From 2a384c1c14fbff1cd0e85e4f1fd6191054e4eccc Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 29 Jan 2026 10:07:51 +0000 Subject: [PATCH 01/13] Move `credentialToStr` and add tests --- lib/start-proxy-action.js | 6 +++--- src/start-proxy-action.ts | 7 +------ src/start-proxy.test.ts | 17 +++++++++++++++++ src/start-proxy.ts | 11 +++++++++++ 4 files changed, 32 insertions(+), 9 deletions(-) diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index ac742bd205..404675104a 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -119143,6 +119143,9 @@ async function getDownloadUrl(logger) { version: UPDATEJOB_PROXY_VERSION }; } +function credentialToStr(c) { + return `Type: ${c.type}; Host: ${c.host}; Url: ${c.url} Username: ${c.username}; Password: ${c.password !== void 0}; Token: ${c.token !== void 0}`; +} // src/status-report.ts var os = __toESM(require("os")); @@ -119935,9 +119938,6 @@ async function getProxyBinaryPath(logger) { proxyBin = path.join(proxyBin, proxyFileName); return proxyBin; } -function credentialToStr(c) { - return `Type: ${c.type}; Host: ${c.host}; Url: ${c.url} Username: ${c.username}; Password: ${c.password !== void 0}; Token: ${c.token !== void 0}`; -} void runWrapper(); /*! Bundled license information: diff --git a/src/start-proxy-action.ts b/src/start-proxy-action.ts index b682d07d30..8110d85813 100644 --- a/src/start-proxy-action.ts +++ b/src/start-proxy-action.ts @@ -12,6 +12,7 @@ import { KnownLanguage } from "./languages"; import { getActionsLogger, Logger } from "./logging"; import { Credential, + credentialToStr, getCredentials, getDownloadUrl, parseLanguage, @@ -309,10 +310,4 @@ async function getProxyBinaryPath(logger: Logger): Promise { return proxyBin; } -function credentialToStr(c: Credential): string { - return `Type: ${c.type}; Host: ${c.host}; Url: ${c.url} Username: ${ - c.username - }; Password: ${c.password !== undefined}; Token: ${c.token !== undefined}`; -} - void runWrapper(); diff --git a/src/start-proxy.test.ts b/src/start-proxy.test.ts index 80b05df4a6..4fcee49bc0 100644 --- a/src/start-proxy.test.ts +++ b/src/start-proxy.test.ts @@ -301,3 +301,20 @@ test("getDownloadUrl returns matching release asset", async (t) => { t.is(info.version, defaults.cliVersion); t.is(info.url, "url-we-want"); }); + +test("credentialToStr - hides passwords/tokens", (t) => { + const secret = "password123"; + const credential = { + type: "maven_credential", + }; + t.false( + startProxyExports + .credentialToStr({ password: secret, ...credential }) + .includes(secret), + ); + t.false( + startProxyExports + .credentialToStr({ token: secret, ...credential }) + .includes(secret), + ); +}); diff --git a/src/start-proxy.ts b/src/start-proxy.ts index d14e07fca1..1079bf6cbf 100644 --- a/src/start-proxy.ts +++ b/src/start-proxy.ts @@ -277,3 +277,14 @@ export async function getDownloadUrl( version: UPDATEJOB_PROXY_VERSION, }; } + +/** + * Pretty-prints a `Credential` value to a string, but hides the actual password or token values. + * + * @param c The credential to convert to a string. + */ +export function credentialToStr(c: Credential): string { + return `Type: ${c.type}; Host: ${c.host}; Url: ${c.url} Username: ${ + c.username + }; Password: ${c.password !== undefined}; Token: ${c.token !== undefined}`; +} From fbe3ae9de8f1646865d83ef8dbddb82e69b9e906 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 29 Jan 2026 10:20:59 +0000 Subject: [PATCH 02/13] Move `sendSuccessStatusReport` to `start-proxy` module --- lib/start-proxy-action.js | 382 +++++++++++++++++++------------------- src/start-proxy-action.ts | 32 +--- src/start-proxy.ts | 45 +++++ 3 files changed, 237 insertions(+), 222 deletions(-) diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 404675104a..def58d827b 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -118928,7 +118928,7 @@ function getActionsLogger() { } // src/start-proxy.ts -var core7 = __toESM(require_core()); +var core10 = __toESM(require_core()); // src/artifact-scanner.ts var exec = __toESM(require_exec()); @@ -118992,164 +118992,9 @@ var KnownLanguage = /* @__PURE__ */ ((KnownLanguage2) => { return KnownLanguage2; })(KnownLanguage || {}); -// src/start-proxy.ts -var UPDATEJOB_PROXY = "update-job-proxy"; -var UPDATEJOB_PROXY_VERSION = "v2.0.20250624110901"; -var UPDATEJOB_PROXY_URL_PREFIX = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.22.0/"; -var LANGUAGE_ALIASES = { - c: "cpp" /* cpp */, - "c++": "cpp" /* cpp */, - "c#": "csharp" /* csharp */, - kotlin: "java" /* java */, - typescript: "javascript" /* javascript */, - "javascript-typescript": "javascript" /* javascript */, - "java-kotlin": "java" /* java */ -}; -function parseLanguage(language) { - language = language.trim().toLowerCase(); - if (language in KnownLanguage) { - return language; - } - if (language in LANGUAGE_ALIASES) { - return LANGUAGE_ALIASES[language]; - } - return void 0; -} -function isPAT(value) { - return isAuthToken(value, [ - GITHUB_PAT_CLASSIC_PATTERN, - GITHUB_PAT_FINE_GRAINED_PATTERN - ]); -} -var LANGUAGE_TO_REGISTRY_TYPE = { - java: ["maven_repository"], - csharp: ["nuget_feed"], - javascript: ["npm_registry"], - python: ["python_index"], - ruby: ["rubygems_server"], - rust: ["cargo_registry"], - go: ["goproxy_server", "git_source"] -}; -function getCredentials(logger, registrySecrets, registriesCredentials, language) { - const registryTypeForLanguage = language ? LANGUAGE_TO_REGISTRY_TYPE[language] : void 0; - let credentialsStr; - if (registriesCredentials !== void 0) { - logger.info(`Using registries_credentials input.`); - credentialsStr = Buffer.from(registriesCredentials, "base64").toString(); - } else if (registrySecrets !== void 0) { - logger.info(`Using registry_secrets input.`); - credentialsStr = registrySecrets; - } else { - logger.info(`No credentials defined.`); - return []; - } - let parsed; - try { - parsed = JSON.parse(credentialsStr); - } catch { - logger.error("Failed to parse the credentials data."); - throw new ConfigurationError("Invalid credentials format."); - } - if (!Array.isArray(parsed)) { - throw new ConfigurationError( - "Expected credentials data to be an array of configurations, but it is not." - ); - } - const out = []; - for (const e of parsed) { - if (e === null || typeof e !== "object") { - throw new ConfigurationError("Invalid credentials - must be an object"); - } - if (isDefined2(e.password)) { - core7.setSecret(e.password); - } - if (isDefined2(e.token)) { - core7.setSecret(e.token); - } - if (!isDefined2(e.url) && !isDefined2(e.host)) { - throw new ConfigurationError( - "Invalid credentials - must specify host or url" - ); - } - if (registryTypeForLanguage && !registryTypeForLanguage.some((t) => t === e.type)) { - continue; - } - const isPrintable2 = (str2) => { - return str2 ? /^[\x20-\x7E]*$/.test(str2) : true; - }; - if (!isPrintable2(e.type) || !isPrintable2(e.host) || !isPrintable2(e.url) || !isPrintable2(e.username) || !isPrintable2(e.password) || !isPrintable2(e.token)) { - throw new ConfigurationError( - "Invalid credentials - fields must contain only printable characters" - ); - } - if (!isDefined2(e.username) && (isDefined2(e.password) && isPAT(e.password) || isDefined2(e.token) && isPAT(e.token))) { - logger.warning( - `A ${e.type} private registry is configured for ${e.host || e.url} using a GitHub Personal Access Token (PAT), but no username was provided. This may not work correctly. When configuring a private registry using a PAT, select "Username and password" and enter the username of the user who generated the PAT.` - ); - } - out.push({ - type: e.type, - host: e.host, - url: e.url, - username: e.username, - password: e.password, - token: e.token - }); - } - return out; -} -function getProxyPackage() { - const platform = process.platform === "win32" ? "win64" : process.platform === "darwin" ? "osx64" : "linux64"; - return `${UPDATEJOB_PROXY}-${platform}.tar.gz`; -} -function getFallbackUrl(proxyPackage) { - return `${UPDATEJOB_PROXY_URL_PREFIX}${proxyPackage}`; -} -async function getLinkedRelease() { - return getApiClient().rest.repos.getReleaseByTag({ - owner: "github", - repo: "codeql-action", - tag: bundleVersion - }); -} -async function getDownloadUrl(logger) { - const proxyPackage = getProxyPackage(); - try { - const cliRelease = await getLinkedRelease(); - for (const asset of cliRelease.data.assets) { - if (asset.name === proxyPackage) { - logger.info( - `Found '${proxyPackage}' in release '${bundleVersion}' at '${asset.url}'` - ); - return { - url: asset.url, - // The `update-job-proxy` doesn't have a version as such. Since we now bundle it - // with CodeQL CLI bundle releases, we use the corresponding CLI version to - // differentiate between (potentially) different versions of `update-job-proxy`. - version: cliVersion - }; - } - } - } catch (ex) { - logger.warning( - `Failed to retrieve information about the linked release: ${getErrorMessage(ex)}` - ); - } - logger.info( - `Did not find '${proxyPackage}' in the linked release, falling back to hard-coded version.` - ); - return { - url: getFallbackUrl(proxyPackage), - version: UPDATEJOB_PROXY_VERSION - }; -} -function credentialToStr(c) { - return `Type: ${c.type}; Host: ${c.host}; Url: ${c.url} Username: ${c.username}; Password: ${c.password !== void 0}; Token: ${c.token !== void 0}`; -} - // src/status-report.ts var os = __toESM(require("os")); -var core10 = __toESM(require_core()); +var core9 = __toESM(require_core()); // src/analyses.ts var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { @@ -119160,7 +119005,7 @@ var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); // src/caching-utils.ts -var core8 = __toESM(require_core()); +var core7 = __toESM(require_core()); // src/config/db-config.ts var jsonschema = __toESM(require_lib3()); @@ -119179,14 +119024,14 @@ var semver5 = __toESM(require_semver2()); var actionsCache = __toESM(require_cache5()); // src/git-utils.ts -var core9 = __toESM(require_core()); +var core8 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); var semver3 = __toESM(require_semver2()); var runGitCommand = async function(workingDirectory, args, customErrorMessage, options) { let stdout = ""; let stderr = ""; - core9.debug(`Running git command: git ${args.join(" ")}`); + core8.debug(`Running git command: git ${args.join(" ")}`); try { await new toolrunner2.ToolRunner(await io3.which("git", true), args, { silent: true, @@ -119207,7 +119052,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage, o if (stderr.includes("not a git repository")) { reason = "The checkout path provided to the action does not appear to be a git repository."; } - core9.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + core8.info(`git call failed. ${customErrorMessage} Error: ${reason}`); throw error3; } }; @@ -119263,7 +119108,7 @@ async function getRef() { ) !== head; if (hasChangedRef) { const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core9.debug( + core8.debug( `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` ); return newRef; @@ -119538,12 +119383,12 @@ function getActionsStatus(error3, otherFailureCause) { } function setJobStatusIfUnsuccessful(actionStatus) { if (actionStatus === "user-error") { - core10.exportVariable( + core9.exportVariable( "CODEQL_ACTION_JOB_STATUS" /* JOB_STATUS */, process.env["CODEQL_ACTION_JOB_STATUS" /* JOB_STATUS */] ?? "JOB_STATUS_CONFIGURATION_ERROR" /* ConfigErrorStatus */ ); } else if (actionStatus === "failure" || actionStatus === "aborted") { - core10.exportVariable( + core9.exportVariable( "CODEQL_ACTION_JOB_STATUS" /* JOB_STATUS */, process.env["CODEQL_ACTION_JOB_STATUS" /* JOB_STATUS */] ?? "JOB_STATUS_FAILURE" /* FailureStatus */ ); @@ -119562,14 +119407,14 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi let workflowStartedAt = process.env["CODEQL_WORKFLOW_STARTED_AT" /* WORKFLOW_STARTED_AT */]; if (workflowStartedAt === void 0) { workflowStartedAt = actionStartedAt.toISOString(); - core10.exportVariable("CODEQL_WORKFLOW_STARTED_AT" /* WORKFLOW_STARTED_AT */, workflowStartedAt); + core9.exportVariable("CODEQL_WORKFLOW_STARTED_AT" /* WORKFLOW_STARTED_AT */, workflowStartedAt); } const runnerOs = getRequiredEnvParam("RUNNER_OS"); const codeQlCliVersion = getCachedCodeQlVersion(); const actionRef = process.env["GITHUB_ACTION_REF"] || ""; const testingEnvironment = getTestingEnvironment(); if (testingEnvironment) { - core10.exportVariable("CODEQL_ACTION_TESTING_ENVIRONMENT" /* TESTING_ENVIRONMENT */, testingEnvironment); + core9.exportVariable("CODEQL_ACTION_TESTING_ENVIRONMENT" /* TESTING_ENVIRONMENT */, testingEnvironment); } const isSteadyStateDefaultSetupRun = process.env["CODE_SCANNING_IS_STEADY_STATE_DEFAULT_SETUP"] === "true"; const statusReport = { @@ -119652,9 +119497,9 @@ var INCOMPATIBLE_MSG = "CodeQL Action version is incompatible with the API endpo async function sendStatusReport(statusReport) { setJobStatusIfUnsuccessful(statusReport.status); const statusReportJSON = JSON.stringify(statusReport); - core10.debug(`Sending status report: ${statusReportJSON}`); + core9.debug(`Sending status report: ${statusReportJSON}`); if (isInTestMode()) { - core10.debug("In test mode. Status reports are not uploaded."); + core9.debug("In test mode. Status reports are not uploaded."); return; } const nwo = getRepositoryNwo(); @@ -119674,28 +119519,28 @@ async function sendStatusReport(statusReport) { switch (httpError.status) { case 403: if (getWorkflowEventName() === "push" && process.env["GITHUB_ACTOR"] === "dependabot[bot]") { - core10.warning( + core9.warning( `Workflows triggered by Dependabot on the "push" event run with read-only access. Uploading CodeQL results requires write access. To use CodeQL with Dependabot, please ensure you are using the "pull_request" event for this workflow and avoid triggering on the "push" event for Dependabot branches. See ${"https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#scanning-on-push" /* SCANNING_ON_PUSH */} for more information on how to configure these events.` ); } else { - core10.warning( + core9.warning( `This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: ${httpError.message}` ); } return; case 404: - core10.warning(httpError.message); + core9.warning(httpError.message); return; case 422: if (getRequiredEnvParam("GITHUB_SERVER_URL") !== GITHUB_DOTCOM_URL) { - core10.debug(INCOMPATIBLE_MSG); + core9.debug(INCOMPATIBLE_MSG); } else { - core10.debug(OUT_OF_DATE_MSG); + core9.debug(OUT_OF_DATE_MSG); } return; } } - core10.warning( + core9.warning( `An unexpected error occurred when sending a status report: ${getErrorMessage( e )}` @@ -119727,6 +119572,178 @@ async function sendUnhandledErrorStatusReport(actionName, actionStartedAt, error } } +// src/start-proxy.ts +async function sendSuccessStatusReport(startedAt, config, registry_types, logger) { + const statusReportBase = await createStatusReportBase( + "start-proxy" /* StartProxy */, + "success", + startedAt, + config, + await checkDiskUsage(logger), + logger + ); + if (statusReportBase !== void 0) { + const statusReport = { + ...statusReportBase, + registry_types: registry_types.join(",") + }; + await sendStatusReport(statusReport); + } +} +var UPDATEJOB_PROXY = "update-job-proxy"; +var UPDATEJOB_PROXY_VERSION = "v2.0.20250624110901"; +var UPDATEJOB_PROXY_URL_PREFIX = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.22.0/"; +var LANGUAGE_ALIASES = { + c: "cpp" /* cpp */, + "c++": "cpp" /* cpp */, + "c#": "csharp" /* csharp */, + kotlin: "java" /* java */, + typescript: "javascript" /* javascript */, + "javascript-typescript": "javascript" /* javascript */, + "java-kotlin": "java" /* java */ +}; +function parseLanguage(language) { + language = language.trim().toLowerCase(); + if (language in KnownLanguage) { + return language; + } + if (language in LANGUAGE_ALIASES) { + return LANGUAGE_ALIASES[language]; + } + return void 0; +} +function isPAT(value) { + return isAuthToken(value, [ + GITHUB_PAT_CLASSIC_PATTERN, + GITHUB_PAT_FINE_GRAINED_PATTERN + ]); +} +var LANGUAGE_TO_REGISTRY_TYPE = { + java: ["maven_repository"], + csharp: ["nuget_feed"], + javascript: ["npm_registry"], + python: ["python_index"], + ruby: ["rubygems_server"], + rust: ["cargo_registry"], + go: ["goproxy_server", "git_source"] +}; +function getCredentials(logger, registrySecrets, registriesCredentials, language) { + const registryTypeForLanguage = language ? LANGUAGE_TO_REGISTRY_TYPE[language] : void 0; + let credentialsStr; + if (registriesCredentials !== void 0) { + logger.info(`Using registries_credentials input.`); + credentialsStr = Buffer.from(registriesCredentials, "base64").toString(); + } else if (registrySecrets !== void 0) { + logger.info(`Using registry_secrets input.`); + credentialsStr = registrySecrets; + } else { + logger.info(`No credentials defined.`); + return []; + } + let parsed; + try { + parsed = JSON.parse(credentialsStr); + } catch { + logger.error("Failed to parse the credentials data."); + throw new ConfigurationError("Invalid credentials format."); + } + if (!Array.isArray(parsed)) { + throw new ConfigurationError( + "Expected credentials data to be an array of configurations, but it is not." + ); + } + const out = []; + for (const e of parsed) { + if (e === null || typeof e !== "object") { + throw new ConfigurationError("Invalid credentials - must be an object"); + } + if (isDefined2(e.password)) { + core10.setSecret(e.password); + } + if (isDefined2(e.token)) { + core10.setSecret(e.token); + } + if (!isDefined2(e.url) && !isDefined2(e.host)) { + throw new ConfigurationError( + "Invalid credentials - must specify host or url" + ); + } + if (registryTypeForLanguage && !registryTypeForLanguage.some((t) => t === e.type)) { + continue; + } + const isPrintable2 = (str2) => { + return str2 ? /^[\x20-\x7E]*$/.test(str2) : true; + }; + if (!isPrintable2(e.type) || !isPrintable2(e.host) || !isPrintable2(e.url) || !isPrintable2(e.username) || !isPrintable2(e.password) || !isPrintable2(e.token)) { + throw new ConfigurationError( + "Invalid credentials - fields must contain only printable characters" + ); + } + if (!isDefined2(e.username) && (isDefined2(e.password) && isPAT(e.password) || isDefined2(e.token) && isPAT(e.token))) { + logger.warning( + `A ${e.type} private registry is configured for ${e.host || e.url} using a GitHub Personal Access Token (PAT), but no username was provided. This may not work correctly. When configuring a private registry using a PAT, select "Username and password" and enter the username of the user who generated the PAT.` + ); + } + out.push({ + type: e.type, + host: e.host, + url: e.url, + username: e.username, + password: e.password, + token: e.token + }); + } + return out; +} +function getProxyPackage() { + const platform = process.platform === "win32" ? "win64" : process.platform === "darwin" ? "osx64" : "linux64"; + return `${UPDATEJOB_PROXY}-${platform}.tar.gz`; +} +function getFallbackUrl(proxyPackage) { + return `${UPDATEJOB_PROXY_URL_PREFIX}${proxyPackage}`; +} +async function getLinkedRelease() { + return getApiClient().rest.repos.getReleaseByTag({ + owner: "github", + repo: "codeql-action", + tag: bundleVersion + }); +} +async function getDownloadUrl(logger) { + const proxyPackage = getProxyPackage(); + try { + const cliRelease = await getLinkedRelease(); + for (const asset of cliRelease.data.assets) { + if (asset.name === proxyPackage) { + logger.info( + `Found '${proxyPackage}' in release '${bundleVersion}' at '${asset.url}'` + ); + return { + url: asset.url, + // The `update-job-proxy` doesn't have a version as such. Since we now bundle it + // with CodeQL CLI bundle releases, we use the corresponding CLI version to + // differentiate between (potentially) different versions of `update-job-proxy`. + version: cliVersion + }; + } + } + } catch (ex) { + logger.warning( + `Failed to retrieve information about the linked release: ${getErrorMessage(ex)}` + ); + } + logger.info( + `Did not find '${proxyPackage}' in the linked release, falling back to hard-coded version.` + ); + return { + url: getFallbackUrl(proxyPackage), + version: UPDATEJOB_PROXY_VERSION + }; +} +function credentialToStr(c) { + return `Type: ${c.type}; Host: ${c.host}; Url: ${c.url} Username: ${c.username}; Password: ${c.password !== void 0}; Token: ${c.token !== void 0}`; +} + // src/start-proxy-action.ts var KEY_SIZE = 2048; var KEY_EXPIRY_YEARS = 2; @@ -119774,23 +119791,6 @@ function generateCertificateAuthority() { const key = import_node_forge.pki.privateKeyToPem(keys.privateKey); return { cert: pem, key }; } -async function sendSuccessStatusReport(startedAt, config, registry_types, logger) { - const statusReportBase = await createStatusReportBase( - "start-proxy" /* StartProxy */, - "success", - startedAt, - config, - await checkDiskUsage(logger), - logger - ); - if (statusReportBase !== void 0) { - const statusReport = { - ...statusReportBase, - registry_types: registry_types.join(",") - }; - await sendStatusReport(statusReport); - } -} async function run(startedAt) { const logger = getActionsLogger(); let language; diff --git a/src/start-proxy-action.ts b/src/start-proxy-action.ts index 8110d85813..439e730f6e 100644 --- a/src/start-proxy-action.ts +++ b/src/start-proxy-action.ts @@ -7,7 +7,6 @@ import { pki } from "node-forge"; import * as actionsUtil from "./actions-util"; import { getApiDetails, getAuthorizationHeaderFor } from "./api-client"; -import { Config } from "./config-utils"; import { KnownLanguage } from "./languages"; import { getActionsLogger, Logger } from "./logging"; import { @@ -16,6 +15,7 @@ import { getCredentials, getDownloadUrl, parseLanguage, + sendSuccessStatusReport, UPDATEJOB_PROXY, } from "./start-proxy"; import { @@ -24,7 +24,6 @@ import { getActionsStatus, sendStatusReport, sendUnhandledErrorStatusReport, - StatusReportBase, } from "./status-report"; import * as util from "./util"; @@ -95,35 +94,6 @@ function generateCertificateAuthority(): CertificateAuthority { return { cert: pem, key }; } -interface StartProxyStatus extends StatusReportBase { - // A comma-separated list of registry types which are configured for CodeQL. - // This only includes registry types we support, not all that are configured. - registry_types: string; -} - -async function sendSuccessStatusReport( - startedAt: Date, - config: Partial, - registry_types: string[], - logger: Logger, -) { - const statusReportBase = await createStatusReportBase( - ActionName.StartProxy, - "success", - startedAt, - config, - await util.checkDiskUsage(logger), - logger, - ); - if (statusReportBase !== undefined) { - const statusReport: StartProxyStatus = { - ...statusReportBase, - registry_types: registry_types.join(","), - }; - await sendStatusReport(statusReport); - } -} - async function run(startedAt: Date) { // To capture errors appropriately, keep as much code within the try-catch as // possible, and only use safe functions outside. diff --git a/src/start-proxy.ts b/src/start-proxy.ts index 1079bf6cbf..32b8389bd6 100644 --- a/src/start-proxy.ts +++ b/src/start-proxy.ts @@ -2,11 +2,56 @@ import * as core from "@actions/core"; import { getApiClient } from "./api-client"; import * as artifactScanner from "./artifact-scanner"; +import { Config } from "./config-utils"; import * as defaults from "./defaults.json"; import { KnownLanguage } from "./languages"; import { Logger } from "./logging"; +import { + ActionName, + createStatusReportBase, + sendStatusReport, + StatusReportBase, +} from "./status-report"; +import * as util from "./util"; import { ConfigurationError, getErrorMessage, isDefined } from "./util"; +interface StartProxyStatus extends StatusReportBase { + // A comma-separated list of registry types which are configured for CodeQL. + // This only includes registry types we support, not all that are configured. + registry_types: string; +} + +/** + * Sends a status report for the `start-proxy` action indicating a successful outcome. + * + * @param startedAt When the action was started. + * @param config The configuration used. + * @param registry_types The types of registries that are configured. + * @param logger The logger to use. + */ +export async function sendSuccessStatusReport( + startedAt: Date, + config: Partial, + registry_types: string[], + logger: Logger, +) { + const statusReportBase = await createStatusReportBase( + ActionName.StartProxy, + "success", + startedAt, + config, + await util.checkDiskUsage(logger), + logger, + ); + if (statusReportBase !== undefined) { + const statusReport: StartProxyStatus = { + ...statusReportBase, + registry_types: registry_types.join(","), + }; + await sendStatusReport(statusReport); + } +} + export const UPDATEJOB_PROXY = "update-job-proxy"; export const UPDATEJOB_PROXY_VERSION = "v2.0.20250624110901"; const UPDATEJOB_PROXY_URL_PREFIX = From 4dcc8a9cdcf5d368149b2b117efe19f1095d58d6 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 29 Jan 2026 10:28:55 +0000 Subject: [PATCH 03/13] Move failed status report code into `sendFailedStatusReport` --- lib/start-proxy-action.js | 39 +++++++++++++++++++++------------------ src/start-proxy-action.ts | 29 +++-------------------------- src/start-proxy.ts | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 60 insertions(+), 44 deletions(-) diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index def58d827b..7faaa97bb2 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -21329,7 +21329,7 @@ var require_core = __commonJS({ exports2.getBooleanInput = getBooleanInput; exports2.setOutput = setOutput2; exports2.setCommandEcho = setCommandEcho; - exports2.setFailed = setFailed2; + exports2.setFailed = setFailed3; exports2.isDebug = isDebug2; exports2.debug = debug5; exports2.error = error3; @@ -21413,7 +21413,7 @@ Support boolean input list: \`true | True | TRUE | false | False | FALSE\``); function setCommandEcho(enabled) { (0, command_1.issue)("echo", enabled ? "on" : "off"); } - function setFailed2(message) { + function setFailed3(message) { process.exitCode = ExitCode.Failure; error3(message); } @@ -119590,6 +119590,24 @@ async function sendSuccessStatusReport(startedAt, config, registry_types, logger await sendStatusReport(statusReport); } } +async function sendFailedStatusReport(logger, startedAt, language, unwrappedError) { + const error3 = wrapError(unwrappedError); + core10.setFailed(`start-proxy action failed: ${error3.message}`); + const errorStatusReportBase = await createStatusReportBase( + "start-proxy" /* StartProxy */, + getActionsStatus(error3), + startedAt, + { + languages: language && [language] + }, + await checkDiskUsage(logger), + logger, + "Error from start-proxy Action omitted" + ); + if (errorStatusReportBase !== void 0) { + await sendStatusReport(errorStatusReportBase); + } +} var UPDATEJOB_PROXY = "update-job-proxy"; var UPDATEJOB_PROXY_VERSION = "v2.0.20250624110901"; var UPDATEJOB_PROXY_URL_PREFIX = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.22.0/"; @@ -119831,22 +119849,7 @@ async function run(startedAt) { logger ); } catch (unwrappedError) { - const error3 = wrapError(unwrappedError); - core11.setFailed(`start-proxy action failed: ${error3.message}`); - const errorStatusReportBase = await createStatusReportBase( - "start-proxy" /* StartProxy */, - getActionsStatus(error3), - startedAt, - { - languages: language && [language] - }, - await checkDiskUsage(logger), - logger, - "Error from start-proxy Action omitted" - ); - if (errorStatusReportBase !== void 0) { - await sendStatusReport(errorStatusReportBase); - } + await sendFailedStatusReport(logger, startedAt, language, unwrappedError); } } async function runWrapper() { diff --git a/src/start-proxy-action.ts b/src/start-proxy-action.ts index 439e730f6e..531dcbb7b6 100644 --- a/src/start-proxy-action.ts +++ b/src/start-proxy-action.ts @@ -15,16 +15,11 @@ import { getCredentials, getDownloadUrl, parseLanguage, + sendFailedStatusReport, sendSuccessStatusReport, UPDATEJOB_PROXY, } from "./start-proxy"; -import { - ActionName, - createStatusReportBase, - getActionsStatus, - sendStatusReport, - sendUnhandledErrorStatusReport, -} from "./status-report"; +import { ActionName, sendUnhandledErrorStatusReport } from "./status-report"; import * as util from "./util"; const KEY_SIZE = 2048; @@ -152,25 +147,7 @@ async function run(startedAt: Date) { logger, ); } catch (unwrappedError) { - const error = util.wrapError(unwrappedError); - core.setFailed(`start-proxy action failed: ${error.message}`); - - // We skip sending the error message and stack trace here to avoid the possibility - // of leaking any sensitive information into the telemetry. - const errorStatusReportBase = await createStatusReportBase( - ActionName.StartProxy, - getActionsStatus(error), - startedAt, - { - languages: language && [language], - }, - await util.checkDiskUsage(logger), - logger, - "Error from start-proxy Action omitted", - ); - if (errorStatusReportBase !== undefined) { - await sendStatusReport(errorStatusReportBase); - } + await sendFailedStatusReport(logger, startedAt, language, unwrappedError); } } diff --git a/src/start-proxy.ts b/src/start-proxy.ts index 32b8389bd6..c527239e52 100644 --- a/src/start-proxy.ts +++ b/src/start-proxy.ts @@ -9,6 +9,7 @@ import { Logger } from "./logging"; import { ActionName, createStatusReportBase, + getActionsStatus, sendStatusReport, StatusReportBase, } from "./status-report"; @@ -52,6 +53,41 @@ export async function sendSuccessStatusReport( } } +/** + * Sends a status report for the `start-proxy` action indicating a failure. + * + * @param logger The logger to use. + * @param startedAt When the action was started. + * @param language The language provided as input, if any. + * @param unwrappedError The exception that was thrown. + */ +export async function sendFailedStatusReport( + logger: Logger, + startedAt: Date, + language: KnownLanguage | undefined, + unwrappedError: unknown, +) { + const error = util.wrapError(unwrappedError); + core.setFailed(`start-proxy action failed: ${error.message}`); + + // We skip sending the error message and stack trace here to avoid the possibility + // of leaking any sensitive information into the telemetry. + const errorStatusReportBase = await createStatusReportBase( + ActionName.StartProxy, + getActionsStatus(error), + startedAt, + { + languages: language && [language], + }, + await util.checkDiskUsage(logger), + logger, + "Error from start-proxy Action omitted", + ); + if (errorStatusReportBase !== undefined) { + await sendStatusReport(errorStatusReportBase); + } +} + export const UPDATEJOB_PROXY = "update-job-proxy"; export const UPDATEJOB_PROXY_VERSION = "v2.0.20250624110901"; const UPDATEJOB_PROXY_URL_PREFIX = From f1588cde0c45f2e7466fe27cf8b4bdeb1d68e91e Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 29 Jan 2026 12:38:04 +0000 Subject: [PATCH 04/13] Add `StartProxyError` for status-report-safe errors, and use for proxy download --- lib/start-proxy-action.js | 44 +++++++++++++++++-------- src/start-proxy-action.ts | 10 ++---- src/start-proxy.test.ts | 45 ++++++++++++++++++++++++++ src/start-proxy.ts | 67 ++++++++++++++++++++++++++++++++++++++- 4 files changed, 144 insertions(+), 22 deletions(-) diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 7faaa97bb2..ac344d5015 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -115932,7 +115932,7 @@ var require_cache5 = __commonJS({ var import_child_process = require("child_process"); var path = __toESM(require("path")); var core11 = __toESM(require_core()); -var toolcache = __toESM(require_tool_cache()); +var toolcache2 = __toESM(require_tool_cache()); var import_node_forge = __toESM(require_lib2()); // src/actions-util.ts @@ -118929,6 +118929,7 @@ function getActionsLogger() { // src/start-proxy.ts var core10 = __toESM(require_core()); +var toolcache = __toESM(require_tool_cache()); // src/artifact-scanner.ts var exec = __toESM(require_exec()); @@ -119573,6 +119574,11 @@ async function sendUnhandledErrorStatusReport(actionName, actionStartedAt, error } // src/start-proxy.ts +var StartProxyError = class extends Error { + constructor(errorType) { + super(errorType); + } +}; async function sendSuccessStatusReport(startedAt, config, registry_types, logger) { const statusReportBase = await createStatusReportBase( "start-proxy" /* StartProxy */, @@ -119590,9 +119596,16 @@ async function sendSuccessStatusReport(startedAt, config, registry_types, logger await sendStatusReport(statusReport); } } +function getSafeErrorMessage(error3) { + if (error3 instanceof StartProxyError) { + return error3.message; + } + return `Error from start-proxy Action omitted (${typeof error3}).`; +} async function sendFailedStatusReport(logger, startedAt, language, unwrappedError) { const error3 = wrapError(unwrappedError); core10.setFailed(`start-proxy action failed: ${error3.message}`); + const statusReportMessage = getSafeErrorMessage(error3); const errorStatusReportBase = await createStatusReportBase( "start-proxy" /* StartProxy */, getActionsStatus(error3), @@ -119602,7 +119615,7 @@ async function sendFailedStatusReport(logger, startedAt, language, unwrappedErro }, await checkDiskUsage(logger), logger, - "Error from start-proxy Action omitted" + statusReportMessage ); if (errorStatusReportBase !== void 0) { await sendStatusReport(errorStatusReportBase); @@ -119761,6 +119774,18 @@ async function getDownloadUrl(logger) { function credentialToStr(c) { return `Type: ${c.type}; Host: ${c.host}; Url: ${c.url} Username: ${c.username}; Password: ${c.password !== void 0}; Token: ${c.token !== void 0}`; } +async function downloadProxy(logger, url, authorization) { + try { + return toolcache.downloadTool(url, void 0, authorization, { + accept: "application/octet-stream" + }); + } catch (error3) { + logger.error( + `Failed to download proxy archive from ${url}: ${getErrorMessage(error3)}` + ); + throw new StartProxyError("Failed to download proxy archive." /* DownloadFailed */); + } +} // src/start-proxy-action.ts var KEY_SIZE = 2048; @@ -119915,7 +119940,7 @@ async function startProxy(binPath, config, logFilePath, logger) { async function getProxyBinaryPath(logger) { const proxyFileName = process.platform === "win32" ? `${UPDATEJOB_PROXY}.exe` : UPDATEJOB_PROXY; const proxyInfo = await getDownloadUrl(logger); - let proxyBin = toolcache.find(proxyFileName, proxyInfo.version); + let proxyBin = toolcache2.find(proxyFileName, proxyInfo.version); if (!proxyBin) { const apiDetails = getApiDetails(); const authorization = getAuthorizationHeaderFor( @@ -119923,16 +119948,9 @@ async function getProxyBinaryPath(logger) { apiDetails, proxyInfo.url ); - const temp = await toolcache.downloadTool( - proxyInfo.url, - void 0, - authorization, - { - accept: "application/octet-stream" - } - ); - const extracted = await toolcache.extractTar(temp); - proxyBin = await toolcache.cacheDir( + const temp = await downloadProxy(logger, proxyInfo.url, authorization); + const extracted = await toolcache2.extractTar(temp); + proxyBin = await toolcache2.cacheDir( extracted, proxyFileName, proxyInfo.version diff --git a/src/start-proxy-action.ts b/src/start-proxy-action.ts index 531dcbb7b6..2e70cfaef2 100644 --- a/src/start-proxy-action.ts +++ b/src/start-proxy-action.ts @@ -12,6 +12,7 @@ import { getActionsLogger, Logger } from "./logging"; import { Credential, credentialToStr, + downloadProxy, getCredentials, getDownloadUrl, parseLanguage, @@ -238,14 +239,7 @@ async function getProxyBinaryPath(logger: Logger): Promise { apiDetails, proxyInfo.url, ); - const temp = await toolcache.downloadTool( - proxyInfo.url, - undefined, - authorization, - { - accept: "application/octet-stream", - }, - ); + const temp = await downloadProxy(logger, proxyInfo.url, authorization); const extracted = await toolcache.extractTar(temp); proxyBin = await toolcache.cacheDir( extracted, diff --git a/src/start-proxy.test.ts b/src/start-proxy.test.ts index 4fcee49bc0..6b8834e0d7 100644 --- a/src/start-proxy.test.ts +++ b/src/start-proxy.test.ts @@ -1,3 +1,4 @@ +import * as toolcache from "@actions/tool-cache"; import test from "ava"; import sinon from "sinon"; @@ -318,3 +319,47 @@ test("credentialToStr - hides passwords/tokens", (t) => { .includes(secret), ); }); + +test("getSafeErrorMessage - returns actual message for `StartProxyError`", (t) => { + const error = new startProxyExports.StartProxyError( + startProxyExports.StartProxyErrorType.DownloadFailed, + ); + t.is(startProxyExports.getSafeErrorMessage(error), error.message); +}); + +test("getSafeErrorMessage - does not return message for arbitrary errors", (t) => { + const error = new Error(startProxyExports.StartProxyErrorType.DownloadFailed); + + const message = startProxyExports.getSafeErrorMessage(error); + + t.not(message, error.message); + t.assert(message.startsWith("Error from start-proxy Action omitted")); + t.assert(message.includes(typeof error)); +}); + +test("downloadProxy - returns file path on success", async (t) => { + const loggedMessages = []; + const logger = getRecordingLogger(loggedMessages); + const testPath = "/some/path"; + sinon.stub(toolcache, "downloadTool").resolves(testPath); + + const result = await startProxyExports.downloadProxy( + logger, + "url", + undefined, + ); + t.is(result, testPath); +}); + +test("downloadProxy - wraps errors on failure", async (t) => { + const loggedMessages = []; + const logger = getRecordingLogger(loggedMessages); + sinon.stub(toolcache, "downloadTool").throws(); + + await t.throwsAsync( + startProxyExports.downloadProxy(logger, "url", undefined), + { + instanceOf: startProxyExports.StartProxyError, + }, + ); +}); diff --git a/src/start-proxy.ts b/src/start-proxy.ts index c527239e52..9ff1d4b5b2 100644 --- a/src/start-proxy.ts +++ b/src/start-proxy.ts @@ -1,4 +1,5 @@ import * as core from "@actions/core"; +import * as toolcache from "@actions/tool-cache"; import { getApiClient } from "./api-client"; import * as artifactScanner from "./artifact-scanner"; @@ -16,6 +17,26 @@ import { import * as util from "./util"; import { ConfigurationError, getErrorMessage, isDefined } from "./util"; +/** + * Enumerates specific error types, along with suitable error messages, for errors + * that we want to track in status reports. + */ +export enum StartProxyErrorType { + DownloadFailed = "Failed to download proxy archive.", +} + +/** + * We want to avoid accidentally leaking secrets that may be contained in exception + * messages in the `start-proxy` action. Consequently, we don't report the messages + * of arbitrary exceptions. This type of error ensures that the message is one from + * `StartProxyErrorType` and therefore safe to include in a status report. + */ +export class StartProxyError extends Error { + constructor(errorType: StartProxyErrorType) { + super(errorType); + } +} + interface StartProxyStatus extends StatusReportBase { // A comma-separated list of registry types which are configured for CodeQL. // This only includes registry types we support, not all that are configured. @@ -53,6 +74,23 @@ export async function sendSuccessStatusReport( } } +/** + * Returns an error message for `error` that can safely be reported in a status report, + * i.e. that does not contain sensitive information. + * + * @param error The error for which to get an error message. + */ +export function getSafeErrorMessage(error: Error): string { + // If the error is a `StartProxyError`, the constructor ensures that the + // message comes from `StartProxyErrorType`. + if (error instanceof StartProxyError) { + return error.message; + } + + // Otherwise, omit the actual error message. + return `Error from start-proxy Action omitted (${typeof error}).`; +} + /** * Sends a status report for the `start-proxy` action indicating a failure. * @@ -70,6 +108,8 @@ export async function sendFailedStatusReport( const error = util.wrapError(unwrappedError); core.setFailed(`start-proxy action failed: ${error.message}`); + const statusReportMessage = getSafeErrorMessage(error); + // We skip sending the error message and stack trace here to avoid the possibility // of leaking any sensitive information into the telemetry. const errorStatusReportBase = await createStatusReportBase( @@ -81,7 +121,7 @@ export async function sendFailedStatusReport( }, await util.checkDiskUsage(logger), logger, - "Error from start-proxy Action omitted", + statusReportMessage, ); if (errorStatusReportBase !== undefined) { await sendStatusReport(errorStatusReportBase); @@ -369,3 +409,28 @@ export function credentialToStr(c: Credential): string { c.username }; Password: ${c.password !== undefined}; Token: ${c.token !== undefined}`; } + +/** + * Attempts to download a file from `url` into the toolcache. + * + * @param logger THe logger to use. + * @param url The URL to download the proxy binary from. + * @param authorization The authorization information to use. + * @returns If successful, the path to the downloaded file. + */ +export async function downloadProxy( + logger: Logger, + url: string, + authorization: string | undefined, +) { + try { + return toolcache.downloadTool(url, undefined, authorization, { + accept: "application/octet-stream", + }); + } catch (error) { + logger.error( + `Failed to download proxy archive from ${url}: ${getErrorMessage(error)}`, + ); + throw new StartProxyError(StartProxyErrorType.DownloadFailed); + } +} From 6394750070b1368acd79bfc61597039372d4f4fa Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 29 Jan 2026 13:19:37 +0000 Subject: [PATCH 05/13] Add test for `sendFailedStatusReport` --- src/start-proxy.test.ts | 47 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/src/start-proxy.test.ts b/src/start-proxy.test.ts index 6b8834e0d7..c5e655006c 100644 --- a/src/start-proxy.test.ts +++ b/src/start-proxy.test.ts @@ -1,3 +1,4 @@ +import * as core from "@actions/core"; import * as toolcache from "@actions/tool-cache"; import test from "ava"; import sinon from "sinon"; @@ -8,6 +9,7 @@ import { KnownLanguage } from "./languages"; import { getRunnerLogger } from "./logging"; import * as startProxyExports from "./start-proxy"; import { parseLanguage } from "./start-proxy"; +import * as statusReport from "./status-report"; import { checkExpectedLogMessages, getRecordingLogger, @@ -17,6 +19,51 @@ import { setupTests(test); +test("sendFailedStatusReport - does not report arbitrary error messages", async (t) => { + const loggedMessages = []; + const logger = getRecordingLogger(loggedMessages); + const error = new Error(startProxyExports.StartProxyErrorType.DownloadFailed); + const now = new Date(); + + // Override core.setFailed to avoid it setting the program's exit code + sinon.stub(core, "setFailed").returns(); + + const createStatusReportBase = sinon.stub( + statusReport, + "createStatusReportBase", + ); + createStatusReportBase.resolves(undefined); + + await startProxyExports.sendFailedStatusReport(logger, now, undefined, error); + + // Check that the stub has been called exactly once, with the expected arguments, + // but not with the message from the error. + t.assert(createStatusReportBase.calledOnce); + t.assert( + createStatusReportBase.calledWith( + statusReport.ActionName.StartProxy, + "failure", + now, + sinon.match.any, + sinon.match.any, + sinon.match.any, + ), + "createStatusReportBase wasn't called with the expected arguments", + ); + t.false( + createStatusReportBase.calledWith( + statusReport.ActionName.StartProxy, + "failure", + now, + sinon.match.any, + sinon.match.any, + sinon.match.any, + sinon.match((msg: string) => msg.includes(error.message)), + ), + "createStatusReportBase was called with the error message", + ); +}); + const toEncodedJSON = (data: any) => Buffer.from(JSON.stringify(data)).toString("base64"); From 325a3a2ae333e9549298b0d7799be78711e99cca Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 29 Jan 2026 13:34:19 +0000 Subject: [PATCH 06/13] Add `wrapFailureTest` test macro --- src/start-proxy.test.ts | 43 +++++++++++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 14 deletions(-) diff --git a/src/start-proxy.test.ts b/src/start-proxy.test.ts index c5e655006c..3c1df56083 100644 --- a/src/start-proxy.test.ts +++ b/src/start-proxy.test.ts @@ -1,12 +1,12 @@ import * as core from "@actions/core"; import * as toolcache from "@actions/tool-cache"; -import test from "ava"; +import test, { ExecutionContext } from "ava"; import sinon from "sinon"; import * as apiClient from "./api-client"; import * as defaults from "./defaults.json"; import { KnownLanguage } from "./languages"; -import { getRunnerLogger } from "./logging"; +import { getRunnerLogger, Logger } from "./logging"; import * as startProxyExports from "./start-proxy"; import { parseLanguage } from "./start-proxy"; import * as statusReport from "./status-report"; @@ -384,6 +384,23 @@ test("getSafeErrorMessage - does not return message for arbitrary errors", (t) = t.assert(message.includes(typeof error)); }); +const wrapFailureTest = test.macro({ + exec: async ( + t: ExecutionContext, + setup: () => void, + fn: (logger: Logger) => Promise, + ) => { + const loggedMessages = []; + const logger = getRecordingLogger(loggedMessages); + setup(); + + await t.throwsAsync(fn(logger), { + instanceOf: startProxyExports.StartProxyError, + }); + }, + title: (providedTitle) => `${providedTitle} - wraps errors on failure`, +}); + test("downloadProxy - returns file path on success", async (t) => { const loggedMessages = []; const logger = getRecordingLogger(loggedMessages); @@ -398,15 +415,13 @@ test("downloadProxy - returns file path on success", async (t) => { t.is(result, testPath); }); -test("downloadProxy - wraps errors on failure", async (t) => { - const loggedMessages = []; - const logger = getRecordingLogger(loggedMessages); - sinon.stub(toolcache, "downloadTool").throws(); - - await t.throwsAsync( - startProxyExports.downloadProxy(logger, "url", undefined), - { - instanceOf: startProxyExports.StartProxyError, - }, - ); -}); +test( + "downloadProxy", + wrapFailureTest, + () => { + sinon.stub(toolcache, "downloadTool").throws(); + }, + async (logger) => { + await startProxyExports.downloadProxy(logger, "url", undefined); + }, +); From 05bd050f34dab49564f92e80d2efe16c7058a843 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 29 Jan 2026 13:44:10 +0000 Subject: [PATCH 07/13] Add and use `withRecordingLoggerAsync` --- src/start-proxy.test.ts | 33 +++++++++++++++++---------------- src/testing-utils.ts | 17 +++++++++++++++++ 2 files changed, 34 insertions(+), 16 deletions(-) diff --git a/src/start-proxy.test.ts b/src/start-proxy.test.ts index 3c1df56083..640a1da877 100644 --- a/src/start-proxy.test.ts +++ b/src/start-proxy.test.ts @@ -15,6 +15,7 @@ import { getRecordingLogger, makeTestToken, setupTests, + withRecordingLoggerAsync, } from "./testing-utils"; setupTests(test); @@ -390,29 +391,29 @@ const wrapFailureTest = test.macro({ setup: () => void, fn: (logger: Logger) => Promise, ) => { - const loggedMessages = []; - const logger = getRecordingLogger(loggedMessages); - setup(); + await withRecordingLoggerAsync(async (logger) => { + setup(); - await t.throwsAsync(fn(logger), { - instanceOf: startProxyExports.StartProxyError, + await t.throwsAsync(fn(logger), { + instanceOf: startProxyExports.StartProxyError, + }); }); }, title: (providedTitle) => `${providedTitle} - wraps errors on failure`, }); test("downloadProxy - returns file path on success", async (t) => { - const loggedMessages = []; - const logger = getRecordingLogger(loggedMessages); - const testPath = "/some/path"; - sinon.stub(toolcache, "downloadTool").resolves(testPath); - - const result = await startProxyExports.downloadProxy( - logger, - "url", - undefined, - ); - t.is(result, testPath); + await withRecordingLoggerAsync(async (logger) => { + const testPath = "/some/path"; + sinon.stub(toolcache, "downloadTool").resolves(testPath); + + const result = await startProxyExports.downloadProxy( + logger, + "url", + undefined, + ); + t.is(result, testPath); + }); }); test( diff --git a/src/testing-utils.ts b/src/testing-utils.ts index 83ec88ee19..aff7780436 100644 --- a/src/testing-utils.ts +++ b/src/testing-utils.ts @@ -208,6 +208,23 @@ export function checkExpectedLogMessages( } } +/** + * Initialises a recording logger and calls `body` with it. + * + * @param body The test that requires a recording logger. + * @returns The logged messages. + */ +export async function withRecordingLoggerAsync( + body: (logger: Logger) => Promise, +): Promise { + const messages = []; + const logger = getRecordingLogger(messages); + + await body(logger); + + return messages; +} + /** Mock the HTTP request to the feature flags enablement API endpoint. */ export function mockFeatureFlagApiEndpoint( responseStatusCode: number, From 1d0f9118372d893f51074a0766951cf04792cbac Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 29 Jan 2026 13:45:46 +0000 Subject: [PATCH 08/13] Handle extraction errors with `StartProxyError` --- lib/start-proxy-action.js | 12 +++++++++++- src/start-proxy-action.ts | 3 ++- src/start-proxy.test.ts | 21 +++++++++++++++++++++ src/start-proxy.ts | 21 ++++++++++++++++++++- 4 files changed, 54 insertions(+), 3 deletions(-) diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index ac344d5015..f234f866c7 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -119786,6 +119786,16 @@ async function downloadProxy(logger, url, authorization) { throw new StartProxyError("Failed to download proxy archive." /* DownloadFailed */); } } +async function extractProxy(logger, archive) { + try { + return await toolcache.extractTar(archive); + } catch (error3) { + logger.error( + `Failed to extract proxy archive from ${archive}: ${getErrorMessage(error3)}` + ); + throw new StartProxyError("Failed to extract proxy archive." /* ExtractionFailed */); + } +} // src/start-proxy-action.ts var KEY_SIZE = 2048; @@ -119949,7 +119959,7 @@ async function getProxyBinaryPath(logger) { proxyInfo.url ); const temp = await downloadProxy(logger, proxyInfo.url, authorization); - const extracted = await toolcache2.extractTar(temp); + const extracted = await extractProxy(logger, temp); proxyBin = await toolcache2.cacheDir( extracted, proxyFileName, diff --git a/src/start-proxy-action.ts b/src/start-proxy-action.ts index 2e70cfaef2..fd00953e78 100644 --- a/src/start-proxy-action.ts +++ b/src/start-proxy-action.ts @@ -13,6 +13,7 @@ import { Credential, credentialToStr, downloadProxy, + extractProxy, getCredentials, getDownloadUrl, parseLanguage, @@ -240,7 +241,7 @@ async function getProxyBinaryPath(logger: Logger): Promise { proxyInfo.url, ); const temp = await downloadProxy(logger, proxyInfo.url, authorization); - const extracted = await toolcache.extractTar(temp); + const extracted = await extractProxy(logger, temp); proxyBin = await toolcache.cacheDir( extracted, proxyFileName, diff --git a/src/start-proxy.test.ts b/src/start-proxy.test.ts index 640a1da877..ee9fbbd20f 100644 --- a/src/start-proxy.test.ts +++ b/src/start-proxy.test.ts @@ -426,3 +426,24 @@ test( await startProxyExports.downloadProxy(logger, "url", undefined); }, ); + +test("extractProxy - returns file path on success", async (t) => { + await withRecordingLoggerAsync(async (logger) => { + const testPath = "/some/path"; + sinon.stub(toolcache, "extractTar").resolves(testPath); + + const result = await startProxyExports.extractProxy(logger, "/other/path"); + t.is(result, testPath); + }); +}); + +test( + "extractProxy", + wrapFailureTest, + () => { + sinon.stub(toolcache, "extractTar").throws(); + }, + async (logger) => { + await startProxyExports.extractProxy(logger, "path"); + }, +); diff --git a/src/start-proxy.ts b/src/start-proxy.ts index 9ff1d4b5b2..65ffc5c0e1 100644 --- a/src/start-proxy.ts +++ b/src/start-proxy.ts @@ -23,6 +23,7 @@ import { ConfigurationError, getErrorMessage, isDefined } from "./util"; */ export enum StartProxyErrorType { DownloadFailed = "Failed to download proxy archive.", + ExtractionFailed = "Failed to extract proxy archive.", } /** @@ -413,7 +414,7 @@ export function credentialToStr(c: Credential): string { /** * Attempts to download a file from `url` into the toolcache. * - * @param logger THe logger to use. + * @param logger The logger to use. * @param url The URL to download the proxy binary from. * @param authorization The authorization information to use. * @returns If successful, the path to the downloaded file. @@ -434,3 +435,21 @@ export async function downloadProxy( throw new StartProxyError(StartProxyErrorType.DownloadFailed); } } + +/** + * Attempts to extract the proxy binary from the `archive`. + * + * @param logger The logger to use. + * @param archive The archive to extract. + * @returns The path to the extracted file(s). + */ +export async function extractProxy(logger: Logger, archive: string) { + try { + return await toolcache.extractTar(archive); + } catch (error) { + logger.error( + `Failed to extract proxy archive from ${archive}: ${getErrorMessage(error)}`, + ); + throw new StartProxyError(StartProxyErrorType.ExtractionFailed); + } +} From 28f6d316c0d8493b682a9fcdede65b0a5cbe94af Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 29 Jan 2026 14:16:36 +0000 Subject: [PATCH 09/13] Handle toolcache errors with `StartProxyError` --- lib/start-proxy-action.js | 13 ++++++++++++- src/start-proxy-action.ts | 4 +++- src/start-proxy.test.ts | 26 ++++++++++++++++++++++++++ src/start-proxy.ts | 26 ++++++++++++++++++++++++++ 4 files changed, 67 insertions(+), 2 deletions(-) diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index f234f866c7..1c272cc610 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -119796,6 +119796,16 @@ async function extractProxy(logger, archive) { throw new StartProxyError("Failed to extract proxy archive." /* ExtractionFailed */); } } +async function cacheProxy(logger, path2, filename, version) { + try { + return await toolcache.cacheDir(path2, filename, version); + } catch (error3) { + logger.error( + `Failed to add proxy archive from ${path2} to toolcache: ${getErrorMessage(error3)}` + ); + throw new StartProxyError("Failed to add proxy to toolcache" /* CacheFailed */); + } +} // src/start-proxy-action.ts var KEY_SIZE = 2048; @@ -119960,7 +119970,8 @@ async function getProxyBinaryPath(logger) { ); const temp = await downloadProxy(logger, proxyInfo.url, authorization); const extracted = await extractProxy(logger, temp); - proxyBin = await toolcache2.cacheDir( + proxyBin = await cacheProxy( + logger, extracted, proxyFileName, proxyInfo.version diff --git a/src/start-proxy-action.ts b/src/start-proxy-action.ts index fd00953e78..db55a9e05e 100644 --- a/src/start-proxy-action.ts +++ b/src/start-proxy-action.ts @@ -10,6 +10,7 @@ import { getApiDetails, getAuthorizationHeaderFor } from "./api-client"; import { KnownLanguage } from "./languages"; import { getActionsLogger, Logger } from "./logging"; import { + cacheProxy, Credential, credentialToStr, downloadProxy, @@ -242,7 +243,8 @@ async function getProxyBinaryPath(logger: Logger): Promise { ); const temp = await downloadProxy(logger, proxyInfo.url, authorization); const extracted = await extractProxy(logger, temp); - proxyBin = await toolcache.cacheDir( + proxyBin = await cacheProxy( + logger, extracted, proxyFileName, proxyInfo.version, diff --git a/src/start-proxy.test.ts b/src/start-proxy.test.ts index ee9fbbd20f..a5a0896730 100644 --- a/src/start-proxy.test.ts +++ b/src/start-proxy.test.ts @@ -447,3 +447,29 @@ test( await startProxyExports.extractProxy(logger, "path"); }, ); + +test("cacheProxy - returns file path on success", async (t) => { + await withRecordingLoggerAsync(async (logger) => { + const testPath = "/some/path"; + sinon.stub(toolcache, "cacheDir").resolves(testPath); + + const result = await startProxyExports.cacheProxy( + logger, + "/other/path", + "proxy", + "1.0", + ); + t.is(result, testPath); + }); +}); + +test( + "cacheProxy", + wrapFailureTest, + () => { + sinon.stub(toolcache, "cacheDir").throws(); + }, + async (logger) => { + await startProxyExports.cacheProxy(logger, "/other/path", "proxy", "1.0"); + }, +); diff --git a/src/start-proxy.ts b/src/start-proxy.ts index 65ffc5c0e1..16bf40367e 100644 --- a/src/start-proxy.ts +++ b/src/start-proxy.ts @@ -24,6 +24,7 @@ import { ConfigurationError, getErrorMessage, isDefined } from "./util"; export enum StartProxyErrorType { DownloadFailed = "Failed to download proxy archive.", ExtractionFailed = "Failed to extract proxy archive.", + CacheFailed = "Failed to add proxy to toolcache", } /** @@ -453,3 +454,28 @@ export async function extractProxy(logger: Logger, archive: string) { throw new StartProxyError(StartProxyErrorType.ExtractionFailed); } } + +/** + * Attempts to store the proxy in the toolcache. + * + * @param logger The logger to use. + * @param path The source path to add to the toolcache. + * @param filename The filename of the proxy binary. + * @param version The version of the proxy. + * @returns The path to the directory in the toolcache. + */ +export async function cacheProxy( + logger: Logger, + path: string, + filename: string, + version: string, +) { + try { + return await toolcache.cacheDir(path, filename, version); + } catch (error) { + logger.error( + `Failed to add proxy archive from ${path} to toolcache: ${getErrorMessage(error)}`, + ); + throw new StartProxyError(StartProxyErrorType.CacheFailed); + } +} From a6d296a3415b2a756224ab826d60efd393f9a91b Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 29 Jan 2026 14:20:16 +0000 Subject: [PATCH 10/13] Move `getProxyBinaryPath` to `start-proxy` module --- lib/start-proxy-action.js | 35838 ++++++++++++++++++------------------ src/start-proxy-action.ts | 34 +- src/start-proxy.ts | 50 +- 3 files changed, 17965 insertions(+), 17957 deletions(-) diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 1c272cc610..9d9daed04e 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -1337,14 +1337,14 @@ var require_util = __commonJS({ } const port = url.port != null ? url.port : url.protocol === "https:" ? 443 : 80; let origin = url.origin != null ? url.origin : `${url.protocol || ""}//${url.hostname || ""}:${port}`; - let path2 = url.path != null ? url.path : `${url.pathname || ""}${url.search || ""}`; + let path3 = url.path != null ? url.path : `${url.pathname || ""}${url.search || ""}`; if (origin[origin.length - 1] === "/") { origin = origin.slice(0, origin.length - 1); } - if (path2 && path2[0] !== "/") { - path2 = `/${path2}`; + if (path3 && path3[0] !== "/") { + path3 = `/${path3}`; } - return new URL(`${origin}${path2}`); + return new URL(`${origin}${path3}`); } if (!isHttpOrHttpsPrefixed(url.origin || url.protocol)) { throw new InvalidArgumentError("Invalid URL protocol: the URL must start with `http:` or `https:`."); @@ -1795,39 +1795,39 @@ var require_diagnostics = __commonJS({ }); diagnosticsChannel.channel("undici:client:sendHeaders").subscribe((evt) => { const { - request: { method, path: path2, origin } + request: { method, path: path3, origin } } = evt; - debuglog("sending request to %s %s/%s", method, origin, path2); + debuglog("sending request to %s %s/%s", method, origin, path3); }); diagnosticsChannel.channel("undici:request:headers").subscribe((evt) => { const { - request: { method, path: path2, origin }, + request: { method, path: path3, origin }, response: { statusCode } } = evt; debuglog( "received response to %s %s/%s - HTTP %d", method, origin, - path2, + path3, statusCode ); }); diagnosticsChannel.channel("undici:request:trailers").subscribe((evt) => { const { - request: { method, path: path2, origin } + request: { method, path: path3, origin } } = evt; - debuglog("trailers received from %s %s/%s", method, origin, path2); + debuglog("trailers received from %s %s/%s", method, origin, path3); }); diagnosticsChannel.channel("undici:request:error").subscribe((evt) => { const { - request: { method, path: path2, origin }, + request: { method, path: path3, origin }, error: error3 } = evt; debuglog( "request to %s %s/%s errored - %s", method, origin, - path2, + path3, error3.message ); }); @@ -1876,9 +1876,9 @@ var require_diagnostics = __commonJS({ }); diagnosticsChannel.channel("undici:client:sendHeaders").subscribe((evt) => { const { - request: { method, path: path2, origin } + request: { method, path: path3, origin } } = evt; - debuglog("sending request to %s %s/%s", method, origin, path2); + debuglog("sending request to %s %s/%s", method, origin, path3); }); } diagnosticsChannel.channel("undici:websocket:open").subscribe((evt) => { @@ -1941,7 +1941,7 @@ var require_request = __commonJS({ var kHandler = /* @__PURE__ */ Symbol("handler"); var Request = class { constructor(origin, { - path: path2, + path: path3, method, body, headers, @@ -1956,11 +1956,11 @@ var require_request = __commonJS({ expectContinue, servername }, handler2) { - if (typeof path2 !== "string") { + if (typeof path3 !== "string") { throw new InvalidArgumentError("path must be a string"); - } else if (path2[0] !== "/" && !(path2.startsWith("http://") || path2.startsWith("https://")) && method !== "CONNECT") { + } else if (path3[0] !== "/" && !(path3.startsWith("http://") || path3.startsWith("https://")) && method !== "CONNECT") { throw new InvalidArgumentError("path must be an absolute URL or start with a slash"); - } else if (invalidPathRegex.test(path2)) { + } else if (invalidPathRegex.test(path3)) { throw new InvalidArgumentError("invalid request path"); } if (typeof method !== "string") { @@ -2023,7 +2023,7 @@ var require_request = __commonJS({ this.completed = false; this.aborted = false; this.upgrade = upgrade || null; - this.path = query ? buildURL(path2, query) : path2; + this.path = query ? buildURL(path3, query) : path3; this.origin = origin; this.idempotent = idempotent == null ? method === "HEAD" || method === "GET" : idempotent; this.blocking = blocking == null ? false : blocking; @@ -6536,7 +6536,7 @@ var require_client_h1 = __commonJS({ return method !== "GET" && method !== "HEAD" && method !== "OPTIONS" && method !== "TRACE" && method !== "CONNECT"; } function writeH1(client, request2) { - const { method, path: path2, host, upgrade, blocking, reset } = request2; + const { method, path: path3, host, upgrade, blocking, reset } = request2; let { body, headers, contentLength } = request2; const expectsPayload = method === "PUT" || method === "POST" || method === "PATCH" || method === "QUERY" || method === "PROPFIND" || method === "PROPPATCH"; if (util.isFormDataLike(body)) { @@ -6602,7 +6602,7 @@ var require_client_h1 = __commonJS({ if (blocking) { socket[kBlocking] = true; } - let header = `${method} ${path2} HTTP/1.1\r + let header = `${method} ${path3} HTTP/1.1\r `; if (typeof host === "string") { header += `host: ${host}\r @@ -7128,7 +7128,7 @@ var require_client_h2 = __commonJS({ } function writeH2(client, request2) { const session = client[kHTTP2Session]; - const { method, path: path2, host, upgrade, expectContinue, signal, headers: reqHeaders } = request2; + const { method, path: path3, host, upgrade, expectContinue, signal, headers: reqHeaders } = request2; let { body } = request2; if (upgrade) { util.errorRequest(client, request2, new Error("Upgrade not supported for H2")); @@ -7195,7 +7195,7 @@ var require_client_h2 = __commonJS({ }); return true; } - headers[HTTP2_HEADER_PATH] = path2; + headers[HTTP2_HEADER_PATH] = path3; headers[HTTP2_HEADER_SCHEME] = "https"; const expectsPayload = method === "PUT" || method === "POST" || method === "PATCH"; if (body && typeof body.read === "function") { @@ -7548,9 +7548,9 @@ var require_redirect_handler = __commonJS({ return this.handler.onHeaders(statusCode, headers, resume, statusText); } const { origin, pathname, search } = util.parseURL(new URL(this.location, this.opts.origin && new URL(this.opts.path, this.opts.origin))); - const path2 = search ? `${pathname}${search}` : pathname; + const path3 = search ? `${pathname}${search}` : pathname; this.opts.headers = cleanRequestHeaders(this.opts.headers, statusCode === 303, this.opts.origin !== origin); - this.opts.path = path2; + this.opts.path = path3; this.opts.origin = origin; this.opts.maxRedirections = 0; this.opts.query = null; @@ -8784,10 +8784,10 @@ var require_proxy_agent = __commonJS({ }; const { origin, - path: path2 = "/", + path: path3 = "/", headers = {} } = opts; - opts.path = origin + path2; + opts.path = origin + path3; if (!("host" in headers) && !("Host" in headers)) { const { host } = new URL2(origin); headers.host = host; @@ -10708,20 +10708,20 @@ var require_mock_utils = __commonJS({ } return true; } - function safeUrl(path2) { - if (typeof path2 !== "string") { - return path2; + function safeUrl(path3) { + if (typeof path3 !== "string") { + return path3; } - const pathSegments = path2.split("?"); + const pathSegments = path3.split("?"); if (pathSegments.length !== 2) { - return path2; + return path3; } const qp = new URLSearchParams(pathSegments.pop()); qp.sort(); return [...pathSegments, qp.toString()].join("?"); } - function matchKey(mockDispatch2, { path: path2, method, body, headers }) { - const pathMatch = matchValue(mockDispatch2.path, path2); + function matchKey(mockDispatch2, { path: path3, method, body, headers }) { + const pathMatch = matchValue(mockDispatch2.path, path3); const methodMatch = matchValue(mockDispatch2.method, method); const bodyMatch = typeof mockDispatch2.body !== "undefined" ? matchValue(mockDispatch2.body, body) : true; const headersMatch = matchHeaders(mockDispatch2, headers); @@ -10743,7 +10743,7 @@ var require_mock_utils = __commonJS({ function getMockDispatch(mockDispatches, key) { const basePath = key.query ? buildURL(key.path, key.query) : key.path; const resolvedPath = typeof basePath === "string" ? safeUrl(basePath) : basePath; - let matchedMockDispatches = mockDispatches.filter(({ consumed }) => !consumed).filter(({ path: path2 }) => matchValue(safeUrl(path2), resolvedPath)); + let matchedMockDispatches = mockDispatches.filter(({ consumed }) => !consumed).filter(({ path: path3 }) => matchValue(safeUrl(path3), resolvedPath)); if (matchedMockDispatches.length === 0) { throw new MockNotMatchedError(`Mock dispatch not matched for path '${resolvedPath}'`); } @@ -10781,9 +10781,9 @@ var require_mock_utils = __commonJS({ } } function buildKey(opts) { - const { path: path2, method, body, headers, query } = opts; + const { path: path3, method, body, headers, query } = opts; return { - path: path2, + path: path3, method, body, headers, @@ -11246,10 +11246,10 @@ var require_pending_interceptors_formatter = __commonJS({ } format(pendingInterceptors) { const withPrettyHeaders = pendingInterceptors.map( - ({ method, path: path2, data: { statusCode }, persist, times, timesInvoked, origin }) => ({ + ({ method, path: path3, data: { statusCode }, persist, times, timesInvoked, origin }) => ({ Method: method, Origin: origin, - Path: path2, + Path: path3, "Status code": statusCode, Persistent: persist ? PERSISTENT : NOT_PERSISTENT, Invocations: timesInvoked, @@ -16130,9 +16130,9 @@ var require_util6 = __commonJS({ } } } - function validateCookiePath(path2) { - for (let i = 0; i < path2.length; ++i) { - const code = path2.charCodeAt(i); + function validateCookiePath(path3) { + for (let i = 0; i < path3.length; ++i) { + const code = path3.charCodeAt(i); if (code < 32 || // exclude CTLs (0-31) code === 127 || // DEL code === 59) { @@ -18726,11 +18726,11 @@ var require_undici = __commonJS({ if (typeof opts.path !== "string") { throw new InvalidArgumentError("invalid opts.path"); } - let path2 = opts.path; + let path3 = opts.path; if (!opts.path.startsWith("/")) { - path2 = `/${path2}`; + path3 = `/${path3}`; } - url = new URL(util.parseOrigin(url).origin + path2); + url = new URL(util.parseOrigin(url).origin + path3); } else { if (!opts) { opts = typeof url === "object" ? url : {}; @@ -20033,7 +20033,7 @@ var require_path_utils = __commonJS({ exports2.toPosixPath = toPosixPath; exports2.toWin32Path = toWin32Path; exports2.toPlatformPath = toPlatformPath; - var path2 = __importStar2(require("path")); + var path3 = __importStar2(require("path")); function toPosixPath(pth) { return pth.replace(/[\\]/g, "/"); } @@ -20041,7 +20041,7 @@ var require_path_utils = __commonJS({ return pth.replace(/[/]/g, "\\"); } function toPlatformPath(pth) { - return pth.replace(/[/\\]/g, path2.sep); + return pth.replace(/[/\\]/g, path3.sep); } } }); @@ -20124,7 +20124,7 @@ var require_io_util = __commonJS({ exports2.tryGetExecutablePath = tryGetExecutablePath; exports2.getCmdPath = getCmdPath; var fs = __importStar2(require("fs")); - var path2 = __importStar2(require("path")); + var path3 = __importStar2(require("path")); _a = fs.promises, exports2.chmod = _a.chmod, exports2.copyFile = _a.copyFile, exports2.lstat = _a.lstat, exports2.mkdir = _a.mkdir, exports2.open = _a.open, exports2.readdir = _a.readdir, exports2.rename = _a.rename, exports2.rm = _a.rm, exports2.rmdir = _a.rmdir, exports2.stat = _a.stat, exports2.symlink = _a.symlink, exports2.unlink = _a.unlink; exports2.IS_WINDOWS = process.platform === "win32"; function readlink(fsPath) { @@ -20179,7 +20179,7 @@ var require_io_util = __commonJS({ } if (stats && stats.isFile()) { if (exports2.IS_WINDOWS) { - const upperExt = path2.extname(filePath).toUpperCase(); + const upperExt = path3.extname(filePath).toUpperCase(); if (extensions.some((validExt) => validExt.toUpperCase() === upperExt)) { return filePath; } @@ -20203,11 +20203,11 @@ var require_io_util = __commonJS({ if (stats && stats.isFile()) { if (exports2.IS_WINDOWS) { try { - const directory = path2.dirname(filePath); - const upperName = path2.basename(filePath).toUpperCase(); + const directory = path3.dirname(filePath); + const upperName = path3.basename(filePath).toUpperCase(); for (const actualName of yield (0, exports2.readdir)(directory)) { if (upperName === actualName.toUpperCase()) { - filePath = path2.join(directory, actualName); + filePath = path3.join(directory, actualName); break; } } @@ -20319,7 +20319,7 @@ var require_io = __commonJS({ exports2.which = which4; exports2.findInPath = findInPath; var assert_1 = require("assert"); - var path2 = __importStar2(require("path")); + var path3 = __importStar2(require("path")); var ioUtil = __importStar2(require_io_util()); function cp(source_1, dest_1) { return __awaiter2(this, arguments, void 0, function* (source, dest, options = {}) { @@ -20328,7 +20328,7 @@ var require_io = __commonJS({ if (destStat && destStat.isFile() && !force) { return; } - const newDest = destStat && destStat.isDirectory() && copySourceDirectory ? path2.join(dest, path2.basename(source)) : dest; + const newDest = destStat && destStat.isDirectory() && copySourceDirectory ? path3.join(dest, path3.basename(source)) : dest; if (!(yield ioUtil.exists(source))) { throw new Error(`no such file or directory: ${source}`); } @@ -20340,7 +20340,7 @@ var require_io = __commonJS({ yield cpDirRecursive(source, newDest, 0, force); } } else { - if (path2.relative(source, newDest) === "") { + if (path3.relative(source, newDest) === "") { throw new Error(`'${newDest}' and '${source}' are the same file`); } yield copyFile2(source, newDest, force); @@ -20352,7 +20352,7 @@ var require_io = __commonJS({ if (yield ioUtil.exists(dest)) { let destExists = true; if (yield ioUtil.isDirectory(dest)) { - dest = path2.join(dest, path2.basename(source)); + dest = path3.join(dest, path3.basename(source)); destExists = yield ioUtil.exists(dest); } if (destExists) { @@ -20363,7 +20363,7 @@ var require_io = __commonJS({ } } } - yield mkdirP(path2.dirname(dest)); + yield mkdirP(path3.dirname(dest)); yield ioUtil.rename(source, dest); }); } @@ -20422,7 +20422,7 @@ var require_io = __commonJS({ } const extensions = []; if (ioUtil.IS_WINDOWS && process.env["PATHEXT"]) { - for (const extension of process.env["PATHEXT"].split(path2.delimiter)) { + for (const extension of process.env["PATHEXT"].split(path3.delimiter)) { if (extension) { extensions.push(extension); } @@ -20435,12 +20435,12 @@ var require_io = __commonJS({ } return []; } - if (tool.includes(path2.sep)) { + if (tool.includes(path3.sep)) { return []; } const directories = []; if (process.env.PATH) { - for (const p of process.env.PATH.split(path2.delimiter)) { + for (const p of process.env.PATH.split(path3.delimiter)) { if (p) { directories.push(p); } @@ -20448,7 +20448,7 @@ var require_io = __commonJS({ } const matches = []; for (const directory of directories) { - const filePath = yield ioUtil.tryGetExecutablePath(path2.join(directory, tool), extensions); + const filePath = yield ioUtil.tryGetExecutablePath(path3.join(directory, tool), extensions); if (filePath) { matches.push(filePath); } @@ -20578,7 +20578,7 @@ var require_toolrunner = __commonJS({ var os2 = __importStar2(require("os")); var events = __importStar2(require("events")); var child = __importStar2(require("child_process")); - var path2 = __importStar2(require("path")); + var path3 = __importStar2(require("path")); var io4 = __importStar2(require_io()); var ioUtil = __importStar2(require_io_util()); var timers_1 = require("timers"); @@ -20793,7 +20793,7 @@ var require_toolrunner = __commonJS({ exec() { return __awaiter2(this, void 0, void 0, function* () { if (!ioUtil.isRooted(this.toolPath) && (this.toolPath.includes("/") || IS_WINDOWS && this.toolPath.includes("\\"))) { - this.toolPath = path2.resolve(process.cwd(), this.options.cwd || process.cwd(), this.toolPath); + this.toolPath = path3.resolve(process.cwd(), this.options.cwd || process.cwd(), this.toolPath); } this.toolPath = yield io4.which(this.toolPath, true); return new Promise((resolve2, reject) => __awaiter2(this, void 0, void 0, function* () { @@ -21346,7 +21346,7 @@ var require_core = __commonJS({ var file_command_1 = require_file_command(); var utils_1 = require_utils(); var os2 = __importStar2(require("os")); - var path2 = __importStar2(require("path")); + var path3 = __importStar2(require("path")); var oidc_utils_1 = require_oidc_utils(); var ExitCode; (function(ExitCode2) { @@ -21372,7 +21372,7 @@ var require_core = __commonJS({ } else { (0, command_1.issueCommand)("add-path", {}, inputPath); } - process.env["PATH"] = `${inputPath}${path2.delimiter}${process.env["PATH"]}`; + process.env["PATH"] = `${inputPath}${path3.delimiter}${process.env["PATH"]}`; } function getInput2(name, options) { const val = process.env[`INPUT_${name.replace(/ /g, "_").toUpperCase()}`] || ""; @@ -21490,18722 +21490,15970 @@ Support boolean input list: \`true | True | TRUE | false | False | FALSE\``); } }); -// node_modules/semver/internal/constants.js -var require_constants6 = __commonJS({ - "node_modules/semver/internal/constants.js"(exports2, module2) { - "use strict"; - var SEMVER_SPEC_VERSION = "2.0.0"; - var MAX_LENGTH = 256; - var MAX_SAFE_INTEGER = Number.MAX_SAFE_INTEGER || /* istanbul ignore next */ - 9007199254740991; - var MAX_SAFE_COMPONENT_LENGTH = 16; - var MAX_SAFE_BUILD_LENGTH = MAX_LENGTH - 6; - var RELEASE_TYPES = [ - "major", - "premajor", - "minor", - "preminor", - "patch", - "prepatch", - "prerelease" - ]; +// node_modules/node-forge/lib/forge.js +var require_forge = __commonJS({ + "node_modules/node-forge/lib/forge.js"(exports2, module2) { module2.exports = { - MAX_LENGTH, - MAX_SAFE_COMPONENT_LENGTH, - MAX_SAFE_BUILD_LENGTH, - MAX_SAFE_INTEGER, - RELEASE_TYPES, - SEMVER_SPEC_VERSION, - FLAG_INCLUDE_PRERELEASE: 1, - FLAG_LOOSE: 2 - }; - } -}); - -// node_modules/semver/internal/debug.js -var require_debug = __commonJS({ - "node_modules/semver/internal/debug.js"(exports2, module2) { - "use strict"; - var debug5 = typeof process === "object" && process.env && process.env.NODE_DEBUG && /\bsemver\b/i.test(process.env.NODE_DEBUG) ? (...args) => console.error("SEMVER", ...args) : () => { - }; - module2.exports = debug5; - } -}); - -// node_modules/semver/internal/re.js -var require_re = __commonJS({ - "node_modules/semver/internal/re.js"(exports2, module2) { - "use strict"; - var { - MAX_SAFE_COMPONENT_LENGTH, - MAX_SAFE_BUILD_LENGTH, - MAX_LENGTH - } = require_constants6(); - var debug5 = require_debug(); - exports2 = module2.exports = {}; - var re = exports2.re = []; - var safeRe = exports2.safeRe = []; - var src = exports2.src = []; - var safeSrc = exports2.safeSrc = []; - var t = exports2.t = {}; - var R = 0; - var LETTERDASHNUMBER = "[a-zA-Z0-9-]"; - var safeRegexReplacements = [ - ["\\s", 1], - ["\\d", MAX_LENGTH], - [LETTERDASHNUMBER, MAX_SAFE_BUILD_LENGTH] - ]; - var makeSafeRegex = (value) => { - for (const [token, max] of safeRegexReplacements) { - value = value.split(`${token}*`).join(`${token}{0,${max}}`).split(`${token}+`).join(`${token}{1,${max}}`); - } - return value; - }; - var createToken = (name, value, isGlobal) => { - const safe = makeSafeRegex(value); - const index = R++; - debug5(name, index, value); - t[name] = index; - src[index] = value; - safeSrc[index] = safe; - re[index] = new RegExp(value, isGlobal ? "g" : void 0); - safeRe[index] = new RegExp(safe, isGlobal ? "g" : void 0); - }; - createToken("NUMERICIDENTIFIER", "0|[1-9]\\d*"); - createToken("NUMERICIDENTIFIERLOOSE", "\\d+"); - createToken("NONNUMERICIDENTIFIER", `\\d*[a-zA-Z-]${LETTERDASHNUMBER}*`); - createToken("MAINVERSION", `(${src[t.NUMERICIDENTIFIER]})\\.(${src[t.NUMERICIDENTIFIER]})\\.(${src[t.NUMERICIDENTIFIER]})`); - createToken("MAINVERSIONLOOSE", `(${src[t.NUMERICIDENTIFIERLOOSE]})\\.(${src[t.NUMERICIDENTIFIERLOOSE]})\\.(${src[t.NUMERICIDENTIFIERLOOSE]})`); - createToken("PRERELEASEIDENTIFIER", `(?:${src[t.NONNUMERICIDENTIFIER]}|${src[t.NUMERICIDENTIFIER]})`); - createToken("PRERELEASEIDENTIFIERLOOSE", `(?:${src[t.NONNUMERICIDENTIFIER]}|${src[t.NUMERICIDENTIFIERLOOSE]})`); - createToken("PRERELEASE", `(?:-(${src[t.PRERELEASEIDENTIFIER]}(?:\\.${src[t.PRERELEASEIDENTIFIER]})*))`); - createToken("PRERELEASELOOSE", `(?:-?(${src[t.PRERELEASEIDENTIFIERLOOSE]}(?:\\.${src[t.PRERELEASEIDENTIFIERLOOSE]})*))`); - createToken("BUILDIDENTIFIER", `${LETTERDASHNUMBER}+`); - createToken("BUILD", `(?:\\+(${src[t.BUILDIDENTIFIER]}(?:\\.${src[t.BUILDIDENTIFIER]})*))`); - createToken("FULLPLAIN", `v?${src[t.MAINVERSION]}${src[t.PRERELEASE]}?${src[t.BUILD]}?`); - createToken("FULL", `^${src[t.FULLPLAIN]}$`); - createToken("LOOSEPLAIN", `[v=\\s]*${src[t.MAINVERSIONLOOSE]}${src[t.PRERELEASELOOSE]}?${src[t.BUILD]}?`); - createToken("LOOSE", `^${src[t.LOOSEPLAIN]}$`); - createToken("GTLT", "((?:<|>)?=?)"); - createToken("XRANGEIDENTIFIERLOOSE", `${src[t.NUMERICIDENTIFIERLOOSE]}|x|X|\\*`); - createToken("XRANGEIDENTIFIER", `${src[t.NUMERICIDENTIFIER]}|x|X|\\*`); - createToken("XRANGEPLAIN", `[v=\\s]*(${src[t.XRANGEIDENTIFIER]})(?:\\.(${src[t.XRANGEIDENTIFIER]})(?:\\.(${src[t.XRANGEIDENTIFIER]})(?:${src[t.PRERELEASE]})?${src[t.BUILD]}?)?)?`); - createToken("XRANGEPLAINLOOSE", `[v=\\s]*(${src[t.XRANGEIDENTIFIERLOOSE]})(?:\\.(${src[t.XRANGEIDENTIFIERLOOSE]})(?:\\.(${src[t.XRANGEIDENTIFIERLOOSE]})(?:${src[t.PRERELEASELOOSE]})?${src[t.BUILD]}?)?)?`); - createToken("XRANGE", `^${src[t.GTLT]}\\s*${src[t.XRANGEPLAIN]}$`); - createToken("XRANGELOOSE", `^${src[t.GTLT]}\\s*${src[t.XRANGEPLAINLOOSE]}$`); - createToken("COERCEPLAIN", `${"(^|[^\\d])(\\d{1,"}${MAX_SAFE_COMPONENT_LENGTH}})(?:\\.(\\d{1,${MAX_SAFE_COMPONENT_LENGTH}}))?(?:\\.(\\d{1,${MAX_SAFE_COMPONENT_LENGTH}}))?`); - createToken("COERCE", `${src[t.COERCEPLAIN]}(?:$|[^\\d])`); - createToken("COERCEFULL", src[t.COERCEPLAIN] + `(?:${src[t.PRERELEASE]})?(?:${src[t.BUILD]})?(?:$|[^\\d])`); - createToken("COERCERTL", src[t.COERCE], true); - createToken("COERCERTLFULL", src[t.COERCEFULL], true); - createToken("LONETILDE", "(?:~>?)"); - createToken("TILDETRIM", `(\\s*)${src[t.LONETILDE]}\\s+`, true); - exports2.tildeTrimReplace = "$1~"; - createToken("TILDE", `^${src[t.LONETILDE]}${src[t.XRANGEPLAIN]}$`); - createToken("TILDELOOSE", `^${src[t.LONETILDE]}${src[t.XRANGEPLAINLOOSE]}$`); - createToken("LONECARET", "(?:\\^)"); - createToken("CARETTRIM", `(\\s*)${src[t.LONECARET]}\\s+`, true); - exports2.caretTrimReplace = "$1^"; - createToken("CARET", `^${src[t.LONECARET]}${src[t.XRANGEPLAIN]}$`); - createToken("CARETLOOSE", `^${src[t.LONECARET]}${src[t.XRANGEPLAINLOOSE]}$`); - createToken("COMPARATORLOOSE", `^${src[t.GTLT]}\\s*(${src[t.LOOSEPLAIN]})$|^$`); - createToken("COMPARATOR", `^${src[t.GTLT]}\\s*(${src[t.FULLPLAIN]})$|^$`); - createToken("COMPARATORTRIM", `(\\s*)${src[t.GTLT]}\\s*(${src[t.LOOSEPLAIN]}|${src[t.XRANGEPLAIN]})`, true); - exports2.comparatorTrimReplace = "$1$2$3"; - createToken("HYPHENRANGE", `^\\s*(${src[t.XRANGEPLAIN]})\\s+-\\s+(${src[t.XRANGEPLAIN]})\\s*$`); - createToken("HYPHENRANGELOOSE", `^\\s*(${src[t.XRANGEPLAINLOOSE]})\\s+-\\s+(${src[t.XRANGEPLAINLOOSE]})\\s*$`); - createToken("STAR", "(<|>)?=?\\s*\\*"); - createToken("GTE0", "^\\s*>=\\s*0\\.0\\.0\\s*$"); - createToken("GTE0PRE", "^\\s*>=\\s*0\\.0\\.0-0\\s*$"); - } -}); - -// node_modules/semver/internal/parse-options.js -var require_parse_options = __commonJS({ - "node_modules/semver/internal/parse-options.js"(exports2, module2) { - "use strict"; - var looseOption = Object.freeze({ loose: true }); - var emptyOpts = Object.freeze({}); - var parseOptions = (options) => { - if (!options) { - return emptyOpts; - } - if (typeof options !== "object") { - return looseOption; + // default options + options: { + usePureJavaScript: false } - return options; }; - module2.exports = parseOptions; } }); -// node_modules/semver/internal/identifiers.js -var require_identifiers = __commonJS({ - "node_modules/semver/internal/identifiers.js"(exports2, module2) { - "use strict"; - var numeric = /^[0-9]+$/; - var compareIdentifiers = (a, b) => { - if (typeof a === "number" && typeof b === "number") { - return a === b ? 0 : a < b ? -1 : 1; +// node_modules/node-forge/lib/baseN.js +var require_baseN = __commonJS({ + "node_modules/node-forge/lib/baseN.js"(exports2, module2) { + var api = {}; + module2.exports = api; + var _reverseAlphabets = {}; + api.encode = function(input, alphabet, maxline) { + if (typeof alphabet !== "string") { + throw new TypeError('"alphabet" must be a string.'); } - const anum = numeric.test(a); - const bnum = numeric.test(b); - if (anum && bnum) { - a = +a; - b = +b; + if (maxline !== void 0 && typeof maxline !== "number") { + throw new TypeError('"maxline" must be a number.'); } - return a === b ? 0 : anum && !bnum ? -1 : bnum && !anum ? 1 : a < b ? -1 : 1; - }; - var rcompareIdentifiers = (a, b) => compareIdentifiers(b, a); - module2.exports = { - compareIdentifiers, - rcompareIdentifiers - }; - } -}); - -// node_modules/semver/classes/semver.js -var require_semver = __commonJS({ - "node_modules/semver/classes/semver.js"(exports2, module2) { - "use strict"; - var debug5 = require_debug(); - var { MAX_LENGTH, MAX_SAFE_INTEGER } = require_constants6(); - var { safeRe: re, t } = require_re(); - var parseOptions = require_parse_options(); - var { compareIdentifiers } = require_identifiers(); - var SemVer = class _SemVer { - constructor(version, options) { - options = parseOptions(options); - if (version instanceof _SemVer) { - if (version.loose === !!options.loose && version.includePrerelease === !!options.includePrerelease) { - return version; - } else { - version = version.version; + var output = ""; + if (!(input instanceof Uint8Array)) { + output = _encodeWithByteBuffer(input, alphabet); + } else { + var i = 0; + var base = alphabet.length; + var first = alphabet.charAt(0); + var digits = [0]; + for (i = 0; i < input.length; ++i) { + for (var j = 0, carry = input[i]; j < digits.length; ++j) { + carry += digits[j] << 8; + digits[j] = carry % base; + carry = carry / base | 0; + } + while (carry > 0) { + digits.push(carry % base); + carry = carry / base | 0; } - } else if (typeof version !== "string") { - throw new TypeError(`Invalid version. Must be a string. Got type "${typeof version}".`); - } - if (version.length > MAX_LENGTH) { - throw new TypeError( - `version is longer than ${MAX_LENGTH} characters` - ); - } - debug5("SemVer", version, options); - this.options = options; - this.loose = !!options.loose; - this.includePrerelease = !!options.includePrerelease; - const m = version.trim().match(options.loose ? re[t.LOOSE] : re[t.FULL]); - if (!m) { - throw new TypeError(`Invalid Version: ${version}`); - } - this.raw = version; - this.major = +m[1]; - this.minor = +m[2]; - this.patch = +m[3]; - if (this.major > MAX_SAFE_INTEGER || this.major < 0) { - throw new TypeError("Invalid major version"); - } - if (this.minor > MAX_SAFE_INTEGER || this.minor < 0) { - throw new TypeError("Invalid minor version"); } - if (this.patch > MAX_SAFE_INTEGER || this.patch < 0) { - throw new TypeError("Invalid patch version"); + for (i = 0; input[i] === 0 && i < input.length - 1; ++i) { + output += first; } - if (!m[4]) { - this.prerelease = []; - } else { - this.prerelease = m[4].split(".").map((id) => { - if (/^[0-9]+$/.test(id)) { - const num = +id; - if (num >= 0 && num < MAX_SAFE_INTEGER) { - return num; - } - } - return id; - }); + for (i = digits.length - 1; i >= 0; --i) { + output += alphabet[digits[i]]; } - this.build = m[5] ? m[5].split(".") : []; - this.format(); } - format() { - this.version = `${this.major}.${this.minor}.${this.patch}`; - if (this.prerelease.length) { - this.version += `-${this.prerelease.join(".")}`; - } - return this.version; + if (maxline) { + var regex = new RegExp(".{1," + maxline + "}", "g"); + output = output.match(regex).join("\r\n"); } - toString() { - return this.version; + return output; + }; + api.decode = function(input, alphabet) { + if (typeof input !== "string") { + throw new TypeError('"input" must be a string.'); } - compare(other) { - debug5("SemVer.compare", this.version, this.options, other); - if (!(other instanceof _SemVer)) { - if (typeof other === "string" && other === this.version) { - return 0; - } - other = new _SemVer(other, this.options); - } - if (other.version === this.version) { - return 0; - } - return this.compareMain(other) || this.comparePre(other); + if (typeof alphabet !== "string") { + throw new TypeError('"alphabet" must be a string.'); } - compareMain(other) { - if (!(other instanceof _SemVer)) { - other = new _SemVer(other, this.options); - } - if (this.major < other.major) { - return -1; - } - if (this.major > other.major) { - return 1; - } - if (this.minor < other.minor) { - return -1; + var table = _reverseAlphabets[alphabet]; + if (!table) { + table = _reverseAlphabets[alphabet] = []; + for (var i = 0; i < alphabet.length; ++i) { + table[alphabet.charCodeAt(i)] = i; } - if (this.minor > other.minor) { - return 1; + } + input = input.replace(/\s/g, ""); + var base = alphabet.length; + var first = alphabet.charAt(0); + var bytes = [0]; + for (var i = 0; i < input.length; i++) { + var value = table[input.charCodeAt(i)]; + if (value === void 0) { + return; } - if (this.patch < other.patch) { - return -1; + for (var j = 0, carry = value; j < bytes.length; ++j) { + carry += bytes[j] * base; + bytes[j] = carry & 255; + carry >>= 8; } - if (this.patch > other.patch) { - return 1; + while (carry > 0) { + bytes.push(carry & 255); + carry >>= 8; } - return 0; } - comparePre(other) { - if (!(other instanceof _SemVer)) { - other = new _SemVer(other, this.options); + for (var k = 0; input[k] === first && k < input.length - 1; ++k) { + bytes.push(0); + } + if (typeof Buffer !== "undefined") { + return Buffer.from(bytes.reverse()); + } + return new Uint8Array(bytes.reverse()); + }; + function _encodeWithByteBuffer(input, alphabet) { + var i = 0; + var base = alphabet.length; + var first = alphabet.charAt(0); + var digits = [0]; + for (i = 0; i < input.length(); ++i) { + for (var j = 0, carry = input.at(i); j < digits.length; ++j) { + carry += digits[j] << 8; + digits[j] = carry % base; + carry = carry / base | 0; } - if (this.prerelease.length && !other.prerelease.length) { - return -1; - } else if (!this.prerelease.length && other.prerelease.length) { - return 1; - } else if (!this.prerelease.length && !other.prerelease.length) { - return 0; + while (carry > 0) { + digits.push(carry % base); + carry = carry / base | 0; } - let i = 0; - do { - const a = this.prerelease[i]; - const b = other.prerelease[i]; - debug5("prerelease compare", i, a, b); - if (a === void 0 && b === void 0) { - return 0; - } else if (b === void 0) { - return 1; - } else if (a === void 0) { - return -1; - } else if (a === b) { - continue; - } else { - return compareIdentifiers(a, b); - } - } while (++i); } - compareBuild(other) { - if (!(other instanceof _SemVer)) { - other = new _SemVer(other, this.options); + var output = ""; + for (i = 0; input.at(i) === 0 && i < input.length() - 1; ++i) { + output += first; + } + for (i = digits.length - 1; i >= 0; --i) { + output += alphabet[digits[i]]; + } + return output; + } + } +}); + +// node_modules/node-forge/lib/util.js +var require_util9 = __commonJS({ + "node_modules/node-forge/lib/util.js"(exports2, module2) { + var forge = require_forge(); + var baseN = require_baseN(); + var util = module2.exports = forge.util = forge.util || {}; + (function() { + if (typeof process !== "undefined" && process.nextTick && !process.browser) { + util.nextTick = process.nextTick; + if (typeof setImmediate === "function") { + util.setImmediate = setImmediate; + } else { + util.setImmediate = util.nextTick; } - let i = 0; - do { - const a = this.build[i]; - const b = other.build[i]; - debug5("build compare", i, a, b); - if (a === void 0 && b === void 0) { - return 0; - } else if (b === void 0) { - return 1; - } else if (a === void 0) { - return -1; - } else if (a === b) { - continue; - } else { - return compareIdentifiers(a, b); - } - } while (++i); + return; } - // preminor will bump the version up to the next minor release, and immediately - // down to pre-release. premajor and prepatch work the same way. - inc(release2, identifier, identifierBase) { - if (release2.startsWith("pre")) { - if (!identifier && identifierBase === false) { - throw new Error("invalid increment argument: identifier is empty"); + if (typeof setImmediate === "function") { + util.setImmediate = function() { + return setImmediate.apply(void 0, arguments); + }; + util.nextTick = function(callback) { + return setImmediate(callback); + }; + return; + } + util.setImmediate = function(callback) { + setTimeout(callback, 0); + }; + if (typeof window !== "undefined" && typeof window.postMessage === "function") { + let handler3 = function(event) { + if (event.source === window && event.data === msg) { + event.stopPropagation(); + var copy = callbacks.slice(); + callbacks.length = 0; + copy.forEach(function(callback) { + callback(); + }); } - if (identifier) { - const match = `-${identifier}`.match(this.options.loose ? re[t.PRERELEASELOOSE] : re[t.PRERELEASE]); - if (!match || match[1] !== identifier) { - throw new Error(`invalid identifier: ${identifier}`); - } + }; + var handler2 = handler3; + var msg = "forge.setImmediate"; + var callbacks = []; + util.setImmediate = function(callback) { + callbacks.push(callback); + if (callbacks.length === 1) { + window.postMessage(msg, "*"); } - } - switch (release2) { - case "premajor": - this.prerelease.length = 0; - this.patch = 0; - this.minor = 0; - this.major++; - this.inc("pre", identifier, identifierBase); - break; - case "preminor": - this.prerelease.length = 0; - this.patch = 0; - this.minor++; - this.inc("pre", identifier, identifierBase); - break; - case "prepatch": - this.prerelease.length = 0; - this.inc("patch", identifier, identifierBase); - this.inc("pre", identifier, identifierBase); - break; - // If the input is a non-prerelease version, this acts the same as - // prepatch. - case "prerelease": - if (this.prerelease.length === 0) { - this.inc("patch", identifier, identifierBase); + }; + window.addEventListener("message", handler3, true); + } + if (typeof MutationObserver !== "undefined") { + var now = Date.now(); + var attr = true; + var div = document.createElement("div"); + var callbacks = []; + new MutationObserver(function() { + var copy = callbacks.slice(); + callbacks.length = 0; + copy.forEach(function(callback) { + callback(); + }); + }).observe(div, { attributes: true }); + var oldSetImmediate = util.setImmediate; + util.setImmediate = function(callback) { + if (Date.now() - now > 15) { + now = Date.now(); + oldSetImmediate(callback); + } else { + callbacks.push(callback); + if (callbacks.length === 1) { + div.setAttribute("a", attr = !attr); } - this.inc("pre", identifier, identifierBase); - break; - case "release": - if (this.prerelease.length === 0) { - throw new Error(`version ${this.raw} is not a prerelease`); - } - this.prerelease.length = 0; - break; - case "major": - if (this.minor !== 0 || this.patch !== 0 || this.prerelease.length === 0) { - this.major++; - } - this.minor = 0; - this.patch = 0; - this.prerelease = []; - break; - case "minor": - if (this.patch !== 0 || this.prerelease.length === 0) { - this.minor++; - } - this.patch = 0; - this.prerelease = []; - break; - case "patch": - if (this.prerelease.length === 0) { - this.patch++; - } - this.prerelease = []; - break; - // This probably shouldn't be used publicly. - // 1.0.0 'pre' would become 1.0.0-0 which is the wrong direction. - case "pre": { - const base = Number(identifierBase) ? 1 : 0; - if (this.prerelease.length === 0) { - this.prerelease = [base]; - } else { - let i = this.prerelease.length; - while (--i >= 0) { - if (typeof this.prerelease[i] === "number") { - this.prerelease[i]++; - i = -2; - } - } - if (i === -1) { - if (identifier === this.prerelease.join(".") && identifierBase === false) { - throw new Error("invalid increment argument: identifier already exists"); - } - this.prerelease.push(base); - } - } - if (identifier) { - let prerelease = [identifier, base]; - if (identifierBase === false) { - prerelease = [identifier]; - } - if (compareIdentifiers(this.prerelease[0], identifier) === 0) { - if (isNaN(this.prerelease[1])) { - this.prerelease = prerelease; - } - } else { - this.prerelease = prerelease; - } + } + }; + } + util.nextTick = util.setImmediate; + })(); + util.isNodejs = typeof process !== "undefined" && process.versions && process.versions.node; + util.globalScope = (function() { + if (util.isNodejs) { + return global; + } + return typeof self === "undefined" ? window : self; + })(); + util.isArray = Array.isArray || function(x) { + return Object.prototype.toString.call(x) === "[object Array]"; + }; + util.isArrayBuffer = function(x) { + return typeof ArrayBuffer !== "undefined" && x instanceof ArrayBuffer; + }; + util.isArrayBufferView = function(x) { + return x && util.isArrayBuffer(x.buffer) && x.byteLength !== void 0; + }; + function _checkBitsParam(n) { + if (!(n === 8 || n === 16 || n === 24 || n === 32)) { + throw new Error("Only 8, 16, 24, or 32 bits supported: " + n); + } + } + util.ByteBuffer = ByteStringBuffer; + function ByteStringBuffer(b) { + this.data = ""; + this.read = 0; + if (typeof b === "string") { + this.data = b; + } else if (util.isArrayBuffer(b) || util.isArrayBufferView(b)) { + if (typeof Buffer !== "undefined" && b instanceof Buffer) { + this.data = b.toString("binary"); + } else { + var arr = new Uint8Array(b); + try { + this.data = String.fromCharCode.apply(null, arr); + } catch (e) { + for (var i = 0; i < arr.length; ++i) { + this.putByte(arr[i]); } - break; } - default: - throw new Error(`invalid increment argument: ${release2}`); - } - this.raw = this.format(); - if (this.build.length) { - this.raw += `+${this.build.join(".")}`; } - return this; + } else if (b instanceof ByteStringBuffer || typeof b === "object" && typeof b.data === "string" && typeof b.read === "number") { + this.data = b.data; + this.read = b.read; } - }; - module2.exports = SemVer; - } -}); - -// node_modules/semver/functions/parse.js -var require_parse2 = __commonJS({ - "node_modules/semver/functions/parse.js"(exports2, module2) { - "use strict"; - var SemVer = require_semver(); - var parse2 = (version, options, throwErrors = false) => { - if (version instanceof SemVer) { - return version; + this._constructedStringLength = 0; + } + util.ByteStringBuffer = ByteStringBuffer; + var _MAX_CONSTRUCTED_STRING_LENGTH = 4096; + util.ByteStringBuffer.prototype._optimizeConstructedString = function(x) { + this._constructedStringLength += x; + if (this._constructedStringLength > _MAX_CONSTRUCTED_STRING_LENGTH) { + this.data.substr(0, 1); + this._constructedStringLength = 0; } - try { - return new SemVer(version, options); - } catch (er) { - if (!throwErrors) { - return null; + }; + util.ByteStringBuffer.prototype.length = function() { + return this.data.length - this.read; + }; + util.ByteStringBuffer.prototype.isEmpty = function() { + return this.length() <= 0; + }; + util.ByteStringBuffer.prototype.putByte = function(b) { + return this.putBytes(String.fromCharCode(b)); + }; + util.ByteStringBuffer.prototype.fillWithByte = function(b, n) { + b = String.fromCharCode(b); + var d = this.data; + while (n > 0) { + if (n & 1) { + d += b; + } + n >>>= 1; + if (n > 0) { + b += b; } - throw er; } + this.data = d; + this._optimizeConstructedString(n); + return this; }; - module2.exports = parse2; - } -}); - -// node_modules/semver/functions/valid.js -var require_valid = __commonJS({ - "node_modules/semver/functions/valid.js"(exports2, module2) { - "use strict"; - var parse2 = require_parse2(); - var valid2 = (version, options) => { - const v = parse2(version, options); - return v ? v.version : null; + util.ByteStringBuffer.prototype.putBytes = function(bytes) { + this.data += bytes; + this._optimizeConstructedString(bytes.length); + return this; }; - module2.exports = valid2; - } -}); - -// node_modules/semver/functions/clean.js -var require_clean = __commonJS({ - "node_modules/semver/functions/clean.js"(exports2, module2) { - "use strict"; - var parse2 = require_parse2(); - var clean = (version, options) => { - const s = parse2(version.trim().replace(/^[=v]+/, ""), options); - return s ? s.version : null; + util.ByteStringBuffer.prototype.putString = function(str2) { + return this.putBytes(util.encodeUtf8(str2)); }; - module2.exports = clean; - } -}); - -// node_modules/semver/functions/inc.js -var require_inc = __commonJS({ - "node_modules/semver/functions/inc.js"(exports2, module2) { - "use strict"; - var SemVer = require_semver(); - var inc = (version, release2, options, identifier, identifierBase) => { - if (typeof options === "string") { - identifierBase = identifier; - identifier = options; - options = void 0; + util.ByteStringBuffer.prototype.putInt16 = function(i) { + return this.putBytes( + String.fromCharCode(i >> 8 & 255) + String.fromCharCode(i & 255) + ); + }; + util.ByteStringBuffer.prototype.putInt24 = function(i) { + return this.putBytes( + String.fromCharCode(i >> 16 & 255) + String.fromCharCode(i >> 8 & 255) + String.fromCharCode(i & 255) + ); + }; + util.ByteStringBuffer.prototype.putInt32 = function(i) { + return this.putBytes( + String.fromCharCode(i >> 24 & 255) + String.fromCharCode(i >> 16 & 255) + String.fromCharCode(i >> 8 & 255) + String.fromCharCode(i & 255) + ); + }; + util.ByteStringBuffer.prototype.putInt16Le = function(i) { + return this.putBytes( + String.fromCharCode(i & 255) + String.fromCharCode(i >> 8 & 255) + ); + }; + util.ByteStringBuffer.prototype.putInt24Le = function(i) { + return this.putBytes( + String.fromCharCode(i & 255) + String.fromCharCode(i >> 8 & 255) + String.fromCharCode(i >> 16 & 255) + ); + }; + util.ByteStringBuffer.prototype.putInt32Le = function(i) { + return this.putBytes( + String.fromCharCode(i & 255) + String.fromCharCode(i >> 8 & 255) + String.fromCharCode(i >> 16 & 255) + String.fromCharCode(i >> 24 & 255) + ); + }; + util.ByteStringBuffer.prototype.putInt = function(i, n) { + _checkBitsParam(n); + var bytes = ""; + do { + n -= 8; + bytes += String.fromCharCode(i >> n & 255); + } while (n > 0); + return this.putBytes(bytes); + }; + util.ByteStringBuffer.prototype.putSignedInt = function(i, n) { + if (i < 0) { + i += 2 << n - 1; } - try { - return new SemVer( - version instanceof SemVer ? version.version : version, - options - ).inc(release2, identifier, identifierBase).version; - } catch (er) { - return null; + return this.putInt(i, n); + }; + util.ByteStringBuffer.prototype.putBuffer = function(buffer) { + return this.putBytes(buffer.getBytes()); + }; + util.ByteStringBuffer.prototype.getByte = function() { + return this.data.charCodeAt(this.read++); + }; + util.ByteStringBuffer.prototype.getInt16 = function() { + var rval = this.data.charCodeAt(this.read) << 8 ^ this.data.charCodeAt(this.read + 1); + this.read += 2; + return rval; + }; + util.ByteStringBuffer.prototype.getInt24 = function() { + var rval = this.data.charCodeAt(this.read) << 16 ^ this.data.charCodeAt(this.read + 1) << 8 ^ this.data.charCodeAt(this.read + 2); + this.read += 3; + return rval; + }; + util.ByteStringBuffer.prototype.getInt32 = function() { + var rval = this.data.charCodeAt(this.read) << 24 ^ this.data.charCodeAt(this.read + 1) << 16 ^ this.data.charCodeAt(this.read + 2) << 8 ^ this.data.charCodeAt(this.read + 3); + this.read += 4; + return rval; + }; + util.ByteStringBuffer.prototype.getInt16Le = function() { + var rval = this.data.charCodeAt(this.read) ^ this.data.charCodeAt(this.read + 1) << 8; + this.read += 2; + return rval; + }; + util.ByteStringBuffer.prototype.getInt24Le = function() { + var rval = this.data.charCodeAt(this.read) ^ this.data.charCodeAt(this.read + 1) << 8 ^ this.data.charCodeAt(this.read + 2) << 16; + this.read += 3; + return rval; + }; + util.ByteStringBuffer.prototype.getInt32Le = function() { + var rval = this.data.charCodeAt(this.read) ^ this.data.charCodeAt(this.read + 1) << 8 ^ this.data.charCodeAt(this.read + 2) << 16 ^ this.data.charCodeAt(this.read + 3) << 24; + this.read += 4; + return rval; + }; + util.ByteStringBuffer.prototype.getInt = function(n) { + _checkBitsParam(n); + var rval = 0; + do { + rval = (rval << 8) + this.data.charCodeAt(this.read++); + n -= 8; + } while (n > 0); + return rval; + }; + util.ByteStringBuffer.prototype.getSignedInt = function(n) { + var x = this.getInt(n); + var max = 2 << n - 2; + if (x >= max) { + x -= max << 1; } + return x; }; - module2.exports = inc; - } -}); - -// node_modules/semver/functions/diff.js -var require_diff = __commonJS({ - "node_modules/semver/functions/diff.js"(exports2, module2) { - "use strict"; - var parse2 = require_parse2(); - var diff = (version1, version2) => { - const v1 = parse2(version1, null, true); - const v2 = parse2(version2, null, true); - const comparison = v1.compare(v2); - if (comparison === 0) { - return null; + util.ByteStringBuffer.prototype.getBytes = function(count) { + var rval; + if (count) { + count = Math.min(this.length(), count); + rval = this.data.slice(this.read, this.read + count); + this.read += count; + } else if (count === 0) { + rval = ""; + } else { + rval = this.read === 0 ? this.data : this.data.slice(this.read); + this.clear(); } - const v1Higher = comparison > 0; - const highVersion = v1Higher ? v1 : v2; - const lowVersion = v1Higher ? v2 : v1; - const highHasPre = !!highVersion.prerelease.length; - const lowHasPre = !!lowVersion.prerelease.length; - if (lowHasPre && !highHasPre) { - if (!lowVersion.patch && !lowVersion.minor) { - return "major"; + return rval; + }; + util.ByteStringBuffer.prototype.bytes = function(count) { + return typeof count === "undefined" ? this.data.slice(this.read) : this.data.slice(this.read, this.read + count); + }; + util.ByteStringBuffer.prototype.at = function(i) { + return this.data.charCodeAt(this.read + i); + }; + util.ByteStringBuffer.prototype.setAt = function(i, b) { + this.data = this.data.substr(0, this.read + i) + String.fromCharCode(b) + this.data.substr(this.read + i + 1); + return this; + }; + util.ByteStringBuffer.prototype.last = function() { + return this.data.charCodeAt(this.data.length - 1); + }; + util.ByteStringBuffer.prototype.copy = function() { + var c = util.createBuffer(this.data); + c.read = this.read; + return c; + }; + util.ByteStringBuffer.prototype.compact = function() { + if (this.read > 0) { + this.data = this.data.slice(this.read); + this.read = 0; + } + return this; + }; + util.ByteStringBuffer.prototype.clear = function() { + this.data = ""; + this.read = 0; + return this; + }; + util.ByteStringBuffer.prototype.truncate = function(count) { + var len = Math.max(0, this.length() - count); + this.data = this.data.substr(this.read, len); + this.read = 0; + return this; + }; + util.ByteStringBuffer.prototype.toHex = function() { + var rval = ""; + for (var i = this.read; i < this.data.length; ++i) { + var b = this.data.charCodeAt(i); + if (b < 16) { + rval += "0"; } - if (lowVersion.compareMain(highVersion) === 0) { - if (lowVersion.minor && !lowVersion.patch) { - return "minor"; - } - return "patch"; + rval += b.toString(16); + } + return rval; + }; + util.ByteStringBuffer.prototype.toString = function() { + return util.decodeUtf8(this.bytes()); + }; + function DataBuffer(b, options) { + options = options || {}; + this.read = options.readOffset || 0; + this.growSize = options.growSize || 1024; + var isArrayBuffer = util.isArrayBuffer(b); + var isArrayBufferView = util.isArrayBufferView(b); + if (isArrayBuffer || isArrayBufferView) { + if (isArrayBuffer) { + this.data = new DataView(b); + } else { + this.data = new DataView(b.buffer, b.byteOffset, b.byteLength); } + this.write = "writeOffset" in options ? options.writeOffset : this.data.byteLength; + return; } - const prefix = highHasPre ? "pre" : ""; - if (v1.major !== v2.major) { - return prefix + "major"; + this.data = new DataView(new ArrayBuffer(0)); + this.write = 0; + if (b !== null && b !== void 0) { + this.putBytes(b); } - if (v1.minor !== v2.minor) { - return prefix + "minor"; + if ("writeOffset" in options) { + this.write = options.writeOffset; } - if (v1.patch !== v2.patch) { - return prefix + "patch"; + } + util.DataBuffer = DataBuffer; + util.DataBuffer.prototype.length = function() { + return this.write - this.read; + }; + util.DataBuffer.prototype.isEmpty = function() { + return this.length() <= 0; + }; + util.DataBuffer.prototype.accommodate = function(amount, growSize) { + if (this.length() >= amount) { + return this; } - return "prerelease"; + growSize = Math.max(growSize || this.growSize, amount); + var src = new Uint8Array( + this.data.buffer, + this.data.byteOffset, + this.data.byteLength + ); + var dst = new Uint8Array(this.length() + growSize); + dst.set(src); + this.data = new DataView(dst.buffer); + return this; }; - module2.exports = diff; - } -}); - -// node_modules/semver/functions/major.js -var require_major = __commonJS({ - "node_modules/semver/functions/major.js"(exports2, module2) { - "use strict"; - var SemVer = require_semver(); - var major = (a, loose) => new SemVer(a, loose).major; - module2.exports = major; - } -}); - -// node_modules/semver/functions/minor.js -var require_minor = __commonJS({ - "node_modules/semver/functions/minor.js"(exports2, module2) { - "use strict"; - var SemVer = require_semver(); - var minor = (a, loose) => new SemVer(a, loose).minor; - module2.exports = minor; - } -}); - -// node_modules/semver/functions/patch.js -var require_patch = __commonJS({ - "node_modules/semver/functions/patch.js"(exports2, module2) { - "use strict"; - var SemVer = require_semver(); - var patch = (a, loose) => new SemVer(a, loose).patch; - module2.exports = patch; - } -}); - -// node_modules/semver/functions/prerelease.js -var require_prerelease = __commonJS({ - "node_modules/semver/functions/prerelease.js"(exports2, module2) { - "use strict"; - var parse2 = require_parse2(); - var prerelease = (version, options) => { - const parsed = parse2(version, options); - return parsed && parsed.prerelease.length ? parsed.prerelease : null; + util.DataBuffer.prototype.putByte = function(b) { + this.accommodate(1); + this.data.setUint8(this.write++, b); + return this; }; - module2.exports = prerelease; - } -}); - -// node_modules/semver/functions/compare.js -var require_compare = __commonJS({ - "node_modules/semver/functions/compare.js"(exports2, module2) { - "use strict"; - var SemVer = require_semver(); - var compare = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); - module2.exports = compare; - } -}); - -// node_modules/semver/functions/rcompare.js -var require_rcompare = __commonJS({ - "node_modules/semver/functions/rcompare.js"(exports2, module2) { - "use strict"; - var compare = require_compare(); - var rcompare = (a, b, loose) => compare(b, a, loose); - module2.exports = rcompare; - } -}); - -// node_modules/semver/functions/compare-loose.js -var require_compare_loose = __commonJS({ - "node_modules/semver/functions/compare-loose.js"(exports2, module2) { - "use strict"; - var compare = require_compare(); - var compareLoose = (a, b) => compare(a, b, true); - module2.exports = compareLoose; - } -}); - -// node_modules/semver/functions/compare-build.js -var require_compare_build = __commonJS({ - "node_modules/semver/functions/compare-build.js"(exports2, module2) { - "use strict"; - var SemVer = require_semver(); - var compareBuild = (a, b, loose) => { - const versionA = new SemVer(a, loose); - const versionB = new SemVer(b, loose); - return versionA.compare(versionB) || versionA.compareBuild(versionB); - }; - module2.exports = compareBuild; - } -}); - -// node_modules/semver/functions/sort.js -var require_sort = __commonJS({ - "node_modules/semver/functions/sort.js"(exports2, module2) { - "use strict"; - var compareBuild = require_compare_build(); - var sort = (list, loose) => list.sort((a, b) => compareBuild(a, b, loose)); - module2.exports = sort; - } -}); - -// node_modules/semver/functions/rsort.js -var require_rsort = __commonJS({ - "node_modules/semver/functions/rsort.js"(exports2, module2) { - "use strict"; - var compareBuild = require_compare_build(); - var rsort = (list, loose) => list.sort((a, b) => compareBuild(b, a, loose)); - module2.exports = rsort; - } -}); - -// node_modules/semver/functions/gt.js -var require_gt = __commonJS({ - "node_modules/semver/functions/gt.js"(exports2, module2) { - "use strict"; - var compare = require_compare(); - var gt = (a, b, loose) => compare(a, b, loose) > 0; - module2.exports = gt; - } -}); - -// node_modules/semver/functions/lt.js -var require_lt = __commonJS({ - "node_modules/semver/functions/lt.js"(exports2, module2) { - "use strict"; - var compare = require_compare(); - var lt = (a, b, loose) => compare(a, b, loose) < 0; - module2.exports = lt; - } -}); - -// node_modules/semver/functions/eq.js -var require_eq = __commonJS({ - "node_modules/semver/functions/eq.js"(exports2, module2) { - "use strict"; - var compare = require_compare(); - var eq = (a, b, loose) => compare(a, b, loose) === 0; - module2.exports = eq; - } -}); - -// node_modules/semver/functions/neq.js -var require_neq = __commonJS({ - "node_modules/semver/functions/neq.js"(exports2, module2) { - "use strict"; - var compare = require_compare(); - var neq = (a, b, loose) => compare(a, b, loose) !== 0; - module2.exports = neq; - } -}); - -// node_modules/semver/functions/gte.js -var require_gte = __commonJS({ - "node_modules/semver/functions/gte.js"(exports2, module2) { - "use strict"; - var compare = require_compare(); - var gte4 = (a, b, loose) => compare(a, b, loose) >= 0; - module2.exports = gte4; - } -}); - -// node_modules/semver/functions/lte.js -var require_lte = __commonJS({ - "node_modules/semver/functions/lte.js"(exports2, module2) { - "use strict"; - var compare = require_compare(); - var lte = (a, b, loose) => compare(a, b, loose) <= 0; - module2.exports = lte; - } -}); - -// node_modules/semver/functions/cmp.js -var require_cmp = __commonJS({ - "node_modules/semver/functions/cmp.js"(exports2, module2) { - "use strict"; - var eq = require_eq(); - var neq = require_neq(); - var gt = require_gt(); - var gte4 = require_gte(); - var lt = require_lt(); - var lte = require_lte(); - var cmp = (a, op, b, loose) => { - switch (op) { - case "===": - if (typeof a === "object") { - a = a.version; - } - if (typeof b === "object") { - b = b.version; - } - return a === b; - case "!==": - if (typeof a === "object") { - a = a.version; - } - if (typeof b === "object") { - b = b.version; - } - return a !== b; - case "": - case "=": - case "==": - return eq(a, b, loose); - case "!=": - return neq(a, b, loose); - case ">": - return gt(a, b, loose); - case ">=": - return gte4(a, b, loose); - case "<": - return lt(a, b, loose); - case "<=": - return lte(a, b, loose); - default: - throw new TypeError(`Invalid operator: ${op}`); - } - }; - module2.exports = cmp; - } -}); - -// node_modules/semver/functions/coerce.js -var require_coerce = __commonJS({ - "node_modules/semver/functions/coerce.js"(exports2, module2) { - "use strict"; - var SemVer = require_semver(); - var parse2 = require_parse2(); - var { safeRe: re, t } = require_re(); - var coerce2 = (version, options) => { - if (version instanceof SemVer) { - return version; - } - if (typeof version === "number") { - version = String(version); - } - if (typeof version !== "string") { - return null; - } - options = options || {}; - let match = null; - if (!options.rtl) { - match = version.match(options.includePrerelease ? re[t.COERCEFULL] : re[t.COERCE]); - } else { - const coerceRtlRegex = options.includePrerelease ? re[t.COERCERTLFULL] : re[t.COERCERTL]; - let next; - while ((next = coerceRtlRegex.exec(version)) && (!match || match.index + match[0].length !== version.length)) { - if (!match || next.index + next[0].length !== match.index + match[0].length) { - match = next; - } - coerceRtlRegex.lastIndex = next.index + next[1].length + next[2].length; - } - coerceRtlRegex.lastIndex = -1; - } - if (match === null) { - return null; + util.DataBuffer.prototype.fillWithByte = function(b, n) { + this.accommodate(n); + for (var i = 0; i < n; ++i) { + this.data.setUint8(b); } - const major = match[2]; - const minor = match[3] || "0"; - const patch = match[4] || "0"; - const prerelease = options.includePrerelease && match[5] ? `-${match[5]}` : ""; - const build = options.includePrerelease && match[6] ? `+${match[6]}` : ""; - return parse2(`${major}.${minor}.${patch}${prerelease}${build}`, options); + return this; }; - module2.exports = coerce2; - } -}); - -// node_modules/semver/internal/lrucache.js -var require_lrucache = __commonJS({ - "node_modules/semver/internal/lrucache.js"(exports2, module2) { - "use strict"; - var LRUCache = class { - constructor() { - this.max = 1e3; - this.map = /* @__PURE__ */ new Map(); - } - get(key) { - const value = this.map.get(key); - if (value === void 0) { - return void 0; - } else { - this.map.delete(key); - this.map.set(key, value); - return value; - } - } - delete(key) { - return this.map.delete(key); - } - set(key, value) { - const deleted = this.delete(key); - if (!deleted && value !== void 0) { - if (this.map.size >= this.max) { - const firstKey = this.map.keys().next().value; - this.delete(firstKey); - } - this.map.set(key, value); - } + util.DataBuffer.prototype.putBytes = function(bytes, encoding) { + if (util.isArrayBufferView(bytes)) { + var src = new Uint8Array(bytes.buffer, bytes.byteOffset, bytes.byteLength); + var len = src.byteLength - src.byteOffset; + this.accommodate(len); + var dst = new Uint8Array(this.data.buffer, this.write); + dst.set(src); + this.write += len; return this; } - }; - module2.exports = LRUCache; - } -}); - -// node_modules/semver/classes/range.js -var require_range = __commonJS({ - "node_modules/semver/classes/range.js"(exports2, module2) { - "use strict"; - var SPACE_CHARACTERS = /\s+/g; - var Range2 = class _Range { - constructor(range, options) { - options = parseOptions(options); - if (range instanceof _Range) { - if (range.loose === !!options.loose && range.includePrerelease === !!options.includePrerelease) { - return range; - } else { - return new _Range(range.raw, options); - } - } - if (range instanceof Comparator) { - this.raw = range.value; - this.set = [[range]]; - this.formatted = void 0; - return this; - } - this.options = options; - this.loose = !!options.loose; - this.includePrerelease = !!options.includePrerelease; - this.raw = range.trim().replace(SPACE_CHARACTERS, " "); - this.set = this.raw.split("||").map((r) => this.parseRange(r.trim())).filter((c) => c.length); - if (!this.set.length) { - throw new TypeError(`Invalid SemVer Range: ${this.raw}`); - } - if (this.set.length > 1) { - const first = this.set[0]; - this.set = this.set.filter((c) => !isNullSet(c[0])); - if (this.set.length === 0) { - this.set = [first]; - } else if (this.set.length > 1) { - for (const c of this.set) { - if (c.length === 1 && isAny(c[0])) { - this.set = [c]; - break; - } - } - } - } - this.formatted = void 0; - } - get range() { - if (this.formatted === void 0) { - this.formatted = ""; - for (let i = 0; i < this.set.length; i++) { - if (i > 0) { - this.formatted += "||"; - } - const comps = this.set[i]; - for (let k = 0; k < comps.length; k++) { - if (k > 0) { - this.formatted += " "; - } - this.formatted += comps[k].toString().trim(); - } - } - } - return this.formatted; + if (util.isArrayBuffer(bytes)) { + var src = new Uint8Array(bytes); + this.accommodate(src.byteLength); + var dst = new Uint8Array(this.data.buffer); + dst.set(src, this.write); + this.write += src.byteLength; + return this; } - format() { - return this.range; + if (bytes instanceof util.DataBuffer || typeof bytes === "object" && typeof bytes.read === "number" && typeof bytes.write === "number" && util.isArrayBufferView(bytes.data)) { + var src = new Uint8Array(bytes.data.byteLength, bytes.read, bytes.length()); + this.accommodate(src.byteLength); + var dst = new Uint8Array(bytes.data.byteLength, this.write); + dst.set(src); + this.write += src.byteLength; + return this; } - toString() { - return this.range; + if (bytes instanceof util.ByteStringBuffer) { + bytes = bytes.data; + encoding = "binary"; } - parseRange(range) { - const memoOpts = (this.options.includePrerelease && FLAG_INCLUDE_PRERELEASE) | (this.options.loose && FLAG_LOOSE); - const memoKey = memoOpts + ":" + range; - const cached = cache.get(memoKey); - if (cached) { - return cached; - } - const loose = this.options.loose; - const hr = loose ? re[t.HYPHENRANGELOOSE] : re[t.HYPHENRANGE]; - range = range.replace(hr, hyphenReplace(this.options.includePrerelease)); - debug5("hyphen replace", range); - range = range.replace(re[t.COMPARATORTRIM], comparatorTrimReplace); - debug5("comparator trim", range); - range = range.replace(re[t.TILDETRIM], tildeTrimReplace); - debug5("tilde trim", range); - range = range.replace(re[t.CARETTRIM], caretTrimReplace); - debug5("caret trim", range); - let rangeList = range.split(" ").map((comp) => parseComparator(comp, this.options)).join(" ").split(/\s+/).map((comp) => replaceGTE0(comp, this.options)); - if (loose) { - rangeList = rangeList.filter((comp) => { - debug5("loose invalid filter", comp, this.options); - return !!comp.match(re[t.COMPARATORLOOSE]); - }); - } - debug5("range list", rangeList); - const rangeMap = /* @__PURE__ */ new Map(); - const comparators = rangeList.map((comp) => new Comparator(comp, this.options)); - for (const comp of comparators) { - if (isNullSet(comp)) { - return [comp]; - } - rangeMap.set(comp.value, comp); - } - if (rangeMap.size > 1 && rangeMap.has("")) { - rangeMap.delete(""); + encoding = encoding || "binary"; + if (typeof bytes === "string") { + var view; + if (encoding === "hex") { + this.accommodate(Math.ceil(bytes.length / 2)); + view = new Uint8Array(this.data.buffer, this.write); + this.write += util.binary.hex.decode(bytes, view, this.write); + return this; } - const result = [...rangeMap.values()]; - cache.set(memoKey, result); - return result; - } - intersects(range, options) { - if (!(range instanceof _Range)) { - throw new TypeError("a Range is required"); + if (encoding === "base64") { + this.accommodate(Math.ceil(bytes.length / 4) * 3); + view = new Uint8Array(this.data.buffer, this.write); + this.write += util.binary.base64.decode(bytes, view, this.write); + return this; } - return this.set.some((thisComparators) => { - return isSatisfiable(thisComparators, options) && range.set.some((rangeComparators) => { - return isSatisfiable(rangeComparators, options) && thisComparators.every((thisComparator) => { - return rangeComparators.every((rangeComparator) => { - return thisComparator.intersects(rangeComparator, options); - }); - }); - }); - }); - } - // if ANY of the sets match ALL of its comparators, then pass - test(version) { - if (!version) { - return false; + if (encoding === "utf8") { + bytes = util.encodeUtf8(bytes); + encoding = "binary"; } - if (typeof version === "string") { - try { - version = new SemVer(version, this.options); - } catch (er) { - return false; - } + if (encoding === "binary" || encoding === "raw") { + this.accommodate(bytes.length); + view = new Uint8Array(this.data.buffer, this.write); + this.write += util.binary.raw.decode(view); + return this; } - for (let i = 0; i < this.set.length; i++) { - if (testSet(this.set[i], version, this.options)) { - return true; - } + if (encoding === "utf16") { + this.accommodate(bytes.length * 2); + view = new Uint16Array(this.data.buffer, this.write); + this.write += util.text.utf16.encode(view); + return this; } - return false; - } - }; - module2.exports = Range2; - var LRU = require_lrucache(); - var cache = new LRU(); - var parseOptions = require_parse_options(); - var Comparator = require_comparator(); - var debug5 = require_debug(); - var SemVer = require_semver(); - var { - safeRe: re, - t, - comparatorTrimReplace, - tildeTrimReplace, - caretTrimReplace - } = require_re(); - var { FLAG_INCLUDE_PRERELEASE, FLAG_LOOSE } = require_constants6(); - var isNullSet = (c) => c.value === "<0.0.0-0"; - var isAny = (c) => c.value === ""; - var isSatisfiable = (comparators, options) => { - let result = true; - const remainingComparators = comparators.slice(); - let testComparator = remainingComparators.pop(); - while (result && remainingComparators.length) { - result = remainingComparators.every((otherComparator) => { - return testComparator.intersects(otherComparator, options); - }); - testComparator = remainingComparators.pop(); + throw new Error("Invalid encoding: " + encoding); } - return result; + throw Error("Invalid parameter: " + bytes); }; - var parseComparator = (comp, options) => { - comp = comp.replace(re[t.BUILD], ""); - debug5("comp", comp, options); - comp = replaceCarets(comp, options); - debug5("caret", comp); - comp = replaceTildes(comp, options); - debug5("tildes", comp); - comp = replaceXRanges(comp, options); - debug5("xrange", comp); - comp = replaceStars(comp, options); - debug5("stars", comp); - return comp; + util.DataBuffer.prototype.putBuffer = function(buffer) { + this.putBytes(buffer); + buffer.clear(); + return this; }; - var isX = (id) => !id || id.toLowerCase() === "x" || id === "*"; - var replaceTildes = (comp, options) => { - return comp.trim().split(/\s+/).map((c) => replaceTilde(c, options)).join(" "); + util.DataBuffer.prototype.putString = function(str2) { + return this.putBytes(str2, "utf16"); }; - var replaceTilde = (comp, options) => { - const r = options.loose ? re[t.TILDELOOSE] : re[t.TILDE]; - return comp.replace(r, (_, M, m, p, pr) => { - debug5("tilde", comp, _, M, m, p, pr); - let ret; - if (isX(M)) { - ret = ""; - } else if (isX(m)) { - ret = `>=${M}.0.0 <${+M + 1}.0.0-0`; - } else if (isX(p)) { - ret = `>=${M}.${m}.0 <${M}.${+m + 1}.0-0`; - } else if (pr) { - debug5("replaceTilde pr", pr); - ret = `>=${M}.${m}.${p}-${pr} <${M}.${+m + 1}.0-0`; - } else { - ret = `>=${M}.${m}.${p} <${M}.${+m + 1}.0-0`; - } - debug5("tilde return", ret); - return ret; - }); + util.DataBuffer.prototype.putInt16 = function(i) { + this.accommodate(2); + this.data.setInt16(this.write, i); + this.write += 2; + return this; }; - var replaceCarets = (comp, options) => { - return comp.trim().split(/\s+/).map((c) => replaceCaret(c, options)).join(" "); + util.DataBuffer.prototype.putInt24 = function(i) { + this.accommodate(3); + this.data.setInt16(this.write, i >> 8 & 65535); + this.data.setInt8(this.write, i >> 16 & 255); + this.write += 3; + return this; }; - var replaceCaret = (comp, options) => { - debug5("caret", comp, options); - const r = options.loose ? re[t.CARETLOOSE] : re[t.CARET]; - const z = options.includePrerelease ? "-0" : ""; - return comp.replace(r, (_, M, m, p, pr) => { - debug5("caret", comp, _, M, m, p, pr); - let ret; - if (isX(M)) { - ret = ""; - } else if (isX(m)) { - ret = `>=${M}.0.0${z} <${+M + 1}.0.0-0`; - } else if (isX(p)) { - if (M === "0") { - ret = `>=${M}.${m}.0${z} <${M}.${+m + 1}.0-0`; - } else { - ret = `>=${M}.${m}.0${z} <${+M + 1}.0.0-0`; - } - } else if (pr) { - debug5("replaceCaret pr", pr); - if (M === "0") { - if (m === "0") { - ret = `>=${M}.${m}.${p}-${pr} <${M}.${m}.${+p + 1}-0`; - } else { - ret = `>=${M}.${m}.${p}-${pr} <${M}.${+m + 1}.0-0`; - } - } else { - ret = `>=${M}.${m}.${p}-${pr} <${+M + 1}.0.0-0`; - } - } else { - debug5("no pr"); - if (M === "0") { - if (m === "0") { - ret = `>=${M}.${m}.${p}${z} <${M}.${m}.${+p + 1}-0`; - } else { - ret = `>=${M}.${m}.${p}${z} <${M}.${+m + 1}.0-0`; - } - } else { - ret = `>=${M}.${m}.${p} <${+M + 1}.0.0-0`; - } - } - debug5("caret return", ret); - return ret; - }); + util.DataBuffer.prototype.putInt32 = function(i) { + this.accommodate(4); + this.data.setInt32(this.write, i); + this.write += 4; + return this; }; - var replaceXRanges = (comp, options) => { - debug5("replaceXRanges", comp, options); - return comp.split(/\s+/).map((c) => replaceXRange(c, options)).join(" "); + util.DataBuffer.prototype.putInt16Le = function(i) { + this.accommodate(2); + this.data.setInt16(this.write, i, true); + this.write += 2; + return this; }; - var replaceXRange = (comp, options) => { - comp = comp.trim(); - const r = options.loose ? re[t.XRANGELOOSE] : re[t.XRANGE]; - return comp.replace(r, (ret, gtlt, M, m, p, pr) => { - debug5("xRange", comp, ret, gtlt, M, m, p, pr); - const xM = isX(M); - const xm = xM || isX(m); - const xp = xm || isX(p); - const anyX = xp; - if (gtlt === "=" && anyX) { - gtlt = ""; - } - pr = options.includePrerelease ? "-0" : ""; - if (xM) { - if (gtlt === ">" || gtlt === "<") { - ret = "<0.0.0-0"; - } else { - ret = "*"; - } - } else if (gtlt && anyX) { - if (xm) { - m = 0; - } - p = 0; - if (gtlt === ">") { - gtlt = ">="; - if (xm) { - M = +M + 1; - m = 0; - p = 0; - } else { - m = +m + 1; - p = 0; - } - } else if (gtlt === "<=") { - gtlt = "<"; - if (xm) { - M = +M + 1; - } else { - m = +m + 1; - } - } - if (gtlt === "<") { - pr = "-0"; - } - ret = `${gtlt + M}.${m}.${p}${pr}`; - } else if (xm) { - ret = `>=${M}.0.0${pr} <${+M + 1}.0.0-0`; - } else if (xp) { - ret = `>=${M}.${m}.0${pr} <${M}.${+m + 1}.0-0`; - } - debug5("xRange return", ret); - return ret; - }); + util.DataBuffer.prototype.putInt24Le = function(i) { + this.accommodate(3); + this.data.setInt8(this.write, i >> 16 & 255); + this.data.setInt16(this.write, i >> 8 & 65535, true); + this.write += 3; + return this; }; - var replaceStars = (comp, options) => { - debug5("replaceStars", comp, options); - return comp.trim().replace(re[t.STAR], ""); + util.DataBuffer.prototype.putInt32Le = function(i) { + this.accommodate(4); + this.data.setInt32(this.write, i, true); + this.write += 4; + return this; }; - var replaceGTE0 = (comp, options) => { - debug5("replaceGTE0", comp, options); - return comp.trim().replace(re[options.includePrerelease ? t.GTE0PRE : t.GTE0], ""); + util.DataBuffer.prototype.putInt = function(i, n) { + _checkBitsParam(n); + this.accommodate(n / 8); + do { + n -= 8; + this.data.setInt8(this.write++, i >> n & 255); + } while (n > 0); + return this; }; - var hyphenReplace = (incPr) => ($0, from, fM, fm, fp, fpr, fb, to, tM, tm, tp, tpr) => { - if (isX(fM)) { - from = ""; - } else if (isX(fm)) { - from = `>=${fM}.0.0${incPr ? "-0" : ""}`; - } else if (isX(fp)) { - from = `>=${fM}.${fm}.0${incPr ? "-0" : ""}`; - } else if (fpr) { - from = `>=${from}`; - } else { - from = `>=${from}${incPr ? "-0" : ""}`; + util.DataBuffer.prototype.putSignedInt = function(i, n) { + _checkBitsParam(n); + this.accommodate(n / 8); + if (i < 0) { + i += 2 << n - 1; } - if (isX(tM)) { - to = ""; - } else if (isX(tm)) { - to = `<${+tM + 1}.0.0-0`; - } else if (isX(tp)) { - to = `<${tM}.${+tm + 1}.0-0`; - } else if (tpr) { - to = `<=${tM}.${tm}.${tp}-${tpr}`; - } else if (incPr) { - to = `<${tM}.${tm}.${+tp + 1}-0`; + return this.putInt(i, n); + }; + util.DataBuffer.prototype.getByte = function() { + return this.data.getInt8(this.read++); + }; + util.DataBuffer.prototype.getInt16 = function() { + var rval = this.data.getInt16(this.read); + this.read += 2; + return rval; + }; + util.DataBuffer.prototype.getInt24 = function() { + var rval = this.data.getInt16(this.read) << 8 ^ this.data.getInt8(this.read + 2); + this.read += 3; + return rval; + }; + util.DataBuffer.prototype.getInt32 = function() { + var rval = this.data.getInt32(this.read); + this.read += 4; + return rval; + }; + util.DataBuffer.prototype.getInt16Le = function() { + var rval = this.data.getInt16(this.read, true); + this.read += 2; + return rval; + }; + util.DataBuffer.prototype.getInt24Le = function() { + var rval = this.data.getInt8(this.read) ^ this.data.getInt16(this.read + 1, true) << 8; + this.read += 3; + return rval; + }; + util.DataBuffer.prototype.getInt32Le = function() { + var rval = this.data.getInt32(this.read, true); + this.read += 4; + return rval; + }; + util.DataBuffer.prototype.getInt = function(n) { + _checkBitsParam(n); + var rval = 0; + do { + rval = (rval << 8) + this.data.getInt8(this.read++); + n -= 8; + } while (n > 0); + return rval; + }; + util.DataBuffer.prototype.getSignedInt = function(n) { + var x = this.getInt(n); + var max = 2 << n - 2; + if (x >= max) { + x -= max << 1; + } + return x; + }; + util.DataBuffer.prototype.getBytes = function(count) { + var rval; + if (count) { + count = Math.min(this.length(), count); + rval = this.data.slice(this.read, this.read + count); + this.read += count; + } else if (count === 0) { + rval = ""; } else { - to = `<=${to}`; + rval = this.read === 0 ? this.data : this.data.slice(this.read); + this.clear(); } - return `${from} ${to}`.trim(); + return rval; }; - var testSet = (set2, version, options) => { - for (let i = 0; i < set2.length; i++) { - if (!set2[i].test(version)) { - return false; - } + util.DataBuffer.prototype.bytes = function(count) { + return typeof count === "undefined" ? this.data.slice(this.read) : this.data.slice(this.read, this.read + count); + }; + util.DataBuffer.prototype.at = function(i) { + return this.data.getUint8(this.read + i); + }; + util.DataBuffer.prototype.setAt = function(i, b) { + this.data.setUint8(i, b); + return this; + }; + util.DataBuffer.prototype.last = function() { + return this.data.getUint8(this.write - 1); + }; + util.DataBuffer.prototype.copy = function() { + return new util.DataBuffer(this); + }; + util.DataBuffer.prototype.compact = function() { + if (this.read > 0) { + var src = new Uint8Array(this.data.buffer, this.read); + var dst = new Uint8Array(src.byteLength); + dst.set(src); + this.data = new DataView(dst); + this.write -= this.read; + this.read = 0; } - if (version.prerelease.length && !options.includePrerelease) { - for (let i = 0; i < set2.length; i++) { - debug5(set2[i].semver); - if (set2[i].semver === Comparator.ANY) { - continue; - } - if (set2[i].semver.prerelease.length > 0) { - const allowed = set2[i].semver; - if (allowed.major === version.major && allowed.minor === version.minor && allowed.patch === version.patch) { - return true; - } - } + return this; + }; + util.DataBuffer.prototype.clear = function() { + this.data = new DataView(new ArrayBuffer(0)); + this.read = this.write = 0; + return this; + }; + util.DataBuffer.prototype.truncate = function(count) { + this.write = Math.max(0, this.length() - count); + this.read = Math.min(this.read, this.write); + return this; + }; + util.DataBuffer.prototype.toHex = function() { + var rval = ""; + for (var i = this.read; i < this.data.byteLength; ++i) { + var b = this.data.getUint8(i); + if (b < 16) { + rval += "0"; } - return false; + rval += b.toString(16); } - return true; + return rval; }; - } -}); - -// node_modules/semver/classes/comparator.js -var require_comparator = __commonJS({ - "node_modules/semver/classes/comparator.js"(exports2, module2) { - "use strict"; - var ANY = /* @__PURE__ */ Symbol("SemVer ANY"); - var Comparator = class _Comparator { - static get ANY() { - return ANY; + util.DataBuffer.prototype.toString = function(encoding) { + var view = new Uint8Array(this.data, this.read, this.length()); + encoding = encoding || "utf8"; + if (encoding === "binary" || encoding === "raw") { + return util.binary.raw.encode(view); } - constructor(comp, options) { - options = parseOptions(options); - if (comp instanceof _Comparator) { - if (comp.loose === !!options.loose) { - return comp; - } else { - comp = comp.value; - } - } - comp = comp.trim().split(/\s+/).join(" "); - debug5("comparator", comp, options); - this.options = options; - this.loose = !!options.loose; - this.parse(comp); - if (this.semver === ANY) { - this.value = ""; - } else { - this.value = this.operator + this.semver.version; - } - debug5("comp", this); + if (encoding === "hex") { + return util.binary.hex.encode(view); } - parse(comp) { - const r = this.options.loose ? re[t.COMPARATORLOOSE] : re[t.COMPARATOR]; - const m = comp.match(r); - if (!m) { - throw new TypeError(`Invalid comparator: ${comp}`); - } - this.operator = m[1] !== void 0 ? m[1] : ""; - if (this.operator === "=") { - this.operator = ""; - } - if (!m[2]) { - this.semver = ANY; - } else { - this.semver = new SemVer(m[2], this.options.loose); - } + if (encoding === "base64") { + return util.binary.base64.encode(view); } - toString() { - return this.value; + if (encoding === "utf8") { + return util.text.utf8.decode(view); } - test(version) { - debug5("Comparator.test", version, this.options.loose); - if (this.semver === ANY || version === ANY) { - return true; - } - if (typeof version === "string") { - try { - version = new SemVer(version, this.options); - } catch (er) { - return false; - } - } - return cmp(version, this.operator, this.semver, this.options); + if (encoding === "utf16") { + return util.text.utf16.decode(view); } - intersects(comp, options) { - if (!(comp instanceof _Comparator)) { - throw new TypeError("a Comparator is required"); - } - if (this.operator === "") { - if (this.value === "") { - return true; - } - return new Range2(comp.value, options).test(this.value); - } else if (comp.operator === "") { - if (comp.value === "") { - return true; - } - return new Range2(this.value, options).test(comp.semver); - } - options = parseOptions(options); - if (options.includePrerelease && (this.value === "<0.0.0-0" || comp.value === "<0.0.0-0")) { - return false; - } - if (!options.includePrerelease && (this.value.startsWith("<0.0.0") || comp.value.startsWith("<0.0.0"))) { - return false; - } - if (this.operator.startsWith(">") && comp.operator.startsWith(">")) { - return true; - } - if (this.operator.startsWith("<") && comp.operator.startsWith("<")) { - return true; - } - if (this.semver.version === comp.semver.version && this.operator.includes("=") && comp.operator.includes("=")) { - return true; - } - if (cmp(this.semver, "<", comp.semver, options) && this.operator.startsWith(">") && comp.operator.startsWith("<")) { - return true; + throw new Error("Invalid encoding: " + encoding); + }; + util.createBuffer = function(input, encoding) { + encoding = encoding || "raw"; + if (input !== void 0 && encoding === "utf8") { + input = util.encodeUtf8(input); + } + return new util.ByteBuffer(input); + }; + util.fillString = function(c, n) { + var s = ""; + while (n > 0) { + if (n & 1) { + s += c; } - if (cmp(this.semver, ">", comp.semver, options) && this.operator.startsWith("<") && comp.operator.startsWith(">")) { - return true; + n >>>= 1; + if (n > 0) { + c += c; } - return false; } + return s; }; - module2.exports = Comparator; - var parseOptions = require_parse_options(); - var { safeRe: re, t } = require_re(); - var cmp = require_cmp(); - var debug5 = require_debug(); - var SemVer = require_semver(); - var Range2 = require_range(); - } -}); - -// node_modules/semver/functions/satisfies.js -var require_satisfies = __commonJS({ - "node_modules/semver/functions/satisfies.js"(exports2, module2) { - "use strict"; - var Range2 = require_range(); - var satisfies2 = (version, range, options) => { - try { - range = new Range2(range, options); - } catch (er) { - return false; + util.xorBytes = function(s1, s2, n) { + var s3 = ""; + var b = ""; + var t = ""; + var i = 0; + var c = 0; + for (; n > 0; --n, ++i) { + b = s1.charCodeAt(i) ^ s2.charCodeAt(i); + if (c >= 10) { + s3 += t; + t = ""; + c = 0; + } + t += String.fromCharCode(b); + ++c; } - return range.test(version); + s3 += t; + return s3; }; - module2.exports = satisfies2; - } -}); - -// node_modules/semver/ranges/to-comparators.js -var require_to_comparators = __commonJS({ - "node_modules/semver/ranges/to-comparators.js"(exports2, module2) { - "use strict"; - var Range2 = require_range(); - var toComparators = (range, options) => new Range2(range, options).set.map((comp) => comp.map((c) => c.value).join(" ").trim().split(" ")); - module2.exports = toComparators; - } -}); - -// node_modules/semver/ranges/max-satisfying.js -var require_max_satisfying = __commonJS({ - "node_modules/semver/ranges/max-satisfying.js"(exports2, module2) { - "use strict"; - var SemVer = require_semver(); - var Range2 = require_range(); - var maxSatisfying = (versions, range, options) => { - let max = null; - let maxSV = null; - let rangeObj = null; - try { - rangeObj = new Range2(range, options); - } catch (er) { - return null; + util.hexToBytes = function(hex) { + var rval = ""; + var i = 0; + if (hex.length & true) { + i = 1; + rval += String.fromCharCode(parseInt(hex[0], 16)); } - versions.forEach((v) => { - if (rangeObj.test(v)) { - if (!max || maxSV.compare(v) === -1) { - max = v; - maxSV = new SemVer(max, options); - } - } - }); - return max; + for (; i < hex.length; i += 2) { + rval += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); + } + return rval; }; - module2.exports = maxSatisfying; - } -}); - -// node_modules/semver/ranges/min-satisfying.js -var require_min_satisfying = __commonJS({ - "node_modules/semver/ranges/min-satisfying.js"(exports2, module2) { - "use strict"; - var SemVer = require_semver(); - var Range2 = require_range(); - var minSatisfying = (versions, range, options) => { - let min = null; - let minSV = null; - let rangeObj = null; - try { - rangeObj = new Range2(range, options); - } catch (er) { - return null; - } - versions.forEach((v) => { - if (rangeObj.test(v)) { - if (!min || minSV.compare(v) === 1) { - min = v; - minSV = new SemVer(min, options); - } - } - }); - return min; + util.bytesToHex = function(bytes) { + return util.createBuffer(bytes).toHex(); }; - module2.exports = minSatisfying; - } -}); - -// node_modules/semver/ranges/min-version.js -var require_min_version = __commonJS({ - "node_modules/semver/ranges/min-version.js"(exports2, module2) { - "use strict"; - var SemVer = require_semver(); - var Range2 = require_range(); - var gt = require_gt(); - var minVersion = (range, loose) => { - range = new Range2(range, loose); - let minver = new SemVer("0.0.0"); - if (range.test(minver)) { - return minver; - } - minver = new SemVer("0.0.0-0"); - if (range.test(minver)) { - return minver; + util.int32ToBytes = function(i) { + return String.fromCharCode(i >> 24 & 255) + String.fromCharCode(i >> 16 & 255) + String.fromCharCode(i >> 8 & 255) + String.fromCharCode(i & 255); + }; + var _base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; + var _base64Idx = [ + /*43 -43 = 0*/ + /*'+', 1, 2, 3,'/' */ + 62, + -1, + -1, + -1, + 63, + /*'0','1','2','3','4','5','6','7','8','9' */ + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + /*15, 16, 17,'=', 19, 20, 21 */ + -1, + -1, + -1, + 64, + -1, + -1, + -1, + /*65 - 43 = 22*/ + /*'A','B','C','D','E','F','G','H','I','J','K','L','M', */ + 0, + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + /*'N','O','P','Q','R','S','T','U','V','W','X','Y','Z' */ + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + /*91 - 43 = 48 */ + /*48, 49, 50, 51, 52, 53 */ + -1, + -1, + -1, + -1, + -1, + -1, + /*97 - 43 = 54*/ + /*'a','b','c','d','e','f','g','h','i','j','k','l','m' */ + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + /*'n','o','p','q','r','s','t','u','v','w','x','y','z' */ + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51 + ]; + var _base58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"; + util.encode64 = function(input, maxline) { + var line = ""; + var output = ""; + var chr1, chr2, chr3; + var i = 0; + while (i < input.length) { + chr1 = input.charCodeAt(i++); + chr2 = input.charCodeAt(i++); + chr3 = input.charCodeAt(i++); + line += _base64.charAt(chr1 >> 2); + line += _base64.charAt((chr1 & 3) << 4 | chr2 >> 4); + if (isNaN(chr2)) { + line += "=="; + } else { + line += _base64.charAt((chr2 & 15) << 2 | chr3 >> 6); + line += isNaN(chr3) ? "=" : _base64.charAt(chr3 & 63); + } + if (maxline && line.length > maxline) { + output += line.substr(0, maxline) + "\r\n"; + line = line.substr(maxline); + } } - minver = null; - for (let i = 0; i < range.set.length; ++i) { - const comparators = range.set[i]; - let setMin = null; - comparators.forEach((comparator) => { - const compver = new SemVer(comparator.semver.version); - switch (comparator.operator) { - case ">": - if (compver.prerelease.length === 0) { - compver.patch++; - } else { - compver.prerelease.push(0); - } - compver.raw = compver.format(); - /* fallthrough */ - case "": - case ">=": - if (!setMin || gt(compver, setMin)) { - setMin = compver; - } - break; - case "<": - case "<=": - break; - /* istanbul ignore next */ - default: - throw new Error(`Unexpected operation: ${comparator.operator}`); + output += line; + return output; + }; + util.decode64 = function(input) { + input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ""); + var output = ""; + var enc1, enc2, enc3, enc4; + var i = 0; + while (i < input.length) { + enc1 = _base64Idx[input.charCodeAt(i++) - 43]; + enc2 = _base64Idx[input.charCodeAt(i++) - 43]; + enc3 = _base64Idx[input.charCodeAt(i++) - 43]; + enc4 = _base64Idx[input.charCodeAt(i++) - 43]; + output += String.fromCharCode(enc1 << 2 | enc2 >> 4); + if (enc3 !== 64) { + output += String.fromCharCode((enc2 & 15) << 4 | enc3 >> 2); + if (enc4 !== 64) { + output += String.fromCharCode((enc3 & 3) << 6 | enc4); } - }); - if (setMin && (!minver || gt(minver, setMin))) { - minver = setMin; } } - if (minver && range.test(minver)) { - return minver; + return output; + }; + util.encodeUtf8 = function(str2) { + return unescape(encodeURIComponent(str2)); + }; + util.decodeUtf8 = function(str2) { + return decodeURIComponent(escape(str2)); + }; + util.binary = { + raw: {}, + hex: {}, + base64: {}, + base58: {}, + baseN: { + encode: baseN.encode, + decode: baseN.decode } - return null; }; - module2.exports = minVersion; - } -}); - -// node_modules/semver/ranges/valid.js -var require_valid2 = __commonJS({ - "node_modules/semver/ranges/valid.js"(exports2, module2) { - "use strict"; - var Range2 = require_range(); - var validRange = (range, options) => { - try { - return new Range2(range, options).range || "*"; - } catch (er) { - return null; + util.binary.raw.encode = function(bytes) { + return String.fromCharCode.apply(null, bytes); + }; + util.binary.raw.decode = function(str2, output, offset) { + var out = output; + if (!out) { + out = new Uint8Array(str2.length); + } + offset = offset || 0; + var j = offset; + for (var i = 0; i < str2.length; ++i) { + out[j++] = str2.charCodeAt(i); } + return output ? j - offset : out; }; - module2.exports = validRange; - } -}); - -// node_modules/semver/ranges/outside.js -var require_outside = __commonJS({ - "node_modules/semver/ranges/outside.js"(exports2, module2) { - "use strict"; - var SemVer = require_semver(); - var Comparator = require_comparator(); - var { ANY } = Comparator; - var Range2 = require_range(); - var satisfies2 = require_satisfies(); - var gt = require_gt(); - var lt = require_lt(); - var lte = require_lte(); - var gte4 = require_gte(); - var outside = (version, range, hilo, options) => { - version = new SemVer(version, options); - range = new Range2(range, options); - let gtfn, ltefn, ltfn, comp, ecomp; - switch (hilo) { - case ">": - gtfn = gt; - ltefn = lte; - ltfn = lt; - comp = ">"; - ecomp = ">="; - break; - case "<": - gtfn = lt; - ltefn = gte4; - ltfn = gt; - comp = "<"; - ecomp = "<="; - break; - default: - throw new TypeError('Must provide a hilo val of "<" or ">"'); + util.binary.hex.encode = util.bytesToHex; + util.binary.hex.decode = function(hex, output, offset) { + var out = output; + if (!out) { + out = new Uint8Array(Math.ceil(hex.length / 2)); } - if (satisfies2(version, range, options)) { - return false; + offset = offset || 0; + var i = 0, j = offset; + if (hex.length & 1) { + i = 1; + out[j++] = parseInt(hex[0], 16); } - for (let i = 0; i < range.set.length; ++i) { - const comparators = range.set[i]; - let high = null; - let low = null; - comparators.forEach((comparator) => { - if (comparator.semver === ANY) { - comparator = new Comparator(">=0.0.0"); - } - high = high || comparator; - low = low || comparator; - if (gtfn(comparator.semver, high.semver, options)) { - high = comparator; - } else if (ltfn(comparator.semver, low.semver, options)) { - low = comparator; - } - }); - if (high.operator === comp || high.operator === ecomp) { - return false; - } - if ((!low.operator || low.operator === comp) && ltefn(version, low.semver)) { - return false; - } else if (low.operator === ecomp && ltfn(version, low.semver)) { - return false; - } + for (; i < hex.length; i += 2) { + out[j++] = parseInt(hex.substr(i, 2), 16); } - return true; - }; - module2.exports = outside; - } -}); - -// node_modules/semver/ranges/gtr.js -var require_gtr = __commonJS({ - "node_modules/semver/ranges/gtr.js"(exports2, module2) { - "use strict"; - var outside = require_outside(); - var gtr = (version, range, options) => outside(version, range, ">", options); - module2.exports = gtr; - } -}); - -// node_modules/semver/ranges/ltr.js -var require_ltr = __commonJS({ - "node_modules/semver/ranges/ltr.js"(exports2, module2) { - "use strict"; - var outside = require_outside(); - var ltr = (version, range, options) => outside(version, range, "<", options); - module2.exports = ltr; - } -}); - -// node_modules/semver/ranges/intersects.js -var require_intersects = __commonJS({ - "node_modules/semver/ranges/intersects.js"(exports2, module2) { - "use strict"; - var Range2 = require_range(); - var intersects = (r1, r2, options) => { - r1 = new Range2(r1, options); - r2 = new Range2(r2, options); - return r1.intersects(r2, options); + return output ? j - offset : out; }; - module2.exports = intersects; - } -}); - -// node_modules/semver/ranges/simplify.js -var require_simplify = __commonJS({ - "node_modules/semver/ranges/simplify.js"(exports2, module2) { - "use strict"; - var satisfies2 = require_satisfies(); - var compare = require_compare(); - module2.exports = (versions, range, options) => { - const set2 = []; - let first = null; - let prev = null; - const v = versions.sort((a, b) => compare(a, b, options)); - for (const version of v) { - const included = satisfies2(version, range, options); - if (included) { - prev = version; - if (!first) { - first = version; - } + util.binary.base64.encode = function(input, maxline) { + var line = ""; + var output = ""; + var chr1, chr2, chr3; + var i = 0; + while (i < input.byteLength) { + chr1 = input[i++]; + chr2 = input[i++]; + chr3 = input[i++]; + line += _base64.charAt(chr1 >> 2); + line += _base64.charAt((chr1 & 3) << 4 | chr2 >> 4); + if (isNaN(chr2)) { + line += "=="; } else { - if (prev) { - set2.push([first, prev]); - } - prev = null; - first = null; + line += _base64.charAt((chr2 & 15) << 2 | chr3 >> 6); + line += isNaN(chr3) ? "=" : _base64.charAt(chr3 & 63); } - } - if (first) { - set2.push([first, null]); - } - const ranges = []; - for (const [min, max] of set2) { - if (min === max) { - ranges.push(min); - } else if (!max && min === v[0]) { - ranges.push("*"); - } else if (!max) { - ranges.push(`>=${min}`); - } else if (min === v[0]) { - ranges.push(`<=${max}`); - } else { - ranges.push(`${min} - ${max}`); + if (maxline && line.length > maxline) { + output += line.substr(0, maxline) + "\r\n"; + line = line.substr(maxline); } } - const simplified = ranges.join(" || "); - const original = typeof range.raw === "string" ? range.raw : String(range); - return simplified.length < original.length ? simplified : range; + output += line; + return output; }; - } -}); - -// node_modules/semver/ranges/subset.js -var require_subset = __commonJS({ - "node_modules/semver/ranges/subset.js"(exports2, module2) { - "use strict"; - var Range2 = require_range(); - var Comparator = require_comparator(); - var { ANY } = Comparator; - var satisfies2 = require_satisfies(); - var compare = require_compare(); - var subset = (sub, dom, options = {}) => { - if (sub === dom) { - return true; + util.binary.base64.decode = function(input, output, offset) { + var out = output; + if (!out) { + out = new Uint8Array(Math.ceil(input.length / 4) * 3); } - sub = new Range2(sub, options); - dom = new Range2(dom, options); - let sawNonNull = false; - OUTER: for (const simpleSub of sub.set) { - for (const simpleDom of dom.set) { - const isSub = simpleSubset(simpleSub, simpleDom, options); - sawNonNull = sawNonNull || isSub !== null; - if (isSub) { - continue OUTER; + input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ""); + offset = offset || 0; + var enc1, enc2, enc3, enc4; + var i = 0, j = offset; + while (i < input.length) { + enc1 = _base64Idx[input.charCodeAt(i++) - 43]; + enc2 = _base64Idx[input.charCodeAt(i++) - 43]; + enc3 = _base64Idx[input.charCodeAt(i++) - 43]; + enc4 = _base64Idx[input.charCodeAt(i++) - 43]; + out[j++] = enc1 << 2 | enc2 >> 4; + if (enc3 !== 64) { + out[j++] = (enc2 & 15) << 4 | enc3 >> 2; + if (enc4 !== 64) { + out[j++] = (enc3 & 3) << 6 | enc4; } } - if (sawNonNull) { - return false; - } } - return true; + return output ? j - offset : out.subarray(0, j); }; - var minimumVersionWithPreRelease = [new Comparator(">=0.0.0-0")]; - var minimumVersion = [new Comparator(">=0.0.0")]; - var simpleSubset = (sub, dom, options) => { - if (sub === dom) { - return true; + util.binary.base58.encode = function(input, maxline) { + return util.binary.baseN.encode(input, _base58, maxline); + }; + util.binary.base58.decode = function(input, maxline) { + return util.binary.baseN.decode(input, _base58, maxline); + }; + util.text = { + utf8: {}, + utf16: {} + }; + util.text.utf8.encode = function(str2, output, offset) { + str2 = util.encodeUtf8(str2); + var out = output; + if (!out) { + out = new Uint8Array(str2.length); } - if (sub.length === 1 && sub[0].semver === ANY) { - if (dom.length === 1 && dom[0].semver === ANY) { - return true; - } else if (options.includePrerelease) { - sub = minimumVersionWithPreRelease; - } else { - sub = minimumVersion; - } + offset = offset || 0; + var j = offset; + for (var i = 0; i < str2.length; ++i) { + out[j++] = str2.charCodeAt(i); } - if (dom.length === 1 && dom[0].semver === ANY) { - if (options.includePrerelease) { - return true; - } else { - dom = minimumVersion; + return output ? j - offset : out; + }; + util.text.utf8.decode = function(bytes) { + return util.decodeUtf8(String.fromCharCode.apply(null, bytes)); + }; + util.text.utf16.encode = function(str2, output, offset) { + var out = output; + if (!out) { + out = new Uint8Array(str2.length * 2); + } + var view = new Uint16Array(out.buffer); + offset = offset || 0; + var j = offset; + var k = offset; + for (var i = 0; i < str2.length; ++i) { + view[k++] = str2.charCodeAt(i); + j += 2; + } + return output ? j - offset : out; + }; + util.text.utf16.decode = function(bytes) { + return String.fromCharCode.apply(null, new Uint16Array(bytes.buffer)); + }; + util.deflate = function(api, bytes, raw) { + bytes = util.decode64(api.deflate(util.encode64(bytes)).rval); + if (raw) { + var start = 2; + var flg = bytes.charCodeAt(1); + if (flg & 32) { + start = 6; } + bytes = bytes.substring(start, bytes.length - 4); } - const eqSet = /* @__PURE__ */ new Set(); - let gt, lt; - for (const c of sub) { - if (c.operator === ">" || c.operator === ">=") { - gt = higherGT(gt, c, options); - } else if (c.operator === "<" || c.operator === "<=") { - lt = lowerLT(lt, c, options); + return bytes; + }; + util.inflate = function(api, bytes, raw) { + var rval = api.inflate(util.encode64(bytes)).rval; + return rval === null ? null : util.decode64(rval); + }; + var _setStorageObject = function(api, id, obj) { + if (!api) { + throw new Error("WebStorage not available."); + } + var rval; + if (obj === null) { + rval = api.removeItem(id); + } else { + obj = util.encode64(JSON.stringify(obj)); + rval = api.setItem(id, obj); + } + if (typeof rval !== "undefined" && rval.rval !== true) { + var error3 = new Error(rval.error.message); + error3.id = rval.error.id; + error3.name = rval.error.name; + throw error3; + } + }; + var _getStorageObject = function(api, id) { + if (!api) { + throw new Error("WebStorage not available."); + } + var rval = api.getItem(id); + if (api.init) { + if (rval.rval === null) { + if (rval.error) { + var error3 = new Error(rval.error.message); + error3.id = rval.error.id; + error3.name = rval.error.name; + throw error3; + } + rval = null; } else { - eqSet.add(c.semver); + rval = rval.rval; } } - if (eqSet.size > 1) { - return null; + if (rval !== null) { + rval = JSON.parse(util.decode64(rval)); } - let gtltComp; - if (gt && lt) { - gtltComp = compare(gt.semver, lt.semver, options); - if (gtltComp > 0) { - return null; - } else if (gtltComp === 0 && (gt.operator !== ">=" || lt.operator !== "<=")) { - return null; - } + return rval; + }; + var _setItem = function(api, id, key, data) { + var obj = _getStorageObject(api, id); + if (obj === null) { + obj = {}; } - for (const eq of eqSet) { - if (gt && !satisfies2(eq, String(gt), options)) { - return null; - } - if (lt && !satisfies2(eq, String(lt), options)) { - return null; + obj[key] = data; + _setStorageObject(api, id, obj); + }; + var _getItem = function(api, id, key) { + var rval = _getStorageObject(api, id); + if (rval !== null) { + rval = key in rval ? rval[key] : null; + } + return rval; + }; + var _removeItem = function(api, id, key) { + var obj = _getStorageObject(api, id); + if (obj !== null && key in obj) { + delete obj[key]; + var empty = true; + for (var prop in obj) { + empty = false; + break; } - for (const c of dom) { - if (!satisfies2(eq, String(c), options)) { - return false; - } + if (empty) { + obj = null; } - return true; + _setStorageObject(api, id, obj); } - let higher, lower; - let hasDomLT, hasDomGT; - let needDomLTPre = lt && !options.includePrerelease && lt.semver.prerelease.length ? lt.semver : false; - let needDomGTPre = gt && !options.includePrerelease && gt.semver.prerelease.length ? gt.semver : false; - if (needDomLTPre && needDomLTPre.prerelease.length === 1 && lt.operator === "<" && needDomLTPre.prerelease[0] === 0) { - needDomLTPre = false; + }; + var _clearItems = function(api, id) { + _setStorageObject(api, id, null); + }; + var _callStorageFunction = function(func, args, location) { + var rval = null; + if (typeof location === "undefined") { + location = ["web", "flash"]; } - for (const c of dom) { - hasDomGT = hasDomGT || c.operator === ">" || c.operator === ">="; - hasDomLT = hasDomLT || c.operator === "<" || c.operator === "<="; - if (gt) { - if (needDomGTPre) { - if (c.semver.prerelease && c.semver.prerelease.length && c.semver.major === needDomGTPre.major && c.semver.minor === needDomGTPre.minor && c.semver.patch === needDomGTPre.patch) { - needDomGTPre = false; - } - } - if (c.operator === ">" || c.operator === ">=") { - higher = higherGT(gt, c, options); - if (higher === c && higher !== gt) { - return false; - } - } else if (gt.operator === ">=" && !satisfies2(gt.semver, String(c), options)) { - return false; - } - } - if (lt) { - if (needDomLTPre) { - if (c.semver.prerelease && c.semver.prerelease.length && c.semver.major === needDomLTPre.major && c.semver.minor === needDomLTPre.minor && c.semver.patch === needDomLTPre.patch) { - needDomLTPre = false; + var type2; + var done = false; + var exception2 = null; + for (var idx in location) { + type2 = location[idx]; + try { + if (type2 === "flash" || type2 === "both") { + if (args[0] === null) { + throw new Error("Flash local storage not available."); } + rval = func.apply(this, args); + done = type2 === "flash"; } - if (c.operator === "<" || c.operator === "<=") { - lower = lowerLT(lt, c, options); - if (lower === c && lower !== lt) { - return false; - } - } else if (lt.operator === "<=" && !satisfies2(lt.semver, String(c), options)) { - return false; + if (type2 === "web" || type2 === "both") { + args[0] = localStorage; + rval = func.apply(this, args); + done = true; } + } catch (ex) { + exception2 = ex; } - if (!c.operator && (lt || gt) && gtltComp !== 0) { - return false; + if (done) { + break; } } - if (gt && hasDomLT && !lt && gtltComp !== 0) { - return false; - } - if (lt && hasDomGT && !gt && gtltComp !== 0) { - return false; + if (!done) { + throw exception2; } - if (needDomGTPre || needDomLTPre) { - return false; + return rval; + }; + util.setItem = function(api, id, key, data, location) { + _callStorageFunction(_setItem, arguments, location); + }; + util.getItem = function(api, id, key, location) { + return _callStorageFunction(_getItem, arguments, location); + }; + util.removeItem = function(api, id, key, location) { + _callStorageFunction(_removeItem, arguments, location); + }; + util.clearItems = function(api, id, location) { + _callStorageFunction(_clearItems, arguments, location); + }; + util.isEmpty = function(obj) { + for (var prop in obj) { + if (obj.hasOwnProperty(prop)) { + return false; + } } return true; }; - var higherGT = (a, b, options) => { - if (!a) { - return b; + util.format = function(format) { + var re = /%./g; + var match; + var part; + var argi = 0; + var parts = []; + var last = 0; + while (match = re.exec(format)) { + part = format.substring(last, re.lastIndex - 2); + if (part.length > 0) { + parts.push(part); + } + last = re.lastIndex; + var code = match[0][1]; + switch (code) { + case "s": + case "o": + if (argi < arguments.length) { + parts.push(arguments[argi++ + 1]); + } else { + parts.push(""); + } + break; + // FIXME: do proper formatting for numbers, etc + //case 'f': + //case 'd': + case "%": + parts.push("%"); + break; + default: + parts.push("<%" + code + "?>"); + } } - const comp = compare(a.semver, b.semver, options); - return comp > 0 ? a : comp < 0 ? b : b.operator === ">" && a.operator === ">=" ? b : a; + parts.push(format.substring(last)); + return parts.join(""); }; - var lowerLT = (a, b, options) => { - if (!a) { - return b; + util.formatNumber = function(number, decimals, dec_point, thousands_sep) { + var n = number, c = isNaN(decimals = Math.abs(decimals)) ? 2 : decimals; + var d = dec_point === void 0 ? "," : dec_point; + var t = thousands_sep === void 0 ? "." : thousands_sep, s = n < 0 ? "-" : ""; + var i = parseInt(n = Math.abs(+n || 0).toFixed(c), 10) + ""; + var j = i.length > 3 ? i.length % 3 : 0; + return s + (j ? i.substr(0, j) + t : "") + i.substr(j).replace(/(\d{3})(?=\d)/g, "$1" + t) + (c ? d + Math.abs(n - i).toFixed(c).slice(2) : ""); + }; + util.formatSize = function(size) { + if (size >= 1073741824) { + size = util.formatNumber(size / 1073741824, 2, ".", "") + " GiB"; + } else if (size >= 1048576) { + size = util.formatNumber(size / 1048576, 2, ".", "") + " MiB"; + } else if (size >= 1024) { + size = util.formatNumber(size / 1024, 0) + " KiB"; + } else { + size = util.formatNumber(size, 0) + " bytes"; } - const comp = compare(a.semver, b.semver, options); - return comp < 0 ? a : comp > 0 ? b : b.operator === "<" && a.operator === "<=" ? b : a; + return size; }; - module2.exports = subset; - } -}); - -// node_modules/semver/index.js -var require_semver2 = __commonJS({ - "node_modules/semver/index.js"(exports2, module2) { - "use strict"; - var internalRe = require_re(); - var constants = require_constants6(); - var SemVer = require_semver(); - var identifiers = require_identifiers(); - var parse2 = require_parse2(); - var valid2 = require_valid(); - var clean = require_clean(); - var inc = require_inc(); - var diff = require_diff(); - var major = require_major(); - var minor = require_minor(); - var patch = require_patch(); - var prerelease = require_prerelease(); - var compare = require_compare(); - var rcompare = require_rcompare(); - var compareLoose = require_compare_loose(); - var compareBuild = require_compare_build(); - var sort = require_sort(); - var rsort = require_rsort(); - var gt = require_gt(); - var lt = require_lt(); - var eq = require_eq(); - var neq = require_neq(); - var gte4 = require_gte(); - var lte = require_lte(); - var cmp = require_cmp(); - var coerce2 = require_coerce(); - var Comparator = require_comparator(); - var Range2 = require_range(); - var satisfies2 = require_satisfies(); - var toComparators = require_to_comparators(); - var maxSatisfying = require_max_satisfying(); - var minSatisfying = require_min_satisfying(); - var minVersion = require_min_version(); - var validRange = require_valid2(); - var outside = require_outside(); - var gtr = require_gtr(); - var ltr = require_ltr(); - var intersects = require_intersects(); - var simplifyRange = require_simplify(); - var subset = require_subset(); - module2.exports = { - parse: parse2, - valid: valid2, - clean, - inc, - diff, - major, - minor, - patch, - prerelease, - compare, - rcompare, - compareLoose, - compareBuild, - sort, - rsort, - gt, - lt, - eq, - neq, - gte: gte4, - lte, - cmp, - coerce: coerce2, - Comparator, - Range: Range2, - satisfies: satisfies2, - toComparators, - maxSatisfying, - minSatisfying, - minVersion, - validRange, - outside, - gtr, - ltr, - intersects, - simplifyRange, - subset, - SemVer, - re: internalRe.re, - src: internalRe.src, - tokens: internalRe.t, - SEMVER_SPEC_VERSION: constants.SEMVER_SPEC_VERSION, - RELEASE_TYPES: constants.RELEASE_TYPES, - compareIdentifiers: identifiers.compareIdentifiers, - rcompareIdentifiers: identifiers.rcompareIdentifiers + util.bytesFromIP = function(ip) { + if (ip.indexOf(".") !== -1) { + return util.bytesFromIPv4(ip); + } + if (ip.indexOf(":") !== -1) { + return util.bytesFromIPv6(ip); + } + return null; }; - } -}); - -// node_modules/@actions/tool-cache/lib/manifest.js -var require_manifest = __commonJS({ - "node_modules/@actions/tool-cache/lib/manifest.js"(exports2, module2) { - "use strict"; - var __createBinding2 = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) { - if (k2 === void 0) k2 = k; - var desc = Object.getOwnPropertyDescriptor(m, k); - if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { - desc = { enumerable: true, get: function() { - return m[k]; - } }; + util.bytesFromIPv4 = function(ip) { + ip = ip.split("."); + if (ip.length !== 4) { + return null; } - Object.defineProperty(o, k2, desc); - }) : (function(o, m, k, k2) { - if (k2 === void 0) k2 = k; - o[k2] = m[k]; - })); - var __setModuleDefault2 = exports2 && exports2.__setModuleDefault || (Object.create ? (function(o, v) { - Object.defineProperty(o, "default", { enumerable: true, value: v }); - }) : function(o, v) { - o["default"] = v; - }); - var __importStar2 = exports2 && exports2.__importStar || /* @__PURE__ */ (function() { - var ownKeys2 = function(o) { - ownKeys2 = Object.getOwnPropertyNames || function(o2) { - var ar = []; - for (var k in o2) if (Object.prototype.hasOwnProperty.call(o2, k)) ar[ar.length] = k; - return ar; - }; - return ownKeys2(o); - }; - return function(mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) { - for (var k = ownKeys2(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding2(result, mod, k[i]); + var b = util.createBuffer(); + for (var i = 0; i < ip.length; ++i) { + var num = parseInt(ip[i], 10); + if (isNaN(num)) { + return null; } - __setModuleDefault2(result, mod); - return result; - }; - })(); - var __awaiter2 = exports2 && exports2.__awaiter || function(thisArg, _arguments, P, generator) { - function adopt(value) { - return value instanceof P ? value : new P(function(resolve2) { - resolve2(value); - }); + b.putByte(num); } - return new (P || (P = Promise))(function(resolve2, reject) { - function fulfilled(value) { - try { - step(generator.next(value)); - } catch (e) { - reject(e); - } - } - function rejected(value) { - try { - step(generator["throw"](value)); - } catch (e) { - reject(e); - } + return b.getBytes(); + }; + util.bytesFromIPv6 = function(ip) { + var blanks = 0; + ip = ip.split(":").filter(function(e) { + if (e.length === 0) ++blanks; + return true; + }); + var zeros = (8 - ip.length + blanks) * 2; + var b = util.createBuffer(); + for (var i = 0; i < 8; ++i) { + if (!ip[i] || ip[i].length === 0) { + b.fillWithByte(0, zeros); + zeros = 0; + continue; } - function step(result) { - result.done ? resolve2(result.value) : adopt(result.value).then(fulfilled, rejected); + var bytes = util.hexToBytes(ip[i]); + if (bytes.length < 2) { + b.putByte(0); } - step((generator = generator.apply(thisArg, _arguments || [])).next()); - }); + b.putBytes(bytes); + } + return b.getBytes(); }; - Object.defineProperty(exports2, "__esModule", { value: true }); - exports2._findMatch = _findMatch; - exports2._getOsVersion = _getOsVersion; - exports2._readLinuxVersionFile = _readLinuxVersionFile; - var semver6 = __importStar2(require_semver2()); - var core_1 = require_core(); - var os2 = require("os"); - var cp = require("child_process"); - var fs = require("fs"); - function _findMatch(versionSpec, stable, candidates, archFilter) { - return __awaiter2(this, void 0, void 0, function* () { - const platFilter = os2.platform(); - let result; - let match; - let file; - for (const candidate of candidates) { - const version = candidate.version; - (0, core_1.debug)(`check ${version} satisfies ${versionSpec}`); - if (semver6.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) { - file = candidate.files.find((item) => { - (0, core_1.debug)(`${item.arch}===${archFilter} && ${item.platform}===${platFilter}`); - let chk = item.arch === archFilter && item.platform === platFilter; - if (chk && item.platform_version) { - const osVersion = module2.exports._getOsVersion(); - if (osVersion === item.platform_version) { - chk = true; - } else { - chk = semver6.satisfies(osVersion, item.platform_version); - } - } - return chk; - }); - if (file) { - (0, core_1.debug)(`matched ${candidate.version}`); - match = candidate; - break; + util.bytesToIP = function(bytes) { + if (bytes.length === 4) { + return util.bytesToIPv4(bytes); + } + if (bytes.length === 16) { + return util.bytesToIPv6(bytes); + } + return null; + }; + util.bytesToIPv4 = function(bytes) { + if (bytes.length !== 4) { + return null; + } + var ip = []; + for (var i = 0; i < bytes.length; ++i) { + ip.push(bytes.charCodeAt(i)); + } + return ip.join("."); + }; + util.bytesToIPv6 = function(bytes) { + if (bytes.length !== 16) { + return null; + } + var ip = []; + var zeroGroups = []; + var zeroMaxGroup = 0; + for (var i = 0; i < bytes.length; i += 2) { + var hex = util.bytesToHex(bytes[i] + bytes[i + 1]); + while (hex[0] === "0" && hex !== "0") { + hex = hex.substr(1); + } + if (hex === "0") { + var last = zeroGroups[zeroGroups.length - 1]; + var idx = ip.length; + if (!last || idx !== last.end + 1) { + zeroGroups.push({ start: idx, end: idx }); + } else { + last.end = idx; + if (last.end - last.start > zeroGroups[zeroMaxGroup].end - zeroGroups[zeroMaxGroup].start) { + zeroMaxGroup = zeroGroups.length - 1; } } } - if (match && file) { - result = Object.assign({}, match); - result.files = [file]; - } - return result; - }); - } - function _getOsVersion() { - const plat = os2.platform(); - let version = ""; - if (plat === "darwin") { - version = cp.execSync("sw_vers -productVersion").toString(); - } else if (plat === "linux") { - const lsbContents = module2.exports._readLinuxVersionFile(); - if (lsbContents) { - const lines = lsbContents.split("\n"); - for (const line of lines) { - const parts = line.split("="); - if (parts.length === 2 && (parts[0].trim() === "VERSION_ID" || parts[0].trim() === "DISTRIB_RELEASE")) { - version = parts[1].trim().replace(/^"/, "").replace(/"$/, ""); - break; - } + ip.push(hex); + } + if (zeroGroups.length > 0) { + var group = zeroGroups[zeroMaxGroup]; + if (group.end - group.start > 0) { + ip.splice(group.start, group.end - group.start + 1, ""); + if (group.start === 0) { + ip.unshift(""); + } + if (group.end === 7) { + ip.push(""); } } } - return version; - } - function _readLinuxVersionFile() { - const lsbReleaseFile = "/etc/lsb-release"; - const osReleaseFile = "/etc/os-release"; - let contents = ""; - if (fs.existsSync(lsbReleaseFile)) { - contents = fs.readFileSync(lsbReleaseFile).toString(); - } else if (fs.existsSync(osReleaseFile)) { - contents = fs.readFileSync(osReleaseFile).toString(); + return ip.join(":"); + }; + util.estimateCores = function(options, callback) { + if (typeof options === "function") { + callback = options; + options = {}; } - return contents; - } - } -}); - -// node_modules/@actions/tool-cache/lib/retry-helper.js -var require_retry_helper = __commonJS({ - "node_modules/@actions/tool-cache/lib/retry-helper.js"(exports2) { - "use strict"; - var __createBinding2 = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) { - if (k2 === void 0) k2 = k; - var desc = Object.getOwnPropertyDescriptor(m, k); - if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { - desc = { enumerable: true, get: function() { - return m[k]; - } }; + options = options || {}; + if ("cores" in util && !options.update) { + return callback(null, util.cores); } - Object.defineProperty(o, k2, desc); - }) : (function(o, m, k, k2) { - if (k2 === void 0) k2 = k; - o[k2] = m[k]; - })); - var __setModuleDefault2 = exports2 && exports2.__setModuleDefault || (Object.create ? (function(o, v) { - Object.defineProperty(o, "default", { enumerable: true, value: v }); - }) : function(o, v) { - o["default"] = v; - }); - var __importStar2 = exports2 && exports2.__importStar || /* @__PURE__ */ (function() { - var ownKeys2 = function(o) { - ownKeys2 = Object.getOwnPropertyNames || function(o2) { - var ar = []; - for (var k in o2) if (Object.prototype.hasOwnProperty.call(o2, k)) ar[ar.length] = k; - return ar; - }; - return ownKeys2(o); - }; - return function(mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) { - for (var k = ownKeys2(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding2(result, mod, k[i]); + if (typeof navigator !== "undefined" && "hardwareConcurrency" in navigator && navigator.hardwareConcurrency > 0) { + util.cores = navigator.hardwareConcurrency; + return callback(null, util.cores); + } + if (typeof Worker === "undefined") { + util.cores = 1; + return callback(null, util.cores); + } + if (typeof Blob === "undefined") { + util.cores = 2; + return callback(null, util.cores); + } + var blobUrl = URL.createObjectURL(new Blob([ + "(", + function() { + self.addEventListener("message", function(e) { + var st = Date.now(); + var et = st + 4; + while (Date.now() < et) ; + self.postMessage({ st, et }); + }); + }.toString(), + ")()" + ], { type: "application/javascript" })); + sample([], 5, 16); + function sample(max, samples, numWorkers) { + if (samples === 0) { + var avg = Math.floor(max.reduce(function(avg2, x) { + return avg2 + x; + }, 0) / max.length); + util.cores = Math.max(1, avg); + URL.revokeObjectURL(blobUrl); + return callback(null, util.cores); } - __setModuleDefault2(result, mod); - return result; - }; - })(); - var __awaiter2 = exports2 && exports2.__awaiter || function(thisArg, _arguments, P, generator) { - function adopt(value) { - return value instanceof P ? value : new P(function(resolve2) { - resolve2(value); + map2(numWorkers, function(err, results) { + max.push(reduce(numWorkers, results)); + sample(max, samples - 1, numWorkers); }); } - return new (P || (P = Promise))(function(resolve2, reject) { - function fulfilled(value) { - try { - step(generator.next(value)); - } catch (e) { - reject(e); - } + function map2(numWorkers, callback2) { + var workers = []; + var results = []; + for (var i = 0; i < numWorkers; ++i) { + var worker = new Worker(blobUrl); + worker.addEventListener("message", function(e) { + results.push(e.data); + if (results.length === numWorkers) { + for (var i2 = 0; i2 < numWorkers; ++i2) { + workers[i2].terminate(); + } + callback2(null, results); + } + }); + workers.push(worker); } - function rejected(value) { - try { - step(generator["throw"](value)); - } catch (e) { - reject(e); + for (var i = 0; i < numWorkers; ++i) { + workers[i].postMessage(i); + } + } + function reduce(numWorkers, results) { + var overlaps = []; + for (var n = 0; n < numWorkers; ++n) { + var r1 = results[n]; + var overlap = overlaps[n] = []; + for (var i = 0; i < numWorkers; ++i) { + if (n === i) { + continue; + } + var r2 = results[i]; + if (r1.st > r2.st && r1.st < r2.et || r2.st > r1.st && r2.st < r1.et) { + overlap.push(i); + } } } - function step(result) { - result.done ? resolve2(result.value) : adopt(result.value).then(fulfilled, rejected); + return overlaps.reduce(function(max, overlap2) { + return Math.max(max, overlap2.length); + }, 0); + } + }; + } +}); + +// node_modules/node-forge/lib/cipher.js +var require_cipher = __commonJS({ + "node_modules/node-forge/lib/cipher.js"(exports2, module2) { + var forge = require_forge(); + require_util9(); + module2.exports = forge.cipher = forge.cipher || {}; + forge.cipher.algorithms = forge.cipher.algorithms || {}; + forge.cipher.createCipher = function(algorithm, key) { + var api = algorithm; + if (typeof api === "string") { + api = forge.cipher.getAlgorithm(api); + if (api) { + api = api(); } - step((generator = generator.apply(thisArg, _arguments || [])).next()); + } + if (!api) { + throw new Error("Unsupported algorithm: " + algorithm); + } + return new forge.cipher.BlockCipher({ + algorithm: api, + key, + decrypt: false }); }; - Object.defineProperty(exports2, "__esModule", { value: true }); - exports2.RetryHelper = void 0; - var core12 = __importStar2(require_core()); - var RetryHelper = class { - constructor(maxAttempts, minSeconds, maxSeconds) { - if (maxAttempts < 1) { - throw new Error("max attempts should be greater than or equal to 1"); - } - this.maxAttempts = maxAttempts; - this.minSeconds = Math.floor(minSeconds); - this.maxSeconds = Math.floor(maxSeconds); - if (this.minSeconds > this.maxSeconds) { - throw new Error("min seconds should be less than or equal to max seconds"); + forge.cipher.createDecipher = function(algorithm, key) { + var api = algorithm; + if (typeof api === "string") { + api = forge.cipher.getAlgorithm(api); + if (api) { + api = api(); } } - execute(action, isRetryable) { - return __awaiter2(this, void 0, void 0, function* () { - let attempt = 1; - while (attempt < this.maxAttempts) { - try { - return yield action(); - } catch (err) { - if (isRetryable && !isRetryable(err)) { - throw err; - } - core12.info(err.message); - } - const seconds = this.getSleepAmount(); - core12.info(`Waiting ${seconds} seconds before trying again`); - yield this.sleep(seconds); - attempt++; - } - return yield action(); - }); + if (!api) { + throw new Error("Unsupported algorithm: " + algorithm); } - getSleepAmount() { - return Math.floor(Math.random() * (this.maxSeconds - this.minSeconds + 1)) + this.minSeconds; + return new forge.cipher.BlockCipher({ + algorithm: api, + key, + decrypt: true + }); + }; + forge.cipher.registerAlgorithm = function(name, algorithm) { + name = name.toUpperCase(); + forge.cipher.algorithms[name] = algorithm; + }; + forge.cipher.getAlgorithm = function(name) { + name = name.toUpperCase(); + if (name in forge.cipher.algorithms) { + return forge.cipher.algorithms[name]; } - sleep(seconds) { - return __awaiter2(this, void 0, void 0, function* () { - return new Promise((resolve2) => setTimeout(resolve2, seconds * 1e3)); - }); + return null; + }; + var BlockCipher = forge.cipher.BlockCipher = function(options) { + this.algorithm = options.algorithm; + this.mode = this.algorithm.mode; + this.blockSize = this.mode.blockSize; + this._finish = false; + this._input = null; + this.output = null; + this._op = options.decrypt ? this.mode.decrypt : this.mode.encrypt; + this._decrypt = options.decrypt; + this.algorithm.initialize(options); + }; + BlockCipher.prototype.start = function(options) { + options = options || {}; + var opts = {}; + for (var key in options) { + opts[key] = options[key]; } + opts.decrypt = this._decrypt; + this._finish = false; + this._input = forge.util.createBuffer(); + this.output = options.output || forge.util.createBuffer(); + this.mode.start(opts); }; - exports2.RetryHelper = RetryHelper; - } -}); - -// node_modules/@actions/tool-cache/lib/tool-cache.js -var require_tool_cache = __commonJS({ - "node_modules/@actions/tool-cache/lib/tool-cache.js"(exports2) { - "use strict"; - var __createBinding2 = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) { - if (k2 === void 0) k2 = k; - var desc = Object.getOwnPropertyDescriptor(m, k); - if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { - desc = { enumerable: true, get: function() { - return m[k]; - } }; + BlockCipher.prototype.update = function(input) { + if (input) { + this._input.putBuffer(input); } - Object.defineProperty(o, k2, desc); - }) : (function(o, m, k, k2) { - if (k2 === void 0) k2 = k; - o[k2] = m[k]; - })); - var __setModuleDefault2 = exports2 && exports2.__setModuleDefault || (Object.create ? (function(o, v) { - Object.defineProperty(o, "default", { enumerable: true, value: v }); - }) : function(o, v) { - o["default"] = v; - }); - var __importStar2 = exports2 && exports2.__importStar || /* @__PURE__ */ (function() { - var ownKeys2 = function(o) { - ownKeys2 = Object.getOwnPropertyNames || function(o2) { - var ar = []; - for (var k in o2) if (Object.prototype.hasOwnProperty.call(o2, k)) ar[ar.length] = k; - return ar; + while (!this._op.call(this.mode, this._input, this.output, this._finish) && !this._finish) { + } + this._input.compact(); + }; + BlockCipher.prototype.finish = function(pad) { + if (pad && (this.mode.name === "ECB" || this.mode.name === "CBC")) { + this.mode.pad = function(input) { + return pad(this.blockSize, input, false); + }; + this.mode.unpad = function(output) { + return pad(this.blockSize, output, true); }; - return ownKeys2(o); - }; - return function(mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) { - for (var k = ownKeys2(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding2(result, mod, k[i]); - } - __setModuleDefault2(result, mod); - return result; - }; - })(); - var __awaiter2 = exports2 && exports2.__awaiter || function(thisArg, _arguments, P, generator) { - function adopt(value) { - return value instanceof P ? value : new P(function(resolve2) { - resolve2(value); - }); } - return new (P || (P = Promise))(function(resolve2, reject) { - function fulfilled(value) { - try { - step(generator.next(value)); - } catch (e) { - reject(e); - } + var options = {}; + options.decrypt = this._decrypt; + options.overflow = this._input.length() % this.blockSize; + if (!this._decrypt && this.mode.pad) { + if (!this.mode.pad(this._input, options)) { + return false; } - function rejected(value) { - try { - step(generator["throw"](value)); - } catch (e) { - reject(e); - } + } + this._finish = true; + this.update(); + if (this._decrypt && this.mode.unpad) { + if (!this.mode.unpad(this.output, options)) { + return false; } - function step(result) { - result.done ? resolve2(result.value) : adopt(result.value).then(fulfilled, rejected); + } + if (this.mode.afterFinish) { + if (!this.mode.afterFinish(this.output, options)) { + return false; } - step((generator = generator.apply(thisArg, _arguments || [])).next()); - }); + } + return true; }; - Object.defineProperty(exports2, "__esModule", { value: true }); - exports2.HTTPError = void 0; - exports2.downloadTool = downloadTool2; - exports2.extract7z = extract7z; - exports2.extractTar = extractTar2; - exports2.extractXar = extractXar; - exports2.extractZip = extractZip; - exports2.cacheDir = cacheDir2; - exports2.cacheFile = cacheFile; - exports2.find = find2; - exports2.findAllVersions = findAllVersions; - exports2.getManifestFromRepo = getManifestFromRepo; - exports2.findFromManifest = findFromManifest; - exports2.isExplicitVersion = isExplicitVersion; - exports2.evaluateVersions = evaluateVersions; - var core12 = __importStar2(require_core()); - var io4 = __importStar2(require_io()); - var crypto2 = __importStar2(require("crypto")); - var fs = __importStar2(require("fs")); - var mm = __importStar2(require_manifest()); - var os2 = __importStar2(require("os")); - var path2 = __importStar2(require("path")); - var httpm = __importStar2(require_lib()); - var semver6 = __importStar2(require_semver2()); - var stream = __importStar2(require("stream")); - var util = __importStar2(require("util")); - var assert_1 = require("assert"); - var exec_1 = require_exec(); - var retry_helper_1 = require_retry_helper(); - var HTTPError2 = class extends Error { - constructor(httpStatusCode) { - super(`Unexpected HTTP response: ${httpStatusCode}`); - this.httpStatusCode = httpStatusCode; - Object.setPrototypeOf(this, new.target.prototype); + } +}); + +// node_modules/node-forge/lib/cipherModes.js +var require_cipherModes = __commonJS({ + "node_modules/node-forge/lib/cipherModes.js"(exports2, module2) { + var forge = require_forge(); + require_util9(); + forge.cipher = forge.cipher || {}; + var modes = module2.exports = forge.cipher.modes = forge.cipher.modes || {}; + modes.ecb = function(options) { + options = options || {}; + this.name = "ECB"; + this.cipher = options.cipher; + this.blockSize = options.blockSize || 16; + this._ints = this.blockSize / 4; + this._inBlock = new Array(this._ints); + this._outBlock = new Array(this._ints); + }; + modes.ecb.prototype.start = function(options) { + }; + modes.ecb.prototype.encrypt = function(input, output, finish) { + if (input.length() < this.blockSize && !(finish && input.length() > 0)) { + return true; + } + for (var i = 0; i < this._ints; ++i) { + this._inBlock[i] = input.getInt32(); + } + this.cipher.encrypt(this._inBlock, this._outBlock); + for (var i = 0; i < this._ints; ++i) { + output.putInt32(this._outBlock[i]); } }; - exports2.HTTPError = HTTPError2; - var IS_WINDOWS = process.platform === "win32"; - var IS_MAC = process.platform === "darwin"; - var userAgent2 = "actions/tool-cache"; - function downloadTool2(url, dest, auth2, headers) { - return __awaiter2(this, void 0, void 0, function* () { - dest = dest || path2.join(_getTempDirectory(), crypto2.randomUUID()); - yield io4.mkdirP(path2.dirname(dest)); - core12.debug(`Downloading ${url}`); - core12.debug(`Destination ${dest}`); - const maxAttempts = 3; - const minSeconds = _getGlobal("TEST_DOWNLOAD_TOOL_RETRY_MIN_SECONDS", 10); - const maxSeconds = _getGlobal("TEST_DOWNLOAD_TOOL_RETRY_MAX_SECONDS", 20); - const retryHelper = new retry_helper_1.RetryHelper(maxAttempts, minSeconds, maxSeconds); - return yield retryHelper.execute(() => __awaiter2(this, void 0, void 0, function* () { - return yield downloadToolAttempt(url, dest || "", auth2, headers); - }), (err) => { - if (err instanceof HTTPError2 && err.httpStatusCode) { - if (err.httpStatusCode < 500 && err.httpStatusCode !== 408 && err.httpStatusCode !== 429) { - return false; - } - } - return true; - }); - }); - } - function downloadToolAttempt(url, dest, auth2, headers) { - return __awaiter2(this, void 0, void 0, function* () { - if (fs.existsSync(dest)) { - throw new Error(`Destination file path ${dest} already exists`); - } - const http = new httpm.HttpClient(userAgent2, [], { - allowRetries: false - }); - if (auth2) { - core12.debug("set auth"); - if (headers === void 0) { - headers = {}; - } - headers.authorization = auth2; + modes.ecb.prototype.decrypt = function(input, output, finish) { + if (input.length() < this.blockSize && !(finish && input.length() > 0)) { + return true; + } + for (var i = 0; i < this._ints; ++i) { + this._inBlock[i] = input.getInt32(); + } + this.cipher.decrypt(this._inBlock, this._outBlock); + for (var i = 0; i < this._ints; ++i) { + output.putInt32(this._outBlock[i]); + } + }; + modes.ecb.prototype.pad = function(input, options) { + var padding = input.length() === this.blockSize ? this.blockSize : this.blockSize - input.length(); + input.fillWithByte(padding, padding); + return true; + }; + modes.ecb.prototype.unpad = function(output, options) { + if (options.overflow > 0) { + return false; + } + var len = output.length(); + var count = output.at(len - 1); + if (count > this.blockSize << 2) { + return false; + } + output.truncate(count); + return true; + }; + modes.cbc = function(options) { + options = options || {}; + this.name = "CBC"; + this.cipher = options.cipher; + this.blockSize = options.blockSize || 16; + this._ints = this.blockSize / 4; + this._inBlock = new Array(this._ints); + this._outBlock = new Array(this._ints); + }; + modes.cbc.prototype.start = function(options) { + if (options.iv === null) { + if (!this._prev) { + throw new Error("Invalid IV parameter."); } - const response = yield http.get(url, headers); - if (response.message.statusCode !== 200) { - const err = new HTTPError2(response.message.statusCode); - core12.debug(`Failed to download from "${url}". Code(${response.message.statusCode}) Message(${response.message.statusMessage})`); - throw err; + this._iv = this._prev.slice(0); + } else if (!("iv" in options)) { + throw new Error("Invalid IV parameter."); + } else { + this._iv = transformIV(options.iv, this.blockSize); + this._prev = this._iv.slice(0); + } + }; + modes.cbc.prototype.encrypt = function(input, output, finish) { + if (input.length() < this.blockSize && !(finish && input.length() > 0)) { + return true; + } + for (var i = 0; i < this._ints; ++i) { + this._inBlock[i] = this._prev[i] ^ input.getInt32(); + } + this.cipher.encrypt(this._inBlock, this._outBlock); + for (var i = 0; i < this._ints; ++i) { + output.putInt32(this._outBlock[i]); + } + this._prev = this._outBlock; + }; + modes.cbc.prototype.decrypt = function(input, output, finish) { + if (input.length() < this.blockSize && !(finish && input.length() > 0)) { + return true; + } + for (var i = 0; i < this._ints; ++i) { + this._inBlock[i] = input.getInt32(); + } + this.cipher.decrypt(this._inBlock, this._outBlock); + for (var i = 0; i < this._ints; ++i) { + output.putInt32(this._prev[i] ^ this._outBlock[i]); + } + this._prev = this._inBlock.slice(0); + }; + modes.cbc.prototype.pad = function(input, options) { + var padding = input.length() === this.blockSize ? this.blockSize : this.blockSize - input.length(); + input.fillWithByte(padding, padding); + return true; + }; + modes.cbc.prototype.unpad = function(output, options) { + if (options.overflow > 0) { + return false; + } + var len = output.length(); + var count = output.at(len - 1); + if (count > this.blockSize << 2) { + return false; + } + output.truncate(count); + return true; + }; + modes.cfb = function(options) { + options = options || {}; + this.name = "CFB"; + this.cipher = options.cipher; + this.blockSize = options.blockSize || 16; + this._ints = this.blockSize / 4; + this._inBlock = null; + this._outBlock = new Array(this._ints); + this._partialBlock = new Array(this._ints); + this._partialOutput = forge.util.createBuffer(); + this._partialBytes = 0; + }; + modes.cfb.prototype.start = function(options) { + if (!("iv" in options)) { + throw new Error("Invalid IV parameter."); + } + this._iv = transformIV(options.iv, this.blockSize); + this._inBlock = this._iv.slice(0); + this._partialBytes = 0; + }; + modes.cfb.prototype.encrypt = function(input, output, finish) { + var inputLength = input.length(); + if (inputLength === 0) { + return true; + } + this.cipher.encrypt(this._inBlock, this._outBlock); + if (this._partialBytes === 0 && inputLength >= this.blockSize) { + for (var i = 0; i < this._ints; ++i) { + this._inBlock[i] = input.getInt32() ^ this._outBlock[i]; + output.putInt32(this._inBlock[i]); } - const pipeline = util.promisify(stream.pipeline); - const responseMessageFactory = _getGlobal("TEST_DOWNLOAD_TOOL_RESPONSE_MESSAGE_FACTORY", () => response.message); - const readStream = responseMessageFactory(); - let succeeded = false; - try { - yield pipeline(readStream, fs.createWriteStream(dest)); - core12.debug("download complete"); - succeeded = true; - return dest; - } finally { - if (!succeeded) { - core12.debug("download failed"); - try { - yield io4.rmRF(dest); - } catch (err) { - core12.debug(`Failed to delete '${dest}'. ${err.message}`); - } - } + return; + } + var partialBytes = (this.blockSize - inputLength) % this.blockSize; + if (partialBytes > 0) { + partialBytes = this.blockSize - partialBytes; + } + this._partialOutput.clear(); + for (var i = 0; i < this._ints; ++i) { + this._partialBlock[i] = input.getInt32() ^ this._outBlock[i]; + this._partialOutput.putInt32(this._partialBlock[i]); + } + if (partialBytes > 0) { + input.read -= this.blockSize; + } else { + for (var i = 0; i < this._ints; ++i) { + this._inBlock[i] = this._partialBlock[i]; } - }); - } - function extract7z(file, dest, _7zPath) { - return __awaiter2(this, void 0, void 0, function* () { - (0, assert_1.ok)(IS_WINDOWS, "extract7z() not supported on current OS"); - (0, assert_1.ok)(file, 'parameter "file" is required'); - dest = yield _createExtractFolder(dest); - const originalCwd = process.cwd(); - process.chdir(dest); - if (_7zPath) { - try { - const logLevel = core12.isDebug() ? "-bb1" : "-bb0"; - const args = [ - "x", - // eXtract files with full paths - logLevel, - // -bb[0-3] : set output log level - "-bd", - // disable progress indicator - "-sccUTF-8", - // set charset for for console input/output - file - ]; - const options = { - silent: true - }; - yield (0, exec_1.exec)(`"${_7zPath}"`, args, options); - } finally { - process.chdir(originalCwd); - } - } else { - const escapedScript = path2.join(__dirname, "..", "scripts", "Invoke-7zdec.ps1").replace(/'/g, "''").replace(/"|\n|\r/g, ""); - const escapedFile = file.replace(/'/g, "''").replace(/"|\n|\r/g, ""); - const escapedTarget = dest.replace(/'/g, "''").replace(/"|\n|\r/g, ""); - const command = `& '${escapedScript}' -Source '${escapedFile}' -Target '${escapedTarget}'`; - const args = [ - "-NoLogo", - "-Sta", - "-NoProfile", - "-NonInteractive", - "-ExecutionPolicy", - "Unrestricted", - "-Command", - command - ]; - const options = { - silent: true - }; - try { - const powershellPath = yield io4.which("powershell", true); - yield (0, exec_1.exec)(`"${powershellPath}"`, args, options); - } finally { - process.chdir(originalCwd); - } + } + if (this._partialBytes > 0) { + this._partialOutput.getBytes(this._partialBytes); + } + if (partialBytes > 0 && !finish) { + output.putBytes(this._partialOutput.getBytes( + partialBytes - this._partialBytes + )); + this._partialBytes = partialBytes; + return true; + } + output.putBytes(this._partialOutput.getBytes( + inputLength - this._partialBytes + )); + this._partialBytes = 0; + }; + modes.cfb.prototype.decrypt = function(input, output, finish) { + var inputLength = input.length(); + if (inputLength === 0) { + return true; + } + this.cipher.encrypt(this._inBlock, this._outBlock); + if (this._partialBytes === 0 && inputLength >= this.blockSize) { + for (var i = 0; i < this._ints; ++i) { + this._inBlock[i] = input.getInt32(); + output.putInt32(this._inBlock[i] ^ this._outBlock[i]); } - return dest; - }); - } - function extractTar2(file_1, dest_1) { - return __awaiter2(this, arguments, void 0, function* (file, dest, flags = "xz") { - if (!file) { - throw new Error("parameter 'file' is required"); + return; + } + var partialBytes = (this.blockSize - inputLength) % this.blockSize; + if (partialBytes > 0) { + partialBytes = this.blockSize - partialBytes; + } + this._partialOutput.clear(); + for (var i = 0; i < this._ints; ++i) { + this._partialBlock[i] = input.getInt32(); + this._partialOutput.putInt32(this._partialBlock[i] ^ this._outBlock[i]); + } + if (partialBytes > 0) { + input.read -= this.blockSize; + } else { + for (var i = 0; i < this._ints; ++i) { + this._inBlock[i] = this._partialBlock[i]; } - dest = yield _createExtractFolder(dest); - core12.debug("Checking tar --version"); - let versionOutput = ""; - yield (0, exec_1.exec)("tar --version", [], { - ignoreReturnCode: true, - silent: true, - listeners: { - stdout: (data) => versionOutput += data.toString(), - stderr: (data) => versionOutput += data.toString() - } - }); - core12.debug(versionOutput.trim()); - const isGnuTar = versionOutput.toUpperCase().includes("GNU TAR"); - let args; - if (flags instanceof Array) { - args = flags; - } else { - args = [flags]; + } + if (this._partialBytes > 0) { + this._partialOutput.getBytes(this._partialBytes); + } + if (partialBytes > 0 && !finish) { + output.putBytes(this._partialOutput.getBytes( + partialBytes - this._partialBytes + )); + this._partialBytes = partialBytes; + return true; + } + output.putBytes(this._partialOutput.getBytes( + inputLength - this._partialBytes + )); + this._partialBytes = 0; + }; + modes.ofb = function(options) { + options = options || {}; + this.name = "OFB"; + this.cipher = options.cipher; + this.blockSize = options.blockSize || 16; + this._ints = this.blockSize / 4; + this._inBlock = null; + this._outBlock = new Array(this._ints); + this._partialOutput = forge.util.createBuffer(); + this._partialBytes = 0; + }; + modes.ofb.prototype.start = function(options) { + if (!("iv" in options)) { + throw new Error("Invalid IV parameter."); + } + this._iv = transformIV(options.iv, this.blockSize); + this._inBlock = this._iv.slice(0); + this._partialBytes = 0; + }; + modes.ofb.prototype.encrypt = function(input, output, finish) { + var inputLength = input.length(); + if (input.length() === 0) { + return true; + } + this.cipher.encrypt(this._inBlock, this._outBlock); + if (this._partialBytes === 0 && inputLength >= this.blockSize) { + for (var i = 0; i < this._ints; ++i) { + output.putInt32(input.getInt32() ^ this._outBlock[i]); + this._inBlock[i] = this._outBlock[i]; } - if (core12.isDebug() && !flags.includes("v")) { - args.push("-v"); + return; + } + var partialBytes = (this.blockSize - inputLength) % this.blockSize; + if (partialBytes > 0) { + partialBytes = this.blockSize - partialBytes; + } + this._partialOutput.clear(); + for (var i = 0; i < this._ints; ++i) { + this._partialOutput.putInt32(input.getInt32() ^ this._outBlock[i]); + } + if (partialBytes > 0) { + input.read -= this.blockSize; + } else { + for (var i = 0; i < this._ints; ++i) { + this._inBlock[i] = this._outBlock[i]; } - let destArg = dest; - let fileArg = file; - if (IS_WINDOWS && isGnuTar) { - args.push("--force-local"); - destArg = dest.replace(/\\/g, "/"); - fileArg = file.replace(/\\/g, "/"); + } + if (this._partialBytes > 0) { + this._partialOutput.getBytes(this._partialBytes); + } + if (partialBytes > 0 && !finish) { + output.putBytes(this._partialOutput.getBytes( + partialBytes - this._partialBytes + )); + this._partialBytes = partialBytes; + return true; + } + output.putBytes(this._partialOutput.getBytes( + inputLength - this._partialBytes + )); + this._partialBytes = 0; + }; + modes.ofb.prototype.decrypt = modes.ofb.prototype.encrypt; + modes.ctr = function(options) { + options = options || {}; + this.name = "CTR"; + this.cipher = options.cipher; + this.blockSize = options.blockSize || 16; + this._ints = this.blockSize / 4; + this._inBlock = null; + this._outBlock = new Array(this._ints); + this._partialOutput = forge.util.createBuffer(); + this._partialBytes = 0; + }; + modes.ctr.prototype.start = function(options) { + if (!("iv" in options)) { + throw new Error("Invalid IV parameter."); + } + this._iv = transformIV(options.iv, this.blockSize); + this._inBlock = this._iv.slice(0); + this._partialBytes = 0; + }; + modes.ctr.prototype.encrypt = function(input, output, finish) { + var inputLength = input.length(); + if (inputLength === 0) { + return true; + } + this.cipher.encrypt(this._inBlock, this._outBlock); + if (this._partialBytes === 0 && inputLength >= this.blockSize) { + for (var i = 0; i < this._ints; ++i) { + output.putInt32(input.getInt32() ^ this._outBlock[i]); } - if (isGnuTar) { - args.push("--warning=no-unknown-keyword"); - args.push("--overwrite"); + } else { + var partialBytes = (this.blockSize - inputLength) % this.blockSize; + if (partialBytes > 0) { + partialBytes = this.blockSize - partialBytes; } - args.push("-C", destArg, "-f", fileArg); - yield (0, exec_1.exec)(`tar`, args); - return dest; - }); - } - function extractXar(file_1, dest_1) { - return __awaiter2(this, arguments, void 0, function* (file, dest, flags = []) { - (0, assert_1.ok)(IS_MAC, "extractXar() not supported on current OS"); - (0, assert_1.ok)(file, 'parameter "file" is required'); - dest = yield _createExtractFolder(dest); - let args; - if (flags instanceof Array) { - args = flags; - } else { - args = [flags]; + this._partialOutput.clear(); + for (var i = 0; i < this._ints; ++i) { + this._partialOutput.putInt32(input.getInt32() ^ this._outBlock[i]); } - args.push("-x", "-C", dest, "-f", file); - if (core12.isDebug()) { - args.push("-v"); + if (partialBytes > 0) { + input.read -= this.blockSize; } - const xarPath = yield io4.which("xar", true); - yield (0, exec_1.exec)(`"${xarPath}"`, _unique(args)); - return dest; - }); - } - function extractZip(file, dest) { - return __awaiter2(this, void 0, void 0, function* () { - if (!file) { - throw new Error("parameter 'file' is required"); + if (this._partialBytes > 0) { + this._partialOutput.getBytes(this._partialBytes); } - dest = yield _createExtractFolder(dest); - if (IS_WINDOWS) { - yield extractZipWin(file, dest); - } else { - yield extractZipNix(file, dest); + if (partialBytes > 0 && !finish) { + output.putBytes(this._partialOutput.getBytes( + partialBytes - this._partialBytes + )); + this._partialBytes = partialBytes; + return true; } - return dest; - }); - } - function extractZipWin(file, dest) { - return __awaiter2(this, void 0, void 0, function* () { - const escapedFile = file.replace(/'/g, "''").replace(/"|\n|\r/g, ""); - const escapedDest = dest.replace(/'/g, "''").replace(/"|\n|\r/g, ""); - const pwshPath = yield io4.which("pwsh", false); - if (pwshPath) { - const pwshCommand = [ - `$ErrorActionPreference = 'Stop' ;`, - `try { Add-Type -AssemblyName System.IO.Compression.ZipFile } catch { } ;`, - `try { [System.IO.Compression.ZipFile]::ExtractToDirectory('${escapedFile}', '${escapedDest}', $true) }`, - `catch { if (($_.Exception.GetType().FullName -eq 'System.Management.Automation.MethodException') -or ($_.Exception.GetType().FullName -eq 'System.Management.Automation.RuntimeException') ){ Expand-Archive -LiteralPath '${escapedFile}' -DestinationPath '${escapedDest}' -Force } else { throw $_ } } ;` - ].join(" "); - const args = [ - "-NoLogo", - "-NoProfile", - "-NonInteractive", - "-ExecutionPolicy", - "Unrestricted", - "-Command", - pwshCommand - ]; - core12.debug(`Using pwsh at path: ${pwshPath}`); - yield (0, exec_1.exec)(`"${pwshPath}"`, args); - } else { - const powershellCommand = [ - `$ErrorActionPreference = 'Stop' ;`, - `try { Add-Type -AssemblyName System.IO.Compression.FileSystem } catch { } ;`, - `if ((Get-Command -Name Expand-Archive -Module Microsoft.PowerShell.Archive -ErrorAction Ignore)) { Expand-Archive -LiteralPath '${escapedFile}' -DestinationPath '${escapedDest}' -Force }`, - `else {[System.IO.Compression.ZipFile]::ExtractToDirectory('${escapedFile}', '${escapedDest}', $true) }` - ].join(" "); - const args = [ - "-NoLogo", - "-Sta", - "-NoProfile", - "-NonInteractive", - "-ExecutionPolicy", - "Unrestricted", - "-Command", - powershellCommand - ]; - const powershellPath = yield io4.which("powershell", true); - core12.debug(`Using powershell at path: ${powershellPath}`); - yield (0, exec_1.exec)(`"${powershellPath}"`, args); - } - }); - } - function extractZipNix(file, dest) { - return __awaiter2(this, void 0, void 0, function* () { - const unzipPath = yield io4.which("unzip", true); - const args = [file]; - if (!core12.isDebug()) { - args.unshift("-q"); - } - args.unshift("-o"); - yield (0, exec_1.exec)(`"${unzipPath}"`, args, { cwd: dest }); - }); - } - function cacheDir2(sourceDir, tool, version, arch) { - return __awaiter2(this, void 0, void 0, function* () { - version = semver6.clean(version) || version; - arch = arch || os2.arch(); - core12.debug(`Caching tool ${tool} ${version} ${arch}`); - core12.debug(`source dir: ${sourceDir}`); - if (!fs.statSync(sourceDir).isDirectory()) { - throw new Error("sourceDir is not a directory"); - } - const destPath = yield _createToolPath(tool, version, arch); - for (const itemName of fs.readdirSync(sourceDir)) { - const s = path2.join(sourceDir, itemName); - yield io4.cp(s, destPath, { recursive: true }); - } - _completeToolPath(tool, version, arch); - return destPath; - }); - } - function cacheFile(sourceFile, targetFile, tool, version, arch) { - return __awaiter2(this, void 0, void 0, function* () { - version = semver6.clean(version) || version; - arch = arch || os2.arch(); - core12.debug(`Caching tool ${tool} ${version} ${arch}`); - core12.debug(`source file: ${sourceFile}`); - if (!fs.statSync(sourceFile).isFile()) { - throw new Error("sourceFile is not a file"); - } - const destFolder = yield _createToolPath(tool, version, arch); - const destPath = path2.join(destFolder, targetFile); - core12.debug(`destination file ${destPath}`); - yield io4.cp(sourceFile, destPath); - _completeToolPath(tool, version, arch); - return destFolder; - }); - } - function find2(toolName, versionSpec, arch) { - if (!toolName) { - throw new Error("toolName parameter is required"); + output.putBytes(this._partialOutput.getBytes( + inputLength - this._partialBytes + )); + this._partialBytes = 0; } - if (!versionSpec) { - throw new Error("versionSpec parameter is required"); + inc32(this._inBlock); + }; + modes.ctr.prototype.decrypt = modes.ctr.prototype.encrypt; + modes.gcm = function(options) { + options = options || {}; + this.name = "GCM"; + this.cipher = options.cipher; + this.blockSize = options.blockSize || 16; + this._ints = this.blockSize / 4; + this._inBlock = new Array(this._ints); + this._outBlock = new Array(this._ints); + this._partialOutput = forge.util.createBuffer(); + this._partialBytes = 0; + this._R = 3774873600; + }; + modes.gcm.prototype.start = function(options) { + if (!("iv" in options)) { + throw new Error("Invalid IV parameter."); } - arch = arch || os2.arch(); - if (!isExplicitVersion(versionSpec)) { - const localVersions = findAllVersions(toolName, arch); - const match = evaluateVersions(localVersions, versionSpec); - versionSpec = match; + var iv = forge.util.createBuffer(options.iv); + this._cipherLength = 0; + var additionalData; + if ("additionalData" in options) { + additionalData = forge.util.createBuffer(options.additionalData); + } else { + additionalData = forge.util.createBuffer(); } - let toolPath = ""; - if (versionSpec) { - versionSpec = semver6.clean(versionSpec) || ""; - const cachePath = path2.join(_getCacheDirectory(), toolName, versionSpec, arch); - core12.debug(`checking cache: ${cachePath}`); - if (fs.existsSync(cachePath) && fs.existsSync(`${cachePath}.complete`)) { - core12.debug(`Found tool in cache ${toolName} ${versionSpec} ${arch}`); - toolPath = cachePath; - } else { - core12.debug("not found"); - } + if ("tagLength" in options) { + this._tagLength = options.tagLength; + } else { + this._tagLength = 128; } - return toolPath; - } - function findAllVersions(toolName, arch) { - const versions = []; - arch = arch || os2.arch(); - const toolPath = path2.join(_getCacheDirectory(), toolName); - if (fs.existsSync(toolPath)) { - const children = fs.readdirSync(toolPath); - for (const child of children) { - if (isExplicitVersion(child)) { - const fullPath = path2.join(toolPath, child, arch || ""); - if (fs.existsSync(fullPath) && fs.existsSync(`${fullPath}.complete`)) { - versions.push(child); - } - } + this._tag = null; + if (options.decrypt) { + this._tag = forge.util.createBuffer(options.tag).getBytes(); + if (this._tag.length !== this._tagLength / 8) { + throw new Error("Authentication tag does not match tag length."); } } - return versions; - } - function getManifestFromRepo(owner_1, repo_1, auth_1) { - return __awaiter2(this, arguments, void 0, function* (owner, repo, auth2, branch = "master") { - let releases = []; - const treeUrl = `https://api.github.com/repos/${owner}/${repo}/git/trees/${branch}`; - const http = new httpm.HttpClient("tool-cache"); - const headers = {}; - if (auth2) { - core12.debug("set auth"); - headers.authorization = auth2; - } - const response = yield http.getJson(treeUrl, headers); - if (!response.result) { - return releases; - } - let manifestUrl = ""; - for (const item of response.result.tree) { - if (item.path === "versions-manifest.json") { - manifestUrl = item.url; - break; - } - } - headers["accept"] = "application/vnd.github.VERSION.raw"; - let versionsRaw = yield (yield http.get(manifestUrl, headers)).readBody(); - if (versionsRaw) { - versionsRaw = versionsRaw.replace(/^\uFEFF/, ""); - try { - releases = JSON.parse(versionsRaw); - } catch (_a) { - core12.debug("Invalid json"); - } - } - return releases; - }); - } - function findFromManifest(versionSpec_1, stable_1, manifest_1) { - return __awaiter2(this, arguments, void 0, function* (versionSpec, stable, manifest, archFilter = os2.arch()) { - const match = yield mm._findMatch(versionSpec, stable, manifest, archFilter); - return match; - }); - } - function _createExtractFolder(dest) { - return __awaiter2(this, void 0, void 0, function* () { - if (!dest) { - dest = path2.join(_getTempDirectory(), crypto2.randomUUID()); - } - yield io4.mkdirP(dest); - return dest; - }); - } - function _createToolPath(tool, version, arch) { - return __awaiter2(this, void 0, void 0, function* () { - const folderPath = path2.join(_getCacheDirectory(), tool, semver6.clean(version) || version, arch || ""); - core12.debug(`destination ${folderPath}`); - const markerPath = `${folderPath}.complete`; - yield io4.rmRF(folderPath); - yield io4.rmRF(markerPath); - yield io4.mkdirP(folderPath); - return folderPath; - }); - } - function _completeToolPath(tool, version, arch) { - const folderPath = path2.join(_getCacheDirectory(), tool, semver6.clean(version) || version, arch || ""); - const markerPath = `${folderPath}.complete`; - fs.writeFileSync(markerPath, ""); - core12.debug("finished caching tool"); - } - function isExplicitVersion(versionSpec) { - const c = semver6.clean(versionSpec) || ""; - core12.debug(`isExplicit: ${c}`); - const valid2 = semver6.valid(c) != null; - core12.debug(`explicit? ${valid2}`); - return valid2; - } - function evaluateVersions(versions, versionSpec) { - let version = ""; - core12.debug(`evaluating ${versions.length} versions`); - versions = versions.sort((a, b) => { - if (semver6.gt(a, b)) { - return 1; - } - return -1; - }); - for (let i = versions.length - 1; i >= 0; i--) { - const potential = versions[i]; - const satisfied = semver6.satisfies(potential, versionSpec); - if (satisfied) { - version = potential; - break; + this._hashBlock = new Array(this._ints); + this.tag = null; + this._hashSubkey = new Array(this._ints); + this.cipher.encrypt([0, 0, 0, 0], this._hashSubkey); + this.componentBits = 4; + this._m = this.generateHashTable(this._hashSubkey, this.componentBits); + var ivLength = iv.length(); + if (ivLength === 12) { + this._j0 = [iv.getInt32(), iv.getInt32(), iv.getInt32(), 1]; + } else { + this._j0 = [0, 0, 0, 0]; + while (iv.length() > 0) { + this._j0 = this.ghash( + this._hashSubkey, + this._j0, + [iv.getInt32(), iv.getInt32(), iv.getInt32(), iv.getInt32()] + ); } + this._j0 = this.ghash( + this._hashSubkey, + this._j0, + [0, 0].concat(from64To32(ivLength * 8)) + ); } - if (version) { - core12.debug(`matched: ${version}`); - } else { - core12.debug("match not found"); + this._inBlock = this._j0.slice(0); + inc32(this._inBlock); + this._partialBytes = 0; + additionalData = forge.util.createBuffer(additionalData); + this._aDataLength = from64To32(additionalData.length() * 8); + var overflow = additionalData.length() % this.blockSize; + if (overflow) { + additionalData.fillWithByte(0, this.blockSize - overflow); } - return version; - } - function _getCacheDirectory() { - const cacheDirectory = process.env["RUNNER_TOOL_CACHE"] || ""; - (0, assert_1.ok)(cacheDirectory, "Expected RUNNER_TOOL_CACHE to be defined"); - return cacheDirectory; - } - function _getTempDirectory() { - const tempDirectory = process.env["RUNNER_TEMP"] || ""; - (0, assert_1.ok)(tempDirectory, "Expected RUNNER_TEMP to be defined"); - return tempDirectory; - } - function _getGlobal(key, defaultValue) { - const value = global[key]; - return value !== void 0 ? value : defaultValue; - } - function _unique(values) { - return Array.from(new Set(values)); - } - } -}); - -// node_modules/node-forge/lib/forge.js -var require_forge = __commonJS({ - "node_modules/node-forge/lib/forge.js"(exports2, module2) { - module2.exports = { - // default options - options: { - usePureJavaScript: false + this._s = [0, 0, 0, 0]; + while (additionalData.length() > 0) { + this._s = this.ghash(this._hashSubkey, this._s, [ + additionalData.getInt32(), + additionalData.getInt32(), + additionalData.getInt32(), + additionalData.getInt32() + ]); } }; - } -}); - -// node_modules/node-forge/lib/baseN.js -var require_baseN = __commonJS({ - "node_modules/node-forge/lib/baseN.js"(exports2, module2) { - var api = {}; - module2.exports = api; - var _reverseAlphabets = {}; - api.encode = function(input, alphabet, maxline) { - if (typeof alphabet !== "string") { - throw new TypeError('"alphabet" must be a string.'); - } - if (maxline !== void 0 && typeof maxline !== "number") { - throw new TypeError('"maxline" must be a number.'); + modes.gcm.prototype.encrypt = function(input, output, finish) { + var inputLength = input.length(); + if (inputLength === 0) { + return true; } - var output = ""; - if (!(input instanceof Uint8Array)) { - output = _encodeWithByteBuffer(input, alphabet); + this.cipher.encrypt(this._inBlock, this._outBlock); + if (this._partialBytes === 0 && inputLength >= this.blockSize) { + for (var i = 0; i < this._ints; ++i) { + output.putInt32(this._outBlock[i] ^= input.getInt32()); + } + this._cipherLength += this.blockSize; } else { - var i = 0; - var base = alphabet.length; - var first = alphabet.charAt(0); - var digits = [0]; - for (i = 0; i < input.length; ++i) { - for (var j = 0, carry = input[i]; j < digits.length; ++j) { - carry += digits[j] << 8; - digits[j] = carry % base; - carry = carry / base | 0; + var partialBytes = (this.blockSize - inputLength) % this.blockSize; + if (partialBytes > 0) { + partialBytes = this.blockSize - partialBytes; + } + this._partialOutput.clear(); + for (var i = 0; i < this._ints; ++i) { + this._partialOutput.putInt32(input.getInt32() ^ this._outBlock[i]); + } + if (partialBytes <= 0 || finish) { + if (finish) { + var overflow = inputLength % this.blockSize; + this._cipherLength += overflow; + this._partialOutput.truncate(this.blockSize - overflow); + } else { + this._cipherLength += this.blockSize; } - while (carry > 0) { - digits.push(carry % base); - carry = carry / base | 0; + for (var i = 0; i < this._ints; ++i) { + this._outBlock[i] = this._partialOutput.getInt32(); } + this._partialOutput.read -= this.blockSize; } - for (i = 0; input[i] === 0 && i < input.length - 1; ++i) { - output += first; + if (this._partialBytes > 0) { + this._partialOutput.getBytes(this._partialBytes); } - for (i = digits.length - 1; i >= 0; --i) { - output += alphabet[digits[i]]; + if (partialBytes > 0 && !finish) { + input.read -= this.blockSize; + output.putBytes(this._partialOutput.getBytes( + partialBytes - this._partialBytes + )); + this._partialBytes = partialBytes; + return true; } + output.putBytes(this._partialOutput.getBytes( + inputLength - this._partialBytes + )); + this._partialBytes = 0; } - if (maxline) { - var regex = new RegExp(".{1," + maxline + "}", "g"); - output = output.match(regex).join("\r\n"); - } - return output; + this._s = this.ghash(this._hashSubkey, this._s, this._outBlock); + inc32(this._inBlock); }; - api.decode = function(input, alphabet) { - if (typeof input !== "string") { - throw new TypeError('"input" must be a string.'); + modes.gcm.prototype.decrypt = function(input, output, finish) { + var inputLength = input.length(); + if (inputLength < this.blockSize && !(finish && inputLength > 0)) { + return true; } - if (typeof alphabet !== "string") { - throw new TypeError('"alphabet" must be a string.'); + this.cipher.encrypt(this._inBlock, this._outBlock); + inc32(this._inBlock); + this._hashBlock[0] = input.getInt32(); + this._hashBlock[1] = input.getInt32(); + this._hashBlock[2] = input.getInt32(); + this._hashBlock[3] = input.getInt32(); + this._s = this.ghash(this._hashSubkey, this._s, this._hashBlock); + for (var i = 0; i < this._ints; ++i) { + output.putInt32(this._outBlock[i] ^ this._hashBlock[i]); } - var table = _reverseAlphabets[alphabet]; - if (!table) { - table = _reverseAlphabets[alphabet] = []; - for (var i = 0; i < alphabet.length; ++i) { - table[alphabet.charCodeAt(i)] = i; - } + if (inputLength < this.blockSize) { + this._cipherLength += inputLength % this.blockSize; + } else { + this._cipherLength += this.blockSize; } - input = input.replace(/\s/g, ""); - var base = alphabet.length; - var first = alphabet.charAt(0); - var bytes = [0]; - for (var i = 0; i < input.length; i++) { - var value = table[input.charCodeAt(i)]; - if (value === void 0) { - return; - } - for (var j = 0, carry = value; j < bytes.length; ++j) { - carry += bytes[j] * base; - bytes[j] = carry & 255; - carry >>= 8; - } - while (carry > 0) { - bytes.push(carry & 255); - carry >>= 8; - } + }; + modes.gcm.prototype.afterFinish = function(output, options) { + var rval = true; + if (options.decrypt && options.overflow) { + output.truncate(this.blockSize - options.overflow); } - for (var k = 0; input[k] === first && k < input.length - 1; ++k) { - bytes.push(0); + this.tag = forge.util.createBuffer(); + var lengths = this._aDataLength.concat(from64To32(this._cipherLength * 8)); + this._s = this.ghash(this._hashSubkey, this._s, lengths); + var tag = []; + this.cipher.encrypt(this._j0, tag); + for (var i = 0; i < this._ints; ++i) { + this.tag.putInt32(this._s[i] ^ tag[i]); } - if (typeof Buffer !== "undefined") { - return Buffer.from(bytes.reverse()); + this.tag.truncate(this.tag.length() % (this._tagLength / 8)); + if (options.decrypt && this.tag.bytes() !== this._tag) { + rval = false; } - return new Uint8Array(bytes.reverse()); + return rval; }; - function _encodeWithByteBuffer(input, alphabet) { - var i = 0; - var base = alphabet.length; - var first = alphabet.charAt(0); - var digits = [0]; - for (i = 0; i < input.length(); ++i) { - for (var j = 0, carry = input.at(i); j < digits.length; ++j) { - carry += digits[j] << 8; - digits[j] = carry % base; - carry = carry / base | 0; - } - while (carry > 0) { - digits.push(carry % base); - carry = carry / base | 0; + modes.gcm.prototype.multiply = function(x, y) { + var z_i = [0, 0, 0, 0]; + var v_i = y.slice(0); + for (var i = 0; i < 128; ++i) { + var x_i = x[i / 32 | 0] & 1 << 31 - i % 32; + if (x_i) { + z_i[0] ^= v_i[0]; + z_i[1] ^= v_i[1]; + z_i[2] ^= v_i[2]; + z_i[3] ^= v_i[3]; } + this.pow(v_i, v_i); } - var output = ""; - for (i = 0; input.at(i) === 0 && i < input.length() - 1; ++i) { - output += first; - } - for (i = digits.length - 1; i >= 0; --i) { - output += alphabet[digits[i]]; + return z_i; + }; + modes.gcm.prototype.pow = function(x, out) { + var lsb = x[3] & 1; + for (var i = 3; i > 0; --i) { + out[i] = x[i] >>> 1 | (x[i - 1] & 1) << 31; } - return output; - } - } -}); - -// node_modules/node-forge/lib/util.js -var require_util9 = __commonJS({ - "node_modules/node-forge/lib/util.js"(exports2, module2) { - var forge = require_forge(); - var baseN = require_baseN(); - var util = module2.exports = forge.util = forge.util || {}; - (function() { - if (typeof process !== "undefined" && process.nextTick && !process.browser) { - util.nextTick = process.nextTick; - if (typeof setImmediate === "function") { - util.setImmediate = setImmediate; - } else { - util.setImmediate = util.nextTick; - } - return; + out[0] = x[0] >>> 1; + if (lsb) { + out[0] ^= this._R; } - if (typeof setImmediate === "function") { - util.setImmediate = function() { - return setImmediate.apply(void 0, arguments); - }; - util.nextTick = function(callback) { - return setImmediate(callback); - }; - return; + }; + modes.gcm.prototype.tableMultiply = function(x) { + var z = [0, 0, 0, 0]; + for (var i = 0; i < 32; ++i) { + var idx = i / 8 | 0; + var x_i = x[idx] >>> (7 - i % 8) * 4 & 15; + var ah = this._m[i][x_i]; + z[0] ^= ah[0]; + z[1] ^= ah[1]; + z[2] ^= ah[2]; + z[3] ^= ah[3]; } - util.setImmediate = function(callback) { - setTimeout(callback, 0); - }; - if (typeof window !== "undefined" && typeof window.postMessage === "function") { - let handler3 = function(event) { - if (event.source === window && event.data === msg) { - event.stopPropagation(); - var copy = callbacks.slice(); - callbacks.length = 0; - copy.forEach(function(callback) { - callback(); - }); - } - }; - var handler2 = handler3; - var msg = "forge.setImmediate"; - var callbacks = []; - util.setImmediate = function(callback) { - callbacks.push(callback); - if (callbacks.length === 1) { - window.postMessage(msg, "*"); - } - }; - window.addEventListener("message", handler3, true); - } - if (typeof MutationObserver !== "undefined") { - var now = Date.now(); - var attr = true; - var div = document.createElement("div"); - var callbacks = []; - new MutationObserver(function() { - var copy = callbacks.slice(); - callbacks.length = 0; - copy.forEach(function(callback) { - callback(); - }); - }).observe(div, { attributes: true }); - var oldSetImmediate = util.setImmediate; - util.setImmediate = function(callback) { - if (Date.now() - now > 15) { - now = Date.now(); - oldSetImmediate(callback); - } else { - callbacks.push(callback); - if (callbacks.length === 1) { - div.setAttribute("a", attr = !attr); - } - } - }; - } - util.nextTick = util.setImmediate; - })(); - util.isNodejs = typeof process !== "undefined" && process.versions && process.versions.node; - util.globalScope = (function() { - if (util.isNodejs) { - return global; - } - return typeof self === "undefined" ? window : self; - })(); - util.isArray = Array.isArray || function(x) { - return Object.prototype.toString.call(x) === "[object Array]"; + return z; }; - util.isArrayBuffer = function(x) { - return typeof ArrayBuffer !== "undefined" && x instanceof ArrayBuffer; + modes.gcm.prototype.ghash = function(h, y, x) { + y[0] ^= x[0]; + y[1] ^= x[1]; + y[2] ^= x[2]; + y[3] ^= x[3]; + return this.tableMultiply(y); }; - util.isArrayBufferView = function(x) { - return x && util.isArrayBuffer(x.buffer) && x.byteLength !== void 0; + modes.gcm.prototype.generateHashTable = function(h, bits) { + var multiplier = 8 / bits; + var perInt = 4 * multiplier; + var size = 16 * multiplier; + var m = new Array(size); + for (var i = 0; i < size; ++i) { + var tmp = [0, 0, 0, 0]; + var idx = i / perInt | 0; + var shft = (perInt - 1 - i % perInt) * bits; + tmp[idx] = 1 << bits - 1 << shft; + m[i] = this.generateSubHashTable(this.multiply(tmp, h), bits); + } + return m; }; - function _checkBitsParam(n) { - if (!(n === 8 || n === 16 || n === 24 || n === 32)) { - throw new Error("Only 8, 16, 24, or 32 bits supported: " + n); + modes.gcm.prototype.generateSubHashTable = function(mid, bits) { + var size = 1 << bits; + var half = size >>> 1; + var m = new Array(size); + m[half] = mid.slice(0); + var i = half >>> 1; + while (i > 0) { + this.pow(m[2 * i], m[i] = []); + i >>= 1; } - } - util.ByteBuffer = ByteStringBuffer; - function ByteStringBuffer(b) { - this.data = ""; - this.read = 0; - if (typeof b === "string") { - this.data = b; - } else if (util.isArrayBuffer(b) || util.isArrayBufferView(b)) { - if (typeof Buffer !== "undefined" && b instanceof Buffer) { - this.data = b.toString("binary"); - } else { - var arr = new Uint8Array(b); - try { - this.data = String.fromCharCode.apply(null, arr); - } catch (e) { - for (var i = 0; i < arr.length; ++i) { - this.putByte(arr[i]); - } - } + i = 2; + while (i < half) { + for (var j = 1; j < i; ++j) { + var m_i = m[i]; + var m_j = m[j]; + m[i + j] = [ + m_i[0] ^ m_j[0], + m_i[1] ^ m_j[1], + m_i[2] ^ m_j[2], + m_i[3] ^ m_j[3] + ]; } - } else if (b instanceof ByteStringBuffer || typeof b === "object" && typeof b.data === "string" && typeof b.read === "number") { - this.data = b.data; - this.read = b.read; + i *= 2; } - this._constructedStringLength = 0; - } - util.ByteStringBuffer = ByteStringBuffer; - var _MAX_CONSTRUCTED_STRING_LENGTH = 4096; - util.ByteStringBuffer.prototype._optimizeConstructedString = function(x) { - this._constructedStringLength += x; - if (this._constructedStringLength > _MAX_CONSTRUCTED_STRING_LENGTH) { - this.data.substr(0, 1); - this._constructedStringLength = 0; + m[0] = [0, 0, 0, 0]; + for (i = half + 1; i < size; ++i) { + var c = m[i ^ half]; + m[i] = [mid[0] ^ c[0], mid[1] ^ c[1], mid[2] ^ c[2], mid[3] ^ c[3]]; } + return m; }; - util.ByteStringBuffer.prototype.length = function() { - return this.data.length - this.read; - }; - util.ByteStringBuffer.prototype.isEmpty = function() { - return this.length() <= 0; - }; - util.ByteStringBuffer.prototype.putByte = function(b) { - return this.putBytes(String.fromCharCode(b)); - }; - util.ByteStringBuffer.prototype.fillWithByte = function(b, n) { - b = String.fromCharCode(b); - var d = this.data; - while (n > 0) { - if (n & 1) { - d += b; - } - n >>>= 1; - if (n > 0) { - b += b; - } + function transformIV(iv, blockSize) { + if (typeof iv === "string") { + iv = forge.util.createBuffer(iv); } - this.data = d; - this._optimizeConstructedString(n); - return this; - }; - util.ByteStringBuffer.prototype.putBytes = function(bytes) { - this.data += bytes; - this._optimizeConstructedString(bytes.length); - return this; - }; - util.ByteStringBuffer.prototype.putString = function(str2) { - return this.putBytes(util.encodeUtf8(str2)); - }; - util.ByteStringBuffer.prototype.putInt16 = function(i) { - return this.putBytes( - String.fromCharCode(i >> 8 & 255) + String.fromCharCode(i & 255) - ); - }; - util.ByteStringBuffer.prototype.putInt24 = function(i) { - return this.putBytes( - String.fromCharCode(i >> 16 & 255) + String.fromCharCode(i >> 8 & 255) + String.fromCharCode(i & 255) - ); - }; - util.ByteStringBuffer.prototype.putInt32 = function(i) { - return this.putBytes( - String.fromCharCode(i >> 24 & 255) + String.fromCharCode(i >> 16 & 255) + String.fromCharCode(i >> 8 & 255) + String.fromCharCode(i & 255) - ); - }; - util.ByteStringBuffer.prototype.putInt16Le = function(i) { - return this.putBytes( - String.fromCharCode(i & 255) + String.fromCharCode(i >> 8 & 255) - ); - }; - util.ByteStringBuffer.prototype.putInt24Le = function(i) { - return this.putBytes( - String.fromCharCode(i & 255) + String.fromCharCode(i >> 8 & 255) + String.fromCharCode(i >> 16 & 255) - ); - }; - util.ByteStringBuffer.prototype.putInt32Le = function(i) { - return this.putBytes( - String.fromCharCode(i & 255) + String.fromCharCode(i >> 8 & 255) + String.fromCharCode(i >> 16 & 255) + String.fromCharCode(i >> 24 & 255) - ); - }; - util.ByteStringBuffer.prototype.putInt = function(i, n) { - _checkBitsParam(n); - var bytes = ""; - do { - n -= 8; - bytes += String.fromCharCode(i >> n & 255); - } while (n > 0); - return this.putBytes(bytes); - }; - util.ByteStringBuffer.prototype.putSignedInt = function(i, n) { - if (i < 0) { - i += 2 << n - 1; + if (forge.util.isArray(iv) && iv.length > 4) { + var tmp = iv; + iv = forge.util.createBuffer(); + for (var i = 0; i < tmp.length; ++i) { + iv.putByte(tmp[i]); + } } - return this.putInt(i, n); - }; - util.ByteStringBuffer.prototype.putBuffer = function(buffer) { - return this.putBytes(buffer.getBytes()); - }; - util.ByteStringBuffer.prototype.getByte = function() { - return this.data.charCodeAt(this.read++); - }; - util.ByteStringBuffer.prototype.getInt16 = function() { - var rval = this.data.charCodeAt(this.read) << 8 ^ this.data.charCodeAt(this.read + 1); - this.read += 2; - return rval; - }; - util.ByteStringBuffer.prototype.getInt24 = function() { - var rval = this.data.charCodeAt(this.read) << 16 ^ this.data.charCodeAt(this.read + 1) << 8 ^ this.data.charCodeAt(this.read + 2); - this.read += 3; - return rval; - }; - util.ByteStringBuffer.prototype.getInt32 = function() { - var rval = this.data.charCodeAt(this.read) << 24 ^ this.data.charCodeAt(this.read + 1) << 16 ^ this.data.charCodeAt(this.read + 2) << 8 ^ this.data.charCodeAt(this.read + 3); - this.read += 4; - return rval; - }; - util.ByteStringBuffer.prototype.getInt16Le = function() { - var rval = this.data.charCodeAt(this.read) ^ this.data.charCodeAt(this.read + 1) << 8; - this.read += 2; - return rval; - }; - util.ByteStringBuffer.prototype.getInt24Le = function() { - var rval = this.data.charCodeAt(this.read) ^ this.data.charCodeAt(this.read + 1) << 8 ^ this.data.charCodeAt(this.read + 2) << 16; - this.read += 3; - return rval; - }; - util.ByteStringBuffer.prototype.getInt32Le = function() { - var rval = this.data.charCodeAt(this.read) ^ this.data.charCodeAt(this.read + 1) << 8 ^ this.data.charCodeAt(this.read + 2) << 16 ^ this.data.charCodeAt(this.read + 3) << 24; - this.read += 4; - return rval; - }; - util.ByteStringBuffer.prototype.getInt = function(n) { - _checkBitsParam(n); - var rval = 0; - do { - rval = (rval << 8) + this.data.charCodeAt(this.read++); - n -= 8; - } while (n > 0); - return rval; - }; - util.ByteStringBuffer.prototype.getSignedInt = function(n) { - var x = this.getInt(n); - var max = 2 << n - 2; - if (x >= max) { - x -= max << 1; + if (iv.length() < blockSize) { + throw new Error( + "Invalid IV length; got " + iv.length() + " bytes and expected " + blockSize + " bytes." + ); } - return x; - }; - util.ByteStringBuffer.prototype.getBytes = function(count) { - var rval; - if (count) { - count = Math.min(this.length(), count); - rval = this.data.slice(this.read, this.read + count); - this.read += count; - } else if (count === 0) { - rval = ""; - } else { - rval = this.read === 0 ? this.data : this.data.slice(this.read); - this.clear(); + if (!forge.util.isArray(iv)) { + var ints = []; + var blocks = blockSize / 4; + for (var i = 0; i < blocks; ++i) { + ints.push(iv.getInt32()); + } + iv = ints; } - return rval; - }; - util.ByteStringBuffer.prototype.bytes = function(count) { - return typeof count === "undefined" ? this.data.slice(this.read) : this.data.slice(this.read, this.read + count); - }; - util.ByteStringBuffer.prototype.at = function(i) { - return this.data.charCodeAt(this.read + i); + return iv; + } + function inc32(block) { + block[block.length - 1] = block[block.length - 1] + 1 & 4294967295; + } + function from64To32(num) { + return [num / 4294967296 | 0, num & 4294967295]; + } + } +}); + +// node_modules/node-forge/lib/aes.js +var require_aes = __commonJS({ + "node_modules/node-forge/lib/aes.js"(exports2, module2) { + var forge = require_forge(); + require_cipher(); + require_cipherModes(); + require_util9(); + module2.exports = forge.aes = forge.aes || {}; + forge.aes.startEncrypting = function(key, iv, output, mode) { + var cipher = _createCipher({ + key, + output, + decrypt: false, + mode + }); + cipher.start(iv); + return cipher; }; - util.ByteStringBuffer.prototype.setAt = function(i, b) { - this.data = this.data.substr(0, this.read + i) + String.fromCharCode(b) + this.data.substr(this.read + i + 1); - return this; + forge.aes.createEncryptionCipher = function(key, mode) { + return _createCipher({ + key, + output: null, + decrypt: false, + mode + }); }; - util.ByteStringBuffer.prototype.last = function() { - return this.data.charCodeAt(this.data.length - 1); + forge.aes.startDecrypting = function(key, iv, output, mode) { + var cipher = _createCipher({ + key, + output, + decrypt: true, + mode + }); + cipher.start(iv); + return cipher; }; - util.ByteStringBuffer.prototype.copy = function() { - var c = util.createBuffer(this.data); - c.read = this.read; - return c; + forge.aes.createDecryptionCipher = function(key, mode) { + return _createCipher({ + key, + output: null, + decrypt: true, + mode + }); }; - util.ByteStringBuffer.prototype.compact = function() { - if (this.read > 0) { - this.data = this.data.slice(this.read); - this.read = 0; + forge.aes.Algorithm = function(name, mode) { + if (!init) { + initialize(); } - return this; - }; - util.ByteStringBuffer.prototype.clear = function() { - this.data = ""; - this.read = 0; - return this; - }; - util.ByteStringBuffer.prototype.truncate = function(count) { - var len = Math.max(0, this.length() - count); - this.data = this.data.substr(this.read, len); - this.read = 0; - return this; - }; - util.ByteStringBuffer.prototype.toHex = function() { - var rval = ""; - for (var i = this.read; i < this.data.length; ++i) { - var b = this.data.charCodeAt(i); - if (b < 16) { - rval += "0"; + var self2 = this; + self2.name = name; + self2.mode = new mode({ + blockSize: 16, + cipher: { + encrypt: function(inBlock, outBlock) { + return _updateBlock(self2._w, inBlock, outBlock, false); + }, + decrypt: function(inBlock, outBlock) { + return _updateBlock(self2._w, inBlock, outBlock, true); + } } - rval += b.toString(16); - } - return rval; - }; - util.ByteStringBuffer.prototype.toString = function() { - return util.decodeUtf8(this.bytes()); + }); + self2._init = false; }; - function DataBuffer(b, options) { - options = options || {}; - this.read = options.readOffset || 0; - this.growSize = options.growSize || 1024; - var isArrayBuffer = util.isArrayBuffer(b); - var isArrayBufferView = util.isArrayBufferView(b); - if (isArrayBuffer || isArrayBufferView) { - if (isArrayBuffer) { - this.data = new DataView(b); - } else { - this.data = new DataView(b.buffer, b.byteOffset, b.byteLength); - } - this.write = "writeOffset" in options ? options.writeOffset : this.data.byteLength; + forge.aes.Algorithm.prototype.initialize = function(options) { + if (this._init) { return; } - this.data = new DataView(new ArrayBuffer(0)); - this.write = 0; - if (b !== null && b !== void 0) { - this.putBytes(b); + var key = options.key; + var tmp; + if (typeof key === "string" && (key.length === 16 || key.length === 24 || key.length === 32)) { + key = forge.util.createBuffer(key); + } else if (forge.util.isArray(key) && (key.length === 16 || key.length === 24 || key.length === 32)) { + tmp = key; + key = forge.util.createBuffer(); + for (var i = 0; i < tmp.length; ++i) { + key.putByte(tmp[i]); + } } - if ("writeOffset" in options) { - this.write = options.writeOffset; + if (!forge.util.isArray(key)) { + tmp = key; + key = []; + var len = tmp.length(); + if (len === 16 || len === 24 || len === 32) { + len = len >>> 2; + for (var i = 0; i < len; ++i) { + key.push(tmp.getInt32()); + } + } } - } - util.DataBuffer = DataBuffer; - util.DataBuffer.prototype.length = function() { - return this.write - this.read; - }; - util.DataBuffer.prototype.isEmpty = function() { - return this.length() <= 0; - }; - util.DataBuffer.prototype.accommodate = function(amount, growSize) { - if (this.length() >= amount) { - return this; + if (!forge.util.isArray(key) || !(key.length === 4 || key.length === 6 || key.length === 8)) { + throw new Error("Invalid key parameter."); } - growSize = Math.max(growSize || this.growSize, amount); - var src = new Uint8Array( - this.data.buffer, - this.data.byteOffset, - this.data.byteLength - ); - var dst = new Uint8Array(this.length() + growSize); - dst.set(src); - this.data = new DataView(dst.buffer); - return this; - }; - util.DataBuffer.prototype.putByte = function(b) { - this.accommodate(1); - this.data.setUint8(this.write++, b); - return this; + var mode = this.mode.name; + var encryptOp = ["CFB", "OFB", "CTR", "GCM"].indexOf(mode) !== -1; + this._w = _expandKey(key, options.decrypt && !encryptOp); + this._init = true; }; - util.DataBuffer.prototype.fillWithByte = function(b, n) { - this.accommodate(n); - for (var i = 0; i < n; ++i) { - this.data.setUint8(b); + forge.aes._expandKey = function(key, decrypt) { + if (!init) { + initialize(); } - return this; + return _expandKey(key, decrypt); }; - util.DataBuffer.prototype.putBytes = function(bytes, encoding) { - if (util.isArrayBufferView(bytes)) { - var src = new Uint8Array(bytes.buffer, bytes.byteOffset, bytes.byteLength); - var len = src.byteLength - src.byteOffset; - this.accommodate(len); - var dst = new Uint8Array(this.data.buffer, this.write); - dst.set(src); - this.write += len; - return this; - } - if (util.isArrayBuffer(bytes)) { - var src = new Uint8Array(bytes); - this.accommodate(src.byteLength); - var dst = new Uint8Array(this.data.buffer); - dst.set(src, this.write); - this.write += src.byteLength; - return this; - } - if (bytes instanceof util.DataBuffer || typeof bytes === "object" && typeof bytes.read === "number" && typeof bytes.write === "number" && util.isArrayBufferView(bytes.data)) { - var src = new Uint8Array(bytes.data.byteLength, bytes.read, bytes.length()); - this.accommodate(src.byteLength); - var dst = new Uint8Array(bytes.data.byteLength, this.write); - dst.set(src); - this.write += src.byteLength; - return this; + forge.aes._updateBlock = _updateBlock; + registerAlgorithm("AES-ECB", forge.cipher.modes.ecb); + registerAlgorithm("AES-CBC", forge.cipher.modes.cbc); + registerAlgorithm("AES-CFB", forge.cipher.modes.cfb); + registerAlgorithm("AES-OFB", forge.cipher.modes.ofb); + registerAlgorithm("AES-CTR", forge.cipher.modes.ctr); + registerAlgorithm("AES-GCM", forge.cipher.modes.gcm); + function registerAlgorithm(name, mode) { + var factory = function() { + return new forge.aes.Algorithm(name, mode); + }; + forge.cipher.registerAlgorithm(name, factory); + } + var init = false; + var Nb = 4; + var sbox; + var isbox; + var rcon; + var mix; + var imix; + function initialize() { + init = true; + rcon = [0, 1, 2, 4, 8, 16, 32, 64, 128, 27, 54]; + var xtime = new Array(256); + for (var i = 0; i < 128; ++i) { + xtime[i] = i << 1; + xtime[i + 128] = i + 128 << 1 ^ 283; } - if (bytes instanceof util.ByteStringBuffer) { - bytes = bytes.data; - encoding = "binary"; + sbox = new Array(256); + isbox = new Array(256); + mix = new Array(4); + imix = new Array(4); + for (var i = 0; i < 4; ++i) { + mix[i] = new Array(256); + imix[i] = new Array(256); } - encoding = encoding || "binary"; - if (typeof bytes === "string") { - var view; - if (encoding === "hex") { - this.accommodate(Math.ceil(bytes.length / 2)); - view = new Uint8Array(this.data.buffer, this.write); - this.write += util.binary.hex.decode(bytes, view, this.write); - return this; - } - if (encoding === "base64") { - this.accommodate(Math.ceil(bytes.length / 4) * 3); - view = new Uint8Array(this.data.buffer, this.write); - this.write += util.binary.base64.decode(bytes, view, this.write); - return this; + var e = 0, ei = 0, e2, e4, e8, sx, sx2, me, ime; + for (var i = 0; i < 256; ++i) { + sx = ei ^ ei << 1 ^ ei << 2 ^ ei << 3 ^ ei << 4; + sx = sx >> 8 ^ sx & 255 ^ 99; + sbox[e] = sx; + isbox[sx] = e; + sx2 = xtime[sx]; + e2 = xtime[e]; + e4 = xtime[e2]; + e8 = xtime[e4]; + me = sx2 << 24 ^ // 2 + sx << 16 ^ // 1 + sx << 8 ^ // 1 + (sx ^ sx2); + ime = (e2 ^ e4 ^ e8) << 24 ^ // E (14) + (e ^ e8) << 16 ^ // 9 + (e ^ e4 ^ e8) << 8 ^ // D (13) + (e ^ e2 ^ e8); + for (var n = 0; n < 4; ++n) { + mix[n][e] = me; + imix[n][sx] = ime; + me = me << 24 | me >>> 8; + ime = ime << 24 | ime >>> 8; } - if (encoding === "utf8") { - bytes = util.encodeUtf8(bytes); - encoding = "binary"; + if (e === 0) { + e = ei = 1; + } else { + e = e2 ^ xtime[xtime[xtime[e2 ^ e8]]]; + ei ^= xtime[xtime[ei]]; } - if (encoding === "binary" || encoding === "raw") { - this.accommodate(bytes.length); - view = new Uint8Array(this.data.buffer, this.write); - this.write += util.binary.raw.decode(view); - return this; + } + } + function _expandKey(key, decrypt) { + var w = key.slice(0); + var temp, iNk = 1; + var Nk = w.length; + var Nr1 = Nk + 6 + 1; + var end = Nb * Nr1; + for (var i = Nk; i < end; ++i) { + temp = w[i - 1]; + if (i % Nk === 0) { + temp = sbox[temp >>> 16 & 255] << 24 ^ sbox[temp >>> 8 & 255] << 16 ^ sbox[temp & 255] << 8 ^ sbox[temp >>> 24] ^ rcon[iNk] << 24; + iNk++; + } else if (Nk > 6 && i % Nk === 4) { + temp = sbox[temp >>> 24] << 24 ^ sbox[temp >>> 16 & 255] << 16 ^ sbox[temp >>> 8 & 255] << 8 ^ sbox[temp & 255]; } - if (encoding === "utf16") { - this.accommodate(bytes.length * 2); - view = new Uint16Array(this.data.buffer, this.write); - this.write += util.text.utf16.encode(view); - return this; + w[i] = w[i - Nk] ^ temp; + } + if (decrypt) { + var tmp; + var m0 = imix[0]; + var m1 = imix[1]; + var m2 = imix[2]; + var m3 = imix[3]; + var wnew = w.slice(0); + end = w.length; + for (var i = 0, wi = end - Nb; i < end; i += Nb, wi -= Nb) { + if (i === 0 || i === end - Nb) { + wnew[i] = w[wi]; + wnew[i + 1] = w[wi + 3]; + wnew[i + 2] = w[wi + 2]; + wnew[i + 3] = w[wi + 1]; + } else { + for (var n = 0; n < Nb; ++n) { + tmp = w[wi + n]; + wnew[i + (3 & -n)] = m0[sbox[tmp >>> 24]] ^ m1[sbox[tmp >>> 16 & 255]] ^ m2[sbox[tmp >>> 8 & 255]] ^ m3[sbox[tmp & 255]]; + } + } } - throw new Error("Invalid encoding: " + encoding); + w = wnew; } - throw Error("Invalid parameter: " + bytes); - }; - util.DataBuffer.prototype.putBuffer = function(buffer) { - this.putBytes(buffer); - buffer.clear(); - return this; - }; - util.DataBuffer.prototype.putString = function(str2) { - return this.putBytes(str2, "utf16"); - }; - util.DataBuffer.prototype.putInt16 = function(i) { - this.accommodate(2); - this.data.setInt16(this.write, i); - this.write += 2; - return this; - }; - util.DataBuffer.prototype.putInt24 = function(i) { - this.accommodate(3); - this.data.setInt16(this.write, i >> 8 & 65535); - this.data.setInt8(this.write, i >> 16 & 255); - this.write += 3; - return this; - }; - util.DataBuffer.prototype.putInt32 = function(i) { - this.accommodate(4); - this.data.setInt32(this.write, i); - this.write += 4; - return this; - }; - util.DataBuffer.prototype.putInt16Le = function(i) { - this.accommodate(2); - this.data.setInt16(this.write, i, true); - this.write += 2; - return this; - }; - util.DataBuffer.prototype.putInt24Le = function(i) { - this.accommodate(3); - this.data.setInt8(this.write, i >> 16 & 255); - this.data.setInt16(this.write, i >> 8 & 65535, true); - this.write += 3; - return this; - }; - util.DataBuffer.prototype.putInt32Le = function(i) { - this.accommodate(4); - this.data.setInt32(this.write, i, true); - this.write += 4; - return this; - }; - util.DataBuffer.prototype.putInt = function(i, n) { - _checkBitsParam(n); - this.accommodate(n / 8); - do { - n -= 8; - this.data.setInt8(this.write++, i >> n & 255); - } while (n > 0); - return this; - }; - util.DataBuffer.prototype.putSignedInt = function(i, n) { - _checkBitsParam(n); - this.accommodate(n / 8); - if (i < 0) { - i += 2 << n - 1; + return w; + } + function _updateBlock(w, input, output, decrypt) { + var Nr = w.length / 4 - 1; + var m0, m1, m2, m3, sub; + if (decrypt) { + m0 = imix[0]; + m1 = imix[1]; + m2 = imix[2]; + m3 = imix[3]; + sub = isbox; + } else { + m0 = mix[0]; + m1 = mix[1]; + m2 = mix[2]; + m3 = mix[3]; + sub = sbox; } - return this.putInt(i, n); - }; - util.DataBuffer.prototype.getByte = function() { - return this.data.getInt8(this.read++); - }; - util.DataBuffer.prototype.getInt16 = function() { - var rval = this.data.getInt16(this.read); - this.read += 2; - return rval; - }; - util.DataBuffer.prototype.getInt24 = function() { - var rval = this.data.getInt16(this.read) << 8 ^ this.data.getInt8(this.read + 2); - this.read += 3; - return rval; - }; - util.DataBuffer.prototype.getInt32 = function() { - var rval = this.data.getInt32(this.read); - this.read += 4; - return rval; - }; - util.DataBuffer.prototype.getInt16Le = function() { - var rval = this.data.getInt16(this.read, true); - this.read += 2; - return rval; - }; - util.DataBuffer.prototype.getInt24Le = function() { - var rval = this.data.getInt8(this.read) ^ this.data.getInt16(this.read + 1, true) << 8; - this.read += 3; - return rval; - }; - util.DataBuffer.prototype.getInt32Le = function() { - var rval = this.data.getInt32(this.read, true); - this.read += 4; - return rval; - }; - util.DataBuffer.prototype.getInt = function(n) { - _checkBitsParam(n); - var rval = 0; - do { - rval = (rval << 8) + this.data.getInt8(this.read++); - n -= 8; - } while (n > 0); - return rval; - }; - util.DataBuffer.prototype.getSignedInt = function(n) { - var x = this.getInt(n); - var max = 2 << n - 2; - if (x >= max) { - x -= max << 1; + var a, b, c, d, a2, b2, c2; + a = input[0] ^ w[0]; + b = input[decrypt ? 3 : 1] ^ w[1]; + c = input[2] ^ w[2]; + d = input[decrypt ? 1 : 3] ^ w[3]; + var i = 3; + for (var round = 1; round < Nr; ++round) { + a2 = m0[a >>> 24] ^ m1[b >>> 16 & 255] ^ m2[c >>> 8 & 255] ^ m3[d & 255] ^ w[++i]; + b2 = m0[b >>> 24] ^ m1[c >>> 16 & 255] ^ m2[d >>> 8 & 255] ^ m3[a & 255] ^ w[++i]; + c2 = m0[c >>> 24] ^ m1[d >>> 16 & 255] ^ m2[a >>> 8 & 255] ^ m3[b & 255] ^ w[++i]; + d = m0[d >>> 24] ^ m1[a >>> 16 & 255] ^ m2[b >>> 8 & 255] ^ m3[c & 255] ^ w[++i]; + a = a2; + b = b2; + c = c2; } - return x; - }; - util.DataBuffer.prototype.getBytes = function(count) { - var rval; - if (count) { - count = Math.min(this.length(), count); - rval = this.data.slice(this.read, this.read + count); - this.read += count; - } else if (count === 0) { - rval = ""; + output[0] = sub[a >>> 24] << 24 ^ sub[b >>> 16 & 255] << 16 ^ sub[c >>> 8 & 255] << 8 ^ sub[d & 255] ^ w[++i]; + output[decrypt ? 3 : 1] = sub[b >>> 24] << 24 ^ sub[c >>> 16 & 255] << 16 ^ sub[d >>> 8 & 255] << 8 ^ sub[a & 255] ^ w[++i]; + output[2] = sub[c >>> 24] << 24 ^ sub[d >>> 16 & 255] << 16 ^ sub[a >>> 8 & 255] << 8 ^ sub[b & 255] ^ w[++i]; + output[decrypt ? 1 : 3] = sub[d >>> 24] << 24 ^ sub[a >>> 16 & 255] << 16 ^ sub[b >>> 8 & 255] << 8 ^ sub[c & 255] ^ w[++i]; + } + function _createCipher(options) { + options = options || {}; + var mode = (options.mode || "CBC").toUpperCase(); + var algorithm = "AES-" + mode; + var cipher; + if (options.decrypt) { + cipher = forge.cipher.createDecipher(algorithm, options.key); } else { - rval = this.read === 0 ? this.data : this.data.slice(this.read); - this.clear(); + cipher = forge.cipher.createCipher(algorithm, options.key); } - return rval; - }; - util.DataBuffer.prototype.bytes = function(count) { - return typeof count === "undefined" ? this.data.slice(this.read) : this.data.slice(this.read, this.read + count); + var start = cipher.start; + cipher.start = function(iv, options2) { + var output = null; + if (options2 instanceof forge.util.ByteBuffer) { + output = options2; + options2 = {}; + } + options2 = options2 || {}; + options2.output = output; + options2.iv = iv; + start.call(cipher, options2); + }; + return cipher; + } + } +}); + +// node_modules/node-forge/lib/oids.js +var require_oids = __commonJS({ + "node_modules/node-forge/lib/oids.js"(exports2, module2) { + var forge = require_forge(); + forge.pki = forge.pki || {}; + var oids = module2.exports = forge.pki.oids = forge.oids = forge.oids || {}; + function _IN(id, name) { + oids[id] = name; + oids[name] = id; + } + function _I_(id, name) { + oids[id] = name; + } + _IN("1.2.840.113549.1.1.1", "rsaEncryption"); + _IN("1.2.840.113549.1.1.4", "md5WithRSAEncryption"); + _IN("1.2.840.113549.1.1.5", "sha1WithRSAEncryption"); + _IN("1.2.840.113549.1.1.7", "RSAES-OAEP"); + _IN("1.2.840.113549.1.1.8", "mgf1"); + _IN("1.2.840.113549.1.1.9", "pSpecified"); + _IN("1.2.840.113549.1.1.10", "RSASSA-PSS"); + _IN("1.2.840.113549.1.1.11", "sha256WithRSAEncryption"); + _IN("1.2.840.113549.1.1.12", "sha384WithRSAEncryption"); + _IN("1.2.840.113549.1.1.13", "sha512WithRSAEncryption"); + _IN("1.3.101.112", "EdDSA25519"); + _IN("1.2.840.10040.4.3", "dsa-with-sha1"); + _IN("1.3.14.3.2.7", "desCBC"); + _IN("1.3.14.3.2.26", "sha1"); + _IN("1.3.14.3.2.29", "sha1WithRSASignature"); + _IN("2.16.840.1.101.3.4.2.1", "sha256"); + _IN("2.16.840.1.101.3.4.2.2", "sha384"); + _IN("2.16.840.1.101.3.4.2.3", "sha512"); + _IN("2.16.840.1.101.3.4.2.4", "sha224"); + _IN("2.16.840.1.101.3.4.2.5", "sha512-224"); + _IN("2.16.840.1.101.3.4.2.6", "sha512-256"); + _IN("1.2.840.113549.2.2", "md2"); + _IN("1.2.840.113549.2.5", "md5"); + _IN("1.2.840.113549.1.7.1", "data"); + _IN("1.2.840.113549.1.7.2", "signedData"); + _IN("1.2.840.113549.1.7.3", "envelopedData"); + _IN("1.2.840.113549.1.7.4", "signedAndEnvelopedData"); + _IN("1.2.840.113549.1.7.5", "digestedData"); + _IN("1.2.840.113549.1.7.6", "encryptedData"); + _IN("1.2.840.113549.1.9.1", "emailAddress"); + _IN("1.2.840.113549.1.9.2", "unstructuredName"); + _IN("1.2.840.113549.1.9.3", "contentType"); + _IN("1.2.840.113549.1.9.4", "messageDigest"); + _IN("1.2.840.113549.1.9.5", "signingTime"); + _IN("1.2.840.113549.1.9.6", "counterSignature"); + _IN("1.2.840.113549.1.9.7", "challengePassword"); + _IN("1.2.840.113549.1.9.8", "unstructuredAddress"); + _IN("1.2.840.113549.1.9.14", "extensionRequest"); + _IN("1.2.840.113549.1.9.20", "friendlyName"); + _IN("1.2.840.113549.1.9.21", "localKeyId"); + _IN("1.2.840.113549.1.9.22.1", "x509Certificate"); + _IN("1.2.840.113549.1.12.10.1.1", "keyBag"); + _IN("1.2.840.113549.1.12.10.1.2", "pkcs8ShroudedKeyBag"); + _IN("1.2.840.113549.1.12.10.1.3", "certBag"); + _IN("1.2.840.113549.1.12.10.1.4", "crlBag"); + _IN("1.2.840.113549.1.12.10.1.5", "secretBag"); + _IN("1.2.840.113549.1.12.10.1.6", "safeContentsBag"); + _IN("1.2.840.113549.1.5.13", "pkcs5PBES2"); + _IN("1.2.840.113549.1.5.12", "pkcs5PBKDF2"); + _IN("1.2.840.113549.1.12.1.1", "pbeWithSHAAnd128BitRC4"); + _IN("1.2.840.113549.1.12.1.2", "pbeWithSHAAnd40BitRC4"); + _IN("1.2.840.113549.1.12.1.3", "pbeWithSHAAnd3-KeyTripleDES-CBC"); + _IN("1.2.840.113549.1.12.1.4", "pbeWithSHAAnd2-KeyTripleDES-CBC"); + _IN("1.2.840.113549.1.12.1.5", "pbeWithSHAAnd128BitRC2-CBC"); + _IN("1.2.840.113549.1.12.1.6", "pbewithSHAAnd40BitRC2-CBC"); + _IN("1.2.840.113549.2.7", "hmacWithSHA1"); + _IN("1.2.840.113549.2.8", "hmacWithSHA224"); + _IN("1.2.840.113549.2.9", "hmacWithSHA256"); + _IN("1.2.840.113549.2.10", "hmacWithSHA384"); + _IN("1.2.840.113549.2.11", "hmacWithSHA512"); + _IN("1.2.840.113549.3.7", "des-EDE3-CBC"); + _IN("2.16.840.1.101.3.4.1.2", "aes128-CBC"); + _IN("2.16.840.1.101.3.4.1.22", "aes192-CBC"); + _IN("2.16.840.1.101.3.4.1.42", "aes256-CBC"); + _IN("2.5.4.3", "commonName"); + _IN("2.5.4.4", "surname"); + _IN("2.5.4.5", "serialNumber"); + _IN("2.5.4.6", "countryName"); + _IN("2.5.4.7", "localityName"); + _IN("2.5.4.8", "stateOrProvinceName"); + _IN("2.5.4.9", "streetAddress"); + _IN("2.5.4.10", "organizationName"); + _IN("2.5.4.11", "organizationalUnitName"); + _IN("2.5.4.12", "title"); + _IN("2.5.4.13", "description"); + _IN("2.5.4.15", "businessCategory"); + _IN("2.5.4.17", "postalCode"); + _IN("2.5.4.42", "givenName"); + _IN("1.3.6.1.4.1.311.60.2.1.2", "jurisdictionOfIncorporationStateOrProvinceName"); + _IN("1.3.6.1.4.1.311.60.2.1.3", "jurisdictionOfIncorporationCountryName"); + _IN("2.16.840.1.113730.1.1", "nsCertType"); + _IN("2.16.840.1.113730.1.13", "nsComment"); + _I_("2.5.29.1", "authorityKeyIdentifier"); + _I_("2.5.29.2", "keyAttributes"); + _I_("2.5.29.3", "certificatePolicies"); + _I_("2.5.29.4", "keyUsageRestriction"); + _I_("2.5.29.5", "policyMapping"); + _I_("2.5.29.6", "subtreesConstraint"); + _I_("2.5.29.7", "subjectAltName"); + _I_("2.5.29.8", "issuerAltName"); + _I_("2.5.29.9", "subjectDirectoryAttributes"); + _I_("2.5.29.10", "basicConstraints"); + _I_("2.5.29.11", "nameConstraints"); + _I_("2.5.29.12", "policyConstraints"); + _I_("2.5.29.13", "basicConstraints"); + _IN("2.5.29.14", "subjectKeyIdentifier"); + _IN("2.5.29.15", "keyUsage"); + _I_("2.5.29.16", "privateKeyUsagePeriod"); + _IN("2.5.29.17", "subjectAltName"); + _IN("2.5.29.18", "issuerAltName"); + _IN("2.5.29.19", "basicConstraints"); + _I_("2.5.29.20", "cRLNumber"); + _I_("2.5.29.21", "cRLReason"); + _I_("2.5.29.22", "expirationDate"); + _I_("2.5.29.23", "instructionCode"); + _I_("2.5.29.24", "invalidityDate"); + _I_("2.5.29.25", "cRLDistributionPoints"); + _I_("2.5.29.26", "issuingDistributionPoint"); + _I_("2.5.29.27", "deltaCRLIndicator"); + _I_("2.5.29.28", "issuingDistributionPoint"); + _I_("2.5.29.29", "certificateIssuer"); + _I_("2.5.29.30", "nameConstraints"); + _IN("2.5.29.31", "cRLDistributionPoints"); + _IN("2.5.29.32", "certificatePolicies"); + _I_("2.5.29.33", "policyMappings"); + _I_("2.5.29.34", "policyConstraints"); + _IN("2.5.29.35", "authorityKeyIdentifier"); + _I_("2.5.29.36", "policyConstraints"); + _IN("2.5.29.37", "extKeyUsage"); + _I_("2.5.29.46", "freshestCRL"); + _I_("2.5.29.54", "inhibitAnyPolicy"); + _IN("1.3.6.1.4.1.11129.2.4.2", "timestampList"); + _IN("1.3.6.1.5.5.7.1.1", "authorityInfoAccess"); + _IN("1.3.6.1.5.5.7.3.1", "serverAuth"); + _IN("1.3.6.1.5.5.7.3.2", "clientAuth"); + _IN("1.3.6.1.5.5.7.3.3", "codeSigning"); + _IN("1.3.6.1.5.5.7.3.4", "emailProtection"); + _IN("1.3.6.1.5.5.7.3.8", "timeStamping"); + } +}); + +// node_modules/node-forge/lib/asn1.js +var require_asn1 = __commonJS({ + "node_modules/node-forge/lib/asn1.js"(exports2, module2) { + var forge = require_forge(); + require_util9(); + require_oids(); + var asn1 = module2.exports = forge.asn1 = forge.asn1 || {}; + asn1.Class = { + UNIVERSAL: 0, + APPLICATION: 64, + CONTEXT_SPECIFIC: 128, + PRIVATE: 192 }; - util.DataBuffer.prototype.at = function(i) { - return this.data.getUint8(this.read + i); + asn1.Type = { + NONE: 0, + BOOLEAN: 1, + INTEGER: 2, + BITSTRING: 3, + OCTETSTRING: 4, + NULL: 5, + OID: 6, + ODESC: 7, + EXTERNAL: 8, + REAL: 9, + ENUMERATED: 10, + EMBEDDED: 11, + UTF8: 12, + ROID: 13, + SEQUENCE: 16, + SET: 17, + PRINTABLESTRING: 19, + IA5STRING: 22, + UTCTIME: 23, + GENERALIZEDTIME: 24, + BMPSTRING: 30 }; - util.DataBuffer.prototype.setAt = function(i, b) { - this.data.setUint8(i, b); - return this; - }; - util.DataBuffer.prototype.last = function() { - return this.data.getUint8(this.write - 1); - }; - util.DataBuffer.prototype.copy = function() { - return new util.DataBuffer(this); - }; - util.DataBuffer.prototype.compact = function() { - if (this.read > 0) { - var src = new Uint8Array(this.data.buffer, this.read); - var dst = new Uint8Array(src.byteLength); - dst.set(src); - this.data = new DataView(dst); - this.write -= this.read; - this.read = 0; - } - return this; - }; - util.DataBuffer.prototype.clear = function() { - this.data = new DataView(new ArrayBuffer(0)); - this.read = this.write = 0; - return this; - }; - util.DataBuffer.prototype.truncate = function(count) { - this.write = Math.max(0, this.length() - count); - this.read = Math.min(this.read, this.write); - return this; - }; - util.DataBuffer.prototype.toHex = function() { - var rval = ""; - for (var i = this.read; i < this.data.byteLength; ++i) { - var b = this.data.getUint8(i); - if (b < 16) { - rval += "0"; + asn1.maxDepth = 256; + asn1.create = function(tagClass, type2, constructed, value, options) { + if (forge.util.isArray(value)) { + var tmp = []; + for (var i = 0; i < value.length; ++i) { + if (value[i] !== void 0) { + tmp.push(value[i]); + } } - rval += b.toString(16); - } - return rval; - }; - util.DataBuffer.prototype.toString = function(encoding) { - var view = new Uint8Array(this.data, this.read, this.length()); - encoding = encoding || "utf8"; - if (encoding === "binary" || encoding === "raw") { - return util.binary.raw.encode(view); - } - if (encoding === "hex") { - return util.binary.hex.encode(view); - } - if (encoding === "base64") { - return util.binary.base64.encode(view); - } - if (encoding === "utf8") { - return util.text.utf8.decode(view); - } - if (encoding === "utf16") { - return util.text.utf16.decode(view); - } - throw new Error("Invalid encoding: " + encoding); - }; - util.createBuffer = function(input, encoding) { - encoding = encoding || "raw"; - if (input !== void 0 && encoding === "utf8") { - input = util.encodeUtf8(input); + value = tmp; } - return new util.ByteBuffer(input); - }; - util.fillString = function(c, n) { - var s = ""; - while (n > 0) { - if (n & 1) { - s += c; - } - n >>>= 1; - if (n > 0) { - c += c; - } + var obj = { + tagClass, + type: type2, + constructed, + composed: constructed || forge.util.isArray(value), + value + }; + if (options && "bitStringContents" in options) { + obj.bitStringContents = options.bitStringContents; + obj.original = asn1.copy(obj); } - return s; + return obj; }; - util.xorBytes = function(s1, s2, n) { - var s3 = ""; - var b = ""; - var t = ""; - var i = 0; - var c = 0; - for (; n > 0; --n, ++i) { - b = s1.charCodeAt(i) ^ s2.charCodeAt(i); - if (c >= 10) { - s3 += t; - t = ""; - c = 0; + asn1.copy = function(obj, options) { + var copy; + if (forge.util.isArray(obj)) { + copy = []; + for (var i = 0; i < obj.length; ++i) { + copy.push(asn1.copy(obj[i], options)); } - t += String.fromCharCode(b); - ++c; + return copy; } - s3 += t; - return s3; - }; - util.hexToBytes = function(hex) { - var rval = ""; - var i = 0; - if (hex.length & true) { - i = 1; - rval += String.fromCharCode(parseInt(hex[0], 16)); + if (typeof obj === "string") { + return obj; } - for (; i < hex.length; i += 2) { - rval += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); + copy = { + tagClass: obj.tagClass, + type: obj.type, + constructed: obj.constructed, + composed: obj.composed, + value: asn1.copy(obj.value, options) + }; + if (options && !options.excludeBitStringContents) { + copy.bitStringContents = obj.bitStringContents; } - return rval; - }; - util.bytesToHex = function(bytes) { - return util.createBuffer(bytes).toHex(); - }; - util.int32ToBytes = function(i) { - return String.fromCharCode(i >> 24 & 255) + String.fromCharCode(i >> 16 & 255) + String.fromCharCode(i >> 8 & 255) + String.fromCharCode(i & 255); + return copy; }; - var _base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; - var _base64Idx = [ - /*43 -43 = 0*/ - /*'+', 1, 2, 3,'/' */ - 62, - -1, - -1, - -1, - 63, - /*'0','1','2','3','4','5','6','7','8','9' */ - 52, - 53, - 54, - 55, - 56, - 57, - 58, - 59, - 60, - 61, - /*15, 16, 17,'=', 19, 20, 21 */ - -1, - -1, - -1, - 64, - -1, - -1, - -1, - /*65 - 43 = 22*/ - /*'A','B','C','D','E','F','G','H','I','J','K','L','M', */ - 0, - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - /*'N','O','P','Q','R','S','T','U','V','W','X','Y','Z' */ - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - /*91 - 43 = 48 */ - /*48, 49, 50, 51, 52, 53 */ - -1, - -1, - -1, - -1, - -1, - -1, - /*97 - 43 = 54*/ - /*'a','b','c','d','e','f','g','h','i','j','k','l','m' */ - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36, - 37, - 38, - /*'n','o','p','q','r','s','t','u','v','w','x','y','z' */ - 39, - 40, - 41, - 42, - 43, - 44, - 45, - 46, - 47, - 48, - 49, - 50, - 51 - ]; - var _base58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"; - util.encode64 = function(input, maxline) { - var line = ""; - var output = ""; - var chr1, chr2, chr3; - var i = 0; - while (i < input.length) { - chr1 = input.charCodeAt(i++); - chr2 = input.charCodeAt(i++); - chr3 = input.charCodeAt(i++); - line += _base64.charAt(chr1 >> 2); - line += _base64.charAt((chr1 & 3) << 4 | chr2 >> 4); - if (isNaN(chr2)) { - line += "=="; - } else { - line += _base64.charAt((chr2 & 15) << 2 | chr3 >> 6); - line += isNaN(chr3) ? "=" : _base64.charAt(chr3 & 63); + asn1.equals = function(obj1, obj2, options) { + if (forge.util.isArray(obj1)) { + if (!forge.util.isArray(obj2)) { + return false; } - if (maxline && line.length > maxline) { - output += line.substr(0, maxline) + "\r\n"; - line = line.substr(maxline); + if (obj1.length !== obj2.length) { + return false; } - } - output += line; - return output; - }; - util.decode64 = function(input) { - input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ""); - var output = ""; - var enc1, enc2, enc3, enc4; - var i = 0; - while (i < input.length) { - enc1 = _base64Idx[input.charCodeAt(i++) - 43]; - enc2 = _base64Idx[input.charCodeAt(i++) - 43]; - enc3 = _base64Idx[input.charCodeAt(i++) - 43]; - enc4 = _base64Idx[input.charCodeAt(i++) - 43]; - output += String.fromCharCode(enc1 << 2 | enc2 >> 4); - if (enc3 !== 64) { - output += String.fromCharCode((enc2 & 15) << 4 | enc3 >> 2); - if (enc4 !== 64) { - output += String.fromCharCode((enc3 & 3) << 6 | enc4); + for (var i = 0; i < obj1.length; ++i) { + if (!asn1.equals(obj1[i], obj2[i])) { + return false; } } + return true; } - return output; - }; - util.encodeUtf8 = function(str2) { - return unescape(encodeURIComponent(str2)); - }; - util.decodeUtf8 = function(str2) { - return decodeURIComponent(escape(str2)); - }; - util.binary = { - raw: {}, - hex: {}, - base64: {}, - base58: {}, - baseN: { - encode: baseN.encode, - decode: baseN.decode + if (typeof obj1 !== typeof obj2) { + return false; } - }; - util.binary.raw.encode = function(bytes) { - return String.fromCharCode.apply(null, bytes); - }; - util.binary.raw.decode = function(str2, output, offset) { - var out = output; - if (!out) { - out = new Uint8Array(str2.length); + if (typeof obj1 === "string") { + return obj1 === obj2; } - offset = offset || 0; - var j = offset; - for (var i = 0; i < str2.length; ++i) { - out[j++] = str2.charCodeAt(i); + var equal = obj1.tagClass === obj2.tagClass && obj1.type === obj2.type && obj1.constructed === obj2.constructed && obj1.composed === obj2.composed && asn1.equals(obj1.value, obj2.value); + if (options && options.includeBitStringContents) { + equal = equal && obj1.bitStringContents === obj2.bitStringContents; } - return output ? j - offset : out; + return equal; }; - util.binary.hex.encode = util.bytesToHex; - util.binary.hex.decode = function(hex, output, offset) { - var out = output; - if (!out) { - out = new Uint8Array(Math.ceil(hex.length / 2)); - } - offset = offset || 0; - var i = 0, j = offset; - if (hex.length & 1) { - i = 1; - out[j++] = parseInt(hex[0], 16); + asn1.getBerValueLength = function(b) { + var b2 = b.getByte(); + if (b2 === 128) { + return void 0; } - for (; i < hex.length; i += 2) { - out[j++] = parseInt(hex.substr(i, 2), 16); + var length; + var longForm = b2 & 128; + if (!longForm) { + length = b2; + } else { + length = b.getInt((b2 & 127) << 3); } - return output ? j - offset : out; + return length; }; - util.binary.base64.encode = function(input, maxline) { - var line = ""; - var output = ""; - var chr1, chr2, chr3; - var i = 0; - while (i < input.byteLength) { - chr1 = input[i++]; - chr2 = input[i++]; - chr3 = input[i++]; - line += _base64.charAt(chr1 >> 2); - line += _base64.charAt((chr1 & 3) << 4 | chr2 >> 4); - if (isNaN(chr2)) { - line += "=="; - } else { - line += _base64.charAt((chr2 & 15) << 2 | chr3 >> 6); - line += isNaN(chr3) ? "=" : _base64.charAt(chr3 & 63); - } - if (maxline && line.length > maxline) { - output += line.substr(0, maxline) + "\r\n"; - line = line.substr(maxline); - } + function _checkBufferLength(bytes, remaining, n) { + if (n > remaining) { + var error3 = new Error("Too few bytes to parse DER."); + error3.available = bytes.length(); + error3.remaining = remaining; + error3.requested = n; + throw error3; } - output += line; - return output; - }; - util.binary.base64.decode = function(input, output, offset) { - var out = output; - if (!out) { - out = new Uint8Array(Math.ceil(input.length / 4) * 3); + } + var _getValueLength = function(bytes, remaining) { + var b2 = bytes.getByte(); + remaining--; + if (b2 === 128) { + return void 0; } - input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ""); - offset = offset || 0; - var enc1, enc2, enc3, enc4; - var i = 0, j = offset; - while (i < input.length) { - enc1 = _base64Idx[input.charCodeAt(i++) - 43]; - enc2 = _base64Idx[input.charCodeAt(i++) - 43]; - enc3 = _base64Idx[input.charCodeAt(i++) - 43]; - enc4 = _base64Idx[input.charCodeAt(i++) - 43]; - out[j++] = enc1 << 2 | enc2 >> 4; - if (enc3 !== 64) { - out[j++] = (enc2 & 15) << 4 | enc3 >> 2; - if (enc4 !== 64) { - out[j++] = (enc3 & 3) << 6 | enc4; - } - } + var length; + var longForm = b2 & 128; + if (!longForm) { + length = b2; + } else { + var longFormBytes = b2 & 127; + _checkBufferLength(bytes, remaining, longFormBytes); + length = bytes.getInt(longFormBytes << 3); } - return output ? j - offset : out.subarray(0, j); - }; - util.binary.base58.encode = function(input, maxline) { - return util.binary.baseN.encode(input, _base58, maxline); - }; - util.binary.base58.decode = function(input, maxline) { - return util.binary.baseN.decode(input, _base58, maxline); - }; - util.text = { - utf8: {}, - utf16: {} + if (length < 0) { + throw new Error("Negative length: " + length); + } + return length; }; - util.text.utf8.encode = function(str2, output, offset) { - str2 = util.encodeUtf8(str2); - var out = output; - if (!out) { - out = new Uint8Array(str2.length); + asn1.fromDer = function(bytes, options) { + if (options === void 0) { + options = { + strict: true, + parseAllBytes: true, + decodeBitStrings: true + }; } - offset = offset || 0; - var j = offset; - for (var i = 0; i < str2.length; ++i) { - out[j++] = str2.charCodeAt(i); + if (typeof options === "boolean") { + options = { + strict: options, + parseAllBytes: true, + decodeBitStrings: true + }; } - return output ? j - offset : out; - }; - util.text.utf8.decode = function(bytes) { - return util.decodeUtf8(String.fromCharCode.apply(null, bytes)); - }; - util.text.utf16.encode = function(str2, output, offset) { - var out = output; - if (!out) { - out = new Uint8Array(str2.length * 2); + if (!("strict" in options)) { + options.strict = true; } - var view = new Uint16Array(out.buffer); - offset = offset || 0; - var j = offset; - var k = offset; - for (var i = 0; i < str2.length; ++i) { - view[k++] = str2.charCodeAt(i); - j += 2; + if (!("parseAllBytes" in options)) { + options.parseAllBytes = true; } - return output ? j - offset : out; - }; - util.text.utf16.decode = function(bytes) { - return String.fromCharCode.apply(null, new Uint16Array(bytes.buffer)); - }; - util.deflate = function(api, bytes, raw) { - bytes = util.decode64(api.deflate(util.encode64(bytes)).rval); - if (raw) { - var start = 2; - var flg = bytes.charCodeAt(1); - if (flg & 32) { - start = 6; - } - bytes = bytes.substring(start, bytes.length - 4); + if (!("decodeBitStrings" in options)) { + options.decodeBitStrings = true; } - return bytes; - }; - util.inflate = function(api, bytes, raw) { - var rval = api.inflate(util.encode64(bytes)).rval; - return rval === null ? null : util.decode64(rval); - }; - var _setStorageObject = function(api, id, obj) { - if (!api) { - throw new Error("WebStorage not available."); + if (!("maxDepth" in options)) { + options.maxDepth = asn1.maxDepth; } - var rval; - if (obj === null) { - rval = api.removeItem(id); - } else { - obj = util.encode64(JSON.stringify(obj)); - rval = api.setItem(id, obj); + if (typeof bytes === "string") { + bytes = forge.util.createBuffer(bytes); } - if (typeof rval !== "undefined" && rval.rval !== true) { - var error3 = new Error(rval.error.message); - error3.id = rval.error.id; - error3.name = rval.error.name; + var byteCount = bytes.length(); + var value = _fromDer(bytes, bytes.length(), 0, options); + if (options.parseAllBytes && bytes.length() !== 0) { + var error3 = new Error("Unparsed DER bytes remain after ASN.1 parsing."); + error3.byteCount = byteCount; + error3.remaining = bytes.length(); throw error3; } + return value; }; - var _getStorageObject = function(api, id) { - if (!api) { - throw new Error("WebStorage not available."); + function _fromDer(bytes, remaining, depth, options) { + if (depth >= options.maxDepth) { + throw new Error("ASN.1 parsing error: Max depth exceeded."); } - var rval = api.getItem(id); - if (api.init) { - if (rval.rval === null) { - if (rval.error) { - var error3 = new Error(rval.error.message); - error3.id = rval.error.id; - error3.name = rval.error.name; - throw error3; + var start; + _checkBufferLength(bytes, remaining, 2); + var b1 = bytes.getByte(); + remaining--; + var tagClass = b1 & 192; + var type2 = b1 & 31; + start = bytes.length(); + var length = _getValueLength(bytes, remaining); + remaining -= start - bytes.length(); + if (length !== void 0 && length > remaining) { + if (options.strict) { + var error3 = new Error("Too few bytes to read ASN.1 value."); + error3.available = bytes.length(); + error3.remaining = remaining; + error3.requested = length; + throw error3; + } + length = remaining; + } + var value; + var bitStringContents; + var constructed = (b1 & 32) === 32; + if (constructed) { + value = []; + if (length === void 0) { + for (; ; ) { + _checkBufferLength(bytes, remaining, 2); + if (bytes.bytes(2) === String.fromCharCode(0, 0)) { + bytes.getBytes(2); + remaining -= 2; + break; + } + start = bytes.length(); + value.push(_fromDer(bytes, remaining, depth + 1, options)); + remaining -= start - bytes.length(); } - rval = null; } else { - rval = rval.rval; + while (length > 0) { + start = bytes.length(); + value.push(_fromDer(bytes, length, depth + 1, options)); + remaining -= start - bytes.length(); + length -= start - bytes.length(); + } } } - if (rval !== null) { - rval = JSON.parse(util.decode64(rval)); - } - return rval; - }; - var _setItem = function(api, id, key, data) { - var obj = _getStorageObject(api, id); - if (obj === null) { - obj = {}; + if (value === void 0 && tagClass === asn1.Class.UNIVERSAL && type2 === asn1.Type.BITSTRING) { + bitStringContents = bytes.bytes(length); } - obj[key] = data; - _setStorageObject(api, id, obj); - }; - var _getItem = function(api, id, key) { - var rval = _getStorageObject(api, id); - if (rval !== null) { - rval = key in rval ? rval[key] : null; + if (value === void 0 && options.decodeBitStrings && tagClass === asn1.Class.UNIVERSAL && // FIXME: OCTET STRINGs not yet supported here + // .. other parts of forge expect to decode OCTET STRINGs manually + type2 === asn1.Type.BITSTRING && length > 1) { + var savedRead = bytes.read; + var savedRemaining = remaining; + var unused = 0; + if (type2 === asn1.Type.BITSTRING) { + _checkBufferLength(bytes, remaining, 1); + unused = bytes.getByte(); + remaining--; + } + if (unused === 0) { + try { + start = bytes.length(); + var subOptions = { + // enforce strict mode to avoid parsing ASN.1 from plain data + strict: true, + decodeBitStrings: true + }; + var composed = _fromDer(bytes, remaining, depth + 1, subOptions); + var used = start - bytes.length(); + remaining -= used; + if (type2 == asn1.Type.BITSTRING) { + used++; + } + var tc = composed.tagClass; + if (used === length && (tc === asn1.Class.UNIVERSAL || tc === asn1.Class.CONTEXT_SPECIFIC)) { + value = [composed]; + } + } catch (ex) { + } + } + if (value === void 0) { + bytes.read = savedRead; + remaining = savedRemaining; + } } - return rval; - }; - var _removeItem = function(api, id, key) { - var obj = _getStorageObject(api, id); - if (obj !== null && key in obj) { - delete obj[key]; - var empty = true; - for (var prop in obj) { - empty = false; - break; + if (value === void 0) { + if (length === void 0) { + if (options.strict) { + throw new Error("Non-constructed ASN.1 object of indefinite length."); + } + length = remaining; } - if (empty) { - obj = null; + if (type2 === asn1.Type.BMPSTRING) { + value = ""; + for (; length > 0; length -= 2) { + _checkBufferLength(bytes, remaining, 2); + value += String.fromCharCode(bytes.getInt16()); + remaining -= 2; + } + } else { + value = bytes.getBytes(length); + remaining -= length; } - _setStorageObject(api, id, obj); } - }; - var _clearItems = function(api, id) { - _setStorageObject(api, id, null); - }; - var _callStorageFunction = function(func, args, location) { - var rval = null; - if (typeof location === "undefined") { - location = ["web", "flash"]; + var asn1Options = bitStringContents === void 0 ? null : { + bitStringContents + }; + return asn1.create(tagClass, type2, constructed, value, asn1Options); + } + asn1.toDer = function(obj) { + var bytes = forge.util.createBuffer(); + var b1 = obj.tagClass | obj.type; + var value = forge.util.createBuffer(); + var useBitStringContents = false; + if ("bitStringContents" in obj) { + useBitStringContents = true; + if (obj.original) { + useBitStringContents = asn1.equals(obj, obj.original); + } } - var type2; - var done = false; - var exception2 = null; - for (var idx in location) { - type2 = location[idx]; - try { - if (type2 === "flash" || type2 === "both") { - if (args[0] === null) { - throw new Error("Flash local storage not available."); - } - rval = func.apply(this, args); - done = type2 === "flash"; - } - if (type2 === "web" || type2 === "both") { - args[0] = localStorage; - rval = func.apply(this, args); - done = true; + if (useBitStringContents) { + value.putBytes(obj.bitStringContents); + } else if (obj.composed) { + if (obj.constructed) { + b1 |= 32; + } else { + value.putByte(0); + } + for (var i = 0; i < obj.value.length; ++i) { + if (obj.value[i] !== void 0) { + value.putBuffer(asn1.toDer(obj.value[i])); } - } catch (ex) { - exception2 = ex; } - if (done) { - break; + } else { + if (obj.type === asn1.Type.BMPSTRING) { + for (var i = 0; i < obj.value.length; ++i) { + value.putInt16(obj.value.charCodeAt(i)); + } + } else { + if (obj.type === asn1.Type.INTEGER && obj.value.length > 1 && // leading 0x00 for positive integer + (obj.value.charCodeAt(0) === 0 && (obj.value.charCodeAt(1) & 128) === 0 || // leading 0xFF for negative integer + obj.value.charCodeAt(0) === 255 && (obj.value.charCodeAt(1) & 128) === 128)) { + value.putBytes(obj.value.substr(1)); + } else { + value.putBytes(obj.value); + } } } - if (!done) { - throw exception2; + bytes.putByte(b1); + if (value.length() <= 127) { + bytes.putByte(value.length() & 127); + } else { + var len = value.length(); + var lenBytes = ""; + do { + lenBytes += String.fromCharCode(len & 255); + len = len >>> 8; + } while (len > 0); + bytes.putByte(lenBytes.length | 128); + for (var i = lenBytes.length - 1; i >= 0; --i) { + bytes.putByte(lenBytes.charCodeAt(i)); + } } - return rval; - }; - util.setItem = function(api, id, key, data, location) { - _callStorageFunction(_setItem, arguments, location); - }; - util.getItem = function(api, id, key, location) { - return _callStorageFunction(_getItem, arguments, location); - }; - util.removeItem = function(api, id, key, location) { - _callStorageFunction(_removeItem, arguments, location); - }; - util.clearItems = function(api, id, location) { - _callStorageFunction(_clearItems, arguments, location); + bytes.putBuffer(value); + return bytes; }; - util.isEmpty = function(obj) { - for (var prop in obj) { - if (obj.hasOwnProperty(prop)) { - return false; + asn1.oidToDer = function(oid) { + var values = oid.split("."); + var bytes = forge.util.createBuffer(); + bytes.putByte(40 * parseInt(values[0], 10) + parseInt(values[1], 10)); + var last, valueBytes, value, b; + for (var i = 2; i < values.length; ++i) { + last = true; + valueBytes = []; + value = parseInt(values[i], 10); + if (value > 4294967295) { + throw new Error("OID value too large; max is 32-bits."); + } + do { + b = value & 127; + value = value >>> 7; + if (!last) { + b |= 128; + } + valueBytes.push(b); + last = false; + } while (value > 0); + for (var n = valueBytes.length - 1; n >= 0; --n) { + bytes.putByte(valueBytes[n]); } } - return true; + return bytes; }; - util.format = function(format) { - var re = /%./g; - var match; - var part; - var argi = 0; - var parts = []; - var last = 0; - while (match = re.exec(format)) { - part = format.substring(last, re.lastIndex - 2); - if (part.length > 0) { - parts.push(part); + asn1.derToOid = function(bytes) { + var oid; + if (typeof bytes === "string") { + bytes = forge.util.createBuffer(bytes); + } + var b = bytes.getByte(); + oid = Math.floor(b / 40) + "." + b % 40; + var value = 0; + while (bytes.length() > 0) { + if (value > 70368744177663) { + throw new Error("OID value too large; max is 53-bits."); } - last = re.lastIndex; - var code = match[0][1]; - switch (code) { - case "s": - case "o": - if (argi < arguments.length) { - parts.push(arguments[argi++ + 1]); - } else { - parts.push(""); - } - break; - // FIXME: do proper formatting for numbers, etc - //case 'f': - //case 'd': - case "%": - parts.push("%"); - break; - default: - parts.push("<%" + code + "?>"); + b = bytes.getByte(); + value = value * 128; + if (b & 128) { + value += b & 127; + } else { + oid += "." + (value + b); + value = 0; } } - parts.push(format.substring(last)); - return parts.join(""); - }; - util.formatNumber = function(number, decimals, dec_point, thousands_sep) { - var n = number, c = isNaN(decimals = Math.abs(decimals)) ? 2 : decimals; - var d = dec_point === void 0 ? "," : dec_point; - var t = thousands_sep === void 0 ? "." : thousands_sep, s = n < 0 ? "-" : ""; - var i = parseInt(n = Math.abs(+n || 0).toFixed(c), 10) + ""; - var j = i.length > 3 ? i.length % 3 : 0; - return s + (j ? i.substr(0, j) + t : "") + i.substr(j).replace(/(\d{3})(?=\d)/g, "$1" + t) + (c ? d + Math.abs(n - i).toFixed(c).slice(2) : ""); + return oid; }; - util.formatSize = function(size) { - if (size >= 1073741824) { - size = util.formatNumber(size / 1073741824, 2, ".", "") + " GiB"; - } else if (size >= 1048576) { - size = util.formatNumber(size / 1048576, 2, ".", "") + " MiB"; - } else if (size >= 1024) { - size = util.formatNumber(size / 1024, 0) + " KiB"; - } else { - size = util.formatNumber(size, 0) + " bytes"; + asn1.utcTimeToDate = function(utc) { + var date = /* @__PURE__ */ new Date(); + var year = parseInt(utc.substr(0, 2), 10); + year = year >= 50 ? 1900 + year : 2e3 + year; + var MM = parseInt(utc.substr(2, 2), 10) - 1; + var DD = parseInt(utc.substr(4, 2), 10); + var hh = parseInt(utc.substr(6, 2), 10); + var mm = parseInt(utc.substr(8, 2), 10); + var ss = 0; + if (utc.length > 11) { + var c = utc.charAt(10); + var end = 10; + if (c !== "+" && c !== "-") { + ss = parseInt(utc.substr(10, 2), 10); + end += 2; + } } - return size; + date.setUTCFullYear(year, MM, DD); + date.setUTCHours(hh, mm, ss, 0); + if (end) { + c = utc.charAt(end); + if (c === "+" || c === "-") { + var hhoffset = parseInt(utc.substr(end + 1, 2), 10); + var mmoffset = parseInt(utc.substr(end + 4, 2), 10); + var offset = hhoffset * 60 + mmoffset; + offset *= 6e4; + if (c === "+") { + date.setTime(+date - offset); + } else { + date.setTime(+date + offset); + } + } + } + return date; }; - util.bytesFromIP = function(ip) { - if (ip.indexOf(".") !== -1) { - return util.bytesFromIPv4(ip); + asn1.generalizedTimeToDate = function(gentime) { + var date = /* @__PURE__ */ new Date(); + var YYYY = parseInt(gentime.substr(0, 4), 10); + var MM = parseInt(gentime.substr(4, 2), 10) - 1; + var DD = parseInt(gentime.substr(6, 2), 10); + var hh = parseInt(gentime.substr(8, 2), 10); + var mm = parseInt(gentime.substr(10, 2), 10); + var ss = parseInt(gentime.substr(12, 2), 10); + var fff = 0; + var offset = 0; + var isUTC = false; + if (gentime.charAt(gentime.length - 1) === "Z") { + isUTC = true; } - if (ip.indexOf(":") !== -1) { - return util.bytesFromIPv6(ip); + var end = gentime.length - 5, c = gentime.charAt(end); + if (c === "+" || c === "-") { + var hhoffset = parseInt(gentime.substr(end + 1, 2), 10); + var mmoffset = parseInt(gentime.substr(end + 4, 2), 10); + offset = hhoffset * 60 + mmoffset; + offset *= 6e4; + if (c === "+") { + offset *= -1; + } + isUTC = true; } - return null; + if (gentime.charAt(14) === ".") { + fff = parseFloat(gentime.substr(14), 10) * 1e3; + } + if (isUTC) { + date.setUTCFullYear(YYYY, MM, DD); + date.setUTCHours(hh, mm, ss, fff); + date.setTime(+date + offset); + } else { + date.setFullYear(YYYY, MM, DD); + date.setHours(hh, mm, ss, fff); + } + return date; }; - util.bytesFromIPv4 = function(ip) { - ip = ip.split("."); - if (ip.length !== 4) { - return null; + asn1.dateToUtcTime = function(date) { + if (typeof date === "string") { + return date; } - var b = util.createBuffer(); - for (var i = 0; i < ip.length; ++i) { - var num = parseInt(ip[i], 10); - if (isNaN(num)) { - return null; + var rval = ""; + var format = []; + format.push(("" + date.getUTCFullYear()).substr(2)); + format.push("" + (date.getUTCMonth() + 1)); + format.push("" + date.getUTCDate()); + format.push("" + date.getUTCHours()); + format.push("" + date.getUTCMinutes()); + format.push("" + date.getUTCSeconds()); + for (var i = 0; i < format.length; ++i) { + if (format[i].length < 2) { + rval += "0"; } - b.putByte(num); + rval += format[i]; } - return b.getBytes(); + rval += "Z"; + return rval; }; - util.bytesFromIPv6 = function(ip) { - var blanks = 0; - ip = ip.split(":").filter(function(e) { - if (e.length === 0) ++blanks; - return true; - }); - var zeros = (8 - ip.length + blanks) * 2; - var b = util.createBuffer(); - for (var i = 0; i < 8; ++i) { - if (!ip[i] || ip[i].length === 0) { - b.fillWithByte(0, zeros); - zeros = 0; - continue; - } - var bytes = util.hexToBytes(ip[i]); - if (bytes.length < 2) { - b.putByte(0); + asn1.dateToGeneralizedTime = function(date) { + if (typeof date === "string") { + return date; + } + var rval = ""; + var format = []; + format.push("" + date.getUTCFullYear()); + format.push("" + (date.getUTCMonth() + 1)); + format.push("" + date.getUTCDate()); + format.push("" + date.getUTCHours()); + format.push("" + date.getUTCMinutes()); + format.push("" + date.getUTCSeconds()); + for (var i = 0; i < format.length; ++i) { + if (format[i].length < 2) { + rval += "0"; } - b.putBytes(bytes); + rval += format[i]; } - return b.getBytes(); + rval += "Z"; + return rval; }; - util.bytesToIP = function(bytes) { - if (bytes.length === 4) { - return util.bytesToIPv4(bytes); + asn1.integerToDer = function(x) { + var rval = forge.util.createBuffer(); + if (x >= -128 && x < 128) { + return rval.putSignedInt(x, 8); } - if (bytes.length === 16) { - return util.bytesToIPv6(bytes); + if (x >= -32768 && x < 32768) { + return rval.putSignedInt(x, 16); } - return null; - }; - util.bytesToIPv4 = function(bytes) { - if (bytes.length !== 4) { - return null; + if (x >= -8388608 && x < 8388608) { + return rval.putSignedInt(x, 24); } - var ip = []; - for (var i = 0; i < bytes.length; ++i) { - ip.push(bytes.charCodeAt(i)); + if (x >= -2147483648 && x < 2147483648) { + return rval.putSignedInt(x, 32); } - return ip.join("."); + var error3 = new Error("Integer too large; max is 32-bits."); + error3.integer = x; + throw error3; }; - util.bytesToIPv6 = function(bytes) { - if (bytes.length !== 16) { - return null; + asn1.derToInteger = function(bytes) { + if (typeof bytes === "string") { + bytes = forge.util.createBuffer(bytes); } - var ip = []; - var zeroGroups = []; - var zeroMaxGroup = 0; - for (var i = 0; i < bytes.length; i += 2) { - var hex = util.bytesToHex(bytes[i] + bytes[i + 1]); - while (hex[0] === "0" && hex !== "0") { - hex = hex.substr(1); - } - if (hex === "0") { - var last = zeroGroups[zeroGroups.length - 1]; - var idx = ip.length; - if (!last || idx !== last.end + 1) { - zeroGroups.push({ start: idx, end: idx }); - } else { - last.end = idx; - if (last.end - last.start > zeroGroups[zeroMaxGroup].end - zeroGroups[zeroMaxGroup].start) { - zeroMaxGroup = zeroGroups.length - 1; - } - } - } - ip.push(hex); + var n = bytes.length() * 8; + if (n > 32) { + throw new Error("Integer too large; max is 32-bits."); } - if (zeroGroups.length > 0) { - var group = zeroGroups[zeroMaxGroup]; - if (group.end - group.start > 0) { - ip.splice(group.start, group.end - group.start + 1, ""); - if (group.start === 0) { - ip.unshift(""); + return bytes.getSignedInt(n); + }; + asn1.validate = function(obj, v, capture, errors) { + var rval = false; + if ((obj.tagClass === v.tagClass || typeof v.tagClass === "undefined") && (obj.type === v.type || typeof v.type === "undefined")) { + if (obj.constructed === v.constructed || typeof v.constructed === "undefined") { + rval = true; + if (v.value && forge.util.isArray(v.value)) { + var j = 0; + for (var i = 0; rval && i < v.value.length; ++i) { + var schemaItem = v.value[i]; + rval = !!schemaItem.optional; + var objChild = obj.value[j]; + if (!objChild) { + if (!schemaItem.optional) { + rval = false; + if (errors) { + errors.push("[" + v.name + '] Missing required element. Expected tag class "' + schemaItem.tagClass + '", type "' + schemaItem.type + '"'); + } + } + continue; + } + var schemaHasTag = typeof schemaItem.tagClass !== "undefined" && typeof schemaItem.type !== "undefined"; + if (schemaHasTag && (objChild.tagClass !== schemaItem.tagClass || objChild.type !== schemaItem.type)) { + if (schemaItem.optional) { + rval = true; + continue; + } else { + rval = false; + if (errors) { + errors.push("[" + v.name + "] Tag mismatch. Expected (" + schemaItem.tagClass + "," + schemaItem.type + "), got (" + objChild.tagClass + "," + objChild.type + ")"); + } + break; + } + } + var childRval = asn1.validate(objChild, schemaItem, capture, errors); + if (childRval) { + ++j; + rval = true; + } else if (schemaItem.optional) { + rval = true; + } else { + rval = false; + break; + } + } } - if (group.end === 7) { - ip.push(""); + if (rval && capture) { + if (v.capture) { + capture[v.capture] = obj.value; + } + if (v.captureAsn1) { + capture[v.captureAsn1] = obj; + } + if (v.captureBitStringContents && "bitStringContents" in obj) { + capture[v.captureBitStringContents] = obj.bitStringContents; + } + if (v.captureBitStringValue && "bitStringContents" in obj) { + var value; + if (obj.bitStringContents.length < 2) { + capture[v.captureBitStringValue] = ""; + } else { + var unused = obj.bitStringContents.charCodeAt(0); + if (unused !== 0) { + throw new Error( + "captureBitStringValue only supported for zero unused bits" + ); + } + capture[v.captureBitStringValue] = obj.bitStringContents.slice(1); + } + } } + } else if (errors) { + errors.push( + "[" + v.name + '] Expected constructed "' + v.constructed + '", got "' + obj.constructed + '"' + ); + } + } else if (errors) { + if (obj.tagClass !== v.tagClass) { + errors.push( + "[" + v.name + '] Expected tag class "' + v.tagClass + '", got "' + obj.tagClass + '"' + ); + } + if (obj.type !== v.type) { + errors.push( + "[" + v.name + '] Expected type "' + v.type + '", got "' + obj.type + '"' + ); } } - return ip.join(":"); + return rval; }; - util.estimateCores = function(options, callback) { - if (typeof options === "function") { - callback = options; - options = {}; - } - options = options || {}; - if ("cores" in util && !options.update) { - return callback(null, util.cores); - } - if (typeof navigator !== "undefined" && "hardwareConcurrency" in navigator && navigator.hardwareConcurrency > 0) { - util.cores = navigator.hardwareConcurrency; - return callback(null, util.cores); + var _nonLatinRegex = /[^\\u0000-\\u00ff]/; + asn1.prettyPrint = function(obj, level, indentation) { + var rval = ""; + level = level || 0; + indentation = indentation || 2; + if (level > 0) { + rval += "\n"; } - if (typeof Worker === "undefined") { - util.cores = 1; - return callback(null, util.cores); + var indent = ""; + for (var i = 0; i < level * indentation; ++i) { + indent += " "; } - if (typeof Blob === "undefined") { - util.cores = 2; - return callback(null, util.cores); + rval += indent + "Tag: "; + switch (obj.tagClass) { + case asn1.Class.UNIVERSAL: + rval += "Universal:"; + break; + case asn1.Class.APPLICATION: + rval += "Application:"; + break; + case asn1.Class.CONTEXT_SPECIFIC: + rval += "Context-Specific:"; + break; + case asn1.Class.PRIVATE: + rval += "Private:"; + break; } - var blobUrl = URL.createObjectURL(new Blob([ - "(", - function() { - self.addEventListener("message", function(e) { - var st = Date.now(); - var et = st + 4; - while (Date.now() < et) ; - self.postMessage({ st, et }); - }); - }.toString(), - ")()" - ], { type: "application/javascript" })); - sample([], 5, 16); - function sample(max, samples, numWorkers) { - if (samples === 0) { - var avg = Math.floor(max.reduce(function(avg2, x) { - return avg2 + x; - }, 0) / max.length); - util.cores = Math.max(1, avg); - URL.revokeObjectURL(blobUrl); - return callback(null, util.cores); + if (obj.tagClass === asn1.Class.UNIVERSAL) { + rval += obj.type; + switch (obj.type) { + case asn1.Type.NONE: + rval += " (None)"; + break; + case asn1.Type.BOOLEAN: + rval += " (Boolean)"; + break; + case asn1.Type.INTEGER: + rval += " (Integer)"; + break; + case asn1.Type.BITSTRING: + rval += " (Bit string)"; + break; + case asn1.Type.OCTETSTRING: + rval += " (Octet string)"; + break; + case asn1.Type.NULL: + rval += " (Null)"; + break; + case asn1.Type.OID: + rval += " (Object Identifier)"; + break; + case asn1.Type.ODESC: + rval += " (Object Descriptor)"; + break; + case asn1.Type.EXTERNAL: + rval += " (External or Instance of)"; + break; + case asn1.Type.REAL: + rval += " (Real)"; + break; + case asn1.Type.ENUMERATED: + rval += " (Enumerated)"; + break; + case asn1.Type.EMBEDDED: + rval += " (Embedded PDV)"; + break; + case asn1.Type.UTF8: + rval += " (UTF8)"; + break; + case asn1.Type.ROID: + rval += " (Relative Object Identifier)"; + break; + case asn1.Type.SEQUENCE: + rval += " (Sequence)"; + break; + case asn1.Type.SET: + rval += " (Set)"; + break; + case asn1.Type.PRINTABLESTRING: + rval += " (Printable String)"; + break; + case asn1.Type.IA5String: + rval += " (IA5String (ASCII))"; + break; + case asn1.Type.UTCTIME: + rval += " (UTC time)"; + break; + case asn1.Type.GENERALIZEDTIME: + rval += " (Generalized time)"; + break; + case asn1.Type.BMPSTRING: + rval += " (BMP String)"; + break; } - map2(numWorkers, function(err, results) { - max.push(reduce(numWorkers, results)); - sample(max, samples - 1, numWorkers); - }); + } else { + rval += obj.type; } - function map2(numWorkers, callback2) { - var workers = []; - var results = []; - for (var i = 0; i < numWorkers; ++i) { - var worker = new Worker(blobUrl); - worker.addEventListener("message", function(e) { - results.push(e.data); - if (results.length === numWorkers) { - for (var i2 = 0; i2 < numWorkers; ++i2) { - workers[i2].terminate(); - } - callback2(null, results); + rval += "\n"; + rval += indent + "Constructed: " + obj.constructed + "\n"; + if (obj.composed) { + var subvalues = 0; + var sub = ""; + for (var i = 0; i < obj.value.length; ++i) { + if (obj.value[i] !== void 0) { + subvalues += 1; + sub += asn1.prettyPrint(obj.value[i], level + 1, indentation); + if (i + 1 < obj.value.length) { + sub += ","; } - }); - workers.push(worker); + } } - for (var i = 0; i < numWorkers; ++i) { - workers[i].postMessage(i); + rval += indent + "Sub values: " + subvalues + sub; + } else { + rval += indent + "Value: "; + if (obj.type === asn1.Type.OID) { + var oid = asn1.derToOid(obj.value); + rval += oid; + if (forge.pki && forge.pki.oids) { + if (oid in forge.pki.oids) { + rval += " (" + forge.pki.oids[oid] + ") "; + } + } } - } - function reduce(numWorkers, results) { - var overlaps = []; - for (var n = 0; n < numWorkers; ++n) { - var r1 = results[n]; - var overlap = overlaps[n] = []; - for (var i = 0; i < numWorkers; ++i) { - if (n === i) { - continue; + if (obj.type === asn1.Type.INTEGER) { + try { + rval += asn1.derToInteger(obj.value); + } catch (ex) { + rval += "0x" + forge.util.bytesToHex(obj.value); + } + } else if (obj.type === asn1.Type.BITSTRING) { + if (obj.value.length > 1) { + rval += "0x" + forge.util.bytesToHex(obj.value.slice(1)); + } else { + rval += "(none)"; + } + if (obj.value.length > 0) { + var unused = obj.value.charCodeAt(0); + if (unused == 1) { + rval += " (1 unused bit shown)"; + } else if (unused > 1) { + rval += " (" + unused + " unused bits shown)"; } - var r2 = results[i]; - if (r1.st > r2.st && r1.st < r2.et || r2.st > r1.st && r2.st < r1.et) { - overlap.push(i); + } + } else if (obj.type === asn1.Type.OCTETSTRING) { + if (!_nonLatinRegex.test(obj.value)) { + rval += "(" + obj.value + ") "; + } + rval += "0x" + forge.util.bytesToHex(obj.value); + } else if (obj.type === asn1.Type.UTF8) { + try { + rval += forge.util.decodeUtf8(obj.value); + } catch (e) { + if (e.message === "URI malformed") { + rval += "0x" + forge.util.bytesToHex(obj.value) + " (malformed UTF8)"; + } else { + throw e; } } + } else if (obj.type === asn1.Type.PRINTABLESTRING || obj.type === asn1.Type.IA5String) { + rval += obj.value; + } else if (_nonLatinRegex.test(obj.value)) { + rval += "0x" + forge.util.bytesToHex(obj.value); + } else if (obj.value.length === 0) { + rval += "[null]"; + } else { + rval += obj.value; } - return overlaps.reduce(function(max, overlap2) { - return Math.max(max, overlap2.length); - }, 0); } + return rval; }; } }); -// node_modules/node-forge/lib/cipher.js -var require_cipher = __commonJS({ - "node_modules/node-forge/lib/cipher.js"(exports2, module2) { +// node_modules/node-forge/lib/md.js +var require_md = __commonJS({ + "node_modules/node-forge/lib/md.js"(exports2, module2) { var forge = require_forge(); - require_util9(); - module2.exports = forge.cipher = forge.cipher || {}; - forge.cipher.algorithms = forge.cipher.algorithms || {}; - forge.cipher.createCipher = function(algorithm, key) { - var api = algorithm; - if (typeof api === "string") { - api = forge.cipher.getAlgorithm(api); - if (api) { - api = api(); - } - } - if (!api) { - throw new Error("Unsupported algorithm: " + algorithm); - } - return new forge.cipher.BlockCipher({ - algorithm: api, - key, - decrypt: false - }); - }; - forge.cipher.createDecipher = function(algorithm, key) { - var api = algorithm; - if (typeof api === "string") { - api = forge.cipher.getAlgorithm(api); - if (api) { - api = api(); - } - } - if (!api) { - throw new Error("Unsupported algorithm: " + algorithm); - } - return new forge.cipher.BlockCipher({ - algorithm: api, - key, - decrypt: true - }); - }; - forge.cipher.registerAlgorithm = function(name, algorithm) { - name = name.toUpperCase(); - forge.cipher.algorithms[name] = algorithm; - }; - forge.cipher.getAlgorithm = function(name) { - name = name.toUpperCase(); - if (name in forge.cipher.algorithms) { - return forge.cipher.algorithms[name]; - } - return null; - }; - var BlockCipher = forge.cipher.BlockCipher = function(options) { - this.algorithm = options.algorithm; - this.mode = this.algorithm.mode; - this.blockSize = this.mode.blockSize; - this._finish = false; - this._input = null; - this.output = null; - this._op = options.decrypt ? this.mode.decrypt : this.mode.encrypt; - this._decrypt = options.decrypt; - this.algorithm.initialize(options); - }; - BlockCipher.prototype.start = function(options) { - options = options || {}; - var opts = {}; - for (var key in options) { - opts[key] = options[key]; - } - opts.decrypt = this._decrypt; - this._finish = false; - this._input = forge.util.createBuffer(); - this.output = options.output || forge.util.createBuffer(); - this.mode.start(opts); - }; - BlockCipher.prototype.update = function(input) { - if (input) { - this._input.putBuffer(input); - } - while (!this._op.call(this.mode, this._input, this.output, this._finish) && !this._finish) { - } - this._input.compact(); - }; - BlockCipher.prototype.finish = function(pad) { - if (pad && (this.mode.name === "ECB" || this.mode.name === "CBC")) { - this.mode.pad = function(input) { - return pad(this.blockSize, input, false); - }; - this.mode.unpad = function(output) { - return pad(this.blockSize, output, true); - }; - } - var options = {}; - options.decrypt = this._decrypt; - options.overflow = this._input.length() % this.blockSize; - if (!this._decrypt && this.mode.pad) { - if (!this.mode.pad(this._input, options)) { - return false; - } - } - this._finish = true; - this.update(); - if (this._decrypt && this.mode.unpad) { - if (!this.mode.unpad(this.output, options)) { - return false; - } - } - if (this.mode.afterFinish) { - if (!this.mode.afterFinish(this.output, options)) { - return false; - } - } - return true; - }; + module2.exports = forge.md = forge.md || {}; + forge.md.algorithms = forge.md.algorithms || {}; } }); -// node_modules/node-forge/lib/cipherModes.js -var require_cipherModes = __commonJS({ - "node_modules/node-forge/lib/cipherModes.js"(exports2, module2) { +// node_modules/node-forge/lib/hmac.js +var require_hmac = __commonJS({ + "node_modules/node-forge/lib/hmac.js"(exports2, module2) { var forge = require_forge(); + require_md(); require_util9(); - forge.cipher = forge.cipher || {}; - var modes = module2.exports = forge.cipher.modes = forge.cipher.modes || {}; - modes.ecb = function(options) { - options = options || {}; - this.name = "ECB"; - this.cipher = options.cipher; - this.blockSize = options.blockSize || 16; - this._ints = this.blockSize / 4; - this._inBlock = new Array(this._ints); - this._outBlock = new Array(this._ints); - }; - modes.ecb.prototype.start = function(options) { - }; - modes.ecb.prototype.encrypt = function(input, output, finish) { - if (input.length() < this.blockSize && !(finish && input.length() > 0)) { - return true; - } - for (var i = 0; i < this._ints; ++i) { - this._inBlock[i] = input.getInt32(); - } - this.cipher.encrypt(this._inBlock, this._outBlock); - for (var i = 0; i < this._ints; ++i) { - output.putInt32(this._outBlock[i]); - } - }; - modes.ecb.prototype.decrypt = function(input, output, finish) { - if (input.length() < this.blockSize && !(finish && input.length() > 0)) { - return true; - } - for (var i = 0; i < this._ints; ++i) { - this._inBlock[i] = input.getInt32(); - } - this.cipher.decrypt(this._inBlock, this._outBlock); - for (var i = 0; i < this._ints; ++i) { - output.putInt32(this._outBlock[i]); - } - }; - modes.ecb.prototype.pad = function(input, options) { - var padding = input.length() === this.blockSize ? this.blockSize : this.blockSize - input.length(); - input.fillWithByte(padding, padding); - return true; - }; - modes.ecb.prototype.unpad = function(output, options) { - if (options.overflow > 0) { - return false; - } - var len = output.length(); - var count = output.at(len - 1); - if (count > this.blockSize << 2) { - return false; - } - output.truncate(count); - return true; - }; - modes.cbc = function(options) { - options = options || {}; - this.name = "CBC"; - this.cipher = options.cipher; - this.blockSize = options.blockSize || 16; - this._ints = this.blockSize / 4; - this._inBlock = new Array(this._ints); - this._outBlock = new Array(this._ints); - }; - modes.cbc.prototype.start = function(options) { - if (options.iv === null) { - if (!this._prev) { - throw new Error("Invalid IV parameter."); + var hmac = module2.exports = forge.hmac = forge.hmac || {}; + hmac.create = function() { + var _key = null; + var _md = null; + var _ipadding = null; + var _opadding = null; + var ctx = {}; + ctx.start = function(md, key) { + if (md !== null) { + if (typeof md === "string") { + md = md.toLowerCase(); + if (md in forge.md.algorithms) { + _md = forge.md.algorithms[md].create(); + } else { + throw new Error('Unknown hash algorithm "' + md + '"'); + } + } else { + _md = md; + } } - this._iv = this._prev.slice(0); - } else if (!("iv" in options)) { - throw new Error("Invalid IV parameter."); - } else { - this._iv = transformIV(options.iv, this.blockSize); - this._prev = this._iv.slice(0); - } - }; - modes.cbc.prototype.encrypt = function(input, output, finish) { - if (input.length() < this.blockSize && !(finish && input.length() > 0)) { - return true; - } - for (var i = 0; i < this._ints; ++i) { - this._inBlock[i] = this._prev[i] ^ input.getInt32(); - } - this.cipher.encrypt(this._inBlock, this._outBlock); - for (var i = 0; i < this._ints; ++i) { - output.putInt32(this._outBlock[i]); - } - this._prev = this._outBlock; + if (key === null) { + key = _key; + } else { + if (typeof key === "string") { + key = forge.util.createBuffer(key); + } else if (forge.util.isArray(key)) { + var tmp = key; + key = forge.util.createBuffer(); + for (var i = 0; i < tmp.length; ++i) { + key.putByte(tmp[i]); + } + } + var keylen = key.length(); + if (keylen > _md.blockLength) { + _md.start(); + _md.update(key.bytes()); + key = _md.digest(); + } + _ipadding = forge.util.createBuffer(); + _opadding = forge.util.createBuffer(); + keylen = key.length(); + for (var i = 0; i < keylen; ++i) { + var tmp = key.at(i); + _ipadding.putByte(54 ^ tmp); + _opadding.putByte(92 ^ tmp); + } + if (keylen < _md.blockLength) { + var tmp = _md.blockLength - keylen; + for (var i = 0; i < tmp; ++i) { + _ipadding.putByte(54); + _opadding.putByte(92); + } + } + _key = key; + _ipadding = _ipadding.bytes(); + _opadding = _opadding.bytes(); + } + _md.start(); + _md.update(_ipadding); + }; + ctx.update = function(bytes) { + _md.update(bytes); + }; + ctx.getMac = function() { + var inner = _md.digest().bytes(); + _md.start(); + _md.update(_opadding); + _md.update(inner); + return _md.digest(); + }; + ctx.digest = ctx.getMac; + return ctx; }; - modes.cbc.prototype.decrypt = function(input, output, finish) { - if (input.length() < this.blockSize && !(finish && input.length() > 0)) { - return true; - } - for (var i = 0; i < this._ints; ++i) { - this._inBlock[i] = input.getInt32(); - } - this.cipher.decrypt(this._inBlock, this._outBlock); - for (var i = 0; i < this._ints; ++i) { - output.putInt32(this._prev[i] ^ this._outBlock[i]); + } +}); + +// node_modules/node-forge/lib/md5.js +var require_md5 = __commonJS({ + "node_modules/node-forge/lib/md5.js"(exports2, module2) { + var forge = require_forge(); + require_md(); + require_util9(); + var md5 = module2.exports = forge.md5 = forge.md5 || {}; + forge.md.md5 = forge.md.algorithms.md5 = md5; + md5.create = function() { + if (!_initialized) { + _init(); } - this._prev = this._inBlock.slice(0); - }; - modes.cbc.prototype.pad = function(input, options) { - var padding = input.length() === this.blockSize ? this.blockSize : this.blockSize - input.length(); - input.fillWithByte(padding, padding); - return true; + var _state = null; + var _input = forge.util.createBuffer(); + var _w = new Array(16); + var md = { + algorithm: "md5", + blockLength: 64, + digestLength: 16, + // 56-bit length of message so far (does not including padding) + messageLength: 0, + // true message length + fullMessageLength: null, + // size of message length in bytes + messageLengthSize: 8 + }; + md.start = function() { + md.messageLength = 0; + md.fullMessageLength = md.messageLength64 = []; + var int32s = md.messageLengthSize / 4; + for (var i = 0; i < int32s; ++i) { + md.fullMessageLength.push(0); + } + _input = forge.util.createBuffer(); + _state = { + h0: 1732584193, + h1: 4023233417, + h2: 2562383102, + h3: 271733878 + }; + return md; + }; + md.start(); + md.update = function(msg, encoding) { + if (encoding === "utf8") { + msg = forge.util.encodeUtf8(msg); + } + var len = msg.length; + md.messageLength += len; + len = [len / 4294967296 >>> 0, len >>> 0]; + for (var i = md.fullMessageLength.length - 1; i >= 0; --i) { + md.fullMessageLength[i] += len[1]; + len[1] = len[0] + (md.fullMessageLength[i] / 4294967296 >>> 0); + md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0; + len[0] = len[1] / 4294967296 >>> 0; + } + _input.putBytes(msg); + _update(_state, _w, _input); + if (_input.read > 2048 || _input.length() === 0) { + _input.compact(); + } + return md; + }; + md.digest = function() { + var finalBlock = forge.util.createBuffer(); + finalBlock.putBytes(_input.bytes()); + var remaining = md.fullMessageLength[md.fullMessageLength.length - 1] + md.messageLengthSize; + var overflow = remaining & md.blockLength - 1; + finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow)); + var bits, carry = 0; + for (var i = md.fullMessageLength.length - 1; i >= 0; --i) { + bits = md.fullMessageLength[i] * 8 + carry; + carry = bits / 4294967296 >>> 0; + finalBlock.putInt32Le(bits >>> 0); + } + var s2 = { + h0: _state.h0, + h1: _state.h1, + h2: _state.h2, + h3: _state.h3 + }; + _update(s2, _w, finalBlock); + var rval = forge.util.createBuffer(); + rval.putInt32Le(s2.h0); + rval.putInt32Le(s2.h1); + rval.putInt32Le(s2.h2); + rval.putInt32Le(s2.h3); + return rval; + }; + return md; }; - modes.cbc.prototype.unpad = function(output, options) { - if (options.overflow > 0) { - return false; + var _padding = null; + var _g = null; + var _r = null; + var _k = null; + var _initialized = false; + function _init() { + _padding = String.fromCharCode(128); + _padding += forge.util.fillString(String.fromCharCode(0), 64); + _g = [ + 0, + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 1, + 6, + 11, + 0, + 5, + 10, + 15, + 4, + 9, + 14, + 3, + 8, + 13, + 2, + 7, + 12, + 5, + 8, + 11, + 14, + 1, + 4, + 7, + 10, + 13, + 0, + 3, + 6, + 9, + 12, + 15, + 2, + 0, + 7, + 14, + 5, + 12, + 3, + 10, + 1, + 8, + 15, + 6, + 13, + 4, + 11, + 2, + 9 + ]; + _r = [ + 7, + 12, + 17, + 22, + 7, + 12, + 17, + 22, + 7, + 12, + 17, + 22, + 7, + 12, + 17, + 22, + 5, + 9, + 14, + 20, + 5, + 9, + 14, + 20, + 5, + 9, + 14, + 20, + 5, + 9, + 14, + 20, + 4, + 11, + 16, + 23, + 4, + 11, + 16, + 23, + 4, + 11, + 16, + 23, + 4, + 11, + 16, + 23, + 6, + 10, + 15, + 21, + 6, + 10, + 15, + 21, + 6, + 10, + 15, + 21, + 6, + 10, + 15, + 21 + ]; + _k = new Array(64); + for (var i = 0; i < 64; ++i) { + _k[i] = Math.floor(Math.abs(Math.sin(i + 1)) * 4294967296); } - var len = output.length(); - var count = output.at(len - 1); - if (count > this.blockSize << 2) { - return false; + _initialized = true; + } + function _update(s, w, bytes) { + var t, a, b, c, d, f, r, i; + var len = bytes.length(); + while (len >= 64) { + a = s.h0; + b = s.h1; + c = s.h2; + d = s.h3; + for (i = 0; i < 16; ++i) { + w[i] = bytes.getInt32Le(); + f = d ^ b & (c ^ d); + t = a + f + _k[i] + w[i]; + r = _r[i]; + a = d; + d = c; + c = b; + b += t << r | t >>> 32 - r; + } + for (; i < 32; ++i) { + f = c ^ d & (b ^ c); + t = a + f + _k[i] + w[_g[i]]; + r = _r[i]; + a = d; + d = c; + c = b; + b += t << r | t >>> 32 - r; + } + for (; i < 48; ++i) { + f = b ^ c ^ d; + t = a + f + _k[i] + w[_g[i]]; + r = _r[i]; + a = d; + d = c; + c = b; + b += t << r | t >>> 32 - r; + } + for (; i < 64; ++i) { + f = c ^ (b | ~d); + t = a + f + _k[i] + w[_g[i]]; + r = _r[i]; + a = d; + d = c; + c = b; + b += t << r | t >>> 32 - r; + } + s.h0 = s.h0 + a | 0; + s.h1 = s.h1 + b | 0; + s.h2 = s.h2 + c | 0; + s.h3 = s.h3 + d | 0; + len -= 64; } - output.truncate(count); - return true; - }; - modes.cfb = function(options) { + } + } +}); + +// node_modules/node-forge/lib/pem.js +var require_pem = __commonJS({ + "node_modules/node-forge/lib/pem.js"(exports2, module2) { + var forge = require_forge(); + require_util9(); + var pem = module2.exports = forge.pem = forge.pem || {}; + pem.encode = function(msg, options) { options = options || {}; - this.name = "CFB"; - this.cipher = options.cipher; - this.blockSize = options.blockSize || 16; - this._ints = this.blockSize / 4; - this._inBlock = null; - this._outBlock = new Array(this._ints); - this._partialBlock = new Array(this._ints); - this._partialOutput = forge.util.createBuffer(); - this._partialBytes = 0; - }; - modes.cfb.prototype.start = function(options) { - if (!("iv" in options)) { - throw new Error("Invalid IV parameter."); + var rval = "-----BEGIN " + msg.type + "-----\r\n"; + var header; + if (msg.procType) { + header = { + name: "Proc-Type", + values: [String(msg.procType.version), msg.procType.type] + }; + rval += foldHeader(header); } - this._iv = transformIV(options.iv, this.blockSize); - this._inBlock = this._iv.slice(0); - this._partialBytes = 0; - }; - modes.cfb.prototype.encrypt = function(input, output, finish) { - var inputLength = input.length(); - if (inputLength === 0) { - return true; + if (msg.contentDomain) { + header = { name: "Content-Domain", values: [msg.contentDomain] }; + rval += foldHeader(header); } - this.cipher.encrypt(this._inBlock, this._outBlock); - if (this._partialBytes === 0 && inputLength >= this.blockSize) { - for (var i = 0; i < this._ints; ++i) { - this._inBlock[i] = input.getInt32() ^ this._outBlock[i]; - output.putInt32(this._inBlock[i]); + if (msg.dekInfo) { + header = { name: "DEK-Info", values: [msg.dekInfo.algorithm] }; + if (msg.dekInfo.parameters) { + header.values.push(msg.dekInfo.parameters); } - return; - } - var partialBytes = (this.blockSize - inputLength) % this.blockSize; - if (partialBytes > 0) { - partialBytes = this.blockSize - partialBytes; - } - this._partialOutput.clear(); - for (var i = 0; i < this._ints; ++i) { - this._partialBlock[i] = input.getInt32() ^ this._outBlock[i]; - this._partialOutput.putInt32(this._partialBlock[i]); + rval += foldHeader(header); } - if (partialBytes > 0) { - input.read -= this.blockSize; - } else { - for (var i = 0; i < this._ints; ++i) { - this._inBlock[i] = this._partialBlock[i]; + if (msg.headers) { + for (var i = 0; i < msg.headers.length; ++i) { + rval += foldHeader(msg.headers[i]); } } - if (this._partialBytes > 0) { - this._partialOutput.getBytes(this._partialBytes); - } - if (partialBytes > 0 && !finish) { - output.putBytes(this._partialOutput.getBytes( - partialBytes - this._partialBytes - )); - this._partialBytes = partialBytes; - return true; + if (msg.procType) { + rval += "\r\n"; } - output.putBytes(this._partialOutput.getBytes( - inputLength - this._partialBytes - )); - this._partialBytes = 0; + rval += forge.util.encode64(msg.body, options.maxline || 64) + "\r\n"; + rval += "-----END " + msg.type + "-----\r\n"; + return rval; }; - modes.cfb.prototype.decrypt = function(input, output, finish) { - var inputLength = input.length(); - if (inputLength === 0) { - return true; - } - this.cipher.encrypt(this._inBlock, this._outBlock); - if (this._partialBytes === 0 && inputLength >= this.blockSize) { - for (var i = 0; i < this._ints; ++i) { - this._inBlock[i] = input.getInt32(); - output.putInt32(this._inBlock[i] ^ this._outBlock[i]); + pem.decode = function(str2) { + var rval = []; + var rMessage = /\s*-----BEGIN ([A-Z0-9- ]+)-----\r?\n?([\x21-\x7e\s]+?(?:\r?\n\r?\n))?([:A-Za-z0-9+\/=\s]+?)-----END \1-----/g; + var rHeader = /([\x21-\x7e]+):\s*([\x21-\x7e\s^:]+)/; + var rCRLF = /\r?\n/; + var match; + while (true) { + match = rMessage.exec(str2); + if (!match) { + break; + } + var type2 = match[1]; + if (type2 === "NEW CERTIFICATE REQUEST") { + type2 = "CERTIFICATE REQUEST"; + } + var msg = { + type: type2, + procType: null, + contentDomain: null, + dekInfo: null, + headers: [], + body: forge.util.decode64(match[3]) + }; + rval.push(msg); + if (!match[2]) { + continue; + } + var lines = match[2].split(rCRLF); + var li = 0; + while (match && li < lines.length) { + var line = lines[li].replace(/\s+$/, ""); + for (var nl = li + 1; nl < lines.length; ++nl) { + var next = lines[nl]; + if (!/\s/.test(next[0])) { + break; + } + line += next; + li = nl; + } + match = line.match(rHeader); + if (match) { + var header = { name: match[1], values: [] }; + var values = match[2].split(","); + for (var vi = 0; vi < values.length; ++vi) { + header.values.push(ltrim(values[vi])); + } + if (!msg.procType) { + if (header.name !== "Proc-Type") { + throw new Error('Invalid PEM formatted message. The first encapsulated header must be "Proc-Type".'); + } else if (header.values.length !== 2) { + throw new Error('Invalid PEM formatted message. The "Proc-Type" header must have two subfields.'); + } + msg.procType = { version: values[0], type: values[1] }; + } else if (!msg.contentDomain && header.name === "Content-Domain") { + msg.contentDomain = values[0] || ""; + } else if (!msg.dekInfo && header.name === "DEK-Info") { + if (header.values.length === 0) { + throw new Error('Invalid PEM formatted message. The "DEK-Info" header must have at least one subfield.'); + } + msg.dekInfo = { algorithm: values[0], parameters: values[1] || null }; + } else { + msg.headers.push(header); + } + } + ++li; + } + if (msg.procType === "ENCRYPTED" && !msg.dekInfo) { + throw new Error('Invalid PEM formatted message. The "DEK-Info" header must be present if "Proc-Type" is "ENCRYPTED".'); } - return; } - var partialBytes = (this.blockSize - inputLength) % this.blockSize; - if (partialBytes > 0) { - partialBytes = this.blockSize - partialBytes; + if (rval.length === 0) { + throw new Error("Invalid PEM formatted message."); } - this._partialOutput.clear(); - for (var i = 0; i < this._ints; ++i) { - this._partialBlock[i] = input.getInt32(); - this._partialOutput.putInt32(this._partialBlock[i] ^ this._outBlock[i]); + return rval; + }; + function foldHeader(header) { + var rval = header.name + ": "; + var values = []; + var insertSpace = function(match, $1) { + return " " + $1; + }; + for (var i = 0; i < header.values.length; ++i) { + values.push(header.values[i].replace(/^(\S+\r\n)/, insertSpace)); } - if (partialBytes > 0) { - input.read -= this.blockSize; - } else { - for (var i = 0; i < this._ints; ++i) { - this._inBlock[i] = this._partialBlock[i]; + rval += values.join(",") + "\r\n"; + var length = 0; + var candidate = -1; + for (var i = 0; i < rval.length; ++i, ++length) { + if (length > 65 && candidate !== -1) { + var insert = rval[candidate]; + if (insert === ",") { + ++candidate; + rval = rval.substr(0, candidate) + "\r\n " + rval.substr(candidate); + } else { + rval = rval.substr(0, candidate) + "\r\n" + insert + rval.substr(candidate + 1); + } + length = i - candidate - 1; + candidate = -1; + ++i; + } else if (rval[i] === " " || rval[i] === " " || rval[i] === ",") { + candidate = i; } } - if (this._partialBytes > 0) { - this._partialOutput.getBytes(this._partialBytes); - } - if (partialBytes > 0 && !finish) { - output.putBytes(this._partialOutput.getBytes( - partialBytes - this._partialBytes - )); - this._partialBytes = partialBytes; - return true; - } - output.putBytes(this._partialOutput.getBytes( - inputLength - this._partialBytes - )); - this._partialBytes = 0; + return rval; + } + function ltrim(str2) { + return str2.replace(/^\s+/, ""); + } + } +}); + +// node_modules/node-forge/lib/des.js +var require_des = __commonJS({ + "node_modules/node-forge/lib/des.js"(exports2, module2) { + var forge = require_forge(); + require_cipher(); + require_cipherModes(); + require_util9(); + module2.exports = forge.des = forge.des || {}; + forge.des.startEncrypting = function(key, iv, output, mode) { + var cipher = _createCipher({ + key, + output, + decrypt: false, + mode: mode || (iv === null ? "ECB" : "CBC") + }); + cipher.start(iv); + return cipher; }; - modes.ofb = function(options) { - options = options || {}; - this.name = "OFB"; - this.cipher = options.cipher; - this.blockSize = options.blockSize || 16; - this._ints = this.blockSize / 4; - this._inBlock = null; - this._outBlock = new Array(this._ints); - this._partialOutput = forge.util.createBuffer(); - this._partialBytes = 0; + forge.des.createEncryptionCipher = function(key, mode) { + return _createCipher({ + key, + output: null, + decrypt: false, + mode + }); }; - modes.ofb.prototype.start = function(options) { - if (!("iv" in options)) { - throw new Error("Invalid IV parameter."); - } - this._iv = transformIV(options.iv, this.blockSize); - this._inBlock = this._iv.slice(0); - this._partialBytes = 0; + forge.des.startDecrypting = function(key, iv, output, mode) { + var cipher = _createCipher({ + key, + output, + decrypt: true, + mode: mode || (iv === null ? "ECB" : "CBC") + }); + cipher.start(iv); + return cipher; }; - modes.ofb.prototype.encrypt = function(input, output, finish) { - var inputLength = input.length(); - if (input.length() === 0) { - return true; - } - this.cipher.encrypt(this._inBlock, this._outBlock); - if (this._partialBytes === 0 && inputLength >= this.blockSize) { - for (var i = 0; i < this._ints; ++i) { - output.putInt32(input.getInt32() ^ this._outBlock[i]); - this._inBlock[i] = this._outBlock[i]; + forge.des.createDecryptionCipher = function(key, mode) { + return _createCipher({ + key, + output: null, + decrypt: true, + mode + }); + }; + forge.des.Algorithm = function(name, mode) { + var self2 = this; + self2.name = name; + self2.mode = new mode({ + blockSize: 8, + cipher: { + encrypt: function(inBlock, outBlock) { + return _updateBlock(self2._keys, inBlock, outBlock, false); + }, + decrypt: function(inBlock, outBlock) { + return _updateBlock(self2._keys, inBlock, outBlock, true); + } } + }); + self2._init = false; + }; + forge.des.Algorithm.prototype.initialize = function(options) { + if (this._init) { return; } - var partialBytes = (this.blockSize - inputLength) % this.blockSize; - if (partialBytes > 0) { - partialBytes = this.blockSize - partialBytes; - } - this._partialOutput.clear(); - for (var i = 0; i < this._ints; ++i) { - this._partialOutput.putInt32(input.getInt32() ^ this._outBlock[i]); - } - if (partialBytes > 0) { - input.read -= this.blockSize; - } else { - for (var i = 0; i < this._ints; ++i) { - this._inBlock[i] = this._outBlock[i]; + var key = forge.util.createBuffer(options.key); + if (this.name.indexOf("3DES") === 0) { + if (key.length() !== 24) { + throw new Error("Invalid Triple-DES key size: " + key.length() * 8); } } - if (this._partialBytes > 0) { - this._partialOutput.getBytes(this._partialBytes); - } - if (partialBytes > 0 && !finish) { - output.putBytes(this._partialOutput.getBytes( - partialBytes - this._partialBytes - )); - this._partialBytes = partialBytes; - return true; - } - output.putBytes(this._partialOutput.getBytes( - inputLength - this._partialBytes - )); - this._partialBytes = 0; - }; - modes.ofb.prototype.decrypt = modes.ofb.prototype.encrypt; - modes.ctr = function(options) { - options = options || {}; - this.name = "CTR"; - this.cipher = options.cipher; - this.blockSize = options.blockSize || 16; - this._ints = this.blockSize / 4; - this._inBlock = null; - this._outBlock = new Array(this._ints); - this._partialOutput = forge.util.createBuffer(); - this._partialBytes = 0; - }; - modes.ctr.prototype.start = function(options) { - if (!("iv" in options)) { - throw new Error("Invalid IV parameter."); - } - this._iv = transformIV(options.iv, this.blockSize); - this._inBlock = this._iv.slice(0); - this._partialBytes = 0; + this._keys = _createKeys(key); + this._init = true; }; - modes.ctr.prototype.encrypt = function(input, output, finish) { - var inputLength = input.length(); - if (inputLength === 0) { - return true; - } - this.cipher.encrypt(this._inBlock, this._outBlock); - if (this._partialBytes === 0 && inputLength >= this.blockSize) { - for (var i = 0; i < this._ints; ++i) { - output.putInt32(input.getInt32() ^ this._outBlock[i]); + registerAlgorithm("DES-ECB", forge.cipher.modes.ecb); + registerAlgorithm("DES-CBC", forge.cipher.modes.cbc); + registerAlgorithm("DES-CFB", forge.cipher.modes.cfb); + registerAlgorithm("DES-OFB", forge.cipher.modes.ofb); + registerAlgorithm("DES-CTR", forge.cipher.modes.ctr); + registerAlgorithm("3DES-ECB", forge.cipher.modes.ecb); + registerAlgorithm("3DES-CBC", forge.cipher.modes.cbc); + registerAlgorithm("3DES-CFB", forge.cipher.modes.cfb); + registerAlgorithm("3DES-OFB", forge.cipher.modes.ofb); + registerAlgorithm("3DES-CTR", forge.cipher.modes.ctr); + function registerAlgorithm(name, mode) { + var factory = function() { + return new forge.des.Algorithm(name, mode); + }; + forge.cipher.registerAlgorithm(name, factory); + } + var spfunction1 = [16843776, 0, 65536, 16843780, 16842756, 66564, 4, 65536, 1024, 16843776, 16843780, 1024, 16778244, 16842756, 16777216, 4, 1028, 16778240, 16778240, 66560, 66560, 16842752, 16842752, 16778244, 65540, 16777220, 16777220, 65540, 0, 1028, 66564, 16777216, 65536, 16843780, 4, 16842752, 16843776, 16777216, 16777216, 1024, 16842756, 65536, 66560, 16777220, 1024, 4, 16778244, 66564, 16843780, 65540, 16842752, 16778244, 16777220, 1028, 66564, 16843776, 1028, 16778240, 16778240, 0, 65540, 66560, 0, 16842756]; + var spfunction2 = [-2146402272, -2147450880, 32768, 1081376, 1048576, 32, -2146435040, -2147450848, -2147483616, -2146402272, -2146402304, -2147483648, -2147450880, 1048576, 32, -2146435040, 1081344, 1048608, -2147450848, 0, -2147483648, 32768, 1081376, -2146435072, 1048608, -2147483616, 0, 1081344, 32800, -2146402304, -2146435072, 32800, 0, 1081376, -2146435040, 1048576, -2147450848, -2146435072, -2146402304, 32768, -2146435072, -2147450880, 32, -2146402272, 1081376, 32, 32768, -2147483648, 32800, -2146402304, 1048576, -2147483616, 1048608, -2147450848, -2147483616, 1048608, 1081344, 0, -2147450880, 32800, -2147483648, -2146435040, -2146402272, 1081344]; + var spfunction3 = [520, 134349312, 0, 134348808, 134218240, 0, 131592, 134218240, 131080, 134217736, 134217736, 131072, 134349320, 131080, 134348800, 520, 134217728, 8, 134349312, 512, 131584, 134348800, 134348808, 131592, 134218248, 131584, 131072, 134218248, 8, 134349320, 512, 134217728, 134349312, 134217728, 131080, 520, 131072, 134349312, 134218240, 0, 512, 131080, 134349320, 134218240, 134217736, 512, 0, 134348808, 134218248, 131072, 134217728, 134349320, 8, 131592, 131584, 134217736, 134348800, 134218248, 520, 134348800, 131592, 8, 134348808, 131584]; + var spfunction4 = [8396801, 8321, 8321, 128, 8396928, 8388737, 8388609, 8193, 0, 8396800, 8396800, 8396929, 129, 0, 8388736, 8388609, 1, 8192, 8388608, 8396801, 128, 8388608, 8193, 8320, 8388737, 1, 8320, 8388736, 8192, 8396928, 8396929, 129, 8388736, 8388609, 8396800, 8396929, 129, 0, 0, 8396800, 8320, 8388736, 8388737, 1, 8396801, 8321, 8321, 128, 8396929, 129, 1, 8192, 8388609, 8193, 8396928, 8388737, 8193, 8320, 8388608, 8396801, 128, 8388608, 8192, 8396928]; + var spfunction5 = [256, 34078976, 34078720, 1107296512, 524288, 256, 1073741824, 34078720, 1074266368, 524288, 33554688, 1074266368, 1107296512, 1107820544, 524544, 1073741824, 33554432, 1074266112, 1074266112, 0, 1073742080, 1107820800, 1107820800, 33554688, 1107820544, 1073742080, 0, 1107296256, 34078976, 33554432, 1107296256, 524544, 524288, 1107296512, 256, 33554432, 1073741824, 34078720, 1107296512, 1074266368, 33554688, 1073741824, 1107820544, 34078976, 1074266368, 256, 33554432, 1107820544, 1107820800, 524544, 1107296256, 1107820800, 34078720, 0, 1074266112, 1107296256, 524544, 33554688, 1073742080, 524288, 0, 1074266112, 34078976, 1073742080]; + var spfunction6 = [536870928, 541065216, 16384, 541081616, 541065216, 16, 541081616, 4194304, 536887296, 4210704, 4194304, 536870928, 4194320, 536887296, 536870912, 16400, 0, 4194320, 536887312, 16384, 4210688, 536887312, 16, 541065232, 541065232, 0, 4210704, 541081600, 16400, 4210688, 541081600, 536870912, 536887296, 16, 541065232, 4210688, 541081616, 4194304, 16400, 536870928, 4194304, 536887296, 536870912, 16400, 536870928, 541081616, 4210688, 541065216, 4210704, 541081600, 0, 541065232, 16, 16384, 541065216, 4210704, 16384, 4194320, 536887312, 0, 541081600, 536870912, 4194320, 536887312]; + var spfunction7 = [2097152, 69206018, 67110914, 0, 2048, 67110914, 2099202, 69208064, 69208066, 2097152, 0, 67108866, 2, 67108864, 69206018, 2050, 67110912, 2099202, 2097154, 67110912, 67108866, 69206016, 69208064, 2097154, 69206016, 2048, 2050, 69208066, 2099200, 2, 67108864, 2099200, 67108864, 2099200, 2097152, 67110914, 67110914, 69206018, 69206018, 2, 2097154, 67108864, 67110912, 2097152, 69208064, 2050, 2099202, 69208064, 2050, 67108866, 69208066, 69206016, 2099200, 0, 2, 69208066, 0, 2099202, 69206016, 2048, 67108866, 67110912, 2048, 2097154]; + var spfunction8 = [268439616, 4096, 262144, 268701760, 268435456, 268439616, 64, 268435456, 262208, 268697600, 268701760, 266240, 268701696, 266304, 4096, 64, 268697600, 268435520, 268439552, 4160, 266240, 262208, 268697664, 268701696, 4160, 0, 0, 268697664, 268435520, 268439552, 266304, 262144, 266304, 262144, 268701696, 4096, 64, 268697664, 4096, 266304, 268439552, 64, 268435520, 268697600, 268697664, 268435456, 262144, 268439616, 0, 268701760, 262208, 268435520, 268697600, 268439552, 268439616, 0, 268701760, 266240, 266240, 4160, 4160, 262208, 268435456, 268701696]; + function _createKeys(key) { + var pc2bytes0 = [0, 4, 536870912, 536870916, 65536, 65540, 536936448, 536936452, 512, 516, 536871424, 536871428, 66048, 66052, 536936960, 536936964], pc2bytes1 = [0, 1, 1048576, 1048577, 67108864, 67108865, 68157440, 68157441, 256, 257, 1048832, 1048833, 67109120, 67109121, 68157696, 68157697], pc2bytes2 = [0, 8, 2048, 2056, 16777216, 16777224, 16779264, 16779272, 0, 8, 2048, 2056, 16777216, 16777224, 16779264, 16779272], pc2bytes3 = [0, 2097152, 134217728, 136314880, 8192, 2105344, 134225920, 136323072, 131072, 2228224, 134348800, 136445952, 139264, 2236416, 134356992, 136454144], pc2bytes4 = [0, 262144, 16, 262160, 0, 262144, 16, 262160, 4096, 266240, 4112, 266256, 4096, 266240, 4112, 266256], pc2bytes5 = [0, 1024, 32, 1056, 0, 1024, 32, 1056, 33554432, 33555456, 33554464, 33555488, 33554432, 33555456, 33554464, 33555488], pc2bytes6 = [0, 268435456, 524288, 268959744, 2, 268435458, 524290, 268959746, 0, 268435456, 524288, 268959744, 2, 268435458, 524290, 268959746], pc2bytes7 = [0, 65536, 2048, 67584, 536870912, 536936448, 536872960, 536938496, 131072, 196608, 133120, 198656, 537001984, 537067520, 537004032, 537069568], pc2bytes8 = [0, 262144, 0, 262144, 2, 262146, 2, 262146, 33554432, 33816576, 33554432, 33816576, 33554434, 33816578, 33554434, 33816578], pc2bytes9 = [0, 268435456, 8, 268435464, 0, 268435456, 8, 268435464, 1024, 268436480, 1032, 268436488, 1024, 268436480, 1032, 268436488], pc2bytes10 = [0, 32, 0, 32, 1048576, 1048608, 1048576, 1048608, 8192, 8224, 8192, 8224, 1056768, 1056800, 1056768, 1056800], pc2bytes11 = [0, 16777216, 512, 16777728, 2097152, 18874368, 2097664, 18874880, 67108864, 83886080, 67109376, 83886592, 69206016, 85983232, 69206528, 85983744], pc2bytes12 = [0, 4096, 134217728, 134221824, 524288, 528384, 134742016, 134746112, 16, 4112, 134217744, 134221840, 524304, 528400, 134742032, 134746128], pc2bytes13 = [0, 4, 256, 260, 0, 4, 256, 260, 1, 5, 257, 261, 1, 5, 257, 261]; + var iterations = key.length() > 8 ? 3 : 1; + var keys = []; + var shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0]; + var n = 0, tmp; + for (var j = 0; j < iterations; j++) { + var left = key.getInt32(); + var right = key.getInt32(); + tmp = (left >>> 4 ^ right) & 252645135; + right ^= tmp; + left ^= tmp << 4; + tmp = (right >>> -16 ^ left) & 65535; + left ^= tmp; + right ^= tmp << -16; + tmp = (left >>> 2 ^ right) & 858993459; + right ^= tmp; + left ^= tmp << 2; + tmp = (right >>> -16 ^ left) & 65535; + left ^= tmp; + right ^= tmp << -16; + tmp = (left >>> 1 ^ right) & 1431655765; + right ^= tmp; + left ^= tmp << 1; + tmp = (right >>> 8 ^ left) & 16711935; + left ^= tmp; + right ^= tmp << 8; + tmp = (left >>> 1 ^ right) & 1431655765; + right ^= tmp; + left ^= tmp << 1; + tmp = left << 8 | right >>> 20 & 240; + left = right << 24 | right << 8 & 16711680 | right >>> 8 & 65280 | right >>> 24 & 240; + right = tmp; + for (var i = 0; i < shifts.length; ++i) { + if (shifts[i]) { + left = left << 2 | left >>> 26; + right = right << 2 | right >>> 26; + } else { + left = left << 1 | left >>> 27; + right = right << 1 | right >>> 27; + } + left &= -15; + right &= -15; + var lefttmp = pc2bytes0[left >>> 28] | pc2bytes1[left >>> 24 & 15] | pc2bytes2[left >>> 20 & 15] | pc2bytes3[left >>> 16 & 15] | pc2bytes4[left >>> 12 & 15] | pc2bytes5[left >>> 8 & 15] | pc2bytes6[left >>> 4 & 15]; + var righttmp = pc2bytes7[right >>> 28] | pc2bytes8[right >>> 24 & 15] | pc2bytes9[right >>> 20 & 15] | pc2bytes10[right >>> 16 & 15] | pc2bytes11[right >>> 12 & 15] | pc2bytes12[right >>> 8 & 15] | pc2bytes13[right >>> 4 & 15]; + tmp = (righttmp >>> 16 ^ lefttmp) & 65535; + keys[n++] = lefttmp ^ tmp; + keys[n++] = righttmp ^ tmp << 16; } + } + return keys; + } + function _updateBlock(keys, input, output, decrypt) { + var iterations = keys.length === 32 ? 3 : 9; + var looping; + if (iterations === 3) { + looping = decrypt ? [30, -2, -2] : [0, 32, 2]; } else { - var partialBytes = (this.blockSize - inputLength) % this.blockSize; - if (partialBytes > 0) { - partialBytes = this.blockSize - partialBytes; - } - this._partialOutput.clear(); - for (var i = 0; i < this._ints; ++i) { - this._partialOutput.putInt32(input.getInt32() ^ this._outBlock[i]); - } - if (partialBytes > 0) { - input.read -= this.blockSize; - } - if (this._partialBytes > 0) { - this._partialOutput.getBytes(this._partialBytes); - } - if (partialBytes > 0 && !finish) { - output.putBytes(this._partialOutput.getBytes( - partialBytes - this._partialBytes - )); - this._partialBytes = partialBytes; - return true; + looping = decrypt ? [94, 62, -2, 32, 64, 2, 30, -2, -2] : [0, 32, 2, 62, 30, -2, 64, 96, 2]; + } + var tmp; + var left = input[0]; + var right = input[1]; + tmp = (left >>> 4 ^ right) & 252645135; + right ^= tmp; + left ^= tmp << 4; + tmp = (left >>> 16 ^ right) & 65535; + right ^= tmp; + left ^= tmp << 16; + tmp = (right >>> 2 ^ left) & 858993459; + left ^= tmp; + right ^= tmp << 2; + tmp = (right >>> 8 ^ left) & 16711935; + left ^= tmp; + right ^= tmp << 8; + tmp = (left >>> 1 ^ right) & 1431655765; + right ^= tmp; + left ^= tmp << 1; + left = left << 1 | left >>> 31; + right = right << 1 | right >>> 31; + for (var j = 0; j < iterations; j += 3) { + var endloop = looping[j + 1]; + var loopinc = looping[j + 2]; + for (var i = looping[j]; i != endloop; i += loopinc) { + var right1 = right ^ keys[i]; + var right2 = (right >>> 4 | right << 28) ^ keys[i + 1]; + tmp = left; + left = right; + right = tmp ^ (spfunction2[right1 >>> 24 & 63] | spfunction4[right1 >>> 16 & 63] | spfunction6[right1 >>> 8 & 63] | spfunction8[right1 & 63] | spfunction1[right2 >>> 24 & 63] | spfunction3[right2 >>> 16 & 63] | spfunction5[right2 >>> 8 & 63] | spfunction7[right2 & 63]); } - output.putBytes(this._partialOutput.getBytes( - inputLength - this._partialBytes - )); - this._partialBytes = 0; + tmp = left; + left = right; + right = tmp; } - inc32(this._inBlock); - }; - modes.ctr.prototype.decrypt = modes.ctr.prototype.encrypt; - modes.gcm = function(options) { + left = left >>> 1 | left << 31; + right = right >>> 1 | right << 31; + tmp = (left >>> 1 ^ right) & 1431655765; + right ^= tmp; + left ^= tmp << 1; + tmp = (right >>> 8 ^ left) & 16711935; + left ^= tmp; + right ^= tmp << 8; + tmp = (right >>> 2 ^ left) & 858993459; + left ^= tmp; + right ^= tmp << 2; + tmp = (left >>> 16 ^ right) & 65535; + right ^= tmp; + left ^= tmp << 16; + tmp = (left >>> 4 ^ right) & 252645135; + right ^= tmp; + left ^= tmp << 4; + output[0] = left; + output[1] = right; + } + function _createCipher(options) { options = options || {}; - this.name = "GCM"; - this.cipher = options.cipher; - this.blockSize = options.blockSize || 16; - this._ints = this.blockSize / 4; - this._inBlock = new Array(this._ints); - this._outBlock = new Array(this._ints); - this._partialOutput = forge.util.createBuffer(); - this._partialBytes = 0; - this._R = 3774873600; - }; - modes.gcm.prototype.start = function(options) { - if (!("iv" in options)) { - throw new Error("Invalid IV parameter."); - } - var iv = forge.util.createBuffer(options.iv); - this._cipherLength = 0; - var additionalData; - if ("additionalData" in options) { - additionalData = forge.util.createBuffer(options.additionalData); - } else { - additionalData = forge.util.createBuffer(); - } - if ("tagLength" in options) { - this._tagLength = options.tagLength; + var mode = (options.mode || "CBC").toUpperCase(); + var algorithm = "DES-" + mode; + var cipher; + if (options.decrypt) { + cipher = forge.cipher.createDecipher(algorithm, options.key); } else { - this._tagLength = 128; + cipher = forge.cipher.createCipher(algorithm, options.key); } - this._tag = null; - if (options.decrypt) { - this._tag = forge.util.createBuffer(options.tag).getBytes(); - if (this._tag.length !== this._tagLength / 8) { - throw new Error("Authentication tag does not match tag length."); + var start = cipher.start; + cipher.start = function(iv, options2) { + var output = null; + if (options2 instanceof forge.util.ByteBuffer) { + output = options2; + options2 = {}; } + options2 = options2 || {}; + options2.output = output; + options2.iv = iv; + start.call(cipher, options2); + }; + return cipher; + } + } +}); + +// node_modules/node-forge/lib/pbkdf2.js +var require_pbkdf2 = __commonJS({ + "node_modules/node-forge/lib/pbkdf2.js"(exports2, module2) { + var forge = require_forge(); + require_hmac(); + require_md(); + require_util9(); + var pkcs5 = forge.pkcs5 = forge.pkcs5 || {}; + var crypto2; + if (forge.util.isNodejs && !forge.options.usePureJavaScript) { + crypto2 = require("crypto"); + } + module2.exports = forge.pbkdf2 = pkcs5.pbkdf2 = function(p, s, c, dkLen, md, callback) { + if (typeof md === "function") { + callback = md; + md = null; } - this._hashBlock = new Array(this._ints); - this.tag = null; - this._hashSubkey = new Array(this._ints); - this.cipher.encrypt([0, 0, 0, 0], this._hashSubkey); - this.componentBits = 4; - this._m = this.generateHashTable(this._hashSubkey, this.componentBits); - var ivLength = iv.length(); - if (ivLength === 12) { - this._j0 = [iv.getInt32(), iv.getInt32(), iv.getInt32(), 1]; - } else { - this._j0 = [0, 0, 0, 0]; - while (iv.length() > 0) { - this._j0 = this.ghash( - this._hashSubkey, - this._j0, - [iv.getInt32(), iv.getInt32(), iv.getInt32(), iv.getInt32()] - ); - } - this._j0 = this.ghash( - this._hashSubkey, - this._j0, - [0, 0].concat(from64To32(ivLength * 8)) - ); - } - this._inBlock = this._j0.slice(0); - inc32(this._inBlock); - this._partialBytes = 0; - additionalData = forge.util.createBuffer(additionalData); - this._aDataLength = from64To32(additionalData.length() * 8); - var overflow = additionalData.length() % this.blockSize; - if (overflow) { - additionalData.fillWithByte(0, this.blockSize - overflow); - } - this._s = [0, 0, 0, 0]; - while (additionalData.length() > 0) { - this._s = this.ghash(this._hashSubkey, this._s, [ - additionalData.getInt32(), - additionalData.getInt32(), - additionalData.getInt32(), - additionalData.getInt32() - ]); - } - }; - modes.gcm.prototype.encrypt = function(input, output, finish) { - var inputLength = input.length(); - if (inputLength === 0) { - return true; - } - this.cipher.encrypt(this._inBlock, this._outBlock); - if (this._partialBytes === 0 && inputLength >= this.blockSize) { - for (var i = 0; i < this._ints; ++i) { - output.putInt32(this._outBlock[i] ^= input.getInt32()); - } - this._cipherLength += this.blockSize; - } else { - var partialBytes = (this.blockSize - inputLength) % this.blockSize; - if (partialBytes > 0) { - partialBytes = this.blockSize - partialBytes; - } - this._partialOutput.clear(); - for (var i = 0; i < this._ints; ++i) { - this._partialOutput.putInt32(input.getInt32() ^ this._outBlock[i]); + if (forge.util.isNodejs && !forge.options.usePureJavaScript && crypto2.pbkdf2 && (md === null || typeof md !== "object") && (crypto2.pbkdf2Sync.length > 4 || (!md || md === "sha1"))) { + if (typeof md !== "string") { + md = "sha1"; } - if (partialBytes <= 0 || finish) { - if (finish) { - var overflow = inputLength % this.blockSize; - this._cipherLength += overflow; - this._partialOutput.truncate(this.blockSize - overflow); - } else { - this._cipherLength += this.blockSize; - } - for (var i = 0; i < this._ints; ++i) { - this._outBlock[i] = this._partialOutput.getInt32(); + p = Buffer.from(p, "binary"); + s = Buffer.from(s, "binary"); + if (!callback) { + if (crypto2.pbkdf2Sync.length === 4) { + return crypto2.pbkdf2Sync(p, s, c, dkLen).toString("binary"); } - this._partialOutput.read -= this.blockSize; - } - if (this._partialBytes > 0) { - this._partialOutput.getBytes(this._partialBytes); + return crypto2.pbkdf2Sync(p, s, c, dkLen, md).toString("binary"); } - if (partialBytes > 0 && !finish) { - input.read -= this.blockSize; - output.putBytes(this._partialOutput.getBytes( - partialBytes - this._partialBytes - )); - this._partialBytes = partialBytes; - return true; + if (crypto2.pbkdf2Sync.length === 4) { + return crypto2.pbkdf2(p, s, c, dkLen, function(err2, key) { + if (err2) { + return callback(err2); + } + callback(null, key.toString("binary")); + }); } - output.putBytes(this._partialOutput.getBytes( - inputLength - this._partialBytes - )); - this._partialBytes = 0; - } - this._s = this.ghash(this._hashSubkey, this._s, this._outBlock); - inc32(this._inBlock); - }; - modes.gcm.prototype.decrypt = function(input, output, finish) { - var inputLength = input.length(); - if (inputLength < this.blockSize && !(finish && inputLength > 0)) { - return true; - } - this.cipher.encrypt(this._inBlock, this._outBlock); - inc32(this._inBlock); - this._hashBlock[0] = input.getInt32(); - this._hashBlock[1] = input.getInt32(); - this._hashBlock[2] = input.getInt32(); - this._hashBlock[3] = input.getInt32(); - this._s = this.ghash(this._hashSubkey, this._s, this._hashBlock); - for (var i = 0; i < this._ints; ++i) { - output.putInt32(this._outBlock[i] ^ this._hashBlock[i]); - } - if (inputLength < this.blockSize) { - this._cipherLength += inputLength % this.blockSize; - } else { - this._cipherLength += this.blockSize; - } - }; - modes.gcm.prototype.afterFinish = function(output, options) { - var rval = true; - if (options.decrypt && options.overflow) { - output.truncate(this.blockSize - options.overflow); - } - this.tag = forge.util.createBuffer(); - var lengths = this._aDataLength.concat(from64To32(this._cipherLength * 8)); - this._s = this.ghash(this._hashSubkey, this._s, lengths); - var tag = []; - this.cipher.encrypt(this._j0, tag); - for (var i = 0; i < this._ints; ++i) { - this.tag.putInt32(this._s[i] ^ tag[i]); + return crypto2.pbkdf2(p, s, c, dkLen, md, function(err2, key) { + if (err2) { + return callback(err2); + } + callback(null, key.toString("binary")); + }); } - this.tag.truncate(this.tag.length() % (this._tagLength / 8)); - if (options.decrypt && this.tag.bytes() !== this._tag) { - rval = false; + if (typeof md === "undefined" || md === null) { + md = "sha1"; } - return rval; - }; - modes.gcm.prototype.multiply = function(x, y) { - var z_i = [0, 0, 0, 0]; - var v_i = y.slice(0); - for (var i = 0; i < 128; ++i) { - var x_i = x[i / 32 | 0] & 1 << 31 - i % 32; - if (x_i) { - z_i[0] ^= v_i[0]; - z_i[1] ^= v_i[1]; - z_i[2] ^= v_i[2]; - z_i[3] ^= v_i[3]; + if (typeof md === "string") { + if (!(md in forge.md.algorithms)) { + throw new Error("Unknown hash algorithm: " + md); } - this.pow(v_i, v_i); - } - return z_i; - }; - modes.gcm.prototype.pow = function(x, out) { - var lsb = x[3] & 1; - for (var i = 3; i > 0; --i) { - out[i] = x[i] >>> 1 | (x[i - 1] & 1) << 31; - } - out[0] = x[0] >>> 1; - if (lsb) { - out[0] ^= this._R; - } - }; - modes.gcm.prototype.tableMultiply = function(x) { - var z = [0, 0, 0, 0]; - for (var i = 0; i < 32; ++i) { - var idx = i / 8 | 0; - var x_i = x[idx] >>> (7 - i % 8) * 4 & 15; - var ah = this._m[i][x_i]; - z[0] ^= ah[0]; - z[1] ^= ah[1]; - z[2] ^= ah[2]; - z[3] ^= ah[3]; - } - return z; - }; - modes.gcm.prototype.ghash = function(h, y, x) { - y[0] ^= x[0]; - y[1] ^= x[1]; - y[2] ^= x[2]; - y[3] ^= x[3]; - return this.tableMultiply(y); - }; - modes.gcm.prototype.generateHashTable = function(h, bits) { - var multiplier = 8 / bits; - var perInt = 4 * multiplier; - var size = 16 * multiplier; - var m = new Array(size); - for (var i = 0; i < size; ++i) { - var tmp = [0, 0, 0, 0]; - var idx = i / perInt | 0; - var shft = (perInt - 1 - i % perInt) * bits; - tmp[idx] = 1 << bits - 1 << shft; - m[i] = this.generateSubHashTable(this.multiply(tmp, h), bits); - } - return m; - }; - modes.gcm.prototype.generateSubHashTable = function(mid, bits) { - var size = 1 << bits; - var half = size >>> 1; - var m = new Array(size); - m[half] = mid.slice(0); - var i = half >>> 1; - while (i > 0) { - this.pow(m[2 * i], m[i] = []); - i >>= 1; + md = forge.md[md].create(); } - i = 2; - while (i < half) { - for (var j = 1; j < i; ++j) { - var m_i = m[i]; - var m_j = m[j]; - m[i + j] = [ - m_i[0] ^ m_j[0], - m_i[1] ^ m_j[1], - m_i[2] ^ m_j[2], - m_i[3] ^ m_j[3] - ]; + var hLen = md.digestLength; + if (dkLen > 4294967295 * hLen) { + var err = new Error("Derived key is too long."); + if (callback) { + return callback(err); } - i *= 2; - } - m[0] = [0, 0, 0, 0]; - for (i = half + 1; i < size; ++i) { - var c = m[i ^ half]; - m[i] = [mid[0] ^ c[0], mid[1] ^ c[1], mid[2] ^ c[2], mid[3] ^ c[3]]; - } - return m; - }; - function transformIV(iv, blockSize) { - if (typeof iv === "string") { - iv = forge.util.createBuffer(iv); + throw err; } - if (forge.util.isArray(iv) && iv.length > 4) { - var tmp = iv; - iv = forge.util.createBuffer(); - for (var i = 0; i < tmp.length; ++i) { - iv.putByte(tmp[i]); + var len = Math.ceil(dkLen / hLen); + var r = dkLen - (len - 1) * hLen; + var prf = forge.hmac.create(); + prf.start(md, p); + var dk = ""; + var xor, u_c, u_c1; + if (!callback) { + for (var i = 1; i <= len; ++i) { + prf.start(null, null); + prf.update(s); + prf.update(forge.util.int32ToBytes(i)); + xor = u_c1 = prf.digest().getBytes(); + for (var j = 2; j <= c; ++j) { + prf.start(null, null); + prf.update(u_c1); + u_c = prf.digest().getBytes(); + xor = forge.util.xorBytes(xor, u_c, hLen); + u_c1 = u_c; + } + dk += i < len ? xor : xor.substr(0, r); } + return dk; } - if (iv.length() < blockSize) { - throw new Error( - "Invalid IV length; got " + iv.length() + " bytes and expected " + blockSize + " bytes." - ); + var i = 1, j; + function outer() { + if (i > len) { + return callback(null, dk); + } + prf.start(null, null); + prf.update(s); + prf.update(forge.util.int32ToBytes(i)); + xor = u_c1 = prf.digest().getBytes(); + j = 2; + inner(); } - if (!forge.util.isArray(iv)) { - var ints = []; - var blocks = blockSize / 4; - for (var i = 0; i < blocks; ++i) { - ints.push(iv.getInt32()); + function inner() { + if (j <= c) { + prf.start(null, null); + prf.update(u_c1); + u_c = prf.digest().getBytes(); + xor = forge.util.xorBytes(xor, u_c, hLen); + u_c1 = u_c; + ++j; + return forge.util.setImmediate(inner); } - iv = ints; + dk += i < len ? xor : xor.substr(0, r); + ++i; + outer(); } - return iv; - } - function inc32(block) { - block[block.length - 1] = block[block.length - 1] + 1 & 4294967295; - } - function from64To32(num) { - return [num / 4294967296 | 0, num & 4294967295]; - } + outer(); + }; } }); -// node_modules/node-forge/lib/aes.js -var require_aes = __commonJS({ - "node_modules/node-forge/lib/aes.js"(exports2, module2) { +// node_modules/node-forge/lib/sha256.js +var require_sha256 = __commonJS({ + "node_modules/node-forge/lib/sha256.js"(exports2, module2) { var forge = require_forge(); - require_cipher(); - require_cipherModes(); + require_md(); require_util9(); - module2.exports = forge.aes = forge.aes || {}; - forge.aes.startEncrypting = function(key, iv, output, mode) { - var cipher = _createCipher({ - key, - output, - decrypt: false, - mode - }); - cipher.start(iv); - return cipher; - }; - forge.aes.createEncryptionCipher = function(key, mode) { - return _createCipher({ - key, - output: null, - decrypt: false, - mode - }); - }; - forge.aes.startDecrypting = function(key, iv, output, mode) { - var cipher = _createCipher({ - key, - output, - decrypt: true, - mode - }); - cipher.start(iv); - return cipher; - }; - forge.aes.createDecryptionCipher = function(key, mode) { - return _createCipher({ - key, - output: null, - decrypt: true, - mode - }); - }; - forge.aes.Algorithm = function(name, mode) { - if (!init) { - initialize(); + var sha256 = module2.exports = forge.sha256 = forge.sha256 || {}; + forge.md.sha256 = forge.md.algorithms.sha256 = sha256; + sha256.create = function() { + if (!_initialized) { + _init(); } - var self2 = this; - self2.name = name; - self2.mode = new mode({ - blockSize: 16, - cipher: { - encrypt: function(inBlock, outBlock) { - return _updateBlock(self2._w, inBlock, outBlock, false); - }, - decrypt: function(inBlock, outBlock) { - return _updateBlock(self2._w, inBlock, outBlock, true); - } + var _state = null; + var _input = forge.util.createBuffer(); + var _w = new Array(64); + var md = { + algorithm: "sha256", + blockLength: 64, + digestLength: 32, + // 56-bit length of message so far (does not including padding) + messageLength: 0, + // true message length + fullMessageLength: null, + // size of message length in bytes + messageLengthSize: 8 + }; + md.start = function() { + md.messageLength = 0; + md.fullMessageLength = md.messageLength64 = []; + var int32s = md.messageLengthSize / 4; + for (var i = 0; i < int32s; ++i) { + md.fullMessageLength.push(0); } - }); - self2._init = false; - }; - forge.aes.Algorithm.prototype.initialize = function(options) { - if (this._init) { - return; - } - var key = options.key; - var tmp; - if (typeof key === "string" && (key.length === 16 || key.length === 24 || key.length === 32)) { - key = forge.util.createBuffer(key); - } else if (forge.util.isArray(key) && (key.length === 16 || key.length === 24 || key.length === 32)) { - tmp = key; - key = forge.util.createBuffer(); - for (var i = 0; i < tmp.length; ++i) { - key.putByte(tmp[i]); + _input = forge.util.createBuffer(); + _state = { + h0: 1779033703, + h1: 3144134277, + h2: 1013904242, + h3: 2773480762, + h4: 1359893119, + h5: 2600822924, + h6: 528734635, + h7: 1541459225 + }; + return md; + }; + md.start(); + md.update = function(msg, encoding) { + if (encoding === "utf8") { + msg = forge.util.encodeUtf8(msg); } - } - if (!forge.util.isArray(key)) { - tmp = key; - key = []; - var len = tmp.length(); - if (len === 16 || len === 24 || len === 32) { - len = len >>> 2; - for (var i = 0; i < len; ++i) { - key.push(tmp.getInt32()); - } + var len = msg.length; + md.messageLength += len; + len = [len / 4294967296 >>> 0, len >>> 0]; + for (var i = md.fullMessageLength.length - 1; i >= 0; --i) { + md.fullMessageLength[i] += len[1]; + len[1] = len[0] + (md.fullMessageLength[i] / 4294967296 >>> 0); + md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0; + len[0] = len[1] / 4294967296 >>> 0; } + _input.putBytes(msg); + _update(_state, _w, _input); + if (_input.read > 2048 || _input.length() === 0) { + _input.compact(); + } + return md; + }; + md.digest = function() { + var finalBlock = forge.util.createBuffer(); + finalBlock.putBytes(_input.bytes()); + var remaining = md.fullMessageLength[md.fullMessageLength.length - 1] + md.messageLengthSize; + var overflow = remaining & md.blockLength - 1; + finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow)); + var next, carry; + var bits = md.fullMessageLength[0] * 8; + for (var i = 0; i < md.fullMessageLength.length - 1; ++i) { + next = md.fullMessageLength[i + 1] * 8; + carry = next / 4294967296 >>> 0; + bits += carry; + finalBlock.putInt32(bits >>> 0); + bits = next >>> 0; + } + finalBlock.putInt32(bits); + var s2 = { + h0: _state.h0, + h1: _state.h1, + h2: _state.h2, + h3: _state.h3, + h4: _state.h4, + h5: _state.h5, + h6: _state.h6, + h7: _state.h7 + }; + _update(s2, _w, finalBlock); + var rval = forge.util.createBuffer(); + rval.putInt32(s2.h0); + rval.putInt32(s2.h1); + rval.putInt32(s2.h2); + rval.putInt32(s2.h3); + rval.putInt32(s2.h4); + rval.putInt32(s2.h5); + rval.putInt32(s2.h6); + rval.putInt32(s2.h7); + return rval; + }; + return md; + }; + var _padding = null; + var _initialized = false; + var _k = null; + function _init() { + _padding = String.fromCharCode(128); + _padding += forge.util.fillString(String.fromCharCode(0), 64); + _k = [ + 1116352408, + 1899447441, + 3049323471, + 3921009573, + 961987163, + 1508970993, + 2453635748, + 2870763221, + 3624381080, + 310598401, + 607225278, + 1426881987, + 1925078388, + 2162078206, + 2614888103, + 3248222580, + 3835390401, + 4022224774, + 264347078, + 604807628, + 770255983, + 1249150122, + 1555081692, + 1996064986, + 2554220882, + 2821834349, + 2952996808, + 3210313671, + 3336571891, + 3584528711, + 113926993, + 338241895, + 666307205, + 773529912, + 1294757372, + 1396182291, + 1695183700, + 1986661051, + 2177026350, + 2456956037, + 2730485921, + 2820302411, + 3259730800, + 3345764771, + 3516065817, + 3600352804, + 4094571909, + 275423344, + 430227734, + 506948616, + 659060556, + 883997877, + 958139571, + 1322822218, + 1537002063, + 1747873779, + 1955562222, + 2024104815, + 2227730452, + 2361852424, + 2428436474, + 2756734187, + 3204031479, + 3329325298 + ]; + _initialized = true; + } + function _update(s, w, bytes) { + var t1, t2, s0, s1, ch, maj, i, a, b, c, d, e, f, g, h; + var len = bytes.length(); + while (len >= 64) { + for (i = 0; i < 16; ++i) { + w[i] = bytes.getInt32(); + } + for (; i < 64; ++i) { + t1 = w[i - 2]; + t1 = (t1 >>> 17 | t1 << 15) ^ (t1 >>> 19 | t1 << 13) ^ t1 >>> 10; + t2 = w[i - 15]; + t2 = (t2 >>> 7 | t2 << 25) ^ (t2 >>> 18 | t2 << 14) ^ t2 >>> 3; + w[i] = t1 + w[i - 7] + t2 + w[i - 16] | 0; + } + a = s.h0; + b = s.h1; + c = s.h2; + d = s.h3; + e = s.h4; + f = s.h5; + g = s.h6; + h = s.h7; + for (i = 0; i < 64; ++i) { + s1 = (e >>> 6 | e << 26) ^ (e >>> 11 | e << 21) ^ (e >>> 25 | e << 7); + ch = g ^ e & (f ^ g); + s0 = (a >>> 2 | a << 30) ^ (a >>> 13 | a << 19) ^ (a >>> 22 | a << 10); + maj = a & b | c & (a ^ b); + t1 = h + s1 + ch + _k[i] + w[i]; + t2 = s0 + maj; + h = g; + g = f; + f = e; + e = d + t1 >>> 0; + d = c; + c = b; + b = a; + a = t1 + t2 >>> 0; + } + s.h0 = s.h0 + a | 0; + s.h1 = s.h1 + b | 0; + s.h2 = s.h2 + c | 0; + s.h3 = s.h3 + d | 0; + s.h4 = s.h4 + e | 0; + s.h5 = s.h5 + f | 0; + s.h6 = s.h6 + g | 0; + s.h7 = s.h7 + h | 0; + len -= 64; } - if (!forge.util.isArray(key) || !(key.length === 4 || key.length === 6 || key.length === 8)) { - throw new Error("Invalid key parameter."); - } - var mode = this.mode.name; - var encryptOp = ["CFB", "OFB", "CTR", "GCM"].indexOf(mode) !== -1; - this._w = _expandKey(key, options.decrypt && !encryptOp); - this._init = true; - }; - forge.aes._expandKey = function(key, decrypt) { - if (!init) { - initialize(); - } - return _expandKey(key, decrypt); - }; - forge.aes._updateBlock = _updateBlock; - registerAlgorithm("AES-ECB", forge.cipher.modes.ecb); - registerAlgorithm("AES-CBC", forge.cipher.modes.cbc); - registerAlgorithm("AES-CFB", forge.cipher.modes.cfb); - registerAlgorithm("AES-OFB", forge.cipher.modes.ofb); - registerAlgorithm("AES-CTR", forge.cipher.modes.ctr); - registerAlgorithm("AES-GCM", forge.cipher.modes.gcm); - function registerAlgorithm(name, mode) { - var factory = function() { - return new forge.aes.Algorithm(name, mode); - }; - forge.cipher.registerAlgorithm(name, factory); - } - var init = false; - var Nb = 4; - var sbox; - var isbox; - var rcon; - var mix; - var imix; - function initialize() { - init = true; - rcon = [0, 1, 2, 4, 8, 16, 32, 64, 128, 27, 54]; - var xtime = new Array(256); - for (var i = 0; i < 128; ++i) { - xtime[i] = i << 1; - xtime[i + 128] = i + 128 << 1 ^ 283; - } - sbox = new Array(256); - isbox = new Array(256); - mix = new Array(4); - imix = new Array(4); - for (var i = 0; i < 4; ++i) { - mix[i] = new Array(256); - imix[i] = new Array(256); + } + } +}); + +// node_modules/node-forge/lib/prng.js +var require_prng = __commonJS({ + "node_modules/node-forge/lib/prng.js"(exports2, module2) { + var forge = require_forge(); + require_util9(); + var _crypto = null; + if (forge.util.isNodejs && !forge.options.usePureJavaScript && !process.versions["node-webkit"]) { + _crypto = require("crypto"); + } + var prng = module2.exports = forge.prng = forge.prng || {}; + prng.create = function(plugin) { + var ctx = { + plugin, + key: null, + seed: null, + time: null, + // number of reseeds so far + reseeds: 0, + // amount of data generated so far + generated: 0, + // no initial key bytes + keyBytes: "" + }; + var md = plugin.md; + var pools = new Array(32); + for (var i = 0; i < 32; ++i) { + pools[i] = md.create(); } - var e = 0, ei = 0, e2, e4, e8, sx, sx2, me, ime; - for (var i = 0; i < 256; ++i) { - sx = ei ^ ei << 1 ^ ei << 2 ^ ei << 3 ^ ei << 4; - sx = sx >> 8 ^ sx & 255 ^ 99; - sbox[e] = sx; - isbox[sx] = e; - sx2 = xtime[sx]; - e2 = xtime[e]; - e4 = xtime[e2]; - e8 = xtime[e4]; - me = sx2 << 24 ^ // 2 - sx << 16 ^ // 1 - sx << 8 ^ // 1 - (sx ^ sx2); - ime = (e2 ^ e4 ^ e8) << 24 ^ // E (14) - (e ^ e8) << 16 ^ // 9 - (e ^ e4 ^ e8) << 8 ^ // D (13) - (e ^ e2 ^ e8); - for (var n = 0; n < 4; ++n) { - mix[n][e] = me; - imix[n][sx] = ime; - me = me << 24 | me >>> 8; - ime = ime << 24 | ime >>> 8; + ctx.pools = pools; + ctx.pool = 0; + ctx.generate = function(count, callback) { + if (!callback) { + return ctx.generateSync(count); } - if (e === 0) { - e = ei = 1; - } else { - e = e2 ^ xtime[xtime[xtime[e2 ^ e8]]]; - ei ^= xtime[xtime[ei]]; + var cipher = ctx.plugin.cipher; + var increment = ctx.plugin.increment; + var formatKey = ctx.plugin.formatKey; + var formatSeed = ctx.plugin.formatSeed; + var b = forge.util.createBuffer(); + ctx.key = null; + generate(); + function generate(err) { + if (err) { + return callback(err); + } + if (b.length() >= count) { + return callback(null, b.getBytes(count)); + } + if (ctx.generated > 1048575) { + ctx.key = null; + } + if (ctx.key === null) { + return forge.util.nextTick(function() { + _reseed(generate); + }); + } + var bytes = cipher(ctx.key, ctx.seed); + ctx.generated += bytes.length; + b.putBytes(bytes); + ctx.key = formatKey(cipher(ctx.key, increment(ctx.seed))); + ctx.seed = formatSeed(cipher(ctx.key, ctx.seed)); + forge.util.setImmediate(generate); + } + }; + ctx.generateSync = function(count) { + var cipher = ctx.plugin.cipher; + var increment = ctx.plugin.increment; + var formatKey = ctx.plugin.formatKey; + var formatSeed = ctx.plugin.formatSeed; + ctx.key = null; + var b = forge.util.createBuffer(); + while (b.length() < count) { + if (ctx.generated > 1048575) { + ctx.key = null; + } + if (ctx.key === null) { + _reseedSync(); + } + var bytes = cipher(ctx.key, ctx.seed); + ctx.generated += bytes.length; + b.putBytes(bytes); + ctx.key = formatKey(cipher(ctx.key, increment(ctx.seed))); + ctx.seed = formatSeed(cipher(ctx.key, ctx.seed)); + } + return b.getBytes(count); + }; + function _reseed(callback) { + if (ctx.pools[0].messageLength >= 32) { + _seed(); + return callback(); } + var needed = 32 - ctx.pools[0].messageLength << 5; + ctx.seedFile(needed, function(err, bytes) { + if (err) { + return callback(err); + } + ctx.collect(bytes); + _seed(); + callback(); + }); } - } - function _expandKey(key, decrypt) { - var w = key.slice(0); - var temp, iNk = 1; - var Nk = w.length; - var Nr1 = Nk + 6 + 1; - var end = Nb * Nr1; - for (var i = Nk; i < end; ++i) { - temp = w[i - 1]; - if (i % Nk === 0) { - temp = sbox[temp >>> 16 & 255] << 24 ^ sbox[temp >>> 8 & 255] << 16 ^ sbox[temp & 255] << 8 ^ sbox[temp >>> 24] ^ rcon[iNk] << 24; - iNk++; - } else if (Nk > 6 && i % Nk === 4) { - temp = sbox[temp >>> 24] << 24 ^ sbox[temp >>> 16 & 255] << 16 ^ sbox[temp >>> 8 & 255] << 8 ^ sbox[temp & 255]; + function _reseedSync() { + if (ctx.pools[0].messageLength >= 32) { + return _seed(); } - w[i] = w[i - Nk] ^ temp; + var needed = 32 - ctx.pools[0].messageLength << 5; + ctx.collect(ctx.seedFileSync(needed)); + _seed(); } - if (decrypt) { - var tmp; - var m0 = imix[0]; - var m1 = imix[1]; - var m2 = imix[2]; - var m3 = imix[3]; - var wnew = w.slice(0); - end = w.length; - for (var i = 0, wi = end - Nb; i < end; i += Nb, wi -= Nb) { - if (i === 0 || i === end - Nb) { - wnew[i] = w[wi]; - wnew[i + 1] = w[wi + 3]; - wnew[i + 2] = w[wi + 2]; - wnew[i + 3] = w[wi + 1]; - } else { - for (var n = 0; n < Nb; ++n) { - tmp = w[wi + n]; - wnew[i + (3 & -n)] = m0[sbox[tmp >>> 24]] ^ m1[sbox[tmp >>> 16 & 255]] ^ m2[sbox[tmp >>> 8 & 255]] ^ m3[sbox[tmp & 255]]; - } + function _seed() { + ctx.reseeds = ctx.reseeds === 4294967295 ? 0 : ctx.reseeds + 1; + var md2 = ctx.plugin.md.create(); + md2.update(ctx.keyBytes); + var _2powK = 1; + for (var k = 0; k < 32; ++k) { + if (ctx.reseeds % _2powK === 0) { + md2.update(ctx.pools[k].digest().getBytes()); + ctx.pools[k].start(); } + _2powK = _2powK << 1; } - w = wnew; - } - return w; - } - function _updateBlock(w, input, output, decrypt) { - var Nr = w.length / 4 - 1; - var m0, m1, m2, m3, sub; - if (decrypt) { - m0 = imix[0]; - m1 = imix[1]; - m2 = imix[2]; - m3 = imix[3]; - sub = isbox; - } else { - m0 = mix[0]; - m1 = mix[1]; - m2 = mix[2]; - m3 = mix[3]; - sub = sbox; + ctx.keyBytes = md2.digest().getBytes(); + md2.start(); + md2.update(ctx.keyBytes); + var seedBytes = md2.digest().getBytes(); + ctx.key = ctx.plugin.formatKey(ctx.keyBytes); + ctx.seed = ctx.plugin.formatSeed(seedBytes); + ctx.generated = 0; } - var a, b, c, d, a2, b2, c2; - a = input[0] ^ w[0]; - b = input[decrypt ? 3 : 1] ^ w[1]; - c = input[2] ^ w[2]; - d = input[decrypt ? 1 : 3] ^ w[3]; - var i = 3; - for (var round = 1; round < Nr; ++round) { - a2 = m0[a >>> 24] ^ m1[b >>> 16 & 255] ^ m2[c >>> 8 & 255] ^ m3[d & 255] ^ w[++i]; - b2 = m0[b >>> 24] ^ m1[c >>> 16 & 255] ^ m2[d >>> 8 & 255] ^ m3[a & 255] ^ w[++i]; - c2 = m0[c >>> 24] ^ m1[d >>> 16 & 255] ^ m2[a >>> 8 & 255] ^ m3[b & 255] ^ w[++i]; - d = m0[d >>> 24] ^ m1[a >>> 16 & 255] ^ m2[b >>> 8 & 255] ^ m3[c & 255] ^ w[++i]; - a = a2; - b = b2; - c = c2; + function defaultSeedFile(needed) { + var getRandomValues = null; + var globalScope = forge.util.globalScope; + var _crypto2 = globalScope.crypto || globalScope.msCrypto; + if (_crypto2 && _crypto2.getRandomValues) { + getRandomValues = function(arr) { + return _crypto2.getRandomValues(arr); + }; + } + var b = forge.util.createBuffer(); + if (getRandomValues) { + while (b.length() < needed) { + var count = Math.max(1, Math.min(needed - b.length(), 65536) / 4); + var entropy = new Uint32Array(Math.floor(count)); + try { + getRandomValues(entropy); + for (var i2 = 0; i2 < entropy.length; ++i2) { + b.putInt32(entropy[i2]); + } + } catch (e) { + if (!(typeof QuotaExceededError !== "undefined" && e instanceof QuotaExceededError)) { + throw e; + } + } + } + } + if (b.length() < needed) { + var hi, lo, next; + var seed = Math.floor(Math.random() * 65536); + while (b.length() < needed) { + lo = 16807 * (seed & 65535); + hi = 16807 * (seed >> 16); + lo += (hi & 32767) << 16; + lo += hi >> 15; + lo = (lo & 2147483647) + (lo >> 31); + seed = lo & 4294967295; + for (var i2 = 0; i2 < 3; ++i2) { + next = seed >>> (i2 << 3); + next ^= Math.floor(Math.random() * 256); + b.putByte(next & 255); + } + } + } + return b.getBytes(needed); } - output[0] = sub[a >>> 24] << 24 ^ sub[b >>> 16 & 255] << 16 ^ sub[c >>> 8 & 255] << 8 ^ sub[d & 255] ^ w[++i]; - output[decrypt ? 3 : 1] = sub[b >>> 24] << 24 ^ sub[c >>> 16 & 255] << 16 ^ sub[d >>> 8 & 255] << 8 ^ sub[a & 255] ^ w[++i]; - output[2] = sub[c >>> 24] << 24 ^ sub[d >>> 16 & 255] << 16 ^ sub[a >>> 8 & 255] << 8 ^ sub[b & 255] ^ w[++i]; - output[decrypt ? 1 : 3] = sub[d >>> 24] << 24 ^ sub[a >>> 16 & 255] << 16 ^ sub[b >>> 8 & 255] << 8 ^ sub[c & 255] ^ w[++i]; - } - function _createCipher(options) { - options = options || {}; - var mode = (options.mode || "CBC").toUpperCase(); - var algorithm = "AES-" + mode; - var cipher; - if (options.decrypt) { - cipher = forge.cipher.createDecipher(algorithm, options.key); + if (_crypto) { + ctx.seedFile = function(needed, callback) { + _crypto.randomBytes(needed, function(err, bytes) { + if (err) { + return callback(err); + } + callback(null, bytes.toString()); + }); + }; + ctx.seedFileSync = function(needed) { + return _crypto.randomBytes(needed).toString(); + }; } else { - cipher = forge.cipher.createCipher(algorithm, options.key); + ctx.seedFile = function(needed, callback) { + try { + callback(null, defaultSeedFile(needed)); + } catch (e) { + callback(e); + } + }; + ctx.seedFileSync = defaultSeedFile; } - var start = cipher.start; - cipher.start = function(iv, options2) { - var output = null; - if (options2 instanceof forge.util.ByteBuffer) { - output = options2; - options2 = {}; + ctx.collect = function(bytes) { + var count = bytes.length; + for (var i2 = 0; i2 < count; ++i2) { + ctx.pools[ctx.pool].update(bytes.substr(i2, 1)); + ctx.pool = ctx.pool === 31 ? 0 : ctx.pool + 1; } - options2 = options2 || {}; - options2.output = output; - options2.iv = iv; - start.call(cipher, options2); }; - return cipher; - } - } -}); - -// node_modules/node-forge/lib/oids.js -var require_oids = __commonJS({ - "node_modules/node-forge/lib/oids.js"(exports2, module2) { - var forge = require_forge(); - forge.pki = forge.pki || {}; - var oids = module2.exports = forge.pki.oids = forge.oids = forge.oids || {}; - function _IN(id, name) { - oids[id] = name; - oids[name] = id; - } - function _I_(id, name) { - oids[id] = name; - } - _IN("1.2.840.113549.1.1.1", "rsaEncryption"); - _IN("1.2.840.113549.1.1.4", "md5WithRSAEncryption"); - _IN("1.2.840.113549.1.1.5", "sha1WithRSAEncryption"); - _IN("1.2.840.113549.1.1.7", "RSAES-OAEP"); - _IN("1.2.840.113549.1.1.8", "mgf1"); - _IN("1.2.840.113549.1.1.9", "pSpecified"); - _IN("1.2.840.113549.1.1.10", "RSASSA-PSS"); - _IN("1.2.840.113549.1.1.11", "sha256WithRSAEncryption"); - _IN("1.2.840.113549.1.1.12", "sha384WithRSAEncryption"); - _IN("1.2.840.113549.1.1.13", "sha512WithRSAEncryption"); - _IN("1.3.101.112", "EdDSA25519"); - _IN("1.2.840.10040.4.3", "dsa-with-sha1"); - _IN("1.3.14.3.2.7", "desCBC"); - _IN("1.3.14.3.2.26", "sha1"); - _IN("1.3.14.3.2.29", "sha1WithRSASignature"); - _IN("2.16.840.1.101.3.4.2.1", "sha256"); - _IN("2.16.840.1.101.3.4.2.2", "sha384"); - _IN("2.16.840.1.101.3.4.2.3", "sha512"); - _IN("2.16.840.1.101.3.4.2.4", "sha224"); - _IN("2.16.840.1.101.3.4.2.5", "sha512-224"); - _IN("2.16.840.1.101.3.4.2.6", "sha512-256"); - _IN("1.2.840.113549.2.2", "md2"); - _IN("1.2.840.113549.2.5", "md5"); - _IN("1.2.840.113549.1.7.1", "data"); - _IN("1.2.840.113549.1.7.2", "signedData"); - _IN("1.2.840.113549.1.7.3", "envelopedData"); - _IN("1.2.840.113549.1.7.4", "signedAndEnvelopedData"); - _IN("1.2.840.113549.1.7.5", "digestedData"); - _IN("1.2.840.113549.1.7.6", "encryptedData"); - _IN("1.2.840.113549.1.9.1", "emailAddress"); - _IN("1.2.840.113549.1.9.2", "unstructuredName"); - _IN("1.2.840.113549.1.9.3", "contentType"); - _IN("1.2.840.113549.1.9.4", "messageDigest"); - _IN("1.2.840.113549.1.9.5", "signingTime"); - _IN("1.2.840.113549.1.9.6", "counterSignature"); - _IN("1.2.840.113549.1.9.7", "challengePassword"); - _IN("1.2.840.113549.1.9.8", "unstructuredAddress"); - _IN("1.2.840.113549.1.9.14", "extensionRequest"); - _IN("1.2.840.113549.1.9.20", "friendlyName"); - _IN("1.2.840.113549.1.9.21", "localKeyId"); - _IN("1.2.840.113549.1.9.22.1", "x509Certificate"); - _IN("1.2.840.113549.1.12.10.1.1", "keyBag"); - _IN("1.2.840.113549.1.12.10.1.2", "pkcs8ShroudedKeyBag"); - _IN("1.2.840.113549.1.12.10.1.3", "certBag"); - _IN("1.2.840.113549.1.12.10.1.4", "crlBag"); - _IN("1.2.840.113549.1.12.10.1.5", "secretBag"); - _IN("1.2.840.113549.1.12.10.1.6", "safeContentsBag"); - _IN("1.2.840.113549.1.5.13", "pkcs5PBES2"); - _IN("1.2.840.113549.1.5.12", "pkcs5PBKDF2"); - _IN("1.2.840.113549.1.12.1.1", "pbeWithSHAAnd128BitRC4"); - _IN("1.2.840.113549.1.12.1.2", "pbeWithSHAAnd40BitRC4"); - _IN("1.2.840.113549.1.12.1.3", "pbeWithSHAAnd3-KeyTripleDES-CBC"); - _IN("1.2.840.113549.1.12.1.4", "pbeWithSHAAnd2-KeyTripleDES-CBC"); - _IN("1.2.840.113549.1.12.1.5", "pbeWithSHAAnd128BitRC2-CBC"); - _IN("1.2.840.113549.1.12.1.6", "pbewithSHAAnd40BitRC2-CBC"); - _IN("1.2.840.113549.2.7", "hmacWithSHA1"); - _IN("1.2.840.113549.2.8", "hmacWithSHA224"); - _IN("1.2.840.113549.2.9", "hmacWithSHA256"); - _IN("1.2.840.113549.2.10", "hmacWithSHA384"); - _IN("1.2.840.113549.2.11", "hmacWithSHA512"); - _IN("1.2.840.113549.3.7", "des-EDE3-CBC"); - _IN("2.16.840.1.101.3.4.1.2", "aes128-CBC"); - _IN("2.16.840.1.101.3.4.1.22", "aes192-CBC"); - _IN("2.16.840.1.101.3.4.1.42", "aes256-CBC"); - _IN("2.5.4.3", "commonName"); - _IN("2.5.4.4", "surname"); - _IN("2.5.4.5", "serialNumber"); - _IN("2.5.4.6", "countryName"); - _IN("2.5.4.7", "localityName"); - _IN("2.5.4.8", "stateOrProvinceName"); - _IN("2.5.4.9", "streetAddress"); - _IN("2.5.4.10", "organizationName"); - _IN("2.5.4.11", "organizationalUnitName"); - _IN("2.5.4.12", "title"); - _IN("2.5.4.13", "description"); - _IN("2.5.4.15", "businessCategory"); - _IN("2.5.4.17", "postalCode"); - _IN("2.5.4.42", "givenName"); - _IN("1.3.6.1.4.1.311.60.2.1.2", "jurisdictionOfIncorporationStateOrProvinceName"); - _IN("1.3.6.1.4.1.311.60.2.1.3", "jurisdictionOfIncorporationCountryName"); - _IN("2.16.840.1.113730.1.1", "nsCertType"); - _IN("2.16.840.1.113730.1.13", "nsComment"); - _I_("2.5.29.1", "authorityKeyIdentifier"); - _I_("2.5.29.2", "keyAttributes"); - _I_("2.5.29.3", "certificatePolicies"); - _I_("2.5.29.4", "keyUsageRestriction"); - _I_("2.5.29.5", "policyMapping"); - _I_("2.5.29.6", "subtreesConstraint"); - _I_("2.5.29.7", "subjectAltName"); - _I_("2.5.29.8", "issuerAltName"); - _I_("2.5.29.9", "subjectDirectoryAttributes"); - _I_("2.5.29.10", "basicConstraints"); - _I_("2.5.29.11", "nameConstraints"); - _I_("2.5.29.12", "policyConstraints"); - _I_("2.5.29.13", "basicConstraints"); - _IN("2.5.29.14", "subjectKeyIdentifier"); - _IN("2.5.29.15", "keyUsage"); - _I_("2.5.29.16", "privateKeyUsagePeriod"); - _IN("2.5.29.17", "subjectAltName"); - _IN("2.5.29.18", "issuerAltName"); - _IN("2.5.29.19", "basicConstraints"); - _I_("2.5.29.20", "cRLNumber"); - _I_("2.5.29.21", "cRLReason"); - _I_("2.5.29.22", "expirationDate"); - _I_("2.5.29.23", "instructionCode"); - _I_("2.5.29.24", "invalidityDate"); - _I_("2.5.29.25", "cRLDistributionPoints"); - _I_("2.5.29.26", "issuingDistributionPoint"); - _I_("2.5.29.27", "deltaCRLIndicator"); - _I_("2.5.29.28", "issuingDistributionPoint"); - _I_("2.5.29.29", "certificateIssuer"); - _I_("2.5.29.30", "nameConstraints"); - _IN("2.5.29.31", "cRLDistributionPoints"); - _IN("2.5.29.32", "certificatePolicies"); - _I_("2.5.29.33", "policyMappings"); - _I_("2.5.29.34", "policyConstraints"); - _IN("2.5.29.35", "authorityKeyIdentifier"); - _I_("2.5.29.36", "policyConstraints"); - _IN("2.5.29.37", "extKeyUsage"); - _I_("2.5.29.46", "freshestCRL"); - _I_("2.5.29.54", "inhibitAnyPolicy"); - _IN("1.3.6.1.4.1.11129.2.4.2", "timestampList"); - _IN("1.3.6.1.5.5.7.1.1", "authorityInfoAccess"); - _IN("1.3.6.1.5.5.7.3.1", "serverAuth"); - _IN("1.3.6.1.5.5.7.3.2", "clientAuth"); - _IN("1.3.6.1.5.5.7.3.3", "codeSigning"); - _IN("1.3.6.1.5.5.7.3.4", "emailProtection"); - _IN("1.3.6.1.5.5.7.3.8", "timeStamping"); - } -}); - -// node_modules/node-forge/lib/asn1.js -var require_asn1 = __commonJS({ - "node_modules/node-forge/lib/asn1.js"(exports2, module2) { - var forge = require_forge(); - require_util9(); - require_oids(); - var asn1 = module2.exports = forge.asn1 = forge.asn1 || {}; - asn1.Class = { - UNIVERSAL: 0, - APPLICATION: 64, - CONTEXT_SPECIFIC: 128, - PRIVATE: 192 - }; - asn1.Type = { - NONE: 0, - BOOLEAN: 1, - INTEGER: 2, - BITSTRING: 3, - OCTETSTRING: 4, - NULL: 5, - OID: 6, - ODESC: 7, - EXTERNAL: 8, - REAL: 9, - ENUMERATED: 10, - EMBEDDED: 11, - UTF8: 12, - ROID: 13, - SEQUENCE: 16, - SET: 17, - PRINTABLESTRING: 19, - IA5STRING: 22, - UTCTIME: 23, - GENERALIZEDTIME: 24, - BMPSTRING: 30 - }; - asn1.maxDepth = 256; - asn1.create = function(tagClass, type2, constructed, value, options) { - if (forge.util.isArray(value)) { - var tmp = []; - for (var i = 0; i < value.length; ++i) { - if (value[i] !== void 0) { - tmp.push(value[i]); - } + ctx.collectInt = function(i2, n) { + var bytes = ""; + for (var x = 0; x < n; x += 8) { + bytes += String.fromCharCode(i2 >> x & 255); } - value = tmp; - } - var obj = { - tagClass, - type: type2, - constructed, - composed: constructed || forge.util.isArray(value), - value + ctx.collect(bytes); }; - if (options && "bitStringContents" in options) { - obj.bitStringContents = options.bitStringContents; - obj.original = asn1.copy(obj); - } - return obj; - }; - asn1.copy = function(obj, options) { - var copy; - if (forge.util.isArray(obj)) { - copy = []; - for (var i = 0; i < obj.length; ++i) { - copy.push(asn1.copy(obj[i], options)); + ctx.registerWorker = function(worker) { + if (worker === self) { + ctx.seedFile = function(needed, callback) { + function listener2(e) { + var data = e.data; + if (data.forge && data.forge.prng) { + self.removeEventListener("message", listener2); + callback(data.forge.prng.err, data.forge.prng.bytes); + } + } + self.addEventListener("message", listener2); + self.postMessage({ forge: { prng: { needed } } }); + }; + } else { + var listener = function(e) { + var data = e.data; + if (data.forge && data.forge.prng) { + ctx.seedFile(data.forge.prng.needed, function(err, bytes) { + worker.postMessage({ forge: { prng: { err, bytes } } }); + }); + } + }; + worker.addEventListener("message", listener); } - return copy; - } - if (typeof obj === "string") { - return obj; - } - copy = { - tagClass: obj.tagClass, - type: obj.type, - constructed: obj.constructed, - composed: obj.composed, - value: asn1.copy(obj.value, options) }; - if (options && !options.excludeBitStringContents) { - copy.bitStringContents = obj.bitStringContents; - } - return copy; - }; - asn1.equals = function(obj1, obj2, options) { - if (forge.util.isArray(obj1)) { - if (!forge.util.isArray(obj2)) { - return false; - } - if (obj1.length !== obj2.length) { - return false; - } - for (var i = 0; i < obj1.length; ++i) { - if (!asn1.equals(obj1[i], obj2[i])) { - return false; - } - } - return true; - } - if (typeof obj1 !== typeof obj2) { - return false; - } - if (typeof obj1 === "string") { - return obj1 === obj2; - } - var equal = obj1.tagClass === obj2.tagClass && obj1.type === obj2.type && obj1.constructed === obj2.constructed && obj1.composed === obj2.composed && asn1.equals(obj1.value, obj2.value); - if (options && options.includeBitStringContents) { - equal = equal && obj1.bitStringContents === obj2.bitStringContents; - } - return equal; - }; - asn1.getBerValueLength = function(b) { - var b2 = b.getByte(); - if (b2 === 128) { - return void 0; - } - var length; - var longForm = b2 & 128; - if (!longForm) { - length = b2; - } else { - length = b.getInt((b2 & 127) << 3); - } - return length; + return ctx; }; - function _checkBufferLength(bytes, remaining, n) { - if (n > remaining) { - var error3 = new Error("Too few bytes to parse DER."); - error3.available = bytes.length(); - error3.remaining = remaining; - error3.requested = n; - throw error3; - } - } - var _getValueLength = function(bytes, remaining) { - var b2 = bytes.getByte(); - remaining--; - if (b2 === 128) { - return void 0; - } - var length; - var longForm = b2 & 128; - if (!longForm) { - length = b2; - } else { - var longFormBytes = b2 & 127; - _checkBufferLength(bytes, remaining, longFormBytes); - length = bytes.getInt(longFormBytes << 3); - } - if (length < 0) { - throw new Error("Negative length: " + length); + } +}); + +// node_modules/node-forge/lib/random.js +var require_random = __commonJS({ + "node_modules/node-forge/lib/random.js"(exports2, module2) { + var forge = require_forge(); + require_aes(); + require_sha256(); + require_prng(); + require_util9(); + (function() { + if (forge.random && forge.random.getBytes) { + module2.exports = forge.random; + return; } - return length; - }; - asn1.fromDer = function(bytes, options) { - if (options === void 0) { - options = { - strict: true, - parseAllBytes: true, - decodeBitStrings: true + (function(jQuery2) { + var prng_aes = {}; + var _prng_aes_output = new Array(4); + var _prng_aes_buffer = forge.util.createBuffer(); + prng_aes.formatKey = function(key2) { + var tmp = forge.util.createBuffer(key2); + key2 = new Array(4); + key2[0] = tmp.getInt32(); + key2[1] = tmp.getInt32(); + key2[2] = tmp.getInt32(); + key2[3] = tmp.getInt32(); + return forge.aes._expandKey(key2, false); }; - } - if (typeof options === "boolean") { - options = { - strict: options, - parseAllBytes: true, - decodeBitStrings: true + prng_aes.formatSeed = function(seed) { + var tmp = forge.util.createBuffer(seed); + seed = new Array(4); + seed[0] = tmp.getInt32(); + seed[1] = tmp.getInt32(); + seed[2] = tmp.getInt32(); + seed[3] = tmp.getInt32(); + return seed; }; - } - if (!("strict" in options)) { - options.strict = true; - } - if (!("parseAllBytes" in options)) { - options.parseAllBytes = true; - } - if (!("decodeBitStrings" in options)) { - options.decodeBitStrings = true; - } - if (!("maxDepth" in options)) { - options.maxDepth = asn1.maxDepth; - } - if (typeof bytes === "string") { - bytes = forge.util.createBuffer(bytes); - } - var byteCount = bytes.length(); - var value = _fromDer(bytes, bytes.length(), 0, options); - if (options.parseAllBytes && bytes.length() !== 0) { - var error3 = new Error("Unparsed DER bytes remain after ASN.1 parsing."); - error3.byteCount = byteCount; - error3.remaining = bytes.length(); - throw error3; - } - return value; - }; - function _fromDer(bytes, remaining, depth, options) { - if (depth >= options.maxDepth) { - throw new Error("ASN.1 parsing error: Max depth exceeded."); - } - var start; - _checkBufferLength(bytes, remaining, 2); - var b1 = bytes.getByte(); - remaining--; - var tagClass = b1 & 192; - var type2 = b1 & 31; - start = bytes.length(); - var length = _getValueLength(bytes, remaining); - remaining -= start - bytes.length(); - if (length !== void 0 && length > remaining) { - if (options.strict) { - var error3 = new Error("Too few bytes to read ASN.1 value."); - error3.available = bytes.length(); - error3.remaining = remaining; - error3.requested = length; - throw error3; + prng_aes.cipher = function(key2, seed) { + forge.aes._updateBlock(key2, seed, _prng_aes_output, false); + _prng_aes_buffer.putInt32(_prng_aes_output[0]); + _prng_aes_buffer.putInt32(_prng_aes_output[1]); + _prng_aes_buffer.putInt32(_prng_aes_output[2]); + _prng_aes_buffer.putInt32(_prng_aes_output[3]); + return _prng_aes_buffer.getBytes(); + }; + prng_aes.increment = function(seed) { + ++seed[3]; + return seed; + }; + prng_aes.md = forge.md.sha256; + function spawnPrng() { + var ctx = forge.prng.create(prng_aes); + ctx.getBytes = function(count, callback) { + return ctx.generate(count, callback); + }; + ctx.getBytesSync = function(count) { + return ctx.generate(count); + }; + return ctx; } - length = remaining; - } - var value; - var bitStringContents; - var constructed = (b1 & 32) === 32; - if (constructed) { - value = []; - if (length === void 0) { - for (; ; ) { - _checkBufferLength(bytes, remaining, 2); - if (bytes.bytes(2) === String.fromCharCode(0, 0)) { - bytes.getBytes(2); - remaining -= 2; - break; + var _ctx = spawnPrng(); + var getRandomValues = null; + var globalScope = forge.util.globalScope; + var _crypto = globalScope.crypto || globalScope.msCrypto; + if (_crypto && _crypto.getRandomValues) { + getRandomValues = function(arr) { + return _crypto.getRandomValues(arr); + }; + } + if (forge.options.usePureJavaScript || !forge.util.isNodejs && !getRandomValues) { + if (typeof window === "undefined" || window.document === void 0) { + } + _ctx.collectInt(+/* @__PURE__ */ new Date(), 32); + if (typeof navigator !== "undefined") { + var _navBytes = ""; + for (var key in navigator) { + try { + if (typeof navigator[key] == "string") { + _navBytes += navigator[key]; + } + } catch (e) { + } } - start = bytes.length(); - value.push(_fromDer(bytes, remaining, depth + 1, options)); - remaining -= start - bytes.length(); + _ctx.collect(_navBytes); + _navBytes = null; } - } else { - while (length > 0) { - start = bytes.length(); - value.push(_fromDer(bytes, length, depth + 1, options)); - remaining -= start - bytes.length(); - length -= start - bytes.length(); + if (jQuery2) { + jQuery2().mousemove(function(e) { + _ctx.collectInt(e.clientX, 16); + _ctx.collectInt(e.clientY, 16); + }); + jQuery2().keypress(function(e) { + _ctx.collectInt(e.charCode, 8); + }); } } - } - if (value === void 0 && tagClass === asn1.Class.UNIVERSAL && type2 === asn1.Type.BITSTRING) { - bitStringContents = bytes.bytes(length); - } - if (value === void 0 && options.decodeBitStrings && tagClass === asn1.Class.UNIVERSAL && // FIXME: OCTET STRINGs not yet supported here - // .. other parts of forge expect to decode OCTET STRINGs manually - type2 === asn1.Type.BITSTRING && length > 1) { - var savedRead = bytes.read; - var savedRemaining = remaining; - var unused = 0; - if (type2 === asn1.Type.BITSTRING) { - _checkBufferLength(bytes, remaining, 1); - unused = bytes.getByte(); - remaining--; - } - if (unused === 0) { - try { - start = bytes.length(); - var subOptions = { - // enforce strict mode to avoid parsing ASN.1 from plain data - strict: true, - decodeBitStrings: true - }; - var composed = _fromDer(bytes, remaining, depth + 1, subOptions); - var used = start - bytes.length(); - remaining -= used; - if (type2 == asn1.Type.BITSTRING) { - used++; - } - var tc = composed.tagClass; - if (used === length && (tc === asn1.Class.UNIVERSAL || tc === asn1.Class.CONTEXT_SPECIFIC)) { - value = [composed]; - } - } catch (ex) { - } - } - if (value === void 0) { - bytes.read = savedRead; - remaining = savedRemaining; + if (!forge.random) { + forge.random = _ctx; + } else { + for (var key in _ctx) { + forge.random[key] = _ctx[key]; + } } + forge.random.createInstance = spawnPrng; + module2.exports = forge.random; + })(typeof jQuery !== "undefined" ? jQuery : null); + })(); + } +}); + +// node_modules/node-forge/lib/rc2.js +var require_rc2 = __commonJS({ + "node_modules/node-forge/lib/rc2.js"(exports2, module2) { + var forge = require_forge(); + require_util9(); + var piTable = [ + 217, + 120, + 249, + 196, + 25, + 221, + 181, + 237, + 40, + 233, + 253, + 121, + 74, + 160, + 216, + 157, + 198, + 126, + 55, + 131, + 43, + 118, + 83, + 142, + 98, + 76, + 100, + 136, + 68, + 139, + 251, + 162, + 23, + 154, + 89, + 245, + 135, + 179, + 79, + 19, + 97, + 69, + 109, + 141, + 9, + 129, + 125, + 50, + 189, + 143, + 64, + 235, + 134, + 183, + 123, + 11, + 240, + 149, + 33, + 34, + 92, + 107, + 78, + 130, + 84, + 214, + 101, + 147, + 206, + 96, + 178, + 28, + 115, + 86, + 192, + 20, + 167, + 140, + 241, + 220, + 18, + 117, + 202, + 31, + 59, + 190, + 228, + 209, + 66, + 61, + 212, + 48, + 163, + 60, + 182, + 38, + 111, + 191, + 14, + 218, + 70, + 105, + 7, + 87, + 39, + 242, + 29, + 155, + 188, + 148, + 67, + 3, + 248, + 17, + 199, + 246, + 144, + 239, + 62, + 231, + 6, + 195, + 213, + 47, + 200, + 102, + 30, + 215, + 8, + 232, + 234, + 222, + 128, + 82, + 238, + 247, + 132, + 170, + 114, + 172, + 53, + 77, + 106, + 42, + 150, + 26, + 210, + 113, + 90, + 21, + 73, + 116, + 75, + 159, + 208, + 94, + 4, + 24, + 164, + 236, + 194, + 224, + 65, + 110, + 15, + 81, + 203, + 204, + 36, + 145, + 175, + 80, + 161, + 244, + 112, + 57, + 153, + 124, + 58, + 133, + 35, + 184, + 180, + 122, + 252, + 2, + 54, + 91, + 37, + 85, + 151, + 49, + 45, + 93, + 250, + 152, + 227, + 138, + 146, + 174, + 5, + 223, + 41, + 16, + 103, + 108, + 186, + 201, + 211, + 0, + 230, + 207, + 225, + 158, + 168, + 44, + 99, + 22, + 1, + 63, + 88, + 226, + 137, + 169, + 13, + 56, + 52, + 27, + 171, + 51, + 255, + 176, + 187, + 72, + 12, + 95, + 185, + 177, + 205, + 46, + 197, + 243, + 219, + 71, + 229, + 165, + 156, + 119, + 10, + 166, + 32, + 104, + 254, + 127, + 193, + 173 + ]; + var s = [1, 2, 3, 5]; + var rol = function(word, bits) { + return word << bits & 65535 | (word & 65535) >> 16 - bits; + }; + var ror = function(word, bits) { + return (word & 65535) >> bits | word << 16 - bits & 65535; + }; + module2.exports = forge.rc2 = forge.rc2 || {}; + forge.rc2.expandKey = function(key, effKeyBits) { + if (typeof key === "string") { + key = forge.util.createBuffer(key); } - if (value === void 0) { - if (length === void 0) { - if (options.strict) { - throw new Error("Non-constructed ASN.1 object of indefinite length."); - } - length = remaining; - } - if (type2 === asn1.Type.BMPSTRING) { - value = ""; - for (; length > 0; length -= 2) { - _checkBufferLength(bytes, remaining, 2); - value += String.fromCharCode(bytes.getInt16()); - remaining -= 2; - } - } else { - value = bytes.getBytes(length); - remaining -= length; - } + effKeyBits = effKeyBits || 128; + var L = key; + var T = key.length(); + var T1 = effKeyBits; + var T8 = Math.ceil(T1 / 8); + var TM = 255 >> (T1 & 7); + var i; + for (i = T; i < 128; i++) { + L.putByte(piTable[L.at(i - 1) + L.at(i - T) & 255]); } - var asn1Options = bitStringContents === void 0 ? null : { - bitStringContents - }; - return asn1.create(tagClass, type2, constructed, value, asn1Options); - } - asn1.toDer = function(obj) { - var bytes = forge.util.createBuffer(); - var b1 = obj.tagClass | obj.type; - var value = forge.util.createBuffer(); - var useBitStringContents = false; - if ("bitStringContents" in obj) { - useBitStringContents = true; - if (obj.original) { - useBitStringContents = asn1.equals(obj, obj.original); - } + L.setAt(128 - T8, piTable[L.at(128 - T8) & TM]); + for (i = 127 - T8; i >= 0; i--) { + L.setAt(i, piTable[L.at(i + 1) ^ L.at(i + T8)]); } - if (useBitStringContents) { - value.putBytes(obj.bitStringContents); - } else if (obj.composed) { - if (obj.constructed) { - b1 |= 32; - } else { - value.putByte(0); - } - for (var i = 0; i < obj.value.length; ++i) { - if (obj.value[i] !== void 0) { - value.putBuffer(asn1.toDer(obj.value[i])); + return L; + }; + var createCipher = function(key, bits, encrypt) { + var _finish = false, _input = null, _output = null, _iv = null; + var mixRound, mashRound; + var i, j, K = []; + key = forge.rc2.expandKey(key, bits); + for (i = 0; i < 64; i++) { + K.push(key.getInt16Le()); + } + if (encrypt) { + mixRound = function(R) { + for (i = 0; i < 4; i++) { + R[i] += K[j] + (R[(i + 3) % 4] & R[(i + 2) % 4]) + (~R[(i + 3) % 4] & R[(i + 1) % 4]); + R[i] = rol(R[i], s[i]); + j++; } - } + }; + mashRound = function(R) { + for (i = 0; i < 4; i++) { + R[i] += K[R[(i + 3) % 4] & 63]; + } + }; } else { - if (obj.type === asn1.Type.BMPSTRING) { - for (var i = 0; i < obj.value.length; ++i) { - value.putInt16(obj.value.charCodeAt(i)); + mixRound = function(R) { + for (i = 3; i >= 0; i--) { + R[i] = ror(R[i], s[i]); + R[i] -= K[j] + (R[(i + 3) % 4] & R[(i + 2) % 4]) + (~R[(i + 3) % 4] & R[(i + 1) % 4]); + j--; } - } else { - if (obj.type === asn1.Type.INTEGER && obj.value.length > 1 && // leading 0x00 for positive integer - (obj.value.charCodeAt(0) === 0 && (obj.value.charCodeAt(1) & 128) === 0 || // leading 0xFF for negative integer - obj.value.charCodeAt(0) === 255 && (obj.value.charCodeAt(1) & 128) === 128)) { - value.putBytes(obj.value.substr(1)); - } else { - value.putBytes(obj.value); + }; + mashRound = function(R) { + for (i = 3; i >= 0; i--) { + R[i] -= K[R[(i + 3) % 4] & 63]; } - } - } - bytes.putByte(b1); - if (value.length() <= 127) { - bytes.putByte(value.length() & 127); - } else { - var len = value.length(); - var lenBytes = ""; - do { - lenBytes += String.fromCharCode(len & 255); - len = len >>> 8; - } while (len > 0); - bytes.putByte(lenBytes.length | 128); - for (var i = lenBytes.length - 1; i >= 0; --i) { - bytes.putByte(lenBytes.charCodeAt(i)); - } + }; } - bytes.putBuffer(value); - return bytes; - }; - asn1.oidToDer = function(oid) { - var values = oid.split("."); - var bytes = forge.util.createBuffer(); - bytes.putByte(40 * parseInt(values[0], 10) + parseInt(values[1], 10)); - var last, valueBytes, value, b; - for (var i = 2; i < values.length; ++i) { - last = true; - valueBytes = []; - value = parseInt(values[i], 10); - if (value > 4294967295) { - throw new Error("OID value too large; max is 32-bits."); - } - do { - b = value & 127; - value = value >>> 7; - if (!last) { - b |= 128; + var runPlan = function(plan) { + var R = []; + for (i = 0; i < 4; i++) { + var val = _input.getInt16Le(); + if (_iv !== null) { + if (encrypt) { + val ^= _iv.getInt16Le(); + } else { + _iv.putInt16Le(val); + } } - valueBytes.push(b); - last = false; - } while (value > 0); - for (var n = valueBytes.length - 1; n >= 0; --n) { - bytes.putByte(valueBytes[n]); - } - } - return bytes; - }; - asn1.derToOid = function(bytes) { - var oid; - if (typeof bytes === "string") { - bytes = forge.util.createBuffer(bytes); - } - var b = bytes.getByte(); - oid = Math.floor(b / 40) + "." + b % 40; - var value = 0; - while (bytes.length() > 0) { - if (value > 70368744177663) { - throw new Error("OID value too large; max is 53-bits."); - } - b = bytes.getByte(); - value = value * 128; - if (b & 128) { - value += b & 127; - } else { - oid += "." + (value + b); - value = 0; - } - } - return oid; - }; - asn1.utcTimeToDate = function(utc) { - var date = /* @__PURE__ */ new Date(); - var year = parseInt(utc.substr(0, 2), 10); - year = year >= 50 ? 1900 + year : 2e3 + year; - var MM = parseInt(utc.substr(2, 2), 10) - 1; - var DD = parseInt(utc.substr(4, 2), 10); - var hh = parseInt(utc.substr(6, 2), 10); - var mm = parseInt(utc.substr(8, 2), 10); - var ss = 0; - if (utc.length > 11) { - var c = utc.charAt(10); - var end = 10; - if (c !== "+" && c !== "-") { - ss = parseInt(utc.substr(10, 2), 10); - end += 2; + R.push(val & 65535); } - } - date.setUTCFullYear(year, MM, DD); - date.setUTCHours(hh, mm, ss, 0); - if (end) { - c = utc.charAt(end); - if (c === "+" || c === "-") { - var hhoffset = parseInt(utc.substr(end + 1, 2), 10); - var mmoffset = parseInt(utc.substr(end + 4, 2), 10); - var offset = hhoffset * 60 + mmoffset; - offset *= 6e4; - if (c === "+") { - date.setTime(+date - offset); - } else { - date.setTime(+date + offset); + j = encrypt ? 0 : 63; + for (var ptr = 0; ptr < plan.length; ptr++) { + for (var ctr = 0; ctr < plan[ptr][0]; ctr++) { + plan[ptr][1](R); } } - } - return date; - }; - asn1.generalizedTimeToDate = function(gentime) { - var date = /* @__PURE__ */ new Date(); - var YYYY = parseInt(gentime.substr(0, 4), 10); - var MM = parseInt(gentime.substr(4, 2), 10) - 1; - var DD = parseInt(gentime.substr(6, 2), 10); - var hh = parseInt(gentime.substr(8, 2), 10); - var mm = parseInt(gentime.substr(10, 2), 10); - var ss = parseInt(gentime.substr(12, 2), 10); - var fff = 0; - var offset = 0; - var isUTC = false; - if (gentime.charAt(gentime.length - 1) === "Z") { - isUTC = true; - } - var end = gentime.length - 5, c = gentime.charAt(end); - if (c === "+" || c === "-") { - var hhoffset = parseInt(gentime.substr(end + 1, 2), 10); - var mmoffset = parseInt(gentime.substr(end + 4, 2), 10); - offset = hhoffset * 60 + mmoffset; - offset *= 6e4; - if (c === "+") { - offset *= -1; - } - isUTC = true; - } - if (gentime.charAt(14) === ".") { - fff = parseFloat(gentime.substr(14), 10) * 1e3; - } - if (isUTC) { - date.setUTCFullYear(YYYY, MM, DD); - date.setUTCHours(hh, mm, ss, fff); - date.setTime(+date + offset); - } else { - date.setFullYear(YYYY, MM, DD); - date.setHours(hh, mm, ss, fff); - } - return date; - }; - asn1.dateToUtcTime = function(date) { - if (typeof date === "string") { - return date; - } - var rval = ""; - var format = []; - format.push(("" + date.getUTCFullYear()).substr(2)); - format.push("" + (date.getUTCMonth() + 1)); - format.push("" + date.getUTCDate()); - format.push("" + date.getUTCHours()); - format.push("" + date.getUTCMinutes()); - format.push("" + date.getUTCSeconds()); - for (var i = 0; i < format.length; ++i) { - if (format[i].length < 2) { - rval += "0"; - } - rval += format[i]; - } - rval += "Z"; - return rval; - }; - asn1.dateToGeneralizedTime = function(date) { - if (typeof date === "string") { - return date; - } - var rval = ""; - var format = []; - format.push("" + date.getUTCFullYear()); - format.push("" + (date.getUTCMonth() + 1)); - format.push("" + date.getUTCDate()); - format.push("" + date.getUTCHours()); - format.push("" + date.getUTCMinutes()); - format.push("" + date.getUTCSeconds()); - for (var i = 0; i < format.length; ++i) { - if (format[i].length < 2) { - rval += "0"; - } - rval += format[i]; - } - rval += "Z"; - return rval; - }; - asn1.integerToDer = function(x) { - var rval = forge.util.createBuffer(); - if (x >= -128 && x < 128) { - return rval.putSignedInt(x, 8); - } - if (x >= -32768 && x < 32768) { - return rval.putSignedInt(x, 16); - } - if (x >= -8388608 && x < 8388608) { - return rval.putSignedInt(x, 24); - } - if (x >= -2147483648 && x < 2147483648) { - return rval.putSignedInt(x, 32); - } - var error3 = new Error("Integer too large; max is 32-bits."); - error3.integer = x; - throw error3; - }; - asn1.derToInteger = function(bytes) { - if (typeof bytes === "string") { - bytes = forge.util.createBuffer(bytes); - } - var n = bytes.length() * 8; - if (n > 32) { - throw new Error("Integer too large; max is 32-bits."); - } - return bytes.getSignedInt(n); - }; - asn1.validate = function(obj, v, capture, errors) { - var rval = false; - if ((obj.tagClass === v.tagClass || typeof v.tagClass === "undefined") && (obj.type === v.type || typeof v.type === "undefined")) { - if (obj.constructed === v.constructed || typeof v.constructed === "undefined") { - rval = true; - if (v.value && forge.util.isArray(v.value)) { - var j = 0; - for (var i = 0; rval && i < v.value.length; ++i) { - var schemaItem = v.value[i]; - rval = !!schemaItem.optional; - var objChild = obj.value[j]; - if (!objChild) { - if (!schemaItem.optional) { - rval = false; - if (errors) { - errors.push("[" + v.name + '] Missing required element. Expected tag class "' + schemaItem.tagClass + '", type "' + schemaItem.type + '"'); - } - } - continue; - } - var schemaHasTag = typeof schemaItem.tagClass !== "undefined" && typeof schemaItem.type !== "undefined"; - if (schemaHasTag && (objChild.tagClass !== schemaItem.tagClass || objChild.type !== schemaItem.type)) { - if (schemaItem.optional) { - rval = true; - continue; - } else { - rval = false; - if (errors) { - errors.push("[" + v.name + "] Tag mismatch. Expected (" + schemaItem.tagClass + "," + schemaItem.type + "), got (" + objChild.tagClass + "," + objChild.type + ")"); - } - break; - } - } - var childRval = asn1.validate(objChild, schemaItem, capture, errors); - if (childRval) { - ++j; - rval = true; - } else if (schemaItem.optional) { - rval = true; - } else { - rval = false; - break; - } - } - } - if (rval && capture) { - if (v.capture) { - capture[v.capture] = obj.value; - } - if (v.captureAsn1) { - capture[v.captureAsn1] = obj; - } - if (v.captureBitStringContents && "bitStringContents" in obj) { - capture[v.captureBitStringContents] = obj.bitStringContents; - } - if (v.captureBitStringValue && "bitStringContents" in obj) { - var value; - if (obj.bitStringContents.length < 2) { - capture[v.captureBitStringValue] = ""; - } else { - var unused = obj.bitStringContents.charCodeAt(0); - if (unused !== 0) { - throw new Error( - "captureBitStringValue only supported for zero unused bits" - ); - } - capture[v.captureBitStringValue] = obj.bitStringContents.slice(1); - } - } - } - } else if (errors) { - errors.push( - "[" + v.name + '] Expected constructed "' + v.constructed + '", got "' + obj.constructed + '"' - ); - } - } else if (errors) { - if (obj.tagClass !== v.tagClass) { - errors.push( - "[" + v.name + '] Expected tag class "' + v.tagClass + '", got "' + obj.tagClass + '"' - ); - } - if (obj.type !== v.type) { - errors.push( - "[" + v.name + '] Expected type "' + v.type + '", got "' + obj.type + '"' - ); - } - } - return rval; - }; - var _nonLatinRegex = /[^\\u0000-\\u00ff]/; - asn1.prettyPrint = function(obj, level, indentation) { - var rval = ""; - level = level || 0; - indentation = indentation || 2; - if (level > 0) { - rval += "\n"; - } - var indent = ""; - for (var i = 0; i < level * indentation; ++i) { - indent += " "; - } - rval += indent + "Tag: "; - switch (obj.tagClass) { - case asn1.Class.UNIVERSAL: - rval += "Universal:"; - break; - case asn1.Class.APPLICATION: - rval += "Application:"; - break; - case asn1.Class.CONTEXT_SPECIFIC: - rval += "Context-Specific:"; - break; - case asn1.Class.PRIVATE: - rval += "Private:"; - break; - } - if (obj.tagClass === asn1.Class.UNIVERSAL) { - rval += obj.type; - switch (obj.type) { - case asn1.Type.NONE: - rval += " (None)"; - break; - case asn1.Type.BOOLEAN: - rval += " (Boolean)"; - break; - case asn1.Type.INTEGER: - rval += " (Integer)"; - break; - case asn1.Type.BITSTRING: - rval += " (Bit string)"; - break; - case asn1.Type.OCTETSTRING: - rval += " (Octet string)"; - break; - case asn1.Type.NULL: - rval += " (Null)"; - break; - case asn1.Type.OID: - rval += " (Object Identifier)"; - break; - case asn1.Type.ODESC: - rval += " (Object Descriptor)"; - break; - case asn1.Type.EXTERNAL: - rval += " (External or Instance of)"; - break; - case asn1.Type.REAL: - rval += " (Real)"; - break; - case asn1.Type.ENUMERATED: - rval += " (Enumerated)"; - break; - case asn1.Type.EMBEDDED: - rval += " (Embedded PDV)"; - break; - case asn1.Type.UTF8: - rval += " (UTF8)"; - break; - case asn1.Type.ROID: - rval += " (Relative Object Identifier)"; - break; - case asn1.Type.SEQUENCE: - rval += " (Sequence)"; - break; - case asn1.Type.SET: - rval += " (Set)"; - break; - case asn1.Type.PRINTABLESTRING: - rval += " (Printable String)"; - break; - case asn1.Type.IA5String: - rval += " (IA5String (ASCII))"; - break; - case asn1.Type.UTCTIME: - rval += " (UTC time)"; - break; - case asn1.Type.GENERALIZEDTIME: - rval += " (Generalized time)"; - break; - case asn1.Type.BMPSTRING: - rval += " (BMP String)"; - break; - } - } else { - rval += obj.type; - } - rval += "\n"; - rval += indent + "Constructed: " + obj.constructed + "\n"; - if (obj.composed) { - var subvalues = 0; - var sub = ""; - for (var i = 0; i < obj.value.length; ++i) { - if (obj.value[i] !== void 0) { - subvalues += 1; - sub += asn1.prettyPrint(obj.value[i], level + 1, indentation); - if (i + 1 < obj.value.length) { - sub += ","; + for (i = 0; i < 4; i++) { + if (_iv !== null) { + if (encrypt) { + _iv.putInt16Le(R[i]); + } else { + R[i] ^= _iv.getInt16Le(); } } + _output.putInt16Le(R[i]); } - rval += indent + "Sub values: " + subvalues + sub; - } else { - rval += indent + "Value: "; - if (obj.type === asn1.Type.OID) { - var oid = asn1.derToOid(obj.value); - rval += oid; - if (forge.pki && forge.pki.oids) { - if (oid in forge.pki.oids) { - rval += " (" + forge.pki.oids[oid] + ") "; + }; + var cipher = null; + cipher = { + /** + * Starts or restarts the encryption or decryption process, whichever + * was previously configured. + * + * To use the cipher in CBC mode, iv may be given either as a string + * of bytes, or as a byte buffer. For ECB mode, give null as iv. + * + * @param iv the initialization vector to use, null for ECB mode. + * @param output the output the buffer to write to, null to create one. + */ + start: function(iv, output) { + if (iv) { + if (typeof iv === "string") { + iv = forge.util.createBuffer(iv); } } - } - if (obj.type === asn1.Type.INTEGER) { - try { - rval += asn1.derToInteger(obj.value); - } catch (ex) { - rval += "0x" + forge.util.bytesToHex(obj.value); + _finish = false; + _input = forge.util.createBuffer(); + _output = output || new forge.util.createBuffer(); + _iv = iv; + cipher.output = _output; + }, + /** + * Updates the next block. + * + * @param input the buffer to read from. + */ + update: function(input) { + if (!_finish) { + _input.putBuffer(input); } - } else if (obj.type === asn1.Type.BITSTRING) { - if (obj.value.length > 1) { - rval += "0x" + forge.util.bytesToHex(obj.value.slice(1)); - } else { - rval += "(none)"; + while (_input.length() >= 8) { + runPlan([ + [5, mixRound], + [1, mashRound], + [6, mixRound], + [1, mashRound], + [5, mixRound] + ]); } - if (obj.value.length > 0) { - var unused = obj.value.charCodeAt(0); - if (unused == 1) { - rval += " (1 unused bit shown)"; - } else if (unused > 1) { - rval += " (" + unused + " unused bits shown)"; + }, + /** + * Finishes encrypting or decrypting. + * + * @param pad a padding function to use, null for PKCS#7 padding, + * signature(blockSize, buffer, decrypt). + * + * @return true if successful, false on error. + */ + finish: function(pad) { + var rval = true; + if (encrypt) { + if (pad) { + rval = pad(8, _input, !encrypt); + } else { + var padding = _input.length() === 8 ? 8 : 8 - _input.length(); + _input.fillWithByte(padding, padding); } } - } else if (obj.type === asn1.Type.OCTETSTRING) { - if (!_nonLatinRegex.test(obj.value)) { - rval += "(" + obj.value + ") "; + if (rval) { + _finish = true; + cipher.update(); } - rval += "0x" + forge.util.bytesToHex(obj.value); - } else if (obj.type === asn1.Type.UTF8) { - try { - rval += forge.util.decodeUtf8(obj.value); - } catch (e) { - if (e.message === "URI malformed") { - rval += "0x" + forge.util.bytesToHex(obj.value) + " (malformed UTF8)"; - } else { - throw e; + if (!encrypt) { + rval = _input.length() === 0; + if (rval) { + if (pad) { + rval = pad(8, _output, !encrypt); + } else { + var len = _output.length(); + var count = _output.at(len - 1); + if (count > len) { + rval = false; + } else { + _output.truncate(count); + } + } } } - } else if (obj.type === asn1.Type.PRINTABLESTRING || obj.type === asn1.Type.IA5String) { - rval += obj.value; - } else if (_nonLatinRegex.test(obj.value)) { - rval += "0x" + forge.util.bytesToHex(obj.value); - } else if (obj.value.length === 0) { - rval += "[null]"; - } else { - rval += obj.value; + return rval; } - } - return rval; + }; + return cipher; + }; + forge.rc2.startEncrypting = function(key, iv, output) { + var cipher = forge.rc2.createEncryptionCipher(key, 128); + cipher.start(iv, output); + return cipher; + }; + forge.rc2.createEncryptionCipher = function(key, bits) { + return createCipher(key, bits, true); + }; + forge.rc2.startDecrypting = function(key, iv, output) { + var cipher = forge.rc2.createDecryptionCipher(key, 128); + cipher.start(iv, output); + return cipher; + }; + forge.rc2.createDecryptionCipher = function(key, bits) { + return createCipher(key, bits, false); }; } }); -// node_modules/node-forge/lib/md.js -var require_md = __commonJS({ - "node_modules/node-forge/lib/md.js"(exports2, module2) { - var forge = require_forge(); - module2.exports = forge.md = forge.md || {}; - forge.md.algorithms = forge.md.algorithms || {}; - } -}); - -// node_modules/node-forge/lib/hmac.js -var require_hmac = __commonJS({ - "node_modules/node-forge/lib/hmac.js"(exports2, module2) { +// node_modules/node-forge/lib/jsbn.js +var require_jsbn = __commonJS({ + "node_modules/node-forge/lib/jsbn.js"(exports2, module2) { var forge = require_forge(); - require_md(); - require_util9(); - var hmac = module2.exports = forge.hmac = forge.hmac || {}; - hmac.create = function() { - var _key = null; - var _md = null; - var _ipadding = null; - var _opadding = null; - var ctx = {}; - ctx.start = function(md, key) { - if (md !== null) { - if (typeof md === "string") { - md = md.toLowerCase(); - if (md in forge.md.algorithms) { - _md = forge.md.algorithms[md].create(); - } else { - throw new Error('Unknown hash algorithm "' + md + '"'); - } - } else { - _md = md; - } - } - if (key === null) { - key = _key; - } else { - if (typeof key === "string") { - key = forge.util.createBuffer(key); - } else if (forge.util.isArray(key)) { - var tmp = key; - key = forge.util.createBuffer(); - for (var i = 0; i < tmp.length; ++i) { - key.putByte(tmp[i]); - } - } - var keylen = key.length(); - if (keylen > _md.blockLength) { - _md.start(); - _md.update(key.bytes()); - key = _md.digest(); - } - _ipadding = forge.util.createBuffer(); - _opadding = forge.util.createBuffer(); - keylen = key.length(); - for (var i = 0; i < keylen; ++i) { - var tmp = key.at(i); - _ipadding.putByte(54 ^ tmp); - _opadding.putByte(92 ^ tmp); - } - if (keylen < _md.blockLength) { - var tmp = _md.blockLength - keylen; - for (var i = 0; i < tmp; ++i) { - _ipadding.putByte(54); - _opadding.putByte(92); - } - } - _key = key; - _ipadding = _ipadding.bytes(); - _opadding = _opadding.bytes(); - } - _md.start(); - _md.update(_ipadding); - }; - ctx.update = function(bytes) { - _md.update(bytes); - }; - ctx.getMac = function() { - var inner = _md.digest().bytes(); - _md.start(); - _md.update(_opadding); - _md.update(inner); - return _md.digest(); - }; - ctx.digest = ctx.getMac; - return ctx; - }; - } -}); - -// node_modules/node-forge/lib/md5.js -var require_md5 = __commonJS({ - "node_modules/node-forge/lib/md5.js"(exports2, module2) { - var forge = require_forge(); - require_md(); - require_util9(); - var md5 = module2.exports = forge.md5 = forge.md5 || {}; - forge.md.md5 = forge.md.algorithms.md5 = md5; - md5.create = function() { - if (!_initialized) { - _init(); - } - var _state = null; - var _input = forge.util.createBuffer(); - var _w = new Array(16); - var md = { - algorithm: "md5", - blockLength: 64, - digestLength: 16, - // 56-bit length of message so far (does not including padding) - messageLength: 0, - // true message length - fullMessageLength: null, - // size of message length in bytes - messageLengthSize: 8 - }; - md.start = function() { - md.messageLength = 0; - md.fullMessageLength = md.messageLength64 = []; - var int32s = md.messageLengthSize / 4; - for (var i = 0; i < int32s; ++i) { - md.fullMessageLength.push(0); - } - _input = forge.util.createBuffer(); - _state = { - h0: 1732584193, - h1: 4023233417, - h2: 2562383102, - h3: 271733878 - }; - return md; - }; - md.start(); - md.update = function(msg, encoding) { - if (encoding === "utf8") { - msg = forge.util.encodeUtf8(msg); - } - var len = msg.length; - md.messageLength += len; - len = [len / 4294967296 >>> 0, len >>> 0]; - for (var i = md.fullMessageLength.length - 1; i >= 0; --i) { - md.fullMessageLength[i] += len[1]; - len[1] = len[0] + (md.fullMessageLength[i] / 4294967296 >>> 0); - md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0; - len[0] = len[1] / 4294967296 >>> 0; - } - _input.putBytes(msg); - _update(_state, _w, _input); - if (_input.read > 2048 || _input.length() === 0) { - _input.compact(); - } - return md; - }; - md.digest = function() { - var finalBlock = forge.util.createBuffer(); - finalBlock.putBytes(_input.bytes()); - var remaining = md.fullMessageLength[md.fullMessageLength.length - 1] + md.messageLengthSize; - var overflow = remaining & md.blockLength - 1; - finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow)); - var bits, carry = 0; - for (var i = md.fullMessageLength.length - 1; i >= 0; --i) { - bits = md.fullMessageLength[i] * 8 + carry; - carry = bits / 4294967296 >>> 0; - finalBlock.putInt32Le(bits >>> 0); - } - var s2 = { - h0: _state.h0, - h1: _state.h1, - h2: _state.h2, - h3: _state.h3 - }; - _update(s2, _w, finalBlock); - var rval = forge.util.createBuffer(); - rval.putInt32Le(s2.h0); - rval.putInt32Le(s2.h1); - rval.putInt32Le(s2.h2); - rval.putInt32Le(s2.h3); - return rval; - }; - return md; - }; - var _padding = null; - var _g = null; - var _r = null; - var _k = null; - var _initialized = false; - function _init() { - _padding = String.fromCharCode(128); - _padding += forge.util.fillString(String.fromCharCode(0), 64); - _g = [ - 0, - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 1, - 6, - 11, - 0, - 5, - 10, - 15, - 4, - 9, - 14, - 3, - 8, - 13, - 2, - 7, - 12, - 5, - 8, - 11, - 14, - 1, - 4, - 7, - 10, - 13, - 0, - 3, - 6, - 9, - 12, - 15, - 2, - 0, - 7, - 14, - 5, - 12, - 3, - 10, - 1, - 8, - 15, - 6, - 13, - 4, - 11, - 2, - 9 - ]; - _r = [ - 7, - 12, - 17, - 22, - 7, - 12, - 17, - 22, - 7, - 12, - 17, - 22, - 7, - 12, - 17, - 22, - 5, - 9, - 14, - 20, - 5, - 9, - 14, - 20, - 5, - 9, - 14, - 20, - 5, - 9, - 14, - 20, - 4, - 11, - 16, - 23, - 4, - 11, - 16, - 23, - 4, - 11, - 16, - 23, - 4, - 11, - 16, - 23, - 6, - 10, - 15, - 21, - 6, - 10, - 15, - 21, - 6, - 10, - 15, - 21, - 6, - 10, - 15, - 21 - ]; - _k = new Array(64); - for (var i = 0; i < 64; ++i) { - _k[i] = Math.floor(Math.abs(Math.sin(i + 1)) * 4294967296); + module2.exports = forge.jsbn = forge.jsbn || {}; + var dbits; + var canary = 244837814094590; + var j_lm = (canary & 16777215) == 15715070; + function BigInteger(a, b, c) { + this.data = []; + if (a != null) + if ("number" == typeof a) this.fromNumber(a, b, c); + else if (b == null && "string" != typeof a) this.fromString(a, 256); + else this.fromString(a, b); + } + forge.jsbn.BigInteger = BigInteger; + function nbi() { + return new BigInteger(null); + } + function am1(i, x, w, j, c, n) { + while (--n >= 0) { + var v = x * this.data[i++] + w.data[j] + c; + c = Math.floor(v / 67108864); + w.data[j++] = v & 67108863; } - _initialized = true; + return c; } - function _update(s, w, bytes) { - var t, a, b, c, d, f, r, i; - var len = bytes.length(); - while (len >= 64) { - a = s.h0; - b = s.h1; - c = s.h2; - d = s.h3; - for (i = 0; i < 16; ++i) { - w[i] = bytes.getInt32Le(); - f = d ^ b & (c ^ d); - t = a + f + _k[i] + w[i]; - r = _r[i]; - a = d; - d = c; - c = b; - b += t << r | t >>> 32 - r; - } - for (; i < 32; ++i) { - f = c ^ d & (b ^ c); - t = a + f + _k[i] + w[_g[i]]; - r = _r[i]; - a = d; - d = c; - c = b; - b += t << r | t >>> 32 - r; - } - for (; i < 48; ++i) { - f = b ^ c ^ d; - t = a + f + _k[i] + w[_g[i]]; - r = _r[i]; - a = d; - d = c; - c = b; - b += t << r | t >>> 32 - r; - } - for (; i < 64; ++i) { - f = c ^ (b | ~d); - t = a + f + _k[i] + w[_g[i]]; - r = _r[i]; - a = d; - d = c; - c = b; - b += t << r | t >>> 32 - r; - } - s.h0 = s.h0 + a | 0; - s.h1 = s.h1 + b | 0; - s.h2 = s.h2 + c | 0; - s.h3 = s.h3 + d | 0; - len -= 64; + function am2(i, x, w, j, c, n) { + var xl = x & 32767, xh = x >> 15; + while (--n >= 0) { + var l = this.data[i] & 32767; + var h = this.data[i++] >> 15; + var m = xh * l + h * xl; + l = xl * l + ((m & 32767) << 15) + w.data[j] + (c & 1073741823); + c = (l >>> 30) + (m >>> 15) + xh * h + (c >>> 30); + w.data[j++] = l & 1073741823; } + return c; } - } -}); - -// node_modules/node-forge/lib/pem.js -var require_pem = __commonJS({ - "node_modules/node-forge/lib/pem.js"(exports2, module2) { - var forge = require_forge(); - require_util9(); - var pem = module2.exports = forge.pem = forge.pem || {}; - pem.encode = function(msg, options) { - options = options || {}; - var rval = "-----BEGIN " + msg.type + "-----\r\n"; - var header; - if (msg.procType) { - header = { - name: "Proc-Type", - values: [String(msg.procType.version), msg.procType.type] - }; - rval += foldHeader(header); + function am3(i, x, w, j, c, n) { + var xl = x & 16383, xh = x >> 14; + while (--n >= 0) { + var l = this.data[i] & 16383; + var h = this.data[i++] >> 14; + var m = xh * l + h * xl; + l = xl * l + ((m & 16383) << 14) + w.data[j] + c; + c = (l >> 28) + (m >> 14) + xh * h; + w.data[j++] = l & 268435455; } - if (msg.contentDomain) { - header = { name: "Content-Domain", values: [msg.contentDomain] }; - rval += foldHeader(header); + return c; + } + if (typeof navigator === "undefined") { + BigInteger.prototype.am = am3; + dbits = 28; + } else if (j_lm && navigator.appName == "Microsoft Internet Explorer") { + BigInteger.prototype.am = am2; + dbits = 30; + } else if (j_lm && navigator.appName != "Netscape") { + BigInteger.prototype.am = am1; + dbits = 26; + } else { + BigInteger.prototype.am = am3; + dbits = 28; + } + BigInteger.prototype.DB = dbits; + BigInteger.prototype.DM = (1 << dbits) - 1; + BigInteger.prototype.DV = 1 << dbits; + var BI_FP = 52; + BigInteger.prototype.FV = Math.pow(2, BI_FP); + BigInteger.prototype.F1 = BI_FP - dbits; + BigInteger.prototype.F2 = 2 * dbits - BI_FP; + var BI_RM = "0123456789abcdefghijklmnopqrstuvwxyz"; + var BI_RC = new Array(); + var rr; + var vv; + rr = "0".charCodeAt(0); + for (vv = 0; vv <= 9; ++vv) BI_RC[rr++] = vv; + rr = "a".charCodeAt(0); + for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv; + rr = "A".charCodeAt(0); + for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv; + function int2char(n) { + return BI_RM.charAt(n); + } + function intAt(s, i) { + var c = BI_RC[s.charCodeAt(i)]; + return c == null ? -1 : c; + } + function bnpCopyTo(r) { + for (var i = this.t - 1; i >= 0; --i) r.data[i] = this.data[i]; + r.t = this.t; + r.s = this.s; + } + function bnpFromInt(x) { + this.t = 1; + this.s = x < 0 ? -1 : 0; + if (x > 0) this.data[0] = x; + else if (x < -1) this.data[0] = x + this.DV; + else this.t = 0; + } + function nbv(i) { + var r = nbi(); + r.fromInt(i); + return r; + } + function bnpFromString(s, b) { + var k; + if (b == 16) k = 4; + else if (b == 8) k = 3; + else if (b == 256) k = 8; + else if (b == 2) k = 1; + else if (b == 32) k = 5; + else if (b == 4) k = 2; + else { + this.fromRadix(s, b); + return; } - if (msg.dekInfo) { - header = { name: "DEK-Info", values: [msg.dekInfo.algorithm] }; - if (msg.dekInfo.parameters) { - header.values.push(msg.dekInfo.parameters); + this.t = 0; + this.s = 0; + var i = s.length, mi = false, sh = 0; + while (--i >= 0) { + var x = k == 8 ? s[i] & 255 : intAt(s, i); + if (x < 0) { + if (s.charAt(i) == "-") mi = true; + continue; } - rval += foldHeader(header); + mi = false; + if (sh == 0) + this.data[this.t++] = x; + else if (sh + k > this.DB) { + this.data[this.t - 1] |= (x & (1 << this.DB - sh) - 1) << sh; + this.data[this.t++] = x >> this.DB - sh; + } else + this.data[this.t - 1] |= x << sh; + sh += k; + if (sh >= this.DB) sh -= this.DB; } - if (msg.headers) { - for (var i = 0; i < msg.headers.length; ++i) { - rval += foldHeader(msg.headers[i]); + if (k == 8 && (s[0] & 128) != 0) { + this.s = -1; + if (sh > 0) this.data[this.t - 1] |= (1 << this.DB - sh) - 1 << sh; + } + this.clamp(); + if (mi) BigInteger.ZERO.subTo(this, this); + } + function bnpClamp() { + var c = this.s & this.DM; + while (this.t > 0 && this.data[this.t - 1] == c) --this.t; + } + function bnToString(b) { + if (this.s < 0) return "-" + this.negate().toString(b); + var k; + if (b == 16) k = 4; + else if (b == 8) k = 3; + else if (b == 2) k = 1; + else if (b == 32) k = 5; + else if (b == 4) k = 2; + else return this.toRadix(b); + var km = (1 << k) - 1, d, m = false, r = "", i = this.t; + var p = this.DB - i * this.DB % k; + if (i-- > 0) { + if (p < this.DB && (d = this.data[i] >> p) > 0) { + m = true; + r = int2char(d); + } + while (i >= 0) { + if (p < k) { + d = (this.data[i] & (1 << p) - 1) << k - p; + d |= this.data[--i] >> (p += this.DB - k); + } else { + d = this.data[i] >> (p -= k) & km; + if (p <= 0) { + p += this.DB; + --i; + } + } + if (d > 0) m = true; + if (m) r += int2char(d); } } - if (msg.procType) { - rval += "\r\n"; + return m ? r : "0"; + } + function bnNegate() { + var r = nbi(); + BigInteger.ZERO.subTo(this, r); + return r; + } + function bnAbs() { + return this.s < 0 ? this.negate() : this; + } + function bnCompareTo(a) { + var r = this.s - a.s; + if (r != 0) return r; + var i = this.t; + r = i - a.t; + if (r != 0) return this.s < 0 ? -r : r; + while (--i >= 0) if ((r = this.data[i] - a.data[i]) != 0) return r; + return 0; + } + function nbits(x) { + var r = 1, t; + if ((t = x >>> 16) != 0) { + x = t; + r += 16; } - rval += forge.util.encode64(msg.body, options.maxline || 64) + "\r\n"; - rval += "-----END " + msg.type + "-----\r\n"; - return rval; - }; - pem.decode = function(str2) { - var rval = []; - var rMessage = /\s*-----BEGIN ([A-Z0-9- ]+)-----\r?\n?([\x21-\x7e\s]+?(?:\r?\n\r?\n))?([:A-Za-z0-9+\/=\s]+?)-----END \1-----/g; - var rHeader = /([\x21-\x7e]+):\s*([\x21-\x7e\s^:]+)/; - var rCRLF = /\r?\n/; - var match; - while (true) { - match = rMessage.exec(str2); - if (!match) { - break; - } - var type2 = match[1]; - if (type2 === "NEW CERTIFICATE REQUEST") { - type2 = "CERTIFICATE REQUEST"; - } - var msg = { - type: type2, - procType: null, - contentDomain: null, - dekInfo: null, - headers: [], - body: forge.util.decode64(match[3]) - }; - rval.push(msg); - if (!match[2]) { - continue; - } - var lines = match[2].split(rCRLF); - var li = 0; - while (match && li < lines.length) { - var line = lines[li].replace(/\s+$/, ""); - for (var nl = li + 1; nl < lines.length; ++nl) { - var next = lines[nl]; - if (!/\s/.test(next[0])) { - break; - } - line += next; - li = nl; - } - match = line.match(rHeader); - if (match) { - var header = { name: match[1], values: [] }; - var values = match[2].split(","); - for (var vi = 0; vi < values.length; ++vi) { - header.values.push(ltrim(values[vi])); - } - if (!msg.procType) { - if (header.name !== "Proc-Type") { - throw new Error('Invalid PEM formatted message. The first encapsulated header must be "Proc-Type".'); - } else if (header.values.length !== 2) { - throw new Error('Invalid PEM formatted message. The "Proc-Type" header must have two subfields.'); - } - msg.procType = { version: values[0], type: values[1] }; - } else if (!msg.contentDomain && header.name === "Content-Domain") { - msg.contentDomain = values[0] || ""; - } else if (!msg.dekInfo && header.name === "DEK-Info") { - if (header.values.length === 0) { - throw new Error('Invalid PEM formatted message. The "DEK-Info" header must have at least one subfield.'); - } - msg.dekInfo = { algorithm: values[0], parameters: values[1] || null }; - } else { - msg.headers.push(header); - } - } - ++li; - } - if (msg.procType === "ENCRYPTED" && !msg.dekInfo) { - throw new Error('Invalid PEM formatted message. The "DEK-Info" header must be present if "Proc-Type" is "ENCRYPTED".'); - } + if ((t = x >> 8) != 0) { + x = t; + r += 8; } - if (rval.length === 0) { - throw new Error("Invalid PEM formatted message."); + if ((t = x >> 4) != 0) { + x = t; + r += 4; } - return rval; - }; - function foldHeader(header) { - var rval = header.name + ": "; - var values = []; - var insertSpace = function(match, $1) { - return " " + $1; - }; - for (var i = 0; i < header.values.length; ++i) { - values.push(header.values[i].replace(/^(\S+\r\n)/, insertSpace)); + if ((t = x >> 2) != 0) { + x = t; + r += 2; } - rval += values.join(",") + "\r\n"; - var length = 0; - var candidate = -1; - for (var i = 0; i < rval.length; ++i, ++length) { - if (length > 65 && candidate !== -1) { - var insert = rval[candidate]; - if (insert === ",") { - ++candidate; - rval = rval.substr(0, candidate) + "\r\n " + rval.substr(candidate); - } else { - rval = rval.substr(0, candidate) + "\r\n" + insert + rval.substr(candidate + 1); - } - length = i - candidate - 1; - candidate = -1; - ++i; - } else if (rval[i] === " " || rval[i] === " " || rval[i] === ",") { - candidate = i; - } + if ((t = x >> 1) != 0) { + x = t; + r += 1; } - return rval; + return r; } - function ltrim(str2) { - return str2.replace(/^\s+/, ""); + function bnBitLength() { + if (this.t <= 0) return 0; + return this.DB * (this.t - 1) + nbits(this.data[this.t - 1] ^ this.s & this.DM); } - } -}); - -// node_modules/node-forge/lib/des.js -var require_des = __commonJS({ - "node_modules/node-forge/lib/des.js"(exports2, module2) { - var forge = require_forge(); - require_cipher(); - require_cipherModes(); - require_util9(); - module2.exports = forge.des = forge.des || {}; - forge.des.startEncrypting = function(key, iv, output, mode) { - var cipher = _createCipher({ - key, - output, - decrypt: false, - mode: mode || (iv === null ? "ECB" : "CBC") - }); - cipher.start(iv); - return cipher; - }; - forge.des.createEncryptionCipher = function(key, mode) { - return _createCipher({ - key, - output: null, - decrypt: false, - mode - }); - }; - forge.des.startDecrypting = function(key, iv, output, mode) { - var cipher = _createCipher({ - key, - output, - decrypt: true, - mode: mode || (iv === null ? "ECB" : "CBC") - }); - cipher.start(iv); - return cipher; - }; - forge.des.createDecryptionCipher = function(key, mode) { - return _createCipher({ - key, - output: null, - decrypt: true, - mode - }); - }; - forge.des.Algorithm = function(name, mode) { - var self2 = this; - self2.name = name; - self2.mode = new mode({ - blockSize: 8, - cipher: { - encrypt: function(inBlock, outBlock) { - return _updateBlock(self2._keys, inBlock, outBlock, false); - }, - decrypt: function(inBlock, outBlock) { - return _updateBlock(self2._keys, inBlock, outBlock, true); - } - } - }); - self2._init = false; - }; - forge.des.Algorithm.prototype.initialize = function(options) { - if (this._init) { + function bnpDLShiftTo(n, r) { + var i; + for (i = this.t - 1; i >= 0; --i) r.data[i + n] = this.data[i]; + for (i = n - 1; i >= 0; --i) r.data[i] = 0; + r.t = this.t + n; + r.s = this.s; + } + function bnpDRShiftTo(n, r) { + for (var i = n; i < this.t; ++i) r.data[i - n] = this.data[i]; + r.t = Math.max(this.t - n, 0); + r.s = this.s; + } + function bnpLShiftTo(n, r) { + var bs = n % this.DB; + var cbs = this.DB - bs; + var bm = (1 << cbs) - 1; + var ds = Math.floor(n / this.DB), c = this.s << bs & this.DM, i; + for (i = this.t - 1; i >= 0; --i) { + r.data[i + ds + 1] = this.data[i] >> cbs | c; + c = (this.data[i] & bm) << bs; + } + for (i = ds - 1; i >= 0; --i) r.data[i] = 0; + r.data[ds] = c; + r.t = this.t + ds + 1; + r.s = this.s; + r.clamp(); + } + function bnpRShiftTo(n, r) { + r.s = this.s; + var ds = Math.floor(n / this.DB); + if (ds >= this.t) { + r.t = 0; return; } - var key = forge.util.createBuffer(options.key); - if (this.name.indexOf("3DES") === 0) { - if (key.length() !== 24) { - throw new Error("Invalid Triple-DES key size: " + key.length() * 8); - } + var bs = n % this.DB; + var cbs = this.DB - bs; + var bm = (1 << bs) - 1; + r.data[0] = this.data[ds] >> bs; + for (var i = ds + 1; i < this.t; ++i) { + r.data[i - ds - 1] |= (this.data[i] & bm) << cbs; + r.data[i - ds] = this.data[i] >> bs; } - this._keys = _createKeys(key); - this._init = true; - }; - registerAlgorithm("DES-ECB", forge.cipher.modes.ecb); - registerAlgorithm("DES-CBC", forge.cipher.modes.cbc); - registerAlgorithm("DES-CFB", forge.cipher.modes.cfb); - registerAlgorithm("DES-OFB", forge.cipher.modes.ofb); - registerAlgorithm("DES-CTR", forge.cipher.modes.ctr); - registerAlgorithm("3DES-ECB", forge.cipher.modes.ecb); - registerAlgorithm("3DES-CBC", forge.cipher.modes.cbc); - registerAlgorithm("3DES-CFB", forge.cipher.modes.cfb); - registerAlgorithm("3DES-OFB", forge.cipher.modes.ofb); - registerAlgorithm("3DES-CTR", forge.cipher.modes.ctr); - function registerAlgorithm(name, mode) { - var factory = function() { - return new forge.des.Algorithm(name, mode); - }; - forge.cipher.registerAlgorithm(name, factory); + if (bs > 0) r.data[this.t - ds - 1] |= (this.s & bm) << cbs; + r.t = this.t - ds; + r.clamp(); } - var spfunction1 = [16843776, 0, 65536, 16843780, 16842756, 66564, 4, 65536, 1024, 16843776, 16843780, 1024, 16778244, 16842756, 16777216, 4, 1028, 16778240, 16778240, 66560, 66560, 16842752, 16842752, 16778244, 65540, 16777220, 16777220, 65540, 0, 1028, 66564, 16777216, 65536, 16843780, 4, 16842752, 16843776, 16777216, 16777216, 1024, 16842756, 65536, 66560, 16777220, 1024, 4, 16778244, 66564, 16843780, 65540, 16842752, 16778244, 16777220, 1028, 66564, 16843776, 1028, 16778240, 16778240, 0, 65540, 66560, 0, 16842756]; - var spfunction2 = [-2146402272, -2147450880, 32768, 1081376, 1048576, 32, -2146435040, -2147450848, -2147483616, -2146402272, -2146402304, -2147483648, -2147450880, 1048576, 32, -2146435040, 1081344, 1048608, -2147450848, 0, -2147483648, 32768, 1081376, -2146435072, 1048608, -2147483616, 0, 1081344, 32800, -2146402304, -2146435072, 32800, 0, 1081376, -2146435040, 1048576, -2147450848, -2146435072, -2146402304, 32768, -2146435072, -2147450880, 32, -2146402272, 1081376, 32, 32768, -2147483648, 32800, -2146402304, 1048576, -2147483616, 1048608, -2147450848, -2147483616, 1048608, 1081344, 0, -2147450880, 32800, -2147483648, -2146435040, -2146402272, 1081344]; - var spfunction3 = [520, 134349312, 0, 134348808, 134218240, 0, 131592, 134218240, 131080, 134217736, 134217736, 131072, 134349320, 131080, 134348800, 520, 134217728, 8, 134349312, 512, 131584, 134348800, 134348808, 131592, 134218248, 131584, 131072, 134218248, 8, 134349320, 512, 134217728, 134349312, 134217728, 131080, 520, 131072, 134349312, 134218240, 0, 512, 131080, 134349320, 134218240, 134217736, 512, 0, 134348808, 134218248, 131072, 134217728, 134349320, 8, 131592, 131584, 134217736, 134348800, 134218248, 520, 134348800, 131592, 8, 134348808, 131584]; - var spfunction4 = [8396801, 8321, 8321, 128, 8396928, 8388737, 8388609, 8193, 0, 8396800, 8396800, 8396929, 129, 0, 8388736, 8388609, 1, 8192, 8388608, 8396801, 128, 8388608, 8193, 8320, 8388737, 1, 8320, 8388736, 8192, 8396928, 8396929, 129, 8388736, 8388609, 8396800, 8396929, 129, 0, 0, 8396800, 8320, 8388736, 8388737, 1, 8396801, 8321, 8321, 128, 8396929, 129, 1, 8192, 8388609, 8193, 8396928, 8388737, 8193, 8320, 8388608, 8396801, 128, 8388608, 8192, 8396928]; - var spfunction5 = [256, 34078976, 34078720, 1107296512, 524288, 256, 1073741824, 34078720, 1074266368, 524288, 33554688, 1074266368, 1107296512, 1107820544, 524544, 1073741824, 33554432, 1074266112, 1074266112, 0, 1073742080, 1107820800, 1107820800, 33554688, 1107820544, 1073742080, 0, 1107296256, 34078976, 33554432, 1107296256, 524544, 524288, 1107296512, 256, 33554432, 1073741824, 34078720, 1107296512, 1074266368, 33554688, 1073741824, 1107820544, 34078976, 1074266368, 256, 33554432, 1107820544, 1107820800, 524544, 1107296256, 1107820800, 34078720, 0, 1074266112, 1107296256, 524544, 33554688, 1073742080, 524288, 0, 1074266112, 34078976, 1073742080]; - var spfunction6 = [536870928, 541065216, 16384, 541081616, 541065216, 16, 541081616, 4194304, 536887296, 4210704, 4194304, 536870928, 4194320, 536887296, 536870912, 16400, 0, 4194320, 536887312, 16384, 4210688, 536887312, 16, 541065232, 541065232, 0, 4210704, 541081600, 16400, 4210688, 541081600, 536870912, 536887296, 16, 541065232, 4210688, 541081616, 4194304, 16400, 536870928, 4194304, 536887296, 536870912, 16400, 536870928, 541081616, 4210688, 541065216, 4210704, 541081600, 0, 541065232, 16, 16384, 541065216, 4210704, 16384, 4194320, 536887312, 0, 541081600, 536870912, 4194320, 536887312]; - var spfunction7 = [2097152, 69206018, 67110914, 0, 2048, 67110914, 2099202, 69208064, 69208066, 2097152, 0, 67108866, 2, 67108864, 69206018, 2050, 67110912, 2099202, 2097154, 67110912, 67108866, 69206016, 69208064, 2097154, 69206016, 2048, 2050, 69208066, 2099200, 2, 67108864, 2099200, 67108864, 2099200, 2097152, 67110914, 67110914, 69206018, 69206018, 2, 2097154, 67108864, 67110912, 2097152, 69208064, 2050, 2099202, 69208064, 2050, 67108866, 69208066, 69206016, 2099200, 0, 2, 69208066, 0, 2099202, 69206016, 2048, 67108866, 67110912, 2048, 2097154]; - var spfunction8 = [268439616, 4096, 262144, 268701760, 268435456, 268439616, 64, 268435456, 262208, 268697600, 268701760, 266240, 268701696, 266304, 4096, 64, 268697600, 268435520, 268439552, 4160, 266240, 262208, 268697664, 268701696, 4160, 0, 0, 268697664, 268435520, 268439552, 266304, 262144, 266304, 262144, 268701696, 4096, 64, 268697664, 4096, 266304, 268439552, 64, 268435520, 268697600, 268697664, 268435456, 262144, 268439616, 0, 268701760, 262208, 268435520, 268697600, 268439552, 268439616, 0, 268701760, 266240, 266240, 4160, 4160, 262208, 268435456, 268701696]; - function _createKeys(key) { - var pc2bytes0 = [0, 4, 536870912, 536870916, 65536, 65540, 536936448, 536936452, 512, 516, 536871424, 536871428, 66048, 66052, 536936960, 536936964], pc2bytes1 = [0, 1, 1048576, 1048577, 67108864, 67108865, 68157440, 68157441, 256, 257, 1048832, 1048833, 67109120, 67109121, 68157696, 68157697], pc2bytes2 = [0, 8, 2048, 2056, 16777216, 16777224, 16779264, 16779272, 0, 8, 2048, 2056, 16777216, 16777224, 16779264, 16779272], pc2bytes3 = [0, 2097152, 134217728, 136314880, 8192, 2105344, 134225920, 136323072, 131072, 2228224, 134348800, 136445952, 139264, 2236416, 134356992, 136454144], pc2bytes4 = [0, 262144, 16, 262160, 0, 262144, 16, 262160, 4096, 266240, 4112, 266256, 4096, 266240, 4112, 266256], pc2bytes5 = [0, 1024, 32, 1056, 0, 1024, 32, 1056, 33554432, 33555456, 33554464, 33555488, 33554432, 33555456, 33554464, 33555488], pc2bytes6 = [0, 268435456, 524288, 268959744, 2, 268435458, 524290, 268959746, 0, 268435456, 524288, 268959744, 2, 268435458, 524290, 268959746], pc2bytes7 = [0, 65536, 2048, 67584, 536870912, 536936448, 536872960, 536938496, 131072, 196608, 133120, 198656, 537001984, 537067520, 537004032, 537069568], pc2bytes8 = [0, 262144, 0, 262144, 2, 262146, 2, 262146, 33554432, 33816576, 33554432, 33816576, 33554434, 33816578, 33554434, 33816578], pc2bytes9 = [0, 268435456, 8, 268435464, 0, 268435456, 8, 268435464, 1024, 268436480, 1032, 268436488, 1024, 268436480, 1032, 268436488], pc2bytes10 = [0, 32, 0, 32, 1048576, 1048608, 1048576, 1048608, 8192, 8224, 8192, 8224, 1056768, 1056800, 1056768, 1056800], pc2bytes11 = [0, 16777216, 512, 16777728, 2097152, 18874368, 2097664, 18874880, 67108864, 83886080, 67109376, 83886592, 69206016, 85983232, 69206528, 85983744], pc2bytes12 = [0, 4096, 134217728, 134221824, 524288, 528384, 134742016, 134746112, 16, 4112, 134217744, 134221840, 524304, 528400, 134742032, 134746128], pc2bytes13 = [0, 4, 256, 260, 0, 4, 256, 260, 1, 5, 257, 261, 1, 5, 257, 261]; - var iterations = key.length() > 8 ? 3 : 1; - var keys = []; - var shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0]; - var n = 0, tmp; - for (var j = 0; j < iterations; j++) { - var left = key.getInt32(); - var right = key.getInt32(); - tmp = (left >>> 4 ^ right) & 252645135; - right ^= tmp; - left ^= tmp << 4; - tmp = (right >>> -16 ^ left) & 65535; - left ^= tmp; - right ^= tmp << -16; - tmp = (left >>> 2 ^ right) & 858993459; - right ^= tmp; - left ^= tmp << 2; - tmp = (right >>> -16 ^ left) & 65535; - left ^= tmp; - right ^= tmp << -16; - tmp = (left >>> 1 ^ right) & 1431655765; - right ^= tmp; - left ^= tmp << 1; - tmp = (right >>> 8 ^ left) & 16711935; - left ^= tmp; - right ^= tmp << 8; - tmp = (left >>> 1 ^ right) & 1431655765; - right ^= tmp; - left ^= tmp << 1; - tmp = left << 8 | right >>> 20 & 240; - left = right << 24 | right << 8 & 16711680 | right >>> 8 & 65280 | right >>> 24 & 240; - right = tmp; - for (var i = 0; i < shifts.length; ++i) { - if (shifts[i]) { - left = left << 2 | left >>> 26; - right = right << 2 | right >>> 26; - } else { - left = left << 1 | left >>> 27; - right = right << 1 | right >>> 27; - } - left &= -15; - right &= -15; - var lefttmp = pc2bytes0[left >>> 28] | pc2bytes1[left >>> 24 & 15] | pc2bytes2[left >>> 20 & 15] | pc2bytes3[left >>> 16 & 15] | pc2bytes4[left >>> 12 & 15] | pc2bytes5[left >>> 8 & 15] | pc2bytes6[left >>> 4 & 15]; - var righttmp = pc2bytes7[right >>> 28] | pc2bytes8[right >>> 24 & 15] | pc2bytes9[right >>> 20 & 15] | pc2bytes10[right >>> 16 & 15] | pc2bytes11[right >>> 12 & 15] | pc2bytes12[right >>> 8 & 15] | pc2bytes13[right >>> 4 & 15]; - tmp = (righttmp >>> 16 ^ lefttmp) & 65535; - keys[n++] = lefttmp ^ tmp; - keys[n++] = righttmp ^ tmp << 16; - } + function bnpSubTo(a, r) { + var i = 0, c = 0, m = Math.min(a.t, this.t); + while (i < m) { + c += this.data[i] - a.data[i]; + r.data[i++] = c & this.DM; + c >>= this.DB; } - return keys; - } - function _updateBlock(keys, input, output, decrypt) { - var iterations = keys.length === 32 ? 3 : 9; - var looping; - if (iterations === 3) { - looping = decrypt ? [30, -2, -2] : [0, 32, 2]; + if (a.t < this.t) { + c -= a.s; + while (i < this.t) { + c += this.data[i]; + r.data[i++] = c & this.DM; + c >>= this.DB; + } + c += this.s; } else { - looping = decrypt ? [94, 62, -2, 32, 64, 2, 30, -2, -2] : [0, 32, 2, 62, 30, -2, 64, 96, 2]; + c += this.s; + while (i < a.t) { + c -= a.data[i]; + r.data[i++] = c & this.DM; + c >>= this.DB; + } + c -= a.s; } - var tmp; - var left = input[0]; - var right = input[1]; - tmp = (left >>> 4 ^ right) & 252645135; - right ^= tmp; - left ^= tmp << 4; - tmp = (left >>> 16 ^ right) & 65535; - right ^= tmp; - left ^= tmp << 16; - tmp = (right >>> 2 ^ left) & 858993459; - left ^= tmp; - right ^= tmp << 2; - tmp = (right >>> 8 ^ left) & 16711935; - left ^= tmp; - right ^= tmp << 8; - tmp = (left >>> 1 ^ right) & 1431655765; - right ^= tmp; - left ^= tmp << 1; - left = left << 1 | left >>> 31; - right = right << 1 | right >>> 31; - for (var j = 0; j < iterations; j += 3) { - var endloop = looping[j + 1]; - var loopinc = looping[j + 2]; - for (var i = looping[j]; i != endloop; i += loopinc) { - var right1 = right ^ keys[i]; - var right2 = (right >>> 4 | right << 28) ^ keys[i + 1]; - tmp = left; - left = right; - right = tmp ^ (spfunction2[right1 >>> 24 & 63] | spfunction4[right1 >>> 16 & 63] | spfunction6[right1 >>> 8 & 63] | spfunction8[right1 & 63] | spfunction1[right2 >>> 24 & 63] | spfunction3[right2 >>> 16 & 63] | spfunction5[right2 >>> 8 & 63] | spfunction7[right2 & 63]); + r.s = c < 0 ? -1 : 0; + if (c < -1) r.data[i++] = this.DV + c; + else if (c > 0) r.data[i++] = c; + r.t = i; + r.clamp(); + } + function bnpMultiplyTo(a, r) { + var x = this.abs(), y = a.abs(); + var i = x.t; + r.t = i + y.t; + while (--i >= 0) r.data[i] = 0; + for (i = 0; i < y.t; ++i) r.data[i + x.t] = x.am(0, y.data[i], r, i, 0, x.t); + r.s = 0; + r.clamp(); + if (this.s != a.s) BigInteger.ZERO.subTo(r, r); + } + function bnpSquareTo(r) { + var x = this.abs(); + var i = r.t = 2 * x.t; + while (--i >= 0) r.data[i] = 0; + for (i = 0; i < x.t - 1; ++i) { + var c = x.am(i, x.data[i], r, 2 * i, 0, 1); + if ((r.data[i + x.t] += x.am(i + 1, 2 * x.data[i], r, 2 * i + 1, c, x.t - i - 1)) >= x.DV) { + r.data[i + x.t] -= x.DV; + r.data[i + x.t + 1] = 1; } - tmp = left; - left = right; - right = tmp; } - left = left >>> 1 | left << 31; - right = right >>> 1 | right << 31; - tmp = (left >>> 1 ^ right) & 1431655765; - right ^= tmp; - left ^= tmp << 1; - tmp = (right >>> 8 ^ left) & 16711935; - left ^= tmp; - right ^= tmp << 8; - tmp = (right >>> 2 ^ left) & 858993459; - left ^= tmp; - right ^= tmp << 2; - tmp = (left >>> 16 ^ right) & 65535; - right ^= tmp; - left ^= tmp << 16; - tmp = (left >>> 4 ^ right) & 252645135; - right ^= tmp; - left ^= tmp << 4; - output[0] = left; - output[1] = right; + if (r.t > 0) r.data[r.t - 1] += x.am(i, x.data[i], r, 2 * i, 0, 1); + r.s = 0; + r.clamp(); } - function _createCipher(options) { - options = options || {}; - var mode = (options.mode || "CBC").toUpperCase(); - var algorithm = "DES-" + mode; - var cipher; - if (options.decrypt) { - cipher = forge.cipher.createDecipher(algorithm, options.key); + function bnpDivRemTo(m, q, r) { + var pm = m.abs(); + if (pm.t <= 0) return; + var pt = this.abs(); + if (pt.t < pm.t) { + if (q != null) q.fromInt(0); + if (r != null) this.copyTo(r); + return; + } + if (r == null) r = nbi(); + var y = nbi(), ts = this.s, ms = m.s; + var nsh = this.DB - nbits(pm.data[pm.t - 1]); + if (nsh > 0) { + pm.lShiftTo(nsh, y); + pt.lShiftTo(nsh, r); } else { - cipher = forge.cipher.createCipher(algorithm, options.key); + pm.copyTo(y); + pt.copyTo(r); } - var start = cipher.start; - cipher.start = function(iv, options2) { - var output = null; - if (options2 instanceof forge.util.ByteBuffer) { - output = options2; - options2 = {}; + var ys = y.t; + var y0 = y.data[ys - 1]; + if (y0 == 0) return; + var yt = y0 * (1 << this.F1) + (ys > 1 ? y.data[ys - 2] >> this.F2 : 0); + var d1 = this.FV / yt, d2 = (1 << this.F1) / yt, e = 1 << this.F2; + var i = r.t, j = i - ys, t = q == null ? nbi() : q; + y.dlShiftTo(j, t); + if (r.compareTo(t) >= 0) { + r.data[r.t++] = 1; + r.subTo(t, r); + } + BigInteger.ONE.dlShiftTo(ys, t); + t.subTo(y, y); + while (y.t < ys) y.data[y.t++] = 0; + while (--j >= 0) { + var qd = r.data[--i] == y0 ? this.DM : Math.floor(r.data[i] * d1 + (r.data[i - 1] + e) * d2); + if ((r.data[i] += y.am(0, qd, r, j, 0, ys)) < qd) { + y.dlShiftTo(j, t); + r.subTo(t, r); + while (r.data[i] < --qd) r.subTo(t, r); } - options2 = options2 || {}; - options2.output = output; - options2.iv = iv; - start.call(cipher, options2); - }; - return cipher; + } + if (q != null) { + r.drShiftTo(ys, q); + if (ts != ms) BigInteger.ZERO.subTo(q, q); + } + r.t = ys; + r.clamp(); + if (nsh > 0) r.rShiftTo(nsh, r); + if (ts < 0) BigInteger.ZERO.subTo(r, r); } - } -}); - -// node_modules/node-forge/lib/pbkdf2.js -var require_pbkdf2 = __commonJS({ - "node_modules/node-forge/lib/pbkdf2.js"(exports2, module2) { - var forge = require_forge(); - require_hmac(); - require_md(); - require_util9(); - var pkcs5 = forge.pkcs5 = forge.pkcs5 || {}; - var crypto2; - if (forge.util.isNodejs && !forge.options.usePureJavaScript) { - crypto2 = require("crypto"); + function bnMod(a) { + var r = nbi(); + this.abs().divRemTo(a, null, r); + if (this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r, r); + return r; } - module2.exports = forge.pbkdf2 = pkcs5.pbkdf2 = function(p, s, c, dkLen, md, callback) { - if (typeof md === "function") { - callback = md; - md = null; - } - if (forge.util.isNodejs && !forge.options.usePureJavaScript && crypto2.pbkdf2 && (md === null || typeof md !== "object") && (crypto2.pbkdf2Sync.length > 4 || (!md || md === "sha1"))) { - if (typeof md !== "string") { - md = "sha1"; - } - p = Buffer.from(p, "binary"); - s = Buffer.from(s, "binary"); - if (!callback) { - if (crypto2.pbkdf2Sync.length === 4) { - return crypto2.pbkdf2Sync(p, s, c, dkLen).toString("binary"); - } - return crypto2.pbkdf2Sync(p, s, c, dkLen, md).toString("binary"); + function Classic(m) { + this.m = m; + } + function cConvert(x) { + if (x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m); + else return x; + } + function cRevert(x) { + return x; + } + function cReduce(x) { + x.divRemTo(this.m, null, x); + } + function cMulTo(x, y, r) { + x.multiplyTo(y, r); + this.reduce(r); + } + function cSqrTo(x, r) { + x.squareTo(r); + this.reduce(r); + } + Classic.prototype.convert = cConvert; + Classic.prototype.revert = cRevert; + Classic.prototype.reduce = cReduce; + Classic.prototype.mulTo = cMulTo; + Classic.prototype.sqrTo = cSqrTo; + function bnpInvDigit() { + if (this.t < 1) return 0; + var x = this.data[0]; + if ((x & 1) == 0) return 0; + var y = x & 3; + y = y * (2 - (x & 15) * y) & 15; + y = y * (2 - (x & 255) * y) & 255; + y = y * (2 - ((x & 65535) * y & 65535)) & 65535; + y = y * (2 - x * y % this.DV) % this.DV; + return y > 0 ? this.DV - y : -y; + } + function Montgomery(m) { + this.m = m; + this.mp = m.invDigit(); + this.mpl = this.mp & 32767; + this.mph = this.mp >> 15; + this.um = (1 << m.DB - 15) - 1; + this.mt2 = 2 * m.t; + } + function montConvert(x) { + var r = nbi(); + x.abs().dlShiftTo(this.m.t, r); + r.divRemTo(this.m, null, r); + if (x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r, r); + return r; + } + function montRevert(x) { + var r = nbi(); + x.copyTo(r); + this.reduce(r); + return r; + } + function montReduce(x) { + while (x.t <= this.mt2) + x.data[x.t++] = 0; + for (var i = 0; i < this.m.t; ++i) { + var j = x.data[i] & 32767; + var u0 = j * this.mpl + ((j * this.mph + (x.data[i] >> 15) * this.mpl & this.um) << 15) & x.DM; + j = i + this.m.t; + x.data[j] += this.m.am(0, u0, x, i, 0, this.m.t); + while (x.data[j] >= x.DV) { + x.data[j] -= x.DV; + x.data[++j]++; } - if (crypto2.pbkdf2Sync.length === 4) { - return crypto2.pbkdf2(p, s, c, dkLen, function(err2, key) { - if (err2) { - return callback(err2); - } - callback(null, key.toString("binary")); - }); + } + x.clamp(); + x.drShiftTo(this.m.t, x); + if (x.compareTo(this.m) >= 0) x.subTo(this.m, x); + } + function montSqrTo(x, r) { + x.squareTo(r); + this.reduce(r); + } + function montMulTo(x, y, r) { + x.multiplyTo(y, r); + this.reduce(r); + } + Montgomery.prototype.convert = montConvert; + Montgomery.prototype.revert = montRevert; + Montgomery.prototype.reduce = montReduce; + Montgomery.prototype.mulTo = montMulTo; + Montgomery.prototype.sqrTo = montSqrTo; + function bnpIsEven() { + return (this.t > 0 ? this.data[0] & 1 : this.s) == 0; + } + function bnpExp(e, z) { + if (e > 4294967295 || e < 1) return BigInteger.ONE; + var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e) - 1; + g.copyTo(r); + while (--i >= 0) { + z.sqrTo(r, r2); + if ((e & 1 << i) > 0) z.mulTo(r2, g, r); + else { + var t = r; + r = r2; + r2 = t; } - return crypto2.pbkdf2(p, s, c, dkLen, md, function(err2, key) { - if (err2) { - return callback(err2); - } - callback(null, key.toString("binary")); - }); } - if (typeof md === "undefined" || md === null) { - md = "sha1"; + return z.revert(r); + } + function bnModPowInt(e, m) { + var z; + if (e < 256 || m.isEven()) z = new Classic(m); + else z = new Montgomery(m); + return this.exp(e, z); + } + BigInteger.prototype.copyTo = bnpCopyTo; + BigInteger.prototype.fromInt = bnpFromInt; + BigInteger.prototype.fromString = bnpFromString; + BigInteger.prototype.clamp = bnpClamp; + BigInteger.prototype.dlShiftTo = bnpDLShiftTo; + BigInteger.prototype.drShiftTo = bnpDRShiftTo; + BigInteger.prototype.lShiftTo = bnpLShiftTo; + BigInteger.prototype.rShiftTo = bnpRShiftTo; + BigInteger.prototype.subTo = bnpSubTo; + BigInteger.prototype.multiplyTo = bnpMultiplyTo; + BigInteger.prototype.squareTo = bnpSquareTo; + BigInteger.prototype.divRemTo = bnpDivRemTo; + BigInteger.prototype.invDigit = bnpInvDigit; + BigInteger.prototype.isEven = bnpIsEven; + BigInteger.prototype.exp = bnpExp; + BigInteger.prototype.toString = bnToString; + BigInteger.prototype.negate = bnNegate; + BigInteger.prototype.abs = bnAbs; + BigInteger.prototype.compareTo = bnCompareTo; + BigInteger.prototype.bitLength = bnBitLength; + BigInteger.prototype.mod = bnMod; + BigInteger.prototype.modPowInt = bnModPowInt; + BigInteger.ZERO = nbv(0); + BigInteger.ONE = nbv(1); + function bnClone() { + var r = nbi(); + this.copyTo(r); + return r; + } + function bnIntValue() { + if (this.s < 0) { + if (this.t == 1) return this.data[0] - this.DV; + else if (this.t == 0) return -1; + } else if (this.t == 1) return this.data[0]; + else if (this.t == 0) return 0; + return (this.data[1] & (1 << 32 - this.DB) - 1) << this.DB | this.data[0]; + } + function bnByteValue() { + return this.t == 0 ? this.s : this.data[0] << 24 >> 24; + } + function bnShortValue() { + return this.t == 0 ? this.s : this.data[0] << 16 >> 16; + } + function bnpChunkSize(r) { + return Math.floor(Math.LN2 * this.DB / Math.log(r)); + } + function bnSigNum() { + if (this.s < 0) return -1; + else if (this.t <= 0 || this.t == 1 && this.data[0] <= 0) return 0; + else return 1; + } + function bnpToRadix(b) { + if (b == null) b = 10; + if (this.signum() == 0 || b < 2 || b > 36) return "0"; + var cs = this.chunkSize(b); + var a = Math.pow(b, cs); + var d = nbv(a), y = nbi(), z = nbi(), r = ""; + this.divRemTo(d, y, z); + while (y.signum() > 0) { + r = (a + z.intValue()).toString(b).substr(1) + r; + y.divRemTo(d, y, z); } - if (typeof md === "string") { - if (!(md in forge.md.algorithms)) { - throw new Error("Unknown hash algorithm: " + md); + return z.intValue().toString(b) + r; + } + function bnpFromRadix(s, b) { + this.fromInt(0); + if (b == null) b = 10; + var cs = this.chunkSize(b); + var d = Math.pow(b, cs), mi = false, j = 0, w = 0; + for (var i = 0; i < s.length; ++i) { + var x = intAt(s, i); + if (x < 0) { + if (s.charAt(i) == "-" && this.signum() == 0) mi = true; + continue; } - md = forge.md[md].create(); - } - var hLen = md.digestLength; - if (dkLen > 4294967295 * hLen) { - var err = new Error("Derived key is too long."); - if (callback) { - return callback(err); + w = b * w + x; + if (++j >= cs) { + this.dMultiply(d); + this.dAddOffset(w, 0); + j = 0; + w = 0; } - throw err; } - var len = Math.ceil(dkLen / hLen); - var r = dkLen - (len - 1) * hLen; - var prf = forge.hmac.create(); - prf.start(md, p); - var dk = ""; - var xor, u_c, u_c1; - if (!callback) { - for (var i = 1; i <= len; ++i) { - prf.start(null, null); - prf.update(s); - prf.update(forge.util.int32ToBytes(i)); - xor = u_c1 = prf.digest().getBytes(); - for (var j = 2; j <= c; ++j) { - prf.start(null, null); - prf.update(u_c1); - u_c = prf.digest().getBytes(); - xor = forge.util.xorBytes(xor, u_c, hLen); - u_c1 = u_c; + if (j > 0) { + this.dMultiply(Math.pow(b, j)); + this.dAddOffset(w, 0); + } + if (mi) BigInteger.ZERO.subTo(this, this); + } + function bnpFromNumber(a, b, c) { + if ("number" == typeof b) { + if (a < 2) this.fromInt(1); + else { + this.fromNumber(a, c); + if (!this.testBit(a - 1)) + this.bitwiseTo(BigInteger.ONE.shiftLeft(a - 1), op_or, this); + if (this.isEven()) this.dAddOffset(1, 0); + while (!this.isProbablePrime(b)) { + this.dAddOffset(2, 0); + if (this.bitLength() > a) this.subTo(BigInteger.ONE.shiftLeft(a - 1), this); } - dk += i < len ? xor : xor.substr(0, r); } - return dk; + } else { + var x = new Array(), t = a & 7; + x.length = (a >> 3) + 1; + b.nextBytes(x); + if (t > 0) x[0] &= (1 << t) - 1; + else x[0] = 0; + this.fromString(x, 256); } - var i = 1, j; - function outer() { - if (i > len) { - return callback(null, dk); + } + function bnToByteArray() { + var i = this.t, r = new Array(); + r[0] = this.s; + var p = this.DB - i * this.DB % 8, d, k = 0; + if (i-- > 0) { + if (p < this.DB && (d = this.data[i] >> p) != (this.s & this.DM) >> p) + r[k++] = d | this.s << this.DB - p; + while (i >= 0) { + if (p < 8) { + d = (this.data[i] & (1 << p) - 1) << 8 - p; + d |= this.data[--i] >> (p += this.DB - 8); + } else { + d = this.data[i] >> (p -= 8) & 255; + if (p <= 0) { + p += this.DB; + --i; + } + } + if ((d & 128) != 0) d |= -256; + if (k == 0 && (this.s & 128) != (d & 128)) ++k; + if (k > 0 || d != this.s) r[k++] = d; } - prf.start(null, null); - prf.update(s); - prf.update(forge.util.int32ToBytes(i)); - xor = u_c1 = prf.digest().getBytes(); - j = 2; - inner(); } - function inner() { - if (j <= c) { - prf.start(null, null); - prf.update(u_c1); - u_c = prf.digest().getBytes(); - xor = forge.util.xorBytes(xor, u_c, hLen); - u_c1 = u_c; - ++j; - return forge.util.setImmediate(inner); - } - dk += i < len ? xor : xor.substr(0, r); - ++i; - outer(); + return r; + } + function bnEquals(a) { + return this.compareTo(a) == 0; + } + function bnMin(a) { + return this.compareTo(a) < 0 ? this : a; + } + function bnMax(a) { + return this.compareTo(a) > 0 ? this : a; + } + function bnpBitwiseTo(a, op, r) { + var i, f, m = Math.min(a.t, this.t); + for (i = 0; i < m; ++i) r.data[i] = op(this.data[i], a.data[i]); + if (a.t < this.t) { + f = a.s & this.DM; + for (i = m; i < this.t; ++i) r.data[i] = op(this.data[i], f); + r.t = this.t; + } else { + f = this.s & this.DM; + for (i = m; i < a.t; ++i) r.data[i] = op(f, a.data[i]); + r.t = a.t; } - outer(); - }; - } -}); - -// node_modules/node-forge/lib/sha256.js -var require_sha256 = __commonJS({ - "node_modules/node-forge/lib/sha256.js"(exports2, module2) { - var forge = require_forge(); - require_md(); - require_util9(); - var sha256 = module2.exports = forge.sha256 = forge.sha256 || {}; - forge.md.sha256 = forge.md.algorithms.sha256 = sha256; - sha256.create = function() { - if (!_initialized) { - _init(); + r.s = op(this.s, a.s); + r.clamp(); + } + function op_and(x, y) { + return x & y; + } + function bnAnd(a) { + var r = nbi(); + this.bitwiseTo(a, op_and, r); + return r; + } + function op_or(x, y) { + return x | y; + } + function bnOr(a) { + var r = nbi(); + this.bitwiseTo(a, op_or, r); + return r; + } + function op_xor(x, y) { + return x ^ y; + } + function bnXor(a) { + var r = nbi(); + this.bitwiseTo(a, op_xor, r); + return r; + } + function op_andnot(x, y) { + return x & ~y; + } + function bnAndNot(a) { + var r = nbi(); + this.bitwiseTo(a, op_andnot, r); + return r; + } + function bnNot() { + var r = nbi(); + for (var i = 0; i < this.t; ++i) r.data[i] = this.DM & ~this.data[i]; + r.t = this.t; + r.s = ~this.s; + return r; + } + function bnShiftLeft(n) { + var r = nbi(); + if (n < 0) this.rShiftTo(-n, r); + else this.lShiftTo(n, r); + return r; + } + function bnShiftRight(n) { + var r = nbi(); + if (n < 0) this.lShiftTo(-n, r); + else this.rShiftTo(n, r); + return r; + } + function lbit(x) { + if (x == 0) return -1; + var r = 0; + if ((x & 65535) == 0) { + x >>= 16; + r += 16; } - var _state = null; - var _input = forge.util.createBuffer(); - var _w = new Array(64); - var md = { - algorithm: "sha256", - blockLength: 64, - digestLength: 32, - // 56-bit length of message so far (does not including padding) - messageLength: 0, - // true message length - fullMessageLength: null, - // size of message length in bytes - messageLengthSize: 8 - }; - md.start = function() { - md.messageLength = 0; - md.fullMessageLength = md.messageLength64 = []; - var int32s = md.messageLengthSize / 4; - for (var i = 0; i < int32s; ++i) { - md.fullMessageLength.push(0); - } - _input = forge.util.createBuffer(); - _state = { - h0: 1779033703, - h1: 3144134277, - h2: 1013904242, - h3: 2773480762, - h4: 1359893119, - h5: 2600822924, - h6: 528734635, - h7: 1541459225 - }; - return md; - }; - md.start(); - md.update = function(msg, encoding) { - if (encoding === "utf8") { - msg = forge.util.encodeUtf8(msg); - } - var len = msg.length; - md.messageLength += len; - len = [len / 4294967296 >>> 0, len >>> 0]; - for (var i = md.fullMessageLength.length - 1; i >= 0; --i) { - md.fullMessageLength[i] += len[1]; - len[1] = len[0] + (md.fullMessageLength[i] / 4294967296 >>> 0); - md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0; - len[0] = len[1] / 4294967296 >>> 0; - } - _input.putBytes(msg); - _update(_state, _w, _input); - if (_input.read > 2048 || _input.length() === 0) { - _input.compact(); - } - return md; - }; - md.digest = function() { - var finalBlock = forge.util.createBuffer(); - finalBlock.putBytes(_input.bytes()); - var remaining = md.fullMessageLength[md.fullMessageLength.length - 1] + md.messageLengthSize; - var overflow = remaining & md.blockLength - 1; - finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow)); - var next, carry; - var bits = md.fullMessageLength[0] * 8; - for (var i = 0; i < md.fullMessageLength.length - 1; ++i) { - next = md.fullMessageLength[i + 1] * 8; - carry = next / 4294967296 >>> 0; - bits += carry; - finalBlock.putInt32(bits >>> 0); - bits = next >>> 0; - } - finalBlock.putInt32(bits); - var s2 = { - h0: _state.h0, - h1: _state.h1, - h2: _state.h2, - h3: _state.h3, - h4: _state.h4, - h5: _state.h5, - h6: _state.h6, - h7: _state.h7 - }; - _update(s2, _w, finalBlock); - var rval = forge.util.createBuffer(); - rval.putInt32(s2.h0); - rval.putInt32(s2.h1); - rval.putInt32(s2.h2); - rval.putInt32(s2.h3); - rval.putInt32(s2.h4); - rval.putInt32(s2.h5); - rval.putInt32(s2.h6); - rval.putInt32(s2.h7); - return rval; - }; - return md; - }; - var _padding = null; - var _initialized = false; - var _k = null; - function _init() { - _padding = String.fromCharCode(128); - _padding += forge.util.fillString(String.fromCharCode(0), 64); - _k = [ - 1116352408, - 1899447441, - 3049323471, - 3921009573, - 961987163, - 1508970993, - 2453635748, - 2870763221, - 3624381080, - 310598401, - 607225278, - 1426881987, - 1925078388, - 2162078206, - 2614888103, - 3248222580, - 3835390401, - 4022224774, - 264347078, - 604807628, - 770255983, - 1249150122, - 1555081692, - 1996064986, - 2554220882, - 2821834349, - 2952996808, - 3210313671, - 3336571891, - 3584528711, - 113926993, - 338241895, - 666307205, - 773529912, - 1294757372, - 1396182291, - 1695183700, - 1986661051, - 2177026350, - 2456956037, - 2730485921, - 2820302411, - 3259730800, - 3345764771, - 3516065817, - 3600352804, - 4094571909, - 275423344, - 430227734, - 506948616, - 659060556, - 883997877, - 958139571, - 1322822218, - 1537002063, - 1747873779, - 1955562222, - 2024104815, - 2227730452, - 2361852424, - 2428436474, - 2756734187, - 3204031479, - 3329325298 - ]; - _initialized = true; + if ((x & 255) == 0) { + x >>= 8; + r += 8; + } + if ((x & 15) == 0) { + x >>= 4; + r += 4; + } + if ((x & 3) == 0) { + x >>= 2; + r += 2; + } + if ((x & 1) == 0) ++r; + return r; } - function _update(s, w, bytes) { - var t1, t2, s0, s1, ch, maj, i, a, b, c, d, e, f, g, h; - var len = bytes.length(); - while (len >= 64) { - for (i = 0; i < 16; ++i) { - w[i] = bytes.getInt32(); - } - for (; i < 64; ++i) { - t1 = w[i - 2]; - t1 = (t1 >>> 17 | t1 << 15) ^ (t1 >>> 19 | t1 << 13) ^ t1 >>> 10; - t2 = w[i - 15]; - t2 = (t2 >>> 7 | t2 << 25) ^ (t2 >>> 18 | t2 << 14) ^ t2 >>> 3; - w[i] = t1 + w[i - 7] + t2 + w[i - 16] | 0; + function bnGetLowestSetBit() { + for (var i = 0; i < this.t; ++i) + if (this.data[i] != 0) return i * this.DB + lbit(this.data[i]); + if (this.s < 0) return this.t * this.DB; + return -1; + } + function cbit(x) { + var r = 0; + while (x != 0) { + x &= x - 1; + ++r; + } + return r; + } + function bnBitCount() { + var r = 0, x = this.s & this.DM; + for (var i = 0; i < this.t; ++i) r += cbit(this.data[i] ^ x); + return r; + } + function bnTestBit(n) { + var j = Math.floor(n / this.DB); + if (j >= this.t) return this.s != 0; + return (this.data[j] & 1 << n % this.DB) != 0; + } + function bnpChangeBit(n, op) { + var r = BigInteger.ONE.shiftLeft(n); + this.bitwiseTo(r, op, r); + return r; + } + function bnSetBit(n) { + return this.changeBit(n, op_or); + } + function bnClearBit(n) { + return this.changeBit(n, op_andnot); + } + function bnFlipBit(n) { + return this.changeBit(n, op_xor); + } + function bnpAddTo(a, r) { + var i = 0, c = 0, m = Math.min(a.t, this.t); + while (i < m) { + c += this.data[i] + a.data[i]; + r.data[i++] = c & this.DM; + c >>= this.DB; + } + if (a.t < this.t) { + c += a.s; + while (i < this.t) { + c += this.data[i]; + r.data[i++] = c & this.DM; + c >>= this.DB; } - a = s.h0; - b = s.h1; - c = s.h2; - d = s.h3; - e = s.h4; - f = s.h5; - g = s.h6; - h = s.h7; - for (i = 0; i < 64; ++i) { - s1 = (e >>> 6 | e << 26) ^ (e >>> 11 | e << 21) ^ (e >>> 25 | e << 7); - ch = g ^ e & (f ^ g); - s0 = (a >>> 2 | a << 30) ^ (a >>> 13 | a << 19) ^ (a >>> 22 | a << 10); - maj = a & b | c & (a ^ b); - t1 = h + s1 + ch + _k[i] + w[i]; - t2 = s0 + maj; - h = g; - g = f; - f = e; - e = d + t1 >>> 0; - d = c; - c = b; - b = a; - a = t1 + t2 >>> 0; + c += this.s; + } else { + c += this.s; + while (i < a.t) { + c += a.data[i]; + r.data[i++] = c & this.DM; + c >>= this.DB; } - s.h0 = s.h0 + a | 0; - s.h1 = s.h1 + b | 0; - s.h2 = s.h2 + c | 0; - s.h3 = s.h3 + d | 0; - s.h4 = s.h4 + e | 0; - s.h5 = s.h5 + f | 0; - s.h6 = s.h6 + g | 0; - s.h7 = s.h7 + h | 0; - len -= 64; + c += a.s; } + r.s = c < 0 ? -1 : 0; + if (c > 0) r.data[i++] = c; + else if (c < -1) r.data[i++] = this.DV + c; + r.t = i; + r.clamp(); } - } -}); - -// node_modules/node-forge/lib/prng.js -var require_prng = __commonJS({ - "node_modules/node-forge/lib/prng.js"(exports2, module2) { - var forge = require_forge(); - require_util9(); - var _crypto = null; - if (forge.util.isNodejs && !forge.options.usePureJavaScript && !process.versions["node-webkit"]) { - _crypto = require("crypto"); + function bnAdd(a) { + var r = nbi(); + this.addTo(a, r); + return r; } - var prng = module2.exports = forge.prng = forge.prng || {}; - prng.create = function(plugin) { - var ctx = { - plugin, - key: null, - seed: null, - time: null, - // number of reseeds so far - reseeds: 0, - // amount of data generated so far - generated: 0, - // no initial key bytes - keyBytes: "" - }; - var md = plugin.md; - var pools = new Array(32); - for (var i = 0; i < 32; ++i) { - pools[i] = md.create(); + function bnSubtract(a) { + var r = nbi(); + this.subTo(a, r); + return r; + } + function bnMultiply(a) { + var r = nbi(); + this.multiplyTo(a, r); + return r; + } + function bnDivide(a) { + var r = nbi(); + this.divRemTo(a, r, null); + return r; + } + function bnRemainder(a) { + var r = nbi(); + this.divRemTo(a, null, r); + return r; + } + function bnDivideAndRemainder(a) { + var q = nbi(), r = nbi(); + this.divRemTo(a, q, r); + return new Array(q, r); + } + function bnpDMultiply(n) { + this.data[this.t] = this.am(0, n - 1, this, 0, 0, this.t); + ++this.t; + this.clamp(); + } + function bnpDAddOffset(n, w) { + if (n == 0) return; + while (this.t <= w) this.data[this.t++] = 0; + this.data[w] += n; + while (this.data[w] >= this.DV) { + this.data[w] -= this.DV; + if (++w >= this.t) this.data[this.t++] = 0; + ++this.data[w]; } - ctx.pools = pools; - ctx.pool = 0; - ctx.generate = function(count, callback) { - if (!callback) { - return ctx.generateSync(count); + } + function NullExp() { + } + function nNop(x) { + return x; + } + function nMulTo(x, y, r) { + x.multiplyTo(y, r); + } + function nSqrTo(x, r) { + x.squareTo(r); + } + NullExp.prototype.convert = nNop; + NullExp.prototype.revert = nNop; + NullExp.prototype.mulTo = nMulTo; + NullExp.prototype.sqrTo = nSqrTo; + function bnPow(e) { + return this.exp(e, new NullExp()); + } + function bnpMultiplyLowerTo(a, n, r) { + var i = Math.min(this.t + a.t, n); + r.s = 0; + r.t = i; + while (i > 0) r.data[--i] = 0; + var j; + for (j = r.t - this.t; i < j; ++i) r.data[i + this.t] = this.am(0, a.data[i], r, i, 0, this.t); + for (j = Math.min(a.t, n); i < j; ++i) this.am(0, a.data[i], r, i, 0, n - i); + r.clamp(); + } + function bnpMultiplyUpperTo(a, n, r) { + --n; + var i = r.t = this.t + a.t - n; + r.s = 0; + while (--i >= 0) r.data[i] = 0; + for (i = Math.max(n - this.t, 0); i < a.t; ++i) + r.data[this.t + i - n] = this.am(n - i, a.data[i], r, 0, 0, this.t + i - n); + r.clamp(); + r.drShiftTo(1, r); + } + function Barrett(m) { + this.r2 = nbi(); + this.q3 = nbi(); + BigInteger.ONE.dlShiftTo(2 * m.t, this.r2); + this.mu = this.r2.divide(m); + this.m = m; + } + function barrettConvert(x) { + if (x.s < 0 || x.t > 2 * this.m.t) return x.mod(this.m); + else if (x.compareTo(this.m) < 0) return x; + else { + var r = nbi(); + x.copyTo(r); + this.reduce(r); + return r; + } + } + function barrettRevert(x) { + return x; + } + function barrettReduce(x) { + x.drShiftTo(this.m.t - 1, this.r2); + if (x.t > this.m.t + 1) { + x.t = this.m.t + 1; + x.clamp(); + } + this.mu.multiplyUpperTo(this.r2, this.m.t + 1, this.q3); + this.m.multiplyLowerTo(this.q3, this.m.t + 1, this.r2); + while (x.compareTo(this.r2) < 0) x.dAddOffset(1, this.m.t + 1); + x.subTo(this.r2, x); + while (x.compareTo(this.m) >= 0) x.subTo(this.m, x); + } + function barrettSqrTo(x, r) { + x.squareTo(r); + this.reduce(r); + } + function barrettMulTo(x, y, r) { + x.multiplyTo(y, r); + this.reduce(r); + } + Barrett.prototype.convert = barrettConvert; + Barrett.prototype.revert = barrettRevert; + Barrett.prototype.reduce = barrettReduce; + Barrett.prototype.mulTo = barrettMulTo; + Barrett.prototype.sqrTo = barrettSqrTo; + function bnModPow(e, m) { + var i = e.bitLength(), k, r = nbv(1), z; + if (i <= 0) return r; + else if (i < 18) k = 1; + else if (i < 48) k = 3; + else if (i < 144) k = 4; + else if (i < 768) k = 5; + else k = 6; + if (i < 8) + z = new Classic(m); + else if (m.isEven()) + z = new Barrett(m); + else + z = new Montgomery(m); + var g = new Array(), n = 3, k1 = k - 1, km = (1 << k) - 1; + g[1] = z.convert(this); + if (k > 1) { + var g2 = nbi(); + z.sqrTo(g[1], g2); + while (n <= km) { + g[n] = nbi(); + z.mulTo(g2, g[n - 2], g[n]); + n += 2; } - var cipher = ctx.plugin.cipher; - var increment = ctx.plugin.increment; - var formatKey = ctx.plugin.formatKey; - var formatSeed = ctx.plugin.formatSeed; - var b = forge.util.createBuffer(); - ctx.key = null; - generate(); - function generate(err) { - if (err) { - return callback(err); - } - if (b.length() >= count) { - return callback(null, b.getBytes(count)); - } - if (ctx.generated > 1048575) { - ctx.key = null; - } - if (ctx.key === null) { - return forge.util.nextTick(function() { - _reseed(generate); - }); - } - var bytes = cipher(ctx.key, ctx.seed); - ctx.generated += bytes.length; - b.putBytes(bytes); - ctx.key = formatKey(cipher(ctx.key, increment(ctx.seed))); - ctx.seed = formatSeed(cipher(ctx.key, ctx.seed)); - forge.util.setImmediate(generate); + } + var j = e.t - 1, w, is1 = true, r2 = nbi(), t; + i = nbits(e.data[j]) - 1; + while (j >= 0) { + if (i >= k1) w = e.data[j] >> i - k1 & km; + else { + w = (e.data[j] & (1 << i + 1) - 1) << k1 - i; + if (j > 0) w |= e.data[j - 1] >> this.DB + i - k1; } - }; - ctx.generateSync = function(count) { - var cipher = ctx.plugin.cipher; - var increment = ctx.plugin.increment; - var formatKey = ctx.plugin.formatKey; - var formatSeed = ctx.plugin.formatSeed; - ctx.key = null; - var b = forge.util.createBuffer(); - while (b.length() < count) { - if (ctx.generated > 1048575) { - ctx.key = null; + n = k; + while ((w & 1) == 0) { + w >>= 1; + --n; + } + if ((i -= n) < 0) { + i += this.DB; + --j; + } + if (is1) { + g[w].copyTo(r); + is1 = false; + } else { + while (n > 1) { + z.sqrTo(r, r2); + z.sqrTo(r2, r); + n -= 2; } - if (ctx.key === null) { - _reseedSync(); + if (n > 0) z.sqrTo(r, r2); + else { + t = r; + r = r2; + r2 = t; } - var bytes = cipher(ctx.key, ctx.seed); - ctx.generated += bytes.length; - b.putBytes(bytes); - ctx.key = formatKey(cipher(ctx.key, increment(ctx.seed))); - ctx.seed = formatSeed(cipher(ctx.key, ctx.seed)); - } - return b.getBytes(count); - }; - function _reseed(callback) { - if (ctx.pools[0].messageLength >= 32) { - _seed(); - return callback(); + z.mulTo(r2, g[w], r); } - var needed = 32 - ctx.pools[0].messageLength << 5; - ctx.seedFile(needed, function(err, bytes) { - if (err) { - return callback(err); + while (j >= 0 && (e.data[j] & 1 << i) == 0) { + z.sqrTo(r, r2); + t = r; + r = r2; + r2 = t; + if (--i < 0) { + i = this.DB - 1; + --j; } - ctx.collect(bytes); - _seed(); - callback(); - }); - } - function _reseedSync() { - if (ctx.pools[0].messageLength >= 32) { - return _seed(); } - var needed = 32 - ctx.pools[0].messageLength << 5; - ctx.collect(ctx.seedFileSync(needed)); - _seed(); } - function _seed() { - ctx.reseeds = ctx.reseeds === 4294967295 ? 0 : ctx.reseeds + 1; - var md2 = ctx.plugin.md.create(); - md2.update(ctx.keyBytes); - var _2powK = 1; - for (var k = 0; k < 32; ++k) { - if (ctx.reseeds % _2powK === 0) { - md2.update(ctx.pools[k].digest().getBytes()); - ctx.pools[k].start(); - } - _2powK = _2powK << 1; - } - ctx.keyBytes = md2.digest().getBytes(); - md2.start(); - md2.update(ctx.keyBytes); - var seedBytes = md2.digest().getBytes(); - ctx.key = ctx.plugin.formatKey(ctx.keyBytes); - ctx.seed = ctx.plugin.formatSeed(seedBytes); - ctx.generated = 0; + return z.revert(r); + } + function bnGCD(a) { + var x = this.s < 0 ? this.negate() : this.clone(); + var y = a.s < 0 ? a.negate() : a.clone(); + if (x.compareTo(y) < 0) { + var t = x; + x = y; + y = t; } - function defaultSeedFile(needed) { - var getRandomValues = null; - var globalScope = forge.util.globalScope; - var _crypto2 = globalScope.crypto || globalScope.msCrypto; - if (_crypto2 && _crypto2.getRandomValues) { - getRandomValues = function(arr) { - return _crypto2.getRandomValues(arr); - }; + var i = x.getLowestSetBit(), g = y.getLowestSetBit(); + if (g < 0) return x; + if (i < g) g = i; + if (g > 0) { + x.rShiftTo(g, x); + y.rShiftTo(g, y); + } + while (x.signum() > 0) { + if ((i = x.getLowestSetBit()) > 0) x.rShiftTo(i, x); + if ((i = y.getLowestSetBit()) > 0) y.rShiftTo(i, y); + if (x.compareTo(y) >= 0) { + x.subTo(y, x); + x.rShiftTo(1, x); + } else { + y.subTo(x, y); + y.rShiftTo(1, y); } - var b = forge.util.createBuffer(); - if (getRandomValues) { - while (b.length() < needed) { - var count = Math.max(1, Math.min(needed - b.length(), 65536) / 4); - var entropy = new Uint32Array(Math.floor(count)); - try { - getRandomValues(entropy); - for (var i2 = 0; i2 < entropy.length; ++i2) { - b.putInt32(entropy[i2]); - } - } catch (e) { - if (!(typeof QuotaExceededError !== "undefined" && e instanceof QuotaExceededError)) { - throw e; - } + } + if (g > 0) y.lShiftTo(g, y); + return y; + } + function bnpModInt(n) { + if (n <= 0) return 0; + var d = this.DV % n, r = this.s < 0 ? n - 1 : 0; + if (this.t > 0) + if (d == 0) r = this.data[0] % n; + else for (var i = this.t - 1; i >= 0; --i) r = (d * r + this.data[i]) % n; + return r; + } + function bnModInverse(m) { + var ac = m.isEven(); + if (this.isEven() && ac || m.signum() == 0) return BigInteger.ZERO; + var u = m.clone(), v = this.clone(); + var a = nbv(1), b = nbv(0), c = nbv(0), d = nbv(1); + while (u.signum() != 0) { + while (u.isEven()) { + u.rShiftTo(1, u); + if (ac) { + if (!a.isEven() || !b.isEven()) { + a.addTo(this, a); + b.subTo(m, b); } - } + a.rShiftTo(1, a); + } else if (!b.isEven()) b.subTo(m, b); + b.rShiftTo(1, b); } - if (b.length() < needed) { - var hi, lo, next; - var seed = Math.floor(Math.random() * 65536); - while (b.length() < needed) { - lo = 16807 * (seed & 65535); - hi = 16807 * (seed >> 16); - lo += (hi & 32767) << 16; - lo += hi >> 15; - lo = (lo & 2147483647) + (lo >> 31); - seed = lo & 4294967295; - for (var i2 = 0; i2 < 3; ++i2) { - next = seed >>> (i2 << 3); - next ^= Math.floor(Math.random() * 256); - b.putByte(next & 255); + while (v.isEven()) { + v.rShiftTo(1, v); + if (ac) { + if (!c.isEven() || !d.isEven()) { + c.addTo(this, c); + d.subTo(m, d); } + c.rShiftTo(1, c); + } else if (!d.isEven()) d.subTo(m, d); + d.rShiftTo(1, d); + } + if (u.compareTo(v) >= 0) { + u.subTo(v, u); + if (ac) a.subTo(c, a); + b.subTo(d, b); + } else { + v.subTo(u, v); + if (ac) c.subTo(a, c); + d.subTo(b, d); + } + } + if (v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO; + if (d.compareTo(m) >= 0) return d.subtract(m); + if (d.signum() < 0) d.addTo(m, d); + else return d; + if (d.signum() < 0) return d.add(m); + else return d; + } + var lowprimes = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509]; + var lplim = (1 << 26) / lowprimes[lowprimes.length - 1]; + function bnIsProbablePrime(t) { + var i, x = this.abs(); + if (x.t == 1 && x.data[0] <= lowprimes[lowprimes.length - 1]) { + for (i = 0; i < lowprimes.length; ++i) + if (x.data[0] == lowprimes[i]) return true; + return false; + } + if (x.isEven()) return false; + i = 1; + while (i < lowprimes.length) { + var m = lowprimes[i], j = i + 1; + while (j < lowprimes.length && m < lplim) m *= lowprimes[j++]; + m = x.modInt(m); + while (i < j) if (m % lowprimes[i++] == 0) return false; + } + return x.millerRabin(t); + } + function bnpMillerRabin(t) { + var n1 = this.subtract(BigInteger.ONE); + var k = n1.getLowestSetBit(); + if (k <= 0) return false; + var r = n1.shiftRight(k); + var prng = bnGetPrng(); + var a; + for (var i = 0; i < t; ++i) { + do { + a = new BigInteger(this.bitLength(), prng); + } while (a.compareTo(BigInteger.ONE) <= 0 || a.compareTo(n1) >= 0); + var y = a.modPow(r, this); + if (y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) { + var j = 1; + while (j++ < k && y.compareTo(n1) != 0) { + y = y.modPowInt(2, this); + if (y.compareTo(BigInteger.ONE) == 0) return false; } + if (y.compareTo(n1) != 0) return false; } - return b.getBytes(needed); } - if (_crypto) { - ctx.seedFile = function(needed, callback) { - _crypto.randomBytes(needed, function(err, bytes) { - if (err) { - return callback(err); - } - callback(null, bytes.toString()); - }); - }; - ctx.seedFileSync = function(needed) { - return _crypto.randomBytes(needed).toString(); - }; - } else { - ctx.seedFile = function(needed, callback) { - try { - callback(null, defaultSeedFile(needed)); - } catch (e) { - callback(e); + return true; + } + function bnGetPrng() { + return { + // x is an array to fill with bytes + nextBytes: function(x) { + for (var i = 0; i < x.length; ++i) { + x[i] = Math.floor(Math.random() * 256); } - }; - ctx.seedFileSync = defaultSeedFile; + } + }; + } + BigInteger.prototype.chunkSize = bnpChunkSize; + BigInteger.prototype.toRadix = bnpToRadix; + BigInteger.prototype.fromRadix = bnpFromRadix; + BigInteger.prototype.fromNumber = bnpFromNumber; + BigInteger.prototype.bitwiseTo = bnpBitwiseTo; + BigInteger.prototype.changeBit = bnpChangeBit; + BigInteger.prototype.addTo = bnpAddTo; + BigInteger.prototype.dMultiply = bnpDMultiply; + BigInteger.prototype.dAddOffset = bnpDAddOffset; + BigInteger.prototype.multiplyLowerTo = bnpMultiplyLowerTo; + BigInteger.prototype.multiplyUpperTo = bnpMultiplyUpperTo; + BigInteger.prototype.modInt = bnpModInt; + BigInteger.prototype.millerRabin = bnpMillerRabin; + BigInteger.prototype.clone = bnClone; + BigInteger.prototype.intValue = bnIntValue; + BigInteger.prototype.byteValue = bnByteValue; + BigInteger.prototype.shortValue = bnShortValue; + BigInteger.prototype.signum = bnSigNum; + BigInteger.prototype.toByteArray = bnToByteArray; + BigInteger.prototype.equals = bnEquals; + BigInteger.prototype.min = bnMin; + BigInteger.prototype.max = bnMax; + BigInteger.prototype.and = bnAnd; + BigInteger.prototype.or = bnOr; + BigInteger.prototype.xor = bnXor; + BigInteger.prototype.andNot = bnAndNot; + BigInteger.prototype.not = bnNot; + BigInteger.prototype.shiftLeft = bnShiftLeft; + BigInteger.prototype.shiftRight = bnShiftRight; + BigInteger.prototype.getLowestSetBit = bnGetLowestSetBit; + BigInteger.prototype.bitCount = bnBitCount; + BigInteger.prototype.testBit = bnTestBit; + BigInteger.prototype.setBit = bnSetBit; + BigInteger.prototype.clearBit = bnClearBit; + BigInteger.prototype.flipBit = bnFlipBit; + BigInteger.prototype.add = bnAdd; + BigInteger.prototype.subtract = bnSubtract; + BigInteger.prototype.multiply = bnMultiply; + BigInteger.prototype.divide = bnDivide; + BigInteger.prototype.remainder = bnRemainder; + BigInteger.prototype.divideAndRemainder = bnDivideAndRemainder; + BigInteger.prototype.modPow = bnModPow; + BigInteger.prototype.modInverse = bnModInverse; + BigInteger.prototype.pow = bnPow; + BigInteger.prototype.gcd = bnGCD; + BigInteger.prototype.isProbablePrime = bnIsProbablePrime; + } +}); + +// node_modules/node-forge/lib/sha1.js +var require_sha1 = __commonJS({ + "node_modules/node-forge/lib/sha1.js"(exports2, module2) { + var forge = require_forge(); + require_md(); + require_util9(); + var sha1 = module2.exports = forge.sha1 = forge.sha1 || {}; + forge.md.sha1 = forge.md.algorithms.sha1 = sha1; + sha1.create = function() { + if (!_initialized) { + _init(); } - ctx.collect = function(bytes) { - var count = bytes.length; - for (var i2 = 0; i2 < count; ++i2) { - ctx.pools[ctx.pool].update(bytes.substr(i2, 1)); - ctx.pool = ctx.pool === 31 ? 0 : ctx.pool + 1; + var _state = null; + var _input = forge.util.createBuffer(); + var _w = new Array(80); + var md = { + algorithm: "sha1", + blockLength: 64, + digestLength: 20, + // 56-bit length of message so far (does not including padding) + messageLength: 0, + // true message length + fullMessageLength: null, + // size of message length in bytes + messageLengthSize: 8 + }; + md.start = function() { + md.messageLength = 0; + md.fullMessageLength = md.messageLength64 = []; + var int32s = md.messageLengthSize / 4; + for (var i = 0; i < int32s; ++i) { + md.fullMessageLength.push(0); } + _input = forge.util.createBuffer(); + _state = { + h0: 1732584193, + h1: 4023233417, + h2: 2562383102, + h3: 271733878, + h4: 3285377520 + }; + return md; }; - ctx.collectInt = function(i2, n) { - var bytes = ""; - for (var x = 0; x < n; x += 8) { - bytes += String.fromCharCode(i2 >> x & 255); + md.start(); + md.update = function(msg, encoding) { + if (encoding === "utf8") { + msg = forge.util.encodeUtf8(msg); } - ctx.collect(bytes); + var len = msg.length; + md.messageLength += len; + len = [len / 4294967296 >>> 0, len >>> 0]; + for (var i = md.fullMessageLength.length - 1; i >= 0; --i) { + md.fullMessageLength[i] += len[1]; + len[1] = len[0] + (md.fullMessageLength[i] / 4294967296 >>> 0); + md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0; + len[0] = len[1] / 4294967296 >>> 0; + } + _input.putBytes(msg); + _update(_state, _w, _input); + if (_input.read > 2048 || _input.length() === 0) { + _input.compact(); + } + return md; }; - ctx.registerWorker = function(worker) { - if (worker === self) { - ctx.seedFile = function(needed, callback) { - function listener2(e) { - var data = e.data; - if (data.forge && data.forge.prng) { - self.removeEventListener("message", listener2); - callback(data.forge.prng.err, data.forge.prng.bytes); - } - } - self.addEventListener("message", listener2); - self.postMessage({ forge: { prng: { needed } } }); - }; - } else { - var listener = function(e) { - var data = e.data; - if (data.forge && data.forge.prng) { - ctx.seedFile(data.forge.prng.needed, function(err, bytes) { - worker.postMessage({ forge: { prng: { err, bytes } } }); - }); - } - }; - worker.addEventListener("message", listener); + md.digest = function() { + var finalBlock = forge.util.createBuffer(); + finalBlock.putBytes(_input.bytes()); + var remaining = md.fullMessageLength[md.fullMessageLength.length - 1] + md.messageLengthSize; + var overflow = remaining & md.blockLength - 1; + finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow)); + var next, carry; + var bits = md.fullMessageLength[0] * 8; + for (var i = 0; i < md.fullMessageLength.length - 1; ++i) { + next = md.fullMessageLength[i + 1] * 8; + carry = next / 4294967296 >>> 0; + bits += carry; + finalBlock.putInt32(bits >>> 0); + bits = next >>> 0; } + finalBlock.putInt32(bits); + var s2 = { + h0: _state.h0, + h1: _state.h1, + h2: _state.h2, + h3: _state.h3, + h4: _state.h4 + }; + _update(s2, _w, finalBlock); + var rval = forge.util.createBuffer(); + rval.putInt32(s2.h0); + rval.putInt32(s2.h1); + rval.putInt32(s2.h2); + rval.putInt32(s2.h3); + rval.putInt32(s2.h4); + return rval; }; - return ctx; + return md; }; + var _padding = null; + var _initialized = false; + function _init() { + _padding = String.fromCharCode(128); + _padding += forge.util.fillString(String.fromCharCode(0), 64); + _initialized = true; + } + function _update(s, w, bytes) { + var t, a, b, c, d, e, f, i; + var len = bytes.length(); + while (len >= 64) { + a = s.h0; + b = s.h1; + c = s.h2; + d = s.h3; + e = s.h4; + for (i = 0; i < 16; ++i) { + t = bytes.getInt32(); + w[i] = t; + f = d ^ b & (c ^ d); + t = (a << 5 | a >>> 27) + f + e + 1518500249 + t; + e = d; + d = c; + c = (b << 30 | b >>> 2) >>> 0; + b = a; + a = t; + } + for (; i < 20; ++i) { + t = w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]; + t = t << 1 | t >>> 31; + w[i] = t; + f = d ^ b & (c ^ d); + t = (a << 5 | a >>> 27) + f + e + 1518500249 + t; + e = d; + d = c; + c = (b << 30 | b >>> 2) >>> 0; + b = a; + a = t; + } + for (; i < 32; ++i) { + t = w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]; + t = t << 1 | t >>> 31; + w[i] = t; + f = b ^ c ^ d; + t = (a << 5 | a >>> 27) + f + e + 1859775393 + t; + e = d; + d = c; + c = (b << 30 | b >>> 2) >>> 0; + b = a; + a = t; + } + for (; i < 40; ++i) { + t = w[i - 6] ^ w[i - 16] ^ w[i - 28] ^ w[i - 32]; + t = t << 2 | t >>> 30; + w[i] = t; + f = b ^ c ^ d; + t = (a << 5 | a >>> 27) + f + e + 1859775393 + t; + e = d; + d = c; + c = (b << 30 | b >>> 2) >>> 0; + b = a; + a = t; + } + for (; i < 60; ++i) { + t = w[i - 6] ^ w[i - 16] ^ w[i - 28] ^ w[i - 32]; + t = t << 2 | t >>> 30; + w[i] = t; + f = b & c | d & (b ^ c); + t = (a << 5 | a >>> 27) + f + e + 2400959708 + t; + e = d; + d = c; + c = (b << 30 | b >>> 2) >>> 0; + b = a; + a = t; + } + for (; i < 80; ++i) { + t = w[i - 6] ^ w[i - 16] ^ w[i - 28] ^ w[i - 32]; + t = t << 2 | t >>> 30; + w[i] = t; + f = b ^ c ^ d; + t = (a << 5 | a >>> 27) + f + e + 3395469782 + t; + e = d; + d = c; + c = (b << 30 | b >>> 2) >>> 0; + b = a; + a = t; + } + s.h0 = s.h0 + a | 0; + s.h1 = s.h1 + b | 0; + s.h2 = s.h2 + c | 0; + s.h3 = s.h3 + d | 0; + s.h4 = s.h4 + e | 0; + len -= 64; + } + } } }); -// node_modules/node-forge/lib/random.js -var require_random = __commonJS({ - "node_modules/node-forge/lib/random.js"(exports2, module2) { +// node_modules/node-forge/lib/pkcs1.js +var require_pkcs1 = __commonJS({ + "node_modules/node-forge/lib/pkcs1.js"(exports2, module2) { var forge = require_forge(); - require_aes(); - require_sha256(); - require_prng(); require_util9(); - (function() { - if (forge.random && forge.random.getBytes) { - module2.exports = forge.random; - return; + require_random(); + require_sha1(); + var pkcs1 = module2.exports = forge.pkcs1 = forge.pkcs1 || {}; + pkcs1.encode_rsa_oaep = function(key, message, options) { + var label; + var seed; + var md; + var mgf1Md; + if (typeof options === "string") { + label = options; + seed = arguments[3] || void 0; + md = arguments[4] || void 0; + } else if (options) { + label = options.label || void 0; + seed = options.seed || void 0; + md = options.md || void 0; + if (options.mgf1 && options.mgf1.md) { + mgf1Md = options.mgf1.md; + } } - (function(jQuery2) { - var prng_aes = {}; - var _prng_aes_output = new Array(4); - var _prng_aes_buffer = forge.util.createBuffer(); - prng_aes.formatKey = function(key2) { - var tmp = forge.util.createBuffer(key2); - key2 = new Array(4); - key2[0] = tmp.getInt32(); - key2[1] = tmp.getInt32(); - key2[2] = tmp.getInt32(); - key2[3] = tmp.getInt32(); - return forge.aes._expandKey(key2, false); - }; - prng_aes.formatSeed = function(seed) { - var tmp = forge.util.createBuffer(seed); - seed = new Array(4); - seed[0] = tmp.getInt32(); - seed[1] = tmp.getInt32(); - seed[2] = tmp.getInt32(); - seed[3] = tmp.getInt32(); - return seed; - }; - prng_aes.cipher = function(key2, seed) { - forge.aes._updateBlock(key2, seed, _prng_aes_output, false); - _prng_aes_buffer.putInt32(_prng_aes_output[0]); - _prng_aes_buffer.putInt32(_prng_aes_output[1]); - _prng_aes_buffer.putInt32(_prng_aes_output[2]); - _prng_aes_buffer.putInt32(_prng_aes_output[3]); - return _prng_aes_buffer.getBytes(); - }; - prng_aes.increment = function(seed) { - ++seed[3]; - return seed; + if (!md) { + md = forge.md.sha1.create(); + } else { + md.start(); + } + if (!mgf1Md) { + mgf1Md = md; + } + var keyLength = Math.ceil(key.n.bitLength() / 8); + var maxLength = keyLength - 2 * md.digestLength - 2; + if (message.length > maxLength) { + var error3 = new Error("RSAES-OAEP input message length is too long."); + error3.length = message.length; + error3.maxLength = maxLength; + throw error3; + } + if (!label) { + label = ""; + } + md.update(label, "raw"); + var lHash = md.digest(); + var PS = ""; + var PS_length = maxLength - message.length; + for (var i = 0; i < PS_length; i++) { + PS += "\0"; + } + var DB = lHash.getBytes() + PS + "" + message; + if (!seed) { + seed = forge.random.getBytes(md.digestLength); + } else if (seed.length !== md.digestLength) { + var error3 = new Error("Invalid RSAES-OAEP seed. The seed length must match the digest length."); + error3.seedLength = seed.length; + error3.digestLength = md.digestLength; + throw error3; + } + var dbMask = rsa_mgf1(seed, keyLength - md.digestLength - 1, mgf1Md); + var maskedDB = forge.util.xorBytes(DB, dbMask, DB.length); + var seedMask = rsa_mgf1(maskedDB, md.digestLength, mgf1Md); + var maskedSeed = forge.util.xorBytes(seed, seedMask, seed.length); + return "\0" + maskedSeed + maskedDB; + }; + pkcs1.decode_rsa_oaep = function(key, em, options) { + var label; + var md; + var mgf1Md; + if (typeof options === "string") { + label = options; + md = arguments[3] || void 0; + } else if (options) { + label = options.label || void 0; + md = options.md || void 0; + if (options.mgf1 && options.mgf1.md) { + mgf1Md = options.mgf1.md; + } + } + var keyLength = Math.ceil(key.n.bitLength() / 8); + if (em.length !== keyLength) { + var error3 = new Error("RSAES-OAEP encoded message length is invalid."); + error3.length = em.length; + error3.expectedLength = keyLength; + throw error3; + } + if (md === void 0) { + md = forge.md.sha1.create(); + } else { + md.start(); + } + if (!mgf1Md) { + mgf1Md = md; + } + if (keyLength < 2 * md.digestLength + 2) { + throw new Error("RSAES-OAEP key is too short for the hash function."); + } + if (!label) { + label = ""; + } + md.update(label, "raw"); + var lHash = md.digest().getBytes(); + var y = em.charAt(0); + var maskedSeed = em.substring(1, md.digestLength + 1); + var maskedDB = em.substring(1 + md.digestLength); + var seedMask = rsa_mgf1(maskedDB, md.digestLength, mgf1Md); + var seed = forge.util.xorBytes(maskedSeed, seedMask, maskedSeed.length); + var dbMask = rsa_mgf1(seed, keyLength - md.digestLength - 1, mgf1Md); + var db = forge.util.xorBytes(maskedDB, dbMask, maskedDB.length); + var lHashPrime = db.substring(0, md.digestLength); + var error3 = y !== "\0"; + for (var i = 0; i < md.digestLength; ++i) { + error3 |= lHash.charAt(i) !== lHashPrime.charAt(i); + } + var in_ps = 1; + var index = md.digestLength; + for (var j = md.digestLength; j < db.length; j++) { + var code = db.charCodeAt(j); + var is_0 = code & 1 ^ 1; + var error_mask = in_ps ? 65534 : 0; + error3 |= code & error_mask; + in_ps = in_ps & is_0; + index += in_ps; + } + if (error3 || db.charCodeAt(index) !== 1) { + throw new Error("Invalid RSAES-OAEP padding."); + } + return db.substring(index + 1); + }; + function rsa_mgf1(seed, maskLength, hash) { + if (!hash) { + hash = forge.md.sha1.create(); + } + var t = ""; + var count = Math.ceil(maskLength / hash.digestLength); + for (var i = 0; i < count; ++i) { + var c = String.fromCharCode( + i >> 24 & 255, + i >> 16 & 255, + i >> 8 & 255, + i & 255 + ); + hash.start(); + hash.update(seed + c); + t += hash.digest().getBytes(); + } + return t.substring(0, maskLength); + } + } +}); + +// node_modules/node-forge/lib/prime.js +var require_prime = __commonJS({ + "node_modules/node-forge/lib/prime.js"(exports2, module2) { + var forge = require_forge(); + require_util9(); + require_jsbn(); + require_random(); + (function() { + if (forge.prime) { + module2.exports = forge.prime; + return; + } + var prime = module2.exports = forge.prime = forge.prime || {}; + var BigInteger = forge.jsbn.BigInteger; + var GCD_30_DELTA = [6, 4, 2, 4, 2, 4, 6, 2]; + var THIRTY = new BigInteger(null); + THIRTY.fromInt(30); + var op_or = function(x, y) { + return x | y; + }; + prime.generateProbablePrime = function(bits, options, callback) { + if (typeof options === "function") { + callback = options; + options = {}; + } + options = options || {}; + var algorithm = options.algorithm || "PRIMEINC"; + if (typeof algorithm === "string") { + algorithm = { name: algorithm }; + } + algorithm.options = algorithm.options || {}; + var prng = options.prng || forge.random; + var rng = { + // x is an array to fill with bytes + nextBytes: function(x) { + var b = prng.getBytesSync(x.length); + for (var i = 0; i < x.length; ++i) { + x[i] = b.charCodeAt(i); + } + } }; - prng_aes.md = forge.md.sha256; - function spawnPrng() { - var ctx = forge.prng.create(prng_aes); - ctx.getBytes = function(count, callback) { - return ctx.generate(count, callback); - }; - ctx.getBytesSync = function(count) { - return ctx.generate(count); - }; - return ctx; + if (algorithm.name === "PRIMEINC") { + return primeincFindPrime(bits, rng, algorithm.options, callback); } - var _ctx = spawnPrng(); - var getRandomValues = null; - var globalScope = forge.util.globalScope; - var _crypto = globalScope.crypto || globalScope.msCrypto; - if (_crypto && _crypto.getRandomValues) { - getRandomValues = function(arr) { - return _crypto.getRandomValues(arr); - }; + throw new Error("Invalid prime generation algorithm: " + algorithm.name); + }; + function primeincFindPrime(bits, rng, options, callback) { + if ("workers" in options) { + return primeincFindPrimeWithWorkers(bits, rng, options, callback); } - if (forge.options.usePureJavaScript || !forge.util.isNodejs && !getRandomValues) { - if (typeof window === "undefined" || window.document === void 0) { + return primeincFindPrimeWithoutWorkers(bits, rng, options, callback); + } + function primeincFindPrimeWithoutWorkers(bits, rng, options, callback) { + var num = generateRandom(bits, rng); + var deltaIdx = 0; + var mrTests = getMillerRabinTests(num.bitLength()); + if ("millerRabinTests" in options) { + mrTests = options.millerRabinTests; + } + var maxBlockTime = 10; + if ("maxBlockTime" in options) { + maxBlockTime = options.maxBlockTime; + } + _primeinc(num, bits, rng, deltaIdx, mrTests, maxBlockTime, callback); + } + function _primeinc(num, bits, rng, deltaIdx, mrTests, maxBlockTime, callback) { + var start = +/* @__PURE__ */ new Date(); + do { + if (num.bitLength() > bits) { + num = generateRandom(bits, rng); } - _ctx.collectInt(+/* @__PURE__ */ new Date(), 32); - if (typeof navigator !== "undefined") { - var _navBytes = ""; - for (var key in navigator) { - try { - if (typeof navigator[key] == "string") { - _navBytes += navigator[key]; - } - } catch (e) { - } + if (num.isProbablePrime(mrTests)) { + return callback(null, num); + } + num.dAddOffset(GCD_30_DELTA[deltaIdx++ % 8], 0); + } while (maxBlockTime < 0 || +/* @__PURE__ */ new Date() - start < maxBlockTime); + forge.util.setImmediate(function() { + _primeinc(num, bits, rng, deltaIdx, mrTests, maxBlockTime, callback); + }); + } + function primeincFindPrimeWithWorkers(bits, rng, options, callback) { + if (typeof Worker === "undefined") { + return primeincFindPrimeWithoutWorkers(bits, rng, options, callback); + } + var num = generateRandom(bits, rng); + var numWorkers = options.workers; + var workLoad = options.workLoad || 100; + var range = workLoad * 30 / 8; + var workerScript = options.workerScript || "forge/prime.worker.js"; + if (numWorkers === -1) { + return forge.util.estimateCores(function(err, cores) { + if (err) { + cores = 2; } - _ctx.collect(_navBytes); - _navBytes = null; + numWorkers = cores - 1; + generate(); + }); + } + generate(); + function generate() { + numWorkers = Math.max(1, numWorkers); + var workers = []; + for (var i = 0; i < numWorkers; ++i) { + workers[i] = new Worker(workerScript); } - if (jQuery2) { - jQuery2().mousemove(function(e) { - _ctx.collectInt(e.clientX, 16); - _ctx.collectInt(e.clientY, 16); - }); - jQuery2().keypress(function(e) { - _ctx.collectInt(e.charCode, 8); + var running = numWorkers; + for (var i = 0; i < numWorkers; ++i) { + workers[i].addEventListener("message", workerMessage); + } + var found = false; + function workerMessage(e) { + if (found) { + return; + } + --running; + var data = e.data; + if (data.found) { + for (var i2 = 0; i2 < workers.length; ++i2) { + workers[i2].terminate(); + } + found = true; + return callback(null, new BigInteger(data.prime, 16)); + } + if (num.bitLength() > bits) { + num = generateRandom(bits, rng); + } + var hex = num.toString(16); + e.target.postMessage({ + hex, + workLoad }); + num.dAddOffset(range, 0); } } - if (!forge.random) { - forge.random = _ctx; - } else { - for (var key in _ctx) { - forge.random[key] = _ctx[key]; - } + } + function generateRandom(bits, rng) { + var num = new BigInteger(bits, rng); + var bits1 = bits - 1; + if (!num.testBit(bits1)) { + num.bitwiseTo(BigInteger.ONE.shiftLeft(bits1), op_or, num); } - forge.random.createInstance = spawnPrng; - module2.exports = forge.random; - })(typeof jQuery !== "undefined" ? jQuery : null); + num.dAddOffset(31 - num.mod(THIRTY).byteValue(), 0); + return num; + } + function getMillerRabinTests(bits) { + if (bits <= 100) return 27; + if (bits <= 150) return 18; + if (bits <= 200) return 15; + if (bits <= 250) return 12; + if (bits <= 300) return 9; + if (bits <= 350) return 8; + if (bits <= 400) return 7; + if (bits <= 500) return 6; + if (bits <= 600) return 5; + if (bits <= 800) return 4; + if (bits <= 1250) return 3; + return 2; + } })(); } }); -// node_modules/node-forge/lib/rc2.js -var require_rc2 = __commonJS({ - "node_modules/node-forge/lib/rc2.js"(exports2, module2) { +// node_modules/node-forge/lib/rsa.js +var require_rsa = __commonJS({ + "node_modules/node-forge/lib/rsa.js"(exports2, module2) { var forge = require_forge(); + require_asn1(); + require_jsbn(); + require_oids(); + require_pkcs1(); + require_prime(); + require_random(); require_util9(); - var piTable = [ - 217, - 120, - 249, - 196, - 25, - 221, - 181, - 237, - 40, - 233, - 253, - 121, - 74, - 160, - 216, - 157, - 198, - 126, - 55, - 131, - 43, - 118, - 83, - 142, - 98, - 76, - 100, - 136, - 68, - 139, - 251, - 162, - 23, - 154, - 89, - 245, - 135, - 179, - 79, - 19, - 97, - 69, - 109, - 141, - 9, - 129, - 125, - 50, - 189, - 143, - 64, - 235, - 134, - 183, - 123, - 11, - 240, - 149, - 33, - 34, - 92, - 107, - 78, - 130, - 84, - 214, - 101, - 147, - 206, - 96, - 178, - 28, - 115, - 86, - 192, - 20, - 167, - 140, - 241, - 220, - 18, - 117, - 202, - 31, - 59, - 190, - 228, - 209, - 66, - 61, - 212, - 48, - 163, - 60, - 182, - 38, - 111, - 191, - 14, - 218, - 70, - 105, - 7, - 87, - 39, - 242, - 29, - 155, - 188, - 148, - 67, - 3, - 248, - 17, - 199, - 246, - 144, - 239, - 62, - 231, - 6, - 195, - 213, - 47, - 200, - 102, - 30, - 215, - 8, - 232, - 234, - 222, - 128, - 82, - 238, - 247, - 132, - 170, - 114, - 172, - 53, - 77, - 106, - 42, - 150, - 26, - 210, - 113, - 90, - 21, - 73, - 116, - 75, - 159, - 208, - 94, - 4, - 24, - 164, - 236, - 194, - 224, - 65, - 110, - 15, - 81, - 203, - 204, - 36, - 145, - 175, - 80, - 161, - 244, - 112, - 57, - 153, - 124, - 58, - 133, - 35, - 184, - 180, - 122, - 252, - 2, - 54, - 91, - 37, - 85, - 151, - 49, - 45, - 93, - 250, - 152, - 227, - 138, - 146, - 174, - 5, - 223, - 41, - 16, - 103, - 108, - 186, - 201, - 211, - 0, - 230, - 207, - 225, - 158, - 168, - 44, - 99, - 22, - 1, - 63, - 88, - 226, - 137, - 169, - 13, - 56, - 52, - 27, - 171, - 51, - 255, - 176, - 187, - 72, - 12, - 95, - 185, - 177, - 205, - 46, - 197, - 243, - 219, - 71, - 229, - 165, - 156, - 119, - 10, - 166, - 32, - 104, - 254, - 127, - 193, - 173 - ]; - var s = [1, 2, 3, 5]; - var rol = function(word, bits) { - return word << bits & 65535 | (word & 65535) >> 16 - bits; + if (typeof BigInteger === "undefined") { + BigInteger = forge.jsbn.BigInteger; + } + var BigInteger; + var _crypto = forge.util.isNodejs ? require("crypto") : null; + var asn1 = forge.asn1; + var util = forge.util; + forge.pki = forge.pki || {}; + module2.exports = forge.pki.rsa = forge.rsa = forge.rsa || {}; + var pki2 = forge.pki; + var GCD_30_DELTA = [6, 4, 2, 4, 2, 4, 6, 2]; + var privateKeyValidator = { + // PrivateKeyInfo + name: "PrivateKeyInfo", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + // Version (INTEGER) + name: "PrivateKeyInfo.version", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "privateKeyVersion" + }, { + // privateKeyAlgorithm + name: "PrivateKeyInfo.privateKeyAlgorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "AlgorithmIdentifier.algorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "privateKeyOid" + }] + }, { + // PrivateKey + name: "PrivateKeyInfo", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OCTETSTRING, + constructed: false, + capture: "privateKey" + }] }; - var ror = function(word, bits) { - return (word & 65535) >> bits | word << 16 - bits & 65535; + var rsaPrivateKeyValidator = { + // RSAPrivateKey + name: "RSAPrivateKey", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + // Version (INTEGER) + name: "RSAPrivateKey.version", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "privateKeyVersion" + }, { + // modulus (n) + name: "RSAPrivateKey.modulus", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "privateKeyModulus" + }, { + // publicExponent (e) + name: "RSAPrivateKey.publicExponent", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "privateKeyPublicExponent" + }, { + // privateExponent (d) + name: "RSAPrivateKey.privateExponent", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "privateKeyPrivateExponent" + }, { + // prime1 (p) + name: "RSAPrivateKey.prime1", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "privateKeyPrime1" + }, { + // prime2 (q) + name: "RSAPrivateKey.prime2", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "privateKeyPrime2" + }, { + // exponent1 (d mod (p-1)) + name: "RSAPrivateKey.exponent1", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "privateKeyExponent1" + }, { + // exponent2 (d mod (q-1)) + name: "RSAPrivateKey.exponent2", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "privateKeyExponent2" + }, { + // coefficient ((inverse of q) mod p) + name: "RSAPrivateKey.coefficient", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "privateKeyCoefficient" + }] }; - module2.exports = forge.rc2 = forge.rc2 || {}; - forge.rc2.expandKey = function(key, effKeyBits) { - if (typeof key === "string") { - key = forge.util.createBuffer(key); + var rsaPublicKeyValidator = { + // RSAPublicKey + name: "RSAPublicKey", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + // modulus (n) + name: "RSAPublicKey.modulus", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "publicKeyModulus" + }, { + // publicExponent (e) + name: "RSAPublicKey.exponent", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "publicKeyExponent" + }] + }; + var publicKeyValidator = forge.pki.rsa.publicKeyValidator = { + name: "SubjectPublicKeyInfo", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + captureAsn1: "subjectPublicKeyInfo", + value: [{ + name: "SubjectPublicKeyInfo.AlgorithmIdentifier", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "AlgorithmIdentifier.algorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "publicKeyOid" + }] + }, { + // subjectPublicKey + name: "SubjectPublicKeyInfo.subjectPublicKey", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.BITSTRING, + constructed: false, + value: [{ + // RSAPublicKey + name: "SubjectPublicKeyInfo.subjectPublicKey.RSAPublicKey", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + optional: true, + captureAsn1: "rsaPublicKey" + }] + }] + }; + var digestInfoValidator = { + name: "DigestInfo", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "DigestInfo.DigestAlgorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "DigestInfo.DigestAlgorithm.algorithmIdentifier", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "algorithmIdentifier" + }, { + // NULL parameters + name: "DigestInfo.DigestAlgorithm.parameters", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.NULL, + // captured only to check existence for md2 and md5 + capture: "parameters", + optional: true, + constructed: false + }] + }, { + // digest + name: "DigestInfo.digest", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OCTETSTRING, + constructed: false, + capture: "digest" + }] + }; + var emsaPkcs1v15encode = function(md) { + var oid; + if (md.algorithm in pki2.oids) { + oid = pki2.oids[md.algorithm]; + } else { + var error3 = new Error("Unknown message digest algorithm."); + error3.algorithm = md.algorithm; + throw error3; } - effKeyBits = effKeyBits || 128; - var L = key; - var T = key.length(); - var T1 = effKeyBits; - var T8 = Math.ceil(T1 / 8); - var TM = 255 >> (T1 & 7); - var i; - for (i = T; i < 128; i++) { - L.putByte(piTable[L.at(i - 1) + L.at(i - T) & 255]); + var oidBytes = asn1.oidToDer(oid).getBytes(); + var digestInfo = asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.SEQUENCE, + true, + [] + ); + var digestAlgorithm = asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.SEQUENCE, + true, + [] + ); + digestAlgorithm.value.push(asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + oidBytes + )); + digestAlgorithm.value.push(asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.NULL, + false, + "" + )); + var digest = asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OCTETSTRING, + false, + md.digest().getBytes() + ); + digestInfo.value.push(digestAlgorithm); + digestInfo.value.push(digest); + return asn1.toDer(digestInfo).getBytes(); + }; + var _modPow = function(x, key, pub) { + if (pub) { + return x.modPow(key.e, key.n); } - L.setAt(128 - T8, piTable[L.at(128 - T8) & TM]); - for (i = 127 - T8; i >= 0; i--) { - L.setAt(i, piTable[L.at(i + 1) ^ L.at(i + T8)]); + if (!key.p || !key.q) { + return x.modPow(key.d, key.n); } - return L; + if (!key.dP) { + key.dP = key.d.mod(key.p.subtract(BigInteger.ONE)); + } + if (!key.dQ) { + key.dQ = key.d.mod(key.q.subtract(BigInteger.ONE)); + } + if (!key.qInv) { + key.qInv = key.q.modInverse(key.p); + } + var r; + do { + r = new BigInteger( + forge.util.bytesToHex(forge.random.getBytes(key.n.bitLength() / 8)), + 16 + ); + } while (r.compareTo(key.n) >= 0 || !r.gcd(key.n).equals(BigInteger.ONE)); + x = x.multiply(r.modPow(key.e, key.n)).mod(key.n); + var xp = x.mod(key.p).modPow(key.dP, key.p); + var xq = x.mod(key.q).modPow(key.dQ, key.q); + while (xp.compareTo(xq) < 0) { + xp = xp.add(key.p); + } + var y = xp.subtract(xq).multiply(key.qInv).mod(key.p).multiply(key.q).add(xq); + y = y.multiply(r.modInverse(key.n)).mod(key.n); + return y; }; - var createCipher = function(key, bits, encrypt) { - var _finish = false, _input = null, _output = null, _iv = null; - var mixRound, mashRound; - var i, j, K = []; - key = forge.rc2.expandKey(key, bits); - for (i = 0; i < 64; i++) { - K.push(key.getInt16Le()); + pki2.rsa.encrypt = function(m, key, bt) { + var pub = bt; + var eb; + var k = Math.ceil(key.n.bitLength() / 8); + if (bt !== false && bt !== true) { + pub = bt === 2; + eb = _encodePkcs1_v1_5(m, key, bt); + } else { + eb = forge.util.createBuffer(); + eb.putBytes(m); } - if (encrypt) { - mixRound = function(R) { - for (i = 0; i < 4; i++) { - R[i] += K[j] + (R[(i + 3) % 4] & R[(i + 2) % 4]) + (~R[(i + 3) % 4] & R[(i + 1) % 4]); - R[i] = rol(R[i], s[i]); - j++; - } - }; - mashRound = function(R) { - for (i = 0; i < 4; i++) { - R[i] += K[R[(i + 3) % 4] & 63]; + var x = new BigInteger(eb.toHex(), 16); + var y = _modPow(x, key, pub); + var yhex = y.toString(16); + var ed = forge.util.createBuffer(); + var zeros = k - Math.ceil(yhex.length / 2); + while (zeros > 0) { + ed.putByte(0); + --zeros; + } + ed.putBytes(forge.util.hexToBytes(yhex)); + return ed.getBytes(); + }; + pki2.rsa.decrypt = function(ed, key, pub, ml) { + var k = Math.ceil(key.n.bitLength() / 8); + if (ed.length !== k) { + var error3 = new Error("Encrypted message length is invalid."); + error3.length = ed.length; + error3.expected = k; + throw error3; + } + var y = new BigInteger(forge.util.createBuffer(ed).toHex(), 16); + if (y.compareTo(key.n) >= 0) { + throw new Error("Encrypted message is invalid."); + } + var x = _modPow(y, key, pub); + var xhex = x.toString(16); + var eb = forge.util.createBuffer(); + var zeros = k - Math.ceil(xhex.length / 2); + while (zeros > 0) { + eb.putByte(0); + --zeros; + } + eb.putBytes(forge.util.hexToBytes(xhex)); + if (ml !== false) { + return _decodePkcs1_v1_5(eb.getBytes(), key, pub); + } + return eb.getBytes(); + }; + pki2.rsa.createKeyPairGenerationState = function(bits, e, options) { + if (typeof bits === "string") { + bits = parseInt(bits, 10); + } + bits = bits || 2048; + options = options || {}; + var prng = options.prng || forge.random; + var rng = { + // x is an array to fill with bytes + nextBytes: function(x) { + var b = prng.getBytesSync(x.length); + for (var i = 0; i < x.length; ++i) { + x[i] = b.charCodeAt(i); } + } + }; + var algorithm = options.algorithm || "PRIMEINC"; + var rval; + if (algorithm === "PRIMEINC") { + rval = { + algorithm, + state: 0, + bits, + rng, + eInt: e || 65537, + e: new BigInteger(null), + p: null, + q: null, + qBits: bits >> 1, + pBits: bits - (bits >> 1), + pqState: 0, + num: null, + keys: null }; + rval.e.fromInt(rval.eInt); } else { - mixRound = function(R) { - for (i = 3; i >= 0; i--) { - R[i] = ror(R[i], s[i]); - R[i] -= K[j] + (R[(i + 3) % 4] & R[(i + 2) % 4]) + (~R[(i + 3) % 4] & R[(i + 1) % 4]); - j--; - } - }; - mashRound = function(R) { - for (i = 3; i >= 0; i--) { - R[i] -= K[R[(i + 3) % 4] & 63]; - } - }; + throw new Error("Invalid key generation algorithm: " + algorithm); } - var runPlan = function(plan) { - var R = []; - for (i = 0; i < 4; i++) { - var val = _input.getInt16Le(); - if (_iv !== null) { - if (encrypt) { - val ^= _iv.getInt16Le(); + return rval; + }; + pki2.rsa.stepKeyPairGenerationState = function(state, n) { + if (!("algorithm" in state)) { + state.algorithm = "PRIMEINC"; + } + var THIRTY = new BigInteger(null); + THIRTY.fromInt(30); + var deltaIdx = 0; + var op_or = function(x, y) { + return x | y; + }; + var t1 = +/* @__PURE__ */ new Date(); + var t2; + var total = 0; + while (state.keys === null && (n <= 0 || total < n)) { + if (state.state === 0) { + var bits = state.p === null ? state.pBits : state.qBits; + var bits1 = bits - 1; + if (state.pqState === 0) { + state.num = new BigInteger(bits, state.rng); + if (!state.num.testBit(bits1)) { + state.num.bitwiseTo( + BigInteger.ONE.shiftLeft(bits1), + op_or, + state.num + ); + } + state.num.dAddOffset(31 - state.num.mod(THIRTY).byteValue(), 0); + deltaIdx = 0; + ++state.pqState; + } else if (state.pqState === 1) { + if (state.num.bitLength() > bits) { + state.pqState = 0; + } else if (state.num.isProbablePrime( + _getMillerRabinTests(state.num.bitLength()) + )) { + ++state.pqState; } else { - _iv.putInt16Le(val); + state.num.dAddOffset(GCD_30_DELTA[deltaIdx++ % 8], 0); + } + } else if (state.pqState === 2) { + state.pqState = state.num.subtract(BigInteger.ONE).gcd(state.e).compareTo(BigInteger.ONE) === 0 ? 3 : 0; + } else if (state.pqState === 3) { + state.pqState = 0; + if (state.p === null) { + state.p = state.num; + } else { + state.q = state.num; + } + if (state.p !== null && state.q !== null) { + ++state.state; } + state.num = null; } - R.push(val & 65535); - } - j = encrypt ? 0 : 63; - for (var ptr = 0; ptr < plan.length; ptr++) { - for (var ctr = 0; ctr < plan[ptr][0]; ctr++) { - plan[ptr][1](R); + } else if (state.state === 1) { + if (state.p.compareTo(state.q) < 0) { + state.num = state.p; + state.p = state.q; + state.q = state.num; + } + ++state.state; + } else if (state.state === 2) { + state.p1 = state.p.subtract(BigInteger.ONE); + state.q1 = state.q.subtract(BigInteger.ONE); + state.phi = state.p1.multiply(state.q1); + ++state.state; + } else if (state.state === 3) { + if (state.phi.gcd(state.e).compareTo(BigInteger.ONE) === 0) { + ++state.state; + } else { + state.p = null; + state.q = null; + state.state = 0; + } + } else if (state.state === 4) { + state.n = state.p.multiply(state.q); + if (state.n.bitLength() === state.bits) { + ++state.state; + } else { + state.q = null; + state.state = 0; } + } else if (state.state === 5) { + var d = state.e.modInverse(state.phi); + state.keys = { + privateKey: pki2.rsa.setPrivateKey( + state.n, + state.e, + d, + state.p, + state.q, + d.mod(state.p1), + d.mod(state.q1), + state.q.modInverse(state.p) + ), + publicKey: pki2.rsa.setPublicKey(state.n, state.e) + }; } - for (i = 0; i < 4; i++) { - if (_iv !== null) { - if (encrypt) { - _iv.putInt16Le(R[i]); - } else { - R[i] ^= _iv.getInt16Le(); - } + t2 = +/* @__PURE__ */ new Date(); + total += t2 - t1; + t1 = t2; + } + return state.keys !== null; + }; + pki2.rsa.generateKeyPair = function(bits, e, options, callback) { + if (arguments.length === 1) { + if (typeof bits === "object") { + options = bits; + bits = void 0; + } else if (typeof bits === "function") { + callback = bits; + bits = void 0; + } + } else if (arguments.length === 2) { + if (typeof bits === "number") { + if (typeof e === "function") { + callback = e; + e = void 0; + } else if (typeof e !== "number") { + options = e; + e = void 0; } - _output.putInt16Le(R[i]); + } else { + options = bits; + callback = e; + bits = void 0; + e = void 0; } - }; - var cipher = null; - cipher = { - /** - * Starts or restarts the encryption or decryption process, whichever - * was previously configured. - * - * To use the cipher in CBC mode, iv may be given either as a string - * of bytes, or as a byte buffer. For ECB mode, give null as iv. - * - * @param iv the initialization vector to use, null for ECB mode. - * @param output the output the buffer to write to, null to create one. - */ - start: function(iv, output) { - if (iv) { - if (typeof iv === "string") { - iv = forge.util.createBuffer(iv); - } + } else if (arguments.length === 3) { + if (typeof e === "number") { + if (typeof options === "function") { + callback = options; + options = void 0; } - _finish = false; - _input = forge.util.createBuffer(); - _output = output || new forge.util.createBuffer(); - _iv = iv; - cipher.output = _output; - }, - /** - * Updates the next block. - * - * @param input the buffer to read from. - */ - update: function(input) { - if (!_finish) { - _input.putBuffer(input); + } else { + callback = options; + options = e; + e = void 0; + } + } + options = options || {}; + if (bits === void 0) { + bits = options.bits || 2048; + } + if (e === void 0) { + e = options.e || 65537; + } + if (!forge.options.usePureJavaScript && !options.prng && bits >= 256 && bits <= 16384 && (e === 65537 || e === 3)) { + if (callback) { + if (_detectNodeCrypto("generateKeyPair")) { + return _crypto.generateKeyPair("rsa", { + modulusLength: bits, + publicExponent: e, + publicKeyEncoding: { + type: "spki", + format: "pem" + }, + privateKeyEncoding: { + type: "pkcs8", + format: "pem" + } + }, function(err, pub, priv) { + if (err) { + return callback(err); + } + callback(null, { + privateKey: pki2.privateKeyFromPem(priv), + publicKey: pki2.publicKeyFromPem(pub) + }); + }); } - while (_input.length() >= 8) { - runPlan([ - [5, mixRound], - [1, mashRound], - [6, mixRound], - [1, mashRound], - [5, mixRound] - ]); + if (_detectSubtleCrypto("generateKey") && _detectSubtleCrypto("exportKey")) { + return util.globalScope.crypto.subtle.generateKey({ + name: "RSASSA-PKCS1-v1_5", + modulusLength: bits, + publicExponent: _intToUint8Array(e), + hash: { name: "SHA-256" } + }, true, ["sign", "verify"]).then(function(pair) { + return util.globalScope.crypto.subtle.exportKey( + "pkcs8", + pair.privateKey + ); + }).then(void 0, function(err) { + callback(err); + }).then(function(pkcs8) { + if (pkcs8) { + var privateKey = pki2.privateKeyFromAsn1( + asn1.fromDer(forge.util.createBuffer(pkcs8)) + ); + callback(null, { + privateKey, + publicKey: pki2.setRsaPublicKey(privateKey.n, privateKey.e) + }); + } + }); } - }, - /** - * Finishes encrypting or decrypting. - * - * @param pad a padding function to use, null for PKCS#7 padding, - * signature(blockSize, buffer, decrypt). - * - * @return true if successful, false on error. - */ - finish: function(pad) { - var rval = true; - if (encrypt) { - if (pad) { - rval = pad(8, _input, !encrypt); - } else { - var padding = _input.length() === 8 ? 8 : 8 - _input.length(); - _input.fillWithByte(padding, padding); - } + if (_detectSubtleMsCrypto("generateKey") && _detectSubtleMsCrypto("exportKey")) { + var genOp = util.globalScope.msCrypto.subtle.generateKey({ + name: "RSASSA-PKCS1-v1_5", + modulusLength: bits, + publicExponent: _intToUint8Array(e), + hash: { name: "SHA-256" } + }, true, ["sign", "verify"]); + genOp.oncomplete = function(e2) { + var pair = e2.target.result; + var exportOp = util.globalScope.msCrypto.subtle.exportKey( + "pkcs8", + pair.privateKey + ); + exportOp.oncomplete = function(e3) { + var pkcs8 = e3.target.result; + var privateKey = pki2.privateKeyFromAsn1( + asn1.fromDer(forge.util.createBuffer(pkcs8)) + ); + callback(null, { + privateKey, + publicKey: pki2.setRsaPublicKey(privateKey.n, privateKey.e) + }); + }; + exportOp.onerror = function(err) { + callback(err); + }; + }; + genOp.onerror = function(err) { + callback(err); + }; + return; } - if (rval) { - _finish = true; - cipher.update(); + } else { + if (_detectNodeCrypto("generateKeyPairSync")) { + var keypair = _crypto.generateKeyPairSync("rsa", { + modulusLength: bits, + publicExponent: e, + publicKeyEncoding: { + type: "spki", + format: "pem" + }, + privateKeyEncoding: { + type: "pkcs8", + format: "pem" + } + }); + return { + privateKey: pki2.privateKeyFromPem(keypair.privateKey), + publicKey: pki2.publicKeyFromPem(keypair.publicKey) + }; } - if (!encrypt) { - rval = _input.length() === 0; - if (rval) { - if (pad) { - rval = pad(8, _output, !encrypt); - } else { - var len = _output.length(); - var count = _output.at(len - 1); - if (count > len) { - rval = false; - } else { - _output.truncate(count); + } + } + var state = pki2.rsa.createKeyPairGenerationState(bits, e, options); + if (!callback) { + pki2.rsa.stepKeyPairGenerationState(state, 0); + return state.keys; + } + _generateKeyPair(state, options, callback); + }; + pki2.setRsaPublicKey = pki2.rsa.setPublicKey = function(n, e) { + var key = { + n, + e + }; + key.encrypt = function(data, scheme, schemeOptions) { + if (typeof scheme === "string") { + scheme = scheme.toUpperCase(); + } else if (scheme === void 0) { + scheme = "RSAES-PKCS1-V1_5"; + } + if (scheme === "RSAES-PKCS1-V1_5") { + scheme = { + encode: function(m, key2, pub) { + return _encodePkcs1_v1_5(m, key2, 2).getBytes(); + } + }; + } else if (scheme === "RSA-OAEP" || scheme === "RSAES-OAEP") { + scheme = { + encode: function(m, key2) { + return forge.pkcs1.encode_rsa_oaep(key2, m, schemeOptions); + } + }; + } else if (["RAW", "NONE", "NULL", null].indexOf(scheme) !== -1) { + scheme = { encode: function(e3) { + return e3; + } }; + } else if (typeof scheme === "string") { + throw new Error('Unsupported encryption scheme: "' + scheme + '".'); + } + var e2 = scheme.encode(data, key, true); + return pki2.rsa.encrypt(e2, key, true); + }; + key.verify = function(digest, signature, scheme, options) { + if (typeof scheme === "string") { + scheme = scheme.toUpperCase(); + } else if (scheme === void 0) { + scheme = "RSASSA-PKCS1-V1_5"; + } + if (options === void 0) { + options = { + _parseAllDigestBytes: true + }; + } + if (!("_parseAllDigestBytes" in options)) { + options._parseAllDigestBytes = true; + } + if (scheme === "RSASSA-PKCS1-V1_5") { + scheme = { + verify: function(digest2, d2) { + d2 = _decodePkcs1_v1_5(d2, key, true); + var obj = asn1.fromDer(d2, { + parseAllBytes: options._parseAllDigestBytes + }); + var capture = {}; + var errors = []; + if (!asn1.validate(obj, digestInfoValidator, capture, errors)) { + var error3 = new Error( + "ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 DigestInfo value." + ); + error3.errors = errors; + throw error3; + } + var oid = asn1.derToOid(capture.algorithmIdentifier); + if (!(oid === forge.oids.md2 || oid === forge.oids.md5 || oid === forge.oids.sha1 || oid === forge.oids.sha224 || oid === forge.oids.sha256 || oid === forge.oids.sha384 || oid === forge.oids.sha512 || oid === forge.oids["sha512-224"] || oid === forge.oids["sha512-256"])) { + var error3 = new Error( + "Unknown RSASSA-PKCS1-v1_5 DigestAlgorithm identifier." + ); + error3.oid = oid; + throw error3; + } + if (oid === forge.oids.md2 || oid === forge.oids.md5) { + if (!("parameters" in capture)) { + throw new Error( + "ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 DigestInfo value. Missing algorithm identifier NULL parameters." + ); } } + return digest2 === capture.digest; } - } - return rval; + }; + } else if (scheme === "NONE" || scheme === "NULL" || scheme === null) { + scheme = { + verify: function(digest2, d2) { + d2 = _decodePkcs1_v1_5(d2, key, true); + return digest2 === d2; + } + }; } + var d = pki2.rsa.decrypt(signature, key, true, false); + return scheme.verify(digest, d, key.n.bitLength()); }; - return cipher; - }; - forge.rc2.startEncrypting = function(key, iv, output) { - var cipher = forge.rc2.createEncryptionCipher(key, 128); - cipher.start(iv, output); - return cipher; - }; - forge.rc2.createEncryptionCipher = function(key, bits) { - return createCipher(key, bits, true); - }; - forge.rc2.startDecrypting = function(key, iv, output) { - var cipher = forge.rc2.createDecryptionCipher(key, 128); - cipher.start(iv, output); - return cipher; + return key; }; - forge.rc2.createDecryptionCipher = function(key, bits) { - return createCipher(key, bits, false); + pki2.setRsaPrivateKey = pki2.rsa.setPrivateKey = function(n, e, d, p, q, dP, dQ, qInv) { + var key = { + n, + e, + d, + p, + q, + dP, + dQ, + qInv + }; + key.decrypt = function(data, scheme, schemeOptions) { + if (typeof scheme === "string") { + scheme = scheme.toUpperCase(); + } else if (scheme === void 0) { + scheme = "RSAES-PKCS1-V1_5"; + } + var d2 = pki2.rsa.decrypt(data, key, false, false); + if (scheme === "RSAES-PKCS1-V1_5") { + scheme = { decode: _decodePkcs1_v1_5 }; + } else if (scheme === "RSA-OAEP" || scheme === "RSAES-OAEP") { + scheme = { + decode: function(d3, key2) { + return forge.pkcs1.decode_rsa_oaep(key2, d3, schemeOptions); + } + }; + } else if (["RAW", "NONE", "NULL", null].indexOf(scheme) !== -1) { + scheme = { decode: function(d3) { + return d3; + } }; + } else { + throw new Error('Unsupported encryption scheme: "' + scheme + '".'); + } + return scheme.decode(d2, key, false); + }; + key.sign = function(md, scheme) { + var bt = false; + if (typeof scheme === "string") { + scheme = scheme.toUpperCase(); + } + if (scheme === void 0 || scheme === "RSASSA-PKCS1-V1_5") { + scheme = { encode: emsaPkcs1v15encode }; + bt = 1; + } else if (scheme === "NONE" || scheme === "NULL" || scheme === null) { + scheme = { encode: function() { + return md; + } }; + bt = 1; + } + var d2 = scheme.encode(md, key.n.bitLength()); + return pki2.rsa.encrypt(d2, key, bt); + }; + return key; }; - } -}); - -// node_modules/node-forge/lib/jsbn.js -var require_jsbn = __commonJS({ - "node_modules/node-forge/lib/jsbn.js"(exports2, module2) { - var forge = require_forge(); - module2.exports = forge.jsbn = forge.jsbn || {}; - var dbits; - var canary = 244837814094590; - var j_lm = (canary & 16777215) == 15715070; - function BigInteger(a, b, c) { - this.data = []; - if (a != null) - if ("number" == typeof a) this.fromNumber(a, b, c); - else if (b == null && "string" != typeof a) this.fromString(a, 256); - else this.fromString(a, b); - } - forge.jsbn.BigInteger = BigInteger; - function nbi() { - return new BigInteger(null); - } - function am1(i, x, w, j, c, n) { - while (--n >= 0) { - var v = x * this.data[i++] + w.data[j] + c; - c = Math.floor(v / 67108864); - w.data[j++] = v & 67108863; - } - return c; - } - function am2(i, x, w, j, c, n) { - var xl = x & 32767, xh = x >> 15; - while (--n >= 0) { - var l = this.data[i] & 32767; - var h = this.data[i++] >> 15; - var m = xh * l + h * xl; - l = xl * l + ((m & 32767) << 15) + w.data[j] + (c & 1073741823); - c = (l >>> 30) + (m >>> 15) + xh * h + (c >>> 30); - w.data[j++] = l & 1073741823; - } - return c; - } - function am3(i, x, w, j, c, n) { - var xl = x & 16383, xh = x >> 14; - while (--n >= 0) { - var l = this.data[i] & 16383; - var h = this.data[i++] >> 14; - var m = xh * l + h * xl; - l = xl * l + ((m & 16383) << 14) + w.data[j] + c; - c = (l >> 28) + (m >> 14) + xh * h; - w.data[j++] = l & 268435455; + pki2.wrapRsaPrivateKey = function(rsaKey) { + return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // version (0) + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.INTEGER, + false, + asn1.integerToDer(0).getBytes() + ), + // privateKeyAlgorithm + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(pki2.oids.rsaEncryption).getBytes() + ), + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, "") + ]), + // PrivateKey + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OCTETSTRING, + false, + asn1.toDer(rsaKey).getBytes() + ) + ]); + }; + pki2.privateKeyFromAsn1 = function(obj) { + var capture = {}; + var errors = []; + if (asn1.validate(obj, privateKeyValidator, capture, errors)) { + obj = asn1.fromDer(forge.util.createBuffer(capture.privateKey)); } - return c; - } - if (typeof navigator === "undefined") { - BigInteger.prototype.am = am3; - dbits = 28; - } else if (j_lm && navigator.appName == "Microsoft Internet Explorer") { - BigInteger.prototype.am = am2; - dbits = 30; - } else if (j_lm && navigator.appName != "Netscape") { - BigInteger.prototype.am = am1; - dbits = 26; - } else { - BigInteger.prototype.am = am3; - dbits = 28; - } - BigInteger.prototype.DB = dbits; - BigInteger.prototype.DM = (1 << dbits) - 1; - BigInteger.prototype.DV = 1 << dbits; - var BI_FP = 52; - BigInteger.prototype.FV = Math.pow(2, BI_FP); - BigInteger.prototype.F1 = BI_FP - dbits; - BigInteger.prototype.F2 = 2 * dbits - BI_FP; - var BI_RM = "0123456789abcdefghijklmnopqrstuvwxyz"; - var BI_RC = new Array(); - var rr; - var vv; - rr = "0".charCodeAt(0); - for (vv = 0; vv <= 9; ++vv) BI_RC[rr++] = vv; - rr = "a".charCodeAt(0); - for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv; - rr = "A".charCodeAt(0); - for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv; - function int2char(n) { - return BI_RM.charAt(n); - } - function intAt(s, i) { - var c = BI_RC[s.charCodeAt(i)]; - return c == null ? -1 : c; - } - function bnpCopyTo(r) { - for (var i = this.t - 1; i >= 0; --i) r.data[i] = this.data[i]; - r.t = this.t; - r.s = this.s; - } - function bnpFromInt(x) { - this.t = 1; - this.s = x < 0 ? -1 : 0; - if (x > 0) this.data[0] = x; - else if (x < -1) this.data[0] = x + this.DV; - else this.t = 0; - } - function nbv(i) { - var r = nbi(); - r.fromInt(i); - return r; - } - function bnpFromString(s, b) { - var k; - if (b == 16) k = 4; - else if (b == 8) k = 3; - else if (b == 256) k = 8; - else if (b == 2) k = 1; - else if (b == 32) k = 5; - else if (b == 4) k = 2; - else { - this.fromRadix(s, b); - return; + capture = {}; + errors = []; + if (!asn1.validate(obj, rsaPrivateKeyValidator, capture, errors)) { + var error3 = new Error("Cannot read private key. ASN.1 object does not contain an RSAPrivateKey."); + error3.errors = errors; + throw error3; } - this.t = 0; - this.s = 0; - var i = s.length, mi = false, sh = 0; - while (--i >= 0) { - var x = k == 8 ? s[i] & 255 : intAt(s, i); - if (x < 0) { - if (s.charAt(i) == "-") mi = true; - continue; + var n, e, d, p, q, dP, dQ, qInv; + n = forge.util.createBuffer(capture.privateKeyModulus).toHex(); + e = forge.util.createBuffer(capture.privateKeyPublicExponent).toHex(); + d = forge.util.createBuffer(capture.privateKeyPrivateExponent).toHex(); + p = forge.util.createBuffer(capture.privateKeyPrime1).toHex(); + q = forge.util.createBuffer(capture.privateKeyPrime2).toHex(); + dP = forge.util.createBuffer(capture.privateKeyExponent1).toHex(); + dQ = forge.util.createBuffer(capture.privateKeyExponent2).toHex(); + qInv = forge.util.createBuffer(capture.privateKeyCoefficient).toHex(); + return pki2.setRsaPrivateKey( + new BigInteger(n, 16), + new BigInteger(e, 16), + new BigInteger(d, 16), + new BigInteger(p, 16), + new BigInteger(q, 16), + new BigInteger(dP, 16), + new BigInteger(dQ, 16), + new BigInteger(qInv, 16) + ); + }; + pki2.privateKeyToAsn1 = pki2.privateKeyToRSAPrivateKey = function(key) { + return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // version (0 = only 2 primes, 1 multiple primes) + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.INTEGER, + false, + asn1.integerToDer(0).getBytes() + ), + // modulus (n) + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.INTEGER, + false, + _bnToBytes(key.n) + ), + // publicExponent (e) + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.INTEGER, + false, + _bnToBytes(key.e) + ), + // privateExponent (d) + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.INTEGER, + false, + _bnToBytes(key.d) + ), + // privateKeyPrime1 (p) + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.INTEGER, + false, + _bnToBytes(key.p) + ), + // privateKeyPrime2 (q) + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.INTEGER, + false, + _bnToBytes(key.q) + ), + // privateKeyExponent1 (dP) + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.INTEGER, + false, + _bnToBytes(key.dP) + ), + // privateKeyExponent2 (dQ) + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.INTEGER, + false, + _bnToBytes(key.dQ) + ), + // coefficient (qInv) + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.INTEGER, + false, + _bnToBytes(key.qInv) + ) + ]); + }; + pki2.publicKeyFromAsn1 = function(obj) { + var capture = {}; + var errors = []; + if (asn1.validate(obj, publicKeyValidator, capture, errors)) { + var oid = asn1.derToOid(capture.publicKeyOid); + if (oid !== pki2.oids.rsaEncryption) { + var error3 = new Error("Cannot read public key. Unknown OID."); + error3.oid = oid; + throw error3; } - mi = false; - if (sh == 0) - this.data[this.t++] = x; - else if (sh + k > this.DB) { - this.data[this.t - 1] |= (x & (1 << this.DB - sh) - 1) << sh; - this.data[this.t++] = x >> this.DB - sh; - } else - this.data[this.t - 1] |= x << sh; - sh += k; - if (sh >= this.DB) sh -= this.DB; + obj = capture.rsaPublicKey; } - if (k == 8 && (s[0] & 128) != 0) { - this.s = -1; - if (sh > 0) this.data[this.t - 1] |= (1 << this.DB - sh) - 1 << sh; + errors = []; + if (!asn1.validate(obj, rsaPublicKeyValidator, capture, errors)) { + var error3 = new Error("Cannot read public key. ASN.1 object does not contain an RSAPublicKey."); + error3.errors = errors; + throw error3; } - this.clamp(); - if (mi) BigInteger.ZERO.subTo(this, this); - } - function bnpClamp() { - var c = this.s & this.DM; - while (this.t > 0 && this.data[this.t - 1] == c) --this.t; - } - function bnToString(b) { - if (this.s < 0) return "-" + this.negate().toString(b); - var k; - if (b == 16) k = 4; - else if (b == 8) k = 3; - else if (b == 2) k = 1; - else if (b == 32) k = 5; - else if (b == 4) k = 2; - else return this.toRadix(b); - var km = (1 << k) - 1, d, m = false, r = "", i = this.t; - var p = this.DB - i * this.DB % k; - if (i-- > 0) { - if (p < this.DB && (d = this.data[i] >> p) > 0) { - m = true; - r = int2char(d); + var n = forge.util.createBuffer(capture.publicKeyModulus).toHex(); + var e = forge.util.createBuffer(capture.publicKeyExponent).toHex(); + return pki2.setRsaPublicKey( + new BigInteger(n, 16), + new BigInteger(e, 16) + ); + }; + pki2.publicKeyToAsn1 = pki2.publicKeyToSubjectPublicKeyInfo = function(key) { + return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // AlgorithmIdentifier + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // algorithm + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(pki2.oids.rsaEncryption).getBytes() + ), + // parameters (null) + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, "") + ]), + // subjectPublicKey + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, [ + pki2.publicKeyToRSAPublicKey(key) + ]) + ]); + }; + pki2.publicKeyToRSAPublicKey = function(key) { + return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // modulus (n) + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.INTEGER, + false, + _bnToBytes(key.n) + ), + // publicExponent (e) + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.INTEGER, + false, + _bnToBytes(key.e) + ) + ]); + }; + function _encodePkcs1_v1_5(m, key, bt) { + var eb = forge.util.createBuffer(); + var k = Math.ceil(key.n.bitLength() / 8); + if (m.length > k - 11) { + var error3 = new Error("Message is too long for PKCS#1 v1.5 padding."); + error3.length = m.length; + error3.max = k - 11; + throw error3; + } + eb.putByte(0); + eb.putByte(bt); + var padNum = k - 3 - m.length; + var padByte; + if (bt === 0 || bt === 1) { + padByte = bt === 0 ? 0 : 255; + for (var i = 0; i < padNum; ++i) { + eb.putByte(padByte); } - while (i >= 0) { - if (p < k) { - d = (this.data[i] & (1 << p) - 1) << k - p; - d |= this.data[--i] >> (p += this.DB - k); - } else { - d = this.data[i] >> (p -= k) & km; - if (p <= 0) { - p += this.DB; - --i; + } else { + while (padNum > 0) { + var numZeros = 0; + var padBytes = forge.random.getBytes(padNum); + for (var i = 0; i < padNum; ++i) { + padByte = padBytes.charCodeAt(i); + if (padByte === 0) { + ++numZeros; + } else { + eb.putByte(padByte); } } - if (d > 0) m = true; - if (m) r += int2char(d); + padNum = numZeros; } } - return m ? r : "0"; - } - function bnNegate() { - var r = nbi(); - BigInteger.ZERO.subTo(this, r); - return r; - } - function bnAbs() { - return this.s < 0 ? this.negate() : this; - } - function bnCompareTo(a) { - var r = this.s - a.s; - if (r != 0) return r; - var i = this.t; - r = i - a.t; - if (r != 0) return this.s < 0 ? -r : r; - while (--i >= 0) if ((r = this.data[i] - a.data[i]) != 0) return r; - return 0; + eb.putByte(0); + eb.putBytes(m); + return eb; } - function nbits(x) { - var r = 1, t; - if ((t = x >>> 16) != 0) { - x = t; - r += 16; - } - if ((t = x >> 8) != 0) { - x = t; - r += 8; - } - if ((t = x >> 4) != 0) { - x = t; - r += 4; - } - if ((t = x >> 2) != 0) { - x = t; - r += 2; + function _decodePkcs1_v1_5(em, key, pub, ml) { + var k = Math.ceil(key.n.bitLength() / 8); + var eb = forge.util.createBuffer(em); + var first = eb.getByte(); + var bt = eb.getByte(); + if (first !== 0 || pub && bt !== 0 && bt !== 1 || !pub && bt != 2 || pub && bt === 0 && typeof ml === "undefined") { + throw new Error("Encryption block is invalid."); } - if ((t = x >> 1) != 0) { - x = t; - r += 1; + var padNum = 0; + if (bt === 0) { + padNum = k - 3 - ml; + for (var i = 0; i < padNum; ++i) { + if (eb.getByte() !== 0) { + throw new Error("Encryption block is invalid."); + } + } + } else if (bt === 1) { + padNum = 0; + while (eb.length() > 1) { + if (eb.getByte() !== 255) { + --eb.read; + break; + } + ++padNum; + } + } else if (bt === 2) { + padNum = 0; + while (eb.length() > 1) { + if (eb.getByte() === 0) { + --eb.read; + break; + } + ++padNum; + } } - return r; - } - function bnBitLength() { - if (this.t <= 0) return 0; - return this.DB * (this.t - 1) + nbits(this.data[this.t - 1] ^ this.s & this.DM); - } - function bnpDLShiftTo(n, r) { - var i; - for (i = this.t - 1; i >= 0; --i) r.data[i + n] = this.data[i]; - for (i = n - 1; i >= 0; --i) r.data[i] = 0; - r.t = this.t + n; - r.s = this.s; - } - function bnpDRShiftTo(n, r) { - for (var i = n; i < this.t; ++i) r.data[i - n] = this.data[i]; - r.t = Math.max(this.t - n, 0); - r.s = this.s; - } - function bnpLShiftTo(n, r) { - var bs = n % this.DB; - var cbs = this.DB - bs; - var bm = (1 << cbs) - 1; - var ds = Math.floor(n / this.DB), c = this.s << bs & this.DM, i; - for (i = this.t - 1; i >= 0; --i) { - r.data[i + ds + 1] = this.data[i] >> cbs | c; - c = (this.data[i] & bm) << bs; + var zero = eb.getByte(); + if (zero !== 0 || padNum !== k - 3 - eb.length()) { + throw new Error("Encryption block is invalid."); } - for (i = ds - 1; i >= 0; --i) r.data[i] = 0; - r.data[ds] = c; - r.t = this.t + ds + 1; - r.s = this.s; - r.clamp(); + return eb.getBytes(); } - function bnpRShiftTo(n, r) { - r.s = this.s; - var ds = Math.floor(n / this.DB); - if (ds >= this.t) { - r.t = 0; - return; + function _generateKeyPair(state, options, callback) { + if (typeof options === "function") { + callback = options; + options = {}; } - var bs = n % this.DB; - var cbs = this.DB - bs; - var bm = (1 << bs) - 1; - r.data[0] = this.data[ds] >> bs; - for (var i = ds + 1; i < this.t; ++i) { - r.data[i - ds - 1] |= (this.data[i] & bm) << cbs; - r.data[i - ds] = this.data[i] >> bs; + options = options || {}; + var opts = { + algorithm: { + name: options.algorithm || "PRIMEINC", + options: { + workers: options.workers || 2, + workLoad: options.workLoad || 100, + workerScript: options.workerScript + } + } + }; + if ("prng" in options) { + opts.prng = options.prng; } - if (bs > 0) r.data[this.t - ds - 1] |= (this.s & bm) << cbs; - r.t = this.t - ds; - r.clamp(); - } - function bnpSubTo(a, r) { - var i = 0, c = 0, m = Math.min(a.t, this.t); - while (i < m) { - c += this.data[i] - a.data[i]; - r.data[i++] = c & this.DM; - c >>= this.DB; - } - if (a.t < this.t) { - c -= a.s; - while (i < this.t) { - c += this.data[i]; - r.data[i++] = c & this.DM; - c >>= this.DB; - } - c += this.s; - } else { - c += this.s; - while (i < a.t) { - c -= a.data[i]; - r.data[i++] = c & this.DM; - c >>= this.DB; - } - c -= a.s; - } - r.s = c < 0 ? -1 : 0; - if (c < -1) r.data[i++] = this.DV + c; - else if (c > 0) r.data[i++] = c; - r.t = i; - r.clamp(); - } - function bnpMultiplyTo(a, r) { - var x = this.abs(), y = a.abs(); - var i = x.t; - r.t = i + y.t; - while (--i >= 0) r.data[i] = 0; - for (i = 0; i < y.t; ++i) r.data[i + x.t] = x.am(0, y.data[i], r, i, 0, x.t); - r.s = 0; - r.clamp(); - if (this.s != a.s) BigInteger.ZERO.subTo(r, r); - } - function bnpSquareTo(r) { - var x = this.abs(); - var i = r.t = 2 * x.t; - while (--i >= 0) r.data[i] = 0; - for (i = 0; i < x.t - 1; ++i) { - var c = x.am(i, x.data[i], r, 2 * i, 0, 1); - if ((r.data[i + x.t] += x.am(i + 1, 2 * x.data[i], r, 2 * i + 1, c, x.t - i - 1)) >= x.DV) { - r.data[i + x.t] -= x.DV; - r.data[i + x.t + 1] = 1; - } - } - if (r.t > 0) r.data[r.t - 1] += x.am(i, x.data[i], r, 2 * i, 0, 1); - r.s = 0; - r.clamp(); - } - function bnpDivRemTo(m, q, r) { - var pm = m.abs(); - if (pm.t <= 0) return; - var pt = this.abs(); - if (pt.t < pm.t) { - if (q != null) q.fromInt(0); - if (r != null) this.copyTo(r); - return; - } - if (r == null) r = nbi(); - var y = nbi(), ts = this.s, ms = m.s; - var nsh = this.DB - nbits(pm.data[pm.t - 1]); - if (nsh > 0) { - pm.lShiftTo(nsh, y); - pt.lShiftTo(nsh, r); - } else { - pm.copyTo(y); - pt.copyTo(r); + generate(); + function generate() { + getPrime(state.pBits, function(err, num) { + if (err) { + return callback(err); + } + state.p = num; + if (state.q !== null) { + return finish(err, state.q); + } + getPrime(state.qBits, finish); + }); } - var ys = y.t; - var y0 = y.data[ys - 1]; - if (y0 == 0) return; - var yt = y0 * (1 << this.F1) + (ys > 1 ? y.data[ys - 2] >> this.F2 : 0); - var d1 = this.FV / yt, d2 = (1 << this.F1) / yt, e = 1 << this.F2; - var i = r.t, j = i - ys, t = q == null ? nbi() : q; - y.dlShiftTo(j, t); - if (r.compareTo(t) >= 0) { - r.data[r.t++] = 1; - r.subTo(t, r); + function getPrime(bits, callback2) { + forge.prime.generateProbablePrime(bits, opts, callback2); } - BigInteger.ONE.dlShiftTo(ys, t); - t.subTo(y, y); - while (y.t < ys) y.data[y.t++] = 0; - while (--j >= 0) { - var qd = r.data[--i] == y0 ? this.DM : Math.floor(r.data[i] * d1 + (r.data[i - 1] + e) * d2); - if ((r.data[i] += y.am(0, qd, r, j, 0, ys)) < qd) { - y.dlShiftTo(j, t); - r.subTo(t, r); - while (r.data[i] < --qd) r.subTo(t, r); + function finish(err, num) { + if (err) { + return callback(err); } - } - if (q != null) { - r.drShiftTo(ys, q); - if (ts != ms) BigInteger.ZERO.subTo(q, q); - } - r.t = ys; - r.clamp(); - if (nsh > 0) r.rShiftTo(nsh, r); - if (ts < 0) BigInteger.ZERO.subTo(r, r); - } - function bnMod(a) { - var r = nbi(); - this.abs().divRemTo(a, null, r); - if (this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r, r); - return r; - } - function Classic(m) { - this.m = m; - } - function cConvert(x) { - if (x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m); - else return x; - } - function cRevert(x) { - return x; - } - function cReduce(x) { - x.divRemTo(this.m, null, x); - } - function cMulTo(x, y, r) { - x.multiplyTo(y, r); - this.reduce(r); - } - function cSqrTo(x, r) { - x.squareTo(r); - this.reduce(r); - } - Classic.prototype.convert = cConvert; - Classic.prototype.revert = cRevert; - Classic.prototype.reduce = cReduce; - Classic.prototype.mulTo = cMulTo; - Classic.prototype.sqrTo = cSqrTo; - function bnpInvDigit() { - if (this.t < 1) return 0; - var x = this.data[0]; - if ((x & 1) == 0) return 0; - var y = x & 3; - y = y * (2 - (x & 15) * y) & 15; - y = y * (2 - (x & 255) * y) & 255; - y = y * (2 - ((x & 65535) * y & 65535)) & 65535; - y = y * (2 - x * y % this.DV) % this.DV; - return y > 0 ? this.DV - y : -y; - } - function Montgomery(m) { - this.m = m; - this.mp = m.invDigit(); - this.mpl = this.mp & 32767; - this.mph = this.mp >> 15; - this.um = (1 << m.DB - 15) - 1; - this.mt2 = 2 * m.t; - } - function montConvert(x) { - var r = nbi(); - x.abs().dlShiftTo(this.m.t, r); - r.divRemTo(this.m, null, r); - if (x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r, r); - return r; - } - function montRevert(x) { - var r = nbi(); - x.copyTo(r); - this.reduce(r); - return r; - } - function montReduce(x) { - while (x.t <= this.mt2) - x.data[x.t++] = 0; - for (var i = 0; i < this.m.t; ++i) { - var j = x.data[i] & 32767; - var u0 = j * this.mpl + ((j * this.mph + (x.data[i] >> 15) * this.mpl & this.um) << 15) & x.DM; - j = i + this.m.t; - x.data[j] += this.m.am(0, u0, x, i, 0, this.m.t); - while (x.data[j] >= x.DV) { - x.data[j] -= x.DV; - x.data[++j]++; + state.q = num; + if (state.p.compareTo(state.q) < 0) { + var tmp = state.p; + state.p = state.q; + state.q = tmp; } - } - x.clamp(); - x.drShiftTo(this.m.t, x); - if (x.compareTo(this.m) >= 0) x.subTo(this.m, x); - } - function montSqrTo(x, r) { - x.squareTo(r); - this.reduce(r); - } - function montMulTo(x, y, r) { - x.multiplyTo(y, r); - this.reduce(r); - } - Montgomery.prototype.convert = montConvert; - Montgomery.prototype.revert = montRevert; - Montgomery.prototype.reduce = montReduce; - Montgomery.prototype.mulTo = montMulTo; - Montgomery.prototype.sqrTo = montSqrTo; - function bnpIsEven() { - return (this.t > 0 ? this.data[0] & 1 : this.s) == 0; - } - function bnpExp(e, z) { - if (e > 4294967295 || e < 1) return BigInteger.ONE; - var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e) - 1; - g.copyTo(r); - while (--i >= 0) { - z.sqrTo(r, r2); - if ((e & 1 << i) > 0) z.mulTo(r2, g, r); - else { - var t = r; - r = r2; - r2 = t; + if (state.p.subtract(BigInteger.ONE).gcd(state.e).compareTo(BigInteger.ONE) !== 0) { + state.p = null; + generate(); + return; } - } - return z.revert(r); - } - function bnModPowInt(e, m) { - var z; - if (e < 256 || m.isEven()) z = new Classic(m); - else z = new Montgomery(m); - return this.exp(e, z); - } - BigInteger.prototype.copyTo = bnpCopyTo; - BigInteger.prototype.fromInt = bnpFromInt; - BigInteger.prototype.fromString = bnpFromString; - BigInteger.prototype.clamp = bnpClamp; - BigInteger.prototype.dlShiftTo = bnpDLShiftTo; - BigInteger.prototype.drShiftTo = bnpDRShiftTo; - BigInteger.prototype.lShiftTo = bnpLShiftTo; - BigInteger.prototype.rShiftTo = bnpRShiftTo; - BigInteger.prototype.subTo = bnpSubTo; - BigInteger.prototype.multiplyTo = bnpMultiplyTo; - BigInteger.prototype.squareTo = bnpSquareTo; - BigInteger.prototype.divRemTo = bnpDivRemTo; - BigInteger.prototype.invDigit = bnpInvDigit; - BigInteger.prototype.isEven = bnpIsEven; - BigInteger.prototype.exp = bnpExp; - BigInteger.prototype.toString = bnToString; - BigInteger.prototype.negate = bnNegate; - BigInteger.prototype.abs = bnAbs; - BigInteger.prototype.compareTo = bnCompareTo; - BigInteger.prototype.bitLength = bnBitLength; - BigInteger.prototype.mod = bnMod; - BigInteger.prototype.modPowInt = bnModPowInt; - BigInteger.ZERO = nbv(0); - BigInteger.ONE = nbv(1); - function bnClone() { - var r = nbi(); - this.copyTo(r); - return r; - } - function bnIntValue() { - if (this.s < 0) { - if (this.t == 1) return this.data[0] - this.DV; - else if (this.t == 0) return -1; - } else if (this.t == 1) return this.data[0]; - else if (this.t == 0) return 0; - return (this.data[1] & (1 << 32 - this.DB) - 1) << this.DB | this.data[0]; - } - function bnByteValue() { - return this.t == 0 ? this.s : this.data[0] << 24 >> 24; - } - function bnShortValue() { - return this.t == 0 ? this.s : this.data[0] << 16 >> 16; - } - function bnpChunkSize(r) { - return Math.floor(Math.LN2 * this.DB / Math.log(r)); - } - function bnSigNum() { - if (this.s < 0) return -1; - else if (this.t <= 0 || this.t == 1 && this.data[0] <= 0) return 0; - else return 1; - } - function bnpToRadix(b) { - if (b == null) b = 10; - if (this.signum() == 0 || b < 2 || b > 36) return "0"; - var cs = this.chunkSize(b); - var a = Math.pow(b, cs); - var d = nbv(a), y = nbi(), z = nbi(), r = ""; - this.divRemTo(d, y, z); - while (y.signum() > 0) { - r = (a + z.intValue()).toString(b).substr(1) + r; - y.divRemTo(d, y, z); - } - return z.intValue().toString(b) + r; - } - function bnpFromRadix(s, b) { - this.fromInt(0); - if (b == null) b = 10; - var cs = this.chunkSize(b); - var d = Math.pow(b, cs), mi = false, j = 0, w = 0; - for (var i = 0; i < s.length; ++i) { - var x = intAt(s, i); - if (x < 0) { - if (s.charAt(i) == "-" && this.signum() == 0) mi = true; - continue; + if (state.q.subtract(BigInteger.ONE).gcd(state.e).compareTo(BigInteger.ONE) !== 0) { + state.q = null; + getPrime(state.qBits, finish); + return; } - w = b * w + x; - if (++j >= cs) { - this.dMultiply(d); - this.dAddOffset(w, 0); - j = 0; - w = 0; + state.p1 = state.p.subtract(BigInteger.ONE); + state.q1 = state.q.subtract(BigInteger.ONE); + state.phi = state.p1.multiply(state.q1); + if (state.phi.gcd(state.e).compareTo(BigInteger.ONE) !== 0) { + state.p = state.q = null; + generate(); + return; } - } - if (j > 0) { - this.dMultiply(Math.pow(b, j)); - this.dAddOffset(w, 0); - } - if (mi) BigInteger.ZERO.subTo(this, this); - } - function bnpFromNumber(a, b, c) { - if ("number" == typeof b) { - if (a < 2) this.fromInt(1); - else { - this.fromNumber(a, c); - if (!this.testBit(a - 1)) - this.bitwiseTo(BigInteger.ONE.shiftLeft(a - 1), op_or, this); - if (this.isEven()) this.dAddOffset(1, 0); - while (!this.isProbablePrime(b)) { - this.dAddOffset(2, 0); - if (this.bitLength() > a) this.subTo(BigInteger.ONE.shiftLeft(a - 1), this); - } + state.n = state.p.multiply(state.q); + if (state.n.bitLength() !== state.bits) { + state.q = null; + getPrime(state.qBits, finish); + return; } - } else { - var x = new Array(), t = a & 7; - x.length = (a >> 3) + 1; - b.nextBytes(x); - if (t > 0) x[0] &= (1 << t) - 1; - else x[0] = 0; - this.fromString(x, 256); + var d = state.e.modInverse(state.phi); + state.keys = { + privateKey: pki2.rsa.setPrivateKey( + state.n, + state.e, + d, + state.p, + state.q, + d.mod(state.p1), + d.mod(state.q1), + state.q.modInverse(state.p) + ), + publicKey: pki2.rsa.setPublicKey(state.n, state.e) + }; + callback(null, state.keys); } } - function bnToByteArray() { - var i = this.t, r = new Array(); - r[0] = this.s; - var p = this.DB - i * this.DB % 8, d, k = 0; - if (i-- > 0) { - if (p < this.DB && (d = this.data[i] >> p) != (this.s & this.DM) >> p) - r[k++] = d | this.s << this.DB - p; - while (i >= 0) { - if (p < 8) { - d = (this.data[i] & (1 << p) - 1) << 8 - p; - d |= this.data[--i] >> (p += this.DB - 8); - } else { - d = this.data[i] >> (p -= 8) & 255; - if (p <= 0) { - p += this.DB; - --i; - } - } - if ((d & 128) != 0) d |= -256; - if (k == 0 && (this.s & 128) != (d & 128)) ++k; - if (k > 0 || d != this.s) r[k++] = d; - } + function _bnToBytes(b) { + var hex = b.toString(16); + if (hex[0] >= "8") { + hex = "00" + hex; } - return r; - } - function bnEquals(a) { - return this.compareTo(a) == 0; - } - function bnMin(a) { - return this.compareTo(a) < 0 ? this : a; - } - function bnMax(a) { - return this.compareTo(a) > 0 ? this : a; - } - function bnpBitwiseTo(a, op, r) { - var i, f, m = Math.min(a.t, this.t); - for (i = 0; i < m; ++i) r.data[i] = op(this.data[i], a.data[i]); - if (a.t < this.t) { - f = a.s & this.DM; - for (i = m; i < this.t; ++i) r.data[i] = op(this.data[i], f); - r.t = this.t; - } else { - f = this.s & this.DM; - for (i = m; i < a.t; ++i) r.data[i] = op(f, a.data[i]); - r.t = a.t; + var bytes = forge.util.hexToBytes(hex); + if (bytes.length > 1 && // leading 0x00 for positive integer + (bytes.charCodeAt(0) === 0 && (bytes.charCodeAt(1) & 128) === 0 || // leading 0xFF for negative integer + bytes.charCodeAt(0) === 255 && (bytes.charCodeAt(1) & 128) === 128)) { + return bytes.substr(1); } - r.s = op(this.s, a.s); - r.clamp(); - } - function op_and(x, y) { - return x & y; - } - function bnAnd(a) { - var r = nbi(); - this.bitwiseTo(a, op_and, r); - return r; + return bytes; } - function op_or(x, y) { - return x | y; + function _getMillerRabinTests(bits) { + if (bits <= 100) return 27; + if (bits <= 150) return 18; + if (bits <= 200) return 15; + if (bits <= 250) return 12; + if (bits <= 300) return 9; + if (bits <= 350) return 8; + if (bits <= 400) return 7; + if (bits <= 500) return 6; + if (bits <= 600) return 5; + if (bits <= 800) return 4; + if (bits <= 1250) return 3; + return 2; } - function bnOr(a) { - var r = nbi(); - this.bitwiseTo(a, op_or, r); - return r; + function _detectNodeCrypto(fn) { + return forge.util.isNodejs && typeof _crypto[fn] === "function"; } - function op_xor(x, y) { - return x ^ y; + function _detectSubtleCrypto(fn) { + return typeof util.globalScope !== "undefined" && typeof util.globalScope.crypto === "object" && typeof util.globalScope.crypto.subtle === "object" && typeof util.globalScope.crypto.subtle[fn] === "function"; } - function bnXor(a) { - var r = nbi(); - this.bitwiseTo(a, op_xor, r); - return r; + function _detectSubtleMsCrypto(fn) { + return typeof util.globalScope !== "undefined" && typeof util.globalScope.msCrypto === "object" && typeof util.globalScope.msCrypto.subtle === "object" && typeof util.globalScope.msCrypto.subtle[fn] === "function"; } - function op_andnot(x, y) { - return x & ~y; + function _intToUint8Array(x) { + var bytes = forge.util.hexToBytes(x.toString(16)); + var buffer = new Uint8Array(bytes.length); + for (var i = 0; i < bytes.length; ++i) { + buffer[i] = bytes.charCodeAt(i); + } + return buffer; } - function bnAndNot(a) { - var r = nbi(); - this.bitwiseTo(a, op_andnot, r); - return r; + } +}); + +// node_modules/node-forge/lib/pbe.js +var require_pbe = __commonJS({ + "node_modules/node-forge/lib/pbe.js"(exports2, module2) { + var forge = require_forge(); + require_aes(); + require_asn1(); + require_des(); + require_md(); + require_oids(); + require_pbkdf2(); + require_pem(); + require_random(); + require_rc2(); + require_rsa(); + require_util9(); + if (typeof BigInteger === "undefined") { + BigInteger = forge.jsbn.BigInteger; } - function bnNot() { - var r = nbi(); - for (var i = 0; i < this.t; ++i) r.data[i] = this.DM & ~this.data[i]; - r.t = this.t; - r.s = ~this.s; - return r; - } - function bnShiftLeft(n) { - var r = nbi(); - if (n < 0) this.rShiftTo(-n, r); - else this.lShiftTo(n, r); - return r; - } - function bnShiftRight(n) { - var r = nbi(); - if (n < 0) this.lShiftTo(-n, r); - else this.rShiftTo(n, r); - return r; - } - function lbit(x) { - if (x == 0) return -1; - var r = 0; - if ((x & 65535) == 0) { - x >>= 16; - r += 16; - } - if ((x & 255) == 0) { - x >>= 8; - r += 8; + var BigInteger; + var asn1 = forge.asn1; + var pki2 = forge.pki = forge.pki || {}; + module2.exports = pki2.pbe = forge.pbe = forge.pbe || {}; + var oids = pki2.oids; + var encryptedPrivateKeyValidator = { + name: "EncryptedPrivateKeyInfo", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "EncryptedPrivateKeyInfo.encryptionAlgorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "AlgorithmIdentifier.algorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "encryptionOid" + }, { + name: "AlgorithmIdentifier.parameters", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + captureAsn1: "encryptionParams" + }] + }, { + // encryptedData + name: "EncryptedPrivateKeyInfo.encryptedData", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OCTETSTRING, + constructed: false, + capture: "encryptedData" + }] + }; + var PBES2AlgorithmsValidator = { + name: "PBES2Algorithms", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "PBES2Algorithms.keyDerivationFunc", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "PBES2Algorithms.keyDerivationFunc.oid", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "kdfOid" + }, { + name: "PBES2Algorithms.params", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "PBES2Algorithms.params.salt", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OCTETSTRING, + constructed: false, + capture: "kdfSalt" + }, { + name: "PBES2Algorithms.params.iterationCount", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "kdfIterationCount" + }, { + name: "PBES2Algorithms.params.keyLength", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + optional: true, + capture: "keyLength" + }, { + // prf + name: "PBES2Algorithms.params.prf", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + optional: true, + value: [{ + name: "PBES2Algorithms.params.prf.algorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "prfOid" + }] + }] + }] + }, { + name: "PBES2Algorithms.encryptionScheme", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "PBES2Algorithms.encryptionScheme.oid", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "encOid" + }, { + name: "PBES2Algorithms.encryptionScheme.iv", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OCTETSTRING, + constructed: false, + capture: "encIv" + }] + }] + }; + var pkcs12PbeParamsValidator = { + name: "pkcs-12PbeParams", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "pkcs-12PbeParams.salt", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OCTETSTRING, + constructed: false, + capture: "salt" + }, { + name: "pkcs-12PbeParams.iterations", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "iterations" + }] + }; + pki2.encryptPrivateKeyInfo = function(obj, password, options) { + options = options || {}; + options.saltSize = options.saltSize || 8; + options.count = options.count || 2048; + options.algorithm = options.algorithm || "aes128"; + options.prfAlgorithm = options.prfAlgorithm || "sha1"; + var salt = forge.random.getBytesSync(options.saltSize); + var count = options.count; + var countBytes = asn1.integerToDer(count); + var dkLen; + var encryptionAlgorithm; + var encryptedData; + if (options.algorithm.indexOf("aes") === 0 || options.algorithm === "des") { + var ivLen, encOid, cipherFn; + switch (options.algorithm) { + case "aes128": + dkLen = 16; + ivLen = 16; + encOid = oids["aes128-CBC"]; + cipherFn = forge.aes.createEncryptionCipher; + break; + case "aes192": + dkLen = 24; + ivLen = 16; + encOid = oids["aes192-CBC"]; + cipherFn = forge.aes.createEncryptionCipher; + break; + case "aes256": + dkLen = 32; + ivLen = 16; + encOid = oids["aes256-CBC"]; + cipherFn = forge.aes.createEncryptionCipher; + break; + case "des": + dkLen = 8; + ivLen = 8; + encOid = oids["desCBC"]; + cipherFn = forge.des.createEncryptionCipher; + break; + default: + var error3 = new Error("Cannot encrypt private key. Unknown encryption algorithm."); + error3.algorithm = options.algorithm; + throw error3; + } + var prfAlgorithm = "hmacWith" + options.prfAlgorithm.toUpperCase(); + var md = prfAlgorithmToMessageDigest(prfAlgorithm); + var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen, md); + var iv = forge.random.getBytesSync(ivLen); + var cipher = cipherFn(dk); + cipher.start(iv); + cipher.update(asn1.toDer(obj)); + cipher.finish(); + encryptedData = cipher.output.getBytes(); + var params = createPbkdf2Params(salt, countBytes, dkLen, prfAlgorithm); + encryptionAlgorithm = asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.SEQUENCE, + true, + [ + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(oids["pkcs5PBES2"]).getBytes() + ), + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // keyDerivationFunc + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(oids["pkcs5PBKDF2"]).getBytes() + ), + // PBKDF2-params + params + ]), + // encryptionScheme + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(encOid).getBytes() + ), + // iv + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OCTETSTRING, + false, + iv + ) + ]) + ]) + ] + ); + } else if (options.algorithm === "3des") { + dkLen = 24; + var saltBytes = new forge.util.ByteBuffer(salt); + var dk = pki2.pbe.generatePkcs12Key(password, saltBytes, 1, count, dkLen); + var iv = pki2.pbe.generatePkcs12Key(password, saltBytes, 2, count, dkLen); + var cipher = forge.des.createEncryptionCipher(dk); + cipher.start(iv); + cipher.update(asn1.toDer(obj)); + cipher.finish(); + encryptedData = cipher.output.getBytes(); + encryptionAlgorithm = asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.SEQUENCE, + true, + [ + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(oids["pbeWithSHAAnd3-KeyTripleDES-CBC"]).getBytes() + ), + // pkcs-12PbeParams + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // salt + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, salt), + // iteration count + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.INTEGER, + false, + countBytes.getBytes() + ) + ]) + ] + ); + } else { + var error3 = new Error("Cannot encrypt private key. Unknown encryption algorithm."); + error3.algorithm = options.algorithm; + throw error3; } - if ((x & 15) == 0) { - x >>= 4; - r += 4; + var rval = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // encryptionAlgorithm + encryptionAlgorithm, + // encryptedData + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OCTETSTRING, + false, + encryptedData + ) + ]); + return rval; + }; + pki2.decryptPrivateKeyInfo = function(obj, password) { + var rval = null; + var capture = {}; + var errors = []; + if (!asn1.validate(obj, encryptedPrivateKeyValidator, capture, errors)) { + var error3 = new Error("Cannot read encrypted private key. ASN.1 object is not a supported EncryptedPrivateKeyInfo."); + error3.errors = errors; + throw error3; } - if ((x & 3) == 0) { - x >>= 2; - r += 2; + var oid = asn1.derToOid(capture.encryptionOid); + var cipher = pki2.pbe.getCipher(oid, capture.encryptionParams, password); + var encrypted = forge.util.createBuffer(capture.encryptedData); + cipher.update(encrypted); + if (cipher.finish()) { + rval = asn1.fromDer(cipher.output); } - if ((x & 1) == 0) ++r; - return r; - } - function bnGetLowestSetBit() { - for (var i = 0; i < this.t; ++i) - if (this.data[i] != 0) return i * this.DB + lbit(this.data[i]); - if (this.s < 0) return this.t * this.DB; - return -1; - } - function cbit(x) { - var r = 0; - while (x != 0) { - x &= x - 1; - ++r; + return rval; + }; + pki2.encryptedPrivateKeyToPem = function(epki, maxline) { + var msg = { + type: "ENCRYPTED PRIVATE KEY", + body: asn1.toDer(epki).getBytes() + }; + return forge.pem.encode(msg, { maxline }); + }; + pki2.encryptedPrivateKeyFromPem = function(pem) { + var msg = forge.pem.decode(pem)[0]; + if (msg.type !== "ENCRYPTED PRIVATE KEY") { + var error3 = new Error('Could not convert encrypted private key from PEM; PEM header type is "ENCRYPTED PRIVATE KEY".'); + error3.headerType = msg.type; + throw error3; } - return r; - } - function bnBitCount() { - var r = 0, x = this.s & this.DM; - for (var i = 0; i < this.t; ++i) r += cbit(this.data[i] ^ x); - return r; - } - function bnTestBit(n) { - var j = Math.floor(n / this.DB); - if (j >= this.t) return this.s != 0; - return (this.data[j] & 1 << n % this.DB) != 0; - } - function bnpChangeBit(n, op) { - var r = BigInteger.ONE.shiftLeft(n); - this.bitwiseTo(r, op, r); - return r; - } - function bnSetBit(n) { - return this.changeBit(n, op_or); - } - function bnClearBit(n) { - return this.changeBit(n, op_andnot); - } - function bnFlipBit(n) { - return this.changeBit(n, op_xor); - } - function bnpAddTo(a, r) { - var i = 0, c = 0, m = Math.min(a.t, this.t); - while (i < m) { - c += this.data[i] + a.data[i]; - r.data[i++] = c & this.DM; - c >>= this.DB; + if (msg.procType && msg.procType.type === "ENCRYPTED") { + throw new Error("Could not convert encrypted private key from PEM; PEM is encrypted."); } - if (a.t < this.t) { - c += a.s; - while (i < this.t) { - c += this.data[i]; - r.data[i++] = c & this.DM; - c >>= this.DB; - } - c += this.s; - } else { - c += this.s; - while (i < a.t) { - c += a.data[i]; - r.data[i++] = c & this.DM; - c >>= this.DB; - } - c += a.s; + return asn1.fromDer(msg.body); + }; + pki2.encryptRsaPrivateKey = function(rsaKey, password, options) { + options = options || {}; + if (!options.legacy) { + var rval = pki2.wrapRsaPrivateKey(pki2.privateKeyToAsn1(rsaKey)); + rval = pki2.encryptPrivateKeyInfo(rval, password, options); + return pki2.encryptedPrivateKeyToPem(rval); } - r.s = c < 0 ? -1 : 0; - if (c > 0) r.data[i++] = c; - else if (c < -1) r.data[i++] = this.DV + c; - r.t = i; - r.clamp(); - } - function bnAdd(a) { - var r = nbi(); - this.addTo(a, r); - return r; - } - function bnSubtract(a) { - var r = nbi(); - this.subTo(a, r); - return r; - } - function bnMultiply(a) { - var r = nbi(); - this.multiplyTo(a, r); - return r; - } - function bnDivide(a) { - var r = nbi(); - this.divRemTo(a, r, null); - return r; - } - function bnRemainder(a) { - var r = nbi(); - this.divRemTo(a, null, r); - return r; - } - function bnDivideAndRemainder(a) { - var q = nbi(), r = nbi(); - this.divRemTo(a, q, r); - return new Array(q, r); - } - function bnpDMultiply(n) { - this.data[this.t] = this.am(0, n - 1, this, 0, 0, this.t); - ++this.t; - this.clamp(); - } - function bnpDAddOffset(n, w) { - if (n == 0) return; - while (this.t <= w) this.data[this.t++] = 0; - this.data[w] += n; - while (this.data[w] >= this.DV) { - this.data[w] -= this.DV; - if (++w >= this.t) this.data[this.t++] = 0; - ++this.data[w]; + var algorithm; + var iv; + var dkLen; + var cipherFn; + switch (options.algorithm) { + case "aes128": + algorithm = "AES-128-CBC"; + dkLen = 16; + iv = forge.random.getBytesSync(16); + cipherFn = forge.aes.createEncryptionCipher; + break; + case "aes192": + algorithm = "AES-192-CBC"; + dkLen = 24; + iv = forge.random.getBytesSync(16); + cipherFn = forge.aes.createEncryptionCipher; + break; + case "aes256": + algorithm = "AES-256-CBC"; + dkLen = 32; + iv = forge.random.getBytesSync(16); + cipherFn = forge.aes.createEncryptionCipher; + break; + case "3des": + algorithm = "DES-EDE3-CBC"; + dkLen = 24; + iv = forge.random.getBytesSync(8); + cipherFn = forge.des.createEncryptionCipher; + break; + case "des": + algorithm = "DES-CBC"; + dkLen = 8; + iv = forge.random.getBytesSync(8); + cipherFn = forge.des.createEncryptionCipher; + break; + default: + var error3 = new Error('Could not encrypt RSA private key; unsupported encryption algorithm "' + options.algorithm + '".'); + error3.algorithm = options.algorithm; + throw error3; } - } - function NullExp() { - } - function nNop(x) { - return x; - } - function nMulTo(x, y, r) { - x.multiplyTo(y, r); - } - function nSqrTo(x, r) { - x.squareTo(r); - } - NullExp.prototype.convert = nNop; - NullExp.prototype.revert = nNop; - NullExp.prototype.mulTo = nMulTo; - NullExp.prototype.sqrTo = nSqrTo; - function bnPow(e) { - return this.exp(e, new NullExp()); - } - function bnpMultiplyLowerTo(a, n, r) { - var i = Math.min(this.t + a.t, n); - r.s = 0; - r.t = i; - while (i > 0) r.data[--i] = 0; - var j; - for (j = r.t - this.t; i < j; ++i) r.data[i + this.t] = this.am(0, a.data[i], r, i, 0, this.t); - for (j = Math.min(a.t, n); i < j; ++i) this.am(0, a.data[i], r, i, 0, n - i); - r.clamp(); - } - function bnpMultiplyUpperTo(a, n, r) { - --n; - var i = r.t = this.t + a.t - n; - r.s = 0; - while (--i >= 0) r.data[i] = 0; - for (i = Math.max(n - this.t, 0); i < a.t; ++i) - r.data[this.t + i - n] = this.am(n - i, a.data[i], r, 0, 0, this.t + i - n); - r.clamp(); - r.drShiftTo(1, r); - } - function Barrett(m) { - this.r2 = nbi(); - this.q3 = nbi(); - BigInteger.ONE.dlShiftTo(2 * m.t, this.r2); - this.mu = this.r2.divide(m); - this.m = m; - } - function barrettConvert(x) { - if (x.s < 0 || x.t > 2 * this.m.t) return x.mod(this.m); - else if (x.compareTo(this.m) < 0) return x; - else { - var r = nbi(); - x.copyTo(r); - this.reduce(r); - return r; - } - } - function barrettRevert(x) { - return x; - } - function barrettReduce(x) { - x.drShiftTo(this.m.t - 1, this.r2); - if (x.t > this.m.t + 1) { - x.t = this.m.t + 1; - x.clamp(); + var dk = forge.pbe.opensslDeriveBytes(password, iv.substr(0, 8), dkLen); + var cipher = cipherFn(dk); + cipher.start(iv); + cipher.update(asn1.toDer(pki2.privateKeyToAsn1(rsaKey))); + cipher.finish(); + var msg = { + type: "RSA PRIVATE KEY", + procType: { + version: "4", + type: "ENCRYPTED" + }, + dekInfo: { + algorithm, + parameters: forge.util.bytesToHex(iv).toUpperCase() + }, + body: cipher.output.getBytes() + }; + return forge.pem.encode(msg); + }; + pki2.decryptRsaPrivateKey = function(pem, password) { + var rval = null; + var msg = forge.pem.decode(pem)[0]; + if (msg.type !== "ENCRYPTED PRIVATE KEY" && msg.type !== "PRIVATE KEY" && msg.type !== "RSA PRIVATE KEY") { + var error3 = new Error('Could not convert private key from PEM; PEM header type is not "ENCRYPTED PRIVATE KEY", "PRIVATE KEY", or "RSA PRIVATE KEY".'); + error3.headerType = error3; + throw error3; } - this.mu.multiplyUpperTo(this.r2, this.m.t + 1, this.q3); - this.m.multiplyLowerTo(this.q3, this.m.t + 1, this.r2); - while (x.compareTo(this.r2) < 0) x.dAddOffset(1, this.m.t + 1); - x.subTo(this.r2, x); - while (x.compareTo(this.m) >= 0) x.subTo(this.m, x); - } - function barrettSqrTo(x, r) { - x.squareTo(r); - this.reduce(r); - } - function barrettMulTo(x, y, r) { - x.multiplyTo(y, r); - this.reduce(r); - } - Barrett.prototype.convert = barrettConvert; - Barrett.prototype.revert = barrettRevert; - Barrett.prototype.reduce = barrettReduce; - Barrett.prototype.mulTo = barrettMulTo; - Barrett.prototype.sqrTo = barrettSqrTo; - function bnModPow(e, m) { - var i = e.bitLength(), k, r = nbv(1), z; - if (i <= 0) return r; - else if (i < 18) k = 1; - else if (i < 48) k = 3; - else if (i < 144) k = 4; - else if (i < 768) k = 5; - else k = 6; - if (i < 8) - z = new Classic(m); - else if (m.isEven()) - z = new Barrett(m); - else - z = new Montgomery(m); - var g = new Array(), n = 3, k1 = k - 1, km = (1 << k) - 1; - g[1] = z.convert(this); - if (k > 1) { - var g2 = nbi(); - z.sqrTo(g[1], g2); - while (n <= km) { - g[n] = nbi(); - z.mulTo(g2, g[n - 2], g[n]); - n += 2; + if (msg.procType && msg.procType.type === "ENCRYPTED") { + var dkLen; + var cipherFn; + switch (msg.dekInfo.algorithm) { + case "DES-CBC": + dkLen = 8; + cipherFn = forge.des.createDecryptionCipher; + break; + case "DES-EDE3-CBC": + dkLen = 24; + cipherFn = forge.des.createDecryptionCipher; + break; + case "AES-128-CBC": + dkLen = 16; + cipherFn = forge.aes.createDecryptionCipher; + break; + case "AES-192-CBC": + dkLen = 24; + cipherFn = forge.aes.createDecryptionCipher; + break; + case "AES-256-CBC": + dkLen = 32; + cipherFn = forge.aes.createDecryptionCipher; + break; + case "RC2-40-CBC": + dkLen = 5; + cipherFn = function(key) { + return forge.rc2.createDecryptionCipher(key, 40); + }; + break; + case "RC2-64-CBC": + dkLen = 8; + cipherFn = function(key) { + return forge.rc2.createDecryptionCipher(key, 64); + }; + break; + case "RC2-128-CBC": + dkLen = 16; + cipherFn = function(key) { + return forge.rc2.createDecryptionCipher(key, 128); + }; + break; + default: + var error3 = new Error('Could not decrypt private key; unsupported encryption algorithm "' + msg.dekInfo.algorithm + '".'); + error3.algorithm = msg.dekInfo.algorithm; + throw error3; + } + var iv = forge.util.hexToBytes(msg.dekInfo.parameters); + var dk = forge.pbe.opensslDeriveBytes(password, iv.substr(0, 8), dkLen); + var cipher = cipherFn(dk); + cipher.start(iv); + cipher.update(forge.util.createBuffer(msg.body)); + if (cipher.finish()) { + rval = cipher.output.getBytes(); + } else { + return rval; } + } else { + rval = msg.body; } - var j = e.t - 1, w, is1 = true, r2 = nbi(), t; - i = nbits(e.data[j]) - 1; - while (j >= 0) { - if (i >= k1) w = e.data[j] >> i - k1 & km; - else { - w = (e.data[j] & (1 << i + 1) - 1) << k1 - i; - if (j > 0) w |= e.data[j - 1] >> this.DB + i - k1; + if (msg.type === "ENCRYPTED PRIVATE KEY") { + rval = pki2.decryptPrivateKeyInfo(asn1.fromDer(rval), password); + } else { + rval = asn1.fromDer(rval); + } + if (rval !== null) { + rval = pki2.privateKeyFromAsn1(rval); + } + return rval; + }; + pki2.pbe.generatePkcs12Key = function(password, salt, id, iter, n, md) { + var j, l; + if (typeof md === "undefined" || md === null) { + if (!("sha1" in forge.md)) { + throw new Error('"sha1" hash algorithm unavailable.'); } - n = k; - while ((w & 1) == 0) { - w >>= 1; - --n; + md = forge.md.sha1.create(); + } + var u = md.digestLength; + var v = md.blockLength; + var result = new forge.util.ByteBuffer(); + var passBuf = new forge.util.ByteBuffer(); + if (password !== null && password !== void 0) { + for (l = 0; l < password.length; l++) { + passBuf.putInt16(password.charCodeAt(l)); } - if ((i -= n) < 0) { - i += this.DB; - --j; + passBuf.putInt16(0); + } + var p = passBuf.length(); + var s = salt.length(); + var D = new forge.util.ByteBuffer(); + D.fillWithByte(id, v); + var Slen = v * Math.ceil(s / v); + var S = new forge.util.ByteBuffer(); + for (l = 0; l < Slen; l++) { + S.putByte(salt.at(l % s)); + } + var Plen = v * Math.ceil(p / v); + var P = new forge.util.ByteBuffer(); + for (l = 0; l < Plen; l++) { + P.putByte(passBuf.at(l % p)); + } + var I = S; + I.putBuffer(P); + var c = Math.ceil(n / u); + for (var i = 1; i <= c; i++) { + var buf = new forge.util.ByteBuffer(); + buf.putBytes(D.bytes()); + buf.putBytes(I.bytes()); + for (var round = 0; round < iter; round++) { + md.start(); + md.update(buf.getBytes()); + buf = md.digest(); } - if (is1) { - g[w].copyTo(r); - is1 = false; - } else { - while (n > 1) { - z.sqrTo(r, r2); - z.sqrTo(r2, r); - n -= 2; - } - if (n > 0) z.sqrTo(r, r2); - else { - t = r; - r = r2; - r2 = t; - } - z.mulTo(r2, g[w], r); + var B = new forge.util.ByteBuffer(); + for (l = 0; l < v; l++) { + B.putByte(buf.at(l % u)); } - while (j >= 0 && (e.data[j] & 1 << i) == 0) { - z.sqrTo(r, r2); - t = r; - r = r2; - r2 = t; - if (--i < 0) { - i = this.DB - 1; - --j; + var k = Math.ceil(s / v) + Math.ceil(p / v); + var Inew = new forge.util.ByteBuffer(); + for (j = 0; j < k; j++) { + var chunk = new forge.util.ByteBuffer(I.getBytes(v)); + var x = 511; + for (l = B.length() - 1; l >= 0; l--) { + x = x >> 8; + x += B.at(l) + chunk.at(l); + chunk.setAt(l, x & 255); } + Inew.putBuffer(chunk); } + I = Inew; + result.putBuffer(buf); } - return z.revert(r); - } - function bnGCD(a) { - var x = this.s < 0 ? this.negate() : this.clone(); - var y = a.s < 0 ? a.negate() : a.clone(); - if (x.compareTo(y) < 0) { - var t = x; - x = y; - y = t; + result.truncate(result.length() - n); + return result; + }; + pki2.pbe.getCipher = function(oid, params, password) { + switch (oid) { + case pki2.oids["pkcs5PBES2"]: + return pki2.pbe.getCipherForPBES2(oid, params, password); + case pki2.oids["pbeWithSHAAnd3-KeyTripleDES-CBC"]: + case pki2.oids["pbewithSHAAnd40BitRC2-CBC"]: + return pki2.pbe.getCipherForPKCS12PBE(oid, params, password); + default: + var error3 = new Error("Cannot read encrypted PBE data block. Unsupported OID."); + error3.oid = oid; + error3.supportedOids = [ + "pkcs5PBES2", + "pbeWithSHAAnd3-KeyTripleDES-CBC", + "pbewithSHAAnd40BitRC2-CBC" + ]; + throw error3; } - var i = x.getLowestSetBit(), g = y.getLowestSetBit(); - if (g < 0) return x; - if (i < g) g = i; - if (g > 0) { - x.rShiftTo(g, x); - y.rShiftTo(g, y); + }; + pki2.pbe.getCipherForPBES2 = function(oid, params, password) { + var capture = {}; + var errors = []; + if (!asn1.validate(params, PBES2AlgorithmsValidator, capture, errors)) { + var error3 = new Error("Cannot read password-based-encryption algorithm parameters. ASN.1 object is not a supported EncryptedPrivateKeyInfo."); + error3.errors = errors; + throw error3; } - while (x.signum() > 0) { - if ((i = x.getLowestSetBit()) > 0) x.rShiftTo(i, x); - if ((i = y.getLowestSetBit()) > 0) y.rShiftTo(i, y); - if (x.compareTo(y) >= 0) { - x.subTo(y, x); - x.rShiftTo(1, x); - } else { - y.subTo(x, y); - y.rShiftTo(1, y); - } + oid = asn1.derToOid(capture.kdfOid); + if (oid !== pki2.oids["pkcs5PBKDF2"]) { + var error3 = new Error("Cannot read encrypted private key. Unsupported key derivation function OID."); + error3.oid = oid; + error3.supportedOids = ["pkcs5PBKDF2"]; + throw error3; } - if (g > 0) y.lShiftTo(g, y); - return y; - } - function bnpModInt(n) { - if (n <= 0) return 0; - var d = this.DV % n, r = this.s < 0 ? n - 1 : 0; - if (this.t > 0) - if (d == 0) r = this.data[0] % n; - else for (var i = this.t - 1; i >= 0; --i) r = (d * r + this.data[i]) % n; - return r; - } - function bnModInverse(m) { - var ac = m.isEven(); - if (this.isEven() && ac || m.signum() == 0) return BigInteger.ZERO; - var u = m.clone(), v = this.clone(); - var a = nbv(1), b = nbv(0), c = nbv(0), d = nbv(1); - while (u.signum() != 0) { - while (u.isEven()) { - u.rShiftTo(1, u); - if (ac) { - if (!a.isEven() || !b.isEven()) { - a.addTo(this, a); - b.subTo(m, b); - } - a.rShiftTo(1, a); - } else if (!b.isEven()) b.subTo(m, b); - b.rShiftTo(1, b); - } - while (v.isEven()) { - v.rShiftTo(1, v); - if (ac) { - if (!c.isEven() || !d.isEven()) { - c.addTo(this, c); - d.subTo(m, d); - } - c.rShiftTo(1, c); - } else if (!d.isEven()) d.subTo(m, d); - d.rShiftTo(1, d); - } - if (u.compareTo(v) >= 0) { - u.subTo(v, u); - if (ac) a.subTo(c, a); - b.subTo(d, b); - } else { - v.subTo(u, v); - if (ac) c.subTo(a, c); - d.subTo(b, d); + oid = asn1.derToOid(capture.encOid); + if (oid !== pki2.oids["aes128-CBC"] && oid !== pki2.oids["aes192-CBC"] && oid !== pki2.oids["aes256-CBC"] && oid !== pki2.oids["des-EDE3-CBC"] && oid !== pki2.oids["desCBC"]) { + var error3 = new Error("Cannot read encrypted private key. Unsupported encryption scheme OID."); + error3.oid = oid; + error3.supportedOids = [ + "aes128-CBC", + "aes192-CBC", + "aes256-CBC", + "des-EDE3-CBC", + "desCBC" + ]; + throw error3; + } + var salt = capture.kdfSalt; + var count = forge.util.createBuffer(capture.kdfIterationCount); + count = count.getInt(count.length() << 3); + var dkLen; + var cipherFn; + switch (pki2.oids[oid]) { + case "aes128-CBC": + dkLen = 16; + cipherFn = forge.aes.createDecryptionCipher; + break; + case "aes192-CBC": + dkLen = 24; + cipherFn = forge.aes.createDecryptionCipher; + break; + case "aes256-CBC": + dkLen = 32; + cipherFn = forge.aes.createDecryptionCipher; + break; + case "des-EDE3-CBC": + dkLen = 24; + cipherFn = forge.des.createDecryptionCipher; + break; + case "desCBC": + dkLen = 8; + cipherFn = forge.des.createDecryptionCipher; + break; + } + var md = prfOidToMessageDigest(capture.prfOid); + var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen, md); + var iv = capture.encIv; + var cipher = cipherFn(dk); + cipher.start(iv); + return cipher; + }; + pki2.pbe.getCipherForPKCS12PBE = function(oid, params, password) { + var capture = {}; + var errors = []; + if (!asn1.validate(params, pkcs12PbeParamsValidator, capture, errors)) { + var error3 = new Error("Cannot read password-based-encryption algorithm parameters. ASN.1 object is not a supported EncryptedPrivateKeyInfo."); + error3.errors = errors; + throw error3; + } + var salt = forge.util.createBuffer(capture.salt); + var count = forge.util.createBuffer(capture.iterations); + count = count.getInt(count.length() << 3); + var dkLen, dIvLen, cipherFn; + switch (oid) { + case pki2.oids["pbeWithSHAAnd3-KeyTripleDES-CBC"]: + dkLen = 24; + dIvLen = 8; + cipherFn = forge.des.startDecrypting; + break; + case pki2.oids["pbewithSHAAnd40BitRC2-CBC"]: + dkLen = 5; + dIvLen = 8; + cipherFn = function(key2, iv2) { + var cipher = forge.rc2.createDecryptionCipher(key2, 40); + cipher.start(iv2, null); + return cipher; + }; + break; + default: + var error3 = new Error("Cannot read PKCS #12 PBE data block. Unsupported OID."); + error3.oid = oid; + throw error3; + } + var md = prfOidToMessageDigest(capture.prfOid); + var key = pki2.pbe.generatePkcs12Key(password, salt, 1, count, dkLen, md); + md.start(); + var iv = pki2.pbe.generatePkcs12Key(password, salt, 2, count, dIvLen, md); + return cipherFn(key, iv); + }; + pki2.pbe.opensslDeriveBytes = function(password, salt, dkLen, md) { + if (typeof md === "undefined" || md === null) { + if (!("md5" in forge.md)) { + throw new Error('"md5" hash algorithm unavailable.'); } + md = forge.md.md5.create(); } - if (v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO; - if (d.compareTo(m) >= 0) return d.subtract(m); - if (d.signum() < 0) d.addTo(m, d); - else return d; - if (d.signum() < 0) return d.add(m); - else return d; - } - var lowprimes = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509]; - var lplim = (1 << 26) / lowprimes[lowprimes.length - 1]; - function bnIsProbablePrime(t) { - var i, x = this.abs(); - if (x.t == 1 && x.data[0] <= lowprimes[lowprimes.length - 1]) { - for (i = 0; i < lowprimes.length; ++i) - if (x.data[0] == lowprimes[i]) return true; - return false; + if (salt === null) { + salt = ""; } - if (x.isEven()) return false; - i = 1; - while (i < lowprimes.length) { - var m = lowprimes[i], j = i + 1; - while (j < lowprimes.length && m < lplim) m *= lowprimes[j++]; - m = x.modInt(m); - while (i < j) if (m % lowprimes[i++] == 0) return false; + var digests = [hash(md, password + salt)]; + for (var length = 16, i = 1; length < dkLen; ++i, length += 16) { + digests.push(hash(md, digests[i - 1] + password + salt)); } - return x.millerRabin(t); + return digests.join("").substr(0, dkLen); + }; + function hash(md, bytes) { + return md.start().update(bytes).digest().getBytes(); } - function bnpMillerRabin(t) { - var n1 = this.subtract(BigInteger.ONE); - var k = n1.getLowestSetBit(); - if (k <= 0) return false; - var r = n1.shiftRight(k); - var prng = bnGetPrng(); - var a; - for (var i = 0; i < t; ++i) { - do { - a = new BigInteger(this.bitLength(), prng); - } while (a.compareTo(BigInteger.ONE) <= 0 || a.compareTo(n1) >= 0); - var y = a.modPow(r, this); - if (y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) { - var j = 1; - while (j++ < k && y.compareTo(n1) != 0) { - y = y.modPowInt(2, this); - if (y.compareTo(BigInteger.ONE) == 0) return false; - } - if (y.compareTo(n1) != 0) return false; + function prfOidToMessageDigest(prfOid) { + var prfAlgorithm; + if (!prfOid) { + prfAlgorithm = "hmacWithSHA1"; + } else { + prfAlgorithm = pki2.oids[asn1.derToOid(prfOid)]; + if (!prfAlgorithm) { + var error3 = new Error("Unsupported PRF OID."); + error3.oid = prfOid; + error3.supported = [ + "hmacWithSHA1", + "hmacWithSHA224", + "hmacWithSHA256", + "hmacWithSHA384", + "hmacWithSHA512" + ]; + throw error3; } } - return true; - } - function bnGetPrng() { - return { - // x is an array to fill with bytes - nextBytes: function(x) { - for (var i = 0; i < x.length; ++i) { - x[i] = Math.floor(Math.random() * 256); - } - } - }; + return prfAlgorithmToMessageDigest(prfAlgorithm); } - BigInteger.prototype.chunkSize = bnpChunkSize; - BigInteger.prototype.toRadix = bnpToRadix; - BigInteger.prototype.fromRadix = bnpFromRadix; - BigInteger.prototype.fromNumber = bnpFromNumber; - BigInteger.prototype.bitwiseTo = bnpBitwiseTo; - BigInteger.prototype.changeBit = bnpChangeBit; - BigInteger.prototype.addTo = bnpAddTo; - BigInteger.prototype.dMultiply = bnpDMultiply; - BigInteger.prototype.dAddOffset = bnpDAddOffset; - BigInteger.prototype.multiplyLowerTo = bnpMultiplyLowerTo; - BigInteger.prototype.multiplyUpperTo = bnpMultiplyUpperTo; - BigInteger.prototype.modInt = bnpModInt; - BigInteger.prototype.millerRabin = bnpMillerRabin; - BigInteger.prototype.clone = bnClone; - BigInteger.prototype.intValue = bnIntValue; - BigInteger.prototype.byteValue = bnByteValue; - BigInteger.prototype.shortValue = bnShortValue; - BigInteger.prototype.signum = bnSigNum; - BigInteger.prototype.toByteArray = bnToByteArray; - BigInteger.prototype.equals = bnEquals; - BigInteger.prototype.min = bnMin; - BigInteger.prototype.max = bnMax; - BigInteger.prototype.and = bnAnd; - BigInteger.prototype.or = bnOr; - BigInteger.prototype.xor = bnXor; - BigInteger.prototype.andNot = bnAndNot; - BigInteger.prototype.not = bnNot; - BigInteger.prototype.shiftLeft = bnShiftLeft; - BigInteger.prototype.shiftRight = bnShiftRight; - BigInteger.prototype.getLowestSetBit = bnGetLowestSetBit; - BigInteger.prototype.bitCount = bnBitCount; - BigInteger.prototype.testBit = bnTestBit; - BigInteger.prototype.setBit = bnSetBit; - BigInteger.prototype.clearBit = bnClearBit; - BigInteger.prototype.flipBit = bnFlipBit; - BigInteger.prototype.add = bnAdd; - BigInteger.prototype.subtract = bnSubtract; - BigInteger.prototype.multiply = bnMultiply; - BigInteger.prototype.divide = bnDivide; - BigInteger.prototype.remainder = bnRemainder; - BigInteger.prototype.divideAndRemainder = bnDivideAndRemainder; - BigInteger.prototype.modPow = bnModPow; - BigInteger.prototype.modInverse = bnModInverse; - BigInteger.prototype.pow = bnPow; - BigInteger.prototype.gcd = bnGCD; - BigInteger.prototype.isProbablePrime = bnIsProbablePrime; - } -}); - -// node_modules/node-forge/lib/sha1.js -var require_sha1 = __commonJS({ - "node_modules/node-forge/lib/sha1.js"(exports2, module2) { - var forge = require_forge(); - require_md(); - require_util9(); - var sha1 = module2.exports = forge.sha1 = forge.sha1 || {}; - forge.md.sha1 = forge.md.algorithms.sha1 = sha1; - sha1.create = function() { - if (!_initialized) { - _init(); + function prfAlgorithmToMessageDigest(prfAlgorithm) { + var factory = forge.md; + switch (prfAlgorithm) { + case "hmacWithSHA224": + factory = forge.md.sha512; + case "hmacWithSHA1": + case "hmacWithSHA256": + case "hmacWithSHA384": + case "hmacWithSHA512": + prfAlgorithm = prfAlgorithm.substr(8).toLowerCase(); + break; + default: + var error3 = new Error("Unsupported PRF algorithm."); + error3.algorithm = prfAlgorithm; + error3.supported = [ + "hmacWithSHA1", + "hmacWithSHA224", + "hmacWithSHA256", + "hmacWithSHA384", + "hmacWithSHA512" + ]; + throw error3; } - var _state = null; - var _input = forge.util.createBuffer(); - var _w = new Array(80); - var md = { - algorithm: "sha1", - blockLength: 64, - digestLength: 20, - // 56-bit length of message so far (does not including padding) - messageLength: 0, - // true message length - fullMessageLength: null, - // size of message length in bytes - messageLengthSize: 8 - }; - md.start = function() { - md.messageLength = 0; - md.fullMessageLength = md.messageLength64 = []; - var int32s = md.messageLengthSize / 4; - for (var i = 0; i < int32s; ++i) { - md.fullMessageLength.push(0); - } - _input = forge.util.createBuffer(); - _state = { - h0: 1732584193, - h1: 4023233417, - h2: 2562383102, - h3: 271733878, - h4: 3285377520 - }; - return md; - }; - md.start(); - md.update = function(msg, encoding) { - if (encoding === "utf8") { - msg = forge.util.encodeUtf8(msg); - } - var len = msg.length; - md.messageLength += len; - len = [len / 4294967296 >>> 0, len >>> 0]; - for (var i = md.fullMessageLength.length - 1; i >= 0; --i) { - md.fullMessageLength[i] += len[1]; - len[1] = len[0] + (md.fullMessageLength[i] / 4294967296 >>> 0); - md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0; - len[0] = len[1] / 4294967296 >>> 0; - } - _input.putBytes(msg); - _update(_state, _w, _input); - if (_input.read > 2048 || _input.length() === 0) { - _input.compact(); - } - return md; - }; - md.digest = function() { - var finalBlock = forge.util.createBuffer(); - finalBlock.putBytes(_input.bytes()); - var remaining = md.fullMessageLength[md.fullMessageLength.length - 1] + md.messageLengthSize; - var overflow = remaining & md.blockLength - 1; - finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow)); - var next, carry; - var bits = md.fullMessageLength[0] * 8; - for (var i = 0; i < md.fullMessageLength.length - 1; ++i) { - next = md.fullMessageLength[i + 1] * 8; - carry = next / 4294967296 >>> 0; - bits += carry; - finalBlock.putInt32(bits >>> 0); - bits = next >>> 0; - } - finalBlock.putInt32(bits); - var s2 = { - h0: _state.h0, - h1: _state.h1, - h2: _state.h2, - h3: _state.h3, - h4: _state.h4 - }; - _update(s2, _w, finalBlock); - var rval = forge.util.createBuffer(); - rval.putInt32(s2.h0); - rval.putInt32(s2.h1); - rval.putInt32(s2.h2); - rval.putInt32(s2.h3); - rval.putInt32(s2.h4); - return rval; - }; - return md; - }; - var _padding = null; - var _initialized = false; - function _init() { - _padding = String.fromCharCode(128); - _padding += forge.util.fillString(String.fromCharCode(0), 64); - _initialized = true; - } - function _update(s, w, bytes) { - var t, a, b, c, d, e, f, i; - var len = bytes.length(); - while (len >= 64) { - a = s.h0; - b = s.h1; - c = s.h2; - d = s.h3; - e = s.h4; - for (i = 0; i < 16; ++i) { - t = bytes.getInt32(); - w[i] = t; - f = d ^ b & (c ^ d); - t = (a << 5 | a >>> 27) + f + e + 1518500249 + t; - e = d; - d = c; - c = (b << 30 | b >>> 2) >>> 0; - b = a; - a = t; - } - for (; i < 20; ++i) { - t = w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]; - t = t << 1 | t >>> 31; - w[i] = t; - f = d ^ b & (c ^ d); - t = (a << 5 | a >>> 27) + f + e + 1518500249 + t; - e = d; - d = c; - c = (b << 30 | b >>> 2) >>> 0; - b = a; - a = t; - } - for (; i < 32; ++i) { - t = w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]; - t = t << 1 | t >>> 31; - w[i] = t; - f = b ^ c ^ d; - t = (a << 5 | a >>> 27) + f + e + 1859775393 + t; - e = d; - d = c; - c = (b << 30 | b >>> 2) >>> 0; - b = a; - a = t; - } - for (; i < 40; ++i) { - t = w[i - 6] ^ w[i - 16] ^ w[i - 28] ^ w[i - 32]; - t = t << 2 | t >>> 30; - w[i] = t; - f = b ^ c ^ d; - t = (a << 5 | a >>> 27) + f + e + 1859775393 + t; - e = d; - d = c; - c = (b << 30 | b >>> 2) >>> 0; - b = a; - a = t; - } - for (; i < 60; ++i) { - t = w[i - 6] ^ w[i - 16] ^ w[i - 28] ^ w[i - 32]; - t = t << 2 | t >>> 30; - w[i] = t; - f = b & c | d & (b ^ c); - t = (a << 5 | a >>> 27) + f + e + 2400959708 + t; - e = d; - d = c; - c = (b << 30 | b >>> 2) >>> 0; - b = a; - a = t; - } - for (; i < 80; ++i) { - t = w[i - 6] ^ w[i - 16] ^ w[i - 28] ^ w[i - 32]; - t = t << 2 | t >>> 30; - w[i] = t; - f = b ^ c ^ d; - t = (a << 5 | a >>> 27) + f + e + 3395469782 + t; - e = d; - d = c; - c = (b << 30 | b >>> 2) >>> 0; - b = a; - a = t; - } - s.h0 = s.h0 + a | 0; - s.h1 = s.h1 + b | 0; - s.h2 = s.h2 + c | 0; - s.h3 = s.h3 + d | 0; - s.h4 = s.h4 + e | 0; - len -= 64; + if (!factory || !(prfAlgorithm in factory)) { + throw new Error("Unknown hash algorithm: " + prfAlgorithm); } + return factory[prfAlgorithm].create(); } - } -}); - -// node_modules/node-forge/lib/pkcs1.js -var require_pkcs1 = __commonJS({ - "node_modules/node-forge/lib/pkcs1.js"(exports2, module2) { - var forge = require_forge(); - require_util9(); - require_random(); - require_sha1(); - var pkcs1 = module2.exports = forge.pkcs1 = forge.pkcs1 || {}; - pkcs1.encode_rsa_oaep = function(key, message, options) { - var label; - var seed; - var md; - var mgf1Md; - if (typeof options === "string") { - label = options; - seed = arguments[3] || void 0; - md = arguments[4] || void 0; - } else if (options) { - label = options.label || void 0; - seed = options.seed || void 0; - md = options.md || void 0; - if (options.mgf1 && options.mgf1.md) { - mgf1Md = options.mgf1.md; - } - } - if (!md) { - md = forge.md.sha1.create(); - } else { - md.start(); - } - if (!mgf1Md) { - mgf1Md = md; - } - var keyLength = Math.ceil(key.n.bitLength() / 8); - var maxLength = keyLength - 2 * md.digestLength - 2; - if (message.length > maxLength) { - var error3 = new Error("RSAES-OAEP input message length is too long."); - error3.length = message.length; - error3.maxLength = maxLength; - throw error3; - } - if (!label) { - label = ""; - } - md.update(label, "raw"); - var lHash = md.digest(); - var PS = ""; - var PS_length = maxLength - message.length; - for (var i = 0; i < PS_length; i++) { - PS += "\0"; - } - var DB = lHash.getBytes() + PS + "" + message; - if (!seed) { - seed = forge.random.getBytes(md.digestLength); - } else if (seed.length !== md.digestLength) { - var error3 = new Error("Invalid RSAES-OAEP seed. The seed length must match the digest length."); - error3.seedLength = seed.length; - error3.digestLength = md.digestLength; - throw error3; - } - var dbMask = rsa_mgf1(seed, keyLength - md.digestLength - 1, mgf1Md); - var maskedDB = forge.util.xorBytes(DB, dbMask, DB.length); - var seedMask = rsa_mgf1(maskedDB, md.digestLength, mgf1Md); - var maskedSeed = forge.util.xorBytes(seed, seedMask, seed.length); - return "\0" + maskedSeed + maskedDB; - }; - pkcs1.decode_rsa_oaep = function(key, em, options) { - var label; - var md; - var mgf1Md; - if (typeof options === "string") { - label = options; - md = arguments[3] || void 0; - } else if (options) { - label = options.label || void 0; - md = options.md || void 0; - if (options.mgf1 && options.mgf1.md) { - mgf1Md = options.mgf1.md; - } - } - var keyLength = Math.ceil(key.n.bitLength() / 8); - if (em.length !== keyLength) { - var error3 = new Error("RSAES-OAEP encoded message length is invalid."); - error3.length = em.length; - error3.expectedLength = keyLength; - throw error3; - } - if (md === void 0) { - md = forge.md.sha1.create(); - } else { - md.start(); - } - if (!mgf1Md) { - mgf1Md = md; - } - if (keyLength < 2 * md.digestLength + 2) { - throw new Error("RSAES-OAEP key is too short for the hash function."); - } - if (!label) { - label = ""; - } - md.update(label, "raw"); - var lHash = md.digest().getBytes(); - var y = em.charAt(0); - var maskedSeed = em.substring(1, md.digestLength + 1); - var maskedDB = em.substring(1 + md.digestLength); - var seedMask = rsa_mgf1(maskedDB, md.digestLength, mgf1Md); - var seed = forge.util.xorBytes(maskedSeed, seedMask, maskedSeed.length); - var dbMask = rsa_mgf1(seed, keyLength - md.digestLength - 1, mgf1Md); - var db = forge.util.xorBytes(maskedDB, dbMask, maskedDB.length); - var lHashPrime = db.substring(0, md.digestLength); - var error3 = y !== "\0"; - for (var i = 0; i < md.digestLength; ++i) { - error3 |= lHash.charAt(i) !== lHashPrime.charAt(i); - } - var in_ps = 1; - var index = md.digestLength; - for (var j = md.digestLength; j < db.length; j++) { - var code = db.charCodeAt(j); - var is_0 = code & 1 ^ 1; - var error_mask = in_ps ? 65534 : 0; - error3 |= code & error_mask; - in_ps = in_ps & is_0; - index += in_ps; - } - if (error3 || db.charCodeAt(index) !== 1) { - throw new Error("Invalid RSAES-OAEP padding."); - } - return db.substring(index + 1); - }; - function rsa_mgf1(seed, maskLength, hash) { - if (!hash) { - hash = forge.md.sha1.create(); - } - var t = ""; - var count = Math.ceil(maskLength / hash.digestLength); - for (var i = 0; i < count; ++i) { - var c = String.fromCharCode( - i >> 24 & 255, - i >> 16 & 255, - i >> 8 & 255, - i & 255 + function createPbkdf2Params(salt, countBytes, dkLen, prfAlgorithm) { + var params = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // salt + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OCTETSTRING, + false, + salt + ), + // iteration count + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.INTEGER, + false, + countBytes.getBytes() + ) + ]); + if (prfAlgorithm !== "hmacWithSHA1") { + params.value.push( + // key length + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.INTEGER, + false, + forge.util.hexToBytes(dkLen.toString(16)) + ), + // AlgorithmIdentifier + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // algorithm + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(pki2.oids[prfAlgorithm]).getBytes() + ), + // parameters (null) + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, "") + ]) ); - hash.start(); - hash.update(seed + c); - t += hash.digest().getBytes(); } - return t.substring(0, maskLength); + return params; } } }); -// node_modules/node-forge/lib/prime.js -var require_prime = __commonJS({ - "node_modules/node-forge/lib/prime.js"(exports2, module2) { +// node_modules/node-forge/lib/pkcs7asn1.js +var require_pkcs7asn1 = __commonJS({ + "node_modules/node-forge/lib/pkcs7asn1.js"(exports2, module2) { var forge = require_forge(); + require_asn1(); require_util9(); - require_jsbn(); - require_random(); - (function() { - if (forge.prime) { - module2.exports = forge.prime; - return; - } - var prime = module2.exports = forge.prime = forge.prime || {}; - var BigInteger = forge.jsbn.BigInteger; - var GCD_30_DELTA = [6, 4, 2, 4, 2, 4, 6, 2]; - var THIRTY = new BigInteger(null); - THIRTY.fromInt(30); - var op_or = function(x, y) { - return x | y; - }; - prime.generateProbablePrime = function(bits, options, callback) { - if (typeof options === "function") { - callback = options; - options = {}; - } - options = options || {}; - var algorithm = options.algorithm || "PRIMEINC"; - if (typeof algorithm === "string") { - algorithm = { name: algorithm }; - } - algorithm.options = algorithm.options || {}; - var prng = options.prng || forge.random; - var rng = { - // x is an array to fill with bytes - nextBytes: function(x) { - var b = prng.getBytesSync(x.length); - for (var i = 0; i < x.length; ++i) { - x[i] = b.charCodeAt(i); - } - } - }; - if (algorithm.name === "PRIMEINC") { - return primeincFindPrime(bits, rng, algorithm.options, callback); - } - throw new Error("Invalid prime generation algorithm: " + algorithm.name); - }; - function primeincFindPrime(bits, rng, options, callback) { - if ("workers" in options) { - return primeincFindPrimeWithWorkers(bits, rng, options, callback); - } - return primeincFindPrimeWithoutWorkers(bits, rng, options, callback); - } - function primeincFindPrimeWithoutWorkers(bits, rng, options, callback) { - var num = generateRandom(bits, rng); - var deltaIdx = 0; - var mrTests = getMillerRabinTests(num.bitLength()); - if ("millerRabinTests" in options) { - mrTests = options.millerRabinTests; - } - var maxBlockTime = 10; - if ("maxBlockTime" in options) { - maxBlockTime = options.maxBlockTime; - } - _primeinc(num, bits, rng, deltaIdx, mrTests, maxBlockTime, callback); - } - function _primeinc(num, bits, rng, deltaIdx, mrTests, maxBlockTime, callback) { - var start = +/* @__PURE__ */ new Date(); - do { - if (num.bitLength() > bits) { - num = generateRandom(bits, rng); - } - if (num.isProbablePrime(mrTests)) { - return callback(null, num); - } - num.dAddOffset(GCD_30_DELTA[deltaIdx++ % 8], 0); - } while (maxBlockTime < 0 || +/* @__PURE__ */ new Date() - start < maxBlockTime); - forge.util.setImmediate(function() { - _primeinc(num, bits, rng, deltaIdx, mrTests, maxBlockTime, callback); - }); - } - function primeincFindPrimeWithWorkers(bits, rng, options, callback) { - if (typeof Worker === "undefined") { - return primeincFindPrimeWithoutWorkers(bits, rng, options, callback); - } - var num = generateRandom(bits, rng); - var numWorkers = options.workers; - var workLoad = options.workLoad || 100; - var range = workLoad * 30 / 8; - var workerScript = options.workerScript || "forge/prime.worker.js"; - if (numWorkers === -1) { - return forge.util.estimateCores(function(err, cores) { - if (err) { - cores = 2; - } - numWorkers = cores - 1; - generate(); - }); - } - generate(); - function generate() { - numWorkers = Math.max(1, numWorkers); - var workers = []; - for (var i = 0; i < numWorkers; ++i) { - workers[i] = new Worker(workerScript); - } - var running = numWorkers; - for (var i = 0; i < numWorkers; ++i) { - workers[i].addEventListener("message", workerMessage); - } - var found = false; - function workerMessage(e) { - if (found) { - return; - } - --running; - var data = e.data; - if (data.found) { - for (var i2 = 0; i2 < workers.length; ++i2) { - workers[i2].terminate(); - } - found = true; - return callback(null, new BigInteger(data.prime, 16)); - } - if (num.bitLength() > bits) { - num = generateRandom(bits, rng); - } - var hex = num.toString(16); - e.target.postMessage({ - hex, - workLoad - }); - num.dAddOffset(range, 0); - } - } - } - function generateRandom(bits, rng) { - var num = new BigInteger(bits, rng); - var bits1 = bits - 1; - if (!num.testBit(bits1)) { - num.bitwiseTo(BigInteger.ONE.shiftLeft(bits1), op_or, num); - } - num.dAddOffset(31 - num.mod(THIRTY).byteValue(), 0); - return num; - } - function getMillerRabinTests(bits) { - if (bits <= 100) return 27; - if (bits <= 150) return 18; - if (bits <= 200) return 15; - if (bits <= 250) return 12; - if (bits <= 300) return 9; - if (bits <= 350) return 8; - if (bits <= 400) return 7; - if (bits <= 500) return 6; - if (bits <= 600) return 5; - if (bits <= 800) return 4; - if (bits <= 1250) return 3; - return 2; - } - })(); - } -}); - -// node_modules/node-forge/lib/rsa.js -var require_rsa = __commonJS({ - "node_modules/node-forge/lib/rsa.js"(exports2, module2) { - var forge = require_forge(); - require_asn1(); - require_jsbn(); - require_oids(); - require_pkcs1(); - require_prime(); - require_random(); - require_util9(); - if (typeof BigInteger === "undefined") { - BigInteger = forge.jsbn.BigInteger; - } - var BigInteger; - var _crypto = forge.util.isNodejs ? require("crypto") : null; var asn1 = forge.asn1; - var util = forge.util; - forge.pki = forge.pki || {}; - module2.exports = forge.pki.rsa = forge.rsa = forge.rsa || {}; - var pki2 = forge.pki; - var GCD_30_DELTA = [6, 4, 2, 4, 2, 4, 6, 2]; - var privateKeyValidator = { - // PrivateKeyInfo - name: "PrivateKeyInfo", + var p7v = module2.exports = forge.pkcs7asn1 = forge.pkcs7asn1 || {}; + forge.pkcs7 = forge.pkcs7 || {}; + forge.pkcs7.asn1 = p7v; + var contentInfoValidator = { + name: "ContentInfo", tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ - // Version (INTEGER) - name: "PrivateKeyInfo.version", + name: "ContentInfo.ContentType", tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, + type: asn1.Type.OID, constructed: false, - capture: "privateKeyVersion" + capture: "contentType" }, { - // privateKeyAlgorithm - name: "PrivateKeyInfo.privateKeyAlgorithm", + name: "ContentInfo.content", + tagClass: asn1.Class.CONTEXT_SPECIFIC, + type: 0, + constructed: true, + optional: true, + captureAsn1: "content" + }] + }; + p7v.contentInfoValidator = contentInfoValidator; + var encryptedContentInfoValidator = { + name: "EncryptedContentInfo", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "EncryptedContentInfo.contentType", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "contentType" + }, { + name: "EncryptedContentInfo.contentEncryptionAlgorithm", tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ - name: "AlgorithmIdentifier.algorithm", + name: "EncryptedContentInfo.contentEncryptionAlgorithm.algorithm", tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, - capture: "privateKeyOid" + capture: "encAlgorithm" + }, { + name: "EncryptedContentInfo.contentEncryptionAlgorithm.parameter", + tagClass: asn1.Class.UNIVERSAL, + captureAsn1: "encParameter" }] }, { - // PrivateKey - name: "PrivateKeyInfo", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OCTETSTRING, - constructed: false, - capture: "privateKey" + name: "EncryptedContentInfo.encryptedContent", + tagClass: asn1.Class.CONTEXT_SPECIFIC, + type: 0, + /* The PKCS#7 structure output by OpenSSL somewhat differs from what + * other implementations do generate. + * + * OpenSSL generates a structure like this: + * SEQUENCE { + * ... + * [0] + * 26 DA 67 D2 17 9C 45 3C B1 2A A8 59 2F 29 33 38 + * C3 C3 DF 86 71 74 7A 19 9F 40 D0 29 BE 85 90 45 + * ... + * } + * + * Whereas other implementations (and this PKCS#7 module) generate: + * SEQUENCE { + * ... + * [0] { + * OCTET STRING + * 26 DA 67 D2 17 9C 45 3C B1 2A A8 59 2F 29 33 38 + * C3 C3 DF 86 71 74 7A 19 9F 40 D0 29 BE 85 90 45 + * ... + * } + * } + * + * In order to support both, we just capture the context specific + * field here. The OCTET STRING bit is removed below. + */ + capture: "encryptedContent", + captureAsn1: "encryptedContentAsn1" }] }; - var rsaPrivateKeyValidator = { - // RSAPrivateKey - name: "RSAPrivateKey", + p7v.envelopedDataValidator = { + name: "EnvelopedData", tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ - // Version (INTEGER) - name: "RSAPrivateKey.version", + name: "EnvelopedData.Version", tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, - capture: "privateKeyVersion" + capture: "version" }, { - // modulus (n) - name: "RSAPrivateKey.modulus", + name: "EnvelopedData.RecipientInfos", tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "privateKeyModulus" - }, { - // publicExponent (e) - name: "RSAPrivateKey.publicExponent", + type: asn1.Type.SET, + constructed: true, + captureAsn1: "recipientInfos" + }].concat(encryptedContentInfoValidator) + }; + p7v.encryptedDataValidator = { + name: "EncryptedData", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "EncryptedData.Version", tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, - capture: "privateKeyPublicExponent" - }, { - // privateExponent (d) - name: "RSAPrivateKey.privateExponent", + capture: "version" + }].concat(encryptedContentInfoValidator) + }; + var signerValidator = { + name: "SignerInfo", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "SignerInfo.version", tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, - constructed: false, - capture: "privateKeyPrivateExponent" + constructed: false }, { - // prime1 (p) - name: "RSAPrivateKey.prime1", + name: "SignerInfo.issuerAndSerialNumber", tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "privateKeyPrime1" + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "SignerInfo.issuerAndSerialNumber.issuer", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + captureAsn1: "issuer" + }, { + name: "SignerInfo.issuerAndSerialNumber.serialNumber", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "serial" + }] }, { - // prime2 (q) - name: "RSAPrivateKey.prime2", + name: "SignerInfo.digestAlgorithm", tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "privateKeyPrime2" + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "SignerInfo.digestAlgorithm.algorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "digestAlgorithm" + }, { + name: "SignerInfo.digestAlgorithm.parameter", + tagClass: asn1.Class.UNIVERSAL, + constructed: false, + captureAsn1: "digestParameter", + optional: true + }] }, { - // exponent1 (d mod (p-1)) - name: "RSAPrivateKey.exponent1", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "privateKeyExponent1" + name: "SignerInfo.authenticatedAttributes", + tagClass: asn1.Class.CONTEXT_SPECIFIC, + type: 0, + constructed: true, + optional: true, + capture: "authenticatedAttributes" }, { - // exponent2 (d mod (q-1)) - name: "RSAPrivateKey.exponent2", + name: "SignerInfo.digestEncryptionAlgorithm", tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "privateKeyExponent2" + type: asn1.Type.SEQUENCE, + constructed: true, + capture: "signatureAlgorithm" }, { - // coefficient ((inverse of q) mod p) - name: "RSAPrivateKey.coefficient", + name: "SignerInfo.encryptedDigest", tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, + type: asn1.Type.OCTETSTRING, constructed: false, - capture: "privateKeyCoefficient" + capture: "signature" + }, { + name: "SignerInfo.unauthenticatedAttributes", + tagClass: asn1.Class.CONTEXT_SPECIFIC, + type: 1, + constructed: true, + optional: true, + capture: "unauthenticatedAttributes" }] }; - var rsaPublicKeyValidator = { - // RSAPublicKey - name: "RSAPublicKey", + p7v.signedDataValidator = { + name: "SignedData", tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, - value: [{ - // modulus (n) - name: "RSAPublicKey.modulus", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "publicKeyModulus" - }, { - // publicExponent (e) - name: "RSAPublicKey.exponent", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "publicKeyExponent" - }] + value: [ + { + name: "SignedData.Version", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "version" + }, + { + name: "SignedData.DigestAlgorithms", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SET, + constructed: true, + captureAsn1: "digestAlgorithms" + }, + contentInfoValidator, + { + name: "SignedData.Certificates", + tagClass: asn1.Class.CONTEXT_SPECIFIC, + type: 0, + optional: true, + captureAsn1: "certificates" + }, + { + name: "SignedData.CertificateRevocationLists", + tagClass: asn1.Class.CONTEXT_SPECIFIC, + type: 1, + optional: true, + captureAsn1: "crls" + }, + { + name: "SignedData.SignerInfos", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SET, + capture: "signerInfos", + optional: true, + value: [signerValidator] + } + ] }; - var publicKeyValidator = forge.pki.rsa.publicKeyValidator = { - name: "SubjectPublicKeyInfo", + p7v.recipientInfoValidator = { + name: "RecipientInfo", tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, - captureAsn1: "subjectPublicKeyInfo", value: [{ - name: "SubjectPublicKeyInfo.AlgorithmIdentifier", + name: "RecipientInfo.version", tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "AlgorithmIdentifier.algorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "publicKeyOid" - }] + type: asn1.Type.INTEGER, + constructed: false, + capture: "version" }, { - // subjectPublicKey - name: "SubjectPublicKeyInfo.subjectPublicKey", + name: "RecipientInfo.issuerAndSerial", tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.BITSTRING, - constructed: false, + type: asn1.Type.SEQUENCE, + constructed: true, value: [{ - // RSAPublicKey - name: "SubjectPublicKeyInfo.subjectPublicKey.RSAPublicKey", + name: "RecipientInfo.issuerAndSerial.issuer", tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, - optional: true, - captureAsn1: "rsaPublicKey" + captureAsn1: "issuer" + }, { + name: "RecipientInfo.issuerAndSerial.serialNumber", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "serial" }] - }] - }; - var digestInfoValidator = { - name: "DigestInfo", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "DigestInfo.DigestAlgorithm", + }, { + name: "RecipientInfo.keyEncryptionAlgorithm", tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ - name: "DigestInfo.DigestAlgorithm.algorithmIdentifier", + name: "RecipientInfo.keyEncryptionAlgorithm.algorithm", tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, - capture: "algorithmIdentifier" + capture: "encAlgorithm" }, { - // NULL parameters - name: "DigestInfo.DigestAlgorithm.parameters", + name: "RecipientInfo.keyEncryptionAlgorithm.parameter", tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.NULL, - // captured only to check existence for md2 and md5 - capture: "parameters", - optional: true, - constructed: false + constructed: false, + captureAsn1: "encParameter", + optional: true }] }, { - // digest - name: "DigestInfo.digest", + name: "RecipientInfo.encryptedKey", tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OCTETSTRING, constructed: false, - capture: "digest" + capture: "encKey" }] }; - var emsaPkcs1v15encode = function(md) { - var oid; - if (md.algorithm in pki2.oids) { - oid = pki2.oids[md.algorithm]; - } else { - var error3 = new Error("Unknown message digest algorithm."); - error3.algorithm = md.algorithm; - throw error3; - } - var oidBytes = asn1.oidToDer(oid).getBytes(); - var digestInfo = asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.SEQUENCE, - true, - [] - ); - var digestAlgorithm = asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.SEQUENCE, - true, - [] - ); - digestAlgorithm.value.push(asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - oidBytes - )); - digestAlgorithm.value.push(asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.NULL, - false, - "" - )); - var digest = asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OCTETSTRING, - false, - md.digest().getBytes() - ); - digestInfo.value.push(digestAlgorithm); - digestInfo.value.push(digest); - return asn1.toDer(digestInfo).getBytes(); + } +}); + +// node_modules/node-forge/lib/mgf1.js +var require_mgf1 = __commonJS({ + "node_modules/node-forge/lib/mgf1.js"(exports2, module2) { + var forge = require_forge(); + require_util9(); + forge.mgf = forge.mgf || {}; + var mgf1 = module2.exports = forge.mgf.mgf1 = forge.mgf1 = forge.mgf1 || {}; + mgf1.create = function(md) { + var mgf = { + /** + * Generate mask of specified length. + * + * @param {String} seed The seed for mask generation. + * @param maskLen Number of bytes to generate. + * @return {String} The generated mask. + */ + generate: function(seed, maskLen) { + var t = new forge.util.ByteBuffer(); + var len = Math.ceil(maskLen / md.digestLength); + for (var i = 0; i < len; i++) { + var c = new forge.util.ByteBuffer(); + c.putInt32(i); + md.start(); + md.update(seed + c.getBytes()); + t.putBuffer(md.digest()); + } + t.truncate(t.length() - maskLen); + return t.getBytes(); + } + }; + return mgf; }; - var _modPow = function(x, key, pub) { - if (pub) { - return x.modPow(key.e, key.n); - } - if (!key.p || !key.q) { - return x.modPow(key.d, key.n); - } - if (!key.dP) { - key.dP = key.d.mod(key.p.subtract(BigInteger.ONE)); - } - if (!key.dQ) { - key.dQ = key.d.mod(key.q.subtract(BigInteger.ONE)); - } - if (!key.qInv) { - key.qInv = key.q.modInverse(key.p); + } +}); + +// node_modules/node-forge/lib/mgf.js +var require_mgf = __commonJS({ + "node_modules/node-forge/lib/mgf.js"(exports2, module2) { + var forge = require_forge(); + require_mgf1(); + module2.exports = forge.mgf = forge.mgf || {}; + forge.mgf.mgf1 = forge.mgf1; + } +}); + +// node_modules/node-forge/lib/pss.js +var require_pss = __commonJS({ + "node_modules/node-forge/lib/pss.js"(exports2, module2) { + var forge = require_forge(); + require_random(); + require_util9(); + var pss = module2.exports = forge.pss = forge.pss || {}; + pss.create = function(options) { + if (arguments.length === 3) { + options = { + md: arguments[0], + mgf: arguments[1], + saltLength: arguments[2] + }; } - var r; - do { - r = new BigInteger( - forge.util.bytesToHex(forge.random.getBytes(key.n.bitLength() / 8)), - 16 - ); - } while (r.compareTo(key.n) >= 0 || !r.gcd(key.n).equals(BigInteger.ONE)); - x = x.multiply(r.modPow(key.e, key.n)).mod(key.n); - var xp = x.mod(key.p).modPow(key.dP, key.p); - var xq = x.mod(key.q).modPow(key.dQ, key.q); - while (xp.compareTo(xq) < 0) { - xp = xp.add(key.p); + var hash = options.md; + var mgf = options.mgf; + var hLen = hash.digestLength; + var salt_ = options.salt || null; + if (typeof salt_ === "string") { + salt_ = forge.util.createBuffer(salt_); } - var y = xp.subtract(xq).multiply(key.qInv).mod(key.p).multiply(key.q).add(xq); - y = y.multiply(r.modInverse(key.n)).mod(key.n); - return y; - }; - pki2.rsa.encrypt = function(m, key, bt) { - var pub = bt; - var eb; - var k = Math.ceil(key.n.bitLength() / 8); - if (bt !== false && bt !== true) { - pub = bt === 2; - eb = _encodePkcs1_v1_5(m, key, bt); + var sLen; + if ("saltLength" in options) { + sLen = options.saltLength; + } else if (salt_ !== null) { + sLen = salt_.length(); } else { - eb = forge.util.createBuffer(); - eb.putBytes(m); - } - var x = new BigInteger(eb.toHex(), 16); - var y = _modPow(x, key, pub); - var yhex = y.toString(16); - var ed = forge.util.createBuffer(); - var zeros = k - Math.ceil(yhex.length / 2); - while (zeros > 0) { - ed.putByte(0); - --zeros; - } - ed.putBytes(forge.util.hexToBytes(yhex)); - return ed.getBytes(); - }; - pki2.rsa.decrypt = function(ed, key, pub, ml) { - var k = Math.ceil(key.n.bitLength() / 8); - if (ed.length !== k) { - var error3 = new Error("Encrypted message length is invalid."); - error3.length = ed.length; - error3.expected = k; - throw error3; - } - var y = new BigInteger(forge.util.createBuffer(ed).toHex(), 16); - if (y.compareTo(key.n) >= 0) { - throw new Error("Encrypted message is invalid."); - } - var x = _modPow(y, key, pub); - var xhex = x.toString(16); - var eb = forge.util.createBuffer(); - var zeros = k - Math.ceil(xhex.length / 2); - while (zeros > 0) { - eb.putByte(0); - --zeros; - } - eb.putBytes(forge.util.hexToBytes(xhex)); - if (ml !== false) { - return _decodePkcs1_v1_5(eb.getBytes(), key, pub); + throw new Error("Salt length not specified or specific salt not given."); } - return eb.getBytes(); - }; - pki2.rsa.createKeyPairGenerationState = function(bits, e, options) { - if (typeof bits === "string") { - bits = parseInt(bits, 10); + if (salt_ !== null && salt_.length() !== sLen) { + throw new Error("Given salt length does not match length of given salt."); } - bits = bits || 2048; - options = options || {}; var prng = options.prng || forge.random; - var rng = { - // x is an array to fill with bytes - nextBytes: function(x) { - var b = prng.getBytesSync(x.length); - for (var i = 0; i < x.length; ++i) { - x[i] = b.charCodeAt(i); - } + var pssobj = {}; + pssobj.encode = function(md, modBits) { + var i; + var emBits = modBits - 1; + var emLen = Math.ceil(emBits / 8); + var mHash = md.digest().getBytes(); + if (emLen < hLen + sLen + 2) { + throw new Error("Message is too long to encrypt."); } + var salt; + if (salt_ === null) { + salt = prng.getBytesSync(sLen); + } else { + salt = salt_.bytes(); + } + var m_ = new forge.util.ByteBuffer(); + m_.fillWithByte(0, 8); + m_.putBytes(mHash); + m_.putBytes(salt); + hash.start(); + hash.update(m_.getBytes()); + var h = hash.digest().getBytes(); + var ps = new forge.util.ByteBuffer(); + ps.fillWithByte(0, emLen - sLen - hLen - 2); + ps.putByte(1); + ps.putBytes(salt); + var db = ps.getBytes(); + var maskLen = emLen - hLen - 1; + var dbMask = mgf.generate(h, maskLen); + var maskedDB = ""; + for (i = 0; i < maskLen; i++) { + maskedDB += String.fromCharCode(db.charCodeAt(i) ^ dbMask.charCodeAt(i)); + } + var mask = 65280 >> 8 * emLen - emBits & 255; + maskedDB = String.fromCharCode(maskedDB.charCodeAt(0) & ~mask) + maskedDB.substr(1); + return maskedDB + h + String.fromCharCode(188); }; - var algorithm = options.algorithm || "PRIMEINC"; - var rval; - if (algorithm === "PRIMEINC") { - rval = { - algorithm, - state: 0, - bits, - rng, - eInt: e || 65537, - e: new BigInteger(null), - p: null, - q: null, - qBits: bits >> 1, - pBits: bits - (bits >> 1), - pqState: 0, - num: null, - keys: null - }; - rval.e.fromInt(rval.eInt); - } else { - throw new Error("Invalid key generation algorithm: " + algorithm); - } - return rval; - }; - pki2.rsa.stepKeyPairGenerationState = function(state, n) { - if (!("algorithm" in state)) { - state.algorithm = "PRIMEINC"; - } - var THIRTY = new BigInteger(null); - THIRTY.fromInt(30); - var deltaIdx = 0; - var op_or = function(x, y) { - return x | y; - }; - var t1 = +/* @__PURE__ */ new Date(); - var t2; - var total = 0; - while (state.keys === null && (n <= 0 || total < n)) { - if (state.state === 0) { - var bits = state.p === null ? state.pBits : state.qBits; - var bits1 = bits - 1; - if (state.pqState === 0) { - state.num = new BigInteger(bits, state.rng); - if (!state.num.testBit(bits1)) { - state.num.bitwiseTo( - BigInteger.ONE.shiftLeft(bits1), - op_or, - state.num - ); - } - state.num.dAddOffset(31 - state.num.mod(THIRTY).byteValue(), 0); - deltaIdx = 0; - ++state.pqState; - } else if (state.pqState === 1) { - if (state.num.bitLength() > bits) { - state.pqState = 0; - } else if (state.num.isProbablePrime( - _getMillerRabinTests(state.num.bitLength()) - )) { - ++state.pqState; - } else { - state.num.dAddOffset(GCD_30_DELTA[deltaIdx++ % 8], 0); - } - } else if (state.pqState === 2) { - state.pqState = state.num.subtract(BigInteger.ONE).gcd(state.e).compareTo(BigInteger.ONE) === 0 ? 3 : 0; - } else if (state.pqState === 3) { - state.pqState = 0; - if (state.p === null) { - state.p = state.num; - } else { - state.q = state.num; - } - if (state.p !== null && state.q !== null) { - ++state.state; - } - state.num = null; - } - } else if (state.state === 1) { - if (state.p.compareTo(state.q) < 0) { - state.num = state.p; - state.p = state.q; - state.q = state.num; - } - ++state.state; - } else if (state.state === 2) { - state.p1 = state.p.subtract(BigInteger.ONE); - state.q1 = state.q.subtract(BigInteger.ONE); - state.phi = state.p1.multiply(state.q1); - ++state.state; - } else if (state.state === 3) { - if (state.phi.gcd(state.e).compareTo(BigInteger.ONE) === 0) { - ++state.state; - } else { - state.p = null; - state.q = null; - state.state = 0; - } - } else if (state.state === 4) { - state.n = state.p.multiply(state.q); - if (state.n.bitLength() === state.bits) { - ++state.state; - } else { - state.q = null; - state.state = 0; - } - } else if (state.state === 5) { - var d = state.e.modInverse(state.phi); - state.keys = { - privateKey: pki2.rsa.setPrivateKey( - state.n, - state.e, - d, - state.p, - state.q, - d.mod(state.p1), - d.mod(state.q1), - state.q.modInverse(state.p) - ), - publicKey: pki2.rsa.setPublicKey(state.n, state.e) - }; + pssobj.verify = function(mHash, em, modBits) { + var i; + var emBits = modBits - 1; + var emLen = Math.ceil(emBits / 8); + em = em.substr(-emLen); + if (emLen < hLen + sLen + 2) { + throw new Error("Inconsistent parameters to PSS signature verification."); } - t2 = +/* @__PURE__ */ new Date(); - total += t2 - t1; - t1 = t2; - } - return state.keys !== null; - }; - pki2.rsa.generateKeyPair = function(bits, e, options, callback) { - if (arguments.length === 1) { - if (typeof bits === "object") { - options = bits; - bits = void 0; - } else if (typeof bits === "function") { - callback = bits; - bits = void 0; + if (em.charCodeAt(emLen - 1) !== 188) { + throw new Error("Encoded message does not end in 0xBC."); } - } else if (arguments.length === 2) { - if (typeof bits === "number") { - if (typeof e === "function") { - callback = e; - e = void 0; - } else if (typeof e !== "number") { - options = e; - e = void 0; - } - } else { - options = bits; - callback = e; - bits = void 0; - e = void 0; + var maskLen = emLen - hLen - 1; + var maskedDB = em.substr(0, maskLen); + var h = em.substr(maskLen, hLen); + var mask = 65280 >> 8 * emLen - emBits & 255; + if ((maskedDB.charCodeAt(0) & mask) !== 0) { + throw new Error("Bits beyond keysize not zero as expected."); } - } else if (arguments.length === 3) { - if (typeof e === "number") { - if (typeof options === "function") { - callback = options; - options = void 0; - } - } else { - callback = options; - options = e; - e = void 0; + var dbMask = mgf.generate(h, maskLen); + var db = ""; + for (i = 0; i < maskLen; i++) { + db += String.fromCharCode(maskedDB.charCodeAt(i) ^ dbMask.charCodeAt(i)); } - } - options = options || {}; - if (bits === void 0) { - bits = options.bits || 2048; - } - if (e === void 0) { - e = options.e || 65537; - } - if (!forge.options.usePureJavaScript && !options.prng && bits >= 256 && bits <= 16384 && (e === 65537 || e === 3)) { - if (callback) { - if (_detectNodeCrypto("generateKeyPair")) { - return _crypto.generateKeyPair("rsa", { - modulusLength: bits, - publicExponent: e, - publicKeyEncoding: { - type: "spki", - format: "pem" - }, - privateKeyEncoding: { - type: "pkcs8", - format: "pem" - } - }, function(err, pub, priv) { - if (err) { - return callback(err); - } - callback(null, { - privateKey: pki2.privateKeyFromPem(priv), - publicKey: pki2.publicKeyFromPem(pub) - }); - }); - } - if (_detectSubtleCrypto("generateKey") && _detectSubtleCrypto("exportKey")) { - return util.globalScope.crypto.subtle.generateKey({ - name: "RSASSA-PKCS1-v1_5", - modulusLength: bits, - publicExponent: _intToUint8Array(e), - hash: { name: "SHA-256" } - }, true, ["sign", "verify"]).then(function(pair) { - return util.globalScope.crypto.subtle.exportKey( - "pkcs8", - pair.privateKey - ); - }).then(void 0, function(err) { - callback(err); - }).then(function(pkcs8) { - if (pkcs8) { - var privateKey = pki2.privateKeyFromAsn1( - asn1.fromDer(forge.util.createBuffer(pkcs8)) - ); - callback(null, { - privateKey, - publicKey: pki2.setRsaPublicKey(privateKey.n, privateKey.e) - }); - } - }); - } - if (_detectSubtleMsCrypto("generateKey") && _detectSubtleMsCrypto("exportKey")) { - var genOp = util.globalScope.msCrypto.subtle.generateKey({ - name: "RSASSA-PKCS1-v1_5", - modulusLength: bits, - publicExponent: _intToUint8Array(e), - hash: { name: "SHA-256" } - }, true, ["sign", "verify"]); - genOp.oncomplete = function(e2) { - var pair = e2.target.result; - var exportOp = util.globalScope.msCrypto.subtle.exportKey( - "pkcs8", - pair.privateKey - ); - exportOp.oncomplete = function(e3) { - var pkcs8 = e3.target.result; - var privateKey = pki2.privateKeyFromAsn1( - asn1.fromDer(forge.util.createBuffer(pkcs8)) - ); - callback(null, { - privateKey, - publicKey: pki2.setRsaPublicKey(privateKey.n, privateKey.e) - }); - }; - exportOp.onerror = function(err) { - callback(err); - }; - }; - genOp.onerror = function(err) { - callback(err); - }; - return; + db = String.fromCharCode(db.charCodeAt(0) & ~mask) + db.substr(1); + var checkLen = emLen - hLen - sLen - 2; + for (i = 0; i < checkLen; i++) { + if (db.charCodeAt(i) !== 0) { + throw new Error("Leftmost octets not zero as expected"); } - } else { - if (_detectNodeCrypto("generateKeyPairSync")) { - var keypair = _crypto.generateKeyPairSync("rsa", { - modulusLength: bits, - publicExponent: e, - publicKeyEncoding: { - type: "spki", - format: "pem" - }, - privateKeyEncoding: { - type: "pkcs8", - format: "pem" - } - }); - return { - privateKey: pki2.privateKeyFromPem(keypair.privateKey), - publicKey: pki2.publicKeyFromPem(keypair.publicKey) - }; + } + if (db.charCodeAt(checkLen) !== 1) { + throw new Error("Inconsistent PSS signature, 0x01 marker not found"); + } + var salt = db.substr(-sLen); + var m_ = new forge.util.ByteBuffer(); + m_.fillWithByte(0, 8); + m_.putBytes(mHash); + m_.putBytes(salt); + hash.start(); + hash.update(m_.getBytes()); + var h_ = hash.digest().getBytes(); + return h === h_; + }; + return pssobj; + }; + } +}); + +// node_modules/node-forge/lib/x509.js +var require_x509 = __commonJS({ + "node_modules/node-forge/lib/x509.js"(exports2, module2) { + var forge = require_forge(); + require_aes(); + require_asn1(); + require_des(); + require_md(); + require_mgf(); + require_oids(); + require_pem(); + require_pss(); + require_rsa(); + require_util9(); + var asn1 = forge.asn1; + var pki2 = module2.exports = forge.pki = forge.pki || {}; + var oids = pki2.oids; + var _shortNames = {}; + _shortNames["CN"] = oids["commonName"]; + _shortNames["commonName"] = "CN"; + _shortNames["C"] = oids["countryName"]; + _shortNames["countryName"] = "C"; + _shortNames["L"] = oids["localityName"]; + _shortNames["localityName"] = "L"; + _shortNames["ST"] = oids["stateOrProvinceName"]; + _shortNames["stateOrProvinceName"] = "ST"; + _shortNames["O"] = oids["organizationName"]; + _shortNames["organizationName"] = "O"; + _shortNames["OU"] = oids["organizationalUnitName"]; + _shortNames["organizationalUnitName"] = "OU"; + _shortNames["E"] = oids["emailAddress"]; + _shortNames["emailAddress"] = "E"; + var publicKeyValidator = forge.pki.rsa.publicKeyValidator; + var x509CertificateValidator = { + name: "Certificate", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "Certificate.TBSCertificate", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + captureAsn1: "tbsCertificate", + value: [ + { + name: "Certificate.TBSCertificate.version", + tagClass: asn1.Class.CONTEXT_SPECIFIC, + type: 0, + constructed: true, + optional: true, + value: [{ + name: "Certificate.TBSCertificate.version.integer", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "certVersion" + }] + }, + { + name: "Certificate.TBSCertificate.serialNumber", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "certSerialNumber" + }, + { + name: "Certificate.TBSCertificate.signature", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "Certificate.TBSCertificate.signature.algorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "certinfoSignatureOid" + }, { + name: "Certificate.TBSCertificate.signature.parameters", + tagClass: asn1.Class.UNIVERSAL, + optional: true, + captureAsn1: "certinfoSignatureParams" + }] + }, + { + name: "Certificate.TBSCertificate.issuer", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + captureAsn1: "certIssuer" + }, + { + name: "Certificate.TBSCertificate.validity", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + // Note: UTC and generalized times may both appear so the capture + // names are based on their detected order, the names used below + // are only for the common case, which validity time really means + // "notBefore" and which means "notAfter" will be determined by order + value: [{ + // notBefore (Time) (UTC time case) + name: "Certificate.TBSCertificate.validity.notBefore (utc)", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.UTCTIME, + constructed: false, + optional: true, + capture: "certValidity1UTCTime" + }, { + // notBefore (Time) (generalized time case) + name: "Certificate.TBSCertificate.validity.notBefore (generalized)", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.GENERALIZEDTIME, + constructed: false, + optional: true, + capture: "certValidity2GeneralizedTime" + }, { + // notAfter (Time) (only UTC time is supported) + name: "Certificate.TBSCertificate.validity.notAfter (utc)", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.UTCTIME, + constructed: false, + optional: true, + capture: "certValidity3UTCTime" + }, { + // notAfter (Time) (only UTC time is supported) + name: "Certificate.TBSCertificate.validity.notAfter (generalized)", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.GENERALIZEDTIME, + constructed: false, + optional: true, + capture: "certValidity4GeneralizedTime" + }] + }, + { + // Name (subject) (RDNSequence) + name: "Certificate.TBSCertificate.subject", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + captureAsn1: "certSubject" + }, + // SubjectPublicKeyInfo + publicKeyValidator, + { + // issuerUniqueID (optional) + name: "Certificate.TBSCertificate.issuerUniqueID", + tagClass: asn1.Class.CONTEXT_SPECIFIC, + type: 1, + constructed: true, + optional: true, + value: [{ + name: "Certificate.TBSCertificate.issuerUniqueID.id", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.BITSTRING, + constructed: false, + // TODO: support arbitrary bit length ids + captureBitStringValue: "certIssuerUniqueId" + }] + }, + { + // subjectUniqueID (optional) + name: "Certificate.TBSCertificate.subjectUniqueID", + tagClass: asn1.Class.CONTEXT_SPECIFIC, + type: 2, + constructed: true, + optional: true, + value: [{ + name: "Certificate.TBSCertificate.subjectUniqueID.id", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.BITSTRING, + constructed: false, + // TODO: support arbitrary bit length ids + captureBitStringValue: "certSubjectUniqueId" + }] + }, + { + // Extensions (optional) + name: "Certificate.TBSCertificate.extensions", + tagClass: asn1.Class.CONTEXT_SPECIFIC, + type: 3, + constructed: true, + captureAsn1: "certExtensions", + optional: true + } + ] + }, { + // AlgorithmIdentifier (signature algorithm) + name: "Certificate.signatureAlgorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + // algorithm + name: "Certificate.signatureAlgorithm.algorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "certSignatureOid" + }, { + name: "Certificate.TBSCertificate.signature.parameters", + tagClass: asn1.Class.UNIVERSAL, + optional: true, + captureAsn1: "certSignatureParams" + }] + }, { + // SignatureValue + name: "Certificate.signatureValue", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.BITSTRING, + constructed: false, + captureBitStringValue: "certSignature" + }] + }; + var rsassaPssParameterValidator = { + name: "rsapss", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "rsapss.hashAlgorithm", + tagClass: asn1.Class.CONTEXT_SPECIFIC, + type: 0, + constructed: true, + value: [{ + name: "rsapss.hashAlgorithm.AlgorithmIdentifier", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Class.SEQUENCE, + constructed: true, + optional: true, + value: [{ + name: "rsapss.hashAlgorithm.AlgorithmIdentifier.algorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "hashOid" + /* parameter block omitted, for SHA1 NULL anyhow. */ + }] + }] + }, { + name: "rsapss.maskGenAlgorithm", + tagClass: asn1.Class.CONTEXT_SPECIFIC, + type: 1, + constructed: true, + value: [{ + name: "rsapss.maskGenAlgorithm.AlgorithmIdentifier", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Class.SEQUENCE, + constructed: true, + optional: true, + value: [{ + name: "rsapss.maskGenAlgorithm.AlgorithmIdentifier.algorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "maskGenOid" + }, { + name: "rsapss.maskGenAlgorithm.AlgorithmIdentifier.params", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "rsapss.maskGenAlgorithm.AlgorithmIdentifier.params.algorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "maskGenHashOid" + /* parameter block omitted, for SHA1 NULL anyhow. */ + }] + }] + }] + }, { + name: "rsapss.saltLength", + tagClass: asn1.Class.CONTEXT_SPECIFIC, + type: 2, + optional: true, + value: [{ + name: "rsapss.saltLength.saltLength", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Class.INTEGER, + constructed: false, + capture: "saltLength" + }] + }, { + name: "rsapss.trailerField", + tagClass: asn1.Class.CONTEXT_SPECIFIC, + type: 3, + optional: true, + value: [{ + name: "rsapss.trailer.trailer", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Class.INTEGER, + constructed: false, + capture: "trailer" + }] + }] + }; + var certificationRequestInfoValidator = { + name: "CertificationRequestInfo", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + captureAsn1: "certificationRequestInfo", + value: [ + { + name: "CertificationRequestInfo.integer", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "certificationRequestInfoVersion" + }, + { + // Name (subject) (RDNSequence) + name: "CertificationRequestInfo.subject", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + captureAsn1: "certificationRequestInfoSubject" + }, + // SubjectPublicKeyInfo + publicKeyValidator, + { + name: "CertificationRequestInfo.attributes", + tagClass: asn1.Class.CONTEXT_SPECIFIC, + type: 0, + constructed: true, + optional: true, + capture: "certificationRequestInfoAttributes", + value: [{ + name: "CertificationRequestInfo.attributes", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "CertificationRequestInfo.attributes.type", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false + }, { + name: "CertificationRequestInfo.attributes.value", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SET, + constructed: true + }] + }] + } + ] + }; + var certificationRequestValidator = { + name: "CertificationRequest", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + captureAsn1: "csr", + value: [ + certificationRequestInfoValidator, + { + // AlgorithmIdentifier (signature algorithm) + name: "CertificationRequest.signatureAlgorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + // algorithm + name: "CertificationRequest.signatureAlgorithm.algorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "csrSignatureOid" + }, { + name: "CertificationRequest.signatureAlgorithm.parameters", + tagClass: asn1.Class.UNIVERSAL, + optional: true, + captureAsn1: "csrSignatureParams" + }] + }, + { + // signature + name: "CertificationRequest.signature", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.BITSTRING, + constructed: false, + captureBitStringValue: "csrSignature" + } + ] + }; + pki2.RDNAttributesAsArray = function(rdn, md) { + var rval = []; + var set2, attr, obj; + for (var si = 0; si < rdn.value.length; ++si) { + set2 = rdn.value[si]; + for (var i = 0; i < set2.value.length; ++i) { + obj = {}; + attr = set2.value[i]; + obj.type = asn1.derToOid(attr.value[0].value); + obj.value = attr.value[1].value; + obj.valueTagClass = attr.value[1].type; + if (obj.type in oids) { + obj.name = oids[obj.type]; + if (obj.name in _shortNames) { + obj.shortName = _shortNames[obj.name]; + } + } + if (md) { + md.update(obj.type); + md.update(obj.value); } + rval.push(obj); } } - var state = pki2.rsa.createKeyPairGenerationState(bits, e, options); - if (!callback) { - pki2.rsa.stepKeyPairGenerationState(state, 0); - return state.keys; - } - _generateKeyPair(state, options, callback); + return rval; }; - pki2.setRsaPublicKey = pki2.rsa.setPublicKey = function(n, e) { - var key = { - n, - e - }; - key.encrypt = function(data, scheme, schemeOptions) { - if (typeof scheme === "string") { - scheme = scheme.toUpperCase(); - } else if (scheme === void 0) { - scheme = "RSAES-PKCS1-V1_5"; - } - if (scheme === "RSAES-PKCS1-V1_5") { - scheme = { - encode: function(m, key2, pub) { - return _encodePkcs1_v1_5(m, key2, 2).getBytes(); + pki2.CRIAttributesAsArray = function(attributes) { + var rval = []; + for (var si = 0; si < attributes.length; ++si) { + var seq2 = attributes[si]; + var type2 = asn1.derToOid(seq2.value[0].value); + var values = seq2.value[1].value; + for (var vi = 0; vi < values.length; ++vi) { + var obj = {}; + obj.type = type2; + obj.value = values[vi].value; + obj.valueTagClass = values[vi].type; + if (obj.type in oids) { + obj.name = oids[obj.type]; + if (obj.name in _shortNames) { + obj.shortName = _shortNames[obj.name]; } - }; - } else if (scheme === "RSA-OAEP" || scheme === "RSAES-OAEP") { - scheme = { - encode: function(m, key2) { - return forge.pkcs1.encode_rsa_oaep(key2, m, schemeOptions); + } + if (obj.type === oids.extensionRequest) { + obj.extensions = []; + for (var ei = 0; ei < obj.value.length; ++ei) { + obj.extensions.push(pki2.certificateExtensionFromAsn1(obj.value[ei])); } - }; - } else if (["RAW", "NONE", "NULL", null].indexOf(scheme) !== -1) { - scheme = { encode: function(e3) { - return e3; - } }; - } else if (typeof scheme === "string") { - throw new Error('Unsupported encryption scheme: "' + scheme + '".'); - } - var e2 = scheme.encode(data, key, true); - return pki2.rsa.encrypt(e2, key, true); - }; - key.verify = function(digest, signature, scheme, options) { - if (typeof scheme === "string") { - scheme = scheme.toUpperCase(); - } else if (scheme === void 0) { - scheme = "RSASSA-PKCS1-V1_5"; + } + rval.push(obj); } - if (options === void 0) { - options = { - _parseAllDigestBytes: true - }; - } - if (!("_parseAllDigestBytes" in options)) { - options._parseAllDigestBytes = true; - } - if (scheme === "RSASSA-PKCS1-V1_5") { - scheme = { - verify: function(digest2, d2) { - d2 = _decodePkcs1_v1_5(d2, key, true); - var obj = asn1.fromDer(d2, { - parseAllBytes: options._parseAllDigestBytes - }); - var capture = {}; - var errors = []; - if (!asn1.validate(obj, digestInfoValidator, capture, errors)) { - var error3 = new Error( - "ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 DigestInfo value." - ); - error3.errors = errors; - throw error3; - } - var oid = asn1.derToOid(capture.algorithmIdentifier); - if (!(oid === forge.oids.md2 || oid === forge.oids.md5 || oid === forge.oids.sha1 || oid === forge.oids.sha224 || oid === forge.oids.sha256 || oid === forge.oids.sha384 || oid === forge.oids.sha512 || oid === forge.oids["sha512-224"] || oid === forge.oids["sha512-256"])) { - var error3 = new Error( - "Unknown RSASSA-PKCS1-v1_5 DigestAlgorithm identifier." - ); - error3.oid = oid; - throw error3; - } - if (oid === forge.oids.md2 || oid === forge.oids.md5) { - if (!("parameters" in capture)) { - throw new Error( - "ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 DigestInfo value. Missing algorithm identifier NULL parameters." - ); - } - } - return digest2 === capture.digest; - } - }; - } else if (scheme === "NONE" || scheme === "NULL" || scheme === null) { - scheme = { - verify: function(digest2, d2) { - d2 = _decodePkcs1_v1_5(d2, key, true); - return digest2 === d2; - } - }; - } - var d = pki2.rsa.decrypt(signature, key, true, false); - return scheme.verify(digest, d, key.n.bitLength()); - }; - return key; + } + return rval; }; - pki2.setRsaPrivateKey = pki2.rsa.setPrivateKey = function(n, e, d, p, q, dP, dQ, qInv) { - var key = { - n, - e, - d, - p, - q, - dP, - dQ, - qInv - }; - key.decrypt = function(data, scheme, schemeOptions) { - if (typeof scheme === "string") { - scheme = scheme.toUpperCase(); - } else if (scheme === void 0) { - scheme = "RSAES-PKCS1-V1_5"; + function _getAttribute(obj, options) { + if (typeof options === "string") { + options = { shortName: options }; + } + var rval = null; + var attr; + for (var i = 0; rval === null && i < obj.attributes.length; ++i) { + attr = obj.attributes[i]; + if (options.type && options.type === attr.type) { + rval = attr; + } else if (options.name && options.name === attr.name) { + rval = attr; + } else if (options.shortName && options.shortName === attr.shortName) { + rval = attr; } - var d2 = pki2.rsa.decrypt(data, key, false, false); - if (scheme === "RSAES-PKCS1-V1_5") { - scheme = { decode: _decodePkcs1_v1_5 }; - } else if (scheme === "RSA-OAEP" || scheme === "RSAES-OAEP") { - scheme = { - decode: function(d3, key2) { - return forge.pkcs1.decode_rsa_oaep(key2, d3, schemeOptions); + } + return rval; + } + var _readSignatureParameters = function(oid, obj, fillDefaults) { + var params = {}; + if (oid !== oids["RSASSA-PSS"]) { + return params; + } + if (fillDefaults) { + params = { + hash: { + algorithmOid: oids["sha1"] + }, + mgf: { + algorithmOid: oids["mgf1"], + hash: { + algorithmOid: oids["sha1"] } - }; - } else if (["RAW", "NONE", "NULL", null].indexOf(scheme) !== -1) { - scheme = { decode: function(d3) { - return d3; - } }; - } else { - throw new Error('Unsupported encryption scheme: "' + scheme + '".'); - } - return scheme.decode(d2, key, false); - }; - key.sign = function(md, scheme) { - var bt = false; - if (typeof scheme === "string") { - scheme = scheme.toUpperCase(); - } - if (scheme === void 0 || scheme === "RSASSA-PKCS1-V1_5") { - scheme = { encode: emsaPkcs1v15encode }; - bt = 1; - } else if (scheme === "NONE" || scheme === "NULL" || scheme === null) { - scheme = { encode: function() { - return md; - } }; - bt = 1; - } - var d2 = scheme.encode(md, key.n.bitLength()); - return pki2.rsa.encrypt(d2, key, bt); - }; - return key; - }; - pki2.wrapRsaPrivateKey = function(rsaKey) { - return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // version (0) - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.INTEGER, - false, - asn1.integerToDer(0).getBytes() - ), - // privateKeyAlgorithm - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(pki2.oids.rsaEncryption).getBytes() - ), - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, "") - ]), - // PrivateKey - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OCTETSTRING, - false, - asn1.toDer(rsaKey).getBytes() - ) - ]); - }; - pki2.privateKeyFromAsn1 = function(obj) { + }, + saltLength: 20 + }; + } var capture = {}; var errors = []; - if (asn1.validate(obj, privateKeyValidator, capture, errors)) { - obj = asn1.fromDer(forge.util.createBuffer(capture.privateKey)); - } - capture = {}; - errors = []; - if (!asn1.validate(obj, rsaPrivateKeyValidator, capture, errors)) { - var error3 = new Error("Cannot read private key. ASN.1 object does not contain an RSAPrivateKey."); + if (!asn1.validate(obj, rsassaPssParameterValidator, capture, errors)) { + var error3 = new Error("Cannot read RSASSA-PSS parameter block."); error3.errors = errors; throw error3; } - var n, e, d, p, q, dP, dQ, qInv; - n = forge.util.createBuffer(capture.privateKeyModulus).toHex(); - e = forge.util.createBuffer(capture.privateKeyPublicExponent).toHex(); - d = forge.util.createBuffer(capture.privateKeyPrivateExponent).toHex(); - p = forge.util.createBuffer(capture.privateKeyPrime1).toHex(); - q = forge.util.createBuffer(capture.privateKeyPrime2).toHex(); - dP = forge.util.createBuffer(capture.privateKeyExponent1).toHex(); - dQ = forge.util.createBuffer(capture.privateKeyExponent2).toHex(); - qInv = forge.util.createBuffer(capture.privateKeyCoefficient).toHex(); - return pki2.setRsaPrivateKey( - new BigInteger(n, 16), - new BigInteger(e, 16), - new BigInteger(d, 16), - new BigInteger(p, 16), - new BigInteger(q, 16), - new BigInteger(dP, 16), - new BigInteger(dQ, 16), - new BigInteger(qInv, 16) - ); - }; - pki2.privateKeyToAsn1 = pki2.privateKeyToRSAPrivateKey = function(key) { - return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // version (0 = only 2 primes, 1 multiple primes) - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.INTEGER, - false, - asn1.integerToDer(0).getBytes() - ), - // modulus (n) - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.INTEGER, - false, - _bnToBytes(key.n) - ), - // publicExponent (e) - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.INTEGER, - false, - _bnToBytes(key.e) - ), - // privateExponent (d) - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.INTEGER, - false, - _bnToBytes(key.d) - ), - // privateKeyPrime1 (p) - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.INTEGER, - false, - _bnToBytes(key.p) - ), - // privateKeyPrime2 (q) - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.INTEGER, - false, - _bnToBytes(key.q) - ), - // privateKeyExponent1 (dP) - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.INTEGER, - false, - _bnToBytes(key.dP) - ), - // privateKeyExponent2 (dQ) - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.INTEGER, - false, - _bnToBytes(key.dQ) - ), - // coefficient (qInv) - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.INTEGER, - false, - _bnToBytes(key.qInv) - ) - ]); + if (capture.hashOid !== void 0) { + params.hash = params.hash || {}; + params.hash.algorithmOid = asn1.derToOid(capture.hashOid); + } + if (capture.maskGenOid !== void 0) { + params.mgf = params.mgf || {}; + params.mgf.algorithmOid = asn1.derToOid(capture.maskGenOid); + params.mgf.hash = params.mgf.hash || {}; + params.mgf.hash.algorithmOid = asn1.derToOid(capture.maskGenHashOid); + } + if (capture.saltLength !== void 0) { + params.saltLength = capture.saltLength.charCodeAt(0); + } + return params; }; - pki2.publicKeyFromAsn1 = function(obj) { - var capture = {}; - var errors = []; - if (asn1.validate(obj, publicKeyValidator, capture, errors)) { - var oid = asn1.derToOid(capture.publicKeyOid); - if (oid !== pki2.oids.rsaEncryption) { - var error3 = new Error("Cannot read public key. Unknown OID."); - error3.oid = oid; + var _createSignatureDigest = function(options) { + switch (oids[options.signatureOid]) { + case "sha1WithRSAEncryption": + // deprecated alias + case "sha1WithRSASignature": + return forge.md.sha1.create(); + case "md5WithRSAEncryption": + return forge.md.md5.create(); + case "sha256WithRSAEncryption": + return forge.md.sha256.create(); + case "sha384WithRSAEncryption": + return forge.md.sha384.create(); + case "sha512WithRSAEncryption": + return forge.md.sha512.create(); + case "RSASSA-PSS": + return forge.md.sha256.create(); + default: + var error3 = new Error( + "Could not compute " + options.type + " digest. Unknown signature OID." + ); + error3.signatureOid = options.signatureOid; throw error3; - } - obj = capture.rsaPublicKey; } - errors = []; - if (!asn1.validate(obj, rsaPublicKeyValidator, capture, errors)) { - var error3 = new Error("Cannot read public key. ASN.1 object does not contain an RSAPublicKey."); - error3.errors = errors; - throw error3; + }; + var _verifySignature = function(options) { + var cert = options.certificate; + var scheme; + switch (cert.signatureOid) { + case oids.sha1WithRSAEncryption: + // deprecated alias + case oids.sha1WithRSASignature: + break; + case oids["RSASSA-PSS"]: + var hash, mgf; + hash = oids[cert.signatureParameters.mgf.hash.algorithmOid]; + if (hash === void 0 || forge.md[hash] === void 0) { + var error3 = new Error("Unsupported MGF hash function."); + error3.oid = cert.signatureParameters.mgf.hash.algorithmOid; + error3.name = hash; + throw error3; + } + mgf = oids[cert.signatureParameters.mgf.algorithmOid]; + if (mgf === void 0 || forge.mgf[mgf] === void 0) { + var error3 = new Error("Unsupported MGF function."); + error3.oid = cert.signatureParameters.mgf.algorithmOid; + error3.name = mgf; + throw error3; + } + mgf = forge.mgf[mgf].create(forge.md[hash].create()); + hash = oids[cert.signatureParameters.hash.algorithmOid]; + if (hash === void 0 || forge.md[hash] === void 0) { + var error3 = new Error("Unsupported RSASSA-PSS hash function."); + error3.oid = cert.signatureParameters.hash.algorithmOid; + error3.name = hash; + throw error3; + } + scheme = forge.pss.create( + forge.md[hash].create(), + mgf, + cert.signatureParameters.saltLength + ); + break; } - var n = forge.util.createBuffer(capture.publicKeyModulus).toHex(); - var e = forge.util.createBuffer(capture.publicKeyExponent).toHex(); - return pki2.setRsaPublicKey( - new BigInteger(n, 16), - new BigInteger(e, 16) + return cert.publicKey.verify( + options.md.digest().getBytes(), + options.signature, + scheme ); }; - pki2.publicKeyToAsn1 = pki2.publicKeyToSubjectPublicKeyInfo = function(key) { - return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // AlgorithmIdentifier - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // algorithm - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(pki2.oids.rsaEncryption).getBytes() - ), - // parameters (null) - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, "") - ]), - // subjectPublicKey - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, [ - pki2.publicKeyToRSAPublicKey(key) - ]) - ]); + pki2.certificateFromPem = function(pem, computeHash, strict) { + var msg = forge.pem.decode(pem)[0]; + if (msg.type !== "CERTIFICATE" && msg.type !== "X509 CERTIFICATE" && msg.type !== "TRUSTED CERTIFICATE") { + var error3 = new Error( + 'Could not convert certificate from PEM; PEM header type is not "CERTIFICATE", "X509 CERTIFICATE", or "TRUSTED CERTIFICATE".' + ); + error3.headerType = msg.type; + throw error3; + } + if (msg.procType && msg.procType.type === "ENCRYPTED") { + throw new Error( + "Could not convert certificate from PEM; PEM is encrypted." + ); + } + var obj = asn1.fromDer(msg.body, strict); + return pki2.certificateFromAsn1(obj, computeHash); }; - pki2.publicKeyToRSAPublicKey = function(key) { - return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // modulus (n) - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.INTEGER, - false, - _bnToBytes(key.n) - ), - // publicExponent (e) - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.INTEGER, - false, - _bnToBytes(key.e) - ) - ]); + pki2.certificateToPem = function(cert, maxline) { + var msg = { + type: "CERTIFICATE", + body: asn1.toDer(pki2.certificateToAsn1(cert)).getBytes() + }; + return forge.pem.encode(msg, { maxline }); }; - function _encodePkcs1_v1_5(m, key, bt) { - var eb = forge.util.createBuffer(); - var k = Math.ceil(key.n.bitLength() / 8); - if (m.length > k - 11) { - var error3 = new Error("Message is too long for PKCS#1 v1.5 padding."); - error3.length = m.length; - error3.max = k - 11; + pki2.publicKeyFromPem = function(pem) { + var msg = forge.pem.decode(pem)[0]; + if (msg.type !== "PUBLIC KEY" && msg.type !== "RSA PUBLIC KEY") { + var error3 = new Error('Could not convert public key from PEM; PEM header type is not "PUBLIC KEY" or "RSA PUBLIC KEY".'); + error3.headerType = msg.type; throw error3; } - eb.putByte(0); - eb.putByte(bt); - var padNum = k - 3 - m.length; - var padByte; - if (bt === 0 || bt === 1) { - padByte = bt === 0 ? 0 : 255; - for (var i = 0; i < padNum; ++i) { - eb.putByte(padByte); - } - } else { - while (padNum > 0) { - var numZeros = 0; - var padBytes = forge.random.getBytes(padNum); - for (var i = 0; i < padNum; ++i) { - padByte = padBytes.charCodeAt(i); - if (padByte === 0) { - ++numZeros; - } else { - eb.putByte(padByte); - } - } - padNum = numZeros; - } + if (msg.procType && msg.procType.type === "ENCRYPTED") { + throw new Error("Could not convert public key from PEM; PEM is encrypted."); } - eb.putByte(0); - eb.putBytes(m); - return eb; - } - function _decodePkcs1_v1_5(em, key, pub, ml) { - var k = Math.ceil(key.n.bitLength() / 8); - var eb = forge.util.createBuffer(em); - var first = eb.getByte(); - var bt = eb.getByte(); - if (first !== 0 || pub && bt !== 0 && bt !== 1 || !pub && bt != 2 || pub && bt === 0 && typeof ml === "undefined") { - throw new Error("Encryption block is invalid."); + var obj = asn1.fromDer(msg.body); + return pki2.publicKeyFromAsn1(obj); + }; + pki2.publicKeyToPem = function(key, maxline) { + var msg = { + type: "PUBLIC KEY", + body: asn1.toDer(pki2.publicKeyToAsn1(key)).getBytes() + }; + return forge.pem.encode(msg, { maxline }); + }; + pki2.publicKeyToRSAPublicKeyPem = function(key, maxline) { + var msg = { + type: "RSA PUBLIC KEY", + body: asn1.toDer(pki2.publicKeyToRSAPublicKey(key)).getBytes() + }; + return forge.pem.encode(msg, { maxline }); + }; + pki2.getPublicKeyFingerprint = function(key, options) { + options = options || {}; + var md = options.md || forge.md.sha1.create(); + var type2 = options.type || "RSAPublicKey"; + var bytes; + switch (type2) { + case "RSAPublicKey": + bytes = asn1.toDer(pki2.publicKeyToRSAPublicKey(key)).getBytes(); + break; + case "SubjectPublicKeyInfo": + bytes = asn1.toDer(pki2.publicKeyToAsn1(key)).getBytes(); + break; + default: + throw new Error('Unknown fingerprint type "' + options.type + '".'); } - var padNum = 0; - if (bt === 0) { - padNum = k - 3 - ml; - for (var i = 0; i < padNum; ++i) { - if (eb.getByte() !== 0) { - throw new Error("Encryption block is invalid."); - } - } - } else if (bt === 1) { - padNum = 0; - while (eb.length() > 1) { - if (eb.getByte() !== 255) { - --eb.read; - break; - } - ++padNum; - } - } else if (bt === 2) { - padNum = 0; - while (eb.length() > 1) { - if (eb.getByte() === 0) { - --eb.read; - break; - } - ++padNum; + md.start(); + md.update(bytes); + var digest = md.digest(); + if (options.encoding === "hex") { + var hex = digest.toHex(); + if (options.delimiter) { + return hex.match(/.{2}/g).join(options.delimiter); } + return hex; + } else if (options.encoding === "binary") { + return digest.getBytes(); + } else if (options.encoding) { + throw new Error('Unknown encoding "' + options.encoding + '".'); } - var zero = eb.getByte(); - if (zero !== 0 || padNum !== k - 3 - eb.length()) { - throw new Error("Encryption block is invalid."); + return digest; + }; + pki2.certificationRequestFromPem = function(pem, computeHash, strict) { + var msg = forge.pem.decode(pem)[0]; + if (msg.type !== "CERTIFICATE REQUEST") { + var error3 = new Error('Could not convert certification request from PEM; PEM header type is not "CERTIFICATE REQUEST".'); + error3.headerType = msg.type; + throw error3; } - return eb.getBytes(); - } - function _generateKeyPair(state, options, callback) { - if (typeof options === "function") { - callback = options; - options = {}; + if (msg.procType && msg.procType.type === "ENCRYPTED") { + throw new Error("Could not convert certification request from PEM; PEM is encrypted."); } - options = options || {}; - var opts = { - algorithm: { - name: options.algorithm || "PRIMEINC", - options: { - workers: options.workers || 2, - workLoad: options.workLoad || 100, - workerScript: options.workerScript - } + var obj = asn1.fromDer(msg.body, strict); + return pki2.certificationRequestFromAsn1(obj, computeHash); + }; + pki2.certificationRequestToPem = function(csr, maxline) { + var msg = { + type: "CERTIFICATE REQUEST", + body: asn1.toDer(pki2.certificationRequestToAsn1(csr)).getBytes() + }; + return forge.pem.encode(msg, { maxline }); + }; + pki2.createCertificate = function() { + var cert = {}; + cert.version = 2; + cert.serialNumber = "00"; + cert.signatureOid = null; + cert.signature = null; + cert.siginfo = {}; + cert.siginfo.algorithmOid = null; + cert.validity = {}; + cert.validity.notBefore = /* @__PURE__ */ new Date(); + cert.validity.notAfter = /* @__PURE__ */ new Date(); + cert.issuer = {}; + cert.issuer.getField = function(sn) { + return _getAttribute(cert.issuer, sn); + }; + cert.issuer.addField = function(attr) { + _fillMissingFields([attr]); + cert.issuer.attributes.push(attr); + }; + cert.issuer.attributes = []; + cert.issuer.hash = null; + cert.subject = {}; + cert.subject.getField = function(sn) { + return _getAttribute(cert.subject, sn); + }; + cert.subject.addField = function(attr) { + _fillMissingFields([attr]); + cert.subject.attributes.push(attr); + }; + cert.subject.attributes = []; + cert.subject.hash = null; + cert.extensions = []; + cert.publicKey = null; + cert.md = null; + cert.setSubject = function(attrs, uniqueId) { + _fillMissingFields(attrs); + cert.subject.attributes = attrs; + delete cert.subject.uniqueId; + if (uniqueId) { + cert.subject.uniqueId = uniqueId; } + cert.subject.hash = null; }; - if ("prng" in options) { - opts.prng = options.prng; - } - generate(); - function generate() { - getPrime(state.pBits, function(err, num) { - if (err) { - return callback(err); - } - state.p = num; - if (state.q !== null) { - return finish(err, state.q); + cert.setIssuer = function(attrs, uniqueId) { + _fillMissingFields(attrs); + cert.issuer.attributes = attrs; + delete cert.issuer.uniqueId; + if (uniqueId) { + cert.issuer.uniqueId = uniqueId; + } + cert.issuer.hash = null; + }; + cert.setExtensions = function(exts) { + for (var i = 0; i < exts.length; ++i) { + _fillMissingExtensionFields(exts[i], { cert }); + } + cert.extensions = exts; + }; + cert.getExtension = function(options) { + if (typeof options === "string") { + options = { name: options }; + } + var rval = null; + var ext; + for (var i = 0; rval === null && i < cert.extensions.length; ++i) { + ext = cert.extensions[i]; + if (options.id && ext.id === options.id) { + rval = ext; + } else if (options.name && ext.name === options.name) { + rval = ext; } - getPrime(state.qBits, finish); - }); - } - function getPrime(bits, callback2) { - forge.prime.generateProbablePrime(bits, opts, callback2); - } - function finish(err, num) { - if (err) { - return callback(err); } - state.q = num; - if (state.p.compareTo(state.q) < 0) { - var tmp = state.p; - state.p = state.q; - state.q = tmp; + return rval; + }; + cert.sign = function(key, md) { + cert.md = md || forge.md.sha1.create(); + var algorithmOid = oids[cert.md.algorithm + "WithRSAEncryption"]; + if (!algorithmOid) { + var error3 = new Error("Could not compute certificate digest. Unknown message digest algorithm OID."); + error3.algorithm = cert.md.algorithm; + throw error3; } - if (state.p.subtract(BigInteger.ONE).gcd(state.e).compareTo(BigInteger.ONE) !== 0) { - state.p = null; - generate(); - return; + cert.signatureOid = cert.siginfo.algorithmOid = algorithmOid; + cert.tbsCertificate = pki2.getTBSCertificate(cert); + var bytes = asn1.toDer(cert.tbsCertificate); + cert.md.update(bytes.getBytes()); + cert.signature = key.sign(cert.md); + }; + cert.verify = function(child) { + var rval = false; + if (!cert.issued(child)) { + var issuer = child.issuer; + var subject = cert.subject; + var error3 = new Error( + "The parent certificate did not issue the given child certificate; the child certificate's issuer does not match the parent's subject." + ); + error3.expectedIssuer = subject.attributes; + error3.actualIssuer = issuer.attributes; + throw error3; } - if (state.q.subtract(BigInteger.ONE).gcd(state.e).compareTo(BigInteger.ONE) !== 0) { - state.q = null; - getPrime(state.qBits, finish); - return; + var md = child.md; + if (md === null) { + md = _createSignatureDigest({ + signatureOid: child.signatureOid, + type: "certificate" + }); + var tbsCertificate = child.tbsCertificate || pki2.getTBSCertificate(child); + var bytes = asn1.toDer(tbsCertificate); + md.update(bytes.getBytes()); } - state.p1 = state.p.subtract(BigInteger.ONE); - state.q1 = state.q.subtract(BigInteger.ONE); - state.phi = state.p1.multiply(state.q1); - if (state.phi.gcd(state.e).compareTo(BigInteger.ONE) !== 0) { - state.p = state.q = null; - generate(); - return; + if (md !== null) { + rval = _verifySignature({ + certificate: cert, + md, + signature: child.signature + }); } - state.n = state.p.multiply(state.q); - if (state.n.bitLength() !== state.bits) { - state.q = null; - getPrime(state.qBits, finish); - return; + return rval; + }; + cert.isIssuer = function(parent) { + var rval = false; + var i = cert.issuer; + var s = parent.subject; + if (i.hash && s.hash) { + rval = i.hash === s.hash; + } else if (i.attributes.length === s.attributes.length) { + rval = true; + var iattr, sattr; + for (var n = 0; rval && n < i.attributes.length; ++n) { + iattr = i.attributes[n]; + sattr = s.attributes[n]; + if (iattr.type !== sattr.type || iattr.value !== sattr.value) { + rval = false; + } + } } - var d = state.e.modInverse(state.phi); - state.keys = { - privateKey: pki2.rsa.setPrivateKey( - state.n, - state.e, - d, - state.p, - state.q, - d.mod(state.p1), - d.mod(state.q1), - state.q.modInverse(state.p) - ), - publicKey: pki2.rsa.setPublicKey(state.n, state.e) - }; - callback(null, state.keys); + return rval; + }; + cert.issued = function(child) { + return child.isIssuer(cert); + }; + cert.generateSubjectKeyIdentifier = function() { + return pki2.getPublicKeyFingerprint(cert.publicKey, { type: "RSAPublicKey" }); + }; + cert.verifySubjectKeyIdentifier = function() { + var oid = oids["subjectKeyIdentifier"]; + for (var i = 0; i < cert.extensions.length; ++i) { + var ext = cert.extensions[i]; + if (ext.id === oid) { + var ski = cert.generateSubjectKeyIdentifier().getBytes(); + return forge.util.hexToBytes(ext.subjectKeyIdentifier) === ski; + } + } + return false; + }; + return cert; + }; + pki2.certificateFromAsn1 = function(obj, computeHash) { + var capture = {}; + var errors = []; + if (!asn1.validate(obj, x509CertificateValidator, capture, errors)) { + var error3 = new Error("Cannot read X.509 certificate. ASN.1 object is not an X509v3 Certificate."); + error3.errors = errors; + throw error3; } - } - function _bnToBytes(b) { - var hex = b.toString(16); - if (hex[0] >= "8") { - hex = "00" + hex; + var oid = asn1.derToOid(capture.publicKeyOid); + if (oid !== pki2.oids.rsaEncryption) { + throw new Error("Cannot read public key. OID is not RSA."); } - var bytes = forge.util.hexToBytes(hex); - if (bytes.length > 1 && // leading 0x00 for positive integer - (bytes.charCodeAt(0) === 0 && (bytes.charCodeAt(1) & 128) === 0 || // leading 0xFF for negative integer - bytes.charCodeAt(0) === 255 && (bytes.charCodeAt(1) & 128) === 128)) { - return bytes.substr(1); + var cert = pki2.createCertificate(); + cert.version = capture.certVersion ? capture.certVersion.charCodeAt(0) : 0; + var serial = forge.util.createBuffer(capture.certSerialNumber); + cert.serialNumber = serial.toHex(); + cert.signatureOid = forge.asn1.derToOid(capture.certSignatureOid); + cert.signatureParameters = _readSignatureParameters( + cert.signatureOid, + capture.certSignatureParams, + true + ); + cert.siginfo.algorithmOid = forge.asn1.derToOid(capture.certinfoSignatureOid); + cert.siginfo.parameters = _readSignatureParameters( + cert.siginfo.algorithmOid, + capture.certinfoSignatureParams, + false + ); + cert.signature = capture.certSignature; + var validity = []; + if (capture.certValidity1UTCTime !== void 0) { + validity.push(asn1.utcTimeToDate(capture.certValidity1UTCTime)); } - return bytes; - } - function _getMillerRabinTests(bits) { - if (bits <= 100) return 27; - if (bits <= 150) return 18; - if (bits <= 200) return 15; - if (bits <= 250) return 12; - if (bits <= 300) return 9; - if (bits <= 350) return 8; - if (bits <= 400) return 7; - if (bits <= 500) return 6; - if (bits <= 600) return 5; - if (bits <= 800) return 4; - if (bits <= 1250) return 3; - return 2; - } - function _detectNodeCrypto(fn) { - return forge.util.isNodejs && typeof _crypto[fn] === "function"; - } - function _detectSubtleCrypto(fn) { - return typeof util.globalScope !== "undefined" && typeof util.globalScope.crypto === "object" && typeof util.globalScope.crypto.subtle === "object" && typeof util.globalScope.crypto.subtle[fn] === "function"; - } - function _detectSubtleMsCrypto(fn) { - return typeof util.globalScope !== "undefined" && typeof util.globalScope.msCrypto === "object" && typeof util.globalScope.msCrypto.subtle === "object" && typeof util.globalScope.msCrypto.subtle[fn] === "function"; - } - function _intToUint8Array(x) { - var bytes = forge.util.hexToBytes(x.toString(16)); - var buffer = new Uint8Array(bytes.length); - for (var i = 0; i < bytes.length; ++i) { - buffer[i] = bytes.charCodeAt(i); + if (capture.certValidity2GeneralizedTime !== void 0) { + validity.push(asn1.generalizedTimeToDate( + capture.certValidity2GeneralizedTime + )); } - return buffer; - } - } -}); - -// node_modules/node-forge/lib/pbe.js -var require_pbe = __commonJS({ - "node_modules/node-forge/lib/pbe.js"(exports2, module2) { - var forge = require_forge(); - require_aes(); - require_asn1(); - require_des(); - require_md(); - require_oids(); - require_pbkdf2(); - require_pem(); - require_random(); - require_rc2(); - require_rsa(); - require_util9(); - if (typeof BigInteger === "undefined") { - BigInteger = forge.jsbn.BigInteger; - } - var BigInteger; - var asn1 = forge.asn1; - var pki2 = forge.pki = forge.pki || {}; - module2.exports = pki2.pbe = forge.pbe = forge.pbe || {}; - var oids = pki2.oids; - var encryptedPrivateKeyValidator = { - name: "EncryptedPrivateKeyInfo", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "EncryptedPrivateKeyInfo.encryptionAlgorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "AlgorithmIdentifier.algorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "encryptionOid" - }, { - name: "AlgorithmIdentifier.parameters", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - captureAsn1: "encryptionParams" - }] - }, { - // encryptedData - name: "EncryptedPrivateKeyInfo.encryptedData", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OCTETSTRING, - constructed: false, - capture: "encryptedData" - }] + if (capture.certValidity3UTCTime !== void 0) { + validity.push(asn1.utcTimeToDate(capture.certValidity3UTCTime)); + } + if (capture.certValidity4GeneralizedTime !== void 0) { + validity.push(asn1.generalizedTimeToDate( + capture.certValidity4GeneralizedTime + )); + } + if (validity.length > 2) { + throw new Error("Cannot read notBefore/notAfter validity times; more than two times were provided in the certificate."); + } + if (validity.length < 2) { + throw new Error("Cannot read notBefore/notAfter validity times; they were not provided as either UTCTime or GeneralizedTime."); + } + cert.validity.notBefore = validity[0]; + cert.validity.notAfter = validity[1]; + cert.tbsCertificate = capture.tbsCertificate; + if (computeHash) { + cert.md = _createSignatureDigest({ + signatureOid: cert.signatureOid, + type: "certificate" + }); + var bytes = asn1.toDer(cert.tbsCertificate); + cert.md.update(bytes.getBytes()); + } + var imd = forge.md.sha1.create(); + var ibytes = asn1.toDer(capture.certIssuer); + imd.update(ibytes.getBytes()); + cert.issuer.getField = function(sn) { + return _getAttribute(cert.issuer, sn); + }; + cert.issuer.addField = function(attr) { + _fillMissingFields([attr]); + cert.issuer.attributes.push(attr); + }; + cert.issuer.attributes = pki2.RDNAttributesAsArray(capture.certIssuer); + if (capture.certIssuerUniqueId) { + cert.issuer.uniqueId = capture.certIssuerUniqueId; + } + cert.issuer.hash = imd.digest().toHex(); + var smd = forge.md.sha1.create(); + var sbytes = asn1.toDer(capture.certSubject); + smd.update(sbytes.getBytes()); + cert.subject.getField = function(sn) { + return _getAttribute(cert.subject, sn); + }; + cert.subject.addField = function(attr) { + _fillMissingFields([attr]); + cert.subject.attributes.push(attr); + }; + cert.subject.attributes = pki2.RDNAttributesAsArray(capture.certSubject); + if (capture.certSubjectUniqueId) { + cert.subject.uniqueId = capture.certSubjectUniqueId; + } + cert.subject.hash = smd.digest().toHex(); + if (capture.certExtensions) { + cert.extensions = pki2.certificateExtensionsFromAsn1(capture.certExtensions); + } else { + cert.extensions = []; + } + cert.publicKey = pki2.publicKeyFromAsn1(capture.subjectPublicKeyInfo); + return cert; }; - var PBES2AlgorithmsValidator = { - name: "PBES2Algorithms", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "PBES2Algorithms.keyDerivationFunc", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "PBES2Algorithms.keyDerivationFunc.oid", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "kdfOid" - }, { - name: "PBES2Algorithms.params", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "PBES2Algorithms.params.salt", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OCTETSTRING, - constructed: false, - capture: "kdfSalt" - }, { - name: "PBES2Algorithms.params.iterationCount", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "kdfIterationCount" - }, { - name: "PBES2Algorithms.params.keyLength", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - optional: true, - capture: "keyLength" - }, { - // prf - name: "PBES2Algorithms.params.prf", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - optional: true, - value: [{ - name: "PBES2Algorithms.params.prf.algorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "prfOid" - }] - }] - }] - }, { - name: "PBES2Algorithms.encryptionScheme", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "PBES2Algorithms.encryptionScheme.oid", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "encOid" - }, { - name: "PBES2Algorithms.encryptionScheme.iv", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OCTETSTRING, - constructed: false, - capture: "encIv" - }] - }] - }; - var pkcs12PbeParamsValidator = { - name: "pkcs-12PbeParams", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "pkcs-12PbeParams.salt", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OCTETSTRING, - constructed: false, - capture: "salt" - }, { - name: "pkcs-12PbeParams.iterations", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "iterations" - }] - }; - pki2.encryptPrivateKeyInfo = function(obj, password, options) { - options = options || {}; - options.saltSize = options.saltSize || 8; - options.count = options.count || 2048; - options.algorithm = options.algorithm || "aes128"; - options.prfAlgorithm = options.prfAlgorithm || "sha1"; - var salt = forge.random.getBytesSync(options.saltSize); - var count = options.count; - var countBytes = asn1.integerToDer(count); - var dkLen; - var encryptionAlgorithm; - var encryptedData; - if (options.algorithm.indexOf("aes") === 0 || options.algorithm === "des") { - var ivLen, encOid, cipherFn; - switch (options.algorithm) { - case "aes128": - dkLen = 16; - ivLen = 16; - encOid = oids["aes128-CBC"]; - cipherFn = forge.aes.createEncryptionCipher; - break; - case "aes192": - dkLen = 24; - ivLen = 16; - encOid = oids["aes192-CBC"]; - cipherFn = forge.aes.createEncryptionCipher; - break; - case "aes256": - dkLen = 32; - ivLen = 16; - encOid = oids["aes256-CBC"]; - cipherFn = forge.aes.createEncryptionCipher; - break; - case "des": - dkLen = 8; - ivLen = 8; - encOid = oids["desCBC"]; - cipherFn = forge.des.createEncryptionCipher; - break; - default: - var error3 = new Error("Cannot encrypt private key. Unknown encryption algorithm."); - error3.algorithm = options.algorithm; - throw error3; + pki2.certificateExtensionsFromAsn1 = function(exts) { + var rval = []; + for (var i = 0; i < exts.value.length; ++i) { + var extseq = exts.value[i]; + for (var ei = 0; ei < extseq.value.length; ++ei) { + rval.push(pki2.certificateExtensionFromAsn1(extseq.value[ei])); } - var prfAlgorithm = "hmacWith" + options.prfAlgorithm.toUpperCase(); - var md = prfAlgorithmToMessageDigest(prfAlgorithm); - var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen, md); - var iv = forge.random.getBytesSync(ivLen); - var cipher = cipherFn(dk); - cipher.start(iv); - cipher.update(asn1.toDer(obj)); - cipher.finish(); - encryptedData = cipher.output.getBytes(); - var params = createPbkdf2Params(salt, countBytes, dkLen, prfAlgorithm); - encryptionAlgorithm = asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.SEQUENCE, - true, - [ - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(oids["pkcs5PBES2"]).getBytes() - ), - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // keyDerivationFunc - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(oids["pkcs5PBKDF2"]).getBytes() - ), - // PBKDF2-params - params - ]), - // encryptionScheme - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(encOid).getBytes() - ), - // iv - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OCTETSTRING, - false, - iv - ) - ]) - ]) - ] - ); - } else if (options.algorithm === "3des") { - dkLen = 24; - var saltBytes = new forge.util.ByteBuffer(salt); - var dk = pki2.pbe.generatePkcs12Key(password, saltBytes, 1, count, dkLen); - var iv = pki2.pbe.generatePkcs12Key(password, saltBytes, 2, count, dkLen); - var cipher = forge.des.createEncryptionCipher(dk); - cipher.start(iv); - cipher.update(asn1.toDer(obj)); - cipher.finish(); - encryptedData = cipher.output.getBytes(); - encryptionAlgorithm = asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.SEQUENCE, - true, - [ - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(oids["pbeWithSHAAnd3-KeyTripleDES-CBC"]).getBytes() - ), - // pkcs-12PbeParams - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // salt - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, salt), - // iteration count - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.INTEGER, - false, - countBytes.getBytes() - ) - ]) - ] - ); - } else { - var error3 = new Error("Cannot encrypt private key. Unknown encryption algorithm."); - error3.algorithm = options.algorithm; - throw error3; } - var rval = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // encryptionAlgorithm - encryptionAlgorithm, - // encryptedData - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OCTETSTRING, - false, - encryptedData - ) - ]); return rval; }; - pki2.decryptPrivateKeyInfo = function(obj, password) { - var rval = null; + pki2.certificateExtensionFromAsn1 = function(ext) { + var e = {}; + e.id = asn1.derToOid(ext.value[0].value); + e.critical = false; + if (ext.value[1].type === asn1.Type.BOOLEAN) { + e.critical = ext.value[1].value.charCodeAt(0) !== 0; + e.value = ext.value[2].value; + } else { + e.value = ext.value[1].value; + } + if (e.id in oids) { + e.name = oids[e.id]; + if (e.name === "keyUsage") { + var ev = asn1.fromDer(e.value); + var b2 = 0; + var b3 = 0; + if (ev.value.length > 1) { + b2 = ev.value.charCodeAt(1); + b3 = ev.value.length > 2 ? ev.value.charCodeAt(2) : 0; + } + e.digitalSignature = (b2 & 128) === 128; + e.nonRepudiation = (b2 & 64) === 64; + e.keyEncipherment = (b2 & 32) === 32; + e.dataEncipherment = (b2 & 16) === 16; + e.keyAgreement = (b2 & 8) === 8; + e.keyCertSign = (b2 & 4) === 4; + e.cRLSign = (b2 & 2) === 2; + e.encipherOnly = (b2 & 1) === 1; + e.decipherOnly = (b3 & 128) === 128; + } else if (e.name === "basicConstraints") { + var ev = asn1.fromDer(e.value); + if (ev.value.length > 0 && ev.value[0].type === asn1.Type.BOOLEAN) { + e.cA = ev.value[0].value.charCodeAt(0) !== 0; + } else { + e.cA = false; + } + var value = null; + if (ev.value.length > 0 && ev.value[0].type === asn1.Type.INTEGER) { + value = ev.value[0].value; + } else if (ev.value.length > 1) { + value = ev.value[1].value; + } + if (value !== null) { + e.pathLenConstraint = asn1.derToInteger(value); + } + } else if (e.name === "extKeyUsage") { + var ev = asn1.fromDer(e.value); + for (var vi = 0; vi < ev.value.length; ++vi) { + var oid = asn1.derToOid(ev.value[vi].value); + if (oid in oids) { + e[oids[oid]] = true; + } else { + e[oid] = true; + } + } + } else if (e.name === "nsCertType") { + var ev = asn1.fromDer(e.value); + var b2 = 0; + if (ev.value.length > 1) { + b2 = ev.value.charCodeAt(1); + } + e.client = (b2 & 128) === 128; + e.server = (b2 & 64) === 64; + e.email = (b2 & 32) === 32; + e.objsign = (b2 & 16) === 16; + e.reserved = (b2 & 8) === 8; + e.sslCA = (b2 & 4) === 4; + e.emailCA = (b2 & 2) === 2; + e.objCA = (b2 & 1) === 1; + } else if (e.name === "subjectAltName" || e.name === "issuerAltName") { + e.altNames = []; + var gn; + var ev = asn1.fromDer(e.value); + for (var n = 0; n < ev.value.length; ++n) { + gn = ev.value[n]; + var altName = { + type: gn.type, + value: gn.value + }; + e.altNames.push(altName); + switch (gn.type) { + // rfc822Name + case 1: + // dNSName + case 2: + // uniformResourceIdentifier (URI) + case 6: + break; + // IPAddress + case 7: + altName.ip = forge.util.bytesToIP(gn.value); + break; + // registeredID + case 8: + altName.oid = asn1.derToOid(gn.value); + break; + default: + } + } + } else if (e.name === "subjectKeyIdentifier") { + var ev = asn1.fromDer(e.value); + e.subjectKeyIdentifier = forge.util.bytesToHex(ev.value); + } + } + return e; + }; + pki2.certificationRequestFromAsn1 = function(obj, computeHash) { var capture = {}; var errors = []; - if (!asn1.validate(obj, encryptedPrivateKeyValidator, capture, errors)) { - var error3 = new Error("Cannot read encrypted private key. ASN.1 object is not a supported EncryptedPrivateKeyInfo."); + if (!asn1.validate(obj, certificationRequestValidator, capture, errors)) { + var error3 = new Error("Cannot read PKCS#10 certificate request. ASN.1 object is not a PKCS#10 CertificationRequest."); error3.errors = errors; throw error3; } - var oid = asn1.derToOid(capture.encryptionOid); - var cipher = pki2.pbe.getCipher(oid, capture.encryptionParams, password); - var encrypted = forge.util.createBuffer(capture.encryptedData); - cipher.update(encrypted); - if (cipher.finish()) { - rval = asn1.fromDer(cipher.output); - } - return rval; - }; - pki2.encryptedPrivateKeyToPem = function(epki, maxline) { - var msg = { - type: "ENCRYPTED PRIVATE KEY", - body: asn1.toDer(epki).getBytes() - }; - return forge.pem.encode(msg, { maxline }); - }; - pki2.encryptedPrivateKeyFromPem = function(pem) { - var msg = forge.pem.decode(pem)[0]; - if (msg.type !== "ENCRYPTED PRIVATE KEY") { - var error3 = new Error('Could not convert encrypted private key from PEM; PEM header type is "ENCRYPTED PRIVATE KEY".'); - error3.headerType = msg.type; - throw error3; + var oid = asn1.derToOid(capture.publicKeyOid); + if (oid !== pki2.oids.rsaEncryption) { + throw new Error("Cannot read public key. OID is not RSA."); } - if (msg.procType && msg.procType.type === "ENCRYPTED") { - throw new Error("Could not convert encrypted private key from PEM; PEM is encrypted."); + var csr = pki2.createCertificationRequest(); + csr.version = capture.csrVersion ? capture.csrVersion.charCodeAt(0) : 0; + csr.signatureOid = forge.asn1.derToOid(capture.csrSignatureOid); + csr.signatureParameters = _readSignatureParameters( + csr.signatureOid, + capture.csrSignatureParams, + true + ); + csr.siginfo.algorithmOid = forge.asn1.derToOid(capture.csrSignatureOid); + csr.siginfo.parameters = _readSignatureParameters( + csr.siginfo.algorithmOid, + capture.csrSignatureParams, + false + ); + csr.signature = capture.csrSignature; + csr.certificationRequestInfo = capture.certificationRequestInfo; + if (computeHash) { + csr.md = _createSignatureDigest({ + signatureOid: csr.signatureOid, + type: "certification request" + }); + var bytes = asn1.toDer(csr.certificationRequestInfo); + csr.md.update(bytes.getBytes()); } - return asn1.fromDer(msg.body); + var smd = forge.md.sha1.create(); + csr.subject.getField = function(sn) { + return _getAttribute(csr.subject, sn); + }; + csr.subject.addField = function(attr) { + _fillMissingFields([attr]); + csr.subject.attributes.push(attr); + }; + csr.subject.attributes = pki2.RDNAttributesAsArray( + capture.certificationRequestInfoSubject, + smd + ); + csr.subject.hash = smd.digest().toHex(); + csr.publicKey = pki2.publicKeyFromAsn1(capture.subjectPublicKeyInfo); + csr.getAttribute = function(sn) { + return _getAttribute(csr, sn); + }; + csr.addAttribute = function(attr) { + _fillMissingFields([attr]); + csr.attributes.push(attr); + }; + csr.attributes = pki2.CRIAttributesAsArray( + capture.certificationRequestInfoAttributes || [] + ); + return csr; }; - pki2.encryptRsaPrivateKey = function(rsaKey, password, options) { - options = options || {}; - if (!options.legacy) { - var rval = pki2.wrapRsaPrivateKey(pki2.privateKeyToAsn1(rsaKey)); - rval = pki2.encryptPrivateKeyInfo(rval, password, options); - return pki2.encryptedPrivateKeyToPem(rval); - } - var algorithm; - var iv; - var dkLen; - var cipherFn; - switch (options.algorithm) { - case "aes128": - algorithm = "AES-128-CBC"; - dkLen = 16; - iv = forge.random.getBytesSync(16); - cipherFn = forge.aes.createEncryptionCipher; - break; - case "aes192": - algorithm = "AES-192-CBC"; - dkLen = 24; - iv = forge.random.getBytesSync(16); - cipherFn = forge.aes.createEncryptionCipher; - break; - case "aes256": - algorithm = "AES-256-CBC"; - dkLen = 32; - iv = forge.random.getBytesSync(16); - cipherFn = forge.aes.createEncryptionCipher; - break; - case "3des": - algorithm = "DES-EDE3-CBC"; - dkLen = 24; - iv = forge.random.getBytesSync(8); - cipherFn = forge.des.createEncryptionCipher; - break; - case "des": - algorithm = "DES-CBC"; - dkLen = 8; - iv = forge.random.getBytesSync(8); - cipherFn = forge.des.createEncryptionCipher; - break; - default: - var error3 = new Error('Could not encrypt RSA private key; unsupported encryption algorithm "' + options.algorithm + '".'); - error3.algorithm = options.algorithm; + pki2.createCertificationRequest = function() { + var csr = {}; + csr.version = 0; + csr.signatureOid = null; + csr.signature = null; + csr.siginfo = {}; + csr.siginfo.algorithmOid = null; + csr.subject = {}; + csr.subject.getField = function(sn) { + return _getAttribute(csr.subject, sn); + }; + csr.subject.addField = function(attr) { + _fillMissingFields([attr]); + csr.subject.attributes.push(attr); + }; + csr.subject.attributes = []; + csr.subject.hash = null; + csr.publicKey = null; + csr.attributes = []; + csr.getAttribute = function(sn) { + return _getAttribute(csr, sn); + }; + csr.addAttribute = function(attr) { + _fillMissingFields([attr]); + csr.attributes.push(attr); + }; + csr.md = null; + csr.setSubject = function(attrs) { + _fillMissingFields(attrs); + csr.subject.attributes = attrs; + csr.subject.hash = null; + }; + csr.setAttributes = function(attrs) { + _fillMissingFields(attrs); + csr.attributes = attrs; + }; + csr.sign = function(key, md) { + csr.md = md || forge.md.sha1.create(); + var algorithmOid = oids[csr.md.algorithm + "WithRSAEncryption"]; + if (!algorithmOid) { + var error3 = new Error("Could not compute certification request digest. Unknown message digest algorithm OID."); + error3.algorithm = csr.md.algorithm; throw error3; - } - var dk = forge.pbe.opensslDeriveBytes(password, iv.substr(0, 8), dkLen); - var cipher = cipherFn(dk); - cipher.start(iv); - cipher.update(asn1.toDer(pki2.privateKeyToAsn1(rsaKey))); - cipher.finish(); - var msg = { - type: "RSA PRIVATE KEY", - procType: { - version: "4", - type: "ENCRYPTED" - }, - dekInfo: { - algorithm, - parameters: forge.util.bytesToHex(iv).toUpperCase() - }, - body: cipher.output.getBytes() + } + csr.signatureOid = csr.siginfo.algorithmOid = algorithmOid; + csr.certificationRequestInfo = pki2.getCertificationRequestInfo(csr); + var bytes = asn1.toDer(csr.certificationRequestInfo); + csr.md.update(bytes.getBytes()); + csr.signature = key.sign(csr.md); }; - return forge.pem.encode(msg); - }; - pki2.decryptRsaPrivateKey = function(pem, password) { - var rval = null; - var msg = forge.pem.decode(pem)[0]; - if (msg.type !== "ENCRYPTED PRIVATE KEY" && msg.type !== "PRIVATE KEY" && msg.type !== "RSA PRIVATE KEY") { - var error3 = new Error('Could not convert private key from PEM; PEM header type is not "ENCRYPTED PRIVATE KEY", "PRIVATE KEY", or "RSA PRIVATE KEY".'); - error3.headerType = error3; - throw error3; - } - if (msg.procType && msg.procType.type === "ENCRYPTED") { - var dkLen; - var cipherFn; - switch (msg.dekInfo.algorithm) { - case "DES-CBC": - dkLen = 8; - cipherFn = forge.des.createDecryptionCipher; - break; - case "DES-EDE3-CBC": - dkLen = 24; - cipherFn = forge.des.createDecryptionCipher; - break; - case "AES-128-CBC": - dkLen = 16; - cipherFn = forge.aes.createDecryptionCipher; - break; - case "AES-192-CBC": - dkLen = 24; - cipherFn = forge.aes.createDecryptionCipher; - break; - case "AES-256-CBC": - dkLen = 32; - cipherFn = forge.aes.createDecryptionCipher; - break; - case "RC2-40-CBC": - dkLen = 5; - cipherFn = function(key) { - return forge.rc2.createDecryptionCipher(key, 40); - }; - break; - case "RC2-64-CBC": - dkLen = 8; - cipherFn = function(key) { - return forge.rc2.createDecryptionCipher(key, 64); - }; - break; - case "RC2-128-CBC": - dkLen = 16; - cipherFn = function(key) { - return forge.rc2.createDecryptionCipher(key, 128); - }; - break; - default: - var error3 = new Error('Could not decrypt private key; unsupported encryption algorithm "' + msg.dekInfo.algorithm + '".'); - error3.algorithm = msg.dekInfo.algorithm; - throw error3; + csr.verify = function() { + var rval = false; + var md = csr.md; + if (md === null) { + md = _createSignatureDigest({ + signatureOid: csr.signatureOid, + type: "certification request" + }); + var cri = csr.certificationRequestInfo || pki2.getCertificationRequestInfo(csr); + var bytes = asn1.toDer(cri); + md.update(bytes.getBytes()); } - var iv = forge.util.hexToBytes(msg.dekInfo.parameters); - var dk = forge.pbe.opensslDeriveBytes(password, iv.substr(0, 8), dkLen); - var cipher = cipherFn(dk); - cipher.start(iv); - cipher.update(forge.util.createBuffer(msg.body)); - if (cipher.finish()) { - rval = cipher.output.getBytes(); - } else { - return rval; + if (md !== null) { + rval = _verifySignature({ + certificate: csr, + md, + signature: csr.signature + }); } - } else { - rval = msg.body; - } - if (msg.type === "ENCRYPTED PRIVATE KEY") { - rval = pki2.decryptPrivateKeyInfo(asn1.fromDer(rval), password); - } else { - rval = asn1.fromDer(rval); - } - if (rval !== null) { - rval = pki2.privateKeyFromAsn1(rval); - } - return rval; + return rval; + }; + return csr; }; - pki2.pbe.generatePkcs12Key = function(password, salt, id, iter, n, md) { - var j, l; - if (typeof md === "undefined" || md === null) { - if (!("sha1" in forge.md)) { - throw new Error('"sha1" hash algorithm unavailable.'); + function _dnToAsn1(obj) { + var rval = asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.SEQUENCE, + true, + [] + ); + var attr, set2; + var attrs = obj.attributes; + for (var i = 0; i < attrs.length; ++i) { + attr = attrs[i]; + var value = attr.value; + var valueTagClass = asn1.Type.PRINTABLESTRING; + if ("valueTagClass" in attr) { + valueTagClass = attr.valueTagClass; + if (valueTagClass === asn1.Type.UTF8) { + value = forge.util.encodeUtf8(value); + } } - md = forge.md.sha1.create(); + set2 = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [ + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // AttributeType + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(attr.type).getBytes() + ), + // AttributeValue + asn1.create(asn1.Class.UNIVERSAL, valueTagClass, false, value) + ]) + ]); + rval.value.push(set2); } - var u = md.digestLength; - var v = md.blockLength; - var result = new forge.util.ByteBuffer(); - var passBuf = new forge.util.ByteBuffer(); - if (password !== null && password !== void 0) { - for (l = 0; l < password.length; l++) { - passBuf.putInt16(password.charCodeAt(l)); + return rval; + } + function _fillMissingFields(attrs) { + var attr; + for (var i = 0; i < attrs.length; ++i) { + attr = attrs[i]; + if (typeof attr.name === "undefined") { + if (attr.type && attr.type in pki2.oids) { + attr.name = pki2.oids[attr.type]; + } else if (attr.shortName && attr.shortName in _shortNames) { + attr.name = pki2.oids[_shortNames[attr.shortName]]; + } } - passBuf.putInt16(0); - } - var p = passBuf.length(); - var s = salt.length(); - var D = new forge.util.ByteBuffer(); - D.fillWithByte(id, v); - var Slen = v * Math.ceil(s / v); - var S = new forge.util.ByteBuffer(); - for (l = 0; l < Slen; l++) { - S.putByte(salt.at(l % s)); - } - var Plen = v * Math.ceil(p / v); - var P = new forge.util.ByteBuffer(); - for (l = 0; l < Plen; l++) { - P.putByte(passBuf.at(l % p)); - } - var I = S; - I.putBuffer(P); - var c = Math.ceil(n / u); - for (var i = 1; i <= c; i++) { - var buf = new forge.util.ByteBuffer(); - buf.putBytes(D.bytes()); - buf.putBytes(I.bytes()); - for (var round = 0; round < iter; round++) { - md.start(); - md.update(buf.getBytes()); - buf = md.digest(); + if (typeof attr.type === "undefined") { + if (attr.name && attr.name in pki2.oids) { + attr.type = pki2.oids[attr.name]; + } else { + var error3 = new Error("Attribute type not specified."); + error3.attribute = attr; + throw error3; + } } - var B = new forge.util.ByteBuffer(); - for (l = 0; l < v; l++) { - B.putByte(buf.at(l % u)); + if (typeof attr.shortName === "undefined") { + if (attr.name && attr.name in _shortNames) { + attr.shortName = _shortNames[attr.name]; + } } - var k = Math.ceil(s / v) + Math.ceil(p / v); - var Inew = new forge.util.ByteBuffer(); - for (j = 0; j < k; j++) { - var chunk = new forge.util.ByteBuffer(I.getBytes(v)); - var x = 511; - for (l = B.length() - 1; l >= 0; l--) { - x = x >> 8; - x += B.at(l) + chunk.at(l); - chunk.setAt(l, x & 255); + if (attr.type === oids.extensionRequest) { + attr.valueConstructed = true; + attr.valueTagClass = asn1.Type.SEQUENCE; + if (!attr.value && attr.extensions) { + attr.value = []; + for (var ei = 0; ei < attr.extensions.length; ++ei) { + attr.value.push(pki2.certificateExtensionToAsn1( + _fillMissingExtensionFields(attr.extensions[ei]) + )); + } } - Inew.putBuffer(chunk); } - I = Inew; - result.putBuffer(buf); - } - result.truncate(result.length() - n); - return result; - }; - pki2.pbe.getCipher = function(oid, params, password) { - switch (oid) { - case pki2.oids["pkcs5PBES2"]: - return pki2.pbe.getCipherForPBES2(oid, params, password); - case pki2.oids["pbeWithSHAAnd3-KeyTripleDES-CBC"]: - case pki2.oids["pbewithSHAAnd40BitRC2-CBC"]: - return pki2.pbe.getCipherForPKCS12PBE(oid, params, password); - default: - var error3 = new Error("Cannot read encrypted PBE data block. Unsupported OID."); - error3.oid = oid; - error3.supportedOids = [ - "pkcs5PBES2", - "pbeWithSHAAnd3-KeyTripleDES-CBC", - "pbewithSHAAnd40BitRC2-CBC" - ]; - throw error3; - } - }; - pki2.pbe.getCipherForPBES2 = function(oid, params, password) { - var capture = {}; - var errors = []; - if (!asn1.validate(params, PBES2AlgorithmsValidator, capture, errors)) { - var error3 = new Error("Cannot read password-based-encryption algorithm parameters. ASN.1 object is not a supported EncryptedPrivateKeyInfo."); - error3.errors = errors; - throw error3; - } - oid = asn1.derToOid(capture.kdfOid); - if (oid !== pki2.oids["pkcs5PBKDF2"]) { - var error3 = new Error("Cannot read encrypted private key. Unsupported key derivation function OID."); - error3.oid = oid; - error3.supportedOids = ["pkcs5PBKDF2"]; - throw error3; - } - oid = asn1.derToOid(capture.encOid); - if (oid !== pki2.oids["aes128-CBC"] && oid !== pki2.oids["aes192-CBC"] && oid !== pki2.oids["aes256-CBC"] && oid !== pki2.oids["des-EDE3-CBC"] && oid !== pki2.oids["desCBC"]) { - var error3 = new Error("Cannot read encrypted private key. Unsupported encryption scheme OID."); - error3.oid = oid; - error3.supportedOids = [ - "aes128-CBC", - "aes192-CBC", - "aes256-CBC", - "des-EDE3-CBC", - "desCBC" - ]; - throw error3; - } - var salt = capture.kdfSalt; - var count = forge.util.createBuffer(capture.kdfIterationCount); - count = count.getInt(count.length() << 3); - var dkLen; - var cipherFn; - switch (pki2.oids[oid]) { - case "aes128-CBC": - dkLen = 16; - cipherFn = forge.aes.createDecryptionCipher; - break; - case "aes192-CBC": - dkLen = 24; - cipherFn = forge.aes.createDecryptionCipher; - break; - case "aes256-CBC": - dkLen = 32; - cipherFn = forge.aes.createDecryptionCipher; - break; - case "des-EDE3-CBC": - dkLen = 24; - cipherFn = forge.des.createDecryptionCipher; - break; - case "desCBC": - dkLen = 8; - cipherFn = forge.des.createDecryptionCipher; - break; - } - var md = prfOidToMessageDigest(capture.prfOid); - var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen, md); - var iv = capture.encIv; - var cipher = cipherFn(dk); - cipher.start(iv); - return cipher; - }; - pki2.pbe.getCipherForPKCS12PBE = function(oid, params, password) { - var capture = {}; - var errors = []; - if (!asn1.validate(params, pkcs12PbeParamsValidator, capture, errors)) { - var error3 = new Error("Cannot read password-based-encryption algorithm parameters. ASN.1 object is not a supported EncryptedPrivateKeyInfo."); - error3.errors = errors; - throw error3; - } - var salt = forge.util.createBuffer(capture.salt); - var count = forge.util.createBuffer(capture.iterations); - count = count.getInt(count.length() << 3); - var dkLen, dIvLen, cipherFn; - switch (oid) { - case pki2.oids["pbeWithSHAAnd3-KeyTripleDES-CBC"]: - dkLen = 24; - dIvLen = 8; - cipherFn = forge.des.startDecrypting; - break; - case pki2.oids["pbewithSHAAnd40BitRC2-CBC"]: - dkLen = 5; - dIvLen = 8; - cipherFn = function(key2, iv2) { - var cipher = forge.rc2.createDecryptionCipher(key2, 40); - cipher.start(iv2, null); - return cipher; - }; - break; - default: - var error3 = new Error("Cannot read PKCS #12 PBE data block. Unsupported OID."); - error3.oid = oid; + if (typeof attr.value === "undefined") { + var error3 = new Error("Attribute value not specified."); + error3.attribute = attr; throw error3; - } - var md = prfOidToMessageDigest(capture.prfOid); - var key = pki2.pbe.generatePkcs12Key(password, salt, 1, count, dkLen, md); - md.start(); - var iv = pki2.pbe.generatePkcs12Key(password, salt, 2, count, dIvLen, md); - return cipherFn(key, iv); - }; - pki2.pbe.opensslDeriveBytes = function(password, salt, dkLen, md) { - if (typeof md === "undefined" || md === null) { - if (!("md5" in forge.md)) { - throw new Error('"md5" hash algorithm unavailable.'); } - md = forge.md.md5.create(); - } - if (salt === null) { - salt = ""; } - var digests = [hash(md, password + salt)]; - for (var length = 16, i = 1; length < dkLen; ++i, length += 16) { - digests.push(hash(md, digests[i - 1] + password + salt)); - } - return digests.join("").substr(0, dkLen); - }; - function hash(md, bytes) { - return md.start().update(bytes).digest().getBytes(); } - function prfOidToMessageDigest(prfOid) { - var prfAlgorithm; - if (!prfOid) { - prfAlgorithm = "hmacWithSHA1"; - } else { - prfAlgorithm = pki2.oids[asn1.derToOid(prfOid)]; - if (!prfAlgorithm) { - var error3 = new Error("Unsupported PRF OID."); - error3.oid = prfOid; - error3.supported = [ - "hmacWithSHA1", - "hmacWithSHA224", - "hmacWithSHA256", - "hmacWithSHA384", - "hmacWithSHA512" - ]; - throw error3; + function _fillMissingExtensionFields(e, options) { + options = options || {}; + if (typeof e.name === "undefined") { + if (e.id && e.id in pki2.oids) { + e.name = pki2.oids[e.id]; } } - return prfAlgorithmToMessageDigest(prfAlgorithm); - } - function prfAlgorithmToMessageDigest(prfAlgorithm) { - var factory = forge.md; - switch (prfAlgorithm) { - case "hmacWithSHA224": - factory = forge.md.sha512; - case "hmacWithSHA1": - case "hmacWithSHA256": - case "hmacWithSHA384": - case "hmacWithSHA512": - prfAlgorithm = prfAlgorithm.substr(8).toLowerCase(); - break; - default: - var error3 = new Error("Unsupported PRF algorithm."); - error3.algorithm = prfAlgorithm; - error3.supported = [ - "hmacWithSHA1", - "hmacWithSHA224", - "hmacWithSHA256", - "hmacWithSHA384", - "hmacWithSHA512" - ]; + if (typeof e.id === "undefined") { + if (e.name && e.name in pki2.oids) { + e.id = pki2.oids[e.name]; + } else { + var error3 = new Error("Extension ID not specified."); + error3.extension = e; throw error3; + } } - if (!factory || !(prfAlgorithm in factory)) { - throw new Error("Unknown hash algorithm: " + prfAlgorithm); + if (typeof e.value !== "undefined") { + return e; } - return factory[prfAlgorithm].create(); - } - function createPbkdf2Params(salt, countBytes, dkLen, prfAlgorithm) { - var params = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // salt - asn1.create( + if (e.name === "keyUsage") { + var unused = 0; + var b2 = 0; + var b3 = 0; + if (e.digitalSignature) { + b2 |= 128; + unused = 7; + } + if (e.nonRepudiation) { + b2 |= 64; + unused = 6; + } + if (e.keyEncipherment) { + b2 |= 32; + unused = 5; + } + if (e.dataEncipherment) { + b2 |= 16; + unused = 4; + } + if (e.keyAgreement) { + b2 |= 8; + unused = 3; + } + if (e.keyCertSign) { + b2 |= 4; + unused = 2; + } + if (e.cRLSign) { + b2 |= 2; + unused = 1; + } + if (e.encipherOnly) { + b2 |= 1; + unused = 0; + } + if (e.decipherOnly) { + b3 |= 128; + unused = 7; + } + var value = String.fromCharCode(unused); + if (b3 !== 0) { + value += String.fromCharCode(b2) + String.fromCharCode(b3); + } else if (b2 !== 0) { + value += String.fromCharCode(b2); + } + e.value = asn1.create( asn1.Class.UNIVERSAL, - asn1.Type.OCTETSTRING, + asn1.Type.BITSTRING, false, - salt - ), - // iteration count - asn1.create( + value + ); + } else if (e.name === "basicConstraints") { + e.value = asn1.create( asn1.Class.UNIVERSAL, - asn1.Type.INTEGER, - false, - countBytes.getBytes() - ) - ]); - if (prfAlgorithm !== "hmacWithSHA1") { - params.value.push( - // key length - asn1.create( + asn1.Type.SEQUENCE, + true, + [] + ); + if (e.cA) { + e.value.value.push(asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.BOOLEAN, + false, + String.fromCharCode(255) + )); + } + if ("pathLenConstraint" in e) { + e.value.value.push(asn1.create( asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, - forge.util.hexToBytes(dkLen.toString(16)) - ), - // AlgorithmIdentifier - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // algorithm - asn1.create( + asn1.integerToDer(e.pathLenConstraint).getBytes() + )); + } + } else if (e.name === "extKeyUsage") { + e.value = asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.SEQUENCE, + true, + [] + ); + var seq2 = e.value.value; + for (var key in e) { + if (e[key] !== true) { + continue; + } + if (key in oids) { + seq2.push(asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OID, false, - asn1.oidToDer(pki2.oids[prfAlgorithm]).getBytes() - ), - // parameters (null) - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, "") - ]) - ); - } - return params; - } - } -}); - -// node_modules/node-forge/lib/pkcs7asn1.js -var require_pkcs7asn1 = __commonJS({ - "node_modules/node-forge/lib/pkcs7asn1.js"(exports2, module2) { - var forge = require_forge(); - require_asn1(); - require_util9(); - var asn1 = forge.asn1; - var p7v = module2.exports = forge.pkcs7asn1 = forge.pkcs7asn1 || {}; - forge.pkcs7 = forge.pkcs7 || {}; - forge.pkcs7.asn1 = p7v; - var contentInfoValidator = { - name: "ContentInfo", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "ContentInfo.ContentType", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "contentType" - }, { - name: "ContentInfo.content", - tagClass: asn1.Class.CONTEXT_SPECIFIC, - type: 0, - constructed: true, - optional: true, - captureAsn1: "content" - }] - }; - p7v.contentInfoValidator = contentInfoValidator; - var encryptedContentInfoValidator = { - name: "EncryptedContentInfo", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "EncryptedContentInfo.contentType", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "contentType" - }, { - name: "EncryptedContentInfo.contentEncryptionAlgorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "EncryptedContentInfo.contentEncryptionAlgorithm.algorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "encAlgorithm" - }, { - name: "EncryptedContentInfo.contentEncryptionAlgorithm.parameter", - tagClass: asn1.Class.UNIVERSAL, - captureAsn1: "encParameter" - }] - }, { - name: "EncryptedContentInfo.encryptedContent", - tagClass: asn1.Class.CONTEXT_SPECIFIC, - type: 0, - /* The PKCS#7 structure output by OpenSSL somewhat differs from what - * other implementations do generate. - * - * OpenSSL generates a structure like this: - * SEQUENCE { - * ... - * [0] - * 26 DA 67 D2 17 9C 45 3C B1 2A A8 59 2F 29 33 38 - * C3 C3 DF 86 71 74 7A 19 9F 40 D0 29 BE 85 90 45 - * ... - * } - * - * Whereas other implementations (and this PKCS#7 module) generate: - * SEQUENCE { - * ... - * [0] { - * OCTET STRING - * 26 DA 67 D2 17 9C 45 3C B1 2A A8 59 2F 29 33 38 - * C3 C3 DF 86 71 74 7A 19 9F 40 D0 29 BE 85 90 45 - * ... - * } - * } - * - * In order to support both, we just capture the context specific - * field here. The OCTET STRING bit is removed below. - */ - capture: "encryptedContent", - captureAsn1: "encryptedContentAsn1" - }] - }; - p7v.envelopedDataValidator = { - name: "EnvelopedData", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "EnvelopedData.Version", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "version" - }, { - name: "EnvelopedData.RecipientInfos", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SET, - constructed: true, - captureAsn1: "recipientInfos" - }].concat(encryptedContentInfoValidator) - }; - p7v.encryptedDataValidator = { - name: "EncryptedData", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "EncryptedData.Version", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "version" - }].concat(encryptedContentInfoValidator) - }; - var signerValidator = { - name: "SignerInfo", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "SignerInfo.version", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false - }, { - name: "SignerInfo.issuerAndSerialNumber", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "SignerInfo.issuerAndSerialNumber.issuer", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - captureAsn1: "issuer" - }, { - name: "SignerInfo.issuerAndSerialNumber.serialNumber", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "serial" - }] - }, { - name: "SignerInfo.digestAlgorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "SignerInfo.digestAlgorithm.algorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "digestAlgorithm" - }, { - name: "SignerInfo.digestAlgorithm.parameter", - tagClass: asn1.Class.UNIVERSAL, - constructed: false, - captureAsn1: "digestParameter", - optional: true - }] - }, { - name: "SignerInfo.authenticatedAttributes", - tagClass: asn1.Class.CONTEXT_SPECIFIC, - type: 0, - constructed: true, - optional: true, - capture: "authenticatedAttributes" - }, { - name: "SignerInfo.digestEncryptionAlgorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - capture: "signatureAlgorithm" - }, { - name: "SignerInfo.encryptedDigest", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OCTETSTRING, - constructed: false, - capture: "signature" - }, { - name: "SignerInfo.unauthenticatedAttributes", - tagClass: asn1.Class.CONTEXT_SPECIFIC, - type: 1, - constructed: true, - optional: true, - capture: "unauthenticatedAttributes" - }] - }; - p7v.signedDataValidator = { - name: "SignedData", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [ - { - name: "SignedData.Version", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "version" - }, - { - name: "SignedData.DigestAlgorithms", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SET, - constructed: true, - captureAsn1: "digestAlgorithms" - }, - contentInfoValidator, - { - name: "SignedData.Certificates", - tagClass: asn1.Class.CONTEXT_SPECIFIC, - type: 0, - optional: true, - captureAsn1: "certificates" - }, - { - name: "SignedData.CertificateRevocationLists", - tagClass: asn1.Class.CONTEXT_SPECIFIC, - type: 1, - optional: true, - captureAsn1: "crls" - }, - { - name: "SignedData.SignerInfos", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SET, - capture: "signerInfos", - optional: true, - value: [signerValidator] - } - ] - }; - p7v.recipientInfoValidator = { - name: "RecipientInfo", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "RecipientInfo.version", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "version" - }, { - name: "RecipientInfo.issuerAndSerial", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "RecipientInfo.issuerAndSerial.issuer", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - captureAsn1: "issuer" - }, { - name: "RecipientInfo.issuerAndSerial.serialNumber", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "serial" - }] - }, { - name: "RecipientInfo.keyEncryptionAlgorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "RecipientInfo.keyEncryptionAlgorithm.algorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "encAlgorithm" - }, { - name: "RecipientInfo.keyEncryptionAlgorithm.parameter", - tagClass: asn1.Class.UNIVERSAL, - constructed: false, - captureAsn1: "encParameter", - optional: true - }] - }, { - name: "RecipientInfo.encryptedKey", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OCTETSTRING, - constructed: false, - capture: "encKey" - }] - }; - } -}); - -// node_modules/node-forge/lib/mgf1.js -var require_mgf1 = __commonJS({ - "node_modules/node-forge/lib/mgf1.js"(exports2, module2) { - var forge = require_forge(); - require_util9(); - forge.mgf = forge.mgf || {}; - var mgf1 = module2.exports = forge.mgf.mgf1 = forge.mgf1 = forge.mgf1 || {}; - mgf1.create = function(md) { - var mgf = { - /** - * Generate mask of specified length. - * - * @param {String} seed The seed for mask generation. - * @param maskLen Number of bytes to generate. - * @return {String} The generated mask. - */ - generate: function(seed, maskLen) { - var t = new forge.util.ByteBuffer(); - var len = Math.ceil(maskLen / md.digestLength); - for (var i = 0; i < len; i++) { - var c = new forge.util.ByteBuffer(); - c.putInt32(i); - md.start(); - md.update(seed + c.getBytes()); - t.putBuffer(md.digest()); + asn1.oidToDer(oids[key]).getBytes() + )); + } else if (key.indexOf(".") !== -1) { + seq2.push(asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(key).getBytes() + )); } - t.truncate(t.length() - maskLen); - return t.getBytes(); } - }; - return mgf; - }; - } -}); - -// node_modules/node-forge/lib/mgf.js -var require_mgf = __commonJS({ - "node_modules/node-forge/lib/mgf.js"(exports2, module2) { - var forge = require_forge(); - require_mgf1(); - module2.exports = forge.mgf = forge.mgf || {}; - forge.mgf.mgf1 = forge.mgf1; - } -}); - -// node_modules/node-forge/lib/pss.js -var require_pss = __commonJS({ - "node_modules/node-forge/lib/pss.js"(exports2, module2) { - var forge = require_forge(); - require_random(); - require_util9(); - var pss = module2.exports = forge.pss = forge.pss || {}; - pss.create = function(options) { - if (arguments.length === 3) { - options = { - md: arguments[0], - mgf: arguments[1], - saltLength: arguments[2] - }; - } - var hash = options.md; - var mgf = options.mgf; - var hLen = hash.digestLength; - var salt_ = options.salt || null; - if (typeof salt_ === "string") { - salt_ = forge.util.createBuffer(salt_); - } - var sLen; - if ("saltLength" in options) { - sLen = options.saltLength; - } else if (salt_ !== null) { - sLen = salt_.length(); - } else { - throw new Error("Salt length not specified or specific salt not given."); - } - if (salt_ !== null && salt_.length() !== sLen) { - throw new Error("Given salt length does not match length of given salt."); - } - var prng = options.prng || forge.random; - var pssobj = {}; - pssobj.encode = function(md, modBits) { - var i; - var emBits = modBits - 1; - var emLen = Math.ceil(emBits / 8); - var mHash = md.digest().getBytes(); - if (emLen < hLen + sLen + 2) { - throw new Error("Message is too long to encrypt."); + } else if (e.name === "nsCertType") { + var unused = 0; + var b2 = 0; + if (e.client) { + b2 |= 128; + unused = 7; } - var salt; - if (salt_ === null) { - salt = prng.getBytesSync(sLen); - } else { - salt = salt_.bytes(); + if (e.server) { + b2 |= 64; + unused = 6; } - var m_ = new forge.util.ByteBuffer(); - m_.fillWithByte(0, 8); - m_.putBytes(mHash); - m_.putBytes(salt); - hash.start(); - hash.update(m_.getBytes()); - var h = hash.digest().getBytes(); - var ps = new forge.util.ByteBuffer(); - ps.fillWithByte(0, emLen - sLen - hLen - 2); - ps.putByte(1); - ps.putBytes(salt); - var db = ps.getBytes(); - var maskLen = emLen - hLen - 1; - var dbMask = mgf.generate(h, maskLen); - var maskedDB = ""; - for (i = 0; i < maskLen; i++) { - maskedDB += String.fromCharCode(db.charCodeAt(i) ^ dbMask.charCodeAt(i)); + if (e.email) { + b2 |= 32; + unused = 5; } - var mask = 65280 >> 8 * emLen - emBits & 255; - maskedDB = String.fromCharCode(maskedDB.charCodeAt(0) & ~mask) + maskedDB.substr(1); - return maskedDB + h + String.fromCharCode(188); - }; - pssobj.verify = function(mHash, em, modBits) { - var i; - var emBits = modBits - 1; - var emLen = Math.ceil(emBits / 8); - em = em.substr(-emLen); - if (emLen < hLen + sLen + 2) { - throw new Error("Inconsistent parameters to PSS signature verification."); + if (e.objsign) { + b2 |= 16; + unused = 4; } - if (em.charCodeAt(emLen - 1) !== 188) { - throw new Error("Encoded message does not end in 0xBC."); + if (e.reserved) { + b2 |= 8; + unused = 3; } - var maskLen = emLen - hLen - 1; - var maskedDB = em.substr(0, maskLen); - var h = em.substr(maskLen, hLen); - var mask = 65280 >> 8 * emLen - emBits & 255; - if ((maskedDB.charCodeAt(0) & mask) !== 0) { - throw new Error("Bits beyond keysize not zero as expected."); + if (e.sslCA) { + b2 |= 4; + unused = 2; } - var dbMask = mgf.generate(h, maskLen); - var db = ""; - for (i = 0; i < maskLen; i++) { - db += String.fromCharCode(maskedDB.charCodeAt(i) ^ dbMask.charCodeAt(i)); + if (e.emailCA) { + b2 |= 2; + unused = 1; } - db = String.fromCharCode(db.charCodeAt(0) & ~mask) + db.substr(1); - var checkLen = emLen - hLen - sLen - 2; - for (i = 0; i < checkLen; i++) { - if (db.charCodeAt(i) !== 0) { - throw new Error("Leftmost octets not zero as expected"); - } + if (e.objCA) { + b2 |= 1; + unused = 0; } - if (db.charCodeAt(checkLen) !== 1) { - throw new Error("Inconsistent PSS signature, 0x01 marker not found"); + var value = String.fromCharCode(unused); + if (b2 !== 0) { + value += String.fromCharCode(b2); } - var salt = db.substr(-sLen); - var m_ = new forge.util.ByteBuffer(); - m_.fillWithByte(0, 8); - m_.putBytes(mHash); - m_.putBytes(salt); - hash.start(); - hash.update(m_.getBytes()); - var h_ = hash.digest().getBytes(); - return h === h_; - }; - return pssobj; - }; - } -}); - -// node_modules/node-forge/lib/x509.js -var require_x509 = __commonJS({ - "node_modules/node-forge/lib/x509.js"(exports2, module2) { - var forge = require_forge(); - require_aes(); - require_asn1(); - require_des(); - require_md(); - require_mgf(); - require_oids(); - require_pem(); - require_pss(); - require_rsa(); - require_util9(); - var asn1 = forge.asn1; - var pki2 = module2.exports = forge.pki = forge.pki || {}; - var oids = pki2.oids; - var _shortNames = {}; - _shortNames["CN"] = oids["commonName"]; - _shortNames["commonName"] = "CN"; - _shortNames["C"] = oids["countryName"]; - _shortNames["countryName"] = "C"; - _shortNames["L"] = oids["localityName"]; - _shortNames["localityName"] = "L"; - _shortNames["ST"] = oids["stateOrProvinceName"]; - _shortNames["stateOrProvinceName"] = "ST"; - _shortNames["O"] = oids["organizationName"]; - _shortNames["organizationName"] = "O"; - _shortNames["OU"] = oids["organizationalUnitName"]; - _shortNames["organizationalUnitName"] = "OU"; - _shortNames["E"] = oids["emailAddress"]; - _shortNames["emailAddress"] = "E"; - var publicKeyValidator = forge.pki.rsa.publicKeyValidator; - var x509CertificateValidator = { - name: "Certificate", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "Certificate.TBSCertificate", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - captureAsn1: "tbsCertificate", - value: [ - { - name: "Certificate.TBSCertificate.version", - tagClass: asn1.Class.CONTEXT_SPECIFIC, - type: 0, - constructed: true, - optional: true, - value: [{ - name: "Certificate.TBSCertificate.version.integer", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "certVersion" - }] - }, - { - name: "Certificate.TBSCertificate.serialNumber", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "certSerialNumber" - }, - { - name: "Certificate.TBSCertificate.signature", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "Certificate.TBSCertificate.signature.algorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "certinfoSignatureOid" - }, { - name: "Certificate.TBSCertificate.signature.parameters", - tagClass: asn1.Class.UNIVERSAL, - optional: true, - captureAsn1: "certinfoSignatureParams" - }] - }, - { - name: "Certificate.TBSCertificate.issuer", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - captureAsn1: "certIssuer" - }, - { - name: "Certificate.TBSCertificate.validity", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - // Note: UTC and generalized times may both appear so the capture - // names are based on their detected order, the names used below - // are only for the common case, which validity time really means - // "notBefore" and which means "notAfter" will be determined by order - value: [{ - // notBefore (Time) (UTC time case) - name: "Certificate.TBSCertificate.validity.notBefore (utc)", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.UTCTIME, - constructed: false, - optional: true, - capture: "certValidity1UTCTime" - }, { - // notBefore (Time) (generalized time case) - name: "Certificate.TBSCertificate.validity.notBefore (generalized)", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.GENERALIZEDTIME, - constructed: false, - optional: true, - capture: "certValidity2GeneralizedTime" - }, { - // notAfter (Time) (only UTC time is supported) - name: "Certificate.TBSCertificate.validity.notAfter (utc)", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.UTCTIME, - constructed: false, - optional: true, - capture: "certValidity3UTCTime" - }, { - // notAfter (Time) (only UTC time is supported) - name: "Certificate.TBSCertificate.validity.notAfter (generalized)", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.GENERALIZEDTIME, - constructed: false, - optional: true, - capture: "certValidity4GeneralizedTime" - }] - }, - { - // Name (subject) (RDNSequence) - name: "Certificate.TBSCertificate.subject", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - captureAsn1: "certSubject" - }, - // SubjectPublicKeyInfo - publicKeyValidator, - { - // issuerUniqueID (optional) - name: "Certificate.TBSCertificate.issuerUniqueID", - tagClass: asn1.Class.CONTEXT_SPECIFIC, - type: 1, - constructed: true, - optional: true, - value: [{ - name: "Certificate.TBSCertificate.issuerUniqueID.id", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.BITSTRING, - constructed: false, - // TODO: support arbitrary bit length ids - captureBitStringValue: "certIssuerUniqueId" - }] - }, - { - // subjectUniqueID (optional) - name: "Certificate.TBSCertificate.subjectUniqueID", - tagClass: asn1.Class.CONTEXT_SPECIFIC, - type: 2, - constructed: true, - optional: true, - value: [{ - name: "Certificate.TBSCertificate.subjectUniqueID.id", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.BITSTRING, - constructed: false, - // TODO: support arbitrary bit length ids - captureBitStringValue: "certSubjectUniqueId" - }] - }, - { - // Extensions (optional) - name: "Certificate.TBSCertificate.extensions", - tagClass: asn1.Class.CONTEXT_SPECIFIC, - type: 3, - constructed: true, - captureAsn1: "certExtensions", - optional: true + e.value = asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.BITSTRING, + false, + value + ); + } else if (e.name === "subjectAltName" || e.name === "issuerAltName") { + e.value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); + var altName; + for (var n = 0; n < e.altNames.length; ++n) { + altName = e.altNames[n]; + var value = altName.value; + if (altName.type === 7 && altName.ip) { + value = forge.util.bytesFromIP(altName.ip); + if (value === null) { + var error3 = new Error( + 'Extension "ip" value is not a valid IPv4 or IPv6 address.' + ); + error3.extension = e; + throw error3; + } + } else if (altName.type === 8) { + if (altName.oid) { + value = asn1.oidToDer(asn1.oidToDer(altName.oid)); + } else { + value = asn1.oidToDer(value); + } } - ] - }, { - // AlgorithmIdentifier (signature algorithm) - name: "Certificate.signatureAlgorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - // algorithm - name: "Certificate.signatureAlgorithm.algorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "certSignatureOid" - }, { - name: "Certificate.TBSCertificate.signature.parameters", - tagClass: asn1.Class.UNIVERSAL, - optional: true, - captureAsn1: "certSignatureParams" - }] - }, { - // SignatureValue - name: "Certificate.signatureValue", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.BITSTRING, - constructed: false, - captureBitStringValue: "certSignature" - }] - }; - var rsassaPssParameterValidator = { - name: "rsapss", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "rsapss.hashAlgorithm", - tagClass: asn1.Class.CONTEXT_SPECIFIC, - type: 0, - constructed: true, - value: [{ - name: "rsapss.hashAlgorithm.AlgorithmIdentifier", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Class.SEQUENCE, - constructed: true, - optional: true, - value: [{ - name: "rsapss.hashAlgorithm.AlgorithmIdentifier.algorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "hashOid" - /* parameter block omitted, for SHA1 NULL anyhow. */ - }] - }] - }, { - name: "rsapss.maskGenAlgorithm", - tagClass: asn1.Class.CONTEXT_SPECIFIC, - type: 1, - constructed: true, - value: [{ - name: "rsapss.maskGenAlgorithm.AlgorithmIdentifier", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Class.SEQUENCE, - constructed: true, - optional: true, - value: [{ - name: "rsapss.maskGenAlgorithm.AlgorithmIdentifier.algorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "maskGenOid" - }, { - name: "rsapss.maskGenAlgorithm.AlgorithmIdentifier.params", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "rsapss.maskGenAlgorithm.AlgorithmIdentifier.params.algorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "maskGenHashOid" - /* parameter block omitted, for SHA1 NULL anyhow. */ - }] - }] - }] - }, { - name: "rsapss.saltLength", - tagClass: asn1.Class.CONTEXT_SPECIFIC, - type: 2, - optional: true, - value: [{ - name: "rsapss.saltLength.saltLength", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Class.INTEGER, - constructed: false, - capture: "saltLength" - }] - }, { - name: "rsapss.trailerField", - tagClass: asn1.Class.CONTEXT_SPECIFIC, - type: 3, - optional: true, - value: [{ - name: "rsapss.trailer.trailer", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Class.INTEGER, - constructed: false, - capture: "trailer" - }] - }] - }; - var certificationRequestInfoValidator = { - name: "CertificationRequestInfo", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - captureAsn1: "certificationRequestInfo", - value: [ - { - name: "CertificationRequestInfo.integer", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "certificationRequestInfoVersion" - }, - { - // Name (subject) (RDNSequence) - name: "CertificationRequestInfo.subject", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - captureAsn1: "certificationRequestInfoSubject" - }, - // SubjectPublicKeyInfo - publicKeyValidator, - { - name: "CertificationRequestInfo.attributes", - tagClass: asn1.Class.CONTEXT_SPECIFIC, - type: 0, - constructed: true, - optional: true, - capture: "certificationRequestInfoAttributes", - value: [{ - name: "CertificationRequestInfo.attributes", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "CertificationRequestInfo.attributes.type", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false - }, { - name: "CertificationRequestInfo.attributes.value", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SET, - constructed: true - }] - }] + e.value.value.push(asn1.create( + asn1.Class.CONTEXT_SPECIFIC, + altName.type, + false, + value + )); } - ] - }; - var certificationRequestValidator = { - name: "CertificationRequest", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - captureAsn1: "csr", - value: [ - certificationRequestInfoValidator, - { - // AlgorithmIdentifier (signature algorithm) - name: "CertificationRequest.signatureAlgorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - // algorithm - name: "CertificationRequest.signatureAlgorithm.algorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "csrSignatureOid" - }, { - name: "CertificationRequest.signatureAlgorithm.parameters", - tagClass: asn1.Class.UNIVERSAL, - optional: true, - captureAsn1: "csrSignatureParams" - }] - }, - { - // signature - name: "CertificationRequest.signature", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.BITSTRING, - constructed: false, - captureBitStringValue: "csrSignature" + } else if (e.name === "nsComment" && options.cert) { + if (!/^[\x00-\x7F]*$/.test(e.comment) || e.comment.length < 1 || e.comment.length > 128) { + throw new Error('Invalid "nsComment" content.'); } - ] - }; - pki2.RDNAttributesAsArray = function(rdn, md) { - var rval = []; - var set2, attr, obj; - for (var si = 0; si < rdn.value.length; ++si) { - set2 = rdn.value[si]; - for (var i = 0; i < set2.value.length; ++i) { - obj = {}; - attr = set2.value[i]; - obj.type = asn1.derToOid(attr.value[0].value); - obj.value = attr.value[1].value; - obj.valueTagClass = attr.value[1].type; - if (obj.type in oids) { - obj.name = oids[obj.type]; - if (obj.name in _shortNames) { - obj.shortName = _shortNames[obj.name]; - } - } - if (md) { - md.update(obj.type); - md.update(obj.value); - } - rval.push(obj); + e.value = asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.IA5STRING, + false, + e.comment + ); + } else if (e.name === "subjectKeyIdentifier" && options.cert) { + var ski = options.cert.generateSubjectKeyIdentifier(); + e.subjectKeyIdentifier = ski.toHex(); + e.value = asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OCTETSTRING, + false, + ski.getBytes() + ); + } else if (e.name === "authorityKeyIdentifier" && options.cert) { + e.value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); + var seq2 = e.value.value; + if (e.keyIdentifier) { + var keyIdentifier = e.keyIdentifier === true ? options.cert.generateSubjectKeyIdentifier().getBytes() : e.keyIdentifier; + seq2.push( + asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, false, keyIdentifier) + ); } - } - return rval; - }; - pki2.CRIAttributesAsArray = function(attributes) { - var rval = []; - for (var si = 0; si < attributes.length; ++si) { - var seq2 = attributes[si]; - var type2 = asn1.derToOid(seq2.value[0].value); - var values = seq2.value[1].value; - for (var vi = 0; vi < values.length; ++vi) { - var obj = {}; - obj.type = type2; - obj.value = values[vi].value; - obj.valueTagClass = values[vi].type; - if (obj.type in oids) { - obj.name = oids[obj.type]; - if (obj.name in _shortNames) { - obj.shortName = _shortNames[obj.name]; - } - } - if (obj.type === oids.extensionRequest) { - obj.extensions = []; - for (var ei = 0; ei < obj.value.length; ++ei) { - obj.extensions.push(pki2.certificateExtensionFromAsn1(obj.value[ei])); - } - } - rval.push(obj); + if (e.authorityCertIssuer) { + var authorityCertIssuer = [ + asn1.create(asn1.Class.CONTEXT_SPECIFIC, 4, true, [ + _dnToAsn1(e.authorityCertIssuer === true ? options.cert.issuer : e.authorityCertIssuer) + ]) + ]; + seq2.push( + asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, authorityCertIssuer) + ); } - } - return rval; - }; - function _getAttribute(obj, options) { - if (typeof options === "string") { - options = { shortName: options }; - } - var rval = null; - var attr; - for (var i = 0; rval === null && i < obj.attributes.length; ++i) { - attr = obj.attributes[i]; - if (options.type && options.type === attr.type) { - rval = attr; - } else if (options.name && options.name === attr.name) { - rval = attr; - } else if (options.shortName && options.shortName === attr.shortName) { - rval = attr; + if (e.serialNumber) { + var serialNumber = forge.util.hexToBytes(e.serialNumber === true ? options.cert.serialNumber : e.serialNumber); + seq2.push( + asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, false, serialNumber) + ); } - } - return rval; - } - var _readSignatureParameters = function(oid, obj, fillDefaults) { - var params = {}; - if (oid !== oids["RSASSA-PSS"]) { - return params; - } - if (fillDefaults) { - params = { - hash: { - algorithmOid: oids["sha1"] - }, - mgf: { - algorithmOid: oids["mgf1"], - hash: { - algorithmOid: oids["sha1"] + } else if (e.name === "cRLDistributionPoints") { + e.value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); + var seq2 = e.value.value; + var subSeq = asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.SEQUENCE, + true, + [] + ); + var fullNameGeneralNames = asn1.create( + asn1.Class.CONTEXT_SPECIFIC, + 0, + true, + [] + ); + var altName; + for (var n = 0; n < e.altNames.length; ++n) { + altName = e.altNames[n]; + var value = altName.value; + if (altName.type === 7 && altName.ip) { + value = forge.util.bytesFromIP(altName.ip); + if (value === null) { + var error3 = new Error( + 'Extension "ip" value is not a valid IPv4 or IPv6 address.' + ); + error3.extension = e; + throw error3; } - }, - saltLength: 20 - }; + } else if (altName.type === 8) { + if (altName.oid) { + value = asn1.oidToDer(asn1.oidToDer(altName.oid)); + } else { + value = asn1.oidToDer(value); + } + } + fullNameGeneralNames.value.push(asn1.create( + asn1.Class.CONTEXT_SPECIFIC, + altName.type, + false, + value + )); + } + subSeq.value.push(asn1.create( + asn1.Class.CONTEXT_SPECIFIC, + 0, + true, + [fullNameGeneralNames] + )); + seq2.push(subSeq); } - var capture = {}; - var errors = []; - if (!asn1.validate(obj, rsassaPssParameterValidator, capture, errors)) { - var error3 = new Error("Cannot read RSASSA-PSS parameter block."); - error3.errors = errors; + if (typeof e.value === "undefined") { + var error3 = new Error("Extension value not specified."); + error3.extension = e; throw error3; } - if (capture.hashOid !== void 0) { - params.hash = params.hash || {}; - params.hash.algorithmOid = asn1.derToOid(capture.hashOid); - } - if (capture.maskGenOid !== void 0) { - params.mgf = params.mgf || {}; - params.mgf.algorithmOid = asn1.derToOid(capture.maskGenOid); - params.mgf.hash = params.mgf.hash || {}; - params.mgf.hash.algorithmOid = asn1.derToOid(capture.maskGenHashOid); - } - if (capture.saltLength !== void 0) { - params.saltLength = capture.saltLength.charCodeAt(0); - } - return params; - }; - var _createSignatureDigest = function(options) { - switch (oids[options.signatureOid]) { - case "sha1WithRSAEncryption": - // deprecated alias - case "sha1WithRSASignature": - return forge.md.sha1.create(); - case "md5WithRSAEncryption": - return forge.md.md5.create(); - case "sha256WithRSAEncryption": - return forge.md.sha256.create(); - case "sha384WithRSAEncryption": - return forge.md.sha384.create(); - case "sha512WithRSAEncryption": - return forge.md.sha512.create(); - case "RSASSA-PSS": - return forge.md.sha256.create(); - default: - var error3 = new Error( - "Could not compute " + options.type + " digest. Unknown signature OID." - ); - error3.signatureOid = options.signatureOid; - throw error3; - } - }; - var _verifySignature = function(options) { - var cert = options.certificate; - var scheme; - switch (cert.signatureOid) { - case oids.sha1WithRSAEncryption: - // deprecated alias - case oids.sha1WithRSASignature: - break; + return e; + } + function _signatureParametersToAsn1(oid, params) { + switch (oid) { case oids["RSASSA-PSS"]: - var hash, mgf; - hash = oids[cert.signatureParameters.mgf.hash.algorithmOid]; - if (hash === void 0 || forge.md[hash] === void 0) { - var error3 = new Error("Unsupported MGF hash function."); - error3.oid = cert.signatureParameters.mgf.hash.algorithmOid; - error3.name = hash; - throw error3; + var parts = []; + if (params.hash.algorithmOid !== void 0) { + parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(params.hash.algorithmOid).getBytes() + ), + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, "") + ]) + ])); } - mgf = oids[cert.signatureParameters.mgf.algorithmOid]; - if (mgf === void 0 || forge.mgf[mgf] === void 0) { - var error3 = new Error("Unsupported MGF function."); - error3.oid = cert.signatureParameters.mgf.algorithmOid; - error3.name = mgf; - throw error3; + if (params.mgf.algorithmOid !== void 0) { + parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, [ + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(params.mgf.algorithmOid).getBytes() + ), + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(params.mgf.hash.algorithmOid).getBytes() + ), + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, "") + ]) + ]) + ])); } - mgf = forge.mgf[mgf].create(forge.md[hash].create()); - hash = oids[cert.signatureParameters.hash.algorithmOid]; - if (hash === void 0 || forge.md[hash] === void 0) { - var error3 = new Error("Unsupported RSASSA-PSS hash function."); - error3.oid = cert.signatureParameters.hash.algorithmOid; - error3.name = hash; - throw error3; + if (params.saltLength !== void 0) { + parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, true, [ + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.INTEGER, + false, + asn1.integerToDer(params.saltLength).getBytes() + ) + ])); } - scheme = forge.pss.create( - forge.md[hash].create(), - mgf, - cert.signatureParameters.saltLength - ); - break; + return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, parts); + default: + return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, ""); } - return cert.publicKey.verify( - options.md.digest().getBytes(), - options.signature, - scheme - ); - }; - pki2.certificateFromPem = function(pem, computeHash, strict) { - var msg = forge.pem.decode(pem)[0]; - if (msg.type !== "CERTIFICATE" && msg.type !== "X509 CERTIFICATE" && msg.type !== "TRUSTED CERTIFICATE") { - var error3 = new Error( - 'Could not convert certificate from PEM; PEM header type is not "CERTIFICATE", "X509 CERTIFICATE", or "TRUSTED CERTIFICATE".' + } + function _CRIAttributesToAsn1(csr) { + var rval = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, []); + if (csr.attributes.length === 0) { + return rval; + } + var attrs = csr.attributes; + for (var i = 0; i < attrs.length; ++i) { + var attr = attrs[i]; + var value = attr.value; + var valueTagClass = asn1.Type.UTF8; + if ("valueTagClass" in attr) { + valueTagClass = attr.valueTagClass; + } + if (valueTagClass === asn1.Type.UTF8) { + value = forge.util.encodeUtf8(value); + } + var valueConstructed = false; + if ("valueConstructed" in attr) { + valueConstructed = attr.valueConstructed; + } + var seq2 = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // AttributeType + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(attr.type).getBytes() + ), + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [ + // AttributeValue + asn1.create( + asn1.Class.UNIVERSAL, + valueTagClass, + valueConstructed, + value + ) + ]) + ]); + rval.value.push(seq2); + } + return rval; + } + var jan_1_1950 = /* @__PURE__ */ new Date("1950-01-01T00:00:00Z"); + var jan_1_2050 = /* @__PURE__ */ new Date("2050-01-01T00:00:00Z"); + function _dateToAsn1(date) { + if (date >= jan_1_1950 && date < jan_1_2050) { + return asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.UTCTIME, + false, + asn1.dateToUtcTime(date) + ); + } else { + return asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.GENERALIZEDTIME, + false, + asn1.dateToGeneralizedTime(date) ); - error3.headerType = msg.type; - throw error3; } - if (msg.procType && msg.procType.type === "ENCRYPTED") { - throw new Error( - "Could not convert certificate from PEM; PEM is encrypted." + } + pki2.getTBSCertificate = function(cert) { + var notBefore = _dateToAsn1(cert.validity.notBefore); + var notAfter = _dateToAsn1(cert.validity.notAfter); + var tbs = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // version + asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ + // integer + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.INTEGER, + false, + asn1.integerToDer(cert.version).getBytes() + ) + ]), + // serialNumber + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.INTEGER, + false, + forge.util.hexToBytes(cert.serialNumber) + ), + // signature + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // algorithm + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(cert.siginfo.algorithmOid).getBytes() + ), + // parameters + _signatureParametersToAsn1( + cert.siginfo.algorithmOid, + cert.siginfo.parameters + ) + ]), + // issuer + _dnToAsn1(cert.issuer), + // validity + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + notBefore, + notAfter + ]), + // subject + _dnToAsn1(cert.subject), + // SubjectPublicKeyInfo + pki2.publicKeyToAsn1(cert.publicKey) + ]); + if (cert.issuer.uniqueId) { + tbs.value.push( + asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, [ + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.BITSTRING, + false, + // TODO: support arbitrary bit length ids + String.fromCharCode(0) + cert.issuer.uniqueId + ) + ]) ); } - var obj = asn1.fromDer(msg.body, strict); - return pki2.certificateFromAsn1(obj, computeHash); - }; - pki2.certificateToPem = function(cert, maxline) { - var msg = { - type: "CERTIFICATE", - body: asn1.toDer(pki2.certificateToAsn1(cert)).getBytes() - }; - return forge.pem.encode(msg, { maxline }); - }; - pki2.publicKeyFromPem = function(pem) { - var msg = forge.pem.decode(pem)[0]; - if (msg.type !== "PUBLIC KEY" && msg.type !== "RSA PUBLIC KEY") { - var error3 = new Error('Could not convert public key from PEM; PEM header type is not "PUBLIC KEY" or "RSA PUBLIC KEY".'); - error3.headerType = msg.type; - throw error3; + if (cert.subject.uniqueId) { + tbs.value.push( + asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, true, [ + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.BITSTRING, + false, + // TODO: support arbitrary bit length ids + String.fromCharCode(0) + cert.subject.uniqueId + ) + ]) + ); } - if (msg.procType && msg.procType.type === "ENCRYPTED") { - throw new Error("Could not convert public key from PEM; PEM is encrypted."); + if (cert.extensions.length > 0) { + tbs.value.push(pki2.certificateExtensionsToAsn1(cert.extensions)); } - var obj = asn1.fromDer(msg.body); - return pki2.publicKeyFromAsn1(obj); + return tbs; }; - pki2.publicKeyToPem = function(key, maxline) { - var msg = { - type: "PUBLIC KEY", - body: asn1.toDer(pki2.publicKeyToAsn1(key)).getBytes() - }; - return forge.pem.encode(msg, { maxline }); + pki2.getCertificationRequestInfo = function(csr) { + var cri = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // version + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.INTEGER, + false, + asn1.integerToDer(csr.version).getBytes() + ), + // subject + _dnToAsn1(csr.subject), + // SubjectPublicKeyInfo + pki2.publicKeyToAsn1(csr.publicKey), + // attributes + _CRIAttributesToAsn1(csr) + ]); + return cri; }; - pki2.publicKeyToRSAPublicKeyPem = function(key, maxline) { - var msg = { - type: "RSA PUBLIC KEY", - body: asn1.toDer(pki2.publicKeyToRSAPublicKey(key)).getBytes() - }; - return forge.pem.encode(msg, { maxline }); + pki2.distinguishedNameToAsn1 = function(dn) { + return _dnToAsn1(dn); }; - pki2.getPublicKeyFingerprint = function(key, options) { - options = options || {}; - var md = options.md || forge.md.sha1.create(); - var type2 = options.type || "RSAPublicKey"; - var bytes; - switch (type2) { - case "RSAPublicKey": - bytes = asn1.toDer(pki2.publicKeyToRSAPublicKey(key)).getBytes(); - break; - case "SubjectPublicKeyInfo": - bytes = asn1.toDer(pki2.publicKeyToAsn1(key)).getBytes(); - break; - default: - throw new Error('Unknown fingerprint type "' + options.type + '".'); - } - md.start(); - md.update(bytes); - var digest = md.digest(); - if (options.encoding === "hex") { - var hex = digest.toHex(); - if (options.delimiter) { - return hex.match(/.{2}/g).join(options.delimiter); - } - return hex; - } else if (options.encoding === "binary") { - return digest.getBytes(); - } else if (options.encoding) { - throw new Error('Unknown encoding "' + options.encoding + '".'); + pki2.certificateToAsn1 = function(cert) { + var tbsCertificate = cert.tbsCertificate || pki2.getTBSCertificate(cert); + return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // TBSCertificate + tbsCertificate, + // AlgorithmIdentifier (signature algorithm) + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // algorithm + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(cert.signatureOid).getBytes() + ), + // parameters + _signatureParametersToAsn1(cert.signatureOid, cert.signatureParameters) + ]), + // SignatureValue + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.BITSTRING, + false, + String.fromCharCode(0) + cert.signature + ) + ]); + }; + pki2.certificateExtensionsToAsn1 = function(exts) { + var rval = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 3, true, []); + var seq2 = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); + rval.value.push(seq2); + for (var i = 0; i < exts.length; ++i) { + seq2.value.push(pki2.certificateExtensionToAsn1(exts[i])); } - return digest; + return rval; }; - pki2.certificationRequestFromPem = function(pem, computeHash, strict) { - var msg = forge.pem.decode(pem)[0]; - if (msg.type !== "CERTIFICATE REQUEST") { - var error3 = new Error('Could not convert certification request from PEM; PEM header type is not "CERTIFICATE REQUEST".'); - error3.headerType = msg.type; - throw error3; + pki2.certificateExtensionToAsn1 = function(ext) { + var extseq = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); + extseq.value.push(asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(ext.id).getBytes() + )); + if (ext.critical) { + extseq.value.push(asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.BOOLEAN, + false, + String.fromCharCode(255) + )); } - if (msg.procType && msg.procType.type === "ENCRYPTED") { - throw new Error("Could not convert certification request from PEM; PEM is encrypted."); + var value = ext.value; + if (typeof ext.value !== "string") { + value = asn1.toDer(value).getBytes(); } - var obj = asn1.fromDer(msg.body, strict); - return pki2.certificationRequestFromAsn1(obj, computeHash); - }; - pki2.certificationRequestToPem = function(csr, maxline) { - var msg = { - type: "CERTIFICATE REQUEST", - body: asn1.toDer(pki2.certificationRequestToAsn1(csr)).getBytes() - }; - return forge.pem.encode(msg, { maxline }); + extseq.value.push(asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OCTETSTRING, + false, + value + )); + return extseq; }; - pki2.createCertificate = function() { - var cert = {}; - cert.version = 2; - cert.serialNumber = "00"; - cert.signatureOid = null; - cert.signature = null; - cert.siginfo = {}; - cert.siginfo.algorithmOid = null; - cert.validity = {}; - cert.validity.notBefore = /* @__PURE__ */ new Date(); - cert.validity.notAfter = /* @__PURE__ */ new Date(); - cert.issuer = {}; - cert.issuer.getField = function(sn) { - return _getAttribute(cert.issuer, sn); - }; - cert.issuer.addField = function(attr) { - _fillMissingFields([attr]); - cert.issuer.attributes.push(attr); - }; - cert.issuer.attributes = []; - cert.issuer.hash = null; - cert.subject = {}; - cert.subject.getField = function(sn) { - return _getAttribute(cert.subject, sn); + pki2.certificationRequestToAsn1 = function(csr) { + var cri = csr.certificationRequestInfo || pki2.getCertificationRequestInfo(csr); + return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // CertificationRequestInfo + cri, + // AlgorithmIdentifier (signature algorithm) + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // algorithm + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(csr.signatureOid).getBytes() + ), + // parameters + _signatureParametersToAsn1(csr.signatureOid, csr.signatureParameters) + ]), + // signature + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.BITSTRING, + false, + String.fromCharCode(0) + csr.signature + ) + ]); + }; + pki2.createCaStore = function(certs) { + var caStore = { + // stored certificates + certs: {} }; - cert.subject.addField = function(attr) { - _fillMissingFields([attr]); - cert.subject.attributes.push(attr); + caStore.getIssuer = function(cert2) { + var rval = getBySubject(cert2.issuer); + return rval; }; - cert.subject.attributes = []; - cert.subject.hash = null; - cert.extensions = []; - cert.publicKey = null; - cert.md = null; - cert.setSubject = function(attrs, uniqueId) { - _fillMissingFields(attrs); - cert.subject.attributes = attrs; - delete cert.subject.uniqueId; - if (uniqueId) { - cert.subject.uniqueId = uniqueId; + caStore.addCertificate = function(cert2) { + if (typeof cert2 === "string") { + cert2 = forge.pki.certificateFromPem(cert2); } - cert.subject.hash = null; - }; - cert.setIssuer = function(attrs, uniqueId) { - _fillMissingFields(attrs); - cert.issuer.attributes = attrs; - delete cert.issuer.uniqueId; - if (uniqueId) { - cert.issuer.uniqueId = uniqueId; + ensureSubjectHasHash(cert2.subject); + if (!caStore.hasCertificate(cert2)) { + if (cert2.subject.hash in caStore.certs) { + var tmp = caStore.certs[cert2.subject.hash]; + if (!forge.util.isArray(tmp)) { + tmp = [tmp]; + } + tmp.push(cert2); + caStore.certs[cert2.subject.hash] = tmp; + } else { + caStore.certs[cert2.subject.hash] = cert2; + } } - cert.issuer.hash = null; }; - cert.setExtensions = function(exts) { - for (var i = 0; i < exts.length; ++i) { - _fillMissingExtensionFields(exts[i], { cert }); + caStore.hasCertificate = function(cert2) { + if (typeof cert2 === "string") { + cert2 = forge.pki.certificateFromPem(cert2); } - cert.extensions = exts; - }; - cert.getExtension = function(options) { - if (typeof options === "string") { - options = { name: options }; + var match = getBySubject(cert2.subject); + if (!match) { + return false; } - var rval = null; - var ext; - for (var i = 0; rval === null && i < cert.extensions.length; ++i) { - ext = cert.extensions[i]; - if (options.id && ext.id === options.id) { - rval = ext; - } else if (options.name && ext.name === options.name) { - rval = ext; + if (!forge.util.isArray(match)) { + match = [match]; + } + var der1 = asn1.toDer(pki2.certificateToAsn1(cert2)).getBytes(); + for (var i2 = 0; i2 < match.length; ++i2) { + var der2 = asn1.toDer(pki2.certificateToAsn1(match[i2])).getBytes(); + if (der1 === der2) { + return true; } } - return rval; + return false; }; - cert.sign = function(key, md) { - cert.md = md || forge.md.sha1.create(); - var algorithmOid = oids[cert.md.algorithm + "WithRSAEncryption"]; - if (!algorithmOid) { - var error3 = new Error("Could not compute certificate digest. Unknown message digest algorithm OID."); - error3.algorithm = cert.md.algorithm; - throw error3; + caStore.listAllCertificates = function() { + var certList = []; + for (var hash in caStore.certs) { + if (caStore.certs.hasOwnProperty(hash)) { + var value = caStore.certs[hash]; + if (!forge.util.isArray(value)) { + certList.push(value); + } else { + for (var i2 = 0; i2 < value.length; ++i2) { + certList.push(value[i2]); + } + } + } } - cert.signatureOid = cert.siginfo.algorithmOid = algorithmOid; - cert.tbsCertificate = pki2.getTBSCertificate(cert); - var bytes = asn1.toDer(cert.tbsCertificate); - cert.md.update(bytes.getBytes()); - cert.signature = key.sign(cert.md); + return certList; }; - cert.verify = function(child) { - var rval = false; - if (!cert.issued(child)) { - var issuer = child.issuer; - var subject = cert.subject; - var error3 = new Error( - "The parent certificate did not issue the given child certificate; the child certificate's issuer does not match the parent's subject." - ); - error3.expectedIssuer = subject.attributes; - error3.actualIssuer = issuer.attributes; - throw error3; + caStore.removeCertificate = function(cert2) { + var result; + if (typeof cert2 === "string") { + cert2 = forge.pki.certificateFromPem(cert2); } - var md = child.md; - if (md === null) { - md = _createSignatureDigest({ - signatureOid: child.signatureOid, - type: "certificate" - }); - var tbsCertificate = child.tbsCertificate || pki2.getTBSCertificate(child); - var bytes = asn1.toDer(tbsCertificate); - md.update(bytes.getBytes()); + ensureSubjectHasHash(cert2.subject); + if (!caStore.hasCertificate(cert2)) { + return null; } - if (md !== null) { - rval = _verifySignature({ - certificate: cert, - md, - signature: child.signature - }); + var match = getBySubject(cert2.subject); + if (!forge.util.isArray(match)) { + result = caStore.certs[cert2.subject.hash]; + delete caStore.certs[cert2.subject.hash]; + return result; } - return rval; - }; - cert.isIssuer = function(parent) { - var rval = false; - var i = cert.issuer; - var s = parent.subject; - if (i.hash && s.hash) { - rval = i.hash === s.hash; - } else if (i.attributes.length === s.attributes.length) { - rval = true; - var iattr, sattr; - for (var n = 0; rval && n < i.attributes.length; ++n) { - iattr = i.attributes[n]; - sattr = s.attributes[n]; - if (iattr.type !== sattr.type || iattr.value !== sattr.value) { - rval = false; - } + var der1 = asn1.toDer(pki2.certificateToAsn1(cert2)).getBytes(); + for (var i2 = 0; i2 < match.length; ++i2) { + var der2 = asn1.toDer(pki2.certificateToAsn1(match[i2])).getBytes(); + if (der1 === der2) { + result = match[i2]; + match.splice(i2, 1); } } - return rval; - }; - cert.issued = function(child) { - return child.isIssuer(cert); - }; - cert.generateSubjectKeyIdentifier = function() { - return pki2.getPublicKeyFingerprint(cert.publicKey, { type: "RSAPublicKey" }); - }; - cert.verifySubjectKeyIdentifier = function() { - var oid = oids["subjectKeyIdentifier"]; - for (var i = 0; i < cert.extensions.length; ++i) { - var ext = cert.extensions[i]; - if (ext.id === oid) { - var ski = cert.generateSubjectKeyIdentifier().getBytes(); - return forge.util.hexToBytes(ext.subjectKeyIdentifier) === ski; - } + if (match.length === 0) { + delete caStore.certs[cert2.subject.hash]; } - return false; - }; - return cert; - }; - pki2.certificateFromAsn1 = function(obj, computeHash) { - var capture = {}; - var errors = []; - if (!asn1.validate(obj, x509CertificateValidator, capture, errors)) { - var error3 = new Error("Cannot read X.509 certificate. ASN.1 object is not an X509v3 Certificate."); - error3.errors = errors; - throw error3; - } - var oid = asn1.derToOid(capture.publicKeyOid); - if (oid !== pki2.oids.rsaEncryption) { - throw new Error("Cannot read public key. OID is not RSA."); - } - var cert = pki2.createCertificate(); - cert.version = capture.certVersion ? capture.certVersion.charCodeAt(0) : 0; - var serial = forge.util.createBuffer(capture.certSerialNumber); - cert.serialNumber = serial.toHex(); - cert.signatureOid = forge.asn1.derToOid(capture.certSignatureOid); - cert.signatureParameters = _readSignatureParameters( - cert.signatureOid, - capture.certSignatureParams, - true - ); - cert.siginfo.algorithmOid = forge.asn1.derToOid(capture.certinfoSignatureOid); - cert.siginfo.parameters = _readSignatureParameters( - cert.siginfo.algorithmOid, - capture.certinfoSignatureParams, - false - ); - cert.signature = capture.certSignature; - var validity = []; - if (capture.certValidity1UTCTime !== void 0) { - validity.push(asn1.utcTimeToDate(capture.certValidity1UTCTime)); - } - if (capture.certValidity2GeneralizedTime !== void 0) { - validity.push(asn1.generalizedTimeToDate( - capture.certValidity2GeneralizedTime - )); - } - if (capture.certValidity3UTCTime !== void 0) { - validity.push(asn1.utcTimeToDate(capture.certValidity3UTCTime)); - } - if (capture.certValidity4GeneralizedTime !== void 0) { - validity.push(asn1.generalizedTimeToDate( - capture.certValidity4GeneralizedTime - )); - } - if (validity.length > 2) { - throw new Error("Cannot read notBefore/notAfter validity times; more than two times were provided in the certificate."); - } - if (validity.length < 2) { - throw new Error("Cannot read notBefore/notAfter validity times; they were not provided as either UTCTime or GeneralizedTime."); - } - cert.validity.notBefore = validity[0]; - cert.validity.notAfter = validity[1]; - cert.tbsCertificate = capture.tbsCertificate; - if (computeHash) { - cert.md = _createSignatureDigest({ - signatureOid: cert.signatureOid, - type: "certificate" - }); - var bytes = asn1.toDer(cert.tbsCertificate); - cert.md.update(bytes.getBytes()); - } - var imd = forge.md.sha1.create(); - var ibytes = asn1.toDer(capture.certIssuer); - imd.update(ibytes.getBytes()); - cert.issuer.getField = function(sn) { - return _getAttribute(cert.issuer, sn); - }; - cert.issuer.addField = function(attr) { - _fillMissingFields([attr]); - cert.issuer.attributes.push(attr); - }; - cert.issuer.attributes = pki2.RDNAttributesAsArray(capture.certIssuer); - if (capture.certIssuerUniqueId) { - cert.issuer.uniqueId = capture.certIssuerUniqueId; - } - cert.issuer.hash = imd.digest().toHex(); - var smd = forge.md.sha1.create(); - var sbytes = asn1.toDer(capture.certSubject); - smd.update(sbytes.getBytes()); - cert.subject.getField = function(sn) { - return _getAttribute(cert.subject, sn); - }; - cert.subject.addField = function(attr) { - _fillMissingFields([attr]); - cert.subject.attributes.push(attr); + return result; }; - cert.subject.attributes = pki2.RDNAttributesAsArray(capture.certSubject); - if (capture.certSubjectUniqueId) { - cert.subject.uniqueId = capture.certSubjectUniqueId; + function getBySubject(subject) { + ensureSubjectHasHash(subject); + return caStore.certs[subject.hash] || null; } - cert.subject.hash = smd.digest().toHex(); - if (capture.certExtensions) { - cert.extensions = pki2.certificateExtensionsFromAsn1(capture.certExtensions); - } else { - cert.extensions = []; + function ensureSubjectHasHash(subject) { + if (!subject.hash) { + var md = forge.md.sha1.create(); + subject.attributes = pki2.RDNAttributesAsArray(_dnToAsn1(subject), md); + subject.hash = md.digest().toHex(); + } } - cert.publicKey = pki2.publicKeyFromAsn1(capture.subjectPublicKeyInfo); - return cert; - }; - pki2.certificateExtensionsFromAsn1 = function(exts) { - var rval = []; - for (var i = 0; i < exts.value.length; ++i) { - var extseq = exts.value[i]; - for (var ei = 0; ei < extseq.value.length; ++ei) { - rval.push(pki2.certificateExtensionFromAsn1(extseq.value[ei])); + if (certs) { + for (var i = 0; i < certs.length; ++i) { + var cert = certs[i]; + caStore.addCertificate(cert); } } - return rval; + return caStore; }; - pki2.certificateExtensionFromAsn1 = function(ext) { - var e = {}; - e.id = asn1.derToOid(ext.value[0].value); - e.critical = false; - if (ext.value[1].type === asn1.Type.BOOLEAN) { - e.critical = ext.value[1].value.charCodeAt(0) !== 0; - e.value = ext.value[2].value; - } else { - e.value = ext.value[1].value; + pki2.certificateError = { + bad_certificate: "forge.pki.BadCertificate", + unsupported_certificate: "forge.pki.UnsupportedCertificate", + certificate_revoked: "forge.pki.CertificateRevoked", + certificate_expired: "forge.pki.CertificateExpired", + certificate_unknown: "forge.pki.CertificateUnknown", + unknown_ca: "forge.pki.UnknownCertificateAuthority" + }; + pki2.verifyCertificateChain = function(caStore, chain, options) { + if (typeof options === "function") { + options = { verify: options }; } - if (e.id in oids) { - e.name = oids[e.id]; - if (e.name === "keyUsage") { - var ev = asn1.fromDer(e.value); - var b2 = 0; - var b3 = 0; - if (ev.value.length > 1) { - b2 = ev.value.charCodeAt(1); - b3 = ev.value.length > 2 ? ev.value.charCodeAt(2) : 0; - } - e.digitalSignature = (b2 & 128) === 128; - e.nonRepudiation = (b2 & 64) === 64; - e.keyEncipherment = (b2 & 32) === 32; - e.dataEncipherment = (b2 & 16) === 16; - e.keyAgreement = (b2 & 8) === 8; - e.keyCertSign = (b2 & 4) === 4; - e.cRLSign = (b2 & 2) === 2; - e.encipherOnly = (b2 & 1) === 1; - e.decipherOnly = (b3 & 128) === 128; - } else if (e.name === "basicConstraints") { - var ev = asn1.fromDer(e.value); - if (ev.value.length > 0 && ev.value[0].type === asn1.Type.BOOLEAN) { - e.cA = ev.value[0].value.charCodeAt(0) !== 0; - } else { - e.cA = false; - } - var value = null; - if (ev.value.length > 0 && ev.value[0].type === asn1.Type.INTEGER) { - value = ev.value[0].value; - } else if (ev.value.length > 1) { - value = ev.value[1].value; - } - if (value !== null) { - e.pathLenConstraint = asn1.derToInteger(value); + options = options || {}; + chain = chain.slice(0); + var certs = chain.slice(0); + var validityCheckDate = options.validityCheckDate; + if (typeof validityCheckDate === "undefined") { + validityCheckDate = /* @__PURE__ */ new Date(); + } + var first = true; + var error3 = null; + var depth = 0; + do { + var cert = chain.shift(); + var parent = null; + var selfSigned = false; + if (validityCheckDate) { + if (validityCheckDate < cert.validity.notBefore || validityCheckDate > cert.validity.notAfter) { + error3 = { + message: "Certificate is not valid yet or has expired.", + error: pki2.certificateError.certificate_expired, + notBefore: cert.validity.notBefore, + notAfter: cert.validity.notAfter, + // TODO: we might want to reconsider renaming 'now' to + // 'validityCheckDate' should this API be changed in the future. + now: validityCheckDate + }; } - } else if (e.name === "extKeyUsage") { - var ev = asn1.fromDer(e.value); - for (var vi = 0; vi < ev.value.length; ++vi) { - var oid = asn1.derToOid(ev.value[vi].value); - if (oid in oids) { - e[oids[oid]] = true; - } else { - e[oid] = true; + } + if (error3 === null) { + parent = chain[0] || caStore.getIssuer(cert); + if (parent === null) { + if (cert.isIssuer(cert)) { + selfSigned = true; + parent = cert; } } - } else if (e.name === "nsCertType") { - var ev = asn1.fromDer(e.value); - var b2 = 0; - if (ev.value.length > 1) { - b2 = ev.value.charCodeAt(1); + if (parent) { + var parents = parent; + if (!forge.util.isArray(parents)) { + parents = [parents]; + } + var verified = false; + while (!verified && parents.length > 0) { + parent = parents.shift(); + try { + verified = parent.verify(cert); + } catch (ex) { + } + } + if (!verified) { + error3 = { + message: "Certificate signature is invalid.", + error: pki2.certificateError.bad_certificate + }; + } } - e.client = (b2 & 128) === 128; - e.server = (b2 & 64) === 64; - e.email = (b2 & 32) === 32; - e.objsign = (b2 & 16) === 16; - e.reserved = (b2 & 8) === 8; - e.sslCA = (b2 & 4) === 4; - e.emailCA = (b2 & 2) === 2; - e.objCA = (b2 & 1) === 1; - } else if (e.name === "subjectAltName" || e.name === "issuerAltName") { - e.altNames = []; - var gn; - var ev = asn1.fromDer(e.value); - for (var n = 0; n < ev.value.length; ++n) { - gn = ev.value[n]; - var altName = { - type: gn.type, - value: gn.value + if (error3 === null && (!parent || selfSigned) && !caStore.hasCertificate(cert)) { + error3 = { + message: "Certificate is not trusted.", + error: pki2.certificateError.unknown_ca }; - e.altNames.push(altName); - switch (gn.type) { - // rfc822Name - case 1: - // dNSName - case 2: - // uniformResourceIdentifier (URI) - case 6: - break; - // IPAddress - case 7: - altName.ip = forge.util.bytesToIP(gn.value); - break; - // registeredID - case 8: - altName.oid = asn1.derToOid(gn.value); - break; - default: - } } - } else if (e.name === "subjectKeyIdentifier") { - var ev = asn1.fromDer(e.value); - e.subjectKeyIdentifier = forge.util.bytesToHex(ev.value); } - } - return e; - }; - pki2.certificationRequestFromAsn1 = function(obj, computeHash) { - var capture = {}; - var errors = []; - if (!asn1.validate(obj, certificationRequestValidator, capture, errors)) { - var error3 = new Error("Cannot read PKCS#10 certificate request. ASN.1 object is not a PKCS#10 CertificationRequest."); - error3.errors = errors; - throw error3; - } - var oid = asn1.derToOid(capture.publicKeyOid); - if (oid !== pki2.oids.rsaEncryption) { - throw new Error("Cannot read public key. OID is not RSA."); - } - var csr = pki2.createCertificationRequest(); - csr.version = capture.csrVersion ? capture.csrVersion.charCodeAt(0) : 0; - csr.signatureOid = forge.asn1.derToOid(capture.csrSignatureOid); - csr.signatureParameters = _readSignatureParameters( - csr.signatureOid, - capture.csrSignatureParams, - true - ); - csr.siginfo.algorithmOid = forge.asn1.derToOid(capture.csrSignatureOid); - csr.siginfo.parameters = _readSignatureParameters( - csr.siginfo.algorithmOid, - capture.csrSignatureParams, - false - ); - csr.signature = capture.csrSignature; - csr.certificationRequestInfo = capture.certificationRequestInfo; - if (computeHash) { - csr.md = _createSignatureDigest({ - signatureOid: csr.signatureOid, - type: "certification request" - }); - var bytes = asn1.toDer(csr.certificationRequestInfo); - csr.md.update(bytes.getBytes()); - } - var smd = forge.md.sha1.create(); - csr.subject.getField = function(sn) { - return _getAttribute(csr.subject, sn); - }; - csr.subject.addField = function(attr) { - _fillMissingFields([attr]); - csr.subject.attributes.push(attr); - }; - csr.subject.attributes = pki2.RDNAttributesAsArray( - capture.certificationRequestInfoSubject, - smd - ); - csr.subject.hash = smd.digest().toHex(); - csr.publicKey = pki2.publicKeyFromAsn1(capture.subjectPublicKeyInfo); - csr.getAttribute = function(sn) { - return _getAttribute(csr, sn); - }; - csr.addAttribute = function(attr) { - _fillMissingFields([attr]); - csr.attributes.push(attr); - }; - csr.attributes = pki2.CRIAttributesAsArray( - capture.certificationRequestInfoAttributes || [] - ); - return csr; - }; - pki2.createCertificationRequest = function() { - var csr = {}; - csr.version = 0; - csr.signatureOid = null; - csr.signature = null; - csr.siginfo = {}; - csr.siginfo.algorithmOid = null; - csr.subject = {}; - csr.subject.getField = function(sn) { - return _getAttribute(csr.subject, sn); - }; - csr.subject.addField = function(attr) { - _fillMissingFields([attr]); - csr.subject.attributes.push(attr); - }; - csr.subject.attributes = []; - csr.subject.hash = null; - csr.publicKey = null; - csr.attributes = []; - csr.getAttribute = function(sn) { - return _getAttribute(csr, sn); - }; - csr.addAttribute = function(attr) { - _fillMissingFields([attr]); - csr.attributes.push(attr); - }; - csr.md = null; - csr.setSubject = function(attrs) { - _fillMissingFields(attrs); - csr.subject.attributes = attrs; - csr.subject.hash = null; - }; - csr.setAttributes = function(attrs) { - _fillMissingFields(attrs); - csr.attributes = attrs; - }; - csr.sign = function(key, md) { - csr.md = md || forge.md.sha1.create(); - var algorithmOid = oids[csr.md.algorithm + "WithRSAEncryption"]; - if (!algorithmOid) { - var error3 = new Error("Could not compute certification request digest. Unknown message digest algorithm OID."); - error3.algorithm = csr.md.algorithm; - throw error3; - } - csr.signatureOid = csr.siginfo.algorithmOid = algorithmOid; - csr.certificationRequestInfo = pki2.getCertificationRequestInfo(csr); - var bytes = asn1.toDer(csr.certificationRequestInfo); - csr.md.update(bytes.getBytes()); - csr.signature = key.sign(csr.md); - }; - csr.verify = function() { - var rval = false; - var md = csr.md; - if (md === null) { - md = _createSignatureDigest({ - signatureOid: csr.signatureOid, - type: "certification request" - }); - var cri = csr.certificationRequestInfo || pki2.getCertificationRequestInfo(csr); - var bytes = asn1.toDer(cri); - md.update(bytes.getBytes()); - } - if (md !== null) { - rval = _verifySignature({ - certificate: csr, - md, - signature: csr.signature - }); + if (error3 === null && parent && !cert.isIssuer(parent)) { + error3 = { + message: "Certificate issuer is invalid.", + error: pki2.certificateError.bad_certificate + }; } - return rval; - }; - return csr; - }; - function _dnToAsn1(obj) { - var rval = asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.SEQUENCE, - true, - [] - ); - var attr, set2; - var attrs = obj.attributes; - for (var i = 0; i < attrs.length; ++i) { - attr = attrs[i]; - var value = attr.value; - var valueTagClass = asn1.Type.PRINTABLESTRING; - if ("valueTagClass" in attr) { - valueTagClass = attr.valueTagClass; - if (valueTagClass === asn1.Type.UTF8) { - value = forge.util.encodeUtf8(value); + if (error3 === null) { + var se = { + keyUsage: true, + basicConstraints: true + }; + for (var i = 0; error3 === null && i < cert.extensions.length; ++i) { + var ext = cert.extensions[i]; + if (ext.critical && !(ext.name in se)) { + error3 = { + message: "Certificate has an unsupported critical extension.", + error: pki2.certificateError.unsupported_certificate + }; + } } } - set2 = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [ - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // AttributeType - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(attr.type).getBytes() - ), - // AttributeValue - asn1.create(asn1.Class.UNIVERSAL, valueTagClass, false, value) - ]) - ]); - rval.value.push(set2); - } - return rval; - } - function _fillMissingFields(attrs) { - var attr; - for (var i = 0; i < attrs.length; ++i) { - attr = attrs[i]; - if (typeof attr.name === "undefined") { - if (attr.type && attr.type in pki2.oids) { - attr.name = pki2.oids[attr.type]; - } else if (attr.shortName && attr.shortName in _shortNames) { - attr.name = pki2.oids[_shortNames[attr.shortName]]; + if (error3 === null && (!first || chain.length === 0 && (!parent || selfSigned))) { + var bcExt = cert.getExtension("basicConstraints"); + var keyUsageExt = cert.getExtension("keyUsage"); + if (keyUsageExt !== null) { + if (!keyUsageExt.keyCertSign || bcExt === null) { + error3 = { + message: "Certificate keyUsage or basicConstraints conflict or indicate that the certificate is not a CA. If the certificate is the only one in the chain or isn't the first then the certificate must be a valid CA.", + error: pki2.certificateError.bad_certificate + }; + } } - } - if (typeof attr.type === "undefined") { - if (attr.name && attr.name in pki2.oids) { - attr.type = pki2.oids[attr.name]; - } else { - var error3 = new Error("Attribute type not specified."); - error3.attribute = attr; - throw error3; + if (error3 === null && bcExt !== null && !bcExt.cA) { + error3 = { + message: "Certificate basicConstraints indicates the certificate is not a CA.", + error: pki2.certificateError.bad_certificate + }; } - } - if (typeof attr.shortName === "undefined") { - if (attr.name && attr.name in _shortNames) { - attr.shortName = _shortNames[attr.name]; + if (error3 === null && keyUsageExt !== null && "pathLenConstraint" in bcExt) { + var pathLen = depth - 1; + if (pathLen > bcExt.pathLenConstraint) { + error3 = { + message: "Certificate basicConstraints pathLenConstraint violated.", + error: pki2.certificateError.bad_certificate + }; + } } } - if (attr.type === oids.extensionRequest) { - attr.valueConstructed = true; - attr.valueTagClass = asn1.Type.SEQUENCE; - if (!attr.value && attr.extensions) { - attr.value = []; - for (var ei = 0; ei < attr.extensions.length; ++ei) { - attr.value.push(pki2.certificateExtensionToAsn1( - _fillMissingExtensionFields(attr.extensions[ei]) - )); + var vfd = error3 === null ? true : error3.error; + var ret = options.verify ? options.verify(vfd, depth, certs) : vfd; + if (ret === true) { + error3 = null; + } else { + if (vfd === true) { + error3 = { + message: "The application rejected the certificate.", + error: pki2.certificateError.bad_certificate + }; + } + if (ret || ret === 0) { + if (typeof ret === "object" && !forge.util.isArray(ret)) { + if (ret.message) { + error3.message = ret.message; + } + if (ret.error) { + error3.error = ret.error; + } + } else if (typeof ret === "string") { + error3.error = ret; } } - } - if (typeof attr.value === "undefined") { - var error3 = new Error("Attribute value not specified."); - error3.attribute = attr; throw error3; } - } - } - function _fillMissingExtensionFields(e, options) { - options = options || {}; - if (typeof e.name === "undefined") { - if (e.id && e.id in pki2.oids) { - e.name = pki2.oids[e.id]; + first = false; + ++depth; + } while (chain.length > 0); + return true; + }; + } +}); + +// node_modules/node-forge/lib/pkcs12.js +var require_pkcs12 = __commonJS({ + "node_modules/node-forge/lib/pkcs12.js"(exports2, module2) { + var forge = require_forge(); + require_asn1(); + require_hmac(); + require_oids(); + require_pkcs7asn1(); + require_pbe(); + require_random(); + require_rsa(); + require_sha1(); + require_util9(); + require_x509(); + var asn1 = forge.asn1; + var pki2 = forge.pki; + var p12 = module2.exports = forge.pkcs12 = forge.pkcs12 || {}; + var contentInfoValidator = { + name: "ContentInfo", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + // a ContentInfo + constructed: true, + value: [{ + name: "ContentInfo.contentType", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "contentType" + }, { + name: "ContentInfo.content", + tagClass: asn1.Class.CONTEXT_SPECIFIC, + constructed: true, + captureAsn1: "content" + }] + }; + var pfxValidator = { + name: "PFX", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [ + { + name: "PFX.version", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "version" + }, + contentInfoValidator, + { + name: "PFX.macData", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + optional: true, + captureAsn1: "mac", + value: [{ + name: "PFX.macData.mac", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + // DigestInfo + constructed: true, + value: [{ + name: "PFX.macData.mac.digestAlgorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + // DigestAlgorithmIdentifier + constructed: true, + value: [{ + name: "PFX.macData.mac.digestAlgorithm.algorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "macAlgorithm" + }, { + name: "PFX.macData.mac.digestAlgorithm.parameters", + optional: true, + tagClass: asn1.Class.UNIVERSAL, + captureAsn1: "macAlgorithmParameters" + }] + }, { + name: "PFX.macData.mac.digest", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OCTETSTRING, + constructed: false, + capture: "macDigest" + }] + }, { + name: "PFX.macData.macSalt", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OCTETSTRING, + constructed: false, + capture: "macSalt" + }, { + name: "PFX.macData.iterations", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + optional: true, + capture: "macIterations" + }] } - } - if (typeof e.id === "undefined") { - if (e.name && e.name in pki2.oids) { - e.id = pki2.oids[e.name]; - } else { - var error3 = new Error("Extension ID not specified."); - error3.extension = e; - throw error3; + ] + }; + var safeBagValidator = { + name: "SafeBag", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "SafeBag.bagId", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "bagId" + }, { + name: "SafeBag.bagValue", + tagClass: asn1.Class.CONTEXT_SPECIFIC, + constructed: true, + captureAsn1: "bagValue" + }, { + name: "SafeBag.bagAttributes", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SET, + constructed: true, + optional: true, + capture: "bagAttributes" + }] + }; + var attributeValidator = { + name: "Attribute", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "Attribute.attrId", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "oid" + }, { + name: "Attribute.attrValues", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SET, + constructed: true, + capture: "values" + }] + }; + var certBagValidator = { + name: "CertBag", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "CertBag.certId", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "certId" + }, { + name: "CertBag.certValue", + tagClass: asn1.Class.CONTEXT_SPECIFIC, + constructed: true, + /* So far we only support X.509 certificates (which are wrapped in + an OCTET STRING, hence hard code that here). */ + value: [{ + name: "CertBag.certValue[0]", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Class.OCTETSTRING, + constructed: false, + capture: "cert" + }] + }] + }; + function _getBagsByAttribute(safeContents, attrName, attrValue, bagType) { + var result = []; + for (var i = 0; i < safeContents.length; i++) { + for (var j = 0; j < safeContents[i].safeBags.length; j++) { + var bag = safeContents[i].safeBags[j]; + if (bagType !== void 0 && bag.type !== bagType) { + continue; + } + if (attrName === null) { + result.push(bag); + continue; + } + if (bag.attributes[attrName] !== void 0 && bag.attributes[attrName].indexOf(attrValue) >= 0) { + result.push(bag); + } } } - if (typeof e.value !== "undefined") { - return e; + return result; + } + p12.pkcs12FromAsn1 = function(obj, strict, password) { + if (typeof strict === "string") { + password = strict; + strict = true; + } else if (strict === void 0) { + strict = true; } - if (e.name === "keyUsage") { - var unused = 0; - var b2 = 0; - var b3 = 0; - if (e.digitalSignature) { - b2 |= 128; - unused = 7; - } - if (e.nonRepudiation) { - b2 |= 64; - unused = 6; - } - if (e.keyEncipherment) { - b2 |= 32; - unused = 5; - } - if (e.dataEncipherment) { - b2 |= 16; - unused = 4; - } - if (e.keyAgreement) { - b2 |= 8; - unused = 3; - } - if (e.keyCertSign) { - b2 |= 4; - unused = 2; + var capture = {}; + var errors = []; + if (!asn1.validate(obj, pfxValidator, capture, errors)) { + var error3 = new Error("Cannot read PKCS#12 PFX. ASN.1 object is not an PKCS#12 PFX."); + error3.errors = error3; + throw error3; + } + var pfx = { + version: capture.version.charCodeAt(0), + safeContents: [], + /** + * Gets bags with matching attributes. + * + * @param filter the attributes to filter by: + * [localKeyId] the localKeyId to search for. + * [localKeyIdHex] the localKeyId in hex to search for. + * [friendlyName] the friendly name to search for. + * [bagType] bag type to narrow each attribute search by. + * + * @return a map of attribute type to an array of matching bags or, if no + * attribute was given but a bag type, the map key will be the + * bag type. + */ + getBags: function(filter) { + var rval = {}; + var localKeyId; + if ("localKeyId" in filter) { + localKeyId = filter.localKeyId; + } else if ("localKeyIdHex" in filter) { + localKeyId = forge.util.hexToBytes(filter.localKeyIdHex); + } + if (localKeyId === void 0 && !("friendlyName" in filter) && "bagType" in filter) { + rval[filter.bagType] = _getBagsByAttribute( + pfx.safeContents, + null, + null, + filter.bagType + ); + } + if (localKeyId !== void 0) { + rval.localKeyId = _getBagsByAttribute( + pfx.safeContents, + "localKeyId", + localKeyId, + filter.bagType + ); + } + if ("friendlyName" in filter) { + rval.friendlyName = _getBagsByAttribute( + pfx.safeContents, + "friendlyName", + filter.friendlyName, + filter.bagType + ); + } + return rval; + }, + /** + * DEPRECATED: use getBags() instead. + * + * Get bags with matching friendlyName attribute. + * + * @param friendlyName the friendly name to search for. + * @param [bagType] bag type to narrow search by. + * + * @return an array of bags with matching friendlyName attribute. + */ + getBagsByFriendlyName: function(friendlyName, bagType) { + return _getBagsByAttribute( + pfx.safeContents, + "friendlyName", + friendlyName, + bagType + ); + }, + /** + * DEPRECATED: use getBags() instead. + * + * Get bags with matching localKeyId attribute. + * + * @param localKeyId the localKeyId to search for. + * @param [bagType] bag type to narrow search by. + * + * @return an array of bags with matching localKeyId attribute. + */ + getBagsByLocalKeyId: function(localKeyId, bagType) { + return _getBagsByAttribute( + pfx.safeContents, + "localKeyId", + localKeyId, + bagType + ); } - if (e.cRLSign) { - b2 |= 2; - unused = 1; + }; + if (capture.version.charCodeAt(0) !== 3) { + var error3 = new Error("PKCS#12 PFX of version other than 3 not supported."); + error3.version = capture.version.charCodeAt(0); + throw error3; + } + if (asn1.derToOid(capture.contentType) !== pki2.oids.data) { + var error3 = new Error("Only PKCS#12 PFX in password integrity mode supported."); + error3.oid = asn1.derToOid(capture.contentType); + throw error3; + } + var data = capture.content.value[0]; + if (data.tagClass !== asn1.Class.UNIVERSAL || data.type !== asn1.Type.OCTETSTRING) { + throw new Error("PKCS#12 authSafe content data is not an OCTET STRING."); + } + data = _decodePkcs7Data(data); + if (capture.mac) { + var md = null; + var macKeyBytes = 0; + var macAlgorithm = asn1.derToOid(capture.macAlgorithm); + switch (macAlgorithm) { + case pki2.oids.sha1: + md = forge.md.sha1.create(); + macKeyBytes = 20; + break; + case pki2.oids.sha256: + md = forge.md.sha256.create(); + macKeyBytes = 32; + break; + case pki2.oids.sha384: + md = forge.md.sha384.create(); + macKeyBytes = 48; + break; + case pki2.oids.sha512: + md = forge.md.sha512.create(); + macKeyBytes = 64; + break; + case pki2.oids.md5: + md = forge.md.md5.create(); + macKeyBytes = 16; + break; } - if (e.encipherOnly) { - b2 |= 1; - unused = 0; + if (md === null) { + throw new Error("PKCS#12 uses unsupported MAC algorithm: " + macAlgorithm); } - if (e.decipherOnly) { - b3 |= 128; - unused = 7; + var macSalt = new forge.util.ByteBuffer(capture.macSalt); + var macIterations = "macIterations" in capture ? parseInt(forge.util.bytesToHex(capture.macIterations), 16) : 1; + var macKey = p12.generateKey( + password, + macSalt, + 3, + macIterations, + macKeyBytes, + md + ); + var mac = forge.hmac.create(); + mac.start(md, macKey); + mac.update(data.value); + var macValue = mac.getMac(); + if (macValue.getBytes() !== capture.macDigest) { + throw new Error("PKCS#12 MAC could not be verified. Invalid password?"); } - var value = String.fromCharCode(unused); - if (b3 !== 0) { - value += String.fromCharCode(b2) + String.fromCharCode(b3); - } else if (b2 !== 0) { - value += String.fromCharCode(b2); + } else if (Array.isArray(obj.value) && obj.value.length > 2) { + throw new Error("Invalid PKCS#12. macData field present but MAC was not validated."); + } + _decodeAuthenticatedSafe(pfx, data.value, strict, password); + return pfx; + }; + function _decodePkcs7Data(data) { + if (data.composed || data.constructed) { + var value = forge.util.createBuffer(); + for (var i = 0; i < data.value.length; ++i) { + value.putBytes(data.value[i].value); } - e.value = asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.BITSTRING, - false, - value + data.composed = data.constructed = false; + data.value = value.getBytes(); + } + return data; + } + function _decodeAuthenticatedSafe(pfx, authSafe, strict, password) { + authSafe = asn1.fromDer(authSafe, strict); + if (authSafe.tagClass !== asn1.Class.UNIVERSAL || authSafe.type !== asn1.Type.SEQUENCE || authSafe.constructed !== true) { + throw new Error("PKCS#12 AuthenticatedSafe expected to be a SEQUENCE OF ContentInfo"); + } + for (var i = 0; i < authSafe.value.length; i++) { + var contentInfo = authSafe.value[i]; + var capture = {}; + var errors = []; + if (!asn1.validate(contentInfo, contentInfoValidator, capture, errors)) { + var error3 = new Error("Cannot read ContentInfo."); + error3.errors = errors; + throw error3; + } + var obj = { + encrypted: false + }; + var safeContents = null; + var data = capture.content.value[0]; + switch (asn1.derToOid(capture.contentType)) { + case pki2.oids.data: + if (data.tagClass !== asn1.Class.UNIVERSAL || data.type !== asn1.Type.OCTETSTRING) { + throw new Error("PKCS#12 SafeContents Data is not an OCTET STRING."); + } + safeContents = _decodePkcs7Data(data).value; + break; + case pki2.oids.encryptedData: + safeContents = _decryptSafeContents(data, password); + obj.encrypted = true; + break; + default: + var error3 = new Error("Unsupported PKCS#12 contentType."); + error3.contentType = asn1.derToOid(capture.contentType); + throw error3; + } + obj.safeBags = _decodeSafeContents(safeContents, strict, password); + pfx.safeContents.push(obj); + } + } + function _decryptSafeContents(data, password) { + var capture = {}; + var errors = []; + if (!asn1.validate( + data, + forge.pkcs7.asn1.encryptedDataValidator, + capture, + errors + )) { + var error3 = new Error("Cannot read EncryptedContentInfo."); + error3.errors = errors; + throw error3; + } + var oid = asn1.derToOid(capture.contentType); + if (oid !== pki2.oids.data) { + var error3 = new Error( + "PKCS#12 EncryptedContentInfo ContentType is not Data." ); - } else if (e.name === "basicConstraints") { - e.value = asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.SEQUENCE, - true, - [] + error3.oid = oid; + throw error3; + } + oid = asn1.derToOid(capture.encAlgorithm); + var cipher = pki2.pbe.getCipher(oid, capture.encParameter, password); + var encryptedContentAsn1 = _decodePkcs7Data(capture.encryptedContentAsn1); + var encrypted = forge.util.createBuffer(encryptedContentAsn1.value); + cipher.update(encrypted); + if (!cipher.finish()) { + throw new Error("Failed to decrypt PKCS#12 SafeContents."); + } + return cipher.output.getBytes(); + } + function _decodeSafeContents(safeContents, strict, password) { + if (!strict && safeContents.length === 0) { + return []; + } + safeContents = asn1.fromDer(safeContents, strict); + if (safeContents.tagClass !== asn1.Class.UNIVERSAL || safeContents.type !== asn1.Type.SEQUENCE || safeContents.constructed !== true) { + throw new Error( + "PKCS#12 SafeContents expected to be a SEQUENCE OF SafeBag." ); - if (e.cA) { - e.value.value.push(asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.BOOLEAN, - false, - String.fromCharCode(255) - )); + } + var res = []; + for (var i = 0; i < safeContents.value.length; i++) { + var safeBag = safeContents.value[i]; + var capture = {}; + var errors = []; + if (!asn1.validate(safeBag, safeBagValidator, capture, errors)) { + var error3 = new Error("Cannot read SafeBag."); + error3.errors = errors; + throw error3; } - if ("pathLenConstraint" in e) { - e.value.value.push(asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.INTEGER, - false, - asn1.integerToDer(e.pathLenConstraint).getBytes() - )); + var bag = { + type: asn1.derToOid(capture.bagId), + attributes: _decodeBagAttributes(capture.bagAttributes) + }; + res.push(bag); + var validator, decoder; + var bagAsn1 = capture.bagValue.value[0]; + switch (bag.type) { + case pki2.oids.pkcs8ShroudedKeyBag: + bagAsn1 = pki2.decryptPrivateKeyInfo(bagAsn1, password); + if (bagAsn1 === null) { + throw new Error( + "Unable to decrypt PKCS#8 ShroudedKeyBag, wrong password?" + ); + } + /* fall through */ + case pki2.oids.keyBag: + try { + bag.key = pki2.privateKeyFromAsn1(bagAsn1); + } catch (e) { + bag.key = null; + bag.asn1 = bagAsn1; + } + continue; + /* Nothing more to do. */ + case pki2.oids.certBag: + validator = certBagValidator; + decoder = function() { + if (asn1.derToOid(capture.certId) !== pki2.oids.x509Certificate) { + var error4 = new Error( + "Unsupported certificate type, only X.509 supported." + ); + error4.oid = asn1.derToOid(capture.certId); + throw error4; + } + var certAsn1 = asn1.fromDer(capture.cert, strict); + try { + bag.cert = pki2.certificateFromAsn1(certAsn1, true); + } catch (e) { + bag.cert = null; + bag.asn1 = certAsn1; + } + }; + break; + default: + var error3 = new Error("Unsupported PKCS#12 SafeBag type."); + error3.oid = bag.type; + throw error3; } - } else if (e.name === "extKeyUsage") { - e.value = asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.SEQUENCE, - true, - [] - ); - var seq2 = e.value.value; - for (var key in e) { - if (e[key] !== true) { + if (validator !== void 0 && !asn1.validate(bagAsn1, validator, capture, errors)) { + var error3 = new Error("Cannot read PKCS#12 " + validator.name); + error3.errors = errors; + throw error3; + } + decoder(); + } + return res; + } + function _decodeBagAttributes(attributes) { + var decodedAttrs = {}; + if (attributes !== void 0) { + for (var i = 0; i < attributes.length; ++i) { + var capture = {}; + var errors = []; + if (!asn1.validate(attributes[i], attributeValidator, capture, errors)) { + var error3 = new Error("Cannot read PKCS#12 BagAttribute."); + error3.errors = errors; + throw error3; + } + var oid = asn1.derToOid(capture.oid); + if (pki2.oids[oid] === void 0) { continue; } - if (key in oids) { - seq2.push(asn1.create( + decodedAttrs[pki2.oids[oid]] = []; + for (var j = 0; j < capture.values.length; ++j) { + decodedAttrs[pki2.oids[oid]].push(capture.values[j].value); + } + } + } + return decodedAttrs; + } + p12.toPkcs12Asn1 = function(key, cert, password, options) { + options = options || {}; + options.saltSize = options.saltSize || 8; + options.count = options.count || 2048; + options.algorithm = options.algorithm || options.encAlgorithm || "aes128"; + if (!("useMac" in options)) { + options.useMac = true; + } + if (!("localKeyId" in options)) { + options.localKeyId = null; + } + if (!("generateLocalKeyId" in options)) { + options.generateLocalKeyId = true; + } + var localKeyId = options.localKeyId; + var bagAttrs; + if (localKeyId !== null) { + localKeyId = forge.util.hexToBytes(localKeyId); + } else if (options.generateLocalKeyId) { + if (cert) { + var pairedCert = forge.util.isArray(cert) ? cert[0] : cert; + if (typeof pairedCert === "string") { + pairedCert = pki2.certificateFromPem(pairedCert); + } + var sha1 = forge.md.sha1.create(); + sha1.update(asn1.toDer(pki2.certificateToAsn1(pairedCert)).getBytes()); + localKeyId = sha1.digest().getBytes(); + } else { + localKeyId = forge.random.getBytes(20); + } + } + var attrs = []; + if (localKeyId !== null) { + attrs.push( + // localKeyID + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // attrId + asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OID, false, - asn1.oidToDer(oids[key]).getBytes() - )); - } else if (key.indexOf(".") !== -1) { - seq2.push(asn1.create( + asn1.oidToDer(pki2.oids.localKeyId).getBytes() + ), + // attrValues + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [ + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OCTETSTRING, + false, + localKeyId + ) + ]) + ]) + ); + } + if ("friendlyName" in options) { + attrs.push( + // friendlyName + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // attrId + asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OID, false, - asn1.oidToDer(key).getBytes() - )); - } - } - } else if (e.name === "nsCertType") { - var unused = 0; - var b2 = 0; - if (e.client) { - b2 |= 128; - unused = 7; - } - if (e.server) { - b2 |= 64; - unused = 6; - } - if (e.email) { - b2 |= 32; - unused = 5; - } - if (e.objsign) { - b2 |= 16; - unused = 4; - } - if (e.reserved) { - b2 |= 8; - unused = 3; - } - if (e.sslCA) { - b2 |= 4; - unused = 2; - } - if (e.emailCA) { - b2 |= 2; - unused = 1; + asn1.oidToDer(pki2.oids.friendlyName).getBytes() + ), + // attrValues + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [ + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.BMPSTRING, + false, + options.friendlyName + ) + ]) + ]) + ); + } + if (attrs.length > 0) { + bagAttrs = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, attrs); + } + var contents = []; + var chain = []; + if (cert !== null) { + if (forge.util.isArray(cert)) { + chain = cert; + } else { + chain = [cert]; } - if (e.objCA) { - b2 |= 1; - unused = 0; + } + var certSafeBags = []; + for (var i = 0; i < chain.length; ++i) { + cert = chain[i]; + if (typeof cert === "string") { + cert = pki2.certificateFromPem(cert); } - var value = String.fromCharCode(unused); - if (b2 !== 0) { - value += String.fromCharCode(b2); - } - e.value = asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.BITSTRING, - false, - value - ); - } else if (e.name === "subjectAltName" || e.name === "issuerAltName") { - e.value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); - var altName; - for (var n = 0; n < e.altNames.length; ++n) { - altName = e.altNames[n]; - var value = altName.value; - if (altName.type === 7 && altName.ip) { - value = forge.util.bytesFromIP(altName.ip); - if (value === null) { - var error3 = new Error( - 'Extension "ip" value is not a valid IPv4 or IPv6 address.' - ); - error3.extension = e; - throw error3; - } - } else if (altName.type === 8) { - if (altName.oid) { - value = asn1.oidToDer(asn1.oidToDer(altName.oid)); - } else { - value = asn1.oidToDer(value); - } - } - e.value.value.push(asn1.create( - asn1.Class.CONTEXT_SPECIFIC, - altName.type, + var certBagAttrs = i === 0 ? bagAttrs : void 0; + var certAsn1 = pki2.certificateToAsn1(cert); + var certSafeBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // bagId + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, false, - value - )); - } - } else if (e.name === "nsComment" && options.cert) { - if (!/^[\x00-\x7F]*$/.test(e.comment) || e.comment.length < 1 || e.comment.length > 128) { - throw new Error('Invalid "nsComment" content.'); - } - e.value = asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.IA5STRING, - false, - e.comment - ); - } else if (e.name === "subjectKeyIdentifier" && options.cert) { - var ski = options.cert.generateSubjectKeyIdentifier(); - e.subjectKeyIdentifier = ski.toHex(); - e.value = asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OCTETSTRING, - false, - ski.getBytes() - ); - } else if (e.name === "authorityKeyIdentifier" && options.cert) { - e.value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); - var seq2 = e.value.value; - if (e.keyIdentifier) { - var keyIdentifier = e.keyIdentifier === true ? options.cert.generateSubjectKeyIdentifier().getBytes() : e.keyIdentifier; - seq2.push( - asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, false, keyIdentifier) - ); - } - if (e.authorityCertIssuer) { - var authorityCertIssuer = [ - asn1.create(asn1.Class.CONTEXT_SPECIFIC, 4, true, [ - _dnToAsn1(e.authorityCertIssuer === true ? options.cert.issuer : e.authorityCertIssuer) + asn1.oidToDer(pki2.oids.certBag).getBytes() + ), + // bagValue + asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ + // CertBag + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // certId + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(pki2.oids.x509Certificate).getBytes() + ), + // certValue (x509Certificate) + asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OCTETSTRING, + false, + asn1.toDer(certAsn1).getBytes() + ) + ]) ]) - ]; - seq2.push( - asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, authorityCertIssuer) - ); - } - if (e.serialNumber) { - var serialNumber = forge.util.hexToBytes(e.serialNumber === true ? options.cert.serialNumber : e.serialNumber); - seq2.push( - asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, false, serialNumber) - ); - } - } else if (e.name === "cRLDistributionPoints") { - e.value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); - var seq2 = e.value.value; - var subSeq = asn1.create( + ]), + // bagAttributes (OPTIONAL) + certBagAttrs + ]); + certSafeBags.push(certSafeBag); + } + if (certSafeBags.length > 0) { + var certSafeContents = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, - [] - ); - var fullNameGeneralNames = asn1.create( - asn1.Class.CONTEXT_SPECIFIC, - 0, - true, - [] + certSafeBags ); - var altName; - for (var n = 0; n < e.altNames.length; ++n) { - altName = e.altNames[n]; - var value = altName.value; - if (altName.type === 7 && altName.ip) { - value = forge.util.bytesFromIP(altName.ip); - if (value === null) { - var error3 = new Error( - 'Extension "ip" value is not a valid IPv4 or IPv6 address.' - ); - error3.extension = e; - throw error3; - } - } else if (altName.type === 8) { - if (altName.oid) { - value = asn1.oidToDer(asn1.oidToDer(altName.oid)); - } else { - value = asn1.oidToDer(value); - } - } - fullNameGeneralNames.value.push(asn1.create( - asn1.Class.CONTEXT_SPECIFIC, - altName.type, - false, - value - )); - } - subSeq.value.push(asn1.create( - asn1.Class.CONTEXT_SPECIFIC, - 0, - true, - [fullNameGeneralNames] - )); - seq2.push(subSeq); - } - if (typeof e.value === "undefined") { - var error3 = new Error("Extension value not specified."); - error3.extension = e; - throw error3; - } - return e; - } - function _signatureParametersToAsn1(oid, params) { - switch (oid) { - case oids["RSASSA-PSS"]: - var parts = []; - if (params.hash.algorithmOid !== void 0) { - parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(params.hash.algorithmOid).getBytes() - ), - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, "") - ]) - ])); - } - if (params.mgf.algorithmOid !== void 0) { - parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, [ - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(params.mgf.algorithmOid).getBytes() - ), - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(params.mgf.hash.algorithmOid).getBytes() - ), - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, "") - ]) - ]) - ])); - } - if (params.saltLength !== void 0) { - parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, true, [ + var certCI = ( + // PKCS#7 ContentInfo + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // contentType + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + // OID for the content type is 'data' + asn1.oidToDer(pki2.oids.data).getBytes() + ), + // content + asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ asn1.create( asn1.Class.UNIVERSAL, - asn1.Type.INTEGER, + asn1.Type.OCTETSTRING, false, - asn1.integerToDer(params.saltLength).getBytes() + asn1.toDer(certSafeContents).getBytes() ) - ])); - } - return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, parts); - default: - return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, ""); - } - } - function _CRIAttributesToAsn1(csr) { - var rval = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, []); - if (csr.attributes.length === 0) { - return rval; + ]) + ]) + ); + contents.push(certCI); } - var attrs = csr.attributes; - for (var i = 0; i < attrs.length; ++i) { - var attr = attrs[i]; - var value = attr.value; - var valueTagClass = asn1.Type.UTF8; - if ("valueTagClass" in attr) { - valueTagClass = attr.valueTagClass; - } - if (valueTagClass === asn1.Type.UTF8) { - value = forge.util.encodeUtf8(value); - } - var valueConstructed = false; - if ("valueConstructed" in attr) { - valueConstructed = attr.valueConstructed; + var keyBag = null; + if (key !== null) { + var pkAsn1 = pki2.wrapRsaPrivateKey(pki2.privateKeyToAsn1(key)); + if (password === null) { + keyBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // bagId + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(pki2.oids.keyBag).getBytes() + ), + // bagValue + asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ + // PrivateKeyInfo + pkAsn1 + ]), + // bagAttributes (OPTIONAL) + bagAttrs + ]); + } else { + keyBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // bagId + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(pki2.oids.pkcs8ShroudedKeyBag).getBytes() + ), + // bagValue + asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ + // EncryptedPrivateKeyInfo + pki2.encryptPrivateKeyInfo(pkAsn1, password, options) + ]), + // bagAttributes (OPTIONAL) + bagAttrs + ]); } - var seq2 = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // AttributeType - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(attr.type).getBytes() - ), - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [ - // AttributeValue + var keySafeContents = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [keyBag]); + var keyCI = ( + // PKCS#7 ContentInfo + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // contentType asn1.create( asn1.Class.UNIVERSAL, - valueTagClass, - valueConstructed, - value - ) + asn1.Type.OID, + false, + // OID for the content type is 'data' + asn1.oidToDer(pki2.oids.data).getBytes() + ), + // content + asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OCTETSTRING, + false, + asn1.toDer(keySafeContents).getBytes() + ) + ]) ]) - ]); - rval.value.push(seq2); - } - return rval; - } - var jan_1_1950 = /* @__PURE__ */ new Date("1950-01-01T00:00:00Z"); - var jan_1_2050 = /* @__PURE__ */ new Date("2050-01-01T00:00:00Z"); - function _dateToAsn1(date) { - if (date >= jan_1_1950 && date < jan_1_2050) { - return asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.UTCTIME, - false, - asn1.dateToUtcTime(date) - ); - } else { - return asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.GENERALIZEDTIME, - false, - asn1.dateToGeneralizedTime(date) ); + contents.push(keyCI); } - } - pki2.getTBSCertificate = function(cert) { - var notBefore = _dateToAsn1(cert.validity.notBefore); - var notAfter = _dateToAsn1(cert.validity.notAfter); - var tbs = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // version - asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ - // integer + var safe = asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.SEQUENCE, + true, + contents + ); + var macData; + if (options.useMac) { + var sha1 = forge.md.sha1.create(); + var macSalt = new forge.util.ByteBuffer( + forge.random.getBytes(options.saltSize) + ); + var count = options.count; + var key = p12.generateKey(password, macSalt, 3, count, 20); + var mac = forge.hmac.create(); + mac.start(sha1, key); + mac.update(asn1.toDer(safe).getBytes()); + var macValue = mac.getMac(); + macData = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // mac DigestInfo + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // digestAlgorithm + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // algorithm = SHA-1 + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OID, + false, + asn1.oidToDer(pki2.oids.sha1).getBytes() + ), + // parameters = Null + asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, "") + ]), + // digest + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OCTETSTRING, + false, + macValue.getBytes() + ) + ]), + // macSalt OCTET STRING + asn1.create( + asn1.Class.UNIVERSAL, + asn1.Type.OCTETSTRING, + false, + macSalt.getBytes() + ), + // iterations INTEGER (XXX: Only support count < 65536) asn1.create( asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, - asn1.integerToDer(cert.version).getBytes() + asn1.integerToDer(count).getBytes() ) - ]), - // serialNumber + ]); + } + return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ + // version (3) asn1.create( asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, - forge.util.hexToBytes(cert.serialNumber) + asn1.integerToDer(3).getBytes() ), - // signature + // PKCS#7 ContentInfo asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // algorithm + // contentType asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OID, false, - asn1.oidToDer(cert.siginfo.algorithmOid).getBytes() + // OID for the content type is 'data' + asn1.oidToDer(pki2.oids.data).getBytes() ), - // parameters - _signatureParametersToAsn1( - cert.siginfo.algorithmOid, - cert.siginfo.parameters - ) - ]), - // issuer - _dnToAsn1(cert.issuer), - // validity - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - notBefore, - notAfter - ]), - // subject - _dnToAsn1(cert.subject), - // SubjectPublicKeyInfo - pki2.publicKeyToAsn1(cert.publicKey) - ]); - if (cert.issuer.uniqueId) { - tbs.value.push( - asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, [ + // content + asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ asn1.create( asn1.Class.UNIVERSAL, - asn1.Type.BITSTRING, + asn1.Type.OCTETSTRING, false, - // TODO: support arbitrary bit length ids - String.fromCharCode(0) + cert.issuer.uniqueId + asn1.toDer(safe).getBytes() ) ]) - ); + ]), + macData + ]); + }; + p12.generateKey = forge.pbe.generatePkcs12Key; + } +}); + +// node_modules/node-forge/lib/pki.js +var require_pki = __commonJS({ + "node_modules/node-forge/lib/pki.js"(exports2, module2) { + var forge = require_forge(); + require_asn1(); + require_oids(); + require_pbe(); + require_pem(); + require_pbkdf2(); + require_pkcs12(); + require_pss(); + require_rsa(); + require_util9(); + require_x509(); + var asn1 = forge.asn1; + var pki2 = module2.exports = forge.pki = forge.pki || {}; + pki2.pemToDer = function(pem) { + var msg = forge.pem.decode(pem)[0]; + if (msg.procType && msg.procType.type === "ENCRYPTED") { + throw new Error("Could not convert PEM to DER; PEM is encrypted."); } - if (cert.subject.uniqueId) { - tbs.value.push( - asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, true, [ - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.BITSTRING, - false, - // TODO: support arbitrary bit length ids - String.fromCharCode(0) + cert.subject.uniqueId - ) - ]) - ); + return forge.util.createBuffer(msg.body); + }; + pki2.privateKeyFromPem = function(pem) { + var msg = forge.pem.decode(pem)[0]; + if (msg.type !== "PRIVATE KEY" && msg.type !== "RSA PRIVATE KEY") { + var error3 = new Error('Could not convert private key from PEM; PEM header type is not "PRIVATE KEY" or "RSA PRIVATE KEY".'); + error3.headerType = msg.type; + throw error3; } - if (cert.extensions.length > 0) { - tbs.value.push(pki2.certificateExtensionsToAsn1(cert.extensions)); + if (msg.procType && msg.procType.type === "ENCRYPTED") { + throw new Error("Could not convert private key from PEM; PEM is encrypted."); } - return tbs; + var obj = asn1.fromDer(msg.body); + return pki2.privateKeyFromAsn1(obj); }; - pki2.getCertificationRequestInfo = function(csr) { - var cri = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // version - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.INTEGER, - false, - asn1.integerToDer(csr.version).getBytes() - ), - // subject - _dnToAsn1(csr.subject), - // SubjectPublicKeyInfo - pki2.publicKeyToAsn1(csr.publicKey), - // attributes - _CRIAttributesToAsn1(csr) - ]); - return cri; + pki2.privateKeyToPem = function(key, maxline) { + var msg = { + type: "RSA PRIVATE KEY", + body: asn1.toDer(pki2.privateKeyToAsn1(key)).getBytes() + }; + return forge.pem.encode(msg, { maxline }); }; - pki2.distinguishedNameToAsn1 = function(dn) { - return _dnToAsn1(dn); + pki2.privateKeyInfoToPem = function(pki3, maxline) { + var msg = { + type: "PRIVATE KEY", + body: asn1.toDer(pki3).getBytes() + }; + return forge.pem.encode(msg, { maxline }); }; - pki2.certificateToAsn1 = function(cert) { - var tbsCertificate = cert.tbsCertificate || pki2.getTBSCertificate(cert); - return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // TBSCertificate - tbsCertificate, - // AlgorithmIdentifier (signature algorithm) - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // algorithm - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(cert.signatureOid).getBytes() - ), - // parameters - _signatureParametersToAsn1(cert.signatureOid, cert.signatureParameters) - ]), - // SignatureValue - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.BITSTRING, - false, - String.fromCharCode(0) + cert.signature - ) - ]); + } +}); + +// node_modules/node-forge/lib/tls.js +var require_tls = __commonJS({ + "node_modules/node-forge/lib/tls.js"(exports2, module2) { + var forge = require_forge(); + require_asn1(); + require_hmac(); + require_md5(); + require_pem(); + require_pki(); + require_random(); + require_sha1(); + require_util9(); + var prf_TLS1 = function(secret, label, seed, length) { + var rval = forge.util.createBuffer(); + var idx = secret.length >> 1; + var slen = idx + (secret.length & 1); + var s1 = secret.substr(0, slen); + var s2 = secret.substr(idx, slen); + var ai = forge.util.createBuffer(); + var hmac = forge.hmac.create(); + seed = label + seed; + var md5itr = Math.ceil(length / 16); + var sha1itr = Math.ceil(length / 20); + hmac.start("MD5", s1); + var md5bytes = forge.util.createBuffer(); + ai.putBytes(seed); + for (var i = 0; i < md5itr; ++i) { + hmac.start(null, null); + hmac.update(ai.getBytes()); + ai.putBuffer(hmac.digest()); + hmac.start(null, null); + hmac.update(ai.bytes() + seed); + md5bytes.putBuffer(hmac.digest()); + } + hmac.start("SHA1", s2); + var sha1bytes = forge.util.createBuffer(); + ai.clear(); + ai.putBytes(seed); + for (var i = 0; i < sha1itr; ++i) { + hmac.start(null, null); + hmac.update(ai.getBytes()); + ai.putBuffer(hmac.digest()); + hmac.start(null, null); + hmac.update(ai.bytes() + seed); + sha1bytes.putBuffer(hmac.digest()); + } + rval.putBytes(forge.util.xorBytes( + md5bytes.getBytes(), + sha1bytes.getBytes(), + length + )); + return rval; }; - pki2.certificateExtensionsToAsn1 = function(exts) { - var rval = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 3, true, []); - var seq2 = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); - rval.value.push(seq2); - for (var i = 0; i < exts.length; ++i) { - seq2.value.push(pki2.certificateExtensionToAsn1(exts[i])); + var hmac_sha1 = function(key2, seqNum, record) { + var hmac = forge.hmac.create(); + hmac.start("SHA1", key2); + var b = forge.util.createBuffer(); + b.putInt32(seqNum[0]); + b.putInt32(seqNum[1]); + b.putByte(record.type); + b.putByte(record.version.major); + b.putByte(record.version.minor); + b.putInt16(record.length); + b.putBytes(record.fragment.bytes()); + hmac.update(b.getBytes()); + return hmac.digest().getBytes(); + }; + var deflate = function(c, record, s) { + var rval = false; + try { + var bytes = c.deflate(record.fragment.getBytes()); + record.fragment = forge.util.createBuffer(bytes); + record.length = bytes.length; + rval = true; + } catch (ex) { } return rval; }; - pki2.certificateExtensionToAsn1 = function(ext) { - var extseq = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); - extseq.value.push(asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(ext.id).getBytes() - )); - if (ext.critical) { - extseq.value.push(asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.BOOLEAN, - false, - String.fromCharCode(255) - )); + var inflate = function(c, record, s) { + var rval = false; + try { + var bytes = c.inflate(record.fragment.getBytes()); + record.fragment = forge.util.createBuffer(bytes); + record.length = bytes.length; + rval = true; + } catch (ex) { } - var value = ext.value; - if (typeof ext.value !== "string") { - value = asn1.toDer(value).getBytes(); + return rval; + }; + var readVector = function(b, lenBytes) { + var len = 0; + switch (lenBytes) { + case 1: + len = b.getByte(); + break; + case 2: + len = b.getInt16(); + break; + case 3: + len = b.getInt24(); + break; + case 4: + len = b.getInt32(); + break; } - extseq.value.push(asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OCTETSTRING, - false, - value - )); - return extseq; + return forge.util.createBuffer(b.getBytes(len)); }; - pki2.certificationRequestToAsn1 = function(csr) { - var cri = csr.certificationRequestInfo || pki2.getCertificationRequestInfo(csr); - return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // CertificationRequestInfo - cri, - // AlgorithmIdentifier (signature algorithm) - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // algorithm - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(csr.signatureOid).getBytes() - ), - // parameters - _signatureParametersToAsn1(csr.signatureOid, csr.signatureParameters) - ]), - // signature - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.BITSTRING, - false, - String.fromCharCode(0) + csr.signature - ) - ]); + var writeVector = function(b, lenBytes, v) { + b.putInt(v.length(), lenBytes << 3); + b.putBuffer(v); }; - pki2.createCaStore = function(certs) { - var caStore = { - // stored certificates - certs: {} - }; - caStore.getIssuer = function(cert2) { - var rval = getBySubject(cert2.issuer); - return rval; - }; - caStore.addCertificate = function(cert2) { - if (typeof cert2 === "string") { - cert2 = forge.pki.certificateFromPem(cert2); + var tls = {}; + tls.Versions = { + TLS_1_0: { major: 3, minor: 1 }, + TLS_1_1: { major: 3, minor: 2 }, + TLS_1_2: { major: 3, minor: 3 } + }; + tls.SupportedVersions = [ + tls.Versions.TLS_1_1, + tls.Versions.TLS_1_0 + ]; + tls.Version = tls.SupportedVersions[0]; + tls.MaxFragment = 16384 - 1024; + tls.ConnectionEnd = { + server: 0, + client: 1 + }; + tls.PRFAlgorithm = { + tls_prf_sha256: 0 + }; + tls.BulkCipherAlgorithm = { + none: null, + rc4: 0, + des3: 1, + aes: 2 + }; + tls.CipherType = { + stream: 0, + block: 1, + aead: 2 + }; + tls.MACAlgorithm = { + none: null, + hmac_md5: 0, + hmac_sha1: 1, + hmac_sha256: 2, + hmac_sha384: 3, + hmac_sha512: 4 + }; + tls.CompressionMethod = { + none: 0, + deflate: 1 + }; + tls.ContentType = { + change_cipher_spec: 20, + alert: 21, + handshake: 22, + application_data: 23, + heartbeat: 24 + }; + tls.HandshakeType = { + hello_request: 0, + client_hello: 1, + server_hello: 2, + certificate: 11, + server_key_exchange: 12, + certificate_request: 13, + server_hello_done: 14, + certificate_verify: 15, + client_key_exchange: 16, + finished: 20 + }; + tls.Alert = {}; + tls.Alert.Level = { + warning: 1, + fatal: 2 + }; + tls.Alert.Description = { + close_notify: 0, + unexpected_message: 10, + bad_record_mac: 20, + decryption_failed: 21, + record_overflow: 22, + decompression_failure: 30, + handshake_failure: 40, + bad_certificate: 42, + unsupported_certificate: 43, + certificate_revoked: 44, + certificate_expired: 45, + certificate_unknown: 46, + illegal_parameter: 47, + unknown_ca: 48, + access_denied: 49, + decode_error: 50, + decrypt_error: 51, + export_restriction: 60, + protocol_version: 70, + insufficient_security: 71, + internal_error: 80, + user_canceled: 90, + no_renegotiation: 100 + }; + tls.HeartbeatMessageType = { + heartbeat_request: 1, + heartbeat_response: 2 + }; + tls.CipherSuites = {}; + tls.getCipherSuite = function(twoBytes) { + var rval = null; + for (var key2 in tls.CipherSuites) { + var cs = tls.CipherSuites[key2]; + if (cs.id[0] === twoBytes.charCodeAt(0) && cs.id[1] === twoBytes.charCodeAt(1)) { + rval = cs; + break; } - ensureSubjectHasHash(cert2.subject); - if (!caStore.hasCertificate(cert2)) { - if (cert2.subject.hash in caStore.certs) { - var tmp = caStore.certs[cert2.subject.hash]; - if (!forge.util.isArray(tmp)) { - tmp = [tmp]; - } - tmp.push(cert2); - caStore.certs[cert2.subject.hash] = tmp; - } else { - caStore.certs[cert2.subject.hash] = cert2; + } + return rval; + }; + tls.handleUnexpected = function(c, record) { + var ignore = !c.open && c.entity === tls.ConnectionEnd.client; + if (!ignore) { + c.error(c, { + message: "Unexpected message. Received TLS record out of order.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.unexpected_message } - } - }; - caStore.hasCertificate = function(cert2) { - if (typeof cert2 === "string") { - cert2 = forge.pki.certificateFromPem(cert2); - } - var match = getBySubject(cert2.subject); - if (!match) { - return false; - } - if (!forge.util.isArray(match)) { - match = [match]; - } - var der1 = asn1.toDer(pki2.certificateToAsn1(cert2)).getBytes(); - for (var i2 = 0; i2 < match.length; ++i2) { - var der2 = asn1.toDer(pki2.certificateToAsn1(match[i2])).getBytes(); - if (der1 === der2) { - return true; + }); + } + }; + tls.handleHelloRequest = function(c, record, length) { + if (!c.handshaking && c.handshakes > 0) { + tls.queue(c, tls.createAlert(c, { + level: tls.Alert.Level.warning, + description: tls.Alert.Description.no_renegotiation + })); + tls.flush(c); + } + c.process(); + }; + tls.parseHelloMessage = function(c, record, length) { + var msg = null; + var client = c.entity === tls.ConnectionEnd.client; + if (length < 38) { + c.error(c, { + message: client ? "Invalid ServerHello message. Message too short." : "Invalid ClientHello message. Message too short.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.illegal_parameter } + }); + } else { + var b = record.fragment; + var remaining = b.length(); + msg = { + version: { + major: b.getByte(), + minor: b.getByte() + }, + random: forge.util.createBuffer(b.getBytes(32)), + session_id: readVector(b, 1), + extensions: [] + }; + if (client) { + msg.cipher_suite = b.getBytes(2); + msg.compression_method = b.getByte(); + } else { + msg.cipher_suites = readVector(b, 2); + msg.compression_methods = readVector(b, 1); } - return false; - }; - caStore.listAllCertificates = function() { - var certList = []; - for (var hash in caStore.certs) { - if (caStore.certs.hasOwnProperty(hash)) { - var value = caStore.certs[hash]; - if (!forge.util.isArray(value)) { - certList.push(value); - } else { - for (var i2 = 0; i2 < value.length; ++i2) { - certList.push(value[i2]); + remaining = length - (remaining - b.length()); + if (remaining > 0) { + var exts = readVector(b, 2); + while (exts.length() > 0) { + msg.extensions.push({ + type: [exts.getByte(), exts.getByte()], + data: readVector(exts, 2) + }); + } + if (!client) { + for (var i = 0; i < msg.extensions.length; ++i) { + var ext = msg.extensions[i]; + if (ext.type[0] === 0 && ext.type[1] === 0) { + var snl = readVector(ext.data, 2); + while (snl.length() > 0) { + var snType = snl.getByte(); + if (snType !== 0) { + break; + } + c.session.extensions.server_name.serverNameList.push( + readVector(snl, 2).getBytes() + ); + } } } } } - return certList; - }; - caStore.removeCertificate = function(cert2) { - var result; - if (typeof cert2 === "string") { - cert2 = forge.pki.certificateFromPem(cert2); - } - ensureSubjectHasHash(cert2.subject); - if (!caStore.hasCertificate(cert2)) { - return null; - } - var match = getBySubject(cert2.subject); - if (!forge.util.isArray(match)) { - result = caStore.certs[cert2.subject.hash]; - delete caStore.certs[cert2.subject.hash]; - return result; + if (c.session.version) { + if (msg.version.major !== c.session.version.major || msg.version.minor !== c.session.version.minor) { + return c.error(c, { + message: "TLS version change is disallowed during renegotiation.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.protocol_version + } + }); + } } - var der1 = asn1.toDer(pki2.certificateToAsn1(cert2)).getBytes(); - for (var i2 = 0; i2 < match.length; ++i2) { - var der2 = asn1.toDer(pki2.certificateToAsn1(match[i2])).getBytes(); - if (der1 === der2) { - result = match[i2]; - match.splice(i2, 1); + if (client) { + c.session.cipherSuite = tls.getCipherSuite(msg.cipher_suite); + } else { + var tmp = forge.util.createBuffer(msg.cipher_suites.bytes()); + while (tmp.length() > 0) { + c.session.cipherSuite = tls.getCipherSuite(tmp.getBytes(2)); + if (c.session.cipherSuite !== null) { + break; + } } } - if (match.length === 0) { - delete caStore.certs[cert2.subject.hash]; + if (c.session.cipherSuite === null) { + return c.error(c, { + message: "No cipher suites in common.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.handshake_failure + }, + cipherSuite: forge.util.bytesToHex(msg.cipher_suite) + }); + } + if (client) { + c.session.compressionMethod = msg.compression_method; + } else { + c.session.compressionMethod = tls.CompressionMethod.none; } - return result; - }; - function getBySubject(subject) { - ensureSubjectHasHash(subject); - return caStore.certs[subject.hash] || null; } - function ensureSubjectHasHash(subject) { - if (!subject.hash) { - var md = forge.md.sha1.create(); - subject.attributes = pki2.RDNAttributesAsArray(_dnToAsn1(subject), md); - subject.hash = md.digest().toHex(); - } + return msg; + }; + tls.createSecurityParameters = function(c, msg) { + var client = c.entity === tls.ConnectionEnd.client; + var msgRandom = msg.random.bytes(); + var cRandom = client ? c.session.sp.client_random : msgRandom; + var sRandom = client ? msgRandom : tls.createRandom().getBytes(); + c.session.sp = { + entity: c.entity, + prf_algorithm: tls.PRFAlgorithm.tls_prf_sha256, + bulk_cipher_algorithm: null, + cipher_type: null, + enc_key_length: null, + block_length: null, + fixed_iv_length: null, + record_iv_length: null, + mac_algorithm: null, + mac_length: null, + mac_key_length: null, + compression_algorithm: c.session.compressionMethod, + pre_master_secret: null, + master_secret: null, + client_random: cRandom, + server_random: sRandom + }; + }; + tls.handleServerHello = function(c, record, length) { + var msg = tls.parseHelloMessage(c, record, length); + if (c.fail) { + return; } - if (certs) { - for (var i = 0; i < certs.length; ++i) { - var cert = certs[i]; - caStore.addCertificate(cert); - } + if (msg.version.minor <= c.version.minor) { + c.version.minor = msg.version.minor; + } else { + return c.error(c, { + message: "Incompatible TLS version.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.protocol_version + } + }); } - return caStore; - }; - pki2.certificateError = { - bad_certificate: "forge.pki.BadCertificate", - unsupported_certificate: "forge.pki.UnsupportedCertificate", - certificate_revoked: "forge.pki.CertificateRevoked", - certificate_expired: "forge.pki.CertificateExpired", - certificate_unknown: "forge.pki.CertificateUnknown", - unknown_ca: "forge.pki.UnknownCertificateAuthority" + c.session.version = c.version; + var sessionId = msg.session_id.bytes(); + if (sessionId.length > 0 && sessionId === c.session.id) { + c.expect = SCC; + c.session.resuming = true; + c.session.sp.server_random = msg.random.bytes(); + } else { + c.expect = SCE; + c.session.resuming = false; + tls.createSecurityParameters(c, msg); + } + c.session.id = sessionId; + c.process(); }; - pki2.verifyCertificateChain = function(caStore, chain, options) { - if (typeof options === "function") { - options = { verify: options }; + tls.handleClientHello = function(c, record, length) { + var msg = tls.parseHelloMessage(c, record, length); + if (c.fail) { + return; } - options = options || {}; - chain = chain.slice(0); - var certs = chain.slice(0); - var validityCheckDate = options.validityCheckDate; - if (typeof validityCheckDate === "undefined") { - validityCheckDate = /* @__PURE__ */ new Date(); + var sessionId = msg.session_id.bytes(); + var session = null; + if (c.sessionCache) { + session = c.sessionCache.getSession(sessionId); + if (session === null) { + sessionId = ""; + } else if (session.version.major !== msg.version.major || session.version.minor > msg.version.minor) { + session = null; + sessionId = ""; + } } - var first = true; - var error3 = null; - var depth = 0; - do { - var cert = chain.shift(); - var parent = null; - var selfSigned = false; - if (validityCheckDate) { - if (validityCheckDate < cert.validity.notBefore || validityCheckDate > cert.validity.notAfter) { - error3 = { - message: "Certificate is not valid yet or has expired.", - error: pki2.certificateError.certificate_expired, - notBefore: cert.validity.notBefore, - notAfter: cert.validity.notAfter, - // TODO: we might want to reconsider renaming 'now' to - // 'validityCheckDate' should this API be changed in the future. - now: validityCheckDate - }; + if (sessionId.length === 0) { + sessionId = forge.random.getBytes(32); + } + c.session.id = sessionId; + c.session.clientHelloVersion = msg.version; + c.session.sp = {}; + if (session) { + c.version = c.session.version = session.version; + c.session.sp = session.sp; + } else { + var version; + for (var i = 1; i < tls.SupportedVersions.length; ++i) { + version = tls.SupportedVersions[i]; + if (version.minor <= msg.version.minor) { + break; } } - if (error3 === null) { - parent = chain[0] || caStore.getIssuer(cert); - if (parent === null) { - if (cert.isIssuer(cert)) { - selfSigned = true; - parent = cert; - } + c.version = { major: version.major, minor: version.minor }; + c.session.version = c.version; + } + if (session !== null) { + c.expect = CCC; + c.session.resuming = true; + c.session.sp.client_random = msg.random.bytes(); + } else { + c.expect = c.verifyClient !== false ? CCE : CKE; + c.session.resuming = false; + tls.createSecurityParameters(c, msg); + } + c.open = true; + tls.queue(c, tls.createRecord(c, { + type: tls.ContentType.handshake, + data: tls.createServerHello(c) + })); + if (c.session.resuming) { + tls.queue(c, tls.createRecord(c, { + type: tls.ContentType.change_cipher_spec, + data: tls.createChangeCipherSpec() + })); + c.state.pending = tls.createConnectionState(c); + c.state.current.write = c.state.pending.write; + tls.queue(c, tls.createRecord(c, { + type: tls.ContentType.handshake, + data: tls.createFinished(c) + })); + } else { + tls.queue(c, tls.createRecord(c, { + type: tls.ContentType.handshake, + data: tls.createCertificate(c) + })); + if (!c.fail) { + tls.queue(c, tls.createRecord(c, { + type: tls.ContentType.handshake, + data: tls.createServerKeyExchange(c) + })); + if (c.verifyClient !== false) { + tls.queue(c, tls.createRecord(c, { + type: tls.ContentType.handshake, + data: tls.createCertificateRequest(c) + })); } - if (parent) { - var parents = parent; - if (!forge.util.isArray(parents)) { - parents = [parents]; - } - var verified = false; - while (!verified && parents.length > 0) { - parent = parents.shift(); - try { - verified = parent.verify(cert); - } catch (ex) { - } - } - if (!verified) { - error3 = { - message: "Certificate signature is invalid.", - error: pki2.certificateError.bad_certificate - }; - } + tls.queue(c, tls.createRecord(c, { + type: tls.ContentType.handshake, + data: tls.createServerHelloDone(c) + })); + } + } + tls.flush(c); + c.process(); + }; + tls.handleCertificate = function(c, record, length) { + if (length < 3) { + return c.error(c, { + message: "Invalid Certificate message. Message too short.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.illegal_parameter } - if (error3 === null && (!parent || selfSigned) && !caStore.hasCertificate(cert)) { - error3 = { - message: "Certificate is not trusted.", - error: pki2.certificateError.unknown_ca - }; + }); + } + var b = record.fragment; + var msg = { + certificate_list: readVector(b, 3) + }; + var cert, asn1; + var certs = []; + try { + while (msg.certificate_list.length() > 0) { + cert = readVector(msg.certificate_list, 3); + asn1 = forge.asn1.fromDer(cert); + cert = forge.pki.certificateFromAsn1(asn1, true); + certs.push(cert); + } + } catch (ex) { + return c.error(c, { + message: "Could not parse certificate list.", + cause: ex, + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.bad_certificate + } + }); + } + var client = c.entity === tls.ConnectionEnd.client; + if ((client || c.verifyClient === true) && certs.length === 0) { + c.error(c, { + message: client ? "No server certificate provided." : "No client certificate provided.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.illegal_parameter } + }); + } else if (certs.length === 0) { + c.expect = client ? SKE : CKE; + } else { + if (client) { + c.session.serverCertificate = certs[0]; + } else { + c.session.clientCertificate = certs[0]; } - if (error3 === null && parent && !cert.isIssuer(parent)) { - error3 = { - message: "Certificate issuer is invalid.", - error: pki2.certificateError.bad_certificate - }; + if (tls.verifyCertificateChain(c, certs)) { + c.expect = client ? SKE : CKE; } - if (error3 === null) { - var se = { - keyUsage: true, - basicConstraints: true - }; - for (var i = 0; error3 === null && i < cert.extensions.length; ++i) { - var ext = cert.extensions[i]; - if (ext.critical && !(ext.name in se)) { - error3 = { - message: "Certificate has an unsupported critical extension.", - error: pki2.certificateError.unsupported_certificate - }; - } + } + c.process(); + }; + tls.handleServerKeyExchange = function(c, record, length) { + if (length > 0) { + return c.error(c, { + message: "Invalid key parameters. Only RSA is supported.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.unsupported_certificate } - } - if (error3 === null && (!first || chain.length === 0 && (!parent || selfSigned))) { - var bcExt = cert.getExtension("basicConstraints"); - var keyUsageExt = cert.getExtension("keyUsage"); - if (keyUsageExt !== null) { - if (!keyUsageExt.keyCertSign || bcExt === null) { - error3 = { - message: "Certificate keyUsage or basicConstraints conflict or indicate that the certificate is not a CA. If the certificate is the only one in the chain or isn't the first then the certificate must be a valid CA.", - error: pki2.certificateError.bad_certificate - }; + }); + } + c.expect = SCR; + c.process(); + }; + tls.handleClientKeyExchange = function(c, record, length) { + if (length < 48) { + return c.error(c, { + message: "Invalid key parameters. Only RSA is supported.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.unsupported_certificate + } + }); + } + var b = record.fragment; + var msg = { + enc_pre_master_secret: readVector(b, 2).getBytes() + }; + var privateKey = null; + if (c.getPrivateKey) { + try { + privateKey = c.getPrivateKey(c, c.session.serverCertificate); + privateKey = forge.pki.privateKeyFromPem(privateKey); + } catch (ex) { + c.error(c, { + message: "Could not get private key.", + cause: ex, + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.internal_error } + }); + } + } + if (privateKey === null) { + return c.error(c, { + message: "No private key set.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.internal_error } - if (error3 === null && bcExt !== null && !bcExt.cA) { - error3 = { - message: "Certificate basicConstraints indicates the certificate is not a CA.", - error: pki2.certificateError.bad_certificate - }; + }); + } + try { + var sp = c.session.sp; + sp.pre_master_secret = privateKey.decrypt(msg.enc_pre_master_secret); + var version = c.session.clientHelloVersion; + if (version.major !== sp.pre_master_secret.charCodeAt(0) || version.minor !== sp.pre_master_secret.charCodeAt(1)) { + throw new Error("TLS version rollback attack detected."); + } + } catch (ex) { + sp.pre_master_secret = forge.random.getBytes(48); + } + c.expect = CCC; + if (c.session.clientCertificate !== null) { + c.expect = CCV; + } + c.process(); + }; + tls.handleCertificateRequest = function(c, record, length) { + if (length < 3) { + return c.error(c, { + message: "Invalid CertificateRequest. Message too short.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.illegal_parameter } - if (error3 === null && keyUsageExt !== null && "pathLenConstraint" in bcExt) { - var pathLen = depth - 1; - if (pathLen > bcExt.pathLenConstraint) { - error3 = { - message: "Certificate basicConstraints pathLenConstraint violated.", - error: pki2.certificateError.bad_certificate - }; - } + }); + } + var b = record.fragment; + var msg = { + certificate_types: readVector(b, 1), + certificate_authorities: readVector(b, 2) + }; + c.session.certificateRequest = msg; + c.expect = SHD; + c.process(); + }; + tls.handleCertificateVerify = function(c, record, length) { + if (length < 2) { + return c.error(c, { + message: "Invalid CertificateVerify. Message too short.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.illegal_parameter } + }); + } + var b = record.fragment; + b.read -= 4; + var msgBytes = b.bytes(); + b.read += 4; + var msg = { + signature: readVector(b, 2).getBytes() + }; + var verify = forge.util.createBuffer(); + verify.putBuffer(c.session.md5.digest()); + verify.putBuffer(c.session.sha1.digest()); + verify = verify.getBytes(); + try { + var cert = c.session.clientCertificate; + if (!cert.publicKey.verify(verify, msg.signature, "NONE")) { + throw new Error("CertificateVerify signature does not match."); } - var vfd = error3 === null ? true : error3.error; - var ret = options.verify ? options.verify(vfd, depth, certs) : vfd; - if (ret === true) { - error3 = null; - } else { - if (vfd === true) { - error3 = { - message: "The application rejected the certificate.", - error: pki2.certificateError.bad_certificate - }; + c.session.md5.update(msgBytes); + c.session.sha1.update(msgBytes); + } catch (ex) { + return c.error(c, { + message: "Bad signature in CertificateVerify.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.handshake_failure + } + }); + } + c.expect = CCC; + c.process(); + }; + tls.handleServerHelloDone = function(c, record, length) { + if (length > 0) { + return c.error(c, { + message: "Invalid ServerHelloDone message. Invalid length.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.record_overflow + } + }); + } + if (c.serverCertificate === null) { + var error3 = { + message: "No server certificate provided. Not enough security.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.insufficient_security } + }; + var depth = 0; + var ret = c.verify(c, error3.alert.description, depth, []); + if (ret !== true) { if (ret || ret === 0) { if (typeof ret === "object" && !forge.util.isArray(ret)) { if (ret.message) { error3.message = ret.message; } - if (ret.error) { - error3.error = ret.error; + if (ret.alert) { + error3.alert.description = ret.alert; } - } else if (typeof ret === "string") { - error3.error = ret; + } else if (typeof ret === "number") { + error3.alert.description = ret; } } - throw error3; + return c.error(c, error3); } - first = false; - ++depth; - } while (chain.length > 0); - return true; - }; - } -}); - -// node_modules/node-forge/lib/pkcs12.js -var require_pkcs12 = __commonJS({ - "node_modules/node-forge/lib/pkcs12.js"(exports2, module2) { - var forge = require_forge(); - require_asn1(); - require_hmac(); - require_oids(); - require_pkcs7asn1(); - require_pbe(); - require_random(); - require_rsa(); - require_sha1(); - require_util9(); - require_x509(); - var asn1 = forge.asn1; - var pki2 = forge.pki; - var p12 = module2.exports = forge.pkcs12 = forge.pkcs12 || {}; - var contentInfoValidator = { - name: "ContentInfo", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - // a ContentInfo - constructed: true, - value: [{ - name: "ContentInfo.contentType", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "contentType" - }, { - name: "ContentInfo.content", - tagClass: asn1.Class.CONTEXT_SPECIFIC, - constructed: true, - captureAsn1: "content" - }] - }; - var pfxValidator = { - name: "PFX", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [ - { - name: "PFX.version", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "version" - }, - contentInfoValidator, - { - name: "PFX.macData", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - optional: true, - captureAsn1: "mac", - value: [{ - name: "PFX.macData.mac", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - // DigestInfo - constructed: true, - value: [{ - name: "PFX.macData.mac.digestAlgorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - // DigestAlgorithmIdentifier - constructed: true, - value: [{ - name: "PFX.macData.mac.digestAlgorithm.algorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "macAlgorithm" - }, { - name: "PFX.macData.mac.digestAlgorithm.parameters", - optional: true, - tagClass: asn1.Class.UNIVERSAL, - captureAsn1: "macAlgorithmParameters" - }] - }, { - name: "PFX.macData.mac.digest", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OCTETSTRING, - constructed: false, - capture: "macDigest" - }] - }, { - name: "PFX.macData.macSalt", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OCTETSTRING, - constructed: false, - capture: "macSalt" - }, { - name: "PFX.macData.iterations", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - optional: true, - capture: "macIterations" - }] - } - ] - }; - var safeBagValidator = { - name: "SafeBag", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "SafeBag.bagId", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "bagId" - }, { - name: "SafeBag.bagValue", - tagClass: asn1.Class.CONTEXT_SPECIFIC, - constructed: true, - captureAsn1: "bagValue" - }, { - name: "SafeBag.bagAttributes", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SET, - constructed: true, - optional: true, - capture: "bagAttributes" - }] - }; - var attributeValidator = { - name: "Attribute", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "Attribute.attrId", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "oid" - }, { - name: "Attribute.attrValues", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SET, - constructed: true, - capture: "values" - }] - }; - var certBagValidator = { - name: "CertBag", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "CertBag.certId", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "certId" - }, { - name: "CertBag.certValue", - tagClass: asn1.Class.CONTEXT_SPECIFIC, - constructed: true, - /* So far we only support X.509 certificates (which are wrapped in - an OCTET STRING, hence hard code that here). */ - value: [{ - name: "CertBag.certValue[0]", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Class.OCTETSTRING, - constructed: false, - capture: "cert" - }] - }] - }; - function _getBagsByAttribute(safeContents, attrName, attrValue, bagType) { - var result = []; - for (var i = 0; i < safeContents.length; i++) { - for (var j = 0; j < safeContents[i].safeBags.length; j++) { - var bag = safeContents[i].safeBags[j]; - if (bagType !== void 0 && bag.type !== bagType) { - continue; - } - if (attrName === null) { - result.push(bag); - continue; - } - if (bag.attributes[attrName] !== void 0 && bag.attributes[attrName].indexOf(attrValue) >= 0) { - result.push(bag); - } - } - } - return result; - } - p12.pkcs12FromAsn1 = function(obj, strict, password) { - if (typeof strict === "string") { - password = strict; - strict = true; - } else if (strict === void 0) { - strict = true; } - var capture = {}; - var errors = []; - if (!asn1.validate(obj, pfxValidator, capture, errors)) { - var error3 = new Error("Cannot read PKCS#12 PFX. ASN.1 object is not an PKCS#12 PFX."); - error3.errors = error3; - throw error3; + if (c.session.certificateRequest !== null) { + record = tls.createRecord(c, { + type: tls.ContentType.handshake, + data: tls.createCertificate(c) + }); + tls.queue(c, record); } - var pfx = { - version: capture.version.charCodeAt(0), - safeContents: [], - /** - * Gets bags with matching attributes. - * - * @param filter the attributes to filter by: - * [localKeyId] the localKeyId to search for. - * [localKeyIdHex] the localKeyId in hex to search for. - * [friendlyName] the friendly name to search for. - * [bagType] bag type to narrow each attribute search by. - * - * @return a map of attribute type to an array of matching bags or, if no - * attribute was given but a bag type, the map key will be the - * bag type. - */ - getBags: function(filter) { - var rval = {}; - var localKeyId; - if ("localKeyId" in filter) { - localKeyId = filter.localKeyId; - } else if ("localKeyIdHex" in filter) { - localKeyId = forge.util.hexToBytes(filter.localKeyIdHex); - } - if (localKeyId === void 0 && !("friendlyName" in filter) && "bagType" in filter) { - rval[filter.bagType] = _getBagsByAttribute( - pfx.safeContents, - null, - null, - filter.bagType - ); - } - if (localKeyId !== void 0) { - rval.localKeyId = _getBagsByAttribute( - pfx.safeContents, - "localKeyId", - localKeyId, - filter.bagType - ); - } - if ("friendlyName" in filter) { - rval.friendlyName = _getBagsByAttribute( - pfx.safeContents, - "friendlyName", - filter.friendlyName, - filter.bagType - ); - } - return rval; - }, - /** - * DEPRECATED: use getBags() instead. - * - * Get bags with matching friendlyName attribute. - * - * @param friendlyName the friendly name to search for. - * @param [bagType] bag type to narrow search by. - * - * @return an array of bags with matching friendlyName attribute. - */ - getBagsByFriendlyName: function(friendlyName, bagType) { - return _getBagsByAttribute( - pfx.safeContents, - "friendlyName", - friendlyName, - bagType - ); - }, - /** - * DEPRECATED: use getBags() instead. - * - * Get bags with matching localKeyId attribute. - * - * @param localKeyId the localKeyId to search for. - * @param [bagType] bag type to narrow search by. - * - * @return an array of bags with matching localKeyId attribute. - */ - getBagsByLocalKeyId: function(localKeyId, bagType) { - return _getBagsByAttribute( - pfx.safeContents, - "localKeyId", - localKeyId, - bagType - ); + record = tls.createRecord(c, { + type: tls.ContentType.handshake, + data: tls.createClientKeyExchange(c) + }); + tls.queue(c, record); + c.expect = SER; + var callback = function(c2, signature) { + if (c2.session.certificateRequest !== null && c2.session.clientCertificate !== null) { + tls.queue(c2, tls.createRecord(c2, { + type: tls.ContentType.handshake, + data: tls.createCertificateVerify(c2, signature) + })); } + tls.queue(c2, tls.createRecord(c2, { + type: tls.ContentType.change_cipher_spec, + data: tls.createChangeCipherSpec() + })); + c2.state.pending = tls.createConnectionState(c2); + c2.state.current.write = c2.state.pending.write; + tls.queue(c2, tls.createRecord(c2, { + type: tls.ContentType.handshake, + data: tls.createFinished(c2) + })); + c2.expect = SCC; + tls.flush(c2); + c2.process(); }; - if (capture.version.charCodeAt(0) !== 3) { - var error3 = new Error("PKCS#12 PFX of version other than 3 not supported."); - error3.version = capture.version.charCodeAt(0); - throw error3; - } - if (asn1.derToOid(capture.contentType) !== pki2.oids.data) { - var error3 = new Error("Only PKCS#12 PFX in password integrity mode supported."); - error3.oid = asn1.derToOid(capture.contentType); - throw error3; - } - var data = capture.content.value[0]; - if (data.tagClass !== asn1.Class.UNIVERSAL || data.type !== asn1.Type.OCTETSTRING) { - throw new Error("PKCS#12 authSafe content data is not an OCTET STRING."); - } - data = _decodePkcs7Data(data); - if (capture.mac) { - var md = null; - var macKeyBytes = 0; - var macAlgorithm = asn1.derToOid(capture.macAlgorithm); - switch (macAlgorithm) { - case pki2.oids.sha1: - md = forge.md.sha1.create(); - macKeyBytes = 20; - break; - case pki2.oids.sha256: - md = forge.md.sha256.create(); - macKeyBytes = 32; - break; - case pki2.oids.sha384: - md = forge.md.sha384.create(); - macKeyBytes = 48; - break; - case pki2.oids.sha512: - md = forge.md.sha512.create(); - macKeyBytes = 64; - break; - case pki2.oids.md5: - md = forge.md.md5.create(); - macKeyBytes = 16; - break; - } - if (md === null) { - throw new Error("PKCS#12 uses unsupported MAC algorithm: " + macAlgorithm); - } - var macSalt = new forge.util.ByteBuffer(capture.macSalt); - var macIterations = "macIterations" in capture ? parseInt(forge.util.bytesToHex(capture.macIterations), 16) : 1; - var macKey = p12.generateKey( - password, - macSalt, - 3, - macIterations, - macKeyBytes, - md - ); - var mac = forge.hmac.create(); - mac.start(md, macKey); - mac.update(data.value); - var macValue = mac.getMac(); - if (macValue.getBytes() !== capture.macDigest) { - throw new Error("PKCS#12 MAC could not be verified. Invalid password?"); - } - } else if (Array.isArray(obj.value) && obj.value.length > 2) { - throw new Error("Invalid PKCS#12. macData field present but MAC was not validated."); + if (c.session.certificateRequest === null || c.session.clientCertificate === null) { + return callback(c, null); } - _decodeAuthenticatedSafe(pfx, data.value, strict, password); - return pfx; + tls.getClientSignature(c, callback); }; - function _decodePkcs7Data(data) { - if (data.composed || data.constructed) { - var value = forge.util.createBuffer(); - for (var i = 0; i < data.value.length; ++i) { - value.putBytes(data.value[i].value); - } - data.composed = data.constructed = false; - data.value = value.getBytes(); - } - return data; - } - function _decodeAuthenticatedSafe(pfx, authSafe, strict, password) { - authSafe = asn1.fromDer(authSafe, strict); - if (authSafe.tagClass !== asn1.Class.UNIVERSAL || authSafe.type !== asn1.Type.SEQUENCE || authSafe.constructed !== true) { - throw new Error("PKCS#12 AuthenticatedSafe expected to be a SEQUENCE OF ContentInfo"); - } - for (var i = 0; i < authSafe.value.length; i++) { - var contentInfo = authSafe.value[i]; - var capture = {}; - var errors = []; - if (!asn1.validate(contentInfo, contentInfoValidator, capture, errors)) { - var error3 = new Error("Cannot read ContentInfo."); - error3.errors = errors; - throw error3; - } - var obj = { - encrypted: false - }; - var safeContents = null; - var data = capture.content.value[0]; - switch (asn1.derToOid(capture.contentType)) { - case pki2.oids.data: - if (data.tagClass !== asn1.Class.UNIVERSAL || data.type !== asn1.Type.OCTETSTRING) { - throw new Error("PKCS#12 SafeContents Data is not an OCTET STRING."); - } - safeContents = _decodePkcs7Data(data).value; - break; - case pki2.oids.encryptedData: - safeContents = _decryptSafeContents(data, password); - obj.encrypted = true; - break; - default: - var error3 = new Error("Unsupported PKCS#12 contentType."); - error3.contentType = asn1.derToOid(capture.contentType); - throw error3; - } - obj.safeBags = _decodeSafeContents(safeContents, strict, password); - pfx.safeContents.push(obj); - } - } - function _decryptSafeContents(data, password) { - var capture = {}; - var errors = []; - if (!asn1.validate( - data, - forge.pkcs7.asn1.encryptedDataValidator, - capture, - errors - )) { - var error3 = new Error("Cannot read EncryptedContentInfo."); - error3.errors = errors; - throw error3; + tls.handleChangeCipherSpec = function(c, record) { + if (record.fragment.getByte() !== 1) { + return c.error(c, { + message: "Invalid ChangeCipherSpec message received.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.illegal_parameter + } + }); } - var oid = asn1.derToOid(capture.contentType); - if (oid !== pki2.oids.data) { - var error3 = new Error( - "PKCS#12 EncryptedContentInfo ContentType is not Data." - ); - error3.oid = oid; - throw error3; + var client = c.entity === tls.ConnectionEnd.client; + if (c.session.resuming && client || !c.session.resuming && !client) { + c.state.pending = tls.createConnectionState(c); } - oid = asn1.derToOid(capture.encAlgorithm); - var cipher = pki2.pbe.getCipher(oid, capture.encParameter, password); - var encryptedContentAsn1 = _decodePkcs7Data(capture.encryptedContentAsn1); - var encrypted = forge.util.createBuffer(encryptedContentAsn1.value); - cipher.update(encrypted); - if (!cipher.finish()) { - throw new Error("Failed to decrypt PKCS#12 SafeContents."); + c.state.current.read = c.state.pending.read; + if (!c.session.resuming && client || c.session.resuming && !client) { + c.state.pending = null; } - return cipher.output.getBytes(); - } - function _decodeSafeContents(safeContents, strict, password) { - if (!strict && safeContents.length === 0) { - return []; + c.expect = client ? SFI : CFI; + c.process(); + }; + tls.handleFinished = function(c, record, length) { + var b = record.fragment; + b.read -= 4; + var msgBytes = b.bytes(); + b.read += 4; + var vd = record.fragment.getBytes(); + b = forge.util.createBuffer(); + b.putBuffer(c.session.md5.digest()); + b.putBuffer(c.session.sha1.digest()); + var client = c.entity === tls.ConnectionEnd.client; + var label = client ? "server finished" : "client finished"; + var sp = c.session.sp; + var vdl = 12; + var prf = prf_TLS1; + b = prf(sp.master_secret, label, b.getBytes(), vdl); + if (b.getBytes() !== vd) { + return c.error(c, { + message: "Invalid verify_data in Finished message.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.decrypt_error + } + }); } - safeContents = asn1.fromDer(safeContents, strict); - if (safeContents.tagClass !== asn1.Class.UNIVERSAL || safeContents.type !== asn1.Type.SEQUENCE || safeContents.constructed !== true) { - throw new Error( - "PKCS#12 SafeContents expected to be a SEQUENCE OF SafeBag." - ); + c.session.md5.update(msgBytes); + c.session.sha1.update(msgBytes); + if (c.session.resuming && client || !c.session.resuming && !client) { + tls.queue(c, tls.createRecord(c, { + type: tls.ContentType.change_cipher_spec, + data: tls.createChangeCipherSpec() + })); + c.state.current.write = c.state.pending.write; + c.state.pending = null; + tls.queue(c, tls.createRecord(c, { + type: tls.ContentType.handshake, + data: tls.createFinished(c) + })); } - var res = []; - for (var i = 0; i < safeContents.value.length; i++) { - var safeBag = safeContents.value[i]; - var capture = {}; - var errors = []; - if (!asn1.validate(safeBag, safeBagValidator, capture, errors)) { - var error3 = new Error("Cannot read SafeBag."); - error3.errors = errors; - throw error3; - } - var bag = { - type: asn1.derToOid(capture.bagId), - attributes: _decodeBagAttributes(capture.bagAttributes) - }; - res.push(bag); - var validator, decoder; - var bagAsn1 = capture.bagValue.value[0]; - switch (bag.type) { - case pki2.oids.pkcs8ShroudedKeyBag: - bagAsn1 = pki2.decryptPrivateKeyInfo(bagAsn1, password); - if (bagAsn1 === null) { - throw new Error( - "Unable to decrypt PKCS#8 ShroudedKeyBag, wrong password?" - ); - } - /* fall through */ - case pki2.oids.keyBag: - try { - bag.key = pki2.privateKeyFromAsn1(bagAsn1); - } catch (e) { - bag.key = null; - bag.asn1 = bagAsn1; - } - continue; - /* Nothing more to do. */ - case pki2.oids.certBag: - validator = certBagValidator; - decoder = function() { - if (asn1.derToOid(capture.certId) !== pki2.oids.x509Certificate) { - var error4 = new Error( - "Unsupported certificate type, only X.509 supported." - ); - error4.oid = asn1.derToOid(capture.certId); - throw error4; - } - var certAsn1 = asn1.fromDer(capture.cert, strict); - try { - bag.cert = pki2.certificateFromAsn1(certAsn1, true); - } catch (e) { - bag.cert = null; - bag.asn1 = certAsn1; + c.expect = client ? SAD : CAD; + c.handshaking = false; + ++c.handshakes; + c.peerCertificate = client ? c.session.serverCertificate : c.session.clientCertificate; + tls.flush(c); + c.isConnected = true; + c.connected(c); + c.process(); + }; + tls.handleAlert = function(c, record) { + var b = record.fragment; + var alert = { + level: b.getByte(), + description: b.getByte() + }; + var msg; + switch (alert.description) { + case tls.Alert.Description.close_notify: + msg = "Connection closed."; + break; + case tls.Alert.Description.unexpected_message: + msg = "Unexpected message."; + break; + case tls.Alert.Description.bad_record_mac: + msg = "Bad record MAC."; + break; + case tls.Alert.Description.decryption_failed: + msg = "Decryption failed."; + break; + case tls.Alert.Description.record_overflow: + msg = "Record overflow."; + break; + case tls.Alert.Description.decompression_failure: + msg = "Decompression failed."; + break; + case tls.Alert.Description.handshake_failure: + msg = "Handshake failure."; + break; + case tls.Alert.Description.bad_certificate: + msg = "Bad certificate."; + break; + case tls.Alert.Description.unsupported_certificate: + msg = "Unsupported certificate."; + break; + case tls.Alert.Description.certificate_revoked: + msg = "Certificate revoked."; + break; + case tls.Alert.Description.certificate_expired: + msg = "Certificate expired."; + break; + case tls.Alert.Description.certificate_unknown: + msg = "Certificate unknown."; + break; + case tls.Alert.Description.illegal_parameter: + msg = "Illegal parameter."; + break; + case tls.Alert.Description.unknown_ca: + msg = "Unknown certificate authority."; + break; + case tls.Alert.Description.access_denied: + msg = "Access denied."; + break; + case tls.Alert.Description.decode_error: + msg = "Decode error."; + break; + case tls.Alert.Description.decrypt_error: + msg = "Decrypt error."; + break; + case tls.Alert.Description.export_restriction: + msg = "Export restriction."; + break; + case tls.Alert.Description.protocol_version: + msg = "Unsupported protocol version."; + break; + case tls.Alert.Description.insufficient_security: + msg = "Insufficient security."; + break; + case tls.Alert.Description.internal_error: + msg = "Internal error."; + break; + case tls.Alert.Description.user_canceled: + msg = "User canceled."; + break; + case tls.Alert.Description.no_renegotiation: + msg = "Renegotiation not supported."; + break; + default: + msg = "Unknown error."; + break; + } + if (alert.description === tls.Alert.Description.close_notify) { + return c.close(); + } + c.error(c, { + message: msg, + send: false, + // origin is the opposite end + origin: c.entity === tls.ConnectionEnd.client ? "server" : "client", + alert + }); + c.process(); + }; + tls.handleHandshake = function(c, record) { + var b = record.fragment; + var type2 = b.getByte(); + var length = b.getInt24(); + if (length > b.length()) { + c.fragmented = record; + record.fragment = forge.util.createBuffer(); + b.read -= 4; + return c.process(); + } + c.fragmented = null; + b.read -= 4; + var bytes = b.bytes(length + 4); + b.read += 4; + if (type2 in hsTable[c.entity][c.expect]) { + if (c.entity === tls.ConnectionEnd.server && !c.open && !c.fail) { + c.handshaking = true; + c.session = { + version: null, + extensions: { + server_name: { + serverNameList: [] } - }; - break; - default: - var error3 = new Error("Unsupported PKCS#12 SafeBag type."); - error3.oid = bag.type; - throw error3; + }, + cipherSuite: null, + compressionMethod: null, + serverCertificate: null, + clientCertificate: null, + md5: forge.md.md5.create(), + sha1: forge.md.sha1.create() + }; } - if (validator !== void 0 && !asn1.validate(bagAsn1, validator, capture, errors)) { - var error3 = new Error("Cannot read PKCS#12 " + validator.name); - error3.errors = errors; - throw error3; + if (type2 !== tls.HandshakeType.hello_request && type2 !== tls.HandshakeType.certificate_verify && type2 !== tls.HandshakeType.finished) { + c.session.md5.update(bytes); + c.session.sha1.update(bytes); } - decoder(); + hsTable[c.entity][c.expect][type2](c, record, length); + } else { + tls.handleUnexpected(c, record); } - return res; - } - function _decodeBagAttributes(attributes) { - var decodedAttrs = {}; - if (attributes !== void 0) { - for (var i = 0; i < attributes.length; ++i) { - var capture = {}; - var errors = []; - if (!asn1.validate(attributes[i], attributeValidator, capture, errors)) { - var error3 = new Error("Cannot read PKCS#12 BagAttribute."); - error3.errors = errors; - throw error3; - } - var oid = asn1.derToOid(capture.oid); - if (pki2.oids[oid] === void 0) { - continue; - } - decodedAttrs[pki2.oids[oid]] = []; - for (var j = 0; j < capture.values.length; ++j) { - decodedAttrs[pki2.oids[oid]].push(capture.values[j].value); - } + }; + tls.handleApplicationData = function(c, record) { + c.data.putBuffer(record.fragment); + c.dataReady(c); + c.process(); + }; + tls.handleHeartbeat = function(c, record) { + var b = record.fragment; + var type2 = b.getByte(); + var length = b.getInt16(); + var payload = b.getBytes(length); + if (type2 === tls.HeartbeatMessageType.heartbeat_request) { + if (c.handshaking || length > payload.length) { + return c.process(); + } + tls.queue(c, tls.createRecord(c, { + type: tls.ContentType.heartbeat, + data: tls.createHeartbeat( + tls.HeartbeatMessageType.heartbeat_response, + payload + ) + })); + tls.flush(c); + } else if (type2 === tls.HeartbeatMessageType.heartbeat_response) { + if (payload !== c.expectedHeartbeatPayload) { + return c.process(); + } + if (c.heartbeatReceived) { + c.heartbeatReceived(c, forge.util.createBuffer(payload)); } } - return decodedAttrs; - } - p12.toPkcs12Asn1 = function(key, cert, password, options) { - options = options || {}; - options.saltSize = options.saltSize || 8; - options.count = options.count || 2048; - options.algorithm = options.algorithm || options.encAlgorithm || "aes128"; - if (!("useMac" in options)) { - options.useMac = true; + c.process(); + }; + var SHE = 0; + var SCE = 1; + var SKE = 2; + var SCR = 3; + var SHD = 4; + var SCC = 5; + var SFI = 6; + var SAD = 7; + var SER = 8; + var CHE = 0; + var CCE = 1; + var CKE = 2; + var CCV = 3; + var CCC = 4; + var CFI = 5; + var CAD = 6; + var __ = tls.handleUnexpected; + var R0 = tls.handleChangeCipherSpec; + var R1 = tls.handleAlert; + var R2 = tls.handleHandshake; + var R3 = tls.handleApplicationData; + var R4 = tls.handleHeartbeat; + var ctTable = []; + ctTable[tls.ConnectionEnd.client] = [ + // CC,AL,HS,AD,HB + /*SHE*/ + [__, R1, R2, __, R4], + /*SCE*/ + [__, R1, R2, __, R4], + /*SKE*/ + [__, R1, R2, __, R4], + /*SCR*/ + [__, R1, R2, __, R4], + /*SHD*/ + [__, R1, R2, __, R4], + /*SCC*/ + [R0, R1, __, __, R4], + /*SFI*/ + [__, R1, R2, __, R4], + /*SAD*/ + [__, R1, R2, R3, R4], + /*SER*/ + [__, R1, R2, __, R4] + ]; + ctTable[tls.ConnectionEnd.server] = [ + // CC,AL,HS,AD + /*CHE*/ + [__, R1, R2, __, R4], + /*CCE*/ + [__, R1, R2, __, R4], + /*CKE*/ + [__, R1, R2, __, R4], + /*CCV*/ + [__, R1, R2, __, R4], + /*CCC*/ + [R0, R1, __, __, R4], + /*CFI*/ + [__, R1, R2, __, R4], + /*CAD*/ + [__, R1, R2, R3, R4], + /*CER*/ + [__, R1, R2, __, R4] + ]; + var H0 = tls.handleHelloRequest; + var H1 = tls.handleServerHello; + var H2 = tls.handleCertificate; + var H3 = tls.handleServerKeyExchange; + var H4 = tls.handleCertificateRequest; + var H5 = tls.handleServerHelloDone; + var H6 = tls.handleFinished; + var hsTable = []; + hsTable[tls.ConnectionEnd.client] = [ + // HR,01,SH,03,04,05,06,07,08,09,10,SC,SK,CR,HD,15,CK,17,18,19,FI + /*SHE*/ + [__, __, H1, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __], + /*SCE*/ + [H0, __, __, __, __, __, __, __, __, __, __, H2, H3, H4, H5, __, __, __, __, __, __], + /*SKE*/ + [H0, __, __, __, __, __, __, __, __, __, __, __, H3, H4, H5, __, __, __, __, __, __], + /*SCR*/ + [H0, __, __, __, __, __, __, __, __, __, __, __, __, H4, H5, __, __, __, __, __, __], + /*SHD*/ + [H0, __, __, __, __, __, __, __, __, __, __, __, __, __, H5, __, __, __, __, __, __], + /*SCC*/ + [H0, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __], + /*SFI*/ + [H0, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, H6], + /*SAD*/ + [H0, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __], + /*SER*/ + [H0, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __] + ]; + var H7 = tls.handleClientHello; + var H8 = tls.handleClientKeyExchange; + var H9 = tls.handleCertificateVerify; + hsTable[tls.ConnectionEnd.server] = [ + // 01,CH,02,03,04,05,06,07,08,09,10,CC,12,13,14,CV,CK,17,18,19,FI + /*CHE*/ + [__, H7, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __], + /*CCE*/ + [__, __, __, __, __, __, __, __, __, __, __, H2, __, __, __, __, __, __, __, __, __], + /*CKE*/ + [__, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, H8, __, __, __, __], + /*CCV*/ + [__, __, __, __, __, __, __, __, __, __, __, __, __, __, __, H9, __, __, __, __, __], + /*CCC*/ + [__, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __], + /*CFI*/ + [__, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, H6], + /*CAD*/ + [__, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __], + /*CER*/ + [__, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __] + ]; + tls.generateKeys = function(c, sp) { + var prf = prf_TLS1; + var random = sp.client_random + sp.server_random; + if (!c.session.resuming) { + sp.master_secret = prf( + sp.pre_master_secret, + "master secret", + random, + 48 + ).bytes(); + sp.pre_master_secret = null; } - if (!("localKeyId" in options)) { - options.localKeyId = null; + random = sp.server_random + sp.client_random; + var length = 2 * sp.mac_key_length + 2 * sp.enc_key_length; + var tls10 = c.version.major === tls.Versions.TLS_1_0.major && c.version.minor === tls.Versions.TLS_1_0.minor; + if (tls10) { + length += 2 * sp.fixed_iv_length; } - if (!("generateLocalKeyId" in options)) { - options.generateLocalKeyId = true; + var km = prf(sp.master_secret, "key expansion", random, length); + var rval = { + client_write_MAC_key: km.getBytes(sp.mac_key_length), + server_write_MAC_key: km.getBytes(sp.mac_key_length), + client_write_key: km.getBytes(sp.enc_key_length), + server_write_key: km.getBytes(sp.enc_key_length) + }; + if (tls10) { + rval.client_write_IV = km.getBytes(sp.fixed_iv_length); + rval.server_write_IV = km.getBytes(sp.fixed_iv_length); } - var localKeyId = options.localKeyId; - var bagAttrs; - if (localKeyId !== null) { - localKeyId = forge.util.hexToBytes(localKeyId); - } else if (options.generateLocalKeyId) { - if (cert) { - var pairedCert = forge.util.isArray(cert) ? cert[0] : cert; - if (typeof pairedCert === "string") { - pairedCert = pki2.certificateFromPem(pairedCert); + return rval; + }; + tls.createConnectionState = function(c) { + var client = c.entity === tls.ConnectionEnd.client; + var createMode = function() { + var mode = { + // two 32-bit numbers, first is most significant + sequenceNumber: [0, 0], + macKey: null, + macLength: 0, + macFunction: null, + cipherState: null, + cipherFunction: function(record) { + return true; + }, + compressionState: null, + compressFunction: function(record) { + return true; + }, + updateSequenceNumber: function() { + if (mode.sequenceNumber[1] === 4294967295) { + mode.sequenceNumber[1] = 0; + ++mode.sequenceNumber[0]; + } else { + ++mode.sequenceNumber[1]; + } } - var sha1 = forge.md.sha1.create(); - sha1.update(asn1.toDer(pki2.certificateToAsn1(pairedCert)).getBytes()); - localKeyId = sha1.digest().getBytes(); - } else { - localKeyId = forge.random.getBytes(20); + }; + return mode; + }; + var state = { + read: createMode(), + write: createMode() + }; + state.read.update = function(c2, record) { + if (!state.read.cipherFunction(record, state.read)) { + c2.error(c2, { + message: "Could not decrypt record or bad MAC.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + // doesn't matter if decryption failed or MAC was + // invalid, return the same error so as not to reveal + // which one occurred + description: tls.Alert.Description.bad_record_mac + } + }); + } else if (!state.read.compressFunction(c2, record, state.read)) { + c2.error(c2, { + message: "Could not decompress record.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.decompression_failure + } + }); + } + return !c2.fail; + }; + state.write.update = function(c2, record) { + if (!state.write.compressFunction(c2, record, state.write)) { + c2.error(c2, { + message: "Could not compress record.", + send: false, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.internal_error + } + }); + } else if (!state.write.cipherFunction(record, state.write)) { + c2.error(c2, { + message: "Could not encrypt record.", + send: false, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.internal_error + } + }); + } + return !c2.fail; + }; + if (c.session) { + var sp = c.session.sp; + c.session.cipherSuite.initSecurityParameters(sp); + sp.keys = tls.generateKeys(c, sp); + state.read.macKey = client ? sp.keys.server_write_MAC_key : sp.keys.client_write_MAC_key; + state.write.macKey = client ? sp.keys.client_write_MAC_key : sp.keys.server_write_MAC_key; + c.session.cipherSuite.initConnectionState(state, c, sp); + switch (sp.compression_algorithm) { + case tls.CompressionMethod.none: + break; + case tls.CompressionMethod.deflate: + state.read.compressFunction = inflate; + state.write.compressFunction = deflate; + break; + default: + throw new Error("Unsupported compression algorithm."); } } - var attrs = []; - if (localKeyId !== null) { - attrs.push( - // localKeyID - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // attrId - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(pki2.oids.localKeyId).getBytes() - ), - // attrValues - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [ - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OCTETSTRING, - false, - localKeyId - ) - ]) - ]) - ); - } - if ("friendlyName" in options) { - attrs.push( - // friendlyName - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // attrId - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(pki2.oids.friendlyName).getBytes() - ), - // attrValues - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [ - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.BMPSTRING, - false, - options.friendlyName - ) - ]) - ]) - ); - } - if (attrs.length > 0) { - bagAttrs = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, attrs); - } - var contents = []; - var chain = []; - if (cert !== null) { - if (forge.util.isArray(cert)) { - chain = cert; - } else { - chain = [cert]; - } - } - var certSafeBags = []; - for (var i = 0; i < chain.length; ++i) { - cert = chain[i]; - if (typeof cert === "string") { - cert = pki2.certificateFromPem(cert); - } - var certBagAttrs = i === 0 ? bagAttrs : void 0; - var certAsn1 = pki2.certificateToAsn1(cert); - var certSafeBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // bagId - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(pki2.oids.certBag).getBytes() - ), - // bagValue - asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ - // CertBag - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // certId - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(pki2.oids.x509Certificate).getBytes() - ), - // certValue (x509Certificate) - asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OCTETSTRING, - false, - asn1.toDer(certAsn1).getBytes() - ) - ]) - ]) - ]), - // bagAttributes (OPTIONAL) - certBagAttrs - ]); - certSafeBags.push(certSafeBag); - } - if (certSafeBags.length > 0) { - var certSafeContents = asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.SEQUENCE, - true, - certSafeBags - ); - var certCI = ( - // PKCS#7 ContentInfo - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // contentType - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - // OID for the content type is 'data' - asn1.oidToDer(pki2.oids.data).getBytes() - ), - // content - asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OCTETSTRING, - false, - asn1.toDer(certSafeContents).getBytes() - ) - ]) - ]) - ); - contents.push(certCI); - } - var keyBag = null; - if (key !== null) { - var pkAsn1 = pki2.wrapRsaPrivateKey(pki2.privateKeyToAsn1(key)); - if (password === null) { - keyBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // bagId - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(pki2.oids.keyBag).getBytes() - ), - // bagValue - asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ - // PrivateKeyInfo - pkAsn1 - ]), - // bagAttributes (OPTIONAL) - bagAttrs - ]); - } else { - keyBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // bagId - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(pki2.oids.pkcs8ShroudedKeyBag).getBytes() - ), - // bagValue - asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ - // EncryptedPrivateKeyInfo - pki2.encryptPrivateKeyInfo(pkAsn1, password, options) - ]), - // bagAttributes (OPTIONAL) - bagAttrs - ]); - } - var keySafeContents = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [keyBag]); - var keyCI = ( - // PKCS#7 ContentInfo - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // contentType - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - // OID for the content type is 'data' - asn1.oidToDer(pki2.oids.data).getBytes() - ), - // content - asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OCTETSTRING, - false, - asn1.toDer(keySafeContents).getBytes() - ) - ]) - ]) - ); - contents.push(keyCI); - } - var safe = asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.SEQUENCE, - true, - contents - ); - var macData; - if (options.useMac) { - var sha1 = forge.md.sha1.create(); - var macSalt = new forge.util.ByteBuffer( - forge.random.getBytes(options.saltSize) - ); - var count = options.count; - var key = p12.generateKey(password, macSalt, 3, count, 20); - var mac = forge.hmac.create(); - mac.start(sha1, key); - mac.update(asn1.toDer(safe).getBytes()); - var macValue = mac.getMac(); - macData = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // mac DigestInfo - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // digestAlgorithm - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // algorithm = SHA-1 - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - asn1.oidToDer(pki2.oids.sha1).getBytes() - ), - // parameters = Null - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, "") - ]), - // digest - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OCTETSTRING, - false, - macValue.getBytes() - ) - ]), - // macSalt OCTET STRING - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OCTETSTRING, - false, - macSalt.getBytes() - ), - // iterations INTEGER (XXX: Only support count < 65536) - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.INTEGER, - false, - asn1.integerToDer(count).getBytes() - ) - ]); - } - return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // version (3) - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.INTEGER, - false, - asn1.integerToDer(3).getBytes() - ), - // PKCS#7 ContentInfo - asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ - // contentType - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OID, - false, - // OID for the content type is 'data' - asn1.oidToDer(pki2.oids.data).getBytes() - ), - // content - asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ - asn1.create( - asn1.Class.UNIVERSAL, - asn1.Type.OCTETSTRING, - false, - asn1.toDer(safe).getBytes() - ) - ]) - ]), - macData - ]); + return state; }; - p12.generateKey = forge.pbe.generatePkcs12Key; - } -}); - -// node_modules/node-forge/lib/pki.js -var require_pki = __commonJS({ - "node_modules/node-forge/lib/pki.js"(exports2, module2) { - var forge = require_forge(); - require_asn1(); - require_oids(); - require_pbe(); - require_pem(); - require_pbkdf2(); - require_pkcs12(); - require_pss(); - require_rsa(); - require_util9(); - require_x509(); - var asn1 = forge.asn1; - var pki2 = module2.exports = forge.pki = forge.pki || {}; - pki2.pemToDer = function(pem) { - var msg = forge.pem.decode(pem)[0]; - if (msg.procType && msg.procType.type === "ENCRYPTED") { - throw new Error("Could not convert PEM to DER; PEM is encrypted."); - } - return forge.util.createBuffer(msg.body); + tls.createRandom = function() { + var d = /* @__PURE__ */ new Date(); + var utc = +d + d.getTimezoneOffset() * 6e4; + var rval = forge.util.createBuffer(); + rval.putInt32(utc); + rval.putBytes(forge.random.getBytes(28)); + return rval; }; - pki2.privateKeyFromPem = function(pem) { - var msg = forge.pem.decode(pem)[0]; - if (msg.type !== "PRIVATE KEY" && msg.type !== "RSA PRIVATE KEY") { - var error3 = new Error('Could not convert private key from PEM; PEM header type is not "PRIVATE KEY" or "RSA PRIVATE KEY".'); - error3.headerType = msg.type; - throw error3; - } - if (msg.procType && msg.procType.type === "ENCRYPTED") { - throw new Error("Could not convert private key from PEM; PEM is encrypted."); + tls.createRecord = function(c, options) { + if (!options.data) { + return null; } - var obj = asn1.fromDer(msg.body); - return pki2.privateKeyFromAsn1(obj); - }; - pki2.privateKeyToPem = function(key, maxline) { - var msg = { - type: "RSA PRIVATE KEY", - body: asn1.toDer(pki2.privateKeyToAsn1(key)).getBytes() + var record = { + type: options.type, + version: { + major: c.version.major, + minor: c.version.minor + }, + length: options.data.length(), + fragment: options.data }; - return forge.pem.encode(msg, { maxline }); + return record; }; - pki2.privateKeyInfoToPem = function(pki3, maxline) { - var msg = { - type: "PRIVATE KEY", - body: asn1.toDer(pki3).getBytes() - }; - return forge.pem.encode(msg, { maxline }); + tls.createAlert = function(c, alert) { + var b = forge.util.createBuffer(); + b.putByte(alert.level); + b.putByte(alert.description); + return tls.createRecord(c, { + type: tls.ContentType.alert, + data: b + }); }; - } -}); - -// node_modules/node-forge/lib/tls.js -var require_tls = __commonJS({ - "node_modules/node-forge/lib/tls.js"(exports2, module2) { - var forge = require_forge(); - require_asn1(); - require_hmac(); - require_md5(); - require_pem(); - require_pki(); - require_random(); - require_sha1(); - require_util9(); - var prf_TLS1 = function(secret, label, seed, length) { - var rval = forge.util.createBuffer(); - var idx = secret.length >> 1; - var slen = idx + (secret.length & 1); - var s1 = secret.substr(0, slen); - var s2 = secret.substr(idx, slen); - var ai = forge.util.createBuffer(); - var hmac = forge.hmac.create(); - seed = label + seed; - var md5itr = Math.ceil(length / 16); - var sha1itr = Math.ceil(length / 20); - hmac.start("MD5", s1); - var md5bytes = forge.util.createBuffer(); - ai.putBytes(seed); - for (var i = 0; i < md5itr; ++i) { - hmac.start(null, null); - hmac.update(ai.getBytes()); - ai.putBuffer(hmac.digest()); - hmac.start(null, null); - hmac.update(ai.bytes() + seed); - md5bytes.putBuffer(hmac.digest()); + tls.createClientHello = function(c) { + c.session.clientHelloVersion = { + major: c.version.major, + minor: c.version.minor + }; + var cipherSuites = forge.util.createBuffer(); + for (var i = 0; i < c.cipherSuites.length; ++i) { + var cs = c.cipherSuites[i]; + cipherSuites.putByte(cs.id[0]); + cipherSuites.putByte(cs.id[1]); } - hmac.start("SHA1", s2); - var sha1bytes = forge.util.createBuffer(); - ai.clear(); - ai.putBytes(seed); - for (var i = 0; i < sha1itr; ++i) { - hmac.start(null, null); - hmac.update(ai.getBytes()); - ai.putBuffer(hmac.digest()); - hmac.start(null, null); - hmac.update(ai.bytes() + seed); - sha1bytes.putBuffer(hmac.digest()); + var cSuites = cipherSuites.length(); + var compressionMethods = forge.util.createBuffer(); + compressionMethods.putByte(tls.CompressionMethod.none); + var cMethods = compressionMethods.length(); + var extensions = forge.util.createBuffer(); + if (c.virtualHost) { + var ext = forge.util.createBuffer(); + ext.putByte(0); + ext.putByte(0); + var serverName = forge.util.createBuffer(); + serverName.putByte(0); + writeVector(serverName, 2, forge.util.createBuffer(c.virtualHost)); + var snList = forge.util.createBuffer(); + writeVector(snList, 2, serverName); + writeVector(ext, 2, snList); + extensions.putBuffer(ext); } - rval.putBytes(forge.util.xorBytes( - md5bytes.getBytes(), - sha1bytes.getBytes(), - length - )); - return rval; - }; - var hmac_sha1 = function(key2, seqNum, record) { - var hmac = forge.hmac.create(); - hmac.start("SHA1", key2); - var b = forge.util.createBuffer(); - b.putInt32(seqNum[0]); - b.putInt32(seqNum[1]); - b.putByte(record.type); - b.putByte(record.version.major); - b.putByte(record.version.minor); - b.putInt16(record.length); - b.putBytes(record.fragment.bytes()); - hmac.update(b.getBytes()); - return hmac.digest().getBytes(); - }; - var deflate = function(c, record, s) { - var rval = false; - try { - var bytes = c.deflate(record.fragment.getBytes()); - record.fragment = forge.util.createBuffer(bytes); - record.length = bytes.length; - rval = true; - } catch (ex) { + var extLength = extensions.length(); + if (extLength > 0) { + extLength += 2; + } + var sessionId = c.session.id; + var length = sessionId.length + 1 + // session ID vector + 2 + // version (major + minor) + 4 + 28 + // random time and random bytes + 2 + cSuites + // cipher suites vector + 1 + cMethods + // compression methods vector + extLength; + var rval = forge.util.createBuffer(); + rval.putByte(tls.HandshakeType.client_hello); + rval.putInt24(length); + rval.putByte(c.version.major); + rval.putByte(c.version.minor); + rval.putBytes(c.session.sp.client_random); + writeVector(rval, 1, forge.util.createBuffer(sessionId)); + writeVector(rval, 2, cipherSuites); + writeVector(rval, 1, compressionMethods); + if (extLength > 0) { + writeVector(rval, 2, extensions); } return rval; }; - var inflate = function(c, record, s) { - var rval = false; - try { - var bytes = c.inflate(record.fragment.getBytes()); - record.fragment = forge.util.createBuffer(bytes); - record.length = bytes.length; - rval = true; - } catch (ex) { - } + tls.createServerHello = function(c) { + var sessionId = c.session.id; + var length = sessionId.length + 1 + // session ID vector + 2 + // version (major + minor) + 4 + 28 + // random time and random bytes + 2 + // chosen cipher suite + 1; + var rval = forge.util.createBuffer(); + rval.putByte(tls.HandshakeType.server_hello); + rval.putInt24(length); + rval.putByte(c.version.major); + rval.putByte(c.version.minor); + rval.putBytes(c.session.sp.server_random); + writeVector(rval, 1, forge.util.createBuffer(sessionId)); + rval.putByte(c.session.cipherSuite.id[0]); + rval.putByte(c.session.cipherSuite.id[1]); + rval.putByte(c.session.compressionMethod); return rval; }; - var readVector = function(b, lenBytes) { - var len = 0; - switch (lenBytes) { - case 1: - len = b.getByte(); - break; - case 2: - len = b.getInt16(); - break; - case 3: - len = b.getInt24(); - break; - case 4: - len = b.getInt32(); - break; - } - return forge.util.createBuffer(b.getBytes(len)); - }; - var writeVector = function(b, lenBytes, v) { - b.putInt(v.length(), lenBytes << 3); - b.putBuffer(v); - }; - var tls = {}; - tls.Versions = { - TLS_1_0: { major: 3, minor: 1 }, - TLS_1_1: { major: 3, minor: 2 }, - TLS_1_2: { major: 3, minor: 3 } - }; - tls.SupportedVersions = [ - tls.Versions.TLS_1_1, - tls.Versions.TLS_1_0 - ]; - tls.Version = tls.SupportedVersions[0]; - tls.MaxFragment = 16384 - 1024; - tls.ConnectionEnd = { - server: 0, - client: 1 - }; - tls.PRFAlgorithm = { - tls_prf_sha256: 0 - }; - tls.BulkCipherAlgorithm = { - none: null, - rc4: 0, - des3: 1, - aes: 2 - }; - tls.CipherType = { - stream: 0, - block: 1, - aead: 2 - }; - tls.MACAlgorithm = { - none: null, - hmac_md5: 0, - hmac_sha1: 1, - hmac_sha256: 2, - hmac_sha384: 3, - hmac_sha512: 4 - }; - tls.CompressionMethod = { - none: 0, - deflate: 1 - }; - tls.ContentType = { - change_cipher_spec: 20, - alert: 21, - handshake: 22, - application_data: 23, - heartbeat: 24 - }; - tls.HandshakeType = { - hello_request: 0, - client_hello: 1, - server_hello: 2, - certificate: 11, - server_key_exchange: 12, - certificate_request: 13, - server_hello_done: 14, - certificate_verify: 15, - client_key_exchange: 16, - finished: 20 - }; - tls.Alert = {}; - tls.Alert.Level = { - warning: 1, - fatal: 2 - }; - tls.Alert.Description = { - close_notify: 0, - unexpected_message: 10, - bad_record_mac: 20, - decryption_failed: 21, - record_overflow: 22, - decompression_failure: 30, - handshake_failure: 40, - bad_certificate: 42, - unsupported_certificate: 43, - certificate_revoked: 44, - certificate_expired: 45, - certificate_unknown: 46, - illegal_parameter: 47, - unknown_ca: 48, - access_denied: 49, - decode_error: 50, - decrypt_error: 51, - export_restriction: 60, - protocol_version: 70, - insufficient_security: 71, - internal_error: 80, - user_canceled: 90, - no_renegotiation: 100 - }; - tls.HeartbeatMessageType = { - heartbeat_request: 1, - heartbeat_response: 2 - }; - tls.CipherSuites = {}; - tls.getCipherSuite = function(twoBytes) { - var rval = null; - for (var key2 in tls.CipherSuites) { - var cs = tls.CipherSuites[key2]; - if (cs.id[0] === twoBytes.charCodeAt(0) && cs.id[1] === twoBytes.charCodeAt(1)) { - rval = cs; - break; - } - } - return rval; - }; - tls.handleUnexpected = function(c, record) { - var ignore = !c.open && c.entity === tls.ConnectionEnd.client; - if (!ignore) { - c.error(c, { - message: "Unexpected message. Received TLS record out of order.", - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.unexpected_message - } - }); - } - }; - tls.handleHelloRequest = function(c, record, length) { - if (!c.handshaking && c.handshakes > 0) { - tls.queue(c, tls.createAlert(c, { - level: tls.Alert.Level.warning, - description: tls.Alert.Description.no_renegotiation - })); - tls.flush(c); - } - c.process(); - }; - tls.parseHelloMessage = function(c, record, length) { - var msg = null; + tls.createCertificate = function(c) { var client = c.entity === tls.ConnectionEnd.client; - if (length < 38) { - c.error(c, { - message: client ? "Invalid ServerHello message. Message too short." : "Invalid ClientHello message. Message too short.", - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.illegal_parameter - } - }); - } else { - var b = record.fragment; - var remaining = b.length(); - msg = { - version: { - major: b.getByte(), - minor: b.getByte() - }, - random: forge.util.createBuffer(b.getBytes(32)), - session_id: readVector(b, 1), - extensions: [] - }; + var cert = null; + if (c.getCertificate) { + var hint; if (client) { - msg.cipher_suite = b.getBytes(2); - msg.compression_method = b.getByte(); + hint = c.session.certificateRequest; } else { - msg.cipher_suites = readVector(b, 2); - msg.compression_methods = readVector(b, 1); + hint = c.session.extensions.server_name.serverNameList; } - remaining = length - (remaining - b.length()); - if (remaining > 0) { - var exts = readVector(b, 2); - while (exts.length() > 0) { - msg.extensions.push({ - type: [exts.getByte(), exts.getByte()], - data: readVector(exts, 2) - }); + cert = c.getCertificate(c, hint); + } + var certList = forge.util.createBuffer(); + if (cert !== null) { + try { + if (!forge.util.isArray(cert)) { + cert = [cert]; } - if (!client) { - for (var i = 0; i < msg.extensions.length; ++i) { - var ext = msg.extensions[i]; - if (ext.type[0] === 0 && ext.type[1] === 0) { - var snl = readVector(ext.data, 2); - while (snl.length() > 0) { - var snType = snl.getByte(); - if (snType !== 0) { - break; - } - c.session.extensions.server_name.serverNameList.push( - readVector(snl, 2).getBytes() - ); - } - } + var asn1 = null; + for (var i = 0; i < cert.length; ++i) { + var msg = forge.pem.decode(cert[i])[0]; + if (msg.type !== "CERTIFICATE" && msg.type !== "X509 CERTIFICATE" && msg.type !== "TRUSTED CERTIFICATE") { + var error3 = new Error('Could not convert certificate from PEM; PEM header type is not "CERTIFICATE", "X509 CERTIFICATE", or "TRUSTED CERTIFICATE".'); + error3.headerType = msg.type; + throw error3; + } + if (msg.procType && msg.procType.type === "ENCRYPTED") { + throw new Error("Could not convert certificate from PEM; PEM is encrypted."); + } + var der = forge.util.createBuffer(msg.body); + if (asn1 === null) { + asn1 = forge.asn1.fromDer(der.bytes(), false); } + var certBuffer = forge.util.createBuffer(); + writeVector(certBuffer, 3, der); + certList.putBuffer(certBuffer); + } + cert = forge.pki.certificateFromAsn1(asn1); + if (client) { + c.session.clientCertificate = cert; + } else { + c.session.serverCertificate = cert; } + } catch (ex) { + return c.error(c, { + message: "Could not send certificate list.", + cause: ex, + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.bad_certificate + } + }); } - if (c.session.version) { - if (msg.version.major !== c.session.version.major || msg.version.minor !== c.session.version.minor) { - return c.error(c, { - message: "TLS version change is disallowed during renegotiation.", + } + var length = 3 + certList.length(); + var rval = forge.util.createBuffer(); + rval.putByte(tls.HandshakeType.certificate); + rval.putInt24(length); + writeVector(rval, 3, certList); + return rval; + }; + tls.createClientKeyExchange = function(c) { + var b = forge.util.createBuffer(); + b.putByte(c.session.clientHelloVersion.major); + b.putByte(c.session.clientHelloVersion.minor); + b.putBytes(forge.random.getBytes(46)); + var sp = c.session.sp; + sp.pre_master_secret = b.getBytes(); + var key2 = c.session.serverCertificate.publicKey; + b = key2.encrypt(sp.pre_master_secret); + var length = b.length + 2; + var rval = forge.util.createBuffer(); + rval.putByte(tls.HandshakeType.client_key_exchange); + rval.putInt24(length); + rval.putInt16(b.length); + rval.putBytes(b); + return rval; + }; + tls.createServerKeyExchange = function(c) { + var length = 0; + var rval = forge.util.createBuffer(); + if (length > 0) { + rval.putByte(tls.HandshakeType.server_key_exchange); + rval.putInt24(length); + } + return rval; + }; + tls.getClientSignature = function(c, callback) { + var b = forge.util.createBuffer(); + b.putBuffer(c.session.md5.digest()); + b.putBuffer(c.session.sha1.digest()); + b = b.getBytes(); + c.getSignature = c.getSignature || function(c2, b2, callback2) { + var privateKey = null; + if (c2.getPrivateKey) { + try { + privateKey = c2.getPrivateKey(c2, c2.session.clientCertificate); + privateKey = forge.pki.privateKeyFromPem(privateKey); + } catch (ex) { + c2.error(c2, { + message: "Could not get private key.", + cause: ex, send: true, alert: { level: tls.Alert.Level.fatal, - description: tls.Alert.Description.protocol_version + description: tls.Alert.Description.internal_error } }); } } - if (client) { - c.session.cipherSuite = tls.getCipherSuite(msg.cipher_suite); - } else { - var tmp = forge.util.createBuffer(msg.cipher_suites.bytes()); - while (tmp.length() > 0) { - c.session.cipherSuite = tls.getCipherSuite(tmp.getBytes(2)); - if (c.session.cipherSuite !== null) { - break; - } - } - } - if (c.session.cipherSuite === null) { - return c.error(c, { - message: "No cipher suites in common.", + if (privateKey === null) { + c2.error(c2, { + message: "No private key set.", send: true, alert: { level: tls.Alert.Level.fatal, - description: tls.Alert.Description.handshake_failure - }, - cipherSuite: forge.util.bytesToHex(msg.cipher_suite) + description: tls.Alert.Description.internal_error + } }); - } - if (client) { - c.session.compressionMethod = msg.compression_method; } else { - c.session.compressionMethod = tls.CompressionMethod.none; + b2 = privateKey.sign(b2, null); } + callback2(c2, b2); + }; + c.getSignature(c, b, callback); + }; + tls.createCertificateVerify = function(c, signature) { + var length = signature.length + 2; + var rval = forge.util.createBuffer(); + rval.putByte(tls.HandshakeType.certificate_verify); + rval.putInt24(length); + rval.putInt16(signature.length); + rval.putBytes(signature); + return rval; + }; + tls.createCertificateRequest = function(c) { + var certTypes = forge.util.createBuffer(); + certTypes.putByte(1); + var cAs = forge.util.createBuffer(); + for (var key2 in c.caStore.certs) { + var cert = c.caStore.certs[key2]; + var dn = forge.pki.distinguishedNameToAsn1(cert.subject); + var byteBuffer = forge.asn1.toDer(dn); + cAs.putInt16(byteBuffer.length()); + cAs.putBuffer(byteBuffer); } - return msg; + var length = 1 + certTypes.length() + 2 + cAs.length(); + var rval = forge.util.createBuffer(); + rval.putByte(tls.HandshakeType.certificate_request); + rval.putInt24(length); + writeVector(rval, 1, certTypes); + writeVector(rval, 2, cAs); + return rval; }; - tls.createSecurityParameters = function(c, msg) { + tls.createServerHelloDone = function(c) { + var rval = forge.util.createBuffer(); + rval.putByte(tls.HandshakeType.server_hello_done); + rval.putInt24(0); + return rval; + }; + tls.createChangeCipherSpec = function() { + var rval = forge.util.createBuffer(); + rval.putByte(1); + return rval; + }; + tls.createFinished = function(c) { + var b = forge.util.createBuffer(); + b.putBuffer(c.session.md5.digest()); + b.putBuffer(c.session.sha1.digest()); var client = c.entity === tls.ConnectionEnd.client; - var msgRandom = msg.random.bytes(); - var cRandom = client ? c.session.sp.client_random : msgRandom; - var sRandom = client ? msgRandom : tls.createRandom().getBytes(); - c.session.sp = { - entity: c.entity, - prf_algorithm: tls.PRFAlgorithm.tls_prf_sha256, - bulk_cipher_algorithm: null, - cipher_type: null, - enc_key_length: null, - block_length: null, - fixed_iv_length: null, - record_iv_length: null, - mac_algorithm: null, - mac_length: null, - mac_key_length: null, - compression_algorithm: c.session.compressionMethod, - pre_master_secret: null, - master_secret: null, - client_random: cRandom, - server_random: sRandom - }; + var sp = c.session.sp; + var vdl = 12; + var prf = prf_TLS1; + var label = client ? "client finished" : "server finished"; + b = prf(sp.master_secret, label, b.getBytes(), vdl); + var rval = forge.util.createBuffer(); + rval.putByte(tls.HandshakeType.finished); + rval.putInt24(b.length()); + rval.putBuffer(b); + return rval; }; - tls.handleServerHello = function(c, record, length) { - var msg = tls.parseHelloMessage(c, record, length); - if (c.fail) { - return; - } - if (msg.version.minor <= c.version.minor) { - c.version.minor = msg.version.minor; - } else { - return c.error(c, { - message: "Incompatible TLS version.", - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.protocol_version - } - }); - } - c.session.version = c.version; - var sessionId = msg.session_id.bytes(); - if (sessionId.length > 0 && sessionId === c.session.id) { - c.expect = SCC; - c.session.resuming = true; - c.session.sp.server_random = msg.random.bytes(); - } else { - c.expect = SCE; - c.session.resuming = false; - tls.createSecurityParameters(c, msg); + tls.createHeartbeat = function(type2, payload, payloadLength) { + if (typeof payloadLength === "undefined") { + payloadLength = payload.length; } - c.session.id = sessionId; - c.process(); + var rval = forge.util.createBuffer(); + rval.putByte(type2); + rval.putInt16(payloadLength); + rval.putBytes(payload); + var plaintextLength = rval.length(); + var paddingLength = Math.max(16, plaintextLength - payloadLength - 3); + rval.putBytes(forge.random.getBytes(paddingLength)); + return rval; }; - tls.handleClientHello = function(c, record, length) { - var msg = tls.parseHelloMessage(c, record, length); - if (c.fail) { + tls.queue = function(c, record) { + if (!record) { return; } - var sessionId = msg.session_id.bytes(); - var session = null; - if (c.sessionCache) { - session = c.sessionCache.getSession(sessionId); - if (session === null) { - sessionId = ""; - } else if (session.version.major !== msg.version.major || session.version.minor > msg.version.minor) { - session = null; - sessionId = ""; + if (record.fragment.length() === 0) { + if (record.type === tls.ContentType.handshake || record.type === tls.ContentType.alert || record.type === tls.ContentType.change_cipher_spec) { + return; } } - if (sessionId.length === 0) { - sessionId = forge.random.getBytes(32); + if (record.type === tls.ContentType.handshake) { + var bytes = record.fragment.bytes(); + c.session.md5.update(bytes); + c.session.sha1.update(bytes); + bytes = null; } - c.session.id = sessionId; - c.session.clientHelloVersion = msg.version; - c.session.sp = {}; - if (session) { - c.version = c.session.version = session.version; - c.session.sp = session.sp; + var records; + if (record.fragment.length() <= tls.MaxFragment) { + records = [record]; } else { - var version; - for (var i = 1; i < tls.SupportedVersions.length; ++i) { - version = tls.SupportedVersions[i]; - if (version.minor <= msg.version.minor) { - break; - } + records = []; + var data = record.fragment.bytes(); + while (data.length > tls.MaxFragment) { + records.push(tls.createRecord(c, { + type: record.type, + data: forge.util.createBuffer(data.slice(0, tls.MaxFragment)) + })); + data = data.slice(tls.MaxFragment); + } + if (data.length > 0) { + records.push(tls.createRecord(c, { + type: record.type, + data: forge.util.createBuffer(data) + })); } - c.version = { major: version.major, minor: version.minor }; - c.session.version = c.version; } - if (session !== null) { - c.expect = CCC; - c.session.resuming = true; - c.session.sp.client_random = msg.random.bytes(); - } else { - c.expect = c.verifyClient !== false ? CCE : CKE; - c.session.resuming = false; - tls.createSecurityParameters(c, msg); + for (var i = 0; i < records.length && !c.fail; ++i) { + var rec = records[i]; + var s = c.state.current.write; + if (s.update(c, rec)) { + c.records.push(rec); + } } - c.open = true; - tls.queue(c, tls.createRecord(c, { - type: tls.ContentType.handshake, - data: tls.createServerHello(c) - })); - if (c.session.resuming) { - tls.queue(c, tls.createRecord(c, { - type: tls.ContentType.change_cipher_spec, - data: tls.createChangeCipherSpec() - })); - c.state.pending = tls.createConnectionState(c); - c.state.current.write = c.state.pending.write; - tls.queue(c, tls.createRecord(c, { - type: tls.ContentType.handshake, - data: tls.createFinished(c) - })); - } else { - tls.queue(c, tls.createRecord(c, { - type: tls.ContentType.handshake, - data: tls.createCertificate(c) - })); - if (!c.fail) { - tls.queue(c, tls.createRecord(c, { - type: tls.ContentType.handshake, - data: tls.createServerKeyExchange(c) - })); - if (c.verifyClient !== false) { - tls.queue(c, tls.createRecord(c, { - type: tls.ContentType.handshake, - data: tls.createCertificateRequest(c) - })); - } - tls.queue(c, tls.createRecord(c, { - type: tls.ContentType.handshake, - data: tls.createServerHelloDone(c) - })); - } - } - tls.flush(c); - c.process(); }; - tls.handleCertificate = function(c, record, length) { - if (length < 3) { - return c.error(c, { - message: "Invalid Certificate message. Message too short.", - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.illegal_parameter - } - }); - } - var b = record.fragment; - var msg = { - certificate_list: readVector(b, 3) - }; - var cert, asn1; - var certs = []; - try { - while (msg.certificate_list.length() > 0) { - cert = readVector(msg.certificate_list, 3); - asn1 = forge.asn1.fromDer(cert); - cert = forge.pki.certificateFromAsn1(asn1, true); - certs.push(cert); - } - } catch (ex) { - return c.error(c, { - message: "Could not parse certificate list.", - cause: ex, - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.bad_certificate - } - }); + tls.flush = function(c) { + for (var i = 0; i < c.records.length; ++i) { + var record = c.records[i]; + c.tlsData.putByte(record.type); + c.tlsData.putByte(record.version.major); + c.tlsData.putByte(record.version.minor); + c.tlsData.putInt16(record.fragment.length()); + c.tlsData.putBuffer(c.records[i].fragment); } - var client = c.entity === tls.ConnectionEnd.client; - if ((client || c.verifyClient === true) && certs.length === 0) { - c.error(c, { - message: client ? "No server certificate provided." : "No client certificate provided.", - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.illegal_parameter - } - }); - } else if (certs.length === 0) { - c.expect = client ? SKE : CKE; - } else { - if (client) { - c.session.serverCertificate = certs[0]; - } else { - c.session.clientCertificate = certs[0]; - } - if (tls.verifyCertificateChain(c, certs)) { - c.expect = client ? SKE : CKE; - } + c.records = []; + return c.tlsDataReady(c); + }; + var _certErrorToAlertDesc = function(error3) { + switch (error3) { + case true: + return true; + case forge.pki.certificateError.bad_certificate: + return tls.Alert.Description.bad_certificate; + case forge.pki.certificateError.unsupported_certificate: + return tls.Alert.Description.unsupported_certificate; + case forge.pki.certificateError.certificate_revoked: + return tls.Alert.Description.certificate_revoked; + case forge.pki.certificateError.certificate_expired: + return tls.Alert.Description.certificate_expired; + case forge.pki.certificateError.certificate_unknown: + return tls.Alert.Description.certificate_unknown; + case forge.pki.certificateError.unknown_ca: + return tls.Alert.Description.unknown_ca; + default: + return tls.Alert.Description.bad_certificate; } - c.process(); }; - tls.handleServerKeyExchange = function(c, record, length) { - if (length > 0) { - return c.error(c, { - message: "Invalid key parameters. Only RSA is supported.", - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.unsupported_certificate - } - }); + var _alertDescToCertError = function(desc) { + switch (desc) { + case true: + return true; + case tls.Alert.Description.bad_certificate: + return forge.pki.certificateError.bad_certificate; + case tls.Alert.Description.unsupported_certificate: + return forge.pki.certificateError.unsupported_certificate; + case tls.Alert.Description.certificate_revoked: + return forge.pki.certificateError.certificate_revoked; + case tls.Alert.Description.certificate_expired: + return forge.pki.certificateError.certificate_expired; + case tls.Alert.Description.certificate_unknown: + return forge.pki.certificateError.certificate_unknown; + case tls.Alert.Description.unknown_ca: + return forge.pki.certificateError.unknown_ca; + default: + return forge.pki.certificateError.bad_certificate; } - c.expect = SCR; - c.process(); }; - tls.handleClientKeyExchange = function(c, record, length) { - if (length < 48) { - return c.error(c, { - message: "Invalid key parameters. Only RSA is supported.", - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.unsupported_certificate + tls.verifyCertificateChain = function(c, chain) { + try { + var options = {}; + for (var key2 in c.verifyOptions) { + options[key2] = c.verifyOptions[key2]; + } + options.verify = function(vfd, depth, chain2) { + var desc = _certErrorToAlertDesc(vfd); + var ret = c.verify(c, vfd, depth, chain2); + if (ret !== true) { + if (typeof ret === "object" && !forge.util.isArray(ret)) { + var error3 = new Error("The application rejected the certificate."); + error3.send = true; + error3.alert = { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.bad_certificate + }; + if (ret.message) { + error3.message = ret.message; + } + if (ret.alert) { + error3.alert.description = ret.alert; + } + throw error3; + } + if (ret !== vfd) { + ret = _alertDescToCertError(ret); + } } - }); - } - var b = record.fragment; - var msg = { - enc_pre_master_secret: readVector(b, 2).getBytes() - }; - var privateKey = null; - if (c.getPrivateKey) { - try { - privateKey = c.getPrivateKey(c, c.session.serverCertificate); - privateKey = forge.pki.privateKeyFromPem(privateKey); - } catch (ex) { - c.error(c, { - message: "Could not get private key.", - cause: ex, + return ret; + }; + forge.pki.verifyCertificateChain(c.caStore, chain, options); + } catch (ex) { + var err = ex; + if (typeof err !== "object" || forge.util.isArray(err)) { + err = { send: true, alert: { level: tls.Alert.Level.fatal, - description: tls.Alert.Description.internal_error + description: _certErrorToAlertDesc(ex) } - }); + }; } - } - if (privateKey === null) { - return c.error(c, { - message: "No private key set.", - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.internal_error - } - }); - } - try { - var sp = c.session.sp; - sp.pre_master_secret = privateKey.decrypt(msg.enc_pre_master_secret); - var version = c.session.clientHelloVersion; - if (version.major !== sp.pre_master_secret.charCodeAt(0) || version.minor !== sp.pre_master_secret.charCodeAt(1)) { - throw new Error("TLS version rollback attack detected."); + if (!("send" in err)) { + err.send = true; } - } catch (ex) { - sp.pre_master_secret = forge.random.getBytes(48); - } - c.expect = CCC; - if (c.session.clientCertificate !== null) { - c.expect = CCV; - } - c.process(); - }; - tls.handleCertificateRequest = function(c, record, length) { - if (length < 3) { - return c.error(c, { - message: "Invalid CertificateRequest. Message too short.", - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.illegal_parameter - } - }); - } - var b = record.fragment; - var msg = { - certificate_types: readVector(b, 1), - certificate_authorities: readVector(b, 2) - }; - c.session.certificateRequest = msg; - c.expect = SHD; - c.process(); - }; - tls.handleCertificateVerify = function(c, record, length) { - if (length < 2) { - return c.error(c, { - message: "Invalid CertificateVerify. Message too short.", - send: true, - alert: { + if (!("alert" in err)) { + err.alert = { level: tls.Alert.Level.fatal, - description: tls.Alert.Description.illegal_parameter - } - }); - } - var b = record.fragment; - b.read -= 4; - var msgBytes = b.bytes(); - b.read += 4; - var msg = { - signature: readVector(b, 2).getBytes() - }; - var verify = forge.util.createBuffer(); - verify.putBuffer(c.session.md5.digest()); - verify.putBuffer(c.session.sha1.digest()); - verify = verify.getBytes(); - try { - var cert = c.session.clientCertificate; - if (!cert.publicKey.verify(verify, msg.signature, "NONE")) { - throw new Error("CertificateVerify signature does not match."); + description: _certErrorToAlertDesc(err.error) + }; } - c.session.md5.update(msgBytes); - c.session.sha1.update(msgBytes); - } catch (ex) { - return c.error(c, { - message: "Bad signature in CertificateVerify.", - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.handshake_failure - } - }); + c.error(c, err); } - c.expect = CCC; - c.process(); + return !c.fail; }; - tls.handleServerHelloDone = function(c, record, length) { - if (length > 0) { - return c.error(c, { - message: "Invalid ServerHelloDone message. Invalid length.", - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.record_overflow + tls.createSessionCache = function(cache, capacity) { + var rval = null; + if (cache && cache.getSession && cache.setSession && cache.order) { + rval = cache; + } else { + rval = {}; + rval.cache = cache || {}; + rval.capacity = Math.max(capacity || 100, 1); + rval.order = []; + for (var key2 in cache) { + if (rval.order.length <= capacity) { + rval.order.push(key2); + } else { + delete cache[key2]; } - }); - } - if (c.serverCertificate === null) { - var error3 = { - message: "No server certificate provided. Not enough security.", - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.insufficient_security + } + rval.getSession = function(sessionId) { + var session = null; + var key3 = null; + if (sessionId) { + key3 = forge.util.bytesToHex(sessionId); + } else if (rval.order.length > 0) { + key3 = rval.order[0]; } - }; - var depth = 0; - var ret = c.verify(c, error3.alert.description, depth, []); - if (ret !== true) { - if (ret || ret === 0) { - if (typeof ret === "object" && !forge.util.isArray(ret)) { - if (ret.message) { - error3.message = ret.message; - } - if (ret.alert) { - error3.alert.description = ret.alert; + if (key3 !== null && key3 in rval.cache) { + session = rval.cache[key3]; + delete rval.cache[key3]; + for (var i in rval.order) { + if (rval.order[i] === key3) { + rval.order.splice(i, 1); + break; } - } else if (typeof ret === "number") { - error3.alert.description = ret; } } - return c.error(c, error3); - } + return session; + }; + rval.setSession = function(sessionId, session) { + if (rval.order.length === rval.capacity) { + var key3 = rval.order.shift(); + delete rval.cache[key3]; + } + var key3 = forge.util.bytesToHex(sessionId); + rval.order.push(key3); + rval.cache[key3] = session; + }; } - if (c.session.certificateRequest !== null) { - record = tls.createRecord(c, { - type: tls.ContentType.handshake, - data: tls.createCertificate(c) - }); - tls.queue(c, record); + return rval; + }; + tls.createConnection = function(options) { + var caStore = null; + if (options.caStore) { + if (forge.util.isArray(options.caStore)) { + caStore = forge.pki.createCaStore(options.caStore); + } else { + caStore = options.caStore; + } + } else { + caStore = forge.pki.createCaStore(); } - record = tls.createRecord(c, { - type: tls.ContentType.handshake, - data: tls.createClientKeyExchange(c) - }); - tls.queue(c, record); - c.expect = SER; - var callback = function(c2, signature) { - if (c2.session.certificateRequest !== null && c2.session.clientCertificate !== null) { - tls.queue(c2, tls.createRecord(c2, { - type: tls.ContentType.handshake, - data: tls.createCertificateVerify(c2, signature) - })); + var cipherSuites = options.cipherSuites || null; + if (cipherSuites === null) { + cipherSuites = []; + for (var key2 in tls.CipherSuites) { + cipherSuites.push(tls.CipherSuites[key2]); } - tls.queue(c2, tls.createRecord(c2, { - type: tls.ContentType.change_cipher_spec, - data: tls.createChangeCipherSpec() - })); - c2.state.pending = tls.createConnectionState(c2); - c2.state.current.write = c2.state.pending.write; - tls.queue(c2, tls.createRecord(c2, { - type: tls.ContentType.handshake, - data: tls.createFinished(c2) - })); - c2.expect = SCC; - tls.flush(c2); - c2.process(); - }; - if (c.session.certificateRequest === null || c.session.clientCertificate === null) { - return callback(c, null); } - tls.getClientSignature(c, callback); - }; - tls.handleChangeCipherSpec = function(c, record) { - if (record.fragment.getByte() !== 1) { - return c.error(c, { - message: "Invalid ChangeCipherSpec message received.", - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.illegal_parameter + var entity = options.server || false ? tls.ConnectionEnd.server : tls.ConnectionEnd.client; + var sessionCache = options.sessionCache ? tls.createSessionCache(options.sessionCache) : null; + var c = { + version: { major: tls.Version.major, minor: tls.Version.minor }, + entity, + sessionId: options.sessionId, + caStore, + sessionCache, + cipherSuites, + connected: options.connected, + virtualHost: options.virtualHost || null, + verifyClient: options.verifyClient || false, + verify: options.verify || function(cn, vfd, dpth, cts) { + return vfd; + }, + verifyOptions: options.verifyOptions || {}, + getCertificate: options.getCertificate || null, + getPrivateKey: options.getPrivateKey || null, + getSignature: options.getSignature || null, + input: forge.util.createBuffer(), + tlsData: forge.util.createBuffer(), + data: forge.util.createBuffer(), + tlsDataReady: options.tlsDataReady, + dataReady: options.dataReady, + heartbeatReceived: options.heartbeatReceived, + closed: options.closed, + error: function(c2, ex) { + ex.origin = ex.origin || (c2.entity === tls.ConnectionEnd.client ? "client" : "server"); + if (ex.send) { + tls.queue(c2, tls.createAlert(c2, ex.alert)); + tls.flush(c2); } - }); - } - var client = c.entity === tls.ConnectionEnd.client; - if (c.session.resuming && client || !c.session.resuming && !client) { - c.state.pending = tls.createConnectionState(c); - } - c.state.current.read = c.state.pending.read; - if (!c.session.resuming && client || c.session.resuming && !client) { - c.state.pending = null; - } - c.expect = client ? SFI : CFI; - c.process(); - }; - tls.handleFinished = function(c, record, length) { - var b = record.fragment; - b.read -= 4; - var msgBytes = b.bytes(); - b.read += 4; - var vd = record.fragment.getBytes(); - b = forge.util.createBuffer(); - b.putBuffer(c.session.md5.digest()); - b.putBuffer(c.session.sha1.digest()); - var client = c.entity === tls.ConnectionEnd.client; - var label = client ? "server finished" : "client finished"; - var sp = c.session.sp; - var vdl = 12; - var prf = prf_TLS1; - b = prf(sp.master_secret, label, b.getBytes(), vdl); - if (b.getBytes() !== vd) { - return c.error(c, { - message: "Invalid verify_data in Finished message.", - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.decrypt_error + var fatal = ex.fatal !== false; + if (fatal) { + c2.fail = true; } - }); - } - c.session.md5.update(msgBytes); - c.session.sha1.update(msgBytes); - if (c.session.resuming && client || !c.session.resuming && !client) { - tls.queue(c, tls.createRecord(c, { - type: tls.ContentType.change_cipher_spec, - data: tls.createChangeCipherSpec() - })); - c.state.current.write = c.state.pending.write; - c.state.pending = null; - tls.queue(c, tls.createRecord(c, { - type: tls.ContentType.handshake, - data: tls.createFinished(c) - })); - } - c.expect = client ? SAD : CAD; - c.handshaking = false; - ++c.handshakes; - c.peerCertificate = client ? c.session.serverCertificate : c.session.clientCertificate; - tls.flush(c); - c.isConnected = true; - c.connected(c); - c.process(); - }; - tls.handleAlert = function(c, record) { - var b = record.fragment; - var alert = { - level: b.getByte(), - description: b.getByte() + options.error(c2, ex); + if (fatal) { + c2.close(false); + } + }, + deflate: options.deflate || null, + inflate: options.inflate || null }; - var msg; - switch (alert.description) { - case tls.Alert.Description.close_notify: - msg = "Connection closed."; - break; - case tls.Alert.Description.unexpected_message: - msg = "Unexpected message."; - break; - case tls.Alert.Description.bad_record_mac: - msg = "Bad record MAC."; - break; - case tls.Alert.Description.decryption_failed: - msg = "Decryption failed."; - break; - case tls.Alert.Description.record_overflow: - msg = "Record overflow."; - break; - case tls.Alert.Description.decompression_failure: - msg = "Decompression failed."; - break; - case tls.Alert.Description.handshake_failure: - msg = "Handshake failure."; - break; - case tls.Alert.Description.bad_certificate: - msg = "Bad certificate."; - break; - case tls.Alert.Description.unsupported_certificate: - msg = "Unsupported certificate."; - break; - case tls.Alert.Description.certificate_revoked: - msg = "Certificate revoked."; - break; - case tls.Alert.Description.certificate_expired: - msg = "Certificate expired."; - break; - case tls.Alert.Description.certificate_unknown: - msg = "Certificate unknown."; - break; - case tls.Alert.Description.illegal_parameter: - msg = "Illegal parameter."; - break; - case tls.Alert.Description.unknown_ca: - msg = "Unknown certificate authority."; - break; - case tls.Alert.Description.access_denied: - msg = "Access denied."; - break; - case tls.Alert.Description.decode_error: - msg = "Decode error."; - break; - case tls.Alert.Description.decrypt_error: - msg = "Decrypt error."; - break; - case tls.Alert.Description.export_restriction: - msg = "Export restriction."; - break; - case tls.Alert.Description.protocol_version: - msg = "Unsupported protocol version."; - break; - case tls.Alert.Description.insufficient_security: - msg = "Insufficient security."; - break; - case tls.Alert.Description.internal_error: - msg = "Internal error."; - break; - case tls.Alert.Description.user_canceled: - msg = "User canceled."; - break; - case tls.Alert.Description.no_renegotiation: - msg = "Renegotiation not supported."; - break; - default: - msg = "Unknown error."; - break; - } - if (alert.description === tls.Alert.Description.close_notify) { - return c.close(); - } - c.error(c, { - message: msg, - send: false, - // origin is the opposite end - origin: c.entity === tls.ConnectionEnd.client ? "server" : "client", - alert - }); - c.process(); - }; - tls.handleHandshake = function(c, record) { - var b = record.fragment; - var type2 = b.getByte(); - var length = b.getInt24(); - if (length > b.length()) { - c.fragmented = record; - record.fragment = forge.util.createBuffer(); - b.read -= 4; - return c.process(); - } - c.fragmented = null; - b.read -= 4; - var bytes = b.bytes(length + 4); - b.read += 4; - if (type2 in hsTable[c.entity][c.expect]) { - if (c.entity === tls.ConnectionEnd.server && !c.open && !c.fail) { + c.reset = function(clearFail) { + c.version = { major: tls.Version.major, minor: tls.Version.minor }; + c.record = null; + c.session = null; + c.peerCertificate = null; + c.state = { + pending: null, + current: null + }; + c.expect = c.entity === tls.ConnectionEnd.client ? SHE : CHE; + c.fragmented = null; + c.records = []; + c.open = false; + c.handshakes = 0; + c.handshaking = false; + c.isConnected = false; + c.fail = !(clearFail || typeof clearFail === "undefined"); + c.input.clear(); + c.tlsData.clear(); + c.data.clear(); + c.state.current = tls.createConnectionState(c); + }; + c.reset(); + var _update = function(c2, record) { + var aligned = record.type - tls.ContentType.change_cipher_spec; + var handlers = ctTable[c2.entity][c2.expect]; + if (aligned in handlers) { + handlers[aligned](c2, record); + } else { + tls.handleUnexpected(c2, record); + } + }; + var _readRecordHeader = function(c2) { + var rval = 0; + var b = c2.input; + var len = b.length(); + if (len < 5) { + rval = 5 - len; + } else { + c2.record = { + type: b.getByte(), + version: { + major: b.getByte(), + minor: b.getByte() + }, + length: b.getInt16(), + fragment: forge.util.createBuffer(), + ready: false + }; + var compatibleVersion = c2.record.version.major === c2.version.major; + if (compatibleVersion && c2.session && c2.session.version) { + compatibleVersion = c2.record.version.minor === c2.version.minor; + } + if (!compatibleVersion) { + c2.error(c2, { + message: "Incompatible TLS version.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.protocol_version + } + }); + } + } + return rval; + }; + var _readRecord = function(c2) { + var rval = 0; + var b = c2.input; + var len = b.length(); + if (len < c2.record.length) { + rval = c2.record.length - len; + } else { + c2.record.fragment.putBytes(b.getBytes(c2.record.length)); + b.compact(); + var s = c2.state.current.read; + if (s.update(c2, c2.record)) { + if (c2.fragmented !== null) { + if (c2.fragmented.type === c2.record.type) { + c2.fragmented.fragment.putBuffer(c2.record.fragment); + c2.record = c2.fragmented; + } else { + c2.error(c2, { + message: "Invalid fragmented record.", + send: true, + alert: { + level: tls.Alert.Level.fatal, + description: tls.Alert.Description.unexpected_message + } + }); + } + } + c2.record.ready = true; + } + } + return rval; + }; + c.handshake = function(sessionId) { + if (c.entity !== tls.ConnectionEnd.client) { + c.error(c, { + message: "Cannot initiate handshake as a server.", + fatal: false + }); + } else if (c.handshaking) { + c.error(c, { + message: "Handshake already in progress.", + fatal: false + }); + } else { + if (c.fail && !c.open && c.handshakes === 0) { + c.fail = false; + } c.handshaking = true; + sessionId = sessionId || ""; + var session = null; + if (sessionId.length > 0) { + if (c.sessionCache) { + session = c.sessionCache.getSession(sessionId); + } + if (session === null) { + sessionId = ""; + } + } + if (sessionId.length === 0 && c.sessionCache) { + session = c.sessionCache.getSession(); + if (session !== null) { + sessionId = session.id; + } + } c.session = { + id: sessionId, version: null, - extensions: { - server_name: { - serverNameList: [] - } - }, cipherSuite: null, compressionMethod: null, serverCertificate: null, + certificateRequest: null, clientCertificate: null, + sp: {}, md5: forge.md.md5.create(), sha1: forge.md.sha1.create() }; + if (session) { + c.version = session.version; + c.session.sp = session.sp; + } + c.session.sp.client_random = tls.createRandom().getBytes(); + c.open = true; + tls.queue(c, tls.createRecord(c, { + type: tls.ContentType.handshake, + data: tls.createClientHello(c) + })); + tls.flush(c); } - if (type2 !== tls.HandshakeType.hello_request && type2 !== tls.HandshakeType.certificate_verify && type2 !== tls.HandshakeType.finished) { - c.session.md5.update(bytes); - c.session.sha1.update(bytes); + }; + c.process = function(data) { + var rval = 0; + if (data) { + c.input.putBytes(data); } - hsTable[c.entity][c.expect][type2](c, record, length); - } else { - tls.handleUnexpected(c, record); - } - }; - tls.handleApplicationData = function(c, record) { - c.data.putBuffer(record.fragment); - c.dataReady(c); - c.process(); - }; - tls.handleHeartbeat = function(c, record) { - var b = record.fragment; - var type2 = b.getByte(); - var length = b.getInt16(); - var payload = b.getBytes(length); - if (type2 === tls.HeartbeatMessageType.heartbeat_request) { - if (c.handshaking || length > payload.length) { - return c.process(); + if (!c.fail) { + if (c.record !== null && c.record.ready && c.record.fragment.isEmpty()) { + c.record = null; + } + if (c.record === null) { + rval = _readRecordHeader(c); + } + if (!c.fail && c.record !== null && !c.record.ready) { + rval = _readRecord(c); + } + if (!c.fail && c.record !== null && c.record.ready) { + _update(c, c.record); + } + } + return rval; + }; + c.prepare = function(data) { + tls.queue(c, tls.createRecord(c, { + type: tls.ContentType.application_data, + data: forge.util.createBuffer(data) + })); + return tls.flush(c); + }; + c.prepareHeartbeatRequest = function(payload, payloadLength) { + if (payload instanceof forge.util.ByteBuffer) { + payload = payload.bytes(); + } + if (typeof payloadLength === "undefined") { + payloadLength = payload.length; } + c.expectedHeartbeatPayload = payload; tls.queue(c, tls.createRecord(c, { type: tls.ContentType.heartbeat, data: tls.createHeartbeat( - tls.HeartbeatMessageType.heartbeat_response, - payload + tls.HeartbeatMessageType.heartbeat_request, + payload, + payloadLength ) })); - tls.flush(c); - } else if (type2 === tls.HeartbeatMessageType.heartbeat_response) { - if (payload !== c.expectedHeartbeatPayload) { - return c.process(); + return tls.flush(c); + }; + c.close = function(clearFail) { + if (!c.fail && c.sessionCache && c.session) { + var session = { + id: c.session.id, + version: c.session.version, + sp: c.session.sp + }; + session.sp.keys = null; + c.sessionCache.setSession(session.id, session); } - if (c.heartbeatReceived) { - c.heartbeatReceived(c, forge.util.createBuffer(payload)); + if (c.open) { + c.open = false; + c.input.clear(); + if (c.isConnected || c.handshaking) { + c.isConnected = c.handshaking = false; + tls.queue(c, tls.createAlert(c, { + level: tls.Alert.Level.warning, + description: tls.Alert.Description.close_notify + })); + tls.flush(c); + } + c.closed(c); } - } - c.process(); + c.reset(clearFail); + }; + return c; }; - var SHE = 0; - var SCE = 1; - var SKE = 2; - var SCR = 3; - var SHD = 4; - var SCC = 5; - var SFI = 6; - var SAD = 7; - var SER = 8; - var CHE = 0; - var CCE = 1; - var CKE = 2; - var CCV = 3; - var CCC = 4; - var CFI = 5; - var CAD = 6; - var __ = tls.handleUnexpected; - var R0 = tls.handleChangeCipherSpec; - var R1 = tls.handleAlert; - var R2 = tls.handleHandshake; - var R3 = tls.handleApplicationData; - var R4 = tls.handleHeartbeat; - var ctTable = []; - ctTable[tls.ConnectionEnd.client] = [ - // CC,AL,HS,AD,HB - /*SHE*/ - [__, R1, R2, __, R4], - /*SCE*/ - [__, R1, R2, __, R4], - /*SKE*/ - [__, R1, R2, __, R4], - /*SCR*/ - [__, R1, R2, __, R4], - /*SHD*/ - [__, R1, R2, __, R4], - /*SCC*/ - [R0, R1, __, __, R4], - /*SFI*/ - [__, R1, R2, __, R4], - /*SAD*/ - [__, R1, R2, R3, R4], - /*SER*/ - [__, R1, R2, __, R4] - ]; - ctTable[tls.ConnectionEnd.server] = [ - // CC,AL,HS,AD - /*CHE*/ - [__, R1, R2, __, R4], - /*CCE*/ - [__, R1, R2, __, R4], - /*CKE*/ - [__, R1, R2, __, R4], - /*CCV*/ - [__, R1, R2, __, R4], - /*CCC*/ - [R0, R1, __, __, R4], - /*CFI*/ - [__, R1, R2, __, R4], - /*CAD*/ - [__, R1, R2, R3, R4], - /*CER*/ - [__, R1, R2, __, R4] - ]; - var H0 = tls.handleHelloRequest; - var H1 = tls.handleServerHello; - var H2 = tls.handleCertificate; - var H3 = tls.handleServerKeyExchange; - var H4 = tls.handleCertificateRequest; - var H5 = tls.handleServerHelloDone; - var H6 = tls.handleFinished; - var hsTable = []; - hsTable[tls.ConnectionEnd.client] = [ - // HR,01,SH,03,04,05,06,07,08,09,10,SC,SK,CR,HD,15,CK,17,18,19,FI - /*SHE*/ - [__, __, H1, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __], - /*SCE*/ - [H0, __, __, __, __, __, __, __, __, __, __, H2, H3, H4, H5, __, __, __, __, __, __], - /*SKE*/ - [H0, __, __, __, __, __, __, __, __, __, __, __, H3, H4, H5, __, __, __, __, __, __], - /*SCR*/ - [H0, __, __, __, __, __, __, __, __, __, __, __, __, H4, H5, __, __, __, __, __, __], - /*SHD*/ - [H0, __, __, __, __, __, __, __, __, __, __, __, __, __, H5, __, __, __, __, __, __], - /*SCC*/ - [H0, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __], - /*SFI*/ - [H0, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, H6], - /*SAD*/ - [H0, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __], - /*SER*/ - [H0, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __] - ]; - var H7 = tls.handleClientHello; - var H8 = tls.handleClientKeyExchange; - var H9 = tls.handleCertificateVerify; - hsTable[tls.ConnectionEnd.server] = [ - // 01,CH,02,03,04,05,06,07,08,09,10,CC,12,13,14,CV,CK,17,18,19,FI - /*CHE*/ - [__, H7, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __], - /*CCE*/ - [__, __, __, __, __, __, __, __, __, __, __, H2, __, __, __, __, __, __, __, __, __], - /*CKE*/ - [__, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, H8, __, __, __, __], - /*CCV*/ - [__, __, __, __, __, __, __, __, __, __, __, __, __, __, __, H9, __, __, __, __, __], - /*CCC*/ - [__, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __], - /*CFI*/ - [__, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, H6], - /*CAD*/ - [__, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __], - /*CER*/ - [__, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __, __] - ]; - tls.generateKeys = function(c, sp) { - var prf = prf_TLS1; - var random = sp.client_random + sp.server_random; - if (!c.session.resuming) { - sp.master_secret = prf( - sp.pre_master_secret, - "master secret", - random, - 48 - ).bytes(); - sp.pre_master_secret = null; + module2.exports = forge.tls = forge.tls || {}; + for (key in tls) { + if (typeof tls[key] !== "function") { + forge.tls[key] = tls[key]; } - random = sp.server_random + sp.client_random; - var length = 2 * sp.mac_key_length + 2 * sp.enc_key_length; - var tls10 = c.version.major === tls.Versions.TLS_1_0.major && c.version.minor === tls.Versions.TLS_1_0.minor; - if (tls10) { - length += 2 * sp.fixed_iv_length; - } - var km = prf(sp.master_secret, "key expansion", random, length); - var rval = { - client_write_MAC_key: km.getBytes(sp.mac_key_length), - server_write_MAC_key: km.getBytes(sp.mac_key_length), - client_write_key: km.getBytes(sp.enc_key_length), - server_write_key: km.getBytes(sp.enc_key_length) - }; - if (tls10) { - rval.client_write_IV = km.getBytes(sp.fixed_iv_length); - rval.server_write_IV = km.getBytes(sp.fixed_iv_length); - } - return rval; + } + var key; + forge.tls.prf_tls1 = prf_TLS1; + forge.tls.hmac_sha1 = hmac_sha1; + forge.tls.createSessionCache = tls.createSessionCache; + forge.tls.createConnection = tls.createConnection; + } +}); + +// node_modules/node-forge/lib/aesCipherSuites.js +var require_aesCipherSuites = __commonJS({ + "node_modules/node-forge/lib/aesCipherSuites.js"(exports2, module2) { + var forge = require_forge(); + require_aes(); + require_tls(); + var tls = module2.exports = forge.tls; + tls.CipherSuites["TLS_RSA_WITH_AES_128_CBC_SHA"] = { + id: [0, 47], + name: "TLS_RSA_WITH_AES_128_CBC_SHA", + initSecurityParameters: function(sp) { + sp.bulk_cipher_algorithm = tls.BulkCipherAlgorithm.aes; + sp.cipher_type = tls.CipherType.block; + sp.enc_key_length = 16; + sp.block_length = 16; + sp.fixed_iv_length = 16; + sp.record_iv_length = 16; + sp.mac_algorithm = tls.MACAlgorithm.hmac_sha1; + sp.mac_length = 20; + sp.mac_key_length = 20; + }, + initConnectionState }; - tls.createConnectionState = function(c) { - var client = c.entity === tls.ConnectionEnd.client; - var createMode = function() { - var mode = { - // two 32-bit numbers, first is most significant - sequenceNumber: [0, 0], - macKey: null, - macLength: 0, - macFunction: null, - cipherState: null, - cipherFunction: function(record) { - return true; - }, - compressionState: null, - compressFunction: function(record) { - return true; - }, - updateSequenceNumber: function() { - if (mode.sequenceNumber[1] === 4294967295) { - mode.sequenceNumber[1] = 0; - ++mode.sequenceNumber[0]; - } else { - ++mode.sequenceNumber[1]; - } - } - }; - return mode; - }; - var state = { - read: createMode(), - write: createMode() + tls.CipherSuites["TLS_RSA_WITH_AES_256_CBC_SHA"] = { + id: [0, 53], + name: "TLS_RSA_WITH_AES_256_CBC_SHA", + initSecurityParameters: function(sp) { + sp.bulk_cipher_algorithm = tls.BulkCipherAlgorithm.aes; + sp.cipher_type = tls.CipherType.block; + sp.enc_key_length = 32; + sp.block_length = 16; + sp.fixed_iv_length = 16; + sp.record_iv_length = 16; + sp.mac_algorithm = tls.MACAlgorithm.hmac_sha1; + sp.mac_length = 20; + sp.mac_key_length = 20; + }, + initConnectionState + }; + function initConnectionState(state, c, sp) { + var client = c.entity === forge.tls.ConnectionEnd.client; + state.read.cipherState = { + init: false, + cipher: forge.cipher.createDecipher("AES-CBC", client ? sp.keys.server_write_key : sp.keys.client_write_key), + iv: client ? sp.keys.server_write_IV : sp.keys.client_write_IV }; - state.read.update = function(c2, record) { - if (!state.read.cipherFunction(record, state.read)) { - c2.error(c2, { - message: "Could not decrypt record or bad MAC.", - send: true, - alert: { - level: tls.Alert.Level.fatal, - // doesn't matter if decryption failed or MAC was - // invalid, return the same error so as not to reveal - // which one occurred - description: tls.Alert.Description.bad_record_mac - } - }); - } else if (!state.read.compressFunction(c2, record, state.read)) { - c2.error(c2, { - message: "Could not decompress record.", - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.decompression_failure - } - }); - } - return !c2.fail; + state.write.cipherState = { + init: false, + cipher: forge.cipher.createCipher("AES-CBC", client ? sp.keys.client_write_key : sp.keys.server_write_key), + iv: client ? sp.keys.client_write_IV : sp.keys.server_write_IV }; - state.write.update = function(c2, record) { - if (!state.write.compressFunction(c2, record, state.write)) { - c2.error(c2, { - message: "Could not compress record.", - send: false, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.internal_error - } - }); - } else if (!state.write.cipherFunction(record, state.write)) { - c2.error(c2, { - message: "Could not encrypt record.", - send: false, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.internal_error - } - }); + state.read.cipherFunction = decrypt_aes_cbc_sha1; + state.write.cipherFunction = encrypt_aes_cbc_sha1; + state.read.macLength = state.write.macLength = sp.mac_length; + state.read.macFunction = state.write.macFunction = tls.hmac_sha1; + } + function encrypt_aes_cbc_sha1(record, s) { + var rval = false; + var mac = s.macFunction(s.macKey, s.sequenceNumber, record); + record.fragment.putBytes(mac); + s.updateSequenceNumber(); + var iv; + if (record.version.minor === tls.Versions.TLS_1_0.minor) { + iv = s.cipherState.init ? null : s.cipherState.iv; + } else { + iv = forge.random.getBytesSync(16); + } + s.cipherState.init = true; + var cipher = s.cipherState.cipher; + cipher.start({ iv }); + if (record.version.minor >= tls.Versions.TLS_1_1.minor) { + cipher.output.putBytes(iv); + } + cipher.update(record.fragment); + if (cipher.finish(encrypt_aes_cbc_sha1_padding)) { + record.fragment = cipher.output; + record.length = record.fragment.length(); + rval = true; + } + return rval; + } + function encrypt_aes_cbc_sha1_padding(blockSize, input, decrypt) { + if (!decrypt) { + var padding = blockSize - input.length() % blockSize; + input.fillWithByte(padding - 1, padding); + } + return true; + } + function decrypt_aes_cbc_sha1_padding(blockSize, output, decrypt) { + var rval = true; + if (decrypt) { + var len = output.length(); + var paddingLength = output.last(); + for (var i = len - 1 - paddingLength; i < len - 1; ++i) { + rval = rval && output.at(i) == paddingLength; } - return !c2.fail; - }; - if (c.session) { - var sp = c.session.sp; - c.session.cipherSuite.initSecurityParameters(sp); - sp.keys = tls.generateKeys(c, sp); - state.read.macKey = client ? sp.keys.server_write_MAC_key : sp.keys.client_write_MAC_key; - state.write.macKey = client ? sp.keys.client_write_MAC_key : sp.keys.server_write_MAC_key; - c.session.cipherSuite.initConnectionState(state, c, sp); - switch (sp.compression_algorithm) { - case tls.CompressionMethod.none: - break; - case tls.CompressionMethod.deflate: - state.read.compressFunction = inflate; - state.write.compressFunction = deflate; - break; - default: - throw new Error("Unsupported compression algorithm."); + if (rval) { + output.truncate(paddingLength + 1); } } - return state; - }; - tls.createRandom = function() { - var d = /* @__PURE__ */ new Date(); - var utc = +d + d.getTimezoneOffset() * 6e4; - var rval = forge.util.createBuffer(); - rval.putInt32(utc); - rval.putBytes(forge.random.getBytes(28)); return rval; + } + function decrypt_aes_cbc_sha1(record, s) { + var rval = false; + var iv; + if (record.version.minor === tls.Versions.TLS_1_0.minor) { + iv = s.cipherState.init ? null : s.cipherState.iv; + } else { + iv = record.fragment.getBytes(16); + } + s.cipherState.init = true; + var cipher = s.cipherState.cipher; + cipher.start({ iv }); + cipher.update(record.fragment); + rval = cipher.finish(decrypt_aes_cbc_sha1_padding); + var macLen = s.macLength; + var mac = forge.random.getBytesSync(macLen); + var len = cipher.output.length(); + if (len >= macLen) { + record.fragment = cipher.output.getBytes(len - macLen); + mac = cipher.output.getBytes(macLen); + } else { + record.fragment = cipher.output.getBytes(); + } + record.fragment = forge.util.createBuffer(record.fragment); + record.length = record.fragment.length(); + var mac2 = s.macFunction(s.macKey, s.sequenceNumber, record); + s.updateSequenceNumber(); + rval = compareMacs(s.macKey, mac, mac2) && rval; + return rval; + } + function compareMacs(key, mac1, mac2) { + var hmac = forge.hmac.create(); + hmac.start("SHA1", key); + hmac.update(mac1); + mac1 = hmac.digest().getBytes(); + hmac.start(null, null); + hmac.update(mac2); + mac2 = hmac.digest().getBytes(); + return mac1 === mac2; + } + } +}); + +// node_modules/node-forge/lib/sha512.js +var require_sha512 = __commonJS({ + "node_modules/node-forge/lib/sha512.js"(exports2, module2) { + var forge = require_forge(); + require_md(); + require_util9(); + var sha512 = module2.exports = forge.sha512 = forge.sha512 || {}; + forge.md.sha512 = forge.md.algorithms.sha512 = sha512; + var sha384 = forge.sha384 = forge.sha512.sha384 = forge.sha512.sha384 || {}; + sha384.create = function() { + return sha512.create("SHA-384"); }; - tls.createRecord = function(c, options) { - if (!options.data) { - return null; + forge.md.sha384 = forge.md.algorithms.sha384 = sha384; + forge.sha512.sha256 = forge.sha512.sha256 || { + create: function() { + return sha512.create("SHA-512/256"); } - var record = { - type: options.type, - version: { - major: c.version.major, - minor: c.version.minor - }, - length: options.data.length(), - fragment: options.data - }; - return record; }; - tls.createAlert = function(c, alert) { - var b = forge.util.createBuffer(); - b.putByte(alert.level); - b.putByte(alert.description); - return tls.createRecord(c, { - type: tls.ContentType.alert, - data: b - }); + forge.md["sha512/256"] = forge.md.algorithms["sha512/256"] = forge.sha512.sha256; + forge.sha512.sha224 = forge.sha512.sha224 || { + create: function() { + return sha512.create("SHA-512/224"); + } }; - tls.createClientHello = function(c) { - c.session.clientHelloVersion = { - major: c.version.major, - minor: c.version.minor - }; - var cipherSuites = forge.util.createBuffer(); - for (var i = 0; i < c.cipherSuites.length; ++i) { - var cs = c.cipherSuites[i]; - cipherSuites.putByte(cs.id[0]); - cipherSuites.putByte(cs.id[1]); + forge.md["sha512/224"] = forge.md.algorithms["sha512/224"] = forge.sha512.sha224; + sha512.create = function(algorithm) { + if (!_initialized) { + _init(); } - var cSuites = cipherSuites.length(); - var compressionMethods = forge.util.createBuffer(); - compressionMethods.putByte(tls.CompressionMethod.none); - var cMethods = compressionMethods.length(); - var extensions = forge.util.createBuffer(); - if (c.virtualHost) { - var ext = forge.util.createBuffer(); - ext.putByte(0); - ext.putByte(0); - var serverName = forge.util.createBuffer(); - serverName.putByte(0); - writeVector(serverName, 2, forge.util.createBuffer(c.virtualHost)); - var snList = forge.util.createBuffer(); - writeVector(snList, 2, serverName); - writeVector(ext, 2, snList); - extensions.putBuffer(ext); + if (typeof algorithm === "undefined") { + algorithm = "SHA-512"; } - var extLength = extensions.length(); - if (extLength > 0) { - extLength += 2; + if (!(algorithm in _states)) { + throw new Error("Invalid SHA-512 algorithm: " + algorithm); } - var sessionId = c.session.id; - var length = sessionId.length + 1 + // session ID vector - 2 + // version (major + minor) - 4 + 28 + // random time and random bytes - 2 + cSuites + // cipher suites vector - 1 + cMethods + // compression methods vector - extLength; - var rval = forge.util.createBuffer(); - rval.putByte(tls.HandshakeType.client_hello); - rval.putInt24(length); - rval.putByte(c.version.major); - rval.putByte(c.version.minor); - rval.putBytes(c.session.sp.client_random); - writeVector(rval, 1, forge.util.createBuffer(sessionId)); - writeVector(rval, 2, cipherSuites); - writeVector(rval, 1, compressionMethods); - if (extLength > 0) { - writeVector(rval, 2, extensions); + var _state = _states[algorithm]; + var _h = null; + var _input = forge.util.createBuffer(); + var _w = new Array(80); + for (var wi = 0; wi < 80; ++wi) { + _w[wi] = new Array(2); } - return rval; - }; - tls.createServerHello = function(c) { - var sessionId = c.session.id; - var length = sessionId.length + 1 + // session ID vector - 2 + // version (major + minor) - 4 + 28 + // random time and random bytes - 2 + // chosen cipher suite - 1; - var rval = forge.util.createBuffer(); - rval.putByte(tls.HandshakeType.server_hello); - rval.putInt24(length); - rval.putByte(c.version.major); - rval.putByte(c.version.minor); - rval.putBytes(c.session.sp.server_random); - writeVector(rval, 1, forge.util.createBuffer(sessionId)); - rval.putByte(c.session.cipherSuite.id[0]); - rval.putByte(c.session.cipherSuite.id[1]); - rval.putByte(c.session.compressionMethod); - return rval; - }; - tls.createCertificate = function(c) { - var client = c.entity === tls.ConnectionEnd.client; - var cert = null; - if (c.getCertificate) { - var hint; - if (client) { - hint = c.session.certificateRequest; + var digestLength = 64; + switch (algorithm) { + case "SHA-384": + digestLength = 48; + break; + case "SHA-512/256": + digestLength = 32; + break; + case "SHA-512/224": + digestLength = 28; + break; + } + var md = { + // SHA-512 => sha512 + algorithm: algorithm.replace("-", "").toLowerCase(), + blockLength: 128, + digestLength, + // 56-bit length of message so far (does not including padding) + messageLength: 0, + // true message length + fullMessageLength: null, + // size of message length in bytes + messageLengthSize: 16 + }; + md.start = function() { + md.messageLength = 0; + md.fullMessageLength = md.messageLength128 = []; + var int32s = md.messageLengthSize / 4; + for (var i = 0; i < int32s; ++i) { + md.fullMessageLength.push(0); + } + _input = forge.util.createBuffer(); + _h = new Array(_state.length); + for (var i = 0; i < _state.length; ++i) { + _h[i] = _state[i].slice(0); + } + return md; + }; + md.start(); + md.update = function(msg, encoding) { + if (encoding === "utf8") { + msg = forge.util.encodeUtf8(msg); + } + var len = msg.length; + md.messageLength += len; + len = [len / 4294967296 >>> 0, len >>> 0]; + for (var i = md.fullMessageLength.length - 1; i >= 0; --i) { + md.fullMessageLength[i] += len[1]; + len[1] = len[0] + (md.fullMessageLength[i] / 4294967296 >>> 0); + md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0; + len[0] = len[1] / 4294967296 >>> 0; + } + _input.putBytes(msg); + _update(_h, _w, _input); + if (_input.read > 2048 || _input.length() === 0) { + _input.compact(); + } + return md; + }; + md.digest = function() { + var finalBlock = forge.util.createBuffer(); + finalBlock.putBytes(_input.bytes()); + var remaining = md.fullMessageLength[md.fullMessageLength.length - 1] + md.messageLengthSize; + var overflow = remaining & md.blockLength - 1; + finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow)); + var next, carry; + var bits = md.fullMessageLength[0] * 8; + for (var i = 0; i < md.fullMessageLength.length - 1; ++i) { + next = md.fullMessageLength[i + 1] * 8; + carry = next / 4294967296 >>> 0; + bits += carry; + finalBlock.putInt32(bits >>> 0); + bits = next >>> 0; + } + finalBlock.putInt32(bits); + var h = new Array(_h.length); + for (var i = 0; i < _h.length; ++i) { + h[i] = _h[i].slice(0); + } + _update(h, _w, finalBlock); + var rval = forge.util.createBuffer(); + var hlen; + if (algorithm === "SHA-512") { + hlen = h.length; + } else if (algorithm === "SHA-384") { + hlen = h.length - 2; } else { - hint = c.session.extensions.server_name.serverNameList; + hlen = h.length - 4; } - cert = c.getCertificate(c, hint); - } - var certList = forge.util.createBuffer(); - if (cert !== null) { - try { - if (!forge.util.isArray(cert)) { - cert = [cert]; - } - var asn1 = null; - for (var i = 0; i < cert.length; ++i) { - var msg = forge.pem.decode(cert[i])[0]; - if (msg.type !== "CERTIFICATE" && msg.type !== "X509 CERTIFICATE" && msg.type !== "TRUSTED CERTIFICATE") { - var error3 = new Error('Could not convert certificate from PEM; PEM header type is not "CERTIFICATE", "X509 CERTIFICATE", or "TRUSTED CERTIFICATE".'); - error3.headerType = msg.type; - throw error3; - } - if (msg.procType && msg.procType.type === "ENCRYPTED") { - throw new Error("Could not convert certificate from PEM; PEM is encrypted."); - } - var der = forge.util.createBuffer(msg.body); - if (asn1 === null) { - asn1 = forge.asn1.fromDer(der.bytes(), false); - } - var certBuffer = forge.util.createBuffer(); - writeVector(certBuffer, 3, der); - certList.putBuffer(certBuffer); + for (var i = 0; i < hlen; ++i) { + rval.putInt32(h[i][0]); + if (i !== hlen - 1 || algorithm !== "SHA-512/224") { + rval.putInt32(h[i][1]); } - cert = forge.pki.certificateFromAsn1(asn1); - if (client) { - c.session.clientCertificate = cert; - } else { - c.session.serverCertificate = cert; - } - } catch (ex) { - return c.error(c, { - message: "Could not send certificate list.", - cause: ex, - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.bad_certificate - } - }); - } - } - var length = 3 + certList.length(); - var rval = forge.util.createBuffer(); - rval.putByte(tls.HandshakeType.certificate); - rval.putInt24(length); - writeVector(rval, 3, certList); - return rval; - }; - tls.createClientKeyExchange = function(c) { - var b = forge.util.createBuffer(); - b.putByte(c.session.clientHelloVersion.major); - b.putByte(c.session.clientHelloVersion.minor); - b.putBytes(forge.random.getBytes(46)); - var sp = c.session.sp; - sp.pre_master_secret = b.getBytes(); - var key2 = c.session.serverCertificate.publicKey; - b = key2.encrypt(sp.pre_master_secret); - var length = b.length + 2; - var rval = forge.util.createBuffer(); - rval.putByte(tls.HandshakeType.client_key_exchange); - rval.putInt24(length); - rval.putInt16(b.length); - rval.putBytes(b); - return rval; - }; - tls.createServerKeyExchange = function(c) { - var length = 0; - var rval = forge.util.createBuffer(); - if (length > 0) { - rval.putByte(tls.HandshakeType.server_key_exchange); - rval.putInt24(length); - } - return rval; - }; - tls.getClientSignature = function(c, callback) { - var b = forge.util.createBuffer(); - b.putBuffer(c.session.md5.digest()); - b.putBuffer(c.session.sha1.digest()); - b = b.getBytes(); - c.getSignature = c.getSignature || function(c2, b2, callback2) { - var privateKey = null; - if (c2.getPrivateKey) { - try { - privateKey = c2.getPrivateKey(c2, c2.session.clientCertificate); - privateKey = forge.pki.privateKeyFromPem(privateKey); - } catch (ex) { - c2.error(c2, { - message: "Could not get private key.", - cause: ex, - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.internal_error - } - }); - } - } - if (privateKey === null) { - c2.error(c2, { - message: "No private key set.", - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.internal_error - } - }); - } else { - b2 = privateKey.sign(b2, null); } - callback2(c2, b2); + return rval; }; - c.getSignature(c, b, callback); - }; - tls.createCertificateVerify = function(c, signature) { - var length = signature.length + 2; - var rval = forge.util.createBuffer(); - rval.putByte(tls.HandshakeType.certificate_verify); - rval.putInt24(length); - rval.putInt16(signature.length); - rval.putBytes(signature); - return rval; - }; - tls.createCertificateRequest = function(c) { - var certTypes = forge.util.createBuffer(); - certTypes.putByte(1); - var cAs = forge.util.createBuffer(); - for (var key2 in c.caStore.certs) { - var cert = c.caStore.certs[key2]; - var dn = forge.pki.distinguishedNameToAsn1(cert.subject); - var byteBuffer = forge.asn1.toDer(dn); - cAs.putInt16(byteBuffer.length()); - cAs.putBuffer(byteBuffer); - } - var length = 1 + certTypes.length() + 2 + cAs.length(); - var rval = forge.util.createBuffer(); - rval.putByte(tls.HandshakeType.certificate_request); - rval.putInt24(length); - writeVector(rval, 1, certTypes); - writeVector(rval, 2, cAs); - return rval; - }; - tls.createServerHelloDone = function(c) { - var rval = forge.util.createBuffer(); - rval.putByte(tls.HandshakeType.server_hello_done); - rval.putInt24(0); - return rval; - }; - tls.createChangeCipherSpec = function() { - var rval = forge.util.createBuffer(); - rval.putByte(1); - return rval; - }; - tls.createFinished = function(c) { - var b = forge.util.createBuffer(); - b.putBuffer(c.session.md5.digest()); - b.putBuffer(c.session.sha1.digest()); - var client = c.entity === tls.ConnectionEnd.client; - var sp = c.session.sp; - var vdl = 12; - var prf = prf_TLS1; - var label = client ? "client finished" : "server finished"; - b = prf(sp.master_secret, label, b.getBytes(), vdl); - var rval = forge.util.createBuffer(); - rval.putByte(tls.HandshakeType.finished); - rval.putInt24(b.length()); - rval.putBuffer(b); - return rval; - }; - tls.createHeartbeat = function(type2, payload, payloadLength) { - if (typeof payloadLength === "undefined") { - payloadLength = payload.length; - } - var rval = forge.util.createBuffer(); - rval.putByte(type2); - rval.putInt16(payloadLength); - rval.putBytes(payload); - var plaintextLength = rval.length(); - var paddingLength = Math.max(16, plaintextLength - payloadLength - 3); - rval.putBytes(forge.random.getBytes(paddingLength)); - return rval; + return md; }; - tls.queue = function(c, record) { - if (!record) { - return; - } - if (record.fragment.length() === 0) { - if (record.type === tls.ContentType.handshake || record.type === tls.ContentType.alert || record.type === tls.ContentType.change_cipher_spec) { - return; - } - } - if (record.type === tls.ContentType.handshake) { - var bytes = record.fragment.bytes(); - c.session.md5.update(bytes); - c.session.sha1.update(bytes); - bytes = null; - } - var records; - if (record.fragment.length() <= tls.MaxFragment) { - records = [record]; - } else { - records = []; - var data = record.fragment.bytes(); - while (data.length > tls.MaxFragment) { - records.push(tls.createRecord(c, { - type: record.type, - data: forge.util.createBuffer(data.slice(0, tls.MaxFragment)) - })); - data = data.slice(tls.MaxFragment); + var _padding = null; + var _initialized = false; + var _k = null; + var _states = null; + function _init() { + _padding = String.fromCharCode(128); + _padding += forge.util.fillString(String.fromCharCode(0), 128); + _k = [ + [1116352408, 3609767458], + [1899447441, 602891725], + [3049323471, 3964484399], + [3921009573, 2173295548], + [961987163, 4081628472], + [1508970993, 3053834265], + [2453635748, 2937671579], + [2870763221, 3664609560], + [3624381080, 2734883394], + [310598401, 1164996542], + [607225278, 1323610764], + [1426881987, 3590304994], + [1925078388, 4068182383], + [2162078206, 991336113], + [2614888103, 633803317], + [3248222580, 3479774868], + [3835390401, 2666613458], + [4022224774, 944711139], + [264347078, 2341262773], + [604807628, 2007800933], + [770255983, 1495990901], + [1249150122, 1856431235], + [1555081692, 3175218132], + [1996064986, 2198950837], + [2554220882, 3999719339], + [2821834349, 766784016], + [2952996808, 2566594879], + [3210313671, 3203337956], + [3336571891, 1034457026], + [3584528711, 2466948901], + [113926993, 3758326383], + [338241895, 168717936], + [666307205, 1188179964], + [773529912, 1546045734], + [1294757372, 1522805485], + [1396182291, 2643833823], + [1695183700, 2343527390], + [1986661051, 1014477480], + [2177026350, 1206759142], + [2456956037, 344077627], + [2730485921, 1290863460], + [2820302411, 3158454273], + [3259730800, 3505952657], + [3345764771, 106217008], + [3516065817, 3606008344], + [3600352804, 1432725776], + [4094571909, 1467031594], + [275423344, 851169720], + [430227734, 3100823752], + [506948616, 1363258195], + [659060556, 3750685593], + [883997877, 3785050280], + [958139571, 3318307427], + [1322822218, 3812723403], + [1537002063, 2003034995], + [1747873779, 3602036899], + [1955562222, 1575990012], + [2024104815, 1125592928], + [2227730452, 2716904306], + [2361852424, 442776044], + [2428436474, 593698344], + [2756734187, 3733110249], + [3204031479, 2999351573], + [3329325298, 3815920427], + [3391569614, 3928383900], + [3515267271, 566280711], + [3940187606, 3454069534], + [4118630271, 4000239992], + [116418474, 1914138554], + [174292421, 2731055270], + [289380356, 3203993006], + [460393269, 320620315], + [685471733, 587496836], + [852142971, 1086792851], + [1017036298, 365543100], + [1126000580, 2618297676], + [1288033470, 3409855158], + [1501505948, 4234509866], + [1607167915, 987167468], + [1816402316, 1246189591] + ]; + _states = {}; + _states["SHA-512"] = [ + [1779033703, 4089235720], + [3144134277, 2227873595], + [1013904242, 4271175723], + [2773480762, 1595750129], + [1359893119, 2917565137], + [2600822924, 725511199], + [528734635, 4215389547], + [1541459225, 327033209] + ]; + _states["SHA-384"] = [ + [3418070365, 3238371032], + [1654270250, 914150663], + [2438529370, 812702999], + [355462360, 4144912697], + [1731405415, 4290775857], + [2394180231, 1750603025], + [3675008525, 1694076839], + [1203062813, 3204075428] + ]; + _states["SHA-512/256"] = [ + [573645204, 4230739756], + [2673172387, 3360449730], + [596883563, 1867755857], + [2520282905, 1497426621], + [2519219938, 2827943907], + [3193839141, 1401305490], + [721525244, 746961066], + [246885852, 2177182882] + ]; + _states["SHA-512/224"] = [ + [2352822216, 424955298], + [1944164710, 2312950998], + [502970286, 855612546], + [1738396948, 1479516111], + [258812777, 2077511080], + [2011393907, 79989058], + [1067287976, 1780299464], + [286451373, 2446758561] + ]; + _initialized = true; + } + function _update(s, w, bytes) { + var t1_hi, t1_lo; + var t2_hi, t2_lo; + var s0_hi, s0_lo; + var s1_hi, s1_lo; + var ch_hi, ch_lo; + var maj_hi, maj_lo; + var a_hi, a_lo; + var b_hi, b_lo; + var c_hi, c_lo; + var d_hi, d_lo; + var e_hi, e_lo; + var f_hi, f_lo; + var g_hi, g_lo; + var h_hi, h_lo; + var i, hi, lo, w2, w7, w15, w16; + var len = bytes.length(); + while (len >= 128) { + for (i = 0; i < 16; ++i) { + w[i][0] = bytes.getInt32() >>> 0; + w[i][1] = bytes.getInt32() >>> 0; } - if (data.length > 0) { - records.push(tls.createRecord(c, { - type: record.type, - data: forge.util.createBuffer(data) - })); + for (; i < 80; ++i) { + w2 = w[i - 2]; + hi = w2[0]; + lo = w2[1]; + t1_hi = ((hi >>> 19 | lo << 13) ^ // ROTR 19 + (lo >>> 29 | hi << 3) ^ // ROTR 61/(swap + ROTR 29) + hi >>> 6) >>> 0; + t1_lo = ((hi << 13 | lo >>> 19) ^ // ROTR 19 + (lo << 3 | hi >>> 29) ^ // ROTR 61/(swap + ROTR 29) + (hi << 26 | lo >>> 6)) >>> 0; + w15 = w[i - 15]; + hi = w15[0]; + lo = w15[1]; + t2_hi = ((hi >>> 1 | lo << 31) ^ // ROTR 1 + (hi >>> 8 | lo << 24) ^ // ROTR 8 + hi >>> 7) >>> 0; + t2_lo = ((hi << 31 | lo >>> 1) ^ // ROTR 1 + (hi << 24 | lo >>> 8) ^ // ROTR 8 + (hi << 25 | lo >>> 7)) >>> 0; + w7 = w[i - 7]; + w16 = w[i - 16]; + lo = t1_lo + w7[1] + t2_lo + w16[1]; + w[i][0] = t1_hi + w7[0] + t2_hi + w16[0] + (lo / 4294967296 >>> 0) >>> 0; + w[i][1] = lo >>> 0; } - } - for (var i = 0; i < records.length && !c.fail; ++i) { - var rec = records[i]; - var s = c.state.current.write; - if (s.update(c, rec)) { - c.records.push(rec); + a_hi = s[0][0]; + a_lo = s[0][1]; + b_hi = s[1][0]; + b_lo = s[1][1]; + c_hi = s[2][0]; + c_lo = s[2][1]; + d_hi = s[3][0]; + d_lo = s[3][1]; + e_hi = s[4][0]; + e_lo = s[4][1]; + f_hi = s[5][0]; + f_lo = s[5][1]; + g_hi = s[6][0]; + g_lo = s[6][1]; + h_hi = s[7][0]; + h_lo = s[7][1]; + for (i = 0; i < 80; ++i) { + s1_hi = ((e_hi >>> 14 | e_lo << 18) ^ // ROTR 14 + (e_hi >>> 18 | e_lo << 14) ^ // ROTR 18 + (e_lo >>> 9 | e_hi << 23)) >>> 0; + s1_lo = ((e_hi << 18 | e_lo >>> 14) ^ // ROTR 14 + (e_hi << 14 | e_lo >>> 18) ^ // ROTR 18 + (e_lo << 23 | e_hi >>> 9)) >>> 0; + ch_hi = (g_hi ^ e_hi & (f_hi ^ g_hi)) >>> 0; + ch_lo = (g_lo ^ e_lo & (f_lo ^ g_lo)) >>> 0; + s0_hi = ((a_hi >>> 28 | a_lo << 4) ^ // ROTR 28 + (a_lo >>> 2 | a_hi << 30) ^ // ROTR 34/(swap + ROTR 2) + (a_lo >>> 7 | a_hi << 25)) >>> 0; + s0_lo = ((a_hi << 4 | a_lo >>> 28) ^ // ROTR 28 + (a_lo << 30 | a_hi >>> 2) ^ // ROTR 34/(swap + ROTR 2) + (a_lo << 25 | a_hi >>> 7)) >>> 0; + maj_hi = (a_hi & b_hi | c_hi & (a_hi ^ b_hi)) >>> 0; + maj_lo = (a_lo & b_lo | c_lo & (a_lo ^ b_lo)) >>> 0; + lo = h_lo + s1_lo + ch_lo + _k[i][1] + w[i][1]; + t1_hi = h_hi + s1_hi + ch_hi + _k[i][0] + w[i][0] + (lo / 4294967296 >>> 0) >>> 0; + t1_lo = lo >>> 0; + lo = s0_lo + maj_lo; + t2_hi = s0_hi + maj_hi + (lo / 4294967296 >>> 0) >>> 0; + t2_lo = lo >>> 0; + h_hi = g_hi; + h_lo = g_lo; + g_hi = f_hi; + g_lo = f_lo; + f_hi = e_hi; + f_lo = e_lo; + lo = d_lo + t1_lo; + e_hi = d_hi + t1_hi + (lo / 4294967296 >>> 0) >>> 0; + e_lo = lo >>> 0; + d_hi = c_hi; + d_lo = c_lo; + c_hi = b_hi; + c_lo = b_lo; + b_hi = a_hi; + b_lo = a_lo; + lo = t1_lo + t2_lo; + a_hi = t1_hi + t2_hi + (lo / 4294967296 >>> 0) >>> 0; + a_lo = lo >>> 0; } + lo = s[0][1] + a_lo; + s[0][0] = s[0][0] + a_hi + (lo / 4294967296 >>> 0) >>> 0; + s[0][1] = lo >>> 0; + lo = s[1][1] + b_lo; + s[1][0] = s[1][0] + b_hi + (lo / 4294967296 >>> 0) >>> 0; + s[1][1] = lo >>> 0; + lo = s[2][1] + c_lo; + s[2][0] = s[2][0] + c_hi + (lo / 4294967296 >>> 0) >>> 0; + s[2][1] = lo >>> 0; + lo = s[3][1] + d_lo; + s[3][0] = s[3][0] + d_hi + (lo / 4294967296 >>> 0) >>> 0; + s[3][1] = lo >>> 0; + lo = s[4][1] + e_lo; + s[4][0] = s[4][0] + e_hi + (lo / 4294967296 >>> 0) >>> 0; + s[4][1] = lo >>> 0; + lo = s[5][1] + f_lo; + s[5][0] = s[5][0] + f_hi + (lo / 4294967296 >>> 0) >>> 0; + s[5][1] = lo >>> 0; + lo = s[6][1] + g_lo; + s[6][0] = s[6][0] + g_hi + (lo / 4294967296 >>> 0) >>> 0; + s[6][1] = lo >>> 0; + lo = s[7][1] + h_lo; + s[7][0] = s[7][0] + h_hi + (lo / 4294967296 >>> 0) >>> 0; + s[7][1] = lo >>> 0; + len -= 128; } + } + } +}); + +// node_modules/node-forge/lib/asn1-validator.js +var require_asn1_validator = __commonJS({ + "node_modules/node-forge/lib/asn1-validator.js"(exports2) { + var forge = require_forge(); + require_asn1(); + var asn1 = forge.asn1; + exports2.privateKeyValidator = { + // PrivateKeyInfo + name: "PrivateKeyInfo", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + // Version (INTEGER) + name: "PrivateKeyInfo.version", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.INTEGER, + constructed: false, + capture: "privateKeyVersion" + }, { + // privateKeyAlgorithm + name: "PrivateKeyInfo.privateKeyAlgorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "AlgorithmIdentifier.algorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "privateKeyOid" + }] + }, { + // PrivateKey + name: "PrivateKeyInfo", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OCTETSTRING, + constructed: false, + capture: "privateKey" + }] }; - tls.flush = function(c) { - for (var i = 0; i < c.records.length; ++i) { - var record = c.records[i]; - c.tlsData.putByte(record.type); - c.tlsData.putByte(record.version.major); - c.tlsData.putByte(record.version.minor); - c.tlsData.putInt16(record.fragment.length()); - c.tlsData.putBuffer(c.records[i].fragment); - } - c.records = []; - return c.tlsDataReady(c); - }; - var _certErrorToAlertDesc = function(error3) { - switch (error3) { - case true: - return true; - case forge.pki.certificateError.bad_certificate: - return tls.Alert.Description.bad_certificate; - case forge.pki.certificateError.unsupported_certificate: - return tls.Alert.Description.unsupported_certificate; - case forge.pki.certificateError.certificate_revoked: - return tls.Alert.Description.certificate_revoked; - case forge.pki.certificateError.certificate_expired: - return tls.Alert.Description.certificate_expired; - case forge.pki.certificateError.certificate_unknown: - return tls.Alert.Description.certificate_unknown; - case forge.pki.certificateError.unknown_ca: - return tls.Alert.Description.unknown_ca; - default: - return tls.Alert.Description.bad_certificate; + exports2.publicKeyValidator = { + name: "SubjectPublicKeyInfo", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + captureAsn1: "subjectPublicKeyInfo", + value: [ + { + name: "SubjectPublicKeyInfo.AlgorithmIdentifier", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + value: [{ + name: "AlgorithmIdentifier.algorithm", + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.OID, + constructed: false, + capture: "publicKeyOid" + }] + }, + // capture group for ed25519PublicKey + { + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.BITSTRING, + constructed: false, + composed: true, + captureBitStringValue: "ed25519PublicKey" + } + // FIXME: this is capture group for rsaPublicKey, use it in this API or + // discard? + /* { + // subjectPublicKey + name: 'SubjectPublicKeyInfo.subjectPublicKey', + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.BITSTRING, + constructed: false, + value: [{ + // RSAPublicKey + name: 'SubjectPublicKeyInfo.subjectPublicKey.RSAPublicKey', + tagClass: asn1.Class.UNIVERSAL, + type: asn1.Type.SEQUENCE, + constructed: true, + optional: true, + captureAsn1: 'rsaPublicKey' + }] + } */ + ] + }; + } +}); + +// node_modules/node-forge/lib/ed25519.js +var require_ed25519 = __commonJS({ + "node_modules/node-forge/lib/ed25519.js"(exports2, module2) { + var forge = require_forge(); + require_jsbn(); + require_random(); + require_sha512(); + require_util9(); + var asn1Validator = require_asn1_validator(); + var publicKeyValidator = asn1Validator.publicKeyValidator; + var privateKeyValidator = asn1Validator.privateKeyValidator; + if (typeof BigInteger === "undefined") { + BigInteger = forge.jsbn.BigInteger; + } + var BigInteger; + var ByteBuffer = forge.util.ByteBuffer; + var NativeBuffer = typeof Buffer === "undefined" ? Uint8Array : Buffer; + forge.pki = forge.pki || {}; + module2.exports = forge.pki.ed25519 = forge.ed25519 = forge.ed25519 || {}; + var ed25519 = forge.ed25519; + ed25519.constants = {}; + ed25519.constants.PUBLIC_KEY_BYTE_LENGTH = 32; + ed25519.constants.PRIVATE_KEY_BYTE_LENGTH = 64; + ed25519.constants.SEED_BYTE_LENGTH = 32; + ed25519.constants.SIGN_BYTE_LENGTH = 64; + ed25519.constants.HASH_BYTE_LENGTH = 64; + ed25519.generateKeyPair = function(options) { + options = options || {}; + var seed = options.seed; + if (seed === void 0) { + seed = forge.random.getBytesSync(ed25519.constants.SEED_BYTE_LENGTH); + } else if (typeof seed === "string") { + if (seed.length !== ed25519.constants.SEED_BYTE_LENGTH) { + throw new TypeError( + '"seed" must be ' + ed25519.constants.SEED_BYTE_LENGTH + " bytes in length." + ); + } + } else if (!(seed instanceof Uint8Array)) { + throw new TypeError( + '"seed" must be a node.js Buffer, Uint8Array, or a binary string.' + ); + } + seed = messageToNativeBuffer({ message: seed, encoding: "binary" }); + var pk = new NativeBuffer(ed25519.constants.PUBLIC_KEY_BYTE_LENGTH); + var sk = new NativeBuffer(ed25519.constants.PRIVATE_KEY_BYTE_LENGTH); + for (var i = 0; i < 32; ++i) { + sk[i] = seed[i]; } + crypto_sign_keypair(pk, sk); + return { publicKey: pk, privateKey: sk }; }; - var _alertDescToCertError = function(desc) { - switch (desc) { - case true: - return true; - case tls.Alert.Description.bad_certificate: - return forge.pki.certificateError.bad_certificate; - case tls.Alert.Description.unsupported_certificate: - return forge.pki.certificateError.unsupported_certificate; - case tls.Alert.Description.certificate_revoked: - return forge.pki.certificateError.certificate_revoked; - case tls.Alert.Description.certificate_expired: - return forge.pki.certificateError.certificate_expired; - case tls.Alert.Description.certificate_unknown: - return forge.pki.certificateError.certificate_unknown; - case tls.Alert.Description.unknown_ca: - return forge.pki.certificateError.unknown_ca; - default: - return forge.pki.certificateError.bad_certificate; + ed25519.privateKeyFromAsn1 = function(obj) { + var capture = {}; + var errors = []; + var valid2 = forge.asn1.validate(obj, privateKeyValidator, capture, errors); + if (!valid2) { + var error3 = new Error("Invalid Key."); + error3.errors = errors; + throw error3; + } + var oid = forge.asn1.derToOid(capture.privateKeyOid); + var ed25519Oid = forge.oids.EdDSA25519; + if (oid !== ed25519Oid) { + throw new Error('Invalid OID "' + oid + '"; OID must be "' + ed25519Oid + '".'); } + var privateKey = capture.privateKey; + var privateKeyBytes = messageToNativeBuffer({ + message: forge.asn1.fromDer(privateKey).value, + encoding: "binary" + }); + return { privateKeyBytes }; }; - tls.verifyCertificateChain = function(c, chain) { - try { - var options = {}; - for (var key2 in c.verifyOptions) { - options[key2] = c.verifyOptions[key2]; - } - options.verify = function(vfd, depth, chain2) { - var desc = _certErrorToAlertDesc(vfd); - var ret = c.verify(c, vfd, depth, chain2); - if (ret !== true) { - if (typeof ret === "object" && !forge.util.isArray(ret)) { - var error3 = new Error("The application rejected the certificate."); - error3.send = true; - error3.alert = { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.bad_certificate - }; - if (ret.message) { - error3.message = ret.message; - } - if (ret.alert) { - error3.alert.description = ret.alert; - } - throw error3; - } - if (ret !== vfd) { - ret = _alertDescToCertError(ret); - } - } - return ret; - }; - forge.pki.verifyCertificateChain(c.caStore, chain, options); - } catch (ex) { - var err = ex; - if (typeof err !== "object" || forge.util.isArray(err)) { - err = { - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: _certErrorToAlertDesc(ex) - } - }; - } - if (!("send" in err)) { - err.send = true; - } - if (!("alert" in err)) { - err.alert = { - level: tls.Alert.Level.fatal, - description: _certErrorToAlertDesc(err.error) - }; - } - c.error(c, err); + ed25519.publicKeyFromAsn1 = function(obj) { + var capture = {}; + var errors = []; + var valid2 = forge.asn1.validate(obj, publicKeyValidator, capture, errors); + if (!valid2) { + var error3 = new Error("Invalid Key."); + error3.errors = errors; + throw error3; } - return !c.fail; + var oid = forge.asn1.derToOid(capture.publicKeyOid); + var ed25519Oid = forge.oids.EdDSA25519; + if (oid !== ed25519Oid) { + throw new Error('Invalid OID "' + oid + '"; OID must be "' + ed25519Oid + '".'); + } + var publicKeyBytes = capture.ed25519PublicKey; + if (publicKeyBytes.length !== ed25519.constants.PUBLIC_KEY_BYTE_LENGTH) { + throw new Error("Key length is invalid."); + } + return messageToNativeBuffer({ + message: publicKeyBytes, + encoding: "binary" + }); }; - tls.createSessionCache = function(cache, capacity) { - var rval = null; - if (cache && cache.getSession && cache.setSession && cache.order) { - rval = cache; - } else { - rval = {}; - rval.cache = cache || {}; - rval.capacity = Math.max(capacity || 100, 1); - rval.order = []; - for (var key2 in cache) { - if (rval.order.length <= capacity) { - rval.order.push(key2); - } else { - delete cache[key2]; - } - } - rval.getSession = function(sessionId) { - var session = null; - var key3 = null; - if (sessionId) { - key3 = forge.util.bytesToHex(sessionId); - } else if (rval.order.length > 0) { - key3 = rval.order[0]; - } - if (key3 !== null && key3 in rval.cache) { - session = rval.cache[key3]; - delete rval.cache[key3]; - for (var i in rval.order) { - if (rval.order[i] === key3) { - rval.order.splice(i, 1); - break; - } - } - } - return session; - }; - rval.setSession = function(sessionId, session) { - if (rval.order.length === rval.capacity) { - var key3 = rval.order.shift(); - delete rval.cache[key3]; - } - var key3 = forge.util.bytesToHex(sessionId); - rval.order.push(key3); - rval.cache[key3] = session; - }; + ed25519.publicKeyFromPrivateKey = function(options) { + options = options || {}; + var privateKey = messageToNativeBuffer({ + message: options.privateKey, + encoding: "binary" + }); + if (privateKey.length !== ed25519.constants.PRIVATE_KEY_BYTE_LENGTH) { + throw new TypeError( + '"options.privateKey" must have a byte length of ' + ed25519.constants.PRIVATE_KEY_BYTE_LENGTH + ); } - return rval; + var pk = new NativeBuffer(ed25519.constants.PUBLIC_KEY_BYTE_LENGTH); + for (var i = 0; i < pk.length; ++i) { + pk[i] = privateKey[32 + i]; + } + return pk; }; - tls.createConnection = function(options) { - var caStore = null; - if (options.caStore) { - if (forge.util.isArray(options.caStore)) { - caStore = forge.pki.createCaStore(options.caStore); - } else { - caStore = options.caStore; - } - } else { - caStore = forge.pki.createCaStore(); + ed25519.sign = function(options) { + options = options || {}; + var msg = messageToNativeBuffer(options); + var privateKey = messageToNativeBuffer({ + message: options.privateKey, + encoding: "binary" + }); + if (privateKey.length === ed25519.constants.SEED_BYTE_LENGTH) { + var keyPair = ed25519.generateKeyPair({ seed: privateKey }); + privateKey = keyPair.privateKey; + } else if (privateKey.length !== ed25519.constants.PRIVATE_KEY_BYTE_LENGTH) { + throw new TypeError( + '"options.privateKey" must have a byte length of ' + ed25519.constants.SEED_BYTE_LENGTH + " or " + ed25519.constants.PRIVATE_KEY_BYTE_LENGTH + ); } - var cipherSuites = options.cipherSuites || null; - if (cipherSuites === null) { - cipherSuites = []; - for (var key2 in tls.CipherSuites) { - cipherSuites.push(tls.CipherSuites[key2]); - } + var signedMsg = new NativeBuffer( + ed25519.constants.SIGN_BYTE_LENGTH + msg.length + ); + crypto_sign(signedMsg, msg, msg.length, privateKey); + var sig = new NativeBuffer(ed25519.constants.SIGN_BYTE_LENGTH); + for (var i = 0; i < sig.length; ++i) { + sig[i] = signedMsg[i]; } - var entity = options.server || false ? tls.ConnectionEnd.server : tls.ConnectionEnd.client; - var sessionCache = options.sessionCache ? tls.createSessionCache(options.sessionCache) : null; - var c = { - version: { major: tls.Version.major, minor: tls.Version.minor }, - entity, - sessionId: options.sessionId, - caStore, - sessionCache, - cipherSuites, - connected: options.connected, - virtualHost: options.virtualHost || null, - verifyClient: options.verifyClient || false, - verify: options.verify || function(cn, vfd, dpth, cts) { - return vfd; - }, - verifyOptions: options.verifyOptions || {}, - getCertificate: options.getCertificate || null, - getPrivateKey: options.getPrivateKey || null, - getSignature: options.getSignature || null, - input: forge.util.createBuffer(), - tlsData: forge.util.createBuffer(), - data: forge.util.createBuffer(), - tlsDataReady: options.tlsDataReady, - dataReady: options.dataReady, - heartbeatReceived: options.heartbeatReceived, - closed: options.closed, - error: function(c2, ex) { - ex.origin = ex.origin || (c2.entity === tls.ConnectionEnd.client ? "client" : "server"); - if (ex.send) { - tls.queue(c2, tls.createAlert(c2, ex.alert)); - tls.flush(c2); - } - var fatal = ex.fatal !== false; - if (fatal) { - c2.fail = true; - } - options.error(c2, ex); - if (fatal) { - c2.close(false); - } - }, - deflate: options.deflate || null, - inflate: options.inflate || null - }; - c.reset = function(clearFail) { - c.version = { major: tls.Version.major, minor: tls.Version.minor }; - c.record = null; - c.session = null; - c.peerCertificate = null; - c.state = { - pending: null, - current: null - }; - c.expect = c.entity === tls.ConnectionEnd.client ? SHE : CHE; - c.fragmented = null; - c.records = []; - c.open = false; - c.handshakes = 0; - c.handshaking = false; - c.isConnected = false; - c.fail = !(clearFail || typeof clearFail === "undefined"); - c.input.clear(); - c.tlsData.clear(); - c.data.clear(); - c.state.current = tls.createConnectionState(c); - }; - c.reset(); - var _update = function(c2, record) { - var aligned = record.type - tls.ContentType.change_cipher_spec; - var handlers = ctTable[c2.entity][c2.expect]; - if (aligned in handlers) { - handlers[aligned](c2, record); + return sig; + }; + ed25519.verify = function(options) { + options = options || {}; + var msg = messageToNativeBuffer(options); + if (options.signature === void 0) { + throw new TypeError( + '"options.signature" must be a node.js Buffer, a Uint8Array, a forge ByteBuffer, or a binary string.' + ); + } + var sig = messageToNativeBuffer({ + message: options.signature, + encoding: "binary" + }); + if (sig.length !== ed25519.constants.SIGN_BYTE_LENGTH) { + throw new TypeError( + '"options.signature" must have a byte length of ' + ed25519.constants.SIGN_BYTE_LENGTH + ); + } + var publicKey = messageToNativeBuffer({ + message: options.publicKey, + encoding: "binary" + }); + if (publicKey.length !== ed25519.constants.PUBLIC_KEY_BYTE_LENGTH) { + throw new TypeError( + '"options.publicKey" must have a byte length of ' + ed25519.constants.PUBLIC_KEY_BYTE_LENGTH + ); + } + var sm = new NativeBuffer(ed25519.constants.SIGN_BYTE_LENGTH + msg.length); + var m = new NativeBuffer(ed25519.constants.SIGN_BYTE_LENGTH + msg.length); + var i; + for (i = 0; i < ed25519.constants.SIGN_BYTE_LENGTH; ++i) { + sm[i] = sig[i]; + } + for (i = 0; i < msg.length; ++i) { + sm[i + ed25519.constants.SIGN_BYTE_LENGTH] = msg[i]; + } + return crypto_sign_open(m, sm, sm.length, publicKey) >= 0; + }; + function messageToNativeBuffer(options) { + var message = options.message; + if (message instanceof Uint8Array || message instanceof NativeBuffer) { + return message; + } + var encoding = options.encoding; + if (message === void 0) { + if (options.md) { + message = options.md.digest().getBytes(); + encoding = "binary"; } else { - tls.handleUnexpected(c2, record); + throw new TypeError('"options.message" or "options.md" not specified.'); } - }; - var _readRecordHeader = function(c2) { - var rval = 0; - var b = c2.input; - var len = b.length(); - if (len < 5) { - rval = 5 - len; - } else { - c2.record = { - type: b.getByte(), - version: { - major: b.getByte(), - minor: b.getByte() - }, - length: b.getInt16(), - fragment: forge.util.createBuffer(), - ready: false - }; - var compatibleVersion = c2.record.version.major === c2.version.major; - if (compatibleVersion && c2.session && c2.session.version) { - compatibleVersion = c2.record.version.minor === c2.version.minor; - } - if (!compatibleVersion) { - c2.error(c2, { - message: "Incompatible TLS version.", - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.protocol_version - } - }); - } + } + if (typeof message === "string" && !encoding) { + throw new TypeError('"options.encoding" must be "binary" or "utf8".'); + } + if (typeof message === "string") { + if (typeof Buffer !== "undefined") { + return Buffer.from(message, encoding); } - return rval; - }; - var _readRecord = function(c2) { - var rval = 0; - var b = c2.input; - var len = b.length(); - if (len < c2.record.length) { - rval = c2.record.length - len; - } else { - c2.record.fragment.putBytes(b.getBytes(c2.record.length)); - b.compact(); - var s = c2.state.current.read; - if (s.update(c2, c2.record)) { - if (c2.fragmented !== null) { - if (c2.fragmented.type === c2.record.type) { - c2.fragmented.fragment.putBuffer(c2.record.fragment); - c2.record = c2.fragmented; - } else { - c2.error(c2, { - message: "Invalid fragmented record.", - send: true, - alert: { - level: tls.Alert.Level.fatal, - description: tls.Alert.Description.unexpected_message - } - }); - } - } - c2.record.ready = true; - } - } - return rval; - }; - c.handshake = function(sessionId) { - if (c.entity !== tls.ConnectionEnd.client) { - c.error(c, { - message: "Cannot initiate handshake as a server.", - fatal: false - }); - } else if (c.handshaking) { - c.error(c, { - message: "Handshake already in progress.", - fatal: false - }); - } else { - if (c.fail && !c.open && c.handshakes === 0) { - c.fail = false; - } - c.handshaking = true; - sessionId = sessionId || ""; - var session = null; - if (sessionId.length > 0) { - if (c.sessionCache) { - session = c.sessionCache.getSession(sessionId); - } - if (session === null) { - sessionId = ""; - } - } - if (sessionId.length === 0 && c.sessionCache) { - session = c.sessionCache.getSession(); - if (session !== null) { - sessionId = session.id; - } - } - c.session = { - id: sessionId, - version: null, - cipherSuite: null, - compressionMethod: null, - serverCertificate: null, - certificateRequest: null, - clientCertificate: null, - sp: {}, - md5: forge.md.md5.create(), - sha1: forge.md.sha1.create() - }; - if (session) { - c.version = session.version; - c.session.sp = session.sp; - } - c.session.sp.client_random = tls.createRandom().getBytes(); - c.open = true; - tls.queue(c, tls.createRecord(c, { - type: tls.ContentType.handshake, - data: tls.createClientHello(c) - })); - tls.flush(c); - } - }; - c.process = function(data) { - var rval = 0; - if (data) { - c.input.putBytes(data); - } - if (!c.fail) { - if (c.record !== null && c.record.ready && c.record.fragment.isEmpty()) { - c.record = null; - } - if (c.record === null) { - rval = _readRecordHeader(c); - } - if (!c.fail && c.record !== null && !c.record.ready) { - rval = _readRecord(c); - } - if (!c.fail && c.record !== null && c.record.ready) { - _update(c, c.record); - } - } - return rval; - }; - c.prepare = function(data) { - tls.queue(c, tls.createRecord(c, { - type: tls.ContentType.application_data, - data: forge.util.createBuffer(data) - })); - return tls.flush(c); - }; - c.prepareHeartbeatRequest = function(payload, payloadLength) { - if (payload instanceof forge.util.ByteBuffer) { - payload = payload.bytes(); - } - if (typeof payloadLength === "undefined") { - payloadLength = payload.length; - } - c.expectedHeartbeatPayload = payload; - tls.queue(c, tls.createRecord(c, { - type: tls.ContentType.heartbeat, - data: tls.createHeartbeat( - tls.HeartbeatMessageType.heartbeat_request, - payload, - payloadLength - ) - })); - return tls.flush(c); - }; - c.close = function(clearFail) { - if (!c.fail && c.sessionCache && c.session) { - var session = { - id: c.session.id, - version: c.session.version, - sp: c.session.sp - }; - session.sp.keys = null; - c.sessionCache.setSession(session.id, session); - } - if (c.open) { - c.open = false; - c.input.clear(); - if (c.isConnected || c.handshaking) { - c.isConnected = c.handshaking = false; - tls.queue(c, tls.createAlert(c, { - level: tls.Alert.Level.warning, - description: tls.Alert.Description.close_notify - })); - tls.flush(c); - } - c.closed(c); - } - c.reset(clearFail); - }; - return c; - }; - module2.exports = forge.tls = forge.tls || {}; - for (key in tls) { - if (typeof tls[key] !== "function") { - forge.tls[key] = tls[key]; - } - } - var key; - forge.tls.prf_tls1 = prf_TLS1; - forge.tls.hmac_sha1 = hmac_sha1; - forge.tls.createSessionCache = tls.createSessionCache; - forge.tls.createConnection = tls.createConnection; - } -}); - -// node_modules/node-forge/lib/aesCipherSuites.js -var require_aesCipherSuites = __commonJS({ - "node_modules/node-forge/lib/aesCipherSuites.js"(exports2, module2) { - var forge = require_forge(); - require_aes(); - require_tls(); - var tls = module2.exports = forge.tls; - tls.CipherSuites["TLS_RSA_WITH_AES_128_CBC_SHA"] = { - id: [0, 47], - name: "TLS_RSA_WITH_AES_128_CBC_SHA", - initSecurityParameters: function(sp) { - sp.bulk_cipher_algorithm = tls.BulkCipherAlgorithm.aes; - sp.cipher_type = tls.CipherType.block; - sp.enc_key_length = 16; - sp.block_length = 16; - sp.fixed_iv_length = 16; - sp.record_iv_length = 16; - sp.mac_algorithm = tls.MACAlgorithm.hmac_sha1; - sp.mac_length = 20; - sp.mac_key_length = 20; - }, - initConnectionState - }; - tls.CipherSuites["TLS_RSA_WITH_AES_256_CBC_SHA"] = { - id: [0, 53], - name: "TLS_RSA_WITH_AES_256_CBC_SHA", - initSecurityParameters: function(sp) { - sp.bulk_cipher_algorithm = tls.BulkCipherAlgorithm.aes; - sp.cipher_type = tls.CipherType.block; - sp.enc_key_length = 32; - sp.block_length = 16; - sp.fixed_iv_length = 16; - sp.record_iv_length = 16; - sp.mac_algorithm = tls.MACAlgorithm.hmac_sha1; - sp.mac_length = 20; - sp.mac_key_length = 20; - }, - initConnectionState - }; - function initConnectionState(state, c, sp) { - var client = c.entity === forge.tls.ConnectionEnd.client; - state.read.cipherState = { - init: false, - cipher: forge.cipher.createDecipher("AES-CBC", client ? sp.keys.server_write_key : sp.keys.client_write_key), - iv: client ? sp.keys.server_write_IV : sp.keys.client_write_IV - }; - state.write.cipherState = { - init: false, - cipher: forge.cipher.createCipher("AES-CBC", client ? sp.keys.client_write_key : sp.keys.server_write_key), - iv: client ? sp.keys.client_write_IV : sp.keys.server_write_IV - }; - state.read.cipherFunction = decrypt_aes_cbc_sha1; - state.write.cipherFunction = encrypt_aes_cbc_sha1; - state.read.macLength = state.write.macLength = sp.mac_length; - state.read.macFunction = state.write.macFunction = tls.hmac_sha1; - } - function encrypt_aes_cbc_sha1(record, s) { - var rval = false; - var mac = s.macFunction(s.macKey, s.sequenceNumber, record); - record.fragment.putBytes(mac); - s.updateSequenceNumber(); - var iv; - if (record.version.minor === tls.Versions.TLS_1_0.minor) { - iv = s.cipherState.init ? null : s.cipherState.iv; - } else { - iv = forge.random.getBytesSync(16); - } - s.cipherState.init = true; - var cipher = s.cipherState.cipher; - cipher.start({ iv }); - if (record.version.minor >= tls.Versions.TLS_1_1.minor) { - cipher.output.putBytes(iv); + message = new ByteBuffer(message, encoding); + } else if (!(message instanceof ByteBuffer)) { + throw new TypeError( + '"options.message" must be a node.js Buffer, a Uint8Array, a forge ByteBuffer, or a string with "options.encoding" specifying its encoding.' + ); } - cipher.update(record.fragment); - if (cipher.finish(encrypt_aes_cbc_sha1_padding)) { - record.fragment = cipher.output; - record.length = record.fragment.length(); - rval = true; + var buffer = new NativeBuffer(message.length()); + for (var i = 0; i < buffer.length; ++i) { + buffer[i] = message.at(i); } - return rval; + return buffer; } - function encrypt_aes_cbc_sha1_padding(blockSize, input, decrypt) { - if (!decrypt) { - var padding = blockSize - input.length() % blockSize; - input.fillWithByte(padding - 1, padding); + var gf0 = gf(); + var gf1 = gf([1]); + var D = gf([ + 30883, + 4953, + 19914, + 30187, + 55467, + 16705, + 2637, + 112, + 59544, + 30585, + 16505, + 36039, + 65139, + 11119, + 27886, + 20995 + ]); + var D2 = gf([ + 61785, + 9906, + 39828, + 60374, + 45398, + 33411, + 5274, + 224, + 53552, + 61171, + 33010, + 6542, + 64743, + 22239, + 55772, + 9222 + ]); + var X = gf([ + 54554, + 36645, + 11616, + 51542, + 42930, + 38181, + 51040, + 26924, + 56412, + 64982, + 57905, + 49316, + 21502, + 52590, + 14035, + 8553 + ]); + var Y = gf([ + 26200, + 26214, + 26214, + 26214, + 26214, + 26214, + 26214, + 26214, + 26214, + 26214, + 26214, + 26214, + 26214, + 26214, + 26214, + 26214 + ]); + var L = new Float64Array([ + 237, + 211, + 245, + 92, + 26, + 99, + 18, + 88, + 214, + 156, + 247, + 162, + 222, + 249, + 222, + 20, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 16 + ]); + var I = gf([ + 41136, + 18958, + 6951, + 50414, + 58488, + 44335, + 6150, + 12099, + 55207, + 15867, + 153, + 11085, + 57099, + 20417, + 9344, + 11139 + ]); + function sha512(msg, msgLen) { + var md = forge.md.sha512.create(); + var buffer = new ByteBuffer(msg); + md.update(buffer.getBytes(msgLen), "binary"); + var hash = md.digest().getBytes(); + if (typeof Buffer !== "undefined") { + return Buffer.from(hash, "binary"); } - return true; - } - function decrypt_aes_cbc_sha1_padding(blockSize, output, decrypt) { - var rval = true; - if (decrypt) { - var len = output.length(); - var paddingLength = output.last(); - for (var i = len - 1 - paddingLength; i < len - 1; ++i) { - rval = rval && output.at(i) == paddingLength; - } - if (rval) { - output.truncate(paddingLength + 1); - } + var out = new NativeBuffer(ed25519.constants.HASH_BYTE_LENGTH); + for (var i = 0; i < 64; ++i) { + out[i] = hash.charCodeAt(i); } - return rval; + return out; } - function decrypt_aes_cbc_sha1(record, s) { - var rval = false; - var iv; - if (record.version.minor === tls.Versions.TLS_1_0.minor) { - iv = s.cipherState.init ? null : s.cipherState.iv; - } else { - iv = record.fragment.getBytes(16); - } - s.cipherState.init = true; - var cipher = s.cipherState.cipher; - cipher.start({ iv }); - cipher.update(record.fragment); - rval = cipher.finish(decrypt_aes_cbc_sha1_padding); - var macLen = s.macLength; - var mac = forge.random.getBytesSync(macLen); - var len = cipher.output.length(); - if (len >= macLen) { - record.fragment = cipher.output.getBytes(len - macLen); - mac = cipher.output.getBytes(macLen); - } else { - record.fragment = cipher.output.getBytes(); + function crypto_sign_keypair(pk, sk) { + var p = [gf(), gf(), gf(), gf()]; + var i; + var d = sha512(sk, 32); + d[0] &= 248; + d[31] &= 127; + d[31] |= 64; + scalarbase(p, d); + pack(pk, p); + for (i = 0; i < 32; ++i) { + sk[i + 32] = pk[i]; } - record.fragment = forge.util.createBuffer(record.fragment); - record.length = record.fragment.length(); - var mac2 = s.macFunction(s.macKey, s.sequenceNumber, record); - s.updateSequenceNumber(); - rval = compareMacs(s.macKey, mac, mac2) && rval; - return rval; - } - function compareMacs(key, mac1, mac2) { - var hmac = forge.hmac.create(); - hmac.start("SHA1", key); - hmac.update(mac1); - mac1 = hmac.digest().getBytes(); - hmac.start(null, null); - hmac.update(mac2); - mac2 = hmac.digest().getBytes(); - return mac1 === mac2; + return 0; } - } -}); - -// node_modules/node-forge/lib/sha512.js -var require_sha512 = __commonJS({ - "node_modules/node-forge/lib/sha512.js"(exports2, module2) { - var forge = require_forge(); - require_md(); - require_util9(); - var sha512 = module2.exports = forge.sha512 = forge.sha512 || {}; - forge.md.sha512 = forge.md.algorithms.sha512 = sha512; - var sha384 = forge.sha384 = forge.sha512.sha384 = forge.sha512.sha384 || {}; - sha384.create = function() { - return sha512.create("SHA-384"); - }; - forge.md.sha384 = forge.md.algorithms.sha384 = sha384; - forge.sha512.sha256 = forge.sha512.sha256 || { - create: function() { - return sha512.create("SHA-512/256"); + function crypto_sign(sm, m, n, sk) { + var i, j, x = new Float64Array(64); + var p = [gf(), gf(), gf(), gf()]; + var d = sha512(sk, 32); + d[0] &= 248; + d[31] &= 127; + d[31] |= 64; + var smlen = n + 64; + for (i = 0; i < n; ++i) { + sm[64 + i] = m[i]; } - }; - forge.md["sha512/256"] = forge.md.algorithms["sha512/256"] = forge.sha512.sha256; - forge.sha512.sha224 = forge.sha512.sha224 || { - create: function() { - return sha512.create("SHA-512/224"); + for (i = 0; i < 32; ++i) { + sm[32 + i] = d[32 + i]; } - }; - forge.md["sha512/224"] = forge.md.algorithms["sha512/224"] = forge.sha512.sha224; - sha512.create = function(algorithm) { - if (!_initialized) { - _init(); + var r = sha512(sm.subarray(32), n + 32); + reduce(r); + scalarbase(p, r); + pack(sm, p); + for (i = 32; i < 64; ++i) { + sm[i] = sk[i]; } - if (typeof algorithm === "undefined") { - algorithm = "SHA-512"; + var h = sha512(sm, n + 64); + reduce(h); + for (i = 32; i < 64; ++i) { + x[i] = 0; } - if (!(algorithm in _states)) { - throw new Error("Invalid SHA-512 algorithm: " + algorithm); + for (i = 0; i < 32; ++i) { + x[i] = r[i]; } - var _state = _states[algorithm]; - var _h = null; - var _input = forge.util.createBuffer(); - var _w = new Array(80); - for (var wi = 0; wi < 80; ++wi) { - _w[wi] = new Array(2); + for (i = 0; i < 32; ++i) { + for (j = 0; j < 32; j++) { + x[i + j] += h[i] * d[j]; + } } - var digestLength = 64; - switch (algorithm) { - case "SHA-384": - digestLength = 48; - break; - case "SHA-512/256": - digestLength = 32; - break; - case "SHA-512/224": - digestLength = 28; - break; + modL(sm.subarray(32), x); + return smlen; + } + function crypto_sign_open(m, sm, n, pk) { + var i, mlen; + var t = new NativeBuffer(32); + var p = [gf(), gf(), gf(), gf()], q = [gf(), gf(), gf(), gf()]; + mlen = -1; + if (n < 64) { + return -1; } - var md = { - // SHA-512 => sha512 - algorithm: algorithm.replace("-", "").toLowerCase(), - blockLength: 128, - digestLength, - // 56-bit length of message so far (does not including padding) - messageLength: 0, - // true message length - fullMessageLength: null, - // size of message length in bytes - messageLengthSize: 16 - }; - md.start = function() { - md.messageLength = 0; - md.fullMessageLength = md.messageLength128 = []; - var int32s = md.messageLengthSize / 4; - for (var i = 0; i < int32s; ++i) { - md.fullMessageLength.push(0); - } - _input = forge.util.createBuffer(); - _h = new Array(_state.length); - for (var i = 0; i < _state.length; ++i) { - _h[i] = _state[i].slice(0); - } - return md; - }; - md.start(); - md.update = function(msg, encoding) { - if (encoding === "utf8") { - msg = forge.util.encodeUtf8(msg); - } - var len = msg.length; - md.messageLength += len; - len = [len / 4294967296 >>> 0, len >>> 0]; - for (var i = md.fullMessageLength.length - 1; i >= 0; --i) { - md.fullMessageLength[i] += len[1]; - len[1] = len[0] + (md.fullMessageLength[i] / 4294967296 >>> 0); - md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0; - len[0] = len[1] / 4294967296 >>> 0; - } - _input.putBytes(msg); - _update(_h, _w, _input); - if (_input.read > 2048 || _input.length() === 0) { - _input.compact(); + if (unpackneg(q, pk)) { + return -1; + } + for (i = 0; i < n; ++i) { + m[i] = sm[i]; + } + for (i = 0; i < 32; ++i) { + m[i + 32] = pk[i]; + } + var h = sha512(m, n); + reduce(h); + scalarmult(p, q, h); + scalarbase(q, sm.subarray(32)); + add(p, q); + pack(t, p); + n -= 64; + if (crypto_verify_32(sm, 0, t, 0)) { + for (i = 0; i < n; ++i) { + m[i] = 0; } - return md; - }; - md.digest = function() { - var finalBlock = forge.util.createBuffer(); - finalBlock.putBytes(_input.bytes()); - var remaining = md.fullMessageLength[md.fullMessageLength.length - 1] + md.messageLengthSize; - var overflow = remaining & md.blockLength - 1; - finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow)); - var next, carry; - var bits = md.fullMessageLength[0] * 8; - for (var i = 0; i < md.fullMessageLength.length - 1; ++i) { - next = md.fullMessageLength[i + 1] * 8; - carry = next / 4294967296 >>> 0; - bits += carry; - finalBlock.putInt32(bits >>> 0); - bits = next >>> 0; + return -1; + } + for (i = 0; i < n; ++i) { + m[i] = sm[i + 64]; + } + mlen = n; + return mlen; + } + function modL(r, x) { + var carry, i, j, k; + for (i = 63; i >= 32; --i) { + carry = 0; + for (j = i - 32, k = i - 12; j < k; ++j) { + x[j] += carry - 16 * x[i] * L[j - (i - 32)]; + carry = x[j] + 128 >> 8; + x[j] -= carry * 256; } - finalBlock.putInt32(bits); - var h = new Array(_h.length); - for (var i = 0; i < _h.length; ++i) { - h[i] = _h[i].slice(0); + x[j] += carry; + x[i] = 0; + } + carry = 0; + for (j = 0; j < 32; ++j) { + x[j] += carry - (x[31] >> 4) * L[j]; + carry = x[j] >> 8; + x[j] &= 255; + } + for (j = 0; j < 32; ++j) { + x[j] -= carry * L[j]; + } + for (i = 0; i < 32; ++i) { + x[i + 1] += x[i] >> 8; + r[i] = x[i] & 255; + } + } + function reduce(r) { + var x = new Float64Array(64); + for (var i = 0; i < 64; ++i) { + x[i] = r[i]; + r[i] = 0; + } + modL(r, x); + } + function add(p, q) { + var a = gf(), b = gf(), c = gf(), d = gf(), e = gf(), f = gf(), g = gf(), h = gf(), t = gf(); + Z(a, p[1], p[0]); + Z(t, q[1], q[0]); + M(a, a, t); + A(b, p[0], p[1]); + A(t, q[0], q[1]); + M(b, b, t); + M(c, p[3], q[3]); + M(c, c, D2); + M(d, p[2], q[2]); + A(d, d, d); + Z(e, b, a); + Z(f, d, c); + A(g, d, c); + A(h, b, a); + M(p[0], e, f); + M(p[1], h, g); + M(p[2], g, f); + M(p[3], e, h); + } + function cswap(p, q, b) { + for (var i = 0; i < 4; ++i) { + sel25519(p[i], q[i], b); + } + } + function pack(r, p) { + var tx = gf(), ty = gf(), zi = gf(); + inv25519(zi, p[2]); + M(tx, p[0], zi); + M(ty, p[1], zi); + pack25519(r, ty); + r[31] ^= par25519(tx) << 7; + } + function pack25519(o, n) { + var i, j, b; + var m = gf(), t = gf(); + for (i = 0; i < 16; ++i) { + t[i] = n[i]; + } + car25519(t); + car25519(t); + car25519(t); + for (j = 0; j < 2; ++j) { + m[0] = t[0] - 65517; + for (i = 1; i < 15; ++i) { + m[i] = t[i] - 65535 - (m[i - 1] >> 16 & 1); + m[i - 1] &= 65535; } - _update(h, _w, finalBlock); - var rval = forge.util.createBuffer(); - var hlen; - if (algorithm === "SHA-512") { - hlen = h.length; - } else if (algorithm === "SHA-384") { - hlen = h.length - 2; - } else { - hlen = h.length - 4; + m[15] = t[15] - 32767 - (m[14] >> 16 & 1); + b = m[15] >> 16 & 1; + m[14] &= 65535; + sel25519(t, m, 1 - b); + } + for (i = 0; i < 16; i++) { + o[2 * i] = t[i] & 255; + o[2 * i + 1] = t[i] >> 8; + } + } + function unpackneg(r, p) { + var t = gf(), chk = gf(), num = gf(), den = gf(), den2 = gf(), den4 = gf(), den6 = gf(); + set25519(r[2], gf1); + unpack25519(r[1], p); + S(num, r[1]); + M(den, num, D); + Z(num, num, r[2]); + A(den, r[2], den); + S(den2, den); + S(den4, den2); + M(den6, den4, den2); + M(t, den6, num); + M(t, t, den); + pow2523(t, t); + M(t, t, num); + M(t, t, den); + M(t, t, den); + M(r[0], t, den); + S(chk, r[0]); + M(chk, chk, den); + if (neq25519(chk, num)) { + M(r[0], r[0], I); + } + S(chk, r[0]); + M(chk, chk, den); + if (neq25519(chk, num)) { + return -1; + } + if (par25519(r[0]) === p[31] >> 7) { + Z(r[0], gf0, r[0]); + } + M(r[3], r[0], r[1]); + return 0; + } + function unpack25519(o, n) { + var i; + for (i = 0; i < 16; ++i) { + o[i] = n[2 * i] + (n[2 * i + 1] << 8); + } + o[15] &= 32767; + } + function pow2523(o, i) { + var c = gf(); + var a; + for (a = 0; a < 16; ++a) { + c[a] = i[a]; + } + for (a = 250; a >= 0; --a) { + S(c, c); + if (a !== 1) { + M(c, c, i); } - for (var i = 0; i < hlen; ++i) { - rval.putInt32(h[i][0]); - if (i !== hlen - 1 || algorithm !== "SHA-512/224") { - rval.putInt32(h[i][1]); - } + } + for (a = 0; a < 16; ++a) { + o[a] = c[a]; + } + } + function neq25519(a, b) { + var c = new NativeBuffer(32); + var d = new NativeBuffer(32); + pack25519(c, a); + pack25519(d, b); + return crypto_verify_32(c, 0, d, 0); + } + function crypto_verify_32(x, xi, y, yi) { + return vn(x, xi, y, yi, 32); + } + function vn(x, xi, y, yi, n) { + var i, d = 0; + for (i = 0; i < n; ++i) { + d |= x[xi + i] ^ y[yi + i]; + } + return (1 & d - 1 >>> 8) - 1; + } + function par25519(a) { + var d = new NativeBuffer(32); + pack25519(d, a); + return d[0] & 1; + } + function scalarmult(p, q, s) { + var b, i; + set25519(p[0], gf0); + set25519(p[1], gf1); + set25519(p[2], gf1); + set25519(p[3], gf0); + for (i = 255; i >= 0; --i) { + b = s[i / 8 | 0] >> (i & 7) & 1; + cswap(p, q, b); + add(q, p); + add(p, p); + cswap(p, q, b); + } + } + function scalarbase(p, s) { + var q = [gf(), gf(), gf(), gf()]; + set25519(q[0], X); + set25519(q[1], Y); + set25519(q[2], gf1); + M(q[3], X, Y); + scalarmult(p, q, s); + } + function set25519(r, a) { + var i; + for (i = 0; i < 16; i++) { + r[i] = a[i] | 0; + } + } + function inv25519(o, i) { + var c = gf(); + var a; + for (a = 0; a < 16; ++a) { + c[a] = i[a]; + } + for (a = 253; a >= 0; --a) { + S(c, c); + if (a !== 2 && a !== 4) { + M(c, c, i); } - return rval; - }; - return md; - }; - var _padding = null; - var _initialized = false; - var _k = null; - var _states = null; - function _init() { - _padding = String.fromCharCode(128); - _padding += forge.util.fillString(String.fromCharCode(0), 128); - _k = [ - [1116352408, 3609767458], - [1899447441, 602891725], - [3049323471, 3964484399], - [3921009573, 2173295548], - [961987163, 4081628472], - [1508970993, 3053834265], - [2453635748, 2937671579], - [2870763221, 3664609560], - [3624381080, 2734883394], - [310598401, 1164996542], - [607225278, 1323610764], - [1426881987, 3590304994], - [1925078388, 4068182383], - [2162078206, 991336113], - [2614888103, 633803317], - [3248222580, 3479774868], - [3835390401, 2666613458], - [4022224774, 944711139], - [264347078, 2341262773], - [604807628, 2007800933], - [770255983, 1495990901], - [1249150122, 1856431235], - [1555081692, 3175218132], - [1996064986, 2198950837], - [2554220882, 3999719339], - [2821834349, 766784016], - [2952996808, 2566594879], - [3210313671, 3203337956], - [3336571891, 1034457026], - [3584528711, 2466948901], - [113926993, 3758326383], - [338241895, 168717936], - [666307205, 1188179964], - [773529912, 1546045734], - [1294757372, 1522805485], - [1396182291, 2643833823], - [1695183700, 2343527390], - [1986661051, 1014477480], - [2177026350, 1206759142], - [2456956037, 344077627], - [2730485921, 1290863460], - [2820302411, 3158454273], - [3259730800, 3505952657], - [3345764771, 106217008], - [3516065817, 3606008344], - [3600352804, 1432725776], - [4094571909, 1467031594], - [275423344, 851169720], - [430227734, 3100823752], - [506948616, 1363258195], - [659060556, 3750685593], - [883997877, 3785050280], - [958139571, 3318307427], - [1322822218, 3812723403], - [1537002063, 2003034995], - [1747873779, 3602036899], - [1955562222, 1575990012], - [2024104815, 1125592928], - [2227730452, 2716904306], - [2361852424, 442776044], - [2428436474, 593698344], - [2756734187, 3733110249], - [3204031479, 2999351573], - [3329325298, 3815920427], - [3391569614, 3928383900], - [3515267271, 566280711], - [3940187606, 3454069534], - [4118630271, 4000239992], - [116418474, 1914138554], - [174292421, 2731055270], - [289380356, 3203993006], - [460393269, 320620315], - [685471733, 587496836], - [852142971, 1086792851], - [1017036298, 365543100], - [1126000580, 2618297676], - [1288033470, 3409855158], - [1501505948, 4234509866], - [1607167915, 987167468], - [1816402316, 1246189591] - ]; - _states = {}; - _states["SHA-512"] = [ - [1779033703, 4089235720], - [3144134277, 2227873595], - [1013904242, 4271175723], - [2773480762, 1595750129], - [1359893119, 2917565137], - [2600822924, 725511199], - [528734635, 4215389547], - [1541459225, 327033209] - ]; - _states["SHA-384"] = [ - [3418070365, 3238371032], - [1654270250, 914150663], - [2438529370, 812702999], - [355462360, 4144912697], - [1731405415, 4290775857], - [2394180231, 1750603025], - [3675008525, 1694076839], - [1203062813, 3204075428] - ]; - _states["SHA-512/256"] = [ - [573645204, 4230739756], - [2673172387, 3360449730], - [596883563, 1867755857], - [2520282905, 1497426621], - [2519219938, 2827943907], - [3193839141, 1401305490], - [721525244, 746961066], - [246885852, 2177182882] - ]; - _states["SHA-512/224"] = [ - [2352822216, 424955298], - [1944164710, 2312950998], - [502970286, 855612546], - [1738396948, 1479516111], - [258812777, 2077511080], - [2011393907, 79989058], - [1067287976, 1780299464], - [286451373, 2446758561] - ]; - _initialized = true; + } + for (a = 0; a < 16; ++a) { + o[a] = c[a]; + } } - function _update(s, w, bytes) { - var t1_hi, t1_lo; - var t2_hi, t2_lo; - var s0_hi, s0_lo; - var s1_hi, s1_lo; - var ch_hi, ch_lo; - var maj_hi, maj_lo; - var a_hi, a_lo; - var b_hi, b_lo; - var c_hi, c_lo; - var d_hi, d_lo; - var e_hi, e_lo; - var f_hi, f_lo; - var g_hi, g_lo; - var h_hi, h_lo; - var i, hi, lo, w2, w7, w15, w16; - var len = bytes.length(); - while (len >= 128) { - for (i = 0; i < 16; ++i) { - w[i][0] = bytes.getInt32() >>> 0; - w[i][1] = bytes.getInt32() >>> 0; + function car25519(o) { + var i, v, c = 1; + for (i = 0; i < 16; ++i) { + v = o[i] + c + 65535; + c = Math.floor(v / 65536); + o[i] = v - c * 65536; + } + o[0] += c - 1 + 37 * (c - 1); + } + function sel25519(p, q, b) { + var t, c = ~(b - 1); + for (var i = 0; i < 16; ++i) { + t = c & (p[i] ^ q[i]); + p[i] ^= t; + q[i] ^= t; + } + } + function gf(init) { + var i, r = new Float64Array(16); + if (init) { + for (i = 0; i < init.length; ++i) { + r[i] = init[i]; } - for (; i < 80; ++i) { - w2 = w[i - 2]; - hi = w2[0]; - lo = w2[1]; - t1_hi = ((hi >>> 19 | lo << 13) ^ // ROTR 19 - (lo >>> 29 | hi << 3) ^ // ROTR 61/(swap + ROTR 29) - hi >>> 6) >>> 0; - t1_lo = ((hi << 13 | lo >>> 19) ^ // ROTR 19 - (lo << 3 | hi >>> 29) ^ // ROTR 61/(swap + ROTR 29) - (hi << 26 | lo >>> 6)) >>> 0; - w15 = w[i - 15]; - hi = w15[0]; - lo = w15[1]; - t2_hi = ((hi >>> 1 | lo << 31) ^ // ROTR 1 - (hi >>> 8 | lo << 24) ^ // ROTR 8 - hi >>> 7) >>> 0; - t2_lo = ((hi << 31 | lo >>> 1) ^ // ROTR 1 - (hi << 24 | lo >>> 8) ^ // ROTR 8 - (hi << 25 | lo >>> 7)) >>> 0; - w7 = w[i - 7]; - w16 = w[i - 16]; - lo = t1_lo + w7[1] + t2_lo + w16[1]; - w[i][0] = t1_hi + w7[0] + t2_hi + w16[0] + (lo / 4294967296 >>> 0) >>> 0; - w[i][1] = lo >>> 0; - } - a_hi = s[0][0]; - a_lo = s[0][1]; - b_hi = s[1][0]; - b_lo = s[1][1]; - c_hi = s[2][0]; - c_lo = s[2][1]; - d_hi = s[3][0]; - d_lo = s[3][1]; - e_hi = s[4][0]; - e_lo = s[4][1]; - f_hi = s[5][0]; - f_lo = s[5][1]; - g_hi = s[6][0]; - g_lo = s[6][1]; - h_hi = s[7][0]; - h_lo = s[7][1]; - for (i = 0; i < 80; ++i) { - s1_hi = ((e_hi >>> 14 | e_lo << 18) ^ // ROTR 14 - (e_hi >>> 18 | e_lo << 14) ^ // ROTR 18 - (e_lo >>> 9 | e_hi << 23)) >>> 0; - s1_lo = ((e_hi << 18 | e_lo >>> 14) ^ // ROTR 14 - (e_hi << 14 | e_lo >>> 18) ^ // ROTR 18 - (e_lo << 23 | e_hi >>> 9)) >>> 0; - ch_hi = (g_hi ^ e_hi & (f_hi ^ g_hi)) >>> 0; - ch_lo = (g_lo ^ e_lo & (f_lo ^ g_lo)) >>> 0; - s0_hi = ((a_hi >>> 28 | a_lo << 4) ^ // ROTR 28 - (a_lo >>> 2 | a_hi << 30) ^ // ROTR 34/(swap + ROTR 2) - (a_lo >>> 7 | a_hi << 25)) >>> 0; - s0_lo = ((a_hi << 4 | a_lo >>> 28) ^ // ROTR 28 - (a_lo << 30 | a_hi >>> 2) ^ // ROTR 34/(swap + ROTR 2) - (a_lo << 25 | a_hi >>> 7)) >>> 0; - maj_hi = (a_hi & b_hi | c_hi & (a_hi ^ b_hi)) >>> 0; - maj_lo = (a_lo & b_lo | c_lo & (a_lo ^ b_lo)) >>> 0; - lo = h_lo + s1_lo + ch_lo + _k[i][1] + w[i][1]; - t1_hi = h_hi + s1_hi + ch_hi + _k[i][0] + w[i][0] + (lo / 4294967296 >>> 0) >>> 0; - t1_lo = lo >>> 0; - lo = s0_lo + maj_lo; - t2_hi = s0_hi + maj_hi + (lo / 4294967296 >>> 0) >>> 0; - t2_lo = lo >>> 0; - h_hi = g_hi; - h_lo = g_lo; - g_hi = f_hi; - g_lo = f_lo; - f_hi = e_hi; - f_lo = e_lo; - lo = d_lo + t1_lo; - e_hi = d_hi + t1_hi + (lo / 4294967296 >>> 0) >>> 0; - e_lo = lo >>> 0; - d_hi = c_hi; - d_lo = c_lo; - c_hi = b_hi; - c_lo = b_lo; - b_hi = a_hi; - b_lo = a_lo; - lo = t1_lo + t2_lo; - a_hi = t1_hi + t2_hi + (lo / 4294967296 >>> 0) >>> 0; - a_lo = lo >>> 0; - } - lo = s[0][1] + a_lo; - s[0][0] = s[0][0] + a_hi + (lo / 4294967296 >>> 0) >>> 0; - s[0][1] = lo >>> 0; - lo = s[1][1] + b_lo; - s[1][0] = s[1][0] + b_hi + (lo / 4294967296 >>> 0) >>> 0; - s[1][1] = lo >>> 0; - lo = s[2][1] + c_lo; - s[2][0] = s[2][0] + c_hi + (lo / 4294967296 >>> 0) >>> 0; - s[2][1] = lo >>> 0; - lo = s[3][1] + d_lo; - s[3][0] = s[3][0] + d_hi + (lo / 4294967296 >>> 0) >>> 0; - s[3][1] = lo >>> 0; - lo = s[4][1] + e_lo; - s[4][0] = s[4][0] + e_hi + (lo / 4294967296 >>> 0) >>> 0; - s[4][1] = lo >>> 0; - lo = s[5][1] + f_lo; - s[5][0] = s[5][0] + f_hi + (lo / 4294967296 >>> 0) >>> 0; - s[5][1] = lo >>> 0; - lo = s[6][1] + g_lo; - s[6][0] = s[6][0] + g_hi + (lo / 4294967296 >>> 0) >>> 0; - s[6][1] = lo >>> 0; - lo = s[7][1] + h_lo; - s[7][0] = s[7][0] + h_hi + (lo / 4294967296 >>> 0) >>> 0; - s[7][1] = lo >>> 0; - len -= 128; } + return r; } - } -}); - -// node_modules/node-forge/lib/asn1-validator.js -var require_asn1_validator = __commonJS({ - "node_modules/node-forge/lib/asn1-validator.js"(exports2) { - var forge = require_forge(); - require_asn1(); - var asn1 = forge.asn1; - exports2.privateKeyValidator = { - // PrivateKeyInfo - name: "PrivateKeyInfo", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - // Version (INTEGER) - name: "PrivateKeyInfo.version", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.INTEGER, - constructed: false, - capture: "privateKeyVersion" - }, { - // privateKeyAlgorithm - name: "PrivateKeyInfo.privateKeyAlgorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "AlgorithmIdentifier.algorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "privateKeyOid" - }] - }, { - // PrivateKey - name: "PrivateKeyInfo", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OCTETSTRING, - constructed: false, - capture: "privateKey" - }] - }; - exports2.publicKeyValidator = { - name: "SubjectPublicKeyInfo", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - captureAsn1: "subjectPublicKeyInfo", - value: [ - { - name: "SubjectPublicKeyInfo.AlgorithmIdentifier", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - value: [{ - name: "AlgorithmIdentifier.algorithm", - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.OID, - constructed: false, - capture: "publicKeyOid" - }] - }, - // capture group for ed25519PublicKey - { - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.BITSTRING, - constructed: false, - composed: true, - captureBitStringValue: "ed25519PublicKey" - } - // FIXME: this is capture group for rsaPublicKey, use it in this API or - // discard? - /* { - // subjectPublicKey - name: 'SubjectPublicKeyInfo.subjectPublicKey', - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.BITSTRING, - constructed: false, - value: [{ - // RSAPublicKey - name: 'SubjectPublicKeyInfo.subjectPublicKey.RSAPublicKey', - tagClass: asn1.Class.UNIVERSAL, - type: asn1.Type.SEQUENCE, - constructed: true, - optional: true, - captureAsn1: 'rsaPublicKey' - }] - } */ - ] - }; - } -}); - -// node_modules/node-forge/lib/ed25519.js -var require_ed25519 = __commonJS({ - "node_modules/node-forge/lib/ed25519.js"(exports2, module2) { - var forge = require_forge(); - require_jsbn(); - require_random(); - require_sha512(); - require_util9(); - var asn1Validator = require_asn1_validator(); - var publicKeyValidator = asn1Validator.publicKeyValidator; - var privateKeyValidator = asn1Validator.privateKeyValidator; - if (typeof BigInteger === "undefined") { - BigInteger = forge.jsbn.BigInteger; - } - var BigInteger; - var ByteBuffer = forge.util.ByteBuffer; - var NativeBuffer = typeof Buffer === "undefined" ? Uint8Array : Buffer; - forge.pki = forge.pki || {}; - module2.exports = forge.pki.ed25519 = forge.ed25519 = forge.ed25519 || {}; - var ed25519 = forge.ed25519; - ed25519.constants = {}; - ed25519.constants.PUBLIC_KEY_BYTE_LENGTH = 32; - ed25519.constants.PRIVATE_KEY_BYTE_LENGTH = 64; - ed25519.constants.SEED_BYTE_LENGTH = 32; - ed25519.constants.SIGN_BYTE_LENGTH = 64; - ed25519.constants.HASH_BYTE_LENGTH = 64; - ed25519.generateKeyPair = function(options) { - options = options || {}; - var seed = options.seed; - if (seed === void 0) { - seed = forge.random.getBytesSync(ed25519.constants.SEED_BYTE_LENGTH); - } else if (typeof seed === "string") { - if (seed.length !== ed25519.constants.SEED_BYTE_LENGTH) { - throw new TypeError( - '"seed" must be ' + ed25519.constants.SEED_BYTE_LENGTH + " bytes in length." - ); - } - } else if (!(seed instanceof Uint8Array)) { - throw new TypeError( - '"seed" must be a node.js Buffer, Uint8Array, or a binary string.' - ); - } - seed = messageToNativeBuffer({ message: seed, encoding: "binary" }); - var pk = new NativeBuffer(ed25519.constants.PUBLIC_KEY_BYTE_LENGTH); - var sk = new NativeBuffer(ed25519.constants.PRIVATE_KEY_BYTE_LENGTH); - for (var i = 0; i < 32; ++i) { - sk[i] = seed[i]; - } - crypto_sign_keypair(pk, sk); - return { publicKey: pk, privateKey: sk }; - }; - ed25519.privateKeyFromAsn1 = function(obj) { - var capture = {}; - var errors = []; - var valid2 = forge.asn1.validate(obj, privateKeyValidator, capture, errors); - if (!valid2) { - var error3 = new Error("Invalid Key."); - error3.errors = errors; - throw error3; - } - var oid = forge.asn1.derToOid(capture.privateKeyOid); - var ed25519Oid = forge.oids.EdDSA25519; - if (oid !== ed25519Oid) { - throw new Error('Invalid OID "' + oid + '"; OID must be "' + ed25519Oid + '".'); - } - var privateKey = capture.privateKey; - var privateKeyBytes = messageToNativeBuffer({ - message: forge.asn1.fromDer(privateKey).value, - encoding: "binary" - }); - return { privateKeyBytes }; - }; - ed25519.publicKeyFromAsn1 = function(obj) { - var capture = {}; - var errors = []; - var valid2 = forge.asn1.validate(obj, publicKeyValidator, capture, errors); - if (!valid2) { - var error3 = new Error("Invalid Key."); - error3.errors = errors; - throw error3; - } - var oid = forge.asn1.derToOid(capture.publicKeyOid); - var ed25519Oid = forge.oids.EdDSA25519; - if (oid !== ed25519Oid) { - throw new Error('Invalid OID "' + oid + '"; OID must be "' + ed25519Oid + '".'); - } - var publicKeyBytes = capture.ed25519PublicKey; - if (publicKeyBytes.length !== ed25519.constants.PUBLIC_KEY_BYTE_LENGTH) { - throw new Error("Key length is invalid."); - } - return messageToNativeBuffer({ - message: publicKeyBytes, - encoding: "binary" - }); - }; - ed25519.publicKeyFromPrivateKey = function(options) { - options = options || {}; - var privateKey = messageToNativeBuffer({ - message: options.privateKey, - encoding: "binary" - }); - if (privateKey.length !== ed25519.constants.PRIVATE_KEY_BYTE_LENGTH) { - throw new TypeError( - '"options.privateKey" must have a byte length of ' + ed25519.constants.PRIVATE_KEY_BYTE_LENGTH - ); - } - var pk = new NativeBuffer(ed25519.constants.PUBLIC_KEY_BYTE_LENGTH); - for (var i = 0; i < pk.length; ++i) { - pk[i] = privateKey[32 + i]; - } - return pk; - }; - ed25519.sign = function(options) { - options = options || {}; - var msg = messageToNativeBuffer(options); - var privateKey = messageToNativeBuffer({ - message: options.privateKey, - encoding: "binary" - }); - if (privateKey.length === ed25519.constants.SEED_BYTE_LENGTH) { - var keyPair = ed25519.generateKeyPair({ seed: privateKey }); - privateKey = keyPair.privateKey; - } else if (privateKey.length !== ed25519.constants.PRIVATE_KEY_BYTE_LENGTH) { - throw new TypeError( - '"options.privateKey" must have a byte length of ' + ed25519.constants.SEED_BYTE_LENGTH + " or " + ed25519.constants.PRIVATE_KEY_BYTE_LENGTH - ); - } - var signedMsg = new NativeBuffer( - ed25519.constants.SIGN_BYTE_LENGTH + msg.length - ); - crypto_sign(signedMsg, msg, msg.length, privateKey); - var sig = new NativeBuffer(ed25519.constants.SIGN_BYTE_LENGTH); - for (var i = 0; i < sig.length; ++i) { - sig[i] = signedMsg[i]; - } - return sig; - }; - ed25519.verify = function(options) { - options = options || {}; - var msg = messageToNativeBuffer(options); - if (options.signature === void 0) { - throw new TypeError( - '"options.signature" must be a node.js Buffer, a Uint8Array, a forge ByteBuffer, or a binary string.' - ); - } - var sig = messageToNativeBuffer({ - message: options.signature, - encoding: "binary" - }); - if (sig.length !== ed25519.constants.SIGN_BYTE_LENGTH) { - throw new TypeError( - '"options.signature" must have a byte length of ' + ed25519.constants.SIGN_BYTE_LENGTH - ); - } - var publicKey = messageToNativeBuffer({ - message: options.publicKey, - encoding: "binary" - }); - if (publicKey.length !== ed25519.constants.PUBLIC_KEY_BYTE_LENGTH) { - throw new TypeError( - '"options.publicKey" must have a byte length of ' + ed25519.constants.PUBLIC_KEY_BYTE_LENGTH - ); - } - var sm = new NativeBuffer(ed25519.constants.SIGN_BYTE_LENGTH + msg.length); - var m = new NativeBuffer(ed25519.constants.SIGN_BYTE_LENGTH + msg.length); - var i; - for (i = 0; i < ed25519.constants.SIGN_BYTE_LENGTH; ++i) { - sm[i] = sig[i]; - } - for (i = 0; i < msg.length; ++i) { - sm[i + ed25519.constants.SIGN_BYTE_LENGTH] = msg[i]; - } - return crypto_sign_open(m, sm, sm.length, publicKey) >= 0; - }; - function messageToNativeBuffer(options) { - var message = options.message; - if (message instanceof Uint8Array || message instanceof NativeBuffer) { - return message; - } - var encoding = options.encoding; - if (message === void 0) { - if (options.md) { - message = options.md.digest().getBytes(); - encoding = "binary"; - } else { - throw new TypeError('"options.message" or "options.md" not specified.'); - } - } - if (typeof message === "string" && !encoding) { - throw new TypeError('"options.encoding" must be "binary" or "utf8".'); - } - if (typeof message === "string") { - if (typeof Buffer !== "undefined") { - return Buffer.from(message, encoding); - } - message = new ByteBuffer(message, encoding); - } else if (!(message instanceof ByteBuffer)) { - throw new TypeError( - '"options.message" must be a node.js Buffer, a Uint8Array, a forge ByteBuffer, or a string with "options.encoding" specifying its encoding.' - ); + function A(o, a, b) { + for (var i = 0; i < 16; ++i) { + o[i] = a[i] + b[i]; } - var buffer = new NativeBuffer(message.length()); - for (var i = 0; i < buffer.length; ++i) { - buffer[i] = message.at(i); - } - return buffer; - } - var gf0 = gf(); - var gf1 = gf([1]); - var D = gf([ - 30883, - 4953, - 19914, - 30187, - 55467, - 16705, - 2637, - 112, - 59544, - 30585, - 16505, - 36039, - 65139, - 11119, - 27886, - 20995 - ]); - var D2 = gf([ - 61785, - 9906, - 39828, - 60374, - 45398, - 33411, - 5274, - 224, - 53552, - 61171, - 33010, - 6542, - 64743, - 22239, - 55772, - 9222 - ]); - var X = gf([ - 54554, - 36645, - 11616, - 51542, - 42930, - 38181, - 51040, - 26924, - 56412, - 64982, - 57905, - 49316, - 21502, - 52590, - 14035, - 8553 - ]); - var Y = gf([ - 26200, - 26214, - 26214, - 26214, - 26214, - 26214, - 26214, - 26214, - 26214, - 26214, - 26214, - 26214, - 26214, - 26214, - 26214, - 26214 - ]); - var L = new Float64Array([ - 237, - 211, - 245, - 92, - 26, - 99, - 18, - 88, - 214, - 156, - 247, - 162, - 222, - 249, - 222, - 20, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 16 - ]); - var I = gf([ - 41136, - 18958, - 6951, - 50414, - 58488, - 44335, - 6150, - 12099, - 55207, - 15867, - 153, - 11085, - 57099, - 20417, - 9344, - 11139 - ]); - function sha512(msg, msgLen) { - var md = forge.md.sha512.create(); - var buffer = new ByteBuffer(msg); - md.update(buffer.getBytes(msgLen), "binary"); - var hash = md.digest().getBytes(); - if (typeof Buffer !== "undefined") { - return Buffer.from(hash, "binary"); - } - var out = new NativeBuffer(ed25519.constants.HASH_BYTE_LENGTH); - for (var i = 0; i < 64; ++i) { - out[i] = hash.charCodeAt(i); - } - return out; - } - function crypto_sign_keypair(pk, sk) { - var p = [gf(), gf(), gf(), gf()]; - var i; - var d = sha512(sk, 32); - d[0] &= 248; - d[31] &= 127; - d[31] |= 64; - scalarbase(p, d); - pack(pk, p); - for (i = 0; i < 32; ++i) { - sk[i + 32] = pk[i]; - } - return 0; - } - function crypto_sign(sm, m, n, sk) { - var i, j, x = new Float64Array(64); - var p = [gf(), gf(), gf(), gf()]; - var d = sha512(sk, 32); - d[0] &= 248; - d[31] &= 127; - d[31] |= 64; - var smlen = n + 64; - for (i = 0; i < n; ++i) { - sm[64 + i] = m[i]; - } - for (i = 0; i < 32; ++i) { - sm[32 + i] = d[32 + i]; - } - var r = sha512(sm.subarray(32), n + 32); - reduce(r); - scalarbase(p, r); - pack(sm, p); - for (i = 32; i < 64; ++i) { - sm[i] = sk[i]; - } - var h = sha512(sm, n + 64); - reduce(h); - for (i = 32; i < 64; ++i) { - x[i] = 0; - } - for (i = 0; i < 32; ++i) { - x[i] = r[i]; - } - for (i = 0; i < 32; ++i) { - for (j = 0; j < 32; j++) { - x[i + j] += h[i] * d[j]; - } - } - modL(sm.subarray(32), x); - return smlen; - } - function crypto_sign_open(m, sm, n, pk) { - var i, mlen; - var t = new NativeBuffer(32); - var p = [gf(), gf(), gf(), gf()], q = [gf(), gf(), gf(), gf()]; - mlen = -1; - if (n < 64) { - return -1; - } - if (unpackneg(q, pk)) { - return -1; - } - for (i = 0; i < n; ++i) { - m[i] = sm[i]; - } - for (i = 0; i < 32; ++i) { - m[i + 32] = pk[i]; - } - var h = sha512(m, n); - reduce(h); - scalarmult(p, q, h); - scalarbase(q, sm.subarray(32)); - add(p, q); - pack(t, p); - n -= 64; - if (crypto_verify_32(sm, 0, t, 0)) { - for (i = 0; i < n; ++i) { - m[i] = 0; - } - return -1; - } - for (i = 0; i < n; ++i) { - m[i] = sm[i + 64]; - } - mlen = n; - return mlen; - } - function modL(r, x) { - var carry, i, j, k; - for (i = 63; i >= 32; --i) { - carry = 0; - for (j = i - 32, k = i - 12; j < k; ++j) { - x[j] += carry - 16 * x[i] * L[j - (i - 32)]; - carry = x[j] + 128 >> 8; - x[j] -= carry * 256; - } - x[j] += carry; - x[i] = 0; - } - carry = 0; - for (j = 0; j < 32; ++j) { - x[j] += carry - (x[31] >> 4) * L[j]; - carry = x[j] >> 8; - x[j] &= 255; - } - for (j = 0; j < 32; ++j) { - x[j] -= carry * L[j]; - } - for (i = 0; i < 32; ++i) { - x[i + 1] += x[i] >> 8; - r[i] = x[i] & 255; - } - } - function reduce(r) { - var x = new Float64Array(64); - for (var i = 0; i < 64; ++i) { - x[i] = r[i]; - r[i] = 0; - } - modL(r, x); - } - function add(p, q) { - var a = gf(), b = gf(), c = gf(), d = gf(), e = gf(), f = gf(), g = gf(), h = gf(), t = gf(); - Z(a, p[1], p[0]); - Z(t, q[1], q[0]); - M(a, a, t); - A(b, p[0], p[1]); - A(t, q[0], q[1]); - M(b, b, t); - M(c, p[3], q[3]); - M(c, c, D2); - M(d, p[2], q[2]); - A(d, d, d); - Z(e, b, a); - Z(f, d, c); - A(g, d, c); - A(h, b, a); - M(p[0], e, f); - M(p[1], h, g); - M(p[2], g, f); - M(p[3], e, h); - } - function cswap(p, q, b) { - for (var i = 0; i < 4; ++i) { - sel25519(p[i], q[i], b); - } - } - function pack(r, p) { - var tx = gf(), ty = gf(), zi = gf(); - inv25519(zi, p[2]); - M(tx, p[0], zi); - M(ty, p[1], zi); - pack25519(r, ty); - r[31] ^= par25519(tx) << 7; - } - function pack25519(o, n) { - var i, j, b; - var m = gf(), t = gf(); - for (i = 0; i < 16; ++i) { - t[i] = n[i]; - } - car25519(t); - car25519(t); - car25519(t); - for (j = 0; j < 2; ++j) { - m[0] = t[0] - 65517; - for (i = 1; i < 15; ++i) { - m[i] = t[i] - 65535 - (m[i - 1] >> 16 & 1); - m[i - 1] &= 65535; - } - m[15] = t[15] - 32767 - (m[14] >> 16 & 1); - b = m[15] >> 16 & 1; - m[14] &= 65535; - sel25519(t, m, 1 - b); - } - for (i = 0; i < 16; i++) { - o[2 * i] = t[i] & 255; - o[2 * i + 1] = t[i] >> 8; - } - } - function unpackneg(r, p) { - var t = gf(), chk = gf(), num = gf(), den = gf(), den2 = gf(), den4 = gf(), den6 = gf(); - set25519(r[2], gf1); - unpack25519(r[1], p); - S(num, r[1]); - M(den, num, D); - Z(num, num, r[2]); - A(den, r[2], den); - S(den2, den); - S(den4, den2); - M(den6, den4, den2); - M(t, den6, num); - M(t, t, den); - pow2523(t, t); - M(t, t, num); - M(t, t, den); - M(t, t, den); - M(r[0], t, den); - S(chk, r[0]); - M(chk, chk, den); - if (neq25519(chk, num)) { - M(r[0], r[0], I); - } - S(chk, r[0]); - M(chk, chk, den); - if (neq25519(chk, num)) { - return -1; - } - if (par25519(r[0]) === p[31] >> 7) { - Z(r[0], gf0, r[0]); - } - M(r[3], r[0], r[1]); - return 0; - } - function unpack25519(o, n) { - var i; - for (i = 0; i < 16; ++i) { - o[i] = n[2 * i] + (n[2 * i + 1] << 8); - } - o[15] &= 32767; - } - function pow2523(o, i) { - var c = gf(); - var a; - for (a = 0; a < 16; ++a) { - c[a] = i[a]; - } - for (a = 250; a >= 0; --a) { - S(c, c); - if (a !== 1) { - M(c, c, i); - } - } - for (a = 0; a < 16; ++a) { - o[a] = c[a]; - } - } - function neq25519(a, b) { - var c = new NativeBuffer(32); - var d = new NativeBuffer(32); - pack25519(c, a); - pack25519(d, b); - return crypto_verify_32(c, 0, d, 0); - } - function crypto_verify_32(x, xi, y, yi) { - return vn(x, xi, y, yi, 32); - } - function vn(x, xi, y, yi, n) { - var i, d = 0; - for (i = 0; i < n; ++i) { - d |= x[xi + i] ^ y[yi + i]; - } - return (1 & d - 1 >>> 8) - 1; - } - function par25519(a) { - var d = new NativeBuffer(32); - pack25519(d, a); - return d[0] & 1; - } - function scalarmult(p, q, s) { - var b, i; - set25519(p[0], gf0); - set25519(p[1], gf1); - set25519(p[2], gf1); - set25519(p[3], gf0); - for (i = 255; i >= 0; --i) { - b = s[i / 8 | 0] >> (i & 7) & 1; - cswap(p, q, b); - add(q, p); - add(p, p); - cswap(p, q, b); - } - } - function scalarbase(p, s) { - var q = [gf(), gf(), gf(), gf()]; - set25519(q[0], X); - set25519(q[1], Y); - set25519(q[2], gf1); - M(q[3], X, Y); - scalarmult(p, q, s); - } - function set25519(r, a) { - var i; - for (i = 0; i < 16; i++) { - r[i] = a[i] | 0; - } - } - function inv25519(o, i) { - var c = gf(); - var a; - for (a = 0; a < 16; ++a) { - c[a] = i[a]; - } - for (a = 253; a >= 0; --a) { - S(c, c); - if (a !== 2 && a !== 4) { - M(c, c, i); - } - } - for (a = 0; a < 16; ++a) { - o[a] = c[a]; - } - } - function car25519(o) { - var i, v, c = 1; - for (i = 0; i < 16; ++i) { - v = o[i] + c + 65535; - c = Math.floor(v / 65536); - o[i] = v - c * 65536; - } - o[0] += c - 1 + 37 * (c - 1); - } - function sel25519(p, q, b) { - var t, c = ~(b - 1); - for (var i = 0; i < 16; ++i) { - t = c & (p[i] ^ q[i]); - p[i] ^= t; - q[i] ^= t; - } - } - function gf(init) { - var i, r = new Float64Array(16); - if (init) { - for (i = 0; i < init.length; ++i) { - r[i] = init[i]; - } - } - return r; - } - function A(o, a, b) { - for (var i = 0; i < 16; ++i) { - o[i] = a[i] + b[i]; - } - } - function Z(o, a, b) { - for (var i = 0; i < 16; ++i) { - o[i] = a[i] - b[i]; + } + function Z(o, a, b) { + for (var i = 0; i < 16; ++i) { + o[i] = a[i] - b[i]; } } function S(o, a) { @@ -42045,8 +39293,8 @@ var require_context = __commonJS({ if ((0, fs_1.existsSync)(process.env.GITHUB_EVENT_PATH)) { this.payload = JSON.parse((0, fs_1.readFileSync)(process.env.GITHUB_EVENT_PATH, { encoding: "utf8" })); } else { - const path2 = process.env.GITHUB_EVENT_PATH; - process.stdout.write(`GITHUB_EVENT_PATH ${path2} does not exist${os_1.EOL}`); + const path3 = process.env.GITHUB_EVENT_PATH; + process.stdout.write(`GITHUB_EVENT_PATH ${path3} does not exist${os_1.EOL}`); } } this.eventName = process.env.GITHUB_EVENT_NAME; @@ -42370,7 +39618,7 @@ var require_errors2 = __commonJS({ }); // node_modules/undici/lib/core/constants.js -var require_constants7 = __commonJS({ +var require_constants6 = __commonJS({ "node_modules/undici/lib/core/constants.js"(exports2, module2) { "use strict"; var headerNameLowerCasedRecord = {}; @@ -42497,7 +39745,7 @@ var require_util10 = __commonJS({ var { Blob: Blob2 } = require("buffer"); var nodeUtil = require("util"); var { stringify } = require("querystring"); - var { headerNameLowerCasedRecord } = require_constants7(); + var { headerNameLowerCasedRecord } = require_constants6(); var [nodeMajor, nodeMinor] = process.versions.node.split(".").map((v) => Number(v)); function nop() { } @@ -42549,14 +39797,14 @@ var require_util10 = __commonJS({ } const port = url.port != null ? url.port : url.protocol === "https:" ? 443 : 80; let origin = url.origin != null ? url.origin : `${url.protocol}//${url.hostname}:${port}`; - let path2 = url.path != null ? url.path : `${url.pathname || ""}${url.search || ""}`; + let path3 = url.path != null ? url.path : `${url.pathname || ""}${url.search || ""}`; if (origin.endsWith("/")) { origin = origin.substring(0, origin.length - 1); } - if (path2 && !path2.startsWith("/")) { - path2 = `/${path2}`; + if (path3 && !path3.startsWith("/")) { + path3 = `/${path3}`; } - url = new URL(origin + path2); + url = new URL(origin + path3); } return url; } @@ -44170,20 +41418,20 @@ var require_parseParams = __commonJS({ var require_basename = __commonJS({ "node_modules/@fastify/busboy/lib/utils/basename.js"(exports2, module2) { "use strict"; - module2.exports = function basename(path2) { - if (typeof path2 !== "string") { + module2.exports = function basename(path3) { + if (typeof path3 !== "string") { return ""; } - for (var i = path2.length - 1; i >= 0; --i) { - switch (path2.charCodeAt(i)) { + for (var i = path3.length - 1; i >= 0; --i) { + switch (path3.charCodeAt(i)) { case 47: // '/' case 92: - path2 = path2.slice(i + 1); - return path2 === ".." || path2 === "." ? "" : path2; + path3 = path3.slice(i + 1); + return path3 === ".." || path3 === "." ? "" : path3; } } - return path2 === ".." || path2 === "." ? "" : path2; + return path3 === ".." || path3 === "." ? "" : path3; }; } }); @@ -44942,7 +42190,7 @@ var require_main = __commonJS({ }); // node_modules/undici/lib/fetch/constants.js -var require_constants8 = __commonJS({ +var require_constants7 = __commonJS({ "node_modules/undici/lib/fetch/constants.js"(exports2, module2) { "use strict"; var { MessageChannel, receiveMessageOnPort } = require("worker_threads"); @@ -45180,7 +42428,7 @@ var require_global3 = __commonJS({ var require_util11 = __commonJS({ "node_modules/undici/lib/fetch/util.js"(exports2, module2) { "use strict"; - var { redirectStatusSet, referrerPolicySet: referrerPolicyTokens, badPortsSet } = require_constants8(); + var { redirectStatusSet, referrerPolicySet: referrerPolicyTokens, badPortsSet } = require_constants7(); var { getGlobalOrigin } = require_global3(); var { performance: performance2 } = require("perf_hooks"); var { isBlobLike, toUSVString, ReadableStreamFrom } = require_util10(); @@ -46819,7 +44067,7 @@ var require_body2 = __commonJS({ var { FormData: FormData2 } = require_formdata2(); var { kState } = require_symbols7(); var { webidl } = require_webidl2(); - var { DOMException: DOMException2, structuredClone } = require_constants8(); + var { DOMException: DOMException2, structuredClone } = require_constants7(); var { Blob: Blob2, File: NativeFile } = require("buffer"); var { kBodyUsed } = require_symbols6(); var assert = require("assert"); @@ -47213,7 +44461,7 @@ var require_request3 = __commonJS({ } var Request = class _Request { constructor(origin, { - path: path2, + path: path3, method, body, headers, @@ -47227,11 +44475,11 @@ var require_request3 = __commonJS({ throwOnError, expectContinue }, handler2) { - if (typeof path2 !== "string") { + if (typeof path3 !== "string") { throw new InvalidArgumentError("path must be a string"); - } else if (path2[0] !== "/" && !(path2.startsWith("http://") || path2.startsWith("https://")) && method !== "CONNECT") { + } else if (path3[0] !== "/" && !(path3.startsWith("http://") || path3.startsWith("https://")) && method !== "CONNECT") { throw new InvalidArgumentError("path must be an absolute URL or start with a slash"); - } else if (invalidPathRegex.exec(path2) !== null) { + } else if (invalidPathRegex.exec(path3) !== null) { throw new InvalidArgumentError("invalid request path"); } if (typeof method !== "string") { @@ -47294,7 +44542,7 @@ var require_request3 = __commonJS({ this.completed = false; this.aborted = false; this.upgrade = upgrade || null; - this.path = query ? util.buildURL(path2, query) : path2; + this.path = query ? util.buildURL(path3, query) : path3; this.origin = origin; this.idempotent = idempotent == null ? method === "HEAD" || method === "GET" : idempotent; this.blocking = blocking == null ? false : blocking; @@ -47910,7 +45158,7 @@ var require_utils3 = __commonJS({ }); // node_modules/undici/lib/llhttp/constants.js -var require_constants9 = __commonJS({ +var require_constants8 = __commonJS({ "node_modules/undici/lib/llhttp/constants.js"(exports2) { "use strict"; Object.defineProperty(exports2, "__esModule", { value: true }); @@ -48302,9 +45550,9 @@ var require_RedirectHandler = __commonJS({ return this.handler.onHeaders(statusCode, headers, resume, statusText); } const { origin, pathname, search } = util.parseURL(new URL(this.location, this.opts.origin && new URL(this.opts.path, this.opts.origin))); - const path2 = search ? `${pathname}${search}` : pathname; + const path3 = search ? `${pathname}${search}` : pathname; this.opts.headers = cleanRequestHeaders(this.opts.headers, statusCode === 303, this.opts.origin !== origin); - this.opts.path = path2; + this.opts.path = path3; this.opts.origin = origin; this.opts.maxRedirections = 0; this.opts.query = null; @@ -48800,7 +46048,7 @@ var require_client2 = __commonJS({ ); resume(client); } - var constants = require_constants9(); + var constants = require_constants8(); var createRedirectInterceptor = require_redirectInterceptor(); var EMPTY_BUF = Buffer.alloc(0); async function lazyllhttp() { @@ -49544,7 +46792,7 @@ var require_client2 = __commonJS({ writeH2(client, client[kHTTP2Session], request2); return; } - const { body, method, path: path2, host, upgrade, headers, blocking, reset } = request2; + const { body, method, path: path3, host, upgrade, headers, blocking, reset } = request2; const expectsPayload = method === "PUT" || method === "POST" || method === "PATCH"; if (body && typeof body.read === "function") { body.read(0); @@ -49594,7 +46842,7 @@ var require_client2 = __commonJS({ if (blocking) { socket[kBlocking] = true; } - let header = `${method} ${path2} HTTP/1.1\r + let header = `${method} ${path3} HTTP/1.1\r `; if (typeof host === "string") { header += `host: ${host}\r @@ -49657,7 +46905,7 @@ upgrade: ${upgrade}\r return true; } function writeH2(client, session, request2) { - const { body, method, path: path2, host, upgrade, expectContinue, signal, headers: reqHeaders } = request2; + const { body, method, path: path3, host, upgrade, expectContinue, signal, headers: reqHeaders } = request2; let headers; if (typeof reqHeaders === "string") headers = Request[kHTTP2CopyHeaders](reqHeaders.trim()); else headers = reqHeaders; @@ -49700,7 +46948,7 @@ upgrade: ${upgrade}\r }); return true; } - headers[HTTP2_HEADER_PATH] = path2; + headers[HTTP2_HEADER_PATH] = path3; headers[HTTP2_HEADER_SCHEME] = "https"; const expectsPayload = method === "PUT" || method === "POST" || method === "PATCH"; if (body && typeof body.read === "function") { @@ -51940,20 +49188,20 @@ var require_mock_utils2 = __commonJS({ } return true; } - function safeUrl(path2) { - if (typeof path2 !== "string") { - return path2; + function safeUrl(path3) { + if (typeof path3 !== "string") { + return path3; } - const pathSegments = path2.split("?"); + const pathSegments = path3.split("?"); if (pathSegments.length !== 2) { - return path2; + return path3; } const qp = new URLSearchParams(pathSegments.pop()); qp.sort(); return [...pathSegments, qp.toString()].join("?"); } - function matchKey(mockDispatch2, { path: path2, method, body, headers }) { - const pathMatch = matchValue(mockDispatch2.path, path2); + function matchKey(mockDispatch2, { path: path3, method, body, headers }) { + const pathMatch = matchValue(mockDispatch2.path, path3); const methodMatch = matchValue(mockDispatch2.method, method); const bodyMatch = typeof mockDispatch2.body !== "undefined" ? matchValue(mockDispatch2.body, body) : true; const headersMatch = matchHeaders(mockDispatch2, headers); @@ -51971,7 +49219,7 @@ var require_mock_utils2 = __commonJS({ function getMockDispatch(mockDispatches, key) { const basePath = key.query ? buildURL(key.path, key.query) : key.path; const resolvedPath = typeof basePath === "string" ? safeUrl(basePath) : basePath; - let matchedMockDispatches = mockDispatches.filter(({ consumed }) => !consumed).filter(({ path: path2 }) => matchValue(safeUrl(path2), resolvedPath)); + let matchedMockDispatches = mockDispatches.filter(({ consumed }) => !consumed).filter(({ path: path3 }) => matchValue(safeUrl(path3), resolvedPath)); if (matchedMockDispatches.length === 0) { throw new MockNotMatchedError(`Mock dispatch not matched for path '${resolvedPath}'`); } @@ -52008,9 +49256,9 @@ var require_mock_utils2 = __commonJS({ } } function buildKey(opts) { - const { path: path2, method, body, headers, query } = opts; + const { path: path3, method, body, headers, query } = opts; return { - path: path2, + path: path3, method, body, headers, @@ -52459,10 +49707,10 @@ var require_pending_interceptors_formatter2 = __commonJS({ } format(pendingInterceptors) { const withPrettyHeaders = pendingInterceptors.map( - ({ method, path: path2, data: { statusCode }, persist, times, timesInvoked, origin }) => ({ + ({ method, path: path3, data: { statusCode }, persist, times, timesInvoked, origin }) => ({ Method: method, Origin: origin, - Path: path2, + Path: path3, "Status code": statusCode, Persistent: persist ? "\u2705" : "\u274C", Invocations: timesInvoked, @@ -53509,7 +50757,7 @@ var require_response2 = __commonJS({ redirectStatusSet, nullBodyStatus, DOMException: DOMException2 - } = require_constants8(); + } = require_constants7(); var { kState, kHeaders, kGuard, kRealm } = require_symbols7(); var { webidl } = require_webidl2(); var { FormData: FormData2 } = require_formdata2(); @@ -53891,7 +51139,7 @@ var require_request4 = __commonJS({ requestCredentials, requestCache, requestDuplex - } = require_constants8(); + } = require_constants7(); var { kEnumerableProperty } = util; var { kHeaders, kSignal, kState, kGuard, kRealm } = require_symbols7(); var { webidl } = require_webidl2(); @@ -54560,7 +51808,7 @@ var require_fetch2 = __commonJS({ requestBodyHeader, subresourceSet, DOMException: DOMException2 - } = require_constants8(); + } = require_constants7(); var { kHeadersList } = require_symbols6(); var EE = require("events"); var { Readable, pipeline } = require("stream"); @@ -55924,7 +53172,7 @@ var require_util13 = __commonJS({ } = require_symbols8(); var { ProgressEvent } = require_progressevent2(); var { getEncoding } = require_encoding2(); - var { DOMException: DOMException2 } = require_constants8(); + var { DOMException: DOMException2 } = require_constants7(); var { serializeAMimeType, parseMIMEType } = require_dataURL(); var { types } = require("util"); var { StringDecoder } = require("string_decoder"); @@ -57038,7 +54286,7 @@ var require_cachestorage2 = __commonJS({ }); // node_modules/undici/lib/cookies/constants.js -var require_constants10 = __commonJS({ +var require_constants9 = __commonJS({ "node_modules/undici/lib/cookies/constants.js"(exports2, module2) { "use strict"; var maxAttributeValueSize = 1024; @@ -57082,8 +54330,8 @@ var require_util15 = __commonJS({ } } } - function validateCookiePath(path2) { - for (const char of path2) { + function validateCookiePath(path3) { + for (const char of path3) { const code = char.charCodeAt(0); if (code < 33 || char === ";") { throw new Error("Invalid cookie path"); @@ -57196,10 +54444,10 @@ var require_util15 = __commonJS({ }); // node_modules/undici/lib/cookies/parse.js -var require_parse3 = __commonJS({ +var require_parse2 = __commonJS({ "node_modules/undici/lib/cookies/parse.js"(exports2, module2) { "use strict"; - var { maxNameValuePairSize, maxAttributeValueSize } = require_constants10(); + var { maxNameValuePairSize, maxAttributeValueSize } = require_constants9(); var { isCTLExcludingHtab } = require_util15(); var { collectASequenceOfCodePointsFast } = require_dataURL(); var assert = require("assert"); @@ -57339,7 +54587,7 @@ var require_parse3 = __commonJS({ var require_cookies2 = __commonJS({ "node_modules/undici/lib/cookies/index.js"(exports2, module2) { "use strict"; - var { parseSetCookie } = require_parse3(); + var { parseSetCookie } = require_parse2(); var { stringify } = require_util15(); var { webidl } = require_webidl2(); var { Headers } = require_headers2(); @@ -57464,7 +54712,7 @@ var require_cookies2 = __commonJS({ }); // node_modules/undici/lib/websocket/constants.js -var require_constants11 = __commonJS({ +var require_constants10 = __commonJS({ "node_modules/undici/lib/websocket/constants.js"(exports2, module2) { "use strict"; var uid = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"; @@ -57772,7 +55020,7 @@ var require_util16 = __commonJS({ "node_modules/undici/lib/websocket/util.js"(exports2, module2) { "use strict"; var { kReadyState, kController, kResponse, kBinaryType, kWebSocketURL } = require_symbols10(); - var { states, opcodes } = require_constants11(); + var { states, opcodes } = require_constants10(); var { MessageEvent, ErrorEvent } = require_events2(); function isEstablished(ws) { return ws[kReadyState] === states.OPEN; @@ -57862,7 +55110,7 @@ var require_connection2 = __commonJS({ "node_modules/undici/lib/websocket/connection.js"(exports2, module2) { "use strict"; var diagnosticsChannel = require("diagnostics_channel"); - var { uid, states } = require_constants11(); + var { uid, states } = require_constants10(); var { kReadyState, kSentClose, @@ -58009,7 +55257,7 @@ var require_connection2 = __commonJS({ var require_frame2 = __commonJS({ "node_modules/undici/lib/websocket/frame.js"(exports2, module2) { "use strict"; - var { maxUnsigned16Bit } = require_constants11(); + var { maxUnsigned16Bit } = require_constants10(); var crypto2; try { crypto2 = require("crypto"); @@ -58068,7 +55316,7 @@ var require_receiver2 = __commonJS({ "use strict"; var { Writable } = require("stream"); var diagnosticsChannel = require("diagnostics_channel"); - var { parserStates, opcodes, states, emptyBuffer } = require_constants11(); + var { parserStates, opcodes, states, emptyBuffer } = require_constants10(); var { kReadyState, kSentClose, kResponse, kReceivedClose } = require_symbols10(); var { isValidStatusCode, failWebsocketConnection, websocketMessageReceived } = require_util16(); var { WebsocketFrameSend } = require_frame2(); @@ -58303,10 +55551,10 @@ var require_websocket2 = __commonJS({ "node_modules/undici/lib/websocket/websocket.js"(exports2, module2) { "use strict"; var { webidl } = require_webidl2(); - var { DOMException: DOMException2 } = require_constants8(); + var { DOMException: DOMException2 } = require_constants7(); var { URLSerializer } = require_dataURL(); var { getGlobalOrigin } = require_global3(); - var { staticPropertyDescriptors, states, opcodes, emptyBuffer } = require_constants11(); + var { staticPropertyDescriptors, states, opcodes, emptyBuffer } = require_constants10(); var { kWebSocketURL, kReadyState, @@ -58763,11 +56011,11 @@ var require_undici2 = __commonJS({ if (typeof opts.path !== "string") { throw new InvalidArgumentError("invalid opts.path"); } - let path2 = opts.path; + let path3 = opts.path; if (!opts.path.startsWith("/")) { - path2 = `/${path2}`; + path3 = `/${path3}`; } - url = new URL(util.parseOrigin(url).origin + path2); + url = new URL(util.parseOrigin(url).origin + path3); } else { if (!opts) { opts = typeof url === "object" ? url : {}; @@ -62970,9 +60218,2435 @@ var init_dist_bundle5 = __esm({ } }); -// node_modules/@actions/github/lib/utils.js -var require_utils5 = __commonJS({ - "node_modules/@actions/github/lib/utils.js"(exports2) { +// node_modules/@actions/github/lib/utils.js +var require_utils5 = __commonJS({ + "node_modules/@actions/github/lib/utils.js"(exports2) { + "use strict"; + var __createBinding2 = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) { + if (k2 === void 0) k2 = k; + var desc = Object.getOwnPropertyDescriptor(m, k); + if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { + desc = { enumerable: true, get: function() { + return m[k]; + } }; + } + Object.defineProperty(o, k2, desc); + }) : (function(o, m, k, k2) { + if (k2 === void 0) k2 = k; + o[k2] = m[k]; + })); + var __setModuleDefault2 = exports2 && exports2.__setModuleDefault || (Object.create ? (function(o, v) { + Object.defineProperty(o, "default", { enumerable: true, value: v }); + }) : function(o, v) { + o["default"] = v; + }); + var __importStar2 = exports2 && exports2.__importStar || /* @__PURE__ */ (function() { + var ownKeys2 = function(o) { + ownKeys2 = Object.getOwnPropertyNames || function(o2) { + var ar = []; + for (var k in o2) if (Object.prototype.hasOwnProperty.call(o2, k)) ar[ar.length] = k; + return ar; + }; + return ownKeys2(o); + }; + return function(mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) { + for (var k = ownKeys2(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding2(result, mod, k[i]); + } + __setModuleDefault2(result, mod); + return result; + }; + })(); + Object.defineProperty(exports2, "__esModule", { value: true }); + exports2.GitHub = exports2.defaults = exports2.context = void 0; + exports2.getOctokitOptions = getOctokitOptions2; + var Context = __importStar2(require_context()); + var Utils = __importStar2(require_utils4()); + var core_1 = (init_dist_src2(), __toCommonJS(dist_src_exports)); + var plugin_rest_endpoint_methods_1 = (init_dist_src3(), __toCommonJS(dist_src_exports2)); + var plugin_paginate_rest_1 = (init_dist_bundle5(), __toCommonJS(dist_bundle_exports)); + exports2.context = new Context.Context(); + var baseUrl = Utils.getApiBaseUrl(); + exports2.defaults = { + baseUrl, + request: { + agent: Utils.getProxyAgent(baseUrl), + fetch: Utils.getProxyFetch(baseUrl) + } + }; + exports2.GitHub = core_1.Octokit.plugin(plugin_rest_endpoint_methods_1.restEndpointMethods, plugin_paginate_rest_1.paginateRest).defaults(exports2.defaults); + function getOctokitOptions2(token, options) { + const opts = Object.assign({}, options || {}); + const auth2 = Utils.getAuthString(token, opts); + if (auth2) { + opts.auth = auth2; + } + return opts; + } + } +}); + +// node_modules/@actions/github/lib/github.js +var require_github = __commonJS({ + "node_modules/@actions/github/lib/github.js"(exports2) { + "use strict"; + var __createBinding2 = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) { + if (k2 === void 0) k2 = k; + var desc = Object.getOwnPropertyDescriptor(m, k); + if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { + desc = { enumerable: true, get: function() { + return m[k]; + } }; + } + Object.defineProperty(o, k2, desc); + }) : (function(o, m, k, k2) { + if (k2 === void 0) k2 = k; + o[k2] = m[k]; + })); + var __setModuleDefault2 = exports2 && exports2.__setModuleDefault || (Object.create ? (function(o, v) { + Object.defineProperty(o, "default", { enumerable: true, value: v }); + }) : function(o, v) { + o["default"] = v; + }); + var __importStar2 = exports2 && exports2.__importStar || /* @__PURE__ */ (function() { + var ownKeys2 = function(o) { + ownKeys2 = Object.getOwnPropertyNames || function(o2) { + var ar = []; + for (var k in o2) if (Object.prototype.hasOwnProperty.call(o2, k)) ar[ar.length] = k; + return ar; + }; + return ownKeys2(o); + }; + return function(mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) { + for (var k = ownKeys2(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding2(result, mod, k[i]); + } + __setModuleDefault2(result, mod); + return result; + }; + })(); + Object.defineProperty(exports2, "__esModule", { value: true }); + exports2.context = void 0; + exports2.getOctokit = getOctokit; + var Context = __importStar2(require_context()); + var utils_1 = require_utils5(); + exports2.context = new Context.Context(); + function getOctokit(token, options, ...additionalPlugins) { + const GitHubWithPlugins = utils_1.GitHub.plugin(...additionalPlugins); + return new GitHubWithPlugins((0, utils_1.getOctokitOptions)(token, options)); + } + } +}); + +// node_modules/semver/internal/constants.js +var require_constants11 = __commonJS({ + "node_modules/semver/internal/constants.js"(exports2, module2) { + "use strict"; + var SEMVER_SPEC_VERSION = "2.0.0"; + var MAX_LENGTH = 256; + var MAX_SAFE_INTEGER = Number.MAX_SAFE_INTEGER || /* istanbul ignore next */ + 9007199254740991; + var MAX_SAFE_COMPONENT_LENGTH = 16; + var MAX_SAFE_BUILD_LENGTH = MAX_LENGTH - 6; + var RELEASE_TYPES = [ + "major", + "premajor", + "minor", + "preminor", + "patch", + "prepatch", + "prerelease" + ]; + module2.exports = { + MAX_LENGTH, + MAX_SAFE_COMPONENT_LENGTH, + MAX_SAFE_BUILD_LENGTH, + MAX_SAFE_INTEGER, + RELEASE_TYPES, + SEMVER_SPEC_VERSION, + FLAG_INCLUDE_PRERELEASE: 1, + FLAG_LOOSE: 2 + }; + } +}); + +// node_modules/semver/internal/debug.js +var require_debug = __commonJS({ + "node_modules/semver/internal/debug.js"(exports2, module2) { + "use strict"; + var debug5 = typeof process === "object" && process.env && process.env.NODE_DEBUG && /\bsemver\b/i.test(process.env.NODE_DEBUG) ? (...args) => console.error("SEMVER", ...args) : () => { + }; + module2.exports = debug5; + } +}); + +// node_modules/semver/internal/re.js +var require_re = __commonJS({ + "node_modules/semver/internal/re.js"(exports2, module2) { + "use strict"; + var { + MAX_SAFE_COMPONENT_LENGTH, + MAX_SAFE_BUILD_LENGTH, + MAX_LENGTH + } = require_constants11(); + var debug5 = require_debug(); + exports2 = module2.exports = {}; + var re = exports2.re = []; + var safeRe = exports2.safeRe = []; + var src = exports2.src = []; + var safeSrc = exports2.safeSrc = []; + var t = exports2.t = {}; + var R = 0; + var LETTERDASHNUMBER = "[a-zA-Z0-9-]"; + var safeRegexReplacements = [ + ["\\s", 1], + ["\\d", MAX_LENGTH], + [LETTERDASHNUMBER, MAX_SAFE_BUILD_LENGTH] + ]; + var makeSafeRegex = (value) => { + for (const [token, max] of safeRegexReplacements) { + value = value.split(`${token}*`).join(`${token}{0,${max}}`).split(`${token}+`).join(`${token}{1,${max}}`); + } + return value; + }; + var createToken = (name, value, isGlobal) => { + const safe = makeSafeRegex(value); + const index = R++; + debug5(name, index, value); + t[name] = index; + src[index] = value; + safeSrc[index] = safe; + re[index] = new RegExp(value, isGlobal ? "g" : void 0); + safeRe[index] = new RegExp(safe, isGlobal ? "g" : void 0); + }; + createToken("NUMERICIDENTIFIER", "0|[1-9]\\d*"); + createToken("NUMERICIDENTIFIERLOOSE", "\\d+"); + createToken("NONNUMERICIDENTIFIER", `\\d*[a-zA-Z-]${LETTERDASHNUMBER}*`); + createToken("MAINVERSION", `(${src[t.NUMERICIDENTIFIER]})\\.(${src[t.NUMERICIDENTIFIER]})\\.(${src[t.NUMERICIDENTIFIER]})`); + createToken("MAINVERSIONLOOSE", `(${src[t.NUMERICIDENTIFIERLOOSE]})\\.(${src[t.NUMERICIDENTIFIERLOOSE]})\\.(${src[t.NUMERICIDENTIFIERLOOSE]})`); + createToken("PRERELEASEIDENTIFIER", `(?:${src[t.NONNUMERICIDENTIFIER]}|${src[t.NUMERICIDENTIFIER]})`); + createToken("PRERELEASEIDENTIFIERLOOSE", `(?:${src[t.NONNUMERICIDENTIFIER]}|${src[t.NUMERICIDENTIFIERLOOSE]})`); + createToken("PRERELEASE", `(?:-(${src[t.PRERELEASEIDENTIFIER]}(?:\\.${src[t.PRERELEASEIDENTIFIER]})*))`); + createToken("PRERELEASELOOSE", `(?:-?(${src[t.PRERELEASEIDENTIFIERLOOSE]}(?:\\.${src[t.PRERELEASEIDENTIFIERLOOSE]})*))`); + createToken("BUILDIDENTIFIER", `${LETTERDASHNUMBER}+`); + createToken("BUILD", `(?:\\+(${src[t.BUILDIDENTIFIER]}(?:\\.${src[t.BUILDIDENTIFIER]})*))`); + createToken("FULLPLAIN", `v?${src[t.MAINVERSION]}${src[t.PRERELEASE]}?${src[t.BUILD]}?`); + createToken("FULL", `^${src[t.FULLPLAIN]}$`); + createToken("LOOSEPLAIN", `[v=\\s]*${src[t.MAINVERSIONLOOSE]}${src[t.PRERELEASELOOSE]}?${src[t.BUILD]}?`); + createToken("LOOSE", `^${src[t.LOOSEPLAIN]}$`); + createToken("GTLT", "((?:<|>)?=?)"); + createToken("XRANGEIDENTIFIERLOOSE", `${src[t.NUMERICIDENTIFIERLOOSE]}|x|X|\\*`); + createToken("XRANGEIDENTIFIER", `${src[t.NUMERICIDENTIFIER]}|x|X|\\*`); + createToken("XRANGEPLAIN", `[v=\\s]*(${src[t.XRANGEIDENTIFIER]})(?:\\.(${src[t.XRANGEIDENTIFIER]})(?:\\.(${src[t.XRANGEIDENTIFIER]})(?:${src[t.PRERELEASE]})?${src[t.BUILD]}?)?)?`); + createToken("XRANGEPLAINLOOSE", `[v=\\s]*(${src[t.XRANGEIDENTIFIERLOOSE]})(?:\\.(${src[t.XRANGEIDENTIFIERLOOSE]})(?:\\.(${src[t.XRANGEIDENTIFIERLOOSE]})(?:${src[t.PRERELEASELOOSE]})?${src[t.BUILD]}?)?)?`); + createToken("XRANGE", `^${src[t.GTLT]}\\s*${src[t.XRANGEPLAIN]}$`); + createToken("XRANGELOOSE", `^${src[t.GTLT]}\\s*${src[t.XRANGEPLAINLOOSE]}$`); + createToken("COERCEPLAIN", `${"(^|[^\\d])(\\d{1,"}${MAX_SAFE_COMPONENT_LENGTH}})(?:\\.(\\d{1,${MAX_SAFE_COMPONENT_LENGTH}}))?(?:\\.(\\d{1,${MAX_SAFE_COMPONENT_LENGTH}}))?`); + createToken("COERCE", `${src[t.COERCEPLAIN]}(?:$|[^\\d])`); + createToken("COERCEFULL", src[t.COERCEPLAIN] + `(?:${src[t.PRERELEASE]})?(?:${src[t.BUILD]})?(?:$|[^\\d])`); + createToken("COERCERTL", src[t.COERCE], true); + createToken("COERCERTLFULL", src[t.COERCEFULL], true); + createToken("LONETILDE", "(?:~>?)"); + createToken("TILDETRIM", `(\\s*)${src[t.LONETILDE]}\\s+`, true); + exports2.tildeTrimReplace = "$1~"; + createToken("TILDE", `^${src[t.LONETILDE]}${src[t.XRANGEPLAIN]}$`); + createToken("TILDELOOSE", `^${src[t.LONETILDE]}${src[t.XRANGEPLAINLOOSE]}$`); + createToken("LONECARET", "(?:\\^)"); + createToken("CARETTRIM", `(\\s*)${src[t.LONECARET]}\\s+`, true); + exports2.caretTrimReplace = "$1^"; + createToken("CARET", `^${src[t.LONECARET]}${src[t.XRANGEPLAIN]}$`); + createToken("CARETLOOSE", `^${src[t.LONECARET]}${src[t.XRANGEPLAINLOOSE]}$`); + createToken("COMPARATORLOOSE", `^${src[t.GTLT]}\\s*(${src[t.LOOSEPLAIN]})$|^$`); + createToken("COMPARATOR", `^${src[t.GTLT]}\\s*(${src[t.FULLPLAIN]})$|^$`); + createToken("COMPARATORTRIM", `(\\s*)${src[t.GTLT]}\\s*(${src[t.LOOSEPLAIN]}|${src[t.XRANGEPLAIN]})`, true); + exports2.comparatorTrimReplace = "$1$2$3"; + createToken("HYPHENRANGE", `^\\s*(${src[t.XRANGEPLAIN]})\\s+-\\s+(${src[t.XRANGEPLAIN]})\\s*$`); + createToken("HYPHENRANGELOOSE", `^\\s*(${src[t.XRANGEPLAINLOOSE]})\\s+-\\s+(${src[t.XRANGEPLAINLOOSE]})\\s*$`); + createToken("STAR", "(<|>)?=?\\s*\\*"); + createToken("GTE0", "^\\s*>=\\s*0\\.0\\.0\\s*$"); + createToken("GTE0PRE", "^\\s*>=\\s*0\\.0\\.0-0\\s*$"); + } +}); + +// node_modules/semver/internal/parse-options.js +var require_parse_options = __commonJS({ + "node_modules/semver/internal/parse-options.js"(exports2, module2) { + "use strict"; + var looseOption = Object.freeze({ loose: true }); + var emptyOpts = Object.freeze({}); + var parseOptions = (options) => { + if (!options) { + return emptyOpts; + } + if (typeof options !== "object") { + return looseOption; + } + return options; + }; + module2.exports = parseOptions; + } +}); + +// node_modules/semver/internal/identifiers.js +var require_identifiers = __commonJS({ + "node_modules/semver/internal/identifiers.js"(exports2, module2) { + "use strict"; + var numeric = /^[0-9]+$/; + var compareIdentifiers = (a, b) => { + if (typeof a === "number" && typeof b === "number") { + return a === b ? 0 : a < b ? -1 : 1; + } + const anum = numeric.test(a); + const bnum = numeric.test(b); + if (anum && bnum) { + a = +a; + b = +b; + } + return a === b ? 0 : anum && !bnum ? -1 : bnum && !anum ? 1 : a < b ? -1 : 1; + }; + var rcompareIdentifiers = (a, b) => compareIdentifiers(b, a); + module2.exports = { + compareIdentifiers, + rcompareIdentifiers + }; + } +}); + +// node_modules/semver/classes/semver.js +var require_semver = __commonJS({ + "node_modules/semver/classes/semver.js"(exports2, module2) { + "use strict"; + var debug5 = require_debug(); + var { MAX_LENGTH, MAX_SAFE_INTEGER } = require_constants11(); + var { safeRe: re, t } = require_re(); + var parseOptions = require_parse_options(); + var { compareIdentifiers } = require_identifiers(); + var SemVer = class _SemVer { + constructor(version, options) { + options = parseOptions(options); + if (version instanceof _SemVer) { + if (version.loose === !!options.loose && version.includePrerelease === !!options.includePrerelease) { + return version; + } else { + version = version.version; + } + } else if (typeof version !== "string") { + throw new TypeError(`Invalid version. Must be a string. Got type "${typeof version}".`); + } + if (version.length > MAX_LENGTH) { + throw new TypeError( + `version is longer than ${MAX_LENGTH} characters` + ); + } + debug5("SemVer", version, options); + this.options = options; + this.loose = !!options.loose; + this.includePrerelease = !!options.includePrerelease; + const m = version.trim().match(options.loose ? re[t.LOOSE] : re[t.FULL]); + if (!m) { + throw new TypeError(`Invalid Version: ${version}`); + } + this.raw = version; + this.major = +m[1]; + this.minor = +m[2]; + this.patch = +m[3]; + if (this.major > MAX_SAFE_INTEGER || this.major < 0) { + throw new TypeError("Invalid major version"); + } + if (this.minor > MAX_SAFE_INTEGER || this.minor < 0) { + throw new TypeError("Invalid minor version"); + } + if (this.patch > MAX_SAFE_INTEGER || this.patch < 0) { + throw new TypeError("Invalid patch version"); + } + if (!m[4]) { + this.prerelease = []; + } else { + this.prerelease = m[4].split(".").map((id) => { + if (/^[0-9]+$/.test(id)) { + const num = +id; + if (num >= 0 && num < MAX_SAFE_INTEGER) { + return num; + } + } + return id; + }); + } + this.build = m[5] ? m[5].split(".") : []; + this.format(); + } + format() { + this.version = `${this.major}.${this.minor}.${this.patch}`; + if (this.prerelease.length) { + this.version += `-${this.prerelease.join(".")}`; + } + return this.version; + } + toString() { + return this.version; + } + compare(other) { + debug5("SemVer.compare", this.version, this.options, other); + if (!(other instanceof _SemVer)) { + if (typeof other === "string" && other === this.version) { + return 0; + } + other = new _SemVer(other, this.options); + } + if (other.version === this.version) { + return 0; + } + return this.compareMain(other) || this.comparePre(other); + } + compareMain(other) { + if (!(other instanceof _SemVer)) { + other = new _SemVer(other, this.options); + } + if (this.major < other.major) { + return -1; + } + if (this.major > other.major) { + return 1; + } + if (this.minor < other.minor) { + return -1; + } + if (this.minor > other.minor) { + return 1; + } + if (this.patch < other.patch) { + return -1; + } + if (this.patch > other.patch) { + return 1; + } + return 0; + } + comparePre(other) { + if (!(other instanceof _SemVer)) { + other = new _SemVer(other, this.options); + } + if (this.prerelease.length && !other.prerelease.length) { + return -1; + } else if (!this.prerelease.length && other.prerelease.length) { + return 1; + } else if (!this.prerelease.length && !other.prerelease.length) { + return 0; + } + let i = 0; + do { + const a = this.prerelease[i]; + const b = other.prerelease[i]; + debug5("prerelease compare", i, a, b); + if (a === void 0 && b === void 0) { + return 0; + } else if (b === void 0) { + return 1; + } else if (a === void 0) { + return -1; + } else if (a === b) { + continue; + } else { + return compareIdentifiers(a, b); + } + } while (++i); + } + compareBuild(other) { + if (!(other instanceof _SemVer)) { + other = new _SemVer(other, this.options); + } + let i = 0; + do { + const a = this.build[i]; + const b = other.build[i]; + debug5("build compare", i, a, b); + if (a === void 0 && b === void 0) { + return 0; + } else if (b === void 0) { + return 1; + } else if (a === void 0) { + return -1; + } else if (a === b) { + continue; + } else { + return compareIdentifiers(a, b); + } + } while (++i); + } + // preminor will bump the version up to the next minor release, and immediately + // down to pre-release. premajor and prepatch work the same way. + inc(release2, identifier, identifierBase) { + if (release2.startsWith("pre")) { + if (!identifier && identifierBase === false) { + throw new Error("invalid increment argument: identifier is empty"); + } + if (identifier) { + const match = `-${identifier}`.match(this.options.loose ? re[t.PRERELEASELOOSE] : re[t.PRERELEASE]); + if (!match || match[1] !== identifier) { + throw new Error(`invalid identifier: ${identifier}`); + } + } + } + switch (release2) { + case "premajor": + this.prerelease.length = 0; + this.patch = 0; + this.minor = 0; + this.major++; + this.inc("pre", identifier, identifierBase); + break; + case "preminor": + this.prerelease.length = 0; + this.patch = 0; + this.minor++; + this.inc("pre", identifier, identifierBase); + break; + case "prepatch": + this.prerelease.length = 0; + this.inc("patch", identifier, identifierBase); + this.inc("pre", identifier, identifierBase); + break; + // If the input is a non-prerelease version, this acts the same as + // prepatch. + case "prerelease": + if (this.prerelease.length === 0) { + this.inc("patch", identifier, identifierBase); + } + this.inc("pre", identifier, identifierBase); + break; + case "release": + if (this.prerelease.length === 0) { + throw new Error(`version ${this.raw} is not a prerelease`); + } + this.prerelease.length = 0; + break; + case "major": + if (this.minor !== 0 || this.patch !== 0 || this.prerelease.length === 0) { + this.major++; + } + this.minor = 0; + this.patch = 0; + this.prerelease = []; + break; + case "minor": + if (this.patch !== 0 || this.prerelease.length === 0) { + this.minor++; + } + this.patch = 0; + this.prerelease = []; + break; + case "patch": + if (this.prerelease.length === 0) { + this.patch++; + } + this.prerelease = []; + break; + // This probably shouldn't be used publicly. + // 1.0.0 'pre' would become 1.0.0-0 which is the wrong direction. + case "pre": { + const base = Number(identifierBase) ? 1 : 0; + if (this.prerelease.length === 0) { + this.prerelease = [base]; + } else { + let i = this.prerelease.length; + while (--i >= 0) { + if (typeof this.prerelease[i] === "number") { + this.prerelease[i]++; + i = -2; + } + } + if (i === -1) { + if (identifier === this.prerelease.join(".") && identifierBase === false) { + throw new Error("invalid increment argument: identifier already exists"); + } + this.prerelease.push(base); + } + } + if (identifier) { + let prerelease = [identifier, base]; + if (identifierBase === false) { + prerelease = [identifier]; + } + if (compareIdentifiers(this.prerelease[0], identifier) === 0) { + if (isNaN(this.prerelease[1])) { + this.prerelease = prerelease; + } + } else { + this.prerelease = prerelease; + } + } + break; + } + default: + throw new Error(`invalid increment argument: ${release2}`); + } + this.raw = this.format(); + if (this.build.length) { + this.raw += `+${this.build.join(".")}`; + } + return this; + } + }; + module2.exports = SemVer; + } +}); + +// node_modules/semver/functions/parse.js +var require_parse3 = __commonJS({ + "node_modules/semver/functions/parse.js"(exports2, module2) { + "use strict"; + var SemVer = require_semver(); + var parse2 = (version, options, throwErrors = false) => { + if (version instanceof SemVer) { + return version; + } + try { + return new SemVer(version, options); + } catch (er) { + if (!throwErrors) { + return null; + } + throw er; + } + }; + module2.exports = parse2; + } +}); + +// node_modules/semver/functions/valid.js +var require_valid = __commonJS({ + "node_modules/semver/functions/valid.js"(exports2, module2) { + "use strict"; + var parse2 = require_parse3(); + var valid2 = (version, options) => { + const v = parse2(version, options); + return v ? v.version : null; + }; + module2.exports = valid2; + } +}); + +// node_modules/semver/functions/clean.js +var require_clean = __commonJS({ + "node_modules/semver/functions/clean.js"(exports2, module2) { + "use strict"; + var parse2 = require_parse3(); + var clean = (version, options) => { + const s = parse2(version.trim().replace(/^[=v]+/, ""), options); + return s ? s.version : null; + }; + module2.exports = clean; + } +}); + +// node_modules/semver/functions/inc.js +var require_inc = __commonJS({ + "node_modules/semver/functions/inc.js"(exports2, module2) { + "use strict"; + var SemVer = require_semver(); + var inc = (version, release2, options, identifier, identifierBase) => { + if (typeof options === "string") { + identifierBase = identifier; + identifier = options; + options = void 0; + } + try { + return new SemVer( + version instanceof SemVer ? version.version : version, + options + ).inc(release2, identifier, identifierBase).version; + } catch (er) { + return null; + } + }; + module2.exports = inc; + } +}); + +// node_modules/semver/functions/diff.js +var require_diff = __commonJS({ + "node_modules/semver/functions/diff.js"(exports2, module2) { + "use strict"; + var parse2 = require_parse3(); + var diff = (version1, version2) => { + const v1 = parse2(version1, null, true); + const v2 = parse2(version2, null, true); + const comparison = v1.compare(v2); + if (comparison === 0) { + return null; + } + const v1Higher = comparison > 0; + const highVersion = v1Higher ? v1 : v2; + const lowVersion = v1Higher ? v2 : v1; + const highHasPre = !!highVersion.prerelease.length; + const lowHasPre = !!lowVersion.prerelease.length; + if (lowHasPre && !highHasPre) { + if (!lowVersion.patch && !lowVersion.minor) { + return "major"; + } + if (lowVersion.compareMain(highVersion) === 0) { + if (lowVersion.minor && !lowVersion.patch) { + return "minor"; + } + return "patch"; + } + } + const prefix = highHasPre ? "pre" : ""; + if (v1.major !== v2.major) { + return prefix + "major"; + } + if (v1.minor !== v2.minor) { + return prefix + "minor"; + } + if (v1.patch !== v2.patch) { + return prefix + "patch"; + } + return "prerelease"; + }; + module2.exports = diff; + } +}); + +// node_modules/semver/functions/major.js +var require_major = __commonJS({ + "node_modules/semver/functions/major.js"(exports2, module2) { + "use strict"; + var SemVer = require_semver(); + var major = (a, loose) => new SemVer(a, loose).major; + module2.exports = major; + } +}); + +// node_modules/semver/functions/minor.js +var require_minor = __commonJS({ + "node_modules/semver/functions/minor.js"(exports2, module2) { + "use strict"; + var SemVer = require_semver(); + var minor = (a, loose) => new SemVer(a, loose).minor; + module2.exports = minor; + } +}); + +// node_modules/semver/functions/patch.js +var require_patch = __commonJS({ + "node_modules/semver/functions/patch.js"(exports2, module2) { + "use strict"; + var SemVer = require_semver(); + var patch = (a, loose) => new SemVer(a, loose).patch; + module2.exports = patch; + } +}); + +// node_modules/semver/functions/prerelease.js +var require_prerelease = __commonJS({ + "node_modules/semver/functions/prerelease.js"(exports2, module2) { + "use strict"; + var parse2 = require_parse3(); + var prerelease = (version, options) => { + const parsed = parse2(version, options); + return parsed && parsed.prerelease.length ? parsed.prerelease : null; + }; + module2.exports = prerelease; + } +}); + +// node_modules/semver/functions/compare.js +var require_compare = __commonJS({ + "node_modules/semver/functions/compare.js"(exports2, module2) { + "use strict"; + var SemVer = require_semver(); + var compare = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); + module2.exports = compare; + } +}); + +// node_modules/semver/functions/rcompare.js +var require_rcompare = __commonJS({ + "node_modules/semver/functions/rcompare.js"(exports2, module2) { + "use strict"; + var compare = require_compare(); + var rcompare = (a, b, loose) => compare(b, a, loose); + module2.exports = rcompare; + } +}); + +// node_modules/semver/functions/compare-loose.js +var require_compare_loose = __commonJS({ + "node_modules/semver/functions/compare-loose.js"(exports2, module2) { + "use strict"; + var compare = require_compare(); + var compareLoose = (a, b) => compare(a, b, true); + module2.exports = compareLoose; + } +}); + +// node_modules/semver/functions/compare-build.js +var require_compare_build = __commonJS({ + "node_modules/semver/functions/compare-build.js"(exports2, module2) { + "use strict"; + var SemVer = require_semver(); + var compareBuild = (a, b, loose) => { + const versionA = new SemVer(a, loose); + const versionB = new SemVer(b, loose); + return versionA.compare(versionB) || versionA.compareBuild(versionB); + }; + module2.exports = compareBuild; + } +}); + +// node_modules/semver/functions/sort.js +var require_sort = __commonJS({ + "node_modules/semver/functions/sort.js"(exports2, module2) { + "use strict"; + var compareBuild = require_compare_build(); + var sort = (list, loose) => list.sort((a, b) => compareBuild(a, b, loose)); + module2.exports = sort; + } +}); + +// node_modules/semver/functions/rsort.js +var require_rsort = __commonJS({ + "node_modules/semver/functions/rsort.js"(exports2, module2) { + "use strict"; + var compareBuild = require_compare_build(); + var rsort = (list, loose) => list.sort((a, b) => compareBuild(b, a, loose)); + module2.exports = rsort; + } +}); + +// node_modules/semver/functions/gt.js +var require_gt = __commonJS({ + "node_modules/semver/functions/gt.js"(exports2, module2) { + "use strict"; + var compare = require_compare(); + var gt = (a, b, loose) => compare(a, b, loose) > 0; + module2.exports = gt; + } +}); + +// node_modules/semver/functions/lt.js +var require_lt = __commonJS({ + "node_modules/semver/functions/lt.js"(exports2, module2) { + "use strict"; + var compare = require_compare(); + var lt = (a, b, loose) => compare(a, b, loose) < 0; + module2.exports = lt; + } +}); + +// node_modules/semver/functions/eq.js +var require_eq = __commonJS({ + "node_modules/semver/functions/eq.js"(exports2, module2) { + "use strict"; + var compare = require_compare(); + var eq = (a, b, loose) => compare(a, b, loose) === 0; + module2.exports = eq; + } +}); + +// node_modules/semver/functions/neq.js +var require_neq = __commonJS({ + "node_modules/semver/functions/neq.js"(exports2, module2) { + "use strict"; + var compare = require_compare(); + var neq = (a, b, loose) => compare(a, b, loose) !== 0; + module2.exports = neq; + } +}); + +// node_modules/semver/functions/gte.js +var require_gte = __commonJS({ + "node_modules/semver/functions/gte.js"(exports2, module2) { + "use strict"; + var compare = require_compare(); + var gte4 = (a, b, loose) => compare(a, b, loose) >= 0; + module2.exports = gte4; + } +}); + +// node_modules/semver/functions/lte.js +var require_lte = __commonJS({ + "node_modules/semver/functions/lte.js"(exports2, module2) { + "use strict"; + var compare = require_compare(); + var lte = (a, b, loose) => compare(a, b, loose) <= 0; + module2.exports = lte; + } +}); + +// node_modules/semver/functions/cmp.js +var require_cmp = __commonJS({ + "node_modules/semver/functions/cmp.js"(exports2, module2) { + "use strict"; + var eq = require_eq(); + var neq = require_neq(); + var gt = require_gt(); + var gte4 = require_gte(); + var lt = require_lt(); + var lte = require_lte(); + var cmp = (a, op, b, loose) => { + switch (op) { + case "===": + if (typeof a === "object") { + a = a.version; + } + if (typeof b === "object") { + b = b.version; + } + return a === b; + case "!==": + if (typeof a === "object") { + a = a.version; + } + if (typeof b === "object") { + b = b.version; + } + return a !== b; + case "": + case "=": + case "==": + return eq(a, b, loose); + case "!=": + return neq(a, b, loose); + case ">": + return gt(a, b, loose); + case ">=": + return gte4(a, b, loose); + case "<": + return lt(a, b, loose); + case "<=": + return lte(a, b, loose); + default: + throw new TypeError(`Invalid operator: ${op}`); + } + }; + module2.exports = cmp; + } +}); + +// node_modules/semver/functions/coerce.js +var require_coerce = __commonJS({ + "node_modules/semver/functions/coerce.js"(exports2, module2) { + "use strict"; + var SemVer = require_semver(); + var parse2 = require_parse3(); + var { safeRe: re, t } = require_re(); + var coerce2 = (version, options) => { + if (version instanceof SemVer) { + return version; + } + if (typeof version === "number") { + version = String(version); + } + if (typeof version !== "string") { + return null; + } + options = options || {}; + let match = null; + if (!options.rtl) { + match = version.match(options.includePrerelease ? re[t.COERCEFULL] : re[t.COERCE]); + } else { + const coerceRtlRegex = options.includePrerelease ? re[t.COERCERTLFULL] : re[t.COERCERTL]; + let next; + while ((next = coerceRtlRegex.exec(version)) && (!match || match.index + match[0].length !== version.length)) { + if (!match || next.index + next[0].length !== match.index + match[0].length) { + match = next; + } + coerceRtlRegex.lastIndex = next.index + next[1].length + next[2].length; + } + coerceRtlRegex.lastIndex = -1; + } + if (match === null) { + return null; + } + const major = match[2]; + const minor = match[3] || "0"; + const patch = match[4] || "0"; + const prerelease = options.includePrerelease && match[5] ? `-${match[5]}` : ""; + const build = options.includePrerelease && match[6] ? `+${match[6]}` : ""; + return parse2(`${major}.${minor}.${patch}${prerelease}${build}`, options); + }; + module2.exports = coerce2; + } +}); + +// node_modules/semver/internal/lrucache.js +var require_lrucache = __commonJS({ + "node_modules/semver/internal/lrucache.js"(exports2, module2) { + "use strict"; + var LRUCache = class { + constructor() { + this.max = 1e3; + this.map = /* @__PURE__ */ new Map(); + } + get(key) { + const value = this.map.get(key); + if (value === void 0) { + return void 0; + } else { + this.map.delete(key); + this.map.set(key, value); + return value; + } + } + delete(key) { + return this.map.delete(key); + } + set(key, value) { + const deleted = this.delete(key); + if (!deleted && value !== void 0) { + if (this.map.size >= this.max) { + const firstKey = this.map.keys().next().value; + this.delete(firstKey); + } + this.map.set(key, value); + } + return this; + } + }; + module2.exports = LRUCache; + } +}); + +// node_modules/semver/classes/range.js +var require_range = __commonJS({ + "node_modules/semver/classes/range.js"(exports2, module2) { + "use strict"; + var SPACE_CHARACTERS = /\s+/g; + var Range2 = class _Range { + constructor(range, options) { + options = parseOptions(options); + if (range instanceof _Range) { + if (range.loose === !!options.loose && range.includePrerelease === !!options.includePrerelease) { + return range; + } else { + return new _Range(range.raw, options); + } + } + if (range instanceof Comparator) { + this.raw = range.value; + this.set = [[range]]; + this.formatted = void 0; + return this; + } + this.options = options; + this.loose = !!options.loose; + this.includePrerelease = !!options.includePrerelease; + this.raw = range.trim().replace(SPACE_CHARACTERS, " "); + this.set = this.raw.split("||").map((r) => this.parseRange(r.trim())).filter((c) => c.length); + if (!this.set.length) { + throw new TypeError(`Invalid SemVer Range: ${this.raw}`); + } + if (this.set.length > 1) { + const first = this.set[0]; + this.set = this.set.filter((c) => !isNullSet(c[0])); + if (this.set.length === 0) { + this.set = [first]; + } else if (this.set.length > 1) { + for (const c of this.set) { + if (c.length === 1 && isAny(c[0])) { + this.set = [c]; + break; + } + } + } + } + this.formatted = void 0; + } + get range() { + if (this.formatted === void 0) { + this.formatted = ""; + for (let i = 0; i < this.set.length; i++) { + if (i > 0) { + this.formatted += "||"; + } + const comps = this.set[i]; + for (let k = 0; k < comps.length; k++) { + if (k > 0) { + this.formatted += " "; + } + this.formatted += comps[k].toString().trim(); + } + } + } + return this.formatted; + } + format() { + return this.range; + } + toString() { + return this.range; + } + parseRange(range) { + const memoOpts = (this.options.includePrerelease && FLAG_INCLUDE_PRERELEASE) | (this.options.loose && FLAG_LOOSE); + const memoKey = memoOpts + ":" + range; + const cached = cache.get(memoKey); + if (cached) { + return cached; + } + const loose = this.options.loose; + const hr = loose ? re[t.HYPHENRANGELOOSE] : re[t.HYPHENRANGE]; + range = range.replace(hr, hyphenReplace(this.options.includePrerelease)); + debug5("hyphen replace", range); + range = range.replace(re[t.COMPARATORTRIM], comparatorTrimReplace); + debug5("comparator trim", range); + range = range.replace(re[t.TILDETRIM], tildeTrimReplace); + debug5("tilde trim", range); + range = range.replace(re[t.CARETTRIM], caretTrimReplace); + debug5("caret trim", range); + let rangeList = range.split(" ").map((comp) => parseComparator(comp, this.options)).join(" ").split(/\s+/).map((comp) => replaceGTE0(comp, this.options)); + if (loose) { + rangeList = rangeList.filter((comp) => { + debug5("loose invalid filter", comp, this.options); + return !!comp.match(re[t.COMPARATORLOOSE]); + }); + } + debug5("range list", rangeList); + const rangeMap = /* @__PURE__ */ new Map(); + const comparators = rangeList.map((comp) => new Comparator(comp, this.options)); + for (const comp of comparators) { + if (isNullSet(comp)) { + return [comp]; + } + rangeMap.set(comp.value, comp); + } + if (rangeMap.size > 1 && rangeMap.has("")) { + rangeMap.delete(""); + } + const result = [...rangeMap.values()]; + cache.set(memoKey, result); + return result; + } + intersects(range, options) { + if (!(range instanceof _Range)) { + throw new TypeError("a Range is required"); + } + return this.set.some((thisComparators) => { + return isSatisfiable(thisComparators, options) && range.set.some((rangeComparators) => { + return isSatisfiable(rangeComparators, options) && thisComparators.every((thisComparator) => { + return rangeComparators.every((rangeComparator) => { + return thisComparator.intersects(rangeComparator, options); + }); + }); + }); + }); + } + // if ANY of the sets match ALL of its comparators, then pass + test(version) { + if (!version) { + return false; + } + if (typeof version === "string") { + try { + version = new SemVer(version, this.options); + } catch (er) { + return false; + } + } + for (let i = 0; i < this.set.length; i++) { + if (testSet(this.set[i], version, this.options)) { + return true; + } + } + return false; + } + }; + module2.exports = Range2; + var LRU = require_lrucache(); + var cache = new LRU(); + var parseOptions = require_parse_options(); + var Comparator = require_comparator(); + var debug5 = require_debug(); + var SemVer = require_semver(); + var { + safeRe: re, + t, + comparatorTrimReplace, + tildeTrimReplace, + caretTrimReplace + } = require_re(); + var { FLAG_INCLUDE_PRERELEASE, FLAG_LOOSE } = require_constants11(); + var isNullSet = (c) => c.value === "<0.0.0-0"; + var isAny = (c) => c.value === ""; + var isSatisfiable = (comparators, options) => { + let result = true; + const remainingComparators = comparators.slice(); + let testComparator = remainingComparators.pop(); + while (result && remainingComparators.length) { + result = remainingComparators.every((otherComparator) => { + return testComparator.intersects(otherComparator, options); + }); + testComparator = remainingComparators.pop(); + } + return result; + }; + var parseComparator = (comp, options) => { + comp = comp.replace(re[t.BUILD], ""); + debug5("comp", comp, options); + comp = replaceCarets(comp, options); + debug5("caret", comp); + comp = replaceTildes(comp, options); + debug5("tildes", comp); + comp = replaceXRanges(comp, options); + debug5("xrange", comp); + comp = replaceStars(comp, options); + debug5("stars", comp); + return comp; + }; + var isX = (id) => !id || id.toLowerCase() === "x" || id === "*"; + var replaceTildes = (comp, options) => { + return comp.trim().split(/\s+/).map((c) => replaceTilde(c, options)).join(" "); + }; + var replaceTilde = (comp, options) => { + const r = options.loose ? re[t.TILDELOOSE] : re[t.TILDE]; + return comp.replace(r, (_, M, m, p, pr) => { + debug5("tilde", comp, _, M, m, p, pr); + let ret; + if (isX(M)) { + ret = ""; + } else if (isX(m)) { + ret = `>=${M}.0.0 <${+M + 1}.0.0-0`; + } else if (isX(p)) { + ret = `>=${M}.${m}.0 <${M}.${+m + 1}.0-0`; + } else if (pr) { + debug5("replaceTilde pr", pr); + ret = `>=${M}.${m}.${p}-${pr} <${M}.${+m + 1}.0-0`; + } else { + ret = `>=${M}.${m}.${p} <${M}.${+m + 1}.0-0`; + } + debug5("tilde return", ret); + return ret; + }); + }; + var replaceCarets = (comp, options) => { + return comp.trim().split(/\s+/).map((c) => replaceCaret(c, options)).join(" "); + }; + var replaceCaret = (comp, options) => { + debug5("caret", comp, options); + const r = options.loose ? re[t.CARETLOOSE] : re[t.CARET]; + const z = options.includePrerelease ? "-0" : ""; + return comp.replace(r, (_, M, m, p, pr) => { + debug5("caret", comp, _, M, m, p, pr); + let ret; + if (isX(M)) { + ret = ""; + } else if (isX(m)) { + ret = `>=${M}.0.0${z} <${+M + 1}.0.0-0`; + } else if (isX(p)) { + if (M === "0") { + ret = `>=${M}.${m}.0${z} <${M}.${+m + 1}.0-0`; + } else { + ret = `>=${M}.${m}.0${z} <${+M + 1}.0.0-0`; + } + } else if (pr) { + debug5("replaceCaret pr", pr); + if (M === "0") { + if (m === "0") { + ret = `>=${M}.${m}.${p}-${pr} <${M}.${m}.${+p + 1}-0`; + } else { + ret = `>=${M}.${m}.${p}-${pr} <${M}.${+m + 1}.0-0`; + } + } else { + ret = `>=${M}.${m}.${p}-${pr} <${+M + 1}.0.0-0`; + } + } else { + debug5("no pr"); + if (M === "0") { + if (m === "0") { + ret = `>=${M}.${m}.${p}${z} <${M}.${m}.${+p + 1}-0`; + } else { + ret = `>=${M}.${m}.${p}${z} <${M}.${+m + 1}.0-0`; + } + } else { + ret = `>=${M}.${m}.${p} <${+M + 1}.0.0-0`; + } + } + debug5("caret return", ret); + return ret; + }); + }; + var replaceXRanges = (comp, options) => { + debug5("replaceXRanges", comp, options); + return comp.split(/\s+/).map((c) => replaceXRange(c, options)).join(" "); + }; + var replaceXRange = (comp, options) => { + comp = comp.trim(); + const r = options.loose ? re[t.XRANGELOOSE] : re[t.XRANGE]; + return comp.replace(r, (ret, gtlt, M, m, p, pr) => { + debug5("xRange", comp, ret, gtlt, M, m, p, pr); + const xM = isX(M); + const xm = xM || isX(m); + const xp = xm || isX(p); + const anyX = xp; + if (gtlt === "=" && anyX) { + gtlt = ""; + } + pr = options.includePrerelease ? "-0" : ""; + if (xM) { + if (gtlt === ">" || gtlt === "<") { + ret = "<0.0.0-0"; + } else { + ret = "*"; + } + } else if (gtlt && anyX) { + if (xm) { + m = 0; + } + p = 0; + if (gtlt === ">") { + gtlt = ">="; + if (xm) { + M = +M + 1; + m = 0; + p = 0; + } else { + m = +m + 1; + p = 0; + } + } else if (gtlt === "<=") { + gtlt = "<"; + if (xm) { + M = +M + 1; + } else { + m = +m + 1; + } + } + if (gtlt === "<") { + pr = "-0"; + } + ret = `${gtlt + M}.${m}.${p}${pr}`; + } else if (xm) { + ret = `>=${M}.0.0${pr} <${+M + 1}.0.0-0`; + } else if (xp) { + ret = `>=${M}.${m}.0${pr} <${M}.${+m + 1}.0-0`; + } + debug5("xRange return", ret); + return ret; + }); + }; + var replaceStars = (comp, options) => { + debug5("replaceStars", comp, options); + return comp.trim().replace(re[t.STAR], ""); + }; + var replaceGTE0 = (comp, options) => { + debug5("replaceGTE0", comp, options); + return comp.trim().replace(re[options.includePrerelease ? t.GTE0PRE : t.GTE0], ""); + }; + var hyphenReplace = (incPr) => ($0, from, fM, fm, fp, fpr, fb, to, tM, tm, tp, tpr) => { + if (isX(fM)) { + from = ""; + } else if (isX(fm)) { + from = `>=${fM}.0.0${incPr ? "-0" : ""}`; + } else if (isX(fp)) { + from = `>=${fM}.${fm}.0${incPr ? "-0" : ""}`; + } else if (fpr) { + from = `>=${from}`; + } else { + from = `>=${from}${incPr ? "-0" : ""}`; + } + if (isX(tM)) { + to = ""; + } else if (isX(tm)) { + to = `<${+tM + 1}.0.0-0`; + } else if (isX(tp)) { + to = `<${tM}.${+tm + 1}.0-0`; + } else if (tpr) { + to = `<=${tM}.${tm}.${tp}-${tpr}`; + } else if (incPr) { + to = `<${tM}.${tm}.${+tp + 1}-0`; + } else { + to = `<=${to}`; + } + return `${from} ${to}`.trim(); + }; + var testSet = (set2, version, options) => { + for (let i = 0; i < set2.length; i++) { + if (!set2[i].test(version)) { + return false; + } + } + if (version.prerelease.length && !options.includePrerelease) { + for (let i = 0; i < set2.length; i++) { + debug5(set2[i].semver); + if (set2[i].semver === Comparator.ANY) { + continue; + } + if (set2[i].semver.prerelease.length > 0) { + const allowed = set2[i].semver; + if (allowed.major === version.major && allowed.minor === version.minor && allowed.patch === version.patch) { + return true; + } + } + } + return false; + } + return true; + }; + } +}); + +// node_modules/semver/classes/comparator.js +var require_comparator = __commonJS({ + "node_modules/semver/classes/comparator.js"(exports2, module2) { + "use strict"; + var ANY = /* @__PURE__ */ Symbol("SemVer ANY"); + var Comparator = class _Comparator { + static get ANY() { + return ANY; + } + constructor(comp, options) { + options = parseOptions(options); + if (comp instanceof _Comparator) { + if (comp.loose === !!options.loose) { + return comp; + } else { + comp = comp.value; + } + } + comp = comp.trim().split(/\s+/).join(" "); + debug5("comparator", comp, options); + this.options = options; + this.loose = !!options.loose; + this.parse(comp); + if (this.semver === ANY) { + this.value = ""; + } else { + this.value = this.operator + this.semver.version; + } + debug5("comp", this); + } + parse(comp) { + const r = this.options.loose ? re[t.COMPARATORLOOSE] : re[t.COMPARATOR]; + const m = comp.match(r); + if (!m) { + throw new TypeError(`Invalid comparator: ${comp}`); + } + this.operator = m[1] !== void 0 ? m[1] : ""; + if (this.operator === "=") { + this.operator = ""; + } + if (!m[2]) { + this.semver = ANY; + } else { + this.semver = new SemVer(m[2], this.options.loose); + } + } + toString() { + return this.value; + } + test(version) { + debug5("Comparator.test", version, this.options.loose); + if (this.semver === ANY || version === ANY) { + return true; + } + if (typeof version === "string") { + try { + version = new SemVer(version, this.options); + } catch (er) { + return false; + } + } + return cmp(version, this.operator, this.semver, this.options); + } + intersects(comp, options) { + if (!(comp instanceof _Comparator)) { + throw new TypeError("a Comparator is required"); + } + if (this.operator === "") { + if (this.value === "") { + return true; + } + return new Range2(comp.value, options).test(this.value); + } else if (comp.operator === "") { + if (comp.value === "") { + return true; + } + return new Range2(this.value, options).test(comp.semver); + } + options = parseOptions(options); + if (options.includePrerelease && (this.value === "<0.0.0-0" || comp.value === "<0.0.0-0")) { + return false; + } + if (!options.includePrerelease && (this.value.startsWith("<0.0.0") || comp.value.startsWith("<0.0.0"))) { + return false; + } + if (this.operator.startsWith(">") && comp.operator.startsWith(">")) { + return true; + } + if (this.operator.startsWith("<") && comp.operator.startsWith("<")) { + return true; + } + if (this.semver.version === comp.semver.version && this.operator.includes("=") && comp.operator.includes("=")) { + return true; + } + if (cmp(this.semver, "<", comp.semver, options) && this.operator.startsWith(">") && comp.operator.startsWith("<")) { + return true; + } + if (cmp(this.semver, ">", comp.semver, options) && this.operator.startsWith("<") && comp.operator.startsWith(">")) { + return true; + } + return false; + } + }; + module2.exports = Comparator; + var parseOptions = require_parse_options(); + var { safeRe: re, t } = require_re(); + var cmp = require_cmp(); + var debug5 = require_debug(); + var SemVer = require_semver(); + var Range2 = require_range(); + } +}); + +// node_modules/semver/functions/satisfies.js +var require_satisfies = __commonJS({ + "node_modules/semver/functions/satisfies.js"(exports2, module2) { + "use strict"; + var Range2 = require_range(); + var satisfies2 = (version, range, options) => { + try { + range = new Range2(range, options); + } catch (er) { + return false; + } + return range.test(version); + }; + module2.exports = satisfies2; + } +}); + +// node_modules/semver/ranges/to-comparators.js +var require_to_comparators = __commonJS({ + "node_modules/semver/ranges/to-comparators.js"(exports2, module2) { + "use strict"; + var Range2 = require_range(); + var toComparators = (range, options) => new Range2(range, options).set.map((comp) => comp.map((c) => c.value).join(" ").trim().split(" ")); + module2.exports = toComparators; + } +}); + +// node_modules/semver/ranges/max-satisfying.js +var require_max_satisfying = __commonJS({ + "node_modules/semver/ranges/max-satisfying.js"(exports2, module2) { + "use strict"; + var SemVer = require_semver(); + var Range2 = require_range(); + var maxSatisfying = (versions, range, options) => { + let max = null; + let maxSV = null; + let rangeObj = null; + try { + rangeObj = new Range2(range, options); + } catch (er) { + return null; + } + versions.forEach((v) => { + if (rangeObj.test(v)) { + if (!max || maxSV.compare(v) === -1) { + max = v; + maxSV = new SemVer(max, options); + } + } + }); + return max; + }; + module2.exports = maxSatisfying; + } +}); + +// node_modules/semver/ranges/min-satisfying.js +var require_min_satisfying = __commonJS({ + "node_modules/semver/ranges/min-satisfying.js"(exports2, module2) { + "use strict"; + var SemVer = require_semver(); + var Range2 = require_range(); + var minSatisfying = (versions, range, options) => { + let min = null; + let minSV = null; + let rangeObj = null; + try { + rangeObj = new Range2(range, options); + } catch (er) { + return null; + } + versions.forEach((v) => { + if (rangeObj.test(v)) { + if (!min || minSV.compare(v) === 1) { + min = v; + minSV = new SemVer(min, options); + } + } + }); + return min; + }; + module2.exports = minSatisfying; + } +}); + +// node_modules/semver/ranges/min-version.js +var require_min_version = __commonJS({ + "node_modules/semver/ranges/min-version.js"(exports2, module2) { + "use strict"; + var SemVer = require_semver(); + var Range2 = require_range(); + var gt = require_gt(); + var minVersion = (range, loose) => { + range = new Range2(range, loose); + let minver = new SemVer("0.0.0"); + if (range.test(minver)) { + return minver; + } + minver = new SemVer("0.0.0-0"); + if (range.test(minver)) { + return minver; + } + minver = null; + for (let i = 0; i < range.set.length; ++i) { + const comparators = range.set[i]; + let setMin = null; + comparators.forEach((comparator) => { + const compver = new SemVer(comparator.semver.version); + switch (comparator.operator) { + case ">": + if (compver.prerelease.length === 0) { + compver.patch++; + } else { + compver.prerelease.push(0); + } + compver.raw = compver.format(); + /* fallthrough */ + case "": + case ">=": + if (!setMin || gt(compver, setMin)) { + setMin = compver; + } + break; + case "<": + case "<=": + break; + /* istanbul ignore next */ + default: + throw new Error(`Unexpected operation: ${comparator.operator}`); + } + }); + if (setMin && (!minver || gt(minver, setMin))) { + minver = setMin; + } + } + if (minver && range.test(minver)) { + return minver; + } + return null; + }; + module2.exports = minVersion; + } +}); + +// node_modules/semver/ranges/valid.js +var require_valid2 = __commonJS({ + "node_modules/semver/ranges/valid.js"(exports2, module2) { + "use strict"; + var Range2 = require_range(); + var validRange = (range, options) => { + try { + return new Range2(range, options).range || "*"; + } catch (er) { + return null; + } + }; + module2.exports = validRange; + } +}); + +// node_modules/semver/ranges/outside.js +var require_outside = __commonJS({ + "node_modules/semver/ranges/outside.js"(exports2, module2) { + "use strict"; + var SemVer = require_semver(); + var Comparator = require_comparator(); + var { ANY } = Comparator; + var Range2 = require_range(); + var satisfies2 = require_satisfies(); + var gt = require_gt(); + var lt = require_lt(); + var lte = require_lte(); + var gte4 = require_gte(); + var outside = (version, range, hilo, options) => { + version = new SemVer(version, options); + range = new Range2(range, options); + let gtfn, ltefn, ltfn, comp, ecomp; + switch (hilo) { + case ">": + gtfn = gt; + ltefn = lte; + ltfn = lt; + comp = ">"; + ecomp = ">="; + break; + case "<": + gtfn = lt; + ltefn = gte4; + ltfn = gt; + comp = "<"; + ecomp = "<="; + break; + default: + throw new TypeError('Must provide a hilo val of "<" or ">"'); + } + if (satisfies2(version, range, options)) { + return false; + } + for (let i = 0; i < range.set.length; ++i) { + const comparators = range.set[i]; + let high = null; + let low = null; + comparators.forEach((comparator) => { + if (comparator.semver === ANY) { + comparator = new Comparator(">=0.0.0"); + } + high = high || comparator; + low = low || comparator; + if (gtfn(comparator.semver, high.semver, options)) { + high = comparator; + } else if (ltfn(comparator.semver, low.semver, options)) { + low = comparator; + } + }); + if (high.operator === comp || high.operator === ecomp) { + return false; + } + if ((!low.operator || low.operator === comp) && ltefn(version, low.semver)) { + return false; + } else if (low.operator === ecomp && ltfn(version, low.semver)) { + return false; + } + } + return true; + }; + module2.exports = outside; + } +}); + +// node_modules/semver/ranges/gtr.js +var require_gtr = __commonJS({ + "node_modules/semver/ranges/gtr.js"(exports2, module2) { + "use strict"; + var outside = require_outside(); + var gtr = (version, range, options) => outside(version, range, ">", options); + module2.exports = gtr; + } +}); + +// node_modules/semver/ranges/ltr.js +var require_ltr = __commonJS({ + "node_modules/semver/ranges/ltr.js"(exports2, module2) { + "use strict"; + var outside = require_outside(); + var ltr = (version, range, options) => outside(version, range, "<", options); + module2.exports = ltr; + } +}); + +// node_modules/semver/ranges/intersects.js +var require_intersects = __commonJS({ + "node_modules/semver/ranges/intersects.js"(exports2, module2) { + "use strict"; + var Range2 = require_range(); + var intersects = (r1, r2, options) => { + r1 = new Range2(r1, options); + r2 = new Range2(r2, options); + return r1.intersects(r2, options); + }; + module2.exports = intersects; + } +}); + +// node_modules/semver/ranges/simplify.js +var require_simplify = __commonJS({ + "node_modules/semver/ranges/simplify.js"(exports2, module2) { + "use strict"; + var satisfies2 = require_satisfies(); + var compare = require_compare(); + module2.exports = (versions, range, options) => { + const set2 = []; + let first = null; + let prev = null; + const v = versions.sort((a, b) => compare(a, b, options)); + for (const version of v) { + const included = satisfies2(version, range, options); + if (included) { + prev = version; + if (!first) { + first = version; + } + } else { + if (prev) { + set2.push([first, prev]); + } + prev = null; + first = null; + } + } + if (first) { + set2.push([first, null]); + } + const ranges = []; + for (const [min, max] of set2) { + if (min === max) { + ranges.push(min); + } else if (!max && min === v[0]) { + ranges.push("*"); + } else if (!max) { + ranges.push(`>=${min}`); + } else if (min === v[0]) { + ranges.push(`<=${max}`); + } else { + ranges.push(`${min} - ${max}`); + } + } + const simplified = ranges.join(" || "); + const original = typeof range.raw === "string" ? range.raw : String(range); + return simplified.length < original.length ? simplified : range; + }; + } +}); + +// node_modules/semver/ranges/subset.js +var require_subset = __commonJS({ + "node_modules/semver/ranges/subset.js"(exports2, module2) { + "use strict"; + var Range2 = require_range(); + var Comparator = require_comparator(); + var { ANY } = Comparator; + var satisfies2 = require_satisfies(); + var compare = require_compare(); + var subset = (sub, dom, options = {}) => { + if (sub === dom) { + return true; + } + sub = new Range2(sub, options); + dom = new Range2(dom, options); + let sawNonNull = false; + OUTER: for (const simpleSub of sub.set) { + for (const simpleDom of dom.set) { + const isSub = simpleSubset(simpleSub, simpleDom, options); + sawNonNull = sawNonNull || isSub !== null; + if (isSub) { + continue OUTER; + } + } + if (sawNonNull) { + return false; + } + } + return true; + }; + var minimumVersionWithPreRelease = [new Comparator(">=0.0.0-0")]; + var minimumVersion = [new Comparator(">=0.0.0")]; + var simpleSubset = (sub, dom, options) => { + if (sub === dom) { + return true; + } + if (sub.length === 1 && sub[0].semver === ANY) { + if (dom.length === 1 && dom[0].semver === ANY) { + return true; + } else if (options.includePrerelease) { + sub = minimumVersionWithPreRelease; + } else { + sub = minimumVersion; + } + } + if (dom.length === 1 && dom[0].semver === ANY) { + if (options.includePrerelease) { + return true; + } else { + dom = minimumVersion; + } + } + const eqSet = /* @__PURE__ */ new Set(); + let gt, lt; + for (const c of sub) { + if (c.operator === ">" || c.operator === ">=") { + gt = higherGT(gt, c, options); + } else if (c.operator === "<" || c.operator === "<=") { + lt = lowerLT(lt, c, options); + } else { + eqSet.add(c.semver); + } + } + if (eqSet.size > 1) { + return null; + } + let gtltComp; + if (gt && lt) { + gtltComp = compare(gt.semver, lt.semver, options); + if (gtltComp > 0) { + return null; + } else if (gtltComp === 0 && (gt.operator !== ">=" || lt.operator !== "<=")) { + return null; + } + } + for (const eq of eqSet) { + if (gt && !satisfies2(eq, String(gt), options)) { + return null; + } + if (lt && !satisfies2(eq, String(lt), options)) { + return null; + } + for (const c of dom) { + if (!satisfies2(eq, String(c), options)) { + return false; + } + } + return true; + } + let higher, lower; + let hasDomLT, hasDomGT; + let needDomLTPre = lt && !options.includePrerelease && lt.semver.prerelease.length ? lt.semver : false; + let needDomGTPre = gt && !options.includePrerelease && gt.semver.prerelease.length ? gt.semver : false; + if (needDomLTPre && needDomLTPre.prerelease.length === 1 && lt.operator === "<" && needDomLTPre.prerelease[0] === 0) { + needDomLTPre = false; + } + for (const c of dom) { + hasDomGT = hasDomGT || c.operator === ">" || c.operator === ">="; + hasDomLT = hasDomLT || c.operator === "<" || c.operator === "<="; + if (gt) { + if (needDomGTPre) { + if (c.semver.prerelease && c.semver.prerelease.length && c.semver.major === needDomGTPre.major && c.semver.minor === needDomGTPre.minor && c.semver.patch === needDomGTPre.patch) { + needDomGTPre = false; + } + } + if (c.operator === ">" || c.operator === ">=") { + higher = higherGT(gt, c, options); + if (higher === c && higher !== gt) { + return false; + } + } else if (gt.operator === ">=" && !satisfies2(gt.semver, String(c), options)) { + return false; + } + } + if (lt) { + if (needDomLTPre) { + if (c.semver.prerelease && c.semver.prerelease.length && c.semver.major === needDomLTPre.major && c.semver.minor === needDomLTPre.minor && c.semver.patch === needDomLTPre.patch) { + needDomLTPre = false; + } + } + if (c.operator === "<" || c.operator === "<=") { + lower = lowerLT(lt, c, options); + if (lower === c && lower !== lt) { + return false; + } + } else if (lt.operator === "<=" && !satisfies2(lt.semver, String(c), options)) { + return false; + } + } + if (!c.operator && (lt || gt) && gtltComp !== 0) { + return false; + } + } + if (gt && hasDomLT && !lt && gtltComp !== 0) { + return false; + } + if (lt && hasDomGT && !gt && gtltComp !== 0) { + return false; + } + if (needDomGTPre || needDomLTPre) { + return false; + } + return true; + }; + var higherGT = (a, b, options) => { + if (!a) { + return b; + } + const comp = compare(a.semver, b.semver, options); + return comp > 0 ? a : comp < 0 ? b : b.operator === ">" && a.operator === ">=" ? b : a; + }; + var lowerLT = (a, b, options) => { + if (!a) { + return b; + } + const comp = compare(a.semver, b.semver, options); + return comp < 0 ? a : comp > 0 ? b : b.operator === "<" && a.operator === "<=" ? b : a; + }; + module2.exports = subset; + } +}); + +// node_modules/semver/index.js +var require_semver2 = __commonJS({ + "node_modules/semver/index.js"(exports2, module2) { + "use strict"; + var internalRe = require_re(); + var constants = require_constants11(); + var SemVer = require_semver(); + var identifiers = require_identifiers(); + var parse2 = require_parse3(); + var valid2 = require_valid(); + var clean = require_clean(); + var inc = require_inc(); + var diff = require_diff(); + var major = require_major(); + var minor = require_minor(); + var patch = require_patch(); + var prerelease = require_prerelease(); + var compare = require_compare(); + var rcompare = require_rcompare(); + var compareLoose = require_compare_loose(); + var compareBuild = require_compare_build(); + var sort = require_sort(); + var rsort = require_rsort(); + var gt = require_gt(); + var lt = require_lt(); + var eq = require_eq(); + var neq = require_neq(); + var gte4 = require_gte(); + var lte = require_lte(); + var cmp = require_cmp(); + var coerce2 = require_coerce(); + var Comparator = require_comparator(); + var Range2 = require_range(); + var satisfies2 = require_satisfies(); + var toComparators = require_to_comparators(); + var maxSatisfying = require_max_satisfying(); + var minSatisfying = require_min_satisfying(); + var minVersion = require_min_version(); + var validRange = require_valid2(); + var outside = require_outside(); + var gtr = require_gtr(); + var ltr = require_ltr(); + var intersects = require_intersects(); + var simplifyRange = require_simplify(); + var subset = require_subset(); + module2.exports = { + parse: parse2, + valid: valid2, + clean, + inc, + diff, + major, + minor, + patch, + prerelease, + compare, + rcompare, + compareLoose, + compareBuild, + sort, + rsort, + gt, + lt, + eq, + neq, + gte: gte4, + lte, + cmp, + coerce: coerce2, + Comparator, + Range: Range2, + satisfies: satisfies2, + toComparators, + maxSatisfying, + minSatisfying, + minVersion, + validRange, + outside, + gtr, + ltr, + intersects, + simplifyRange, + subset, + SemVer, + re: internalRe.re, + src: internalRe.src, + tokens: internalRe.t, + SEMVER_SPEC_VERSION: constants.SEMVER_SPEC_VERSION, + RELEASE_TYPES: constants.RELEASE_TYPES, + compareIdentifiers: identifiers.compareIdentifiers, + rcompareIdentifiers: identifiers.rcompareIdentifiers + }; + } +}); + +// package.json +var require_package = __commonJS({ + "package.json"(exports2, module2) { + module2.exports = { + name: "codeql", + version: "4.32.1", + private: true, + description: "CodeQL action", + scripts: { + _build_comment: "echo 'Run the full build so we typecheck the project and can reuse the transpiled files in npm test'", + build: "./scripts/check-node-modules.sh && npm run transpile && node build.mjs", + lint: "eslint --report-unused-disable-directives --max-warnings=0 .", + "lint-ci": "SARIF_ESLINT_IGNORE_SUPPRESSED=true eslint --report-unused-disable-directives --max-warnings=0 . --format @microsoft/eslint-formatter-sarif --output-file=eslint.sarif", + "lint-fix": "eslint --report-unused-disable-directives --max-warnings=0 . --fix", + ava: "npm run transpile && ava --serial --verbose", + test: "npm run ava -- src/", + "test-debug": "npm run test -- --timeout=20m", + transpile: "tsc --build --verbose" + }, + ava: { + typescript: { + rewritePaths: { + "src/": "build/" + }, + compile: false + } + }, + license: "MIT", + dependencies: { + "@actions/artifact": "^5.0.3", + "@actions/artifact-legacy": "npm:@actions/artifact@^1.1.2", + "@actions/cache": "^5.0.5", + "@actions/core": "^2.0.3", + "@actions/exec": "^2.0.0", + "@actions/github": "^8.0.0", + "@actions/glob": "^0.5.0", + "@actions/http-client": "^3.0.0", + "@actions/io": "^2.0.0", + "@actions/tool-cache": "^3.0.1", + "@octokit/plugin-retry": "^8.0.0", + "@schemastore/package": "0.0.10", + archiver: "^7.0.1", + "fast-deep-equal": "^3.1.3", + "follow-redirects": "^1.15.11", + "get-folder-size": "^5.0.0", + "js-yaml": "^4.1.1", + jsonschema: "1.4.1", + long: "^5.3.2", + "node-forge": "^1.3.3", + semver: "^7.7.3", + uuid: "^13.0.0" + }, + devDependencies: { + "@ava/typescript": "6.0.0", + "@eslint/compat": "^2.0.1", + "@eslint/eslintrc": "^3.3.3", + "@eslint/js": "^9.39.2", + "@microsoft/eslint-formatter-sarif": "^3.1.0", + "@octokit/types": "^16.0.0", + "@types/archiver": "^7.0.0", + "@types/follow-redirects": "^1.14.4", + "@types/js-yaml": "^4.0.9", + "@types/node": "^20.19.9", + "@types/node-forge": "^1.3.14", + "@types/semver": "^7.7.1", + "@types/sinon": "^21.0.0", + "@typescript-eslint/eslint-plugin": "^8.53.1", + "@typescript-eslint/parser": "^8.48.0", + ava: "^6.4.1", + esbuild: "^0.27.2", + eslint: "^8.57.1", + "eslint-import-resolver-typescript": "^3.8.7", + "eslint-plugin-filenames": "^1.3.2", + "eslint-plugin-github": "^5.1.8", + "eslint-plugin-import": "2.29.1", + "eslint-plugin-jsdoc": "^62.3.0", + "eslint-plugin-no-async-foreach": "^0.1.1", + glob: "^11.1.0", + nock: "^14.0.10", + sinon: "^21.0.1", + typescript: "^5.9.3" + }, + overrides: { + "@actions/tool-cache": { + semver: ">=6.3.1" + }, + "@octokit/request-error": { + semver: ">=5.1.1" + }, + "@octokit/request": { + semver: ">=8.4.1" + }, + "@octokit/plugin-paginate-rest": { + semver: ">=9.2.2" + }, + "eslint-plugin-import": { + semver: ">=6.3.1" + }, + "eslint-plugin-jsx-a11y": { + semver: ">=6.3.1" + }, + "brace-expansion@2.0.1": "2.0.2", + glob: "^11.1.0" + } + }; + } +}); + +// node_modules/@actions/tool-cache/lib/manifest.js +var require_manifest = __commonJS({ + "node_modules/@actions/tool-cache/lib/manifest.js"(exports2, module2) { + "use strict"; + var __createBinding2 = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) { + if (k2 === void 0) k2 = k; + var desc = Object.getOwnPropertyDescriptor(m, k); + if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { + desc = { enumerable: true, get: function() { + return m[k]; + } }; + } + Object.defineProperty(o, k2, desc); + }) : (function(o, m, k, k2) { + if (k2 === void 0) k2 = k; + o[k2] = m[k]; + })); + var __setModuleDefault2 = exports2 && exports2.__setModuleDefault || (Object.create ? (function(o, v) { + Object.defineProperty(o, "default", { enumerable: true, value: v }); + }) : function(o, v) { + o["default"] = v; + }); + var __importStar2 = exports2 && exports2.__importStar || /* @__PURE__ */ (function() { + var ownKeys2 = function(o) { + ownKeys2 = Object.getOwnPropertyNames || function(o2) { + var ar = []; + for (var k in o2) if (Object.prototype.hasOwnProperty.call(o2, k)) ar[ar.length] = k; + return ar; + }; + return ownKeys2(o); + }; + return function(mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) { + for (var k = ownKeys2(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding2(result, mod, k[i]); + } + __setModuleDefault2(result, mod); + return result; + }; + })(); + var __awaiter2 = exports2 && exports2.__awaiter || function(thisArg, _arguments, P, generator) { + function adopt(value) { + return value instanceof P ? value : new P(function(resolve2) { + resolve2(value); + }); + } + return new (P || (P = Promise))(function(resolve2, reject) { + function fulfilled(value) { + try { + step(generator.next(value)); + } catch (e) { + reject(e); + } + } + function rejected(value) { + try { + step(generator["throw"](value)); + } catch (e) { + reject(e); + } + } + function step(result) { + result.done ? resolve2(result.value) : adopt(result.value).then(fulfilled, rejected); + } + step((generator = generator.apply(thisArg, _arguments || [])).next()); + }); + }; + Object.defineProperty(exports2, "__esModule", { value: true }); + exports2._findMatch = _findMatch; + exports2._getOsVersion = _getOsVersion; + exports2._readLinuxVersionFile = _readLinuxVersionFile; + var semver6 = __importStar2(require_semver2()); + var core_1 = require_core(); + var os2 = require("os"); + var cp = require("child_process"); + var fs = require("fs"); + function _findMatch(versionSpec, stable, candidates, archFilter) { + return __awaiter2(this, void 0, void 0, function* () { + const platFilter = os2.platform(); + let result; + let match; + let file; + for (const candidate of candidates) { + const version = candidate.version; + (0, core_1.debug)(`check ${version} satisfies ${versionSpec}`); + if (semver6.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) { + file = candidate.files.find((item) => { + (0, core_1.debug)(`${item.arch}===${archFilter} && ${item.platform}===${platFilter}`); + let chk = item.arch === archFilter && item.platform === platFilter; + if (chk && item.platform_version) { + const osVersion = module2.exports._getOsVersion(); + if (osVersion === item.platform_version) { + chk = true; + } else { + chk = semver6.satisfies(osVersion, item.platform_version); + } + } + return chk; + }); + if (file) { + (0, core_1.debug)(`matched ${candidate.version}`); + match = candidate; + break; + } + } + } + if (match && file) { + result = Object.assign({}, match); + result.files = [file]; + } + return result; + }); + } + function _getOsVersion() { + const plat = os2.platform(); + let version = ""; + if (plat === "darwin") { + version = cp.execSync("sw_vers -productVersion").toString(); + } else if (plat === "linux") { + const lsbContents = module2.exports._readLinuxVersionFile(); + if (lsbContents) { + const lines = lsbContents.split("\n"); + for (const line of lines) { + const parts = line.split("="); + if (parts.length === 2 && (parts[0].trim() === "VERSION_ID" || parts[0].trim() === "DISTRIB_RELEASE")) { + version = parts[1].trim().replace(/^"/, "").replace(/"$/, ""); + break; + } + } + } + } + return version; + } + function _readLinuxVersionFile() { + const lsbReleaseFile = "/etc/lsb-release"; + const osReleaseFile = "/etc/os-release"; + let contents = ""; + if (fs.existsSync(lsbReleaseFile)) { + contents = fs.readFileSync(lsbReleaseFile).toString(); + } else if (fs.existsSync(osReleaseFile)) { + contents = fs.readFileSync(osReleaseFile).toString(); + } + return contents; + } + } +}); + +// node_modules/@actions/tool-cache/lib/retry-helper.js +var require_retry_helper = __commonJS({ + "node_modules/@actions/tool-cache/lib/retry-helper.js"(exports2) { + "use strict"; + var __createBinding2 = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) { + if (k2 === void 0) k2 = k; + var desc = Object.getOwnPropertyDescriptor(m, k); + if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { + desc = { enumerable: true, get: function() { + return m[k]; + } }; + } + Object.defineProperty(o, k2, desc); + }) : (function(o, m, k, k2) { + if (k2 === void 0) k2 = k; + o[k2] = m[k]; + })); + var __setModuleDefault2 = exports2 && exports2.__setModuleDefault || (Object.create ? (function(o, v) { + Object.defineProperty(o, "default", { enumerable: true, value: v }); + }) : function(o, v) { + o["default"] = v; + }); + var __importStar2 = exports2 && exports2.__importStar || /* @__PURE__ */ (function() { + var ownKeys2 = function(o) { + ownKeys2 = Object.getOwnPropertyNames || function(o2) { + var ar = []; + for (var k in o2) if (Object.prototype.hasOwnProperty.call(o2, k)) ar[ar.length] = k; + return ar; + }; + return ownKeys2(o); + }; + return function(mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) { + for (var k = ownKeys2(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding2(result, mod, k[i]); + } + __setModuleDefault2(result, mod); + return result; + }; + })(); + var __awaiter2 = exports2 && exports2.__awaiter || function(thisArg, _arguments, P, generator) { + function adopt(value) { + return value instanceof P ? value : new P(function(resolve2) { + resolve2(value); + }); + } + return new (P || (P = Promise))(function(resolve2, reject) { + function fulfilled(value) { + try { + step(generator.next(value)); + } catch (e) { + reject(e); + } + } + function rejected(value) { + try { + step(generator["throw"](value)); + } catch (e) { + reject(e); + } + } + function step(result) { + result.done ? resolve2(result.value) : adopt(result.value).then(fulfilled, rejected); + } + step((generator = generator.apply(thisArg, _arguments || [])).next()); + }); + }; + Object.defineProperty(exports2, "__esModule", { value: true }); + exports2.RetryHelper = void 0; + var core12 = __importStar2(require_core()); + var RetryHelper = class { + constructor(maxAttempts, minSeconds, maxSeconds) { + if (maxAttempts < 1) { + throw new Error("max attempts should be greater than or equal to 1"); + } + this.maxAttempts = maxAttempts; + this.minSeconds = Math.floor(minSeconds); + this.maxSeconds = Math.floor(maxSeconds); + if (this.minSeconds > this.maxSeconds) { + throw new Error("min seconds should be less than or equal to max seconds"); + } + } + execute(action, isRetryable) { + return __awaiter2(this, void 0, void 0, function* () { + let attempt = 1; + while (attempt < this.maxAttempts) { + try { + return yield action(); + } catch (err) { + if (isRetryable && !isRetryable(err)) { + throw err; + } + core12.info(err.message); + } + const seconds = this.getSleepAmount(); + core12.info(`Waiting ${seconds} seconds before trying again`); + yield this.sleep(seconds); + attempt++; + } + return yield action(); + }); + } + getSleepAmount() { + return Math.floor(Math.random() * (this.maxSeconds - this.minSeconds + 1)) + this.minSeconds; + } + sleep(seconds) { + return __awaiter2(this, void 0, void 0, function* () { + return new Promise((resolve2) => setTimeout(resolve2, seconds * 1e3)); + }); + } + }; + exports2.RetryHelper = RetryHelper; + } +}); + +// node_modules/@actions/tool-cache/lib/tool-cache.js +var require_tool_cache = __commonJS({ + "node_modules/@actions/tool-cache/lib/tool-cache.js"(exports2) { "use strict"; var __createBinding2 = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) { if (k2 === void 0) k2 = k; @@ -63007,198 +62681,524 @@ var require_utils5 = __commonJS({ if (mod != null) { for (var k = ownKeys2(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding2(result, mod, k[i]); } - __setModuleDefault2(result, mod); - return result; - }; - })(); - Object.defineProperty(exports2, "__esModule", { value: true }); - exports2.GitHub = exports2.defaults = exports2.context = void 0; - exports2.getOctokitOptions = getOctokitOptions2; - var Context = __importStar2(require_context()); - var Utils = __importStar2(require_utils4()); - var core_1 = (init_dist_src2(), __toCommonJS(dist_src_exports)); - var plugin_rest_endpoint_methods_1 = (init_dist_src3(), __toCommonJS(dist_src_exports2)); - var plugin_paginate_rest_1 = (init_dist_bundle5(), __toCommonJS(dist_bundle_exports)); - exports2.context = new Context.Context(); - var baseUrl = Utils.getApiBaseUrl(); - exports2.defaults = { - baseUrl, - request: { - agent: Utils.getProxyAgent(baseUrl), - fetch: Utils.getProxyFetch(baseUrl) + __setModuleDefault2(result, mod); + return result; + }; + })(); + var __awaiter2 = exports2 && exports2.__awaiter || function(thisArg, _arguments, P, generator) { + function adopt(value) { + return value instanceof P ? value : new P(function(resolve2) { + resolve2(value); + }); + } + return new (P || (P = Promise))(function(resolve2, reject) { + function fulfilled(value) { + try { + step(generator.next(value)); + } catch (e) { + reject(e); + } + } + function rejected(value) { + try { + step(generator["throw"](value)); + } catch (e) { + reject(e); + } + } + function step(result) { + result.done ? resolve2(result.value) : adopt(result.value).then(fulfilled, rejected); + } + step((generator = generator.apply(thisArg, _arguments || [])).next()); + }); + }; + Object.defineProperty(exports2, "__esModule", { value: true }); + exports2.HTTPError = void 0; + exports2.downloadTool = downloadTool2; + exports2.extract7z = extract7z; + exports2.extractTar = extractTar2; + exports2.extractXar = extractXar; + exports2.extractZip = extractZip; + exports2.cacheDir = cacheDir2; + exports2.cacheFile = cacheFile; + exports2.find = find2; + exports2.findAllVersions = findAllVersions; + exports2.getManifestFromRepo = getManifestFromRepo; + exports2.findFromManifest = findFromManifest; + exports2.isExplicitVersion = isExplicitVersion; + exports2.evaluateVersions = evaluateVersions; + var core12 = __importStar2(require_core()); + var io4 = __importStar2(require_io()); + var crypto2 = __importStar2(require("crypto")); + var fs = __importStar2(require("fs")); + var mm = __importStar2(require_manifest()); + var os2 = __importStar2(require("os")); + var path3 = __importStar2(require("path")); + var httpm = __importStar2(require_lib()); + var semver6 = __importStar2(require_semver2()); + var stream = __importStar2(require("stream")); + var util = __importStar2(require("util")); + var assert_1 = require("assert"); + var exec_1 = require_exec(); + var retry_helper_1 = require_retry_helper(); + var HTTPError2 = class extends Error { + constructor(httpStatusCode) { + super(`Unexpected HTTP response: ${httpStatusCode}`); + this.httpStatusCode = httpStatusCode; + Object.setPrototypeOf(this, new.target.prototype); + } + }; + exports2.HTTPError = HTTPError2; + var IS_WINDOWS = process.platform === "win32"; + var IS_MAC = process.platform === "darwin"; + var userAgent2 = "actions/tool-cache"; + function downloadTool2(url, dest, auth2, headers) { + return __awaiter2(this, void 0, void 0, function* () { + dest = dest || path3.join(_getTempDirectory(), crypto2.randomUUID()); + yield io4.mkdirP(path3.dirname(dest)); + core12.debug(`Downloading ${url}`); + core12.debug(`Destination ${dest}`); + const maxAttempts = 3; + const minSeconds = _getGlobal("TEST_DOWNLOAD_TOOL_RETRY_MIN_SECONDS", 10); + const maxSeconds = _getGlobal("TEST_DOWNLOAD_TOOL_RETRY_MAX_SECONDS", 20); + const retryHelper = new retry_helper_1.RetryHelper(maxAttempts, minSeconds, maxSeconds); + return yield retryHelper.execute(() => __awaiter2(this, void 0, void 0, function* () { + return yield downloadToolAttempt(url, dest || "", auth2, headers); + }), (err) => { + if (err instanceof HTTPError2 && err.httpStatusCode) { + if (err.httpStatusCode < 500 && err.httpStatusCode !== 408 && err.httpStatusCode !== 429) { + return false; + } + } + return true; + }); + }); + } + function downloadToolAttempt(url, dest, auth2, headers) { + return __awaiter2(this, void 0, void 0, function* () { + if (fs.existsSync(dest)) { + throw new Error(`Destination file path ${dest} already exists`); + } + const http = new httpm.HttpClient(userAgent2, [], { + allowRetries: false + }); + if (auth2) { + core12.debug("set auth"); + if (headers === void 0) { + headers = {}; + } + headers.authorization = auth2; + } + const response = yield http.get(url, headers); + if (response.message.statusCode !== 200) { + const err = new HTTPError2(response.message.statusCode); + core12.debug(`Failed to download from "${url}". Code(${response.message.statusCode}) Message(${response.message.statusMessage})`); + throw err; + } + const pipeline = util.promisify(stream.pipeline); + const responseMessageFactory = _getGlobal("TEST_DOWNLOAD_TOOL_RESPONSE_MESSAGE_FACTORY", () => response.message); + const readStream = responseMessageFactory(); + let succeeded = false; + try { + yield pipeline(readStream, fs.createWriteStream(dest)); + core12.debug("download complete"); + succeeded = true; + return dest; + } finally { + if (!succeeded) { + core12.debug("download failed"); + try { + yield io4.rmRF(dest); + } catch (err) { + core12.debug(`Failed to delete '${dest}'. ${err.message}`); + } + } + } + }); + } + function extract7z(file, dest, _7zPath) { + return __awaiter2(this, void 0, void 0, function* () { + (0, assert_1.ok)(IS_WINDOWS, "extract7z() not supported on current OS"); + (0, assert_1.ok)(file, 'parameter "file" is required'); + dest = yield _createExtractFolder(dest); + const originalCwd = process.cwd(); + process.chdir(dest); + if (_7zPath) { + try { + const logLevel = core12.isDebug() ? "-bb1" : "-bb0"; + const args = [ + "x", + // eXtract files with full paths + logLevel, + // -bb[0-3] : set output log level + "-bd", + // disable progress indicator + "-sccUTF-8", + // set charset for for console input/output + file + ]; + const options = { + silent: true + }; + yield (0, exec_1.exec)(`"${_7zPath}"`, args, options); + } finally { + process.chdir(originalCwd); + } + } else { + const escapedScript = path3.join(__dirname, "..", "scripts", "Invoke-7zdec.ps1").replace(/'/g, "''").replace(/"|\n|\r/g, ""); + const escapedFile = file.replace(/'/g, "''").replace(/"|\n|\r/g, ""); + const escapedTarget = dest.replace(/'/g, "''").replace(/"|\n|\r/g, ""); + const command = `& '${escapedScript}' -Source '${escapedFile}' -Target '${escapedTarget}'`; + const args = [ + "-NoLogo", + "-Sta", + "-NoProfile", + "-NonInteractive", + "-ExecutionPolicy", + "Unrestricted", + "-Command", + command + ]; + const options = { + silent: true + }; + try { + const powershellPath = yield io4.which("powershell", true); + yield (0, exec_1.exec)(`"${powershellPath}"`, args, options); + } finally { + process.chdir(originalCwd); + } + } + return dest; + }); + } + function extractTar2(file_1, dest_1) { + return __awaiter2(this, arguments, void 0, function* (file, dest, flags = "xz") { + if (!file) { + throw new Error("parameter 'file' is required"); + } + dest = yield _createExtractFolder(dest); + core12.debug("Checking tar --version"); + let versionOutput = ""; + yield (0, exec_1.exec)("tar --version", [], { + ignoreReturnCode: true, + silent: true, + listeners: { + stdout: (data) => versionOutput += data.toString(), + stderr: (data) => versionOutput += data.toString() + } + }); + core12.debug(versionOutput.trim()); + const isGnuTar = versionOutput.toUpperCase().includes("GNU TAR"); + let args; + if (flags instanceof Array) { + args = flags; + } else { + args = [flags]; + } + if (core12.isDebug() && !flags.includes("v")) { + args.push("-v"); + } + let destArg = dest; + let fileArg = file; + if (IS_WINDOWS && isGnuTar) { + args.push("--force-local"); + destArg = dest.replace(/\\/g, "/"); + fileArg = file.replace(/\\/g, "/"); + } + if (isGnuTar) { + args.push("--warning=no-unknown-keyword"); + args.push("--overwrite"); + } + args.push("-C", destArg, "-f", fileArg); + yield (0, exec_1.exec)(`tar`, args); + return dest; + }); + } + function extractXar(file_1, dest_1) { + return __awaiter2(this, arguments, void 0, function* (file, dest, flags = []) { + (0, assert_1.ok)(IS_MAC, "extractXar() not supported on current OS"); + (0, assert_1.ok)(file, 'parameter "file" is required'); + dest = yield _createExtractFolder(dest); + let args; + if (flags instanceof Array) { + args = flags; + } else { + args = [flags]; + } + args.push("-x", "-C", dest, "-f", file); + if (core12.isDebug()) { + args.push("-v"); + } + const xarPath = yield io4.which("xar", true); + yield (0, exec_1.exec)(`"${xarPath}"`, _unique(args)); + return dest; + }); + } + function extractZip(file, dest) { + return __awaiter2(this, void 0, void 0, function* () { + if (!file) { + throw new Error("parameter 'file' is required"); + } + dest = yield _createExtractFolder(dest); + if (IS_WINDOWS) { + yield extractZipWin(file, dest); + } else { + yield extractZipNix(file, dest); + } + return dest; + }); + } + function extractZipWin(file, dest) { + return __awaiter2(this, void 0, void 0, function* () { + const escapedFile = file.replace(/'/g, "''").replace(/"|\n|\r/g, ""); + const escapedDest = dest.replace(/'/g, "''").replace(/"|\n|\r/g, ""); + const pwshPath = yield io4.which("pwsh", false); + if (pwshPath) { + const pwshCommand = [ + `$ErrorActionPreference = 'Stop' ;`, + `try { Add-Type -AssemblyName System.IO.Compression.ZipFile } catch { } ;`, + `try { [System.IO.Compression.ZipFile]::ExtractToDirectory('${escapedFile}', '${escapedDest}', $true) }`, + `catch { if (($_.Exception.GetType().FullName -eq 'System.Management.Automation.MethodException') -or ($_.Exception.GetType().FullName -eq 'System.Management.Automation.RuntimeException') ){ Expand-Archive -LiteralPath '${escapedFile}' -DestinationPath '${escapedDest}' -Force } else { throw $_ } } ;` + ].join(" "); + const args = [ + "-NoLogo", + "-NoProfile", + "-NonInteractive", + "-ExecutionPolicy", + "Unrestricted", + "-Command", + pwshCommand + ]; + core12.debug(`Using pwsh at path: ${pwshPath}`); + yield (0, exec_1.exec)(`"${pwshPath}"`, args); + } else { + const powershellCommand = [ + `$ErrorActionPreference = 'Stop' ;`, + `try { Add-Type -AssemblyName System.IO.Compression.FileSystem } catch { } ;`, + `if ((Get-Command -Name Expand-Archive -Module Microsoft.PowerShell.Archive -ErrorAction Ignore)) { Expand-Archive -LiteralPath '${escapedFile}' -DestinationPath '${escapedDest}' -Force }`, + `else {[System.IO.Compression.ZipFile]::ExtractToDirectory('${escapedFile}', '${escapedDest}', $true) }` + ].join(" "); + const args = [ + "-NoLogo", + "-Sta", + "-NoProfile", + "-NonInteractive", + "-ExecutionPolicy", + "Unrestricted", + "-Command", + powershellCommand + ]; + const powershellPath = yield io4.which("powershell", true); + core12.debug(`Using powershell at path: ${powershellPath}`); + yield (0, exec_1.exec)(`"${powershellPath}"`, args); + } + }); + } + function extractZipNix(file, dest) { + return __awaiter2(this, void 0, void 0, function* () { + const unzipPath = yield io4.which("unzip", true); + const args = [file]; + if (!core12.isDebug()) { + args.unshift("-q"); + } + args.unshift("-o"); + yield (0, exec_1.exec)(`"${unzipPath}"`, args, { cwd: dest }); + }); + } + function cacheDir2(sourceDir, tool, version, arch) { + return __awaiter2(this, void 0, void 0, function* () { + version = semver6.clean(version) || version; + arch = arch || os2.arch(); + core12.debug(`Caching tool ${tool} ${version} ${arch}`); + core12.debug(`source dir: ${sourceDir}`); + if (!fs.statSync(sourceDir).isDirectory()) { + throw new Error("sourceDir is not a directory"); + } + const destPath = yield _createToolPath(tool, version, arch); + for (const itemName of fs.readdirSync(sourceDir)) { + const s = path3.join(sourceDir, itemName); + yield io4.cp(s, destPath, { recursive: true }); + } + _completeToolPath(tool, version, arch); + return destPath; + }); + } + function cacheFile(sourceFile, targetFile, tool, version, arch) { + return __awaiter2(this, void 0, void 0, function* () { + version = semver6.clean(version) || version; + arch = arch || os2.arch(); + core12.debug(`Caching tool ${tool} ${version} ${arch}`); + core12.debug(`source file: ${sourceFile}`); + if (!fs.statSync(sourceFile).isFile()) { + throw new Error("sourceFile is not a file"); + } + const destFolder = yield _createToolPath(tool, version, arch); + const destPath = path3.join(destFolder, targetFile); + core12.debug(`destination file ${destPath}`); + yield io4.cp(sourceFile, destPath); + _completeToolPath(tool, version, arch); + return destFolder; + }); + } + function find2(toolName, versionSpec, arch) { + if (!toolName) { + throw new Error("toolName parameter is required"); } - }; - exports2.GitHub = core_1.Octokit.plugin(plugin_rest_endpoint_methods_1.restEndpointMethods, plugin_paginate_rest_1.paginateRest).defaults(exports2.defaults); - function getOctokitOptions2(token, options) { - const opts = Object.assign({}, options || {}); - const auth2 = Utils.getAuthString(token, opts); - if (auth2) { - opts.auth = auth2; + if (!versionSpec) { + throw new Error("versionSpec parameter is required"); } - return opts; + arch = arch || os2.arch(); + if (!isExplicitVersion(versionSpec)) { + const localVersions = findAllVersions(toolName, arch); + const match = evaluateVersions(localVersions, versionSpec); + versionSpec = match; + } + let toolPath = ""; + if (versionSpec) { + versionSpec = semver6.clean(versionSpec) || ""; + const cachePath = path3.join(_getCacheDirectory(), toolName, versionSpec, arch); + core12.debug(`checking cache: ${cachePath}`); + if (fs.existsSync(cachePath) && fs.existsSync(`${cachePath}.complete`)) { + core12.debug(`Found tool in cache ${toolName} ${versionSpec} ${arch}`); + toolPath = cachePath; + } else { + core12.debug("not found"); + } + } + return toolPath; } - } -}); - -// node_modules/@actions/github/lib/github.js -var require_github = __commonJS({ - "node_modules/@actions/github/lib/github.js"(exports2) { - "use strict"; - var __createBinding2 = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) { - if (k2 === void 0) k2 = k; - var desc = Object.getOwnPropertyDescriptor(m, k); - if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { - desc = { enumerable: true, get: function() { - return m[k]; - } }; + function findAllVersions(toolName, arch) { + const versions = []; + arch = arch || os2.arch(); + const toolPath = path3.join(_getCacheDirectory(), toolName); + if (fs.existsSync(toolPath)) { + const children = fs.readdirSync(toolPath); + for (const child of children) { + if (isExplicitVersion(child)) { + const fullPath = path3.join(toolPath, child, arch || ""); + if (fs.existsSync(fullPath) && fs.existsSync(`${fullPath}.complete`)) { + versions.push(child); + } + } + } } - Object.defineProperty(o, k2, desc); - }) : (function(o, m, k, k2) { - if (k2 === void 0) k2 = k; - o[k2] = m[k]; - })); - var __setModuleDefault2 = exports2 && exports2.__setModuleDefault || (Object.create ? (function(o, v) { - Object.defineProperty(o, "default", { enumerable: true, value: v }); - }) : function(o, v) { - o["default"] = v; - }); - var __importStar2 = exports2 && exports2.__importStar || /* @__PURE__ */ (function() { - var ownKeys2 = function(o) { - ownKeys2 = Object.getOwnPropertyNames || function(o2) { - var ar = []; - for (var k in o2) if (Object.prototype.hasOwnProperty.call(o2, k)) ar[ar.length] = k; - return ar; - }; - return ownKeys2(o); - }; - return function(mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) { - for (var k = ownKeys2(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding2(result, mod, k[i]); + return versions; + } + function getManifestFromRepo(owner_1, repo_1, auth_1) { + return __awaiter2(this, arguments, void 0, function* (owner, repo, auth2, branch = "master") { + let releases = []; + const treeUrl = `https://api.github.com/repos/${owner}/${repo}/git/trees/${branch}`; + const http = new httpm.HttpClient("tool-cache"); + const headers = {}; + if (auth2) { + core12.debug("set auth"); + headers.authorization = auth2; } - __setModuleDefault2(result, mod); - return result; - }; - })(); - Object.defineProperty(exports2, "__esModule", { value: true }); - exports2.context = void 0; - exports2.getOctokit = getOctokit; - var Context = __importStar2(require_context()); - var utils_1 = require_utils5(); - exports2.context = new Context.Context(); - function getOctokit(token, options, ...additionalPlugins) { - const GitHubWithPlugins = utils_1.GitHub.plugin(...additionalPlugins); - return new GitHubWithPlugins((0, utils_1.getOctokitOptions)(token, options)); + const response = yield http.getJson(treeUrl, headers); + if (!response.result) { + return releases; + } + let manifestUrl = ""; + for (const item of response.result.tree) { + if (item.path === "versions-manifest.json") { + manifestUrl = item.url; + break; + } + } + headers["accept"] = "application/vnd.github.VERSION.raw"; + let versionsRaw = yield (yield http.get(manifestUrl, headers)).readBody(); + if (versionsRaw) { + versionsRaw = versionsRaw.replace(/^\uFEFF/, ""); + try { + releases = JSON.parse(versionsRaw); + } catch (_a) { + core12.debug("Invalid json"); + } + } + return releases; + }); } - } -}); - -// package.json -var require_package = __commonJS({ - "package.json"(exports2, module2) { - module2.exports = { - name: "codeql", - version: "4.32.1", - private: true, - description: "CodeQL action", - scripts: { - _build_comment: "echo 'Run the full build so we typecheck the project and can reuse the transpiled files in npm test'", - build: "./scripts/check-node-modules.sh && npm run transpile && node build.mjs", - lint: "eslint --report-unused-disable-directives --max-warnings=0 .", - "lint-ci": "SARIF_ESLINT_IGNORE_SUPPRESSED=true eslint --report-unused-disable-directives --max-warnings=0 . --format @microsoft/eslint-formatter-sarif --output-file=eslint.sarif", - "lint-fix": "eslint --report-unused-disable-directives --max-warnings=0 . --fix", - ava: "npm run transpile && ava --serial --verbose", - test: "npm run ava -- src/", - "test-debug": "npm run test -- --timeout=20m", - transpile: "tsc --build --verbose" - }, - ava: { - typescript: { - rewritePaths: { - "src/": "build/" - }, - compile: false + function findFromManifest(versionSpec_1, stable_1, manifest_1) { + return __awaiter2(this, arguments, void 0, function* (versionSpec, stable, manifest, archFilter = os2.arch()) { + const match = yield mm._findMatch(versionSpec, stable, manifest, archFilter); + return match; + }); + } + function _createExtractFolder(dest) { + return __awaiter2(this, void 0, void 0, function* () { + if (!dest) { + dest = path3.join(_getTempDirectory(), crypto2.randomUUID()); + } + yield io4.mkdirP(dest); + return dest; + }); + } + function _createToolPath(tool, version, arch) { + return __awaiter2(this, void 0, void 0, function* () { + const folderPath = path3.join(_getCacheDirectory(), tool, semver6.clean(version) || version, arch || ""); + core12.debug(`destination ${folderPath}`); + const markerPath = `${folderPath}.complete`; + yield io4.rmRF(folderPath); + yield io4.rmRF(markerPath); + yield io4.mkdirP(folderPath); + return folderPath; + }); + } + function _completeToolPath(tool, version, arch) { + const folderPath = path3.join(_getCacheDirectory(), tool, semver6.clean(version) || version, arch || ""); + const markerPath = `${folderPath}.complete`; + fs.writeFileSync(markerPath, ""); + core12.debug("finished caching tool"); + } + function isExplicitVersion(versionSpec) { + const c = semver6.clean(versionSpec) || ""; + core12.debug(`isExplicit: ${c}`); + const valid2 = semver6.valid(c) != null; + core12.debug(`explicit? ${valid2}`); + return valid2; + } + function evaluateVersions(versions, versionSpec) { + let version = ""; + core12.debug(`evaluating ${versions.length} versions`); + versions = versions.sort((a, b) => { + if (semver6.gt(a, b)) { + return 1; + } + return -1; + }); + for (let i = versions.length - 1; i >= 0; i--) { + const potential = versions[i]; + const satisfied = semver6.satisfies(potential, versionSpec); + if (satisfied) { + version = potential; + break; } - }, - license: "MIT", - dependencies: { - "@actions/artifact": "^5.0.3", - "@actions/artifact-legacy": "npm:@actions/artifact@^1.1.2", - "@actions/cache": "^5.0.5", - "@actions/core": "^2.0.3", - "@actions/exec": "^2.0.0", - "@actions/github": "^8.0.0", - "@actions/glob": "^0.5.0", - "@actions/http-client": "^3.0.0", - "@actions/io": "^2.0.0", - "@actions/tool-cache": "^3.0.1", - "@octokit/plugin-retry": "^8.0.0", - "@schemastore/package": "0.0.10", - archiver: "^7.0.1", - "fast-deep-equal": "^3.1.3", - "follow-redirects": "^1.15.11", - "get-folder-size": "^5.0.0", - "js-yaml": "^4.1.1", - jsonschema: "1.4.1", - long: "^5.3.2", - "node-forge": "^1.3.3", - semver: "^7.7.3", - uuid: "^13.0.0" - }, - devDependencies: { - "@ava/typescript": "6.0.0", - "@eslint/compat": "^2.0.1", - "@eslint/eslintrc": "^3.3.3", - "@eslint/js": "^9.39.2", - "@microsoft/eslint-formatter-sarif": "^3.1.0", - "@octokit/types": "^16.0.0", - "@types/archiver": "^7.0.0", - "@types/follow-redirects": "^1.14.4", - "@types/js-yaml": "^4.0.9", - "@types/node": "^20.19.9", - "@types/node-forge": "^1.3.14", - "@types/semver": "^7.7.1", - "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.53.1", - "@typescript-eslint/parser": "^8.48.0", - ava: "^6.4.1", - esbuild: "^0.27.2", - eslint: "^8.57.1", - "eslint-import-resolver-typescript": "^3.8.7", - "eslint-plugin-filenames": "^1.3.2", - "eslint-plugin-github": "^5.1.8", - "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^62.3.0", - "eslint-plugin-no-async-foreach": "^0.1.1", - glob: "^11.1.0", - nock: "^14.0.10", - sinon: "^21.0.1", - typescript: "^5.9.3" - }, - overrides: { - "@actions/tool-cache": { - semver: ">=6.3.1" - }, - "@octokit/request-error": { - semver: ">=5.1.1" - }, - "@octokit/request": { - semver: ">=8.4.1" - }, - "@octokit/plugin-paginate-rest": { - semver: ">=9.2.2" - }, - "eslint-plugin-import": { - semver: ">=6.3.1" - }, - "eslint-plugin-jsx-a11y": { - semver: ">=6.3.1" - }, - "brace-expansion@2.0.1": "2.0.2", - glob: "^11.1.0" } - }; + if (version) { + core12.debug(`matched: ${version}`); + } else { + core12.debug("match not found"); + } + return version; + } + function _getCacheDirectory() { + const cacheDirectory = process.env["RUNNER_TOOL_CACHE"] || ""; + (0, assert_1.ok)(cacheDirectory, "Expected RUNNER_TOOL_CACHE to be defined"); + return cacheDirectory; + } + function _getTempDirectory() { + const tempDirectory = process.env["RUNNER_TEMP"] || ""; + (0, assert_1.ok)(tempDirectory, "Expected RUNNER_TEMP to be defined"); + return tempDirectory; + } + function _getGlobal(key, defaultValue) { + const value = global[key]; + return value !== void 0 ? value : defaultValue; + } + function _unique(values) { + return Array.from(new Set(values)); + } } }); @@ -64526,14 +64526,14 @@ var require_helpers = __commonJS({ "node_modules/jsonschema/lib/helpers.js"(exports2, module2) { "use strict"; var uri = require("url"); - var ValidationError = exports2.ValidationError = function ValidationError2(message, instance, schema2, path2, name, argument) { - if (Array.isArray(path2)) { - this.path = path2; - this.property = path2.reduce(function(sum, item) { + var ValidationError = exports2.ValidationError = function ValidationError2(message, instance, schema2, path3, name, argument) { + if (Array.isArray(path3)) { + this.path = path3; + this.property = path3.reduce(function(sum, item) { return sum + makeSuffix(item); }, "instance"); - } else if (path2 !== void 0) { - this.property = path2; + } else if (path3 !== void 0) { + this.property = path3; } if (message) { this.message = message; @@ -64624,16 +64624,16 @@ var require_helpers = __commonJS({ name: { value: "SchemaError", enumerable: false } } ); - var SchemaContext = exports2.SchemaContext = function SchemaContext2(schema2, options, path2, base, schemas) { + var SchemaContext = exports2.SchemaContext = function SchemaContext2(schema2, options, path3, base, schemas) { this.schema = schema2; this.options = options; - if (Array.isArray(path2)) { - this.path = path2; - this.propertyPath = path2.reduce(function(sum, item) { + if (Array.isArray(path3)) { + this.path = path3; + this.propertyPath = path3.reduce(function(sum, item) { return sum + makeSuffix(item); }, "instance"); } else { - this.propertyPath = path2; + this.propertyPath = path3; } this.base = base; this.schemas = schemas; @@ -64642,10 +64642,10 @@ var require_helpers = __commonJS({ return uri.resolve(this.base, target); }; SchemaContext.prototype.makeChild = function makeChild(schema2, propertyName) { - var path2 = propertyName === void 0 ? this.path : this.path.concat([propertyName]); + var path3 = propertyName === void 0 ? this.path : this.path.concat([propertyName]); var id = schema2.$id || schema2.id; var base = uri.resolve(this.base, id || ""); - var ctx = new SchemaContext(schema2, this.options, path2, base, Object.create(this.schemas)); + var ctx = new SchemaContext(schema2, this.options, path3, base, Object.create(this.schemas)); if (id && !ctx.schemas[base]) { ctx.schemas[base] = schema2; } @@ -65948,7 +65948,7 @@ var require_internal_path_helper = __commonJS({ exports2.hasRoot = hasRoot; exports2.normalizeSeparators = normalizeSeparators; exports2.safeTrimTrailingSeparator = safeTrimTrailingSeparator; - var path2 = __importStar2(require("path")); + var path3 = __importStar2(require("path")); var assert_1 = __importDefault2(require("assert")); var IS_WINDOWS = process.platform === "win32"; function dirname(p) { @@ -65956,7 +65956,7 @@ var require_internal_path_helper = __commonJS({ if (IS_WINDOWS && /^\\\\[^\\]+(\\[^\\]+)?$/.test(p)) { return p; } - let result = path2.dirname(p); + let result = path3.dirname(p); if (IS_WINDOWS && /^\\\\[^\\]+\\[^\\]+\\$/.test(result)) { result = safeTrimTrailingSeparator(result); } @@ -65993,7 +65993,7 @@ var require_internal_path_helper = __commonJS({ (0, assert_1.default)(hasAbsoluteRoot(root), `ensureAbsoluteRoot parameter 'root' must have an absolute root`); if (root.endsWith("/") || IS_WINDOWS && root.endsWith("\\")) { } else { - root += path2.sep; + root += path3.sep; } return root + itemPath; } @@ -66027,10 +66027,10 @@ var require_internal_path_helper = __commonJS({ return ""; } p = normalizeSeparators(p); - if (!p.endsWith(path2.sep)) { + if (!p.endsWith(path3.sep)) { return p; } - if (p === path2.sep) { + if (p === path3.sep) { return p; } if (IS_WINDOWS && /^[A-Z]:\\$/i.test(p)) { @@ -66375,7 +66375,7 @@ var require_minimatch = __commonJS({ "node_modules/minimatch/minimatch.js"(exports2, module2) { module2.exports = minimatch; minimatch.Minimatch = Minimatch; - var path2 = (function() { + var path3 = (function() { try { return require("path"); } catch (e) { @@ -66383,7 +66383,7 @@ var require_minimatch = __commonJS({ })() || { sep: "/" }; - minimatch.sep = path2.sep; + minimatch.sep = path3.sep; var GLOBSTAR = minimatch.GLOBSTAR = Minimatch.GLOBSTAR = {}; var expand2 = require_brace_expansion(); var plTypes = { @@ -66472,8 +66472,8 @@ var require_minimatch = __commonJS({ assertValidPattern(pattern); if (!options) options = {}; pattern = pattern.trim(); - if (!options.allowWindowsEscape && path2.sep !== "/") { - pattern = pattern.split(path2.sep).join("/"); + if (!options.allowWindowsEscape && path3.sep !== "/") { + pattern = pattern.split(path3.sep).join("/"); } this.options = options; this.set = []; @@ -66842,8 +66842,8 @@ var require_minimatch = __commonJS({ if (this.empty) return f === ""; if (f === "/" && partial) return true; var options = this.options; - if (path2.sep !== "/") { - f = f.split(path2.sep).join("/"); + if (path3.sep !== "/") { + f = f.split(path3.sep).join("/"); } f = f.split(slashSplit); this.debug(this.pattern, "split", f); @@ -66989,7 +66989,7 @@ var require_internal_path = __commonJS({ }; Object.defineProperty(exports2, "__esModule", { value: true }); exports2.Path = void 0; - var path2 = __importStar2(require("path")); + var path3 = __importStar2(require("path")); var pathHelper = __importStar2(require_internal_path_helper()); var assert_1 = __importDefault2(require("assert")); var IS_WINDOWS = process.platform === "win32"; @@ -67004,12 +67004,12 @@ var require_internal_path = __commonJS({ (0, assert_1.default)(itemPath, `Parameter 'itemPath' must not be empty`); itemPath = pathHelper.safeTrimTrailingSeparator(itemPath); if (!pathHelper.hasRoot(itemPath)) { - this.segments = itemPath.split(path2.sep); + this.segments = itemPath.split(path3.sep); } else { let remaining = itemPath; let dir = pathHelper.dirname(remaining); while (dir !== remaining) { - const basename = path2.basename(remaining); + const basename = path3.basename(remaining); this.segments.unshift(basename); remaining = dir; dir = pathHelper.dirname(remaining); @@ -67027,7 +67027,7 @@ var require_internal_path = __commonJS({ (0, assert_1.default)(segment === pathHelper.dirname(segment), `Parameter 'itemPath' root segment contains information for multiple segments`); this.segments.push(segment); } else { - (0, assert_1.default)(!segment.includes(path2.sep), `Parameter 'itemPath' contains unexpected path separators`); + (0, assert_1.default)(!segment.includes(path3.sep), `Parameter 'itemPath' contains unexpected path separators`); this.segments.push(segment); } } @@ -67038,12 +67038,12 @@ var require_internal_path = __commonJS({ */ toString() { let result = this.segments[0]; - let skipSlash = result.endsWith(path2.sep) || IS_WINDOWS && /^[A-Z]:$/i.test(result); + let skipSlash = result.endsWith(path3.sep) || IS_WINDOWS && /^[A-Z]:$/i.test(result); for (let i = 1; i < this.segments.length; i++) { if (skipSlash) { skipSlash = false; } else { - result += path2.sep; + result += path3.sep; } result += this.segments[i]; } @@ -67101,7 +67101,7 @@ var require_internal_pattern = __commonJS({ Object.defineProperty(exports2, "__esModule", { value: true }); exports2.Pattern = void 0; var os2 = __importStar2(require("os")); - var path2 = __importStar2(require("path")); + var path3 = __importStar2(require("path")); var pathHelper = __importStar2(require_internal_path_helper()); var assert_1 = __importDefault2(require("assert")); var minimatch_1 = require_minimatch(); @@ -67130,7 +67130,7 @@ var require_internal_pattern = __commonJS({ } pattern = _Pattern.fixupPattern(pattern, homedir); this.segments = new internal_path_1.Path(pattern).segments; - this.trailingSeparator = pathHelper.normalizeSeparators(pattern).endsWith(path2.sep); + this.trailingSeparator = pathHelper.normalizeSeparators(pattern).endsWith(path3.sep); pattern = pathHelper.safeTrimTrailingSeparator(pattern); let foundGlob = false; const searchSegments = this.segments.map((x) => _Pattern.getLiteral(x)).filter((x) => !foundGlob && !(foundGlob = x === "")); @@ -67154,8 +67154,8 @@ var require_internal_pattern = __commonJS({ match(itemPath) { if (this.segments[this.segments.length - 1] === "**") { itemPath = pathHelper.normalizeSeparators(itemPath); - if (!itemPath.endsWith(path2.sep) && this.isImplicitPattern === false) { - itemPath = `${itemPath}${path2.sep}`; + if (!itemPath.endsWith(path3.sep) && this.isImplicitPattern === false) { + itemPath = `${itemPath}${path3.sep}`; } } else { itemPath = pathHelper.safeTrimTrailingSeparator(itemPath); @@ -67190,9 +67190,9 @@ var require_internal_pattern = __commonJS({ (0, assert_1.default)(literalSegments.every((x, i) => (x !== "." || i === 0) && x !== ".."), `Invalid pattern '${pattern}'. Relative pathing '.' and '..' is not allowed.`); (0, assert_1.default)(!pathHelper.hasRoot(pattern) || literalSegments[0], `Invalid pattern '${pattern}'. Root segment must not contain globs.`); pattern = pathHelper.normalizeSeparators(pattern); - if (pattern === "." || pattern.startsWith(`.${path2.sep}`)) { + if (pattern === "." || pattern.startsWith(`.${path3.sep}`)) { pattern = _Pattern.globEscape(process.cwd()) + pattern.substr(1); - } else if (pattern === "~" || pattern.startsWith(`~${path2.sep}`)) { + } else if (pattern === "~" || pattern.startsWith(`~${path3.sep}`)) { homedir = homedir || os2.homedir(); (0, assert_1.default)(homedir, "Unable to determine HOME directory"); (0, assert_1.default)(pathHelper.hasAbsoluteRoot(homedir), `Expected HOME directory to be a rooted path. Actual '${homedir}'`); @@ -67276,8 +67276,8 @@ var require_internal_search_state = __commonJS({ Object.defineProperty(exports2, "__esModule", { value: true }); exports2.SearchState = void 0; var SearchState = class { - constructor(path2, level) { - this.path = path2; + constructor(path3, level) { + this.path = path3; this.level = level; } }; @@ -67421,7 +67421,7 @@ var require_internal_globber = __commonJS({ var core12 = __importStar2(require_core()); var fs = __importStar2(require("fs")); var globOptionsHelper = __importStar2(require_internal_glob_options_helper()); - var path2 = __importStar2(require("path")); + var path3 = __importStar2(require("path")); var patternHelper = __importStar2(require_internal_pattern_helper()); var internal_match_kind_1 = require_internal_match_kind(); var internal_pattern_1 = require_internal_pattern(); @@ -67497,7 +67497,7 @@ var require_internal_globber = __commonJS({ if (!stats) { continue; } - if (options.excludeHiddenFiles && path2.basename(item.path).match(/^\./)) { + if (options.excludeHiddenFiles && path3.basename(item.path).match(/^\./)) { continue; } if (stats.isDirectory()) { @@ -67507,7 +67507,7 @@ var require_internal_globber = __commonJS({ continue; } const childLevel = item.level + 1; - const childItems = (yield __await2(fs.promises.readdir(item.path))).map((x) => new internal_search_state_1.SearchState(path2.join(item.path, x), childLevel)); + const childItems = (yield __await2(fs.promises.readdir(item.path))).map((x) => new internal_search_state_1.SearchState(path3.join(item.path, x), childLevel)); stack.push(...childItems.reverse()); } else if (match & internal_match_kind_1.MatchKind.File) { yield yield __await2(item.path); @@ -67669,7 +67669,7 @@ var require_internal_hash_files = __commonJS({ var fs = __importStar2(require("fs")); var stream = __importStar2(require("stream")); var util = __importStar2(require("util")); - var path2 = __importStar2(require("path")); + var path3 = __importStar2(require("path")); function hashFiles(globber_1, currentWorkspace_1) { return __awaiter2(this, arguments, void 0, function* (globber, currentWorkspace, verbose = false) { var _a, e_1, _b, _c; @@ -67685,7 +67685,7 @@ var require_internal_hash_files = __commonJS({ _e = false; const file = _c; writeDelegate(file); - if (!file.startsWith(`${githubWorkspace}${path2.sep}`)) { + if (!file.startsWith(`${githubWorkspace}${path3.sep}`)) { writeDelegate(`Ignore '${file}' since it is not under GITHUB_WORKSPACE.`); continue; } @@ -69071,7 +69071,7 @@ var require_cacheUtils = __commonJS({ var io4 = __importStar2(require_io()); var crypto2 = __importStar2(require("crypto")); var fs = __importStar2(require("fs")); - var path2 = __importStar2(require("path")); + var path3 = __importStar2(require("path")); var semver6 = __importStar2(require_semver3()); var util = __importStar2(require("util")); var constants_1 = require_constants12(); @@ -69091,9 +69091,9 @@ var require_cacheUtils = __commonJS({ baseLocation = "/home"; } } - tempDirectory = path2.join(baseLocation, "actions", "temp"); + tempDirectory = path3.join(baseLocation, "actions", "temp"); } - const dest = path2.join(tempDirectory, crypto2.randomUUID()); + const dest = path3.join(tempDirectory, crypto2.randomUUID()); yield io4.mkdirP(dest); return dest; }); @@ -69115,7 +69115,7 @@ var require_cacheUtils = __commonJS({ _c = _g.value; _e = false; const file = _c; - const relativeFile = path2.relative(workspace, file).replace(new RegExp(`\\${path2.sep}`, "g"), "/"); + const relativeFile = path3.relative(workspace, file).replace(new RegExp(`\\${path3.sep}`, "g"), "/"); core12.debug(`Matched: ${relativeFile}`); if (relativeFile === "") { paths.push("."); @@ -69642,13 +69642,13 @@ function __disposeResources(env) { } return next(); } -function __rewriteRelativeImportExtension(path2, preserveJsx) { - if (typeof path2 === "string" && /^\.\.?\//.test(path2)) { - return path2.replace(/\.(tsx)$|((?:\.d)?)((?:\.[^./]+?)?)\.([cm]?)ts$/i, function(m, tsx, d, ext, cm) { +function __rewriteRelativeImportExtension(path3, preserveJsx) { + if (typeof path3 === "string" && /^\.\.?\//.test(path3)) { + return path3.replace(/\.(tsx)$|((?:\.d)?)((?:\.[^./]+?)?)\.([cm]?)ts$/i, function(m, tsx, d, ext, cm) { return tsx ? preserveJsx ? ".jsx" : ".js" : d && (!ext || !cm) ? m : d + ext + "." + cm.toLowerCase() + "js"; }); } - return path2; + return path3; } var extendStatics, __assign, __createBinding, __setModuleDefault, ownKeys, _SuppressedError, tslib_es6_default; var init_tslib_es6 = __esm({ @@ -74062,8 +74062,8 @@ var require_getClient = __commonJS({ } const { allowInsecureConnection, httpClient } = clientOptions; const endpointUrl = clientOptions.endpoint ?? endpoint2; - const client = (path2, ...args) => { - const getUrl = (requestOptions) => (0, urlHelpers_js_1.buildRequestUrl)(endpointUrl, path2, args, { allowInsecureConnection, ...requestOptions }); + const client = (path3, ...args) => { + const getUrl = (requestOptions) => (0, urlHelpers_js_1.buildRequestUrl)(endpointUrl, path3, args, { allowInsecureConnection, ...requestOptions }); return { get: (requestOptions = {}) => { return buildOperation("GET", getUrl(requestOptions), pipeline, requestOptions, allowInsecureConnection, httpClient); @@ -77934,15 +77934,15 @@ var require_urlHelpers2 = __commonJS({ let isAbsolutePath = false; let requestUrl = replaceAll(baseUri, urlReplacements); if (operationSpec.path) { - let path2 = replaceAll(operationSpec.path, urlReplacements); - if (operationSpec.path === "/{nextLink}" && path2.startsWith("/")) { - path2 = path2.substring(1); + let path3 = replaceAll(operationSpec.path, urlReplacements); + if (operationSpec.path === "/{nextLink}" && path3.startsWith("/")) { + path3 = path3.substring(1); } - if (isAbsoluteUrl(path2)) { - requestUrl = path2; + if (isAbsoluteUrl(path3)) { + requestUrl = path3; isAbsolutePath = true; } else { - requestUrl = appendPath(requestUrl, path2); + requestUrl = appendPath(requestUrl, path3); } } const { queryParams, sequenceParams } = calculateQueryParameters(operationSpec, operationArguments, fallbackObject); @@ -77988,9 +77988,9 @@ var require_urlHelpers2 = __commonJS({ } const searchStart = pathToAppend.indexOf("?"); if (searchStart !== -1) { - const path2 = pathToAppend.substring(0, searchStart); + const path3 = pathToAppend.substring(0, searchStart); const search = pathToAppend.substring(searchStart + 1); - newPath = newPath + path2; + newPath = newPath + path3; if (search) { parsedUrl.search = parsedUrl.search ? `${parsedUrl.search}&${search}` : search; } @@ -80219,10 +80219,10 @@ var require_utils_common = __commonJS({ var constants_js_1 = require_constants15(); function escapeURLPath(url) { const urlParsed = new URL(url); - let path2 = urlParsed.pathname; - path2 = path2 || "/"; - path2 = escape2(path2); - urlParsed.pathname = path2; + let path3 = urlParsed.pathname; + path3 = path3 || "/"; + path3 = escape2(path3); + urlParsed.pathname = path3; return urlParsed.toString(); } function getProxyUriFromDevConnString(connectionString) { @@ -80307,9 +80307,9 @@ var require_utils_common = __commonJS({ } function appendToURLPath(url, name) { const urlParsed = new URL(url); - let path2 = urlParsed.pathname; - path2 = path2 ? path2.endsWith("/") ? `${path2}${name}` : `${path2}/${name}` : name; - urlParsed.pathname = path2; + let path3 = urlParsed.pathname; + path3 = path3 ? path3.endsWith("/") ? `${path3}${name}` : `${path3}/${name}` : name; + urlParsed.pathname = path3; return urlParsed.toString(); } function setURLParameter(url, name, value) { @@ -81536,9 +81536,9 @@ var require_StorageSharedKeyCredentialPolicy = __commonJS({ * @param request - */ getCanonicalizedResourceString(request2) { - const path2 = (0, utils_common_js_1.getURLPath)(request2.url) || "/"; + const path3 = (0, utils_common_js_1.getURLPath)(request2.url) || "/"; let canonicalizedResourceString = ""; - canonicalizedResourceString += `/${this.factory.accountName}${path2}`; + canonicalizedResourceString += `/${this.factory.accountName}${path3}`; const queries = (0, utils_common_js_1.getURLQueries)(request2.url); const lowercaseQueries = {}; if (queries) { @@ -82277,10 +82277,10 @@ var require_utils_common2 = __commonJS({ var constants_js_1 = require_constants16(); function escapeURLPath(url) { const urlParsed = new URL(url); - let path2 = urlParsed.pathname; - path2 = path2 || "/"; - path2 = escape2(path2); - urlParsed.pathname = path2; + let path3 = urlParsed.pathname; + path3 = path3 || "/"; + path3 = escape2(path3); + urlParsed.pathname = path3; return urlParsed.toString(); } function getProxyUriFromDevConnString(connectionString) { @@ -82365,9 +82365,9 @@ var require_utils_common2 = __commonJS({ } function appendToURLPath(url, name) { const urlParsed = new URL(url); - let path2 = urlParsed.pathname; - path2 = path2 ? path2.endsWith("/") ? `${path2}${name}` : `${path2}/${name}` : name; - urlParsed.pathname = path2; + let path3 = urlParsed.pathname; + path3 = path3 ? path3.endsWith("/") ? `${path3}${name}` : `${path3}/${name}` : name; + urlParsed.pathname = path3; return urlParsed.toString(); } function setURLParameter(url, name, value) { @@ -83288,9 +83288,9 @@ var require_StorageSharedKeyCredentialPolicy2 = __commonJS({ * @param request - */ getCanonicalizedResourceString(request2) { - const path2 = (0, utils_common_js_1.getURLPath)(request2.url) || "/"; + const path3 = (0, utils_common_js_1.getURLPath)(request2.url) || "/"; let canonicalizedResourceString = ""; - canonicalizedResourceString += `/${this.factory.accountName}${path2}`; + canonicalizedResourceString += `/${this.factory.accountName}${path3}`; const queries = (0, utils_common_js_1.getURLQueries)(request2.url); const lowercaseQueries = {}; if (queries) { @@ -83920,9 +83920,9 @@ var require_StorageSharedKeyCredentialPolicyV2 = __commonJS({ return canonicalizedHeadersStringToSign; } function getCanonicalizedResourceString(request2) { - const path2 = (0, utils_common_js_1.getURLPath)(request2.url) || "/"; + const path3 = (0, utils_common_js_1.getURLPath)(request2.url) || "/"; let canonicalizedResourceString = ""; - canonicalizedResourceString += `/${options.accountName}${path2}`; + canonicalizedResourceString += `/${options.accountName}${path3}`; const queries = (0, utils_common_js_1.getURLQueries)(request2.url); const lowercaseQueries = {}; if (queries) { @@ -84267,9 +84267,9 @@ var require_StorageSharedKeyCredentialPolicyV22 = __commonJS({ return canonicalizedHeadersStringToSign; } function getCanonicalizedResourceString(request2) { - const path2 = (0, utils_common_js_1.getURLPath)(request2.url) || "/"; + const path3 = (0, utils_common_js_1.getURLPath)(request2.url) || "/"; let canonicalizedResourceString = ""; - canonicalizedResourceString += `/${options.accountName}${path2}`; + canonicalizedResourceString += `/${options.accountName}${path3}`; const queries = (0, utils_common_js_1.getURLQueries)(request2.url); const lowercaseQueries = {}; if (queries) { @@ -105924,8 +105924,8 @@ var require_BlobBatch = __commonJS({ if (this.operationCount >= constants_js_1.BATCH_MAX_REQUEST) { throw new RangeError(`Cannot exceed ${constants_js_1.BATCH_MAX_REQUEST} sub requests in a single batch`); } - const path2 = (0, utils_common_js_1.getURLPath)(subRequest.url); - if (!path2 || path2 === "") { + const path3 = (0, utils_common_js_1.getURLPath)(subRequest.url); + if (!path3 || path3 === "") { throw new RangeError(`Invalid url for sub request: '${subRequest.url}'`); } } @@ -106003,8 +106003,8 @@ var require_BlobBatchClient = __commonJS({ pipeline = (0, Pipeline_js_1.newPipeline)(credentialOrPipeline, options); } const storageClientContext = new StorageContextClient_js_1.StorageContextClient(url, (0, Pipeline_js_1.getCoreClientOptions)(pipeline)); - const path2 = (0, utils_common_js_1.getURLPath)(url); - if (path2 && path2 !== "/") { + const path3 = (0, utils_common_js_1.getURLPath)(url); + if (path3 && path3 !== "/") { this.serviceOrContainerContext = storageClientContext.container; } else { this.serviceOrContainerContext = storageClientContext.service; @@ -115313,7 +115313,7 @@ var require_tar = __commonJS({ var exec_1 = require_exec(); var io4 = __importStar2(require_io()); var fs_1 = require("fs"); - var path2 = __importStar2(require("path")); + var path3 = __importStar2(require("path")); var utils = __importStar2(require_cacheUtils()); var constants_1 = require_constants12(); var IS_WINDOWS = process.platform === "win32"; @@ -115359,13 +115359,13 @@ var require_tar = __commonJS({ const BSD_TAR_ZSTD = tarPath.type === constants_1.ArchiveToolType.BSD && compressionMethod !== constants_1.CompressionMethod.Gzip && IS_WINDOWS; switch (type2) { case "create": - args.push("--posix", "-cf", BSD_TAR_ZSTD ? tarFile : cacheFileName.replace(new RegExp(`\\${path2.sep}`, "g"), "/"), "--exclude", BSD_TAR_ZSTD ? tarFile : cacheFileName.replace(new RegExp(`\\${path2.sep}`, "g"), "/"), "-P", "-C", workingDirectory.replace(new RegExp(`\\${path2.sep}`, "g"), "/"), "--files-from", constants_1.ManifestFilename); + args.push("--posix", "-cf", BSD_TAR_ZSTD ? tarFile : cacheFileName.replace(new RegExp(`\\${path3.sep}`, "g"), "/"), "--exclude", BSD_TAR_ZSTD ? tarFile : cacheFileName.replace(new RegExp(`\\${path3.sep}`, "g"), "/"), "-P", "-C", workingDirectory.replace(new RegExp(`\\${path3.sep}`, "g"), "/"), "--files-from", constants_1.ManifestFilename); break; case "extract": - args.push("-xf", BSD_TAR_ZSTD ? tarFile : archivePath.replace(new RegExp(`\\${path2.sep}`, "g"), "/"), "-P", "-C", workingDirectory.replace(new RegExp(`\\${path2.sep}`, "g"), "/")); + args.push("-xf", BSD_TAR_ZSTD ? tarFile : archivePath.replace(new RegExp(`\\${path3.sep}`, "g"), "/"), "-P", "-C", workingDirectory.replace(new RegExp(`\\${path3.sep}`, "g"), "/")); break; case "list": - args.push("-tf", BSD_TAR_ZSTD ? tarFile : archivePath.replace(new RegExp(`\\${path2.sep}`, "g"), "/"), "-P"); + args.push("-tf", BSD_TAR_ZSTD ? tarFile : archivePath.replace(new RegExp(`\\${path3.sep}`, "g"), "/"), "-P"); break; } if (tarPath.type === constants_1.ArchiveToolType.GNU) { @@ -115411,7 +115411,7 @@ var require_tar = __commonJS({ return BSD_TAR_ZSTD ? [ "zstd -d --long=30 --force -o", constants_1.TarFilename, - archivePath.replace(new RegExp(`\\${path2.sep}`, "g"), "/") + archivePath.replace(new RegExp(`\\${path3.sep}`, "g"), "/") ] : [ "--use-compress-program", IS_WINDOWS ? '"zstd -d --long=30"' : "unzstd --long=30" @@ -115420,7 +115420,7 @@ var require_tar = __commonJS({ return BSD_TAR_ZSTD ? [ "zstd -d --force -o", constants_1.TarFilename, - archivePath.replace(new RegExp(`\\${path2.sep}`, "g"), "/") + archivePath.replace(new RegExp(`\\${path3.sep}`, "g"), "/") ] : ["--use-compress-program", IS_WINDOWS ? '"zstd -d"' : "unzstd"]; default: return ["-z"]; @@ -115435,7 +115435,7 @@ var require_tar = __commonJS({ case constants_1.CompressionMethod.Zstd: return BSD_TAR_ZSTD ? [ "zstd -T0 --long=30 --force -o", - cacheFileName.replace(new RegExp(`\\${path2.sep}`, "g"), "/"), + cacheFileName.replace(new RegExp(`\\${path3.sep}`, "g"), "/"), constants_1.TarFilename ] : [ "--use-compress-program", @@ -115444,7 +115444,7 @@ var require_tar = __commonJS({ case constants_1.CompressionMethod.ZstdWithoutLong: return BSD_TAR_ZSTD ? [ "zstd -T0 --force -o", - cacheFileName.replace(new RegExp(`\\${path2.sep}`, "g"), "/"), + cacheFileName.replace(new RegExp(`\\${path3.sep}`, "g"), "/"), constants_1.TarFilename ] : ["--use-compress-program", IS_WINDOWS ? '"zstd -T0"' : "zstdmt"]; default: @@ -115482,7 +115482,7 @@ var require_tar = __commonJS({ } function createTar(archiveFolder, sourceDirectories, compressionMethod) { return __awaiter2(this, void 0, void 0, function* () { - (0, fs_1.writeFileSync)(path2.join(archiveFolder, constants_1.ManifestFilename), sourceDirectories.join("\n")); + (0, fs_1.writeFileSync)(path3.join(archiveFolder, constants_1.ManifestFilename), sourceDirectories.join("\n")); const commands = yield getCommands(compressionMethod, "create"); yield execCommands(commands, archiveFolder); }); @@ -115564,7 +115564,7 @@ var require_cache5 = __commonJS({ exports2.restoreCache = restoreCache3; exports2.saveCache = saveCache3; var core12 = __importStar2(require_core()); - var path2 = __importStar2(require("path")); + var path3 = __importStar2(require("path")); var utils = __importStar2(require_cacheUtils()); var cacheHttpClient = __importStar2(require_cacheHttpClient()); var cacheTwirpClient = __importStar2(require_cacheTwirpClient()); @@ -115659,7 +115659,7 @@ var require_cache5 = __commonJS({ core12.info("Lookup only - skipping download"); return cacheEntry.cacheKey; } - archivePath = path2.join(yield utils.createTempDirectory(), utils.getCacheFileName(compressionMethod)); + archivePath = path3.join(yield utils.createTempDirectory(), utils.getCacheFileName(compressionMethod)); core12.debug(`Archive Path: ${archivePath}`); yield cacheHttpClient.downloadCache(cacheEntry.archiveLocation, archivePath, options); if (core12.isDebug()) { @@ -115728,7 +115728,7 @@ var require_cache5 = __commonJS({ core12.info("Lookup only - skipping download"); return response.matchedKey; } - archivePath = path2.join(yield utils.createTempDirectory(), utils.getCacheFileName(compressionMethod)); + archivePath = path3.join(yield utils.createTempDirectory(), utils.getCacheFileName(compressionMethod)); core12.debug(`Archive path: ${archivePath}`); core12.debug(`Starting download of archive to: ${archivePath}`); yield cacheHttpClient.downloadCache(response.signedDownloadUrl, archivePath, options); @@ -115790,7 +115790,7 @@ var require_cache5 = __commonJS({ throw new Error(`Path Validation Error: Path(s) specified in the action for caching do(es) not exist, hence no cache is being saved.`); } const archiveFolder = yield utils.createTempDirectory(); - const archivePath = path2.join(archiveFolder, utils.getCacheFileName(compressionMethod)); + const archivePath = path3.join(archiveFolder, utils.getCacheFileName(compressionMethod)); core12.debug(`Archive Path: ${archivePath}`); try { yield (0, tar_1.createTar)(archiveFolder, cachePaths, compressionMethod); @@ -115854,7 +115854,7 @@ var require_cache5 = __commonJS({ throw new Error(`Path Validation Error: Path(s) specified in the action for caching do(es) not exist, hence no cache is being saved.`); } const archiveFolder = yield utils.createTempDirectory(); - const archivePath = path2.join(archiveFolder, utils.getCacheFileName(compressionMethod)); + const archivePath = path3.join(archiveFolder, utils.getCacheFileName(compressionMethod)); core12.debug(`Archive Path: ${archivePath}`); try { yield (0, tar_1.createTar)(archiveFolder, cachePaths, compressionMethod); @@ -115930,9 +115930,8 @@ var require_cache5 = __commonJS({ // src/start-proxy-action.ts var import_child_process = require("child_process"); -var path = __toESM(require("path")); +var path2 = __toESM(require("path")); var core11 = __toESM(require_core()); -var toolcache2 = __toESM(require_tool_cache()); var import_node_forge = __toESM(require_lib2()); // src/actions-util.ts @@ -118747,8 +118746,27 @@ var persistInputs = function() { core4.saveState(persistedInputsKey, JSON.stringify(inputEnvironmentVariables)); }; -// src/api-client.ts +// src/logging.ts var core5 = __toESM(require_core()); +function getActionsLogger() { + return { + debug: core5.debug, + info: core5.info, + warning: core5.warning, + error: core5.error, + isDebug: core5.isDebug, + startGroup: core5.startGroup, + endGroup: core5.endGroup + }; +} + +// src/start-proxy.ts +var path = __toESM(require("path")); +var core10 = __toESM(require_core()); +var toolcache = __toESM(require_tool_cache()); + +// src/api-client.ts +var core6 = __toESM(require_core()); var githubUtils = __toESM(require_utils5()); // node_modules/@octokit/plugin-retry/dist-bundle/index.js @@ -118855,10 +118873,10 @@ function createApiClientWithDetails(apiDetails, { allowExternal = false } = {}) baseUrl: apiDetails.apiURL, userAgent: `CodeQL-Action/${getActionVersion()}`, log: { - debug: core5.debug, - info: core5.info, - warn: core5.warning, - error: core5.error + debug: core6.debug, + info: core6.info, + warn: core6.warning, + error: core6.error } }) ); @@ -118909,28 +118927,10 @@ async function getAnalysisKey() { const workflowPath = await getWorkflowRelativePath(); const jobName = getRequiredEnvParam("GITHUB_JOB"); analysisKey = `${workflowPath}:${jobName}`; - core5.exportVariable("CODEQL_ACTION_ANALYSIS_KEY" /* ANALYSIS_KEY */, analysisKey); + core6.exportVariable("CODEQL_ACTION_ANALYSIS_KEY" /* ANALYSIS_KEY */, analysisKey); return analysisKey; } -// src/logging.ts -var core6 = __toESM(require_core()); -function getActionsLogger() { - return { - debug: core6.debug, - info: core6.info, - warning: core6.warning, - error: core6.error, - isDebug: core6.isDebug, - startGroup: core6.startGroup, - endGroup: core6.endGroup - }; -} - -// src/start-proxy.ts -var core10 = __toESM(require_core()); -var toolcache = __toESM(require_tool_cache()); - // src/artifact-scanner.ts var exec = __toESM(require_exec()); var GITHUB_PAT_CLASSIC_PATTERN = { @@ -119796,16 +119796,39 @@ async function extractProxy(logger, archive) { throw new StartProxyError("Failed to extract proxy archive." /* ExtractionFailed */); } } -async function cacheProxy(logger, path2, filename, version) { +async function cacheProxy(logger, source, filename, version) { try { - return await toolcache.cacheDir(path2, filename, version); + return await toolcache.cacheDir(source, filename, version); } catch (error3) { logger.error( - `Failed to add proxy archive from ${path2} to toolcache: ${getErrorMessage(error3)}` + `Failed to add proxy archive from ${source} to toolcache: ${getErrorMessage(error3)}` ); throw new StartProxyError("Failed to add proxy to toolcache" /* CacheFailed */); } } +async function getProxyBinaryPath(logger) { + const proxyFileName = process.platform === "win32" ? `${UPDATEJOB_PROXY}.exe` : UPDATEJOB_PROXY; + const proxyInfo = await getDownloadUrl(logger); + let proxyBin = toolcache.find(proxyFileName, proxyInfo.version); + if (!proxyBin) { + const apiDetails = getApiDetails(); + const authorization = getAuthorizationHeaderFor( + logger, + apiDetails, + proxyInfo.url + ); + const temp = await downloadProxy(logger, proxyInfo.url, authorization); + const extracted = await extractProxy(logger, temp); + proxyBin = await cacheProxy( + logger, + extracted, + proxyFileName, + proxyInfo.version + ); + } + proxyBin = path.join(proxyBin, proxyFileName); + return proxyBin; +} // src/start-proxy-action.ts var KEY_SIZE = 2048; @@ -119860,7 +119883,7 @@ async function run(startedAt) { try { persistInputs(); const tempDir = getTemporaryDirectory(); - const proxyLogFilePath = path.resolve(tempDir, "proxy.log"); + const proxyLogFilePath = path2.resolve(tempDir, "proxy.log"); core11.saveState("proxy-log-file", proxyLogFilePath); const languageInput = getOptionalInput("language"); language = languageInput ? parseLanguage(languageInput) : void 0; @@ -119957,29 +119980,6 @@ async function startProxy(binPath, config, logFilePath, logger) { })); core11.setOutput("proxy_urls", JSON.stringify(registry_urls)); } -async function getProxyBinaryPath(logger) { - const proxyFileName = process.platform === "win32" ? `${UPDATEJOB_PROXY}.exe` : UPDATEJOB_PROXY; - const proxyInfo = await getDownloadUrl(logger); - let proxyBin = toolcache2.find(proxyFileName, proxyInfo.version); - if (!proxyBin) { - const apiDetails = getApiDetails(); - const authorization = getAuthorizationHeaderFor( - logger, - apiDetails, - proxyInfo.url - ); - const temp = await downloadProxy(logger, proxyInfo.url, authorization); - const extracted = await extractProxy(logger, temp); - proxyBin = await cacheProxy( - logger, - extracted, - proxyFileName, - proxyInfo.version - ); - } - proxyBin = path.join(proxyBin, proxyFileName); - return proxyBin; -} void runWrapper(); /*! Bundled license information: diff --git a/src/start-proxy-action.ts b/src/start-proxy-action.ts index db55a9e05e..8c945851ba 100644 --- a/src/start-proxy-action.ts +++ b/src/start-proxy-action.ts @@ -2,25 +2,19 @@ import { ChildProcess, spawn } from "child_process"; import * as path from "path"; import * as core from "@actions/core"; -import * as toolcache from "@actions/tool-cache"; import { pki } from "node-forge"; import * as actionsUtil from "./actions-util"; -import { getApiDetails, getAuthorizationHeaderFor } from "./api-client"; import { KnownLanguage } from "./languages"; import { getActionsLogger, Logger } from "./logging"; import { - cacheProxy, Credential, credentialToStr, - downloadProxy, - extractProxy, getCredentials, - getDownloadUrl, + getProxyBinaryPath, parseLanguage, sendFailedStatusReport, sendSuccessStatusReport, - UPDATEJOB_PROXY, } from "./start-proxy"; import { ActionName, sendUnhandledErrorStatusReport } from "./status-report"; import * as util from "./util"; @@ -228,30 +222,4 @@ async function startProxy( core.setOutput("proxy_urls", JSON.stringify(registry_urls)); } -async function getProxyBinaryPath(logger: Logger): Promise { - const proxyFileName = - process.platform === "win32" ? `${UPDATEJOB_PROXY}.exe` : UPDATEJOB_PROXY; - const proxyInfo = await getDownloadUrl(logger); - - let proxyBin = toolcache.find(proxyFileName, proxyInfo.version); - if (!proxyBin) { - const apiDetails = getApiDetails(); - const authorization = getAuthorizationHeaderFor( - logger, - apiDetails, - proxyInfo.url, - ); - const temp = await downloadProxy(logger, proxyInfo.url, authorization); - const extracted = await extractProxy(logger, temp); - proxyBin = await cacheProxy( - logger, - extracted, - proxyFileName, - proxyInfo.version, - ); - } - proxyBin = path.join(proxyBin, proxyFileName); - return proxyBin; -} - void runWrapper(); diff --git a/src/start-proxy.ts b/src/start-proxy.ts index 16bf40367e..94d373fa13 100644 --- a/src/start-proxy.ts +++ b/src/start-proxy.ts @@ -1,7 +1,13 @@ +import * as path from "path"; + import * as core from "@actions/core"; import * as toolcache from "@actions/tool-cache"; -import { getApiClient } from "./api-client"; +import { + getApiClient, + getApiDetails, + getAuthorizationHeaderFor, +} from "./api-client"; import * as artifactScanner from "./artifact-scanner"; import { Config } from "./config-utils"; import * as defaults from "./defaults.json"; @@ -459,23 +465,57 @@ export async function extractProxy(logger: Logger, archive: string) { * Attempts to store the proxy in the toolcache. * * @param logger The logger to use. - * @param path The source path to add to the toolcache. + * @param source The source path to add to the toolcache. * @param filename The filename of the proxy binary. * @param version The version of the proxy. * @returns The path to the directory in the toolcache. */ export async function cacheProxy( logger: Logger, - path: string, + source: string, filename: string, version: string, ) { try { - return await toolcache.cacheDir(path, filename, version); + return await toolcache.cacheDir(source, filename, version); } catch (error) { logger.error( - `Failed to add proxy archive from ${path} to toolcache: ${getErrorMessage(error)}`, + `Failed to add proxy archive from ${source} to toolcache: ${getErrorMessage(error)}`, ); throw new StartProxyError(StartProxyErrorType.CacheFailed); } } + +/** + * Gets a path to the proxy binary. If possible, this function will find the proxy in the + * runner's tool cache. Otherwise, it downloads and extracts the proxy binary, + * and stores it in the tool cache. + * + * @param logger The logger to use. + * @returns The path to the proxy binary. + */ +export async function getProxyBinaryPath(logger: Logger): Promise { + const proxyFileName = + process.platform === "win32" ? `${UPDATEJOB_PROXY}.exe` : UPDATEJOB_PROXY; + const proxyInfo = await getDownloadUrl(logger); + + let proxyBin = toolcache.find(proxyFileName, proxyInfo.version); + if (!proxyBin) { + const apiDetails = getApiDetails(); + const authorization = getAuthorizationHeaderFor( + logger, + apiDetails, + proxyInfo.url, + ); + const temp = await downloadProxy(logger, proxyInfo.url, authorization); + const extracted = await extractProxy(logger, temp); + proxyBin = await cacheProxy( + logger, + extracted, + proxyFileName, + proxyInfo.version, + ); + } + proxyBin = path.join(proxyBin, proxyFileName); + return proxyBin; +} From d94d88d7179f52a913cc19bb7ad547d35d790778 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 29 Jan 2026 15:06:20 +0000 Subject: [PATCH 11/13] Add tests for `getProxyBinaryPath` --- src/start-proxy.test.ts | 55 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/src/start-proxy.test.ts b/src/start-proxy.test.ts index a5a0896730..6cd1b2e983 100644 --- a/src/start-proxy.test.ts +++ b/src/start-proxy.test.ts @@ -473,3 +473,58 @@ test( await startProxyExports.cacheProxy(logger, "/other/path", "proxy", "1.0"); }, ); + +test("getProxyBinaryPath - returns path from tool cache if available", async (t) => { + mockGetReleaseByTag(); + + await withRecordingLoggerAsync(async (logger) => { + const toolcachePath = "/path/to/proxy/dir"; + sinon.stub(toolcache, "find").returns(toolcachePath); + + const path = await startProxyExports.getProxyBinaryPath(logger); + + t.assert(path); + t.assert(path.startsWith(toolcachePath)); + }); +}); + +test("getProxyBinaryPath - downloads proxy if not in cache", async (t) => { + const downloadUrl = "url-we-want"; + mockGetReleaseByTag([ + { name: startProxyExports.getProxyPackage(), url: downloadUrl }, + ]); + + await withRecordingLoggerAsync(async (logger) => { + const toolcachePath = "/path/to/proxy/dir"; + const find = sinon.stub(toolcache, "find").returns(""); + const getApiDetails = sinon.stub(apiClient, "getApiDetails").returns({ + auth: "", + url: "", + apiURL: "", + }); + const getAuthorizationHeaderFor = sinon + .stub(apiClient, "getAuthorizationHeaderFor") + .returns(undefined); + const archivePath = "/path/to/archive"; + const downloadTool = sinon + .stub(toolcache, "downloadTool") + .resolves(archivePath); + const extractedPath = "/path/to/extracted"; + const extractTar = sinon + .stub(toolcache, "extractTar") + .resolves(extractedPath); + const cacheDir = sinon.stub(toolcache, "cacheDir").resolves(toolcachePath); + + const path = await startProxyExports.getProxyBinaryPath(logger); + + t.assert(find.calledOnce); + t.assert(getApiDetails.calledOnce); + t.assert(getAuthorizationHeaderFor.calledOnce); + t.assert(downloadTool.calledOnceWith(downloadUrl)); + t.assert(extractTar.calledOnceWith(archivePath)); + t.assert(cacheDir.calledOnceWith(extractedPath)); + + t.assert(path); + t.assert(path.startsWith(toolcachePath)); + }); +}); From a1c70789a3ea5d78e5387cdd10ed33f937a57f2c Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 29 Jan 2026 15:09:21 +0000 Subject: [PATCH 12/13] Use `getSafeErrorMessage` for unhandled error message --- lib/start-proxy-action.js | 2 +- src/start-proxy-action.ts | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 9d9daed04e..a9e8e7fd98 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -119930,7 +119930,7 @@ async function runWrapper() { await sendUnhandledErrorStatusReport( "start-proxy" /* StartProxy */, startedAt, - new Error("Error from start-proxy Action omitted"), + getSafeErrorMessage(wrapError(error3)), logger ); } diff --git a/src/start-proxy-action.ts b/src/start-proxy-action.ts index 8c945851ba..195df354b5 100644 --- a/src/start-proxy-action.ts +++ b/src/start-proxy-action.ts @@ -12,6 +12,7 @@ import { credentialToStr, getCredentials, getProxyBinaryPath, + getSafeErrorMessage, parseLanguage, sendFailedStatusReport, sendSuccessStatusReport, @@ -159,7 +160,7 @@ async function runWrapper() { await sendUnhandledErrorStatusReport( ActionName.StartProxy, startedAt, - new Error("Error from start-proxy Action omitted"), + getSafeErrorMessage(util.wrapError(error)), logger, ); } From beb9f533dbd7edd6529676c55a4af041f79aa149 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 29 Jan 2026 15:17:45 +0000 Subject: [PATCH 13/13] Add and use `getProxyFilename` --- lib/start-proxy-action.js | 5 ++++- src/start-proxy.test.ts | 12 ++++++++++-- src/start-proxy.ts | 12 ++++++++++-- 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index a9e8e7fd98..2bdc411b7c 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -119806,8 +119806,11 @@ async function cacheProxy(logger, source, filename, version) { throw new StartProxyError("Failed to add proxy to toolcache" /* CacheFailed */); } } +function getProxyFilename() { + return process.platform === "win32" ? `${UPDATEJOB_PROXY}.exe` : UPDATEJOB_PROXY; +} async function getProxyBinaryPath(logger) { - const proxyFileName = process.platform === "win32" ? `${UPDATEJOB_PROXY}.exe` : UPDATEJOB_PROXY; + const proxyFileName = getProxyFilename(); const proxyInfo = await getDownloadUrl(logger); let proxyBin = toolcache.find(proxyFileName, proxyInfo.version); if (!proxyBin) { diff --git a/src/start-proxy.test.ts b/src/start-proxy.test.ts index 6cd1b2e983..f7a0dd7077 100644 --- a/src/start-proxy.test.ts +++ b/src/start-proxy.test.ts @@ -1,3 +1,5 @@ +import * as filepath from "path"; + import * as core from "@actions/core"; import * as toolcache from "@actions/tool-cache"; import test, { ExecutionContext } from "ava"; @@ -484,7 +486,10 @@ test("getProxyBinaryPath - returns path from tool cache if available", async (t) const path = await startProxyExports.getProxyBinaryPath(logger); t.assert(path); - t.assert(path.startsWith(toolcachePath)); + t.is( + path, + filepath.join(toolcachePath, startProxyExports.getProxyFilename()), + ); }); }); @@ -525,6 +530,9 @@ test("getProxyBinaryPath - downloads proxy if not in cache", async (t) => { t.assert(cacheDir.calledOnceWith(extractedPath)); t.assert(path); - t.assert(path.startsWith(toolcachePath)); + t.is( + path, + filepath.join(toolcachePath, startProxyExports.getProxyFilename()), + ); }); }); diff --git a/src/start-proxy.ts b/src/start-proxy.ts index 94d373fa13..980eb44b68 100644 --- a/src/start-proxy.ts +++ b/src/start-proxy.ts @@ -486,6 +486,15 @@ export async function cacheProxy( } } +/** + * Returns the platform-specific filename of the proxy binary. + */ +export function getProxyFilename() { + return process.platform === "win32" + ? `${UPDATEJOB_PROXY}.exe` + : UPDATEJOB_PROXY; +} + /** * Gets a path to the proxy binary. If possible, this function will find the proxy in the * runner's tool cache. Otherwise, it downloads and extracts the proxy binary, @@ -495,8 +504,7 @@ export async function cacheProxy( * @returns The path to the proxy binary. */ export async function getProxyBinaryPath(logger: Logger): Promise { - const proxyFileName = - process.platform === "win32" ? `${UPDATEJOB_PROXY}.exe` : UPDATEJOB_PROXY; + const proxyFileName = getProxyFilename(); const proxyInfo = await getDownloadUrl(logger); let proxyBin = toolcache.find(proxyFileName, proxyInfo.version);