lerko/portfolio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
bf7e23b972f313d26e2e0d51ad2e2a02fe1f8d5b
portfolio/node_modules/.cache/babel-loader/4c5e3440a3e0b079487374f46e25cd34.json
Tyler Koenig c612b7d702 applying transfer to react app
2021-09-20 16:54:47 -04:00

1 line
70 KiB
JSON
Raw Blame History

{"ast":null,"code":"// Copyright 2017 Joyent, Inc.\nmodule.exports = {\n read: read,\n verify: verify,\n sign: sign,\n signAsync: signAsync,\n write: write\n};\n\nvar assert = require('assert-plus');\n\nvar asn1 = require('asn1');\n\nvar Buffer = require('safer-buffer').Buffer;\n\nvar algs = require('../algs');\n\nvar utils = require('../utils');\n\nvar Key = require('../key');\n\nvar PrivateKey = require('../private-key');\n\nvar pem = require('./pem');\n\nvar Identity = require('../identity');\n\nvar Signature = require('../signature');\n\nvar Certificate = require('../certificate');\n\nvar pkcs8 = require('./pkcs8');\n/*\n * This file is based on RFC5280 (X.509).\n */\n\n/* Helper to read in a single mpint */\n\n\nfunction readMPInt(der, nm) {\n assert.strictEqual(der.peek(), asn1.Ber.Integer, nm + ' is not an Integer');\n return utils.mpNormalize(der.readString(asn1.Ber.Integer, true));\n}\n\nfunction verify(cert, key) {\n var sig = cert.signatures.x509;\n assert.object(sig, 'x509 signature');\n var algParts = sig.algo.split('-');\n if (algParts[0] !== key.type) return false;\n var blob = sig.cache;\n\n if (blob === undefined) {\n var der = new asn1.BerWriter();\n writeTBSCert(cert, der);\n blob = der.buffer;\n }\n\n var verifier = key.createVerify(algParts[1]);\n verifier.write(blob);\n return verifier.verify(sig.signature);\n}\n\nfunction Local(i) {\n return asn1.Ber.Context | asn1.Ber.Constructor | i;\n}\n\nfunction Context(i) {\n return asn1.Ber.Context | i;\n}\n\nvar SIGN_ALGS = {\n 'rsa-md5': '1.2.840.113549.1.1.4',\n 'rsa-sha1': '1.2.840.113549.1.1.5',\n 'rsa-sha256': '1.2.840.113549.1.1.11',\n 'rsa-sha384': '1.2.840.113549.1.1.12',\n 'rsa-sha512': '1.2.840.113549.1.1.13',\n 'dsa-sha1': '1.2.840.10040.4.3',\n 'dsa-sha256': '2.16.840.1.101.3.4.3.2',\n 'ecdsa-sha1': '1.2.840.10045.4.1',\n 'ecdsa-sha256': '1.2.840.10045.4.3.2',\n 'ecdsa-sha384': '1.2.840.10045.4.3.3',\n 'ecdsa-sha512': '1.2.840.10045.4.3.4',\n 'ed25519-sha512': '1.3.101.112'\n};\nObject.keys(SIGN_ALGS).forEach(function (k) {\n SIGN_ALGS[SIGN_ALGS[k]] = k;\n});\nSIGN_ALGS['1.3.14.3.2.3'] = 'rsa-md5';\nSIGN_ALGS['1.3.14.3.2.29'] = 'rsa-sha1';\nvar EXTS = {\n 'issuerKeyId': '2.5.29.35',\n 'altName': '2.5.29.17',\n 'basicConstraints': '2.5.29.19',\n 'keyUsage': '2.5.29.15',\n 'extKeyUsage': '2.5.29.37'\n};\n\nfunction read(buf, options) {\n if (typeof buf === 'string') {\n buf = Buffer.from(buf, 'binary');\n }\n\n assert.buffer(buf, 'buf');\n var der = new asn1.BerReader(buf);\n der.readSequence();\n\n if (Math.abs(der.length - der.remain) > 1) {\n throw new Error('DER sequence does not contain whole byte ' + 'stream');\n }\n\n var tbsStart = der.offset;\n der.readSequence();\n var sigOffset = der.offset + der.length;\n var tbsEnd = sigOffset;\n\n if (der.peek() === Local(0)) {\n der.readSequence(Local(0));\n var version = der.readInt();\n assert.ok(version <= 3, 'only x.509 versions up to v3 supported');\n }\n\n var cert = {};\n cert.signatures = {};\n var sig = cert.signatures.x509 = {};\n sig.extras = {};\n cert.serial = readMPInt(der, 'serial');\n der.readSequence();\n var after = der.offset + der.length;\n var certAlgOid = der.readOID();\n var certAlg = SIGN_ALGS[certAlgOid];\n if (certAlg === undefined) throw new Error('unknown signature algorithm ' + certAlgOid);\n der._offset = after;\n cert.issuer = Identity.parseAsn1(der);\n der.readSequence();\n cert.validFrom = readDate(der);\n cert.validUntil = readDate(der);\n cert.subjects = [Identity.parseAsn1(der)];\n der.readSequence();\n after = der.offset + der.length;\n cert.subjectKey = pkcs8.readPkcs8(undefined, 'public', der);\n der._offset = after;\n /* issuerUniqueID */\n\n if (der.peek() === Local(1)) {\n der.readSequence(Local(1));\n sig.extras.issuerUniqueID = buf.slice(der.offset, der.offset + der.length);\n der._offset += der.length;\n }\n /* subjectUniqueID */\n\n\n if (der.peek() === Local(2)) {\n der.readSequence(Local(2));\n sig.extras.subjectUniqueID = buf.slice(der.offset, der.offset + der.length);\n der._offset += der.length;\n }\n /* extensions */\n\n\n if (der.peek() === Local(3)) {\n der.readSequence(Local(3));\n var extEnd = der.offset + der.length;\n der.readSequence();\n\n while (der.offset < extEnd) readExtension(cert, buf, der);\n\n assert.strictEqual(der.offset, extEnd);\n }\n\n assert.strictEqual(der.offset, sigOffset);\n der.readSequence();\n after = der.offset + der.length;\n var sigAlgOid = der.readOID();\n var sigAlg = SIGN_ALGS[sigAlgOid];\n if (sigAlg === undefined) throw new Error('unknown signature algorithm ' + sigAlgOid);\n der._offset = after;\n var sigData = der.readString(asn1.Ber.BitString, true);\n if (sigData[0] === 0) sigData = sigData.slice(1);\n var algParts = sigAlg.split('-');\n sig.signature = Signature.parse(sigData, algParts[0], 'asn1');\n sig.signature.hashAlgorithm = algParts[1];\n sig.algo = sigAlg;\n sig.cache = buf.slice(tbsStart, tbsEnd);\n return new Certificate(cert);\n}\n\nfunction readDate(der) {\n if (der.peek() === asn1.Ber.UTCTime) {\n return utcTimeToDate(der.readString(asn1.Ber.UTCTime));\n } else if (der.peek() === asn1.Ber.GeneralizedTime) {\n return gTimeToDate(der.readString(asn1.Ber.GeneralizedTime));\n } else {\n throw new Error('Unsupported date format');\n }\n}\n\nfunction writeDate(der, date) {\n if (date.getUTCFullYear() >= 2050 || date.getUTCFullYear() < 1950) {\n der.writeString(dateToGTime(date), asn1.Ber.GeneralizedTime);\n } else {\n der.writeString(dateToUTCTime(date), asn1.Ber.UTCTime);\n }\n}\n/* RFC5280, section 4.2.1.6 (GeneralName type) */\n\n\nvar ALTNAME = {\n OtherName: Local(0),\n RFC822Name: Context(1),\n DNSName: Context(2),\n X400Address: Local(3),\n DirectoryName: Local(4),\n EDIPartyName: Local(5),\n URI: Context(6),\n IPAddress: Context(7),\n OID: Context(8)\n};\n/* RFC5280, section 4.2.1.12 (KeyPurposeId) */\n\nvar EXTPURPOSE = {\n 'serverAuth': '1.3.6.1.5.5.7.3.1',\n 'clientAuth': '1.3.6.1.5.5.7.3.2',\n 'codeSigning': '1.3.6.1.5.5.7.3.3',\n\n /* See https://github.com/joyent/oid-docs/blob/master/root.md */\n 'joyentDocker': '1.3.6.1.4.1.38678.1.4.1',\n 'joyentCmon': '1.3.6.1.4.1.38678.1.4.2'\n};\nvar EXTPURPOSE_REV = {};\nObject.keys(EXTPURPOSE).forEach(function (k) {\n EXTPURPOSE_REV[EXTPURPOSE[k]] = k;\n});\nvar KEYUSEBITS = ['signature', 'identity', 'keyEncryption', 'encryption', 'keyAgreement', 'ca', 'crl'];\n\nfunction readExtension(cert, buf, der) {\n der.readSequence();\n var after = der.offset + der.length;\n var extId = der.readOID();\n var id;\n var sig = cert.signatures.x509;\n if (!sig.extras.exts) sig.extras.exts = [];\n var critical;\n if (der.peek() === asn1.Ber.Boolean) critical = der.readBoolean();\n\n switch (extId) {\n case EXTS.basicConstraints:\n der.readSequence(asn1.Ber.OctetString);\n der.readSequence();\n var bcEnd = der.offset + der.length;\n var ca = false;\n if (der.peek() === asn1.Ber.Boolean) ca = der.readBoolean();\n if (cert.purposes === undefined) cert.purposes = [];\n if (ca === true) cert.purposes.push('ca');\n var bc = {\n oid: extId,\n critical: critical\n };\n if (der.offset < bcEnd && der.peek() === asn1.Ber.Integer) bc.pathLen = der.readInt();\n sig.extras.exts.push(bc);\n break;\n\n case EXTS.extKeyUsage:\n der.readSequence(asn1.Ber.OctetString);\n der.readSequence();\n if (cert.purposes === undefined) cert.purposes = [];\n var ekEnd = der.offset + der.length;\n\n while (der.offset < ekEnd) {\n var oid = der.readOID();\n cert.purposes.push(EXTPURPOSE_REV[oid] || oid);\n }\n /*\n * This is a bit of a hack: in the case where we have a cert\n * that's only allowed to do serverAuth or clientAuth (and not\n * the other), we want to make sure all our Subjects are of\n * the right type. But we already parsed our Subjects and\n * decided if they were hosts or users earlier (since it appears\n * first in the cert).\n *\n * So we go through and mutate them into the right kind here if\n * it doesn't match. This might not be hugely beneficial, as it\n * seems that single-purpose certs are not often seen in the\n * wild.\n */\n\n\n if (cert.purposes.indexOf('serverAuth') !== -1 && cert.purposes.indexOf('clientAuth') === -1) {\n cert.subjects.forEach(function (ide) {\n if (ide.type !== 'host') {\n ide.type = 'host';\n ide.hostname = ide.uid || ide.email || ide.components[0].value;\n }\n });\n } else if (cert.purposes.indexOf('clientAuth') !== -1 && cert.purposes.indexOf('serverAuth') === -1) {\n cert.subjects.forEach(function (ide) {\n if (ide.type !== 'user') {\n ide.type = 'user';\n ide.uid = ide.hostname || ide.email || ide.components[0].value;\n }\n });\n }\n\n sig.extras.exts.push({\n oid: extId,\n critical: critical\n });\n break;\n\n case EXTS.keyUsage:\n der.readSequence(asn1.Ber.OctetString);\n var bits = der.readString(asn1.Ber.BitString, true);\n var setBits = readBitField(bits, KEYUSEBITS);\n setBits.forEach(function (bit) {\n if (cert.purposes === undefined) cert.purposes = [];\n if (cert.purposes.indexOf(bit) === -1) cert.purposes.push(bit);\n });\n sig.extras.exts.push({\n oid: extId,\n critical: critical,\n bits: bits\n });\n break;\n\n case EXTS.altName:\n der.readSequence(asn1.Ber.OctetString);\n der.readSequence();\n var aeEnd = der.offset + der.length;\n\n while (der.offset < aeEnd) {\n switch (der.peek()) {\n case ALTNAME.OtherName:\n case ALTNAME.EDIPartyName:\n der.readSequence();\n der._offset += der.length;\n break;\n\n case ALTNAME.OID:\n der.readOID(ALTNAME.OID);\n break;\n\n case ALTNAME.RFC822Name:\n /* RFC822 specifies email addresses */\n var email = der.readString(ALTNAME.RFC822Name);\n id = Identity.forEmail(email);\n if (!cert.subjects[0].equals(id)) cert.subjects.push(id);\n break;\n\n case ALTNAME.DirectoryName:\n der.readSequence(ALTNAME.DirectoryName);\n id = Identity.parseAsn1(der);\n if (!cert.subjects[0].equals(id)) cert.subjects.push(id);\n break;\n\n case ALTNAME.DNSName:\n var host = der.readString(ALTNAME.DNSName);\n id = Identity.forHost(host);\n if (!cert.subjects[0].equals(id)) cert.subjects.push(id);\n break;\n\n default:\n der.readString(der.peek());\n break;\n }\n }\n\n sig.extras.exts.push({\n oid: extId,\n critical: critical\n });\n break;\n\n default:\n sig.extras.exts.push({\n oid: extId,\n critical: critical,\n data: der.readString(asn1.Ber.OctetString, true)\n });\n break;\n }\n\n der._offset = after;\n}\n\nvar UTCTIME_RE = /^([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})?Z$/;\n\nfunction utcTimeToDate(t) {\n var m = t.match(UTCTIME_RE);\n assert.ok(m, 'timestamps must be in UTC');\n var d = new Date();\n var thisYear = d.getUTCFullYear();\n var century = Math.floor(thisYear / 100) * 100;\n var year = parseInt(m[1], 10);\n if (thisYear % 100 < 50 && year >= 60) year += century - 1;else year += century;\n d.setUTCFullYear(year, parseInt(m[2], 10) - 1, parseInt(m[3], 10));\n d.setUTCHours(parseInt(m[4], 10), parseInt(m[5], 10));\n if (m[6] && m[6].length > 0) d.setUTCSeconds(parseInt(m[6], 10));\n return d;\n}\n\nvar GTIME_RE = /^([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})?Z$/;\n\nfunction gTimeToDate(t) {\n var m = t.match(GTIME_RE);\n assert.ok(m);\n var d = new Date();\n d.setUTCFullYear(parseInt(m[1], 10), parseInt(m[2], 10) - 1, parseInt(m[3], 10));\n d.setUTCHours(parseInt(m[4], 10), parseInt(m[5], 10));\n if (m[6] && m[6].length > 0) d.setUTCSeconds(parseInt(m[6], 10));\n return d;\n}\n\nfunction zeroPad(n, m) {\n if (m === undefined) m = 2;\n var s = '' + n;\n\n while (s.length < m) s = '0' + s;\n\n return s;\n}\n\nfunction dateToUTCTime(d) {\n var s = '';\n s += zeroPad(d.getUTCFullYear() % 100);\n s += zeroPad(d.getUTCMonth() + 1);\n s += zeroPad(d.getUTCDate());\n s += zeroPad(d.getUTCHours());\n s += zeroPad(d.getUTCMinutes());\n s += zeroPad(d.getUTCSeconds());\n s += 'Z';\n return s;\n}\n\nfunction dateToGTime(d) {\n var s = '';\n s += zeroPad(d.getUTCFullYear(), 4);\n s += zeroPad(d.getUTCMonth() + 1);\n s += zeroPad(d.getUTCDate());\n s += zeroPad(d.getUTCHours());\n s += zeroPad(d.getUTCMinutes());\n s += zeroPad(d.getUTCSeconds());\n s += 'Z';\n return s;\n}\n\nfunction sign(cert, key) {\n if (cert.signatures.x509 === undefined) cert.signatures.x509 = {};\n var sig = cert.signatures.x509;\n sig.algo = key.type + '-' + key.defaultHashAlgorithm();\n if (SIGN_ALGS[sig.algo] === undefined) return false;\n var der = new asn1.BerWriter();\n writeTBSCert(cert, der);\n var blob = der.buffer;\n sig.cache = blob;\n var signer = key.createSign();\n signer.write(blob);\n cert.signatures.x509.signature = signer.sign();\n return true;\n}\n\nfunction signAsync(cert, signer, done) {\n if (cert.signatures.x509 === undefined) cert.signatures.x509 = {};\n var sig = cert.signatures.x509;\n var der = new asn1.BerWriter();\n writeTBSCert(cert, der);\n var blob = der.buffer;\n sig.cache = blob;\n signer(blob, function (err, signature) {\n if (err) {\n done(err);\n return;\n }\n\n sig.algo = signature.type + '-' + signature.hashAlgorithm;\n\n if (SIGN_ALGS[sig.algo] === undefined) {\n done(new Error('Invalid signing algorithm \"' + sig.algo + '\"'));\n return;\n }\n\n sig.signature = signature;\n done();\n });\n}\n\nfunction write(cert, options) {\n var sig = cert.signatures.x509;\n assert.object(sig, 'x509 signature');\n var der = new asn1.BerWriter();\n der.startSequence();\n\n if (sig.cache) {\n der._ensure(sig.cache.length);\n\n sig.cache.copy(der._buf, der._offset);\n der._offset += sig.cache.length;\n } else {\n writeTBSCert(cert, der);\n }\n\n der.startSequence();\n der.writeOID(SIGN_ALGS[sig.algo]);\n if (sig.algo.match(/^rsa-/)) der.writeNull();\n der.endSequence();\n var sigData = sig.signature.toBuffer('asn1');\n var data = Buffer.alloc(sigData.length + 1);\n data[0] = 0;\n sigData.copy(data, 1);\n der.writeBuffer(data, asn1.Ber.BitString);\n der.endSequence();\n return der.buffer;\n}\n\nfunction writeTBSCert(cert, der) {\n var sig = cert.signatures.x509;\n assert.object(sig, 'x509 signature');\n der.startSequence();\n der.startSequence(Local(0));\n der.writeInt(2);\n der.endSequence();\n der.writeBuffer(utils.mpNormalize(cert.serial), asn1.Ber.Integer);\n der.startSequence();\n der.writeOID(SIGN_ALGS[sig.algo]);\n if (sig.algo.match(/^rsa-/)) der.writeNull();\n der.endSequence();\n cert.issuer.toAsn1(der);\n der.startSequence();\n writeDate(der, cert.validFrom);\n writeDate(der, cert.validUntil);\n der.endSequence();\n var subject = cert.subjects[0];\n var altNames = cert.subjects.slice(1);\n subject.toAsn1(der);\n pkcs8.writePkcs8(der, cert.subjectKey);\n\n if (sig.extras && sig.extras.issuerUniqueID) {\n der.writeBuffer(sig.extras.issuerUniqueID, Local(1));\n }\n\n if (sig.extras && sig.extras.subjectUniqueID) {\n der.writeBuffer(sig.extras.subjectUniqueID, Local(2));\n }\n\n if (altNames.length > 0 || subject.type === 'host' || cert.purposes !== undefined && cert.purposes.length > 0 || sig.extras && sig.extras.exts) {\n der.startSequence(Local(3));\n der.startSequence();\n var exts = [];\n\n if (cert.purposes !== undefined && cert.purposes.length > 0) {\n exts.push({\n oid: EXTS.basicConstraints,\n critical: true\n });\n exts.push({\n oid: EXTS.keyUsage,\n critical: true\n });\n exts.push({\n oid: EXTS.extKeyUsage,\n critical: true\n });\n }\n\n exts.push({\n oid: EXTS.altName\n });\n if (sig.extras && sig.extras.exts) exts = sig.extras.exts;\n\n for (var i = 0; i < exts.length; ++i) {\n der.startSequence();\n der.writeOID(exts[i].oid);\n if (exts[i].critical !== undefined) der.writeBoolean(exts[i].critical);\n\n if (exts[i].oid === EXTS.altName) {\n der.startSequence(asn1.Ber.OctetString);\n der.startSequence();\n\n if (subject.type === 'host') {\n der.writeString(subject.hostname, Context(2));\n }\n\n for (var j = 0; j < altNames.length; ++j) {\n if (altNames[j].type === 'host') {\n der.writeString(altNames[j].hostname, ALTNAME.DNSName);\n } else if (altNames[j].type === 'email') {\n der.writeString(altNames[j].email, ALTNAME.RFC822Name);\n } else {\n /*\n * Encode anything else as a\n * DN style name for now.\n */\n der.startSequence(ALTNAME.DirectoryName);\n altNames[j].toAsn1(der);\n der.endSequence();\n }\n }\n\n der.endSequence();\n der.endSequence();\n } else if (exts[i].oid === EXTS.basicConstraints) {\n der.startSequence(asn1.Ber.OctetString);\n der.startSequence();\n var ca = cert.purposes.indexOf('ca') !== -1;\n var pathLen = exts[i].pathLen;\n der.writeBoolean(ca);\n if (pathLen !== undefined) der.writeInt(pathLen);\n der.endSequence();\n der.endSequence();\n } else if (exts[i].oid === EXTS.extKeyUsage) {\n der.startSequence(asn1.Ber.OctetString);\n der.startSequence();\n cert.purposes.forEach(function (purpose) {\n if (purpose === 'ca') return;\n if (KEYUSEBITS.indexOf(purpose) !== -1) return;\n var oid = purpose;\n if (EXTPURPOSE[purpose] !== undefined) oid = EXTPURPOSE[purpose];\n der.writeOID(oid);\n });\n der.endSequence();\n der.endSequence();\n } else if (exts[i].oid === EXTS.keyUsage) {\n der.startSequence(asn1.Ber.OctetString);\n /*\n * If we parsed this certificate from a byte\n * stream (i.e. we didn't generate it in sshpk)\n * then we'll have a \".bits\" property on the\n * ext with the original raw byte contents.\n *\n * If we have this, use it here instead of\n * regenerating it. This guarantees we output\n * the same data we parsed, so signatures still\n * validate.\n */\n\n if (exts[i].bits !== undefined) {\n der.writeBuffer(exts[i].bits, asn1.Ber.BitString);\n } else {\n var bits = writeBitField(cert.purposes, KEYUSEBITS);\n der.writeBuffer(bits, asn1.Ber.BitString);\n }\n\n der.endSequence();\n } else {\n der.writeBuffer(exts[i].data, asn1.Ber.OctetString);\n }\n\n der.endSequence();\n }\n\n der.endSequence();\n der.endSequence();\n }\n\n der.endSequence();\n}\n/*\n * Reads an ASN.1 BER bitfield out of the Buffer produced by doing\n * `BerReader#readString(asn1.Ber.BitString)`. That function gives us the raw\n * contents of the BitString tag, which is a count of unused bits followed by\n * the bits as a right-padded byte string.\n *\n * `bits` is the Buffer, `bitIndex` should contain an array of string names\n * for the bits in the string, ordered starting with bit #0 in the ASN.1 spec.\n *\n * Returns an array of Strings, the names of the bits that were set to 1.\n */\n\n\nfunction readBitField(bits, bitIndex) {\n var bitLen = 8 * (bits.length - 1) - bits[0];\n var setBits = {};\n\n for (var i = 0; i < bitLen; ++i) {\n var byteN = 1 + Math.floor(i / 8);\n var bit = 7 - i % 8;\n var mask = 1 << bit;\n var bitVal = (bits[byteN] & mask) !== 0;\n var name = bitIndex[i];\n\n if (bitVal && typeof name === 'string') {\n setBits[name] = true;\n }\n }\n\n return Object.keys(setBits);\n}\n/*\n * `setBits` is an array of strings, containing the names for each bit that\n * sould be set to 1. `bitIndex` is same as in `readBitField()`.\n *\n * Returns a Buffer, ready to be written out with `BerWriter#writeString()`.\n */\n\n\nfunction writeBitField(setBits, bitIndex) {\n var bitLen = bitIndex.length;\n var blen = Math.ceil(bitLen / 8);\n var unused = blen * 8 - bitLen;\n var bits = Buffer.alloc(1 + blen); // zero-filled\n\n bits[0] = unused;\n\n for (var i = 0; i < bitLen; ++i) {\n var byteN = 1 + Math.floor(i / 8);\n var bit = 7 - i % 8;\n var mask = 1 << bit;\n var name = bitIndex[i];\n if (name === undefined) continue;\n var bitVal = setBits.indexOf(name) !== -1;\n\n if (bitVal) {\n bits[byteN] |= mask;\n }\n }\n\n return bits;\n}","map":{"version":3,"sources":["/Users/tylerkoenig/Code/personal/react-scss2/node_modules/sshpk/lib/formats/x509.js"],"names":["module","exports","read","verify","sign","signAsync","write","assert","require","asn1","Buffer","algs","utils","Key","PrivateKey","pem","Identity","Signature","Certificate","pkcs8","readMPInt","der","nm","strictEqual","peek","Ber","Integer","mpNormalize","readString","cert","key","sig","signatures","x509","object","algParts","algo","split","type","blob","cache","undefined","BerWriter","writeTBSCert","buffer","verifier","createVerify","signature","Local","i","Context","Constructor","SIGN_ALGS","Object","keys","forEach","k","EXTS","buf","options","from","BerReader","readSequence","Math","abs","length","remain","Error","tbsStart","offset","sigOffset","tbsEnd","version","readInt","ok","extras","serial","after","certAlgOid","readOID","certAlg","_offset","issuer","parseAsn1","validFrom","readDate","validUntil","subjects","subjectKey","readPkcs8","issuerUniqueID","slice","subjectUniqueID","extEnd","readExtension","sigAlgOid","sigAlg","sigData","BitString","parse","hashAlgorithm","UTCTime","utcTimeToDate","GeneralizedTime","gTimeToDate","writeDate","date","getUTCFullYear","writeString","dateToGTime","dateToUTCTime","ALTNAME","OtherName","RFC822Name","DNSName","X400Address","DirectoryName","EDIPartyName","URI","IPAddress","OID","EXTPURPOSE","EXTPURPOSE_REV","KEYUSEBITS","extId","id","exts","critical","Boolean","readBoolean","basicConstraints","OctetString","bcEnd","ca","purposes","push","bc","oid","pathLen","extKeyUsage","ekEnd","indexOf","ide","hostname","uid","email","components","value","keyUsage","bits","setBits","readBitField","bit","altName","aeEnd","forEmail","equals","host","forHost","data","UTCTIME_RE","t","m","match","d","Date","thisYear","century","floor","year","parseInt","setUTCFullYear","setUTCHours","setUTCSeconds","GTIME_RE","zeroPad","n","s","getUTCMonth","getUTCDate","getUTCHours","getUTCMinutes","getUTCSeconds","defaultHashAlgorithm","signer","createSign","done","err","startSequence","_ensure","copy","_buf","writeOID","writeNull","endSequence","toBuffer","alloc","writeBuffer","writeInt","toAsn1","subject","altNames","writePkcs8","writeBoolean","j","purpose","writeBitField","bitIndex","bitLen","byteN","mask","bitVal","name","blen","ceil","unused"],"mappings":"AAAA;AAEAA,MAAM,CAACC,OAAP,GAAiB;AAChBC,EAAAA,IAAI,EAAEA,IADU;AAEhBC,EAAAA,MAAM,EAAEA,MAFQ;AAGhBC,EAAAA,IAAI,EAAEA,IAHU;AAIhBC,EAAAA,SAAS,EAAEA,SAJK;AAKhBC,EAAAA,KAAK,EAAEA;AALS,CAAjB;;AAQA,IAAIC,MAAM,GAAGC,OAAO,CAAC,aAAD,CAApB;;AACA,IAAIC,IAAI,GAAGD,OAAO,CAAC,MAAD,CAAlB;;AACA,IAAIE,MAAM,GAAGF,OAAO,CAAC,cAAD,CAAP,CAAwBE,MAArC;;AACA,IAAIC,IAAI,GAAGH,OAAO,CAAC,SAAD,CAAlB;;AACA,IAAII,KAAK,GAAGJ,OAAO,CAAC,UAAD,CAAnB;;AACA,IAAIK,GAAG,GAAGL,OAAO,CAAC,QAAD,CAAjB;;AACA,IAAIM,UAAU,GAAGN,OAAO,CAAC,gBAAD,CAAxB;;AACA,IAAIO,GAAG,GAAGP,OAAO,CAAC,OAAD,CAAjB;;AACA,IAAIQ,QAAQ,GAAGR,OAAO,CAAC,aAAD,CAAtB;;AACA,IAAIS,SAAS,GAAGT,OAAO,CAAC,cAAD,CAAvB;;AACA,IAAIU,WAAW,GAAGV,OAAO,CAAC,gBAAD,CAAzB;;AACA,IAAIW,KAAK,GAAGX,OAAO,CAAC,SAAD,CAAnB;AAEA;AACA;AACA;;AAEA;;;AACA,SAASY,SAAT,CAAmBC,GAAnB,EAAwBC,EAAxB,EAA4B;AAC3Bf,EAAAA,MAAM,CAACgB,WAAP,CAAmBF,GAAG,CAACG,IAAJ,EAAnB,EAA+Bf,IAAI,CAACgB,GAAL,CAASC,OAAxC,EACIJ,EAAE,GAAG,oBADT;AAEA,SAAQV,KAAK,CAACe,WAAN,CAAkBN,GAAG,CAACO,UAAJ,CAAenB,IAAI,CAACgB,GAAL,CAASC,OAAxB,EAAiC,IAAjC,CAAlB,CAAR;AACA;;AAED,SAASvB,MAAT,CAAgB0B,IAAhB,EAAsBC,GAAtB,EAA2B;AAC1B,MAAIC,GAAG,GAAGF,IAAI,CAACG,UAAL,CAAgBC,IAA1B;AACA1B,EAAAA,MAAM,CAAC2B,MAAP,CAAcH,GAAd,EAAmB,gBAAnB;AAEA,MAAII,QAAQ,GAAGJ,GAAG,CAACK,IAAJ,CAASC,KAAT,CAAe,GAAf,CAAf;AACA,MAAIF,QAAQ,CAAC,CAAD,CAAR,KAAgBL,GAAG,CAACQ,IAAxB,EACC,OAAQ,KAAR;AAED,MAAIC,IAAI,GAAGR,GAAG,CAACS,KAAf;;AACA,MAAID,IAAI,KAAKE,SAAb,EAAwB;AACvB,QAAIpB,GAAG,GAAG,IAAIZ,IAAI,CAACiC,SAAT,EAAV;AACAC,IAAAA,YAAY,CAACd,IAAD,EAAOR,GAAP,CAAZ;AACAkB,IAAAA,IAAI,GAAGlB,GAAG,CAACuB,MAAX;AACA;;AAED,MAAIC,QAAQ,GAAGf,GAAG,CAACgB,YAAJ,CAAiBX,QAAQ,CAAC,CAAD,CAAzB,CAAf;AACAU,EAAAA,QAAQ,CAACvC,KAAT,CAAeiC,IAAf;AACA,SAAQM,QAAQ,CAAC1C,MAAT,CAAgB4B,GAAG,CAACgB,SAApB,CAAR;AACA;;AAED,SAASC,KAAT,CAAeC,CAAf,EAAkB;AACjB,SAAQxC,IAAI,CAACgB,GAAL,CAASyB,OAAT,GAAmBzC,IAAI,CAACgB,GAAL,CAAS0B,WAA5B,GAA0CF,CAAlD;AACA;;AAED,SAASC,OAAT,CAAiBD,CAAjB,EAAoB;AACnB,SAAQxC,IAAI,CAACgB,GAAL,CAASyB,OAAT,GAAmBD,CAA3B;AACA;;AAED,IAAIG,SAAS,GAAG;AACf,aAAW,sBADI;AAEf,cAAY,sBAFG;AAGf,gBAAc,uBAHC;AAIf,gBAAc,uBAJC;AAKf,gBAAc,uBALC;AAMf,cAAY,mBANG;AAOf,gBAAc,wBAPC;AAQf,gBAAc,mBARC;AASf,kBAAgB,qBATD;AAUf,kBAAgB,qBAVD;AAWf,kBAAgB,qBAXD;AAYf,oBAAkB;AAZH,CAAhB;AAcAC,MAAM,CAACC,IAAP,CAAYF,SAAZ,EAAuBG,OAAvB,CAA+B,UAAUC,CAAV,EAAa;AAC3CJ,EAAAA,SAAS,CAACA,SAAS,CAACI,CAAD,CAAV,CAAT,GAA0BA,CAA1B;AACA,CAFD;AAGAJ,SAAS,CAAC,cAAD,CAAT,GAA4B,SAA5B;AACAA,SAAS,CAAC,eAAD,CAAT,GAA6B,UAA7B;AAEA,IAAIK,IAAI,GAAG;AACV,iBAAe,WADL;AAEV,aAAW,WAFD;AAGV,sBAAoB,WAHV;AAIV,cAAY,WAJF;AAKV,iBAAe;AALL,CAAX;;AAQA,SAASvD,IAAT,CAAcwD,GAAd,EAAmBC,OAAnB,EAA4B;AAC3B,MAAI,OAAQD,GAAR,KAAiB,QAArB,EAA+B;AAC9BA,IAAAA,GAAG,GAAGhD,MAAM,CAACkD,IAAP,CAAYF,GAAZ,EAAiB,QAAjB,CAAN;AACA;;AACDnD,EAAAA,MAAM,CAACqC,MAAP,CAAcc,GAAd,EAAmB,KAAnB;AAEA,MAAIrC,GAAG,GAAG,IAAIZ,IAAI,CAACoD,SAAT,CAAmBH,GAAnB,CAAV;AAEArC,EAAAA,GAAG,CAACyC,YAAJ;;AACA,MAAIC,IAAI,CAACC,GAAL,CAAS3C,GAAG,CAAC4C,MAAJ,GAAa5C,GAAG,CAAC6C,MAA1B,IAAoC,CAAxC,EAA2C;AAC1C,UAAO,IAAIC,KAAJ,CAAU,8CACb,QADG,CAAP;AAEA;;AAED,MAAIC,QAAQ,GAAG/C,GAAG,CAACgD,MAAnB;AACAhD,EAAAA,GAAG,CAACyC,YAAJ;AACA,MAAIQ,SAAS,GAAGjD,GAAG,CAACgD,MAAJ,GAAahD,GAAG,CAAC4C,MAAjC;AACA,MAAIM,MAAM,GAAGD,SAAb;;AAEA,MAAIjD,GAAG,CAACG,IAAJ,OAAewB,KAAK,CAAC,CAAD,CAAxB,EAA6B;AAC5B3B,IAAAA,GAAG,CAACyC,YAAJ,CAAiBd,KAAK,CAAC,CAAD,CAAtB;AACA,QAAIwB,OAAO,GAAGnD,GAAG,CAACoD,OAAJ,EAAd;AACAlE,IAAAA,MAAM,CAACmE,EAAP,CAAUF,OAAO,IAAI,CAArB,EACI,wCADJ;AAEA;;AAED,MAAI3C,IAAI,GAAG,EAAX;AACAA,EAAAA,IAAI,CAACG,UAAL,GAAkB,EAAlB;AACA,MAAID,GAAG,GAAIF,IAAI,CAACG,UAAL,CAAgBC,IAAhB,GAAuB,EAAlC;AACAF,EAAAA,GAAG,CAAC4C,MAAJ,GAAa,EAAb;AAEA9C,EAAAA,IAAI,CAAC+C,MAAL,GAAcxD,SAAS,CAACC,GAAD,EAAM,QAAN,CAAvB;AAEAA,EAAAA,GAAG,CAACyC,YAAJ;AACA,MAAIe,KAAK,GAAGxD,GAAG,CAACgD,MAAJ,GAAahD,GAAG,CAAC4C,MAA7B;AACA,MAAIa,UAAU,GAAGzD,GAAG,CAAC0D,OAAJ,EAAjB;AACA,MAAIC,OAAO,GAAG5B,SAAS,CAAC0B,UAAD,CAAvB;AACA,MAAIE,OAAO,KAAKvC,SAAhB,EACC,MAAO,IAAI0B,KAAJ,CAAU,iCAAiCW,UAA3C,CAAP;AAEDzD,EAAAA,GAAG,CAAC4D,OAAJ,GAAcJ,KAAd;AACAhD,EAAAA,IAAI,CAACqD,MAAL,GAAclE,QAAQ,CAACmE,SAAT,CAAmB9D,GAAnB,CAAd;AAEAA,EAAAA,GAAG,CAACyC,YAAJ;AACAjC,EAAAA,IAAI,CAACuD,SAAL,GAAiBC,QAAQ,CAAChE,GAAD,CAAzB;AACAQ,EAAAA,IAAI,CAACyD,UAAL,GAAkBD,QAAQ,CAAChE,GAAD,CAA1B;AAEAQ,EAAAA,IAAI,CAAC0D,QAAL,GAAgB,CAACvE,QAAQ,CAACmE,SAAT,CAAmB9D,GAAnB,CAAD,CAAhB;AAEAA,EAAAA,GAAG,CAACyC,YAAJ;AACAe,EAAAA,KAAK,GAAGxD,GAAG,CAACgD,MAAJ,GAAahD,GAAG,CAAC4C,MAAzB;AACApC,EAAAA,IAAI,CAAC2D,UAAL,GAAkBrE,KAAK,CAACsE,SAAN,CAAgBhD,SAAhB,EAA2B,QAA3B,EAAqCpB,GAArC,CAAlB;AACAA,EAAAA,GAAG,CAAC4D,OAAJ,GAAcJ,KAAd;AAEA;;AACA,MAAIxD,GAAG,CAACG,IAAJ,OAAewB,KAAK,CAAC,CAAD,CAAxB,EAA6B;AAC5B3B,IAAAA,GAAG,CAACyC,YAAJ,CAAiBd,KAAK,CAAC,CAAD,CAAtB;AACAjB,IAAAA,GAAG,CAAC4C,MAAJ,CAAWe,cAAX,GACIhC,GAAG,CAACiC,KAAJ,CAAUtE,GAAG,CAACgD,MAAd,EAAsBhD,GAAG,CAACgD,MAAJ,GAAahD,GAAG,CAAC4C,MAAvC,CADJ;AAEA5C,IAAAA,GAAG,CAAC4D,OAAJ,IAAe5D,GAAG,CAAC4C,MAAnB;AACA;AAED;;;AACA,MAAI5C,GAAG,CAACG,IAAJ,OAAewB,KAAK,CAAC,CAAD,CAAxB,EAA6B;AAC5B3B,IAAAA,GAAG,CAACyC,YAAJ,CAAiBd,KAAK,CAAC,CAAD,CAAtB;AACAjB,IAAAA,GAAG,CAAC4C,MAAJ,CAAWiB,eAAX,GACIlC,GAAG,CAACiC,KAAJ,CAAUtE,GAAG,CAACgD,MAAd,EAAsBhD,GAAG,CAACgD,MAAJ,GAAahD,GAAG,CAAC4C,MAAvC,CADJ;AAEA5C,IAAAA,GAAG,CAAC4D,OAAJ,IAAe5D,GAAG,CAAC4C,MAAnB;AACA;AAED;;;AACA,MAAI5C,GAAG,CAACG,IAAJ,OAAewB,KAAK,CAAC,CAAD,CAAxB,EAA6B;AAC5B3B,IAAAA,GAAG,CAACyC,YAAJ,CAAiBd,KAAK,CAAC,CAAD,CAAtB;AACA,QAAI6C,MAAM,GAAGxE,GAAG,CAACgD,MAAJ,GAAahD,GAAG,CAAC4C,MAA9B;AACA5C,IAAAA,GAAG,CAACyC,YAAJ;;AAEA,WAAOzC,GAAG,CAACgD,MAAJ,GAAawB,MAApB,EACCC,aAAa,CAACjE,IAAD,EAAO6B,GAAP,EAAYrC,GAAZ,CAAb;;AAEDd,IAAAA,MAAM,CAACgB,WAAP,CAAmBF,GAAG,CAACgD,MAAvB,EAA+BwB,MAA/B;AACA;;AAEDtF,EAAAA,MAAM,CAACgB,WAAP,CAAmBF,GAAG,CAACgD,MAAvB,EAA+BC,SAA/B;AAEAjD,EAAAA,GAAG,CAACyC,YAAJ;AACAe,EAAAA,KAAK,GAAGxD,GAAG,CAACgD,MAAJ,GAAahD,GAAG,CAAC4C,MAAzB;AACA,MAAI8B,SAAS,GAAG1E,GAAG,CAAC0D,OAAJ,EAAhB;AACA,MAAIiB,MAAM,GAAG5C,SAAS,CAAC2C,SAAD,CAAtB;AACA,MAAIC,MAAM,KAAKvD,SAAf,EACC,MAAO,IAAI0B,KAAJ,CAAU,iCAAiC4B,SAA3C,CAAP;AACD1E,EAAAA,GAAG,CAAC4D,OAAJ,GAAcJ,KAAd;AAEA,MAAIoB,OAAO,GAAG5E,GAAG,CAACO,UAAJ,CAAenB,IAAI,CAACgB,GAAL,CAASyE,SAAxB,EAAmC,IAAnC,CAAd;AACA,MAAID,OAAO,CAAC,CAAD,CAAP,KAAe,CAAnB,EACCA,OAAO,GAAGA,OAAO,CAACN,KAAR,CAAc,CAAd,CAAV;AACD,MAAIxD,QAAQ,GAAG6D,MAAM,CAAC3D,KAAP,CAAa,GAAb,CAAf;AAEAN,EAAAA,GAAG,CAACgB,SAAJ,GAAgB9B,SAAS,CAACkF,KAAV,CAAgBF,OAAhB,EAAyB9D,QAAQ,CAAC,CAAD,CAAjC,EAAsC,MAAtC,CAAhB;AACAJ,EAAAA,GAAG,CAACgB,SAAJ,CAAcqD,aAAd,GAA8BjE,QAAQ,CAAC,CAAD,CAAtC;AACAJ,EAAAA,GAAG,CAACK,IAAJ,GAAW4D,MAAX;AACAjE,EAAAA,GAAG,CAACS,KAAJ,GAAYkB,GAAG,CAACiC,KAAJ,CAAUvB,QAAV,EAAoBG,MAApB,CAAZ;AAEA,SAAQ,IAAIrD,WAAJ,CAAgBW,IAAhB,CAAR;AACA;;AAED,SAASwD,QAAT,CAAkBhE,GAAlB,EAAuB;AACtB,MAAIA,GAAG,CAACG,IAAJ,OAAef,IAAI,CAACgB,GAAL,CAAS4E,OAA5B,EAAqC;AACpC,WAAQC,aAAa,CAACjF,GAAG,CAACO,UAAJ,CAAenB,IAAI,CAACgB,GAAL,CAAS4E,OAAxB,CAAD,CAArB;AACA,GAFD,MAEO,IAAIhF,GAAG,CAACG,IAAJ,OAAef,IAAI,CAACgB,GAAL,CAAS8E,eAA5B,EAA6C;AACnD,WAAQC,WAAW,CAACnF,GAAG,CAACO,UAAJ,CAAenB,IAAI,CAACgB,GAAL,CAAS8E,eAAxB,CAAD,CAAnB;AACA,GAFM,MAEA;AACN,UAAO,IAAIpC,KAAJ,CAAU,yBAAV,CAAP;AACA;AACD;;AAED,SAASsC,SAAT,CAAmBpF,GAAnB,EAAwBqF,IAAxB,EAA8B;AAC7B,MAAIA,IAAI,CAACC,cAAL,MAAyB,IAAzB,IAAiCD,IAAI,CAACC,cAAL,KAAwB,IAA7D,EAAmE;AAClEtF,IAAAA,GAAG,CAACuF,WAAJ,CAAgBC,WAAW,CAACH,IAAD,CAA3B,EAAmCjG,IAAI,CAACgB,GAAL,CAAS8E,eAA5C;AACA,GAFD,MAEO;AACNlF,IAAAA,GAAG,CAACuF,WAAJ,CAAgBE,aAAa,CAACJ,IAAD,CAA7B,EAAqCjG,IAAI,CAACgB,GAAL,CAAS4E,OAA9C;AACA;AACD;AAED;;;AACA,IAAIU,OAAO,GAAG;AACbC,EAAAA,SAAS,EAAEhE,KAAK,CAAC,CAAD,CADH;AAEbiE,EAAAA,UAAU,EAAE/D,OAAO,CAAC,CAAD,CAFN;AAGbgE,EAAAA,OAAO,EAAEhE,OAAO,CAAC,CAAD,CAHH;AAIbiE,EAAAA,WAAW,EAAEnE,KAAK,CAAC,CAAD,CAJL;AAKboE,EAAAA,aAAa,EAAEpE,KAAK,CAAC,CAAD,CALP;AAMbqE,EAAAA,YAAY,EAAErE,KAAK,CAAC,CAAD,CANN;AAObsE,EAAAA,GAAG,EAAEpE,OAAO,CAAC,CAAD,CAPC;AAQbqE,EAAAA,SAAS,EAAErE,OAAO,CAAC,CAAD,CARL;AASbsE,EAAAA,GAAG,EAAEtE,OAAO,CAAC,CAAD;AATC,CAAd;AAYA;;AACA,IAAIuE,UAAU,GAAG;AAChB,gBAAc,mBADE;AAEhB,gBAAc,mBAFE;AAGhB,iBAAe,mBAHC;;AAKhB;AACA,kBAAgB,yBANA;AAOhB,gBAAc;AAPE,CAAjB;AASA,IAAIC,cAAc,GAAG,EAArB;AACArE,MAAM,CAACC,IAAP,CAAYmE,UAAZ,EAAwBlE,OAAxB,CAAgC,UAAUC,CAAV,EAAa;AAC5CkE,EAAAA,cAAc,CAACD,UAAU,CAACjE,CAAD,CAAX,CAAd,GAAgCA,CAAhC;AACA,CAFD;AAIA,IAAImE,UAAU,GAAG,CAChB,WADgB,EACH,UADG,EACS,eADT,EAEhB,YAFgB,EAEF,cAFE,EAEc,IAFd,EAEoB,KAFpB,CAAjB;;AAKA,SAAS7B,aAAT,CAAuBjE,IAAvB,EAA6B6B,GAA7B,EAAkCrC,GAAlC,EAAuC;AACtCA,EAAAA,GAAG,CAACyC,YAAJ;AACA,MAAIe,KAAK,GAAGxD,GAAG,CAACgD,MAAJ,GAAahD,GAAG,CAAC4C,MAA7B;AACA,MAAI2D,KAAK,GAAGvG,GAAG,CAAC0D,OAAJ,EAAZ;AACA,MAAI8C,EAAJ;AACA,MAAI9F,GAAG,GAAGF,IAAI,CAACG,UAAL,CAAgBC,IAA1B;AACA,MAAI,CAACF,GAAG,CAAC4C,MAAJ,CAAWmD,IAAhB,EACC/F,GAAG,CAAC4C,MAAJ,CAAWmD,IAAX,GAAkB,EAAlB;AAED,MAAIC,QAAJ;AACA,MAAI1G,GAAG,CAACG,IAAJ,OAAef,IAAI,CAACgB,GAAL,CAASuG,OAA5B,EACCD,QAAQ,GAAG1G,GAAG,CAAC4G,WAAJ,EAAX;;AAED,UAAQL,KAAR;AACA,SAAMnE,IAAI,CAACyE,gBAAX;AACC7G,MAAAA,GAAG,CAACyC,YAAJ,CAAiBrD,IAAI,CAACgB,GAAL,CAAS0G,WAA1B;AACA9G,MAAAA,GAAG,CAACyC,YAAJ;AACA,UAAIsE,KAAK,GAAG/G,GAAG,CAACgD,MAAJ,GAAahD,GAAG,CAAC4C,MAA7B;AACA,UAAIoE,EAAE,GAAG,KAAT;AACA,UAAIhH,GAAG,CAACG,IAAJ,OAAef,IAAI,CAACgB,GAAL,CAASuG,OAA5B,EACCK,EAAE,GAAGhH,GAAG,CAAC4G,WAAJ,EAAL;AACD,UAAIpG,IAAI,CAACyG,QAAL,KAAkB7F,SAAtB,EACCZ,IAAI,CAACyG,QAAL,GAAgB,EAAhB;AACD,UAAID,EAAE,KAAK,IAAX,EACCxG,IAAI,CAACyG,QAAL,CAAcC,IAAd,CAAmB,IAAnB;AACD,UAAIC,EAAE,GAAG;AAAEC,QAAAA,GAAG,EAAEb,KAAP;AAAcG,QAAAA,QAAQ,EAAEA;AAAxB,OAAT;AACA,UAAI1G,GAAG,CAACgD,MAAJ,GAAa+D,KAAb,IAAsB/G,GAAG,CAACG,IAAJ,OAAef,IAAI,CAACgB,GAAL,CAASC,OAAlD,EACC8G,EAAE,CAACE,OAAH,GAAarH,GAAG,CAACoD,OAAJ,EAAb;AACD1C,MAAAA,GAAG,CAAC4C,MAAJ,CAAWmD,IAAX,CAAgBS,IAAhB,CAAqBC,EAArB;AACA;;AACD,SAAM/E,IAAI,CAACkF,WAAX;AACCtH,MAAAA,GAAG,CAACyC,YAAJ,CAAiBrD,IAAI,CAACgB,GAAL,CAAS0G,WAA1B;AACA9G,MAAAA,GAAG,CAACyC,YAAJ;AACA,UAAIjC,IAAI,CAACyG,QAAL,KAAkB7F,SAAtB,EACCZ,IAAI,CAACyG,QAAL,GAAgB,EAAhB;AACD,UAAIM,KAAK,GAAGvH,GAAG,CAACgD,MAAJ,GAAahD,GAAG,CAAC4C,MAA7B;;AACA,aAAO5C,GAAG,CAACgD,MAAJ,GAAauE,KAApB,EAA2B;AAC1B,YAAIH,GAAG,GAAGpH,GAAG,CAAC0D,OAAJ,EAAV;AACAlD,QAAAA,IAAI,CAACyG,QAAL,CAAcC,IAAd,CAAmBb,cAAc,CAACe,GAAD,CAAd,IAAuBA,GAA1C;AACA;AACD;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACE,UAAI5G,IAAI,CAACyG,QAAL,CAAcO,OAAd,CAAsB,YAAtB,MAAwC,CAAC,CAAzC,IACAhH,IAAI,CAACyG,QAAL,CAAcO,OAAd,CAAsB,YAAtB,MAAwC,CAAC,CAD7C,EACgD;AAC/ChH,QAAAA,IAAI,CAAC0D,QAAL,CAAchC,OAAd,CAAsB,UAAUuF,GAAV,EAAe;AACpC,cAAIA,GAAG,CAACxG,IAAJ,KAAa,MAAjB,EAAyB;AACxBwG,YAAAA,GAAG,CAACxG,IAAJ,GAAW,MAAX;AACAwG,YAAAA,GAAG,CAACC,QAAJ,GAAeD,GAAG,CAACE,GAAJ,IACXF,GAAG,CAACG,KADO,IAEXH,GAAG,CAACI,UAAJ,CAAe,CAAf,EAAkBC,KAFtB;AAGA;AACD,SAPD;AAQA,OAVD,MAUO,IAAItH,IAAI,CAACyG,QAAL,CAAcO,OAAd,CAAsB,YAAtB,MAAwC,CAAC,CAAzC,IACPhH,IAAI,CAACyG,QAAL,CAAcO,OAAd,CAAsB,YAAtB,MAAwC,CAAC,CADtC,EACyC;AAC/ChH,QAAAA,IAAI,CAAC0D,QAAL,CAAchC,OAAd,CAAsB,UAAUuF,GAAV,EAAe;AACpC,cAAIA,GAAG,CAACxG,IAAJ,KAAa,MAAjB,EAAyB;AACxBwG,YAAAA,GAAG,CAACxG,IAAJ,GAAW,MAAX;AACAwG,YAAAA,GAAG,CAACE,GAAJ,GAAUF,GAAG,CAACC,QAAJ,IACND,GAAG,CAACG,KADE,IAENH,GAAG,CAACI,UAAJ,CAAe,CAAf,EAAkBC,KAFtB;AAGA;AACD,SAPD;AAQA;;AACDpH,MAAAA,GAAG,CAAC4C,MAAJ,CAAWmD,IAAX,CAAgBS,IAAhB,CAAqB;AAAEE,QAAAA,GAAG,EAAEb,KAAP;AAAcG,QAAAA,QAAQ,EAAEA;AAAxB,OAArB;AACA;;AACD,SAAMtE,IAAI,CAAC2F,QAAX;AACC/H,MAAAA,GAAG,CAACyC,YAAJ,CAAiBrD,IAAI,CAACgB,GAAL,CAAS0G,WAA1B;AACA,UAAIkB,IAAI,GAAGhI,GAAG,CAACO,UAAJ,CAAenB,IAAI,CAACgB,GAAL,CAASyE,SAAxB,EAAmC,IAAnC,CAAX;AACA,UAAIoD,OAAO,GAAGC,YAAY,CAACF,IAAD,EAAO1B,UAAP,CAA1B;AACA2B,MAAAA,OAAO,CAAC/F,OAAR,CAAgB,UAAUiG,GAAV,EAAe;AAC9B,YAAI3H,IAAI,CAACyG,QAAL,KAAkB7F,SAAtB,EACCZ,IAAI,CAACyG,QAAL,GAAgB,EAAhB;AACD,YAAIzG,IAAI,CAACyG,QAAL,CAAcO,OAAd,CAAsBW,GAAtB,MAA+B,CAAC,CAApC,EACC3H,IAAI,CAACyG,QAAL,CAAcC,IAAd,CAAmBiB,GAAnB;AACD,OALD;AAMAzH,MAAAA,GAAG,CAAC4C,MAAJ,CAAWmD,IAAX,CAAgBS,IAAhB,CAAqB;AAAEE,QAAAA,GAAG,EAAEb,KAAP;AAAcG,QAAAA,QAAQ,EAAEA,QAAxB;AACjBsB,QAAAA,IAAI,EAAEA;AADW,OAArB;AAEA;;AACD,SAAM5F,IAAI,CAACgG,OAAX;AACCpI,MAAAA,GAAG,CAACyC,YAAJ,CAAiBrD,IAAI,CAACgB,GAAL,CAAS0G,WAA1B;AACA9G,MAAAA,GAAG,CAACyC,YAAJ;AACA,UAAI4F,KAAK,GAAGrI,GAAG,CAACgD,MAAJ,GAAahD,GAAG,CAAC4C,MAA7B;;AACA,aAAO5C,GAAG,CAACgD,MAAJ,GAAaqF,KAApB,EAA2B;AAC1B,gBAAQrI,GAAG,CAACG,IAAJ,EAAR;AACA,eAAKuF,OAAO,CAACC,SAAb;AACA,eAAKD,OAAO,CAACM,YAAb;AACChG,YAAAA,GAAG,CAACyC,YAAJ;AACAzC,YAAAA,GAAG,CAAC4D,OAAJ,IAAe5D,GAAG,CAAC4C,MAAnB;AACA;;AACD,eAAK8C,OAAO,CAACS,GAAb;AACCnG,YAAAA,GAAG,CAAC0D,OAAJ,CAAYgC,OAAO,CAACS,GAApB;AACA;;AACD,eAAKT,OAAO,CAACE,UAAb;AACC;AACA,gBAAIgC,KAAK,GAAG5H,GAAG,CAACO,UAAJ,CAAemF,OAAO,CAACE,UAAvB,CAAZ;AACAY,YAAAA,EAAE,GAAG7G,QAAQ,CAAC2I,QAAT,CAAkBV,KAAlB,CAAL;AACA,gBAAI,CAACpH,IAAI,CAAC0D,QAAL,CAAc,CAAd,EAAiBqE,MAAjB,CAAwB/B,EAAxB,CAAL,EACChG,IAAI,CAAC0D,QAAL,CAAcgD,IAAd,CAAmBV,EAAnB;AACD;;AACD,eAAKd,OAAO,CAACK,aAAb;AACC/F,YAAAA,GAAG,CAACyC,YAAJ,CAAiBiD,OAAO,CAACK,aAAzB;AACAS,YAAAA,EAAE,GAAG7G,QAAQ,CAACmE,SAAT,CAAmB9D,GAAnB,CAAL;AACA,gBAAI,CAACQ,IAAI,CAAC0D,QAAL,CAAc,CAAd,EAAiBqE,MAAjB,CAAwB/B,EAAxB,CAAL,EACChG,IAAI,CAAC0D,QAAL,CAAcgD,IAAd,CAAmBV,EAAnB;AACD;;AACD,eAAKd,OAAO,CAACG,OAAb;AACC,gBAAI2C,IAAI,GAAGxI,GAAG,CAACO,UAAJ,CACPmF,OAAO,CAACG,OADD,CAAX;AAEAW,YAAAA,EAAE,GAAG7G,QAAQ,CAAC8I,OAAT,CAAiBD,IAAjB,CAAL;AACA,gBAAI,CAAChI,IAAI,CAAC0D,QAAL,CAAc,CAAd,EAAiBqE,MAAjB,CAAwB/B,EAAxB,CAAL,EACChG,IAAI,CAAC0D,QAAL,CAAcgD,IAAd,CAAmBV,EAAnB;AACD;;AACD;AACCxG,YAAAA,GAAG,CAACO,UAAJ,CAAeP,GAAG,CAACG,IAAJ,EAAf;AACA;AA/BD;AAiCA;;AACDO,MAAAA,GAAG,CAAC4C,MAAJ,CAAWmD,IAAX,CAAgBS,IAAhB,CAAqB;AAAEE,QAAAA,GAAG,EAAEb,KAAP;AAAcG,QAAAA,QAAQ,EAAEA;AAAxB,OAArB;AACA;;AACD;AACChG,MAAAA,GAAG,CAAC4C,MAAJ,CAAWmD,IAAX,CAAgBS,IAAhB,CAAqB;AACpBE,QAAAA,GAAG,EAAEb,KADe;AAEpBG,QAAAA,QAAQ,EAAEA,QAFU;AAGpBgC,QAAAA,IAAI,EAAE1I,GAAG,CAACO,UAAJ,CAAenB,IAAI,CAACgB,GAAL,CAAS0G,WAAxB,EAAqC,IAArC;AAHc,OAArB;AAKA;AA3HD;;AA8HA9G,EAAAA,GAAG,CAAC4D,OAAJ,GAAcJ,KAAd;AACA;;AAED,IAAImF,UAAU,GACV,kEADJ;;AAEA,SAAS1D,aAAT,CAAuB2D,CAAvB,EAA0B;AACzB,MAAIC,CAAC,GAAGD,CAAC,CAACE,KAAF,CAAQH,UAAR,CAAR;AACAzJ,EAAAA,MAAM,CAACmE,EAAP,CAAUwF,CAAV,EAAa,2BAAb;AACA,MAAIE,CAAC,GAAG,IAAIC,IAAJ,EAAR;AAEA,MAAIC,QAAQ,GAAGF,CAAC,CAACzD,cAAF,EAAf;AACA,MAAI4D,OAAO,GAAGxG,IAAI,CAACyG,KAAL,CAAWF,QAAQ,GAAG,GAAtB,IAA6B,GAA3C;AAEA,MAAIG,IAAI,GAAGC,QAAQ,CAACR,CAAC,CAAC,CAAD,CAAF,EAAO,EAAP,CAAnB;AACA,MAAII,QAAQ,GAAG,GAAX,GAAiB,EAAjB,IAAuBG,IAAI,IAAI,EAAnC,EACCA,IAAI,IAAKF,OAAO,GAAG,CAAnB,CADD,KAGCE,IAAI,IAAIF,OAAR;AACDH,EAAAA,CAAC,CAACO,cAAF,CAAiBF,IAAjB,EAAuBC,QAAQ,CAACR,CAAC,CAAC,CAAD,CAAF,EAAO,EAAP,CAAR,GAAqB,CAA5C,EAA+CQ,QAAQ,CAACR,CAAC,CAAC,CAAD,CAAF,EAAO,EAAP,CAAvD;AACAE,EAAAA,CAAC,CAACQ,WAAF,CAAcF,QAAQ,CAACR,CAAC,CAAC,CAAD,CAAF,EAAO,EAAP,CAAtB,EAAkCQ,QAAQ,CAACR,CAAC,CAAC,CAAD,CAAF,EAAO,EAAP,CAA1C;AACA,MAAIA,CAAC,CAAC,CAAD,CAAD,IAAQA,CAAC,CAAC,CAAD,CAAD,CAAKjG,MAAL,GAAc,CAA1B,EACCmG,CAAC,CAACS,aAAF,CAAgBH,QAAQ,CAACR,CAAC,CAAC,CAAD,CAAF,EAAO,EAAP,CAAxB;AACD,SAAQE,CAAR;AACA;;AAED,IAAIU,QAAQ,GACR,kEADJ;;AAEA,SAAStE,WAAT,CAAqByD,CAArB,EAAwB;AACvB,MAAIC,CAAC,GAAGD,CAAC,CAACE,KAAF,CAAQW,QAAR,CAAR;AACAvK,EAAAA,MAAM,CAACmE,EAAP,CAAUwF,CAAV;AACA,MAAIE,CAAC,GAAG,IAAIC,IAAJ,EAAR;AAEAD,EAAAA,CAAC,CAACO,cAAF,CAAiBD,QAAQ,CAACR,CAAC,CAAC,CAAD,CAAF,EAAO,EAAP,CAAzB,EAAqCQ,QAAQ,CAACR,CAAC,CAAC,CAAD,CAAF,EAAO,EAAP,CAAR,GAAqB,CAA1D,EACIQ,QAAQ,CAACR,CAAC,CAAC,CAAD,CAAF,EAAO,EAAP,CADZ;AAEAE,EAAAA,CAAC,CAACQ,WAAF,CAAcF,QAAQ,CAACR,CAAC,CAAC,CAAD,CAAF,EAAO,EAAP,CAAtB,EAAkCQ,QAAQ,CAACR,CAAC,CAAC,CAAD,CAAF,EAAO,EAAP,CAA1C;AACA,MAAIA,CAAC,CAAC,CAAD,CAAD,IAAQA,CAAC,CAAC,CAAD,CAAD,CAAKjG,MAAL,GAAc,CAA1B,EACCmG,CAAC,CAACS,aAAF,CAAgBH,QAAQ,CAACR,CAAC,CAAC,CAAD,CAAF,EAAO,EAAP,CAAxB;AACD,SAAQE,CAAR;AACA;;AAED,SAASW,OAAT,CAAiBC,CAAjB,EAAoBd,CAApB,EAAuB;AACtB,MAAIA,CAAC,KAAKzH,SAAV,EACCyH,CAAC,GAAG,CAAJ;AACD,MAAIe,CAAC,GAAG,KAAKD,CAAb;;AACA,SAAOC,CAAC,CAAChH,MAAF,GAAWiG,CAAlB,EACCe,CAAC,GAAG,MAAMA,CAAV;;AACD,SAAQA,CAAR;AACA;;AAED,SAASnE,aAAT,CAAuBsD,CAAvB,EAA0B;AACzB,MAAIa,CAAC,GAAG,EAAR;AACAA,EAAAA,CAAC,IAAIF,OAAO,CAACX,CAAC,CAACzD,cAAF,KAAqB,GAAtB,CAAZ;AACAsE,EAAAA,CAAC,IAAIF,OAAO,CAACX,CAAC,CAACc,WAAF,KAAkB,CAAnB,CAAZ;AACAD,EAAAA,CAAC,IAAIF,OAAO,CAACX,CAAC,CAACe,UAAF,EAAD,CAAZ;AACAF,EAAAA,CAAC,IAAIF,OAAO,CAACX,CAAC,CAACgB,WAAF,EAAD,CAAZ;AACAH,EAAAA,CAAC,IAAIF,OAAO,CAACX,CAAC,CAACiB,aAAF,EAAD,CAAZ;AACAJ,EAAAA,CAAC,IAAIF,OAAO,CAACX,CAAC,CAACkB,aAAF,EAAD,CAAZ;AACAL,EAAAA,CAAC,IAAI,GAAL;AACA,SAAQA,CAAR;AACA;;AAED,SAASpE,WAAT,CAAqBuD,CAArB,EAAwB;AACvB,MAAIa,CAAC,GAAG,EAAR;AACAA,EAAAA,CAAC,IAAIF,OAAO,CAACX,CAAC,CAACzD,cAAF,EAAD,EAAqB,CAArB,CAAZ;AACAsE,EAAAA,CAAC,IAAIF,OAAO,CAACX,CAAC,CAACc,WAAF,KAAkB,CAAnB,CAAZ;AACAD,EAAAA,CAAC,IAAIF,OAAO,CAACX,CAAC,CAACe,UAAF,EAAD,CAAZ;AACAF,EAAAA,CAAC,IAAIF,OAAO,CAACX,CAAC,CAACgB,WAAF,EAAD,CAAZ;AACAH,EAAAA,CAAC,IAAIF,OAAO,CAACX,CAAC,CAACiB,aAAF,EAAD,CAAZ;AACAJ,EAAAA,CAAC,IAAIF,OAAO,CAACX,CAAC,CAACkB,aAAF,EAAD,CAAZ;AACAL,EAAAA,CAAC,IAAI,GAAL;AACA,SAAQA,CAAR;AACA;;AAED,SAAS7K,IAAT,CAAcyB,IAAd,EAAoBC,GAApB,EAAyB;AACxB,MAAID,IAAI,CAACG,UAAL,CAAgBC,IAAhB,KAAyBQ,SAA7B,EACCZ,IAAI,CAACG,UAAL,CAAgBC,IAAhB,GAAuB,EAAvB;AACD,MAAIF,GAAG,GAAGF,IAAI,CAACG,UAAL,CAAgBC,IAA1B;AAEAF,EAAAA,GAAG,CAACK,IAAJ,GAAWN,GAAG,CAACQ,IAAJ,GAAW,GAAX,GAAiBR,GAAG,CAACyJ,oBAAJ,EAA5B;AACA,MAAInI,SAAS,CAACrB,GAAG,CAACK,IAAL,CAAT,KAAwBK,SAA5B,EACC,OAAQ,KAAR;AAED,MAAIpB,GAAG,GAAG,IAAIZ,IAAI,CAACiC,SAAT,EAAV;AACAC,EAAAA,YAAY,CAACd,IAAD,EAAOR,GAAP,CAAZ;AACA,MAAIkB,IAAI,GAAGlB,GAAG,CAACuB,MAAf;AACAb,EAAAA,GAAG,CAACS,KAAJ,GAAYD,IAAZ;AAEA,MAAIiJ,MAAM,GAAG1J,GAAG,CAAC2J,UAAJ,EAAb;AACAD,EAAAA,MAAM,CAAClL,KAAP,CAAaiC,IAAb;AACAV,EAAAA,IAAI,CAACG,UAAL,CAAgBC,IAAhB,CAAqBc,SAArB,GAAiCyI,MAAM,CAACpL,IAAP,EAAjC;AAEA,SAAQ,IAAR;AACA;;AAED,SAASC,SAAT,CAAmBwB,IAAnB,EAAyB2J,MAAzB,EAAiCE,IAAjC,EAAuC;AACtC,MAAI7J,IAAI,CAACG,UAAL,CAAgBC,IAAhB,KAAyBQ,SAA7B,EACCZ,IAAI,CAACG,UAAL,CAAgBC,IAAhB,GAAuB,EAAvB;AACD,MAAIF,GAAG,GAAGF,IAAI,CAACG,UAAL,CAAgBC,IAA1B;AAEA,MAAIZ,GAAG,GAAG,IAAIZ,IAAI,CAACiC,SAAT,EAAV;AACAC,EAAAA,YAAY,CAACd,IAAD,EAAOR,GAAP,CAAZ;AACA,MAAIkB,IAAI,GAAGlB,GAAG,CAACuB,MAAf;AACAb,EAAAA,GAAG,CAACS,KAAJ,GAAYD,IAAZ;AAEAiJ,EAAAA,MAAM,CAACjJ,IAAD,EAAO,UAAUoJ,GAAV,EAAe5I,SAAf,EAA0B;AACtC,QAAI4I,GAAJ,EAAS;AACRD,MAAAA,IAAI,CAACC,GAAD,CAAJ;AACA;AACA;;AACD5J,IAAAA,GAAG,CAACK,IAAJ,GAAWW,SAAS,CAACT,IAAV,GAAiB,GAAjB,GAAuBS,SAAS,CAACqD,aAA5C;;AACA,QAAIhD,SAAS,CAACrB,GAAG,CAACK,IAAL,CAAT,KAAwBK,SAA5B,EAAuC;AACtCiJ,MAAAA,IAAI,CAAC,IAAIvH,KAAJ,CAAU,gCACXpC,GAAG,CAACK,IADO,GACA,GADV,CAAD,CAAJ;AAEA;AACA;;AACDL,IAAAA,GAAG,CAACgB,SAAJ,GAAgBA,SAAhB;AACA2I,IAAAA,IAAI;AACJ,GAbK,CAAN;AAcA;;AAED,SAASpL,KAAT,CAAeuB,IAAf,EAAqB8B,OAArB,EAA8B;AAC7B,MAAI5B,GAAG,GAAGF,IAAI,CAACG,UAAL,CAAgBC,IAA1B;AACA1B,EAAAA,MAAM,CAAC2B,MAAP,CAAcH,GAAd,EAAmB,gBAAnB;AAEA,MAAIV,GAAG,GAAG,IAAIZ,IAAI,CAACiC,SAAT,EAAV;AACArB,EAAAA,GAAG,CAACuK,aAAJ;;AACA,MAAI7J,GAAG,CAACS,KAAR,EAAe;AACdnB,IAAAA,GAAG,CAACwK,OAAJ,CAAY9J,GAAG,CAACS,KAAJ,CAAUyB,MAAtB;;AACAlC,IAAAA,GAAG,CAACS,KAAJ,CAAUsJ,IAAV,CAAezK,GAAG,CAAC0K,IAAnB,EAAyB1K,GAAG,CAAC4D,OAA7B;AACA5D,IAAAA,GAAG,CAAC4D,OAAJ,IAAelD,GAAG,CAACS,KAAJ,CAAUyB,MAAzB;AACA,GAJD,MAIO;AACNtB,IAAAA,YAAY,CAACd,IAAD,EAAOR,GAAP,CAAZ;AACA;;AAEDA,EAAAA,GAAG,CAACuK,aAAJ;AACAvK,EAAAA,GAAG,CAAC2K,QAAJ,CAAa5I,SAAS,CAACrB,GAAG,CAACK,IAAL,CAAtB;AACA,MAAIL,GAAG,CAACK,IAAJ,CAAS+H,KAAT,CAAe,OAAf,CAAJ,EACC9I,GAAG,CAAC4K,SAAJ;AACD5K,EAAAA,GAAG,CAAC6K,WAAJ;AAEA,MAAIjG,OAAO,GAAGlE,GAAG,CAACgB,SAAJ,CAAcoJ,QAAd,CAAuB,MAAvB,CAAd;AACA,MAAIpC,IAAI,GAAGrJ,MAAM,CAAC0L,KAAP,CAAanG,OAAO,CAAChC,MAAR,GAAiB,CAA9B,CAAX;AACA8F,EAAAA,IAAI,CAAC,CAAD,CAAJ,GAAU,CAAV;AACA9D,EAAAA,OAAO,CAAC6F,IAAR,CAAa/B,IAAb,EAAmB,CAAnB;AACA1I,EAAAA,GAAG,CAACgL,WAAJ,CAAgBtC,IAAhB,EAAsBtJ,IAAI,CAACgB,GAAL,CAASyE,SAA/B;AACA7E,EAAAA,GAAG,CAAC6K,WAAJ;AAEA,SAAQ7K,GAAG,CAACuB,MAAZ;AACA;;AAED,SAASD,YAAT,CAAsBd,IAAtB,EAA4BR,GAA5B,EAAiC;AAChC,MAAIU,GAAG,GAAGF,IAAI,CAACG,UAAL,CAAgBC,IAA1B;AACA1B,EAAAA,MAAM,CAAC2B,MAAP,CAAcH,GAAd,EAAmB,gBAAnB;AAEAV,EAAAA,GAAG,CAACuK,aAAJ;AAEAvK,EAAAA,GAAG,CAACuK,aAAJ,CAAkB5I,KAAK,CAAC,CAAD,CAAvB;AACA3B,EAAAA,GAAG,CAACiL,QAAJ,CAAa,CAAb;AACAjL,EAAAA,GAAG,CAAC6K,WAAJ;AAEA7K,EAAAA,GAAG,CAACgL,WAAJ,CAAgBzL,KAAK,CAACe,WAAN,CAAkBE,IAAI,CAAC+C,MAAvB,CAAhB,EAAgDnE,IAAI,CAACgB,GAAL,CAASC,OAAzD;AAEAL,EAAAA,GAAG,CAACuK,aAAJ;AACAvK,EAAAA,GAAG,CAAC2K,QAAJ,CAAa5I,SAAS,CAACrB,GAAG,CAACK,IAAL,CAAtB;AACA,MAAIL,GAAG,CAACK,IAAJ,CAAS+H,KAAT,CAAe,OAAf,CAAJ,EACC9I,GAAG,CAAC4K,SAAJ;AACD5K,EAAAA,GAAG,CAAC6K,WAAJ;AAEArK,EAAAA,IAAI,CAACqD,MAAL,CAAYqH,MAAZ,CAAmBlL,GAAnB;AAEAA,EAAAA,GAAG,CAACuK,aAAJ;AACAnF,EAAAA,SAAS,CAACpF,GAAD,EAAMQ,IAAI,CAACuD,SAAX,CAAT;AACAqB,EAAAA,SAAS,CAACpF,GAAD,EAAMQ,IAAI,CAACyD,UAAX,CAAT;AACAjE,EAAAA,GAAG,CAAC6K,WAAJ;AAEA,MAAIM,OAAO,GAAG3K,IAAI,CAAC0D,QAAL,CAAc,CAAd,CAAd;AACA,MAAIkH,QAAQ,GAAG5K,IAAI,CAAC0D,QAAL,CAAcI,KAAd,CAAoB,CAApB,CAAf;AACA6G,EAAAA,OAAO,CAACD,MAAR,CAAelL,GAAf;AAEAF,EAAAA,KAAK,CAACuL,UAAN,CAAiBrL,GAAjB,EAAsBQ,IAAI,CAAC2D,UAA3B;;AAEA,MAAIzD,GAAG,CAAC4C,MAAJ,IAAc5C,GAAG,CAAC4C,MAAJ,CAAWe,cAA7B,EAA6C;AAC5CrE,IAAAA,GAAG,CAACgL,WAAJ,CAAgBtK,GAAG,CAAC4C,MAAJ,CAAWe,cAA3B,EAA2C1C,KAAK,CAAC,CAAD,CAAhD;AACA;;AAED,MAAIjB,GAAG,CAAC4C,MAAJ,IAAc5C,GAAG,CAAC4C,MAAJ,CAAWiB,eAA7B,EAA8C;AAC7CvE,IAAAA,GAAG,CAACgL,WAAJ,CAAgBtK,GAAG,CAAC4C,MAAJ,CAAWiB,eAA3B,EAA4C5C,KAAK,CAAC,CAAD,CAAjD;AACA;;AAED,MAAIyJ,QAAQ,CAACxI,MAAT,GAAkB,CAAlB,IAAuBuI,OAAO,CAAClK,IAAR,KAAiB,MAAxC,IACCT,IAAI,CAACyG,QAAL,KAAkB7F,SAAlB,IAA+BZ,IAAI,CAACyG,QAAL,CAAcrE,MAAd,GAAuB,CADvD,IAEClC,GAAG,CAAC4C,MAAJ,IAAc5C,GAAG,CAAC4C,MAAJ,CAAWmD,IAF9B,EAEqC;AACpCzG,IAAAA,GAAG,CAACuK,aAAJ,CAAkB5I,KAAK,CAAC,CAAD,CAAvB;AACA3B,IAAAA,GAAG,CAACuK,aAAJ;AAEA,QAAI9D,IAAI,GAAG,EAAX;;AACA,QAAIjG,IAAI,CAACyG,QAAL,KAAkB7F,SAAlB,IAA+BZ,IAAI,CAACyG,QAAL,CAAcrE,MAAd,GAAuB,CAA1D,EAA6D;AAC5D6D,MAAAA,IAAI,CAACS,IAAL,CAAU;AACTE,QAAAA,GAAG,EAAEhF,IAAI,CAACyE,gBADD;AAETH,QAAAA,QAAQ,EAAE;AAFD,OAAV;AAIAD,MAAAA,IAAI,CAACS,IAAL,CAAU;AACTE,QAAAA,GAAG,EAAEhF,IAAI,CAAC2F,QADD;AAETrB,QAAAA,QAAQ,EAAE;AAFD,OAAV;AAIAD,MAAAA,IAAI,CAACS,IAAL,CAAU;AACTE,QAAAA,GAAG,EAAEhF,IAAI,CAACkF,WADD;AAETZ,QAAAA,QAAQ,EAAE;AAFD,OAAV;AAIA;;AACDD,IAAAA,IAAI,CAACS,IAAL,CAAU;AAAEE,MAAAA,GAAG,EAAEhF,IAAI,CAACgG;AAAZ,KAAV;AACA,QAAI1H,GAAG,CAAC4C,MAAJ,IAAc5C,GAAG,CAAC4C,MAAJ,CAAWmD,IAA7B,EACCA,IAAI,GAAG/F,GAAG,CAAC4C,MAAJ,CAAWmD,IAAlB;;AAED,SAAK,IAAI7E,CAAC,GAAG,CAAb,EAAgBA,CAAC,GAAG6E,IAAI,CAAC7D,MAAzB,EAAiC,EAAEhB,CAAnC,EAAsC;AACrC5B,MAAAA,GAAG,CAACuK,aAAJ;AACAvK,MAAAA,GAAG,CAAC2K,QAAJ,CAAalE,IAAI,CAAC7E,CAAD,CAAJ,CAAQwF,GAArB;AAEA,UAAIX,IAAI,CAAC7E,CAAD,CAAJ,CAAQ8E,QAAR,KAAqBtF,SAAzB,EACCpB,GAAG,CAACsL,YAAJ,CAAiB7E,IAAI,CAAC7E,CAAD,CAAJ,CAAQ8E,QAAzB;;AAED,UAAID,IAAI,CAAC7E,CAAD,CAAJ,CAAQwF,GAAR,KAAgBhF,IAAI,CAACgG,OAAzB,EAAkC;AACjCpI,QAAAA,GAAG,CAACuK,aAAJ,CAAkBnL,IAAI,CAACgB,GAAL,CAAS0G,WAA3B;AACA9G,QAAAA,GAAG,CAACuK,aAAJ;;AACA,YAAIY,OAAO,CAAClK,IAAR,KAAiB,MAArB,EAA6B;AAC5BjB,UAAAA,GAAG,CAACuF,WAAJ,CAAgB4F,OAAO,CAACzD,QAAxB,EACI7F,OAAO,CAAC,CAAD,CADX;AAEA;;AACD,aAAK,IAAI0J,CAAC,GAAG,CAAb,EAAgBA,CAAC,GAAGH,QAAQ,CAACxI,MAA7B,EAAqC,EAAE2I,CAAvC,EAA0C;AACzC,cAAIH,QAAQ,CAACG,CAAD,CAAR,CAAYtK,IAAZ,KAAqB,MAAzB,EAAiC;AAChCjB,YAAAA,GAAG,CAACuF,WAAJ,CACI6F,QAAQ,CAACG,CAAD,CAAR,CAAY7D,QADhB,EAEIhC,OAAO,CAACG,OAFZ;AAGA,WAJD,MAIO,IAAIuF,QAAQ,CAACG,CAAD,CAAR,CAAYtK,IAAZ,KACP,OADG,EACM;AACZjB,YAAAA,GAAG,CAACuF,WAAJ,CACI6F,QAAQ,CAACG,CAAD,CAAR,CAAY3D,KADhB,EAEIlC,OAAO,CAACE,UAFZ;AAGA,WALM,MAKA;AACN;AACN;AACA;AACA;AACM5F,YAAAA,GAAG,CAACuK,aAAJ,CACI7E,OAAO,CAACK,aADZ;AAEAqF,YAAAA,QAAQ,CAACG,CAAD,CAAR,CAAYL,MAAZ,CAAmBlL,GAAnB;AACAA,YAAAA,GAAG,CAAC6K,WAAJ;AACA;AACD;;AACD7K,QAAAA,GAAG,CAAC6K,WAAJ;AACA7K,QAAAA,GAAG,CAAC6K,WAAJ;AACA,OA9BD,MA8BO,IAAIpE,IAAI,CAAC7E,CAAD,CAAJ,CAAQwF,GAAR,KAAgBhF,IAAI,CAACyE,gBAAzB,EAA2C;AACjD7G,QAAAA,GAAG,CAACuK,aAAJ,CAAkBnL,IAAI,CAACgB,GAAL,CAAS0G,WAA3B;AACA9G,QAAAA,GAAG,CAACuK,aAAJ;AACA,YAAIvD,EAAE,GAAIxG,IAAI,CAACyG,QAAL,CAAcO,OAAd,CAAsB,IAAtB,MAAgC,CAAC,CAA3C;AACA,YAAIH,OAAO,GAAGZ,IAAI,CAAC7E,CAAD,CAAJ,CAAQyF,OAAtB;AACArH,QAAAA,GAAG,CAACsL,YAAJ,CAAiBtE,EAAjB;AACA,YAAIK,OAAO,KAAKjG,SAAhB,EACCpB,GAAG,CAACiL,QAAJ,CAAa5D,OAAb;AACDrH,QAAAA,GAAG,CAAC6K,WAAJ;AACA7K,QAAAA,GAAG,CAAC6K,WAAJ;AACA,OAVM,MAUA,IAAIpE,IAAI,CAAC7E,CAAD,CAAJ,CAAQwF,GAAR,KAAgBhF,IAAI,CAACkF,WAAzB,EAAsC;AAC5CtH,QAAAA,GAAG,CAACuK,aAAJ,CAAkBnL,IAAI,CAACgB,GAAL,CAAS0G,WAA3B;AACA9G,QAAAA,GAAG,CAACuK,aAAJ;AACA/J,QAAAA,IAAI,CAACyG,QAAL,CAAc/E,OAAd,CAAsB,UAAUsJ,OAAV,EAAmB;AACxC,cAAIA,OAAO,KAAK,IAAhB,EACC;AACD,cAAIlF,UAAU,CAACkB,OAAX,CAAmBgE,OAAnB,MAAgC,CAAC,CAArC,EACC;AACD,cAAIpE,GAAG,GAAGoE,OAAV;AACA,cAAIpF,UAAU,CAACoF,OAAD,CAAV,KAAwBpK,SAA5B,EACCgG,GAAG,GAAGhB,UAAU,CAACoF,OAAD,CAAhB;AACDxL,UAAAA,GAAG,CAAC2K,QAAJ,CAAavD,GAAb;AACA,SATD;AAUApH,QAAAA,GAAG,CAAC6K,WAAJ;AACA7K,QAAAA,GAAG,CAAC6K,WAAJ;AACA,OAfM,MAeA,IAAIpE,IAAI,CAAC7E,CAAD,CAAJ,CAAQwF,GAAR,KAAgBhF,IAAI,CAAC2F,QAAzB,EAAmC;AACzC/H,QAAAA,GAAG,CAACuK,aAAJ,CAAkBnL,IAAI,CAACgB,GAAL,CAAS0G,WAA3B;AACA;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AACI,YAAIL,IAAI,CAAC7E,CAAD,CAAJ,CAAQoG,IAAR,KAAiB5G,SAArB,EAAgC;AAC/BpB,UAAAA,GAAG,CAACgL,WAAJ,CAAgBvE,IAAI,CAAC7E,CAAD,CAAJ,CAAQoG,IAAxB,EACI5I,IAAI,CAACgB,GAAL,CAASyE,SADb;AAEA,SAHD,MAGO;AACN,cAAImD,IAAI,GAAGyD,aAAa,CAACjL,IAAI,CAACyG,QAAN,EACpBX,UADoB,CAAxB;AAEAtG,UAAAA,GAAG,CAACgL,WAAJ,CAAgBhD,IAAhB,EACI5I,IAAI,CAACgB,GAAL,CAASyE,SADb;AAEA;;AACD7E,QAAAA,GAAG,CAAC6K,WAAJ;AACA,OAvBM,MAuBA;AACN7K,QAAAA,GAAG,CAACgL,WAAJ,CAAgBvE,IAAI,CAAC7E,CAAD,CAAJ,CAAQ8G,IAAxB,EACItJ,IAAI,CAACgB,GAAL,CAAS0G,WADb;AAEA;;AAED9G,MAAAA,GAAG,CAAC6K,WAAJ;AACA;;AAED7K,IAAAA,GAAG,CAAC6K,WAAJ;AACA7K,IAAAA,GAAG,CAAC6K,WAAJ;AACA;;AAED7K,EAAAA,GAAG,CAAC6K,WAAJ;AACA;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACA,SAAS3C,YAAT,CAAsBF,IAAtB,EAA4B0D,QAA5B,EAAsC;AACrC,MAAIC,MAAM,GAAG,KAAK3D,IAAI,CAACpF,MAAL,GAAc,CAAnB,IAAwBoF,IAAI,CAAC,CAAD,CAAzC;AACA,MAAIC,OAAO,GAAG,EAAd;;AACA,OAAK,IAAIrG,CAAC,GAAG,CAAb,EAAgBA,CAAC,GAAG+J,MAApB,EAA4B,EAAE/J,CAA9B,EAAiC;AAChC,QAAIgK,KAAK,GAAG,IAAIlJ,IAAI,CAACyG,KAAL,CAAWvH,CAAC,GAAG,CAAf,CAAhB;AACA,QAAIuG,GAAG,GAAG,IAAKvG,CAAC,GAAG,CAAnB;AACA,QAAIiK,IAAI,GAAG,KAAK1D,GAAhB;AACA,QAAI2D,MAAM,GAAI,CAAC9D,IAAI,CAAC4D,KAAD,CAAJ,GAAcC,IAAf,MAAyB,CAAvC;AACA,QAAIE,IAAI,GAAGL,QAAQ,CAAC9J,CAAD,CAAnB;;AACA,QAAIkK,MAAM,IAAI,OAAQC,IAAR,KAAkB,QAAhC,EAA0C;AACzC9D,MAAAA,OAAO,CAAC8D,IAAD,CAAP,GAAgB,IAAhB;AACA;AACD;;AACD,SAAQ/J,MAAM,CAACC,IAAP,CAAYgG,OAAZ,CAAR;AACA;AAED;AACA;AACA;AACA;AACA;AACA;;;AACA,SAASwD,aAAT,CAAuBxD,OAAvB,EAAgCyD,QAAhC,EAA0C;AACzC,MAAIC,MAAM,GAAGD,QAAQ,CAAC9I,MAAtB;AACA,MAAIoJ,IAAI,GAAGtJ,IAAI,CAACuJ,IAAL,CAAUN,MAAM,GAAG,CAAnB,CAAX;AACA,MAAIO,MAAM,GAAGF,IAAI,GAAG,CAAP,GAAWL,MAAxB;AACA,MAAI3D,IAAI,GAAG3I,MAAM,CAAC0L,KAAP,CAAa,IAAIiB,IAAjB,CAAX,CAJyC,CAIN;;AACnChE,EAAAA,IAAI,CAAC,CAAD,CAAJ,GAAUkE,MAAV;;AACA,OAAK,IAAItK,CAAC,GAAG,CAAb,EAAgBA,CAAC,GAAG+J,MAApB,EAA4B,EAAE/J,CAA9B,EAAiC;AAChC,QAAIgK,KAAK,GAAG,IAAIlJ,IAAI,CAACyG,KAAL,CAAWvH,CAAC,GAAG,CAAf,CAAhB;AACA,QAAIuG,GAAG,GAAG,IAAKvG,CAAC,GAAG,CAAnB;AACA,QAAIiK,IAAI,GAAG,KAAK1D,GAAhB;AACA,QAAI4D,IAAI,GAAGL,QAAQ,CAAC9J,CAAD,CAAnB;AACA,QAAImK,IAAI,KAAK3K,SAAb,EACC;AACD,QAAI0K,MAAM,GAAI7D,OAAO,CAACT,OAAR,CAAgBuE,IAAhB,MAA0B,CAAC,CAAzC;;AACA,QAAID,MAAJ,EAAY;AACX9D,MAAAA,IAAI,CAAC4D,KAAD,CAAJ,IAAeC,IAAf;AACA;AACD;;AACD,SAAQ7D,IAAR;AACA","sourcesContent":["// Copyright 2017 Joyent, Inc.\n\nmodule.exports = {\n\tread: read,\n\tverify: verify,\n\tsign: sign,\n\tsignAsync: signAsync,\n\twrite: write\n};\n\nvar assert = require('assert-plus');\nvar asn1 = require('asn1');\nvar Buffer = require('safer-buffer').Buffer;\nvar algs = require('../algs');\nvar utils = require('../utils');\nvar Key = require('../key');\nvar PrivateKey = require('../private-key');\nvar pem = require('./pem');\nvar Identity = require('../identity');\nvar Signature = require('../signature');\nvar Certificate = require('../certificate');\nvar pkcs8 = require('./pkcs8');\n\n/*\n * This file is based on RFC5280 (X.509).\n */\n\n/* Helper to read in a single mpint */\nfunction readMPInt(der, nm) {\n\tassert.strictEqual(der.peek(), asn1.Ber.Integer,\n\t nm + ' is not an Integer');\n\treturn (utils.mpNormalize(der.readString(asn1.Ber.Integer, true)));\n}\n\nfunction verify(cert, key) {\n\tvar sig = cert.signatures.x509;\n\tassert.object(sig, 'x509 signature');\n\n\tvar algParts = sig.algo.split('-');\n\tif (algParts[0] !== key.type)\n\t\treturn (false);\n\n\tvar blob = sig.cache;\n\tif (blob === undefined) {\n\t\tvar der = new asn1.BerWriter();\n\t\twriteTBSCert(cert, der);\n\t\tblob = der.buffer;\n\t}\n\n\tvar verifier = key.createVerify(algParts[1]);\n\tverifier.write(blob);\n\treturn (verifier.verify(sig.signature));\n}\n\nfunction Local(i) {\n\treturn (asn1.Ber.Context | asn1.Ber.Constructor | i);\n}\n\nfunction Context(i) {\n\treturn (asn1.Ber.Context | i);\n}\n\nvar SIGN_ALGS = {\n\t'rsa-md5': '1.2.840.113549.1.1.4',\n\t'rsa-sha1': '1.2.840.113549.1.1.5',\n\t'rsa-sha256': '1.2.840.113549.1.1.11',\n\t'rsa-sha384': '1.2.840.113549.1.1.12',\n\t'rsa-sha512': '1.2.840.113549.1.1.13',\n\t'dsa-sha1': '1.2.840.10040.4.3',\n\t'dsa-sha256': '2.16.840.1.101.3.4.3.2',\n\t'ecdsa-sha1': '1.2.840.10045.4.1',\n\t'ecdsa-sha256': '1.2.840.10045.4.3.2',\n\t'ecdsa-sha384': '1.2.840.10045.4.3.3',\n\t'ecdsa-sha512': '1.2.840.10045.4.3.4',\n\t'ed25519-sha512': '1.3.101.112'\n};\nObject.keys(SIGN_ALGS).forEach(function (k) {\n\tSIGN_ALGS[SIGN_ALGS[k]] = k;\n});\nSIGN_ALGS['1.3.14.3.2.3'] = 'rsa-md5';\nSIGN_ALGS['1.3.14.3.2.29'] = 'rsa-sha1';\n\nvar EXTS = {\n\t'issuerKeyId': '2.5.29.35',\n\t'altName': '2.5.29.17',\n\t'basicConstraints': '2.5.29.19',\n\t'keyUsage': '2.5.29.15',\n\t'extKeyUsage': '2.5.29.37'\n};\n\nfunction read(buf, options) {\n\tif (typeof (buf) === 'string') {\n\t\tbuf = Buffer.from(buf, 'binary');\n\t}\n\tassert.buffer(buf, 'buf');\n\n\tvar der = new asn1.BerReader(buf);\n\n\tder.readSequence();\n\tif (Math.abs(der.length - der.remain) > 1) {\n\t\tthrow (new Error('DER sequence does not contain whole byte ' +\n\t\t 'stream'));\n\t}\n\n\tvar tbsStart = der.offset;\n\tder.readSequence();\n\tvar sigOffset = der.offset + der.length;\n\tvar tbsEnd = sigOffset;\n\n\tif (der.peek() === Local(0)) {\n\t\tder.readSequence(Local(0));\n\t\tvar version = der.readInt();\n\t\tassert.ok(version <= 3,\n\t\t 'only x.509 versions up to v3 supported');\n\t}\n\n\tvar cert = {};\n\tcert.signatures = {};\n\tvar sig = (cert.signatures.x509 = {});\n\tsig.extras = {};\n\n\tcert.serial = readMPInt(der, 'serial');\n\n\tder.readSequence();\n\tvar after = der.offset + der.length;\n\tvar certAlgOid = der.readOID();\n\tvar certAlg = SIGN_ALGS[certAlgOid];\n\tif (certAlg === undefined)\n\t\tthrow (new Error('unknown signature algorithm ' + certAlgOid));\n\n\tder._offset = after;\n\tcert.issuer = Identity.parseAsn1(der);\n\n\tder.readSequence();\n\tcert.validFrom = readDate(der);\n\tcert.validUntil = readDate(der);\n\n\tcert.subjects = [Identity.parseAsn1(der)];\n\n\tder.readSequence();\n\tafter = der.offset + der.length;\n\tcert.subjectKey = pkcs8.readPkcs8(undefined, 'public', der);\n\tder._offset = after;\n\n\t/* issuerUniqueID */\n\tif (der.peek() === Local(1)) {\n\t\tder.readSequence(Local(1));\n\t\tsig.extras.issuerUniqueID =\n\t\t buf.slice(der.offset, der.offset + der.length);\n\t\tder._offset += der.length;\n\t}\n\n\t/* subjectUniqueID */\n\tif (der.peek() === Local(2)) {\n\t\tder.readSequence(Local(2));\n\t\tsig.extras.subjectUniqueID =\n\t\t buf.slice(der.offset, der.offset + der.length);\n\t\tder._offset += der.length;\n\t}\n\n\t/* extensions */\n\tif (der.peek() === Local(3)) {\n\t\tder.readSequence(Local(3));\n\t\tvar extEnd = der.offset + der.length;\n\t\tder.readSequence();\n\n\t\twhile (der.offset < extEnd)\n\t\t\treadExtension(cert, buf, der);\n\n\t\tassert.strictEqual(der.offset, extEnd);\n\t}\n\n\tassert.strictEqual(der.offset, sigOffset);\n\n\tder.readSequence();\n\tafter = der.offset + der.length;\n\tvar sigAlgOid = der.readOID();\n\tvar sigAlg = SIGN_ALGS[sigAlgOid];\n\tif (sigAlg === undefined)\n\t\tthrow (new Error('unknown signature algorithm ' + sigAlgOid));\n\tder._offset = after;\n\n\tvar sigData = der.readString(asn1.Ber.BitString, true);\n\tif (sigData[0] === 0)\n\t\tsigData = sigData.slice(1);\n\tvar algParts = sigAlg.split('-');\n\n\tsig.signature = Signature.parse(sigData, algParts[0], 'asn1');\n\tsig.signature.hashAlgorithm = algParts[1];\n\tsig.algo = sigAlg;\n\tsig.cache = buf.slice(tbsStart, tbsEnd);\n\n\treturn (new Certificate(cert));\n}\n\nfunction readDate(der) {\n\tif (der.peek() === asn1.Ber.UTCTime) {\n\t\treturn (utcTimeToDate(der.readString(asn1.Ber.UTCTime)));\n\t} else if (der.peek() === asn1.Ber.GeneralizedTime) {\n\t\treturn (gTimeToDate(der.readString(asn1.Ber.GeneralizedTime)));\n\t} else {\n\t\tthrow (new Error('Unsupported date format'));\n\t}\n}\n\nfunction writeDate(der, date) {\n\tif (date.getUTCFullYear() >= 2050 || date.getUTCFullYear() < 1950) {\n\t\tder.writeString(dateToGTime(date), asn1.Ber.GeneralizedTime);\n\t} else {\n\t\tder.writeString(dateToUTCTime(date), asn1.Ber.UTCTime);\n\t}\n}\n\n/* RFC5280, section 4.2.1.6 (GeneralName type) */\nvar ALTNAME = {\n\tOtherName: Local(0),\n\tRFC822Name: Context(1),\n\tDNSName: Context(2),\n\tX400Address: Local(3),\n\tDirectoryName: Local(4),\n\tEDIPartyName: Local(5),\n\tURI: Context(6),\n\tIPAddress: Context(7),\n\tOID: Context(8)\n};\n\n/* RFC5280, section 4.2.1.12 (KeyPurposeId) */\nvar EXTPURPOSE = {\n\t'serverAuth': '1.3.6.1.5.5.7.3.1',\n\t'clientAuth': '1.3.6.1.5.5.7.3.2',\n\t'codeSigning': '1.3.6.1.5.5.7.3.3',\n\n\t/* See https://github.com/joyent/oid-docs/blob/master/root.md */\n\t'joyentDocker': '1.3.6.1.4.1.38678.1.4.1',\n\t'joyentCmon': '1.3.6.1.4.1.38678.1.4.2'\n};\nvar EXTPURPOSE_REV = {};\nObject.keys(EXTPURPOSE).forEach(function (k) {\n\tEXTPURPOSE_REV[EXTPURPOSE[k]] = k;\n});\n\nvar KEYUSEBITS = [\n\t'signature', 'identity', 'keyEncryption',\n\t'encryption', 'keyAgreement', 'ca', 'crl'\n];\n\nfunction readExtension(cert, buf, der) {\n\tder.readSequence();\n\tvar after = der.offset + der.length;\n\tvar extId = der.readOID();\n\tvar id;\n\tvar sig = cert.signatures.x509;\n\tif (!sig.extras.exts)\n\t\tsig.extras.exts = [];\n\n\tvar critical;\n\tif (der.peek() === asn1.Ber.Boolean)\n\t\tcritical = der.readBoolean();\n\n\tswitch (extId) {\n\tcase (EXTS.basicConstraints):\n\t\tder.readSequence(asn1.Ber.OctetString);\n\t\tder.readSequence();\n\t\tvar bcEnd = der.offset + der.length;\n\t\tvar ca = false;\n\t\tif (der.peek() === asn1.Ber.Boolean)\n\t\t\tca = der.readBoolean();\n\t\tif (cert.purposes === undefined)\n\t\t\tcert.purposes = [];\n\t\tif (ca === true)\n\t\t\tcert.purposes.push('ca');\n\t\tvar bc = { oid: extId, critical: critical };\n\t\tif (der.offset < bcEnd && der.peek() === asn1.Ber.Integer)\n\t\t\tbc.pathLen = der.readInt();\n\t\tsig.extras.exts.push(bc);\n\t\tbreak;\n\tcase (EXTS.extKeyUsage):\n\t\tder.readSequence(asn1.Ber.OctetString);\n\t\tder.readSequence();\n\t\tif (cert.purposes === undefined)\n\t\t\tcert.purposes = [];\n\t\tvar ekEnd = der.offset + der.length;\n\t\twhile (der.offset < ekEnd) {\n\t\t\tvar oid = der.readOID();\n\t\t\tcert.purposes.push(EXTPURPOSE_REV[oid] || oid);\n\t\t}\n\t\t/*\n\t\t * This is a bit of a hack: in the case where we have a cert\n\t\t * that's only allowed to do serverAuth or clientAuth (and not\n\t\t * the other), we want to make sure all our Subjects are of\n\t\t * the right type. But we already parsed our Subjects and\n\t\t * decided if they were hosts or users earlier (since it appears\n\t\t * first in the cert).\n\t\t *\n\t\t * So we go through and mutate them into the right kind here if\n\t\t * it doesn't match. This might not be hugely beneficial, as it\n\t\t * seems that single-purpose certs are not often seen in the\n\t\t * wild.\n\t\t */\n\t\tif (cert.purposes.indexOf('serverAuth') !== -1 &&\n\t\t cert.purposes.indexOf('clientAuth') === -1) {\n\t\t\tcert.subjects.forEach(function (ide) {\n\t\t\t\tif (ide.type !== 'host') {\n\t\t\t\t\tide.type = 'host';\n\t\t\t\t\tide.hostname = ide.uid ||\n\t\t\t\t\t ide.email ||\n\t\t\t\t\t ide.components[0].value;\n\t\t\t\t}\n\t\t\t});\n\t\t} else if (cert.purposes.indexOf('clientAuth') !== -1 &&\n\t\t cert.purposes.indexOf('serverAuth') === -1) {\n\t\t\tcert.subjects.forEach(function (ide) {\n\t\t\t\tif (ide.type !== 'user') {\n\t\t\t\t\tide.type = 'user';\n\t\t\t\t\tide.uid = ide.hostname ||\n\t\t\t\t\t ide.email ||\n\t\t\t\t\t ide.components[0].value;\n\t\t\t\t}\n\t\t\t});\n\t\t}\n\t\tsig.extras.exts.push({ oid: extId, critical: critical });\n\t\tbreak;\n\tcase (EXTS.keyUsage):\n\t\tder.readSequence(asn1.Ber.OctetString);\n\t\tvar bits = der.readString(asn1.Ber.BitString, true);\n\t\tvar setBits = readBitField(bits, KEYUSEBITS);\n\t\tsetBits.forEach(function (bit) {\n\t\t\tif (cert.purposes === undefined)\n\t\t\t\tcert.purposes = [];\n\t\t\tif (cert.purposes.indexOf(bit) === -1)\n\t\t\t\tcert.purposes.push(bit);\n\t\t});\n\t\tsig.extras.exts.push({ oid: extId, critical: critical,\n\t\t bits: bits });\n\t\tbreak;\n\tcase (EXTS.altName):\n\t\tder.readSequence(asn1.Ber.OctetString);\n\t\tder.readSequence();\n\t\tvar aeEnd = der.offset + der.length;\n\t\twhile (der.offset < aeEnd) {\n\t\t\tswitch (der.peek()) {\n\t\t\tcase ALTNAME.OtherName:\n\t\t\tcase ALTNAME.EDIPartyName:\n\t\t\t\tder.readSequence();\n\t\t\t\tder._offset += der.length;\n\t\t\t\tbreak;\n\t\t\tcase ALTNAME.OID:\n\t\t\t\tder.readOID(ALTNAME.OID);\n\t\t\t\tbreak;\n\t\t\tcase ALTNAME.RFC822Name:\n\t\t\t\t/* RFC822 specifies email addresses */\n\t\t\t\tvar email = der.readString(ALTNAME.RFC822Name);\n\t\t\t\tid = Identity.forEmail(email);\n\t\t\t\tif (!cert.subjects[0].equals(id))\n\t\t\t\t\tcert.subjects.push(id);\n\t\t\t\tbreak;\n\t\t\tcase ALTNAME.DirectoryName:\n\t\t\t\tder.readSequence(ALTNAME.DirectoryName);\n\t\t\t\tid = Identity.parseAsn1(der);\n\t\t\t\tif (!cert.subjects[0].equals(id))\n\t\t\t\t\tcert.subjects.push(id);\n\t\t\t\tbreak;\n\t\t\tcase ALTNAME.DNSName:\n\t\t\t\tvar host = der.readString(\n\t\t\t\t ALTNAME.DNSName);\n\t\t\t\tid = Identity.forHost(host);\n\t\t\t\tif (!cert.subjects[0].equals(id))\n\t\t\t\t\tcert.subjects.push(id);\n\t\t\t\tbreak;\n\t\t\tdefault:\n\t\t\t\tder.readString(der.peek());\n\t\t\t\tbreak;\n\t\t\t}\n\t\t}\n\t\tsig.extras.exts.push({ oid: extId, critical: critical });\n\t\tbreak;\n\tdefault:\n\t\tsig.extras.exts.push({\n\t\t\toid: extId,\n\t\t\tcritical: critical,\n\t\t\tdata: der.readString(asn1.Ber.OctetString, true)\n\t\t});\n\t\tbreak;\n\t}\n\n\tder._offset = after;\n}\n\nvar UTCTIME_RE =\n /^([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})?Z$/;\nfunction utcTimeToDate(t) {\n\tvar m = t.match(UTCTIME_RE);\n\tassert.ok(m, 'timestamps must be in UTC');\n\tvar d = new Date();\n\n\tvar thisYear = d.getUTCFullYear();\n\tvar century = Math.floor(thisYear / 100) * 100;\n\n\tvar year = parseInt(m[1], 10);\n\tif (thisYear % 100 < 50 && year >= 60)\n\t\tyear += (century - 1);\n\telse\n\t\tyear += century;\n\td.setUTCFullYear(year, parseInt(m[2], 10) - 1, parseInt(m[3], 10));\n\td.setUTCHours(parseInt(m[4], 10), parseInt(m[5], 10));\n\tif (m[6] && m[6].length > 0)\n\t\td.setUTCSeconds(parseInt(m[6], 10));\n\treturn (d);\n}\n\nvar GTIME_RE =\n /^([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})?Z$/;\nfunction gTimeToDate(t) {\n\tvar m = t.match(GTIME_RE);\n\tassert.ok(m);\n\tvar d = new Date();\n\n\td.setUTCFullYear(parseInt(m[1], 10), parseInt(m[2], 10) - 1,\n\t parseInt(m[3], 10));\n\td.setUTCHours(parseInt(m[4], 10), parseInt(m[5], 10));\n\tif (m[6] && m[6].length > 0)\n\t\td.setUTCSeconds(parseInt(m[6], 10));\n\treturn (d);\n}\n\nfunction zeroPad(n, m) {\n\tif (m === undefined)\n\t\tm = 2;\n\tvar s = '' + n;\n\twhile (s.length < m)\n\t\ts = '0' + s;\n\treturn (s);\n}\n\nfunction dateToUTCTime(d) {\n\tvar s = '';\n\ts += zeroPad(d.getUTCFullYear() % 100);\n\ts += zeroPad(d.getUTCMonth() + 1);\n\ts += zeroPad(d.getUTCDate());\n\ts += zeroPad(d.getUTCHours());\n\ts += zeroPad(d.getUTCMinutes());\n\ts += zeroPad(d.getUTCSeconds());\n\ts += 'Z';\n\treturn (s);\n}\n\nfunction dateToGTime(d) {\n\tvar s = '';\n\ts += zeroPad(d.getUTCFullYear(), 4);\n\ts += zeroPad(d.getUTCMonth() + 1);\n\ts += zeroPad(d.getUTCDate());\n\ts += zeroPad(d.getUTCHours());\n\ts += zeroPad(d.getUTCMinutes());\n\ts += zeroPad(d.getUTCSeconds());\n\ts += 'Z';\n\treturn (s);\n}\n\nfunction sign(cert, key) {\n\tif (cert.signatures.x509 === undefined)\n\t\tcert.signatures.x509 = {};\n\tvar sig = cert.signatures.x509;\n\n\tsig.algo = key.type + '-' + key.defaultHashAlgorithm();\n\tif (SIGN_ALGS[sig.algo] === undefined)\n\t\treturn (false);\n\n\tvar der = new asn1.BerWriter();\n\twriteTBSCert(cert, der);\n\tvar blob = der.buffer;\n\tsig.cache = blob;\n\n\tvar signer = key.createSign();\n\tsigner.write(blob);\n\tcert.signatures.x509.signature = signer.sign();\n\n\treturn (true);\n}\n\nfunction signAsync(cert, signer, done) {\n\tif (cert.signatures.x509 === undefined)\n\t\tcert.signatures.x509 = {};\n\tvar sig = cert.signatures.x509;\n\n\tvar der = new asn1.BerWriter();\n\twriteTBSCert(cert, der);\n\tvar blob = der.buffer;\n\tsig.cache = blob;\n\n\tsigner(blob, function (err, signature) {\n\t\tif (err) {\n\t\t\tdone(err);\n\t\t\treturn;\n\t\t}\n\t\tsig.algo = signature.type + '-' + signature.hashAlgorithm;\n\t\tif (SIGN_ALGS[sig.algo] === undefined) {\n\t\t\tdone(new Error('Invalid signing algorithm \"' +\n\t\t\t sig.algo + '\"'));\n\t\t\treturn;\n\t\t}\n\t\tsig.signature = signature;\n\t\tdone();\n\t});\n}\n\nfunction write(cert, options) {\n\tvar sig = cert.signatures.x509;\n\tassert.object(sig, 'x509 signature');\n\n\tvar der = new asn1.BerWriter();\n\tder.startSequence();\n\tif (sig.cache) {\n\t\tder._ensure(sig.cache.length);\n\t\tsig.cache.copy(der._buf, der._offset);\n\t\tder._offset += sig.cache.length;\n\t} else {\n\t\twriteTBSCert(cert, der);\n\t}\n\n\tder.startSequence();\n\tder.writeOID(SIGN_ALGS[sig.algo]);\n\tif (sig.algo.match(/^rsa-/))\n\t\tder.writeNull();\n\tder.endSequence();\n\n\tvar sigData = sig.signature.toBuffer('asn1');\n\tvar data = Buffer.alloc(sigData.length + 1);\n\tdata[0] = 0;\n\tsigData.copy(data, 1);\n\tder.writeBuffer(data, asn1.Ber.BitString);\n\tder.endSequence();\n\n\treturn (der.buffer);\n}\n\nfunction writeTBSCert(cert, der) {\n\tvar sig = cert.signatures.x509;\n\tassert.object(sig, 'x509 signature');\n\n\tder.startSequence();\n\n\tder.startSequence(Local(0));\n\tder.writeInt(2);\n\tder.endSequence();\n\n\tder.writeBuffer(utils.mpNormalize(cert.serial), asn1.Ber.Integer);\n\n\tder.startSequence();\n\tder.writeOID(SIGN_ALGS[sig.algo]);\n\tif (sig.algo.match(/^rsa-/))\n\t\tder.writeNull();\n\tder.endSequence();\n\n\tcert.issuer.toAsn1(der);\n\n\tder.startSequence();\n\twriteDate(der, cert.validFrom);\n\twriteDate(der, cert.validUntil);\n\tder.endSequence();\n\n\tvar subject = cert.subjects[0];\n\tvar altNames = cert.subjects.slice(1);\n\tsubject.toAsn1(der);\n\n\tpkcs8.writePkcs8(der, cert.subjectKey);\n\n\tif (sig.extras && sig.extras.issuerUniqueID) {\n\t\tder.writeBuffer(sig.extras.issuerUniqueID, Local(1));\n\t}\n\n\tif (sig.extras && sig.extras.subjectUniqueID) {\n\t\tder.writeBuffer(sig.extras.subjectUniqueID, Local(2));\n\t}\n\n\tif (altNames.length > 0 || subject.type === 'host' ||\n\t (cert.purposes !== undefined && cert.purposes.length > 0) ||\n\t (sig.extras && sig.extras.exts)) {\n\t\tder.startSequence(Local(3));\n\t\tder.startSequence();\n\n\t\tvar exts = [];\n\t\tif (cert.purposes !== undefined && cert.purposes.length > 0) {\n\t\t\texts.push({\n\t\t\t\toid: EXTS.basicConstraints,\n\t\t\t\tcritical: true\n\t\t\t});\n\t\t\texts.push({\n\t\t\t\toid: EXTS.keyUsage,\n\t\t\t\tcritical: true\n\t\t\t});\n\t\t\texts.push({\n\t\t\t\toid: EXTS.extKeyUsage,\n\t\t\t\tcritical: true\n\t\t\t});\n\t\t}\n\t\texts.push({ oid: EXTS.altName });\n\t\tif (sig.extras && sig.extras.exts)\n\t\t\texts = sig.extras.exts;\n\n\t\tfor (var i = 0; i < exts.length; ++i) {\n\t\t\tder.startSequence();\n\t\t\tder.writeOID(exts[i].oid);\n\n\t\t\tif (exts[i].critical !== undefined)\n\t\t\t\tder.writeBoolean(exts[i].critical);\n\n\t\t\tif (exts[i].oid === EXTS.altName) {\n\t\t\t\tder.startSequence(asn1.Ber.OctetString);\n\t\t\t\tder.startSequence();\n\t\t\t\tif (subject.type === 'host') {\n\t\t\t\t\tder.writeString(subject.hostname,\n\t\t\t\t\t Context(2));\n\t\t\t\t}\n\t\t\t\tfor (var j = 0; j < altNames.length; ++j) {\n\t\t\t\t\tif (altNames[j].type === 'host') {\n\t\t\t\t\t\tder.writeString(\n\t\t\t\t\t\t altNames[j].hostname,\n\t\t\t\t\t\t ALTNAME.DNSName);\n\t\t\t\t\t} else if (altNames[j].type ===\n\t\t\t\t\t 'email') {\n\t\t\t\t\t\tder.writeString(\n\t\t\t\t\t\t altNames[j].email,\n\t\t\t\t\t\t ALTNAME.RFC822Name);\n\t\t\t\t\t} else {\n\t\t\t\t\t\t/*\n\t\t\t\t\t\t * Encode anything else as a\n\t\t\t\t\t\t * DN style name for now.\n\t\t\t\t\t\t */\n\t\t\t\t\t\tder.startSequence(\n\t\t\t\t\t\t ALTNAME.DirectoryName);\n\t\t\t\t\t\taltNames[j].toAsn1(der);\n\t\t\t\t\t\tder.endSequence();\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tder.endSequence();\n\t\t\t\tder.endSequence();\n\t\t\t} else if (exts[i].oid === EXTS.basicConstraints) {\n\t\t\t\tder.startSequence(asn1.Ber.OctetString);\n\t\t\t\tder.startSequence();\n\t\t\t\tvar ca = (cert.purposes.indexOf('ca') !== -1);\n\t\t\t\tvar pathLen = exts[i].pathLen;\n\t\t\t\tder.writeBoolean(ca);\n\t\t\t\tif (pathLen !== undefined)\n\t\t\t\t\tder.writeInt(pathLen);\n\t\t\t\tder.endSequence();\n\t\t\t\tder.endSequence();\n\t\t\t} else if (exts[i].oid === EXTS.extKeyUsage) {\n\t\t\t\tder.startSequence(asn1.Ber.OctetString);\n\t\t\t\tder.startSequence();\n\t\t\t\tcert.purposes.forEach(function (purpose) {\n\t\t\t\t\tif (purpose === 'ca')\n\t\t\t\t\t\treturn;\n\t\t\t\t\tif (KEYUSEBITS.indexOf(purpose) !== -1)\n\t\t\t\t\t\treturn;\n\t\t\t\t\tvar oid = purpose;\n\t\t\t\t\tif (EXTPURPOSE[purpose] !== undefined)\n\t\t\t\t\t\toid = EXTPURPOSE[purpose];\n\t\t\t\t\tder.writeOID(oid);\n\t\t\t\t});\n\t\t\t\tder.endSequence();\n\t\t\t\tder.endSequence();\n\t\t\t} else if (exts[i].oid === EXTS.keyUsage) {\n\t\t\t\tder.startSequence(asn1.Ber.OctetString);\n\t\t\t\t/*\n\t\t\t\t * If we parsed this certificate from a byte\n\t\t\t\t * stream (i.e. we didn't generate it in sshpk)\n\t\t\t\t * then we'll have a \".bits\" property on the\n\t\t\t\t * ext with the original raw byte contents.\n\t\t\t\t *\n\t\t\t\t * If we have this, use it here instead of\n\t\t\t\t * regenerating it. This guarantees we output\n\t\t\t\t * the same data we parsed, so signatures still\n\t\t\t\t * validate.\n\t\t\t\t */\n\t\t\t\tif (exts[i].bits !== undefined) {\n\t\t\t\t\tder.writeBuffer(exts[i].bits,\n\t\t\t\t\t asn1.Ber.BitString);\n\t\t\t\t} else {\n\t\t\t\t\tvar bits = writeBitField(cert.purposes,\n\t\t\t\t\t KEYUSEBITS);\n\t\t\t\t\tder.writeBuffer(bits,\n\t\t\t\t\t asn1.Ber.BitString);\n\t\t\t\t}\n\t\t\t\tder.endSequence();\n\t\t\t} else {\n\t\t\t\tder.writeBuffer(exts[i].data,\n\t\t\t\t asn1.Ber.OctetString);\n\t\t\t}\n\n\t\t\tder.endSequence();\n\t\t}\n\n\t\tder.endSequence();\n\t\tder.endSequence();\n\t}\n\n\tder.endSequence();\n}\n\n/*\n * Reads an ASN.1 BER bitfield out of the Buffer produced by doing\n * `BerReader#readString(asn1.Ber.BitString)`. That function gives us the raw\n * contents of the BitString tag, which is a count of unused bits followed by\n * the bits as a right-padded byte string.\n *\n * `bits` is the Buffer, `bitIndex` should contain an array of string names\n * for the bits in the string, ordered starting with bit #0 in the ASN.1 spec.\n *\n * Returns an array of Strings, the names of the bits that were set to 1.\n */\nfunction readBitField(bits, bitIndex) {\n\tvar bitLen = 8 * (bits.length - 1) - bits[0];\n\tvar setBits = {};\n\tfor (var i = 0; i < bitLen; ++i) {\n\t\tvar byteN = 1 + Math.floor(i / 8);\n\t\tvar bit = 7 - (i % 8);\n\t\tvar mask = 1 << bit;\n\t\tvar bitVal = ((bits[byteN] & mask) !== 0);\n\t\tvar name = bitIndex[i];\n\t\tif (bitVal && typeof (name) === 'string') {\n\t\t\tsetBits[name] = true;\n\t\t}\n\t}\n\treturn (Object.keys(setBits));\n}\n\n/*\n * `setBits` is an array of strings, containing the names for each bit that\n * sould be set to 1. `bitIndex` is same as in `readBitField()`.\n *\n * Returns a Buffer, ready to be written out with `BerWriter#writeString()`.\n */\nfunction writeBitField(setBits, bitIndex) {\n\tvar bitLen = bitIndex.length;\n\tvar blen = Math.ceil(bitLen / 8);\n\tvar unused = blen * 8 - bitLen;\n\tvar bits = Buffer.alloc(1 + blen); // zero-filled\n\tbits[0] = unused;\n\tfor (var i = 0; i < bitLen; ++i) {\n\t\tvar byteN = 1 + Math.floor(i / 8);\n\t\tvar bit = 7 - (i % 8);\n\t\tvar mask = 1 << bit;\n\t\tvar name = bitIndex[i];\n\t\tif (name === undefined)\n\t\t\tcontinue;\n\t\tvar bitVal = (setBits.indexOf(name) !== -1);\n\t\tif (bitVal) {\n\t\t\tbits[byteN] |= mask;\n\t\t}\n\t}\n\treturn (bits);\n}\n"]},"metadata":{},"sourceType":"script"}
Reference in New Issue View Git Blame Copy Permalink