vite 2.8.0-beta.1 → 2.8.0-beta.5

package/dist/node/chunks/{dep-fccf00e1.js → dep-6c133e83.js}

@@ -1,6 +1,6 @@
 'use strict';
 
-var build = require('./dep-e4dc9ea2.js');
+var build = require('./dep-aff09a4c.js');
 var require$$1 = require('crypto');
 require('fs');
 require('path');
@@ -22,7 +22,6 @@ require('assert');
 require('buffer');
 require('querystring');
 require('esbuild');
-require('json5');
 require('child_process');
 require('worker_threads');
 require('readline');
@@ -2495,261 +2494,6 @@ util$1.clearItems = function(api, id, location) {
   _callStorageFunction(_clearItems, arguments, location);
 };
 
-/**
- * Parses the scheme, host, and port from an http(s) url.
- *
- * @param str the url string.
- *
- * @return the parsed url object or null if the url is invalid.
- */
-util$1.parseUrl = function(str) {
-  // FIXME: this regex looks a bit broken
-  var regex = /^(https?):\/\/([^:&^\/]*):?(\d*)(.*)$/g;
-  regex.lastIndex = 0;
-  var m = regex.exec(str);
-  var url = (m === null) ? null : {
-    full: str,
-    scheme: m[1],
-    host: m[2],
-    port: m[3],
-    path: m[4]
-  };
-  if(url) {
-    url.fullHost = url.host;
-    if(url.port) {
-      if(url.port !== 80 && url.scheme === 'http') {
-        url.fullHost += ':' + url.port;
-      } else if(url.port !== 443 && url.scheme === 'https') {
-        url.fullHost += ':' + url.port;
-      }
-    } else if(url.scheme === 'http') {
-      url.port = 80;
-    } else if(url.scheme === 'https') {
-      url.port = 443;
-    }
-    url.full = url.scheme + '://' + url.fullHost;
-  }
-  return url;
-};
-
-/* Storage for query variables */
-var _queryVariables = null;
-
-/**
- * Returns the window location query variables. Query is parsed on the first
- * call and the same object is returned on subsequent calls. The mapping
- * is from keys to an array of values. Parameters without values will have
- * an object key set but no value added to the value array. Values are
- * unescaped.
- *
- * ...?k1=v1&k2=v2:
- * {
- *   "k1": ["v1"],
- *   "k2": ["v2"]
- * }
- *
- * ...?k1=v1&k1=v2:
- * {
- *   "k1": ["v1", "v2"]
- * }
- *
- * ...?k1=v1&k2:
- * {
- *   "k1": ["v1"],
- *   "k2": []
- * }
- *
- * ...?k1=v1&k1:
- * {
- *   "k1": ["v1"]
- * }
- *
- * ...?k1&k1:
- * {
- *   "k1": []
- * }
- *
- * @param query the query string to parse (optional, default to cached
- *          results from parsing window location search query).
- *
- * @return object mapping keys to variables.
- */
-util$1.getQueryVariables = function(query) {
-  var parse = function(q) {
-    var rval = {};
-    var kvpairs = q.split('&');
-    for(var i = 0; i < kvpairs.length; i++) {
-      var pos = kvpairs[i].indexOf('=');
-      var key;
-      var val;
-      if(pos > 0) {
-        key = kvpairs[i].substring(0, pos);
-        val = kvpairs[i].substring(pos + 1);
-      } else {
-        key = kvpairs[i];
-        val = null;
-      }
-      if(!(key in rval)) {
-        rval[key] = [];
-      }
-      // disallow overriding object prototype keys
-      if(!(key in Object.prototype) && val !== null) {
-        rval[key].push(unescape(val));
-      }
-    }
-    return rval;
-  };
-
-   var rval;
-   if(typeof(query) === 'undefined') {
-     // set cached variables if needed
-     if(_queryVariables === null) {
-       if(typeof(window) !== 'undefined' && window.location && window.location.search) {
-          // parse window search query
-          _queryVariables = parse(window.location.search.substring(1));
-       } else {
-          // no query variables available
-          _queryVariables = {};
-       }
-     }
-     rval = _queryVariables;
-   } else {
-     // parse given query
-     rval = parse(query);
-   }
-   return rval;
-};
-
-/**
- * Parses a fragment into a path and query. This method will take a URI
- * fragment and break it up as if it were the main URI. For example:
- *    /bar/baz?a=1&b=2
- * results in:
- *    {
- *       path: ["bar", "baz"],
- *       query: {"k1": ["v1"], "k2": ["v2"]}
- *    }
- *
- * @return object with a path array and query object.
- */
-util$1.parseFragment = function(fragment) {
-  // default to whole fragment
-  var fp = fragment;
-  var fq = '';
-  // split into path and query if possible at the first '?'
-  var pos = fragment.indexOf('?');
-  if(pos > 0) {
-    fp = fragment.substring(0, pos);
-    fq = fragment.substring(pos + 1);
-  }
-  // split path based on '/' and ignore first element if empty
-  var path = fp.split('/');
-  if(path.length > 0 && path[0] === '') {
-    path.shift();
-  }
-  // convert query into object
-  var query = (fq === '') ? {} : util$1.getQueryVariables(fq);
-
-  return {
-    pathString: fp,
-    queryString: fq,
-    path: path,
-    query: query
-  };
-};
-
-/**
- * Makes a request out of a URI-like request string. This is intended to
- * be used where a fragment id (after a URI '#') is parsed as a URI with
- * path and query parts. The string should have a path beginning and
- * delimited by '/' and optional query parameters following a '?'. The
- * query should be a standard URL set of key value pairs delimited by
- * '&'. For backwards compatibility the initial '/' on the path is not
- * required. The request object has the following API, (fully described
- * in the method code):
- *    {
- *       path: <the path string part>.
- *       query: <the query string part>,
- *       getPath(i): get part or all of the split path array,
- *       getQuery(k, i): get part or all of a query key array,
- *       getQueryLast(k, _default): get last element of a query key array.
- *    }
- *
- * @return object with request parameters.
- */
-util$1.makeRequest = function(reqString) {
-  var frag = util$1.parseFragment(reqString);
-  var req = {
-    // full path string
-    path: frag.pathString,
-    // full query string
-    query: frag.queryString,
-    /**
-     * Get path or element in path.
-     *
-     * @param i optional path index.
-     *
-     * @return path or part of path if i provided.
-     */
-    getPath: function(i) {
-      return (typeof(i) === 'undefined') ? frag.path : frag.path[i];
-    },
-    /**
-     * Get query, values for a key, or value for a key index.
-     *
-     * @param k optional query key.
-     * @param i optional query key index.
-     *
-     * @return query, values for a key, or value for a key index.
-     */
-    getQuery: function(k, i) {
-      var rval;
-      if(typeof(k) === 'undefined') {
-        rval = frag.query;
-      } else {
-        rval = frag.query[k];
-        if(rval && typeof(i) !== 'undefined') {
-           rval = rval[i];
-        }
-      }
-      return rval;
-    },
-    getQueryLast: function(k, _default) {
-      var rval;
-      var vals = req.getQuery(k);
-      if(vals) {
-        rval = vals[vals.length - 1];
-      } else {
-        rval = _default;
-      }
-      return rval;
-    }
-  };
-  return req;
-};
-
-/**
- * Makes a URI out of a path, an object with query parameters, and a
- * fragment. Uses jQuery.param() internally for query string creation.
- * If the path is an array, it will be joined with '/'.
- *
- * @param path string path or array of strings.
- * @param query object with query parameters. (optional)
- * @param fragment fragment string. (optional)
- *
- * @return string object with request parameters.
- */
-util$1.makeLink = function(path, query, fragment) {
-  // join path parts if needed
-  path = jQuery.isArray(path) ? path.join('/') : path;
-
-  var qstr = jQuery.param(query || {});
-  fragment = fragment || '';
-  return path +
-    ((qstr.length > 0) ? ('?' + qstr) : '') +
-    ((fragment.length > 0) ? ('#' + fragment) : '');
-};
-
 /**
  * Check if an object is empty.
  *
@@ -3187,6 +2931,8 @@ _IN('1.2.840.10040.4.3', 'dsa-with-sha1');
 _IN('1.3.14.3.2.7', 'desCBC');
 
 _IN('1.3.14.3.2.26', 'sha1');
+// Deprecated equivalent of sha1WithRSAEncryption
+_IN('1.3.14.3.2.29', 'sha1WithRSASignature');
 _IN('2.16.840.1.101.3.4.2.1', 'sha256');
 _IN('2.16.840.1.101.3.4.2.2', 'sha384');
 _IN('2.16.840.1.101.3.4.2.3', 'sha512');
@@ -3249,16 +2995,19 @@ _IN('2.16.840.1.101.3.4.1.42', 'aes256-CBC');
 
 // certificate issuer/subject OIDs
 _IN('2.5.4.3', 'commonName');
-_IN('2.5.4.5', 'serialName');
+_IN('2.5.4.4', 'surname');
+_IN('2.5.4.5', 'serialNumber');
 _IN('2.5.4.6', 'countryName');
 _IN('2.5.4.7', 'localityName');
 _IN('2.5.4.8', 'stateOrProvinceName');
 _IN('2.5.4.9', 'streetAddress');
 _IN('2.5.4.10', 'organizationName');
 _IN('2.5.4.11', 'organizationalUnitName');
+_IN('2.5.4.12', 'title');
 _IN('2.5.4.13', 'description');
 _IN('2.5.4.15', 'businessCategory');
 _IN('2.5.4.17', 'postalCode');
+_IN('2.5.4.42', 'givenName');
 _IN('1.3.6.1.4.1.311.60.2.1.2', 'jurisdictionOfIncorporationStateOrProvinceName');
 _IN('1.3.6.1.4.1.311.60.2.1.3', 'jurisdictionOfIncorporationCountryName');
 
@@ -8030,8 +7779,15 @@ pem.decode = function(str) {
       break;
     }
 
+    // accept "NEW CERTIFICATE REQUEST" as "CERTIFICATE REQUEST"
+    // https://datatracker.ietf.org/doc/html/rfc7468#section-7
+    var type = match[1];
+    if(type === 'NEW CERTIFICATE REQUEST') {
+      type = 'CERTIFICATE REQUEST';
+    }
+
     var msg = {
-      type: match[1],
+      type: type,
       procType: null,
       contentDomain: null,
       dekInfo: null,
@@ -8802,7 +8558,7 @@ prng.create = function(plugin) {
           // throw in more pseudo random
           next = seed >>> (i << 3);
           next ^= Math.floor(Math.random() * 0x0100);
-          b.putByte(String.fromCharCode(next & 0xFF));
+          b.putByte(next & 0xFF);
         }
       }
     }
@@ -14886,7 +14642,8 @@ p7v.recipientInfoValidator = {
       name: 'RecipientInfo.keyEncryptionAlgorithm.parameter',
       tagClass: asn1$3.Class.UNIVERSAL,
       constructed: false,
-      captureAsn1: 'encParameter'
+      captureAsn1: 'encParameter',
+      optional: true
     }]
   }, {
     name: 'RecipientInfo.encryptedKey',
@@ -15905,6 +15662,101 @@ var _readSignatureParameters = function(oid, obj, fillDefaults) {
   return params;
 };
 
+/**
+ * Create signature digest for OID.
+ *
+ * @param options
+ *   signatureOid: the OID specifying the signature algorithm.
+ *   type: a human readable type for error messages
+ * @return a created md instance. throws if unknown oid.
+ */
+var _createSignatureDigest = function(options) {
+  switch(oids[options.signatureOid]) {
+    case 'sha1WithRSAEncryption':
+    // deprecated alias
+    case 'sha1WithRSASignature':
+      return forge$2.md.sha1.create();
+    case 'md5WithRSAEncryption':
+      return forge$2.md.md5.create();
+    case 'sha256WithRSAEncryption':
+      return forge$2.md.sha256.create();
+    case 'sha384WithRSAEncryption':
+      return forge$2.md.sha384.create();
+    case 'sha512WithRSAEncryption':
+      return forge$2.md.sha512.create();
+    case 'RSASSA-PSS':
+      return forge$2.md.sha256.create();
+    default:
+      var error = new Error(
+        'Could not compute ' + options.type + ' digest. ' +
+        'Unknown signature OID.');
+      error.signatureOid = options.signatureOid;
+      throw error;
+  }
+};
+
+/**
+ * Verify signature on certificate or CSR.
+ *
+ * @param options:
+ *   certificate the certificate or CSR to verify.
+ *   md the signature digest.
+ *   signature the signature
+ * @return a created md instance. throws if unknown oid.
+ */
+var _verifySignature = function(options) {
+  var cert = options.certificate;
+  var scheme;
+
+  switch(cert.signatureOid) {
+    case oids.sha1WithRSAEncryption:
+    // deprecated alias
+    case oids.sha1WithRSASignature:
+      /* use PKCS#1 v1.5 padding scheme */
+      break;
+    case oids['RSASSA-PSS']:
+      var hash, mgf;
+
+      /* initialize mgf */
+      hash = oids[cert.signatureParameters.mgf.hash.algorithmOid];
+      if(hash === undefined || forge$2.md[hash] === undefined) {
+        var error = new Error('Unsupported MGF hash function.');
+        error.oid = cert.signatureParameters.mgf.hash.algorithmOid;
+        error.name = hash;
+        throw error;
+      }
+
+      mgf = oids[cert.signatureParameters.mgf.algorithmOid];
+      if(mgf === undefined || forge$2.mgf[mgf] === undefined) {
+        var error = new Error('Unsupported MGF function.');
+        error.oid = cert.signatureParameters.mgf.algorithmOid;
+        error.name = mgf;
+        throw error;
+      }
+
+      mgf = forge$2.mgf[mgf].create(forge$2.md[hash].create());
+
+      /* initialize hash function */
+      hash = oids[cert.signatureParameters.hash.algorithmOid];
+      if(hash === undefined || forge$2.md[hash] === undefined) {
+        var error = new Error('Unsupported RSASSA-PSS hash function.');
+        error.oid = cert.signatureParameters.hash.algorithmOid;
+        error.name = hash;
+        throw error;
+      }
+
+      scheme = forge$2.pss.create(
+        forge$2.md[hash].create(), mgf, cert.signatureParameters.saltLength
+      );
+      break;
+  }
+
+  // verify signature on cert using public key
+  return cert.publicKey.verify(
+    options.md.digest().getBytes(), options.signature, scheme
+  );
+};
+
 /**
  * Converts an X.509 certificate from PEM format.
  *
@@ -16285,43 +16137,18 @@ pki$2.createCertificate = function() {
         'The parent certificate did not issue the given child ' +
         'certificate; the child certificate\'s issuer does not match the ' +
         'parent\'s subject.');
-      error.expectedIssuer = issuer.attributes;
-      error.actualIssuer = subject.attributes;
+      error.expectedIssuer = subject.attributes;
+      error.actualIssuer = issuer.attributes;
       throw error;
     }
 
     var md = child.md;
     if(md === null) {
-      // check signature OID for supported signature types
-      if(child.signatureOid in oids) {
-        var oid = oids[child.signatureOid];
-        switch(oid) {
-          case 'sha1WithRSAEncryption':
-            md = forge$2.md.sha1.create();
-            break;
-          case 'md5WithRSAEncryption':
-            md = forge$2.md.md5.create();
-            break;
-          case 'sha256WithRSAEncryption':
-            md = forge$2.md.sha256.create();
-            break;
-          case 'sha384WithRSAEncryption':
-            md = forge$2.md.sha384.create();
-            break;
-          case 'sha512WithRSAEncryption':
-            md = forge$2.md.sha512.create();
-            break;
-          case 'RSASSA-PSS':
-            md = forge$2.md.sha256.create();
-            break;
-        }
-      }
-      if(md === null) {
-        var error = new Error('Could not compute certificate digest. ' +
-          'Unknown signature OID.');
-        error.signatureOid = child.signatureOid;
-        throw error;
-      }
+      // create digest for OID signature types
+      md = _createSignatureDigest({
+        signatureOid: child.signatureOid,
+        type: 'certificate'
+      });
 
       // produce DER formatted TBSCertificate and digest it
       var tbsCertificate = child.tbsCertificate || pki$2.getTBSCertificate(child);
@@ -16330,52 +16157,9 @@ pki$2.createCertificate = function() {
     }
 
     if(md !== null) {
-      var scheme;
-
-      switch(child.signatureOid) {
-        case oids.sha1WithRSAEncryption:
-          scheme = undefined; /* use PKCS#1 v1.5 padding scheme */
-          break;
-        case oids['RSASSA-PSS']:
-          var hash, mgf;
-
-          /* initialize mgf */
-          hash = oids[child.signatureParameters.mgf.hash.algorithmOid];
-          if(hash === undefined || forge$2.md[hash] === undefined) {
-            var error = new Error('Unsupported MGF hash function.');
-            error.oid = child.signatureParameters.mgf.hash.algorithmOid;
-            error.name = hash;
-            throw error;
-          }
-
-          mgf = oids[child.signatureParameters.mgf.algorithmOid];
-          if(mgf === undefined || forge$2.mgf[mgf] === undefined) {
-            var error = new Error('Unsupported MGF function.');
-            error.oid = child.signatureParameters.mgf.algorithmOid;
-            error.name = mgf;
-            throw error;
-          }
-
-          mgf = forge$2.mgf[mgf].create(forge$2.md[hash].create());
-
-          /* initialize hash function */
-          hash = oids[child.signatureParameters.hash.algorithmOid];
-          if(hash === undefined || forge$2.md[hash] === undefined) {
-            throw {
-              message: 'Unsupported RSASSA-PSS hash function.',
-              oid: child.signatureParameters.hash.algorithmOid,
-              name: hash
-            };
-          }
-
-          scheme = forge$2.pss.create(forge$2.md[hash].create(), mgf,
-            child.signatureParameters.saltLength);
-          break;
-      }
-
-      // verify signature on cert using public key
-      rval = cert.publicKey.verify(
-        md.digest().getBytes(), child.signature, scheme);
+      rval = _verifySignature({
+        certificate: cert, md: md, signature: child.signature
+      });
     }
 
     return rval;
@@ -16549,37 +16333,11 @@ pki$2.certificateFromAsn1 = function(obj, computeHash) {
   cert.tbsCertificate = capture.tbsCertificate;
 
   if(computeHash) {
-    // check signature OID for supported signature types
-    cert.md = null;
-    if(cert.signatureOid in oids) {
-      var oid = oids[cert.signatureOid];
-      switch(oid) {
-        case 'sha1WithRSAEncryption':
-          cert.md = forge$2.md.sha1.create();
-          break;
-        case 'md5WithRSAEncryption':
-          cert.md = forge$2.md.md5.create();
-          break;
-        case 'sha256WithRSAEncryption':
-          cert.md = forge$2.md.sha256.create();
-          break;
-        case 'sha384WithRSAEncryption':
-          cert.md = forge$2.md.sha384.create();
-          break;
-        case 'sha512WithRSAEncryption':
-          cert.md = forge$2.md.sha512.create();
-          break;
-        case 'RSASSA-PSS':
-          cert.md = forge$2.md.sha256.create();
-          break;
-      }
-    }
-    if(cert.md === null) {
-      var error = new Error('Could not compute certificate digest. ' +
-        'Unknown signature OID.');
-      error.signatureOid = cert.signatureOid;
-      throw error;
-    }
+    // create digest for OID signature type
+    cert.md = _createSignatureDigest({
+      signatureOid: cert.signatureOid,
+      type: 'certificate'
+    });
 
     // produce DER formatted TBSCertificate and digest it
     var bytes = asn1$2.toDer(cert.tbsCertificate);
@@ -16588,6 +16346,8 @@ pki$2.certificateFromAsn1 = function(obj, computeHash) {
 
   // handle issuer, build issuer message digest
   var imd = forge$2.md.sha1.create();
+  var ibytes = asn1$2.toDer(capture.certIssuer);
+  imd.update(ibytes.getBytes());
   cert.issuer.getField = function(sn) {
     return _getAttribute(cert.issuer, sn);
   };
@@ -16595,7 +16355,7 @@ pki$2.certificateFromAsn1 = function(obj, computeHash) {
     _fillMissingFields([attr]);
     cert.issuer.attributes.push(attr);
   };
-  cert.issuer.attributes = pki$2.RDNAttributesAsArray(capture.certIssuer, imd);
+  cert.issuer.attributes = pki$2.RDNAttributesAsArray(capture.certIssuer);
   if(capture.certIssuerUniqueId) {
     cert.issuer.uniqueId = capture.certIssuerUniqueId;
   }
@@ -16603,6 +16363,8 @@ pki$2.certificateFromAsn1 = function(obj, computeHash) {
 
   // handle subject, build subject message digest
   var smd = forge$2.md.sha1.create();
+  var sbytes = asn1$2.toDer(capture.certSubject);
+  smd.update(sbytes.getBytes());
   cert.subject.getField = function(sn) {
     return _getAttribute(cert.subject, sn);
   };
@@ -16610,7 +16372,7 @@ pki$2.certificateFromAsn1 = function(obj, computeHash) {
     _fillMissingFields([attr]);
     cert.subject.attributes.push(attr);
   };
-  cert.subject.attributes = pki$2.RDNAttributesAsArray(capture.certSubject, smd);
+  cert.subject.attributes = pki$2.RDNAttributesAsArray(capture.certSubject);
   if(capture.certSubjectUniqueId) {
     cert.subject.uniqueId = capture.certSubjectUniqueId;
   }
@@ -16892,37 +16654,11 @@ pki$2.certificationRequestFromAsn1 = function(obj, computeHash) {
   csr.certificationRequestInfo = capture.certificationRequestInfo;
 
   if(computeHash) {
-    // check signature OID for supported signature types
-    csr.md = null;
-    if(csr.signatureOid in oids) {
-      var oid = oids[csr.signatureOid];
-      switch(oid) {
-        case 'sha1WithRSAEncryption':
-          csr.md = forge$2.md.sha1.create();
-          break;
-        case 'md5WithRSAEncryption':
-          csr.md = forge$2.md.md5.create();
-          break;
-        case 'sha256WithRSAEncryption':
-          csr.md = forge$2.md.sha256.create();
-          break;
-        case 'sha384WithRSAEncryption':
-          csr.md = forge$2.md.sha384.create();
-          break;
-        case 'sha512WithRSAEncryption':
-          csr.md = forge$2.md.sha512.create();
-          break;
-        case 'RSASSA-PSS':
-          csr.md = forge$2.md.sha256.create();
-          break;
-      }
-    }
-    if(csr.md === null) {
-      var error = new Error('Could not compute certification request digest. ' +
-        'Unknown signature OID.');
-      error.signatureOid = csr.signatureOid;
-      throw error;
-    }
+    // create digest for OID signature type
+    csr.md = _createSignatureDigest({
+      signatureOid: csr.signatureOid,
+      type: 'certification request'
+    });
 
     // produce DER formatted CertificationRequestInfo and digest it
     var bytes = asn1$2.toDer(csr.certificationRequestInfo);
@@ -17062,38 +16798,10 @@ pki$2.createCertificationRequest = function() {
 
     var md = csr.md;
     if(md === null) {
-      // check signature OID for supported signature types
-      if(csr.signatureOid in oids) {
-        // TODO: create DRY `OID to md` function
-        var oid = oids[csr.signatureOid];
-        switch(oid) {
-          case 'sha1WithRSAEncryption':
-            md = forge$2.md.sha1.create();
-            break;
-          case 'md5WithRSAEncryption':
-            md = forge$2.md.md5.create();
-            break;
-          case 'sha256WithRSAEncryption':
-            md = forge$2.md.sha256.create();
-            break;
-          case 'sha384WithRSAEncryption':
-            md = forge$2.md.sha384.create();
-            break;
-          case 'sha512WithRSAEncryption':
-            md = forge$2.md.sha512.create();
-            break;
-          case 'RSASSA-PSS':
-            md = forge$2.md.sha256.create();
-            break;
-        }
-      }
-      if(md === null) {
-        var error = new Error(
-          'Could not compute certification request digest. ' +
-          'Unknown signature OID.');
-        error.signatureOid = csr.signatureOid;
-        throw error;
-      }
+      md = _createSignatureDigest({
+        signatureOid: csr.signatureOid,
+        type: 'certification request'
+      });
 
       // produce DER formatted CertificationRequestInfo and digest it
       var cri = csr.certificationRequestInfo ||
@@ -17103,51 +16811,9 @@ pki$2.createCertificationRequest = function() {
     }
 
     if(md !== null) {
-      var scheme;
-
-      switch(csr.signatureOid) {
-        case oids.sha1WithRSAEncryption:
-          /* use PKCS#1 v1.5 padding scheme */
-          break;
-        case oids['RSASSA-PSS']:
-          var hash, mgf;
-
-          /* initialize mgf */
-          hash = oids[csr.signatureParameters.mgf.hash.algorithmOid];
-          if(hash === undefined || forge$2.md[hash] === undefined) {
-            var error = new Error('Unsupported MGF hash function.');
-            error.oid = csr.signatureParameters.mgf.hash.algorithmOid;
-            error.name = hash;
-            throw error;
-          }
-
-          mgf = oids[csr.signatureParameters.mgf.algorithmOid];
-          if(mgf === undefined || forge$2.mgf[mgf] === undefined) {
-            var error = new Error('Unsupported MGF function.');
-            error.oid = csr.signatureParameters.mgf.algorithmOid;
-            error.name = mgf;
-            throw error;
-          }
-
-          mgf = forge$2.mgf[mgf].create(forge$2.md[hash].create());
-
-          /* initialize hash function */
-          hash = oids[csr.signatureParameters.hash.algorithmOid];
-          if(hash === undefined || forge$2.md[hash] === undefined) {
-            var error = new Error('Unsupported RSASSA-PSS hash function.');
-            error.oid = csr.signatureParameters.hash.algorithmOid;
-            error.name = hash;
-            throw error;
-          }
-
-          scheme = forge$2.pss.create(forge$2.md[hash].create(), mgf,
-            csr.signatureParameters.saltLength);
-          break;
-      }
-
-      // verify signature on csr using its public key
-      rval = csr.publicKey.verify(
-        md.digest().getBytes(), csr.signature, scheme);
+      rval = _verifySignature({
+        certificate: csr, md: md, signature: csr.signature
+      });
     }
 
     return rval;
@@ -19695,7 +19361,7 @@ pki.privateKeyInfoToPem = function(pki, maxline) {
   return forge.pem.encode(msg, {maxline: maxline});
 };
 
-// simplified fork of
+// Simplified fork of selfsigned with inlined options and partial
 // a hexString is considered negative if it's most significant bit is 1
 // because serial numbers use ones' complement notation
 // this RFC in section 4.1.2.2 requires serial numbers to be positive
@@ -19811,4 +19477,3 @@ function createCertificate() {
 }
 
 exports.createCertificate = createCertificate;
-//# sourceMappingURL=dep-fccf00e1.js.map