summaryrefslogtreecommitdiffstats
path: root/toolkit/components/certviewer/content
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /toolkit/components/certviewer/content
parentInitial commit. (diff)
downloadfirefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz
firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'toolkit/components/certviewer/content')
-rw-r--r--toolkit/components/certviewer/content/certDecoder.mjs1267
-rw-r--r--toolkit/components/certviewer/content/certviewer.css8
-rw-r--r--toolkit/components/certviewer/content/certviewer.html113
-rw-r--r--toolkit/components/certviewer/content/certviewer.mjs475
-rw-r--r--toolkit/components/certviewer/content/components/about-certificate-items.mjs33
-rw-r--r--toolkit/components/certviewer/content/components/about-certificate-section.css7
-rw-r--r--toolkit/components/certviewer/content/components/about-certificate-section.mjs114
-rw-r--r--toolkit/components/certviewer/content/components/certificate-section.css72
-rw-r--r--toolkit/components/certviewer/content/components/certificate-section.mjs91
-rw-r--r--toolkit/components/certviewer/content/components/certificate-tabs-section.mjs123
-rw-r--r--toolkit/components/certviewer/content/components/error-section.css27
-rw-r--r--toolkit/components/certviewer/content/components/error-section.mjs31
-rw-r--r--toolkit/components/certviewer/content/components/info-group-container.mjs65
-rw-r--r--toolkit/components/certviewer/content/components/info-group.css38
-rw-r--r--toolkit/components/certviewer/content/components/info-group.mjs91
-rw-r--r--toolkit/components/certviewer/content/components/info-item.css69
-rw-r--r--toolkit/components/certviewer/content/components/info-item.mjs173
-rw-r--r--toolkit/components/certviewer/content/components/list-item.css46
-rw-r--r--toolkit/components/certviewer/content/components/list-item.mjs58
-rw-r--r--toolkit/components/certviewer/content/components/utils.mjs26
-rw-r--r--toolkit/components/certviewer/content/vendor/pkijs.js24083
21 files changed, 27010 insertions, 0 deletions
diff --git a/toolkit/components/certviewer/content/certDecoder.mjs b/toolkit/components/certviewer/content/certDecoder.mjs
new file mode 100644
index 0000000000..3929f5ff2d
--- /dev/null
+++ b/toolkit/components/certviewer/content/certDecoder.mjs
@@ -0,0 +1,1267 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import {
+ Certificate,
+ ECNamedCurves,
+ ECPublicKey,
+ RSAPublicKey,
+} from "./vendor/pkijs.js";
+
+const getTimeZone = () => {
+ let timeZone = new Date().toString().match(/\(([A-Za-z\s].*)\)/);
+ if (timeZone === null) {
+ // America/Chicago
+ timeZone = Intl.DateTimeFormat().resolvedOptions().timeZone;
+ } else if (timeZone.length > 1) {
+ timeZone = timeZone[1]; // Central Daylight Time
+ } else {
+ timeZone = "Local Time"; // not sure if this is right, but let's go with it for now
+ }
+ return timeZone;
+};
+
+const getPublicKeyInfo = x509 => {
+ let publicKey = x509.subjectPublicKeyInfo.parsedKey;
+ if (publicKey instanceof RSAPublicKey) {
+ let modulusJSON = publicKey.modulus.toJSON();
+ let modulusHex = modulusJSON.valueBlock.valueHex;
+ return {
+ e: publicKey.publicExponent.toJSON().valueBlock.valueDec,
+ kty: "RSA",
+ n: hashify(modulusHex),
+ keysize: modulusHex.length * 4, // key size in bits
+ };
+ }
+ if (publicKey instanceof ECPublicKey) {
+ let x = hashify(publicKey.x);
+ let y = hashify(publicKey.y);
+ let curve = ECNamedCurves.find(publicKey.namedCurve);
+ let keysize = curve ? curve.size * 8 : undefined;
+ return {
+ kty: "Elliptic Curve",
+ keysize,
+ x, // x coordinate
+ y, // y coordinate
+ xy: `04:${x}:${y}`, // 04 (uncompressed) public key
+ };
+ }
+ return { kty: "Unknown" };
+};
+
+const getX509Ext = (extensions, v) => {
+ for (var extension in extensions) {
+ if (extensions[extension].extnID === v) {
+ return extensions[extension].toJSON().parsedValue;
+ }
+ }
+ return undefined;
+};
+
+const getKeyUsages = (x509, criticalExtensions) => {
+ let keyUsages = {
+ critical: criticalExtensions.includes("2.5.29.15"),
+ purposes: [],
+ };
+
+ let keyUsagesBS = getX509Ext(x509.extensions, "2.5.29.15");
+ if (keyUsagesBS !== undefined) {
+ // parse the bit string, shifting as necessary
+ let unusedBits = keyUsagesBS.valueBlock.unusedBits;
+ keyUsagesBS = parseInt(keyUsagesBS.valueBlock.valueHex, 16) >> unusedBits;
+
+ // iterate through the bit string
+ strings.keyUsages.slice(unusedBits - 1).forEach(usage => {
+ if (keyUsagesBS & 1) {
+ keyUsages.purposes.push(usage);
+ }
+
+ keyUsagesBS = keyUsagesBS >> 1;
+ });
+
+ // reverse the order for legibility
+ keyUsages.purposes.reverse();
+ }
+
+ return keyUsages;
+};
+
+const parseSubsidiary = distinguishedNames => {
+ const subsidiary = {
+ cn: "",
+ dn: [],
+ entries: [],
+ };
+
+ distinguishedNames.forEach(dn => {
+ const distinguishedName = strings.names[dn.type];
+ const value = dn.value.valueBlock.value;
+
+ if (distinguishedName === undefined) {
+ subsidiary.dn.push(`OID.${dn.type}=${value}`);
+ subsidiary.entries.push([`OID.${dn.type}`, value]);
+ } else if (distinguishedName.short === undefined) {
+ subsidiary.dn.push(`OID.${dn.type}=${value}`);
+ subsidiary.entries.push([distinguishedName.long, value]);
+ } else {
+ subsidiary.dn.push(`${distinguishedName.short}=${value}`);
+ subsidiary.entries.push([distinguishedName.long, value]);
+
+ // add the common name for tab display
+ if (distinguishedName.short === "cn") {
+ subsidiary.cn = value;
+ }
+ }
+ });
+
+ // turn path into a string
+ subsidiary.dn = subsidiary.dn.join(", ");
+
+ return subsidiary;
+};
+
+const getSubjectAltNames = (x509, criticalExtensions) => {
+ let san = getX509Ext(x509.extensions, "2.5.29.17");
+ if (san && san.hasOwnProperty("altNames")) {
+ san = Object.keys(san.altNames).map(index => {
+ const type = san.altNames[index].type;
+
+ switch (type) {
+ case 4: // directory
+ return [
+ strings.san[type],
+ parseSubsidiary(san.altNames[index].value.typesAndValues).dn,
+ ];
+ case 7: // ip address
+ let address = san.altNames[index].value.valueBlock.valueHex;
+
+ if (address.length === 8) {
+ // ipv4
+ return [
+ strings.san[type],
+ address
+ .match(/.{1,2}/g)
+ .map(x => parseInt(x, 16))
+ .join("."),
+ ];
+ } else if (address.length === 32) {
+ // ipv6
+ return [
+ strings.san[type],
+ address
+ .toLowerCase()
+ .match(/.{1,4}/g)
+ .join(":")
+ .replace(/\b:?(?:0+:?){2,}/, "::"),
+ ];
+ }
+ return [strings.san[type], "Unknown IP address"];
+
+ default:
+ return [strings.san[type], san.altNames[index].value];
+ }
+ });
+ } else {
+ san = [];
+ }
+ san = {
+ altNames: san,
+ critical: criticalExtensions.includes("2.5.29.17"),
+ };
+ return san;
+};
+
+const getBasicConstraints = (x509, criticalExtensions) => {
+ let basicConstraints;
+ const basicConstraintsExt = getX509Ext(x509.extensions, "2.5.29.19");
+ if (basicConstraintsExt) {
+ basicConstraints = {
+ cA: basicConstraintsExt.cA !== undefined && basicConstraintsExt.cA,
+ critical: criticalExtensions.includes("2.5.29.19"),
+ };
+ }
+ return basicConstraints;
+};
+
+const getEKeyUsages = (x509, criticalExtensions) => {
+ let eKeyUsages = getX509Ext(x509.extensions, "2.5.29.37");
+ if (eKeyUsages) {
+ eKeyUsages = {
+ critical: criticalExtensions.includes("2.5.29.37"),
+ purposes: eKeyUsages.keyPurposes.map(x => strings.eKU[x] || x),
+ };
+ }
+ return eKeyUsages;
+};
+
+const getSubjectKeyID = (x509, criticalExtensions) => {
+ let sKID = getX509Ext(x509.extensions, "2.5.29.14");
+ if (sKID) {
+ sKID = {
+ critical: criticalExtensions.includes("2.5.29.14"),
+ id: hashify(sKID.valueBlock.valueHex),
+ };
+ }
+ return sKID;
+};
+
+const getAuthorityKeyID = (x509, criticalExtensions) => {
+ let aKID = getX509Ext(x509.extensions, "2.5.29.35");
+ if (!aKID || !aKID.keyIdentifier) {
+ return null;
+ }
+ aKID = {
+ critical: criticalExtensions.includes("2.5.29.35"),
+ id: hashify(aKID.keyIdentifier.valueBlock.valueHex),
+ };
+ return aKID;
+};
+
+const getCRLPoints = (x509, criticalExtensions) => {
+ let crlPoints = getX509Ext(x509.extensions, "2.5.29.31");
+ if (crlPoints) {
+ crlPoints = {
+ critical: criticalExtensions.includes("2.5.29.31"),
+ points: crlPoints.distributionPoints.map(
+ x => x.distributionPoint[0].value
+ ),
+ };
+ }
+ return crlPoints;
+};
+
+const getOcspStaple = (x509, criticalExtensions) => {
+ let ocspStaple = getX509Ext(x509.extensions, "1.3.6.1.5.5.7.1.24");
+ if (ocspStaple && ocspStaple.valueBeforeDecode === "3003020105") {
+ ocspStaple = {
+ critical: criticalExtensions.includes("1.3.6.1.5.5.7.1.24"),
+ required: true,
+ };
+ } else {
+ ocspStaple = {
+ critical: criticalExtensions.includes("1.3.6.1.5.5.7.1.24"),
+ required: false,
+ };
+ }
+ return ocspStaple;
+};
+
+const getAuthorityInfoAccess = (x509, criticalExtensions) => {
+ let aia = getX509Ext(x509.extensions, "1.3.6.1.5.5.7.1.1");
+ if (aia) {
+ aia = aia.accessDescriptions.map(x => {
+ return {
+ location: x.accessLocation.value,
+ method: strings.aia[x.accessMethod],
+ };
+ });
+ }
+
+ aia = {
+ descriptions: aia,
+ critical: criticalExtensions.includes("1.3.6.1.5.5.7.1.1"),
+ };
+ return aia;
+};
+
+const getSCTs = (x509, criticalExtensions) => {
+ let scts = getX509Ext(x509.extensions, "1.3.6.1.4.1.11129.2.4.2");
+ if (scts) {
+ scts = Object.keys(scts.timestamps).map(x => {
+ let logId = scts.timestamps[x].logID.toLowerCase();
+ let sctsTimestamp = scts.timestamps[x].timestamp;
+ return {
+ logId: hashify(logId),
+ name: ctLogNames.hasOwnProperty(logId) ? ctLogNames[logId] : undefined,
+ signatureAlgorithm: `${scts.timestamps[x].hashAlgorithm.replace(
+ "sha",
+ "SHA-"
+ )} ${scts.timestamps[x].signatureAlgorithm.toUpperCase()}`,
+ timestamp: `${sctsTimestamp.toLocaleString()} (${getTimeZone()})`,
+ timestampUTC: sctsTimestamp.toUTCString(),
+ version: scts.timestamps[x].version + 1,
+ };
+ });
+ } else {
+ scts = [];
+ }
+
+ scts = {
+ critical: criticalExtensions.includes("1.3.6.1.4.1.11129.2.4.2"),
+ timestamps: scts,
+ };
+ return scts;
+};
+
+const getCertificatePolicies = (x509, criticalExtensions) => {
+ let cp = getX509Ext(x509.extensions, "2.5.29.32");
+ if (cp && cp.hasOwnProperty("certificatePolicies")) {
+ cp = cp.certificatePolicies.map(x => {
+ let id = x.policyIdentifier;
+ let certName = strings.cps.hasOwnProperty(id)
+ ? strings.cps[id].name
+ : undefined;
+ let qualifiers = undefined;
+ let value = strings.cps.hasOwnProperty(id)
+ ? strings.cps[id].value
+ : undefined;
+
+ // ansi organization identifiers
+ if (id.startsWith("2.16.840.")) {
+ value = id;
+ id = "2.16.840";
+ certName = strings.cps["2.16.840"].name;
+ }
+
+ // statement identifiers
+ if (id.startsWith("1.3.6.1.4.1")) {
+ value = id;
+ id = "1.3.6.1.4.1";
+ certName = strings.cps["1.3.6.1.4.1"].name;
+ }
+
+ if (x.hasOwnProperty("policyQualifiers")) {
+ qualifiers = x.policyQualifiers.map(qualifier => {
+ let qualifierId = qualifier.policyQualifierId;
+ let qualifierName = strings.cps.hasOwnProperty(qualifierId)
+ ? strings.cps[qualifierId].name
+ : undefined;
+ let qualifierValue = qualifier.qualifier.valueBlock.value;
+
+ // sometimes they are multiple qualifier subblocks, and for now we'll
+ // only return the first one because it's getting really messy at this point
+ if (Array.isArray(qualifierValue) && qualifierValue.length === 1) {
+ qualifierValue = qualifierValue[0].valueBlock.value;
+ } else if (
+ Array.isArray(qualifierValue) &&
+ qualifierValue.length > 1
+ ) {
+ qualifierValue = "(currently unsupported)";
+ }
+
+ return {
+ qualifierId,
+ qualifierName,
+ qualifierValue,
+ };
+ });
+ }
+
+ return {
+ id,
+ name: certName,
+ qualifiers,
+ value,
+ };
+ });
+ }
+
+ cp = {
+ critical: criticalExtensions.includes("2.5.29.32"),
+ policies: cp,
+ };
+ return cp;
+};
+
+const getMicrosoftCryptographicExtensions = (x509, criticalExtensions) => {
+ // now let's parse the Microsoft cryptographic extensions
+ let msCrypto = {
+ caVersion: getX509Ext(x509.extensions, "1.3.6.1.4.1.311.21.1"),
+ certificatePolicies: getX509Ext(x509.extensions, "1.3.6.1.4.1.311.21.10"),
+ certificateTemplate: getX509Ext(x509.extensions, "1.3.6.1.4.1.311.21.7"),
+ certificateType: getX509Ext(x509.extensions, "1.3.6.1.4.1.311.20.2"),
+ previousHash: getX509Ext(x509.extensions, "1.3.6.1.4.1.311.21.2"),
+ };
+
+ if (
+ msCrypto.caVersion &&
+ Number.isInteger(msCrypto.caVersion.keyIndex) &&
+ Number.isInteger(msCrypto.caVersion.certificateIndex)
+ ) {
+ msCrypto.caVersion = {
+ critical: criticalExtensions.includes("1.3.6.1.4.1.311.21.1"),
+ caRenewals: msCrypto.caVersion.certificateIndex,
+ keyReuses:
+ msCrypto.caVersion.certificateIndex - msCrypto.caVersion.keyIndex,
+ };
+ }
+
+ if (msCrypto.certificatePolicies) {
+ msCrypto.certificatePolicies = {
+ critical: criticalExtensions.includes("1.3.6.1.4.1.311.21.10"),
+ purposes: msCrypto.certificatePolicies.certificatePolicies.map(
+ x => strings.eKU[x.policyIdentifier] || x.policyIdentifier
+ ),
+ };
+ }
+
+ if (msCrypto.certificateTemplate) {
+ msCrypto.certificateTemplate = {
+ critical: criticalExtensions.includes("1.3.6.1.4.1.311.21.7"),
+ id: msCrypto.certificateTemplate.extnID,
+ major: msCrypto.certificateTemplate.templateMajorVersion,
+ minor: msCrypto.certificateTemplate.templateMinorVersion,
+ };
+ }
+
+ if (msCrypto.certificateType) {
+ msCrypto.certificateType = {
+ critical: criticalExtensions.includes("1.3.6.1.4.1.311.20.2"),
+ type:
+ strings.microsoftCertificateTypes[
+ msCrypto.certificateType.valueBlock.value
+ ] || "Unknown",
+ };
+ }
+
+ if (msCrypto.previousHash) {
+ msCrypto.previousHash = {
+ critical: criticalExtensions.includes("1.3.6.1.4.1.311.21.2"),
+ previousHash: hashify(msCrypto.previousHash.valueBlock.valueHex),
+ };
+ }
+
+ msCrypto.exists = !!(
+ msCrypto.caVersion ||
+ msCrypto.certificatePolicies ||
+ msCrypto.certificateTemplate ||
+ msCrypto.certificateType ||
+ msCrypto.previousHash
+ );
+
+ return msCrypto;
+};
+
+const b64ToPEM = string => {
+ let wrapped = string.match(/.{1,64}/g).join("\r\n");
+ return `-----BEGIN CERTIFICATE-----\r\n${wrapped}\r\n-----END CERTIFICATE-----\r\n`;
+};
+
+export const parse = async certificate => {
+ // certificate could be an array of BER or an array of buffers
+ const supportedExtensions = [
+ "1.3.6.1.4.1.311.20.2", // microsoft certificate type
+ "1.3.6.1.4.1.311.21.2", // microsoft certificate previous hash
+ "1.3.6.1.4.1.311.21.7", // microsoft certificate template
+ "1.3.6.1.4.1.311.21.1", // microsoft certification authority renewal
+ "1.3.6.1.4.1.311.21.10", // microsoft certificate policies
+ "1.3.6.1.4.1.11129.2.4.2", // embedded scts
+ "1.3.6.1.5.5.7.1.1", // authority info access
+ "1.3.6.1.5.5.7.1.24", // ocsp stapling
+ "1.3.101.77", // ct redaction - deprecated and not displayed
+ "2.5.29.14", // subject key identifier
+ "2.5.29.15", // key usages
+ "2.5.29.17", // subject alt names
+ "2.5.29.19", // basic constraints
+ "2.5.29.31", // crl points
+ "2.5.29.32", // certificate policies
+ "2.5.29.35", // authority key identifier
+ "2.5.29.37", // extended key usage
+ ];
+
+ let timeZone = getTimeZone();
+
+ // parse the certificate
+ let x509 = Certificate.fromBER(certificate);
+
+ // convert the cert to PEM
+ const certPEM = b64ToPEM(
+ btoa(String.fromCharCode.apply(null, new Uint8Array(certificate)))
+ );
+
+ // get which extensions are critical
+ const criticalExtensions = [];
+ if (x509.extensions) {
+ x509.extensions.forEach(ext => {
+ if (ext.hasOwnProperty("critical") && ext.critical === true) {
+ criticalExtensions.push(ext.extnID);
+ }
+ });
+ }
+ const spki = getPublicKeyInfo(x509);
+ const keyUsages = getKeyUsages(x509, criticalExtensions);
+ const san = getSubjectAltNames(x509, criticalExtensions);
+ const basicConstraints = getBasicConstraints(x509, criticalExtensions);
+ const eKeyUsages = getEKeyUsages(x509, criticalExtensions);
+ const sKID = getSubjectKeyID(x509, criticalExtensions);
+ const aKID = getAuthorityKeyID(x509, criticalExtensions);
+ const crlPoints = getCRLPoints(x509, criticalExtensions);
+ const ocspStaple = getOcspStaple(x509, criticalExtensions);
+ const aia = getAuthorityInfoAccess(x509, criticalExtensions);
+ const scts = getSCTs(x509, criticalExtensions);
+ const cp = getCertificatePolicies(x509, criticalExtensions);
+ const msCrypto = getMicrosoftCryptographicExtensions(
+ x509,
+ criticalExtensions
+ );
+
+ // determine which extensions weren't supported
+ let unsupportedExtensions = [];
+ if (x509.extensions) {
+ x509.extensions.forEach(ext => {
+ if (!supportedExtensions.includes(ext.extnID)) {
+ unsupportedExtensions.push(ext.extnID);
+ }
+ });
+ }
+
+ // the output shell
+ return {
+ ext: {
+ aia,
+ aKID,
+ basicConstraints,
+ crlPoints,
+ cp,
+ eKeyUsages,
+ keyUsages,
+ msCrypto,
+ ocspStaple,
+ scts,
+ sKID,
+ san,
+ },
+ files: {
+ der: undefined, // TODO: implement!
+ pem: encodeURI(certPEM),
+ },
+ fingerprint: {
+ sha1: await hash("SHA-1", certificate),
+ sha256: await hash("SHA-256", certificate),
+ },
+ issuer: parseSubsidiary(x509.issuer.typesAndValues),
+ notBefore: `${x509.notBefore.value.toLocaleString()} (${timeZone})`,
+ notBeforeUTC: x509.notBefore.value.toUTCString(),
+ notAfter: `${x509.notAfter.value.toLocaleString()} (${timeZone})`,
+ notAfterUTC: x509.notAfter.value.toUTCString(),
+ subject: parseSubsidiary(x509.subject.typesAndValues),
+ serialNumber: hashify(getObjPath(x509, "serialNumber.valueBlock.valueHex")),
+ signature: {
+ name: strings.signature[getObjPath(x509, "signature.algorithmId")],
+ type: getObjPath(x509, "signature.algorithmId"),
+ },
+ subjectPublicKeyInfo: spki,
+ unsupportedExtensions,
+ version: (x509.version + 1).toString(),
+ };
+};
+
+const ctLogNames = {
+ "9606c02c690033aa1d145f59c6e2648d0549f0df96aab8db915a70d8ecf390a5":
+ "Akamai CT",
+ "39376f545f7b4607f59742d768cd5d2437bf3473b6534a4834bcf72e681c83c9":
+ "Alpha CT",
+ a577ac9ced7548dd8f025b67a241089df86e0f476ec203c2ecbedb185f282638: "CNNIC CT",
+ cdb5179b7fc1c046feea31136a3f8f002e6182faf8896fecc8b2f5b5ab604900: "Certly.IO",
+ "1fbc36e002ede97f40199e86b3573b8a4217d80187746ad0da03a06054d20df4":
+ "Cloudflare “Nimbus2017”",
+ db74afeecb29ecb1feca3e716d2ce5b9aabb36f7847183c75d9d4f37b61fbf64:
+ "Cloudflare “Nimbus2018”",
+ "747eda8331ad331091219cce254f4270c2bffd5e422008c6373579e6107bcc56":
+ "Cloudflare “Nimbus2019”",
+ "5ea773f9df56c0e7b536487dd049e0327a919a0c84a112128418759681714558":
+ "Cloudflare “Nimbus2020”",
+ "4494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a8":
+ "Cloudflare “Nimbus2021”",
+ "41c8cab1df22464a10c6a13a0942875e4e318b1b03ebeb4bc768f090629606f6":
+ "Cloudflare “Nimbus2022”",
+ "7a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb52":
+ "Cloudflare “Nimbus2023”",
+ "6ff141b5647e4222f7ef052cefae7c21fd608e27d2af5a6e9f4b8a37d6633ee5":
+ "DigiCert Nessie2018",
+ fe446108b1d01ab78a62ccfeab6ab2b2babff3abdad80a4d8b30df2d0008830c:
+ "DigiCert Nessie2019",
+ c652a0ec48ceb3fcab170992c43a87413309e80065a26252401ba3362a17c565:
+ "DigiCert Nessie2020",
+ eec095ee8d72640f92e3c3b91bc712a3696a097b4b6a1a1438e647b2cbedc5f9:
+ "DigiCert Nessie2021",
+ "51a3b0f5fd01799c566db837788f0ca47acc1b27cbf79e88429a0dfed48b05e5":
+ "DigiCert Nessie2022",
+ b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a:
+ "DigiCert Nessie2023",
+ "5614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd":
+ "DigiCert Server",
+ "8775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f":
+ "DigiCert Server 2",
+ c1164ae0a772d2d4392dc80ac10770d4f0c49bde991a4840c1fa075164f63360:
+ "DigiCert Yeti2018",
+ e2694bae26e8e94009e8861bb63b83d43ee7fe7488fba48f2893019dddf1dbfe:
+ "DigiCert Yeti2019",
+ f095a459f200d18240102d2f93888ead4bfe1d47e399e1d034a6b0a8aa8eb273:
+ "DigiCert Yeti2020",
+ "5cdc4392fee6ab4544b15e9ad456e61037fbd5fa47dca17394b25ee6f6c70eca":
+ "DigiCert Yeti2021",
+ "2245450759552456963fa12ff1f76d86e0232663adc04b7f5dc6835c6ee20f02":
+ "DigiCert Yeti2022",
+ "35cf191bbfb16c57bf0fad4c6d42cbbbb627202651ea3fe12aefa803c33bd64c":
+ "DigiCert Yeti2023",
+ "717ea7420975be84a2723553f1777c26dd51af4e102144094d9019b462fb6668": "GDCA 1",
+ "14308d90ccd030135005c01ca526d81e84e87624e39b6248e08f724aea3bb42a": "GDCA 2",
+ c9cf890a21109c666cc17a3ed065c930d0e0135a9feba85af14210b8072421aa:
+ "GDCA CT #1",
+ "924a30f909336ff435d6993a10ac75a2c641728e7fc2d659ae6188ffad40ce01":
+ "GDCA CT #2",
+ fad4c97cc49ee2f8ac85c5ea5cea09d0220dbbf4e49c6b50662ff868f86b8c28:
+ "Google “Argon2017”",
+ a4501269055a15545e6211ab37bc103f62ae5576a45e4b1714453e1b22106a25:
+ "Google “Argon2018”",
+ "63f2dbcde83bcc2ccf0b728427576b33a48d61778fbd75a638b1c768544bd88d":
+ "Google “Argon2019”",
+ b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e:
+ "Google “Argon2020”",
+ f65c942fd1773022145418083094568ee34d131933bfdf0c2f200bcc4ef164e3:
+ "Google “Argon2021”",
+ "2979bef09e393921f056739f63a577e5be577d9c600af8f94d5d265c255dc784":
+ "Google “Argon2022”",
+ "68f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc4":
+ "Google “Aviator”",
+ c3bf03a7e1ca8841c607bae3ff4270fca5ec45b186ebbe4e2cf3fc778630f5f6:
+ "Google “Crucible”",
+ "1d024b8eb1498b344dfd87ea3efc0996f7506f235d1d497061a4773c439c25fb":
+ "Google “Daedalus”",
+ "293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478":
+ "Google “Icarus”",
+ a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10:
+ "Google “Pilot”",
+ ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb:
+ "Google “Rocketeer”",
+ bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185:
+ "Google “Skydiver”",
+ "52eb4b225ec896974850675f23e43bc1d021e3214ce52ecd5fa87c203cdfca03":
+ "Google “Solera2018”",
+ "0b760e9a8b9a682f88985b15e947501a56446bba8830785c3842994386450c00":
+ "Google “Solera2019”",
+ "1fc72ce5a1b799f400c359bff96ca3913548e8644220610952e9ba1774f7bac7":
+ "Google “Solera2020”",
+ a3c99845e80ab7ce00157b3742df0207dd272b2b602ecf98ee2c12db9c5ae7e7:
+ "Google “Solera2021”",
+ "697aafca1a6b536fae21205046debad7e0eaea13d2432e6e9d8fb379f2b9aaf3":
+ "Google “Solera2022”",
+ a899d8780c9290aaf462f31880ccfbd52451e970d0fbf591ef75b0d99b645681:
+ "Google “Submariner”",
+ b0cc83e5a5f97d6baf7c09cc284904872ac7e88b132c6350b7c6fd26e16c6c77:
+ "Google “Testtube”",
+ b10cd559a6d67846811f7df9a51532739ac48d703bea0323da5d38755bc0ad4e:
+ "Google “Xenon2018”",
+ "084114980071532c16190460bcfc47fdc2653afa292c72b37ff863ae29ccc9f0":
+ "Google “Xenon2019”",
+ "07b75c1be57d68fff1b0c61d2315c7bae6577c5794b76aeebc613a1a69d3a21c":
+ "Google “Xenon2020”",
+ "7d3ef2f88fff88556824c2c0ca9e5289792bc50e78097f2e6a9768997e22f0d7":
+ "Google “Xenon2021”",
+ "46a555eb75fa912030b5a28969f4f37d112c4174befd49b885abf2fc70fe6d47":
+ "Google “Xenon2022”",
+ "7461b4a09cfb3d41d75159575b2e7649a445a8d27709b0cc564a6482b7eb41a3": "Izenpe",
+ "8941449c70742e06b9fc9ce7b116ba0024aa36d59af44f0204404f00f7ea8566":
+ "Izenpe “Argi”",
+ "296afa2d568bca0d2ea844956ae9721fc35fa355ecda99693aafd458a71aefdd":
+ "Let“s Encrypt ”Clicky”",
+ "537b69a3564335a9c04904e39593b2c298eb8d7a6e83023635c627248cd6b440":
+ "Nordu “flimsy”",
+ aae70b7f3cb8d566c86c2f16979c9f445f69ab0eb4535589b2f77a030104f3cd:
+ "Nordu “plausible”",
+ e0127629e90496564e3d0147984498aa48f8adb16600eb7902a1ef9909906273:
+ "PuChuangSiDa CT",
+ cf55e28923497c340d5206d05353aeb25834b52f1f8dc9526809f212efdd7ca6:
+ "SHECA CT 1",
+ "32dc59c2d4c41968d56e14bc61ac8f0e45db39faf3c155aa4252f5001fa0c623":
+ "SHECA CT 2",
+ db76fdadac65e7d09508886e2159bd8b90352f5fead3e3dc5e22eb350acc7b98:
+ "Sectigo (Comodo) “Dodo” CT",
+ "6f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d913":
+ "Sectigo (Comodo) “Mammoth” CT",
+ "5581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c":
+ "Sectigo (Comodo) “Sabre” CT",
+ "34bb6ad6c3df9c03eea8a499ff7891486c9d5e5cac92d01f7bfd1bce19db48ef":
+ "StartCom",
+ ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc: "Symantec",
+ a7ce4a4e6207e0addee5fdaa4b1f86768767b5d002a55d47310e7e670a95eab2:
+ "Symantec Deneb",
+ "15970488d7b997a05beb52512adee8d2e8b4a3165264121a9fabfbd5f85ad93f":
+ "Symantec “Sirius”",
+ bc78e1dfc5f63c684649334da10fa15f0979692009c081b4f3f6917f3ed9b8a5:
+ "Symantec “Vega”",
+ b0b784bc81c0ddc47544e883f05985bb9077d134d8ab88b2b2e533980b8e508b:
+ "Up In The Air “Behind the Sofa”",
+ ac3b9aed7fa9674757159e6d7d575672f9d98100941e9bdeffeca1313b75782d: "Venafi",
+ "03019df3fd85a69a8ebd1facc6da9ba73e469774fe77f579fc5a08b8328c1d6b":
+ "Venafi Gen2 CT",
+ "41b2dc2e89e63ce4af1ba7bb29bf68c6dee6f9f1cc047e30dffae3b3ba259263": "WoSign",
+ "63d0006026dde10bb0601f452446965ee2b6ea2cd4fbc95ac866a550af9075b7":
+ "WoSign 2",
+ "9e4ff73dc3ce220b69217c899e468076abf8d78636d5ccfc85a31a75628ba88b":
+ "WoSign CT #1",
+ "659b3350f43b12cc5ea5ab4ec765d3fde6c88243777778e72003f9eb2b8c3129":
+ "Let's Encrypt Oak 2019",
+ e712f2b0377e1a62fb8ec90c6184f1ea7b37cb561d11265bf3e0f34bf241546e:
+ "Let's Encrypt Oak 2020",
+ "9420bc1e8ed58d6c88731f828b222c0dd1da4d5e6c4f943d61db4e2f584da2c2":
+ "Let's Encrypt Oak 2021",
+ dfa55eab68824f1f6cadeeb85f4e3e5aeacda212a46a5e8e3b12c020445c2a73:
+ "Let's Encrypt Oak 2022",
+ b73efb24df9c4dba75f239c5ba58f46c5dfc42cf7a9f35c49e1d098125edb499:
+ "Let's Encrypt Oak 2023",
+ "849f5f7f58d2bf7b54ecbd74611cea45c49c98f1d6481bc6f69e8c174f24f3cf":
+ "Let's Encrypt Testflume 2019",
+ c63f2218c37d56a6aa06b596da8e53d4d7156d1e9bac8e44d2202de64d69d9dc:
+ "Let's Encrypt Testflume 2020",
+ "03edf1da9776b6f38c341e39ed9d707a7570369cf9844f327fe9e14138361b60":
+ "Let's Encrypt Testflume 2021",
+ "2327efda352510dbc019ef491ae3ff1cc5a479bce37878360ee318cffb64f8c8":
+ "Let's Encrypt Testflume 2022",
+ "5534b7ab5a6ac3a7cbeba65487b2a2d71b48f650fa17c5197c97a0cb2076f3c6":
+ "Let's Encrypt Testflume 2023",
+};
+
+const strings = {
+ ux: {
+ upload: "Upload Certificate",
+ },
+
+ names: {
+ // Directory Pilot Attributes
+ "0.9.2342.19200300.100.1.1": {
+ short: "uid",
+ long: "User ID",
+ },
+ "0.9.2342.19200300.100.1.25": {
+ short: "dc",
+ long: "Domain Component",
+ },
+
+ // PKCS-9
+ "1.2.840.113549.1.9.1": {
+ short: "e",
+ long: "Email Address",
+ },
+
+ // Incorporated Locations
+ "1.3.6.1.4.1.311.60.2.1.1": {
+ short: undefined,
+ long: "Inc. Locality",
+ },
+ "1.3.6.1.4.1.311.60.2.1.2": {
+ short: undefined,
+ long: "Inc. State / Province",
+ },
+ "1.3.6.1.4.1.311.60.2.1.3": {
+ short: undefined,
+ long: "Inc. Country",
+ },
+
+ // microsoft cryptographic extensions
+ "1.3.6.1.4.1.311.21.7": {
+ name: {
+ short: "Certificate Template",
+ long: "Microsoft Certificate Template",
+ },
+ },
+ "1.3.6.1.4.1.311.21.10": {
+ name: {
+ short: "Certificate Policies",
+ long: "Microsoft Certificate Policies",
+ },
+ },
+
+ // certificate extensions
+ "1.3.6.1.4.1.11129.2.4.2": {
+ name: {
+ short: "Embedded SCTs",
+ long: "Embedded Signed Certificate Timestamps",
+ },
+ },
+ "1.3.6.1.5.5.7.1.1": {
+ name: {
+ short: undefined,
+ long: "Authority Information Access",
+ },
+ },
+ "1.3.6.1.5.5.7.1.24": {
+ name: {
+ short: "OCSP Stapling",
+ long: "Online Certificate Status Protocol Stapling",
+ },
+ },
+
+ // X.500 attribute types
+ "2.5.4.1": {
+ short: undefined,
+ long: "Aliased Entry",
+ },
+ "2.5.4.2": {
+ short: undefined,
+ long: "Knowledge Information",
+ },
+ "2.5.4.3": {
+ short: "cn",
+ long: "Common Name",
+ },
+ "2.5.4.4": {
+ short: "sn",
+ long: "Surname",
+ },
+ "2.5.4.5": {
+ short: "serialNumber",
+ long: "Serial Number",
+ },
+ "2.5.4.6": {
+ short: "c",
+ long: "Country",
+ },
+ "2.5.4.7": {
+ short: "l",
+ long: "Locality",
+ },
+ "2.5.4.8": {
+ short: "s",
+ long: "State / Province",
+ },
+ "2.5.4.9": {
+ short: "street",
+ long: "Stress Address",
+ },
+ "2.5.4.10": {
+ short: "o",
+ long: "Organization",
+ },
+ "2.5.4.11": {
+ short: "ou",
+ long: "Organizational Unit",
+ },
+ "2.5.4.12": {
+ short: "t",
+ long: "Title",
+ },
+ "2.5.4.13": {
+ short: "description",
+ long: "Description",
+ },
+ "2.5.4.14": {
+ short: undefined,
+ long: "Search Guide",
+ },
+ "2.5.4.15": {
+ short: undefined,
+ long: "Business Category",
+ },
+ "2.5.4.16": {
+ short: undefined,
+ long: "Postal Address",
+ },
+ "2.5.4.17": {
+ short: "postalCode",
+ long: "Postal Code",
+ },
+ "2.5.4.18": {
+ short: "POBox",
+ long: "PO Box",
+ },
+ "2.5.4.19": {
+ short: undefined,
+ long: "Physical Delivery Office Name",
+ },
+ "2.5.4.20": {
+ short: "phone",
+ long: "Phone Number",
+ },
+ "2.5.4.21": {
+ short: undefined,
+ long: "Telex Number",
+ },
+ "2.5.4.22": {
+ short: undefined,
+ long: "Teletex Terminal Identifier",
+ },
+ "2.5.4.23": {
+ short: undefined,
+ long: "Fax Number",
+ },
+ "2.5.4.24": {
+ short: undefined,
+ long: "X.121 Address",
+ },
+ "2.5.4.25": {
+ short: undefined,
+ long: "International ISDN Number",
+ },
+ "2.5.4.26": {
+ short: undefined,
+ long: "Registered Address",
+ },
+ "2.5.4.27": {
+ short: undefined,
+ long: "Destination Indicator",
+ },
+ "2.5.4.28": {
+ short: undefined,
+ long: "Preferred Delivery Method",
+ },
+ "2.5.4.29": {
+ short: undefined,
+ long: "Presentation Address",
+ },
+ "2.5.4.30": {
+ short: undefined,
+ long: "Supported Application Context",
+ },
+ "2.5.4.31": {
+ short: undefined,
+ long: "Member",
+ },
+ "2.5.4.32": {
+ short: undefined,
+ long: "Owner",
+ },
+ "2.5.4.33": {
+ short: undefined,
+ long: "Role Occupant",
+ },
+ "2.5.4.34": {
+ short: undefined,
+ long: "See Also",
+ },
+ "2.5.4.35": {
+ short: undefined,
+ long: "User Password",
+ },
+ "2.5.4.36": {
+ short: undefined,
+ long: "User Certificate",
+ },
+ "2.5.4.37": {
+ short: undefined,
+ long: "CA Certificate",
+ },
+ "2.5.4.38": {
+ short: undefined,
+ long: "Authority Revocation List",
+ },
+ "2.5.4.39": {
+ short: undefined,
+ long: "Certificate Revocation List",
+ },
+ "2.5.4.40": {
+ short: undefined,
+ long: "Cross-certificate Pair",
+ },
+ "2.5.4.41": {
+ short: undefined,
+ long: "Name",
+ },
+ "2.5.4.42": {
+ short: "g",
+ long: "Given Name",
+ },
+ "2.5.4.43": {
+ short: "i",
+ long: "Initials",
+ },
+ "2.5.4.44": {
+ short: undefined,
+ long: "Generation Qualifier",
+ },
+ "2.5.4.45": {
+ short: undefined,
+ long: "Unique Identifier",
+ },
+ "2.5.4.46": {
+ short: undefined,
+ long: "DN Qualifier",
+ },
+ "2.5.4.47": {
+ short: undefined,
+ long: "Enhanced Search Guide",
+ },
+ "2.5.4.48": {
+ short: undefined,
+ long: "Protocol Information",
+ },
+ "2.5.4.49": {
+ short: "dn",
+ long: "Distinguished Name",
+ },
+ "2.5.4.50": {
+ short: undefined,
+ long: "Unique Member",
+ },
+ "2.5.4.51": {
+ short: undefined,
+ long: "House Identifier",
+ },
+ "2.5.4.52": {
+ short: undefined,
+ long: "Supported Algorithms",
+ },
+ "2.5.4.53": {
+ short: undefined,
+ long: "Delta Revocation List",
+ },
+ "2.5.4.58": {
+ short: undefined,
+ long: "Attribute Certificate Attribute", // huh
+ },
+ "2.5.4.65": {
+ short: undefined,
+ long: "Pseudonym",
+ },
+
+ // extensions
+ "2.5.29.14": {
+ name: {
+ short: "Subject Key ID",
+ long: "Subject Key Identifier",
+ },
+ },
+ "2.5.29.15": {
+ name: {
+ short: undefined,
+ long: "Key Usages",
+ },
+ },
+ "2.5.29.17": {
+ name: {
+ short: "Subject Alt Names",
+ long: "Subject Alternative Names",
+ },
+ },
+ "2.5.29.19": {
+ name: {
+ short: undefined,
+ long: "Basic Constraints",
+ },
+ },
+ "2.5.29.31": {
+ name: {
+ short: "CRL Endpoints",
+ long: "Certificate Revocation List Endpoints",
+ },
+ },
+ "2.5.29.32": {
+ name: {
+ short: undefined,
+ long: "Certificate Policies",
+ },
+ },
+ "2.5.29.35": {
+ name: {
+ short: "Authority Key ID",
+ long: "Authority Key Identifier",
+ },
+ },
+ "2.5.29.37": {
+ name: {
+ short: undefined,
+ long: "Extended Key Usages",
+ },
+ },
+ },
+
+ keyUsages: [
+ "CRL Signing",
+ "Certificate Signing",
+ "Key Agreement",
+ "Data Encipherment",
+ "Key Encipherment",
+ "Non-Repudiation",
+ "Digital Signature",
+ ],
+
+ san: [
+ "Other Name",
+ "RFC 822 Name",
+ "DNS Name",
+ "X.400 Address",
+ "Directory Name",
+ "EDI Party Name",
+ "URI",
+ "IP Address",
+ "Registered ID",
+ ],
+
+ eKU: {
+ "1.3.6.1.4.1.311.10.3.1": "Certificate Trust List (CTL) Signing",
+ "1.3.6.1.4.1.311.10.3.2": "Timestamp Signing",
+ "1.3.6.1.4.1.311.10.3.4": "EFS Encryption",
+ "1.3.6.1.4.1.311.10.3.4.1": "EFS Recovery",
+ "1.3.6.1.4.1.311.10.3.5":
+ "Windows Hardware Quality Labs (WHQL) Cryptography",
+ "1.3.6.1.4.1.311.10.3.7": "Windows NT 5 Cryptography",
+ "1.3.6.1.4.1.311.10.3.8": "Windows NT Embedded Cryptography",
+ "1.3.6.1.4.1.311.10.3.10": "Qualified Subordination",
+ "1.3.6.1.4.1.311.10.3.11": "Escrowed Key Recovery",
+ "1.3.6.1.4.1.311.10.3.12": "Document Signing",
+ "1.3.6.1.4.1.311.10.5.1": "Digital Rights Management",
+ "1.3.6.1.4.1.311.10.6.1": "Key Pack Licenses",
+ "1.3.6.1.4.1.311.10.6.2": "License Server",
+ "1.3.6.1.4.1.311.20.2.1": "Enrollment Agent",
+ "1.3.6.1.4.1.311.20.2.2": "Smartcard Login",
+ "1.3.6.1.4.1.311.21.5": "Certificate Authority Private Key Archival",
+ "1.3.6.1.4.1.311.21.6": "Key Recovery Agent",
+ "1.3.6.1.4.1.311.21.19": "Directory Service Email Replication",
+ "1.3.6.1.5.5.7.3.1": "Server Authentication",
+ "1.3.6.1.5.5.7.3.2": "Client Authentication",
+ "1.3.6.1.5.5.7.3.3": "Code Signing",
+ "1.3.6.1.5.5.7.3.4": "E-mail Protection",
+ "1.3.6.1.5.5.7.3.5": "IPsec End System",
+ "1.3.6.1.5.5.7.3.6": "IPsec Tunnel",
+ "1.3.6.1.5.5.7.3.7": "IPSec User",
+ "1.3.6.1.5.5.7.3.8": "Timestamping",
+ "1.3.6.1.5.5.7.3.9": "OCSP Signing",
+ "1.3.6.1.5.5.8.2.2": "Internet Key Exchange (IKE)",
+ },
+
+ signature: {
+ "1.2.840.113549.1.1.4": "MD5 with RSA Encryption",
+ "1.2.840.113549.1.1.5": "SHA-1 with RSA Encryption",
+ "1.2.840.113549.1.1.11": "SHA-256 with RSA Encryption",
+ "1.2.840.113549.1.1.12": "SHA-384 with RSA Encryption",
+ "1.2.840.113549.1.1.13": "SHA-512 with RSA Encryption",
+ "1.2.840.10040.4.3": "DSA with SHA-1",
+ "2.16.840.1.101.3.4.3.2": "DSA with SHA-256",
+ "1.2.840.10045.4.1": "ECDSA with SHA-1",
+ "1.2.840.10045.4.3.2": "ECDSA with SHA-256",
+ "1.2.840.10045.4.3.3": "ECDSA with SHA-384",
+ "1.2.840.10045.4.3.4": "ECDSA with SHA-512",
+ },
+
+ aia: {
+ "1.3.6.1.5.5.7.48.1": "Online Certificate Status Protocol (OCSP)",
+ "1.3.6.1.5.5.7.48.2": "CA Issuers",
+ },
+
+ // this includes qualifiers as well
+ cps: {
+ "1.3.6.1.4.1": {
+ name: "Statement Identifier",
+ value: undefined,
+ },
+ "1.3.6.1.5.5.7.2.1": {
+ name: "Practices Statement",
+ value: undefined,
+ },
+ "1.3.6.1.5.5.7.2.2": {
+ name: "User Notice",
+ value: undefined,
+ },
+ "2.16.840": {
+ name: "ANSI Organizational Identifier",
+ value: undefined,
+ },
+ "2.23.140.1.1": {
+ name: "Certificate Type",
+ value: "Extended Validation",
+ },
+ "2.23.140.1.2.1": {
+ name: "Certificate Type",
+ value: "Domain Validation",
+ },
+ "2.23.140.1.2.2": {
+ name: "Certificate Type",
+ value: "Organization Validation",
+ },
+ "2.23.140.1.2.3": {
+ name: "Certificate Type",
+ value: "Individual Validation",
+ },
+ "2.23.140.1.3": {
+ name: "Certificate Type",
+ value: "Extended Validation (Code Signing)",
+ },
+ "2.23.140.1.31": {
+ name: "Certificate Type",
+ value: ".onion Extended Validation",
+ },
+ "2.23.140.2.1": {
+ name: "Certificate Type",
+ value: "Test Certificate",
+ },
+ },
+
+ microsoftCertificateTypes: {
+ Administrator: "Administrator",
+ CA: "Root Certification Authority",
+ CAExchange: "CA Exchange",
+ CEPEncryption: "CEP Encryption",
+ CertificateRequestAgent: "Certificate Request Agent",
+ ClientAuth: "Authenticated Session",
+ CodeSigning: "Code Signing",
+ CrossCA: "Cross Certification Authority",
+ CTLSigning: "Trust List Signing",
+ DirectoryEmailReplication: "Directory Email Replication",
+ DomainController: "Domain Controller",
+ DomainControllerAuthentication: "Domain Controller Authentication",
+ EFS: "Basic EFS",
+ EFSRecovery: "EFS Recovery Agent",
+ EnrollmentAgent: "Enrollment Agent",
+ EnrollmentAgentOffline: "Exchange Enrollment Agent (Offline request)",
+ ExchangeUser: "Exchange User",
+ ExchangeUserSignature: "Exchange Signature Only",
+ IPSECIntermediateOffline: "IPSec (Offline request)",
+ IPSECIntermediateOnline: "IPSEC",
+ KerberosAuthentication: "Kerberos Authentication",
+ KeyRecoveryAgent: "Key Recovery Agent",
+ Machine: "Computer",
+ MachineEnrollmentAgent: "Enrollment Agent (Computer)",
+ OCSPResponseSigning: "OCSP Response Signing",
+ OfflineRouter: "Router (Offline request)",
+ RASAndIASServer: "RAS and IAS Server",
+ SmartcardLogon: "Smartcard Logon",
+ SmartcardUser: "Smartcard User",
+ SubCA: "Subordinate Certification Authority",
+ User: "User",
+ UserSignature: "User Signature Only",
+ WebServer: "Web Server",
+ Workstation: "Workstation Authentication",
+ },
+};
+
+function stringToArrayBuffer(string) {
+ let result = new Uint8Array(string.length);
+ for (let i = 0; i < string.length; i++) {
+ result[i] = string.charCodeAt(i);
+ }
+ return result;
+}
+
+// this particular prototype override makes it easy to chain down complex objects
+const getObjPath = (obj, path) => {
+ path = path.split(".");
+ for (let i = 0, len = path.length; i < len; i++) {
+ if (Array.isArray(obj[path[i]])) {
+ obj = obj[path[i]][path[i + 1]];
+ i++;
+ } else {
+ obj = obj[path[i]];
+ }
+ }
+ return obj;
+};
+
+const arrayBufferToHex = arrayBuffer => {
+ const array = Array.from(new Uint8Array(arrayBuffer));
+
+ return array
+ .map(b => ("00" + b.toString(16)).slice(-2))
+ .join(":")
+ .toUpperCase();
+};
+
+const hash = async (algo, buffer) => {
+ const hashBuffer = await crypto.subtle.digest(algo, buffer);
+ return arrayBufferToHex(hashBuffer);
+};
+
+const hashify = rawHash => {
+ if (typeof rawHash === "string") {
+ return rawHash.match(/.{2}/g).join(":").toUpperCase();
+ }
+ if (rawHash instanceof ArrayBuffer) {
+ return arrayBufferToHex(rawHash);
+ }
+ return rawHash.join(":").toUpperCase();
+};
+
+export const pemToDER = pem => {
+ return stringToArrayBuffer(atob(pem));
+};
diff --git a/toolkit/components/certviewer/content/certviewer.css b/toolkit/components/certviewer/content/certviewer.css
new file mode 100644
index 0000000000..1d5bd52917
--- /dev/null
+++ b/toolkit/components/certviewer/content/certviewer.css
@@ -0,0 +1,8 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+body {
+ max-width: 800px;
+ margin: 0 auto;
+}
diff --git a/toolkit/components/certviewer/content/certviewer.html b/toolkit/components/certviewer/content/certviewer.html
new file mode 100644
index 0000000000..661fa6b0d9
--- /dev/null
+++ b/toolkit/components/certviewer/content/certviewer.html
@@ -0,0 +1,113 @@
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<!DOCTYPE html>
+
+<html>
+ <head>
+ <meta name="viewport" content="width=device-width" />
+ <meta
+ http-equiv="Content-Security-Policy"
+ content="default-src chrome:; object-src 'none'"
+ />
+ <meta name="color-scheme" content="light dark" />
+ <link rel="localization" href="toolkit/about/certviewer.ftl" />
+ <link rel="localization" href="branding/brand.ftl" />
+ <script
+ type="module"
+ src="chrome://global/content/certviewer/certviewer.mjs"
+ ></script>
+ <script
+ type="module"
+ src="chrome://global/content/certviewer/components/certificate-section.mjs"
+ ></script>
+ <script
+ type="module"
+ src="chrome://global/content/certviewer/components/about-certificate-section.mjs"
+ ></script>
+ <link rel="stylesheet" href="chrome://global/skin/in-content/common.css" />
+ <link
+ rel="stylesheet"
+ href="chrome://global/content/certviewer/certviewer.css"
+ />
+ <title id="certTitle">about:certificate</title>
+ </head>
+ <body>
+ <template id="certificate-section-template" class="section">
+ <link
+ rel="stylesheet"
+ href="chrome://global/content/certviewer/components/certificate-section.css"
+ />
+ <h1 class="title"></h1>
+ </template>
+
+ <template id="certificate-tabs-template">
+ <div class="certificate-tabs" role="tablist"></div>
+ </template>
+
+ <template id="info-groups-template"> </template>
+
+ <template id="info-item-template">
+ <link
+ rel="stylesheet"
+ href="chrome://global/skin/in-content/common.css"
+ />
+ <link
+ rel="stylesheet"
+ href="chrome://global/content/certviewer/components/info-item.css"
+ />
+ <label></label>
+ <span class="info"></span>
+ </template>
+
+ <template id="info-group-template">
+ <link
+ rel="stylesheet"
+ href="chrome://global/content/certviewer/components/info-group.css"
+ />
+ <span class="extension">
+ <img
+ src="chrome://global/skin/icons/error.svg"
+ id="critical-info"
+ data-l10n-id="certificate-viewer-critical-extension"
+ />
+ <h2 class="info-group-title"></h2>
+ </span>
+ <span class="info-group-title-hr"></span>
+ </template>
+
+ <template id="error-section-template">
+ <link
+ rel="stylesheet"
+ href="chrome://global/content/certviewer/components/error-section.css"
+ />
+ <h1 class="title"></h1>
+ <span class="error"></span>
+ </template>
+
+ <template id="about-certificate-template" class="section">
+ <link
+ rel="stylesheet"
+ href="chrome://global/content/certviewer/components/certificate-section.css"
+ />
+ <h1 class="title"></h1>
+ </template>
+
+ <template id="about-certificate-items-template">
+ <link
+ rel="stylesheet"
+ href="chrome://global/content/certviewer/components/about-certificate-section.css"
+ />
+ </template>
+
+ <template id="list-item-template">
+ <link
+ rel="stylesheet"
+ href="chrome://global/content/certviewer/components/list-item.css"
+ />
+ <a class="cert-url"><span class="item-name"></span></a>
+ <button class="export"></button>
+ </template>
+ </body>
+</html>
diff --git a/toolkit/components/certviewer/content/certviewer.mjs b/toolkit/components/certviewer/content/certviewer.mjs
new file mode 100644
index 0000000000..3e48a069f5
--- /dev/null
+++ b/toolkit/components/certviewer/content/certviewer.mjs
@@ -0,0 +1,475 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* eslint-env mozilla/remote-page */
+
+import { normalizeToKebabCase } from "./components/utils.mjs";
+import {
+ parse,
+ pemToDER,
+} from "chrome://global/content/certviewer/certDecoder.mjs";
+
+document.addEventListener("DOMContentLoaded", async e => {
+ let url = new URL(document.URL);
+ let certInfo = url.searchParams.getAll("cert");
+ if (certInfo.length === 0) {
+ render({}, false, true);
+ return;
+ }
+ certInfo = certInfo.map(cert => decodeURIComponent(cert));
+ await buildChain(certInfo);
+});
+
+export const updateSelectedItem = (() => {
+ let state;
+ return selectedItem => {
+ let certificateSection =
+ document.querySelector("certificate-section") ||
+ document.querySelector("about-certificate-section");
+ if (selectedItem) {
+ if (state !== selectedItem) {
+ state = selectedItem;
+ certificateSection.updateCertificateSource(selectedItem);
+ certificateSection.updateSelectedTab(selectedItem);
+ }
+ }
+ return state;
+ };
+})();
+
+const createEntryItem = (labelId, info, isHex = false) => {
+ if (
+ labelId == null ||
+ info == null ||
+ (Array.isArray(info) && !info.length)
+ ) {
+ return null;
+ }
+ return {
+ labelId,
+ info,
+ isHex,
+ };
+};
+
+const addToResultUsing = (callback, certItems, sectionId, Critical) => {
+ let items = callback();
+ if (items.length) {
+ certItems.push({
+ sectionId,
+ sectionItems: items,
+ Critical,
+ });
+ }
+};
+
+const getElementByPathOrFalse = (obj, pathString) => {
+ let pathArray = pathString.split(".");
+ let result = obj;
+ for (let entry of pathArray) {
+ result = result[entry];
+ if (result == null) {
+ return false;
+ }
+ }
+ return result ? result : false;
+};
+
+export const adjustCertInformation = cert => {
+ let certItems = [];
+ let tabName = cert?.subject?.cn || "";
+ if (cert && !tabName) {
+ // No common name, use the value of the last item in the cert's entries.
+ tabName = cert.subject?.entries?.slice(-1)[0]?.[1] || "";
+ }
+
+ if (!cert) {
+ return {
+ certItems,
+ tabName,
+ };
+ }
+
+ addToResultUsing(
+ () => {
+ let items = [];
+ if (cert.subject && cert.subject.entries) {
+ items = cert.subject.entries
+ .map(entry =>
+ createEntryItem(normalizeToKebabCase(entry[0]), entry[1])
+ )
+ .filter(elem => elem != null);
+ }
+ return items;
+ },
+ certItems,
+ "subject-name",
+ false
+ );
+
+ addToResultUsing(
+ () => {
+ let items = [];
+ if (cert.issuer && cert.issuer.entries) {
+ items = cert.issuer.entries
+ .map(entry =>
+ createEntryItem(normalizeToKebabCase(entry[0]), entry[1])
+ )
+ .filter(elem => elem != null);
+ }
+ return items;
+ },
+ certItems,
+ "issuer-name",
+ false
+ );
+
+ addToResultUsing(
+ () => {
+ let items = [];
+ if (cert.notBefore && cert.notAfter) {
+ items = [
+ createEntryItem("not-before", {
+ local: cert.notBefore,
+ utc: cert.notBeforeUTC,
+ }),
+ createEntryItem("not-after", {
+ local: cert.notAfter,
+ utc: cert.notAfterUTC,
+ }),
+ ].filter(elem => elem != null);
+ }
+ return items;
+ },
+ certItems,
+ "validity",
+ false
+ );
+
+ addToResultUsing(
+ () => {
+ let items = [];
+ if (cert.ext && cert.ext.san && cert.ext.san.altNames) {
+ items = cert.ext.san.altNames
+ .map(entry =>
+ createEntryItem(normalizeToKebabCase(entry[0]), entry[1])
+ )
+ .filter(elem => elem != null);
+ }
+ return items;
+ },
+ certItems,
+ "subject-alt-names",
+ getElementByPathOrFalse(cert, "ext.san.critical")
+ );
+
+ addToResultUsing(
+ () => {
+ let items = [];
+ if (cert.subjectPublicKeyInfo) {
+ items = [
+ createEntryItem("algorithm", cert.subjectPublicKeyInfo.kty),
+ createEntryItem("key-size", cert.subjectPublicKeyInfo.keysize),
+ createEntryItem("curve", cert.subjectPublicKeyInfo.crv),
+ createEntryItem("public-value", cert.subjectPublicKeyInfo.xy, true),
+ createEntryItem("exponent", cert.subjectPublicKeyInfo.e),
+ createEntryItem("modulus", cert.subjectPublicKeyInfo.n, true),
+ ].filter(elem => elem != null);
+ }
+ return items;
+ },
+ certItems,
+ "public-key-info",
+ false
+ );
+
+ addToResultUsing(
+ () => {
+ let items = [
+ createEntryItem("serial-number", cert.serialNumber, true),
+ createEntryItem(
+ "signature-algorithm",
+ cert.signature ? cert.signature.name : null
+ ),
+ createEntryItem("version", cert.version),
+ createEntryItem("download", cert.files ? cert.files.pem : null),
+ ].filter(elem => elem != null);
+ return items;
+ },
+ certItems,
+ "miscellaneous",
+ false
+ );
+
+ addToResultUsing(
+ () => {
+ let items = [];
+ if (cert.fingerprint) {
+ items = [
+ createEntryItem("sha-256", cert.fingerprint.sha256, true),
+ createEntryItem("sha-1", cert.fingerprint.sha1, true),
+ ].filter(elem => elem != null);
+ }
+ return items;
+ },
+ certItems,
+ "fingerprints",
+ false
+ );
+
+ if (!cert.ext) {
+ return {
+ certItems,
+ tabName,
+ };
+ }
+
+ addToResultUsing(
+ () => {
+ let items = [];
+ if (cert.ext.basicConstraints) {
+ items = [
+ createEntryItem(
+ "certificate-authority",
+ cert.ext.basicConstraints.cA
+ ),
+ ].filter(elem => elem != null);
+ }
+ return items;
+ },
+ certItems,
+ "basic-constraints",
+ getElementByPathOrFalse(cert, "ext.basicConstraints.critical")
+ );
+
+ addToResultUsing(
+ () => {
+ let items = [];
+ if (cert.ext.keyUsages) {
+ items = [
+ createEntryItem("purposes", cert.ext.keyUsages.purposes),
+ ].filter(elem => elem != null);
+ }
+ return items;
+ },
+ certItems,
+ "key-usages",
+ getElementByPathOrFalse(cert, "ext.keyUsages.critical")
+ );
+
+ addToResultUsing(
+ () => {
+ let items = [];
+ if (cert.ext.eKeyUsages) {
+ items = [
+ createEntryItem("purposes", cert.ext.eKeyUsages.purposes),
+ ].filter(elem => elem != null);
+ }
+ return items;
+ },
+ certItems,
+ "extended-key-usages",
+ getElementByPathOrFalse(cert, "ext.eKeyUsages.critical")
+ );
+
+ addToResultUsing(
+ () => {
+ let items = [];
+ if (cert.ext.ocspStaple && cert.ext.ocspStaple.required) {
+ items = [createEntryItem("required", true)];
+ }
+ return items;
+ },
+ certItems,
+ "ocsp-stapling",
+ getElementByPathOrFalse(cert, "ext.ocspStaple.critical")
+ );
+
+ addToResultUsing(
+ () => {
+ let items = [];
+ if (cert.ext.sKID) {
+ items = [createEntryItem("key-id", cert.ext.sKID.id, true)].filter(
+ elem => elem != null
+ );
+ }
+ return items;
+ },
+ certItems,
+ "subject-key-id",
+ getElementByPathOrFalse(cert, "ext.sKID.critical")
+ );
+
+ addToResultUsing(
+ () => {
+ let items = [];
+ if (cert.ext.aKID) {
+ items = [createEntryItem("key-id", cert.ext.aKID.id, true)].filter(
+ elem => elem != null
+ );
+ }
+ return items;
+ },
+ certItems,
+ "authority-key-id",
+ getElementByPathOrFalse(cert, "ext.aKID.critical")
+ );
+
+ addToResultUsing(
+ () => {
+ let items = [];
+ if (cert.ext.crlPoints && cert.ext.crlPoints.points) {
+ items = cert.ext.crlPoints.points
+ .map(entry => {
+ let label = "distribution-point";
+ return createEntryItem(label, entry);
+ })
+ .filter(elem => elem != null);
+ }
+ return items;
+ },
+ certItems,
+ "crl-endpoints",
+ getElementByPathOrFalse(cert, "ext.crlPoints.critical")
+ );
+
+ addToResultUsing(
+ () => {
+ let items = [];
+ if (cert.ext.aia && cert.ext.aia.descriptions) {
+ cert.ext.aia.descriptions.forEach(entry => {
+ items.push(createEntryItem("location", entry.location));
+ items.push(createEntryItem("method", entry.method));
+ });
+ }
+ return items.filter(elem => elem != null);
+ },
+ certItems,
+ "authority-info-aia",
+ getElementByPathOrFalse(cert, "ext.aia.critical")
+ );
+
+ addToResultUsing(
+ () => {
+ let items = [];
+ if (cert.ext.cp && cert.ext.cp.policies) {
+ cert.ext.cp.policies.forEach(entry => {
+ if (entry.name && entry.id) {
+ items.push(
+ createEntryItem("policy", entry.name + " ( " + entry.id + " )")
+ );
+ }
+ items.push(createEntryItem("value", entry.value));
+ if (entry.qualifiers) {
+ entry.qualifiers.forEach(qualifier => {
+ if (qualifier.qualifierName && qualifier.qualifierId) {
+ items.push(
+ createEntryItem(
+ "qualifier",
+ qualifier.qualifierName +
+ " ( " +
+ qualifier.qualifierId +
+ " )"
+ )
+ );
+ }
+ items.push(createEntryItem("value", qualifier.qualifierValue));
+ });
+ }
+ });
+ }
+ return items.filter(elem => elem != null);
+ },
+ certItems,
+ "certificate-policies",
+ getElementByPathOrFalse(cert, "ext.cp.critical")
+ );
+
+ addToResultUsing(
+ () => {
+ let items = [];
+ if (cert.ext.scts && cert.ext.scts.timestamps) {
+ cert.ext.scts.timestamps.forEach(entry => {
+ let timestamps = {};
+ for (let key of Object.keys(entry)) {
+ if (key.includes("timestamp")) {
+ timestamps[key.includes("UTC") ? "utc" : "local"] = entry[key];
+ } else {
+ let isHex = false;
+ if (key == "logId") {
+ isHex = true;
+ }
+ items.push(
+ createEntryItem(normalizeToKebabCase(key), entry[key], isHex)
+ );
+ }
+ }
+ items.push(createEntryItem("timestamp", timestamps));
+ });
+ }
+ return items.filter(elem => elem != null);
+ },
+ certItems,
+ "embedded-scts",
+ getElementByPathOrFalse(cert, "ext.scts.critical")
+ );
+
+ return {
+ certItems,
+ tabName,
+ };
+};
+
+// isAboutCertificate means to the standalone page about:certificate, which
+// uses a different customElement than opening a certain certificate
+const render = async (certs, error, isAboutCertificate = false) => {
+ if (isAboutCertificate) {
+ await customElements.whenDefined("about-certificate-section");
+ const AboutCertificateSection = customElements.get(
+ "about-certificate-section"
+ );
+ document.querySelector("body").append(new AboutCertificateSection());
+ } else {
+ await customElements.whenDefined("certificate-section");
+ const CertificateSection = customElements.get("certificate-section");
+ document.querySelector("body").append(new CertificateSection(certs, error));
+ }
+ return Promise.resolve();
+};
+
+const buildChain = async chain => {
+ await Promise.all(
+ chain
+ .map(cert => {
+ try {
+ return pemToDER(cert);
+ } catch (err) {
+ return Promise.reject(err);
+ }
+ })
+ .map(cert => {
+ try {
+ return parse(cert);
+ } catch (err) {
+ return Promise.reject(err);
+ }
+ })
+ )
+ .then(certs => {
+ if (certs.length === 0) {
+ return Promise.reject();
+ }
+ let certTitle = document.querySelector("#certTitle");
+ let firstCertCommonName = certs[0].subject.cn;
+ document.l10n.setAttributes(certTitle, "certificate-viewer-tab-title", {
+ firstCertName: firstCertCommonName,
+ });
+
+ let adjustedCerts = certs.map(cert => adjustCertInformation(cert));
+ return render(adjustedCerts, false);
+ })
+ .catch(err => {
+ render(null, true);
+ });
+};
diff --git a/toolkit/components/certviewer/content/components/about-certificate-items.mjs b/toolkit/components/certviewer/content/components/about-certificate-items.mjs
new file mode 100644
index 0000000000..9fa856c61e
--- /dev/null
+++ b/toolkit/components/certviewer/content/components/about-certificate-items.mjs
@@ -0,0 +1,33 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* eslint-env mozilla/remote-page */
+
+import { ListItem } from "./list-item.mjs";
+
+export class AboutCertificateItems extends HTMLElement {
+ constructor(id, data) {
+ super();
+ this.id = id;
+ this.data = data;
+ }
+
+ connectedCallback() {
+ let template = document.getElementById("about-certificate-items-template");
+ let templateHtml = template.content.cloneNode(true);
+
+ this.attachShadow({ mode: "open" }).appendChild(templateHtml);
+
+ document.l10n.connectRoot(this.shadowRoot);
+
+ this.render();
+ }
+
+ render() {
+ for (let cert of this.data) {
+ this.shadowRoot.append(new ListItem(cert));
+ }
+ }
+}
+customElements.define("about-certificate-items", AboutCertificateItems);
diff --git a/toolkit/components/certviewer/content/components/about-certificate-section.css b/toolkit/components/certviewer/content/components/about-certificate-section.css
new file mode 100644
index 0000000000..4f472b57d5
--- /dev/null
+++ b/toolkit/components/certviewer/content/components/about-certificate-section.css
@@ -0,0 +1,7 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+:host {
+ margin: 2em;
+}
diff --git a/toolkit/components/certviewer/content/components/about-certificate-section.mjs b/toolkit/components/certviewer/content/components/about-certificate-section.mjs
new file mode 100644
index 0000000000..8939c6a2ae
--- /dev/null
+++ b/toolkit/components/certviewer/content/components/about-certificate-section.mjs
@@ -0,0 +1,114 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* eslint-env mozilla/remote-page */
+
+import { InfoGroupContainer } from "./info-group-container.mjs";
+import { CertificateTabsSection } from "./certificate-tabs-section.mjs";
+
+const TYPE_CA = 1;
+const TYPE_USER = 2;
+const TYPE_EMAIL = 4;
+const TYPE_SERVER = 8;
+
+export class AboutCertificateSection extends HTMLElement {
+ constructor() {
+ super();
+ }
+
+ connectedCallback() {
+ let template = document.getElementById("about-certificate-template");
+ let templateHtml = template.content.cloneNode(true);
+
+ this.attachShadow({ mode: "open" }).appendChild(templateHtml);
+
+ document.l10n.connectRoot(this.shadowRoot);
+
+ this.certificateTabsSection = new CertificateTabsSection(true);
+ this.shadowRoot.appendChild(this.certificateTabsSection.tabsElement);
+ this.infoGroupsContainers = new InfoGroupContainer(true);
+
+ this.render();
+ }
+
+ render() {
+ RPMSendQuery("getCertificates").then(this.filterCerts.bind(this));
+
+ let title = this.shadowRoot.querySelector(".title");
+ title.setAttribute(
+ "data-l10n-id",
+ "certificate-viewer-certificate-section-title"
+ );
+ }
+
+ filterCerts(srcCerts) {
+ let certs = [];
+ if (srcCerts[TYPE_USER].length) {
+ certs.push({
+ name: "certificate-viewer-tab-mine",
+ data: srcCerts[TYPE_USER],
+ });
+ }
+ if (srcCerts[TYPE_EMAIL].length) {
+ certs.push({
+ name: "certificate-viewer-tab-people",
+ data: srcCerts[TYPE_EMAIL],
+ });
+ }
+ if (srcCerts[TYPE_SERVER].length) {
+ certs.push({
+ name: "certificate-viewer-tab-servers",
+ data: srcCerts[TYPE_SERVER],
+ });
+ }
+ if (srcCerts[TYPE_CA].length) {
+ certs.push({
+ name: "certificate-viewer-tab-ca",
+ data: srcCerts[TYPE_CA],
+ });
+ }
+
+ let i = 0;
+ for (let cert of certs) {
+ let final = i == certs.length - 1;
+ this.infoGroupsContainers.createInfoGroupsContainers({}, i, final, cert);
+ this.shadowRoot.appendChild(
+ this.infoGroupsContainers.infoGroupsContainers[i]
+ );
+ this.certificateTabsSection.createTabSection(cert.name, i);
+ this.infoGroupsContainers.addClass("selected", 0);
+ i++;
+ }
+ this.setAccessibilityEventListeners();
+ this.addClassForPadding();
+ }
+
+ // Adds class selector for items that need padding,
+ // as nth-child/parent-based selectors aren't supported
+ // due to the encapsulation of custom-element CSS.
+ addClassForPadding() {
+ let embeddedScts = this.shadowRoot.querySelector(".embedded-scts");
+ if (!embeddedScts) {
+ return;
+ }
+ let items = embeddedScts.shadowRoot.querySelectorAll(".timestamp");
+
+ for (let i = 0; i < items.length; i++) {
+ items[i].classList.add("padding");
+ }
+ }
+
+ setAccessibilityEventListeners() {
+ this.certificateTabsSection.setAccessibilityEventListeners();
+ }
+
+ updateSelectedTab(index) {
+ this.certificateTabsSection.updateSelectedTab(index);
+ }
+
+ updateCertificateSource(index) {
+ this.infoGroupsContainers.updateCertificateSource(index);
+ }
+}
+customElements.define("about-certificate-section", AboutCertificateSection);
diff --git a/toolkit/components/certviewer/content/components/certificate-section.css b/toolkit/components/certviewer/content/components/certificate-section.css
new file mode 100644
index 0000000000..07baa84530
--- /dev/null
+++ b/toolkit/components/certviewer/content/components/certificate-section.css
@@ -0,0 +1,72 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+h1 {
+ font-size: 1.5em;
+ font-weight: lighter;
+ margin: 3em 0 1em;
+}
+
+.certificate-tabs {
+ display: flex;
+ text-align: center;
+ border-bottom: 1px solid var(--in-content-border-color);
+ box-shadow: var(--card-shadow);
+}
+
+.info-groups {
+ display: none;
+ outline: none;
+ background-color: var(--in-content-box-background);
+ box-shadow: var(--card-shadow);
+ margin-bottom: 2em;
+ border-radius: 0 0 4px 4px;
+}
+
+.info-groups.selected {
+ display: block;
+}
+
+.tab {
+ margin: 0;
+ border-radius: 0;
+ padding: 18px;
+ padding-bottom: 15px; /* compensate for border-bottom below */
+ border: none;
+ border-bottom: 3px solid transparent;
+ background-color: var(--in-content-box-background);
+ color: var(--in-content-text-color);
+ flex: 1 1 auto;
+ text-overflow: ellipsis;
+ overflow: hidden;
+ font-size: 1.1em;
+}
+
+/* .tab can be LTR (by `dir="auto"`) for `about:certificate?cert=`
+ pages, so set the border-radius according to the parent's direction. */
+.certificate-tabs:dir(rtl) > .tab:first-of-type,
+.certificate-tabs:dir(ltr) > .tab:last-of-type {
+ border-top-right-radius: 4px;
+}
+
+.certificate-tabs:dir(ltr) > .tab:first-of-type,
+.certificate-tabs:dir(rtl) > .tab:last-of-type {
+ border-top-left-radius: 4px;
+}
+
+.certificate-tab:focus-visible {
+ z-index: 1;
+ outline: 2px solid var(--in-content-focus-outline-color);
+}
+
+.tab:hover {
+ border-bottom-color: var(--in-content-border-color);
+}
+
+.tab.selected {
+ border-bottom-color: currentColor;
+ color: var(--in-content-accent-color);
+ text-overflow: unset;
+ overflow: visible;
+}
diff --git a/toolkit/components/certviewer/content/components/certificate-section.mjs b/toolkit/components/certviewer/content/components/certificate-section.mjs
new file mode 100644
index 0000000000..464232c089
--- /dev/null
+++ b/toolkit/components/certviewer/content/components/certificate-section.mjs
@@ -0,0 +1,91 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { ErrorSection } from "./error-section.mjs";
+import { InfoGroupContainer } from "./info-group-container.mjs";
+import { CertificateTabsSection } from "./certificate-tabs-section.mjs";
+
+class CertificateSection extends HTMLElement {
+ constructor(certs, error) {
+ super();
+ this.certs = certs;
+ this.error = error;
+ }
+
+ connectedCallback() {
+ let template = document.getElementById("certificate-section-template");
+ let templateHtml = template.content.cloneNode(true);
+
+ this.attachShadow({ mode: "open" }).appendChild(templateHtml);
+
+ document.l10n.connectRoot(this.shadowRoot);
+ document.l10n.translateFragment(this.shadowRoot);
+
+ this.certificateTabsSection = new CertificateTabsSection();
+ this.shadowRoot.appendChild(this.certificateTabsSection.tabsElement);
+ this.infoGroupsContainers = new InfoGroupContainer();
+
+ this.render();
+ }
+
+ render() {
+ let title = this.shadowRoot.querySelector(".title");
+ title.setAttribute(
+ "data-l10n-id",
+ "certificate-viewer-certificate-section-title"
+ );
+
+ if (this.error) {
+ title.classList.add("error");
+ this.certificateTabsSection.appendChild(new ErrorSection());
+ return;
+ }
+ let final = false;
+ for (let i = 0; i < this.certs.length; i++) {
+ if (i === this.certs.length - 1) {
+ final = true;
+ }
+ this.infoGroupsContainers.createInfoGroupsContainers(
+ this.certs[i].certItems,
+ i,
+ final
+ );
+ this.shadowRoot.appendChild(
+ this.infoGroupsContainers.infoGroupsContainers[i]
+ );
+ this.certificateTabsSection.createTabSection(this.certs[i].tabName, i);
+ this.infoGroupsContainers.addClass("selected", 0);
+ }
+ this.setAccessibilityEventListeners();
+ this.addClassForPadding();
+ }
+
+ // Adds class selector for items that need padding,
+ // as nth-child/parent-based selectors aren't supported
+ // due to the encapsulation of custom-element CSS.
+ addClassForPadding() {
+ let embeddedScts = this.shadowRoot.querySelector(".embedded-scts");
+ if (!embeddedScts) {
+ return;
+ }
+ let items = embeddedScts.shadowRoot.querySelectorAll(".timestamp");
+
+ for (let i = 0; i < items.length; i++) {
+ items[i].classList.add("padding");
+ }
+ }
+
+ setAccessibilityEventListeners() {
+ this.certificateTabsSection.setAccessibilityEventListeners();
+ }
+
+ updateSelectedTab(index) {
+ this.certificateTabsSection.updateSelectedTab(index);
+ }
+
+ updateCertificateSource(index) {
+ this.infoGroupsContainers.updateCertificateSource(index);
+ }
+}
+customElements.define("certificate-section", CertificateSection);
diff --git a/toolkit/components/certviewer/content/components/certificate-tabs-section.mjs b/toolkit/components/certviewer/content/components/certificate-tabs-section.mjs
new file mode 100644
index 0000000000..e47f9cd627
--- /dev/null
+++ b/toolkit/components/certviewer/content/components/certificate-tabs-section.mjs
@@ -0,0 +1,123 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { normalizeToKebabCase } from "./utils.mjs";
+import { updateSelectedItem } from "../certviewer.mjs";
+
+export class CertificateTabsSection extends HTMLElement {
+ constructor(isAboutCertificate) {
+ super();
+ this.isAboutCertificate = isAboutCertificate || false;
+ this.connectedCallback();
+ }
+
+ connectedCallback() {
+ let certificateTabsTemplate = document.getElementById(
+ "certificate-tabs-template"
+ );
+ this.attachShadow({ mode: "open" }).appendChild(
+ certificateTabsTemplate.content.cloneNode(true)
+ );
+ this.render();
+ }
+
+ render() {
+ this.tabsElement = this.shadowRoot.querySelector(".certificate-tabs");
+ }
+
+ appendChild(child) {
+ this.tabsElement.appendChild(child);
+ }
+
+ createTabSection(tabName, i) {
+ let tab = document.createElement("button");
+ if (tabName) {
+ tab.textContent = tabName;
+ } else {
+ tab.setAttribute(
+ "data-l10n-id",
+ "certificate-viewer-unknown-group-label"
+ );
+ }
+ tab.setAttribute("id", normalizeToKebabCase(tabName));
+ tab.setAttribute("aria-controls", "panel" + i);
+ tab.setAttribute("idnumber", i);
+ tab.setAttribute("role", "tab");
+ tab.classList.add("certificate-tab");
+ tab.classList.add("tab");
+ if (this.isAboutCertificate) {
+ tab.setAttribute("data-l10n-id", tabName);
+ } else {
+ // Display tabs on `about:certificate?cert=` pages as dir=auto
+ // to avoid text like `mozilla.org.*` in RTL.
+ // Not needed in the standalone version of about:certificate
+ // because the tab text there should be localized.
+ tab.dir = "auto";
+ }
+ this.tabsElement.appendChild(tab);
+
+ // If it is the first tab, allow it to be tabbable by the user.
+ // If it isn't the first tab, do not allow tab functionality,
+ // as arrow functionality is implemented in certviewer.mjs.
+ if (i === 0) {
+ tab.classList.add("selected");
+ tab.setAttribute("tabindex", 0);
+ } else {
+ tab.setAttribute("tabindex", -1);
+ }
+ }
+
+ updateSelectedTab(index) {
+ let tabs = this.tabsElement.querySelectorAll(".certificate-tab");
+
+ for (let tab of tabs) {
+ tab.classList.remove("selected");
+ }
+ tabs[index].classList.add("selected");
+ }
+
+ /* Information on setAccessibilityEventListeners() can be found
+ * at https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Roles/Tab_Role */
+ setAccessibilityEventListeners() {
+ let tabs = this.tabsElement.querySelectorAll('[role="tab"]');
+
+ // Add a click event handler to each tab
+ for (let tab of tabs) {
+ tab.addEventListener("click", e =>
+ updateSelectedItem(e.target.getAttribute("idnumber"))
+ );
+ }
+
+ // Enable arrow navigation between tabs in the tab list
+ let tabFocus = 0;
+
+ this.tabsElement.addEventListener("keydown", e => {
+ // Move right
+ if (e.keyCode === 39 || e.keyCode === 37) {
+ // After navigating away from the current tab,
+ // prevent that tab from being tabbable -
+ // so as to only allow arrow navigation within the tablist.
+ tabs[tabFocus].setAttribute("tabindex", -1);
+ if (e.keyCode === 39) {
+ tabFocus++;
+ // If we're at the end, go to the start
+ if (tabFocus > tabs.length - 1) {
+ tabFocus = 0;
+ }
+ // Move left
+ } else if (e.keyCode === 37) {
+ tabFocus--;
+ // If we're at the start, move to the end
+ if (tabFocus < 0) {
+ tabFocus = tabs.length;
+ }
+ }
+ tabs[tabFocus].setAttribute("tabindex", 0);
+ tabs[tabFocus].focus();
+ }
+ });
+ }
+}
+
+customElements.define("certificate-tabs-section", CertificateTabsSection);
diff --git a/toolkit/components/certviewer/content/components/error-section.css b/toolkit/components/certviewer/content/components/error-section.css
new file mode 100644
index 0000000000..e2bd98f6cc
--- /dev/null
+++ b/toolkit/components/certviewer/content/components/error-section.css
@@ -0,0 +1,27 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+:host {
+ background-image: url("chrome://global/skin/illustrations/error-malformed-url.svg");
+ min-height: 300px;
+ background-repeat: no-repeat;
+ padding-inline-start: 30%;
+ display: flex;
+ flex-direction: column;
+ justify-content: center;
+ margin: 0 auto;
+ max-width: 500px;
+ background-size: 30%;
+ background-position: left center;
+}
+
+:host(:dir(rtl)) {
+ background-position-x: right;
+}
+
+h1 {
+ text-align: center;
+ font-size: 2.5em;
+ font-weight: lighter;
+}
diff --git a/toolkit/components/certviewer/content/components/error-section.mjs b/toolkit/components/certviewer/content/components/error-section.mjs
new file mode 100644
index 0000000000..80a16b7684
--- /dev/null
+++ b/toolkit/components/certviewer/content/components/error-section.mjs
@@ -0,0 +1,31 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+export class ErrorSection extends HTMLElement {
+ constructor() {
+ super();
+ }
+
+ connectedCallback() {
+ let template = document.getElementById("error-section-template");
+ let templateHtml = template.content.cloneNode(true);
+
+ this.attachShadow({ mode: "open" }).appendChild(templateHtml);
+
+ document.l10n.connectRoot(this.shadowRoot);
+ this.render();
+ }
+
+ render() {
+ let title = this.shadowRoot.querySelector(".title");
+ title.setAttribute("data-l10n-id", "certificate-viewer-error-title");
+
+ let errorMessage = this.shadowRoot.querySelector(".error");
+ errorMessage.setAttribute(
+ "data-l10n-id",
+ "certificate-viewer-error-message"
+ );
+ }
+}
+customElements.define("error-section", ErrorSection);
diff --git a/toolkit/components/certviewer/content/components/info-group-container.mjs b/toolkit/components/certviewer/content/components/info-group-container.mjs
new file mode 100644
index 0000000000..feca2f905b
--- /dev/null
+++ b/toolkit/components/certviewer/content/components/info-group-container.mjs
@@ -0,0 +1,65 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { InfoGroup } from "./info-group.mjs";
+import { AboutCertificateItems } from "./about-certificate-items.mjs";
+
+export class InfoGroupContainer extends HTMLElement {
+ constructor(isAboutCertificate = false) {
+ super();
+ this.infoGroupsContainers = [];
+ this.isAboutCertificate = isAboutCertificate;
+ }
+
+ connectedCallback() {
+ let infoGroupContainerTemplate = document.getElementById(
+ "info-groups-template"
+ );
+ this.attachShadow({ mode: "open" }).appendChild(
+ infoGroupContainerTemplate.content.cloneNode(true)
+ );
+ this.render();
+ }
+
+ render() {}
+
+ createInfoGroupsContainers(certArray, i, final, certData = []) {
+ this.infoGroupsContainers[i] = document.createElement("div");
+ this.infoGroupsContainers[i].setAttribute("id", "panel" + i);
+ this.infoGroupsContainers[i].setAttribute("role", "tabpanel");
+ this.infoGroupsContainers[i].setAttribute("tabindex", 0);
+ this.infoGroupsContainers[i].setAttribute("aria-labelledby", "tab" + i);
+ // Hiding all the certificzte contents except for the first tab that is
+ // selected and shown by default
+ if (i !== 0) {
+ this.infoGroupsContainers[i].hidden = true;
+ }
+ this.infoGroupsContainers[i].classList.add("info-groups");
+
+ if (this.isAboutCertificate) {
+ this.infoGroupsContainers[i].appendChild(
+ new AboutCertificateItems(certData.name, certData.data)
+ );
+ } else {
+ for (let j = 0; j < certArray.length; j++) {
+ this.infoGroupsContainers[i].appendChild(
+ new InfoGroup(certArray[j], final)
+ );
+ }
+ }
+ }
+
+ addClass(className, index) {
+ this.infoGroupsContainers[index].classList.add(className);
+ }
+
+ updateCertificateSource(index) {
+ for (let i = 0; i < this.infoGroupsContainers.length; i++) {
+ this.infoGroupsContainers[i].classList.remove("selected");
+ }
+ this.infoGroupsContainers[index].classList.add("selected");
+ }
+}
+
+customElements.define("info-group-container", InfoGroupContainer);
diff --git a/toolkit/components/certviewer/content/components/info-group.css b/toolkit/components/certviewer/content/components/info-group.css
new file mode 100644
index 0000000000..03e71d7723
--- /dev/null
+++ b/toolkit/components/certviewer/content/components/info-group.css
@@ -0,0 +1,38 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+:host {
+ display: grid;
+ grid-template-columns: minmax(8em, 25%) minmax(50%, 75%);
+ grid-gap: 0 2em;
+ padding: 1.75em 30px;
+ align-items: center;
+ border-top: 1px solid var(--in-content-border-color);
+}
+
+:host(:first-of-type) {
+ border-top: none;
+}
+
+.info-group-title {
+ margin: 0;
+ text-align: end;
+ font-weight: 700;
+ color: var(--in-content-text-color);
+ font-size: 1em;
+ vertical-align: middle;
+}
+
+#critical-info {
+ -moz-context-properties: fill;
+ fill: currentColor;
+ height: 16px;
+ width: 16px;
+ vertical-align: middle;
+}
+
+.extension {
+ text-align: end;
+ margin-block-end: 1em;
+}
diff --git a/toolkit/components/certviewer/content/components/info-group.mjs b/toolkit/components/certviewer/content/components/info-group.mjs
new file mode 100644
index 0000000000..33ad773d4d
--- /dev/null
+++ b/toolkit/components/certviewer/content/components/info-group.mjs
@@ -0,0 +1,91 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { InfoItem } from "./info-item.mjs";
+import { updateSelectedItem } from "../certviewer.mjs";
+import { normalizeToKebabCase } from "./utils.mjs";
+
+export class InfoGroup extends HTMLElement {
+ constructor(item, final) {
+ super();
+ this.item = item;
+ this.final = final;
+ }
+
+ connectedCallback() {
+ let infoGroupTemplate = document.getElementById("info-group-template");
+ this.attachShadow({ mode: "open" }).appendChild(
+ infoGroupTemplate.content.cloneNode(true)
+ );
+ document.l10n.connectRoot(this.shadowRoot);
+ document.l10n.translateFragment(this.shadowRoot);
+ this.render();
+ }
+
+ render() {
+ let title = this.shadowRoot.querySelector(".info-group-title");
+ title.setAttribute(
+ "data-l10n-id",
+ "certificate-viewer-" + this.item.sectionId
+ );
+
+ // Adds a class with the section title's name, to make
+ // it easier to find when highlighting errors.
+ this.classList.add(this.item.sectionId);
+ for (let i = 0; i < this.item.sectionItems.length; i++) {
+ this.shadowRoot.append(new InfoItem(this.item.sectionItems[i]));
+ }
+
+ if (this.item.sectionId === "issuer-name") {
+ this.setLinkToTab();
+ }
+
+ let criticalIcon = this.shadowRoot.querySelector("#critical-info");
+ if (!this.item.Critical) {
+ criticalIcon.style.display = "none";
+ }
+ }
+
+ setLinkToTab() {
+ if (this.final) {
+ return;
+ }
+
+ let issuerLabelElement =
+ this.shadowRoot.querySelector(".common-name") ||
+ this.shadowRoot.querySelector(".organizational-unit");
+
+ issuerLabelElement = issuerLabelElement?.shadowRoot.querySelector(".info");
+
+ if (!issuerLabelElement) {
+ return;
+ }
+
+ let link = document.createElement("a");
+ link.textContent = issuerLabelElement.textContent;
+ if (!link.textContent) {
+ link.setAttribute(
+ "data-l10n-id",
+ "certificate-viewer-unknown-group-label"
+ );
+ }
+ link.setAttribute("href", "#");
+
+ issuerLabelElement.textContent = "";
+ issuerLabelElement.appendChild(link);
+
+ link.addEventListener("click", () => {
+ let id = normalizeToKebabCase(link.textContent);
+ let issuerTab = document
+ .querySelector("certificate-section")
+ .shadowRoot.getElementById(id);
+
+ let index = issuerTab.getAttribute("idnumber");
+
+ updateSelectedItem(index);
+ });
+ }
+}
+
+customElements.define("info-group", InfoGroup);
diff --git a/toolkit/components/certviewer/content/components/info-item.css b/toolkit/components/certviewer/content/components/info-item.css
new file mode 100644
index 0000000000..b63452152c
--- /dev/null
+++ b/toolkit/components/certviewer/content/components/info-item.css
@@ -0,0 +1,69 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+:host {
+ line-height: 22px;
+ display: contents;
+ word-break: break-word;
+}
+
+:host * {
+ padding: 1px 0;
+}
+
+label {
+ text-align: end;
+ margin-inline-end: 0;
+ color: var(--text-color-deemphasized);
+ font-weight: 600;
+ font-size: 1em;
+}
+
+.hex {
+ overflow: hidden;
+ word-break: break-all;
+ text-overflow: ellipsis;
+ white-space: nowrap;
+}
+
+.download-link-chain {
+ margin: 0 5px;
+}
+
+.long-hex {
+ padding: 0;
+ border-block: 1px solid transparent;
+}
+
+.long-hex:hover {
+ border-block-color: var(--in-content-border-color);
+ background-color: var(--in-content-item-hover);
+ color: var(--in-content-item-hover-text);
+}
+
+.hex-open {
+ white-space: normal;
+}
+
+:host(.value) *,
+:host(.method) *,
+:host(.padding) * {
+ padding-bottom: 10px;
+}
+
+/* Elements that always need to be forced to LTR */
+.hex,
+:host(.dns-name) .info,
+.url {
+ direction: ltr;
+ text-align: match-parent;
+}
+
+/* Display some elements according to their text directionality */
+:host(.common-name) .info,
+:host(.name) .info,
+:host(.organization) .info {
+ unicode-bidi: plaintext;
+ text-align: match-parent;
+}
diff --git a/toolkit/components/certviewer/content/components/info-item.mjs b/toolkit/components/certviewer/content/components/info-item.mjs
new file mode 100644
index 0000000000..2e6619abbd
--- /dev/null
+++ b/toolkit/components/certviewer/content/components/info-item.mjs
@@ -0,0 +1,173 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { b64ToPEM, normalizeToKebabCase } from "./utils.mjs";
+
+export class InfoItem extends HTMLElement {
+ constructor(item) {
+ super();
+ this.item = item;
+ }
+
+ connectedCallback() {
+ let infoItemTemplate = document.getElementById("info-item-template");
+
+ this.attachShadow({ mode: "open" }).appendChild(
+ infoItemTemplate.content.cloneNode(true)
+ );
+
+ document.l10n.connectRoot(this.shadowRoot);
+ document.l10n.translateFragment(this.shadowRoot);
+
+ this.render();
+ }
+
+ handleTimeZone(infoElement) {
+ let localTime = this.item.info.local;
+ let UTCTime = this.item.info.utc;
+ infoElement.textContent = UTCTime;
+ infoElement.setAttribute("title", localTime);
+ }
+
+ addLongHexOverflow(info) {
+ info.classList.add("hex");
+
+ // For visual appeal, we want to collapse large hex values into single
+ // line items that can be clicked to expand.
+ // This function measures the size of the info item relative to its
+ // container and adds the "long-hex" class if it's overflowing. Since the
+ // container size changes on window resize this function is hooked up to
+ // a resize event listener.
+ function resize() {
+ if (info.classList.contains("hex-open")) {
+ info.classList.toggle("long-hex", true);
+ return;
+ }
+
+ // If the item is not currently drawn and we can't measure its dimensions
+ // then attach an observer that will measure it once it appears.
+ if (info.clientWidth <= 0) {
+ let observer = new IntersectionObserver(function ([
+ { intersectionRatio },
+ ]) {
+ if (intersectionRatio > 0) {
+ info.classList.toggle(
+ "long-hex",
+ info.scrollWidth > info.clientWidth
+ );
+ observer.unobserve(info);
+ }
+ },
+ {});
+
+ observer.observe(info);
+ }
+ info.classList.toggle("long-hex", info.scrollWidth > info.clientWidth);
+ }
+ window.addEventListener("resize", resize);
+ window.requestAnimationFrame(resize);
+
+ this.addEventListener("mouseup", () => {
+ // If a range of text is selected, don't toggle the class that
+ // hides/shows additional text.
+ if (
+ info.classList.contains("long-hex") &&
+ window.getSelection().type !== "Range"
+ ) {
+ info.classList.toggle("hex-open");
+ }
+ });
+ }
+
+ render() {
+ let label = this.shadowRoot.querySelector("label");
+ let labelId = this.item.labelId;
+
+ // Map specific elements to a different message ID, to allow updates to
+ // existing labels and avoid duplicates.
+ let stringMapping = {
+ signaturealgorithm: "signature-algorithm",
+ "rfc-822-name": "email-address",
+ };
+ let fluentID = stringMapping[labelId] || labelId;
+
+ label.setAttribute("data-l10n-id", "certificate-viewer-" + fluentID);
+
+ this.classList.add(labelId);
+
+ let info = this.shadowRoot.querySelector(".info");
+ if (this.item.info.hasOwnProperty("utc")) {
+ this.handleTimeZone(info);
+ return;
+ }
+ if (labelId === "other-name") {
+ info.setAttribute("data-l10n-id", "certificate-viewer-unsupported");
+ return;
+ }
+ if (typeof this.item.info === "boolean") {
+ document.l10n.setAttributes(info, "certificate-viewer-boolean", {
+ boolean: this.item.info,
+ });
+ } else {
+ info.textContent = Array.isArray(this.item.info)
+ ? this.item.info.join(", ")
+ : this.item.info;
+ }
+
+ this.classList.add(labelId);
+
+ if (this.item.isHex) {
+ this.addLongHexOverflow(info);
+ }
+
+ if (labelId === "download") {
+ this.setDownloadLinkInformation(info);
+ }
+ }
+
+ setDownloadLinkInformation(info) {
+ let link = document.createElement("a");
+ link.setAttribute("href", "data:," + this.item.info);
+ link.classList.add("download-link");
+
+ let url = new URL(document.URL);
+ let certArray = url.searchParams.getAll("cert");
+ let encodedCertArray = [];
+ for (let i = 0; i < certArray.length; i++) {
+ encodedCertArray.push(encodeURI(b64ToPEM(certArray[i])));
+ }
+ encodedCertArray = encodedCertArray.join("");
+
+ let chainLink = document.createElement("a");
+ chainLink.setAttribute("href", "data:," + encodedCertArray);
+ chainLink.classList.add("download-link");
+ chainLink.classList.add("download-link-chain");
+
+ info.textContent = "";
+ info.appendChild(link);
+ info.appendChild(chainLink);
+
+ let commonName = document
+ .querySelector("certificate-section")
+ .shadowRoot.querySelector(".subject-name")
+ .shadowRoot.querySelector(".common-name")
+ .shadowRoot.querySelector(".info");
+
+ let fileName = normalizeToKebabCase(commonName.textContent);
+
+ document.l10n.setAttributes(link, "certificate-viewer-download-pem", {
+ fileName,
+ });
+
+ document.l10n.setAttributes(
+ chainLink,
+ "certificate-viewer-download-pem-chain",
+ {
+ fileName,
+ }
+ );
+ }
+}
+
+customElements.define("info-item", InfoItem);
diff --git a/toolkit/components/certviewer/content/components/list-item.css b/toolkit/components/certviewer/content/components/list-item.css
new file mode 100644
index 0000000000..2d03edb63e
--- /dev/null
+++ b/toolkit/components/certviewer/content/components/list-item.css
@@ -0,0 +1,46 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+:host {
+ display: grid;
+ padding: 1em 0 1em;
+ border-block: 0.5px solid var(--in-content-border-color);
+ border-inline: 0.5px solid transparent;
+ position: relative;
+}
+
+:host(:hover) {
+ background-color: var(--in-content-item-hover);
+ color: var(--in-content-item-hover-text);
+ border-inline-color: var(--in-content-border-color);
+ cursor: pointer;
+}
+
+a {
+ text-decoration: none;
+ color: inherit;
+}
+
+.cert-url {
+ height: 100%;
+ width: 100%;
+ position: absolute;
+ align-items: center;
+ display: flex;
+}
+
+.cert-url > .item-name {
+ padding-inline-start: 0.8em;
+}
+
+.export {
+ position: absolute;
+ inset-inline-end: 2em;
+ align-self: center;
+ font-size: 1em;
+}
+
+.export a {
+ position: relative;
+}
diff --git a/toolkit/components/certviewer/content/components/list-item.mjs b/toolkit/components/certviewer/content/components/list-item.mjs
new file mode 100644
index 0000000000..820e8f964b
--- /dev/null
+++ b/toolkit/components/certviewer/content/components/list-item.mjs
@@ -0,0 +1,58 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { normalizeToKebabCase } from "./utils.mjs";
+
+export class ListItem extends HTMLElement {
+ constructor(item) {
+ super();
+ this.item = item;
+ }
+
+ connectedCallback() {
+ let ListItemTemplate = document.getElementById("list-item-template");
+
+ this.attachShadow({ mode: "open" }).appendChild(
+ ListItemTemplate.content.cloneNode(true)
+ );
+
+ document.l10n.translateFragment(this.shadowRoot);
+ document.l10n.connectRoot(this.shadowRoot);
+
+ this.render();
+ }
+
+ render() {
+ let label = this.shadowRoot.querySelector(".item-name");
+ label.textContent = this.item.displayName;
+
+ this.handleExport();
+
+ let link = this.shadowRoot.querySelector(".cert-url");
+ let derb64 = encodeURIComponent(this.item.derb64);
+ let url = `about:certificate?cert=${derb64}`;
+ link.setAttribute("href", url);
+ }
+
+ handleExport() {
+ let exportButton = this.shadowRoot.querySelector(".export");
+ // Wrap the Base64 string into lines of 64 characters,
+ // with CRLF line breaks (as specified in RFC 1421).
+ let wrapped = this.item.derb64.replace(/(\S{64}(?!$))/g, "$1\r\n");
+ let download =
+ "-----BEGIN CERTIFICATE-----\r\n" +
+ wrapped +
+ "\r\n-----END CERTIFICATE-----\r\n";
+
+ let element = document.createElement("a");
+ element.setAttribute("href", "data:," + encodeURI(download));
+ let fileName = normalizeToKebabCase(this.item.displayName);
+ document.l10n.setAttributes(element, "certificate-viewer-export", {
+ fileName,
+ });
+ exportButton.appendChild(element);
+ }
+}
+
+customElements.define("list-item", ListItem);
diff --git a/toolkit/components/certviewer/content/components/utils.mjs b/toolkit/components/certviewer/content/components/utils.mjs
new file mode 100644
index 0000000000..e7c5d258d0
--- /dev/null
+++ b/toolkit/components/certviewer/content/components/utils.mjs
@@ -0,0 +1,26 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+export const normalizeToKebabCase = string => {
+ let kebabString = string
+ // Turn all dots into dashes
+ .replace(/\./g, "-")
+ // Turn whitespace into dashes
+ .replace(/\s+/g, "-")
+ // Remove all non-characters or numbers
+ .replace(/[^a-z0-9\-]/gi, "")
+ // De-dupe dashes
+ .replace(/--/g, "-")
+ // Remove trailing and leading dashes
+ .replace(/^-/g, "")
+ .replace(/-$/g, "")
+ .toLowerCase();
+
+ return kebabString;
+};
+
+export const b64ToPEM = string => {
+ let wrapped = string.match(/.{1,64}/g).join("\r\n");
+ return `-----BEGIN CERTIFICATE-----\r\n${wrapped}\r\n-----END CERTIFICATE-----\r\n`;
+};
diff --git a/toolkit/components/certviewer/content/vendor/pkijs.js b/toolkit/components/certviewer/content/vendor/pkijs.js
new file mode 100644
index 0000000000..efee8d1e16
--- /dev/null
+++ b/toolkit/components/certviewer/content/vendor/pkijs.js
@@ -0,0 +1,24083 @@
+/*!
+ * Copyright (c) 2014, GlobalSign
+ * Copyright (c) 2015-2019, Peculiar Ventures
+ * All rights reserved.
+ *
+ * Author 2014-2019, Yury Strozhevsky
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright notice, this
+ * list of conditions and the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ *
+ * * Neither the name of the {organization} nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/*!
+ * MIT License
+ *
+ * Copyright (c) 2017-2022 Peculiar Ventures, LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ */
+
+const ARRAY_BUFFER_NAME = "[object ArrayBuffer]";
+class BufferSourceConverter {
+ static isArrayBuffer(data) {
+ return Object.prototype.toString.call(data) === ARRAY_BUFFER_NAME;
+ }
+ static toArrayBuffer(data) {
+ if (this.isArrayBuffer(data)) {
+ return data;
+ }
+ if (data.byteLength === data.buffer.byteLength) {
+ return data.buffer;
+ }
+ return this.toUint8Array(data).slice().buffer;
+ }
+ static toUint8Array(data) {
+ return this.toView(data, Uint8Array);
+ }
+ static toView(data, type) {
+ if (data.constructor === type) {
+ return data;
+ }
+ if (this.isArrayBuffer(data)) {
+ return new type(data);
+ }
+ if (this.isArrayBufferView(data)) {
+ return new type(data.buffer, data.byteOffset, data.byteLength);
+ }
+ throw new TypeError("The provided value is not of type '(ArrayBuffer or ArrayBufferView)'");
+ }
+ static isBufferSource(data) {
+ return this.isArrayBufferView(data)
+ || this.isArrayBuffer(data);
+ }
+ static isArrayBufferView(data) {
+ return ArrayBuffer.isView(data)
+ || (data && this.isArrayBuffer(data.buffer));
+ }
+ static isEqual(a, b) {
+ const aView = BufferSourceConverter.toUint8Array(a);
+ const bView = BufferSourceConverter.toUint8Array(b);
+ if (aView.length !== bView.byteLength) {
+ return false;
+ }
+ for (let i = 0; i < aView.length; i++) {
+ if (aView[i] !== bView[i]) {
+ return false;
+ }
+ }
+ return true;
+ }
+ static concat(...args) {
+ if (Array.isArray(args[0])) {
+ const buffers = args[0];
+ let size = 0;
+ for (const buffer of buffers) {
+ size += buffer.byteLength;
+ }
+ const res = new Uint8Array(size);
+ let offset = 0;
+ for (const buffer of buffers) {
+ const view = this.toUint8Array(buffer);
+ res.set(view, offset);
+ offset += view.length;
+ }
+ if (args[1]) {
+ return this.toView(res, args[1]);
+ }
+ return res.buffer;
+ }
+ else {
+ return this.concat(args);
+ }
+ }
+}
+
+class Utf8Converter {
+ static fromString(text) {
+ const s = unescape(encodeURIComponent(text));
+ const uintArray = new Uint8Array(s.length);
+ for (let i = 0; i < s.length; i++) {
+ uintArray[i] = s.charCodeAt(i);
+ }
+ return uintArray.buffer;
+ }
+ static toString(buffer) {
+ const buf = BufferSourceConverter.toUint8Array(buffer);
+ let encodedString = "";
+ for (let i = 0; i < buf.length; i++) {
+ encodedString += String.fromCharCode(buf[i]);
+ }
+ const decodedString = decodeURIComponent(escape(encodedString));
+ return decodedString;
+ }
+}
+class Utf16Converter {
+ static toString(buffer, littleEndian = false) {
+ const arrayBuffer = BufferSourceConverter.toArrayBuffer(buffer);
+ const dataView = new DataView(arrayBuffer);
+ let res = "";
+ for (let i = 0; i < arrayBuffer.byteLength; i += 2) {
+ const code = dataView.getUint16(i, littleEndian);
+ res += String.fromCharCode(code);
+ }
+ return res;
+ }
+ static fromString(text, littleEndian = false) {
+ const res = new ArrayBuffer(text.length * 2);
+ const dataView = new DataView(res);
+ for (let i = 0; i < text.length; i++) {
+ dataView.setUint16(i * 2, text.charCodeAt(i), littleEndian);
+ }
+ return res;
+ }
+}
+class Convert {
+ static isHex(data) {
+ return typeof data === "string"
+ && /^[a-z0-9]+$/i.test(data);
+ }
+ static isBase64(data) {
+ return typeof data === "string"
+ && /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/.test(data);
+ }
+ static isBase64Url(data) {
+ return typeof data === "string"
+ && /^[a-zA-Z0-9-_]+$/i.test(data);
+ }
+ static ToString(buffer, enc = "utf8") {
+ const buf = BufferSourceConverter.toUint8Array(buffer);
+ switch (enc.toLowerCase()) {
+ case "utf8":
+ return this.ToUtf8String(buf);
+ case "binary":
+ return this.ToBinary(buf);
+ case "hex":
+ return this.ToHex(buf);
+ case "base64":
+ return this.ToBase64(buf);
+ case "base64url":
+ return this.ToBase64Url(buf);
+ case "utf16le":
+ return Utf16Converter.toString(buf, true);
+ case "utf16":
+ case "utf16be":
+ return Utf16Converter.toString(buf);
+ default:
+ throw new Error(`Unknown type of encoding '${enc}'`);
+ }
+ }
+ static FromString(str, enc = "utf8") {
+ if (!str) {
+ return new ArrayBuffer(0);
+ }
+ switch (enc.toLowerCase()) {
+ case "utf8":
+ return this.FromUtf8String(str);
+ case "binary":
+ return this.FromBinary(str);
+ case "hex":
+ return this.FromHex(str);
+ case "base64":
+ return this.FromBase64(str);
+ case "base64url":
+ return this.FromBase64Url(str);
+ case "utf16le":
+ return Utf16Converter.fromString(str, true);
+ case "utf16":
+ case "utf16be":
+ return Utf16Converter.fromString(str);
+ default:
+ throw new Error(`Unknown type of encoding '${enc}'`);
+ }
+ }
+ static ToBase64(buffer) {
+ const buf = BufferSourceConverter.toUint8Array(buffer);
+ if (typeof btoa !== "undefined") {
+ const binary = this.ToString(buf, "binary");
+ return btoa(binary);
+ }
+ else {
+ return Buffer.from(buf).toString("base64");
+ }
+ }
+ static FromBase64(base64) {
+ const formatted = this.formatString(base64);
+ if (!formatted) {
+ return new ArrayBuffer(0);
+ }
+ if (!Convert.isBase64(formatted)) {
+ throw new TypeError("Argument 'base64Text' is not Base64 encoded");
+ }
+ if (typeof atob !== "undefined") {
+ return this.FromBinary(atob(formatted));
+ }
+ else {
+ return new Uint8Array(Buffer.from(formatted, "base64")).buffer;
+ }
+ }
+ static FromBase64Url(base64url) {
+ const formatted = this.formatString(base64url);
+ if (!formatted) {
+ return new ArrayBuffer(0);
+ }
+ if (!Convert.isBase64Url(formatted)) {
+ throw new TypeError("Argument 'base64url' is not Base64Url encoded");
+ }
+ return this.FromBase64(this.Base64Padding(formatted.replace(/\-/g, "+").replace(/\_/g, "/")));
+ }
+ static ToBase64Url(data) {
+ return this.ToBase64(data).replace(/\+/g, "-").replace(/\//g, "_").replace(/\=/g, "");
+ }
+ static FromUtf8String(text, encoding = Convert.DEFAULT_UTF8_ENCODING) {
+ switch (encoding) {
+ case "ascii":
+ return this.FromBinary(text);
+ case "utf8":
+ return Utf8Converter.fromString(text);
+ case "utf16":
+ case "utf16be":
+ return Utf16Converter.fromString(text);
+ case "utf16le":
+ case "usc2":
+ return Utf16Converter.fromString(text, true);
+ default:
+ throw new Error(`Unknown type of encoding '${encoding}'`);
+ }
+ }
+ static ToUtf8String(buffer, encoding = Convert.DEFAULT_UTF8_ENCODING) {
+ switch (encoding) {
+ case "ascii":
+ return this.ToBinary(buffer);
+ case "utf8":
+ return Utf8Converter.toString(buffer);
+ case "utf16":
+ case "utf16be":
+ return Utf16Converter.toString(buffer);
+ case "utf16le":
+ case "usc2":
+ return Utf16Converter.toString(buffer, true);
+ default:
+ throw new Error(`Unknown type of encoding '${encoding}'`);
+ }
+ }
+ static FromBinary(text) {
+ const stringLength = text.length;
+ const resultView = new Uint8Array(stringLength);
+ for (let i = 0; i < stringLength; i++) {
+ resultView[i] = text.charCodeAt(i);
+ }
+ return resultView.buffer;
+ }
+ static ToBinary(buffer) {
+ const buf = BufferSourceConverter.toUint8Array(buffer);
+ let res = "";
+ for (let i = 0; i < buf.length; i++) {
+ res += String.fromCharCode(buf[i]);
+ }
+ return res;
+ }
+ static ToHex(buffer) {
+ const buf = BufferSourceConverter.toUint8Array(buffer);
+ const splitter = "";
+ const res = [];
+ const len = buf.length;
+ for (let i = 0; i < len; i++) {
+ const char = buf[i].toString(16).padStart(2, "0");
+ res.push(char);
+ }
+ return res.join(splitter);
+ }
+ static FromHex(hexString) {
+ let formatted = this.formatString(hexString);
+ if (!formatted) {
+ return new ArrayBuffer(0);
+ }
+ if (!Convert.isHex(formatted)) {
+ throw new TypeError("Argument 'hexString' is not HEX encoded");
+ }
+ if (formatted.length % 2) {
+ formatted = `0${formatted}`;
+ }
+ const res = new Uint8Array(formatted.length / 2);
+ for (let i = 0; i < formatted.length; i = i + 2) {
+ const c = formatted.slice(i, i + 2);
+ res[i / 2] = parseInt(c, 16);
+ }
+ return res.buffer;
+ }
+ static ToUtf16String(buffer, littleEndian = false) {
+ return Utf16Converter.toString(buffer, littleEndian);
+ }
+ static FromUtf16String(text, littleEndian = false) {
+ return Utf16Converter.fromString(text, littleEndian);
+ }
+ static Base64Padding(base64) {
+ const padCount = 4 - (base64.length % 4);
+ if (padCount < 4) {
+ for (let i = 0; i < padCount; i++) {
+ base64 += "=";
+ }
+ }
+ return base64;
+ }
+ static formatString(data) {
+ return (data === null || data === void 0 ? void 0 : data.replace(/[\n\r\t ]/g, "")) || "";
+ }
+}
+Convert.DEFAULT_UTF8_ENCODING = "utf8";
+
+/*!
+ Copyright (c) Peculiar Ventures, LLC
+*/
+function getParametersValue(parameters, name, defaultValue) {
+ var _a;
+ if ((parameters instanceof Object) === false) {
+ return defaultValue;
+ }
+ return (_a = parameters[name]) !== null && _a !== void 0 ? _a : defaultValue;
+}
+function bufferToHexCodes(inputBuffer, inputOffset = 0, inputLength = (inputBuffer.byteLength - inputOffset), insertSpace = false) {
+ let result = "";
+ for (const item of (new Uint8Array(inputBuffer, inputOffset, inputLength))) {
+ const str = item.toString(16).toUpperCase();
+ if (str.length === 1) {
+ result += "0";
+ }
+ result += str;
+ if (insertSpace) {
+ result += " ";
+ }
+ }
+ return result.trim();
+}
+function utilFromBase(inputBuffer, inputBase) {
+ let result = 0;
+ if (inputBuffer.length === 1) {
+ return inputBuffer[0];
+ }
+ for (let i = (inputBuffer.length - 1); i >= 0; i--) {
+ result += inputBuffer[(inputBuffer.length - 1) - i] * Math.pow(2, inputBase * i);
+ }
+ return result;
+}
+function utilToBase(value, base, reserved = (-1)) {
+ const internalReserved = reserved;
+ let internalValue = value;
+ let result = 0;
+ let biggest = Math.pow(2, base);
+ for (let i = 1; i < 8; i++) {
+ if (value < biggest) {
+ let retBuf;
+ if (internalReserved < 0) {
+ retBuf = new ArrayBuffer(i);
+ result = i;
+ }
+ else {
+ if (internalReserved < i) {
+ return (new ArrayBuffer(0));
+ }
+ retBuf = new ArrayBuffer(internalReserved);
+ result = internalReserved;
+ }
+ const retView = new Uint8Array(retBuf);
+ for (let j = (i - 1); j >= 0; j--) {
+ const basis = Math.pow(2, j * base);
+ retView[result - j - 1] = Math.floor(internalValue / basis);
+ internalValue -= (retView[result - j - 1]) * basis;
+ }
+ return retBuf;
+ }
+ biggest *= Math.pow(2, base);
+ }
+ return new ArrayBuffer(0);
+}
+function utilConcatBuf(...buffers) {
+ let outputLength = 0;
+ let prevLength = 0;
+ for (const buffer of buffers) {
+ outputLength += buffer.byteLength;
+ }
+ const retBuf = new ArrayBuffer(outputLength);
+ const retView = new Uint8Array(retBuf);
+ for (const buffer of buffers) {
+ retView.set(new Uint8Array(buffer), prevLength);
+ prevLength += buffer.byteLength;
+ }
+ return retBuf;
+}
+function utilConcatView(...views) {
+ let outputLength = 0;
+ let prevLength = 0;
+ for (const view of views) {
+ outputLength += view.length;
+ }
+ const retBuf = new ArrayBuffer(outputLength);
+ const retView = new Uint8Array(retBuf);
+ for (const view of views) {
+ retView.set(view, prevLength);
+ prevLength += view.length;
+ }
+ return retView;
+}
+function utilDecodeTC() {
+ const buf = new Uint8Array(this.valueHex);
+ if (this.valueHex.byteLength >= 2) {
+ const condition1 = (buf[0] === 0xFF) && (buf[1] & 0x80);
+ const condition2 = (buf[0] === 0x00) && ((buf[1] & 0x80) === 0x00);
+ if (condition1 || condition2) {
+ this.warnings.push("Needlessly long format");
+ }
+ }
+ const bigIntBuffer = new ArrayBuffer(this.valueHex.byteLength);
+ const bigIntView = new Uint8Array(bigIntBuffer);
+ for (let i = 0; i < this.valueHex.byteLength; i++) {
+ bigIntView[i] = 0;
+ }
+ bigIntView[0] = (buf[0] & 0x80);
+ const bigInt = utilFromBase(bigIntView, 8);
+ const smallIntBuffer = new ArrayBuffer(this.valueHex.byteLength);
+ const smallIntView = new Uint8Array(smallIntBuffer);
+ for (let j = 0; j < this.valueHex.byteLength; j++) {
+ smallIntView[j] = buf[j];
+ }
+ smallIntView[0] &= 0x7F;
+ const smallInt = utilFromBase(smallIntView, 8);
+ return (smallInt - bigInt);
+}
+function utilEncodeTC(value) {
+ const modValue = (value < 0) ? (value * (-1)) : value;
+ let bigInt = 128;
+ for (let i = 1; i < 8; i++) {
+ if (modValue <= bigInt) {
+ if (value < 0) {
+ const smallInt = bigInt - modValue;
+ const retBuf = utilToBase(smallInt, 8, i);
+ const retView = new Uint8Array(retBuf);
+ retView[0] |= 0x80;
+ return retBuf;
+ }
+ let retBuf = utilToBase(modValue, 8, i);
+ let retView = new Uint8Array(retBuf);
+ if (retView[0] & 0x80) {
+ const tempBuf = retBuf.slice(0);
+ const tempView = new Uint8Array(tempBuf);
+ retBuf = new ArrayBuffer(retBuf.byteLength + 1);
+ retView = new Uint8Array(retBuf);
+ for (let k = 0; k < tempBuf.byteLength; k++) {
+ retView[k + 1] = tempView[k];
+ }
+ retView[0] = 0x00;
+ }
+ return retBuf;
+ }
+ bigInt *= Math.pow(2, 8);
+ }
+ return (new ArrayBuffer(0));
+}
+function isEqualBuffer(inputBuffer1, inputBuffer2) {
+ if (inputBuffer1.byteLength !== inputBuffer2.byteLength) {
+ return false;
+ }
+ const view1 = new Uint8Array(inputBuffer1);
+ const view2 = new Uint8Array(inputBuffer2);
+ for (let i = 0; i < view1.length; i++) {
+ if (view1[i] !== view2[i]) {
+ return false;
+ }
+ }
+ return true;
+}
+function padNumber(inputNumber, fullLength) {
+ const str = inputNumber.toString(10);
+ if (fullLength < str.length) {
+ return "";
+ }
+ const dif = fullLength - str.length;
+ const padding = new Array(dif);
+ for (let i = 0; i < dif; i++) {
+ padding[i] = "0";
+ }
+ const paddingString = padding.join("");
+ return paddingString.concat(str);
+}
+const base64Template = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
+const base64UrlTemplate = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_=";
+function toBase64(input, useUrlTemplate = false, skipPadding = false, skipLeadingZeros = false) {
+ let i = 0;
+ let flag1 = 0;
+ let flag2 = 0;
+ let output = "";
+ const template = (useUrlTemplate) ? base64UrlTemplate : base64Template;
+ if (skipLeadingZeros) {
+ let nonZeroPosition = 0;
+ for (let i = 0; i < input.length; i++) {
+ if (input.charCodeAt(i) !== 0) {
+ nonZeroPosition = i;
+ break;
+ }
+ }
+ input = input.slice(nonZeroPosition);
+ }
+ while (i < input.length) {
+ const chr1 = input.charCodeAt(i++);
+ if (i >= input.length) {
+ flag1 = 1;
+ }
+ const chr2 = input.charCodeAt(i++);
+ if (i >= input.length) {
+ flag2 = 1;
+ }
+ const chr3 = input.charCodeAt(i++);
+ const enc1 = chr1 >> 2;
+ const enc2 = ((chr1 & 0x03) << 4) | (chr2 >> 4);
+ let enc3 = ((chr2 & 0x0F) << 2) | (chr3 >> 6);
+ let enc4 = chr3 & 0x3F;
+ if (flag1 === 1) {
+ enc3 = enc4 = 64;
+ }
+ else {
+ if (flag2 === 1) {
+ enc4 = 64;
+ }
+ }
+ if (skipPadding) {
+ if (enc3 === 64) {
+ output += `${template.charAt(enc1)}${template.charAt(enc2)}`;
+ }
+ else {
+ if (enc4 === 64) {
+ output += `${template.charAt(enc1)}${template.charAt(enc2)}${template.charAt(enc3)}`;
+ }
+ else {
+ output += `${template.charAt(enc1)}${template.charAt(enc2)}${template.charAt(enc3)}${template.charAt(enc4)}`;
+ }
+ }
+ }
+ else {
+ output += `${template.charAt(enc1)}${template.charAt(enc2)}${template.charAt(enc3)}${template.charAt(enc4)}`;
+ }
+ }
+ return output;
+}
+function fromBase64(input, useUrlTemplate = false, cutTailZeros = false) {
+ const template = (useUrlTemplate) ? base64UrlTemplate : base64Template;
+ function indexOf(toSearch) {
+ for (let i = 0; i < 64; i++) {
+ if (template.charAt(i) === toSearch)
+ return i;
+ }
+ return 64;
+ }
+ function test(incoming) {
+ return ((incoming === 64) ? 0x00 : incoming);
+ }
+ let i = 0;
+ let output = "";
+ while (i < input.length) {
+ const enc1 = indexOf(input.charAt(i++));
+ const enc2 = (i >= input.length) ? 0x00 : indexOf(input.charAt(i++));
+ const enc3 = (i >= input.length) ? 0x00 : indexOf(input.charAt(i++));
+ const enc4 = (i >= input.length) ? 0x00 : indexOf(input.charAt(i++));
+ const chr1 = (test(enc1) << 2) | (test(enc2) >> 4);
+ const chr2 = ((test(enc2) & 0x0F) << 4) | (test(enc3) >> 2);
+ const chr3 = ((test(enc3) & 0x03) << 6) | test(enc4);
+ output += String.fromCharCode(chr1);
+ if (enc3 !== 64) {
+ output += String.fromCharCode(chr2);
+ }
+ if (enc4 !== 64) {
+ output += String.fromCharCode(chr3);
+ }
+ }
+ if (cutTailZeros) {
+ const outputLength = output.length;
+ let nonZeroStart = (-1);
+ for (let i = (outputLength - 1); i >= 0; i--) {
+ if (output.charCodeAt(i) !== 0) {
+ nonZeroStart = i;
+ break;
+ }
+ }
+ if (nonZeroStart !== (-1)) {
+ output = output.slice(0, nonZeroStart + 1);
+ }
+ else {
+ output = "";
+ }
+ }
+ return output;
+}
+function arrayBufferToString(buffer) {
+ let resultString = "";
+ const view = new Uint8Array(buffer);
+ for (const element of view) {
+ resultString += String.fromCharCode(element);
+ }
+ return resultString;
+}
+function stringToArrayBuffer(str) {
+ const stringLength = str.length;
+ const resultBuffer = new ArrayBuffer(stringLength);
+ const resultView = new Uint8Array(resultBuffer);
+ for (let i = 0; i < stringLength; i++) {
+ resultView[i] = str.charCodeAt(i);
+ }
+ return resultBuffer;
+}
+const log2 = Math.log(2);
+function nearestPowerOf2(length) {
+ const base = (Math.log(length) / log2);
+ const floor = Math.floor(base);
+ const round = Math.round(base);
+ return ((floor === round) ? floor : round);
+}
+function clearProps(object, propsArray) {
+ for (const prop of propsArray) {
+ delete object[prop];
+ }
+}
+
+/*!
+ * Copyright (c) 2014, GMO GlobalSign
+ * Copyright (c) 2015-2022, Peculiar Ventures
+ * All rights reserved.
+ *
+ * Author 2014-2019, Yury Strozhevsky
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright notice, this
+ * list of conditions and the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ *
+ * * Neither the name of the copyright holder nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+function assertBigInt() {
+ if (typeof BigInt === "undefined") {
+ throw new Error("BigInt is not defined. Your environment doesn't implement BigInt.");
+ }
+}
+function concat(buffers) {
+ let outputLength = 0;
+ let prevLength = 0;
+ for (let i = 0; i < buffers.length; i++) {
+ const buffer = buffers[i];
+ outputLength += buffer.byteLength;
+ }
+ const retView = new Uint8Array(outputLength);
+ for (let i = 0; i < buffers.length; i++) {
+ const buffer = buffers[i];
+ retView.set(new Uint8Array(buffer), prevLength);
+ prevLength += buffer.byteLength;
+ }
+ return retView.buffer;
+}
+function checkBufferParams(baseBlock, inputBuffer, inputOffset, inputLength) {
+ if (!(inputBuffer instanceof Uint8Array)) {
+ baseBlock.error = "Wrong parameter: inputBuffer must be 'Uint8Array'";
+ return false;
+ }
+ if (!inputBuffer.byteLength) {
+ baseBlock.error = "Wrong parameter: inputBuffer has zero length";
+ return false;
+ }
+ if (inputOffset < 0) {
+ baseBlock.error = "Wrong parameter: inputOffset less than zero";
+ return false;
+ }
+ if (inputLength < 0) {
+ baseBlock.error = "Wrong parameter: inputLength less than zero";
+ return false;
+ }
+ if ((inputBuffer.byteLength - inputOffset - inputLength) < 0) {
+ baseBlock.error = "End of input reached before message was fully decoded (inconsistent offset and length values)";
+ return false;
+ }
+ return true;
+}
+
+class ViewWriter {
+ constructor() {
+ this.items = [];
+ }
+ write(buf) {
+ this.items.push(buf);
+ }
+ final() {
+ return concat(this.items);
+ }
+}
+
+const powers2 = [new Uint8Array([1])];
+const digitsString = "0123456789";
+const NAME = "name";
+const VALUE_HEX_VIEW = "valueHexView";
+const IS_HEX_ONLY = "isHexOnly";
+const ID_BLOCK = "idBlock";
+const TAG_CLASS = "tagClass";
+const TAG_NUMBER = "tagNumber";
+const IS_CONSTRUCTED = "isConstructed";
+const FROM_BER = "fromBER";
+const TO_BER = "toBER";
+const LOCAL = "local";
+const EMPTY_STRING$1 = "";
+const EMPTY_BUFFER$1 = new ArrayBuffer(0);
+const EMPTY_VIEW = new Uint8Array(0);
+const END_OF_CONTENT_NAME = "EndOfContent";
+const OCTET_STRING_NAME = "OCTET STRING";
+const BIT_STRING_NAME = "BIT STRING";
+
+function HexBlock(BaseClass) {
+ var _a;
+ return _a = class Some extends BaseClass {
+ constructor(...args) {
+ var _a;
+ super(...args);
+ const params = args[0] || {};
+ this.isHexOnly = (_a = params.isHexOnly) !== null && _a !== void 0 ? _a : false;
+ this.valueHexView = params.valueHex ? BufferSourceConverter.toUint8Array(params.valueHex) : EMPTY_VIEW;
+ }
+ get valueHex() {
+ return this.valueHexView.slice().buffer;
+ }
+ set valueHex(value) {
+ this.valueHexView = new Uint8Array(value);
+ }
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ const view = inputBuffer instanceof ArrayBuffer ? new Uint8Array(inputBuffer) : inputBuffer;
+ if (!checkBufferParams(this, view, inputOffset, inputLength)) {
+ return -1;
+ }
+ const endLength = inputOffset + inputLength;
+ this.valueHexView = view.subarray(inputOffset, endLength);
+ if (!this.valueHexView.length) {
+ this.warnings.push("Zero buffer length");
+ return inputOffset;
+ }
+ this.blockLength = inputLength;
+ return endLength;
+ }
+ toBER(sizeOnly = false) {
+ if (!this.isHexOnly) {
+ this.error = "Flag 'isHexOnly' is not set, abort";
+ return EMPTY_BUFFER$1;
+ }
+ if (sizeOnly) {
+ return new ArrayBuffer(this.valueHexView.byteLength);
+ }
+ return (this.valueHexView.byteLength === this.valueHexView.buffer.byteLength)
+ ? this.valueHexView.buffer
+ : this.valueHexView.slice().buffer;
+ }
+ toJSON() {
+ return {
+ ...super.toJSON(),
+ isHexOnly: this.isHexOnly,
+ valueHex: Convert.ToHex(this.valueHexView),
+ };
+ }
+ },
+ _a.NAME = "hexBlock",
+ _a;
+}
+
+class LocalBaseBlock {
+ constructor({ blockLength = 0, error = EMPTY_STRING$1, warnings = [], valueBeforeDecode = EMPTY_VIEW, } = {}) {
+ this.blockLength = blockLength;
+ this.error = error;
+ this.warnings = warnings;
+ this.valueBeforeDecodeView = BufferSourceConverter.toUint8Array(valueBeforeDecode);
+ }
+ static blockName() {
+ return this.NAME;
+ }
+ get valueBeforeDecode() {
+ return this.valueBeforeDecodeView.slice().buffer;
+ }
+ set valueBeforeDecode(value) {
+ this.valueBeforeDecodeView = new Uint8Array(value);
+ }
+ toJSON() {
+ return {
+ blockName: this.constructor.NAME,
+ blockLength: this.blockLength,
+ error: this.error,
+ warnings: this.warnings,
+ valueBeforeDecode: Convert.ToHex(this.valueBeforeDecodeView),
+ };
+ }
+}
+LocalBaseBlock.NAME = "baseBlock";
+
+class ValueBlock extends LocalBaseBlock {
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ throw TypeError("User need to make a specific function in a class which extends 'ValueBlock'");
+ }
+ toBER(sizeOnly, writer) {
+ throw TypeError("User need to make a specific function in a class which extends 'ValueBlock'");
+ }
+}
+ValueBlock.NAME = "valueBlock";
+
+class LocalIdentificationBlock extends HexBlock(LocalBaseBlock) {
+ constructor({ idBlock = {}, } = {}) {
+ var _a, _b, _c, _d;
+ super();
+ if (idBlock) {
+ this.isHexOnly = (_a = idBlock.isHexOnly) !== null && _a !== void 0 ? _a : false;
+ this.valueHexView = idBlock.valueHex ? BufferSourceConverter.toUint8Array(idBlock.valueHex) : EMPTY_VIEW;
+ this.tagClass = (_b = idBlock.tagClass) !== null && _b !== void 0 ? _b : -1;
+ this.tagNumber = (_c = idBlock.tagNumber) !== null && _c !== void 0 ? _c : -1;
+ this.isConstructed = (_d = idBlock.isConstructed) !== null && _d !== void 0 ? _d : false;
+ }
+ else {
+ this.tagClass = -1;
+ this.tagNumber = -1;
+ this.isConstructed = false;
+ }
+ }
+ toBER(sizeOnly = false) {
+ let firstOctet = 0;
+ switch (this.tagClass) {
+ case 1:
+ firstOctet |= 0x00;
+ break;
+ case 2:
+ firstOctet |= 0x40;
+ break;
+ case 3:
+ firstOctet |= 0x80;
+ break;
+ case 4:
+ firstOctet |= 0xC0;
+ break;
+ default:
+ this.error = "Unknown tag class";
+ return EMPTY_BUFFER$1;
+ }
+ if (this.isConstructed)
+ firstOctet |= 0x20;
+ if (this.tagNumber < 31 && !this.isHexOnly) {
+ const retView = new Uint8Array(1);
+ if (!sizeOnly) {
+ let number = this.tagNumber;
+ number &= 0x1F;
+ firstOctet |= number;
+ retView[0] = firstOctet;
+ }
+ return retView.buffer;
+ }
+ if (!this.isHexOnly) {
+ const encodedBuf = utilToBase(this.tagNumber, 7);
+ const encodedView = new Uint8Array(encodedBuf);
+ const size = encodedBuf.byteLength;
+ const retView = new Uint8Array(size + 1);
+ retView[0] = (firstOctet | 0x1F);
+ if (!sizeOnly) {
+ for (let i = 0; i < (size - 1); i++)
+ retView[i + 1] = encodedView[i] | 0x80;
+ retView[size] = encodedView[size - 1];
+ }
+ return retView.buffer;
+ }
+ const retView = new Uint8Array(this.valueHexView.byteLength + 1);
+ retView[0] = (firstOctet | 0x1F);
+ if (!sizeOnly) {
+ const curView = this.valueHexView;
+ for (let i = 0; i < (curView.length - 1); i++)
+ retView[i + 1] = curView[i] | 0x80;
+ retView[this.valueHexView.byteLength] = curView[curView.length - 1];
+ }
+ return retView.buffer;
+ }
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ const inputView = BufferSourceConverter.toUint8Array(inputBuffer);
+ if (!checkBufferParams(this, inputView, inputOffset, inputLength)) {
+ return -1;
+ }
+ const intBuffer = inputView.subarray(inputOffset, inputOffset + inputLength);
+ if (intBuffer.length === 0) {
+ this.error = "Zero buffer length";
+ return -1;
+ }
+ const tagClassMask = intBuffer[0] & 0xC0;
+ switch (tagClassMask) {
+ case 0x00:
+ this.tagClass = (1);
+ break;
+ case 0x40:
+ this.tagClass = (2);
+ break;
+ case 0x80:
+ this.tagClass = (3);
+ break;
+ case 0xC0:
+ this.tagClass = (4);
+ break;
+ default:
+ this.error = "Unknown tag class";
+ return -1;
+ }
+ this.isConstructed = (intBuffer[0] & 0x20) === 0x20;
+ this.isHexOnly = false;
+ const tagNumberMask = intBuffer[0] & 0x1F;
+ if (tagNumberMask !== 0x1F) {
+ this.tagNumber = (tagNumberMask);
+ this.blockLength = 1;
+ }
+ else {
+ let count = 1;
+ let intTagNumberBuffer = this.valueHexView = new Uint8Array(255);
+ let tagNumberBufferMaxLength = 255;
+ while (intBuffer[count] & 0x80) {
+ intTagNumberBuffer[count - 1] = intBuffer[count] & 0x7F;
+ count++;
+ if (count >= intBuffer.length) {
+ this.error = "End of input reached before message was fully decoded";
+ return -1;
+ }
+ if (count === tagNumberBufferMaxLength) {
+ tagNumberBufferMaxLength += 255;
+ const tempBufferView = new Uint8Array(tagNumberBufferMaxLength);
+ for (let i = 0; i < intTagNumberBuffer.length; i++)
+ tempBufferView[i] = intTagNumberBuffer[i];
+ intTagNumberBuffer = this.valueHexView = new Uint8Array(tagNumberBufferMaxLength);
+ }
+ }
+ this.blockLength = (count + 1);
+ intTagNumberBuffer[count - 1] = intBuffer[count] & 0x7F;
+ const tempBufferView = new Uint8Array(count);
+ for (let i = 0; i < count; i++)
+ tempBufferView[i] = intTagNumberBuffer[i];
+ intTagNumberBuffer = this.valueHexView = new Uint8Array(count);
+ intTagNumberBuffer.set(tempBufferView);
+ if (this.blockLength <= 9)
+ this.tagNumber = utilFromBase(intTagNumberBuffer, 7);
+ else {
+ this.isHexOnly = true;
+ this.warnings.push("Tag too long, represented as hex-coded");
+ }
+ }
+ if (((this.tagClass === 1)) &&
+ (this.isConstructed)) {
+ switch (this.tagNumber) {
+ case 1:
+ case 2:
+ case 5:
+ case 6:
+ case 9:
+ case 13:
+ case 14:
+ case 23:
+ case 24:
+ case 31:
+ case 32:
+ case 33:
+ case 34:
+ this.error = "Constructed encoding used for primitive type";
+ return -1;
+ }
+ }
+ return (inputOffset + this.blockLength);
+ }
+ toJSON() {
+ return {
+ ...super.toJSON(),
+ tagClass: this.tagClass,
+ tagNumber: this.tagNumber,
+ isConstructed: this.isConstructed,
+ };
+ }
+}
+LocalIdentificationBlock.NAME = "identificationBlock";
+
+class LocalLengthBlock extends LocalBaseBlock {
+ constructor({ lenBlock = {}, } = {}) {
+ var _a, _b, _c;
+ super();
+ this.isIndefiniteForm = (_a = lenBlock.isIndefiniteForm) !== null && _a !== void 0 ? _a : false;
+ this.longFormUsed = (_b = lenBlock.longFormUsed) !== null && _b !== void 0 ? _b : false;
+ this.length = (_c = lenBlock.length) !== null && _c !== void 0 ? _c : 0;
+ }
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ const view = BufferSourceConverter.toUint8Array(inputBuffer);
+ if (!checkBufferParams(this, view, inputOffset, inputLength)) {
+ return -1;
+ }
+ const intBuffer = view.subarray(inputOffset, inputOffset + inputLength);
+ if (intBuffer.length === 0) {
+ this.error = "Zero buffer length";
+ return -1;
+ }
+ if (intBuffer[0] === 0xFF) {
+ this.error = "Length block 0xFF is reserved by standard";
+ return -1;
+ }
+ this.isIndefiniteForm = intBuffer[0] === 0x80;
+ if (this.isIndefiniteForm) {
+ this.blockLength = 1;
+ return (inputOffset + this.blockLength);
+ }
+ this.longFormUsed = !!(intBuffer[0] & 0x80);
+ if (this.longFormUsed === false) {
+ this.length = (intBuffer[0]);
+ this.blockLength = 1;
+ return (inputOffset + this.blockLength);
+ }
+ const count = intBuffer[0] & 0x7F;
+ if (count > 8) {
+ this.error = "Too big integer";
+ return -1;
+ }
+ if ((count + 1) > intBuffer.length) {
+ this.error = "End of input reached before message was fully decoded";
+ return -1;
+ }
+ const lenOffset = inputOffset + 1;
+ const lengthBufferView = view.subarray(lenOffset, lenOffset + count);
+ if (lengthBufferView[count - 1] === 0x00)
+ this.warnings.push("Needlessly long encoded length");
+ this.length = utilFromBase(lengthBufferView, 8);
+ if (this.longFormUsed && (this.length <= 127))
+ this.warnings.push("Unnecessary usage of long length form");
+ this.blockLength = count + 1;
+ return (inputOffset + this.blockLength);
+ }
+ toBER(sizeOnly = false) {
+ let retBuf;
+ let retView;
+ if (this.length > 127)
+ this.longFormUsed = true;
+ if (this.isIndefiniteForm) {
+ retBuf = new ArrayBuffer(1);
+ if (sizeOnly === false) {
+ retView = new Uint8Array(retBuf);
+ retView[0] = 0x80;
+ }
+ return retBuf;
+ }
+ if (this.longFormUsed) {
+ const encodedBuf = utilToBase(this.length, 8);
+ if (encodedBuf.byteLength > 127) {
+ this.error = "Too big length";
+ return (EMPTY_BUFFER$1);
+ }
+ retBuf = new ArrayBuffer(encodedBuf.byteLength + 1);
+ if (sizeOnly)
+ return retBuf;
+ const encodedView = new Uint8Array(encodedBuf);
+ retView = new Uint8Array(retBuf);
+ retView[0] = encodedBuf.byteLength | 0x80;
+ for (let i = 0; i < encodedBuf.byteLength; i++)
+ retView[i + 1] = encodedView[i];
+ return retBuf;
+ }
+ retBuf = new ArrayBuffer(1);
+ if (sizeOnly === false) {
+ retView = new Uint8Array(retBuf);
+ retView[0] = this.length;
+ }
+ return retBuf;
+ }
+ toJSON() {
+ return {
+ ...super.toJSON(),
+ isIndefiniteForm: this.isIndefiniteForm,
+ longFormUsed: this.longFormUsed,
+ length: this.length,
+ };
+ }
+}
+LocalLengthBlock.NAME = "lengthBlock";
+
+const typeStore = {};
+
+class BaseBlock extends LocalBaseBlock {
+ constructor({ name = EMPTY_STRING$1, optional = false, primitiveSchema, ...parameters } = {}, valueBlockType) {
+ super(parameters);
+ this.name = name;
+ this.optional = optional;
+ if (primitiveSchema) {
+ this.primitiveSchema = primitiveSchema;
+ }
+ this.idBlock = new LocalIdentificationBlock(parameters);
+ this.lenBlock = new LocalLengthBlock(parameters);
+ this.valueBlock = valueBlockType ? new valueBlockType(parameters) : new ValueBlock(parameters);
+ }
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ const resultOffset = this.valueBlock.fromBER(inputBuffer, inputOffset, (this.lenBlock.isIndefiniteForm) ? inputLength : this.lenBlock.length);
+ if (resultOffset === -1) {
+ this.error = this.valueBlock.error;
+ return resultOffset;
+ }
+ if (!this.idBlock.error.length)
+ this.blockLength += this.idBlock.blockLength;
+ if (!this.lenBlock.error.length)
+ this.blockLength += this.lenBlock.blockLength;
+ if (!this.valueBlock.error.length)
+ this.blockLength += this.valueBlock.blockLength;
+ return resultOffset;
+ }
+ toBER(sizeOnly, writer) {
+ const _writer = writer || new ViewWriter();
+ if (!writer) {
+ prepareIndefiniteForm(this);
+ }
+ const idBlockBuf = this.idBlock.toBER(sizeOnly);
+ _writer.write(idBlockBuf);
+ if (this.lenBlock.isIndefiniteForm) {
+ _writer.write(new Uint8Array([0x80]).buffer);
+ this.valueBlock.toBER(sizeOnly, _writer);
+ _writer.write(new ArrayBuffer(2));
+ }
+ else {
+ const valueBlockBuf = this.valueBlock.toBER(sizeOnly);
+ this.lenBlock.length = valueBlockBuf.byteLength;
+ const lenBlockBuf = this.lenBlock.toBER(sizeOnly);
+ _writer.write(lenBlockBuf);
+ _writer.write(valueBlockBuf);
+ }
+ if (!writer) {
+ return _writer.final();
+ }
+ return EMPTY_BUFFER$1;
+ }
+ toJSON() {
+ const object = {
+ ...super.toJSON(),
+ idBlock: this.idBlock.toJSON(),
+ lenBlock: this.lenBlock.toJSON(),
+ valueBlock: this.valueBlock.toJSON(),
+ name: this.name,
+ optional: this.optional,
+ };
+ if (this.primitiveSchema)
+ object.primitiveSchema = this.primitiveSchema.toJSON();
+ return object;
+ }
+ toString(encoding = "ascii") {
+ if (encoding === "ascii") {
+ return this.onAsciiEncoding();
+ }
+ return Convert.ToHex(this.toBER());
+ }
+ onAsciiEncoding() {
+ return `${this.constructor.NAME} : ${Convert.ToHex(this.valueBlock.valueBeforeDecodeView)}`;
+ }
+ isEqual(other) {
+ if (this === other) {
+ return true;
+ }
+ if (!(other instanceof this.constructor)) {
+ return false;
+ }
+ const thisRaw = this.toBER();
+ const otherRaw = other.toBER();
+ return isEqualBuffer(thisRaw, otherRaw);
+ }
+}
+BaseBlock.NAME = "BaseBlock";
+function prepareIndefiniteForm(baseBlock) {
+ if (baseBlock instanceof typeStore.Constructed) {
+ for (const value of baseBlock.valueBlock.value) {
+ if (prepareIndefiniteForm(value)) {
+ baseBlock.lenBlock.isIndefiniteForm = true;
+ }
+ }
+ }
+ return !!baseBlock.lenBlock.isIndefiniteForm;
+}
+
+class BaseStringBlock extends BaseBlock {
+ constructor({ value = EMPTY_STRING$1, ...parameters } = {}, stringValueBlockType) {
+ super(parameters, stringValueBlockType);
+ if (value) {
+ this.fromString(value);
+ }
+ }
+ getValue() {
+ return this.valueBlock.value;
+ }
+ setValue(value) {
+ this.valueBlock.value = value;
+ }
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ const resultOffset = this.valueBlock.fromBER(inputBuffer, inputOffset, (this.lenBlock.isIndefiniteForm) ? inputLength : this.lenBlock.length);
+ if (resultOffset === -1) {
+ this.error = this.valueBlock.error;
+ return resultOffset;
+ }
+ this.fromBuffer(this.valueBlock.valueHexView);
+ if (!this.idBlock.error.length)
+ this.blockLength += this.idBlock.blockLength;
+ if (!this.lenBlock.error.length)
+ this.blockLength += this.lenBlock.blockLength;
+ if (!this.valueBlock.error.length)
+ this.blockLength += this.valueBlock.blockLength;
+ return resultOffset;
+ }
+ onAsciiEncoding() {
+ return `${this.constructor.NAME} : '${this.valueBlock.value}'`;
+ }
+}
+BaseStringBlock.NAME = "BaseStringBlock";
+
+class LocalPrimitiveValueBlock extends HexBlock(ValueBlock) {
+ constructor({ isHexOnly = true, ...parameters } = {}) {
+ super(parameters);
+ this.isHexOnly = isHexOnly;
+ }
+}
+LocalPrimitiveValueBlock.NAME = "PrimitiveValueBlock";
+
+var _a$w;
+class Primitive extends BaseBlock {
+ constructor(parameters = {}) {
+ super(parameters, LocalPrimitiveValueBlock);
+ this.idBlock.isConstructed = false;
+ }
+}
+_a$w = Primitive;
+(() => {
+ typeStore.Primitive = _a$w;
+})();
+Primitive.NAME = "PRIMITIVE";
+
+function localChangeType(inputObject, newType) {
+ if (inputObject instanceof newType) {
+ return inputObject;
+ }
+ const newObject = new newType();
+ newObject.idBlock = inputObject.idBlock;
+ newObject.lenBlock = inputObject.lenBlock;
+ newObject.warnings = inputObject.warnings;
+ newObject.valueBeforeDecodeView = inputObject.valueBeforeDecodeView;
+ return newObject;
+}
+function localFromBER(inputBuffer, inputOffset = 0, inputLength = inputBuffer.length) {
+ const incomingOffset = inputOffset;
+ let returnObject = new BaseBlock({}, ValueBlock);
+ const baseBlock = new LocalBaseBlock();
+ if (!checkBufferParams(baseBlock, inputBuffer, inputOffset, inputLength)) {
+ returnObject.error = baseBlock.error;
+ return {
+ offset: -1,
+ result: returnObject
+ };
+ }
+ const intBuffer = inputBuffer.subarray(inputOffset, inputOffset + inputLength);
+ if (!intBuffer.length) {
+ returnObject.error = "Zero buffer length";
+ return {
+ offset: -1,
+ result: returnObject
+ };
+ }
+ let resultOffset = returnObject.idBlock.fromBER(inputBuffer, inputOffset, inputLength);
+ if (returnObject.idBlock.warnings.length) {
+ returnObject.warnings.concat(returnObject.idBlock.warnings);
+ }
+ if (resultOffset === -1) {
+ returnObject.error = returnObject.idBlock.error;
+ return {
+ offset: -1,
+ result: returnObject
+ };
+ }
+ inputOffset = resultOffset;
+ inputLength -= returnObject.idBlock.blockLength;
+ resultOffset = returnObject.lenBlock.fromBER(inputBuffer, inputOffset, inputLength);
+ if (returnObject.lenBlock.warnings.length) {
+ returnObject.warnings.concat(returnObject.lenBlock.warnings);
+ }
+ if (resultOffset === -1) {
+ returnObject.error = returnObject.lenBlock.error;
+ return {
+ offset: -1,
+ result: returnObject
+ };
+ }
+ inputOffset = resultOffset;
+ inputLength -= returnObject.lenBlock.blockLength;
+ if (!returnObject.idBlock.isConstructed &&
+ returnObject.lenBlock.isIndefiniteForm) {
+ returnObject.error = "Indefinite length form used for primitive encoding form";
+ return {
+ offset: -1,
+ result: returnObject
+ };
+ }
+ let newASN1Type = BaseBlock;
+ switch (returnObject.idBlock.tagClass) {
+ case 1:
+ if ((returnObject.idBlock.tagNumber >= 37) &&
+ (returnObject.idBlock.isHexOnly === false)) {
+ returnObject.error = "UNIVERSAL 37 and upper tags are reserved by ASN.1 standard";
+ return {
+ offset: -1,
+ result: returnObject
+ };
+ }
+ switch (returnObject.idBlock.tagNumber) {
+ case 0:
+ if ((returnObject.idBlock.isConstructed) &&
+ (returnObject.lenBlock.length > 0)) {
+ returnObject.error = "Type [UNIVERSAL 0] is reserved";
+ return {
+ offset: -1,
+ result: returnObject
+ };
+ }
+ newASN1Type = typeStore.EndOfContent;
+ break;
+ case 1:
+ newASN1Type = typeStore.Boolean;
+ break;
+ case 2:
+ newASN1Type = typeStore.Integer;
+ break;
+ case 3:
+ newASN1Type = typeStore.BitString;
+ break;
+ case 4:
+ newASN1Type = typeStore.OctetString;
+ break;
+ case 5:
+ newASN1Type = typeStore.Null;
+ break;
+ case 6:
+ newASN1Type = typeStore.ObjectIdentifier;
+ break;
+ case 10:
+ newASN1Type = typeStore.Enumerated;
+ break;
+ case 12:
+ newASN1Type = typeStore.Utf8String;
+ break;
+ case 13:
+ newASN1Type = typeStore.RelativeObjectIdentifier;
+ break;
+ case 14:
+ newASN1Type = typeStore.TIME;
+ break;
+ case 15:
+ returnObject.error = "[UNIVERSAL 15] is reserved by ASN.1 standard";
+ return {
+ offset: -1,
+ result: returnObject
+ };
+ case 16:
+ newASN1Type = typeStore.Sequence;
+ break;
+ case 17:
+ newASN1Type = typeStore.Set;
+ break;
+ case 18:
+ newASN1Type = typeStore.NumericString;
+ break;
+ case 19:
+ newASN1Type = typeStore.PrintableString;
+ break;
+ case 20:
+ newASN1Type = typeStore.TeletexString;
+ break;
+ case 21:
+ newASN1Type = typeStore.VideotexString;
+ break;
+ case 22:
+ newASN1Type = typeStore.IA5String;
+ break;
+ case 23:
+ newASN1Type = typeStore.UTCTime;
+ break;
+ case 24:
+ newASN1Type = typeStore.GeneralizedTime;
+ break;
+ case 25:
+ newASN1Type = typeStore.GraphicString;
+ break;
+ case 26:
+ newASN1Type = typeStore.VisibleString;
+ break;
+ case 27:
+ newASN1Type = typeStore.GeneralString;
+ break;
+ case 28:
+ newASN1Type = typeStore.UniversalString;
+ break;
+ case 29:
+ newASN1Type = typeStore.CharacterString;
+ break;
+ case 30:
+ newASN1Type = typeStore.BmpString;
+ break;
+ case 31:
+ newASN1Type = typeStore.DATE;
+ break;
+ case 32:
+ newASN1Type = typeStore.TimeOfDay;
+ break;
+ case 33:
+ newASN1Type = typeStore.DateTime;
+ break;
+ case 34:
+ newASN1Type = typeStore.Duration;
+ break;
+ default: {
+ const newObject = returnObject.idBlock.isConstructed
+ ? new typeStore.Constructed()
+ : new typeStore.Primitive();
+ newObject.idBlock = returnObject.idBlock;
+ newObject.lenBlock = returnObject.lenBlock;
+ newObject.warnings = returnObject.warnings;
+ returnObject = newObject;
+ }
+ }
+ break;
+ case 2:
+ case 3:
+ case 4:
+ default: {
+ newASN1Type = returnObject.idBlock.isConstructed
+ ? typeStore.Constructed
+ : typeStore.Primitive;
+ }
+ }
+ returnObject = localChangeType(returnObject, newASN1Type);
+ resultOffset = returnObject.fromBER(inputBuffer, inputOffset, returnObject.lenBlock.isIndefiniteForm ? inputLength : returnObject.lenBlock.length);
+ returnObject.valueBeforeDecodeView = inputBuffer.subarray(incomingOffset, incomingOffset + returnObject.blockLength);
+ return {
+ offset: resultOffset,
+ result: returnObject
+ };
+}
+function fromBER(inputBuffer) {
+ if (!inputBuffer.byteLength) {
+ const result = new BaseBlock({}, ValueBlock);
+ result.error = "Input buffer has zero length";
+ return {
+ offset: -1,
+ result
+ };
+ }
+ return localFromBER(BufferSourceConverter.toUint8Array(inputBuffer).slice(), 0, inputBuffer.byteLength);
+}
+
+function checkLen(indefiniteLength, length) {
+ if (indefiniteLength) {
+ return 1;
+ }
+ return length;
+}
+class LocalConstructedValueBlock extends ValueBlock {
+ constructor({ value = [], isIndefiniteForm = false, ...parameters } = {}) {
+ super(parameters);
+ this.value = value;
+ this.isIndefiniteForm = isIndefiniteForm;
+ }
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ const view = BufferSourceConverter.toUint8Array(inputBuffer);
+ if (!checkBufferParams(this, view, inputOffset, inputLength)) {
+ return -1;
+ }
+ this.valueBeforeDecodeView = view.subarray(inputOffset, inputOffset + inputLength);
+ if (this.valueBeforeDecodeView.length === 0) {
+ this.warnings.push("Zero buffer length");
+ return inputOffset;
+ }
+ let currentOffset = inputOffset;
+ while (checkLen(this.isIndefiniteForm, inputLength) > 0) {
+ const returnObject = localFromBER(view, currentOffset, inputLength);
+ if (returnObject.offset === -1) {
+ this.error = returnObject.result.error;
+ this.warnings.concat(returnObject.result.warnings);
+ return -1;
+ }
+ currentOffset = returnObject.offset;
+ this.blockLength += returnObject.result.blockLength;
+ inputLength -= returnObject.result.blockLength;
+ this.value.push(returnObject.result);
+ if (this.isIndefiniteForm && returnObject.result.constructor.NAME === END_OF_CONTENT_NAME) {
+ break;
+ }
+ }
+ if (this.isIndefiniteForm) {
+ if (this.value[this.value.length - 1].constructor.NAME === END_OF_CONTENT_NAME) {
+ this.value.pop();
+ }
+ else {
+ this.warnings.push("No EndOfContent block encoded");
+ }
+ }
+ return currentOffset;
+ }
+ toBER(sizeOnly, writer) {
+ const _writer = writer || new ViewWriter();
+ for (let i = 0; i < this.value.length; i++) {
+ this.value[i].toBER(sizeOnly, _writer);
+ }
+ if (!writer) {
+ return _writer.final();
+ }
+ return EMPTY_BUFFER$1;
+ }
+ toJSON() {
+ const object = {
+ ...super.toJSON(),
+ isIndefiniteForm: this.isIndefiniteForm,
+ value: [],
+ };
+ for (const value of this.value) {
+ object.value.push(value.toJSON());
+ }
+ return object;
+ }
+}
+LocalConstructedValueBlock.NAME = "ConstructedValueBlock";
+
+var _a$v;
+class Constructed extends BaseBlock {
+ constructor(parameters = {}) {
+ super(parameters, LocalConstructedValueBlock);
+ this.idBlock.isConstructed = true;
+ }
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ this.valueBlock.isIndefiniteForm = this.lenBlock.isIndefiniteForm;
+ const resultOffset = this.valueBlock.fromBER(inputBuffer, inputOffset, (this.lenBlock.isIndefiniteForm) ? inputLength : this.lenBlock.length);
+ if (resultOffset === -1) {
+ this.error = this.valueBlock.error;
+ return resultOffset;
+ }
+ if (!this.idBlock.error.length)
+ this.blockLength += this.idBlock.blockLength;
+ if (!this.lenBlock.error.length)
+ this.blockLength += this.lenBlock.blockLength;
+ if (!this.valueBlock.error.length)
+ this.blockLength += this.valueBlock.blockLength;
+ return resultOffset;
+ }
+ onAsciiEncoding() {
+ const values = [];
+ for (const value of this.valueBlock.value) {
+ values.push(value.toString("ascii").split("\n").map(o => ` ${o}`).join("\n"));
+ }
+ const blockName = this.idBlock.tagClass === 3
+ ? `[${this.idBlock.tagNumber}]`
+ : this.constructor.NAME;
+ return values.length
+ ? `${blockName} :\n${values.join("\n")}`
+ : `${blockName} :`;
+ }
+}
+_a$v = Constructed;
+(() => {
+ typeStore.Constructed = _a$v;
+})();
+Constructed.NAME = "CONSTRUCTED";
+
+class LocalEndOfContentValueBlock extends ValueBlock {
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ return inputOffset;
+ }
+ toBER(sizeOnly) {
+ return EMPTY_BUFFER$1;
+ }
+}
+LocalEndOfContentValueBlock.override = "EndOfContentValueBlock";
+
+var _a$u;
+class EndOfContent extends BaseBlock {
+ constructor(parameters = {}) {
+ super(parameters, LocalEndOfContentValueBlock);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 0;
+ }
+}
+_a$u = EndOfContent;
+(() => {
+ typeStore.EndOfContent = _a$u;
+})();
+EndOfContent.NAME = END_OF_CONTENT_NAME;
+
+var _a$t;
+class Null extends BaseBlock {
+ constructor(parameters = {}) {
+ super(parameters, ValueBlock);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 5;
+ }
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ if (this.lenBlock.length > 0)
+ this.warnings.push("Non-zero length of value block for Null type");
+ if (!this.idBlock.error.length)
+ this.blockLength += this.idBlock.blockLength;
+ if (!this.lenBlock.error.length)
+ this.blockLength += this.lenBlock.blockLength;
+ this.blockLength += inputLength;
+ if ((inputOffset + inputLength) > inputBuffer.byteLength) {
+ this.error = "End of input reached before message was fully decoded (inconsistent offset and length values)";
+ return -1;
+ }
+ return (inputOffset + inputLength);
+ }
+ toBER(sizeOnly, writer) {
+ const retBuf = new ArrayBuffer(2);
+ if (!sizeOnly) {
+ const retView = new Uint8Array(retBuf);
+ retView[0] = 0x05;
+ retView[1] = 0x00;
+ }
+ if (writer) {
+ writer.write(retBuf);
+ }
+ return retBuf;
+ }
+ onAsciiEncoding() {
+ return `${this.constructor.NAME}`;
+ }
+}
+_a$t = Null;
+(() => {
+ typeStore.Null = _a$t;
+})();
+Null.NAME = "NULL";
+
+class LocalBooleanValueBlock extends HexBlock(ValueBlock) {
+ constructor({ value, ...parameters } = {}) {
+ super(parameters);
+ if (parameters.valueHex) {
+ this.valueHexView = BufferSourceConverter.toUint8Array(parameters.valueHex);
+ }
+ else {
+ this.valueHexView = new Uint8Array(1);
+ }
+ if (value) {
+ this.value = value;
+ }
+ }
+ get value() {
+ for (const octet of this.valueHexView) {
+ if (octet > 0) {
+ return true;
+ }
+ }
+ return false;
+ }
+ set value(value) {
+ this.valueHexView[0] = value ? 0xFF : 0x00;
+ }
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ const inputView = BufferSourceConverter.toUint8Array(inputBuffer);
+ if (!checkBufferParams(this, inputView, inputOffset, inputLength)) {
+ return -1;
+ }
+ this.valueHexView = inputView.subarray(inputOffset, inputOffset + inputLength);
+ if (inputLength > 1)
+ this.warnings.push("Boolean value encoded in more then 1 octet");
+ this.isHexOnly = true;
+ utilDecodeTC.call(this);
+ this.blockLength = inputLength;
+ return (inputOffset + inputLength);
+ }
+ toBER() {
+ return this.valueHexView.slice();
+ }
+ toJSON() {
+ return {
+ ...super.toJSON(),
+ value: this.value,
+ };
+ }
+}
+LocalBooleanValueBlock.NAME = "BooleanValueBlock";
+
+var _a$s;
+class Boolean extends BaseBlock {
+ constructor(parameters = {}) {
+ super(parameters, LocalBooleanValueBlock);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 1;
+ }
+ getValue() {
+ return this.valueBlock.value;
+ }
+ setValue(value) {
+ this.valueBlock.value = value;
+ }
+ onAsciiEncoding() {
+ return `${this.constructor.NAME} : ${this.getValue}`;
+ }
+}
+_a$s = Boolean;
+(() => {
+ typeStore.Boolean = _a$s;
+})();
+Boolean.NAME = "BOOLEAN";
+
+class LocalOctetStringValueBlock extends HexBlock(LocalConstructedValueBlock) {
+ constructor({ isConstructed = false, ...parameters } = {}) {
+ super(parameters);
+ this.isConstructed = isConstructed;
+ }
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ let resultOffset = 0;
+ if (this.isConstructed) {
+ this.isHexOnly = false;
+ resultOffset = LocalConstructedValueBlock.prototype.fromBER.call(this, inputBuffer, inputOffset, inputLength);
+ if (resultOffset === -1)
+ return resultOffset;
+ for (let i = 0; i < this.value.length; i++) {
+ const currentBlockName = this.value[i].constructor.NAME;
+ if (currentBlockName === END_OF_CONTENT_NAME) {
+ if (this.isIndefiniteForm)
+ break;
+ else {
+ this.error = "EndOfContent is unexpected, OCTET STRING may consists of OCTET STRINGs only";
+ return -1;
+ }
+ }
+ if (currentBlockName !== OCTET_STRING_NAME) {
+ this.error = "OCTET STRING may consists of OCTET STRINGs only";
+ return -1;
+ }
+ }
+ }
+ else {
+ this.isHexOnly = true;
+ resultOffset = super.fromBER(inputBuffer, inputOffset, inputLength);
+ this.blockLength = inputLength;
+ }
+ return resultOffset;
+ }
+ toBER(sizeOnly, writer) {
+ if (this.isConstructed)
+ return LocalConstructedValueBlock.prototype.toBER.call(this, sizeOnly, writer);
+ return sizeOnly
+ ? new ArrayBuffer(this.valueHexView.byteLength)
+ : this.valueHexView.slice().buffer;
+ }
+ toJSON() {
+ return {
+ ...super.toJSON(),
+ isConstructed: this.isConstructed,
+ };
+ }
+}
+LocalOctetStringValueBlock.NAME = "OctetStringValueBlock";
+
+var _a$r;
+class OctetString extends BaseBlock {
+ constructor({ idBlock = {}, lenBlock = {}, ...parameters } = {}) {
+ var _b, _c;
+ (_b = parameters.isConstructed) !== null && _b !== void 0 ? _b : (parameters.isConstructed = !!((_c = parameters.value) === null || _c === void 0 ? void 0 : _c.length));
+ super({
+ idBlock: {
+ isConstructed: parameters.isConstructed,
+ ...idBlock,
+ },
+ lenBlock: {
+ ...lenBlock,
+ isIndefiniteForm: !!parameters.isIndefiniteForm,
+ },
+ ...parameters,
+ }, LocalOctetStringValueBlock);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 4;
+ }
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ this.valueBlock.isConstructed = this.idBlock.isConstructed;
+ this.valueBlock.isIndefiniteForm = this.lenBlock.isIndefiniteForm;
+ if (inputLength === 0) {
+ if (this.idBlock.error.length === 0)
+ this.blockLength += this.idBlock.blockLength;
+ if (this.lenBlock.error.length === 0)
+ this.blockLength += this.lenBlock.blockLength;
+ return inputOffset;
+ }
+ if (!this.valueBlock.isConstructed) {
+ const view = inputBuffer instanceof ArrayBuffer ? new Uint8Array(inputBuffer) : inputBuffer;
+ const buf = view.subarray(inputOffset, inputOffset + inputLength);
+ try {
+ if (buf.byteLength) {
+ const asn = localFromBER(buf, 0, buf.byteLength);
+ if (asn.offset !== -1 && asn.offset === inputLength) {
+ this.valueBlock.value = [asn.result];
+ }
+ }
+ }
+ catch (e) {
+ }
+ }
+ return super.fromBER(inputBuffer, inputOffset, inputLength);
+ }
+ onAsciiEncoding() {
+ if (this.valueBlock.isConstructed || (this.valueBlock.value && this.valueBlock.value.length)) {
+ return Constructed.prototype.onAsciiEncoding.call(this);
+ }
+ return `${this.constructor.NAME} : ${Convert.ToHex(this.valueBlock.valueHexView)}`;
+ }
+ getValue() {
+ if (!this.idBlock.isConstructed) {
+ return this.valueBlock.valueHexView.slice().buffer;
+ }
+ const array = [];
+ for (const content of this.valueBlock.value) {
+ if (content instanceof OctetString) {
+ array.push(content.valueBlock.valueHexView);
+ }
+ }
+ return BufferSourceConverter.concat(array);
+ }
+}
+_a$r = OctetString;
+(() => {
+ typeStore.OctetString = _a$r;
+})();
+OctetString.NAME = OCTET_STRING_NAME;
+
+class LocalBitStringValueBlock extends HexBlock(LocalConstructedValueBlock) {
+ constructor({ unusedBits = 0, isConstructed = false, ...parameters } = {}) {
+ super(parameters);
+ this.unusedBits = unusedBits;
+ this.isConstructed = isConstructed;
+ this.blockLength = this.valueHexView.byteLength;
+ }
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ if (!inputLength) {
+ return inputOffset;
+ }
+ let resultOffset = -1;
+ if (this.isConstructed) {
+ resultOffset = LocalConstructedValueBlock.prototype.fromBER.call(this, inputBuffer, inputOffset, inputLength);
+ if (resultOffset === -1)
+ return resultOffset;
+ for (const value of this.value) {
+ const currentBlockName = value.constructor.NAME;
+ if (currentBlockName === END_OF_CONTENT_NAME) {
+ if (this.isIndefiniteForm)
+ break;
+ else {
+ this.error = "EndOfContent is unexpected, BIT STRING may consists of BIT STRINGs only";
+ return -1;
+ }
+ }
+ if (currentBlockName !== BIT_STRING_NAME) {
+ this.error = "BIT STRING may consists of BIT STRINGs only";
+ return -1;
+ }
+ const valueBlock = value.valueBlock;
+ if ((this.unusedBits > 0) && (valueBlock.unusedBits > 0)) {
+ this.error = "Using of \"unused bits\" inside constructive BIT STRING allowed for least one only";
+ return -1;
+ }
+ this.unusedBits = valueBlock.unusedBits;
+ }
+ return resultOffset;
+ }
+ const inputView = BufferSourceConverter.toUint8Array(inputBuffer);
+ if (!checkBufferParams(this, inputView, inputOffset, inputLength)) {
+ return -1;
+ }
+ const intBuffer = inputView.subarray(inputOffset, inputOffset + inputLength);
+ this.unusedBits = intBuffer[0];
+ if (this.unusedBits > 7) {
+ this.error = "Unused bits for BitString must be in range 0-7";
+ return -1;
+ }
+ if (!this.unusedBits) {
+ const buf = intBuffer.subarray(1);
+ try {
+ if (buf.byteLength) {
+ const asn = localFromBER(buf, 0, buf.byteLength);
+ if (asn.offset !== -1 && asn.offset === (inputLength - 1)) {
+ this.value = [asn.result];
+ }
+ }
+ }
+ catch (e) {
+ }
+ }
+ this.valueHexView = intBuffer.subarray(1);
+ this.blockLength = intBuffer.length;
+ return (inputOffset + inputLength);
+ }
+ toBER(sizeOnly, writer) {
+ if (this.isConstructed) {
+ return LocalConstructedValueBlock.prototype.toBER.call(this, sizeOnly, writer);
+ }
+ if (sizeOnly) {
+ return new ArrayBuffer(this.valueHexView.byteLength + 1);
+ }
+ if (!this.valueHexView.byteLength) {
+ return EMPTY_BUFFER$1;
+ }
+ const retView = new Uint8Array(this.valueHexView.length + 1);
+ retView[0] = this.unusedBits;
+ retView.set(this.valueHexView, 1);
+ return retView.buffer;
+ }
+ toJSON() {
+ return {
+ ...super.toJSON(),
+ unusedBits: this.unusedBits,
+ isConstructed: this.isConstructed,
+ };
+ }
+}
+LocalBitStringValueBlock.NAME = "BitStringValueBlock";
+
+var _a$q;
+class BitString extends BaseBlock {
+ constructor({ idBlock = {}, lenBlock = {}, ...parameters } = {}) {
+ var _b, _c;
+ (_b = parameters.isConstructed) !== null && _b !== void 0 ? _b : (parameters.isConstructed = !!((_c = parameters.value) === null || _c === void 0 ? void 0 : _c.length));
+ super({
+ idBlock: {
+ isConstructed: parameters.isConstructed,
+ ...idBlock,
+ },
+ lenBlock: {
+ ...lenBlock,
+ isIndefiniteForm: !!parameters.isIndefiniteForm,
+ },
+ ...parameters,
+ }, LocalBitStringValueBlock);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 3;
+ }
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ this.valueBlock.isConstructed = this.idBlock.isConstructed;
+ this.valueBlock.isIndefiniteForm = this.lenBlock.isIndefiniteForm;
+ return super.fromBER(inputBuffer, inputOffset, inputLength);
+ }
+ onAsciiEncoding() {
+ if (this.valueBlock.isConstructed || (this.valueBlock.value && this.valueBlock.value.length)) {
+ return Constructed.prototype.onAsciiEncoding.call(this);
+ }
+ else {
+ const bits = [];
+ const valueHex = this.valueBlock.valueHexView;
+ for (const byte of valueHex) {
+ bits.push(byte.toString(2).padStart(8, "0"));
+ }
+ const bitsStr = bits.join("");
+ return `${this.constructor.NAME} : ${bitsStr.substring(0, bitsStr.length - this.valueBlock.unusedBits)}`;
+ }
+ }
+}
+_a$q = BitString;
+(() => {
+ typeStore.BitString = _a$q;
+})();
+BitString.NAME = BIT_STRING_NAME;
+
+var _a$p;
+function viewAdd(first, second) {
+ const c = new Uint8Array([0]);
+ const firstView = new Uint8Array(first);
+ const secondView = new Uint8Array(second);
+ let firstViewCopy = firstView.slice(0);
+ const firstViewCopyLength = firstViewCopy.length - 1;
+ const secondViewCopy = secondView.slice(0);
+ const secondViewCopyLength = secondViewCopy.length - 1;
+ let value = 0;
+ const max = (secondViewCopyLength < firstViewCopyLength) ? firstViewCopyLength : secondViewCopyLength;
+ let counter = 0;
+ for (let i = max; i >= 0; i--, counter++) {
+ switch (true) {
+ case (counter < secondViewCopy.length):
+ value = firstViewCopy[firstViewCopyLength - counter] + secondViewCopy[secondViewCopyLength - counter] + c[0];
+ break;
+ default:
+ value = firstViewCopy[firstViewCopyLength - counter] + c[0];
+ }
+ c[0] = value / 10;
+ switch (true) {
+ case (counter >= firstViewCopy.length):
+ firstViewCopy = utilConcatView(new Uint8Array([value % 10]), firstViewCopy);
+ break;
+ default:
+ firstViewCopy[firstViewCopyLength - counter] = value % 10;
+ }
+ }
+ if (c[0] > 0)
+ firstViewCopy = utilConcatView(c, firstViewCopy);
+ return firstViewCopy;
+}
+function power2(n) {
+ if (n >= powers2.length) {
+ for (let p = powers2.length; p <= n; p++) {
+ const c = new Uint8Array([0]);
+ let digits = (powers2[p - 1]).slice(0);
+ for (let i = (digits.length - 1); i >= 0; i--) {
+ const newValue = new Uint8Array([(digits[i] << 1) + c[0]]);
+ c[0] = newValue[0] / 10;
+ digits[i] = newValue[0] % 10;
+ }
+ if (c[0] > 0)
+ digits = utilConcatView(c, digits);
+ powers2.push(digits);
+ }
+ }
+ return powers2[n];
+}
+function viewSub(first, second) {
+ let b = 0;
+ const firstView = new Uint8Array(first);
+ const secondView = new Uint8Array(second);
+ const firstViewCopy = firstView.slice(0);
+ const firstViewCopyLength = firstViewCopy.length - 1;
+ const secondViewCopy = secondView.slice(0);
+ const secondViewCopyLength = secondViewCopy.length - 1;
+ let value;
+ let counter = 0;
+ for (let i = secondViewCopyLength; i >= 0; i--, counter++) {
+ value = firstViewCopy[firstViewCopyLength - counter] - secondViewCopy[secondViewCopyLength - counter] - b;
+ switch (true) {
+ case (value < 0):
+ b = 1;
+ firstViewCopy[firstViewCopyLength - counter] = value + 10;
+ break;
+ default:
+ b = 0;
+ firstViewCopy[firstViewCopyLength - counter] = value;
+ }
+ }
+ if (b > 0) {
+ for (let i = (firstViewCopyLength - secondViewCopyLength + 1); i >= 0; i--, counter++) {
+ value = firstViewCopy[firstViewCopyLength - counter] - b;
+ if (value < 0) {
+ b = 1;
+ firstViewCopy[firstViewCopyLength - counter] = value + 10;
+ }
+ else {
+ b = 0;
+ firstViewCopy[firstViewCopyLength - counter] = value;
+ break;
+ }
+ }
+ }
+ return firstViewCopy.slice();
+}
+class LocalIntegerValueBlock extends HexBlock(ValueBlock) {
+ constructor({ value, ...parameters } = {}) {
+ super(parameters);
+ this._valueDec = 0;
+ if (parameters.valueHex) {
+ this.setValueHex();
+ }
+ if (value !== undefined) {
+ this.valueDec = value;
+ }
+ }
+ setValueHex() {
+ if (this.valueHexView.length >= 4) {
+ this.warnings.push("Too big Integer for decoding, hex only");
+ this.isHexOnly = true;
+ this._valueDec = 0;
+ }
+ else {
+ this.isHexOnly = false;
+ if (this.valueHexView.length > 0) {
+ this._valueDec = utilDecodeTC.call(this);
+ }
+ }
+ }
+ set valueDec(v) {
+ this._valueDec = v;
+ this.isHexOnly = false;
+ this.valueHexView = new Uint8Array(utilEncodeTC(v));
+ }
+ get valueDec() {
+ return this._valueDec;
+ }
+ fromDER(inputBuffer, inputOffset, inputLength, expectedLength = 0) {
+ const offset = this.fromBER(inputBuffer, inputOffset, inputLength);
+ if (offset === -1)
+ return offset;
+ const view = this.valueHexView;
+ if ((view[0] === 0x00) && ((view[1] & 0x80) !== 0)) {
+ this.valueHexView = view.subarray(1);
+ }
+ else {
+ if (expectedLength !== 0) {
+ if (view.length < expectedLength) {
+ if ((expectedLength - view.length) > 1)
+ expectedLength = view.length + 1;
+ this.valueHexView = view.subarray(expectedLength - view.length);
+ }
+ }
+ }
+ return offset;
+ }
+ toDER(sizeOnly = false) {
+ const view = this.valueHexView;
+ switch (true) {
+ case ((view[0] & 0x80) !== 0):
+ {
+ const updatedView = new Uint8Array(this.valueHexView.length + 1);
+ updatedView[0] = 0x00;
+ updatedView.set(view, 1);
+ this.valueHexView = updatedView;
+ }
+ break;
+ case ((view[0] === 0x00) && ((view[1] & 0x80) === 0)):
+ {
+ this.valueHexView = this.valueHexView.subarray(1);
+ }
+ break;
+ }
+ return this.toBER(sizeOnly);
+ }
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ const resultOffset = super.fromBER(inputBuffer, inputOffset, inputLength);
+ if (resultOffset === -1) {
+ return resultOffset;
+ }
+ this.setValueHex();
+ return resultOffset;
+ }
+ toBER(sizeOnly) {
+ return sizeOnly
+ ? new ArrayBuffer(this.valueHexView.length)
+ : this.valueHexView.slice().buffer;
+ }
+ toJSON() {
+ return {
+ ...super.toJSON(),
+ valueDec: this.valueDec,
+ };
+ }
+ toString() {
+ const firstBit = (this.valueHexView.length * 8) - 1;
+ let digits = new Uint8Array((this.valueHexView.length * 8) / 3);
+ let bitNumber = 0;
+ let currentByte;
+ const asn1View = this.valueHexView;
+ let result = "";
+ let flag = false;
+ for (let byteNumber = (asn1View.byteLength - 1); byteNumber >= 0; byteNumber--) {
+ currentByte = asn1View[byteNumber];
+ for (let i = 0; i < 8; i++) {
+ if ((currentByte & 1) === 1) {
+ switch (bitNumber) {
+ case firstBit:
+ digits = viewSub(power2(bitNumber), digits);
+ result = "-";
+ break;
+ default:
+ digits = viewAdd(digits, power2(bitNumber));
+ }
+ }
+ bitNumber++;
+ currentByte >>= 1;
+ }
+ }
+ for (let i = 0; i < digits.length; i++) {
+ if (digits[i])
+ flag = true;
+ if (flag)
+ result += digitsString.charAt(digits[i]);
+ }
+ if (flag === false)
+ result += digitsString.charAt(0);
+ return result;
+ }
+}
+_a$p = LocalIntegerValueBlock;
+LocalIntegerValueBlock.NAME = "IntegerValueBlock";
+(() => {
+ Object.defineProperty(_a$p.prototype, "valueHex", {
+ set: function (v) {
+ this.valueHexView = new Uint8Array(v);
+ this.setValueHex();
+ },
+ get: function () {
+ return this.valueHexView.slice().buffer;
+ },
+ });
+})();
+
+var _a$o;
+class Integer extends BaseBlock {
+ constructor(parameters = {}) {
+ super(parameters, LocalIntegerValueBlock);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 2;
+ }
+ toBigInt() {
+ assertBigInt();
+ return BigInt(this.valueBlock.toString());
+ }
+ static fromBigInt(value) {
+ assertBigInt();
+ const bigIntValue = BigInt(value);
+ const writer = new ViewWriter();
+ const hex = bigIntValue.toString(16).replace(/^-/, "");
+ const view = new Uint8Array(Convert.FromHex(hex));
+ if (bigIntValue < 0) {
+ const first = new Uint8Array(view.length + (view[0] & 0x80 ? 1 : 0));
+ first[0] |= 0x80;
+ const firstInt = BigInt(`0x${Convert.ToHex(first)}`);
+ const secondInt = firstInt + bigIntValue;
+ const second = BufferSourceConverter.toUint8Array(Convert.FromHex(secondInt.toString(16)));
+ second[0] |= 0x80;
+ writer.write(second);
+ }
+ else {
+ if (view[0] & 0x80) {
+ writer.write(new Uint8Array([0]));
+ }
+ writer.write(view);
+ }
+ const res = new Integer({
+ valueHex: writer.final(),
+ });
+ return res;
+ }
+ convertToDER() {
+ const integer = new Integer({ valueHex: this.valueBlock.valueHexView });
+ integer.valueBlock.toDER();
+ return integer;
+ }
+ convertFromDER() {
+ return new Integer({
+ valueHex: this.valueBlock.valueHexView[0] === 0
+ ? this.valueBlock.valueHexView.subarray(1)
+ : this.valueBlock.valueHexView,
+ });
+ }
+ onAsciiEncoding() {
+ return `${this.constructor.NAME} : ${this.valueBlock.toString()}`;
+ }
+}
+_a$o = Integer;
+(() => {
+ typeStore.Integer = _a$o;
+})();
+Integer.NAME = "INTEGER";
+
+var _a$n;
+class Enumerated extends Integer {
+ constructor(parameters = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 10;
+ }
+}
+_a$n = Enumerated;
+(() => {
+ typeStore.Enumerated = _a$n;
+})();
+Enumerated.NAME = "ENUMERATED";
+
+class LocalSidValueBlock extends HexBlock(ValueBlock) {
+ constructor({ valueDec = -1, isFirstSid = false, ...parameters } = {}) {
+ super(parameters);
+ this.valueDec = valueDec;
+ this.isFirstSid = isFirstSid;
+ }
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ if (!inputLength) {
+ return inputOffset;
+ }
+ const inputView = BufferSourceConverter.toUint8Array(inputBuffer);
+ if (!checkBufferParams(this, inputView, inputOffset, inputLength)) {
+ return -1;
+ }
+ const intBuffer = inputView.subarray(inputOffset, inputOffset + inputLength);
+ this.valueHexView = new Uint8Array(inputLength);
+ for (let i = 0; i < inputLength; i++) {
+ this.valueHexView[i] = intBuffer[i] & 0x7F;
+ this.blockLength++;
+ if ((intBuffer[i] & 0x80) === 0x00)
+ break;
+ }
+ const tempView = new Uint8Array(this.blockLength);
+ for (let i = 0; i < this.blockLength; i++) {
+ tempView[i] = this.valueHexView[i];
+ }
+ this.valueHexView = tempView;
+ if ((intBuffer[this.blockLength - 1] & 0x80) !== 0x00) {
+ this.error = "End of input reached before message was fully decoded";
+ return -1;
+ }
+ if (this.valueHexView[0] === 0x00)
+ this.warnings.push("Needlessly long format of SID encoding");
+ if (this.blockLength <= 8)
+ this.valueDec = utilFromBase(this.valueHexView, 7);
+ else {
+ this.isHexOnly = true;
+ this.warnings.push("Too big SID for decoding, hex only");
+ }
+ return (inputOffset + this.blockLength);
+ }
+ set valueBigInt(value) {
+ assertBigInt();
+ let bits = BigInt(value).toString(2);
+ while (bits.length % 7) {
+ bits = "0" + bits;
+ }
+ const bytes = new Uint8Array(bits.length / 7);
+ for (let i = 0; i < bytes.length; i++) {
+ bytes[i] = parseInt(bits.slice(i * 7, i * 7 + 7), 2) + (i + 1 < bytes.length ? 0x80 : 0);
+ }
+ this.fromBER(bytes.buffer, 0, bytes.length);
+ }
+ toBER(sizeOnly) {
+ if (this.isHexOnly) {
+ if (sizeOnly)
+ return (new ArrayBuffer(this.valueHexView.byteLength));
+ const curView = this.valueHexView;
+ const retView = new Uint8Array(this.blockLength);
+ for (let i = 0; i < (this.blockLength - 1); i++)
+ retView[i] = curView[i] | 0x80;
+ retView[this.blockLength - 1] = curView[this.blockLength - 1];
+ return retView.buffer;
+ }
+ const encodedBuf = utilToBase(this.valueDec, 7);
+ if (encodedBuf.byteLength === 0) {
+ this.error = "Error during encoding SID value";
+ return EMPTY_BUFFER$1;
+ }
+ const retView = new Uint8Array(encodedBuf.byteLength);
+ if (!sizeOnly) {
+ const encodedView = new Uint8Array(encodedBuf);
+ const len = encodedBuf.byteLength - 1;
+ for (let i = 0; i < len; i++)
+ retView[i] = encodedView[i] | 0x80;
+ retView[len] = encodedView[len];
+ }
+ return retView;
+ }
+ toString() {
+ let result = "";
+ if (this.isHexOnly)
+ result = Convert.ToHex(this.valueHexView);
+ else {
+ if (this.isFirstSid) {
+ let sidValue = this.valueDec;
+ if (this.valueDec <= 39)
+ result = "0.";
+ else {
+ if (this.valueDec <= 79) {
+ result = "1.";
+ sidValue -= 40;
+ }
+ else {
+ result = "2.";
+ sidValue -= 80;
+ }
+ }
+ result += sidValue.toString();
+ }
+ else
+ result = this.valueDec.toString();
+ }
+ return result;
+ }
+ toJSON() {
+ return {
+ ...super.toJSON(),
+ valueDec: this.valueDec,
+ isFirstSid: this.isFirstSid,
+ };
+ }
+}
+LocalSidValueBlock.NAME = "sidBlock";
+
+class LocalObjectIdentifierValueBlock extends ValueBlock {
+ constructor({ value = EMPTY_STRING$1, ...parameters } = {}) {
+ super(parameters);
+ this.value = [];
+ if (value) {
+ this.fromString(value);
+ }
+ }
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ let resultOffset = inputOffset;
+ while (inputLength > 0) {
+ const sidBlock = new LocalSidValueBlock();
+ resultOffset = sidBlock.fromBER(inputBuffer, resultOffset, inputLength);
+ if (resultOffset === -1) {
+ this.blockLength = 0;
+ this.error = sidBlock.error;
+ return resultOffset;
+ }
+ if (this.value.length === 0)
+ sidBlock.isFirstSid = true;
+ this.blockLength += sidBlock.blockLength;
+ inputLength -= sidBlock.blockLength;
+ this.value.push(sidBlock);
+ }
+ return resultOffset;
+ }
+ toBER(sizeOnly) {
+ const retBuffers = [];
+ for (let i = 0; i < this.value.length; i++) {
+ const valueBuf = this.value[i].toBER(sizeOnly);
+ if (valueBuf.byteLength === 0) {
+ this.error = this.value[i].error;
+ return EMPTY_BUFFER$1;
+ }
+ retBuffers.push(valueBuf);
+ }
+ return concat(retBuffers);
+ }
+ fromString(string) {
+ this.value = [];
+ let pos1 = 0;
+ let pos2 = 0;
+ let sid = "";
+ let flag = false;
+ do {
+ pos2 = string.indexOf(".", pos1);
+ if (pos2 === -1)
+ sid = string.substring(pos1);
+ else
+ sid = string.substring(pos1, pos2);
+ pos1 = pos2 + 1;
+ if (flag) {
+ const sidBlock = this.value[0];
+ let plus = 0;
+ switch (sidBlock.valueDec) {
+ case 0:
+ break;
+ case 1:
+ plus = 40;
+ break;
+ case 2:
+ plus = 80;
+ break;
+ default:
+ this.value = [];
+ return;
+ }
+ const parsedSID = parseInt(sid, 10);
+ if (isNaN(parsedSID))
+ return;
+ sidBlock.valueDec = parsedSID + plus;
+ flag = false;
+ }
+ else {
+ const sidBlock = new LocalSidValueBlock();
+ if (sid > Number.MAX_SAFE_INTEGER) {
+ assertBigInt();
+ const sidValue = BigInt(sid);
+ sidBlock.valueBigInt = sidValue;
+ }
+ else {
+ sidBlock.valueDec = parseInt(sid, 10);
+ if (isNaN(sidBlock.valueDec))
+ return;
+ }
+ if (!this.value.length) {
+ sidBlock.isFirstSid = true;
+ flag = true;
+ }
+ this.value.push(sidBlock);
+ }
+ } while (pos2 !== -1);
+ }
+ toString() {
+ let result = "";
+ let isHexOnly = false;
+ for (let i = 0; i < this.value.length; i++) {
+ isHexOnly = this.value[i].isHexOnly;
+ let sidStr = this.value[i].toString();
+ if (i !== 0)
+ result = `${result}.`;
+ if (isHexOnly) {
+ sidStr = `{${sidStr}}`;
+ if (this.value[i].isFirstSid)
+ result = `2.{${sidStr} - 80}`;
+ else
+ result += sidStr;
+ }
+ else
+ result += sidStr;
+ }
+ return result;
+ }
+ toJSON() {
+ const object = {
+ ...super.toJSON(),
+ value: this.toString(),
+ sidArray: [],
+ };
+ for (let i = 0; i < this.value.length; i++) {
+ object.sidArray.push(this.value[i].toJSON());
+ }
+ return object;
+ }
+}
+LocalObjectIdentifierValueBlock.NAME = "ObjectIdentifierValueBlock";
+
+var _a$m;
+class ObjectIdentifier extends BaseBlock {
+ constructor(parameters = {}) {
+ super(parameters, LocalObjectIdentifierValueBlock);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 6;
+ }
+ getValue() {
+ return this.valueBlock.toString();
+ }
+ setValue(value) {
+ this.valueBlock.fromString(value);
+ }
+ onAsciiEncoding() {
+ return `${this.constructor.NAME} : ${this.valueBlock.toString() || "empty"}`;
+ }
+ toJSON() {
+ return {
+ ...super.toJSON(),
+ value: this.getValue(),
+ };
+ }
+}
+_a$m = ObjectIdentifier;
+(() => {
+ typeStore.ObjectIdentifier = _a$m;
+})();
+ObjectIdentifier.NAME = "OBJECT IDENTIFIER";
+
+class LocalRelativeSidValueBlock extends HexBlock(LocalBaseBlock) {
+ constructor({ valueDec = 0, ...parameters } = {}) {
+ super(parameters);
+ this.valueDec = valueDec;
+ }
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ if (inputLength === 0)
+ return inputOffset;
+ const inputView = BufferSourceConverter.toUint8Array(inputBuffer);
+ if (!checkBufferParams(this, inputView, inputOffset, inputLength))
+ return -1;
+ const intBuffer = inputView.subarray(inputOffset, inputOffset + inputLength);
+ this.valueHexView = new Uint8Array(inputLength);
+ for (let i = 0; i < inputLength; i++) {
+ this.valueHexView[i] = intBuffer[i] & 0x7F;
+ this.blockLength++;
+ if ((intBuffer[i] & 0x80) === 0x00)
+ break;
+ }
+ const tempView = new Uint8Array(this.blockLength);
+ for (let i = 0; i < this.blockLength; i++)
+ tempView[i] = this.valueHexView[i];
+ this.valueHexView = tempView;
+ if ((intBuffer[this.blockLength - 1] & 0x80) !== 0x00) {
+ this.error = "End of input reached before message was fully decoded";
+ return -1;
+ }
+ if (this.valueHexView[0] === 0x00)
+ this.warnings.push("Needlessly long format of SID encoding");
+ if (this.blockLength <= 8)
+ this.valueDec = utilFromBase(this.valueHexView, 7);
+ else {
+ this.isHexOnly = true;
+ this.warnings.push("Too big SID for decoding, hex only");
+ }
+ return (inputOffset + this.blockLength);
+ }
+ toBER(sizeOnly) {
+ if (this.isHexOnly) {
+ if (sizeOnly)
+ return (new ArrayBuffer(this.valueHexView.byteLength));
+ const curView = this.valueHexView;
+ const retView = new Uint8Array(this.blockLength);
+ for (let i = 0; i < (this.blockLength - 1); i++)
+ retView[i] = curView[i] | 0x80;
+ retView[this.blockLength - 1] = curView[this.blockLength - 1];
+ return retView.buffer;
+ }
+ const encodedBuf = utilToBase(this.valueDec, 7);
+ if (encodedBuf.byteLength === 0) {
+ this.error = "Error during encoding SID value";
+ return EMPTY_BUFFER$1;
+ }
+ const retView = new Uint8Array(encodedBuf.byteLength);
+ if (!sizeOnly) {
+ const encodedView = new Uint8Array(encodedBuf);
+ const len = encodedBuf.byteLength - 1;
+ for (let i = 0; i < len; i++)
+ retView[i] = encodedView[i] | 0x80;
+ retView[len] = encodedView[len];
+ }
+ return retView.buffer;
+ }
+ toString() {
+ let result = "";
+ if (this.isHexOnly)
+ result = Convert.ToHex(this.valueHexView);
+ else {
+ result = this.valueDec.toString();
+ }
+ return result;
+ }
+ toJSON() {
+ return {
+ ...super.toJSON(),
+ valueDec: this.valueDec,
+ };
+ }
+}
+LocalRelativeSidValueBlock.NAME = "relativeSidBlock";
+
+class LocalRelativeObjectIdentifierValueBlock extends ValueBlock {
+ constructor({ value = EMPTY_STRING$1, ...parameters } = {}) {
+ super(parameters);
+ this.value = [];
+ if (value) {
+ this.fromString(value);
+ }
+ }
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ let resultOffset = inputOffset;
+ while (inputLength > 0) {
+ const sidBlock = new LocalRelativeSidValueBlock();
+ resultOffset = sidBlock.fromBER(inputBuffer, resultOffset, inputLength);
+ if (resultOffset === -1) {
+ this.blockLength = 0;
+ this.error = sidBlock.error;
+ return resultOffset;
+ }
+ this.blockLength += sidBlock.blockLength;
+ inputLength -= sidBlock.blockLength;
+ this.value.push(sidBlock);
+ }
+ return resultOffset;
+ }
+ toBER(sizeOnly, writer) {
+ const retBuffers = [];
+ for (let i = 0; i < this.value.length; i++) {
+ const valueBuf = this.value[i].toBER(sizeOnly);
+ if (valueBuf.byteLength === 0) {
+ this.error = this.value[i].error;
+ return EMPTY_BUFFER$1;
+ }
+ retBuffers.push(valueBuf);
+ }
+ return concat(retBuffers);
+ }
+ fromString(string) {
+ this.value = [];
+ let pos1 = 0;
+ let pos2 = 0;
+ let sid = "";
+ do {
+ pos2 = string.indexOf(".", pos1);
+ if (pos2 === -1)
+ sid = string.substring(pos1);
+ else
+ sid = string.substring(pos1, pos2);
+ pos1 = pos2 + 1;
+ const sidBlock = new LocalRelativeSidValueBlock();
+ sidBlock.valueDec = parseInt(sid, 10);
+ if (isNaN(sidBlock.valueDec))
+ return true;
+ this.value.push(sidBlock);
+ } while (pos2 !== -1);
+ return true;
+ }
+ toString() {
+ let result = "";
+ let isHexOnly = false;
+ for (let i = 0; i < this.value.length; i++) {
+ isHexOnly = this.value[i].isHexOnly;
+ let sidStr = this.value[i].toString();
+ if (i !== 0)
+ result = `${result}.`;
+ if (isHexOnly) {
+ sidStr = `{${sidStr}}`;
+ result += sidStr;
+ }
+ else
+ result += sidStr;
+ }
+ return result;
+ }
+ toJSON() {
+ const object = {
+ ...super.toJSON(),
+ value: this.toString(),
+ sidArray: [],
+ };
+ for (let i = 0; i < this.value.length; i++)
+ object.sidArray.push(this.value[i].toJSON());
+ return object;
+ }
+}
+LocalRelativeObjectIdentifierValueBlock.NAME = "RelativeObjectIdentifierValueBlock";
+
+var _a$l;
+class RelativeObjectIdentifier extends BaseBlock {
+ constructor(parameters = {}) {
+ super(parameters, LocalRelativeObjectIdentifierValueBlock);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 13;
+ }
+ getValue() {
+ return this.valueBlock.toString();
+ }
+ setValue(value) {
+ this.valueBlock.fromString(value);
+ }
+ onAsciiEncoding() {
+ return `${this.constructor.NAME} : ${this.valueBlock.toString() || "empty"}`;
+ }
+ toJSON() {
+ return {
+ ...super.toJSON(),
+ value: this.getValue(),
+ };
+ }
+}
+_a$l = RelativeObjectIdentifier;
+(() => {
+ typeStore.RelativeObjectIdentifier = _a$l;
+})();
+RelativeObjectIdentifier.NAME = "RelativeObjectIdentifier";
+
+var _a$k;
+class Sequence extends Constructed {
+ constructor(parameters = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 16;
+ }
+}
+_a$k = Sequence;
+(() => {
+ typeStore.Sequence = _a$k;
+})();
+Sequence.NAME = "SEQUENCE";
+
+var _a$j;
+class Set extends Constructed {
+ constructor(parameters = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 17;
+ }
+}
+_a$j = Set;
+(() => {
+ typeStore.Set = _a$j;
+})();
+Set.NAME = "SET";
+
+class LocalStringValueBlock extends HexBlock(ValueBlock) {
+ constructor({ ...parameters } = {}) {
+ super(parameters);
+ this.isHexOnly = true;
+ this.value = EMPTY_STRING$1;
+ }
+ toJSON() {
+ return {
+ ...super.toJSON(),
+ value: this.value,
+ };
+ }
+}
+LocalStringValueBlock.NAME = "StringValueBlock";
+
+class LocalSimpleStringValueBlock extends LocalStringValueBlock {
+}
+LocalSimpleStringValueBlock.NAME = "SimpleStringValueBlock";
+
+class LocalSimpleStringBlock extends BaseStringBlock {
+ constructor({ ...parameters } = {}) {
+ super(parameters, LocalSimpleStringValueBlock);
+ }
+ fromBuffer(inputBuffer) {
+ this.valueBlock.value = String.fromCharCode.apply(null, BufferSourceConverter.toUint8Array(inputBuffer));
+ }
+ fromString(inputString) {
+ const strLen = inputString.length;
+ const view = this.valueBlock.valueHexView = new Uint8Array(strLen);
+ for (let i = 0; i < strLen; i++)
+ view[i] = inputString.charCodeAt(i);
+ this.valueBlock.value = inputString;
+ }
+}
+LocalSimpleStringBlock.NAME = "SIMPLE STRING";
+
+class LocalUtf8StringValueBlock extends LocalSimpleStringBlock {
+ fromBuffer(inputBuffer) {
+ this.valueBlock.valueHexView = BufferSourceConverter.toUint8Array(inputBuffer);
+ try {
+ this.valueBlock.value = Convert.ToUtf8String(inputBuffer);
+ }
+ catch (ex) {
+ this.warnings.push(`Error during "decodeURIComponent": ${ex}, using raw string`);
+ this.valueBlock.value = Convert.ToBinary(inputBuffer);
+ }
+ }
+ fromString(inputString) {
+ this.valueBlock.valueHexView = new Uint8Array(Convert.FromUtf8String(inputString));
+ this.valueBlock.value = inputString;
+ }
+}
+LocalUtf8StringValueBlock.NAME = "Utf8StringValueBlock";
+
+var _a$i;
+class Utf8String extends LocalUtf8StringValueBlock {
+ constructor(parameters = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 12;
+ }
+}
+_a$i = Utf8String;
+(() => {
+ typeStore.Utf8String = _a$i;
+})();
+Utf8String.NAME = "UTF8String";
+
+class LocalBmpStringValueBlock extends LocalSimpleStringBlock {
+ fromBuffer(inputBuffer) {
+ this.valueBlock.value = Convert.ToUtf16String(inputBuffer);
+ this.valueBlock.valueHexView = BufferSourceConverter.toUint8Array(inputBuffer);
+ }
+ fromString(inputString) {
+ this.valueBlock.value = inputString;
+ this.valueBlock.valueHexView = new Uint8Array(Convert.FromUtf16String(inputString));
+ }
+}
+LocalBmpStringValueBlock.NAME = "BmpStringValueBlock";
+
+var _a$h;
+class BmpString extends LocalBmpStringValueBlock {
+ constructor({ ...parameters } = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 30;
+ }
+}
+_a$h = BmpString;
+(() => {
+ typeStore.BmpString = _a$h;
+})();
+BmpString.NAME = "BMPString";
+
+class LocalUniversalStringValueBlock extends LocalSimpleStringBlock {
+ fromBuffer(inputBuffer) {
+ const copyBuffer = ArrayBuffer.isView(inputBuffer) ? inputBuffer.slice().buffer : inputBuffer.slice(0);
+ const valueView = new Uint8Array(copyBuffer);
+ for (let i = 0; i < valueView.length; i += 4) {
+ valueView[i] = valueView[i + 3];
+ valueView[i + 1] = valueView[i + 2];
+ valueView[i + 2] = 0x00;
+ valueView[i + 3] = 0x00;
+ }
+ this.valueBlock.value = String.fromCharCode.apply(null, new Uint32Array(copyBuffer));
+ }
+ fromString(inputString) {
+ const strLength = inputString.length;
+ const valueHexView = this.valueBlock.valueHexView = new Uint8Array(strLength * 4);
+ for (let i = 0; i < strLength; i++) {
+ const codeBuf = utilToBase(inputString.charCodeAt(i), 8);
+ const codeView = new Uint8Array(codeBuf);
+ if (codeView.length > 4)
+ continue;
+ const dif = 4 - codeView.length;
+ for (let j = (codeView.length - 1); j >= 0; j--)
+ valueHexView[i * 4 + j + dif] = codeView[j];
+ }
+ this.valueBlock.value = inputString;
+ }
+}
+LocalUniversalStringValueBlock.NAME = "UniversalStringValueBlock";
+
+var _a$g;
+class UniversalString extends LocalUniversalStringValueBlock {
+ constructor({ ...parameters } = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 28;
+ }
+}
+_a$g = UniversalString;
+(() => {
+ typeStore.UniversalString = _a$g;
+})();
+UniversalString.NAME = "UniversalString";
+
+var _a$f;
+class NumericString extends LocalSimpleStringBlock {
+ constructor(parameters = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 18;
+ }
+}
+_a$f = NumericString;
+(() => {
+ typeStore.NumericString = _a$f;
+})();
+NumericString.NAME = "NumericString";
+
+var _a$e;
+class PrintableString extends LocalSimpleStringBlock {
+ constructor(parameters = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 19;
+ }
+}
+_a$e = PrintableString;
+(() => {
+ typeStore.PrintableString = _a$e;
+})();
+PrintableString.NAME = "PrintableString";
+
+var _a$d;
+class TeletexString extends LocalSimpleStringBlock {
+ constructor(parameters = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 20;
+ }
+}
+_a$d = TeletexString;
+(() => {
+ typeStore.TeletexString = _a$d;
+})();
+TeletexString.NAME = "TeletexString";
+
+var _a$c;
+class VideotexString extends LocalSimpleStringBlock {
+ constructor(parameters = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 21;
+ }
+}
+_a$c = VideotexString;
+(() => {
+ typeStore.VideotexString = _a$c;
+})();
+VideotexString.NAME = "VideotexString";
+
+var _a$b;
+class IA5String extends LocalSimpleStringBlock {
+ constructor(parameters = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 22;
+ }
+}
+_a$b = IA5String;
+(() => {
+ typeStore.IA5String = _a$b;
+})();
+IA5String.NAME = "IA5String";
+
+var _a$a;
+class GraphicString extends LocalSimpleStringBlock {
+ constructor(parameters = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 25;
+ }
+}
+_a$a = GraphicString;
+(() => {
+ typeStore.GraphicString = _a$a;
+})();
+GraphicString.NAME = "GraphicString";
+
+var _a$9;
+class VisibleString extends LocalSimpleStringBlock {
+ constructor(parameters = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 26;
+ }
+}
+_a$9 = VisibleString;
+(() => {
+ typeStore.VisibleString = _a$9;
+})();
+VisibleString.NAME = "VisibleString";
+
+var _a$8;
+class GeneralString extends LocalSimpleStringBlock {
+ constructor(parameters = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 27;
+ }
+}
+_a$8 = GeneralString;
+(() => {
+ typeStore.GeneralString = _a$8;
+})();
+GeneralString.NAME = "GeneralString";
+
+var _a$7;
+class CharacterString extends LocalSimpleStringBlock {
+ constructor(parameters = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 29;
+ }
+}
+_a$7 = CharacterString;
+(() => {
+ typeStore.CharacterString = _a$7;
+})();
+CharacterString.NAME = "CharacterString";
+
+var _a$6;
+class UTCTime extends VisibleString {
+ constructor({ value, valueDate, ...parameters } = {}) {
+ super(parameters);
+ this.year = 0;
+ this.month = 0;
+ this.day = 0;
+ this.hour = 0;
+ this.minute = 0;
+ this.second = 0;
+ if (value) {
+ this.fromString(value);
+ this.valueBlock.valueHexView = new Uint8Array(value.length);
+ for (let i = 0; i < value.length; i++)
+ this.valueBlock.valueHexView[i] = value.charCodeAt(i);
+ }
+ if (valueDate) {
+ this.fromDate(valueDate);
+ this.valueBlock.valueHexView = new Uint8Array(this.toBuffer());
+ }
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 23;
+ }
+ fromBuffer(inputBuffer) {
+ this.fromString(String.fromCharCode.apply(null, BufferSourceConverter.toUint8Array(inputBuffer)));
+ }
+ toBuffer() {
+ const str = this.toString();
+ const buffer = new ArrayBuffer(str.length);
+ const view = new Uint8Array(buffer);
+ for (let i = 0; i < str.length; i++)
+ view[i] = str.charCodeAt(i);
+ return buffer;
+ }
+ fromDate(inputDate) {
+ this.year = inputDate.getUTCFullYear();
+ this.month = inputDate.getUTCMonth() + 1;
+ this.day = inputDate.getUTCDate();
+ this.hour = inputDate.getUTCHours();
+ this.minute = inputDate.getUTCMinutes();
+ this.second = inputDate.getUTCSeconds();
+ }
+ toDate() {
+ return (new Date(Date.UTC(this.year, this.month - 1, this.day, this.hour, this.minute, this.second)));
+ }
+ fromString(inputString) {
+ const parser = /(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})Z/ig;
+ const parserArray = parser.exec(inputString);
+ if (parserArray === null) {
+ this.error = "Wrong input string for conversion";
+ return;
+ }
+ const year = parseInt(parserArray[1], 10);
+ if (year >= 50)
+ this.year = 1900 + year;
+ else
+ this.year = 2000 + year;
+ this.month = parseInt(parserArray[2], 10);
+ this.day = parseInt(parserArray[3], 10);
+ this.hour = parseInt(parserArray[4], 10);
+ this.minute = parseInt(parserArray[5], 10);
+ this.second = parseInt(parserArray[6], 10);
+ }
+ toString(encoding = "iso") {
+ if (encoding === "iso") {
+ const outputArray = new Array(7);
+ outputArray[0] = padNumber(((this.year < 2000) ? (this.year - 1900) : (this.year - 2000)), 2);
+ outputArray[1] = padNumber(this.month, 2);
+ outputArray[2] = padNumber(this.day, 2);
+ outputArray[3] = padNumber(this.hour, 2);
+ outputArray[4] = padNumber(this.minute, 2);
+ outputArray[5] = padNumber(this.second, 2);
+ outputArray[6] = "Z";
+ return outputArray.join("");
+ }
+ return super.toString(encoding);
+ }
+ onAsciiEncoding() {
+ return `${this.constructor.NAME} : ${this.toDate().toISOString()}`;
+ }
+ toJSON() {
+ return {
+ ...super.toJSON(),
+ year: this.year,
+ month: this.month,
+ day: this.day,
+ hour: this.hour,
+ minute: this.minute,
+ second: this.second,
+ };
+ }
+}
+_a$6 = UTCTime;
+(() => {
+ typeStore.UTCTime = _a$6;
+})();
+UTCTime.NAME = "UTCTime";
+
+var _a$5;
+class GeneralizedTime extends UTCTime {
+ constructor(parameters = {}) {
+ var _b;
+ super(parameters);
+ (_b = this.millisecond) !== null && _b !== void 0 ? _b : (this.millisecond = 0);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 24;
+ }
+ fromDate(inputDate) {
+ super.fromDate(inputDate);
+ this.millisecond = inputDate.getUTCMilliseconds();
+ }
+ toDate() {
+ return (new Date(Date.UTC(this.year, this.month - 1, this.day, this.hour, this.minute, this.second, this.millisecond)));
+ }
+ fromString(inputString) {
+ let isUTC = false;
+ let timeString = "";
+ let dateTimeString = "";
+ let fractionPart = 0;
+ let parser;
+ let hourDifference = 0;
+ let minuteDifference = 0;
+ if (inputString[inputString.length - 1] === "Z") {
+ timeString = inputString.substring(0, inputString.length - 1);
+ isUTC = true;
+ }
+ else {
+ const number = new Number(inputString[inputString.length - 1]);
+ if (isNaN(number.valueOf()))
+ throw new Error("Wrong input string for conversion");
+ timeString = inputString;
+ }
+ if (isUTC) {
+ if (timeString.indexOf("+") !== -1)
+ throw new Error("Wrong input string for conversion");
+ if (timeString.indexOf("-") !== -1)
+ throw new Error("Wrong input string for conversion");
+ }
+ else {
+ let multiplier = 1;
+ let differencePosition = timeString.indexOf("+");
+ let differenceString = "";
+ if (differencePosition === -1) {
+ differencePosition = timeString.indexOf("-");
+ multiplier = -1;
+ }
+ if (differencePosition !== -1) {
+ differenceString = timeString.substring(differencePosition + 1);
+ timeString = timeString.substring(0, differencePosition);
+ if ((differenceString.length !== 2) && (differenceString.length !== 4))
+ throw new Error("Wrong input string for conversion");
+ let number = parseInt(differenceString.substring(0, 2), 10);
+ if (isNaN(number.valueOf()))
+ throw new Error("Wrong input string for conversion");
+ hourDifference = multiplier * number;
+ if (differenceString.length === 4) {
+ number = parseInt(differenceString.substring(2, 4), 10);
+ if (isNaN(number.valueOf()))
+ throw new Error("Wrong input string for conversion");
+ minuteDifference = multiplier * number;
+ }
+ }
+ }
+ let fractionPointPosition = timeString.indexOf(".");
+ if (fractionPointPosition === -1)
+ fractionPointPosition = timeString.indexOf(",");
+ if (fractionPointPosition !== -1) {
+ const fractionPartCheck = new Number(`0${timeString.substring(fractionPointPosition)}`);
+ if (isNaN(fractionPartCheck.valueOf()))
+ throw new Error("Wrong input string for conversion");
+ fractionPart = fractionPartCheck.valueOf();
+ dateTimeString = timeString.substring(0, fractionPointPosition);
+ }
+ else
+ dateTimeString = timeString;
+ switch (true) {
+ case (dateTimeString.length === 8):
+ parser = /(\d{4})(\d{2})(\d{2})/ig;
+ if (fractionPointPosition !== -1)
+ throw new Error("Wrong input string for conversion");
+ break;
+ case (dateTimeString.length === 10):
+ parser = /(\d{4})(\d{2})(\d{2})(\d{2})/ig;
+ if (fractionPointPosition !== -1) {
+ let fractionResult = 60 * fractionPart;
+ this.minute = Math.floor(fractionResult);
+ fractionResult = 60 * (fractionResult - this.minute);
+ this.second = Math.floor(fractionResult);
+ fractionResult = 1000 * (fractionResult - this.second);
+ this.millisecond = Math.floor(fractionResult);
+ }
+ break;
+ case (dateTimeString.length === 12):
+ parser = /(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})/ig;
+ if (fractionPointPosition !== -1) {
+ let fractionResult = 60 * fractionPart;
+ this.second = Math.floor(fractionResult);
+ fractionResult = 1000 * (fractionResult - this.second);
+ this.millisecond = Math.floor(fractionResult);
+ }
+ break;
+ case (dateTimeString.length === 14):
+ parser = /(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})/ig;
+ if (fractionPointPosition !== -1) {
+ const fractionResult = 1000 * fractionPart;
+ this.millisecond = Math.floor(fractionResult);
+ }
+ break;
+ default:
+ throw new Error("Wrong input string for conversion");
+ }
+ const parserArray = parser.exec(dateTimeString);
+ if (parserArray === null)
+ throw new Error("Wrong input string for conversion");
+ for (let j = 1; j < parserArray.length; j++) {
+ switch (j) {
+ case 1:
+ this.year = parseInt(parserArray[j], 10);
+ break;
+ case 2:
+ this.month = parseInt(parserArray[j], 10);
+ break;
+ case 3:
+ this.day = parseInt(parserArray[j], 10);
+ break;
+ case 4:
+ this.hour = parseInt(parserArray[j], 10) + hourDifference;
+ break;
+ case 5:
+ this.minute = parseInt(parserArray[j], 10) + minuteDifference;
+ break;
+ case 6:
+ this.second = parseInt(parserArray[j], 10);
+ break;
+ default:
+ throw new Error("Wrong input string for conversion");
+ }
+ }
+ if (isUTC === false) {
+ const tempDate = new Date(this.year, this.month, this.day, this.hour, this.minute, this.second, this.millisecond);
+ this.year = tempDate.getUTCFullYear();
+ this.month = tempDate.getUTCMonth();
+ this.day = tempDate.getUTCDay();
+ this.hour = tempDate.getUTCHours();
+ this.minute = tempDate.getUTCMinutes();
+ this.second = tempDate.getUTCSeconds();
+ this.millisecond = tempDate.getUTCMilliseconds();
+ }
+ }
+ toString(encoding = "iso") {
+ if (encoding === "iso") {
+ const outputArray = [];
+ outputArray.push(padNumber(this.year, 4));
+ outputArray.push(padNumber(this.month, 2));
+ outputArray.push(padNumber(this.day, 2));
+ outputArray.push(padNumber(this.hour, 2));
+ outputArray.push(padNumber(this.minute, 2));
+ outputArray.push(padNumber(this.second, 2));
+ if (this.millisecond !== 0) {
+ outputArray.push(".");
+ outputArray.push(padNumber(this.millisecond, 3));
+ }
+ outputArray.push("Z");
+ return outputArray.join("");
+ }
+ return super.toString(encoding);
+ }
+ toJSON() {
+ return {
+ ...super.toJSON(),
+ millisecond: this.millisecond,
+ };
+ }
+}
+_a$5 = GeneralizedTime;
+(() => {
+ typeStore.GeneralizedTime = _a$5;
+})();
+GeneralizedTime.NAME = "GeneralizedTime";
+
+var _a$4;
+class DATE$2 extends Utf8String {
+ constructor(parameters = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 31;
+ }
+}
+_a$4 = DATE$2;
+(() => {
+ typeStore.DATE = _a$4;
+})();
+DATE$2.NAME = "DATE";
+
+var _a$3;
+class TimeOfDay extends Utf8String {
+ constructor(parameters = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 32;
+ }
+}
+_a$3 = TimeOfDay;
+(() => {
+ typeStore.TimeOfDay = _a$3;
+})();
+TimeOfDay.NAME = "TimeOfDay";
+
+var _a$2;
+class DateTime extends Utf8String {
+ constructor(parameters = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 33;
+ }
+}
+_a$2 = DateTime;
+(() => {
+ typeStore.DateTime = _a$2;
+})();
+DateTime.NAME = "DateTime";
+
+var _a$1;
+class Duration extends Utf8String {
+ constructor(parameters = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 34;
+ }
+}
+_a$1 = Duration;
+(() => {
+ typeStore.Duration = _a$1;
+})();
+Duration.NAME = "Duration";
+
+var _a$x;
+class TIME extends Utf8String {
+ constructor(parameters = {}) {
+ super(parameters);
+ this.idBlock.tagClass = 1;
+ this.idBlock.tagNumber = 14;
+ }
+}
+_a$x = TIME;
+(() => {
+ typeStore.TIME = _a$x;
+})();
+TIME.NAME = "TIME";
+
+class Any {
+ constructor({ name = EMPTY_STRING$1, optional = false, } = {}) {
+ this.name = name;
+ this.optional = optional;
+ }
+}
+
+class Choice extends Any {
+ constructor({ value = [], ...parameters } = {}) {
+ super(parameters);
+ this.value = value;
+ }
+}
+
+class Repeated extends Any {
+ constructor({ value = new Any(), local = false, ...parameters } = {}) {
+ super(parameters);
+ this.value = value;
+ this.local = local;
+ }
+}
+
+class RawData {
+ constructor({ data = EMPTY_VIEW } = {}) {
+ this.dataView = BufferSourceConverter.toUint8Array(data);
+ }
+ get data() {
+ return this.dataView.slice().buffer;
+ }
+ set data(value) {
+ this.dataView = BufferSourceConverter.toUint8Array(value);
+ }
+ fromBER(inputBuffer, inputOffset, inputLength) {
+ const endLength = inputOffset + inputLength;
+ this.dataView = BufferSourceConverter.toUint8Array(inputBuffer).subarray(inputOffset, endLength);
+ return endLength;
+ }
+ toBER(sizeOnly) {
+ return this.dataView.slice().buffer;
+ }
+}
+
+function compareSchema(root, inputData, inputSchema) {
+ if (inputSchema instanceof Choice) {
+ for (let j = 0; j < inputSchema.value.length; j++) {
+ const result = compareSchema(root, inputData, inputSchema.value[j]);
+ if (result.verified) {
+ return {
+ verified: true,
+ result: root
+ };
+ }
+ }
+ {
+ const _result = {
+ verified: false,
+ result: {
+ error: "Wrong values for Choice type"
+ },
+ };
+ if (inputSchema.hasOwnProperty(NAME))
+ _result.name = inputSchema.name;
+ return _result;
+ }
+ }
+ if (inputSchema instanceof Any) {
+ if (inputSchema.hasOwnProperty(NAME))
+ root[inputSchema.name] = inputData;
+ return {
+ verified: true,
+ result: root
+ };
+ }
+ if ((root instanceof Object) === false) {
+ return {
+ verified: false,
+ result: { error: "Wrong root object" }
+ };
+ }
+ if ((inputData instanceof Object) === false) {
+ return {
+ verified: false,
+ result: { error: "Wrong ASN.1 data" }
+ };
+ }
+ if ((inputSchema instanceof Object) === false) {
+ return {
+ verified: false,
+ result: { error: "Wrong ASN.1 schema" }
+ };
+ }
+ if ((ID_BLOCK in inputSchema) === false) {
+ return {
+ verified: false,
+ result: { error: "Wrong ASN.1 schema" }
+ };
+ }
+ if ((FROM_BER in inputSchema.idBlock) === false) {
+ return {
+ verified: false,
+ result: { error: "Wrong ASN.1 schema" }
+ };
+ }
+ if ((TO_BER in inputSchema.idBlock) === false) {
+ return {
+ verified: false,
+ result: { error: "Wrong ASN.1 schema" }
+ };
+ }
+ const encodedId = inputSchema.idBlock.toBER(false);
+ if (encodedId.byteLength === 0) {
+ return {
+ verified: false,
+ result: { error: "Error encoding idBlock for ASN.1 schema" }
+ };
+ }
+ const decodedOffset = inputSchema.idBlock.fromBER(encodedId, 0, encodedId.byteLength);
+ if (decodedOffset === -1) {
+ return {
+ verified: false,
+ result: { error: "Error decoding idBlock for ASN.1 schema" }
+ };
+ }
+ if (inputSchema.idBlock.hasOwnProperty(TAG_CLASS) === false) {
+ return {
+ verified: false,
+ result: { error: "Wrong ASN.1 schema" }
+ };
+ }
+ if (inputSchema.idBlock.tagClass !== inputData.idBlock.tagClass) {
+ return {
+ verified: false,
+ result: root
+ };
+ }
+ if (inputSchema.idBlock.hasOwnProperty(TAG_NUMBER) === false) {
+ return {
+ verified: false,
+ result: { error: "Wrong ASN.1 schema" }
+ };
+ }
+ if (inputSchema.idBlock.tagNumber !== inputData.idBlock.tagNumber) {
+ return {
+ verified: false,
+ result: root
+ };
+ }
+ if (inputSchema.idBlock.hasOwnProperty(IS_CONSTRUCTED) === false) {
+ return {
+ verified: false,
+ result: { error: "Wrong ASN.1 schema" }
+ };
+ }
+ if (inputSchema.idBlock.isConstructed !== inputData.idBlock.isConstructed) {
+ return {
+ verified: false,
+ result: root
+ };
+ }
+ if (!(IS_HEX_ONLY in inputSchema.idBlock)) {
+ return {
+ verified: false,
+ result: { error: "Wrong ASN.1 schema" }
+ };
+ }
+ if (inputSchema.idBlock.isHexOnly !== inputData.idBlock.isHexOnly) {
+ return {
+ verified: false,
+ result: root
+ };
+ }
+ if (inputSchema.idBlock.isHexOnly) {
+ if ((VALUE_HEX_VIEW in inputSchema.idBlock) === false) {
+ return {
+ verified: false,
+ result: { error: "Wrong ASN.1 schema" }
+ };
+ }
+ const schemaView = inputSchema.idBlock.valueHexView;
+ const asn1View = inputData.idBlock.valueHexView;
+ if (schemaView.length !== asn1View.length) {
+ return {
+ verified: false,
+ result: root
+ };
+ }
+ for (let i = 0; i < schemaView.length; i++) {
+ if (schemaView[i] !== asn1View[1]) {
+ return {
+ verified: false,
+ result: root
+ };
+ }
+ }
+ }
+ if (inputSchema.name) {
+ inputSchema.name = inputSchema.name.replace(/^\s+|\s+$/g, EMPTY_STRING$1);
+ if (inputSchema.name)
+ root[inputSchema.name] = inputData;
+ }
+ if (inputSchema instanceof typeStore.Constructed) {
+ let admission = 0;
+ let result = {
+ verified: false,
+ result: {
+ error: "Unknown error",
+ }
+ };
+ let maxLength = inputSchema.valueBlock.value.length;
+ if (maxLength > 0) {
+ if (inputSchema.valueBlock.value[0] instanceof Repeated) {
+ maxLength = inputData.valueBlock.value.length;
+ }
+ }
+ if (maxLength === 0) {
+ return {
+ verified: true,
+ result: root
+ };
+ }
+ if ((inputData.valueBlock.value.length === 0) &&
+ (inputSchema.valueBlock.value.length !== 0)) {
+ let _optional = true;
+ for (let i = 0; i < inputSchema.valueBlock.value.length; i++)
+ _optional = _optional && (inputSchema.valueBlock.value[i].optional || false);
+ if (_optional) {
+ return {
+ verified: true,
+ result: root
+ };
+ }
+ if (inputSchema.name) {
+ inputSchema.name = inputSchema.name.replace(/^\s+|\s+$/g, EMPTY_STRING$1);
+ if (inputSchema.name)
+ delete root[inputSchema.name];
+ }
+ root.error = "Inconsistent object length";
+ return {
+ verified: false,
+ result: root
+ };
+ }
+ for (let i = 0; i < maxLength; i++) {
+ if ((i - admission) >= inputData.valueBlock.value.length) {
+ if (inputSchema.valueBlock.value[i].optional === false) {
+ const _result = {
+ verified: false,
+ result: root
+ };
+ root.error = "Inconsistent length between ASN.1 data and schema";
+ if (inputSchema.name) {
+ inputSchema.name = inputSchema.name.replace(/^\s+|\s+$/g, EMPTY_STRING$1);
+ if (inputSchema.name) {
+ delete root[inputSchema.name];
+ _result.name = inputSchema.name;
+ }
+ }
+ return _result;
+ }
+ }
+ else {
+ if (inputSchema.valueBlock.value[0] instanceof Repeated) {
+ result = compareSchema(root, inputData.valueBlock.value[i], inputSchema.valueBlock.value[0].value);
+ if (result.verified === false) {
+ if (inputSchema.valueBlock.value[0].optional)
+ admission++;
+ else {
+ if (inputSchema.name) {
+ inputSchema.name = inputSchema.name.replace(/^\s+|\s+$/g, EMPTY_STRING$1);
+ if (inputSchema.name)
+ delete root[inputSchema.name];
+ }
+ return result;
+ }
+ }
+ if ((NAME in inputSchema.valueBlock.value[0]) && (inputSchema.valueBlock.value[0].name.length > 0)) {
+ let arrayRoot = {};
+ if ((LOCAL in inputSchema.valueBlock.value[0]) && (inputSchema.valueBlock.value[0].local))
+ arrayRoot = inputData;
+ else
+ arrayRoot = root;
+ if (typeof arrayRoot[inputSchema.valueBlock.value[0].name] === "undefined")
+ arrayRoot[inputSchema.valueBlock.value[0].name] = [];
+ arrayRoot[inputSchema.valueBlock.value[0].name].push(inputData.valueBlock.value[i]);
+ }
+ }
+ else {
+ result = compareSchema(root, inputData.valueBlock.value[i - admission], inputSchema.valueBlock.value[i]);
+ if (result.verified === false) {
+ if (inputSchema.valueBlock.value[i].optional)
+ admission++;
+ else {
+ if (inputSchema.name) {
+ inputSchema.name = inputSchema.name.replace(/^\s+|\s+$/g, EMPTY_STRING$1);
+ if (inputSchema.name)
+ delete root[inputSchema.name];
+ }
+ return result;
+ }
+ }
+ }
+ }
+ }
+ if (result.verified === false) {
+ const _result = {
+ verified: false,
+ result: root
+ };
+ if (inputSchema.name) {
+ inputSchema.name = inputSchema.name.replace(/^\s+|\s+$/g, EMPTY_STRING$1);
+ if (inputSchema.name) {
+ delete root[inputSchema.name];
+ _result.name = inputSchema.name;
+ }
+ }
+ return _result;
+ }
+ return {
+ verified: true,
+ result: root
+ };
+ }
+ if (inputSchema.primitiveSchema &&
+ (VALUE_HEX_VIEW in inputData.valueBlock)) {
+ const asn1 = localFromBER(inputData.valueBlock.valueHexView);
+ if (asn1.offset === -1) {
+ const _result = {
+ verified: false,
+ result: asn1.result
+ };
+ if (inputSchema.name) {
+ inputSchema.name = inputSchema.name.replace(/^\s+|\s+$/g, EMPTY_STRING$1);
+ if (inputSchema.name) {
+ delete root[inputSchema.name];
+ _result.name = inputSchema.name;
+ }
+ }
+ return _result;
+ }
+ return compareSchema(root, asn1.result, inputSchema.primitiveSchema);
+ }
+ return {
+ verified: true,
+ result: root
+ };
+}
+
+const EMPTY_BUFFER = new ArrayBuffer(0);
+const EMPTY_STRING = "";
+
+class ArgumentError extends TypeError {
+ constructor() {
+ super(...arguments);
+ this.name = ArgumentError.NAME;
+ }
+ static isType(value, type) {
+ if (typeof type === "string") {
+ if (type === "Array" && Array.isArray(value)) {
+ return true;
+ }
+ else if (type === "ArrayBuffer" && value instanceof ArrayBuffer) {
+ return true;
+ }
+ else if (type === "ArrayBufferView" && ArrayBuffer.isView(value)) {
+ return true;
+ }
+ else if (typeof value === type) {
+ return true;
+ }
+ }
+ else if (value instanceof type) {
+ return true;
+ }
+ return false;
+ }
+ static assert(value, name, ...types) {
+ for (const type of types) {
+ if (this.isType(value, type)) {
+ return;
+ }
+ }
+ const typeNames = types.map(o => o instanceof Function && "name" in o ? o.name : `${o}`);
+ throw new ArgumentError(`Parameter '${name}' is not of type ${typeNames.length > 1 ? `(${typeNames.join(" or ")})` : typeNames[0]}`);
+ }
+}
+ArgumentError.NAME = "ArgumentError";
+
+class ParameterError extends TypeError {
+ constructor(field, target = null, message) {
+ super();
+ this.name = ParameterError.NAME;
+ this.field = field;
+ if (target) {
+ this.target = target;
+ }
+ if (message) {
+ this.message = message;
+ }
+ else {
+ this.message = `Absent mandatory parameter '${field}' ${target ? ` in '${target}'` : EMPTY_STRING}`;
+ }
+ }
+ static assert(...args) {
+ let target = null;
+ let params;
+ let fields;
+ if (typeof args[0] === "string") {
+ target = args[0];
+ params = args[1];
+ fields = args.slice(2);
+ }
+ else {
+ params = args[0];
+ fields = args.slice(1);
+ }
+ ArgumentError.assert(params, "parameters", "object");
+ for (const field of fields) {
+ const value = params[field];
+ if (value === undefined || value === null) {
+ throw new ParameterError(field, target);
+ }
+ }
+ }
+ static assertEmpty(value, name, target) {
+ if (value === undefined || value === null) {
+ throw new ParameterError(name, target);
+ }
+ }
+}
+ParameterError.NAME = "ParameterError";
+
+class AsnError extends Error {
+ static assertSchema(asn1, target) {
+ if (!asn1.verified) {
+ throw new Error(`Object's schema was not verified against input data for ${target}`);
+ }
+ }
+ static assert(asn, target) {
+ if (asn.offset === -1) {
+ throw new AsnError(`Error during parsing of ASN.1 data. Data is not correct for '${target}'.`);
+ }
+ }
+ constructor(message) {
+ super(message);
+ this.name = "AsnError";
+ }
+}
+
+class PkiObject {
+ static blockName() {
+ return this.CLASS_NAME;
+ }
+ static fromBER(raw) {
+ const asn1 = fromBER(raw);
+ AsnError.assert(asn1, this.name);
+ try {
+ return new this({ schema: asn1.result });
+ }
+ catch (e) {
+ throw new AsnError(`Cannot create '${this.CLASS_NAME}' from ASN.1 object`);
+ }
+ }
+ static defaultValues(memberName) {
+ throw new Error(`Invalid member name for ${this.CLASS_NAME} class: ${memberName}`);
+ }
+ static schema(parameters = {}) {
+ throw new Error(`Method '${this.CLASS_NAME}.schema' should be overridden`);
+ }
+ get className() {
+ return this.constructor.CLASS_NAME;
+ }
+ toString(encoding = "hex") {
+ let schema;
+ try {
+ schema = this.toSchema();
+ }
+ catch (_a) {
+ schema = this.toSchema(true);
+ }
+ return Convert.ToString(schema.toBER(), encoding);
+ }
+}
+PkiObject.CLASS_NAME = "PkiObject";
+
+function stringPrep(inputString) {
+ let isSpace = false;
+ let cutResult = EMPTY_STRING;
+ const result = inputString.trim();
+ for (let i = 0; i < result.length; i++) {
+ if (result.charCodeAt(i) === 32) {
+ if (isSpace === false)
+ isSpace = true;
+ }
+ else {
+ if (isSpace) {
+ cutResult += " ";
+ isSpace = false;
+ }
+ cutResult += result[i];
+ }
+ }
+ return cutResult.toLowerCase();
+}
+
+const TYPE$5 = "type";
+const VALUE$6 = "value";
+class AttributeTypeAndValue extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.type = getParametersValue(parameters, TYPE$5, AttributeTypeAndValue.defaultValues(TYPE$5));
+ this.value = getParametersValue(parameters, VALUE$6, AttributeTypeAndValue.defaultValues(VALUE$6));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case TYPE$5:
+ return EMPTY_STRING;
+ case VALUE$6:
+ return {};
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.type || EMPTY_STRING) }),
+ new Any({ name: (names.value || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, [
+ TYPE$5,
+ "typeValue"
+ ]);
+ const asn1 = compareSchema(schema, schema, AttributeTypeAndValue.schema({
+ names: {
+ type: TYPE$5,
+ value: "typeValue"
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.type = asn1.result.type.valueBlock.toString();
+ this.value = asn1.result.typeValue;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ new ObjectIdentifier({ value: this.type }),
+ this.value
+ ]
+ }));
+ }
+ toJSON() {
+ const _object = {
+ type: this.type
+ };
+ if (Object.keys(this.value).length !== 0) {
+ _object.value = (this.value).toJSON();
+ }
+ else {
+ _object.value = this.value;
+ }
+ return _object;
+ }
+ isEqual(compareTo) {
+ const stringBlockNames = [
+ Utf8String.blockName(),
+ BmpString.blockName(),
+ UniversalString.blockName(),
+ NumericString.blockName(),
+ PrintableString.blockName(),
+ TeletexString.blockName(),
+ VideotexString.blockName(),
+ IA5String.blockName(),
+ GraphicString.blockName(),
+ VisibleString.blockName(),
+ GeneralString.blockName(),
+ CharacterString.blockName()
+ ];
+ if (compareTo instanceof ArrayBuffer) {
+ return BufferSourceConverter.isEqual(this.value.valueBeforeDecodeView, compareTo);
+ }
+ if (compareTo.constructor.blockName() === AttributeTypeAndValue.blockName()) {
+ if (this.type !== compareTo.type)
+ return false;
+ const isStringPair = [false, false];
+ const thisName = this.value.constructor.blockName();
+ for (const name of stringBlockNames) {
+ if (thisName === name) {
+ isStringPair[0] = true;
+ }
+ if (compareTo.value.constructor.blockName() === name) {
+ isStringPair[1] = true;
+ }
+ }
+ if (isStringPair[0] !== isStringPair[1]) {
+ return false;
+ }
+ const isString = (isStringPair[0] && isStringPair[1]);
+ if (isString) {
+ const value1 = stringPrep(this.value.valueBlock.value);
+ const value2 = stringPrep(compareTo.value.valueBlock.value);
+ if (value1.localeCompare(value2) !== 0)
+ return false;
+ }
+ else {
+ if (!BufferSourceConverter.isEqual(this.value.valueBeforeDecodeView, compareTo.value.valueBeforeDecodeView))
+ return false;
+ }
+ return true;
+ }
+ return false;
+ }
+}
+AttributeTypeAndValue.CLASS_NAME = "AttributeTypeAndValue";
+
+const TYPE_AND_VALUES = "typesAndValues";
+const VALUE_BEFORE_DECODE = "valueBeforeDecode";
+const RDN = "RDN";
+class RelativeDistinguishedNames extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.typesAndValues = getParametersValue(parameters, TYPE_AND_VALUES, RelativeDistinguishedNames.defaultValues(TYPE_AND_VALUES));
+ this.valueBeforeDecode = getParametersValue(parameters, VALUE_BEFORE_DECODE, RelativeDistinguishedNames.defaultValues(VALUE_BEFORE_DECODE));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case TYPE_AND_VALUES:
+ return [];
+ case VALUE_BEFORE_DECODE:
+ return EMPTY_BUFFER;
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case TYPE_AND_VALUES:
+ return (memberValue.length === 0);
+ case VALUE_BEFORE_DECODE:
+ return (memberValue.byteLength === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Repeated({
+ name: (names.repeatedSequence || EMPTY_STRING),
+ value: new Set({
+ value: [
+ new Repeated({
+ name: (names.repeatedSet || EMPTY_STRING),
+ value: AttributeTypeAndValue.schema(names.typeAndValue || {})
+ })
+ ]
+ })
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, [
+ RDN,
+ TYPE_AND_VALUES
+ ]);
+ const asn1 = compareSchema(schema, schema, RelativeDistinguishedNames.schema({
+ names: {
+ blockName: RDN,
+ repeatedSet: TYPE_AND_VALUES
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (TYPE_AND_VALUES in asn1.result) {
+ this.typesAndValues = Array.from(asn1.result.typesAndValues, element => new AttributeTypeAndValue({ schema: element }));
+ }
+ this.valueBeforeDecode = asn1.result.RDN.valueBeforeDecodeView.slice().buffer;
+ }
+ toSchema() {
+ if (this.valueBeforeDecode.byteLength === 0) {
+ return (new Sequence({
+ value: [new Set({
+ value: Array.from(this.typesAndValues, o => o.toSchema())
+ })]
+ }));
+ }
+ const asn1 = fromBER(this.valueBeforeDecode);
+ AsnError.assert(asn1, "RelativeDistinguishedNames");
+ if (!(asn1.result instanceof Sequence)) {
+ throw new Error("ASN.1 result should be SEQUENCE");
+ }
+ return asn1.result;
+ }
+ toJSON() {
+ return {
+ typesAndValues: Array.from(this.typesAndValues, o => o.toJSON())
+ };
+ }
+ isEqual(compareTo) {
+ if (compareTo instanceof RelativeDistinguishedNames) {
+ if (this.typesAndValues.length !== compareTo.typesAndValues.length)
+ return false;
+ for (const [index, typeAndValue] of this.typesAndValues.entries()) {
+ if (typeAndValue.isEqual(compareTo.typesAndValues[index]) === false)
+ return false;
+ }
+ return true;
+ }
+ if (compareTo instanceof ArrayBuffer) {
+ return isEqualBuffer(this.valueBeforeDecode, compareTo);
+ }
+ return false;
+ }
+}
+RelativeDistinguishedNames.CLASS_NAME = "RelativeDistinguishedNames";
+
+const TYPE$4 = "type";
+const VALUE$5 = "value";
+function builtInStandardAttributes(parameters = {}, optional = false) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ optional,
+ value: [
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 2,
+ tagNumber: 1
+ },
+ name: (names.country_name || EMPTY_STRING),
+ value: [
+ new Choice({
+ value: [
+ new NumericString(),
+ new PrintableString()
+ ]
+ })
+ ]
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 2,
+ tagNumber: 2
+ },
+ name: (names.administration_domain_name || EMPTY_STRING),
+ value: [
+ new Choice({
+ value: [
+ new NumericString(),
+ new PrintableString()
+ ]
+ })
+ ]
+ }),
+ new Primitive({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ name: (names.network_address || EMPTY_STRING),
+ isHexOnly: true
+ }),
+ new Primitive({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ name: (names.terminal_identifier || EMPTY_STRING),
+ isHexOnly: true
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ name: (names.private_domain_name || EMPTY_STRING),
+ value: [
+ new Choice({
+ value: [
+ new NumericString(),
+ new PrintableString()
+ ]
+ })
+ ]
+ }),
+ new Primitive({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 3
+ },
+ name: (names.organization_name || EMPTY_STRING),
+ isHexOnly: true
+ }),
+ new Primitive({
+ optional: true,
+ name: (names.numeric_user_identifier || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 4
+ },
+ isHexOnly: true
+ }),
+ new Constructed({
+ optional: true,
+ name: (names.personal_name || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 5
+ },
+ value: [
+ new Primitive({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ isHexOnly: true
+ }),
+ new Primitive({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ isHexOnly: true
+ }),
+ new Primitive({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ isHexOnly: true
+ }),
+ new Primitive({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 3
+ },
+ isHexOnly: true
+ })
+ ]
+ }),
+ new Constructed({
+ optional: true,
+ name: (names.organizational_unit_names || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 6
+ },
+ value: [
+ new Repeated({
+ value: new PrintableString()
+ })
+ ]
+ })
+ ]
+ }));
+}
+function builtInDomainDefinedAttributes(optional = false) {
+ return (new Sequence({
+ optional,
+ value: [
+ new PrintableString(),
+ new PrintableString()
+ ]
+ }));
+}
+function extensionAttributes(optional = false) {
+ return (new Set({
+ optional,
+ value: [
+ new Primitive({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ isHexOnly: true
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [new Any()]
+ })
+ ]
+ }));
+}
+class GeneralName extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.type = getParametersValue(parameters, TYPE$4, GeneralName.defaultValues(TYPE$4));
+ this.value = getParametersValue(parameters, VALUE$5, GeneralName.defaultValues(VALUE$5));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case TYPE$4:
+ return 9;
+ case VALUE$5:
+ return {};
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case TYPE$4:
+ return (memberValue === GeneralName.defaultValues(memberName));
+ case VALUE$5:
+ return (Object.keys(memberValue).length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Choice({
+ value: [
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier(),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [new Any()]
+ })
+ ]
+ }),
+ new Primitive({
+ name: (names.blockName || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ }
+ }),
+ new Primitive({
+ name: (names.blockName || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ }
+ }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 3
+ },
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ builtInStandardAttributes((names.builtInStandardAttributes || {}), false),
+ builtInDomainDefinedAttributes(true),
+ extensionAttributes(true)
+ ]
+ }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 4
+ },
+ name: (names.blockName || EMPTY_STRING),
+ value: [RelativeDistinguishedNames.schema(names.directoryName || {})]
+ }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 5
+ },
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new Choice({
+ value: [
+ new TeletexString(),
+ new PrintableString(),
+ new UniversalString(),
+ new Utf8String(),
+ new BmpString()
+ ]
+ })
+ ]
+ }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [
+ new Choice({
+ value: [
+ new TeletexString(),
+ new PrintableString(),
+ new UniversalString(),
+ new Utf8String(),
+ new BmpString()
+ ]
+ })
+ ]
+ })
+ ]
+ }),
+ new Primitive({
+ name: (names.blockName || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 6
+ }
+ }),
+ new Primitive({
+ name: (names.blockName || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 7
+ }
+ }),
+ new Primitive({
+ name: (names.blockName || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 8
+ }
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, [
+ "blockName",
+ "otherName",
+ "rfc822Name",
+ "dNSName",
+ "x400Address",
+ "directoryName",
+ "ediPartyName",
+ "uniformResourceIdentifier",
+ "iPAddress",
+ "registeredID"
+ ]);
+ const asn1 = compareSchema(schema, schema, GeneralName.schema({
+ names: {
+ blockName: "blockName",
+ otherName: "otherName",
+ rfc822Name: "rfc822Name",
+ dNSName: "dNSName",
+ x400Address: "x400Address",
+ directoryName: {
+ names: {
+ blockName: "directoryName"
+ }
+ },
+ ediPartyName: "ediPartyName",
+ uniformResourceIdentifier: "uniformResourceIdentifier",
+ iPAddress: "iPAddress",
+ registeredID: "registeredID"
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.type = asn1.result.blockName.idBlock.tagNumber;
+ switch (this.type) {
+ case 0:
+ this.value = asn1.result.blockName;
+ break;
+ case 1:
+ case 2:
+ case 6:
+ {
+ const value = asn1.result.blockName;
+ value.idBlock.tagClass = 1;
+ value.idBlock.tagNumber = 22;
+ const valueBER = value.toBER(false);
+ const asnValue = fromBER(valueBER);
+ AsnError.assert(asnValue, "GeneralName value");
+ this.value = asnValue.result.valueBlock.value;
+ }
+ break;
+ case 3:
+ this.value = asn1.result.blockName;
+ break;
+ case 4:
+ this.value = new RelativeDistinguishedNames({ schema: asn1.result.directoryName });
+ break;
+ case 5:
+ this.value = asn1.result.ediPartyName;
+ break;
+ case 7:
+ this.value = new OctetString({ valueHex: asn1.result.blockName.valueBlock.valueHex });
+ break;
+ case 8:
+ {
+ const value = asn1.result.blockName;
+ value.idBlock.tagClass = 1;
+ value.idBlock.tagNumber = 6;
+ const valueBER = value.toBER(false);
+ const asnValue = fromBER(valueBER);
+ AsnError.assert(asnValue, "GeneralName registeredID");
+ this.value = asnValue.result.valueBlock.toString();
+ }
+ break;
+ }
+ }
+ toSchema() {
+ switch (this.type) {
+ case 0:
+ case 3:
+ case 5:
+ return new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: this.type
+ },
+ value: [
+ this.value
+ ]
+ });
+ case 1:
+ case 2:
+ case 6:
+ {
+ const value = new IA5String({ value: this.value });
+ value.idBlock.tagClass = 3;
+ value.idBlock.tagNumber = this.type;
+ return value;
+ }
+ case 4:
+ return new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 4
+ },
+ value: [this.value.toSchema()]
+ });
+ case 7:
+ {
+ const value = this.value;
+ value.idBlock.tagClass = 3;
+ value.idBlock.tagNumber = this.type;
+ return value;
+ }
+ case 8:
+ {
+ const value = new ObjectIdentifier({ value: this.value });
+ value.idBlock.tagClass = 3;
+ value.idBlock.tagNumber = this.type;
+ return value;
+ }
+ default:
+ return GeneralName.schema();
+ }
+ }
+ toJSON() {
+ const _object = {
+ type: this.type,
+ value: EMPTY_STRING
+ };
+ if ((typeof this.value) === "string")
+ _object.value = this.value;
+ else {
+ try {
+ _object.value = this.value.toJSON();
+ }
+ catch (ex) {
+ }
+ }
+ return _object;
+ }
+}
+GeneralName.CLASS_NAME = "GeneralName";
+
+const ACCESS_METHOD = "accessMethod";
+const ACCESS_LOCATION = "accessLocation";
+const CLEAR_PROPS$1v = [
+ ACCESS_METHOD,
+ ACCESS_LOCATION,
+];
+class AccessDescription extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.accessMethod = getParametersValue(parameters, ACCESS_METHOD, AccessDescription.defaultValues(ACCESS_METHOD));
+ this.accessLocation = getParametersValue(parameters, ACCESS_LOCATION, AccessDescription.defaultValues(ACCESS_LOCATION));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case ACCESS_METHOD:
+ return EMPTY_STRING;
+ case ACCESS_LOCATION:
+ return new GeneralName();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.accessMethod || EMPTY_STRING) }),
+ GeneralName.schema(names.accessLocation || {})
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1v);
+ const asn1 = compareSchema(schema, schema, AccessDescription.schema({
+ names: {
+ accessMethod: ACCESS_METHOD,
+ accessLocation: {
+ names: {
+ blockName: ACCESS_LOCATION
+ }
+ }
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.accessMethod = asn1.result.accessMethod.valueBlock.toString();
+ this.accessLocation = new GeneralName({ schema: asn1.result.accessLocation });
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ new ObjectIdentifier({ value: this.accessMethod }),
+ this.accessLocation.toSchema()
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ accessMethod: this.accessMethod,
+ accessLocation: this.accessLocation.toJSON()
+ };
+ }
+}
+AccessDescription.CLASS_NAME = "AccessDescription";
+
+const SECONDS = "seconds";
+const MILLIS = "millis";
+const MICROS = "micros";
+class Accuracy extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ if (SECONDS in parameters) {
+ this.seconds = getParametersValue(parameters, SECONDS, Accuracy.defaultValues(SECONDS));
+ }
+ if (MILLIS in parameters) {
+ this.millis = getParametersValue(parameters, MILLIS, Accuracy.defaultValues(MILLIS));
+ }
+ if (MICROS in parameters) {
+ this.micros = getParametersValue(parameters, MICROS, Accuracy.defaultValues(MICROS));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case SECONDS:
+ case MILLIS:
+ case MICROS:
+ return 0;
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case SECONDS:
+ case MILLIS:
+ case MICROS:
+ return (memberValue === Accuracy.defaultValues(memberName));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ optional: true,
+ value: [
+ new Integer({
+ optional: true,
+ name: (names.seconds || EMPTY_STRING)
+ }),
+ new Primitive({
+ name: (names.millis || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ }
+ }),
+ new Primitive({
+ name: (names.micros || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ }
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, [
+ SECONDS,
+ MILLIS,
+ MICROS,
+ ]);
+ const asn1 = compareSchema(schema, schema, Accuracy.schema({
+ names: {
+ seconds: SECONDS,
+ millis: MILLIS,
+ micros: MICROS,
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if ("seconds" in asn1.result) {
+ this.seconds = asn1.result.seconds.valueBlock.valueDec;
+ }
+ if ("millis" in asn1.result) {
+ const intMillis = new Integer({ valueHex: asn1.result.millis.valueBlock.valueHex });
+ this.millis = intMillis.valueBlock.valueDec;
+ }
+ if ("micros" in asn1.result) {
+ const intMicros = new Integer({ valueHex: asn1.result.micros.valueBlock.valueHex });
+ this.micros = intMicros.valueBlock.valueDec;
+ }
+ }
+ toSchema() {
+ const outputArray = [];
+ if (this.seconds !== undefined)
+ outputArray.push(new Integer({ value: this.seconds }));
+ if (this.millis !== undefined) {
+ const intMillis = new Integer({ value: this.millis });
+ outputArray.push(new Primitive({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ valueHex: intMillis.valueBlock.valueHexView
+ }));
+ }
+ if (this.micros !== undefined) {
+ const intMicros = new Integer({ value: this.micros });
+ outputArray.push(new Primitive({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ valueHex: intMicros.valueBlock.valueHexView
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const _object = {};
+ if (this.seconds !== undefined)
+ _object.seconds = this.seconds;
+ if (this.millis !== undefined)
+ _object.millis = this.millis;
+ if (this.micros !== undefined)
+ _object.micros = this.micros;
+ return _object;
+ }
+}
+Accuracy.CLASS_NAME = "Accuracy";
+
+const ALGORITHM_ID = "algorithmId";
+const ALGORITHM_PARAMS = "algorithmParams";
+const ALGORITHM$2 = "algorithm";
+const PARAMS = "params";
+const CLEAR_PROPS$1u = [
+ ALGORITHM$2,
+ PARAMS
+];
+class AlgorithmIdentifier extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.algorithmId = getParametersValue(parameters, ALGORITHM_ID, AlgorithmIdentifier.defaultValues(ALGORITHM_ID));
+ if (ALGORITHM_PARAMS in parameters) {
+ this.algorithmParams = getParametersValue(parameters, ALGORITHM_PARAMS, AlgorithmIdentifier.defaultValues(ALGORITHM_PARAMS));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case ALGORITHM_ID:
+ return EMPTY_STRING;
+ case ALGORITHM_PARAMS:
+ return new Any();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case ALGORITHM_ID:
+ return (memberValue === EMPTY_STRING);
+ case ALGORITHM_PARAMS:
+ return (memberValue instanceof Any);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ optional: (names.optional || false),
+ value: [
+ new ObjectIdentifier({ name: (names.algorithmIdentifier || EMPTY_STRING) }),
+ new Any({ name: (names.algorithmParams || EMPTY_STRING), optional: true })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1u);
+ const asn1 = compareSchema(schema, schema, AlgorithmIdentifier.schema({
+ names: {
+ algorithmIdentifier: ALGORITHM$2,
+ algorithmParams: PARAMS
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.algorithmId = asn1.result.algorithm.valueBlock.toString();
+ if (PARAMS in asn1.result) {
+ this.algorithmParams = asn1.result.params;
+ }
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(new ObjectIdentifier({ value: this.algorithmId }));
+ if (this.algorithmParams && !(this.algorithmParams instanceof Any)) {
+ outputArray.push(this.algorithmParams);
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const object = {
+ algorithmId: this.algorithmId
+ };
+ if (this.algorithmParams && !(this.algorithmParams instanceof Any)) {
+ object.algorithmParams = this.algorithmParams.toJSON();
+ }
+ return object;
+ }
+ isEqual(algorithmIdentifier) {
+ if (!(algorithmIdentifier instanceof AlgorithmIdentifier)) {
+ return false;
+ }
+ if (this.algorithmId !== algorithmIdentifier.algorithmId) {
+ return false;
+ }
+ if (this.algorithmParams) {
+ if (algorithmIdentifier.algorithmParams) {
+ return JSON.stringify(this.algorithmParams) === JSON.stringify(algorithmIdentifier.algorithmParams);
+ }
+ return false;
+ }
+ if (algorithmIdentifier.algorithmParams) {
+ return false;
+ }
+ return true;
+ }
+}
+AlgorithmIdentifier.CLASS_NAME = "AlgorithmIdentifier";
+
+const ALT_NAMES = "altNames";
+const CLEAR_PROPS$1t = [
+ ALT_NAMES
+];
+class AltName extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.altNames = getParametersValue(parameters, ALT_NAMES, AltName.defaultValues(ALT_NAMES));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case ALT_NAMES:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Repeated({
+ name: (names.altNames || EMPTY_STRING),
+ value: GeneralName.schema()
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1t);
+ const asn1 = compareSchema(schema, schema, AltName.schema({
+ names: {
+ altNames: ALT_NAMES
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (ALT_NAMES in asn1.result) {
+ this.altNames = Array.from(asn1.result.altNames, element => new GeneralName({ schema: element }));
+ }
+ }
+ toSchema() {
+ return (new Sequence({
+ value: Array.from(this.altNames, o => o.toSchema())
+ }));
+ }
+ toJSON() {
+ return {
+ altNames: Array.from(this.altNames, o => o.toJSON())
+ };
+ }
+}
+AltName.CLASS_NAME = "AltName";
+
+const TYPE$3 = "type";
+const VALUES$1 = "values";
+const CLEAR_PROPS$1s = [
+ TYPE$3,
+ VALUES$1
+];
+class Attribute extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.type = getParametersValue(parameters, TYPE$3, Attribute.defaultValues(TYPE$3));
+ this.values = getParametersValue(parameters, VALUES$1, Attribute.defaultValues(VALUES$1));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case TYPE$3:
+ return EMPTY_STRING;
+ case VALUES$1:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case TYPE$3:
+ return (memberValue === EMPTY_STRING);
+ case VALUES$1:
+ return (memberValue.length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.type || EMPTY_STRING) }),
+ new Set({
+ name: (names.setName || EMPTY_STRING),
+ value: [
+ new Repeated({
+ name: (names.values || EMPTY_STRING),
+ value: new Any()
+ })
+ ]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1s);
+ const asn1 = compareSchema(schema, schema, Attribute.schema({
+ names: {
+ type: TYPE$3,
+ values: VALUES$1
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.type = asn1.result.type.valueBlock.toString();
+ this.values = asn1.result.values;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ new ObjectIdentifier({ value: this.type }),
+ new Set({
+ value: this.values
+ })
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ type: this.type,
+ values: Array.from(this.values, o => o.toJSON())
+ };
+ }
+}
+Attribute.CLASS_NAME = "Attribute";
+
+const NOT_BEFORE_TIME = "notBeforeTime";
+const NOT_AFTER_TIME = "notAfterTime";
+const CLEAR_PROPS$1r = [
+ NOT_BEFORE_TIME,
+ NOT_AFTER_TIME,
+];
+class AttCertValidityPeriod extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.notBeforeTime = getParametersValue(parameters, NOT_BEFORE_TIME, AttCertValidityPeriod.defaultValues(NOT_BEFORE_TIME));
+ this.notAfterTime = getParametersValue(parameters, NOT_AFTER_TIME, AttCertValidityPeriod.defaultValues(NOT_AFTER_TIME));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case NOT_BEFORE_TIME:
+ case NOT_AFTER_TIME:
+ return new Date(0, 0, 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new GeneralizedTime({ name: (names.notBeforeTime || EMPTY_STRING) }),
+ new GeneralizedTime({ name: (names.notAfterTime || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1r);
+ const asn1 = compareSchema(schema, schema, AttCertValidityPeriod.schema({
+ names: {
+ notBeforeTime: NOT_BEFORE_TIME,
+ notAfterTime: NOT_AFTER_TIME
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.notBeforeTime = asn1.result.notBeforeTime.toDate();
+ this.notAfterTime = asn1.result.notAfterTime.toDate();
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ new GeneralizedTime({ valueDate: this.notBeforeTime }),
+ new GeneralizedTime({ valueDate: this.notAfterTime }),
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ notBeforeTime: this.notBeforeTime,
+ notAfterTime: this.notAfterTime
+ };
+ }
+}
+AttCertValidityPeriod.CLASS_NAME = "AttCertValidityPeriod";
+
+const NAMES = "names";
+const GENERAL_NAMES = "generalNames";
+class GeneralNames extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.names = getParametersValue(parameters, NAMES, GeneralNames.defaultValues(NAMES));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case "names":
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}, optional = false) {
+ const names = getParametersValue(parameters, NAMES, {});
+ return (new Sequence({
+ optional,
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Repeated({
+ name: (names.generalNames || EMPTY_STRING),
+ value: GeneralName.schema()
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, [
+ NAMES,
+ GENERAL_NAMES
+ ]);
+ const asn1 = compareSchema(schema, schema, GeneralNames.schema({
+ names: {
+ blockName: NAMES,
+ generalNames: GENERAL_NAMES
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.names = Array.from(asn1.result.generalNames, element => new GeneralName({ schema: element }));
+ }
+ toSchema() {
+ return (new Sequence({
+ value: Array.from(this.names, o => o.toSchema())
+ }));
+ }
+ toJSON() {
+ return {
+ names: Array.from(this.names, o => o.toJSON())
+ };
+ }
+}
+GeneralNames.CLASS_NAME = "GeneralNames";
+
+const id_SubjectDirectoryAttributes = "2.5.29.9";
+const id_SubjectKeyIdentifier = "2.5.29.14";
+const id_KeyUsage = "2.5.29.15";
+const id_PrivateKeyUsagePeriod = "2.5.29.16";
+const id_SubjectAltName = "2.5.29.17";
+const id_IssuerAltName = "2.5.29.18";
+const id_BasicConstraints = "2.5.29.19";
+const id_CRLNumber = "2.5.29.20";
+const id_BaseCRLNumber = "2.5.29.27";
+const id_CRLReason = "2.5.29.21";
+const id_InvalidityDate = "2.5.29.24";
+const id_IssuingDistributionPoint = "2.5.29.28";
+const id_CertificateIssuer = "2.5.29.29";
+const id_NameConstraints = "2.5.29.30";
+const id_CRLDistributionPoints = "2.5.29.31";
+const id_FreshestCRL = "2.5.29.46";
+const id_CertificatePolicies = "2.5.29.32";
+const id_AnyPolicy = "2.5.29.32.0";
+const id_MicrosoftAppPolicies = "1.3.6.1.4.1.311.21.10";
+const id_PolicyMappings = "2.5.29.33";
+const id_AuthorityKeyIdentifier = "2.5.29.35";
+const id_PolicyConstraints = "2.5.29.36";
+const id_ExtKeyUsage = "2.5.29.37";
+const id_InhibitAnyPolicy = "2.5.29.54";
+const id_AuthorityInfoAccess = "1.3.6.1.5.5.7.1.1";
+const id_SubjectInfoAccess = "1.3.6.1.5.5.7.1.11";
+const id_SignedCertificateTimestampList = "1.3.6.1.4.1.11129.2.4.2";
+const id_MicrosoftCertTemplateV1 = "1.3.6.1.4.1.311.20.2";
+const id_MicrosoftPrevCaCertHash = "1.3.6.1.4.1.311.21.2";
+const id_MicrosoftCertTemplateV2 = "1.3.6.1.4.1.311.21.7";
+const id_MicrosoftCaVersion = "1.3.6.1.4.1.311.21.1";
+const id_QCStatements = "1.3.6.1.5.5.7.1.3";
+const id_ContentType_Data = "1.2.840.113549.1.7.1";
+const id_ContentType_SignedData = "1.2.840.113549.1.7.2";
+const id_ContentType_EnvelopedData = "1.2.840.113549.1.7.3";
+const id_ContentType_EncryptedData = "1.2.840.113549.1.7.6";
+const id_eContentType_TSTInfo = "1.2.840.113549.1.9.16.1.4";
+const id_CertBag_X509Certificate = "1.2.840.113549.1.9.22.1";
+const id_CertBag_SDSICertificate = "1.2.840.113549.1.9.22.2";
+const id_CertBag_AttributeCertificate = "1.2.840.113549.1.9.22.3";
+const id_CRLBag_X509CRL = "1.2.840.113549.1.9.23.1";
+const id_pkix = "1.3.6.1.5.5.7";
+const id_ad = `${id_pkix}.48`;
+const id_PKIX_OCSP_Basic = `${id_ad}.1.1`;
+const id_ad_caIssuers = `${id_ad}.2`;
+const id_ad_ocsp = `${id_ad}.1`;
+const id_sha1 = "1.3.14.3.2.26";
+const id_sha256 = "2.16.840.1.101.3.4.2.1";
+const id_sha384 = "2.16.840.1.101.3.4.2.2";
+const id_sha512 = "2.16.840.1.101.3.4.2.3";
+
+const KEY_IDENTIFIER$1 = "keyIdentifier";
+const AUTHORITY_CERT_ISSUER = "authorityCertIssuer";
+const AUTHORITY_CERT_SERIAL_NUMBER = "authorityCertSerialNumber";
+const CLEAR_PROPS$1q = [
+ KEY_IDENTIFIER$1,
+ AUTHORITY_CERT_ISSUER,
+ AUTHORITY_CERT_SERIAL_NUMBER,
+];
+class AuthorityKeyIdentifier extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ if (KEY_IDENTIFIER$1 in parameters) {
+ this.keyIdentifier = getParametersValue(parameters, KEY_IDENTIFIER$1, AuthorityKeyIdentifier.defaultValues(KEY_IDENTIFIER$1));
+ }
+ if (AUTHORITY_CERT_ISSUER in parameters) {
+ this.authorityCertIssuer = getParametersValue(parameters, AUTHORITY_CERT_ISSUER, AuthorityKeyIdentifier.defaultValues(AUTHORITY_CERT_ISSUER));
+ }
+ if (AUTHORITY_CERT_SERIAL_NUMBER in parameters) {
+ this.authorityCertSerialNumber = getParametersValue(parameters, AUTHORITY_CERT_SERIAL_NUMBER, AuthorityKeyIdentifier.defaultValues(AUTHORITY_CERT_SERIAL_NUMBER));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case KEY_IDENTIFIER$1:
+ return new OctetString();
+ case AUTHORITY_CERT_ISSUER:
+ return [];
+ case AUTHORITY_CERT_SERIAL_NUMBER:
+ return new Integer();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Primitive({
+ name: (names.keyIdentifier || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ }
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [
+ new Repeated({
+ name: (names.authorityCertIssuer || EMPTY_STRING),
+ value: GeneralName.schema()
+ })
+ ]
+ }),
+ new Primitive({
+ name: (names.authorityCertSerialNumber || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ }
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1q);
+ const asn1 = compareSchema(schema, schema, AuthorityKeyIdentifier.schema({
+ names: {
+ keyIdentifier: KEY_IDENTIFIER$1,
+ authorityCertIssuer: AUTHORITY_CERT_ISSUER,
+ authorityCertSerialNumber: AUTHORITY_CERT_SERIAL_NUMBER
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (KEY_IDENTIFIER$1 in asn1.result)
+ this.keyIdentifier = new OctetString({ valueHex: asn1.result.keyIdentifier.valueBlock.valueHex });
+ if (AUTHORITY_CERT_ISSUER in asn1.result)
+ this.authorityCertIssuer = Array.from(asn1.result.authorityCertIssuer, o => new GeneralName({ schema: o }));
+ if (AUTHORITY_CERT_SERIAL_NUMBER in asn1.result)
+ this.authorityCertSerialNumber = new Integer({ valueHex: asn1.result.authorityCertSerialNumber.valueBlock.valueHex });
+ }
+ toSchema() {
+ const outputArray = [];
+ if (this.keyIdentifier) {
+ outputArray.push(new Primitive({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ valueHex: this.keyIdentifier.valueBlock.valueHexView
+ }));
+ }
+ if (this.authorityCertIssuer) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: Array.from(this.authorityCertIssuer, o => o.toSchema())
+ }));
+ }
+ if (this.authorityCertSerialNumber) {
+ outputArray.push(new Primitive({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ valueHex: this.authorityCertSerialNumber.valueBlock.valueHexView
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const object = {};
+ if (this.keyIdentifier) {
+ object.keyIdentifier = this.keyIdentifier.toJSON();
+ }
+ if (this.authorityCertIssuer) {
+ object.authorityCertIssuer = Array.from(this.authorityCertIssuer, o => o.toJSON());
+ }
+ if (this.authorityCertSerialNumber) {
+ object.authorityCertSerialNumber = this.authorityCertSerialNumber.toJSON();
+ }
+ return object;
+ }
+}
+AuthorityKeyIdentifier.CLASS_NAME = "AuthorityKeyIdentifier";
+
+const PATH_LENGTH_CONSTRAINT = "pathLenConstraint";
+const CA = "cA";
+class BasicConstraints extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.cA = getParametersValue(parameters, CA, false);
+ if (PATH_LENGTH_CONSTRAINT in parameters) {
+ this.pathLenConstraint = getParametersValue(parameters, PATH_LENGTH_CONSTRAINT, 0);
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case CA:
+ return false;
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Boolean({
+ optional: true,
+ name: (names.cA || EMPTY_STRING)
+ }),
+ new Integer({
+ optional: true,
+ name: (names.pathLenConstraint || EMPTY_STRING)
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, [
+ CA,
+ PATH_LENGTH_CONSTRAINT
+ ]);
+ const asn1 = compareSchema(schema, schema, BasicConstraints.schema({
+ names: {
+ cA: CA,
+ pathLenConstraint: PATH_LENGTH_CONSTRAINT
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (CA in asn1.result) {
+ this.cA = asn1.result.cA.valueBlock.value;
+ }
+ if (PATH_LENGTH_CONSTRAINT in asn1.result) {
+ if (asn1.result.pathLenConstraint.valueBlock.isHexOnly) {
+ this.pathLenConstraint = asn1.result.pathLenConstraint;
+ }
+ else {
+ this.pathLenConstraint = asn1.result.pathLenConstraint.valueBlock.valueDec;
+ }
+ }
+ }
+ toSchema() {
+ const outputArray = [];
+ if (this.cA !== BasicConstraints.defaultValues(CA))
+ outputArray.push(new Boolean({ value: this.cA }));
+ if (PATH_LENGTH_CONSTRAINT in this) {
+ if (this.pathLenConstraint instanceof Integer) {
+ outputArray.push(this.pathLenConstraint);
+ }
+ else {
+ outputArray.push(new Integer({ value: this.pathLenConstraint }));
+ }
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const object = {};
+ if (this.cA !== BasicConstraints.defaultValues(CA)) {
+ object.cA = this.cA;
+ }
+ if (PATH_LENGTH_CONSTRAINT in this) {
+ if (this.pathLenConstraint instanceof Integer) {
+ object.pathLenConstraint = this.pathLenConstraint.toJSON();
+ }
+ else {
+ object.pathLenConstraint = this.pathLenConstraint;
+ }
+ }
+ return object;
+ }
+}
+BasicConstraints.CLASS_NAME = "BasicConstraints";
+
+const CERTIFICATE_INDEX = "certificateIndex";
+const KEY_INDEX = "keyIndex";
+class CAVersion extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.certificateIndex = getParametersValue(parameters, CERTIFICATE_INDEX, CAVersion.defaultValues(CERTIFICATE_INDEX));
+ this.keyIndex = getParametersValue(parameters, KEY_INDEX, CAVersion.defaultValues(KEY_INDEX));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case CERTIFICATE_INDEX:
+ case KEY_INDEX:
+ return 0;
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema() {
+ return (new Integer());
+ }
+ fromSchema(schema) {
+ if (schema.constructor.blockName() !== Integer.blockName()) {
+ throw new Error("Object's schema was not verified against input data for CAVersion");
+ }
+ let value = schema.valueBlock.valueHex.slice(0);
+ const valueView = new Uint8Array(value);
+ switch (true) {
+ case (value.byteLength < 4):
+ {
+ const tempValue = new ArrayBuffer(4);
+ const tempValueView = new Uint8Array(tempValue);
+ tempValueView.set(valueView, 4 - value.byteLength);
+ value = tempValue.slice(0);
+ }
+ break;
+ case (value.byteLength > 4):
+ {
+ const tempValue = new ArrayBuffer(4);
+ const tempValueView = new Uint8Array(tempValue);
+ tempValueView.set(valueView.slice(0, 4));
+ value = tempValue.slice(0);
+ }
+ break;
+ }
+ const keyIndexBuffer = value.slice(0, 2);
+ const keyIndexView8 = new Uint8Array(keyIndexBuffer);
+ let temp = keyIndexView8[0];
+ keyIndexView8[0] = keyIndexView8[1];
+ keyIndexView8[1] = temp;
+ const keyIndexView16 = new Uint16Array(keyIndexBuffer);
+ this.keyIndex = keyIndexView16[0];
+ const certificateIndexBuffer = value.slice(2);
+ const certificateIndexView8 = new Uint8Array(certificateIndexBuffer);
+ temp = certificateIndexView8[0];
+ certificateIndexView8[0] = certificateIndexView8[1];
+ certificateIndexView8[1] = temp;
+ const certificateIndexView16 = new Uint16Array(certificateIndexBuffer);
+ this.certificateIndex = certificateIndexView16[0];
+ }
+ toSchema() {
+ const certificateIndexBuffer = new ArrayBuffer(2);
+ const certificateIndexView = new Uint16Array(certificateIndexBuffer);
+ certificateIndexView[0] = this.certificateIndex;
+ const certificateIndexView8 = new Uint8Array(certificateIndexBuffer);
+ let temp = certificateIndexView8[0];
+ certificateIndexView8[0] = certificateIndexView8[1];
+ certificateIndexView8[1] = temp;
+ const keyIndexBuffer = new ArrayBuffer(2);
+ const keyIndexView = new Uint16Array(keyIndexBuffer);
+ keyIndexView[0] = this.keyIndex;
+ const keyIndexView8 = new Uint8Array(keyIndexBuffer);
+ temp = keyIndexView8[0];
+ keyIndexView8[0] = keyIndexView8[1];
+ keyIndexView8[1] = temp;
+ return (new Integer({
+ valueHex: utilConcatBuf(keyIndexBuffer, certificateIndexBuffer)
+ }));
+ }
+ toJSON() {
+ return {
+ certificateIndex: this.certificateIndex,
+ keyIndex: this.keyIndex
+ };
+ }
+}
+CAVersion.CLASS_NAME = "CAVersion";
+
+const POLICY_QUALIFIER_ID = "policyQualifierId";
+const QUALIFIER = "qualifier";
+const CLEAR_PROPS$1p = [
+ POLICY_QUALIFIER_ID,
+ QUALIFIER
+];
+class PolicyQualifierInfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.policyQualifierId = getParametersValue(parameters, POLICY_QUALIFIER_ID, PolicyQualifierInfo.defaultValues(POLICY_QUALIFIER_ID));
+ this.qualifier = getParametersValue(parameters, QUALIFIER, PolicyQualifierInfo.defaultValues(QUALIFIER));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case POLICY_QUALIFIER_ID:
+ return EMPTY_STRING;
+ case QUALIFIER:
+ return new Any();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.policyQualifierId || EMPTY_STRING) }),
+ new Any({ name: (names.qualifier || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1p);
+ const asn1 = compareSchema(schema, schema, PolicyQualifierInfo.schema({
+ names: {
+ policyQualifierId: POLICY_QUALIFIER_ID,
+ qualifier: QUALIFIER
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.policyQualifierId = asn1.result.policyQualifierId.valueBlock.toString();
+ this.qualifier = asn1.result.qualifier;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ new ObjectIdentifier({ value: this.policyQualifierId }),
+ this.qualifier
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ policyQualifierId: this.policyQualifierId,
+ qualifier: this.qualifier.toJSON()
+ };
+ }
+}
+PolicyQualifierInfo.CLASS_NAME = "PolicyQualifierInfo";
+
+const POLICY_IDENTIFIER = "policyIdentifier";
+const POLICY_QUALIFIERS = "policyQualifiers";
+const CLEAR_PROPS$1o = [
+ POLICY_IDENTIFIER,
+ POLICY_QUALIFIERS
+];
+class PolicyInformation extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.policyIdentifier = getParametersValue(parameters, POLICY_IDENTIFIER, PolicyInformation.defaultValues(POLICY_IDENTIFIER));
+ if (POLICY_QUALIFIERS in parameters) {
+ this.policyQualifiers = getParametersValue(parameters, POLICY_QUALIFIERS, PolicyInformation.defaultValues(POLICY_QUALIFIERS));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case POLICY_IDENTIFIER:
+ return EMPTY_STRING;
+ case POLICY_QUALIFIERS:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.policyIdentifier || EMPTY_STRING) }),
+ new Sequence({
+ optional: true,
+ value: [
+ new Repeated({
+ name: (names.policyQualifiers || EMPTY_STRING),
+ value: PolicyQualifierInfo.schema()
+ })
+ ]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1o);
+ const asn1 = compareSchema(schema, schema, PolicyInformation.schema({
+ names: {
+ policyIdentifier: POLICY_IDENTIFIER,
+ policyQualifiers: POLICY_QUALIFIERS
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.policyIdentifier = asn1.result.policyIdentifier.valueBlock.toString();
+ if (POLICY_QUALIFIERS in asn1.result) {
+ this.policyQualifiers = Array.from(asn1.result.policyQualifiers, element => new PolicyQualifierInfo({ schema: element }));
+ }
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(new ObjectIdentifier({ value: this.policyIdentifier }));
+ if (this.policyQualifiers) {
+ outputArray.push(new Sequence({
+ value: Array.from(this.policyQualifiers, o => o.toSchema())
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ policyIdentifier: this.policyIdentifier
+ };
+ if (this.policyQualifiers)
+ res.policyQualifiers = Array.from(this.policyQualifiers, o => o.toJSON());
+ return res;
+ }
+}
+PolicyInformation.CLASS_NAME = "PolicyInformation";
+
+const CERTIFICATE_POLICIES = "certificatePolicies";
+const CLEAR_PROPS$1n = [
+ CERTIFICATE_POLICIES,
+];
+class CertificatePolicies extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.certificatePolicies = getParametersValue(parameters, CERTIFICATE_POLICIES, CertificatePolicies.defaultValues(CERTIFICATE_POLICIES));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case CERTIFICATE_POLICIES:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Repeated({
+ name: (names.certificatePolicies || EMPTY_STRING),
+ value: PolicyInformation.schema()
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1n);
+ const asn1 = compareSchema(schema, schema, CertificatePolicies.schema({
+ names: {
+ certificatePolicies: CERTIFICATE_POLICIES
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.certificatePolicies = Array.from(asn1.result.certificatePolicies, element => new PolicyInformation({ schema: element }));
+ }
+ toSchema() {
+ return (new Sequence({
+ value: Array.from(this.certificatePolicies, o => o.toSchema())
+ }));
+ }
+ toJSON() {
+ return {
+ certificatePolicies: Array.from(this.certificatePolicies, o => o.toJSON())
+ };
+ }
+}
+CertificatePolicies.CLASS_NAME = "CertificatePolicies";
+
+const TEMPLATE_ID = "templateID";
+const TEMPLATE_MAJOR_VERSION = "templateMajorVersion";
+const TEMPLATE_MINOR_VERSION = "templateMinorVersion";
+const CLEAR_PROPS$1m = [
+ TEMPLATE_ID,
+ TEMPLATE_MAJOR_VERSION,
+ TEMPLATE_MINOR_VERSION
+];
+class CertificateTemplate extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.templateID = getParametersValue(parameters, TEMPLATE_ID, CertificateTemplate.defaultValues(TEMPLATE_ID));
+ if (TEMPLATE_MAJOR_VERSION in parameters) {
+ this.templateMajorVersion = getParametersValue(parameters, TEMPLATE_MAJOR_VERSION, CertificateTemplate.defaultValues(TEMPLATE_MAJOR_VERSION));
+ }
+ if (TEMPLATE_MINOR_VERSION in parameters) {
+ this.templateMinorVersion = getParametersValue(parameters, TEMPLATE_MINOR_VERSION, CertificateTemplate.defaultValues(TEMPLATE_MINOR_VERSION));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case TEMPLATE_ID:
+ return EMPTY_STRING;
+ case TEMPLATE_MAJOR_VERSION:
+ case TEMPLATE_MINOR_VERSION:
+ return 0;
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.templateID || EMPTY_STRING) }),
+ new Integer({
+ name: (names.templateMajorVersion || EMPTY_STRING),
+ optional: true
+ }),
+ new Integer({
+ name: (names.templateMinorVersion || EMPTY_STRING),
+ optional: true
+ }),
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1m);
+ const asn1 = compareSchema(schema, schema, CertificateTemplate.schema({
+ names: {
+ templateID: TEMPLATE_ID,
+ templateMajorVersion: TEMPLATE_MAJOR_VERSION,
+ templateMinorVersion: TEMPLATE_MINOR_VERSION
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.templateID = asn1.result.templateID.valueBlock.toString();
+ if (TEMPLATE_MAJOR_VERSION in asn1.result) {
+ this.templateMajorVersion = asn1.result.templateMajorVersion.valueBlock.valueDec;
+ }
+ if (TEMPLATE_MINOR_VERSION in asn1.result) {
+ this.templateMinorVersion = asn1.result.templateMinorVersion.valueBlock.valueDec;
+ }
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(new ObjectIdentifier({ value: this.templateID }));
+ if (TEMPLATE_MAJOR_VERSION in this) {
+ outputArray.push(new Integer({ value: this.templateMajorVersion }));
+ }
+ if (TEMPLATE_MINOR_VERSION in this) {
+ outputArray.push(new Integer({ value: this.templateMinorVersion }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ templateID: this.templateID
+ };
+ if (TEMPLATE_MAJOR_VERSION in this)
+ res.templateMajorVersion = this.templateMajorVersion;
+ if (TEMPLATE_MINOR_VERSION in this)
+ res.templateMinorVersion = this.templateMinorVersion;
+ return res;
+ }
+}
+
+const DISTRIBUTION_POINT$1 = "distributionPoint";
+const DISTRIBUTION_POINT_NAMES$1 = "distributionPointNames";
+const REASONS = "reasons";
+const CRL_ISSUER = "cRLIssuer";
+const CRL_ISSUER_NAMES = "cRLIssuerNames";
+const CLEAR_PROPS$1l = [
+ DISTRIBUTION_POINT$1,
+ DISTRIBUTION_POINT_NAMES$1,
+ REASONS,
+ CRL_ISSUER,
+ CRL_ISSUER_NAMES,
+];
+class DistributionPoint extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ if (DISTRIBUTION_POINT$1 in parameters) {
+ this.distributionPoint = getParametersValue(parameters, DISTRIBUTION_POINT$1, DistributionPoint.defaultValues(DISTRIBUTION_POINT$1));
+ }
+ if (REASONS in parameters) {
+ this.reasons = getParametersValue(parameters, REASONS, DistributionPoint.defaultValues(REASONS));
+ }
+ if (CRL_ISSUER in parameters) {
+ this.cRLIssuer = getParametersValue(parameters, CRL_ISSUER, DistributionPoint.defaultValues(CRL_ISSUER));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case DISTRIBUTION_POINT$1:
+ return [];
+ case REASONS:
+ return new BitString();
+ case CRL_ISSUER:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new Choice({
+ value: [
+ new Constructed({
+ name: (names.distributionPoint || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new Repeated({
+ name: (names.distributionPointNames || EMPTY_STRING),
+ value: GeneralName.schema()
+ })
+ ]
+ }),
+ new Constructed({
+ name: (names.distributionPoint || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: RelativeDistinguishedNames.schema().valueBlock.value
+ })
+ ]
+ })
+ ]
+ }),
+ new Primitive({
+ name: (names.reasons || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ }
+ }),
+ new Constructed({
+ name: (names.cRLIssuer || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ value: [
+ new Repeated({
+ name: (names.cRLIssuerNames || EMPTY_STRING),
+ value: GeneralName.schema()
+ })
+ ]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1l);
+ const asn1 = compareSchema(schema, schema, DistributionPoint.schema({
+ names: {
+ distributionPoint: DISTRIBUTION_POINT$1,
+ distributionPointNames: DISTRIBUTION_POINT_NAMES$1,
+ reasons: REASONS,
+ cRLIssuer: CRL_ISSUER,
+ cRLIssuerNames: CRL_ISSUER_NAMES
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (DISTRIBUTION_POINT$1 in asn1.result) {
+ if (asn1.result.distributionPoint.idBlock.tagNumber === 0) {
+ this.distributionPoint = Array.from(asn1.result.distributionPointNames, element => new GeneralName({ schema: element }));
+ }
+ if (asn1.result.distributionPoint.idBlock.tagNumber === 1) {
+ this.distributionPoint = new RelativeDistinguishedNames({
+ schema: new Sequence({
+ value: asn1.result.distributionPoint.valueBlock.value
+ })
+ });
+ }
+ }
+ if (REASONS in asn1.result) {
+ this.reasons = new BitString({ valueHex: asn1.result.reasons.valueBlock.valueHex });
+ }
+ if (CRL_ISSUER in asn1.result) {
+ this.cRLIssuer = Array.from(asn1.result.cRLIssuerNames, element => new GeneralName({ schema: element }));
+ }
+ }
+ toSchema() {
+ const outputArray = [];
+ if (this.distributionPoint) {
+ let internalValue;
+ if (this.distributionPoint instanceof Array) {
+ internalValue = new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: Array.from(this.distributionPoint, o => o.toSchema())
+ });
+ }
+ else {
+ internalValue = new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [this.distributionPoint.toSchema()]
+ });
+ }
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [internalValue]
+ }));
+ }
+ if (this.reasons) {
+ outputArray.push(new Primitive({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ valueHex: this.reasons.valueBlock.valueHexView
+ }));
+ }
+ if (this.cRLIssuer) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ value: Array.from(this.cRLIssuer, o => o.toSchema())
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const object = {};
+ if (this.distributionPoint) {
+ if (this.distributionPoint instanceof Array) {
+ object.distributionPoint = Array.from(this.distributionPoint, o => o.toJSON());
+ }
+ else {
+ object.distributionPoint = this.distributionPoint.toJSON();
+ }
+ }
+ if (this.reasons) {
+ object.reasons = this.reasons.toJSON();
+ }
+ if (this.cRLIssuer) {
+ object.cRLIssuer = Array.from(this.cRLIssuer, o => o.toJSON());
+ }
+ return object;
+ }
+}
+DistributionPoint.CLASS_NAME = "DistributionPoint";
+
+const DISTRIBUTION_POINTS = "distributionPoints";
+const CLEAR_PROPS$1k = [
+ DISTRIBUTION_POINTS
+];
+class CRLDistributionPoints extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.distributionPoints = getParametersValue(parameters, DISTRIBUTION_POINTS, CRLDistributionPoints.defaultValues(DISTRIBUTION_POINTS));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case DISTRIBUTION_POINTS:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Repeated({
+ name: (names.distributionPoints || EMPTY_STRING),
+ value: DistributionPoint.schema()
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1k);
+ const asn1 = compareSchema(schema, schema, CRLDistributionPoints.schema({
+ names: {
+ distributionPoints: DISTRIBUTION_POINTS
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.distributionPoints = Array.from(asn1.result.distributionPoints, element => new DistributionPoint({ schema: element }));
+ }
+ toSchema() {
+ return (new Sequence({
+ value: Array.from(this.distributionPoints, o => o.toSchema())
+ }));
+ }
+ toJSON() {
+ return {
+ distributionPoints: Array.from(this.distributionPoints, o => o.toJSON())
+ };
+ }
+}
+CRLDistributionPoints.CLASS_NAME = "CRLDistributionPoints";
+
+const KEY_PURPOSES = "keyPurposes";
+const CLEAR_PROPS$1j = [
+ KEY_PURPOSES,
+];
+class ExtKeyUsage extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.keyPurposes = getParametersValue(parameters, KEY_PURPOSES, ExtKeyUsage.defaultValues(KEY_PURPOSES));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case KEY_PURPOSES:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Repeated({
+ name: (names.keyPurposes || EMPTY_STRING),
+ value: new ObjectIdentifier()
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1j);
+ const asn1 = compareSchema(schema, schema, ExtKeyUsage.schema({
+ names: {
+ keyPurposes: KEY_PURPOSES
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.keyPurposes = Array.from(asn1.result.keyPurposes, (element) => element.valueBlock.toString());
+ }
+ toSchema() {
+ return (new Sequence({
+ value: Array.from(this.keyPurposes, element => new ObjectIdentifier({ value: element }))
+ }));
+ }
+ toJSON() {
+ return {
+ keyPurposes: Array.from(this.keyPurposes)
+ };
+ }
+}
+ExtKeyUsage.CLASS_NAME = "ExtKeyUsage";
+
+const ACCESS_DESCRIPTIONS = "accessDescriptions";
+class InfoAccess extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.accessDescriptions = getParametersValue(parameters, ACCESS_DESCRIPTIONS, InfoAccess.defaultValues(ACCESS_DESCRIPTIONS));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case ACCESS_DESCRIPTIONS:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Repeated({
+ name: (names.accessDescriptions || EMPTY_STRING),
+ value: AccessDescription.schema()
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, [
+ ACCESS_DESCRIPTIONS
+ ]);
+ const asn1 = compareSchema(schema, schema, InfoAccess.schema({
+ names: {
+ accessDescriptions: ACCESS_DESCRIPTIONS
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.accessDescriptions = Array.from(asn1.result.accessDescriptions, element => new AccessDescription({ schema: element }));
+ }
+ toSchema() {
+ return (new Sequence({
+ value: Array.from(this.accessDescriptions, o => o.toSchema())
+ }));
+ }
+ toJSON() {
+ return {
+ accessDescriptions: Array.from(this.accessDescriptions, o => o.toJSON())
+ };
+ }
+}
+InfoAccess.CLASS_NAME = "InfoAccess";
+
+const DISTRIBUTION_POINT = "distributionPoint";
+const DISTRIBUTION_POINT_NAMES = "distributionPointNames";
+const ONLY_CONTAINS_USER_CERTS = "onlyContainsUserCerts";
+const ONLY_CONTAINS_CA_CERTS = "onlyContainsCACerts";
+const ONLY_SOME_REASON = "onlySomeReasons";
+const INDIRECT_CRL = "indirectCRL";
+const ONLY_CONTAINS_ATTRIBUTE_CERTS = "onlyContainsAttributeCerts";
+const CLEAR_PROPS$1i = [
+ DISTRIBUTION_POINT,
+ DISTRIBUTION_POINT_NAMES,
+ ONLY_CONTAINS_USER_CERTS,
+ ONLY_CONTAINS_CA_CERTS,
+ ONLY_SOME_REASON,
+ INDIRECT_CRL,
+ ONLY_CONTAINS_ATTRIBUTE_CERTS,
+];
+class IssuingDistributionPoint extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ if (DISTRIBUTION_POINT in parameters) {
+ this.distributionPoint = getParametersValue(parameters, DISTRIBUTION_POINT, IssuingDistributionPoint.defaultValues(DISTRIBUTION_POINT));
+ }
+ this.onlyContainsUserCerts = getParametersValue(parameters, ONLY_CONTAINS_USER_CERTS, IssuingDistributionPoint.defaultValues(ONLY_CONTAINS_USER_CERTS));
+ this.onlyContainsCACerts = getParametersValue(parameters, ONLY_CONTAINS_CA_CERTS, IssuingDistributionPoint.defaultValues(ONLY_CONTAINS_CA_CERTS));
+ if (ONLY_SOME_REASON in parameters) {
+ this.onlySomeReasons = getParametersValue(parameters, ONLY_SOME_REASON, IssuingDistributionPoint.defaultValues(ONLY_SOME_REASON));
+ }
+ this.indirectCRL = getParametersValue(parameters, INDIRECT_CRL, IssuingDistributionPoint.defaultValues(INDIRECT_CRL));
+ this.onlyContainsAttributeCerts = getParametersValue(parameters, ONLY_CONTAINS_ATTRIBUTE_CERTS, IssuingDistributionPoint.defaultValues(ONLY_CONTAINS_ATTRIBUTE_CERTS));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case DISTRIBUTION_POINT:
+ return [];
+ case ONLY_CONTAINS_USER_CERTS:
+ return false;
+ case ONLY_CONTAINS_CA_CERTS:
+ return false;
+ case ONLY_SOME_REASON:
+ return 0;
+ case INDIRECT_CRL:
+ return false;
+ case ONLY_CONTAINS_ATTRIBUTE_CERTS:
+ return false;
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new Choice({
+ value: [
+ new Constructed({
+ name: (names.distributionPoint || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new Repeated({
+ name: (names.distributionPointNames || EMPTY_STRING),
+ value: GeneralName.schema()
+ })
+ ]
+ }),
+ new Constructed({
+ name: (names.distributionPoint || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: RelativeDistinguishedNames.schema().valueBlock.value
+ })
+ ]
+ })
+ ]
+ }),
+ new Primitive({
+ name: (names.onlyContainsUserCerts || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ }
+ }),
+ new Primitive({
+ name: (names.onlyContainsCACerts || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ }
+ }),
+ new Primitive({
+ name: (names.onlySomeReasons || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 3
+ }
+ }),
+ new Primitive({
+ name: (names.indirectCRL || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 4
+ }
+ }),
+ new Primitive({
+ name: (names.onlyContainsAttributeCerts || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 5
+ }
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1i);
+ const asn1 = compareSchema(schema, schema, IssuingDistributionPoint.schema({
+ names: {
+ distributionPoint: DISTRIBUTION_POINT,
+ distributionPointNames: DISTRIBUTION_POINT_NAMES,
+ onlyContainsUserCerts: ONLY_CONTAINS_USER_CERTS,
+ onlyContainsCACerts: ONLY_CONTAINS_CA_CERTS,
+ onlySomeReasons: ONLY_SOME_REASON,
+ indirectCRL: INDIRECT_CRL,
+ onlyContainsAttributeCerts: ONLY_CONTAINS_ATTRIBUTE_CERTS
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (DISTRIBUTION_POINT in asn1.result) {
+ switch (true) {
+ case (asn1.result.distributionPoint.idBlock.tagNumber === 0):
+ this.distributionPoint = Array.from(asn1.result.distributionPointNames, element => new GeneralName({ schema: element }));
+ break;
+ case (asn1.result.distributionPoint.idBlock.tagNumber === 1):
+ {
+ this.distributionPoint = new RelativeDistinguishedNames({
+ schema: new Sequence({
+ value: asn1.result.distributionPoint.valueBlock.value
+ })
+ });
+ }
+ break;
+ default:
+ throw new Error("Unknown tagNumber for distributionPoint: {$asn1.result.distributionPoint.idBlock.tagNumber}");
+ }
+ }
+ if (ONLY_CONTAINS_USER_CERTS in asn1.result) {
+ const view = new Uint8Array(asn1.result.onlyContainsUserCerts.valueBlock.valueHex);
+ this.onlyContainsUserCerts = (view[0] !== 0x00);
+ }
+ if (ONLY_CONTAINS_CA_CERTS in asn1.result) {
+ const view = new Uint8Array(asn1.result.onlyContainsCACerts.valueBlock.valueHex);
+ this.onlyContainsCACerts = (view[0] !== 0x00);
+ }
+ if (ONLY_SOME_REASON in asn1.result) {
+ const view = new Uint8Array(asn1.result.onlySomeReasons.valueBlock.valueHex);
+ this.onlySomeReasons = view[0];
+ }
+ if (INDIRECT_CRL in asn1.result) {
+ const view = new Uint8Array(asn1.result.indirectCRL.valueBlock.valueHex);
+ this.indirectCRL = (view[0] !== 0x00);
+ }
+ if (ONLY_CONTAINS_ATTRIBUTE_CERTS in asn1.result) {
+ const view = new Uint8Array(asn1.result.onlyContainsAttributeCerts.valueBlock.valueHex);
+ this.onlyContainsAttributeCerts = (view[0] !== 0x00);
+ }
+ }
+ toSchema() {
+ const outputArray = [];
+ if (this.distributionPoint) {
+ let value;
+ if (this.distributionPoint instanceof Array) {
+ value = new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: Array.from(this.distributionPoint, o => o.toSchema())
+ });
+ }
+ else {
+ value = this.distributionPoint.toSchema();
+ value.idBlock.tagClass = 3;
+ value.idBlock.tagNumber = 1;
+ }
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [value]
+ }));
+ }
+ if (this.onlyContainsUserCerts !== IssuingDistributionPoint.defaultValues(ONLY_CONTAINS_USER_CERTS)) {
+ outputArray.push(new Primitive({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ valueHex: (new Uint8Array([0xFF])).buffer
+ }));
+ }
+ if (this.onlyContainsCACerts !== IssuingDistributionPoint.defaultValues(ONLY_CONTAINS_CA_CERTS)) {
+ outputArray.push(new Primitive({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ valueHex: (new Uint8Array([0xFF])).buffer
+ }));
+ }
+ if (this.onlySomeReasons !== undefined) {
+ const buffer = new ArrayBuffer(1);
+ const view = new Uint8Array(buffer);
+ view[0] = this.onlySomeReasons;
+ outputArray.push(new Primitive({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 3
+ },
+ valueHex: buffer
+ }));
+ }
+ if (this.indirectCRL !== IssuingDistributionPoint.defaultValues(INDIRECT_CRL)) {
+ outputArray.push(new Primitive({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 4
+ },
+ valueHex: (new Uint8Array([0xFF])).buffer
+ }));
+ }
+ if (this.onlyContainsAttributeCerts !== IssuingDistributionPoint.defaultValues(ONLY_CONTAINS_ATTRIBUTE_CERTS)) {
+ outputArray.push(new Primitive({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 5
+ },
+ valueHex: (new Uint8Array([0xFF])).buffer
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const obj = {};
+ if (this.distributionPoint) {
+ if (this.distributionPoint instanceof Array) {
+ obj.distributionPoint = Array.from(this.distributionPoint, o => o.toJSON());
+ }
+ else {
+ obj.distributionPoint = this.distributionPoint.toJSON();
+ }
+ }
+ if (this.onlyContainsUserCerts !== IssuingDistributionPoint.defaultValues(ONLY_CONTAINS_USER_CERTS)) {
+ obj.onlyContainsUserCerts = this.onlyContainsUserCerts;
+ }
+ if (this.onlyContainsCACerts !== IssuingDistributionPoint.defaultValues(ONLY_CONTAINS_CA_CERTS)) {
+ obj.onlyContainsCACerts = this.onlyContainsCACerts;
+ }
+ if (ONLY_SOME_REASON in this) {
+ obj.onlySomeReasons = this.onlySomeReasons;
+ }
+ if (this.indirectCRL !== IssuingDistributionPoint.defaultValues(INDIRECT_CRL)) {
+ obj.indirectCRL = this.indirectCRL;
+ }
+ if (this.onlyContainsAttributeCerts !== IssuingDistributionPoint.defaultValues(ONLY_CONTAINS_ATTRIBUTE_CERTS)) {
+ obj.onlyContainsAttributeCerts = this.onlyContainsAttributeCerts;
+ }
+ return obj;
+ }
+}
+IssuingDistributionPoint.CLASS_NAME = "IssuingDistributionPoint";
+
+const BASE = "base";
+const MINIMUM = "minimum";
+const MAXIMUM = "maximum";
+const CLEAR_PROPS$1h = [
+ BASE,
+ MINIMUM,
+ MAXIMUM
+];
+class GeneralSubtree extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.base = getParametersValue(parameters, BASE, GeneralSubtree.defaultValues(BASE));
+ this.minimum = getParametersValue(parameters, MINIMUM, GeneralSubtree.defaultValues(MINIMUM));
+ if (MAXIMUM in parameters) {
+ this.maximum = getParametersValue(parameters, MAXIMUM, GeneralSubtree.defaultValues(MAXIMUM));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case BASE:
+ return new GeneralName();
+ case MINIMUM:
+ return 0;
+ case MAXIMUM:
+ return 0;
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ GeneralName.schema(names.base || {}),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [new Integer({ name: (names.minimum || EMPTY_STRING) })]
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [new Integer({ name: (names.maximum || EMPTY_STRING) })]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1h);
+ const asn1 = compareSchema(schema, schema, GeneralSubtree.schema({
+ names: {
+ base: {
+ names: {
+ blockName: BASE
+ }
+ },
+ minimum: MINIMUM,
+ maximum: MAXIMUM
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.base = new GeneralName({ schema: asn1.result.base });
+ if (MINIMUM in asn1.result) {
+ if (asn1.result.minimum.valueBlock.isHexOnly)
+ this.minimum = asn1.result.minimum;
+ else
+ this.minimum = asn1.result.minimum.valueBlock.valueDec;
+ }
+ if (MAXIMUM in asn1.result) {
+ if (asn1.result.maximum.valueBlock.isHexOnly)
+ this.maximum = asn1.result.maximum;
+ else
+ this.maximum = asn1.result.maximum.valueBlock.valueDec;
+ }
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(this.base.toSchema());
+ if (this.minimum !== 0) {
+ let valueMinimum = 0;
+ if (this.minimum instanceof Integer) {
+ valueMinimum = this.minimum;
+ }
+ else {
+ valueMinimum = new Integer({ value: this.minimum });
+ }
+ outputArray.push(new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [valueMinimum]
+ }));
+ }
+ if (MAXIMUM in this) {
+ let valueMaximum = 0;
+ if (this.maximum instanceof Integer) {
+ valueMaximum = this.maximum;
+ }
+ else {
+ valueMaximum = new Integer({ value: this.maximum });
+ }
+ outputArray.push(new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [valueMaximum]
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ base: this.base.toJSON()
+ };
+ if (this.minimum !== 0) {
+ if (typeof this.minimum === "number") {
+ res.minimum = this.minimum;
+ }
+ else {
+ res.minimum = this.minimum.toJSON();
+ }
+ }
+ if (this.maximum !== undefined) {
+ if (typeof this.maximum === "number") {
+ res.maximum = this.maximum;
+ }
+ else {
+ res.maximum = this.maximum.toJSON();
+ }
+ }
+ return res;
+ }
+}
+GeneralSubtree.CLASS_NAME = "GeneralSubtree";
+
+const PERMITTED_SUBTREES = "permittedSubtrees";
+const EXCLUDED_SUBTREES = "excludedSubtrees";
+const CLEAR_PROPS$1g = [
+ PERMITTED_SUBTREES,
+ EXCLUDED_SUBTREES
+];
+class NameConstraints extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ if (PERMITTED_SUBTREES in parameters) {
+ this.permittedSubtrees = getParametersValue(parameters, PERMITTED_SUBTREES, NameConstraints.defaultValues(PERMITTED_SUBTREES));
+ }
+ if (EXCLUDED_SUBTREES in parameters) {
+ this.excludedSubtrees = getParametersValue(parameters, EXCLUDED_SUBTREES, NameConstraints.defaultValues(EXCLUDED_SUBTREES));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case PERMITTED_SUBTREES:
+ case EXCLUDED_SUBTREES:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new Repeated({
+ name: (names.permittedSubtrees || EMPTY_STRING),
+ value: GeneralSubtree.schema()
+ })
+ ]
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [
+ new Repeated({
+ name: (names.excludedSubtrees || EMPTY_STRING),
+ value: GeneralSubtree.schema()
+ })
+ ]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1g);
+ const asn1 = compareSchema(schema, schema, NameConstraints.schema({
+ names: {
+ permittedSubtrees: PERMITTED_SUBTREES,
+ excludedSubtrees: EXCLUDED_SUBTREES
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (PERMITTED_SUBTREES in asn1.result)
+ this.permittedSubtrees = Array.from(asn1.result.permittedSubtrees, element => new GeneralSubtree({ schema: element }));
+ if (EXCLUDED_SUBTREES in asn1.result)
+ this.excludedSubtrees = Array.from(asn1.result.excludedSubtrees, element => new GeneralSubtree({ schema: element }));
+ }
+ toSchema() {
+ const outputArray = [];
+ if (this.permittedSubtrees) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: Array.from(this.permittedSubtrees, o => o.toSchema())
+ }));
+ }
+ if (this.excludedSubtrees) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: Array.from(this.excludedSubtrees, o => o.toSchema())
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const object = {};
+ if (this.permittedSubtrees) {
+ object.permittedSubtrees = Array.from(this.permittedSubtrees, o => o.toJSON());
+ }
+ if (this.excludedSubtrees) {
+ object.excludedSubtrees = Array.from(this.excludedSubtrees, o => o.toJSON());
+ }
+ return object;
+ }
+}
+NameConstraints.CLASS_NAME = "NameConstraints";
+
+const REQUIRE_EXPLICIT_POLICY = "requireExplicitPolicy";
+const INHIBIT_POLICY_MAPPING = "inhibitPolicyMapping";
+const CLEAR_PROPS$1f = [
+ REQUIRE_EXPLICIT_POLICY,
+ INHIBIT_POLICY_MAPPING,
+];
+class PolicyConstraints extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ if (REQUIRE_EXPLICIT_POLICY in parameters) {
+ this.requireExplicitPolicy = getParametersValue(parameters, REQUIRE_EXPLICIT_POLICY, PolicyConstraints.defaultValues(REQUIRE_EXPLICIT_POLICY));
+ }
+ if (INHIBIT_POLICY_MAPPING in parameters) {
+ this.inhibitPolicyMapping = getParametersValue(parameters, INHIBIT_POLICY_MAPPING, PolicyConstraints.defaultValues(INHIBIT_POLICY_MAPPING));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case REQUIRE_EXPLICIT_POLICY:
+ return 0;
+ case INHIBIT_POLICY_MAPPING:
+ return 0;
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Primitive({
+ name: (names.requireExplicitPolicy || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ }
+ }),
+ new Primitive({
+ name: (names.inhibitPolicyMapping || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ }
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1f);
+ const asn1 = compareSchema(schema, schema, PolicyConstraints.schema({
+ names: {
+ requireExplicitPolicy: REQUIRE_EXPLICIT_POLICY,
+ inhibitPolicyMapping: INHIBIT_POLICY_MAPPING
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (REQUIRE_EXPLICIT_POLICY in asn1.result) {
+ const field1 = asn1.result.requireExplicitPolicy;
+ field1.idBlock.tagClass = 1;
+ field1.idBlock.tagNumber = 2;
+ const ber1 = field1.toBER(false);
+ const int1 = fromBER(ber1);
+ AsnError.assert(int1, "Integer");
+ this.requireExplicitPolicy = int1.result.valueBlock.valueDec;
+ }
+ if (INHIBIT_POLICY_MAPPING in asn1.result) {
+ const field2 = asn1.result.inhibitPolicyMapping;
+ field2.idBlock.tagClass = 1;
+ field2.idBlock.tagNumber = 2;
+ const ber2 = field2.toBER(false);
+ const int2 = fromBER(ber2);
+ AsnError.assert(int2, "Integer");
+ this.inhibitPolicyMapping = int2.result.valueBlock.valueDec;
+ }
+ }
+ toSchema() {
+ const outputArray = [];
+ if (REQUIRE_EXPLICIT_POLICY in this) {
+ const int1 = new Integer({ value: this.requireExplicitPolicy });
+ int1.idBlock.tagClass = 3;
+ int1.idBlock.tagNumber = 0;
+ outputArray.push(int1);
+ }
+ if (INHIBIT_POLICY_MAPPING in this) {
+ const int2 = new Integer({ value: this.inhibitPolicyMapping });
+ int2.idBlock.tagClass = 3;
+ int2.idBlock.tagNumber = 1;
+ outputArray.push(int2);
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {};
+ if (REQUIRE_EXPLICIT_POLICY in this) {
+ res.requireExplicitPolicy = this.requireExplicitPolicy;
+ }
+ if (INHIBIT_POLICY_MAPPING in this) {
+ res.inhibitPolicyMapping = this.inhibitPolicyMapping;
+ }
+ return res;
+ }
+}
+PolicyConstraints.CLASS_NAME = "PolicyConstraints";
+
+const ISSUER_DOMAIN_POLICY = "issuerDomainPolicy";
+const SUBJECT_DOMAIN_POLICY = "subjectDomainPolicy";
+const CLEAR_PROPS$1e = [
+ ISSUER_DOMAIN_POLICY,
+ SUBJECT_DOMAIN_POLICY
+];
+class PolicyMapping extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.issuerDomainPolicy = getParametersValue(parameters, ISSUER_DOMAIN_POLICY, PolicyMapping.defaultValues(ISSUER_DOMAIN_POLICY));
+ this.subjectDomainPolicy = getParametersValue(parameters, SUBJECT_DOMAIN_POLICY, PolicyMapping.defaultValues(SUBJECT_DOMAIN_POLICY));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case ISSUER_DOMAIN_POLICY:
+ return EMPTY_STRING;
+ case SUBJECT_DOMAIN_POLICY:
+ return EMPTY_STRING;
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.issuerDomainPolicy || EMPTY_STRING) }),
+ new ObjectIdentifier({ name: (names.subjectDomainPolicy || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1e);
+ const asn1 = compareSchema(schema, schema, PolicyMapping.schema({
+ names: {
+ issuerDomainPolicy: ISSUER_DOMAIN_POLICY,
+ subjectDomainPolicy: SUBJECT_DOMAIN_POLICY
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.issuerDomainPolicy = asn1.result.issuerDomainPolicy.valueBlock.toString();
+ this.subjectDomainPolicy = asn1.result.subjectDomainPolicy.valueBlock.toString();
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ new ObjectIdentifier({ value: this.issuerDomainPolicy }),
+ new ObjectIdentifier({ value: this.subjectDomainPolicy })
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ issuerDomainPolicy: this.issuerDomainPolicy,
+ subjectDomainPolicy: this.subjectDomainPolicy
+ };
+ }
+}
+PolicyMapping.CLASS_NAME = "PolicyMapping";
+
+const MAPPINGS = "mappings";
+const CLEAR_PROPS$1d = [
+ MAPPINGS,
+];
+class PolicyMappings extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.mappings = getParametersValue(parameters, MAPPINGS, PolicyMappings.defaultValues(MAPPINGS));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case MAPPINGS:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Repeated({
+ name: (names.mappings || EMPTY_STRING),
+ value: PolicyMapping.schema()
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1d);
+ const asn1 = compareSchema(schema, schema, PolicyMappings.schema({
+ names: {
+ mappings: MAPPINGS
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.mappings = Array.from(asn1.result.mappings, element => new PolicyMapping({ schema: element }));
+ }
+ toSchema() {
+ return (new Sequence({
+ value: Array.from(this.mappings, o => o.toSchema())
+ }));
+ }
+ toJSON() {
+ return {
+ mappings: Array.from(this.mappings, o => o.toJSON())
+ };
+ }
+}
+PolicyMappings.CLASS_NAME = "PolicyMappings";
+
+const NOT_BEFORE$1 = "notBefore";
+const NOT_AFTER$1 = "notAfter";
+const CLEAR_PROPS$1c = [
+ NOT_BEFORE$1,
+ NOT_AFTER$1
+];
+class PrivateKeyUsagePeriod extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ if (NOT_BEFORE$1 in parameters) {
+ this.notBefore = getParametersValue(parameters, NOT_BEFORE$1, PrivateKeyUsagePeriod.defaultValues(NOT_BEFORE$1));
+ }
+ if (NOT_AFTER$1 in parameters) {
+ this.notAfter = getParametersValue(parameters, NOT_AFTER$1, PrivateKeyUsagePeriod.defaultValues(NOT_AFTER$1));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case NOT_BEFORE$1:
+ return new Date();
+ case NOT_AFTER$1:
+ return new Date();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Primitive({
+ name: (names.notBefore || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ }
+ }),
+ new Primitive({
+ name: (names.notAfter || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ }
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1c);
+ const asn1 = compareSchema(schema, schema, PrivateKeyUsagePeriod.schema({
+ names: {
+ notBefore: NOT_BEFORE$1,
+ notAfter: NOT_AFTER$1
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (NOT_BEFORE$1 in asn1.result) {
+ const localNotBefore = new GeneralizedTime();
+ localNotBefore.fromBuffer(asn1.result.notBefore.valueBlock.valueHex);
+ this.notBefore = localNotBefore.toDate();
+ }
+ if (NOT_AFTER$1 in asn1.result) {
+ const localNotAfter = new GeneralizedTime({ valueHex: asn1.result.notAfter.valueBlock.valueHex });
+ localNotAfter.fromBuffer(asn1.result.notAfter.valueBlock.valueHex);
+ this.notAfter = localNotAfter.toDate();
+ }
+ }
+ toSchema() {
+ const outputArray = [];
+ if (NOT_BEFORE$1 in this) {
+ outputArray.push(new Primitive({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ valueHex: (new GeneralizedTime({ valueDate: this.notBefore })).valueBlock.valueHexView
+ }));
+ }
+ if (NOT_AFTER$1 in this) {
+ outputArray.push(new Primitive({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ valueHex: (new GeneralizedTime({ valueDate: this.notAfter })).valueBlock.valueHexView
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {};
+ if (this.notBefore) {
+ res.notBefore = this.notBefore;
+ }
+ if (this.notAfter) {
+ res.notAfter = this.notAfter;
+ }
+ return res;
+ }
+}
+PrivateKeyUsagePeriod.CLASS_NAME = "PrivateKeyUsagePeriod";
+
+const ID = "id";
+const TYPE$2 = "type";
+const VALUES = "values";
+const QC_STATEMENT_CLEAR_PROPS = [
+ ID,
+ TYPE$2
+];
+const QC_STATEMENTS_CLEAR_PROPS = [
+ VALUES
+];
+class QCStatement extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.id = getParametersValue(parameters, ID, QCStatement.defaultValues(ID));
+ if (TYPE$2 in parameters) {
+ this.type = getParametersValue(parameters, TYPE$2, QCStatement.defaultValues(TYPE$2));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case ID:
+ return EMPTY_STRING;
+ case TYPE$2:
+ return new Null();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case ID:
+ return (memberValue === EMPTY_STRING);
+ case TYPE$2:
+ return (memberValue instanceof Null);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.id || EMPTY_STRING) }),
+ new Any({
+ name: (names.type || EMPTY_STRING),
+ optional: true
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, QC_STATEMENT_CLEAR_PROPS);
+ const asn1 = compareSchema(schema, schema, QCStatement.schema({
+ names: {
+ id: ID,
+ type: TYPE$2
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.id = asn1.result.id.valueBlock.toString();
+ if (TYPE$2 in asn1.result)
+ this.type = asn1.result.type;
+ }
+ toSchema() {
+ const value = [
+ new ObjectIdentifier({ value: this.id })
+ ];
+ if (TYPE$2 in this)
+ value.push(this.type);
+ return (new Sequence({
+ value,
+ }));
+ }
+ toJSON() {
+ const object = {
+ id: this.id
+ };
+ if (this.type) {
+ object.type = this.type.toJSON();
+ }
+ return object;
+ }
+}
+QCStatement.CLASS_NAME = "QCStatement";
+class QCStatements extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.values = getParametersValue(parameters, VALUES, QCStatements.defaultValues(VALUES));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VALUES:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case VALUES:
+ return (memberValue.length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Repeated({
+ name: (names.values || EMPTY_STRING),
+ value: QCStatement.schema(names.value || {})
+ }),
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, QC_STATEMENTS_CLEAR_PROPS);
+ const asn1 = compareSchema(schema, schema, QCStatements.schema({
+ names: {
+ values: VALUES
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.values = Array.from(asn1.result.values, element => new QCStatement({ schema: element }));
+ }
+ toSchema() {
+ return (new Sequence({
+ value: Array.from(this.values, o => o.toSchema())
+ }));
+ }
+ toJSON() {
+ return {
+ values: Array.from(this.values, o => o.toJSON())
+ };
+ }
+}
+QCStatements.CLASS_NAME = "QCStatements";
+
+class ByteStream {
+ constructor(parameters = {}) {
+ if ("view" in parameters) {
+ this.fromUint8Array(parameters.view);
+ }
+ else if ("buffer" in parameters) {
+ this.fromArrayBuffer(parameters.buffer);
+ }
+ else if ("string" in parameters) {
+ this.fromString(parameters.string);
+ }
+ else if ("hexstring" in parameters) {
+ this.fromHexString(parameters.hexstring);
+ }
+ else {
+ if ("length" in parameters && parameters.length > 0) {
+ this.length = parameters.length;
+ if (parameters.stub) {
+ for (let i = 0; i < this._view.length; i++) {
+ this._view[i] = parameters.stub;
+ }
+ }
+ }
+ else {
+ this.length = 0;
+ }
+ }
+ }
+ set buffer(value) {
+ this._buffer = value;
+ this._view = new Uint8Array(this._buffer);
+ }
+ get buffer() {
+ return this._buffer;
+ }
+ set view(value) {
+ this._buffer = new ArrayBuffer(value.length);
+ this._view = new Uint8Array(this._buffer);
+ this._view.set(value);
+ }
+ get view() {
+ return this._view;
+ }
+ get length() {
+ return this.view.byteLength;
+ }
+ set length(value) {
+ this._buffer = new ArrayBuffer(value);
+ this._view = new Uint8Array(this._buffer);
+ }
+ clear() {
+ this._buffer = new ArrayBuffer(0);
+ this._view = new Uint8Array(this._buffer);
+ }
+ fromArrayBuffer(array) {
+ this._buffer = array;
+ this._view = new Uint8Array(this._buffer);
+ }
+ fromUint8Array(array) {
+ this.fromArrayBuffer(new Uint8Array(array).buffer);
+ }
+ fromString(string) {
+ const stringLength = string.length;
+ this.length = stringLength;
+ for (let i = 0; i < stringLength; i++)
+ this.view[i] = string.charCodeAt(i);
+ }
+ toString(start = 0, length = (this.view.length - start)) {
+ let result = "";
+ if ((start >= this.view.length) || (start < 0)) {
+ start = 0;
+ }
+ if ((length >= this.view.length) || (length < 0)) {
+ length = this.view.length - start;
+ }
+ for (let i = start; i < (start + length); i++)
+ result += String.fromCharCode(this.view[i]);
+ return result;
+ }
+ fromHexString(hexString) {
+ const stringLength = hexString.length;
+ this.buffer = new ArrayBuffer(stringLength >> 1);
+ this.view = new Uint8Array(this.buffer);
+ const hexMap = new Map();
+ hexMap.set("0", 0x00);
+ hexMap.set("1", 0x01);
+ hexMap.set("2", 0x02);
+ hexMap.set("3", 0x03);
+ hexMap.set("4", 0x04);
+ hexMap.set("5", 0x05);
+ hexMap.set("6", 0x06);
+ hexMap.set("7", 0x07);
+ hexMap.set("8", 0x08);
+ hexMap.set("9", 0x09);
+ hexMap.set("A", 0x0A);
+ hexMap.set("a", 0x0A);
+ hexMap.set("B", 0x0B);
+ hexMap.set("b", 0x0B);
+ hexMap.set("C", 0x0C);
+ hexMap.set("c", 0x0C);
+ hexMap.set("D", 0x0D);
+ hexMap.set("d", 0x0D);
+ hexMap.set("E", 0x0E);
+ hexMap.set("e", 0x0E);
+ hexMap.set("F", 0x0F);
+ hexMap.set("f", 0x0F);
+ let j = 0;
+ let temp = 0x00;
+ for (let i = 0; i < stringLength; i++) {
+ if (!(i % 2)) {
+ temp = hexMap.get(hexString.charAt(i)) << 4;
+ }
+ else {
+ temp |= hexMap.get(hexString.charAt(i));
+ this.view[j] = temp;
+ j++;
+ }
+ }
+ }
+ toHexString(start = 0, length = (this.view.length - start)) {
+ let result = "";
+ if ((start >= this.view.length) || (start < 0)) {
+ start = 0;
+ }
+ if ((length >= this.view.length) || (length < 0)) {
+ length = this.view.length - start;
+ }
+ for (let i = start; i < (start + length); i++) {
+ const str = this.view[i].toString(16).toUpperCase();
+ result = result + ((str.length == 1) ? "0" : "") + str;
+ }
+ return result;
+ }
+ copy(start = 0, length = (this.length - start)) {
+ if (!start && !this.length) {
+ return new ByteStream();
+ }
+ if ((start < 0) || (start > (this.length - 1))) {
+ throw new Error(`Wrong start position: ${start}`);
+ }
+ const stream = new ByteStream({
+ buffer: this._buffer.slice(start, start + length)
+ });
+ return stream;
+ }
+ slice(start = 0, end = this.length) {
+ if (!start && !this.length) {
+ return new ByteStream();
+ }
+ if ((start < 0) || (start > (this.length - 1))) {
+ throw new Error(`Wrong start position: ${start}`);
+ }
+ const stream = new ByteStream({
+ buffer: this._buffer.slice(start, end),
+ });
+ return stream;
+ }
+ realloc(size) {
+ const buffer = new ArrayBuffer(size);
+ const view = new Uint8Array(buffer);
+ if (size > this._view.length)
+ view.set(this._view);
+ else {
+ view.set(new Uint8Array(this._buffer, 0, size));
+ }
+ this._buffer = buffer;
+ this._view = new Uint8Array(this._buffer);
+ }
+ append(stream) {
+ const initialSize = this.length;
+ const streamViewLength = stream.length;
+ const subarrayView = stream._view.subarray();
+ this.realloc(initialSize + streamViewLength);
+ this._view.set(subarrayView, initialSize);
+ }
+ insert(stream, start = 0, length = (this.length - start)) {
+ if (start > (this.length - 1))
+ return false;
+ if (length > (this.length - start)) {
+ length = this.length - start;
+ }
+ if (length > stream.length) {
+ length = stream.length;
+ }
+ if (length == stream.length)
+ this._view.set(stream._view, start);
+ else {
+ this._view.set(stream._view.subarray(0, length), start);
+ }
+ return true;
+ }
+ isEqual(stream) {
+ if (this.length != stream.length)
+ return false;
+ for (let i = 0; i < stream.length; i++) {
+ if (this.view[i] != stream.view[i])
+ return false;
+ }
+ return true;
+ }
+ isEqualView(view) {
+ if (view.length != this.view.length)
+ return false;
+ for (let i = 0; i < view.length; i++) {
+ if (this.view[i] != view[i])
+ return false;
+ }
+ return true;
+ }
+ findPattern(pattern, start_, length_, backward_) {
+ const { start, length, backward } = this.prepareFindParameters(start_, length_, backward_);
+ const patternLength = pattern.length;
+ if (patternLength > length) {
+ return (-1);
+ }
+ const patternArray = [];
+ for (let i = 0; i < patternLength; i++)
+ patternArray.push(pattern.view[i]);
+ for (let i = 0; i <= (length - patternLength); i++) {
+ let equal = true;
+ const equalStart = (backward) ? (start - patternLength - i) : (start + i);
+ for (let j = 0; j < patternLength; j++) {
+ if (this.view[j + equalStart] != patternArray[j]) {
+ equal = false;
+ break;
+ }
+ }
+ if (equal) {
+ return (backward) ? (start - patternLength - i) : (start + patternLength + i);
+ }
+ }
+ return (-1);
+ }
+ findFirstIn(patterns, start_, length_, backward_) {
+ const { start, length, backward } = this.prepareFindParameters(start_, length_, backward_);
+ const result = {
+ id: (-1),
+ position: (backward) ? 0 : (start + length),
+ length: 0
+ };
+ for (let i = 0; i < patterns.length; i++) {
+ const position = this.findPattern(patterns[i], start, length, backward);
+ if (position != (-1)) {
+ let valid = false;
+ const patternLength = patterns[i].length;
+ if (backward) {
+ if ((position - patternLength) >= (result.position - result.length))
+ valid = true;
+ }
+ else {
+ if ((position - patternLength) <= (result.position - result.length))
+ valid = true;
+ }
+ if (valid) {
+ result.position = position;
+ result.id = i;
+ result.length = patternLength;
+ }
+ }
+ }
+ return result;
+ }
+ findAllIn(patterns, start_, length_) {
+ let { start, length } = this.prepareFindParameters(start_, length_);
+ const result = [];
+ let patternFound = {
+ id: (-1),
+ position: start
+ };
+ do {
+ const position = patternFound.position;
+ patternFound = this.findFirstIn(patterns, patternFound.position, length);
+ if (patternFound.id == (-1)) {
+ break;
+ }
+ length -= (patternFound.position - position);
+ result.push({
+ id: patternFound.id,
+ position: patternFound.position
+ });
+ } while (true);
+ return result;
+ }
+ findAllPatternIn(pattern, start_, length_) {
+ const { start, length } = this.prepareFindParameters(start_, length_);
+ const result = [];
+ const patternLength = pattern.length;
+ if (patternLength > length) {
+ return (-1);
+ }
+ const patternArray = Array.from(pattern.view);
+ for (let i = 0; i <= (length - patternLength); i++) {
+ let equal = true;
+ const equalStart = start + i;
+ for (let j = 0; j < patternLength; j++) {
+ if (this.view[j + equalStart] != patternArray[j]) {
+ equal = false;
+ break;
+ }
+ }
+ if (equal) {
+ result.push(start + patternLength + i);
+ i += (patternLength - 1);
+ }
+ }
+ return result;
+ }
+ findFirstNotIn(patterns, start_, length_, backward_) {
+ let { start, length, backward } = this.prepareFindParameters(start_, length_, backward_);
+ const result = {
+ left: {
+ id: (-1),
+ position: start
+ },
+ right: {
+ id: (-1),
+ position: 0
+ },
+ value: new ByteStream()
+ };
+ let currentLength = length;
+ while (currentLength > 0) {
+ result.right = this.findFirstIn(patterns, (backward) ? (start - length + currentLength) : (start + length - currentLength), currentLength, backward);
+ if (result.right.id == (-1)) {
+ length = currentLength;
+ if (backward) {
+ start -= length;
+ }
+ else {
+ start = result.left.position;
+ }
+ result.value = new ByteStream({
+ buffer: this._buffer.slice(start, start + length),
+ });
+ break;
+ }
+ if (result.right.position != ((backward) ? (result.left.position - patterns[result.right.id].length) : (result.left.position + patterns[result.right.id].length))) {
+ if (backward) {
+ start = result.right.position + patterns[result.right.id].length;
+ length = result.left.position - result.right.position - patterns[result.right.id].length;
+ }
+ else {
+ start = result.left.position;
+ length = result.right.position - result.left.position - patterns[result.right.id].length;
+ }
+ result.value = new ByteStream({
+ buffer: this._buffer.slice(start, start + length),
+ });
+ break;
+ }
+ result.left = result.right;
+ currentLength -= patterns[result.right.id].length;
+ }
+ if (backward) {
+ const temp = result.right;
+ result.right = result.left;
+ result.left = temp;
+ }
+ return result;
+ }
+ findAllNotIn(patterns, start_, length_) {
+ let { start, length } = this.prepareFindParameters(start_, length_);
+ const result = [];
+ let patternFound = {
+ left: {
+ id: (-1),
+ position: start
+ },
+ right: {
+ id: (-1),
+ position: start
+ },
+ value: new ByteStream()
+ };
+ do {
+ const position = patternFound.right.position;
+ patternFound = this.findFirstNotIn(patterns, patternFound.right.position, length);
+ length -= (patternFound.right.position - position);
+ result.push({
+ left: {
+ id: patternFound.left.id,
+ position: patternFound.left.position
+ },
+ right: {
+ id: patternFound.right.id,
+ position: patternFound.right.position
+ },
+ value: patternFound.value
+ });
+ } while (patternFound.right.id != (-1));
+ return result;
+ }
+ findFirstSequence(patterns, start_, length_, backward_) {
+ let { start, length, backward } = this.prepareFindParameters(start_, length_, backward_);
+ const firstIn = this.skipNotPatterns(patterns, start, length, backward);
+ if (firstIn == (-1)) {
+ return {
+ position: (-1),
+ value: new ByteStream()
+ };
+ }
+ const firstNotIn = this.skipPatterns(patterns, firstIn, length - ((backward) ? (start - firstIn) : (firstIn - start)), backward);
+ if (backward) {
+ start = firstNotIn;
+ length = (firstIn - firstNotIn);
+ }
+ else {
+ start = firstIn;
+ length = (firstNotIn - firstIn);
+ }
+ const value = new ByteStream({
+ buffer: this._buffer.slice(start, start + length),
+ });
+ return {
+ position: firstNotIn,
+ value
+ };
+ }
+ findAllSequences(patterns, start_, length_) {
+ let { start, length } = this.prepareFindParameters(start_, length_);
+ const result = [];
+ let patternFound = {
+ position: start,
+ value: new ByteStream()
+ };
+ do {
+ const position = patternFound.position;
+ patternFound = this.findFirstSequence(patterns, patternFound.position, length);
+ if (patternFound.position != (-1)) {
+ length -= (patternFound.position - position);
+ result.push({
+ position: patternFound.position,
+ value: patternFound.value,
+ });
+ }
+ } while (patternFound.position != (-1));
+ return result;
+ }
+ findPairedPatterns(leftPattern, rightPattern, start_, length_) {
+ const result = [];
+ if (leftPattern.isEqual(rightPattern))
+ return result;
+ const { start, length } = this.prepareFindParameters(start_, length_);
+ let currentPositionLeft = 0;
+ const leftPatterns = this.findAllPatternIn(leftPattern, start, length);
+ if (!Array.isArray(leftPatterns) || leftPatterns.length == 0) {
+ return result;
+ }
+ const rightPatterns = this.findAllPatternIn(rightPattern, start, length);
+ if (!Array.isArray(rightPatterns) || rightPatterns.length == 0) {
+ return result;
+ }
+ while (currentPositionLeft < leftPatterns.length) {
+ if (rightPatterns.length == 0) {
+ break;
+ }
+ if (leftPatterns[0] == rightPatterns[0]) {
+ result.push({
+ left: leftPatterns[0],
+ right: rightPatterns[0]
+ });
+ leftPatterns.splice(0, 1);
+ rightPatterns.splice(0, 1);
+ continue;
+ }
+ if (leftPatterns[currentPositionLeft] > rightPatterns[0]) {
+ break;
+ }
+ while (leftPatterns[currentPositionLeft] < rightPatterns[0]) {
+ currentPositionLeft++;
+ if (currentPositionLeft >= leftPatterns.length) {
+ break;
+ }
+ }
+ result.push({
+ left: leftPatterns[currentPositionLeft - 1],
+ right: rightPatterns[0]
+ });
+ leftPatterns.splice(currentPositionLeft - 1, 1);
+ rightPatterns.splice(0, 1);
+ currentPositionLeft = 0;
+ }
+ result.sort((a, b) => (a.left - b.left));
+ return result;
+ }
+ findPairedArrays(inputLeftPatterns, inputRightPatterns, start_, length_) {
+ const { start, length } = this.prepareFindParameters(start_, length_);
+ const result = [];
+ let currentPositionLeft = 0;
+ const leftPatterns = this.findAllIn(inputLeftPatterns, start, length);
+ if (leftPatterns.length == 0)
+ return result;
+ const rightPatterns = this.findAllIn(inputRightPatterns, start, length);
+ if (rightPatterns.length == 0)
+ return result;
+ while (currentPositionLeft < leftPatterns.length) {
+ if (rightPatterns.length == 0) {
+ break;
+ }
+ if (leftPatterns[0].position == rightPatterns[0].position) {
+ result.push({
+ left: leftPatterns[0],
+ right: rightPatterns[0]
+ });
+ leftPatterns.splice(0, 1);
+ rightPatterns.splice(0, 1);
+ continue;
+ }
+ if (leftPatterns[currentPositionLeft].position > rightPatterns[0].position) {
+ break;
+ }
+ while (leftPatterns[currentPositionLeft].position < rightPatterns[0].position) {
+ currentPositionLeft++;
+ if (currentPositionLeft >= leftPatterns.length) {
+ break;
+ }
+ }
+ result.push({
+ left: leftPatterns[currentPositionLeft - 1],
+ right: rightPatterns[0]
+ });
+ leftPatterns.splice(currentPositionLeft - 1, 1);
+ rightPatterns.splice(0, 1);
+ currentPositionLeft = 0;
+ }
+ result.sort((a, b) => (a.left.position - b.left.position));
+ return result;
+ }
+ replacePattern(searchPattern, replacePattern, start_, length_, findAllResult = null) {
+ let result = [];
+ let i;
+ const output = {
+ status: (-1),
+ searchPatternPositions: [],
+ replacePatternPositions: []
+ };
+ const { start, length } = this.prepareFindParameters(start_, length_);
+ if (findAllResult == null) {
+ result = this.findAllIn([searchPattern], start, length);
+ if (result.length == 0) {
+ return output;
+ }
+ }
+ else {
+ result = findAllResult;
+ }
+ output.searchPatternPositions.push(...Array.from(result, element => element.position));
+ const patternDifference = searchPattern.length - replacePattern.length;
+ const changedBuffer = new ArrayBuffer(this.view.length - (result.length * patternDifference));
+ const changedView = new Uint8Array(changedBuffer);
+ changedView.set(new Uint8Array(this.buffer, 0, start));
+ for (i = 0; i < result.length; i++) {
+ const currentPosition = (i == 0) ? start : result[i - 1].position;
+ changedView.set(new Uint8Array(this.buffer, currentPosition, result[i].position - searchPattern.length - currentPosition), currentPosition - i * patternDifference);
+ changedView.set(replacePattern.view, result[i].position - searchPattern.length - i * patternDifference);
+ output.replacePatternPositions.push(result[i].position - searchPattern.length - i * patternDifference);
+ }
+ i--;
+ changedView.set(new Uint8Array(this.buffer, result[i].position, this.length - result[i].position), result[i].position - searchPattern.length + replacePattern.length - i * patternDifference);
+ this.buffer = changedBuffer;
+ this.view = new Uint8Array(this.buffer);
+ output.status = 1;
+ return output;
+ }
+ skipPatterns(patterns, start_, length_, backward_) {
+ const { start, length, backward } = this.prepareFindParameters(start_, length_, backward_);
+ let result = start;
+ for (let k = 0; k < patterns.length; k++) {
+ const patternLength = patterns[k].length;
+ const equalStart = (backward) ? (result - patternLength) : (result);
+ let equal = true;
+ for (let j = 0; j < patternLength; j++) {
+ if (this.view[j + equalStart] != patterns[k].view[j]) {
+ equal = false;
+ break;
+ }
+ }
+ if (equal) {
+ k = (-1);
+ if (backward) {
+ result -= patternLength;
+ if (result <= 0)
+ return result;
+ }
+ else {
+ result += patternLength;
+ if (result >= (start + length))
+ return result;
+ }
+ }
+ }
+ return result;
+ }
+ skipNotPatterns(patterns, start_, length_, backward_) {
+ const { start, length, backward } = this.prepareFindParameters(start_, length_, backward_);
+ let result = (-1);
+ for (let i = 0; i < length; i++) {
+ for (let k = 0; k < patterns.length; k++) {
+ const patternLength = patterns[k].length;
+ const equalStart = (backward) ? (start - i - patternLength) : (start + i);
+ let equal = true;
+ for (let j = 0; j < patternLength; j++) {
+ if (this.view[j + equalStart] != patterns[k].view[j]) {
+ equal = false;
+ break;
+ }
+ }
+ if (equal) {
+ result = (backward) ? (start - i) : (start + i);
+ break;
+ }
+ }
+ if (result != (-1)) {
+ break;
+ }
+ }
+ return result;
+ }
+ prepareFindParameters(start = null, length = null, backward = false) {
+ if (start === null) {
+ start = (backward) ? this.length : 0;
+ }
+ if (start > this.length) {
+ start = this.length;
+ }
+ if (backward) {
+ if (length === null) {
+ length = start;
+ }
+ if (length > start) {
+ length = start;
+ }
+ }
+ else {
+ if (length === null) {
+ length = this.length - start;
+ }
+ if (length > (this.length - start)) {
+ length = this.length - start;
+ }
+ }
+ return { start, length, backward };
+ }
+}
+
+class SeqStream {
+ constructor(parameters = {}) {
+ this._stream = new ByteStream();
+ this._length = 0;
+ this._start = 0;
+ this.backward = false;
+ this.appendBlock = 0;
+ this.prevLength = 0;
+ this.prevStart = 0;
+ if ("view" in parameters) {
+ this.stream = new ByteStream({ view: parameters.view });
+ }
+ else if ("buffer" in parameters) {
+ this.stream = new ByteStream({ buffer: parameters.buffer });
+ }
+ else if ("string" in parameters) {
+ this.stream = new ByteStream({ string: parameters.string });
+ }
+ else if ("hexstring" in parameters) {
+ this.stream = new ByteStream({ hexstring: parameters.hexstring });
+ }
+ else if ("stream" in parameters) {
+ this.stream = parameters.stream.slice();
+ }
+ else {
+ this.stream = new ByteStream();
+ }
+ if ("backward" in parameters && parameters.backward) {
+ this.backward = parameters.backward;
+ this._start = this.stream.length;
+ }
+ if ("length" in parameters && parameters.length > 0) {
+ this._length = parameters.length;
+ }
+ if ("start" in parameters && parameters.start && parameters.start > 0) {
+ this._start = parameters.start;
+ }
+ if ("appendBlock" in parameters && parameters.appendBlock && parameters.appendBlock > 0) {
+ this.appendBlock = parameters.appendBlock;
+ }
+ }
+ set stream(value) {
+ this._stream = value;
+ this.prevLength = this._length;
+ this._length = value.length;
+ this.prevStart = this._start;
+ this._start = 0;
+ }
+ get stream() {
+ return this._stream;
+ }
+ set length(value) {
+ this.prevLength = this._length;
+ this._length = value;
+ }
+ get length() {
+ if (this.appendBlock) {
+ return this.start;
+ }
+ return this._length;
+ }
+ set start(value) {
+ if (value > this.stream.length)
+ return;
+ this.prevStart = this._start;
+ this.prevLength = this._length;
+ this._length -= (this.backward) ? (this._start - value) : (value - this._start);
+ this._start = value;
+ }
+ get start() {
+ return this._start;
+ }
+ get buffer() {
+ return this._stream.buffer.slice(0, this._length);
+ }
+ resetPosition() {
+ this._start = this.prevStart;
+ this._length = this.prevLength;
+ }
+ findPattern(pattern, gap = null) {
+ if ((gap == null) || (gap > this.length)) {
+ gap = this.length;
+ }
+ const result = this.stream.findPattern(pattern, this.start, this.length, this.backward);
+ if (result == (-1))
+ return result;
+ if (this.backward) {
+ if (result < (this.start - pattern.length - gap)) {
+ return (-1);
+ }
+ }
+ else {
+ if (result > (this.start + pattern.length + gap)) {
+ return (-1);
+ }
+ }
+ this.start = result;
+ return result;
+ }
+ findFirstIn(patterns, gap = null) {
+ if ((gap == null) || (gap > this.length)) {
+ gap = this.length;
+ }
+ const result = this.stream.findFirstIn(patterns, this.start, this.length, this.backward);
+ if (result.id == (-1))
+ return result;
+ if (this.backward) {
+ if (result.position < (this.start - patterns[result.id].length - gap)) {
+ return {
+ id: (-1),
+ position: (this.backward) ? 0 : (this.start + this.length)
+ };
+ }
+ }
+ else {
+ if (result.position > (this.start + patterns[result.id].length + gap)) {
+ return {
+ id: (-1),
+ position: (this.backward) ? 0 : (this.start + this.length)
+ };
+ }
+ }
+ this.start = result.position;
+ return result;
+ }
+ findAllIn(patterns) {
+ const start = (this.backward) ? (this.start - this.length) : this.start;
+ return this.stream.findAllIn(patterns, start, this.length);
+ }
+ findFirstNotIn(patterns, gap = null) {
+ if ((gap == null) || (gap > this._length)) {
+ gap = this._length;
+ }
+ const result = this._stream.findFirstNotIn(patterns, this._start, this._length, this.backward);
+ if ((result.left.id == (-1)) && (result.right.id == (-1))) {
+ return result;
+ }
+ if (this.backward) {
+ if (result.right.id != (-1)) {
+ if (result.right.position < (this._start - patterns[result.right.id].length - gap)) {
+ return {
+ left: {
+ id: (-1),
+ position: this._start
+ },
+ right: {
+ id: (-1),
+ position: 0
+ },
+ value: new ByteStream()
+ };
+ }
+ }
+ }
+ else {
+ if (result.left.id != (-1)) {
+ if (result.left.position > (this._start + patterns[result.left.id].length + gap)) {
+ return {
+ left: {
+ id: (-1),
+ position: this._start
+ },
+ right: {
+ id: (-1),
+ position: 0
+ },
+ value: new ByteStream()
+ };
+ }
+ }
+ }
+ if (this.backward) {
+ if (result.left.id == (-1)) {
+ this.start = 0;
+ }
+ else {
+ this.start = result.left.position;
+ }
+ }
+ else {
+ if (result.right.id == (-1)) {
+ this.start = (this._start + this._length);
+ }
+ else {
+ this.start = result.right.position;
+ }
+ }
+ return result;
+ }
+ findAllNotIn(patterns) {
+ const start = (this.backward) ? (this._start - this._length) : this._start;
+ return this._stream.findAllNotIn(patterns, start, this._length);
+ }
+ findFirstSequence(patterns, length = null, gap = null) {
+ if ((length == null) || (length > this._length)) {
+ length = this._length;
+ }
+ if ((gap == null) || (gap > length)) {
+ gap = length;
+ }
+ const result = this._stream.findFirstSequence(patterns, this._start, length, this.backward);
+ if (result.value.length == 0) {
+ return result;
+ }
+ if (this.backward) {
+ if (result.position < (this._start - result.value.length - gap)) {
+ return {
+ position: (-1),
+ value: new ByteStream()
+ };
+ }
+ }
+ else {
+ if (result.position > (this._start + result.value.length + gap)) {
+ return {
+ position: (-1),
+ value: new ByteStream()
+ };
+ }
+ }
+ this.start = result.position;
+ return result;
+ }
+ findAllSequences(patterns) {
+ const start = (this.backward) ? (this.start - this.length) : this.start;
+ return this.stream.findAllSequences(patterns, start, this.length);
+ }
+ findPairedPatterns(leftPattern, rightPattern, gap = null) {
+ if ((gap == null) || (gap > this.length)) {
+ gap = this.length;
+ }
+ const start = (this.backward) ? (this.start - this.length) : this.start;
+ const result = this.stream.findPairedPatterns(leftPattern, rightPattern, start, this.length);
+ if (result.length) {
+ if (this.backward) {
+ if (result[0].right < (this.start - rightPattern.length - gap)) {
+ return [];
+ }
+ }
+ else {
+ if (result[0].left > (this.start + leftPattern.length + gap)) {
+ return [];
+ }
+ }
+ }
+ return result;
+ }
+ findPairedArrays(leftPatterns, rightPatterns, gap = null) {
+ if ((gap == null) || (gap > this.length)) {
+ gap = this.length;
+ }
+ const start = (this.backward) ? (this.start - this.length) : this.start;
+ const result = this.stream.findPairedArrays(leftPatterns, rightPatterns, start, this.length);
+ if (result.length) {
+ if (this.backward) {
+ if (result[0].right.position < (this.start - rightPatterns[result[0].right.id].length - gap)) {
+ return [];
+ }
+ }
+ else {
+ if (result[0].left.position > (this.start + leftPatterns[result[0].left.id].length + gap)) {
+ return [];
+ }
+ }
+ }
+ return result;
+ }
+ replacePattern(searchPattern, replacePattern) {
+ const start = (this.backward) ? (this.start - this.length) : this.start;
+ return this.stream.replacePattern(searchPattern, replacePattern, start, this.length);
+ }
+ skipPatterns(patterns) {
+ const result = this.stream.skipPatterns(patterns, this.start, this.length, this.backward);
+ this.start = result;
+ return result;
+ }
+ skipNotPatterns(patterns) {
+ const result = this.stream.skipNotPatterns(patterns, this.start, this.length, this.backward);
+ if (result == (-1))
+ return (-1);
+ this.start = result;
+ return result;
+ }
+ append(stream) {
+ this.beforeAppend(stream.length);
+ this._stream.view.set(stream.view, this._start);
+ this._length += (stream.length * 2);
+ this.start = (this._start + stream.length);
+ this.prevLength -= (stream.length * 2);
+ }
+ appendView(view) {
+ this.beforeAppend(view.length);
+ this._stream.view.set(view, this._start);
+ this._length += (view.length * 2);
+ this.start = (this._start + view.length);
+ this.prevLength -= (view.length * 2);
+ }
+ appendChar(char) {
+ this.beforeAppend(1);
+ this._stream.view[this._start] = char;
+ this._length += 2;
+ this.start = (this._start + 1);
+ this.prevLength -= 2;
+ }
+ appendUint16(number) {
+ this.beforeAppend(2);
+ const value = new Uint16Array([number]);
+ const view = new Uint8Array(value.buffer);
+ this.stream.view[this._start] = view[1];
+ this._stream.view[this._start + 1] = view[0];
+ this._length += 4;
+ this.start = this._start + 2;
+ this.prevLength -= 4;
+ }
+ appendUint24(number) {
+ this.beforeAppend(3);
+ const value = new Uint32Array([number]);
+ const view = new Uint8Array(value.buffer);
+ this._stream.view[this._start] = view[2];
+ this._stream.view[this._start + 1] = view[1];
+ this._stream.view[this._start + 2] = view[0];
+ this._length += 6;
+ this.start = (this._start + 3);
+ this.prevLength -= 6;
+ }
+ appendUint32(number) {
+ this.beforeAppend(4);
+ const value = new Uint32Array([number]);
+ const view = new Uint8Array(value.buffer);
+ this._stream.view[this._start] = view[3];
+ this._stream.view[this._start + 1] = view[2];
+ this._stream.view[this._start + 2] = view[1];
+ this._stream.view[this._start + 3] = view[0];
+ this._length += 8;
+ this.start = (this._start + 4);
+ this.prevLength -= 8;
+ }
+ appendInt16(number) {
+ this.beforeAppend(2);
+ const value = new Int16Array([number]);
+ const view = new Uint8Array(value.buffer);
+ this._stream.view[this._start] = view[1];
+ this._stream.view[this._start + 1] = view[0];
+ this._length += 4;
+ this.start = (this._start + 2);
+ this.prevLength -= 4;
+ }
+ appendInt32(number) {
+ this.beforeAppend(4);
+ const value = new Int32Array([number]);
+ const view = new Uint8Array(value.buffer);
+ this._stream.view[this._start] = view[3];
+ this._stream.view[this._start + 1] = view[2];
+ this._stream.view[this._start + 2] = view[1];
+ this._stream.view[this._start + 3] = view[0];
+ this._length += 8;
+ this.start = (this._start + 4);
+ this.prevLength -= 8;
+ }
+ getBlock(size, changeLength = true) {
+ if (this._length <= 0) {
+ return new Uint8Array(0);
+ }
+ if (this._length < size) {
+ size = this._length;
+ }
+ let result;
+ if (this.backward) {
+ const view = this._stream.view.subarray(this._length - size, this._length);
+ result = new Uint8Array(size);
+ for (let i = 0; i < size; i++) {
+ result[size - 1 - i] = view[i];
+ }
+ }
+ else {
+ result = this._stream.view.subarray(this._start, this._start + size);
+ }
+ if (changeLength) {
+ this.start += ((this.backward) ? ((-1) * size) : size);
+ }
+ return result;
+ }
+ getUint16(changeLength = true) {
+ const block = this.getBlock(2, changeLength);
+ if (block.length < 2)
+ return 0;
+ const value = new Uint16Array(1);
+ const view = new Uint8Array(value.buffer);
+ view[0] = block[1];
+ view[1] = block[0];
+ return value[0];
+ }
+ getInt16(changeLength = true) {
+ const block = this.getBlock(2, changeLength);
+ if (block.length < 2)
+ return 0;
+ const value = new Int16Array(1);
+ const view = new Uint8Array(value.buffer);
+ view[0] = block[1];
+ view[1] = block[0];
+ return value[0];
+ }
+ getUint24(changeLength = true) {
+ const block = this.getBlock(3, changeLength);
+ if (block.length < 3)
+ return 0;
+ const value = new Uint32Array(1);
+ const view = new Uint8Array(value.buffer);
+ for (let i = 3; i >= 1; i--) {
+ view[3 - i] = block[i - 1];
+ }
+ return value[0];
+ }
+ getUint32(changeLength = true) {
+ const block = this.getBlock(4, changeLength);
+ if (block.length < 4) {
+ return 0;
+ }
+ const value = new Uint32Array(1);
+ const view = new Uint8Array(value.buffer);
+ for (let i = 3; i >= 0; i--) {
+ view[3 - i] = block[i];
+ }
+ return value[0];
+ }
+ getInt32(changeLength = true) {
+ const block = this.getBlock(4, changeLength);
+ if (block.length < 4)
+ return 0;
+ const value = new Int32Array(1);
+ const view = new Uint8Array(value.buffer);
+ for (let i = 3; i >= 0; i--) {
+ view[3 - i] = block[i];
+ }
+ return value[0];
+ }
+ beforeAppend(size) {
+ if ((this._start + size) > this._stream.length) {
+ if (size > this.appendBlock) {
+ this.appendBlock = size + SeqStream.APPEND_BLOCK;
+ }
+ this._stream.realloc(this._stream.length + this.appendBlock);
+ }
+ }
+}
+SeqStream.APPEND_BLOCK = 1000;
+
+/******************************************************************************
+Copyright (c) Microsoft Corporation.
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.
+***************************************************************************** */
+
+function __awaiter(thisArg, _arguments, P, generator) {
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+ return new (P || (P = Promise))(function (resolve, reject) {
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
+ });
+}
+
+var _a;
+class ECNamedCurves {
+ static register(name, id, size) {
+ this.namedCurves[name.toLowerCase()] = this.namedCurves[id] = { name, id, size };
+ }
+ static find(nameOrId) {
+ return this.namedCurves[nameOrId.toLowerCase()] || null;
+ }
+}
+_a = ECNamedCurves;
+ECNamedCurves.namedCurves = {};
+(() => {
+ _a.register("P-256", "1.2.840.10045.3.1.7", 32);
+ _a.register("P-384", "1.3.132.0.34", 48);
+ _a.register("P-521", "1.3.132.0.35", 66);
+ _a.register("brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", 32);
+ _a.register("brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", 48);
+ _a.register("brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", 64);
+})();
+
+const X = "x";
+const Y = "y";
+const NAMED_CURVE$1 = "namedCurve";
+class ECPublicKey extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.x = getParametersValue(parameters, X, ECPublicKey.defaultValues(X));
+ this.y = getParametersValue(parameters, Y, ECPublicKey.defaultValues(Y));
+ this.namedCurve = getParametersValue(parameters, NAMED_CURVE$1, ECPublicKey.defaultValues(NAMED_CURVE$1));
+ if (parameters.json) {
+ this.fromJSON(parameters.json);
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case X:
+ case Y:
+ return EMPTY_BUFFER;
+ case NAMED_CURVE$1:
+ return EMPTY_STRING;
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case X:
+ case Y:
+ return memberValue instanceof ArrayBuffer &&
+ (isEqualBuffer(memberValue, ECPublicKey.defaultValues(memberName)));
+ case NAMED_CURVE$1:
+ return typeof memberValue === "string" &&
+ memberValue === ECPublicKey.defaultValues(memberName);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema() {
+ return new RawData();
+ }
+ fromSchema(schema1) {
+ const view = BufferSourceConverter.toUint8Array(schema1);
+ if (view[0] !== 0x04) {
+ throw new Error("Object's schema was not verified against input data for ECPublicKey");
+ }
+ const namedCurve = ECNamedCurves.find(this.namedCurve);
+ if (!namedCurve) {
+ throw new Error(`Incorrect curve OID: ${this.namedCurve}`);
+ }
+ const coordinateLength = namedCurve.size;
+ if (view.byteLength !== (coordinateLength * 2 + 1)) {
+ throw new Error("Object's schema was not verified against input data for ECPublicKey");
+ }
+ this.namedCurve = namedCurve.name;
+ this.x = view.slice(1, coordinateLength + 1).buffer;
+ this.y = view.slice(1 + coordinateLength, coordinateLength * 2 + 1).buffer;
+ }
+ toSchema() {
+ return new RawData({
+ data: utilConcatBuf((new Uint8Array([0x04])).buffer, this.x, this.y)
+ });
+ }
+ toJSON() {
+ const namedCurve = ECNamedCurves.find(this.namedCurve);
+ return {
+ crv: namedCurve ? namedCurve.name : this.namedCurve,
+ x: toBase64(arrayBufferToString(this.x), true, true, false),
+ y: toBase64(arrayBufferToString(this.y), true, true, false)
+ };
+ }
+ fromJSON(json) {
+ ParameterError.assert("json", json, "crv", "x", "y");
+ let coordinateLength = 0;
+ const namedCurve = ECNamedCurves.find(json.crv);
+ if (namedCurve) {
+ this.namedCurve = namedCurve.id;
+ coordinateLength = namedCurve.size;
+ }
+ const xConvertBuffer = stringToArrayBuffer(fromBase64(json.x, true));
+ if (xConvertBuffer.byteLength < coordinateLength) {
+ this.x = new ArrayBuffer(coordinateLength);
+ const view = new Uint8Array(this.x);
+ const convertBufferView = new Uint8Array(xConvertBuffer);
+ view.set(convertBufferView, 1);
+ }
+ else {
+ this.x = xConvertBuffer.slice(0, coordinateLength);
+ }
+ const yConvertBuffer = stringToArrayBuffer(fromBase64(json.y, true));
+ if (yConvertBuffer.byteLength < coordinateLength) {
+ this.y = new ArrayBuffer(coordinateLength);
+ const view = new Uint8Array(this.y);
+ const convertBufferView = new Uint8Array(yConvertBuffer);
+ view.set(convertBufferView, 1);
+ }
+ else {
+ this.y = yConvertBuffer.slice(0, coordinateLength);
+ }
+ }
+}
+ECPublicKey.CLASS_NAME = "ECPublicKey";
+
+const MODULUS$1 = "modulus";
+const PUBLIC_EXPONENT$1 = "publicExponent";
+const CLEAR_PROPS$1b = [MODULUS$1, PUBLIC_EXPONENT$1];
+class RSAPublicKey extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.modulus = getParametersValue(parameters, MODULUS$1, RSAPublicKey.defaultValues(MODULUS$1));
+ this.publicExponent = getParametersValue(parameters, PUBLIC_EXPONENT$1, RSAPublicKey.defaultValues(PUBLIC_EXPONENT$1));
+ if (parameters.json) {
+ this.fromJSON(parameters.json);
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case MODULUS$1:
+ return new Integer();
+ case PUBLIC_EXPONENT$1:
+ return new Integer();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Integer({ name: (names.modulus || EMPTY_STRING) }),
+ new Integer({ name: (names.publicExponent || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1b);
+ const asn1 = compareSchema(schema, schema, RSAPublicKey.schema({
+ names: {
+ modulus: MODULUS$1,
+ publicExponent: PUBLIC_EXPONENT$1
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.modulus = asn1.result.modulus.convertFromDER(256);
+ this.publicExponent = asn1.result.publicExponent;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ this.modulus.convertToDER(),
+ this.publicExponent
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ n: Convert.ToBase64Url(this.modulus.valueBlock.valueHexView),
+ e: Convert.ToBase64Url(this.publicExponent.valueBlock.valueHexView),
+ };
+ }
+ fromJSON(json) {
+ ParameterError.assert("json", json, "n", "e");
+ const array = stringToArrayBuffer(fromBase64(json.n, true));
+ this.modulus = new Integer({ valueHex: array.slice(0, Math.pow(2, nearestPowerOf2(array.byteLength))) });
+ this.publicExponent = new Integer({ valueHex: stringToArrayBuffer(fromBase64(json.e, true)).slice(0, 3) });
+ }
+}
+RSAPublicKey.CLASS_NAME = "RSAPublicKey";
+
+const ALGORITHM$1 = "algorithm";
+const SUBJECT_PUBLIC_KEY = "subjectPublicKey";
+const CLEAR_PROPS$1a = [ALGORITHM$1, SUBJECT_PUBLIC_KEY];
+class PublicKeyInfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.algorithm = getParametersValue(parameters, ALGORITHM$1, PublicKeyInfo.defaultValues(ALGORITHM$1));
+ this.subjectPublicKey = getParametersValue(parameters, SUBJECT_PUBLIC_KEY, PublicKeyInfo.defaultValues(SUBJECT_PUBLIC_KEY));
+ const parsedKey = getParametersValue(parameters, "parsedKey", null);
+ if (parsedKey) {
+ this.parsedKey = parsedKey;
+ }
+ if (parameters.json) {
+ this.fromJSON(parameters.json);
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ get parsedKey() {
+ if (this._parsedKey === undefined) {
+ switch (this.algorithm.algorithmId) {
+ case "1.2.840.10045.2.1":
+ if ("algorithmParams" in this.algorithm) {
+ if (this.algorithm.algorithmParams.constructor.blockName() === ObjectIdentifier.blockName()) {
+ try {
+ this._parsedKey = new ECPublicKey({
+ namedCurve: this.algorithm.algorithmParams.valueBlock.toString(),
+ schema: this.subjectPublicKey.valueBlock.valueHexView
+ });
+ }
+ catch (ex) {
+ }
+ }
+ }
+ break;
+ case "1.2.840.113549.1.1.1":
+ {
+ const publicKeyASN1 = fromBER(this.subjectPublicKey.valueBlock.valueHexView);
+ if (publicKeyASN1.offset !== -1) {
+ try {
+ this._parsedKey = new RSAPublicKey({ schema: publicKeyASN1.result });
+ }
+ catch (ex) {
+ }
+ }
+ }
+ break;
+ }
+ this._parsedKey || (this._parsedKey = null);
+ }
+ return this._parsedKey || undefined;
+ }
+ set parsedKey(value) {
+ this._parsedKey = value;
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case ALGORITHM$1:
+ return new AlgorithmIdentifier();
+ case SUBJECT_PUBLIC_KEY:
+ return new BitString();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ AlgorithmIdentifier.schema(names.algorithm || {}),
+ new BitString({ name: (names.subjectPublicKey || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1a);
+ const asn1 = compareSchema(schema, schema, PublicKeyInfo.schema({
+ names: {
+ algorithm: {
+ names: {
+ blockName: ALGORITHM$1
+ }
+ },
+ subjectPublicKey: SUBJECT_PUBLIC_KEY
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.algorithm = new AlgorithmIdentifier({ schema: asn1.result.algorithm });
+ this.subjectPublicKey = asn1.result.subjectPublicKey;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ this.algorithm.toSchema(),
+ this.subjectPublicKey
+ ]
+ }));
+ }
+ toJSON() {
+ if (!this.parsedKey) {
+ return {
+ algorithm: this.algorithm.toJSON(),
+ subjectPublicKey: this.subjectPublicKey.toJSON(),
+ };
+ }
+ const jwk = {};
+ switch (this.algorithm.algorithmId) {
+ case "1.2.840.10045.2.1":
+ jwk.kty = "EC";
+ break;
+ case "1.2.840.113549.1.1.1":
+ jwk.kty = "RSA";
+ break;
+ }
+ const publicKeyJWK = this.parsedKey.toJSON();
+ Object.assign(jwk, publicKeyJWK);
+ return jwk;
+ }
+ fromJSON(json) {
+ if ("kty" in json) {
+ switch (json.kty.toUpperCase()) {
+ case "EC":
+ this.parsedKey = new ECPublicKey({ json });
+ this.algorithm = new AlgorithmIdentifier({
+ algorithmId: "1.2.840.10045.2.1",
+ algorithmParams: new ObjectIdentifier({ value: this.parsedKey.namedCurve })
+ });
+ break;
+ case "RSA":
+ this.parsedKey = new RSAPublicKey({ json });
+ this.algorithm = new AlgorithmIdentifier({
+ algorithmId: "1.2.840.113549.1.1.1",
+ algorithmParams: new Null()
+ });
+ break;
+ default:
+ throw new Error(`Invalid value for "kty" parameter: ${json.kty}`);
+ }
+ this.subjectPublicKey = new BitString({ valueHex: this.parsedKey.toSchema().toBER(false) });
+ }
+ }
+ importKey(publicKey, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ try {
+ if (!publicKey) {
+ throw new Error("Need to provide publicKey input parameter");
+ }
+ const exportedKey = yield crypto.exportKey("spki", publicKey);
+ const asn1 = fromBER(exportedKey);
+ try {
+ this.fromSchema(asn1.result);
+ }
+ catch (exception) {
+ throw new Error("Error during initializing object from schema");
+ }
+ }
+ catch (e) {
+ const message = e instanceof Error ? e.message : `${e}`;
+ throw new Error(`Error during exporting public key: ${message}`);
+ }
+ });
+ }
+}
+PublicKeyInfo.CLASS_NAME = "PublicKeyInfo";
+
+const VERSION$l = "version";
+const PRIVATE_KEY$1 = "privateKey";
+const NAMED_CURVE = "namedCurve";
+const PUBLIC_KEY$1 = "publicKey";
+const CLEAR_PROPS$19 = [
+ VERSION$l,
+ PRIVATE_KEY$1,
+ NAMED_CURVE,
+ PUBLIC_KEY$1
+];
+class ECPrivateKey extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.version = getParametersValue(parameters, VERSION$l, ECPrivateKey.defaultValues(VERSION$l));
+ this.privateKey = getParametersValue(parameters, PRIVATE_KEY$1, ECPrivateKey.defaultValues(PRIVATE_KEY$1));
+ if (NAMED_CURVE in parameters) {
+ this.namedCurve = getParametersValue(parameters, NAMED_CURVE, ECPrivateKey.defaultValues(NAMED_CURVE));
+ }
+ if (PUBLIC_KEY$1 in parameters) {
+ this.publicKey = getParametersValue(parameters, PUBLIC_KEY$1, ECPrivateKey.defaultValues(PUBLIC_KEY$1));
+ }
+ if (parameters.json) {
+ this.fromJSON(parameters.json);
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VERSION$l:
+ return 1;
+ case PRIVATE_KEY$1:
+ return new OctetString();
+ case NAMED_CURVE:
+ return EMPTY_STRING;
+ case PUBLIC_KEY$1:
+ return new ECPublicKey();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case VERSION$l:
+ return (memberValue === ECPrivateKey.defaultValues(memberName));
+ case PRIVATE_KEY$1:
+ return (memberValue.isEqual(ECPrivateKey.defaultValues(memberName)));
+ case NAMED_CURVE:
+ return (memberValue === EMPTY_STRING);
+ case PUBLIC_KEY$1:
+ return ((ECPublicKey.compareWithDefault(NAMED_CURVE, memberValue.namedCurve)) &&
+ (ECPublicKey.compareWithDefault("x", memberValue.x)) &&
+ (ECPublicKey.compareWithDefault("y", memberValue.y)));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Integer({ name: (names.version || EMPTY_STRING) }),
+ new OctetString({ name: (names.privateKey || EMPTY_STRING) }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new ObjectIdentifier({ name: (names.namedCurve || EMPTY_STRING) })
+ ]
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [
+ new BitString({ name: (names.publicKey || EMPTY_STRING) })
+ ]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$19);
+ const asn1 = compareSchema(schema, schema, ECPrivateKey.schema({
+ names: {
+ version: VERSION$l,
+ privateKey: PRIVATE_KEY$1,
+ namedCurve: NAMED_CURVE,
+ publicKey: PUBLIC_KEY$1
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.version = asn1.result.version.valueBlock.valueDec;
+ this.privateKey = asn1.result.privateKey;
+ if (NAMED_CURVE in asn1.result) {
+ this.namedCurve = asn1.result.namedCurve.valueBlock.toString();
+ }
+ if (PUBLIC_KEY$1 in asn1.result) {
+ const publicKeyData = { schema: asn1.result.publicKey.valueBlock.valueHex };
+ if (NAMED_CURVE in this) {
+ publicKeyData.namedCurve = this.namedCurve;
+ }
+ this.publicKey = new ECPublicKey(publicKeyData);
+ }
+ }
+ toSchema() {
+ const outputArray = [
+ new Integer({ value: this.version }),
+ this.privateKey
+ ];
+ if (this.namedCurve) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new ObjectIdentifier({ value: this.namedCurve })
+ ]
+ }));
+ }
+ if (this.publicKey) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [
+ new BitString({ valueHex: this.publicKey.toSchema().toBER(false) })
+ ]
+ }));
+ }
+ return new Sequence({
+ value: outputArray
+ });
+ }
+ toJSON() {
+ if (!this.namedCurve || ECPrivateKey.compareWithDefault(NAMED_CURVE, this.namedCurve)) {
+ throw new Error("Not enough information for making JSON: absent \"namedCurve\" value");
+ }
+ const curve = ECNamedCurves.find(this.namedCurve);
+ const privateKeyJSON = {
+ crv: curve ? curve.name : this.namedCurve,
+ d: Convert.ToBase64Url(this.privateKey.valueBlock.valueHexView),
+ };
+ if (this.publicKey) {
+ const publicKeyJSON = this.publicKey.toJSON();
+ privateKeyJSON.x = publicKeyJSON.x;
+ privateKeyJSON.y = publicKeyJSON.y;
+ }
+ return privateKeyJSON;
+ }
+ fromJSON(json) {
+ ParameterError.assert("json", json, "crv", "d");
+ let coordinateLength = 0;
+ const curve = ECNamedCurves.find(json.crv);
+ if (curve) {
+ this.namedCurve = curve.id;
+ coordinateLength = curve.size;
+ }
+ const convertBuffer = Convert.FromBase64Url(json.d);
+ if (convertBuffer.byteLength < coordinateLength) {
+ const buffer = new ArrayBuffer(coordinateLength);
+ const view = new Uint8Array(buffer);
+ const convertBufferView = new Uint8Array(convertBuffer);
+ view.set(convertBufferView, 1);
+ this.privateKey = new OctetString({ valueHex: buffer });
+ }
+ else {
+ this.privateKey = new OctetString({ valueHex: convertBuffer.slice(0, coordinateLength) });
+ }
+ if (json.x && json.y) {
+ this.publicKey = new ECPublicKey({ json });
+ }
+ }
+}
+ECPrivateKey.CLASS_NAME = "ECPrivateKey";
+
+const PRIME = "prime";
+const EXPONENT = "exponent";
+const COEFFICIENT$1 = "coefficient";
+const CLEAR_PROPS$18 = [
+ PRIME,
+ EXPONENT,
+ COEFFICIENT$1,
+];
+class OtherPrimeInfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.prime = getParametersValue(parameters, PRIME, OtherPrimeInfo.defaultValues(PRIME));
+ this.exponent = getParametersValue(parameters, EXPONENT, OtherPrimeInfo.defaultValues(EXPONENT));
+ this.coefficient = getParametersValue(parameters, COEFFICIENT$1, OtherPrimeInfo.defaultValues(COEFFICIENT$1));
+ if (parameters.json) {
+ this.fromJSON(parameters.json);
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case PRIME:
+ return new Integer();
+ case EXPONENT:
+ return new Integer();
+ case COEFFICIENT$1:
+ return new Integer();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Integer({ name: (names.prime || EMPTY_STRING) }),
+ new Integer({ name: (names.exponent || EMPTY_STRING) }),
+ new Integer({ name: (names.coefficient || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$18);
+ const asn1 = compareSchema(schema, schema, OtherPrimeInfo.schema({
+ names: {
+ prime: PRIME,
+ exponent: EXPONENT,
+ coefficient: COEFFICIENT$1
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.prime = asn1.result.prime.convertFromDER();
+ this.exponent = asn1.result.exponent.convertFromDER();
+ this.coefficient = asn1.result.coefficient.convertFromDER();
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ this.prime.convertToDER(),
+ this.exponent.convertToDER(),
+ this.coefficient.convertToDER()
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ r: Convert.ToBase64Url(this.prime.valueBlock.valueHexView),
+ d: Convert.ToBase64Url(this.exponent.valueBlock.valueHexView),
+ t: Convert.ToBase64Url(this.coefficient.valueBlock.valueHexView),
+ };
+ }
+ fromJSON(json) {
+ ParameterError.assert("json", json, "r", "d", "r");
+ this.prime = new Integer({ valueHex: Convert.FromBase64Url(json.r) });
+ this.exponent = new Integer({ valueHex: Convert.FromBase64Url(json.d) });
+ this.coefficient = new Integer({ valueHex: Convert.FromBase64Url(json.t) });
+ }
+}
+OtherPrimeInfo.CLASS_NAME = "OtherPrimeInfo";
+
+const VERSION$k = "version";
+const MODULUS = "modulus";
+const PUBLIC_EXPONENT = "publicExponent";
+const PRIVATE_EXPONENT = "privateExponent";
+const PRIME1 = "prime1";
+const PRIME2 = "prime2";
+const EXPONENT1 = "exponent1";
+const EXPONENT2 = "exponent2";
+const COEFFICIENT = "coefficient";
+const OTHER_PRIME_INFOS = "otherPrimeInfos";
+const CLEAR_PROPS$17 = [
+ VERSION$k,
+ MODULUS,
+ PUBLIC_EXPONENT,
+ PRIVATE_EXPONENT,
+ PRIME1,
+ PRIME2,
+ EXPONENT1,
+ EXPONENT2,
+ COEFFICIENT,
+ OTHER_PRIME_INFOS
+];
+class RSAPrivateKey extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.version = getParametersValue(parameters, VERSION$k, RSAPrivateKey.defaultValues(VERSION$k));
+ this.modulus = getParametersValue(parameters, MODULUS, RSAPrivateKey.defaultValues(MODULUS));
+ this.publicExponent = getParametersValue(parameters, PUBLIC_EXPONENT, RSAPrivateKey.defaultValues(PUBLIC_EXPONENT));
+ this.privateExponent = getParametersValue(parameters, PRIVATE_EXPONENT, RSAPrivateKey.defaultValues(PRIVATE_EXPONENT));
+ this.prime1 = getParametersValue(parameters, PRIME1, RSAPrivateKey.defaultValues(PRIME1));
+ this.prime2 = getParametersValue(parameters, PRIME2, RSAPrivateKey.defaultValues(PRIME2));
+ this.exponent1 = getParametersValue(parameters, EXPONENT1, RSAPrivateKey.defaultValues(EXPONENT1));
+ this.exponent2 = getParametersValue(parameters, EXPONENT2, RSAPrivateKey.defaultValues(EXPONENT2));
+ this.coefficient = getParametersValue(parameters, COEFFICIENT, RSAPrivateKey.defaultValues(COEFFICIENT));
+ if (OTHER_PRIME_INFOS in parameters) {
+ this.otherPrimeInfos = getParametersValue(parameters, OTHER_PRIME_INFOS, RSAPrivateKey.defaultValues(OTHER_PRIME_INFOS));
+ }
+ if (parameters.json) {
+ this.fromJSON(parameters.json);
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VERSION$k:
+ return 0;
+ case MODULUS:
+ return new Integer();
+ case PUBLIC_EXPONENT:
+ return new Integer();
+ case PRIVATE_EXPONENT:
+ return new Integer();
+ case PRIME1:
+ return new Integer();
+ case PRIME2:
+ return new Integer();
+ case EXPONENT1:
+ return new Integer();
+ case EXPONENT2:
+ return new Integer();
+ case COEFFICIENT:
+ return new Integer();
+ case OTHER_PRIME_INFOS:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Integer({ name: (names.version || EMPTY_STRING) }),
+ new Integer({ name: (names.modulus || EMPTY_STRING) }),
+ new Integer({ name: (names.publicExponent || EMPTY_STRING) }),
+ new Integer({ name: (names.privateExponent || EMPTY_STRING) }),
+ new Integer({ name: (names.prime1 || EMPTY_STRING) }),
+ new Integer({ name: (names.prime2 || EMPTY_STRING) }),
+ new Integer({ name: (names.exponent1 || EMPTY_STRING) }),
+ new Integer({ name: (names.exponent2 || EMPTY_STRING) }),
+ new Integer({ name: (names.coefficient || EMPTY_STRING) }),
+ new Sequence({
+ optional: true,
+ value: [
+ new Repeated({
+ name: (names.otherPrimeInfosName || EMPTY_STRING),
+ value: OtherPrimeInfo.schema(names.otherPrimeInfo || {})
+ })
+ ]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$17);
+ const asn1 = compareSchema(schema, schema, RSAPrivateKey.schema({
+ names: {
+ version: VERSION$k,
+ modulus: MODULUS,
+ publicExponent: PUBLIC_EXPONENT,
+ privateExponent: PRIVATE_EXPONENT,
+ prime1: PRIME1,
+ prime2: PRIME2,
+ exponent1: EXPONENT1,
+ exponent2: EXPONENT2,
+ coefficient: COEFFICIENT,
+ otherPrimeInfo: {
+ names: {
+ blockName: OTHER_PRIME_INFOS
+ }
+ }
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.version = asn1.result.version.valueBlock.valueDec;
+ this.modulus = asn1.result.modulus.convertFromDER(256);
+ this.publicExponent = asn1.result.publicExponent;
+ this.privateExponent = asn1.result.privateExponent.convertFromDER(256);
+ this.prime1 = asn1.result.prime1.convertFromDER(128);
+ this.prime2 = asn1.result.prime2.convertFromDER(128);
+ this.exponent1 = asn1.result.exponent1.convertFromDER(128);
+ this.exponent2 = asn1.result.exponent2.convertFromDER(128);
+ this.coefficient = asn1.result.coefficient.convertFromDER(128);
+ if (OTHER_PRIME_INFOS in asn1.result)
+ this.otherPrimeInfos = Array.from(asn1.result.otherPrimeInfos, element => new OtherPrimeInfo({ schema: element }));
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(new Integer({ value: this.version }));
+ outputArray.push(this.modulus.convertToDER());
+ outputArray.push(this.publicExponent);
+ outputArray.push(this.privateExponent.convertToDER());
+ outputArray.push(this.prime1.convertToDER());
+ outputArray.push(this.prime2.convertToDER());
+ outputArray.push(this.exponent1.convertToDER());
+ outputArray.push(this.exponent2.convertToDER());
+ outputArray.push(this.coefficient.convertToDER());
+ if (this.otherPrimeInfos) {
+ outputArray.push(new Sequence({
+ value: Array.from(this.otherPrimeInfos, o => o.toSchema())
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const jwk = {
+ n: Convert.ToBase64Url(this.modulus.valueBlock.valueHexView),
+ e: Convert.ToBase64Url(this.publicExponent.valueBlock.valueHexView),
+ d: Convert.ToBase64Url(this.privateExponent.valueBlock.valueHexView),
+ p: Convert.ToBase64Url(this.prime1.valueBlock.valueHexView),
+ q: Convert.ToBase64Url(this.prime2.valueBlock.valueHexView),
+ dp: Convert.ToBase64Url(this.exponent1.valueBlock.valueHexView),
+ dq: Convert.ToBase64Url(this.exponent2.valueBlock.valueHexView),
+ qi: Convert.ToBase64Url(this.coefficient.valueBlock.valueHexView),
+ };
+ if (this.otherPrimeInfos) {
+ jwk.oth = Array.from(this.otherPrimeInfos, o => o.toJSON());
+ }
+ return jwk;
+ }
+ fromJSON(json) {
+ ParameterError.assert("json", json, "n", "e", "d", "p", "q", "dp", "dq", "qi");
+ this.modulus = new Integer({ valueHex: Convert.FromBase64Url(json.n) });
+ this.publicExponent = new Integer({ valueHex: Convert.FromBase64Url(json.e) });
+ this.privateExponent = new Integer({ valueHex: Convert.FromBase64Url(json.d) });
+ this.prime1 = new Integer({ valueHex: Convert.FromBase64Url(json.p) });
+ this.prime2 = new Integer({ valueHex: Convert.FromBase64Url(json.q) });
+ this.exponent1 = new Integer({ valueHex: Convert.FromBase64Url(json.dp) });
+ this.exponent2 = new Integer({ valueHex: Convert.FromBase64Url(json.dq) });
+ this.coefficient = new Integer({ valueHex: Convert.FromBase64Url(json.qi) });
+ if (json.oth) {
+ this.otherPrimeInfos = Array.from(json.oth, (element) => new OtherPrimeInfo({ json: element }));
+ }
+ }
+}
+RSAPrivateKey.CLASS_NAME = "RSAPrivateKey";
+
+const VERSION$j = "version";
+const PRIVATE_KEY_ALGORITHM = "privateKeyAlgorithm";
+const PRIVATE_KEY = "privateKey";
+const ATTRIBUTES$5 = "attributes";
+const PARSED_KEY = "parsedKey";
+const CLEAR_PROPS$16 = [
+ VERSION$j,
+ PRIVATE_KEY_ALGORITHM,
+ PRIVATE_KEY,
+ ATTRIBUTES$5
+];
+class PrivateKeyInfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.version = getParametersValue(parameters, VERSION$j, PrivateKeyInfo.defaultValues(VERSION$j));
+ this.privateKeyAlgorithm = getParametersValue(parameters, PRIVATE_KEY_ALGORITHM, PrivateKeyInfo.defaultValues(PRIVATE_KEY_ALGORITHM));
+ this.privateKey = getParametersValue(parameters, PRIVATE_KEY, PrivateKeyInfo.defaultValues(PRIVATE_KEY));
+ if (ATTRIBUTES$5 in parameters) {
+ this.attributes = getParametersValue(parameters, ATTRIBUTES$5, PrivateKeyInfo.defaultValues(ATTRIBUTES$5));
+ }
+ if (PARSED_KEY in parameters) {
+ this.parsedKey = getParametersValue(parameters, PARSED_KEY, PrivateKeyInfo.defaultValues(PARSED_KEY));
+ }
+ if (parameters.json) {
+ this.fromJSON(parameters.json);
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VERSION$j:
+ return 0;
+ case PRIVATE_KEY_ALGORITHM:
+ return new AlgorithmIdentifier();
+ case PRIVATE_KEY:
+ return new OctetString();
+ case ATTRIBUTES$5:
+ return [];
+ case PARSED_KEY:
+ return {};
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Integer({ name: (names.version || EMPTY_STRING) }),
+ AlgorithmIdentifier.schema(names.privateKeyAlgorithm || {}),
+ new OctetString({ name: (names.privateKey || EMPTY_STRING) }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new Repeated({
+ name: (names.attributes || EMPTY_STRING),
+ value: Attribute.schema()
+ })
+ ]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$16);
+ const asn1 = compareSchema(schema, schema, PrivateKeyInfo.schema({
+ names: {
+ version: VERSION$j,
+ privateKeyAlgorithm: {
+ names: {
+ blockName: PRIVATE_KEY_ALGORITHM
+ }
+ },
+ privateKey: PRIVATE_KEY,
+ attributes: ATTRIBUTES$5
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.version = asn1.result.version.valueBlock.valueDec;
+ this.privateKeyAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.privateKeyAlgorithm });
+ this.privateKey = asn1.result.privateKey;
+ if (ATTRIBUTES$5 in asn1.result)
+ this.attributes = Array.from(asn1.result.attributes, element => new Attribute({ schema: element }));
+ switch (this.privateKeyAlgorithm.algorithmId) {
+ case "1.2.840.113549.1.1.1":
+ {
+ const privateKeyASN1 = fromBER(this.privateKey.valueBlock.valueHexView);
+ if (privateKeyASN1.offset !== -1)
+ this.parsedKey = new RSAPrivateKey({ schema: privateKeyASN1.result });
+ }
+ break;
+ case "1.2.840.10045.2.1":
+ if ("algorithmParams" in this.privateKeyAlgorithm) {
+ if (this.privateKeyAlgorithm.algorithmParams instanceof ObjectIdentifier) {
+ const privateKeyASN1 = fromBER(this.privateKey.valueBlock.valueHexView);
+ if (privateKeyASN1.offset !== -1) {
+ this.parsedKey = new ECPrivateKey({
+ namedCurve: this.privateKeyAlgorithm.algorithmParams.valueBlock.toString(),
+ schema: privateKeyASN1.result
+ });
+ }
+ }
+ }
+ break;
+ }
+ }
+ toSchema() {
+ const outputArray = [
+ new Integer({ value: this.version }),
+ this.privateKeyAlgorithm.toSchema(),
+ this.privateKey
+ ];
+ if (this.attributes) {
+ outputArray.push(new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: Array.from(this.attributes, o => o.toSchema())
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ if (!this.parsedKey) {
+ const object = {
+ version: this.version,
+ privateKeyAlgorithm: this.privateKeyAlgorithm.toJSON(),
+ privateKey: this.privateKey.toJSON(),
+ };
+ if (this.attributes) {
+ object.attributes = Array.from(this.attributes, o => o.toJSON());
+ }
+ return object;
+ }
+ const jwk = {};
+ switch (this.privateKeyAlgorithm.algorithmId) {
+ case "1.2.840.10045.2.1":
+ jwk.kty = "EC";
+ break;
+ case "1.2.840.113549.1.1.1":
+ jwk.kty = "RSA";
+ break;
+ }
+ const publicKeyJWK = this.parsedKey.toJSON();
+ Object.assign(jwk, publicKeyJWK);
+ return jwk;
+ }
+ fromJSON(json) {
+ if ("kty" in json) {
+ switch (json.kty.toUpperCase()) {
+ case "EC":
+ this.parsedKey = new ECPrivateKey({ json });
+ this.privateKeyAlgorithm = new AlgorithmIdentifier({
+ algorithmId: "1.2.840.10045.2.1",
+ algorithmParams: new ObjectIdentifier({ value: this.parsedKey.namedCurve })
+ });
+ break;
+ case "RSA":
+ this.parsedKey = new RSAPrivateKey({ json });
+ this.privateKeyAlgorithm = new AlgorithmIdentifier({
+ algorithmId: "1.2.840.113549.1.1.1",
+ algorithmParams: new Null()
+ });
+ break;
+ default:
+ throw new Error(`Invalid value for "kty" parameter: ${json.kty}`);
+ }
+ this.privateKey = new OctetString({ valueHex: this.parsedKey.toSchema().toBER(false) });
+ }
+ }
+}
+PrivateKeyInfo.CLASS_NAME = "PrivateKeyInfo";
+
+const CONTENT_TYPE$1 = "contentType";
+const CONTENT_ENCRYPTION_ALGORITHM = "contentEncryptionAlgorithm";
+const ENCRYPTED_CONTENT = "encryptedContent";
+const CLEAR_PROPS$15 = [
+ CONTENT_TYPE$1,
+ CONTENT_ENCRYPTION_ALGORITHM,
+ ENCRYPTED_CONTENT,
+];
+class EncryptedContentInfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.contentType = getParametersValue(parameters, CONTENT_TYPE$1, EncryptedContentInfo.defaultValues(CONTENT_TYPE$1));
+ this.contentEncryptionAlgorithm = getParametersValue(parameters, CONTENT_ENCRYPTION_ALGORITHM, EncryptedContentInfo.defaultValues(CONTENT_ENCRYPTION_ALGORITHM));
+ if (ENCRYPTED_CONTENT in parameters && parameters.encryptedContent) {
+ this.encryptedContent = parameters.encryptedContent;
+ if ((this.encryptedContent.idBlock.tagClass === 1) &&
+ (this.encryptedContent.idBlock.tagNumber === 4)) {
+ if (this.encryptedContent.idBlock.isConstructed === false) {
+ const constrString = new OctetString({
+ idBlock: { isConstructed: true },
+ isConstructed: true
+ });
+ let offset = 0;
+ const valueHex = this.encryptedContent.valueBlock.valueHexView.slice().buffer;
+ let length = valueHex.byteLength;
+ const pieceSize = 1024;
+ while (length > 0) {
+ const pieceView = new Uint8Array(valueHex, offset, ((offset + pieceSize) > valueHex.byteLength) ? (valueHex.byteLength - offset) : pieceSize);
+ const _array = new ArrayBuffer(pieceView.length);
+ const _view = new Uint8Array(_array);
+ for (let i = 0; i < _view.length; i++)
+ _view[i] = pieceView[i];
+ constrString.valueBlock.value.push(new OctetString({ valueHex: _array }));
+ length -= pieceView.length;
+ offset += pieceView.length;
+ }
+ this.encryptedContent = constrString;
+ }
+ }
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case CONTENT_TYPE$1:
+ return EMPTY_STRING;
+ case CONTENT_ENCRYPTION_ALGORITHM:
+ return new AlgorithmIdentifier();
+ case ENCRYPTED_CONTENT:
+ return new OctetString();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case CONTENT_TYPE$1:
+ return (memberValue === EMPTY_STRING);
+ case CONTENT_ENCRYPTION_ALGORITHM:
+ return ((memberValue.algorithmId === EMPTY_STRING) && (("algorithmParams" in memberValue) === false));
+ case ENCRYPTED_CONTENT:
+ return (memberValue.isEqual(EncryptedContentInfo.defaultValues(ENCRYPTED_CONTENT)));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.contentType || EMPTY_STRING) }),
+ AlgorithmIdentifier.schema(names.contentEncryptionAlgorithm || {}),
+ new Choice({
+ value: [
+ new Constructed({
+ name: (names.encryptedContent || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new Repeated({
+ value: new OctetString()
+ })
+ ]
+ }),
+ new Primitive({
+ name: (names.encryptedContent || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ }
+ })
+ ]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$15);
+ const asn1 = compareSchema(schema, schema, EncryptedContentInfo.schema({
+ names: {
+ contentType: CONTENT_TYPE$1,
+ contentEncryptionAlgorithm: {
+ names: {
+ blockName: CONTENT_ENCRYPTION_ALGORITHM
+ }
+ },
+ encryptedContent: ENCRYPTED_CONTENT
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.contentType = asn1.result.contentType.valueBlock.toString();
+ this.contentEncryptionAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.contentEncryptionAlgorithm });
+ if (ENCRYPTED_CONTENT in asn1.result) {
+ this.encryptedContent = asn1.result.encryptedContent;
+ this.encryptedContent.idBlock.tagClass = 1;
+ this.encryptedContent.idBlock.tagNumber = 4;
+ }
+ }
+ toSchema() {
+ const sequenceLengthBlock = {
+ isIndefiniteForm: false
+ };
+ const outputArray = [];
+ outputArray.push(new ObjectIdentifier({ value: this.contentType }));
+ outputArray.push(this.contentEncryptionAlgorithm.toSchema());
+ if (this.encryptedContent) {
+ sequenceLengthBlock.isIndefiniteForm = this.encryptedContent.idBlock.isConstructed;
+ const encryptedValue = this.encryptedContent;
+ encryptedValue.idBlock.tagClass = 3;
+ encryptedValue.idBlock.tagNumber = 0;
+ encryptedValue.lenBlock.isIndefiniteForm = this.encryptedContent.idBlock.isConstructed;
+ outputArray.push(encryptedValue);
+ }
+ return (new Sequence({
+ lenBlock: sequenceLengthBlock,
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ contentType: this.contentType,
+ contentEncryptionAlgorithm: this.contentEncryptionAlgorithm.toJSON()
+ };
+ if (this.encryptedContent) {
+ res.encryptedContent = this.encryptedContent.toJSON();
+ }
+ return res;
+ }
+ getEncryptedContent() {
+ if (!this.encryptedContent) {
+ throw new Error("Parameter 'encryptedContent' is undefined");
+ }
+ return OctetString.prototype.getValue.call(this.encryptedContent);
+ }
+}
+EncryptedContentInfo.CLASS_NAME = "EncryptedContentInfo";
+
+const HASH_ALGORITHM$4 = "hashAlgorithm";
+const MASK_GEN_ALGORITHM$1 = "maskGenAlgorithm";
+const SALT_LENGTH = "saltLength";
+const TRAILER_FIELD = "trailerField";
+const CLEAR_PROPS$14 = [
+ HASH_ALGORITHM$4,
+ MASK_GEN_ALGORITHM$1,
+ SALT_LENGTH,
+ TRAILER_FIELD
+];
+class RSASSAPSSParams extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.hashAlgorithm = getParametersValue(parameters, HASH_ALGORITHM$4, RSASSAPSSParams.defaultValues(HASH_ALGORITHM$4));
+ this.maskGenAlgorithm = getParametersValue(parameters, MASK_GEN_ALGORITHM$1, RSASSAPSSParams.defaultValues(MASK_GEN_ALGORITHM$1));
+ this.saltLength = getParametersValue(parameters, SALT_LENGTH, RSASSAPSSParams.defaultValues(SALT_LENGTH));
+ this.trailerField = getParametersValue(parameters, TRAILER_FIELD, RSASSAPSSParams.defaultValues(TRAILER_FIELD));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case HASH_ALGORITHM$4:
+ return new AlgorithmIdentifier({
+ algorithmId: "1.3.14.3.2.26",
+ algorithmParams: new Null()
+ });
+ case MASK_GEN_ALGORITHM$1:
+ return new AlgorithmIdentifier({
+ algorithmId: "1.2.840.113549.1.1.8",
+ algorithmParams: (new AlgorithmIdentifier({
+ algorithmId: "1.3.14.3.2.26",
+ algorithmParams: new Null()
+ })).toSchema()
+ });
+ case SALT_LENGTH:
+ return 20;
+ case TRAILER_FIELD:
+ return 1;
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ optional: true,
+ value: [AlgorithmIdentifier.schema(names.hashAlgorithm || {})]
+ }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ optional: true,
+ value: [AlgorithmIdentifier.schema(names.maskGenAlgorithm || {})]
+ }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ optional: true,
+ value: [new Integer({ name: (names.saltLength || EMPTY_STRING) })]
+ }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 3
+ },
+ optional: true,
+ value: [new Integer({ name: (names.trailerField || EMPTY_STRING) })]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$14);
+ const asn1 = compareSchema(schema, schema, RSASSAPSSParams.schema({
+ names: {
+ hashAlgorithm: {
+ names: {
+ blockName: HASH_ALGORITHM$4
+ }
+ },
+ maskGenAlgorithm: {
+ names: {
+ blockName: MASK_GEN_ALGORITHM$1
+ }
+ },
+ saltLength: SALT_LENGTH,
+ trailerField: TRAILER_FIELD
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (HASH_ALGORITHM$4 in asn1.result)
+ this.hashAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.hashAlgorithm });
+ if (MASK_GEN_ALGORITHM$1 in asn1.result)
+ this.maskGenAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.maskGenAlgorithm });
+ if (SALT_LENGTH in asn1.result)
+ this.saltLength = asn1.result.saltLength.valueBlock.valueDec;
+ if (TRAILER_FIELD in asn1.result)
+ this.trailerField = asn1.result.trailerField.valueBlock.valueDec;
+ }
+ toSchema() {
+ const outputArray = [];
+ if (!this.hashAlgorithm.isEqual(RSASSAPSSParams.defaultValues(HASH_ALGORITHM$4))) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [this.hashAlgorithm.toSchema()]
+ }));
+ }
+ if (!this.maskGenAlgorithm.isEqual(RSASSAPSSParams.defaultValues(MASK_GEN_ALGORITHM$1))) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [this.maskGenAlgorithm.toSchema()]
+ }));
+ }
+ if (this.saltLength !== RSASSAPSSParams.defaultValues(SALT_LENGTH)) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ value: [new Integer({ value: this.saltLength })]
+ }));
+ }
+ if (this.trailerField !== RSASSAPSSParams.defaultValues(TRAILER_FIELD)) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 3
+ },
+ value: [new Integer({ value: this.trailerField })]
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {};
+ if (!this.hashAlgorithm.isEqual(RSASSAPSSParams.defaultValues(HASH_ALGORITHM$4))) {
+ res.hashAlgorithm = this.hashAlgorithm.toJSON();
+ }
+ if (!this.maskGenAlgorithm.isEqual(RSASSAPSSParams.defaultValues(MASK_GEN_ALGORITHM$1))) {
+ res.maskGenAlgorithm = this.maskGenAlgorithm.toJSON();
+ }
+ if (this.saltLength !== RSASSAPSSParams.defaultValues(SALT_LENGTH)) {
+ res.saltLength = this.saltLength;
+ }
+ if (this.trailerField !== RSASSAPSSParams.defaultValues(TRAILER_FIELD)) {
+ res.trailerField = this.trailerField;
+ }
+ return res;
+ }
+}
+RSASSAPSSParams.CLASS_NAME = "RSASSAPSSParams";
+
+const SALT = "salt";
+const ITERATION_COUNT = "iterationCount";
+const KEY_LENGTH = "keyLength";
+const PRF = "prf";
+const CLEAR_PROPS$13 = [
+ SALT,
+ ITERATION_COUNT,
+ KEY_LENGTH,
+ PRF
+];
+class PBKDF2Params extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.salt = getParametersValue(parameters, SALT, PBKDF2Params.defaultValues(SALT));
+ this.iterationCount = getParametersValue(parameters, ITERATION_COUNT, PBKDF2Params.defaultValues(ITERATION_COUNT));
+ if (KEY_LENGTH in parameters) {
+ this.keyLength = getParametersValue(parameters, KEY_LENGTH, PBKDF2Params.defaultValues(KEY_LENGTH));
+ }
+ if (PRF in parameters) {
+ this.prf = getParametersValue(parameters, PRF, PBKDF2Params.defaultValues(PRF));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case SALT:
+ return {};
+ case ITERATION_COUNT:
+ return (-1);
+ case KEY_LENGTH:
+ return 0;
+ case PRF:
+ return new AlgorithmIdentifier({
+ algorithmId: "1.3.14.3.2.26",
+ algorithmParams: new Null()
+ });
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Choice({
+ value: [
+ new OctetString({ name: (names.saltPrimitive || EMPTY_STRING) }),
+ AlgorithmIdentifier.schema(names.saltConstructed || {})
+ ]
+ }),
+ new Integer({ name: (names.iterationCount || EMPTY_STRING) }),
+ new Integer({
+ name: (names.keyLength || EMPTY_STRING),
+ optional: true
+ }),
+ AlgorithmIdentifier.schema(names.prf || {
+ names: {
+ optional: true
+ }
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$13);
+ const asn1 = compareSchema(schema, schema, PBKDF2Params.schema({
+ names: {
+ saltPrimitive: SALT,
+ saltConstructed: {
+ names: {
+ blockName: SALT
+ }
+ },
+ iterationCount: ITERATION_COUNT,
+ keyLength: KEY_LENGTH,
+ prf: {
+ names: {
+ blockName: PRF,
+ optional: true
+ }
+ }
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.salt = asn1.result.salt;
+ this.iterationCount = asn1.result.iterationCount.valueBlock.valueDec;
+ if (KEY_LENGTH in asn1.result)
+ this.keyLength = asn1.result.keyLength.valueBlock.valueDec;
+ if (PRF in asn1.result)
+ this.prf = new AlgorithmIdentifier({ schema: asn1.result.prf });
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(this.salt);
+ outputArray.push(new Integer({ value: this.iterationCount }));
+ if (KEY_LENGTH in this) {
+ if (PBKDF2Params.defaultValues(KEY_LENGTH) !== this.keyLength)
+ outputArray.push(new Integer({ value: this.keyLength }));
+ }
+ if (this.prf) {
+ if (PBKDF2Params.defaultValues(PRF).isEqual(this.prf) === false)
+ outputArray.push(this.prf.toSchema());
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ salt: this.salt.toJSON(),
+ iterationCount: this.iterationCount
+ };
+ if (KEY_LENGTH in this) {
+ if (PBKDF2Params.defaultValues(KEY_LENGTH) !== this.keyLength)
+ res.keyLength = this.keyLength;
+ }
+ if (this.prf) {
+ if (PBKDF2Params.defaultValues(PRF).isEqual(this.prf) === false)
+ res.prf = this.prf.toJSON();
+ }
+ return res;
+ }
+}
+PBKDF2Params.CLASS_NAME = "PBKDF2Params";
+
+const KEY_DERIVATION_FUNC = "keyDerivationFunc";
+const ENCRYPTION_SCHEME = "encryptionScheme";
+const CLEAR_PROPS$12 = [
+ KEY_DERIVATION_FUNC,
+ ENCRYPTION_SCHEME
+];
+class PBES2Params extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.keyDerivationFunc = getParametersValue(parameters, KEY_DERIVATION_FUNC, PBES2Params.defaultValues(KEY_DERIVATION_FUNC));
+ this.encryptionScheme = getParametersValue(parameters, ENCRYPTION_SCHEME, PBES2Params.defaultValues(ENCRYPTION_SCHEME));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case KEY_DERIVATION_FUNC:
+ return new AlgorithmIdentifier();
+ case ENCRYPTION_SCHEME:
+ return new AlgorithmIdentifier();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ AlgorithmIdentifier.schema(names.keyDerivationFunc || {}),
+ AlgorithmIdentifier.schema(names.encryptionScheme || {})
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$12);
+ const asn1 = compareSchema(schema, schema, PBES2Params.schema({
+ names: {
+ keyDerivationFunc: {
+ names: {
+ blockName: KEY_DERIVATION_FUNC
+ }
+ },
+ encryptionScheme: {
+ names: {
+ blockName: ENCRYPTION_SCHEME
+ }
+ }
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.keyDerivationFunc = new AlgorithmIdentifier({ schema: asn1.result.keyDerivationFunc });
+ this.encryptionScheme = new AlgorithmIdentifier({ schema: asn1.result.encryptionScheme });
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ this.keyDerivationFunc.toSchema(),
+ this.encryptionScheme.toSchema()
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ keyDerivationFunc: this.keyDerivationFunc.toJSON(),
+ encryptionScheme: this.encryptionScheme.toJSON()
+ };
+ }
+}
+PBES2Params.CLASS_NAME = "PBES2Params";
+
+class AbstractCryptoEngine {
+ constructor(parameters) {
+ this.crypto = parameters.crypto;
+ this.subtle = "webkitSubtle" in parameters.crypto
+ ? parameters.crypto.webkitSubtle
+ : parameters.crypto.subtle;
+ this.name = getParametersValue(parameters, "name", EMPTY_STRING);
+ }
+ encrypt(...args) {
+ return __awaiter(this, void 0, void 0, function* () {
+ return this.subtle.encrypt(...args);
+ });
+ }
+ decrypt(...args) {
+ return __awaiter(this, void 0, void 0, function* () {
+ return this.subtle.decrypt(...args);
+ });
+ }
+ sign(...args) {
+ return this.subtle.sign(...args);
+ }
+ verify(...args) {
+ return __awaiter(this, void 0, void 0, function* () {
+ return this.subtle.verify(...args);
+ });
+ }
+ digest(...args) {
+ return __awaiter(this, void 0, void 0, function* () {
+ return this.subtle.digest(...args);
+ });
+ }
+ generateKey(...args) {
+ return __awaiter(this, void 0, void 0, function* () {
+ return this.subtle.generateKey(...args);
+ });
+ }
+ deriveKey(...args) {
+ return __awaiter(this, void 0, void 0, function* () {
+ return this.subtle.deriveKey(...args);
+ });
+ }
+ deriveBits(...args) {
+ return __awaiter(this, void 0, void 0, function* () {
+ return this.subtle.deriveBits(...args);
+ });
+ }
+ wrapKey(...args) {
+ return __awaiter(this, void 0, void 0, function* () {
+ return this.subtle.wrapKey(...args);
+ });
+ }
+ unwrapKey(...args) {
+ return __awaiter(this, void 0, void 0, function* () {
+ return this.subtle.unwrapKey(...args);
+ });
+ }
+ exportKey(...args) {
+ return this.subtle.exportKey(...args);
+ }
+ importKey(...args) {
+ return this.subtle.importKey(...args);
+ }
+ getRandomValues(array) {
+ return this.crypto.getRandomValues(array);
+ }
+}
+
+function makePKCS12B2Key(cryptoEngine, hashAlgorithm, keyLength, password, salt, iterationCount) {
+ return __awaiter(this, void 0, void 0, function* () {
+ let u;
+ let v;
+ const result = [];
+ switch (hashAlgorithm.toUpperCase()) {
+ case "SHA-1":
+ u = 20;
+ v = 64;
+ break;
+ case "SHA-256":
+ u = 32;
+ v = 64;
+ break;
+ case "SHA-384":
+ u = 48;
+ v = 128;
+ break;
+ case "SHA-512":
+ u = 64;
+ v = 128;
+ break;
+ default:
+ throw new Error("Unsupported hashing algorithm");
+ }
+ const passwordViewInitial = new Uint8Array(password);
+ const passwordTransformed = new ArrayBuffer((password.byteLength * 2) + 2);
+ const passwordTransformedView = new Uint8Array(passwordTransformed);
+ for (let i = 0; i < passwordViewInitial.length; i++) {
+ passwordTransformedView[i * 2] = 0x00;
+ passwordTransformedView[i * 2 + 1] = passwordViewInitial[i];
+ }
+ passwordTransformedView[passwordTransformedView.length - 2] = 0x00;
+ passwordTransformedView[passwordTransformedView.length - 1] = 0x00;
+ password = passwordTransformed.slice(0);
+ const D = new ArrayBuffer(v);
+ const dView = new Uint8Array(D);
+ for (let i = 0; i < D.byteLength; i++)
+ dView[i] = 3;
+ const saltLength = salt.byteLength;
+ const sLen = v * Math.ceil(saltLength / v);
+ const S = new ArrayBuffer(sLen);
+ const sView = new Uint8Array(S);
+ const saltView = new Uint8Array(salt);
+ for (let i = 0; i < sLen; i++)
+ sView[i] = saltView[i % saltLength];
+ const passwordLength = password.byteLength;
+ const pLen = v * Math.ceil(passwordLength / v);
+ const P = new ArrayBuffer(pLen);
+ const pView = new Uint8Array(P);
+ const passwordView = new Uint8Array(password);
+ for (let i = 0; i < pLen; i++)
+ pView[i] = passwordView[i % passwordLength];
+ const sPlusPLength = S.byteLength + P.byteLength;
+ let I = new ArrayBuffer(sPlusPLength);
+ let iView = new Uint8Array(I);
+ iView.set(sView);
+ iView.set(pView, sView.length);
+ const c = Math.ceil((keyLength >> 3) / u);
+ let internalSequence = Promise.resolve(I);
+ for (let i = 0; i <= c; i++) {
+ internalSequence = internalSequence.then(_I => {
+ const dAndI = new ArrayBuffer(D.byteLength + _I.byteLength);
+ const dAndIView = new Uint8Array(dAndI);
+ dAndIView.set(dView);
+ dAndIView.set(iView, dView.length);
+ return dAndI;
+ });
+ for (let j = 0; j < iterationCount; j++)
+ internalSequence = internalSequence.then(roundBuffer => cryptoEngine.digest({ name: hashAlgorithm }, new Uint8Array(roundBuffer)));
+ internalSequence = internalSequence.then(roundBuffer => {
+ const B = new ArrayBuffer(v);
+ const bView = new Uint8Array(B);
+ for (let j = 0; j < B.byteLength; j++)
+ bView[j] = roundBuffer[j % roundBuffer.byteLength];
+ const k = Math.ceil(saltLength / v) + Math.ceil(passwordLength / v);
+ const iRound = [];
+ let sliceStart = 0;
+ let sliceLength = v;
+ for (let j = 0; j < k; j++) {
+ const chunk = Array.from(new Uint8Array(I.slice(sliceStart, sliceStart + sliceLength)));
+ sliceStart += v;
+ if ((sliceStart + v) > I.byteLength)
+ sliceLength = I.byteLength - sliceStart;
+ let x = 0x1ff;
+ for (let l = (B.byteLength - 1); l >= 0; l--) {
+ x >>= 8;
+ x += bView[l] + chunk[l];
+ chunk[l] = (x & 0xff);
+ }
+ iRound.push(...chunk);
+ }
+ I = new ArrayBuffer(iRound.length);
+ iView = new Uint8Array(I);
+ iView.set(iRound);
+ result.push(...(new Uint8Array(roundBuffer)));
+ return I;
+ });
+ }
+ internalSequence = internalSequence.then(() => {
+ const resultBuffer = new ArrayBuffer(keyLength >> 3);
+ const resultView = new Uint8Array(resultBuffer);
+ resultView.set((new Uint8Array(result)).slice(0, keyLength >> 3));
+ return resultBuffer;
+ });
+ return internalSequence;
+ });
+}
+function prepareAlgorithm(data) {
+ const res = typeof data === "string"
+ ? { name: data }
+ : data;
+ if ("hash" in res) {
+ return Object.assign(Object.assign({}, res), { hash: prepareAlgorithm(res.hash) });
+ }
+ return res;
+}
+class CryptoEngine extends AbstractCryptoEngine {
+ importKey(format, keyData, algorithm, extractable, keyUsages) {
+ var _a, _b, _c, _d, _e, _f;
+ return __awaiter(this, void 0, void 0, function* () {
+ let jwk = {};
+ const alg = prepareAlgorithm(algorithm);
+ switch (format.toLowerCase()) {
+ case "raw":
+ return this.subtle.importKey("raw", keyData, algorithm, extractable, keyUsages);
+ case "spki":
+ {
+ const asn1 = fromBER(BufferSourceConverter.toArrayBuffer(keyData));
+ AsnError.assert(asn1, "keyData");
+ const publicKeyInfo = new PublicKeyInfo();
+ try {
+ publicKeyInfo.fromSchema(asn1.result);
+ }
+ catch (_g) {
+ throw new ArgumentError("Incorrect keyData");
+ }
+ switch (alg.name.toUpperCase()) {
+ case "RSA-PSS":
+ {
+ if (!alg.hash) {
+ throw new ParameterError("hash", "algorithm.hash", "Incorrect hash algorithm: Hash algorithm is missed");
+ }
+ switch (alg.hash.name.toUpperCase()) {
+ case "SHA-1":
+ jwk.alg = "PS1";
+ break;
+ case "SHA-256":
+ jwk.alg = "PS256";
+ break;
+ case "SHA-384":
+ jwk.alg = "PS384";
+ break;
+ case "SHA-512":
+ jwk.alg = "PS512";
+ break;
+ default:
+ throw new Error(`Incorrect hash algorithm: ${alg.hash.name.toUpperCase()}`);
+ }
+ }
+ case "RSASSA-PKCS1-V1_5":
+ {
+ keyUsages = ["verify"];
+ jwk.kty = "RSA";
+ jwk.ext = extractable;
+ jwk.key_ops = keyUsages;
+ if (publicKeyInfo.algorithm.algorithmId !== "1.2.840.113549.1.1.1")
+ throw new Error(`Incorrect public key algorithm: ${publicKeyInfo.algorithm.algorithmId}`);
+ if (!jwk.alg) {
+ if (!alg.hash) {
+ throw new ParameterError("hash", "algorithm.hash", "Incorrect hash algorithm: Hash algorithm is missed");
+ }
+ switch (alg.hash.name.toUpperCase()) {
+ case "SHA-1":
+ jwk.alg = "RS1";
+ break;
+ case "SHA-256":
+ jwk.alg = "RS256";
+ break;
+ case "SHA-384":
+ jwk.alg = "RS384";
+ break;
+ case "SHA-512":
+ jwk.alg = "RS512";
+ break;
+ default:
+ throw new Error(`Incorrect hash algorithm: ${alg.hash.name.toUpperCase()}`);
+ }
+ }
+ const publicKeyJSON = publicKeyInfo.toJSON();
+ Object.assign(jwk, publicKeyJSON);
+ }
+ break;
+ case "ECDSA":
+ keyUsages = ["verify"];
+ case "ECDH":
+ {
+ jwk = {
+ kty: "EC",
+ ext: extractable,
+ key_ops: keyUsages
+ };
+ if (publicKeyInfo.algorithm.algorithmId !== "1.2.840.10045.2.1") {
+ throw new Error(`Incorrect public key algorithm: ${publicKeyInfo.algorithm.algorithmId}`);
+ }
+ const publicKeyJSON = publicKeyInfo.toJSON();
+ Object.assign(jwk, publicKeyJSON);
+ }
+ break;
+ case "RSA-OAEP":
+ {
+ jwk.kty = "RSA";
+ jwk.ext = extractable;
+ jwk.key_ops = keyUsages;
+ if (this.name.toLowerCase() === "safari")
+ jwk.alg = "RSA-OAEP";
+ else {
+ if (!alg.hash) {
+ throw new ParameterError("hash", "algorithm.hash", "Incorrect hash algorithm: Hash algorithm is missed");
+ }
+ switch (alg.hash.name.toUpperCase()) {
+ case "SHA-1":
+ jwk.alg = "RSA-OAEP";
+ break;
+ case "SHA-256":
+ jwk.alg = "RSA-OAEP-256";
+ break;
+ case "SHA-384":
+ jwk.alg = "RSA-OAEP-384";
+ break;
+ case "SHA-512":
+ jwk.alg = "RSA-OAEP-512";
+ break;
+ default:
+ throw new Error(`Incorrect hash algorithm: ${alg.hash.name.toUpperCase()}`);
+ }
+ }
+ const publicKeyJSON = publicKeyInfo.toJSON();
+ Object.assign(jwk, publicKeyJSON);
+ }
+ break;
+ case "RSAES-PKCS1-V1_5":
+ {
+ jwk.kty = "RSA";
+ jwk.ext = extractable;
+ jwk.key_ops = keyUsages;
+ jwk.alg = "PS1";
+ const publicKeyJSON = publicKeyInfo.toJSON();
+ Object.assign(jwk, publicKeyJSON);
+ }
+ break;
+ default:
+ throw new Error(`Incorrect algorithm name: ${alg.name.toUpperCase()}`);
+ }
+ }
+ break;
+ case "pkcs8":
+ {
+ const privateKeyInfo = new PrivateKeyInfo();
+ const asn1 = fromBER(BufferSourceConverter.toArrayBuffer(keyData));
+ AsnError.assert(asn1, "keyData");
+ try {
+ privateKeyInfo.fromSchema(asn1.result);
+ }
+ catch (ex) {
+ throw new Error("Incorrect keyData");
+ }
+ if (!privateKeyInfo.parsedKey)
+ throw new Error("Incorrect keyData");
+ switch (alg.name.toUpperCase()) {
+ case "RSA-PSS":
+ {
+ switch ((_a = alg.hash) === null || _a === void 0 ? void 0 : _a.name.toUpperCase()) {
+ case "SHA-1":
+ jwk.alg = "PS1";
+ break;
+ case "SHA-256":
+ jwk.alg = "PS256";
+ break;
+ case "SHA-384":
+ jwk.alg = "PS384";
+ break;
+ case "SHA-512":
+ jwk.alg = "PS512";
+ break;
+ default:
+ throw new Error(`Incorrect hash algorithm: ${(_b = alg.hash) === null || _b === void 0 ? void 0 : _b.name.toUpperCase()}`);
+ }
+ }
+ case "RSASSA-PKCS1-V1_5":
+ {
+ keyUsages = ["sign"];
+ jwk.kty = "RSA";
+ jwk.ext = extractable;
+ jwk.key_ops = keyUsages;
+ if (privateKeyInfo.privateKeyAlgorithm.algorithmId !== "1.2.840.113549.1.1.1")
+ throw new Error(`Incorrect private key algorithm: ${privateKeyInfo.privateKeyAlgorithm.algorithmId}`);
+ if (("alg" in jwk) === false) {
+ switch ((_c = alg.hash) === null || _c === void 0 ? void 0 : _c.name.toUpperCase()) {
+ case "SHA-1":
+ jwk.alg = "RS1";
+ break;
+ case "SHA-256":
+ jwk.alg = "RS256";
+ break;
+ case "SHA-384":
+ jwk.alg = "RS384";
+ break;
+ case "SHA-512":
+ jwk.alg = "RS512";
+ break;
+ default:
+ throw new Error(`Incorrect hash algorithm: ${(_d = alg.hash) === null || _d === void 0 ? void 0 : _d.name.toUpperCase()}`);
+ }
+ }
+ const privateKeyJSON = privateKeyInfo.toJSON();
+ Object.assign(jwk, privateKeyJSON);
+ }
+ break;
+ case "ECDSA":
+ keyUsages = ["sign"];
+ case "ECDH":
+ {
+ jwk = {
+ kty: "EC",
+ ext: extractable,
+ key_ops: keyUsages
+ };
+ if (privateKeyInfo.privateKeyAlgorithm.algorithmId !== "1.2.840.10045.2.1")
+ throw new Error(`Incorrect algorithm: ${privateKeyInfo.privateKeyAlgorithm.algorithmId}`);
+ const privateKeyJSON = privateKeyInfo.toJSON();
+ Object.assign(jwk, privateKeyJSON);
+ }
+ break;
+ case "RSA-OAEP":
+ {
+ jwk.kty = "RSA";
+ jwk.ext = extractable;
+ jwk.key_ops = keyUsages;
+ if (this.name.toLowerCase() === "safari")
+ jwk.alg = "RSA-OAEP";
+ else {
+ switch ((_e = alg.hash) === null || _e === void 0 ? void 0 : _e.name.toUpperCase()) {
+ case "SHA-1":
+ jwk.alg = "RSA-OAEP";
+ break;
+ case "SHA-256":
+ jwk.alg = "RSA-OAEP-256";
+ break;
+ case "SHA-384":
+ jwk.alg = "RSA-OAEP-384";
+ break;
+ case "SHA-512":
+ jwk.alg = "RSA-OAEP-512";
+ break;
+ default:
+ throw new Error(`Incorrect hash algorithm: ${(_f = alg.hash) === null || _f === void 0 ? void 0 : _f.name.toUpperCase()}`);
+ }
+ }
+ const privateKeyJSON = privateKeyInfo.toJSON();
+ Object.assign(jwk, privateKeyJSON);
+ }
+ break;
+ case "RSAES-PKCS1-V1_5":
+ {
+ keyUsages = ["decrypt"];
+ jwk.kty = "RSA";
+ jwk.ext = extractable;
+ jwk.key_ops = keyUsages;
+ jwk.alg = "PS1";
+ const privateKeyJSON = privateKeyInfo.toJSON();
+ Object.assign(jwk, privateKeyJSON);
+ }
+ break;
+ default:
+ throw new Error(`Incorrect algorithm name: ${alg.name.toUpperCase()}`);
+ }
+ }
+ break;
+ case "jwk":
+ jwk = keyData;
+ break;
+ default:
+ throw new Error(`Incorrect format: ${format}`);
+ }
+ if (this.name.toLowerCase() === "safari") {
+ try {
+ return this.subtle.importKey("jwk", stringToArrayBuffer(JSON.stringify(jwk)), algorithm, extractable, keyUsages);
+ }
+ catch (_h) {
+ return this.subtle.importKey("jwk", jwk, algorithm, extractable, keyUsages);
+ }
+ }
+ return this.subtle.importKey("jwk", jwk, algorithm, extractable, keyUsages);
+ });
+ }
+ exportKey(format, key) {
+ return __awaiter(this, void 0, void 0, function* () {
+ let jwk = yield this.subtle.exportKey("jwk", key);
+ if (this.name.toLowerCase() === "safari") {
+ if (jwk instanceof ArrayBuffer) {
+ jwk = JSON.parse(arrayBufferToString(jwk));
+ }
+ }
+ switch (format.toLowerCase()) {
+ case "raw":
+ return this.subtle.exportKey("raw", key);
+ case "spki": {
+ const publicKeyInfo = new PublicKeyInfo();
+ try {
+ publicKeyInfo.fromJSON(jwk);
+ }
+ catch (ex) {
+ throw new Error("Incorrect key data");
+ }
+ return publicKeyInfo.toSchema().toBER(false);
+ }
+ case "pkcs8": {
+ const privateKeyInfo = new PrivateKeyInfo();
+ try {
+ privateKeyInfo.fromJSON(jwk);
+ }
+ catch (ex) {
+ throw new Error("Incorrect key data");
+ }
+ return privateKeyInfo.toSchema().toBER(false);
+ }
+ case "jwk":
+ return jwk;
+ default:
+ throw new Error(`Incorrect format: ${format}`);
+ }
+ });
+ }
+ convert(inputFormat, outputFormat, keyData, algorithm, extractable, keyUsages) {
+ return __awaiter(this, void 0, void 0, function* () {
+ if (inputFormat.toLowerCase() === outputFormat.toLowerCase()) {
+ return keyData;
+ }
+ const key = yield this.importKey(inputFormat, keyData, algorithm, extractable, keyUsages);
+ return this.exportKey(outputFormat, key);
+ });
+ }
+ getAlgorithmByOID(oid, safety = false, target) {
+ switch (oid) {
+ case "1.2.840.113549.1.1.1":
+ return {
+ name: "RSAES-PKCS1-v1_5"
+ };
+ case "1.2.840.113549.1.1.5":
+ return {
+ name: "RSASSA-PKCS1-v1_5",
+ hash: {
+ name: "SHA-1"
+ }
+ };
+ case "1.2.840.113549.1.1.11":
+ return {
+ name: "RSASSA-PKCS1-v1_5",
+ hash: {
+ name: "SHA-256"
+ }
+ };
+ case "1.2.840.113549.1.1.12":
+ return {
+ name: "RSASSA-PKCS1-v1_5",
+ hash: {
+ name: "SHA-384"
+ }
+ };
+ case "1.2.840.113549.1.1.13":
+ return {
+ name: "RSASSA-PKCS1-v1_5",
+ hash: {
+ name: "SHA-512"
+ }
+ };
+ case "1.2.840.113549.1.1.10":
+ return {
+ name: "RSA-PSS"
+ };
+ case "1.2.840.113549.1.1.7":
+ return {
+ name: "RSA-OAEP"
+ };
+ case "1.2.840.10045.2.1":
+ case "1.2.840.10045.4.1":
+ return {
+ name: "ECDSA",
+ hash: {
+ name: "SHA-1"
+ }
+ };
+ case "1.2.840.10045.4.3.2":
+ return {
+ name: "ECDSA",
+ hash: {
+ name: "SHA-256"
+ }
+ };
+ case "1.2.840.10045.4.3.3":
+ return {
+ name: "ECDSA",
+ hash: {
+ name: "SHA-384"
+ }
+ };
+ case "1.2.840.10045.4.3.4":
+ return {
+ name: "ECDSA",
+ hash: {
+ name: "SHA-512"
+ }
+ };
+ case "1.3.133.16.840.63.0.2":
+ return {
+ name: "ECDH",
+ kdf: "SHA-1"
+ };
+ case "1.3.132.1.11.1":
+ return {
+ name: "ECDH",
+ kdf: "SHA-256"
+ };
+ case "1.3.132.1.11.2":
+ return {
+ name: "ECDH",
+ kdf: "SHA-384"
+ };
+ case "1.3.132.1.11.3":
+ return {
+ name: "ECDH",
+ kdf: "SHA-512"
+ };
+ case "2.16.840.1.101.3.4.1.2":
+ return {
+ name: "AES-CBC",
+ length: 128
+ };
+ case "2.16.840.1.101.3.4.1.22":
+ return {
+ name: "AES-CBC",
+ length: 192
+ };
+ case "2.16.840.1.101.3.4.1.42":
+ return {
+ name: "AES-CBC",
+ length: 256
+ };
+ case "2.16.840.1.101.3.4.1.6":
+ return {
+ name: "AES-GCM",
+ length: 128
+ };
+ case "2.16.840.1.101.3.4.1.26":
+ return {
+ name: "AES-GCM",
+ length: 192
+ };
+ case "2.16.840.1.101.3.4.1.46":
+ return {
+ name: "AES-GCM",
+ length: 256
+ };
+ case "2.16.840.1.101.3.4.1.4":
+ return {
+ name: "AES-CFB",
+ length: 128
+ };
+ case "2.16.840.1.101.3.4.1.24":
+ return {
+ name: "AES-CFB",
+ length: 192
+ };
+ case "2.16.840.1.101.3.4.1.44":
+ return {
+ name: "AES-CFB",
+ length: 256
+ };
+ case "2.16.840.1.101.3.4.1.5":
+ return {
+ name: "AES-KW",
+ length: 128
+ };
+ case "2.16.840.1.101.3.4.1.25":
+ return {
+ name: "AES-KW",
+ length: 192
+ };
+ case "2.16.840.1.101.3.4.1.45":
+ return {
+ name: "AES-KW",
+ length: 256
+ };
+ case "1.2.840.113549.2.7":
+ return {
+ name: "HMAC",
+ hash: {
+ name: "SHA-1"
+ }
+ };
+ case "1.2.840.113549.2.9":
+ return {
+ name: "HMAC",
+ hash: {
+ name: "SHA-256"
+ }
+ };
+ case "1.2.840.113549.2.10":
+ return {
+ name: "HMAC",
+ hash: {
+ name: "SHA-384"
+ }
+ };
+ case "1.2.840.113549.2.11":
+ return {
+ name: "HMAC",
+ hash: {
+ name: "SHA-512"
+ }
+ };
+ case "1.2.840.113549.1.9.16.3.5":
+ return {
+ name: "DH"
+ };
+ case "1.3.14.3.2.26":
+ return {
+ name: "SHA-1"
+ };
+ case "2.16.840.1.101.3.4.2.1":
+ return {
+ name: "SHA-256"
+ };
+ case "2.16.840.1.101.3.4.2.2":
+ return {
+ name: "SHA-384"
+ };
+ case "2.16.840.1.101.3.4.2.3":
+ return {
+ name: "SHA-512"
+ };
+ case "1.2.840.113549.1.5.12":
+ return {
+ name: "PBKDF2"
+ };
+ case "1.2.840.10045.3.1.7":
+ return {
+ name: "P-256"
+ };
+ case "1.3.132.0.34":
+ return {
+ name: "P-384"
+ };
+ case "1.3.132.0.35":
+ return {
+ name: "P-521"
+ };
+ }
+ if (safety) {
+ throw new Error(`Unsupported algorithm identifier ${target ? `for ${target} ` : EMPTY_STRING}: ${oid}`);
+ }
+ return {};
+ }
+ getOIDByAlgorithm(algorithm, safety = false, target) {
+ let result = EMPTY_STRING;
+ switch (algorithm.name.toUpperCase()) {
+ case "RSAES-PKCS1-V1_5":
+ result = "1.2.840.113549.1.1.1";
+ break;
+ case "RSASSA-PKCS1-V1_5":
+ switch (algorithm.hash.name.toUpperCase()) {
+ case "SHA-1":
+ result = "1.2.840.113549.1.1.5";
+ break;
+ case "SHA-256":
+ result = "1.2.840.113549.1.1.11";
+ break;
+ case "SHA-384":
+ result = "1.2.840.113549.1.1.12";
+ break;
+ case "SHA-512":
+ result = "1.2.840.113549.1.1.13";
+ break;
+ }
+ break;
+ case "RSA-PSS":
+ result = "1.2.840.113549.1.1.10";
+ break;
+ case "RSA-OAEP":
+ result = "1.2.840.113549.1.1.7";
+ break;
+ case "ECDSA":
+ switch (algorithm.hash.name.toUpperCase()) {
+ case "SHA-1":
+ result = "1.2.840.10045.4.1";
+ break;
+ case "SHA-256":
+ result = "1.2.840.10045.4.3.2";
+ break;
+ case "SHA-384":
+ result = "1.2.840.10045.4.3.3";
+ break;
+ case "SHA-512":
+ result = "1.2.840.10045.4.3.4";
+ break;
+ }
+ break;
+ case "ECDH":
+ switch (algorithm.kdf.toUpperCase()) {
+ case "SHA-1":
+ result = "1.3.133.16.840.63.0.2";
+ break;
+ case "SHA-256":
+ result = "1.3.132.1.11.1";
+ break;
+ case "SHA-384":
+ result = "1.3.132.1.11.2";
+ break;
+ case "SHA-512":
+ result = "1.3.132.1.11.3";
+ break;
+ }
+ break;
+ case "AES-CTR":
+ break;
+ case "AES-CBC":
+ switch (algorithm.length) {
+ case 128:
+ result = "2.16.840.1.101.3.4.1.2";
+ break;
+ case 192:
+ result = "2.16.840.1.101.3.4.1.22";
+ break;
+ case 256:
+ result = "2.16.840.1.101.3.4.1.42";
+ break;
+ }
+ break;
+ case "AES-CMAC":
+ break;
+ case "AES-GCM":
+ switch (algorithm.length) {
+ case 128:
+ result = "2.16.840.1.101.3.4.1.6";
+ break;
+ case 192:
+ result = "2.16.840.1.101.3.4.1.26";
+ break;
+ case 256:
+ result = "2.16.840.1.101.3.4.1.46";
+ break;
+ }
+ break;
+ case "AES-CFB":
+ switch (algorithm.length) {
+ case 128:
+ result = "2.16.840.1.101.3.4.1.4";
+ break;
+ case 192:
+ result = "2.16.840.1.101.3.4.1.24";
+ break;
+ case 256:
+ result = "2.16.840.1.101.3.4.1.44";
+ break;
+ }
+ break;
+ case "AES-KW":
+ switch (algorithm.length) {
+ case 128:
+ result = "2.16.840.1.101.3.4.1.5";
+ break;
+ case 192:
+ result = "2.16.840.1.101.3.4.1.25";
+ break;
+ case 256:
+ result = "2.16.840.1.101.3.4.1.45";
+ break;
+ }
+ break;
+ case "HMAC":
+ switch (algorithm.hash.name.toUpperCase()) {
+ case "SHA-1":
+ result = "1.2.840.113549.2.7";
+ break;
+ case "SHA-256":
+ result = "1.2.840.113549.2.9";
+ break;
+ case "SHA-384":
+ result = "1.2.840.113549.2.10";
+ break;
+ case "SHA-512":
+ result = "1.2.840.113549.2.11";
+ break;
+ }
+ break;
+ case "DH":
+ result = "1.2.840.113549.1.9.16.3.5";
+ break;
+ case "SHA-1":
+ result = "1.3.14.3.2.26";
+ break;
+ case "SHA-256":
+ result = "2.16.840.1.101.3.4.2.1";
+ break;
+ case "SHA-384":
+ result = "2.16.840.1.101.3.4.2.2";
+ break;
+ case "SHA-512":
+ result = "2.16.840.1.101.3.4.2.3";
+ break;
+ case "CONCAT":
+ break;
+ case "HKDF":
+ break;
+ case "PBKDF2":
+ result = "1.2.840.113549.1.5.12";
+ break;
+ case "P-256":
+ result = "1.2.840.10045.3.1.7";
+ break;
+ case "P-384":
+ result = "1.3.132.0.34";
+ break;
+ case "P-521":
+ result = "1.3.132.0.35";
+ break;
+ }
+ if (!result && safety) {
+ throw new Error(`Unsupported algorithm ${target ? `for ${target} ` : EMPTY_STRING}: ${algorithm.name}`);
+ }
+ return result;
+ }
+ getAlgorithmParameters(algorithmName, operation) {
+ let result = {
+ algorithm: {},
+ usages: []
+ };
+ switch (algorithmName.toUpperCase()) {
+ case "RSAES-PKCS1-V1_5":
+ case "RSASSA-PKCS1-V1_5":
+ switch (operation.toLowerCase()) {
+ case "generatekey":
+ result = {
+ algorithm: {
+ name: "RSASSA-PKCS1-v1_5",
+ modulusLength: 2048,
+ publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+ hash: {
+ name: "SHA-256"
+ }
+ },
+ usages: ["sign", "verify"]
+ };
+ break;
+ case "verify":
+ case "sign":
+ case "importkey":
+ result = {
+ algorithm: {
+ name: "RSASSA-PKCS1-v1_5",
+ hash: {
+ name: "SHA-256"
+ }
+ },
+ usages: ["verify"]
+ };
+ break;
+ case "exportkey":
+ default:
+ return {
+ algorithm: {
+ name: "RSASSA-PKCS1-v1_5"
+ },
+ usages: []
+ };
+ }
+ break;
+ case "RSA-PSS":
+ switch (operation.toLowerCase()) {
+ case "sign":
+ case "verify":
+ result = {
+ algorithm: {
+ name: "RSA-PSS",
+ hash: {
+ name: "SHA-1"
+ },
+ saltLength: 20
+ },
+ usages: ["sign", "verify"]
+ };
+ break;
+ case "generatekey":
+ result = {
+ algorithm: {
+ name: "RSA-PSS",
+ modulusLength: 2048,
+ publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+ hash: {
+ name: "SHA-1"
+ }
+ },
+ usages: ["sign", "verify"]
+ };
+ break;
+ case "importkey":
+ result = {
+ algorithm: {
+ name: "RSA-PSS",
+ hash: {
+ name: "SHA-1"
+ }
+ },
+ usages: ["verify"]
+ };
+ break;
+ case "exportkey":
+ default:
+ return {
+ algorithm: {
+ name: "RSA-PSS"
+ },
+ usages: []
+ };
+ }
+ break;
+ case "RSA-OAEP":
+ switch (operation.toLowerCase()) {
+ case "encrypt":
+ case "decrypt":
+ result = {
+ algorithm: {
+ name: "RSA-OAEP"
+ },
+ usages: ["encrypt", "decrypt"]
+ };
+ break;
+ case "generatekey":
+ result = {
+ algorithm: {
+ name: "RSA-OAEP",
+ modulusLength: 2048,
+ publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+ hash: {
+ name: "SHA-256"
+ }
+ },
+ usages: ["encrypt", "decrypt", "wrapKey", "unwrapKey"]
+ };
+ break;
+ case "importkey":
+ result = {
+ algorithm: {
+ name: "RSA-OAEP",
+ hash: {
+ name: "SHA-256"
+ }
+ },
+ usages: ["encrypt"]
+ };
+ break;
+ case "exportkey":
+ default:
+ return {
+ algorithm: {
+ name: "RSA-OAEP"
+ },
+ usages: []
+ };
+ }
+ break;
+ case "ECDSA":
+ switch (operation.toLowerCase()) {
+ case "generatekey":
+ result = {
+ algorithm: {
+ name: "ECDSA",
+ namedCurve: "P-256"
+ },
+ usages: ["sign", "verify"]
+ };
+ break;
+ case "importkey":
+ result = {
+ algorithm: {
+ name: "ECDSA",
+ namedCurve: "P-256"
+ },
+ usages: ["verify"]
+ };
+ break;
+ case "verify":
+ case "sign":
+ result = {
+ algorithm: {
+ name: "ECDSA",
+ hash: {
+ name: "SHA-256"
+ }
+ },
+ usages: ["sign"]
+ };
+ break;
+ default:
+ return {
+ algorithm: {
+ name: "ECDSA"
+ },
+ usages: []
+ };
+ }
+ break;
+ case "ECDH":
+ switch (operation.toLowerCase()) {
+ case "exportkey":
+ case "importkey":
+ case "generatekey":
+ result = {
+ algorithm: {
+ name: "ECDH",
+ namedCurve: "P-256"
+ },
+ usages: ["deriveKey", "deriveBits"]
+ };
+ break;
+ case "derivekey":
+ case "derivebits":
+ result = {
+ algorithm: {
+ name: "ECDH",
+ namedCurve: "P-256",
+ public: []
+ },
+ usages: ["encrypt", "decrypt"]
+ };
+ break;
+ default:
+ return {
+ algorithm: {
+ name: "ECDH"
+ },
+ usages: []
+ };
+ }
+ break;
+ case "AES-CTR":
+ switch (operation.toLowerCase()) {
+ case "importkey":
+ case "exportkey":
+ case "generatekey":
+ result = {
+ algorithm: {
+ name: "AES-CTR",
+ length: 256
+ },
+ usages: ["encrypt", "decrypt", "wrapKey", "unwrapKey"]
+ };
+ break;
+ case "decrypt":
+ case "encrypt":
+ result = {
+ algorithm: {
+ name: "AES-CTR",
+ counter: new Uint8Array(16),
+ length: 10
+ },
+ usages: ["encrypt", "decrypt", "wrapKey", "unwrapKey"]
+ };
+ break;
+ default:
+ return {
+ algorithm: {
+ name: "AES-CTR"
+ },
+ usages: []
+ };
+ }
+ break;
+ case "AES-CBC":
+ switch (operation.toLowerCase()) {
+ case "importkey":
+ case "exportkey":
+ case "generatekey":
+ result = {
+ algorithm: {
+ name: "AES-CBC",
+ length: 256
+ },
+ usages: ["encrypt", "decrypt", "wrapKey", "unwrapKey"]
+ };
+ break;
+ case "decrypt":
+ case "encrypt":
+ result = {
+ algorithm: {
+ name: "AES-CBC",
+ iv: this.getRandomValues(new Uint8Array(16))
+ },
+ usages: ["encrypt", "decrypt", "wrapKey", "unwrapKey"]
+ };
+ break;
+ default:
+ return {
+ algorithm: {
+ name: "AES-CBC"
+ },
+ usages: []
+ };
+ }
+ break;
+ case "AES-GCM":
+ switch (operation.toLowerCase()) {
+ case "importkey":
+ case "exportkey":
+ case "generatekey":
+ result = {
+ algorithm: {
+ name: "AES-GCM",
+ length: 256
+ },
+ usages: ["encrypt", "decrypt", "wrapKey", "unwrapKey"]
+ };
+ break;
+ case "decrypt":
+ case "encrypt":
+ result = {
+ algorithm: {
+ name: "AES-GCM",
+ iv: this.getRandomValues(new Uint8Array(16))
+ },
+ usages: ["encrypt", "decrypt", "wrapKey", "unwrapKey"]
+ };
+ break;
+ default:
+ return {
+ algorithm: {
+ name: "AES-GCM"
+ },
+ usages: []
+ };
+ }
+ break;
+ case "AES-KW":
+ switch (operation.toLowerCase()) {
+ case "importkey":
+ case "exportkey":
+ case "generatekey":
+ case "wrapkey":
+ case "unwrapkey":
+ result = {
+ algorithm: {
+ name: "AES-KW",
+ length: 256
+ },
+ usages: ["wrapKey", "unwrapKey"]
+ };
+ break;
+ default:
+ return {
+ algorithm: {
+ name: "AES-KW"
+ },
+ usages: []
+ };
+ }
+ break;
+ case "HMAC":
+ switch (operation.toLowerCase()) {
+ case "sign":
+ case "verify":
+ result = {
+ algorithm: {
+ name: "HMAC"
+ },
+ usages: ["sign", "verify"]
+ };
+ break;
+ case "importkey":
+ case "exportkey":
+ case "generatekey":
+ result = {
+ algorithm: {
+ name: "HMAC",
+ length: 32,
+ hash: {
+ name: "SHA-256"
+ }
+ },
+ usages: ["sign", "verify"]
+ };
+ break;
+ default:
+ return {
+ algorithm: {
+ name: "HMAC"
+ },
+ usages: []
+ };
+ }
+ break;
+ case "HKDF":
+ switch (operation.toLowerCase()) {
+ case "derivekey":
+ result = {
+ algorithm: {
+ name: "HKDF",
+ hash: "SHA-256",
+ salt: new Uint8Array([]),
+ info: new Uint8Array([])
+ },
+ usages: ["encrypt", "decrypt"]
+ };
+ break;
+ default:
+ return {
+ algorithm: {
+ name: "HKDF"
+ },
+ usages: []
+ };
+ }
+ break;
+ case "PBKDF2":
+ switch (operation.toLowerCase()) {
+ case "derivekey":
+ result = {
+ algorithm: {
+ name: "PBKDF2",
+ hash: { name: "SHA-256" },
+ salt: new Uint8Array([]),
+ iterations: 10000
+ },
+ usages: ["encrypt", "decrypt"]
+ };
+ break;
+ default:
+ return {
+ algorithm: {
+ name: "PBKDF2"
+ },
+ usages: []
+ };
+ }
+ break;
+ }
+ return result;
+ }
+ getHashAlgorithm(signatureAlgorithm) {
+ let result = EMPTY_STRING;
+ switch (signatureAlgorithm.algorithmId) {
+ case "1.2.840.10045.4.1":
+ case "1.2.840.113549.1.1.5":
+ result = "SHA-1";
+ break;
+ case "1.2.840.10045.4.3.2":
+ case "1.2.840.113549.1.1.11":
+ result = "SHA-256";
+ break;
+ case "1.2.840.10045.4.3.3":
+ case "1.2.840.113549.1.1.12":
+ result = "SHA-384";
+ break;
+ case "1.2.840.10045.4.3.4":
+ case "1.2.840.113549.1.1.13":
+ result = "SHA-512";
+ break;
+ case "1.2.840.113549.1.1.10":
+ {
+ try {
+ const params = new RSASSAPSSParams({ schema: signatureAlgorithm.algorithmParams });
+ if (params.hashAlgorithm) {
+ const algorithm = this.getAlgorithmByOID(params.hashAlgorithm.algorithmId);
+ if ("name" in algorithm) {
+ result = algorithm.name;
+ }
+ else {
+ return EMPTY_STRING;
+ }
+ }
+ else
+ result = "SHA-1";
+ }
+ catch (_a) {
+ }
+ }
+ break;
+ }
+ return result;
+ }
+ encryptEncryptedContentInfo(parameters) {
+ return __awaiter(this, void 0, void 0, function* () {
+ ParameterError.assert(parameters, "password", "contentEncryptionAlgorithm", "hmacHashAlgorithm", "iterationCount", "contentToEncrypt", "contentToEncrypt", "contentType");
+ const contentEncryptionOID = this.getOIDByAlgorithm(parameters.contentEncryptionAlgorithm, true, "contentEncryptionAlgorithm");
+ const pbkdf2OID = this.getOIDByAlgorithm({
+ name: "PBKDF2"
+ }, true, "PBKDF2");
+ const hmacOID = this.getOIDByAlgorithm({
+ name: "HMAC",
+ hash: {
+ name: parameters.hmacHashAlgorithm
+ }
+ }, true, "hmacHashAlgorithm");
+ const ivBuffer = new ArrayBuffer(16);
+ const ivView = new Uint8Array(ivBuffer);
+ this.getRandomValues(ivView);
+ const saltBuffer = new ArrayBuffer(64);
+ const saltView = new Uint8Array(saltBuffer);
+ this.getRandomValues(saltView);
+ const contentView = new Uint8Array(parameters.contentToEncrypt);
+ const pbkdf2Params = new PBKDF2Params({
+ salt: new OctetString({ valueHex: saltBuffer }),
+ iterationCount: parameters.iterationCount,
+ prf: new AlgorithmIdentifier({
+ algorithmId: hmacOID,
+ algorithmParams: new Null()
+ })
+ });
+ const passwordView = new Uint8Array(parameters.password);
+ const pbkdfKey = yield this.importKey("raw", passwordView, "PBKDF2", false, ["deriveKey"]);
+ const derivedKey = yield this.deriveKey({
+ name: "PBKDF2",
+ hash: {
+ name: parameters.hmacHashAlgorithm
+ },
+ salt: saltView,
+ iterations: parameters.iterationCount
+ }, pbkdfKey, parameters.contentEncryptionAlgorithm, false, ["encrypt"]);
+ const encryptedData = yield this.encrypt({
+ name: parameters.contentEncryptionAlgorithm.name,
+ iv: ivView
+ }, derivedKey, contentView);
+ const pbes2Parameters = new PBES2Params({
+ keyDerivationFunc: new AlgorithmIdentifier({
+ algorithmId: pbkdf2OID,
+ algorithmParams: pbkdf2Params.toSchema()
+ }),
+ encryptionScheme: new AlgorithmIdentifier({
+ algorithmId: contentEncryptionOID,
+ algorithmParams: new OctetString({ valueHex: ivBuffer })
+ })
+ });
+ return new EncryptedContentInfo({
+ contentType: parameters.contentType,
+ contentEncryptionAlgorithm: new AlgorithmIdentifier({
+ algorithmId: "1.2.840.113549.1.5.13",
+ algorithmParams: pbes2Parameters.toSchema()
+ }),
+ encryptedContent: new OctetString({ valueHex: encryptedData })
+ });
+ });
+ }
+ decryptEncryptedContentInfo(parameters) {
+ return __awaiter(this, void 0, void 0, function* () {
+ ParameterError.assert(parameters, "password", "encryptedContentInfo");
+ if (parameters.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId !== "1.2.840.113549.1.5.13")
+ throw new Error(`Unknown "contentEncryptionAlgorithm": ${parameters.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId}`);
+ let pbes2Parameters;
+ try {
+ pbes2Parameters = new PBES2Params({ schema: parameters.encryptedContentInfo.contentEncryptionAlgorithm.algorithmParams });
+ }
+ catch (ex) {
+ throw new Error("Incorrectly encoded \"pbes2Parameters\"");
+ }
+ let pbkdf2Params;
+ try {
+ pbkdf2Params = new PBKDF2Params({ schema: pbes2Parameters.keyDerivationFunc.algorithmParams });
+ }
+ catch (ex) {
+ throw new Error("Incorrectly encoded \"pbkdf2Params\"");
+ }
+ const contentEncryptionAlgorithm = this.getAlgorithmByOID(pbes2Parameters.encryptionScheme.algorithmId, true);
+ const ivBuffer = pbes2Parameters.encryptionScheme.algorithmParams.valueBlock.valueHex;
+ const ivView = new Uint8Array(ivBuffer);
+ const saltBuffer = pbkdf2Params.salt.valueBlock.valueHex;
+ const saltView = new Uint8Array(saltBuffer);
+ const iterationCount = pbkdf2Params.iterationCount;
+ let hmacHashAlgorithm = "SHA-1";
+ if (pbkdf2Params.prf) {
+ const algorithm = this.getAlgorithmByOID(pbkdf2Params.prf.algorithmId, true);
+ hmacHashAlgorithm = algorithm.hash.name;
+ }
+ const pbkdfKey = yield this.importKey("raw", parameters.password, "PBKDF2", false, ["deriveKey"]);
+ const result = yield this.deriveKey({
+ name: "PBKDF2",
+ hash: {
+ name: hmacHashAlgorithm
+ },
+ salt: saltView,
+ iterations: iterationCount
+ }, pbkdfKey, contentEncryptionAlgorithm, false, ["decrypt"]);
+ const dataBuffer = parameters.encryptedContentInfo.getEncryptedContent();
+ return this.decrypt({
+ name: contentEncryptionAlgorithm.name,
+ iv: ivView
+ }, result, dataBuffer);
+ });
+ }
+ stampDataWithPassword(parameters) {
+ return __awaiter(this, void 0, void 0, function* () {
+ if ((parameters instanceof Object) === false)
+ throw new Error("Parameters must have type \"Object\"");
+ ParameterError.assert(parameters, "password", "hashAlgorithm", "iterationCount", "salt", "contentToStamp");
+ let length;
+ switch (parameters.hashAlgorithm.toLowerCase()) {
+ case "sha-1":
+ length = 160;
+ break;
+ case "sha-256":
+ length = 256;
+ break;
+ case "sha-384":
+ length = 384;
+ break;
+ case "sha-512":
+ length = 512;
+ break;
+ default:
+ throw new Error(`Incorrect "parameters.hashAlgorithm" parameter: ${parameters.hashAlgorithm}`);
+ }
+ const hmacAlgorithm = {
+ name: "HMAC",
+ length,
+ hash: {
+ name: parameters.hashAlgorithm
+ }
+ };
+ const pkcsKey = yield makePKCS12B2Key(this, parameters.hashAlgorithm, length, parameters.password, parameters.salt, parameters.iterationCount);
+ const hmacKey = yield this.importKey("raw", new Uint8Array(pkcsKey), hmacAlgorithm, false, ["sign"]);
+ return this.sign(hmacAlgorithm, hmacKey, new Uint8Array(parameters.contentToStamp));
+ });
+ }
+ verifyDataStampedWithPassword(parameters) {
+ return __awaiter(this, void 0, void 0, function* () {
+ ParameterError.assert(parameters, "password", "hashAlgorithm", "salt", "iterationCount", "contentToVerify", "signatureToVerify");
+ let length = 0;
+ switch (parameters.hashAlgorithm.toLowerCase()) {
+ case "sha-1":
+ length = 160;
+ break;
+ case "sha-256":
+ length = 256;
+ break;
+ case "sha-384":
+ length = 384;
+ break;
+ case "sha-512":
+ length = 512;
+ break;
+ default:
+ throw new Error(`Incorrect "parameters.hashAlgorithm" parameter: ${parameters.hashAlgorithm}`);
+ }
+ const hmacAlgorithm = {
+ name: "HMAC",
+ length,
+ hash: {
+ name: parameters.hashAlgorithm
+ }
+ };
+ const pkcsKey = yield makePKCS12B2Key(this, parameters.hashAlgorithm, length, parameters.password, parameters.salt, parameters.iterationCount);
+ const hmacKey = yield this.importKey("raw", new Uint8Array(pkcsKey), hmacAlgorithm, false, ["verify"]);
+ return this.verify(hmacAlgorithm, hmacKey, new Uint8Array(parameters.signatureToVerify), new Uint8Array(parameters.contentToVerify));
+ });
+ }
+ getSignatureParameters(privateKey, hashAlgorithm = "SHA-1") {
+ return __awaiter(this, void 0, void 0, function* () {
+ this.getOIDByAlgorithm({ name: hashAlgorithm }, true, "hashAlgorithm");
+ const signatureAlgorithm = new AlgorithmIdentifier();
+ const parameters = this.getAlgorithmParameters(privateKey.algorithm.name, "sign");
+ if (!Object.keys(parameters.algorithm).length) {
+ throw new Error("Parameter 'algorithm' is empty");
+ }
+ const algorithm = parameters.algorithm;
+ algorithm.hash.name = hashAlgorithm;
+ switch (privateKey.algorithm.name.toUpperCase()) {
+ case "RSASSA-PKCS1-V1_5":
+ case "ECDSA":
+ signatureAlgorithm.algorithmId = this.getOIDByAlgorithm(algorithm, true);
+ break;
+ case "RSA-PSS":
+ {
+ switch (hashAlgorithm.toUpperCase()) {
+ case "SHA-256":
+ algorithm.saltLength = 32;
+ break;
+ case "SHA-384":
+ algorithm.saltLength = 48;
+ break;
+ case "SHA-512":
+ algorithm.saltLength = 64;
+ break;
+ }
+ const paramsObject = {};
+ if (hashAlgorithm.toUpperCase() !== "SHA-1") {
+ const hashAlgorithmOID = this.getOIDByAlgorithm({ name: hashAlgorithm }, true, "hashAlgorithm");
+ paramsObject.hashAlgorithm = new AlgorithmIdentifier({
+ algorithmId: hashAlgorithmOID,
+ algorithmParams: new Null()
+ });
+ paramsObject.maskGenAlgorithm = new AlgorithmIdentifier({
+ algorithmId: "1.2.840.113549.1.1.8",
+ algorithmParams: paramsObject.hashAlgorithm.toSchema()
+ });
+ }
+ if (algorithm.saltLength !== 20)
+ paramsObject.saltLength = algorithm.saltLength;
+ const pssParameters = new RSASSAPSSParams(paramsObject);
+ signatureAlgorithm.algorithmId = "1.2.840.113549.1.1.10";
+ signatureAlgorithm.algorithmParams = pssParameters.toSchema();
+ }
+ break;
+ default:
+ throw new Error(`Unsupported signature algorithm: ${privateKey.algorithm.name}`);
+ }
+ return {
+ signatureAlgorithm,
+ parameters
+ };
+ });
+ }
+ signWithPrivateKey(data, privateKey, parameters) {
+ return __awaiter(this, void 0, void 0, function* () {
+ const signature = yield this.sign(parameters.algorithm, privateKey, data);
+ if (parameters.algorithm.name === "ECDSA") {
+ return createCMSECDSASignature(signature);
+ }
+ return signature;
+ });
+ }
+ fillPublicKeyParameters(publicKeyInfo, signatureAlgorithm) {
+ const parameters = {};
+ const shaAlgorithm = this.getHashAlgorithm(signatureAlgorithm);
+ if (shaAlgorithm === EMPTY_STRING)
+ throw new Error(`Unsupported signature algorithm: ${signatureAlgorithm.algorithmId}`);
+ let algorithmId;
+ if (signatureAlgorithm.algorithmId === "1.2.840.113549.1.1.10")
+ algorithmId = signatureAlgorithm.algorithmId;
+ else
+ algorithmId = publicKeyInfo.algorithm.algorithmId;
+ const algorithmObject = this.getAlgorithmByOID(algorithmId, true);
+ parameters.algorithm = this.getAlgorithmParameters(algorithmObject.name, "importKey");
+ if ("hash" in parameters.algorithm.algorithm)
+ parameters.algorithm.algorithm.hash.name = shaAlgorithm;
+ if (algorithmObject.name === "ECDSA") {
+ const publicKeyAlgorithm = publicKeyInfo.algorithm;
+ if (!publicKeyAlgorithm.algorithmParams) {
+ throw new Error("Algorithm parameters for ECDSA public key are missed");
+ }
+ const publicKeyAlgorithmParams = publicKeyAlgorithm.algorithmParams;
+ if ("idBlock" in publicKeyAlgorithm.algorithmParams) {
+ if (!((publicKeyAlgorithmParams.idBlock.tagClass === 1) && (publicKeyAlgorithmParams.idBlock.tagNumber === 6))) {
+ throw new Error("Incorrect type for ECDSA public key parameters");
+ }
+ }
+ const curveObject = this.getAlgorithmByOID(publicKeyAlgorithmParams.valueBlock.toString(), true);
+ parameters.algorithm.algorithm.namedCurve = curveObject.name;
+ }
+ return parameters;
+ }
+ getPublicKey(publicKeyInfo, signatureAlgorithm, parameters) {
+ return __awaiter(this, void 0, void 0, function* () {
+ if (!parameters) {
+ parameters = this.fillPublicKeyParameters(publicKeyInfo, signatureAlgorithm);
+ }
+ const publicKeyInfoBuffer = publicKeyInfo.toSchema().toBER(false);
+ return this.importKey("spki", publicKeyInfoBuffer, parameters.algorithm.algorithm, true, parameters.algorithm.usages);
+ });
+ }
+ verifyWithPublicKey(data, signature, publicKeyInfo, signatureAlgorithm, shaAlgorithm) {
+ return __awaiter(this, void 0, void 0, function* () {
+ let publicKey;
+ if (!shaAlgorithm) {
+ shaAlgorithm = this.getHashAlgorithm(signatureAlgorithm);
+ if (!shaAlgorithm)
+ throw new Error(`Unsupported signature algorithm: ${signatureAlgorithm.algorithmId}`);
+ publicKey = yield this.getPublicKey(publicKeyInfo, signatureAlgorithm);
+ }
+ else {
+ const parameters = {};
+ let algorithmId;
+ if (signatureAlgorithm.algorithmId === "1.2.840.113549.1.1.10")
+ algorithmId = signatureAlgorithm.algorithmId;
+ else
+ algorithmId = publicKeyInfo.algorithm.algorithmId;
+ const algorithmObject = this.getAlgorithmByOID(algorithmId, true);
+ parameters.algorithm = this.getAlgorithmParameters(algorithmObject.name, "importKey");
+ if ("hash" in parameters.algorithm.algorithm)
+ parameters.algorithm.algorithm.hash.name = shaAlgorithm;
+ if (algorithmObject.name === "ECDSA") {
+ let algorithmParamsChecked = false;
+ if (("algorithmParams" in publicKeyInfo.algorithm) === true) {
+ if ("idBlock" in publicKeyInfo.algorithm.algorithmParams) {
+ if ((publicKeyInfo.algorithm.algorithmParams.idBlock.tagClass === 1) && (publicKeyInfo.algorithm.algorithmParams.idBlock.tagNumber === 6))
+ algorithmParamsChecked = true;
+ }
+ }
+ if (algorithmParamsChecked === false) {
+ throw new Error("Incorrect type for ECDSA public key parameters");
+ }
+ const curveObject = this.getAlgorithmByOID(publicKeyInfo.algorithm.algorithmParams.valueBlock.toString(), true);
+ parameters.algorithm.algorithm.namedCurve = curveObject.name;
+ }
+ publicKey = yield this.getPublicKey(publicKeyInfo, null, parameters);
+ }
+ const algorithm = this.getAlgorithmParameters(publicKey.algorithm.name, "verify");
+ if ("hash" in algorithm.algorithm)
+ algorithm.algorithm.hash.name = shaAlgorithm;
+ let signatureValue = signature.valueBlock.valueHexView;
+ if (publicKey.algorithm.name === "ECDSA") {
+ const namedCurve = ECNamedCurves.find(publicKey.algorithm.namedCurve);
+ if (!namedCurve) {
+ throw new Error("Unsupported named curve in use");
+ }
+ const asn1 = fromBER(signatureValue);
+ AsnError.assert(asn1, "Signature value");
+ signatureValue = createECDSASignatureFromCMS(asn1.result, namedCurve.size);
+ }
+ if (publicKey.algorithm.name === "RSA-PSS") {
+ const pssParameters = new RSASSAPSSParams({ schema: signatureAlgorithm.algorithmParams });
+ if ("saltLength" in pssParameters)
+ algorithm.algorithm.saltLength = pssParameters.saltLength;
+ else
+ algorithm.algorithm.saltLength = 20;
+ let hashAlgo = "SHA-1";
+ if ("hashAlgorithm" in pssParameters) {
+ const hashAlgorithm = this.getAlgorithmByOID(pssParameters.hashAlgorithm.algorithmId, true);
+ hashAlgo = hashAlgorithm.name;
+ }
+ algorithm.algorithm.hash.name = hashAlgo;
+ }
+ return this.verify(algorithm.algorithm, publicKey, signatureValue, data);
+ });
+ }
+}
+
+let engine = {
+ name: "none",
+ crypto: null,
+};
+function isCryptoEngine(engine) {
+ return engine
+ && typeof engine === "object"
+ && "crypto" in engine
+ ? true
+ : false;
+}
+function setEngine(name, ...args) {
+ let crypto = null;
+ if (args.length < 2) {
+ if (args.length) {
+ crypto = args[0];
+ }
+ else {
+ crypto = typeof self !== "undefined" && self.crypto ? new CryptoEngine({ name: "browser", crypto: self.crypto }) : null;
+ }
+ }
+ else {
+ const cryptoArg = args[0];
+ const subtleArg = args[1];
+ if (isCryptoEngine(subtleArg)) {
+ crypto = subtleArg;
+ }
+ else if (isCryptoEngine(cryptoArg)) {
+ crypto = cryptoArg;
+ }
+ else if ("subtle" in cryptoArg && "getRandomValues" in cryptoArg) {
+ crypto = new CryptoEngine({
+ crypto: cryptoArg,
+ });
+ }
+ }
+ if ((typeof process !== "undefined") && ("pid" in process) && (typeof global !== "undefined") && (typeof window === "undefined")) {
+ if (typeof global[process.pid] === "undefined") {
+ global[process.pid] = {};
+ }
+ else {
+ if (typeof global[process.pid] !== "object") {
+ throw new Error(`Name global.${process.pid} already exists and it is not an object`);
+ }
+ }
+ if (typeof global[process.pid].pkijs === "undefined") {
+ global[process.pid].pkijs = {};
+ }
+ else {
+ if (typeof global[process.pid].pkijs !== "object") {
+ throw new Error(`Name global.${process.pid}.pkijs already exists and it is not an object`);
+ }
+ }
+ global[process.pid].pkijs.engine = {
+ name: name,
+ crypto,
+ };
+ }
+ else {
+ engine = {
+ name: name,
+ crypto,
+ };
+ }
+}
+function getEngine() {
+ if ((typeof process !== "undefined") && ("pid" in process) && (typeof global !== "undefined") && (typeof window === "undefined")) {
+ let _engine;
+ try {
+ _engine = global[process.pid].pkijs.engine;
+ }
+ catch (ex) {
+ throw new Error("Please call 'setEngine' before call to 'getEngine'");
+ }
+ return _engine;
+ }
+ return engine;
+}
+function getCrypto(safety = false) {
+ const _engine = getEngine();
+ if (!_engine.crypto && safety) {
+ throw new Error("Unable to create WebCrypto object");
+ }
+ return _engine.crypto;
+}
+function getRandomValues(view) {
+ return getCrypto(true).getRandomValues(view);
+}
+function getOIDByAlgorithm(algorithm, safety, target) {
+ return getCrypto(true).getOIDByAlgorithm(algorithm, safety, target);
+}
+function getAlgorithmParameters(algorithmName, operation) {
+ return getCrypto(true).getAlgorithmParameters(algorithmName, operation);
+}
+function createCMSECDSASignature(signatureBuffer) {
+ if ((signatureBuffer.byteLength % 2) !== 0)
+ return EMPTY_BUFFER;
+ const length = signatureBuffer.byteLength / 2;
+ const rBuffer = new ArrayBuffer(length);
+ const rView = new Uint8Array(rBuffer);
+ rView.set(new Uint8Array(signatureBuffer, 0, length));
+ const rInteger = new Integer({ valueHex: rBuffer });
+ const sBuffer = new ArrayBuffer(length);
+ const sView = new Uint8Array(sBuffer);
+ sView.set(new Uint8Array(signatureBuffer, length, length));
+ const sInteger = new Integer({ valueHex: sBuffer });
+ return (new Sequence({
+ value: [
+ rInteger.convertToDER(),
+ sInteger.convertToDER()
+ ]
+ })).toBER(false);
+}
+function createECDSASignatureFromCMS(cmsSignature, pointSize) {
+ if (!(cmsSignature instanceof Sequence
+ && cmsSignature.valueBlock.value.length === 2
+ && cmsSignature.valueBlock.value[0] instanceof Integer
+ && cmsSignature.valueBlock.value[1] instanceof Integer))
+ return EMPTY_BUFFER;
+ const rValueView = cmsSignature.valueBlock.value[0].convertFromDER().valueBlock.valueHexView;
+ const sValueView = cmsSignature.valueBlock.value[1].convertFromDER().valueBlock.valueHexView;
+ const res = new Uint8Array(pointSize * 2);
+ res.set(rValueView, pointSize - rValueView.byteLength);
+ res.set(sValueView, (2 * pointSize) - sValueView.byteLength);
+ return res.buffer;
+}
+function getAlgorithmByOID(oid, safety = false, target) {
+ return getCrypto(true).getAlgorithmByOID(oid, safety, target);
+}
+function getHashAlgorithm(signatureAlgorithm) {
+ return getCrypto(true).getHashAlgorithm(signatureAlgorithm);
+}
+function kdfWithCounter(hashFunction, zBuffer, Counter, SharedInfo, crypto) {
+ return __awaiter(this, void 0, void 0, function* () {
+ switch (hashFunction.toUpperCase()) {
+ case "SHA-1":
+ case "SHA-256":
+ case "SHA-384":
+ case "SHA-512":
+ break;
+ default:
+ throw new ArgumentError(`Unknown hash function: ${hashFunction}`);
+ }
+ ArgumentError.assert(zBuffer, "zBuffer", "ArrayBuffer");
+ if (zBuffer.byteLength === 0)
+ throw new ArgumentError("'zBuffer' has zero length, error");
+ ArgumentError.assert(SharedInfo, "SharedInfo", "ArrayBuffer");
+ if (Counter > 255)
+ throw new ArgumentError("Please set 'Counter' argument to value less or equal to 255");
+ const counterBuffer = new ArrayBuffer(4);
+ const counterView = new Uint8Array(counterBuffer);
+ counterView[0] = 0x00;
+ counterView[1] = 0x00;
+ counterView[2] = 0x00;
+ counterView[3] = Counter;
+ let combinedBuffer = EMPTY_BUFFER;
+ combinedBuffer = utilConcatBuf(combinedBuffer, zBuffer);
+ combinedBuffer = utilConcatBuf(combinedBuffer, counterBuffer);
+ combinedBuffer = utilConcatBuf(combinedBuffer, SharedInfo);
+ const result = yield crypto.digest({ name: hashFunction }, combinedBuffer);
+ return {
+ counter: Counter,
+ result
+ };
+ });
+}
+function kdf(hashFunction, Zbuffer, keydatalen, SharedInfo, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ let hashLength = 0;
+ let maxCounter = 1;
+ switch (hashFunction.toUpperCase()) {
+ case "SHA-1":
+ hashLength = 160;
+ break;
+ case "SHA-256":
+ hashLength = 256;
+ break;
+ case "SHA-384":
+ hashLength = 384;
+ break;
+ case "SHA-512":
+ hashLength = 512;
+ break;
+ default:
+ throw new ArgumentError(`Unknown hash function: ${hashFunction}`);
+ }
+ ArgumentError.assert(Zbuffer, "Zbuffer", "ArrayBuffer");
+ if (Zbuffer.byteLength === 0)
+ throw new ArgumentError("'Zbuffer' has zero length, error");
+ ArgumentError.assert(SharedInfo, "SharedInfo", "ArrayBuffer");
+ const quotient = keydatalen / hashLength;
+ if (Math.floor(quotient) > 0) {
+ maxCounter = Math.floor(quotient);
+ if ((quotient - maxCounter) > 0)
+ maxCounter++;
+ }
+ const incomingResult = [];
+ for (let i = 1; i <= maxCounter; i++)
+ incomingResult.push(yield kdfWithCounter(hashFunction, Zbuffer, i, SharedInfo, crypto));
+ let combinedBuffer = EMPTY_BUFFER;
+ let currentCounter = 1;
+ let found = true;
+ while (found) {
+ found = false;
+ for (const result of incomingResult) {
+ if (result.counter === currentCounter) {
+ combinedBuffer = utilConcatBuf(combinedBuffer, result.result);
+ found = true;
+ break;
+ }
+ }
+ currentCounter++;
+ }
+ keydatalen >>= 3;
+ if (combinedBuffer.byteLength > keydatalen) {
+ const newBuffer = new ArrayBuffer(keydatalen);
+ const newView = new Uint8Array(newBuffer);
+ const combinedView = new Uint8Array(combinedBuffer);
+ for (let i = 0; i < keydatalen; i++)
+ newView[i] = combinedView[i];
+ return newBuffer;
+ }
+ return combinedBuffer;
+ });
+}
+
+const VERSION$i = "version";
+const LOG_ID = "logID";
+const EXTENSIONS$6 = "extensions";
+const TIMESTAMP = "timestamp";
+const HASH_ALGORITHM$3 = "hashAlgorithm";
+const SIGNATURE_ALGORITHM$8 = "signatureAlgorithm";
+const SIGNATURE$7 = "signature";
+const NONE = "none";
+const MD5 = "md5";
+const SHA1 = "sha1";
+const SHA224 = "sha224";
+const SHA256 = "sha256";
+const SHA384 = "sha384";
+const SHA512 = "sha512";
+const ANONYMOUS = "anonymous";
+const RSA = "rsa";
+const DSA = "dsa";
+const ECDSA = "ecdsa";
+class SignedCertificateTimestamp extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.version = getParametersValue(parameters, VERSION$i, SignedCertificateTimestamp.defaultValues(VERSION$i));
+ this.logID = getParametersValue(parameters, LOG_ID, SignedCertificateTimestamp.defaultValues(LOG_ID));
+ this.timestamp = getParametersValue(parameters, TIMESTAMP, SignedCertificateTimestamp.defaultValues(TIMESTAMP));
+ this.extensions = getParametersValue(parameters, EXTENSIONS$6, SignedCertificateTimestamp.defaultValues(EXTENSIONS$6));
+ this.hashAlgorithm = getParametersValue(parameters, HASH_ALGORITHM$3, SignedCertificateTimestamp.defaultValues(HASH_ALGORITHM$3));
+ this.signatureAlgorithm = getParametersValue(parameters, SIGNATURE_ALGORITHM$8, SignedCertificateTimestamp.defaultValues(SIGNATURE_ALGORITHM$8));
+ this.signature = getParametersValue(parameters, SIGNATURE$7, SignedCertificateTimestamp.defaultValues(SIGNATURE$7));
+ if ("stream" in parameters && parameters.stream) {
+ this.fromStream(parameters.stream);
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VERSION$i:
+ return 0;
+ case LOG_ID:
+ case EXTENSIONS$6:
+ return EMPTY_BUFFER;
+ case TIMESTAMP:
+ return new Date(0);
+ case HASH_ALGORITHM$3:
+ case SIGNATURE_ALGORITHM$8:
+ return EMPTY_STRING;
+ case SIGNATURE$7:
+ return new Any();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ fromSchema(schema) {
+ if ((schema instanceof RawData) === false)
+ throw new Error("Object's schema was not verified against input data for SignedCertificateTimestamp");
+ const seqStream = new SeqStream({
+ stream: new ByteStream({
+ buffer: schema.data
+ })
+ });
+ this.fromStream(seqStream);
+ }
+ fromStream(stream) {
+ const blockLength = stream.getUint16();
+ this.version = (stream.getBlock(1))[0];
+ if (this.version === 0) {
+ this.logID = (new Uint8Array(stream.getBlock(32))).buffer.slice(0);
+ this.timestamp = new Date(utilFromBase(new Uint8Array(stream.getBlock(8)), 8));
+ const extensionsLength = stream.getUint16();
+ this.extensions = (new Uint8Array(stream.getBlock(extensionsLength))).buffer.slice(0);
+ switch ((stream.getBlock(1))[0]) {
+ case 0:
+ this.hashAlgorithm = NONE;
+ break;
+ case 1:
+ this.hashAlgorithm = MD5;
+ break;
+ case 2:
+ this.hashAlgorithm = SHA1;
+ break;
+ case 3:
+ this.hashAlgorithm = SHA224;
+ break;
+ case 4:
+ this.hashAlgorithm = SHA256;
+ break;
+ case 5:
+ this.hashAlgorithm = SHA384;
+ break;
+ case 6:
+ this.hashAlgorithm = SHA512;
+ break;
+ default:
+ throw new Error("Object's stream was not correct for SignedCertificateTimestamp");
+ }
+ switch ((stream.getBlock(1))[0]) {
+ case 0:
+ this.signatureAlgorithm = ANONYMOUS;
+ break;
+ case 1:
+ this.signatureAlgorithm = RSA;
+ break;
+ case 2:
+ this.signatureAlgorithm = DSA;
+ break;
+ case 3:
+ this.signatureAlgorithm = ECDSA;
+ break;
+ default:
+ throw new Error("Object's stream was not correct for SignedCertificateTimestamp");
+ }
+ const signatureLength = stream.getUint16();
+ const signatureData = new Uint8Array(stream.getBlock(signatureLength)).buffer.slice(0);
+ const asn1 = fromBER(signatureData);
+ AsnError.assert(asn1, "SignedCertificateTimestamp");
+ this.signature = asn1.result;
+ if (blockLength !== (47 + extensionsLength + signatureLength)) {
+ throw new Error("Object's stream was not correct for SignedCertificateTimestamp");
+ }
+ }
+ }
+ toSchema() {
+ const stream = this.toStream();
+ return new RawData({ data: stream.stream.buffer });
+ }
+ toStream() {
+ const stream = new SeqStream();
+ stream.appendUint16(47 + this.extensions.byteLength + this.signature.valueBeforeDecodeView.byteLength);
+ stream.appendChar(this.version);
+ stream.appendView(new Uint8Array(this.logID));
+ const timeBuffer = new ArrayBuffer(8);
+ const timeView = new Uint8Array(timeBuffer);
+ const baseArray = utilToBase(this.timestamp.valueOf(), 8);
+ timeView.set(new Uint8Array(baseArray), 8 - baseArray.byteLength);
+ stream.appendView(timeView);
+ stream.appendUint16(this.extensions.byteLength);
+ if (this.extensions.byteLength)
+ stream.appendView(new Uint8Array(this.extensions));
+ let _hashAlgorithm;
+ switch (this.hashAlgorithm.toLowerCase()) {
+ case NONE:
+ _hashAlgorithm = 0;
+ break;
+ case MD5:
+ _hashAlgorithm = 1;
+ break;
+ case SHA1:
+ _hashAlgorithm = 2;
+ break;
+ case SHA224:
+ _hashAlgorithm = 3;
+ break;
+ case SHA256:
+ _hashAlgorithm = 4;
+ break;
+ case SHA384:
+ _hashAlgorithm = 5;
+ break;
+ case SHA512:
+ _hashAlgorithm = 6;
+ break;
+ default:
+ throw new Error(`Incorrect data for hashAlgorithm: ${this.hashAlgorithm}`);
+ }
+ stream.appendChar(_hashAlgorithm);
+ let _signatureAlgorithm;
+ switch (this.signatureAlgorithm.toLowerCase()) {
+ case ANONYMOUS:
+ _signatureAlgorithm = 0;
+ break;
+ case RSA:
+ _signatureAlgorithm = 1;
+ break;
+ case DSA:
+ _signatureAlgorithm = 2;
+ break;
+ case ECDSA:
+ _signatureAlgorithm = 3;
+ break;
+ default:
+ throw new Error(`Incorrect data for signatureAlgorithm: ${this.signatureAlgorithm}`);
+ }
+ stream.appendChar(_signatureAlgorithm);
+ const _signature = this.signature.toBER(false);
+ stream.appendUint16(_signature.byteLength);
+ stream.appendView(new Uint8Array(_signature));
+ return stream;
+ }
+ toJSON() {
+ return {
+ version: this.version,
+ logID: bufferToHexCodes(this.logID),
+ timestamp: this.timestamp,
+ extensions: bufferToHexCodes(this.extensions),
+ hashAlgorithm: this.hashAlgorithm,
+ signatureAlgorithm: this.signatureAlgorithm,
+ signature: this.signature.toJSON()
+ };
+ }
+ verify(logs, data, dataType = 0, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ const logId = toBase64(arrayBufferToString(this.logID));
+ let publicKeyBase64 = null;
+ const stream = new SeqStream();
+ for (const log of logs) {
+ if (log.log_id === logId) {
+ publicKeyBase64 = log.key;
+ break;
+ }
+ }
+ if (!publicKeyBase64) {
+ throw new Error(`Public key not found for CT with logId: ${logId}`);
+ }
+ const pki = stringToArrayBuffer(fromBase64(publicKeyBase64));
+ const publicKeyInfo = PublicKeyInfo.fromBER(pki);
+ stream.appendChar(0x00);
+ stream.appendChar(0x00);
+ const timeBuffer = new ArrayBuffer(8);
+ const timeView = new Uint8Array(timeBuffer);
+ const baseArray = utilToBase(this.timestamp.valueOf(), 8);
+ timeView.set(new Uint8Array(baseArray), 8 - baseArray.byteLength);
+ stream.appendView(timeView);
+ stream.appendUint16(dataType);
+ if (dataType === 0)
+ stream.appendUint24(data.byteLength);
+ stream.appendView(new Uint8Array(data));
+ stream.appendUint16(this.extensions.byteLength);
+ if (this.extensions.byteLength !== 0)
+ stream.appendView(new Uint8Array(this.extensions));
+ return crypto.verifyWithPublicKey(stream.buffer.slice(0, stream.length), new OctetString({ valueHex: this.signature.toBER(false) }), publicKeyInfo, { algorithmId: EMPTY_STRING }, "SHA-256");
+ });
+ }
+}
+SignedCertificateTimestamp.CLASS_NAME = "SignedCertificateTimestamp";
+function verifySCTsForCertificate(certificate, issuerCertificate, logs, index = (-1), crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ let parsedValue = null;
+ const stream = new SeqStream();
+ for (let i = 0; certificate.extensions && i < certificate.extensions.length; i++) {
+ switch (certificate.extensions[i].extnID) {
+ case id_SignedCertificateTimestampList:
+ {
+ parsedValue = certificate.extensions[i].parsedValue;
+ if (!parsedValue || parsedValue.timestamps.length === 0)
+ throw new Error("Nothing to verify in the certificate");
+ certificate.extensions.splice(i, 1);
+ }
+ break;
+ }
+ }
+ if (parsedValue === null)
+ throw new Error("No SignedCertificateTimestampList extension in the specified certificate");
+ const tbs = certificate.encodeTBS().toBER();
+ const issuerId = yield crypto.digest({ name: "SHA-256" }, new Uint8Array(issuerCertificate.subjectPublicKeyInfo.toSchema().toBER(false)));
+ stream.appendView(new Uint8Array(issuerId));
+ stream.appendUint24(tbs.byteLength);
+ stream.appendView(new Uint8Array(tbs));
+ const preCert = stream.stream.slice(0, stream.length);
+ if (index === (-1)) {
+ const verifyArray = [];
+ for (const timestamp of parsedValue.timestamps) {
+ const verifyResult = yield timestamp.verify(logs, preCert.buffer, 1, crypto);
+ verifyArray.push(verifyResult);
+ }
+ return verifyArray;
+ }
+ if (index >= parsedValue.timestamps.length)
+ index = (parsedValue.timestamps.length - 1);
+ return [yield parsedValue.timestamps[index].verify(logs, preCert.buffer, 1, crypto)];
+ });
+}
+
+const TIMESTAMPS = "timestamps";
+class SignedCertificateTimestampList extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.timestamps = getParametersValue(parameters, TIMESTAMPS, SignedCertificateTimestampList.defaultValues(TIMESTAMPS));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case TIMESTAMPS:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case TIMESTAMPS:
+ return (memberValue.length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ var _a;
+ const names = getParametersValue(parameters, "names", {});
+ (_a = names.optional) !== null && _a !== void 0 ? _a : (names.optional = false);
+ return (new OctetString({
+ name: (names.blockName || "SignedCertificateTimestampList"),
+ optional: names.optional
+ }));
+ }
+ fromSchema(schema) {
+ if ((schema instanceof OctetString) === false) {
+ throw new Error("Object's schema was not verified against input data for SignedCertificateTimestampList");
+ }
+ const seqStream = new SeqStream({
+ stream: new ByteStream({
+ buffer: schema.valueBlock.valueHex
+ })
+ });
+ const dataLength = seqStream.getUint16();
+ if (dataLength !== seqStream.length) {
+ throw new Error("Object's schema was not verified against input data for SignedCertificateTimestampList");
+ }
+ while (seqStream.length) {
+ this.timestamps.push(new SignedCertificateTimestamp({ stream: seqStream }));
+ }
+ }
+ toSchema() {
+ const stream = new SeqStream();
+ let overallLength = 0;
+ const timestampsData = [];
+ for (const timestamp of this.timestamps) {
+ const timestampStream = timestamp.toStream();
+ timestampsData.push(timestampStream);
+ overallLength += timestampStream.stream.buffer.byteLength;
+ }
+ stream.appendUint16(overallLength);
+ for (const timestamp of timestampsData) {
+ stream.appendView(timestamp.stream.view);
+ }
+ return new OctetString({ valueHex: stream.stream.buffer.slice(0) });
+ }
+ toJSON() {
+ return {
+ timestamps: Array.from(this.timestamps, o => o.toJSON())
+ };
+ }
+}
+SignedCertificateTimestampList.CLASS_NAME = "SignedCertificateTimestampList";
+
+const ATTRIBUTES$4 = "attributes";
+const CLEAR_PROPS$11 = [
+ ATTRIBUTES$4
+];
+class SubjectDirectoryAttributes extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.attributes = getParametersValue(parameters, ATTRIBUTES$4, SubjectDirectoryAttributes.defaultValues(ATTRIBUTES$4));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case ATTRIBUTES$4:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Repeated({
+ name: (names.attributes || EMPTY_STRING),
+ value: Attribute.schema()
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$11);
+ const asn1 = compareSchema(schema, schema, SubjectDirectoryAttributes.schema({
+ names: {
+ attributes: ATTRIBUTES$4
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.attributes = Array.from(asn1.result.attributes, element => new Attribute({ schema: element }));
+ }
+ toSchema() {
+ return (new Sequence({
+ value: Array.from(this.attributes, o => o.toSchema())
+ }));
+ }
+ toJSON() {
+ return {
+ attributes: Array.from(this.attributes, o => o.toJSON())
+ };
+ }
+}
+SubjectDirectoryAttributes.CLASS_NAME = "SubjectDirectoryAttributes";
+
+class ExtensionValueFactory {
+ static getItems() {
+ if (!this.types) {
+ this.types = {};
+ ExtensionValueFactory.register(id_SubjectAltName, "SubjectAltName", AltName);
+ ExtensionValueFactory.register(id_IssuerAltName, "IssuerAltName", AltName);
+ ExtensionValueFactory.register(id_AuthorityKeyIdentifier, "AuthorityKeyIdentifier", AuthorityKeyIdentifier);
+ ExtensionValueFactory.register(id_BasicConstraints, "BasicConstraints", BasicConstraints);
+ ExtensionValueFactory.register(id_MicrosoftCaVersion, "MicrosoftCaVersion", CAVersion);
+ ExtensionValueFactory.register(id_CertificatePolicies, "CertificatePolicies", CertificatePolicies);
+ ExtensionValueFactory.register(id_MicrosoftAppPolicies, "CertificatePoliciesMicrosoft", CertificatePolicies);
+ ExtensionValueFactory.register(id_MicrosoftCertTemplateV2, "MicrosoftCertTemplateV2", CertificateTemplate);
+ ExtensionValueFactory.register(id_CRLDistributionPoints, "CRLDistributionPoints", CRLDistributionPoints);
+ ExtensionValueFactory.register(id_FreshestCRL, "FreshestCRL", CRLDistributionPoints);
+ ExtensionValueFactory.register(id_ExtKeyUsage, "ExtKeyUsage", ExtKeyUsage);
+ ExtensionValueFactory.register(id_CertificateIssuer, "CertificateIssuer", GeneralNames);
+ ExtensionValueFactory.register(id_AuthorityInfoAccess, "AuthorityInfoAccess", InfoAccess);
+ ExtensionValueFactory.register(id_SubjectInfoAccess, "SubjectInfoAccess", InfoAccess);
+ ExtensionValueFactory.register(id_IssuingDistributionPoint, "IssuingDistributionPoint", IssuingDistributionPoint);
+ ExtensionValueFactory.register(id_NameConstraints, "NameConstraints", NameConstraints);
+ ExtensionValueFactory.register(id_PolicyConstraints, "PolicyConstraints", PolicyConstraints);
+ ExtensionValueFactory.register(id_PolicyMappings, "PolicyMappings", PolicyMappings);
+ ExtensionValueFactory.register(id_PrivateKeyUsagePeriod, "PrivateKeyUsagePeriod", PrivateKeyUsagePeriod);
+ ExtensionValueFactory.register(id_QCStatements, "QCStatements", QCStatements);
+ ExtensionValueFactory.register(id_SignedCertificateTimestampList, "SignedCertificateTimestampList", SignedCertificateTimestampList);
+ ExtensionValueFactory.register(id_SubjectDirectoryAttributes, "SubjectDirectoryAttributes", SubjectDirectoryAttributes);
+ }
+ return this.types;
+ }
+ static fromBER(id, raw) {
+ const asn1 = fromBER(raw);
+ if (asn1.offset === -1) {
+ return null;
+ }
+ const item = this.find(id);
+ if (item) {
+ try {
+ return new item.type({ schema: asn1.result });
+ }
+ catch (ex) {
+ const res = new item.type();
+ res.parsingError = `Incorrectly formatted value of extension ${item.name} (${id})`;
+ return res;
+ }
+ }
+ return asn1.result;
+ }
+ static find(id) {
+ const types = this.getItems();
+ return types[id] || null;
+ }
+ static register(id, name, type) {
+ this.getItems()[id] = { name, type };
+ }
+}
+
+const EXTN_ID = "extnID";
+const CRITICAL = "critical";
+const EXTN_VALUE = "extnValue";
+const PARSED_VALUE$5 = "parsedValue";
+const CLEAR_PROPS$10 = [
+ EXTN_ID,
+ CRITICAL,
+ EXTN_VALUE
+];
+class Extension extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.extnID = getParametersValue(parameters, EXTN_ID, Extension.defaultValues(EXTN_ID));
+ this.critical = getParametersValue(parameters, CRITICAL, Extension.defaultValues(CRITICAL));
+ if (EXTN_VALUE in parameters) {
+ this.extnValue = new OctetString({ valueHex: parameters.extnValue });
+ }
+ else {
+ this.extnValue = Extension.defaultValues(EXTN_VALUE);
+ }
+ if (PARSED_VALUE$5 in parameters) {
+ this.parsedValue = getParametersValue(parameters, PARSED_VALUE$5, Extension.defaultValues(PARSED_VALUE$5));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ get parsedValue() {
+ if (this._parsedValue === undefined) {
+ const parsedValue = ExtensionValueFactory.fromBER(this.extnID, this.extnValue.valueBlock.valueHexView);
+ this._parsedValue = parsedValue;
+ }
+ return this._parsedValue || undefined;
+ }
+ set parsedValue(value) {
+ this._parsedValue = value;
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case EXTN_ID:
+ return EMPTY_STRING;
+ case CRITICAL:
+ return false;
+ case EXTN_VALUE:
+ return new OctetString();
+ case PARSED_VALUE$5:
+ return {};
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.extnID || EMPTY_STRING) }),
+ new Boolean({
+ name: (names.critical || EMPTY_STRING),
+ optional: true
+ }),
+ new OctetString({ name: (names.extnValue || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$10);
+ const asn1 = compareSchema(schema, schema, Extension.schema({
+ names: {
+ extnID: EXTN_ID,
+ critical: CRITICAL,
+ extnValue: EXTN_VALUE
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.extnID = asn1.result.extnID.valueBlock.toString();
+ if (CRITICAL in asn1.result) {
+ this.critical = asn1.result.critical.valueBlock.value;
+ }
+ this.extnValue = asn1.result.extnValue;
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(new ObjectIdentifier({ value: this.extnID }));
+ if (this.critical !== Extension.defaultValues(CRITICAL)) {
+ outputArray.push(new Boolean({ value: this.critical }));
+ }
+ outputArray.push(this.extnValue);
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const object = {
+ extnID: this.extnID,
+ extnValue: this.extnValue.toJSON(),
+ };
+ if (this.critical !== Extension.defaultValues(CRITICAL)) {
+ object.critical = this.critical;
+ }
+ if (this.parsedValue && this.parsedValue.toJSON) {
+ object.parsedValue = this.parsedValue.toJSON();
+ }
+ return object;
+ }
+}
+Extension.CLASS_NAME = "Extension";
+
+const EXTENSIONS$5 = "extensions";
+const CLEAR_PROPS$$ = [
+ EXTENSIONS$5,
+];
+class Extensions extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.extensions = getParametersValue(parameters, EXTENSIONS$5, Extensions.defaultValues(EXTENSIONS$5));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case EXTENSIONS$5:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}, optional = false) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ optional,
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Repeated({
+ name: (names.extensions || EMPTY_STRING),
+ value: Extension.schema(names.extension || {})
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$$);
+ const asn1 = compareSchema(schema, schema, Extensions.schema({
+ names: {
+ extensions: EXTENSIONS$5
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.extensions = Array.from(asn1.result.extensions, element => new Extension({ schema: element }));
+ }
+ toSchema() {
+ return (new Sequence({
+ value: Array.from(this.extensions, o => o.toSchema())
+ }));
+ }
+ toJSON() {
+ return {
+ extensions: this.extensions.map(o => o.toJSON())
+ };
+ }
+}
+Extensions.CLASS_NAME = "Extensions";
+
+const ISSUER$5 = "issuer";
+const SERIAL_NUMBER$6 = "serialNumber";
+const ISSUER_UID = "issuerUID";
+const CLEAR_PROPS$_ = [
+ ISSUER$5,
+ SERIAL_NUMBER$6,
+ ISSUER_UID,
+];
+class IssuerSerial extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.issuer = getParametersValue(parameters, ISSUER$5, IssuerSerial.defaultValues(ISSUER$5));
+ this.serialNumber = getParametersValue(parameters, SERIAL_NUMBER$6, IssuerSerial.defaultValues(SERIAL_NUMBER$6));
+ if (ISSUER_UID in parameters) {
+ this.issuerUID = getParametersValue(parameters, ISSUER_UID, IssuerSerial.defaultValues(ISSUER_UID));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case ISSUER$5:
+ return new GeneralNames();
+ case SERIAL_NUMBER$6:
+ return new Integer();
+ case ISSUER_UID:
+ return new BitString();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ GeneralNames.schema(names.issuer || {}),
+ new Integer({ name: (names.serialNumber || EMPTY_STRING) }),
+ new BitString({
+ optional: true,
+ name: (names.issuerUID || EMPTY_STRING)
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$_);
+ const asn1 = compareSchema(schema, schema, IssuerSerial.schema({
+ names: {
+ issuer: {
+ names: {
+ blockName: ISSUER$5
+ }
+ },
+ serialNumber: SERIAL_NUMBER$6,
+ issuerUID: ISSUER_UID
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.issuer = new GeneralNames({ schema: asn1.result.issuer });
+ this.serialNumber = asn1.result.serialNumber;
+ if (ISSUER_UID in asn1.result)
+ this.issuerUID = asn1.result.issuerUID;
+ }
+ toSchema() {
+ const result = new Sequence({
+ value: [
+ this.issuer.toSchema(),
+ this.serialNumber
+ ]
+ });
+ if (this.issuerUID) {
+ result.valueBlock.value.push(this.issuerUID);
+ }
+ return result;
+ }
+ toJSON() {
+ const result = {
+ issuer: this.issuer.toJSON(),
+ serialNumber: this.serialNumber.toJSON()
+ };
+ if (this.issuerUID) {
+ result.issuerUID = this.issuerUID.toJSON();
+ }
+ return result;
+ }
+}
+IssuerSerial.CLASS_NAME = "IssuerSerial";
+
+const VERSION$h = "version";
+const BASE_CERTIFICATE_ID$2 = "baseCertificateID";
+const SUBJECT_NAME = "subjectName";
+const ISSUER$4 = "issuer";
+const SIGNATURE$6 = "signature";
+const SERIAL_NUMBER$5 = "serialNumber";
+const ATTR_CERT_VALIDITY_PERIOD$1 = "attrCertValidityPeriod";
+const ATTRIBUTES$3 = "attributes";
+const ISSUER_UNIQUE_ID$2 = "issuerUniqueID";
+const EXTENSIONS$4 = "extensions";
+const CLEAR_PROPS$Z = [
+ VERSION$h,
+ BASE_CERTIFICATE_ID$2,
+ SUBJECT_NAME,
+ ISSUER$4,
+ SIGNATURE$6,
+ SERIAL_NUMBER$5,
+ ATTR_CERT_VALIDITY_PERIOD$1,
+ ATTRIBUTES$3,
+ ISSUER_UNIQUE_ID$2,
+ EXTENSIONS$4,
+];
+class AttributeCertificateInfoV1 extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.version = getParametersValue(parameters, VERSION$h, AttributeCertificateInfoV1.defaultValues(VERSION$h));
+ if (BASE_CERTIFICATE_ID$2 in parameters) {
+ this.baseCertificateID = getParametersValue(parameters, BASE_CERTIFICATE_ID$2, AttributeCertificateInfoV1.defaultValues(BASE_CERTIFICATE_ID$2));
+ }
+ if (SUBJECT_NAME in parameters) {
+ this.subjectName = getParametersValue(parameters, SUBJECT_NAME, AttributeCertificateInfoV1.defaultValues(SUBJECT_NAME));
+ }
+ this.issuer = getParametersValue(parameters, ISSUER$4, AttributeCertificateInfoV1.defaultValues(ISSUER$4));
+ this.signature = getParametersValue(parameters, SIGNATURE$6, AttributeCertificateInfoV1.defaultValues(SIGNATURE$6));
+ this.serialNumber = getParametersValue(parameters, SERIAL_NUMBER$5, AttributeCertificateInfoV1.defaultValues(SERIAL_NUMBER$5));
+ this.attrCertValidityPeriod = getParametersValue(parameters, ATTR_CERT_VALIDITY_PERIOD$1, AttributeCertificateInfoV1.defaultValues(ATTR_CERT_VALIDITY_PERIOD$1));
+ this.attributes = getParametersValue(parameters, ATTRIBUTES$3, AttributeCertificateInfoV1.defaultValues(ATTRIBUTES$3));
+ if (ISSUER_UNIQUE_ID$2 in parameters)
+ this.issuerUniqueID = getParametersValue(parameters, ISSUER_UNIQUE_ID$2, AttributeCertificateInfoV1.defaultValues(ISSUER_UNIQUE_ID$2));
+ if (EXTENSIONS$4 in parameters) {
+ this.extensions = getParametersValue(parameters, EXTENSIONS$4, AttributeCertificateInfoV1.defaultValues(EXTENSIONS$4));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VERSION$h:
+ return 0;
+ case BASE_CERTIFICATE_ID$2:
+ return new IssuerSerial();
+ case SUBJECT_NAME:
+ return new GeneralNames();
+ case ISSUER$4:
+ return new GeneralNames();
+ case SIGNATURE$6:
+ return new AlgorithmIdentifier();
+ case SERIAL_NUMBER$5:
+ return new Integer();
+ case ATTR_CERT_VALIDITY_PERIOD$1:
+ return new AttCertValidityPeriod();
+ case ATTRIBUTES$3:
+ return [];
+ case ISSUER_UNIQUE_ID$2:
+ return new BitString();
+ case EXTENSIONS$4:
+ return new Extensions();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Integer({ name: (names.version || EMPTY_STRING) }),
+ new Choice({
+ value: [
+ new Constructed({
+ name: (names.baseCertificateID || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: IssuerSerial.schema().valueBlock.value
+ }),
+ new Constructed({
+ name: (names.subjectName || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: GeneralNames.schema().valueBlock.value
+ }),
+ ]
+ }),
+ GeneralNames.schema({
+ names: {
+ blockName: (names.issuer || EMPTY_STRING)
+ }
+ }),
+ AlgorithmIdentifier.schema(names.signature || {}),
+ new Integer({ name: (names.serialNumber || EMPTY_STRING) }),
+ AttCertValidityPeriod.schema(names.attrCertValidityPeriod || {}),
+ new Sequence({
+ name: (names.attributes || EMPTY_STRING),
+ value: [
+ new Repeated({
+ value: Attribute.schema()
+ })
+ ]
+ }),
+ new BitString({
+ optional: true,
+ name: (names.issuerUniqueID || EMPTY_STRING)
+ }),
+ Extensions.schema(names.extensions || {}, true)
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$Z);
+ const asn1 = compareSchema(schema, schema, AttributeCertificateInfoV1.schema({
+ names: {
+ version: VERSION$h,
+ baseCertificateID: BASE_CERTIFICATE_ID$2,
+ subjectName: SUBJECT_NAME,
+ issuer: ISSUER$4,
+ signature: {
+ names: {
+ blockName: SIGNATURE$6
+ }
+ },
+ serialNumber: SERIAL_NUMBER$5,
+ attrCertValidityPeriod: {
+ names: {
+ blockName: ATTR_CERT_VALIDITY_PERIOD$1
+ }
+ },
+ attributes: ATTRIBUTES$3,
+ issuerUniqueID: ISSUER_UNIQUE_ID$2,
+ extensions: {
+ names: {
+ blockName: EXTENSIONS$4
+ }
+ }
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.version = asn1.result.version.valueBlock.valueDec;
+ if (BASE_CERTIFICATE_ID$2 in asn1.result) {
+ this.baseCertificateID = new IssuerSerial({
+ schema: new Sequence({
+ value: asn1.result.baseCertificateID.valueBlock.value
+ })
+ });
+ }
+ if (SUBJECT_NAME in asn1.result) {
+ this.subjectName = new GeneralNames({
+ schema: new Sequence({
+ value: asn1.result.subjectName.valueBlock.value
+ })
+ });
+ }
+ this.issuer = asn1.result.issuer;
+ this.signature = new AlgorithmIdentifier({ schema: asn1.result.signature });
+ this.serialNumber = asn1.result.serialNumber;
+ this.attrCertValidityPeriod = new AttCertValidityPeriod({ schema: asn1.result.attrCertValidityPeriod });
+ this.attributes = Array.from(asn1.result.attributes.valueBlock.value, element => new Attribute({ schema: element }));
+ if (ISSUER_UNIQUE_ID$2 in asn1.result) {
+ this.issuerUniqueID = asn1.result.issuerUniqueID;
+ }
+ if (EXTENSIONS$4 in asn1.result) {
+ this.extensions = new Extensions({ schema: asn1.result.extensions });
+ }
+ }
+ toSchema() {
+ const result = new Sequence({
+ value: [new Integer({ value: this.version })]
+ });
+ if (this.baseCertificateID) {
+ result.valueBlock.value.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: this.baseCertificateID.toSchema().valueBlock.value
+ }));
+ }
+ if (this.subjectName) {
+ result.valueBlock.value.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: this.subjectName.toSchema().valueBlock.value
+ }));
+ }
+ result.valueBlock.value.push(this.issuer.toSchema());
+ result.valueBlock.value.push(this.signature.toSchema());
+ result.valueBlock.value.push(this.serialNumber);
+ result.valueBlock.value.push(this.attrCertValidityPeriod.toSchema());
+ result.valueBlock.value.push(new Sequence({
+ value: Array.from(this.attributes, o => o.toSchema())
+ }));
+ if (this.issuerUniqueID) {
+ result.valueBlock.value.push(this.issuerUniqueID);
+ }
+ if (this.extensions) {
+ result.valueBlock.value.push(this.extensions.toSchema());
+ }
+ return result;
+ }
+ toJSON() {
+ const result = {
+ version: this.version
+ };
+ if (this.baseCertificateID) {
+ result.baseCertificateID = this.baseCertificateID.toJSON();
+ }
+ if (this.subjectName) {
+ result.subjectName = this.subjectName.toJSON();
+ }
+ result.issuer = this.issuer.toJSON();
+ result.signature = this.signature.toJSON();
+ result.serialNumber = this.serialNumber.toJSON();
+ result.attrCertValidityPeriod = this.attrCertValidityPeriod.toJSON();
+ result.attributes = Array.from(this.attributes, o => o.toJSON());
+ if (this.issuerUniqueID) {
+ result.issuerUniqueID = this.issuerUniqueID.toJSON();
+ }
+ if (this.extensions) {
+ result.extensions = this.extensions.toJSON();
+ }
+ return result;
+ }
+}
+AttributeCertificateInfoV1.CLASS_NAME = "AttributeCertificateInfoV1";
+
+const ACINFO$1 = "acinfo";
+const SIGNATURE_ALGORITHM$7 = "signatureAlgorithm";
+const SIGNATURE_VALUE$4 = "signatureValue";
+const CLEAR_PROPS$Y = [
+ ACINFO$1,
+ SIGNATURE_VALUE$4,
+ SIGNATURE_ALGORITHM$7
+];
+class AttributeCertificateV1 extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.acinfo = getParametersValue(parameters, ACINFO$1, AttributeCertificateV1.defaultValues(ACINFO$1));
+ this.signatureAlgorithm = getParametersValue(parameters, SIGNATURE_ALGORITHM$7, AttributeCertificateV1.defaultValues(SIGNATURE_ALGORITHM$7));
+ this.signatureValue = getParametersValue(parameters, SIGNATURE_VALUE$4, AttributeCertificateV1.defaultValues(SIGNATURE_VALUE$4));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case ACINFO$1:
+ return new AttributeCertificateInfoV1();
+ case SIGNATURE_ALGORITHM$7:
+ return new AlgorithmIdentifier();
+ case SIGNATURE_VALUE$4:
+ return new BitString();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ AttributeCertificateInfoV1.schema(names.acinfo || {}),
+ AlgorithmIdentifier.schema(names.signatureAlgorithm || {}),
+ new BitString({ name: (names.signatureValue || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$Y);
+ const asn1 = compareSchema(schema, schema, AttributeCertificateV1.schema({
+ names: {
+ acinfo: {
+ names: {
+ blockName: ACINFO$1
+ }
+ },
+ signatureAlgorithm: {
+ names: {
+ blockName: SIGNATURE_ALGORITHM$7
+ }
+ },
+ signatureValue: SIGNATURE_VALUE$4
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.acinfo = new AttributeCertificateInfoV1({ schema: asn1.result.acinfo });
+ this.signatureAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.signatureAlgorithm });
+ this.signatureValue = asn1.result.signatureValue;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ this.acinfo.toSchema(),
+ this.signatureAlgorithm.toSchema(),
+ this.signatureValue
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ acinfo: this.acinfo.toJSON(),
+ signatureAlgorithm: this.signatureAlgorithm.toJSON(),
+ signatureValue: this.signatureValue.toJSON(),
+ };
+ }
+}
+AttributeCertificateV1.CLASS_NAME = "AttributeCertificateV1";
+
+const DIGESTED_OBJECT_TYPE = "digestedObjectType";
+const OTHER_OBJECT_TYPE_ID = "otherObjectTypeID";
+const DIGEST_ALGORITHM$2 = "digestAlgorithm";
+const OBJECT_DIGEST = "objectDigest";
+const CLEAR_PROPS$X = [
+ DIGESTED_OBJECT_TYPE,
+ OTHER_OBJECT_TYPE_ID,
+ DIGEST_ALGORITHM$2,
+ OBJECT_DIGEST,
+];
+class ObjectDigestInfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.digestedObjectType = getParametersValue(parameters, DIGESTED_OBJECT_TYPE, ObjectDigestInfo.defaultValues(DIGESTED_OBJECT_TYPE));
+ if (OTHER_OBJECT_TYPE_ID in parameters) {
+ this.otherObjectTypeID = getParametersValue(parameters, OTHER_OBJECT_TYPE_ID, ObjectDigestInfo.defaultValues(OTHER_OBJECT_TYPE_ID));
+ }
+ this.digestAlgorithm = getParametersValue(parameters, DIGEST_ALGORITHM$2, ObjectDigestInfo.defaultValues(DIGEST_ALGORITHM$2));
+ this.objectDigest = getParametersValue(parameters, OBJECT_DIGEST, ObjectDigestInfo.defaultValues(OBJECT_DIGEST));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case DIGESTED_OBJECT_TYPE:
+ return new Enumerated();
+ case OTHER_OBJECT_TYPE_ID:
+ return new ObjectIdentifier();
+ case DIGEST_ALGORITHM$2:
+ return new AlgorithmIdentifier();
+ case OBJECT_DIGEST:
+ return new BitString();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Enumerated({ name: (names.digestedObjectType || EMPTY_STRING) }),
+ new ObjectIdentifier({
+ optional: true,
+ name: (names.otherObjectTypeID || EMPTY_STRING)
+ }),
+ AlgorithmIdentifier.schema(names.digestAlgorithm || {}),
+ new BitString({ name: (names.objectDigest || EMPTY_STRING) }),
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$X);
+ const asn1 = compareSchema(schema, schema, ObjectDigestInfo.schema({
+ names: {
+ digestedObjectType: DIGESTED_OBJECT_TYPE,
+ otherObjectTypeID: OTHER_OBJECT_TYPE_ID,
+ digestAlgorithm: {
+ names: {
+ blockName: DIGEST_ALGORITHM$2
+ }
+ },
+ objectDigest: OBJECT_DIGEST
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.digestedObjectType = asn1.result.digestedObjectType;
+ if (OTHER_OBJECT_TYPE_ID in asn1.result) {
+ this.otherObjectTypeID = asn1.result.otherObjectTypeID;
+ }
+ this.digestAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.digestAlgorithm });
+ this.objectDigest = asn1.result.objectDigest;
+ }
+ toSchema() {
+ const result = new Sequence({
+ value: [this.digestedObjectType]
+ });
+ if (this.otherObjectTypeID) {
+ result.valueBlock.value.push(this.otherObjectTypeID);
+ }
+ result.valueBlock.value.push(this.digestAlgorithm.toSchema());
+ result.valueBlock.value.push(this.objectDigest);
+ return result;
+ }
+ toJSON() {
+ const result = {
+ digestedObjectType: this.digestedObjectType.toJSON(),
+ digestAlgorithm: this.digestAlgorithm.toJSON(),
+ objectDigest: this.objectDigest.toJSON(),
+ };
+ if (this.otherObjectTypeID) {
+ result.otherObjectTypeID = this.otherObjectTypeID.toJSON();
+ }
+ return result;
+ }
+}
+ObjectDigestInfo.CLASS_NAME = "ObjectDigestInfo";
+
+const ISSUER_NAME = "issuerName";
+const BASE_CERTIFICATE_ID$1 = "baseCertificateID";
+const OBJECT_DIGEST_INFO$1 = "objectDigestInfo";
+const CLEAR_PROPS$W = [
+ ISSUER_NAME,
+ BASE_CERTIFICATE_ID$1,
+ OBJECT_DIGEST_INFO$1
+];
+class V2Form extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ if (ISSUER_NAME in parameters) {
+ this.issuerName = getParametersValue(parameters, ISSUER_NAME, V2Form.defaultValues(ISSUER_NAME));
+ }
+ if (BASE_CERTIFICATE_ID$1 in parameters) {
+ this.baseCertificateID = getParametersValue(parameters, BASE_CERTIFICATE_ID$1, V2Form.defaultValues(BASE_CERTIFICATE_ID$1));
+ }
+ if (OBJECT_DIGEST_INFO$1 in parameters) {
+ this.objectDigestInfo = getParametersValue(parameters, OBJECT_DIGEST_INFO$1, V2Form.defaultValues(OBJECT_DIGEST_INFO$1));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case ISSUER_NAME:
+ return new GeneralNames();
+ case BASE_CERTIFICATE_ID$1:
+ return new IssuerSerial();
+ case OBJECT_DIGEST_INFO$1:
+ return new ObjectDigestInfo();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ GeneralNames.schema({
+ names: {
+ blockName: names.issuerName
+ }
+ }, true),
+ new Constructed({
+ optional: true,
+ name: (names.baseCertificateID || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: IssuerSerial.schema().valueBlock.value
+ }),
+ new Constructed({
+ optional: true,
+ name: (names.objectDigestInfo || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: ObjectDigestInfo.schema().valueBlock.value
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$W);
+ const asn1 = compareSchema(schema, schema, V2Form.schema({
+ names: {
+ issuerName: ISSUER_NAME,
+ baseCertificateID: BASE_CERTIFICATE_ID$1,
+ objectDigestInfo: OBJECT_DIGEST_INFO$1
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (ISSUER_NAME in asn1.result)
+ this.issuerName = new GeneralNames({ schema: asn1.result.issuerName });
+ if (BASE_CERTIFICATE_ID$1 in asn1.result) {
+ this.baseCertificateID = new IssuerSerial({
+ schema: new Sequence({
+ value: asn1.result.baseCertificateID.valueBlock.value
+ })
+ });
+ }
+ if (OBJECT_DIGEST_INFO$1 in asn1.result) {
+ this.objectDigestInfo = new ObjectDigestInfo({
+ schema: new Sequence({
+ value: asn1.result.objectDigestInfo.valueBlock.value
+ })
+ });
+ }
+ }
+ toSchema() {
+ const result = new Sequence();
+ if (this.issuerName)
+ result.valueBlock.value.push(this.issuerName.toSchema());
+ if (this.baseCertificateID) {
+ result.valueBlock.value.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: this.baseCertificateID.toSchema().valueBlock.value
+ }));
+ }
+ if (this.objectDigestInfo) {
+ result.valueBlock.value.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: this.objectDigestInfo.toSchema().valueBlock.value
+ }));
+ }
+ return result;
+ }
+ toJSON() {
+ const result = {};
+ if (this.issuerName) {
+ result.issuerName = this.issuerName.toJSON();
+ }
+ if (this.baseCertificateID) {
+ result.baseCertificateID = this.baseCertificateID.toJSON();
+ }
+ if (this.objectDigestInfo) {
+ result.objectDigestInfo = this.objectDigestInfo.toJSON();
+ }
+ return result;
+ }
+}
+V2Form.CLASS_NAME = "V2Form";
+
+const BASE_CERTIFICATE_ID = "baseCertificateID";
+const ENTITY_NAME = "entityName";
+const OBJECT_DIGEST_INFO = "objectDigestInfo";
+const CLEAR_PROPS$V = [
+ BASE_CERTIFICATE_ID,
+ ENTITY_NAME,
+ OBJECT_DIGEST_INFO
+];
+class Holder extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ if (BASE_CERTIFICATE_ID in parameters) {
+ this.baseCertificateID = getParametersValue(parameters, BASE_CERTIFICATE_ID, Holder.defaultValues(BASE_CERTIFICATE_ID));
+ }
+ if (ENTITY_NAME in parameters) {
+ this.entityName = getParametersValue(parameters, ENTITY_NAME, Holder.defaultValues(ENTITY_NAME));
+ }
+ if (OBJECT_DIGEST_INFO in parameters) {
+ this.objectDigestInfo = getParametersValue(parameters, OBJECT_DIGEST_INFO, Holder.defaultValues(OBJECT_DIGEST_INFO));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case BASE_CERTIFICATE_ID:
+ return new IssuerSerial();
+ case ENTITY_NAME:
+ return new GeneralNames();
+ case OBJECT_DIGEST_INFO:
+ return new ObjectDigestInfo();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Constructed({
+ optional: true,
+ name: (names.baseCertificateID || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: IssuerSerial.schema().valueBlock.value
+ }),
+ new Constructed({
+ optional: true,
+ name: (names.entityName || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: GeneralNames.schema().valueBlock.value
+ }),
+ new Constructed({
+ optional: true,
+ name: (names.objectDigestInfo || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ value: ObjectDigestInfo.schema().valueBlock.value
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$V);
+ const asn1 = compareSchema(schema, schema, Holder.schema({
+ names: {
+ baseCertificateID: BASE_CERTIFICATE_ID,
+ entityName: ENTITY_NAME,
+ objectDigestInfo: OBJECT_DIGEST_INFO
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (BASE_CERTIFICATE_ID in asn1.result) {
+ this.baseCertificateID = new IssuerSerial({
+ schema: new Sequence({
+ value: asn1.result.baseCertificateID.valueBlock.value
+ })
+ });
+ }
+ if (ENTITY_NAME in asn1.result) {
+ this.entityName = new GeneralNames({
+ schema: new Sequence({
+ value: asn1.result.entityName.valueBlock.value
+ })
+ });
+ }
+ if (OBJECT_DIGEST_INFO in asn1.result) {
+ this.objectDigestInfo = new ObjectDigestInfo({
+ schema: new Sequence({
+ value: asn1.result.objectDigestInfo.valueBlock.value
+ })
+ });
+ }
+ }
+ toSchema() {
+ const result = new Sequence();
+ if (this.baseCertificateID) {
+ result.valueBlock.value.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: this.baseCertificateID.toSchema().valueBlock.value
+ }));
+ }
+ if (this.entityName) {
+ result.valueBlock.value.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: this.entityName.toSchema().valueBlock.value
+ }));
+ }
+ if (this.objectDigestInfo) {
+ result.valueBlock.value.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ value: this.objectDigestInfo.toSchema().valueBlock.value
+ }));
+ }
+ return result;
+ }
+ toJSON() {
+ const result = {};
+ if (this.baseCertificateID) {
+ result.baseCertificateID = this.baseCertificateID.toJSON();
+ }
+ if (this.entityName) {
+ result.entityName = this.entityName.toJSON();
+ }
+ if (this.objectDigestInfo) {
+ result.objectDigestInfo = this.objectDigestInfo.toJSON();
+ }
+ return result;
+ }
+}
+Holder.CLASS_NAME = "Holder";
+
+const VERSION$g = "version";
+const HOLDER = "holder";
+const ISSUER$3 = "issuer";
+const SIGNATURE$5 = "signature";
+const SERIAL_NUMBER$4 = "serialNumber";
+const ATTR_CERT_VALIDITY_PERIOD = "attrCertValidityPeriod";
+const ATTRIBUTES$2 = "attributes";
+const ISSUER_UNIQUE_ID$1 = "issuerUniqueID";
+const EXTENSIONS$3 = "extensions";
+const CLEAR_PROPS$U = [
+ VERSION$g,
+ HOLDER,
+ ISSUER$3,
+ SIGNATURE$5,
+ SERIAL_NUMBER$4,
+ ATTR_CERT_VALIDITY_PERIOD,
+ ATTRIBUTES$2,
+ ISSUER_UNIQUE_ID$1,
+ EXTENSIONS$3
+];
+class AttributeCertificateInfoV2 extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.version = getParametersValue(parameters, VERSION$g, AttributeCertificateInfoV2.defaultValues(VERSION$g));
+ this.holder = getParametersValue(parameters, HOLDER, AttributeCertificateInfoV2.defaultValues(HOLDER));
+ this.issuer = getParametersValue(parameters, ISSUER$3, AttributeCertificateInfoV2.defaultValues(ISSUER$3));
+ this.signature = getParametersValue(parameters, SIGNATURE$5, AttributeCertificateInfoV2.defaultValues(SIGNATURE$5));
+ this.serialNumber = getParametersValue(parameters, SERIAL_NUMBER$4, AttributeCertificateInfoV2.defaultValues(SERIAL_NUMBER$4));
+ this.attrCertValidityPeriod = getParametersValue(parameters, ATTR_CERT_VALIDITY_PERIOD, AttributeCertificateInfoV2.defaultValues(ATTR_CERT_VALIDITY_PERIOD));
+ this.attributes = getParametersValue(parameters, ATTRIBUTES$2, AttributeCertificateInfoV2.defaultValues(ATTRIBUTES$2));
+ if (ISSUER_UNIQUE_ID$1 in parameters) {
+ this.issuerUniqueID = getParametersValue(parameters, ISSUER_UNIQUE_ID$1, AttributeCertificateInfoV2.defaultValues(ISSUER_UNIQUE_ID$1));
+ }
+ if (EXTENSIONS$3 in parameters) {
+ this.extensions = getParametersValue(parameters, EXTENSIONS$3, AttributeCertificateInfoV2.defaultValues(EXTENSIONS$3));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VERSION$g:
+ return 1;
+ case HOLDER:
+ return new Holder();
+ case ISSUER$3:
+ return {};
+ case SIGNATURE$5:
+ return new AlgorithmIdentifier();
+ case SERIAL_NUMBER$4:
+ return new Integer();
+ case ATTR_CERT_VALIDITY_PERIOD:
+ return new AttCertValidityPeriod();
+ case ATTRIBUTES$2:
+ return [];
+ case ISSUER_UNIQUE_ID$1:
+ return new BitString();
+ case EXTENSIONS$3:
+ return new Extensions();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Integer({ name: (names.version || EMPTY_STRING) }),
+ Holder.schema(names.holder || {}),
+ new Choice({
+ value: [
+ GeneralNames.schema({
+ names: {
+ blockName: (names.issuer || EMPTY_STRING)
+ }
+ }),
+ new Constructed({
+ name: (names.issuer || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: V2Form.schema().valueBlock.value
+ })
+ ]
+ }),
+ AlgorithmIdentifier.schema(names.signature || {}),
+ new Integer({ name: (names.serialNumber || EMPTY_STRING) }),
+ AttCertValidityPeriod.schema(names.attrCertValidityPeriod || {}),
+ new Sequence({
+ name: (names.attributes || EMPTY_STRING),
+ value: [
+ new Repeated({
+ value: Attribute.schema()
+ })
+ ]
+ }),
+ new BitString({
+ optional: true,
+ name: (names.issuerUniqueID || EMPTY_STRING)
+ }),
+ Extensions.schema(names.extensions || {}, true)
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$U);
+ const asn1 = compareSchema(schema, schema, AttributeCertificateInfoV2.schema({
+ names: {
+ version: VERSION$g,
+ holder: {
+ names: {
+ blockName: HOLDER
+ }
+ },
+ issuer: ISSUER$3,
+ signature: {
+ names: {
+ blockName: SIGNATURE$5
+ }
+ },
+ serialNumber: SERIAL_NUMBER$4,
+ attrCertValidityPeriod: {
+ names: {
+ blockName: ATTR_CERT_VALIDITY_PERIOD
+ }
+ },
+ attributes: ATTRIBUTES$2,
+ issuerUniqueID: ISSUER_UNIQUE_ID$1,
+ extensions: {
+ names: {
+ blockName: EXTENSIONS$3
+ }
+ }
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.version = asn1.result.version.valueBlock.valueDec;
+ this.holder = new Holder({ schema: asn1.result.holder });
+ switch (asn1.result.issuer.idBlock.tagClass) {
+ case 3:
+ this.issuer = new V2Form({
+ schema: new Sequence({
+ value: asn1.result.issuer.valueBlock.value
+ })
+ });
+ break;
+ case 1:
+ default:
+ throw new Error("Incorrect value for 'issuer' in AttributeCertificateInfoV2");
+ }
+ this.signature = new AlgorithmIdentifier({ schema: asn1.result.signature });
+ this.serialNumber = asn1.result.serialNumber;
+ this.attrCertValidityPeriod = new AttCertValidityPeriod({ schema: asn1.result.attrCertValidityPeriod });
+ this.attributes = Array.from(asn1.result.attributes.valueBlock.value, element => new Attribute({ schema: element }));
+ if (ISSUER_UNIQUE_ID$1 in asn1.result) {
+ this.issuerUniqueID = asn1.result.issuerUniqueID;
+ }
+ if (EXTENSIONS$3 in asn1.result) {
+ this.extensions = new Extensions({ schema: asn1.result.extensions });
+ }
+ }
+ toSchema() {
+ const result = new Sequence({
+ value: [
+ new Integer({ value: this.version }),
+ this.holder.toSchema(),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: this.issuer.toSchema().valueBlock.value
+ }),
+ this.signature.toSchema(),
+ this.serialNumber,
+ this.attrCertValidityPeriod.toSchema(),
+ new Sequence({
+ value: Array.from(this.attributes, o => o.toSchema())
+ })
+ ]
+ });
+ if (this.issuerUniqueID) {
+ result.valueBlock.value.push(this.issuerUniqueID);
+ }
+ if (this.extensions) {
+ result.valueBlock.value.push(this.extensions.toSchema());
+ }
+ return result;
+ }
+ toJSON() {
+ const result = {
+ version: this.version,
+ holder: this.holder.toJSON(),
+ issuer: this.issuer.toJSON(),
+ signature: this.signature.toJSON(),
+ serialNumber: this.serialNumber.toJSON(),
+ attrCertValidityPeriod: this.attrCertValidityPeriod.toJSON(),
+ attributes: Array.from(this.attributes, o => o.toJSON())
+ };
+ if (this.issuerUniqueID) {
+ result.issuerUniqueID = this.issuerUniqueID.toJSON();
+ }
+ if (this.extensions) {
+ result.extensions = this.extensions.toJSON();
+ }
+ return result;
+ }
+}
+AttributeCertificateInfoV2.CLASS_NAME = "AttributeCertificateInfoV2";
+
+const ACINFO = "acinfo";
+const SIGNATURE_ALGORITHM$6 = "signatureAlgorithm";
+const SIGNATURE_VALUE$3 = "signatureValue";
+const CLEAR_PROPS$T = [
+ ACINFO,
+ SIGNATURE_ALGORITHM$6,
+ SIGNATURE_VALUE$3,
+];
+class AttributeCertificateV2 extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.acinfo = getParametersValue(parameters, ACINFO, AttributeCertificateV2.defaultValues(ACINFO));
+ this.signatureAlgorithm = getParametersValue(parameters, SIGNATURE_ALGORITHM$6, AttributeCertificateV2.defaultValues(SIGNATURE_ALGORITHM$6));
+ this.signatureValue = getParametersValue(parameters, SIGNATURE_VALUE$3, AttributeCertificateV2.defaultValues(SIGNATURE_VALUE$3));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case ACINFO:
+ return new AttributeCertificateInfoV2();
+ case SIGNATURE_ALGORITHM$6:
+ return new AlgorithmIdentifier();
+ case SIGNATURE_VALUE$3:
+ return new BitString();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ AttributeCertificateInfoV2.schema(names.acinfo || {}),
+ AlgorithmIdentifier.schema(names.signatureAlgorithm || {}),
+ new BitString({ name: (names.signatureValue || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$T);
+ const asn1 = compareSchema(schema, schema, AttributeCertificateV2.schema({
+ names: {
+ acinfo: {
+ names: {
+ blockName: ACINFO
+ }
+ },
+ signatureAlgorithm: {
+ names: {
+ blockName: SIGNATURE_ALGORITHM$6
+ }
+ },
+ signatureValue: SIGNATURE_VALUE$3
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.acinfo = new AttributeCertificateInfoV2({ schema: asn1.result.acinfo });
+ this.signatureAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.signatureAlgorithm });
+ this.signatureValue = asn1.result.signatureValue;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ this.acinfo.toSchema(),
+ this.signatureAlgorithm.toSchema(),
+ this.signatureValue
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ acinfo: this.acinfo.toJSON(),
+ signatureAlgorithm: this.signatureAlgorithm.toJSON(),
+ signatureValue: this.signatureValue.toJSON(),
+ };
+ }
+}
+AttributeCertificateV2.CLASS_NAME = "AttributeCertificateV2";
+
+const CONTENT_TYPE = "contentType";
+const CONTENT = "content";
+const CLEAR_PROPS$S = [CONTENT_TYPE, CONTENT];
+class ContentInfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.contentType = getParametersValue(parameters, CONTENT_TYPE, ContentInfo.defaultValues(CONTENT_TYPE));
+ this.content = getParametersValue(parameters, CONTENT, ContentInfo.defaultValues(CONTENT));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case CONTENT_TYPE:
+ return EMPTY_STRING;
+ case CONTENT:
+ return new Any();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case CONTENT_TYPE:
+ return (typeof memberValue === "string" &&
+ memberValue === this.defaultValues(CONTENT_TYPE));
+ case CONTENT:
+ return (memberValue instanceof Any);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ if (("optional" in names) === false) {
+ names.optional = false;
+ }
+ return (new Sequence({
+ name: (names.blockName || "ContentInfo"),
+ optional: names.optional,
+ value: [
+ new ObjectIdentifier({ name: (names.contentType || CONTENT_TYPE) }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [new Any({ name: (names.content || CONTENT) })]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$S);
+ const asn1 = compareSchema(schema, schema, ContentInfo.schema());
+ AsnError.assertSchema(asn1, this.className);
+ this.contentType = asn1.result.contentType.valueBlock.toString();
+ this.content = asn1.result.content;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ new ObjectIdentifier({ value: this.contentType }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [this.content]
+ })
+ ]
+ }));
+ }
+ toJSON() {
+ const object = {
+ contentType: this.contentType
+ };
+ if (!(this.content instanceof Any)) {
+ object.content = this.content.toJSON();
+ }
+ return object;
+ }
+}
+ContentInfo.CLASS_NAME = "ContentInfo";
+ContentInfo.DATA = id_ContentType_Data;
+ContentInfo.SIGNED_DATA = id_ContentType_SignedData;
+ContentInfo.ENVELOPED_DATA = id_ContentType_EnvelopedData;
+ContentInfo.ENCRYPTED_DATA = id_ContentType_EncryptedData;
+
+const TYPE$1 = "type";
+const VALUE$4 = "value";
+const UTC_TIME_NAME = "utcTimeName";
+const GENERAL_TIME_NAME = "generalTimeName";
+const CLEAR_PROPS$R = [UTC_TIME_NAME, GENERAL_TIME_NAME];
+var TimeType;
+(function (TimeType) {
+ TimeType[TimeType["UTCTime"] = 0] = "UTCTime";
+ TimeType[TimeType["GeneralizedTime"] = 1] = "GeneralizedTime";
+ TimeType[TimeType["empty"] = 2] = "empty";
+})(TimeType || (TimeType = {}));
+class Time extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.type = getParametersValue(parameters, TYPE$1, Time.defaultValues(TYPE$1));
+ this.value = getParametersValue(parameters, VALUE$4, Time.defaultValues(VALUE$4));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case TYPE$1:
+ return 0;
+ case VALUE$4:
+ return new Date(0, 0, 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}, optional = false) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Choice({
+ optional,
+ value: [
+ new UTCTime({ name: (names.utcTimeName || EMPTY_STRING) }),
+ new GeneralizedTime({ name: (names.generalTimeName || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$R);
+ const asn1 = compareSchema(schema, schema, Time.schema({
+ names: {
+ utcTimeName: UTC_TIME_NAME,
+ generalTimeName: GENERAL_TIME_NAME
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (UTC_TIME_NAME in asn1.result) {
+ this.type = 0;
+ this.value = asn1.result.utcTimeName.toDate();
+ }
+ if (GENERAL_TIME_NAME in asn1.result) {
+ this.type = 1;
+ this.value = asn1.result.generalTimeName.toDate();
+ }
+ }
+ toSchema() {
+ if (this.type === 0) {
+ return new UTCTime({ valueDate: this.value });
+ }
+ else if (this.type === 1) {
+ return new GeneralizedTime({ valueDate: this.value });
+ }
+ return {};
+ }
+ toJSON() {
+ return {
+ type: this.type,
+ value: this.value
+ };
+ }
+}
+Time.CLASS_NAME = "Time";
+
+const TBS$4 = "tbs";
+const VERSION$f = "version";
+const SERIAL_NUMBER$3 = "serialNumber";
+const SIGNATURE$4 = "signature";
+const ISSUER$2 = "issuer";
+const NOT_BEFORE = "notBefore";
+const NOT_AFTER = "notAfter";
+const SUBJECT$1 = "subject";
+const SUBJECT_PUBLIC_KEY_INFO = "subjectPublicKeyInfo";
+const ISSUER_UNIQUE_ID = "issuerUniqueID";
+const SUBJECT_UNIQUE_ID = "subjectUniqueID";
+const EXTENSIONS$2 = "extensions";
+const SIGNATURE_ALGORITHM$5 = "signatureAlgorithm";
+const SIGNATURE_VALUE$2 = "signatureValue";
+const TBS_CERTIFICATE = "tbsCertificate";
+const TBS_CERTIFICATE_VERSION = `${TBS_CERTIFICATE}.${VERSION$f}`;
+const TBS_CERTIFICATE_SERIAL_NUMBER = `${TBS_CERTIFICATE}.${SERIAL_NUMBER$3}`;
+const TBS_CERTIFICATE_SIGNATURE = `${TBS_CERTIFICATE}.${SIGNATURE$4}`;
+const TBS_CERTIFICATE_ISSUER = `${TBS_CERTIFICATE}.${ISSUER$2}`;
+const TBS_CERTIFICATE_NOT_BEFORE = `${TBS_CERTIFICATE}.${NOT_BEFORE}`;
+const TBS_CERTIFICATE_NOT_AFTER = `${TBS_CERTIFICATE}.${NOT_AFTER}`;
+const TBS_CERTIFICATE_SUBJECT = `${TBS_CERTIFICATE}.${SUBJECT$1}`;
+const TBS_CERTIFICATE_SUBJECT_PUBLIC_KEY = `${TBS_CERTIFICATE}.${SUBJECT_PUBLIC_KEY_INFO}`;
+const TBS_CERTIFICATE_ISSUER_UNIQUE_ID = `${TBS_CERTIFICATE}.${ISSUER_UNIQUE_ID}`;
+const TBS_CERTIFICATE_SUBJECT_UNIQUE_ID = `${TBS_CERTIFICATE}.${SUBJECT_UNIQUE_ID}`;
+const TBS_CERTIFICATE_EXTENSIONS = `${TBS_CERTIFICATE}.${EXTENSIONS$2}`;
+const CLEAR_PROPS$Q = [
+ TBS_CERTIFICATE,
+ TBS_CERTIFICATE_VERSION,
+ TBS_CERTIFICATE_SERIAL_NUMBER,
+ TBS_CERTIFICATE_SIGNATURE,
+ TBS_CERTIFICATE_ISSUER,
+ TBS_CERTIFICATE_NOT_BEFORE,
+ TBS_CERTIFICATE_NOT_AFTER,
+ TBS_CERTIFICATE_SUBJECT,
+ TBS_CERTIFICATE_SUBJECT_PUBLIC_KEY,
+ TBS_CERTIFICATE_ISSUER_UNIQUE_ID,
+ TBS_CERTIFICATE_SUBJECT_UNIQUE_ID,
+ TBS_CERTIFICATE_EXTENSIONS,
+ SIGNATURE_ALGORITHM$5,
+ SIGNATURE_VALUE$2
+];
+function tbsCertificate(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || TBS_CERTIFICATE),
+ value: [
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new Integer({ name: (names.tbsCertificateVersion || TBS_CERTIFICATE_VERSION) })
+ ]
+ }),
+ new Integer({ name: (names.tbsCertificateSerialNumber || TBS_CERTIFICATE_SERIAL_NUMBER) }),
+ AlgorithmIdentifier.schema(names.signature || {
+ names: {
+ blockName: TBS_CERTIFICATE_SIGNATURE
+ }
+ }),
+ RelativeDistinguishedNames.schema(names.issuer || {
+ names: {
+ blockName: TBS_CERTIFICATE_ISSUER
+ }
+ }),
+ new Sequence({
+ name: (names.tbsCertificateValidity || "tbsCertificate.validity"),
+ value: [
+ Time.schema(names.notBefore || {
+ names: {
+ utcTimeName: TBS_CERTIFICATE_NOT_BEFORE,
+ generalTimeName: TBS_CERTIFICATE_NOT_BEFORE
+ }
+ }),
+ Time.schema(names.notAfter || {
+ names: {
+ utcTimeName: TBS_CERTIFICATE_NOT_AFTER,
+ generalTimeName: TBS_CERTIFICATE_NOT_AFTER
+ }
+ })
+ ]
+ }),
+ RelativeDistinguishedNames.schema(names.subject || {
+ names: {
+ blockName: TBS_CERTIFICATE_SUBJECT
+ }
+ }),
+ PublicKeyInfo.schema(names.subjectPublicKeyInfo || {
+ names: {
+ blockName: TBS_CERTIFICATE_SUBJECT_PUBLIC_KEY
+ }
+ }),
+ new Primitive({
+ name: (names.tbsCertificateIssuerUniqueID || TBS_CERTIFICATE_ISSUER_UNIQUE_ID),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ }
+ }),
+ new Primitive({
+ name: (names.tbsCertificateSubjectUniqueID || TBS_CERTIFICATE_SUBJECT_UNIQUE_ID),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ }
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 3
+ },
+ value: [Extensions.schema(names.extensions || {
+ names: {
+ blockName: TBS_CERTIFICATE_EXTENSIONS
+ }
+ })]
+ })
+ ]
+ }));
+}
+class Certificate extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.tbsView = new Uint8Array(getParametersValue(parameters, TBS$4, Certificate.defaultValues(TBS$4)));
+ this.version = getParametersValue(parameters, VERSION$f, Certificate.defaultValues(VERSION$f));
+ this.serialNumber = getParametersValue(parameters, SERIAL_NUMBER$3, Certificate.defaultValues(SERIAL_NUMBER$3));
+ this.signature = getParametersValue(parameters, SIGNATURE$4, Certificate.defaultValues(SIGNATURE$4));
+ this.issuer = getParametersValue(parameters, ISSUER$2, Certificate.defaultValues(ISSUER$2));
+ this.notBefore = getParametersValue(parameters, NOT_BEFORE, Certificate.defaultValues(NOT_BEFORE));
+ this.notAfter = getParametersValue(parameters, NOT_AFTER, Certificate.defaultValues(NOT_AFTER));
+ this.subject = getParametersValue(parameters, SUBJECT$1, Certificate.defaultValues(SUBJECT$1));
+ this.subjectPublicKeyInfo = getParametersValue(parameters, SUBJECT_PUBLIC_KEY_INFO, Certificate.defaultValues(SUBJECT_PUBLIC_KEY_INFO));
+ if (ISSUER_UNIQUE_ID in parameters) {
+ this.issuerUniqueID = getParametersValue(parameters, ISSUER_UNIQUE_ID, Certificate.defaultValues(ISSUER_UNIQUE_ID));
+ }
+ if (SUBJECT_UNIQUE_ID in parameters) {
+ this.subjectUniqueID = getParametersValue(parameters, SUBJECT_UNIQUE_ID, Certificate.defaultValues(SUBJECT_UNIQUE_ID));
+ }
+ if (EXTENSIONS$2 in parameters) {
+ this.extensions = getParametersValue(parameters, EXTENSIONS$2, Certificate.defaultValues(EXTENSIONS$2));
+ }
+ this.signatureAlgorithm = getParametersValue(parameters, SIGNATURE_ALGORITHM$5, Certificate.defaultValues(SIGNATURE_ALGORITHM$5));
+ this.signatureValue = getParametersValue(parameters, SIGNATURE_VALUE$2, Certificate.defaultValues(SIGNATURE_VALUE$2));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ get tbs() {
+ return BufferSourceConverter.toArrayBuffer(this.tbsView);
+ }
+ set tbs(value) {
+ this.tbsView = new Uint8Array(value);
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case TBS$4:
+ return EMPTY_BUFFER;
+ case VERSION$f:
+ return 0;
+ case SERIAL_NUMBER$3:
+ return new Integer();
+ case SIGNATURE$4:
+ return new AlgorithmIdentifier();
+ case ISSUER$2:
+ return new RelativeDistinguishedNames();
+ case NOT_BEFORE:
+ return new Time();
+ case NOT_AFTER:
+ return new Time();
+ case SUBJECT$1:
+ return new RelativeDistinguishedNames();
+ case SUBJECT_PUBLIC_KEY_INFO:
+ return new PublicKeyInfo();
+ case ISSUER_UNIQUE_ID:
+ return EMPTY_BUFFER;
+ case SUBJECT_UNIQUE_ID:
+ return EMPTY_BUFFER;
+ case EXTENSIONS$2:
+ return [];
+ case SIGNATURE_ALGORITHM$5:
+ return new AlgorithmIdentifier();
+ case SIGNATURE_VALUE$2:
+ return new BitString();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ tbsCertificate(names.tbsCertificate),
+ AlgorithmIdentifier.schema(names.signatureAlgorithm || {
+ names: {
+ blockName: SIGNATURE_ALGORITHM$5
+ }
+ }),
+ new BitString({ name: (names.signatureValue || SIGNATURE_VALUE$2) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$Q);
+ const asn1 = compareSchema(schema, schema, Certificate.schema({
+ names: {
+ tbsCertificate: {
+ names: {
+ extensions: {
+ names: {
+ extensions: TBS_CERTIFICATE_EXTENSIONS
+ }
+ }
+ }
+ }
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.tbsView = asn1.result.tbsCertificate.valueBeforeDecodeView;
+ if (TBS_CERTIFICATE_VERSION in asn1.result)
+ this.version = asn1.result[TBS_CERTIFICATE_VERSION].valueBlock.valueDec;
+ this.serialNumber = asn1.result[TBS_CERTIFICATE_SERIAL_NUMBER];
+ this.signature = new AlgorithmIdentifier({ schema: asn1.result[TBS_CERTIFICATE_SIGNATURE] });
+ this.issuer = new RelativeDistinguishedNames({ schema: asn1.result[TBS_CERTIFICATE_ISSUER] });
+ this.notBefore = new Time({ schema: asn1.result[TBS_CERTIFICATE_NOT_BEFORE] });
+ this.notAfter = new Time({ schema: asn1.result[TBS_CERTIFICATE_NOT_AFTER] });
+ this.subject = new RelativeDistinguishedNames({ schema: asn1.result[TBS_CERTIFICATE_SUBJECT] });
+ this.subjectPublicKeyInfo = new PublicKeyInfo({ schema: asn1.result[TBS_CERTIFICATE_SUBJECT_PUBLIC_KEY] });
+ if (TBS_CERTIFICATE_ISSUER_UNIQUE_ID in asn1.result)
+ this.issuerUniqueID = asn1.result[TBS_CERTIFICATE_ISSUER_UNIQUE_ID].valueBlock.valueHex;
+ if (TBS_CERTIFICATE_SUBJECT_UNIQUE_ID in asn1.result)
+ this.subjectUniqueID = asn1.result[TBS_CERTIFICATE_SUBJECT_UNIQUE_ID].valueBlock.valueHex;
+ if (TBS_CERTIFICATE_EXTENSIONS in asn1.result)
+ this.extensions = Array.from(asn1.result[TBS_CERTIFICATE_EXTENSIONS], element => new Extension({ schema: element }));
+ this.signatureAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.signatureAlgorithm });
+ this.signatureValue = asn1.result.signatureValue;
+ }
+ encodeTBS() {
+ const outputArray = [];
+ if ((VERSION$f in this) && (this.version !== Certificate.defaultValues(VERSION$f))) {
+ outputArray.push(new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new Integer({ value: this.version })
+ ]
+ }));
+ }
+ outputArray.push(this.serialNumber);
+ outputArray.push(this.signature.toSchema());
+ outputArray.push(this.issuer.toSchema());
+ outputArray.push(new Sequence({
+ value: [
+ this.notBefore.toSchema(),
+ this.notAfter.toSchema()
+ ]
+ }));
+ outputArray.push(this.subject.toSchema());
+ outputArray.push(this.subjectPublicKeyInfo.toSchema());
+ if (this.issuerUniqueID) {
+ outputArray.push(new Primitive({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ valueHex: this.issuerUniqueID
+ }));
+ }
+ if (this.subjectUniqueID) {
+ outputArray.push(new Primitive({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ valueHex: this.subjectUniqueID
+ }));
+ }
+ if (this.extensions) {
+ outputArray.push(new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 3
+ },
+ value: [new Sequence({
+ value: Array.from(this.extensions, o => o.toSchema())
+ })]
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toSchema(encodeFlag = false) {
+ let tbsSchema;
+ if (encodeFlag === false) {
+ if (!this.tbsView.byteLength) {
+ return Certificate.schema().value[0];
+ }
+ const asn1 = fromBER(this.tbsView);
+ AsnError.assert(asn1, "TBS Certificate");
+ tbsSchema = asn1.result;
+ }
+ else {
+ tbsSchema = this.encodeTBS();
+ }
+ return (new Sequence({
+ value: [
+ tbsSchema,
+ this.signatureAlgorithm.toSchema(),
+ this.signatureValue
+ ]
+ }));
+ }
+ toJSON() {
+ const res = {
+ tbs: Convert.ToHex(this.tbsView),
+ version: this.version,
+ serialNumber: this.serialNumber.toJSON(),
+ signature: this.signature.toJSON(),
+ issuer: this.issuer.toJSON(),
+ notBefore: this.notBefore.toJSON(),
+ notAfter: this.notAfter.toJSON(),
+ subject: this.subject.toJSON(),
+ subjectPublicKeyInfo: this.subjectPublicKeyInfo.toJSON(),
+ signatureAlgorithm: this.signatureAlgorithm.toJSON(),
+ signatureValue: this.signatureValue.toJSON(),
+ };
+ if ((VERSION$f in this) && (this.version !== Certificate.defaultValues(VERSION$f))) {
+ res.version = this.version;
+ }
+ if (this.issuerUniqueID) {
+ res.issuerUniqueID = Convert.ToHex(this.issuerUniqueID);
+ }
+ if (this.subjectUniqueID) {
+ res.subjectUniqueID = Convert.ToHex(this.subjectUniqueID);
+ }
+ if (this.extensions) {
+ res.extensions = Array.from(this.extensions, o => o.toJSON());
+ }
+ return res;
+ }
+ getPublicKey(parameters, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ return crypto.getPublicKey(this.subjectPublicKeyInfo, this.signatureAlgorithm, parameters);
+ });
+ }
+ getKeyHash(hashAlgorithm = "SHA-1", crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ return crypto.digest({ name: hashAlgorithm }, this.subjectPublicKeyInfo.subjectPublicKey.valueBlock.valueHexView);
+ });
+ }
+ sign(privateKey, hashAlgorithm = "SHA-1", crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ if (!privateKey) {
+ throw new Error("Need to provide a private key for signing");
+ }
+ const signatureParameters = yield crypto.getSignatureParameters(privateKey, hashAlgorithm);
+ const parameters = signatureParameters.parameters;
+ this.signature = signatureParameters.signatureAlgorithm;
+ this.signatureAlgorithm = signatureParameters.signatureAlgorithm;
+ this.tbsView = new Uint8Array(this.encodeTBS().toBER());
+ const signature = yield crypto.signWithPrivateKey(this.tbsView, privateKey, parameters);
+ this.signatureValue = new BitString({ valueHex: signature });
+ });
+ }
+ verify(issuerCertificate, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ let subjectPublicKeyInfo;
+ if (issuerCertificate) {
+ subjectPublicKeyInfo = issuerCertificate.subjectPublicKeyInfo;
+ }
+ else if (this.issuer.isEqual(this.subject)) {
+ subjectPublicKeyInfo = this.subjectPublicKeyInfo;
+ }
+ if (!(subjectPublicKeyInfo instanceof PublicKeyInfo)) {
+ throw new Error("Please provide issuer certificate as a parameter");
+ }
+ return crypto.verifyWithPublicKey(this.tbsView, this.signatureValue, subjectPublicKeyInfo, this.signatureAlgorithm);
+ });
+ }
+}
+Certificate.CLASS_NAME = "Certificate";
+function checkCA(cert, signerCert = null) {
+ if (signerCert && cert.issuer.isEqual(signerCert.issuer) && cert.serialNumber.isEqual(signerCert.serialNumber)) {
+ return null;
+ }
+ let isCA = false;
+ if (cert.extensions) {
+ for (const extension of cert.extensions) {
+ if (extension.extnID === id_BasicConstraints && extension.parsedValue instanceof BasicConstraints) {
+ if (extension.parsedValue.cA) {
+ isCA = true;
+ break;
+ }
+ }
+ }
+ }
+ if (isCA) {
+ return cert;
+ }
+ return null;
+}
+
+const CERT_ID$1 = "certId";
+const CERT_VALUE = "certValue";
+const PARSED_VALUE$4 = "parsedValue";
+const CLEAR_PROPS$P = [
+ CERT_ID$1,
+ CERT_VALUE
+];
+class CertBag extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.certId = getParametersValue(parameters, CERT_ID$1, CertBag.defaultValues(CERT_ID$1));
+ this.certValue = getParametersValue(parameters, CERT_VALUE, CertBag.defaultValues(CERT_VALUE));
+ if (PARSED_VALUE$4 in parameters) {
+ this.parsedValue = getParametersValue(parameters, PARSED_VALUE$4, CertBag.defaultValues(PARSED_VALUE$4));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case CERT_ID$1:
+ return EMPTY_STRING;
+ case CERT_VALUE:
+ return (new Any());
+ case PARSED_VALUE$4:
+ return {};
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case CERT_ID$1:
+ return (memberValue === EMPTY_STRING);
+ case CERT_VALUE:
+ return (memberValue instanceof Any);
+ case PARSED_VALUE$4:
+ return ((memberValue instanceof Object) && (Object.keys(memberValue).length === 0));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.id || "id") }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [new Any({ name: (names.value || "value") })]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$P);
+ const asn1 = compareSchema(schema, schema, CertBag.schema({
+ names: {
+ id: CERT_ID$1,
+ value: CERT_VALUE
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.certId = asn1.result.certId.valueBlock.toString();
+ this.certValue = asn1.result.certValue;
+ const certValueHex = this.certValue.valueBlock.valueHexView;
+ switch (this.certId) {
+ case id_CertBag_X509Certificate:
+ {
+ try {
+ this.parsedValue = Certificate.fromBER(certValueHex);
+ }
+ catch (ex) {
+ AttributeCertificateV2.fromBER(certValueHex);
+ }
+ }
+ break;
+ case id_CertBag_AttributeCertificate:
+ {
+ this.parsedValue = AttributeCertificateV2.fromBER(certValueHex);
+ }
+ break;
+ case id_CertBag_SDSICertificate:
+ default:
+ throw new Error(`Incorrect CERT_ID value in CertBag: ${this.certId}`);
+ }
+ }
+ toSchema() {
+ if (PARSED_VALUE$4 in this) {
+ if ("acinfo" in this.parsedValue) {
+ this.certId = id_CertBag_AttributeCertificate;
+ }
+ else {
+ this.certId = id_CertBag_X509Certificate;
+ }
+ this.certValue = new OctetString({ valueHex: this.parsedValue.toSchema().toBER(false) });
+ }
+ return (new Sequence({
+ value: [
+ new ObjectIdentifier({ value: this.certId }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [(("toSchema" in this.certValue) ? this.certValue.toSchema() : this.certValue)]
+ })
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ certId: this.certId,
+ certValue: this.certValue.toJSON()
+ };
+ }
+}
+CertBag.CLASS_NAME = "CertBag";
+
+const USER_CERTIFICATE = "userCertificate";
+const REVOCATION_DATE = "revocationDate";
+const CRL_ENTRY_EXTENSIONS = "crlEntryExtensions";
+const CLEAR_PROPS$O = [
+ USER_CERTIFICATE,
+ REVOCATION_DATE,
+ CRL_ENTRY_EXTENSIONS
+];
+class RevokedCertificate extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.userCertificate = getParametersValue(parameters, USER_CERTIFICATE, RevokedCertificate.defaultValues(USER_CERTIFICATE));
+ this.revocationDate = getParametersValue(parameters, REVOCATION_DATE, RevokedCertificate.defaultValues(REVOCATION_DATE));
+ if (CRL_ENTRY_EXTENSIONS in parameters) {
+ this.crlEntryExtensions = getParametersValue(parameters, CRL_ENTRY_EXTENSIONS, RevokedCertificate.defaultValues(CRL_ENTRY_EXTENSIONS));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case USER_CERTIFICATE:
+ return new Integer();
+ case REVOCATION_DATE:
+ return new Time();
+ case CRL_ENTRY_EXTENSIONS:
+ return new Extensions();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Integer({ name: (names.userCertificate || USER_CERTIFICATE) }),
+ Time.schema({
+ names: {
+ utcTimeName: (names.revocationDate || REVOCATION_DATE),
+ generalTimeName: (names.revocationDate || REVOCATION_DATE)
+ }
+ }),
+ Extensions.schema({
+ names: {
+ blockName: (names.crlEntryExtensions || CRL_ENTRY_EXTENSIONS)
+ }
+ }, true)
+ ]
+ });
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$O);
+ const asn1 = compareSchema(schema, schema, RevokedCertificate.schema());
+ AsnError.assertSchema(asn1, this.className);
+ this.userCertificate = asn1.result.userCertificate;
+ this.revocationDate = new Time({ schema: asn1.result.revocationDate });
+ if (CRL_ENTRY_EXTENSIONS in asn1.result) {
+ this.crlEntryExtensions = new Extensions({ schema: asn1.result.crlEntryExtensions });
+ }
+ }
+ toSchema() {
+ const outputArray = [
+ this.userCertificate,
+ this.revocationDate.toSchema()
+ ];
+ if (this.crlEntryExtensions) {
+ outputArray.push(this.crlEntryExtensions.toSchema());
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ userCertificate: this.userCertificate.toJSON(),
+ revocationDate: this.revocationDate.toJSON(),
+ };
+ if (this.crlEntryExtensions) {
+ res.crlEntryExtensions = this.crlEntryExtensions.toJSON();
+ }
+ return res;
+ }
+}
+RevokedCertificate.CLASS_NAME = "RevokedCertificate";
+
+const TBS$3 = "tbs";
+const VERSION$e = "version";
+const SIGNATURE$3 = "signature";
+const ISSUER$1 = "issuer";
+const THIS_UPDATE$1 = "thisUpdate";
+const NEXT_UPDATE$1 = "nextUpdate";
+const REVOKED_CERTIFICATES = "revokedCertificates";
+const CRL_EXTENSIONS = "crlExtensions";
+const SIGNATURE_ALGORITHM$4 = "signatureAlgorithm";
+const SIGNATURE_VALUE$1 = "signatureValue";
+const TBS_CERT_LIST = "tbsCertList";
+const TBS_CERT_LIST_VERSION = `${TBS_CERT_LIST}.version`;
+const TBS_CERT_LIST_SIGNATURE = `${TBS_CERT_LIST}.signature`;
+const TBS_CERT_LIST_ISSUER = `${TBS_CERT_LIST}.issuer`;
+const TBS_CERT_LIST_THIS_UPDATE = `${TBS_CERT_LIST}.thisUpdate`;
+const TBS_CERT_LIST_NEXT_UPDATE = `${TBS_CERT_LIST}.nextUpdate`;
+const TBS_CERT_LIST_REVOKED_CERTIFICATES = `${TBS_CERT_LIST}.revokedCertificates`;
+const TBS_CERT_LIST_EXTENSIONS = `${TBS_CERT_LIST}.extensions`;
+const CLEAR_PROPS$N = [
+ TBS_CERT_LIST,
+ TBS_CERT_LIST_VERSION,
+ TBS_CERT_LIST_SIGNATURE,
+ TBS_CERT_LIST_ISSUER,
+ TBS_CERT_LIST_THIS_UPDATE,
+ TBS_CERT_LIST_NEXT_UPDATE,
+ TBS_CERT_LIST_REVOKED_CERTIFICATES,
+ TBS_CERT_LIST_EXTENSIONS,
+ SIGNATURE_ALGORITHM$4,
+ SIGNATURE_VALUE$1
+];
+function tbsCertList(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || TBS_CERT_LIST),
+ value: [
+ new Integer({
+ optional: true,
+ name: (names.tbsCertListVersion || TBS_CERT_LIST_VERSION),
+ value: 2
+ }),
+ AlgorithmIdentifier.schema(names.signature || {
+ names: {
+ blockName: TBS_CERT_LIST_SIGNATURE
+ }
+ }),
+ RelativeDistinguishedNames.schema(names.issuer || {
+ names: {
+ blockName: TBS_CERT_LIST_ISSUER
+ }
+ }),
+ Time.schema(names.tbsCertListThisUpdate || {
+ names: {
+ utcTimeName: TBS_CERT_LIST_THIS_UPDATE,
+ generalTimeName: TBS_CERT_LIST_THIS_UPDATE
+ }
+ }),
+ Time.schema(names.tbsCertListNextUpdate || {
+ names: {
+ utcTimeName: TBS_CERT_LIST_NEXT_UPDATE,
+ generalTimeName: TBS_CERT_LIST_NEXT_UPDATE
+ }
+ }, true),
+ new Sequence({
+ optional: true,
+ value: [
+ new Repeated({
+ name: (names.tbsCertListRevokedCertificates || TBS_CERT_LIST_REVOKED_CERTIFICATES),
+ value: new Sequence({
+ value: [
+ new Integer(),
+ Time.schema(),
+ Extensions.schema({}, true)
+ ]
+ })
+ })
+ ]
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [Extensions.schema(names.crlExtensions || {
+ names: {
+ blockName: TBS_CERT_LIST_EXTENSIONS
+ }
+ })]
+ })
+ ]
+ }));
+}
+const WELL_KNOWN_EXTENSIONS = [
+ id_AuthorityKeyIdentifier,
+ id_IssuerAltName,
+ id_CRLNumber,
+ id_BaseCRLNumber,
+ id_IssuingDistributionPoint,
+ id_FreshestCRL,
+ id_AuthorityInfoAccess,
+ id_CRLReason,
+ id_InvalidityDate,
+ id_CertificateIssuer,
+];
+class CertificateRevocationList extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.tbsView = new Uint8Array(getParametersValue(parameters, TBS$3, CertificateRevocationList.defaultValues(TBS$3)));
+ this.version = getParametersValue(parameters, VERSION$e, CertificateRevocationList.defaultValues(VERSION$e));
+ this.signature = getParametersValue(parameters, SIGNATURE$3, CertificateRevocationList.defaultValues(SIGNATURE$3));
+ this.issuer = getParametersValue(parameters, ISSUER$1, CertificateRevocationList.defaultValues(ISSUER$1));
+ this.thisUpdate = getParametersValue(parameters, THIS_UPDATE$1, CertificateRevocationList.defaultValues(THIS_UPDATE$1));
+ if (NEXT_UPDATE$1 in parameters) {
+ this.nextUpdate = getParametersValue(parameters, NEXT_UPDATE$1, CertificateRevocationList.defaultValues(NEXT_UPDATE$1));
+ }
+ if (REVOKED_CERTIFICATES in parameters) {
+ this.revokedCertificates = getParametersValue(parameters, REVOKED_CERTIFICATES, CertificateRevocationList.defaultValues(REVOKED_CERTIFICATES));
+ }
+ if (CRL_EXTENSIONS in parameters) {
+ this.crlExtensions = getParametersValue(parameters, CRL_EXTENSIONS, CertificateRevocationList.defaultValues(CRL_EXTENSIONS));
+ }
+ this.signatureAlgorithm = getParametersValue(parameters, SIGNATURE_ALGORITHM$4, CertificateRevocationList.defaultValues(SIGNATURE_ALGORITHM$4));
+ this.signatureValue = getParametersValue(parameters, SIGNATURE_VALUE$1, CertificateRevocationList.defaultValues(SIGNATURE_VALUE$1));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ get tbs() {
+ return BufferSourceConverter.toArrayBuffer(this.tbsView);
+ }
+ set tbs(value) {
+ this.tbsView = new Uint8Array(value);
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case TBS$3:
+ return EMPTY_BUFFER;
+ case VERSION$e:
+ return 0;
+ case SIGNATURE$3:
+ return new AlgorithmIdentifier();
+ case ISSUER$1:
+ return new RelativeDistinguishedNames();
+ case THIS_UPDATE$1:
+ return new Time();
+ case NEXT_UPDATE$1:
+ return new Time();
+ case REVOKED_CERTIFICATES:
+ return [];
+ case CRL_EXTENSIONS:
+ return new Extensions();
+ case SIGNATURE_ALGORITHM$4:
+ return new AlgorithmIdentifier();
+ case SIGNATURE_VALUE$1:
+ return new BitString();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || "CertificateList"),
+ value: [
+ tbsCertList(parameters),
+ AlgorithmIdentifier.schema(names.signatureAlgorithm || {
+ names: {
+ blockName: SIGNATURE_ALGORITHM$4
+ }
+ }),
+ new BitString({ name: (names.signatureValue || SIGNATURE_VALUE$1) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$N);
+ const asn1 = compareSchema(schema, schema, CertificateRevocationList.schema());
+ AsnError.assertSchema(asn1, this.className);
+ this.tbsView = asn1.result.tbsCertList.valueBeforeDecodeView;
+ if (TBS_CERT_LIST_VERSION in asn1.result) {
+ this.version = asn1.result[TBS_CERT_LIST_VERSION].valueBlock.valueDec;
+ }
+ this.signature = new AlgorithmIdentifier({ schema: asn1.result[TBS_CERT_LIST_SIGNATURE] });
+ this.issuer = new RelativeDistinguishedNames({ schema: asn1.result[TBS_CERT_LIST_ISSUER] });
+ this.thisUpdate = new Time({ schema: asn1.result[TBS_CERT_LIST_THIS_UPDATE] });
+ if (TBS_CERT_LIST_NEXT_UPDATE in asn1.result) {
+ this.nextUpdate = new Time({ schema: asn1.result[TBS_CERT_LIST_NEXT_UPDATE] });
+ }
+ if (TBS_CERT_LIST_REVOKED_CERTIFICATES in asn1.result) {
+ this.revokedCertificates = Array.from(asn1.result[TBS_CERT_LIST_REVOKED_CERTIFICATES], element => new RevokedCertificate({ schema: element }));
+ }
+ if (TBS_CERT_LIST_EXTENSIONS in asn1.result) {
+ this.crlExtensions = new Extensions({ schema: asn1.result[TBS_CERT_LIST_EXTENSIONS] });
+ }
+ this.signatureAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.signatureAlgorithm });
+ this.signatureValue = asn1.result.signatureValue;
+ }
+ encodeTBS() {
+ const outputArray = [];
+ if (this.version !== CertificateRevocationList.defaultValues(VERSION$e)) {
+ outputArray.push(new Integer({ value: this.version }));
+ }
+ outputArray.push(this.signature.toSchema());
+ outputArray.push(this.issuer.toSchema());
+ outputArray.push(this.thisUpdate.toSchema());
+ if (this.nextUpdate) {
+ outputArray.push(this.nextUpdate.toSchema());
+ }
+ if (this.revokedCertificates) {
+ outputArray.push(new Sequence({
+ value: Array.from(this.revokedCertificates, o => o.toSchema())
+ }));
+ }
+ if (this.crlExtensions) {
+ outputArray.push(new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ this.crlExtensions.toSchema()
+ ]
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toSchema(encodeFlag = false) {
+ let tbsSchema;
+ if (!encodeFlag) {
+ if (!this.tbsView.byteLength) {
+ return CertificateRevocationList.schema();
+ }
+ const asn1 = fromBER(this.tbsView);
+ AsnError.assert(asn1, "TBS Certificate Revocation List");
+ tbsSchema = asn1.result;
+ }
+ else {
+ tbsSchema = this.encodeTBS();
+ }
+ return (new Sequence({
+ value: [
+ tbsSchema,
+ this.signatureAlgorithm.toSchema(),
+ this.signatureValue
+ ]
+ }));
+ }
+ toJSON() {
+ const res = {
+ tbs: Convert.ToHex(this.tbsView),
+ version: this.version,
+ signature: this.signature.toJSON(),
+ issuer: this.issuer.toJSON(),
+ thisUpdate: this.thisUpdate.toJSON(),
+ signatureAlgorithm: this.signatureAlgorithm.toJSON(),
+ signatureValue: this.signatureValue.toJSON()
+ };
+ if (this.version !== CertificateRevocationList.defaultValues(VERSION$e))
+ res.version = this.version;
+ if (this.nextUpdate) {
+ res.nextUpdate = this.nextUpdate.toJSON();
+ }
+ if (this.revokedCertificates) {
+ res.revokedCertificates = Array.from(this.revokedCertificates, o => o.toJSON());
+ }
+ if (this.crlExtensions) {
+ res.crlExtensions = this.crlExtensions.toJSON();
+ }
+ return res;
+ }
+ isCertificateRevoked(certificate) {
+ if (!this.issuer.isEqual(certificate.issuer)) {
+ return false;
+ }
+ if (!this.revokedCertificates) {
+ return false;
+ }
+ for (const revokedCertificate of this.revokedCertificates) {
+ if (revokedCertificate.userCertificate.isEqual(certificate.serialNumber)) {
+ return true;
+ }
+ }
+ return false;
+ }
+ sign(privateKey, hashAlgorithm = "SHA-1", crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ if (!privateKey) {
+ throw new Error("Need to provide a private key for signing");
+ }
+ const signatureParameters = yield crypto.getSignatureParameters(privateKey, hashAlgorithm);
+ const { parameters } = signatureParameters;
+ this.signature = signatureParameters.signatureAlgorithm;
+ this.signatureAlgorithm = signatureParameters.signatureAlgorithm;
+ this.tbsView = new Uint8Array(this.encodeTBS().toBER());
+ const signature = yield crypto.signWithPrivateKey(this.tbsView, privateKey, parameters);
+ this.signatureValue = new BitString({ valueHex: signature });
+ });
+ }
+ verify(parameters = {}, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ let subjectPublicKeyInfo;
+ if (parameters.issuerCertificate) {
+ subjectPublicKeyInfo = parameters.issuerCertificate.subjectPublicKeyInfo;
+ if (!this.issuer.isEqual(parameters.issuerCertificate.subject)) {
+ return false;
+ }
+ }
+ if (parameters.publicKeyInfo) {
+ subjectPublicKeyInfo = parameters.publicKeyInfo;
+ }
+ if (!subjectPublicKeyInfo) {
+ throw new Error("Issuer's certificate must be provided as an input parameter");
+ }
+ if (this.crlExtensions) {
+ for (const extension of this.crlExtensions.extensions) {
+ if (extension.critical) {
+ if (!WELL_KNOWN_EXTENSIONS.includes(extension.extnID))
+ return false;
+ }
+ }
+ }
+ return crypto.verifyWithPublicKey(this.tbsView, this.signatureValue, subjectPublicKeyInfo, this.signatureAlgorithm);
+ });
+ }
+}
+CertificateRevocationList.CLASS_NAME = "CertificateRevocationList";
+
+const CRL_ID = "crlId";
+const CRL_VALUE = "crlValue";
+const PARSED_VALUE$3 = "parsedValue";
+const CLEAR_PROPS$M = [
+ CRL_ID,
+ CRL_VALUE,
+];
+class CRLBag extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.crlId = getParametersValue(parameters, CRL_ID, CRLBag.defaultValues(CRL_ID));
+ this.crlValue = getParametersValue(parameters, CRL_VALUE, CRLBag.defaultValues(CRL_VALUE));
+ if (PARSED_VALUE$3 in parameters) {
+ this.parsedValue = getParametersValue(parameters, PARSED_VALUE$3, CRLBag.defaultValues(PARSED_VALUE$3));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case CRL_ID:
+ return EMPTY_STRING;
+ case CRL_VALUE:
+ return (new Any());
+ case PARSED_VALUE$3:
+ return {};
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case CRL_ID:
+ return (memberValue === EMPTY_STRING);
+ case CRL_VALUE:
+ return (memberValue instanceof Any);
+ case PARSED_VALUE$3:
+ return ((memberValue instanceof Object) && (Object.keys(memberValue).length === 0));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.id || "id") }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [new Any({ name: (names.value || "value") })]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$M);
+ const asn1 = compareSchema(schema, schema, CRLBag.schema({
+ names: {
+ id: CRL_ID,
+ value: CRL_VALUE
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.crlId = asn1.result.crlId.valueBlock.toString();
+ this.crlValue = asn1.result.crlValue;
+ switch (this.crlId) {
+ case id_CRLBag_X509CRL:
+ {
+ this.parsedValue = CertificateRevocationList.fromBER(this.certValue.valueBlock.valueHex);
+ }
+ break;
+ default:
+ throw new Error(`Incorrect CRL_ID value in CRLBag: ${this.crlId}`);
+ }
+ }
+ toSchema() {
+ if (this.parsedValue) {
+ this.crlId = id_CRLBag_X509CRL;
+ this.crlValue = new OctetString({ valueHex: this.parsedValue.toSchema().toBER(false) });
+ }
+ return (new Sequence({
+ value: [
+ new ObjectIdentifier({ value: this.crlId }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [this.crlValue.toSchema()]
+ })
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ crlId: this.crlId,
+ crlValue: this.crlValue.toJSON()
+ };
+ }
+}
+CRLBag.CLASS_NAME = "CRLBag";
+
+const VERSION$d = "version";
+const ENCRYPTED_CONTENT_INFO$1 = "encryptedContentInfo";
+const UNPROTECTED_ATTRS$1 = "unprotectedAttrs";
+const CLEAR_PROPS$L = [
+ VERSION$d,
+ ENCRYPTED_CONTENT_INFO$1,
+ UNPROTECTED_ATTRS$1,
+];
+class EncryptedData extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.version = getParametersValue(parameters, VERSION$d, EncryptedData.defaultValues(VERSION$d));
+ this.encryptedContentInfo = getParametersValue(parameters, ENCRYPTED_CONTENT_INFO$1, EncryptedData.defaultValues(ENCRYPTED_CONTENT_INFO$1));
+ if (UNPROTECTED_ATTRS$1 in parameters) {
+ this.unprotectedAttrs = getParametersValue(parameters, UNPROTECTED_ATTRS$1, EncryptedData.defaultValues(UNPROTECTED_ATTRS$1));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VERSION$d:
+ return 0;
+ case ENCRYPTED_CONTENT_INFO$1:
+ return new EncryptedContentInfo();
+ case UNPROTECTED_ATTRS$1:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case VERSION$d:
+ return (memberValue === 0);
+ case ENCRYPTED_CONTENT_INFO$1:
+ return ((EncryptedContentInfo.compareWithDefault("contentType", memberValue.contentType)) &&
+ (EncryptedContentInfo.compareWithDefault("contentEncryptionAlgorithm", memberValue.contentEncryptionAlgorithm)) &&
+ (EncryptedContentInfo.compareWithDefault("encryptedContent", memberValue.encryptedContent)));
+ case UNPROTECTED_ATTRS$1:
+ return (memberValue.length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Integer({ name: (names.version || EMPTY_STRING) }),
+ EncryptedContentInfo.schema(names.encryptedContentInfo || {}),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [
+ new Repeated({
+ name: (names.unprotectedAttrs || EMPTY_STRING),
+ value: Attribute.schema()
+ })
+ ]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$L);
+ const asn1 = compareSchema(schema, schema, EncryptedData.schema({
+ names: {
+ version: VERSION$d,
+ encryptedContentInfo: {
+ names: {
+ blockName: ENCRYPTED_CONTENT_INFO$1
+ }
+ },
+ unprotectedAttrs: UNPROTECTED_ATTRS$1
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.version = asn1.result.version.valueBlock.valueDec;
+ this.encryptedContentInfo = new EncryptedContentInfo({ schema: asn1.result.encryptedContentInfo });
+ if (UNPROTECTED_ATTRS$1 in asn1.result)
+ this.unprotectedAttrs = Array.from(asn1.result.unprotectedAttrs, element => new Attribute({ schema: element }));
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(new Integer({ value: this.version }));
+ outputArray.push(this.encryptedContentInfo.toSchema());
+ if (this.unprotectedAttrs) {
+ outputArray.push(new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: Array.from(this.unprotectedAttrs, o => o.toSchema())
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ version: this.version,
+ encryptedContentInfo: this.encryptedContentInfo.toJSON()
+ };
+ if (this.unprotectedAttrs)
+ res.unprotectedAttrs = Array.from(this.unprotectedAttrs, o => o.toJSON());
+ return res;
+ }
+ encrypt(parameters) {
+ return __awaiter(this, void 0, void 0, function* () {
+ ArgumentError.assert(parameters, "parameters", "object");
+ const encryptParams = Object.assign(Object.assign({}, parameters), { contentType: "1.2.840.113549.1.7.1" });
+ this.encryptedContentInfo = yield getCrypto(true).encryptEncryptedContentInfo(encryptParams);
+ });
+ }
+ decrypt(parameters, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ ArgumentError.assert(parameters, "parameters", "object");
+ const decryptParams = Object.assign(Object.assign({}, parameters), { encryptedContentInfo: this.encryptedContentInfo });
+ return crypto.decryptEncryptedContentInfo(decryptParams);
+ });
+ }
+}
+EncryptedData.CLASS_NAME = "EncryptedData";
+
+const ENCRYPTION_ALGORITHM = "encryptionAlgorithm";
+const ENCRYPTED_DATA = "encryptedData";
+const PARSED_VALUE$2 = "parsedValue";
+const CLEAR_PROPS$K = [
+ ENCRYPTION_ALGORITHM,
+ ENCRYPTED_DATA,
+];
+class PKCS8ShroudedKeyBag extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.encryptionAlgorithm = getParametersValue(parameters, ENCRYPTION_ALGORITHM, PKCS8ShroudedKeyBag.defaultValues(ENCRYPTION_ALGORITHM));
+ this.encryptedData = getParametersValue(parameters, ENCRYPTED_DATA, PKCS8ShroudedKeyBag.defaultValues(ENCRYPTED_DATA));
+ if (PARSED_VALUE$2 in parameters) {
+ this.parsedValue = getParametersValue(parameters, PARSED_VALUE$2, PKCS8ShroudedKeyBag.defaultValues(PARSED_VALUE$2));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case ENCRYPTION_ALGORITHM:
+ return (new AlgorithmIdentifier());
+ case ENCRYPTED_DATA:
+ return (new OctetString());
+ case PARSED_VALUE$2:
+ return {};
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case ENCRYPTION_ALGORITHM:
+ return ((AlgorithmIdentifier.compareWithDefault("algorithmId", memberValue.algorithmId)) &&
+ (("algorithmParams" in memberValue) === false));
+ case ENCRYPTED_DATA:
+ return (memberValue.isEqual(PKCS8ShroudedKeyBag.defaultValues(memberName)));
+ case PARSED_VALUE$2:
+ return ((memberValue instanceof Object) && (Object.keys(memberValue).length === 0));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ AlgorithmIdentifier.schema(names.encryptionAlgorithm || {
+ names: {
+ blockName: ENCRYPTION_ALGORITHM
+ }
+ }),
+ new Choice({
+ value: [
+ new OctetString({ name: (names.encryptedData || ENCRYPTED_DATA) }),
+ new OctetString({
+ idBlock: {
+ isConstructed: true
+ },
+ name: (names.encryptedData || ENCRYPTED_DATA)
+ })
+ ]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$K);
+ const asn1 = compareSchema(schema, schema, PKCS8ShroudedKeyBag.schema({
+ names: {
+ encryptionAlgorithm: {
+ names: {
+ blockName: ENCRYPTION_ALGORITHM
+ }
+ },
+ encryptedData: ENCRYPTED_DATA
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.encryptionAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.encryptionAlgorithm });
+ this.encryptedData = asn1.result.encryptedData;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ this.encryptionAlgorithm.toSchema(),
+ this.encryptedData
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ encryptionAlgorithm: this.encryptionAlgorithm.toJSON(),
+ encryptedData: this.encryptedData.toJSON(),
+ };
+ }
+ parseInternalValues(parameters, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ const cmsEncrypted = new EncryptedData({
+ encryptedContentInfo: new EncryptedContentInfo({
+ contentEncryptionAlgorithm: this.encryptionAlgorithm,
+ encryptedContent: this.encryptedData
+ })
+ });
+ const decryptedData = yield cmsEncrypted.decrypt(parameters, crypto);
+ this.parsedValue = PrivateKeyInfo.fromBER(decryptedData);
+ });
+ }
+ makeInternalValues(parameters) {
+ return __awaiter(this, void 0, void 0, function* () {
+ if (!this.parsedValue) {
+ throw new Error("Please initialize \"parsedValue\" first");
+ }
+ const cmsEncrypted = new EncryptedData();
+ const encryptParams = Object.assign(Object.assign({}, parameters), { contentToEncrypt: this.parsedValue.toSchema().toBER(false) });
+ yield cmsEncrypted.encrypt(encryptParams);
+ if (!cmsEncrypted.encryptedContentInfo.encryptedContent) {
+ throw new Error("The filed `encryptedContent` in EncryptedContentInfo is empty");
+ }
+ this.encryptionAlgorithm = cmsEncrypted.encryptedContentInfo.contentEncryptionAlgorithm;
+ this.encryptedData = cmsEncrypted.encryptedContentInfo.encryptedContent;
+ });
+ }
+}
+PKCS8ShroudedKeyBag.CLASS_NAME = "PKCS8ShroudedKeyBag";
+
+const SECRET_TYPE_ID = "secretTypeId";
+const SECRET_VALUE = "secretValue";
+const CLEAR_PROPS$J = [
+ SECRET_TYPE_ID,
+ SECRET_VALUE,
+];
+class SecretBag extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.secretTypeId = getParametersValue(parameters, SECRET_TYPE_ID, SecretBag.defaultValues(SECRET_TYPE_ID));
+ this.secretValue = getParametersValue(parameters, SECRET_VALUE, SecretBag.defaultValues(SECRET_VALUE));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case SECRET_TYPE_ID:
+ return EMPTY_STRING;
+ case SECRET_VALUE:
+ return (new Any());
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case SECRET_TYPE_ID:
+ return (memberValue === EMPTY_STRING);
+ case SECRET_VALUE:
+ return (memberValue instanceof Any);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.id || "id") }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [new Any({ name: (names.value || "value") })]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$J);
+ const asn1 = compareSchema(schema, schema, SecretBag.schema({
+ names: {
+ id: SECRET_TYPE_ID,
+ value: SECRET_VALUE
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.secretTypeId = asn1.result.secretTypeId.valueBlock.toString();
+ this.secretValue = asn1.result.secretValue;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ new ObjectIdentifier({ value: this.secretTypeId }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [this.secretValue.toSchema()]
+ })
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ secretTypeId: this.secretTypeId,
+ secretValue: this.secretValue.toJSON()
+ };
+ }
+}
+SecretBag.CLASS_NAME = "SecretBag";
+
+class SafeBagValueFactory {
+ static getItems() {
+ if (!this.items) {
+ this.items = {};
+ SafeBagValueFactory.register("1.2.840.113549.1.12.10.1.1", PrivateKeyInfo);
+ SafeBagValueFactory.register("1.2.840.113549.1.12.10.1.2", PKCS8ShroudedKeyBag);
+ SafeBagValueFactory.register("1.2.840.113549.1.12.10.1.3", CertBag);
+ SafeBagValueFactory.register("1.2.840.113549.1.12.10.1.4", CRLBag);
+ SafeBagValueFactory.register("1.2.840.113549.1.12.10.1.5", SecretBag);
+ SafeBagValueFactory.register("1.2.840.113549.1.12.10.1.6", SafeContents);
+ }
+ return this.items;
+ }
+ static register(id, type) {
+ this.getItems()[id] = type;
+ }
+ static find(id) {
+ return this.getItems()[id] || null;
+ }
+}
+
+const BAG_ID = "bagId";
+const BAG_VALUE = "bagValue";
+const BAG_ATTRIBUTES = "bagAttributes";
+const CLEAR_PROPS$I = [
+ BAG_ID,
+ BAG_VALUE,
+ BAG_ATTRIBUTES
+];
+class SafeBag extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.bagId = getParametersValue(parameters, BAG_ID, SafeBag.defaultValues(BAG_ID));
+ this.bagValue = getParametersValue(parameters, BAG_VALUE, SafeBag.defaultValues(BAG_VALUE));
+ if (BAG_ATTRIBUTES in parameters) {
+ this.bagAttributes = getParametersValue(parameters, BAG_ATTRIBUTES, SafeBag.defaultValues(BAG_ATTRIBUTES));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case BAG_ID:
+ return EMPTY_STRING;
+ case BAG_VALUE:
+ return (new Any());
+ case BAG_ATTRIBUTES:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case BAG_ID:
+ return (memberValue === EMPTY_STRING);
+ case BAG_VALUE:
+ return (memberValue instanceof Any);
+ case BAG_ATTRIBUTES:
+ return (memberValue.length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.bagId || BAG_ID) }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [new Any({ name: (names.bagValue || BAG_VALUE) })]
+ }),
+ new Set({
+ optional: true,
+ value: [
+ new Repeated({
+ name: (names.bagAttributes || BAG_ATTRIBUTES),
+ value: Attribute.schema()
+ })
+ ]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$I);
+ const asn1 = compareSchema(schema, schema, SafeBag.schema({
+ names: {
+ bagId: BAG_ID,
+ bagValue: BAG_VALUE,
+ bagAttributes: BAG_ATTRIBUTES
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.bagId = asn1.result.bagId.valueBlock.toString();
+ const bagType = SafeBagValueFactory.find(this.bagId);
+ if (!bagType) {
+ throw new Error(`Invalid BAG_ID for SafeBag: ${this.bagId}`);
+ }
+ this.bagValue = new bagType({ schema: asn1.result.bagValue });
+ if (BAG_ATTRIBUTES in asn1.result) {
+ this.bagAttributes = Array.from(asn1.result.bagAttributes, element => new Attribute({ schema: element }));
+ }
+ }
+ toSchema() {
+ const outputArray = [
+ new ObjectIdentifier({ value: this.bagId }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [this.bagValue.toSchema()]
+ })
+ ];
+ if (this.bagAttributes) {
+ outputArray.push(new Set({
+ value: Array.from(this.bagAttributes, o => o.toSchema())
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const output = {
+ bagId: this.bagId,
+ bagValue: this.bagValue.toJSON()
+ };
+ if (this.bagAttributes) {
+ output.bagAttributes = Array.from(this.bagAttributes, o => o.toJSON());
+ }
+ return output;
+ }
+}
+SafeBag.CLASS_NAME = "SafeBag";
+
+const SAFE_BUGS = "safeBags";
+class SafeContents extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.safeBags = getParametersValue(parameters, SAFE_BUGS, SafeContents.defaultValues(SAFE_BUGS));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case SAFE_BUGS:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case SAFE_BUGS:
+ return (memberValue.length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Repeated({
+ name: (names.safeBags || EMPTY_STRING),
+ value: SafeBag.schema()
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, [
+ SAFE_BUGS
+ ]);
+ const asn1 = compareSchema(schema, schema, SafeContents.schema({
+ names: {
+ safeBags: SAFE_BUGS
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.safeBags = Array.from(asn1.result.safeBags, element => new SafeBag({ schema: element }));
+ }
+ toSchema() {
+ return (new Sequence({
+ value: Array.from(this.safeBags, o => o.toSchema())
+ }));
+ }
+ toJSON() {
+ return {
+ safeBags: Array.from(this.safeBags, o => o.toJSON())
+ };
+ }
+}
+SafeContents.CLASS_NAME = "SafeContents";
+
+const OTHER_CERT_FORMAT = "otherCertFormat";
+const OTHER_CERT = "otherCert";
+const CLEAR_PROPS$H = [
+ OTHER_CERT_FORMAT,
+ OTHER_CERT
+];
+class OtherCertificateFormat extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.otherCertFormat = getParametersValue(parameters, OTHER_CERT_FORMAT, OtherCertificateFormat.defaultValues(OTHER_CERT_FORMAT));
+ this.otherCert = getParametersValue(parameters, OTHER_CERT, OtherCertificateFormat.defaultValues(OTHER_CERT));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case OTHER_CERT_FORMAT:
+ return EMPTY_STRING;
+ case OTHER_CERT:
+ return new Any();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.otherCertFormat || OTHER_CERT_FORMAT) }),
+ new Any({ name: (names.otherCert || OTHER_CERT) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$H);
+ const asn1 = compareSchema(schema, schema, OtherCertificateFormat.schema());
+ AsnError.assertSchema(asn1, this.className);
+ this.otherCertFormat = asn1.result.otherCertFormat.valueBlock.toString();
+ this.otherCert = asn1.result.otherCert;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ new ObjectIdentifier({ value: this.otherCertFormat }),
+ this.otherCert
+ ]
+ }));
+ }
+ toJSON() {
+ const res = {
+ otherCertFormat: this.otherCertFormat
+ };
+ if (!(this.otherCert instanceof Any)) {
+ res.otherCert = this.otherCert.toJSON();
+ }
+ return res;
+ }
+}
+
+const CERTIFICATES$1 = "certificates";
+const CLEAR_PROPS$G = [
+ CERTIFICATES$1,
+];
+class CertificateSet extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.certificates = getParametersValue(parameters, CERTIFICATES$1, CertificateSet.defaultValues(CERTIFICATES$1));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case CERTIFICATES$1:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Set({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Repeated({
+ name: (names.certificates || CERTIFICATES$1),
+ value: new Choice({
+ value: [
+ Certificate.schema(),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new Any()
+ ]
+ }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [
+ new Sequence
+ ]
+ }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ value: AttributeCertificateV2.schema().valueBlock.value
+ }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 3
+ },
+ value: OtherCertificateFormat.schema().valueBlock.value
+ })
+ ]
+ })
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$G);
+ const asn1 = compareSchema(schema, schema, CertificateSet.schema());
+ AsnError.assertSchema(asn1, this.className);
+ this.certificates = Array.from(asn1.result.certificates || [], (element) => {
+ const initialTagNumber = element.idBlock.tagNumber;
+ if (element.idBlock.tagClass === 1)
+ return new Certificate({ schema: element });
+ const elementSequence = new Sequence({
+ value: element.valueBlock.value
+ });
+ switch (initialTagNumber) {
+ case 1:
+ if (elementSequence.valueBlock.value[0].valueBlock.value[0].valueBlock.valueDec === 1) {
+ return new AttributeCertificateV2({ schema: elementSequence });
+ }
+ else {
+ return new AttributeCertificateV1({ schema: elementSequence });
+ }
+ case 2:
+ return new AttributeCertificateV2({ schema: elementSequence });
+ case 3:
+ return new OtherCertificateFormat({ schema: elementSequence });
+ }
+ return element;
+ });
+ }
+ toSchema() {
+ return (new Set({
+ value: Array.from(this.certificates, element => {
+ switch (true) {
+ case (element instanceof Certificate):
+ return element.toSchema();
+ case (element instanceof AttributeCertificateV1):
+ return new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: element.toSchema().valueBlock.value
+ });
+ case (element instanceof AttributeCertificateV2):
+ return new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ value: element.toSchema().valueBlock.value
+ });
+ case (element instanceof OtherCertificateFormat):
+ return new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 3
+ },
+ value: element.toSchema().valueBlock.value
+ });
+ }
+ return element.toSchema();
+ })
+ }));
+ }
+ toJSON() {
+ return {
+ certificates: Array.from(this.certificates, o => o.toJSON())
+ };
+ }
+}
+CertificateSet.CLASS_NAME = "CertificateSet";
+
+const OTHER_REV_INFO_FORMAT = "otherRevInfoFormat";
+const OTHER_REV_INFO = "otherRevInfo";
+const CLEAR_PROPS$F = [
+ OTHER_REV_INFO_FORMAT,
+ OTHER_REV_INFO
+];
+class OtherRevocationInfoFormat extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.otherRevInfoFormat = getParametersValue(parameters, OTHER_REV_INFO_FORMAT, OtherRevocationInfoFormat.defaultValues(OTHER_REV_INFO_FORMAT));
+ this.otherRevInfo = getParametersValue(parameters, OTHER_REV_INFO, OtherRevocationInfoFormat.defaultValues(OTHER_REV_INFO));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case OTHER_REV_INFO_FORMAT:
+ return EMPTY_STRING;
+ case OTHER_REV_INFO:
+ return new Any();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.otherRevInfoFormat || OTHER_REV_INFO_FORMAT) }),
+ new Any({ name: (names.otherRevInfo || OTHER_REV_INFO) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$F);
+ const asn1 = compareSchema(schema, schema, OtherRevocationInfoFormat.schema());
+ AsnError.assertSchema(asn1, this.className);
+ this.otherRevInfoFormat = asn1.result.otherRevInfoFormat.valueBlock.toString();
+ this.otherRevInfo = asn1.result.otherRevInfo;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ new ObjectIdentifier({ value: this.otherRevInfoFormat }),
+ this.otherRevInfo
+ ]
+ }));
+ }
+ toJSON() {
+ const res = {
+ otherRevInfoFormat: this.otherRevInfoFormat
+ };
+ if (!(this.otherRevInfo instanceof Any)) {
+ res.otherRevInfo = this.otherRevInfo.toJSON();
+ }
+ return res;
+ }
+}
+OtherRevocationInfoFormat.CLASS_NAME = "OtherRevocationInfoFormat";
+
+const CRLS$3 = "crls";
+const OTHER_REVOCATION_INFOS = "otherRevocationInfos";
+const CLEAR_PROPS$E = [
+ CRLS$3
+];
+class RevocationInfoChoices extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.crls = getParametersValue(parameters, CRLS$3, RevocationInfoChoices.defaultValues(CRLS$3));
+ this.otherRevocationInfos = getParametersValue(parameters, OTHER_REVOCATION_INFOS, RevocationInfoChoices.defaultValues(OTHER_REVOCATION_INFOS));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case CRLS$3:
+ return [];
+ case OTHER_REVOCATION_INFOS:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Set({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Repeated({
+ name: (names.crls || EMPTY_STRING),
+ value: new Choice({
+ value: [
+ CertificateRevocationList.schema(),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [
+ new ObjectIdentifier(),
+ new Any()
+ ]
+ })
+ ]
+ })
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$E);
+ const asn1 = compareSchema(schema, schema, RevocationInfoChoices.schema({
+ names: {
+ crls: CRLS$3
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (asn1.result.crls) {
+ for (const element of asn1.result.crls) {
+ if (element.idBlock.tagClass === 1)
+ this.crls.push(new CertificateRevocationList({ schema: element }));
+ else
+ this.otherRevocationInfos.push(new OtherRevocationInfoFormat({ schema: element }));
+ }
+ }
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(...Array.from(this.crls, o => o.toSchema()));
+ outputArray.push(...Array.from(this.otherRevocationInfos, element => {
+ const schema = element.toSchema();
+ schema.idBlock.tagClass = 3;
+ schema.idBlock.tagNumber = 1;
+ return schema;
+ }));
+ return (new Set({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ return {
+ crls: Array.from(this.crls, o => o.toJSON()),
+ otherRevocationInfos: Array.from(this.otherRevocationInfos, o => o.toJSON())
+ };
+ }
+}
+RevocationInfoChoices.CLASS_NAME = "RevocationInfoChoices";
+
+const CERTS$3 = "certs";
+const CRLS$2 = "crls";
+const CLEAR_PROPS$D = [
+ CERTS$3,
+ CRLS$2,
+];
+class OriginatorInfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.crls = getParametersValue(parameters, CRLS$2, OriginatorInfo.defaultValues(CRLS$2));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case CERTS$3:
+ return new CertificateSet();
+ case CRLS$2:
+ return new RevocationInfoChoices();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case CERTS$3:
+ return (memberValue.certificates.length === 0);
+ case CRLS$2:
+ return ((memberValue.crls.length === 0) && (memberValue.otherRevocationInfos.length === 0));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Constructed({
+ name: (names.certs || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: CertificateSet.schema().valueBlock.value
+ }),
+ new Constructed({
+ name: (names.crls || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: RevocationInfoChoices.schema().valueBlock.value
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$D);
+ const asn1 = compareSchema(schema, schema, OriginatorInfo.schema({
+ names: {
+ certs: CERTS$3,
+ crls: CRLS$2
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (CERTS$3 in asn1.result) {
+ this.certs = new CertificateSet({
+ schema: new Set({
+ value: asn1.result.certs.valueBlock.value
+ })
+ });
+ }
+ if (CRLS$2 in asn1.result) {
+ this.crls = new RevocationInfoChoices({
+ schema: new Set({
+ value: asn1.result.crls.valueBlock.value
+ })
+ });
+ }
+ }
+ toSchema() {
+ const sequenceValue = [];
+ if (this.certs) {
+ sequenceValue.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: this.certs.toSchema().valueBlock.value
+ }));
+ }
+ if (this.crls) {
+ sequenceValue.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: this.crls.toSchema().valueBlock.value
+ }));
+ }
+ return (new Sequence({
+ value: sequenceValue
+ }));
+ }
+ toJSON() {
+ const res = {};
+ if (this.certs) {
+ res.certs = this.certs.toJSON();
+ }
+ if (this.crls) {
+ res.crls = this.crls.toJSON();
+ }
+ return res;
+ }
+}
+OriginatorInfo.CLASS_NAME = "OriginatorInfo";
+
+const ISSUER = "issuer";
+const SERIAL_NUMBER$2 = "serialNumber";
+const CLEAR_PROPS$C = [
+ ISSUER,
+ SERIAL_NUMBER$2,
+];
+class IssuerAndSerialNumber extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.issuer = getParametersValue(parameters, ISSUER, IssuerAndSerialNumber.defaultValues(ISSUER));
+ this.serialNumber = getParametersValue(parameters, SERIAL_NUMBER$2, IssuerAndSerialNumber.defaultValues(SERIAL_NUMBER$2));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case ISSUER:
+ return new RelativeDistinguishedNames();
+ case SERIAL_NUMBER$2:
+ return new Integer();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ RelativeDistinguishedNames.schema(names.issuer || {}),
+ new Integer({ name: (names.serialNumber || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$C);
+ const asn1 = compareSchema(schema, schema, IssuerAndSerialNumber.schema({
+ names: {
+ issuer: {
+ names: {
+ blockName: ISSUER
+ }
+ },
+ serialNumber: SERIAL_NUMBER$2
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.issuer = new RelativeDistinguishedNames({ schema: asn1.result.issuer });
+ this.serialNumber = asn1.result.serialNumber;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ this.issuer.toSchema(),
+ this.serialNumber
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ issuer: this.issuer.toJSON(),
+ serialNumber: this.serialNumber.toJSON(),
+ };
+ }
+}
+IssuerAndSerialNumber.CLASS_NAME = "IssuerAndSerialNumber";
+
+const VARIANT$3 = "variant";
+const VALUE$3 = "value";
+const CLEAR_PROPS$B = [
+ "blockName"
+];
+class RecipientIdentifier extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.variant = getParametersValue(parameters, VARIANT$3, RecipientIdentifier.defaultValues(VARIANT$3));
+ if (VALUE$3 in parameters) {
+ this.value = getParametersValue(parameters, VALUE$3, RecipientIdentifier.defaultValues(VALUE$3));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VARIANT$3:
+ return (-1);
+ case VALUE$3:
+ return {};
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case VARIANT$3:
+ return (memberValue === (-1));
+ case VALUE$3:
+ return (Object.keys(memberValue).length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Choice({
+ value: [
+ IssuerAndSerialNumber.schema({
+ names: {
+ blockName: (names.blockName || EMPTY_STRING)
+ }
+ }),
+ new Primitive({
+ name: (names.blockName || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ }
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$B);
+ const asn1 = compareSchema(schema, schema, RecipientIdentifier.schema({
+ names: {
+ blockName: "blockName"
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (asn1.result.blockName.idBlock.tagClass === 1) {
+ this.variant = 1;
+ this.value = new IssuerAndSerialNumber({ schema: asn1.result.blockName });
+ }
+ else {
+ this.variant = 2;
+ this.value = new OctetString({ valueHex: asn1.result.blockName.valueBlock.valueHex });
+ }
+ }
+ toSchema() {
+ switch (this.variant) {
+ case 1:
+ if (!(this.value instanceof IssuerAndSerialNumber)) {
+ throw new Error("Incorrect type of RecipientIdentifier.value. It should be IssuerAndSerialNumber.");
+ }
+ return this.value.toSchema();
+ case 2:
+ if (!(this.value instanceof OctetString)) {
+ throw new Error("Incorrect type of RecipientIdentifier.value. It should be ASN.1 OctetString.");
+ }
+ return new Primitive({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ valueHex: this.value.valueBlock.valueHexView
+ });
+ default:
+ return new Any();
+ }
+ }
+ toJSON() {
+ const res = {
+ variant: this.variant
+ };
+ if ((this.variant === 1 || this.variant === 2) && this.value) {
+ res.value = this.value.toJSON();
+ }
+ return res;
+ }
+}
+RecipientIdentifier.CLASS_NAME = "RecipientIdentifier";
+
+const VERSION$c = "version";
+const RID$1 = "rid";
+const KEY_ENCRYPTION_ALGORITHM$3 = "keyEncryptionAlgorithm";
+const ENCRYPTED_KEY$3 = "encryptedKey";
+const RECIPIENT_CERTIFICATE$1 = "recipientCertificate";
+const CLEAR_PROPS$A = [
+ VERSION$c,
+ RID$1,
+ KEY_ENCRYPTION_ALGORITHM$3,
+ ENCRYPTED_KEY$3,
+];
+class KeyTransRecipientInfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.version = getParametersValue(parameters, VERSION$c, KeyTransRecipientInfo.defaultValues(VERSION$c));
+ this.rid = getParametersValue(parameters, RID$1, KeyTransRecipientInfo.defaultValues(RID$1));
+ this.keyEncryptionAlgorithm = getParametersValue(parameters, KEY_ENCRYPTION_ALGORITHM$3, KeyTransRecipientInfo.defaultValues(KEY_ENCRYPTION_ALGORITHM$3));
+ this.encryptedKey = getParametersValue(parameters, ENCRYPTED_KEY$3, KeyTransRecipientInfo.defaultValues(ENCRYPTED_KEY$3));
+ this.recipientCertificate = getParametersValue(parameters, RECIPIENT_CERTIFICATE$1, KeyTransRecipientInfo.defaultValues(RECIPIENT_CERTIFICATE$1));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VERSION$c:
+ return (-1);
+ case RID$1:
+ return {};
+ case KEY_ENCRYPTION_ALGORITHM$3:
+ return new AlgorithmIdentifier();
+ case ENCRYPTED_KEY$3:
+ return new OctetString();
+ case RECIPIENT_CERTIFICATE$1:
+ return new Certificate();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case VERSION$c:
+ return (memberValue === KeyTransRecipientInfo.defaultValues(VERSION$c));
+ case RID$1:
+ return (Object.keys(memberValue).length === 0);
+ case KEY_ENCRYPTION_ALGORITHM$3:
+ case ENCRYPTED_KEY$3:
+ return memberValue.isEqual(KeyTransRecipientInfo.defaultValues(memberName));
+ case RECIPIENT_CERTIFICATE$1:
+ return false;
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Integer({ name: (names.version || EMPTY_STRING) }),
+ RecipientIdentifier.schema(names.rid || {}),
+ AlgorithmIdentifier.schema(names.keyEncryptionAlgorithm || {}),
+ new OctetString({ name: (names.encryptedKey || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$A);
+ const asn1 = compareSchema(schema, schema, KeyTransRecipientInfo.schema({
+ names: {
+ version: VERSION$c,
+ rid: {
+ names: {
+ blockName: RID$1
+ }
+ },
+ keyEncryptionAlgorithm: {
+ names: {
+ blockName: KEY_ENCRYPTION_ALGORITHM$3
+ }
+ },
+ encryptedKey: ENCRYPTED_KEY$3
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.version = asn1.result.version.valueBlock.valueDec;
+ if (asn1.result.rid.idBlock.tagClass === 3) {
+ this.rid = new OctetString({ valueHex: asn1.result.rid.valueBlock.valueHex });
+ }
+ else {
+ this.rid = new IssuerAndSerialNumber({ schema: asn1.result.rid });
+ }
+ this.keyEncryptionAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.keyEncryptionAlgorithm });
+ this.encryptedKey = asn1.result.encryptedKey;
+ }
+ toSchema() {
+ const outputArray = [];
+ if (this.rid instanceof IssuerAndSerialNumber) {
+ this.version = 0;
+ outputArray.push(new Integer({ value: this.version }));
+ outputArray.push(this.rid.toSchema());
+ }
+ else {
+ this.version = 2;
+ outputArray.push(new Integer({ value: this.version }));
+ outputArray.push(new Primitive({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ valueHex: this.rid.valueBlock.valueHexView
+ }));
+ }
+ outputArray.push(this.keyEncryptionAlgorithm.toSchema());
+ outputArray.push(this.encryptedKey);
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ return {
+ version: this.version,
+ rid: this.rid.toJSON(),
+ keyEncryptionAlgorithm: this.keyEncryptionAlgorithm.toJSON(),
+ encryptedKey: this.encryptedKey.toJSON(),
+ };
+ }
+}
+KeyTransRecipientInfo.CLASS_NAME = "KeyTransRecipientInfo";
+
+const ALGORITHM = "algorithm";
+const PUBLIC_KEY = "publicKey";
+const CLEAR_PROPS$z = [
+ ALGORITHM,
+ PUBLIC_KEY
+];
+class OriginatorPublicKey extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.algorithm = getParametersValue(parameters, ALGORITHM, OriginatorPublicKey.defaultValues(ALGORITHM));
+ this.publicKey = getParametersValue(parameters, PUBLIC_KEY, OriginatorPublicKey.defaultValues(PUBLIC_KEY));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case ALGORITHM:
+ return new AlgorithmIdentifier();
+ case PUBLIC_KEY:
+ return new BitString();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case ALGORITHM:
+ case PUBLIC_KEY:
+ return (memberValue.isEqual(OriginatorPublicKey.defaultValues(memberName)));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ AlgorithmIdentifier.schema(names.algorithm || {}),
+ new BitString({ name: (names.publicKey || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$z);
+ const asn1 = compareSchema(schema, schema, OriginatorPublicKey.schema({
+ names: {
+ algorithm: {
+ names: {
+ blockName: ALGORITHM
+ }
+ },
+ publicKey: PUBLIC_KEY
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.algorithm = new AlgorithmIdentifier({ schema: asn1.result.algorithm });
+ this.publicKey = asn1.result.publicKey;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ this.algorithm.toSchema(),
+ this.publicKey
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ algorithm: this.algorithm.toJSON(),
+ publicKey: this.publicKey.toJSON(),
+ };
+ }
+}
+OriginatorPublicKey.CLASS_NAME = "OriginatorPublicKey";
+
+const VARIANT$2 = "variant";
+const VALUE$2 = "value";
+const CLEAR_PROPS$y = [
+ "blockName",
+];
+class OriginatorIdentifierOrKey extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.variant = getParametersValue(parameters, VARIANT$2, OriginatorIdentifierOrKey.defaultValues(VARIANT$2));
+ if (VALUE$2 in parameters) {
+ this.value = getParametersValue(parameters, VALUE$2, OriginatorIdentifierOrKey.defaultValues(VALUE$2));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VARIANT$2:
+ return (-1);
+ case VALUE$2:
+ return {};
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case VARIANT$2:
+ return (memberValue === (-1));
+ case VALUE$2:
+ return (Object.keys(memberValue).length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Choice({
+ value: [
+ IssuerAndSerialNumber.schema({
+ names: {
+ blockName: (names.blockName || EMPTY_STRING)
+ }
+ }),
+ new Primitive({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ name: (names.blockName || EMPTY_STRING)
+ }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ name: (names.blockName || EMPTY_STRING),
+ value: OriginatorPublicKey.schema().valueBlock.value
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$y);
+ const asn1 = compareSchema(schema, schema, OriginatorIdentifierOrKey.schema({
+ names: {
+ blockName: "blockName"
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (asn1.result.blockName.idBlock.tagClass === 1) {
+ this.variant = 1;
+ this.value = new IssuerAndSerialNumber({ schema: asn1.result.blockName });
+ }
+ else {
+ if (asn1.result.blockName.idBlock.tagNumber === 0) {
+ asn1.result.blockName.idBlock.tagClass = 1;
+ asn1.result.blockName.idBlock.tagNumber = 4;
+ this.variant = 2;
+ this.value = asn1.result.blockName;
+ }
+ else {
+ this.variant = 3;
+ this.value = new OriginatorPublicKey({
+ schema: new Sequence({
+ value: asn1.result.blockName.valueBlock.value
+ })
+ });
+ }
+ }
+ }
+ toSchema() {
+ switch (this.variant) {
+ case 1:
+ return this.value.toSchema();
+ case 2:
+ this.value.idBlock.tagClass = 3;
+ this.value.idBlock.tagNumber = 0;
+ return this.value;
+ case 3:
+ {
+ const _schema = this.value.toSchema();
+ _schema.idBlock.tagClass = 3;
+ _schema.idBlock.tagNumber = 1;
+ return _schema;
+ }
+ default:
+ return new Any();
+ }
+ }
+ toJSON() {
+ const res = {
+ variant: this.variant
+ };
+ if ((this.variant === 1) || (this.variant === 2) || (this.variant === 3)) {
+ res.value = this.value.toJSON();
+ }
+ return res;
+ }
+}
+OriginatorIdentifierOrKey.CLASS_NAME = "OriginatorIdentifierOrKey";
+
+const KEY_ATTR_ID = "keyAttrId";
+const KEY_ATTR = "keyAttr";
+const CLEAR_PROPS$x = [
+ KEY_ATTR_ID,
+ KEY_ATTR,
+];
+class OtherKeyAttribute extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.keyAttrId = getParametersValue(parameters, KEY_ATTR_ID, OtherKeyAttribute.defaultValues(KEY_ATTR_ID));
+ if (KEY_ATTR in parameters) {
+ this.keyAttr = getParametersValue(parameters, KEY_ATTR, OtherKeyAttribute.defaultValues(KEY_ATTR));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case KEY_ATTR_ID:
+ return EMPTY_STRING;
+ case KEY_ATTR:
+ return {};
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case KEY_ATTR_ID:
+ return (typeof memberValue === "string" && memberValue === EMPTY_STRING);
+ case KEY_ATTR:
+ return (Object.keys(memberValue).length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ optional: (names.optional || true),
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.keyAttrId || EMPTY_STRING) }),
+ new Any({
+ optional: true,
+ name: (names.keyAttr || EMPTY_STRING)
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$x);
+ const asn1 = compareSchema(schema, schema, OtherKeyAttribute.schema({
+ names: {
+ keyAttrId: KEY_ATTR_ID,
+ keyAttr: KEY_ATTR
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.keyAttrId = asn1.result.keyAttrId.valueBlock.toString();
+ if (KEY_ATTR in asn1.result) {
+ this.keyAttr = asn1.result.keyAttr;
+ }
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(new ObjectIdentifier({ value: this.keyAttrId }));
+ if (KEY_ATTR in this) {
+ outputArray.push(this.keyAttr);
+ }
+ return (new Sequence({
+ value: outputArray,
+ }));
+ }
+ toJSON() {
+ const res = {
+ keyAttrId: this.keyAttrId
+ };
+ if (KEY_ATTR in this) {
+ res.keyAttr = this.keyAttr.toJSON();
+ }
+ return res;
+ }
+}
+OtherKeyAttribute.CLASS_NAME = "OtherKeyAttribute";
+
+const SUBJECT_KEY_IDENTIFIER = "subjectKeyIdentifier";
+const DATE$1 = "date";
+const OTHER$1 = "other";
+const CLEAR_PROPS$w = [
+ SUBJECT_KEY_IDENTIFIER,
+ DATE$1,
+ OTHER$1,
+];
+class RecipientKeyIdentifier extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.subjectKeyIdentifier = getParametersValue(parameters, SUBJECT_KEY_IDENTIFIER, RecipientKeyIdentifier.defaultValues(SUBJECT_KEY_IDENTIFIER));
+ if (DATE$1 in parameters) {
+ this.date = getParametersValue(parameters, DATE$1, RecipientKeyIdentifier.defaultValues(DATE$1));
+ }
+ if (OTHER$1 in parameters) {
+ this.other = getParametersValue(parameters, OTHER$1, RecipientKeyIdentifier.defaultValues(OTHER$1));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case SUBJECT_KEY_IDENTIFIER:
+ return new OctetString();
+ case DATE$1:
+ return new GeneralizedTime();
+ case OTHER$1:
+ return new OtherKeyAttribute();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case SUBJECT_KEY_IDENTIFIER:
+ return (memberValue.isEqual(RecipientKeyIdentifier.defaultValues(SUBJECT_KEY_IDENTIFIER)));
+ case DATE$1:
+ return ((memberValue.year === 0) &&
+ (memberValue.month === 0) &&
+ (memberValue.day === 0) &&
+ (memberValue.hour === 0) &&
+ (memberValue.minute === 0) &&
+ (memberValue.second === 0) &&
+ (memberValue.millisecond === 0));
+ case OTHER$1:
+ return ((memberValue.keyAttrId === EMPTY_STRING) && (("keyAttr" in memberValue) === false));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new OctetString({ name: (names.subjectKeyIdentifier || EMPTY_STRING) }),
+ new GeneralizedTime({
+ optional: true,
+ name: (names.date || EMPTY_STRING)
+ }),
+ OtherKeyAttribute.schema(names.other || {})
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$w);
+ const asn1 = compareSchema(schema, schema, RecipientKeyIdentifier.schema({
+ names: {
+ subjectKeyIdentifier: SUBJECT_KEY_IDENTIFIER,
+ date: DATE$1,
+ other: {
+ names: {
+ blockName: OTHER$1
+ }
+ }
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.subjectKeyIdentifier = asn1.result.subjectKeyIdentifier;
+ if (DATE$1 in asn1.result)
+ this.date = asn1.result.date;
+ if (OTHER$1 in asn1.result)
+ this.other = new OtherKeyAttribute({ schema: asn1.result.other });
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(this.subjectKeyIdentifier);
+ if (this.date) {
+ outputArray.push(this.date);
+ }
+ if (this.other) {
+ outputArray.push(this.other.toSchema());
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ subjectKeyIdentifier: this.subjectKeyIdentifier.toJSON()
+ };
+ if (this.date) {
+ res.date = this.date.toJSON();
+ }
+ if (this.other) {
+ res.other = this.other.toJSON();
+ }
+ return res;
+ }
+}
+RecipientKeyIdentifier.CLASS_NAME = "RecipientKeyIdentifier";
+
+const VARIANT$1 = "variant";
+const VALUE$1 = "value";
+const CLEAR_PROPS$v = [
+ "blockName",
+];
+class KeyAgreeRecipientIdentifier extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.variant = getParametersValue(parameters, VARIANT$1, KeyAgreeRecipientIdentifier.defaultValues(VARIANT$1));
+ this.value = getParametersValue(parameters, VALUE$1, KeyAgreeRecipientIdentifier.defaultValues(VALUE$1));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VARIANT$1:
+ return (-1);
+ case VALUE$1:
+ return {};
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case VARIANT$1:
+ return (memberValue === (-1));
+ case VALUE$1:
+ return (Object.keys(memberValue).length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Choice({
+ value: [
+ IssuerAndSerialNumber.schema(names.issuerAndSerialNumber || {
+ names: {
+ blockName: (names.blockName || EMPTY_STRING)
+ }
+ }),
+ new Constructed({
+ name: (names.blockName || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: RecipientKeyIdentifier.schema(names.rKeyId || {
+ names: {
+ blockName: (names.blockName || EMPTY_STRING)
+ }
+ }).valueBlock.value
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$v);
+ const asn1 = compareSchema(schema, schema, KeyAgreeRecipientIdentifier.schema({
+ names: {
+ blockName: "blockName"
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (asn1.result.blockName.idBlock.tagClass === 1) {
+ this.variant = 1;
+ this.value = new IssuerAndSerialNumber({ schema: asn1.result.blockName });
+ }
+ else {
+ this.variant = 2;
+ this.value = new RecipientKeyIdentifier({
+ schema: new Sequence({
+ value: asn1.result.blockName.valueBlock.value
+ })
+ });
+ }
+ }
+ toSchema() {
+ switch (this.variant) {
+ case 1:
+ return this.value.toSchema();
+ case 2:
+ return new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: this.value.toSchema().valueBlock.value
+ });
+ default:
+ return new Any();
+ }
+ }
+ toJSON() {
+ const res = {
+ variant: this.variant,
+ };
+ if ((this.variant === 1) || (this.variant === 2)) {
+ res.value = this.value.toJSON();
+ }
+ return res;
+ }
+}
+KeyAgreeRecipientIdentifier.CLASS_NAME = "KeyAgreeRecipientIdentifier";
+
+const RID = "rid";
+const ENCRYPTED_KEY$2 = "encryptedKey";
+const CLEAR_PROPS$u = [
+ RID,
+ ENCRYPTED_KEY$2,
+];
+class RecipientEncryptedKey extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.rid = getParametersValue(parameters, RID, RecipientEncryptedKey.defaultValues(RID));
+ this.encryptedKey = getParametersValue(parameters, ENCRYPTED_KEY$2, RecipientEncryptedKey.defaultValues(ENCRYPTED_KEY$2));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case RID:
+ return new KeyAgreeRecipientIdentifier();
+ case ENCRYPTED_KEY$2:
+ return new OctetString();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case RID:
+ return ((memberValue.variant === (-1)) && (("value" in memberValue) === false));
+ case ENCRYPTED_KEY$2:
+ return (memberValue.isEqual(RecipientEncryptedKey.defaultValues(ENCRYPTED_KEY$2)));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ KeyAgreeRecipientIdentifier.schema(names.rid || {}),
+ new OctetString({ name: (names.encryptedKey || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$u);
+ const asn1 = compareSchema(schema, schema, RecipientEncryptedKey.schema({
+ names: {
+ rid: {
+ names: {
+ blockName: RID
+ }
+ },
+ encryptedKey: ENCRYPTED_KEY$2
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.rid = new KeyAgreeRecipientIdentifier({ schema: asn1.result.rid });
+ this.encryptedKey = asn1.result.encryptedKey;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ this.rid.toSchema(),
+ this.encryptedKey
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ rid: this.rid.toJSON(),
+ encryptedKey: this.encryptedKey.toJSON(),
+ };
+ }
+}
+RecipientEncryptedKey.CLASS_NAME = "RecipientEncryptedKey";
+
+const ENCRYPTED_KEYS = "encryptedKeys";
+const RECIPIENT_ENCRYPTED_KEYS = "RecipientEncryptedKeys";
+const CLEAR_PROPS$t = [
+ RECIPIENT_ENCRYPTED_KEYS,
+];
+class RecipientEncryptedKeys extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.encryptedKeys = getParametersValue(parameters, ENCRYPTED_KEYS, RecipientEncryptedKeys.defaultValues(ENCRYPTED_KEYS));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case ENCRYPTED_KEYS:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case ENCRYPTED_KEYS:
+ return (memberValue.length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Repeated({
+ name: (names.RecipientEncryptedKeys || EMPTY_STRING),
+ value: RecipientEncryptedKey.schema()
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$t);
+ const asn1 = compareSchema(schema, schema, RecipientEncryptedKeys.schema({
+ names: {
+ RecipientEncryptedKeys: RECIPIENT_ENCRYPTED_KEYS
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.encryptedKeys = Array.from(asn1.result.RecipientEncryptedKeys, element => new RecipientEncryptedKey({ schema: element }));
+ }
+ toSchema() {
+ return (new Sequence({
+ value: Array.from(this.encryptedKeys, o => o.toSchema())
+ }));
+ }
+ toJSON() {
+ return {
+ encryptedKeys: Array.from(this.encryptedKeys, o => o.toJSON())
+ };
+ }
+}
+RecipientEncryptedKeys.CLASS_NAME = "RecipientEncryptedKeys";
+
+const VERSION$b = "version";
+const ORIGINATOR = "originator";
+const UKM = "ukm";
+const KEY_ENCRYPTION_ALGORITHM$2 = "keyEncryptionAlgorithm";
+const RECIPIENT_ENCRYPTED_KEY = "recipientEncryptedKeys";
+const RECIPIENT_CERTIFICATE = "recipientCertificate";
+const RECIPIENT_PUBLIC_KEY = "recipientPublicKey";
+const CLEAR_PROPS$s = [
+ VERSION$b,
+ ORIGINATOR,
+ UKM,
+ KEY_ENCRYPTION_ALGORITHM$2,
+ RECIPIENT_ENCRYPTED_KEY,
+];
+class KeyAgreeRecipientInfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.version = getParametersValue(parameters, VERSION$b, KeyAgreeRecipientInfo.defaultValues(VERSION$b));
+ this.originator = getParametersValue(parameters, ORIGINATOR, KeyAgreeRecipientInfo.defaultValues(ORIGINATOR));
+ if (UKM in parameters) {
+ this.ukm = getParametersValue(parameters, UKM, KeyAgreeRecipientInfo.defaultValues(UKM));
+ }
+ this.keyEncryptionAlgorithm = getParametersValue(parameters, KEY_ENCRYPTION_ALGORITHM$2, KeyAgreeRecipientInfo.defaultValues(KEY_ENCRYPTION_ALGORITHM$2));
+ this.recipientEncryptedKeys = getParametersValue(parameters, RECIPIENT_ENCRYPTED_KEY, KeyAgreeRecipientInfo.defaultValues(RECIPIENT_ENCRYPTED_KEY));
+ this.recipientCertificate = getParametersValue(parameters, RECIPIENT_CERTIFICATE, KeyAgreeRecipientInfo.defaultValues(RECIPIENT_CERTIFICATE));
+ this.recipientPublicKey = getParametersValue(parameters, RECIPIENT_PUBLIC_KEY, KeyAgreeRecipientInfo.defaultValues(RECIPIENT_PUBLIC_KEY));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VERSION$b:
+ return 0;
+ case ORIGINATOR:
+ return new OriginatorIdentifierOrKey();
+ case UKM:
+ return new OctetString();
+ case KEY_ENCRYPTION_ALGORITHM$2:
+ return new AlgorithmIdentifier();
+ case RECIPIENT_ENCRYPTED_KEY:
+ return new RecipientEncryptedKeys();
+ case RECIPIENT_CERTIFICATE:
+ return new Certificate();
+ case RECIPIENT_PUBLIC_KEY:
+ return null;
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case VERSION$b:
+ return (memberValue === 0);
+ case ORIGINATOR:
+ return ((memberValue.variant === (-1)) && (("value" in memberValue) === false));
+ case UKM:
+ return (memberValue.isEqual(KeyAgreeRecipientInfo.defaultValues(UKM)));
+ case KEY_ENCRYPTION_ALGORITHM$2:
+ return ((memberValue.algorithmId === EMPTY_STRING) && (("algorithmParams" in memberValue) === false));
+ case RECIPIENT_ENCRYPTED_KEY:
+ return (memberValue.encryptedKeys.length === 0);
+ case RECIPIENT_CERTIFICATE:
+ return false;
+ case RECIPIENT_PUBLIC_KEY:
+ return false;
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: names.blockName || EMPTY_STRING,
+ value: [
+ new Integer({ name: names.version || EMPTY_STRING }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ OriginatorIdentifierOrKey.schema(names.originator || {})
+ ]
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [new OctetString({ name: names.ukm || EMPTY_STRING })]
+ }),
+ AlgorithmIdentifier.schema(names.keyEncryptionAlgorithm || {}),
+ RecipientEncryptedKeys.schema(names.recipientEncryptedKeys || {})
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$s);
+ const asn1 = compareSchema(schema, schema, KeyAgreeRecipientInfo.schema({
+ names: {
+ version: VERSION$b,
+ originator: {
+ names: {
+ blockName: ORIGINATOR
+ }
+ },
+ ukm: UKM,
+ keyEncryptionAlgorithm: {
+ names: {
+ blockName: KEY_ENCRYPTION_ALGORITHM$2
+ }
+ },
+ recipientEncryptedKeys: {
+ names: {
+ blockName: RECIPIENT_ENCRYPTED_KEY
+ }
+ }
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.version = asn1.result.version.valueBlock.valueDec;
+ this.originator = new OriginatorIdentifierOrKey({ schema: asn1.result.originator });
+ if (UKM in asn1.result)
+ this.ukm = asn1.result.ukm;
+ this.keyEncryptionAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.keyEncryptionAlgorithm });
+ this.recipientEncryptedKeys = new RecipientEncryptedKeys({ schema: asn1.result.recipientEncryptedKeys });
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(new Integer({ value: this.version }));
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [this.originator.toSchema()]
+ }));
+ if (this.ukm) {
+ outputArray.push(new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [this.ukm]
+ }));
+ }
+ outputArray.push(this.keyEncryptionAlgorithm.toSchema());
+ outputArray.push(this.recipientEncryptedKeys.toSchema());
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ version: this.version,
+ originator: this.originator.toJSON(),
+ keyEncryptionAlgorithm: this.keyEncryptionAlgorithm.toJSON(),
+ recipientEncryptedKeys: this.recipientEncryptedKeys.toJSON(),
+ };
+ if (this.ukm) {
+ res.ukm = this.ukm.toJSON();
+ }
+ return res;
+ }
+}
+KeyAgreeRecipientInfo.CLASS_NAME = "KeyAgreeRecipientInfo";
+
+const KEY_IDENTIFIER = "keyIdentifier";
+const DATE = "date";
+const OTHER = "other";
+const CLEAR_PROPS$r = [
+ KEY_IDENTIFIER,
+ DATE,
+ OTHER,
+];
+class KEKIdentifier extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.keyIdentifier = getParametersValue(parameters, KEY_IDENTIFIER, KEKIdentifier.defaultValues(KEY_IDENTIFIER));
+ if (DATE in parameters) {
+ this.date = getParametersValue(parameters, DATE, KEKIdentifier.defaultValues(DATE));
+ }
+ if (OTHER in parameters) {
+ this.other = getParametersValue(parameters, OTHER, KEKIdentifier.defaultValues(OTHER));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case KEY_IDENTIFIER:
+ return new OctetString();
+ case DATE:
+ return new GeneralizedTime();
+ case OTHER:
+ return new OtherKeyAttribute();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case KEY_IDENTIFIER:
+ return (memberValue.isEqual(KEKIdentifier.defaultValues(KEY_IDENTIFIER)));
+ case DATE:
+ return ((memberValue.year === 0) &&
+ (memberValue.month === 0) &&
+ (memberValue.day === 0) &&
+ (memberValue.hour === 0) &&
+ (memberValue.minute === 0) &&
+ (memberValue.second === 0) &&
+ (memberValue.millisecond === 0));
+ case OTHER:
+ return ((memberValue.compareWithDefault("keyAttrId", memberValue.keyAttrId)) &&
+ (("keyAttr" in memberValue) === false));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new OctetString({ name: (names.keyIdentifier || EMPTY_STRING) }),
+ new GeneralizedTime({
+ optional: true,
+ name: (names.date || EMPTY_STRING)
+ }),
+ OtherKeyAttribute.schema(names.other || {})
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$r);
+ const asn1 = compareSchema(schema, schema, KEKIdentifier.schema({
+ names: {
+ keyIdentifier: KEY_IDENTIFIER,
+ date: DATE,
+ other: {
+ names: {
+ blockName: OTHER
+ }
+ }
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.keyIdentifier = asn1.result.keyIdentifier;
+ if (DATE in asn1.result)
+ this.date = asn1.result.date;
+ if (OTHER in asn1.result)
+ this.other = new OtherKeyAttribute({ schema: asn1.result.other });
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(this.keyIdentifier);
+ if (this.date) {
+ outputArray.push(this.date);
+ }
+ if (this.other) {
+ outputArray.push(this.other.toSchema());
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ keyIdentifier: this.keyIdentifier.toJSON()
+ };
+ if (this.date) {
+ res.date = this.date;
+ }
+ if (this.other) {
+ res.other = this.other.toJSON();
+ }
+ return res;
+ }
+}
+KEKIdentifier.CLASS_NAME = "KEKIdentifier";
+
+const VERSION$a = "version";
+const KEK_ID = "kekid";
+const KEY_ENCRYPTION_ALGORITHM$1 = "keyEncryptionAlgorithm";
+const ENCRYPTED_KEY$1 = "encryptedKey";
+const PER_DEFINED_KEK = "preDefinedKEK";
+const CLEAR_PROPS$q = [
+ VERSION$a,
+ KEK_ID,
+ KEY_ENCRYPTION_ALGORITHM$1,
+ ENCRYPTED_KEY$1,
+];
+class KEKRecipientInfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.version = getParametersValue(parameters, VERSION$a, KEKRecipientInfo.defaultValues(VERSION$a));
+ this.kekid = getParametersValue(parameters, KEK_ID, KEKRecipientInfo.defaultValues(KEK_ID));
+ this.keyEncryptionAlgorithm = getParametersValue(parameters, KEY_ENCRYPTION_ALGORITHM$1, KEKRecipientInfo.defaultValues(KEY_ENCRYPTION_ALGORITHM$1));
+ this.encryptedKey = getParametersValue(parameters, ENCRYPTED_KEY$1, KEKRecipientInfo.defaultValues(ENCRYPTED_KEY$1));
+ this.preDefinedKEK = getParametersValue(parameters, PER_DEFINED_KEK, KEKRecipientInfo.defaultValues(PER_DEFINED_KEK));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VERSION$a:
+ return 0;
+ case KEK_ID:
+ return new KEKIdentifier();
+ case KEY_ENCRYPTION_ALGORITHM$1:
+ return new AlgorithmIdentifier();
+ case ENCRYPTED_KEY$1:
+ return new OctetString();
+ case PER_DEFINED_KEK:
+ return EMPTY_BUFFER;
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case "KEKRecipientInfo":
+ return (memberValue === KEKRecipientInfo.defaultValues(VERSION$a));
+ case KEK_ID:
+ return ((memberValue.compareWithDefault("keyIdentifier", memberValue.keyIdentifier)) &&
+ (("date" in memberValue) === false) &&
+ (("other" in memberValue) === false));
+ case KEY_ENCRYPTION_ALGORITHM$1:
+ return ((memberValue.algorithmId === EMPTY_STRING) && (("algorithmParams" in memberValue) === false));
+ case ENCRYPTED_KEY$1:
+ return (memberValue.isEqual(KEKRecipientInfo.defaultValues(ENCRYPTED_KEY$1)));
+ case PER_DEFINED_KEK:
+ return (memberValue.byteLength === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Integer({ name: (names.version || EMPTY_STRING) }),
+ KEKIdentifier.schema(names.kekid || {}),
+ AlgorithmIdentifier.schema(names.keyEncryptionAlgorithm || {}),
+ new OctetString({ name: (names.encryptedKey || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$q);
+ const asn1 = compareSchema(schema, schema, KEKRecipientInfo.schema({
+ names: {
+ version: VERSION$a,
+ kekid: {
+ names: {
+ blockName: KEK_ID
+ }
+ },
+ keyEncryptionAlgorithm: {
+ names: {
+ blockName: KEY_ENCRYPTION_ALGORITHM$1
+ }
+ },
+ encryptedKey: ENCRYPTED_KEY$1
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.version = asn1.result.version.valueBlock.valueDec;
+ this.kekid = new KEKIdentifier({ schema: asn1.result.kekid });
+ this.keyEncryptionAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.keyEncryptionAlgorithm });
+ this.encryptedKey = asn1.result.encryptedKey;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ new Integer({ value: this.version }),
+ this.kekid.toSchema(),
+ this.keyEncryptionAlgorithm.toSchema(),
+ this.encryptedKey
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ version: this.version,
+ kekid: this.kekid.toJSON(),
+ keyEncryptionAlgorithm: this.keyEncryptionAlgorithm.toJSON(),
+ encryptedKey: this.encryptedKey.toJSON(),
+ };
+ }
+}
+KEKRecipientInfo.CLASS_NAME = "KEKRecipientInfo";
+
+const VERSION$9 = "version";
+const KEY_DERIVATION_ALGORITHM = "keyDerivationAlgorithm";
+const KEY_ENCRYPTION_ALGORITHM = "keyEncryptionAlgorithm";
+const ENCRYPTED_KEY = "encryptedKey";
+const PASSWORD = "password";
+const CLEAR_PROPS$p = [
+ VERSION$9,
+ KEY_DERIVATION_ALGORITHM,
+ KEY_ENCRYPTION_ALGORITHM,
+ ENCRYPTED_KEY
+];
+class PasswordRecipientinfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.version = getParametersValue(parameters, VERSION$9, PasswordRecipientinfo.defaultValues(VERSION$9));
+ if (KEY_DERIVATION_ALGORITHM in parameters) {
+ this.keyDerivationAlgorithm = getParametersValue(parameters, KEY_DERIVATION_ALGORITHM, PasswordRecipientinfo.defaultValues(KEY_DERIVATION_ALGORITHM));
+ }
+ this.keyEncryptionAlgorithm = getParametersValue(parameters, KEY_ENCRYPTION_ALGORITHM, PasswordRecipientinfo.defaultValues(KEY_ENCRYPTION_ALGORITHM));
+ this.encryptedKey = getParametersValue(parameters, ENCRYPTED_KEY, PasswordRecipientinfo.defaultValues(ENCRYPTED_KEY));
+ this.password = getParametersValue(parameters, PASSWORD, PasswordRecipientinfo.defaultValues(PASSWORD));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VERSION$9:
+ return (-1);
+ case KEY_DERIVATION_ALGORITHM:
+ return new AlgorithmIdentifier();
+ case KEY_ENCRYPTION_ALGORITHM:
+ return new AlgorithmIdentifier();
+ case ENCRYPTED_KEY:
+ return new OctetString();
+ case PASSWORD:
+ return EMPTY_BUFFER;
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case VERSION$9:
+ return (memberValue === (-1));
+ case KEY_DERIVATION_ALGORITHM:
+ case KEY_ENCRYPTION_ALGORITHM:
+ return ((memberValue.algorithmId === EMPTY_STRING) && (("algorithmParams" in memberValue) === false));
+ case ENCRYPTED_KEY:
+ return (memberValue.isEqual(PasswordRecipientinfo.defaultValues(ENCRYPTED_KEY)));
+ case PASSWORD:
+ return (memberValue.byteLength === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Integer({ name: (names.version || EMPTY_STRING) }),
+ new Constructed({
+ name: (names.keyDerivationAlgorithm || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: AlgorithmIdentifier.schema().valueBlock.value
+ }),
+ AlgorithmIdentifier.schema(names.keyEncryptionAlgorithm || {}),
+ new OctetString({ name: (names.encryptedKey || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$p);
+ const asn1 = compareSchema(schema, schema, PasswordRecipientinfo.schema({
+ names: {
+ version: VERSION$9,
+ keyDerivationAlgorithm: KEY_DERIVATION_ALGORITHM,
+ keyEncryptionAlgorithm: {
+ names: {
+ blockName: KEY_ENCRYPTION_ALGORITHM
+ }
+ },
+ encryptedKey: ENCRYPTED_KEY
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.version = asn1.result.version.valueBlock.valueDec;
+ if (KEY_DERIVATION_ALGORITHM in asn1.result) {
+ this.keyDerivationAlgorithm = new AlgorithmIdentifier({
+ schema: new Sequence({
+ value: asn1.result.keyDerivationAlgorithm.valueBlock.value
+ })
+ });
+ }
+ this.keyEncryptionAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.keyEncryptionAlgorithm });
+ this.encryptedKey = asn1.result.encryptedKey;
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(new Integer({ value: this.version }));
+ if (this.keyDerivationAlgorithm) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: this.keyDerivationAlgorithm.toSchema().valueBlock.value
+ }));
+ }
+ outputArray.push(this.keyEncryptionAlgorithm.toSchema());
+ outputArray.push(this.encryptedKey);
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ version: this.version,
+ keyEncryptionAlgorithm: this.keyEncryptionAlgorithm.toJSON(),
+ encryptedKey: this.encryptedKey.toJSON(),
+ };
+ if (this.keyDerivationAlgorithm) {
+ res.keyDerivationAlgorithm = this.keyDerivationAlgorithm.toJSON();
+ }
+ return res;
+ }
+}
+PasswordRecipientinfo.CLASS_NAME = "PasswordRecipientInfo";
+
+const ORI_TYPE = "oriType";
+const ORI_VALUE = "oriValue";
+const CLEAR_PROPS$o = [
+ ORI_TYPE,
+ ORI_VALUE
+];
+class OtherRecipientInfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.oriType = getParametersValue(parameters, ORI_TYPE, OtherRecipientInfo.defaultValues(ORI_TYPE));
+ this.oriValue = getParametersValue(parameters, ORI_VALUE, OtherRecipientInfo.defaultValues(ORI_VALUE));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case ORI_TYPE:
+ return EMPTY_STRING;
+ case ORI_VALUE:
+ return {};
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case ORI_TYPE:
+ return (memberValue === EMPTY_STRING);
+ case ORI_VALUE:
+ return (Object.keys(memberValue).length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.oriType || EMPTY_STRING) }),
+ new Any({ name: (names.oriValue || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$o);
+ const asn1 = compareSchema(schema, schema, OtherRecipientInfo.schema({
+ names: {
+ oriType: ORI_TYPE,
+ oriValue: ORI_VALUE
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.oriType = asn1.result.oriType.valueBlock.toString();
+ this.oriValue = asn1.result.oriValue;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ new ObjectIdentifier({ value: this.oriType }),
+ this.oriValue
+ ]
+ }));
+ }
+ toJSON() {
+ const res = {
+ oriType: this.oriType
+ };
+ if (!OtherRecipientInfo.compareWithDefault(ORI_VALUE, this.oriValue)) {
+ res.oriValue = this.oriValue.toJSON();
+ }
+ return res;
+ }
+}
+OtherRecipientInfo.CLASS_NAME = "OtherRecipientInfo";
+
+const VARIANT = "variant";
+const VALUE = "value";
+const CLEAR_PROPS$n = [
+ "blockName"
+];
+class RecipientInfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.variant = getParametersValue(parameters, VARIANT, RecipientInfo.defaultValues(VARIANT));
+ if (VALUE in parameters) {
+ this.value = getParametersValue(parameters, VALUE, RecipientInfo.defaultValues(VALUE));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VARIANT:
+ return (-1);
+ case VALUE:
+ return {};
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case VARIANT:
+ return (memberValue === RecipientInfo.defaultValues(memberName));
+ case VALUE:
+ return (Object.keys(memberValue).length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Choice({
+ value: [
+ KeyTransRecipientInfo.schema({
+ names: {
+ blockName: (names.blockName || EMPTY_STRING)
+ }
+ }),
+ new Constructed({
+ name: (names.blockName || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: KeyAgreeRecipientInfo.schema().valueBlock.value
+ }),
+ new Constructed({
+ name: (names.blockName || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ value: KEKRecipientInfo.schema().valueBlock.value
+ }),
+ new Constructed({
+ name: (names.blockName || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 3
+ },
+ value: PasswordRecipientinfo.schema().valueBlock.value
+ }),
+ new Constructed({
+ name: (names.blockName || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 4
+ },
+ value: OtherRecipientInfo.schema().valueBlock.value
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$n);
+ const asn1 = compareSchema(schema, schema, RecipientInfo.schema({
+ names: {
+ blockName: "blockName"
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (asn1.result.blockName.idBlock.tagClass === 1) {
+ this.variant = 1;
+ this.value = new KeyTransRecipientInfo({ schema: asn1.result.blockName });
+ }
+ else {
+ const blockSequence = new Sequence({
+ value: asn1.result.blockName.valueBlock.value
+ });
+ switch (asn1.result.blockName.idBlock.tagNumber) {
+ case 1:
+ this.variant = 2;
+ this.value = new KeyAgreeRecipientInfo({ schema: blockSequence });
+ break;
+ case 2:
+ this.variant = 3;
+ this.value = new KEKRecipientInfo({ schema: blockSequence });
+ break;
+ case 3:
+ this.variant = 4;
+ this.value = new PasswordRecipientinfo({ schema: blockSequence });
+ break;
+ case 4:
+ this.variant = 5;
+ this.value = new OtherRecipientInfo({ schema: blockSequence });
+ break;
+ default:
+ throw new Error("Incorrect structure of RecipientInfo block");
+ }
+ }
+ }
+ toSchema() {
+ ParameterError.assertEmpty(this.value, "value", "RecipientInfo");
+ const _schema = this.value.toSchema();
+ switch (this.variant) {
+ case 1:
+ return _schema;
+ case 2:
+ case 3:
+ case 4:
+ _schema.idBlock.tagClass = 3;
+ _schema.idBlock.tagNumber = (this.variant - 1);
+ return _schema;
+ default:
+ return new Any();
+ }
+ }
+ toJSON() {
+ const res = {
+ variant: this.variant
+ };
+ if (this.value && (this.variant >= 1) && (this.variant <= 4)) {
+ res.value = this.value.toJSON();
+ }
+ return res;
+ }
+}
+RecipientInfo.CLASS_NAME = "RecipientInfo";
+
+const HASH_ALGORITHM$2 = "hashAlgorithm";
+const MASK_GEN_ALGORITHM = "maskGenAlgorithm";
+const P_SOURCE_ALGORITHM = "pSourceAlgorithm";
+const CLEAR_PROPS$m = [
+ HASH_ALGORITHM$2,
+ MASK_GEN_ALGORITHM,
+ P_SOURCE_ALGORITHM
+];
+class RSAESOAEPParams extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.hashAlgorithm = getParametersValue(parameters, HASH_ALGORITHM$2, RSAESOAEPParams.defaultValues(HASH_ALGORITHM$2));
+ this.maskGenAlgorithm = getParametersValue(parameters, MASK_GEN_ALGORITHM, RSAESOAEPParams.defaultValues(MASK_GEN_ALGORITHM));
+ this.pSourceAlgorithm = getParametersValue(parameters, P_SOURCE_ALGORITHM, RSAESOAEPParams.defaultValues(P_SOURCE_ALGORITHM));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case HASH_ALGORITHM$2:
+ return new AlgorithmIdentifier({
+ algorithmId: "1.3.14.3.2.26",
+ algorithmParams: new Null()
+ });
+ case MASK_GEN_ALGORITHM:
+ return new AlgorithmIdentifier({
+ algorithmId: "1.2.840.113549.1.1.8",
+ algorithmParams: (new AlgorithmIdentifier({
+ algorithmId: "1.3.14.3.2.26",
+ algorithmParams: new Null()
+ })).toSchema()
+ });
+ case P_SOURCE_ALGORITHM:
+ return new AlgorithmIdentifier({
+ algorithmId: "1.2.840.113549.1.1.9",
+ algorithmParams: new OctetString({ valueHex: (new Uint8Array([0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07, 0x09])).buffer })
+ });
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ optional: true,
+ value: [AlgorithmIdentifier.schema(names.hashAlgorithm || {})]
+ }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ optional: true,
+ value: [AlgorithmIdentifier.schema(names.maskGenAlgorithm || {})]
+ }),
+ new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ optional: true,
+ value: [AlgorithmIdentifier.schema(names.pSourceAlgorithm || {})]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$m);
+ const asn1 = compareSchema(schema, schema, RSAESOAEPParams.schema({
+ names: {
+ hashAlgorithm: {
+ names: {
+ blockName: HASH_ALGORITHM$2
+ }
+ },
+ maskGenAlgorithm: {
+ names: {
+ blockName: MASK_GEN_ALGORITHM
+ }
+ },
+ pSourceAlgorithm: {
+ names: {
+ blockName: P_SOURCE_ALGORITHM
+ }
+ }
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ if (HASH_ALGORITHM$2 in asn1.result)
+ this.hashAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.hashAlgorithm });
+ if (MASK_GEN_ALGORITHM in asn1.result)
+ this.maskGenAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.maskGenAlgorithm });
+ if (P_SOURCE_ALGORITHM in asn1.result)
+ this.pSourceAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.pSourceAlgorithm });
+ }
+ toSchema() {
+ const outputArray = [];
+ if (!this.hashAlgorithm.isEqual(RSAESOAEPParams.defaultValues(HASH_ALGORITHM$2))) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [this.hashAlgorithm.toSchema()]
+ }));
+ }
+ if (!this.maskGenAlgorithm.isEqual(RSAESOAEPParams.defaultValues(MASK_GEN_ALGORITHM))) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [this.maskGenAlgorithm.toSchema()]
+ }));
+ }
+ if (!this.pSourceAlgorithm.isEqual(RSAESOAEPParams.defaultValues(P_SOURCE_ALGORITHM))) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ value: [this.pSourceAlgorithm.toSchema()]
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {};
+ if (!this.hashAlgorithm.isEqual(RSAESOAEPParams.defaultValues(HASH_ALGORITHM$2))) {
+ res.hashAlgorithm = this.hashAlgorithm.toJSON();
+ }
+ if (!this.maskGenAlgorithm.isEqual(RSAESOAEPParams.defaultValues(MASK_GEN_ALGORITHM))) {
+ res.maskGenAlgorithm = this.maskGenAlgorithm.toJSON();
+ }
+ if (!this.pSourceAlgorithm.isEqual(RSAESOAEPParams.defaultValues(P_SOURCE_ALGORITHM))) {
+ res.pSourceAlgorithm = this.pSourceAlgorithm.toJSON();
+ }
+ return res;
+ }
+}
+RSAESOAEPParams.CLASS_NAME = "RSAESOAEPParams";
+
+const KEY_INFO = "keyInfo";
+const ENTITY_U_INFO = "entityUInfo";
+const SUPP_PUB_INFO = "suppPubInfo";
+const CLEAR_PROPS$l = [
+ KEY_INFO,
+ ENTITY_U_INFO,
+ SUPP_PUB_INFO
+];
+class ECCCMSSharedInfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.keyInfo = getParametersValue(parameters, KEY_INFO, ECCCMSSharedInfo.defaultValues(KEY_INFO));
+ if (ENTITY_U_INFO in parameters) {
+ this.entityUInfo = getParametersValue(parameters, ENTITY_U_INFO, ECCCMSSharedInfo.defaultValues(ENTITY_U_INFO));
+ }
+ this.suppPubInfo = getParametersValue(parameters, SUPP_PUB_INFO, ECCCMSSharedInfo.defaultValues(SUPP_PUB_INFO));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case KEY_INFO:
+ return new AlgorithmIdentifier();
+ case ENTITY_U_INFO:
+ return new OctetString();
+ case SUPP_PUB_INFO:
+ return new OctetString();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case KEY_INFO:
+ case ENTITY_U_INFO:
+ case SUPP_PUB_INFO:
+ return (memberValue.isEqual(ECCCMSSharedInfo.defaultValues(memberName)));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ AlgorithmIdentifier.schema(names.keyInfo || {}),
+ new Constructed({
+ name: (names.entityUInfo || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ optional: true,
+ value: [new OctetString()]
+ }),
+ new Constructed({
+ name: (names.suppPubInfo || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ value: [new OctetString()]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$l);
+ const asn1 = compareSchema(schema, schema, ECCCMSSharedInfo.schema({
+ names: {
+ keyInfo: {
+ names: {
+ blockName: KEY_INFO
+ }
+ },
+ entityUInfo: ENTITY_U_INFO,
+ suppPubInfo: SUPP_PUB_INFO
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.keyInfo = new AlgorithmIdentifier({ schema: asn1.result.keyInfo });
+ if (ENTITY_U_INFO in asn1.result)
+ this.entityUInfo = asn1.result.entityUInfo.valueBlock.value[0];
+ this.suppPubInfo = asn1.result.suppPubInfo.valueBlock.value[0];
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(this.keyInfo.toSchema());
+ if (this.entityUInfo) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [this.entityUInfo]
+ }));
+ }
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ value: [this.suppPubInfo]
+ }));
+ return new Sequence({
+ value: outputArray
+ });
+ }
+ toJSON() {
+ const res = {
+ keyInfo: this.keyInfo.toJSON(),
+ suppPubInfo: this.suppPubInfo.toJSON(),
+ };
+ if (this.entityUInfo) {
+ res.entityUInfo = this.entityUInfo.toJSON();
+ }
+ return res;
+ }
+}
+ECCCMSSharedInfo.CLASS_NAME = "ECCCMSSharedInfo";
+
+const VERSION$8 = "version";
+const ORIGINATOR_INFO = "originatorInfo";
+const RECIPIENT_INFOS = "recipientInfos";
+const ENCRYPTED_CONTENT_INFO = "encryptedContentInfo";
+const UNPROTECTED_ATTRS = "unprotectedAttrs";
+const CLEAR_PROPS$k = [
+ VERSION$8,
+ ORIGINATOR_INFO,
+ RECIPIENT_INFOS,
+ ENCRYPTED_CONTENT_INFO,
+ UNPROTECTED_ATTRS
+];
+const defaultEncryptionParams = {
+ kdfAlgorithm: "SHA-512",
+ kekEncryptionLength: 256
+};
+const curveLengthByName = {
+ "P-256": 256,
+ "P-384": 384,
+ "P-521": 528
+};
+class EnvelopedData extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.version = getParametersValue(parameters, VERSION$8, EnvelopedData.defaultValues(VERSION$8));
+ if (ORIGINATOR_INFO in parameters) {
+ this.originatorInfo = getParametersValue(parameters, ORIGINATOR_INFO, EnvelopedData.defaultValues(ORIGINATOR_INFO));
+ }
+ this.recipientInfos = getParametersValue(parameters, RECIPIENT_INFOS, EnvelopedData.defaultValues(RECIPIENT_INFOS));
+ this.encryptedContentInfo = getParametersValue(parameters, ENCRYPTED_CONTENT_INFO, EnvelopedData.defaultValues(ENCRYPTED_CONTENT_INFO));
+ if (UNPROTECTED_ATTRS in parameters) {
+ this.unprotectedAttrs = getParametersValue(parameters, UNPROTECTED_ATTRS, EnvelopedData.defaultValues(UNPROTECTED_ATTRS));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VERSION$8:
+ return 0;
+ case ORIGINATOR_INFO:
+ return new OriginatorInfo();
+ case RECIPIENT_INFOS:
+ return [];
+ case ENCRYPTED_CONTENT_INFO:
+ return new EncryptedContentInfo();
+ case UNPROTECTED_ATTRS:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case VERSION$8:
+ return (memberValue === EnvelopedData.defaultValues(memberName));
+ case ORIGINATOR_INFO:
+ return ((memberValue.certs.certificates.length === 0) && (memberValue.crls.crls.length === 0));
+ case RECIPIENT_INFOS:
+ case UNPROTECTED_ATTRS:
+ return (memberValue.length === 0);
+ case ENCRYPTED_CONTENT_INFO:
+ return ((EncryptedContentInfo.compareWithDefault("contentType", memberValue.contentType)) &&
+ (EncryptedContentInfo.compareWithDefault("contentEncryptionAlgorithm", memberValue.contentEncryptionAlgorithm) &&
+ (EncryptedContentInfo.compareWithDefault("encryptedContent", memberValue.encryptedContent))));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Integer({ name: (names.version || EMPTY_STRING) }),
+ new Constructed({
+ name: (names.originatorInfo || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: OriginatorInfo.schema().valueBlock.value
+ }),
+ new Set({
+ value: [
+ new Repeated({
+ name: (names.recipientInfos || EMPTY_STRING),
+ value: RecipientInfo.schema()
+ })
+ ]
+ }),
+ EncryptedContentInfo.schema(names.encryptedContentInfo || {}),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [
+ new Repeated({
+ name: (names.unprotectedAttrs || EMPTY_STRING),
+ value: Attribute.schema()
+ })
+ ]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$k);
+ const asn1 = compareSchema(schema, schema, EnvelopedData.schema({
+ names: {
+ version: VERSION$8,
+ originatorInfo: ORIGINATOR_INFO,
+ recipientInfos: RECIPIENT_INFOS,
+ encryptedContentInfo: {
+ names: {
+ blockName: ENCRYPTED_CONTENT_INFO
+ }
+ },
+ unprotectedAttrs: UNPROTECTED_ATTRS
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.version = asn1.result.version.valueBlock.valueDec;
+ if (ORIGINATOR_INFO in asn1.result) {
+ this.originatorInfo = new OriginatorInfo({
+ schema: new Sequence({
+ value: asn1.result.originatorInfo.valueBlock.value
+ })
+ });
+ }
+ this.recipientInfos = Array.from(asn1.result.recipientInfos, o => new RecipientInfo({ schema: o }));
+ this.encryptedContentInfo = new EncryptedContentInfo({ schema: asn1.result.encryptedContentInfo });
+ if (UNPROTECTED_ATTRS in asn1.result)
+ this.unprotectedAttrs = Array.from(asn1.result.unprotectedAttrs, o => new Attribute({ schema: o }));
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(new Integer({ value: this.version }));
+ if (this.originatorInfo) {
+ outputArray.push(new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: this.originatorInfo.toSchema().valueBlock.value
+ }));
+ }
+ outputArray.push(new Set({
+ value: Array.from(this.recipientInfos, o => o.toSchema())
+ }));
+ outputArray.push(this.encryptedContentInfo.toSchema());
+ if (this.unprotectedAttrs) {
+ outputArray.push(new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: Array.from(this.unprotectedAttrs, o => o.toSchema())
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ version: this.version,
+ recipientInfos: Array.from(this.recipientInfos, o => o.toJSON()),
+ encryptedContentInfo: this.encryptedContentInfo.toJSON(),
+ };
+ if (this.originatorInfo)
+ res.originatorInfo = this.originatorInfo.toJSON();
+ if (this.unprotectedAttrs)
+ res.unprotectedAttrs = Array.from(this.unprotectedAttrs, o => o.toJSON());
+ return res;
+ }
+ addRecipientByCertificate(certificate, parameters, variant, crypto = getCrypto(true)) {
+ const encryptionParameters = Object.assign({ useOAEP: true, oaepHashAlgorithm: "SHA-512" }, defaultEncryptionParams, parameters || {});
+ if (certificate.subjectPublicKeyInfo.algorithm.algorithmId.indexOf("1.2.840.113549") !== (-1))
+ variant = 1;
+ else {
+ if (certificate.subjectPublicKeyInfo.algorithm.algorithmId.indexOf("1.2.840.10045") !== (-1))
+ variant = 2;
+ else
+ throw new Error(`Unknown type of certificate's public key: ${certificate.subjectPublicKeyInfo.algorithm.algorithmId}`);
+ }
+ switch (variant) {
+ case 1:
+ {
+ let algorithmId;
+ let algorithmParams;
+ if (encryptionParameters.useOAEP === true) {
+ algorithmId = crypto.getOIDByAlgorithm({
+ name: "RSA-OAEP"
+ }, true, "keyEncryptionAlgorithm");
+ const hashOID = crypto.getOIDByAlgorithm({
+ name: encryptionParameters.oaepHashAlgorithm
+ }, true, "RSAES-OAEP-params");
+ const hashAlgorithm = new AlgorithmIdentifier({
+ algorithmId: hashOID,
+ algorithmParams: new Null()
+ });
+ const rsaOAEPParams = new RSAESOAEPParams({
+ hashAlgorithm,
+ maskGenAlgorithm: new AlgorithmIdentifier({
+ algorithmId: "1.2.840.113549.1.1.8",
+ algorithmParams: hashAlgorithm.toSchema()
+ })
+ });
+ algorithmParams = rsaOAEPParams.toSchema();
+ }
+ else {
+ algorithmId = crypto.getOIDByAlgorithm({
+ name: "RSAES-PKCS1-v1_5"
+ });
+ if (algorithmId === EMPTY_STRING)
+ throw new Error("Can not find OID for RSAES-PKCS1-v1_5");
+ algorithmParams = new Null();
+ }
+ const keyInfo = new KeyTransRecipientInfo({
+ version: 0,
+ rid: new IssuerAndSerialNumber({
+ issuer: certificate.issuer,
+ serialNumber: certificate.serialNumber
+ }),
+ keyEncryptionAlgorithm: new AlgorithmIdentifier({
+ algorithmId,
+ algorithmParams
+ }),
+ recipientCertificate: certificate,
+ });
+ this.recipientInfos.push(new RecipientInfo({
+ variant: 1,
+ value: keyInfo
+ }));
+ }
+ break;
+ case 2:
+ {
+ const recipientIdentifier = new KeyAgreeRecipientIdentifier({
+ variant: 1,
+ value: new IssuerAndSerialNumber({
+ issuer: certificate.issuer,
+ serialNumber: certificate.serialNumber
+ })
+ });
+ this._addKeyAgreeRecipientInfo(recipientIdentifier, encryptionParameters, { recipientCertificate: certificate }, crypto);
+ }
+ break;
+ default:
+ throw new Error(`Unknown "variant" value: ${variant}`);
+ }
+ return true;
+ }
+ addRecipientByPreDefinedData(preDefinedData, parameters = {}, variant, crypto = getCrypto(true)) {
+ ArgumentError.assert(preDefinedData, "preDefinedData", "ArrayBuffer");
+ if (!preDefinedData.byteLength) {
+ throw new Error("Pre-defined data could have zero length");
+ }
+ if (!parameters.keyIdentifier) {
+ const keyIdentifierBuffer = new ArrayBuffer(16);
+ const keyIdentifierView = new Uint8Array(keyIdentifierBuffer);
+ crypto.getRandomValues(keyIdentifierView);
+ parameters.keyIdentifier = keyIdentifierBuffer;
+ }
+ if (!parameters.hmacHashAlgorithm)
+ parameters.hmacHashAlgorithm = "SHA-512";
+ if (parameters.iterationCount === undefined) {
+ parameters.iterationCount = 2048;
+ }
+ if (!parameters.keyEncryptionAlgorithm) {
+ parameters.keyEncryptionAlgorithm = {
+ name: "AES-KW",
+ length: 256
+ };
+ }
+ if (!parameters.keyEncryptionAlgorithmParams)
+ parameters.keyEncryptionAlgorithmParams = new Null();
+ switch (variant) {
+ case 1:
+ {
+ const kekOID = crypto.getOIDByAlgorithm(parameters.keyEncryptionAlgorithm, true, "keyEncryptionAlgorithm");
+ const keyInfo = new KEKRecipientInfo({
+ version: 4,
+ kekid: new KEKIdentifier({
+ keyIdentifier: new OctetString({ valueHex: parameters.keyIdentifier })
+ }),
+ keyEncryptionAlgorithm: new AlgorithmIdentifier({
+ algorithmId: kekOID,
+ algorithmParams: parameters.keyEncryptionAlgorithmParams
+ }),
+ preDefinedKEK: preDefinedData
+ });
+ this.recipientInfos.push(new RecipientInfo({
+ variant: 3,
+ value: keyInfo
+ }));
+ }
+ break;
+ case 2:
+ {
+ const pbkdf2OID = crypto.getOIDByAlgorithm({ name: "PBKDF2" }, true, "keyDerivationAlgorithm");
+ const saltBuffer = new ArrayBuffer(64);
+ const saltView = new Uint8Array(saltBuffer);
+ crypto.getRandomValues(saltView);
+ const hmacOID = crypto.getOIDByAlgorithm({
+ name: "HMAC",
+ hash: {
+ name: parameters.hmacHashAlgorithm
+ }
+ }, true, "hmacHashAlgorithm");
+ const pbkdf2Params = new PBKDF2Params({
+ salt: new OctetString({ valueHex: saltBuffer }),
+ iterationCount: parameters.iterationCount,
+ prf: new AlgorithmIdentifier({
+ algorithmId: hmacOID,
+ algorithmParams: new Null()
+ })
+ });
+ const kekOID = crypto.getOIDByAlgorithm(parameters.keyEncryptionAlgorithm, true, "keyEncryptionAlgorithm");
+ const keyInfo = new PasswordRecipientinfo({
+ version: 0,
+ keyDerivationAlgorithm: new AlgorithmIdentifier({
+ algorithmId: pbkdf2OID,
+ algorithmParams: pbkdf2Params.toSchema()
+ }),
+ keyEncryptionAlgorithm: new AlgorithmIdentifier({
+ algorithmId: kekOID,
+ algorithmParams: parameters.keyEncryptionAlgorithmParams
+ }),
+ password: preDefinedData
+ });
+ this.recipientInfos.push(new RecipientInfo({
+ variant: 4,
+ value: keyInfo
+ }));
+ }
+ break;
+ default:
+ throw new Error(`Unknown value for "variant": ${variant}`);
+ }
+ }
+ addRecipientByKeyIdentifier(key, keyId, parameters, crypto = getCrypto(true)) {
+ const encryptionParameters = Object.assign({}, defaultEncryptionParams, parameters || {});
+ const recipientIdentifier = new KeyAgreeRecipientIdentifier({
+ variant: 2,
+ value: new RecipientKeyIdentifier({
+ subjectKeyIdentifier: new OctetString({ valueHex: keyId }),
+ })
+ });
+ this._addKeyAgreeRecipientInfo(recipientIdentifier, encryptionParameters, { recipientPublicKey: key }, crypto);
+ }
+ _addKeyAgreeRecipientInfo(recipientIdentifier, encryptionParameters, extraRecipientInfoParams, crypto = getCrypto(true)) {
+ const encryptedKey = new RecipientEncryptedKey({
+ rid: recipientIdentifier
+ });
+ const aesKWoid = crypto.getOIDByAlgorithm({
+ name: "AES-KW",
+ length: encryptionParameters.kekEncryptionLength
+ }, true, "keyEncryptionAlgorithm");
+ const aesKW = new AlgorithmIdentifier({
+ algorithmId: aesKWoid,
+ });
+ const ecdhOID = crypto.getOIDByAlgorithm({
+ name: "ECDH",
+ kdf: encryptionParameters.kdfAlgorithm
+ }, true, "KeyAgreeRecipientInfo");
+ const ukmBuffer = new ArrayBuffer(64);
+ const ukmView = new Uint8Array(ukmBuffer);
+ crypto.getRandomValues(ukmView);
+ const recipientInfoParams = {
+ version: 3,
+ ukm: new OctetString({ valueHex: ukmBuffer }),
+ keyEncryptionAlgorithm: new AlgorithmIdentifier({
+ algorithmId: ecdhOID,
+ algorithmParams: aesKW.toSchema()
+ }),
+ recipientEncryptedKeys: new RecipientEncryptedKeys({
+ encryptedKeys: [encryptedKey]
+ })
+ };
+ const keyInfo = new KeyAgreeRecipientInfo(Object.assign(recipientInfoParams, extraRecipientInfoParams));
+ this.recipientInfos.push(new RecipientInfo({
+ variant: 2,
+ value: keyInfo
+ }));
+ }
+ encrypt(contentEncryptionAlgorithm, contentToEncrypt, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ const ivBuffer = new ArrayBuffer(16);
+ const ivView = new Uint8Array(ivBuffer);
+ crypto.getRandomValues(ivView);
+ const contentView = new Uint8Array(contentToEncrypt);
+ const contentEncryptionOID = crypto.getOIDByAlgorithm(contentEncryptionAlgorithm, true, "contentEncryptionAlgorithm");
+ const sessionKey = yield crypto.generateKey(contentEncryptionAlgorithm, true, ["encrypt"]);
+ const encryptedContent = yield crypto.encrypt({
+ name: contentEncryptionAlgorithm.name,
+ iv: ivView
+ }, sessionKey, contentView);
+ const exportedSessionKey = yield crypto.exportKey("raw", sessionKey);
+ this.version = 2;
+ this.encryptedContentInfo = new EncryptedContentInfo({
+ contentType: "1.2.840.113549.1.7.1",
+ contentEncryptionAlgorithm: new AlgorithmIdentifier({
+ algorithmId: contentEncryptionOID,
+ algorithmParams: new OctetString({ valueHex: ivBuffer })
+ }),
+ encryptedContent: new OctetString({ valueHex: encryptedContent })
+ });
+ const SubKeyAgreeRecipientInfo = (index) => __awaiter(this, void 0, void 0, function* () {
+ const recipientInfo = this.recipientInfos[index].value;
+ let recipientCurve;
+ let recipientPublicKey;
+ if (recipientInfo.recipientPublicKey) {
+ recipientCurve = recipientInfo.recipientPublicKey.algorithm.namedCurve;
+ recipientPublicKey = recipientInfo.recipientPublicKey;
+ }
+ else if (recipientInfo.recipientCertificate) {
+ const curveObject = recipientInfo.recipientCertificate.subjectPublicKeyInfo.algorithm.algorithmParams;
+ if (curveObject.constructor.blockName() !== ObjectIdentifier.blockName())
+ throw new Error(`Incorrect "recipientCertificate" for index ${index}`);
+ const curveOID = curveObject.valueBlock.toString();
+ switch (curveOID) {
+ case "1.2.840.10045.3.1.7":
+ recipientCurve = "P-256";
+ break;
+ case "1.3.132.0.34":
+ recipientCurve = "P-384";
+ break;
+ case "1.3.132.0.35":
+ recipientCurve = "P-521";
+ break;
+ default:
+ throw new Error(`Incorrect curve OID for index ${index}`);
+ }
+ recipientPublicKey = yield recipientInfo.recipientCertificate.getPublicKey({
+ algorithm: {
+ algorithm: {
+ name: "ECDH",
+ namedCurve: recipientCurve
+ },
+ usages: []
+ }
+ }, crypto);
+ }
+ else {
+ throw new Error("Unsupported RecipientInfo");
+ }
+ const recipientCurveLength = curveLengthByName[recipientCurve];
+ const ecdhKeys = yield crypto.generateKey({ name: "ECDH", namedCurve: recipientCurve }, true, ["deriveBits"]);
+ const exportedECDHPublicKey = yield crypto.exportKey("spki", ecdhKeys.publicKey);
+ const derivedBits = yield crypto.deriveBits({
+ name: "ECDH",
+ public: recipientPublicKey
+ }, ecdhKeys.privateKey, recipientCurveLength);
+ const aesKWAlgorithm = new AlgorithmIdentifier({ schema: recipientInfo.keyEncryptionAlgorithm.algorithmParams });
+ const kwAlgorithm = crypto.getAlgorithmByOID(aesKWAlgorithm.algorithmId, true, "aesKWAlgorithm");
+ let kwLength = kwAlgorithm.length;
+ const kwLengthBuffer = new ArrayBuffer(4);
+ const kwLengthView = new Uint8Array(kwLengthBuffer);
+ for (let j = 3; j >= 0; j--) {
+ kwLengthView[j] = kwLength;
+ kwLength >>= 8;
+ }
+ const eccInfo = new ECCCMSSharedInfo({
+ keyInfo: new AlgorithmIdentifier({
+ algorithmId: aesKWAlgorithm.algorithmId
+ }),
+ entityUInfo: recipientInfo.ukm,
+ suppPubInfo: new OctetString({ valueHex: kwLengthBuffer })
+ });
+ const encodedInfo = eccInfo.toSchema().toBER(false);
+ const ecdhAlgorithm = crypto.getAlgorithmByOID(recipientInfo.keyEncryptionAlgorithm.algorithmId, true, "ecdhAlgorithm");
+ const derivedKeyRaw = yield kdf(ecdhAlgorithm.kdf, derivedBits, kwAlgorithm.length, encodedInfo, crypto);
+ const awsKW = yield crypto.importKey("raw", derivedKeyRaw, { name: "AES-KW" }, true, ["wrapKey"]);
+ const wrappedKey = yield crypto.wrapKey("raw", sessionKey, awsKW, { name: "AES-KW" });
+ const originator = new OriginatorIdentifierOrKey();
+ originator.variant = 3;
+ originator.value = OriginatorPublicKey.fromBER(exportedECDHPublicKey);
+ recipientInfo.originator = originator;
+ recipientInfo.recipientEncryptedKeys.encryptedKeys[0].encryptedKey = new OctetString({ valueHex: wrappedKey });
+ return { ecdhPrivateKey: ecdhKeys.privateKey };
+ });
+ const SubKeyTransRecipientInfo = (index) => __awaiter(this, void 0, void 0, function* () {
+ const recipientInfo = this.recipientInfos[index].value;
+ const algorithmParameters = crypto.getAlgorithmByOID(recipientInfo.keyEncryptionAlgorithm.algorithmId, true, "keyEncryptionAlgorithm");
+ if (algorithmParameters.name === "RSA-OAEP") {
+ const schema = recipientInfo.keyEncryptionAlgorithm.algorithmParams;
+ const rsaOAEPParams = new RSAESOAEPParams({ schema });
+ algorithmParameters.hash = crypto.getAlgorithmByOID(rsaOAEPParams.hashAlgorithm.algorithmId);
+ if (("name" in algorithmParameters.hash) === false)
+ throw new Error(`Incorrect OID for hash algorithm: ${rsaOAEPParams.hashAlgorithm.algorithmId}`);
+ }
+ try {
+ const publicKey = yield recipientInfo.recipientCertificate.getPublicKey({
+ algorithm: {
+ algorithm: algorithmParameters,
+ usages: ["encrypt", "wrapKey"]
+ }
+ }, crypto);
+ const encryptedKey = yield crypto.encrypt(publicKey.algorithm, publicKey, exportedSessionKey);
+ recipientInfo.encryptedKey = new OctetString({ valueHex: encryptedKey });
+ }
+ catch (_a) {
+ }
+ });
+ const SubKEKRecipientInfo = (index) => __awaiter(this, void 0, void 0, function* () {
+ const recipientInfo = this.recipientInfos[index].value;
+ const kekAlgorithm = crypto.getAlgorithmByOID(recipientInfo.keyEncryptionAlgorithm.algorithmId, true, "kekAlgorithm");
+ const kekKey = yield crypto.importKey("raw", new Uint8Array(recipientInfo.preDefinedKEK), kekAlgorithm, true, ["wrapKey"]);
+ const wrappedKey = yield crypto.wrapKey("raw", sessionKey, kekKey, kekAlgorithm);
+ recipientInfo.encryptedKey = new OctetString({ valueHex: wrappedKey });
+ });
+ const SubPasswordRecipientinfo = (index) => __awaiter(this, void 0, void 0, function* () {
+ const recipientInfo = this.recipientInfos[index].value;
+ let pbkdf2Params;
+ if (!recipientInfo.keyDerivationAlgorithm)
+ throw new Error("Please append encoded \"keyDerivationAlgorithm\"");
+ if (!recipientInfo.keyDerivationAlgorithm.algorithmParams)
+ throw new Error("Incorrectly encoded \"keyDerivationAlgorithm\"");
+ try {
+ pbkdf2Params = new PBKDF2Params({ schema: recipientInfo.keyDerivationAlgorithm.algorithmParams });
+ }
+ catch (ex) {
+ throw new Error("Incorrectly encoded \"keyDerivationAlgorithm\"");
+ }
+ const passwordView = new Uint8Array(recipientInfo.password);
+ const derivationKey = yield crypto.importKey("raw", passwordView, "PBKDF2", false, ["deriveKey"]);
+ const kekAlgorithm = crypto.getAlgorithmByOID(recipientInfo.keyEncryptionAlgorithm.algorithmId, true, "kekAlgorithm");
+ let hmacHashAlgorithm = "SHA-1";
+ if (pbkdf2Params.prf) {
+ const prfAlgorithm = crypto.getAlgorithmByOID(pbkdf2Params.prf.algorithmId, true, "prfAlgorithm");
+ hmacHashAlgorithm = prfAlgorithm.hash.name;
+ }
+ const saltView = new Uint8Array(pbkdf2Params.salt.valueBlock.valueHex);
+ const iterations = pbkdf2Params.iterationCount;
+ const derivedKey = yield crypto.deriveKey({
+ name: "PBKDF2",
+ hash: {
+ name: hmacHashAlgorithm
+ },
+ salt: saltView,
+ iterations
+ }, derivationKey, kekAlgorithm, true, ["wrapKey"]);
+ const wrappedKey = yield crypto.wrapKey("raw", sessionKey, derivedKey, kekAlgorithm);
+ recipientInfo.encryptedKey = new OctetString({ valueHex: wrappedKey });
+ });
+ const res = [];
+ for (let i = 0; i < this.recipientInfos.length; i++) {
+ switch (this.recipientInfos[i].variant) {
+ case 1:
+ res.push(yield SubKeyTransRecipientInfo(i));
+ break;
+ case 2:
+ res.push(yield SubKeyAgreeRecipientInfo(i));
+ break;
+ case 3:
+ res.push(yield SubKEKRecipientInfo(i));
+ break;
+ case 4:
+ res.push(yield SubPasswordRecipientinfo(i));
+ break;
+ default:
+ throw new Error(`Unknown recipient type in array with index ${i}`);
+ }
+ }
+ return res;
+ });
+ }
+ decrypt(recipientIndex, parameters, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ const decryptionParameters = parameters || {};
+ if ((recipientIndex + 1) > this.recipientInfos.length) {
+ throw new Error(`Maximum value for "index" is: ${this.recipientInfos.length - 1}`);
+ }
+ const SubKeyAgreeRecipientInfo = (index) => __awaiter(this, void 0, void 0, function* () {
+ const recipientInfo = this.recipientInfos[index].value;
+ let curveOID;
+ let recipientCurve;
+ let recipientCurveLength;
+ const originator = recipientInfo.originator;
+ if (decryptionParameters.recipientCertificate) {
+ const curveObject = decryptionParameters.recipientCertificate.subjectPublicKeyInfo.algorithm.algorithmParams;
+ if (curveObject.constructor.blockName() !== ObjectIdentifier.blockName()) {
+ throw new Error(`Incorrect "recipientCertificate" for index ${index}`);
+ }
+ curveOID = curveObject.valueBlock.toString();
+ }
+ else if (originator.value.algorithm.algorithmParams) {
+ const curveObject = originator.value.algorithm.algorithmParams;
+ if (curveObject.constructor.blockName() !== ObjectIdentifier.blockName()) {
+ throw new Error(`Incorrect originator for index ${index}`);
+ }
+ curveOID = curveObject.valueBlock.toString();
+ }
+ else {
+ throw new Error("Parameter \"recipientCertificate\" is mandatory for \"KeyAgreeRecipientInfo\" if algorithm params are missing from originator");
+ }
+ if (!decryptionParameters.recipientPrivateKey)
+ throw new Error("Parameter \"recipientPrivateKey\" is mandatory for \"KeyAgreeRecipientInfo\"");
+ switch (curveOID) {
+ case "1.2.840.10045.3.1.7":
+ recipientCurve = "P-256";
+ recipientCurveLength = 256;
+ break;
+ case "1.3.132.0.34":
+ recipientCurve = "P-384";
+ recipientCurveLength = 384;
+ break;
+ case "1.3.132.0.35":
+ recipientCurve = "P-521";
+ recipientCurveLength = 528;
+ break;
+ default:
+ throw new Error(`Incorrect curve OID for index ${index}`);
+ }
+ const ecdhPrivateKey = yield crypto.importKey("pkcs8", decryptionParameters.recipientPrivateKey, {
+ name: "ECDH",
+ namedCurve: recipientCurve
+ }, true, ["deriveBits"]);
+ if (("algorithmParams" in originator.value.algorithm) === false)
+ originator.value.algorithm.algorithmParams = new ObjectIdentifier({ value: curveOID });
+ const buffer = originator.value.toSchema().toBER(false);
+ const ecdhPublicKey = yield crypto.importKey("spki", buffer, {
+ name: "ECDH",
+ namedCurve: recipientCurve
+ }, true, []);
+ const sharedSecret = yield crypto.deriveBits({
+ name: "ECDH",
+ public: ecdhPublicKey
+ }, ecdhPrivateKey, recipientCurveLength);
+ function applyKDF(includeAlgorithmParams) {
+ return __awaiter(this, void 0, void 0, function* () {
+ includeAlgorithmParams = includeAlgorithmParams || false;
+ const aesKWAlgorithm = new AlgorithmIdentifier({ schema: recipientInfo.keyEncryptionAlgorithm.algorithmParams });
+ const kwAlgorithm = crypto.getAlgorithmByOID(aesKWAlgorithm.algorithmId, true, "kwAlgorithm");
+ let kwLength = kwAlgorithm.length;
+ const kwLengthBuffer = new ArrayBuffer(4);
+ const kwLengthView = new Uint8Array(kwLengthBuffer);
+ for (let j = 3; j >= 0; j--) {
+ kwLengthView[j] = kwLength;
+ kwLength >>= 8;
+ }
+ const keyInfoAlgorithm = {
+ algorithmId: aesKWAlgorithm.algorithmId
+ };
+ if (includeAlgorithmParams) {
+ keyInfoAlgorithm.algorithmParams = new Null();
+ }
+ const eccInfo = new ECCCMSSharedInfo({
+ keyInfo: new AlgorithmIdentifier(keyInfoAlgorithm),
+ entityUInfo: recipientInfo.ukm,
+ suppPubInfo: new OctetString({ valueHex: kwLengthBuffer })
+ });
+ const encodedInfo = eccInfo.toSchema().toBER(false);
+ const ecdhAlgorithm = crypto.getAlgorithmByOID(recipientInfo.keyEncryptionAlgorithm.algorithmId, true, "ecdhAlgorithm");
+ if (!ecdhAlgorithm.name) {
+ throw new Error(`Incorrect OID for key encryption algorithm: ${recipientInfo.keyEncryptionAlgorithm.algorithmId}`);
+ }
+ return kdf(ecdhAlgorithm.kdf, sharedSecret, kwAlgorithm.length, encodedInfo, crypto);
+ });
+ }
+ const kdfResult = yield applyKDF();
+ const importAesKwKey = (kdfResult) => __awaiter(this, void 0, void 0, function* () {
+ return crypto.importKey("raw", kdfResult, { name: "AES-KW" }, true, ["unwrapKey"]);
+ });
+ const aesKwKey = yield importAesKwKey(kdfResult);
+ const unwrapSessionKey = (aesKwKey) => __awaiter(this, void 0, void 0, function* () {
+ const algorithmId = this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId;
+ const contentEncryptionAlgorithm = crypto.getAlgorithmByOID(algorithmId, true, "contentEncryptionAlgorithm");
+ return crypto.unwrapKey("raw", recipientInfo.recipientEncryptedKeys.encryptedKeys[0].encryptedKey.valueBlock.valueHexView, aesKwKey, { name: "AES-KW" }, contentEncryptionAlgorithm, true, ["decrypt"]);
+ });
+ try {
+ return yield unwrapSessionKey(aesKwKey);
+ }
+ catch (_a) {
+ const kdfResult = yield applyKDF(true);
+ const aesKwKey = yield importAesKwKey(kdfResult);
+ return unwrapSessionKey(aesKwKey);
+ }
+ });
+ const SubKeyTransRecipientInfo = (index) => __awaiter(this, void 0, void 0, function* () {
+ const recipientInfo = this.recipientInfos[index].value;
+ if (!decryptionParameters.recipientPrivateKey) {
+ throw new Error("Parameter \"recipientPrivateKey\" is mandatory for \"KeyTransRecipientInfo\"");
+ }
+ const algorithmParameters = crypto.getAlgorithmByOID(recipientInfo.keyEncryptionAlgorithm.algorithmId, true, "keyEncryptionAlgorithm");
+ if (algorithmParameters.name === "RSA-OAEP") {
+ const schema = recipientInfo.keyEncryptionAlgorithm.algorithmParams;
+ const rsaOAEPParams = new RSAESOAEPParams({ schema });
+ algorithmParameters.hash = crypto.getAlgorithmByOID(rsaOAEPParams.hashAlgorithm.algorithmId);
+ if (("name" in algorithmParameters.hash) === false)
+ throw new Error(`Incorrect OID for hash algorithm: ${rsaOAEPParams.hashAlgorithm.algorithmId}`);
+ }
+ const privateKey = yield crypto.importKey("pkcs8", decryptionParameters.recipientPrivateKey, algorithmParameters, true, ["decrypt"]);
+ const sessionKey = yield crypto.decrypt(privateKey.algorithm, privateKey, recipientInfo.encryptedKey.valueBlock.valueHexView);
+ const algorithmId = this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId;
+ const contentEncryptionAlgorithm = crypto.getAlgorithmByOID(algorithmId, true, "contentEncryptionAlgorithm");
+ if (("name" in contentEncryptionAlgorithm) === false)
+ throw new Error(`Incorrect "contentEncryptionAlgorithm": ${algorithmId}`);
+ return crypto.importKey("raw", sessionKey, contentEncryptionAlgorithm, true, ["decrypt"]);
+ });
+ const SubKEKRecipientInfo = (index) => __awaiter(this, void 0, void 0, function* () {
+ const recipientInfo = this.recipientInfos[index].value;
+ if (!decryptionParameters.preDefinedData)
+ throw new Error("Parameter \"preDefinedData\" is mandatory for \"KEKRecipientInfo\"");
+ const kekAlgorithm = crypto.getAlgorithmByOID(recipientInfo.keyEncryptionAlgorithm.algorithmId, true, "kekAlgorithm");
+ const importedKey = yield crypto.importKey("raw", decryptionParameters.preDefinedData, kekAlgorithm, true, ["unwrapKey"]);
+ const algorithmId = this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId;
+ const contentEncryptionAlgorithm = crypto.getAlgorithmByOID(algorithmId, true, "contentEncryptionAlgorithm");
+ if (!contentEncryptionAlgorithm.name) {
+ throw new Error(`Incorrect "contentEncryptionAlgorithm": ${algorithmId}`);
+ }
+ return crypto.unwrapKey("raw", recipientInfo.encryptedKey.valueBlock.valueHexView, importedKey, kekAlgorithm, contentEncryptionAlgorithm, true, ["decrypt"]);
+ });
+ const SubPasswordRecipientinfo = (index) => __awaiter(this, void 0, void 0, function* () {
+ const recipientInfo = this.recipientInfos[index].value;
+ let pbkdf2Params;
+ if (!decryptionParameters.preDefinedData) {
+ throw new Error("Parameter \"preDefinedData\" is mandatory for \"KEKRecipientInfo\"");
+ }
+ if (!recipientInfo.keyDerivationAlgorithm) {
+ throw new Error("Please append encoded \"keyDerivationAlgorithm\"");
+ }
+ if (!recipientInfo.keyDerivationAlgorithm.algorithmParams) {
+ throw new Error("Incorrectly encoded \"keyDerivationAlgorithm\"");
+ }
+ try {
+ pbkdf2Params = new PBKDF2Params({ schema: recipientInfo.keyDerivationAlgorithm.algorithmParams });
+ }
+ catch (ex) {
+ throw new Error("Incorrectly encoded \"keyDerivationAlgorithm\"");
+ }
+ const pbkdf2Key = yield crypto.importKey("raw", decryptionParameters.preDefinedData, "PBKDF2", false, ["deriveKey"]);
+ const kekAlgorithm = crypto.getAlgorithmByOID(recipientInfo.keyEncryptionAlgorithm.algorithmId, true, "keyEncryptionAlgorithm");
+ const hmacHashAlgorithm = pbkdf2Params.prf
+ ? crypto.getAlgorithmByOID(pbkdf2Params.prf.algorithmId, true, "prfAlgorithm").hash.name
+ : "SHA-1";
+ const saltView = new Uint8Array(pbkdf2Params.salt.valueBlock.valueHex);
+ const iterations = pbkdf2Params.iterationCount;
+ const kekKey = yield crypto.deriveKey({
+ name: "PBKDF2",
+ hash: {
+ name: hmacHashAlgorithm
+ },
+ salt: saltView,
+ iterations
+ }, pbkdf2Key, kekAlgorithm, true, ["unwrapKey"]);
+ const algorithmId = this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId;
+ const contentEncryptionAlgorithm = crypto.getAlgorithmByOID(algorithmId, true, "contentEncryptionAlgorithm");
+ return crypto.unwrapKey("raw", recipientInfo.encryptedKey.valueBlock.valueHexView, kekKey, kekAlgorithm, contentEncryptionAlgorithm, true, ["decrypt"]);
+ });
+ let unwrappedKey;
+ switch (this.recipientInfos[recipientIndex].variant) {
+ case 1:
+ unwrappedKey = yield SubKeyTransRecipientInfo(recipientIndex);
+ break;
+ case 2:
+ unwrappedKey = yield SubKeyAgreeRecipientInfo(recipientIndex);
+ break;
+ case 3:
+ unwrappedKey = yield SubKEKRecipientInfo(recipientIndex);
+ break;
+ case 4:
+ unwrappedKey = yield SubPasswordRecipientinfo(recipientIndex);
+ break;
+ default:
+ throw new Error(`Unknown recipient type in array with index ${recipientIndex}`);
+ }
+ const algorithmId = this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmId;
+ const contentEncryptionAlgorithm = crypto.getAlgorithmByOID(algorithmId, true, "contentEncryptionAlgorithm");
+ const ivBuffer = this.encryptedContentInfo.contentEncryptionAlgorithm.algorithmParams.valueBlock.valueHex;
+ const ivView = new Uint8Array(ivBuffer);
+ if (!this.encryptedContentInfo.encryptedContent) {
+ throw new Error("Required property `encryptedContent` is empty");
+ }
+ const dataBuffer = this.encryptedContentInfo.getEncryptedContent();
+ return crypto.decrypt({
+ name: contentEncryptionAlgorithm.name,
+ iv: ivView
+ }, unwrappedKey, dataBuffer);
+ });
+ }
+}
+EnvelopedData.CLASS_NAME = "EnvelopedData";
+
+const SAFE_CONTENTS = "safeContents";
+const PARSED_VALUE$1 = "parsedValue";
+const CONTENT_INFOS = "contentInfos";
+class AuthenticatedSafe extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.safeContents = getParametersValue(parameters, SAFE_CONTENTS, AuthenticatedSafe.defaultValues(SAFE_CONTENTS));
+ if (PARSED_VALUE$1 in parameters) {
+ this.parsedValue = getParametersValue(parameters, PARSED_VALUE$1, AuthenticatedSafe.defaultValues(PARSED_VALUE$1));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case SAFE_CONTENTS:
+ return [];
+ case PARSED_VALUE$1:
+ return {};
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case SAFE_CONTENTS:
+ return (memberValue.length === 0);
+ case PARSED_VALUE$1:
+ return ((memberValue instanceof Object) && (Object.keys(memberValue).length === 0));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Repeated({
+ name: (names.contentInfos || EMPTY_STRING),
+ value: ContentInfo.schema()
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, [
+ CONTENT_INFOS
+ ]);
+ const asn1 = compareSchema(schema, schema, AuthenticatedSafe.schema({
+ names: {
+ contentInfos: CONTENT_INFOS
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.safeContents = Array.from(asn1.result.contentInfos, element => new ContentInfo({ schema: element }));
+ }
+ toSchema() {
+ return (new Sequence({
+ value: Array.from(this.safeContents, o => o.toSchema())
+ }));
+ }
+ toJSON() {
+ return {
+ safeContents: Array.from(this.safeContents, o => o.toJSON())
+ };
+ }
+ parseInternalValues(parameters, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ ParameterError.assert(parameters, SAFE_CONTENTS);
+ ArgumentError.assert(parameters.safeContents, SAFE_CONTENTS, "Array");
+ if (parameters.safeContents.length !== this.safeContents.length) {
+ throw new ArgumentError("Length of \"parameters.safeContents\" must be equal to \"this.safeContents.length\"");
+ }
+ this.parsedValue = {
+ safeContents: [],
+ };
+ for (const [index, content] of this.safeContents.entries()) {
+ const safeContent = parameters.safeContents[index];
+ const errorTarget = `parameters.safeContents[${index}]`;
+ switch (content.contentType) {
+ case id_ContentType_Data:
+ {
+ ArgumentError.assert(content.content, "this.safeContents[j].content", OctetString);
+ const authSafeContent = content.content.getValue();
+ this.parsedValue.safeContents.push({
+ privacyMode: 0,
+ value: SafeContents.fromBER(authSafeContent)
+ });
+ }
+ break;
+ case id_ContentType_EnvelopedData:
+ {
+ const cmsEnveloped = new EnvelopedData({ schema: content.content });
+ ParameterError.assert(errorTarget, safeContent, "recipientCertificate", "recipientKey");
+ const envelopedData = safeContent;
+ const recipientCertificate = envelopedData.recipientCertificate;
+ const recipientKey = envelopedData.recipientKey;
+ const decrypted = yield cmsEnveloped.decrypt(0, {
+ recipientCertificate,
+ recipientPrivateKey: recipientKey
+ }, crypto);
+ this.parsedValue.safeContents.push({
+ privacyMode: 2,
+ value: SafeContents.fromBER(decrypted),
+ });
+ }
+ break;
+ case id_ContentType_EncryptedData:
+ {
+ const cmsEncrypted = new EncryptedData({ schema: content.content });
+ ParameterError.assert(errorTarget, safeContent, "password");
+ const password = safeContent.password;
+ const decrypted = yield cmsEncrypted.decrypt({
+ password
+ }, crypto);
+ this.parsedValue.safeContents.push({
+ privacyMode: 1,
+ value: SafeContents.fromBER(decrypted),
+ });
+ }
+ break;
+ default:
+ throw new Error(`Unknown "contentType" for AuthenticatedSafe: " ${content.contentType}`);
+ }
+ }
+ });
+ }
+ makeInternalValues(parameters, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ if (!(this.parsedValue)) {
+ throw new Error("Please run \"parseValues\" first or add \"parsedValue\" manually");
+ }
+ ArgumentError.assert(this.parsedValue, "this.parsedValue", "object");
+ ArgumentError.assert(this.parsedValue.safeContents, "this.parsedValue.safeContents", "Array");
+ ArgumentError.assert(parameters, "parameters", "object");
+ ParameterError.assert(parameters, "safeContents");
+ ArgumentError.assert(parameters.safeContents, "parameters.safeContents", "Array");
+ if (parameters.safeContents.length !== this.parsedValue.safeContents.length) {
+ throw new ArgumentError("Length of \"parameters.safeContents\" must be equal to \"this.parsedValue.safeContents\"");
+ }
+ this.safeContents = [];
+ for (const [index, content] of this.parsedValue.safeContents.entries()) {
+ ParameterError.assert("content", content, "privacyMode", "value");
+ ArgumentError.assert(content.value, "content.value", SafeContents);
+ switch (content.privacyMode) {
+ case 0:
+ {
+ const contentBuffer = content.value.toSchema().toBER(false);
+ this.safeContents.push(new ContentInfo({
+ contentType: "1.2.840.113549.1.7.1",
+ content: new OctetString({ valueHex: contentBuffer })
+ }));
+ }
+ break;
+ case 1:
+ {
+ const cmsEncrypted = new EncryptedData();
+ const currentParameters = parameters.safeContents[index];
+ currentParameters.contentToEncrypt = content.value.toSchema().toBER(false);
+ yield cmsEncrypted.encrypt(currentParameters);
+ this.safeContents.push(new ContentInfo({
+ contentType: "1.2.840.113549.1.7.6",
+ content: cmsEncrypted.toSchema()
+ }));
+ }
+ break;
+ case 2:
+ {
+ const cmsEnveloped = new EnvelopedData();
+ const contentToEncrypt = content.value.toSchema().toBER(false);
+ const safeContent = parameters.safeContents[index];
+ ParameterError.assert(`parameters.safeContents[${index}]`, safeContent, "encryptingCertificate", "encryptionAlgorithm");
+ switch (true) {
+ case (safeContent.encryptionAlgorithm.name.toLowerCase() === "aes-cbc"):
+ case (safeContent.encryptionAlgorithm.name.toLowerCase() === "aes-gcm"):
+ break;
+ default:
+ throw new Error(`Incorrect parameter "encryptionAlgorithm" in "parameters.safeContents[i]": ${safeContent.encryptionAlgorithm}`);
+ }
+ switch (true) {
+ case (safeContent.encryptionAlgorithm.length === 128):
+ case (safeContent.encryptionAlgorithm.length === 192):
+ case (safeContent.encryptionAlgorithm.length === 256):
+ break;
+ default:
+ throw new Error(`Incorrect parameter "encryptionAlgorithm.length" in "parameters.safeContents[i]": ${safeContent.encryptionAlgorithm.length}`);
+ }
+ const encryptionAlgorithm = safeContent.encryptionAlgorithm;
+ cmsEnveloped.addRecipientByCertificate(safeContent.encryptingCertificate, {}, undefined, crypto);
+ yield cmsEnveloped.encrypt(encryptionAlgorithm, contentToEncrypt, crypto);
+ this.safeContents.push(new ContentInfo({
+ contentType: "1.2.840.113549.1.7.3",
+ content: cmsEnveloped.toSchema()
+ }));
+ }
+ break;
+ default:
+ throw new Error(`Incorrect value for "content.privacyMode": ${content.privacyMode}`);
+ }
+ }
+ return this;
+ });
+ }
+}
+AuthenticatedSafe.CLASS_NAME = "AuthenticatedSafe";
+
+const HASH_ALGORITHM$1 = "hashAlgorithm";
+const ISSUER_NAME_HASH = "issuerNameHash";
+const ISSUER_KEY_HASH = "issuerKeyHash";
+const SERIAL_NUMBER$1 = "serialNumber";
+const CLEAR_PROPS$j = [
+ HASH_ALGORITHM$1,
+ ISSUER_NAME_HASH,
+ ISSUER_KEY_HASH,
+ SERIAL_NUMBER$1,
+];
+class CertID extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.hashAlgorithm = getParametersValue(parameters, HASH_ALGORITHM$1, CertID.defaultValues(HASH_ALGORITHM$1));
+ this.issuerNameHash = getParametersValue(parameters, ISSUER_NAME_HASH, CertID.defaultValues(ISSUER_NAME_HASH));
+ this.issuerKeyHash = getParametersValue(parameters, ISSUER_KEY_HASH, CertID.defaultValues(ISSUER_KEY_HASH));
+ this.serialNumber = getParametersValue(parameters, SERIAL_NUMBER$1, CertID.defaultValues(SERIAL_NUMBER$1));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static create(certificate, parameters, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ const certID = new CertID();
+ yield certID.createForCertificate(certificate, parameters, crypto);
+ return certID;
+ });
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case HASH_ALGORITHM$1:
+ return new AlgorithmIdentifier();
+ case ISSUER_NAME_HASH:
+ case ISSUER_KEY_HASH:
+ return new OctetString();
+ case SERIAL_NUMBER$1:
+ return new Integer();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case HASH_ALGORITHM$1:
+ return ((memberValue.algorithmId === EMPTY_STRING) && (("algorithmParams" in memberValue) === false));
+ case ISSUER_NAME_HASH:
+ case ISSUER_KEY_HASH:
+ case SERIAL_NUMBER$1:
+ return (memberValue.isEqual(CertID.defaultValues(SERIAL_NUMBER$1)));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ AlgorithmIdentifier.schema(names.hashAlgorithmObject || {
+ names: {
+ blockName: (names.hashAlgorithm || EMPTY_STRING)
+ }
+ }),
+ new OctetString({ name: (names.issuerNameHash || EMPTY_STRING) }),
+ new OctetString({ name: (names.issuerKeyHash || EMPTY_STRING) }),
+ new Integer({ name: (names.serialNumber || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$j);
+ const asn1 = compareSchema(schema, schema, CertID.schema({
+ names: {
+ hashAlgorithm: HASH_ALGORITHM$1,
+ issuerNameHash: ISSUER_NAME_HASH,
+ issuerKeyHash: ISSUER_KEY_HASH,
+ serialNumber: SERIAL_NUMBER$1
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.hashAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.hashAlgorithm });
+ this.issuerNameHash = asn1.result.issuerNameHash;
+ this.issuerKeyHash = asn1.result.issuerKeyHash;
+ this.serialNumber = asn1.result.serialNumber;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ this.hashAlgorithm.toSchema(),
+ this.issuerNameHash,
+ this.issuerKeyHash,
+ this.serialNumber
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ hashAlgorithm: this.hashAlgorithm.toJSON(),
+ issuerNameHash: this.issuerNameHash.toJSON(),
+ issuerKeyHash: this.issuerKeyHash.toJSON(),
+ serialNumber: this.serialNumber.toJSON(),
+ };
+ }
+ isEqual(certificateID) {
+ if (this.hashAlgorithm.algorithmId !== certificateID.hashAlgorithm.algorithmId) {
+ return false;
+ }
+ if (!BufferSourceConverter.isEqual(this.issuerNameHash.valueBlock.valueHexView, certificateID.issuerNameHash.valueBlock.valueHexView)) {
+ return false;
+ }
+ if (!BufferSourceConverter.isEqual(this.issuerKeyHash.valueBlock.valueHexView, certificateID.issuerKeyHash.valueBlock.valueHexView)) {
+ return false;
+ }
+ if (!this.serialNumber.isEqual(certificateID.serialNumber)) {
+ return false;
+ }
+ return true;
+ }
+ createForCertificate(certificate, parameters, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ ParameterError.assert(parameters, HASH_ALGORITHM$1, "issuerCertificate");
+ const hashOID = crypto.getOIDByAlgorithm({ name: parameters.hashAlgorithm }, true, "hashAlgorithm");
+ this.hashAlgorithm = new AlgorithmIdentifier({
+ algorithmId: hashOID,
+ algorithmParams: new Null()
+ });
+ const issuerCertificate = parameters.issuerCertificate;
+ this.serialNumber = certificate.serialNumber;
+ const hashIssuerName = yield crypto.digest({ name: parameters.hashAlgorithm }, issuerCertificate.subject.toSchema().toBER(false));
+ this.issuerNameHash = new OctetString({ valueHex: hashIssuerName });
+ const issuerKeyBuffer = issuerCertificate.subjectPublicKeyInfo.subjectPublicKey.valueBlock.valueHexView;
+ const hashIssuerKey = yield crypto.digest({ name: parameters.hashAlgorithm }, issuerKeyBuffer);
+ this.issuerKeyHash = new OctetString({ valueHex: hashIssuerKey });
+ });
+ }
+}
+CertID.CLASS_NAME = "CertID";
+
+const CERT_ID = "certID";
+const CERT_STATUS = "certStatus";
+const THIS_UPDATE = "thisUpdate";
+const NEXT_UPDATE = "nextUpdate";
+const SINGLE_EXTENSIONS = "singleExtensions";
+const CLEAR_PROPS$i = [
+ CERT_ID,
+ CERT_STATUS,
+ THIS_UPDATE,
+ NEXT_UPDATE,
+ SINGLE_EXTENSIONS,
+];
+class SingleResponse extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.certID = getParametersValue(parameters, CERT_ID, SingleResponse.defaultValues(CERT_ID));
+ this.certStatus = getParametersValue(parameters, CERT_STATUS, SingleResponse.defaultValues(CERT_STATUS));
+ this.thisUpdate = getParametersValue(parameters, THIS_UPDATE, SingleResponse.defaultValues(THIS_UPDATE));
+ if (NEXT_UPDATE in parameters) {
+ this.nextUpdate = getParametersValue(parameters, NEXT_UPDATE, SingleResponse.defaultValues(NEXT_UPDATE));
+ }
+ if (SINGLE_EXTENSIONS in parameters) {
+ this.singleExtensions = getParametersValue(parameters, SINGLE_EXTENSIONS, SingleResponse.defaultValues(SINGLE_EXTENSIONS));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case CERT_ID:
+ return new CertID();
+ case CERT_STATUS:
+ return {};
+ case THIS_UPDATE:
+ case NEXT_UPDATE:
+ return new Date(0, 0, 0);
+ case SINGLE_EXTENSIONS:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case CERT_ID:
+ return ((CertID.compareWithDefault("hashAlgorithm", memberValue.hashAlgorithm)) &&
+ (CertID.compareWithDefault("issuerNameHash", memberValue.issuerNameHash)) &&
+ (CertID.compareWithDefault("issuerKeyHash", memberValue.issuerKeyHash)) &&
+ (CertID.compareWithDefault("serialNumber", memberValue.serialNumber)));
+ case CERT_STATUS:
+ return (Object.keys(memberValue).length === 0);
+ case THIS_UPDATE:
+ case NEXT_UPDATE:
+ return (memberValue === SingleResponse.defaultValues(memberName));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ CertID.schema(names.certID || {}),
+ new Choice({
+ value: [
+ new Primitive({
+ name: (names.certStatus || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ }),
+ new Constructed({
+ name: (names.certStatus || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [
+ new GeneralizedTime(),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [new Enumerated()]
+ })
+ ]
+ }),
+ new Primitive({
+ name: (names.certStatus || EMPTY_STRING),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ lenBlock: { length: 1 }
+ })
+ ]
+ }),
+ new GeneralizedTime({ name: (names.thisUpdate || EMPTY_STRING) }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [new GeneralizedTime({ name: (names.nextUpdate || EMPTY_STRING) })]
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [Extensions.schema(names.singleExtensions || {})]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$i);
+ const asn1 = compareSchema(schema, schema, SingleResponse.schema({
+ names: {
+ certID: {
+ names: {
+ blockName: CERT_ID
+ }
+ },
+ certStatus: CERT_STATUS,
+ thisUpdate: THIS_UPDATE,
+ nextUpdate: NEXT_UPDATE,
+ singleExtensions: {
+ names: {
+ blockName: SINGLE_EXTENSIONS
+ }
+ }
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.certID = new CertID({ schema: asn1.result.certID });
+ this.certStatus = asn1.result.certStatus;
+ this.thisUpdate = asn1.result.thisUpdate.toDate();
+ if (NEXT_UPDATE in asn1.result)
+ this.nextUpdate = asn1.result.nextUpdate.toDate();
+ if (SINGLE_EXTENSIONS in asn1.result)
+ this.singleExtensions = Array.from(asn1.result.singleExtensions.valueBlock.value, element => new Extension({ schema: element }));
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(this.certID.toSchema());
+ outputArray.push(this.certStatus);
+ outputArray.push(new GeneralizedTime({ valueDate: this.thisUpdate }));
+ if (this.nextUpdate) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [new GeneralizedTime({ valueDate: this.nextUpdate })]
+ }));
+ }
+ if (this.singleExtensions) {
+ outputArray.push(new Sequence({
+ value: Array.from(this.singleExtensions, o => o.toSchema())
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ certID: this.certID.toJSON(),
+ certStatus: this.certStatus.toJSON(),
+ thisUpdate: this.thisUpdate
+ };
+ if (this.nextUpdate) {
+ res.nextUpdate = this.nextUpdate;
+ }
+ if (this.singleExtensions) {
+ res.singleExtensions = Array.from(this.singleExtensions, o => o.toJSON());
+ }
+ return res;
+ }
+}
+SingleResponse.CLASS_NAME = "SingleResponse";
+
+const TBS$2 = "tbs";
+const VERSION$7 = "version";
+const RESPONDER_ID = "responderID";
+const PRODUCED_AT = "producedAt";
+const RESPONSES = "responses";
+const RESPONSE_EXTENSIONS = "responseExtensions";
+const RESPONSE_DATA = "ResponseData";
+const RESPONSE_DATA_VERSION = `${RESPONSE_DATA}.${VERSION$7}`;
+const RESPONSE_DATA_RESPONDER_ID = `${RESPONSE_DATA}.${RESPONDER_ID}`;
+const RESPONSE_DATA_PRODUCED_AT = `${RESPONSE_DATA}.${PRODUCED_AT}`;
+const RESPONSE_DATA_RESPONSES = `${RESPONSE_DATA}.${RESPONSES}`;
+const RESPONSE_DATA_RESPONSE_EXTENSIONS = `${RESPONSE_DATA}.${RESPONSE_EXTENSIONS}`;
+const CLEAR_PROPS$h = [
+ RESPONSE_DATA,
+ RESPONSE_DATA_VERSION,
+ RESPONSE_DATA_RESPONDER_ID,
+ RESPONSE_DATA_PRODUCED_AT,
+ RESPONSE_DATA_RESPONSES,
+ RESPONSE_DATA_RESPONSE_EXTENSIONS
+];
+class ResponseData extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.tbsView = new Uint8Array(getParametersValue(parameters, TBS$2, ResponseData.defaultValues(TBS$2)));
+ if (VERSION$7 in parameters) {
+ this.version = getParametersValue(parameters, VERSION$7, ResponseData.defaultValues(VERSION$7));
+ }
+ this.responderID = getParametersValue(parameters, RESPONDER_ID, ResponseData.defaultValues(RESPONDER_ID));
+ this.producedAt = getParametersValue(parameters, PRODUCED_AT, ResponseData.defaultValues(PRODUCED_AT));
+ this.responses = getParametersValue(parameters, RESPONSES, ResponseData.defaultValues(RESPONSES));
+ if (RESPONSE_EXTENSIONS in parameters) {
+ this.responseExtensions = getParametersValue(parameters, RESPONSE_EXTENSIONS, ResponseData.defaultValues(RESPONSE_EXTENSIONS));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ get tbs() {
+ return BufferSourceConverter.toArrayBuffer(this.tbsView);
+ }
+ set tbs(value) {
+ this.tbsView = new Uint8Array(value);
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VERSION$7:
+ return 0;
+ case TBS$2:
+ return EMPTY_BUFFER;
+ case RESPONDER_ID:
+ return {};
+ case PRODUCED_AT:
+ return new Date(0, 0, 0);
+ case RESPONSES:
+ case RESPONSE_EXTENSIONS:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case TBS$2:
+ return (memberValue.byteLength === 0);
+ case RESPONDER_ID:
+ return (Object.keys(memberValue).length === 0);
+ case PRODUCED_AT:
+ return (memberValue === ResponseData.defaultValues(memberName));
+ case RESPONSES:
+ case RESPONSE_EXTENSIONS:
+ return (memberValue.length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || RESPONSE_DATA),
+ value: [
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [new Integer({ name: (names.version || RESPONSE_DATA_VERSION) })]
+ }),
+ new Choice({
+ value: [
+ new Constructed({
+ name: (names.responderID || RESPONSE_DATA_RESPONDER_ID),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [RelativeDistinguishedNames.schema(names.ResponseDataByName || {
+ names: {
+ blockName: "ResponseData.byName"
+ }
+ })]
+ }),
+ new Constructed({
+ name: (names.responderID || RESPONSE_DATA_RESPONDER_ID),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ value: [new OctetString({ name: (names.ResponseDataByKey || "ResponseData.byKey") })]
+ })
+ ]
+ }),
+ new GeneralizedTime({ name: (names.producedAt || RESPONSE_DATA_PRODUCED_AT) }),
+ new Sequence({
+ value: [
+ new Repeated({
+ name: RESPONSE_DATA_RESPONSES,
+ value: SingleResponse.schema(names.response || {})
+ })
+ ]
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [Extensions.schema(names.extensions || {
+ names: {
+ blockName: RESPONSE_DATA_RESPONSE_EXTENSIONS
+ }
+ })]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$h);
+ const asn1 = compareSchema(schema, schema, ResponseData.schema());
+ AsnError.assertSchema(asn1, this.className);
+ this.tbsView = asn1.result.ResponseData.valueBeforeDecodeView;
+ if (RESPONSE_DATA_VERSION in asn1.result)
+ this.version = asn1.result[RESPONSE_DATA_VERSION].valueBlock.valueDec;
+ if (asn1.result[RESPONSE_DATA_RESPONDER_ID].idBlock.tagNumber === 1)
+ this.responderID = new RelativeDistinguishedNames({ schema: asn1.result[RESPONSE_DATA_RESPONDER_ID].valueBlock.value[0] });
+ else
+ this.responderID = asn1.result[RESPONSE_DATA_RESPONDER_ID].valueBlock.value[0];
+ this.producedAt = asn1.result[RESPONSE_DATA_PRODUCED_AT].toDate();
+ this.responses = Array.from(asn1.result[RESPONSE_DATA_RESPONSES], element => new SingleResponse({ schema: element }));
+ if (RESPONSE_DATA_RESPONSE_EXTENSIONS in asn1.result)
+ this.responseExtensions = Array.from(asn1.result[RESPONSE_DATA_RESPONSE_EXTENSIONS].valueBlock.value, element => new Extension({ schema: element }));
+ }
+ toSchema(encodeFlag = false) {
+ let tbsSchema;
+ if (encodeFlag === false) {
+ if (!this.tbsView.byteLength) {
+ return ResponseData.schema();
+ }
+ const asn1 = fromBER(this.tbsView);
+ AsnError.assert(asn1, "TBS Response Data");
+ tbsSchema = asn1.result;
+ }
+ else {
+ const outputArray = [];
+ if (VERSION$7 in this) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [new Integer({ value: this.version })]
+ }));
+ }
+ if (this.responderID instanceof RelativeDistinguishedNames) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [this.responderID.toSchema()]
+ }));
+ }
+ else {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ value: [this.responderID]
+ }));
+ }
+ outputArray.push(new GeneralizedTime({ valueDate: this.producedAt }));
+ outputArray.push(new Sequence({
+ value: Array.from(this.responses, o => o.toSchema())
+ }));
+ if (this.responseExtensions) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [new Sequence({
+ value: Array.from(this.responseExtensions, o => o.toSchema())
+ })]
+ }));
+ }
+ tbsSchema = new Sequence({
+ value: outputArray
+ });
+ }
+ return tbsSchema;
+ }
+ toJSON() {
+ const res = {};
+ if (VERSION$7 in this) {
+ res.version = this.version;
+ }
+ if (this.responderID) {
+ res.responderID = this.responderID;
+ }
+ if (this.producedAt) {
+ res.producedAt = this.producedAt;
+ }
+ if (this.responses) {
+ res.responses = Array.from(this.responses, o => o.toJSON());
+ }
+ if (this.responseExtensions) {
+ res.responseExtensions = Array.from(this.responseExtensions, o => o.toJSON());
+ }
+ return res;
+ }
+}
+ResponseData.CLASS_NAME = "ResponseData";
+
+const TRUSTED_CERTS = "trustedCerts";
+const CERTS$2 = "certs";
+const CRLS$1 = "crls";
+const OCSPS$1 = "ocsps";
+const CHECK_DATE = "checkDate";
+const FIND_ORIGIN = "findOrigin";
+const FIND_ISSUER = "findIssuer";
+var ChainValidationCode;
+(function (ChainValidationCode) {
+ ChainValidationCode[ChainValidationCode["unknown"] = -1] = "unknown";
+ ChainValidationCode[ChainValidationCode["success"] = 0] = "success";
+ ChainValidationCode[ChainValidationCode["noRevocation"] = 11] = "noRevocation";
+ ChainValidationCode[ChainValidationCode["noPath"] = 60] = "noPath";
+ ChainValidationCode[ChainValidationCode["noValidPath"] = 97] = "noValidPath";
+})(ChainValidationCode || (ChainValidationCode = {}));
+class ChainValidationError extends Error {
+ constructor(code, message) {
+ super(message);
+ this.name = ChainValidationError.NAME;
+ this.code = code;
+ this.message = message;
+ }
+}
+ChainValidationError.NAME = "ChainValidationError";
+function isTrusted(cert, trustedList) {
+ for (let i = 0; i < trustedList.length; i++) {
+ if (BufferSourceConverter.isEqual(cert.tbsView, trustedList[i].tbsView)) {
+ return true;
+ }
+ }
+ return false;
+}
+class CertificateChainValidationEngine {
+ constructor(parameters = {}) {
+ this.trustedCerts = getParametersValue(parameters, TRUSTED_CERTS, this.defaultValues(TRUSTED_CERTS));
+ this.certs = getParametersValue(parameters, CERTS$2, this.defaultValues(CERTS$2));
+ this.crls = getParametersValue(parameters, CRLS$1, this.defaultValues(CRLS$1));
+ this.ocsps = getParametersValue(parameters, OCSPS$1, this.defaultValues(OCSPS$1));
+ this.checkDate = getParametersValue(parameters, CHECK_DATE, this.defaultValues(CHECK_DATE));
+ this.findOrigin = getParametersValue(parameters, FIND_ORIGIN, this.defaultValues(FIND_ORIGIN));
+ this.findIssuer = getParametersValue(parameters, FIND_ISSUER, this.defaultValues(FIND_ISSUER));
+ }
+ static defaultFindOrigin(certificate, validationEngine) {
+ if (certificate.tbsView.byteLength === 0) {
+ certificate.tbsView = new Uint8Array(certificate.encodeTBS().toBER());
+ }
+ for (const localCert of validationEngine.certs) {
+ if (localCert.tbsView.byteLength === 0) {
+ localCert.tbsView = new Uint8Array(localCert.encodeTBS().toBER());
+ }
+ if (BufferSourceConverter.isEqual(certificate.tbsView, localCert.tbsView))
+ return "Intermediate Certificates";
+ }
+ for (const trustedCert of validationEngine.trustedCerts) {
+ if (trustedCert.tbsView.byteLength === 0)
+ trustedCert.tbsView = new Uint8Array(trustedCert.encodeTBS().toBER());
+ if (BufferSourceConverter.isEqual(certificate.tbsView, trustedCert.tbsView))
+ return "Trusted Certificates";
+ }
+ return "Unknown";
+ }
+ defaultFindIssuer(certificate, validationEngine, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ const result = [];
+ let keyIdentifier = null;
+ let authorityCertIssuer = null;
+ let authorityCertSerialNumber = null;
+ if (certificate.subject.isEqual(certificate.issuer)) {
+ try {
+ const verificationResult = yield certificate.verify(undefined, crypto);
+ if (verificationResult) {
+ return [certificate];
+ }
+ }
+ catch (ex) {
+ }
+ }
+ if (certificate.extensions) {
+ for (const extension of certificate.extensions) {
+ if (extension.extnID === id_AuthorityKeyIdentifier && extension.parsedValue instanceof AuthorityKeyIdentifier) {
+ if (extension.parsedValue.keyIdentifier) {
+ keyIdentifier = extension.parsedValue.keyIdentifier;
+ }
+ else {
+ if (extension.parsedValue.authorityCertIssuer) {
+ authorityCertIssuer = extension.parsedValue.authorityCertIssuer;
+ }
+ if (extension.parsedValue.authorityCertSerialNumber) {
+ authorityCertSerialNumber = extension.parsedValue.authorityCertSerialNumber;
+ }
+ }
+ break;
+ }
+ }
+ }
+ function checkCertificate(possibleIssuer) {
+ if (keyIdentifier !== null) {
+ if (possibleIssuer.extensions) {
+ let extensionFound = false;
+ for (const extension of possibleIssuer.extensions) {
+ if (extension.extnID === id_SubjectKeyIdentifier && extension.parsedValue) {
+ extensionFound = true;
+ if (BufferSourceConverter.isEqual(extension.parsedValue.valueBlock.valueHex, keyIdentifier.valueBlock.valueHexView)) {
+ result.push(possibleIssuer);
+ }
+ break;
+ }
+ }
+ if (extensionFound) {
+ return;
+ }
+ }
+ }
+ let authorityCertSerialNumberEqual = false;
+ if (authorityCertSerialNumber !== null)
+ authorityCertSerialNumberEqual = possibleIssuer.serialNumber.isEqual(authorityCertSerialNumber);
+ if (authorityCertIssuer !== null) {
+ if (possibleIssuer.subject.isEqual(authorityCertIssuer)) {
+ if (authorityCertSerialNumberEqual)
+ result.push(possibleIssuer);
+ }
+ }
+ else {
+ if (certificate.issuer.isEqual(possibleIssuer.subject))
+ result.push(possibleIssuer);
+ }
+ }
+ for (const trustedCert of validationEngine.trustedCerts) {
+ checkCertificate(trustedCert);
+ }
+ for (const intermediateCert of validationEngine.certs) {
+ checkCertificate(intermediateCert);
+ }
+ for (let i = 0; i < result.length; i++) {
+ try {
+ const verificationResult = yield certificate.verify(result[i], crypto);
+ if (verificationResult === false)
+ result.splice(i, 1);
+ }
+ catch (ex) {
+ result.splice(i, 1);
+ }
+ }
+ return result;
+ });
+ }
+ defaultValues(memberName) {
+ switch (memberName) {
+ case TRUSTED_CERTS:
+ return [];
+ case CERTS$2:
+ return [];
+ case CRLS$1:
+ return [];
+ case OCSPS$1:
+ return [];
+ case CHECK_DATE:
+ return new Date();
+ case FIND_ORIGIN:
+ return CertificateChainValidationEngine.defaultFindOrigin;
+ case FIND_ISSUER:
+ return this.defaultFindIssuer;
+ default:
+ throw new Error(`Invalid member name for CertificateChainValidationEngine class: ${memberName}`);
+ }
+ }
+ sort(passedWhenNotRevValues = false, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ const localCerts = [];
+ const buildPath = (certificate, crypto) => __awaiter(this, void 0, void 0, function* () {
+ const result = [];
+ function checkUnique(array) {
+ let unique = true;
+ for (let i = 0; i < array.length; i++) {
+ for (let j = 0; j < array.length; j++) {
+ if (j === i)
+ continue;
+ if (array[i] === array[j]) {
+ unique = false;
+ break;
+ }
+ }
+ if (!unique)
+ break;
+ }
+ return unique;
+ }
+ if (isTrusted(certificate, this.trustedCerts)) {
+ return [[certificate]];
+ }
+ const findIssuerResult = yield this.findIssuer(certificate, this, crypto);
+ if (findIssuerResult.length === 0) {
+ throw new Error("No valid certificate paths found");
+ }
+ for (let i = 0; i < findIssuerResult.length; i++) {
+ if (BufferSourceConverter.isEqual(findIssuerResult[i].tbsView, certificate.tbsView)) {
+ result.push([findIssuerResult[i]]);
+ continue;
+ }
+ const buildPathResult = yield buildPath(findIssuerResult[i], crypto);
+ for (let j = 0; j < buildPathResult.length; j++) {
+ const copy = buildPathResult[j].slice();
+ copy.splice(0, 0, findIssuerResult[i]);
+ if (checkUnique(copy))
+ result.push(copy);
+ else
+ result.push(buildPathResult[j]);
+ }
+ }
+ return result;
+ });
+ const findCRL = (certificate) => __awaiter(this, void 0, void 0, function* () {
+ const issuerCertificates = [];
+ const crls = [];
+ const crlsAndCertificates = [];
+ issuerCertificates.push(...localCerts.filter(element => certificate.issuer.isEqual(element.subject)));
+ if (issuerCertificates.length === 0) {
+ return {
+ status: 1,
+ statusMessage: "No certificate's issuers"
+ };
+ }
+ crls.push(...this.crls.filter(o => o.issuer.isEqual(certificate.issuer)));
+ if (crls.length === 0) {
+ return {
+ status: 2,
+ statusMessage: "No CRLs for specific certificate issuer"
+ };
+ }
+ for (let i = 0; i < crls.length; i++) {
+ const crl = crls[i];
+ if (crl.nextUpdate && crl.nextUpdate.value < this.checkDate) {
+ continue;
+ }
+ for (let j = 0; j < issuerCertificates.length; j++) {
+ try {
+ const result = yield crls[i].verify({ issuerCertificate: issuerCertificates[j] }, crypto);
+ if (result) {
+ crlsAndCertificates.push({
+ crl: crls[i],
+ certificate: issuerCertificates[j]
+ });
+ break;
+ }
+ }
+ catch (ex) {
+ }
+ }
+ }
+ if (crlsAndCertificates.length) {
+ return {
+ status: 0,
+ statusMessage: EMPTY_STRING,
+ result: crlsAndCertificates
+ };
+ }
+ return {
+ status: 3,
+ statusMessage: "No valid CRLs found"
+ };
+ });
+ const findOCSP = (certificate, issuerCertificate) => __awaiter(this, void 0, void 0, function* () {
+ const hashAlgorithm = crypto.getAlgorithmByOID(certificate.signatureAlgorithm.algorithmId);
+ if (!hashAlgorithm.name) {
+ return 1;
+ }
+ if (!hashAlgorithm.hash) {
+ return 1;
+ }
+ for (let i = 0; i < this.ocsps.length; i++) {
+ const ocsp = this.ocsps[i];
+ const result = yield ocsp.getCertificateStatus(certificate, issuerCertificate, crypto);
+ if (result.isForCertificate) {
+ if (result.status === 0)
+ return 0;
+ return 1;
+ }
+ }
+ return 2;
+ });
+ function checkForCA(certificate, needToCheckCRL = false) {
+ return __awaiter(this, void 0, void 0, function* () {
+ let isCA = false;
+ let mustBeCA = false;
+ let keyUsagePresent = false;
+ let cRLSign = false;
+ if (certificate.extensions) {
+ for (let j = 0; j < certificate.extensions.length; j++) {
+ const extension = certificate.extensions[j];
+ if (extension.critical && !extension.parsedValue) {
+ return {
+ result: false,
+ resultCode: 6,
+ resultMessage: `Unable to parse critical certificate extension: ${extension.extnID}`
+ };
+ }
+ if (extension.extnID === id_KeyUsage) {
+ keyUsagePresent = true;
+ const view = new Uint8Array(extension.parsedValue.valueBlock.valueHex);
+ if ((view[0] & 0x04) === 0x04)
+ mustBeCA = true;
+ if ((view[0] & 0x02) === 0x02)
+ cRLSign = true;
+ }
+ if (extension.extnID === id_BasicConstraints) {
+ if ("cA" in extension.parsedValue) {
+ if (extension.parsedValue.cA === true)
+ isCA = true;
+ }
+ }
+ }
+ if ((mustBeCA === true) && (isCA === false)) {
+ return {
+ result: false,
+ resultCode: 3,
+ resultMessage: "Unable to build certificate chain - using \"keyCertSign\" flag set without BasicConstraints"
+ };
+ }
+ if ((keyUsagePresent === true) && (isCA === true) && (mustBeCA === false)) {
+ return {
+ result: false,
+ resultCode: 4,
+ resultMessage: "Unable to build certificate chain - \"keyCertSign\" flag was not set"
+ };
+ }
+ if ((isCA === true) && (keyUsagePresent === true) && ((needToCheckCRL) && (cRLSign === false))) {
+ return {
+ result: false,
+ resultCode: 5,
+ resultMessage: "Unable to build certificate chain - intermediate certificate must have \"cRLSign\" key usage flag"
+ };
+ }
+ }
+ if (isCA === false) {
+ return {
+ result: false,
+ resultCode: 7,
+ resultMessage: "Unable to build certificate chain - more than one possible end-user certificate"
+ };
+ }
+ return {
+ result: true,
+ resultCode: 0,
+ resultMessage: EMPTY_STRING
+ };
+ });
+ }
+ const basicCheck = (path, checkDate) => __awaiter(this, void 0, void 0, function* () {
+ for (let i = 0; i < path.length; i++) {
+ if ((path[i].notBefore.value > checkDate) ||
+ (path[i].notAfter.value < checkDate)) {
+ return {
+ result: false,
+ resultCode: 8,
+ resultMessage: "The certificate is either not yet valid or expired"
+ };
+ }
+ }
+ if (path.length < 2) {
+ return {
+ result: false,
+ resultCode: 9,
+ resultMessage: "Too short certificate path"
+ };
+ }
+ for (let i = (path.length - 2); i >= 0; i--) {
+ if (path[i].issuer.isEqual(path[i].subject) === false) {
+ if (path[i].issuer.isEqual(path[i + 1].subject) === false) {
+ return {
+ result: false,
+ resultCode: 10,
+ resultMessage: "Incorrect name chaining"
+ };
+ }
+ }
+ }
+ if ((this.crls.length !== 0) || (this.ocsps.length !== 0)) {
+ for (let i = 0; i < (path.length - 1); i++) {
+ let ocspResult = 2;
+ let crlResult = {
+ status: 0,
+ statusMessage: EMPTY_STRING
+ };
+ if (this.ocsps.length !== 0) {
+ ocspResult = yield findOCSP(path[i], path[i + 1]);
+ switch (ocspResult) {
+ case 0:
+ continue;
+ case 1:
+ return {
+ result: false,
+ resultCode: 12,
+ resultMessage: "One of certificates was revoked via OCSP response"
+ };
+ }
+ }
+ if (this.crls.length !== 0) {
+ crlResult = yield findCRL(path[i]);
+ if (crlResult.status === 0 && crlResult.result) {
+ for (let j = 0; j < crlResult.result.length; j++) {
+ const isCertificateRevoked = crlResult.result[j].crl.isCertificateRevoked(path[i]);
+ if (isCertificateRevoked) {
+ return {
+ result: false,
+ resultCode: 12,
+ resultMessage: "One of certificates had been revoked"
+ };
+ }
+ const isCertificateCA = yield checkForCA(crlResult.result[j].certificate, true);
+ if (isCertificateCA.result === false) {
+ return {
+ result: false,
+ resultCode: 13,
+ resultMessage: "CRL issuer certificate is not a CA certificate or does not have crlSign flag"
+ };
+ }
+ }
+ }
+ else {
+ if (passedWhenNotRevValues === false) {
+ throw new ChainValidationError(ChainValidationCode.noRevocation, `No revocation values found for one of certificates: ${crlResult.statusMessage}`);
+ }
+ }
+ }
+ else {
+ if (ocspResult === 2) {
+ return {
+ result: false,
+ resultCode: 11,
+ resultMessage: "No revocation values found for one of certificates"
+ };
+ }
+ }
+ if ((ocspResult === 2) && (crlResult.status === 2) && passedWhenNotRevValues) {
+ const issuerCertificate = path[i + 1];
+ let extensionFound = false;
+ if (issuerCertificate.extensions) {
+ for (const extension of issuerCertificate.extensions) {
+ switch (extension.extnID) {
+ case id_CRLDistributionPoints:
+ case id_FreshestCRL:
+ case id_AuthorityInfoAccess:
+ extensionFound = true;
+ break;
+ }
+ }
+ }
+ if (extensionFound) {
+ throw new ChainValidationError(ChainValidationCode.noRevocation, `No revocation values found for one of certificates: ${crlResult.statusMessage}`);
+ }
+ }
+ }
+ }
+ for (const [i, cert] of path.entries()) {
+ if (!i) {
+ continue;
+ }
+ const result = yield checkForCA(cert);
+ if (!result.result) {
+ return {
+ result: false,
+ resultCode: 14,
+ resultMessage: "One of intermediate certificates is not a CA certificate"
+ };
+ }
+ }
+ return {
+ result: true
+ };
+ });
+ localCerts.push(...this.trustedCerts);
+ localCerts.push(...this.certs);
+ for (let i = 0; i < localCerts.length; i++) {
+ for (let j = 0; j < localCerts.length; j++) {
+ if (i === j)
+ continue;
+ if (BufferSourceConverter.isEqual(localCerts[i].tbsView, localCerts[j].tbsView)) {
+ localCerts.splice(j, 1);
+ i = 0;
+ break;
+ }
+ }
+ }
+ const leafCert = localCerts[localCerts.length - 1];
+ let result;
+ const certificatePath = [leafCert];
+ result = yield buildPath(leafCert, crypto);
+ if (result.length === 0) {
+ throw new ChainValidationError(ChainValidationCode.noPath, "Unable to find certificate path");
+ }
+ for (let i = 0; i < result.length; i++) {
+ let found = false;
+ for (let j = 0; j < (result[i]).length; j++) {
+ const certificate = (result[i])[j];
+ for (let k = 0; k < this.trustedCerts.length; k++) {
+ if (BufferSourceConverter.isEqual(certificate.tbsView, this.trustedCerts[k].tbsView)) {
+ found = true;
+ break;
+ }
+ }
+ if (found)
+ break;
+ }
+ if (!found) {
+ result.splice(i, 1);
+ i = 0;
+ }
+ }
+ if (result.length === 0) {
+ throw new ChainValidationError(ChainValidationCode.noValidPath, "No valid certificate paths found");
+ }
+ let shortestLength = result[0].length;
+ let shortestIndex = 0;
+ for (let i = 0; i < result.length; i++) {
+ if (result[i].length < shortestLength) {
+ shortestLength = result[i].length;
+ shortestIndex = i;
+ }
+ }
+ for (let i = 0; i < result[shortestIndex].length; i++)
+ certificatePath.push((result[shortestIndex])[i]);
+ result = yield basicCheck(certificatePath, this.checkDate);
+ if (result.result === false)
+ throw result;
+ return certificatePath;
+ });
+ }
+ verify(parameters = {}, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ function compareDNSName(name, constraint) {
+ const namePrepared = stringPrep(name);
+ const constraintPrepared = stringPrep(constraint);
+ const nameSplitted = namePrepared.split(".");
+ const constraintSplitted = constraintPrepared.split(".");
+ const nameLen = nameSplitted.length;
+ const constrLen = constraintSplitted.length;
+ if ((nameLen === 0) || (constrLen === 0) || (nameLen < constrLen)) {
+ return false;
+ }
+ for (let i = 0; i < nameLen; i++) {
+ if (nameSplitted[i].length === 0) {
+ return false;
+ }
+ }
+ for (let i = 0; i < constrLen; i++) {
+ if (constraintSplitted[i].length === 0) {
+ if (i === 0) {
+ if (constrLen === 1) {
+ return false;
+ }
+ continue;
+ }
+ return false;
+ }
+ }
+ for (let i = 0; i < constrLen; i++) {
+ if (constraintSplitted[constrLen - 1 - i].length === 0) {
+ continue;
+ }
+ if (nameSplitted[nameLen - 1 - i].localeCompare(constraintSplitted[constrLen - 1 - i]) !== 0) {
+ return false;
+ }
+ }
+ return true;
+ }
+ function compareRFC822Name(name, constraint) {
+ const namePrepared = stringPrep(name);
+ const constraintPrepared = stringPrep(constraint);
+ const nameSplitted = namePrepared.split("@");
+ const constraintSplitted = constraintPrepared.split("@");
+ if ((nameSplitted.length === 0) || (constraintSplitted.length === 0) || (nameSplitted.length < constraintSplitted.length))
+ return false;
+ if (constraintSplitted.length === 1) {
+ const result = compareDNSName(nameSplitted[1], constraintSplitted[0]);
+ if (result) {
+ const ns = nameSplitted[1].split(".");
+ const cs = constraintSplitted[0].split(".");
+ if (cs[0].length === 0)
+ return true;
+ return ns.length === cs.length;
+ }
+ return false;
+ }
+ return (namePrepared.localeCompare(constraintPrepared) === 0);
+ }
+ function compareUniformResourceIdentifier(name, constraint) {
+ let namePrepared = stringPrep(name);
+ const constraintPrepared = stringPrep(constraint);
+ const ns = namePrepared.split("/");
+ const cs = constraintPrepared.split("/");
+ if (cs.length > 1)
+ return false;
+ if (ns.length > 1) {
+ for (let i = 0; i < ns.length; i++) {
+ if ((ns[i].length > 0) && (ns[i].charAt(ns[i].length - 1) !== ":")) {
+ const nsPort = ns[i].split(":");
+ namePrepared = nsPort[0];
+ break;
+ }
+ }
+ }
+ const result = compareDNSName(namePrepared, constraintPrepared);
+ if (result) {
+ const nameSplitted = namePrepared.split(".");
+ const constraintSplitted = constraintPrepared.split(".");
+ if (constraintSplitted[0].length === 0)
+ return true;
+ return nameSplitted.length === constraintSplitted.length;
+ }
+ return false;
+ }
+ function compareIPAddress(name, constraint) {
+ const nameView = name.valueBlock.valueHexView;
+ const constraintView = constraint.valueBlock.valueHexView;
+ if ((nameView.length === 4) && (constraintView.length === 8)) {
+ for (let i = 0; i < 4; i++) {
+ if ((nameView[i] ^ constraintView[i]) & constraintView[i + 4])
+ return false;
+ }
+ return true;
+ }
+ if ((nameView.length === 16) && (constraintView.length === 32)) {
+ for (let i = 0; i < 16; i++) {
+ if ((nameView[i] ^ constraintView[i]) & constraintView[i + 16])
+ return false;
+ }
+ return true;
+ }
+ return false;
+ }
+ function compareDirectoryName(name, constraint) {
+ if ((name.typesAndValues.length === 0) || (constraint.typesAndValues.length === 0))
+ return true;
+ if (name.typesAndValues.length < constraint.typesAndValues.length)
+ return false;
+ let result = true;
+ let nameStart = 0;
+ for (let i = 0; i < constraint.typesAndValues.length; i++) {
+ let localResult = false;
+ for (let j = nameStart; j < name.typesAndValues.length; j++) {
+ localResult = name.typesAndValues[j].isEqual(constraint.typesAndValues[i]);
+ if (name.typesAndValues[j].type === constraint.typesAndValues[i].type)
+ result = result && localResult;
+ if (localResult === true) {
+ if ((nameStart === 0) || (nameStart === j)) {
+ nameStart = j + 1;
+ break;
+ }
+ else
+ return false;
+ }
+ }
+ if (localResult === false)
+ return false;
+ }
+ return (nameStart === 0) ? false : result;
+ }
+ try {
+ if (this.certs.length === 0)
+ throw new Error("Empty certificate array");
+ const passedWhenNotRevValues = parameters.passedWhenNotRevValues || false;
+ const initialPolicySet = parameters.initialPolicySet || [id_AnyPolicy];
+ const initialExplicitPolicy = parameters.initialExplicitPolicy || false;
+ const initialPolicyMappingInhibit = parameters.initialPolicyMappingInhibit || false;
+ const initialInhibitPolicy = parameters.initialInhibitPolicy || false;
+ const initialPermittedSubtreesSet = parameters.initialPermittedSubtreesSet || [];
+ const initialExcludedSubtreesSet = parameters.initialExcludedSubtreesSet || [];
+ const initialRequiredNameForms = parameters.initialRequiredNameForms || [];
+ let explicitPolicyIndicator = initialExplicitPolicy;
+ let policyMappingInhibitIndicator = initialPolicyMappingInhibit;
+ let inhibitAnyPolicyIndicator = initialInhibitPolicy;
+ const pendingConstraints = [
+ false,
+ false,
+ false,
+ ];
+ let explicitPolicyPending = 0;
+ let policyMappingInhibitPending = 0;
+ let inhibitAnyPolicyPending = 0;
+ let permittedSubtrees = initialPermittedSubtreesSet;
+ let excludedSubtrees = initialExcludedSubtreesSet;
+ const requiredNameForms = initialRequiredNameForms;
+ let pathDepth = 1;
+ this.certs = yield this.sort(passedWhenNotRevValues, crypto);
+ const allPolicies = [];
+ allPolicies.push(id_AnyPolicy);
+ const policiesAndCerts = [];
+ const anyPolicyArray = new Array(this.certs.length - 1);
+ for (let ii = 0; ii < (this.certs.length - 1); ii++)
+ anyPolicyArray[ii] = true;
+ policiesAndCerts.push(anyPolicyArray);
+ const policyMappings = new Array(this.certs.length - 1);
+ const certPolicies = new Array(this.certs.length - 1);
+ let explicitPolicyStart = (explicitPolicyIndicator) ? (this.certs.length - 1) : (-1);
+ for (let i = (this.certs.length - 2); i >= 0; i--, pathDepth++) {
+ const cert = this.certs[i];
+ if (cert.extensions) {
+ for (let j = 0; j < cert.extensions.length; j++) {
+ const extension = cert.extensions[j];
+ if (extension.extnID === id_CertificatePolicies) {
+ certPolicies[i] = extension.parsedValue;
+ for (let s = 0; s < allPolicies.length; s++) {
+ if (allPolicies[s] === id_AnyPolicy) {
+ delete (policiesAndCerts[s])[i];
+ break;
+ }
+ }
+ for (let k = 0; k < extension.parsedValue.certificatePolicies.length; k++) {
+ let policyIndex = (-1);
+ const policyId = extension.parsedValue.certificatePolicies[k].policyIdentifier;
+ for (let s = 0; s < allPolicies.length; s++) {
+ if (policyId === allPolicies[s]) {
+ policyIndex = s;
+ break;
+ }
+ }
+ if (policyIndex === (-1)) {
+ allPolicies.push(policyId);
+ const certArray = new Array(this.certs.length - 1);
+ certArray[i] = true;
+ policiesAndCerts.push(certArray);
+ }
+ else
+ (policiesAndCerts[policyIndex])[i] = true;
+ }
+ }
+ if (extension.extnID === id_PolicyMappings) {
+ if (policyMappingInhibitIndicator) {
+ return {
+ result: false,
+ resultCode: 98,
+ resultMessage: "Policy mapping prohibited"
+ };
+ }
+ policyMappings[i] = extension.parsedValue;
+ }
+ if (extension.extnID === id_PolicyConstraints) {
+ if (explicitPolicyIndicator === false) {
+ if (extension.parsedValue.requireExplicitPolicy === 0) {
+ explicitPolicyIndicator = true;
+ explicitPolicyStart = i;
+ }
+ else {
+ if (pendingConstraints[0] === false) {
+ pendingConstraints[0] = true;
+ explicitPolicyPending = extension.parsedValue.requireExplicitPolicy;
+ }
+ else
+ explicitPolicyPending = (explicitPolicyPending > extension.parsedValue.requireExplicitPolicy) ? extension.parsedValue.requireExplicitPolicy : explicitPolicyPending;
+ }
+ if (extension.parsedValue.inhibitPolicyMapping === 0)
+ policyMappingInhibitIndicator = true;
+ else {
+ if (pendingConstraints[1] === false) {
+ pendingConstraints[1] = true;
+ policyMappingInhibitPending = extension.parsedValue.inhibitPolicyMapping + 1;
+ }
+ else
+ policyMappingInhibitPending = (policyMappingInhibitPending > (extension.parsedValue.inhibitPolicyMapping + 1)) ? (extension.parsedValue.inhibitPolicyMapping + 1) : policyMappingInhibitPending;
+ }
+ }
+ }
+ if (extension.extnID === id_InhibitAnyPolicy) {
+ if (inhibitAnyPolicyIndicator === false) {
+ if (extension.parsedValue.valueBlock.valueDec === 0)
+ inhibitAnyPolicyIndicator = true;
+ else {
+ if (pendingConstraints[2] === false) {
+ pendingConstraints[2] = true;
+ inhibitAnyPolicyPending = extension.parsedValue.valueBlock.valueDec;
+ }
+ else
+ inhibitAnyPolicyPending = (inhibitAnyPolicyPending > extension.parsedValue.valueBlock.valueDec) ? extension.parsedValue.valueBlock.valueDec : inhibitAnyPolicyPending;
+ }
+ }
+ }
+ }
+ if (inhibitAnyPolicyIndicator === true) {
+ let policyIndex = (-1);
+ for (let searchAnyPolicy = 0; searchAnyPolicy < allPolicies.length; searchAnyPolicy++) {
+ if (allPolicies[searchAnyPolicy] === id_AnyPolicy) {
+ policyIndex = searchAnyPolicy;
+ break;
+ }
+ }
+ if (policyIndex !== (-1))
+ delete (policiesAndCerts[0])[i];
+ }
+ if (explicitPolicyIndicator === false) {
+ if (pendingConstraints[0] === true) {
+ explicitPolicyPending--;
+ if (explicitPolicyPending === 0) {
+ explicitPolicyIndicator = true;
+ explicitPolicyStart = i;
+ pendingConstraints[0] = false;
+ }
+ }
+ }
+ if (policyMappingInhibitIndicator === false) {
+ if (pendingConstraints[1] === true) {
+ policyMappingInhibitPending--;
+ if (policyMappingInhibitPending === 0) {
+ policyMappingInhibitIndicator = true;
+ pendingConstraints[1] = false;
+ }
+ }
+ }
+ if (inhibitAnyPolicyIndicator === false) {
+ if (pendingConstraints[2] === true) {
+ inhibitAnyPolicyPending--;
+ if (inhibitAnyPolicyPending === 0) {
+ inhibitAnyPolicyIndicator = true;
+ pendingConstraints[2] = false;
+ }
+ }
+ }
+ }
+ }
+ for (let i = 0; i < (this.certs.length - 1); i++) {
+ if ((i < (this.certs.length - 2)) && (typeof policyMappings[i + 1] !== "undefined")) {
+ for (let k = 0; k < policyMappings[i + 1].mappings.length; k++) {
+ if ((policyMappings[i + 1].mappings[k].issuerDomainPolicy === id_AnyPolicy) || (policyMappings[i + 1].mappings[k].subjectDomainPolicy === id_AnyPolicy)) {
+ return {
+ result: false,
+ resultCode: 99,
+ resultMessage: "The \"anyPolicy\" should not be a part of policy mapping scheme"
+ };
+ }
+ let issuerDomainPolicyIndex = (-1);
+ let subjectDomainPolicyIndex = (-1);
+ for (let n = 0; n < allPolicies.length; n++) {
+ if (allPolicies[n] === policyMappings[i + 1].mappings[k].issuerDomainPolicy)
+ issuerDomainPolicyIndex = n;
+ if (allPolicies[n] === policyMappings[i + 1].mappings[k].subjectDomainPolicy)
+ subjectDomainPolicyIndex = n;
+ }
+ if (typeof (policiesAndCerts[issuerDomainPolicyIndex])[i] !== "undefined")
+ delete (policiesAndCerts[issuerDomainPolicyIndex])[i];
+ for (let j = 0; j < certPolicies[i].certificatePolicies.length; j++) {
+ if (policyMappings[i + 1].mappings[k].subjectDomainPolicy === certPolicies[i].certificatePolicies[j].policyIdentifier) {
+ if ((issuerDomainPolicyIndex !== (-1)) && (subjectDomainPolicyIndex !== (-1))) {
+ for (let m = 0; m <= i; m++) {
+ if (typeof (policiesAndCerts[subjectDomainPolicyIndex])[m] !== "undefined") {
+ (policiesAndCerts[issuerDomainPolicyIndex])[m] = true;
+ delete (policiesAndCerts[subjectDomainPolicyIndex])[m];
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ for (let i = 0; i < allPolicies.length; i++) {
+ if (allPolicies[i] === id_AnyPolicy) {
+ for (let j = 0; j < explicitPolicyStart; j++)
+ delete (policiesAndCerts[i])[j];
+ }
+ }
+ const authConstrPolicies = [];
+ for (let i = 0; i < policiesAndCerts.length; i++) {
+ let found = true;
+ for (let j = 0; j < (this.certs.length - 1); j++) {
+ let anyPolicyFound = false;
+ if ((j < explicitPolicyStart) && (allPolicies[i] === id_AnyPolicy) && (allPolicies.length > 1)) {
+ found = false;
+ break;
+ }
+ if (typeof (policiesAndCerts[i])[j] === "undefined") {
+ if (j >= explicitPolicyStart) {
+ for (let k = 0; k < allPolicies.length; k++) {
+ if (allPolicies[k] === id_AnyPolicy) {
+ if ((policiesAndCerts[k])[j] === true)
+ anyPolicyFound = true;
+ break;
+ }
+ }
+ }
+ if (!anyPolicyFound) {
+ found = false;
+ break;
+ }
+ }
+ }
+ if (found === true)
+ authConstrPolicies.push(allPolicies[i]);
+ }
+ let userConstrPolicies = [];
+ if ((initialPolicySet.length === 1) && (initialPolicySet[0] === id_AnyPolicy) && (explicitPolicyIndicator === false))
+ userConstrPolicies = initialPolicySet;
+ else {
+ if ((authConstrPolicies.length === 1) && (authConstrPolicies[0] === id_AnyPolicy))
+ userConstrPolicies = initialPolicySet;
+ else {
+ for (let i = 0; i < authConstrPolicies.length; i++) {
+ for (let j = 0; j < initialPolicySet.length; j++) {
+ if ((initialPolicySet[j] === authConstrPolicies[i]) || (initialPolicySet[j] === id_AnyPolicy)) {
+ userConstrPolicies.push(authConstrPolicies[i]);
+ break;
+ }
+ }
+ }
+ }
+ }
+ const policyResult = {
+ result: (userConstrPolicies.length > 0),
+ resultCode: 0,
+ resultMessage: (userConstrPolicies.length > 0) ? EMPTY_STRING : "Zero \"userConstrPolicies\" array, no intersections with \"authConstrPolicies\"",
+ authConstrPolicies,
+ userConstrPolicies,
+ explicitPolicyIndicator,
+ policyMappings,
+ certificatePath: this.certs
+ };
+ if (userConstrPolicies.length === 0)
+ return policyResult;
+ if (policyResult.result === false)
+ return policyResult;
+ pathDepth = 1;
+ for (let i = (this.certs.length - 2); i >= 0; i--, pathDepth++) {
+ const cert = this.certs[i];
+ let subjectAltNames = [];
+ let certPermittedSubtrees = [];
+ let certExcludedSubtrees = [];
+ if (cert.extensions) {
+ for (let j = 0; j < cert.extensions.length; j++) {
+ const extension = cert.extensions[j];
+ if (extension.extnID === id_NameConstraints) {
+ if ("permittedSubtrees" in extension.parsedValue)
+ certPermittedSubtrees = certPermittedSubtrees.concat(extension.parsedValue.permittedSubtrees);
+ if ("excludedSubtrees" in extension.parsedValue)
+ certExcludedSubtrees = certExcludedSubtrees.concat(extension.parsedValue.excludedSubtrees);
+ }
+ if (extension.extnID === id_SubjectAltName)
+ subjectAltNames = subjectAltNames.concat(extension.parsedValue.altNames);
+ }
+ }
+ let formFound = (requiredNameForms.length <= 0);
+ for (let j = 0; j < requiredNameForms.length; j++) {
+ switch (requiredNameForms[j].base.type) {
+ case 4:
+ {
+ if (requiredNameForms[j].base.value.typesAndValues.length !== cert.subject.typesAndValues.length)
+ continue;
+ formFound = true;
+ for (let k = 0; k < cert.subject.typesAndValues.length; k++) {
+ if (cert.subject.typesAndValues[k].type !== requiredNameForms[j].base.value.typesAndValues[k].type) {
+ formFound = false;
+ break;
+ }
+ }
+ if (formFound === true)
+ break;
+ }
+ break;
+ default:
+ }
+ }
+ if (formFound === false) {
+ policyResult.result = false;
+ policyResult.resultCode = 21;
+ policyResult.resultMessage = "No necessary name form found";
+ throw policyResult;
+ }
+ const constrGroups = [
+ [],
+ [],
+ [],
+ [],
+ [],
+ ];
+ for (let j = 0; j < permittedSubtrees.length; j++) {
+ switch (permittedSubtrees[j].base.type) {
+ case 1:
+ constrGroups[0].push(permittedSubtrees[j]);
+ break;
+ case 2:
+ constrGroups[1].push(permittedSubtrees[j]);
+ break;
+ case 4:
+ constrGroups[2].push(permittedSubtrees[j]);
+ break;
+ case 6:
+ constrGroups[3].push(permittedSubtrees[j]);
+ break;
+ case 7:
+ constrGroups[4].push(permittedSubtrees[j]);
+ break;
+ default:
+ }
+ }
+ for (let p = 0; p < 5; p++) {
+ let groupPermitted = false;
+ let valueExists = false;
+ const group = constrGroups[p];
+ for (let j = 0; j < group.length; j++) {
+ switch (p) {
+ case 0:
+ if (subjectAltNames.length > 0) {
+ for (let k = 0; k < subjectAltNames.length; k++) {
+ if (subjectAltNames[k].type === 1) {
+ valueExists = true;
+ groupPermitted = groupPermitted || compareRFC822Name(subjectAltNames[k].value, group[j].base.value);
+ }
+ }
+ }
+ else {
+ for (let k = 0; k < cert.subject.typesAndValues.length; k++) {
+ if ((cert.subject.typesAndValues[k].type === "1.2.840.113549.1.9.1") ||
+ (cert.subject.typesAndValues[k].type === "0.9.2342.19200300.100.1.3")) {
+ valueExists = true;
+ groupPermitted = groupPermitted || compareRFC822Name(cert.subject.typesAndValues[k].value.valueBlock.value, group[j].base.value);
+ }
+ }
+ }
+ break;
+ case 1:
+ if (subjectAltNames.length > 0) {
+ for (let k = 0; k < subjectAltNames.length; k++) {
+ if (subjectAltNames[k].type === 2) {
+ valueExists = true;
+ groupPermitted = groupPermitted || compareDNSName(subjectAltNames[k].value, group[j].base.value);
+ }
+ }
+ }
+ break;
+ case 2:
+ valueExists = true;
+ groupPermitted = compareDirectoryName(cert.subject, group[j].base.value);
+ break;
+ case 3:
+ if (subjectAltNames.length > 0) {
+ for (let k = 0; k < subjectAltNames.length; k++) {
+ if (subjectAltNames[k].type === 6) {
+ valueExists = true;
+ groupPermitted = groupPermitted || compareUniformResourceIdentifier(subjectAltNames[k].value, group[j].base.value);
+ }
+ }
+ }
+ break;
+ case 4:
+ if (subjectAltNames.length > 0) {
+ for (let k = 0; k < subjectAltNames.length; k++) {
+ if (subjectAltNames[k].type === 7) {
+ valueExists = true;
+ groupPermitted = groupPermitted || compareIPAddress(subjectAltNames[k].value, group[j].base.value);
+ }
+ }
+ }
+ break;
+ default:
+ }
+ if (groupPermitted)
+ break;
+ }
+ if ((groupPermitted === false) && (group.length > 0) && valueExists) {
+ policyResult.result = false;
+ policyResult.resultCode = 41;
+ policyResult.resultMessage = "Failed to meet \"permitted sub-trees\" name constraint";
+ throw policyResult;
+ }
+ }
+ let excluded = false;
+ for (let j = 0; j < excludedSubtrees.length; j++) {
+ switch (excludedSubtrees[j].base.type) {
+ case 1:
+ if (subjectAltNames.length >= 0) {
+ for (let k = 0; k < subjectAltNames.length; k++) {
+ if (subjectAltNames[k].type === 1)
+ excluded = excluded || compareRFC822Name(subjectAltNames[k].value, excludedSubtrees[j].base.value);
+ }
+ }
+ else {
+ for (let k = 0; k < cert.subject.typesAndValues.length; k++) {
+ if ((cert.subject.typesAndValues[k].type === "1.2.840.113549.1.9.1") ||
+ (cert.subject.typesAndValues[k].type === "0.9.2342.19200300.100.1.3"))
+ excluded = excluded || compareRFC822Name(cert.subject.typesAndValues[k].value.valueBlock.value, excludedSubtrees[j].base.value);
+ }
+ }
+ break;
+ case 2:
+ if (subjectAltNames.length > 0) {
+ for (let k = 0; k < subjectAltNames.length; k++) {
+ if (subjectAltNames[k].type === 2)
+ excluded = excluded || compareDNSName(subjectAltNames[k].value, excludedSubtrees[j].base.value);
+ }
+ }
+ break;
+ case 4:
+ excluded = excluded || compareDirectoryName(cert.subject, excludedSubtrees[j].base.value);
+ break;
+ case 6:
+ if (subjectAltNames.length > 0) {
+ for (let k = 0; k < subjectAltNames.length; k++) {
+ if (subjectAltNames[k].type === 6)
+ excluded = excluded || compareUniformResourceIdentifier(subjectAltNames[k].value, excludedSubtrees[j].base.value);
+ }
+ }
+ break;
+ case 7:
+ if (subjectAltNames.length > 0) {
+ for (let k = 0; k < subjectAltNames.length; k++) {
+ if (subjectAltNames[k].type === 7)
+ excluded = excluded || compareIPAddress(subjectAltNames[k].value, excludedSubtrees[j].base.value);
+ }
+ }
+ break;
+ default:
+ }
+ if (excluded)
+ break;
+ }
+ if (excluded === true) {
+ policyResult.result = false;
+ policyResult.resultCode = 42;
+ policyResult.resultMessage = "Failed to meet \"excluded sub-trees\" name constraint";
+ throw policyResult;
+ }
+ permittedSubtrees = permittedSubtrees.concat(certPermittedSubtrees);
+ excludedSubtrees = excludedSubtrees.concat(certExcludedSubtrees);
+ }
+ return policyResult;
+ }
+ catch (error) {
+ if (error instanceof Error) {
+ if (error instanceof ChainValidationError) {
+ return {
+ result: false,
+ resultCode: error.code,
+ resultMessage: error.message,
+ error: error,
+ };
+ }
+ return {
+ result: false,
+ resultCode: ChainValidationCode.unknown,
+ resultMessage: error.message,
+ error: error,
+ };
+ }
+ if (error && typeof error === "object" && "resultMessage" in error) {
+ return error;
+ }
+ return {
+ result: false,
+ resultCode: -1,
+ resultMessage: `${error}`,
+ };
+ }
+ });
+ }
+}
+
+const TBS_RESPONSE_DATA = "tbsResponseData";
+const SIGNATURE_ALGORITHM$3 = "signatureAlgorithm";
+const SIGNATURE$2 = "signature";
+const CERTS$1 = "certs";
+const BASIC_OCSP_RESPONSE = "BasicOCSPResponse";
+const BASIC_OCSP_RESPONSE_TBS_RESPONSE_DATA = `${BASIC_OCSP_RESPONSE}.${TBS_RESPONSE_DATA}`;
+const BASIC_OCSP_RESPONSE_SIGNATURE_ALGORITHM = `${BASIC_OCSP_RESPONSE}.${SIGNATURE_ALGORITHM$3}`;
+const BASIC_OCSP_RESPONSE_SIGNATURE = `${BASIC_OCSP_RESPONSE}.${SIGNATURE$2}`;
+const BASIC_OCSP_RESPONSE_CERTS = `${BASIC_OCSP_RESPONSE}.${CERTS$1}`;
+const CLEAR_PROPS$g = [
+ BASIC_OCSP_RESPONSE_TBS_RESPONSE_DATA,
+ BASIC_OCSP_RESPONSE_SIGNATURE_ALGORITHM,
+ BASIC_OCSP_RESPONSE_SIGNATURE,
+ BASIC_OCSP_RESPONSE_CERTS
+];
+class BasicOCSPResponse extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.tbsResponseData = getParametersValue(parameters, TBS_RESPONSE_DATA, BasicOCSPResponse.defaultValues(TBS_RESPONSE_DATA));
+ this.signatureAlgorithm = getParametersValue(parameters, SIGNATURE_ALGORITHM$3, BasicOCSPResponse.defaultValues(SIGNATURE_ALGORITHM$3));
+ this.signature = getParametersValue(parameters, SIGNATURE$2, BasicOCSPResponse.defaultValues(SIGNATURE$2));
+ if (CERTS$1 in parameters) {
+ this.certs = getParametersValue(parameters, CERTS$1, BasicOCSPResponse.defaultValues(CERTS$1));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case TBS_RESPONSE_DATA:
+ return new ResponseData();
+ case SIGNATURE_ALGORITHM$3:
+ return new AlgorithmIdentifier();
+ case SIGNATURE$2:
+ return new BitString();
+ case CERTS$1:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case "type":
+ {
+ let comparisonResult = ((ResponseData.compareWithDefault("tbs", memberValue.tbs)) &&
+ (ResponseData.compareWithDefault("responderID", memberValue.responderID)) &&
+ (ResponseData.compareWithDefault("producedAt", memberValue.producedAt)) &&
+ (ResponseData.compareWithDefault("responses", memberValue.responses)));
+ if ("responseExtensions" in memberValue)
+ comparisonResult = comparisonResult && (ResponseData.compareWithDefault("responseExtensions", memberValue.responseExtensions));
+ return comparisonResult;
+ }
+ case SIGNATURE_ALGORITHM$3:
+ return ((memberValue.algorithmId === EMPTY_STRING) && (("algorithmParams" in memberValue) === false));
+ case SIGNATURE$2:
+ return (memberValue.isEqual(BasicOCSPResponse.defaultValues(memberName)));
+ case CERTS$1:
+ return (memberValue.length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || BASIC_OCSP_RESPONSE),
+ value: [
+ ResponseData.schema(names.tbsResponseData || {
+ names: {
+ blockName: BASIC_OCSP_RESPONSE_TBS_RESPONSE_DATA
+ }
+ }),
+ AlgorithmIdentifier.schema(names.signatureAlgorithm || {
+ names: {
+ blockName: BASIC_OCSP_RESPONSE_SIGNATURE_ALGORITHM
+ }
+ }),
+ new BitString({ name: (names.signature || BASIC_OCSP_RESPONSE_SIGNATURE) }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new Sequence({
+ value: [new Repeated({
+ name: BASIC_OCSP_RESPONSE_CERTS,
+ value: Certificate.schema(names.certs || {})
+ })]
+ })
+ ]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$g);
+ const asn1 = compareSchema(schema, schema, BasicOCSPResponse.schema());
+ AsnError.assertSchema(asn1, this.className);
+ this.tbsResponseData = new ResponseData({ schema: asn1.result[BASIC_OCSP_RESPONSE_TBS_RESPONSE_DATA] });
+ this.signatureAlgorithm = new AlgorithmIdentifier({ schema: asn1.result[BASIC_OCSP_RESPONSE_SIGNATURE_ALGORITHM] });
+ this.signature = asn1.result[BASIC_OCSP_RESPONSE_SIGNATURE];
+ if (BASIC_OCSP_RESPONSE_CERTS in asn1.result) {
+ this.certs = Array.from(asn1.result[BASIC_OCSP_RESPONSE_CERTS], element => new Certificate({ schema: element }));
+ }
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(this.tbsResponseData.toSchema());
+ outputArray.push(this.signatureAlgorithm.toSchema());
+ outputArray.push(this.signature);
+ if (this.certs) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new Sequence({
+ value: Array.from(this.certs, o => o.toSchema())
+ })
+ ]
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ tbsResponseData: this.tbsResponseData.toJSON(),
+ signatureAlgorithm: this.signatureAlgorithm.toJSON(),
+ signature: this.signature.toJSON(),
+ };
+ if (this.certs) {
+ res.certs = Array.from(this.certs, o => o.toJSON());
+ }
+ return res;
+ }
+ getCertificateStatus(certificate, issuerCertificate, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ const result = {
+ isForCertificate: false,
+ status: 2
+ };
+ const hashesObject = {};
+ const certIDs = [];
+ for (const response of this.tbsResponseData.responses) {
+ const hashAlgorithm = crypto.getAlgorithmByOID(response.certID.hashAlgorithm.algorithmId, true, "CertID.hashAlgorithm");
+ if (!hashesObject[hashAlgorithm.name]) {
+ hashesObject[hashAlgorithm.name] = 1;
+ const certID = new CertID();
+ certIDs.push(certID);
+ yield certID.createForCertificate(certificate, {
+ hashAlgorithm: hashAlgorithm.name,
+ issuerCertificate
+ }, crypto);
+ }
+ }
+ for (const response of this.tbsResponseData.responses) {
+ for (const id of certIDs) {
+ if (response.certID.isEqual(id)) {
+ result.isForCertificate = true;
+ try {
+ switch (response.certStatus.idBlock.isConstructed) {
+ case true:
+ if (response.certStatus.idBlock.tagNumber === 1)
+ result.status = 1;
+ break;
+ case false:
+ switch (response.certStatus.idBlock.tagNumber) {
+ case 0:
+ result.status = 0;
+ break;
+ case 2:
+ result.status = 2;
+ break;
+ default:
+ }
+ break;
+ default:
+ }
+ }
+ catch (ex) {
+ }
+ return result;
+ }
+ }
+ }
+ return result;
+ });
+ }
+ sign(privateKey, hashAlgorithm = "SHA-1", crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ if (!privateKey) {
+ throw new Error("Need to provide a private key for signing");
+ }
+ const signatureParams = yield crypto.getSignatureParameters(privateKey, hashAlgorithm);
+ const algorithm = signatureParams.parameters.algorithm;
+ if (!("name" in algorithm)) {
+ throw new Error("Empty algorithm");
+ }
+ this.signatureAlgorithm = signatureParams.signatureAlgorithm;
+ this.tbsResponseData.tbsView = new Uint8Array(this.tbsResponseData.toSchema(true).toBER());
+ const signature = yield crypto.signWithPrivateKey(this.tbsResponseData.tbsView, privateKey, { algorithm });
+ this.signature = new BitString({ valueHex: signature });
+ });
+ }
+ verify(params = {}, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ let signerCert = null;
+ let certIndex = -1;
+ const trustedCerts = params.trustedCerts || [];
+ if (!this.certs) {
+ throw new Error("No certificates attached to the BasicOCSPResponse");
+ }
+ switch (true) {
+ case (this.tbsResponseData.responderID instanceof RelativeDistinguishedNames):
+ for (const [index, certificate] of this.certs.entries()) {
+ if (certificate.subject.isEqual(this.tbsResponseData.responderID)) {
+ certIndex = index;
+ break;
+ }
+ }
+ break;
+ case (this.tbsResponseData.responderID instanceof OctetString):
+ for (const [index, cert] of this.certs.entries()) {
+ const hash = yield crypto.digest({ name: "sha-1" }, cert.subjectPublicKeyInfo.subjectPublicKey.valueBlock.valueHexView);
+ if (isEqualBuffer(hash, this.tbsResponseData.responderID.valueBlock.valueHex)) {
+ certIndex = index;
+ break;
+ }
+ }
+ break;
+ default:
+ throw new Error("Wrong value for responderID");
+ }
+ if (certIndex === (-1))
+ throw new Error("Correct certificate was not found in OCSP response");
+ signerCert = this.certs[certIndex];
+ const additionalCerts = [signerCert];
+ for (const cert of this.certs) {
+ const caCert = yield checkCA(cert, signerCert);
+ if (caCert) {
+ additionalCerts.push(caCert);
+ }
+ }
+ const certChain = new CertificateChainValidationEngine({
+ certs: additionalCerts,
+ trustedCerts,
+ });
+ const verificationResult = yield certChain.verify({}, crypto);
+ if (!verificationResult.result) {
+ throw new Error("Validation of signer's certificate failed");
+ }
+ return crypto.verifyWithPublicKey(this.tbsResponseData.tbsView, this.signature, this.certs[certIndex].subjectPublicKeyInfo, this.signatureAlgorithm);
+ });
+ }
+}
+BasicOCSPResponse.CLASS_NAME = "BasicOCSPResponse";
+
+const TBS$1 = "tbs";
+const VERSION$6 = "version";
+const SUBJECT = "subject";
+const SPKI = "subjectPublicKeyInfo";
+const ATTRIBUTES$1 = "attributes";
+const SIGNATURE_ALGORITHM$2 = "signatureAlgorithm";
+const SIGNATURE_VALUE = "signatureValue";
+const CSR_INFO = "CertificationRequestInfo";
+const CSR_INFO_VERSION = `${CSR_INFO}.version`;
+const CSR_INFO_SUBJECT = `${CSR_INFO}.subject`;
+const CSR_INFO_SPKI = `${CSR_INFO}.subjectPublicKeyInfo`;
+const CSR_INFO_ATTRS = `${CSR_INFO}.attributes`;
+const CLEAR_PROPS$f = [
+ CSR_INFO,
+ CSR_INFO_VERSION,
+ CSR_INFO_SUBJECT,
+ CSR_INFO_SPKI,
+ CSR_INFO_ATTRS,
+ SIGNATURE_ALGORITHM$2,
+ SIGNATURE_VALUE
+];
+function CertificationRequestInfo(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.CertificationRequestInfo || CSR_INFO),
+ value: [
+ new Integer({ name: (names.CertificationRequestInfoVersion || CSR_INFO_VERSION) }),
+ RelativeDistinguishedNames.schema(names.subject || {
+ names: {
+ blockName: CSR_INFO_SUBJECT
+ }
+ }),
+ PublicKeyInfo.schema({
+ names: {
+ blockName: CSR_INFO_SPKI
+ }
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new Repeated({
+ optional: true,
+ name: (names.CertificationRequestInfoAttributes || CSR_INFO_ATTRS),
+ value: Attribute.schema(names.attributes || {})
+ })
+ ]
+ })
+ ]
+ }));
+}
+class CertificationRequest extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.tbsView = new Uint8Array(getParametersValue(parameters, TBS$1, CertificationRequest.defaultValues(TBS$1)));
+ this.version = getParametersValue(parameters, VERSION$6, CertificationRequest.defaultValues(VERSION$6));
+ this.subject = getParametersValue(parameters, SUBJECT, CertificationRequest.defaultValues(SUBJECT));
+ this.subjectPublicKeyInfo = getParametersValue(parameters, SPKI, CertificationRequest.defaultValues(SPKI));
+ if (ATTRIBUTES$1 in parameters) {
+ this.attributes = getParametersValue(parameters, ATTRIBUTES$1, CertificationRequest.defaultValues(ATTRIBUTES$1));
+ }
+ this.signatureAlgorithm = getParametersValue(parameters, SIGNATURE_ALGORITHM$2, CertificationRequest.defaultValues(SIGNATURE_ALGORITHM$2));
+ this.signatureValue = getParametersValue(parameters, SIGNATURE_VALUE, CertificationRequest.defaultValues(SIGNATURE_VALUE));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ get tbs() {
+ return BufferSourceConverter.toArrayBuffer(this.tbsView);
+ }
+ set tbs(value) {
+ this.tbsView = new Uint8Array(value);
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case TBS$1:
+ return EMPTY_BUFFER;
+ case VERSION$6:
+ return 0;
+ case SUBJECT:
+ return new RelativeDistinguishedNames();
+ case SPKI:
+ return new PublicKeyInfo();
+ case ATTRIBUTES$1:
+ return [];
+ case SIGNATURE_ALGORITHM$2:
+ return new AlgorithmIdentifier();
+ case SIGNATURE_VALUE:
+ return new BitString();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ value: [
+ CertificationRequestInfo(names.certificationRequestInfo || {}),
+ new Sequence({
+ name: (names.signatureAlgorithm || SIGNATURE_ALGORITHM$2),
+ value: [
+ new ObjectIdentifier(),
+ new Any({ optional: true })
+ ]
+ }),
+ new BitString({ name: (names.signatureValue || SIGNATURE_VALUE) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$f);
+ const asn1 = compareSchema(schema, schema, CertificationRequest.schema());
+ AsnError.assertSchema(asn1, this.className);
+ this.tbsView = asn1.result.CertificationRequestInfo.valueBeforeDecodeView;
+ this.version = asn1.result[CSR_INFO_VERSION].valueBlock.valueDec;
+ this.subject = new RelativeDistinguishedNames({ schema: asn1.result[CSR_INFO_SUBJECT] });
+ this.subjectPublicKeyInfo = new PublicKeyInfo({ schema: asn1.result[CSR_INFO_SPKI] });
+ if (CSR_INFO_ATTRS in asn1.result) {
+ this.attributes = Array.from(asn1.result[CSR_INFO_ATTRS], element => new Attribute({ schema: element }));
+ }
+ this.signatureAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.signatureAlgorithm });
+ this.signatureValue = asn1.result.signatureValue;
+ }
+ encodeTBS() {
+ const outputArray = [
+ new Integer({ value: this.version }),
+ this.subject.toSchema(),
+ this.subjectPublicKeyInfo.toSchema()
+ ];
+ if (ATTRIBUTES$1 in this) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: Array.from(this.attributes || [], o => o.toSchema())
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toSchema(encodeFlag = false) {
+ let tbsSchema;
+ if (encodeFlag === false) {
+ if (this.tbsView.byteLength === 0) {
+ return CertificationRequest.schema();
+ }
+ const asn1 = fromBER(this.tbsView);
+ AsnError.assert(asn1, "PKCS#10 Certificate Request");
+ tbsSchema = asn1.result;
+ }
+ else {
+ tbsSchema = this.encodeTBS();
+ }
+ return (new Sequence({
+ value: [
+ tbsSchema,
+ this.signatureAlgorithm.toSchema(),
+ this.signatureValue
+ ]
+ }));
+ }
+ toJSON() {
+ const object = {
+ tbs: Convert.ToHex(this.tbsView),
+ version: this.version,
+ subject: this.subject.toJSON(),
+ subjectPublicKeyInfo: this.subjectPublicKeyInfo.toJSON(),
+ signatureAlgorithm: this.signatureAlgorithm.toJSON(),
+ signatureValue: this.signatureValue.toJSON(),
+ };
+ if (ATTRIBUTES$1 in this) {
+ object.attributes = Array.from(this.attributes || [], o => o.toJSON());
+ }
+ return object;
+ }
+ sign(privateKey, hashAlgorithm = "SHA-1", crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ if (!privateKey) {
+ throw new Error("Need to provide a private key for signing");
+ }
+ const signatureParams = yield crypto.getSignatureParameters(privateKey, hashAlgorithm);
+ const parameters = signatureParams.parameters;
+ this.signatureAlgorithm = signatureParams.signatureAlgorithm;
+ this.tbsView = new Uint8Array(this.encodeTBS().toBER());
+ const signature = yield crypto.signWithPrivateKey(this.tbsView, privateKey, parameters);
+ this.signatureValue = new BitString({ valueHex: signature });
+ });
+ }
+ verify(crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ return crypto.verifyWithPublicKey(this.tbsView, this.signatureValue, this.subjectPublicKeyInfo, this.signatureAlgorithm);
+ });
+ }
+ getPublicKey(parameters, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ return crypto.getPublicKey(this.subjectPublicKeyInfo, this.signatureAlgorithm, parameters);
+ });
+ }
+}
+CertificationRequest.CLASS_NAME = "CertificationRequest";
+
+const DIGEST_ALGORITHM$1 = "digestAlgorithm";
+const DIGEST = "digest";
+const CLEAR_PROPS$e = [
+ DIGEST_ALGORITHM$1,
+ DIGEST
+];
+class DigestInfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.digestAlgorithm = getParametersValue(parameters, DIGEST_ALGORITHM$1, DigestInfo.defaultValues(DIGEST_ALGORITHM$1));
+ this.digest = getParametersValue(parameters, DIGEST, DigestInfo.defaultValues(DIGEST));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case DIGEST_ALGORITHM$1:
+ return new AlgorithmIdentifier();
+ case DIGEST:
+ return new OctetString();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case DIGEST_ALGORITHM$1:
+ return ((AlgorithmIdentifier.compareWithDefault("algorithmId", memberValue.algorithmId)) &&
+ (("algorithmParams" in memberValue) === false));
+ case DIGEST:
+ return (memberValue.isEqual(DigestInfo.defaultValues(memberName)));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ AlgorithmIdentifier.schema(names.digestAlgorithm || {
+ names: {
+ blockName: DIGEST_ALGORITHM$1
+ }
+ }),
+ new OctetString({ name: (names.digest || DIGEST) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$e);
+ const asn1 = compareSchema(schema, schema, DigestInfo.schema({
+ names: {
+ digestAlgorithm: {
+ names: {
+ blockName: DIGEST_ALGORITHM$1
+ }
+ },
+ digest: DIGEST
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.digestAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.digestAlgorithm });
+ this.digest = asn1.result.digest;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ this.digestAlgorithm.toSchema(),
+ this.digest
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ digestAlgorithm: this.digestAlgorithm.toJSON(),
+ digest: this.digest.toJSON(),
+ };
+ }
+}
+DigestInfo.CLASS_NAME = "DigestInfo";
+
+const E_CONTENT_TYPE = "eContentType";
+const E_CONTENT = "eContent";
+const CLEAR_PROPS$d = [
+ E_CONTENT_TYPE,
+ E_CONTENT,
+];
+class EncapsulatedContentInfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.eContentType = getParametersValue(parameters, E_CONTENT_TYPE, EncapsulatedContentInfo.defaultValues(E_CONTENT_TYPE));
+ if (E_CONTENT in parameters) {
+ this.eContent = getParametersValue(parameters, E_CONTENT, EncapsulatedContentInfo.defaultValues(E_CONTENT));
+ if ((this.eContent.idBlock.tagClass === 1) &&
+ (this.eContent.idBlock.tagNumber === 4)) {
+ if (this.eContent.idBlock.isConstructed === false) {
+ const constrString = new OctetString({
+ idBlock: { isConstructed: true },
+ isConstructed: true
+ });
+ let offset = 0;
+ const viewHex = this.eContent.valueBlock.valueHexView.slice().buffer;
+ let length = viewHex.byteLength;
+ while (length > 0) {
+ const pieceView = new Uint8Array(viewHex, offset, ((offset + 65536) > viewHex.byteLength) ? (viewHex.byteLength - offset) : 65536);
+ const _array = new ArrayBuffer(pieceView.length);
+ const _view = new Uint8Array(_array);
+ for (let i = 0; i < _view.length; i++) {
+ _view[i] = pieceView[i];
+ }
+ constrString.valueBlock.value.push(new OctetString({ valueHex: _array }));
+ length -= pieceView.length;
+ offset += pieceView.length;
+ }
+ this.eContent = constrString;
+ }
+ }
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case E_CONTENT_TYPE:
+ return EMPTY_STRING;
+ case E_CONTENT:
+ return new OctetString();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case E_CONTENT_TYPE:
+ return (memberValue === EMPTY_STRING);
+ case E_CONTENT:
+ {
+ if ((memberValue.idBlock.tagClass === 1) && (memberValue.idBlock.tagNumber === 4))
+ return (memberValue.isEqual(EncapsulatedContentInfo.defaultValues(E_CONTENT)));
+ return false;
+ }
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.eContentType || EMPTY_STRING) }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new Any({ name: (names.eContent || EMPTY_STRING) })
+ ]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$d);
+ const asn1 = compareSchema(schema, schema, EncapsulatedContentInfo.schema({
+ names: {
+ eContentType: E_CONTENT_TYPE,
+ eContent: E_CONTENT
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.eContentType = asn1.result.eContentType.valueBlock.toString();
+ if (E_CONTENT in asn1.result)
+ this.eContent = asn1.result.eContent;
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(new ObjectIdentifier({ value: this.eContentType }));
+ if (this.eContent) {
+ if (EncapsulatedContentInfo.compareWithDefault(E_CONTENT, this.eContent) === false) {
+ outputArray.push(new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [this.eContent]
+ }));
+ }
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ eContentType: this.eContentType
+ };
+ if (this.eContent && EncapsulatedContentInfo.compareWithDefault(E_CONTENT, this.eContent) === false) {
+ res.eContent = this.eContent.toJSON();
+ }
+ return res;
+ }
+}
+EncapsulatedContentInfo.CLASS_NAME = "EncapsulatedContentInfo";
+
+class KeyBag extends PrivateKeyInfo {
+ constructor(parameters = {}) {
+ super(parameters);
+ }
+}
+
+const MAC = "mac";
+const MAC_SALT = "macSalt";
+const ITERATIONS = "iterations";
+const CLEAR_PROPS$c = [
+ MAC,
+ MAC_SALT,
+ ITERATIONS
+];
+class MacData extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.mac = getParametersValue(parameters, MAC, MacData.defaultValues(MAC));
+ this.macSalt = getParametersValue(parameters, MAC_SALT, MacData.defaultValues(MAC_SALT));
+ if (ITERATIONS in parameters) {
+ this.iterations = getParametersValue(parameters, ITERATIONS, MacData.defaultValues(ITERATIONS));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case MAC:
+ return new DigestInfo();
+ case MAC_SALT:
+ return new OctetString();
+ case ITERATIONS:
+ return 1;
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case MAC:
+ return ((DigestInfo.compareWithDefault("digestAlgorithm", memberValue.digestAlgorithm)) &&
+ (DigestInfo.compareWithDefault("digest", memberValue.digest)));
+ case MAC_SALT:
+ return (memberValue.isEqual(MacData.defaultValues(memberName)));
+ case ITERATIONS:
+ return (memberValue === MacData.defaultValues(memberName));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ optional: (names.optional || true),
+ value: [
+ DigestInfo.schema(names.mac || {
+ names: {
+ blockName: MAC
+ }
+ }),
+ new OctetString({ name: (names.macSalt || MAC_SALT) }),
+ new Integer({
+ optional: true,
+ name: (names.iterations || ITERATIONS)
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$c);
+ const asn1 = compareSchema(schema, schema, MacData.schema({
+ names: {
+ mac: {
+ names: {
+ blockName: MAC
+ }
+ },
+ macSalt: MAC_SALT,
+ iterations: ITERATIONS
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.mac = new DigestInfo({ schema: asn1.result.mac });
+ this.macSalt = asn1.result.macSalt;
+ if (ITERATIONS in asn1.result)
+ this.iterations = asn1.result.iterations.valueBlock.valueDec;
+ }
+ toSchema() {
+ const outputArray = [
+ this.mac.toSchema(),
+ this.macSalt
+ ];
+ if (this.iterations !== undefined) {
+ outputArray.push(new Integer({ value: this.iterations }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ mac: this.mac.toJSON(),
+ macSalt: this.macSalt.toJSON(),
+ };
+ if (this.iterations !== undefined) {
+ res.iterations = this.iterations;
+ }
+ return res;
+ }
+}
+MacData.CLASS_NAME = "MacData";
+
+const HASH_ALGORITHM = "hashAlgorithm";
+const HASHED_MESSAGE = "hashedMessage";
+const CLEAR_PROPS$b = [
+ HASH_ALGORITHM,
+ HASHED_MESSAGE,
+];
+class MessageImprint extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.hashAlgorithm = getParametersValue(parameters, HASH_ALGORITHM, MessageImprint.defaultValues(HASH_ALGORITHM));
+ this.hashedMessage = getParametersValue(parameters, HASHED_MESSAGE, MessageImprint.defaultValues(HASHED_MESSAGE));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static create(hashAlgorithm, message, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ const hashAlgorithmOID = crypto.getOIDByAlgorithm({ name: hashAlgorithm }, true, "hashAlgorithm");
+ const hashedMessage = yield crypto.digest(hashAlgorithm, message);
+ const res = new MessageImprint({
+ hashAlgorithm: new AlgorithmIdentifier({
+ algorithmId: hashAlgorithmOID,
+ algorithmParams: new Null(),
+ }),
+ hashedMessage: new OctetString({ valueHex: hashedMessage })
+ });
+ return res;
+ });
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case HASH_ALGORITHM:
+ return new AlgorithmIdentifier();
+ case HASHED_MESSAGE:
+ return new OctetString();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case HASH_ALGORITHM:
+ return ((memberValue.algorithmId === EMPTY_STRING) && (("algorithmParams" in memberValue) === false));
+ case HASHED_MESSAGE:
+ return (memberValue.isEqual(MessageImprint.defaultValues(memberName)) === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ AlgorithmIdentifier.schema(names.hashAlgorithm || {}),
+ new OctetString({ name: (names.hashedMessage || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$b);
+ const asn1 = compareSchema(schema, schema, MessageImprint.schema({
+ names: {
+ hashAlgorithm: {
+ names: {
+ blockName: HASH_ALGORITHM
+ }
+ },
+ hashedMessage: HASHED_MESSAGE
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.hashAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.hashAlgorithm });
+ this.hashedMessage = asn1.result.hashedMessage;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ this.hashAlgorithm.toSchema(),
+ this.hashedMessage
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ hashAlgorithm: this.hashAlgorithm.toJSON(),
+ hashedMessage: this.hashedMessage.toJSON(),
+ };
+ }
+}
+MessageImprint.CLASS_NAME = "MessageImprint";
+
+const REQ_CERT = "reqCert";
+const SINGLE_REQUEST_EXTENSIONS = "singleRequestExtensions";
+const CLEAR_PROPS$a = [
+ REQ_CERT,
+ SINGLE_REQUEST_EXTENSIONS,
+];
+class Request extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.reqCert = getParametersValue(parameters, REQ_CERT, Request.defaultValues(REQ_CERT));
+ if (SINGLE_REQUEST_EXTENSIONS in parameters) {
+ this.singleRequestExtensions = getParametersValue(parameters, SINGLE_REQUEST_EXTENSIONS, Request.defaultValues(SINGLE_REQUEST_EXTENSIONS));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case REQ_CERT:
+ return new CertID();
+ case SINGLE_REQUEST_EXTENSIONS:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case REQ_CERT:
+ return (memberValue.isEqual(Request.defaultValues(memberName)));
+ case SINGLE_REQUEST_EXTENSIONS:
+ return (memberValue.length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ CertID.schema(names.reqCert || {}),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [Extension.schema(names.extensions || {
+ names: {
+ blockName: (names.singleRequestExtensions || EMPTY_STRING)
+ }
+ })]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$a);
+ const asn1 = compareSchema(schema, schema, Request.schema({
+ names: {
+ reqCert: {
+ names: {
+ blockName: REQ_CERT
+ }
+ },
+ extensions: {
+ names: {
+ blockName: SINGLE_REQUEST_EXTENSIONS
+ }
+ }
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.reqCert = new CertID({ schema: asn1.result.reqCert });
+ if (SINGLE_REQUEST_EXTENSIONS in asn1.result) {
+ this.singleRequestExtensions = Array.from(asn1.result.singleRequestExtensions.valueBlock.value, element => new Extension({ schema: element }));
+ }
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(this.reqCert.toSchema());
+ if (this.singleRequestExtensions) {
+ outputArray.push(new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new Sequence({
+ value: Array.from(this.singleRequestExtensions, o => o.toSchema())
+ })
+ ]
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ reqCert: this.reqCert.toJSON()
+ };
+ if (this.singleRequestExtensions) {
+ res.singleRequestExtensions = Array.from(this.singleRequestExtensions, o => o.toJSON());
+ }
+ return res;
+ }
+}
+Request.CLASS_NAME = "Request";
+
+const TBS = "tbs";
+const VERSION$5 = "version";
+const REQUESTOR_NAME = "requestorName";
+const REQUEST_LIST = "requestList";
+const REQUEST_EXTENSIONS = "requestExtensions";
+const TBS_REQUEST$1 = "TBSRequest";
+const TBS_REQUEST_VERSION = `${TBS_REQUEST$1}.${VERSION$5}`;
+const TBS_REQUEST_REQUESTOR_NAME = `${TBS_REQUEST$1}.${REQUESTOR_NAME}`;
+const TBS_REQUEST_REQUESTS = `${TBS_REQUEST$1}.requests`;
+const TBS_REQUEST_REQUEST_EXTENSIONS = `${TBS_REQUEST$1}.${REQUEST_EXTENSIONS}`;
+const CLEAR_PROPS$9 = [
+ TBS_REQUEST$1,
+ TBS_REQUEST_VERSION,
+ TBS_REQUEST_REQUESTOR_NAME,
+ TBS_REQUEST_REQUESTS,
+ TBS_REQUEST_REQUEST_EXTENSIONS
+];
+class TBSRequest extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.tbsView = new Uint8Array(getParametersValue(parameters, TBS, TBSRequest.defaultValues(TBS)));
+ if (VERSION$5 in parameters) {
+ this.version = getParametersValue(parameters, VERSION$5, TBSRequest.defaultValues(VERSION$5));
+ }
+ if (REQUESTOR_NAME in parameters) {
+ this.requestorName = getParametersValue(parameters, REQUESTOR_NAME, TBSRequest.defaultValues(REQUESTOR_NAME));
+ }
+ this.requestList = getParametersValue(parameters, REQUEST_LIST, TBSRequest.defaultValues(REQUEST_LIST));
+ if (REQUEST_EXTENSIONS in parameters) {
+ this.requestExtensions = getParametersValue(parameters, REQUEST_EXTENSIONS, TBSRequest.defaultValues(REQUEST_EXTENSIONS));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ get tbs() {
+ return BufferSourceConverter.toArrayBuffer(this.tbsView);
+ }
+ set tbs(value) {
+ this.tbsView = new Uint8Array(value);
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case TBS:
+ return EMPTY_BUFFER;
+ case VERSION$5:
+ return 0;
+ case REQUESTOR_NAME:
+ return new GeneralName();
+ case REQUEST_LIST:
+ case REQUEST_EXTENSIONS:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case TBS:
+ return (memberValue.byteLength === 0);
+ case VERSION$5:
+ return (memberValue === TBSRequest.defaultValues(memberName));
+ case REQUESTOR_NAME:
+ return ((memberValue.type === GeneralName.defaultValues("type")) && (Object.keys(memberValue.value).length === 0));
+ case REQUEST_LIST:
+ case REQUEST_EXTENSIONS:
+ return (memberValue.length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || TBS_REQUEST$1),
+ value: [
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [new Integer({ name: (names.TBSRequestVersion || TBS_REQUEST_VERSION) })]
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [GeneralName.schema(names.requestorName || {
+ names: {
+ blockName: TBS_REQUEST_REQUESTOR_NAME
+ }
+ })]
+ }),
+ new Sequence({
+ name: (names.requestList || "TBSRequest.requestList"),
+ value: [
+ new Repeated({
+ name: (names.requests || TBS_REQUEST_REQUESTS),
+ value: Request.schema(names.requestNames || {})
+ })
+ ]
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ value: [Extensions.schema(names.extensions || {
+ names: {
+ blockName: (names.requestExtensions || TBS_REQUEST_REQUEST_EXTENSIONS)
+ }
+ })]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$9);
+ const asn1 = compareSchema(schema, schema, TBSRequest.schema());
+ AsnError.assertSchema(asn1, this.className);
+ this.tbsView = asn1.result.TBSRequest.valueBeforeDecodeView;
+ if (TBS_REQUEST_VERSION in asn1.result)
+ this.version = asn1.result[TBS_REQUEST_VERSION].valueBlock.valueDec;
+ if (TBS_REQUEST_REQUESTOR_NAME in asn1.result)
+ this.requestorName = new GeneralName({ schema: asn1.result[TBS_REQUEST_REQUESTOR_NAME] });
+ this.requestList = Array.from(asn1.result[TBS_REQUEST_REQUESTS], element => new Request({ schema: element }));
+ if (TBS_REQUEST_REQUEST_EXTENSIONS in asn1.result)
+ this.requestExtensions = Array.from(asn1.result[TBS_REQUEST_REQUEST_EXTENSIONS].valueBlock.value, element => new Extension({ schema: element }));
+ }
+ toSchema(encodeFlag = false) {
+ let tbsSchema;
+ if (encodeFlag === false) {
+ if (this.tbsView.byteLength === 0)
+ return TBSRequest.schema();
+ const asn1 = fromBER(this.tbsView);
+ AsnError.assert(asn1, "TBS Request");
+ if (!(asn1.result instanceof Sequence)) {
+ throw new Error("ASN.1 result should be SEQUENCE");
+ }
+ tbsSchema = asn1.result;
+ }
+ else {
+ const outputArray = [];
+ if (this.version !== undefined) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [new Integer({ value: this.version })]
+ }));
+ }
+ if (this.requestorName) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [this.requestorName.toSchema()]
+ }));
+ }
+ outputArray.push(new Sequence({
+ value: Array.from(this.requestList, o => o.toSchema())
+ }));
+ if (this.requestExtensions) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 2
+ },
+ value: [
+ new Sequence({
+ value: Array.from(this.requestExtensions, o => o.toSchema())
+ })
+ ]
+ }));
+ }
+ tbsSchema = new Sequence({
+ value: outputArray
+ });
+ }
+ return tbsSchema;
+ }
+ toJSON() {
+ const res = {};
+ if (this.version != undefined)
+ res.version = this.version;
+ if (this.requestorName) {
+ res.requestorName = this.requestorName.toJSON();
+ }
+ res.requestList = Array.from(this.requestList, o => o.toJSON());
+ if (this.requestExtensions) {
+ res.requestExtensions = Array.from(this.requestExtensions, o => o.toJSON());
+ }
+ return res;
+ }
+}
+TBSRequest.CLASS_NAME = "TBSRequest";
+
+const SIGNATURE_ALGORITHM$1 = "signatureAlgorithm";
+const SIGNATURE$1 = "signature";
+const CERTS = "certs";
+class Signature extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.signatureAlgorithm = getParametersValue(parameters, SIGNATURE_ALGORITHM$1, Signature.defaultValues(SIGNATURE_ALGORITHM$1));
+ this.signature = getParametersValue(parameters, SIGNATURE$1, Signature.defaultValues(SIGNATURE$1));
+ if (CERTS in parameters) {
+ this.certs = getParametersValue(parameters, CERTS, Signature.defaultValues(CERTS));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case SIGNATURE_ALGORITHM$1:
+ return new AlgorithmIdentifier();
+ case SIGNATURE$1:
+ return new BitString();
+ case CERTS:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case SIGNATURE_ALGORITHM$1:
+ return ((memberValue.algorithmId === EMPTY_STRING) && (("algorithmParams" in memberValue) === false));
+ case SIGNATURE$1:
+ return (memberValue.isEqual(Signature.defaultValues(memberName)));
+ case CERTS:
+ return (memberValue.length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ AlgorithmIdentifier.schema(names.signatureAlgorithm || {}),
+ new BitString({ name: (names.signature || EMPTY_STRING) }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new Sequence({
+ value: [new Repeated({
+ name: (names.certs || EMPTY_STRING),
+ value: Certificate.schema({})
+ })]
+ })
+ ]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, [
+ SIGNATURE_ALGORITHM$1,
+ SIGNATURE$1,
+ CERTS
+ ]);
+ const asn1 = compareSchema(schema, schema, Signature.schema({
+ names: {
+ signatureAlgorithm: {
+ names: {
+ blockName: SIGNATURE_ALGORITHM$1
+ }
+ },
+ signature: SIGNATURE$1,
+ certs: CERTS
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.signatureAlgorithm = new AlgorithmIdentifier({ schema: asn1.result.signatureAlgorithm });
+ this.signature = asn1.result.signature;
+ if (CERTS in asn1.result)
+ this.certs = Array.from(asn1.result.certs, element => new Certificate({ schema: element }));
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(this.signatureAlgorithm.toSchema());
+ outputArray.push(this.signature);
+ if (this.certs) {
+ outputArray.push(new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ new Sequence({
+ value: Array.from(this.certs, o => o.toSchema())
+ })
+ ]
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ signatureAlgorithm: this.signatureAlgorithm.toJSON(),
+ signature: this.signature.toJSON(),
+ };
+ if (this.certs) {
+ res.certs = Array.from(this.certs, o => o.toJSON());
+ }
+ return res;
+ }
+}
+Signature.CLASS_NAME = "Signature";
+
+const TBS_REQUEST = "tbsRequest";
+const OPTIONAL_SIGNATURE = "optionalSignature";
+const CLEAR_PROPS$8 = [
+ TBS_REQUEST,
+ OPTIONAL_SIGNATURE
+];
+class OCSPRequest extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.tbsRequest = getParametersValue(parameters, TBS_REQUEST, OCSPRequest.defaultValues(TBS_REQUEST));
+ if (OPTIONAL_SIGNATURE in parameters) {
+ this.optionalSignature = getParametersValue(parameters, OPTIONAL_SIGNATURE, OCSPRequest.defaultValues(OPTIONAL_SIGNATURE));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case TBS_REQUEST:
+ return new TBSRequest();
+ case OPTIONAL_SIGNATURE:
+ return new Signature();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case TBS_REQUEST:
+ return ((TBSRequest.compareWithDefault("tbs", memberValue.tbs)) &&
+ (TBSRequest.compareWithDefault("version", memberValue.version)) &&
+ (TBSRequest.compareWithDefault("requestorName", memberValue.requestorName)) &&
+ (TBSRequest.compareWithDefault("requestList", memberValue.requestList)) &&
+ (TBSRequest.compareWithDefault("requestExtensions", memberValue.requestExtensions)));
+ case OPTIONAL_SIGNATURE:
+ return ((Signature.compareWithDefault("signatureAlgorithm", memberValue.signatureAlgorithm)) &&
+ (Signature.compareWithDefault("signature", memberValue.signature)) &&
+ (Signature.compareWithDefault("certs", memberValue.certs)));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: names.blockName || "OCSPRequest",
+ value: [
+ TBSRequest.schema(names.tbsRequest || {
+ names: {
+ blockName: TBS_REQUEST
+ }
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ Signature.schema(names.optionalSignature || {
+ names: {
+ blockName: OPTIONAL_SIGNATURE
+ }
+ })
+ ]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$8);
+ const asn1 = compareSchema(schema, schema, OCSPRequest.schema());
+ AsnError.assertSchema(asn1, this.className);
+ this.tbsRequest = new TBSRequest({ schema: asn1.result.tbsRequest });
+ if (OPTIONAL_SIGNATURE in asn1.result)
+ this.optionalSignature = new Signature({ schema: asn1.result.optionalSignature });
+ }
+ toSchema(encodeFlag = false) {
+ const outputArray = [];
+ outputArray.push(this.tbsRequest.toSchema(encodeFlag));
+ if (this.optionalSignature)
+ outputArray.push(new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ this.optionalSignature.toSchema()
+ ]
+ }));
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ tbsRequest: this.tbsRequest.toJSON()
+ };
+ if (this.optionalSignature) {
+ res.optionalSignature = this.optionalSignature.toJSON();
+ }
+ return res;
+ }
+ createForCertificate(certificate, parameters, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ const certID = new CertID();
+ yield certID.createForCertificate(certificate, parameters, crypto);
+ this.tbsRequest.requestList.push(new Request({
+ reqCert: certID,
+ }));
+ });
+ }
+ sign(privateKey, hashAlgorithm = "SHA-1", crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ ParameterError.assertEmpty(privateKey, "privateKey", "OCSPRequest.sign method");
+ if (!this.optionalSignature) {
+ throw new Error("Need to create \"optionalSignature\" field before signing");
+ }
+ const signatureParams = yield crypto.getSignatureParameters(privateKey, hashAlgorithm);
+ const parameters = signatureParams.parameters;
+ this.optionalSignature.signatureAlgorithm = signatureParams.signatureAlgorithm;
+ const tbs = this.tbsRequest.toSchema(true).toBER(false);
+ const signature = yield crypto.signWithPrivateKey(tbs, privateKey, parameters);
+ this.optionalSignature.signature = new BitString({ valueHex: signature });
+ });
+ }
+ verify() {
+ }
+}
+OCSPRequest.CLASS_NAME = "OCSPRequest";
+
+const RESPONSE_TYPE = "responseType";
+const RESPONSE = "response";
+const CLEAR_PROPS$7 = [
+ RESPONSE_TYPE,
+ RESPONSE
+];
+class ResponseBytes extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.responseType = getParametersValue(parameters, RESPONSE_TYPE, ResponseBytes.defaultValues(RESPONSE_TYPE));
+ this.response = getParametersValue(parameters, RESPONSE, ResponseBytes.defaultValues(RESPONSE));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case RESPONSE_TYPE:
+ return EMPTY_STRING;
+ case RESPONSE:
+ return new OctetString();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case RESPONSE_TYPE:
+ return (memberValue === EMPTY_STRING);
+ case RESPONSE:
+ return (memberValue.isEqual(ResponseBytes.defaultValues(memberName)));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new ObjectIdentifier({ name: (names.responseType || EMPTY_STRING) }),
+ new OctetString({ name: (names.response || EMPTY_STRING) })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$7);
+ const asn1 = compareSchema(schema, schema, ResponseBytes.schema({
+ names: {
+ responseType: RESPONSE_TYPE,
+ response: RESPONSE
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.responseType = asn1.result.responseType.valueBlock.toString();
+ this.response = asn1.result.response;
+ }
+ toSchema() {
+ return (new Sequence({
+ value: [
+ new ObjectIdentifier({ value: this.responseType }),
+ this.response
+ ]
+ }));
+ }
+ toJSON() {
+ return {
+ responseType: this.responseType,
+ response: this.response.toJSON(),
+ };
+ }
+}
+ResponseBytes.CLASS_NAME = "ResponseBytes";
+
+const RESPONSE_STATUS = "responseStatus";
+const RESPONSE_BYTES = "responseBytes";
+class OCSPResponse extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.responseStatus = getParametersValue(parameters, RESPONSE_STATUS, OCSPResponse.defaultValues(RESPONSE_STATUS));
+ if (RESPONSE_BYTES in parameters) {
+ this.responseBytes = getParametersValue(parameters, RESPONSE_BYTES, OCSPResponse.defaultValues(RESPONSE_BYTES));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case RESPONSE_STATUS:
+ return new Enumerated();
+ case RESPONSE_BYTES:
+ return new ResponseBytes();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case RESPONSE_STATUS:
+ return (memberValue.isEqual(OCSPResponse.defaultValues(memberName)));
+ case RESPONSE_BYTES:
+ return ((ResponseBytes.compareWithDefault("responseType", memberValue.responseType)) &&
+ (ResponseBytes.compareWithDefault("response", memberValue.response)));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || "OCSPResponse"),
+ value: [
+ new Enumerated({ name: (names.responseStatus || RESPONSE_STATUS) }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [
+ ResponseBytes.schema(names.responseBytes || {
+ names: {
+ blockName: RESPONSE_BYTES
+ }
+ })
+ ]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, [
+ RESPONSE_STATUS,
+ RESPONSE_BYTES
+ ]);
+ const asn1 = compareSchema(schema, schema, OCSPResponse.schema());
+ AsnError.assertSchema(asn1, this.className);
+ this.responseStatus = asn1.result.responseStatus;
+ if (RESPONSE_BYTES in asn1.result)
+ this.responseBytes = new ResponseBytes({ schema: asn1.result.responseBytes });
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(this.responseStatus);
+ if (this.responseBytes) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [this.responseBytes.toSchema()]
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ responseStatus: this.responseStatus.toJSON()
+ };
+ if (this.responseBytes) {
+ res.responseBytes = this.responseBytes.toJSON();
+ }
+ return res;
+ }
+ getCertificateStatus(certificate, issuerCertificate, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ let basicResponse;
+ const result = {
+ isForCertificate: false,
+ status: 2
+ };
+ if (!this.responseBytes)
+ return result;
+ if (this.responseBytes.responseType !== id_PKIX_OCSP_Basic)
+ return result;
+ try {
+ const asn1Basic = fromBER(this.responseBytes.response.valueBlock.valueHexView);
+ AsnError.assert(asn1Basic, "Basic OCSP response");
+ basicResponse = new BasicOCSPResponse({ schema: asn1Basic.result });
+ }
+ catch (ex) {
+ return result;
+ }
+ return basicResponse.getCertificateStatus(certificate, issuerCertificate, crypto);
+ });
+ }
+ sign(privateKey, hashAlgorithm, crypto = getCrypto(true)) {
+ var _a;
+ return __awaiter(this, void 0, void 0, function* () {
+ if (this.responseBytes && this.responseBytes.responseType === id_PKIX_OCSP_Basic) {
+ const basicResponse = BasicOCSPResponse.fromBER(this.responseBytes.response.valueBlock.valueHexView);
+ return basicResponse.sign(privateKey, hashAlgorithm, crypto);
+ }
+ throw new Error(`Unknown ResponseBytes type: ${((_a = this.responseBytes) === null || _a === void 0 ? void 0 : _a.responseType) || "Unknown"}`);
+ });
+ }
+ verify(issuerCertificate = null, crypto = getCrypto(true)) {
+ var _a;
+ return __awaiter(this, void 0, void 0, function* () {
+ if ((RESPONSE_BYTES in this) === false)
+ throw new Error("Empty ResponseBytes field");
+ if (this.responseBytes && this.responseBytes.responseType === id_PKIX_OCSP_Basic) {
+ const basicResponse = BasicOCSPResponse.fromBER(this.responseBytes.response.valueBlock.valueHexView);
+ if (issuerCertificate !== null) {
+ if (!basicResponse.certs) {
+ basicResponse.certs = [];
+ }
+ basicResponse.certs.push(issuerCertificate);
+ }
+ return basicResponse.verify({}, crypto);
+ }
+ throw new Error(`Unknown ResponseBytes type: ${((_a = this.responseBytes) === null || _a === void 0 ? void 0 : _a.responseType) || "Unknown"}`);
+ });
+ }
+}
+OCSPResponse.CLASS_NAME = "OCSPResponse";
+
+const TYPE = "type";
+const ATTRIBUTES = "attributes";
+const ENCODED_VALUE = "encodedValue";
+const CLEAR_PROPS$6 = [
+ ATTRIBUTES
+];
+class SignedAndUnsignedAttributes extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.type = getParametersValue(parameters, TYPE, SignedAndUnsignedAttributes.defaultValues(TYPE));
+ this.attributes = getParametersValue(parameters, ATTRIBUTES, SignedAndUnsignedAttributes.defaultValues(ATTRIBUTES));
+ this.encodedValue = getParametersValue(parameters, ENCODED_VALUE, SignedAndUnsignedAttributes.defaultValues(ENCODED_VALUE));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case TYPE:
+ return (-1);
+ case ATTRIBUTES:
+ return [];
+ case ENCODED_VALUE:
+ return EMPTY_BUFFER;
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case TYPE:
+ return (memberValue === SignedAndUnsignedAttributes.defaultValues(TYPE));
+ case ATTRIBUTES:
+ return (memberValue.length === 0);
+ case ENCODED_VALUE:
+ return (memberValue.byteLength === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Constructed({
+ name: (names.blockName || EMPTY_STRING),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: names.tagNumber || 0
+ },
+ value: [
+ new Repeated({
+ name: (names.attributes || EMPTY_STRING),
+ value: Attribute.schema()
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$6);
+ const asn1 = compareSchema(schema, schema, SignedAndUnsignedAttributes.schema({
+ names: {
+ tagNumber: this.type,
+ attributes: ATTRIBUTES
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.type = asn1.result.idBlock.tagNumber;
+ this.encodedValue = BufferSourceConverter.toArrayBuffer(asn1.result.valueBeforeDecodeView);
+ const encodedView = new Uint8Array(this.encodedValue);
+ encodedView[0] = 0x31;
+ if ((ATTRIBUTES in asn1.result) === false) {
+ if (this.type === 0)
+ throw new Error("Wrong structure of SignedUnsignedAttributes");
+ else
+ return;
+ }
+ this.attributes = Array.from(asn1.result.attributes, element => new Attribute({ schema: element }));
+ }
+ toSchema() {
+ if (SignedAndUnsignedAttributes.compareWithDefault(TYPE, this.type) || SignedAndUnsignedAttributes.compareWithDefault(ATTRIBUTES, this.attributes))
+ throw new Error("Incorrectly initialized \"SignedAndUnsignedAttributes\" class");
+ return (new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: this.type
+ },
+ value: Array.from(this.attributes, o => o.toSchema())
+ }));
+ }
+ toJSON() {
+ if (SignedAndUnsignedAttributes.compareWithDefault(TYPE, this.type) || SignedAndUnsignedAttributes.compareWithDefault(ATTRIBUTES, this.attributes))
+ throw new Error("Incorrectly initialized \"SignedAndUnsignedAttributes\" class");
+ return {
+ type: this.type,
+ attributes: Array.from(this.attributes, o => o.toJSON())
+ };
+ }
+}
+SignedAndUnsignedAttributes.CLASS_NAME = "SignedAndUnsignedAttributes";
+
+const VERSION$4 = "version";
+const SID = "sid";
+const DIGEST_ALGORITHM = "digestAlgorithm";
+const SIGNED_ATTRS = "signedAttrs";
+const SIGNATURE_ALGORITHM = "signatureAlgorithm";
+const SIGNATURE = "signature";
+const UNSIGNED_ATTRS = "unsignedAttrs";
+const SIGNER_INFO = "SignerInfo";
+const SIGNER_INFO_VERSION = `${SIGNER_INFO}.${VERSION$4}`;
+const SIGNER_INFO_SID = `${SIGNER_INFO}.${SID}`;
+const SIGNER_INFO_DIGEST_ALGORITHM = `${SIGNER_INFO}.${DIGEST_ALGORITHM}`;
+const SIGNER_INFO_SIGNED_ATTRS = `${SIGNER_INFO}.${SIGNED_ATTRS}`;
+const SIGNER_INFO_SIGNATURE_ALGORITHM = `${SIGNER_INFO}.${SIGNATURE_ALGORITHM}`;
+const SIGNER_INFO_SIGNATURE = `${SIGNER_INFO}.${SIGNATURE}`;
+const SIGNER_INFO_UNSIGNED_ATTRS = `${SIGNER_INFO}.${UNSIGNED_ATTRS}`;
+const CLEAR_PROPS$5 = [
+ SIGNER_INFO_VERSION,
+ SIGNER_INFO_SID,
+ SIGNER_INFO_DIGEST_ALGORITHM,
+ SIGNER_INFO_SIGNED_ATTRS,
+ SIGNER_INFO_SIGNATURE_ALGORITHM,
+ SIGNER_INFO_SIGNATURE,
+ SIGNER_INFO_UNSIGNED_ATTRS
+];
+class SignerInfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.version = getParametersValue(parameters, VERSION$4, SignerInfo.defaultValues(VERSION$4));
+ this.sid = getParametersValue(parameters, SID, SignerInfo.defaultValues(SID));
+ this.digestAlgorithm = getParametersValue(parameters, DIGEST_ALGORITHM, SignerInfo.defaultValues(DIGEST_ALGORITHM));
+ if (SIGNED_ATTRS in parameters) {
+ this.signedAttrs = getParametersValue(parameters, SIGNED_ATTRS, SignerInfo.defaultValues(SIGNED_ATTRS));
+ }
+ this.signatureAlgorithm = getParametersValue(parameters, SIGNATURE_ALGORITHM, SignerInfo.defaultValues(SIGNATURE_ALGORITHM));
+ this.signature = getParametersValue(parameters, SIGNATURE, SignerInfo.defaultValues(SIGNATURE));
+ if (UNSIGNED_ATTRS in parameters) {
+ this.unsignedAttrs = getParametersValue(parameters, UNSIGNED_ATTRS, SignerInfo.defaultValues(UNSIGNED_ATTRS));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VERSION$4:
+ return 0;
+ case SID:
+ return new Any();
+ case DIGEST_ALGORITHM:
+ return new AlgorithmIdentifier();
+ case SIGNED_ATTRS:
+ return new SignedAndUnsignedAttributes({ type: 0 });
+ case SIGNATURE_ALGORITHM:
+ return new AlgorithmIdentifier();
+ case SIGNATURE:
+ return new OctetString();
+ case UNSIGNED_ATTRS:
+ return new SignedAndUnsignedAttributes({ type: 1 });
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case VERSION$4:
+ return (SignerInfo.defaultValues(VERSION$4) === memberValue);
+ case SID:
+ return (memberValue instanceof Any);
+ case DIGEST_ALGORITHM:
+ if ((memberValue instanceof AlgorithmIdentifier) === false)
+ return false;
+ return memberValue.isEqual(SignerInfo.defaultValues(DIGEST_ALGORITHM));
+ case SIGNED_ATTRS:
+ return ((SignedAndUnsignedAttributes.compareWithDefault("type", memberValue.type))
+ && (SignedAndUnsignedAttributes.compareWithDefault("attributes", memberValue.attributes))
+ && (SignedAndUnsignedAttributes.compareWithDefault("encodedValue", memberValue.encodedValue)));
+ case SIGNATURE_ALGORITHM:
+ if ((memberValue instanceof AlgorithmIdentifier) === false)
+ return false;
+ return memberValue.isEqual(SignerInfo.defaultValues(SIGNATURE_ALGORITHM));
+ case SIGNATURE:
+ case UNSIGNED_ATTRS:
+ return ((SignedAndUnsignedAttributes.compareWithDefault("type", memberValue.type))
+ && (SignedAndUnsignedAttributes.compareWithDefault("attributes", memberValue.attributes))
+ && (SignedAndUnsignedAttributes.compareWithDefault("encodedValue", memberValue.encodedValue)));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: SIGNER_INFO,
+ value: [
+ new Integer({ name: (names.version || SIGNER_INFO_VERSION) }),
+ new Choice({
+ value: [
+ IssuerAndSerialNumber.schema(names.sidSchema || {
+ names: {
+ blockName: SIGNER_INFO_SID
+ }
+ }),
+ new Choice({
+ value: [
+ new Constructed({
+ optional: true,
+ name: (names.sid || SIGNER_INFO_SID),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [new OctetString()]
+ }),
+ new Primitive({
+ optional: true,
+ name: (names.sid || SIGNER_INFO_SID),
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ }
+ }),
+ ]
+ }),
+ ]
+ }),
+ AlgorithmIdentifier.schema(names.digestAlgorithm || {
+ names: {
+ blockName: SIGNER_INFO_DIGEST_ALGORITHM
+ }
+ }),
+ SignedAndUnsignedAttributes.schema(names.signedAttrs || {
+ names: {
+ blockName: SIGNER_INFO_SIGNED_ATTRS,
+ tagNumber: 0
+ }
+ }),
+ AlgorithmIdentifier.schema(names.signatureAlgorithm || {
+ names: {
+ blockName: SIGNER_INFO_SIGNATURE_ALGORITHM
+ }
+ }),
+ new OctetString({ name: (names.signature || SIGNER_INFO_SIGNATURE) }),
+ SignedAndUnsignedAttributes.schema(names.unsignedAttrs || {
+ names: {
+ blockName: SIGNER_INFO_UNSIGNED_ATTRS,
+ tagNumber: 1
+ }
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$5);
+ const asn1 = compareSchema(schema, schema, SignerInfo.schema());
+ AsnError.assertSchema(asn1, this.className);
+ this.version = asn1.result[SIGNER_INFO_VERSION].valueBlock.valueDec;
+ const currentSid = asn1.result[SIGNER_INFO_SID];
+ if (currentSid.idBlock.tagClass === 1)
+ this.sid = new IssuerAndSerialNumber({ schema: currentSid });
+ else
+ this.sid = currentSid;
+ this.digestAlgorithm = new AlgorithmIdentifier({ schema: asn1.result[SIGNER_INFO_DIGEST_ALGORITHM] });
+ if (SIGNER_INFO_SIGNED_ATTRS in asn1.result)
+ this.signedAttrs = new SignedAndUnsignedAttributes({ type: 0, schema: asn1.result[SIGNER_INFO_SIGNED_ATTRS] });
+ this.signatureAlgorithm = new AlgorithmIdentifier({ schema: asn1.result[SIGNER_INFO_SIGNATURE_ALGORITHM] });
+ this.signature = asn1.result[SIGNER_INFO_SIGNATURE];
+ if (SIGNER_INFO_UNSIGNED_ATTRS in asn1.result)
+ this.unsignedAttrs = new SignedAndUnsignedAttributes({ type: 1, schema: asn1.result[SIGNER_INFO_UNSIGNED_ATTRS] });
+ }
+ toSchema() {
+ if (SignerInfo.compareWithDefault(SID, this.sid))
+ throw new Error("Incorrectly initialized \"SignerInfo\" class");
+ const outputArray = [];
+ outputArray.push(new Integer({ value: this.version }));
+ if (this.sid instanceof IssuerAndSerialNumber)
+ outputArray.push(this.sid.toSchema());
+ else
+ outputArray.push(this.sid);
+ outputArray.push(this.digestAlgorithm.toSchema());
+ if (this.signedAttrs) {
+ if (SignerInfo.compareWithDefault(SIGNED_ATTRS, this.signedAttrs) === false)
+ outputArray.push(this.signedAttrs.toSchema());
+ }
+ outputArray.push(this.signatureAlgorithm.toSchema());
+ outputArray.push(this.signature);
+ if (this.unsignedAttrs) {
+ if (SignerInfo.compareWithDefault(UNSIGNED_ATTRS, this.unsignedAttrs) === false)
+ outputArray.push(this.unsignedAttrs.toSchema());
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ if (SignerInfo.compareWithDefault(SID, this.sid)) {
+ throw new Error("Incorrectly initialized \"SignerInfo\" class");
+ }
+ const res = {
+ version: this.version,
+ digestAlgorithm: this.digestAlgorithm.toJSON(),
+ signatureAlgorithm: this.signatureAlgorithm.toJSON(),
+ signature: this.signature.toJSON(),
+ };
+ if (!(this.sid instanceof Any))
+ res.sid = this.sid.toJSON();
+ if (this.signedAttrs && SignerInfo.compareWithDefault(SIGNED_ATTRS, this.signedAttrs) === false) {
+ res.signedAttrs = this.signedAttrs.toJSON();
+ }
+ if (this.unsignedAttrs && SignerInfo.compareWithDefault(UNSIGNED_ATTRS, this.unsignedAttrs) === false) {
+ res.unsignedAttrs = this.unsignedAttrs.toJSON();
+ }
+ return res;
+ }
+}
+SignerInfo.CLASS_NAME = "SignerInfo";
+
+const VERSION$3 = "version";
+const POLICY = "policy";
+const MESSAGE_IMPRINT$1 = "messageImprint";
+const SERIAL_NUMBER = "serialNumber";
+const GEN_TIME = "genTime";
+const ORDERING = "ordering";
+const NONCE$1 = "nonce";
+const ACCURACY = "accuracy";
+const TSA = "tsa";
+const EXTENSIONS$1 = "extensions";
+const TST_INFO = "TSTInfo";
+const TST_INFO_VERSION = `${TST_INFO}.${VERSION$3}`;
+const TST_INFO_POLICY = `${TST_INFO}.${POLICY}`;
+const TST_INFO_MESSAGE_IMPRINT = `${TST_INFO}.${MESSAGE_IMPRINT$1}`;
+const TST_INFO_SERIAL_NUMBER = `${TST_INFO}.${SERIAL_NUMBER}`;
+const TST_INFO_GEN_TIME = `${TST_INFO}.${GEN_TIME}`;
+const TST_INFO_ACCURACY = `${TST_INFO}.${ACCURACY}`;
+const TST_INFO_ORDERING = `${TST_INFO}.${ORDERING}`;
+const TST_INFO_NONCE = `${TST_INFO}.${NONCE$1}`;
+const TST_INFO_TSA = `${TST_INFO}.${TSA}`;
+const TST_INFO_EXTENSIONS = `${TST_INFO}.${EXTENSIONS$1}`;
+const CLEAR_PROPS$4 = [
+ TST_INFO_VERSION,
+ TST_INFO_POLICY,
+ TST_INFO_MESSAGE_IMPRINT,
+ TST_INFO_SERIAL_NUMBER,
+ TST_INFO_GEN_TIME,
+ TST_INFO_ACCURACY,
+ TST_INFO_ORDERING,
+ TST_INFO_NONCE,
+ TST_INFO_TSA,
+ TST_INFO_EXTENSIONS
+];
+class TSTInfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.version = getParametersValue(parameters, VERSION$3, TSTInfo.defaultValues(VERSION$3));
+ this.policy = getParametersValue(parameters, POLICY, TSTInfo.defaultValues(POLICY));
+ this.messageImprint = getParametersValue(parameters, MESSAGE_IMPRINT$1, TSTInfo.defaultValues(MESSAGE_IMPRINT$1));
+ this.serialNumber = getParametersValue(parameters, SERIAL_NUMBER, TSTInfo.defaultValues(SERIAL_NUMBER));
+ this.genTime = getParametersValue(parameters, GEN_TIME, TSTInfo.defaultValues(GEN_TIME));
+ if (ACCURACY in parameters) {
+ this.accuracy = getParametersValue(parameters, ACCURACY, TSTInfo.defaultValues(ACCURACY));
+ }
+ if (ORDERING in parameters) {
+ this.ordering = getParametersValue(parameters, ORDERING, TSTInfo.defaultValues(ORDERING));
+ }
+ if (NONCE$1 in parameters) {
+ this.nonce = getParametersValue(parameters, NONCE$1, TSTInfo.defaultValues(NONCE$1));
+ }
+ if (TSA in parameters) {
+ this.tsa = getParametersValue(parameters, TSA, TSTInfo.defaultValues(TSA));
+ }
+ if (EXTENSIONS$1 in parameters) {
+ this.extensions = getParametersValue(parameters, EXTENSIONS$1, TSTInfo.defaultValues(EXTENSIONS$1));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VERSION$3:
+ return 0;
+ case POLICY:
+ return EMPTY_STRING;
+ case MESSAGE_IMPRINT$1:
+ return new MessageImprint();
+ case SERIAL_NUMBER:
+ return new Integer();
+ case GEN_TIME:
+ return new Date(0, 0, 0);
+ case ACCURACY:
+ return new Accuracy();
+ case ORDERING:
+ return false;
+ case NONCE$1:
+ return new Integer();
+ case TSA:
+ return new GeneralName();
+ case EXTENSIONS$1:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case VERSION$3:
+ case POLICY:
+ case GEN_TIME:
+ case ORDERING:
+ return (memberValue === TSTInfo.defaultValues(ORDERING));
+ case MESSAGE_IMPRINT$1:
+ return ((MessageImprint.compareWithDefault(HASH_ALGORITHM, memberValue.hashAlgorithm)) &&
+ (MessageImprint.compareWithDefault(HASHED_MESSAGE, memberValue.hashedMessage)));
+ case SERIAL_NUMBER:
+ case NONCE$1:
+ return (memberValue.isEqual(TSTInfo.defaultValues(NONCE$1)));
+ case ACCURACY:
+ return ((Accuracy.compareWithDefault(SECONDS, memberValue.seconds)) &&
+ (Accuracy.compareWithDefault(MILLIS, memberValue.millis)) &&
+ (Accuracy.compareWithDefault(MICROS, memberValue.micros)));
+ case TSA:
+ return ((GeneralName.compareWithDefault(TYPE$4, memberValue.type)) &&
+ (GeneralName.compareWithDefault(VALUE$5, memberValue.value)));
+ case EXTENSIONS$1:
+ return (memberValue.length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || TST_INFO),
+ value: [
+ new Integer({ name: (names.version || TST_INFO_VERSION) }),
+ new ObjectIdentifier({ name: (names.policy || TST_INFO_POLICY) }),
+ MessageImprint.schema(names.messageImprint || {
+ names: {
+ blockName: TST_INFO_MESSAGE_IMPRINT
+ }
+ }),
+ new Integer({ name: (names.serialNumber || TST_INFO_SERIAL_NUMBER) }),
+ new GeneralizedTime({ name: (names.genTime || TST_INFO_GEN_TIME) }),
+ Accuracy.schema(names.accuracy || {
+ names: {
+ blockName: TST_INFO_ACCURACY
+ }
+ }),
+ new Boolean({
+ name: (names.ordering || TST_INFO_ORDERING),
+ optional: true
+ }),
+ new Integer({
+ name: (names.nonce || TST_INFO_NONCE),
+ optional: true
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [GeneralName.schema(names.tsa || {
+ names: {
+ blockName: TST_INFO_TSA
+ }
+ })]
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: [
+ new Repeated({
+ name: (names.extensions || TST_INFO_EXTENSIONS),
+ value: Extension.schema(names.extension || {})
+ })
+ ]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$4);
+ const asn1 = compareSchema(schema, schema, TSTInfo.schema());
+ AsnError.assertSchema(asn1, this.className);
+ this.version = asn1.result[TST_INFO_VERSION].valueBlock.valueDec;
+ this.policy = asn1.result[TST_INFO_POLICY].valueBlock.toString();
+ this.messageImprint = new MessageImprint({ schema: asn1.result[TST_INFO_MESSAGE_IMPRINT] });
+ this.serialNumber = asn1.result[TST_INFO_SERIAL_NUMBER];
+ this.genTime = asn1.result[TST_INFO_GEN_TIME].toDate();
+ if (TST_INFO_ACCURACY in asn1.result)
+ this.accuracy = new Accuracy({ schema: asn1.result[TST_INFO_ACCURACY] });
+ if (TST_INFO_ORDERING in asn1.result)
+ this.ordering = asn1.result[TST_INFO_ORDERING].valueBlock.value;
+ if (TST_INFO_NONCE in asn1.result)
+ this.nonce = asn1.result[TST_INFO_NONCE];
+ if (TST_INFO_TSA in asn1.result)
+ this.tsa = new GeneralName({ schema: asn1.result[TST_INFO_TSA] });
+ if (TST_INFO_EXTENSIONS in asn1.result)
+ this.extensions = Array.from(asn1.result[TST_INFO_EXTENSIONS], element => new Extension({ schema: element }));
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(new Integer({ value: this.version }));
+ outputArray.push(new ObjectIdentifier({ value: this.policy }));
+ outputArray.push(this.messageImprint.toSchema());
+ outputArray.push(this.serialNumber);
+ outputArray.push(new GeneralizedTime({ valueDate: this.genTime }));
+ if (this.accuracy)
+ outputArray.push(this.accuracy.toSchema());
+ if (this.ordering !== undefined)
+ outputArray.push(new Boolean({ value: this.ordering }));
+ if (this.nonce)
+ outputArray.push(this.nonce);
+ if (this.tsa) {
+ outputArray.push(new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [this.tsa.toSchema()]
+ }));
+ }
+ if (this.extensions) {
+ outputArray.push(new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: Array.from(this.extensions, o => o.toSchema())
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ version: this.version,
+ policy: this.policy,
+ messageImprint: this.messageImprint.toJSON(),
+ serialNumber: this.serialNumber.toJSON(),
+ genTime: this.genTime
+ };
+ if (this.accuracy)
+ res.accuracy = this.accuracy.toJSON();
+ if (this.ordering !== undefined)
+ res.ordering = this.ordering;
+ if (this.nonce)
+ res.nonce = this.nonce.toJSON();
+ if (this.tsa)
+ res.tsa = this.tsa.toJSON();
+ if (this.extensions)
+ res.extensions = Array.from(this.extensions, o => o.toJSON());
+ return res;
+ }
+ verify(params, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ if (!params.data) {
+ throw new Error("\"data\" is a mandatory attribute for TST_INFO verification");
+ }
+ const data = params.data;
+ if (params.notBefore) {
+ if (this.genTime < params.notBefore)
+ throw new Error("Generation time for TSTInfo object is less than notBefore value");
+ }
+ if (params.notAfter) {
+ if (this.genTime > params.notAfter)
+ throw new Error("Generation time for TSTInfo object is more than notAfter value");
+ }
+ const shaAlgorithm = crypto.getAlgorithmByOID(this.messageImprint.hashAlgorithm.algorithmId, true, "MessageImprint.hashAlgorithm");
+ const hash = yield crypto.digest(shaAlgorithm.name, new Uint8Array(data));
+ return BufferSourceConverter.isEqual(hash, this.messageImprint.hashedMessage.valueBlock.valueHexView);
+ });
+ }
+}
+TSTInfo.CLASS_NAME = "TSTInfo";
+
+const VERSION$2 = "version";
+const DIGEST_ALGORITHMS = "digestAlgorithms";
+const ENCAP_CONTENT_INFO = "encapContentInfo";
+const CERTIFICATES = "certificates";
+const CRLS = "crls";
+const SIGNER_INFOS = "signerInfos";
+const OCSPS = "ocsps";
+const SIGNED_DATA = "SignedData";
+const SIGNED_DATA_VERSION = `${SIGNED_DATA}.${VERSION$2}`;
+const SIGNED_DATA_DIGEST_ALGORITHMS = `${SIGNED_DATA}.${DIGEST_ALGORITHMS}`;
+const SIGNED_DATA_ENCAP_CONTENT_INFO = `${SIGNED_DATA}.${ENCAP_CONTENT_INFO}`;
+const SIGNED_DATA_CERTIFICATES = `${SIGNED_DATA}.${CERTIFICATES}`;
+const SIGNED_DATA_CRLS = `${SIGNED_DATA}.${CRLS}`;
+const SIGNED_DATA_SIGNER_INFOS = `${SIGNED_DATA}.${SIGNER_INFOS}`;
+const CLEAR_PROPS$3 = [
+ SIGNED_DATA_VERSION,
+ SIGNED_DATA_DIGEST_ALGORITHMS,
+ SIGNED_DATA_ENCAP_CONTENT_INFO,
+ SIGNED_DATA_CERTIFICATES,
+ SIGNED_DATA_CRLS,
+ SIGNED_DATA_SIGNER_INFOS
+];
+class SignedDataVerifyError extends Error {
+ constructor({ message, code = 0, date = new Date(), signatureVerified = null, signerCertificate = null, signerCertificateVerified = null, timestampSerial = null, certificatePath = [], }) {
+ super(message);
+ this.name = "SignedDataVerifyError";
+ this.date = date;
+ this.code = code;
+ this.timestampSerial = timestampSerial;
+ this.signatureVerified = signatureVerified;
+ this.signerCertificate = signerCertificate;
+ this.signerCertificateVerified = signerCertificateVerified;
+ this.certificatePath = certificatePath;
+ }
+}
+class SignedData extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.version = getParametersValue(parameters, VERSION$2, SignedData.defaultValues(VERSION$2));
+ this.digestAlgorithms = getParametersValue(parameters, DIGEST_ALGORITHMS, SignedData.defaultValues(DIGEST_ALGORITHMS));
+ this.encapContentInfo = getParametersValue(parameters, ENCAP_CONTENT_INFO, SignedData.defaultValues(ENCAP_CONTENT_INFO));
+ if (CERTIFICATES in parameters) {
+ this.certificates = getParametersValue(parameters, CERTIFICATES, SignedData.defaultValues(CERTIFICATES));
+ }
+ if (CRLS in parameters) {
+ this.crls = getParametersValue(parameters, CRLS, SignedData.defaultValues(CRLS));
+ }
+ if (OCSPS in parameters) {
+ this.ocsps = getParametersValue(parameters, OCSPS, SignedData.defaultValues(OCSPS));
+ }
+ this.signerInfos = getParametersValue(parameters, SIGNER_INFOS, SignedData.defaultValues(SIGNER_INFOS));
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VERSION$2:
+ return 0;
+ case DIGEST_ALGORITHMS:
+ return [];
+ case ENCAP_CONTENT_INFO:
+ return new EncapsulatedContentInfo();
+ case CERTIFICATES:
+ return [];
+ case CRLS:
+ return [];
+ case OCSPS:
+ return [];
+ case SIGNER_INFOS:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case VERSION$2:
+ return (memberValue === SignedData.defaultValues(VERSION$2));
+ case ENCAP_CONTENT_INFO:
+ return EncapsulatedContentInfo.compareWithDefault("eContentType", memberValue.eContentType) &&
+ EncapsulatedContentInfo.compareWithDefault("eContent", memberValue.eContent);
+ case DIGEST_ALGORITHMS:
+ case CERTIFICATES:
+ case CRLS:
+ case OCSPS:
+ case SIGNER_INFOS:
+ return (memberValue.length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ if (names.optional === undefined) {
+ names.optional = false;
+ }
+ return (new Sequence({
+ name: (names.blockName || SIGNED_DATA),
+ optional: names.optional,
+ value: [
+ new Integer({ name: (names.version || SIGNED_DATA_VERSION) }),
+ new Set({
+ value: [
+ new Repeated({
+ name: (names.digestAlgorithms || SIGNED_DATA_DIGEST_ALGORITHMS),
+ value: AlgorithmIdentifier.schema()
+ })
+ ]
+ }),
+ EncapsulatedContentInfo.schema(names.encapContentInfo || {
+ names: {
+ blockName: SIGNED_DATA_ENCAP_CONTENT_INFO
+ }
+ }),
+ new Constructed({
+ name: (names.certificates || SIGNED_DATA_CERTIFICATES),
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: CertificateSet.schema().valueBlock.value
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: RevocationInfoChoices.schema(names.crls || {
+ names: {
+ crls: SIGNED_DATA_CRLS
+ }
+ }).valueBlock.value
+ }),
+ new Set({
+ value: [
+ new Repeated({
+ name: (names.signerInfos || SIGNED_DATA_SIGNER_INFOS),
+ value: SignerInfo.schema()
+ })
+ ]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$3);
+ const asn1 = compareSchema(schema, schema, SignedData.schema());
+ AsnError.assertSchema(asn1, this.className);
+ this.version = asn1.result[SIGNED_DATA_VERSION].valueBlock.valueDec;
+ if (SIGNED_DATA_DIGEST_ALGORITHMS in asn1.result)
+ this.digestAlgorithms = Array.from(asn1.result[SIGNED_DATA_DIGEST_ALGORITHMS], algorithm => new AlgorithmIdentifier({ schema: algorithm }));
+ this.encapContentInfo = new EncapsulatedContentInfo({ schema: asn1.result[SIGNED_DATA_ENCAP_CONTENT_INFO] });
+ if (SIGNED_DATA_CERTIFICATES in asn1.result) {
+ const certificateSet = new CertificateSet({
+ schema: new Set({
+ value: asn1.result[SIGNED_DATA_CERTIFICATES].valueBlock.value
+ })
+ });
+ this.certificates = certificateSet.certificates.slice(0);
+ }
+ if (SIGNED_DATA_CRLS in asn1.result) {
+ this.crls = Array.from(asn1.result[SIGNED_DATA_CRLS], (crl) => {
+ if (crl.idBlock.tagClass === 1)
+ return new CertificateRevocationList({ schema: crl });
+ crl.idBlock.tagClass = 1;
+ crl.idBlock.tagNumber = 16;
+ return new OtherRevocationInfoFormat({ schema: crl });
+ });
+ }
+ if (SIGNED_DATA_SIGNER_INFOS in asn1.result)
+ this.signerInfos = Array.from(asn1.result[SIGNED_DATA_SIGNER_INFOS], signerInfoSchema => new SignerInfo({ schema: signerInfoSchema }));
+ }
+ toSchema(encodeFlag = false) {
+ const outputArray = [];
+ if ((this.certificates && this.certificates.length && this.certificates.some(o => o instanceof OtherCertificateFormat))
+ || (this.crls && this.crls.length && this.crls.some(o => o instanceof OtherRevocationInfoFormat))) {
+ this.version = 5;
+ }
+ else if (this.certificates && this.certificates.length && this.certificates.some(o => o instanceof AttributeCertificateV2)) {
+ this.version = 4;
+ }
+ else if ((this.certificates && this.certificates.length && this.certificates.some(o => o instanceof AttributeCertificateV1))
+ || this.signerInfos.some(o => o.version === 3)
+ || this.encapContentInfo.eContentType !== SignedData.ID_DATA) {
+ this.version = 3;
+ }
+ else {
+ this.version = 1;
+ }
+ outputArray.push(new Integer({ value: this.version }));
+ outputArray.push(new Set({
+ value: Array.from(this.digestAlgorithms, algorithm => algorithm.toSchema())
+ }));
+ outputArray.push(this.encapContentInfo.toSchema());
+ if (this.certificates) {
+ const certificateSet = new CertificateSet({ certificates: this.certificates });
+ const certificateSetSchema = certificateSet.toSchema();
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: certificateSetSchema.valueBlock.value
+ }));
+ }
+ if (this.crls) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 1
+ },
+ value: Array.from(this.crls, crl => {
+ if (crl instanceof OtherRevocationInfoFormat) {
+ const crlSchema = crl.toSchema();
+ crlSchema.idBlock.tagClass = 3;
+ crlSchema.idBlock.tagNumber = 1;
+ return crlSchema;
+ }
+ return crl.toSchema(encodeFlag);
+ })
+ }));
+ }
+ outputArray.push(new Set({
+ value: Array.from(this.signerInfos, signerInfo => signerInfo.toSchema())
+ }));
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ version: this.version,
+ digestAlgorithms: Array.from(this.digestAlgorithms, algorithm => algorithm.toJSON()),
+ encapContentInfo: this.encapContentInfo.toJSON(),
+ signerInfos: Array.from(this.signerInfos, signerInfo => signerInfo.toJSON()),
+ };
+ if (this.certificates) {
+ res.certificates = Array.from(this.certificates, certificate => certificate.toJSON());
+ }
+ if (this.crls) {
+ res.crls = Array.from(this.crls, crl => crl.toJSON());
+ }
+ return res;
+ }
+ verify({ signer = (-1), data = (EMPTY_BUFFER), trustedCerts = [], checkDate = (new Date()), checkChain = false, passedWhenNotRevValues = false, extendedMode = false, findOrigin = null, findIssuer = null } = {}, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ let signerCert = null;
+ let timestampSerial = null;
+ try {
+ let messageDigestValue = EMPTY_BUFFER;
+ let shaAlgorithm = EMPTY_STRING;
+ let certificatePath = [];
+ const signerInfo = this.signerInfos[signer];
+ if (!signerInfo) {
+ throw new SignedDataVerifyError({
+ date: checkDate,
+ code: 1,
+ message: "Unable to get signer by supplied index",
+ });
+ }
+ if (!this.certificates) {
+ throw new SignedDataVerifyError({
+ date: checkDate,
+ code: 2,
+ message: "No certificates attached to this signed data",
+ });
+ }
+ if (signerInfo.sid instanceof IssuerAndSerialNumber) {
+ for (const certificate of this.certificates) {
+ if (!(certificate instanceof Certificate))
+ continue;
+ if ((certificate.issuer.isEqual(signerInfo.sid.issuer)) &&
+ (certificate.serialNumber.isEqual(signerInfo.sid.serialNumber))) {
+ signerCert = certificate;
+ break;
+ }
+ }
+ }
+ else {
+ const sid = signerInfo.sid;
+ const keyId = sid.idBlock.isConstructed
+ ? sid.valueBlock.value[0].valueBlock.valueHex
+ : sid.valueBlock.valueHex;
+ for (const certificate of this.certificates) {
+ if (!(certificate instanceof Certificate)) {
+ continue;
+ }
+ const digest = yield crypto.digest({ name: "sha-1" }, certificate.subjectPublicKeyInfo.subjectPublicKey.valueBlock.valueHexView);
+ if (isEqualBuffer(digest, keyId)) {
+ signerCert = certificate;
+ break;
+ }
+ }
+ }
+ if (!signerCert) {
+ throw new SignedDataVerifyError({
+ date: checkDate,
+ code: 3,
+ message: "Unable to find signer certificate",
+ });
+ }
+ if (this.encapContentInfo.eContentType === id_eContentType_TSTInfo) {
+ if (!this.encapContentInfo.eContent) {
+ throw new SignedDataVerifyError({
+ date: checkDate,
+ code: 15,
+ message: "Error during verification: TSTInfo eContent is empty",
+ signatureVerified: null,
+ signerCertificate: signerCert,
+ timestampSerial,
+ signerCertificateVerified: true
+ });
+ }
+ let tstInfo;
+ try {
+ tstInfo = TSTInfo.fromBER(this.encapContentInfo.eContent.valueBlock.valueHexView);
+ }
+ catch (ex) {
+ throw new SignedDataVerifyError({
+ date: checkDate,
+ code: 15,
+ message: "Error during verification: TSTInfo wrong ASN.1 schema ",
+ signatureVerified: null,
+ signerCertificate: signerCert,
+ timestampSerial,
+ signerCertificateVerified: true
+ });
+ }
+ checkDate = tstInfo.genTime;
+ timestampSerial = tstInfo.serialNumber.valueBlock.valueHexView.slice();
+ if (data.byteLength === 0) {
+ throw new SignedDataVerifyError({
+ date: checkDate,
+ code: 4,
+ message: "Missed detached data input array",
+ });
+ }
+ if (!(yield tstInfo.verify({ data }, crypto))) {
+ throw new SignedDataVerifyError({
+ date: checkDate,
+ code: 15,
+ message: "Error during verification: TSTInfo verification is failed",
+ signatureVerified: false,
+ signerCertificate: signerCert,
+ timestampSerial,
+ signerCertificateVerified: true
+ });
+ }
+ }
+ if (checkChain) {
+ const certs = this.certificates.filter(certificate => (certificate instanceof Certificate && !!checkCA(certificate, signerCert)));
+ const chainParams = {
+ checkDate,
+ certs,
+ trustedCerts,
+ };
+ if (findIssuer) {
+ chainParams.findIssuer = findIssuer;
+ }
+ if (findOrigin) {
+ chainParams.findOrigin = findOrigin;
+ }
+ const chainEngine = new CertificateChainValidationEngine(chainParams);
+ chainEngine.certs.push(signerCert);
+ if (this.crls) {
+ for (const crl of this.crls) {
+ if ("thisUpdate" in crl)
+ chainEngine.crls.push(crl);
+ else {
+ if (crl.otherRevInfoFormat === id_PKIX_OCSP_Basic)
+ chainEngine.ocsps.push(new BasicOCSPResponse({ schema: crl.otherRevInfo }));
+ }
+ }
+ }
+ if (this.ocsps) {
+ chainEngine.ocsps.push(...(this.ocsps));
+ }
+ const verificationResult = yield chainEngine.verify({ passedWhenNotRevValues }, crypto)
+ .catch(e => {
+ throw new SignedDataVerifyError({
+ date: checkDate,
+ code: 5,
+ message: `Validation of signer's certificate failed with error: ${((e instanceof Object) ? e.resultMessage : e)}`,
+ signerCertificate: signerCert,
+ signerCertificateVerified: false
+ });
+ });
+ if (verificationResult.certificatePath) {
+ certificatePath = verificationResult.certificatePath;
+ }
+ if (!verificationResult.result)
+ throw new SignedDataVerifyError({
+ date: checkDate,
+ code: 5,
+ message: `Validation of signer's certificate failed: ${verificationResult.resultMessage}`,
+ signerCertificate: signerCert,
+ signerCertificateVerified: false
+ });
+ }
+ const signerInfoHashAlgorithm = crypto.getAlgorithmByOID(signerInfo.digestAlgorithm.algorithmId);
+ if (!("name" in signerInfoHashAlgorithm)) {
+ throw new SignedDataVerifyError({
+ date: checkDate,
+ code: 7,
+ message: `Unsupported signature algorithm: ${signerInfo.digestAlgorithm.algorithmId}`,
+ signerCertificate: signerCert,
+ signerCertificateVerified: true
+ });
+ }
+ shaAlgorithm = signerInfoHashAlgorithm.name;
+ const eContent = this.encapContentInfo.eContent;
+ if (eContent) {
+ if ((eContent.idBlock.tagClass === 1) &&
+ (eContent.idBlock.tagNumber === 4)) {
+ data = eContent.getValue();
+ }
+ else
+ data = eContent.valueBlock.valueBeforeDecodeView;
+ }
+ else {
+ if (data.byteLength === 0) {
+ throw new SignedDataVerifyError({
+ date: checkDate,
+ code: 8,
+ message: "Missed detached data input array",
+ signerCertificate: signerCert,
+ signerCertificateVerified: true
+ });
+ }
+ }
+ if (signerInfo.signedAttrs) {
+ let foundContentType = false;
+ let foundMessageDigest = false;
+ for (const attribute of signerInfo.signedAttrs.attributes) {
+ if (attribute.type === "1.2.840.113549.1.9.3")
+ foundContentType = true;
+ if (attribute.type === "1.2.840.113549.1.9.4") {
+ foundMessageDigest = true;
+ messageDigestValue = attribute.values[0].valueBlock.valueHex;
+ }
+ if (foundContentType && foundMessageDigest)
+ break;
+ }
+ if (foundContentType === false) {
+ throw new SignedDataVerifyError({
+ date: checkDate,
+ code: 9,
+ message: "Attribute \"content-type\" is a mandatory attribute for \"signed attributes\"",
+ signerCertificate: signerCert,
+ signerCertificateVerified: true
+ });
+ }
+ if (foundMessageDigest === false) {
+ throw new SignedDataVerifyError({
+ date: checkDate,
+ code: 10,
+ message: "Attribute \"message-digest\" is a mandatory attribute for \"signed attributes\"",
+ signatureVerified: null,
+ signerCertificate: signerCert,
+ signerCertificateVerified: true
+ });
+ }
+ }
+ if (signerInfo.signedAttrs) {
+ const messageDigest = yield crypto.digest(shaAlgorithm, new Uint8Array(data));
+ if (!isEqualBuffer(messageDigest, messageDigestValue)) {
+ throw new SignedDataVerifyError({
+ date: checkDate,
+ code: 15,
+ message: "Error during verification: Message digest doesn't match",
+ signatureVerified: null,
+ signerCertificate: signerCert,
+ timestampSerial,
+ signerCertificateVerified: true
+ });
+ }
+ data = signerInfo.signedAttrs.encodedValue;
+ }
+ const verifyResult = yield crypto.verifyWithPublicKey(data, signerInfo.signature, signerCert.subjectPublicKeyInfo, signerCert.signatureAlgorithm, shaAlgorithm);
+ if (extendedMode) {
+ return {
+ date: checkDate,
+ code: 14,
+ message: EMPTY_STRING,
+ signatureVerified: verifyResult,
+ signerCertificate: signerCert,
+ timestampSerial,
+ signerCertificateVerified: true,
+ certificatePath
+ };
+ }
+ else {
+ return verifyResult;
+ }
+ }
+ catch (e) {
+ if (e instanceof SignedDataVerifyError) {
+ throw e;
+ }
+ throw new SignedDataVerifyError({
+ date: checkDate,
+ code: 15,
+ message: `Error during verification: ${e instanceof Error ? e.message : e}`,
+ signatureVerified: null,
+ signerCertificate: signerCert,
+ timestampSerial,
+ signerCertificateVerified: true
+ });
+ }
+ });
+ }
+ sign(privateKey, signerIndex, hashAlgorithm = "SHA-1", data = (EMPTY_BUFFER), crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ if (!privateKey)
+ throw new Error("Need to provide a private key for signing");
+ const hashAlgorithmOID = crypto.getOIDByAlgorithm({ name: hashAlgorithm }, true, "hashAlgorithm");
+ if ((this.digestAlgorithms.filter(algorithm => algorithm.algorithmId === hashAlgorithmOID)).length === 0) {
+ this.digestAlgorithms.push(new AlgorithmIdentifier({
+ algorithmId: hashAlgorithmOID,
+ algorithmParams: new Null()
+ }));
+ }
+ const signerInfo = this.signerInfos[signerIndex];
+ if (!signerInfo) {
+ throw new RangeError("SignerInfo index is out of range");
+ }
+ signerInfo.digestAlgorithm = new AlgorithmIdentifier({
+ algorithmId: hashAlgorithmOID,
+ algorithmParams: new Null()
+ });
+ const signatureParams = yield crypto.getSignatureParameters(privateKey, hashAlgorithm);
+ const parameters = signatureParams.parameters;
+ signerInfo.signatureAlgorithm = signatureParams.signatureAlgorithm;
+ if (signerInfo.signedAttrs) {
+ if (signerInfo.signedAttrs.encodedValue.byteLength !== 0)
+ data = signerInfo.signedAttrs.encodedValue;
+ else {
+ data = signerInfo.signedAttrs.toSchema().toBER();
+ const view = BufferSourceConverter.toUint8Array(data);
+ view[0] = 0x31;
+ }
+ }
+ else {
+ const eContent = this.encapContentInfo.eContent;
+ if (eContent) {
+ if ((eContent.idBlock.tagClass === 1) &&
+ (eContent.idBlock.tagNumber === 4)) {
+ data = eContent.getValue();
+ }
+ else
+ data = eContent.valueBlock.valueBeforeDecodeView;
+ }
+ else {
+ if (data.byteLength === 0)
+ throw new Error("Missed detached data input array");
+ }
+ }
+ const signature = yield crypto.signWithPrivateKey(data, privateKey, parameters);
+ signerInfo.signature = new OctetString({ valueHex: signature });
+ });
+ }
+}
+SignedData.CLASS_NAME = "SignedData";
+SignedData.ID_DATA = id_ContentType_Data;
+
+const VERSION$1 = "version";
+const AUTH_SAFE = "authSafe";
+const MAC_DATA = "macData";
+const PARSED_VALUE = "parsedValue";
+const CLERA_PROPS = [
+ VERSION$1,
+ AUTH_SAFE,
+ MAC_DATA
+];
+class PFX extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.version = getParametersValue(parameters, VERSION$1, PFX.defaultValues(VERSION$1));
+ this.authSafe = getParametersValue(parameters, AUTH_SAFE, PFX.defaultValues(AUTH_SAFE));
+ if (MAC_DATA in parameters) {
+ this.macData = getParametersValue(parameters, MAC_DATA, PFX.defaultValues(MAC_DATA));
+ }
+ if (PARSED_VALUE in parameters) {
+ this.parsedValue = getParametersValue(parameters, PARSED_VALUE, PFX.defaultValues(PARSED_VALUE));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VERSION$1:
+ return 3;
+ case AUTH_SAFE:
+ return (new ContentInfo());
+ case MAC_DATA:
+ return (new MacData());
+ case PARSED_VALUE:
+ return {};
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case VERSION$1:
+ return (memberValue === PFX.defaultValues(memberName));
+ case AUTH_SAFE:
+ return ((ContentInfo.compareWithDefault("contentType", memberValue.contentType)) &&
+ (ContentInfo.compareWithDefault("content", memberValue.content)));
+ case MAC_DATA:
+ return ((MacData.compareWithDefault("mac", memberValue.mac)) &&
+ (MacData.compareWithDefault("macSalt", memberValue.macSalt)) &&
+ (MacData.compareWithDefault("iterations", memberValue.iterations)));
+ case PARSED_VALUE:
+ return ((memberValue instanceof Object) && (Object.keys(memberValue).length === 0));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Integer({ name: (names.version || VERSION$1) }),
+ ContentInfo.schema(names.authSafe || {
+ names: {
+ blockName: AUTH_SAFE
+ }
+ }),
+ MacData.schema(names.macData || {
+ names: {
+ blockName: MAC_DATA,
+ optional: true
+ }
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLERA_PROPS);
+ const asn1 = compareSchema(schema, schema, PFX.schema({
+ names: {
+ version: VERSION$1,
+ authSafe: {
+ names: {
+ blockName: AUTH_SAFE
+ }
+ },
+ macData: {
+ names: {
+ blockName: MAC_DATA
+ }
+ }
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ this.version = asn1.result.version.valueBlock.valueDec;
+ this.authSafe = new ContentInfo({ schema: asn1.result.authSafe });
+ if (MAC_DATA in asn1.result)
+ this.macData = new MacData({ schema: asn1.result.macData });
+ }
+ toSchema() {
+ const outputArray = [
+ new Integer({ value: this.version }),
+ this.authSafe.toSchema()
+ ];
+ if (this.macData) {
+ outputArray.push(this.macData.toSchema());
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const output = {
+ version: this.version,
+ authSafe: this.authSafe.toJSON()
+ };
+ if (this.macData) {
+ output.macData = this.macData.toJSON();
+ }
+ return output;
+ }
+ makeInternalValues(parameters = {}, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ ArgumentError.assert(parameters, "parameters", "object");
+ if (!this.parsedValue) {
+ throw new Error("Please call \"parseValues\" function first in order to make \"parsedValue\" data");
+ }
+ ParameterError.assertEmpty(this.parsedValue.integrityMode, "integrityMode", "parsedValue");
+ ParameterError.assertEmpty(this.parsedValue.authenticatedSafe, "authenticatedSafe", "parsedValue");
+ switch (this.parsedValue.integrityMode) {
+ case 0:
+ {
+ if (!("iterations" in parameters))
+ throw new ParameterError("iterations");
+ ParameterError.assertEmpty(parameters.pbkdf2HashAlgorithm, "pbkdf2HashAlgorithm");
+ ParameterError.assertEmpty(parameters.hmacHashAlgorithm, "hmacHashAlgorithm");
+ ParameterError.assertEmpty(parameters.password, "password");
+ const saltBuffer = new ArrayBuffer(64);
+ const saltView = new Uint8Array(saltBuffer);
+ crypto.getRandomValues(saltView);
+ const data = this.parsedValue.authenticatedSafe.toSchema().toBER(false);
+ this.authSafe = new ContentInfo({
+ contentType: ContentInfo.DATA,
+ content: new OctetString({ valueHex: data })
+ });
+ const result = yield crypto.stampDataWithPassword({
+ password: parameters.password,
+ hashAlgorithm: parameters.hmacHashAlgorithm,
+ salt: saltBuffer,
+ iterationCount: parameters.iterations,
+ contentToStamp: data
+ });
+ this.macData = new MacData({
+ mac: new DigestInfo({
+ digestAlgorithm: new AlgorithmIdentifier({
+ algorithmId: crypto.getOIDByAlgorithm({ name: parameters.hmacHashAlgorithm }, true, "hmacHashAlgorithm"),
+ }),
+ digest: new OctetString({ valueHex: result })
+ }),
+ macSalt: new OctetString({ valueHex: saltBuffer }),
+ iterations: parameters.iterations
+ });
+ }
+ break;
+ case 1:
+ {
+ if (!("signingCertificate" in parameters)) {
+ throw new ParameterError("signingCertificate");
+ }
+ ParameterError.assertEmpty(parameters.privateKey, "privateKey");
+ ParameterError.assertEmpty(parameters.hashAlgorithm, "hashAlgorithm");
+ const toBeSigned = this.parsedValue.authenticatedSafe.toSchema().toBER(false);
+ const cmsSigned = new SignedData({
+ version: 1,
+ encapContentInfo: new EncapsulatedContentInfo({
+ eContentType: "1.2.840.113549.1.7.1",
+ eContent: new OctetString({ valueHex: toBeSigned })
+ }),
+ certificates: [parameters.signingCertificate]
+ });
+ const result = yield crypto.digest({ name: parameters.hashAlgorithm }, new Uint8Array(toBeSigned));
+ const signedAttr = [];
+ signedAttr.push(new Attribute({
+ type: "1.2.840.113549.1.9.3",
+ values: [
+ new ObjectIdentifier({ value: "1.2.840.113549.1.7.1" })
+ ]
+ }));
+ signedAttr.push(new Attribute({
+ type: "1.2.840.113549.1.9.5",
+ values: [
+ new UTCTime({ valueDate: new Date() })
+ ]
+ }));
+ signedAttr.push(new Attribute({
+ type: "1.2.840.113549.1.9.4",
+ values: [
+ new OctetString({ valueHex: result })
+ ]
+ }));
+ cmsSigned.signerInfos.push(new SignerInfo({
+ version: 1,
+ sid: new IssuerAndSerialNumber({
+ issuer: parameters.signingCertificate.issuer,
+ serialNumber: parameters.signingCertificate.serialNumber
+ }),
+ signedAttrs: new SignedAndUnsignedAttributes({
+ type: 0,
+ attributes: signedAttr
+ })
+ }));
+ yield cmsSigned.sign(parameters.privateKey, 0, parameters.hashAlgorithm, undefined, crypto);
+ this.authSafe = new ContentInfo({
+ contentType: "1.2.840.113549.1.7.2",
+ content: cmsSigned.toSchema(true)
+ });
+ }
+ break;
+ default:
+ throw new Error(`Parameter "integrityMode" has unknown value: ${this.parsedValue.integrityMode}`);
+ }
+ });
+ }
+ parseInternalValues(parameters, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ ArgumentError.assert(parameters, "parameters", "object");
+ if (parameters.checkIntegrity === undefined) {
+ parameters.checkIntegrity = true;
+ }
+ this.parsedValue = {};
+ switch (this.authSafe.contentType) {
+ case ContentInfo.DATA:
+ {
+ ParameterError.assertEmpty(parameters.password, "password");
+ this.parsedValue.integrityMode = 0;
+ ArgumentError.assert(this.authSafe.content, "authSafe.content", OctetString);
+ const authSafeContent = this.authSafe.content.getValue();
+ this.parsedValue.authenticatedSafe = AuthenticatedSafe.fromBER(authSafeContent);
+ if (parameters.checkIntegrity) {
+ if (!this.macData) {
+ throw new Error("Absent \"macData\" value, can not check PKCS#12 data integrity");
+ }
+ const hashAlgorithm = crypto.getAlgorithmByOID(this.macData.mac.digestAlgorithm.algorithmId, true, "digestAlgorithm");
+ const result = yield crypto.verifyDataStampedWithPassword({
+ password: parameters.password,
+ hashAlgorithm: hashAlgorithm.name,
+ salt: BufferSourceConverter.toArrayBuffer(this.macData.macSalt.valueBlock.valueHexView),
+ iterationCount: this.macData.iterations || 1,
+ contentToVerify: authSafeContent,
+ signatureToVerify: BufferSourceConverter.toArrayBuffer(this.macData.mac.digest.valueBlock.valueHexView),
+ });
+ if (!result) {
+ throw new Error("Integrity for the PKCS#12 data is broken!");
+ }
+ }
+ }
+ break;
+ case ContentInfo.SIGNED_DATA:
+ {
+ this.parsedValue.integrityMode = 1;
+ const cmsSigned = new SignedData({ schema: this.authSafe.content });
+ const eContent = cmsSigned.encapContentInfo.eContent;
+ ParameterError.assert(eContent, "eContent", "cmsSigned.encapContentInfo");
+ ArgumentError.assert(eContent, "eContent", OctetString);
+ const data = eContent.getValue();
+ this.parsedValue.authenticatedSafe = AuthenticatedSafe.fromBER(data);
+ const ok = yield cmsSigned.verify({ signer: 0, checkChain: false }, crypto);
+ if (!ok) {
+ throw new Error("Integrity for the PKCS#12 data is broken!");
+ }
+ }
+ break;
+ default:
+ throw new Error(`Incorrect value for "this.authSafe.contentType": ${this.authSafe.contentType}`);
+ }
+ });
+ }
+}
+PFX.CLASS_NAME = "PFX";
+
+const STATUS$1 = "status";
+const STATUS_STRINGS = "statusStrings";
+const FAIL_INFO = "failInfo";
+const CLEAR_PROPS$2 = [
+ STATUS$1,
+ STATUS_STRINGS,
+ FAIL_INFO
+];
+var PKIStatus;
+(function (PKIStatus) {
+ PKIStatus[PKIStatus["granted"] = 0] = "granted";
+ PKIStatus[PKIStatus["grantedWithMods"] = 1] = "grantedWithMods";
+ PKIStatus[PKIStatus["rejection"] = 2] = "rejection";
+ PKIStatus[PKIStatus["waiting"] = 3] = "waiting";
+ PKIStatus[PKIStatus["revocationWarning"] = 4] = "revocationWarning";
+ PKIStatus[PKIStatus["revocationNotification"] = 5] = "revocationNotification";
+})(PKIStatus || (PKIStatus = {}));
+class PKIStatusInfo extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.status = getParametersValue(parameters, STATUS$1, PKIStatusInfo.defaultValues(STATUS$1));
+ if (STATUS_STRINGS in parameters) {
+ this.statusStrings = getParametersValue(parameters, STATUS_STRINGS, PKIStatusInfo.defaultValues(STATUS_STRINGS));
+ }
+ if (FAIL_INFO in parameters) {
+ this.failInfo = getParametersValue(parameters, FAIL_INFO, PKIStatusInfo.defaultValues(FAIL_INFO));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case STATUS$1:
+ return 2;
+ case STATUS_STRINGS:
+ return [];
+ case FAIL_INFO:
+ return new BitString();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case STATUS$1:
+ return (memberValue === PKIStatusInfo.defaultValues(memberName));
+ case STATUS_STRINGS:
+ return (memberValue.length === 0);
+ case FAIL_INFO:
+ return (memberValue.isEqual(PKIStatusInfo.defaultValues(memberName)));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || EMPTY_STRING),
+ value: [
+ new Integer({ name: (names.status || EMPTY_STRING) }),
+ new Sequence({
+ optional: true,
+ value: [
+ new Repeated({
+ name: (names.statusStrings || EMPTY_STRING),
+ value: new Utf8String()
+ })
+ ]
+ }),
+ new BitString({
+ name: (names.failInfo || EMPTY_STRING),
+ optional: true
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$2);
+ const asn1 = compareSchema(schema, schema, PKIStatusInfo.schema({
+ names: {
+ status: STATUS$1,
+ statusStrings: STATUS_STRINGS,
+ failInfo: FAIL_INFO
+ }
+ }));
+ AsnError.assertSchema(asn1, this.className);
+ const _status = asn1.result.status;
+ if ((_status.valueBlock.isHexOnly === true) ||
+ (_status.valueBlock.valueDec < 0) ||
+ (_status.valueBlock.valueDec > 5))
+ throw new Error("PKIStatusInfo \"status\" has invalid value");
+ this.status = _status.valueBlock.valueDec;
+ if (STATUS_STRINGS in asn1.result)
+ this.statusStrings = asn1.result.statusStrings;
+ if (FAIL_INFO in asn1.result)
+ this.failInfo = asn1.result.failInfo;
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(new Integer({ value: this.status }));
+ if (this.statusStrings) {
+ outputArray.push(new Sequence({
+ optional: true,
+ value: this.statusStrings
+ }));
+ }
+ if (this.failInfo) {
+ outputArray.push(this.failInfo);
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ status: this.status
+ };
+ if (this.statusStrings) {
+ res.statusStrings = Array.from(this.statusStrings, o => o.toJSON());
+ }
+ if (this.failInfo) {
+ res.failInfo = this.failInfo.toJSON();
+ }
+ return res;
+ }
+}
+PKIStatusInfo.CLASS_NAME = "PKIStatusInfo";
+
+const VERSION = "version";
+const MESSAGE_IMPRINT = "messageImprint";
+const REQ_POLICY = "reqPolicy";
+const NONCE = "nonce";
+const CERT_REQ = "certReq";
+const EXTENSIONS = "extensions";
+const TIME_STAMP_REQ = "TimeStampReq";
+const TIME_STAMP_REQ_VERSION = `${TIME_STAMP_REQ}.${VERSION}`;
+const TIME_STAMP_REQ_MESSAGE_IMPRINT = `${TIME_STAMP_REQ}.${MESSAGE_IMPRINT}`;
+const TIME_STAMP_REQ_POLICY = `${TIME_STAMP_REQ}.${REQ_POLICY}`;
+const TIME_STAMP_REQ_NONCE = `${TIME_STAMP_REQ}.${NONCE}`;
+const TIME_STAMP_REQ_CERT_REQ = `${TIME_STAMP_REQ}.${CERT_REQ}`;
+const TIME_STAMP_REQ_EXTENSIONS = `${TIME_STAMP_REQ}.${EXTENSIONS}`;
+const CLEAR_PROPS$1 = [
+ TIME_STAMP_REQ_VERSION,
+ TIME_STAMP_REQ_MESSAGE_IMPRINT,
+ TIME_STAMP_REQ_POLICY,
+ TIME_STAMP_REQ_NONCE,
+ TIME_STAMP_REQ_CERT_REQ,
+ TIME_STAMP_REQ_EXTENSIONS,
+];
+class TimeStampReq extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.version = getParametersValue(parameters, VERSION, TimeStampReq.defaultValues(VERSION));
+ this.messageImprint = getParametersValue(parameters, MESSAGE_IMPRINT, TimeStampReq.defaultValues(MESSAGE_IMPRINT));
+ if (REQ_POLICY in parameters) {
+ this.reqPolicy = getParametersValue(parameters, REQ_POLICY, TimeStampReq.defaultValues(REQ_POLICY));
+ }
+ if (NONCE in parameters) {
+ this.nonce = getParametersValue(parameters, NONCE, TimeStampReq.defaultValues(NONCE));
+ }
+ if (CERT_REQ in parameters) {
+ this.certReq = getParametersValue(parameters, CERT_REQ, TimeStampReq.defaultValues(CERT_REQ));
+ }
+ if (EXTENSIONS in parameters) {
+ this.extensions = getParametersValue(parameters, EXTENSIONS, TimeStampReq.defaultValues(EXTENSIONS));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case VERSION:
+ return 0;
+ case MESSAGE_IMPRINT:
+ return new MessageImprint();
+ case REQ_POLICY:
+ return EMPTY_STRING;
+ case NONCE:
+ return new Integer();
+ case CERT_REQ:
+ return false;
+ case EXTENSIONS:
+ return [];
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case VERSION:
+ case REQ_POLICY:
+ case CERT_REQ:
+ return (memberValue === TimeStampReq.defaultValues(memberName));
+ case MESSAGE_IMPRINT:
+ return ((MessageImprint.compareWithDefault("hashAlgorithm", memberValue.hashAlgorithm)) &&
+ (MessageImprint.compareWithDefault("hashedMessage", memberValue.hashedMessage)));
+ case NONCE:
+ return (memberValue.isEqual(TimeStampReq.defaultValues(memberName)));
+ case EXTENSIONS:
+ return (memberValue.length === 0);
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || TIME_STAMP_REQ),
+ value: [
+ new Integer({ name: (names.version || TIME_STAMP_REQ_VERSION) }),
+ MessageImprint.schema(names.messageImprint || {
+ names: {
+ blockName: TIME_STAMP_REQ_MESSAGE_IMPRINT
+ }
+ }),
+ new ObjectIdentifier({
+ name: (names.reqPolicy || TIME_STAMP_REQ_POLICY),
+ optional: true
+ }),
+ new Integer({
+ name: (names.nonce || TIME_STAMP_REQ_NONCE),
+ optional: true
+ }),
+ new Boolean({
+ name: (names.certReq || TIME_STAMP_REQ_CERT_REQ),
+ optional: true
+ }),
+ new Constructed({
+ optional: true,
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: [new Repeated({
+ name: (names.extensions || TIME_STAMP_REQ_EXTENSIONS),
+ value: Extension.schema()
+ })]
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS$1);
+ const asn1 = compareSchema(schema, schema, TimeStampReq.schema());
+ AsnError.assertSchema(asn1, this.className);
+ this.version = asn1.result[TIME_STAMP_REQ_VERSION].valueBlock.valueDec;
+ this.messageImprint = new MessageImprint({ schema: asn1.result[TIME_STAMP_REQ_MESSAGE_IMPRINT] });
+ if (TIME_STAMP_REQ_POLICY in asn1.result)
+ this.reqPolicy = asn1.result[TIME_STAMP_REQ_POLICY].valueBlock.toString();
+ if (TIME_STAMP_REQ_NONCE in asn1.result)
+ this.nonce = asn1.result[TIME_STAMP_REQ_NONCE];
+ if (TIME_STAMP_REQ_CERT_REQ in asn1.result)
+ this.certReq = asn1.result[TIME_STAMP_REQ_CERT_REQ].valueBlock.value;
+ if (TIME_STAMP_REQ_EXTENSIONS in asn1.result)
+ this.extensions = Array.from(asn1.result[TIME_STAMP_REQ_EXTENSIONS], element => new Extension({ schema: element }));
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(new Integer({ value: this.version }));
+ outputArray.push(this.messageImprint.toSchema());
+ if (this.reqPolicy)
+ outputArray.push(new ObjectIdentifier({ value: this.reqPolicy }));
+ if (this.nonce)
+ outputArray.push(this.nonce);
+ if ((CERT_REQ in this) && (TimeStampReq.compareWithDefault(CERT_REQ, this.certReq) === false))
+ outputArray.push(new Boolean({ value: this.certReq }));
+ if (this.extensions) {
+ outputArray.push(new Constructed({
+ idBlock: {
+ tagClass: 3,
+ tagNumber: 0
+ },
+ value: Array.from(this.extensions, o => o.toSchema())
+ }));
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ version: this.version,
+ messageImprint: this.messageImprint.toJSON()
+ };
+ if (this.reqPolicy !== undefined)
+ res.reqPolicy = this.reqPolicy;
+ if (this.nonce !== undefined)
+ res.nonce = this.nonce.toJSON();
+ if ((this.certReq !== undefined) && (TimeStampReq.compareWithDefault(CERT_REQ, this.certReq) === false))
+ res.certReq = this.certReq;
+ if (this.extensions) {
+ res.extensions = Array.from(this.extensions, o => o.toJSON());
+ }
+ return res;
+ }
+}
+TimeStampReq.CLASS_NAME = "TimeStampReq";
+
+const STATUS = "status";
+const TIME_STAMP_TOKEN = "timeStampToken";
+const TIME_STAMP_RESP = "TimeStampResp";
+const TIME_STAMP_RESP_STATUS = `${TIME_STAMP_RESP}.${STATUS}`;
+const TIME_STAMP_RESP_TOKEN = `${TIME_STAMP_RESP}.${TIME_STAMP_TOKEN}`;
+const CLEAR_PROPS = [
+ TIME_STAMP_RESP_STATUS,
+ TIME_STAMP_RESP_TOKEN
+];
+class TimeStampResp extends PkiObject {
+ constructor(parameters = {}) {
+ super();
+ this.status = getParametersValue(parameters, STATUS, TimeStampResp.defaultValues(STATUS));
+ if (TIME_STAMP_TOKEN in parameters) {
+ this.timeStampToken = getParametersValue(parameters, TIME_STAMP_TOKEN, TimeStampResp.defaultValues(TIME_STAMP_TOKEN));
+ }
+ if (parameters.schema) {
+ this.fromSchema(parameters.schema);
+ }
+ }
+ static defaultValues(memberName) {
+ switch (memberName) {
+ case STATUS:
+ return new PKIStatusInfo();
+ case TIME_STAMP_TOKEN:
+ return new ContentInfo();
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static compareWithDefault(memberName, memberValue) {
+ switch (memberName) {
+ case STATUS:
+ return ((PKIStatusInfo.compareWithDefault(STATUS, memberValue.status)) &&
+ (("statusStrings" in memberValue) === false) &&
+ (("failInfo" in memberValue) === false));
+ case TIME_STAMP_TOKEN:
+ return ((memberValue.contentType === EMPTY_STRING) &&
+ (memberValue.content instanceof Any));
+ default:
+ return super.defaultValues(memberName);
+ }
+ }
+ static schema(parameters = {}) {
+ const names = getParametersValue(parameters, "names", {});
+ return (new Sequence({
+ name: (names.blockName || TIME_STAMP_RESP),
+ value: [
+ PKIStatusInfo.schema(names.status || {
+ names: {
+ blockName: TIME_STAMP_RESP_STATUS
+ }
+ }),
+ ContentInfo.schema(names.timeStampToken || {
+ names: {
+ blockName: TIME_STAMP_RESP_TOKEN,
+ optional: true
+ }
+ })
+ ]
+ }));
+ }
+ fromSchema(schema) {
+ clearProps(schema, CLEAR_PROPS);
+ const asn1 = compareSchema(schema, schema, TimeStampResp.schema());
+ AsnError.assertSchema(asn1, this.className);
+ this.status = new PKIStatusInfo({ schema: asn1.result[TIME_STAMP_RESP_STATUS] });
+ if (TIME_STAMP_RESP_TOKEN in asn1.result)
+ this.timeStampToken = new ContentInfo({ schema: asn1.result[TIME_STAMP_RESP_TOKEN] });
+ }
+ toSchema() {
+ const outputArray = [];
+ outputArray.push(this.status.toSchema());
+ if (this.timeStampToken) {
+ outputArray.push(this.timeStampToken.toSchema());
+ }
+ return (new Sequence({
+ value: outputArray
+ }));
+ }
+ toJSON() {
+ const res = {
+ status: this.status.toJSON()
+ };
+ if (this.timeStampToken) {
+ res.timeStampToken = this.timeStampToken.toJSON();
+ }
+ return res;
+ }
+ sign(privateKey, hashAlgorithm, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ this.assertContentType();
+ const signed = new SignedData({ schema: this.timeStampToken.content });
+ return signed.sign(privateKey, 0, hashAlgorithm, undefined, crypto);
+ });
+ }
+ verify(verificationParameters = { signer: 0, trustedCerts: [], data: EMPTY_BUFFER }, crypto = getCrypto(true)) {
+ return __awaiter(this, void 0, void 0, function* () {
+ this.assertContentType();
+ const signed = new SignedData({ schema: this.timeStampToken.content });
+ return signed.verify(verificationParameters, crypto);
+ });
+ }
+ assertContentType() {
+ if (!this.timeStampToken) {
+ throw new Error("timeStampToken is absent in TSP response");
+ }
+ if (this.timeStampToken.contentType !== id_ContentType_SignedData) {
+ throw new Error(`Wrong format of timeStampToken: ${this.timeStampToken.contentType}`);
+ }
+ }
+}
+TimeStampResp.CLASS_NAME = "TimeStampResp";
+
+function initCryptoEngine() {
+ if (typeof self !== "undefined") {
+ if ("crypto" in self) {
+ let engineName = "webcrypto";
+ if ("webkitSubtle" in self.crypto) {
+ engineName = "safari";
+ }
+ setEngine(engineName, new CryptoEngine({ name: engineName, crypto: crypto }));
+ }
+ }
+ else if (typeof crypto !== "undefined" && "webcrypto" in crypto) {
+ const name = "NodeJS ^15";
+ const nodeCrypto = crypto.webcrypto;
+ setEngine(name, new CryptoEngine({ name, crypto: nodeCrypto }));
+ }
+}
+
+initCryptoEngine();
+
+export { AbstractCryptoEngine, AccessDescription, Accuracy, AlgorithmIdentifier, AltName, ArgumentError, AsnError, AttCertValidityPeriod, Attribute, AttributeCertificateInfoV1, AttributeCertificateInfoV2, AttributeCertificateV1, AttributeCertificateV2, AttributeTypeAndValue, AuthenticatedSafe, AuthorityKeyIdentifier, BasicConstraints, BasicOCSPResponse, CAVersion, CRLBag, CRLDistributionPoints, CertBag, CertID, Certificate, CertificateChainValidationEngine, CertificatePolicies, CertificateRevocationList, CertificateSet, CertificateTemplate, CertificationRequest, ChainValidationCode, ChainValidationError, ContentInfo, CryptoEngine, DigestInfo, DistributionPoint, ECCCMSSharedInfo, ECNamedCurves, ECPrivateKey, ECPublicKey, EncapsulatedContentInfo, EncryptedContentInfo, EncryptedData, EnvelopedData, ExtKeyUsage, Extension, ExtensionValueFactory, Extensions, GeneralName, GeneralNames, GeneralSubtree, HASHED_MESSAGE, HASH_ALGORITHM, Holder, InfoAccess, IssuerAndSerialNumber, IssuerSerial, IssuingDistributionPoint, KEKIdentifier, KEKRecipientInfo, KeyAgreeRecipientIdentifier, KeyAgreeRecipientInfo, KeyBag, KeyTransRecipientInfo, MICROS, MILLIS, MacData, MessageImprint, NameConstraints, OCSPRequest, OCSPResponse, ObjectDigestInfo, OriginatorIdentifierOrKey, OriginatorInfo, OriginatorPublicKey, OtherCertificateFormat, OtherKeyAttribute, OtherPrimeInfo, OtherRecipientInfo, OtherRevocationInfoFormat, PBES2Params, PBKDF2Params, PFX, PKCS8ShroudedKeyBag, PKIStatus, PKIStatusInfo, POLICY_IDENTIFIER, POLICY_QUALIFIERS, ParameterError, PasswordRecipientinfo, PkiObject, PolicyConstraints, PolicyInformation, PolicyMapping, PolicyMappings, PolicyQualifierInfo, PrivateKeyInfo, PrivateKeyUsagePeriod, PublicKeyInfo, QCStatement, QCStatements, RDN, RSAESOAEPParams, RSAPrivateKey, RSAPublicKey, RSASSAPSSParams, RecipientEncryptedKey, RecipientEncryptedKeys, RecipientIdentifier, RecipientInfo, RecipientKeyIdentifier, RelativeDistinguishedNames, Request, ResponseBytes, ResponseData, RevocationInfoChoices, RevokedCertificate, SECONDS, SafeBag, SafeBagValueFactory, SafeContents, SecretBag, Signature, SignedAndUnsignedAttributes, SignedCertificateTimestamp, SignedCertificateTimestampList, SignedData, SignedDataVerifyError, SignerInfo, SingleResponse, SubjectDirectoryAttributes, TBSRequest, TSTInfo, TYPE$4 as TYPE, TYPE_AND_VALUES, Time, TimeStampReq, TimeStampResp, TimeType, V2Form, VALUE$5 as VALUE, VALUE_BEFORE_DECODE, checkCA, createCMSECDSASignature, createECDSASignatureFromCMS, engine, getAlgorithmByOID, getAlgorithmParameters, getCrypto, getEngine, getHashAlgorithm, getOIDByAlgorithm, getRandomValues, id_AnyPolicy, id_AuthorityInfoAccess, id_AuthorityKeyIdentifier, id_BaseCRLNumber, id_BasicConstraints, id_CRLBag_X509CRL, id_CRLDistributionPoints, id_CRLNumber, id_CRLReason, id_CertBag_AttributeCertificate, id_CertBag_SDSICertificate, id_CertBag_X509Certificate, id_CertificateIssuer, id_CertificatePolicies, id_ContentType_Data, id_ContentType_EncryptedData, id_ContentType_EnvelopedData, id_ContentType_SignedData, id_ExtKeyUsage, id_FreshestCRL, id_InhibitAnyPolicy, id_InvalidityDate, id_IssuerAltName, id_IssuingDistributionPoint, id_KeyUsage, id_MicrosoftAppPolicies, id_MicrosoftCaVersion, id_MicrosoftCertTemplateV1, id_MicrosoftCertTemplateV2, id_MicrosoftPrevCaCertHash, id_NameConstraints, id_PKIX_OCSP_Basic, id_PolicyConstraints, id_PolicyMappings, id_PrivateKeyUsagePeriod, id_QCStatements, id_SignedCertificateTimestampList, id_SubjectAltName, id_SubjectDirectoryAttributes, id_SubjectInfoAccess, id_SubjectKeyIdentifier, id_ad, id_ad_caIssuers, id_ad_ocsp, id_eContentType_TSTInfo, id_pkix, id_sha1, id_sha256, id_sha384, id_sha512, kdf, setEngine, stringPrep, verifySCTsForCertificate };