items) {
-          delete asn1Schema[key];
-        }
+      const choiceResult = this.handleChoiceTypes(asn1Schema, schema, target, targetSchema);
+      if (choiceResult === null || choiceResult === void 0 ? void 0 : choiceResult.result) {
+        return choiceResult.result;
       }
-      const asn1ComparedSchema = compareSchema({}, asn1Schema, targetSchema);
-      if (!asn1ComparedSchema.verified) {
-        throw new AsnSchemaValidationError(`Data does not match to ${target.name} ASN1 schema. ${asn1ComparedSchema.result.error}`);
+      if (choiceResult === null || choiceResult === void 0 ? void 0 : choiceResult.targetSchema) {
+        targetSchema = choiceResult.targetSchema;
       }
+      const sequenceResult = this.handleSequenceTypes(asn1Schema, schema, target, targetSchema);
       const res = new target();
       if (isTypeOfArray(target)) {
-        if (!("value" in asn1Schema.valueBlock && Array.isArray(asn1Schema.valueBlock.value))) {
-          throw new Error(`Cannot get items from the ASN.1 parsed value. ASN.1 object is not constructed.`);
-        }
-        const itemType = schema.itemType;
-        if (typeof itemType === "number") {
-          const converter = defaultConverter(itemType);
-          if (!converter) {
-            throw new Error(`Cannot get default converter for array item of ${target.name} ASN1 schema`);
-          }
-          return target.from(asn1Schema.valueBlock.value, (element) => converter.fromASN(element));
-        } else {
-          return target.from(asn1Schema.valueBlock.value, (element) => this.fromASN(element, itemType));
-        }
+        return this.handleArrayTypes(asn1Schema, schema, target);
+      }
+      this.processSchemaItems(schema, sequenceResult, res);
+      return res;
+    } catch (error) {
+      if (error instanceof AsnSchemaValidationError) {
+        error.schemas.push(target.name);
       }
+      throw error;
+    }
+  }
+  static handleChoiceTypes(asn1Schema, schema, target, targetSchema) {
+    if (asn1Schema.constructor === Constructed && schema.type === AsnTypeTypes.Choice && asn1Schema.idBlock.tagClass === 3) {
       for (const key in schema.items) {
-        const asn1SchemaValue = asn1ComparedSchema.result[key];
-        if (!asn1SchemaValue) {
-          continue;
-        }
         const schemaItem = schema.items[key];
-        const schemaItemType = schemaItem.type;
-        if (typeof schemaItemType === "number" || isConvertible(schemaItemType)) {
-          const converter = (_a2 = schemaItem.converter) !== null && _a2 !== void 0 ? _a2 : isConvertible(schemaItemType) ? new schemaItemType() : null;
-          if (!converter) {
-            throw new Error("Converter is empty");
-          }
-          if (schemaItem.repeated) {
-            if (schemaItem.implicit) {
-              const Container = schemaItem.repeated === "sequence" ? Sequence : Set;
-              const newItem = new Container();
-              newItem.valueBlock = asn1SchemaValue.valueBlock;
-              const newItemAsn = fromBER(newItem.toBER(false));
-              if (newItemAsn.offset === -1) {
-                throw new Error(`Cannot parse the child item. ${newItemAsn.result.error}`);
+        if (schemaItem.context === asn1Schema.idBlock.tagNumber && schemaItem.implicit) {
+          if (typeof schemaItem.type === "function" && schemaStorage.has(schemaItem.type)) {
+            const fieldSchema = schemaStorage.get(schemaItem.type);
+            if (fieldSchema && fieldSchema.type === AsnTypeTypes.Sequence) {
+              const newSeq = new Sequence();
+              if ("value" in asn1Schema.valueBlock && Array.isArray(asn1Schema.valueBlock.value) && "value" in newSeq.valueBlock) {
+                newSeq.valueBlock.value = asn1Schema.valueBlock.value;
+                const fieldValue = this.fromASN(newSeq, schemaItem.type);
+                const res = new target();
+                res[key] = fieldValue;
+                return { result: res };
               }
-              if (!("value" in newItemAsn.result.valueBlock && Array.isArray(newItemAsn.result.valueBlock.value))) {
-                throw new Error("Cannot get items from the ASN.1 parsed value. ASN.1 object is not constructed.");
-              }
-              const value = newItemAsn.result.valueBlock.value;
-              res[key] = Array.from(value, (element) => converter.fromASN(element));
-            } else {
-              res[key] = Array.from(asn1SchemaValue, (element) => converter.fromASN(element));
-            }
-          } else {
-            let value = asn1SchemaValue;
-            if (schemaItem.implicit) {
-              let newItem;
-              if (isConvertible(schemaItemType)) {
-                newItem = new schemaItemType().toSchema("");
-              } else {
-                const Asn1TypeName = AsnPropTypes[schemaItemType];
-                const Asn1Type = index_es_exports[Asn1TypeName];
-                if (!Asn1Type) {
-                  throw new Error(`Cannot get '${Asn1TypeName}' class from asn1js module`);
-                }
-                newItem = new Asn1Type();
-              }
-              newItem.valueBlock = value.valueBlock;
-              value = fromBER(newItem.toBER(false)).result;
             }
-            res[key] = converter.fromASN(value);
           }
-        } else {
-          if (schemaItem.repeated) {
-            if (!Array.isArray(asn1SchemaValue)) {
-              throw new Error("Cannot get list of items from the ASN.1 parsed value. ASN.1 value should be iterable.");
-            }
-            res[key] = Array.from(asn1SchemaValue, (element) => this.fromASN(element, schemaItemType));
-          } else {
-            res[key] = this.fromASN(asn1SchemaValue, schemaItemType);
+        }
+      }
+    } else if (asn1Schema.constructor === Constructed && schema.type !== AsnTypeTypes.Choice) {
+      const newTargetSchema = new Constructed({
+        idBlock: {
+          tagClass: 3,
+          tagNumber: asn1Schema.idBlock.tagNumber
+        },
+        value: schema.schema.valueBlock.value
+      });
+      for (const key in schema.items) {
+        delete asn1Schema[key];
+      }
+      return { targetSchema: newTargetSchema };
+    }
+    return null;
+  }
+  static handleSequenceTypes(asn1Schema, schema, target, targetSchema) {
+    if (schema.type === AsnTypeTypes.Sequence) {
+      const asn1ComparedSchema = compareSchema({}, asn1Schema, targetSchema);
+      if (!asn1ComparedSchema.verified) {
+        throw new AsnSchemaValidationError(`Data does not match to ${target.name} ASN1 schema.${asn1ComparedSchema.result.error ? ` ${asn1ComparedSchema.result.error}` : ""}`);
+      }
+      return asn1ComparedSchema;
+    } else {
+      const asn1ComparedSchema = compareSchema({}, asn1Schema, targetSchema);
+      if (!asn1ComparedSchema.verified) {
+        throw new AsnSchemaValidationError(`Data does not match to ${target.name} ASN1 schema.${asn1ComparedSchema.result.error ? ` ${asn1ComparedSchema.result.error}` : ""}`);
+      }
+      return asn1ComparedSchema;
+    }
+  }
+  static processRepeatedField(asn1Elements, asn1Index, schemaItem) {
+    let elementsToProcess = asn1Elements.slice(asn1Index);
+    if (elementsToProcess.length === 1 && elementsToProcess[0].constructor.name === "Sequence") {
+      const seq = elementsToProcess[0];
+      if (seq.valueBlock && seq.valueBlock.value && Array.isArray(seq.valueBlock.value)) {
+        elementsToProcess = seq.valueBlock.value;
+      }
+    }
+    if (typeof schemaItem.type === "number") {
+      const converter = defaultConverter(schemaItem.type);
+      if (!converter)
+        throw new Error(`No converter for ASN.1 type ${schemaItem.type}`);
+      return elementsToProcess.filter((el) => el && el.valueBlock).map((el) => {
+        try {
+          return converter.fromASN(el);
+        } catch {
+          return void 0;
+        }
+      }).filter((v) => v !== void 0);
+    } else {
+      return elementsToProcess.filter((el) => el && el.valueBlock).map((el) => {
+        try {
+          return this.fromASN(el, schemaItem.type);
+        } catch {
+          return void 0;
+        }
+      }).filter((v) => v !== void 0);
+    }
+  }
+  static processPrimitiveField(asn1Element, schemaItem) {
+    const converter = defaultConverter(schemaItem.type);
+    if (!converter)
+      throw new Error(`No converter for ASN.1 type ${schemaItem.type}`);
+    return converter.fromASN(asn1Element);
+  }
+  static isOptionalChoiceField(schemaItem) {
+    return schemaItem.optional && typeof schemaItem.type === "function" && schemaStorage.has(schemaItem.type) && schemaStorage.get(schemaItem.type).type === AsnTypeTypes.Choice;
+  }
+  static processOptionalChoiceField(asn1Element, schemaItem) {
+    try {
+      const value = this.fromASN(asn1Element, schemaItem.type);
+      return { processed: true, value };
+    } catch (err) {
+      if (err instanceof AsnSchemaValidationError && /Wrong values for Choice type/.test(err.message)) {
+        return { processed: false };
+      }
+      throw err;
+    }
+  }
+  static handleArrayTypes(asn1Schema, schema, target) {
+    if (!("value" in asn1Schema.valueBlock && Array.isArray(asn1Schema.valueBlock.value))) {
+      throw new Error(`Cannot get items from the ASN.1 parsed value. ASN.1 object is not constructed.`);
+    }
+    const itemType = schema.itemType;
+    if (typeof itemType === "number") {
+      const converter = defaultConverter(itemType);
+      if (!converter) {
+        throw new Error(`Cannot get default converter for array item of ${target.name} ASN1 schema`);
+      }
+      return target.from(asn1Schema.valueBlock.value, (element) => converter.fromASN(element));
+    } else {
+      return target.from(asn1Schema.valueBlock.value, (element) => this.fromASN(element, itemType));
+    }
+  }
+  static processSchemaItems(schema, asn1ComparedSchema, res) {
+    for (const key in schema.items) {
+      const asn1SchemaValue = asn1ComparedSchema.result[key];
+      if (!asn1SchemaValue) {
+        continue;
+      }
+      const schemaItem = schema.items[key];
+      const schemaItemType = schemaItem.type;
+      let parsedValue;
+      if (typeof schemaItemType === "number" || isConvertible(schemaItemType)) {
+        parsedValue = this.processPrimitiveSchemaItem(asn1SchemaValue, schemaItem, schemaItemType);
+      } else {
+        parsedValue = this.processComplexSchemaItem(asn1SchemaValue, schemaItem, schemaItemType);
+      }
+      if (parsedValue && typeof parsedValue === "object" && "value" in parsedValue && "raw" in parsedValue) {
+        res[key] = parsedValue.value;
+        res[`${key}Raw`] = parsedValue.raw;
+      } else {
+        res[key] = parsedValue;
+      }
+    }
+  }
+  static processPrimitiveSchemaItem(asn1SchemaValue, schemaItem, schemaItemType) {
+    var _a2;
+    const converter = (_a2 = schemaItem.converter) !== null && _a2 !== void 0 ? _a2 : isConvertible(schemaItemType) ? new schemaItemType() : null;
+    if (!converter) {
+      throw new Error("Converter is empty");
+    }
+    if (schemaItem.repeated) {
+      return this.processRepeatedPrimitiveItem(asn1SchemaValue, schemaItem, converter);
+    } else {
+      return this.processSinglePrimitiveItem(asn1SchemaValue, schemaItem, schemaItemType, converter);
+    }
+  }
+  static processRepeatedPrimitiveItem(asn1SchemaValue, schemaItem, converter) {
+    if (schemaItem.implicit) {
+      const Container = schemaItem.repeated === "sequence" ? Sequence : Set;
+      const newItem = new Container();
+      newItem.valueBlock = asn1SchemaValue.valueBlock;
+      const newItemAsn = fromBER(newItem.toBER(false));
+      if (newItemAsn.offset === -1) {
+        throw new Error(`Cannot parse the child item. ${newItemAsn.result.error}`);
+      }
+      if (!("value" in newItemAsn.result.valueBlock && Array.isArray(newItemAsn.result.valueBlock.value))) {
+        throw new Error("Cannot get items from the ASN.1 parsed value. ASN.1 object is not constructed.");
+      }
+      const value = newItemAsn.result.valueBlock.value;
+      return Array.from(value, (element) => converter.fromASN(element));
+    } else {
+      return Array.from(asn1SchemaValue, (element) => converter.fromASN(element));
+    }
+  }
+  static processSinglePrimitiveItem(asn1SchemaValue, schemaItem, schemaItemType, converter) {
+    let value = asn1SchemaValue;
+    if (schemaItem.implicit) {
+      let newItem;
+      if (isConvertible(schemaItemType)) {
+        newItem = new schemaItemType().toSchema("");
+      } else {
+        const Asn1TypeName = AsnPropTypes[schemaItemType];
+        const Asn1Type = index_es_exports[Asn1TypeName];
+        if (!Asn1Type) {
+          throw new Error(`Cannot get '${Asn1TypeName}' class from asn1js module`);
+        }
+        newItem = new Asn1Type();
+      }
+      newItem.valueBlock = value.valueBlock;
+      value = fromBER(newItem.toBER(false)).result;
+    }
+    return converter.fromASN(value);
+  }
+  static processComplexSchemaItem(asn1SchemaValue, schemaItem, schemaItemType) {
+    if (schemaItem.repeated) {
+      if (!Array.isArray(asn1SchemaValue)) {
+        throw new Error("Cannot get list of items from the ASN.1 parsed value. ASN.1 value should be iterable.");
+      }
+      return Array.from(asn1SchemaValue, (element) => this.fromASN(element, schemaItemType));
+    } else {
+      const valueToProcess = this.handleImplicitTagging(asn1SchemaValue, schemaItem, schemaItemType);
+      if (this.isOptionalChoiceField(schemaItem)) {
+        try {
+          return this.fromASN(valueToProcess, schemaItemType);
+        } catch (err) {
+          if (err instanceof AsnSchemaValidationError && /Wrong values for Choice type/.test(err.message)) {
+            return void 0;
           }
+          throw err;
+        }
+      } else {
+        const parsedValue = this.fromASN(valueToProcess, schemaItemType);
+        if (schemaItem.raw) {
+          return {
+            value: parsedValue,
+            raw: asn1SchemaValue.valueBeforeDecodeView
+          };
         }
+        return parsedValue;
       }
-      return res;
-    } catch (error) {
-      if (error instanceof AsnSchemaValidationError) {
-        error.schemas.push(target.name);
+    }
+  }
+  static handleImplicitTagging(asn1SchemaValue, schemaItem, schemaItemType) {
+    if (schemaItem.implicit && typeof schemaItem.context === "number") {
+      const schema = schemaStorage.get(schemaItemType);
+      if (schema.type === AsnTypeTypes.Sequence) {
+        const newSeq = new Sequence();
+        if ("value" in asn1SchemaValue.valueBlock && Array.isArray(asn1SchemaValue.valueBlock.value) && "value" in newSeq.valueBlock) {
+          newSeq.valueBlock.value = asn1SchemaValue.valueBlock.value;
+          return newSeq;
+        }
+      } else if (schema.type === AsnTypeTypes.Set) {
+        const newSet = new Set();
+        if ("value" in asn1SchemaValue.valueBlock && Array.isArray(asn1SchemaValue.valueBlock.value) && "value" in newSet.valueBlock) {
+          newSet.valueBlock.value = asn1SchemaValue.valueBlock.value;
+          return newSet;
+        }
       }
-      throw error;
     }
+    return asn1SchemaValue;
   }
 };
 
@@ -6213,9 +6395,19 @@ async function createSelfSignedCertificate({
   }
   notAfter = notAfter || new Date(notBefore.getTime() + validity * 24 * 60 * 60 * 1e3);
   const alternativeNameExtensions = [];
-  dns && dns.forEach((d) => alternativeNameExtensions.push({ type: "dns", value: d }));
-  ip && ip.forEach((d) => alternativeNameExtensions.push({ type: "ip", value: d }));
-  applicationUri && alternativeNameExtensions.push({ type: "url", value: applicationUri });
+  if (dns) {
+    for (const d of dns) {
+      alternativeNameExtensions.push({ type: "dns", value: d });
+    }
+  }
+  if (ip) {
+    for (const d of ip) {
+      alternativeNameExtensions.push({ type: "ip", value: d });
+    }
+  }
+  if (applicationUri) {
+    alternativeNameExtensions.push({ type: "url", value: applicationUri });
+  }
   const ID_NETSCAPE_COMMENT = "2.16.840.1.113730.1.13";
   const s = new Subject(subject || "");
   const s1 = s.toStringInternal(", ");
@@ -6247,19 +6439,37 @@ async function createSelfSignedCertificate({
 // source/index_web.ts
 var asn1 = { readDirectoryName, readTag, readStruct, readAlgorithmIdentifier, readSignatureValueBin };
 
-// source_nodejs/read.ts
-var import_assert8 = __toESM(require("assert"));
+// source_nodejs/generate_private_key_filename.ts
 var import_node_fs = __toESM(require("fs"));
+var import_jsrsasign3 = __toESM(require("jsrsasign"));
+async function generatePrivateKeyFile(privateKeyFilename, modulusLength) {
+  const keys = await generateKeyPair(modulusLength);
+  const privateKeyPem = await privateKeyToPEM(keys.privateKey);
+  await import_node_fs.default.promises.writeFile(privateKeyFilename, privateKeyPem.privPem, "utf-8");
+  privateKeyPem.privPem = "";
+  privateKeyPem.privDer = new ArrayBuffer(0);
+}
+async function generatePrivateKeyFileAlternate(privateKeyFilename, modulusLength) {
+  const kp = import_jsrsasign3.default.KEYUTIL.generateKeypair("RSA", modulusLength);
+  const prv = kp.prvKeyObj;
+  const _pub = kp.pubKeyObj;
+  const prvpem = import_jsrsasign3.default.KEYUTIL.getPEM(prv, "PKCS8PRV");
+  await import_node_fs.default.promises.writeFile(privateKeyFilename, prvpem, "utf-8");
+}
+
+// source_nodejs/read.ts
+var import_node_assert8 = __toESM(require("assert"));
+var import_node_crypto6 = require("crypto");
+var import_node_fs2 = __toESM(require("fs"));
 var import_node_path = __toESM(require("path"));
-var import_crypto13 = require("crypto");
 var import_sshpk = __toESM(require("sshpk"));
 function _readPemFile(filename) {
-  (0, import_assert8.default)(typeof filename === "string");
-  return removeTrailingLF(import_node_fs.default.readFileSync(filename, "utf-8"));
+  (0, import_node_assert8.default)(typeof filename === "string");
+  return removeTrailingLF(import_node_fs2.default.readFileSync(filename, "utf-8"));
 }
 function _readPemOrDerFileAsDER(filename) {
   if (filename.match(/.*\.der/)) {
-    return import_node_fs.default.readFileSync(filename);
+    return import_node_fs2.default.readFileSync(filename);
   }
   const raw_key = _readPemFile(filename);
   return convertPEMtoDER(raw_key);
@@ -6269,34 +6479,35 @@ function readCertificate(filename) {
 }
 function readPublicKey(filename) {
   if (filename.match(/.*\.der/)) {
-    const der = import_node_fs.default.readFileSync(filename);
-    return (0, import_crypto13.createPublicKey)(der);
+    const der = import_node_fs2.default.readFileSync(filename);
+    return (0, import_node_crypto6.createPublicKey)(der);
   } else {
     const raw_key = _readPemFile(filename);
-    return (0, import_crypto13.createPublicKey)(raw_key);
+    return (0, import_node_crypto6.createPublicKey)(raw_key);
   }
 }
 function myCreatePrivateKey(rawKey) {
-  if (!import_crypto13.createPrivateKey || process.env.NO_CREATE_PRIVATEKEY) {
+  if (!import_node_crypto6.createPrivateKey || process.env.NO_CREATE_PRIVATEKEY) {
     if (Buffer.isBuffer(rawKey)) {
       const pemKey = toPem(rawKey, "PRIVATE KEY");
-      (0, import_assert8.default)(["RSA PRIVATE KEY", "PRIVATE KEY"].indexOf(identifyPemType(pemKey)) >= 0);
+      (0, import_node_assert8.default)(["RSA PRIVATE KEY", "PRIVATE KEY"].indexOf(identifyPemType(pemKey)) >= 0);
       return { hidden: pemKey };
     }
     return { hidden: ensureTrailingLF(rawKey) };
   }
   const backup = process.env.OPENSSL_CONF;
   process.env.OPENSSL_CONF = "/dev/null";
-  const retValue = (0, import_crypto13.createPrivateKey)(rawKey);
+  const retValue = (0, import_node_crypto6.createPrivateKey)(rawKey);
   process.env.OPENSSL_CONF = backup;
   return { hidden: retValue };
 }
 function ensureTrailingLF(str) {
-  return str.match(/\n$/) ? str : str + "\n";
+  return str.match(/\n$/) ? str : `${str}
+`;
 }
 function readPrivateKey(filename) {
   if (filename.match(/.*\.der/)) {
-    const der = import_node_fs.default.readFileSync(filename);
+    const der = import_node_fs2.default.readFileSync(filename);
     return myCreatePrivateKey(der);
   } else {
     const raw_key = _readPemFile(filename);
@@ -6325,32 +6536,32 @@ function getCertificateStore() {
   return _g_certificate_store;
 }
 function readPrivateRsaKey(filename) {
-  if (!import_crypto13.createPrivateKey) {
+  if (!import_node_crypto6.createPrivateKey) {
     throw new Error("createPrivateKey is not supported in this environment");
   }
-  if (filename.substring(0, 1) !== "." && !import_node_fs.default.existsSync(filename)) {
+  if (filename.substring(0, 1) !== "." && !import_node_fs2.default.existsSync(filename)) {
     filename = import_node_path.default.join(getCertificateStore(), filename);
   }
-  const content = import_node_fs.default.readFileSync(filename, "utf8");
+  const content = import_node_fs2.default.readFileSync(filename, "utf8");
   const sshKey = import_sshpk.default.parsePrivateKey(content, "auto");
   const key = sshKey.toString("pkcs1");
-  const hidden = (0, import_crypto13.createPrivateKey)({ format: "pem", type: "pkcs1", key });
+  const hidden = (0, import_node_crypto6.createPrivateKey)({ format: "pem", type: "pkcs1", key });
   return { hidden };
 }
 function readPublicRsaKey(filename) {
-  if (filename.substring(0, 1) !== "." && !import_node_fs.default.existsSync(filename)) {
+  if (filename.substring(0, 1) !== "." && !import_node_fs2.default.existsSync(filename)) {
     filename = import_node_path.default.join(getCertificateStore(), filename);
   }
-  const content = import_node_fs.default.readFileSync(filename, "utf-8");
+  const content = import_node_fs2.default.readFileSync(filename, "utf-8");
   const sshKey = import_sshpk.default.parseKey(content, "ssh");
   const key = sshKey.toString("pkcs1");
-  return (0, import_crypto13.createPublicKey)({ format: "pem", type: "pkcs1", key });
+  return (0, import_node_crypto6.createPublicKey)({ format: "pem", type: "pkcs1", key });
 }
 
 // source_nodejs/read_certificate_revocation_list.ts
-var import_node_fs2 = __toESM(require("fs"));
+var import_node_fs3 = __toESM(require("fs"));
 async function readCertificateRevocationList(filename) {
-  const crl = await import_node_fs2.default.promises.readFile(filename);
+  const crl = await import_node_fs3.default.promises.readFile(filename);
   if (crl[0] === 48 && crl[1] === 130) {
     return crl;
   }
@@ -6359,33 +6570,15 @@ async function readCertificateRevocationList(filename) {
 }
 
 // source_nodejs/read_certificate_signing_request.ts
-var import_node_fs3 = __toESM(require("fs"));
+var import_node_fs4 = __toESM(require("fs"));
 async function readCertificateSigningRequest(filename) {
-  const csr = await import_node_fs3.default.promises.readFile(filename);
+  const csr = await import_node_fs4.default.promises.readFile(filename);
   if (csr[0] === 48 && csr[1] === 130) {
     return csr;
   }
   const raw_crl = csr.toString();
   return convertPEMtoDER(raw_crl);
 }
-
-// source_nodejs/generate_private_key_filename.ts
-var import_node_fs4 = __toESM(require("fs"));
-var import_jsrsasign3 = __toESM(require("jsrsasign"));
-async function generatePrivateKeyFile(privateKeyFilename, modulusLength) {
-  const keys = await generateKeyPair(modulusLength);
-  const privateKeyPem = await privateKeyToPEM(keys.privateKey);
-  await import_node_fs4.default.promises.writeFile(privateKeyFilename, privateKeyPem.privPem, "utf-8");
-  privateKeyPem.privPem = "";
-  privateKeyPem.privDer = new ArrayBuffer(0);
-}
-async function generatePrivateKeyFileAlternate(privateKeyFilename, modulusLength) {
-  const kp = import_jsrsasign3.default.KEYUTIL.generateKeypair("RSA", modulusLength);
-  const prv = kp.prvKeyObj;
-  const pub = kp.pubKeyObj;
-  const prvpem = import_jsrsasign3.default.KEYUTIL.getPEM(prv, "PKCS8PRV");
-  await import_node_fs4.default.promises.writeFile(privateKeyFilename, prvpem, "utf-8");
-}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   CertificatePurpose,
@@ -6481,7 +6674,7 @@ pvtsutils/build/index.es.js:
   (*!
    * MIT License
    * 
-   * Copyright (c) 2017-2022 Peculiar Ventures, LLC
+   * Copyright (c) 2017-2024 Peculiar Ventures, LLC
    * 
    * Permission is hereby granted, free of charge, to any person obtaining a copy
    * of this software and associated documentation files (the "Software"), to deal