diff --git a/ChangeLog.txt b/ChangeLog.txt index 6de0f6e4..c6d94ab7 100755 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,6 +1,19 @@ ChangeLog for jsrsasign +UserNotice of CertificatePolicies support and more +* Changes from 10.7.0 to 10.8.0 (2023-Apr-8) + - x509.js + - X509.getUserNotice supports NoticeReference + - add asn1ToDisplayText method + - base64x.js + - add function msectozulu + - add aryval for nested JSON value access + - asn1.js + - DERInteger refactoring + - test/qunit-do-{asn1,asn1x509,base64x,x509-ext}.html + - update and add some test cases for above + custom X.509 extension support and utility functions * Changes from 10.6.1 to 10.7.0 (2023-Mar-12) - x509.js diff --git a/README.md b/README.md index 07204e19..f4d8c6ae 100755 --- a/README.md +++ b/README.md @@ -18,8 +18,22 @@ Public page is https://kjur.github.io/jsrsasign . Your bugfix and pull request contribution are always welcomed :) +NOTICE FOR COMMING 11.0.0 RELEASE +--------------------------------- +The "jsrsasign" library is a long lived JavaScript library from 2010 developed with old JavaScript style and backword compatibility. From coming release 11.0.0, following are planed and suport them gradually: +- Stop to support Internet Explorer. +- Stop to support bower. +- Modern ECMA functions will be introduced such as Promise, let, Array methods or class. +- API document generator will be changed from Jsdoc Toolkit to JSDoc3. +- Module bandler will be used such as browserify or webpack. +- Not to use YUI compressor. +- Unit test framework will be changed from QUnit and mocha to jest. +- W3C Web Crypto API support. +- split into some modules besides jsrsasign have been all in package before 11.0.0. + NEWS ---- +- 2023-Mar-12: [10.7.0 Release](https://github.com/kjur/jsrsasign/releases/tag/10.7.0). Now supports custom X.509 extension and custom OIDs by new "Add-on" architecture. ([See here in detail](https://github.com/kjur/jsrsasign/wiki/jsrsasign-Add-On2)) - 2021-Nov-21: [10.5.0 Release](https://github.com/kjur/jsrsasign/releases/tag/10.5.0). Now supports secp521r1(P-521) ECDSA. - 2021-Apr-14: [Security advisory](https://github.com/kjur/jsrsasign/security/advisories/GHSA-27fj-mc8w-j9wg) and [update](https://github.com/kjur/jsrsasign/releases/tag/10.2.0) for CVE-2021-30246 RSA signature validation vulnerability published - 2020-Oct-05: jsrsasign won [Google Open Source Peer Bonus Award](https://opensource.googleblog.com/2020/10/announcing-latest-google-open-source.html). Thank you Google. @@ -39,7 +53,8 @@ HIGHLIGHTS - no dependency to other library - no dependency to [W3C Web Cryptography API](https://www.w3.org/TR/WebCryptoAPI/) nor [OpenSSL](https://www.openssl.org/) - no dependency on newer ECMAScirpt function. So old browsers also supported. -- very popular crypto library with [1M+ npm downloads/month](https://npm-stat.com/charts.html?package=jsrsasign&from=2016-05-01&to=2022-11-18) +- very popular crypto library with [1M+ npm downloads/month](https://npm-stat.com/charts.html?package=jsrsasign&from=2016-05-01&to=2023-04-05) +- supports "Add-on" architecture INSTALL ------- diff --git a/api/files.html b/api/files.html index b599d029..d065bc70 100644 --- a/api/files.html +++ b/api/files.html @@ -535,7 +535,7 @@

asn1-1.0.js

Version:
-
jsrsasign 10.5.22 asn1 1.0.26 (2022-May-24)
+
jsrsasign 10.8.0 asn1 1.0.27 (2023-Apr-08)
@@ -687,7 +687,7 @@

base64x-1.1.js

Version:
-
jsrsasign 10.7.0 base64x 1.1.31 (2023-Mar-11)
+
jsrsasign 10.8.0 base64x 1.1.32 (2023-Apr-08)
@@ -896,7 +896,7 @@

x509-1.1.js

Version:
-
jsrsasign 10.7.0 x509 2.1.2 (2023-Mar-11)
+
jsrsasign 10.8.0 x509 2.1.3 (2023-Apr-08)
diff --git a/api/symbols/KJUR.asn1.DERInteger.html b/api/symbols/KJUR.asn1.DERInteger.html index 8c6f88e1..e147cf5f 100644 --- a/api/symbols/KJUR.asn1.DERInteger.html +++ b/api/symbols/KJUR.asn1.DERInteger.html @@ -789,7 +789,8 @@ 

new KJUR.asn1.DERInteger(123);
 new KJUR.asn1.DERInteger({'int': 123});
-new KJUR.asn1.DERInteger({'hex': '1fad'});
+new KJUR.asn1.DERInteger({'hex': '1fad'}); +new KJUR.asn1.DERInteger({'bigint': new BigInteger("1234", 10)}); diff --git a/api/symbols/X509.html b/api/symbols/X509.html index 4c3698c8..366752d2 100644 --- a/api/symbols/X509.html +++ b/api/symbols/X509.html @@ -659,6 +659,19 @@

+ +   + +
asn1ToDisplayText(pASN1) +
+
convert ASN1Object parameter to DisplayText parameter +This method converts from KJUR.asn1.ASN1Util#newObject paramter to +KJUR.asn1.x509.DisplayText paramter +for +DisplayText ASN.1 structure.
+ + +   @@ -1853,6 +1866,85 @@

Method Detail + +
+ + {Object} + asn1ToDisplayText(pASN1) + +
+
+ convert ASN1Object parameter to DisplayText parameter +This method converts from KJUR.asn1.ASN1Util#newObject paramter to +KJUR.asn1.x509.DisplayText paramter +for +DisplayText ASN.1 structure. +
+DisplayText ::= CHOICE {
+     ia5String        IA5String      (SIZE (1..200)),
+     visibleString    VisibleString  (SIZE (1..200)),
+     bmpString        BMPString      (SIZE (1..200)),
+     utf8String       UTF8String     (SIZE (1..200)) }     
+
+Result of this method can be passed to +KJUR.asn1.x509.DisplayText constructor. + + +
+ + + + 
x = new X509();
+x.asn1ToDisplayText({utf8str: {str: "aaa"}}) &rarr {type: 'utf8', str: 'aaa'}
+x.asn1ToDisplayText({bmpstr: {str: "aaa"}}) &rarr {type: 'bmp',  str: 'aaa'}
+ + + + +
+
Parameters:
+ +
+ {Object} pASN1 + +
+
ASN1Object paramter for DisplayText
+ +
+ + + +
+
Since:
+
jsrsasign 10.8.0 x509 2.1.3
+
+ + + + +
+
Returns:
+ +
{Object} DisplayText paramter
+ +
+ + + +
+
See:
+ +
X509#getDisplayText
+ +
KJUR.asn1.x509.DisplayText
+ +
KJUR.asn1.ASN1Util#newObject
+ +
+ + +
+
@@ -6448,12 +6540,14 @@

UserNotice ::= SEQUENCE { noticeRef NoticeReference OPTIONAL, explicitText DisplayText OPTIONAL } +NoticeReference ::= SEQUENCE { + organization DisplayText, + noticeNumbers SEQUENCE OF INTEGER } Result of this method can be passed to -KJUR.asn1.x509.NoticeReference constructor. +KJUR.asn1.x509.UserNotice constructor.
-NOTE: NoticeReference parsing is currently not supported and -it will be ignored. +NOTE: NoticeReference supported from jsrsasign 10.8.0.

@@ -6461,7 +6555,13 @@ 

x = new X509();
-x.getUserNotice("30...") → {exptext: {type: 'utf8', str: 'aaa'}}
+x.getUserNotice("30...") → { + noticeref: { + org: {type: 'utf8', str: 'test org'}, + noticenum: [1] + }, + exptext: {type: 'utf8', str: 'test text'} +} @@ -6505,6 +6605,8 @@

X509#getPolicyQualifierInfo
+
KJUR.asn1.x509.UserNotice
+ diff --git a/api/symbols/global__.html b/api/symbols/global__.html index 46d775f9..e49d845e 100644 --- a/api/symbols/global__.html +++ b/api/symbols/global__.html @@ -573,6 +573,17 @@

+ +   + +
aryval(val, keys, def) +
+
get value of array by key name list
+This function returns the value of an array or associative array +which referred by a concatinated key list string.
+ + +   @@ -943,6 +954,16 @@

+ +   + +
msectozulu(n) +
+
Unix origin milliseconds GeneralizedTime string
+This function converts from milliseconds of Unix origin time (ex.
+ + +   @@ -1355,6 +1376,91 @@

+
+ + +
+ + {object} + aryval(val, keys, def) + +
+
+ get value of array by key name list
+This function returns the value of an array or associative array +which referred by a concatinated key list string. +If a value for key is not defined, it returns 'undefined' by default. +When an optional argument 'def' is specified and a value for key is +not defined, it returns a value of 'def'. + +
+ Defined in: base64x-1.1.js. + + +
+ + + + 
let p = {
+  fruit: apple,
+  info: [
+    { toy: 4 },
+    { pen: 6 }
+  ]
+};
+aryval(p, 'fruit') &rarr "apple"
+aryval(p, 'info') &rarr [{toy: 4},{pen: 6}]
+aryval(p, 'info.1') &rarr {pen: 6}
+aryval(p, 'info.1.pen') &rarr 6
+aryval(p, 'money.amount') &rarr undefined
+aryval(p, 'money.amount', null) &rarr null
+ + + + +
+
Parameters:
+ +
+ {object} val + +
+
array of associative array
+ +
+ {string} keys + +
+
concatinated key list with dot (ex. 'type.name.0.info')
+ +
+ {object} def + +
+
default value if value is not found (OPTIONAL)
+ +
+ + + +
+
Since:
+
jsrsasign 10.8.0 base64x 1.1.32
+
+ + + + +
+
Returns:
+ +
{object} value if found otherwise returns def
+ +
+ + + +
@@ -3623,6 +3729,67 @@

+
+ + +
+ + {string} + msectozulu(n) + +
+
+ Unix origin milliseconds GeneralizedTime string
+This function converts from milliseconds of Unix origin time (ex. 1199145599000 +for 31 Dec 2007 23:59:59 GMT) to GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ). +The result string may have a fraction of second. + +
+ Defined in: base64x-1.1.js. + + +
+ + + + 
msectozulu(1199145599000) → "20071231235959Z"       #Mon, 31 Dec 2007 23:59:59     GMT
+msectozulu(1199145599100) → "20071231235959.1Z"     #Mon, 31 Dec 2007 23:59:59.1   GMT
+msectozulu(1199145599123) → "20071231235959.123Z"   #Mon, 31 Dec 2007 23:59:59.123 GMT
+ + + + +
+
Parameters:
+ +
+ {number} n + +
+
milliseconds from Unix origin time (i.e. Jan 1, 1970 0:00:00 UTC)
+ +
+ + + +
+
Since:
+
jsrsasign 10.8.0 base64x 1.1.31
+
+ + + + +
+
Returns:
+ +
{string} GeneralizedTime string (ex. 20170412235959.384Z)
+ +
+ + + +
diff --git a/api/symbols/src/asn1-1.0.js.html b/api/symbols/src/asn1-1.0.js.html index edbab84f..6a8f569c 100644 --- a/api/symbols/src/asn1-1.0.js.html +++ b/api/symbols/src/asn1-1.0.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
  1 /* asn1-1.0.26.js (c) 2013-2022 Kenji Urushima | kjur.github.io/jsrsasign/license
+	
  1 /* asn1-1.0.27.js (c) 2013-2023 Kenji Urushima | kjur.github.io/jsrsasign/license
   2  */
   3 /*
   4  * asn1.js - ASN.1 DER encoder classes
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1-1.0.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 10.5.22 asn1 1.0.26 (2022-May-24)
+ 19  * @version jsrsasign 10.8.0 asn1 1.0.27 (2023-Apr-08)
  20  * @since jsrsasign 2.1
  21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -898,960 +898,974 @@
 891 KJUR.asn1.DERInteger = function(params) {
 892     KJUR.asn1.DERInteger.superclass.constructor.call(this);
 893     this.hT = "02";
-894 
-895     /**
-896      * set value by Tom Wu's BigInteger object
-897      * @name setByBigInteger
-898      * @memberOf KJUR.asn1.DERInteger#
-899      * @function
-900      * @param {BigInteger} bigIntegerValue to set
-901      */
-902     this.setByBigInteger = function(bigIntegerValue) {
-903         this.hTLV = null;
-904         this.isModified = true;
-905         this.hV = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(bigIntegerValue);
-906     };
-907 
-908     /**
-909      * set value by integer value
-910      * @name setByInteger
-911      * @memberOf KJUR.asn1.DERInteger
-912      * @function
-913      * @param {Integer} integer value to set
-914      */
-915     this.setByInteger = function(intValue) {
-916         var bi = new BigInteger(String(intValue), 10);
-917         this.setByBigInteger(bi);
-918     };
-919 
-920     /**
-921      * set value by integer value
-922      * @name setValueHex
-923      * @memberOf KJUR.asn1.DERInteger#
-924      * @function
-925      * @param {String} hexadecimal string of integer value
-926      * @description
-927      * <br/>
-928      * NOTE: Value shall be represented by minimum octet length of
-929      * two's complement representation.
-930      * @example
-931      * new KJUR.asn1.DERInteger(123);
-932      * new KJUR.asn1.DERInteger({'int': 123});
-933      * new KJUR.asn1.DERInteger({'hex': '1fad'});
-934      */
-935     this.setValueHex = function(newHexString) {
-936         this.hV = newHexString;
-937     };
-938 
-939     this.getFreshValueHex = function() {
-940         return this.hV;
-941     };
-942 
-943     if (typeof params != "undefined") {
-944         if (typeof params['bigint'] != "undefined") {
-945             this.setByBigInteger(params['bigint']);
-946         } else if (typeof params['int'] != "undefined") {
-947             this.setByInteger(params['int']);
-948         } else if (typeof params == "number") {
-949             this.setByInteger(params);
-950         } else if (typeof params['hex'] != "undefined") {
-951             this.setValueHex(params['hex']);
-952         }
-953     }
-954 };
-955 extendClass(KJUR.asn1.DERInteger, KJUR.asn1.ASN1Object);
-956 
-957 // ********************************************************************
-958 /**
-959  * class for ASN.1 DER encoded BitString primitive
-960  * @name KJUR.asn1.DERBitString
-961  * @class class for ASN.1 DER encoded BitString primitive
-962  * @extends KJUR.asn1.ASN1Object
-963  * @description 
-964  * <br/>
-965  * As for argument 'params' for constructor, you can specify one of
-966  * following properties:
-967  * <ul>
-968  * <li>bin - specify binary string (ex. '10111')</li>
-969  * <li>array - specify array of boolean (ex. [true,false,true,true])</li>
-970  * <li>hex - specify hexadecimal string of ASN.1 value(V) including unused bits</li>
-971  * <li>obj - specify {@link KJUR.asn1.ASN1Util.newObject} 
-972  * argument for "BitString encapsulates" structure.</li>
-973  * </ul>
-974  * NOTE1: 'params' can be omitted.<br/>
-975  * NOTE2: 'obj' parameter have been supported since
-976  * asn1 1.0.11, jsrsasign 6.1.1 (2016-Sep-25).<br/>
-977  *
-978  * @example
-979  * // default constructor
-980  * o = new KJUR.asn1.DERBitString();
-981  * // initialize with binary string
-982  * o = new KJUR.asn1.DERBitString({bin: "1011"});
-983  * // initialize with boolean array
-984  * o = new KJUR.asn1.DERBitString({array: [true,false,true,true]});
-985  * // initialize with hexadecimal string (04 is unused bits)
-986  * o = new KJUR.asn1.DERBitString({hex: "04bac0"});
-987  * // initialize with ASN1Util.newObject argument for encapsulated
-988  * o = new KJUR.asn1.DERBitString({obj: {seq: [{int: 3}, {prnstr: 'aaa'}]}});
-989  * // above generates a ASN.1 data like this:
-990  * // BIT STRING, encapsulates {
-991  * //   SEQUENCE {
-992  * //     INTEGER 3
-993  * //     PrintableString 'aaa'
-994  * //     }
-995  * //   } 
-996  */
-997 KJUR.asn1.DERBitString = function(params) {
-998     if (params !== undefined && typeof params.obj !== "undefined") {
-999 	var o = KJUR.asn1.ASN1Util.newObject(params.obj);
-1000 	params.hex = "00" + o.tohex();
-1001     }
-1002     KJUR.asn1.DERBitString.superclass.constructor.call(this);
-1003     this.hT = "03";
-1004 
-1005     /**
-1006      * set ASN.1 value(V) by a hexadecimal string including unused bits
-1007      * @name setHexValueIncludingUnusedBits
-1008      * @memberOf KJUR.asn1.DERBitString#
-1009      * @function
-1010      * @param {String} newHexStringIncludingUnusedBits
-1011      */
-1012     this.setHexValueIncludingUnusedBits = function(newHexStringIncludingUnusedBits) {
-1013         this.hTLV = null;
-1014         this.isModified = true;
-1015         this.hV = newHexStringIncludingUnusedBits;
-1016     };
-1017 
-1018     /**
-1019      * set ASN.1 value(V) by unused bit and hexadecimal string of value
-1020      * @name setUnusedBitsAndHexValue
-1021      * @memberOf KJUR.asn1.DERBitString#
-1022      * @function
-1023      * @param {Integer} unusedBits
-1024      * @param {String} hValue
+894     this.params = null;
+895     var _biToTwoCompl = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex;
+896 
+897     /**
+898      * set value by Tom Wu's BigInteger object
+899      * @name setByBigInteger
+900      * @memberOf KJUR.asn1.DERInteger#
+901      * @function
+902      * @param {BigInteger} bigIntegerValue to set
+903      */
+904     this.setByBigInteger = function(bigIntegerValue) {
+905 	this.isModified = true;
+906 	this.params = { bigint: bigIntegerValue };
+907     };
+908 
+909     /**
+910      * set value by integer value
+911      * @name setByInteger
+912      * @memberOf KJUR.asn1.DERInteger
+913      * @function
+914      * @param {Integer} integer value to set
+915      */
+916     this.setByInteger = function(intValue) {
+917 	this.isModified = true;
+918 	this.params = intValue;
+919     };
+920 
+921     /**
+922      * set value by integer value
+923      * @name setValueHex
+924      * @memberOf KJUR.asn1.DERInteger#
+925      * @function
+926      * @param {String} hexadecimal string of integer value
+927      * @description
+928      * <br/>
+929      * NOTE: Value shall be represented by minimum octet length of
+930      * two's complement representation.
+931      * @example
+932      * new KJUR.asn1.DERInteger(123);
+933      * new KJUR.asn1.DERInteger({'int': 123});
+934      * new KJUR.asn1.DERInteger({'hex': '1fad'});
+935      * new KJUR.asn1.DERInteger({'bigint': new BigInteger("1234", 10)});
+936      */
+937     this.setValueHex = function(newHexString) {
+938 	this.isModified = true;
+939 	this.params = { hex: newHexString };
+940     };
+941 
+942     this.getFreshValueHex = function() {
+943 	var params = this.params;
+944 	var bi = null;
+945 	if (params == null) throw new Error("value not set");
+946 
+947 	if (typeof params == "object" && params.hex != undefined) {
+948 	    this.hV = params.hex;
+949             return this.hV;
+950 	}
+951 
+952 	if (typeof params == "number") {
+953 	    bi = new BigInteger(String(params), 10);
+954 	} else if (params["int"] != undefined) {
+955 	    bi = new BigInteger(String(params["int"]), 10);
+956 	} else if (params.bigint != undefined) {
+957 	    bi = params.bigint;
+958 	} else {
+959 	    throw new Error("wrong parameter");
+960 	}
+961 	this.hV = _biToTwoCompl(bi);
+962         return this.hV;
+963     };
+964 
+965     if (params != undefined) {
+966 	this.params = params;
+967     }
+968 };
+969 extendClass(KJUR.asn1.DERInteger, KJUR.asn1.ASN1Object);
+970 
+971 // ********************************************************************
+972 /**
+973  * class for ASN.1 DER encoded BitString primitive
+974  * @name KJUR.asn1.DERBitString
+975  * @class class for ASN.1 DER encoded BitString primitive
+976  * @extends KJUR.asn1.ASN1Object
+977  * @description 
+978  * <br/>
+979  * As for argument 'params' for constructor, you can specify one of
+980  * following properties:
+981  * <ul>
+982  * <li>bin - specify binary string (ex. '10111')</li>
+983  * <li>array - specify array of boolean (ex. [true,false,true,true])</li>
+984  * <li>hex - specify hexadecimal string of ASN.1 value(V) including unused bits</li>
+985  * <li>obj - specify {@link KJUR.asn1.ASN1Util.newObject} 
+986  * argument for "BitString encapsulates" structure.</li>
+987  * </ul>
+988  * NOTE1: 'params' can be omitted.<br/>
+989  * NOTE2: 'obj' parameter have been supported since
+990  * asn1 1.0.11, jsrsasign 6.1.1 (2016-Sep-25).<br/>
+991  *
+992  * @example
+993  * // default constructor
+994  * o = new KJUR.asn1.DERBitString();
+995  * // initialize with binary string
+996  * o = new KJUR.asn1.DERBitString({bin: "1011"});
+997  * // initialize with boolean array
+998  * o = new KJUR.asn1.DERBitString({array: [true,false,true,true]});
+999  * // initialize with hexadecimal string (04 is unused bits)
+1000  * o = new KJUR.asn1.DERBitString({hex: "04bac0"});
+1001  * // initialize with ASN1Util.newObject argument for encapsulated
+1002  * o = new KJUR.asn1.DERBitString({obj: {seq: [{int: 3}, {prnstr: 'aaa'}]}});
+1003  * // above generates a ASN.1 data like this:
+1004  * // BIT STRING, encapsulates {
+1005  * //   SEQUENCE {
+1006  * //     INTEGER 3
+1007  * //     PrintableString 'aaa'
+1008  * //     }
+1009  * //   } 
+1010  */
+1011 KJUR.asn1.DERBitString = function(params) {
+1012     if (params !== undefined && typeof params.obj !== "undefined") {
+1013 	var o = KJUR.asn1.ASN1Util.newObject(params.obj);
+1014 	params.hex = "00" + o.tohex();
+1015     }
+1016     KJUR.asn1.DERBitString.superclass.constructor.call(this);
+1017     this.hT = "03";
+1018 
+1019     /**
+1020      * set ASN.1 value(V) by a hexadecimal string including unused bits
+1021      * @name setHexValueIncludingUnusedBits
+1022      * @memberOf KJUR.asn1.DERBitString#
+1023      * @function
+1024      * @param {String} newHexStringIncludingUnusedBits
 1025      */
-1026     this.setUnusedBitsAndHexValue = function(unusedBits, hValue) {
-1027         if (unusedBits < 0 || 7 < unusedBits) {
-1028             throw "unused bits shall be from 0 to 7: u = " + unusedBits;
-1029         }
-1030         var hUnusedBits = "0" + unusedBits;
-1031         this.hTLV = null;
-1032         this.isModified = true;
-1033         this.hV = hUnusedBits + hValue;
-1034     };
-1035 
-1036     /**
-1037      * set ASN.1 DER BitString by binary string<br/>
-1038      * @name setByBinaryString
-1039      * @memberOf KJUR.asn1.DERBitString#
-1040      * @function
-1041      * @param {String} binaryString binary value string (i.e. '10111')
-1042      * @description
-1043      * Its unused bits will be calculated automatically by length of 
-1044      * 'binaryValue'. <br/>
-1045      * NOTE: Leading zeros '0' will be ignored.
-1046      * @example
-1047      * o = new KJUR.asn1.DERBitString();
-1048      * o.setByBinaryString("1011");
-1049      * o.setByBinaryString("001"); // leading zeros ignored
-1050      */
-1051     this.setByBinaryString = function(binaryString) {
-1052         binaryString = binaryString.replace(/0+$/, '');
-1053         var unusedBits = 8 - binaryString.length % 8;
-1054         if (unusedBits == 8) unusedBits = 0;
-1055 	
-1056 	binaryString += "0000000".substr(0, unusedBits);
-1057 
-1058         var h = '';
-1059         for (var i = 0; i < binaryString.length - 1; i += 8) {
-1060             var b = binaryString.substr(i, 8);
-1061             var x = parseInt(b, 2).toString(16);
-1062             if (x.length == 1) x = '0' + x;
-1063             h += x;  
-1064         }
-1065         this.hTLV = null;
-1066         this.isModified = true;
-1067         this.hV = '0' + unusedBits + h;
-1068     };
-1069 
-1070     /**
-1071      * set ASN.1 TLV value(V) by an array of boolean<br/>
-1072      * @name setByBooleanArray
-1073      * @memberOf KJUR.asn1.DERBitString#
-1074      * @function
-1075      * @param {array} booleanArray array of boolean (ex. [true, false, true])
-1076      * @description
-1077      * NOTE: Trailing falses will be ignored in the ASN.1 DER Object.
-1078      * @example
-1079      * o = new KJUR.asn1.DERBitString();
-1080      * o.setByBooleanArray([false, true, false, true, true]);
-1081      */
-1082     this.setByBooleanArray = function(booleanArray) {
-1083         var s = '';
-1084         for (var i = 0; i < booleanArray.length; i++) {
-1085             if (booleanArray[i] == true) {
-1086                 s += '1';
-1087             } else {
-1088                 s += '0';
-1089             }
-1090         }
-1091         this.setByBinaryString(s);
-1092     };
-1093 
-1094     /**
-1095      * generate an array of falses with specified length<br/>
-1096      * @name newFalseArray
-1097      * @memberOf KJUR.asn1.DERBitString
-1098      * @function
-1099      * @param {Integer} nLength length of array to generate
-1100      * @return {array} array of boolean falses
-1101      * @description
-1102      * This static method may be useful to initialize boolean array.
-1103      * @example
-1104      * o = new KJUR.asn1.DERBitString();
-1105      * o.newFalseArray(3) → [false, false, false]
-1106      */
-1107     this.newFalseArray = function(nLength) {
-1108         var a = new Array(nLength);
-1109         for (var i = 0; i < nLength; i++) {
-1110             a[i] = false;
-1111         }
-1112         return a;
-1113     };
-1114 
-1115     this.getFreshValueHex = function() {
-1116         return this.hV;
-1117     };
-1118 
-1119     if (typeof params != "undefined") {
-1120         if (typeof params == "string" && params.toLowerCase().match(/^[0-9a-f]+$/)) {
-1121             this.setHexValueIncludingUnusedBits(params);
-1122         } else if (typeof params['hex'] != "undefined") {
-1123             this.setHexValueIncludingUnusedBits(params['hex']);
-1124         } else if (typeof params['bin'] != "undefined") {
-1125             this.setByBinaryString(params['bin']);
-1126         } else if (typeof params['array'] != "undefined") {
-1127             this.setByBooleanArray(params['array']);
-1128         }
-1129     }
-1130 };
-1131 extendClass(KJUR.asn1.DERBitString, KJUR.asn1.ASN1Object);
+1026     this.setHexValueIncludingUnusedBits = function(newHexStringIncludingUnusedBits) {
+1027         this.hTLV = null;
+1028         this.isModified = true;
+1029         this.hV = newHexStringIncludingUnusedBits;
+1030     };
+1031 
+1032     /**
+1033      * set ASN.1 value(V) by unused bit and hexadecimal string of value
+1034      * @name setUnusedBitsAndHexValue
+1035      * @memberOf KJUR.asn1.DERBitString#
+1036      * @function
+1037      * @param {Integer} unusedBits
+1038      * @param {String} hValue
+1039      */
+1040     this.setUnusedBitsAndHexValue = function(unusedBits, hValue) {
+1041         if (unusedBits < 0 || 7 < unusedBits) {
+1042             throw "unused bits shall be from 0 to 7: u = " + unusedBits;
+1043         }
+1044         var hUnusedBits = "0" + unusedBits;
+1045         this.hTLV = null;
+1046         this.isModified = true;
+1047         this.hV = hUnusedBits + hValue;
+1048     };
+1049 
+1050     /**
+1051      * set ASN.1 DER BitString by binary string<br/>
+1052      * @name setByBinaryString
+1053      * @memberOf KJUR.asn1.DERBitString#
+1054      * @function
+1055      * @param {String} binaryString binary value string (i.e. '10111')
+1056      * @description
+1057      * Its unused bits will be calculated automatically by length of 
+1058      * 'binaryValue'. <br/>
+1059      * NOTE: Leading zeros '0' will be ignored.
+1060      * @example
+1061      * o = new KJUR.asn1.DERBitString();
+1062      * o.setByBinaryString("1011");
+1063      * o.setByBinaryString("001"); // leading zeros ignored
+1064      */
+1065     this.setByBinaryString = function(binaryString) {
+1066         binaryString = binaryString.replace(/0+$/, '');
+1067         var unusedBits = 8 - binaryString.length % 8;
+1068         if (unusedBits == 8) unusedBits = 0;
+1069 	
+1070 	binaryString += "0000000".substr(0, unusedBits);
+1071 
+1072         var h = '';
+1073         for (var i = 0; i < binaryString.length - 1; i += 8) {
+1074             var b = binaryString.substr(i, 8);
+1075             var x = parseInt(b, 2).toString(16);
+1076             if (x.length == 1) x = '0' + x;
+1077             h += x;  
+1078         }
+1079         this.hTLV = null;
+1080         this.isModified = true;
+1081         this.hV = '0' + unusedBits + h;
+1082     };
+1083 
+1084     /**
+1085      * set ASN.1 TLV value(V) by an array of boolean<br/>
+1086      * @name setByBooleanArray
+1087      * @memberOf KJUR.asn1.DERBitString#
+1088      * @function
+1089      * @param {array} booleanArray array of boolean (ex. [true, false, true])
+1090      * @description
+1091      * NOTE: Trailing falses will be ignored in the ASN.1 DER Object.
+1092      * @example
+1093      * o = new KJUR.asn1.DERBitString();
+1094      * o.setByBooleanArray([false, true, false, true, true]);
+1095      */
+1096     this.setByBooleanArray = function(booleanArray) {
+1097         var s = '';
+1098         for (var i = 0; i < booleanArray.length; i++) {
+1099             if (booleanArray[i] == true) {
+1100                 s += '1';
+1101             } else {
+1102                 s += '0';
+1103             }
+1104         }
+1105         this.setByBinaryString(s);
+1106     };
+1107 
+1108     /**
+1109      * generate an array of falses with specified length<br/>
+1110      * @name newFalseArray
+1111      * @memberOf KJUR.asn1.DERBitString
+1112      * @function
+1113      * @param {Integer} nLength length of array to generate
+1114      * @return {array} array of boolean falses
+1115      * @description
+1116      * This static method may be useful to initialize boolean array.
+1117      * @example
+1118      * o = new KJUR.asn1.DERBitString();
+1119      * o.newFalseArray(3) → [false, false, false]
+1120      */
+1121     this.newFalseArray = function(nLength) {
+1122         var a = new Array(nLength);
+1123         for (var i = 0; i < nLength; i++) {
+1124             a[i] = false;
+1125         }
+1126         return a;
+1127     };
+1128 
+1129     this.getFreshValueHex = function() {
+1130         return this.hV;
+1131     };
 1132 
-1133 // ********************************************************************
-1134 /**
-1135  * class for ASN.1 DER OctetString<br/>
-1136  * @name KJUR.asn1.DEROctetString
-1137  * @class class for ASN.1 DER OctetString
-1138  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1139  * @extends KJUR.asn1.DERAbstractString
-1140  * @description
-1141  * This class provides ASN.1 OctetString simple type.<br/>
-1142  * Supported "params" attributes are:
-1143  * <ul>
-1144  * <li>str - to set a string as a value</li>
-1145  * <li>hex - to set a hexadecimal string as a value</li>
-1146  * <li>obj - to set a encapsulated ASN.1 value by JSON object 
-1147  * which is defined in {@link KJUR.asn1.ASN1Util.newObject}</li>
-1148  * </ul>
-1149  * NOTE: A parameter 'obj' have been supported 
-1150  * for "OCTET STRING, encapsulates" structure.
-1151  * since asn1 1.0.11, jsrsasign 6.1.1 (2016-Sep-25).
-1152  * @see KJUR.asn1.DERAbstractString - superclass
-1153  * @example
-1154  * // default constructor
-1155  * o = new KJUR.asn1.DEROctetString();
-1156  * // initialize with string
-1157  * o = new KJUR.asn1.DEROctetString({str: "aaa"});
-1158  * // initialize with hexadecimal string
-1159  * o = new KJUR.asn1.DEROctetString({hex: "616161"});
-1160  * // initialize with ASN1Util.newObject argument 
-1161  * o = new KJUR.asn1.DEROctetString({obj: {seq: [{int: 3}, {prnstr: 'aaa'}]}});
-1162  * // above generates a ASN.1 data like this:
-1163  * // OCTET STRING, encapsulates {
-1164  * //   SEQUENCE {
-1165  * //     INTEGER 3
-1166  * //     PrintableString 'aaa'
-1167  * //     }
-1168  * //   } 
-1169  */
-1170 KJUR.asn1.DEROctetString = function(params) {
-1171     if (params !== undefined && typeof params.obj !== "undefined") {
-1172 	var o = KJUR.asn1.ASN1Util.newObject(params.obj);
-1173 	params.hex = o.tohex();
-1174     }
-1175     KJUR.asn1.DEROctetString.superclass.constructor.call(this, params);
-1176     this.hT = "04";
-1177 };
-1178 extendClass(KJUR.asn1.DEROctetString, KJUR.asn1.DERAbstractString);
-1179 
-1180 // ********************************************************************
-1181 /**
-1182  * class for ASN.1 DER Null
-1183  * @name KJUR.asn1.DERNull
-1184  * @class class for ASN.1 DER Null
-1185  * @extends KJUR.asn1.ASN1Object
-1186  * @description
-1187  * @see KJUR.asn1.ASN1Object - superclass
-1188  */
-1189 KJUR.asn1.DERNull = function() {
-1190     KJUR.asn1.DERNull.superclass.constructor.call(this);
-1191     this.hT = "05";
-1192     this.hTLV = "0500";
-1193 };
-1194 extendClass(KJUR.asn1.DERNull, KJUR.asn1.ASN1Object);
-1195 
-1196 // ********************************************************************
-1197 /**
-1198  * class for ASN.1 DER ObjectIdentifier
-1199  * @name KJUR.asn1.DERObjectIdentifier
-1200  * @class class for ASN.1 DER ObjectIdentifier
-1201  * @param {Object} JSON object or string of parameters (ex. {'oid': '2.5.4.5'})
-1202  * @extends KJUR.asn1.ASN1Object
-1203  * @see oidtohex
-1204  * 
-1205  * @description
-1206  * <br/>
-1207  * As for argument 'params' for constructor, you can specify one of
-1208  * following properties:
-1209  * <ul>
-1210  * <li>oid - specify initial ASN.1 value(V) by a oid string (ex. 2.5.4.13)</li>
-1211  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
-1212  * </ul>
-1213  * NOTE: 'params' can be omitted.
-1214  * @example
-1215  * new DERObjectIdentifier({"name": "sha1"})
-1216  * new DERObjectIdentifier({"oid": "1.2.3.4"})
-1217  * new DERObjectIdentifier({"hex": "2d..."})
-1218  * new DERObjectIdentifier("1.2.3.4")
-1219  * new DERObjectIdentifier("SHA1withRSA")
-1220  */
-1221 KJUR.asn1.DERObjectIdentifier = function(params) {
-1222     KJUR.asn1.DERObjectIdentifier.superclass.constructor.call(this);
-1223     this.hT = "06";
-1224 
-1225     /**
-1226      * set value by a hexadecimal string
-1227      * @name setValueHex
-1228      * @memberOf KJUR.asn1.DERObjectIdentifier#
-1229      * @function
-1230      * @param {String} newHexString hexadecimal value of OID bytes
-1231      */
-1232     this.setValueHex = function(newHexString) {
-1233         this.hTLV = null;
-1234         this.isModified = true;
-1235         this.s = null;
-1236         this.hV = newHexString;
-1237     };
+1133     if (typeof params != "undefined") {
+1134         if (typeof params == "string" && params.toLowerCase().match(/^[0-9a-f]+$/)) {
+1135             this.setHexValueIncludingUnusedBits(params);
+1136         } else if (typeof params['hex'] != "undefined") {
+1137             this.setHexValueIncludingUnusedBits(params['hex']);
+1138         } else if (typeof params['bin'] != "undefined") {
+1139             this.setByBinaryString(params['bin']);
+1140         } else if (typeof params['array'] != "undefined") {
+1141             this.setByBooleanArray(params['array']);
+1142         }
+1143     }
+1144 };
+1145 extendClass(KJUR.asn1.DERBitString, KJUR.asn1.ASN1Object);
+1146 
+1147 // ********************************************************************
+1148 /**
+1149  * class for ASN.1 DER OctetString<br/>
+1150  * @name KJUR.asn1.DEROctetString
+1151  * @class class for ASN.1 DER OctetString
+1152  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1153  * @extends KJUR.asn1.DERAbstractString
+1154  * @description
+1155  * This class provides ASN.1 OctetString simple type.<br/>
+1156  * Supported "params" attributes are:
+1157  * <ul>
+1158  * <li>str - to set a string as a value</li>
+1159  * <li>hex - to set a hexadecimal string as a value</li>
+1160  * <li>obj - to set a encapsulated ASN.1 value by JSON object 
+1161  * which is defined in {@link KJUR.asn1.ASN1Util.newObject}</li>
+1162  * </ul>
+1163  * NOTE: A parameter 'obj' have been supported 
+1164  * for "OCTET STRING, encapsulates" structure.
+1165  * since asn1 1.0.11, jsrsasign 6.1.1 (2016-Sep-25).
+1166  * @see KJUR.asn1.DERAbstractString - superclass
+1167  * @example
+1168  * // default constructor
+1169  * o = new KJUR.asn1.DEROctetString();
+1170  * // initialize with string
+1171  * o = new KJUR.asn1.DEROctetString({str: "aaa"});
+1172  * // initialize with hexadecimal string
+1173  * o = new KJUR.asn1.DEROctetString({hex: "616161"});
+1174  * // initialize with ASN1Util.newObject argument 
+1175  * o = new KJUR.asn1.DEROctetString({obj: {seq: [{int: 3}, {prnstr: 'aaa'}]}});
+1176  * // above generates a ASN.1 data like this:
+1177  * // OCTET STRING, encapsulates {
+1178  * //   SEQUENCE {
+1179  * //     INTEGER 3
+1180  * //     PrintableString 'aaa'
+1181  * //     }
+1182  * //   } 
+1183  */
+1184 KJUR.asn1.DEROctetString = function(params) {
+1185     if (params !== undefined && typeof params.obj !== "undefined") {
+1186 	var o = KJUR.asn1.ASN1Util.newObject(params.obj);
+1187 	params.hex = o.tohex();
+1188     }
+1189     KJUR.asn1.DEROctetString.superclass.constructor.call(this, params);
+1190     this.hT = "04";
+1191 };
+1192 extendClass(KJUR.asn1.DEROctetString, KJUR.asn1.DERAbstractString);
+1193 
+1194 // ********************************************************************
+1195 /**
+1196  * class for ASN.1 DER Null
+1197  * @name KJUR.asn1.DERNull
+1198  * @class class for ASN.1 DER Null
+1199  * @extends KJUR.asn1.ASN1Object
+1200  * @description
+1201  * @see KJUR.asn1.ASN1Object - superclass
+1202  */
+1203 KJUR.asn1.DERNull = function() {
+1204     KJUR.asn1.DERNull.superclass.constructor.call(this);
+1205     this.hT = "05";
+1206     this.hTLV = "0500";
+1207 };
+1208 extendClass(KJUR.asn1.DERNull, KJUR.asn1.ASN1Object);
+1209 
+1210 // ********************************************************************
+1211 /**
+1212  * class for ASN.1 DER ObjectIdentifier
+1213  * @name KJUR.asn1.DERObjectIdentifier
+1214  * @class class for ASN.1 DER ObjectIdentifier
+1215  * @param {Object} JSON object or string of parameters (ex. {'oid': '2.5.4.5'})
+1216  * @extends KJUR.asn1.ASN1Object
+1217  * @see oidtohex
+1218  * 
+1219  * @description
+1220  * <br/>
+1221  * As for argument 'params' for constructor, you can specify one of
+1222  * following properties:
+1223  * <ul>
+1224  * <li>oid - specify initial ASN.1 value(V) by a oid string (ex. 2.5.4.13)</li>
+1225  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
+1226  * </ul>
+1227  * NOTE: 'params' can be omitted.
+1228  * @example
+1229  * new DERObjectIdentifier({"name": "sha1"})
+1230  * new DERObjectIdentifier({"oid": "1.2.3.4"})
+1231  * new DERObjectIdentifier({"hex": "2d..."})
+1232  * new DERObjectIdentifier("1.2.3.4")
+1233  * new DERObjectIdentifier("SHA1withRSA")
+1234  */
+1235 KJUR.asn1.DERObjectIdentifier = function(params) {
+1236     KJUR.asn1.DERObjectIdentifier.superclass.constructor.call(this);
+1237     this.hT = "06";
 1238 
 1239     /**
-1240      * set value by a OID string<br/>
-1241      * @name setValueOidString
+1240      * set value by a hexadecimal string
+1241      * @name setValueHex
 1242      * @memberOf KJUR.asn1.DERObjectIdentifier#
 1243      * @function
-1244      * @param {String} oidString OID string (ex. 2.5.4.13)
-1245      * @example
-1246      * o = new KJUR.asn1.DERObjectIdentifier();
-1247      * o.setValueOidString("2.5.4.13");
-1248      */
-1249     this.setValueOidString = function(oidString) {
-1250 	var h = oidtohex(oidString);
-1251 	if (h == null)
-1252             throw new Error("malformed oid string: " + oidString);
-1253         this.hTLV = null;
-1254         this.isModified = true;
-1255         this.s = null;
-1256         this.hV = h;
-1257     };
-1258 
-1259     /**
-1260      * set value by a OID name
-1261      * @name setValueName
-1262      * @memberOf KJUR.asn1.DERObjectIdentifier#
-1263      * @function
-1264      * @param {String} oidName OID name (ex. 'serverAuth')
-1265      * @since 1.0.1
-1266      * @description
-1267      * OID name shall be defined in 'KJUR.asn1.x509.OID.name2oidList'.
-1268      * Otherwise raise error.
-1269      * @example
-1270      * o = new KJUR.asn1.DERObjectIdentifier();
-1271      * o.setValueName("serverAuth");
-1272      */
-1273     this.setValueName = function(oidName) {
-1274 	var oid = KJUR.asn1.x509.OID.name2oid(oidName);
-1275 	if (oid !== '') {
-1276             this.setValueOidString(oid);
-1277         } else {
-1278             throw new Error("DERObjectIdentifier oidName undefined: " + oidName);
-1279         }
-1280     };
-1281 
-1282     this.setValueNameOrOid = function(nameOrOid) {
-1283 	if (nameOrOid.match(/^[0-2].[0-9.]+$/)) {
-1284 	    this.setValueOidString(nameOrOid);
-1285 	} else {
-1286 	    this.setValueName(nameOrOid);
-1287 	}
-1288     }
-1289 
-1290     this.getFreshValueHex = function() {
-1291         return this.hV;
-1292     };
-1293 
-1294     this.setByParam = function(params) {
-1295         if (typeof params === "string") {
-1296 	    this.setValueNameOrOid(params);
-1297         } else if (params.oid !== undefined) {
-1298 	    this.setValueNameOrOid(params.oid);
-1299         } else if (params.name !== undefined) {
-1300             this.setValueNameOrOid(params.name);
-1301         } else if (params.hex !== undefined) {
-1302             this.setValueHex(params.hex);
-1303         }
-1304     };
-1305 
-1306     if (params !== undefined) this.setByParam(params);
-1307 };
-1308 extendClass(KJUR.asn1.DERObjectIdentifier, KJUR.asn1.ASN1Object);
-1309 
-1310 // ********************************************************************
-1311 /**
-1312  * class for ASN.1 DER Enumerated
-1313  * @name KJUR.asn1.DEREnumerated
-1314  * @class class for ASN.1 DER Enumerated
-1315  * @extends KJUR.asn1.ASN1Object
-1316  * @description
-1317  * <br/>
-1318  * As for argument 'params' for constructor, you can specify one of
-1319  * following properties:
-1320  * <ul>
-1321  * <li>int - specify initial ASN.1 value(V) by integer value</li>
-1322  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
-1323  * </ul>
-1324  * NOTE: 'params' can be omitted.
-1325  * @example
-1326  * new KJUR.asn1.DEREnumerated(123);
-1327  * new KJUR.asn1.DEREnumerated({int: 123});
-1328  * new KJUR.asn1.DEREnumerated({hex: '1fad'});
-1329  */
-1330 KJUR.asn1.DEREnumerated = function(params) {
-1331     KJUR.asn1.DEREnumerated.superclass.constructor.call(this);
-1332     this.hT = "0a";
-1333 
-1334     /**
-1335      * set value by Tom Wu's BigInteger object
-1336      * @name setByBigInteger
-1337      * @memberOf KJUR.asn1.DEREnumerated#
-1338      * @function
-1339      * @param {BigInteger} bigIntegerValue to set
-1340      */
-1341     this.setByBigInteger = function(bigIntegerValue) {
-1342         this.hTLV = null;
-1343         this.isModified = true;
-1344         this.hV = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(bigIntegerValue);
-1345     };
-1346 
-1347     /**
-1348      * set value by integer value
-1349      * @name setByInteger
-1350      * @memberOf KJUR.asn1.DEREnumerated#
-1351      * @function
-1352      * @param {Integer} integer value to set
-1353      */
-1354     this.setByInteger = function(intValue) {
-1355         var bi = new BigInteger(String(intValue), 10);
-1356         this.setByBigInteger(bi);
-1357     };
-1358 
-1359     /**
-1360      * set value by integer value
-1361      * @name setValueHex
-1362      * @memberOf KJUR.asn1.DEREnumerated#
-1363      * @function
-1364      * @param {String} hexadecimal string of integer value
-1365      * @description
-1366      * <br/>
-1367      * NOTE: Value shall be represented by minimum octet length of
-1368      * two's complement representation.
-1369      */
-1370     this.setValueHex = function(newHexString) {
-1371         this.hV = newHexString;
-1372     };
-1373 
-1374     this.getFreshValueHex = function() {
-1375         return this.hV;
-1376     };
-1377 
-1378     if (typeof params != "undefined") {
-1379         if (typeof params['int'] != "undefined") {
-1380             this.setByInteger(params['int']);
-1381         } else if (typeof params == "number") {
-1382             this.setByInteger(params);
-1383         } else if (typeof params['hex'] != "undefined") {
-1384             this.setValueHex(params['hex']);
-1385         }
-1386     }
-1387 };
-1388 extendClass(KJUR.asn1.DEREnumerated, KJUR.asn1.ASN1Object);
-1389 
-1390 // ********************************************************************
-1391 /**
-1392  * class for ASN.1 DER UTF8String
-1393  * @name KJUR.asn1.DERUTF8String
-1394  * @class class for ASN.1 DER UTF8String
-1395  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1396  * @extends KJUR.asn1.DERAbstractString
-1397  * @description
-1398  * @see KJUR.asn1.DERAbstractString - superclass
-1399  */
-1400 KJUR.asn1.DERUTF8String = function(params) {
-1401     KJUR.asn1.DERUTF8String.superclass.constructor.call(this, params);
-1402     this.hT = "0c";
-1403 };
-1404 extendClass(KJUR.asn1.DERUTF8String, KJUR.asn1.DERAbstractString);
-1405 
-1406 // ********************************************************************
-1407 /**
-1408  * class for ASN.1 DER NumericString
-1409  * @name KJUR.asn1.DERNumericString
-1410  * @class class for ASN.1 DER NumericString
-1411  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1412  * @extends KJUR.asn1.DERAbstractString
-1413  * @description
-1414  * @see KJUR.asn1.DERAbstractString - superclass
-1415  */
-1416 KJUR.asn1.DERNumericString = function(params) {
-1417     KJUR.asn1.DERNumericString.superclass.constructor.call(this, params);
-1418     this.hT = "12";
-1419 };
-1420 extendClass(KJUR.asn1.DERNumericString, KJUR.asn1.DERAbstractString);
-1421 
-1422 // ********************************************************************
-1423 /**
-1424  * class for ASN.1 DER PrintableString
-1425  * @name KJUR.asn1.DERPrintableString
-1426  * @class class for ASN.1 DER PrintableString
-1427  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1428  * @extends KJUR.asn1.DERAbstractString
-1429  * @description
-1430  * @see KJUR.asn1.DERAbstractString - superclass
-1431  */
-1432 KJUR.asn1.DERPrintableString = function(params) {
-1433     KJUR.asn1.DERPrintableString.superclass.constructor.call(this, params);
-1434     this.hT = "13";
-1435 };
-1436 extendClass(KJUR.asn1.DERPrintableString, KJUR.asn1.DERAbstractString);
-1437 
-1438 // ********************************************************************
-1439 /**
-1440  * class for ASN.1 DER TeletexString
-1441  * @name KJUR.asn1.DERTeletexString
-1442  * @class class for ASN.1 DER TeletexString
-1443  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1444  * @extends KJUR.asn1.DERAbstractString
-1445  * @description
-1446  * @see KJUR.asn1.DERAbstractString - superclass
-1447  */
-1448 KJUR.asn1.DERTeletexString = function(params) {
-1449     KJUR.asn1.DERTeletexString.superclass.constructor.call(this, params);
-1450     this.hT = "14";
-1451 };
-1452 extendClass(KJUR.asn1.DERTeletexString, KJUR.asn1.DERAbstractString);
-1453 
-1454 // ********************************************************************
-1455 /**
-1456  * class for ASN.1 DER IA5String
-1457  * @name KJUR.asn1.DERIA5String
-1458  * @class class for ASN.1 DER IA5String
-1459  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1460  * @extends KJUR.asn1.DERAbstractString
-1461  * @description
-1462  * @see KJUR.asn1.DERAbstractString - superclass
-1463  */
-1464 KJUR.asn1.DERIA5String = function(params) {
-1465     KJUR.asn1.DERIA5String.superclass.constructor.call(this, params);
-1466     this.hT = "16";
-1467 };
-1468 extendClass(KJUR.asn1.DERIA5String, KJUR.asn1.DERAbstractString);
-1469 
-1470 // ********************************************************************
-1471 /**
-1472  * class for ASN.1 DER VisibleString
-1473  * @name KJUR.asn1.DERVisibleString
-1474  * @class class for ASN.1 DER VisibleString
-1475  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1476  * @extends KJUR.asn1.DERAbstractString
-1477  * @since jsrsasign 8.0.23 asn1 1.0.15
-1478  * @description
-1479  * @see KJUR.asn1.DERAbstractString - superclass
-1480  */
-1481 KJUR.asn1.DERVisibleString = function(params) {
-1482     KJUR.asn1.DERIA5String.superclass.constructor.call(this, params);
-1483     this.hT = "1a";
-1484 };
-1485 extendClass(KJUR.asn1.DERVisibleString, KJUR.asn1.DERAbstractString);
-1486 
-1487 // ********************************************************************
-1488 /**
-1489  * class for ASN.1 DER BMPString
-1490  * @name KJUR.asn1.DERBMPString
-1491  * @class class for ASN.1 DER BMPString
-1492  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
-1493  * @extends KJUR.asn1.DERAbstractString
-1494  * @since jsrsasign 8.0.23 asn1 1.0.15
-1495  * @description
-1496  * @see KJUR.asn1.DERAbstractString - superclass
-1497  */
-1498 KJUR.asn1.DERBMPString = function(params) {
-1499     KJUR.asn1.DERBMPString.superclass.constructor.call(this, params);
-1500     this.hT = "1e";
-1501 };
-1502 extendClass(KJUR.asn1.DERBMPString, KJUR.asn1.DERAbstractString);
-1503 
-1504 // ********************************************************************
-1505 /**
-1506  * class for ASN.1 DER UTCTime
-1507  * @name KJUR.asn1.DERUTCTime
-1508  * @class class for ASN.1 DER UTCTime
-1509  * @param {Array} params associative array of parameters (ex. {'str': '130430235959Z'})
-1510  * @extends KJUR.asn1.DERAbstractTime
-1511  * @see KJUR.asn1.DERGeneralizedTime
-1512  * @see KJUR.asn1.x509.Time
-1513  *
-1514  * @description
-1515  * <br/>
-1516  * As for argument 'params' for constructor, you can specify one of
-1517  * following properties:
-1518  * <ul>
-1519  * <li>str - specify initial ASN.1 value(V) by a string (ex.'130430235959Z')</li>
-1520  * <li>date - specify Date object.</li>
-1521  * <li>millis - specify flag to show milliseconds (from 1.0.6)</li>
-1522  * </ul>
-1523  * NOTE1: 'params' can be omitted.
-1524  * NOTE2: 'millis' property is supported from jsrsasign 10.4.1 asn1 1.0.22.
-1525  *
-1526  * <h4>EXAMPLES</h4>
-1527  * @example
-1528  * new DERUTCTime("20151231235959Z")
-1529  * new DERUTCTime("20151231235959.123Z")
-1530  * new DERUTCTime(new Date())
-1531  * new DERUTCTime(new Date(Date.UTC(2015,11,31,23,59,59,123)))
-1532  * new DERUTCTime({str: "20151231235959.123Z"})
-1533  * new DERUTCTime({date: new Date()})
-1534  * new DERUTCTime({date: new Date(), millis: true})
-1535  * new DERUTCTime({millis: true})
-1536  */
-1537 KJUR.asn1.DERUTCTime = function(params) {
-1538     KJUR.asn1.DERUTCTime.superclass.constructor.call(this, params);
-1539     this.hT = "17";
-1540     this.params = undefined;
-1541 
-1542     this.getFreshValueHex = function() {
-1543 	var params = this.params;
-1544 
-1545 	if (this.params == undefined) params = { date: new Date() };
-1546 
-1547 	if (typeof params == "string") {
-1548 	    if (params.match(/^[0-9]{12}Z$/) ||
-1549 		params.match(/^[0-9]{12}\.[0-9]+Z$/)) {
-1550 		this.hV = stohex(params);
-1551 	    } else {
-1552 		throw new Error("malformed string for UTCTime: " + params);
-1553 	    }
-1554 	} else if (params.str != undefined) {
-1555 	    this.hV = stohex(params.str);
-1556 	} else if (params.date == undefined && params.millis == true) {
-1557 	    var date = new Date();
-1558 	    this.hV = stohex(this.formatDate(date, 'utc', true));
-1559 	} else if (params.date != undefined &&
-1560 		   params.date instanceof Date) {
-1561 	    var withMillis = (params.millis === true);
-1562 	    this.hV = stohex(this.formatDate(params.date, 'utc', withMillis));
-1563 	} else if (params instanceof Date) {
-1564 	    this.hV = stohex(this.formatDate(params, 'utc'));
-1565 	}
-1566 
-1567 	if (this.hV == undefined) {
-1568 	    throw new Error("parameter not specified properly for UTCTime");
-1569 	}
-1570 	return this.hV;
-1571     };
-1572 
-1573     if (params != undefined) this.setByParam(params);
-1574 };
-1575 extendClass(KJUR.asn1.DERUTCTime, KJUR.asn1.DERAbstractTime);
-1576 
-1577 // ********************************************************************
-1578 /**
-1579  * class for ASN.1 DER GeneralizedTime
-1580  * @name KJUR.asn1.DERGeneralizedTime
-1581  * @class class for ASN.1 DER GeneralizedTime
-1582  * @param {Array} params associative array of parameters (ex. {'str': '20130430235959Z'})
-1583  * @property {Boolean} withMillis flag to show milliseconds or not
-1584  * @extends KJUR.asn1.DERAbstractTime
-1585  * @see KJUR.asn1.DERUTCTime
-1586  * @see KJUR.asn1.x509.Time
-1587  *
-1588  * @description
-1589  * <br/>
-1590  * As for argument 'params' for constructor, you can specify one of
-1591  * following properties:
-1592  * <ul>
-1593  * <li>str - specify initial ASN.1 value(V) by a string (ex.'20130430235959Z')</li>
-1594  * <li>date - specify Date object.</li>
-1595  * <li>millis - specify flag to show milliseconds (from 1.0.6)</li>
-1596  * </ul>
-1597  * NOTE1: 'params' can be omitted.
-1598  * NOTE2: 'millis' property is supported from asn1 1.0.6.
-1599  *
-1600  * <h4>EXAMPLES</h4>
-1601  * @example
-1602  * new DERGeneralizedTime("20151231235959Z")
-1603  * new DERGeneralizedTime("20151231235959.123Z")
-1604  * new DERGeneralizedTime(new Date())
-1605  * new DERGeneralizedTime(new Date(Date.UTC(2015,11,31,23,59,59,123)))
-1606  * new DERGeneralizedTime({str: "20151231235959.123Z"})
-1607  * new DERGeneralizedTime({date: new Date()})
-1608  * new DERGeneralizedTime({date: new Date(), millis: true})
-1609  * new DERGeneralizedTime({millis: true})
-1610  */
-1611 KJUR.asn1.DERGeneralizedTime = function(params) {
-1612     KJUR.asn1.DERGeneralizedTime.superclass.constructor.call(this, params);
-1613     this.hT = "18";
-1614     this.params = params;
-1615 
-1616     this.getFreshValueHex = function() {
-1617 	var params = this.params;
-1618 
-1619 	if (this.params == undefined) params = { date: new Date() };
-1620 
-1621 	if (typeof params == "string") {
-1622 	    if (params.match(/^[0-9]{14}Z$/) ||
-1623 		params.match(/^[0-9]{14}\.[0-9]+Z$/)) {
-1624 		this.hV = stohex(params);
-1625 	    } else {
-1626 		throw new Error("malformed string for GeneralizedTime: " + params);
-1627 	    }
-1628 	} else if (params.str != undefined) {
-1629 	    this.hV = stohex(params.str);
-1630 	} else if (params.date == undefined && params.millis == true) {
-1631 	    var date = new Date();
-1632 	    this.hV = stohex(this.formatDate(date, 'gen', true));
-1633 	} else if (params.date != undefined &&
-1634 		   params.date instanceof Date) {
-1635 	    var withMillis = (params.millis === true);
-1636 	    this.hV = stohex(this.formatDate(params.date, 'gen', withMillis));
-1637 	} else if (params instanceof Date) {
-1638 	    this.hV = stohex(this.formatDate(params, 'gen'));
-1639 	}
-1640 
-1641 	if (this.hV == undefined) {
-1642 	    throw new Error("parameter not specified properly for GeneralizedTime");
-1643 	}
-1644 	return this.hV;
-1645     };
-1646 
-1647     if (params != undefined) this.setByParam(params);
-1648 };
-1649 extendClass(KJUR.asn1.DERGeneralizedTime, KJUR.asn1.DERAbstractTime);
-1650 
-1651 // ********************************************************************
-1652 /**
-1653  * class for ASN.1 DER Sequence
-1654  * @name KJUR.asn1.DERSequence
-1655  * @class class for ASN.1 DER Sequence
-1656  * @extends KJUR.asn1.DERAbstractStructured
-1657  * @description
-1658  * <br/>
-1659  * As for argument 'params' for constructor, you can specify one of
-1660  * following properties:
-1661  * <ul>
-1662  * <li>array - specify array of ASN1Object to set elements of content</li>
-1663  * </ul>
-1664  * NOTE: 'params' can be omitted.
-1665  */
-1666 KJUR.asn1.DERSequence = function(params) {
-1667     KJUR.asn1.DERSequence.superclass.constructor.call(this, params);
-1668     this.hT = "30";
-1669     this.getFreshValueHex = function() {
-1670         var h = '';
-1671         for (var i = 0; i < this.asn1Array.length; i++) {
-1672             var asn1Obj = this.asn1Array[i];
-1673             h += asn1Obj.tohex();
-1674         }
-1675         this.hV = h;
-1676         return this.hV;
-1677     };
-1678 };
-1679 extendClass(KJUR.asn1.DERSequence, KJUR.asn1.DERAbstractStructured);
-1680 
-1681 // ********************************************************************
-1682 /**
-1683  * class for ASN.1 DER Set
-1684  * @name KJUR.asn1.DERSet
-1685  * @class class for ASN.1 DER Set
-1686  * @extends KJUR.asn1.DERAbstractStructured
-1687  * @description
-1688  * <br/>
-1689  * As for argument 'params' for constructor, you can specify one of
-1690  * following properties:
-1691  * <ul>
-1692  * <li>array - specify array of ASN1Object to set elements of content</li>
-1693  * <li>sortflag - flag for sort (default: true). ASN.1 BER is not sorted in 'SET OF'.</li>
-1694  * </ul>
-1695  * NOTE1: 'params' can be omitted.<br/>
-1696  * NOTE2: sortflag is supported since 1.0.5.
-1697  */
-1698 KJUR.asn1.DERSet = function(params) {
-1699     KJUR.asn1.DERSet.superclass.constructor.call(this, params);
-1700     this.hT = "31";
-1701     this.sortFlag = true; // item shall be sorted only in ASN.1 DER
-1702     this.getFreshValueHex = function() {
-1703         var a = new Array();
-1704         for (var i = 0; i < this.asn1Array.length; i++) {
-1705             var asn1Obj = this.asn1Array[i];
-1706             a.push(asn1Obj.tohex());
-1707         }
-1708         if (this.sortFlag == true) a.sort();
-1709         this.hV = a.join('');
-1710         return this.hV;
-1711     };
-1712 
-1713     if (typeof params != "undefined") {
-1714         if (typeof params.sortflag != "undefined" &&
-1715             params.sortflag == false)
-1716             this.sortFlag = false;
-1717     }
-1718 };
-1719 extendClass(KJUR.asn1.DERSet, KJUR.asn1.DERAbstractStructured);
-1720 
-1721 // ********************************************************************
-1722 /**
-1723  * class for ASN.1 DER TaggedObject
-1724  * @name KJUR.asn1.DERTaggedObject
-1725  * @class class for ASN.1 DER TaggedObject
-1726  * @extends KJUR.asn1.ASN1Object
-1727  * @see KJUR_asn1.ASN1Util.newObject
-1728  *
-1729  * @description
-1730  * <br/>
-1731  * Parameter 'tagNoNex' is ASN.1 tag(T) value for this object.
-1732  * For example, if you find '[1]' tag in a ASN.1 dump, 
-1733  * 'tagNoHex' will be 'a1'.
-1734  * <br/>
-1735  * As for optional argument 'params' for constructor, you can specify *ANY* of
-1736  * following properties:
-1737  * <ul>
-1738  * <li>tag - specify tag (default is 'a0' which means [0])</li>
-1739  * <li>explicit - specify true if this is explicit tag otherwise false 
-1740  *     (default is 'true').</li>
-1741  * <li>obj - specify ASN1Object or JSON object which will be tagged</li>
-1742  * <li>tage - specify tag with explicit</li>
-1743  * <li>tagi - specify tag with implicit</li>
-1744  * </ul>
-1745  * As for the member "obj" value of JSON object, 
-1746  * {@link KJUR_asn1.ASN1Util.newObject} is used to generate.
-1747  *
-1748  * @example
-1749  * // by JSON
-1750  * new KJUR.asn1.DERTaggedObject({
-1751  *  tag:'a0', explicit: true, obj: { "prnstr": { "str": "aaa" } }
-1752  * }).tohex()
-1753  *
-1754  * // by ASN1Object object
-1755  * new KJUR.asn1.DERTaggedObject({
-1756  *  tage:'a0', obj: new KJUR.asn1.DERInteger({int: 3}) // explicit
-1757  * }) 
-1758  * new KJUR.asn1.DERTaggedObject({
-1759  *  tagi:'a0', obj: new KJUR.asn1.DERInteger({int: 3}) // implicit
-1760  * }) 
-1761  * new KJUR.asn1.DERTaggedObject({
-1762  *  tag:'a0', explicit: true, obj: new KJUR.asn1.DERInteger({int: 3}) // explicit
-1763  * }) 
-1764  *
-1765  * // to hexadecimal
-1766  * d1 = new KJUR.asn1.DERUTF8String({str':'a'})
-1767  * d2 = new KJUR.asn1.DERTaggedObject({'obj': d1});
-1768  * hex = d2.tohex();
-1769  */
-1770 KJUR.asn1.DERTaggedObject = function(params) {
-1771     KJUR.asn1.DERTaggedObject.superclass.constructor.call(this);
-1772 
-1773     var _KJUR_asn1 = KJUR.asn1,
-1774 	_ASN1HEX = ASN1HEX,
-1775 	_getV = _ASN1HEX.getV,
-1776 	_isASN1HEX = _ASN1HEX.isASN1HEX,
-1777 	_newObject = _KJUR_asn1.ASN1Util.newObject;
-1778 
-1779     this.hT = "a0";
-1780     this.hV = '';
-1781     this.isExplicit = true;
-1782     this.asn1Object = null;
-1783     this.params = {tag: "a0", explicit: true}; //"tag": "a0, "explicit": true};
-1784 
-1785     /**
-1786      * set value by an ASN1Object
-1787      * @name setString
-1788      * @memberOf KJUR.asn1.DERTaggedObject#
-1789      * @function
-1790      * @param {Boolean} isExplicitFlag flag for explicit/implicit tag
-1791      * @param {Integer} tagNoHex hexadecimal string of ASN.1 tag
-1792      * @param {ASN1Object} asn1Object ASN.1 to encapsulate
-1793      * @deprecated since jsrsasign 10.5.4 please use setByParam instead
-1794      */
-1795     this.setASN1Object = function(isExplicitFlag, tagNoHex, asn1Object) {
-1796 	this.params = {tag: tagNoHex,
-1797 		       explicit: isExplicitFlag,
-1798 		       obj: asn1Object};
-1799     };
-1800 
-1801     this.getFreshValueHex = function() {
-1802 	var params = this.params;
-1803 
-1804 	if (params.explicit == undefined) params.explicit = true;
-1805 
-1806 	if (params.tage != undefined) {
-1807 	    params.tag = params.tage;
-1808 	    params.explicit = true;
-1809 	}
-1810 	if (params.tagi != undefined) {
-1811 	    params.tag = params.tagi;
-1812 	    params.explicit = false;
-1813 	}
+1244      * @param {String} newHexString hexadecimal value of OID bytes
+1245      */
+1246     this.setValueHex = function(newHexString) {
+1247         this.hTLV = null;
+1248         this.isModified = true;
+1249         this.s = null;
+1250         this.hV = newHexString;
+1251     };
+1252 
+1253     /**
+1254      * set value by a OID string<br/>
+1255      * @name setValueOidString
+1256      * @memberOf KJUR.asn1.DERObjectIdentifier#
+1257      * @function
+1258      * @param {String} oidString OID string (ex. 2.5.4.13)
+1259      * @example
+1260      * o = new KJUR.asn1.DERObjectIdentifier();
+1261      * o.setValueOidString("2.5.4.13");
+1262      */
+1263     this.setValueOidString = function(oidString) {
+1264 	var h = oidtohex(oidString);
+1265 	if (h == null)
+1266             throw new Error("malformed oid string: " + oidString);
+1267         this.hTLV = null;
+1268         this.isModified = true;
+1269         this.s = null;
+1270         this.hV = h;
+1271     };
+1272 
+1273     /**
+1274      * set value by a OID name
+1275      * @name setValueName
+1276      * @memberOf KJUR.asn1.DERObjectIdentifier#
+1277      * @function
+1278      * @param {String} oidName OID name (ex. 'serverAuth')
+1279      * @since 1.0.1
+1280      * @description
+1281      * OID name shall be defined in 'KJUR.asn1.x509.OID.name2oidList'.
+1282      * Otherwise raise error.
+1283      * @example
+1284      * o = new KJUR.asn1.DERObjectIdentifier();
+1285      * o.setValueName("serverAuth");
+1286      */
+1287     this.setValueName = function(oidName) {
+1288 	var oid = KJUR.asn1.x509.OID.name2oid(oidName);
+1289 	if (oid !== '') {
+1290             this.setValueOidString(oid);
+1291         } else {
+1292             throw new Error("DERObjectIdentifier oidName undefined: " + oidName);
+1293         }
+1294     };
+1295 
+1296     this.setValueNameOrOid = function(nameOrOid) {
+1297 	if (nameOrOid.match(/^[0-2].[0-9.]+$/)) {
+1298 	    this.setValueOidString(nameOrOid);
+1299 	} else {
+1300 	    this.setValueName(nameOrOid);
+1301 	}
+1302     }
+1303 
+1304     this.getFreshValueHex = function() {
+1305         return this.hV;
+1306     };
+1307 
+1308     this.setByParam = function(params) {
+1309         if (typeof params === "string") {
+1310 	    this.setValueNameOrOid(params);
+1311         } else if (params.oid !== undefined) {
+1312 	    this.setValueNameOrOid(params.oid);
+1313         } else if (params.name !== undefined) {
+1314             this.setValueNameOrOid(params.name);
+1315         } else if (params.hex !== undefined) {
+1316             this.setValueHex(params.hex);
+1317         }
+1318     };
+1319 
+1320     if (params !== undefined) this.setByParam(params);
+1321 };
+1322 extendClass(KJUR.asn1.DERObjectIdentifier, KJUR.asn1.ASN1Object);
+1323 
+1324 // ********************************************************************
+1325 /**
+1326  * class for ASN.1 DER Enumerated
+1327  * @name KJUR.asn1.DEREnumerated
+1328  * @class class for ASN.1 DER Enumerated
+1329  * @extends KJUR.asn1.ASN1Object
+1330  * @description
+1331  * <br/>
+1332  * As for argument 'params' for constructor, you can specify one of
+1333  * following properties:
+1334  * <ul>
+1335  * <li>int - specify initial ASN.1 value(V) by integer value</li>
+1336  * <li>hex - specify initial ASN.1 value(V) by a hexadecimal string</li>
+1337  * </ul>
+1338  * NOTE: 'params' can be omitted.
+1339  * @example
+1340  * new KJUR.asn1.DEREnumerated(123);
+1341  * new KJUR.asn1.DEREnumerated({int: 123});
+1342  * new KJUR.asn1.DEREnumerated({hex: '1fad'});
+1343  */
+1344 KJUR.asn1.DEREnumerated = function(params) {
+1345     KJUR.asn1.DEREnumerated.superclass.constructor.call(this);
+1346     this.hT = "0a";
+1347 
+1348     /**
+1349      * set value by Tom Wu's BigInteger object
+1350      * @name setByBigInteger
+1351      * @memberOf KJUR.asn1.DEREnumerated#
+1352      * @function
+1353      * @param {BigInteger} bigIntegerValue to set
+1354      */
+1355     this.setByBigInteger = function(bigIntegerValue) {
+1356         this.hTLV = null;
+1357         this.isModified = true;
+1358         this.hV = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(bigIntegerValue);
+1359     };
+1360 
+1361     /**
+1362      * set value by integer value
+1363      * @name setByInteger
+1364      * @memberOf KJUR.asn1.DEREnumerated#
+1365      * @function
+1366      * @param {Integer} integer value to set
+1367      */
+1368     this.setByInteger = function(intValue) {
+1369         var bi = new BigInteger(String(intValue), 10);
+1370         this.setByBigInteger(bi);
+1371     };
+1372 
+1373     /**
+1374      * set value by integer value
+1375      * @name setValueHex
+1376      * @memberOf KJUR.asn1.DEREnumerated#
+1377      * @function
+1378      * @param {String} hexadecimal string of integer value
+1379      * @description
+1380      * <br/>
+1381      * NOTE: Value shall be represented by minimum octet length of
+1382      * two's complement representation.
+1383      */
+1384     this.setValueHex = function(newHexString) {
+1385         this.hV = newHexString;
+1386     };
+1387 
+1388     this.getFreshValueHex = function() {
+1389         return this.hV;
+1390     };
+1391 
+1392     if (typeof params != "undefined") {
+1393         if (typeof params['int'] != "undefined") {
+1394             this.setByInteger(params['int']);
+1395         } else if (typeof params == "number") {
+1396             this.setByInteger(params);
+1397         } else if (typeof params['hex'] != "undefined") {
+1398             this.setValueHex(params['hex']);
+1399         }
+1400     }
+1401 };
+1402 extendClass(KJUR.asn1.DEREnumerated, KJUR.asn1.ASN1Object);
+1403 
+1404 // ********************************************************************
+1405 /**
+1406  * class for ASN.1 DER UTF8String
+1407  * @name KJUR.asn1.DERUTF8String
+1408  * @class class for ASN.1 DER UTF8String
+1409  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1410  * @extends KJUR.asn1.DERAbstractString
+1411  * @description
+1412  * @see KJUR.asn1.DERAbstractString - superclass
+1413  */
+1414 KJUR.asn1.DERUTF8String = function(params) {
+1415     KJUR.asn1.DERUTF8String.superclass.constructor.call(this, params);
+1416     this.hT = "0c";
+1417 };
+1418 extendClass(KJUR.asn1.DERUTF8String, KJUR.asn1.DERAbstractString);
+1419 
+1420 // ********************************************************************
+1421 /**
+1422  * class for ASN.1 DER NumericString
+1423  * @name KJUR.asn1.DERNumericString
+1424  * @class class for ASN.1 DER NumericString
+1425  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1426  * @extends KJUR.asn1.DERAbstractString
+1427  * @description
+1428  * @see KJUR.asn1.DERAbstractString - superclass
+1429  */
+1430 KJUR.asn1.DERNumericString = function(params) {
+1431     KJUR.asn1.DERNumericString.superclass.constructor.call(this, params);
+1432     this.hT = "12";
+1433 };
+1434 extendClass(KJUR.asn1.DERNumericString, KJUR.asn1.DERAbstractString);
+1435 
+1436 // ********************************************************************
+1437 /**
+1438  * class for ASN.1 DER PrintableString
+1439  * @name KJUR.asn1.DERPrintableString
+1440  * @class class for ASN.1 DER PrintableString
+1441  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1442  * @extends KJUR.asn1.DERAbstractString
+1443  * @description
+1444  * @see KJUR.asn1.DERAbstractString - superclass
+1445  */
+1446 KJUR.asn1.DERPrintableString = function(params) {
+1447     KJUR.asn1.DERPrintableString.superclass.constructor.call(this, params);
+1448     this.hT = "13";
+1449 };
+1450 extendClass(KJUR.asn1.DERPrintableString, KJUR.asn1.DERAbstractString);
+1451 
+1452 // ********************************************************************
+1453 /**
+1454  * class for ASN.1 DER TeletexString
+1455  * @name KJUR.asn1.DERTeletexString
+1456  * @class class for ASN.1 DER TeletexString
+1457  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1458  * @extends KJUR.asn1.DERAbstractString
+1459  * @description
+1460  * @see KJUR.asn1.DERAbstractString - superclass
+1461  */
+1462 KJUR.asn1.DERTeletexString = function(params) {
+1463     KJUR.asn1.DERTeletexString.superclass.constructor.call(this, params);
+1464     this.hT = "14";
+1465 };
+1466 extendClass(KJUR.asn1.DERTeletexString, KJUR.asn1.DERAbstractString);
+1467 
+1468 // ********************************************************************
+1469 /**
+1470  * class for ASN.1 DER IA5String
+1471  * @name KJUR.asn1.DERIA5String
+1472  * @class class for ASN.1 DER IA5String
+1473  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1474  * @extends KJUR.asn1.DERAbstractString
+1475  * @description
+1476  * @see KJUR.asn1.DERAbstractString - superclass
+1477  */
+1478 KJUR.asn1.DERIA5String = function(params) {
+1479     KJUR.asn1.DERIA5String.superclass.constructor.call(this, params);
+1480     this.hT = "16";
+1481 };
+1482 extendClass(KJUR.asn1.DERIA5String, KJUR.asn1.DERAbstractString);
+1483 
+1484 // ********************************************************************
+1485 /**
+1486  * class for ASN.1 DER VisibleString
+1487  * @name KJUR.asn1.DERVisibleString
+1488  * @class class for ASN.1 DER VisibleString
+1489  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1490  * @extends KJUR.asn1.DERAbstractString
+1491  * @since jsrsasign 8.0.23 asn1 1.0.15
+1492  * @description
+1493  * @see KJUR.asn1.DERAbstractString - superclass
+1494  */
+1495 KJUR.asn1.DERVisibleString = function(params) {
+1496     KJUR.asn1.DERIA5String.superclass.constructor.call(this, params);
+1497     this.hT = "1a";
+1498 };
+1499 extendClass(KJUR.asn1.DERVisibleString, KJUR.asn1.DERAbstractString);
+1500 
+1501 // ********************************************************************
+1502 /**
+1503  * class for ASN.1 DER BMPString
+1504  * @name KJUR.asn1.DERBMPString
+1505  * @class class for ASN.1 DER BMPString
+1506  * @param {Array} params associative array of parameters (ex. {'str': 'aaa'})
+1507  * @extends KJUR.asn1.DERAbstractString
+1508  * @since jsrsasign 8.0.23 asn1 1.0.15
+1509  * @description
+1510  * @see KJUR.asn1.DERAbstractString - superclass
+1511  */
+1512 KJUR.asn1.DERBMPString = function(params) {
+1513     KJUR.asn1.DERBMPString.superclass.constructor.call(this, params);
+1514     this.hT = "1e";
+1515 };
+1516 extendClass(KJUR.asn1.DERBMPString, KJUR.asn1.DERAbstractString);
+1517 
+1518 // ********************************************************************
+1519 /**
+1520  * class for ASN.1 DER UTCTime
+1521  * @name KJUR.asn1.DERUTCTime
+1522  * @class class for ASN.1 DER UTCTime
+1523  * @param {Array} params associative array of parameters (ex. {'str': '130430235959Z'})
+1524  * @extends KJUR.asn1.DERAbstractTime
+1525  * @see KJUR.asn1.DERGeneralizedTime
+1526  * @see KJUR.asn1.x509.Time
+1527  *
+1528  * @description
+1529  * <br/>
+1530  * As for argument 'params' for constructor, you can specify one of
+1531  * following properties:
+1532  * <ul>
+1533  * <li>str - specify initial ASN.1 value(V) by a string (ex.'130430235959Z')</li>
+1534  * <li>date - specify Date object.</li>
+1535  * <li>millis - specify flag to show milliseconds (from 1.0.6)</li>
+1536  * </ul>
+1537  * NOTE1: 'params' can be omitted.
+1538  * NOTE2: 'millis' property is supported from jsrsasign 10.4.1 asn1 1.0.22.
+1539  *
+1540  * <h4>EXAMPLES</h4>
+1541  * @example
+1542  * new DERUTCTime("20151231235959Z")
+1543  * new DERUTCTime("20151231235959.123Z")
+1544  * new DERUTCTime(new Date())
+1545  * new DERUTCTime(new Date(Date.UTC(2015,11,31,23,59,59,123)))
+1546  * new DERUTCTime({str: "20151231235959.123Z"})
+1547  * new DERUTCTime({date: new Date()})
+1548  * new DERUTCTime({date: new Date(), millis: true})
+1549  * new DERUTCTime({millis: true})
+1550  */
+1551 KJUR.asn1.DERUTCTime = function(params) {
+1552     KJUR.asn1.DERUTCTime.superclass.constructor.call(this, params);
+1553     this.hT = "17";
+1554     this.params = undefined;
+1555 
+1556     this.getFreshValueHex = function() {
+1557 	var params = this.params;
+1558 
+1559 	if (this.params == undefined) params = { date: new Date() };
+1560 
+1561 	if (typeof params == "string") {
+1562 	    if (params.match(/^[0-9]{12}Z$/) ||
+1563 		params.match(/^[0-9]{12}\.[0-9]+Z$/)) {
+1564 		this.hV = stohex(params);
+1565 	    } else {
+1566 		throw new Error("malformed string for UTCTime: " + params);
+1567 	    }
+1568 	} else if (params.str != undefined) {
+1569 	    this.hV = stohex(params.str);
+1570 	} else if (params.date == undefined && params.millis == true) {
+1571 	    var date = new Date();
+1572 	    this.hV = stohex(this.formatDate(date, 'utc', true));
+1573 	} else if (params.date != undefined &&
+1574 		   params.date instanceof Date) {
+1575 	    var withMillis = (params.millis === true);
+1576 	    this.hV = stohex(this.formatDate(params.date, 'utc', withMillis));
+1577 	} else if (params instanceof Date) {
+1578 	    this.hV = stohex(this.formatDate(params, 'utc'));
+1579 	}
+1580 
+1581 	if (this.hV == undefined) {
+1582 	    throw new Error("parameter not specified properly for UTCTime");
+1583 	}
+1584 	return this.hV;
+1585     };
+1586 
+1587     if (params != undefined) this.setByParam(params);
+1588 };
+1589 extendClass(KJUR.asn1.DERUTCTime, KJUR.asn1.DERAbstractTime);
+1590 
+1591 // ********************************************************************
+1592 /**
+1593  * class for ASN.1 DER GeneralizedTime
+1594  * @name KJUR.asn1.DERGeneralizedTime
+1595  * @class class for ASN.1 DER GeneralizedTime
+1596  * @param {Array} params associative array of parameters (ex. {'str': '20130430235959Z'})
+1597  * @property {Boolean} withMillis flag to show milliseconds or not
+1598  * @extends KJUR.asn1.DERAbstractTime
+1599  * @see KJUR.asn1.DERUTCTime
+1600  * @see KJUR.asn1.x509.Time
+1601  *
+1602  * @description
+1603  * <br/>
+1604  * As for argument 'params' for constructor, you can specify one of
+1605  * following properties:
+1606  * <ul>
+1607  * <li>str - specify initial ASN.1 value(V) by a string (ex.'20130430235959Z')</li>
+1608  * <li>date - specify Date object.</li>
+1609  * <li>millis - specify flag to show milliseconds (from 1.0.6)</li>
+1610  * </ul>
+1611  * NOTE1: 'params' can be omitted.
+1612  * NOTE2: 'millis' property is supported from asn1 1.0.6.
+1613  *
+1614  * <h4>EXAMPLES</h4>
+1615  * @example
+1616  * new DERGeneralizedTime("20151231235959Z")
+1617  * new DERGeneralizedTime("20151231235959.123Z")
+1618  * new DERGeneralizedTime(new Date())
+1619  * new DERGeneralizedTime(new Date(Date.UTC(2015,11,31,23,59,59,123)))
+1620  * new DERGeneralizedTime({str: "20151231235959.123Z"})
+1621  * new DERGeneralizedTime({date: new Date()})
+1622  * new DERGeneralizedTime({date: new Date(), millis: true})
+1623  * new DERGeneralizedTime({millis: true})
+1624  */
+1625 KJUR.asn1.DERGeneralizedTime = function(params) {
+1626     KJUR.asn1.DERGeneralizedTime.superclass.constructor.call(this, params);
+1627     this.hT = "18";
+1628     this.params = params;
+1629 
+1630     this.getFreshValueHex = function() {
+1631 	var params = this.params;
+1632 
+1633 	if (this.params == undefined) params = { date: new Date() };
+1634 
+1635 	if (typeof params == "string") {
+1636 	    if (params.match(/^[0-9]{14}Z$/) ||
+1637 		params.match(/^[0-9]{14}\.[0-9]+Z$/)) {
+1638 		this.hV = stohex(params);
+1639 	    } else {
+1640 		throw new Error("malformed string for GeneralizedTime: " + params);
+1641 	    }
+1642 	} else if (params.str != undefined) {
+1643 	    this.hV = stohex(params.str);
+1644 	} else if (params.date == undefined && params.millis == true) {
+1645 	    var date = new Date();
+1646 	    this.hV = stohex(this.formatDate(date, 'gen', true));
+1647 	} else if (params.date != undefined &&
+1648 		   params.date instanceof Date) {
+1649 	    var withMillis = (params.millis === true);
+1650 	    this.hV = stohex(this.formatDate(params.date, 'gen', withMillis));
+1651 	} else if (params instanceof Date) {
+1652 	    this.hV = stohex(this.formatDate(params, 'gen'));
+1653 	}
+1654 
+1655 	if (this.hV == undefined) {
+1656 	    throw new Error("parameter not specified properly for GeneralizedTime");
+1657 	}
+1658 	return this.hV;
+1659     };
+1660 
+1661     if (params != undefined) this.setByParam(params);
+1662 };
+1663 extendClass(KJUR.asn1.DERGeneralizedTime, KJUR.asn1.DERAbstractTime);
+1664 
+1665 // ********************************************************************
+1666 /**
+1667  * class for ASN.1 DER Sequence
+1668  * @name KJUR.asn1.DERSequence
+1669  * @class class for ASN.1 DER Sequence
+1670  * @extends KJUR.asn1.DERAbstractStructured
+1671  * @description
+1672  * <br/>
+1673  * As for argument 'params' for constructor, you can specify one of
+1674  * following properties:
+1675  * <ul>
+1676  * <li>array - specify array of ASN1Object to set elements of content</li>
+1677  * </ul>
+1678  * NOTE: 'params' can be omitted.
+1679  */
+1680 KJUR.asn1.DERSequence = function(params) {
+1681     KJUR.asn1.DERSequence.superclass.constructor.call(this, params);
+1682     this.hT = "30";
+1683     this.getFreshValueHex = function() {
+1684         var h = '';
+1685         for (var i = 0; i < this.asn1Array.length; i++) {
+1686             var asn1Obj = this.asn1Array[i];
+1687             h += asn1Obj.tohex();
+1688         }
+1689         this.hV = h;
+1690         return this.hV;
+1691     };
+1692 };
+1693 extendClass(KJUR.asn1.DERSequence, KJUR.asn1.DERAbstractStructured);
+1694 
+1695 // ********************************************************************
+1696 /**
+1697  * class for ASN.1 DER Set
+1698  * @name KJUR.asn1.DERSet
+1699  * @class class for ASN.1 DER Set
+1700  * @extends KJUR.asn1.DERAbstractStructured
+1701  * @description
+1702  * <br/>
+1703  * As for argument 'params' for constructor, you can specify one of
+1704  * following properties:
+1705  * <ul>
+1706  * <li>array - specify array of ASN1Object to set elements of content</li>
+1707  * <li>sortflag - flag for sort (default: true). ASN.1 BER is not sorted in 'SET OF'.</li>
+1708  * </ul>
+1709  * NOTE1: 'params' can be omitted.<br/>
+1710  * NOTE2: sortflag is supported since 1.0.5.
+1711  */
+1712 KJUR.asn1.DERSet = function(params) {
+1713     KJUR.asn1.DERSet.superclass.constructor.call(this, params);
+1714     this.hT = "31";
+1715     this.sortFlag = true; // item shall be sorted only in ASN.1 DER
+1716     this.getFreshValueHex = function() {
+1717         var a = new Array();
+1718         for (var i = 0; i < this.asn1Array.length; i++) {
+1719             var asn1Obj = this.asn1Array[i];
+1720             a.push(asn1Obj.tohex());
+1721         }
+1722         if (this.sortFlag == true) a.sort();
+1723         this.hV = a.join('');
+1724         return this.hV;
+1725     };
+1726 
+1727     if (typeof params != "undefined") {
+1728         if (typeof params.sortflag != "undefined" &&
+1729             params.sortflag == false)
+1730             this.sortFlag = false;
+1731     }
+1732 };
+1733 extendClass(KJUR.asn1.DERSet, KJUR.asn1.DERAbstractStructured);
+1734 
+1735 // ********************************************************************
+1736 /**
+1737  * class for ASN.1 DER TaggedObject
+1738  * @name KJUR.asn1.DERTaggedObject
+1739  * @class class for ASN.1 DER TaggedObject
+1740  * @extends KJUR.asn1.ASN1Object
+1741  * @see KJUR_asn1.ASN1Util.newObject
+1742  *
+1743  * @description
+1744  * <br/>
+1745  * Parameter 'tagNoNex' is ASN.1 tag(T) value for this object.
+1746  * For example, if you find '[1]' tag in a ASN.1 dump, 
+1747  * 'tagNoHex' will be 'a1'.
+1748  * <br/>
+1749  * As for optional argument 'params' for constructor, you can specify *ANY* of
+1750  * following properties:
+1751  * <ul>
+1752  * <li>tag - specify tag (default is 'a0' which means [0])</li>
+1753  * <li>explicit - specify true if this is explicit tag otherwise false 
+1754  *     (default is 'true').</li>
+1755  * <li>obj - specify ASN1Object or JSON object which will be tagged</li>
+1756  * <li>tage - specify tag with explicit</li>
+1757  * <li>tagi - specify tag with implicit</li>
+1758  * </ul>
+1759  * As for the member "obj" value of JSON object, 
+1760  * {@link KJUR_asn1.ASN1Util.newObject} is used to generate.
+1761  *
+1762  * @example
+1763  * // by JSON
+1764  * new KJUR.asn1.DERTaggedObject({
+1765  *  tag:'a0', explicit: true, obj: { "prnstr": { "str": "aaa" } }
+1766  * }).tohex()
+1767  *
+1768  * // by ASN1Object object
+1769  * new KJUR.asn1.DERTaggedObject({
+1770  *  tage:'a0', obj: new KJUR.asn1.DERInteger({int: 3}) // explicit
+1771  * }) 
+1772  * new KJUR.asn1.DERTaggedObject({
+1773  *  tagi:'a0', obj: new KJUR.asn1.DERInteger({int: 3}) // implicit
+1774  * }) 
+1775  * new KJUR.asn1.DERTaggedObject({
+1776  *  tag:'a0', explicit: true, obj: new KJUR.asn1.DERInteger({int: 3}) // explicit
+1777  * }) 
+1778  *
+1779  * // to hexadecimal
+1780  * d1 = new KJUR.asn1.DERUTF8String({str':'a'})
+1781  * d2 = new KJUR.asn1.DERTaggedObject({'obj': d1});
+1782  * hex = d2.tohex();
+1783  */
+1784 KJUR.asn1.DERTaggedObject = function(params) {
+1785     KJUR.asn1.DERTaggedObject.superclass.constructor.call(this);
+1786 
+1787     var _KJUR_asn1 = KJUR.asn1,
+1788 	_ASN1HEX = ASN1HEX,
+1789 	_getV = _ASN1HEX.getV,
+1790 	_isASN1HEX = _ASN1HEX.isASN1HEX,
+1791 	_newObject = _KJUR_asn1.ASN1Util.newObject;
+1792 
+1793     this.hT = "a0";
+1794     this.hV = '';
+1795     this.isExplicit = true;
+1796     this.asn1Object = null;
+1797     this.params = {tag: "a0", explicit: true}; //"tag": "a0, "explicit": true};
+1798 
+1799     /**
+1800      * set value by an ASN1Object
+1801      * @name setString
+1802      * @memberOf KJUR.asn1.DERTaggedObject#
+1803      * @function
+1804      * @param {Boolean} isExplicitFlag flag for explicit/implicit tag
+1805      * @param {Integer} tagNoHex hexadecimal string of ASN.1 tag
+1806      * @param {ASN1Object} asn1Object ASN.1 to encapsulate
+1807      * @deprecated since jsrsasign 10.5.4 please use setByParam instead
+1808      */
+1809     this.setASN1Object = function(isExplicitFlag, tagNoHex, asn1Object) {
+1810 	this.params = {tag: tagNoHex,
+1811 		       explicit: isExplicitFlag,
+1812 		       obj: asn1Object};
+1813     };
 1814 
-1815 	if (params.str != undefined) {
-1816 	    this.hV = utf8tohex(params.str);
-1817 	} else if (params.hex != undefined) {
-1818 	    this.hV = params.hex;
-1819 	} else if (params.obj != undefined) {
-1820 	    var hV1;
-1821 	    if (params.obj instanceof _KJUR_asn1.ASN1Object) {
-1822 		hV1 = params.obj.tohex();
-1823 	    } else if (typeof params.obj == "object") {
-1824 		hV1 = _newObject(params.obj).tohex();
-1825 	    }
-1826 	    if (params.explicit) {
-1827 		this.hV = hV1;
-1828 	    } else {
-1829 		this.hV = _getV(hV1, 0);
-1830 	    }
-1831 	} else {
-1832 	    throw new Error("str, hex nor obj not specified");
-1833 	}
-1834 
-1835 	if (params.tag == undefined) params.tag = "a0";
-1836 	this.hT = params.tag;
-1837         this.hTLV = null;
-1838         this.isModified = true;
-1839 
-1840         return this.hV;
-1841     };
-1842 
-1843     this.setByParam = function(params) {
-1844 	this.params = params;
-1845     };
-1846 
-1847     if (params !== undefined) this.setByParam(params);
-1848 };
-1849 extendClass(KJUR.asn1.DERTaggedObject, KJUR.asn1.ASN1Object);
-1850 

\ No newline at end of file
+1815     this.getFreshValueHex = function() {
+1816 	var params = this.params;
+1817 
+1818 	if (params.explicit == undefined) params.explicit = true;
+1819 
+1820 	if (params.tage != undefined) {
+1821 	    params.tag = params.tage;
+1822 	    params.explicit = true;
+1823 	}
+1824 	if (params.tagi != undefined) {
+1825 	    params.tag = params.tagi;
+1826 	    params.explicit = false;
+1827 	}
+1828 
+1829 	if (params.str != undefined) {
+1830 	    this.hV = utf8tohex(params.str);
+1831 	} else if (params.hex != undefined) {
+1832 	    this.hV = params.hex;
+1833 	} else if (params.obj != undefined) {
+1834 	    var hV1;
+1835 	    if (params.obj instanceof _KJUR_asn1.ASN1Object) {
+1836 		hV1 = params.obj.tohex();
+1837 	    } else if (typeof params.obj == "object") {
+1838 		hV1 = _newObject(params.obj).tohex();
+1839 	    }
+1840 	    if (params.explicit) {
+1841 		this.hV = hV1;
+1842 	    } else {
+1843 		this.hV = _getV(hV1, 0);
+1844 	    }
+1845 	} else {
+1846 	    throw new Error("str, hex nor obj not specified");
+1847 	}
+1848 
+1849 	if (params.tag == undefined) params.tag = "a0";
+1850 	this.hT = params.tag;
+1851         this.hTLV = null;
+1852         this.isModified = true;
+1853 
+1854         return this.hV;
+1855     };
+1856 
+1857     this.setByParam = function(params) {
+1858 	this.params = params;
+1859     };
+1860 
+1861     if (params !== undefined) this.setByParam(params);
+1862 };
+1863 extendClass(KJUR.asn1.DERTaggedObject, KJUR.asn1.ASN1Object);
+1864
\ No newline at end of file diff --git a/api/symbols/src/base64x-1.1.js.html b/api/symbols/src/base64x-1.1.js.html index e193dc0c..e7f73167 100644 --- a/api/symbols/src/base64x-1.1.js.html +++ b/api/symbols/src/base64x-1.1.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
  1 /* base64x-1.1.31 (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license
+	
  1 /* base64x-1.1.32 (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license
   2  */
   3 /*
   4  * base64x.js - Base64url and supplementary functions for Tom Wu's base64.js library
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name base64x-1.1.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 10.7.0 base64x 1.1.31 (2023-Mar-11)
+ 19  * @version jsrsasign 10.8.0 base64x 1.1.32 (2023-Apr-08)
  20  * @since jsrsasign 2.1
  21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -794,1196 +794,1271 @@
 787 }
 788 
 789 /**
-790  * GeneralizedTime or UTCTime string to seconds from Unix origin<br>
-791  * @name zulutosec
+790  * Unix origin milliseconds GeneralizedTime string<br>
+791  * @name msectozulu
 792  * @function
-793  * @param {String} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
-794  * @return {Number} seconds from Unix origin time (i.e. Jan 1, 1970 0:00:00 UTC)
-795  * @since jsrsasign 7.1.3 base64x 1.1.9
-796  * @description
-797  * This function converts from GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
-798  * UTCTime string (i.e. YYMMDDHHmmSSZ) to seconds from Unix origin time
-799  * (i.e. Jan 1 1970 0:00:00 UTC). Argument string may have fraction of seconds 
-800  * however result value will be omitted.
-801  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
-802  * If year "YY" is equal or greater than 50 then it is 19YY.
-803  * @example
-804  * zulutosec(  "071231235959Z")       → 1199145599 #Mon, 31 Dec 2007 23:59:59 GMT
-805  * zulutosec(  "071231235959.1Z")     → 1199145599 #Mon, 31 Dec 2007 23:59:59 GMT
-806  * zulutosec("20071231235959Z")       → 1199145599 #Mon, 31 Dec 2007 23:59:59 GMT
-807  */
-808 function zulutosec(s) {
-809     return Math.round(zulutomsec(s) / 1000.0);
-810 }
-811 
-812 // ==== zulu / Date =================================
-813 
-814 /**
-815  * GeneralizedTime or UTCTime string to Date object<br>
-816  * @name zulutodate
-817  * @function
-818  * @param {String} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
-819  * @return {Date} Date object for specified time
-820  * @since jsrsasign 7.1.3 base64x 1.1.9
-821  * @description
-822  * This function converts from GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
-823  * UTCTime string (i.e. YYMMDDHHmmSSZ) to Date object.
-824  * Argument string may have fraction of seconds and
-825  * its length is one or more digits such as "20170410235959.1234567Z".
-826  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
-827  * If year "YY" is equal or greater than 50 then it is 19YY.
-828  * @example
-829  * zulutodate(  "071231235959Z").toUTCString()   → "Mon, 31 Dec 2007 23:59:59 GMT"
-830  * zulutodate(  "071231235959.1Z").toUTCString() → "Mon, 31 Dec 2007 23:59:59 GMT"
-831  * zulutodate("20071231235959Z").toUTCString()   → "Mon, 31 Dec 2007 23:59:59 GMT"
-832  * zulutodate(  "071231235959.34").getMilliseconds() → 340
-833  */
-834 function zulutodate(s) {
-835     return new Date(zulutomsec(s));
-836 }
-837 
-838 /**
-839  * Date object to zulu time string<br>
-840  * @name datetozulu
-841  * @function
-842  * @param {Date} d Date object for specified time
-843  * @param {Boolean} flagUTCTime if this is true year will be YY otherwise YYYY
-844  * @param {Boolean} flagMilli if this is true result concludes milliseconds
-845  * @return {String} GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
-846  * @since jsrsasign 7.2.0 base64x 1.1.11
-847  * @description
-848  * This function converts from Date object to GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
-849  * UTCTime string (i.e. YYMMDDHHmmSSZ).
-850  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
-851  * If year "YY" is equal or greater than 50 then it is 19YY.
-852  * If flagMilli is true its result concludes milliseconds such like
-853  * "20170520235959.42Z". 
-854  * @example
-855  * d = new Date(Date.UTC(2017,4,20,23,59,59,670));
-856  * datetozulu(d) → "20170520235959Z"
-857  * datetozulu(d, true) → "170520235959Z"
-858  * datetozulu(d, false, true) → "20170520235959.67Z"
-859  */
-860 function datetozulu(d, flagUTCTime, flagMilli) {
-861     var s;
-862     var year = d.getUTCFullYear();
-863     if (flagUTCTime) {
-864 	if (year < 1950 || 2049 < year) 
-865 	    throw "not proper year for UTCTime: " + year;
-866 	s = ("" + year).slice(-2);
-867     } else {
-868 	s = ("000" + year).slice(-4);
-869     }
-870     s += ("0" + (d.getUTCMonth() + 1)).slice(-2);
-871     s += ("0" + d.getUTCDate()).slice(-2);
-872     s += ("0" + d.getUTCHours()).slice(-2);
-873     s += ("0" + d.getUTCMinutes()).slice(-2);
-874     s += ("0" + d.getUTCSeconds()).slice(-2);
-875     if (flagMilli) {
-876 	var milli = d.getUTCMilliseconds();
-877 	if (milli !== 0) {
-878 	    milli = ("00" + milli).slice(-3);
-879 	    milli = milli.replace(/0+$/g, "");
-880 	    s += "." + milli;
-881 	}
-882     }
-883     s += "Z";
-884     return s;
-885 }
-886 
-887 /**
-888  * GeneralizedTime or UTCTime string to GeneralizedTime<br>
-889  * @name timetogen
-890  * @function
-891  * @param {string} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
-892  * @return {string} GeneralizedTime
-893  * @since jsrsasign 10.7.0 base64x 1.1.31
-894  * @description
-895  * This function converts UTCTime string (i.e. YYMMDDHHmmSSZ ) to 
-896  * GeneralizedTime (YYYYMMDDHHmmSSZ) when the argument 's' is UTCTime. 
-897  * Argument string may have fraction of seconds and
-898  * its length is one or more digits such as "170410235959.1234567Z".
-899  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
-900  * If year "YY" is equal or greater than 50 then it is 19YY.
-901  * @example
-902  * timetogen(  "071231235959Z") → "20071231235959Z"
-903  * timetogen(  "971231235959Z") → "19971231235959Z"
-904  * timetogen("20071231235959Z") → "20071231235959Z"
-905  * timetogen(  "971231235959.123Z") → "19971231235959.123Z"
-906  */
-907 function timetogen(s) {
-908     if (s.match(/^[0-9]{12}Z$/) || s.match(/^[0-9]{12}[.][0-9]*Z$/)) {
-909 	return (s.match(/^[0-4]/)) ? "20" + s : "19" + s;
-910     }
-911     return s;
-912 }
-913 
-914 // ==== URIComponent / hex ================================
-915 /**
-916  * convert a URLComponent string such like "%67%68" to a hexadecimal string.<br/>
-917  * @name uricmptohex
-918  * @function
-919  * @param {String} s URIComponent string such like "%67%68"
-920  * @return {String} hexadecimal string
-921  * @since 1.1
-922  */
-923 function uricmptohex(s) {
-924   return s.replace(/%/g, "");
-925 }
-926 
-927 /**
-928  * convert a hexadecimal string to a URLComponent string such like "%67%68".<br/>
-929  * @name hextouricmp
-930  * @function
-931  * @param {String} s hexadecimal string
-932  * @return {String} URIComponent string such like "%67%68"
-933  * @since 1.1
-934  */
-935 function hextouricmp(s) {
-936   return s.replace(/(..)/g, "%$1");
-937 }
-938 
-939 // ==== hex / ipv6 =================================
-940 
-941 /**
-942  * convert any IPv6 address to a 16 byte hexadecimal string
-943  * @function
-944  * @param s string of IPv6 address
-945  * @return {String} 16 byte hexadecimal string of IPv6 address
-946  * @description
-947  * This function converts any IPv6 address representation string
-948  * to a 16 byte hexadecimal string of address.
-949  * @example
-950  * 
-951  */
-952 function ipv6tohex(s) {
-953   var msgMalformedAddress = "malformed IPv6 address";
-954   if (! s.match(/^[0-9A-Fa-f:]+$/))
-955     throw msgMalformedAddress;
-956 
-957   // 1. downcase
-958   s = s.toLowerCase();
-959 
-960   // 2. expand ::
-961   var num_colon = s.split(':').length - 1;
-962   if (num_colon < 2) throw msgMalformedAddress;
-963   var colon_replacer = ':'.repeat(7 - num_colon + 2);
-964   s = s.replace('::', colon_replacer);
-965 
-966   // 3. fill zero
-967   var a = s.split(':');
-968   if (a.length != 8) throw msgMalformedAddress;
-969   for (var i = 0; i < 8; i++) {
-970     a[i] = ("0000" + a[i]).slice(-4);
-971   }
-972   return a.join('');
-973 }
-974 
-975 /**
-976  * convert a 16 byte hexadecimal string to RFC 5952 canonicalized IPv6 address<br/>
-977  * @name hextoipv6
-978  * @function
-979  * @param {String} s hexadecimal string of 16 byte IPv6 address
-980  * @return {String} IPv6 address string canonicalized by RFC 5952
-981  * @since jsrsasign 8.0.10 base64x 1.1.13
-982  * @description
-983  * This function converts a 16 byte hexadecimal string to 
-984  * <a href="https://tools.ietf.org/html/rfc5952">RFC 5952</a>
-985  * canonicalized IPv6 address string.
-986  * @example
-987  * hextoipv6("871020010db8000000000000000000000004") &rarr "2001:db8::4"
-988  * hextoipv6("871020010db8000000000000000000") &rarr raise exception
-989  * hextoipv6("xyzxyzxyzxyzxyzxyzxyzxyzxyzxyzxyzxyz") &rarr raise exception
-990  */
-991 function hextoipv6(s) {
-992     if (! s.match(/^[0-9A-Fa-f]{32}$/))
-993 	throw new Error("malformed IPv6 address: " + s);
-994 
-995     // 1. downcase
-996     s = s.toLowerCase();
+793  * @param {number} n milliseconds from Unix origin time (i.e. Jan 1, 1970 0:00:00 UTC)
+794  * @return {string} GeneralizedTime string (ex. 20170412235959.384Z)
+795  * @since jsrsasign 10.8.0 base64x 1.1.31
+796  *
+797  * @description
+798  * This function converts from milliseconds of Unix origin time (ex. 1199145599000
+799  * for 31 Dec 2007 23:59:59 GMT) to GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ).
+800  * The result string may have a fraction of second.
+801  *
+802  * @example
+803  * msectozulu(1199145599000) → "20071231235959Z"       #Mon, 31 Dec 2007 23:59:59     GMT
+804  * msectozulu(1199145599100) → "20071231235959.1Z"     #Mon, 31 Dec 2007 23:59:59.1   GMT
+805  * msectozulu(1199145599123) → "20071231235959.123Z"   #Mon, 31 Dec 2007 23:59:59.123 GMT
+806  */
+807 function msectozulu(n) {
+808     var d = new Date(n),
+809         year = ("0000" + d.getUTCFullYear()).slice(-4),
+810         mon =  ("00" + (d.getUTCMonth() + 1)).slice(-2),
+811         day =  ("00" + d.getUTCDate()).slice(-2),
+812         hour = ("00" + d.getUTCHours()).slice(-2),
+813         min =  ("00" + d.getUTCMinutes()).slice(-2),
+814         sec =  ("00" + d.getUTCSeconds()).slice(-2),
+815 	msec = ("000" + d.getUTCMilliseconds()).slice(-3);
+816     msec = msec.replace(/0+$/, '');
+817     msec = (msec != '') ? '.' + msec : msec;
+818     return year + mon + day + hour + min + sec + msec + "Z";
+819 }
+820 
+821 /**
+822  * GeneralizedTime or UTCTime string to seconds from Unix origin<br>
+823  * @name zulutosec
+824  * @function
+825  * @param {String} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
+826  * @return {Number} seconds from Unix origin time (i.e. Jan 1, 1970 0:00:00 UTC)
+827  * @since jsrsasign 7.1.3 base64x 1.1.9
+828  * @description
+829  * This function converts from GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
+830  * UTCTime string (i.e. YYMMDDHHmmSSZ) to seconds from Unix origin time
+831  * (i.e. Jan 1 1970 0:00:00 UTC). Argument string may have fraction of seconds 
+832  * however result value will be omitted.
+833  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
+834  * If year "YY" is equal or greater than 50 then it is 19YY.
+835  * @example
+836  * zulutosec(  "071231235959Z")       → 1199145599 #Mon, 31 Dec 2007 23:59:59 GMT
+837  * zulutosec(  "071231235959.1Z")     → 1199145599 #Mon, 31 Dec 2007 23:59:59 GMT
+838  * zulutosec("20071231235959Z")       → 1199145599 #Mon, 31 Dec 2007 23:59:59 GMT
+839  */
+840 function zulutosec(s) {
+841     return Math.round(zulutomsec(s) / 1000.0);
+842 }
+843 
+844 // ==== zulu / Date =================================
+845 
+846 /**
+847  * GeneralizedTime or UTCTime string to Date object<br>
+848  * @name zulutodate
+849  * @function
+850  * @param {String} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
+851  * @return {Date} Date object for specified time
+852  * @since jsrsasign 7.1.3 base64x 1.1.9
+853  * @description
+854  * This function converts from GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
+855  * UTCTime string (i.e. YYMMDDHHmmSSZ) to Date object.
+856  * Argument string may have fraction of seconds and
+857  * its length is one or more digits such as "20170410235959.1234567Z".
+858  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
+859  * If year "YY" is equal or greater than 50 then it is 19YY.
+860  * @example
+861  * zulutodate(  "071231235959Z").toUTCString()   → "Mon, 31 Dec 2007 23:59:59 GMT"
+862  * zulutodate(  "071231235959.1Z").toUTCString() → "Mon, 31 Dec 2007 23:59:59 GMT"
+863  * zulutodate("20071231235959Z").toUTCString()   → "Mon, 31 Dec 2007 23:59:59 GMT"
+864  * zulutodate(  "071231235959.34").getMilliseconds() → 340
+865  */
+866 function zulutodate(s) {
+867     return new Date(zulutomsec(s));
+868 }
+869 
+870 /**
+871  * Date object to zulu time string<br>
+872  * @name datetozulu
+873  * @function
+874  * @param {Date} d Date object for specified time
+875  * @param {Boolean} flagUTCTime if this is true year will be YY otherwise YYYY
+876  * @param {Boolean} flagMilli if this is true result concludes milliseconds
+877  * @return {String} GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
+878  * @since jsrsasign 7.2.0 base64x 1.1.11
+879  * @description
+880  * This function converts from Date object to GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ) or
+881  * UTCTime string (i.e. YYMMDDHHmmSSZ).
+882  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
+883  * If year "YY" is equal or greater than 50 then it is 19YY.
+884  * If flagMilli is true its result concludes milliseconds such like
+885  * "20170520235959.42Z". 
+886  * @example
+887  * d = new Date(Date.UTC(2017,4,20,23,59,59,670));
+888  * datetozulu(d) → "20170520235959Z"
+889  * datetozulu(d, true) → "170520235959Z"
+890  * datetozulu(d, false, true) → "20170520235959.67Z"
+891  */
+892 function datetozulu(d, flagUTCTime, flagMilli) {
+893     var s;
+894     var year = d.getUTCFullYear();
+895     if (flagUTCTime) {
+896 	if (year < 1950 || 2049 < year) 
+897 	    throw "not proper year for UTCTime: " + year;
+898 	s = ("" + year).slice(-2);
+899     } else {
+900 	s = ("000" + year).slice(-4);
+901     }
+902     s += ("0" + (d.getUTCMonth() + 1)).slice(-2);
+903     s += ("0" + d.getUTCDate()).slice(-2);
+904     s += ("0" + d.getUTCHours()).slice(-2);
+905     s += ("0" + d.getUTCMinutes()).slice(-2);
+906     s += ("0" + d.getUTCSeconds()).slice(-2);
+907     if (flagMilli) {
+908 	var milli = d.getUTCMilliseconds();
+909 	if (milli !== 0) {
+910 	    milli = ("00" + milli).slice(-3);
+911 	    milli = milli.replace(/0+$/g, "");
+912 	    s += "." + milli;
+913 	}
+914     }
+915     s += "Z";
+916     return s;
+917 }
+918 
+919 /**
+920  * GeneralizedTime or UTCTime string to GeneralizedTime<br>
+921  * @name timetogen
+922  * @function
+923  * @param {string} s GeneralizedTime or UTCTime string (ex. 20170412235959.384Z)
+924  * @return {string} GeneralizedTime
+925  * @since jsrsasign 10.7.0 base64x 1.1.31
+926  * @description
+927  * This function converts UTCTime string (i.e. YYMMDDHHmmSSZ ) to 
+928  * GeneralizedTime (YYYYMMDDHHmmSSZ) when the argument 's' is UTCTime. 
+929  * Argument string may have fraction of seconds and
+930  * its length is one or more digits such as "170410235959.1234567Z".
+931  * As for UTCTime, if year "YY" is equal or less than 49 then it is 20YY.
+932  * If year "YY" is equal or greater than 50 then it is 19YY.
+933  * @example
+934  * timetogen(  "071231235959Z") → "20071231235959Z"
+935  * timetogen(  "971231235959Z") → "19971231235959Z"
+936  * timetogen("20071231235959Z") → "20071231235959Z"
+937  * timetogen(  "971231235959.123Z") → "19971231235959.123Z"
+938  */
+939 function timetogen(s) {
+940     if (s.match(/^[0-9]{12}Z$/) || s.match(/^[0-9]{12}[.][0-9]*Z$/)) {
+941 	return (s.match(/^[0-4]/)) ? "20" + s : "19" + s;
+942     }
+943     return s;
+944 }
+945 
+946 // ==== URIComponent / hex ================================
+947 /**
+948  * convert a URLComponent string such like "%67%68" to a hexadecimal string.<br/>
+949  * @name uricmptohex
+950  * @function
+951  * @param {String} s URIComponent string such like "%67%68"
+952  * @return {String} hexadecimal string
+953  * @since 1.1
+954  */
+955 function uricmptohex(s) {
+956   return s.replace(/%/g, "");
+957 }
+958 
+959 /**
+960  * convert a hexadecimal string to a URLComponent string such like "%67%68".<br/>
+961  * @name hextouricmp
+962  * @function
+963  * @param {String} s hexadecimal string
+964  * @return {String} URIComponent string such like "%67%68"
+965  * @since 1.1
+966  */
+967 function hextouricmp(s) {
+968   return s.replace(/(..)/g, "%$1");
+969 }
+970 
+971 // ==== hex / ipv6 =================================
+972 
+973 /**
+974  * convert any IPv6 address to a 16 byte hexadecimal string
+975  * @function
+976  * @param s string of IPv6 address
+977  * @return {String} 16 byte hexadecimal string of IPv6 address
+978  * @description
+979  * This function converts any IPv6 address representation string
+980  * to a 16 byte hexadecimal string of address.
+981  * @example
+982  * 
+983  */
+984 function ipv6tohex(s) {
+985   var msgMalformedAddress = "malformed IPv6 address";
+986   if (! s.match(/^[0-9A-Fa-f:]+$/))
+987     throw msgMalformedAddress;
+988 
+989   // 1. downcase
+990   s = s.toLowerCase();
+991 
+992   // 2. expand ::
+993   var num_colon = s.split(':').length - 1;
+994   if (num_colon < 2) throw msgMalformedAddress;
+995   var colon_replacer = ':'.repeat(7 - num_colon + 2);
+996   s = s.replace('::', colon_replacer);
 997 
-998     // 2. split 4 > ["0123", "00a4", "0000", ..., "ffff"]
-999     var a = s.match(/.{1,4}/g);
-1000 
-1001     // 3. trim leading 0 for items and join > "123:a4:0:...:ffff"
-1002     a = a.map(function(s){return s.replace(/^0+/, '')});
-1003     a = a.map(function(s){return s == '' ? '0' : s});
-1004     s = ':' + a.join(':') + ':';
-1005 
-1006     // 4. find shrinkable candidates :0:0:..:0:
-1007     var aZero = s.match(/:(0:){2,}/g);
-1008 
-1009     // 5. no shrinkable
-1010     if (aZero == null) return s.slice(1, -1);
-1011 
-1012     // 6. fix max length zero(:0:...:0:)
-1013     var sMaxZero = aZero.sort().slice(-1)[0];
-1014 
-1015     // 7. replace shrinked
-1016     s = s.replace(sMaxZero.substr(0, sMaxZero.length - 1), ':');
-1017 
-1018     // 8. trim leading ':' if not '::'
-1019     if (s.substr(0, 2) != '::') s = s.substr(1);
-1020 
-1021     // 9. trim tail ':' if not '::'
-1022     if (s.substr(-2, 2) != '::') s = s.substr(0, s.length - 1);
-1023 
-1024     return s;
-1025 }
+998   // 3. fill zero
+999   var a = s.split(':');
+1000   if (a.length != 8) throw msgMalformedAddress;
+1001   for (var i = 0; i < 8; i++) {
+1002     a[i] = ("0000" + a[i]).slice(-4);
+1003   }
+1004   return a.join('');
+1005 }
+1006 
+1007 /**
+1008  * convert a 16 byte hexadecimal string to RFC 5952 canonicalized IPv6 address<br/>
+1009  * @name hextoipv6
+1010  * @function
+1011  * @param {String} s hexadecimal string of 16 byte IPv6 address
+1012  * @return {String} IPv6 address string canonicalized by RFC 5952
+1013  * @since jsrsasign 8.0.10 base64x 1.1.13
+1014  * @description
+1015  * This function converts a 16 byte hexadecimal string to 
+1016  * <a href="https://tools.ietf.org/html/rfc5952">RFC 5952</a>
+1017  * canonicalized IPv6 address string.
+1018  * @example
+1019  * hextoipv6("871020010db8000000000000000000000004") &rarr "2001:db8::4"
+1020  * hextoipv6("871020010db8000000000000000000") &rarr raise exception
+1021  * hextoipv6("xyzxyzxyzxyzxyzxyzxyzxyzxyzxyzxyzxyz") &rarr raise exception
+1022  */
+1023 function hextoipv6(s) {
+1024     if (! s.match(/^[0-9A-Fa-f]{32}$/))
+1025 	throw new Error("malformed IPv6 address: " + s);
 1026 
-1027 // ==== hex / ip =================================
-1028 
-1029 /**
-1030  * convert a hexadecimal string to IP addresss<br/>
-1031  * @name hextoip
-1032  * @function
-1033  * @param {String} s hexadecimal string of IP address
-1034  * @return {String} IP address string
-1035  * @since jsrsasign 8.0.10 base64x 1.1.13
-1036  * @see hextoipv6
-1037  * @see iptohex
-1038  *
-1039  * @description
-1040  * This function converts a hexadecimal string of IPv4 or 
-1041  * IPv6 address to IPv4 or IPv6 address string.
-1042  * If byte length is not 4 nor 16, this returns a
-1043  * hexadecimal string without conversion.
-1044  * <br/>
-1045  * NOTE: From jsrsasign 10.5.17, CIDR subnet mask notation also supported.
-1046  *
-1047  * @example
-1048  * hextoip("c0a80101") → "192.168.1.1"
-1049  * hextoip("871020010db8000000000000000000000004") &rarr "2001:db8::4"
-1050  * hextoip("c0a80100ffffff00") → "192.168.1.0/24"
-1051  * hextoip("c0a801010203") → "c0a801010203" // wrong 6 bytes
-1052  * hextoip("zzz")) → raise exception because of not hexadecimal
-1053  */
-1054 function hextoip(s) {
-1055     var malformedErr = new Error("malformed hex value");
-1056     if (! s.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/))
-1057 	throw malformedErr;
-1058     if (s.length == 8) { // ipv4
-1059 	var ip;
-1060 	try {
-1061 	    ip = parseInt(s.substr(0, 2), 16) + "." +
-1062  		 parseInt(s.substr(2, 2), 16) + "." +
-1063 		 parseInt(s.substr(4, 2), 16) + "." +
-1064 		 parseInt(s.substr(6, 2), 16);
-1065 	    return ip;
-1066 	} catch (ex) {
-1067 	    throw malformedErr;
-1068 	}
-1069   } else if (s.length == 16) {
-1070       try {
-1071 	  return hextoip(s.substr(0, 8)) + "/" + ipprefixlen(s.substr(8));
-1072       } catch (ex) {
-1073 	  throw malformedErr;
-1074       }
-1075   } else if (s.length == 32) {
-1076       return hextoipv6(s);
-1077   } else if (s.length == 64) {
-1078       try {
-1079 	  return hextoipv6(s.substr(0, 32)) + "/" + ipprefixlen(s.substr(32));
-1080       } catch (ex) {
-1081 	  throw malformedErr;
-1082       }
-1083       return 
-1084   } else {
-1085     return s;
-1086   }
-1087 }
-1088 
-1089 /*
-1090  * convert subnet mask hex to ip address prefix length<br/>
-1091  * @name ipprefixlen
-1092  * @param {string} hMask hexadecimal string of ipv4/6 subnet mask (ex. "ffffff00" for v4 class C)
-1093  * @return {nummber} ip address prefix length (ex. 24 for IPv4 class C)
-1094  */
-1095 function ipprefixlen(hMask) {
-1096     var malformedErr = new Error("malformed mask");
-1097     var bMask;
-1098     try {
-1099 	bMask = new BigInteger(hMask, 16).toString(2);
-1100     } catch(ex) {
-1101 	throw malformedErr;
-1102     }
-1103     if (! bMask.match(/^1*0*$/)) throw malformedErr;
-1104     return bMask.replace(/0+$/, '').length;
-1105 }
-1106 
-1107 /**
-1108  * convert IPv4/v6 addresss to a hexadecimal string<br/>
-1109  * @name iptohex
-1110  * @function
-1111  * @param {String} s IPv4/v6 address string
-1112  * @return {String} hexadecimal string of IP address
-1113  * @since jsrsasign 8.0.12 base64x 1.1.14
-1114  * @see hextoip
-1115  * @see ipv6tohex
-1116  *
-1117  * @description
-1118  * This function converts IPv4 or IPv6 address string to
-1119  * a hexadecimal string of IPv4 or IPv6 address.
-1120  * <br/>
-1121  * NOTE: From jsrsasign 10.5.17, CIDR net mask notation also supported.
-1122  *
-1123  * @example
-1124  * iptohex("192.168.1.1") → "c0a80101"
-1125  * iptohex("2001:db8::4") → "871020010db8000000000000000000000004"
-1126  * iptohex("192.168.1.1/24") → "c0a80101ffffff00"
-1127  * iptohex("2001:db8::/120") → "871020010db8000000000000000000000000ffffffffffffffffffffffffffffffffff00"
-1128  * iptohex("zzz")) → raise exception
-1129  */
-1130 function iptohex(s) {
-1131     var malformedErr = new Error("malformed IP address");
-1132     s = s.toLowerCase(s);
-1133 
-1134     if (! s.match(/^[0-9a-f.:/]+$/) ) throw malformedErr;
-1135 
-1136     if (s.match(/^[0-9.]+$/)) {
-1137 	var a = s.split(".");
-1138 	if (a.length !== 4) throw malformedErr;
-1139 	var hex = "";
-1140 	try {
-1141 	    for (var i = 0; i < 4; i++) {
-1142 		var d = parseInt(a[i]);
-1143 		hex += ("0" + d.toString(16)).slice(-2);
-1144 	    }
-1145 	    return hex;
-1146 	} catch(ex) {
-1147 	    throw malformedErr;
-1148 	}
-1149     } else if (s.match(/^[0-9.]+\/[0-9]+$/)) {
-1150 	var aItem = s.split("/");
-1151 	return iptohex(aItem[0]) + ipnetmask(parseInt(aItem[1]), 32);
-1152     } else if (s.match(/^[0-9a-f:]+$/) && s.indexOf(":") !== -1) {
-1153 	return ipv6tohex(s);
-1154     } else if (s.match(/^[0-9a-f:]+\/[0-9]+$/) && s.indexOf(":") !== -1) {
-1155 	var aItem = s.split("/");
-1156 	return ipv6tohex(aItem[0]) + ipnetmask(parseInt(aItem[1]), 128);
-1157     } else {
-1158 	throw malformedErr;
-1159     }
-1160 }
-1161 
-1162 /*
-1163  * convert ip prefix length to net mask octets<br/>
-1164  * @param {number} prefixlen ip prefix length value (ex. 24 for IPv4 class C)
-1165  * @param {number} len ip address length (ex. 32 for IPv4 and 128 for IPv6)
-1166  * @return {string} hexadecimal string of net mask octets
-1167  * @example
-1168  * ipnetmask(24, 32) → "ffffff00" 
-1169  * ipnetmask(120, 128) → "ffffffffffffffffffffffffffffff00"
-1170  */
-1171 function ipnetmask(prefixlen, len) {
-1172     if (len == 32 && prefixlen == 0) return "00000000"; // v4
-1173     if (len == 128 && prefixlen == 0) return "00000000000000000000000000000000"; // v6
-1174     var b = Array(prefixlen + 1).join("1") + Array(len - prefixlen + 1).join("0");
-1175     return new BigInteger(b, 2).toString(16);
-1176 }
-1177 
-1178 // ==== ucs2hex / utf8 ==============================
-1179 
-1180 /**
-1181  * convert UCS-2 hexadecimal stirng to UTF-8 string<br/>
-1182  * @name ucs2hextoutf8
-1183  * @function
-1184  * @param {String} s hexadecimal string of UCS-2 string (ex. "0066")
-1185  * @return {String} UTF-8 string
-1186  * @since jsrsasign 10.1.13 base64x 1.1.20
-1187  * @description
-1188  * This function converts hexadecimal value of UCS-2 string to 
-1189  * UTF-8 string.
-1190  * @example
-1191  * ucs2hextoutf8("006600fc0072") &rarr "für"
-1192  */
-1193 /*
-1194 See: http://nomenclator.la.coocan.jp/unicode/ucs_utf.htm
-1195 UCS-2 to UTF-8
-1196 UCS-2 code point | UCS-2 bytes       | UTF-8 bytes
-1197 U+0000 .. U+007F | 00000000-0xxxxxxx | 0xxxxxxx (1 byte)
-1198 U+0080 .. U+07FF | 00000xxx-xxyyyyyy | 110xxxxx 10yyyyyy (2 byte)
-1199 U+0800 .. U+FFFF | xxxxyyyy-yyzzzzzz | 1110xxxx 10yyyyyy 10zzzzzz (3 byte)
-1200  */
-1201 function ucs2hextoutf8(s) {
-1202     function _conv(s) {
-1203 	var i1 = parseInt(s.substr(0, 2), 16);
-1204 	var i2 = parseInt(s.substr(2), 16);
-1205 	if (i1 == 0 & i2 < 0x80) { // 1 byte
-1206 	    return String.fromCharCode(i2);
-1207 	}
-1208 	if (i1 < 8) { // 2 bytes
-1209 	    var u1 = 0xc0 | ((i1 & 0x07) << 3) | ((i2 & 0xc0) >> 6);
-1210 	    var u2 = 0x80 | (i2 & 0x3f);
-1211 	    return hextoutf8(u1.toString(16) + u2.toString(16));
-1212 	}
-1213 	// 3 bytes
-1214 	var u1 = 0xe0 | ((i1 & 0xf0) >> 4);
-1215 	var u2 = 0x80 | ((i1 & 0x0f) << 2) | ((i2 & 0xc0) >> 6);
-1216 	var u3 = 0x80 | (i2 & 0x3f);
-1217 	return hextoutf8(u1.toString(16) + u2.toString(16) + u3.toString(16));
-1218     }
-1219     var a = s.match(/.{4}/g);
-1220     var a2 = a.map(_conv);
-1221     return a2.join("");
-1222 }
-1223 
-1224 // ==== URIComponent ================================
-1225 /**
-1226  * convert UTFa hexadecimal string to a URLComponent string such like "%67%68".<br/>
-1227  * Note that these "<code>0-9A-Za-z!'()*-._~</code>" characters will not
-1228  * converted to "%xx" format by builtin 'encodeURIComponent()' function.
-1229  * However this 'encodeURIComponentAll()' function will convert 
-1230  * all of characters into "%xx" format.
-1231  * @name encodeURIComponentAll
-1232  * @function
-1233  * @param {String} s hexadecimal string
-1234  * @return {String} URIComponent string such like "%67%68"
-1235  * @since 1.1
-1236  */
-1237 function encodeURIComponentAll(u8) {
-1238   var s = encodeURIComponent(u8);
-1239   var s2 = "";
-1240   for (var i = 0; i < s.length; i++) {
-1241     if (s[i] == "%") {
-1242       s2 = s2 + s.substr(i, 3);
-1243       i = i + 2;
-1244     } else {
-1245       s2 = s2 + "%" + stohex(s[i]);
-1246     }
-1247   }
-1248   return s2;
-1249 }
-1250 
-1251 // ==== new lines ================================
-1252 /**
-1253  * convert all DOS new line("\r\n") to UNIX new line("\n") in 
-1254  * a String "s".
-1255  * @name newline_toUnix
-1256  * @function
-1257  * @param {String} s string 
-1258  * @return {String} converted string
-1259  */
-1260 function newline_toUnix(s) {
-1261     s = s.replace(/\r\n/mg, "\n");
-1262     return s;
-1263 }
-1264 
-1265 /**
-1266  * convert all UNIX new line("\r\n") to DOS new line("\n") in 
-1267  * a String "s".
-1268  * @name newline_toDos
-1269  * @function
-1270  * @param {String} s string 
-1271  * @return {String} converted string
-1272  */
-1273 function newline_toDos(s) {
-1274     s = s.replace(/\r\n/mg, "\n");
-1275     s = s.replace(/\n/mg, "\r\n");
-1276     return s;
-1277 }
-1278 
-1279 // ==== string type checker ===================
-1280 
-1281 /**
-1282  * check whether a string is an integer string or not<br/>
-1283  * @name isInteger
-1284  * @memberOf KJUR.lang.String
-1285  * @function
-1286  * @static
-1287  * @param {String} s input string
-1288  * @return {Boolean} true if a string "s" is an integer string otherwise false
-1289  * @since base64x 1.1.7 jsrsasign 5.0.13
-1290  * @example
-1291  * KJUR.lang.String.isInteger("12345") → true
-1292  * KJUR.lang.String.isInteger("123ab") → false
-1293  */
-1294 KJUR.lang.String.isInteger = function(s) {
-1295     if (s.match(/^[0-9]+$/)) {
-1296 	return true;
-1297     } else if (s.match(/^-[0-9]+$/)) {
-1298 	return true;
-1299     } else {
-1300 	return false;
-1301     }
-1302 };
-1303 
-1304 /**
-1305  * check whether a string is an hexadecimal string or not (DEPRECATED)<br/>
-1306  * @name isHex
-1307  * @memberOf KJUR.lang.String
-1308  * @function
-1309  * @static
-1310  * @param {String} s input string
-1311  * @return {Boolean} true if a string "s" is an hexadecimal string otherwise false
-1312  * @since base64x 1.1.7 jsrsasign 5.0.13
-1313  * @deprecated from 10.0.6. please use {@link ishex}
-1314  * @see ishex
-1315  * @example
-1316  * KJUR.lang.String.isHex("1234") → true
-1317  * KJUR.lang.String.isHex("12ab") → true
-1318  * KJUR.lang.String.isHex("12AB") → true
-1319  * KJUR.lang.String.isHex("12ZY") → false
-1320  * KJUR.lang.String.isHex("121") → false -- odd length
-1321  */
-1322 KJUR.lang.String.isHex = function(s) {
-1323     return ishex(s);
-1324 };
-1325 
-1326 /**
-1327  * check whether a string is an hexadecimal string or not<br/>
-1328  * @name ishex
-1329  * @function
-1330  * @static
-1331  * @param {String} s input string
-1332  * @return {Boolean} true if a string "s" is an hexadecimal string otherwise false
-1333  * @since base64x 1.1.7 jsrsasign 5.0.13
-1334  * @example
-1335  * ishex("1234") → true
-1336  * ishex("12ab") → true
-1337  * ishex("12AB") → true
-1338  * ishex("12ZY") → false
-1339  * ishex("121") → false -- odd length
-1340  */
-1341 function ishex(s) {
-1342     if (s.length % 2 == 0 &&
-1343 	(s.match(/^[0-9a-f]+$/) || s.match(/^[0-9A-F]+$/))) {
-1344 	return true;
-1345     } else {
-1346 	return false;
-1347     }
-1348 };
-1349 
-1350 /**
-1351  * check whether a string is a base64 encoded string or not<br/>
-1352  * Input string can conclude new lines or space characters.
-1353  * @name isBase64
-1354  * @memberOf KJUR.lang.String
-1355  * @function
-1356  * @static
-1357  * @param {String} s input string
-1358  * @return {Boolean} true if a string "s" is a base64 encoded string otherwise false
-1359  * @since base64x 1.1.7 jsrsasign 5.0.13
-1360  * @example
-1361  * KJUR.lang.String.isBase64("YWE=") → true
-1362  * KJUR.lang.String.isBase64("YW_=") → false
-1363  * KJUR.lang.String.isBase64("YWE") → false -- length shall be multiples of 4
-1364  */
-1365 KJUR.lang.String.isBase64 = function(s) {
-1366     s = s.replace(/\s+/g, "");
-1367     if (s.match(/^[0-9A-Za-z+\/]+={0,3}$/) && s.length % 4 == 0) {
-1368 	return true;
-1369     } else {
-1370 	return false;
-1371     }
-1372 };
-1373 
-1374 /**
-1375  * check whether a string is a base64url encoded string or not<br/>
-1376  * Input string can conclude new lines or space characters.
-1377  * @name isBase64URL
-1378  * @memberOf KJUR.lang.String
-1379  * @function
-1380  * @static
-1381  * @param {String} s input string
-1382  * @return {Boolean} true if a string "s" is a base64url encoded string otherwise false
-1383  * @since base64x 1.1.7 jsrsasign 5.0.13
-1384  * @example
-1385  * KJUR.lang.String.isBase64URL("YWE") → true
-1386  * KJUR.lang.String.isBase64URL("YW-") → true
-1387  * KJUR.lang.String.isBase64URL("YW+") → false
-1388  */
-1389 KJUR.lang.String.isBase64URL = function(s) {
-1390     if (s.match(/[+/=]/)) return false;
-1391     s = b64utob64(s);
-1392     return KJUR.lang.String.isBase64(s);
-1393 };
-1394 
-1395 
-1396 /**
-1397  * check whether a string is a base64url encoded string and dot or not<br/>
-1398  * Input string can conclude new lines or space characters.
-1399  * @name isBase64URLDot
-1400  * @function
-1401  * @static
-1402  * @param {String} s input string
-1403  * @return {Boolean} true if a string "s" is a base64url encoded string and dot otherwise false
-1404  * @since base64x 1.1.30 jsrsasign 10.5.25
-1405  * @example
-1406  * isBase64URLDot("YWE") → true
-1407  * isBase64URLDot("YWE.YWE.YWE") → true
-1408  * isBase64URLDot("YW-") → true
-1409  * isBase64URLDot("YW+") → false
-1410  */
-1411 function isBase64URLDot(s) {
-1412     if (s.match(/^[0-9A-Za-z-_.]+$/)) return true;
-1413     return false;
-1414 }
-1415 
-1416 /**
-1417  * check whether a string is a string of integer array or not<br/>
-1418  * Input string can conclude new lines or space characters.
-1419  * @name isIntegerArray
-1420  * @memberOf KJUR.lang.String
-1421  * @function
-1422  * @static
-1423  * @param {String} s input string
-1424  * @return {Boolean} true if a string "s" is a string of integer array otherwise false
-1425  * @since base64x 1.1.7 jsrsasign 5.0.13
-1426  * @example
-1427  * KJUR.lang.String.isIntegerArray("[1,2,3]") → true
-1428  * KJUR.lang.String.isIntegerArray("  [1, 2, 3  ] ") → true
-1429  * KJUR.lang.String.isIntegerArray("[a,2]") → false
-1430  */
-1431 KJUR.lang.String.isIntegerArray = function(s) {
-1432     s = s.replace(/\s+/g, "");
-1433     if (s.match(/^\[[0-9,]+\]$/)) {
-1434 	return true;
-1435     } else {
-1436 	return false;
-1437     }
-1438 };
-1439 
-1440 /**
-1441  * check whether a string consists of PrintableString characters<br/>
-1442  * @name isPrintable
-1443  * @memberOf KJUR.lang.String
-1444  * @function
-1445  * @static
-1446  * @param {String} s input string
-1447  * @return {Boolean} true if a string "s" consists of PrintableString characters
-1448  * @since jsrsasign 9.0.0 base64x 1.1.16
-1449  * A PrintableString consists of following characters
-1450  * <pre>
-1451  * 0-9A-Za-z '()+,-./:=?
-1452  * </pre>
-1453  * This method returns false when other characters than above.
-1454  * Otherwise it returns true.
-1455  * @example
-1456  * KJUR.lang.String.isPrintable("abc") → true
-1457  * KJUR.lang.String.isPrintable("abc@") → false
-1458  * KJUR.lang.String.isPrintable("あいう") → false
-1459  */
-1460 KJUR.lang.String.isPrintable = function(s) {
-1461     if (s.match(/^[0-9A-Za-z '()+,-./:=?]*$/) !== null) return true;
-1462     return false;
-1463 };
-1464 
-1465 /**
-1466  * check whether a string consists of IAString characters<br/>
-1467  * @name isIA5
-1468  * @memberOf KJUR.lang.String
-1469  * @function
-1470  * @static
-1471  * @param {String} s input string
-1472  * @return {Boolean} true if a string "s" consists of IA5String characters
-1473  * @since jsrsasign 9.0.0 base64x 1.1.16
-1474  * A IA5String consists of following characters
-1475  * <pre>
-1476  * %x00-21/%x23-7F (i.e. ASCII characters excludes double quote(%x22)
-1477  * </pre>
-1478  * This method returns false when other characters than above.
-1479  * Otherwise it returns true.
-1480  * @example
-1481  * KJUR.lang.String.isIA5("abc") → true
-1482  * KJUR.lang.String.isIA5('"abc"') → false
-1483  * KJUR.lang.String.isIA5("あいう") → false
-1484  */
-1485 KJUR.lang.String.isIA5 = function(s) {
-1486     if (s.match(/^[\x20-\x21\x23-\x7f]*$/) !== null) return true;
-1487     return false;
-1488 };
-1489 
-1490 /**
-1491  * check whether a string is RFC 822 mail address<br/>
-1492  * @name isMail
-1493  * @memberOf KJUR.lang.String
-1494  * @function
-1495  * @static
-1496  * @param {String} s input string
-1497  * @return {Boolean} true if a string "s" RFC 822 mail address
-1498  * @since jsrsasign 9.0.0 base64x 1.1.16
-1499  * This static method will check string s is RFC 822 compliant mail address.
-1500  * @example
-1501  * KJUR.lang.String.isMail("abc") → false
-1502  * KJUR.lang.String.isMail("abc@example") → false
-1503  * KJUR.lang.String.isMail("abc@example.com") → true
-1504  */
-1505 KJUR.lang.String.isMail = function(s) {
-1506     if (s.match(/^[A-Za-z0-9]{1}[A-Za-z0-9_.-]*@{1}[A-Za-z0-9_.-]{1,}\.[A-Za-z0-9]{1,}$/) !== null) return true;
-1507     return false;
-1508 };
-1509 
-1510 // ==== others ================================
-1511 
-1512 /**
-1513  * canonicalize hexadecimal string of positive integer<br/>
-1514  * @name hextoposhex
-1515  * @function
-1516  * @param {String} s hexadecimal string 
-1517  * @return {String} canonicalized hexadecimal string of positive integer
-1518  * @since base64x 1.1.10 jsrsasign 7.1.4
-1519  * @description
-1520  * This method canonicalize a hexadecimal string of positive integer
-1521  * for two's complement representation.
-1522  * Canonicalized hexadecimal string of positive integer will be:
-1523  * <ul>
-1524  * <li>Its length is always even.</li>
-1525  * <li>If odd length it will be padded with leading zero.<li>
-1526  * <li>If it is even length and its first character is "8" or greater,
-1527  * it will be padded with "00" to make it positive integer.</li>
-1528  * </ul>
-1529  * @example
-1530  * hextoposhex("abcd") → "00abcd"
-1531  * hextoposhex("1234") → "1234"
-1532  * hextoposhex("12345") → "012345"
-1533  */
-1534 function hextoposhex(s) {
-1535     if (s.length % 2 == 1) return "0" + s;
-1536     if (s.substr(0, 1) > "7") return "00" + s;
-1537     return s;
-1538 }
-1539 
-1540 /**
-1541  * convert string of integer array to hexadecimal string.<br/>
-1542  * @name intarystrtohex
-1543  * @function
-1544  * @param {String} s string of integer array
-1545  * @return {String} hexadecimal string
-1546  * @since base64x 1.1.6 jsrsasign 5.0.2
-1547  * @throws "malformed integer array string: *" for wrong input
-1548  * @description
-1549  * This function converts a string of JavaScript integer array to
-1550  * a hexadecimal string. Each integer value shall be in a range 
-1551  * from 0 to 255 otherwise it raise exception. Input string can
-1552  * have extra space or newline string so that they will be ignored.
-1553  * 
-1554  * @example
-1555  * intarystrtohex(" [123, 34, 101, 34, 58] ")
-1556  * → 7b2265223a (i.e. '{"e":' as string)
-1557  */
-1558 function intarystrtohex(s) {
-1559   s = s.replace(/^\s*\[\s*/, '');
-1560   s = s.replace(/\s*\]\s*$/, '');
-1561   s = s.replace(/\s*/g, '');
-1562   try {
-1563     var hex = s.split(/,/).map(function(element, index, array) {
-1564       var i = parseInt(element);
-1565       if (i < 0 || 255 < i) throw "integer not in range 0-255";
-1566       var hI = ("00" + i.toString(16)).slice(-2);
-1567       return hI;
-1568     }).join('');
-1569     return hex;
-1570   } catch(ex) {
-1571     throw "malformed integer array string: " + ex;
-1572   }
-1573 }
-1574 
-1575 /**
-1576  * find index of string where two string differs
-1577  * @name strdiffidx
-1578  * @function
-1579  * @param {String} s1 string to compare
-1580  * @param {String} s2 string to compare
-1581  * @return {Number} string index of where character differs. Return -1 if same.
-1582  * @since jsrsasign 4.9.0 base64x 1.1.5
-1583  * @example
-1584  * strdiffidx("abcdefg", "abcd4fg") -> 4
-1585  * strdiffidx("abcdefg", "abcdefg") -> -1
-1586  * strdiffidx("abcdefg", "abcdef") -> 6
-1587  * strdiffidx("abcdefgh", "abcdef") -> 6
-1588  */
-1589 var strdiffidx = function(s1, s2) {
-1590     var n = s1.length;
-1591     if (s1.length > s2.length) n = s2.length;
-1592     for (var i = 0; i < n; i++) {
-1593 	if (s1.charCodeAt(i) != s2.charCodeAt(i)) return i;
-1594     }
-1595     if (s1.length != s2.length) return n;
-1596     return -1; // same
-1597 };
-1598 
-1599 // ==== hex / oid =================================
-1600 
-1601 /**
-1602  * get hexadecimal value of object identifier from dot noted oid value
-1603  * @name oidtohex
-1604  * @function
-1605  * @param {String} oidString dot noted string of object identifier
-1606  * @return {String} hexadecimal value of object identifier
-1607  * @since jsrsasign 10.1.0 base64x 1.1.18
-1608  * @see hextooid
-1609  * @see ASN1HEX.hextooidstr
-1610  * @see KJUR.asn1.ASN1Util.oidIntToHex
-1611  * @description
-1612  * This static method converts from object identifier value string.
-1613  * to hexadecimal string representation of it.
-1614  * {@link hextooid} is a reverse function of this.
+1027     // 1. downcase
+1028     s = s.toLowerCase();
+1029 
+1030     // 2. split 4 > ["0123", "00a4", "0000", ..., "ffff"]
+1031     var a = s.match(/.{1,4}/g);
+1032 
+1033     // 3. trim leading 0 for items and join > "123:a4:0:...:ffff"
+1034     a = a.map(function(s){return s.replace(/^0+/, '')});
+1035     a = a.map(function(s){return s == '' ? '0' : s});
+1036     s = ':' + a.join(':') + ':';
+1037 
+1038     // 4. find shrinkable candidates :0:0:..:0:
+1039     var aZero = s.match(/:(0:){2,}/g);
+1040 
+1041     // 5. no shrinkable
+1042     if (aZero == null) return s.slice(1, -1);
+1043 
+1044     // 6. fix max length zero(:0:...:0:)
+1045     var sMaxZero = aZero.sort().slice(-1)[0];
+1046 
+1047     // 7. replace shrinked
+1048     s = s.replace(sMaxZero.substr(0, sMaxZero.length - 1), ':');
+1049 
+1050     // 8. trim leading ':' if not '::'
+1051     if (s.substr(0, 2) != '::') s = s.substr(1);
+1052 
+1053     // 9. trim tail ':' if not '::'
+1054     if (s.substr(-2, 2) != '::') s = s.substr(0, s.length - 1);
+1055 
+1056     return s;
+1057 }
+1058 
+1059 // ==== hex / ip =================================
+1060 
+1061 /**
+1062  * convert a hexadecimal string to IP addresss<br/>
+1063  * @name hextoip
+1064  * @function
+1065  * @param {String} s hexadecimal string of IP address
+1066  * @return {String} IP address string
+1067  * @since jsrsasign 8.0.10 base64x 1.1.13
+1068  * @see hextoipv6
+1069  * @see iptohex
+1070  *
+1071  * @description
+1072  * This function converts a hexadecimal string of IPv4 or 
+1073  * IPv6 address to IPv4 or IPv6 address string.
+1074  * If byte length is not 4 nor 16, this returns a
+1075  * hexadecimal string without conversion.
+1076  * <br/>
+1077  * NOTE: From jsrsasign 10.5.17, CIDR subnet mask notation also supported.
+1078  *
+1079  * @example
+1080  * hextoip("c0a80101") → "192.168.1.1"
+1081  * hextoip("871020010db8000000000000000000000004") &rarr "2001:db8::4"
+1082  * hextoip("c0a80100ffffff00") → "192.168.1.0/24"
+1083  * hextoip("c0a801010203") → "c0a801010203" // wrong 6 bytes
+1084  * hextoip("zzz")) → raise exception because of not hexadecimal
+1085  */
+1086 function hextoip(s) {
+1087     var malformedErr = new Error("malformed hex value");
+1088     if (! s.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/))
+1089 	throw malformedErr;
+1090     if (s.length == 8) { // ipv4
+1091 	var ip;
+1092 	try {
+1093 	    ip = parseInt(s.substr(0, 2), 16) + "." +
+1094  		 parseInt(s.substr(2, 2), 16) + "." +
+1095 		 parseInt(s.substr(4, 2), 16) + "." +
+1096 		 parseInt(s.substr(6, 2), 16);
+1097 	    return ip;
+1098 	} catch (ex) {
+1099 	    throw malformedErr;
+1100 	}
+1101   } else if (s.length == 16) {
+1102       try {
+1103 	  return hextoip(s.substr(0, 8)) + "/" + ipprefixlen(s.substr(8));
+1104       } catch (ex) {
+1105 	  throw malformedErr;
+1106       }
+1107   } else if (s.length == 32) {
+1108       return hextoipv6(s);
+1109   } else if (s.length == 64) {
+1110       try {
+1111 	  return hextoipv6(s.substr(0, 32)) + "/" + ipprefixlen(s.substr(32));
+1112       } catch (ex) {
+1113 	  throw malformedErr;
+1114       }
+1115       return 
+1116   } else {
+1117     return s;
+1118   }
+1119 }
+1120 
+1121 /*
+1122  * convert subnet mask hex to ip address prefix length<br/>
+1123  * @name ipprefixlen
+1124  * @param {string} hMask hexadecimal string of ipv4/6 subnet mask (ex. "ffffff00" for v4 class C)
+1125  * @return {nummber} ip address prefix length (ex. 24 for IPv4 class C)
+1126  */
+1127 function ipprefixlen(hMask) {
+1128     var malformedErr = new Error("malformed mask");
+1129     var bMask;
+1130     try {
+1131 	bMask = new BigInteger(hMask, 16).toString(2);
+1132     } catch(ex) {
+1133 	throw malformedErr;
+1134     }
+1135     if (! bMask.match(/^1*0*$/)) throw malformedErr;
+1136     return bMask.replace(/0+$/, '').length;
+1137 }
+1138 
+1139 /**
+1140  * convert IPv4/v6 addresss to a hexadecimal string<br/>
+1141  * @name iptohex
+1142  * @function
+1143  * @param {String} s IPv4/v6 address string
+1144  * @return {String} hexadecimal string of IP address
+1145  * @since jsrsasign 8.0.12 base64x 1.1.14
+1146  * @see hextoip
+1147  * @see ipv6tohex
+1148  *
+1149  * @description
+1150  * This function converts IPv4 or IPv6 address string to
+1151  * a hexadecimal string of IPv4 or IPv6 address.
+1152  * <br/>
+1153  * NOTE: From jsrsasign 10.5.17, CIDR net mask notation also supported.
+1154  *
+1155  * @example
+1156  * iptohex("192.168.1.1") → "c0a80101"
+1157  * iptohex("2001:db8::4") → "871020010db8000000000000000000000004"
+1158  * iptohex("192.168.1.1/24") → "c0a80101ffffff00"
+1159  * iptohex("2001:db8::/120") → "871020010db8000000000000000000000000ffffffffffffffffffffffffffffffffff00"
+1160  * iptohex("zzz")) → raise exception
+1161  */
+1162 function iptohex(s) {
+1163     var malformedErr = new Error("malformed IP address");
+1164     s = s.toLowerCase(s);
+1165 
+1166     if (! s.match(/^[0-9a-f.:/]+$/) ) throw malformedErr;
+1167 
+1168     if (s.match(/^[0-9.]+$/)) {
+1169 	var a = s.split(".");
+1170 	if (a.length !== 4) throw malformedErr;
+1171 	var hex = "";
+1172 	try {
+1173 	    for (var i = 0; i < 4; i++) {
+1174 		var d = parseInt(a[i]);
+1175 		hex += ("0" + d.toString(16)).slice(-2);
+1176 	    }
+1177 	    return hex;
+1178 	} catch(ex) {
+1179 	    throw malformedErr;
+1180 	}
+1181     } else if (s.match(/^[0-9.]+\/[0-9]+$/)) {
+1182 	var aItem = s.split("/");
+1183 	return iptohex(aItem[0]) + ipnetmask(parseInt(aItem[1]), 32);
+1184     } else if (s.match(/^[0-9a-f:]+$/) && s.indexOf(":") !== -1) {
+1185 	return ipv6tohex(s);
+1186     } else if (s.match(/^[0-9a-f:]+\/[0-9]+$/) && s.indexOf(":") !== -1) {
+1187 	var aItem = s.split("/");
+1188 	return ipv6tohex(aItem[0]) + ipnetmask(parseInt(aItem[1]), 128);
+1189     } else {
+1190 	throw malformedErr;
+1191     }
+1192 }
+1193 
+1194 /*
+1195  * convert ip prefix length to net mask octets<br/>
+1196  * @param {number} prefixlen ip prefix length value (ex. 24 for IPv4 class C)
+1197  * @param {number} len ip address length (ex. 32 for IPv4 and 128 for IPv6)
+1198  * @return {string} hexadecimal string of net mask octets
+1199  * @example
+1200  * ipnetmask(24, 32) → "ffffff00" 
+1201  * ipnetmask(120, 128) → "ffffffffffffffffffffffffffffff00"
+1202  */
+1203 function ipnetmask(prefixlen, len) {
+1204     if (len == 32 && prefixlen == 0) return "00000000"; // v4
+1205     if (len == 128 && prefixlen == 0) return "00000000000000000000000000000000"; // v6
+1206     var b = Array(prefixlen + 1).join("1") + Array(len - prefixlen + 1).join("0");
+1207     return new BigInteger(b, 2).toString(16);
+1208 }
+1209 
+1210 // ==== ucs2hex / utf8 ==============================
+1211 
+1212 /**
+1213  * convert UCS-2 hexadecimal stirng to UTF-8 string<br/>
+1214  * @name ucs2hextoutf8
+1215  * @function
+1216  * @param {String} s hexadecimal string of UCS-2 string (ex. "0066")
+1217  * @return {String} UTF-8 string
+1218  * @since jsrsasign 10.1.13 base64x 1.1.20
+1219  * @description
+1220  * This function converts hexadecimal value of UCS-2 string to 
+1221  * UTF-8 string.
+1222  * @example
+1223  * ucs2hextoutf8("006600fc0072") &rarr "für"
+1224  */
+1225 /*
+1226 See: http://nomenclator.la.coocan.jp/unicode/ucs_utf.htm
+1227 UCS-2 to UTF-8
+1228 UCS-2 code point | UCS-2 bytes       | UTF-8 bytes
+1229 U+0000 .. U+007F | 00000000-0xxxxxxx | 0xxxxxxx (1 byte)
+1230 U+0080 .. U+07FF | 00000xxx-xxyyyyyy | 110xxxxx 10yyyyyy (2 byte)
+1231 U+0800 .. U+FFFF | xxxxyyyy-yyzzzzzz | 1110xxxx 10yyyyyy 10zzzzzz (3 byte)
+1232  */
+1233 function ucs2hextoutf8(s) {
+1234     function _conv(s) {
+1235 	var i1 = parseInt(s.substr(0, 2), 16);
+1236 	var i2 = parseInt(s.substr(2), 16);
+1237 	if (i1 == 0 & i2 < 0x80) { // 1 byte
+1238 	    return String.fromCharCode(i2);
+1239 	}
+1240 	if (i1 < 8) { // 2 bytes
+1241 	    var u1 = 0xc0 | ((i1 & 0x07) << 3) | ((i2 & 0xc0) >> 6);
+1242 	    var u2 = 0x80 | (i2 & 0x3f);
+1243 	    return hextoutf8(u1.toString(16) + u2.toString(16));
+1244 	}
+1245 	// 3 bytes
+1246 	var u1 = 0xe0 | ((i1 & 0xf0) >> 4);
+1247 	var u2 = 0x80 | ((i1 & 0x0f) << 2) | ((i2 & 0xc0) >> 6);
+1248 	var u3 = 0x80 | (i2 & 0x3f);
+1249 	return hextoutf8(u1.toString(16) + u2.toString(16) + u3.toString(16));
+1250     }
+1251     var a = s.match(/.{4}/g);
+1252     var a2 = a.map(_conv);
+1253     return a2.join("");
+1254 }
+1255 
+1256 // ==== URIComponent ================================
+1257 /**
+1258  * convert UTFa hexadecimal string to a URLComponent string such like "%67%68".<br/>
+1259  * Note that these "<code>0-9A-Za-z!'()*-._~</code>" characters will not
+1260  * converted to "%xx" format by builtin 'encodeURIComponent()' function.
+1261  * However this 'encodeURIComponentAll()' function will convert 
+1262  * all of characters into "%xx" format.
+1263  * @name encodeURIComponentAll
+1264  * @function
+1265  * @param {String} s hexadecimal string
+1266  * @return {String} URIComponent string such like "%67%68"
+1267  * @since 1.1
+1268  */
+1269 function encodeURIComponentAll(u8) {
+1270   var s = encodeURIComponent(u8);
+1271   var s2 = "";
+1272   for (var i = 0; i < s.length; i++) {
+1273     if (s[i] == "%") {
+1274       s2 = s2 + s.substr(i, 3);
+1275       i = i + 2;
+1276     } else {
+1277       s2 = s2 + "%" + stohex(s[i]);
+1278     }
+1279   }
+1280   return s2;
+1281 }
+1282 
+1283 // ==== new lines ================================
+1284 /**
+1285  * convert all DOS new line("\r\n") to UNIX new line("\n") in 
+1286  * a String "s".
+1287  * @name newline_toUnix
+1288  * @function
+1289  * @param {String} s string 
+1290  * @return {String} converted string
+1291  */
+1292 function newline_toUnix(s) {
+1293     s = s.replace(/\r\n/mg, "\n");
+1294     return s;
+1295 }
+1296 
+1297 /**
+1298  * convert all UNIX new line("\r\n") to DOS new line("\n") in 
+1299  * a String "s".
+1300  * @name newline_toDos
+1301  * @function
+1302  * @param {String} s string 
+1303  * @return {String} converted string
+1304  */
+1305 function newline_toDos(s) {
+1306     s = s.replace(/\r\n/mg, "\n");
+1307     s = s.replace(/\n/mg, "\r\n");
+1308     return s;
+1309 }
+1310 
+1311 // ==== string type checker ===================
+1312 
+1313 /**
+1314  * check whether a string is an integer string or not<br/>
+1315  * @name isInteger
+1316  * @memberOf KJUR.lang.String
+1317  * @function
+1318  * @static
+1319  * @param {String} s input string
+1320  * @return {Boolean} true if a string "s" is an integer string otherwise false
+1321  * @since base64x 1.1.7 jsrsasign 5.0.13
+1322  * @example
+1323  * KJUR.lang.String.isInteger("12345") → true
+1324  * KJUR.lang.String.isInteger("123ab") → false
+1325  */
+1326 KJUR.lang.String.isInteger = function(s) {
+1327     if (s.match(/^[0-9]+$/)) {
+1328 	return true;
+1329     } else if (s.match(/^-[0-9]+$/)) {
+1330 	return true;
+1331     } else {
+1332 	return false;
+1333     }
+1334 };
+1335 
+1336 /**
+1337  * check whether a string is an hexadecimal string or not (DEPRECATED)<br/>
+1338  * @name isHex
+1339  * @memberOf KJUR.lang.String
+1340  * @function
+1341  * @static
+1342  * @param {String} s input string
+1343  * @return {Boolean} true if a string "s" is an hexadecimal string otherwise false
+1344  * @since base64x 1.1.7 jsrsasign 5.0.13
+1345  * @deprecated from 10.0.6. please use {@link ishex}
+1346  * @see ishex
+1347  * @example
+1348  * KJUR.lang.String.isHex("1234") → true
+1349  * KJUR.lang.String.isHex("12ab") → true
+1350  * KJUR.lang.String.isHex("12AB") → true
+1351  * KJUR.lang.String.isHex("12ZY") → false
+1352  * KJUR.lang.String.isHex("121") → false -- odd length
+1353  */
+1354 KJUR.lang.String.isHex = function(s) {
+1355     return ishex(s);
+1356 };
+1357 
+1358 /**
+1359  * check whether a string is an hexadecimal string or not<br/>
+1360  * @name ishex
+1361  * @function
+1362  * @static
+1363  * @param {String} s input string
+1364  * @return {Boolean} true if a string "s" is an hexadecimal string otherwise false
+1365  * @since base64x 1.1.7 jsrsasign 5.0.13
+1366  * @example
+1367  * ishex("1234") → true
+1368  * ishex("12ab") → true
+1369  * ishex("12AB") → true
+1370  * ishex("12ZY") → false
+1371  * ishex("121") → false -- odd length
+1372  */
+1373 function ishex(s) {
+1374     if (s.length % 2 == 0 &&
+1375 	(s.match(/^[0-9a-f]+$/) || s.match(/^[0-9A-F]+$/))) {
+1376 	return true;
+1377     } else {
+1378 	return false;
+1379     }
+1380 };
+1381 
+1382 /**
+1383  * check whether a string is a base64 encoded string or not<br/>
+1384  * Input string can conclude new lines or space characters.
+1385  * @name isBase64
+1386  * @memberOf KJUR.lang.String
+1387  * @function
+1388  * @static
+1389  * @param {String} s input string
+1390  * @return {Boolean} true if a string "s" is a base64 encoded string otherwise false
+1391  * @since base64x 1.1.7 jsrsasign 5.0.13
+1392  * @example
+1393  * KJUR.lang.String.isBase64("YWE=") → true
+1394  * KJUR.lang.String.isBase64("YW_=") → false
+1395  * KJUR.lang.String.isBase64("YWE") → false -- length shall be multiples of 4
+1396  */
+1397 KJUR.lang.String.isBase64 = function(s) {
+1398     s = s.replace(/\s+/g, "");
+1399     if (s.match(/^[0-9A-Za-z+\/]+={0,3}$/) && s.length % 4 == 0) {
+1400 	return true;
+1401     } else {
+1402 	return false;
+1403     }
+1404 };
+1405 
+1406 /**
+1407  * check whether a string is a base64url encoded string or not<br/>
+1408  * Input string can conclude new lines or space characters.
+1409  * @name isBase64URL
+1410  * @memberOf KJUR.lang.String
+1411  * @function
+1412  * @static
+1413  * @param {String} s input string
+1414  * @return {Boolean} true if a string "s" is a base64url encoded string otherwise false
+1415  * @since base64x 1.1.7 jsrsasign 5.0.13
+1416  * @example
+1417  * KJUR.lang.String.isBase64URL("YWE") → true
+1418  * KJUR.lang.String.isBase64URL("YW-") → true
+1419  * KJUR.lang.String.isBase64URL("YW+") → false
+1420  */
+1421 KJUR.lang.String.isBase64URL = function(s) {
+1422     if (s.match(/[+/=]/)) return false;
+1423     s = b64utob64(s);
+1424     return KJUR.lang.String.isBase64(s);
+1425 };
+1426 
+1427 
+1428 /**
+1429  * check whether a string is a base64url encoded string and dot or not<br/>
+1430  * Input string can conclude new lines or space characters.
+1431  * @name isBase64URLDot
+1432  * @function
+1433  * @static
+1434  * @param {String} s input string
+1435  * @return {Boolean} true if a string "s" is a base64url encoded string and dot otherwise false
+1436  * @since base64x 1.1.30 jsrsasign 10.5.25
+1437  * @example
+1438  * isBase64URLDot("YWE") → true
+1439  * isBase64URLDot("YWE.YWE.YWE") → true
+1440  * isBase64URLDot("YW-") → true
+1441  * isBase64URLDot("YW+") → false
+1442  */
+1443 function isBase64URLDot(s) {
+1444     if (s.match(/^[0-9A-Za-z-_.]+$/)) return true;
+1445     return false;
+1446 }
+1447 
+1448 /**
+1449  * check whether a string is a string of integer array or not<br/>
+1450  * Input string can conclude new lines or space characters.
+1451  * @name isIntegerArray
+1452  * @memberOf KJUR.lang.String
+1453  * @function
+1454  * @static
+1455  * @param {String} s input string
+1456  * @return {Boolean} true if a string "s" is a string of integer array otherwise false
+1457  * @since base64x 1.1.7 jsrsasign 5.0.13
+1458  * @example
+1459  * KJUR.lang.String.isIntegerArray("[1,2,3]") → true
+1460  * KJUR.lang.String.isIntegerArray("  [1, 2, 3  ] ") → true
+1461  * KJUR.lang.String.isIntegerArray("[a,2]") → false
+1462  */
+1463 KJUR.lang.String.isIntegerArray = function(s) {
+1464     s = s.replace(/\s+/g, "");
+1465     if (s.match(/^\[[0-9,]+\]$/)) {
+1466 	return true;
+1467     } else {
+1468 	return false;
+1469     }
+1470 };
+1471 
+1472 /**
+1473  * check whether a string consists of PrintableString characters<br/>
+1474  * @name isPrintable
+1475  * @memberOf KJUR.lang.String
+1476  * @function
+1477  * @static
+1478  * @param {String} s input string
+1479  * @return {Boolean} true if a string "s" consists of PrintableString characters
+1480  * @since jsrsasign 9.0.0 base64x 1.1.16
+1481  * A PrintableString consists of following characters
+1482  * <pre>
+1483  * 0-9A-Za-z '()+,-./:=?
+1484  * </pre>
+1485  * This method returns false when other characters than above.
+1486  * Otherwise it returns true.
+1487  * @example
+1488  * KJUR.lang.String.isPrintable("abc") → true
+1489  * KJUR.lang.String.isPrintable("abc@") → false
+1490  * KJUR.lang.String.isPrintable("あいう") → false
+1491  */
+1492 KJUR.lang.String.isPrintable = function(s) {
+1493     if (s.match(/^[0-9A-Za-z '()+,-./:=?]*$/) !== null) return true;
+1494     return false;
+1495 };
+1496 
+1497 /**
+1498  * check whether a string consists of IAString characters<br/>
+1499  * @name isIA5
+1500  * @memberOf KJUR.lang.String
+1501  * @function
+1502  * @static
+1503  * @param {String} s input string
+1504  * @return {Boolean} true if a string "s" consists of IA5String characters
+1505  * @since jsrsasign 9.0.0 base64x 1.1.16
+1506  * A IA5String consists of following characters
+1507  * <pre>
+1508  * %x00-21/%x23-7F (i.e. ASCII characters excludes double quote(%x22)
+1509  * </pre>
+1510  * This method returns false when other characters than above.
+1511  * Otherwise it returns true.
+1512  * @example
+1513  * KJUR.lang.String.isIA5("abc") → true
+1514  * KJUR.lang.String.isIA5('"abc"') → false
+1515  * KJUR.lang.String.isIA5("あいう") → false
+1516  */
+1517 KJUR.lang.String.isIA5 = function(s) {
+1518     if (s.match(/^[\x20-\x21\x23-\x7f]*$/) !== null) return true;
+1519     return false;
+1520 };
+1521 
+1522 /**
+1523  * check whether a string is RFC 822 mail address<br/>
+1524  * @name isMail
+1525  * @memberOf KJUR.lang.String
+1526  * @function
+1527  * @static
+1528  * @param {String} s input string
+1529  * @return {Boolean} true if a string "s" RFC 822 mail address
+1530  * @since jsrsasign 9.0.0 base64x 1.1.16
+1531  * This static method will check string s is RFC 822 compliant mail address.
+1532  * @example
+1533  * KJUR.lang.String.isMail("abc") → false
+1534  * KJUR.lang.String.isMail("abc@example") → false
+1535  * KJUR.lang.String.isMail("abc@example.com") → true
+1536  */
+1537 KJUR.lang.String.isMail = function(s) {
+1538     if (s.match(/^[A-Za-z0-9]{1}[A-Za-z0-9_.-]*@{1}[A-Za-z0-9_.-]{1,}\.[A-Za-z0-9]{1,}$/) !== null) return true;
+1539     return false;
+1540 };
+1541 
+1542 // ==== others ================================
+1543 
+1544 /**
+1545  * canonicalize hexadecimal string of positive integer<br/>
+1546  * @name hextoposhex
+1547  * @function
+1548  * @param {String} s hexadecimal string 
+1549  * @return {String} canonicalized hexadecimal string of positive integer
+1550  * @since base64x 1.1.10 jsrsasign 7.1.4
+1551  * @description
+1552  * This method canonicalize a hexadecimal string of positive integer
+1553  * for two's complement representation.
+1554  * Canonicalized hexadecimal string of positive integer will be:
+1555  * <ul>
+1556  * <li>Its length is always even.</li>
+1557  * <li>If odd length it will be padded with leading zero.<li>
+1558  * <li>If it is even length and its first character is "8" or greater,
+1559  * it will be padded with "00" to make it positive integer.</li>
+1560  * </ul>
+1561  * @example
+1562  * hextoposhex("abcd") → "00abcd"
+1563  * hextoposhex("1234") → "1234"
+1564  * hextoposhex("12345") → "012345"
+1565  */
+1566 function hextoposhex(s) {
+1567     if (s.length % 2 == 1) return "0" + s;
+1568     if (s.substr(0, 1) > "7") return "00" + s;
+1569     return s;
+1570 }
+1571 
+1572 /**
+1573  * convert string of integer array to hexadecimal string.<br/>
+1574  * @name intarystrtohex
+1575  * @function
+1576  * @param {String} s string of integer array
+1577  * @return {String} hexadecimal string
+1578  * @since base64x 1.1.6 jsrsasign 5.0.2
+1579  * @throws "malformed integer array string: *" for wrong input
+1580  * @description
+1581  * This function converts a string of JavaScript integer array to
+1582  * a hexadecimal string. Each integer value shall be in a range 
+1583  * from 0 to 255 otherwise it raise exception. Input string can
+1584  * have extra space or newline string so that they will be ignored.
+1585  * 
+1586  * @example
+1587  * intarystrtohex(" [123, 34, 101, 34, 58] ")
+1588  * → 7b2265223a (i.e. '{"e":' as string)
+1589  */
+1590 function intarystrtohex(s) {
+1591   s = s.replace(/^\s*\[\s*/, '');
+1592   s = s.replace(/\s*\]\s*$/, '');
+1593   s = s.replace(/\s*/g, '');
+1594   try {
+1595     var hex = s.split(/,/).map(function(element, index, array) {
+1596       var i = parseInt(element);
+1597       if (i < 0 || 255 < i) throw "integer not in range 0-255";
+1598       var hI = ("00" + i.toString(16)).slice(-2);
+1599       return hI;
+1600     }).join('');
+1601     return hex;
+1602   } catch(ex) {
+1603     throw "malformed integer array string: " + ex;
+1604   }
+1605 }
+1606 
+1607 /**
+1608  * find index of string where two string differs
+1609  * @name strdiffidx
+1610  * @function
+1611  * @param {String} s1 string to compare
+1612  * @param {String} s2 string to compare
+1613  * @return {Number} string index of where character differs. Return -1 if same.
+1614  * @since jsrsasign 4.9.0 base64x 1.1.5
 1615  * @example
-1616  * oidtohex("2.5.4.6") → "550406"
-1617  */
-1618 function oidtohex(oidString) {
-1619     var itox = function(i) {
-1620         var h = i.toString(16);
-1621         if (h.length == 1) h = '0' + h;
-1622         return h;
-1623     };
-1624 
-1625     var roidtox = function(roid) {
-1626         var h = '';
-1627         var bi = parseInt(roid, 10);
-1628         var b = bi.toString(2);
-1629 
-1630         var padLen = 7 - b.length % 7;
-1631         if (padLen == 7) padLen = 0;
-1632         var bPad = '';
-1633         for (var i = 0; i < padLen; i++) bPad += '0';
-1634         b = bPad + b;
-1635         for (var i = 0; i < b.length - 1; i += 7) {
-1636             var b8 = b.substr(i, 7);
-1637             if (i != b.length - 7) b8 = '1' + b8;
-1638             h += itox(parseInt(b8, 2));
-1639         }
-1640         return h;
-1641     };
-1642     
-1643     try {
-1644 	if (! oidString.match(/^[0-9.]+$/)) return null;
-1645     
-1646 	var h = '';
-1647 	var a = oidString.split('.');
-1648 	var i0 = parseInt(a[0], 10) * 40 + parseInt(a[1], 10);
-1649 	h += itox(i0);
-1650 	a.splice(0, 2);
-1651 	for (var i = 0; i < a.length; i++) {
-1652             h += roidtox(a[i]);
-1653 	}
-1654 	return h;
-1655     } catch(ex) {
-1656 	return null;
-1657     }
-1658 };
-1659 
-1660 /**
-1661  * get oid string from hexadecimal value of object identifier<br/>
-1662  * @name hextooid
-1663  * @function
-1664  * @param {String} h hexadecimal value of object identifier
-1665  * @return {String} dot noted string of object identifier (ex. "1.2.3.4")
-1666  * @since jsrsasign 10.1.0 base64x 1.1.18
-1667  * @see oidtohex
-1668  * @see ASN1HEX.hextooidstr
-1669  * @see KJUR.asn1.ASN1Util.oidIntToHex
-1670  * @description
-1671  * This static method converts from hexadecimal object identifier value 
-1672  * to dot noted OID value (ex. "1.2.3.4").
-1673  * {@link oidtohex} is a reverse function of this.
-1674  * @example
-1675  * hextooid("550406") → "2.5.4.6"
-1676  */
-1677 function hextooid(h) {
-1678     if (! ishex(h)) return null;
-1679     try {
-1680 	var a = [];
-1681 
-1682 	// a[0], a[1]
-1683 	var hex0 = h.substr(0, 2);
-1684 	var i0 = parseInt(hex0, 16);
-1685 	a[0] = new String(Math.floor(i0 / 40));
-1686 	a[1] = new String(i0 % 40);
-1687 
-1688 	// a[2]..a[n]
-1689 	var hex1 = h.substr(2);
-1690 	var b = [];
-1691 	for (var i = 0; i < hex1.length / 2; i++) {
-1692 	    b.push(parseInt(hex1.substr(i * 2, 2), 16));
-1693 	}
-1694 	var c = [];
-1695 	var cbin = "";
-1696 	for (var i = 0; i < b.length; i++) {
-1697             if (b[i] & 0x80) {
-1698 		cbin = cbin + strpad((b[i] & 0x7f).toString(2), 7);
-1699             } else {
-1700 		cbin = cbin + strpad((b[i] & 0x7f).toString(2), 7);
-1701 		c.push(new String(parseInt(cbin, 2)));
-1702 		cbin = "";
-1703             }
-1704 	}
-1705 
-1706 	var s = a.join(".");
-1707 	if (c.length > 0) s = s + "." + c.join(".");
-1708 	return s;
-1709     } catch(ex) {
-1710 	return null;
-1711     }
-1712 };
+1616  * strdiffidx("abcdefg", "abcd4fg") -> 4
+1617  * strdiffidx("abcdefg", "abcdefg") -> -1
+1618  * strdiffidx("abcdefg", "abcdef") -> 6
+1619  * strdiffidx("abcdefgh", "abcdef") -> 6
+1620  */
+1621 var strdiffidx = function(s1, s2) {
+1622     var n = s1.length;
+1623     if (s1.length > s2.length) n = s2.length;
+1624     for (var i = 0; i < n; i++) {
+1625 	if (s1.charCodeAt(i) != s2.charCodeAt(i)) return i;
+1626     }
+1627     if (s1.length != s2.length) return n;
+1628     return -1; // same
+1629 };
+1630 
+1631 // ==== hex / oid =================================
+1632 
+1633 /**
+1634  * get hexadecimal value of object identifier from dot noted oid value
+1635  * @name oidtohex
+1636  * @function
+1637  * @param {String} oidString dot noted string of object identifier
+1638  * @return {String} hexadecimal value of object identifier
+1639  * @since jsrsasign 10.1.0 base64x 1.1.18
+1640  * @see hextooid
+1641  * @see ASN1HEX.hextooidstr
+1642  * @see KJUR.asn1.ASN1Util.oidIntToHex
+1643  * @description
+1644  * This static method converts from object identifier value string.
+1645  * to hexadecimal string representation of it.
+1646  * {@link hextooid} is a reverse function of this.
+1647  * @example
+1648  * oidtohex("2.5.4.6") → "550406"
+1649  */
+1650 function oidtohex(oidString) {
+1651     var itox = function(i) {
+1652         var h = i.toString(16);
+1653         if (h.length == 1) h = '0' + h;
+1654         return h;
+1655     };
+1656 
+1657     var roidtox = function(roid) {
+1658         var h = '';
+1659         var bi = parseInt(roid, 10);
+1660         var b = bi.toString(2);
+1661 
+1662         var padLen = 7 - b.length % 7;
+1663         if (padLen == 7) padLen = 0;
+1664         var bPad = '';
+1665         for (var i = 0; i < padLen; i++) bPad += '0';
+1666         b = bPad + b;
+1667         for (var i = 0; i < b.length - 1; i += 7) {
+1668             var b8 = b.substr(i, 7);
+1669             if (i != b.length - 7) b8 = '1' + b8;
+1670             h += itox(parseInt(b8, 2));
+1671         }
+1672         return h;
+1673     };
+1674     
+1675     try {
+1676 	if (! oidString.match(/^[0-9.]+$/)) return null;
+1677     
+1678 	var h = '';
+1679 	var a = oidString.split('.');
+1680 	var i0 = parseInt(a[0], 10) * 40 + parseInt(a[1], 10);
+1681 	h += itox(i0);
+1682 	a.splice(0, 2);
+1683 	for (var i = 0; i < a.length; i++) {
+1684             h += roidtox(a[i]);
+1685 	}
+1686 	return h;
+1687     } catch(ex) {
+1688 	return null;
+1689     }
+1690 };
+1691 
+1692 /**
+1693  * get oid string from hexadecimal value of object identifier<br/>
+1694  * @name hextooid
+1695  * @function
+1696  * @param {String} h hexadecimal value of object identifier
+1697  * @return {String} dot noted string of object identifier (ex. "1.2.3.4")
+1698  * @since jsrsasign 10.1.0 base64x 1.1.18
+1699  * @see oidtohex
+1700  * @see ASN1HEX.hextooidstr
+1701  * @see KJUR.asn1.ASN1Util.oidIntToHex
+1702  * @description
+1703  * This static method converts from hexadecimal object identifier value 
+1704  * to dot noted OID value (ex. "1.2.3.4").
+1705  * {@link oidtohex} is a reverse function of this.
+1706  * @example
+1707  * hextooid("550406") → "2.5.4.6"
+1708  */
+1709 function hextooid(h) {
+1710     if (! ishex(h)) return null;
+1711     try {
+1712 	var a = [];
 1713 
-1714 /**
-1715  * string padding<br/>
-1716  * @name strpad
-1717  * @function
-1718  * @param {String} s input string
-1719  * @param {Number} len output string length
-1720  * @param {String} padchar padding character (default is "0")
-1721  * @return {String} padded string
-1722  * @since jsrsasign 10.1.0 base64x 1.1.18
-1723  * @example
-1724  * strpad("1234", 10, "0") → "0000001234"
-1725  * strpad("1234", 10, " ") → "      1234"
-1726  * strpad("1234", 10)      → "0000001234"
-1727  */
-1728 var strpad = function(s, len, padchar) {
-1729     if (padchar == undefined) padchar = "0";
-1730     if (s.length >= len) return s;
-1731     return new Array(len - s.length + 1).join(padchar) + s;
-1732 };
-1733 
-1734 // ==== bitstr hex / int =================================
-1735 
-1736 /**
-1737  * convert from hexadecimal string of ASN.1 BitString value with unused bit to integer value<br/>
-1738  * @name bitstrtoint
-1739  * @function
-1740  * @param {String} h hexadecimal string of ASN.1 BitString value with unused bit
-1741  * @return {Number} positive integer value of the BitString
-1742  * @since jsrsasign 10.1.3 base64x 1.1.19
-1743  * @see inttobitstr
-1744  * @see KJUR.asn1.DERBitString
-1745  * @see ASN1HEX.getInt
-1746  * 
-1747  * @description
-1748  * This function converts from hexadecimal string of ASN.1 BitString
-1749  * value with unused bit to its integer value. <br/>
-1750  * When an improper hexadecimal string of BitString value
-1751  * is applied, this returns -1.
-1752  * 
-1753  * @example
-1754  * // "03c8" → 0xc8 unusedbit=03 → 11001000b unusedbit=03 → 11001b → 25
-1755  * bitstrtoint("03c8") → 25
-1756  * // "02fff8" → 0xfff8 unusedbit=02 → 1111111111111000b unusedbit=02
-1757  * //   11111111111110b → 16382
-1758  * bitstrtoint("02fff8") → 16382
-1759  * bitstrtoint("05a0") → 5 (=101b)
-1760  * bitstrtoint("ff00") → -1 // for improper BitString value
-1761  * bitstrtoint("05a0").toString(2) → "101"
-1762  * bitstrtoint("07a080").toString(2) → "101000001"
-1763  */
-1764 function bitstrtoint(h) {
-1765     if (h.length % 2 != 0) return -1; 
-1766     h = h.toLowerCase();
-1767     if (h.match(/^[0-9a-f]+$/) == null) return -1;
-1768     try {
-1769 	var hUnusedbit = h.substr(0, 2);
-1770 	if (hUnusedbit == "00")
-1771 	    return parseInt(h.substr(2), 16);
-1772 	var iUnusedbit = parseInt(hUnusedbit, 16);
-1773 	if (iUnusedbit > 7) return -1;
-1774 	var hValue = h.substr(2);
-1775 	var bValue = parseInt(hValue, 16).toString(2);
-1776 	if (bValue == "0") bValue = "00000000";
-1777 	bValue = bValue.slice(0, 0 - iUnusedbit);
-1778 	var iValue = parseInt(bValue, 2);
-1779 	if (iValue == NaN) return -1;
-1780 	return iValue;
-1781     } catch(ex) {
-1782 	return -1;
-1783     }
-1784 };
-1785 
-1786 /**
-1787  * convert from integer value to hexadecimal string of ASN.1 BitString value with unused bit<br/>
-1788  * @name inttobitstr
-1789  * @function
-1790  * @param {Number} n integer value of ASN.1 BitString
-1791  * @return {String} hexadecimal string of ASN.1 BitString value with unused bit
-1792  * @since jsrsasign 10.1.3 base64x 1.1.19
-1793  * @see bitstrtoint
-1794  * @see KJUR.asn1.DERBitString
-1795  * @see ASN1HEX.getInt
-1796  * 
-1797  * @description
-1798  * This function converts from an integer value to 
-1799  * hexadecimal string of ASN.1 BitString value
-1800  * with unused bit. <br/>
-1801  * When "n" is not non-negative number, this returns null
-1802  * 
-1803  * @example
-1804  * // 25 → 11001b → 11001000b unusedbit=03 → 0xc8 unusedbit=03 → "03c8"
-1805  * inttobitstr(25) → "03c8"
-1806  * inttobitstr(-3) → null
-1807  * inttobitstr("abc") → null
-1808  * inttobitstr(parseInt("11001", 2)) → "03c8"
-1809  * inttobitstr(parseInt("101", 2)) → "05a0"
-1810  * inttobitstr(parseInt("101000001", 2)) → "07a080"
-1811  */
-1812 function inttobitstr(n) {
-1813     if (typeof n != "number") return null;
-1814     if (n < 0) return null;
-1815     var bValue = Number(n).toString(2);
-1816     var iUnusedbit = 8 - bValue.length % 8;
-1817     if (iUnusedbit == 8) iUnusedbit = 0;
-1818     bValue = bValue + strpad("", iUnusedbit, "0");
-1819     var hValue = parseInt(bValue, 2).toString(16);
-1820     if (hValue.length % 2 == 1) hValue = "0" + hValue;
-1821     var hUnusedbit = "0" + iUnusedbit;
-1822     return hUnusedbit + hValue;
-1823 };
-1824 
-1825 // ==== bitstr hex / binary string =======================
-1826 
-1827 /**
-1828  * convert from hexadecimal string of ASN.1 BitString value with unused bit to binary string<br/>
-1829  * @name bitstrtobinstr
-1830  * @function
-1831  * @param {string} h hexadecimal string of ASN.1 BitString value with unused bit
-1832  * @return {string} binary string
-1833  * @since jsrsasign 10.5.4 base64x 1.1.21
-1834  * @see binstrtobitstr
-1835  * @see inttobitstr
-1836  * 
-1837  * @description
-1838  * This function converts from hexadecimal string of ASN.1 BitString
-1839  * value with unused bit to its integer value. <br/>
-1840  * When an improper hexadecimal string of BitString value
-1841  * is applied, this returns null.
-1842  * 
-1843  * @example
-1844  * bitstrtobinstr("05a0") → "101"
-1845  * bitstrtobinstr("0520") → "001"
-1846  * bitstrtobinstr("07a080") → "101000001"
-1847  * bitstrtobinstr(502) → null // non ASN.1 BitString value
-1848  * bitstrtobinstr("ff00") → null // for improper BitString value
-1849  */
-1850 function bitstrtobinstr(h) {
-1851     if (typeof h != "string") return null;
-1852     if (h.length % 2 != 0) return null;
-1853     if (! h.match(/^[0-9a-f]+$/)) return null;
-1854     try {
-1855 	var unusedBits = parseInt(h.substr(0, 2), 16);
-1856 	if (unusedBits < 0 || 7 < unusedBits) return null
-1857 
-1858 	var value = h.substr(2);
-1859 	var bin = "";
-1860 	for (var i = 0; i < value.length; i += 2) {
-1861 	    var hi = value.substr(i, 2);
-1862 	    var bi = parseInt(hi, 16).toString(2);
-1863 	    bi = ("0000000" + bi).slice(-8);
-1864 	    bin += bi;
-1865 	}
-1866 	return  bin.substr(0, bin.length - unusedBits);
-1867     } catch(ex) {
-1868 	return null;
-1869     }
-1870 }
-1871 
-1872 /**
-1873  * convert from binary string to hexadecimal string of ASN.1 BitString value with unused bit<br/>
-1874  * @name binstrtobitstr
-1875  * @function
-1876  * @param {string} s binary string (ex. "101")
-1877  * @return {string} hexadecimal string of ASN.1 BitString value with unused bit
-1878  * @since jsrsasign 10.5.4 base64x 1.1.21
-1879  * @see bitstrtobinstr
-1880  * @see inttobitstr
-1881  * @see KJUR.asn1.DERBitString
-1882  * 
-1883  * @description
-1884  * This function converts from an binary string (ex. "101") to 
-1885  * hexadecimal string of ASN.1 BitString value
-1886  * with unused bit (ex. "05a0"). <br/>
-1887  * When "s" is not binary string, this returns null.
-1888  * 
-1889  * @example
-1890  * binstrtobitstr("101") → "05a0"
-1891  * binstrtobitstr("001") → "0520"
-1892  * binstrtobitstr("11001") → "03c8"
-1893  * binstrtobitstr("101000001") → "07a080"
-1894  * binstrtobitstr(101) → null // not number
-1895  * binstrtobitstr("xyz") → null // not binary string
-1896  */
-1897 function binstrtobitstr(s) {
-1898     if (typeof s != "string") return null;
-1899     if (s.match(/^[01]+$/) == null) return null;
-1900     try {
-1901 	var n = parseInt(s, 2);
-1902 	return inttobitstr(n);
-1903     } catch(ex) {
-1904 	return null;
-1905     }
-1906 }
-1907 
-1908 // =======================================================
-1909 /**
-1910  * convert array of names to bit string<br/>
-1911  * @name namearraytobinstr
-1912  * @function
-1913  * @param {array} namearray array of name string
-1914  * @param {object} namedb associative array of name and value
-1915  * @return {string} binary string (ex. "110001")
-1916  * @since jsrsasign 10.5.21 base64x 1.1.27
-1917  * @see KJUR.asn1.x509.KeyUsage
-1918  * @see KJUR.asn1.tsp.PKIFailureInfo
-1919  * 
-1920  * @description
-1921  * This function converts from an array of names to
-1922  * a binary string. DB value bit will be set.
-1923  * Note that ordering of namearray items
-1924  * will be ignored.
-1925  *
-1926  * @example
-1927  * db = { a: 0, b: 3, c: 8, d: 9, e: 17, f: 19 };
-1928  * namearraytobinstr(['a', 'c', 'd'], db) &rarr: '1000000011'
-1929  * namearraytobinstr(['c', 'b'], db) &rarr: '000100001'
-1930  */
-1931 function namearraytobinstr (namearray, namedb) {
-1932     var d = 0;
-1933     for (var i = 0; i < namearray.length; i++) {
-1934 	d |= 1 << namedb[namearray[i]];
-1935     }
-1936 
-1937     var s = d.toString(2);
-1938     var r = "";
-1939     for (var i = s.length - 1; i >=0; i--) {
-1940 	r += s[i];
-1941     }
-1942     return r;
-1943 }
-1944 
-1945 // =======================================================
-1946 /**
-1947  * set class inheritance<br/>
-1948  * @name extendClass
-1949  * @function
-1950  * @param {Function} subClass sub class to set inheritance
-1951  * @param {Function} superClass super class to inherit
-1952  * @since jsrsasign 10.3.0 base64x 1.1.21
-1953  *
-1954  * @description
-1955  * This function extends a class and set an inheritance
-1956  * for member variables and methods.
+1714 	// a[0], a[1]
+1715 	var hex0 = h.substr(0, 2);
+1716 	var i0 = parseInt(hex0, 16);
+1717 	a[0] = new String(Math.floor(i0 / 40));
+1718 	a[1] = new String(i0 % 40);
+1719 
+1720 	// a[2]..a[n]
+1721 	var hex1 = h.substr(2);
+1722 	var b = [];
+1723 	for (var i = 0; i < hex1.length / 2; i++) {
+1724 	    b.push(parseInt(hex1.substr(i * 2, 2), 16));
+1725 	}
+1726 	var c = [];
+1727 	var cbin = "";
+1728 	for (var i = 0; i < b.length; i++) {
+1729             if (b[i] & 0x80) {
+1730 		cbin = cbin + strpad((b[i] & 0x7f).toString(2), 7);
+1731             } else {
+1732 		cbin = cbin + strpad((b[i] & 0x7f).toString(2), 7);
+1733 		c.push(new String(parseInt(cbin, 2)));
+1734 		cbin = "";
+1735             }
+1736 	}
+1737 
+1738 	var s = a.join(".");
+1739 	if (c.length > 0) s = s + "." + c.join(".");
+1740 	return s;
+1741     } catch(ex) {
+1742 	return null;
+1743     }
+1744 };
+1745 
+1746 /**
+1747  * string padding<br/>
+1748  * @name strpad
+1749  * @function
+1750  * @param {String} s input string
+1751  * @param {Number} len output string length
+1752  * @param {String} padchar padding character (default is "0")
+1753  * @return {String} padded string
+1754  * @since jsrsasign 10.1.0 base64x 1.1.18
+1755  * @example
+1756  * strpad("1234", 10, "0") → "0000001234"
+1757  * strpad("1234", 10, " ") → "      1234"
+1758  * strpad("1234", 10)      → "0000001234"
+1759  */
+1760 var strpad = function(s, len, padchar) {
+1761     if (padchar == undefined) padchar = "0";
+1762     if (s.length >= len) return s;
+1763     return new Array(len - s.length + 1).join(padchar) + s;
+1764 };
+1765 
+1766 // ==== bitstr hex / int =================================
+1767 
+1768 /**
+1769  * convert from hexadecimal string of ASN.1 BitString value with unused bit to integer value<br/>
+1770  * @name bitstrtoint
+1771  * @function
+1772  * @param {String} h hexadecimal string of ASN.1 BitString value with unused bit
+1773  * @return {Number} positive integer value of the BitString
+1774  * @since jsrsasign 10.1.3 base64x 1.1.19
+1775  * @see inttobitstr
+1776  * @see KJUR.asn1.DERBitString
+1777  * @see ASN1HEX.getInt
+1778  * 
+1779  * @description
+1780  * This function converts from hexadecimal string of ASN.1 BitString
+1781  * value with unused bit to its integer value. <br/>
+1782  * When an improper hexadecimal string of BitString value
+1783  * is applied, this returns -1.
+1784  * 
+1785  * @example
+1786  * // "03c8" → 0xc8 unusedbit=03 → 11001000b unusedbit=03 → 11001b → 25
+1787  * bitstrtoint("03c8") → 25
+1788  * // "02fff8" → 0xfff8 unusedbit=02 → 1111111111111000b unusedbit=02
+1789  * //   11111111111110b → 16382
+1790  * bitstrtoint("02fff8") → 16382
+1791  * bitstrtoint("05a0") → 5 (=101b)
+1792  * bitstrtoint("ff00") → -1 // for improper BitString value
+1793  * bitstrtoint("05a0").toString(2) → "101"
+1794  * bitstrtoint("07a080").toString(2) → "101000001"
+1795  */
+1796 function bitstrtoint(h) {
+1797     if (h.length % 2 != 0) return -1; 
+1798     h = h.toLowerCase();
+1799     if (h.match(/^[0-9a-f]+$/) == null) return -1;
+1800     try {
+1801 	var hUnusedbit = h.substr(0, 2);
+1802 	if (hUnusedbit == "00")
+1803 	    return parseInt(h.substr(2), 16);
+1804 	var iUnusedbit = parseInt(hUnusedbit, 16);
+1805 	if (iUnusedbit > 7) return -1;
+1806 	var hValue = h.substr(2);
+1807 	var bValue = parseInt(hValue, 16).toString(2);
+1808 	if (bValue == "0") bValue = "00000000";
+1809 	bValue = bValue.slice(0, 0 - iUnusedbit);
+1810 	var iValue = parseInt(bValue, 2);
+1811 	if (iValue == NaN) return -1;
+1812 	return iValue;
+1813     } catch(ex) {
+1814 	return -1;
+1815     }
+1816 };
+1817 
+1818 /**
+1819  * convert from integer value to hexadecimal string of ASN.1 BitString value with unused bit<br/>
+1820  * @name inttobitstr
+1821  * @function
+1822  * @param {Number} n integer value of ASN.1 BitString
+1823  * @return {String} hexadecimal string of ASN.1 BitString value with unused bit
+1824  * @since jsrsasign 10.1.3 base64x 1.1.19
+1825  * @see bitstrtoint
+1826  * @see KJUR.asn1.DERBitString
+1827  * @see ASN1HEX.getInt
+1828  * 
+1829  * @description
+1830  * This function converts from an integer value to 
+1831  * hexadecimal string of ASN.1 BitString value
+1832  * with unused bit. <br/>
+1833  * When "n" is not non-negative number, this returns null
+1834  * 
+1835  * @example
+1836  * // 25 → 11001b → 11001000b unusedbit=03 → 0xc8 unusedbit=03 → "03c8"
+1837  * inttobitstr(25) → "03c8"
+1838  * inttobitstr(-3) → null
+1839  * inttobitstr("abc") → null
+1840  * inttobitstr(parseInt("11001", 2)) → "03c8"
+1841  * inttobitstr(parseInt("101", 2)) → "05a0"
+1842  * inttobitstr(parseInt("101000001", 2)) → "07a080"
+1843  */
+1844 function inttobitstr(n) {
+1845     if (typeof n != "number") return null;
+1846     if (n < 0) return null;
+1847     var bValue = Number(n).toString(2);
+1848     var iUnusedbit = 8 - bValue.length % 8;
+1849     if (iUnusedbit == 8) iUnusedbit = 0;
+1850     bValue = bValue + strpad("", iUnusedbit, "0");
+1851     var hValue = parseInt(bValue, 2).toString(16);
+1852     if (hValue.length % 2 == 1) hValue = "0" + hValue;
+1853     var hUnusedbit = "0" + iUnusedbit;
+1854     return hUnusedbit + hValue;
+1855 };
+1856 
+1857 // ==== bitstr hex / binary string =======================
+1858 
+1859 /**
+1860  * convert from hexadecimal string of ASN.1 BitString value with unused bit to binary string<br/>
+1861  * @name bitstrtobinstr
+1862  * @function
+1863  * @param {string} h hexadecimal string of ASN.1 BitString value with unused bit
+1864  * @return {string} binary string
+1865  * @since jsrsasign 10.5.4 base64x 1.1.21
+1866  * @see binstrtobitstr
+1867  * @see inttobitstr
+1868  * 
+1869  * @description
+1870  * This function converts from hexadecimal string of ASN.1 BitString
+1871  * value with unused bit to its integer value. <br/>
+1872  * When an improper hexadecimal string of BitString value
+1873  * is applied, this returns null.
+1874  * 
+1875  * @example
+1876  * bitstrtobinstr("05a0") → "101"
+1877  * bitstrtobinstr("0520") → "001"
+1878  * bitstrtobinstr("07a080") → "101000001"
+1879  * bitstrtobinstr(502) → null // non ASN.1 BitString value
+1880  * bitstrtobinstr("ff00") → null // for improper BitString value
+1881  */
+1882 function bitstrtobinstr(h) {
+1883     if (typeof h != "string") return null;
+1884     if (h.length % 2 != 0) return null;
+1885     if (! h.match(/^[0-9a-f]+$/)) return null;
+1886     try {
+1887 	var unusedBits = parseInt(h.substr(0, 2), 16);
+1888 	if (unusedBits < 0 || 7 < unusedBits) return null
+1889 
+1890 	var value = h.substr(2);
+1891 	var bin = "";
+1892 	for (var i = 0; i < value.length; i += 2) {
+1893 	    var hi = value.substr(i, 2);
+1894 	    var bi = parseInt(hi, 16).toString(2);
+1895 	    bi = ("0000000" + bi).slice(-8);
+1896 	    bin += bi;
+1897 	}
+1898 	return  bin.substr(0, bin.length - unusedBits);
+1899     } catch(ex) {
+1900 	return null;
+1901     }
+1902 }
+1903 
+1904 /**
+1905  * convert from binary string to hexadecimal string of ASN.1 BitString value with unused bit<br/>
+1906  * @name binstrtobitstr
+1907  * @function
+1908  * @param {string} s binary string (ex. "101")
+1909  * @return {string} hexadecimal string of ASN.1 BitString value with unused bit
+1910  * @since jsrsasign 10.5.4 base64x 1.1.21
+1911  * @see bitstrtobinstr
+1912  * @see inttobitstr
+1913  * @see KJUR.asn1.DERBitString
+1914  * 
+1915  * @description
+1916  * This function converts from an binary string (ex. "101") to 
+1917  * hexadecimal string of ASN.1 BitString value
+1918  * with unused bit (ex. "05a0"). <br/>
+1919  * When "s" is not binary string, this returns null.
+1920  * 
+1921  * @example
+1922  * binstrtobitstr("101") → "05a0"
+1923  * binstrtobitstr("001") → "0520"
+1924  * binstrtobitstr("11001") → "03c8"
+1925  * binstrtobitstr("101000001") → "07a080"
+1926  * binstrtobitstr(101) → null // not number
+1927  * binstrtobitstr("xyz") → null // not binary string
+1928  */
+1929 function binstrtobitstr(s) {
+1930     if (typeof s != "string") return null;
+1931     if (s.match(/^[01]+$/) == null) return null;
+1932     try {
+1933 	var n = parseInt(s, 2);
+1934 	return inttobitstr(n);
+1935     } catch(ex) {
+1936 	return null;
+1937     }
+1938 }
+1939 
+1940 // =======================================================
+1941 /**
+1942  * convert array of names to bit string<br/>
+1943  * @name namearraytobinstr
+1944  * @function
+1945  * @param {array} namearray array of name string
+1946  * @param {object} namedb associative array of name and value
+1947  * @return {string} binary string (ex. "110001")
+1948  * @since jsrsasign 10.5.21 base64x 1.1.27
+1949  * @see KJUR.asn1.x509.KeyUsage
+1950  * @see KJUR.asn1.tsp.PKIFailureInfo
+1951  * 
+1952  * @description
+1953  * This function converts from an array of names to
+1954  * a binary string. DB value bit will be set.
+1955  * Note that ordering of namearray items
+1956  * will be ignored.
 1957  *
 1958  * @example
-1959  * var Animal = function() {
-1960  *   this.hello = function(){console.log("Hello")};
-1961  *   this.name="Ani";
-1962  * };
-1963  * var Dog = function() {
-1964  *   Dog.superclass.constructor.call(this);
-1965  *   this.vow = function(){console.log("Vow wow")};
-1966  *   this.tail=true;
-1967  * };
-1968  * extendClass(Dog, Animal);
-1969  */
-1970 function extendClass(subClass, superClass) {
-1971     var F = function() {};
-1972     F.prototype = superClass.prototype;
-1973     subClass.prototype = new F();
-1974     subClass.prototype.constructor = subClass;
-1975     subClass.superclass = superClass.prototype;
-1976      
-1977     if (superClass.prototype.constructor == Object.prototype.constructor) {
-1978         superClass.prototype.constructor = superClass;
-1979     }
-1980 };
-1981 
-1982 

\ No newline at end of file
+1959  * db = { a: 0, b: 3, c: 8, d: 9, e: 17, f: 19 };
+1960  * namearraytobinstr(['a', 'c', 'd'], db) &rarr: '1000000011'
+1961  * namearraytobinstr(['c', 'b'], db) &rarr: '000100001'
+1962  */
+1963 function namearraytobinstr (namearray, namedb) {
+1964     var d = 0;
+1965     for (var i = 0; i < namearray.length; i++) {
+1966 	d |= 1 << namedb[namearray[i]];
+1967     }
+1968 
+1969     var s = d.toString(2);
+1970     var r = "";
+1971     for (var i = s.length - 1; i >=0; i--) {
+1972 	r += s[i];
+1973     }
+1974     return r;
+1975 }
+1976 
+1977 /**
+1978  * get value of array by key name list<br/>
+1979  * @function
+1980  * @param {object} val array of associative array
+1981  * @param {string} keys concatinated key list with dot (ex. 'type.name.0.info')
+1982  * @param {object} def default value if value is not found (OPTIONAL)
+1983  * @return {object} value if found otherwise returns def
+1984  * @since jsrsasign 10.8.0 base64x 1.1.32
+1985  *
+1986  * @description
+1987  * This function returns the value of an array or associative array 
+1988  * which referred by a concatinated key list string.
+1989  * If a value for key is not defined, it returns 'undefined' by default.
+1990  * When an optional argument 'def' is specified and a value for key is
+1991  * not defined, it returns a value of 'def'.
+1992  * 
+1993  * @example
+1994  * let p = {
+1995  *   fruit: apple,
+1996  *   info: [
+1997  *     { toy: 4 },
+1998  *     { pen: 6 }
+1999  *   ]
+2000  * };
+2001  * aryval(p, 'fruit') &rarr "apple"
+2002  * aryval(p, 'info') &rarr [{toy: 4},{pen: 6}]
+2003  * aryval(p, 'info.1') &rarr {pen: 6}
+2004  * aryval(p, 'info.1.pen') &rarr 6
+2005  * aryval(p, 'money.amount') &rarr undefined
+2006  * aryval(p, 'money.amount', null) &rarr null
+2007  */
+2008 function aryval(val, keys, def) {
+2009     if (typeof val != "object") return undefined
+2010     var keys = String(keys).split('.');
+2011     for (var i = 0; i < keys.length && val; i++) {
+2012 	var key = keys[i];
+2013 	if (key.match(/^[0-9]+$/)) key = parseInt(key);
+2014         val = val[key];
+2015     }
+2016     return val || val === false ? val : def;
+2017 }
+2018 
+2019 
+2020 // =======================================================
+2021 /**
+2022  * set class inheritance<br/>
+2023  * @name extendClass
+2024  * @function
+2025  * @param {Function} subClass sub class to set inheritance
+2026  * @param {Function} superClass super class to inherit
+2027  * @since jsrsasign 10.3.0 base64x 1.1.21
+2028  *
+2029  * @description
+2030  * This function extends a class and set an inheritance
+2031  * for member variables and methods.
+2032  *
+2033  * @example
+2034  * var Animal = function() {
+2035  *   this.hello = function(){console.log("Hello")};
+2036  *   this.name="Ani";
+2037  * };
+2038  * var Dog = function() {
+2039  *   Dog.superclass.constructor.call(this);
+2040  *   this.vow = function(){console.log("Vow wow")};
+2041  *   this.tail=true;
+2042  * };
+2043  * extendClass(Dog, Animal);
+2044  */
+2045 function extendClass(subClass, superClass) {
+2046     var F = function() {};
+2047     F.prototype = superClass.prototype;
+2048     subClass.prototype = new F();
+2049     subClass.prototype.constructor = subClass;
+2050     subClass.superclass = superClass.prototype;
+2051      
+2052     if (superClass.prototype.constructor == Object.prototype.constructor) {
+2053         superClass.prototype.constructor = superClass;
+2054     }
+2055 };
+2056 
+2057
\ No newline at end of file diff --git a/api/symbols/src/x509-1.1.js.html b/api/symbols/src/x509-1.1.js.html index ca68a0f5..3665f43c 100644 --- a/api/symbols/src/x509-1.1.js.html +++ b/api/symbols/src/x509-1.1.js.html @@ -5,12 +5,12 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} - 
  1 /* x509-2.1.2.js (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license
+	
  1 /* x509-2.1.3.js (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license
   2  */
   3 /*
   4  * x509.js - X509 class to read subject public key from certificate.
   5  *
-  6  * Copyright (c) 2010-2022 Kenji Urushima (kenji.urushima@gmail.com)
+  6  * Copyright (c) 2010-2023 Kenji Urushima (kenji.urushima@gmail.com)
   7  *
   8  * This software is licensed under the terms of the MIT License.
   9  * https://kjur.github.io/jsrsasign/license
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name x509-1.1.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version jsrsasign 10.7.0 x509 2.1.2 (2023-Mar-11)
+ 19  * @version jsrsasign 10.8.0 x509 2.1.3 (2023-Apr-08)
  20  * @since jsrsasign 1.x.x
  21  * @license <a href="https://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -2011,1765 +2011,1865 @@
 2004      * @see X509#getExtCertificatePolicies
 2005      * @see X509#getPolicyInformation
 2006      * @see X509#getPolicyQualifierInfo
-2007      * @description
-2008      * This method will get 
-2009      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
-2010      * UserNotice</a> parameters.
-2011      * <pre>
-2012      * UserNotice ::= SEQUENCE {
-2013      *      noticeRef        NoticeReference OPTIONAL,
-2014      *      explicitText     DisplayText OPTIONAL }
-2015      * </pre>
-2016      * Result of this method can be passed to 
-2017      * {@link KJUR.asn1.x509.NoticeReference} constructor.
-2018      * <br/>
-2019      * NOTE: NoticeReference parsing is currently not supported and
-2020      * it will be ignored.
-2021      * @example
-2022      * x = new X509();
-2023      * x.getUserNotice("30...") → {exptext: {type: 'utf8', str: 'aaa'}}
-2024      */
-2025     this.getUserNotice = function(h) {
-2026 	var result = {};
-2027 	var a = _getChildIdx(h, 0);
-2028 	for (var i = 0; i < a.length; i++) {
-2029 	    var hItem = _getTLV(h, a[i]);
-2030 	    if (hItem.substr(0, 2) != "30") {
-2031 		result.exptext = this.getDisplayText(hItem);
-2032 	    }
-2033 	}
-2034 	return result;
-2035     };
-2036 
-2037     /**
-2038      * get DisplayText ASN.1 structure parameter as JSON object
-2039      * @name getDisplayText
-2040      * @memberOf X509#
-2041      * @function
-2042      * @param {String} h hexadecimal string of DisplayText
-2043      * @return {Object} JSON object of DisplayText parameters
-2044      * @since jsrsasign 9.0.0 x509 2.0.0
-2045      * @see X509#getExtCertificatePolicies
-2046      * @see X509#getPolicyInformation
-2047      * @description
-2048      * This method will get 
-2049      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
-2050      * DisplayText</a> parameters.
-2051      * <pre>
-2052      * DisplayText ::= CHOICE {
-2053      *      ia5String        IA5String      (SIZE (1..200)),
-2054      *      visibleString    VisibleString  (SIZE (1..200)),
-2055      *      bmpString        BMPString      (SIZE (1..200)),
-2056      *      utf8String       UTF8String     (SIZE (1..200)) }     
-2057      * </pre>
-2058      * Result of this method can be passed to 
-2059      * {@link KJUR.asn1.x509.DisplayText} constructor.
-2060      * @example
-2061      * x = new X509();
-2062      * x.getDisplayText("0c03616161") &rarr {type: 'utf8', str: 'aaa'}
-2063      * x.getDisplayText("1e03616161") &rarr {type: 'bmp',  str: 'aaa'}
-2064      */
-2065     this.getDisplayText = function(h) {
-2066 	var _DISPLAYTEXTTAG = {"0c": "utf8", "16": "ia5", "1a": "vis" , "1e": "bmp"};
-2067 	var result = {};
-2068 	result.type = _DISPLAYTEXTTAG[h.substr(0, 2)];
-2069 	result.str = hextorstr(_getV(h, 0));
-2070 	return result;
-2071     };
-2072 
-2073     /**
-2074      * get PolicyMappings extension value as JSON object<br/>
-2075      * @name getExtPolicyMappings
-2076      * @memberOf X509#
-2077      * @function
-2078      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
-2079      * @param {Boolean} critical flag (OPTIONAL)
-2080      * @return {Object} JSON object of PolicyMappings parameters or undefined
-2081      * @since jsrsasign 10.6.1 x509 2.1.1
-2082      * @see KJUR.asn1.x509.PolicyMappings
-2083      *
-2084      * @description
-2085      * This method will get certificate policies value
-2086      * as an array of JSON object which has properties defined
-2087      * in {@link KJUR.asn1.x509.PolicyMappings}.
-2088      * Result of this method can be passed to 
-2089      * {@link KJUR.asn1.x509.PolicyMappings} constructor.
-2090      * If there is no this extension in the certificate,
-2091      * it returns undefined.
-2092      * <br>
-2093      * When hExtV and critical specified as arguments, return value
-2094      * will be generated from them.
-2095      * @example
-2096      * x = new X509(sCertPEM);
-2097      * x.getExtPolicyMappings() → 
-2098      * { extname: "policyMappings",
-2099      *   critical: true,
-2100      *   array: [["1.2.3", "1.4.5"],["0.1.2", "anyPolicy"]]}
-2101      */
-2102     this.getExtPolicyMappings = function(hExtV, critical) {
-2103 	var aExtVCritical = this.getCriticalExtV("policyMappings", hExtV, critical);
-2104 	hExtV = aExtVCritical[0];
-2105 	critical = aExtVCritical[1];
-2106 	if (hExtV == null) return undefined;
-2107 	var result = {extname: "policyMappings"};
-2108 	if (critical) result.critical = true;
-2109 
-2110 	try {
-2111 	    var p = _ASN1HEX_parse(hExtV);
-2112 	    //result._asn1 = p;
-2113 	    var aPair = p.seq;
-2114 	    var a = [];
-2115 	    for (var i = 0; i < aPair.length; i++) {
-2116 		var aOid = aPair[i].seq;
-2117 		a.push([aOid[0].oid, aOid[1].oid]);
-2118 	    }
-2119 	    result.array = a;
-2120 	} catch(ex) {
-2121 	    throw new _Error("malformed policyMappings");
-2122 	}
-2123 
-2124 	return result;
-2125     };
-2126 
-2127     /**
-2128      * get PolicyConstraints extension value as JSON object<br/>
-2129      * @name getExtPolicyConstraints
-2130      * @memberOf X509#
-2131      * @function
-2132      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
-2133      * @param {Boolean} critical flag (OPTIONAL)
-2134      * @return {Object} JSON object of PolicyConstraints parameters or undefined
-2135      * @since jsrsasign 10.6.1 x509 2.1.1
-2136      * @see KJUR.asn1.x509.PolicyConstraints
-2137      *
-2138      * @description
-2139      * This method will get certificate policies value
-2140      * as an array of JSON object which has properties defined
-2141      * in {@link KJUR.asn1.x509.PolicyConstraints}.
-2142      * Result of this method can be passed to 
-2143      * {@link KJUR.asn1.x509.PolicyConstraints} constructor.
-2144      * If there is no this extension in the certificate,
-2145      * it returns undefined.
-2146      * <br>
-2147      * When hExtV and critical specified as arguments, return value
-2148      * will be generated from them.
-2149      * @example
-2150      * x = new X509(sCertPEM);
-2151      * x.getExtPolicyConstraints() → 
-2152      * { extname: "policyConstraints",
-2153      *   critical: true,
-2154      *   reqexp: 3,
-2155      *   inhibit: 3 }
-2156      */
-2157     this.getExtPolicyConstraints = function(hExtV, critical) {
-2158 	var aExtVCritical = this.getCriticalExtV("policyConstraints", hExtV, critical);
-2159 	hExtV = aExtVCritical[0];
-2160 	critical = aExtVCritical[1];
-2161 	if (hExtV == null) return undefined;
-2162 	var result = {extname: "policyConstraints"};
-2163 	if (critical) result.critical = true;
-2164 
-2165 	var p = _ASN1HEX_parse(hExtV);
-2166 	try {
-2167 	    var aItem = p.seq;
-2168 	    for (var i = 0; i < aItem.length; i++) {
-2169 		var pTag = aItem[i].tag;
-2170 		if (pTag.explicit != false) continue;
-2171 		if (pTag.tag == "80") result.reqexp = parseInt(pTag.hex, 16);
-2172 		if (pTag.tag == "81") result.inhibit = parseInt(pTag.hex, 16);
-2173 	    }
-2174 	} catch(ex) {
-2175 	    return new _Error("malformed policyConstraints value");
-2176 	}
-2177 	return result;
-2178     };
-2179 
-2180     /**
-2181      * get InhibitAnyPolicy extension value as JSON object<br/>
-2182      * @name getExtInhibitAnyPolicy
-2183      * @memberOf X509#
-2184      * @function
-2185      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
-2186      * @param {Boolean} critical flag (OPTIONAL)
-2187      * @return {Object} JSON object of InhibitAnyPolicy parameters or undefined
-2188      * @since jsrsasign 10.6.1 x509 2.1.1
-2189      * @see KJUR.asn1.x509.InhibitAnyPolicy
-2190      *
-2191      * @description
-2192      * This method will get certificate policies value
-2193      * as an array of JSON object which has properties defined
-2194      * in {@link KJUR.asn1.x509.InhibitAnyPolicy}.
-2195      * Result of this method can be passed to 
-2196      * {@link KJUR.asn1.x509.InhibitAnyPolicy} constructor.
-2197      * If there is no this extension in the certificate,
-2198      * it returns undefined.
-2199      * <br>
-2200      * When hExtV and critical specified as arguments, return value
-2201      * will be generated from them.
-2202      * @example
-2203      * x = new X509(sCertPEM);
-2204      * x.getExtInhibitAnyPolicy() → 
-2205      * { extname: "policyConstraints",
-2206      *   critical: true,
-2207      *   skip: 3 }
-2208      *
-2209      * x.getExtInhibitAnyPolicy("020103", true) → same as above
-2210      */
-2211     this.getExtInhibitAnyPolicy = function(hExtV, critical) {
-2212 	var aExtVCritical = this.getCriticalExtV("inhibitAnyPolicy", hExtV, critical);
-2213 	hExtV = aExtVCritical[0];
-2214 	critical = aExtVCritical[1];
-2215 	if (hExtV == null) return undefined;
-2216 	var result = {extname: "inhibitAnyPolicy"};
-2217 	if (critical) result.critical = true;
-2218 
-2219 	var skip = _getInt(hExtV, 0);
-2220 	if (skip == -1) return new _Error("wrong value");
-2221 	result.skip = skip;
-2222 	return result;
-2223     };
-2224 
-2225     /**
-2226      * parse cRLNumber CRL extension as JSON object<br/>
-2227      * @name getExtCRLNumber
-2228      * @memberOf X509#
-2229      * @function
-2230      * @param {String} hExtV hexadecimal string of extension value
-2231      * @param {Boolean} critical flag
-2232      * @since jsrsasign 9.1.1 x509 2.0.1
-2233      * @see KJUR.asn1.x509.CRLNumber
-2234      * @see X509#getExtParamArray
-2235      * @description
-2236      * This method parses
-2237      * CRLNumber CRL extension value defined in
-2238      * <a href="https://tools.ietf.org/html/rfc5280#section-5.2.3">
-2239      * RFC 5280 5.2.3</a> as JSON object.
-2240      * <pre>
-2241      * id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
-2242      * CRLNumber ::= INTEGER (0..MAX)
-2243      * </pre>
-2244      * <br/>
-2245      * Result of this method can be passed to 
-2246      * {@link KJUR.asn1.x509.CRLNumber} constructor.
-2247      * @example
-2248      * crl = X509CRL("-----BEGIN X509 CRL...");
-2249      * ... get hExtV and critical flag ...
-2250      * crl.getExtCRLNumber("02...", false) →
-2251      * {extname: "cRLNumber", num: {hex: "12af"}}
-2252      */
-2253     this.getExtCRLNumber = function(hExtV, critical) {
-2254 	var result = {extname:"cRLNumber"};
-2255 	if (critical) result.critical = true;
-2256 
-2257 	if (hExtV.substr(0, 2) == "02") {
-2258 	    result.num = {hex: _getV(hExtV, 0)};
-2259 	    return result;
-2260 	}
-2261 	throw new _Error("hExtV parse error: " + hExtV);
-2262     };
-2263 
-2264     /**
-2265      * parse cRLReason CRL entry extension as JSON object<br/>
-2266      * @name getExtCRLReason
-2267      * @memberOf X509#
-2268      * @function
-2269      * @param {String} hExtV hexadecimal string of extension value
-2270      * @param {Boolean} critical flag
-2271      * @since jsrsasign 9.1.1 x509 2.0.1
-2272      * @see KJUR.asn1.x509.CRLReason
-2273      * @see X509#getExtParamArray
-2274      * @description
-2275      * This method parses
-2276      * CRLReason CRL entry extension value defined in
-2277      * <a href="https://tools.ietf.org/html/rfc5280#section-5.3.1">
-2278      * RFC 5280 5.3.1</a> as JSON object.
-2279      * <pre>
-2280      * id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
-2281      * -- reasonCode ::= { CRLReason }
-2282      * CRLReason ::= ENUMERATED {
-2283      *      unspecified             (0),
-2284      *      keyCompromise           (1),
-2285      *      cACompromise            (2),
-2286      *      affiliationChanged      (3),
-2287      *      superseded              (4),
-2288      *      cessationOfOperation    (5),
-2289      *      certificateHold         (6),
-2290      *      removeFromCRL           (8),
-2291      *      privilegeWithdrawn      (9),
-2292      *      aACompromise           (10) }
-2293      * </pre>
-2294      * <br/>
+2007      * @see KJUR.asn1.x509.UserNotice
+2008      *
+2009      * @description
+2010      * This method will get 
+2011      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
+2012      * UserNotice</a> parameters.
+2013      * <pre>
+2014      * UserNotice ::= SEQUENCE {
+2015      *      noticeRef        NoticeReference OPTIONAL,
+2016      *      explicitText     DisplayText OPTIONAL }
+2017      * NoticeReference ::= SEQUENCE {
+2018      *      organization     DisplayText,
+2019      *      noticeNumbers    SEQUENCE OF INTEGER }
+2020      * </pre>
+2021      * Result of this method can be passed to 
+2022      * {@link KJUR.asn1.x509.UserNotice} constructor.
+2023      * <br/>
+2024      * NOTE: NoticeReference supported from jsrsasign 10.8.0.
+2025      *
+2026      * @example
+2027      * x = new X509();
+2028      * x.getUserNotice("30...") → { 
+2029      *   noticeref: {
+2030      *     org: {type: 'utf8', str: 'test org'},
+2031      *     noticenum: [1]
+2032      *   },
+2033      *   exptext: {type: 'utf8', str: 'test text'}
+2034      * }
+2035      */
+2036     this.getUserNotice = function(h) {
+2037 	var pASN1 = null;
+2038 	var result = {};
+2039 	try { 
+2040 	    pASN1 = _ASN1HEX.parse(h);
+2041 	    var pUnotice = this._asn1ToUnotice(pASN1);
+2042 	    return pUnotice;
+2043 	} catch(ex) {
+2044 	    return undefined;
+2045 	}
+2046     };
+2047 
+2048     this._asn1ToUnotice = function(p) {
+2049 	try {
+2050 	    var result = {};
+2051 	    var a = aryval(p, "seq");
+2052 	    for (var i = 0; i < a.length; i++) {
+2053 		var pNoticeRef = this._asn1ToNoticeRef(a[i]);
+2054 		if (pNoticeRef != undefined) result.noticeref = pNoticeRef;
+2055 		var pExpText = this.asn1ToDisplayText(a[i]);
+2056 		if (pExpText != undefined) result.exptext = pExpText;
+2057 	    }
+2058 	    if (Object.keys(result).length > 0) return result;
+2059 	    return undefined;
+2060 	} catch(ex) {
+2061 	    return undefined;
+2062 	}
+2063     }
+2064 
+2065     this._asn1ToNoticeRef = function(p) {
+2066 	try {
+2067 	    var result = {};
+2068 	    var a = aryval(p, "seq");
+2069 	    for (var i = 0; i < a.length; i++) {
+2070 		var pNoticeNum = this._asn1ToNoticeNum(a[i]);
+2071 		if (pNoticeNum != undefined) result.noticenum = pNoticeNum;
+2072 		var pOrg = this.asn1ToDisplayText(a[i]);
+2073 		if (pOrg != undefined) result.org = pOrg;
+2074 	    }
+2075 	    if (Object.keys(result).length > 0) return result;
+2076 	    return undefined;
+2077 	} catch(ex) {
+2078 	    return undefined;
+2079 	}
+2080     }
+2081 
+2082     this._asn1ToNoticeNum = function(p) {
+2083 	try {
+2084 	    var a = aryval(p, "seq");
+2085 	    var result = [];
+2086 	    for (var i = 0; i < a.length; i++) {
+2087 		var item = a[i];
+2088 		result.push(parseInt(aryval(item, "int.hex"), 16));
+2089 	    }
+2090 	    return result;
+2091 	} catch(ex) {
+2092 	    return undefined;
+2093 	}
+2094     }
+2095 
+2096     /**
+2097      * get DisplayText ASN.1 structure parameter as JSON object
+2098      * @name getDisplayText
+2099      * @memberOf X509#
+2100      * @function
+2101      * @param {String} h hexadecimal string of DisplayText
+2102      * @return {Object} JSON object of DisplayText parameters
+2103      * @since jsrsasign 9.0.0 x509 2.0.0
+2104      * @see X509#getExtCertificatePolicies
+2105      * @see X509#getPolicyInformation
+2106      * @description
+2107      * This method will get 
+2108      * <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
+2109      * DisplayText</a> parameters.
+2110      * <pre>
+2111      * DisplayText ::= CHOICE {
+2112      *      ia5String        IA5String      (SIZE (1..200)),
+2113      *      visibleString    VisibleString  (SIZE (1..200)),
+2114      *      bmpString        BMPString      (SIZE (1..200)),
+2115      *      utf8String       UTF8String     (SIZE (1..200)) }     
+2116      * </pre>
+2117      * Result of this method can be passed to 
+2118      * {@link KJUR.asn1.x509.DisplayText} constructor.
+2119      * @example
+2120      * x = new X509();
+2121      * x.getDisplayText("0c03616161") &rarr {type: 'utf8', str: 'aaa'}
+2122      * x.getDisplayText("1e03616161") &rarr {type: 'bmp',  str: 'aaa'}
+2123      */
+2124     this.getDisplayText = function(h) {
+2125 	var _DISPLAYTEXTTAG = {"0c": "utf8", "16": "ia5", "1a": "vis" , "1e": "bmp"};
+2126 	var result = {};
+2127 	result.type = _DISPLAYTEXTTAG[h.substr(0, 2)];
+2128 	result.str = hextorstr(_getV(h, 0));
+2129 	return result;
+2130     };
+2131 
+2132     /**
+2133      * convert ASN1Object parameter to DisplayText parameter
+2134      * @name asn1ToDisplayText
+2135      * @memberOf X509#
+2136      * @function
+2137      * @param {Object} pASN1 ASN1Object paramter for DisplayText
+2138      * @return {Object} DisplayText paramter
+2139      * @since jsrsasign 10.8.0 x509 2.1.3
+2140      * @see X509#getDisplayText
+2141      * @see KJUR.asn1.x509.DisplayText
+2142      * @see KJUR.asn1.ASN1Util#newObject
+2143      *
+2144      * @description
+2145      * This method converts from {@link KJUR.asn1.ASN1Util#newObject} paramter to
+2146      * {@link KJUR.asn1.x509.DisplayText} paramter
+2147      * for <a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.4">
+2148      * DisplayText</a> ASN.1 structure.
+2149      * <pre>
+2150      * DisplayText ::= CHOICE {
+2151      *      ia5String        IA5String      (SIZE (1..200)),
+2152      *      visibleString    VisibleString  (SIZE (1..200)),
+2153      *      bmpString        BMPString      (SIZE (1..200)),
+2154      *      utf8String       UTF8String     (SIZE (1..200)) }     
+2155      * </pre>
+2156      * Result of this method can be passed to 
+2157      * {@link KJUR.asn1.x509.DisplayText} constructor.
+2158      *
+2159      * @example
+2160      * x = new X509();
+2161      * x.asn1ToDisplayText({utf8str: {str: "aaa"}}) &rarr {type: 'utf8', str: 'aaa'}
+2162      * x.asn1ToDisplayText({bmpstr: {str: "aaa"}}) &rarr {type: 'bmp',  str: 'aaa'}
+2163      */
+2164     this.asn1ToDisplayText = function(pASN1) {
+2165 	if (pASN1.utf8str != undefined) return { type: "utf8", str: pASN1.utf8str.str };
+2166 	if (pASN1.ia5str != undefined)  return { type: "ia5", str: pASN1.ia5str.str };
+2167 	if (pASN1.visstr != undefined)  return { type: "vis", str: pASN1.visstr.str };
+2168 	if (pASN1.bmpstr != undefined)  return { type: "bmp", str: pASN1.bmpstr.str };
+2169 	if (pASN1.prnstr != undefined)  return { type: "prn", str: pASN1.prnstr.str };
+2170 	return undefined;
+2171     }
+2172 
+2173     /**
+2174      * get PolicyMappings extension value as JSON object<br/>
+2175      * @name getExtPolicyMappings
+2176      * @memberOf X509#
+2177      * @function
+2178      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
+2179      * @param {Boolean} critical flag (OPTIONAL)
+2180      * @return {Object} JSON object of PolicyMappings parameters or undefined
+2181      * @since jsrsasign 10.6.1 x509 2.1.1
+2182      * @see KJUR.asn1.x509.PolicyMappings
+2183      *
+2184      * @description
+2185      * This method will get certificate policies value
+2186      * as an array of JSON object which has properties defined
+2187      * in {@link KJUR.asn1.x509.PolicyMappings}.
+2188      * Result of this method can be passed to 
+2189      * {@link KJUR.asn1.x509.PolicyMappings} constructor.
+2190      * If there is no this extension in the certificate,
+2191      * it returns undefined.
+2192      * <br>
+2193      * When hExtV and critical specified as arguments, return value
+2194      * will be generated from them.
+2195      * @example
+2196      * x = new X509(sCertPEM);
+2197      * x.getExtPolicyMappings() → 
+2198      * { extname: "policyMappings",
+2199      *   critical: true,
+2200      *   array: [["1.2.3", "1.4.5"],["0.1.2", "anyPolicy"]]}
+2201      */
+2202     this.getExtPolicyMappings = function(hExtV, critical) {
+2203 	var aExtVCritical = this.getCriticalExtV("policyMappings", hExtV, critical);
+2204 	hExtV = aExtVCritical[0];
+2205 	critical = aExtVCritical[1];
+2206 	if (hExtV == null) return undefined;
+2207 	var result = {extname: "policyMappings"};
+2208 	if (critical) result.critical = true;
+2209 
+2210 	try {
+2211 	    var p = _ASN1HEX_parse(hExtV);
+2212 	    //result._asn1 = p;
+2213 	    var aPair = p.seq;
+2214 	    var a = [];
+2215 	    for (var i = 0; i < aPair.length; i++) {
+2216 		var aOid = aPair[i].seq;
+2217 		a.push([aOid[0].oid, aOid[1].oid]);
+2218 	    }
+2219 	    result.array = a;
+2220 	} catch(ex) {
+2221 	    throw new _Error("malformed policyMappings");
+2222 	}
+2223 
+2224 	return result;
+2225     };
+2226 
+2227     /**
+2228      * get PolicyConstraints extension value as JSON object<br/>
+2229      * @name getExtPolicyConstraints
+2230      * @memberOf X509#
+2231      * @function
+2232      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
+2233      * @param {Boolean} critical flag (OPTIONAL)
+2234      * @return {Object} JSON object of PolicyConstraints parameters or undefined
+2235      * @since jsrsasign 10.6.1 x509 2.1.1
+2236      * @see KJUR.asn1.x509.PolicyConstraints
+2237      *
+2238      * @description
+2239      * This method will get certificate policies value
+2240      * as an array of JSON object which has properties defined
+2241      * in {@link KJUR.asn1.x509.PolicyConstraints}.
+2242      * Result of this method can be passed to 
+2243      * {@link KJUR.asn1.x509.PolicyConstraints} constructor.
+2244      * If there is no this extension in the certificate,
+2245      * it returns undefined.
+2246      * <br>
+2247      * When hExtV and critical specified as arguments, return value
+2248      * will be generated from them.
+2249      * @example
+2250      * x = new X509(sCertPEM);
+2251      * x.getExtPolicyConstraints() → 
+2252      * { extname: "policyConstraints",
+2253      *   critical: true,
+2254      *   reqexp: 3,
+2255      *   inhibit: 3 }
+2256      */
+2257     this.getExtPolicyConstraints = function(hExtV, critical) {
+2258 	var aExtVCritical = this.getCriticalExtV("policyConstraints", hExtV, critical);
+2259 	hExtV = aExtVCritical[0];
+2260 	critical = aExtVCritical[1];
+2261 	if (hExtV == null) return undefined;
+2262 	var result = {extname: "policyConstraints"};
+2263 	if (critical) result.critical = true;
+2264 
+2265 	var p = _ASN1HEX_parse(hExtV);
+2266 	try {
+2267 	    var aItem = p.seq;
+2268 	    for (var i = 0; i < aItem.length; i++) {
+2269 		var pTag = aItem[i].tag;
+2270 		if (pTag.explicit != false) continue;
+2271 		if (pTag.tag == "80") result.reqexp = parseInt(pTag.hex, 16);
+2272 		if (pTag.tag == "81") result.inhibit = parseInt(pTag.hex, 16);
+2273 	    }
+2274 	} catch(ex) {
+2275 	    return new _Error("malformed policyConstraints value");
+2276 	}
+2277 	return result;
+2278     };
+2279 
+2280     /**
+2281      * get InhibitAnyPolicy extension value as JSON object<br/>
+2282      * @name getExtInhibitAnyPolicy
+2283      * @memberOf X509#
+2284      * @function
+2285      * @param {String} hExtV hexadecimal string of extension value (OPTIONAL)
+2286      * @param {Boolean} critical flag (OPTIONAL)
+2287      * @return {Object} JSON object of InhibitAnyPolicy parameters or undefined
+2288      * @since jsrsasign 10.6.1 x509 2.1.1
+2289      * @see KJUR.asn1.x509.InhibitAnyPolicy
+2290      *
+2291      * @description
+2292      * This method will get certificate policies value
+2293      * as an array of JSON object which has properties defined
+2294      * in {@link KJUR.asn1.x509.InhibitAnyPolicy}.
 2295      * Result of this method can be passed to 
-2296      * {@link KJUR.asn1.x509.CRLReason} constructor.
-2297      * @example
-2298      * crl = X509CRL("-----BEGIN X509 CRL...");
-2299      * ... get hExtV and critical flag ...
-2300      * crl.getExtCRLReason("02...", false) →
-2301      * {extname: "cRLReason", code: 3}
-2302      */
-2303     this.getExtCRLReason = function(hExtV, critical) {
-2304 	var result = {extname:"cRLReason"};
-2305 	if (critical) result.critical = true;
-2306 
-2307 	if (hExtV.substr(0, 2) == "0a") {
-2308 	    result.code = parseInt(_getV(hExtV, 0), 16);
-2309 	    return result;
-2310 	}
-2311 	throw new Error("hExtV parse error: " + hExtV);
-2312     };
-2313 
-2314     /**
-2315      * parse OCSPNonce OCSP extension as JSON object<br/>
-2316      * @name getExtOcspNonce
-2317      * @memberOf X509#
-2318      * @function
-2319      * @param {String} hExtV hexadecimal string of extension value
-2320      * @param {Boolean} critical flag
-2321      * @return {Array} JSON object of parsed OCSPNonce extension
-2322      * @since jsrsasign 9.1.6 x509 2.0.3
-2323      * @see KJUR.asn1.x509.OCSPNonce
-2324      * @see X509#getExtParamArray
-2325      * @see X509#getExtParam
-2326      * @description
-2327      * This method parses
-2328      * Nonce OCSP extension value defined in
-2329      * <a href="https://tools.ietf.org/html/rfc6960#section-4.4.1">
-2330      * RFC 6960 4.4.1</a> as JSON object.
-2331      * <pre>
-2332      * id-pkix-ocsp           OBJECT IDENTIFIER ::= { id-ad-ocsp }
-2333      * id-pkix-ocsp-nonce     OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
-2334      * Nonce ::= OCTET STRING
-2335      * </pre>
-2336      * <br/>
-2337      * Result of this method can be passed to 
-2338      * {@link KJUR.asn1.x509.OCSPNonce} constructor.
-2339      * @example
-2340      * x = new X509();
-2341      * x.getExtOcspNonce(<<extn hex value >>) →
-2342      * { extname: "ocspNonce", hex: "1a2b..." }
-2343      */
-2344     this.getExtOcspNonce = function(hExtV, critical) {
-2345 	var result = {extname:"ocspNonce"};
-2346 	if (critical) result.critical = true;
-2347 
-2348 	var hNonce = _getV(hExtV, 0);
-2349 	result.hex = hNonce;
-2350 
-2351 	return result;
-2352     };
-2353 
-2354     /**
-2355      * parse OCSPNoCheck OCSP extension as JSON object<br/>
-2356      * @name getExtOcspNoCheck
-2357      * @memberOf X509#
-2358      * @function
-2359      * @param {String} hExtV hexadecimal string of extension value
-2360      * @param {Boolean} critical flag
-2361      * @return {Array} JSON object of parsed OCSPNoCheck extension
-2362      * @since jsrsasign 9.1.6 x509 2.0.3
-2363      * @see KJUR.asn1.x509.OCSPNoCheck
-2364      * @see X509#getExtParamArray
-2365      * @see X509#getExtParam
-2366      * @description
-2367      * This method parses
-2368      * OCSPNoCheck extension value defined in
-2369      * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.2.2.1">
-2370      * RFC 6960 4.2.2.2.1</a> as JSON object.
-2371      * <pre>
-2372      * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
-2373      * </pre>
-2374      * <br/>
-2375      * Result of this method can be passed to 
-2376      * {@link KJUR.asn1.x509.OCSPNoCheck} constructor.
-2377      * @example
-2378      * x = new X509();
-2379      * x.getExtOcspNoCheck(<<extn hex value >>) →
-2380      * { extname: "ocspNoCheck" }
-2381      */
-2382     this.getExtOcspNoCheck = function(hExtV, critical) {
-2383 	var result = {extname:"ocspNoCheck"};
-2384 	if (critical) result.critical = true;
-2385 
-2386 	return result;
-2387     };
-2388 
-2389     /**
-2390      * parse AdobeTimeStamp extension as JSON object<br/>
-2391      * @name getExtAdobeTimeStamp
-2392      * @memberOf X509#
-2393      * @function
-2394      * @param {String} hExtV hexadecimal string of extension value
-2395      * @param {Boolean} critical flag
-2396      * @return {Array} JSON object of parsed AdobeTimeStamp extension
-2397      * @since jsrsasign 10.0.1 x509 2.0.5
-2398      * @see KJUR.asn1.x509.AdobeTimeStamp
-2399      * @see X509#getExtParamArray
-2400      * @see X509#getExtParam
-2401      * @description
-2402      * This method parses
-2403      * X.509v3 AdobeTimeStamp private extension value defined in the
-2404      * <a href="https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSigDC/oids.html">
-2405      * Adobe site</a> as JSON object.
-2406      * This extension provides the URL location for time stamp service.
-2407      * <pre>
-2408      * adbe- OBJECT IDENTIFIER ::=  { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 }
-2409      *  ::= SEQUENCE {
-2410      *     version INTEGER  { v1(1) }, -- extension version
-2411      *     location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier)
-2412      *     requiresAuth        boolean (default false), OPTIONAL }
-2413      * </pre>
-2414      * <br/>
-2415      * Result of this method can be passed to 
-2416      * {@link KJUR.asn1.x509.AdobeTimeStamp} constructor.
-2417      * <br/>
-2418      * NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp".
-2419      * @example
-2420      * x.getExtAdobeTimeStamp(<<extn hex value >>) →
-2421      * { extname: "adobeTimeStamp", uri: "http://tsa.example.com/" reqauth: true }
-2422      */
-2423     this.getExtAdobeTimeStamp = function(hExtV, critical) {
-2424 	if (hExtV === undefined && critical === undefined) {
-2425 	    var info = this.getExtInfo("adobeTimeStamp");
-2426 	    if (info === undefined) return undefined;
-2427 	    hExtV = _getTLV(this.hex, info.vidx);
-2428 	    critical = info.critical;
-2429 	}
-2430 
-2431 	var result = {extname:"adobeTimeStamp"};
-2432 	if (critical) result.critical = true;
-2433 
-2434 	var a = _getChildIdx(hExtV, 0);
-2435 	if (a.length > 1) {
-2436 	    var hGN = _getTLV(hExtV, a[1])
-2437 	    var gnParam = this.getGeneralName(hGN);
-2438 	    if (gnParam.uri != undefined) {
-2439 		result.uri = gnParam.uri;
-2440 	    }
-2441 	}
-2442 	if (a.length > 2) {
-2443 	    var hBool = _getTLV(hExtV, a[2]);
-2444 	    if (hBool == "0101ff") result.reqauth = true;
-2445 	    if (hBool == "010100") result.reqauth = false;
-2446 	}
+2296      * {@link KJUR.asn1.x509.InhibitAnyPolicy} constructor.
+2297      * If there is no this extension in the certificate,
+2298      * it returns undefined.
+2299      * <br>
+2300      * When hExtV and critical specified as arguments, return value
+2301      * will be generated from them.
+2302      * @example
+2303      * x = new X509(sCertPEM);
+2304      * x.getExtInhibitAnyPolicy() → 
+2305      * { extname: "policyConstraints",
+2306      *   critical: true,
+2307      *   skip: 3 }
+2308      *
+2309      * x.getExtInhibitAnyPolicy("020103", true) → same as above
+2310      */
+2311     this.getExtInhibitAnyPolicy = function(hExtV, critical) {
+2312 	var aExtVCritical = this.getCriticalExtV("inhibitAnyPolicy", hExtV, critical);
+2313 	hExtV = aExtVCritical[0];
+2314 	critical = aExtVCritical[1];
+2315 	if (hExtV == null) return undefined;
+2316 	var result = {extname: "inhibitAnyPolicy"};
+2317 	if (critical) result.critical = true;
+2318 
+2319 	var skip = _getInt(hExtV, 0);
+2320 	if (skip == -1) return new _Error("wrong value");
+2321 	result.skip = skip;
+2322 	return result;
+2323     };
+2324 
+2325     /**
+2326      * parse cRLNumber CRL extension as JSON object<br/>
+2327      * @name getExtCRLNumber
+2328      * @memberOf X509#
+2329      * @function
+2330      * @param {String} hExtV hexadecimal string of extension value
+2331      * @param {Boolean} critical flag
+2332      * @since jsrsasign 9.1.1 x509 2.0.1
+2333      * @see KJUR.asn1.x509.CRLNumber
+2334      * @see X509#getExtParamArray
+2335      * @description
+2336      * This method parses
+2337      * CRLNumber CRL extension value defined in
+2338      * <a href="https://tools.ietf.org/html/rfc5280#section-5.2.3">
+2339      * RFC 5280 5.2.3</a> as JSON object.
+2340      * <pre>
+2341      * id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
+2342      * CRLNumber ::= INTEGER (0..MAX)
+2343      * </pre>
+2344      * <br/>
+2345      * Result of this method can be passed to 
+2346      * {@link KJUR.asn1.x509.CRLNumber} constructor.
+2347      * @example
+2348      * crl = X509CRL("-----BEGIN X509 CRL...");
+2349      * ... get hExtV and critical flag ...
+2350      * crl.getExtCRLNumber("02...", false) →
+2351      * {extname: "cRLNumber", num: {hex: "12af"}}
+2352      */
+2353     this.getExtCRLNumber = function(hExtV, critical) {
+2354 	var result = {extname:"cRLNumber"};
+2355 	if (critical) result.critical = true;
+2356 
+2357 	if (hExtV.substr(0, 2) == "02") {
+2358 	    result.num = {hex: _getV(hExtV, 0)};
+2359 	    return result;
+2360 	}
+2361 	throw new _Error("hExtV parse error: " + hExtV);
+2362     };
+2363 
+2364     /**
+2365      * parse cRLReason CRL entry extension as JSON object<br/>
+2366      * @name getExtCRLReason
+2367      * @memberOf X509#
+2368      * @function
+2369      * @param {String} hExtV hexadecimal string of extension value
+2370      * @param {Boolean} critical flag
+2371      * @since jsrsasign 9.1.1 x509 2.0.1
+2372      * @see KJUR.asn1.x509.CRLReason
+2373      * @see X509#getExtParamArray
+2374      * @description
+2375      * This method parses
+2376      * CRLReason CRL entry extension value defined in
+2377      * <a href="https://tools.ietf.org/html/rfc5280#section-5.3.1">
+2378      * RFC 5280 5.3.1</a> as JSON object.
+2379      * <pre>
+2380      * id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
+2381      * -- reasonCode ::= { CRLReason }
+2382      * CRLReason ::= ENUMERATED {
+2383      *      unspecified             (0),
+2384      *      keyCompromise           (1),
+2385      *      cACompromise            (2),
+2386      *      affiliationChanged      (3),
+2387      *      superseded              (4),
+2388      *      cessationOfOperation    (5),
+2389      *      certificateHold         (6),
+2390      *      removeFromCRL           (8),
+2391      *      privilegeWithdrawn      (9),
+2392      *      aACompromise           (10) }
+2393      * </pre>
+2394      * <br/>
+2395      * Result of this method can be passed to 
+2396      * {@link KJUR.asn1.x509.CRLReason} constructor.
+2397      * @example
+2398      * crl = X509CRL("-----BEGIN X509 CRL...");
+2399      * ... get hExtV and critical flag ...
+2400      * crl.getExtCRLReason("02...", false) →
+2401      * {extname: "cRLReason", code: 3}
+2402      */
+2403     this.getExtCRLReason = function(hExtV, critical) {
+2404 	var result = {extname:"cRLReason"};
+2405 	if (critical) result.critical = true;
+2406 
+2407 	if (hExtV.substr(0, 2) == "0a") {
+2408 	    result.code = parseInt(_getV(hExtV, 0), 16);
+2409 	    return result;
+2410 	}
+2411 	throw new Error("hExtV parse error: " + hExtV);
+2412     };
+2413 
+2414     /**
+2415      * parse OCSPNonce OCSP extension as JSON object<br/>
+2416      * @name getExtOcspNonce
+2417      * @memberOf X509#
+2418      * @function
+2419      * @param {String} hExtV hexadecimal string of extension value
+2420      * @param {Boolean} critical flag
+2421      * @return {Array} JSON object of parsed OCSPNonce extension
+2422      * @since jsrsasign 9.1.6 x509 2.0.3
+2423      * @see KJUR.asn1.x509.OCSPNonce
+2424      * @see X509#getExtParamArray
+2425      * @see X509#getExtParam
+2426      * @description
+2427      * This method parses
+2428      * Nonce OCSP extension value defined in
+2429      * <a href="https://tools.ietf.org/html/rfc6960#section-4.4.1">
+2430      * RFC 6960 4.4.1</a> as JSON object.
+2431      * <pre>
+2432      * id-pkix-ocsp           OBJECT IDENTIFIER ::= { id-ad-ocsp }
+2433      * id-pkix-ocsp-nonce     OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
+2434      * Nonce ::= OCTET STRING
+2435      * </pre>
+2436      * <br/>
+2437      * Result of this method can be passed to 
+2438      * {@link KJUR.asn1.x509.OCSPNonce} constructor.
+2439      * @example
+2440      * x = new X509();
+2441      * x.getExtOcspNonce(<<extn hex value >>) →
+2442      * { extname: "ocspNonce", hex: "1a2b..." }
+2443      */
+2444     this.getExtOcspNonce = function(hExtV, critical) {
+2445 	var result = {extname:"ocspNonce"};
+2446 	if (critical) result.critical = true;
 2447 
-2448 	return result;
-2449     };
+2448 	var hNonce = _getV(hExtV, 0);
+2449 	result.hex = hNonce;
 2450 
-2451     // ===== BEGIN X500Name related =====================================
-2452     /*
-2453      * convert ASN.1 parsed object to attrTypeAndValue assoc array<br/>
-2454      * @name _convATV
-2455      * @param p associative array of parsed attrTypeAndValue object
-2456      * @return attrTypeAndValue associative array
-2457      * @since jsrsasign 10.5.12 x509 2.0.14
-2458      * @example
-2459      * _convATV({seq: [...]} &rarr: {type:"C",value:"JP",ds:"prn"}
-2460      */
-2461     var _convATV = function(p) {
-2462 	var result = {};
-2463 	try {
-2464 	    var name = p.seq[0].oid;
-2465 	    var oid = KJUR.asn1.x509.OID.name2oid(name);
-2466 	    result.type = KJUR.asn1.x509.OID.oid2atype(oid);
-2467 	    var item1 = p.seq[1];
-2468 	    if (item1.utf8str != undefined) {
-2469 		result.ds = "utf8";
-2470 		result.value = item1.utf8str.str;
-2471 	    } else if (item1.numstr != undefined) {
-2472 		result.ds = "num";
-2473 		result.value = item1.numstr.str;
-2474 	    } else if (item1.telstr != undefined) {
-2475 		result.ds = "tel";
-2476 		result.value = item1.telstr.str;
-2477 	    } else if (item1.prnstr != undefined) {
-2478 		result.ds = "prn";
-2479 		result.value = item1.prnstr.str;
-2480 	    } else if (item1.ia5str != undefined) {
-2481 		result.ds = "ia5";
-2482 		result.value = item1.ia5str.str;
-2483 	    } else if (item1.visstr != undefined) {
-2484 		result.ds = "vis";
-2485 		result.value = item1.visstr.str;
-2486 	    } else if (item1.bmpstr != undefined) {
-2487 		result.ds = "bmp";
-2488 		result.value = item1.bmpstr.str;
-2489 	    } else {
-2490 		throw "error";
-2491 	    }
-2492 	    return result;
-2493 	} catch(ex) {
-2494 	    throw new Erorr("improper ASN.1 parsed AttrTypeAndValue");
-2495 	}
-2496     };
-2497 
-2498     /*
-2499      * convert ASN.1 parsed object to RDN array<br/>
-2500      * @name _convRDN
-2501      * @param p associative array of parsed RDN object
-2502      * @return RDN array
-2503      * @since jsrsasign 10.5.12 x509 2.0.14
-2504      * @example
-2505      * _convRDN({set: [...]} &rarr: [{type:"C",value:"JP",ds:"prn"}]
-2506      */
-2507     var _convRDN = function(p) {
-2508 	try {
-2509 	    return p.set.map(function(pATV){return _convATV(pATV)});
-2510 	} catch(ex) {
-2511 	    throw new Error("improper ASN.1 parsed RDN: " + ex);
-2512 	}
-2513     };
-2514 
-2515     /*
-2516      * convert ASN.1 parsed object to X500Name array<br/>
-2517      * @name _convX500Name
-2518      * @param p associative array of parsed X500Name array object
-2519      * @return RDN array
-2520      * @since jsrsasign 10.5.12 x509 2.0.14
-2521      * @example
-2522      * _convX500Name({seq: [...]} &rarr: [[{type:"C",value:"JP",ds:"prn"}]]
-2523      */
-2524     var _convX500Name = function(p) {
-2525 	try {
-2526 	    return p.seq.map(function(pRDN){return _convRDN(pRDN)});
-2527 	} catch(ex) {
-2528 	    throw new Error("improper ASN.1 parsed X500Name: " + ex);
+2451 	return result;
+2452     };
+2453 
+2454     /**
+2455      * parse OCSPNoCheck OCSP extension as JSON object<br/>
+2456      * @name getExtOcspNoCheck
+2457      * @memberOf X509#
+2458      * @function
+2459      * @param {String} hExtV hexadecimal string of extension value
+2460      * @param {Boolean} critical flag
+2461      * @return {Array} JSON object of parsed OCSPNoCheck extension
+2462      * @since jsrsasign 9.1.6 x509 2.0.3
+2463      * @see KJUR.asn1.x509.OCSPNoCheck
+2464      * @see X509#getExtParamArray
+2465      * @see X509#getExtParam
+2466      * @description
+2467      * This method parses
+2468      * OCSPNoCheck extension value defined in
+2469      * <a href="https://tools.ietf.org/html/rfc6960#section-4.2.2.2.1">
+2470      * RFC 6960 4.2.2.2.1</a> as JSON object.
+2471      * <pre>
+2472      * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
+2473      * </pre>
+2474      * <br/>
+2475      * Result of this method can be passed to 
+2476      * {@link KJUR.asn1.x509.OCSPNoCheck} constructor.
+2477      * @example
+2478      * x = new X509();
+2479      * x.getExtOcspNoCheck(<<extn hex value >>) →
+2480      * { extname: "ocspNoCheck" }
+2481      */
+2482     this.getExtOcspNoCheck = function(hExtV, critical) {
+2483 	var result = {extname:"ocspNoCheck"};
+2484 	if (critical) result.critical = true;
+2485 
+2486 	return result;
+2487     };
+2488 
+2489     /**
+2490      * parse AdobeTimeStamp extension as JSON object<br/>
+2491      * @name getExtAdobeTimeStamp
+2492      * @memberOf X509#
+2493      * @function
+2494      * @param {String} hExtV hexadecimal string of extension value
+2495      * @param {Boolean} critical flag
+2496      * @return {Array} JSON object of parsed AdobeTimeStamp extension
+2497      * @since jsrsasign 10.0.1 x509 2.0.5
+2498      * @see KJUR.asn1.x509.AdobeTimeStamp
+2499      * @see X509#getExtParamArray
+2500      * @see X509#getExtParam
+2501      * @description
+2502      * This method parses
+2503      * X.509v3 AdobeTimeStamp private extension value defined in the
+2504      * <a href="https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSigDC/oids.html">
+2505      * Adobe site</a> as JSON object.
+2506      * This extension provides the URL location for time stamp service.
+2507      * <pre>
+2508      * adbe- OBJECT IDENTIFIER ::=  { adbe(1.2.840.113583) acrobat(1) security(1) x509Ext(9) 1 }
+2509      *  ::= SEQUENCE {
+2510      *     version INTEGER  { v1(1) }, -- extension version
+2511      *     location GeneralName (In v1 GeneralName can be only uniformResourceIdentifier)
+2512      *     requiresAuth        boolean (default false), OPTIONAL }
+2513      * </pre>
+2514      * <br/>
+2515      * Result of this method can be passed to 
+2516      * {@link KJUR.asn1.x509.AdobeTimeStamp} constructor.
+2517      * <br/>
+2518      * NOTE: This extesion doesn't seem to have official name. This may be called as "pdfTimeStamp".
+2519      * @example
+2520      * x.getExtAdobeTimeStamp(<<extn hex value >>) →
+2521      * { extname: "adobeTimeStamp", uri: "http://tsa.example.com/" reqauth: true }
+2522      */
+2523     this.getExtAdobeTimeStamp = function(hExtV, critical) {
+2524 	if (hExtV === undefined && critical === undefined) {
+2525 	    var info = this.getExtInfo("adobeTimeStamp");
+2526 	    if (info === undefined) return undefined;
+2527 	    hExtV = _getTLV(this.hex, info.vidx);
+2528 	    critical = info.critical;
 2529 	}
-2530     };
-2531 
-2532     this.getX500NameRule = function(aDN) {
-2533 	var isPRNRule = true;
-2534 	var isUTF8Rule = true;
-2535 	var isMixedRule = false;
-2536 	var logfull = "";
-2537 	var logcheck = "";
-2538 	var lasttag = null;
-2539 
-2540 	var a = [];
-2541 	for (var i = 0; i < aDN.length; i++) {
-2542 	    var aRDN = aDN[i];
-2543 	    for (var j = 0; j < aRDN.length; j++) {
-2544 		a.push(aRDN[j]);
-2545 	    }
+2530 
+2531 	var result = {extname:"adobeTimeStamp"};
+2532 	if (critical) result.critical = true;
+2533 
+2534 	var a = _getChildIdx(hExtV, 0);
+2535 	if (a.length > 1) {
+2536 	    var hGN = _getTLV(hExtV, a[1])
+2537 	    var gnParam = this.getGeneralName(hGN);
+2538 	    if (gnParam.uri != undefined) {
+2539 		result.uri = gnParam.uri;
+2540 	    }
+2541 	}
+2542 	if (a.length > 2) {
+2543 	    var hBool = _getTLV(hExtV, a[2]);
+2544 	    if (hBool == "0101ff") result.reqauth = true;
+2545 	    if (hBool == "010100") result.reqauth = false;
 2546 	}
 2547 
-2548 	for (var i = 0; i < a.length; i++) {
-2549 	    var item = a[i];
-2550 	    var tag = item.ds;
-2551 	    var value = item.value;
-2552 	    var type = item.type;
-2553 	    logfull += ":" + tag;
-2554 	    
-2555 	    if (tag != "prn" && tag != "utf8" && tag != "ia5") {
-2556 		return "mixed";
-2557 	    }
-2558 	    if (tag == "ia5") {
-2559 		if (type != "CN") {
-2560 		    return "mixed";
-2561 		} else {
-2562 		    if (! KJUR.lang.String.isMail(value)) {
-2563 			return "mixed";
-2564 		    } else {
-2565 			continue;
-2566 		    }
-2567 		}
-2568 	    }
-2569 	    if (type == "C") {
-2570 		if (tag == "prn") {
-2571 		    continue;
-2572 		} else {
-2573 		    return "mixed";
-2574 		}
-2575 	    }
-2576 	    logcheck += ":" + tag;
-2577 	    if (lasttag == null) {
-2578 		lasttag = tag;
-2579 	    } else {
-2580 		if (lasttag !== tag) return "mixed";
-2581 	    }
-2582 	}
-2583 	if (lasttag == null) {
-2584 	    return "prn";
-2585 	} else {
-2586 	    return lasttag;
-2587 	}
-2588     };
-2589 
-2590     /**
-2591      * get AttributeTypeAndValue ASN.1 structure parameter as JSON object<br/>
-2592      * @name getAttrTypeAndValue
-2593      * @memberOf X509#
-2594      * @function
-2595      * @param {String} h hexadecimal string of AttributeTypeAndValue
-2596      * @return {Object} JSON object of AttributeTypeAndValue parameters
-2597      * @since jsrsasign 9.0.0 x509 2.0.0
-2598      * @see X509#getX500Name
-2599      * @see X509#getRDN
-2600      * @description
-2601      * This method will get AttributeTypeAndValue parameters defined in
-2602      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-2603      * RFC 5280 4.1.2.4</a>.
-2604      * <pre>
-2605      * AttributeTypeAndValue ::= SEQUENCE {
-2606      *   type     AttributeType,
-2607      *   value    AttributeValue }
-2608      * AttributeType ::= OBJECT IDENTIFIER
-2609      * AttributeValue ::= ANY -- DEFINED BY AttributeType
-2610      * </pre>
-2611      * <ul>
-2612      * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li>
-2613      * <li>{String}value - raw string of ASN.1 value of AttributeValue</li>
-2614      * <li>{String}ds - DirectoryString type of AttributeValue</li>
-2615      * </ul>
-2616      * "ds" has one of following value:
-2617      * <ul>
-2618      * <li>utf8 - (0x0c) UTF8String</li>
-2619      * <li>num  - (0x12) NumericString</li>
-2620      * <li>prn  - (0x13) PrintableString</li>
-2621      * <li>tel  - (0x14) TeletexString</li>
-2622      * <li>ia5  - (0x16) IA5String</li>
-2623      * <li>vis  - (0x1a) VisibleString</li>
-2624      * <li>bmp  - (0x1e) BMPString</li>
-2625      * </ul>
-2626      * @example
-2627      * x = new X509();
-2628      * x.getAttrTypeAndValue("30...") →
-2629      * {type:"CN",value:"john.smith@example.com",ds:"ia5"} or
-2630      * {type:"O",value:"Sample Corp.",ds:"prn"}
-2631      */
-2632     // unv  - (0x1c??) UniversalString ... for future
-2633     this.getAttrTypeAndValue = function(h) {
-2634 	var p = _ASN1HEX_parse(h);
-2635 	return _convATV(p);
-2636     };
-2637 
-2638     /**
-2639      * get RelativeDistinguishedName ASN.1 structure parameter array<br/>
-2640      * @name getRDN
-2641      * @memberOf X509#
-2642      * @function
-2643      * @param {String} h hexadecimal string of RDN
-2644      * @return {Array} array of AttrTypeAndValue parameters
-2645      * @since jsrsasign 9.0.0 x509 2.0.0
-2646      * @see X509#getX500Name
-2647      * @see X509#getRDN
-2648      * @see X509#getAttrTypeAndValue
-2649      * @description
-2650      * This method will get RelativeDistinguishedName parameters defined in
-2651      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-2652      * RFC 5280 4.1.2.4</a>.
-2653      * <pre>
-2654      * RelativeDistinguishedName ::=
-2655      *   SET SIZE (1..MAX) OF AttributeTypeAndValue
-2656      * </pre>
-2657      * @example
-2658      * x = new X509();
-2659      * x.getRDN("31...") →
-2660      * [{type:"C",value:"US",ds:"prn"}] or
-2661      * [{type:"O",value:"Sample Corp.",ds:"prn"}] or
-2662      * [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
-2663      */
-2664     this.getRDN = function(h) {
-2665 	var p = _ASN1HEX_parse(h);
-2666 	return _convRDN(p);
-2667     };
-2668 
-2669     /**
-2670      * get X.500 Name ASN.1 structure parameter array<br/>
-2671      * @name getX500NameArray
-2672      * @memberOf X509#
-2673      * @function
-2674      * @param {String} h hexadecimal string of Name
-2675      * @return {Array} array of RDN parameter array
-2676      * @since jsrsasign 10.0.6 x509 2.0.9
-2677      * @see X509#getX500Name
-2678      * @see X509#getRDN
-2679      * @see X509#getAttrTypeAndValue
-2680      * @description
-2681      * This method will get Name parameter defined in
-2682      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-2683      * RFC 5280 4.1.2.4</a>.
-2684      * <pre>
-2685      * Name ::= CHOICE { -- only one possibility for now --
-2686      *   rdnSequence  RDNSequence }
-2687      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-2688      * </pre>
-2689      * @example
-2690      * x = new X509();
-2691      * x.getX500NameArray("30...") →
-2692      * [[{type:"C",value:"US",ds:"prn"}],
-2693      *  [{type:"O",value:"Sample Corp.",ds:"utf8"}],
-2694      *  [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]]
-2695      */
-2696     this.getX500NameArray = function(h) {
-2697 	var p = _ASN1HEX_parse(h);
-2698 	return _convX500Name(p);
-2699     };
-2700 
-2701     /**
-2702      * get Name ASN.1 structure parameter array<br/>
-2703      * @name getX500Name
-2704      * @memberOf X509#
-2705      * @function
-2706      * @param {String} h hexadecimal string of Name
-2707      * @param {boolean} flagCanon flag to conclude canonicalized name (DEFAULT false)
-2708      * @param {boolean} flagHex flag to conclude hexadecimal string (DEFAULT false)
-2709      * @return {Array} array of RDN parameter array
-2710      * @since jsrsasign 9.0.0 x509 2.0.0
-2711      * @see X509#getX500NameArray
-2712      * @see X509#getRDN
-2713      * @see X509#getAttrTypeAndValue
-2714      * @see X509#c14nRDNArray
-2715      * @see KJUR.asn1.x509.X500Name
-2716      * @see KJUR.asn1.x509.GeneralName
-2717      * @see KJUR.asn1.x509.GeneralNames
-2718      *
-2719      * @description
-2720      * This method will get Name parameter defined in
-2721      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
-2722      * RFC 5280 4.1.2.4</a>.
-2723      * <pre>
-2724      * Name ::= CHOICE { -- only one possibility for now --
-2725      *   rdnSequence  RDNSequence }
-2726      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-2727      * </pre>
-2728      * <br>
-2729      * NOTE: From jsrsasign 10.6.0, flagHex and flagCanon has been 
-2730      * supported to conclude a canonicalized name for caseIgnoreMatch
-2731      * desribed in <a href="https://tools.ietf.org/html/rfc4518">
-2732      * RFC 4518</a>.
-2733      *
-2734      * @example
-2735      * x = new X509();
-2736      * x.getX500Name("30...") →
-2737      * { array: [
-2738      *     [{type:"C",value:"US",ds:"prn"}],
-2739      *     [{type:"O",value:"Sample Corp.",ds:"utf8"}],
-2740      *     [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
-2741      *   ],
-2742      *   str: "/C=US/O=Sample Corp./CN=john.smith@example.com",
-2743      *   hex: "30..." }
-2744      *
-2745      * x.getX500Name("30...", true) →
-2746      * { array: [
-2747      *     [{type:"C",value:"US",ds:"prn"}],
-2748      *     [{type:"O",value:"Sample    Corp.",ds:"utf8"}]
-2749      *   ],
-2750      *   str: "/C=US/O=Sample    Corp.",
-2751      *   canon: "/c=us/o=sample corp.",
-2752      *   hex: "30..." }
-2753      */
-2754     this.getX500Name = function(h, flagCanon, flagHex) {
-2755 	var a = this.getX500NameArray(h);
-2756 	var s = this.dnarraytostr(a);
-2757 	var result = { str: s };
-2758 
-2759 	result.array = a;
-2760 	if (flagHex == true) result.hex = h;
-2761 	if (flagCanon == true) result.canon = this.c14nRDNArray(a);
-2762 	return result;
-2763     };
-2764 
-2765     // ===== END X500Name related =====================================
-2766 
-2767     // ===== BEGIN read certificate =====================================
-2768     /**
-2769      * read PEM formatted X.509 certificate from string.<br/>
-2770      * @name readCertPEM
-2771      * @memberOf X509#
-2772      * @function
-2773      * @param {String} sCertPEM string for PEM formatted X.509 certificate
-2774      * @example
-2775      * x = new X509();
-2776      * x.readCertPEM(sCertPEM); // read certificate
-2777      */
-2778     this.readCertPEM = function(sCertPEM) {
-2779         this.readCertHex(_pemtohex(sCertPEM));
-2780     };
-2781 
-2782     /**
-2783      * read a hexadecimal string of X.509 certificate<br/>
-2784      * @name readCertHex
-2785      * @memberOf X509#
-2786      * @function
-2787      * @param {String} sCertHex hexadecimal string of X.509 certificate
-2788      * @since jsrsasign 7.1.4 x509 1.1.13
-2789      * @description
-2790      * NOTE: {@link X509#parseExt} will called internally since jsrsasign 7.2.0.
-2791      * @example
-2792      * x = new X509();
-2793      * x.readCertHex("3082..."); // read certificate
-2794      */
-2795     this.readCertHex = function(sCertHex) {
-2796         this.hex = sCertHex;
-2797 	this.getVersion(); // set version parameter
-2798 
-2799 	try {
-2800 	    _getIdxbyList(this.hex, 0, [0, 7], "a3"); // has [3] v3ext
-2801 	    this.parseExt();
-2802 	} catch(ex) {};
-2803     };
-2804 
-2805     // ===== END read certificate =====================================
-2806 
-2807     /**
-2808      * get JSON object of certificate parameters<br/>
-2809      * @name getParam
-2810      * @memberOf X509#
-2811      * @function
-2812      * @param {Object} option optional setting for return object
-2813      * @return {Object} JSON object of certificate parameters
-2814      * @since jsrsasign 9.0.0 x509 2.0.0
-2815      * @see KJUR.asn1.x509.X509Util.newCertPEM
-2816      *
-2817      * @description
-2818      * This method returns a JSON object of the certificate
-2819      * parameters. Return value can be passed to
-2820      * {@link KJUR.asn1.x509.X509Util.newCertPEM}.
-2821      * <br/>
-2822      * NOTE1: From jsrsasign 10.5.16, optional argument can be applied.
-2823      * It can have following members:
-2824      * <ul>
-2825      * <li>tbshex - (boolean) tbshex member with hex value of 
-2826      * tbsCertificate will be added if true (DEFAULT undefined)</li>
-2827      * <li>nodnarray - (boolean) array member for subject and
-2828      * issuer will be deleted to simplify it if true (DEFAULT undefined)<li>
-2829      * <li>dncanon - (boolean) add canon member to subject and issuer for DN StringPrep if true(DEFAULT undefined)</li>
-2830      * <li>dnhex - (boolean) add hex member to subject and issuer if true(DEFAULT undefined)</li>
-2831      * </ul>
-2832      * <br/>
-2833      * NOTE2: From jsrsasign 10.6.0, member "dncanon" and "dnhex" supported
-2834      * in the "option" argument.
-2835      *
-2836      * @example
-2837      * x = new X509();
-2838      * x.readCertPEM("-----BEGIN CERTIFICATE...");
-2839      * x.getParam() →
-2840      * {version:3,
-2841      *  serial:{hex:"12ab"},
-2842      *  sigalg:"SHA256withRSA",
-2843      *  issuer: {array:[[{type:'CN',value:'CA1',ds:'prn'}]],str:"/O=CA1"},
-2844      *  notbefore:"160403023700Z",
-2845      *  notafter:"160702023700Z",
-2846      *  subject: {array:[[{type:'CN',value:'Test1',ds:'prn'}]],str:"/CN=Test1"},
-2847      *  sbjpubkey:"-----BEGIN PUBLIC KEY...",
-2848      *  ext:[
-2849      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
-2850      *   {extname:"basicConstraints",critical:true},
-2851      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
-2852      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-2853      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
-2854      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
-2855      *  ],
-2856      *  sighex:"0b76...8"
-2857      * };
-2858      *
-2859      * x.getParam({tbshex: true}) → { ... , tbshex: "30..." }
-2860      * x.getParam({nodnarray: true}) → {issuer: {str: "/C=JP"}, ...}
-2861      * x.getParam({dncanon: true}) → {... {issuer: {canon: "/c=jp/o=..."} ...} ...}
-2862      * x.getParam({dnhex: true}) → {... {issuer: {hex: "30..."} ...} ...}
-2863      */
-2864     this.getParam = function(option) {
-2865 	var result = {};
-2866 	if (option == undefined) option = {};
-2867 
-2868 	result.version = this.getVersion();
-2869 	result.serial = {hex: this.getSerialNumberHex()};
-2870 	result.sigalg = this.getSignatureAlgorithmField();
-2871 	result.issuer = this.getIssuer(option.dncanon, option.dnhex);
-2872 	result.notbefore = this.getNotBefore();
-2873 	result.notafter = this.getNotAfter();
-2874 	result.subject = this.getSubject(option.dncanon, option.dnhex);
-2875 	result.sbjpubkey = hextopem(this.getPublicKeyHex(), "PUBLIC KEY");
-2876 	if (this.aExtInfo != undefined &&
-2877 	    this.aExtInfo.length > 0) {
-2878 	    result.ext = this.getExtParamArray();
-2879 	}
-2880 	result.sighex = this.getSignatureValueHex();
+2548 	return result;
+2549     };
+2550 
+2551     // ===== BEGIN X500Name related =====================================
+2552     /*
+2553      * convert ASN.1 parsed object to attrTypeAndValue assoc array<br/>
+2554      * @name _convATV
+2555      * @param p associative array of parsed attrTypeAndValue object
+2556      * @return attrTypeAndValue associative array
+2557      * @since jsrsasign 10.5.12 x509 2.0.14
+2558      * @example
+2559      * _convATV({seq: [...]} &rarr: {type:"C",value:"JP",ds:"prn"}
+2560      */
+2561     var _convATV = function(p) {
+2562 	var result = {};
+2563 	try {
+2564 	    var name = p.seq[0].oid;
+2565 	    var oid = KJUR.asn1.x509.OID.name2oid(name);
+2566 	    result.type = KJUR.asn1.x509.OID.oid2atype(oid);
+2567 	    var item1 = p.seq[1];
+2568 	    if (item1.utf8str != undefined) {
+2569 		result.ds = "utf8";
+2570 		result.value = item1.utf8str.str;
+2571 	    } else if (item1.numstr != undefined) {
+2572 		result.ds = "num";
+2573 		result.value = item1.numstr.str;
+2574 	    } else if (item1.telstr != undefined) {
+2575 		result.ds = "tel";
+2576 		result.value = item1.telstr.str;
+2577 	    } else if (item1.prnstr != undefined) {
+2578 		result.ds = "prn";
+2579 		result.value = item1.prnstr.str;
+2580 	    } else if (item1.ia5str != undefined) {
+2581 		result.ds = "ia5";
+2582 		result.value = item1.ia5str.str;
+2583 	    } else if (item1.visstr != undefined) {
+2584 		result.ds = "vis";
+2585 		result.value = item1.visstr.str;
+2586 	    } else if (item1.bmpstr != undefined) {
+2587 		result.ds = "bmp";
+2588 		result.value = item1.bmpstr.str;
+2589 	    } else {
+2590 		throw "error";
+2591 	    }
+2592 	    return result;
+2593 	} catch(ex) {
+2594 	    throw new Erorr("improper ASN.1 parsed AttrTypeAndValue");
+2595 	}
+2596     };
+2597 
+2598     /*
+2599      * convert ASN.1 parsed object to RDN array<br/>
+2600      * @name _convRDN
+2601      * @param p associative array of parsed RDN object
+2602      * @return RDN array
+2603      * @since jsrsasign 10.5.12 x509 2.0.14
+2604      * @example
+2605      * _convRDN({set: [...]} &rarr: [{type:"C",value:"JP",ds:"prn"}]
+2606      */
+2607     var _convRDN = function(p) {
+2608 	try {
+2609 	    return p.set.map(function(pATV){return _convATV(pATV)});
+2610 	} catch(ex) {
+2611 	    throw new Error("improper ASN.1 parsed RDN: " + ex);
+2612 	}
+2613     };
+2614 
+2615     /*
+2616      * convert ASN.1 parsed object to X500Name array<br/>
+2617      * @name _convX500Name
+2618      * @param p associative array of parsed X500Name array object
+2619      * @return RDN array
+2620      * @since jsrsasign 10.5.12 x509 2.0.14
+2621      * @example
+2622      * _convX500Name({seq: [...]} &rarr: [[{type:"C",value:"JP",ds:"prn"}]]
+2623      */
+2624     var _convX500Name = function(p) {
+2625 	try {
+2626 	    return p.seq.map(function(pRDN){return _convRDN(pRDN)});
+2627 	} catch(ex) {
+2628 	    throw new Error("improper ASN.1 parsed X500Name: " + ex);
+2629 	}
+2630     };
+2631 
+2632     this.getX500NameRule = function(aDN) {
+2633 	var isPRNRule = true;
+2634 	var isUTF8Rule = true;
+2635 	var isMixedRule = false;
+2636 	var logfull = "";
+2637 	var logcheck = "";
+2638 	var lasttag = null;
+2639 
+2640 	var a = [];
+2641 	for (var i = 0; i < aDN.length; i++) {
+2642 	    var aRDN = aDN[i];
+2643 	    for (var j = 0; j < aRDN.length; j++) {
+2644 		a.push(aRDN[j]);
+2645 	    }
+2646 	}
+2647 
+2648 	for (var i = 0; i < a.length; i++) {
+2649 	    var item = a[i];
+2650 	    var tag = item.ds;
+2651 	    var value = item.value;
+2652 	    var type = item.type;
+2653 	    logfull += ":" + tag;
+2654 	    
+2655 	    if (tag != "prn" && tag != "utf8" && tag != "ia5") {
+2656 		return "mixed";
+2657 	    }
+2658 	    if (tag == "ia5") {
+2659 		if (type != "CN") {
+2660 		    return "mixed";
+2661 		} else {
+2662 		    if (! KJUR.lang.String.isMail(value)) {
+2663 			return "mixed";
+2664 		    } else {
+2665 			continue;
+2666 		    }
+2667 		}
+2668 	    }
+2669 	    if (type == "C") {
+2670 		if (tag == "prn") {
+2671 		    continue;
+2672 		} else {
+2673 		    return "mixed";
+2674 		}
+2675 	    }
+2676 	    logcheck += ":" + tag;
+2677 	    if (lasttag == null) {
+2678 		lasttag = tag;
+2679 	    } else {
+2680 		if (lasttag !== tag) return "mixed";
+2681 	    }
+2682 	}
+2683 	if (lasttag == null) {
+2684 	    return "prn";
+2685 	} else {
+2686 	    return lasttag;
+2687 	}
+2688     };
+2689 
+2690     /**
+2691      * get AttributeTypeAndValue ASN.1 structure parameter as JSON object<br/>
+2692      * @name getAttrTypeAndValue
+2693      * @memberOf X509#
+2694      * @function
+2695      * @param {String} h hexadecimal string of AttributeTypeAndValue
+2696      * @return {Object} JSON object of AttributeTypeAndValue parameters
+2697      * @since jsrsasign 9.0.0 x509 2.0.0
+2698      * @see X509#getX500Name
+2699      * @see X509#getRDN
+2700      * @description
+2701      * This method will get AttributeTypeAndValue parameters defined in
+2702      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2703      * RFC 5280 4.1.2.4</a>.
+2704      * <pre>
+2705      * AttributeTypeAndValue ::= SEQUENCE {
+2706      *   type     AttributeType,
+2707      *   value    AttributeValue }
+2708      * AttributeType ::= OBJECT IDENTIFIER
+2709      * AttributeValue ::= ANY -- DEFINED BY AttributeType
+2710      * </pre>
+2711      * <ul>
+2712      * <li>{String}type - AttributeType name or OID(ex. C,O,CN)</li>
+2713      * <li>{String}value - raw string of ASN.1 value of AttributeValue</li>
+2714      * <li>{String}ds - DirectoryString type of AttributeValue</li>
+2715      * </ul>
+2716      * "ds" has one of following value:
+2717      * <ul>
+2718      * <li>utf8 - (0x0c) UTF8String</li>
+2719      * <li>num  - (0x12) NumericString</li>
+2720      * <li>prn  - (0x13) PrintableString</li>
+2721      * <li>tel  - (0x14) TeletexString</li>
+2722      * <li>ia5  - (0x16) IA5String</li>
+2723      * <li>vis  - (0x1a) VisibleString</li>
+2724      * <li>bmp  - (0x1e) BMPString</li>
+2725      * </ul>
+2726      * @example
+2727      * x = new X509();
+2728      * x.getAttrTypeAndValue("30...") →
+2729      * {type:"CN",value:"john.smith@example.com",ds:"ia5"} or
+2730      * {type:"O",value:"Sample Corp.",ds:"prn"}
+2731      */
+2732     // unv  - (0x1c??) UniversalString ... for future
+2733     this.getAttrTypeAndValue = function(h) {
+2734 	var p = _ASN1HEX_parse(h);
+2735 	return _convATV(p);
+2736     };
+2737 
+2738     /**
+2739      * get RelativeDistinguishedName ASN.1 structure parameter array<br/>
+2740      * @name getRDN
+2741      * @memberOf X509#
+2742      * @function
+2743      * @param {String} h hexadecimal string of RDN
+2744      * @return {Array} array of AttrTypeAndValue parameters
+2745      * @since jsrsasign 9.0.0 x509 2.0.0
+2746      * @see X509#getX500Name
+2747      * @see X509#getRDN
+2748      * @see X509#getAttrTypeAndValue
+2749      * @description
+2750      * This method will get RelativeDistinguishedName parameters defined in
+2751      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2752      * RFC 5280 4.1.2.4</a>.
+2753      * <pre>
+2754      * RelativeDistinguishedName ::=
+2755      *   SET SIZE (1..MAX) OF AttributeTypeAndValue
+2756      * </pre>
+2757      * @example
+2758      * x = new X509();
+2759      * x.getRDN("31...") →
+2760      * [{type:"C",value:"US",ds:"prn"}] or
+2761      * [{type:"O",value:"Sample Corp.",ds:"prn"}] or
+2762      * [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
+2763      */
+2764     this.getRDN = function(h) {
+2765 	var p = _ASN1HEX_parse(h);
+2766 	return _convRDN(p);
+2767     };
+2768 
+2769     /**
+2770      * get X.500 Name ASN.1 structure parameter array<br/>
+2771      * @name getX500NameArray
+2772      * @memberOf X509#
+2773      * @function
+2774      * @param {String} h hexadecimal string of Name
+2775      * @return {Array} array of RDN parameter array
+2776      * @since jsrsasign 10.0.6 x509 2.0.9
+2777      * @see X509#getX500Name
+2778      * @see X509#getRDN
+2779      * @see X509#getAttrTypeAndValue
+2780      * @description
+2781      * This method will get Name parameter defined in
+2782      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2783      * RFC 5280 4.1.2.4</a>.
+2784      * <pre>
+2785      * Name ::= CHOICE { -- only one possibility for now --
+2786      *   rdnSequence  RDNSequence }
+2787      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+2788      * </pre>
+2789      * @example
+2790      * x = new X509();
+2791      * x.getX500NameArray("30...") →
+2792      * [[{type:"C",value:"US",ds:"prn"}],
+2793      *  [{type:"O",value:"Sample Corp.",ds:"utf8"}],
+2794      *  [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]]
+2795      */
+2796     this.getX500NameArray = function(h) {
+2797 	var p = _ASN1HEX_parse(h);
+2798 	return _convX500Name(p);
+2799     };
+2800 
+2801     /**
+2802      * get Name ASN.1 structure parameter array<br/>
+2803      * @name getX500Name
+2804      * @memberOf X509#
+2805      * @function
+2806      * @param {String} h hexadecimal string of Name
+2807      * @param {boolean} flagCanon flag to conclude canonicalized name (DEFAULT false)
+2808      * @param {boolean} flagHex flag to conclude hexadecimal string (DEFAULT false)
+2809      * @return {Array} array of RDN parameter array
+2810      * @since jsrsasign 9.0.0 x509 2.0.0
+2811      * @see X509#getX500NameArray
+2812      * @see X509#getRDN
+2813      * @see X509#getAttrTypeAndValue
+2814      * @see X509#c14nRDNArray
+2815      * @see KJUR.asn1.x509.X500Name
+2816      * @see KJUR.asn1.x509.GeneralName
+2817      * @see KJUR.asn1.x509.GeneralNames
+2818      *
+2819      * @description
+2820      * This method will get Name parameter defined in
+2821      * <a href="https://tools.ietf.org/html/rfc5280#section-4.1.2.4">
+2822      * RFC 5280 4.1.2.4</a>.
+2823      * <pre>
+2824      * Name ::= CHOICE { -- only one possibility for now --
+2825      *   rdnSequence  RDNSequence }
+2826      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+2827      * </pre>
+2828      * <br>
+2829      * NOTE: From jsrsasign 10.6.0, flagHex and flagCanon has been 
+2830      * supported to conclude a canonicalized name for caseIgnoreMatch
+2831      * desribed in <a href="https://tools.ietf.org/html/rfc4518">
+2832      * RFC 4518</a>.
+2833      *
+2834      * @example
+2835      * x = new X509();
+2836      * x.getX500Name("30...") →
+2837      * { array: [
+2838      *     [{type:"C",value:"US",ds:"prn"}],
+2839      *     [{type:"O",value:"Sample Corp.",ds:"utf8"}],
+2840      *     [{type:"CN",value:"john.smith@example.com",ds:"ia5"}]
+2841      *   ],
+2842      *   str: "/C=US/O=Sample Corp./CN=john.smith@example.com",
+2843      *   hex: "30..." }
+2844      *
+2845      * x.getX500Name("30...", true) →
+2846      * { array: [
+2847      *     [{type:"C",value:"US",ds:"prn"}],
+2848      *     [{type:"O",value:"Sample    Corp.",ds:"utf8"}]
+2849      *   ],
+2850      *   str: "/C=US/O=Sample    Corp.",
+2851      *   canon: "/c=us/o=sample corp.",
+2852      *   hex: "30..." }
+2853      */
+2854     this.getX500Name = function(h, flagCanon, flagHex) {
+2855 	var a = this.getX500NameArray(h);
+2856 	var s = this.dnarraytostr(a);
+2857 	var result = { str: s };
+2858 
+2859 	result.array = a;
+2860 	if (flagHex == true) result.hex = h;
+2861 	if (flagCanon == true) result.canon = this.c14nRDNArray(a);
+2862 	return result;
+2863     };
+2864 
+2865     // ===== END X500Name related =====================================
+2866 
+2867     // ===== BEGIN read certificate =====================================
+2868     /**
+2869      * read PEM formatted X.509 certificate from string.<br/>
+2870      * @name readCertPEM
+2871      * @memberOf X509#
+2872      * @function
+2873      * @param {String} sCertPEM string for PEM formatted X.509 certificate
+2874      * @example
+2875      * x = new X509();
+2876      * x.readCertPEM(sCertPEM); // read certificate
+2877      */
+2878     this.readCertPEM = function(sCertPEM) {
+2879         this.readCertHex(_pemtohex(sCertPEM));
+2880     };
 2881 
-2882 	// for options
-2883 	if (option.tbshex == true) {
-2884 	    result.tbshex = _getTLVbyList(this.hex, 0, [0]);
-2885 	}
-2886 	if (option.nodnarray == true) {
-2887 	    delete result.issuer.array;
-2888 	    delete result.subject.array;
-2889 	}
-2890 
-2891 	return result;
-2892     };
-2893 
-2894     /** 
-2895      * get array of certificate extension parameter JSON object<br/>
-2896      * @name getExtParamArray
-2897      * @memberOf X509#
-2898      * @function
-2899      * @param {String} hExtSeq hexadecimal string of SEQUENCE of Extension
-2900      * @return {Array} array of certificate extension parameter JSON object
-2901      * @since jsrsasign 9.0.0 x509 2.0.0
-2902      * @see KJUR.asn1.x509.X509Util.newCertPEM
-2903      * @see X509#getParam
-2904      * @see X509#getExtParam
-2905      * @see X509CRL#getParam
-2906      * @see KJUR.asn1.csr.CSRUtil.getParam
-2907      *
-2908      * @description
-2909      * This method returns an array of certificate extension
-2910      * parameters. 
-2911      * <br/>
-2912      * NOTE: Argument "hExtSeq" have been supported since jsrsasign 9.1.1.
-2913      *
-2914      * @example
-2915      * x = new X509();
-2916      * x.readCertPEM("-----BEGIN CERTIFICATE...");
-2917      * x.getExtParamArray() →
-2918      * [ {extname:"keyUsage",critical:true,names:["digitalSignature"]},
-2919      *   {extname:"basicConstraints",critical:true},
-2920      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
-2921      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-2922      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
-2923      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}]
-2924      */
-2925     this.getExtParamArray = function(hExtSeq) {
-2926 	if (hExtSeq == undefined) {
-2927 	    // for X.509v3 certificate
-2928 	    var idx1 = _getIdxbyListEx(this.hex, 0, [0, "[3]"]);
-2929 	    if (idx1 != -1) {
-2930 		hExtSeq = _getTLVbyListEx(this.hex, 0, [0, "[3]", 0], "30");
-2931 	    }
-2932 	}
-2933 	var result = [];
-2934 	var aIdx = _getChildIdx(hExtSeq, 0);
-2935 
-2936 	for (var i = 0; i < aIdx.length; i++) {
-2937 	    var hExt = _getTLV(hExtSeq, aIdx[i]);
-2938 	    var extParam = this.getExtParam(hExt);
-2939 	    if (extParam != null) result.push(extParam);
-2940 	}
-2941 
-2942 	return result;
-2943     };
-2944 
-2945     /** 
-2946      * get a extension parameter JSON object<br/>
-2947      * @name getExtParam
-2948      * @memberOf X509#
-2949      * @function
-2950      * @param {String} hExt hexadecimal string of Extension
-2951      * @return {Array} Extension parameter JSON object
-2952      * @since jsrsasign 9.1.1 x509 2.0.1
-2953      * @see KJUR.asn1.x509.X509Util.newCertPEM
-2954      * @see X509#getParam
-2955      * @see X509#getExtParamArray
-2956      * @see X509CRL#getParam
-2957      * @see KJUR.asn1.csr.CSRUtil.getParam
+2882     /**
+2883      * read a hexadecimal string of X.509 certificate<br/>
+2884      * @name readCertHex
+2885      * @memberOf X509#
+2886      * @function
+2887      * @param {String} sCertHex hexadecimal string of X.509 certificate
+2888      * @since jsrsasign 7.1.4 x509 1.1.13
+2889      * @description
+2890      * NOTE: {@link X509#parseExt} will called internally since jsrsasign 7.2.0.
+2891      * @example
+2892      * x = new X509();
+2893      * x.readCertHex("3082..."); // read certificate
+2894      */
+2895     this.readCertHex = function(sCertHex) {
+2896         this.hex = sCertHex;
+2897 	this.getVersion(); // set version parameter
+2898 
+2899 	try {
+2900 	    _getIdxbyList(this.hex, 0, [0, 7], "a3"); // has [3] v3ext
+2901 	    this.parseExt();
+2902 	} catch(ex) {};
+2903     };
+2904 
+2905     // ===== END read certificate =====================================
+2906 
+2907     /**
+2908      * get JSON object of certificate parameters<br/>
+2909      * @name getParam
+2910      * @memberOf X509#
+2911      * @function
+2912      * @param {Object} option optional setting for return object
+2913      * @return {Object} JSON object of certificate parameters
+2914      * @since jsrsasign 9.0.0 x509 2.0.0
+2915      * @see KJUR.asn1.x509.X509Util.newCertPEM
+2916      *
+2917      * @description
+2918      * This method returns a JSON object of the certificate
+2919      * parameters. Return value can be passed to
+2920      * {@link KJUR.asn1.x509.X509Util.newCertPEM}.
+2921      * <br/>
+2922      * NOTE1: From jsrsasign 10.5.16, optional argument can be applied.
+2923      * It can have following members:
+2924      * <ul>
+2925      * <li>tbshex - (boolean) tbshex member with hex value of 
+2926      * tbsCertificate will be added if true (DEFAULT undefined)</li>
+2927      * <li>nodnarray - (boolean) array member for subject and
+2928      * issuer will be deleted to simplify it if true (DEFAULT undefined)<li>
+2929      * <li>dncanon - (boolean) add canon member to subject and issuer for DN StringPrep if true(DEFAULT undefined)</li>
+2930      * <li>dnhex - (boolean) add hex member to subject and issuer if true(DEFAULT undefined)</li>
+2931      * </ul>
+2932      * <br/>
+2933      * NOTE2: From jsrsasign 10.6.0, member "dncanon" and "dnhex" supported
+2934      * in the "option" argument.
+2935      *
+2936      * @example
+2937      * x = new X509();
+2938      * x.readCertPEM("-----BEGIN CERTIFICATE...");
+2939      * x.getParam() →
+2940      * {version:3,
+2941      *  serial:{hex:"12ab"},
+2942      *  sigalg:"SHA256withRSA",
+2943      *  issuer: {array:[[{type:'CN',value:'CA1',ds:'prn'}]],str:"/O=CA1"},
+2944      *  notbefore:"160403023700Z",
+2945      *  notafter:"160702023700Z",
+2946      *  subject: {array:[[{type:'CN',value:'Test1',ds:'prn'}]],str:"/CN=Test1"},
+2947      *  sbjpubkey:"-----BEGIN PUBLIC KEY...",
+2948      *  ext:[
+2949      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
+2950      *   {extname:"basicConstraints",critical:true},
+2951      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
+2952      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+2953      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
+2954      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
+2955      *  ],
+2956      *  sighex:"0b76...8"
+2957      * };
 2958      *
-2959      * @description
-2960      * This method returns a extension parameters as JSON object. 
-2961      *
-2962      * @example
-2963      * x = new X509();
-2964      * ...
-2965      * x.getExtParam("30...") →
-2966      * {extname:"keyUsage",critical:true,names:["digitalSignature"]}
-2967      */
-2968     this.getExtParam = function(hExt) {
-2969 	var result = {};
-2970 	var aIdx = _getChildIdx(hExt, 0);
-2971 	var aIdxLen = aIdx.length;
-2972 	if (aIdxLen != 2 && aIdxLen != 3)
-2973 	    throw new Error("wrong number elements in Extension: " + 
-2974 			    aIdxLen + " " + hExt);
-2975 
-2976 	var oid = _hextooidstr(_getVbyList(hExt, 0, [0], "06"));
-2977 
-2978 	var critical = false;
-2979 	if (aIdxLen == 3 && _getTLVbyList(hExt, 0, [1]) == "0101ff")
-2980 	    critical = true;
+2959      * x.getParam({tbshex: true}) → { ... , tbshex: "30..." }
+2960      * x.getParam({nodnarray: true}) → {issuer: {str: "/C=JP"}, ...}
+2961      * x.getParam({dncanon: true}) → {... {issuer: {canon: "/c=jp/o=..."} ...} ...}
+2962      * x.getParam({dnhex: true}) → {... {issuer: {hex: "30..."} ...} ...}
+2963      */
+2964     this.getParam = function(option) {
+2965 	var result = {};
+2966 	if (option == undefined) option = {};
+2967 
+2968 	result.version = this.getVersion();
+2969 	result.serial = {hex: this.getSerialNumberHex()};
+2970 	result.sigalg = this.getSignatureAlgorithmField();
+2971 	result.issuer = this.getIssuer(option.dncanon, option.dnhex);
+2972 	result.notbefore = this.getNotBefore();
+2973 	result.notafter = this.getNotAfter();
+2974 	result.subject = this.getSubject(option.dncanon, option.dnhex);
+2975 	result.sbjpubkey = hextopem(this.getPublicKeyHex(), "PUBLIC KEY");
+2976 	if (this.aExtInfo != undefined &&
+2977 	    this.aExtInfo.length > 0) {
+2978 	    result.ext = this.getExtParamArray();
+2979 	}
+2980 	result.sighex = this.getSignatureValueHex();
 2981 
-2982 	var hExtV = _getTLVbyList(hExt, 0, [aIdxLen - 1, 0]);
-2983 
-2984 	var extParam = undefined;
-2985 	if (oid == "2.5.29.14") {
-2986 	    extParam = this.getExtSubjectKeyIdentifier(hExtV, critical);
-2987 	} else if (oid == "2.5.29.15") {
-2988 	    extParam = this.getExtKeyUsage(hExtV, critical);
-2989 	} else if (oid == "2.5.29.17") {
-2990 	    extParam = this.getExtSubjectAltName(hExtV, critical);
-2991 	} else if (oid == "2.5.29.18") {
-2992 	    extParam = this.getExtIssuerAltName(hExtV, critical);
-2993 	} else if (oid == "2.5.29.19") {
-2994 	    extParam = this.getExtBasicConstraints(hExtV, critical);
-2995 	} else if (oid == "2.5.29.30") {
-2996 	    extParam = this.getExtNameConstraints(hExtV, critical);
-2997 	} else if (oid == "2.5.29.31") {
-2998 	    extParam = this.getExtCRLDistributionPoints(hExtV, critical);
-2999 	} else if (oid == "2.5.29.32") {
-3000 	    extParam = this.getExtCertificatePolicies(hExtV, critical);
-3001 	} else if (oid == "2.5.29.33") {
-3002 	    extParam = this.getExtPolicyMappings(hExtV, critical);
-3003 	} else if (oid == "2.5.29.35") {
-3004 	    extParam = this.getExtAuthorityKeyIdentifier(hExtV, critical);
-3005 	} else if (oid == "2.5.29.36") {
-3006 	    extParam = this.getExtPolicyConstraints(hExtV, critical);
-3007 	} else if (oid == "2.5.29.37") {
-3008 	    extParam = this.getExtExtKeyUsage(hExtV, critical);
-3009 	} else if (oid == "2.5.29.54") {
-3010 	    extParam = this.getExtInhibitAnyPolicy(hExtV, critical);
-3011 	} else if (oid == "1.3.6.1.5.5.7.1.1") {
-3012 	    extParam = this.getExtAuthorityInfoAccess(hExtV, critical);
-3013 	} else if (oid == "2.5.29.20") {
-3014 	    extParam = this.getExtCRLNumber(hExtV, critical);
-3015 	} else if (oid == "2.5.29.21") {
-3016 	    extParam = this.getExtCRLReason(hExtV, critical);
-3017 	} else if (oid == "1.3.6.1.5.5.7.48.1.2") {
-3018 	    extParam = this.getExtOcspNonce(hExtV, critical);
-3019 	} else if (oid == "1.3.6.1.5.5.7.48.1.5") {
-3020 	    extParam = this.getExtOcspNoCheck(hExtV, critical);
-3021 	} else if (oid == "1.2.840.113583.1.1.9.1") {
-3022 	    extParam = this.getExtAdobeTimeStamp(hExtV, critical);
-3023 	} else if (X509.EXT_PARSER[oid] != undefined) {
-3024 	    extParam = X509.EXT_PARSER[oid](oid, critical, hExtV);
-3025 	}
-3026 	if (extParam != undefined) return extParam;
-3027 
-3028 	var privateParam = { extname: oid, extn: hExtV };
-3029 	if (critical) privateParam.critical = true;
-3030 	return privateParam;
-3031     };
-3032 
-3033     /**
-3034      * find extension parameter in array<br/>
-3035      * @name findExt
-3036      * @memberOf X509#
-3037      * @function
-3038      * @param {Array} aExt array of extension parameters
-3039      * @param {String} extname extension name
-3040      * @return {Array} extension parameter in the array or null
-3041      * @since jsrsasign 10.0.3 x509 2.0.7
-3042      * @see X509#getParam
-3043      *
-3044      * @description
-3045      * This method returns an extension parameter for
-3046      * specified extension name in the array.
-3047      * This method is useful to update extension parameter value.
-3048      * When there is no such extension with the extname,
-3049      * this returns "null".
-3050      *
-3051      * @example
-3052      * // (1) 
-3053      * x = new X509(CERTPEM);
-3054      * params = x.getParam();
-3055      * pSKID = x.findExt(params.ext, "subjectKeyIdentifier");
-3056      * pSKID.kid = "1234abced..."; // skid in the params is updated.
-3057      *   // then params was updated
+2982 	// for options
+2983 	if (option.tbshex == true) {
+2984 	    result.tbshex = _getTLVbyList(this.hex, 0, [0]);
+2985 	}
+2986 	if (option.nodnarray == true) {
+2987 	    delete result.issuer.array;
+2988 	    delete result.subject.array;
+2989 	}
+2990 
+2991 	return result;
+2992     };
+2993 
+2994     /** 
+2995      * get array of certificate extension parameter JSON object<br/>
+2996      * @name getExtParamArray
+2997      * @memberOf X509#
+2998      * @function
+2999      * @param {String} hExtSeq hexadecimal string of SEQUENCE of Extension
+3000      * @return {Array} array of certificate extension parameter JSON object
+3001      * @since jsrsasign 9.0.0 x509 2.0.0
+3002      * @see KJUR.asn1.x509.X509Util.newCertPEM
+3003      * @see X509#getParam
+3004      * @see X509#getExtParam
+3005      * @see X509CRL#getParam
+3006      * @see KJUR.asn1.csr.CSRUtil.getParam
+3007      *
+3008      * @description
+3009      * This method returns an array of certificate extension
+3010      * parameters. 
+3011      * <br/>
+3012      * NOTE: Argument "hExtSeq" have been supported since jsrsasign 9.1.1.
+3013      *
+3014      * @example
+3015      * x = new X509();
+3016      * x.readCertPEM("-----BEGIN CERTIFICATE...");
+3017      * x.getExtParamArray() →
+3018      * [ {extname:"keyUsage",critical:true,names:["digitalSignature"]},
+3019      *   {extname:"basicConstraints",critical:true},
+3020      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
+3021      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+3022      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
+3023      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}]
+3024      */
+3025     this.getExtParamArray = function(hExtSeq) {
+3026 	if (hExtSeq == undefined) {
+3027 	    // for X.509v3 certificate
+3028 	    var idx1 = _getIdxbyListEx(this.hex, 0, [0, "[3]"]);
+3029 	    if (idx1 != -1) {
+3030 		hExtSeq = _getTLVbyListEx(this.hex, 0, [0, "[3]", 0], "30");
+3031 	    }
+3032 	}
+3033 	var result = [];
+3034 	var aIdx = _getChildIdx(hExtSeq, 0);
+3035 
+3036 	for (var i = 0; i < aIdx.length; i++) {
+3037 	    var hExt = _getTLV(hExtSeq, aIdx[i]);
+3038 	    var extParam = this.getExtParam(hExt);
+3039 	    if (extParam != null) result.push(extParam);
+3040 	}
+3041 
+3042 	return result;
+3043     };
+3044 
+3045     /** 
+3046      * get a extension parameter JSON object<br/>
+3047      * @name getExtParam
+3048      * @memberOf X509#
+3049      * @function
+3050      * @param {String} hExt hexadecimal string of Extension
+3051      * @return {Array} Extension parameter JSON object
+3052      * @since jsrsasign 9.1.1 x509 2.0.1
+3053      * @see KJUR.asn1.x509.X509Util.newCertPEM
+3054      * @see X509#getParam
+3055      * @see X509#getExtParamArray
+3056      * @see X509CRL#getParam
+3057      * @see KJUR.asn1.csr.CSRUtil.getParam
 3058      *
-3059      * // (2) another example
-3060      * aExt = [
-3061      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
-3062      *   {extname:"basicConstraints",critical:true},
-3063      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
-3064      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-3065      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
-3066      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
-3067      * ];
-3068      * var x = new X509();
-3069      * x.findExt(aExt, "authorityKeyInfoAccess").array[0].ocsp = "http://aaa.com";
-3070      * pKU = x.findExt(aExt, "keyUsage");
-3071      * delete pKU["critical"]; // clear criticla flag
-3072      * pKU.names = ["keyCertSign", "cRLSign"];
-3073      *   // then aExt was updated
-3074      */
-3075     this.findExt = function(aExt, extname) {
-3076 	for (var i = 0; i < aExt.length; i++) {
-3077 	    if (aExt[i].extname == extname) return aExt[i];
-3078 	}
-3079 	return null;
-3080 
-3081     };
-3082 
-3083     /**
-3084      * update CRLDistributionPoints Full URI in parameter<br/>
-3085      * @name updateCDPFullURI
-3086      * @memberOf X509#
-3087      * @function
-3088      * @param {Array} aExt array of extension parameters
-3089      * @param {String} newURI string of new uri
-3090      * @since jsrsasign 10.0.4 x509 2.0.8
-3091      * @see X509#findExt
-3092      * @see KJUR.asn1.x509.CRLDistributionPoints
-3093      *
-3094      * @description
-3095      * This method updates Full URI of CRLDistributionPoints extension
-3096      * in the extension parameter array if it exists.
-3097      *
-3098      * @example
-3099      * aExt = [
-3100      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-3101      *   {extname:"cRLDistributionPoints",
-3102      *    array:[{dpname:{full:[{uri:"http://example.com/a.crl"}]}}]},
-3103      * ];
-3104      * x = new X509();
-3105      * x.updateCDPFullURI(aExt, "http://crl2.example.new/b.crl");
-3106      */
-3107     this.updateExtCDPFullURI = function(aExt, newURI) {
-3108 	var pExt = this.findExt(aExt, "cRLDistributionPoints");
-3109 	if (pExt == null) return;
-3110 	if (pExt.array == undefined) return;
-3111 	var aDP = pExt.array;
-3112 	for (var i = 0; i < aDP.length; i++) {
-3113 	    if (aDP[i].dpname == undefined) continue;
-3114 	    if (aDP[i].dpname.full == undefined) continue;
-3115 	    var aURI = aDP[i].dpname.full;
-3116 	    for (var j = 0; j < aURI.length; j++) {
-3117 		var pURI = aURI[i];
-3118 		if (pURI.uri == undefined) continue;
-3119 		pURI.uri = newURI;
-3120 	    }
-3121 	}
-3122     };
-3123 
-3124     /**
-3125      * update authorityInfoAccess ocsp in parameter<br/>
-3126      * @name updateAIAOCSP
-3127      * @memberOf X509#
-3128      * @function
-3129      * @param {Array} aExt array of extension parameters
-3130      * @param {String} newURI string of new uri
-3131      * @since jsrsasign 10.0.4 x509 2.0.8
-3132      * @see X509#findExt
-3133      * @see KJUR.asn1.x509.AuthorityInfoAccess
-3134      *
-3135      * @description
-3136      * This method updates "ocsp" accessMethod URI of 
-3137      * AuthorityInfoAccess extension
-3138      * in the extension parameter array if it exists.
-3139      *
-3140      * @example
-3141      * aExt = [
-3142      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-3143      *   {extname:"authoriyInfoAccess",
-3144      *    array:[
-3145      *      {ocsp: "http://ocsp1.example.com"},
-3146      *      {caissuer: "http://example.com/a.crt"}
-3147      *    ]}
-3148      * ];
-3149      * x = new X509();
-3150      * x.updateAIAOCSP(aExt, "http://ocsp2.example.net");
-3151      */
-3152     this.updateExtAIAOCSP = function(aExt, newURI) {
-3153 	var pExt = this.findExt(aExt, "authorityInfoAccess");
-3154 	if (pExt == null) return;
-3155 	if (pExt.array == undefined) return;
-3156 	var a = pExt.array;
-3157 	for (var i = 0; i < a.length; i++) {
-3158 	    if (a[i].ocsp != undefined) a[i].ocsp = newURI;
-3159 	}
-3160     };
-3161 
-3162     /**
-3163      * update authorityInfoAccess caIssuer in parameter<br/>
-3164      * @name updateAIACAIssuer
-3165      * @memberOf X509#
-3166      * @function
-3167      * @param {Array} aExt array of extension parameters
-3168      * @param {String} newURI string of new uri
-3169      * @since jsrsasign 10.0.4 x509 2.0.8
-3170      * @see X509#findExt
-3171      * @see KJUR.asn1.x509.AuthorityInfoAccess
-3172      *
-3173      * @description
-3174      * This method updates "caIssuer" accessMethod URI of 
-3175      * AuthorityInfoAccess extension
-3176      * in the extension parameter array if it exists.
-3177      *
-3178      * @example
-3179      * aExt = [
-3180      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
-3181      *   {extname:"authoriyInfoAccess",
-3182      *    array:[
-3183      *      {ocsp: "http://ocsp1.example.com"},
-3184      *      {caissuer: "http://example.com/a.crt"}
-3185      *    ]}
-3186      * ];
-3187      * x = new X509();
-3188      * x.updateAIACAIssuer(aExt, "http://example.net/b.crt");
-3189      */
-3190     this.updateExtAIACAIssuer = function(aExt, newURI) {
-3191 	var pExt = this.findExt(aExt, "authorityInfoAccess");
-3192 	if (pExt == null) return;
-3193 	if (pExt.array == undefined) return;
-3194 	var a = pExt.array;
-3195 	for (var i = 0; i < a.length; i++) {
-3196 	    if (a[i].caissuer != undefined) a[i].caissuer = newURI;
-3197 	}
-3198     };
-3199 
-3200     /**
-3201      * convert array for X500 distinguish name to distinguish name string<br/>
-3202      * @name dnarraytostr
-3203      * @memberOf X509#
-3204      * @function
-3205      * @param {Array} aDN array for X500 distinguish name
-3206      * @return {String} distinguish name
-3207      * @since jsrsasign 10.0.6 x509 2.0.8
-3208      * @see X509#getX500Name
-3209      * @see X509#getX500NameArray
-3210      * @see KJUR.asn1.x509.X500Name
-3211      *
-3212      * @description
-3213      * This method converts from an array representation of 
-3214      * X.500 distinguished name to X.500 name string.
-3215      * This supports multi-valued RDN.
-3216      * 
-3217      * @example
-3218      * var x = new X509();
-3219      * x.dnarraytostr(
-3220      *   [[{type:"C",value:"JP",ds:"prn"}],
-3221      *   [{type:"O",value:"T1",ds:"prn"}]]) → "/C=JP/O=T1"
-3222      * x.dnarraytostr(
-3223      *   [[{type:"C",value:"JP",ds:"prn"}],
-3224      *   [{type:"O",value:"T1",ds:"prn"}
-3225      *    {type:"CN",value:"Bob",ds:"prn"}]]) → "/C=JP/O=T1+CN=Bob"
-3226      */
-3227     this.dnarraytostr = function(aDN) {
-3228 	function rdnarraytostr(aRDN) {
-3229 	    return aRDN.map(function(x){return atvtostr(x).replace(/\+/,"\\+");}).join("+");
-3230 	};
-3231 
-3232 	function atvtostr(pATV) {
-3233 	    return pATV.type + "=" + pATV.value;
-3234 	};
-3235 
-3236 	return "/" + aDN.map(function(x){return rdnarraytostr(x).replace(/\//, "\\/");}).join("/");
-3237     };
-3238 
-3239     /**
-3240      * set canonicalized DN to a DN parameter<br/>
-3241      * @name setCanonicalizedDN
-3242      * @memberOf X509#
-3243      * @function
-3244      * @param {object} pDN DN parameter associative array
-3245      * @since jsrsasign 10.6.0 x509 2.1.0
-3246      * 
-3247      * @description
-3248      * This method canonicalizes a DN string as following:
-3249      * <ul>
-3250      * <li>convert to lower case</li>
-3251      * <li>convert from all multiple spaces to a space</li>
-3252      * </ul>
-3253      * 
-3254      * @example
-3255      * var x = new X509();
-3256      * var pDN = {
-3257      *   array: [
-3258      *     [{type:'C',value:'JP',ds:'prn'}],
-3259      *     [{type:'O',value:'Test    1',ds:'prn'}] ],
-3260      *   str: "/C=JP/O=Test    1" };
-3261      * x.setCanonicalizedDN(pDN);
-3262 
-3263      * // pDN will become following
-3264      * pDN = {
-3265      *   array: [
-3266      *     [{type:'C',value:'JP',ds:'prn'}],
-3267      *     [{type:'O',value:'Test    1',ds:'prn'}] ],
-3268      *   str: "/C=JP/O=Test    1",
-3269      *   canon: "/c=jp/o=test 1" };
-3270      */
-3271     this.setCanonicalizedDN = function(pDN) {
-3272 	var aRDN;
-3273 	if (pDN.str != undefined && pDN.array == undefined) {
-3274 	    var dDN = new KJUR.asn1.x509.X500Name({str: pDN.str});
-3275 	    var hDN = dDN.tohex();
-3276 	    aRDN = this.getX500NameArray(hDN);
-3277 	} else {
-3278 	    aRDN = pDN.array;
-3279 	}
-3280 	if (pDN.canon == undefined) {
-3281 	    pDN.canon = this.c14nRDNArray(aRDN);
-3282 	}
-3283     };
-3284 
-3285     /**
-3286      * simple canonicalization(c14n) for RDN array<br/>
-3287      * @name c14nRDNArray
-3288      * @memberOf X509#
-3289      * @function
-3290      * @param {array} aRDN array of RDN parameters
-3291      * @return {string} canonicalized distinguish name (ex. "/c=jp/o=test ca")
-3292      * @since jsrsasign 10.6.0 x509 2.1.0
-3293      * 
-3294      * @description
-3295      * This method canonicalizes a DN string according to
-3296      * <a href="https://datatracker.ietf.org/doc/html/rfc4518#appendix-B">
-3297      * "RFC 4518 StringPrep Appendix B Substring Matching"</a> as following:
-3298      * <ul>
-3299      * <li>convert to lower case</li>
-3300      * <li>convert from all sequence of spaces to a space</li>
-3301      * <li>remove leading and trailing spaces</li>
-3302      * </ul>
-3303      * 
-3304      * @example
-3305      * var x = new X509();
-3306      * x.c14nRDNArray([
-3307      *   [{type:"C", value:"JP", ds: "prn"}],
-3308      *   [{type:"O", value:"    Test    1234     ", ds: "utf8"}],
-3309      *   [{type:"OU", value:"HR   45", ds: "utf8"}]
-3310      * ]) → "/c=jp/o=test 1234/ou=hr 45"
-3311      */
-3312     this.c14nRDNArray = function(aRDN) {
-3313 	var a = [];
-3314 	for (var i = 0; i < aRDN.length; i++) {
-3315 	    var aAVA = aRDN[i];
-3316 	    var a2 = [];
-3317 	    for (var j = 0; j < aAVA.length; j++) {
-3318 		var pAVA = aAVA[j];
-3319 		var value = pAVA.value;
-3320 		value = value.replace(/^\s*/, '');
-3321 		value = value.replace(/\s*$/, '');
-3322 		value = value.replace(/\s+/g, ' ');
-3323 		value = value.toLowerCase();
-3324 		a2.push(pAVA.type.toLowerCase() + "=" + value);
-3325 	    }
-3326 	    a.push(a2.join("+"));
-3327 	}
-3328 	return "/" + a.join("/");
-3329     };
-3330 
-3331     /**
-3332      * get certificate information as string.<br/>
-3333      * @name getInfo
-3334      * @memberOf X509#
-3335      * @function
-3336      * @return {String} certificate information string
-3337      * @since jsrsasign 5.0.10 x509 1.1.8
-3338      * @example
-3339      * x = new X509();
-3340      * x.readCertPEM(certPEM);
-3341      * console.log(x.getInfo());
-3342      * // this shows as following
-3343      * Basic Fields
-3344      *   serial number: 02ac5c266a0b409b8f0b79f2ae462577
-3345      *   signature algorithm: SHA1withRSA
-3346      *   issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-3347      *   notBefore: 061110000000Z
-3348      *   notAfter: 311110000000Z
-3349      *   subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-3350      *   subject public key info:
-3351      *     key algorithm: RSA
-3352      *     n=c6cce573e6fbd4bb...
-3353      *     e=10001
-3354      * X509v3 Extensions:
-3355      *   keyUsage CRITICAL:
-3356      *     digitalSignature,keyCertSign,cRLSign
-3357      *   basicConstraints CRITICAL:
-3358      *     cA=true
-3359      *   subjectKeyIdentifier :
-3360      *     b13ec36903f8bf4701d498261a0802ef63642bc3
-3361      *   authorityKeyIdentifier :
-3362      *     kid=b13ec36903f8bf4701d498261a0802ef63642bc3
-3363      * signature algorithm: SHA1withRSA
-3364      * signature: 1c1a0697dcd79c9f...
-3365      */
-3366     this.getInfo = function() {
-3367 	var _getSubjectAltNameStr = function(params) {
-3368 	    var s = "";
-3369 	    var indent = "    ";
-3370 	    var NL = "\n";
-3371 	    var a = params.array;
-3372 	    for (var i = 0; i < a.length; i++) {
-3373 		var pGN = a[i];
-3374 		if (pGN.dn != undefined)	s += indent + "dn: " + pGN.dn.str + NL;
-3375 		if (pGN.ip != undefined)	s += indent + "ip: " + pGN.ip + NL;
-3376 		if (pGN.rfc822 != undefined)	s += indent + "rfc822: " + pGN.rfc822 + NL;
-3377 		if (pGN.dns != undefined)	s += indent + "dns: " + pGN.dns + NL;
-3378 		if (pGN.uri != undefined)	s += indent + "uri: " + pGN.uri + NL;
-3379 		if (pGN.other != undefined) {
-3380 		    var oidname = pGN.other.oid;
-3381 		    var value = JSON.stringify(pGN.other.value).replace(/\"/g, '');
-3382 		    s += indent + "other: " + oidname + "=" + value + NL;
-3383 		}
-3384 	    }
-3385 	    s = s.replace(/\n$/, '');
-3386 	    return s;
-3387 	};
-3388 	var _getCertificatePoliciesStr = function(params) {
-3389 	    var s = "";
-3390 	    var a = params.array;
-3391 	    for (var i = 0; i < a.length; i++) {
-3392 		var pi = a[i];
-3393 		s += "    policy oid: " + pi.policyoid + "\n";
-3394 		if (pi.array === undefined) continue;
-3395 		for (var j = 0; j < pi.array.length; j++) {
-3396 		    var pqi = pi.array[j];
-3397 		    if (pqi.cps !== undefined) {
-3398 			s += "    cps: " + pqi.cps + "\n";
-3399 		    }
-3400 		}
-3401 	    }
-3402 	    return s;
-3403 	};
-3404 	var _getCRLDistributionPointsStr = function(params) {
-3405 	    var s = "";
-3406 	    var a = params.array;
-3407 	    for (var i = 0; i < a.length; i++) {
-3408 		var dp = a[i];
-3409 		try {
-3410 		    if (dp.dpname.full[0].uri !== undefined)
-3411 			s += "    " + dp.dpname.full[0].uri + "\n";
-3412 		} catch(ex) {};
-3413 		try {
-3414 		    if (dp.dname.full[0].dn.hex !== undefined)
-3415 			s += "    " + X509.hex2dn(dp.dpname.full[0].dn.hex) + "\n";
-3416 		} catch(ex) {};
-3417 	    }
-3418 	    return s;
-3419 	}
-3420 	var _getAuthorityInfoAccessStr = function(params) {
-3421 	    var s = "";
-3422 	    var a = params.array;
-3423 	    for (var i = 0; i < a.length; i++) {
-3424 		var ad = a[i];
-3425 
-3426 		if (ad.caissuer !== undefined)
-3427 		    s += "    caissuer: " + ad.caissuer + "\n";
-3428 		if (ad.ocsp !== undefined)
-3429 		    s += "    ocsp: " + ad.ocsp + "\n";
-3430 	    }
-3431 	    return s;
-3432 	};
-3433 	var _X509 = X509;
-3434 	var s, pubkey, aExt;
-3435 	s  = "Basic Fields\n";
-3436         s += "  serial number: " + this.getSerialNumberHex() + "\n";
-3437 	s += "  signature algorithm: " + this.getSignatureAlgorithmField() + "\n";
-3438 	s += "  issuer: " + this.getIssuerString() + "\n";
-3439 	s += "  notBefore: " + this.getNotBefore() + "\n";
-3440 	s += "  notAfter: " + this.getNotAfter() + "\n";
-3441 	s += "  subject: " + this.getSubjectString() + "\n";
-3442 	s += "  subject public key info: " + "\n";
-3443 
-3444 	// subject public key info
-3445 	pubkey = this.getPublicKey();
-3446 	s += "    key algorithm: " + pubkey.type + "\n";
-3447 
-3448 	if (pubkey.type === "RSA") {
-3449 	    s += "    n=" + hextoposhex(pubkey.n.toString(16)).substr(0, 16) + "...\n";
-3450 	    s += "    e=" + hextoposhex(pubkey.e.toString(16)) + "\n";
-3451 	}
-3452 
-3453 	// X.509v3 Extensions
-3454         aExt = this.aExtInfo;
-3455 
-3456 	if (aExt !== undefined && aExt !== null) {
-3457             s += "X509v3 Extensions:\n";
-3458 	    
-3459             for (var i = 0; i < aExt.length; i++) {
-3460 		var info = aExt[i];
-3461 
-3462 		// show extension name and critical flag
-3463 		var extName = KJUR.asn1.x509.OID.oid2name(info["oid"]);
-3464 		if (extName === '') extName = info["oid"];
-3465 
-3466 		var critical = '';
-3467 		if (info["critical"] === true) critical = "CRITICAL";
-3468 
-3469 		s += "  " + extName + " " + critical + ":\n";
-3470 
-3471 		// show extension value if supported
-3472 		if (extName === "basicConstraints") {
-3473 		    var bc = this.getExtBasicConstraints();
-3474 		    if (bc.cA === undefined) {
-3475 			s += "    {}\n";
-3476 		    } else {
-3477 			s += "    cA=true";
-3478 			if (bc.pathLen !== undefined)
-3479 			    s += ", pathLen=" + bc.pathLen;
-3480 			s += "\n";
-3481 		    }
-3482 		} else if (extName == "policyMappings") {
-3483 		    var a = this.getExtPolicyMappings().array;
-3484 		    var sMap = a.map(function(item){
-3485 			var aPolicy = item;
-3486 			return aPolicy[0] + ":" + aPolicy[1];
-3487 		    }).join(", ");
-3488 		    s += "    " + sMap + "\n";
-3489 		} else if (extName == "policyConstraints") {
-3490 		    var p = this.getExtPolicyConstraints();
-3491 		    s += "    ";
-3492 		    if (p.reqexp != undefined) s += " reqexp=" + p.reqexp;
-3493 		    if (p.inhibit != undefined) s += " inhibit=" + p.inhibit;
-3494 		    s += "\n";
-3495 		} else if (extName == "inhibitAnyPolicy") {
-3496 		    var p = this.getExtInhibitAnyPolicy();
-3497 		    s += "    skip=" + p.skip + "\n";
-3498 		} else if (extName == "keyUsage") {
-3499 		    s += "    " + this.getExtKeyUsageString() + "\n";
-3500 		} else if (extName == "subjectKeyIdentifier") {
-3501 		    s += "    " + this.getExtSubjectKeyIdentifier().kid.hex + "\n";
-3502 		} else if (extName == "authorityKeyIdentifier") {
-3503 		    var akid = this.getExtAuthorityKeyIdentifier();
-3504 		    if (akid.kid !== undefined)
-3505 			s += "    kid=" + akid.kid.hex + "\n";
-3506 		} else if (extName == "extKeyUsage") {
-3507 		    var eku = this.getExtExtKeyUsage().array;
-3508 		    s += "    " + eku.join(", ") + "\n";
-3509 		} else if (extName == "subjectAltName") {
-3510 		    var san = _getSubjectAltNameStr(this.getExtSubjectAltName());
-3511 		    s += san + "\n";
-3512 		} else if (extName == "cRLDistributionPoints") {
-3513 		    var cdp = this.getExtCRLDistributionPoints();
-3514 		    s += _getCRLDistributionPointsStr(cdp);
-3515 		} else if (extName == "authorityInfoAccess") {
-3516 		    var aia = this.getExtAuthorityInfoAccess();
-3517 		    s += _getAuthorityInfoAccessStr(aia);
-3518 		} else if (extName == "certificatePolicies") {
-3519 		    s += _getCertificatePoliciesStr(this.getExtCertificatePolicies());
-3520 		}
-3521 	    }
-3522         }
-3523 
-3524 	s += "signature algorithm: " + this.getSignatureAlgorithmName() + "\n";
-3525 	s += "signature: " + this.getSignatureValueHex().substr(0, 16) + "...\n";
-3526 	return s;
-3527     };
-3528 
-3529     if (typeof params == "string") {
-3530 	if (params.indexOf("-----BEGIN") != -1) {
-3531 	    this.readCertPEM(params);
-3532 	} else if (KJUR.lang.String.isHex(params)) {
-3533 	    this.readCertHex(params);
-3534 	}
-3535     }
-3536 };
-3537 // ----- END of X509 class -----
-3538 
-3539 /**
-3540  * additional definition for X.509 extension parsers<br/>
-3541  * @see X509.registExtParser
-3542  */
-3543 X509.EXT_PARSER = {
-3544 };
-3545 
-3546 /**
-3547  * define X.509 extension parser for specified OID<br/>
-3548  * @name registExtParser
-3549  * @memberOf X509
-3550  * @function
-3551  * @param {string} oid extension OID string (ex. "1.2.3.4")
-3552  * @param {function} func registering func extension value parsing function
-3553  * @return unspecified
-3554  * @since jsrsasign 10.7.0 x509 2.1.2
-3555  * 
-3556  * @description
-3557  * <p>
-3558  * This static method specifies a X.509 extension value parsing function
-3559  * for specified an extension OID.
-3560  * </p>
-3561  * <p>
-3562  * Extension parser function must have following three arguments:
-3563  * <ul>
-3564  * <li>{string} oid - OID for extension (ex. "1.2.3.4")</li>
-3565  * <li>{boolean} critical - critical flag of extension</li>
-3566  * <li>{string} hExtV - hexadecimal string of extension value</li>
-3567  * </ul>
-3568  * The funcition must return an associative array for the extension
-3569  * when hExtV can be parsed properly. Otherwise it must return
-3570  * value "undefined".
-3571  * </p>
-3572  *
-3573  * @example
-3574  * function _extparser1(oid, critical, hExtV) {
-3575  *   try {
-3576  *     var result = { extname: oid, value: ASN1HEX.parse(hExtV).utf8str.str };
-3577  *     if (critical) result.critical = true;
-3578  *     return result;
-3579  *   } catch(ex) {
-3580  *     return undefined;
-3581  *   }
-3582  * }
-3583  * X509.registExtParser("1.2.3.4", _extparser1);
-3584  */
-3585 X509.registExtParser = function(oid, func) {
-3586     X509.EXT_PARSER[oid] = func;
-3587 };
-3588 
-3589 /**
-3590  * get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name<br/>
-3591  * @name hex2dn
-3592  * @memberOf X509
-3593  * @function
-3594  * @param {String} hex hexadecimal string of ASN.1 DER distinguished name
-3595  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-3596  * @return {String} OpenSSL online format distinguished name
-3597  * @description
-3598  * This static method converts from a hexadecimal string of 
-3599  * distinguished name (DN)
-3600  * specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
-3601  * @example
-3602  * X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1
-3603  */
-3604 X509.hex2dn = function(hex, idx) {
-3605     if (idx === undefined) idx = 0;
-3606     var x = new X509();
-3607     var hDN = ASN1HEX.getTLV(hex, idx);
-3608     var pDN = x.getX500Name(hex);
-3609     return pDN.str;
-3610 };
-3611 
-3612 /**
-3613  * get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN<br/>
-3614  * @name hex2rdn
-3615  * @memberOf X509
-3616  * @function
-3617  * @param {String} hex hexadecimal string of ASN.1 DER concludes relative distinguished name
-3618  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-3619  * @return {String} OpenSSL online format relative distinguished name
-3620  * @description
-3621  * This static method converts from a hexadecimal string of 
-3622  * relative distinguished name (RDN)
-3623  * specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).<br/>
-3624  * NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
-3625  * @example
-3626  * X509.hex2rdn("310a3008060355040a0c0161") → O=a
-3627  * X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b
-3628  */
-3629 X509.hex2rdn = function(hex, idx) {
-3630     if (idx === undefined) idx = 0;
-3631     if (hex.substr(idx, 2) !== "31") throw new Error("malformed RDN");
-3632 
-3633     var a = new Array();
-3634 
-3635     var aIdx = ASN1HEX.getChildIdx(hex, idx);
-3636     for (var i = 0; i < aIdx.length; i++) {
-3637 	a.push(X509.hex2attrTypeValue(hex, aIdx[i]));
-3638     }
-3639 
-3640     a = a.map(function(s) { return s.replace("+", "\\+"); });
-3641     return a.join("+");
-3642 };
-3643 
-3644 /**
-3645  * get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue<br/>
-3646  * @name hex2attrTypeValue
-3647  * @memberOf X509
-3648  * @function
-3649  * @param {String} hex hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue
-3650  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
-3651  * @return {String} string representation of AttributeTypeAndValue (ex. C=US)
-3652  * @description
-3653  * This static method converts from a hexadecimal string of AttributeTypeAndValue
-3654  * specified by 'hex' and 'idx' to LDAP string representation (ex. C=US).
-3655  * @example
-3656  * X509.hex2attrTypeValue("3008060355040a0c0161") → O=a
-3657  * X509.hex2attrTypeValue("300806035504060c0161") → C=a
-3658  * X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a
-3659  */
-3660 X509.hex2attrTypeValue = function(hex, idx) {
-3661     var _ASN1HEX = ASN1HEX;
-3662     var _getV = _ASN1HEX.getV;
-3663 
-3664     if (idx === undefined) idx = 0;
-3665     if (hex.substr(idx, 2) !== "30") 
-3666 	throw new Error("malformed attribute type and value");
-3667 
-3668     var aIdx = _ASN1HEX.getChildIdx(hex, idx);
-3669     if (aIdx.length !== 2 || hex.substr(aIdx[0], 2) !== "06")
-3670 	"malformed attribute type and value";
-3671 
-3672     var oidHex = _getV(hex, aIdx[0]);
-3673     var oidInt = KJUR.asn1.ASN1Util.oidHexToInt(oidHex);
-3674     var atype = KJUR.asn1.x509.OID.oid2atype(oidInt);
-3675 
-3676     var hV = _getV(hex, aIdx[1]);
-3677     var rawV = hextorstr(hV);
-3678 
-3679     return atype + "=" + rawV;
-3680 };
-3681 
-3682 /**
-3683  * get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string<br/>
-3684  * @name getPublicKeyFromCertHex
-3685  * @memberOf X509
-3686  * @function
-3687  * @param {String} h hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key
-3688  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
-3689  * @since jsrasign 7.1.0 x509 1.1.11
-3690  */
-3691 X509.getPublicKeyFromCertHex = function(h) {
-3692     var x = new X509();
-3693     x.readCertHex(h);
-3694     return x.getPublicKey();
-3695 };
-3696 
-3697 /**
-3698  * get RSA/DSA/ECDSA public key object from PEM certificate string
-3699  * @name getPublicKeyFromCertPEM
-3700  * @memberOf X509
-3701  * @function
-3702  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
-3703  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
-3704  * @since x509 1.1.1
-3705  * @description
-3706  * NOTE: DSA is also supported since x509 1.1.2.
-3707  */
-3708 X509.getPublicKeyFromCertPEM = function(sCertPEM) {
-3709     var x = new X509();
-3710     x.readCertPEM(sCertPEM);
-3711     return x.getPublicKey();
-3712 };
-3713 
-3714 /**
-3715  * get public key information from PEM certificate
-3716  * @name getPublicKeyInfoPropOfCertPEM
-3717  * @memberOf X509
-3718  * @function
-3719  * @param {String} sCertPEM string of PEM formatted certificate
-3720  * @return {Hash} hash of information for public key
-3721  * @since x509 1.1.1
-3722  * @description
-3723  * Resulted associative array has following properties:<br/>
-3724  * <ul>
-3725  * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
-3726  * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
-3727  * <li>keyhex - hexadecimal string of key in the certificate</li>
-3728  * </ul>
-3729  * NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
-3730  */
-3731 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) {
-3732     var _ASN1HEX = ASN1HEX;
-3733     var _getVbyList = _ASN1HEX.getVbyList;
+3059      * @description
+3060      * This method returns a extension parameters as JSON object. 
+3061      *
+3062      * @example
+3063      * x = new X509();
+3064      * ...
+3065      * x.getExtParam("30...") →
+3066      * {extname:"keyUsage",critical:true,names:["digitalSignature"]}
+3067      */
+3068     this.getExtParam = function(hExt) {
+3069 	var result = {};
+3070 	var aIdx = _getChildIdx(hExt, 0);
+3071 	var aIdxLen = aIdx.length;
+3072 	if (aIdxLen != 2 && aIdxLen != 3)
+3073 	    throw new Error("wrong number elements in Extension: " + 
+3074 			    aIdxLen + " " + hExt);
+3075 
+3076 	var oid = _hextooidstr(_getVbyList(hExt, 0, [0], "06"));
+3077 
+3078 	var critical = false;
+3079 	if (aIdxLen == 3 && _getTLVbyList(hExt, 0, [1]) == "0101ff")
+3080 	    critical = true;
+3081 
+3082 	var hExtV = _getTLVbyList(hExt, 0, [aIdxLen - 1, 0]);
+3083 
+3084 	var extParam = undefined;
+3085 	if (oid == "2.5.29.14") {
+3086 	    extParam = this.getExtSubjectKeyIdentifier(hExtV, critical);
+3087 	} else if (oid == "2.5.29.15") {
+3088 	    extParam = this.getExtKeyUsage(hExtV, critical);
+3089 	} else if (oid == "2.5.29.17") {
+3090 	    extParam = this.getExtSubjectAltName(hExtV, critical);
+3091 	} else if (oid == "2.5.29.18") {
+3092 	    extParam = this.getExtIssuerAltName(hExtV, critical);
+3093 	} else if (oid == "2.5.29.19") {
+3094 	    extParam = this.getExtBasicConstraints(hExtV, critical);
+3095 	} else if (oid == "2.5.29.30") {
+3096 	    extParam = this.getExtNameConstraints(hExtV, critical);
+3097 	} else if (oid == "2.5.29.31") {
+3098 	    extParam = this.getExtCRLDistributionPoints(hExtV, critical);
+3099 	} else if (oid == "2.5.29.32") {
+3100 	    extParam = this.getExtCertificatePolicies(hExtV, critical);
+3101 	} else if (oid == "2.5.29.33") {
+3102 	    extParam = this.getExtPolicyMappings(hExtV, critical);
+3103 	} else if (oid == "2.5.29.35") {
+3104 	    extParam = this.getExtAuthorityKeyIdentifier(hExtV, critical);
+3105 	} else if (oid == "2.5.29.36") {
+3106 	    extParam = this.getExtPolicyConstraints(hExtV, critical);
+3107 	} else if (oid == "2.5.29.37") {
+3108 	    extParam = this.getExtExtKeyUsage(hExtV, critical);
+3109 	} else if (oid == "2.5.29.54") {
+3110 	    extParam = this.getExtInhibitAnyPolicy(hExtV, critical);
+3111 	} else if (oid == "1.3.6.1.5.5.7.1.1") {
+3112 	    extParam = this.getExtAuthorityInfoAccess(hExtV, critical);
+3113 	} else if (oid == "2.5.29.20") {
+3114 	    extParam = this.getExtCRLNumber(hExtV, critical);
+3115 	} else if (oid == "2.5.29.21") {
+3116 	    extParam = this.getExtCRLReason(hExtV, critical);
+3117 	} else if (oid == "1.3.6.1.5.5.7.48.1.2") {
+3118 	    extParam = this.getExtOcspNonce(hExtV, critical);
+3119 	} else if (oid == "1.3.6.1.5.5.7.48.1.5") {
+3120 	    extParam = this.getExtOcspNoCheck(hExtV, critical);
+3121 	} else if (oid == "1.2.840.113583.1.1.9.1") {
+3122 	    extParam = this.getExtAdobeTimeStamp(hExtV, critical);
+3123 	} else if (X509.EXT_PARSER[oid] != undefined) {
+3124 	    extParam = X509.EXT_PARSER[oid](oid, critical, hExtV);
+3125 	}
+3126 	if (extParam != undefined) return extParam;
+3127 
+3128 	var privateParam = { extname: oid, extn: hExtV };
+3129 	if (critical) privateParam.critical = true;
+3130 	return privateParam;
+3131     };
+3132 
+3133     /**
+3134      * find extension parameter in array<br/>
+3135      * @name findExt
+3136      * @memberOf X509#
+3137      * @function
+3138      * @param {Array} aExt array of extension parameters
+3139      * @param {String} extname extension name
+3140      * @return {Array} extension parameter in the array or null
+3141      * @since jsrsasign 10.0.3 x509 2.0.7
+3142      * @see X509#getParam
+3143      *
+3144      * @description
+3145      * This method returns an extension parameter for
+3146      * specified extension name in the array.
+3147      * This method is useful to update extension parameter value.
+3148      * When there is no such extension with the extname,
+3149      * this returns "null".
+3150      *
+3151      * @example
+3152      * // (1) 
+3153      * x = new X509(CERTPEM);
+3154      * params = x.getParam();
+3155      * pSKID = x.findExt(params.ext, "subjectKeyIdentifier");
+3156      * pSKID.kid = "1234abced..."; // skid in the params is updated.
+3157      *   // then params was updated
+3158      *
+3159      * // (2) another example
+3160      * aExt = [
+3161      *   {extname:"keyUsage",critical:true,names:["digitalSignature"]},
+3162      *   {extname:"basicConstraints",critical:true},
+3163      *   {extname:"subjectKeyIdentifier",kid:{hex:"f2eb..."}},
+3164      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+3165      *   {extname:"authorityInfoAccess",array:[{ocsp:"http://ocsp.example.com/"}]},
+3166      *   {extname:"certificatePolicies",array:[{policyoid:"2.23.140.1.2.1"}]}
+3167      * ];
+3168      * var x = new X509();
+3169      * x.findExt(aExt, "authorityKeyInfoAccess").array[0].ocsp = "http://aaa.com";
+3170      * pKU = x.findExt(aExt, "keyUsage");
+3171      * delete pKU["critical"]; // clear criticla flag
+3172      * pKU.names = ["keyCertSign", "cRLSign"];
+3173      *   // then aExt was updated
+3174      */
+3175     this.findExt = function(aExt, extname) {
+3176 	for (var i = 0; i < aExt.length; i++) {
+3177 	    if (aExt[i].extname == extname) return aExt[i];
+3178 	}
+3179 	return null;
+3180 
+3181     };
+3182 
+3183     /**
+3184      * update CRLDistributionPoints Full URI in parameter<br/>
+3185      * @name updateCDPFullURI
+3186      * @memberOf X509#
+3187      * @function
+3188      * @param {Array} aExt array of extension parameters
+3189      * @param {String} newURI string of new uri
+3190      * @since jsrsasign 10.0.4 x509 2.0.8
+3191      * @see X509#findExt
+3192      * @see KJUR.asn1.x509.CRLDistributionPoints
+3193      *
+3194      * @description
+3195      * This method updates Full URI of CRLDistributionPoints extension
+3196      * in the extension parameter array if it exists.
+3197      *
+3198      * @example
+3199      * aExt = [
+3200      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+3201      *   {extname:"cRLDistributionPoints",
+3202      *    array:[{dpname:{full:[{uri:"http://example.com/a.crl"}]}}]},
+3203      * ];
+3204      * x = new X509();
+3205      * x.updateCDPFullURI(aExt, "http://crl2.example.new/b.crl");
+3206      */
+3207     this.updateExtCDPFullURI = function(aExt, newURI) {
+3208 	var pExt = this.findExt(aExt, "cRLDistributionPoints");
+3209 	if (pExt == null) return;
+3210 	if (pExt.array == undefined) return;
+3211 	var aDP = pExt.array;
+3212 	for (var i = 0; i < aDP.length; i++) {
+3213 	    if (aDP[i].dpname == undefined) continue;
+3214 	    if (aDP[i].dpname.full == undefined) continue;
+3215 	    var aURI = aDP[i].dpname.full;
+3216 	    for (var j = 0; j < aURI.length; j++) {
+3217 		var pURI = aURI[i];
+3218 		if (pURI.uri == undefined) continue;
+3219 		pURI.uri = newURI;
+3220 	    }
+3221 	}
+3222     };
+3223 
+3224     /**
+3225      * update authorityInfoAccess ocsp in parameter<br/>
+3226      * @name updateAIAOCSP
+3227      * @memberOf X509#
+3228      * @function
+3229      * @param {Array} aExt array of extension parameters
+3230      * @param {String} newURI string of new uri
+3231      * @since jsrsasign 10.0.4 x509 2.0.8
+3232      * @see X509#findExt
+3233      * @see KJUR.asn1.x509.AuthorityInfoAccess
+3234      *
+3235      * @description
+3236      * This method updates "ocsp" accessMethod URI of 
+3237      * AuthorityInfoAccess extension
+3238      * in the extension parameter array if it exists.
+3239      *
+3240      * @example
+3241      * aExt = [
+3242      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+3243      *   {extname:"authoriyInfoAccess",
+3244      *    array:[
+3245      *      {ocsp: "http://ocsp1.example.com"},
+3246      *      {caissuer: "http://example.com/a.crt"}
+3247      *    ]}
+3248      * ];
+3249      * x = new X509();
+3250      * x.updateAIAOCSP(aExt, "http://ocsp2.example.net");
+3251      */
+3252     this.updateExtAIAOCSP = function(aExt, newURI) {
+3253 	var pExt = this.findExt(aExt, "authorityInfoAccess");
+3254 	if (pExt == null) return;
+3255 	if (pExt.array == undefined) return;
+3256 	var a = pExt.array;
+3257 	for (var i = 0; i < a.length; i++) {
+3258 	    if (a[i].ocsp != undefined) a[i].ocsp = newURI;
+3259 	}
+3260     };
+3261 
+3262     /**
+3263      * update authorityInfoAccess caIssuer in parameter<br/>
+3264      * @name updateAIACAIssuer
+3265      * @memberOf X509#
+3266      * @function
+3267      * @param {Array} aExt array of extension parameters
+3268      * @param {String} newURI string of new uri
+3269      * @since jsrsasign 10.0.4 x509 2.0.8
+3270      * @see X509#findExt
+3271      * @see KJUR.asn1.x509.AuthorityInfoAccess
+3272      *
+3273      * @description
+3274      * This method updates "caIssuer" accessMethod URI of 
+3275      * AuthorityInfoAccess extension
+3276      * in the extension parameter array if it exists.
+3277      *
+3278      * @example
+3279      * aExt = [
+3280      *   {extname:"authorityKeyIdentifier",kid:{hex:"12ab..."}},
+3281      *   {extname:"authoriyInfoAccess",
+3282      *    array:[
+3283      *      {ocsp: "http://ocsp1.example.com"},
+3284      *      {caissuer: "http://example.com/a.crt"}
+3285      *    ]}
+3286      * ];
+3287      * x = new X509();
+3288      * x.updateAIACAIssuer(aExt, "http://example.net/b.crt");
+3289      */
+3290     this.updateExtAIACAIssuer = function(aExt, newURI) {
+3291 	var pExt = this.findExt(aExt, "authorityInfoAccess");
+3292 	if (pExt == null) return;
+3293 	if (pExt.array == undefined) return;
+3294 	var a = pExt.array;
+3295 	for (var i = 0; i < a.length; i++) {
+3296 	    if (a[i].caissuer != undefined) a[i].caissuer = newURI;
+3297 	}
+3298     };
+3299 
+3300     /**
+3301      * convert array for X500 distinguish name to distinguish name string<br/>
+3302      * @name dnarraytostr
+3303      * @memberOf X509#
+3304      * @function
+3305      * @param {Array} aDN array for X500 distinguish name
+3306      * @return {String} distinguish name
+3307      * @since jsrsasign 10.0.6 x509 2.0.8
+3308      * @see X509#getX500Name
+3309      * @see X509#getX500NameArray
+3310      * @see KJUR.asn1.x509.X500Name
+3311      *
+3312      * @description
+3313      * This method converts from an array representation of 
+3314      * X.500 distinguished name to X.500 name string.
+3315      * This supports multi-valued RDN.
+3316      * 
+3317      * @example
+3318      * var x = new X509();
+3319      * x.dnarraytostr(
+3320      *   [[{type:"C",value:"JP",ds:"prn"}],
+3321      *   [{type:"O",value:"T1",ds:"prn"}]]) → "/C=JP/O=T1"
+3322      * x.dnarraytostr(
+3323      *   [[{type:"C",value:"JP",ds:"prn"}],
+3324      *   [{type:"O",value:"T1",ds:"prn"}
+3325      *    {type:"CN",value:"Bob",ds:"prn"}]]) → "/C=JP/O=T1+CN=Bob"
+3326      */
+3327     this.dnarraytostr = function(aDN) {
+3328 	function rdnarraytostr(aRDN) {
+3329 	    return aRDN.map(function(x){return atvtostr(x).replace(/\+/,"\\+");}).join("+");
+3330 	};
+3331 
+3332 	function atvtostr(pATV) {
+3333 	    return pATV.type + "=" + pATV.value;
+3334 	};
+3335 
+3336 	return "/" + aDN.map(function(x){return rdnarraytostr(x).replace(/\//, "\\/");}).join("/");
+3337     };
+3338 
+3339     /**
+3340      * set canonicalized DN to a DN parameter<br/>
+3341      * @name setCanonicalizedDN
+3342      * @memberOf X509#
+3343      * @function
+3344      * @param {object} pDN DN parameter associative array
+3345      * @since jsrsasign 10.6.0 x509 2.1.0
+3346      * 
+3347      * @description
+3348      * This method canonicalizes a DN string as following:
+3349      * <ul>
+3350      * <li>convert to lower case</li>
+3351      * <li>convert from all multiple spaces to a space</li>
+3352      * </ul>
+3353      * 
+3354      * @example
+3355      * var x = new X509();
+3356      * var pDN = {
+3357      *   array: [
+3358      *     [{type:'C',value:'JP',ds:'prn'}],
+3359      *     [{type:'O',value:'Test    1',ds:'prn'}] ],
+3360      *   str: "/C=JP/O=Test    1" };
+3361      * x.setCanonicalizedDN(pDN);
+3362 
+3363      * // pDN will become following
+3364      * pDN = {
+3365      *   array: [
+3366      *     [{type:'C',value:'JP',ds:'prn'}],
+3367      *     [{type:'O',value:'Test    1',ds:'prn'}] ],
+3368      *   str: "/C=JP/O=Test    1",
+3369      *   canon: "/c=jp/o=test 1" };
+3370      */
+3371     this.setCanonicalizedDN = function(pDN) {
+3372 	var aRDN;
+3373 	if (pDN.str != undefined && pDN.array == undefined) {
+3374 	    var dDN = new KJUR.asn1.x509.X500Name({str: pDN.str});
+3375 	    var hDN = dDN.tohex();
+3376 	    aRDN = this.getX500NameArray(hDN);
+3377 	} else {
+3378 	    aRDN = pDN.array;
+3379 	}
+3380 	if (pDN.canon == undefined) {
+3381 	    pDN.canon = this.c14nRDNArray(aRDN);
+3382 	}
+3383     };
+3384 
+3385     /**
+3386      * simple canonicalization(c14n) for RDN array<br/>
+3387      * @name c14nRDNArray
+3388      * @memberOf X509#
+3389      * @function
+3390      * @param {array} aRDN array of RDN parameters
+3391      * @return {string} canonicalized distinguish name (ex. "/c=jp/o=test ca")
+3392      * @since jsrsasign 10.6.0 x509 2.1.0
+3393      * 
+3394      * @description
+3395      * This method canonicalizes a DN string according to
+3396      * <a href="https://datatracker.ietf.org/doc/html/rfc4518#appendix-B">
+3397      * "RFC 4518 StringPrep Appendix B Substring Matching"</a> as following:
+3398      * <ul>
+3399      * <li>convert to lower case</li>
+3400      * <li>convert from all sequence of spaces to a space</li>
+3401      * <li>remove leading and trailing spaces</li>
+3402      * </ul>
+3403      * 
+3404      * @example
+3405      * var x = new X509();
+3406      * x.c14nRDNArray([
+3407      *   [{type:"C", value:"JP", ds: "prn"}],
+3408      *   [{type:"O", value:"    Test    1234     ", ds: "utf8"}],
+3409      *   [{type:"OU", value:"HR   45", ds: "utf8"}]
+3410      * ]) → "/c=jp/o=test 1234/ou=hr 45"
+3411      */
+3412     this.c14nRDNArray = function(aRDN) {
+3413 	var a = [];
+3414 	for (var i = 0; i < aRDN.length; i++) {
+3415 	    var aAVA = aRDN[i];
+3416 	    var a2 = [];
+3417 	    for (var j = 0; j < aAVA.length; j++) {
+3418 		var pAVA = aAVA[j];
+3419 		var value = pAVA.value;
+3420 		value = value.replace(/^\s*/, '');
+3421 		value = value.replace(/\s*$/, '');
+3422 		value = value.replace(/\s+/g, ' ');
+3423 		value = value.toLowerCase();
+3424 		a2.push(pAVA.type.toLowerCase() + "=" + value);
+3425 	    }
+3426 	    a.push(a2.join("+"));
+3427 	}
+3428 	return "/" + a.join("/");
+3429     };
+3430 
+3431     /**
+3432      * get certificate information as string.<br/>
+3433      * @name getInfo
+3434      * @memberOf X509#
+3435      * @function
+3436      * @return {String} certificate information string
+3437      * @since jsrsasign 5.0.10 x509 1.1.8
+3438      * @example
+3439      * x = new X509();
+3440      * x.readCertPEM(certPEM);
+3441      * console.log(x.getInfo());
+3442      * // this shows as following
+3443      * Basic Fields
+3444      *   serial number: 02ac5c266a0b409b8f0b79f2ae462577
+3445      *   signature algorithm: SHA1withRSA
+3446      *   issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
+3447      *   notBefore: 061110000000Z
+3448      *   notAfter: 311110000000Z
+3449      *   subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
+3450      *   subject public key info:
+3451      *     key algorithm: RSA
+3452      *     n=c6cce573e6fbd4bb...
+3453      *     e=10001
+3454      * X509v3 Extensions:
+3455      *   keyUsage CRITICAL:
+3456      *     digitalSignature,keyCertSign,cRLSign
+3457      *   basicConstraints CRITICAL:
+3458      *     cA=true
+3459      *   subjectKeyIdentifier :
+3460      *     b13ec36903f8bf4701d498261a0802ef63642bc3
+3461      *   authorityKeyIdentifier :
+3462      *     kid=b13ec36903f8bf4701d498261a0802ef63642bc3
+3463      * signature algorithm: SHA1withRSA
+3464      * signature: 1c1a0697dcd79c9f...
+3465      */
+3466     this.getInfo = function() {
+3467 	var _getSubjectAltNameStr = function(params) {
+3468 	    var s = "";
+3469 	    var indent = "    ";
+3470 	    var NL = "\n";
+3471 	    var a = params.array;
+3472 	    for (var i = 0; i < a.length; i++) {
+3473 		var pGN = a[i];
+3474 		if (pGN.dn != undefined)	s += indent + "dn: " + pGN.dn.str + NL;
+3475 		if (pGN.ip != undefined)	s += indent + "ip: " + pGN.ip + NL;
+3476 		if (pGN.rfc822 != undefined)	s += indent + "rfc822: " + pGN.rfc822 + NL;
+3477 		if (pGN.dns != undefined)	s += indent + "dns: " + pGN.dns + NL;
+3478 		if (pGN.uri != undefined)	s += indent + "uri: " + pGN.uri + NL;
+3479 		if (pGN.other != undefined) {
+3480 		    var oidname = pGN.other.oid;
+3481 		    var value = JSON.stringify(pGN.other.value).replace(/\"/g, '');
+3482 		    s += indent + "other: " + oidname + "=" + value + NL;
+3483 		}
+3484 	    }
+3485 	    s = s.replace(/\n$/, '');
+3486 	    return s;
+3487 	};
+3488 	var _getCertificatePoliciesStr = function(params) {
+3489 	    var s = "";
+3490 	    var a = params.array;
+3491 	    for (var i = 0; i < a.length; i++) {
+3492 		var pi = a[i];
+3493 		s += "    policy oid: " + pi.policyoid + "\n";
+3494 		if (pi.array === undefined) continue;
+3495 		for (var j = 0; j < pi.array.length; j++) {
+3496 		    var pqi = pi.array[j];
+3497 		    if (pqi.cps !== undefined) {
+3498 			s += "    cps: " + pqi.cps + "\n";
+3499 		    }
+3500 		}
+3501 	    }
+3502 	    return s;
+3503 	};
+3504 	var _getCRLDistributionPointsStr = function(params) {
+3505 	    var s = "";
+3506 	    var a = params.array;
+3507 	    for (var i = 0; i < a.length; i++) {
+3508 		var dp = a[i];
+3509 		try {
+3510 		    if (dp.dpname.full[0].uri !== undefined)
+3511 			s += "    " + dp.dpname.full[0].uri + "\n";
+3512 		} catch(ex) {};
+3513 		try {
+3514 		    if (dp.dname.full[0].dn.hex !== undefined)
+3515 			s += "    " + X509.hex2dn(dp.dpname.full[0].dn.hex) + "\n";
+3516 		} catch(ex) {};
+3517 	    }
+3518 	    return s;
+3519 	}
+3520 	var _getAuthorityInfoAccessStr = function(params) {
+3521 	    var s = "";
+3522 	    var a = params.array;
+3523 	    for (var i = 0; i < a.length; i++) {
+3524 		var ad = a[i];
+3525 
+3526 		if (ad.caissuer !== undefined)
+3527 		    s += "    caissuer: " + ad.caissuer + "\n";
+3528 		if (ad.ocsp !== undefined)
+3529 		    s += "    ocsp: " + ad.ocsp + "\n";
+3530 	    }
+3531 	    return s;
+3532 	};
+3533 	var _X509 = X509;
+3534 	var s, pubkey, aExt;
+3535 	s  = "Basic Fields\n";
+3536         s += "  serial number: " + this.getSerialNumberHex() + "\n";
+3537 	s += "  signature algorithm: " + this.getSignatureAlgorithmField() + "\n";
+3538 	s += "  issuer: " + this.getIssuerString() + "\n";
+3539 	s += "  notBefore: " + this.getNotBefore() + "\n";
+3540 	s += "  notAfter: " + this.getNotAfter() + "\n";
+3541 	s += "  subject: " + this.getSubjectString() + "\n";
+3542 	s += "  subject public key info: " + "\n";
+3543 
+3544 	// subject public key info
+3545 	pubkey = this.getPublicKey();
+3546 	s += "    key algorithm: " + pubkey.type + "\n";
+3547 
+3548 	if (pubkey.type === "RSA") {
+3549 	    s += "    n=" + hextoposhex(pubkey.n.toString(16)).substr(0, 16) + "...\n";
+3550 	    s += "    e=" + hextoposhex(pubkey.e.toString(16)) + "\n";
+3551 	}
+3552 
+3553 	// X.509v3 Extensions
+3554         aExt = this.aExtInfo;
+3555 
+3556 	if (aExt !== undefined && aExt !== null) {
+3557             s += "X509v3 Extensions:\n";
+3558 	    
+3559             for (var i = 0; i < aExt.length; i++) {
+3560 		var info = aExt[i];
+3561 
+3562 		// show extension name and critical flag
+3563 		var extName = KJUR.asn1.x509.OID.oid2name(info["oid"]);
+3564 		if (extName === '') extName = info["oid"];
+3565 
+3566 		var critical = '';
+3567 		if (info["critical"] === true) critical = "CRITICAL";
+3568 
+3569 		s += "  " + extName + " " + critical + ":\n";
+3570 
+3571 		// show extension value if supported
+3572 		if (extName === "basicConstraints") {
+3573 		    var bc = this.getExtBasicConstraints();
+3574 		    if (bc.cA === undefined) {
+3575 			s += "    {}\n";
+3576 		    } else {
+3577 			s += "    cA=true";
+3578 			if (bc.pathLen !== undefined)
+3579 			    s += ", pathLen=" + bc.pathLen;
+3580 			s += "\n";
+3581 		    }
+3582 		} else if (extName == "policyMappings") {
+3583 		    var a = this.getExtPolicyMappings().array;
+3584 		    var sMap = a.map(function(item){
+3585 			var aPolicy = item;
+3586 			return aPolicy[0] + ":" + aPolicy[1];
+3587 		    }).join(", ");
+3588 		    s += "    " + sMap + "\n";
+3589 		} else if (extName == "policyConstraints") {
+3590 		    var p = this.getExtPolicyConstraints();
+3591 		    s += "    ";
+3592 		    if (p.reqexp != undefined) s += " reqexp=" + p.reqexp;
+3593 		    if (p.inhibit != undefined) s += " inhibit=" + p.inhibit;
+3594 		    s += "\n";
+3595 		} else if (extName == "inhibitAnyPolicy") {
+3596 		    var p = this.getExtInhibitAnyPolicy();
+3597 		    s += "    skip=" + p.skip + "\n";
+3598 		} else if (extName == "keyUsage") {
+3599 		    s += "    " + this.getExtKeyUsageString() + "\n";
+3600 		} else if (extName == "subjectKeyIdentifier") {
+3601 		    s += "    " + this.getExtSubjectKeyIdentifier().kid.hex + "\n";
+3602 		} else if (extName == "authorityKeyIdentifier") {
+3603 		    var akid = this.getExtAuthorityKeyIdentifier();
+3604 		    if (akid.kid !== undefined)
+3605 			s += "    kid=" + akid.kid.hex + "\n";
+3606 		} else if (extName == "extKeyUsage") {
+3607 		    var eku = this.getExtExtKeyUsage().array;
+3608 		    s += "    " + eku.join(", ") + "\n";
+3609 		} else if (extName == "subjectAltName") {
+3610 		    var san = _getSubjectAltNameStr(this.getExtSubjectAltName());
+3611 		    s += san + "\n";
+3612 		} else if (extName == "cRLDistributionPoints") {
+3613 		    var cdp = this.getExtCRLDistributionPoints();
+3614 		    s += _getCRLDistributionPointsStr(cdp);
+3615 		} else if (extName == "authorityInfoAccess") {
+3616 		    var aia = this.getExtAuthorityInfoAccess();
+3617 		    s += _getAuthorityInfoAccessStr(aia);
+3618 		} else if (extName == "certificatePolicies") {
+3619 		    s += _getCertificatePoliciesStr(this.getExtCertificatePolicies());
+3620 		}
+3621 	    }
+3622         }
+3623 
+3624 	s += "signature algorithm: " + this.getSignatureAlgorithmName() + "\n";
+3625 	s += "signature: " + this.getSignatureValueHex().substr(0, 16) + "...\n";
+3626 	return s;
+3627     };
+3628 
+3629     if (typeof params == "string") {
+3630 	if (params.indexOf("-----BEGIN") != -1) {
+3631 	    this.readCertPEM(params);
+3632 	} else if (KJUR.lang.String.isHex(params)) {
+3633 	    this.readCertHex(params);
+3634 	}
+3635     }
+3636 };
+3637 // ----- END of X509 class -----
+3638 
+3639 /**
+3640  * additional definition for X.509 extension parsers<br/>
+3641  * @see X509.registExtParser
+3642  */
+3643 X509.EXT_PARSER = {
+3644 };
+3645 
+3646 /**
+3647  * define X.509 extension parser for specified OID<br/>
+3648  * @name registExtParser
+3649  * @memberOf X509
+3650  * @function
+3651  * @param {string} oid extension OID string (ex. "1.2.3.4")
+3652  * @param {function} func registering func extension value parsing function
+3653  * @return unspecified
+3654  * @since jsrsasign 10.7.0 x509 2.1.2
+3655  * 
+3656  * @description
+3657  * <p>
+3658  * This static method specifies a X.509 extension value parsing function
+3659  * for specified an extension OID.
+3660  * </p>
+3661  * <p>
+3662  * Extension parser function must have following three arguments:
+3663  * <ul>
+3664  * <li>{string} oid - OID for extension (ex. "1.2.3.4")</li>
+3665  * <li>{boolean} critical - critical flag of extension</li>
+3666  * <li>{string} hExtV - hexadecimal string of extension value</li>
+3667  * </ul>
+3668  * The funcition must return an associative array for the extension
+3669  * when hExtV can be parsed properly. Otherwise it must return
+3670  * value "undefined".
+3671  * </p>
+3672  *
+3673  * @example
+3674  * function _extparser1(oid, critical, hExtV) {
+3675  *   try {
+3676  *     var result = { extname: oid, value: ASN1HEX.parse(hExtV).utf8str.str };
+3677  *     if (critical) result.critical = true;
+3678  *     return result;
+3679  *   } catch(ex) {
+3680  *     return undefined;
+3681  *   }
+3682  * }
+3683  * X509.registExtParser("1.2.3.4", _extparser1);
+3684  */
+3685 X509.registExtParser = function(oid, func) {
+3686     X509.EXT_PARSER[oid] = func;
+3687 };
+3688 
+3689 /**
+3690  * get distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER X.500 name<br/>
+3691  * @name hex2dn
+3692  * @memberOf X509
+3693  * @function
+3694  * @param {String} hex hexadecimal string of ASN.1 DER distinguished name
+3695  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+3696  * @return {String} OpenSSL online format distinguished name
+3697  * @description
+3698  * This static method converts from a hexadecimal string of 
+3699  * distinguished name (DN)
+3700  * specified by 'hex' and 'idx' to OpenSSL oneline string representation (ex. /C=US/O=a).
+3701  * @example
+3702  * X509.hex2dn("3031310b3...") → /C=US/O=a/CN=b2+OU=b1
+3703  */
+3704 X509.hex2dn = function(hex, idx) {
+3705     if (idx === undefined) idx = 0;
+3706     var x = new X509();
+3707     var hDN = ASN1HEX.getTLV(hex, idx);
+3708     var pDN = x.getX500Name(hex);
+3709     return pDN.str;
+3710 };
+3711 
+3712 /**
+3713  * get relative distinguished name string in OpenSSL online format from hexadecimal string of ASN.1 DER RDN<br/>
+3714  * @name hex2rdn
+3715  * @memberOf X509
+3716  * @function
+3717  * @param {String} hex hexadecimal string of ASN.1 DER concludes relative distinguished name
+3718  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+3719  * @return {String} OpenSSL online format relative distinguished name
+3720  * @description
+3721  * This static method converts from a hexadecimal string of 
+3722  * relative distinguished name (RDN)
+3723  * specified by 'hex' and 'idx' to LDAP string representation (ex. O=test+CN=test).<br/>
+3724  * NOTE: Multi-valued RDN is supported since jsnrsasign 6.2.2 x509 1.1.10.
+3725  * @example
+3726  * X509.hex2rdn("310a3008060355040a0c0161") → O=a
+3727  * X509.hex2rdn("31143008060355040a0c01613008060355040a0c0162") → O=a+O=b
+3728  */
+3729 X509.hex2rdn = function(hex, idx) {
+3730     if (idx === undefined) idx = 0;
+3731     if (hex.substr(idx, 2) !== "31") throw new Error("malformed RDN");
+3732 
+3733     var a = new Array();
 3734 
-3735     var result = {};
-3736     var x, hSPKI, pubkey;
-3737     result.algparam = null;
-3738 
-3739     x = new X509();
-3740     x.readCertPEM(sCertPEM);
-3741 
-3742     hSPKI = x.getPublicKeyHex();
-3743     result.keyhex = _getVbyList(hSPKI, 0, [1], "03").substr(2);
-3744     result.algoid = _getVbyList(hSPKI, 0, [0, 0], "06");
-3745 
-3746     if (result.algoid === "2a8648ce3d0201") { // ecPublicKey
-3747 	result.algparam = _getVbyList(hSPKI, 0, [0, 1], "06");
-3748     };
-3749 
-3750     return result;
-3751 };
-3752 
-3753 /* ======================================================================
-3754  *   Specific V3 Extensions
-3755  * ====================================================================== */
-3756 
-3757 X509.KEYUSAGE_NAME = [
-3758     "digitalSignature",
-3759     "nonRepudiation",
-3760     "keyEncipherment",
-3761     "dataEncipherment",
-3762     "keyAgreement",
-3763     "keyCertSign",
-3764     "cRLSign",
-3765     "encipherOnly",
-3766     "decipherOnly"
-3767 ];
-3768 

\ No newline at end of file
+3735     var aIdx = ASN1HEX.getChildIdx(hex, idx);
+3736     for (var i = 0; i < aIdx.length; i++) {
+3737 	a.push(X509.hex2attrTypeValue(hex, aIdx[i]));
+3738     }
+3739 
+3740     a = a.map(function(s) { return s.replace("+", "\\+"); });
+3741     return a.join("+");
+3742 };
+3743 
+3744 /**
+3745  * get string from hexadecimal string of ASN.1 DER AttributeTypeAndValue<br/>
+3746  * @name hex2attrTypeValue
+3747  * @memberOf X509
+3748  * @function
+3749  * @param {String} hex hexadecimal string of ASN.1 DER concludes AttributeTypeAndValue
+3750  * @param {Integer} idx index of hexadecimal string (DEFAULT=0)
+3751  * @return {String} string representation of AttributeTypeAndValue (ex. C=US)
+3752  * @description
+3753  * This static method converts from a hexadecimal string of AttributeTypeAndValue
+3754  * specified by 'hex' and 'idx' to LDAP string representation (ex. C=US).
+3755  * @example
+3756  * X509.hex2attrTypeValue("3008060355040a0c0161") → O=a
+3757  * X509.hex2attrTypeValue("300806035504060c0161") → C=a
+3758  * X509.hex2attrTypeValue("...3008060355040a0c0161...", 128) → O=a
+3759  */
+3760 X509.hex2attrTypeValue = function(hex, idx) {
+3761     var _ASN1HEX = ASN1HEX;
+3762     var _getV = _ASN1HEX.getV;
+3763 
+3764     if (idx === undefined) idx = 0;
+3765     if (hex.substr(idx, 2) !== "30") 
+3766 	throw new Error("malformed attribute type and value");
+3767 
+3768     var aIdx = _ASN1HEX.getChildIdx(hex, idx);
+3769     if (aIdx.length !== 2 || hex.substr(aIdx[0], 2) !== "06")
+3770 	"malformed attribute type and value";
+3771 
+3772     var oidHex = _getV(hex, aIdx[0]);
+3773     var oidInt = KJUR.asn1.ASN1Util.oidHexToInt(oidHex);
+3774     var atype = KJUR.asn1.x509.OID.oid2atype(oidInt);
+3775 
+3776     var hV = _getV(hex, aIdx[1]);
+3777     var rawV = hextorstr(hV);
+3778 
+3779     return atype + "=" + rawV;
+3780 };
+3781 
+3782 /**
+3783  * get RSA/DSA/ECDSA public key object from X.509 certificate hexadecimal string<br/>
+3784  * @name getPublicKeyFromCertHex
+3785  * @memberOf X509
+3786  * @function
+3787  * @param {String} h hexadecimal string of X.509 certificate for RSA/ECDSA/DSA public key
+3788  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
+3789  * @since jsrasign 7.1.0 x509 1.1.11
+3790  */
+3791 X509.getPublicKeyFromCertHex = function(h) {
+3792     var x = new X509();
+3793     x.readCertHex(h);
+3794     return x.getPublicKey();
+3795 };
+3796 
+3797 /**
+3798  * get RSA/DSA/ECDSA public key object from PEM certificate string
+3799  * @name getPublicKeyFromCertPEM
+3800  * @memberOf X509
+3801  * @function
+3802  * @param {String} sCertPEM PEM formatted RSA/ECDSA/DSA X.509 certificate
+3803  * @return returns RSAKey/KJUR.crypto.{ECDSA,DSA} object of public key
+3804  * @since x509 1.1.1
+3805  * @description
+3806  * NOTE: DSA is also supported since x509 1.1.2.
+3807  */
+3808 X509.getPublicKeyFromCertPEM = function(sCertPEM) {
+3809     var x = new X509();
+3810     x.readCertPEM(sCertPEM);
+3811     return x.getPublicKey();
+3812 };
+3813 
+3814 /**
+3815  * get public key information from PEM certificate
+3816  * @name getPublicKeyInfoPropOfCertPEM
+3817  * @memberOf X509
+3818  * @function
+3819  * @param {String} sCertPEM string of PEM formatted certificate
+3820  * @return {Hash} hash of information for public key
+3821  * @since x509 1.1.1
+3822  * @description
+3823  * Resulted associative array has following properties:<br/>
+3824  * <ul>
+3825  * <li>algoid - hexadecimal string of OID of asymmetric key algorithm</li>
+3826  * <li>algparam - hexadecimal string of OID of ECC curve name or null</li>
+3827  * <li>keyhex - hexadecimal string of key in the certificate</li>
+3828  * </ul>
+3829  * NOTE: X509v1 certificate is also supported since x509.js 1.1.9.
+3830  */
+3831 X509.getPublicKeyInfoPropOfCertPEM = function(sCertPEM) {
+3832     var _ASN1HEX = ASN1HEX;
+3833     var _getVbyList = _ASN1HEX.getVbyList;
+3834 
+3835     var result = {};
+3836     var x, hSPKI, pubkey;
+3837     result.algparam = null;
+3838 
+3839     x = new X509();
+3840     x.readCertPEM(sCertPEM);
+3841 
+3842     hSPKI = x.getPublicKeyHex();
+3843     result.keyhex = _getVbyList(hSPKI, 0, [1], "03").substr(2);
+3844     result.algoid = _getVbyList(hSPKI, 0, [0, 0], "06");
+3845 
+3846     if (result.algoid === "2a8648ce3d0201") { // ecPublicKey
+3847 	result.algparam = _getVbyList(hSPKI, 0, [0, 1], "06");
+3848     };
+3849 
+3850     return result;
+3851 };
+3852 
+3853 /* ======================================================================
+3854  *   Specific V3 Extensions
+3855  * ====================================================================== */
+3856 
+3857 X509.KEYUSAGE_NAME = [
+3858     "digitalSignature",
+3859     "nonRepudiation",
+3860     "keyEncipherment",
+3861     "dataEncipherment",
+3862     "keyAgreement",
+3863     "keyCertSign",
+3864     "cRLSign",
+3865     "encipherOnly",
+3866     "decipherOnly"
+3867 ];
+3868
\ No newline at end of file diff --git a/bower.json b/bower.json index 23b398d3..88834339 100644 --- a/bower.json +++ b/bower.json @@ -1,6 +1,6 @@ { "name": "kjur-jsrsasign", - "version": "10.7.0", + "version": "10.8.0", "main": "jsrsasign-all-min.js", "description": "The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES, JWS and JWT in pure JavaScript.", "license": "MIT", diff --git a/jsrsasign-all-min.js b/jsrsasign-all-min.js index cbd51f96..f8400a9e 100644 --- a/jsrsasign-all-min.js +++ b/jsrsasign-all-min.js @@ -1,8 +1,8 @@ /* - * jsrsasign(all) 10.7.0 (2023-03-12) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(all) 10.8.0 (2023-04-08) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license */ -var VERSION = "10.7.0"; -var VERSION_FULL = "jsrsasign(all) 10.7.0 (2023-03-12) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; +var VERSION = "10.8.0"; +var VERSION_FULL = "jsrsasign(all) 10.8.0 (2023-04-08) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; /*! CryptoJS v3.1.2 core-fix.js * code.google.com/p/crypto-js @@ -219,7 +219,7 @@ ECFieldElementFp.prototype.getByteLength=function(){return Math.floor((this.toBi /*! Mike Samuel (c) 2009 | code.google.com/p/json-sans-eval */ var jsonParse=(function(){var e="(?:-?\\b(?:0|[1-9][0-9]*)(?:\\.[0-9]+)?(?:[eE][+-]?[0-9]+)?\\b)";var j='(?:[^\\0-\\x08\\x0a-\\x1f"\\\\]|\\\\(?:["/\\\\bfnrt]|u[0-9A-Fa-f]{4}))';var i='(?:"'+j+'*")';var d=new RegExp("(?:false|true|null|[\\{\\}\\[\\]]|"+e+"|"+i+")","g");var k=new RegExp("\\\\(?:([^u])|u(.{4}))","g");var g={'"':'"',"/":"/","\\":"\\",b:"\b",f:"\f",n:"\n",r:"\r",t:"\t"};function h(l,m,n){return m?g[m]:String.fromCharCode(parseInt(n,16))}var c=new String("");var a="\\";var f={"{":Object,"[":Array};var b=Object.hasOwnProperty;return function(u,q){var p=u.match(d);var x;var v=p[0];var l=false;if("{"===v){x={}}else{if("["===v){x=[]}else{x=[];l=true}}var t;var r=[x];for(var o=1-l,m=p.length;o=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw new Error("ASN.1 length too long to represent by 8x: n = "+j.toString(16))}var g=128+h;return g.toString(16)+i}};this.tohex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.getValueHex=function(){this.tohex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};extendClass(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.setByParam=function(d){this.hV=null;this.hTLV=null;this.params=d};this.getString=function(){return undefined};this.setString=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.str=d};this.setByDate=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.date=d};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};extendClass(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};extendClass(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};extendClass(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};extendClass(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.tohex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||715){throw new Error("ASN.1 length too long to represent by 8x: n = "+j.toString(16))}var g=128+h;return g.toString(16)+i}};this.tohex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.getValueHex=function(){this.tohex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};extendClass(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.setByParam=function(d){this.hV=null;this.hTLV=null;this.params=d};this.getString=function(){return undefined};this.setString=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.str=d};this.setByDate=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.date=d};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};extendClass(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};extendClass(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};extendClass(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(b){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.params=null;var a=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex;this.setByBigInteger=function(c){this.isModified=true;this.params={bigint:c}};this.setByInteger=function(c){this.isModified=true;this.params=c};this.setValueHex=function(c){this.isModified=true;this.params={hex:c}};this.getFreshValueHex=function(){var d=this.params;var c=null;if(d==null){throw new Error("value not set")}if(typeof d=="object"&&d.hex!=undefined){this.hV=d.hex;return this.hV}if(typeof d=="number"){c=new BigInteger(String(d),10)}else{if(d["int"]!=undefined){c=new BigInteger(String(d["int"]),10)}else{if(d.bigint!=undefined){c=d.bigint}else{throw new Error("wrong parameter")}}}this.hV=a(c);return this.hV};if(b!=undefined){this.params=b}};extendClass(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.tohex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.getInt=function(e,b,f){if(f==undefined){f=-1}try{var c=e.substr(b,2);if(c!="02"&&c!="03"){return f}var a=ASN1HEX.getV(e,b);if(c=="02"){return parseInt(a,16)}else{return bitstrtoint(a)}}catch(d){return f}};ASN1HEX.getOID=function(c,a,d){if(d==undefined){d=null}try{if(c.substr(a,2)!="06"){return d}var e=ASN1HEX.getV(c,a);return hextooid(e)}catch(b){return d}};ASN1HEX.getOIDName=function(d,a,f){if(f==undefined){f=null}try{var e=ASN1HEX.getOID(d,a,f);if(e==f){return f}var b=KJUR.asn1.x509.OID.oid2name(e);if(b==""){return e}return b}catch(c){return f}};ASN1HEX.getString=function(d,b,e){if(e==undefined){e=null}try{var a=ASN1HEX.getV(d,b);return hextorstr(a)}catch(c){return e}};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.tohex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+ucs2hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u4){return{"enum":{hex:p}}}else{return{"enum":parseInt(p,16)}}}else{if(C=="30"||C=="31"){j[c[C]]=u(x);return j}else{if(C=="14"){var o=q(p);j[c[C]]={str:o};return j}else{if(C=="1e"){var o=n(p);j[c[C]]={str:o};return j}else{if(":0c:12:13:16:17:18:1a:".indexOf(C)!=-1){var o=k(p);j[c[C]]={str:o};return j}else{if(C.match(/^8[0-9]$/)){var o=k(p);if(o==null|o==""){return{tag:{tag:C,explicit:false,hex:p}}}else{if(o.match(/[\x00-\x1F\x7F-\x9F]/)!=null||o.match(/[\u0000-\u001F\u0080–\u009F]/)!=null){return{tag:{tag:C,explicit:false,hex:p}}}else{return{tag:{tag:C,explicit:false,str:o}}}}}else{if(C.match(/^a[0-9]$/)){try{if(!a(p)){throw new Error("not encap")}return{tag:{tag:C,explicit:true,obj:f(p)}}}catch(z){return{tag:{tag:C,explicit:true,hex:p}}}}else{var A=new KJUR.asn1.ASN1Object();A.hV=p;var w=A.getLengthHexFromValue();return{asn1:{tlv:C+w+p}}}}}}}}}}}}}}}};ASN1HEX.isContextTag=function(c,b){c=c.toLowerCase();var f,e;try{f=parseInt(c,16)}catch(d){return -1}if(b===undefined){if((f&192)==128){return true}else{return false}}try{var a=b.match(/^\[[0-9]+\]$/);if(a==null){return false}e=parseInt(b.substr(1,b.length-1),10);if(e>31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;e0){n.push(new c({tag:"a3",obj:new j(q.ext)}))}var o=new KJUR.asn1.DERSequence({array:n});return o.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extensions=function(d){KJUR.asn1.x509.Extensions.superclass.constructor.call(this);var c=KJUR,b=c.asn1,a=b.DERSequence,e=b.x509;this.aParam=[];this.setByParam=function(f){this.aParam=f};this.tohex=function(){var f=[];for(var h=0;h-1){i.push(new f({"int":this.pathLen}))}var h=new b({array:i});this.asn1ExtnValue=h;return this.asn1ExtnValue.tohex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(g!==undefined){if(g.cA!==undefined){this.cA=g.cA}if(g.pathLen!==undefined){this.pathLen=g.pathLen}}};extendClass(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.tohex()};this.setByDPArray=function(e){var f=[];for(var g=0;g0){f.push(new b({array:j}))}}var g=new b({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(d!==undefined){this.params=d}};extendClass(KJUR.asn1.x509.PolicyInformation,KJUR.asn1.ASN1Object);KJUR.asn1.x509.PolicyQualifierInfo=function(e){KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,e);var c=KJUR.asn1,b=c.DERSequence,d=c.DERIA5String,f=c.DERObjectIdentifier,a=c.x509.UserNotice;this.params=null;this.tohex=function(){if(this.params.cps!==undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.1"}),new d({str:this.params.cps})]});return g.tohex()}if(this.params.unotice!=undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.2"}),new a(this.params.unotice)]});return g.tohex()}};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.PolicyQualifierInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.UserNotice=function(e){KJUR.asn1.x509.UserNotice.superclass.constructor.call(this,e);var a=KJUR.asn1.DERSequence,d=KJUR.asn1.DERInteger,c=KJUR.asn1.x509.DisplayText,b=KJUR.asn1.x509.NoticeReference;this.params=null;this.tohex=function(){var f=[];if(this.params.noticeref!==undefined){f.push(new b(this.params.noticeref))}if(this.params.exptext!==undefined){f.push(new c(this.params.exptext))}var g=new a({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.UserNotice,KJUR.asn1.ASN1Object);KJUR.asn1.x509.NoticeReference=function(d){KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this,d);var a=KJUR.asn1.DERSequence,c=KJUR.asn1.DERInteger,b=KJUR.asn1.x509.DisplayText;this.params=null;this.tohex=function(){var f=[];if(this.params.org!==undefined){f.push(new b(this.params.org))}if(this.params.noticenum!==undefined){var h=[];var e=this.params.noticenum;for(var j=0;j0){for(var g=0;g0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.X500Name.ldapToOneline=function(a){return KJUR.asn1.x509.X500Name.ldapToCompat(a)};KJUR.asn1.x509.RDN=function(b){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=[];this.paramArray=[];this.sRule="utf8";var a=KJUR.asn1.x509.AttributeTypeAndValue;this.setByParam=function(c){if(c.rule!==undefined){this.sRule=c.rule}if(c.str!==undefined){this.addByMultiValuedString(c.str)}if(c.array!==undefined){this.paramArray=c.array}};this.addByString=function(c){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:c,rule:this.sRule}))};this.addByMultiValuedString=function(e){var c=KJUR.asn1.x509.RDN.parseString(e);for(var d=0;d0){for(var d=0;d0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(c){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);this.sRule="utf8";this.sType=null;this.sValue=null;this.dsType=null;var a=KJUR,g=a.asn1,d=g.DERSequence,l=g.DERUTF8String,i=g.DERPrintableString,h=g.DERTeletexString,b=g.DERIA5String,e=g.DERVisibleString,k=g.DERBMPString,f=a.lang.String.isMail,j=a.lang.String.isPrintable;this.setByParam=function(o){if(o.rule!==undefined){this.sRule=o.rule}if(o.ds!==undefined){this.dsType=o.ds}if(o.value===undefined&&o.str!==undefined){var n=o.str;var m=n.match(/^([^=]+)=(.+)$/);if(m){this.sType=m[1];this.sValue=m[2]}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}}else{this.sType=o.type;this.sValue=o.value}};this.setByString=function(n,o){if(o!==undefined){this.sRule=o}var m=n.match(/^([^=]+)=(.+)$/);if(m){this.setByAttrTypeAndValueStr(m[1],m[2])}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}};this._getDsType=function(){var o=this.sType;var n=this.sValue;var m=this.sRule;if(m==="prn"){if(o=="CN"&&f(n)){return"ia5"}if(j(n)){return"prn"}return"utf8"}else{if(m==="utf8"){if(o=="CN"&&f(n)){return"ia5"}if(o=="C"){return"prn"}return"utf8"}}return"utf8"};this.setByAttrTypeAndValueStr=function(o,n,m){if(m!==undefined){this.sRule=m}this.sType=o;this.sValue=n};this.getValueObj=function(n,m){if(n=="utf8"){return new l({str:m})}if(n=="prn"){return new i({str:m})}if(n=="tel"){return new h({str:m})}if(n=="ia5"){return new b({str:m})}if(n=="vis"){return new e({str:m})}if(n=="bmp"){return new k({str:m})}throw new Error("unsupported directory string type: type="+n+" value="+m)};this.tohex=function(){if(this.dsType==null){this.dsType=this._getDsType()}var n=KJUR.asn1.x509.OID.atype2obj(this.sType);var m=this.getValueObj(this.dsType,this.sValue);var p=new d({array:[n,m]});this.TLV=p.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(c!==undefined){this.setByParam(c)}};extendClass(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,m=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,o=d.AlgorithmIdentifier,g=a.crypto,n=g.ECDSA,c=g.DSA;this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var p=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return p};this.tohex=function(){var p=this.getASN1Object();this.hTLV=p.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.setPubKey=function(q){try{if(q instanceof RSAKey){var u=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var s=u.tohex();this.asn1AlgId=new o({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+s})}}catch(p){}try{if(q instanceof KJUR.crypto.ECDSA){var r=new m({name:q.curveName});this.asn1AlgId=new o({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})}}catch(p){}try{if(q instanceof KJUR.crypto.DSA){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new o({name:"dsa",asn1params:r});var t=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+t.tohex()})}}catch(p){}};if(f!==undefined){this.setPubKey(f)}};extendClass(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.params=null;this.type=null;this.setTimeParams=function(h){this.timeParams=h};this.setByParam=function(h){this.params=h};this.getType=function(h){if(h.match(/^[0-9]{12}Z$/)){return"utc"}if(h.match(/^[0-9]{14}Z$/)){return"gen"}if(h.match(/^[0-9]{12}\.[0-9]+Z$/)){return"utc"}if(h.match(/^[0-9]{14}\.[0-9]+Z$/)){return"gen"}return null};this.tohex=function(){var i=this.params;var h=null;if(typeof i=="string"){i={str:i}}if(i!=null&&i.str&&(i.type==null||i.type==undefined)){i.type=this.getType(i.str)}if(i!=null&&i.str){if(i.type=="utc"){h=new b(i.str)}if(i.type=="gen"){h=new g(i.str)}}else{if(this.type=="gen"){h=new g()}else{h=new b()}}if(h==null){throw new Error("wrong setting for Time")}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(f!=undefined){this.setByParam(f)}};KJUR.asn1.x509.Time_bak=function(f){KJUR.asn1.x509.Time_bak.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.tohex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};extendClass(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1,c=a.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;this.tohex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw new Error("algorithm not specified")}if(this.nameAlg!==null){var f=null;for(var h in c){if(h===this.nameAlg){f=c[h]}}if(f!==null){this.hTLV=f;return this.hTLV}}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var g=[this.asn1Alg];if(this.asn1Params!==null){g.push(this.asn1Params)}var i=new a.DERSequence({array:g});this.hTLV=i.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){if(e.name!==undefined){this.nameAlg=e.name}if(e.asn1params!==undefined){this.asn1Params=e.asn1params}if(e.paramempty!==undefined){this.paramEmpty=e.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){if(this.nameAlg.name!==undefined){this.nameAlg=this.nameAlg.name}var d=this.nameAlg.toLowerCase();if(d.substr(-7,7)!=="withdsa"&&d.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};extendClass(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:"300d06092a864886f70d01010a3000",SHA256withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",SHA384withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",SHA512withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"};KJUR.asn1.x509.GeneralName=function(f){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var l={rfc822:"81",dns:"82",dn:"a4",uri:"86",ip:"87",otherName:"a0"},b=KJUR,h=b.asn1,d=h.x509,a=d.X500Name,g=d.OtherName,e=h.DERIA5String,i=h.DERPrintableString,k=h.DEROctetString,c=h.DERTaggedObject,m=h.ASN1Object,j=Error;this.params=null;this.setByParam=function(n){this.params=n};this.tohex=function(){var p=this.params;var A,y,q;var y=false;if(p.other!==undefined){A="a0",q=new g(p.other)}else{if(p.rfc822!==undefined){A="81";q=new e({str:p.rfc822})}else{if(p.dns!==undefined){A="82";q=new e({str:p.dns})}else{if(p.dn!==undefined){A="a4";y=true;if(typeof p.dn==="string"){q=new a({str:p.dn})}else{if(p.dn instanceof KJUR.asn1.x509.X500Name){q=p.dn}else{q=new a(p.dn)}}}else{if(p.ldapdn!==undefined){A="a4";y=true;q=new a({ldapstr:p.ldapdn})}else{if(p.certissuer!==undefined||p.certsubj!==undefined){A="a4";y=true;var n,o;var z=null;if(p.certsubj!==undefined){n=false;o=p.certsubj}else{n=true;o=p.certissuer}if(o.match(/^[0-9A-Fa-f]+$/)){z==o}if(o.indexOf("-----BEGIN ")!=-1){z=pemtohex(o)}if(z==null){throw new Error("certsubj/certissuer not cert")}var w=new X509();w.hex=z;var s;if(n){s=w.getIssuerHex()}else{s=w.getSubjectHex()}q=new m();q.hTLV=s}else{if(p.uri!==undefined){A="86";q=new e({str:p.uri})}else{if(p.ip!==undefined){A="87";var v;var t=p.ip;try{if(t.match(/^[0-9a-f]+$/)){var r=t.length;if(r==8||r==16||r==32||r==64){v=t}else{throw"err"}}else{v=iptohex(t)}}catch(u){throw new j("malformed IP address: "+p.ip+":"+u.message)}q=new k({hex:v})}else{throw new j("improper params")}}}}}}}}var B=new c({tag:A,explicit:y,obj:q});return B.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e0){var m=b(n.valhex,q[0]);var p=j(m,0);var t=[];for(var o=0;o1){var r=b(n.valhex,q[1]);n.polhex=r}delete n.valhex};this.setSignaturePolicyIdentifier=function(s){var q=j(s.valhex,0);if(q.length>0){var r=l.getOID(s.valhex,q[0]);s.oid=r}if(q.length>1){var m=new a();var t=j(s.valhex,q[1]);var p=b(s.valhex,t[0]);var o=m.getAlgorithmIdentifierName(p);s.alg=o;var n=i(s.valhex,t[1]);s.hash=n}delete s.valhex};this.setSigningCertificateV2=function(o){var s=j(o.valhex,0);if(s.length>0){var n=b(o.valhex,s[0]);var r=j(n,0);var u=[];for(var q=0;q1){var t=b(o.valhex,s[1]);o.polhex=t}delete o.valhex};this.getESSCertID=function(o){var p={};var n=j(o,0);if(n.length>0){var q=i(o,n[0]);p.hash=q}if(n.length>1){var m=b(o,n[1]);var r=this.getIssuerSerial(m);if(r.serial!=undefined){p.serial=r.serial}if(r.issuer!=undefined){p.issuer=r.issuer}}return p};this.getESSCertIDv2=function(q){var s={};var p=j(q,0);if(p.length<1||3r+1){var m=b(q,p[r+1]);var t=this.getIssuerSerial(m);s.issuer=t.issuer;s.serial=t.serial}return s};this.getIssuerSerial=function(q){var r={};var n=j(q,0);var m=b(q,n[0]);var p=h.getGeneralNames(m);var o=p[0].dn;r.issuer=o;var s=i(q,n[1]);r.serial={hex:s};return r};this.getCertificateSet=function(p){var n=j(p,0);var m=[];for(var o=0;o>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function extendClass(c,a){var b=function(){};b.prototype=a.prototype;c.prototype=new b();c.prototype.constructor=c;c.superclass=a.prototype;if(a.prototype.constructor==Object.prototype.constructor){a.prototype.constructor=a}}; +var KJUR;if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.lang=="undefined"||!KJUR.lang){KJUR.lang={}}KJUR.lang.String=function(){};function Base64x(){}function stoBA(d){var b=new Array();for(var c=0;c>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f=0;--u){v=v.twice2D();v.z=f.ONE;if(t.testBit(u)){if(s.testBit(u)){v=v.add2D(y)}else{v=v.add2D(x)}}else{if(s.testBit(u)){v=v.add2D(w)}}}return v}this.getBigRandom=function(r){return new f(r.bitLength(),a).mod(r.subtract(f.ONE)).add(f.ONE)};this.setNamedCurve=function(r){this.ecparams=c.getByName(r);this.prvKeyHex=null;this.pubKeyHex=null;this.curveName=r};this.setPrivateKeyHex=function(r){this.isPrivate=true;this.prvKeyHex=r};this.setPublicKeyHex=function(r){this.isPublic=true;this.pubKeyHex=r};this.getPublicKeyXYHex=function(){var t=this.pubKeyHex;if(t.substr(0,2)!=="04"){throw"this method supports uncompressed format(04) only"}var s=this.ecparams.keycharlen;if(t.length!==2+s*2){throw"malformed public key hex length"}var r={};r.x=t.substr(2,s);r.y=t.substr(2+s);return r};this.getShortNISTPCurveName=function(){var r=this.curveName;if(r==="secp256r1"||r==="NIST P-256"||r==="P-256"||r==="prime256v1"){return"P-256"}if(r==="secp384r1"||r==="NIST P-384"||r==="P-384"){return"P-384"}if(r==="secp521r1"||r==="NIST P-521"||r==="P-521"){return"P-521"}return null};this.generateKeyPairHex=function(){var s=this.ecparams.n;var u=this.getBigRandom(s);var r=this.ecparams.keycharlen;var t=("0000000000"+u.toString(16)).slice(-r);this.setPrivateKeyHex(t);var v=this.generatePublicKeyHex();return{ecprvhex:t,ecpubhex:v}};this.generatePublicKeyHex=function(){var u=new f(this.prvKeyHex,16);var w=this.ecparams.G.multiply(u);var t=w.getX().toBigInteger();var s=w.getY().toBigInteger();var r=this.ecparams.keycharlen;var y=("0000000000"+t.toString(16)).slice(-r);var v=("0000000000"+s.toString(16)).slice(-r);var x="04"+y+v;this.setPublicKeyHex(x);return x};this.signWithMessageHash=function(r){return this.signHex(r,this.prvKeyHex)};this.signHex=function(x,u){var A=new f(u,16);var v=this.ecparams.n;var z=new f(x.substring(0,this.ecparams.keycharlen),16);do{var w=this.getBigRandom(v);var B=this.ecparams.G;var y=B.multiply(w);var t=y.getX().toBigInteger().mod(v)}while(t.compareTo(f.ZERO)<=0);var C=w.modInverse(v).multiply(z.add(A.multiply(t))).mod(v);return m.biRSSigToASN1Sig(t,C)};this.sign=function(w,B){var z=B;var u=this.ecparams.n;var y=f.fromByteArrayUnsigned(w);do{var v=this.getBigRandom(u);var A=this.ecparams.G;var x=A.multiply(v);var t=x.getX().toBigInteger().mod(u)}while(t.compareTo(BigInteger.ZERO)<=0);var C=v.modInverse(u).multiply(y.add(z.multiply(t))).mod(u);return this.serializeSig(t,C)};this.verifyWithMessageHash=function(s,r){return this.verifyHex(s,r,this.pubKeyHex)};this.verifyHex=function(v,y,u){try{var t,B;var w=m.parseSigHex(y);t=w.r;B=w.s;var x=h.decodeFromHex(this.ecparams.curve,u);var z=new f(v.substring(0,this.ecparams.keycharlen),16);return this.verifyRaw(z,t,B,x)}catch(A){return false}};this.verify=function(z,A,u){var w,t;if(Bitcoin.Util.isArray(A)){var y=this.parseSig(A);w=y.r;t=y.s}else{if("object"===typeof A&&A.r&&A.s){w=A.r;t=A.s}else{throw"Invalid value for signature"}}var v;if(u instanceof ECPointFp){v=u}else{if(Bitcoin.Util.isArray(u)){v=h.decodeFrom(this.ecparams.curve,u)}else{throw"Invalid format for pubkey value, must be byte array or ECPointFp"}}var x=f.fromByteArrayUnsigned(z);return this.verifyRaw(x,w,t,v)};this.verifyRaw=function(z,t,E,y){var x=this.ecparams.n;var D=this.ecparams.G;if(t.compareTo(f.ONE)<0||t.compareTo(x)>=0){return false}if(E.compareTo(f.ONE)<0||E.compareTo(x)>=0){return false}var A=E.modInverse(x);var w=z.multiply(A).mod(x);var u=t.multiply(A).mod(x);var B=D.multiply(w).add(y.multiply(u));var C=B.getX().toBigInteger().mod(x);return C.equals(t)};this.serializeSig=function(v,u){var w=v.toByteArraySigned();var t=u.toByteArraySigned();var x=[];x.push(2);x.push(w.length);x=x.concat(w);x.push(2);x.push(t.length);x=x.concat(t);x.unshift(x.length);x.unshift(48);return x};this.parseSig=function(y){var x;if(y[0]!=48){throw new Error("Signature not a valid DERSequence")}x=2;if(y[x]!=2){throw new Error("First element in signature must be a DERInteger")}var w=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];if(y[x]!=2){throw new Error("Second element in signature must be a DERInteger")}var t=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];var v=f.fromByteArrayUnsigned(w);var u=f.fromByteArrayUnsigned(t);return{r:v,s:u}};this.parseSigCompact=function(w){if(w.length!==65){throw"Signature has the wrong length"}var t=w[0]-27;if(t<0||t>7){throw"Invalid signature type"}var x=this.ecparams.n;var v=f.fromByteArrayUnsigned(w.slice(1,33)).mod(x);var u=f.fromByteArrayUnsigned(w.slice(33,65)).mod(x);return{r:v,s:u,i:t}};this.readPKCS5PrvKeyHex=function(u){if(k(u)===false){throw new Error("not ASN.1 hex string")}var r,t,v;try{r=n(u,0,["[0]",0],"06");t=n(u,0,[1],"04");try{v=n(u,0,["[1]",0],"03")}catch(s){}}catch(s){throw new Error("malformed PKCS#1/5 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v);this.setPrivateKeyHex(t);this.isPublic=false};this.readPKCS8PrvKeyHex=function(v){if(k(v)===false){throw new j("not ASN.1 hex string")}var t,r,u,w;try{t=n(v,0,[1,0],"06");r=n(v,0,[1,1],"06");u=n(v,0,[2,0,1],"04");try{w=n(v,0,[2,0,"[1]",0],"03")}catch(s){}}catch(s){throw new j("malformed PKCS#8 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(w);this.setPrivateKeyHex(u);this.isPublic=false};this.readPKCS8PubKeyHex=function(u){if(k(u)===false){throw new j("not ASN.1 hex string")}var t,r,v;try{t=n(u,0,[0,0],"06");r=n(u,0,[0,1],"06");v=n(u,0,[1],"03")}catch(s){throw new j("malformed PKCS#8 ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v)};this.readCertPubKeyHex=function(t,v){if(k(t)===false){throw new j("not ASN.1 hex string")}var r,u;try{r=n(t,0,[0,5,0,1],"06");u=n(t,0,[0,5,1],"03")}catch(s){throw new j("malformed X.509 certificate ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(u)};if(e!==undefined){if(e.curve!==undefined){this.curveName=e.curve}}if(this.curveName===undefined){this.curveName=g}this.setNamedCurve(this.curveName);if(e!==undefined){if(e.prv!==undefined){this.setPrivateKeyHex(e.prv)}if(e.pub!==undefined){this.setPublicKeyHex(e.pub)}}};KJUR.crypto.ECDSA.parseSigHex=function(a){var b=KJUR.crypto.ECDSA.parseSigHexInHexRS(a);var d=new BigInteger(b.r,16);var c=new BigInteger(b.s,16);return{r:d,s:c}};KJUR.crypto.ECDSA.parseSigHexInHexRS=function(f){var j=ASN1HEX,i=j.getChildIdx,g=j.getV;j.checkStrictDER(f,0);if(f.substr(0,2)!="30"){throw new Error("signature is not a ASN.1 sequence")}var h=i(f,0);if(h.length!=2){throw new Error("signature shall have two elements")}var e=h[0];var d=h[1];if(f.substr(e,2)!="02"){throw new Error("1st item not ASN.1 integer")}if(f.substr(d,2)!="02"){throw new Error("2nd item not ASN.1 integer")}var c=g(f,e);var b=g(f,d);return{r:c,s:b}};KJUR.crypto.ECDSA.asn1SigToConcatSig=function(d){var e=KJUR.crypto.ECDSA.parseSigHexInHexRS(d);var b=e.r;var a=e.s;if(b.length>=130&&b.length<=134){if(b.length%2!=0){throw Error("unknown ECDSA sig r length error")}if(a.length%2!=0){throw Error("unknown ECDSA sig s length error")}if(b.substr(0,2)=="00"){b=b.substr(2)}if(a.substr(0,2)=="00"){a=a.substr(2)}var c=Math.max(b.length,a.length);b=("000000"+b).slice(-c);a=("000000"+a).slice(-c);return b+a}if(b.substr(0,2)=="00"&&(b.length%32)==2){b=b.substr(2)}if(a.substr(0,2)=="00"&&(a.length%32)==2){a=a.substr(2)}if((b.length%32)==30){b="00"+b}if((a.length%32)==30){a="00"+a}if(b.length%32!=0){throw Error("unknown ECDSA sig r length error")}if(a.length%32!=0){throw Error("unknown ECDSA sig s length error")}return b+a};KJUR.crypto.ECDSA.concatSigToASN1Sig=function(a){if(a.length%4!=0){throw Error("unknown ECDSA concatinated r-s sig length error")}var c=a.substr(0,a.length/2);var b=a.substr(a.length/2);return KJUR.crypto.ECDSA.hexRSSigToASN1Sig(c,b)};KJUR.crypto.ECDSA.hexRSSigToASN1Sig=function(b,a){var d=new BigInteger(b,16);var c=new BigInteger(a,16);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(d,c)};KJUR.crypto.ECDSA.biRSSigToASN1Sig=function(f,d){var c=KJUR.asn1;var b=new c.DERInteger({bigint:f});var a=new c.DERInteger({bigint:d});var e=new c.DERSequence({array:[b,a]});return e.tohex()};KJUR.crypto.ECDSA.getName=function(a){if(a==="2b8104001f"){return"secp192k1"}if(a==="2a8648ce3d030107"){return"secp256r1"}if(a==="2b8104000a"){return"secp256k1"}if(a==="2b81040021"){return"secp224r1"}if(a==="2b81040022"){return"secp384r1"}if(a==="2b81040023"){return"secp521r1"}if("|secp256r1|NIST P-256|P-256|prime256v1|".indexOf(a)!==-1){return"secp256r1"}if("|secp256k1|".indexOf(a)!==-1){return"secp256k1"}if("|secp224r1|NIST P-224|P-224|".indexOf(a)!==-1){return"secp224r1"}if("|secp384r1|NIST P-384|P-384|".indexOf(a)!==-1){return"secp384r1"}if("|secp521r1|NIST P-521|P-521|".indexOf(a)!==-1){return"secp521r1"}return null}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.ECParameterDB=new function(){var b={};var c={};function a(d){return new BigInteger(d,16)}this.getByName=function(e){var d=e;if(typeof c[d]!="undefined"){d=c[e]}if(typeof b[d]!="undefined"){return b[d]}throw"unregistered EC curve name: "+d};this.regist=function(A,l,o,g,m,e,j,f,k,u,d,x){b[A]={};var s=a(o);var z=a(g);var y=a(m);var t=a(e);var w=a(j);var r=new ECCurveFp(s,z,y);var q=r.decodePointHex("04"+f+k);b[A]["name"]=A;b[A]["keylen"]=l;b[A]["keycharlen"]=Math.ceil(l/8)*2;b[A]["curve"]=r;b[A]["G"]=q;b[A]["n"]=t;b[A]["h"]=w;b[A]["oid"]=d;b[A]["info"]=x;for(var v=0;v=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw new Error("KEYUTIL unsupported algorithm: "+t)}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw new Error("malformed format: SEQUENCE(0).items != 2: "+r.length)}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0).items != 2: "+A.length)}if(w(y,A[0])!="2a864886f70d01050d"){throw new Error("this only supports pkcs5PBES2")}var p=z(y,A[1]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1).items != 2: "+p.length)}var q=z(y,p[1]);if(q.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length)}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length)}if(w(y,s[0])!="2a864886f70d01050c"){throw new Error("this only supports pkcs5PBKDF2")}var x=z(y,s[1]);if(x.length<2){throw new Error("malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length)}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw new Error("malformed format pbkdf2Iter: "+u)}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw new Error("malformed plain PKCS8 private key(code:001)")}var r=u(s,0);if(r.length<3){throw new Error("malformed plain PKCS8 private key(code:002)")}if(s.substr(r[1],2)!="30"){throw new Error("malformed PKCS8 private key(code:003)")}var p=u(s,r[1]);if(p.length!=2){throw new Error("malformed PKCS8 private key(code:004)")}if(s.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 private key(code:005)")}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw new Error("malformed PKCS8 private key(code:006)")}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported private key algorithm")}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported PKCS#8 public key hex")}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw new Error("malformed RSA key(code:001)")}var q=t(r,0);if(q.length!=2){throw new Error("malformed RSA key(code:002)")}if(r.substr(q[0],2)!="02"){throw new Error("malformed RSA key(code:003)")}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw new Error("malformed RSA key(code:004)")}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw new Error("outer DERSequence shall have 2 elements: "+r.length)}var w=r[0];if(t.substr(w,2)!="30"){throw new Error("malformed PKCS8 public key(code:001)")}var p=u(t,w);if(p.length!=2){throw new Error("malformed PKCS8 public key(code:002)")}if(t.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 public key(code:003)")}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw new Error("malformed PKCS8 public key(code:004)")}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw new Error("unsupported PKCS#1/5 hexadecimal key")}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw new Error("undefined OID(hex) in KJUR.crypto.OID: "+f)}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw new Error("unknown algorithm: "+a)}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var H=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return H}function B(H){var s=l({seq:[{"int":1},{octstr:{hex:H.prvKeyHex}},{tag:["a0",true,{oid:{name:H.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+H.pubKeyHex}}]}]});return s}function x(s){var H=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return H}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.tohex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.tohex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.tohex();var h=B(b);var t=h.tohex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.tohex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(H,s){var J=c(H,s);var I=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:J.pbkdf2Salt}},{"int":J.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:J.encryptionSchemeIV}}]}]}]},{octstr:{hex:J.ciphertext}}]});return I.tohex()};var c=function(O,P){var I=100;var N=CryptoJS.lib.WordArray.random(8);var M="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var J=CryptoJS.PBKDF2(P,N,{keySize:192/32,iterations:I});var K=CryptoJS.enc.Hex.parse(O);var L=CryptoJS.TripleDES.encrypt(K,J,{iv:s})+"";var H={};H.ciphertext=L;H.pbkdf2Salt=CryptoJS.enc.Hex.stringify(N);H.pbkdf2Iter=I;H.encryptionSchemeAlg=M;H.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return H};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var G={seq:[{"int":1},{octstr:{hex:b.prvKeyHex}}]};if(typeof b.pubKeyHex=="string"){G.seq.push({tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]})}var g=new l(G);var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw new Error("malformed CSR(code:001)")}var e=f(g,0);if(e.length<1){throw new Error("malformed CSR(code:002)")}if(g.substr(e[0],2)!="30"){throw new Error("malformed CSR(code:003)")}var a=f(g,e[0]);if(a.length<3){throw new Error("malformed CSR(code:004)")}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWK=function(d,h,g,b,f){var i;var k={};var e;var c=KJUR.crypto.Util.hashHex;if(typeof d=="string"){i=KEYUTIL.getKey(d);if(d.indexOf("CERTIFICATE")!=-1){e=pemtohex(d)}}else{if(typeof d=="object"){if(d instanceof X509){i=d.getPublicKey();e=d.hex}else{i=d}}else{throw new Error("unsupported keyinfo type")}}if(i instanceof RSAKey&&i.isPrivate){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16));k.d=hextob64u(i.d.toString(16));k.p=hextob64u(i.p.toString(16));k.q=hextob64u(i.q.toString(16));k.dp=hextob64u(i.dmp1.toString(16));k.dq=hextob64u(i.dmq1.toString(16));k.qi=hextob64u(i.coeff.toString(16))}else{if(i instanceof RSAKey&&i.isPublic){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16))}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPrivate){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y);k.d=hextob64u(i.prvKeyHex)}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPublic){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y)}}}}if(k.kty==undefined){throw new Error("unsupported keyinfo")}if((!i.isPrivate)&&h!=true){k.kid=KJUR.jws.JWS.getJWKthumbprint(k)}if(e!=undefined&&g!=true){k.x5c=[hex2b64(e)]}if(e!=undefined&&b!=true){k.x5t=b64tob64u(hex2b64(c(e,"sha1")))}if(e!=undefined&&f!=true){k["x5t#S256"]=b64tob64u(hex2b64(c(e,"sha256")))}return k};KEYUTIL.getJWKFromKey=function(a){return KEYUTIL.getJWK(a,true,true,true,true)}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dk){return false}var j=this.doPublic(b);var i=j.toString(16);if(i.length+3!=k/4){return false}var e=i.replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(m){return KJUR.crypto.Util.hashString(m,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};var e=function(E){var z={};try{var B=E.seq[0].oid;var D=KJUR.asn1.x509.OID.name2oid(B);z.type=KJUR.asn1.x509.OID.oid2atype(D);var A=E.seq[1];if(A.utf8str!=undefined){z.ds="utf8";z.value=A.utf8str.str}else{if(A.numstr!=undefined){z.ds="num";z.value=A.numstr.str}else{if(A.telstr!=undefined){z.ds="tel";z.value=A.telstr.str}else{if(A.prnstr!=undefined){z.ds="prn";z.value=A.prnstr.str}else{if(A.ia5str!=undefined){z.ds="ia5";z.value=A.ia5str.str}else{if(A.visstr!=undefined){z.ds="vis";z.value=A.visstr.str}else{if(A.bmpstr!=undefined){z.ds="bmp";z.value=A.bmpstr.str}else{throw"error"}}}}}}}return z}catch(C){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(A){try{return A.set.map(function(B){return e(B)})}catch(z){throw new Error("improper ASN.1 parsed RDN: "+z)}};var h=function(A){try{return A.seq.map(function(B){return i(B)})}catch(z){throw new Error("improper ASN.1 parsed X500Name: "+z)}};this.getX500NameRule=function(z){var G=true;var K=true;var J=false;var A="";var D="";var M=null;var H=[];for(var C=0;C0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};var e=function(E){var z={};try{var B=E.seq[0].oid;var D=KJUR.asn1.x509.OID.name2oid(B);z.type=KJUR.asn1.x509.OID.oid2atype(D);var A=E.seq[1];if(A.utf8str!=undefined){z.ds="utf8";z.value=A.utf8str.str}else{if(A.numstr!=undefined){z.ds="num";z.value=A.numstr.str}else{if(A.telstr!=undefined){z.ds="tel";z.value=A.telstr.str}else{if(A.prnstr!=undefined){z.ds="prn";z.value=A.prnstr.str}else{if(A.ia5str!=undefined){z.ds="ia5";z.value=A.ia5str.str}else{if(A.visstr!=undefined){z.ds="vis";z.value=A.visstr.str}else{if(A.bmpstr!=undefined){z.ds="bmp";z.value=A.bmpstr.str}else{throw"error"}}}}}}}return z}catch(C){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(A){try{return A.set.map(function(B){return e(B)})}catch(z){throw new Error("improper ASN.1 parsed RDN: "+z)}};var h=function(A){try{return A.seq.map(function(B){return i(B)})}catch(z){throw new Error("improper ASN.1 parsed X500Name: "+z)}};this.getX500NameRule=function(z){var G=true;var K=true;var J=false;var A="";var D="";var M=null;var H=[];for(var C=0;C0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;if(!isBase64URLDot(e)){return false}var k=e.split(".");if(k.length!=3){return false}var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/jsrsasign-jwths-min.js b/jsrsasign-jwths-min.js index 1680a6e3..55539a29 100644 --- a/jsrsasign-jwths-min.js +++ b/jsrsasign-jwths-min.js @@ -1,8 +1,8 @@ /* - * jsrsasign(jwths) 10.7.0 (2023-03-12) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(jwths) 10.8.0 (2023-04-08) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license */ -var VERSION = "10.7.0"; -var VERSION_FULL = "jsrsasign(jwths) 10.7.0 (2023-03-12) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; +var VERSION = "10.8.0"; +var VERSION_FULL = "jsrsasign(jwths) 10.8.0 (2023-04-08) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; /*! CryptoJS v3.1.2 core-fix.js * code.google.com/p/crypto-js @@ -113,6 +113,6 @@ var rng_state;var rng_pool;var rng_pptr;function rng_seed_int(a){rng_pool[rng_pp /*! Mike Samuel (c) 2009 | code.google.com/p/json-sans-eval */ var jsonParse=(function(){var e="(?:-?\\b(?:0|[1-9][0-9]*)(?:\\.[0-9]+)?(?:[eE][+-]?[0-9]+)?\\b)";var j='(?:[^\\0-\\x08\\x0a-\\x1f"\\\\]|\\\\(?:["/\\\\bfnrt]|u[0-9A-Fa-f]{4}))';var i='(?:"'+j+'*")';var d=new RegExp("(?:false|true|null|[\\{\\}\\[\\]]|"+e+"|"+i+")","g");var k=new RegExp("\\\\(?:([^u])|u(.{4}))","g");var g={'"':'"',"/":"/","\\":"\\",b:"\b",f:"\f",n:"\n",r:"\r",t:"\t"};function h(l,m,n){return m?g[m]:String.fromCharCode(parseInt(n,16))}var c=new String("");var a="\\";var f={"{":Object,"[":Array};var b=Object.hasOwnProperty;return function(u,q){var p=u.match(d);var x;var v=p[0];var l=false;if("{"===v){x={}}else{if("["===v){x=[]}else{x=[];l=true}}var t;var r=[x];for(var o=1-l,m=p.length;o=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); -var KJUR;if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.lang=="undefined"||!KJUR.lang){KJUR.lang={}}KJUR.lang.String=function(){};function Base64x(){}function stoBA(d){var b=new Array();for(var c=0;c>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function extendClass(c,a){var b=function(){};b.prototype=a.prototype;c.prototype=new b();c.prototype.constructor=c;c.superclass=a.prototype;if(a.prototype.constructor==Object.prototype.constructor){a.prototype.constructor=a}}; +var KJUR;if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.lang=="undefined"||!KJUR.lang){KJUR.lang={}}KJUR.lang.String=function(){};function Base64x(){}function stoBA(d){var b=new Array();for(var c=0;c>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;if(!isBase64URLDot(e)){return false}var k=e.split(".");if(k.length!=3){return false}var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriod=a.length){return null}}var e="";while(++f191)&&(h<224)){e+=String.fromCharCode(((h&31)<<6)|(a[f+1]&63));++f}else{e+=String.fromCharCode(((h&15)<<12)|((a[f+1]&63)<<6)|(a[f+2]&63));f+=2}}}return e}function oaep_mgf1_str(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255]));d+=1}return b}function oaep_unpad(o,b,g,p){var e=KJUR.crypto.MessageDigest;var r=KJUR.crypto.Util;var c=null;if(!g){g="sha1"}if(typeof g==="string"){c=e.getCanonicalAlgName(g);p=e.getHashLength(c);g=function(d){return hextorstr(r.hashHex(rstrtohex(d),c))}}o=o.toByteArray();var h;for(h=0;h0&&a.length>0){this.n=parseBigInt(c,16);this.e=parseInt(a,16);this.d=parseBigInt(b,16)}else{throw"Invalid RSA private key"}}}function RSASetPrivateEx(g,d,e,c,b,a,h,f){this.isPrivate=true;this.isPublic=false;if(g==null){throw"RSASetPrivateEx N == null"}if(d==null){throw"RSASetPrivateEx E == null"}if(g.length==0){throw"RSASetPrivateEx N.length == 0"}if(d.length==0){throw"RSASetPrivateEx E.length == 0"}if(g!=null&&d!=null&&g.length>0&&d.length>0){this.n=parseBigInt(g,16);this.e=parseInt(d,16);this.d=parseBigInt(e,16);this.p=parseBigInt(c,16);this.q=parseBigInt(b,16);this.dmp1=parseBigInt(a,16);this.dmq1=parseBigInt(h,16);this.coeff=parseBigInt(f,16)}else{throw"Invalid RSA private key in RSASetPrivateEx"}}function RSAGenerate(b,l){var a=new SecureRandom();var g=b>>1;this.e=parseInt(l,16);var c=new BigInteger(l,16);var d=(b/2)-100;var k=BigInteger.ONE.shiftLeft(d);for(;;){for(;;){this.p=new BigInteger(b-g,1,a);if(this.p.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.p.isProbablePrime(10)){break}}for(;;){this.q=new BigInteger(g,1,a);if(this.q.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.q.isProbablePrime(10)){break}}if(this.p.compareTo(this.q)<=0){var j=this.p;this.p=this.q;this.q=j}var h=this.q.subtract(this.p).abs();if(h.bitLength()>3)}function RSADecryptOAEP(e,d,b){if(e.length!=Math.ceil(this.n.bitLength()/4)){throw new Error("wrong ctext length")}var f=parseBigInt(e,16);var a=this.doPrivate(f);if(a==null){return null}return oaep_unpad(a,(this.n.bitLength()+7)>>3,d,b)}RSAKey.prototype.doPrivate=RSADoPrivate;RSAKey.prototype.setPrivate=RSASetPrivate;RSAKey.prototype.setPrivateEx=RSASetPrivateEx;RSAKey.prototype.generate=RSAGenerate;RSAKey.prototype.decrypt=RSADecrypt;RSAKey.prototype.decryptOAEP=RSADecryptOAEP; -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw new Error("ASN.1 length too long to represent by 8x: n = "+j.toString(16))}var g=128+h;return g.toString(16)+i}};this.tohex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.getValueHex=function(){this.tohex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};extendClass(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.setByParam=function(d){this.hV=null;this.hTLV=null;this.params=d};this.getString=function(){return undefined};this.setString=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.str=d};this.setByDate=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.date=d};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};extendClass(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};extendClass(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};extendClass(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};extendClass(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.tohex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||715){throw new Error("ASN.1 length too long to represent by 8x: n = "+j.toString(16))}var g=128+h;return g.toString(16)+i}};this.tohex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.getValueHex=function(){this.tohex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};extendClass(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.setByParam=function(d){this.hV=null;this.hTLV=null;this.params=d};this.getString=function(){return undefined};this.setString=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.str=d};this.setByDate=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.date=d};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};extendClass(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};extendClass(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};extendClass(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(b){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.params=null;var a=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex;this.setByBigInteger=function(c){this.isModified=true;this.params={bigint:c}};this.setByInteger=function(c){this.isModified=true;this.params=c};this.setValueHex=function(c){this.isModified=true;this.params={hex:c}};this.getFreshValueHex=function(){var d=this.params;var c=null;if(d==null){throw new Error("value not set")}if(typeof d=="object"&&d.hex!=undefined){this.hV=d.hex;return this.hV}if(typeof d=="number"){c=new BigInteger(String(d),10)}else{if(d["int"]!=undefined){c=new BigInteger(String(d["int"]),10)}else{if(d.bigint!=undefined){c=d.bigint}else{throw new Error("wrong parameter")}}}this.hV=a(c);return this.hV};if(b!=undefined){this.params=b}};extendClass(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.tohex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.getInt=function(e,b,f){if(f==undefined){f=-1}try{var c=e.substr(b,2);if(c!="02"&&c!="03"){return f}var a=ASN1HEX.getV(e,b);if(c=="02"){return parseInt(a,16)}else{return bitstrtoint(a)}}catch(d){return f}};ASN1HEX.getOID=function(c,a,d){if(d==undefined){d=null}try{if(c.substr(a,2)!="06"){return d}var e=ASN1HEX.getV(c,a);return hextooid(e)}catch(b){return d}};ASN1HEX.getOIDName=function(d,a,f){if(f==undefined){f=null}try{var e=ASN1HEX.getOID(d,a,f);if(e==f){return f}var b=KJUR.asn1.x509.OID.oid2name(e);if(b==""){return e}return b}catch(c){return f}};ASN1HEX.getString=function(d,b,e){if(e==undefined){e=null}try{var a=ASN1HEX.getV(d,b);return hextorstr(a)}catch(c){return e}};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.tohex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+ucs2hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u4){return{"enum":{hex:p}}}else{return{"enum":parseInt(p,16)}}}else{if(C=="30"||C=="31"){j[c[C]]=u(x);return j}else{if(C=="14"){var o=q(p);j[c[C]]={str:o};return j}else{if(C=="1e"){var o=n(p);j[c[C]]={str:o};return j}else{if(":0c:12:13:16:17:18:1a:".indexOf(C)!=-1){var o=k(p);j[c[C]]={str:o};return j}else{if(C.match(/^8[0-9]$/)){var o=k(p);if(o==null|o==""){return{tag:{tag:C,explicit:false,hex:p}}}else{if(o.match(/[\x00-\x1F\x7F-\x9F]/)!=null||o.match(/[\u0000-\u001F\u0080–\u009F]/)!=null){return{tag:{tag:C,explicit:false,hex:p}}}else{return{tag:{tag:C,explicit:false,str:o}}}}}else{if(C.match(/^a[0-9]$/)){try{if(!a(p)){throw new Error("not encap")}return{tag:{tag:C,explicit:true,obj:f(p)}}}catch(z){return{tag:{tag:C,explicit:true,hex:p}}}}else{var A=new KJUR.asn1.ASN1Object();A.hV=p;var w=A.getLengthHexFromValue();return{asn1:{tlv:C+w+p}}}}}}}}}}}}}}}};ASN1HEX.isContextTag=function(c,b){c=c.toLowerCase();var f,e;try{f=parseInt(c,16)}catch(d){return -1}if(b===undefined){if((f&192)==128){return true}else{return false}}try{var a=b.match(/^\[[0-9]+\]$/);if(a==null){return false}e=parseInt(b.substr(1,b.length-1),10);if(e>31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;e>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function extendClass(c,a){var b=function(){};b.prototype=a.prototype;c.prototype=new b();c.prototype.constructor=c;c.superclass=a.prototype;if(a.prototype.constructor==Object.prototype.constructor){a.prototype.constructor=a}}; +var KJUR;if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.lang=="undefined"||!KJUR.lang){KJUR.lang={}}KJUR.lang.String=function(){};function Base64x(){}function stoBA(d){var b=new Array();for(var c=0;c>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dk){return false}var j=this.doPublic(b);var i=j.toString(16);if(i.length+3!=k/4){return false}var e=i.replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(m){return KJUR.crypto.Util.hashString(m,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q15){throw new Error("ASN.1 length too long to represent by 8x: n = "+j.toString(16))}var g=128+h;return g.toString(16)+i}};this.tohex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.getValueHex=function(){this.tohex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};extendClass(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.setByParam=function(d){this.hV=null;this.hTLV=null;this.params=d};this.getString=function(){return undefined};this.setString=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.str=d};this.setByDate=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.date=d};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};extendClass(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};extendClass(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};extendClass(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};extendClass(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.tohex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||715){throw new Error("ASN.1 length too long to represent by 8x: n = "+j.toString(16))}var g=128+h;return g.toString(16)+i}};this.tohex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.getValueHex=function(){this.tohex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};extendClass(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.setByParam=function(d){this.hV=null;this.hTLV=null;this.params=d};this.getString=function(){return undefined};this.setString=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.str=d};this.setByDate=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.date=d};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};extendClass(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};extendClass(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};extendClass(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(b){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.params=null;var a=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex;this.setByBigInteger=function(c){this.isModified=true;this.params={bigint:c}};this.setByInteger=function(c){this.isModified=true;this.params=c};this.setValueHex=function(c){this.isModified=true;this.params={hex:c}};this.getFreshValueHex=function(){var d=this.params;var c=null;if(d==null){throw new Error("value not set")}if(typeof d=="object"&&d.hex!=undefined){this.hV=d.hex;return this.hV}if(typeof d=="number"){c=new BigInteger(String(d),10)}else{if(d["int"]!=undefined){c=new BigInteger(String(d["int"]),10)}else{if(d.bigint!=undefined){c=d.bigint}else{throw new Error("wrong parameter")}}}this.hV=a(c);return this.hV};if(b!=undefined){this.params=b}};extendClass(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.tohex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function extendClass(c,a){var b=function(){};b.prototype=a.prototype;c.prototype=new b();c.prototype.constructor=c;c.superclass=a.prototype;if(a.prototype.constructor==Object.prototype.constructor){a.prototype.constructor=a}}; \ No newline at end of file +var KJUR;if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.lang=="undefined"||!KJUR.lang){KJUR.lang={}}KJUR.lang.String=function(){};function Base64x(){}function stoBA(d){var b=new Array();for(var c=0;c>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;b1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};var e=function(E){var z={};try{var B=E.seq[0].oid;var D=KJUR.asn1.x509.OID.name2oid(B);z.type=KJUR.asn1.x509.OID.oid2atype(D);var A=E.seq[1];if(A.utf8str!=undefined){z.ds="utf8";z.value=A.utf8str.str}else{if(A.numstr!=undefined){z.ds="num";z.value=A.numstr.str}else{if(A.telstr!=undefined){z.ds="tel";z.value=A.telstr.str}else{if(A.prnstr!=undefined){z.ds="prn";z.value=A.prnstr.str}else{if(A.ia5str!=undefined){z.ds="ia5";z.value=A.ia5str.str}else{if(A.visstr!=undefined){z.ds="vis";z.value=A.visstr.str}else{if(A.bmpstr!=undefined){z.ds="bmp";z.value=A.bmpstr.str}else{throw"error"}}}}}}}return z}catch(C){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(A){try{return A.set.map(function(B){return e(B)})}catch(z){throw new Error("improper ASN.1 parsed RDN: "+z)}};var h=function(A){try{return A.seq.map(function(B){return i(B)})}catch(z){throw new Error("improper ASN.1 parsed X500Name: "+z)}};this.getX500NameRule=function(z){var G=true;var K=true;var J=false;var A="";var D="";var M=null;var H=[];for(var C=0;C0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};var e=function(E){var z={};try{var B=E.seq[0].oid;var D=KJUR.asn1.x509.OID.name2oid(B);z.type=KJUR.asn1.x509.OID.oid2atype(D);var A=E.seq[1];if(A.utf8str!=undefined){z.ds="utf8";z.value=A.utf8str.str}else{if(A.numstr!=undefined){z.ds="num";z.value=A.numstr.str}else{if(A.telstr!=undefined){z.ds="tel";z.value=A.telstr.str}else{if(A.prnstr!=undefined){z.ds="prn";z.value=A.prnstr.str}else{if(A.ia5str!=undefined){z.ds="ia5";z.value=A.ia5str.str}else{if(A.visstr!=undefined){z.ds="vis";z.value=A.visstr.str}else{if(A.bmpstr!=undefined){z.ds="bmp";z.value=A.bmpstr.str}else{throw"error"}}}}}}}return z}catch(C){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(A){try{return A.set.map(function(B){return e(B)})}catch(z){throw new Error("improper ASN.1 parsed RDN: "+z)}};var h=function(A){try{return A.seq.map(function(B){return i(B)})}catch(z){throw new Error("improper ASN.1 parsed X500Name: "+z)}};this.getX500NameRule=function(z){var G=true;var K=true;var J=false;var A="";var D="";var M=null;var H=[];for(var C=0;C0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw new Error("ASN.1 length too long to represent by 8x: n = "+j.toString(16))}var g=128+h;return g.toString(16)+i}};this.tohex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.getValueHex=function(){this.tohex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};extendClass(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.setByParam=function(d){this.hV=null;this.hTLV=null;this.params=d};this.getString=function(){return undefined};this.setString=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.str=d};this.setByDate=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.date=d};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};extendClass(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};extendClass(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};extendClass(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};extendClass(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.tohex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||715){throw new Error("ASN.1 length too long to represent by 8x: n = "+j.toString(16))}var g=128+h;return g.toString(16)+i}};this.tohex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.getValueHex=function(){this.tohex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};extendClass(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.setByParam=function(d){this.hV=null;this.hTLV=null;this.params=d};this.getString=function(){return undefined};this.setString=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.str=d};this.setByDate=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.date=d};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};extendClass(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};extendClass(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};extendClass(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(b){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.params=null;var a=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex;this.setByBigInteger=function(c){this.isModified=true;this.params={bigint:c}};this.setByInteger=function(c){this.isModified=true;this.params=c};this.setValueHex=function(c){this.isModified=true;this.params={hex:c}};this.getFreshValueHex=function(){var d=this.params;var c=null;if(d==null){throw new Error("value not set")}if(typeof d=="object"&&d.hex!=undefined){this.hV=d.hex;return this.hV}if(typeof d=="number"){c=new BigInteger(String(d),10)}else{if(d["int"]!=undefined){c=new BigInteger(String(d["int"]),10)}else{if(d.bigint!=undefined){c=d.bigint}else{throw new Error("wrong parameter")}}}this.hV=a(c);return this.hV};if(b!=undefined){this.params=b}};extendClass(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.tohex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.getInt=function(e,b,f){if(f==undefined){f=-1}try{var c=e.substr(b,2);if(c!="02"&&c!="03"){return f}var a=ASN1HEX.getV(e,b);if(c=="02"){return parseInt(a,16)}else{return bitstrtoint(a)}}catch(d){return f}};ASN1HEX.getOID=function(c,a,d){if(d==undefined){d=null}try{if(c.substr(a,2)!="06"){return d}var e=ASN1HEX.getV(c,a);return hextooid(e)}catch(b){return d}};ASN1HEX.getOIDName=function(d,a,f){if(f==undefined){f=null}try{var e=ASN1HEX.getOID(d,a,f);if(e==f){return f}var b=KJUR.asn1.x509.OID.oid2name(e);if(b==""){return e}return b}catch(c){return f}};ASN1HEX.getString=function(d,b,e){if(e==undefined){e=null}try{var a=ASN1HEX.getV(d,b);return hextorstr(a)}catch(c){return e}};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.tohex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+ucs2hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u4){return{"enum":{hex:p}}}else{return{"enum":parseInt(p,16)}}}else{if(C=="30"||C=="31"){j[c[C]]=u(x);return j}else{if(C=="14"){var o=q(p);j[c[C]]={str:o};return j}else{if(C=="1e"){var o=n(p);j[c[C]]={str:o};return j}else{if(":0c:12:13:16:17:18:1a:".indexOf(C)!=-1){var o=k(p);j[c[C]]={str:o};return j}else{if(C.match(/^8[0-9]$/)){var o=k(p);if(o==null|o==""){return{tag:{tag:C,explicit:false,hex:p}}}else{if(o.match(/[\x00-\x1F\x7F-\x9F]/)!=null||o.match(/[\u0000-\u001F\u0080–\u009F]/)!=null){return{tag:{tag:C,explicit:false,hex:p}}}else{return{tag:{tag:C,explicit:false,str:o}}}}}else{if(C.match(/^a[0-9]$/)){try{if(!a(p)){throw new Error("not encap")}return{tag:{tag:C,explicit:true,obj:f(p)}}}catch(z){return{tag:{tag:C,explicit:true,hex:p}}}}else{var A=new KJUR.asn1.ASN1Object();A.hV=p;var w=A.getLengthHexFromValue();return{asn1:{tlv:C+w+p}}}}}}}}}}}}}}}};ASN1HEX.isContextTag=function(c,b){c=c.toLowerCase();var f,e;try{f=parseInt(c,16)}catch(d){return -1}if(b===undefined){if((f&192)==128){return true}else{return false}}try{var a=b.match(/^\[[0-9]+\]$/);if(a==null){return false}e=parseInt(b.substr(1,b.length-1),10);if(e>31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;e0){n.push(new c({tag:"a3",obj:new j(q.ext)}))}var o=new KJUR.asn1.DERSequence({array:n});return o.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extensions=function(d){KJUR.asn1.x509.Extensions.superclass.constructor.call(this);var c=KJUR,b=c.asn1,a=b.DERSequence,e=b.x509;this.aParam=[];this.setByParam=function(f){this.aParam=f};this.tohex=function(){var f=[];for(var h=0;h-1){i.push(new f({"int":this.pathLen}))}var h=new b({array:i});this.asn1ExtnValue=h;return this.asn1ExtnValue.tohex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(g!==undefined){if(g.cA!==undefined){this.cA=g.cA}if(g.pathLen!==undefined){this.pathLen=g.pathLen}}};extendClass(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.tohex()};this.setByDPArray=function(e){var f=[];for(var g=0;g0){f.push(new b({array:j}))}}var g=new b({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(d!==undefined){this.params=d}};extendClass(KJUR.asn1.x509.PolicyInformation,KJUR.asn1.ASN1Object);KJUR.asn1.x509.PolicyQualifierInfo=function(e){KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,e);var c=KJUR.asn1,b=c.DERSequence,d=c.DERIA5String,f=c.DERObjectIdentifier,a=c.x509.UserNotice;this.params=null;this.tohex=function(){if(this.params.cps!==undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.1"}),new d({str:this.params.cps})]});return g.tohex()}if(this.params.unotice!=undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.2"}),new a(this.params.unotice)]});return g.tohex()}};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.PolicyQualifierInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.UserNotice=function(e){KJUR.asn1.x509.UserNotice.superclass.constructor.call(this,e);var a=KJUR.asn1.DERSequence,d=KJUR.asn1.DERInteger,c=KJUR.asn1.x509.DisplayText,b=KJUR.asn1.x509.NoticeReference;this.params=null;this.tohex=function(){var f=[];if(this.params.noticeref!==undefined){f.push(new b(this.params.noticeref))}if(this.params.exptext!==undefined){f.push(new c(this.params.exptext))}var g=new a({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.UserNotice,KJUR.asn1.ASN1Object);KJUR.asn1.x509.NoticeReference=function(d){KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this,d);var a=KJUR.asn1.DERSequence,c=KJUR.asn1.DERInteger,b=KJUR.asn1.x509.DisplayText;this.params=null;this.tohex=function(){var f=[];if(this.params.org!==undefined){f.push(new b(this.params.org))}if(this.params.noticenum!==undefined){var h=[];var e=this.params.noticenum;for(var j=0;j0){for(var g=0;g0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.X500Name.ldapToOneline=function(a){return KJUR.asn1.x509.X500Name.ldapToCompat(a)};KJUR.asn1.x509.RDN=function(b){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=[];this.paramArray=[];this.sRule="utf8";var a=KJUR.asn1.x509.AttributeTypeAndValue;this.setByParam=function(c){if(c.rule!==undefined){this.sRule=c.rule}if(c.str!==undefined){this.addByMultiValuedString(c.str)}if(c.array!==undefined){this.paramArray=c.array}};this.addByString=function(c){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:c,rule:this.sRule}))};this.addByMultiValuedString=function(e){var c=KJUR.asn1.x509.RDN.parseString(e);for(var d=0;d0){for(var d=0;d0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(c){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);this.sRule="utf8";this.sType=null;this.sValue=null;this.dsType=null;var a=KJUR,g=a.asn1,d=g.DERSequence,l=g.DERUTF8String,i=g.DERPrintableString,h=g.DERTeletexString,b=g.DERIA5String,e=g.DERVisibleString,k=g.DERBMPString,f=a.lang.String.isMail,j=a.lang.String.isPrintable;this.setByParam=function(o){if(o.rule!==undefined){this.sRule=o.rule}if(o.ds!==undefined){this.dsType=o.ds}if(o.value===undefined&&o.str!==undefined){var n=o.str;var m=n.match(/^([^=]+)=(.+)$/);if(m){this.sType=m[1];this.sValue=m[2]}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}}else{this.sType=o.type;this.sValue=o.value}};this.setByString=function(n,o){if(o!==undefined){this.sRule=o}var m=n.match(/^([^=]+)=(.+)$/);if(m){this.setByAttrTypeAndValueStr(m[1],m[2])}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}};this._getDsType=function(){var o=this.sType;var n=this.sValue;var m=this.sRule;if(m==="prn"){if(o=="CN"&&f(n)){return"ia5"}if(j(n)){return"prn"}return"utf8"}else{if(m==="utf8"){if(o=="CN"&&f(n)){return"ia5"}if(o=="C"){return"prn"}return"utf8"}}return"utf8"};this.setByAttrTypeAndValueStr=function(o,n,m){if(m!==undefined){this.sRule=m}this.sType=o;this.sValue=n};this.getValueObj=function(n,m){if(n=="utf8"){return new l({str:m})}if(n=="prn"){return new i({str:m})}if(n=="tel"){return new h({str:m})}if(n=="ia5"){return new b({str:m})}if(n=="vis"){return new e({str:m})}if(n=="bmp"){return new k({str:m})}throw new Error("unsupported directory string type: type="+n+" value="+m)};this.tohex=function(){if(this.dsType==null){this.dsType=this._getDsType()}var n=KJUR.asn1.x509.OID.atype2obj(this.sType);var m=this.getValueObj(this.dsType,this.sValue);var p=new d({array:[n,m]});this.TLV=p.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(c!==undefined){this.setByParam(c)}};extendClass(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,m=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,o=d.AlgorithmIdentifier,g=a.crypto,n=g.ECDSA,c=g.DSA;this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var p=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return p};this.tohex=function(){var p=this.getASN1Object();this.hTLV=p.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.setPubKey=function(q){try{if(q instanceof RSAKey){var u=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var s=u.tohex();this.asn1AlgId=new o({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+s})}}catch(p){}try{if(q instanceof KJUR.crypto.ECDSA){var r=new m({name:q.curveName});this.asn1AlgId=new o({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})}}catch(p){}try{if(q instanceof KJUR.crypto.DSA){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new o({name:"dsa",asn1params:r});var t=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+t.tohex()})}}catch(p){}};if(f!==undefined){this.setPubKey(f)}};extendClass(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.params=null;this.type=null;this.setTimeParams=function(h){this.timeParams=h};this.setByParam=function(h){this.params=h};this.getType=function(h){if(h.match(/^[0-9]{12}Z$/)){return"utc"}if(h.match(/^[0-9]{14}Z$/)){return"gen"}if(h.match(/^[0-9]{12}\.[0-9]+Z$/)){return"utc"}if(h.match(/^[0-9]{14}\.[0-9]+Z$/)){return"gen"}return null};this.tohex=function(){var i=this.params;var h=null;if(typeof i=="string"){i={str:i}}if(i!=null&&i.str&&(i.type==null||i.type==undefined)){i.type=this.getType(i.str)}if(i!=null&&i.str){if(i.type=="utc"){h=new b(i.str)}if(i.type=="gen"){h=new g(i.str)}}else{if(this.type=="gen"){h=new g()}else{h=new b()}}if(h==null){throw new Error("wrong setting for Time")}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(f!=undefined){this.setByParam(f)}};KJUR.asn1.x509.Time_bak=function(f){KJUR.asn1.x509.Time_bak.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.tohex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};extendClass(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1,c=a.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;this.tohex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw new Error("algorithm not specified")}if(this.nameAlg!==null){var f=null;for(var h in c){if(h===this.nameAlg){f=c[h]}}if(f!==null){this.hTLV=f;return this.hTLV}}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var g=[this.asn1Alg];if(this.asn1Params!==null){g.push(this.asn1Params)}var i=new a.DERSequence({array:g});this.hTLV=i.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){if(e.name!==undefined){this.nameAlg=e.name}if(e.asn1params!==undefined){this.asn1Params=e.asn1params}if(e.paramempty!==undefined){this.paramEmpty=e.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){if(this.nameAlg.name!==undefined){this.nameAlg=this.nameAlg.name}var d=this.nameAlg.toLowerCase();if(d.substr(-7,7)!=="withdsa"&&d.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};extendClass(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:"300d06092a864886f70d01010a3000",SHA256withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",SHA384withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",SHA512withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"};KJUR.asn1.x509.GeneralName=function(f){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var l={rfc822:"81",dns:"82",dn:"a4",uri:"86",ip:"87",otherName:"a0"},b=KJUR,h=b.asn1,d=h.x509,a=d.X500Name,g=d.OtherName,e=h.DERIA5String,i=h.DERPrintableString,k=h.DEROctetString,c=h.DERTaggedObject,m=h.ASN1Object,j=Error;this.params=null;this.setByParam=function(n){this.params=n};this.tohex=function(){var p=this.params;var A,y,q;var y=false;if(p.other!==undefined){A="a0",q=new g(p.other)}else{if(p.rfc822!==undefined){A="81";q=new e({str:p.rfc822})}else{if(p.dns!==undefined){A="82";q=new e({str:p.dns})}else{if(p.dn!==undefined){A="a4";y=true;if(typeof p.dn==="string"){q=new a({str:p.dn})}else{if(p.dn instanceof KJUR.asn1.x509.X500Name){q=p.dn}else{q=new a(p.dn)}}}else{if(p.ldapdn!==undefined){A="a4";y=true;q=new a({ldapstr:p.ldapdn})}else{if(p.certissuer!==undefined||p.certsubj!==undefined){A="a4";y=true;var n,o;var z=null;if(p.certsubj!==undefined){n=false;o=p.certsubj}else{n=true;o=p.certissuer}if(o.match(/^[0-9A-Fa-f]+$/)){z==o}if(o.indexOf("-----BEGIN ")!=-1){z=pemtohex(o)}if(z==null){throw new Error("certsubj/certissuer not cert")}var w=new X509();w.hex=z;var s;if(n){s=w.getIssuerHex()}else{s=w.getSubjectHex()}q=new m();q.hTLV=s}else{if(p.uri!==undefined){A="86";q=new e({str:p.uri})}else{if(p.ip!==undefined){A="87";var v;var t=p.ip;try{if(t.match(/^[0-9a-f]+$/)){var r=t.length;if(r==8||r==16||r==32||r==64){v=t}else{throw"err"}}else{v=iptohex(t)}}catch(u){throw new j("malformed IP address: "+p.ip+":"+u.message)}q=new k({hex:v})}else{throw new j("improper params")}}}}}}}}var B=new c({tag:A,explicit:y,obj:q});return B.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e0){var m=b(n.valhex,q[0]);var p=j(m,0);var t=[];for(var o=0;o1){var r=b(n.valhex,q[1]);n.polhex=r}delete n.valhex};this.setSignaturePolicyIdentifier=function(s){var q=j(s.valhex,0);if(q.length>0){var r=l.getOID(s.valhex,q[0]);s.oid=r}if(q.length>1){var m=new a();var t=j(s.valhex,q[1]);var p=b(s.valhex,t[0]);var o=m.getAlgorithmIdentifierName(p);s.alg=o;var n=i(s.valhex,t[1]);s.hash=n}delete s.valhex};this.setSigningCertificateV2=function(o){var s=j(o.valhex,0);if(s.length>0){var n=b(o.valhex,s[0]);var r=j(n,0);var u=[];for(var q=0;q1){var t=b(o.valhex,s[1]);o.polhex=t}delete o.valhex};this.getESSCertID=function(o){var p={};var n=j(o,0);if(n.length>0){var q=i(o,n[0]);p.hash=q}if(n.length>1){var m=b(o,n[1]);var r=this.getIssuerSerial(m);if(r.serial!=undefined){p.serial=r.serial}if(r.issuer!=undefined){p.issuer=r.issuer}}return p};this.getESSCertIDv2=function(q){var s={};var p=j(q,0);if(p.length<1||3r+1){var m=b(q,p[r+1]);var t=this.getIssuerSerial(m);s.issuer=t.issuer;s.serial=t.serial}return s};this.getIssuerSerial=function(q){var r={};var n=j(q,0);var m=b(q,n[0]);var p=h.getGeneralNames(m);var o=p[0].dn;r.issuer=o;var s=i(q,n[1]);r.serial={hex:s};return r};this.getCertificateSet=function(p){var n=j(p,0);var m=[];for(var o=0;o>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function extendClass(c,a){var b=function(){};b.prototype=a.prototype;c.prototype=new b();c.prototype.constructor=c;c.superclass=a.prototype;if(a.prototype.constructor==Object.prototype.constructor){a.prototype.constructor=a}}; +var KJUR;if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.lang=="undefined"||!KJUR.lang){KJUR.lang={}}KJUR.lang.String=function(){};function Base64x(){}function stoBA(d){var b=new Array();for(var c=0;c>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f=0;--u){v=v.twice2D();v.z=f.ONE;if(t.testBit(u)){if(s.testBit(u)){v=v.add2D(y)}else{v=v.add2D(x)}}else{if(s.testBit(u)){v=v.add2D(w)}}}return v}this.getBigRandom=function(r){return new f(r.bitLength(),a).mod(r.subtract(f.ONE)).add(f.ONE)};this.setNamedCurve=function(r){this.ecparams=c.getByName(r);this.prvKeyHex=null;this.pubKeyHex=null;this.curveName=r};this.setPrivateKeyHex=function(r){this.isPrivate=true;this.prvKeyHex=r};this.setPublicKeyHex=function(r){this.isPublic=true;this.pubKeyHex=r};this.getPublicKeyXYHex=function(){var t=this.pubKeyHex;if(t.substr(0,2)!=="04"){throw"this method supports uncompressed format(04) only"}var s=this.ecparams.keycharlen;if(t.length!==2+s*2){throw"malformed public key hex length"}var r={};r.x=t.substr(2,s);r.y=t.substr(2+s);return r};this.getShortNISTPCurveName=function(){var r=this.curveName;if(r==="secp256r1"||r==="NIST P-256"||r==="P-256"||r==="prime256v1"){return"P-256"}if(r==="secp384r1"||r==="NIST P-384"||r==="P-384"){return"P-384"}if(r==="secp521r1"||r==="NIST P-521"||r==="P-521"){return"P-521"}return null};this.generateKeyPairHex=function(){var s=this.ecparams.n;var u=this.getBigRandom(s);var r=this.ecparams.keycharlen;var t=("0000000000"+u.toString(16)).slice(-r);this.setPrivateKeyHex(t);var v=this.generatePublicKeyHex();return{ecprvhex:t,ecpubhex:v}};this.generatePublicKeyHex=function(){var u=new f(this.prvKeyHex,16);var w=this.ecparams.G.multiply(u);var t=w.getX().toBigInteger();var s=w.getY().toBigInteger();var r=this.ecparams.keycharlen;var y=("0000000000"+t.toString(16)).slice(-r);var v=("0000000000"+s.toString(16)).slice(-r);var x="04"+y+v;this.setPublicKeyHex(x);return x};this.signWithMessageHash=function(r){return this.signHex(r,this.prvKeyHex)};this.signHex=function(x,u){var A=new f(u,16);var v=this.ecparams.n;var z=new f(x.substring(0,this.ecparams.keycharlen),16);do{var w=this.getBigRandom(v);var B=this.ecparams.G;var y=B.multiply(w);var t=y.getX().toBigInteger().mod(v)}while(t.compareTo(f.ZERO)<=0);var C=w.modInverse(v).multiply(z.add(A.multiply(t))).mod(v);return m.biRSSigToASN1Sig(t,C)};this.sign=function(w,B){var z=B;var u=this.ecparams.n;var y=f.fromByteArrayUnsigned(w);do{var v=this.getBigRandom(u);var A=this.ecparams.G;var x=A.multiply(v);var t=x.getX().toBigInteger().mod(u)}while(t.compareTo(BigInteger.ZERO)<=0);var C=v.modInverse(u).multiply(y.add(z.multiply(t))).mod(u);return this.serializeSig(t,C)};this.verifyWithMessageHash=function(s,r){return this.verifyHex(s,r,this.pubKeyHex)};this.verifyHex=function(v,y,u){try{var t,B;var w=m.parseSigHex(y);t=w.r;B=w.s;var x=h.decodeFromHex(this.ecparams.curve,u);var z=new f(v.substring(0,this.ecparams.keycharlen),16);return this.verifyRaw(z,t,B,x)}catch(A){return false}};this.verify=function(z,A,u){var w,t;if(Bitcoin.Util.isArray(A)){var y=this.parseSig(A);w=y.r;t=y.s}else{if("object"===typeof A&&A.r&&A.s){w=A.r;t=A.s}else{throw"Invalid value for signature"}}var v;if(u instanceof ECPointFp){v=u}else{if(Bitcoin.Util.isArray(u)){v=h.decodeFrom(this.ecparams.curve,u)}else{throw"Invalid format for pubkey value, must be byte array or ECPointFp"}}var x=f.fromByteArrayUnsigned(z);return this.verifyRaw(x,w,t,v)};this.verifyRaw=function(z,t,E,y){var x=this.ecparams.n;var D=this.ecparams.G;if(t.compareTo(f.ONE)<0||t.compareTo(x)>=0){return false}if(E.compareTo(f.ONE)<0||E.compareTo(x)>=0){return false}var A=E.modInverse(x);var w=z.multiply(A).mod(x);var u=t.multiply(A).mod(x);var B=D.multiply(w).add(y.multiply(u));var C=B.getX().toBigInteger().mod(x);return C.equals(t)};this.serializeSig=function(v,u){var w=v.toByteArraySigned();var t=u.toByteArraySigned();var x=[];x.push(2);x.push(w.length);x=x.concat(w);x.push(2);x.push(t.length);x=x.concat(t);x.unshift(x.length);x.unshift(48);return x};this.parseSig=function(y){var x;if(y[0]!=48){throw new Error("Signature not a valid DERSequence")}x=2;if(y[x]!=2){throw new Error("First element in signature must be a DERInteger")}var w=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];if(y[x]!=2){throw new Error("Second element in signature must be a DERInteger")}var t=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];var v=f.fromByteArrayUnsigned(w);var u=f.fromByteArrayUnsigned(t);return{r:v,s:u}};this.parseSigCompact=function(w){if(w.length!==65){throw"Signature has the wrong length"}var t=w[0]-27;if(t<0||t>7){throw"Invalid signature type"}var x=this.ecparams.n;var v=f.fromByteArrayUnsigned(w.slice(1,33)).mod(x);var u=f.fromByteArrayUnsigned(w.slice(33,65)).mod(x);return{r:v,s:u,i:t}};this.readPKCS5PrvKeyHex=function(u){if(k(u)===false){throw new Error("not ASN.1 hex string")}var r,t,v;try{r=n(u,0,["[0]",0],"06");t=n(u,0,[1],"04");try{v=n(u,0,["[1]",0],"03")}catch(s){}}catch(s){throw new Error("malformed PKCS#1/5 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v);this.setPrivateKeyHex(t);this.isPublic=false};this.readPKCS8PrvKeyHex=function(v){if(k(v)===false){throw new j("not ASN.1 hex string")}var t,r,u,w;try{t=n(v,0,[1,0],"06");r=n(v,0,[1,1],"06");u=n(v,0,[2,0,1],"04");try{w=n(v,0,[2,0,"[1]",0],"03")}catch(s){}}catch(s){throw new j("malformed PKCS#8 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(w);this.setPrivateKeyHex(u);this.isPublic=false};this.readPKCS8PubKeyHex=function(u){if(k(u)===false){throw new j("not ASN.1 hex string")}var t,r,v;try{t=n(u,0,[0,0],"06");r=n(u,0,[0,1],"06");v=n(u,0,[1],"03")}catch(s){throw new j("malformed PKCS#8 ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v)};this.readCertPubKeyHex=function(t,v){if(k(t)===false){throw new j("not ASN.1 hex string")}var r,u;try{r=n(t,0,[0,5,0,1],"06");u=n(t,0,[0,5,1],"03")}catch(s){throw new j("malformed X.509 certificate ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(u)};if(e!==undefined){if(e.curve!==undefined){this.curveName=e.curve}}if(this.curveName===undefined){this.curveName=g}this.setNamedCurve(this.curveName);if(e!==undefined){if(e.prv!==undefined){this.setPrivateKeyHex(e.prv)}if(e.pub!==undefined){this.setPublicKeyHex(e.pub)}}};KJUR.crypto.ECDSA.parseSigHex=function(a){var b=KJUR.crypto.ECDSA.parseSigHexInHexRS(a);var d=new BigInteger(b.r,16);var c=new BigInteger(b.s,16);return{r:d,s:c}};KJUR.crypto.ECDSA.parseSigHexInHexRS=function(f){var j=ASN1HEX,i=j.getChildIdx,g=j.getV;j.checkStrictDER(f,0);if(f.substr(0,2)!="30"){throw new Error("signature is not a ASN.1 sequence")}var h=i(f,0);if(h.length!=2){throw new Error("signature shall have two elements")}var e=h[0];var d=h[1];if(f.substr(e,2)!="02"){throw new Error("1st item not ASN.1 integer")}if(f.substr(d,2)!="02"){throw new Error("2nd item not ASN.1 integer")}var c=g(f,e);var b=g(f,d);return{r:c,s:b}};KJUR.crypto.ECDSA.asn1SigToConcatSig=function(d){var e=KJUR.crypto.ECDSA.parseSigHexInHexRS(d);var b=e.r;var a=e.s;if(b.length>=130&&b.length<=134){if(b.length%2!=0){throw Error("unknown ECDSA sig r length error")}if(a.length%2!=0){throw Error("unknown ECDSA sig s length error")}if(b.substr(0,2)=="00"){b=b.substr(2)}if(a.substr(0,2)=="00"){a=a.substr(2)}var c=Math.max(b.length,a.length);b=("000000"+b).slice(-c);a=("000000"+a).slice(-c);return b+a}if(b.substr(0,2)=="00"&&(b.length%32)==2){b=b.substr(2)}if(a.substr(0,2)=="00"&&(a.length%32)==2){a=a.substr(2)}if((b.length%32)==30){b="00"+b}if((a.length%32)==30){a="00"+a}if(b.length%32!=0){throw Error("unknown ECDSA sig r length error")}if(a.length%32!=0){throw Error("unknown ECDSA sig s length error")}return b+a};KJUR.crypto.ECDSA.concatSigToASN1Sig=function(a){if(a.length%4!=0){throw Error("unknown ECDSA concatinated r-s sig length error")}var c=a.substr(0,a.length/2);var b=a.substr(a.length/2);return KJUR.crypto.ECDSA.hexRSSigToASN1Sig(c,b)};KJUR.crypto.ECDSA.hexRSSigToASN1Sig=function(b,a){var d=new BigInteger(b,16);var c=new BigInteger(a,16);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(d,c)};KJUR.crypto.ECDSA.biRSSigToASN1Sig=function(f,d){var c=KJUR.asn1;var b=new c.DERInteger({bigint:f});var a=new c.DERInteger({bigint:d});var e=new c.DERSequence({array:[b,a]});return e.tohex()};KJUR.crypto.ECDSA.getName=function(a){if(a==="2b8104001f"){return"secp192k1"}if(a==="2a8648ce3d030107"){return"secp256r1"}if(a==="2b8104000a"){return"secp256k1"}if(a==="2b81040021"){return"secp224r1"}if(a==="2b81040022"){return"secp384r1"}if(a==="2b81040023"){return"secp521r1"}if("|secp256r1|NIST P-256|P-256|prime256v1|".indexOf(a)!==-1){return"secp256r1"}if("|secp256k1|".indexOf(a)!==-1){return"secp256k1"}if("|secp224r1|NIST P-224|P-224|".indexOf(a)!==-1){return"secp224r1"}if("|secp384r1|NIST P-384|P-384|".indexOf(a)!==-1){return"secp384r1"}if("|secp521r1|NIST P-521|P-521|".indexOf(a)!==-1){return"secp521r1"}return null}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.ECParameterDB=new function(){var b={};var c={};function a(d){return new BigInteger(d,16)}this.getByName=function(e){var d=e;if(typeof c[d]!="undefined"){d=c[e]}if(typeof b[d]!="undefined"){return b[d]}throw"unregistered EC curve name: "+d};this.regist=function(A,l,o,g,m,e,j,f,k,u,d,x){b[A]={};var s=a(o);var z=a(g);var y=a(m);var t=a(e);var w=a(j);var r=new ECCurveFp(s,z,y);var q=r.decodePointHex("04"+f+k);b[A]["name"]=A;b[A]["keylen"]=l;b[A]["keycharlen"]=Math.ceil(l/8)*2;b[A]["curve"]=r;b[A]["G"]=q;b[A]["n"]=t;b[A]["h"]=w;b[A]["oid"]=d;b[A]["info"]=x;for(var v=0;v=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw new Error("KEYUTIL unsupported algorithm: "+t)}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw new Error("malformed format: SEQUENCE(0).items != 2: "+r.length)}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0).items != 2: "+A.length)}if(w(y,A[0])!="2a864886f70d01050d"){throw new Error("this only supports pkcs5PBES2")}var p=z(y,A[1]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1).items != 2: "+p.length)}var q=z(y,p[1]);if(q.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length)}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length)}if(w(y,s[0])!="2a864886f70d01050c"){throw new Error("this only supports pkcs5PBKDF2")}var x=z(y,s[1]);if(x.length<2){throw new Error("malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length)}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw new Error("malformed format pbkdf2Iter: "+u)}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw new Error("malformed plain PKCS8 private key(code:001)")}var r=u(s,0);if(r.length<3){throw new Error("malformed plain PKCS8 private key(code:002)")}if(s.substr(r[1],2)!="30"){throw new Error("malformed PKCS8 private key(code:003)")}var p=u(s,r[1]);if(p.length!=2){throw new Error("malformed PKCS8 private key(code:004)")}if(s.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 private key(code:005)")}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw new Error("malformed PKCS8 private key(code:006)")}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported private key algorithm")}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported PKCS#8 public key hex")}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw new Error("malformed RSA key(code:001)")}var q=t(r,0);if(q.length!=2){throw new Error("malformed RSA key(code:002)")}if(r.substr(q[0],2)!="02"){throw new Error("malformed RSA key(code:003)")}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw new Error("malformed RSA key(code:004)")}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw new Error("outer DERSequence shall have 2 elements: "+r.length)}var w=r[0];if(t.substr(w,2)!="30"){throw new Error("malformed PKCS8 public key(code:001)")}var p=u(t,w);if(p.length!=2){throw new Error("malformed PKCS8 public key(code:002)")}if(t.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 public key(code:003)")}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw new Error("malformed PKCS8 public key(code:004)")}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw new Error("unsupported PKCS#1/5 hexadecimal key")}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw new Error("undefined OID(hex) in KJUR.crypto.OID: "+f)}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw new Error("unknown algorithm: "+a)}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var H=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return H}function B(H){var s=l({seq:[{"int":1},{octstr:{hex:H.prvKeyHex}},{tag:["a0",true,{oid:{name:H.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+H.pubKeyHex}}]}]});return s}function x(s){var H=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return H}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.tohex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.tohex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.tohex();var h=B(b);var t=h.tohex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.tohex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(H,s){var J=c(H,s);var I=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:J.pbkdf2Salt}},{"int":J.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:J.encryptionSchemeIV}}]}]}]},{octstr:{hex:J.ciphertext}}]});return I.tohex()};var c=function(O,P){var I=100;var N=CryptoJS.lib.WordArray.random(8);var M="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var J=CryptoJS.PBKDF2(P,N,{keySize:192/32,iterations:I});var K=CryptoJS.enc.Hex.parse(O);var L=CryptoJS.TripleDES.encrypt(K,J,{iv:s})+"";var H={};H.ciphertext=L;H.pbkdf2Salt=CryptoJS.enc.Hex.stringify(N);H.pbkdf2Iter=I;H.encryptionSchemeAlg=M;H.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return H};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var G={seq:[{"int":1},{octstr:{hex:b.prvKeyHex}}]};if(typeof b.pubKeyHex=="string"){G.seq.push({tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]})}var g=new l(G);var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw new Error("malformed CSR(code:001)")}var e=f(g,0);if(e.length<1){throw new Error("malformed CSR(code:002)")}if(g.substr(e[0],2)!="30"){throw new Error("malformed CSR(code:003)")}var a=f(g,e[0]);if(a.length<3){throw new Error("malformed CSR(code:004)")}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWK=function(d,h,g,b,f){var i;var k={};var e;var c=KJUR.crypto.Util.hashHex;if(typeof d=="string"){i=KEYUTIL.getKey(d);if(d.indexOf("CERTIFICATE")!=-1){e=pemtohex(d)}}else{if(typeof d=="object"){if(d instanceof X509){i=d.getPublicKey();e=d.hex}else{i=d}}else{throw new Error("unsupported keyinfo type")}}if(i instanceof RSAKey&&i.isPrivate){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16));k.d=hextob64u(i.d.toString(16));k.p=hextob64u(i.p.toString(16));k.q=hextob64u(i.q.toString(16));k.dp=hextob64u(i.dmp1.toString(16));k.dq=hextob64u(i.dmq1.toString(16));k.qi=hextob64u(i.coeff.toString(16))}else{if(i instanceof RSAKey&&i.isPublic){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16))}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPrivate){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y);k.d=hextob64u(i.prvKeyHex)}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPublic){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y)}}}}if(k.kty==undefined){throw new Error("unsupported keyinfo")}if((!i.isPrivate)&&h!=true){k.kid=KJUR.jws.JWS.getJWKthumbprint(k)}if(e!=undefined&&g!=true){k.x5c=[hex2b64(e)]}if(e!=undefined&&b!=true){k.x5t=b64tob64u(hex2b64(c(e,"sha1")))}if(e!=undefined&&f!=true){k["x5t#S256"]=b64tob64u(hex2b64(c(e,"sha256")))}return k};KEYUTIL.getJWKFromKey=function(a){return KEYUTIL.getJWK(a,true,true,true,true)}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dk){return false}var j=this.doPublic(b);var i=j.toString(16);if(i.length+3!=k/4){return false}var e=i.replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(m){return KJUR.crypto.Util.hashString(m,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};var e=function(E){var z={};try{var B=E.seq[0].oid;var D=KJUR.asn1.x509.OID.name2oid(B);z.type=KJUR.asn1.x509.OID.oid2atype(D);var A=E.seq[1];if(A.utf8str!=undefined){z.ds="utf8";z.value=A.utf8str.str}else{if(A.numstr!=undefined){z.ds="num";z.value=A.numstr.str}else{if(A.telstr!=undefined){z.ds="tel";z.value=A.telstr.str}else{if(A.prnstr!=undefined){z.ds="prn";z.value=A.prnstr.str}else{if(A.ia5str!=undefined){z.ds="ia5";z.value=A.ia5str.str}else{if(A.visstr!=undefined){z.ds="vis";z.value=A.visstr.str}else{if(A.bmpstr!=undefined){z.ds="bmp";z.value=A.bmpstr.str}else{throw"error"}}}}}}}return z}catch(C){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(A){try{return A.set.map(function(B){return e(B)})}catch(z){throw new Error("improper ASN.1 parsed RDN: "+z)}};var h=function(A){try{return A.seq.map(function(B){return i(B)})}catch(z){throw new Error("improper ASN.1 parsed X500Name: "+z)}};this.getX500NameRule=function(z){var G=true;var K=true;var J=false;var A="";var D="";var M=null;var H=[];for(var C=0;C0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};var e=function(E){var z={};try{var B=E.seq[0].oid;var D=KJUR.asn1.x509.OID.name2oid(B);z.type=KJUR.asn1.x509.OID.oid2atype(D);var A=E.seq[1];if(A.utf8str!=undefined){z.ds="utf8";z.value=A.utf8str.str}else{if(A.numstr!=undefined){z.ds="num";z.value=A.numstr.str}else{if(A.telstr!=undefined){z.ds="tel";z.value=A.telstr.str}else{if(A.prnstr!=undefined){z.ds="prn";z.value=A.prnstr.str}else{if(A.ia5str!=undefined){z.ds="ia5";z.value=A.ia5str.str}else{if(A.visstr!=undefined){z.ds="vis";z.value=A.visstr.str}else{if(A.bmpstr!=undefined){z.ds="bmp";z.value=A.bmpstr.str}else{throw"error"}}}}}}}return z}catch(C){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(A){try{return A.set.map(function(B){return e(B)})}catch(z){throw new Error("improper ASN.1 parsed RDN: "+z)}};var h=function(A){try{return A.seq.map(function(B){return i(B)})}catch(z){throw new Error("improper ASN.1 parsed X500Name: "+z)}};this.getX500NameRule=function(z){var G=true;var K=true;var J=false;var A="";var D="";var M=null;var H=[];for(var C=0;C0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;if(!isBase64URLDot(e)){return false}var k=e.split(".");if(k.length!=3){return false}var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/npm/lib/jsrsasign-jwths-min.js b/npm/lib/jsrsasign-jwths-min.js index 1680a6e3..55539a29 100644 --- a/npm/lib/jsrsasign-jwths-min.js +++ b/npm/lib/jsrsasign-jwths-min.js @@ -1,8 +1,8 @@ /* - * jsrsasign(jwths) 10.7.0 (2023-03-12) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license + * jsrsasign(jwths) 10.8.0 (2023-04-08) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license */ -var VERSION = "10.7.0"; -var VERSION_FULL = "jsrsasign(jwths) 10.7.0 (2023-03-12) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; +var VERSION = "10.8.0"; +var VERSION_FULL = "jsrsasign(jwths) 10.8.0 (2023-04-08) (c) 2010-2023 Kenji Urushima | kjur.github.io/jsrsasign/license"; /*! CryptoJS v3.1.2 core-fix.js * code.google.com/p/crypto-js @@ -113,6 +113,6 @@ var rng_state;var rng_pool;var rng_pptr;function rng_seed_int(a){rng_pool[rng_pp /*! Mike Samuel (c) 2009 | code.google.com/p/json-sans-eval */ var jsonParse=(function(){var e="(?:-?\\b(?:0|[1-9][0-9]*)(?:\\.[0-9]+)?(?:[eE][+-]?[0-9]+)?\\b)";var j='(?:[^\\0-\\x08\\x0a-\\x1f"\\\\]|\\\\(?:["/\\\\bfnrt]|u[0-9A-Fa-f]{4}))';var i='(?:"'+j+'*")';var d=new RegExp("(?:false|true|null|[\\{\\}\\[\\]]|"+e+"|"+i+")","g");var k=new RegExp("\\\\(?:([^u])|u(.{4}))","g");var g={'"':'"',"/":"/","\\":"\\",b:"\b",f:"\f",n:"\n",r:"\r",t:"\t"};function h(l,m,n){return m?g[m]:String.fromCharCode(parseInt(n,16))}var c=new String("");var a="\\";var f={"{":Object,"[":Array};var b=Object.hasOwnProperty;return function(u,q){var p=u.match(d);var x;var v=p[0];var l=false;if("{"===v){x={}}else{if("["===v){x=[]}else{x=[];l=true}}var t;var r=[x];for(var o=1-l,m=p.length;o=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); -var KJUR;if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.lang=="undefined"||!KJUR.lang){KJUR.lang={}}KJUR.lang.String=function(){};function Base64x(){}function stoBA(d){var b=new Array();for(var c=0;c>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function extendClass(c,a){var b=function(){};b.prototype=a.prototype;c.prototype=new b();c.prototype.constructor=c;c.superclass=a.prototype;if(a.prototype.constructor==Object.prototype.constructor){a.prototype.constructor=a}}; +var KJUR;if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.lang=="undefined"||!KJUR.lang){KJUR.lang={}}KJUR.lang.String=function(){};function Base64x(){}function stoBA(d){var b=new Array();for(var c=0;c>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;if(!isBase64URLDot(e)){return false}var k=e.split(".");if(k.length!=3){return false}var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriod=a.length){return null}}var e="";while(++f191)&&(h<224)){e+=String.fromCharCode(((h&31)<<6)|(a[f+1]&63));++f}else{e+=String.fromCharCode(((h&15)<<12)|((a[f+1]&63)<<6)|(a[f+2]&63));f+=2}}}return e}function oaep_mgf1_str(c,a,e){var b="",d=0;while(b.length>24,(d&16711680)>>16,(d&65280)>>8,d&255]));d+=1}return b}function oaep_unpad(o,b,g,p){var e=KJUR.crypto.MessageDigest;var r=KJUR.crypto.Util;var c=null;if(!g){g="sha1"}if(typeof g==="string"){c=e.getCanonicalAlgName(g);p=e.getHashLength(c);g=function(d){return hextorstr(r.hashHex(rstrtohex(d),c))}}o=o.toByteArray();var h;for(h=0;h0&&a.length>0){this.n=parseBigInt(c,16);this.e=parseInt(a,16);this.d=parseBigInt(b,16)}else{throw"Invalid RSA private key"}}}function RSASetPrivateEx(g,d,e,c,b,a,h,f){this.isPrivate=true;this.isPublic=false;if(g==null){throw"RSASetPrivateEx N == null"}if(d==null){throw"RSASetPrivateEx E == null"}if(g.length==0){throw"RSASetPrivateEx N.length == 0"}if(d.length==0){throw"RSASetPrivateEx E.length == 0"}if(g!=null&&d!=null&&g.length>0&&d.length>0){this.n=parseBigInt(g,16);this.e=parseInt(d,16);this.d=parseBigInt(e,16);this.p=parseBigInt(c,16);this.q=parseBigInt(b,16);this.dmp1=parseBigInt(a,16);this.dmq1=parseBigInt(h,16);this.coeff=parseBigInt(f,16)}else{throw"Invalid RSA private key in RSASetPrivateEx"}}function RSAGenerate(b,l){var a=new SecureRandom();var g=b>>1;this.e=parseInt(l,16);var c=new BigInteger(l,16);var d=(b/2)-100;var k=BigInteger.ONE.shiftLeft(d);for(;;){for(;;){this.p=new BigInteger(b-g,1,a);if(this.p.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.p.isProbablePrime(10)){break}}for(;;){this.q=new BigInteger(g,1,a);if(this.q.subtract(BigInteger.ONE).gcd(c).compareTo(BigInteger.ONE)==0&&this.q.isProbablePrime(10)){break}}if(this.p.compareTo(this.q)<=0){var j=this.p;this.p=this.q;this.q=j}var h=this.q.subtract(this.p).abs();if(h.bitLength()>3)}function RSADecryptOAEP(e,d,b){if(e.length!=Math.ceil(this.n.bitLength()/4)){throw new Error("wrong ctext length")}var f=parseBigInt(e,16);var a=this.doPrivate(f);if(a==null){return null}return oaep_unpad(a,(this.n.bitLength()+7)>>3,d,b)}RSAKey.prototype.doPrivate=RSADoPrivate;RSAKey.prototype.setPrivate=RSASetPrivate;RSAKey.prototype.setPrivateEx=RSASetPrivateEx;RSAKey.prototype.generate=RSAGenerate;RSAKey.prototype.decrypt=RSADecrypt;RSAKey.prototype.decryptOAEP=RSADecryptOAEP; -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw new Error("ASN.1 length too long to represent by 8x: n = "+j.toString(16))}var g=128+h;return g.toString(16)+i}};this.tohex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.getValueHex=function(){this.tohex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};extendClass(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.setByParam=function(d){this.hV=null;this.hTLV=null;this.params=d};this.getString=function(){return undefined};this.setString=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.str=d};this.setByDate=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.date=d};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};extendClass(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};extendClass(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};extendClass(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};extendClass(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.tohex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||715){throw new Error("ASN.1 length too long to represent by 8x: n = "+j.toString(16))}var g=128+h;return g.toString(16)+i}};this.tohex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.getValueHex=function(){this.tohex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};extendClass(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.setByParam=function(d){this.hV=null;this.hTLV=null;this.params=d};this.getString=function(){return undefined};this.setString=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.str=d};this.setByDate=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.date=d};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};extendClass(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};extendClass(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};extendClass(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(b){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.params=null;var a=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex;this.setByBigInteger=function(c){this.isModified=true;this.params={bigint:c}};this.setByInteger=function(c){this.isModified=true;this.params=c};this.setValueHex=function(c){this.isModified=true;this.params={hex:c}};this.getFreshValueHex=function(){var d=this.params;var c=null;if(d==null){throw new Error("value not set")}if(typeof d=="object"&&d.hex!=undefined){this.hV=d.hex;return this.hV}if(typeof d=="number"){c=new BigInteger(String(d),10)}else{if(d["int"]!=undefined){c=new BigInteger(String(d["int"]),10)}else{if(d.bigint!=undefined){c=d.bigint}else{throw new Error("wrong parameter")}}}this.hV=a(c);return this.hV};if(b!=undefined){this.params=b}};extendClass(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.tohex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.getInt=function(e,b,f){if(f==undefined){f=-1}try{var c=e.substr(b,2);if(c!="02"&&c!="03"){return f}var a=ASN1HEX.getV(e,b);if(c=="02"){return parseInt(a,16)}else{return bitstrtoint(a)}}catch(d){return f}};ASN1HEX.getOID=function(c,a,d){if(d==undefined){d=null}try{if(c.substr(a,2)!="06"){return d}var e=ASN1HEX.getV(c,a);return hextooid(e)}catch(b){return d}};ASN1HEX.getOIDName=function(d,a,f){if(f==undefined){f=null}try{var e=ASN1HEX.getOID(d,a,f);if(e==f){return f}var b=KJUR.asn1.x509.OID.oid2name(e);if(b==""){return e}return b}catch(c){return f}};ASN1HEX.getString=function(d,b,e){if(e==undefined){e=null}try{var a=ASN1HEX.getV(d,b);return hextorstr(a)}catch(c){return e}};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.tohex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+ucs2hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u4){return{"enum":{hex:p}}}else{return{"enum":parseInt(p,16)}}}else{if(C=="30"||C=="31"){j[c[C]]=u(x);return j}else{if(C=="14"){var o=q(p);j[c[C]]={str:o};return j}else{if(C=="1e"){var o=n(p);j[c[C]]={str:o};return j}else{if(":0c:12:13:16:17:18:1a:".indexOf(C)!=-1){var o=k(p);j[c[C]]={str:o};return j}else{if(C.match(/^8[0-9]$/)){var o=k(p);if(o==null|o==""){return{tag:{tag:C,explicit:false,hex:p}}}else{if(o.match(/[\x00-\x1F\x7F-\x9F]/)!=null||o.match(/[\u0000-\u001F\u0080–\u009F]/)!=null){return{tag:{tag:C,explicit:false,hex:p}}}else{return{tag:{tag:C,explicit:false,str:o}}}}}else{if(C.match(/^a[0-9]$/)){try{if(!a(p)){throw new Error("not encap")}return{tag:{tag:C,explicit:true,obj:f(p)}}}catch(z){return{tag:{tag:C,explicit:true,hex:p}}}}else{var A=new KJUR.asn1.ASN1Object();A.hV=p;var w=A.getLengthHexFromValue();return{asn1:{tlv:C+w+p}}}}}}}}}}}}}}}};ASN1HEX.isContextTag=function(c,b){c=c.toLowerCase();var f,e;try{f=parseInt(c,16)}catch(d){return -1}if(b===undefined){if((f&192)==128){return true}else{return false}}try{var a=b.match(/^\[[0-9]+\]$/);if(a==null){return false}e=parseInt(b.substr(1,b.length-1),10);if(e>31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;e>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function extendClass(c,a){var b=function(){};b.prototype=a.prototype;c.prototype=new b();c.prototype.constructor=c;c.superclass=a.prototype;if(a.prototype.constructor==Object.prototype.constructor){a.prototype.constructor=a}}; +var KJUR;if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.lang=="undefined"||!KJUR.lang){KJUR.lang={}}KJUR.lang.String=function(){};function Base64x(){}function stoBA(d){var b=new Array();for(var c=0;c>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dk){return false}var j=this.doPublic(b);var i=j.toString(16);if(i.length+3!=k/4){return false}var e=i.replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(m){return KJUR.crypto.Util.hashString(m,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw new Error("ASN.1 length too long to represent by 8x: n = "+j.toString(16))}var g=128+h;return g.toString(16)+i}};this.tohex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.getValueHex=function(){this.tohex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};extendClass(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.setByParam=function(d){this.hV=null;this.hTLV=null;this.params=d};this.getString=function(){return undefined};this.setString=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.str=d};this.setByDate=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.date=d};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};extendClass(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};extendClass(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};extendClass(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};extendClass(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.tohex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||715){throw new Error("ASN.1 length too long to represent by 8x: n = "+j.toString(16))}var g=128+h;return g.toString(16)+i}};this.tohex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.getValueHex=function(){this.tohex();return this.hV};this.getFreshValueHex=function(){return""};this.setByParam=function(g){this.params=g};if(e!=undefined){if(e.tlv!=undefined){this.hTLV=e.tlv;this.isModified=false}}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=utf8tohex(this.s).toLowerCase()};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};extendClass(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(g){var e=g.getTime()+(g.getTimezoneOffset()*60000);var f=new Date(e);return f};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.setByParam=function(d){this.hV=null;this.hTLV=null;this.params=d};this.getString=function(){return undefined};this.setString=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.str=d};this.setByDate=function(d){this.hTLV=null;this.isModified=true;if(this.params==undefined){this.params={}}this.params.date=d};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};extendClass(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};extendClass(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(a){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";if(a==false){this.hTLV="010100"}else{this.hTLV="0101ff"}};extendClass(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(b){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.params=null;var a=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex;this.setByBigInteger=function(c){this.isModified=true;this.params={bigint:c}};this.setByInteger=function(c){this.isModified=true;this.params=c};this.setValueHex=function(c){this.isModified=true;this.params={hex:c}};this.getFreshValueHex=function(){var d=this.params;var c=null;if(d==null){throw new Error("value not set")}if(typeof d=="object"&&d.hex!=undefined){this.hV=d.hex;return this.hV}if(typeof d=="number"){c=new BigInteger(String(d),10)}else{if(d["int"]!=undefined){c=new BigInteger(String(d["int"]),10)}else{if(d.bigint!=undefined){c=d.bigint}else{throw new Error("wrong parameter")}}}this.hV=a(c);return this.hV};if(b!=undefined){this.params=b}};extendClass(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(b){if(b!==undefined&&typeof b.obj!=="undefined"){var a=KJUR.asn1.ASN1Util.newObject(b.obj);b.hex="00"+a.tohex()}KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(c){this.hTLV=null;this.isModified=true;this.hV=c};this.setUnusedBitsAndHexValue=function(c,e){if(c<0||7=f){break}}return j};ASN1HEX.getNthChildIdx=function(d,b,e){var c=ASN1HEX.getChildIdx(d,b);return c[e]};ASN1HEX.getIdxbyList=function(e,d,c,i){var g=ASN1HEX;var f,b;if(c.length==0){if(i!==undefined){if(e.substr(d,2)!==i){return -1}}return d}f=c.shift();b=g.getChildIdx(e,d);if(f>=b.length){return -1}return g.getIdxbyList(e,b[f],c,i)};ASN1HEX.getIdxbyListEx=function(f,k,b,g){var m=ASN1HEX;var d,l;if(b.length==0){if(g!==undefined){if(f.substr(k,2)!==g){return -1}}return k}d=b.shift();l=m.getChildIdx(f,k);var j=0;for(var e=0;e=d.length){return null}return e.getTLV(d,a)};ASN1HEX.getTLVbyListEx=function(d,c,b,f){var e=ASN1HEX;var a=e.getIdxbyListEx(d,c,b,f);if(a==-1){return null}return e.getTLV(d,a)};ASN1HEX.getVbyList=function(e,c,b,g,i){var f=ASN1HEX;var a,d;a=f.getIdxbyList(e,c,b,g);if(a==-1){return null}if(a>=e.length){return null}d=f.getV(e,a);if(i===true){d=d.substr(2)}return d};ASN1HEX.getVbyListEx=function(b,e,a,d,f){var j=ASN1HEX;var g,c,i;g=j.getIdxbyListEx(b,e,a,d);if(g==-1){return null}i=j.getV(b,g);if(b.substr(g,2)=="03"&&f!==false){i=i.substr(2)}return i};ASN1HEX.getInt=function(e,b,f){if(f==undefined){f=-1}try{var c=e.substr(b,2);if(c!="02"&&c!="03"){return f}var a=ASN1HEX.getV(e,b);if(c=="02"){return parseInt(a,16)}else{return bitstrtoint(a)}}catch(d){return f}};ASN1HEX.getOID=function(c,a,d){if(d==undefined){d=null}try{if(c.substr(a,2)!="06"){return d}var e=ASN1HEX.getV(c,a);return hextooid(e)}catch(b){return d}};ASN1HEX.getOIDName=function(d,a,f){if(f==undefined){f=null}try{var e=ASN1HEX.getOID(d,a,f);if(e==f){return f}var b=KJUR.asn1.x509.OID.oid2name(e);if(b==""){return e}return b}catch(c){return f}};ASN1HEX.getString=function(d,b,e){if(e==undefined){e=null}try{var a=ASN1HEX.getV(d,b);return hextorstr(a)}catch(c){return e}};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(t,c,l,g){var p=ASN1HEX;var j=p.getV;var y=p.dump;var w=p.getChildIdx;var e=t;if(t instanceof KJUR.asn1.ASN1Object){e=t.tohex()}var q=function(A,i){if(A.length<=i*2){return A}else{var v=A.substr(0,i)+"..(total "+A.length/2+"bytes).."+A.substr(A.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(l===undefined){l=0}if(g===undefined){g=""}var x=c.ommit_long_octet;var z=e.substr(l,2);if(z=="01"){var h=j(e,l);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(z=="02"){var h=j(e,l);return g+"INTEGER "+q(h,x)+"\n"}if(z=="03"){var h=j(e,l);if(p.isASN1HEX(h.substr(2))){var k=g+"BITSTRING, encapsulates\n";k=k+y(h.substr(2),c,0,g+" ");return k}else{return g+"BITSTRING "+q(h,x)+"\n"}}if(z=="04"){var h=j(e,l);if(p.isASN1HEX(h)){var k=g+"OCTETSTRING, encapsulates\n";k=k+y(h,c,0,g+" ");return k}else{return g+"OCTETSTRING "+q(h,x)+"\n"}}if(z=="05"){return g+"NULL\n"}if(z=="06"){var m=j(e,l);var b=KJUR.asn1.ASN1Util.oidHexToInt(m);var o=KJUR.asn1.x509.OID.oid2name(b);var a=b.replace(/\./g," ");if(o!=""){return g+"ObjectIdentifier "+o+" ("+a+")\n"}else{return g+"ObjectIdentifier ("+a+")\n"}}if(z=="0a"){return g+"ENUMERATED "+parseInt(j(e,l))+"\n"}if(z=="0c"){return g+"UTF8String '"+hextoutf8(j(e,l))+"'\n"}if(z=="13"){return g+"PrintableString '"+hextoutf8(j(e,l))+"'\n"}if(z=="14"){return g+"TeletexString '"+hextoutf8(j(e,l))+"'\n"}if(z=="16"){return g+"IA5String '"+hextoutf8(j(e,l))+"'\n"}if(z=="17"){return g+"UTCTime "+hextoutf8(j(e,l))+"\n"}if(z=="18"){return g+"GeneralizedTime "+hextoutf8(j(e,l))+"\n"}if(z=="1a"){return g+"VisualString '"+hextoutf8(j(e,l))+"'\n"}if(z=="1e"){return g+"BMPString '"+ucs2hextoutf8(j(e,l))+"'\n"}if(z=="30"){if(e.substr(l,4)=="3000"){return g+"SEQUENCE {}\n"}var k=g+"SEQUENCE\n";var d=w(e,l);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var o=p.oidname(j(e,d[0]));var r=JSON.parse(JSON.stringify(c));r.x509ExtName=o;f=r}for(var u=0;u4){return{"enum":{hex:p}}}else{return{"enum":parseInt(p,16)}}}else{if(C=="30"||C=="31"){j[c[C]]=u(x);return j}else{if(C=="14"){var o=q(p);j[c[C]]={str:o};return j}else{if(C=="1e"){var o=n(p);j[c[C]]={str:o};return j}else{if(":0c:12:13:16:17:18:1a:".indexOf(C)!=-1){var o=k(p);j[c[C]]={str:o};return j}else{if(C.match(/^8[0-9]$/)){var o=k(p);if(o==null|o==""){return{tag:{tag:C,explicit:false,hex:p}}}else{if(o.match(/[\x00-\x1F\x7F-\x9F]/)!=null||o.match(/[\u0000-\u001F\u0080–\u009F]/)!=null){return{tag:{tag:C,explicit:false,hex:p}}}else{return{tag:{tag:C,explicit:false,str:o}}}}}else{if(C.match(/^a[0-9]$/)){try{if(!a(p)){throw new Error("not encap")}return{tag:{tag:C,explicit:true,obj:f(p)}}}catch(z){return{tag:{tag:C,explicit:true,hex:p}}}}else{var A=new KJUR.asn1.ASN1Object();A.hV=p;var w=A.getLengthHexFromValue();return{asn1:{tlv:C+w+p}}}}}}}}}}}}}}}};ASN1HEX.isContextTag=function(c,b){c=c.toLowerCase();var f,e;try{f=parseInt(c,16)}catch(d){return -1}if(b===undefined){if((f&192)==128){return true}else{return false}}try{var a=b.match(/^\[[0-9]+\]$/);if(a==null){return false}e=parseInt(b.substr(1,b.length-1),10);if(e>31){return false}if(((f&192)==128)&&((f&31)==e)){return true}return false}catch(d){return false}};ASN1HEX.isASN1HEX=function(e){var d=ASN1HEX;if(e.length%2==1){return false}var c=d.getVblen(e,0);var b=e.substr(0,2);var f=d.getL(e,0);var a=e.length-b.length-f.length;if(a==c*2){return true}return false};ASN1HEX.checkStrictDER=function(g,o,d,c,r){var s=ASN1HEX;if(d===undefined){if(typeof g!="string"){throw new Error("not hex string")}g=g.toLowerCase();if(!KJUR.lang.String.isHex(g)){throw new Error("not hex string")}d=g.length;c=g.length/2;if(c<128){r=1}else{r=Math.ceil(c.toString(16))+1}}var k=s.getL(g,o);if(k.length>r*2){throw new Error("L of TLV too long: idx="+o)}var n=s.getVblen(g,o);if(n>c){throw new Error("value of L too long than hex: idx="+o)}var q=s.getTLV(g,o);var f=q.length-2-s.getL(g,o).length;if(f!==(n*2)){throw new Error("V string length and L's value not the same:"+f+"/"+(n*2))}if(o===0){if(g.length!=q.length){throw new Error("total length and TLV length unmatch:"+g.length+"!="+q.length)}}var b=g.substr(o,2);if(b==="02"){var a=s.getVidx(g,o);if(g.substr(a,2)=="00"&&g.charCodeAt(a+2)<56){throw new Error("not least zeros for DER INTEGER")}}if(parseInt(b,16)&32){var p=s.getVblen(g,o);var m=0;var l=s.getChildIdx(g,o);for(var e=0;e0){n.push(new c({tag:"a3",obj:new j(q.ext)}))}var o=new KJUR.asn1.DERSequence({array:n});return o.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.TBSCertificate,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Extensions=function(d){KJUR.asn1.x509.Extensions.superclass.constructor.call(this);var c=KJUR,b=c.asn1,a=b.DERSequence,e=b.x509;this.aParam=[];this.setByParam=function(f){this.aParam=f};this.tohex=function(){var f=[];for(var h=0;h-1){i.push(new f({"int":this.pathLen}))}var h=new b({array:i});this.asn1ExtnValue=h;return this.asn1ExtnValue.tohex()};this.oid="2.5.29.19";this.cA=false;this.pathLen=-1;if(g!==undefined){if(g.cA!==undefined){this.cA=g.cA}if(g.pathLen!==undefined){this.pathLen=g.pathLen}}};extendClass(KJUR.asn1.x509.BasicConstraints,KJUR.asn1.x509.Extension);KJUR.asn1.x509.CRLDistributionPoints=function(d){KJUR.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,d);var b=KJUR,a=b.asn1,c=a.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.tohex()};this.setByDPArray=function(e){var f=[];for(var g=0;g0){f.push(new b({array:j}))}}var g=new b({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(d!==undefined){this.params=d}};extendClass(KJUR.asn1.x509.PolicyInformation,KJUR.asn1.ASN1Object);KJUR.asn1.x509.PolicyQualifierInfo=function(e){KJUR.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,e);var c=KJUR.asn1,b=c.DERSequence,d=c.DERIA5String,f=c.DERObjectIdentifier,a=c.x509.UserNotice;this.params=null;this.tohex=function(){if(this.params.cps!==undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.1"}),new d({str:this.params.cps})]});return g.tohex()}if(this.params.unotice!=undefined){var g=new b({array:[new f({oid:"1.3.6.1.5.5.7.2.2"}),new a(this.params.unotice)]});return g.tohex()}};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.PolicyQualifierInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.UserNotice=function(e){KJUR.asn1.x509.UserNotice.superclass.constructor.call(this,e);var a=KJUR.asn1.DERSequence,d=KJUR.asn1.DERInteger,c=KJUR.asn1.x509.DisplayText,b=KJUR.asn1.x509.NoticeReference;this.params=null;this.tohex=function(){var f=[];if(this.params.noticeref!==undefined){f.push(new b(this.params.noticeref))}if(this.params.exptext!==undefined){f.push(new c(this.params.exptext))}var g=new a({array:f});return g.tohex()};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){this.params=e}};extendClass(KJUR.asn1.x509.UserNotice,KJUR.asn1.ASN1Object);KJUR.asn1.x509.NoticeReference=function(d){KJUR.asn1.x509.NoticeReference.superclass.constructor.call(this,d);var a=KJUR.asn1.DERSequence,c=KJUR.asn1.DERInteger,b=KJUR.asn1.x509.DisplayText;this.params=null;this.tohex=function(){var f=[];if(this.params.org!==undefined){f.push(new b(this.params.org))}if(this.params.noticenum!==undefined){var h=[];var e=this.params.noticenum;for(var j=0;j0){for(var g=0;g0;f++){var h=c.shift();if(e===true){var d=b.pop();var j=(d+","+h).replace(/\\,/g,",");b.push(j);e=false}else{b.push(h)}if(h.substr(-1,1)==="\\"){e=true}}b=b.map(function(a){return a.replace("/","\\/")});b.reverse();return"/"+b.join("/")};KJUR.asn1.x509.X500Name.ldapToOneline=function(a){return KJUR.asn1.x509.X500Name.ldapToCompat(a)};KJUR.asn1.x509.RDN=function(b){KJUR.asn1.x509.RDN.superclass.constructor.call(this);this.asn1Array=[];this.paramArray=[];this.sRule="utf8";var a=KJUR.asn1.x509.AttributeTypeAndValue;this.setByParam=function(c){if(c.rule!==undefined){this.sRule=c.rule}if(c.str!==undefined){this.addByMultiValuedString(c.str)}if(c.array!==undefined){this.paramArray=c.array}};this.addByString=function(c){this.asn1Array.push(new KJUR.asn1.x509.AttributeTypeAndValue({str:c,rule:this.sRule}))};this.addByMultiValuedString=function(e){var c=KJUR.asn1.x509.RDN.parseString(e);for(var d=0;d0){for(var d=0;d0;g++){var k=j.shift();if(h===true){var f=c.pop();var d=(f+"+"+k).replace(/\\\+/g,"+");c.push(d);h=false}else{c.push(k)}if(k.substr(-1,1)==="\\"){h=true}}var l=false;var b=[];for(var g=0;c.length>0;g++){var k=c.shift();if(l===true){var e=b.pop();if(k.match(/"$/)){var d=(e+"+"+k).replace(/^([^=]+)="(.*)"$/,"$1=$2");b.push(d);l=false}else{b.push(e+"+"+k)}}else{b.push(k)}if(k.match(/^[^=]+="/)){l=true}}return b};KJUR.asn1.x509.AttributeTypeAndValue=function(c){KJUR.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this);this.sRule="utf8";this.sType=null;this.sValue=null;this.dsType=null;var a=KJUR,g=a.asn1,d=g.DERSequence,l=g.DERUTF8String,i=g.DERPrintableString,h=g.DERTeletexString,b=g.DERIA5String,e=g.DERVisibleString,k=g.DERBMPString,f=a.lang.String.isMail,j=a.lang.String.isPrintable;this.setByParam=function(o){if(o.rule!==undefined){this.sRule=o.rule}if(o.ds!==undefined){this.dsType=o.ds}if(o.value===undefined&&o.str!==undefined){var n=o.str;var m=n.match(/^([^=]+)=(.+)$/);if(m){this.sType=m[1];this.sValue=m[2]}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}}else{this.sType=o.type;this.sValue=o.value}};this.setByString=function(n,o){if(o!==undefined){this.sRule=o}var m=n.match(/^([^=]+)=(.+)$/);if(m){this.setByAttrTypeAndValueStr(m[1],m[2])}else{throw new Error("malformed attrTypeAndValueStr: "+attrTypeAndValueStr)}};this._getDsType=function(){var o=this.sType;var n=this.sValue;var m=this.sRule;if(m==="prn"){if(o=="CN"&&f(n)){return"ia5"}if(j(n)){return"prn"}return"utf8"}else{if(m==="utf8"){if(o=="CN"&&f(n)){return"ia5"}if(o=="C"){return"prn"}return"utf8"}}return"utf8"};this.setByAttrTypeAndValueStr=function(o,n,m){if(m!==undefined){this.sRule=m}this.sType=o;this.sValue=n};this.getValueObj=function(n,m){if(n=="utf8"){return new l({str:m})}if(n=="prn"){return new i({str:m})}if(n=="tel"){return new h({str:m})}if(n=="ia5"){return new b({str:m})}if(n=="vis"){return new e({str:m})}if(n=="bmp"){return new k({str:m})}throw new Error("unsupported directory string type: type="+n+" value="+m)};this.tohex=function(){if(this.dsType==null){this.dsType=this._getDsType()}var n=KJUR.asn1.x509.OID.atype2obj(this.sType);var m=this.getValueObj(this.dsType,this.sValue);var p=new d({array:[n,m]});this.TLV=p.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(c!==undefined){this.setByParam(c)}};extendClass(KJUR.asn1.x509.AttributeTypeAndValue,KJUR.asn1.ASN1Object);KJUR.asn1.x509.SubjectPublicKeyInfo=function(f){KJUR.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var l=null,k=null,a=KJUR,j=a.asn1,i=j.DERInteger,b=j.DERBitString,m=j.DERObjectIdentifier,e=j.DERSequence,h=j.ASN1Util.newObject,d=j.x509,o=d.AlgorithmIdentifier,g=a.crypto,n=g.ECDSA,c=g.DSA;this.getASN1Object=function(){if(this.asn1AlgId==null||this.asn1SubjPKey==null){throw"algId and/or subjPubKey not set"}var p=new e({array:[this.asn1AlgId,this.asn1SubjPKey]});return p};this.tohex=function(){var p=this.getASN1Object();this.hTLV=p.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};this.setPubKey=function(q){try{if(q instanceof RSAKey){var u=h({seq:[{"int":{bigint:q.n}},{"int":{"int":q.e}}]});var s=u.tohex();this.asn1AlgId=new o({name:"rsaEncryption"});this.asn1SubjPKey=new b({hex:"00"+s})}}catch(p){}try{if(q instanceof KJUR.crypto.ECDSA){var r=new m({name:q.curveName});this.asn1AlgId=new o({name:"ecPublicKey",asn1params:r});this.asn1SubjPKey=new b({hex:"00"+q.pubKeyHex})}}catch(p){}try{if(q instanceof KJUR.crypto.DSA){var r=new h({seq:[{"int":{bigint:q.p}},{"int":{bigint:q.q}},{"int":{bigint:q.g}}]});this.asn1AlgId=new o({name:"dsa",asn1params:r});var t=new i({bigint:q.y});this.asn1SubjPKey=new b({hex:"00"+t.tohex()})}}catch(p){}};if(f!==undefined){this.setPubKey(f)}};extendClass(KJUR.asn1.x509.SubjectPublicKeyInfo,KJUR.asn1.ASN1Object);KJUR.asn1.x509.Time=function(f){KJUR.asn1.x509.Time.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.params=null;this.type=null;this.setTimeParams=function(h){this.timeParams=h};this.setByParam=function(h){this.params=h};this.getType=function(h){if(h.match(/^[0-9]{12}Z$/)){return"utc"}if(h.match(/^[0-9]{14}Z$/)){return"gen"}if(h.match(/^[0-9]{12}\.[0-9]+Z$/)){return"utc"}if(h.match(/^[0-9]{14}\.[0-9]+Z$/)){return"gen"}return null};this.tohex=function(){var i=this.params;var h=null;if(typeof i=="string"){i={str:i}}if(i!=null&&i.str&&(i.type==null||i.type==undefined)){i.type=this.getType(i.str)}if(i!=null&&i.str){if(i.type=="utc"){h=new b(i.str)}if(i.type=="gen"){h=new g(i.str)}}else{if(this.type=="gen"){h=new g()}else{h=new b()}}if(h==null){throw new Error("wrong setting for Time")}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};if(f!=undefined){this.setByParam(f)}};KJUR.asn1.x509.Time_bak=function(f){KJUR.asn1.x509.Time_bak.superclass.constructor.call(this);var e=null,a=null,d=KJUR,c=d.asn1,b=c.DERUTCTime,g=c.DERGeneralizedTime;this.setTimeParams=function(h){this.timeParams=h};this.tohex=function(){var h=null;if(this.timeParams!=null){if(this.type=="utc"){h=new b(this.timeParams)}else{h=new g(this.timeParams)}}else{if(this.type=="utc"){h=new b()}else{h=new g()}}this.TLV=h.tohex();return this.TLV};this.getEncodedHex=function(){return this.tohex()};this.type="utc";if(f!==undefined){if(f.type!==undefined){this.type=f.type}else{if(f.str!==undefined){if(f.str.match(/^[0-9]{12}Z$/)){this.type="utc"}if(f.str.match(/^[0-9]{14}Z$/)){this.type="gen"}}}this.timeParams=f}};extendClass(KJUR.asn1.x509.Time,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier=function(e){KJUR.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this);this.nameAlg=null;this.asn1Alg=null;this.asn1Params=null;this.paramEmpty=false;var b=KJUR,a=b.asn1,c=a.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;this.tohex=function(){if(this.nameAlg===null&&this.asn1Alg===null){throw new Error("algorithm not specified")}if(this.nameAlg!==null){var f=null;for(var h in c){if(h===this.nameAlg){f=c[h]}}if(f!==null){this.hTLV=f;return this.hTLV}}if(this.nameAlg!==null&&this.asn1Alg===null){this.asn1Alg=a.x509.OID.name2obj(this.nameAlg)}var g=[this.asn1Alg];if(this.asn1Params!==null){g.push(this.asn1Params)}var i=new a.DERSequence({array:g});this.hTLV=i.tohex();return this.hTLV};this.getEncodedHex=function(){return this.tohex()};if(e!==undefined){if(e.name!==undefined){this.nameAlg=e.name}if(e.asn1params!==undefined){this.asn1Params=e.asn1params}if(e.paramempty!==undefined){this.paramEmpty=e.paramempty}}if(this.asn1Params===null&&this.paramEmpty===false&&this.nameAlg!==null){if(this.nameAlg.name!==undefined){this.nameAlg=this.nameAlg.name}var d=this.nameAlg.toLowerCase();if(d.substr(-7,7)!=="withdsa"&&d.substr(-9,9)!=="withecdsa"){this.asn1Params=new a.DERNull()}}};extendClass(KJUR.asn1.x509.AlgorithmIdentifier,KJUR.asn1.ASN1Object);KJUR.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:"300d06092a864886f70d01010a3000",SHA256withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120",SHA384withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130",SHA512withRSAandMGF1:"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140"};KJUR.asn1.x509.GeneralName=function(f){KJUR.asn1.x509.GeneralName.superclass.constructor.call(this);var l={rfc822:"81",dns:"82",dn:"a4",uri:"86",ip:"87",otherName:"a0"},b=KJUR,h=b.asn1,d=h.x509,a=d.X500Name,g=d.OtherName,e=h.DERIA5String,i=h.DERPrintableString,k=h.DEROctetString,c=h.DERTaggedObject,m=h.ASN1Object,j=Error;this.params=null;this.setByParam=function(n){this.params=n};this.tohex=function(){var p=this.params;var A,y,q;var y=false;if(p.other!==undefined){A="a0",q=new g(p.other)}else{if(p.rfc822!==undefined){A="81";q=new e({str:p.rfc822})}else{if(p.dns!==undefined){A="82";q=new e({str:p.dns})}else{if(p.dn!==undefined){A="a4";y=true;if(typeof p.dn==="string"){q=new a({str:p.dn})}else{if(p.dn instanceof KJUR.asn1.x509.X500Name){q=p.dn}else{q=new a(p.dn)}}}else{if(p.ldapdn!==undefined){A="a4";y=true;q=new a({ldapstr:p.ldapdn})}else{if(p.certissuer!==undefined||p.certsubj!==undefined){A="a4";y=true;var n,o;var z=null;if(p.certsubj!==undefined){n=false;o=p.certsubj}else{n=true;o=p.certissuer}if(o.match(/^[0-9A-Fa-f]+$/)){z==o}if(o.indexOf("-----BEGIN ")!=-1){z=pemtohex(o)}if(z==null){throw new Error("certsubj/certissuer not cert")}var w=new X509();w.hex=z;var s;if(n){s=w.getIssuerHex()}else{s=w.getSubjectHex()}q=new m();q.hTLV=s}else{if(p.uri!==undefined){A="86";q=new e({str:p.uri})}else{if(p.ip!==undefined){A="87";var v;var t=p.ip;try{if(t.match(/^[0-9a-f]+$/)){var r=t.length;if(r==8||r==16||r==32||r==64){v=t}else{throw"err"}}else{v=iptohex(t)}}catch(u){throw new j("malformed IP address: "+p.ip+":"+u.message)}q=new k({hex:v})}else{throw new j("improper params")}}}}}}}}var B=new c({tag:A,explicit:y,obj:q});return B.tohex()};this.getEncodedHex=function(){return this.tohex()};if(f!==undefined){this.setByParam(f)}};extendClass(KJUR.asn1.x509.GeneralName,KJUR.asn1.ASN1Object);KJUR.asn1.x509.GeneralNames=function(d){KJUR.asn1.x509.GeneralNames.superclass.constructor.call(this);var a=null,c=KJUR,b=c.asn1;this.setByParamArray=function(g){for(var e=0;e0){var m=b(n.valhex,q[0]);var p=j(m,0);var t=[];for(var o=0;o1){var r=b(n.valhex,q[1]);n.polhex=r}delete n.valhex};this.setSignaturePolicyIdentifier=function(s){var q=j(s.valhex,0);if(q.length>0){var r=l.getOID(s.valhex,q[0]);s.oid=r}if(q.length>1){var m=new a();var t=j(s.valhex,q[1]);var p=b(s.valhex,t[0]);var o=m.getAlgorithmIdentifierName(p);s.alg=o;var n=i(s.valhex,t[1]);s.hash=n}delete s.valhex};this.setSigningCertificateV2=function(o){var s=j(o.valhex,0);if(s.length>0){var n=b(o.valhex,s[0]);var r=j(n,0);var u=[];for(var q=0;q1){var t=b(o.valhex,s[1]);o.polhex=t}delete o.valhex};this.getESSCertID=function(o){var p={};var n=j(o,0);if(n.length>0){var q=i(o,n[0]);p.hash=q}if(n.length>1){var m=b(o,n[1]);var r=this.getIssuerSerial(m);if(r.serial!=undefined){p.serial=r.serial}if(r.issuer!=undefined){p.issuer=r.issuer}}return p};this.getESSCertIDv2=function(q){var s={};var p=j(q,0);if(p.length<1||3r+1){var m=b(q,p[r+1]);var t=this.getIssuerSerial(m);s.issuer=t.issuer;s.serial=t.serial}return s};this.getIssuerSerial=function(q){var r={};var n=j(q,0);var m=b(q,n[0]);var p=h.getGeneralNames(m);var o=p[0].dn;r.issuer=o;var s=i(q,n[1]);r.serial={hex:s};return r};this.getCertificateSet=function(p){var n=j(p,0);var m=[];for(var o=0;o>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function extendClass(c,a){var b=function(){};b.prototype=a.prototype;c.prototype=new b();c.prototype.constructor=c;c.superclass=a.prototype;if(a.prototype.constructor==Object.prototype.constructor){a.prototype.constructor=a}}; +var KJUR;if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.lang=="undefined"||!KJUR.lang){KJUR.lang={}}KJUR.lang.String=function(){};function Base64x(){}function stoBA(d){var b=new Array();for(var c=0;c>6);var i=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16))}var j=224|((h&240)>>4);var i=128|((h&15)<<2)|((a&192)>>6);var g=128|(a&63);return hextoutf8(j.toString(16)+i.toString(16)+g.toString(16))}var c=d.match(/.{4}/g);var b=c.map(e);return b.join("")}function encodeURIComponentAll(a){var d=encodeURIComponent(a);var b="";for(var c=0;c"7"){return"00"+a}return a}function intarystrtohex(b){b=b.replace(/^\s*\[\s*/,"");b=b.replace(/\s*\]\s*$/,"");b=b.replace(/\s*/g,"");try{var c=b.split(/,/).map(function(g,e,h){var f=parseInt(g);if(f<0||255a.length){d=a.length}for(var b=0;b0){o=o+"."+k.join(".")}return o}catch(j){return null}}var strpad=function(c,b,a){if(a==undefined){a="0"}if(c.length>=b){return c}return new Array(b-c.length+1).join(a)+c};function bitstrtoint(e){if(e.length%2!=0){return -1}e=e.toLowerCase();if(e.match(/^[0-9a-f]+$/)==null){return -1}try{var a=e.substr(0,2);if(a=="00"){return parseInt(e.substr(2),16)}var b=parseInt(a,16);if(b>7){return -1}var g=e.substr(2);var d=parseInt(g,16).toString(2);if(d=="0"){d="00000000"}d=d.slice(0,0-b);var f=parseInt(d,2);if(f==NaN){return -1}return f}catch(c){return -1}}function inttobitstr(e){if(typeof e!="number"){return null}if(e<0){return null}var c=Number(e).toString(2);var b=8-c.length%8;if(b==8){b=0}c=c+strpad("",b,"0");var d=parseInt(c,2).toString(16);if(d.length%2==1){d="0"+d}var a="0"+b;return a+d}function bitstrtobinstr(g){if(typeof g!="string"){return null}if(g.length%2!=0){return null}if(!g.match(/^[0-9a-f]+$/)){return null}try{var c=parseInt(g.substr(0,2),16);if(c<0||7=0;a--){c+=b[a]}return c}function aryval(e,c,d){if(typeof e!="object"){return undefined}var c=String(c).split(".");for(var b=0;bd){throw"key is too short for SigAlg: keylen="+j+","+a}var b="0001";var k="00"+c;var g="";var l=d-b.length-k.length;for(var f=0;f=0;--u){v=v.twice2D();v.z=f.ONE;if(t.testBit(u)){if(s.testBit(u)){v=v.add2D(y)}else{v=v.add2D(x)}}else{if(s.testBit(u)){v=v.add2D(w)}}}return v}this.getBigRandom=function(r){return new f(r.bitLength(),a).mod(r.subtract(f.ONE)).add(f.ONE)};this.setNamedCurve=function(r){this.ecparams=c.getByName(r);this.prvKeyHex=null;this.pubKeyHex=null;this.curveName=r};this.setPrivateKeyHex=function(r){this.isPrivate=true;this.prvKeyHex=r};this.setPublicKeyHex=function(r){this.isPublic=true;this.pubKeyHex=r};this.getPublicKeyXYHex=function(){var t=this.pubKeyHex;if(t.substr(0,2)!=="04"){throw"this method supports uncompressed format(04) only"}var s=this.ecparams.keycharlen;if(t.length!==2+s*2){throw"malformed public key hex length"}var r={};r.x=t.substr(2,s);r.y=t.substr(2+s);return r};this.getShortNISTPCurveName=function(){var r=this.curveName;if(r==="secp256r1"||r==="NIST P-256"||r==="P-256"||r==="prime256v1"){return"P-256"}if(r==="secp384r1"||r==="NIST P-384"||r==="P-384"){return"P-384"}if(r==="secp521r1"||r==="NIST P-521"||r==="P-521"){return"P-521"}return null};this.generateKeyPairHex=function(){var s=this.ecparams.n;var u=this.getBigRandom(s);var r=this.ecparams.keycharlen;var t=("0000000000"+u.toString(16)).slice(-r);this.setPrivateKeyHex(t);var v=this.generatePublicKeyHex();return{ecprvhex:t,ecpubhex:v}};this.generatePublicKeyHex=function(){var u=new f(this.prvKeyHex,16);var w=this.ecparams.G.multiply(u);var t=w.getX().toBigInteger();var s=w.getY().toBigInteger();var r=this.ecparams.keycharlen;var y=("0000000000"+t.toString(16)).slice(-r);var v=("0000000000"+s.toString(16)).slice(-r);var x="04"+y+v;this.setPublicKeyHex(x);return x};this.signWithMessageHash=function(r){return this.signHex(r,this.prvKeyHex)};this.signHex=function(x,u){var A=new f(u,16);var v=this.ecparams.n;var z=new f(x.substring(0,this.ecparams.keycharlen),16);do{var w=this.getBigRandom(v);var B=this.ecparams.G;var y=B.multiply(w);var t=y.getX().toBigInteger().mod(v)}while(t.compareTo(f.ZERO)<=0);var C=w.modInverse(v).multiply(z.add(A.multiply(t))).mod(v);return m.biRSSigToASN1Sig(t,C)};this.sign=function(w,B){var z=B;var u=this.ecparams.n;var y=f.fromByteArrayUnsigned(w);do{var v=this.getBigRandom(u);var A=this.ecparams.G;var x=A.multiply(v);var t=x.getX().toBigInteger().mod(u)}while(t.compareTo(BigInteger.ZERO)<=0);var C=v.modInverse(u).multiply(y.add(z.multiply(t))).mod(u);return this.serializeSig(t,C)};this.verifyWithMessageHash=function(s,r){return this.verifyHex(s,r,this.pubKeyHex)};this.verifyHex=function(v,y,u){try{var t,B;var w=m.parseSigHex(y);t=w.r;B=w.s;var x=h.decodeFromHex(this.ecparams.curve,u);var z=new f(v.substring(0,this.ecparams.keycharlen),16);return this.verifyRaw(z,t,B,x)}catch(A){return false}};this.verify=function(z,A,u){var w,t;if(Bitcoin.Util.isArray(A)){var y=this.parseSig(A);w=y.r;t=y.s}else{if("object"===typeof A&&A.r&&A.s){w=A.r;t=A.s}else{throw"Invalid value for signature"}}var v;if(u instanceof ECPointFp){v=u}else{if(Bitcoin.Util.isArray(u)){v=h.decodeFrom(this.ecparams.curve,u)}else{throw"Invalid format for pubkey value, must be byte array or ECPointFp"}}var x=f.fromByteArrayUnsigned(z);return this.verifyRaw(x,w,t,v)};this.verifyRaw=function(z,t,E,y){var x=this.ecparams.n;var D=this.ecparams.G;if(t.compareTo(f.ONE)<0||t.compareTo(x)>=0){return false}if(E.compareTo(f.ONE)<0||E.compareTo(x)>=0){return false}var A=E.modInverse(x);var w=z.multiply(A).mod(x);var u=t.multiply(A).mod(x);var B=D.multiply(w).add(y.multiply(u));var C=B.getX().toBigInteger().mod(x);return C.equals(t)};this.serializeSig=function(v,u){var w=v.toByteArraySigned();var t=u.toByteArraySigned();var x=[];x.push(2);x.push(w.length);x=x.concat(w);x.push(2);x.push(t.length);x=x.concat(t);x.unshift(x.length);x.unshift(48);return x};this.parseSig=function(y){var x;if(y[0]!=48){throw new Error("Signature not a valid DERSequence")}x=2;if(y[x]!=2){throw new Error("First element in signature must be a DERInteger")}var w=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];if(y[x]!=2){throw new Error("Second element in signature must be a DERInteger")}var t=y.slice(x+2,x+2+y[x+1]);x+=2+y[x+1];var v=f.fromByteArrayUnsigned(w);var u=f.fromByteArrayUnsigned(t);return{r:v,s:u}};this.parseSigCompact=function(w){if(w.length!==65){throw"Signature has the wrong length"}var t=w[0]-27;if(t<0||t>7){throw"Invalid signature type"}var x=this.ecparams.n;var v=f.fromByteArrayUnsigned(w.slice(1,33)).mod(x);var u=f.fromByteArrayUnsigned(w.slice(33,65)).mod(x);return{r:v,s:u,i:t}};this.readPKCS5PrvKeyHex=function(u){if(k(u)===false){throw new Error("not ASN.1 hex string")}var r,t,v;try{r=n(u,0,["[0]",0],"06");t=n(u,0,[1],"04");try{v=n(u,0,["[1]",0],"03")}catch(s){}}catch(s){throw new Error("malformed PKCS#1/5 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw"unsupported curve name"}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v);this.setPrivateKeyHex(t);this.isPublic=false};this.readPKCS8PrvKeyHex=function(v){if(k(v)===false){throw new j("not ASN.1 hex string")}var t,r,u,w;try{t=n(v,0,[1,0],"06");r=n(v,0,[1,1],"06");u=n(v,0,[2,0,1],"04");try{w=n(v,0,[2,0,"[1]",0],"03")}catch(s){}}catch(s){throw new j("malformed PKCS#8 plain ECC private key")}this.curveName=d(r);if(this.curveName===undefined){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(w);this.setPrivateKeyHex(u);this.isPublic=false};this.readPKCS8PubKeyHex=function(u){if(k(u)===false){throw new j("not ASN.1 hex string")}var t,r,v;try{t=n(u,0,[0,0],"06");r=n(u,0,[0,1],"06");v=n(u,0,[1],"03")}catch(s){throw new j("malformed PKCS#8 ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(v)};this.readCertPubKeyHex=function(t,v){if(k(t)===false){throw new j("not ASN.1 hex string")}var r,u;try{r=n(t,0,[0,5,0,1],"06");u=n(t,0,[0,5,1],"03")}catch(s){throw new j("malformed X.509 certificate ECC public key")}this.curveName=d(r);if(this.curveName===null){throw new j("unsupported curve name")}this.setNamedCurve(this.curveName);this.setPublicKeyHex(u)};if(e!==undefined){if(e.curve!==undefined){this.curveName=e.curve}}if(this.curveName===undefined){this.curveName=g}this.setNamedCurve(this.curveName);if(e!==undefined){if(e.prv!==undefined){this.setPrivateKeyHex(e.prv)}if(e.pub!==undefined){this.setPublicKeyHex(e.pub)}}};KJUR.crypto.ECDSA.parseSigHex=function(a){var b=KJUR.crypto.ECDSA.parseSigHexInHexRS(a);var d=new BigInteger(b.r,16);var c=new BigInteger(b.s,16);return{r:d,s:c}};KJUR.crypto.ECDSA.parseSigHexInHexRS=function(f){var j=ASN1HEX,i=j.getChildIdx,g=j.getV;j.checkStrictDER(f,0);if(f.substr(0,2)!="30"){throw new Error("signature is not a ASN.1 sequence")}var h=i(f,0);if(h.length!=2){throw new Error("signature shall have two elements")}var e=h[0];var d=h[1];if(f.substr(e,2)!="02"){throw new Error("1st item not ASN.1 integer")}if(f.substr(d,2)!="02"){throw new Error("2nd item not ASN.1 integer")}var c=g(f,e);var b=g(f,d);return{r:c,s:b}};KJUR.crypto.ECDSA.asn1SigToConcatSig=function(d){var e=KJUR.crypto.ECDSA.parseSigHexInHexRS(d);var b=e.r;var a=e.s;if(b.length>=130&&b.length<=134){if(b.length%2!=0){throw Error("unknown ECDSA sig r length error")}if(a.length%2!=0){throw Error("unknown ECDSA sig s length error")}if(b.substr(0,2)=="00"){b=b.substr(2)}if(a.substr(0,2)=="00"){a=a.substr(2)}var c=Math.max(b.length,a.length);b=("000000"+b).slice(-c);a=("000000"+a).slice(-c);return b+a}if(b.substr(0,2)=="00"&&(b.length%32)==2){b=b.substr(2)}if(a.substr(0,2)=="00"&&(a.length%32)==2){a=a.substr(2)}if((b.length%32)==30){b="00"+b}if((a.length%32)==30){a="00"+a}if(b.length%32!=0){throw Error("unknown ECDSA sig r length error")}if(a.length%32!=0){throw Error("unknown ECDSA sig s length error")}return b+a};KJUR.crypto.ECDSA.concatSigToASN1Sig=function(a){if(a.length%4!=0){throw Error("unknown ECDSA concatinated r-s sig length error")}var c=a.substr(0,a.length/2);var b=a.substr(a.length/2);return KJUR.crypto.ECDSA.hexRSSigToASN1Sig(c,b)};KJUR.crypto.ECDSA.hexRSSigToASN1Sig=function(b,a){var d=new BigInteger(b,16);var c=new BigInteger(a,16);return KJUR.crypto.ECDSA.biRSSigToASN1Sig(d,c)};KJUR.crypto.ECDSA.biRSSigToASN1Sig=function(f,d){var c=KJUR.asn1;var b=new c.DERInteger({bigint:f});var a=new c.DERInteger({bigint:d});var e=new c.DERSequence({array:[b,a]});return e.tohex()};KJUR.crypto.ECDSA.getName=function(a){if(a==="2b8104001f"){return"secp192k1"}if(a==="2a8648ce3d030107"){return"secp256r1"}if(a==="2b8104000a"){return"secp256k1"}if(a==="2b81040021"){return"secp224r1"}if(a==="2b81040022"){return"secp384r1"}if(a==="2b81040023"){return"secp521r1"}if("|secp256r1|NIST P-256|P-256|prime256v1|".indexOf(a)!==-1){return"secp256r1"}if("|secp256k1|".indexOf(a)!==-1){return"secp256k1"}if("|secp224r1|NIST P-224|P-224|".indexOf(a)!==-1){return"secp224r1"}if("|secp384r1|NIST P-384|P-384|".indexOf(a)!==-1){return"secp384r1"}if("|secp521r1|NIST P-521|P-521|".indexOf(a)!==-1){return"secp521r1"}return null}; if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.crypto=="undefined"||!KJUR.crypto){KJUR.crypto={}}KJUR.crypto.ECParameterDB=new function(){var b={};var c={};function a(d){return new BigInteger(d,16)}this.getByName=function(e){var d=e;if(typeof c[d]!="undefined"){d=c[e]}if(typeof b[d]!="undefined"){return b[d]}throw"unregistered EC curve name: "+d};this.regist=function(A,l,o,g,m,e,j,f,k,u,d,x){b[A]={};var s=a(o);var z=a(g);var y=a(m);var t=a(e);var w=a(j);var r=new ECCurveFp(s,z,y);var q=r.decodePointHex("04"+f+k);b[A]["name"]=A;b[A]["keylen"]=l;b[A]["keycharlen"]=Math.ceil(l/8)*2;b[A]["curve"]=r;b[A]["G"]=q;b[A]["n"]=t;b[A]["h"]=w;b[A]["oid"]=d;b[A]["info"]=x;for(var v=0;v=u*2){break}}var z={};z.keyhex=x.substr(0,i[q]["keylen"]*2);z.ivhex=x.substr(i[q]["keylen"]*2,i[q]["ivlen"]*2);return z};var b=function(p,v,r,w){var s=CryptoJS.enc.Base64.parse(p);var q=CryptoJS.enc.Hex.stringify(s);var u=i[v]["proc"];var t=u(q,r,w);return t};var h=function(p,s,q,u){var r=i[s]["eproc"];var t=r(p,q,u);return t};return{version:"1.0.0",parsePKCS5PEM:function(p){return n(p)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(q,p,r){return j(q,p,r)},decryptKeyB64:function(p,r,q,s){return b(p,r,q,s)},getDecryptedKeyHex:function(y,x){var q=n(y);var t=q.type;var r=q.cipher;var p=q.ivsalt;var s=q.data;var w=j(r,x,p);var v=w.keyhex;var u=b(s,r,v,p);return u},getEncryptedPKCS5PEMFromPrvKeyHex:function(x,s,A,t,r){var p="";if(typeof t=="undefined"||t==null){t="AES-256-CBC"}if(typeof i[t]=="undefined"){throw new Error("KEYUTIL unsupported algorithm: "+t)}if(typeof r=="undefined"||r==null){var v=i[t]["ivlen"];var u=m(v);r=u.toUpperCase()}var z=j(t,A,r);var y=z.keyhex;var w=h(s,t,y,r);var q=w.replace(/(.{64})/g,"$1\r\n");var p="-----BEGIN "+x+" PRIVATE KEY-----\r\n";p+="Proc-Type: 4,ENCRYPTED\r\n";p+="DEK-Info: "+t+","+r+"\r\n";p+="\r\n";p+=q;p+="\r\n-----END "+x+" PRIVATE KEY-----\r\n";return p},parseHexOfEncryptedPKCS8:function(y){var B=ASN1HEX;var z=B.getChildIdx;var w=B.getV;var t={};var r=z(y,0);if(r.length!=2){throw new Error("malformed format: SEQUENCE(0).items != 2: "+r.length)}t.ciphertext=w(y,r[1]);var A=z(y,r[0]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0).items != 2: "+A.length)}if(w(y,A[0])!="2a864886f70d01050d"){throw new Error("this only supports pkcs5PBES2")}var p=z(y,A[1]);if(A.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1).items != 2: "+p.length)}var q=z(y,p[1]);if(q.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.1).items != 2: "+q.length)}if(w(y,q[0])!="2a864886f70d0307"){throw"this only supports TripleDES"}t.encryptionSchemeAlg="TripleDES";t.encryptionSchemeIV=w(y,q[1]);var s=z(y,p[0]);if(s.length!=2){throw new Error("malformed format: SEQUENCE(0.0.1.0).items != 2: "+s.length)}if(w(y,s[0])!="2a864886f70d01050c"){throw new Error("this only supports pkcs5PBKDF2")}var x=z(y,s[1]);if(x.length<2){throw new Error("malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+x.length)}t.pbkdf2Salt=w(y,x[0]);var u=w(y,x[1]);try{t.pbkdf2Iter=parseInt(u,16)}catch(v){throw new Error("malformed format pbkdf2Iter: "+u)}return t},getPBKDF2KeyHexFromParam:function(u,p){var t=CryptoJS.enc.Hex.parse(u.pbkdf2Salt);var q=u.pbkdf2Iter;var s=CryptoJS.PBKDF2(p,t,{keySize:192/32,iterations:q});var r=CryptoJS.enc.Hex.stringify(s);return r},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(x,y){var r=pemtohex(x,"ENCRYPTED PRIVATE KEY");var p=this.parseHexOfEncryptedPKCS8(r);var u=KEYUTIL.getPBKDF2KeyHexFromParam(p,y);var v={};v.ciphertext=CryptoJS.enc.Hex.parse(p.ciphertext);var t=CryptoJS.enc.Hex.parse(u);var s=CryptoJS.enc.Hex.parse(p.encryptionSchemeIV);var w=CryptoJS.TripleDES.decrypt(v,t,{iv:s});var q=CryptoJS.enc.Hex.stringify(w);return q},getKeyFromEncryptedPKCS8PEM:function(s,q){var p=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(s,q);var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},parsePlainPrivatePKCS8Hex:function(s){var v=ASN1HEX;var u=v.getChildIdx;var t=v.getV;var q={};q.algparam=null;if(s.substr(0,2)!="30"){throw new Error("malformed plain PKCS8 private key(code:001)")}var r=u(s,0);if(r.length<3){throw new Error("malformed plain PKCS8 private key(code:002)")}if(s.substr(r[1],2)!="30"){throw new Error("malformed PKCS8 private key(code:003)")}var p=u(s,r[1]);if(p.length!=2){throw new Error("malformed PKCS8 private key(code:004)")}if(s.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 private key(code:005)")}q.algoid=t(s,p[0]);if(s.substr(p[1],2)=="06"){q.algparam=t(s,p[1])}if(s.substr(r[2],2)!="04"){throw new Error("malformed PKCS8 private key(code:006)")}q.keyidx=v.getVidx(s,r[2]);return q},getKeyFromPlainPrivatePKCS8PEM:function(q){var p=pemtohex(q,"PRIVATE KEY");var r=this.getKeyFromPlainPrivatePKCS8Hex(p);return r},getKeyFromPlainPrivatePKCS8Hex:function(p){var q=this.parsePlainPrivatePKCS8Hex(p);var r;if(q.algoid=="2a864886f70d010101"){r=new RSAKey()}else{if(q.algoid=="2a8648ce380401"){r=new KJUR.crypto.DSA()}else{if(q.algoid=="2a8648ce3d0201"){r=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported private key algorithm")}}}r.readPKCS8PrvKeyHex(p);return r},_getKeyFromPublicPKCS8Hex:function(q){var p;var r=ASN1HEX.getVbyList(q,0,[0,0],"06");if(r==="2a864886f70d010101"){p=new RSAKey()}else{if(r==="2a8648ce380401"){p=new KJUR.crypto.DSA()}else{if(r==="2a8648ce3d0201"){p=new KJUR.crypto.ECDSA()}else{throw new Error("unsupported PKCS#8 public key hex")}}}p.readPKCS8PubKeyHex(q);return p},parsePublicRawRSAKeyHex:function(r){var u=ASN1HEX;var t=u.getChildIdx;var s=u.getV;var p={};if(r.substr(0,2)!="30"){throw new Error("malformed RSA key(code:001)")}var q=t(r,0);if(q.length!=2){throw new Error("malformed RSA key(code:002)")}if(r.substr(q[0],2)!="02"){throw new Error("malformed RSA key(code:003)")}p.n=s(r,q[0]);if(r.substr(q[1],2)!="02"){throw new Error("malformed RSA key(code:004)")}p.e=s(r,q[1]);return p},parsePublicPKCS8Hex:function(t){var v=ASN1HEX;var u=v.getChildIdx;var s=v.getV;var q={};q.algparam=null;var r=u(t,0);if(r.length!=2){throw new Error("outer DERSequence shall have 2 elements: "+r.length)}var w=r[0];if(t.substr(w,2)!="30"){throw new Error("malformed PKCS8 public key(code:001)")}var p=u(t,w);if(p.length!=2){throw new Error("malformed PKCS8 public key(code:002)")}if(t.substr(p[0],2)!="06"){throw new Error("malformed PKCS8 public key(code:003)")}q.algoid=s(t,p[0]);if(t.substr(p[1],2)=="06"){q.algparam=s(t,p[1])}else{if(t.substr(p[1],2)=="30"){q.algparam={};q.algparam.p=v.getVbyList(t,p[1],[0],"02");q.algparam.q=v.getVbyList(t,p[1],[1],"02");q.algparam.g=v.getVbyList(t,p[1],[2],"02")}}if(t.substr(r[1],2)!="03"){throw new Error("malformed PKCS8 public key(code:004)")}q.key=s(t,r[1]).substr(2);return q},}}();KEYUTIL.getKey=function(l,k,n){var G=ASN1HEX,L=G.getChildIdx,v=G.getV,d=G.getVbyList,c=KJUR.crypto,i=c.ECDSA,C=c.DSA,w=RSAKey,M=pemtohex,F=KEYUTIL;if(typeof w!="undefined"&&l instanceof w){return l}if(typeof i!="undefined"&&l instanceof i){return l}if(typeof C!="undefined"&&l instanceof C){return l}if(l.curve!==undefined&&l.xy!==undefined&&l.d===undefined){return new i({pub:l.xy,curve:l.curve})}if(l.curve!==undefined&&l.d!==undefined){return new i({prv:l.d,curve:l.curve})}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(l.n,l.e);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.co!==undefined&&l.qi===undefined){var P=new w();P.setPrivateEx(l.n,l.e,l.d,l.p,l.q,l.dp,l.dq,l.co);return P}if(l.kty===undefined&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p===undefined){var P=new w();P.setPrivate(l.n,l.e,l.d);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x===undefined){var P=new C();P.setPublic(l.p,l.q,l.g,l.y);return P}if(l.p!==undefined&&l.q!==undefined&&l.g!==undefined&&l.y!==undefined&&l.x!==undefined){var P=new C();P.setPrivate(l.p,l.q,l.g,l.y,l.x);return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d===undefined){var P=new w();P.setPublic(b64utohex(l.n),b64utohex(l.e));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined&&l.p!==undefined&&l.q!==undefined&&l.dp!==undefined&&l.dq!==undefined&&l.qi!==undefined){var P=new w();P.setPrivateEx(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d),b64utohex(l.p),b64utohex(l.q),b64utohex(l.dp),b64utohex(l.dq),b64utohex(l.qi));return P}if(l.kty==="RSA"&&l.n!==undefined&&l.e!==undefined&&l.d!==undefined){var P=new w();P.setPrivate(b64utohex(l.n),b64utohex(l.e),b64utohex(l.d));return P}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d===undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;j.setPublicKeyHex(u);return j}if(l.kty==="EC"&&l.crv!==undefined&&l.x!==undefined&&l.y!==undefined&&l.d!==undefined){var j=new i({curve:l.crv});var t=j.ecparams.keycharlen;var B=("0000000000"+b64utohex(l.x)).slice(-t);var z=("0000000000"+b64utohex(l.y)).slice(-t);var u="04"+B+z;var b=("0000000000"+b64utohex(l.d)).slice(-t);j.setPublicKeyHex(u);j.setPrivateKeyHex(b);return j}if(n==="pkcs5prv"){var J=l,G=ASN1HEX,N,P;N=L(J,0);if(N.length===9){P=new w();P.readPKCS5PrvKeyHex(J)}else{if(N.length===6){P=new C();P.readPKCS5PrvKeyHex(J)}else{if(N.length>2&&J.substr(N[1],2)==="04"){P=new i();P.readPKCS5PrvKeyHex(J)}else{throw new Error("unsupported PKCS#1/5 hexadecimal key")}}}return P}if(n==="pkcs8prv"){var P=F.getKeyFromPlainPrivatePKCS8Hex(l);return P}if(n==="pkcs8pub"){return F._getKeyFromPublicPKCS8Hex(l)}if(n==="x509pub"){return X509.getPublicKeyFromCertHex(l)}if(l.indexOf("-END CERTIFICATE-",0)!=-1||l.indexOf("-END X509 CERTIFICATE-",0)!=-1||l.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1){return X509.getPublicKeyFromCertPEM(l)}if(l.indexOf("-END PUBLIC KEY-")!=-1){var O=pemtohex(l,"PUBLIC KEY");return F._getKeyFromPublicPKCS8Hex(O)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"RSA PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var I=M(l,"DSA PRIVATE KEY");var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")==-1){var m=M(l,"EC PRIVATE KEY");return F.getKey(m,null,"pkcs5prv")}if(l.indexOf("-END PRIVATE KEY-")!=-1){return F.getKeyFromPlainPrivatePKCS8PEM(l)}if(l.indexOf("-END RSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var o=F.getDecryptedKeyHex(l,k);var H=new RSAKey();H.readPKCS5PrvKeyHex(o);return H}if(l.indexOf("-END EC PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var P=d(I,0,[1],"04");var f=d(I,0,[2,0],"06");var A=d(I,0,[3,0],"03").substr(2);var e="";if(KJUR.crypto.OID.oidhex2name[f]!==undefined){e=KJUR.crypto.OID.oidhex2name[f]}else{throw new Error("undefined OID(hex) in KJUR.crypto.OID: "+f)}var j=new i({curve:e});j.setPublicKeyHex(A);j.setPrivateKeyHex(P);j.isPublic=false;return j}if(l.indexOf("-END DSA PRIVATE KEY-")!=-1&&l.indexOf("4,ENCRYPTED")!=-1){var I=F.getDecryptedKeyHex(l,k);var E=d(I,0,[1],"02");var D=d(I,0,[2],"02");var K=d(I,0,[3],"02");var r=d(I,0,[4],"02");var s=d(I,0,[5],"02");var P=new C();P.setPrivate(new BigInteger(E,16),new BigInteger(D,16),new BigInteger(K,16),new BigInteger(r,16),new BigInteger(s,16));return P}if(l.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1){return F.getKeyFromEncryptedPKCS8PEM(l,k)}throw new Error("not supported argument")};KEYUTIL.generateKeypair=function(a,c){if(a=="RSA"){var b=c;var h=new RSAKey();h.generate(b,"10001");h.isPrivate=true;h.isPublic=true;var f=new RSAKey();var e=h.n.toString(16);var i=h.e.toString(16);f.setPublic(e,i);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{if(a=="EC"){var d=c;var g=new KJUR.crypto.ECDSA({curve:d});var j=g.generateKeyPairHex();var h=new KJUR.crypto.ECDSA({curve:d});h.setPublicKeyHex(j.ecpubhex);h.setPrivateKeyHex(j.ecprvhex);h.isPrivate=true;h.isPublic=false;var f=new KJUR.crypto.ECDSA({curve:d});f.setPublicKeyHex(j.ecpubhex);f.isPrivate=false;f.isPublic=true;var k={};k.prvKeyObj=h;k.pubKeyObj=f;return k}else{throw new Error("unknown algorithm: "+a)}}};KEYUTIL.getPEM=function(b,D,y,m,q,j){var F=KJUR,k=F.asn1,z=k.DERObjectIdentifier,f=k.DERInteger,l=k.ASN1Util.newObject,a=k.x509,C=a.SubjectPublicKeyInfo,e=F.crypto,u=e.DSA,r=e.ECDSA,n=RSAKey;function A(s){var H=l({seq:[{"int":0},{"int":{bigint:s.n}},{"int":s.e},{"int":{bigint:s.d}},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.dmp1}},{"int":{bigint:s.dmq1}},{"int":{bigint:s.coeff}}]});return H}function B(H){var s=l({seq:[{"int":1},{octstr:{hex:H.prvKeyHex}},{tag:["a0",true,{oid:{name:H.curveName}}]},{tag:["a1",true,{bitstr:{hex:"00"+H.pubKeyHex}}]}]});return s}function x(s){var H=l({seq:[{"int":0},{"int":{bigint:s.p}},{"int":{bigint:s.q}},{"int":{bigint:s.g}},{"int":{bigint:s.y}},{"int":{bigint:s.x}}]});return H}if(((n!==undefined&&b instanceof n)||(u!==undefined&&b instanceof u)||(r!==undefined&&b instanceof r))&&b.isPublic==true&&(D===undefined||D=="PKCS8PUB")){var E=new C(b);var w=E.tohex();return hextopem(w,"PUBLIC KEY")}if(D=="PKCS1PRV"&&n!==undefined&&b instanceof n&&(y===undefined||y==null)&&b.isPrivate==true){var E=A(b);var w=E.tohex();return hextopem(w,"RSA PRIVATE KEY")}if(D=="PKCS1PRV"&&r!==undefined&&b instanceof r&&(y===undefined||y==null)&&b.isPrivate==true){var i=new z({name:b.curveName});var v=i.tohex();var h=B(b);var t=h.tohex();var p="";p+=hextopem(v,"EC PARAMETERS");p+=hextopem(t,"EC PRIVATE KEY");return p}if(D=="PKCS1PRV"&&u!==undefined&&b instanceof u&&(y===undefined||y==null)&&b.isPrivate==true){var E=x(b);var w=E.tohex();return hextopem(w,"DSA PRIVATE KEY")}if(D=="PKCS5PRV"&&n!==undefined&&b instanceof n&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=A(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",w,y,m,j)}if(D=="PKCS5PRV"&&r!==undefined&&b instanceof r&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=B(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",w,y,m,j)}if(D=="PKCS5PRV"&&u!==undefined&&b instanceof u&&(y!==undefined&&y!=null)&&b.isPrivate==true){var E=x(b);var w=E.tohex();if(m===undefined){m="DES-EDE3-CBC"}return this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",w,y,m,j)}var o=function(H,s){var J=c(H,s);var I=new l({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:J.pbkdf2Salt}},{"int":J.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:J.encryptionSchemeIV}}]}]}]},{octstr:{hex:J.ciphertext}}]});return I.tohex()};var c=function(O,P){var I=100;var N=CryptoJS.lib.WordArray.random(8);var M="DES-EDE3-CBC";var s=CryptoJS.lib.WordArray.random(8);var J=CryptoJS.PBKDF2(P,N,{keySize:192/32,iterations:I});var K=CryptoJS.enc.Hex.parse(O);var L=CryptoJS.TripleDES.encrypt(K,J,{iv:s})+"";var H={};H.ciphertext=L;H.pbkdf2Salt=CryptoJS.enc.Hex.stringify(N);H.pbkdf2Iter=I;H.encryptionSchemeAlg=M;H.encryptionSchemeIV=CryptoJS.enc.Hex.stringify(s);return H};if(D=="PKCS8PRV"&&n!=undefined&&b instanceof n&&b.isPrivate==true){var g=A(b);var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"rsaEncryption"}},{"null":true}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&r!==undefined&&b instanceof r&&b.isPrivate==true){var G={seq:[{"int":1},{octstr:{hex:b.prvKeyHex}}]};if(typeof b.pubKeyHex=="string"){G.seq.push({tag:["a1",true,{bitstr:{hex:"00"+b.pubKeyHex}}]})}var g=new l(G);var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:b.curveName}}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}if(D=="PKCS8PRV"&&u!==undefined&&b instanceof u&&b.isPrivate==true){var g=new f({bigint:b.x});var d=g.tohex();var E=l({seq:[{"int":0},{seq:[{oid:{name:"dsa"}},{seq:[{"int":{bigint:b.p}},{"int":{bigint:b.q}},{"int":{bigint:b.g}}]}]},{octstr:{hex:d}}]});var w=E.tohex();if(y===undefined||y==null){return hextopem(w,"PRIVATE KEY")}else{var t=o(w,y);return hextopem(t,"ENCRYPTED PRIVATE KEY")}}throw new Error("unsupported object nor format")};KEYUTIL.getKeyFromCSRPEM=function(b){var a=pemtohex(b,"CERTIFICATE REQUEST");var c=KEYUTIL.getKeyFromCSRHex(a);return c};KEYUTIL.getKeyFromCSRHex=function(a){var c=KEYUTIL.parseCSRHex(a);var b=KEYUTIL.getKey(c.p8pubkeyhex,null,"pkcs8pub");return b};KEYUTIL.parseCSRHex=function(d){var i=ASN1HEX;var f=i.getChildIdx;var c=i.getTLV;var b={};var g=d;if(g.substr(0,2)!="30"){throw new Error("malformed CSR(code:001)")}var e=f(g,0);if(e.length<1){throw new Error("malformed CSR(code:002)")}if(g.substr(e[0],2)!="30"){throw new Error("malformed CSR(code:003)")}var a=f(g,e[0]);if(a.length<3){throw new Error("malformed CSR(code:004)")}b.p8pubkeyhex=c(g,a[2]);return b};KEYUTIL.getKeyID=function(f){var c=KEYUTIL;var e=ASN1HEX;if(typeof f==="string"&&f.indexOf("BEGIN ")!=-1){f=c.getKey(f)}var d=pemtohex(c.getPEM(f));var b=e.getIdxbyList(d,0,[1]);var a=e.getV(d,b).substring(2);return KJUR.crypto.Util.hashHex(a,"sha1")};KEYUTIL.getJWK=function(d,h,g,b,f){var i;var k={};var e;var c=KJUR.crypto.Util.hashHex;if(typeof d=="string"){i=KEYUTIL.getKey(d);if(d.indexOf("CERTIFICATE")!=-1){e=pemtohex(d)}}else{if(typeof d=="object"){if(d instanceof X509){i=d.getPublicKey();e=d.hex}else{i=d}}else{throw new Error("unsupported keyinfo type")}}if(i instanceof RSAKey&&i.isPrivate){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16));k.d=hextob64u(i.d.toString(16));k.p=hextob64u(i.p.toString(16));k.q=hextob64u(i.q.toString(16));k.dp=hextob64u(i.dmp1.toString(16));k.dq=hextob64u(i.dmq1.toString(16));k.qi=hextob64u(i.coeff.toString(16))}else{if(i instanceof RSAKey&&i.isPublic){k.kty="RSA";k.n=hextob64u(i.n.toString(16));k.e=hextob64u(i.e.toString(16))}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPrivate){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y);k.d=hextob64u(i.prvKeyHex)}else{if(i instanceof KJUR.crypto.ECDSA&&i.isPublic){var a=i.getShortNISTPCurveName();if(a!=="P-256"&&a!=="P-384"&&a!=="P-521"){throw new Error("unsupported curve name for JWT: "+a)}var j=i.getPublicKeyXYHex();k.kty="EC";k.crv=a;k.x=hextob64u(j.x);k.y=hextob64u(j.y)}}}}if(k.kty==undefined){throw new Error("unsupported keyinfo")}if((!i.isPrivate)&&h!=true){k.kid=KJUR.jws.JWS.getJWKthumbprint(k)}if(e!=undefined&&g!=true){k.x5c=[hex2b64(e)]}if(e!=undefined&&b!=true){k.x5t=b64tob64u(hex2b64(c(e,"sha1")))}if(e!=undefined&&f!=true){k["x5t#S256"]=b64tob64u(hex2b64(c(e,"sha256")))}return k};KEYUTIL.getJWKFromKey=function(a){return KEYUTIL.getJWK(a,true,true,true,true)}; RSAKey.getPosArrayOfChildrenFromHex=function(a){return ASN1HEX.getChildIdx(a,0)};RSAKey.getHexValueArrayOfChildrenFromHex=function(f){var n=ASN1HEX;var i=n.getV;var k=RSAKey.getPosArrayOfChildrenFromHex(f);var e=i(f,k[0]);var j=i(f,k[1]);var b=i(f,k[2]);var c=i(f,k[3]);var h=i(f,k[4]);var g=i(f,k[5]);var m=i(f,k[6]);var l=i(f,k[7]);var d=i(f,k[8]);var k=new Array();k.push(e,j,b,c,h,g,m,l,d);return k};RSAKey.prototype.readPrivateKeyFromPEMString=function(d){var c=pemtohex(d);var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS5PrvKeyHex=function(c){var b=RSAKey.getHexValueArrayOfChildrenFromHex(c);this.setPrivateEx(b[1],b[2],b[3],b[4],b[5],b[6],b[7],b[8])};RSAKey.prototype.readPKCS8PrvKeyHex=function(e){var c,i,k,b,a,f,d,j;var m=ASN1HEX;var l=m.getVbyListEx;if(m.isASN1HEX(e)===false){throw new Error("not ASN.1 hex string")}try{c=l(e,0,[2,0,1],"02");i=l(e,0,[2,0,2],"02");k=l(e,0,[2,0,3],"02");b=l(e,0,[2,0,4],"02");a=l(e,0,[2,0,5],"02");f=l(e,0,[2,0,6],"02");d=l(e,0,[2,0,7],"02");j=l(e,0,[2,0,8],"02")}catch(g){throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(c,i,k,b,a,f,d,j)};RSAKey.prototype.readPKCS5PubKeyHex=function(c){var e=ASN1HEX;var b=e.getV;if(e.isASN1HEX(c)===false){throw new Error("keyHex is not ASN.1 hex string")}var a=e.getChildIdx(c,0);if(a.length!==2||c.substr(a[0],2)!=="02"||c.substr(a[1],2)!=="02"){throw new Error("wrong hex for PKCS#5 public key")}var f=b(c,a[0]);var d=b(c,a[1]);this.setPublic(f,d)};RSAKey.prototype.readPKCS8PubKeyHex=function(b){var c=ASN1HEX;if(c.isASN1HEX(b)===false){throw new Error("not ASN.1 hex string")}if(c.getTLVbyListEx(b,0,[0,0])!=="06092a864886f70d010101"){throw new Error("not PKCS8 RSA public key")}var a=c.getTLVbyListEx(b,0,[1,0]);this.readPKCS5PubKeyHex(a)};RSAKey.prototype.readCertPubKeyHex=function(b,d){var a,c;a=new X509();a.readCertHex(b);c=a.getPublicKeyHex();this.readPKCS8PubKeyHex(c)}; var _RE_HEXDECONLY=new RegExp("[^0-9a-f]","gi");function _rsasign_getHexPaddedDigestInfoForString(d,e,a){var b=function(f){return KJUR.crypto.Util.hashString(f,a)};var c=b(d);return KJUR.crypto.Util.getPaddedDigestInfoHex(c,a,e)}function _zeroPaddingOfSignature(e,d){var c="";var a=d/4-e.length;for(var b=0;b>24,(d&16711680)>>16,(d&65280)>>8,d&255]))));d+=1}return b}RSAKey.prototype.signPSS=function(e,a,d){var c=function(f){return KJUR.crypto.Util.hashHex(f,a)};var b=c(rstrtohex(e));if(d===undefined){d=-1}return this.signWithMessageHashPSS(b,a,d)};RSAKey.prototype.signWithMessageHashPSS=function(l,a,k){var b=hextorstr(l);var g=b.length;var m=this.n.bitLength()-1;var c=Math.ceil(m/8);var d;var o=function(i){return KJUR.crypto.Util.hashHex(i,a)};if(k===-1||k===undefined){k=g}else{if(k===-2){k=c-g-2}else{if(k<-2){throw new Error("invalid salt length")}}}if(c<(g+k+2)){throw new Error("data too long")}var f="";if(k>0){f=new Array(k);new SecureRandom().nextBytes(f);f=String.fromCharCode.apply(String,f)}var n=hextorstr(o(rstrtohex("\x00\x00\x00\x00\x00\x00\x00\x00"+b+f)));var j=[];for(d=0;d>(8*c-m))&255;q[0]&=~p;for(d=0;dk){return false}var j=this.doPublic(b);var i=j.toString(16);if(i.length+3!=k/4){return false}var e=i.replace(/^1f+00/,"");var g=_rsasign_getAlgNameAndHashFromHexDisgestInfo(e);if(g.length==0){return false}var d=g[0];var h=g[1];var a=function(m){return KJUR.crypto.Util.hashString(m,d)};var c=a(f);return(h==c)};RSAKey.prototype.verifyWithMessageHash=function(e,a){if(a.length!=Math.ceil(this.n.bitLength()/4)){return false}var b=parseBigInt(a,16);if(b.bitLength()>this.n.bitLength()){return 0}var h=this.doPublic(b);var g=h.toString(16).replace(/^1f+00/,"");var c=_rsasign_getAlgNameAndHashFromHexDisgestInfo(g);if(c.length==0){return false}var d=c[0];var f=c[1];return(f==e)};RSAKey.prototype.verifyPSS=function(c,b,a,f){var e=function(g){return KJUR.crypto.Util.hashHex(g,a)};var d=e(rstrtohex(c));if(f===undefined){f=-1}return this.verifyWithMessageHashPSS(d,b,a,f)};RSAKey.prototype.verifyWithMessageHashPSS=function(f,s,l,c){if(s.length!=Math.ceil(this.n.bitLength()/4)){return false}var k=new BigInteger(s,16);var r=function(i){return KJUR.crypto.Util.hashHex(i,l)};var j=hextorstr(f);var h=j.length;var g=this.n.bitLength()-1;var m=Math.ceil(g/8);var q;if(c===-1||c===undefined){c=h}else{if(c===-2){c=m-h-2}else{if(c<-2){throw new Error("invalid salt length")}}}if(m<(h+c+2)){throw new Error("data too long")}var a=this.doPublic(k).toByteArray();for(q=0;q>(8*m-g))&255;if((d.charCodeAt(0)&p)!==0){throw new Error("bits beyond keysize not zero")}var n=pss_mgf1_str(e,d.length,r);var o=[];for(q=0;q1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};var e=function(E){var z={};try{var B=E.seq[0].oid;var D=KJUR.asn1.x509.OID.name2oid(B);z.type=KJUR.asn1.x509.OID.oid2atype(D);var A=E.seq[1];if(A.utf8str!=undefined){z.ds="utf8";z.value=A.utf8str.str}else{if(A.numstr!=undefined){z.ds="num";z.value=A.numstr.str}else{if(A.telstr!=undefined){z.ds="tel";z.value=A.telstr.str}else{if(A.prnstr!=undefined){z.ds="prn";z.value=A.prnstr.str}else{if(A.ia5str!=undefined){z.ds="ia5";z.value=A.ia5str.str}else{if(A.visstr!=undefined){z.ds="vis";z.value=A.visstr.str}else{if(A.bmpstr!=undefined){z.ds="bmp";z.value=A.bmpstr.str}else{throw"error"}}}}}}}return z}catch(C){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(A){try{return A.set.map(function(B){return e(B)})}catch(z){throw new Error("improper ASN.1 parsed RDN: "+z)}};var h=function(A){try{return A.seq.map(function(B){return i(B)})}catch(z){throw new Error("improper ASN.1 parsed X500Name: "+z)}};this.getX500NameRule=function(z){var G=true;var K=true;var J=false;var A="";var D="";var M=null;var H=[];for(var C=0;C0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){return z}return undefined}catch(B){return undefined}};this._asn1ToNoticeRef=function(F){try{var A={};var B=aryval(F,"seq");for(var D=0;D0){return A}return undefined}catch(C){return undefined}};this._asn1ToNoticeNum=function(E){try{var A=aryval(E,"seq");var z=[];for(var C=0;C1){var G=b(C,B[1]);var A=this.getGeneralName(G);if(A.uri!=undefined){z.uri=A.uri}}if(B.length>2){var D=b(C,B[2]);if(D=="0101ff"){z.reqauth=true}if(D=="010100"){z.reqauth=false}}return z};var e=function(E){var z={};try{var B=E.seq[0].oid;var D=KJUR.asn1.x509.OID.name2oid(B);z.type=KJUR.asn1.x509.OID.oid2atype(D);var A=E.seq[1];if(A.utf8str!=undefined){z.ds="utf8";z.value=A.utf8str.str}else{if(A.numstr!=undefined){z.ds="num";z.value=A.numstr.str}else{if(A.telstr!=undefined){z.ds="tel";z.value=A.telstr.str}else{if(A.prnstr!=undefined){z.ds="prn";z.value=A.prnstr.str}else{if(A.ia5str!=undefined){z.ds="ia5";z.value=A.ia5str.str}else{if(A.visstr!=undefined){z.ds="vis";z.value=A.visstr.str}else{if(A.bmpstr!=undefined){z.ds="bmp";z.value=A.bmpstr.str}else{throw"error"}}}}}}}return z}catch(C){throw new Erorr("improper ASN.1 parsed AttrTypeAndValue")}};var i=function(A){try{return A.set.map(function(B){return e(B)})}catch(z){throw new Error("improper ASN.1 parsed RDN: "+z)}};var h=function(A){try{return A.seq.map(function(B){return i(B)})}catch(z){throw new Error("improper ASN.1 parsed X500Name: "+z)}};this.getX500NameRule=function(z){var G=true;var K=true;var J=false;var A="";var D="";var M=null;var H=[];for(var C=0;C0){z.ext=this.getExtParamArray()}z.sighex=this.getSignatureValueHex();if(A.tbshex==true){z.tbshex=a(this.hex,0,[0])}if(A.nodnarray==true){delete z.issuer.array;delete z.subject.array}return z};this.getExtParamArray=function(A){if(A==undefined){var C=f(this.hex,0,[0,"[3]"]);if(C!=-1){A=q(this.hex,0,[0,"[3]",0],"30")}}var z=[];var B=s(A,0);for(var D=0;D0){var b=":"+n.join(":")+":";if(b.indexOf(":"+k+":")==-1){throw"algorithm '"+k+"' not accepted in the list"}}if(k!="none"&&B===null){throw"key shall be specified to verify."}if(typeof B=="string"&&B.indexOf("-----BEGIN ")!=-1){B=KEYUTIL.getKey(B)}if(z=="RS"||z=="PS"){if(!(B instanceof m)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(z=="ES"){if(!(B instanceof p)){throw"key shall be a ECDSA obj for ES* algs"}}if(k=="none"){}var u=null;if(t.jwsalg2sigalg[l.alg]===undefined){throw"unsupported alg name: "+k}else{u=t.jwsalg2sigalg[k]}if(u=="none"){throw"not supported"}else{if(u.substr(0,4)=="Hmac"){var o=null;if(B===undefined){throw"hexadecimal key shall be specified for HMAC"}var j=new s({alg:u,pass:B});j.updateString(c);o=j.doFinal();return A==o}else{if(u.indexOf("withECDSA")!=-1){var h=null;try{h=p.concatSigToASN1Sig(A)}catch(v){return false}var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(h)}else{var g=new d({alg:u});g.init(B);g.updateString(c);return g.verify(A)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(e,l,r){var d=KJUR,j=d.jws,o=j.JWS,n=o.readSafeJSONString,p=o.inArray,f=o.includedArray;if(!isBase64URLDot(e)){return false}var k=e.split(".");if(k.length!=3){return false}var c=k[0];var i=k[1];var q=c+"."+i;var m=b64utohex(k[2]);var h=n(b64utoutf8(c));var g=n(b64utoutf8(i));if(h.alg===undefined){return false}if(r.alg===undefined){throw"acceptField.alg shall be specified"}if(!p(h.alg,r.alg)){return false}if(g.iss!==undefined&&typeof r.iss==="object"){if(!p(g.iss,r.iss)){return false}}if(g.sub!==undefined&&typeof r.sub==="object"){if(!p(g.sub,r.sub)){return false}}if(g.aud!==undefined&&typeof r.aud==="object"){if(typeof g.aud=="string"){if(!p(g.aud,r.aud)){return false}}else{if(typeof g.aud=="object"){if(!f(g.aud,r.aud)){return false}}}}var b=j.IntDate.getNow();if(r.verifyAt!==undefined&&typeof r.verifyAt==="number"){b=r.verifyAt}if(r.gracePeriod===undefined||typeof r.gracePeriod!=="number"){r.gracePeriod=0}if(g.exp!==undefined&&typeof g.exp=="number"){if(g.exp+r.gracePeriodl){this.aHeader.pop()}if(this.aSignature.length>l){this.aSignature.pop()}throw"addSignature failed: "+i}};this.verifyAll=function(h){if(this.aHeader.length!==h.length||this.aSignature.length!==h.length){return false}for(var g=0;g0){this.aHeader=g.headers}else{throw"malformed header"}if(typeof g.payload==="string"){this.sPayload=g.payload}else{throw"malformed signatures"}if(g.signatures.length>0){this.aSignature=g.signatures}else{throw"malformed signatures"}}catch(e){throw"malformed JWS-JS JSON object: "+e}}};this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}};this.isEmpty=function(){if(this.aHeader.length==0){return 1}return 0}}; diff --git a/npm/package.json b/npm/package.json index ce9071aa..9118c3bd 100755 --- a/npm/package.json +++ b/npm/package.json @@ -1,6 +1,6 @@ { "name": "jsrsasign", - "version": "10.7.0", + "version": "10.8.0", "description": "opensource free pure JavaScript cryptographic library supports RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp and CAdES and JSON Web Signature(JWS)/Token(JWT)/Key(JWK).", "main": "lib/jsrsasign.js", "scripts": { diff --git a/src/asn1-1.0.js b/src/asn1-1.0.js index 3a46ae75..20705cd9 100644 --- a/src/asn1-1.0.js +++ b/src/asn1-1.0.js @@ -1,4 +1,4 @@ -/* asn1-1.0.26.js (c) 2013-2022 Kenji Urushima | kjur.github.io/jsrsasign/license +/* asn1-1.0.27.js (c) 2013-2023 Kenji Urushima | kjur.github.io/jsrsasign/license */ /* * asn1.js - ASN.1 DER encoder classes @@ -16,7 +16,7 @@ * @fileOverview * @name asn1-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 10.5.22 asn1 1.0.26 (2022-May-24) + * @version jsrsasign 10.8.0 asn1 1.0.27 (2023-Apr-08) * @since jsrsasign 2.1 * @license MIT License */ @@ -891,6 +891,8 @@ extendClass(KJUR.asn1.DERBoolean, KJUR.asn1.ASN1Object); KJUR.asn1.DERInteger = function(params) { KJUR.asn1.DERInteger.superclass.constructor.call(this); this.hT = "02"; + this.params = null; + var _biToTwoCompl = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex; /** * set value by Tom Wu's BigInteger object @@ -900,9 +902,8 @@ KJUR.asn1.DERInteger = function(params) { * @param {BigInteger} bigIntegerValue to set */ this.setByBigInteger = function(bigIntegerValue) { - this.hTLV = null; - this.isModified = true; - this.hV = KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(bigIntegerValue); + this.isModified = true; + this.params = { bigint: bigIntegerValue }; }; /** @@ -913,8 +914,8 @@ KJUR.asn1.DERInteger = function(params) { * @param {Integer} integer value to set */ this.setByInteger = function(intValue) { - var bi = new BigInteger(String(intValue), 10); - this.setByBigInteger(bi); + this.isModified = true; + this.params = intValue; }; /** @@ -931,25 +932,38 @@ KJUR.asn1.DERInteger = function(params) { * new KJUR.asn1.DERInteger(123); * new KJUR.asn1.DERInteger({'int': 123}); * new KJUR.asn1.DERInteger({'hex': '1fad'}); + * new KJUR.asn1.DERInteger({'bigint': new BigInteger("1234", 10)}); */ this.setValueHex = function(newHexString) { - this.hV = newHexString; + this.isModified = true; + this.params = { hex: newHexString }; }; this.getFreshValueHex = function() { + var params = this.params; + var bi = null; + if (params == null) throw new Error("value not set"); + + if (typeof params == "object" && params.hex != undefined) { + this.hV = params.hex; + return this.hV; + } + + if (typeof params == "number") { + bi = new BigInteger(String(params), 10); + } else if (params["int"] != undefined) { + bi = new BigInteger(String(params["int"]), 10); + } else if (params.bigint != undefined) { + bi = params.bigint; + } else { + throw new Error("wrong parameter"); + } + this.hV = _biToTwoCompl(bi); return this.hV; }; - if (typeof params != "undefined") { - if (typeof params['bigint'] != "undefined") { - this.setByBigInteger(params['bigint']); - } else if (typeof params['int'] != "undefined") { - this.setByInteger(params['int']); - } else if (typeof params == "number") { - this.setByInteger(params); - } else if (typeof params['hex'] != "undefined") { - this.setValueHex(params['hex']); - } + if (params != undefined) { + this.params = params; } }; extendClass(KJUR.asn1.DERInteger, KJUR.asn1.ASN1Object); diff --git a/src/base64x-1.1.js b/src/base64x-1.1.js index fbabd0eb..3c866dec 100644 --- a/src/base64x-1.1.js +++ b/src/base64x-1.1.js @@ -1,4 +1,4 @@ -/* base64x-1.1.31 (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license +/* base64x-1.1.32 (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license */ /* * base64x.js - Base64url and supplementary functions for Tom Wu's base64.js library @@ -16,7 +16,7 @@ * @fileOverview * @name base64x-1.1.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 10.7.0 base64x 1.1.31 (2023-Mar-11) + * @version jsrsasign 10.8.0 base64x 1.1.32 (2023-Apr-08) * @since jsrsasign 2.1 * @license MIT License */ @@ -786,6 +786,38 @@ function zulutomsec(s) { throw new Error("unsupported zulu format: " + s); } +/** + * Unix origin milliseconds GeneralizedTime string
+ * @name msectozulu + * @function + * @param {number} n milliseconds from Unix origin time (i.e. Jan 1, 1970 0:00:00 UTC) + * @return {string} GeneralizedTime string (ex. 20170412235959.384Z) + * @since jsrsasign 10.8.0 base64x 1.1.31 + * + * @description + * This function converts from milliseconds of Unix origin time (ex. 1199145599000 + * for 31 Dec 2007 23:59:59 GMT) to GeneralizedTime string (i.e. YYYYMMDDHHmmSSZ). + * The result string may have a fraction of second. + * + * @example + * msectozulu(1199145599000) → "20071231235959Z" #Mon, 31 Dec 2007 23:59:59 GMT + * msectozulu(1199145599100) → "20071231235959.1Z" #Mon, 31 Dec 2007 23:59:59.1 GMT + * msectozulu(1199145599123) → "20071231235959.123Z" #Mon, 31 Dec 2007 23:59:59.123 GMT + */ +function msectozulu(n) { + var d = new Date(n), + year = ("0000" + d.getUTCFullYear()).slice(-4), + mon = ("00" + (d.getUTCMonth() + 1)).slice(-2), + day = ("00" + d.getUTCDate()).slice(-2), + hour = ("00" + d.getUTCHours()).slice(-2), + min = ("00" + d.getUTCMinutes()).slice(-2), + sec = ("00" + d.getUTCSeconds()).slice(-2), + msec = ("000" + d.getUTCMilliseconds()).slice(-3); + msec = msec.replace(/0+$/, ''); + msec = (msec != '') ? '.' + msec : msec; + return year + mon + day + hour + min + sec + msec + "Z"; +} + /** * GeneralizedTime or UTCTime string to seconds from Unix origin
* @name zulutosec @@ -1942,6 +1974,49 @@ function namearraytobinstr (namearray, namedb) { return r; } +/** + * get value of array by key name list
+ * @function + * @param {object} val array of associative array + * @param {string} keys concatinated key list with dot (ex. 'type.name.0.info') + * @param {object} def default value if value is not found (OPTIONAL) + * @return {object} value if found otherwise returns def + * @since jsrsasign 10.8.0 base64x 1.1.32 + * + * @description + * This function returns the value of an array or associative array + * which referred by a concatinated key list string. + * If a value for key is not defined, it returns 'undefined' by default. + * When an optional argument 'def' is specified and a value for key is + * not defined, it returns a value of 'def'. + * + * @example + * let p = { + * fruit: apple, + * info: [ + * { toy: 4 }, + * { pen: 6 } + * ] + * }; + * aryval(p, 'fruit') &rarr "apple" + * aryval(p, 'info') &rarr [{toy: 4},{pen: 6}] + * aryval(p, 'info.1') &rarr {pen: 6} + * aryval(p, 'info.1.pen') &rarr 6 + * aryval(p, 'money.amount') &rarr undefined + * aryval(p, 'money.amount', null) &rarr null + */ +function aryval(val, keys, def) { + if (typeof val != "object") return undefined + var keys = String(keys).split('.'); + for (var i = 0; i < keys.length && val; i++) { + var key = keys[i]; + if (key.match(/^[0-9]+$/)) key = parseInt(key); + val = val[key]; + } + return val || val === false ? val : def; +} + + // ======================================================= /** * set class inheritance
diff --git a/src/x509-1.1.js b/src/x509-1.1.js index 5dde75bd..e03e8787 100644 --- a/src/x509-1.1.js +++ b/src/x509-1.1.js @@ -1,9 +1,9 @@ -/* x509-2.1.2.js (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license +/* x509-2.1.3.js (c) 2012-2023 Kenji Urushima | kjur.github.io/jsrsasign/license */ /* * x509.js - X509 class to read subject public key from certificate. * - * Copyright (c) 2010-2022 Kenji Urushima (kenji.urushima@gmail.com) + * Copyright (c) 2010-2023 Kenji Urushima (kenji.urushima@gmail.com) * * This software is licensed under the terms of the MIT License. * https://kjur.github.io/jsrsasign/license @@ -16,7 +16,7 @@ * @fileOverview * @name x509-1.1.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version jsrsasign 10.7.0 x509 2.1.2 (2023-Mar-11) + * @version jsrsasign 10.8.0 x509 2.1.3 (2023-Apr-08) * @since jsrsasign 1.x.x * @license MIT License */ @@ -2004,6 +2004,8 @@ function X509(params) { * @see X509#getExtCertificatePolicies * @see X509#getPolicyInformation * @see X509#getPolicyQualifierInfo + * @see KJUR.asn1.x509.UserNotice + * * @description * This method will get * @@ -2012,28 +2014,85 @@ function X509(params) { * UserNotice ::= SEQUENCE { * noticeRef NoticeReference OPTIONAL, * explicitText DisplayText OPTIONAL } + * NoticeReference ::= SEQUENCE { + * organization DisplayText, + * noticeNumbers SEQUENCE OF INTEGER } * * Result of this method can be passed to - * {@link KJUR.asn1.x509.NoticeReference} constructor. + * {@link KJUR.asn1.x509.UserNotice} constructor. *
- * NOTE: NoticeReference parsing is currently not supported and - * it will be ignored. + * NOTE: NoticeReference supported from jsrsasign 10.8.0. + * * @example * x = new X509(); - * x.getUserNotice("30...") → {exptext: {type: 'utf8', str: 'aaa'}} + * x.getUserNotice("30...") → { + * noticeref: { + * org: {type: 'utf8', str: 'test org'}, + * noticenum: [1] + * }, + * exptext: {type: 'utf8', str: 'test text'} + * } */ this.getUserNotice = function(h) { + var pASN1 = null; var result = {}; - var a = _getChildIdx(h, 0); - for (var i = 0; i < a.length; i++) { - var hItem = _getTLV(h, a[i]); - if (hItem.substr(0, 2) != "30") { - result.exptext = this.getDisplayText(hItem); - } + try { + pASN1 = _ASN1HEX.parse(h); + var pUnotice = this._asn1ToUnotice(pASN1); + return pUnotice; + } catch(ex) { + return undefined; } - return result; }; + this._asn1ToUnotice = function(p) { + try { + var result = {}; + var a = aryval(p, "seq"); + for (var i = 0; i < a.length; i++) { + var pNoticeRef = this._asn1ToNoticeRef(a[i]); + if (pNoticeRef != undefined) result.noticeref = pNoticeRef; + var pExpText = this.asn1ToDisplayText(a[i]); + if (pExpText != undefined) result.exptext = pExpText; + } + if (Object.keys(result).length > 0) return result; + return undefined; + } catch(ex) { + return undefined; + } + } + + this._asn1ToNoticeRef = function(p) { + try { + var result = {}; + var a = aryval(p, "seq"); + for (var i = 0; i < a.length; i++) { + var pNoticeNum = this._asn1ToNoticeNum(a[i]); + if (pNoticeNum != undefined) result.noticenum = pNoticeNum; + var pOrg = this.asn1ToDisplayText(a[i]); + if (pOrg != undefined) result.org = pOrg; + } + if (Object.keys(result).length > 0) return result; + return undefined; + } catch(ex) { + return undefined; + } + } + + this._asn1ToNoticeNum = function(p) { + try { + var a = aryval(p, "seq"); + var result = []; + for (var i = 0; i < a.length; i++) { + var item = a[i]; + result.push(parseInt(aryval(item, "int.hex"), 16)); + } + return result; + } catch(ex) { + return undefined; + } + } + /** * get DisplayText ASN.1 structure parameter as JSON object * @name getDisplayText @@ -2070,6 +2129,47 @@ function X509(params) { return result; }; + /** + * convert ASN1Object parameter to DisplayText parameter + * @name asn1ToDisplayText + * @memberOf X509# + * @function + * @param {Object} pASN1 ASN1Object paramter for DisplayText + * @return {Object} DisplayText paramter + * @since jsrsasign 10.8.0 x509 2.1.3 + * @see X509#getDisplayText + * @see KJUR.asn1.x509.DisplayText + * @see KJUR.asn1.ASN1Util#newObject + * + * @description + * This method converts from {@link KJUR.asn1.ASN1Util#newObject} paramter to + * {@link KJUR.asn1.x509.DisplayText} paramter + * for + * DisplayText ASN.1 structure. + * 
+     * DisplayText ::= CHOICE {
+     *      ia5String        IA5String      (SIZE (1..200)),
+     *      visibleString    VisibleString  (SIZE (1..200)),
+     *      bmpString        BMPString      (SIZE (1..200)),
+     *      utf8String       UTF8String     (SIZE (1..200)) }     
+     *
+ * Result of this method can be passed to + * {@link KJUR.asn1.x509.DisplayText} constructor. + * + * @example + * x = new X509(); + * x.asn1ToDisplayText({utf8str: {str: "aaa"}}) &rarr {type: 'utf8', str: 'aaa'} + * x.asn1ToDisplayText({bmpstr: {str: "aaa"}}) &rarr {type: 'bmp', str: 'aaa'} + */ + this.asn1ToDisplayText = function(pASN1) { + if (pASN1.utf8str != undefined) return { type: "utf8", str: pASN1.utf8str.str }; + if (pASN1.ia5str != undefined) return { type: "ia5", str: pASN1.ia5str.str }; + if (pASN1.visstr != undefined) return { type: "vis", str: pASN1.visstr.str }; + if (pASN1.bmpstr != undefined) return { type: "bmp", str: pASN1.bmpstr.str }; + if (pASN1.prnstr != undefined) return { type: "prn", str: pASN1.prnstr.str }; + return undefined; + } + /** * get PolicyMappings extension value as JSON object
* @name getExtPolicyMappings diff --git a/test/qunit-do-asn1.html b/test/qunit-do-asn1.html index 7fbdb5e5..ca8ae9b4 100755 --- a/test/qunit-do-asn1.html +++ b/test/qunit-do-asn1.html @@ -50,6 +50,7 @@ test("Integer Test", function() { var d = new KJUR.asn1.DERInteger(); + var _DERInteger = KJUR.asn1.DERInteger; d.setByBigInteger(new BigInteger("3", 16)); equal(d.getEncodedHex(), "020103", "setByBigInteger(BI('3',16))"); d.setByBigInteger(new BigInteger("3f", 16)); @@ -62,14 +63,12 @@ equal(d.getEncodedHex(), "0201ff", "setByBigInteger(BI('-1',16))"); d.setByInteger(-3); equal(d.getEncodedHex(), "0201fd", "setByInteger(-3)"); - var d2 = new KJUR.asn1.DERInteger({'bigint': new BigInteger("-3", 16)}); - equal(d2.getEncodedHex(), "0201fd", "constructor bigint -3"); - var d3 = new KJUR.asn1.DERInteger({'int': -3}); - equal(d3.getEncodedHex(), "0201fd", "constructor int -3"); - var d4 = new KJUR.asn1.DERInteger({'hex': 'fd'}); - equal(d4.getEncodedHex(), "0201fd", "constructor hex fd"); - var d5 = new KJUR.asn1.DERInteger({'hex': '00fd'}); - equal(d5.getEncodedHex(), "020200fd", "constructor hex 00fd"); + + equal(new _DERInteger({'bigint': new BigInteger("-3", 16)}).tohex(), "0201fd", "new DERInteger({bigint: new BigInteger(-3, 16)})"); + equal(new _DERInteger({"int": -3}).tohex(), "0201fd", "new DERInteger({int: -3})"); + equal(new _DERInteger({hex: "fd"}).tohex(), "0201fd", "new DERInteger({hex: fd})"); + equal(new _DERInteger({hex: "00fd"}).tohex(), "020200fd", "new DERInteger({hex: 00fd})"); + equal(new _DERInteger(-3).tohex(), "0201fd", "new DERInteger(-3)"); }); test("DERBitString.setByBinaryString test", function() { diff --git a/test/qunit-do-asn1x509.html b/test/qunit-do-asn1x509.html index 65ca72d4..813b6d50 100755 --- a/test/qunit-do-asn1x509.html +++ b/test/qunit-do-asn1x509.html @@ -1087,29 +1087,30 @@ }); test("NoticeReference test", function() { +var pIn, hExpect; var _NoticeReference = KJUR.asn1.x509.NoticeReference; -equal( -(new _NoticeReference({ +pIn = { org: {type: "bmp", str: "Sample Org"}, noticenum: [{int: 3}, {hex: "01af"}] -})).getEncodedHex(), -"30151e0a53616d706c65204f72673007020103020201af", -"both"); +}; +hExpect = "30151e0a53616d706c65204f72673007020103020201af"; +equal(new _NoticeReference(pIn).tohex(), hExpect, "both"); -equal( -(new _NoticeReference({ - org: {type: "bmp", str: "Sample Org"} -})).getEncodedHex(), -"300c1e0a53616d706c65204f7267", -"org only"); +pIn = { + org: {type: "bmp", str: "Sample Org"}, + noticenum: [3, {hex: "01af"}] +}; +hExpect = "30151e0a53616d706c65204f72673007020103020201af"; +equal(new _NoticeReference(pIn).tohex(), hExpect, "both(2)"); -equal( -(new _NoticeReference({ - noticenum: [{int: 3}, {hex: "01af"}] -})).getEncodedHex(), -"30093007020103020201af", -"noticenum only"); +pIn = { org: {type: "bmp", str: "Sample Org"} }; +hExpect = "300c1e0a53616d706c65204f7267"; +equal(new _NoticeReference(pIn).tohex(), hExpect, "org only"); + +pIn = { noticenum: [{int: 3}, {hex: "01af"}] }; +hExpect = "30093007020103020201af"; +equal(new _NoticeReference(pIn).tohex(), hExpect, "noticenum only"); }); test("DisplayText test", function() { diff --git a/test/qunit-do-base64x.html b/test/qunit-do-base64x.html index a9d4f977..262702f8 100755 --- a/test/qunit-do-base64x.html +++ b/test/qunit-do-base64x.html @@ -197,6 +197,13 @@ equal(zulutomsec("561231235959Z"), -410227201000, "561231235959Z"); }); +test("msectozulu", function() { +equal(msectozulu(1199145599000), "20071231235959Z", "20071231235959Z"); +equal(msectozulu(1199145599345), "20071231235959.345Z", "20071231235959.345Z"); +equal(msectozulu(757382399345), "19931231235959.345Z", "19931231235959.345Z"); +equal(msectozulu(-410227201000), "19561231235959Z", "19561231235959Z"); +}); + test("zulutosec", function() { equal(zulutosec("071231235959Z"), 1199145599, "071231235959Z"); equal(zulutosec("071231235959Z"), 1199145599, "071231235959.345Z"); @@ -468,6 +475,23 @@ equal(namearraytobinstr(['banana','kiwi','orange'], db), '0001000011', '> 0001000011'); }); +test("aryval", function() { +var p = { + fruit: 'apple', + info: [ + { toy: 4 }, + { pen: 6 } + ] +}; +deepEqual(aryval(p, 'fruit'), 'apple', 'p.fruit'); +deepEqual(aryval(p, 'info'), [{toy: 4},{pen: 6}], 'p.info'); +deepEqual(aryval(p, 'info.1'), {pen: 6}, 'p.info.1'); +deepEqual(aryval(p, 'info.1.pen'), 6, 'p.info.1.pen'); +deepEqual(aryval(p, 'info.3.pen'), undefined, 'p.info.3.pen'); +deepEqual(aryval(p, 'car'), undefined, 'p.car'); +deepEqual(aryval(p, 'car', null), null, 'p.car null'); +}); + }); diff --git a/test/qunit-do-x509-ext.html b/test/qunit-do-x509-ext.html index d412b32b..0deb8e21 100755 --- a/test/qunit-do-x509-ext.html +++ b/test/qunit-do-x509-ext.html @@ -670,9 +670,9 @@ }); test("getExtCertificatePolicies", function() { -var x = new X509(certGithubPEM); +var x1 = new X509(certGithubPEM); deepEqual( -x.getExtCertificatePolicies(), +x1.getExtCertificatePolicies(), { extname:"certificatePolicies", array: [{ policyoid: "2.16.840.1.114412.2.1", @@ -682,9 +682,9 @@ "for GitHub.com site" ); -var x1 = new X509(pulseCioGovPEM); +var x2 = new X509(pulseCioGovPEM); deepEqual( -x1.getExtCertificatePolicies(), +x2.getExtCertificatePolicies(), { extname:"certificatePolicies", array: [{ policyoid: "2.23.140.1.2.1" @@ -698,12 +698,128 @@ }, "for pulse.cio.gov site Let's Encrypt cert"); +var x3 = new X509(); +var hIn = "3081b03081ad06092a8308868f4c01030330819f30819c06082b0601050507020230818f301a1a134d696e6973747279206f66204a75737469636530030201011a7154686973206365727469666963617465207761732069737375656420696e206163636f7264616e636520776974682074686520436f6d6d65726369616c20526567697374726174696f6e2041637420616e6420746865206f746865722072656c6174656420726567756c6174696f6e732e"; +var pExp = { + extname: "certificatePolicies", + array: [{ + policyoid: "1.2.392.100300.1.3.3", + array: [{ + unotice: { + noticeref: { + org: {type: "vis", str: "Ministry of Justice"}, + noticenum: [1] + }, + exptext: { + type: "vis", + str: "This certificate was issued in accordance with the Commercial Registration Act and the other related regulations." + } + } + }] + }] +}; +deepEqual(x3.getExtCertificatePolicies(hIn, false), pExp, "moj CP"); }); -test("getExtPolicyMappings", function() { +test("_asn1ToUnotice", function() { +var pIn, pExpect; +var x = new X509(); + +pIn = { + seq: [ + { + seq: [ + {utf8str: {str: "test utf8 org name"}}, + {seq: [{"int": {hex: "01"}}]} + ] + }, + {"utf8str": {"str": "test utf8 explicit text"}} + ] +}; +pExpect = { + noticeref: { + org: { type: "utf8", str: "test utf8 org name" }, + noticenum: [1] + }, + exptext: { type: "utf8", str: "test utf8 explicit text" } +}; +deepEqual(x._asn1ToUnotice(pIn), pExpect, "noticeref, exptext"); + +pIn = { seq: [ {"utf8str": {"str": "test utf8 explicit text"}} ] }; +pExpect = { exptext: { type: "utf8", str: "test utf8 explicit text" } }; +deepEqual(x._asn1ToUnotice(pIn), pExpect, "exptext"); + +pIn = { + seq: [ + { + seq: [ + {utf8str: {str: "test utf8 org name"}}, + {seq: [{"int": {hex: "01"}}]} + ] + } + ] +}; +pExpect = { + noticeref: { + org: { type: "utf8", str: "test utf8 org name" }, + noticenum: [1] + } +}; +deepEqual(x._asn1ToUnotice(pIn), pExpect, "noticeref"); + +}); + +test("_asn1ToNoticeRef", function() { +var pIn, pExpect; +var x = new X509(); + +pIn = { + "seq": [ + {"utf8str": {"str": "test utf8 org name"}}, + {"seq": [{"int": {"hex": "01"}}]} + ] +}; +pExpect = { + org: { type: "utf8", str: "test utf8 org name" }, + noticenum: [1] +}; +deepEqual(x._asn1ToNoticeRef(pIn), pExpect, "org, num"); + +pIn = {"seq": [{"utf8str": {"str": "test utf8 org name"}}]}; +pExpect = { org: { type: "utf8", str: "test utf8 org name" } }; +deepEqual(x._asn1ToNoticeRef(pIn), pExpect, "org"); + +pIn = {"seq": [{"seq": [{"int": {"hex": "01"}}]}]}; +pExpect = {noticenum: [1]}; +deepEqual(x._asn1ToNoticeRef(pIn), pExpect, "num"); + +}); + +test("_asn1ToNoticeNum", function() { + var pIn, pExpect; + var x = new X509(); + pIn = {seq: [{"int": {hex: "01"}}, {"int": {hex: 16}}]}; + pExpect = [1, 22]; + deepEqual(x._asn1ToNoticeNum(pIn), pExpect, "[1, 22]"); +}); + +test("getUserNotice", function() { var hIn, pExpect; var x = new X509(); +hIn = "303430190c12746573742075746638206f7267206e616d6530030201010c17746573742075746638206578706c696369742074657874"; +pExpect = { + noticeref: { + org: { type: "utf8", str: "test utf8 org name" }, + noticenum: [1] + }, + exptext: { type: "utf8", str: "test utf8 explicit text" } +} +deepEqual(x.getUserNotice(hIn), pExpect, "sample UserNotice"); +}); +test("getExtPolicyMappings", function() { +var hIn, pExpect; +var x = new X509(); hIn = "300c300a0604551d200006020102"; pExpect = { extname: "policyMappings", @@ -1212,6 +1328,6 @@

-

© 2015-2022 Kenji Urushima

+

© 2015-2023 Kenji Urushima