{"version":3,"sources":["signature.ts"],"names":["SecurityTimestamper","HasherSha1","HasherSha256","templates","Signature","Object","constructor","Map","defaults","certificate","keyPrivate","timestampUrl","timestampUriSignature","timestampUriPackage","reset","_packageManifest","_manifestDiest","_signedInfo","_signature","_keyInfo","_timestamp","addFile","uri","data","Error","digestB64","_base64Encode","_hashSha256","uriEncoded","replace","push","_templated","digest","manifest","join","Buffer","from","signed","sign","signedInfo","keyInfo","_buildKeyInfo","signature","timestamp","message","timestamper","_createSecurityTimestamper","_hashSha1","encode","manifestDiest","_createTimestampXml","_getTimestampDataReferenceUris","r","name","values","template","_templates","get","str","index","i","length","url","_createHasherSha1","_createHasherSha256","hasher","update","chunk","delimit","b64","toString","chunks","substr","timestampBase64","result","certchain","crlValidationCerts","crls","_buildAndVerifyCertChain","out","encodeCertchain"],"mappings":";AAEA,SAAQA,mBAAR,QAAkC,4BAAlC;AACA,SAAQC,UAAR,QAAyB,mBAAzB;AACA,SAAQC,YAAR,QAA2B,qBAA3B;AAEA,MAAMC,SAA6B,GAAG,CACrC,CACC,aADD,EAEC,KACF,wCAHC,CADqC,EAMrC,CACC,KADD,EAEC,KACF,wBAHC,CANqC,EAWrC,CACC,eADD,EAEC,KACF,uBADE,GAED,mFAFC,GAGD,gCAHC,GAIF,cANC,CAXqC,EAmBrC,CACC,iBADD,EAEC,KACF,0FAHC,CAnBqC,EAwBrC,CACC,kBADD,EAEC,KACF,gBADE,GAEF,kFAFE,GAGF,oBAHE,GAIF,+FAJE,GAKF,mFALE,GAMF,4CANE,GAOF,wBAPE,GAQF,sFARE,GASF,yBATE,GAUF,+EAVE,GAWF,0CAXE,GAYF,sBAZE,GAaF,qBAbE,GAcF,uEAdE,GAeF,iBAfE,GAgBF,oBAhBE,GAiBF,eAjBE,GAkBF,qBAlBE,GAmBF,kBAnBE,GAoBF,gBApBE,GAqBF,yCArBE,GAsBF,eAtBE,GAuBF,qBAvBE,GAwBF,iBAxBE,GAyBF,WAzBE,GA0BF,kBA1BE,GA2BF,iBA7BC,CAxBqC,EAuDrC,CACC,YADD,EAEC,KACF,yDADE,GAED,+GAFC,GAGD,4FAHC,GAID,oCAJC,GAKA,cALA,GAMC,qFAND,GAOA,eAPA,GAQA,mFARA,GASA,gCATA,GAUD,cAVC,GAWF,eAbC,CAvDqC,EAsErC,CACC,WADD,EAEC,KACF,8DADE,GAEF,kCAFE,GAGF,oCAHE,GAIF,6CAJE,GAKF,sCALE,GAMF,2CANE,GAOF,2BAPE,GAQF,0FARE,GASF,6BATE,GAUF,6CAVE,GAWF,qBAXE,GAYF,qDAZE,GAaF,yCAbE,GAcF,uCAdE,GAeF,+CAfE,GAgBF,mCAhBE,GAiBF,mCAjBE,GAkBF,WApBC,CAtEqC,EA4FrC,CACC,gBADD,EAEC,KACF,4GAHC,CA5FqC,CAAtC;AAmGA;AACA;AACA;;AACA,OAAO,MAAMC,SAAN,SAAwBC,MAAxB,CAA+B;AACrC;AACD;AACA;;AAGC;AACD;AACA;;AAGC;AACD;AACA;;AAGC;AACD;AACA;;AAGC;AACD;AACA;;AAGC;AACD;AACA;;AAGC;AACD;AACA;;AAGC;AACD;AACA;;AAGC;AACD;AACA;;AAGC;AACD;AACA;;AAGC;AACD;AACA;;AAGC;AACD;AACA;AAGCC,EAAAA,WAAW,GAAG;AACb;;AADa,yCAzDmC,IAyDnC;;AAAA,wCApDiC,IAoDjC;;AAAA,0CA/CuB,IA+CvB;;AAAA,mDA1CiB,KA0CjB;;AAAA,iDArCe,IAqCf;;AAAA,wCAhCS,IAAIC,GAAJ,CAAQJ,SAAR,CAgCT;;AAAA,8CA3ByB,EA2BzB;;AAAA,4CAtB4B,IAsB5B;;AAAA,yCAjByB,IAiBzB;;AAAA,wCAZwB,IAYxB;;AAAA,sCAPsB,IAOtB;;AAAA,wCAFwB,IAExB;AAEb;AAED;AACD;AACA;;;AACQK,EAAAA,QAAQ,GAAG;AACjB,SAAKC,WAAL,GAAmB,IAAnB;AACA,SAAKC,UAAL,GAAkB,IAAlB;AACA,SAAKC,YAAL,GAAoB,IAApB;AACA,SAAKC,qBAAL,GAA6B,KAA7B;AACA,SAAKC,mBAAL,GAA2B,IAA3B;AACA;AAED;AACD;AACA;;;AACQC,EAAAA,KAAK,GAAG;AACd,SAAKC,gBAAL,GAAwB,EAAxB;AACA,SAAKC,cAAL,GAAsB,IAAtB;AACA,SAAKC,WAAL,GAAmB,IAAnB;AACA,SAAKC,UAAL,GAAkB,IAAlB;AACA,SAAKC,QAAL,GAAgB,IAAhB;AACA,SAAKC,UAAL,GAAkB,IAAlB;AACA;AAED;AACD;AACA;AACA;AACA;AACA;;;AACQC,EAAAA,OAAO,CAACC,GAAD,EAAcC,IAAd,EAAsC;AACnD,QAAI,KAAKN,WAAL,IAAoB,KAAKD,cAA7B,EAA6C;AAC5C,YAAM,IAAIQ,KAAJ,CAAU,2BAAV,CAAN;AACA;;AAED,UAAMC,SAAS,GAAG,KAAKC,aAAL,CAAmB,KAAKC,WAAL,CAAiBJ,IAAjB,CAAnB,CAAlB,CALmD,CAOnD;;;AACA,UAAMK,UAAU,GAAGN,GAAG,CAACO,OAAJ,CAAY,IAAZ,EAAkB,OAAlB,CAAnB;;AAEA,SAAKd,gBAAL,CAAsBe,IAAtB,CACC,KAAKC,UAAL,CAAgB,eAAhB,EAAiC,CAACH,UAAD,EAAaH,SAAb,CAAjC,CADD;AAGA;AAED;AACD;AACA;;;AACQO,EAAAA,MAAM,GAAG;AACf,QAAI,KAAKf,WAAL,IAAoB,KAAKD,cAA7B,EAA6C;AAC5C,YAAM,IAAIQ,KAAJ,CAAU,gBAAV,CAAN;AACA;;AAED,UAAMS,QAAQ,GAAG,KAAKF,UAAL,CAAgB,iBAAhB,EAAmC,CACnD,KAAKhB,gBAAL,CAAsBmB,IAAtB,CAA2B,EAA3B,CADmD,CAAnC,CAAjB;;AAGA,UAAMF,MAAM,GAAG,KAAKL,WAAL,CAAiBQ,MAAM,CAACC,IAAP,CAAYH,QAAZ,EAAsB,MAAtB,CAAjB,CAAf;;AACA,UAAMI,MAAM,GAAG,KAAKN,UAAL,CAAgB,YAAhB,EAA8B,CAC5C,KAAKL,aAAL,CAAmBM,MAAnB,CAD4C,CAA9B,CAAf;;AAIA,SAAKhB,cAAL,GAAsBgB,MAAtB;AACA,SAAKf,WAAL,GAAmBoB,MAAnB;AACA;AAED;AACD;AACA;;;AACQC,EAAAA,IAAI,GAAG;AACb,QAAI,KAAKpB,UAAL,IAAmB,KAAKC,QAAL,KAAkB,IAAzC,EAA+C;AAC9C,YAAM,IAAIK,KAAJ,CAAU,gBAAV,CAAN;AACA;;AAED,UAAMe,UAAU,GAAG,KAAKtB,WAAxB;;AACA,QAAI,CAACsB,UAAL,EAAiB;AAChB,YAAM,IAAIf,KAAJ,CAAU,yBAAV,CAAN;AACA;;AAED,UAAM;AAACd,MAAAA;AAAD,QAAe,IAArB;;AACA,QAAI,CAACA,UAAL,EAAiB;AAChB,YAAM,IAAIc,KAAJ,CAAU,qBAAV,CAAN;AACA;;AAED,UAAMgB,OAAO,GAAG,KAAKC,aAAL,EAAhB;;AACA,UAAMC,SAAS,GAAGhC,UAAU,CAAC4B,IAAX,CACjBH,MAAM,CAACC,IAAP,CAAYG,UAAZ,EAAwB,MAAxB,CADiB,EAEjB,MAFiB,CAAlB;AAKA,SAAKrB,UAAL,GAAkBwB,SAAlB;AACA,SAAKvB,QAAL,GAAgBqB,OAAhB;AACA;AAED;AACD;AACA;;;AACuB,QAATG,SAAS,GAAG;AACxB,QAAI,KAAKvB,UAAT,EAAqB;AACpB,YAAM,IAAII,KAAJ,CAAU,gBAAV,CAAN;AACA;;AAED,UAAMkB,SAAS,GAAG,KAAKxB,UAAvB;;AACA,QAAI,CAACwB,SAAL,EAAgB;AACf,YAAM,IAAIlB,KAAJ,CAAU,uBAAV,CAAN;AACA;;AAED,UAAM;AAACb,MAAAA;AAAD,QAAiB,IAAvB;;AACA,QAAI,CAACA,YAAL,EAAmB;AAClB,YAAM,IAAIa,KAAJ,CAAU,uBAAV,CAAN;AACA;;AAED,UAAMoB,OAAO,GAAG,KAAKb,UAAL,CAAgB,gBAAhB,EAAkC,CACjD,KAAKL,aAAL,CAAmBgB,SAAnB,CADiD,CAAlC,CAAhB;;AAIA,UAAMG,WAAW,GAAG,KAAKC,0BAAL,CAAgCnC,YAAhC,CAApB;;AACA,UAAMgC,SAAS,GAAG,MAAME,WAAW,CAACF,SAAZ,CACvB,KAAKI,SAAL,CAAeZ,MAAM,CAACC,IAAP,CAAYQ,OAAZ,EAAqB,MAArB,CAAf,CADuB,EAEvB,MAFuB,CAAxB;AAKA,SAAKxB,UAAL,GAAkBuB,SAAlB;AACA;AAED;AACD;AACA;AACA;AACA;;;AACQK,EAAAA,MAAM,GAAG;AACf,UAAMN,SAAS,GAAG,KAAKxB,UAAvB;;AACA,QAAI,CAACwB,SAAL,EAAgB;AACf,YAAM,IAAIlB,KAAJ,CAAU,uBAAV,CAAN;AACA;;AAED,UAAMyB,aAAa,GAAG,KAAKjC,cAA3B;AACA,UAAMwB,OAAO,GAAG,KAAKrB,QAArB;;AACA,QAAI,CAAC8B,aAAD,IAAkBT,OAAO,KAAK,IAAlC,EAAwC;AACvC,YAAM,IAAIhB,KAAJ,CAAU,gBAAV,CAAN;AACA;;AAED,UAAMmB,SAAS,GAAG,KAAKvB,UAAL,GAAkB,KAAK8B,mBAAL,EAAlB,GAA+C,EAAjE;AAEA,WAAOf,MAAM,CAACC,IAAP,CAAY,KAAKL,UAAL,CAAgB,kBAAhB,EAAoC,CACtD,KAAKL,aAAL,CAAmBuB,aAAnB,CADsD,EAEtD,KAAKvB,aAAL,CAAmBgB,SAAnB,CAFsD,EAGtDF,OAHsD,EAItD,KAAKzB,gBAAL,CAAsBmB,IAAtB,CAA2B,EAA3B,CAJsD,EAKtDS,SALsD,CAApC,CAAZ,EAMH,MANG,CAAP;AAOA;AAED;AACD;AACA;AACA;AACA;;;AACWQ,EAAAA,8BAA8B,GAAG;AAC1C,UAAMC,CAAW,GAAG,EAApB;;AACA,QAAI,KAAKxC,qBAAT,EAAgC;AAC/BwC,MAAAA,CAAC,CAACtB,IAAF,CAAO,gBAAP;AACA;;AACD,QAAI,KAAKjB,mBAAT,EAA8B;AAC7BuC,MAAAA,CAAC,CAACtB,IAAF,CAAO,wBAAP;AACA;;AACD,WAAOsB,CAAP;AACA;AAED;AACD;AACA;AACA;AACA;AACA;AACA;;;AACWrB,EAAAA,UAAU,CAACsB,IAAD,EAAeC,MAAf,EAA2C;AAC9D,UAAMC,QAAQ,GAAG,KAAKC,UAAL,CAAgBC,GAAhB,CAAoBJ,IAApB,CAAjB;;AACA,QAAI,CAACE,QAAL,EAAe;AACd,YAAM,IAAI/B,KAAJ,CAAW,0BAAyB6B,IAAK,EAAzC,CAAN;AACA;;AACD,WAAOE,QAAQ,CAAC1B,OAAT,CAAiB,YAAjB,EAA+B,CAAC6B,GAAD,EAAMC,KAAN,KAAgB;AACrD,YAAMC,CAAC,GAAG,CAACD,KAAX;;AACA,UAAIC,CAAC,IAAIN,MAAM,CAACO,MAAhB,EAAwB;AACvB,cAAM,IAAIrC,KAAJ,CAAW,uBAAsBoC,CAAE,MAAKN,MAAM,CAACO,MAAO,EAAtD,CAAN;AACA;;AACD,aAAOP,MAAM,CAACM,CAAD,CAAb;AACA,KANM,CAAP;AAOA;AAED;AACD;AACA;AACA;AACA;AACA;;;AACWd,EAAAA,0BAA0B,CAACgB,GAAD,EAAc;AACjD,WAAO,IAAI9D,mBAAJ,CAAwB8D,GAAxB,CAAP;AACA;AAED;AACD;AACA;AACA;AACA;;;AACWC,EAAAA,iBAAiB,GAAG;AAC7B,WAAO,IAAI9D,UAAJ,EAAP;AACA;AAED;AACD;AACA;AACA;AACA;;;AACW+D,EAAAA,mBAAmB,GAAG;AAC/B,WAAO,IAAI9D,YAAJ,EAAP;AACA;AAED;AACD;AACA;AACA;AACA;AACA;;;AACW6C,EAAAA,SAAS,CAACxB,IAAD,EAAyB;AAC3C,UAAM0C,MAAM,GAAG,KAAKF,iBAAL,EAAf;;AACAE,IAAAA,MAAM,CAACC,MAAP,CAAc3C,IAAd;AACA,WAAO0C,MAAM,CAACjC,MAAP,EAAP;AACA;AAED;AACD;AACA;AACA;AACA;AACA;;;AACWL,EAAAA,WAAW,CAACJ,IAAD,EAAyB;AAC7C,UAAM0C,MAAM,GAAG,KAAKD,mBAAL,EAAf;;AACAC,IAAAA,MAAM,CAACC,MAAP,CAAc3C,IAAd;AACA,WAAO0C,MAAM,CAACjC,MAAP,EAAP;AACA;AAED;AACD;AACA;AACA;AACA;AACA;AACA;AACA;;;AACWN,EAAAA,aAAa,CACtBH,IADsB,EAEtB4C,KAAK,GAAG,EAFc,EAGtBC,OAAO,GAAG,IAHY,EAIrB;AACD,QAAIC,GAAG,GAAG9C,IAAI,CAAC+C,QAAL,CAAc,QAAd,CAAV;AACA,UAAMC,MAAM,GAAG,EAAf;;AACA,WAAOF,GAAG,CAACR,MAAJ,GAAaM,KAApB,EAA2B;AAC1BI,MAAAA,MAAM,CAACzC,IAAP,CAAYuC,GAAG,CAACG,MAAJ,CAAW,CAAX,EAAcL,KAAd,CAAZ;AACAE,MAAAA,GAAG,GAAGA,GAAG,CAACG,MAAJ,CAAWL,KAAX,CAAN;AACA;;AACD,QAAIE,GAAG,CAACR,MAAR,EAAgB;AACfU,MAAAA,MAAM,CAACzC,IAAP,CAAYuC,GAAZ;AACA;;AACD,WAAOE,MAAM,CAACrC,IAAP,CAAYkC,OAAZ,CAAP;AACA;AAED;AACD;AACA;AACA;AACA;;;AACWlB,EAAAA,mBAAmB,GAAG;AAC/B,UAAMP,SAAS,GAAG,KAAKvB,UAAvB;;AACA,QAAI,CAACuB,SAAL,EAAgB;AACf,YAAM,IAAInB,KAAJ,CAAU,gBAAV,CAAN;AACA;;AAED,UAAMiD,eAAe,GAAG,KAAK/C,aAAL,CAAmBiB,SAAnB,CAAxB;;AACA,UAAM+B,MAAgB,GAAG,EAAzB;;AACA,SAAK,MAAMpD,GAAX,IAAkB,KAAK6B,8BAAL,EAAlB,EAAyD;AACxDuB,MAAAA,MAAM,CAAC5C,IAAP,CAAY,KAAKC,UAAL,CAAgB,WAAhB,EAA6B,CACxCT,GADwC,EAExCmD,eAFwC,CAA7B,CAAZ;AAIA;;AACD,WAAOC,MAAM,CAACxC,IAAP,CAAY,IAAZ,CAAP;AACA;AAED;AACD;AACA;AACA;AACA;;;AACWO,EAAAA,aAAa,GAAG;AACzB,UAAM;AACLkC,MAAAA,SADK;AAELC,MAAAA,kBAFK;AAGLC,MAAAA;AAHK,QAIF,KAAKC,wBAAL,EAJJ;;AAMA,UAAMC,GAAG,GAAG,EAAZ;;AAEA,SAAK,MAAMxD,IAAX,IAAmBoD,SAAnB,EAA8B;AAC7BI,MAAAA,GAAG,CAACjD,IAAJ,CACC,KAAKC,UAAL,CAAgB,aAAhB,EAA+B,CAAC,KAAKL,aAAL,CAAmBH,IAAnB,CAAD,CAA/B,CADD;AAGA;;AAED,QAAIsD,IAAI,CAAChB,MAAT,EAAiB;AAChB,WAAK,MAAMtC,IAAX,IAAmBqD,kBAAnB,EAAuC;AACtCG,QAAAA,GAAG,CAACjD,IAAJ,CACC,KAAKC,UAAL,CAAgB,aAAhB,EAA+B,CAAC,KAAKL,aAAL,CAAmBH,IAAnB,CAAD,CAA/B,CADD;AAGA;AACD;;AAED,SAAK,MAAMA,IAAX,IAAmBsD,IAAnB,EAAyB;AACxBE,MAAAA,GAAG,CAACjD,IAAJ,CACC,KAAKC,UAAL,CAAgB,KAAhB,EAAuB,CAAC,KAAKL,aAAL,CAAmBH,IAAnB,CAAD,CAAvB,CADD;AAGA;;AAED,WAAOwD,GAAG,CAAC7C,IAAJ,CAAS,EAAT,CAAP;AACA;AAED;AACD;AACA;AACA;AACA;;;AACW4C,EAAAA,wBAAwB,GAAG;AACpC,UAAM;AAACrE,MAAAA;AAAD,QAAgB,IAAtB;;AACA,QAAI,CAACA,WAAL,EAAkB;AACjB,YAAM,IAAIe,KAAJ,CAAU,qBAAV,CAAN;AACA,KAJmC,CAMpC;;;AACA,UAAMmD,SAAmB,GAAG,EAA5B;AACA,UAAMC,kBAA4B,GAAG,EAArC;AACA,UAAMC,IAAc,GAAG,EAAvB,CAToC,CAWpC;;AACAF,IAAAA,SAAS,CAAC7C,IAAV,CAAerB,WAAW,CAACuE,eAAZ,EAAf;AAEA,WAAO;AACNL,MAAAA,SADM;AAENC,MAAAA,kBAFM;AAGNC,MAAAA;AAHM,KAAP;AAKA;;AA7ZoC","sourcesContent":["import {SecurityCertificate} from './security/certificate';\nimport {SecurityKeyPrivate} from './security/key/private';\nimport {SecurityTimestamper} from './security/timestamper';\nimport {HasherSha1} from './hasher/sha1';\nimport {HasherSha256} from './hasher/sha256';\n\nconst templates: [string, string][] = [\n\t[\n\t\t'certificate',\n\t\t'' +\n'<X509Certificate>{0}</X509Certificate>'\n\t],\n\t[\n\t\t'crl',\n\t\t'' +\n'<X509CRL>{0}</X509CRL>'\n\t],\n\t[\n\t\t'fileReference',\n\t\t'' +\n'<Reference URI=\"{0}\">' +\n\t'<DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"></DigestMethod>' +\n\t'<DigestValue>{1}</DigestValue>' +\n'</Reference>'\n\t],\n\t[\n\t\t'packageManifest',\n\t\t'' +\n'<Manifest xmlns=\"http://www.w3.org/2000/09/xmldsig#\" Id=\"PackageContents\">{0}</Manifest>'\n\t],\n\t[\n\t\t'PackageSignature',\n\t\t'' +\n'<signatures>\\n' +\n'  <Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\" Id=\"PackageSignature\">\\n' +\n'    <SignedInfo>\\n' +\n'      <CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/>\\n' +\n'      <SignatureMethod Algorithm=\"http://www.w3.org/TR/xmldsig-core#rsa-sha1\"/>\\n' +\n'      <Reference URI=\"#PackageContents\">\\n' +\n'        <Transforms>\\n' +\n'          <Transform Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/>\\n' +\n'        </Transforms>\\n' +\n'        <DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/>\\n' +\n'        <DigestValue>{0}</DigestValue>\\n' +\n'      </Reference>\\n' +\n'    </SignedInfo>\\n' +\n'    <SignatureValue Id=\"PackageSignatureValue\">{1}</SignatureValue>\\n' +\n'    <KeyInfo>\\n' +\n'      <X509Data>\\n' +\n'        {2}\\n' +\n'      </X509Data>\\n' +\n'    </KeyInfo>\\n' +\n'    <Object>\\n' +\n'      <Manifest Id=\"PackageContents\">\\n' +\n'        {3}\\n' +\n'      </Manifest>\\n' +\n'    </Object>\\n' +\n'    {4}\\n' +\n'  </Signature>\\n' +\n'</signatures>\\n'\n\t],\n\t[\n\t\t'SignedInfo',\n\t\t'' +\n'<SignedInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">' +\n\t'<CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"></CanonicalizationMethod>' +\n\t'<SignatureMethod Algorithm=\"http://www.w3.org/TR/xmldsig-core#rsa-sha1\"></SignatureMethod>' +\n\t'<Reference URI=\"#PackageContents\">' +\n\t\t'<Transforms>' +\n\t\t\t'<Transform Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"></Transform>' +\n\t\t'</Transforms>' +\n\t\t'<DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"></DigestMethod>' +\n\t\t'<DigestValue>{0}</DigestValue>' +\n\t'</Reference>' +\n'</SignedInfo>'\n\t],\n\t[\n\t\t'timestamp',\n\t\t'' +\n'<Object xmlns:xades=\"http://uri.etsi.org/01903/v1.1.1#\" > \\n' +\n'  <xades:QualifyingProperties>\\n' +\n'    <xades:UnsignedProperties > \\n' +\n'      <xades:UnsignedSignatureProperties>\\n' +\n'        <xades:SignatureTimeStamp>\\n' +\n'     \\t  <xades:HashDataInfo uri=\"{0}\">\\n' +\n'     \\t    <Transforms>\\n' +\n'          \\t  <Transform Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/>\\n' +\n'            </Transforms>\\n' +\n'            <xades:EncapsulatedTimeStamp>\\n' +\n'              {1}\\n' +\n'            </xades:EncapsulatedTimeStamp>     \\t\\n' +\n'     \\t  </xades:HashDataInfo>     \\t\\n' +\n'        </xades:SignatureTimeStamp>\\n' +\n'      </xades:UnsignedSignatureProperties> \\n' +\n'    </xades:UnsignedProperties>\\n' +\n'  </xades:QualifyingProperties>\\n' +\n'</Object>'\n\t],\n\t[\n\t\t'SignatureValue',\n\t\t'' +\n'<SignatureValue xmlns=\"http://www.w3.org/2000/09/xmldsig#\" Id=\"PackageSignatureValue\">{0}</SignatureValue>'\n\t]\n];\n\n/**\n * Signature constructor.\n */\nexport class Signature extends Object {\n\t/**\n\t * Certificate.\n\t */\n\tpublic certificate: SecurityCertificate | null = null;\n\n\t/**\n\t * Private key.\n\t */\n\tpublic keyPrivate: SecurityKeyPrivate | null = null;\n\n\t/**\n\t * Timestamp URL.\n\t */\n\tpublic timestampUrl: string | null = null;\n\n\t/**\n\t * Timestamp URI for SignatureValue.\n\t */\n\tpublic timestampUriSignature = false;\n\n\t/**\n\t * Timestamp URI for #PackageSignatureValue.\n\t */\n\tpublic timestampUriPackage = true;\n\n\t/**\n\t * Template strings for signatures.\n\t */\n\tprotected _templates = new Map(templates);\n\n\t/**\n\t * File references.\n\t */\n\tprotected _packageManifest: string[] = [];\n\n\t/**\n\t * Manifest digest.\n\t */\n\tprotected _manifestDiest: Buffer | null = null;\n\n\t/**\n\t * Signed data.\n\t */\n\tprotected _signedInfo: string | null = null;\n\n\t/**\n\t * Signature digest.\n\t */\n\tprotected _signature: Buffer | null = null;\n\n\t/**\n\t * Key info.\n\t */\n\tprotected _keyInfo: string | null = null;\n\n\t/**\n\t * Timestamp info.\n\t */\n\tprotected _timestamp: Buffer | null = null;\n\n\tconstructor() {\n\t\tsuper();\n\t}\n\n\t/**\n\t * Reset options to defaults.\n\t */\n\tpublic defaults() {\n\t\tthis.certificate = null;\n\t\tthis.keyPrivate = null;\n\t\tthis.timestampUrl = null;\n\t\tthis.timestampUriSignature = false;\n\t\tthis.timestampUriPackage = true;\n\t}\n\n\t/**\n\t * Reset the internal state.\n\t */\n\tpublic reset() {\n\t\tthis._packageManifest = [];\n\t\tthis._manifestDiest = null;\n\t\tthis._signedInfo = null;\n\t\tthis._signature = null;\n\t\tthis._keyInfo = null;\n\t\tthis._timestamp = null;\n\t}\n\n\t/**\n\t * Add file to signature.\n\t *\n\t * @param uri File URI.\n\t * @param data File data.\n\t */\n\tpublic addFile(uri: string, data: Readonly<Buffer>) {\n\t\tif (this._signedInfo || this._manifestDiest) {\n\t\t\tthrow new Error('Cannot call after: digest');\n\t\t}\n\n\t\tconst digestB64 = this._base64Encode(this._hashSha256(data));\n\n\t\t// Not perfect, but matches official packager.\n\t\tconst uriEncoded = uri.replace(/&/g, '&amp;');\n\n\t\tthis._packageManifest.push(\n\t\t\tthis._templated('fileReference', [uriEncoded, digestB64])\n\t\t);\n\t}\n\n\t/**\n\t * Digest contents.\n\t */\n\tpublic digest() {\n\t\tif (this._signedInfo || this._manifestDiest) {\n\t\t\tthrow new Error('Already called');\n\t\t}\n\n\t\tconst manifest = this._templated('packageManifest', [\n\t\t\tthis._packageManifest.join('')\n\t\t]);\n\t\tconst digest = this._hashSha256(Buffer.from(manifest, 'utf8'));\n\t\tconst signed = this._templated('SignedInfo', [\n\t\t\tthis._base64Encode(digest)\n\t\t]);\n\n\t\tthis._manifestDiest = digest;\n\t\tthis._signedInfo = signed;\n\t}\n\n\t/**\n\t * Sign signature.\n\t */\n\tpublic sign() {\n\t\tif (this._signature || this._keyInfo !== null) {\n\t\t\tthrow new Error('Already called');\n\t\t}\n\n\t\tconst signedInfo = this._signedInfo;\n\t\tif (!signedInfo) {\n\t\t\tthrow new Error('Must call after: digest');\n\t\t}\n\n\t\tconst {keyPrivate} = this;\n\t\tif (!keyPrivate) {\n\t\t\tthrow new Error('Private key not set');\n\t\t}\n\n\t\tconst keyInfo = this._buildKeyInfo();\n\t\tconst signature = keyPrivate.sign(\n\t\t\tBuffer.from(signedInfo, 'utf8'),\n\t\t\t'sha1'\n\t\t);\n\n\t\tthis._signature = signature;\n\t\tthis._keyInfo = keyInfo;\n\t}\n\n\t/**\n\t * Add timestamp to signature.\n\t */\n\tpublic async timestamp() {\n\t\tif (this._timestamp) {\n\t\t\tthrow new Error('Already called');\n\t\t}\n\n\t\tconst signature = this._signature;\n\t\tif (!signature) {\n\t\t\tthrow new Error('Must call after: sign');\n\t\t}\n\n\t\tconst {timestampUrl} = this;\n\t\tif (!timestampUrl) {\n\t\t\tthrow new Error('Timestamp URL not set');\n\t\t}\n\n\t\tconst message = this._templated('SignatureValue', [\n\t\t\tthis._base64Encode(signature)\n\t\t]);\n\n\t\tconst timestamper = this._createSecurityTimestamper(timestampUrl);\n\t\tconst timestamp = await timestamper.timestamp(\n\t\t\tthis._hashSha1(Buffer.from(message, 'utf8')),\n\t\t\t'sha1'\n\t\t);\n\n\t\tthis._timestamp = timestamp;\n\t}\n\n\t/**\n\t * Encode signature.\n\t *\n\t * @returns Encoded signature.\n\t */\n\tpublic encode() {\n\t\tconst signature = this._signature;\n\t\tif (!signature) {\n\t\t\tthrow new Error('Must call after: sign');\n\t\t}\n\n\t\tconst manifestDiest = this._manifestDiest;\n\t\tconst keyInfo = this._keyInfo;\n\t\tif (!manifestDiest || keyInfo === null) {\n\t\t\tthrow new Error('Internal error');\n\t\t}\n\n\t\tconst timestamp = this._timestamp ? this._createTimestampXml() : '';\n\n\t\treturn Buffer.from(this._templated('PackageSignature', [\n\t\t\tthis._base64Encode(manifestDiest),\n\t\t\tthis._base64Encode(signature),\n\t\t\tkeyInfo,\n\t\t\tthis._packageManifest.join(''),\n\t\t\ttimestamp\n\t\t]), 'utf8');\n\t}\n\n\t/**\n\t * Get list of timestamp data references for URI attribute.\n\t *\n\t * @returns List of references.\n\t */\n\tprotected _getTimestampDataReferenceUris() {\n\t\tconst r: string[] = [];\n\t\tif (this.timestampUriSignature) {\n\t\t\tr.push('SignatureValue');\n\t\t}\n\t\tif (this.timestampUriPackage) {\n\t\t\tr.push('#PackageSignatureValue');\n\t\t}\n\t\treturn r;\n\t}\n\n\t/**\n\t * Create string from a template string.\n\t *\n\t * @param name Template name.\n\t * @param values Indexed values.\n\t * @returns Complete string.\n\t */\n\tprotected _templated(name: string, values: Readonly<string[]>) {\n\t\tconst template = this._templates.get(name);\n\t\tif (!template) {\n\t\t\tthrow new Error(`Unknown template name: ${name}`);\n\t\t}\n\t\treturn template.replace(/\\{(\\d+)\\}/g, (str, index) => {\n\t\t\tconst i = +index;\n\t\t\tif (i >= values.length) {\n\t\t\t\tthrow new Error(`Index out of range: ${i} > ${values.length}`);\n\t\t\t}\n\t\t\treturn values[i];\n\t\t});\n\t}\n\n\t/**\n\t * Create timestamper.\n\t *\n\t * @param url Server URL.\n\t * @returns Timestamper instance.\n\t */\n\tprotected _createSecurityTimestamper(url: string) {\n\t\treturn new SecurityTimestamper(url);\n\t}\n\n\t/**\n\t * Create SHA1 hasher instance.\n\t *\n\t * @returns Hasher instance.\n\t */\n\tprotected _createHasherSha1() {\n\t\treturn new HasherSha1();\n\t}\n\n\t/**\n\t * Create SHA256 hasher instance.\n\t *\n\t * @returns Hasher instance.\n\t */\n\tprotected _createHasherSha256() {\n\t\treturn new HasherSha256();\n\t}\n\n\t/**\n\t * Hash data using SHA1.\n\t *\n\t * @param data Data to be hashed.\n\t * @returns Hash digest.\n\t */\n\tprotected _hashSha1(data: Readonly<Buffer>) {\n\t\tconst hasher = this._createHasherSha1();\n\t\thasher.update(data);\n\t\treturn hasher.digest();\n\t}\n\n\t/**\n\t * Hash data using SHA256.\n\t *\n\t * @param data Data to be hashed.\n\t * @returns Hash digest.\n\t */\n\tprotected _hashSha256(data: Readonly<Buffer>) {\n\t\tconst hasher = this._createHasherSha256();\n\t\thasher.update(data);\n\t\treturn hasher.digest();\n\t}\n\n\t/**\n\t * Base64 encode with some defaults to match official pacakger.\n\t *\n\t * @param data Data to be encoded.\n\t * @param chunk Chunk size.\n\t * @param delimit Chunk delimiter.\n\t * @returns Encoded data.\n\t */\n\tprotected _base64Encode(\n\t\tdata: Readonly<Buffer>,\n\t\tchunk = 76,\n\t\tdelimit = '\\n'\n\t) {\n\t\tlet b64 = data.toString('base64');\n\t\tconst chunks = [];\n\t\twhile (b64.length > chunk) {\n\t\t\tchunks.push(b64.substr(0, chunk));\n\t\t\tb64 = b64.substr(chunk);\n\t\t}\n\t\tif (b64.length) {\n\t\t\tchunks.push(b64);\n\t\t}\n\t\treturn chunks.join(delimit);\n\t}\n\n\t/**\n\t * Create the timestamp XML.\n\t *\n\t * @returns Timestamp XML.\n\t */\n\tprotected _createTimestampXml() {\n\t\tconst timestamp = this._timestamp;\n\t\tif (!timestamp) {\n\t\t\tthrow new Error('Internal error');\n\t\t}\n\n\t\tconst timestampBase64 = this._base64Encode(timestamp);\n\t\tconst result: string[] = [];\n\t\tfor (const uri of this._getTimestampDataReferenceUris()) {\n\t\t\tresult.push(this._templated('timestamp', [\n\t\t\t\turi,\n\t\t\t\ttimestampBase64\n\t\t\t]));\n\t\t}\n\t\treturn result.join('\\n');\n\t}\n\n\t/**\n\t * Build the key info.\n\t *\n\t * @returns Key info.\n\t */\n\tprotected _buildKeyInfo() {\n\t\tconst {\n\t\t\tcertchain,\n\t\t\tcrlValidationCerts,\n\t\t\tcrls\n\t\t} = this._buildAndVerifyCertChain();\n\n\t\tconst out = [];\n\n\t\tfor (const data of certchain) {\n\t\t\tout.push(\n\t\t\t\tthis._templated('certificate', [this._base64Encode(data)])\n\t\t\t);\n\t\t}\n\n\t\tif (crls.length) {\n\t\t\tfor (const data of crlValidationCerts) {\n\t\t\t\tout.push(\n\t\t\t\t\tthis._templated('certificate', [this._base64Encode(data)])\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\n\t\tfor (const data of crls) {\n\t\t\tout.push(\n\t\t\t\tthis._templated('crl', [this._base64Encode(data)])\n\t\t\t);\n\t\t}\n\n\t\treturn out.join('');\n\t}\n\n\t/**\n\t * Build the certchain data.\n\t *\n\t * @returns Certchain data.\n\t */\n\tprotected _buildAndVerifyCertChain() {\n\t\tconst {certificate} = this;\n\t\tif (!certificate) {\n\t\t\tthrow new Error('Certificate not set');\n\t\t}\n\n\t\t// Not exactly complete, but enough for self-signed anyway.\n\t\tconst certchain: Buffer[] = [];\n\t\tconst crlValidationCerts: Buffer[] = [];\n\t\tconst crls: Buffer[] = [];\n\n\t\t// Add the certificate data.\n\t\tcertchain.push(certificate.encodeCertchain());\n\n\t\treturn {\n\t\t\tcertchain,\n\t\t\tcrlValidationCerts,\n\t\t\tcrls\n\t\t};\n\t}\n}\n"],"file":"signature.mjs","sourceRoot":"../src"}