acme.js-ARCHIVED/dist/acme.js

(function webpackUniversalModuleDefinition(root, factory) {
	if(typeof exports === 'object' && typeof module === 'object')
		module.exports = factory();
	else if(typeof define === 'function' && define.amd)
		define([], factory);
	else if(typeof exports === 'object')
		exports["@root/acme"] = factory();
	else
		root["@root/acme"] = factory();
})(typeof self !== 'undefined' ? self : this, function() {
return /******/ (function(modules) { // webpackBootstrap
/******/ 	// The module cache
/******/ 	var installedModules = {};
/******/
/******/ 	// The require function
/******/ 	function __webpack_require__(moduleId) {
/******/
/******/ 		// Check if module is in cache
/******/ 		if(installedModules[moduleId]) {
/******/ 			return installedModules[moduleId].exports;
/******/ 		}
/******/ 		// Create a new module (and put it into the cache)
/******/ 		var module = installedModules[moduleId] = {
/******/ 			i: moduleId,
/******/ 			l: false,
/******/ 			exports: {}
/******/ 		};
/******/
/******/ 		// Execute the module function
/******/ 		modules[moduleId].call(module.exports, module, module.exports, __webpack_require__);
/******/
/******/ 		// Flag the module as loaded
/******/ 		module.l = true;
/******/
/******/ 		// Return the exports of the module
/******/ 		return module.exports;
/******/ 	}
/******/
/******/
/******/ 	// expose the modules object (__webpack_modules__)
/******/ 	__webpack_require__.m = modules;
/******/
/******/ 	// expose the module cache
/******/ 	__webpack_require__.c = installedModules;
/******/
/******/ 	// define getter function for harmony exports
/******/ 	__webpack_require__.d = function(exports, name, getter) {
/******/ 		if(!__webpack_require__.o(exports, name)) {
/******/ 			Object.defineProperty(exports, name, { enumerable: true, get: getter });
/******/ 		}
/******/ 	};
/******/
/******/ 	// define __esModule on exports
/******/ 	__webpack_require__.r = function(exports) {
/******/ 		if(typeof Symbol !== 'undefined' && Symbol.toStringTag) {
/******/ 			Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
/******/ 		}
/******/ 		Object.defineProperty(exports, '__esModule', { value: true });
/******/ 	};
/******/
/******/ 	// create a fake namespace object
/******/ 	// mode & 1: value is a module id, require it
/******/ 	// mode & 2: merge all properties of value into the ns
/******/ 	// mode & 4: return value when already ns object
/******/ 	// mode & 8|1: behave like require
/******/ 	__webpack_require__.t = function(value, mode) {
/******/ 		if(mode & 1) value = __webpack_require__(value);
/******/ 		if(mode & 8) return value;
/******/ 		if((mode & 4) && typeof value === 'object' && value && value.__esModule) return value;
/******/ 		var ns = Object.create(null);
/******/ 		__webpack_require__.r(ns);
/******/ 		Object.defineProperty(ns, 'default', { enumerable: true, value: value });
/******/ 		if(mode & 2 && typeof value != 'string') for(var key in value) __webpack_require__.d(ns, key, function(key) { return value[key]; }.bind(null, key));
/******/ 		return ns;
/******/ 	};
/******/
/******/ 	// getDefaultExport function for compatibility with non-harmony modules
/******/ 	__webpack_require__.n = function(module) {
/******/ 		var getter = module && module.__esModule ?
/******/ 			function getDefault() { return module['default']; } :
/******/ 			function getModuleExports() { return module; };
/******/ 		__webpack_require__.d(getter, 'a', getter);
/******/ 		return getter;
/******/ 	};
/******/
/******/ 	// Object.prototype.hasOwnProperty.call
/******/ 	__webpack_require__.o = function(object, property) { return Object.prototype.hasOwnProperty.call(object, property); };
/******/
/******/ 	// __webpack_public_path__
/******/ 	__webpack_require__.p = "";
/******/
/******/
/******/ 	// Load entry module and return exports
/******/ 	return __webpack_require__(__webpack_require__.s = "./acme.js");
/******/ })
/************************************************************************/
/******/ ({

/***/ "./acme.js":
/*!*****************!*\
  !*** ./acme.js ***!
  \*****************/
/*! no static exports found */
/***/ (function(module, exports, __webpack_require__) {

"use strict";
eval("// Copyright 2018-present AJ ONeal. All rights reserved\n/* This Source Code Form is subject to the terms of the Mozilla Public\n * License, v. 2.0. If a copy of the MPL was not distributed with this\n * file, You can obtain one at http://mozilla.org/MPL/2.0/. */\n\n/* globals Promise */\n\n__webpack_require__(/*! @root/encoding/bytes */ \"./node_modules/@root/encoding/browser/bytes.js\");\nvar Enc = __webpack_require__(/*! @root/encoding/base64 */ \"./node_modules/@root/encoding/browser/base64.js\");\nvar ACME = module.exports;\n//var Keypairs = exports.Keypairs || {};\n//var CSR = exports.CSR;\nvar sha2 = __webpack_require__(/*! ./lib/node/sha2.js */ \"./lib/browser/sha2.js\");\nvar http = __webpack_require__(/*! ./lib/node/http.js */ \"./lib/browser/http.js\");\n\nACME.formatPemChain = function formatPemChain(str) {\n\treturn (\n\t\tstr\n\t\t\t.trim()\n\t\t\t.replace(/[\\r\\n]+/g, '\\n')\n\t\t\t.replace(/\\-\\n\\-/g, '-\\n\\n-') + '\\n'\n\t);\n};\nACME.splitPemChain = function splitPemChain(str) {\n\treturn str\n\t\t.trim()\n\t\t.split(/[\\r\\n]{2,}/g)\n\t\t.map(function(str) {\n\t\t\treturn str + '\\n';\n\t\t});\n};\n\n// http-01: GET https://example.org/.well-known/acme-challenge/{{token}} => {{keyAuth}}\n// dns-01: TXT _acme-challenge.example.org. => \"{{urlSafeBase64(sha256(keyAuth))}}\"\nACME.challengePrefixes = {\n\t'http-01': '/.well-known/acme-challenge',\n\t'dns-01': '_acme-challenge'\n};\nACME.challengeTests = {\n\t'http-01': function(me, auth) {\n\t\tvar ch = auth.challenge;\n\t\treturn me.http01(ch).then(function(keyAuth) {\n\t\t\tvar err;\n\n\t\t\t// TODO limit the number of bytes that are allowed to be downloaded\n\t\t\tif (ch.keyAuthorization === (keyAuth || '').trim()) {\n\t\t\t\treturn true;\n\t\t\t}\n\n\t\t\terr = new Error(\n\t\t\t\t'Error: Failed HTTP-01 Pre-Flight / Dry Run.\\n' +\n\t\t\t\t\t\"curl '\" +\n\t\t\t\t\tch.challengeUrl +\n\t\t\t\t\t\"'\\n\" +\n\t\t\t\t\t\"Expected: '\" +\n\t\t\t\t\tch.keyAuthorization +\n\t\t\t\t\t\"'\\n\" +\n\t\t\t\t\t\"Got: '\" +\n\t\t\t\t\tkeyAuth +\n\t\t\t\t\t\"'\\n\" +\n\t\t\t\t\t'See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4'\n\t\t\t);\n\t\t\terr.code = 'E_FAIL_DRY_CHALLENGE';\n\t\t\treturn Promise.reject(err);\n\t\t});\n\t},\n\t'dns-01': function(me, auth) {\n\t\t// remove leading *. on wildcard domains\n\t\tvar ch = auth.challenge;\n\t\treturn me.dns01(ch).then(function(ans) {\n\t\t\tvar err;\n\n\t\t\tif (\n\t\t\t\tans.answer.some(function(txt) {\n\t\t\t\t\treturn ch.dnsAuthorization === txt.data[0];\n\t\t\t\t})\n\t\t\t) {\n\t\t\t\treturn true;\n\t\t\t}\n\n\t\t\terr = new Error(\n\t\t\t\t'Error: Failed DNS-01 Pre-Flight Dry Run.\\n' +\n\t\t\t\t\t\"dig TXT '\" +\n\t\t\t\t\tch.dnsHost +\n\t\t\t\t\t\"' does not return '\" +\n\t\t\t\t\tch.dnsAuthorization +\n\t\t\t\t\t\"'\\n\" +\n\t\t\t\t\t'See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4'\n\t\t\t);\n\t\t\terr.code = 'E_FAIL_DRY_CHALLENGE';\n\t\t\treturn Promise.reject(err);\n\t\t});\n\t}\n};\n\nACME._directory = function(me) {\n\t// GET-as-GET ok\n\treturn me.request({ method: 'GET', url: me.directoryUrl, json: true });\n};\nACME._getNonce = function(me) {\n\t// GET-as-GET, HEAD-as-HEAD ok\n\tvar nonce;\n\twhile (true) {\n\t\tnonce = me._nonces.shift();\n\t\tif (!nonce) {\n\t\t\tbreak;\n\t\t}\n\t\tif (Date.now() - nonce.createdAt > 15 * 60 * 1000) {\n\t\t\tnonce = null;\n\t\t} else {\n\t\t\tbreak;\n\t\t}\n\t}\n\tif (nonce) {\n\t\treturn Promise.resolve(nonce.nonce);\n\t}\n\treturn me\n\t\t.request({ method: 'HEAD', url: me._directoryUrls.newNonce })\n\t\t.then(function(resp) {\n\t\t\treturn resp.headers['replay-nonce'];\n\t\t});\n};\nACME._setNonce = function(me, nonce) {\n\tme._nonces.unshift({ nonce: nonce, createdAt: Date.now() });\n};\n// ACME RFC Section 7.3 Account Creation\n/*\n {\n   \"protected\": base64url({\n     \"alg\": \"ES256\",\n     \"jwk\": {...},\n     \"nonce\": \"6S8IqOGY7eL2lsGoTZYifg\",\n     \"url\": \"https://example.com/acme/new-account\"\n   }),\n   \"payload\": base64url({\n     \"termsOfServiceAgreed\": true,\n     \"onlyReturnExisting\": false,\n     \"cont

/***/ }),

/***/ "./asn1/packer.js":
/*!************************!*\
  !*** ./asn1/packer.js ***!
  \************************/
/*! no static exports found */
/***/ (function(module, exports, __webpack_require__) {

"use strict";
eval("\n\nvar ASN1 = module.exports;\nvar Enc = __webpack_require__(/*! @root/encoding/hex */ \"./node_modules/@root/encoding/browser/hex.js\");\n\n//\n// Packer\n//\n\n// Almost every ASN.1 type that's important for CSR\n// can be represented generically with only a few rules.\nfunction Any(/*type, hexstrings...*/) {\n\tvar args = Array.prototype.slice.call(arguments);\n\tvar typ = args.shift();\n\tvar str = args\n\t\t.join('')\n\t\t.replace(/\\s+/g, '')\n\t\t.toLowerCase();\n\tvar len = str.length / 2;\n\tvar lenlen = 0;\n\tvar hex = typ;\n\n\t// We can't have an odd number of hex chars\n\tif (len !== Math.round(len)) {\n\t\tthrow new Error('invalid hex');\n\t}\n\n\t// The first byte of any ASN.1 sequence is the type (Sequence, Integer, etc)\n\t// The second byte is either the size of the value, or the size of its size\n\n\t// 1. If the second byte is < 0x80 (128) it is considered the size\n\t// 2. If it is > 0x80 then it describes the number of bytes of the size\n\t//    ex: 0x82 means the next 2 bytes describe the size of the value\n\t// 3. The special case of exactly 0x80 is \"indefinite\" length (to end-of-file)\n\n\tif (len > 127) {\n\t\tlenlen += 1;\n\t\twhile (len > 255) {\n\t\t\tlenlen += 1;\n\t\t\tlen = len >> 8;\n\t\t}\n\t}\n\n\tif (lenlen) {\n\t\thex += Enc.numToHex(0x80 + lenlen);\n\t}\n\treturn hex + Enc.numToHex(str.length / 2) + str;\n}\nASN1.Any = Any;\n\n// The Integer type has some special rules\nASN1.UInt = function UINT() {\n\tvar str = Array.prototype.slice.call(arguments).join('');\n\tvar first = parseInt(str.slice(0, 2), 16);\n\n\t// If the first byte is 0x80 or greater, the number is considered negative\n\t// Therefore we add a '00' prefix if the 0x80 bit is set\n\tif (0x80 & first) {\n\t\tstr = '00' + str;\n\t}\n\n\treturn Any('02', str);\n};\n\n// The Bit String type also has a special rule\nASN1.BitStr = function BITSTR() {\n\tvar str = Array.prototype.slice.call(arguments).join('');\n\t// '00' is a mask of how many bits of the next byte to ignore\n\treturn Any('03', '00' + str);\n};\n\nASN1.pack = function(arr) {\n\tvar typ = Enc.numToHex(arr[0]);\n\tvar str = '';\n\tif (Array.isArray(arr[1])) {\n\t\tarr[1].forEach(function(a) {\n\t\t\tstr += ASN1.pack(a);\n\t\t});\n\t} else if ('string' === typeof arr[1]) {\n\t\tstr = arr[1];\n\t} else {\n\t\tthrow new Error('unexpected array');\n\t}\n\tif ('03' === typ) {\n\t\treturn ASN1.BitStr(str);\n\t} else if ('02' === typ) {\n\t\treturn ASN1.UInt(str);\n\t} else {\n\t\treturn Any(typ, str);\n\t}\n};\n\n\n//# sourceURL=webpack://@root/acme/./asn1/packer.js?");

/***/ }),

/***/ "./asn1/parser.js":
/*!************************!*\
  !*** ./asn1/parser.js ***!
  \************************/
/*! no static exports found */
/***/ (function(module, exports, __webpack_require__) {

"use strict";
eval("// Copyright 2018 AJ ONeal. All rights reserved\n/* This Source Code Form is subject to the terms of the Mozilla Public\n * License, v. 2.0. If a copy of the MPL was not distributed with this\n * file, You can obtain one at http://mozilla.org/MPL/2.0/. */\n\n\nvar ASN1 = module.exports;\nvar Enc = __webpack_require__(/*! @root/encoding/hex */ \"./node_modules/@root/encoding/browser/hex.js\");\n\n//\n// Parser\n//\n\n// Although I've only seen 9 max in https certificates themselves,\n// but each domain list could have up to 100\nASN1.ELOOPN = 102;\nASN1.ELOOP =\n\t'uASN1.js Error: iterated over ' +\n\tASN1.ELOOPN +\n\t'+ elements (probably a malformed file)';\n// I've seen https certificates go 29 deep\nASN1.EDEEPN = 60;\nASN1.EDEEP =\n\t'uASN1.js Error: element nested ' +\n\tASN1.EDEEPN +\n\t'+ layers deep (probably a malformed file)';\n// Container Types are Sequence 0x30, Container Array? (0xA0, 0xA1)\n// Value Types are Boolean 0x01, Integer 0x02, Null 0x05, Object ID 0x06, String 0x0C, 0x16, 0x13, 0x1e Value Array? (0x82)\n// Bit String (0x03) and Octet String (0x04) may be values or containers\n// Sometimes Bit String is used as a container (RSA Pub Spki)\nASN1.CTYPES = [0x30, 0x31, 0xa0, 0xa1];\nASN1.VTYPES = [0x01, 0x02, 0x05, 0x06, 0x0c, 0x82];\nASN1.parse = function parseAsn1Helper(buf) {\n\t//var ws = '  ';\n\tfunction parseAsn1(buf, depth, eager) {\n\t\tif (depth.length >= ASN1.EDEEPN) {\n\t\t\tthrow new Error(ASN1.EDEEP);\n\t\t}\n\n\t\tvar index = 2; // we know, at minimum, data starts after type (0) and lengthSize (1)\n\t\tvar asn1 = { type: buf[0], lengthSize: 0, length: buf[1] };\n\t\tvar child;\n\t\tvar iters = 0;\n\t\tvar adjust = 0;\n\t\tvar adjustedLen;\n\n\t\t// Determine how many bytes the length uses, and what it is\n\t\tif (0x80 & asn1.length) {\n\t\t\tasn1.lengthSize = 0x7f & asn1.length;\n\t\t\t// I think that buf->hex->int solves the problem of Endianness... not sure\n\t\t\tasn1.length = parseInt(\n\t\t\t\tEnc.bufToHex(buf.slice(index, index + asn1.lengthSize)),\n\t\t\t\t16\n\t\t\t);\n\t\t\tindex += asn1.lengthSize;\n\t\t}\n\n\t\t// High-order bit Integers have a leading 0x00 to signify that they are positive.\n\t\t// Bit Streams use the first byte to signify padding, which x.509 doesn't use.\n\t\tif (0x00 === buf[index] && (0x02 === asn1.type || 0x03 === asn1.type)) {\n\t\t\t// However, 0x00 on its own is a valid number\n\t\t\tif (asn1.length > 1) {\n\t\t\t\tindex += 1;\n\t\t\t\tadjust = -1;\n\t\t\t}\n\t\t}\n\t\tadjustedLen = asn1.length + adjust;\n\n\t\t//console.warn(depth.join(ws) + '0x' + Enc.numToHex(asn1.type), index, 'len:', asn1.length, asn1);\n\n\t\tfunction parseChildren(eager) {\n\t\t\tasn1.children = [];\n\t\t\t//console.warn('1 len:', (2 + asn1.lengthSize + asn1.length), 'idx:', index, 'clen:', 0);\n\t\t\twhile (\n\t\t\t\titers < ASN1.ELOOPN &&\n\t\t\t\tindex < 2 + asn1.length + asn1.lengthSize\n\t\t\t) {\n\t\t\t\titers += 1;\n\t\t\t\tdepth.length += 1;\n\t\t\t\tchild = parseAsn1(\n\t\t\t\t\tbuf.slice(index, index + adjustedLen),\n\t\t\t\t\tdepth,\n\t\t\t\t\teager\n\t\t\t\t);\n\t\t\t\tdepth.length -= 1;\n\t\t\t\t// The numbers don't match up exactly and I don't remember why...\n\t\t\t\t// probably something with adjustedLen or some such, but the tests pass\n\t\t\t\tindex += 2 + child.lengthSize + child.length;\n\t\t\t\t//console.warn('2 len:', (2 + asn1.lengthSize + asn1.length), 'idx:', index, 'clen:', (2 + child.lengthSize + child.length));\n\t\t\t\tif (index > 2 + asn1.lengthSize + asn1.length) {\n\t\t\t\t\tif (!eager) {\n\t\t\t\t\t\tconsole.error(JSON.stringify(asn1, ASN1._replacer, 2));\n\t\t\t\t\t}\n\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t'Parse error: child value length (' +\n\t\t\t\t\t\t\tchild.length +\n\t\t\t\t\t\t\t') is greater than remaining parent length (' +\n\t\t\t\t\t\t\t(asn1.length - index) +\n\t\t\t\t\t\t\t' = ' +\n\t\t\t\t\t\t\tasn1.length +\n\t\t\t\t\t\t\t' - ' +\n\t\t\t\t\t\t\tindex +\n\t\t\t\t\t\t\t')'\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tasn1.children.push(child);\n\t\t\t\t//console.warn(depth.join(ws) + '0x' + Enc.numToHex(asn1.type), index, 'len:', as

/***/ }),

/***/ "./csr.js":
/*!****************!*\
  !*** ./csr.js ***!
  \****************/
/*! no static exports found */
/***/ (function(module, exports, __webpack_require__) {

"use strict";
eval("// Copyright 2018-present AJ ONeal. All rights reserved\n/* This Source Code Form is subject to the terms of the Mozilla Public\n * License, v. 2.0. If a copy of the MPL was not distributed with this\n * file, You can obtain one at http://mozilla.org/MPL/2.0/. */\n\n/*global Promise*/\n\nvar Enc = __webpack_require__(/*! @root/encoding */ \"./node_modules/@root/encoding/encoding.js\");\n\nvar ASN1 = __webpack_require__(/*! ./asn1/packer.js */ \"./asn1/packer.js\"); // DER, actually\nvar Asn1 = ASN1.Any;\nvar BitStr = ASN1.BitStr;\nvar UInt = ASN1.UInt;\nvar Asn1Parser = __webpack_require__(/*! ./asn1/parser.js */ \"./asn1/parser.js\");\nvar PEM = __webpack_require__(/*! ./pem.js */ \"./pem.js\");\nvar X509 = __webpack_require__(/*! ./x509.js */ \"./x509.js\");\nvar Keypairs = __webpack_require__(/*! @root/keypairs */ \"./node_modules/@root/keypairs/keypairs.js\");\n\n// TODO find a way that the prior node-ish way of `module.exports = function () {}` isn't broken\nvar CSR = module.exports;\nCSR.csr = function(opts) {\n\t// We're using a Promise here to be compatible with the browser version\n\t// which will probably use the webcrypto API for some of the conversions\n\treturn CSR._prepare(opts).then(function(opts) {\n\t\treturn CSR.create(opts).then(function(bytes) {\n\t\t\treturn CSR._encode(opts, bytes);\n\t\t});\n\t});\n};\n\nCSR._prepare = function(opts) {\n\treturn Promise.resolve().then(function() {\n\t\topts = JSON.parse(JSON.stringify(opts));\n\n\t\t// We do a bit of extra error checking for user convenience\n\t\tif (!opts) {\n\t\t\tthrow new Error(\n\t\t\t\t'You must pass options with key and domains to rsacsr'\n\t\t\t);\n\t\t}\n\t\tif (!Array.isArray(opts.domains) || 0 === opts.domains.length) {\n\t\t\tnew Error('You must pass options.domains as a non-empty array');\n\t\t}\n\n\t\t// I need to check that 例.中国 is a valid domain name\n\t\tif (\n\t\t\t!opts.domains.every(function(d) {\n\t\t\t\t// allow punycode? xn--\n\t\t\t\tif (\n\t\t\t\t\t'string' === typeof d /*&& /\\./.test(d) && !/--/.test(d)*/\n\t\t\t\t) {\n\t\t\t\t\treturn true;\n\t\t\t\t}\n\t\t\t})\n\t\t) {\n\t\t\tthrow new Error('You must pass options.domains as strings');\n\t\t}\n\n\t\tif (opts.jwk) {\n\t\t\treturn opts;\n\t\t}\n\t\tif (opts.key && opts.key.kty) {\n\t\t\topts.jwk = opts.key;\n\t\t\treturn opts;\n\t\t}\n\t\tif (!opts.pem && !opts.key) {\n\t\t\tthrow new Error('You must pass options.key as a JSON web key');\n\t\t}\n\n\t\treturn Keypairs.import({ pem: opts.pem || opts.key }).then(function(\n\t\t\tpair\n\t\t) {\n\t\t\topts.jwk = pair.private;\n\t\t\treturn opts;\n\t\t});\n\t});\n};\n\nCSR._encode = function(opts, bytes) {\n\tif ('der' === (opts.encoding || '').toLowerCase()) {\n\t\treturn bytes;\n\t}\n\treturn PEM.packBlock({\n\t\ttype: 'CERTIFICATE REQUEST',\n\t\tbytes: bytes /* { jwk: jwk, domains: opts.domains } */\n\t});\n};\n\nCSR.create = function createCsr(opts) {\n\tvar hex = CSR.request(opts.jwk, opts.domains);\n\treturn CSR._sign(opts.jwk, hex).then(function(csr) {\n\t\treturn Enc.hexToBuf(csr);\n\t});\n};\n\n//\n// EC / RSA\n//\nCSR.request = function createCsrBodyEc(jwk, domains) {\n\tvar asn1pub;\n\tif (/^EC/i.test(jwk.kty)) {\n\t\tasn1pub = X509.packCsrEcPublicKey(jwk);\n\t} else {\n\t\tasn1pub = X509.packCsrRsaPublicKey(jwk);\n\t}\n\treturn X509.packCsr(asn1pub, domains);\n};\n\nCSR._sign = function csrEcSig(jwk, request) {\n\t// Took some tips from https://gist.github.com/codermapuche/da4f96cdb6d5ff53b7ebc156ec46a10a\n\t// TODO will have to convert web ECDSA signatures to PEM ECDSA signatures (but RSA should be the same)\n\t// TODO have a consistent non-private way to sign\n\treturn Keypairs.sign(\n\t\t{ jwk: jwk, format: 'x509' },\n\t\tEnc.hexToBuf(request)\n\t).then(function(sig) {\n\t\treturn CSR._toDer({\n\t\t\trequest: request,\n\t\t\tsignature: sig,\n\t\t\tkty: jwk.kty\n\t\t});\n\t});\n};\n\nCSR._toDer = function encode(opts) {\n\tvar sty;\n\tif (/^EC/i.test(opts.kty)) {\n\t\t// 1.2.840.10045.4.3.2 ecdsaWithSHA256 (ANSI X9.62 ECDSA algorithm with SHA256)\n\t\tsty = Asn1('30', Asn1('06', '2a8648ce3d040302'));\

/***/ }),

/***/ "./ecdsa.js":
/*!******************!*\
  !*** ./ecdsa.js ***!
  \******************/
/*! no static exports found */
/***/ (function(module, exports, __webpack_require__) {

"use strict";
eval("/*global Promise*/\n\n\nvar Enc = __webpack_require__(/*! @root/encoding */ \"./node_modules/@root/encoding/encoding.js\");\n\nvar EC = module.exports;\nvar native = __webpack_require__(/*! ./lib/node/ecdsa.js */ \"./lib/browser/ecdsa.js\");\n\n// TODO SSH\nvar SSH;\n\nvar x509 = __webpack_require__(/*! ./x509.js */ \"./x509.js\");\nvar PEM = __webpack_require__(/*! ./pem.js */ \"./pem.js\");\n//var SSH = require('./ssh-keys.js');\nvar sha2 = __webpack_require__(/*! ./lib/node/sha2.js */ \"./lib/browser/sha2.js\");\n\n// 1.2.840.10045.3.1.7\n// prime256v1 (ANSI X9.62 named elliptic curve)\nvar OBJ_ID_EC = '06 08 2A8648CE3D030107'.replace(/\\s+/g, '').toLowerCase();\n// 1.3.132.0.34\n// secp384r1 (SECG (Certicom) named elliptic curve)\nvar OBJ_ID_EC_384 = '06 05 2B81040022'.replace(/\\s+/g, '').toLowerCase();\n\nEC._stance =\n\t\"We take the stance that if you're knowledgeable enough to\" +\n\t\" properly and securely use non-standard crypto then you shouldn't need Bluecrypt anyway.\";\nnative._stance = EC._stance;\nEC._universal =\n\t'Bluecrypt only supports crypto with standard cross-browser and cross-platform support.';\nEC.generate = native.generate;\n\nEC.export = function(opts) {\n\treturn Promise.resolve().then(function() {\n\t\tif (!opts || !opts.jwk || 'object' !== typeof opts.jwk) {\n\t\t\tthrow new Error('must pass { jwk: jwk } as a JSON object');\n\t\t}\n\t\tvar jwk = JSON.parse(JSON.stringify(opts.jwk));\n\t\tvar format = opts.format;\n\t\tif (\n\t\t\topts.public ||\n\t\t\t-1 !== ['spki', 'pkix', 'ssh', 'rfc4716'].indexOf(format)\n\t\t) {\n\t\t\tjwk.d = null;\n\t\t}\n\t\tif ('EC' !== jwk.kty) {\n\t\t\tthrow new Error(\"options.jwk.kty must be 'EC' for EC keys\");\n\t\t}\n\t\tif (!jwk.d) {\n\t\t\tif (!format || -1 !== ['spki', 'pkix'].indexOf(format)) {\n\t\t\t\tformat = 'spki';\n\t\t\t} else if (-1 !== ['ssh', 'rfc4716'].indexOf(format)) {\n\t\t\t\tformat = 'ssh';\n\t\t\t} else {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t\"options.format must be 'spki' or 'ssh' for public EC keys, not (\" +\n\t\t\t\t\t\ttypeof format +\n\t\t\t\t\t\t') ' +\n\t\t\t\t\t\tformat\n\t\t\t\t);\n\t\t\t}\n\t\t} else {\n\t\t\tif (!format || 'sec1' === format) {\n\t\t\t\tformat = 'sec1';\n\t\t\t} else if ('pkcs8' !== format) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t\"options.format must be 'sec1' or 'pkcs8' for private EC keys, not '\" +\n\t\t\t\t\t\tformat +\n\t\t\t\t\t\t\"'\"\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\t\tif (-1 === ['P-256', 'P-384'].indexOf(jwk.crv)) {\n\t\t\tthrow new Error(\n\t\t\t\t\"options.jwk.crv must be either P-256 or P-384 for EC keys, not '\" +\n\t\t\t\t\tjwk.crv +\n\t\t\t\t\t\"'\"\n\t\t\t);\n\t\t}\n\t\tif (!jwk.y) {\n\t\t\tthrow new Error(\n\t\t\t\t'options.jwk.y must be a urlsafe base64-encoded either P-256 or P-384'\n\t\t\t);\n\t\t}\n\n\t\tif ('sec1' === format) {\n\t\t\treturn PEM.packBlock({\n\t\t\t\ttype: 'EC PRIVATE KEY',\n\t\t\t\tbytes: x509.packSec1(jwk)\n\t\t\t});\n\t\t} else if ('pkcs8' === format) {\n\t\t\treturn PEM.packBlock({\n\t\t\t\ttype: 'PRIVATE KEY',\n\t\t\t\tbytes: x509.packPkcs8(jwk)\n\t\t\t});\n\t\t} else if (-1 !== ['spki', 'pkix'].indexOf(format)) {\n\t\t\treturn PEM.packBlock({\n\t\t\t\ttype: 'PUBLIC KEY',\n\t\t\t\tbytes: x509.packSpki(jwk)\n\t\t\t});\n\t\t} else if (-1 !== ['ssh', 'rfc4716'].indexOf(format)) {\n\t\t\treturn SSH.packSsh(jwk);\n\t\t} else {\n\t\t\tthrow new Error(\n\t\t\t\t'Sanity Error: reached unreachable code block with format: ' +\n\t\t\t\t\tformat\n\t\t\t);\n\t\t}\n\t});\n};\nnative.export = EC.export;\n\nEC.import = function(opts) {\n\treturn Promise.resolve().then(function() {\n\t\tif (!opts || !opts.pem || 'string' !== typeof opts.pem) {\n\t\t\tthrow new Error('must pass { pem: pem } as a string');\n\t\t}\n\t\tif (0 === opts.pem.indexOf('ecdsa-sha2-')) {\n\t\t\treturn SSH.parseSsh(opts.pem);\n\t\t}\n\t\tvar pem = opts.pem;\n\t\tvar u8 = PEM.parseBlock(pem).bytes;\n\t\tvar hex = Enc.bufToHex(u8);\n\t\tvar jwk = { kty: 'EC', crv: null, x: null, y: null };\n\n\t\t//console.log();\n\t\tif (\n\t\t\t-1 !== hex.indexOf(OBJ_ID_EC) ||\n\t\t\t-1 !== hex.indexOf(OBJ_ID_EC_384)\n\t\

/***/ }),

/***/ "./keypairs.js":
/*!*********************!*\
  !*** ./keypairs.js ***!
  \*********************/
/*! no static exports found */
/***/ (function(module, exports, __webpack_require__) {

"use strict";
eval("/*global Promise*/\n\n\n__webpack_require__(/*! @root/encoding/bytes */ \"./node_modules/@root/encoding/browser/bytes.js\");\nvar Enc = __webpack_require__(/*! @root/encoding/base64 */ \"./node_modules/@root/encoding/browser/base64.js\");\n\nvar Keypairs = module.exports;\nvar Rasha = __webpack_require__(/*! ./rsa.js */ \"./rsa.js\");\nvar Eckles = __webpack_require__(/*! ./ecdsa.js */ \"./ecdsa.js\");\nvar native = __webpack_require__(/*! ./lib/node/keypairs.js */ \"./lib/browser/keypairs.js\");\n\nKeypairs._stance =\n\t\"We take the stance that if you're knowledgeable enough to\" +\n\t\" properly and securely use non-standard crypto then you shouldn't need Bluecrypt anyway.\";\nKeypairs._universal =\n\t'Bluecrypt only supports crypto with standard cross-browser and cross-platform support.';\nKeypairs.generate = function(opts) {\n\topts = opts || {};\n\tvar p;\n\tif (!opts.kty) {\n\t\topts.kty = opts.type;\n\t}\n\tif (!opts.kty) {\n\t\topts.kty = 'EC';\n\t}\n\tif (/^EC/i.test(opts.kty)) {\n\t\tp = Eckles.generate(opts);\n\t} else if (/^RSA$/i.test(opts.kty)) {\n\t\tp = Rasha.generate(opts);\n\t} else {\n\t\treturn Promise.Reject(\n\t\t\tnew Error(\n\t\t\t\t\"'\" +\n\t\t\t\t\topts.kty +\n\t\t\t\t\t\"' is not a well-supported key type.\" +\n\t\t\t\t\tKeypairs._universal +\n\t\t\t\t\t\" Please choose 'EC', or 'RSA' if you have good reason to.\"\n\t\t\t)\n\t\t);\n\t}\n\treturn p.then(function(pair) {\n\t\treturn Keypairs.thumbprint({ jwk: pair.public }).then(function(thumb) {\n\t\t\tpair.private.kid = thumb; // maybe not the same id on the private key?\n\t\t\tpair.public.kid = thumb;\n\t\t\treturn pair;\n\t\t});\n\t});\n};\n\nKeypairs.export = function(opts) {\n\treturn Eckles.export(opts).catch(function(err) {\n\t\treturn Rasha.export(opts).catch(function() {\n\t\t\treturn Promise.reject(err);\n\t\t});\n\t});\n};\n// XXX\nnative.export = Keypairs.export;\n\n/**\n * Chopping off the private parts is now part of the public API.\n * I thought it sounded a little too crude at first, but it really is the best name in every possible way.\n */\nKeypairs.neuter = function(opts) {\n\t/** trying to find the best balance of an immutable copy with custom attributes */\n\tvar jwk = {};\n\tObject.keys(opts.jwk).forEach(function(k) {\n\t\tif ('undefined' === typeof opts.jwk[k]) {\n\t\t\treturn;\n\t\t}\n\t\t// ignore RSA and EC private parts\n\t\tif (-1 !== ['d', 'p', 'q', 'dp', 'dq', 'qi'].indexOf(k)) {\n\t\t\treturn;\n\t\t}\n\t\tjwk[k] = JSON.parse(JSON.stringify(opts.jwk[k]));\n\t});\n\treturn jwk;\n};\n\nKeypairs.thumbprint = function(opts) {\n\treturn Promise.resolve().then(function() {\n\t\tif (/EC/i.test(opts.jwk.kty)) {\n\t\t\treturn Eckles.thumbprint(opts);\n\t\t} else {\n\t\t\treturn Rasha.thumbprint(opts);\n\t\t}\n\t});\n};\n\nKeypairs.publish = function(opts) {\n\tif ('object' !== typeof opts.jwk || !opts.jwk.kty) {\n\t\tthrow new Error('invalid jwk: ' + JSON.stringify(opts.jwk));\n\t}\n\n\t/** returns a copy */\n\tvar jwk = Keypairs.neuter(opts);\n\n\tif (jwk.exp) {\n\t\tjwk.exp = setTime(jwk.exp);\n\t} else {\n\t\tif (opts.exp) {\n\t\t\tjwk.exp = setTime(opts.exp);\n\t\t} else if (opts.expiresIn) {\n\t\t\tjwk.exp = Math.round(Date.now() / 1000) + opts.expiresIn;\n\t\t} else if (opts.expiresAt) {\n\t\t\tjwk.exp = opts.expiresAt;\n\t\t}\n\t}\n\tif (!jwk.use && false !== jwk.use) {\n\t\tjwk.use = 'sig';\n\t}\n\n\tif (jwk.kid) {\n\t\treturn Promise.resolve(jwk);\n\t}\n\treturn Keypairs.thumbprint({ jwk: jwk }).then(function(thumb) {\n\t\tjwk.kid = thumb;\n\t\treturn jwk;\n\t});\n};\n\n// JWT a.k.a. JWS with Claims using Compact Serialization\nKeypairs.signJwt = function(opts) {\n\treturn Keypairs.thumbprint({ jwk: opts.jwk }).then(function(thumb) {\n\t\tvar header = opts.header || {};\n\t\tvar claims = JSON.parse(JSON.stringify(opts.claims || {}));\n\t\theader.typ = 'JWT';\n\n\t\tif (!header.kid && false !== header.kid) {\n\t\t\theader.kid = thumb;\n\t\t}\n\t\tif (!header.alg && opts.alg) {\n\t\t\theader.alg = opts.alg;\n\t\t}\n\t\tif (!claims.iat && (false === claims.iat || false === opts.iat)) {\n\t\t\tclaims.iat = unde

/***/ }),

/***/ "./lib/browser/ecdsa.js":
/*!******************************!*\
  !*** ./lib/browser/ecdsa.js ***!
  \******************************/
/*! no static exports found */
/***/ (function(module, exports, __webpack_require__) {

"use strict";
eval("\n\nvar native = module.exports;\n// XXX received from caller\nvar EC = native;\n\nnative.generate = function(opts) {\n\tvar wcOpts = {};\n\tif (!opts) {\n\t\topts = {};\n\t}\n\tif (!opts.kty) {\n\t\topts.kty = 'EC';\n\t}\n\n\t// ECDSA has only the P curves and an associated bitlength\n\twcOpts.name = 'ECDSA';\n\tif (!opts.namedCurve) {\n\t\topts.namedCurve = 'P-256';\n\t}\n\twcOpts.namedCurve = opts.namedCurve; // true for supported curves\n\tif (/256/.test(wcOpts.namedCurve)) {\n\t\twcOpts.namedCurve = 'P-256';\n\t\twcOpts.hash = { name: 'SHA-256' };\n\t} else if (/384/.test(wcOpts.namedCurve)) {\n\t\twcOpts.namedCurve = 'P-384';\n\t\twcOpts.hash = { name: 'SHA-384' };\n\t} else {\n\t\treturn Promise.Reject(\n\t\t\tnew Error(\n\t\t\t\t\"'\" +\n\t\t\t\t\twcOpts.namedCurve +\n\t\t\t\t\t\"' is not an NIST approved ECDSA namedCurve. \" +\n\t\t\t\t\t\" Please choose either 'P-256' or 'P-384'. \" +\n\t\t\t\t\t// XXX received from caller\n\t\t\t\t\tEC._stance\n\t\t\t)\n\t\t);\n\t}\n\n\tvar extractable = true;\n\treturn window.crypto.subtle\n\t\t.generateKey(wcOpts, extractable, ['sign', 'verify'])\n\t\t.then(function(result) {\n\t\t\treturn window.crypto.subtle\n\t\t\t\t.exportKey('jwk', result.privateKey)\n\t\t\t\t.then(function(privJwk) {\n\t\t\t\t\tprivJwk.key_ops = undefined;\n\t\t\t\t\tprivJwk.ext = undefined;\n\t\t\t\t\treturn {\n\t\t\t\t\t\tprivate: privJwk,\n\t\t\t\t\t\t// XXX received from caller\n\t\t\t\t\t\tpublic: EC.neuter({ jwk: privJwk })\n\t\t\t\t\t};\n\t\t\t\t});\n\t\t});\n};\n\n\n//# sourceURL=webpack://@root/acme/./lib/browser/ecdsa.js?");

/***/ }),

/***/ "./lib/browser/http.js":
/*!*****************************!*\
  !*** ./lib/browser/http.js ***!
  \*****************************/
/*! no static exports found */
/***/ (function(module, exports, __webpack_require__) {

"use strict";
eval("\n\nvar http = module.exports;\n\nhttp.request = function(opts) {\n\treturn window.fetch(opts.url, opts).then(function(resp) {\n\t\tvar headers = {};\n\t\tvar result = {\n\t\t\tstatusCode: resp.status,\n\t\t\theaders: headers,\n\t\t\ttoJSON: function() {\n\t\t\t\treturn this;\n\t\t\t}\n\t\t};\n\t\tArray.from(resp.headers.entries()).forEach(function(h) {\n\t\t\theaders[h[0]] = h[1];\n\t\t});\n\t\tif (!headers['content-type']) {\n\t\t\treturn result;\n\t\t}\n\t\tif (/json/.test(headers['content-type'])) {\n\t\t\treturn resp.json().then(function(json) {\n\t\t\t\tresult.body = json;\n\t\t\t\treturn result;\n\t\t\t});\n\t\t}\n\t\treturn resp.text().then(function(txt) {\n\t\t\tresult.body = txt;\n\t\t\treturn result;\n\t\t});\n\t});\n};\n\n\n//# sourceURL=webpack://@root/acme/./lib/browser/http.js?");

/***/ }),

/***/ "./lib/browser/keypairs.js":
/*!*********************************!*\
  !*** ./lib/browser/keypairs.js ***!
  \*********************************/
/*! no static exports found */
/***/ (function(module, exports, __webpack_require__) {

"use strict";
eval("\n\nvar Keypairs = module.exports;\n\nKeypairs._sign = function(opts, payload) {\n\treturn Keypairs._import(opts).then(function(privkey) {\n\t\tif ('string' === typeof payload) {\n\t\t\tpayload = new TextEncoder().encode(payload);\n\t\t}\n\n\t\treturn window.crypto.subtle\n\t\t\t.sign(\n\t\t\t\t{\n\t\t\t\t\tname: Keypairs._getName(opts),\n\t\t\t\t\thash: { name: 'SHA-' + Keypairs._getBits(opts) }\n\t\t\t\t},\n\t\t\t\tprivkey,\n\t\t\t\tpayload\n\t\t\t)\n\t\t\t.then(function(signature) {\n\t\t\t\tsignature = new Uint8Array(signature); // ArrayBuffer -> u8\n\t\t\t\t// This will come back into play for CSRs, but not for JOSE\n\t\t\t\tif ('EC' === opts.jwk.kty && /x509|asn1/i.test(opts.format)) {\n\t\t\t\t\treturn Keypairs._ecdsaJoseSigToAsn1Sig(signature);\n\t\t\t\t} else {\n\t\t\t\t\t// jose/jws/jwt\n\t\t\t\t\treturn signature;\n\t\t\t\t}\n\t\t\t});\n\t});\n};\n\nKeypairs._import = function(opts) {\n\treturn Promise.resolve().then(function() {\n\t\tvar ops;\n\t\t// all private keys just happen to have a 'd'\n\t\tif (opts.jwk.d) {\n\t\t\tops = ['sign'];\n\t\t} else {\n\t\t\tops = ['verify'];\n\t\t}\n\t\t// gotta mark it as extractable, as if it matters\n\t\topts.jwk.ext = true;\n\t\topts.jwk.key_ops = ops;\n\n\t\treturn window.crypto.subtle\n\t\t\t.importKey(\n\t\t\t\t'jwk',\n\t\t\t\topts.jwk,\n\t\t\t\t{\n\t\t\t\t\tname: Keypairs._getName(opts),\n\t\t\t\t\tnamedCurve: opts.jwk.crv,\n\t\t\t\t\thash: { name: 'SHA-' + Keypairs._getBits(opts) }\n\t\t\t\t},\n\t\t\t\ttrue,\n\t\t\t\tops\n\t\t\t)\n\t\t\t.then(function(privkey) {\n\t\t\t\tdelete opts.jwk.ext;\n\t\t\t\treturn privkey;\n\t\t\t});\n\t});\n};\n\n// ECDSA JOSE / JWS / JWT signatures differ from \"normal\" ASN1/X509 ECDSA signatures\n// https://tools.ietf.org/html/rfc7518#section-3.4\nKeypairs._ecdsaJoseSigToAsn1Sig = function(bufsig) {\n\t// it's easier to do the manipulation in the browser with an array\n\tbufsig = Array.from(bufsig);\n\tvar hlen = bufsig.length / 2; // should be even\n\tvar r = bufsig.slice(0, hlen);\n\tvar s = bufsig.slice(hlen);\n\t// unpad positive ints less than 32 bytes wide\n\twhile (!r[0]) {\n\t\tr = r.slice(1);\n\t}\n\twhile (!s[0]) {\n\t\ts = s.slice(1);\n\t}\n\t// pad (or re-pad) ambiguously non-negative BigInts, up to 33 bytes wide\n\tif (0x80 & r[0]) {\n\t\tr.unshift(0);\n\t}\n\tif (0x80 & s[0]) {\n\t\ts.unshift(0);\n\t}\n\n\tvar len = 2 + r.length + 2 + s.length;\n\tvar head = [0x30];\n\t// hard code 0x80 + 1 because it won't be longer than\n\t// two SHA512 plus two pad bytes (130 bytes <= 256)\n\tif (len >= 0x80) {\n\t\thead.push(0x81);\n\t}\n\thead.push(len);\n\n\treturn Uint8Array.from(\n\t\thead.concat([0x02, r.length], r, [0x02, s.length], s)\n\t);\n};\n\nKeypairs._getName = function(opts) {\n\tif (/EC/i.test(opts.jwk.kty)) {\n\t\treturn 'ECDSA';\n\t} else {\n\t\treturn 'RSASSA-PKCS1-v1_5';\n\t}\n};\n\n\n//# sourceURL=webpack://@root/acme/./lib/browser/keypairs.js?");

/***/ }),

/***/ "./lib/browser/rsa.js":
/*!****************************!*\
  !*** ./lib/browser/rsa.js ***!
  \****************************/
/*! no static exports found */
/***/ (function(module, exports, __webpack_require__) {

"use strict";
eval("\n\nvar native = module.exports;\n// XXX added by caller: _stance, neuter\nvar RSA = native;\n\nnative.generate = function(opts) {\n\tvar wcOpts = {};\n\tif (!opts) {\n\t\topts = {};\n\t}\n\tif (!opts.kty) {\n\t\topts.kty = 'RSA';\n\t}\n\n\t// Support PSS? I don't think it's used for Let's Encrypt\n\twcOpts.name = 'RSASSA-PKCS1-v1_5';\n\tif (!opts.modulusLength) {\n\t\topts.modulusLength = 2048;\n\t}\n\twcOpts.modulusLength = opts.modulusLength;\n\tif (wcOpts.modulusLength >= 2048 && wcOpts.modulusLength < 3072) {\n\t\t// erring on the small side... for no good reason\n\t\twcOpts.hash = { name: 'SHA-256' };\n\t} else if (wcOpts.modulusLength >= 3072 && wcOpts.modulusLength < 4096) {\n\t\twcOpts.hash = { name: 'SHA-384' };\n\t} else if (wcOpts.modulusLength < 4097) {\n\t\twcOpts.hash = { name: 'SHA-512' };\n\t} else {\n\t\t// Public key thumbprints should be paired with a hash of similar length,\n\t\t// so anything above SHA-512's keyspace would be left under-represented anyway.\n\t\treturn Promise.Reject(\n\t\t\tnew Error(\n\t\t\t\t\"'\" +\n\t\t\t\t\twcOpts.modulusLength +\n\t\t\t\t\t\"' is not within the safe and universally\" +\n\t\t\t\t\t' acceptable range of 2048-4096. Typically you should pick 2048, 3072, or 4096, though other values' +\n\t\t\t\t\t' divisible by 8 are allowed. ' +\n\t\t\t\t\tRSA._stance\n\t\t\t)\n\t\t);\n\t}\n\t// TODO maybe allow this to be set to any of the standard values?\n\twcOpts.publicExponent = new Uint8Array([0x01, 0x00, 0x01]);\n\n\tvar extractable = true;\n\treturn window.crypto.subtle\n\t\t.generateKey(wcOpts, extractable, ['sign', 'verify'])\n\t\t.then(function(result) {\n\t\t\treturn window.crypto.subtle\n\t\t\t\t.exportKey('jwk', result.privateKey)\n\t\t\t\t.then(function(privJwk) {\n\t\t\t\t\treturn {\n\t\t\t\t\t\tprivate: privJwk,\n\t\t\t\t\t\tpublic: RSA.neuter({ jwk: privJwk })\n\t\t\t\t\t};\n\t\t\t\t});\n\t\t});\n};\n\n\n//# sourceURL=webpack://@root/acme/./lib/browser/rsa.js?");

/***/ }),

/***/ "./lib/browser/sha2.js":
/*!*****************************!*\
  !*** ./lib/browser/sha2.js ***!
  \*****************************/
/*! no static exports found */
/***/ (function(module, exports, __webpack_require__) {

"use strict";
eval("\n\nvar sha2 = module.exports;\n\nvar encoder = new TextEncoder();\nsha2.sum = function(alg, str) {\n\tvar data = str;\n\tif ('string' === typeof data) {\n\t\tdata = encoder.encode(str);\n\t}\n\tvar sha = 'SHA-' + String(alg).replace(/^sha-?/i, '');\n\treturn window.crypto.subtle.digest(sha, data);\n};\n\n\n//# sourceURL=webpack://@root/acme/./lib/browser/sha2.js?");

/***/ }),

/***/ "./node_modules/@root/encoding/browser/base64.js":
/*!*******************************************************!*\
  !*** ./node_modules/@root/encoding/browser/base64.js ***!
  \*******************************************************/
/*! no static exports found */
/***/ (function(module, exports, __webpack_require__) {

"use strict";
eval("\n\nvar Enc = __webpack_require__(/*! ./bytes.js */ \"./node_modules/@root/encoding/browser/bytes.js\");\n\n// To Base64\n\nEnc.bufToBase64 = function(u8) {\n\tvar bin = '';\n\tu8.forEach(function(i) {\n\t\tbin += String.fromCharCode(i);\n\t});\n\treturn btoa(bin);\n};\n\nEnc.strToBase64 = function(str) {\n\treturn btoa(Enc.strToBin(str));\n};\n\n// From Base64\n\nfunction _base64ToBin(b64) {\n\treturn atob(Enc.urlBase64ToBase64(b64));\n}\n\nEnc._base64ToBin = _base64ToBin;\n\nEnc.base64ToBuf = function(b64) {\n\treturn Enc.binToBuf(_base64ToBin(b64));\n};\n\nEnc.base64ToStr = function(b64) {\n\treturn Enc.binToStr(_base64ToBin(b64));\n};\n\n// URL Safe Base64\n\nEnc.urlBase64ToBase64 = function(u64) {\n\tvar r = u64 % 4;\n\tif (2 === r) {\n\t\tu64 += '==';\n\t} else if (3 === r) {\n\t\tu64 += '=';\n\t}\n\treturn u64.replace(/-/g, '+').replace(/_/g, '/');\n};\n\nEnc.base64ToUrlBase64 = function(b64) {\n\treturn b64\n\t\t.replace(/\\+/g, '-')\n\t\t.replace(/\\//g, '_')\n\t\t.replace(/=/g, '');\n};\n\nEnc.bufToUrlBase64 = function(buf) {\n\treturn Enc.base64ToUrlBase64(Enc.bufToBase64(buf));\n};\n\nEnc.strToUrlBase64 = function(str) {\n\treturn Enc.bufToUrlBase64(Enc.strToBuf(str));\n};\n\nmodule.exports = Enc;\n\n\n//# sourceURL=webpack://@root/acme/./node_modules/@root/encoding/browser/base64.js?");

/***/ }),

/***/ "./node_modules/@root/encoding/browser/bytes.js":
/*!******************************************************!*\
  !*** ./node_modules/@root/encoding/browser/bytes.js ***!
  \******************************************************/
/*! no static exports found */
/***/ (function(module, exports, __webpack_require__) {

"use strict";
eval("\n\nvar Enc = module.exports;\n\n// to Binary String\n\nEnc.bufToBin = function(buf) {\n\tvar bin = '';\n\t// cannot use .map() because Uint8Array would return only 0s\n\tbuf.forEach(function(ch) {\n\t\tbin += String.fromCharCode(ch);\n\t});\n\treturn bin;\n};\n\nEnc.strToBin = function(str) {\n\t// Note: TextEncoder might be faster (or it might be slower, I don't know),\n\t// but it doesn't solve the double-utf8 problem and MS Edge still has users without it\n\tvar escstr = encodeURIComponent(str);\n\t// replaces any uri escape sequence, such as %0A,\n\t// with binary escape, such as 0x0A\n\tvar binstr = escstr.replace(/%([0-9A-F]{2})/g, function(_, p1) {\n\t\treturn String.fromCharCode('0x' + p1);\n\t});\n\treturn binstr;\n};\n\n// to Buffer\n\nEnc.binToBuf = function(bin) {\n\tvar arr = bin.split('').map(function(ch) {\n\t\treturn ch.charCodeAt(0);\n\t});\n\treturn 'undefined' !== typeof Uint8Array ? new Uint8Array(arr) : arr;\n};\n\nEnc.strToBuf = function(str) {\n\treturn Enc.binToBuf(Enc.strToBin(str));\n};\n\n// to Unicode String\n\nEnc.binToStr = function(binstr) {\n\tvar escstr = binstr.replace(/(.)/g, function(m, p) {\n\t\tvar code = p\n\t\t\t.charCodeAt(0)\n\t\t\t.toString(16)\n\t\t\t.toUpperCase();\n\t\tif (code.length < 2) {\n\t\t\tcode = '0' + code;\n\t\t}\n\t\treturn '%' + code;\n\t});\n\n\treturn decodeURIComponent(escstr);\n};\n\nEnc.bufToStr = function(buf) {\n\treturn Enc.binToStr(Enc.bufToBin(buf));\n};\n\n// Base64 + Hex\n\nEnc.base64ToHex = function(b64) {\n\treturn Enc.bufToHex(Enc.base64ToBuf(b64));\n};\n\nEnc.hexToBase64 = function(hex) {\n\treturn btoa(Enc._hexToBin(hex));\n};\n\n\n//# sourceURL=webpack://@root/acme/./node_modules/@root/encoding/browser/bytes.js?");

/***/ }),

/***/ "./node_modules/@root/encoding/browser/hex.js":
/*!****************************************************!*\
  !*** ./node_modules/@root/encoding/browser/hex.js ***!
  \****************************************************/
/*! no static exports found */
/***/ (function(module, exports, __webpack_require__) {

"use strict";
eval("\n\nvar Enc = __webpack_require__(/*! ./bytes.js */ \"./node_modules/@root/encoding/browser/bytes.js\");\n\n// To Hex\n\nEnc.bufToHex = function(u8) {\n\tvar hex = [];\n\tvar i, h;\n\tvar len = u8.byteLength || u8.length;\n\n\tfor (i = 0; i < len; i += 1) {\n\t\th = u8[i].toString(16);\n\t\tif (2 !== h.length) {\n\t\t\th = '0' + h;\n\t\t}\n\t\thex.push(h);\n\t}\n\n\treturn hex.join('').toLowerCase();\n};\n\nEnc.numToHex = function(d) {\n\td = d.toString(16); // .padStart(2, '0');\n\tif (d.length % 2) {\n\t\treturn '0' + d;\n\t}\n\treturn d;\n};\n\nEnc.strToHex = function(str) {\n\treturn Enc._binToHex(Enc.strToBin(str));\n};\n\nEnc._binToHex = function(bin) {\n\treturn bin\n\t\t.split('')\n\t\t.map(function(ch) {\n\t\t\tvar h = ch.charCodeAt(0).toString(16);\n\t\t\tif (2 !== h.length) {\n\t\t\t\th = '0' + h;\n\t\t\t}\n\t\t\treturn h;\n\t\t})\n\t\t.join('');\n};\n\n// From Hex\n\nEnc.hexToBuf = function(hex) {\n\tvar arr = [];\n\thex.match(/.{2}/g).forEach(function(h) {\n\t\tarr.push(parseInt(h, 16));\n\t});\n\treturn 'undefined' !== typeof Uint8Array ? new Uint8Array(arr) : arr;\n};\n\nEnc.hexToStr = function(hex) {\n\treturn Enc.binToStr(_hexToBin(hex));\n};\n\nfunction _hexToBin(hex) {\n\treturn hex.replace(/([0-9A-F]{2})/gi, function(_, p1) {\n\t\treturn String.fromCharCode('0x' + p1);\n\t});\n}\n\nEnc._hexToBin = _hexToBin;\n\nmodule.exports = Enc;\n\n\n//# sourceURL=webpack://@root/acme/./node_modules/@root/encoding/browser/hex.js?");

/***/ }),

/***/ "./node_modules/@root/encoding/encoding.js":
/*!*************************************************!*\
  !*** ./node_modules/@root/encoding/encoding.js ***!
  \*************************************************/
/*! no static exports found */
/***/ (function(module, exports, __webpack_require__) {

"use strict";
eval("\n\n__webpack_require__(/*! ./base64.js */ \"./node_modules/@root/encoding/browser/base64.js\");\n__webpack_require__(/*! ./hex.js */ \"./node_modules/@root/encoding/browser/hex.js\");\nmodule.exports = __webpack_require__(/*! ./bytes.js */ \"./node_modules/@root/encoding/browser/bytes.js\");\n\n\n//# sourceURL=webpack://@root/acme/./node_modules/@root/encoding/encoding.js?");

/***/ }),

/***/ "./node_modules/@root/keypairs/keypairs.js":
/*!*************************************************!*\
  !*** ./node_modules/@root/keypairs/keypairs.js ***!
  \*************************************************/
/*! no static exports found */
/***/ (function(module, exports, __webpack_require__) {

"use strict";
eval("\n\nmodule.exports = __webpack_require__(/*! @root/acme/keypairs */ \"./keypairs.js\");\n\n\n//# sourceURL=webpack://@root/acme/./node_modules/@root/keypairs/keypairs.js?");

/***/ }),

/***/ "./pem.js":
/*!****************!*\
  !*** ./pem.js ***!
  \****************/
/*! no static exports found */
/***/ (function(module, exports, __webpack_require__) {

"use strict";
eval("\n\nvar Enc = __webpack_require__(/*! @root/encoding/base64 */ \"./node_modules/@root/encoding/browser/base64.js\");\nvar PEM = module.exports;\n\nPEM.packBlock = function(opts) {\n\t// TODO allow for headers?\n\treturn (\n\t\t'-----BEGIN ' +\n\t\topts.type +\n\t\t'-----\\n' +\n\t\tEnc.bufToBase64(opts.bytes)\n\t\t\t.match(/.{1,64}/g)\n\t\t\t.join('\\n') +\n\t\t'\\n' +\n\t\t'-----END ' +\n\t\topts.type +\n\t\t'-----'\n\t);\n};\n\n// don't replace the full parseBlock, if it exists\nPEM.parseBlock =\n\tPEM.parseBlock ||\n\tfunction(str) {\n\t\tvar der = str\n\t\t\t.split(/\\n/)\n\t\t\t.filter(function(line) {\n\t\t\t\treturn !/-----/.test(line);\n\t\t\t})\n\t\t\t.join('');\n\t\treturn { bytes: Enc.base64ToBuf(der) };\n\t};\n\n\n//# sourceURL=webpack://@root/acme/./pem.js?");

/***/ }),

/***/ "./rsa.js":
/*!****************!*\
  !*** ./rsa.js ***!
  \****************/
/*! no static exports found */
/***/ (function(module, exports, __webpack_require__) {

"use strict";
eval("/*global Promise*/\n\n\nvar RSA = module.exports;\nvar native = __webpack_require__(/*! ./lib/node/rsa.js */ \"./lib/browser/rsa.js\");\nvar x509 = __webpack_require__(/*! ./x509.js */ \"./x509.js\");\nvar PEM = __webpack_require__(/*! ./pem.js */ \"./pem.js\");\n//var SSH = require('./ssh-keys.js');\nvar sha2 = __webpack_require__(/*! ./lib/node/sha2.js */ \"./lib/browser/sha2.js\");\nvar Enc = __webpack_require__(/*! @root/encoding/base64 */ \"./node_modules/@root/encoding/browser/base64.js\");\n\nRSA._universal =\n\t'Bluecrypt only supports crypto with standard cross-browser and cross-platform support.';\nRSA._stance =\n\t\"We take the stance that if you're knowledgeable enough to\" +\n\t\" properly and securely use non-standard crypto then you shouldn't need Bluecrypt anyway.\";\nnative._stance = RSA._stance;\n\nRSA.generate = native.generate;\n\n// Chopping off the private parts is now part of the public API.\n// I thought it sounded a little too crude at first, but it really is the best name in every possible way.\nRSA.neuter = function(opts) {\n\t// trying to find the best balance of an immutable copy with custom attributes\n\tvar jwk = {};\n\tObject.keys(opts.jwk).forEach(function(k) {\n\t\tif ('undefined' === typeof opts.jwk[k]) {\n\t\t\treturn;\n\t\t}\n\t\t// ignore RSA private parts\n\t\tif (-1 !== ['d', 'p', 'q', 'dp', 'dq', 'qi'].indexOf(k)) {\n\t\t\treturn;\n\t\t}\n\t\tjwk[k] = JSON.parse(JSON.stringify(opts.jwk[k]));\n\t});\n\treturn jwk;\n};\nnative.neuter = RSA.neuter;\n\n// https://stackoverflow.com/questions/42588786/how-to-fingerprint-a-jwk\nRSA.__thumbprint = function(jwk) {\n\t// Use the same entropy for SHA as for key\n\tvar len = Math.floor(jwk.n.length * 0.75);\n\tvar alg = 'SHA-256';\n\t// TODO this may be a bug\n\t// need to confirm that the padding is no more or less than 1 byte\n\tif (len >= 511) {\n\t\talg = 'SHA-512';\n\t} else if (len >= 383) {\n\t\talg = 'SHA-384';\n\t}\n\treturn sha2\n\t\t.sum(alg, '{\"e\":\"' + jwk.e + '\",\"kty\":\"RSA\",\"n\":\"' + jwk.n + '\"}')\n\t\t.then(function(hash) {\n\t\t\treturn Enc.bufToUrlBase64(Uint8Array.from(hash));\n\t\t});\n};\n\nRSA.thumbprint = function(opts) {\n\treturn Promise.resolve().then(function() {\n\t\tvar jwk;\n\t\tif ('EC' === opts.kty) {\n\t\t\tjwk = opts;\n\t\t} else if (opts.jwk) {\n\t\t\tjwk = opts.jwk;\n\t\t} else {\n\t\t\treturn RSA.import(opts).then(function(jwk) {\n\t\t\t\treturn RSA.__thumbprint(jwk);\n\t\t\t});\n\t\t}\n\t\treturn RSA.__thumbprint(jwk);\n\t});\n};\n\nRSA.export = function(opts) {\n\treturn Promise.resolve().then(function() {\n\t\tif (!opts || !opts.jwk || 'object' !== typeof opts.jwk) {\n\t\t\tthrow new Error('must pass { jwk: jwk }');\n\t\t}\n\t\tvar jwk = JSON.parse(JSON.stringify(opts.jwk));\n\t\tvar format = opts.format;\n\t\tvar pub = opts.public;\n\t\tif (pub || -1 !== ['spki', 'pkix', 'ssh', 'rfc4716'].indexOf(format)) {\n\t\t\tjwk = RSA.neuter({ jwk: jwk });\n\t\t}\n\t\tif ('RSA' !== jwk.kty) {\n\t\t\tthrow new Error(\"options.jwk.kty must be 'RSA' for RSA keys\");\n\t\t}\n\t\tif (!jwk.p) {\n\t\t\t// TODO test for n and e\n\t\t\tpub = true;\n\t\t\tif (!format || 'pkcs1' === format) {\n\t\t\t\tformat = 'pkcs1';\n\t\t\t} else if (-1 !== ['spki', 'pkix'].indexOf(format)) {\n\t\t\t\tformat = 'spki';\n\t\t\t} else if (-1 !== ['ssh', 'rfc4716'].indexOf(format)) {\n\t\t\t\tformat = 'ssh';\n\t\t\t} else {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t\"options.format must be 'spki', 'pkcs1', or 'ssh' for public RSA keys, not (\" +\n\t\t\t\t\t\ttypeof format +\n\t\t\t\t\t\t') ' +\n\t\t\t\t\t\tformat\n\t\t\t\t);\n\t\t\t}\n\t\t} else {\n\t\t\t// TODO test for all necessary keys (d, p, q ...)\n\t\t\tif (!format || 'pkcs1' === format) {\n\t\t\t\tformat = 'pkcs1';\n\t\t\t} else if ('pkcs8' !== format) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t\"options.format must be 'pkcs1' or 'pkcs8' for private RSA keys\"\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\n\t\tif ('pkcs1' === format) {\n\t\t\tif (jwk.d) {\n\t\t\t\treturn PEM.packBlock({\n\t\t\t\t\ttype: 'RSA PRIVATE KEY',\n\t\t\t\t\tbytes: x509.packPkcs1(jwk)\n\t\t\t\t});\n\t\t\t} else {\n\t\

/***/ }),

/***/ "./x509.js":
/*!*****************!*\
  !*** ./x509.js ***!
  \*****************/
/*! no static exports found */
/***/ (function(module, exports, __webpack_require__) {

"use strict";
eval("\n\nvar x509 = module.exports;\nvar ASN1 = __webpack_require__(/*! ./asn1/packer.js */ \"./asn1/packer.js\");\nvar Asn1 = ASN1.Any;\nvar UInt = ASN1.UInt;\nvar BitStr = ASN1.BitStr;\nvar Enc = __webpack_require__(/*! @root/encoding */ \"./node_modules/@root/encoding/encoding.js\");\n\n// 1.2.840.10045.3.1.7\n// prime256v1 (ANSI X9.62 named elliptic curve)\nvar OBJ_ID_EC = '06 08 2A8648CE3D030107'.replace(/\\s+/g, '').toLowerCase();\n// 1.3.132.0.34\n// secp384r1 (SECG (Certicom) named elliptic curve)\nvar OBJ_ID_EC_384 = '06 05 2B81040022'.replace(/\\s+/g, '').toLowerCase();\n// 1.2.840.10045.2.1\n// ecPublicKey (ANSI X9.62 public key type)\nvar OBJ_ID_EC_PUB = '06 07 2A8648CE3D0201'.replace(/\\s+/g, '').toLowerCase();\n\nx509.parseSec1 = function parseEcOnlyPrivkey(u8, jwk) {\n\tvar index = 7;\n\tvar len = 32;\n\tvar olen = OBJ_ID_EC.length / 2;\n\n\tif ('P-384' === jwk.crv) {\n\t\tolen = OBJ_ID_EC_384.length / 2;\n\t\tindex = 8;\n\t\tlen = 48;\n\t}\n\tif (len !== u8[index - 1]) {\n\t\tthrow new Error('Unexpected bitlength ' + len);\n\t}\n\n\t// private part is d\n\tvar d = u8.slice(index, index + len);\n\t// compression bit index\n\tvar ci = index + len + 2 + olen + 2 + 3;\n\tvar c = u8[ci];\n\tvar x, y;\n\n\tif (0x04 === c) {\n\t\ty = u8.slice(ci + 1 + len, ci + 1 + len + len);\n\t} else if (0x02 !== c) {\n\t\tthrow new Error('not a supported EC private key');\n\t}\n\tx = u8.slice(ci + 1, ci + 1 + len);\n\n\treturn {\n\t\tkty: jwk.kty,\n\t\tcrv: jwk.crv,\n\t\td: Enc.bufToUrlBase64(d),\n\t\t//, dh: Enc.bufToHex(d)\n\t\tx: Enc.bufToUrlBase64(x),\n\t\t//, xh: Enc.bufToHex(x)\n\t\ty: Enc.bufToUrlBase64(y)\n\t\t//, yh: Enc.bufToHex(y)\n\t};\n};\n\nx509.packPkcs1 = function(jwk) {\n\tvar n = UInt(Enc.base64ToHex(jwk.n));\n\tvar e = UInt(Enc.base64ToHex(jwk.e));\n\n\tif (!jwk.d) {\n\t\treturn Enc.hexToBuf(Asn1('30', n, e));\n\t}\n\n\treturn Enc.hexToBuf(\n\t\tAsn1(\n\t\t\t'30',\n\t\t\tUInt('00'),\n\t\t\tn,\n\t\t\te,\n\t\t\tUInt(Enc.base64ToHex(jwk.d)),\n\t\t\tUInt(Enc.base64ToHex(jwk.p)),\n\t\t\tUInt(Enc.base64ToHex(jwk.q)),\n\t\t\tUInt(Enc.base64ToHex(jwk.dp)),\n\t\t\tUInt(Enc.base64ToHex(jwk.dq)),\n\t\t\tUInt(Enc.base64ToHex(jwk.qi))\n\t\t)\n\t);\n};\n\nx509.parsePkcs8 = function parseEcPkcs8(u8, jwk) {\n\tvar index = 24 + OBJ_ID_EC.length / 2;\n\tvar len = 32;\n\tif ('P-384' === jwk.crv) {\n\t\tindex = 24 + OBJ_ID_EC_384.length / 2 + 2;\n\t\tlen = 48;\n\t}\n\n\t//console.log(index, u8.slice(index));\n\tif (0x04 !== u8[index]) {\n\t\t//console.log(jwk);\n\t\tthrow new Error('privkey not found');\n\t}\n\tvar d = u8.slice(index + 2, index + 2 + len);\n\tvar ci = index + 2 + len + 5;\n\tvar xi = ci + 1;\n\tvar x = u8.slice(xi, xi + len);\n\tvar yi = xi + len;\n\tvar y;\n\tif (0x04 === u8[ci]) {\n\t\ty = u8.slice(yi, yi + len);\n\t} else if (0x02 !== u8[ci]) {\n\t\tthrow new Error('invalid compression bit (expected 0x04 or 0x02)');\n\t}\n\n\treturn {\n\t\tkty: jwk.kty,\n\t\tcrv: jwk.crv,\n\t\td: Enc.bufToUrlBase64(d),\n\t\t//, dh: Enc.bufToHex(d)\n\t\tx: Enc.bufToUrlBase64(x),\n\t\t//, xh: Enc.bufToHex(x)\n\t\ty: Enc.bufToUrlBase64(y)\n\t\t//, yh: Enc.bufToHex(y)\n\t};\n};\n\nx509.parseSpki = function parsePem(u8, jwk) {\n\tvar ci = 16 + OBJ_ID_EC.length / 2;\n\tvar len = 32;\n\n\tif ('P-384' === jwk.crv) {\n\t\tci = 16 + OBJ_ID_EC_384.length / 2;\n\t\tlen = 48;\n\t}\n\n\tvar c = u8[ci];\n\tvar xi = ci + 1;\n\tvar x = u8.slice(xi, xi + len);\n\tvar yi = xi + len;\n\tvar y;\n\tif (0x04 === c) {\n\t\ty = u8.slice(yi, yi + len);\n\t} else if (0x02 !== c) {\n\t\tthrow new Error('not a supported EC private key');\n\t}\n\n\treturn {\n\t\tkty: jwk.kty,\n\t\tcrv: jwk.crv,\n\t\tx: Enc.bufToUrlBase64(x),\n\t\t//, xh: Enc.bufToHex(x)\n\t\ty: Enc.bufToUrlBase64(y)\n\t\t//, yh: Enc.bufToHex(y)\n\t};\n};\nx509.parsePkix = x509.parseSpki;\n\nx509.packSec1 = function(jwk) {\n\tvar d = Enc.base64ToHex(jwk.d);\n\tvar x = Enc.base64ToHex(jwk.x);\n\tvar y = Enc.base64ToHex(jwk.y);\n\tvar objId = 'P-256' === jwk.crv ? OBJ_ID_EC : OBJ_ID_EC_384;\n\treturn Enc.hexToBuf(\n\t\tAsn1(\n\t\t\t'30',\n\t\t\tUInt('01'),\n\t\t\tAsn1('04', d),\n\t\t\tA

/***/ })

/******/ });
});