node-opcua-crypto 4.9.3 → 4.10.0

package/dist/{chunk-WYY6WVVJ.mjs → chunk-GNEWUC7X.mjs}

@@ -6,7 +6,7 @@ import {
   privateKeyToPEM,
   removeTrailingLF,
   toPem
-} from "./chunk-VAMKYXNP.mjs";
+} from "./chunk-46EEAYVO.mjs";
 
 // source_nodejs/read.ts
 import assert from "assert";
@@ -170,4 +170,4 @@ export {
   generatePrivateKeyFile,
   generatePrivateKeyFileAlternate
 };
-//# sourceMappingURL=chunk-WYY6WVVJ.mjs.map
+//# sourceMappingURL=chunk-GNEWUC7X.mjs.map

package/dist/chunk-GNEWUC7X.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../source_nodejs/read.ts","../source_nodejs/read_certificate_revocation_list.ts","../source_nodejs/read_certificate_signing_request.ts","../source_nodejs/generate_private_key_filename.ts"],"sourcesContent":["// ---------------------------------------------------------------------------------------------------------------------\n// node-opcua-crypto\n// ---------------------------------------------------------------------------------------------------------------------\n// Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org\n// Copyright (c) 2022-2024 - Sterfive.com\n// ---------------------------------------------------------------------------------------------------------------------\n//\n// This  project is licensed under the terms of the MIT license.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated\n// documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the\n// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to\n// permit persons to whom the Software is furnished to do so,  subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the\n// Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE\n// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\n// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n// ---------------------------------------------------------------------------------------------------------------------\n\nimport assert from \"assert\";\nimport fs from \"fs\";\nimport path from \"path\";\nimport { createPrivateKey, createPublicKey } from \"crypto\";\nimport { Certificate, CertificatePEM, DER, PEM, PublicKey, PublicKeyPEM, PrivateKeyPEM, PrivateKey } from \"../source/common.js\";\nimport { convertPEMtoDER, identifyPemType, removeTrailingLF, toPem } from \"../source/crypto_utils.js\";\nimport sshpk from \"sshpk\";\nimport { fileURLToPath } from \"url\";\n\nfunction _readPemFile(filename: string): PEM {\n    assert(typeof filename === \"string\");\n    return removeTrailingLF(fs.readFileSync(filename, \"utf-8\"));\n}\n\nfunction _readPemOrDerFileAsDER(filename: string): DER {\n    if (filename.match(/.*\\.der/)) {\n        return fs.readFileSync(filename) as Buffer;\n    }\n    const raw_key: string = _readPemFile(filename);\n    return convertPEMtoDER(raw_key);\n}\n\n/**\n * read a DER or PEM certificate from file\n */\nexport function readCertificate(filename: string): Certificate {\n    return _readPemOrDerFileAsDER(filename) as Certificate;\n}\n\n/**\n * read a DER or PEM certificate from file\n */\nexport function readPublicKey(filename: string): PublicKey {\n    if (filename.match(/.*\\.der/)) {\n        const der = fs.readFileSync(filename) as Buffer;\n        return createPublicKey(der);\n    } else {\n        const raw_key: string = _readPemFile(filename);\n        return createPublicKey(raw_key);\n    }\n}\n\n// console.log(\"createPrivateKey\", (crypto as any).createPrivateKey, process.env.NO_CREATE_PRIVATEKEY);\n\nfunction myCreatePrivateKey(rawKey: string | Buffer): PrivateKey {\n    if (!createPrivateKey || process.env.NO_CREATE_PRIVATEKEY) {\n        // we are not running nodejs or createPrivateKey is not supported in the environment\n        if (rawKey instanceof Buffer) {\n            const pemKey = toPem(rawKey, \"PRIVATE KEY\");\n            assert([\"RSA PRIVATE KEY\", \"PRIVATE KEY\"].indexOf(identifyPemType(pemKey) as string) >= 0);\n            return { hidden: pemKey };\n        }\n        return { hidden: ensureTrailingLF(rawKey) };\n    }\n    // see https://askubuntu.com/questions/1409458/openssl-config-cuases-error-in-node-js-crypto-how-should-the-config-be-updated\n    const backup = process.env.OPENSSL_CONF;\n    process.env.OPENSSL_CONF = \"/dev/null\";\n    const retValue = createPrivateKey(rawKey);\n    process.env.OPENSSL_CONF = backup;\n    return { hidden: retValue };\n}\n\nexport function makePrivateKeyThumbPrint(privateKey: PrivateKey): Buffer {\n    //   // .export({ format: \"der\", type: \"pkcs1\" });\n    //   if (typeof privateKey === \"string\") {\n    //\n    //   } else {\n    //    return makeSHA1Thumbprint(privateKey.hidden);\n    //   }\n    // to do\n    return Buffer.alloc(0);\n}\n\nfunction ensureTrailingLF(str: string): string {\n    return str.match(/\\n$/) ? str : str + \"\\n\";\n}\n/**\n * read a DER or PEM certificate from file\n */\nexport function readPrivateKey(filename: string): PrivateKey {\n    if (filename.match(/.*\\.der/)) {\n        const der: Buffer = fs.readFileSync(filename);\n        return myCreatePrivateKey(der);\n    } else {\n        const raw_key: string = _readPemFile(filename);\n        return myCreatePrivateKey(raw_key);\n    }\n}\n\nexport function readCertificatePEM(filename: string): CertificatePEM {\n    return _readPemFile(filename);\n}\n\nexport function readPublicKeyPEM(filename: string): PublicKeyPEM {\n    return _readPemFile(filename);\n}\n/**\n *\n * @deprecated\n */\nexport function readPrivateKeyPEM(filename: string): PrivateKeyPEM {\n    return _readPemFile(filename);\n}\n\nlet _g_certificate_store: string = \"\";\n\nexport function setCertificateStore(store: string): string {\n    const old_store = _g_certificate_store;\n    _g_certificate_store = store;\n    return old_store;\n}\nexport function getCertificateStore(): string {\n    if (!_g_certificate_store) {\n        _g_certificate_store = path.join(__dirname, \"../../certificates/\");\n    }\n    return _g_certificate_store;\n}\n/**\n *\n * @param filename\n */\nexport function readPrivateRsaKey(filename: string): PrivateKey {\n    if (!createPrivateKey) {\n        throw new Error(\"createPrivateKey is not supported in this environment\");\n    }\n    if (filename.substring(0, 1) !== \".\" && !fs.existsSync(filename)) {\n        filename = path.join(getCertificateStore(),filename);\n    }\n    const content = fs.readFileSync(filename, \"utf8\");\n    const sshKey = sshpk.parsePrivateKey(content, \"auto\");\n    const key = sshKey.toString(\"pkcs1\") as PEM;\n    const hidden = createPrivateKey({ format: \"pem\", type: \"pkcs1\", key });\n    return { hidden };\n}\n\nexport function readPublicRsaKey(filename: string): PublicKey {\n    if (filename.substring(0, 1) !== \".\" && !fs.existsSync(filename)) {\n        filename = path.join(getCertificateStore(), filename);\n    }\n    const content = fs.readFileSync(filename, \"utf-8\");\n    const sshKey = sshpk.parseKey(content, \"ssh\");\n    const key = sshKey.toString(\"pkcs1\") as PEM;\n    return createPublicKey({ format: \"pem\", type: \"pkcs1\", key });\n}\n","// ---------------------------------------------------------------------------------------------------------------------\n// node-opcua-crypto\n// ---------------------------------------------------------------------------------------------------------------------\n// Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org\n// Copyright (c) 2022-2024 - Sterfive.com\n// ---------------------------------------------------------------------------------------------------------------------\n//\n// This  project is licensed under the terms of the MIT license.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated\n// documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the\n// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to\n// permit persons to whom the Software is furnished to do so,  subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the\n// Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE\n// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\n// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n// ---------------------------------------------------------------------------------------------------------------------\n\nimport fs from \"fs\";\nimport { promisify } from \"util\";\nimport { convertPEMtoDER } from \"../source/crypto_utils.js\";\nimport { CertificateRevocationList } from \"../source/common.js\";\n\nexport async function readCertificateRevocationList(filename: string): Promise<CertificateRevocationList> {\n    const crl = await promisify(fs.readFile)(filename);\n    if (crl[0] === 0x30 && crl[1] === 0x82) {\n        // der format\n        return crl as CertificateRevocationList;\n    }\n    const raw_crl = crl.toString();\n    return convertPEMtoDER(raw_crl);\n}\n","// ---------------------------------------------------------------------------------------------------------------------\n// node-opcua-crypto\n// ---------------------------------------------------------------------------------------------------------------------\n// Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org\n// Copyright (c) 2022-2024 - Sterfive.com\n// ---------------------------------------------------------------------------------------------------------------------\n//\n// This  project is licensed under the terms of the MIT license.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated\n// documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the\n// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to\n// permit persons to whom the Software is furnished to do so,  subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the\n// Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE\n// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\n// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n// ---------------------------------------------------------------------------------------------------------------------\n\nimport fs from \"fs\";\nimport { promisify } from \"util\";\nimport { convertPEMtoDER } from \"../source/crypto_utils.js\";\nimport { CertificateRevocationList } from \"../source/common.js\";\n\nexport type CertificateSigningRequest = Buffer;\n\nexport async function readCertificateSigningRequest(filename: string): Promise<CertificateSigningRequest> {\n    const csr = await promisify(fs.readFile)(filename);\n    if (csr[0] === 0x30 && csr[1] === 0x82) {\n        // der format\n        return csr as CertificateRevocationList;\n    }\n    const raw_crl = csr.toString();\n    return convertPEMtoDER(raw_crl);\n}\n","// ---------------------------------------------------------------------------------------------------------------------\n// node-opcua-crypto\n// ---------------------------------------------------------------------------------------------------------------------\n// Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org\n// Copyright (c) 2022-2024 - Sterfive.com\n// ---------------------------------------------------------------------------------------------------------------------\n//\n// This  project is licensed under the terms of the MIT license.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated\n// documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the\n// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to\n// permit persons to whom the Software is furnished to do so,  subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the\n// Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE\n// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\n// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n// ---------------------------------------------------------------------------------------------------------------------\n\nimport fs from \"fs\";\nimport { generateKeyPair, privateKeyToPEM } from \"../source/index.js\";\nimport jsrsasign from \"jsrsasign\";\nexport async function generatePrivateKeyFile(privateKeyFilename: string, modulusLength: 1024 | 2048 | 3072 | 4096) {\n    const keys = await generateKeyPair(modulusLength);\n    const privateKeyPem = await privateKeyToPEM(keys.privateKey);\n    await fs.promises.writeFile(privateKeyFilename, privateKeyPem.privPem, \"utf-8\");\n    privateKeyPem.privPem = \"\";\n    privateKeyPem.privDer = new Uint8Array(0);\n}\n\n/**\n * alternate function to generate PrivateKeyFile, using jsrsasign.\n * \n * This function is slower than generatePrivateKeyFile\n */\nexport async function generatePrivateKeyFileAlternate(privateKeyFilename: string, modulusLength: 2048 | 3072 | 4096) {\n    \n    const kp = jsrsasign.KEYUTIL.generateKeypair(\"RSA\", modulusLength);\n    const prv = kp.prvKeyObj;\n    const pub = kp.pubKeyObj;\n    const prvpem = jsrsasign.KEYUTIL.getPEM(prv, \"PKCS8PRV\");\n    // const pubpem = jsrsasign.KEYUTIL.getPEM(pub, \"PKCS8PUB\");\n    await fs.promises.writeFile(privateKeyFilename, prvpem, \"utf-8\");\n}\n"],"mappings":";;;;;;;;;;;AAuBA,OAAO,YAAY;AACnB,OAAO,QAAQ;AACf,OAAO,UAAU;AACjB,SAAS,kBAAkB,uBAAuB;AAGlD,OAAO,WAAW;AAGlB,SAAS,aAAa,UAAuB;AACzC,SAAO,OAAO,aAAa,QAAQ;AACnC,SAAO,iBAAiB,GAAG,aAAa,UAAU,OAAO,CAAC;AAC9D;AAEA,SAAS,uBAAuB,UAAuB;AACnD,MAAI,SAAS,MAAM,SAAS,GAAG;AAC3B,WAAO,GAAG,aAAa,QAAQ;AAAA,EACnC;AACA,QAAM,UAAkB,aAAa,QAAQ;AAC7C,SAAO,gBAAgB,OAAO;AAClC;AAKO,SAAS,gBAAgB,UAA+B;AAC3D,SAAO,uBAAuB,QAAQ;AAC1C;AAKO,SAAS,cAAc,UAA6B;AACvD,MAAI,SAAS,MAAM,SAAS,GAAG;AAC3B,UAAM,MAAM,GAAG,aAAa,QAAQ;AACpC,WAAO,gBAAgB,GAAG;AAAA,EAC9B,OAAO;AACH,UAAM,UAAkB,aAAa,QAAQ;AAC7C,WAAO,gBAAgB,OAAO;AAAA,EAClC;AACJ;AAIA,SAAS,mBAAmB,QAAqC;AAC7D,MAAI,CAAC,oBAAoB,QAAQ,IAAI,sBAAsB;AAEvD,QAAI,kBAAkB,QAAQ;AAC1B,YAAM,SAAS,MAAM,QAAQ,aAAa;AAC1C,aAAO,CAAC,mBAAmB,aAAa,EAAE,QAAQ,gBAAgB,MAAM,CAAW,KAAK,CAAC;AACzF,aAAO,EAAE,QAAQ,OAAO;AAAA,IAC5B;AACA,WAAO,EAAE,QAAQ,iBAAiB,MAAM,EAAE;AAAA,EAC9C;AAEA,QAAM,SAAS,QAAQ,IAAI;AAC3B,UAAQ,IAAI,eAAe;AAC3B,QAAM,WAAW,iBAAiB,MAAM;AACxC,UAAQ,IAAI,eAAe;AAC3B,SAAO,EAAE,QAAQ,SAAS;AAC9B;AAEO,SAAS,yBAAyB,YAAgC;AAQrE,SAAO,OAAO,MAAM,CAAC;AACzB;AAEA,SAAS,iBAAiB,KAAqB;AAC3C,SAAO,IAAI,MAAM,KAAK,IAAI,MAAM,MAAM;AAC1C;AAIO,SAAS,eAAe,UAA8B;AACzD,MAAI,SAAS,MAAM,SAAS,GAAG;AAC3B,UAAM,MAAc,GAAG,aAAa,QAAQ;AAC5C,WAAO,mBAAmB,GAAG;AAAA,EACjC,OAAO;AACH,UAAM,UAAkB,aAAa,QAAQ;AAC7C,WAAO,mBAAmB,OAAO;AAAA,EACrC;AACJ;AAEO,SAAS,mBAAmB,UAAkC;AACjE,SAAO,aAAa,QAAQ;AAChC;AAEO,SAAS,iBAAiB,UAAgC;AAC7D,SAAO,aAAa,QAAQ;AAChC;AAKO,SAAS,kBAAkB,UAAiC;AAC/D,SAAO,aAAa,QAAQ;AAChC;AAEA,IAAI,uBAA+B;AAE5B,SAAS,oBAAoB,OAAuB;AACvD,QAAM,YAAY;AAClB,yBAAuB;AACvB,SAAO;AACX;AACO,SAAS,sBAA8B;AAC1C,MAAI,CAAC,sBAAsB;AACvB,2BAAuB,KAAK,KAAK,WAAW,qBAAqB;AAAA,EACrE;AACA,SAAO;AACX;AAKO,SAAS,kBAAkB,UAA8B;AAC5D,MAAI,CAAC,kBAAkB;AACnB,UAAM,IAAI,MAAM,uDAAuD;AAAA,EAC3E;AACA,MAAI,SAAS,UAAU,GAAG,CAAC,MAAM,OAAO,CAAC,GAAG,WAAW,QAAQ,GAAG;AAC9D,eAAW,KAAK,KAAK,oBAAoB,GAAE,QAAQ;AAAA,EACvD;AACA,QAAM,UAAU,GAAG,aAAa,UAAU,MAAM;AAChD,QAAM,SAAS,MAAM,gBAAgB,SAAS,MAAM;AACpD,QAAM,MAAM,OAAO,SAAS,OAAO;AACnC,QAAM,SAAS,iBAAiB,EAAE,QAAQ,OAAO,MAAM,SAAS,IAAI,CAAC;AACrE,SAAO,EAAE,OAAO;AACpB;AAEO,SAAS,iBAAiB,UAA6B;AAC1D,MAAI,SAAS,UAAU,GAAG,CAAC,MAAM,OAAO,CAAC,GAAG,WAAW,QAAQ,GAAG;AAC9D,eAAW,KAAK,KAAK,oBAAoB,GAAG,QAAQ;AAAA,EACxD;AACA,QAAM,UAAU,GAAG,aAAa,UAAU,OAAO;AACjD,QAAM,SAAS,MAAM,SAAS,SAAS,KAAK;AAC5C,QAAM,MAAM,OAAO,SAAS,OAAO;AACnC,SAAO,gBAAgB,EAAE,QAAQ,OAAO,MAAM,SAAS,IAAI,CAAC;AAChE;;;AC/IA,OAAOA,SAAQ;AACf,SAAS,iBAAiB;AAI1B,eAAsB,8BAA8B,UAAsD;AACtG,QAAM,MAAM,MAAM,UAAUC,IAAG,QAAQ,EAAE,QAAQ;AACjD,MAAI,IAAI,CAAC,MAAM,MAAQ,IAAI,CAAC,MAAM,KAAM;AAEpC,WAAO;AAAA,EACX;AACA,QAAM,UAAU,IAAI,SAAS;AAC7B,SAAO,gBAAgB,OAAO;AAClC;;;ACbA,OAAOC,SAAQ;AACf,SAAS,aAAAC,kBAAiB;AAM1B,eAAsB,8BAA8B,UAAsD;AACtG,QAAM,MAAM,MAAMC,WAAUC,IAAG,QAAQ,EAAE,QAAQ;AACjD,MAAI,IAAI,CAAC,MAAM,MAAQ,IAAI,CAAC,MAAM,KAAM;AAEpC,WAAO;AAAA,EACX;AACA,QAAM,UAAU,IAAI,SAAS;AAC7B,SAAO,gBAAgB,OAAO;AAClC;;;ACfA,OAAOC,SAAQ;AAEf,OAAO,eAAe;AACtB,eAAsB,uBAAuB,oBAA4B,eAA0C;AAC/G,QAAM,OAAO,MAAM,gBAAgB,aAAa;AAChD,QAAM,gBAAgB,MAAM,gBAAgB,KAAK,UAAU;AAC3D,QAAMC,IAAG,SAAS,UAAU,oBAAoB,cAAc,SAAS,OAAO;AAC9E,gBAAc,UAAU;AACxB,gBAAc,UAAU,IAAI,WAAW,CAAC;AAC5C;AAOA,eAAsB,gCAAgC,oBAA4B,eAAmC;AAEjH,QAAM,KAAK,UAAU,QAAQ,gBAAgB,OAAO,aAAa;AACjE,QAAM,MAAM,GAAG;AACf,QAAM,MAAM,GAAG;AACf,QAAM,SAAS,UAAU,QAAQ,OAAO,KAAK,UAAU;AAEvD,QAAMA,IAAG,SAAS,UAAU,oBAAoB,QAAQ,OAAO;AACnE;","names":["fs","fs","fs","promisify","promisify","fs","fs","fs"]}

package/dist/chunk-VI4S2NM5.mjs

@@ -0,0 +1,38 @@
+import {
+  TagType,
+  _readStruct,
+  hexDump,
+  readTag
+} from "./chunk-46EEAYVO.mjs";
+
+// source/explore_asn1.ts
+function t(tag) {
+  return TagType[tag];
+}
+function bi(blockInfo, depth) {
+  const indent = "  ".repeat(depth);
+  const hl = blockInfo.position - blockInfo.start;
+  return `${blockInfo.start.toString().padStart(5, " ")}:d=${depth} hl=${hl.toString().padEnd(3, " ")}  l=${blockInfo.length.toString().padStart(6, " ")} ${blockInfo.tag.toString(16).padEnd(2, " ")} ${indent} ${t(blockInfo.tag)}`;
+}
+function exploreAsn1(buffer) {
+  console.log(hexDump(buffer));
+  function dump(offset, depth) {
+    const blockInfo = readTag(buffer, offset);
+    dumpBlock(blockInfo, depth);
+    function dumpBlock(blockInfo2, depth2) {
+      console.log(bi(blockInfo2, depth2));
+      if (blockInfo2.tag === 48 /* SEQUENCE */ || blockInfo2.tag === 49 /* SET */ || blockInfo2.tag >= 160 /* CONTEXT_SPECIFIC0 */) {
+        const blocks = _readStruct(buffer, blockInfo2);
+        for (const block of blocks) {
+          dumpBlock(block, depth2 + 1);
+        }
+      }
+    }
+  }
+  dump(0, 0);
+}
+
+export {
+  exploreAsn1
+};
+//# sourceMappingURL=chunk-VI4S2NM5.mjs.map

package/dist/chunk-VI4S2NM5.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../source/explore_asn1.ts"],"sourcesContent":["import { BlockInfo, readTag, _readStruct, TagType } from \"./asn1\";\nimport { hexDump } from \"./crypto_utils\";\n\nfunction t(tag: number) {\n    // convert Asn1 tag to string\n    return TagType[tag];\n}\nfunction bi(blockInfo: BlockInfo, depth: number) {\n    const indent = \"  \".repeat(depth);\n    const hl = blockInfo.position - blockInfo.start; // header length\n    return `${blockInfo.start.toString().padStart(5, \" \")}:d=${depth} hl=${hl.toString().padEnd(3, \" \")}  l=${blockInfo.length\n        .toString()\n        .padStart(6, \" \")} ${blockInfo.tag.toString(16).padEnd(2, \" \")} ${indent} ${t(blockInfo.tag)}`;\n}\n\nexport function exploreAsn1(buffer: Buffer) {\n    console.log(hexDump(buffer));\n\n    function dump(offset: number, depth: number) {\n        const blockInfo = readTag(buffer, offset);\n        dumpBlock(blockInfo, depth);\n\n        function dumpBlock(blockInfo: BlockInfo, depth: number) {\n            console.log(bi(blockInfo, depth));\n            if (blockInfo.tag === TagType.SEQUENCE || blockInfo.tag === TagType.SET || blockInfo.tag >= TagType.CONTEXT_SPECIFIC0) {\n                const blocks = _readStruct(buffer, blockInfo);\n                for (const block of blocks) {\n                    dumpBlock(block, depth +1);\n                }\n            }\n        }\n    }\n    dump(0, 0);\n}\n"],"mappings":";;;;;;;;AAGA,SAAS,EAAE,KAAa;AAEpB,SAAO,QAAQ,GAAG;AACtB;AACA,SAAS,GAAG,WAAsB,OAAe;AAC7C,QAAM,SAAS,KAAK,OAAO,KAAK;AAChC,QAAM,KAAK,UAAU,WAAW,UAAU;AAC1C,SAAO,GAAG,UAAU,MAAM,SAAS,EAAE,SAAS,GAAG,GAAG,CAAC,MAAM,KAAK,OAAO,GAAG,SAAS,EAAE,OAAO,GAAG,GAAG,CAAC,OAAO,UAAU,OAC/G,SAAS,EACT,SAAS,GAAG,GAAG,CAAC,IAAI,UAAU,IAAI,SAAS,EAAE,EAAE,OAAO,GAAG,GAAG,CAAC,IAAI,MAAM,IAAI,EAAE,UAAU,GAAG,CAAC;AACpG;AAEO,SAAS,YAAY,QAAgB;AACxC,UAAQ,IAAI,QAAQ,MAAM,CAAC;AAE3B,WAAS,KAAK,QAAgB,OAAe;AACzC,UAAM,YAAY,QAAQ,QAAQ,MAAM;AACxC,cAAU,WAAW,KAAK;AAE1B,aAAS,UAAUA,YAAsBC,QAAe;AACpD,cAAQ,IAAI,GAAGD,YAAWC,MAAK,CAAC;AAChC,UAAID,WAAU,6BAA4BA,WAAU,wBAAuBA,WAAU,oCAAkC;AACnH,cAAM,SAAS,YAAY,QAAQA,UAAS;AAC5C,mBAAW,SAAS,QAAQ;AACxB,oBAAU,OAAOC,SAAO,CAAC;AAAA,QAC7B;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ;AACA,OAAK,GAAG,CAAC;AACb;","names":["blockInfo","depth"]}

package/dist/index.d.mts

@@ -1,5 +1,6 @@
 export { C as Certificate, d as CertificatePEM, h as CertificatePurpose, g as CertificateRevocationList, D as DER, K as KeyObject, N as Nonce, b as PEM, P as PrivateKey, e as PrivateKeyPEM, a as PublicKey, f as PublicKeyPEM, S as Signature, c as createPrivateKeyFromNodeJSCrypto, i as isKeyObject } from './common-CFr95Map.mjs';
-export { AlgorithmIdentifier, AttributeTypeAndValue, AuthorityKeyIdentifier, BasicConstraints, BitString, BlockInfo, CertificateExtension, CertificateInfo, CertificateInternals, CertificateRevocationListInfo, CertificateSerialNumber, CertificateSigningRequestInfo, ComputeDerivedKeysOptions, CreateSelfSignCertificateOptions, DerivedKeys, DirectoryName, ExtensionRequest, Extensions, Name, PaddingAlgorithm, PrivateKeyInternals, PublicKeyLength, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_PADDING, RevokedCertificate, SignatureValue, Subject, SubjectOptions, SubjectPublicKey, SubjectPublicKeyInfo, TBSCertList, TagType, TbsCertificate, Validity, VerifyChunkSignatureOptions, VerifyMessageChunkSignatureOptions, Version, X509ExtKeyUsage, X509KeyUsage, _VerifyStatus, _coercePrivateKey, _findBlockAtIndex, _getBlock, _readAlgorithmIdentifier, _readBitString, _readBooleanValue, _readDirectoryName, _readECCAlgorithmIdentifier, _readExtension, _readIntegerAsByteString, _readIntegerValue, _readListOfInteger, _readLongIntegerValue, _readObjectIdentifier, _readOctetString, _readSignatureValue, _readSignatureValueBin, _readStruct, _readTime, _readValue, _readVersionValue, certificateMatchesPrivateKey, coerceCertificate, coerceCertificatePem, coercePEMorDerToPrivateKey, coercePrivateKeyPem, coercePublicKeyPem, coerceRsaPublicKeyPem, combine_der, compactDirectoryName, computeDerivedKeys, computePaddingFooter, convertPEMtoDER, createCertificateSigningRequest, createSelfSignedCertificate, decryptBufferWithDerivedKeys, derToPrivateKey, encryptBufferWithDerivedKeys, exploreCertificate, exploreCertificateInfo, exploreCertificateRevocationList, exploreCertificateSigningRequest, explorePrivateKey, extractPublicKeyFromCertificate, extractPublicKeyFromCertificateSync, formatBuffer2DigitHexWithColum, generateKeyPair, generatePrivateKey, hexDump, identifyPemType, makeMessageChunkSignature, makeMessageChunkSignatureWithDerivedKeys, makePrivateKeyFromPem, makePseudoRandomBuffer, makeSHA1Thumbprint, parseBitString, pemToPrivateKey, privateDecrypt, privateDecrypt_long, privateDecrypt_native, privateKeyToPEM, publicEncrypt, publicEncrypt_long, publicEncrypt_native, publicKeyAndPrivateKeyMatches, readCertificationRequestInfo, readNameForCrl, readTag, readTbsCertificate, reduceLength, removePadding, removeTrailingLF, rsaLengthPrivateKey, rsaLengthPublicKey, rsaLengthRsaPublicKey, split_der, toPem, toPem2, verifyCertificateChain, verifyCertificateOrClrSignature, verifyCertificateRevocationListSignature, verifyCertificateSignature, verifyChunkSignature, verifyChunkSignatureWithDerivedKeys, verifyMessageChunkSignature } from './source/index.mjs';
+export { AlgorithmIdentifier, AttributeTypeAndValue, AuthorityKeyIdentifier, BasicConstraints, BitString, BlockInfo, CertificateExtension, CertificateInfo, CertificateInternals, CertificateRevocationListInfo, CertificateSerialNumber, CertificateSigningRequestInfo, ComputeDerivedKeysOptions, CreateSelfSignCertificateOptions, DerivedKeys, DirectoryName, ExtensionRequest, Extensions, Name, PaddingAlgorithm, PrivateKeyInternals, PublicKeyLength, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_PADDING, RevokedCertificate, SignatureValue, Subject, SubjectOptions, SubjectPublicKey, SubjectPublicKeyInfo, TBSCertList, TagType, TbsCertificate, Validity, VerifyChunkSignatureOptions, VerifyMessageChunkSignatureOptions, Version, X509ExtKeyUsage, X509KeyUsage, _VerifyStatus, _coercePrivateKey, _findBlockAtIndex, _getBlock, _readAlgorithmIdentifier, _readBitString, _readBooleanValue, _readDirectoryName, _readECCAlgorithmIdentifier, _readExtension, _readIntegerAsByteString, _readIntegerValue, _readListOfInteger, _readLongIntegerValue, _readObjectIdentifier, _readOctetString, _readSignatureValue, _readSignatureValueBin, _readStruct, _readTime, _readValue, _readVersionValue, certificateMatchesPrivateKey, coerceCertificate, coerceCertificatePem, coercePEMorDerToPrivateKey, coercePrivateKeyPem, coercePublicKeyPem, coerceRsaPublicKeyPem, combine_der, compactDirectoryName, computeDerivedKeys, computePaddingFooter, convertPEMtoDER, createCertificateSigningRequest, createSelfSignedCertificate, decryptBufferWithDerivedKeys, derToPrivateKey, encryptBufferWithDerivedKeys, exploreCertificate, exploreCertificateInfo, exploreCertificateRevocationList, exploreCertificateSigningRequest, explorePrivateKey, extractPublicKeyFromCertificate, extractPublicKeyFromCertificateSync, formatBuffer2DigitHexWithColum, generateKeyPair, generatePrivateKey, hexDump, identifyPemType, makeMessageChunkSignature, makeMessageChunkSignatureWithDerivedKeys, makePrivateKeyFromPem, makePseudoRandomBuffer, makeSHA1Thumbprint, parseBitString, pemToPrivateKey, privateDecrypt, privateDecrypt_long, privateDecrypt_native, privateKeyToPEM, publicEncrypt, publicEncrypt_long, publicEncrypt_native, publicKeyAndPrivateKeyMatches, readCertificationRequestInfo, readNameForCrl, readTag, readTbsCertificate, reduceLength, removePadding, removeTrailingLF, rsaLengthPrivateKey, rsaLengthPublicKey, rsaLengthRsaPublicKey, split_der, toPem, toPem2, verifyCertificateChain, verifyCertificateOrClrSignature, verifyCertificateRevocationListSignature, verifyCertificateSignature, verifyChunkSignature, verifyChunkSignatureWithDerivedKeys, verifyMessageChunkSignature } from './source/index_web.mjs';
+export { exploreAsn1 } from './source/index.mjs';
 export { CertificateSigningRequest, generatePrivateKeyFile, generatePrivateKeyFileAlternate, getCertificateStore, makePrivateKeyThumbPrint, readCertificate, readCertificatePEM, readCertificateRevocationList, readCertificateSigningRequest, readPrivateKey, readPrivateKeyPEM, readPrivateRsaKey, readPublicKey, readPublicKeyPEM, readPublicRsaKey, setCertificateStore } from './source_nodejs/index.mjs';
 import 'crypto';
 import '@peculiar/x509';

package/dist/index.d.ts

@@ -1,5 +1,6 @@
 export { C as Certificate, d as CertificatePEM, h as CertificatePurpose, g as CertificateRevocationList, D as DER, K as KeyObject, N as Nonce, b as PEM, P as PrivateKey, e as PrivateKeyPEM, a as PublicKey, f as PublicKeyPEM, S as Signature, c as createPrivateKeyFromNodeJSCrypto, i as isKeyObject } from './common-CFr95Map.js';
-export { AlgorithmIdentifier, AttributeTypeAndValue, AuthorityKeyIdentifier, BasicConstraints, BitString, BlockInfo, CertificateExtension, CertificateInfo, CertificateInternals, CertificateRevocationListInfo, CertificateSerialNumber, CertificateSigningRequestInfo, ComputeDerivedKeysOptions, CreateSelfSignCertificateOptions, DerivedKeys, DirectoryName, ExtensionRequest, Extensions, Name, PaddingAlgorithm, PrivateKeyInternals, PublicKeyLength, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_PADDING, RevokedCertificate, SignatureValue, Subject, SubjectOptions, SubjectPublicKey, SubjectPublicKeyInfo, TBSCertList, TagType, TbsCertificate, Validity, VerifyChunkSignatureOptions, VerifyMessageChunkSignatureOptions, Version, X509ExtKeyUsage, X509KeyUsage, _VerifyStatus, _coercePrivateKey, _findBlockAtIndex, _getBlock, _readAlgorithmIdentifier, _readBitString, _readBooleanValue, _readDirectoryName, _readECCAlgorithmIdentifier, _readExtension, _readIntegerAsByteString, _readIntegerValue, _readListOfInteger, _readLongIntegerValue, _readObjectIdentifier, _readOctetString, _readSignatureValue, _readSignatureValueBin, _readStruct, _readTime, _readValue, _readVersionValue, certificateMatchesPrivateKey, coerceCertificate, coerceCertificatePem, coercePEMorDerToPrivateKey, coercePrivateKeyPem, coercePublicKeyPem, coerceRsaPublicKeyPem, combine_der, compactDirectoryName, computeDerivedKeys, computePaddingFooter, convertPEMtoDER, createCertificateSigningRequest, createSelfSignedCertificate, decryptBufferWithDerivedKeys, derToPrivateKey, encryptBufferWithDerivedKeys, exploreCertificate, exploreCertificateInfo, exploreCertificateRevocationList, exploreCertificateSigningRequest, explorePrivateKey, extractPublicKeyFromCertificate, extractPublicKeyFromCertificateSync, formatBuffer2DigitHexWithColum, generateKeyPair, generatePrivateKey, hexDump, identifyPemType, makeMessageChunkSignature, makeMessageChunkSignatureWithDerivedKeys, makePrivateKeyFromPem, makePseudoRandomBuffer, makeSHA1Thumbprint, parseBitString, pemToPrivateKey, privateDecrypt, privateDecrypt_long, privateDecrypt_native, privateKeyToPEM, publicEncrypt, publicEncrypt_long, publicEncrypt_native, publicKeyAndPrivateKeyMatches, readCertificationRequestInfo, readNameForCrl, readTag, readTbsCertificate, reduceLength, removePadding, removeTrailingLF, rsaLengthPrivateKey, rsaLengthPublicKey, rsaLengthRsaPublicKey, split_der, toPem, toPem2, verifyCertificateChain, verifyCertificateOrClrSignature, verifyCertificateRevocationListSignature, verifyCertificateSignature, verifyChunkSignature, verifyChunkSignatureWithDerivedKeys, verifyMessageChunkSignature } from './source/index.js';
+export { AlgorithmIdentifier, AttributeTypeAndValue, AuthorityKeyIdentifier, BasicConstraints, BitString, BlockInfo, CertificateExtension, CertificateInfo, CertificateInternals, CertificateRevocationListInfo, CertificateSerialNumber, CertificateSigningRequestInfo, ComputeDerivedKeysOptions, CreateSelfSignCertificateOptions, DerivedKeys, DirectoryName, ExtensionRequest, Extensions, Name, PaddingAlgorithm, PrivateKeyInternals, PublicKeyLength, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_PADDING, RevokedCertificate, SignatureValue, Subject, SubjectOptions, SubjectPublicKey, SubjectPublicKeyInfo, TBSCertList, TagType, TbsCertificate, Validity, VerifyChunkSignatureOptions, VerifyMessageChunkSignatureOptions, Version, X509ExtKeyUsage, X509KeyUsage, _VerifyStatus, _coercePrivateKey, _findBlockAtIndex, _getBlock, _readAlgorithmIdentifier, _readBitString, _readBooleanValue, _readDirectoryName, _readECCAlgorithmIdentifier, _readExtension, _readIntegerAsByteString, _readIntegerValue, _readListOfInteger, _readLongIntegerValue, _readObjectIdentifier, _readOctetString, _readSignatureValue, _readSignatureValueBin, _readStruct, _readTime, _readValue, _readVersionValue, certificateMatchesPrivateKey, coerceCertificate, coerceCertificatePem, coercePEMorDerToPrivateKey, coercePrivateKeyPem, coercePublicKeyPem, coerceRsaPublicKeyPem, combine_der, compactDirectoryName, computeDerivedKeys, computePaddingFooter, convertPEMtoDER, createCertificateSigningRequest, createSelfSignedCertificate, decryptBufferWithDerivedKeys, derToPrivateKey, encryptBufferWithDerivedKeys, exploreCertificate, exploreCertificateInfo, exploreCertificateRevocationList, exploreCertificateSigningRequest, explorePrivateKey, extractPublicKeyFromCertificate, extractPublicKeyFromCertificateSync, formatBuffer2DigitHexWithColum, generateKeyPair, generatePrivateKey, hexDump, identifyPemType, makeMessageChunkSignature, makeMessageChunkSignatureWithDerivedKeys, makePrivateKeyFromPem, makePseudoRandomBuffer, makeSHA1Thumbprint, parseBitString, pemToPrivateKey, privateDecrypt, privateDecrypt_long, privateDecrypt_native, privateKeyToPEM, publicEncrypt, publicEncrypt_long, publicEncrypt_native, publicKeyAndPrivateKeyMatches, readCertificationRequestInfo, readNameForCrl, readTag, readTbsCertificate, reduceLength, removePadding, removeTrailingLF, rsaLengthPrivateKey, rsaLengthPublicKey, rsaLengthRsaPublicKey, split_der, toPem, toPem2, verifyCertificateChain, verifyCertificateOrClrSignature, verifyCertificateRevocationListSignature, verifyCertificateSignature, verifyChunkSignature, verifyChunkSignatureWithDerivedKeys, verifyMessageChunkSignature } from './source/index_web.js';
+export { exploreAsn1 } from './source/index.js';
 export { CertificateSigningRequest, generatePrivateKeyFile, generatePrivateKeyFileAlternate, getCertificateStore, makePrivateKeyThumbPrint, readCertificate, readCertificatePEM, readCertificateRevocationList, readCertificateSigningRequest, readPrivateKey, readPrivateKeyPEM, readPrivateRsaKey, readPublicKey, readPublicKeyPEM, readPublicRsaKey, setCertificateStore } from './source_nodejs/index.js';
 import 'crypto';
 import '@peculiar/x509';

package/dist/index.js

@@ -75,6 +75,7 @@ __export(node_opcua_crypto_exports, {
   decryptBufferWithDerivedKeys: () => decryptBufferWithDerivedKeys,
   derToPrivateKey: () => derToPrivateKey,
   encryptBufferWithDerivedKeys: () => encryptBufferWithDerivedKeys,
+  exploreAsn1: () => exploreAsn1,
   exploreCertificate: () => exploreCertificate,
   exploreCertificateInfo: () => exploreCertificateInfo,
   exploreCertificateRevocationList: () => exploreCertificateRevocationList,
@@ -244,6 +245,7 @@ var oid_map = {
   "1.3.6.1.4.1.311.2.1.22": { d: "1.3.6.1.4.1.311.2.1.22", c: "SPC_COMMERCIAL_SP_KEY_PURPOSE_OBJID" },
   "1.3.6.1.4.1.311.10.3.1": { d: "1.3.6.1.4.1.311.10.3.1", c: "Signer of CTLs -- szOID_KP_CTL_USAGE_SIGNING" },
   "1.3.6.1.4.1.311.10.3.4": { d: "1.3.6.1.4.1.311.10.3.4", c: "szOID_EFS_RECOVERY (Encryption File System)" },
+  "1.3.6.1.4.1.311.20.2.3": { d: "1.3.6.1.4.1.311.20.2.3", c: "id-on-personalData" },
   "1.3.6.1.5.5.7.3.17": { d: "1.3.6.1.5.5.7.3.17", c: "Internet Key Exchange (IKE)" },
   "1.3.6.1.5.5.7.3.1": { d: "serverAuth", c: "PKIX key purpose" },
   "1.3.6.1.5.5.7.3.2": { d: "clientAuth", c: "PKIX key purpose" },
@@ -503,12 +505,15 @@ var TagType = /* @__PURE__ */ ((TagType3) => {
   TagType3[TagType3["BMPString"] = 30] = "BMPString";
   TagType3[TagType3["SEQUENCE"] = 48] = "SEQUENCE";
   TagType3[TagType3["SET"] = 49] = "SET";
-  TagType3[TagType3["A3"] = 163] = "A3";
+  TagType3[TagType3["CONTEXT_SPECIFIC0"] = 160] = "CONTEXT_SPECIFIC0";
+  TagType3[TagType3["CONTEXT_SPECIFIC1"] = 161] = "CONTEXT_SPECIFIC1";
+  TagType3[TagType3["CONTEXT_SPECIFIC2"] = 162] = "CONTEXT_SPECIFIC2";
+  TagType3[TagType3["CONTEXT_SPECIFIC3"] = 163] = "CONTEXT_SPECIFIC3";
+  TagType3[TagType3["A4"] = 164] = "A4";
   return TagType3;
 })(TagType || {});
 function readTag(buf, pos) {
-  (0, import_assert.default)(buf instanceof Buffer);
-  (0, import_assert.default)(Number.isFinite(pos) && pos >= 0);
+  const start = pos;
   if (buf.length <= pos) {
     throw new Error("Invalid position : buf.length=" + buf.length + " pos =" + pos);
   }
@@ -524,7 +529,7 @@ function readTag(buf, pos) {
       pos += 1;
     }
   }
-  return { tag, position: pos, length };
+  return { start, tag, position: pos, length };
 }
 function _readStruct(buf, blockInfo) {
   const length = blockInfo.length;
@@ -589,8 +594,8 @@ function _readIntegerAsByteString(buffer, block) {
 function _readListOfInteger(buffer) {
   const block = readTag(buffer, 0);
   const inner_blocks = _readStruct(buffer, block);
-  return inner_blocks.map((bblock) => {
-    return _readIntegerAsByteString(buffer, bblock);
+  return inner_blocks.map((innerBlock) => {
+    return _readIntegerAsByteString(buffer, innerBlock);
   });
 }
 function parseOID(buffer, start, end) {
@@ -853,7 +858,8 @@ function _readGeneralNames(buffer, block) {
     5: { name: "ediPartyName", type: "EDIPartyName" },
     6: { name: "uniformResourceIdentifier", type: "IA5String" },
     7: { name: "iPAddress", type: "OCTET_STRING" },
-    8: { name: "registeredID", type: "OBJECT_IDENTIFIER" }
+    8: { name: "registeredID", type: "OBJECT_IDENTIFIER" },
+    32: { name: "otherName", type: "AnotherName" }
   };
   const blocks = _readStruct(buffer, block);
   function _readFromType(buffer2, block2, type) {
@@ -867,13 +873,28 @@ function _readGeneralNames(buffer, block) {
   const n = {};
   for (const block2 of blocks) {
     (0, import_assert2.default)((block2.tag & 128) === 128);
-    const t = block2.tag & 127;
-    const type = _data[t];
+    const t2 = block2.tag & 127;
+    const type = _data[t2];
     if (!type) {
-      throw new Error(" INVALID TYPE => " + t + "0x" + t.toString(16));
+      console.log("_readGeneralNames: INVALID TYPE => " + t2 + " 0x" + t2.toString(16));
+      continue;
+    }
+    if (t2 == 32) {
+      n[type.name] = n[type.name] || [];
+      const blocks2 = _readStruct(buffer, block2);
+      const name = _readObjectIdentifier(buffer, blocks2[0]).name;
+      const buf = _getBlock(buffer, blocks2[1]);
+      const b = readTag(buf, 0);
+      const nn = _readValue(buf, b);
+      const data = {
+        identifier: name,
+        value: nn
+      };
+      n[type.name].push(data.value);
+    } else {
+      n[type.name] = n[type.name] || [];
+      n[type.name].push(_readFromType(buffer, block2, type.type));
     }
-    n[type.name] = n[type.name] || [];
-    n[type.name].push(_readFromType(buffer, block2, type.type));
   }
   return n;
 }
@@ -1759,19 +1780,20 @@ var x509 = __toESM(require("@peculiar/x509"));
 var import_webcrypto = require("@peculiar/webcrypto");
 var import_crypto5 = __toESM(require("crypto"));
 var x5092 = __toESM(require("@peculiar/x509"));
+var doDebug3 = false;
 var _crypto;
 var ignoreCrypto = process.env.IGNORE_SUBTLE_FROM_CRYPTO;
 if (typeof window === "undefined") {
   _crypto = import_crypto5.default;
   if (!_crypto?.subtle || ignoreCrypto) {
     _crypto = new import_webcrypto.Crypto();
-    console.warn("using @peculiar/webcrypto");
+    doDebug3 && console.warn("using @peculiar/webcrypto");
   } else {
-    console.warn("using nodejs crypto (native)");
+    doDebug3 && console.warn("using nodejs crypto (native)");
   }
   x509.cryptoProvider.set(_crypto);
 } else {
-  console.warn("using browser crypto (native)");
+  doDebug3 && console.warn("using browser crypto (native)");
   _crypto = crypto;
   x509.cryptoProvider.set(crypto);
 }
@@ -1909,8 +1931,8 @@ var Subject = class _Subject {
     return this.toStringInternal("/");
   }
   toString() {
-    const t = this.toStringForOPCUA();
-    return t ? "/" + t : t;
+    const t2 = this.toStringForOPCUA();
+    return t2 ? "/" + t2 : t2;
   }
 };
 
@@ -6181,7 +6203,7 @@ async function createSelfSignedCertificate({
 
 // source/x509/coerce_private_key.ts
 var crypto2 = getCrypto();
-var doDebug3 = false;
+var doDebug4 = false;
 function coercePEMorDerToPrivateKey(privateKeyInDerOrPem) {
   if (typeof privateKeyInDerOrPem === "string") {
     const hidden = createPrivateKeyFromNodeJSCrypto(privateKeyInDerOrPem);
@@ -6199,7 +6221,7 @@ async function _coercePrivateKey(privateKey) {
       const privateKey1 = await pemToPrivateKey(privateKey);
       return KeyObject4.from(privateKey1);
     } catch (err) {
-      doDebug3 && console.log(privateKey);
+      doDebug4 && console.log(privateKey);
       throw err;
     }
   } else if (privateKey instanceof KeyObject4) {
@@ -6208,6 +6230,33 @@ async function _coercePrivateKey(privateKey) {
   throw new Error("Invalid privateKey");
 }
 
+// source/explore_asn1.ts
+function t(tag) {
+  return TagType[tag];
+}
+function bi(blockInfo, depth) {
+  const indent = "  ".repeat(depth);
+  const hl = blockInfo.position - blockInfo.start;
+  return `${blockInfo.start.toString().padStart(5, " ")}:d=${depth} hl=${hl.toString().padEnd(3, " ")}  l=${blockInfo.length.toString().padStart(6, " ")} ${blockInfo.tag.toString(16).padEnd(2, " ")} ${indent} ${t(blockInfo.tag)}`;
+}
+function exploreAsn1(buffer) {
+  console.log(hexDump(buffer));
+  function dump(offset, depth) {
+    const blockInfo = readTag(buffer, offset);
+    dumpBlock(blockInfo, depth);
+    function dumpBlock(blockInfo2, depth2) {
+      console.log(bi(blockInfo2, depth2));
+      if (blockInfo2.tag === 48 /* SEQUENCE */ || blockInfo2.tag === 49 /* SET */ || blockInfo2.tag >= 160 /* CONTEXT_SPECIFIC0 */) {
+        const blocks = _readStruct(buffer, blockInfo2);
+        for (const block of blocks) {
+          dumpBlock(block, depth2 + 1);
+        }
+      }
+    }
+  }
+  dump(0, 0);
+}
+
 // source/make_private_key_from_pem.ts
 function makePrivateKeyFromPem(privateKeyInPem) {
   return { hidden: privateKeyInPem };
@@ -6404,6 +6453,7 @@ async function generatePrivateKeyFileAlternate(privateKeyFilename, modulusLength
   decryptBufferWithDerivedKeys,
   derToPrivateKey,
   encryptBufferWithDerivedKeys,
+  exploreAsn1,
   exploreCertificate,
   exploreCertificateInfo,
   exploreCertificateRevocationList,