>>0?1:0))+((P=$+W|0)>>>0<$>>>0?1:0)|0}g=r.low=g+P,r.high=f+C+(g>>>0>>0?1:0),d=i.low=d+T,i.high=p+R+(d>>>0>>0?1:0),y=n.low=y+H,n.high=v+B+(y>>>0>>0?1:0),S=s.low=S+O,s.high=m+N+(S>>>0>>0?1:0),E=h.low=E+V,h.high=x+j+(E>>>0>>0?1:0),b=u.low=b+K,u.high=w+L+(b>>>0>>0?1:0),A=c.low=A+M,c.high=F+k+(A>>>0>>0?1:0),I=l.low=I+q,l.high=D+_+(I>>>0>>0?1:0)},_doFinalize:function(){var t=this._data,e=t.words,r=8*this._nDataBytes,i=8*t.sigBytes;return e[i>>>5]|=128<<24-i%32,e[30+(i+128>>>10<<5)]=Math.floor(r/4294967296),e[31+(i+128>>>10<<5)]=r,t.sigBytes=4*e.length,this._process(),this._hash.toX32()},clone:function(){var t=r.clone.call(this);return t._hash=this._hash.clone(),t},blockSize:32}),e.SHA512=r._createHelper(s),e.HmacSHA512=r._createHmacHelper(s)}(),function(){var t=d,e=(n=t.x64).Word,r=n.WordArray,i=(n=t.algo).SHA512,n=n.SHA384=i.extend({_doReset:function(){this._hash=new r.init([new e.init(3418070365,3238371032),new e.init(1654270250,914150663),new e.init(2438529370,812702999),new e.init(355462360,4144912697),new e.init(1731405415,4290775857),new e.init(2394180231,1750603025),new e.init(3675008525,1694076839),new e.init(1203062813,3204075428)])},_doFinalize:function(){var t=i._doFinalize.call(this);return t.sigBytes-=16,t}});t.SHA384=i._createHelper(n),t.HmacSHA384=i._createHmacHelper(n)}(),function(){var t=d,e=(i=t.lib).WordArray,r=i.Hasher,i=t.algo,n=e.create([0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13]),s=e.create([5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11]),a=e.create([11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6]),o=e.create([8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11]),h=e.create([0,1518500249,1859775393,2400959708,2840853838]),u=e.create([1352829926,1548603684,1836072691,2053994217,0]);i=i.RIPEMD160=r.extend({_doReset:function(){this._hash=e.create([1732584193,4023233417,2562383102,271733878,3285377520])},_doProcessBlock:function(t,e){for(var r=0;16>r;r++){var i=t[E=e+r];t[E]=16711935&(i<<8|i>>>24)|4278255360&(i<<24|i>>>8)}var c,l,f,g,p,d,v,y,m,S,x,E=this._hash.words,w=(i=h.words,u.words),b=n.words,F=s.words,A=a.words,D=o.words;for(d=c=E[0],v=l=E[1],y=f=E[2],m=g=E[3],S=p=E[4],r=0;80>r;r+=1)x=c+t[e+b[r]]|0,x=16>r?x+((l^f^g)+i[0]):32>r?x+((l&f|~l&g)+i[1]):48>r?x+(((l|~f)^g)+i[2]):64>r?x+((l&g|f&~g)+i[3]):x+((l^(f|~g))+i[4]),x=(x=(x|=0)<>>32-A[r])+p|0,c=p,p=g,g=f<<10|f>>>22,f=l,l=x,x=d+t[e+F[r]]|0,x=16>r?x+((v^(y|~m))+w[0]):32>r?x+((v&m|y&~m)+w[1]):48>r?x+(((v|~y)^m)+w[2]):64>r?x+((v&y|~v&m)+w[3]):x+((v^y^m)+w[4]),x=(x=(x|=0)<>>32-D[r])+S|0,d=S,S=m,m=y<<10|y>>>22,y=v,v=x;x=E[1]+f+m|0,E[1]=E[2]+g+S|0,E[2]=E[3]+p+d|0,E[3]=E[4]+c+v|0,E[4]=E[0]+l+y|0,E[0]=x},_doFinalize:function(){var t=this._data,e=t.words,r=8*this._nDataBytes,i=8*t.sigBytes;for(e[i>>>5]|=128<<24-i%32,e[14+(i+64>>>9<<4)]=16711935&(r<<8|r>>>24)|4278255360&(r<<24|r>>>8),t.sigBytes=4*(e.length+1),this._process(),e=(t=this._hash).words,r=0;5>r;r++)i=e[r],e[r]=16711935&(i<<8|i>>>24)|4278255360&(i<<24|i>>>8);return t},clone:function(){var t=r.clone.call(this);return t._hash=this._hash.clone(),t}}),t.RIPEMD160=r._createHelper(i),t.HmacRIPEMD160=r._createHmacHelper(i)}(Math),function(){var t=d,e=t.enc.Utf8;t.algo.HMAC=t.lib.Base.extend({init:function(t,r){t=this._hasher=new t.init,\"string\"==typeof r&&(r=e.parse(r));var i=t.blockSize,n=4*i;r.sigBytes>n&&(r=t.finalize(r)),r.clamp();for(var s=this._oKey=r.clone(),a=this._iKey=r.clone(),o=s.words,h=a.words,u=0;u>6)+y.charAt(63&r);for(e+1==t.length?(r=parseInt(t.substring(e,e+1),16),i+=y.charAt(r<<2)):e+2==t.length&&(r=parseInt(t.substring(e,e+2),16),i+=y.charAt(r>>2)+y.charAt((3&r)<<4)),\"=\";(3&i.length)>0;)i+=\"=\";return i}function S(t){var e,r,i,n=\"\",s=0;for(e=0;e>2),r=3&i,s=1):1==s?(n+=D(r<<2|i>>4),r=15&i,s=2):2==s?(n+=D(r),n+=D(i>>2),r=3&i,s=3):(n+=D(r<<2|i>>4),n+=D(15&i),s=0));return 1==s&&(n+=D(r<<2)),n}function x(t){var e,r=S(t),i=new Array;for(e=0;2*e>15;--s>=0;){var h=32767&this[t],u=this[t++]>>15,c=o*h+u*a;n=((h=a*h+((32767&c)<<15)+r[i]+(1073741823&n))>>>30)+(c>>>15)+o*u+(n>>>30),r[i++]=1073741823&h}return n},v=30):\"Netscape\"!=f.appName?(E.prototype.am=function(t,e,r,i,n,s){for(;--s>=0;){var a=e*this[t++]+r[i]+n;n=Math.floor(a/67108864),r[i++]=67108863&a}return n},v=26):(E.prototype.am=function(t,e,r,i,n,s){for(var a=16383&e,o=e>>14;--s>=0;){var h=16383&this[t],u=this[t++]>>14,c=o*h+u*a;n=((h=a*h+((16383&c)<<14)+r[i]+n)>>28)+(c>>14)+o*u,r[i++]=268435455&h}return n},v=28),E.prototype.DB=v,E.prototype.DM=(1<>>16)&&(t=e,r+=16),0!=(e=t>>8)&&(t=e,r+=8),0!=(e=t>>4)&&(t=e,r+=4),0!=(e=t>>2)&&(t=e,r+=2),0!=(e=t>>1)&&(t=e,r+=1),r}function R(t){this.m=t}function T(t){this.m=t,this.mp=t.invDigit(),this.mpl=32767&this.mp,this.mph=this.mp>>15,this.um=(1<>=16,e+=16),0==(255&t)&&(t>>=8,e+=8),0==(15&t)&&(t>>=4,e+=4),0==(3&t)&&(t>>=2,e+=2),0==(1&t)&&++e,e}function V(t){for(var e=0;0!=t;)t&=t-1,++e;return e}function L(){}function K(t){return t}function k(t){this.r2=w(),this.q3=w(),E.ONE.dlShiftTo(2*t.t,this.r2),this.mu=this.r2.divide(t),this.m=t}R.prototype.convert=function(t){return t.s<0||t.compareTo(this.m)>=0?t.mod(this.m):t},R.prototype.revert=function(t){return t},R.prototype.reduce=function(t){t.divRemTo(this.m,null,t)},R.prototype.mulTo=function(t,e,r){t.multiplyTo(e,r),this.reduce(r)},R.prototype.sqrTo=function(t,e){t.squareTo(e),this.reduce(e)},T.prototype.convert=function(t){var e=w();return t.abs().dlShiftTo(this.m.t,e),e.divRemTo(this.m,null,e),t.s<0&&e.compareTo(E.ZERO)>0&&this.m.subTo(e,e),e},T.prototype.revert=function(t){var e=w();return t.copyTo(e),this.reduce(e),e},T.prototype.reduce=function(t){for(;t.t<=this.mt2;)t[t.t++]=0;for(var e=0;e>15)*this.mpl&this.um)<<15)&t.DM;for(t[r=e+this.m.t]+=this.m.am(0,i,t,e,0,this.m.t);t[r]>=t.DV;)t[r]-=t.DV,t[++r]++}t.clamp(),t.drShiftTo(this.m.t,t),t.compareTo(this.m)>=0&&t.subTo(this.m,t)},T.prototype.mulTo=function(t,e,r){t.multiplyTo(e,r),this.reduce(r)},T.prototype.sqrTo=function(t,e){t.squareTo(e),this.reduce(e)},E.prototype.copyTo=function(t){for(var e=this.t-1;e>=0;--e)t[e]=this[e];t.t=this.t,t.s=this.s},E.prototype.fromInt=function(t){this.t=1,this.s=t<0?-1:0,t>0?this[0]=t:t<-1?this[0]=t+this.DV:this.t=0},E.prototype.fromString=function(t,e){var r;if(16==e)r=4;else if(8==e)r=3;else if(256==e)r=8;else if(2==e)r=1;else if(32==e)r=5;else{if(4!=e)return void this.fromRadix(t,e);r=2}this.t=0,this.s=0;for(var i=t.length,n=!1,s=0;--i>=0;){var a=8==r?255&t[i]:I(t,i);a<0?\"-\"==t.charAt(i)&&(n=!0):(n=!1,0==s?this[this.t++]=a:s+r>this.DB?(this[this.t-1]|=(a&(1<>this.DB-s):this[this.t-1]|=a<=this.DB&&(s-=this.DB))}8==r&&0!=(128&t[0])&&(this.s=-1,s>0&&(this[this.t-1]|=(1<0&&this[this.t-1]==t;)--this.t},E.prototype.dlShiftTo=function(t,e){var r;for(r=this.t-1;r>=0;--r)e[r+t]=this[r];for(r=t-1;r>=0;--r)e[r]=0;e.t=this.t+t,e.s=this.s},E.prototype.drShiftTo=function(t,e){for(var r=t;r=0;--r)e[r+a+1]=this[r]>>n|o,o=(this[r]&s)<=0;--r)e[r]=0;e[a]=o,e.t=this.t+a+1,e.s=this.s,e.clamp()},E.prototype.rShiftTo=function(t,e){e.s=this.s;var r=Math.floor(t/this.DB);if(r>=this.t)e.t=0;else{var i=t%this.DB,n=this.DB-i,s=(1<>i;for(var a=r+1;a>i;i>0&&(e[this.t-r-1]|=(this.s&s)<>=this.DB;if(t.t>=this.DB;i+=this.s}else{for(i+=this.s;r>=this.DB;i-=t.s}e.s=i<0?-1:0,i<-1?e[r++]=this.DV+i:i>0&&(e[r++]=i),e.t=r,e.clamp()},E.prototype.multiplyTo=function(t,e){var r=this.abs(),i=t.abs(),n=r.t;for(e.t=n+i.t;--n>=0;)e[n]=0;for(n=0;n=0;)t[r]=0;for(r=0;r=e.DV&&(t[r+e.t]-=e.DV,t[r+e.t+1]=1)}t.t>0&&(t[t.t-1]+=e.am(r,e[r],t,2*r,0,1)),t.s=0,t.clamp()},E.prototype.divRemTo=function(t,e,r){var i=t.abs();if(!(i.t<=0)){var n=this.abs();if(n.t0?(i.lShiftTo(h,s),n.lShiftTo(h,r)):(i.copyTo(s),n.copyTo(r));var u=s.t,c=s[u-1];if(0!=c){var l=c*(1<1?s[u-2]>>this.F2:0),f=this.FV/l,g=(1<=0&&(r[r.t++]=1,r.subTo(y,r)),E.ONE.dlShiftTo(u,y),y.subTo(s,s);s.t=0;){var m=r[--d]==c?this.DM:Math.floor(r[d]*f+(r[d-1]+p)*g);if((r[d]+=s.am(0,m,r,v,0,u))0&&r.rShiftTo(h,r),a<0&&E.ZERO.subTo(r,r)}}},E.prototype.invDigit=function(){if(this.t<1)return 0;var t=this[0];if(0==(1&t))return 0;var e=3&t;return(e=(e=(e=(e=e*(2-(15&t)*e)&15)*(2-(255&t)*e)&255)*(2-((65535&t)*e&65535))&65535)*(2-t*e%this.DV)%this.DV)>0?this.DV-e:-e},E.prototype.isEven=function(){return 0==(this.t>0?1&this[0]:this.s)},E.prototype.exp=function(t,e){if(t>4294967295||t<1)return E.ONE;var r=w(),i=w(),n=e.convert(this),s=P(t)-1;for(n.copyTo(r);--s>=0;)if(e.sqrTo(r,i),(t&1<0)e.mulTo(i,n,r);else{var a=r;r=i,i=a}return e.revert(r)},E.prototype.toString=function(t){if(this.s<0)return\"-\"+this.negate().toString(t);var e;if(16==t)e=4;else if(8==t)e=3;else if(2==t)e=1;else if(32==t)e=5;else{if(4!=t)return this.toRadix(t);e=2}var r,i=(1<0)for(o>o)>0&&(n=!0,s=D(r));a>=0;)o>(o+=this.DB-e)):(r=this[a]>>(o-=e)&i,o<=0&&(o+=this.DB,--a)),r>0&&(n=!0),n&&(s+=D(r));return n?s:\"0\"},E.prototype.negate=function(){var t=w();return E.ZERO.subTo(this,t),t},E.prototype.abs=function(){return this.s<0?this.negate():this},E.prototype.compareTo=function(t){var e=this.s-t.s;if(0!=e)return e;var r=this.t;if(0!=(e=r-t.t))return this.s<0?-e:e;for(;--r>=0;)if(0!=(e=this[r]-t[r]))return e;return 0},E.prototype.bitLength=function(){return this.t<=0?0:this.DB*(this.t-1)+P(this[this.t-1]^this.s&this.DM)},E.prototype.mod=function(t){var e=w();return this.abs().divRemTo(t,null,e),this.s<0&&e.compareTo(E.ZERO)>0&&t.subTo(e,e),e},E.prototype.modPowInt=function(t,e){var r;return r=t<256||e.isEven()?new R(e):new T(e),this.exp(t,r)},E.ZERO=C(0),E.ONE=C(1),L.prototype.convert=K,L.prototype.revert=K,L.prototype.mulTo=function(t,e,r){t.multiplyTo(e,r)},L.prototype.sqrTo=function(t,e){t.squareTo(e)},k.prototype.convert=function(t){if(t.s<0||t.t>2*this.m.t)return t.mod(this.m);if(t.compareTo(this.m)<0)return t;var e=w();return t.copyTo(e),this.reduce(e),e},k.prototype.revert=function(t){return t},k.prototype.reduce=function(t){for(t.drShiftTo(this.m.t-1,this.r2),t.t>this.m.t+1&&(t.t=this.m.t+1,t.clamp()),this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3),this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2);t.compareTo(this.r2)<0;)t.dAddOffset(1,this.m.t+1);for(t.subTo(this.r2,t);t.compareTo(this.m)>=0;)t.subTo(this.m,t)},k.prototype.mulTo=function(t,e,r){t.multiplyTo(e,r),this.reduce(r)},k.prototype.sqrTo=function(t,e){t.squareTo(e),this.reduce(e)};var M=[2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997],_=(1<<26)/M[M.length-1];function q(){this.i=0,this.j=0,this.S=new Array}E.prototype.chunkSize=function(t){return Math.floor(Math.LN2*this.DB/Math.log(t))},E.prototype.toRadix=function(t){if(null==t&&(t=10),0==this.signum()||t<2||t>36)return\"0\";var e=this.chunkSize(t),r=Math.pow(t,e),i=C(r),n=w(),s=w(),a=\"\";for(this.divRemTo(i,n,s);n.signum()>0;)a=(r+s.intValue()).toString(t).substr(1)+a,n.divRemTo(i,n,s);return s.intValue().toString(t)+a},E.prototype.fromRadix=function(t,e){this.fromInt(0),null==e&&(e=10);for(var r=this.chunkSize(e),i=Math.pow(e,r),n=!1,s=0,a=0,o=0;o=r&&(this.dMultiply(i),this.dAddOffset(a,0),s=0,a=0))}s>0&&(this.dMultiply(Math.pow(e,s)),this.dAddOffset(a,0)),n&&E.ZERO.subTo(this,this)},E.prototype.fromNumber=function(t,e,r){if(\"number\"==typeof e)if(t<2)this.fromInt(1);else for(this.fromNumber(t,r),this.testBit(t-1)||this.bitwiseTo(E.ONE.shiftLeft(t-1),H,this),this.isEven()&&this.dAddOffset(1,0);!this.isProbablePrime(e);)this.dAddOffset(2,0),this.bitLength()>t&&this.subTo(E.ONE.shiftLeft(t-1),this);else{var i=new Array,n=7&t;i.length=1+(t>>3),e.nextBytes(i),n>0?i[0]&=(1<>=this.DB;if(t.t>=this.DB;i+=this.s}else{for(i+=this.s;r>=this.DB;i+=t.s}e.s=i<0?-1:0,i>0?e[r++]=i:i<-1&&(e[r++]=this.DV+i),e.t=r,e.clamp()},E.prototype.dMultiply=function(t){this[this.t]=this.am(0,t-1,this,0,0,this.t),++this.t,this.clamp()},E.prototype.dAddOffset=function(t,e){if(0!=t){for(;this.t<=e;)this[this.t++]=0;for(this[e]+=t;this[e]>=this.DV;)this[e]-=this.DV,++e>=this.t&&(this[this.t++]=0),++this[e]}},E.prototype.multiplyLowerTo=function(t,e,r){var i,n=Math.min(this.t+t.t,e);for(r.s=0,r.t=n;n>0;)r[--n]=0;for(i=r.t-this.t;n=0;)r[i]=0;for(i=Math.max(e-this.t,0);i0)if(0==e)r=this[0]%t;else for(var i=this.t-1;i>=0;--i)r=(e*r+this[i])%t;return r},E.prototype.millerRabin=function(t){var e=this.subtract(E.ONE),r=e.getLowestSetBit();if(r<=0)return!1;var i=e.shiftRight(r);(t=t+1>>1)>M.length&&(t=M.length);for(var n=w(),s=0;s>24},E.prototype.shortValue=function(){return 0==this.t?this.s:this[0]<<16>>16},E.prototype.signum=function(){return this.s<0?-1:this.t<=0||1==this.t&&this[0]<=0?0:1},E.prototype.toByteArray=function(){var t=this.t,e=new Array;e[0]=this.s;var r,i=this.DB-t*this.DB%8,n=0;if(t-- >0)for(i>i)!=(this.s&this.DM)>>i&&(e[n++]=r|this.s<=0;)i<8?(r=(this[t]&(1<>(i+=this.DB-8)):(r=this[t]>>(i-=8)&255,i<=0&&(i+=this.DB,--t)),0!=(128&r)&&(r|=-256),0==n&&(128&this.s)!=(128&r)&&++n,(n>0||r!=this.s)&&(e[n++]=r);return e},E.prototype.equals=function(t){return 0==this.compareTo(t)},E.prototype.min=function(t){return this.compareTo(t)<0?this:t},E.prototype.max=function(t){return this.compareTo(t)>0?this:t},E.prototype.and=function(t){var e=w();return this.bitwiseTo(t,B,e),e},E.prototype.or=function(t){var e=w();return this.bitwiseTo(t,H,e),e},E.prototype.xor=function(t){var e=w();return this.bitwiseTo(t,N,e),e},E.prototype.andNot=function(t){var e=w();return this.bitwiseTo(t,O,e),e},E.prototype.not=function(){for(var t=w(),e=0;e=this.t?0!=this.s:0!=(this[e]&1<1){var c=w();for(i.sqrTo(a[1],c);o<=u;)a[o]=w(),i.mulTo(c,a[o-2],a[o]),o+=2}var l,f,g=t.t-1,p=!0,d=w();for(n=P(t[g])-1;g>=0;){for(n>=h?l=t[g]>>n-h&u:(l=(t[g]&(1<0&&(l|=t[g-1]>>this.DB+n-h)),o=r;0==(1&l);)l>>=1,--o;if((n-=o)<0&&(n+=this.DB,--g),p)a[l].copyTo(s),p=!1;else{for(;o>1;)i.sqrTo(s,d),i.sqrTo(d,s),o-=2;o>0?i.sqrTo(s,d):(f=s,s=d,d=f),i.mulTo(d,a[l],s)}for(;g>=0&&0==(t[g]&1<=0?(r.subTo(i,r),e&&n.subTo(a,n),s.subTo(o,s)):(i.subTo(r,i),e&&a.subTo(n,a),o.subTo(s,o))}return 0!=i.compareTo(E.ONE)?E.ZERO:o.compareTo(t)>=0?o.subtract(t):o.signum()<0?(o.addTo(t,o),o.signum()<0?o.add(t):o):o},E.prototype.pow=function(t){return this.exp(t,new L)},E.prototype.gcd=function(t){var e=this.s<0?this.negate():this.clone(),r=t.s<0?t.negate():t.clone();if(e.compareTo(r)<0){var i=e;e=r,r=i}var n=e.getLowestSetBit(),s=r.getLowestSetBit();if(s<0)return e;for(n0&&(e.rShiftTo(s,e),r.rShiftTo(s,r));e.signum()>0;)(n=e.getLowestSetBit())>0&&e.rShiftTo(n,e),(n=r.getLowestSetBit())>0&&r.rShiftTo(n,r),e.compareTo(r)>=0?(e.subTo(r,e),e.rShiftTo(1,e)):(r.subTo(e,r),r.rShiftTo(1,r));return s>0&&r.lShiftTo(s,r),r},E.prototype.isProbablePrime=function(t){var e,r=this.abs();if(1==r.t&&r[0]<=M[M.length-1]){for(e=0;e>8&255,z[G++]^=t>>16&255,z[G++]^=t>>24&255,G>=256&&(G-=256)}if(null==z){var J;if(z=new Array,G=0,void 0!==p&&(void 0!==p.crypto||void 0!==p.msCrypto)){var X=p.crypto||p.msCrypto;if(X.getRandomValues){var $=new Uint8Array(32);for(X.getRandomValues($),J=0;J<32;++J)z[G++]=$[J]}else if(\"Netscape\"==f.appName&&f.appVersion<\"5\"){var Y=p.crypto.random(32);for(J=0;J>>8,z[G++]=255&J;G=0,W()}function Z(){if(null==U){for(W(),(U=new q).init(z),G=0;G>24,(16711680&n)>>16,(65280&n)>>8,255&n]))),n+=1;return i}function rt(){this.n=null,this.e=0,this.d=null,this.p=null,this.q=null,this.dmp1=null,this.dmq1=null,this.coeff=null}function it(t,e,r){for(var i=\"\",n=0;i.length>24,(16711680&n)>>16,(65280&n)>>8,255&n])),n+=1;return i}function nt(t,e){this.x=e,this.q=t}function st(t,e,r,i){this.curve=t,this.x=e,this.y=r,this.z=null==i?E.ONE:i,this.zinv=null}function at(t,e,r){this.q=t,this.a=this.fromBigInteger(e),this.b=this.fromBigInteger(r),this.infinity=new st(this,null,null)}Q.prototype.nextBytes=function(t){var e;for(e=0;e0&&e.length>0))throw\"Invalid RSA public key\";this.n=tt(t,16),this.e=parseInt(e,16)}},rt.prototype.encrypt=function(t){var e=function(t,e){if(e=0&&e>0;){var n=t.charCodeAt(i--);n<128?r[--e]=n:n>127&&n<2048?(r[--e]=63&n|128,r[--e]=n>>6|192):(r[--e]=63&n|128,r[--e]=n>>6&63|128,r[--e]=n>>12|224)}r[--e]=0;for(var s=new Q,a=new Array;e>2;){for(a[0]=0;0==a[0];)s.nextBytes(a);r[--e]=a[0]}return r[--e]=2,r[--e]=0,new E(r)}(t,this.n.bitLength()+7>>3);if(null==e)return null;var r=this.doPublic(e);if(null==r)return null;var i=r.toString(16);return 0==(1&i.length)?i:\"0\"+i},rt.prototype.encryptOAEP=function(t,e,r){var i=function(t,e,r,i){var n=ht.crypto.MessageDigest,s=ht.crypto.Util,a=null;if(r||(r=\"sha1\"),\"string\"==typeof r&&(a=n.getCanonicalAlgName(r),i=n.getHashLength(a),r=function(t){return wt(s.hashHex(bt(t),a))}),t.length+2*i+2>e)throw\"Message too long for RSA\";var o,h=\"\";for(o=0;o>3,e,r);if(null==i)return null;var n=this.doPublic(i);if(null==n)return null;var s=n.toString(16);return 0==(1&s.length)?s:\"0\"+s},rt.prototype.type=\"RSA\",rt.prototype.doPrivate=function(t){if(null==this.p||null==this.q)return t.modPow(this.d,this.n);for(var e=t.mod(this.p).modPow(this.dmp1,this.p),r=t.mod(this.q).modPow(this.dmq1,this.q);e.compareTo(r)<0;)e=e.add(this.p);return e.subtract(r).multiply(this.coeff).mod(this.p).multiply(this.q).add(r)},rt.prototype.setPrivate=function(t,e,r){if(this.isPrivate=!0,\"string\"!=typeof t)this.n=t,this.e=e,this.d=r;else{if(!(null!=t&&null!=e&&t.length>0&&e.length>0))throw\"Invalid RSA private key\";this.n=tt(t,16),this.e=parseInt(e,16),this.d=tt(r,16)}},rt.prototype.setPrivateEx=function(t,e,r,i,n,s,a,o){if(this.isPrivate=!0,this.isPublic=!1,null==t)throw\"RSASetPrivateEx N == null\";if(null==e)throw\"RSASetPrivateEx E == null\";if(0==t.length)throw\"RSASetPrivateEx N.length == 0\";if(0==e.length)throw\"RSASetPrivateEx E.length == 0\";if(!(null!=t&&null!=e&&t.length>0&&e.length>0))throw\"Invalid RSA private key in RSASetPrivateEx\";this.n=tt(t,16),this.e=parseInt(e,16),this.d=tt(r,16),this.p=tt(i,16),this.q=tt(n,16),this.dmp1=tt(s,16),this.dmq1=tt(a,16),this.coeff=tt(o,16)},rt.prototype.generate=function(t,e){var r=new Q,i=t>>1;this.e=parseInt(e,16);for(var n=new E(e,16);;){for(;this.p=new E(t-i,1,r),0!=this.p.subtract(E.ONE).gcd(n).compareTo(E.ONE)||!this.p.isProbablePrime(10););for(;this.q=new E(i,1,r),0!=this.q.subtract(E.ONE).gcd(n).compareTo(E.ONE)||!this.q.isProbablePrime(10););if(this.p.compareTo(this.q)<=0){var s=this.p;this.p=this.q,this.q=s}var a=this.p.subtract(E.ONE),o=this.q.subtract(E.ONE),h=a.multiply(o);if(0==h.gcd(n).compareTo(E.ONE)&&(this.n=this.p.multiply(this.q),this.n.bitLength()==t)){this.d=n.modInverse(h),this.dmp1=this.d.mod(a),this.dmq1=this.d.mod(o),this.coeff=this.q.modInverse(this.p);break}}this.isPrivate=!0},rt.prototype.decrypt=function(t){if(t.length!=Math.ceil(this.n.bitLength()/4))throw new Error(\"wrong ctext length\");var e=tt(t,16),r=this.doPrivate(e);return null==r?null:function(t,e){for(var r=t.toByteArray(),i=0;i=r.length)return null;for(var n=\"\";++i191&&s<224?(n+=String.fromCharCode((31&s)<<6|63&r[i+1]),++i):(n+=String.fromCharCode((15&s)<<12|(63&r[i+1])<<6|63&r[i+2]),i+=2)}return n}(r,this.n.bitLength()+7>>3)},rt.prototype.decryptOAEP=function(t,e,r){if(t.length!=Math.ceil(this.n.bitLength()/4))throw new Error(\"wrong ctext length\");var i=tt(t,16),n=this.doPrivate(i);return null==n?null:function(t,e,r,i){var n=ht.crypto.MessageDigest,s=ht.crypto.Util,a=null;for(r||(r=\"sha1\"),\"string\"==typeof r&&(a=n.getCanonicalAlgName(r),i=n.getHashLength(a),r=function(t){return wt(s.hashHex(bt(t),a))}),t=t.toByteArray(),o=0;o>3,e,r)},nt.prototype.equals=function(t){return t==this||this.q.equals(t.q)&&this.x.equals(t.x)},nt.prototype.toBigInteger=function(){return this.x},nt.prototype.negate=function(){return new nt(this.q,this.x.negate().mod(this.q))},nt.prototype.add=function(t){return new nt(this.q,this.x.add(t.toBigInteger()).mod(this.q))},nt.prototype.subtract=function(t){return new nt(this.q,this.x.subtract(t.toBigInteger()).mod(this.q))},nt.prototype.multiply=function(t){return new nt(this.q,this.x.multiply(t.toBigInteger()).mod(this.q))},nt.prototype.square=function(){return new nt(this.q,this.x.square().mod(this.q))},nt.prototype.divide=function(t){return new nt(this.q,this.x.multiply(t.toBigInteger().modInverse(this.q)).mod(this.q))},st.prototype.getX=function(){return null==this.zinv&&(this.zinv=this.z.modInverse(this.curve.q)),this.curve.fromBigInteger(this.x.toBigInteger().multiply(this.zinv).mod(this.curve.q))},st.prototype.getY=function(){return null==this.zinv&&(this.zinv=this.z.modInverse(this.curve.q)),this.curve.fromBigInteger(this.y.toBigInteger().multiply(this.zinv).mod(this.curve.q))},st.prototype.equals=function(t){return t==this||(this.isInfinity()?t.isInfinity():t.isInfinity()?this.isInfinity():!!t.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(t.z)).mod(this.curve.q).equals(E.ZERO)&&t.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(t.z)).mod(this.curve.q).equals(E.ZERO))},st.prototype.isInfinity=function(){return null==this.x&&null==this.y||this.z.equals(E.ZERO)&&!this.y.toBigInteger().equals(E.ZERO)},st.prototype.negate=function(){return new st(this.curve,this.x,this.y.negate(),this.z)},st.prototype.add=function(t){if(this.isInfinity())return t;if(t.isInfinity())return this;var e=t.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(t.z)).mod(this.curve.q),r=t.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(t.z)).mod(this.curve.q);if(E.ZERO.equals(r))return E.ZERO.equals(e)?this.twice():this.curve.getInfinity();var i=new E(\"3\"),n=this.x.toBigInteger(),s=this.y.toBigInteger(),a=(t.x.toBigInteger(),t.y.toBigInteger(),r.square()),o=a.multiply(r),h=n.multiply(a),u=e.square().multiply(this.z),c=u.subtract(h.shiftLeft(1)).multiply(t.z).subtract(o).multiply(r).mod(this.curve.q),l=h.multiply(i).multiply(e).subtract(s.multiply(o)).subtract(u.multiply(e)).multiply(t.z).add(e.multiply(o)).mod(this.curve.q),f=o.multiply(this.z).multiply(t.z).mod(this.curve.q);return new st(this.curve,this.curve.fromBigInteger(c),this.curve.fromBigInteger(l),f)},st.prototype.twice=function(){if(this.isInfinity())return this;if(0==this.y.toBigInteger().signum())return this.curve.getInfinity();var t=new E(\"3\"),e=this.x.toBigInteger(),r=this.y.toBigInteger(),i=r.multiply(this.z),n=i.multiply(r).mod(this.curve.q),s=this.curve.a.toBigInteger(),a=e.square().multiply(t);E.ZERO.equals(s)||(a=a.add(this.z.square().multiply(s)));var o=(a=a.mod(this.curve.q)).square().subtract(e.shiftLeft(3).multiply(n)).shiftLeft(1).multiply(i).mod(this.curve.q),h=a.multiply(t).multiply(e).subtract(n.shiftLeft(1)).shiftLeft(2).multiply(n).subtract(a.square().multiply(a)).mod(this.curve.q),u=i.square().multiply(i).shiftLeft(3).mod(this.curve.q);return new st(this.curve,this.curve.fromBigInteger(o),this.curve.fromBigInteger(h),u)},st.prototype.multiply=function(t){if(this.isInfinity())return this;if(0==t.signum())return this.curve.getInfinity();var e,r=t,i=r.multiply(new E(\"3\")),n=this.negate(),s=this,a=this.curve.q.subtract(t),o=a.multiply(new E(\"3\")),h=new st(this.curve,this.x,this.y),u=h.negate();for(e=i.bitLength()-2;e>0;--e){s=s.twice();var c=i.testBit(e);c!=r.testBit(e)&&(s=s.add(c?this:n))}for(e=o.bitLength()-2;e>0;--e){h=h.twice();var l=o.testBit(e);l!=a.testBit(e)&&(h=h.add(l?h:u))}return s},st.prototype.multiplyTwo=function(t,e,r){var i;i=t.bitLength()>r.bitLength()?t.bitLength()-1:r.bitLength()-1;for(var n=this.curve.getInfinity(),s=this.add(e);i>=0;)n=n.twice(),t.testBit(i)?n=r.testBit(i)?n.add(s):n.add(this):r.testBit(i)&&(n=n.add(e)),--i;return n},at.prototype.getQ=function(){return this.q},at.prototype.getA=function(){return this.a},at.prototype.getB=function(){return this.b},at.prototype.equals=function(t){return t==this||this.q.equals(t.q)&&this.a.equals(t.a)&&this.b.equals(t.b)},at.prototype.getInfinity=function(){return this.infinity},at.prototype.fromBigInteger=function(t){return new nt(this.q,t)},at.prototype.decodePointHex=function(t){switch(parseInt(t.substr(0,2),16)){case 0:return this.infinity;case 2:case 3:return null;case 4:case 6:case 7:var e=(t.length-2)/2,r=t.substr(2,e),i=t.substr(e+2,e);return new st(this,this.fromBigInteger(new E(r,16)),this.fromBigInteger(new E(i,16)));default:return null}},nt.prototype.getByteLength=function(){return Math.floor((this.toBigInteger().bitLength()+7)/8)},st.prototype.getEncoded=function(t){var e=function(t,e){var r=t.toByteArrayUnsigned();if(er.length;)r.unshift(0);return r},r=this.getX().toBigInteger(),i=this.getY().toBigInteger(),n=e(r,32);return t?i.isEven()?n.unshift(2):n.unshift(3):(n.unshift(4),n=n.concat(e(i,32))),n},st.decodeFrom=function(t,e){e[0];var r=e.length-1,i=e.slice(1,1+r/2),n=e.slice(1+r/2,1+r);i.unshift(0),n.unshift(0);var s=new E(i),a=new E(n);return new st(t,t.fromBigInteger(s),t.fromBigInteger(a))},st.decodeFromHex=function(t,e){e.substr(0,2);var r=e.length-2,i=e.substr(2,r/2),n=e.substr(2+r/2,r/2),s=new E(i,16),a=new E(n,16);return new st(t,t.fromBigInteger(s),t.fromBigInteger(a))},st.prototype.add2D=function(t){if(this.isInfinity())return t;if(t.isInfinity())return this;if(this.x.equals(t.x))return this.y.equals(t.y)?this.twice():this.curve.getInfinity();var e=t.x.subtract(this.x),r=t.y.subtract(this.y).divide(e),i=r.square().subtract(this.x).subtract(t.x),n=r.multiply(this.x.subtract(i)).subtract(this.y);return new st(this.curve,i,n)},st.prototype.twice2D=function(){if(this.isInfinity())return this;if(0==this.y.toBigInteger().signum())return this.curve.getInfinity();var t=this.curve.fromBigInteger(E.valueOf(2)),e=this.curve.fromBigInteger(E.valueOf(3)),r=this.x.square().multiply(e).add(this.curve.a).divide(this.y.multiply(t)),i=r.square().subtract(this.x.multiply(t)),n=r.multiply(this.x.subtract(i)).subtract(this.y);return new st(this.curve,i,n)},st.prototype.multiply2D=function(t){if(this.isInfinity())return this;if(0==t.signum())return this.curve.getInfinity();var e,r=t,i=r.multiply(new E(\"3\")),n=this.negate(),s=this;for(e=i.bitLength()-2;e>0;--e){s=s.twice();var a=i.testBit(e);a!=r.testBit(e)&&(s=s.add2D(a?this:n))}return s},st.prototype.isOnCurve=function(){var t=this.getX().toBigInteger(),e=this.getY().toBigInteger(),r=this.curve.getA().toBigInteger(),i=this.curve.getB().toBigInteger(),n=this.curve.getQ(),s=e.multiply(e).mod(n),a=t.multiply(t).multiply(t).add(r.multiply(t)).add(i).mod(n);return s.equals(a)},st.prototype.toString=function(){return\"(\"+this.getX().toBigInteger().toString()+\",\"+this.getY().toBigInteger().toString()+\")\"},st.prototype.validate=function(){var t=this.curve.getQ();if(this.isInfinity())throw new Error(\"Point is at infinity.\");var e=this.getX().toBigInteger(),r=this.getY().toBigInteger();if(e.compareTo(E.ONE)<0||e.compareTo(t.subtract(E.ONE))>0)throw new Error(\"x coordinate out of bounds\");if(r.compareTo(E.ONE)<0||r.compareTo(t.subtract(E.ONE))>0)throw new Error(\"y coordinate out of bounds\");if(!this.isOnCurve())throw new Error(\"Point is not on the curve.\");if(this.multiply(t).isInfinity())throw new Error(\"Point is not a scalar multiple of G.\");return!0};var ot=function(){var t=new RegExp('(?:false|true|null|[\\\\{\\\\}\\\\[\\\\]]|(?:-?\\\\b(?:0|[1-9][0-9]*)(?:\\\\.[0-9]+)?(?:[eE][+-]?[0-9]+)?\\\\b)|(?:\"(?:[^\\\\0-\\\\x08\\\\x0a-\\\\x1f\"\\\\\\\\]|\\\\\\\\(?:[\"/\\\\\\\\bfnrt]|u[0-9A-Fa-f]{4}))*\"))',\"g\"),e=new RegExp(\"\\\\\\\\(?:([^u])|u(.{4}))\",\"g\"),r={'\"':'\"',\"/\":\"/\",\"\\\\\":\"\\\\\",b:\"\\b\",f:\"\\f\",n:\"\\n\",r:\"\\r\",t:\"\\t\"};function i(t,e,i){return e?r[e]:String.fromCharCode(parseInt(i,16))}var n=new String(\"\"),s=Object.hasOwnProperty;return function(r,a){var o,h,u=r.match(t),c=u[0],l=!1;\"{\"===c?o={}:\"[\"===c?o=[]:(o=[],l=!0);for(var f=[o],g=1-l,p=u.length;g=0;)delete r[i[h]]}return a.call(t,e,r)};o=v({\"\":o},\"\")}return o}}();void 0!==ht&&ht||(ht={}),void 0!==ht.asn1&&ht.asn1||(ht.asn1={}),ht.asn1.ASN1Util=new function(){this.integerToByteHex=function(t){var e=t.toString(16);return e.length%2==1&&(e=\"0\"+e),e},this.bigIntToMinTwosComplementsHex=function(t){var e=t.toString(16);if(\"-\"!=e.substr(0,1))e.length%2==1?e=\"0\"+e:e.match(/^[0-7]/)||(e=\"00\"+e);else{var r=e.substr(1).length;r%2==1?r+=1:e.match(/^[0-7]/)||(r+=2);for(var i=\"\",n=0;n15)throw\"ASN.1 length too long to represent by 8x: n = \"+t.toString(16);return(128+r).toString(16)+e},this.getEncodedHex=function(){return(null==this.hTLV||this.isModified)&&(this.hV=this.getFreshValueHex(),this.hL=this.getLengthHexFromValue(),this.hTLV=this.hT+this.hL+this.hV,this.isModified=!1),this.hTLV},this.getValueHex=function(){return this.getEncodedHex(),this.hV},this.getFreshValueHex=function(){return\"\"},this.setByParam=function(t){this.params=t},null!=t&&null!=t.tlv&&(this.hTLV=t.tlv,this.isModified=!1)},ht.asn1.DERAbstractString=function(t){ht.asn1.DERAbstractString.superclass.constructor.call(this),this.getString=function(){return this.s},this.setString=function(t){this.hTLV=null,this.isModified=!0,this.s=t,this.hV=xt(this.s).toLowerCase()},this.setStringHex=function(t){this.hTLV=null,this.isModified=!0,this.s=null,this.hV=t},this.getFreshValueHex=function(){return this.hV},void 0!==t&&(\"string\"==typeof t?this.setString(t):void 0!==t.str?this.setString(t.str):void 0!==t.hex&&this.setStringHex(t.hex))},zt(ht.asn1.DERAbstractString,ht.asn1.ASN1Object),ht.asn1.DERAbstractTime=function(t){ht.asn1.DERAbstractTime.superclass.constructor.call(this),this.localDateToUTC=function(t){var e=t.getTime()+6e4*t.getTimezoneOffset();return new Date(e)},this.formatDate=function(t,e,r){var i=this.zeroPadding,n=this.localDateToUTC(t),s=String(n.getFullYear());\"utc\"==e&&(s=s.substr(2,2));var a=s+i(String(n.getMonth()+1),2)+i(String(n.getDate()),2)+i(String(n.getHours()),2)+i(String(n.getMinutes()),2)+i(String(n.getSeconds()),2);if(!0===r){var o=n.getMilliseconds();if(0!=o){var h=i(String(o),3);a=a+\".\"+(h=h.replace(/[0]+$/,\"\"))}}return a+\"Z\"},this.zeroPadding=function(t,e){return t.length>=e?t:new Array(e-t.length+1).join(\"0\")+t},this.setByParam=function(t){this.hV=null,this.hTLV=null,this.params=t},this.getString=function(){},this.setString=function(t){this.hTLV=null,this.isModified=!0,null==this.params&&(this.params={}),this.params.str=t},this.setByDate=function(t){this.hTLV=null,this.isModified=!0,null==this.params&&(this.params={}),this.params.date=t},this.setByDateValue=function(t,e,r,i,n,s){var a=new Date(Date.UTC(t,e-1,r,i,n,s,0));this.setByDate(a)},this.getFreshValueHex=function(){return this.hV}},zt(ht.asn1.DERAbstractTime,ht.asn1.ASN1Object),ht.asn1.DERAbstractStructured=function(t){ht.asn1.DERAbstractString.superclass.constructor.call(this),this.setByASN1ObjectArray=function(t){this.hTLV=null,this.isModified=!0,this.asn1Array=t},this.appendASN1Object=function(t){this.hTLV=null,this.isModified=!0,this.asn1Array.push(t)},this.asn1Array=new Array,void 0!==t&&void 0!==t.array&&(this.asn1Array=t.array)},zt(ht.asn1.DERAbstractStructured,ht.asn1.ASN1Object),ht.asn1.DERBoolean=function(t){ht.asn1.DERBoolean.superclass.constructor.call(this),this.hT=\"01\",this.hTLV=0==t?\"010100\":\"0101ff\"},zt(ht.asn1.DERBoolean,ht.asn1.ASN1Object),ht.asn1.DERInteger=function(t){ht.asn1.DERInteger.superclass.constructor.call(this),this.hT=\"02\",this.setByBigInteger=function(t){this.hTLV=null,this.isModified=!0,this.hV=ht.asn1.ASN1Util.bigIntToMinTwosComplementsHex(t)},this.setByInteger=function(t){var e=new E(String(t),10);this.setByBigInteger(e)},this.setValueHex=function(t){this.hV=t},this.getFreshValueHex=function(){return this.hV},void 0!==t&&(void 0!==t.bigint?this.setByBigInteger(t.bigint):void 0!==t.int?this.setByInteger(t.int):\"number\"==typeof t?this.setByInteger(t):void 0!==t.hex&&this.setValueHex(t.hex))},zt(ht.asn1.DERInteger,ht.asn1.ASN1Object),ht.asn1.DERBitString=function(t){if(void 0!==t&&void 0!==t.obj){var e=ht.asn1.ASN1Util.newObject(t.obj);t.hex=\"00\"+e.getEncodedHex()}ht.asn1.DERBitString.superclass.constructor.call(this),this.hT=\"03\",this.setHexValueIncludingUnusedBits=function(t){this.hTLV=null,this.isModified=!0,this.hV=t},this.setUnusedBitsAndHexValue=function(t,e){if(t<0||7n.length&&(n=i[r]);return(t=t.replace(n,\"::\")).slice(1,-1)}function Ot(t){var e=\"malformed hex value\";if(!t.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/))throw e;if(8!=t.length)return 32==t.length?Nt(t):t;try{return parseInt(t.substr(0,2),16)+\".\"+parseInt(t.substr(2,2),16)+\".\"+parseInt(t.substr(4,2),16)+\".\"+parseInt(t.substr(6,2),16)}catch(r){throw e}}function jt(t){return t.match(/.{4}/g).map((function(t){var e=parseInt(t.substr(0,2),16),r=parseInt(t.substr(2),16);if(0==e&r<128)return String.fromCharCode(r);if(e<8){var i=128|63&r;return Et((192|(7&e)<<3|(192&r)>>6).toString(16)+i.toString(16))}i=128|(15&e)<<2|(192&r)>>6;var n=128|63&r;return Et((224|(240&e)>>4).toString(16)+i.toString(16)+n.toString(16))})).join(\"\")}function Vt(t){for(var e=encodeURIComponent(t),r=\"\",i=0;i\"7\"?\"00\"+t:t}function kt(t){t=(t=(t=t.replace(/^\\s*\\[\\s*/,\"\")).replace(/\\s*\\]\\s*$/,\"\")).replace(/\\s*/g,\"\");try{return t.split(/,/).map((function(t,e,r){var i=parseInt(t);if(i<0||2550&&(c=c+\".\"+h.join(\".\")),c}catch(n){return null}}lt.getLblen=function(t,e){if(\"8\"!=t.substr(e+2,1))return 1;var r=parseInt(t.substr(e+3,1));return 0==r?-1:0=i)break}return a},lt.getNthChildIdx=function(t,e,r){return lt.getChildIdx(t,e)[r]},lt.getIdxbyList=function(t,e,r,i){var n,s,a=lt;return 0==r.length?void 0!==i&&t.substr(e,2)!==i?-1:e:(n=r.shift())>=(s=a.getChildIdx(t,e)).length?-1:a.getIdxbyList(t,s[n],r,i)},lt.getIdxbyListEx=function(t,e,r,i){var n,s,a=lt;if(0==r.length)return void 0!==i&&t.substr(e,2)!==i?-1:e;n=r.shift(),s=a.getChildIdx(t,e);for(var o=0,h=0;h=t.length?null:n.getTLV(t,s)},lt.getTLVbyListEx=function(t,e,r,i){var n=lt,s=n.getIdxbyListEx(t,e,r,i);return-1==s?null:n.getTLV(t,s)},lt.getVbyList=function(t,e,r,i,n){var s,a,o=lt;return-1==(s=o.getIdxbyList(t,e,r,i))||s>=t.length?null:(a=o.getV(t,s),!0===n&&(a=a.substr(2)),a)},lt.getVbyListEx=function(t,e,r,i,n){var s,a,o=lt;return-1==(s=o.getIdxbyListEx(t,e,r,i))?null:(a=o.getV(t,s),\"03\"==t.substr(s,2)&&!1!==n&&(a=a.substr(2)),a)},lt.getInt=function(t,e,r){null==r&&(r=-1);try{var i=t.substr(e,2);if(\"02\"!=i&&\"03\"!=i)return r;var n=lt.getV(t,e);return\"02\"==i?parseInt(n,16):Ut(n)}catch(h){return r}},lt.getOID=function(t,e,r){null==r&&(r=null);try{return\"06\"!=t.substr(e,2)?r:_t(lt.getV(t,e))}catch(i){return r}},lt.getOIDName=function(t,e,r){null==r&&(r=null);try{var i=lt.getOID(t,e,r);if(i==r)return r;var n=ht.asn1.x509.OID.oid2name(i);return\"\"==n?i:n}catch(u){return r}},lt.getString=function(t,e,r){null==r&&(r=null);try{return wt(lt.getV(t,e))}catch(u){return r}},lt.hextooidstr=function(t){var e=function(t,e){return t.length>=e?t:new Array(e-t.length+1).join(\"0\")+t},r=[],i=t.substr(0,2),n=parseInt(i,16);r[0]=new String(Math.floor(n/40)),r[1]=new String(n%40);for(var s=t.substr(2),a=[],o=0;o0&&(c=c+\".\"+h.join(\".\")),c},lt.dump=function(t,e,r,i){var n=lt,s=n.getV,a=n.dump,o=n.getChildIdx,h=t;t instanceof ht.asn1.ASN1Object&&(h=t.getEncodedHex());var u=function(t,e){return t.length<=2*e?t:t.substr(0,e)+\"..(total \"+t.length/2+\"bytes)..\"+t.substr(t.length-e,e)};void 0===e&&(e={ommit_long_octet:32}),void 0===r&&(r=0),void 0===i&&(i=\"\");var c,l=e.ommit_long_octet;if(\"01\"==(c=h.substr(r,2)))return\"00\"==(f=s(h,r))?i+\"BOOLEAN FALSE\\n\":i+\"BOOLEAN TRUE\\n\";if(\"02\"==c)return i+\"INTEGER \"+u(f=s(h,r),l)+\"\\n\";if(\"03\"==c){var f=s(h,r);return n.isASN1HEX(f.substr(2))?(E=i+\"BITSTRING, encapsulates\\n\")+a(f.substr(2),e,0,i+\" \"):i+\"BITSTRING \"+u(f,l)+\"\\n\"}if(\"04\"==c)return f=s(h,r),n.isASN1HEX(f)?(E=i+\"OCTETSTRING, encapsulates\\n\")+a(f,e,0,i+\" \"):i+\"OCTETSTRING \"+u(f,l)+\"\\n\";if(\"05\"==c)return i+\"NULL\\n\";if(\"06\"==c){var g=s(h,r),p=ht.asn1.ASN1Util.oidHexToInt(g),d=ht.asn1.x509.OID.oid2name(p),v=p.replace(/\\./g,\" \");return\"\"!=d?i+\"ObjectIdentifier \"+d+\" (\"+v+\")\\n\":i+\"ObjectIdentifier (\"+v+\")\\n\"}if(\"0a\"==c)return i+\"ENUMERATED \"+parseInt(s(h,r))+\"\\n\";if(\"0c\"==c)return i+\"UTF8String '\"+Et(s(h,r))+\"'\\n\";if(\"13\"==c)return i+\"PrintableString '\"+Et(s(h,r))+\"'\\n\";if(\"14\"==c)return i+\"TeletexString '\"+Et(s(h,r))+\"'\\n\";if(\"16\"==c)return i+\"IA5String '\"+Et(s(h,r))+\"'\\n\";if(\"17\"==c)return i+\"UTCTime \"+Et(s(h,r))+\"\\n\";if(\"18\"==c)return i+\"GeneralizedTime \"+Et(s(h,r))+\"\\n\";if(\"1a\"==c)return i+\"VisualString '\"+Et(s(h,r))+\"'\\n\";if(\"1e\"==c)return i+\"BMPString '\"+jt(s(h,r))+\"'\\n\";if(\"30\"==c){if(\"3000\"==h.substr(r,4))return i+\"SEQUENCE {}\\n\";E=i+\"SEQUENCE\\n\";var y=e;if((2==(x=o(h,r)).length||3==x.length)&&\"06\"==h.substr(x[0],2)&&\"04\"==h.substr(x[x.length-1],2)){d=n.oidname(s(h,x[0]));var m=JSON.parse(JSON.stringify(e));m.x509ExtName=d,y=m}for(var S=0;S31)&&128==(192&r)&&(31&r)==i}catch(h){return!1}},lt.isASN1HEX=function(t){var e=lt;if(t.length%2==1)return!1;var r=e.getVblen(t,0),i=t.substr(0,2),n=e.getL(t,0);return t.length-i.length-n.length==2*r},lt.checkStrictDER=function(t,e,r,i,n){var s=lt;if(void 0===r){if(\"string\"!=typeof t)throw new Error(\"not hex string\");if(t=t.toLowerCase(),!ht.lang.String.isHex(t))throw new Error(\"not hex string\");r=t.length,n=(i=t.length/2)<128?1:Math.ceil(i.toString(16))+1}if(s.getL(t,e).length>2*n)throw new Error(\"L of TLV too long: idx=\"+e);var a=s.getVblen(t,e);if(a>i)throw new Error(\"value of L too long than hex: idx=\"+e);var o=s.getTLV(t,e),h=o.length-2-s.getL(t,e).length;if(h!==2*a)throw new Error(\"V string length and L's value not the same:\"+h+\"/\"+2*a);if(0===e&&t.length!=o.length)throw new Error(\"total length and TLV length unmatch:\"+t.length+\"!=\"+o.length);var u=t.substr(e,2);if(\"02\"===u){var c=s.getVidx(t,e);if(\"00\"==t.substr(c,2)&&t.charCodeAt(c+2)<56)throw new Error(\"not least zeros for DER INTEGER\")}if(32&parseInt(u,16)){for(var l=s.getVblen(t,e),f=0,g=s.getChildIdx(t,e),p=0;p0&&t.push(new i({tag:\"a3\",obj:new u(e.ext)})),new ht.asn1.DERSequence({array:t}).getEncodedHex()},void 0!==t&&this.setByParam(t)},zt(ht.asn1.x509.TBSCertificate,ht.asn1.ASN1Object),ht.asn1.x509.Extensions=function(t){ht.asn1.x509.Extensions.superclass.constructor.call(this);var e=ht.asn1,r=e.DERSequence,i=e.x509;this.aParam=[],this.setByParam=function(t){this.aParam=t},this.getEncodedHex=function(){for(var t=[],e=0;e-1&&t.push(new i({int:this.pathLen}));var e=new n({array:t});return this.asn1ExtnValue=e,this.asn1ExtnValue.getEncodedHex()},this.oid=\"2.5.29.19\",this.cA=!1,this.pathLen=-1,void 0!==t&&(void 0!==t.cA&&(this.cA=t.cA),void 0!==t.pathLen&&(this.pathLen=t.pathLen))},zt(ht.asn1.x509.BasicConstraints,ht.asn1.x509.Extension),ht.asn1.x509.CRLDistributionPoints=function(t){ht.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,t);var e=ht.asn1,r=e.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()},this.setByDPArray=function(t){for(var i=[],n=0;n0&&t.push(new r({array:e}))}return new r({array:t}).getEncodedHex()},void 0!==t&&(this.params=t)},zt(ht.asn1.x509.PolicyInformation,ht.asn1.ASN1Object),ht.asn1.x509.PolicyQualifierInfo=function(t){ht.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,t);var e=ht.asn1,r=e.DERSequence,i=e.DERIA5String,n=e.DERObjectIdentifier,s=e.x509.UserNotice;this.params=null,this.getEncodedHex=function(){return void 0!==this.params.cps?new r({array:[new n({oid:\"1.3.6.1.5.5.7.2.1\"}),new i({str:this.params.cps})]}).getEncodedHex():null!=this.params.unotice?new r({array:[new n({oid:\"1.3.6.1.5.5.7.2.2\"}),new s(this.params.unotice)]}).getEncodedHex():void 0},void 0!==t&&(this.params=t)},zt(ht.asn1.x509.PolicyQualifierInfo,ht.asn1.ASN1Object),ht.asn1.x509.UserNotice=function(t){ht.asn1.x509.UserNotice.superclass.constructor.call(this,t);var e=ht.asn1.DERSequence,r=(ht.asn1.DERInteger,ht.asn1.x509.DisplayText),i=ht.asn1.x509.NoticeReference;this.params=null,this.getEncodedHex=function(){var t=[];return void 0!==this.params.noticeref&&t.push(new i(this.params.noticeref)),void 0!==this.params.exptext&&t.push(new r(this.params.exptext)),new e({array:t}).getEncodedHex()},void 0!==t&&(this.params=t)},zt(ht.asn1.x509.UserNotice,ht.asn1.ASN1Object),ht.asn1.x509.NoticeReference=function(t){ht.asn1.x509.NoticeReference.superclass.constructor.call(this,t);var e=ht.asn1.DERSequence,r=ht.asn1.DERInteger,i=ht.asn1.x509.DisplayText;this.params=null,this.getEncodedHex=function(){var t=[];if(void 0!==this.params.org&&t.push(new i(this.params.org)),void 0!==this.params.noticenum){for(var n=[],s=this.params.noticenum,a=0;a0)for(var t=0;t0;n++){var s=e.shift();if(!0===r){var a=(i.pop()+\",\"+s).replace(/\\\\,/g,\",\");i.push(a),r=!1}else i.push(s);\"\\\\\"===s.substr(-1,1)&&(r=!0)}return(i=i.map((function(t){return t.replace(\"/\",\"\\\\/\")}))).reverse(),\"/\"+i.join(\"/\")},ht.asn1.x509.X500Name.ldapToOneline=function(t){return ht.asn1.x509.X500Name.ldapToCompat(t)},ht.asn1.x509.RDN=function(t){ht.asn1.x509.RDN.superclass.constructor.call(this),this.asn1Array=[],this.paramArray=[],this.sRule=\"utf8\";var e=ht.asn1.x509.AttributeTypeAndValue;this.setByParam=function(t){void 0!==t.rule&&(this.sRule=t.rule),void 0!==t.str&&this.addByMultiValuedString(t.str),void 0!==t.array&&(this.paramArray=t.array)},this.addByString=function(t){this.asn1Array.push(new ht.asn1.x509.AttributeTypeAndValue({str:t,rule:this.sRule}))},this.addByMultiValuedString=function(t){for(var e=ht.asn1.x509.RDN.parseString(t),r=0;r0)for(var t=0;t0;n++){var s=e.shift();if(!0===r){var a=(i.pop()+\"+\"+s).replace(/\\\\\\+/g,\"+\");i.push(a),r=!1}else i.push(s);\"\\\\\"===s.substr(-1,1)&&(r=!0)}var o=!1,h=[];for(n=0;i.length>0;n++){if(s=i.shift(),!0===o){var u=h.pop();s.match(/\"$/)?(a=(u+\"+\"+s).replace(/^([^=]+)=\"(.*)\"$/,\"$1=$2\"),h.push(a),o=!1):h.push(u+\"+\"+s)}else h.push(s);s.match(/^[^=]+=\"/)&&(o=!0)}return h},ht.asn1.x509.AttributeTypeAndValue=function(t){ht.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this),this.sRule=\"utf8\",this.sType=null,this.sValue=null,this.dsType=null;var e=ht,r=e.asn1,i=r.DERSequence,n=r.DERUTF8String,s=r.DERPrintableString,a=r.DERTeletexString,o=r.DERIA5String,h=r.DERVisibleString,u=r.DERBMPString,c=e.lang.String.isMail,l=e.lang.String.isPrintable;this.setByParam=function(t){if(void 0!==t.rule&&(this.sRule=t.rule),void 0!==t.ds&&(this.dsType=t.ds),void 0===t.value&&void 0!==t.str){var e=t.str.match(/^([^=]+)=(.+)$/);if(!e)throw new Error(\"malformed attrTypeAndValueStr: \"+attrTypeAndValueStr);this.sType=e[1],this.sValue=e[2]}else this.sType=t.type,this.sValue=t.value},this.setByString=function(t,e){void 0!==e&&(this.sRule=e);var r=t.match(/^([^=]+)=(.+)$/);if(!r)throw new Error(\"malformed attrTypeAndValueStr: \"+attrTypeAndValueStr);this.setByAttrTypeAndValueStr(r[1],r[2])},this._getDsType=function(){var t=this.sType,e=this.sValue,r=this.sRule;return\"prn\"===r?\"CN\"==t&&c(e)?\"ia5\":l(e)?\"prn\":\"utf8\":\"utf8\"===r?\"CN\"==t&&c(e)?\"ia5\":\"C\"==t?\"prn\":\"utf8\":\"utf8\"},this.setByAttrTypeAndValueStr=function(t,e,r){void 0!==r&&(this.sRule=r),this.sType=t,this.sValue=e},this.getValueObj=function(t,e){if(\"utf8\"==t)return new n({str:e});if(\"prn\"==t)return new s({str:e});if(\"tel\"==t)return new a({str:e});if(\"ia5\"==t)return new o({str:e});if(\"vis\"==t)return new h({str:e});if(\"bmp\"==t)return new u({str:e});throw new Error(\"unsupported directory string type: type=\"+t+\" value=\"+e)},this.getEncodedHex=function(){null==this.dsType&&(this.dsType=this._getDsType());var t=ht.asn1.x509.OID.atype2obj(this.sType),e=this.getValueObj(this.dsType,this.sValue),r=new i({array:[t,e]});return this.TLV=r.getEncodedHex(),this.TLV},void 0!==t&&this.setByParam(t)},zt(ht.asn1.x509.AttributeTypeAndValue,ht.asn1.ASN1Object),ht.asn1.x509.SubjectPublicKeyInfo=function(t){ht.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var e=ht,r=e.asn1,i=r.DERInteger,n=r.DERBitString,s=r.DERObjectIdentifier,a=r.DERSequence,o=r.ASN1Util.newObject,h=r.x509.AlgorithmIdentifier,u=e.crypto;u.ECDSA,u.DSA,this.getASN1Object=function(){if(null==this.asn1AlgId||null==this.asn1SubjPKey)throw\"algId and/or subjPubKey not set\";return new a({array:[this.asn1AlgId,this.asn1SubjPKey]})},this.getEncodedHex=function(){var t=this.getASN1Object();return this.hTLV=t.getEncodedHex(),this.hTLV},this.setPubKey=function(t){try{if(t instanceof rt){var e=o({seq:[{int:{bigint:t.n}},{int:{int:t.e}}]}).getEncodedHex();this.asn1AlgId=new h({name:\"rsaEncryption\"}),this.asn1SubjPKey=new n({hex:\"00\"+e})}}catch(u){}try{if(t instanceof ht.crypto.ECDSA){var r=new s({name:t.curveName});this.asn1AlgId=new h({name:\"ecPublicKey\",asn1params:r}),this.asn1SubjPKey=new n({hex:\"00\"+t.pubKeyHex})}}catch(u){}try{if(t instanceof ht.crypto.DSA){r=new o({seq:[{int:{bigint:t.p}},{int:{bigint:t.q}},{int:{bigint:t.g}}]}),this.asn1AlgId=new h({name:\"dsa\",asn1params:r});var a=new i({bigint:t.y});this.asn1SubjPKey=new n({hex:\"00\"+a.getEncodedHex()})}}catch(u){}},void 0!==t&&this.setPubKey(t)},zt(ht.asn1.x509.SubjectPublicKeyInfo,ht.asn1.ASN1Object),ht.asn1.x509.Time=function(t){ht.asn1.x509.Time.superclass.constructor.call(this);var e=ht.asn1,r=e.DERUTCTime,i=e.DERGeneralizedTime;this.params=null,this.type=null,this.setTimeParams=function(t){this.timeParams=t},this.setByParam=function(t){this.params=t},this.getType=function(t){return t.match(/^[0-9]{12}Z$/)?\"utc\":t.match(/^[0-9]{14}Z$/)?\"gen\":t.match(/^[0-9]{12}\\.[0-9]+Z$/)?\"utc\":t.match(/^[0-9]{14}\\.[0-9]+Z$/)?\"gen\":null},this.getEncodedHex=function(){var t=this.params,e=null;if(\"string\"==typeof t&&(t={str:t}),null==t||!t.str||null!=t.type&&null!=t.type||(t.type=this.getType(t.str)),null!=t&&t.str?(\"utc\"==t.type&&(e=new r(t.str)),\"gen\"==t.type&&(e=new i(t.str))):e=\"gen\"==this.type?new i:new r,null==e)throw new Error(\"wrong setting for Time\");return this.TLV=e.getEncodedHex(),this.TLV},null!=t&&this.setByParam(t)},ht.asn1.x509.Time_bak=function(t){ht.asn1.x509.Time_bak.superclass.constructor.call(this);var e=ht.asn1,r=e.DERUTCTime,i=e.DERGeneralizedTime;this.setTimeParams=function(t){this.timeParams=t},this.getEncodedHex=function(){var t=null;return t=null!=this.timeParams?\"utc\"==this.type?new r(this.timeParams):new i(this.timeParams):\"utc\"==this.type?new r:new i,this.TLV=t.getEncodedHex(),this.TLV},this.type=\"utc\",void 0!==t&&(void 0!==t.type?this.type=t.type:void 0!==t.str&&(t.str.match(/^[0-9]{12}Z$/)&&(this.type=\"utc\"),t.str.match(/^[0-9]{14}Z$/)&&(this.type=\"gen\")),this.timeParams=t)},zt(ht.asn1.x509.Time,ht.asn1.ASN1Object),ht.asn1.x509.AlgorithmIdentifier=function(t){ht.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this),this.nameAlg=null,this.asn1Alg=null,this.asn1Params=null,this.paramEmpty=!1;var e=ht.asn1,r=e.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;if(this.getEncodedHex=function(){if(null===this.nameAlg&&null===this.asn1Alg)throw new Error(\"algorithm not specified\");if(null!==this.nameAlg){var t=null;for(var i in r)i===this.nameAlg&&(t=r[i]);if(null!==t)return this.hTLV=t,this.hTLV}null!==this.nameAlg&&null===this.asn1Alg&&(this.asn1Alg=e.x509.OID.name2obj(this.nameAlg));var n=[this.asn1Alg];null!==this.asn1Params&&n.push(this.asn1Params);var s=new e.DERSequence({array:n});return this.hTLV=s.getEncodedHex(),this.hTLV},void 0!==t&&(void 0!==t.name&&(this.nameAlg=t.name),void 0!==t.asn1params&&(this.asn1Params=t.asn1params),void 0!==t.paramempty&&(this.paramEmpty=t.paramempty)),null===this.asn1Params&&!1===this.paramEmpty&&null!==this.nameAlg){void 0!==this.nameAlg.name&&(this.nameAlg=this.nameAlg.name);var i=this.nameAlg.toLowerCase();\"withdsa\"!==i.substr(-7,7)&&\"withecdsa\"!==i.substr(-9,9)&&(this.asn1Params=new e.DERNull)}},zt(ht.asn1.x509.AlgorithmIdentifier,ht.asn1.ASN1Object),ht.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:\"300d06092a864886f70d01010a3000\",SHA256withRSAandMGF1:\"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120\",SHA384withRSAandMGF1:\"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130\",SHA512withRSAandMGF1:\"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140\"},ht.asn1.x509.GeneralName=function(t){ht.asn1.x509.GeneralName.superclass.constructor.call(this);var e={rfc822:\"81\",dns:\"82\",dn:\"a4\",uri:\"86\",ip:\"87\"},r=ht.asn1,i=(r.DERSequence,r.DEROctetString),n=r.DERIA5String,s=r.DERTaggedObject,a=r.ASN1Object,o=r.x509.X500Name,h=Ct;this.explicit=!1,this.setByParam=function(t){var r=null;if(void 0!==t){if(void 0!==t.rfc822&&(this.type=\"rfc822\",r=new n({str:t[this.type]})),void 0!==t.dns&&(this.type=\"dns\",r=new n({str:t[this.type]})),void 0!==t.uri&&(this.type=\"uri\",r=new n({str:t[this.type]})),void 0!==t.dn&&(this.type=\"dn\",this.explicit=!0,r=\"string\"==typeof t.dn?new o({str:t.dn}):t.dn instanceof ht.asn1.x509.X500Name?t.dn:new o(t.dn)),void 0!==t.ldapdn&&(this.type=\"dn\",this.explicit=!0,r=new o({ldapstr:t.ldapdn})),void 0!==t.certissuer){this.type=\"dn\",this.explicit=!0;var u=null;if((l=t.certissuer).match(/^[0-9A-Fa-f]+$/),-1!=l.indexOf(\"-----BEGIN \")&&(u=h(l)),null==u)throw\"certissuer param not cert\";(f=new $t).hex=u;var c=f.getIssuerHex();(r=new a).hTLV=c}if(void 0!==t.certsubj){var l,f;if(this.type=\"dn\",this.explicit=!0,u=null,(l=t.certsubj).match(/^[0-9A-Fa-f]+$/),-1!=l.indexOf(\"-----BEGIN \")&&(u=h(l)),null==u)throw\"certsubj param not cert\";(f=new $t).hex=u,c=f.getSubjectHex(),(r=new a).hTLV=c}if(void 0!==t.ip){this.type=\"ip\",this.explicit=!1;var g,p=t.ip,d=\"malformed IP address\";if(p.match(/^[0-9.]+[.][0-9.]+$/)){if(8!==(g=kt(\"[\"+p.split(\".\").join(\",\")+\"]\")).length)throw d}else if(p.match(/^[0-9A-Fa-f:]+:[0-9A-Fa-f:]+$/))g=Ht(p);else{if(!p.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/))throw d;g=p}r=new i({hex:g})}if(null==this.type)throw\"unsupported type in params=\"+t;this.asn1Obj=new s({explicit:this.explicit,tag:e[this.type],obj:r})}},this.getEncodedHex=function(){return this.asn1Obj.getEncodedHex()},void 0!==t&&this.setByParam(t)},zt(ht.asn1.x509.GeneralName,ht.asn1.ASN1Object),ht.asn1.x509.GeneralNames=function(t){ht.asn1.x509.GeneralNames.superclass.constructor.call(this);var e=ht.asn1;this.setByParamArray=function(t){for(var r=0;r0){for(var r=s(t.valhex,e[0]),i=c(r,0),n=[],a=0;a1){var u=s(t.valhex,e[1]);t.polhex=u}delete t.valhex},this.setSignaturePolicyIdentifier=function(t){var r=c(t.valhex,0);if(r.length>0){var a=i.getOID(t.valhex,r[0]);t.oid=a}if(r.length>1){var o=new e,h=c(t.valhex,r[1]),u=s(t.valhex,h[0]),l=o.getAlgorithmIdentifierName(u);t.alg=l;var f=n(t.valhex,h[1]);t.hash=f}delete t.valhex},this.setSigningCertificateV2=function(t){var e=c(t.valhex,0);if(e.length>0){for(var r=s(t.valhex,e[0]),i=c(r,0),n=[],a=0;a1){var u=s(t.valhex,e[1]);t.polhex=u}delete t.valhex},this.getESSCertID=function(t){var e={},r=c(t,0);if(r.length>0){var i=n(t,r[0]);e.hash=i}if(r.length>1){var a=s(t,r[1]),o=this.getIssuerSerial(a);null!=o.serial&&(e.serial=o.serial),null!=o.issuer&&(e.issuer=o.issuer)}return e},this.getESSCertIDv2=function(e){var i={},a=c(e,0);if(a.length<1||3o+1){var l=s(e,a[o+1]),f=this.getIssuerSerial(l);i.issuer=f.issuer,i.serial=f.serial}return i},this.getIssuerSerial=function(t){var e={},i=c(t,0),a=s(t,i[0]),o=r.getGeneralNames(a)[0].dn;e.issuer=o;var h=n(t,i[1]);return e.serial={hex:h},e},this.getCertificateSet=function(t){for(var e=c(t,0),r=[],i=0;i1){var r=this.getPKIStatusInfo(i(t,e[0])),n=i(t,e[1]),a=this.getToken(n);return a.statusinfo=r,a}},this.getToken=function(t){var e=(new ht.asn1.cms.CMSParser).getCMSSignedData(t);return this.setTSTInfo(e),e},this.setTSTInfo=function(t){var e=t.econtent;if(\"tstinfo\"==e.type){var r=e.content.hex,i=this.getTSTInfo(r);e.content=i}},this.getTSTInfo=function(e){var n={},a=s(e,0),o=r(e,a[1]);n.policy=_t(o);var h=i(e,a[2]);n.messageImprint=this.getMessageImprint(h);var u=r(e,a[3]);n.serial={hex:u};var c=r(e,a[4]);n.genTime={str:Et(c)};var l=0;if(a.length>5&&\"30\"==e.substr(a[5],2)){var f=i(e,a[5]);n.accuracy=this.getAccuracy(f),l++}if(a.length>5+l&&\"01\"==e.substr(a[5+l],2)&&(\"ff\"==r(e,a[5+l])&&(n.ordering=!0),l++),a.length>5+l&&\"02\"==e.substr(a[5+l],2)){var g=r(e,a[5+l]);n.nonce={hex:g},l++}if(a.length>5+l&&\"a0\"==e.substr(a[5+l],2)){var p=i(e,a[5+l]);p=\"30\"+p.substr(2),pGeneralNames=t.getGeneralNames(p);var d=pGeneralNames[0].dn;n.tsa=d,l++}if(a.length>5+l&&\"a1\"==e.substr(a[5+l],2)){var v=i(e,a[5+l]);v=\"30\"+v.substr(2);var y=t.getExtParamArray(v);n.ext=y,l++}return n},this.getAccuracy=function(t){for(var e={},i=s(t,0),n=0;n1&&\"30\"==t.substr(n[1],2)){var c=i(t,n[1]);e.statusstr=this.getPKIFreeText(c),o++}if(n.length>o&&\"03\"==t.substr(n[1+o],2)){var l=i(t,n[1+o]);e.failinfo=this.getPKIFailureInfo(l)}return e},this.getPKIFreeText=function(t){for(var r=[],i=s(t,0),n=0;n=e?t:new Array(e-t.length+1).join(r)+t};function Ut(t){try{var e=t.substr(0,2);if(\"00\"==e)return parseInt(t.substr(2),16);var r=parseInt(e,16),i=t.substr(2),n=parseInt(i,16).toString(2);return\"0\"==n&&(n=\"00000000\"),n=n.slice(0,0-r),parseInt(n,2)}catch(u){return-1}}function zt(t,e){var r=function(){};r.prototype=e.prototype,t.prototype=new r,t.prototype.constructor=t,t.superclass=e.prototype,e.prototype.constructor==Object.prototype.constructor&&(e.prototype.constructor=e)}void 0!==ht&&ht||(ht={}),void 0!==ht.crypto&&ht.crypto||(ht.crypto={}),ht.crypto.Util=new function(){this.DIGESTINFOHEAD={sha1:\"3021300906052b0e03021a05000414\",sha224:\"302d300d06096086480165030402040500041c\",sha256:\"3031300d060960864801650304020105000420\",sha384:\"3041300d060960864801650304020205000430\",sha512:\"3051300d060960864801650304020305000440\",md2:\"3020300c06082a864886f70d020205000410\",md5:\"3020300c06082a864886f70d020505000410\",ripemd160:\"3021300906052b2403020105000414\"},this.DEFAULTPROVIDER={md5:\"cryptojs\",sha1:\"cryptojs\",sha224:\"cryptojs\",sha256:\"cryptojs\",sha384:\"cryptojs\",sha512:\"cryptojs\",ripemd160:\"cryptojs\",hmacmd5:\"cryptojs\",hmacsha1:\"cryptojs\",hmacsha224:\"cryptojs\",hmacsha256:\"cryptojs\",hmacsha384:\"cryptojs\",hmacsha512:\"cryptojs\",hmacripemd160:\"cryptojs\",MD5withRSA:\"cryptojs/jsrsa\",SHA1withRSA:\"cryptojs/jsrsa\",SHA224withRSA:\"cryptojs/jsrsa\",SHA256withRSA:\"cryptojs/jsrsa\",SHA384withRSA:\"cryptojs/jsrsa\",SHA512withRSA:\"cryptojs/jsrsa\",RIPEMD160withRSA:\"cryptojs/jsrsa\",MD5withECDSA:\"cryptojs/jsrsa\",SHA1withECDSA:\"cryptojs/jsrsa\",SHA224withECDSA:\"cryptojs/jsrsa\",SHA256withECDSA:\"cryptojs/jsrsa\",SHA384withECDSA:\"cryptojs/jsrsa\",SHA512withECDSA:\"cryptojs/jsrsa\",RIPEMD160withECDSA:\"cryptojs/jsrsa\",SHA1withDSA:\"cryptojs/jsrsa\",SHA224withDSA:\"cryptojs/jsrsa\",SHA256withDSA:\"cryptojs/jsrsa\",MD5withRSAandMGF1:\"cryptojs/jsrsa\",SHAwithRSAandMGF1:\"cryptojs/jsrsa\",SHA1withRSAandMGF1:\"cryptojs/jsrsa\",SHA224withRSAandMGF1:\"cryptojs/jsrsa\",SHA256withRSAandMGF1:\"cryptojs/jsrsa\",SHA384withRSAandMGF1:\"cryptojs/jsrsa\",SHA512withRSAandMGF1:\"cryptojs/jsrsa\",RIPEMD160withRSAandMGF1:\"cryptojs/jsrsa\"},this.CRYPTOJSMESSAGEDIGESTNAME={md5:d.algo.MD5,sha1:d.algo.SHA1,sha224:d.algo.SHA224,sha256:d.algo.SHA256,sha384:d.algo.SHA384,sha512:d.algo.SHA512,ripemd160:d.algo.RIPEMD160},this.getDigestInfoHex=function(t,e){if(void 0===this.DIGESTINFOHEAD[e])throw\"alg not supported in Util.DIGESTINFOHEAD: \"+e;return this.DIGESTINFOHEAD[e]+t},this.getPaddedDigestInfoHex=function(t,e,r){var i=this.getDigestInfoHex(t,e),n=r/4;if(i.length+22>n)throw\"key is too short for SigAlg: keylen=\"+r+\",\"+e;for(var s=\"0001\",a=\"00\"+i,o=\"\",h=n-s.length-a.length,u=0;u=0)return!1;if(i.compareTo(r.ONE)<0||i.compareTo(s)>=0)return!1;var o=i.modInverse(s),h=t.multiply(o).mod(s),u=e.multiply(o).mod(s);return a.multiply(h).add(n.multiply(u)).getX().toBigInteger().mod(s).equals(e)},this.serializeSig=function(t,e){var r=t.toByteArraySigned(),i=e.toByteArraySigned(),n=[];return n.push(2),n.push(r.length),(n=n.concat(r)).push(2),n.push(i.length),(n=n.concat(i)).unshift(n.length),n.unshift(48),n},this.parseSig=function(t){var e;if(48!=t[0])throw new Error(\"Signature not a valid DERSequence\");if(2!=t[e=2])throw new Error(\"First element in signature must be a DERInteger\");var i=t.slice(e+2,e+2+t[e+1]);if(2!=t[e+=2+t[e+1]])throw new Error(\"Second element in signature must be a DERInteger\");var n=t.slice(e+2,e+2+t[e+1]);return e+=2+t[e+1],{r:r.fromByteArrayUnsigned(i),s:r.fromByteArrayUnsigned(n)}},this.parseSigCompact=function(t){if(65!==t.length)throw\"Signature has the wrong length\";var e=t[0]-27;if(e<0||e>7)throw\"Invalid signature type\";var i=this.ecparams.n;return{r:r.fromByteArrayUnsigned(t.slice(1,33)).mod(i),s:r.fromByteArrayUnsigned(t.slice(33,65)).mod(i),i:e}},this.readPKCS5PrvKeyHex=function(t){if(!1===u(t))throw new Error(\"not ASN.1 hex string\");var e,r,i;try{e=h(t,0,[\"[0]\",0],\"06\"),r=h(t,0,[1],\"04\");try{i=h(t,0,[\"[1]\",0],\"03\")}catch(n){}}catch(n){throw new Error(\"malformed PKCS#1/5 plain ECC private key\")}if(this.curveName=a(e),void 0===this.curveName)throw\"unsupported curve name\";this.setNamedCurve(this.curveName),this.setPublicKeyHex(i),this.setPrivateKeyHex(r),this.isPublic=!1},this.readPKCS8PrvKeyHex=function(t){if(!1===u(t))throw new e(\"not ASN.1 hex string\");var r,i,n;try{h(t,0,[1,0],\"06\"),r=h(t,0,[1,1],\"06\"),i=h(t,0,[2,0,1],\"04\");try{n=h(t,0,[2,0,\"[1]\",0],\"03\")}catch(s){}}catch(s){throw new e(\"malformed PKCS#8 plain ECC private key\")}if(this.curveName=a(r),void 0===this.curveName)throw new e(\"unsupported curve name\");this.setNamedCurve(this.curveName),this.setPublicKeyHex(n),this.setPrivateKeyHex(i),this.isPublic=!1},this.readPKCS8PubKeyHex=function(t){if(!1===u(t))throw new e(\"not ASN.1 hex string\");var r,i;try{h(t,0,[0,0],\"06\"),r=h(t,0,[0,1],\"06\"),i=h(t,0,[1],\"03\")}catch(n){throw new e(\"malformed PKCS#8 ECC public key\")}if(this.curveName=a(r),null===this.curveName)throw new e(\"unsupported curve name\");this.setNamedCurve(this.curveName),this.setPublicKeyHex(i)},this.readCertPubKeyHex=function(t,r){if(!1===u(t))throw new e(\"not ASN.1 hex string\");var i,n;try{i=h(t,0,[0,5,0,1],\"06\"),n=h(t,0,[0,5,1],\"03\")}catch(s){throw new e(\"malformed X.509 certificate ECC public key\")}if(this.curveName=a(i),null===this.curveName)throw new e(\"unsupported curve name\");this.setNamedCurve(this.curveName),this.setPublicKeyHex(n)},void 0!==t&&void 0!==t.curve&&(this.curveName=t.curve),void 0===this.curveName&&(this.curveName=\"secp256r1\"),this.setNamedCurve(this.curveName),void 0!==t&&(void 0!==t.prv&&this.setPrivateKeyHex(t.prv),void 0!==t.pub&&this.setPublicKeyHex(t.pub))},ht.crypto.ECDSA.parseSigHex=function(t){var e=ht.crypto.ECDSA.parseSigHexInHexRS(t);return{r:new E(e.r,16),s:new E(e.s,16)}},ht.crypto.ECDSA.parseSigHexInHexRS=function(t){var e=lt,r=e.getChildIdx,i=e.getV;if(e.checkStrictDER(t,0),\"30\"!=t.substr(0,2))throw new Error(\"signature is not a ASN.1 sequence\");var n=r(t,0);if(2!=n.length)throw new Error(\"signature shall have two elements\");var s=n[0],a=n[1];if(\"02\"!=t.substr(s,2))throw new Error(\"1st item not ASN.1 integer\");if(\"02\"!=t.substr(a,2))throw new Error(\"2nd item not ASN.1 integer\");return{r:i(t,s),s:i(t,a)}},ht.crypto.ECDSA.asn1SigToConcatSig=function(t){var e=ht.crypto.ECDSA.parseSigHexInHexRS(t),r=e.r,i=e.s;if(r.length>=130&&r.length<=134){if(r.length%2!=0)throw Error(\"unknown ECDSA sig r length error\");if(i.length%2!=0)throw Error(\"unknown ECDSA sig s length error\");\"00\"==r.substr(0,2)&&(r=r.substr(2)),\"00\"==i.substr(0,2)&&(i=i.substr(2));var n=Math.max(r.length,i.length);return(r=(\"000000\"+r).slice(-n))+(\"000000\"+i).slice(-n)}if(\"00\"==r.substr(0,2)&&r.length%32==2&&(r=r.substr(2)),\"00\"==i.substr(0,2)&&i.length%32==2&&(i=i.substr(2)),r.length%32==30&&(r=\"00\"+r),i.length%32==30&&(i=\"00\"+i),r.length%32!=0)throw Error(\"unknown ECDSA sig r length error\");if(i.length%32!=0)throw Error(\"unknown ECDSA sig s length error\");return r+i},ht.crypto.ECDSA.concatSigToASN1Sig=function(t){if(t.length%4!=0)throw Error(\"unknown ECDSA concatinated r-s sig length error\");var e=t.substr(0,t.length/2),r=t.substr(t.length/2);return ht.crypto.ECDSA.hexRSSigToASN1Sig(e,r)},ht.crypto.ECDSA.hexRSSigToASN1Sig=function(t,e){var r=new E(t,16),i=new E(e,16);return ht.crypto.ECDSA.biRSSigToASN1Sig(r,i)},ht.crypto.ECDSA.biRSSigToASN1Sig=function(t,e){var r=ht.asn1,i=new r.DERInteger({bigint:t}),n=new r.DERInteger({bigint:e});return new r.DERSequence({array:[i,n]}).getEncodedHex()},ht.crypto.ECDSA.getName=function(t){return\"2b8104001f\"===t?\"secp192k1\":\"2a8648ce3d030107\"===t?\"secp256r1\":\"2b8104000a\"===t?\"secp256k1\":\"2b81040021\"===t?\"secp224r1\":\"2b81040022\"===t?\"secp384r1\":\"2b81040023\"===t?\"secp521r1\":-1!==\"|secp256r1|NIST P-256|P-256|prime256v1|\".indexOf(t)?\"secp256r1\":-1!==\"|secp256k1|\".indexOf(t)?\"secp256k1\":-1!==\"|secp224r1|NIST P-224|P-224|\".indexOf(t)?\"secp224r1\":-1!==\"|secp384r1|NIST P-384|P-384|\".indexOf(t)?\"secp384r1\":-1!==\"|secp521r1|NIST P-521|P-521|\".indexOf(t)?\"secp521r1\":null},void 0!==ht&&ht||(ht={}),void 0!==ht.crypto&&ht.crypto||(ht.crypto={}),ht.crypto.ECParameterDB=new function(){var t={},e={};function r(t){return new E(t,16)}this.getByName=function(r){var i=r;if(void 0!==e[i]&&(i=e[r]),void 0!==t[i])return t[i];throw\"unregistered EC curve name: \"+i},this.regist=function(i,n,s,a,o,h,u,c,l,f,g,p){t[i]={};var d=r(s),v=r(a),y=r(o),m=r(h),S=r(u),x=new at(d,v,y),E=x.decodePointHex(\"04\"+c+l);t[i].name=i,t[i].keylen=n,t[i].keycharlen=2*Math.ceil(n/8),t[i].curve=x,t[i].G=E,t[i].n=m,t[i].h=S,t[i].oid=g,t[i].info=p;for(var w=0;w1?new E(i,16):null,u=new E(n,16),this.setPrivate(s,a,o,h,u)},this.setPublic=function(t,e,r,i){this.isPublic=!0,this.p=t,this.q=e,this.g=r,this.y=i,this.x=null},this.setPublicHex=function(t,e,r,i){var n,s,a,o;n=new E(t,16),s=new E(e,16),a=new E(r,16),o=new E(i,16),this.setPublic(n,s,a,o)},this.signWithMessageHash=function(t){var e=this.p,r=this.q,i=this.g,n=(this.y,this.x),s=ht.crypto.Util.getRandomBigIntegerMinToMax(E.ONE.add(E.ONE),r.subtract(E.ONE)),a=new E(t.substr(0,r.bitLength()/4),16),o=i.modPow(s,e).mod(r),h=s.modInverse(r).multiply(a.add(n.multiply(o))).mod(r);return ht.asn1.ASN1Util.jsonToASN1HEX({seq:[{int:{bigint:o}},{int:{bigint:h}}]})},this.verifyWithMessageHash=function(t,e){var r=this.p,i=this.q,n=this.g,s=this.y,a=this.parseASN1Signature(e),o=a[0],h=a[1],u=new E(t.substr(0,i.bitLength()/4),16);if(E.ZERO.compareTo(o)>0||o.compareTo(i)>0)throw\"invalid DSA signature\";if(E.ZERO.compareTo(h)>=0||h.compareTo(i)>0)throw\"invalid DSA signature\";var c=h.modInverse(i),l=u.multiply(c).mod(i),f=o.multiply(c).mod(i);return 0==n.modPow(l,r).multiply(s.modPow(f,r)).mod(r).mod(i).compareTo(o)},this.parseASN1Signature=function(t){try{return[new i(e(t,0,[0],\"02\"),16),new i(e(t,0,[1],\"02\"),16)]}catch(r){throw new Error(\"malformed ASN.1 DSA signature\")}},this.readPKCS5PrvKeyHex=function(t){var i,n,s,a,o;if(!1===r(t))throw new Error(\"not ASN.1 hex string\");try{i=e(t,0,[1],\"02\"),n=e(t,0,[2],\"02\"),s=e(t,0,[3],\"02\"),a=e(t,0,[4],\"02\"),o=e(t,0,[5],\"02\")}catch(h){throw new Error(\"malformed PKCS#1/5 plain DSA private key\")}this.setPrivateHex(i,n,s,a,o)},this.readPKCS8PrvKeyHex=function(t){var i,n,s,a;if(!1===r(t))throw new Error(\"not ASN.1 hex string\");try{i=e(t,0,[1,1,0],\"02\"),n=e(t,0,[1,1,1],\"02\"),s=e(t,0,[1,1,2],\"02\"),a=e(t,0,[2,0],\"02\")}catch(o){throw new Error(\"malformed PKCS#8 plain DSA private key\")}this.setPrivateHex(i,n,s,null,a)},this.readPKCS8PubKeyHex=function(t){var i,n,s,a;if(!1===r(t))throw new Error(\"not ASN.1 hex string\");try{i=e(t,0,[0,1,0],\"02\"),n=e(t,0,[0,1,1],\"02\"),s=e(t,0,[0,1,2],\"02\"),a=e(t,0,[1,0],\"02\")}catch(o){throw new Error(\"malformed PKCS#8 DSA public key\")}this.setPublicHex(i,n,s,a)},this.readCertPubKeyHex=function(t,i){var n,s,a,o;if(!1===r(t))throw new Error(\"not ASN.1 hex string\");try{n=e(t,0,[0,5,0,1,0],\"02\"),s=e(t,0,[0,5,0,1,1],\"02\"),a=e(t,0,[0,5,0,1,2],\"02\"),o=e(t,0,[0,5,1,0],\"02\")}catch(h){throw new Error(\"malformed X.509 certificate DSA public key\")}this.setPublicHex(n,s,a,o)}};var Gt=function(){var t=function(t,r,i){return e(d.AES,t,r,i)},e=function(t,e,r,i){var n=d.enc.Hex.parse(e),s=d.enc.Hex.parse(r),a=d.enc.Hex.parse(i),o={};o.key=s,o.iv=a,o.ciphertext=n;var h=t.decrypt(o,s,{iv:a});return d.enc.Hex.stringify(h)},r=function(t,e,r){return i(d.AES,t,e,r)},i=function(t,e,r,i){var n=d.enc.Hex.parse(e),s=d.enc.Hex.parse(r),a=d.enc.Hex.parse(i),o=t.encrypt(n,s,{iv:a}),h=d.enc.Hex.parse(o.toString());return d.enc.Base64.stringify(h)},n={\"AES-256-CBC\":{proc:t,eproc:r,keylen:32,ivlen:16},\"AES-192-CBC\":{proc:t,eproc:r,keylen:24,ivlen:16},\"AES-128-CBC\":{proc:t,eproc:r,keylen:16,ivlen:16},\"DES-EDE3-CBC\":{proc:function(t,r,i){return e(d.TripleDES,t,r,i)},eproc:function(t,e,r){return i(d.TripleDES,t,e,r)},keylen:24,ivlen:8},\"DES-CBC\":{proc:function(t,r,i){return e(d.DES,t,r,i)},eproc:function(t,e,r){return i(d.DES,t,e,r)},keylen:8,ivlen:8}},s=function(t){var e={},r=t.match(new RegExp(\"DEK-Info: ([^,]+),([0-9A-Fa-f]+)\",\"m\"));r&&(e.cipher=r[1],e.ivsalt=r[2]);var i=t.match(new RegExp(\"-----BEGIN ([A-Z]+) PRIVATE KEY-----\"));i&&(e.type=i[1]);var n=-1,s=0;-1!=t.indexOf(\"\\r\\n\\r\\n\")&&(n=t.indexOf(\"\\r\\n\\r\\n\"),s=2),-1!=t.indexOf(\"\\n\\n\")&&(n=t.indexOf(\"\\n\\n\"),s=1);var a=t.indexOf(\"-----END\");if(-1!=n&&-1!=a){var o=t.substring(n+2*s,a-s);o=o.replace(/\\s+/g,\"\"),e.data=o}return e},a=function(t,e,r){for(var i=r.substring(0,16),s=d.enc.Hex.parse(i),a=d.enc.Utf8.parse(e),o=n[t].keylen+n[t].ivlen,h=\"\",u=null;;){var c=d.algo.MD5.create();if(null!=u&&c.update(u),c.update(a),c.update(s),u=c.finalize(),(h+=d.enc.Hex.stringify(u)).length>=2*o)break}var l={};return l.keyhex=h.substr(0,2*n[t].keylen),l.ivhex=h.substr(2*n[t].keylen,2*n[t].ivlen),l},o=function(t,e,r,i){var s=d.enc.Base64.parse(t),a=d.enc.Hex.stringify(s);return(0,n[e].proc)(a,r,i)};return{version:\"1.0.0\",parsePKCS5PEM:function(t){return s(t)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(t,e,r){return a(t,e,r)},decryptKeyB64:function(t,e,r,i){return o(t,e,r,i)},getDecryptedKeyHex:function(t,e){var r=s(t),i=(r.type,r.cipher),n=r.ivsalt,h=r.data,u=a(i,e,n).keyhex;return o(h,i,u,n)},getEncryptedPKCS5PEMFromPrvKeyHex:function(t,e,r,i,s){var o=\"\";if(void 0!==i&&null!=i||(i=\"AES-256-CBC\"),void 0===n[i])throw new Error(\"KEYUTIL unsupported algorithm: \"+i);void 0!==s&&null!=s||(s=function(t){var e=d.lib.WordArray.random(t);return d.enc.Hex.stringify(e)}(n[i].ivlen).toUpperCase());var h=function(t,e,r,i){return(0,n[e].eproc)(t,r,i)}(e,i,a(i,r,s).keyhex,s);return o=\"-----BEGIN \"+t+\" PRIVATE KEY-----\\r\\n\",o+=\"Proc-Type: 4,ENCRYPTED\\r\\n\",o+=\"DEK-Info: \"+i+\",\"+s+\"\\r\\n\",o+=\"\\r\\n\",(o+=h.replace(/(.{64})/g,\"$1\\r\\n\"))+\"\\r\\n-----END \"+t+\" PRIVATE KEY-----\\r\\n\"},parseHexOfEncryptedPKCS8:function(t){var e=lt,r=e.getChildIdx,i=e.getV,n={},s=r(t,0);if(2!=s.length)throw new Error(\"malformed format: SEQUENCE(0).items != 2: \"+s.length);n.ciphertext=i(t,s[1]);var a=r(t,s[0]);if(2!=a.length)throw new Error(\"malformed format: SEQUENCE(0.0).items != 2: \"+a.length);if(\"2a864886f70d01050d\"!=i(t,a[0]))throw new Error(\"this only supports pkcs5PBES2\");var o=r(t,a[1]);if(2!=a.length)throw new Error(\"malformed format: SEQUENCE(0.0.1).items != 2: \"+o.length);var h=r(t,o[1]);if(2!=h.length)throw new Error(\"malformed format: SEQUENCE(0.0.1.1).items != 2: \"+h.length);if(\"2a864886f70d0307\"!=i(t,h[0]))throw\"this only supports TripleDES\";n.encryptionSchemeAlg=\"TripleDES\",n.encryptionSchemeIV=i(t,h[1]);var u=r(t,o[0]);if(2!=u.length)throw new Error(\"malformed format: SEQUENCE(0.0.1.0).items != 2: \"+u.length);if(\"2a864886f70d01050c\"!=i(t,u[0]))throw new Error(\"this only supports pkcs5PBKDF2\");var c=r(t,u[1]);if(c.length<2)throw new Error(\"malformed format: SEQUENCE(0.0.1.0.1).items < 2: \"+c.length);n.pbkdf2Salt=i(t,c[0]);var l=i(t,c[1]);try{n.pbkdf2Iter=parseInt(l,16)}catch(f){throw new Error(\"malformed format pbkdf2Iter: \"+l)}return n},getPBKDF2KeyHexFromParam:function(t,e){var r=d.enc.Hex.parse(t.pbkdf2Salt),i=t.pbkdf2Iter,n=d.PBKDF2(e,r,{keySize:6,iterations:i});return d.enc.Hex.stringify(n)},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(t,e){var r=Ct(t,\"ENCRYPTED PRIVATE KEY\"),i=this.parseHexOfEncryptedPKCS8(r),n=Gt.getPBKDF2KeyHexFromParam(i,e),s={};s.ciphertext=d.enc.Hex.parse(i.ciphertext);var a=d.enc.Hex.parse(n),o=d.enc.Hex.parse(i.encryptionSchemeIV),h=d.TripleDES.decrypt(s,a,{iv:o});return d.enc.Hex.stringify(h)},getKeyFromEncryptedPKCS8PEM:function(t,e){var r=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(t,e);return this.getKeyFromPlainPrivatePKCS8Hex(r)},parsePlainPrivatePKCS8Hex:function(t){var e=lt,r=e.getChildIdx,i=e.getV,n={algparam:null};if(\"30\"!=t.substr(0,2))throw new Error(\"malformed plain PKCS8 private key(code:001)\");var s=r(t,0);if(s.length<3)throw new Error(\"malformed plain PKCS8 private key(code:002)\");if(\"30\"!=t.substr(s[1],2))throw new Error(\"malformed PKCS8 private key(code:003)\");var a=r(t,s[1]);if(2!=a.length)throw new Error(\"malformed PKCS8 private key(code:004)\");if(\"06\"!=t.substr(a[0],2))throw new Error(\"malformed PKCS8 private key(code:005)\");if(n.algoid=i(t,a[0]),\"06\"==t.substr(a[1],2)&&(n.algparam=i(t,a[1])),\"04\"!=t.substr(s[2],2))throw new Error(\"malformed PKCS8 private key(code:006)\");return n.keyidx=e.getVidx(t,s[2]),n},getKeyFromPlainPrivatePKCS8PEM:function(t){var e=Ct(t,\"PRIVATE KEY\");return this.getKeyFromPlainPrivatePKCS8Hex(e)},getKeyFromPlainPrivatePKCS8Hex:function(t){var e,r=this.parsePlainPrivatePKCS8Hex(t);if(\"2a864886f70d010101\"==r.algoid)e=new rt;else if(\"2a8648ce380401\"==r.algoid)e=new ht.crypto.DSA;else{if(\"2a8648ce3d0201\"!=r.algoid)throw new Error(\"unsupported private key algorithm\");e=new ht.crypto.ECDSA}return e.readPKCS8PrvKeyHex(t),e},_getKeyFromPublicPKCS8Hex:function(t){var e,r=lt.getVbyList(t,0,[0,0],\"06\");if(\"2a864886f70d010101\"===r)e=new rt;else if(\"2a8648ce380401\"===r)e=new ht.crypto.DSA;else{if(\"2a8648ce3d0201\"!==r)throw new Error(\"unsupported PKCS#8 public key hex\");e=new ht.crypto.ECDSA}return e.readPKCS8PubKeyHex(t),e},parsePublicRawRSAKeyHex:function(t){var e=lt,r=e.getChildIdx,i=e.getV,n={};if(\"30\"!=t.substr(0,2))throw new Error(\"malformed RSA key(code:001)\");var s=r(t,0);if(2!=s.length)throw new Error(\"malformed RSA key(code:002)\");if(\"02\"!=t.substr(s[0],2))throw new Error(\"malformed RSA key(code:003)\");if(n.n=i(t,s[0]),\"02\"!=t.substr(s[1],2))throw new Error(\"malformed RSA key(code:004)\");return n.e=i(t,s[1]),n},parsePublicPKCS8Hex:function(t){var e=lt,r=e.getChildIdx,i=e.getV,n={algparam:null},s=r(t,0);if(2!=s.length)throw new Error(\"outer DERSequence shall have 2 elements: \"+s.length);var a=s[0];if(\"30\"!=t.substr(a,2))throw new Error(\"malformed PKCS8 public key(code:001)\");var o=r(t,a);if(2!=o.length)throw new Error(\"malformed PKCS8 public key(code:002)\");if(\"06\"!=t.substr(o[0],2))throw new Error(\"malformed PKCS8 public key(code:003)\");if(n.algoid=i(t,o[0]),\"06\"==t.substr(o[1],2)?n.algparam=i(t,o[1]):\"30\"==t.substr(o[1],2)&&(n.algparam={},n.algparam.p=e.getVbyList(t,o[1],[0],\"02\"),n.algparam.q=e.getVbyList(t,o[1],[1],\"02\"),n.algparam.g=e.getVbyList(t,o[1],[2],\"02\")),\"03\"!=t.substr(s[1],2))throw new Error(\"malformed PKCS8 public key(code:004)\");return n.key=i(t,s[1]).substr(2),n}}}();function Wt(t,e){for(var r=\"\",i=e/4-t.length,n=0;n>24,(16711680&n)>>16,(65280&n)>>8,255&n])))),n+=1;return i}function Xt(t){for(var e in ht.crypto.Util.DIGESTINFOHEAD){var r=ht.crypto.Util.DIGESTINFOHEAD[e],i=r.length;if(t.substring(0,i)==r)return[e,t.substring(i)]}return[]}function $t(t){var e,r=lt,i=r.getChildIdx,n=r.getV,s=r.getTLV,a=r.getVbyList,o=r.getVbyListEx,h=r.getTLVbyList,u=r.getTLVbyListEx,c=r.getIdxbyList,l=r.getIdxbyListEx,f=r.getVidx,g=r.getInt,p=r.oidname,d=r.hextooidstr,v=Ct;try{e=ht.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV}catch(y){}this.HEX2STAG={\"0c\":\"utf8\",13:\"prn\",16:\"ia5\",\"1a\":\"vis\",\"1e\":\"bmp\"},this.hex=null,this.version=0,this.foffset=0,this.aExtInfo=null,this.getVersion=function(){if(null===this.hex||0!==this.version)return this.version;var t=h(this.hex,0,[0,0]);if(\"a0\"==t.substr(0,2)){var e=h(t,0,[0]),r=g(e,0);if(r<0||21){var o=s(t,a[1]),h=this.getGeneralName(o);null!=h.uri&&(n.uri=h.uri)}if(a.length>2){var u=s(t,a[2]);\"0101ff\"==u&&(n.reqauth=!0),\"010100\"==u&&(n.reqauth=!1)}return n},this.getX500NameRule=function(t){for(var e=null,r=[],i=0;i0&&(t.ext=this.getExtParamArray()),t.sighex=this.getSignatureValueHex(),t},this.getExtParamArray=function(t){null==t&&-1!=l(this.hex,0,[0,\"[3]\"])&&(t=u(this.hex,0,[0,\"[3]\",0],\"30\"));for(var e=[],r=i(t,0),n=0;n2&&\"04\"===v.substr(d[1],2)))throw new Error(\"unsupported PKCS#1/5 hexadecimal key\");(P=new o).readPKCS5PrvKeyHex(v)}return P}if(\"pkcs8prv\"===r)return l.getKeyFromPlainPrivatePKCS8Hex(t);if(\"pkcs8pub\"===r)return l._getKeyFromPublicPKCS8Hex(t);if(\"x509pub\"===r)return $t.getPublicKeyFromCertHex(t);if(-1!=t.indexOf(\"-END CERTIFICATE-\",0)||-1!=t.indexOf(\"-END X509 CERTIFICATE-\",0)||-1!=t.indexOf(\"-END TRUSTED CERTIFICATE-\",0))return $t.getPublicKeyFromCertPEM(t);if(-1!=t.indexOf(\"-END PUBLIC KEY-\")){var m=Ct(t,\"PUBLIC KEY\");return l._getKeyFromPublicPKCS8Hex(m)}if(-1!=t.indexOf(\"-END RSA PRIVATE KEY-\")&&-1==t.indexOf(\"4,ENCRYPTED\")){var S=c(t,\"RSA PRIVATE KEY\");return l.getKey(S,null,\"pkcs5prv\")}if(-1!=t.indexOf(\"-END DSA PRIVATE KEY-\")&&-1==t.indexOf(\"4,ENCRYPTED\")){var x=s(i=c(t,\"DSA PRIVATE KEY\"),0,[1],\"02\"),w=s(i,0,[2],\"02\"),b=s(i,0,[3],\"02\"),F=s(i,0,[4],\"02\"),A=s(i,0,[5],\"02\");return(P=new h).setPrivate(new E(x,16),new E(w,16),new E(b,16),new E(F,16),new E(A,16)),P}if(-1!=t.indexOf(\"-END EC PRIVATE KEY-\")&&-1==t.indexOf(\"4,ENCRYPTED\"))return S=c(t,\"EC PRIVATE KEY\"),l.getKey(S,null,\"pkcs5prv\");if(-1!=t.indexOf(\"-END PRIVATE KEY-\"))return l.getKeyFromPlainPrivatePKCS8PEM(t);if(-1!=t.indexOf(\"-END RSA PRIVATE KEY-\")&&-1!=t.indexOf(\"4,ENCRYPTED\")){var D=l.getDecryptedKeyHex(t,e),I=new rt;return I.readPKCS5PrvKeyHex(D),I}if(-1!=t.indexOf(\"-END EC PRIVATE KEY-\")&&-1!=t.indexOf(\"4,ENCRYPTED\")){var C,P=s(i=l.getDecryptedKeyHex(t,e),0,[1],\"04\"),R=s(i,0,[2,0],\"06\"),T=s(i,0,[3,0],\"03\").substr(2);if(void 0===ht.crypto.OID.oidhex2name[R])throw new Error(\"undefined OID(hex) in KJUR.crypto.OID: \"+R);return(C=new o({curve:ht.crypto.OID.oidhex2name[R]})).setPublicKeyHex(T),C.setPrivateKeyHex(P),C.isPublic=!1,C}if(-1!=t.indexOf(\"-END DSA PRIVATE KEY-\")&&-1!=t.indexOf(\"4,ENCRYPTED\"))return x=s(i=l.getDecryptedKeyHex(t,e),0,[1],\"02\"),w=s(i,0,[2],\"02\"),b=s(i,0,[3],\"02\"),F=s(i,0,[4],\"02\"),A=s(i,0,[5],\"02\"),(P=new h).setPrivate(new E(x,16),new E(w,16),new E(b,16),new E(F,16),new E(A,16)),P;if(-1!=t.indexOf(\"-END ENCRYPTED PRIVATE KEY-\"))return l.getKeyFromEncryptedPKCS8PEM(t,e);throw new Error(\"not supported argument\")},Gt.generateKeypair=function(t,e){if(\"RSA\"==t){var r=e;(a=new rt).generate(r,\"10001\"),a.isPrivate=!0,a.isPublic=!0;var i=new rt,n=a.n.toString(16),s=a.e.toString(16);return i.setPublic(n,s),i.isPrivate=!1,i.isPublic=!0,(o={}).prvKeyObj=a,o.pubKeyObj=i,o}if(\"EC\"==t){var a,o,h=e,u=new ht.crypto.ECDSA({curve:h}).generateKeyPairHex();return(a=new ht.crypto.ECDSA({curve:h})).setPublicKeyHex(u.ecpubhex),a.setPrivateKeyHex(u.ecprvhex),a.isPrivate=!0,a.isPublic=!1,(i=new ht.crypto.ECDSA({curve:h})).setPublicKeyHex(u.ecpubhex),i.isPrivate=!1,i.isPublic=!0,(o={}).prvKeyObj=a,o.pubKeyObj=i,o}throw new Error(\"unknown algorithm: \"+t)},Gt.getPEM=function(t,e,r,i,n,s){var a=ht,o=a.asn1,h=o.DERObjectIdentifier,u=o.DERInteger,c=o.ASN1Util.newObject,l=o.x509.SubjectPublicKeyInfo,f=a.crypto,g=f.DSA,p=f.ECDSA,v=rt;function y(t){return c({seq:[{int:0},{int:{bigint:t.n}},{int:t.e},{int:{bigint:t.d}},{int:{bigint:t.p}},{int:{bigint:t.q}},{int:{bigint:t.dmp1}},{int:{bigint:t.dmq1}},{int:{bigint:t.coeff}}]})}function m(t){return c({seq:[{int:1},{octstr:{hex:t.prvKeyHex}},{tag:[\"a0\",!0,{oid:{name:t.curveName}}]},{tag:[\"a1\",!0,{bitstr:{hex:\"00\"+t.pubKeyHex}}]}]})}function S(t){return c({seq:[{int:0},{int:{bigint:t.p}},{int:{bigint:t.q}},{int:{bigint:t.g}},{int:{bigint:t.y}},{int:{bigint:t.x}}]})}if((void 0!==v&&t instanceof v||void 0!==g&&t instanceof g||void 0!==p&&t instanceof p)&&1==t.isPublic&&(void 0===e||\"PKCS8PUB\"==e))return It(b=new l(t).getEncodedHex(),\"PUBLIC KEY\");if(\"PKCS1PRV\"==e&&void 0!==v&&t instanceof v&&(void 0===r||null==r)&&1==t.isPrivate)return It(b=y(t).getEncodedHex(),\"RSA PRIVATE KEY\");if(\"PKCS1PRV\"==e&&void 0!==p&&t instanceof p&&(void 0===r||null==r)&&1==t.isPrivate){var x=new h({name:t.curveName}).getEncodedHex(),E=m(t).getEncodedHex(),w=\"\";return(w+=It(x,\"EC PARAMETERS\"))+It(E,\"EC PRIVATE KEY\")}if(\"PKCS1PRV\"==e&&void 0!==g&&t instanceof g&&(void 0===r||null==r)&&1==t.isPrivate)return It(b=S(t).getEncodedHex(),\"DSA PRIVATE KEY\");if(\"PKCS5PRV\"==e&&void 0!==v&&t instanceof v&&void 0!==r&&null!=r&&1==t.isPrivate){var b=y(t).getEncodedHex();return void 0===i&&(i=\"DES-EDE3-CBC\"),this.getEncryptedPKCS5PEMFromPrvKeyHex(\"RSA\",b,r,i,s)}if(\"PKCS5PRV\"==e&&void 0!==p&&t instanceof p&&void 0!==r&&null!=r&&1==t.isPrivate)return b=m(t).getEncodedHex(),void 0===i&&(i=\"DES-EDE3-CBC\"),this.getEncryptedPKCS5PEMFromPrvKeyHex(\"EC\",b,r,i,s);if(\"PKCS5PRV\"==e&&void 0!==g&&t instanceof g&&void 0!==r&&null!=r&&1==t.isPrivate)return b=S(t).getEncodedHex(),void 0===i&&(i=\"DES-EDE3-CBC\"),this.getEncryptedPKCS5PEMFromPrvKeyHex(\"DSA\",b,r,i,s);var F=function(t,e){var r=A(t,e);return new c({seq:[{seq:[{oid:{name:\"pkcs5PBES2\"}},{seq:[{seq:[{oid:{name:\"pkcs5PBKDF2\"}},{seq:[{octstr:{hex:r.pbkdf2Salt}},{int:r.pbkdf2Iter}]}]},{seq:[{oid:{name:\"des-EDE3-CBC\"}},{octstr:{hex:r.encryptionSchemeIV}}]}]}]},{octstr:{hex:r.ciphertext}}]}).getEncodedHex()},A=function(t,e){var r=d.lib.WordArray.random(8),i=d.lib.WordArray.random(8),n=d.PBKDF2(e,r,{keySize:6,iterations:100}),s=d.enc.Hex.parse(t),a=d.TripleDES.encrypt(s,n,{iv:i})+\"\",o={};return o.ciphertext=a,o.pbkdf2Salt=d.enc.Hex.stringify(r),o.pbkdf2Iter=100,o.encryptionSchemeAlg=\"DES-EDE3-CBC\",o.encryptionSchemeIV=d.enc.Hex.stringify(i),o};if(\"PKCS8PRV\"==e&&null!=v&&t instanceof v&&1==t.isPrivate){var D=y(t).getEncodedHex();return b=c({seq:[{int:0},{seq:[{oid:{name:\"rsaEncryption\"}},{null:!0}]},{octstr:{hex:D}}]}).getEncodedHex(),void 0===r||null==r?It(b,\"PRIVATE KEY\"):It(E=F(b,r),\"ENCRYPTED PRIVATE KEY\")}if(\"PKCS8PRV\"==e&&void 0!==p&&t instanceof p&&1==t.isPrivate)return D=new c({seq:[{int:1},{octstr:{hex:t.prvKeyHex}},{tag:[\"a1\",!0,{bitstr:{hex:\"00\"+t.pubKeyHex}}]}]}).getEncodedHex(),b=c({seq:[{int:0},{seq:[{oid:{name:\"ecPublicKey\"}},{oid:{name:t.curveName}}]},{octstr:{hex:D}}]}).getEncodedHex(),void 0===r||null==r?It(b,\"PRIVATE KEY\"):It(E=F(b,r),\"ENCRYPTED PRIVATE KEY\");if(\"PKCS8PRV\"==e&&void 0!==g&&t instanceof g&&1==t.isPrivate)return D=new u({bigint:t.x}).getEncodedHex(),b=c({seq:[{int:0},{seq:[{oid:{name:\"dsa\"}},{seq:[{int:{bigint:t.p}},{int:{bigint:t.q}},{int:{bigint:t.g}}]}]},{octstr:{hex:D}}]}).getEncodedHex(),void 0===r||null==r?It(b,\"PRIVATE KEY\"):It(E=F(b,r),\"ENCRYPTED PRIVATE KEY\");throw new Error(\"unsupported object nor format\")},Gt.getKeyFromCSRPEM=function(t){var e=Ct(t,\"CERTIFICATE REQUEST\");return Gt.getKeyFromCSRHex(e)},Gt.getKeyFromCSRHex=function(t){var e=Gt.parseCSRHex(t);return Gt.getKey(e.p8pubkeyhex,null,\"pkcs8pub\")},Gt.parseCSRHex=function(t){var e=lt,r=e.getChildIdx,i=e.getTLV,n={},s=t;if(\"30\"!=s.substr(0,2))throw new Error(\"malformed CSR(code:001)\");var a=r(s,0);if(a.length<1)throw new Error(\"malformed CSR(code:002)\");if(\"30\"!=s.substr(a[0],2))throw new Error(\"malformed CSR(code:003)\");var o=r(s,a[0]);if(o.length<3)throw new Error(\"malformed CSR(code:004)\");return n.p8pubkeyhex=i(s,o[2]),n},Gt.getKeyID=function(t){var e=Gt,r=lt;\"string\"==typeof t&&-1!=t.indexOf(\"BEGIN \")&&(t=e.getKey(t));var i=Ct(e.getPEM(t)),n=r.getIdxbyList(i,0,[1]),s=r.getV(i,n).substring(2);return ht.crypto.Util.hashHex(s,\"sha1\")},Gt.getJWK=function(t,e,r,i,n){var s,a,o={},h=ht.crypto.Util.hashHex;if(\"string\"==typeof t)s=Gt.getKey(t),-1!=t.indexOf(\"CERTIFICATE\")&&(a=Ct(t));else{if(\"object\"!=typeof t)throw new Error(\"unsupported keyinfo type\");t instanceof $t?(s=t.getPublicKey(),a=t.hex):s=t}if(s instanceof rt&&s.isPrivate)o.kty=\"RSA\",o.n=mt(s.n.toString(16)),o.e=mt(s.e.toString(16)),o.d=mt(s.d.toString(16)),o.p=mt(s.p.toString(16)),o.q=mt(s.q.toString(16)),o.dp=mt(s.dmp1.toString(16)),o.dq=mt(s.dmq1.toString(16)),o.qi=mt(s.coeff.toString(16));else if(s instanceof rt&&s.isPublic)o.kty=\"RSA\",o.n=mt(s.n.toString(16)),o.e=mt(s.e.toString(16));else if(s instanceof ht.crypto.ECDSA&&s.isPrivate){if(\"P-256\"!==(c=s.getShortNISTPCurveName())&&\"P-384\"!==c&&\"P-521\"!==c)throw new Error(\"unsupported curve name for JWT: \"+c);var u=s.getPublicKeyXYHex();o.kty=\"EC\",o.crv=c,o.x=mt(u.x),o.y=mt(u.y),o.d=mt(s.prvKeyHex)}else if(s instanceof ht.crypto.ECDSA&&s.isPublic){var c;if(\"P-256\"!==(c=s.getShortNISTPCurveName())&&\"P-384\"!==c&&\"P-521\"!==c)throw new Error(\"unsupported curve name for JWT: \"+c);u=s.getPublicKeyXYHex(),o.kty=\"EC\",o.crv=c,o.x=mt(u.x),o.y=mt(u.y)}if(null==o.kty)throw new Error(\"unsupported keyinfo\");return s.isPrivate||1==e||(o.kid=ht.jws.JWS.getJWKthumbprint(o)),null!=a&&1!=r&&(o.x5c=[m(a)]),null!=a&&1!=i&&(o.x5t=vt(m(h(a,\"sha1\")))),null!=a&&1!=n&&(o[\"x5t#S256\"]=vt(m(h(a,\"sha256\")))),o},Gt.getJWKFromKey=function(t){return Gt.getJWK(t,!0,!0,!0,!0)},rt.getPosArrayOfChildrenFromHex=function(t){return lt.getChildIdx(t,0)},rt.getHexValueArrayOfChildrenFromHex=function(t){var e,r=lt.getV,i=r(t,(e=rt.getPosArrayOfChildrenFromHex(t))[0]),n=r(t,e[1]),s=r(t,e[2]),a=r(t,e[3]),o=r(t,e[4]),h=r(t,e[5]),u=r(t,e[6]),c=r(t,e[7]),l=r(t,e[8]);return(e=new Array).push(i,n,s,a,o,h,u,c,l),e},rt.prototype.readPrivateKeyFromPEMString=function(t){var e=Ct(t),r=rt.getHexValueArrayOfChildrenFromHex(e);this.setPrivateEx(r[1],r[2],r[3],r[4],r[5],r[6],r[7],r[8])},rt.prototype.readPKCS5PrvKeyHex=function(t){var e=rt.getHexValueArrayOfChildrenFromHex(t);this.setPrivateEx(e[1],e[2],e[3],e[4],e[5],e[6],e[7],e[8])},rt.prototype.readPKCS8PrvKeyHex=function(t){var e,r,i,n,s,a,o,h,u=lt,c=u.getVbyListEx;if(!1===u.isASN1HEX(t))throw new Error(\"not ASN.1 hex string\");try{e=c(t,0,[2,0,1],\"02\"),r=c(t,0,[2,0,2],\"02\"),i=c(t,0,[2,0,3],\"02\"),n=c(t,0,[2,0,4],\"02\"),s=c(t,0,[2,0,5],\"02\"),a=c(t,0,[2,0,6],\"02\"),o=c(t,0,[2,0,7],\"02\"),h=c(t,0,[2,0,8],\"02\")}catch(l){throw new Error(\"malformed PKCS#8 plain RSA private key\")}this.setPrivateEx(e,r,i,n,s,a,o,h)},rt.prototype.readPKCS5PubKeyHex=function(t){var e=lt,r=e.getV;if(!1===e.isASN1HEX(t))throw new Error(\"keyHex is not ASN.1 hex string\");var i=e.getChildIdx(t,0);if(2!==i.length||\"02\"!==t.substr(i[0],2)||\"02\"!==t.substr(i[1],2))throw new Error(\"wrong hex for PKCS#5 public key\");var n=r(t,i[0]),s=r(t,i[1]);this.setPublic(n,s)},rt.prototype.readPKCS8PubKeyHex=function(t){var e=lt;if(!1===e.isASN1HEX(t))throw new Error(\"not ASN.1 hex string\");if(\"06092a864886f70d010101\"!==e.getTLVbyListEx(t,0,[0,0]))throw new Error(\"not PKCS8 RSA public key\");var r=e.getTLVbyListEx(t,0,[1,0]);this.readPKCS5PubKeyHex(r)},rt.prototype.readCertPubKeyHex=function(t,e){var r,i;(r=new $t).readCertHex(t),i=r.getPublicKeyHex(),this.readPKCS8PubKeyHex(i)},new RegExp(\"[^0-9a-f]\",\"gi\"),rt.prototype.sign=function(t,e){var r,i=(r=t,ht.crypto.Util.hashString(r,e));return this.signWithMessageHash(i,e)},rt.prototype.signWithMessageHash=function(t,e){var r=tt(ht.crypto.Util.getPaddedDigestInfoHex(t,e,this.n.bitLength()),16);return Wt(this.doPrivate(r).toString(16),this.n.bitLength())},rt.prototype.signPSS=function(t,e,r){var i,n=(i=bt(t),ht.crypto.Util.hashHex(i,e));return void 0===r&&(r=-1),this.signWithMessageHashPSS(n,e,r)},rt.prototype.signWithMessageHashPSS=function(t,e,r){var i,n=wt(t),s=n.length,a=this.n.bitLength()-1,o=Math.ceil(a/8),h=function(t){return ht.crypto.Util.hashHex(t,e)};if(-1===r||void 0===r)r=s;else if(-2===r)r=o-s-2;else if(r<-2)throw new Error(\"invalid salt length\");if(o0&&(u=new Array(r),(new Q).nextBytes(u),u=String.fromCharCode.apply(String,u));var c=wt(h(bt(\"\\0\\0\\0\\0\\0\\0\\0\\0\"+n+u))),l=[];for(i=0;i>8*o-a&255;for(p[0]&=~d,i=0;ii)return!1;var n=this.doPublic(r).toString(16);if(n.length+3!=i/4)return!1;var s=Xt(n.replace(/^1f+00/,\"\"));if(0==s.length)return!1;var a,o=s[0];return s[1]==(a=t,ht.crypto.Util.hashString(a,o))},rt.prototype.verifyWithMessageHash=function(t,e){if(e.length!=Math.ceil(this.n.bitLength()/4))return!1;var r=tt(e,16);if(r.bitLength()>this.n.bitLength())return 0;var i=Xt(this.doPublic(r).toString(16).replace(/^1f+00/,\"\"));return 0!=i.length&&(i[0],i[1]==t)},rt.prototype.verifyPSS=function(t,e,r,i){var n,s=(n=bt(t),ht.crypto.Util.hashHex(n,r));return void 0===i&&(i=-1),this.verifyWithMessageHashPSS(s,e,r,i)},rt.prototype.verifyWithMessageHashPSS=function(t,e,r,i){if(e.length!=Math.ceil(this.n.bitLength()/4))return!1;var n,s=new E(e,16),a=function(t){return ht.crypto.Util.hashHex(t,r)},o=wt(t),h=o.length,u=this.n.bitLength()-1,c=Math.ceil(u/8);if(-1===i||void 0===i)i=h;else if(-2===i)i=c-h-2;else if(i<-2)throw new Error(\"invalid salt length\");if(c>8*c-u&255;if(0!=(f.charCodeAt(0)&p))throw new Error(\"bits beyond keysize not zero\");var d=Jt(g,f.length,a),v=[];for(n=0;n0&&-1==(\":\"+r.join(\":\")+\":\").indexOf(\":\"+v+\":\"))throw\"algorithm '\"+v+\"' not accepted in the list\";if(\"none\"!=v&&null===e)throw\"key shall be specified to verify.\";if(\"string\"==typeof e&&-1!=e.indexOf(\"-----BEGIN \")&&(e=Gt.getKey(e)),!(\"RS\"!=f&&\"PS\"!=f||e instanceof i))throw\"key shall be a RSAKey obj for RS* and PS* algs\";if(\"ES\"==f&&!(e instanceof h))throw\"key shall be a ECDSA obj for ES* algs\";var y=null;if(void 0===s.jwsalg2sigalg[d.alg])throw\"unsupported alg name: \"+v;if(\"none\"==(y=s.jwsalg2sigalg[v]))throw\"not supported\";if(\"Hmac\"==y.substr(0,4)){if(void 0===e)throw\"hexadecimal key shall be specified for HMAC\";var m=new u({alg:y,pass:e});return m.updateString(g),p==m.doFinal()}if(-1!=y.indexOf(\"withECDSA\")){var S,x=null;try{x=h.concatSigToASN1Sig(p)}catch(E){return!1}return(S=new c({alg:y})).init(e),S.updateString(g),S.verify(x)}return(S=new c({alg:y})).init(e),S.updateString(g),S.verify(p)},ht.jws.JWS.parse=function(t){var e,r,i,n=t.split(\".\"),s={};if(2!=n.length&&3!=n.length)throw\"malformed sJWS: wrong number of '.' splitted elements\";return e=n[0],r=n[1],3==n.length&&(i=n[2]),s.headerObj=ht.jws.JWS.readSafeJSONString(ct(e)),s.payloadObj=ht.jws.JWS.readSafeJSONString(ct(r)),s.headerPP=JSON.stringify(s.headerObj,null,\" \"),null==s.payloadObj?s.payloadPP=ct(r):s.payloadPP=JSON.stringify(s.payloadObj,null,\" \"),void 0!==i&&(s.sigHex=St(i)),s},ht.jws.JWS.verifyJWT=function(t,e,r){var i=ht.jws,n=i.JWS,s=n.readSafeJSONString,a=n.inArray,o=n.includedArray,h=t.split(\".\"),u=h[0],c=h[1],l=(St(h[2]),s(ct(u))),f=s(ct(c));if(void 0===l.alg)return!1;if(void 0===r.alg)throw\"acceptField.alg shall be specified\";if(!a(l.alg,r.alg))return!1;if(void 0!==f.iss&&\"object\"==typeof r.iss&&!a(f.iss,r.iss))return!1;if(void 0!==f.sub&&\"object\"==typeof r.sub&&!a(f.sub,r.sub))return!1;if(void 0!==f.aud&&\"object\"==typeof r.aud)if(\"string\"==typeof f.aud){if(!a(f.aud,r.aud))return!1}else if(\"object\"==typeof f.aud&&!o(f.aud,r.aud))return!1;var g=i.IntDate.getNow();return void 0!==r.verifyAt&&\"number\"==typeof r.verifyAt&&(g=r.verifyAt),void 0!==r.gracePeriod&&\"number\"==typeof r.gracePeriod||(r.gracePeriod=0),!(void 0!==f.exp&&\"number\"==typeof f.exp&&f.exp+r.gracePeriodn&&this.aHeader.pop(),this.aSignature.length>n&&this.aSignature.pop(),\"addSignature failed: \"+c}},this.verifyAll=function(t){if(this.aHeader.length!==t.length||this.aSignature.length!==t.length)return!1;for(var e=0;e0))throw\"malformed header\";if(this.aHeader=t.headers,\"string\"!=typeof t.payload)throw\"malformed signatures\";if(this.sPayload=t.payload,!(t.signatures.length>0))throw\"malformed signatures\";this.aSignature=t.signatures}catch(e){throw\"malformed JWS-JS JSON object: \"+e}},this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}},this.isEmpty=function(){return 0==this.aHeader.length?1:0}},g.SecureRandom=Q,g.rng_seed_time=W,g.BigInteger=E,g.RSAKey=rt,g.ECDSA=ht.crypto.ECDSA,g.DSA=ht.crypto.DSA,g.Signature=ht.crypto.Signature,g.MessageDigest=ht.crypto.MessageDigest,g.Mac=ht.crypto.Mac,g.Cipher=ht.crypto.Cipher,g.KEYUTIL=Gt,g.ASN1HEX=lt,g.X509=$t,g.X509CRL=function(t){var e=ht.lang.String.isHex,r=lt,i=r.getV,n=r.getTLV,s=r.getVbyList,a=r.getTLVbyList,o=r.getTLVbyListEx,h=r.getIdxbyList,u=r.getIdxbyListEx,c=r.getChildIdx,l=new $t;this.hex=null,this.posSigAlg=null,this.posRevCert=null,this._setPos=function(){var t=h(this.hex,0,[0,0]),e=this.hex.substr(t,2);if(\"02\"==e)this.posSigAlg=1;else{if(\"30\"!=e)throw new Error(\"malformed 1st item of TBSCertList: \"+e);this.posSigAlg=0}var r,i=h(this.hex,0,[0,this.posSigAlg+3]),n=this.hex.substr(i,2);if(\"17\"==n||\"18\"==n)r=h(this.hex,0,[0,this.posSigAlg+4]),this.posRevCert=null,-1!=r&&\"30\"==this.hex.substr(r,2)&&(this.posRevCert=this.posSigAlg+4);else if(\"30\"==n)this.posRevCert=this.posSigAlg+3;else{if(\"a0\"!=n)throw new Error(\"malformed nextUpdate or revCert tag: \"+n);this.posRevCert=null}},this.getVersion=function(){return 0==this.posSigAlg?null:parseInt(s(this.hex,0,[0,0],\"02\"),16)+1},this.getSignatureAlgorithmField=function(){var t=a(this.hex,0,[0,this.posSigAlg],\"30\");return l.getAlgorithmIdentifierName(t)},this.getIssuer=function(){var t=a(this.hex,0,[0,this.posSigAlg+1],\"30\");return l.getX500Name(t)},this.getThisUpdate=function(){var t=s(this.hex,0,[0,this.posSigAlg+2]);return result=wt(t)},this.getNextUpdate=function(){var t=h(this.hex,0,[0,this.posSigAlg+3]),e=this.hex.substr(t,2);return\"17\"!=e&&\"18\"!=e?null:wt(i(this.hex,t))},this.getRevCertArray=function(){if(null==this.posRevCert)return null;for(var t=[],e=h(this.hex,0,[0,this.posRevCert]),r=c(this.hex,e),i=0;ie.length&&(r=e.length);for(var i=0;i{let e=\"\",r=t;for(;r--;)e+=\"useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict\"[64*Math.random()|0];return e}};function d(t,e,r){if(!r.includes(typeof t)||null===t)throw new Error(`Field ${e} should be of type ${r}`)}var v={valString:function(t,e){d(t,e,[\"string\"])},valObject:function(t,e){d(t,e,[\"object\"])},valNumber:function(t,e){d(t,e,[\"number\"])},valStringOrObject:function(t,e){d(t,e,[\"string\",\"object\"])}};const{nanoid:y}=p,{valStringOrObject:m,valString:S,valObject:x,valNumber:E}=v;function w(t,e,r,i,n,s){x(e,\"payload\"),x(r,\"header\"),E(i,\"exp\");var a=Math.ceil((new Date).getTime()/1e3),o=a+i;const h=Object.assign({typ:\"JWT\"},r,{alg:n,kid:s}),u=Object.assign({iat:a-5,nbf:a-5,exp:o,jti:y()},e),c=JSON.stringify(h),l=JSON.stringify(u);return g.jws.JWS.sign(n,c,l,t)}function b(t=\"\",e={},r={},i=600,n=\"RS256\"){try{return m(t,\"jwk\"),w(g.KEYUTIL.getKey(t),e,r,i,n,t.kid)}catch(s){const t=\"string\"==typeof s?s:s.message;throw new Error(\"[jwtSign] \"+t)}}return{pkceChallenge:function(){const t=g.crypto.Util.getRandomHexOfNbytes(32),e=g.hextob64u(t),r=g.crypto.Util.hashString(e,\"sha256\");return{code_verifier:e,code_challenge:g.hextob64u(r),code_challenge_method:\"S256\"}},createJws:w,jwtSign:b,jwtVerify:function(t,e,r=\"RS256\"){try{S(t,\"jwt\"),m(e,\"pubKey\");const i=g.KEYUTIL.getKey(e);if(!g.jws.JWS.verifyJWT(t,i,{alg:[r],gracePeriod:5}))throw new Error(\"Invalid JWT\");const n=g.jws.JWS.parse(t);return{header:n.headerObj,payload:n.payloadObj}}catch(i){const t=\"string\"==typeof i?i:i.message;throw new Error(\"[jwtVerify] \"+t)}},sha256:function(t){return g.crypto.Util.hashString(t,\"sha256\")},clientAssertPrivateKey:function(t,e,r,i=600,n=\"RS256\"){return b(t,{sub:e,iss:e,aud:r},{},i,n)},clientAssertSecret:function(t,e,r,i=600,n=\"HS256\"){try{return S(t,\"secret\"),w(t,{sub:e,iss:e,aud:r},{},i,n)}catch(s){throw new Error(\"[clientAssertSecret] \"+s.message)}},rs:g,nanoid:y}}));",
+ "type": "default",
+ "enabled": true
+ },
+ {
+ "key": "c_nonce",
+ "value": "",
+ "type": "any",
+ "enabled": true
+ },
+ {
+ "key": "holder_public_key",
+ "value": "",
+ "type": "any",
+ "enabled": true
+ },
+ {
+ "key": "holder_private_key",
+ "value": "",
+ "type": "any",
+ "enabled": true
+ },
+ {
+ "key": "audUrl",
+ "value": "http://localhost:8088",
+ "type": "default",
+ "enabled": true
+ },
+ {
+ "key": "certifyServiceUrl",
+ "value": "http://localhost:8090/v1/certify",
+ "type": "default",
+ "enabled": true
+ }
+ ],
+ "_postman_variable_scope": "environment",
+ "_postman_exported_at": "2024-05-31T08:38:57.183Z",
+ "_postman_exported_using": "Postman/10.24.25"
+}
\ No newline at end of file
diff --git a/docker-compose-sunbird/.env b/docker-compose/docker-compose-sunbird/.env
similarity index 87%
rename from docker-compose-sunbird/.env
rename to docker-compose/docker-compose-sunbird/.env
index 6b246596..b163b818 100644
--- a/docker-compose-sunbird/.env
+++ b/docker-compose/docker-compose-sunbird/.env
@@ -10,9 +10,10 @@ VAULT_BASE_URL=http://vault:8200/v1
VAULT_ROOT_PATH=http://vault:8200/v1/kv
VAULT_TIMEOUT=5000
VAULT_PROXY=false
-SIGNING_ALGORITHM=Ed25519
+SIGNING_ALGORITHM=Ed25519Signature2020
JWKS_URI=
ENABLE_AUTH=false
+WEB_DID_BASE_URL=https://challabeehyv.github.io/DID-Resolve
# schema service
IDENTITY_BASE_URL=http://identity:3332
diff --git a/docker-compose-sunbird/.gitignore b/docker-compose/docker-compose-sunbird/.gitignore
similarity index 78%
rename from docker-compose-sunbird/.gitignore
rename to docker-compose/docker-compose-sunbird/.gitignore
index cc0fe230..d8acd276 100644
--- a/docker-compose-sunbird/.gitignore
+++ b/docker-compose/docker-compose-sunbird/.gitignore
@@ -1,4 +1,4 @@
-*data
+data
keys.txt
data
diff --git a/docker-compose-sunbird/docker-compose.yml b/docker-compose/docker-compose-sunbird/docker-compose.yml
similarity index 98%
rename from docker-compose-sunbird/docker-compose.yml
rename to docker-compose/docker-compose-sunbird/docker-compose.yml
index 2cb16e80..fbef434a 100644
--- a/docker-compose-sunbird/docker-compose.yml
+++ b/docker-compose/docker-compose-sunbird/docker-compose.yml
@@ -28,7 +28,7 @@ services:
networks:
- network
identity:
- image: ghcr.io/sunbird-rc/sunbird-rc-identity-service:v2.0.0-beta2
+ image: ghcr.io/sunbird-rc/sunbird-rc-identity-service:v2.0.0-rc3
ports:
- "3332:3332"
depends_on:
@@ -47,6 +47,7 @@ services:
- SIGNING_ALGORITHM=${SIGNING_ALGORITHM}
- JWKS_URI=${JWKS_URI}
- ENABLE_AUTH=${ENABLE_AUTH}
+ - WEB_DID_BASE_URL=${WEB_DID_BASE_URL}
healthcheck:
test:
[ "CMD-SHELL", "curl -f http://localhost:3332/health || exit 1" ]
@@ -56,7 +57,7 @@ services:
networks:
- network
schema:
- image: ghcr.io/sunbird-rc/sunbird-rc-credential-schema:v2.0.0-beta1
+ image: ghcr.io/sunbird-rc/sunbird-rc-credential-schema:v2.0.0-rc3
ports:
- "3333:3333"
depends_on:
@@ -78,7 +79,7 @@ services:
networks:
- network
credential:
- image: ghcr.io/sunbird-rc/sunbird-rc-credentials-service:v2.0.0-beta2
+ image: ghcr.io/sunbird-rc/sunbird-rc-credentials-service:v2.0.0-rc3
ports:
- "3000:3000"
depends_on:
@@ -95,6 +96,7 @@ services:
- CREDENTIAL_SERVICE_BASE_URL=${CREDENTIAL_SERVICE_BASE_URL}
- JWKS_URI=${JWKS_URI}
- ENABLE_AUTH=${ENABLE_AUTH}
+ - QR_TYPE=W3C_VC
healthcheck:
test:
[ "CMD-SHELL", "curl -f http://localhost:3000/health || exit 1" ]
diff --git a/docker-compose-sunbird/imports/nginx/nginx.conf b/docker-compose/docker-compose-sunbird/imports/nginx/nginx.conf
similarity index 100%
rename from docker-compose-sunbird/imports/nginx/nginx.conf
rename to docker-compose/docker-compose-sunbird/imports/nginx/nginx.conf
diff --git a/docker-compose-sunbird/schemas/credentials/Insurance.json b/docker-compose/docker-compose-sunbird/schemas/credentials/Insurance.json
similarity index 100%
rename from docker-compose-sunbird/schemas/credentials/Insurance.json
rename to docker-compose/docker-compose-sunbird/schemas/credentials/Insurance.json
diff --git a/docker-compose-sunbird/schemas/registry/Insurance.json b/docker-compose/docker-compose-sunbird/schemas/registry/Insurance.json
similarity index 100%
rename from docker-compose-sunbird/schemas/registry/Insurance.json
rename to docker-compose/docker-compose-sunbird/schemas/registry/Insurance.json
diff --git a/docker-compose-sunbird/setup_vault.sh b/docker-compose/docker-compose-sunbird/setup_vault.sh
similarity index 100%
rename from docker-compose-sunbird/setup_vault.sh
rename to docker-compose/docker-compose-sunbird/setup_vault.sh
diff --git a/docker-compose-sunbird/vault.json b/docker-compose/docker-compose-sunbird/vault.json
similarity index 100%
rename from docker-compose-sunbird/vault.json
rename to docker-compose/docker-compose-sunbird/vault.json
diff --git a/install.sh b/docker-compose/install.sh
similarity index 87%
rename from install.sh
rename to docker-compose/install.sh
index 23f625f4..8822c735 100755
--- a/install.sh
+++ b/docker-compose/install.sh
@@ -8,10 +8,10 @@ install_sunbird_rc() {
cd ..
}
-install_esignet() {
+install_certify() {
read -p "Please update the properties and press enter: " choice
- echo "Installing esignet"
- cd ./docker-compose-esignet
+ echo "Installing certify"
+ cd ./docker-compose-certify
docker compose up -d
cd ..
}
@@ -19,7 +19,7 @@ install_esignet() {
display_menu() {
echo "Select which services to install: "
echo "1. Sunbird RC"
- echo "2. Esignet"
+ echo "2. Certify"
echo "0. Exit"
}
@@ -32,7 +32,7 @@ handle_input() {
install_sunbird_rc
;;
2)
- install_esignet
+ install_certify
;;
0)
echo "Exiting..."
diff --git a/helm/inji-certify/.gitignore b/helm/inji-certify/.gitignore
new file mode 100644
index 00000000..f791801b
--- /dev/null
+++ b/helm/inji-certify/.gitignore
@@ -0,0 +1,2 @@
+charts/
+Chart.lock
diff --git a/helm/inji-certify/.helmignore b/helm/inji-certify/.helmignore
new file mode 100644
index 00000000..f0c13194
--- /dev/null
+++ b/helm/inji-certify/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/helm/inji-certify/Chart.yaml b/helm/inji-certify/Chart.yaml
new file mode 100644
index 00000000..8982fc60
--- /dev/null
+++ b/helm/inji-certify/Chart.yaml
@@ -0,0 +1,19 @@
+apiVersion: v2
+name: inji-certify
+description: A Helm chart for MOSIP inji-certify module
+type: application
+version: 0.0.1-develop
+appVersion: ""
+dependencies:
+ - name: common
+ repository: https://charts.bitnami.com/bitnami
+ tags:
+ - bitnami-common
+ version: 1.x.x
+home: https://mosip.io
+keywords:
+ - mosip
+ - inji-certify
+maintainers:
+ - email: info@mosip.io
+ name: MOSIP
diff --git a/helm/inji-certify/README.md b/helm/inji-certify/README.md
new file mode 100644
index 00000000..260853d0
--- /dev/null
+++ b/helm/inji-certify/README.md
@@ -0,0 +1,6 @@
+# Inji Certify
+
+## Install
+```sh
+./install.sh
+```
diff --git a/helm/inji-certify/copy_cm.sh b/helm/inji-certify/copy_cm.sh
new file mode 100644
index 00000000..0fe9a310
--- /dev/null
+++ b/helm/inji-certify/copy_cm.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+# Copy configmaps from other namespaces
+# DST_NS: Destination namespace
+
+function copying_cm() {
+ COPY_UTIL=./copy_cm_func.sh
+ DST_NS=inji-certify
+
+ $COPY_UTIL configmap global default $DST_NS
+ $COPY_UTIL configmap artifactory-share artifactory $DST_NS
+ $COPY_UTIL configmap config-server-share config-server $DST_NS
+ return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace # trace ERR through 'time command' and other functions
+set -o pipefail # trace ERR through pipes
+copying_cm # calling function
\ No newline at end of file
diff --git a/helm/inji-certify/copy_cm_func.sh b/helm/inji-certify/copy_cm_func.sh
new file mode 100644
index 00000000..7b225948
--- /dev/null
+++ b/helm/inji-certify/copy_cm_func.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+# Copy configmap and secret from one namespace to another.
+# ./copy_cm_func.sh [name]
+# Parameters:
+# resource: configmap|secret
+# name: Optional new name of the configmap or secret in destination namespace. This may be needed if there is
+# clash of names
+
+if [ $1 = "configmap" ]
+then
+ RESOURCE=configmap
+elif [ $1 = "secret" ]
+then
+ RESOURCE=secret
+else
+ echo "Incorrect resource $1. Exiting.."
+ exit 1
+fi
+
+
+if [ $# -ge 5 ]
+then
+ kubectl -n $4 delete --ignore-not-found=true $RESOURCE $5
+ kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | sed "s/name: $2/name: $5/g" | kubectl -n $4 create -f -
+else
+ kubectl -n $4 delete --ignore-not-found=true $RESOURCE $2
+ kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | kubectl -n $4 create -f -
+fi
+
+
+
+
+
diff --git a/helm/inji-certify/delete.sh b/helm/inji-certify/delete.sh
new file mode 100644
index 00000000..f99a9ac8
--- /dev/null
+++ b/helm/inji-certify/delete.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+# Uninstalls all inji-certify helm charts
+## Usage: ./delete.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+ export KUBECONFIG=$1
+fi
+
+function Deleting_inji-certify() {
+ NS=inji-certify
+ while true; do
+ read -p "Are you sure you want to delete all inji-certify helm charts?(Y/n) " yn
+ if [ $yn = "Y" ]
+ then
+ helm -n $NS delete inji-certify
+ break
+ else
+ break
+ fi
+ done
+ return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace # trace ERR through 'time command' and other functions
+set -o pipefail # trace ERR through pipes
+Deleting_inji-certify # calling function
+
diff --git a/helm/inji-certify/install.sh b/helm/inji-certify/install.sh
new file mode 100644
index 00000000..143cd1a8
--- /dev/null
+++ b/helm/inji-certify/install.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+# Installs inji-certify
+## Usage: ./install.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+ export KUBECONFIG=$1
+fi
+
+NS=inji-certify
+CHART_VERSION=0.0.1-develop
+
+echo Create $NS namespace
+kubectl create ns $NS
+
+function installing_inji-certify() {
+ echo Istio label
+ kubectl label ns $NS istio-injection=enabled --overwrite
+ helm repo update
+
+ echo Copy configmaps
+ sed -i 's/\r$//' copy_cm.sh
+ ./copy_cm.sh
+
+ echo Running inji-certify
+ helm -n $NS install inji-certify mosip/inji-certify --version $CHART_VERSION
+
+ kubectl -n $NS get deploy -o name | xargs -n1 -t kubectl -n $NS rollout status
+
+ echo Installed inji-certify service
+ return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace # trace ERR through 'time command' and other functions
+set -o pipefail # trace ERR through pipes
+installing_inji-certify # calling function
\ No newline at end of file
diff --git a/helm/inji-certify/restart.sh b/helm/inji-certify/restart.sh
new file mode 100644
index 00000000..02f33492
--- /dev/null
+++ b/helm/inji-certify/restart.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+# Restart the inji-certify services
+
+if [ $# -ge 1 ] ; then
+ export KUBECONFIG=$1
+fi
+
+function Restarting_inji-certify() {
+ NS=inji-certify
+ kubectl -n $NS rollout restart deploy inji-certify
+
+ kubectl -n $NS get deploy -o name | xargs -n1 -t kubectl -n $NS rollout status
+
+ echo Retarted inji-certify services
+ return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace # trace ERR through 'time command' and other functions
+set -o pipefail # trace ERR through pipes
+Restarting_inji-certify # calling function
\ No newline at end of file
diff --git a/helm/inji-certify/templates/_helpers.tpl b/helm/inji-certify/templates/_helpers.tpl
new file mode 100644
index 00000000..1f1ae215
--- /dev/null
+++ b/helm/inji-certify/templates/_helpers.tpl
@@ -0,0 +1,60 @@
+{{/*
+Return the proper image name
+*/}}
+{{- define "inji-certify.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "inji-certify.volumePermissions.image" -}}
+{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "inji-certify.imagePullSecrets" -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "inji-certify.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message.
+*/}}
+{{- define "inji-certify.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "inji-certify.validateValues.foo" .) -}}
+{{- $messages := append $messages (include "inji-certify.validateValues.bar" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{- printf "\nVALUES VALIDATION:\n%s" $message -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return podAnnotations
+*/}}
+{{- define "inji-certify.podAnnotations" -}}
+{{- if .Values.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }}
+{{- end }}
+{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }}
+{{- end }}
+{{- end -}}
+
+
diff --git a/helm/inji-certify/templates/clusterrolebinding.yaml b/helm/inji-certify/templates/clusterrolebinding.yaml
new file mode 100644
index 00000000..a6ffc9f0
--- /dev/null
+++ b/helm/inji-certify/templates/clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+kind: ClusterRoleBinding
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ template "common.names.fullname" . }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "common.names.fullname" . }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "inji-certify.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
diff --git a/helm/inji-certify/templates/deployment.yaml b/helm/inji-certify/templates/deployment.yaml
new file mode 100644
index 00000000..830a054c
--- /dev/null
+++ b/helm/inji-certify/templates/deployment.yaml
@@ -0,0 +1,167 @@
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ template "common.names.fullname" . }}
+ annotations:
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ {{- if .Values.updateStrategy }}
+ strategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
+ {{- end }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+ template:
+ metadata:
+ annotations:
+ {{- if or .Values.podAnnotations .Values.metrics.enabled }}
+ {{- include "inji-certify.podAnnotations" . | nindent 8 }}
+ {{- end }}
+
+ labels: {{- include "common.labels.standard" . | nindent 8 }}
+ {{- if .Values.podLabels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
+ {{- end }}
+ spec:
+ serviceAccountName: {{ template "inji-certify.serviceAccountName" . }}
+ {{- include "inji-certify.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }}
+ {{- else }}
+ affinity:
+ podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
+ podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
+ nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName | quote }}
+ {{- end }}
+ {{- if .Values.podSecurityContext.enabled }}
+ securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ initContainers:
+ {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+ - name: volume-permissions
+ image: {{ template "inji-certify.image" . }}
+ imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+ command:
+ - /bin/bash
+ - -c
+ - chown -R 1001:1001 {{ .Values.persistence.mountDir }}
+ securityContext:
+ runAsUser: 0
+ {{- if .Values.volumePermissions.resources }}
+ resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: {{ .Values.persistence.volume_name }}
+ mountPath: {{ .Values.persistence.mountDir }}
+ {{- end }}
+ {{- if .Values.enable_insecure }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: inji-certify
+ image: {{ template "inji-certify.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.lifecycleHooks }}
+ lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
+ {{- end }}
+ env:
+ - name: container_user
+ value: {{ .Values.containerSecurityContext.runAsUser }}
+ {{- if .Values.additionalResources.javaOpts }}
+ - name: JDK_JAVA_OPTIONS
+ value: {{ .Values.additionalResources.javaOpts }}
+ {{- end }}
+ {{- if .Values.springConfigNameEnv }}
+ - name: spring_config_name_env
+ value: {{ .Values.springConfigNameEnv }}
+ {{- end }}
+ {{- if .Values.activeProfileEnv }}
+ - name: active_profile_env
+ value: {{ .Values.activeProfileEnv }}
+ {{- end}}
+ {{- if .Values.extraEnvVars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ envFrom:
+ {{- if .Values.extraEnvVarsCM }}
+ {{- range .Values.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ . }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
+ {{- end }}
+ ports:
+ - name: spring-service
+ containerPort: {{ .Values.springServicePort }}
+
+ {{- if .Values.resources }}
+ resources: {{- toYaml .Values.resources | nindent 12 }}
+ {{- end }}
+ {{- if .Values.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
+ {{- else if .Values.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }}
+ {{- else if .Values.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }}
+ {{- else if .Values.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.enable_insecure }}
+ - mountPath: /usr/local/openjdk-11/lib/security/cacerts
+ name: cacerts
+ subPath: cacerts
+ {{- end }}
+ {{- if .Values.persistence.enabled }}
+ - name: {{ .Values.persistence.volume_name }}
+ mountPath: {{ .Values.persistence.mountDir }}
+ {{- end }}
+ {{- if .Values.sidecars }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.enable_insecure }}
+ - name: cacerts
+ emptyDir: {}
+ {{- end }}
+ {{- if .Values.persistence.enabled }}
+ - name: {{ .Values.persistence.volume_name }}
+ persistentVolumeClaim:
+ claimName: {{ .Values.persistence.existingClaim | default .Values.persistence.pvc_claim_name }}
+ {{ end }}
diff --git a/helm/inji-certify/templates/extra-list.yaml b/helm/inji-certify/templates/extra-list.yaml
new file mode 100644
index 00000000..9ac65f9e
--- /dev/null
+++ b/helm/inji-certify/templates/extra-list.yaml
@@ -0,0 +1,4 @@
+{{- range .Values.extraDeploy }}
+---
+{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+{{- end }}
diff --git a/helm/inji-certify/templates/service-account.yaml b/helm/inji-certify/templates/service-account.yaml
new file mode 100644
index 00000000..ab88a08f
--- /dev/null
+++ b/helm/inji-certify/templates/service-account.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ template "inji-certify.serviceAccountName" . }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ namespace: {{ .Release.Namespace }}
diff --git a/helm/inji-certify/templates/service.yaml b/helm/inji-certify/templates/service.yaml
new file mode 100644
index 00000000..018e6985
--- /dev/null
+++ b/helm/inji-certify/templates/service.yaml
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Service
+metadata:
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ name: {{ template "common.names.fullname" . }}
+ annotations:
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ type: {{ .Values.service.type }}
+ {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }}
+ externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
+ {{- end }}
+ {{ if eq .Values.service.type "LoadBalancer" }}
+ loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}
+ {{ end }}
+ {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }}
+ loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+ {{- end }}
+ ports:
+ - port: {{ .Values.service.port }}
+ protocol: TCP
+ targetPort: {{ .Values.springServicePort }}
+ selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
diff --git a/helm/inji-certify/templates/servicemonitor.yaml b/helm/inji-certify/templates/servicemonitor.yaml
new file mode 100644
index 00000000..15f48fde
--- /dev/null
+++ b/helm/inji-certify/templates/servicemonitor.yaml
@@ -0,0 +1,36 @@
+{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "common.names.fullname" . }}
+ {{- if .Values.metrics.serviceMonitor.namespace }}
+ namespace: {{ .Values.metrics.serviceMonitor.namespace }}
+ {{- else }}
+ namespace: {{ .Release.Namespace | quote }}
+ {{- end }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ {{- if .Values.metrics.serviceMonitor.additionalLabels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ endpoints:
+ - targetPort: {{ .Values.springServicePort }}
+ path: {{ .Values.metrics.endpointPath }}
+ {{- if .Values.metrics.serviceMonitor.interval }}
+ interval: {{ .Values.metrics.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.honorLabels }}
+ honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.relabellings }}
+ metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }}
+ {{- end }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace | quote }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+{{- end }}
diff --git a/helm/inji-certify/templates/virtualservice.yaml b/helm/inji-certify/templates/virtualservice.yaml
new file mode 100644
index 00000000..2b8e5e41
--- /dev/null
+++ b/helm/inji-certify/templates/virtualservice.yaml
@@ -0,0 +1,40 @@
+{{- if .Values.istio.enabled }}
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+ name: {{ template "common.names.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ hosts:
+ - "*"
+ gateways:
+ {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }}
+ http:
+ - match:
+ - uri:
+ prefix: {{ .Values.istio.prefix }}
+ route:
+ - destination:
+ host: {{ template "common.names.fullname" . }}
+ port:
+ number: {{ .Values.service.port }}
+ corsPolicy:
+ {{- include "common.tplvalues.render" ( dict "value" .Values.istio.corsPolicy "context" $ ) | nindent 6 }}
+ headers:
+ request:
+ set:
+ x-forwarded-proto: https
+ response:
+ set:
+ Cache-control: no-store
+ Pragma: no-cache
+ Strict-Transport-Security: max-age=31536000; includeSubDomains
+ X-Frame-Options: SAMEORIGIN
+{{- end }}
diff --git a/helm/inji-certify/values.yaml b/helm/inji-certify/values.yaml
new file mode 100644
index 00000000..4e304a79
--- /dev/null
+++ b/helm/inji-certify/values.yaml
@@ -0,0 +1,460 @@
+## Global Docker image parameters
+## Please, note that this will override the image parameters, including dependencies, configured to use the global value
+## Current available global Docker image parameters: imageRegistry and imagePullSecrets
+##
+# global:
+# imageRegistry: myRegistryName
+# imagePullSecrets:
+# - myRegistryKeySecretName
+# storageClass: myStorageClass
+
+## Add labels to all the deployed resources
+##
+commonLabels:
+ app.kubernetes.io/component: mosip
+
+## Add annotations to all the deployed resources
+##
+commonAnnotations: {}
+
+## Kubernetes Cluster Domain
+##
+clusterDomain: cluster.local
+
+## Extra objects to deploy (value evaluated as a template)
+##
+extraDeploy: []
+
+## Number of nodes
+##
+replicaCount: 1
+
+service:
+ type: ClusterIP
+ port: 80
+ ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific)
+ ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer
+ ##
+ ## loadBalancerIP:
+ ##
+ ## nodePorts:
+ ## http:
+ ## https:
+ ##
+
+ nodePorts:
+ http: ""
+ https: ""
+ ## Enable client source IP preservation
+ ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+ ##
+ externalTrafficPolicy: Cluster
+
+image:
+ registry: docker.io
+ repository: mosipdev/inji-certify
+ tag: INJICERT-13
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: Always
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+
+## Port on which this particular spring service module is running.
+springServicePort: 8088
+
+## Configure extra options for liveness and readiness probes
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+##
+startupProbe:
+ enabled: true
+ httpGet:
+ path: /v1/inji-certify/actuator/health
+ port: 8088
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 30
+ successThreshold: 1
+
+livenessProbe:
+ enabled: true
+ httpGet:
+ path: /v1/inji-certify/actuator/health
+ port: 8088
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+
+readinessProbe:
+ enabled: true
+ httpGet:
+ path: /v1/inji-certify/actuator/health
+ port: 8088
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+
+##
+# existingConfigmap:
+
+## Command and args for running the container (set to default if not set). Use array form
+##
+command: []
+args: []
+
+## Deployment pod host aliases
+## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+##
+hostAliases: []
+
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ limits:
+ cpu: 500m
+ memory: 2250Mi
+ requests:
+ cpu: 100m
+ memory: 1500Mi
+
+additionalResources:
+ ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources
+ ## Example: java_opts: "-Xms500M -Xmx500M"
+ javaOpts: "-Xms1500M -Xmx1500M"
+
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+## Clamav container already runs as 'mosip' user, so we may not need to enable this
+containerSecurityContext:
+ enabled: false
+ runAsUser: mosip
+ runAsNonRoot: true
+
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+##
+podSecurityContext:
+ enabled: false
+ fsGroup: 1001
+
+## Pod affinity preset
+## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAffinityPreset: ""
+
+## Pod anti-affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAntiAffinityPreset: soft
+
+## Node affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+## Allowed values: soft, hard
+##
+nodeAffinityPreset:
+ ## Node affinity type
+ ## Allowed values: soft, hard
+ ##
+ type: ""
+ ## Node label key to match
+ ## E.g.
+ ## key: "kubernetes.io/e2e-az-name"
+ ##
+ key: ""
+ ## Node label values to match
+ ## E.g.
+ ## values:
+ ## - e2e-az1
+ ## - e2e-az2
+ ##
+ values: []
+
+## Affinity for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+
+## Node labels for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+
+## Tolerations for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+
+## Pod extra labels
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+##
+podLabels: {}
+
+## Annotations for server pods.
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+##
+podAnnotations: {}
+
+## pods' priority.
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+##
+# priorityClassName: ""
+
+## lifecycleHooks for the container to automate configuration before or after startup.
+##
+lifecycleHooks: {}
+
+## Custom Liveness probes for
+##
+customLivenessProbe: {}
+
+## Custom Rediness probes
+##
+customReadinessProbe: {}
+
+## Update strategy - only really applicable for deployments with RWO PVs attached
+## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
+## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
+## terminate the single previous pod, so that the new, incoming pod can attach to the PV
+##
+updateStrategy:
+ type: RollingUpdate
+
+## Additional environment variables to set
+## Example:
+## extraEnvVars:
+## - name: FOO
+## value: "bar"
+##
+extraEnvVars: []
+
+## ConfigMap with extra environment variables that used
+##
+extraEnvVarsCM:
+ - global
+ - config-server-share
+ - artifactory-share
+
+## Secret with extra environment variables
+##
+extraEnvVarsSecret:
+
+## Extra volumes to add to the deployment
+##
+extraVolumes: []
+
+## Extra volume mounts to add to the container
+##
+extraVolumeMounts: []
+
+## Add init containers to the pods.
+## Example:
+## initContainers:
+## - name: your-image-name
+## image: your-image
+## imagePullPolicy: Always
+## ports:
+## - name: portname
+## containerPort: 1234
+##
+initContainers:
+ - command:
+ - /bin/bash
+ - -c
+ - if [ "$ENABLE_INSECURE" = "true" ]; then HOST=$( env | grep "mosip-api-internal-host"
+ |sed "s/mosip-api-internal-host=//g"); if [ -z "$HOST" ]; then echo "HOST
+ $HOST is empty; EXITING"; exit 1; fi; openssl s_client -servername "$HOST"
+ -connect "$HOST":443 > "$HOST.cer" 2>/dev/null & sleep 2 ; sed -i -ne '/-BEGIN
+ CERTIFICATE-/,/-END CERTIFICATE-/p' "$HOST.cer"; cat "$HOST.cer"; /usr/local/openjdk-11/bin/keytool
+ -delete -alias "$HOST" -keystore $JAVA_HOME/lib/security/cacerts -storepass
+ changeit; /usr/local/openjdk-11/bin/keytool -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts"
+ -storepass changeit -noprompt -importcert -alias "$HOST" -file "$HOST.cer"
+ ; if [ $? -gt 0 ]; then echo "Failed to add SSL certificate for host $host;
+ EXITING"; exit 1; fi; cp /usr/local/openjdk-11/lib/security/cacerts /cacerts;
+ fi
+ env:
+ - name: ENABLE_INSECURE
+ value: "true"
+ envFrom:
+ - configMapRef:
+ name: global
+ image: docker.io/openjdk:11-jre
+ imagePullPolicy: Always
+ name: cacerts
+ resources: {}
+ securityContext:
+ runAsUser: 0
+ terminationMessagePath: /dev/termination-log
+ terminationMessagePolicy: File
+ volumeMounts:
+ - mountPath: /cacerts
+ name: cacerts
+
+## Add sidecars to the pods.
+## Example:
+## sidecars:
+## - name: your-image-name
+## image: your-image
+## imagePullPolicy: Always
+## ports:
+## - name: portname
+## containerPort: 1234
+##
+sidecars: {}
+
+persistence:
+ enabled: false
+ ## If defined, storageClassName:
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack).
+ ##
+ # storageClass: "-"
+ ##
+ ## If you want to reuse an existing claim, you can pass the name of the PVC using
+ ## the existingClaim variable
+ # existingClaim: your-claim
+ ## ReadWriteMany not supported by AWS gp2
+ storageClass:
+ accessModes:
+ - ReadWriteMany
+ size: 10M
+ # existingClaim: pkcs12-keys.p12
+ existingClaim:
+ # Dir where config and keys are written inside container
+ mountDir: /home/mosip/config/
+ volume_name: config
+ # pvc_claim_name: pkcs12-keys.p12
+
+## Init containers parameters:
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+##
+volumePermissions:
+ enabled: false
+ image:
+ registry: docker.io
+ repository: bitnami/bitnami-shell
+ tag: "10"
+ pullPolicy: Always
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ pullSecrets: []
+ ## - myRegistryKeySecretName
+ ## Init containers' resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ##
+ resources:
+ ## We usually recommend not to specify default resources and to leave this as a conscious
+ ## choice for the user. This also increases chances charts run on environments with little
+ ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+ ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ ##
+ limits: {}
+ ## cpu: 100m
+ ## memory: 128Mi
+ ##
+ requests: {}
+ ## cpu: 100m
+ ## memory: 128Mi
+ ##
+
+## Specifies whether RBAC resources should be created
+##
+rbac:
+ create: true
+
+## Specifies whether a ServiceAccount should be created
+##
+serviceAccount:
+ create: true
+ ## The name of the ServiceAccount to use.
+ ## If not set and create is true, a name is generated using the fullname template
+ ##
+ name:
+
+## Prometheus Metrics
+##
+metrics:
+ enabled: true
+ ## Prometheus pod annotations
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+ ##
+ podAnnotations:
+ prometheus.io/scrape: "true"
+
+ endpointPath: /v1/inji-certify/actuator/prometheus
+
+ ## Prometheus Service Monitor
+ ## ref: https://github.com/coreos/prometheus-operator
+ ##
+ serviceMonitor:
+ ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry
+ ##
+ enabled: true
+ ## Specify the namespace in which the serviceMonitor resource will be created
+ ##
+ # namespace: ""
+ ## Specify the interval at which metrics should be scraped
+ ##
+ interval: 10s
+ ## Specify the timeout after which the scrape is ended
+ ##
+ # scrapeTimeout: 30s
+ ## Specify Metric Relabellings to add to the scrape endpoint
+ ##
+ # relabellings:
+ ## Specify honorLabels parameter to add the scrape endpoint
+ ##
+ honorLabels: false
+ ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+ ##
+ additionalLabels: {}
+
+ ## Custom PrometheusRule to be defined
+ ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
+ ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
+ ##
+ prometheusRule:
+ enabled: false
+ additionalLabels: {}
+ namespace: ''
+ ## List of rules, used as template by Helm.
+ ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html
+ # rules:
+ # - alert: RabbitmqDown
+ # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0
+ # for: 5m
+ # labels:
+ # severity: error
+ rules: []
+
+inji-certify:
+## Only internal access
+istio:
+ enabled: true
+ gateways:
+ - istio-system/public
+ - istio-system/internal
+ prefix: /v1/inji-certify/
+
+enable_insecure: false
+springConfigNameEnv:
+activeProfileEnv:
diff --git a/mvnw b/mvnw
new file mode 100644
index 00000000..66df2854
--- /dev/null
+++ b/mvnw
@@ -0,0 +1,308 @@
+#!/bin/sh
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+
+# ----------------------------------------------------------------------------
+# Apache Maven Wrapper startup batch script, version 3.2.0
+#
+# Required ENV vars:
+# ------------------
+# JAVA_HOME - location of a JDK home dir
+#
+# Optional ENV vars
+# -----------------
+# MAVEN_OPTS - parameters passed to the Java VM when running Maven
+# e.g. to debug Maven itself, use
+# set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+# MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+# ----------------------------------------------------------------------------
+
+if [ -z "$MAVEN_SKIP_RC" ] ; then
+
+ if [ -f /usr/local/etc/mavenrc ] ; then
+ . /usr/local/etc/mavenrc
+ fi
+
+ if [ -f /etc/mavenrc ] ; then
+ . /etc/mavenrc
+ fi
+
+ if [ -f "$HOME/.mavenrc" ] ; then
+ . "$HOME/.mavenrc"
+ fi
+
+fi
+
+# OS specific support. $var _must_ be set to either true or false.
+cygwin=false;
+darwin=false;
+mingw=false
+case "$(uname)" in
+ CYGWIN*) cygwin=true ;;
+ MINGW*) mingw=true;;
+ Darwin*) darwin=true
+ # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
+ # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
+ if [ -z "$JAVA_HOME" ]; then
+ if [ -x "/usr/libexec/java_home" ]; then
+ JAVA_HOME="$(/usr/libexec/java_home)"; export JAVA_HOME
+ else
+ JAVA_HOME="/Library/Java/Home"; export JAVA_HOME
+ fi
+ fi
+ ;;
+esac
+
+if [ -z "$JAVA_HOME" ] ; then
+ if [ -r /etc/gentoo-release ] ; then
+ JAVA_HOME=$(java-config --jre-home)
+ fi
+fi
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched
+if $cygwin ; then
+ [ -n "$JAVA_HOME" ] &&
+ JAVA_HOME=$(cygpath --unix "$JAVA_HOME")
+ [ -n "$CLASSPATH" ] &&
+ CLASSPATH=$(cygpath --path --unix "$CLASSPATH")
+fi
+
+# For Mingw, ensure paths are in UNIX format before anything is touched
+if $mingw ; then
+ [ -n "$JAVA_HOME" ] && [ -d "$JAVA_HOME" ] &&
+ JAVA_HOME="$(cd "$JAVA_HOME" || (echo "cannot cd into $JAVA_HOME."; exit 1); pwd)"
+fi
+
+if [ -z "$JAVA_HOME" ]; then
+ javaExecutable="$(which javac)"
+ if [ -n "$javaExecutable" ] && ! [ "$(expr "\"$javaExecutable\"" : '\([^ ]*\)')" = "no" ]; then
+ # readlink(1) is not available as standard on Solaris 10.
+ readLink=$(which readlink)
+ if [ ! "$(expr "$readLink" : '\([^ ]*\)')" = "no" ]; then
+ if $darwin ; then
+ javaHome="$(dirname "\"$javaExecutable\"")"
+ javaExecutable="$(cd "\"$javaHome\"" && pwd -P)/javac"
+ else
+ javaExecutable="$(readlink -f "\"$javaExecutable\"")"
+ fi
+ javaHome="$(dirname "\"$javaExecutable\"")"
+ javaHome=$(expr "$javaHome" : '\(.*\)/bin')
+ JAVA_HOME="$javaHome"
+ export JAVA_HOME
+ fi
+ fi
+fi
+
+if [ -z "$JAVACMD" ] ; then
+ if [ -n "$JAVA_HOME" ] ; then
+ if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+ # IBM's JDK on AIX uses strange locations for the executables
+ JAVACMD="$JAVA_HOME/jre/sh/java"
+ else
+ JAVACMD="$JAVA_HOME/bin/java"
+ fi
+ else
+ JAVACMD="$(\unset -f command 2>/dev/null; \command -v java)"
+ fi
+fi
+
+if [ ! -x "$JAVACMD" ] ; then
+ echo "Error: JAVA_HOME is not defined correctly." >&2
+ echo " We cannot execute $JAVACMD" >&2
+ exit 1
+fi
+
+if [ -z "$JAVA_HOME" ] ; then
+ echo "Warning: JAVA_HOME environment variable is not set."
+fi
+
+# traverses directory structure from process work directory to filesystem root
+# first directory with .mvn subdirectory is considered project base directory
+find_maven_basedir() {
+ if [ -z "$1" ]
+ then
+ echo "Path not specified to find_maven_basedir"
+ return 1
+ fi
+
+ basedir="$1"
+ wdir="$1"
+ while [ "$wdir" != '/' ] ; do
+ if [ -d "$wdir"/.mvn ] ; then
+ basedir=$wdir
+ break
+ fi
+ # workaround for JBEAP-8937 (on Solaris 10/Sparc)
+ if [ -d "${wdir}" ]; then
+ wdir=$(cd "$wdir/.." || exit 1; pwd)
+ fi
+ # end of workaround
+ done
+ printf '%s' "$(cd "$basedir" || exit 1; pwd)"
+}
+
+# concatenates all lines of a file
+concat_lines() {
+ if [ -f "$1" ]; then
+ # Remove \r in case we run on Windows within Git Bash
+ # and check out the repository with auto CRLF management
+ # enabled. Otherwise, we may read lines that are delimited with
+ # \r\n and produce $'-Xarg\r' rather than -Xarg due to word
+ # splitting rules.
+ tr -s '\r\n' ' ' < "$1"
+ fi
+}
+
+log() {
+ if [ "$MVNW_VERBOSE" = true ]; then
+ printf '%s\n' "$1"
+ fi
+}
+
+BASE_DIR=$(find_maven_basedir "$(dirname "$0")")
+if [ -z "$BASE_DIR" ]; then
+ exit 1;
+fi
+
+MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}; export MAVEN_PROJECTBASEDIR
+log "$MAVEN_PROJECTBASEDIR"
+
+##########################################################################################
+# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+# This allows using the maven wrapper in projects that prohibit checking in binary data.
+##########################################################################################
+wrapperJarPath="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar"
+if [ -r "$wrapperJarPath" ]; then
+ log "Found $wrapperJarPath"
+else
+ log "Couldn't find $wrapperJarPath, downloading it ..."
+
+ if [ -n "$MVNW_REPOURL" ]; then
+ wrapperUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
+ else
+ wrapperUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
+ fi
+ while IFS="=" read -r key value; do
+ # Remove '\r' from value to allow usage on windows as IFS does not consider '\r' as a separator ( considers space, tab, new line ('\n'), and custom '=' )
+ safeValue=$(echo "$value" | tr -d '\r')
+ case "$key" in (wrapperUrl) wrapperUrl="$safeValue"; break ;;
+ esac
+ done < "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties"
+ log "Downloading from: $wrapperUrl"
+
+ if $cygwin; then
+ wrapperJarPath=$(cygpath --path --windows "$wrapperJarPath")
+ fi
+
+ if command -v wget > /dev/null; then
+ log "Found wget ... using wget"
+ [ "$MVNW_VERBOSE" = true ] && QUIET="" || QUIET="--quiet"
+ if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
+ wget $QUIET "$wrapperUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
+ else
+ wget $QUIET --http-user="$MVNW_USERNAME" --http-password="$MVNW_PASSWORD" "$wrapperUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
+ fi
+ elif command -v curl > /dev/null; then
+ log "Found curl ... using curl"
+ [ "$MVNW_VERBOSE" = true ] && QUIET="" || QUIET="--silent"
+ if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
+ curl $QUIET -o "$wrapperJarPath" "$wrapperUrl" -f -L || rm -f "$wrapperJarPath"
+ else
+ curl $QUIET --user "$MVNW_USERNAME:$MVNW_PASSWORD" -o "$wrapperJarPath" "$wrapperUrl" -f -L || rm -f "$wrapperJarPath"
+ fi
+ else
+ log "Falling back to using Java to download"
+ javaSource="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.java"
+ javaClass="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.class"
+ # For Cygwin, switch paths to Windows format before running javac
+ if $cygwin; then
+ javaSource=$(cygpath --path --windows "$javaSource")
+ javaClass=$(cygpath --path --windows "$javaClass")
+ fi
+ if [ -e "$javaSource" ]; then
+ if [ ! -e "$javaClass" ]; then
+ log " - Compiling MavenWrapperDownloader.java ..."
+ ("$JAVA_HOME/bin/javac" "$javaSource")
+ fi
+ if [ -e "$javaClass" ]; then
+ log " - Running MavenWrapperDownloader.java ..."
+ ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$wrapperUrl" "$wrapperJarPath") || rm -f "$wrapperJarPath"
+ fi
+ fi
+ fi
+fi
+##########################################################################################
+# End of extension
+##########################################################################################
+
+# If specified, validate the SHA-256 sum of the Maven wrapper jar file
+wrapperSha256Sum=""
+while IFS="=" read -r key value; do
+ case "$key" in (wrapperSha256Sum) wrapperSha256Sum=$value; break ;;
+ esac
+done < "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties"
+if [ -n "$wrapperSha256Sum" ]; then
+ wrapperSha256Result=false
+ if command -v sha256sum > /dev/null; then
+ if echo "$wrapperSha256Sum $wrapperJarPath" | sha256sum -c > /dev/null 2>&1; then
+ wrapperSha256Result=true
+ fi
+ elif command -v shasum > /dev/null; then
+ if echo "$wrapperSha256Sum $wrapperJarPath" | shasum -a 256 -c > /dev/null 2>&1; then
+ wrapperSha256Result=true
+ fi
+ else
+ echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available."
+ echo "Please install either command, or disable validation by removing 'wrapperSha256Sum' from your maven-wrapper.properties."
+ exit 1
+ fi
+ if [ $wrapperSha256Result = false ]; then
+ echo "Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised." >&2
+ echo "Investigate or delete $wrapperJarPath to attempt a clean download." >&2
+ echo "If you updated your Maven version, you need to update the specified wrapperSha256Sum property." >&2
+ exit 1
+ fi
+fi
+
+MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin; then
+ [ -n "$JAVA_HOME" ] &&
+ JAVA_HOME=$(cygpath --path --windows "$JAVA_HOME")
+ [ -n "$CLASSPATH" ] &&
+ CLASSPATH=$(cygpath --path --windows "$CLASSPATH")
+ [ -n "$MAVEN_PROJECTBASEDIR" ] &&
+ MAVEN_PROJECTBASEDIR=$(cygpath --path --windows "$MAVEN_PROJECTBASEDIR")
+fi
+
+# Provide a "standardized" way to retrieve the CLI args that will
+# work with both Windows and non-Windows executions.
+MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $*"
+export MAVEN_CMD_LINE_ARGS
+
+WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+# shellcheck disable=SC2086 # safe args
+exec "$JAVACMD" \
+ $MAVEN_OPTS \
+ $MAVEN_DEBUG_OPTS \
+ -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
+ "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
+ ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
diff --git a/mvnw.cmd b/mvnw.cmd
new file mode 100644
index 00000000..95ba6f54
--- /dev/null
+++ b/mvnw.cmd
@@ -0,0 +1,205 @@
+@REM ----------------------------------------------------------------------------
+@REM Licensed to the Apache Software Foundation (ASF) under one
+@REM or more contributor license agreements. See the NOTICE file
+@REM distributed with this work for additional information
+@REM regarding copyright ownership. The ASF licenses this file
+@REM to you under the Apache License, Version 2.0 (the
+@REM "License"); you may not use this file except in compliance
+@REM with the License. You may obtain a copy of the License at
+@REM
+@REM https://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing,
+@REM software distributed under the License is distributed on an
+@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@REM KIND, either express or implied. See the License for the
+@REM specific language governing permissions and limitations
+@REM under the License.
+@REM ----------------------------------------------------------------------------
+
+@REM ----------------------------------------------------------------------------
+@REM Apache Maven Wrapper startup batch script, version 3.2.0
+@REM
+@REM Required ENV vars:
+@REM JAVA_HOME - location of a JDK home dir
+@REM
+@REM Optional ENV vars
+@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
+@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
+@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
+@REM e.g. to debug Maven itself, use
+@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+@REM ----------------------------------------------------------------------------
+
+@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
+@echo off
+@REM set title of command window
+title %0
+@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
+@if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
+
+@REM set %HOME% to equivalent of $HOME
+if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
+
+@REM Execute a user defined script before this one
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
+@REM check for pre script, once with legacy .bat ending and once with .cmd ending
+if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %*
+if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %*
+:skipRcPre
+
+@setlocal
+
+set ERROR_CODE=0
+
+@REM To isolate internal variables from possible post scripts, we use another setlocal
+@setlocal
+
+@REM ==== START VALIDATION ====
+if not "%JAVA_HOME%" == "" goto OkJHome
+
+echo.
+echo Error: JAVA_HOME not found in your environment. >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+:OkJHome
+if exist "%JAVA_HOME%\bin\java.exe" goto init
+
+echo.
+echo Error: JAVA_HOME is set to an invalid directory. >&2
+echo JAVA_HOME = "%JAVA_HOME%" >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+@REM ==== END VALIDATION ====
+
+:init
+
+@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
+@REM Fallback to current working directory if not found.
+
+set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
+IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
+
+set EXEC_DIR=%CD%
+set WDIR=%EXEC_DIR%
+:findBaseDir
+IF EXIST "%WDIR%"\.mvn goto baseDirFound
+cd ..
+IF "%WDIR%"=="%CD%" goto baseDirNotFound
+set WDIR=%CD%
+goto findBaseDir
+
+:baseDirFound
+set MAVEN_PROJECTBASEDIR=%WDIR%
+cd "%EXEC_DIR%"
+goto endDetectBaseDir
+
+:baseDirNotFound
+set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
+cd "%EXEC_DIR%"
+
+:endDetectBaseDir
+
+IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
+
+@setlocal EnableExtensions EnableDelayedExpansion
+for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
+@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
+
+:endReadAdditionalConfig
+
+SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
+set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
+set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+set WRAPPER_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
+
+FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
+ IF "%%A"=="wrapperUrl" SET WRAPPER_URL=%%B
+)
+
+@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+@REM This allows using the maven wrapper in projects that prohibit checking in binary data.
+if exist %WRAPPER_JAR% (
+ if "%MVNW_VERBOSE%" == "true" (
+ echo Found %WRAPPER_JAR%
+ )
+) else (
+ if not "%MVNW_REPOURL%" == "" (
+ SET WRAPPER_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
+ )
+ if "%MVNW_VERBOSE%" == "true" (
+ echo Couldn't find %WRAPPER_JAR%, downloading it ...
+ echo Downloading from: %WRAPPER_URL%
+ )
+
+ powershell -Command "&{"^
+ "$webclient = new-object System.Net.WebClient;"^
+ "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
+ "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
+ "}"^
+ "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%WRAPPER_URL%', '%WRAPPER_JAR%')"^
+ "}"
+ if "%MVNW_VERBOSE%" == "true" (
+ echo Finished downloading %WRAPPER_JAR%
+ )
+)
+@REM End of extension
+
+@REM If specified, validate the SHA-256 sum of the Maven wrapper jar file
+SET WRAPPER_SHA_256_SUM=""
+FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
+ IF "%%A"=="wrapperSha256Sum" SET WRAPPER_SHA_256_SUM=%%B
+)
+IF NOT %WRAPPER_SHA_256_SUM%=="" (
+ powershell -Command "&{"^
+ "$hash = (Get-FileHash \"%WRAPPER_JAR%\" -Algorithm SHA256).Hash.ToLower();"^
+ "If('%WRAPPER_SHA_256_SUM%' -ne $hash){"^
+ " Write-Output 'Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised.';"^
+ " Write-Output 'Investigate or delete %WRAPPER_JAR% to attempt a clean download.';"^
+ " Write-Output 'If you updated your Maven version, you need to update the specified wrapperSha256Sum property.';"^
+ " exit 1;"^
+ "}"^
+ "}"
+ if ERRORLEVEL 1 goto error
+)
+
+@REM Provide a "standardized" way to retrieve the CLI args that will
+@REM work with both Windows and non-Windows executions.
+set MAVEN_CMD_LINE_ARGS=%*
+
+%MAVEN_JAVA_EXE% ^
+ %JVM_CONFIG_MAVEN_PROPS% ^
+ %MAVEN_OPTS% ^
+ %MAVEN_DEBUG_OPTS% ^
+ -classpath %WRAPPER_JAR% ^
+ "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^
+ %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
+if ERRORLEVEL 1 goto error
+goto end
+
+:error
+set ERROR_CODE=1
+
+:end
+@endlocal & set ERROR_CODE=%ERROR_CODE%
+
+if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost
+@REM check for post script, once with legacy .bat ending and once with .cmd ending
+if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat"
+if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd"
+:skipRcPost
+
+@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
+if "%MAVEN_BATCH_PAUSE%"=="on" pause
+
+if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE%
+
+cmd /C exit /B %ERROR_CODE%
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 00000000..9229ea82
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,438 @@
+
+
+
+
+
+ org.springframework.boot
+ spring-boot-starter-parent
+ 3.2.3
+
+
+
+ 4.0.0
+ io.mosip.certify
+ certify-parent
+ 0.9.0-SNAPSHOT
+ pom
+ certify
+ Parent project for MOSIP certify
+ https://github.com/mosip/inji-certify
+
+
+
+ MPL 2.0
+ https://www.mozilla.org/en-US/MPL/2.0/
+
+
+
+
+ scm:git:git://github.com/mosip/inji-certify.git
+ scm:git:ssh://github.com:mosip/inji-certify.git
+ https://github.com/mosip/inji-certify
+ HEAD
+
+
+
+
+ Mosip
+ mosip.emailnotifier@gmail.com
+ io.mosip
+ https://github.com/mosip/inji-certify
+
+
+
+
+
+ ossrh
+ CentralRepository
+ https://oss.sonatype.org/content/repositories/snapshots
+ default
+
+ true
+
+
+
+ central
+ MavenCentral
+ default
+ https://repo1.maven.org/maven2
+
+ false
+
+
+
+ danubetech-maven-public
+ https://repo.danubetech.com/repository/maven-public/
+
+
+
+
+
+ ossrh
+ https://oss.sonatype.org/content/repositories/snapshots
+
+
+ ossrh
+ https://oss.sonatype.org/service/local/staging/deploy/maven2/
+
+
+
+
+ UTF-8
+
+
+ 21
+ 21
+ 3.8.1
+ 3.3.0
+ 3.3.2
+ 3.2.5
+ 0.8.12
+ 3.7.0.1746
+ 3.6.3
+ 4.4.3
+
+ 3.2.3
+
+ 21
+ 0.6.5
+ 1.2.0.1
+ 0.5.0
+ 2.5.0
+ 1.7
+
+
+
+ certify-service
+ certify-core
+ certify-integration-api
+
+
+
+
+ org.springframework.boot
+ spring-boot-starter-validation
+
+
+ org.springframework.boot
+ spring-boot-starter-oauth2-resource-server
+
+
+ org.bitbucket.b_c
+ jose4j
+ ${jose4j.version}
+
+
+ io.mosip.kernel
+ kernel-core
+ ${kernel.core.version}
+
+
+ com.vaadin.external.google
+ android-json
+ 0.0.20131108.vaadin1
+
+
+ org.junit.vintage
+ junit-vintage-engine
+
+
+
+
+
+
+ org.springframework.cloud
+ spring-cloud-dependencies
+ 2023.0.0
+ pom
+ import
+
+
+