From 0c47b952931fb52658567e4821593a05266f6e0f Mon Sep 17 00:00:00 2001 From: Kenji Urushima Date: Sat, 19 Feb 2022 08:55:54 +0900 Subject: [PATCH] 10.5.7 release --- ChangeLog.txt | 5 + api/files.html | 2 +- api/symbols/KJUR.asn1.ocsp.OCSPResponse.html | 4 +- api/symbols/src/asn1ocsp-1.0.js.html | 4 +- api/symbols/src/x509crl.js.html | 257 ++++++++++--------- bower.json | 2 +- jsrsasign-all-min.js | 4 +- jsrsasign-jwths-min.js | 2 +- jsrsasign-rsa-min.js | 2 +- min/x509crl.min.js | 2 +- npm/lib/jsrsasign-all-min.js | 4 +- npm/lib/jsrsasign-jwths-min.js | 2 +- npm/lib/jsrsasign-rsa-min.js | 2 +- npm/lib/jsrsasign.js | 4 +- npm/package.json | 2 +- src/asn1ocsp-1.0.js | 4 +- src/x509crl.js | 3 +- test/x509crl.html | 66 ++++- 18 files changed, 221 insertions(+), 150 deletions(-) diff --git a/ChangeLog.txt b/ChangeLog.txt index 3afb451d..a9e06ce4 100755 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,6 +1,11 @@ ChangeLog for jsrsasign +X509CRL.findRevCert bugfix for empty revCerts +* Changes from 10.5.6 to 10.5.7 (2022-Feb-19) + - src/x509crl.js + - X509CRL.{findRevCert,findRevCertBySN} method fix for empty revCerts + X509CRL.findRevCert bugfix * Changes from 10.5.5 to 10.5.6 (2022-Feb-17) - src/x509crl.js X509CRL class diff --git a/api/files.html b/api/files.html index ca4edb20..a7f85a97 100644 --- a/api/files.html +++ b/api/files.html @@ -905,7 +905,7 @@

x509crl.js

Version:
-
jsrsasign 10.5.5 x509crl 1.0.3 (2021-Feb-17)
+
jsrsasign 10.5.7 x509crl 1.0.4 (2021-Feb-19)
diff --git a/api/symbols/KJUR.asn1.ocsp.OCSPResponse.html b/api/symbols/KJUR.asn1.ocsp.OCSPResponse.html index e7f227da..149f840b 100644 --- a/api/symbols/KJUR.asn1.ocsp.OCSPResponse.html +++ b/api/symbols/KJUR.asn1.ocsp.OCSPResponse.html @@ -636,8 +636,8 @@

<> }); // constructor for error -new KJUR.asn1.ocsp.OCSPRequest({resstatus: 1}) -new KJUR.asn1.ocsp.OCSPRequest({resstatus: "unauthorized"}) +new KJUR.asn1.ocsp.OCSPResponse({resstatus: 1}) +new KJUR.asn1.ocsp.OCSPResponse({resstatus: "unauthorized"}) diff --git a/api/symbols/src/asn1ocsp-1.0.js.html b/api/symbols/src/asn1ocsp-1.0.js.html index 77b26c67..a3c9b763 100644 --- a/api/symbols/src/asn1ocsp-1.0.js.html +++ b/api/symbols/src/asn1ocsp-1.0.js.html @@ -118,8 +118,8 @@ 111 * <<ResponseBytes parameters>> 112 * }); 113 * // constructor for error -114 * new KJUR.asn1.ocsp.OCSPRequest({resstatus: 1}) -115 * new KJUR.asn1.ocsp.OCSPRequest({resstatus: "unauthorized"}) +114 * new KJUR.asn1.ocsp.OCSPResponse({resstatus: 1}) +115 * new KJUR.asn1.ocsp.OCSPResponse({resstatus: "unauthorized"}) 116 */ 117 KJUR.asn1.ocsp.OCSPResponse = function(params) { 118 KJUR.asn1.ocsp.OCSPResponse.superclass.constructor.call(this); diff --git a/api/symbols/src/x509crl.js.html b/api/symbols/src/x509crl.js.html index a82f2d48..3b6c7d4f 100644 --- a/api/symbols/src/x509crl.js.html +++ b/api/symbols/src/x509crl.js.html @@ -23,7 +23,7 @@ 16 * @fileOverview 17 * @name x509crl.js 18 * @author Kenji Urushima kenji.urushima@gmail.com - 19 * @version jsrsasign 10.5.5 x509crl 1.0.3 (2021-Feb-17) + 19 * @version jsrsasign 10.5.7 x509crl 1.0.4 (2021-Feb-19) 20 * @since jsrsasign 10.1.0 21 * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a> 22 */ @@ -387,130 +387,131 @@ 380 */ 381 this.findRevCertBySN = function(hSN) { 382 if (this.parsed == null) this.getParam(); -383 var revcert = this.parsed.revcert; -384 for (var i = 0; i < revcert.length; i++) { -385 if (hSN == revcert[i].sn.hex) return revcert[i]; -386 } -387 return null; -388 }; -389 -390 /** -391 * get signature value as hexadecimal string<br/> -392 * @name getSignatureValueHex -393 * @memberOf X509CRL# -394 * @function -395 * @return {String} signature value hexadecimal string without BitString unused bits -396 * -397 * @description -398 * This method will get signature value of CRL. -399 * -400 * @example -401 * crl = new X509CRL("-----BEGIN X509 CRL..."); -402 * crl.getSignatureValueHex() &rarr "8a4c47913..." -403 */ -404 this.getSignatureValueHex = function() { -405 return _getVbyList(this.hex, 0, [2], "03", true); -406 }; -407 -408 /** -409 * verifies signature value by public key<br/> -410 * @name verifySignature -411 * @memberOf X509CRL# -412 * @function -413 * @param {Object} pubKey public key object, pubkey PEM or PEM issuer cert -414 * @return {Boolean} true if signature value is valid otherwise false -415 * @see X509#verifySignature -416 * @see KJUR.crypto.Signature -417 * -418 * @description -419 * This method verifies signature value of hexadecimal string of -420 * X.509 CRL by specified public key. -421 * The signature algorithm used to verify will refer -422 * signatureAlgorithm field. -423 * (See {@link X509CRL#getSignatureAlgorithmField}) -424 * -425 * @example -426 * crl = new X509CRL("-----BEGIN X509 CRL..."); -427 * x.verifySignature(pubKey) → true, false or raising exception -428 */ -429 this.verifySignature = function(pubKey) { -430 var algName = this.getSignatureAlgorithmField(); -431 var hSigVal = this.getSignatureValueHex(); -432 var hTbsCertList = _getTLVbyList(this.hex, 0, [0], "30"); -433 -434 var sig = new KJUR.crypto.Signature({alg: algName}); -435 sig.init(pubKey); -436 sig.updateHex(hTbsCertList); -437 return sig.verify(hSigVal); -438 }; -439 -440 /** -441 * get JSON object for CRL parameters<br/> -442 * @name getParam -443 * @memberOf X509CRL# -444 * @function -445 * @return {Array} JSON object for CRL parameters -446 * @see KJUR.asn1.x509.CRL -447 * -448 * @description -449 * This method returns a JSON object of the CRL -450 * parameters. -451 * Return value can be passed to -452 * {@link KJUR.asn1.x509.CRL} constructor. -453 * -454 * @example -455 * crl = new X509CRL("-----BEGIN X509 CRL..."); -456 * crl.getParam() → -457 * {version: 2, -458 * sigalg: "SHA256withRSA", -459 * issuer: {array: -460 * [[{type:"C",value:"JP",ds:"prn"}],[{type:"O",value:"T1",ds:"prn"}]]}, -461 * thisupdate: "200820212434Z", -462 * nextupdate: "200910212434Z", -463 * revcert: [ -464 * {sn:{hex:"123d..."}, -465 * date:"061110000000Z", -466 * ext:[{extname:"cRLReason",code:4}]}], -467 * ext: [ -468 * {extname:"authorityKeyIdentifier",kid:{hex: "03de..."}}, -469 * {extname:"cRLNumber",num:{hex:"0211"}}], -470 * sighex: "3c5e..."} -471 */ -472 this.getParam = function() { -473 var result = {}; -474 -475 var version = this.getVersion(); -476 if (version != null) result.version = version; -477 -478 result.sigalg = this.getSignatureAlgorithmField(); -479 result.issuer = this.getIssuer(); -480 result.thisupdate = this.getThisUpdate(); -481 -482 var nextUpdate = this.getNextUpdate(); -483 if (nextUpdate != null) result.nextupdate = nextUpdate; -484 -485 var revCerts = this.getRevCertArray(); -486 if (revCerts != null) result.revcert = revCerts; -487 -488 var idxExt = _getIdxbyListEx(this.hex, 0, [0, "[0]"]); -489 if (idxExt != -1) { -490 var hExtSeq = _getTLVbyListEx(this.hex, 0, [0, "[0]", 0]); -491 result.ext = _x509obj.getExtParamArray(hExtSeq); -492 } -493 -494 result.sighex = this.getSignatureValueHex(); -495 -496 this.parsed = result; -497 return result; -498 }; -499 -500 if (typeof params == "string") { -501 if (_isHex(params)) { -502 this.hex = params; -503 } else if (params.match(/-----BEGIN X509 CRL/)) { -504 this.hex = pemtohex(params); -505 } -506 this._setPos(); -507 } -508 }; -509 \ No newline at end of file +383 if (this.parsed.revcert == null) return null; +384 var revcert = this.parsed.revcert; +385 for (var i = 0; i < revcert.length; i++) { +386 if (hSN == revcert[i].sn.hex) return revcert[i]; +387 } +388 return null; +389 }; +390 +391 /** +392 * get signature value as hexadecimal string<br/> +393 * @name getSignatureValueHex +394 * @memberOf X509CRL# +395 * @function +396 * @return {String} signature value hexadecimal string without BitString unused bits +397 * +398 * @description +399 * This method will get signature value of CRL. +400 * +401 * @example +402 * crl = new X509CRL("-----BEGIN X509 CRL..."); +403 * crl.getSignatureValueHex() &rarr "8a4c47913..." +404 */ +405 this.getSignatureValueHex = function() { +406 return _getVbyList(this.hex, 0, [2], "03", true); +407 }; +408 +409 /** +410 * verifies signature value by public key<br/> +411 * @name verifySignature +412 * @memberOf X509CRL# +413 * @function +414 * @param {Object} pubKey public key object, pubkey PEM or PEM issuer cert +415 * @return {Boolean} true if signature value is valid otherwise false +416 * @see X509#verifySignature +417 * @see KJUR.crypto.Signature +418 * +419 * @description +420 * This method verifies signature value of hexadecimal string of +421 * X.509 CRL by specified public key. +422 * The signature algorithm used to verify will refer +423 * signatureAlgorithm field. +424 * (See {@link X509CRL#getSignatureAlgorithmField}) +425 * +426 * @example +427 * crl = new X509CRL("-----BEGIN X509 CRL..."); +428 * x.verifySignature(pubKey) → true, false or raising exception +429 */ +430 this.verifySignature = function(pubKey) { +431 var algName = this.getSignatureAlgorithmField(); +432 var hSigVal = this.getSignatureValueHex(); +433 var hTbsCertList = _getTLVbyList(this.hex, 0, [0], "30"); +434 +435 var sig = new KJUR.crypto.Signature({alg: algName}); +436 sig.init(pubKey); +437 sig.updateHex(hTbsCertList); +438 return sig.verify(hSigVal); +439 }; +440 +441 /** +442 * get JSON object for CRL parameters<br/> +443 * @name getParam +444 * @memberOf X509CRL# +445 * @function +446 * @return {Array} JSON object for CRL parameters +447 * @see KJUR.asn1.x509.CRL +448 * +449 * @description +450 * This method returns a JSON object of the CRL +451 * parameters. +452 * Return value can be passed to +453 * {@link KJUR.asn1.x509.CRL} constructor. +454 * +455 * @example +456 * crl = new X509CRL("-----BEGIN X509 CRL..."); +457 * crl.getParam() → +458 * {version: 2, +459 * sigalg: "SHA256withRSA", +460 * issuer: {array: +461 * [[{type:"C",value:"JP",ds:"prn"}],[{type:"O",value:"T1",ds:"prn"}]]}, +462 * thisupdate: "200820212434Z", +463 * nextupdate: "200910212434Z", +464 * revcert: [ +465 * {sn:{hex:"123d..."}, +466 * date:"061110000000Z", +467 * ext:[{extname:"cRLReason",code:4}]}], +468 * ext: [ +469 * {extname:"authorityKeyIdentifier",kid:{hex: "03de..."}}, +470 * {extname:"cRLNumber",num:{hex:"0211"}}], +471 * sighex: "3c5e..."} +472 */ +473 this.getParam = function() { +474 var result = {}; +475 +476 var version = this.getVersion(); +477 if (version != null) result.version = version; +478 +479 result.sigalg = this.getSignatureAlgorithmField(); +480 result.issuer = this.getIssuer(); +481 result.thisupdate = this.getThisUpdate(); +482 +483 var nextUpdate = this.getNextUpdate(); +484 if (nextUpdate != null) result.nextupdate = nextUpdate; +485 +486 var revCerts = this.getRevCertArray(); +487 if (revCerts != null) result.revcert = revCerts; +488 +489 var idxExt = _getIdxbyListEx(this.hex, 0, [0, "[0]"]); +490 if (idxExt != -1) { +491 var hExtSeq = _getTLVbyListEx(this.hex, 0, [0, "[0]", 0]); +492 result.ext = _x509obj.getExtParamArray(hExtSeq); +493 } +494 +495 result.sighex = this.getSignatureValueHex(); +496 +497 this.parsed = result; +498 return result; +499 }; +500 +501 if (typeof params == "string") { +502 if (_isHex(params)) { +503 this.hex = params; +504 } else if (params.match(/-----BEGIN X509 CRL/)) { +505 this.hex = pemtohex(params); +506 } +507 this._setPos(); +508 } +509 }; +510 \ No newline at end of file diff --git a/bower.json b/bower.json index f2b2ecbe..b1d28163 100644 --- a/bower.json +++ b/bower.json @@ -1,6 +1,6 @@ { "name": "kjur-jsrsasign", - "version": "10.5.6", + "version": "10.5.7", "main": "jsrsasign-all-min.js", "description": "The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES, JWS and JWT in pure JavaScript.", "license": "MIT", diff --git a/jsrsasign-all-min.js b/jsrsasign-all-min.js index e458b2ff..86c802b2 100644 --- a/jsrsasign-all-min.js +++ b/jsrsasign-all-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(all) 10.5.6 (2022-02-17) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(all) 10.5.7 (2022-02-19) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license */ /*! CryptoJS v3.1.2 core-fix.js @@ -234,6 +234,6 @@ var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dk){return false}var j=this.doPublic(b);var i=j.toString(16);if(i.length+3!=k/4){return false}var e=i.replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(m){return KJUR.crypto.Util.hashString(m,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q1){var C=b(y,x[1]);var w=this.getGeneralName(C);if(w.uri!=undefined){v.uri=w.uri}}if(x.length>2){var z=b(y,x[2]);if(z=="0101ff"){v.reqauth=true}if(z=="010100"){v.reqauth=false}}return v};this.getX500NameRule=function(v){var C=true;var G=true;var F=false;var w="";var z="";var I=null;var D=[];for(var y=0;y0){v.ext=this.getExtParamArray()}v.sighex=this.getSignatureValueHex();return v};this.getExtParamArray=function(w){if(w==undefined){var y=e(this.hex,0,[0,"[3]"]);if(y!=-1){w=m(this.hex,0,[0,"[3]",0],"30")}}var v=[];var x=o(w,0);for(var z=0;z0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/jsrsasign-jwths-min.js b/jsrsasign-jwths-min.js index bacf1b9a..629ed6d7 100644 --- a/jsrsasign-jwths-min.js +++ b/jsrsasign-jwths-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(jwths) 10.5.6 (2022-02-17) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(jwths) 10.5.7 (2022-02-19) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license */ /*! CryptoJS v3.1.2 core-fix.js diff --git a/jsrsasign-rsa-min.js b/jsrsasign-rsa-min.js index a1ac8784..911d3d3b 100644 --- a/jsrsasign-rsa-min.js +++ b/jsrsasign-rsa-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(rsa) 10.5.6 (2022-02-17) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(rsa) 10.5.7 (2022-02-19) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license */ /*! CryptoJS v3.1.2 core-fix.js diff --git a/min/x509crl.min.js b/min/x509crl.min.js index 7a5573c9..5e90c061 100644 --- a/min/x509crl.min.js +++ b/min/x509crl.min.js @@ -1 +1 @@ -var X509CRL=function(e){var a=KJUR,f=a.lang.String.isHex,m=ASN1HEX,k=m.getV,b=m.getTLV,h=m.getVbyList,c=m.getTLVbyList,d=m.getTLVbyListEx,i=m.getIdxbyList,g=m.getIdxbyListEx,l=m.getChildIdx,j=new X509();this.hex=null;this.posSigAlg=null;this.posRevCert=null;this.parsed=null;this._setPos=function(){var o=i(this.hex,0,[0,0]);var n=this.hex.substr(o,2);if(n=="02"){this.posSigAlg=1}else{if(n=="30"){this.posSigAlg=0}else{throw new Error("malformed 1st item of TBSCertList: "+n)}}var s=i(this.hex,0,[0,this.posSigAlg+3]);var r=this.hex.substr(s,2);if(r=="17"||r=="18"){var q,p;q=i(this.hex,0,[0,this.posSigAlg+4]);this.posRevCert=null;if(q!=-1){p=this.hex.substr(q,2);if(p=="30"){this.posRevCert=this.posSigAlg+4}}}else{if(r=="30"){this.posRevCert=this.posSigAlg+3}else{if(r=="a0"){this.posRevCert=null}else{throw new Error("malformed nextUpdate or revCert tag: "+r)}}}};this.getVersion=function(){if(this.posSigAlg==0){return null}return parseInt(h(this.hex,0,[0,0],"02"),16)+1};this.getSignatureAlgorithmField=function(){var n=c(this.hex,0,[0,this.posSigAlg],"30");return j.getAlgorithmIdentifierName(n)};this.getIssuer=function(){return j.getX500Name(this.getIssuerHex())};this.getIssuerHex=function(){return c(this.hex,0,[0,this.posSigAlg+1],"30")};this.getThisUpdate=function(){var n=h(this.hex,0,[0,this.posSigAlg+2]);return result=hextorstr(n)};this.getNextUpdate=function(){var o=i(this.hex,0,[0,this.posSigAlg+3]);var n=this.hex.substr(o,2);if(n!="17"&&n!="18"){return null}return hextorstr(k(this.hex,o))};this.getRevCertArray=function(){if(this.posRevCert==null){return null}var o=[];var n=i(this.hex,0,[0,this.posRevCert]);var p=l(this.hex,n);for(var q=0;q>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dk){return false}var j=this.doPublic(b);var i=j.toString(16);if(i.length+3!=k/4){return false}var e=i.replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(m){return KJUR.crypto.Util.hashString(m,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q1){var C=b(y,x[1]);var w=this.getGeneralName(C);if(w.uri!=undefined){v.uri=w.uri}}if(x.length>2){var z=b(y,x[2]);if(z=="0101ff"){v.reqauth=true}if(z=="010100"){v.reqauth=false}}return v};this.getX500NameRule=function(v){var C=true;var G=true;var F=false;var w="";var z="";var I=null;var D=[];for(var y=0;y0){v.ext=this.getExtParamArray()}v.sighex=this.getSignatureValueHex();return v};this.getExtParamArray=function(w){if(w==undefined){var y=e(this.hex,0,[0,"[3]"]);if(y!=-1){w=m(this.hex,0,[0,"[3]",0],"30")}}var v=[];var x=o(w,0);for(var z=0;z0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/npm/lib/jsrsasign-jwths-min.js b/npm/lib/jsrsasign-jwths-min.js index bacf1b9a..629ed6d7 100644 --- a/npm/lib/jsrsasign-jwths-min.js +++ b/npm/lib/jsrsasign-jwths-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(jwths) 10.5.6 (2022-02-17) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(jwths) 10.5.7 (2022-02-19) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license */ /*! CryptoJS v3.1.2 core-fix.js diff --git a/npm/lib/jsrsasign-rsa-min.js b/npm/lib/jsrsasign-rsa-min.js index a1ac8784..911d3d3b 100644 --- a/npm/lib/jsrsasign-rsa-min.js +++ b/npm/lib/jsrsasign-rsa-min.js @@ -1,5 +1,5 @@ /* - * jsrsasign(rsa) 10.5.6 (2022-02-17) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(rsa) 10.5.7 (2022-02-19) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license */ /*! CryptoJS v3.1.2 core-fix.js diff --git a/npm/lib/jsrsasign.js b/npm/lib/jsrsasign.js index 48b2ffd2..e5576a96 100755 --- a/npm/lib/jsrsasign.js +++ b/npm/lib/jsrsasign.js @@ -4,7 +4,7 @@ navigator.userAgent = false; var window = {}; /* - * jsrsasign(all) 10.5.6 (2022-02-17) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(all) 10.5.7 (2022-02-19) (c) 2010-2021 Kenji Urushima | kjur.github.io/jsrsasign/license */ /*! CryptoJS v3.1.2 core-fix.js @@ -239,7 +239,7 @@ var KEYUTIL=function(){var d=function(p,r,q){return k(CryptoJS.AES,p,r,q)};var e RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dk){return false}var j=this.doPublic(b);var i=j.toString(16);if(i.length+3!=k/4){return false}var e=i.replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(m){return KJUR.crypto.Util.hashString(m,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q1){var C=b(y,x[1]);var w=this.getGeneralName(C);if(w.uri!=undefined){v.uri=w.uri}}if(x.length>2){var z=b(y,x[2]);if(z=="0101ff"){v.reqauth=true}if(z=="010100"){v.reqauth=false}}return v};this.getX500NameRule=function(v){var C=true;var G=true;var F=false;var w="";var z="";var I=null;var D=[];for(var y=0;y0){v.ext=this.getExtParamArray()}v.sighex=this.getSignatureValueHex();return v};this.getExtParamArray=function(w){if(w==undefined){var y=e(this.hex,0,[0,"[3]"]);if(y!=-1){w=m(this.hex,0,[0,"[3]",0],"30")}}var v=[];var x=o(w,0);for(var z=0;z0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;var k=e.split(".");var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; exports.SecureRandom = SecureRandom; diff --git a/npm/package.json b/npm/package.json index 98049da2..8bb62bc3 100755 --- a/npm/package.json +++ b/npm/package.json @@ -1,6 +1,6 @@ { "name": "jsrsasign", - "version": "10.5.6", + "version": "10.5.7", "description": "opensource free pure JavaScript cryptographic library supports RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp and CAdES and JSON Web Signature(JWS)/Token(JWT)/Key(JWK).", "main": "lib/jsrsasign.js", "scripts": { diff --git a/src/asn1ocsp-1.0.js b/src/asn1ocsp-1.0.js index a704d778..08868dd1 100644 --- a/src/asn1ocsp-1.0.js +++ b/src/asn1ocsp-1.0.js @@ -111,8 +111,8 @@ KJUR.asn1.ocsp.DEFAULT_HASH = "sha1"; * <> * }); * // constructor for error - * new KJUR.asn1.ocsp.OCSPRequest({resstatus: 1}) - * new KJUR.asn1.ocsp.OCSPRequest({resstatus: "unauthorized"}) + * new KJUR.asn1.ocsp.OCSPResponse({resstatus: 1}) + * new KJUR.asn1.ocsp.OCSPResponse({resstatus: "unauthorized"}) */ KJUR.asn1.ocsp.OCSPResponse = function(params) { KJUR.asn1.ocsp.OCSPResponse.superclass.constructor.call(this); diff --git a/src/x509crl.js b/src/x509crl.js index 2d3b88fc..715370ee 100644 --- a/src/x509crl.js +++ b/src/x509crl.js @@ -16,7 +16,7 @@ * @fileOverview * @name x509crl.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 10.5.5 x509crl 1.0.3 (2021-Feb-17) + * @version jsrsasign 10.5.7 x509crl 1.0.4 (2021-Feb-19) * @since jsrsasign 10.1.0 * @license MIT License */ @@ -380,6 +380,7 @@ var X509CRL = function(params) { */ this.findRevCertBySN = function(hSN) { if (this.parsed == null) this.getParam(); + if (this.parsed.revcert == null) return null; var revcert = this.parsed.revcert; for (var i = 0; i < revcert.length; i++) { if (hSN == revcert[i].sn.hex) return revcert[i]; diff --git a/test/x509crl.html b/test/x509crl.html index 53f9c4d6..f57ee367 100755 --- a/test/x509crl.html +++ b/test/x509crl.html @@ -42,7 +42,6 @@ - @@ -54,6 +53,60 @@ // **** TEST ********** +// Let's Encrypt www.letsencrypt.org chain (pemLetsROOT,pemLetsR3,pemLetsROOTCRL) +var pemLetsR3 = (function() {/* +-----BEGIN CERTIFICATE----- +MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw +WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP +R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx +sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm +NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg +Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG +/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC +AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB +Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA +FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw +AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw +Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB +gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W +PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl +ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz +CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm +lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 +avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 +yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O +yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids +hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ +HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv +MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX +nLRbwHOoq7hHwg== +-----END CERTIFICATE----- +*/}).toString().match(/\/\*([^]*)\*\//)[1]; + +var pemLetsROOTCRL = (function() {/* +-----BEGIN X509 CRL----- +MIICyTCBsgIBATANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEpMCcGA1UE +ChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElT +UkcgUm9vdCBYMRcNMjEwNzE1MDAwMDAwWhcNMjIwNjE0MjM1OTU5WqAvMC0wHwYD +VR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wCgYDVR0UBAMCAWUwDQYJKoZI +hvcNAQELBQADggIBACU9kbml56oTQS8hdgSBnKkOFfzSwonn1f8rDkF1S6i12pJo +fR6IKmICE/NLStXratE3cFepDINBl2g5f4eQF129l8GnvRXkjTxq7xl9scBe5Ji7 +cxLCwhooZoagErPv+Ze9gAB8f5wk4HlG1J6EWixgxdOgk/4ERtzuyHkBSIhiPP3Y ++u326OaSAZL413P5jLzBUT8zgeLXQLnqaSA9cugtsVyDv959/8to0wrFPBckQhzT +huy3o0mee4O2T/hB07XaJj0V07a6GpEdG6VJHt5VQBjAz6lrFXorAFeuThIAUKks +ivHsuPwU2fxGp3TWkUK1fMfE8mwgTzzlLcO0wY3YMfz0mgu4C+36IsjMs5kR82dj +Mx9IdR201DXCEM18kWiTPESAiN5EGXJ6QyiW1z98j96cmNE9XI05XnC0BJGviKnm +v4mPRVdAKg4RXJWGMwdT6XXSukE4uWBb0vArNjjVDiCGC2XHseopEJ7K3QgBOKAv +IDyekT2aSWS4DFeAktP1W2QM4BLXWgCsjeNkCf7QqPDXlfmghNFR8BlUXrMnNFGa +wB9MfnGP/+hgftI3BCWRftHgnBsMrRVsFr8/ImvTHymd801Gsgfu21/dpAYPGEDB +BRAckZg2VhAWXOm7SPGS+LAcI6c02dO+Xi9dG/8ZClRNLnbJgu1N1PAd1hq6 +-----END X509 CRL----- +*/}).toString().match(/\/\*([^]*)\*\//)[1]; + // DigiCert Global Root CRL // 0cert_sites/digicertglobalrootca.crl.529 2020.08.20 var pemCRLDigiCert = (function() {/* @@ -158,6 +211,17 @@ deepEqual(crl.findRevCertBySN("0000"), null, "0000 > null(not found)"); }); +test("findRevCert test LetsEncryt Root", function() { +var crl = new X509CRL(pemLetsROOTCRL); +var pExpect = {}; +deepEqual(crl.findRevCert(pemLetsR3), null, "0000 > null(LetsR3 not found)"); +}); + +test("findRevCertBySN test LetsEncrypt Root", function() { +var crl = new X509CRL(pemLetsROOTCRL); +var pExpect = {}; +deepEqual(crl.findRevCertBySN("0000"), null, "0000 > null(not found)"); +}); test("verifySignature test (digicert global root crl)", function() { var crl = new X509CRL(pemCRLDigiCert);