diff --git a/ChangeLog.txt b/ChangeLog.txt index d53d4705..df203b07 100755 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,9 +1,20 @@ ChangeLog for jsrsasign -* Changes between 5.0.4 to next release +* Changes between 5.0.4 to 5.0.5 - node sample 'jwssign', 'jwtverify', 'asn1dump' and 'pemtobin' added. + - base64x 1.1.5 to 1.1.6 + - license URL small fix + - asn1 1.0.8 to 1.0.9 + - DERGeneralizedTime withMillis fix + - DERGeneralizedTime and DERUTCTime refactoring + - jws 3.3.2 to 3.3.3 + - JWS.parse method added + - IntDate.getZulu UTCTime(YY) support added + - jsrsasign-x.x.x-all-min.js move to lib directory from this version + - jsrsasign-{1.2,1.2.1,1.3,1.3.1,2.0.0}.tgz are removed + since they can get from github release/tags. * Changes between 5.0.2 to 5.0.4 (2015-Nov-23) - jwtverify, asn1dump and pemtobin sample Node script in diff --git a/api/files.html b/api/files.html index 28406312..06a6f2ab 100644 --- a/api/files.html +++ b/api/files.html @@ -421,7 +421,7 @@

asn1-1.0.js

Version:
-
asn1 1.0.8 (2015-Sep-13)
+
asn1 1.0.9 (2015-Nov-26)
@@ -649,7 +649,7 @@

jws-3.3.js

Version:
-
3.3.2 (2015-Nov-11)
+
3.3.3 (2015-Nov-27)
diff --git a/api/symbols/KJUR.jws.IntDate.html b/api/symbols/KJUR.jws.IntDate.html index f2a716d3..650c5ae4 100644 --- a/api/symbols/KJUR.jws.IntDate.html +++ b/api/symbols/KJUR.jws.IntDate.html @@ -701,13 +701,20 @@

get UNIX origin time from Zulu time representation string This method provides UNIX origin time from Zulu time. +Following representations are supported: +
-
KJUR.jws.IntDate.getZulu("20151012125959Z") => 1478...
+
KJUR.jws.IntDate.getZulu("20151012125959Z") => 1478...
+KJUR.jws.IntDate.getZulu("151012125959Z") => 1478...
diff --git a/api/symbols/KJUR.jws.JWS.html b/api/symbols/KJUR.jws.JWS.html index 3501b4d8..1cd310ef 100644 --- a/api/symbols/KJUR.jws.JWS.html +++ b/api/symbols/KJUR.jws.JWS.html @@ -548,6 +548,16 @@

+ + <static>   + +
KJUR.jws.JWS.parse(sJWS) +
+
parse header and payload of JWS signature
+This method parses JWS signature string.
+ + + <static>   @@ -1027,6 +1037,93 @@

Supported Algorithms

+
+ + +
<static> + + {Array} + KJUR.jws.JWS.parse(sJWS) + +
+
+ parse header and payload of JWS signature
+This method parses JWS signature string. +Resulted associative array has following properties: + + + +
+ + + +
KJUR.jws.JWS.parse(sJWS) ->
+{ 
+  headerObj: {"alg": "RS256", "typ": "JWS"},
+  payloadObj: {"product": "orange", "quantity": 100},
+  headerPP: 
+  '{
+    "alg": "RS256",
+    "typ": "JWS"
+  }',
+  payloadPP: 
+  '{
+    "product": "orange",
+    "quantity": 100
+  }',
+  sigHex: "91f3cd..." 
+}
+ + + + +
+
Parameters:
+ +
+ {String} sJWS + +
+
string of JWS signature to parse
+ +
+ + + +
+
Since:
+
jws 3.3.3
+
+ + + +
+
Throws:
+ +
+ +
+
if sJWS is malformed JWS signature
+ +
+ + +
+
Returns:
+ +
{Array} associative array of parsed header and payload. See below.
+ +
+ + + +
diff --git a/api/symbols/src/asn1-1.0.js.html b/api/symbols/src/asn1-1.0.js.html index 8ab9ad17..5ef97499 100644 --- a/api/symbols/src/asn1-1.0.js.html +++ b/api/symbols/src/asn1-1.0.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
  1 /*! asn1-1.0.8.js (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /*! asn1-1.0.9.js (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * asn1.js - ASN.1 DER encoder classes
@@ -23,7 +23,7 @@
  16  * @fileOverview
  17  * @name asn1-1.0.js
  18  * @author Kenji Urushima kenji.urushima@gmail.com
- 19  * @version asn1 1.0.8 (2015-Sep-13)
+ 19  * @version asn1 1.0.9 (2015-Nov-26)
  20  * @since jsrsasign 2.1
  21  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
  22  */
@@ -1327,15 +1327,15 @@
 1320         return this.hV;
 1321     };
 1322 
-1323     if (typeof params != "undefined") {
-1324         if (typeof params['str'] != "undefined") {
-1325             this.setString(params['str']);
+1323     if (params !== undefined) {
+1324         if (params.str !== undefined) {
+1325             this.setString(params.str);
 1326         } else if (typeof params == "string" && params.match(/^[0-9]{12}Z$/)) {
 1327             this.setString(params);
-1328         } else if (typeof params['hex'] != "undefined") {
-1329             this.setStringHex(params['hex']);
-1330         } else if (typeof params['date'] != "undefined") {
-1331             this.setByDate(params['date']);
+1328         } else if (params.hex !== undefined) {
+1329             this.setStringHex(params.hex);
+1330         } else if (params.date !== undefined) {
+1331             this.setByDate(params.date);
 1332         }
 1333     }
 1334 };
@@ -1388,7 +1388,7 @@
 1381     };
 1382 
 1383     this.getFreshValueHex = function() {
-1384         if (typeof this.date == "undefined" && typeof this.s == "undefined") {
+1384         if (this.date === undefined && this.s === undefined) {
 1385             this.date = new Date();
 1386             this.s = this.formatDate(this.date, 'gen', this.withMillis);
 1387             this.hV = stohex(this.s);
@@ -1396,165 +1396,166 @@
 1389         return this.hV;
 1390     };
 1391 
-1392     if (typeof params != "undefined") {
-1393         if (typeof params['str'] != "undefined") {
-1394             this.setString(params['str']);
+1392     if (params !== undefined) {
+1393         if (params.str !== undefined) {
+1394             this.setString(params.str);
 1395         } else if (typeof params == "string" && params.match(/^[0-9]{14}Z$/)) {
 1396             this.setString(params);
-1397         } else if (typeof params['hex'] != "undefined") {
-1398             this.setStringHex(params['hex']);
-1399         } else if (typeof params['date'] != "undefined") {
-1400             this.setByDate(params['date']);
-1401         } else if (params.millis === true) {
-1402             this.withMillis = true;
-1403         }
-1404     }
-1405 };
-1406 YAHOO.lang.extend(KJUR.asn1.DERGeneralizedTime, KJUR.asn1.DERAbstractTime);
-1407 
-1408 // ********************************************************************
-1409 /**
-1410  * class for ASN.1 DER Sequence
-1411  * @name KJUR.asn1.DERSequence
-1412  * @class class for ASN.1 DER Sequence
-1413  * @extends KJUR.asn1.DERAbstractStructured
-1414  * @description
-1415  * <br/>
-1416  * As for argument 'params' for constructor, you can specify one of
-1417  * following properties:
-1418  * <ul>
-1419  * <li>array - specify array of ASN1Object to set elements of content</li>
-1420  * </ul>
-1421  * NOTE: 'params' can be omitted.
-1422  */
-1423 KJUR.asn1.DERSequence = function(params) {
-1424     KJUR.asn1.DERSequence.superclass.constructor.call(this, params);
-1425     this.hT = "30";
-1426     this.getFreshValueHex = function() {
-1427         var h = '';
-1428         for (var i = 0; i < this.asn1Array.length; i++) {
-1429             var asn1Obj = this.asn1Array[i];
-1430             h += asn1Obj.getEncodedHex();
-1431         }
-1432         this.hV = h;
-1433         return this.hV;
-1434     };
-1435 };
-1436 YAHOO.lang.extend(KJUR.asn1.DERSequence, KJUR.asn1.DERAbstractStructured);
-1437 
-1438 // ********************************************************************
-1439 /**
-1440  * class for ASN.1 DER Set
-1441  * @name KJUR.asn1.DERSet
-1442  * @class class for ASN.1 DER Set
-1443  * @extends KJUR.asn1.DERAbstractStructured
-1444  * @description
-1445  * <br/>
-1446  * As for argument 'params' for constructor, you can specify one of
-1447  * following properties:
-1448  * <ul>
-1449  * <li>array - specify array of ASN1Object to set elements of content</li>
-1450  * <li>sortflag - flag for sort (default: true). ASN.1 BER is not sorted in 'SET OF'.</li>
-1451  * </ul>
-1452  * NOTE1: 'params' can be omitted.<br/>
-1453  * NOTE2: sortflag is supported since 1.0.5.
-1454  */
-1455 KJUR.asn1.DERSet = function(params) {
-1456     KJUR.asn1.DERSet.superclass.constructor.call(this, params);
-1457     this.hT = "31";
-1458     this.sortFlag = true; // item shall be sorted only in ASN.1 DER
-1459     this.getFreshValueHex = function() {
-1460         var a = new Array();
-1461         for (var i = 0; i < this.asn1Array.length; i++) {
-1462             var asn1Obj = this.asn1Array[i];
-1463             a.push(asn1Obj.getEncodedHex());
-1464         }
-1465         if (this.sortFlag == true) a.sort();
-1466         this.hV = a.join('');
-1467         return this.hV;
-1468     };
-1469 
-1470     if (typeof params != "undefined") {
-1471         if (typeof params.sortflag != "undefined" &&
-1472             params.sortflag == false)
-1473             this.sortFlag = false;
-1474     }
-1475 };
-1476 YAHOO.lang.extend(KJUR.asn1.DERSet, KJUR.asn1.DERAbstractStructured);
-1477 
-1478 // ********************************************************************
-1479 /**
-1480  * class for ASN.1 DER TaggedObject
-1481  * @name KJUR.asn1.DERTaggedObject
-1482  * @class class for ASN.1 DER TaggedObject
-1483  * @extends KJUR.asn1.ASN1Object
-1484  * @description
-1485  * <br/>
-1486  * Parameter 'tagNoNex' is ASN.1 tag(T) value for this object.
-1487  * For example, if you find '[1]' tag in a ASN.1 dump, 
-1488  * 'tagNoHex' will be 'a1'.
-1489  * <br/>
-1490  * As for optional argument 'params' for constructor, you can specify *ANY* of
-1491  * following properties:
-1492  * <ul>
-1493  * <li>explicit - specify true if this is explicit tag otherwise false 
-1494  *     (default is 'true').</li>
-1495  * <li>tag - specify tag (default is 'a0' which means [0])</li>
-1496  * <li>obj - specify ASN1Object which is tagged</li>
-1497  * </ul>
-1498  * @example
-1499  * d1 = new KJUR.asn1.DERUTF8String({'str':'a'});
-1500  * d2 = new KJUR.asn1.DERTaggedObject({'obj': d1});
-1501  * hex = d2.getEncodedHex();
-1502  */
-1503 KJUR.asn1.DERTaggedObject = function(params) {
-1504     KJUR.asn1.DERTaggedObject.superclass.constructor.call(this);
-1505     this.hT = "a0";
-1506     this.hV = '';
-1507     this.isExplicit = true;
-1508     this.asn1Object = null;
-1509 
-1510     /**
-1511      * set value by an ASN1Object
-1512      * @name setString
-1513      * @memberOf KJUR.asn1.DERTaggedObject
-1514      * @function
-1515      * @param {Boolean} isExplicitFlag flag for explicit/implicit tag
-1516      * @param {Integer} tagNoHex hexadecimal string of ASN.1 tag
-1517      * @param {ASN1Object} asn1Object ASN.1 to encapsulate
-1518      */
-1519     this.setASN1Object = function(isExplicitFlag, tagNoHex, asn1Object) {
-1520         this.hT = tagNoHex;
-1521         this.isExplicit = isExplicitFlag;
-1522         this.asn1Object = asn1Object;
-1523         if (this.isExplicit) {
-1524             this.hV = this.asn1Object.getEncodedHex();
-1525             this.hTLV = null;
-1526             this.isModified = true;
-1527         } else {
-1528             this.hV = null;
-1529             this.hTLV = asn1Object.getEncodedHex();
-1530             this.hTLV = this.hTLV.replace(/^../, tagNoHex);
-1531             this.isModified = false;
-1532         }
-1533     };
-1534 
-1535     this.getFreshValueHex = function() {
-1536         return this.hV;
-1537     };
-1538 
-1539     if (typeof params != "undefined") {
-1540         if (typeof params['tag'] != "undefined") {
-1541             this.hT = params['tag'];
-1542         }
-1543         if (typeof params['explicit'] != "undefined") {
-1544             this.isExplicit = params['explicit'];
-1545         }
-1546         if (typeof params['obj'] != "undefined") {
-1547             this.asn1Object = params['obj'];
-1548             this.setASN1Object(this.isExplicit, this.hT, this.asn1Object);
-1549         }
-1550     }
-1551 };
-1552 YAHOO.lang.extend(KJUR.asn1.DERTaggedObject, KJUR.asn1.ASN1Object);
-1553 
\ No newline at end of file +1397
} else if (params.hex !== undefined) { +1398 this.setStringHex(params.hex); +1399 } else if (params.date !== undefined) { +1400 this.setByDate(params.date); +1401 } +1402 if (params.millis === true) { +1403 this.withMillis = true; +1404 } +1405 } +1406 }; +1407 YAHOO.lang.extend(KJUR.asn1.DERGeneralizedTime, KJUR.asn1.DERAbstractTime); +1408 +1409 // ******************************************************************** +1410 /** +1411 * class for ASN.1 DER Sequence +1412 * @name KJUR.asn1.DERSequence +1413 * @class class for ASN.1 DER Sequence +1414 * @extends KJUR.asn1.DERAbstractStructured +1415 * @description +1416 * <br/> +1417 * As for argument 'params' for constructor, you can specify one of +1418 * following properties: +1419 * <ul> +1420 * <li>array - specify array of ASN1Object to set elements of content</li> +1421 * </ul> +1422 * NOTE: 'params' can be omitted. +1423 */ +1424 KJUR.asn1.DERSequence = function(params) { +1425 KJUR.asn1.DERSequence.superclass.constructor.call(this, params); +1426 this.hT = "30"; +1427 this.getFreshValueHex = function() { +1428 var h = ''; +1429 for (var i = 0; i < this.asn1Array.length; i++) { +1430 var asn1Obj = this.asn1Array[i]; +1431 h += asn1Obj.getEncodedHex(); +1432 } +1433 this.hV = h; +1434 return this.hV; +1435 }; +1436 }; +1437 YAHOO.lang.extend(KJUR.asn1.DERSequence, KJUR.asn1.DERAbstractStructured); +1438 +1439 // ******************************************************************** +1440 /** +1441 * class for ASN.1 DER Set +1442 * @name KJUR.asn1.DERSet +1443 * @class class for ASN.1 DER Set +1444 * @extends KJUR.asn1.DERAbstractStructured +1445 * @description +1446 * <br/> +1447 * As for argument 'params' for constructor, you can specify one of +1448 * following properties: +1449 * <ul> +1450 * <li>array - specify array of ASN1Object to set elements of content</li> +1451 * <li>sortflag - flag for sort (default: true). ASN.1 BER is not sorted in 'SET OF'.</li> +1452 * </ul> +1453 * NOTE1: 'params' can be omitted.<br/> +1454 * NOTE2: sortflag is supported since 1.0.5. +1455 */ +1456 KJUR.asn1.DERSet = function(params) { +1457 KJUR.asn1.DERSet.superclass.constructor.call(this, params); +1458 this.hT = "31"; +1459 this.sortFlag = true; // item shall be sorted only in ASN.1 DER +1460 this.getFreshValueHex = function() { +1461 var a = new Array(); +1462 for (var i = 0; i < this.asn1Array.length; i++) { +1463 var asn1Obj = this.asn1Array[i]; +1464 a.push(asn1Obj.getEncodedHex()); +1465 } +1466 if (this.sortFlag == true) a.sort(); +1467 this.hV = a.join(''); +1468 return this.hV; +1469 }; +1470 +1471 if (typeof params != "undefined") { +1472 if (typeof params.sortflag != "undefined" && +1473 params.sortflag == false) +1474 this.sortFlag = false; +1475 } +1476 }; +1477 YAHOO.lang.extend(KJUR.asn1.DERSet, KJUR.asn1.DERAbstractStructured); +1478 +1479 // ******************************************************************** +1480 /** +1481 * class for ASN.1 DER TaggedObject +1482 * @name KJUR.asn1.DERTaggedObject +1483 * @class class for ASN.1 DER TaggedObject +1484 * @extends KJUR.asn1.ASN1Object +1485 * @description +1486 * <br/> +1487 * Parameter 'tagNoNex' is ASN.1 tag(T) value for this object. +1488 * For example, if you find '[1]' tag in a ASN.1 dump, +1489 * 'tagNoHex' will be 'a1'. +1490 * <br/> +1491 * As for optional argument 'params' for constructor, you can specify *ANY* of +1492 * following properties: +1493 * <ul> +1494 * <li>explicit - specify true if this is explicit tag otherwise false +1495 * (default is 'true').</li> +1496 * <li>tag - specify tag (default is 'a0' which means [0])</li> +1497 * <li>obj - specify ASN1Object which is tagged</li> +1498 * </ul> +1499 * @example +1500 * d1 = new KJUR.asn1.DERUTF8String({'str':'a'}); +1501 * d2 = new KJUR.asn1.DERTaggedObject({'obj': d1}); +1502 * hex = d2.getEncodedHex(); +1503 */ +1504 KJUR.asn1.DERTaggedObject = function(params) { +1505 KJUR.asn1.DERTaggedObject.superclass.constructor.call(this); +1506 this.hT = "a0"; +1507 this.hV = ''; +1508 this.isExplicit = true; +1509 this.asn1Object = null; +1510 +1511 /** +1512 * set value by an ASN1Object +1513 * @name setString +1514 * @memberOf KJUR.asn1.DERTaggedObject +1515 * @function +1516 * @param {Boolean} isExplicitFlag flag for explicit/implicit tag +1517 * @param {Integer} tagNoHex hexadecimal string of ASN.1 tag +1518 * @param {ASN1Object} asn1Object ASN.1 to encapsulate +1519 */ +1520 this.setASN1Object = function(isExplicitFlag, tagNoHex, asn1Object) { +1521 this.hT = tagNoHex; +1522 this.isExplicit = isExplicitFlag; +1523 this.asn1Object = asn1Object; +1524 if (this.isExplicit) { +1525 this.hV = this.asn1Object.getEncodedHex(); +1526 this.hTLV = null; +1527 this.isModified = true; +1528 } else { +1529 this.hV = null; +1530 this.hTLV = asn1Object.getEncodedHex(); +1531 this.hTLV = this.hTLV.replace(/^../, tagNoHex); +1532 this.isModified = false; +1533 } +1534 }; +1535 +1536 this.getFreshValueHex = function() { +1537 return this.hV; +1538 }; +1539 +1540 if (typeof params != "undefined") { +1541 if (typeof params['tag'] != "undefined") { +1542 this.hT = params['tag']; +1543 } +1544 if (typeof params['explicit'] != "undefined") { +1545 this.isExplicit = params['explicit']; +1546 } +1547 if (typeof params['obj'] != "undefined") { +1548 this.asn1Object = params['obj']; +1549 this.setASN1Object(this.isExplicit, this.hT, this.asn1Object); +1550 } +1551 } +1552 }; +1553 YAHOO.lang.extend(KJUR.asn1.DERTaggedObject, KJUR.asn1.ASN1Object); +1554
\ No newline at end of file diff --git a/api/symbols/src/base64x-1.1.js.html b/api/symbols/src/base64x-1.1.js.html index 298bc2d7..9230045b 100644 --- a/api/symbols/src/base64x-1.1.js.html +++ b/api/symbols/src/base64x-1.1.js.html @@ -5,7 +5,7 @@ .STRN {color: #393;} .REGX {color: #339;} .line {border-right: 1px dotted #666; color: #666; font-style: normal;} -
  1 /*! base64x-1.1.6 (c) 2012-2015 Kenji Urushima | kjur.github.com/jsjws/license
+	
  1 /*! base64x-1.1.6 (c) 2012-2015 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * base64x.js - Base64url and supplementary functions for Tom Wu's base64.js library
diff --git a/api/symbols/src/jws-3.3.js.html b/api/symbols/src/jws-3.3.js.html
index 4c734f67..6a8daaf2 100644
--- a/api/symbols/src/jws-3.3.js.html
+++ b/api/symbols/src/jws-3.3.js.html
@@ -5,12 +5,12 @@
 	.STRN {color: #393;}
 	.REGX {color: #339;}
 	.line {border-right: 1px dotted #666; color: #666; font-style: normal;}
-	
  1 /*! jws-3.3.2 (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license
+	
  1 /*! jws-3.3.3 (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license
   2  */
   3 /*
   4  * jws.js - JSON Web Signature(JWS) and JSON Web Token(JWT) Class
   5  *
-  6  * version: 3.3.2 (2015 Nov 11)
+  6  * version: 3.3.3 (2015 Nov 27)
   7  *
   8  * Copyright (c) 2010-2015 Kenji Urushima (kenji.urushima@gmail.com)
   9  *
@@ -25,7 +25,7 @@
  18  * @fileOverview
  19  * @name jws-3.3.js
  20  * @author Kenji Urushima kenji.urushima@gmail.com
- 21  * @version 3.3.2 (2015-Nov-11)
+ 21  * @version 3.3.3 (2015-Nov-27)
  22  * @since jsjws 1.0, jsrsasign 4.8.0
  23  * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a>
  24  */
@@ -469,480 +469,567 @@
 462 };
 463 
 464 /**
-465  * @name verifyJWT
-466  * @memberOf KJUR.jws.JWS
-467  * @function
-468  * @static
-469  * @param {String} sJWT string of JSON Web Token(JWT) to verify
-470  * @param {Object} key string of public key, certificate or key object to verify
-471  * @param {Array} acceptField associative array of acceptable fields (OPTION)
-472  * @return {Boolean} true if the JWT token is valid otherwise false
-473  * @since jws 3.2.3 jsrsasign 4.8.0
+465  * parse header and payload of JWS signature<br/>
+466  * @name parse
+467  * @memberOf KJUR.jws.JWS
+468  * @function
+469  * @static
+470  * @param {String} sJWS string of JWS signature to parse
+471  * @return {Array} associative array of parsed header and payload. See below.
+472  * @throws if sJWS is malformed JWS signature
+473  * @since jws 3.3.3
 474  * @description
-475  * This method verifies a
-476  * <a href="https://tools.ietf.org/html/rfc7519">RFC 7519</a> 
-477  * JSON Web Token(JWT).
-478  * It will verify following:
-479  * <ul>
-480  * <li>Header.alg
-481  * <ul>
-482  * <li>alg is specified in JWT header.</li>
-483  * <li>alg is included in acceptField.alg array. (MANDATORY)</li>
-484  * <li>alg is proper for key.</li>
-485  * </ul>
-486  * </li>
-487  * <li>Payload.iss (issuer) - Payload.iss is included in acceptField.iss array if specified. (OPTION)</li>
-488  * <li>Payload.sub (subject) - Payload.sub is included in acceptField.sub array if specified. (OPTION)</li>
-489  * <li>Payload.aud (audience) - Payload.aud is included in acceptField.aud array or 
-490  *     the same as value if specified. (OPTION)</li>
-491  * <li>Time validity
-492  * <ul>
-493  * <li>If acceptField.verifyAt as number of UNIX origin time is specifed for validation time, 
-494  * this method will verify at the time for it, otherwise current time will be used to verify.</li>
-495  * <li>Payload.exp (expire) - Validation time is smaller than Payloead.exp.</li>
-496  * <li>Payload.nbf (not before) - Validation time is greater than Payloead.nbf.</li>
-497  * <li>Payload.iat (issued at) - Validation time is greater than Payloead.iat.</li>
-498  * </ul>
-499  * </li>
-500  * <li>Payload.jti (JWT id) - Payload.jti is included in acceptField.jti if specified. (OPTION)</li>
-501  * <li>JWS signature of JWS is valid for specified key.</li>
-502  * </ul>
-503  *
-504  * @example
-505  * // simple validation for HS256
-506  * isValid = KJUR.jws.JWS.verifyJWT("eyJhbG...", "616161", {alg: ["HS256"]}),
-507  *
-508  * // full validation for RS or PS
-509  * pubkey = KEYUTIL.getKey('-----BEGIN CERT...');
-510  * isValid = KJUR.jws.JWS.verifyJWT('eyJh...', pubkey, {
-511  *   alg: ['RS256', 'RS512', 'PS256', 'PS512'],
-512  *   iss: ['http://foo.com'],
-513  *   sub: ['mailto:john@foo.com', 'mailto:alice@foo.com'],
-514  *   verifyAt: KJUR.jws.IntDate.get('20150520235959Z'),
-515  *   aud: ['http://foo.com'], // aud: 'http://foo.com' is fine too.
-516  *   jti: 'id123456'
-517  * });
-518  */
-519 KJUR.jws.JWS.verifyJWT = function(sJWT, key, acceptField) {
-520     var ns1 = KJUR.jws.JWS;
-521 
-522     // 1. parse JWT
-523     var a = sJWT.split(".");
-524     var uHeader = a[0];
-525     var uPayload = a[1];
-526     var uSignatureInput = uHeader + "." + uPayload;
-527     var hSig = b64utohex(a[2]);
-528 
-529     // 2. parse JWS header
-530     var pHeader = ns1.readSafeJSONString(b64utoutf8(uHeader));
-531 
-532     // 3. parse JWS payload
-533     var pPayload = ns1.readSafeJSONString(b64utoutf8(uPayload));
-534 
-535     // 4. algorithm ('alg' in header) check
-536     if (pHeader.alg === undefined) return false;
-537     if (acceptField.alg === undefined)
-538 	throw "acceptField.alg shall be specified";
-539     if (! ns1.inArray(pHeader.alg, acceptField.alg)) return false;
-540 
-541     // 5. issuer ('iss' in payload) check
-542     if (pPayload.iss !== undefined && typeof acceptField.iss === "object") {
-543 	if (! ns1.inArray(pPayload.iss, acceptField.iss)) return false;
-544     }
-545 
-546     // 6. subject ('sub' in payload) check
-547     if (pPayload.sub !== undefined && typeof acceptField.sub === "object") {
-548 	if (! ns1.inArray(pPayload.sub, acceptField.sub)) return false;
-549     }
-550 
-551     // 7. audience ('aud' in payload) check
-552     if (pPayload.aud !== undefined && typeof acceptField.aud === "object") {
-553 	if (typeof pPayload.aud == "string") {
-554 	    if (! ns1.inArray(pPayload.aud, acceptField.aud))
-555 		return false;
-556 	} else if (typeof pPayload.aud == "object") {
-557 	    if (! ns1.includedArray(pPayload.aud, acceptField.aud))
-558 		return false;
-559 	}
-560     }
-561 
-562     // 8. time validity (nbf < now < exp) && (iat <= now)
-563     var now = KJUR.jws.IntDate.getNow();
-564     if (acceptField.verifyAt !== undefined && typeof acceptField.verifyAt == "number") {
-565 	now = acceptField.verifyAt;
-566     }
-567 
-568     // 8.1 expired time 'exp' check
-569     if (pPayload.exp !== undefined && typeof pPayload.exp == "number") {
-570 	if (pPayload.exp < now) return false;
-571     }
-572 
-573     // 8.2 not before time 'nbf' check
-574     if (pPayload.nbf !== undefined && typeof pPayload.nbf == "number") {
-575 	if (now < pPayload.nbf) return false;
-576     }
-577     
-578     // 8.3 issued at time 'iat' check
-579     if (pPayload.iat !== undefined && typeof pPayload.iat == "number") {
-580 	if (now < pPayload.iat) return false;
-581     }
-582 
-583     // 9 JWT id 'jti' check
-584     if (pPayload.jti !== undefined && acceptField.jti !== undefined) {
-585       if (pPayload.jti !== acceptField.jti) return false;
-586     }
+475  * This method parses JWS signature string. 
+476  * Resulted associative array has following properties:
+477  * <ul>
+478  * <li>headerObj - JSON object of header</li>
+479  * <li>payloadObj - JSON object of payload if payload is JSON string otherwise undefined</li>
+480  * <li>headerPP - pretty printed JSON header by stringify</li>
+481  * <li>payloadPP - pretty printed JSON payload by stringify if payload is JSON otherwise Base64URL decoded raw string of payload</li>
+482  * <li>sigHex - hexadecimal string of signature</li>
+483  * </ul>
+484  * @example
+485  * KJUR.jws.JWS.parse(sJWS) ->
+486  * { 
+487  *   headerObj: {"alg": "RS256", "typ": "JWS"},
+488  *   payloadObj: {"product": "orange", "quantity": 100},
+489  *   headerPP: 
+490  *   '{
+491  *     "alg": "RS256",
+492  *     "typ": "JWS"
+493  *   }',
+494  *   payloadPP: 
+495  *   '{
+496  *     "product": "orange",
+497  *     "quantity": 100
+498  *   }',
+499  *   sigHex: "91f3cd..." 
+500  * }
+501  */
+502 KJUR.jws.JWS.parse = function(sJWS) {
+503     var a = sJWS.split(".");
+504     var result = {};
+505     var uHeader, uPayload, uSig;
+506     if (a.length != 2 && a.length != 3)
+507 	throw "malformed sJWS: wrong number of '.' splitted elements";
+508 
+509     uHeader = a[0];
+510     uPayload = a[1];
+511     if (a.length == 3) uSig = a[2]; 
+512 
+513     result.headerObj = KJUR.jws.JWS.readSafeJSONString(b64utoutf8(uHeader));
+514     result.payloadObj = KJUR.jws.JWS.readSafeJSONString(b64utoutf8(uPayload));
+515 
+516     result.headerPP = JSON.stringify(result.headerObj, null, "  ");
+517     if (result.payloadObj == null) {
+518 	result.payloadPP = b64utoutf8(uPayload);
+519     } else {
+520 	result.payloadPP = JSON.stringify(result.payloadObj, null, "  ");
+521     }
+522 
+523     if (uSig !== undefined) {
+524 	result.sigHex = b64utohex(uSig);
+525     }
+526 
+527     return result;
+528 };
+529 
+530 /**
+531  * @name verifyJWT
+532  * @memberOf KJUR.jws.JWS
+533  * @function
+534  * @static
+535  * @param {String} sJWT string of JSON Web Token(JWT) to verify
+536  * @param {Object} key string of public key, certificate or key object to verify
+537  * @param {Array} acceptField associative array of acceptable fields (OPTION)
+538  * @return {Boolean} true if the JWT token is valid otherwise false
+539  * @since jws 3.2.3 jsrsasign 4.8.0
+540  * @description
+541  * This method verifies a
+542  * <a href="https://tools.ietf.org/html/rfc7519">RFC 7519</a> 
+543  * JSON Web Token(JWT).
+544  * It will verify following:
+545  * <ul>
+546  * <li>Header.alg
+547  * <ul>
+548  * <li>alg is specified in JWT header.</li>
+549  * <li>alg is included in acceptField.alg array. (MANDATORY)</li>
+550  * <li>alg is proper for key.</li>
+551  * </ul>
+552  * </li>
+553  * <li>Payload.iss (issuer) - Payload.iss is included in acceptField.iss array if specified. (OPTION)</li>
+554  * <li>Payload.sub (subject) - Payload.sub is included in acceptField.sub array if specified. (OPTION)</li>
+555  * <li>Payload.aud (audience) - Payload.aud is included in acceptField.aud array or 
+556  *     the same as value if specified. (OPTION)</li>
+557  * <li>Time validity
+558  * <ul>
+559  * <li>If acceptField.verifyAt as number of UNIX origin time is specifed for validation time, 
+560  * this method will verify at the time for it, otherwise current time will be used to verify.</li>
+561  * <li>Payload.exp (expire) - Validation time is smaller than Payloead.exp.</li>
+562  * <li>Payload.nbf (not before) - Validation time is greater than Payloead.nbf.</li>
+563  * <li>Payload.iat (issued at) - Validation time is greater than Payloead.iat.</li>
+564  * </ul>
+565  * </li>
+566  * <li>Payload.jti (JWT id) - Payload.jti is included in acceptField.jti if specified. (OPTION)</li>
+567  * <li>JWS signature of JWS is valid for specified key.</li>
+568  * </ul>
+569  *
+570  * @example
+571  * // simple validation for HS256
+572  * isValid = KJUR.jws.JWS.verifyJWT("eyJhbG...", "616161", {alg: ["HS256"]}),
+573  *
+574  * // full validation for RS or PS
+575  * pubkey = KEYUTIL.getKey('-----BEGIN CERT...');
+576  * isValid = KJUR.jws.JWS.verifyJWT('eyJh...', pubkey, {
+577  *   alg: ['RS256', 'RS512', 'PS256', 'PS512'],
+578  *   iss: ['http://foo.com'],
+579  *   sub: ['mailto:john@foo.com', 'mailto:alice@foo.com'],
+580  *   verifyAt: KJUR.jws.IntDate.get('20150520235959Z'),
+581  *   aud: ['http://foo.com'], // aud: 'http://foo.com' is fine too.
+582  *   jti: 'id123456'
+583  * });
+584  */
+585 KJUR.jws.JWS.verifyJWT = function(sJWT, key, acceptField) {
+586     var ns1 = KJUR.jws.JWS;
 587 
-588     // 10 JWS signature check
-589     if (! KJUR.jws.JWS.verify(sJWT, key, acceptField.alg)) return false;
-590 
-591     // 11 passed all check
-592     return true;
-593 };
+588     // 1. parse JWT
+589     var a = sJWT.split(".");
+590     var uHeader = a[0];
+591     var uPayload = a[1];
+592     var uSignatureInput = uHeader + "." + uPayload;
+593     var hSig = b64utohex(a[2]);
 594 
-595 /**
-596  * check whether array is included by another array
-597  * @name includedArray
-598  * @memberOf KJUR.jws.JWS
-599  * @function
-600  * @static
-601  * @param {Array} a1 check whether set a1 is included by a2
-602  * @param {Array} a2 check whether set a1 is included by a2
-603  * @return {Boolean} check whether set a1 is included by a2
-604  * @since jws 3.2.3
-605  * This method verifies whether an array is included by another array.
-606  * It doesn't care about item ordering in a array.
-607  * @example
-608  * KJUR.jws.JWS.includedArray(['b'], ['b', 'c', 'a']) => true
-609  * KJUR.jws.JWS.includedArray(['a', 'b'], ['b', 'c', 'a']) => true
-610  * KJUR.jws.JWS.includedArray(['a', 'b'], ['b', 'c']) => false
-611  */
-612 KJUR.jws.JWS.includedArray = function(a1, a2) {
-613     var inArray = KJUR.jws.JWS.inArray;
-614     if (a1 === null) return false;
-615     if (typeof a1 !== "object") return false;
-616     if (typeof a1.length !== "number") return false;
-617 
-618     for (var i = 0; i < a1.length; i++) {
-619 	if (! inArray(a1[i], a2)) return false;
-620     }
-621     return true;
-622 };
-623 
-624 /**
-625  * check whether item is included by array
-626  * @name inArray
-627  * @memberOf KJUR.jws.JWS
-628  * @function
-629  * @static
-630  * @param {String} item check whether item is included by array
-631  * @param {Array} a check whether item is included by array
-632  * @return {Boolean} check whether item is included by array
-633  * @since jws 3.2.3
-634  * This method verifies whether an item is included by an array.
-635  * It doesn't care about item ordering in an array.
-636  * @example
-637  * KJUR.jws.JWS.inArray('b', ['b', 'c', 'a']) => true
-638  * KJUR.jws.JWS.inArray('a', ['b', 'c', 'a']) => true
-639  * KJUR.jws.JWS.inArray('a', ['b', 'c']) => false
-640  */
-641 KJUR.jws.JWS.inArray = function(item, a) {
-642     if (a === null) return false;
-643     if (typeof a !== "object") return false;
-644     if (typeof a.length !== "number") return false;
-645     for (var i = 0; i < a.length; i++) {
-646 	if (a[i] == item) return true;
+595     // 2. parse JWS header
+596     var pHeader = ns1.readSafeJSONString(b64utoutf8(uHeader));
+597 
+598     // 3. parse JWS payload
+599     var pPayload = ns1.readSafeJSONString(b64utoutf8(uPayload));
+600 
+601     // 4. algorithm ('alg' in header) check
+602     if (pHeader.alg === undefined) return false;
+603     if (acceptField.alg === undefined)
+604 	throw "acceptField.alg shall be specified";
+605     if (! ns1.inArray(pHeader.alg, acceptField.alg)) return false;
+606 
+607     // 5. issuer ('iss' in payload) check
+608     if (pPayload.iss !== undefined && typeof acceptField.iss === "object") {
+609 	if (! ns1.inArray(pPayload.iss, acceptField.iss)) return false;
+610     }
+611 
+612     // 6. subject ('sub' in payload) check
+613     if (pPayload.sub !== undefined && typeof acceptField.sub === "object") {
+614 	if (! ns1.inArray(pPayload.sub, acceptField.sub)) return false;
+615     }
+616 
+617     // 7. audience ('aud' in payload) check
+618     if (pPayload.aud !== undefined && typeof acceptField.aud === "object") {
+619 	if (typeof pPayload.aud == "string") {
+620 	    if (! ns1.inArray(pPayload.aud, acceptField.aud))
+621 		return false;
+622 	} else if (typeof pPayload.aud == "object") {
+623 	    if (! ns1.includedArray(pPayload.aud, acceptField.aud))
+624 		return false;
+625 	}
+626     }
+627 
+628     // 8. time validity (nbf < now < exp) && (iat <= now)
+629     var now = KJUR.jws.IntDate.getNow();
+630     if (acceptField.verifyAt !== undefined && typeof acceptField.verifyAt == "number") {
+631 	now = acceptField.verifyAt;
+632     }
+633 
+634     // 8.1 expired time 'exp' check
+635     if (pPayload.exp !== undefined && typeof pPayload.exp == "number") {
+636 	if (pPayload.exp < now) return false;
+637     }
+638 
+639     // 8.2 not before time 'nbf' check
+640     if (pPayload.nbf !== undefined && typeof pPayload.nbf == "number") {
+641 	if (now < pPayload.nbf) return false;
+642     }
+643     
+644     // 8.3 issued at time 'iat' check
+645     if (pPayload.iat !== undefined && typeof pPayload.iat == "number") {
+646 	if (now < pPayload.iat) return false;
 647     }
-648     return false;
-649 };
-650 
-651 /**
-652  * static associative array of general signature algorithm name from JWS algorithm name
-653  * @since jws 3.0.0
-654  */
-655 KJUR.jws.JWS.jwsalg2sigalg = {
-656     "HS256":	"HmacSHA256",
-657     "HS384":	"HmacSHA384",
-658     "HS512":	"HmacSHA512",
-659     "RS256":	"SHA256withRSA",
-660     "RS384":	"SHA384withRSA",
-661     "RS512":	"SHA512withRSA",
-662     "ES256":	"SHA256withECDSA",
-663     "ES384":	"SHA384withECDSA",
-664     //"ES512":	"SHA512withECDSA", // unsupported because of jsrsasign's bug
-665     "PS256":	"SHA256withRSAandMGF1",
-666     "PS384":	"SHA384withRSAandMGF1",
-667     "PS512":	"SHA512withRSAandMGF1",
-668     "none":	"none",
-669 };
-670 
-671 // === utility static method ======================================================
-672 
-673 /**
-674  * check whether a String "s" is a safe JSON string or not.<br/>
-675  * If a String "s" is a malformed JSON string or an other object type
-676  * this returns 0, otherwise this returns 1.
-677  * @name isSafeJSONString
-678  * @memberOf KJUR.jws.JWS
-679  * @function
-680  * @static
-681  * @param {String} s JSON string
-682  * @return {Number} 1 or 0
-683  */
-684 KJUR.jws.JWS.isSafeJSONString = function(s, h, p) {
-685     var o = null;
-686     try {
-687 	o = jsonParse(s);
-688 	if (typeof o != "object") return 0;
-689 	if (o.constructor === Array) return 0;
-690 	if (h) h[p] = o;
-691 	return 1;
-692     } catch (ex) {
-693 	return 0;
-694     }
-695 };
-696 
-697 /**
-698  * read a String "s" as JSON object if it is safe.<br/>
-699  * If a String "s" is a malformed JSON string or not JSON string,
-700  * this returns null, otherwise returns JSON object.
-701  * @name readSafeJSONString
-702  * @memberOf KJUR.jws.JWS
-703  * @function
-704  * @static
-705  * @param {String} s JSON string
-706  * @return {Object} JSON object or null
-707  * @since 1.1.1
-708  */
-709 KJUR.jws.JWS.readSafeJSONString = function(s) {
-710     var o = null;
-711     try {
-712 	o = jsonParse(s);
-713 	if (typeof o != "object") return null;
-714 	if (o.constructor === Array) return null;
-715 	return o;
-716     } catch (ex) {
-717 	return null;
-718     }
-719 };
-720 
-721 /**
-722  * get Encoed Signature Value from JWS string.<br/>
-723  * @name getEncodedSignatureValueFromJWS
-724  * @memberOf KJUR.jws.JWS
-725  * @function
-726  * @static
-727  * @param {String} sJWS JWS signature string to be verified
-728  * @return {String} string of Encoded Signature Value 
-729  * @throws if sJWS is not comma separated string such like "Header.Payload.Signature".
-730  */
-731 KJUR.jws.JWS.getEncodedSignatureValueFromJWS = function(sJWS) {
-732     if (sJWS.match(/^[^.]+\.[^.]+\.([^.]+)$/) == null) {
-733 	throw "JWS signature is not a form of 'Head.Payload.SigValue'.";
-734     }
-735     return RegExp.$1;
-736 };
-737 
-738 /**
-739  * get RFC 7638 JWK thumbprint from JWK object
-740  * @name getJWKthumbprint
-741  * @memberOf KJUR.jws.JWS
-742  * @function
-743  * @static
-744  * @param {String} o JWK object to be calculated thumbprint
-745  * @return {String} Base64 URL encoded JWK thumbprint value
-746  * @since jsrsasign 5.0.2 jws 3.3.2
-747  * @description
-748  * This method calculates JWK thmubprint for specified JWK object
-749  * as described in 
-750  * <a href="https://tools.ietf.org/html/rfc7638">RFC 7638</a>.
-751  * It supports all type of "kty". (i.e. "RSA", "EC" and "oct"
-752  * (for symmetric key))
-753  * Working sample is 
-754  * <a href="https://kjur.github.io/jsrsasign/sample/tool_jwktp.html">here</a>.
-755  * @example
-756  * jwk = {"kty":"RSA", "n":"0vx...", "e":"AQAB", ...};
-757  * thumbprint = KJUR.jws.JWS.getJWKthumbprint(jwk);
-758  */
-759 KJUR.jws.JWS.getJWKthumbprint = function(o) {
-760     if (o.kty !== "RSA" &&
-761 	o.kty !== "EC" &&
-762 	o.kty !== "oct")
-763 	throw "unsupported algorithm for JWK Thumprint";
-764 
-765     // 1. get canonically ordered json string
-766     var s = '{';
-767     if (o.kty === "RSA") {
-768 	if (typeof o.n != "string" || typeof o.e != "string")
-769 	    throw "wrong n and e value for RSA key";
-770 	s += '"' + 'e' + '":"' + o.e + '",';
-771 	s += '"' + 'kty' + '":"' + o.kty + '",';
-772 	s += '"' + 'n' + '":"' + o.n + '"}';
-773     } else if (o.kty === "EC") {
-774 	if (typeof o.crv != "string" || 
-775 	    typeof o.x != "string" ||
-776 	    typeof o.y != "string")
-777 	    throw "wrong crv, x and y value for EC key";
-778 	s += '"' + 'crv' + '":"' + o.crv + '",';
-779 	s += '"' + 'kty' + '":"' + o.kty + '",';
-780 	s += '"' + 'x' + '":"' + o.x + '",';
-781 	s += '"' + 'y' + '":"' + o.y + '"}';
-782     } else if (o.kty === "oct") {
-783 	if (typeof o.k != "string")
-784 	    throw "wrong k value for oct(symmetric) key";
-785 	s += '"' + 'kty' + '":"' + o.kty + '",';
-786 	s += '"' + 'k' + '":"' + o.k + '"}';
-787     }
-788     //alert(s);
-789 
-790     // 2. get thumb print
-791     var hJWK = rstrtohex(s);
-792     var hash = KJUR.crypto.Util.hashHex(hJWK, "sha256");
-793     var hashB64U = hextob64u(hash);
-794 
-795     return hashB64U;
-796 };
-797 
-798 /**
-799  * IntDate class for time representation for JSON Web Token(JWT)
-800  * @class KJUR.jws.IntDate class
-801  * @name KJUR.jws.IntDate
-802  * @since jws 3.0.1
-803  * @description
-804  * Utility class for IntDate which is integer representation of UNIX origin time
-805  * used in JSON Web Token(JWT).
-806  */
-807 KJUR.jws.IntDate = {};
-808 
-809 /**
-810  * get UNIX origin time from by string
-811  * @name get
-812  * @memberOf KJUR.jws.IntDate
-813  * @function
-814  * @static
-815  * @param {String} s string of time representation
-816  * @return {Integer} UNIX origin time in seconds for argument 's'
-817  * @since jws 3.0.1
-818  * @throws "unsupported format: s" when malformed format
-819  * @description
-820  * This method will accept following representation of time.
-821  * <ul>
-822  * <li>now - current time</li>
-823  * <li>now + 1hour - after 1 hour from now</li>
-824  * <li>now + 1day - after 1 day from now</li>
-825  * <li>now + 1month - after 30 days from now</li>
-826  * <li>now + 1year - after 365 days from now</li>
-827  * <li>YYYYmmDDHHMMSSZ - UTC time (ex. 20130828235959Z)</li>
-828  * <li>number - UNIX origin time (seconds from 1970-01-01 00:00:00) (ex. 1377714748)</li>
-829  * </ul>
-830  */
-831 KJUR.jws.IntDate.get = function(s) {
-832     if (s == "now") {
-833 	return KJUR.jws.IntDate.getNow();
-834     } else if (s == "now + 1hour") {
-835 	return KJUR.jws.IntDate.getNow() + 60 * 60;
-836     } else if (s == "now + 1day") {
-837 	return KJUR.jws.IntDate.getNow() + 60 * 60 * 24;
-838     } else if (s == "now + 1month") {
-839 	return KJUR.jws.IntDate.getNow() + 60 * 60 * 24 * 30;
-840     } else if (s == "now + 1year") {
-841 	return KJUR.jws.IntDate.getNow() + 60 * 60 * 24 * 365;
-842     } else if (s.match(/Z$/)) {
-843 	return KJUR.jws.IntDate.getZulu(s);
-844     } else if (s.match(/^[0-9]+$/)) {
-845 	return parseInt(s);
-846     }
-847     throw "unsupported format: " + s;
-848 };
-849 
-850 /**
-851  * get UNIX origin time from Zulu time representation string
-852  * @name getZulu
-853  * @memberOf KJUR.jws.IntDate
-854  * @function
-855  * @static
-856  * @param {String} s string of Zulu time representation (ex. 20151012125959Z)
-857  * @return {Integer} UNIX origin time in seconds for argument 's'
-858  * @since jws 3.0.1
-859  * @throws "unsupported format: s" when malformed format
-860  * @description
-861  * This method provides UNIX origin time from Zulu time.
-862  * @example
-863  * KJUR.jws.IntDate.getZulu("20151012125959Z") => 1478...
-864  */
-865 KJUR.jws.IntDate.getZulu = function(s) {
-866     if (a = s.match(/(\d{4})(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z/)) {
-867 	var year = parseInt(RegExp.$1);
-868 	var month = parseInt(RegExp.$2) - 1;
-869 	var day = parseInt(RegExp.$3);
-870 	var hour = parseInt(RegExp.$4);
-871 	var min = parseInt(RegExp.$5);
-872 	var sec = parseInt(RegExp.$6);
-873 	var d = new Date(Date.UTC(year, month, day, hour, min, sec));
-874 	return ~~(d / 1000);
-875     }
-876     throw "unsupported format: " + s;
-877 };
-878 
-879 /**
-880  * get UNIX origin time of current time
-881  * @name getNow
-882  * @memberOf KJUR.jws.IntDate
-883  * @function
-884  * @static
-885  * @return {Integer} UNIX origin time for current time
-886  * @since jws 3.0.1
-887  * @description
-888  * This method provides UNIX origin time for current time
-889  * @example
-890  * KJUR.jws.IntDate.getNow() => 1478...
-891  */
-892 KJUR.jws.IntDate.getNow = function() {
-893     var d = ~~(new Date() / 1000);
-894     return d;
-895 };
-896 
-897 /**
-898  * get UTC time string from UNIX origin time value
-899  * @name intDate2UTCString
-900  * @memberOf KJUR.jws.IntDate
-901  * @function
-902  * @static
-903  * @param {Integer} intDate UNIX origin time value (ex. 1478...)
-904  * @return {String} UTC time string
-905  * @since jws 3.0.1
-906  * @description
-907  * This method provides UTC time string for UNIX origin time value.
-908  * @example
-909  * KJUR.jws.IntDate.intDate2UTCString(1478...) => "2015 Oct ..."
-910  */
-911 KJUR.jws.IntDate.intDate2UTCString = function(intDate) {
-912     var d = new Date(intDate * 1000);
-913     return d.toUTCString();
+648 
+649     // 9 JWT id 'jti' check
+650     if (pPayload.jti !== undefined && acceptField.jti !== undefined) {
+651       if (pPayload.jti !== acceptField.jti) return false;
+652     }
+653 
+654     // 10 JWS signature check
+655     if (! KJUR.jws.JWS.verify(sJWT, key, acceptField.alg)) return false;
+656 
+657     // 11 passed all check
+658     return true;
+659 };
+660 
+661 /**
+662  * check whether array is included by another array
+663  * @name includedArray
+664  * @memberOf KJUR.jws.JWS
+665  * @function
+666  * @static
+667  * @param {Array} a1 check whether set a1 is included by a2
+668  * @param {Array} a2 check whether set a1 is included by a2
+669  * @return {Boolean} check whether set a1 is included by a2
+670  * @since jws 3.2.3
+671  * This method verifies whether an array is included by another array.
+672  * It doesn't care about item ordering in a array.
+673  * @example
+674  * KJUR.jws.JWS.includedArray(['b'], ['b', 'c', 'a']) => true
+675  * KJUR.jws.JWS.includedArray(['a', 'b'], ['b', 'c', 'a']) => true
+676  * KJUR.jws.JWS.includedArray(['a', 'b'], ['b', 'c']) => false
+677  */
+678 KJUR.jws.JWS.includedArray = function(a1, a2) {
+679     var inArray = KJUR.jws.JWS.inArray;
+680     if (a1 === null) return false;
+681     if (typeof a1 !== "object") return false;
+682     if (typeof a1.length !== "number") return false;
+683 
+684     for (var i = 0; i < a1.length; i++) {
+685 	if (! inArray(a1[i], a2)) return false;
+686     }
+687     return true;
+688 };
+689 
+690 /**
+691  * check whether item is included by array
+692  * @name inArray
+693  * @memberOf KJUR.jws.JWS
+694  * @function
+695  * @static
+696  * @param {String} item check whether item is included by array
+697  * @param {Array} a check whether item is included by array
+698  * @return {Boolean} check whether item is included by array
+699  * @since jws 3.2.3
+700  * This method verifies whether an item is included by an array.
+701  * It doesn't care about item ordering in an array.
+702  * @example
+703  * KJUR.jws.JWS.inArray('b', ['b', 'c', 'a']) => true
+704  * KJUR.jws.JWS.inArray('a', ['b', 'c', 'a']) => true
+705  * KJUR.jws.JWS.inArray('a', ['b', 'c']) => false
+706  */
+707 KJUR.jws.JWS.inArray = function(item, a) {
+708     if (a === null) return false;
+709     if (typeof a !== "object") return false;
+710     if (typeof a.length !== "number") return false;
+711     for (var i = 0; i < a.length; i++) {
+712 	if (a[i] == item) return true;
+713     }
+714     return false;
+715 };
+716 
+717 /**
+718  * static associative array of general signature algorithm name from JWS algorithm name
+719  * @since jws 3.0.0
+720  */
+721 KJUR.jws.JWS.jwsalg2sigalg = {
+722     "HS256":	"HmacSHA256",
+723     "HS384":	"HmacSHA384",
+724     "HS512":	"HmacSHA512",
+725     "RS256":	"SHA256withRSA",
+726     "RS384":	"SHA384withRSA",
+727     "RS512":	"SHA512withRSA",
+728     "ES256":	"SHA256withECDSA",
+729     "ES384":	"SHA384withECDSA",
+730     //"ES512":	"SHA512withECDSA", // unsupported because of jsrsasign's bug
+731     "PS256":	"SHA256withRSAandMGF1",
+732     "PS384":	"SHA384withRSAandMGF1",
+733     "PS512":	"SHA512withRSAandMGF1",
+734     "none":	"none",
+735 };
+736 
+737 // === utility static method ==================================================
+738 
+739 /**
+740  * check whether a String "s" is a safe JSON string or not.<br/>
+741  * If a String "s" is a malformed JSON string or an other object type
+742  * this returns 0, otherwise this returns 1.
+743  * @name isSafeJSONString
+744  * @memberOf KJUR.jws.JWS
+745  * @function
+746  * @static
+747  * @param {String} s JSON string
+748  * @return {Number} 1 or 0
+749  */
+750 KJUR.jws.JWS.isSafeJSONString = function(s, h, p) {
+751     var o = null;
+752     try {
+753 	o = jsonParse(s);
+754 	if (typeof o != "object") return 0;
+755 	if (o.constructor === Array) return 0;
+756 	if (h) h[p] = o;
+757 	return 1;
+758     } catch (ex) {
+759 	return 0;
+760     }
+761 };
+762 
+763 /**
+764  * read a String "s" as JSON object if it is safe.<br/>
+765  * If a String "s" is a malformed JSON string or not JSON string,
+766  * this returns null, otherwise returns JSON object.
+767  * @name readSafeJSONString
+768  * @memberOf KJUR.jws.JWS
+769  * @function
+770  * @static
+771  * @param {String} s JSON string
+772  * @return {Object} JSON object or null
+773  * @since 1.1.1
+774  */
+775 KJUR.jws.JWS.readSafeJSONString = function(s) {
+776     var o = null;
+777     try {
+778 	o = jsonParse(s);
+779 	if (typeof o != "object") return null;
+780 	if (o.constructor === Array) return null;
+781 	return o;
+782     } catch (ex) {
+783 	return null;
+784     }
+785 };
+786 
+787 /**
+788  * get Encoed Signature Value from JWS string.<br/>
+789  * @name getEncodedSignatureValueFromJWS
+790  * @memberOf KJUR.jws.JWS
+791  * @function
+792  * @static
+793  * @param {String} sJWS JWS signature string to be verified
+794  * @return {String} string of Encoded Signature Value 
+795  * @throws if sJWS is not comma separated string such like "Header.Payload.Signature".
+796  */
+797 KJUR.jws.JWS.getEncodedSignatureValueFromJWS = function(sJWS) {
+798     if (sJWS.match(/^[^.]+\.[^.]+\.([^.]+)$/) == null) {
+799 	throw "JWS signature is not a form of 'Head.Payload.SigValue'.";
+800     }
+801     return RegExp.$1;
+802 };
+803 
+804 /**
+805  * get RFC 7638 JWK thumbprint from JWK object
+806  * @name getJWKthumbprint
+807  * @memberOf KJUR.jws.JWS
+808  * @function
+809  * @static
+810  * @param {String} o JWK object to be calculated thumbprint
+811  * @return {String} Base64 URL encoded JWK thumbprint value
+812  * @since jsrsasign 5.0.2 jws 3.3.2
+813  * @description
+814  * This method calculates JWK thmubprint for specified JWK object
+815  * as described in 
+816  * <a href="https://tools.ietf.org/html/rfc7638">RFC 7638</a>.
+817  * It supports all type of "kty". (i.e. "RSA", "EC" and "oct"
+818  * (for symmetric key))
+819  * Working sample is 
+820  * <a href="https://kjur.github.io/jsrsasign/sample/tool_jwktp.html">here</a>.
+821  * @example
+822  * jwk = {"kty":"RSA", "n":"0vx...", "e":"AQAB", ...};
+823  * thumbprint = KJUR.jws.JWS.getJWKthumbprint(jwk);
+824  */
+825 KJUR.jws.JWS.getJWKthumbprint = function(o) {
+826     if (o.kty !== "RSA" &&
+827 	o.kty !== "EC" &&
+828 	o.kty !== "oct")
+829 	throw "unsupported algorithm for JWK Thumprint";
+830 
+831     // 1. get canonically ordered json string
+832     var s = '{';
+833     if (o.kty === "RSA") {
+834 	if (typeof o.n != "string" || typeof o.e != "string")
+835 	    throw "wrong n and e value for RSA key";
+836 	s += '"' + 'e' + '":"' + o.e + '",';
+837 	s += '"' + 'kty' + '":"' + o.kty + '",';
+838 	s += '"' + 'n' + '":"' + o.n + '"}';
+839     } else if (o.kty === "EC") {
+840 	if (typeof o.crv != "string" || 
+841 	    typeof o.x != "string" ||
+842 	    typeof o.y != "string")
+843 	    throw "wrong crv, x and y value for EC key";
+844 	s += '"' + 'crv' + '":"' + o.crv + '",';
+845 	s += '"' + 'kty' + '":"' + o.kty + '",';
+846 	s += '"' + 'x' + '":"' + o.x + '",';
+847 	s += '"' + 'y' + '":"' + o.y + '"}';
+848     } else if (o.kty === "oct") {
+849 	if (typeof o.k != "string")
+850 	    throw "wrong k value for oct(symmetric) key";
+851 	s += '"' + 'kty' + '":"' + o.kty + '",';
+852 	s += '"' + 'k' + '":"' + o.k + '"}';
+853     }
+854     //alert(s);
+855 
+856     // 2. get thumb print
+857     var hJWK = rstrtohex(s);
+858     var hash = KJUR.crypto.Util.hashHex(hJWK, "sha256");
+859     var hashB64U = hextob64u(hash);
+860 
+861     return hashB64U;
+862 };
+863 
+864 /**
+865  * IntDate class for time representation for JSON Web Token(JWT)
+866  * @class KJUR.jws.IntDate class
+867  * @name KJUR.jws.IntDate
+868  * @since jws 3.0.1
+869  * @description
+870  * Utility class for IntDate which is integer representation of UNIX origin time
+871  * used in JSON Web Token(JWT).
+872  */
+873 KJUR.jws.IntDate = {};
+874 
+875 /**
+876  * get UNIX origin time from by string
+877  * @name get
+878  * @memberOf KJUR.jws.IntDate
+879  * @function
+880  * @static
+881  * @param {String} s string of time representation
+882  * @return {Integer} UNIX origin time in seconds for argument 's'
+883  * @since jws 3.0.1
+884  * @throws "unsupported format: s" when malformed format
+885  * @description
+886  * This method will accept following representation of time.
+887  * <ul>
+888  * <li>now - current time</li>
+889  * <li>now + 1hour - after 1 hour from now</li>
+890  * <li>now + 1day - after 1 day from now</li>
+891  * <li>now + 1month - after 30 days from now</li>
+892  * <li>now + 1year - after 365 days from now</li>
+893  * <li>YYYYmmDDHHMMSSZ - UTC time (ex. 20130828235959Z)</li>
+894  * <li>number - UNIX origin time (seconds from 1970-01-01 00:00:00) (ex. 1377714748)</li>
+895  * </ul>
+896  */
+897 KJUR.jws.IntDate.get = function(s) {
+898     if (s == "now") {
+899 	return KJUR.jws.IntDate.getNow();
+900     } else if (s == "now + 1hour") {
+901 	return KJUR.jws.IntDate.getNow() + 60 * 60;
+902     } else if (s == "now + 1day") {
+903 	return KJUR.jws.IntDate.getNow() + 60 * 60 * 24;
+904     } else if (s == "now + 1month") {
+905 	return KJUR.jws.IntDate.getNow() + 60 * 60 * 24 * 30;
+906     } else if (s == "now + 1year") {
+907 	return KJUR.jws.IntDate.getNow() + 60 * 60 * 24 * 365;
+908     } else if (s.match(/Z$/)) {
+909 	return KJUR.jws.IntDate.getZulu(s);
+910     } else if (s.match(/^[0-9]+$/)) {
+911 	return parseInt(s);
+912     }
+913     throw "unsupported format: " + s;
 914 };
 915 
 916 /**
-917  * get UTC time string from UNIX origin time value
-918  * @name intDate2Zulu
+917  * get UNIX origin time from Zulu time representation string
+918  * @name getZulu
 919  * @memberOf KJUR.jws.IntDate
 920  * @function
 921  * @static
-922  * @param {Integer} intDate UNIX origin time value (ex. 1478...)
-923  * @return {String} Zulu time string
+922  * @param {String} s string of Zulu time representation (ex. 20151012125959Z)
+923  * @return {Integer} UNIX origin time in seconds for argument 's'
 924  * @since jws 3.0.1
-925  * @description
-926  * This method provides Zulu time string for UNIX origin time value.
-927  * @example
-928  * KJUR.jws.IntDate.intDate2UTCString(1478...) => "20151012...Z"
-929  */
-930 KJUR.jws.IntDate.intDate2Zulu = function(intDate) {
-931     var d = new Date(intDate * 1000);
-932     var year = ("0000" + d.getUTCFullYear()).slice(-4);    
-933     var mon =  ("00" + (d.getUTCMonth() + 1)).slice(-2);    
-934     var day =  ("00" + d.getUTCDate()).slice(-2);    
-935     var hour = ("00" + d.getUTCHours()).slice(-2);    
-936     var min =  ("00" + d.getUTCMinutes()).slice(-2);    
-937     var sec =  ("00" + d.getUTCSeconds()).slice(-2);    
-938     return year + mon + day + hour + min + sec + "Z";
-939 };
-940 
-941 
\ No newline at end of file +925 * @throws "unsupported format: s" when malformed format +926 * @description +927 * This method provides UNIX origin time from Zulu time. +928 * Following representations are supported: +929 * <ul> +930 * <li>YYYYMMDDHHmmSSZ - GeneralizedTime format</li> +931 * <li>YYMMDDHHmmSSZ - UTCTime format. If YY is greater or equal to +932 * 50 then it represents 19YY otherwise 20YY.</li> +933 * </ul> +934 * @example +935 * KJUR.jws.IntDate.getZulu("20151012125959Z") => 1478... +936 * KJUR.jws.IntDate.getZulu("151012125959Z") => 1478... +937 */
+938 KJUR.jws.IntDate.getZulu = function(s) { +939 var a; +940 if (a = s.match(/(\d+)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z/)) { +941 var sYear = RegExp.$1; +942 var year = parseInt(sYear); +943 if (sYear.length == 4) { +944 } else if (sYear.length == 2) { +945 if (50 <= year && year < 100) { +946 year = 1900 + year; +947 } else if (0 <= year && year < 50) { +948 year = 2000 + year; +949 } else { +950 throw "malformed year string for UTCTime"; +951 } +952 } else { +953 throw "malformed year string"; +954 } +955 var month = parseInt(RegExp.$2) - 1; +956 var day = parseInt(RegExp.$3); +957 var hour = parseInt(RegExp.$4); +958 var min = parseInt(RegExp.$5); +959 var sec = parseInt(RegExp.$6); +960 var d = new Date(Date.UTC(year, month, day, hour, min, sec)); +961 return ~~(d / 1000); +962 } +963 throw "unsupported format: " + s; +964 }; +965 +966 /** +967 * get UNIX origin time of current time +968 * @name getNow +969 * @memberOf KJUR.jws.IntDate +970 * @function +971 * @static +972 * @return {Integer} UNIX origin time for current time +973 * @since jws 3.0.1 +974 * @description +975 * This method provides UNIX origin time for current time +976 * @example +977 * KJUR.jws.IntDate.getNow() => 1478... +978 */ +979 KJUR.jws.IntDate.getNow = function() { +980 var d = ~~(new Date() / 1000); +981 return d; +982 }; +983 +984 /** +985 * get UTC time string from UNIX origin time value +986 * @name intDate2UTCString +987 * @memberOf KJUR.jws.IntDate +988 * @function +989 * @static +990 * @param {Integer} intDate UNIX origin time value (ex. 1478...) +991 * @return {String} UTC time string +992 * @since jws 3.0.1 +993 * @description +994 * This method provides UTC time string for UNIX origin time value. +995 * @example +996 * KJUR.jws.IntDate.intDate2UTCString(1478...) => "2015 Oct ..." +997 */ +998 KJUR.jws.IntDate.intDate2UTCString = function(intDate) { +999 var d = new Date(intDate * 1000); +1000 return d.toUTCString(); +1001 }; +1002 +1003 /** +1004 * get UTC time string from UNIX origin time value +1005 * @name intDate2Zulu +1006 * @memberOf KJUR.jws.IntDate +1007 * @function +1008 * @static +1009 * @param {Integer} intDate UNIX origin time value (ex. 1478...) +1010 * @return {String} Zulu time string +1011 * @since jws 3.0.1 +1012 * @description +1013 * This method provides Zulu time string for UNIX origin time value. +1014 * @example +1015 * KJUR.jws.IntDate.intDate2UTCString(1478...) => "20151012...Z" +1016 */ +1017 KJUR.jws.IntDate.intDate2Zulu = function(intDate) { +1018 var d = new Date(intDate * 1000); +1019 var year = ("0000" + d.getUTCFullYear()).slice(-4); +1020 var mon = ("00" + (d.getUTCMonth() + 1)).slice(-2); +1021 var day = ("00" + d.getUTCDate()).slice(-2); +1022 var hour = ("00" + d.getUTCHours()).slice(-2); +1023 var min = ("00" + d.getUTCMinutes()).slice(-2); +1024 var sec = ("00" + d.getUTCSeconds()).slice(-2); +1025 return year + mon + day + hour + min + sec + "Z"; +1026 }; +1027 +1028
\ No newline at end of file diff --git a/asn1-1.0.js b/asn1-1.0.js index 52f9c8ac..88e548c3 100644 --- a/asn1-1.0.js +++ b/asn1-1.0.js @@ -1,4 +1,4 @@ -/*! asn1-1.0.8.js (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! asn1-1.0.9.js (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * asn1.js - ASN.1 DER encoder classes @@ -16,7 +16,7 @@ * @fileOverview * @name asn1-1.0.js * @author Kenji Urushima kenji.urushima@gmail.com - * @version asn1 1.0.8 (2015-Sep-13) + * @version asn1 1.0.9 (2015-Nov-26) * @since jsrsasign 2.1 * @license MIT License */ @@ -1320,15 +1320,15 @@ KJUR.asn1.DERUTCTime = function(params) { return this.hV; }; - if (typeof params != "undefined") { - if (typeof params['str'] != "undefined") { - this.setString(params['str']); + if (params !== undefined) { + if (params.str !== undefined) { + this.setString(params.str); } else if (typeof params == "string" && params.match(/^[0-9]{12}Z$/)) { this.setString(params); - } else if (typeof params['hex'] != "undefined") { - this.setStringHex(params['hex']); - } else if (typeof params['date'] != "undefined") { - this.setByDate(params['date']); + } else if (params.hex !== undefined) { + this.setStringHex(params.hex); + } else if (params.date !== undefined) { + this.setByDate(params.date); } } }; @@ -1381,7 +1381,7 @@ KJUR.asn1.DERGeneralizedTime = function(params) { }; this.getFreshValueHex = function() { - if (typeof this.date == "undefined" && typeof this.s == "undefined") { + if (this.date === undefined && this.s === undefined) { this.date = new Date(); this.s = this.formatDate(this.date, 'gen', this.withMillis); this.hV = stohex(this.s); @@ -1389,16 +1389,17 @@ KJUR.asn1.DERGeneralizedTime = function(params) { return this.hV; }; - if (typeof params != "undefined") { - if (typeof params['str'] != "undefined") { - this.setString(params['str']); + if (params !== undefined) { + if (params.str !== undefined) { + this.setString(params.str); } else if (typeof params == "string" && params.match(/^[0-9]{14}Z$/)) { this.setString(params); - } else if (typeof params['hex'] != "undefined") { - this.setStringHex(params['hex']); - } else if (typeof params['date'] != "undefined") { - this.setByDate(params['date']); - } else if (params.millis === true) { + } else if (params.hex !== undefined) { + this.setStringHex(params.hex); + } else if (params.date !== undefined) { + this.setByDate(params.date); + } + if (params.millis === true) { this.withMillis = true; } } diff --git a/asn1-1.0.min.js b/asn1-1.0.min.js index 8f6d93cb..884efb03 100644 --- a/asn1-1.0.min.js +++ b/asn1-1.0.min.js @@ -1,3 +1,3 @@ -/*! asn1-1.0.8.js (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! asn1-1.0.9.js (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license */ -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw"ASN.1 length too long to represent by 8x: n = "+i.toString(16)}var f=128+g;return f.toString(16)+h}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(this.s)};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(f){utc=f.getTime()+(f.getTimezoneOffset()*60000);var e=new Date(utc);return e};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";this.hTLV="0101ff"};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(a){KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(b){this.hTLV=null;this.isModified=true;this.hV=b};this.setUnusedBitsAndHexValue=function(b,d){if(b<0||715){throw"ASN.1 length too long to represent by 8x: n = "+i.toString(16)}var f=128+g;return f.toString(16)+h}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(this.s)};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(f){utc=f.getTime()+(f.getTimezoneOffset()*60000);var e=new Date(utc);return e};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";this.hTLV="0101ff"};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(a){KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(b){this.hTLV=null;this.isModified=true;this.hV=b};this.setUnusedBitsAndHexValue=function(b,d){if(b<0||7a.length){d=a.length}for(var b=0;bg.length){g.unshift(0)}}return g};var a=this.getX().toBigInteger();var e=this.getY().toBigInteger();var b=d(a,32);if(c){if(e.isEven()){b.unshift(2)}else{b.unshift(3)}}else{b.unshift(4);b=b.concat(d(e,32))}return b};ECPointFp.decodeFrom=function(g,c){var f=c[0];var e=c.length-1;var d=c.slice(1,1+e/2);var b=c.slice(1+e/2,1+e);d.unshift(0);b.unshift(0);var a=new BigInteger(d);var h=new BigInteger(b);return new ECPointFp(g,g.fromBigInteger(a),g.fromBigInteger(h))};ECPointFp.decodeFromHex=function(g,c){var f=c.substr(0,2);var e=c.length-2;var d=c.substr(2,e/2);var b=c.substr(2+e/2,e/2);var a=new BigInteger(d,16);var h=new BigInteger(b,16);return new ECPointFp(g,g.fromBigInteger(a),g.fromBigInteger(h))};ECPointFp.prototype.add2D=function(c){if(this.isInfinity()){return c}if(c.isInfinity()){return this}if(this.x.equals(c.x)){if(this.y.equals(c.y)){return this.twice()}return this.curve.getInfinity()}var g=c.x.subtract(this.x);var e=c.y.subtract(this.y);var a=e.divide(g);var d=a.square().subtract(this.x).subtract(c.x);var f=a.multiply(this.x.subtract(d)).subtract(this.y);return new ECPointFp(this.curve,d,f)};ECPointFp.prototype.twice2D=function(){if(this.isInfinity()){return this}if(this.y.toBigInteger().signum()==0){return this.curve.getInfinity()}var b=this.curve.fromBigInteger(BigInteger.valueOf(2));var e=this.curve.fromBigInteger(BigInteger.valueOf(3));var a=this.x.square().multiply(e).add(this.curve.a).divide(this.y.multiply(b));var c=a.square().subtract(this.x.multiply(b));var d=a.multiply(this.x.subtract(c)).subtract(this.y);return new ECPointFp(this.curve,c,d)};ECPointFp.prototype.multiply2D=function(b){if(this.isInfinity()){return this}if(b.signum()==0){return this.curve.getInfinity()}var g=b;var f=g.multiply(new BigInteger("3"));var l=this.negate();var d=this;var c;for(c=f.bitLength()-2;c>0;--c){d=d.twice();var a=f.testBit(c);var j=g.testBit(c);if(a!=j){d=d.add2D(a?this:l)}}return d};ECPointFp.prototype.isOnCurve=function(){var d=this.getX().toBigInteger();var i=this.getY().toBigInteger();var f=this.curve.getA().toBigInteger();var c=this.curve.getB().toBigInteger();var h=this.curve.getQ();var e=i.multiply(i).mod(h);var g=d.multiply(d).multiply(d).add(f.multiply(d)).add(c).mod(h);return e.equals(g)};ECPointFp.prototype.toString=function(){return"("+this.getX().toBigInteger().toString()+","+this.getY().toBigInteger().toString()+")"};ECPointFp.prototype.validate=function(){var c=this.curve.getQ();if(this.isInfinity()){throw new Error("Point is at infinity.")}var a=this.getX().toBigInteger();var b=this.getY().toBigInteger();if(a.compareTo(BigInteger.ONE)<0||a.compareTo(c.subtract(BigInteger.ONE))>0){throw new Error("x coordinate out of bounds")}if(b.compareTo(BigInteger.ONE)<0||b.compareTo(c.subtract(BigInteger.ONE))>0){throw new Error("y coordinate out of bounds")}if(!this.isOnCurve()){throw new Error("Point is not on the curve.")}if(this.multiply(c).isInfinity()){throw new Error("Point is not a scalar multiple of G.")}return true}; -/*! asn1-1.0.8.js (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! asn1-1.0.9.js (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license */ -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw"ASN.1 length too long to represent by 8x: n = "+i.toString(16)}var f=128+g;return f.toString(16)+h}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(this.s)};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(f){utc=f.getTime()+(f.getTimezoneOffset()*60000);var e=new Date(utc);return e};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";this.hTLV="0101ff"};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(a){KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(b){this.hTLV=null;this.isModified=true;this.hV=b};this.setUnusedBitsAndHexValue=function(b,d){if(b<0||715){throw"ASN.1 length too long to represent by 8x: n = "+i.toString(16)}var f=128+g;return f.toString(16)+h}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(this.s)};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(f){utc=f.getTime()+(f.getTimezoneOffset()*60000);var e=new Date(utc);return e};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";this.hTLV="0101ff"};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(a){KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(b){this.hTLV=null;this.isModified=true;this.hV=b};this.setUnusedBitsAndHexValue=function(b,d){if(b<0||7=(b*2))){break}if(d>=200){break}c.push(e);g=e;d++}return c};this.getNthChildIndex_AtObj=function(d,b,e){var c=this.getPosArrayOfChildren_AtObj(d,b);return c[e]};this.getDecendantIndexByNthList=function(e,d,c){if(c.length==0){return d}var f=c.shift();var b=this.getPosArrayOfChildren_AtObj(e,d);return this.getDecendantIndexByNthList(e,b[f],c)};this.getDecendantHexTLVByNthList=function(d,c,b){var a=this.getDecendantIndexByNthList(d,c,b);return this.getHexOfTLV_AtObj(d,a)};this.getDecendantHexVByNthList=function(d,c,b){var a=this.getDecendantIndexByNthList(d,c,b);return this.getHexOfV_AtObj(d,a)}};ASN1HEX.getVbyList=function(d,c,b,e){var a=this.getDecendantIndexByNthList(d,c,b);if(a===undefined){throw"can't find nthList object"}if(e!==undefined){if(d.substr(a,2)!=e){throw"checking tag doesn't match: "+d.substr(a,2)+"!="+e}}return this.getHexOfV_AtObj(d,a)};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(e,c,k,g){var o=function(w,i){if(w.length<=i*2){return w}else{var v=w.substr(0,i)+"..(total "+w.length/2+"bytes).."+w.substr(w.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(k===undefined){k=0}if(g===undefined){g=""}var r=c.ommit_long_octet;if(e.substr(k,2)=="01"){var h=ASN1HEX.getHexOfV_AtObj(e,k);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(e.substr(k,2)=="02"){var h=ASN1HEX.getHexOfV_AtObj(e,k);return g+"INTEGER "+o(h,r)+"\n"}if(e.substr(k,2)=="03"){var h=ASN1HEX.getHexOfV_AtObj(e,k);return g+"BITSTRING "+o(h,r)+"\n"}if(e.substr(k,2)=="04"){var h=ASN1HEX.getHexOfV_AtObj(e,k);if(ASN1HEX.isASN1HEX(h)){var j=g+"OCTETSTRING, encapsulates\n";j=j+ASN1HEX.dump(h,c,0,g+" ");return j}else{return g+"OCTETSTRING "+o(h,r)+"\n"}}if(e.substr(k,2)=="05"){return g+"NULL\n"}if(e.substr(k,2)=="06"){var l=ASN1HEX.getHexOfV_AtObj(e,k);var a=KJUR.asn1.ASN1Util.oidHexToInt(l);var n=KJUR.asn1.x509.OID.oid2name(a);var b=a.replace(/\./g," ");if(n!=""){return g+"ObjectIdentifier "+n+" ("+b+")\n"}else{return g+"ObjectIdentifier ("+b+")\n"}}if(e.substr(k,2)=="0c"){return g+"UTF8String '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="13"){return g+"PrintableString '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="14"){return g+"TeletexString '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="16"){return g+"IA5String '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="17"){return g+"UTCTime "+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"\n"}if(e.substr(k,2)=="18"){return g+"GeneralizedTime "+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"\n"}if(e.substr(k,2)=="30"){if(e.substr(k,4)=="3000"){return g+"SEQUENCE {}\n"}var j=g+"SEQUENCE\n";var d=ASN1HEX.getPosArrayOfChildren_AtObj(e,k);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var t=ASN1HEX.getHexOfV_AtObj(e,d[0]);var a=KJUR.asn1.ASN1Util.oidHexToInt(t);var n=KJUR.asn1.x509.OID.oid2name(a);var p=JSON.parse(JSON.stringify(c));p.x509ExtName=n;f=p}for(var q=0;qa.length){d=a.length}for(var b=0;b=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); -/*! jws-3.3.2 (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! jws-3.3.3 (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license */ -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.jws=="undefined"||!KJUR.jws){KJUR.jws={}}KJUR.jws.JWS=function(){var b=KJUR.jws.JWS;this.parseJWS=function(f,h){if((this.parsedJWS!==undefined)&&(h||(this.parsedJWS.sigvalH!==undefined))){return}if(f.match(/^([^.]+)\.([^.]+)\.([^.]+)$/)==null){throw"JWS signature is not a form of 'Head.Payload.SigValue'."}var i=RegExp.$1;var d=RegExp.$2;var j=RegExp.$3;var l=i+"."+d;this.parsedJWS={};this.parsedJWS.headB64U=i;this.parsedJWS.payloadB64U=d;this.parsedJWS.sigvalB64U=j;this.parsedJWS.si=l;if(!h){var g=b64utohex(j);var e=parseBigInt(g,16);this.parsedJWS.sigvalH=g;this.parsedJWS.sigvalBI=e}var c=b64utoutf8(i);var k=b64utoutf8(d);this.parsedJWS.headS=c;this.parsedJWS.payloadS=k;if(!b.isSafeJSONString(c,this.parsedJWS,"headP")){throw"malformed JSON string for JWS Head: "+c}}};KJUR.jws.JWS.sign=function(b,j,d,n,m){var l=KJUR.jws.JWS;var r,f,k;if(typeof j!="string"&&typeof j!="object"){throw"spHeader must be JSON string or object: "+j}if(typeof j=="object"){f=j;r=JSON.stringify(f)}if(typeof j=="string"){r=j;if(!l.isSafeJSONString(r)){throw"JWS Head is not safe JSON string: "+r}f=l.readSafeJSONString(r)}k=d;if(typeof d=="object"){k=JSON.stringify(d)}if((b==""||b==null)&&f.alg!==undefined){b=f.alg}if((b!=""&&b!=null)&&f.alg===undefined){f.alg=b;r=JSON.stringify(f)}if(b!==f.alg){throw"alg and sHeader.alg doesn't match: "+b+"!="+f.alg}var e=null;if(l.jwsalg2sigalg[b]===undefined){throw"unsupported alg name: "+b}else{e=l.jwsalg2sigalg[b]}var c=utf8tob64u(r);var h=utf8tob64u(k);var p=c+"."+h;var o="";if(e.substr(0,4)=="Hmac"){if(n===undefined){throw"mac key shall be specified for HS* alg"}var i=new KJUR.crypto.Mac({alg:e,prov:"cryptojs",pass:n});i.updateString(p);o=i.doFinal()}else{if(e.indexOf("withECDSA")!=-1){var q=new KJUR.crypto.Signature({alg:e});q.init(n,m);q.updateString(p);hASN1Sig=q.sign();o=KJUR.crypto.ECDSA.asn1SigToConcatSig(hASN1Sig)}else{if(e!="none"){var q=new KJUR.crypto.Signature({alg:e});q.init(n,m);q.updateString(p);o=q.sign()}}}var g=hextob64u(o);return p+"."+g};KJUR.jws.JWS.verify=function(p,t,j){var m=KJUR.jws.JWS;var q=p.split(".");var d=q[0];var l=q[1];var b=d+"."+l;var r=b64utohex(q[2]);var i=m.readSafeJSONString(b64utoutf8(q[0]));var h=null;var s=null;if(i.alg===undefined){throw"algorithm not specified in header"}else{h=i.alg;s=h.substr(0,2)}if(j!=null&&Object.prototype.toString.call(j)==="[object Array]"&&j.length>0){var c=":"+j.join(":")+":";if(c.indexOf(":"+h+":")==-1){throw"algorithm '"+h+"' not accepted in the list"}}if(h!="none"&&t===null){throw"key shall be specified to verify."}if(typeof t=="string"&&t.indexOf("-----BEGIN ")!=-1){t=KEYUTIL.getKey(t)}if(s=="RS"||s=="PS"){if(!(t instanceof RSAKey)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(s=="ES"){if(!(t instanceof KJUR.crypto.ECDSA)){throw"key shall be a ECDSA obj for ES* algs"}}if(h=="none"){}var n=null;if(m.jwsalg2sigalg[i.alg]===undefined){throw"unsupported alg name: "+h}else{n=m.jwsalg2sigalg[h]}if(n=="none"){throw"not supported"}else{if(n.substr(0,4)=="Hmac"){var k=null;if(t===undefined){throw"hexadecimal key shall be specified for HMAC"}var g=new KJUR.crypto.Mac({alg:n,pass:t});g.updateString(b);k=g.doFinal();return r==k}else{if(n.indexOf("withECDSA")!=-1){var f=null;try{f=KJUR.crypto.ECDSA.concatSigToASN1Sig(r)}catch(o){return false}var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(f)}else{var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(r)}}}};KJUR.jws.JWS.verifyJWT=function(d,j,l){var h=KJUR.jws.JWS;var i=d.split(".");var c=i[0];var g=i[1];var m=c+"."+g;var k=b64utohex(i[2]);var f=h.readSafeJSONString(b64utoutf8(c));var e=h.readSafeJSONString(b64utoutf8(g));if(f.alg===undefined){return false}if(l.alg===undefined){throw"acceptField.alg shall be specified"}if(!h.inArray(f.alg,l.alg)){return false}if(e.iss!==undefined&&typeof l.iss==="object"){if(!h.inArray(e.iss,l.iss)){return false}}if(e.sub!==undefined&&typeof l.sub==="object"){if(!h.inArray(e.sub,l.sub)){return false}}if(e.aud!==undefined&&typeof l.aud==="object"){if(typeof e.aud=="string"){if(!h.inArray(e.aud,l.aud)){return false}}else{if(typeof e.aud=="object"){if(!h.includedArray(e.aud,l.aud)){return false}}}}var b=KJUR.jws.IntDate.getNow();if(l.verifyAt!==undefined&&typeof l.verifyAt=="number"){b=l.verifyAt}if(e.exp!==undefined&&typeof e.exp=="number"){if(e.exp0){var c=":"+j.join(":")+":";if(c.indexOf(":"+h+":")==-1){throw"algorithm '"+h+"' not accepted in the list"}}if(h!="none"&&t===null){throw"key shall be specified to verify."}if(typeof t=="string"&&t.indexOf("-----BEGIN ")!=-1){t=KEYUTIL.getKey(t)}if(s=="RS"||s=="PS"){if(!(t instanceof RSAKey)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(s=="ES"){if(!(t instanceof KJUR.crypto.ECDSA)){throw"key shall be a ECDSA obj for ES* algs"}}if(h=="none"){}var n=null;if(m.jwsalg2sigalg[i.alg]===undefined){throw"unsupported alg name: "+h}else{n=m.jwsalg2sigalg[h]}if(n=="none"){throw"not supported"}else{if(n.substr(0,4)=="Hmac"){var k=null;if(t===undefined){throw"hexadecimal key shall be specified for HMAC"}var g=new KJUR.crypto.Mac({alg:n,pass:t});g.updateString(b);k=g.doFinal();return r==k}else{if(n.indexOf("withECDSA")!=-1){var f=null;try{f=KJUR.crypto.ECDSA.concatSigToASN1Sig(r)}catch(o){return false}var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(f)}else{var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(r)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(d,j,l){var h=KJUR.jws.JWS;var i=d.split(".");var c=i[0];var g=i[1];var m=c+"."+g;var k=b64utohex(i[2]);var f=h.readSafeJSONString(b64utoutf8(c));var e=h.readSafeJSONString(b64utoutf8(g));if(f.alg===undefined){return false}if(l.alg===undefined){throw"acceptField.alg shall be specified"}if(!h.inArray(f.alg,l.alg)){return false}if(e.iss!==undefined&&typeof l.iss==="object"){if(!h.inArray(e.iss,l.iss)){return false}}if(e.sub!==undefined&&typeof l.sub==="object"){if(!h.inArray(e.sub,l.sub)){return false}}if(e.aud!==undefined&&typeof l.aud==="object"){if(typeof e.aud=="string"){if(!h.inArray(e.aud,l.aud)){return false}}else{if(typeof e.aud=="object"){if(!h.includedArray(e.aud,l.aud)){return false}}}}var b=KJUR.jws.IntDate.getNow();if(l.verifyAt!==undefined&&typeof l.verifyAt=="number"){b=l.verifyAt}if(e.exp!==undefined&&typeof e.exp=="number"){if(e.expMIT License */ @@ -461,6 +461,72 @@ KJUR.jws.JWS.verify = function(sJWS, key, acceptAlgs) { } }; +/** + * parse header and payload of JWS signature
+ * @name parse + * @memberOf KJUR.jws.JWS + * @function + * @static + * @param {String} sJWS string of JWS signature to parse + * @return {Array} associative array of parsed header and payload. See below. + * @throws if sJWS is malformed JWS signature + * @since jws 3.3.3 + * @description + * This method parses JWS signature string. + * Resulted associative array has following properties: + *
    + *
  • headerObj - JSON object of header
  • + *
  • payloadObj - JSON object of payload if payload is JSON string otherwise undefined
  • + *
  • headerPP - pretty printed JSON header by stringify
  • + *
  • payloadPP - pretty printed JSON payload by stringify if payload is JSON otherwise Base64URL decoded raw string of payload
  • + *
  • sigHex - hexadecimal string of signature
  • + *
+ * @example + * KJUR.jws.JWS.parse(sJWS) -> + * { + * headerObj: {"alg": "RS256", "typ": "JWS"}, + * payloadObj: {"product": "orange", "quantity": 100}, + * headerPP: + * '{ + * "alg": "RS256", + * "typ": "JWS" + * }', + * payloadPP: + * '{ + * "product": "orange", + * "quantity": 100 + * }', + * sigHex: "91f3cd..." + * } + */ +KJUR.jws.JWS.parse = function(sJWS) { + var a = sJWS.split("."); + var result = {}; + var uHeader, uPayload, uSig; + if (a.length != 2 && a.length != 3) + throw "malformed sJWS: wrong number of '.' splitted elements"; + + uHeader = a[0]; + uPayload = a[1]; + if (a.length == 3) uSig = a[2]; + + result.headerObj = KJUR.jws.JWS.readSafeJSONString(b64utoutf8(uHeader)); + result.payloadObj = KJUR.jws.JWS.readSafeJSONString(b64utoutf8(uPayload)); + + result.headerPP = JSON.stringify(result.headerObj, null, " "); + if (result.payloadObj == null) { + result.payloadPP = b64utoutf8(uPayload); + } else { + result.payloadPP = JSON.stringify(result.payloadObj, null, " "); + } + + if (uSig !== undefined) { + result.sigHex = b64utohex(uSig); + } + + return result; +}; + /** * @name verifyJWT * @memberOf KJUR.jws.JWS @@ -668,7 +734,7 @@ KJUR.jws.JWS.jwsalg2sigalg = { "none": "none", }; -// === utility static method ====================================================== +// === utility static method ================================================== /** * check whether a String "s" is a safe JSON string or not.
@@ -859,12 +925,33 @@ KJUR.jws.IntDate.get = function(s) { * @throws "unsupported format: s" when malformed format * @description * This method provides UNIX origin time from Zulu time. + * Following representations are supported: + *
    + *
  • YYYYMMDDHHmmSSZ - GeneralizedTime format
  • + *
  • YYMMDDHHmmSSZ - UTCTime format. If YY is greater or equal to + * 50 then it represents 19YY otherwise 20YY.
  • + *
* @example * KJUR.jws.IntDate.getZulu("20151012125959Z") => 1478... + * KJUR.jws.IntDate.getZulu("151012125959Z") => 1478... */ KJUR.jws.IntDate.getZulu = function(s) { - if (a = s.match(/(\d{4})(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z/)) { - var year = parseInt(RegExp.$1); + var a; + if (a = s.match(/(\d+)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z/)) { + var sYear = RegExp.$1; + var year = parseInt(sYear); + if (sYear.length == 4) { + } else if (sYear.length == 2) { + if (50 <= year && year < 100) { + year = 1900 + year; + } else if (0 <= year && year < 50) { + year = 2000 + year; + } else { + throw "malformed year string for UTCTime"; + } + } else { + throw "malformed year string"; + } var month = parseInt(RegExp.$2) - 1; var day = parseInt(RegExp.$3); var hour = parseInt(RegExp.$4); diff --git a/jws-3.3.min.js b/jws-3.3.min.js index a8292f75..145229f0 100644 --- a/jws-3.3.min.js +++ b/jws-3.3.min.js @@ -1,3 +1,3 @@ -/*! jws-3.3.2 (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! jws-3.3.3 (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license */ -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.jws=="undefined"||!KJUR.jws){KJUR.jws={}}KJUR.jws.JWS=function(){var b=KJUR.jws.JWS;this.parseJWS=function(f,h){if((this.parsedJWS!==undefined)&&(h||(this.parsedJWS.sigvalH!==undefined))){return}if(f.match(/^([^.]+)\.([^.]+)\.([^.]+)$/)==null){throw"JWS signature is not a form of 'Head.Payload.SigValue'."}var i=RegExp.$1;var d=RegExp.$2;var j=RegExp.$3;var l=i+"."+d;this.parsedJWS={};this.parsedJWS.headB64U=i;this.parsedJWS.payloadB64U=d;this.parsedJWS.sigvalB64U=j;this.parsedJWS.si=l;if(!h){var g=b64utohex(j);var e=parseBigInt(g,16);this.parsedJWS.sigvalH=g;this.parsedJWS.sigvalBI=e}var c=b64utoutf8(i);var k=b64utoutf8(d);this.parsedJWS.headS=c;this.parsedJWS.payloadS=k;if(!b.isSafeJSONString(c,this.parsedJWS,"headP")){throw"malformed JSON string for JWS Head: "+c}}};KJUR.jws.JWS.sign=function(b,j,d,n,m){var l=KJUR.jws.JWS;var r,f,k;if(typeof j!="string"&&typeof j!="object"){throw"spHeader must be JSON string or object: "+j}if(typeof j=="object"){f=j;r=JSON.stringify(f)}if(typeof j=="string"){r=j;if(!l.isSafeJSONString(r)){throw"JWS Head is not safe JSON string: "+r}f=l.readSafeJSONString(r)}k=d;if(typeof d=="object"){k=JSON.stringify(d)}if((b==""||b==null)&&f.alg!==undefined){b=f.alg}if((b!=""&&b!=null)&&f.alg===undefined){f.alg=b;r=JSON.stringify(f)}if(b!==f.alg){throw"alg and sHeader.alg doesn't match: "+b+"!="+f.alg}var e=null;if(l.jwsalg2sigalg[b]===undefined){throw"unsupported alg name: "+b}else{e=l.jwsalg2sigalg[b]}var c=utf8tob64u(r);var h=utf8tob64u(k);var p=c+"."+h;var o="";if(e.substr(0,4)=="Hmac"){if(n===undefined){throw"mac key shall be specified for HS* alg"}var i=new KJUR.crypto.Mac({alg:e,prov:"cryptojs",pass:n});i.updateString(p);o=i.doFinal()}else{if(e.indexOf("withECDSA")!=-1){var q=new KJUR.crypto.Signature({alg:e});q.init(n,m);q.updateString(p);hASN1Sig=q.sign();o=KJUR.crypto.ECDSA.asn1SigToConcatSig(hASN1Sig)}else{if(e!="none"){var q=new KJUR.crypto.Signature({alg:e});q.init(n,m);q.updateString(p);o=q.sign()}}}var g=hextob64u(o);return p+"."+g};KJUR.jws.JWS.verify=function(p,t,j){var m=KJUR.jws.JWS;var q=p.split(".");var d=q[0];var l=q[1];var b=d+"."+l;var r=b64utohex(q[2]);var i=m.readSafeJSONString(b64utoutf8(q[0]));var h=null;var s=null;if(i.alg===undefined){throw"algorithm not specified in header"}else{h=i.alg;s=h.substr(0,2)}if(j!=null&&Object.prototype.toString.call(j)==="[object Array]"&&j.length>0){var c=":"+j.join(":")+":";if(c.indexOf(":"+h+":")==-1){throw"algorithm '"+h+"' not accepted in the list"}}if(h!="none"&&t===null){throw"key shall be specified to verify."}if(typeof t=="string"&&t.indexOf("-----BEGIN ")!=-1){t=KEYUTIL.getKey(t)}if(s=="RS"||s=="PS"){if(!(t instanceof RSAKey)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(s=="ES"){if(!(t instanceof KJUR.crypto.ECDSA)){throw"key shall be a ECDSA obj for ES* algs"}}if(h=="none"){}var n=null;if(m.jwsalg2sigalg[i.alg]===undefined){throw"unsupported alg name: "+h}else{n=m.jwsalg2sigalg[h]}if(n=="none"){throw"not supported"}else{if(n.substr(0,4)=="Hmac"){var k=null;if(t===undefined){throw"hexadecimal key shall be specified for HMAC"}var g=new KJUR.crypto.Mac({alg:n,pass:t});g.updateString(b);k=g.doFinal();return r==k}else{if(n.indexOf("withECDSA")!=-1){var f=null;try{f=KJUR.crypto.ECDSA.concatSigToASN1Sig(r)}catch(o){return false}var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(f)}else{var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(r)}}}};KJUR.jws.JWS.verifyJWT=function(d,j,l){var h=KJUR.jws.JWS;var i=d.split(".");var c=i[0];var g=i[1];var m=c+"."+g;var k=b64utohex(i[2]);var f=h.readSafeJSONString(b64utoutf8(c));var e=h.readSafeJSONString(b64utoutf8(g));if(f.alg===undefined){return false}if(l.alg===undefined){throw"acceptField.alg shall be specified"}if(!h.inArray(f.alg,l.alg)){return false}if(e.iss!==undefined&&typeof l.iss==="object"){if(!h.inArray(e.iss,l.iss)){return false}}if(e.sub!==undefined&&typeof l.sub==="object"){if(!h.inArray(e.sub,l.sub)){return false}}if(e.aud!==undefined&&typeof l.aud==="object"){if(typeof e.aud=="string"){if(!h.inArray(e.aud,l.aud)){return false}}else{if(typeof e.aud=="object"){if(!h.includedArray(e.aud,l.aud)){return false}}}}var b=KJUR.jws.IntDate.getNow();if(l.verifyAt!==undefined&&typeof l.verifyAt=="number"){b=l.verifyAt}if(e.exp!==undefined&&typeof e.exp=="number"){if(e.exp0){var c=":"+j.join(":")+":";if(c.indexOf(":"+h+":")==-1){throw"algorithm '"+h+"' not accepted in the list"}}if(h!="none"&&t===null){throw"key shall be specified to verify."}if(typeof t=="string"&&t.indexOf("-----BEGIN ")!=-1){t=KEYUTIL.getKey(t)}if(s=="RS"||s=="PS"){if(!(t instanceof RSAKey)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(s=="ES"){if(!(t instanceof KJUR.crypto.ECDSA)){throw"key shall be a ECDSA obj for ES* algs"}}if(h=="none"){}var n=null;if(m.jwsalg2sigalg[i.alg]===undefined){throw"unsupported alg name: "+h}else{n=m.jwsalg2sigalg[h]}if(n=="none"){throw"not supported"}else{if(n.substr(0,4)=="Hmac"){var k=null;if(t===undefined){throw"hexadecimal key shall be specified for HMAC"}var g=new KJUR.crypto.Mac({alg:n,pass:t});g.updateString(b);k=g.doFinal();return r==k}else{if(n.indexOf("withECDSA")!=-1){var f=null;try{f=KJUR.crypto.ECDSA.concatSigToASN1Sig(r)}catch(o){return false}var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(f)}else{var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(r)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(d,j,l){var h=KJUR.jws.JWS;var i=d.split(".");var c=i[0];var g=i[1];var m=c+"."+g;var k=b64utohex(i[2]);var f=h.readSafeJSONString(b64utoutf8(c));var e=h.readSafeJSONString(b64utoutf8(g));if(f.alg===undefined){return false}if(l.alg===undefined){throw"acceptField.alg shall be specified"}if(!h.inArray(f.alg,l.alg)){return false}if(e.iss!==undefined&&typeof l.iss==="object"){if(!h.inArray(e.iss,l.iss)){return false}}if(e.sub!==undefined&&typeof l.sub==="object"){if(!h.inArray(e.sub,l.sub)){return false}}if(e.aud!==undefined&&typeof l.aud==="object"){if(typeof e.aud=="string"){if(!h.inArray(e.aud,l.aud)){return false}}else{if(typeof e.aud=="object"){if(!h.includedArray(e.aud,l.aud)){return false}}}}var b=KJUR.jws.IntDate.getNow();if(l.verifyAt!==undefined&&typeof l.verifyAt=="number"){b=l.verifyAt}if(e.exp!==undefined&&typeof e.exp=="number"){if(e.expg.length){g.unshift(0)}}return g};var a=this.getX().toBigInteger();var e=this.getY().toBigInteger();var b=d(a,32);if(c){if(e.isEven()){b.unshift(2)}else{b.unshift(3)}}else{b.unshift(4);b=b.concat(d(e,32))}return b};ECPointFp.decodeFrom=function(g,c){var f=c[0];var e=c.length-1;var d=c.slice(1,1+e/2);var b=c.slice(1+e/2,1+e);d.unshift(0);b.unshift(0);var a=new BigInteger(d);var h=new BigInteger(b);return new ECPointFp(g,g.fromBigInteger(a),g.fromBigInteger(h))};ECPointFp.decodeFromHex=function(g,c){var f=c.substr(0,2);var e=c.length-2;var d=c.substr(2,e/2);var b=c.substr(2+e/2,e/2);var a=new BigInteger(d,16);var h=new BigInteger(b,16);return new ECPointFp(g,g.fromBigInteger(a),g.fromBigInteger(h))};ECPointFp.prototype.add2D=function(c){if(this.isInfinity()){return c}if(c.isInfinity()){return this}if(this.x.equals(c.x)){if(this.y.equals(c.y)){return this.twice()}return this.curve.getInfinity()}var g=c.x.subtract(this.x);var e=c.y.subtract(this.y);var a=e.divide(g);var d=a.square().subtract(this.x).subtract(c.x);var f=a.multiply(this.x.subtract(d)).subtract(this.y);return new ECPointFp(this.curve,d,f)};ECPointFp.prototype.twice2D=function(){if(this.isInfinity()){return this}if(this.y.toBigInteger().signum()==0){return this.curve.getInfinity()}var b=this.curve.fromBigInteger(BigInteger.valueOf(2));var e=this.curve.fromBigInteger(BigInteger.valueOf(3));var a=this.x.square().multiply(e).add(this.curve.a).divide(this.y.multiply(b));var c=a.square().subtract(this.x.multiply(b));var d=a.multiply(this.x.subtract(c)).subtract(this.y);return new ECPointFp(this.curve,c,d)};ECPointFp.prototype.multiply2D=function(b){if(this.isInfinity()){return this}if(b.signum()==0){return this.curve.getInfinity()}var g=b;var f=g.multiply(new BigInteger("3"));var l=this.negate();var d=this;var c;for(c=f.bitLength()-2;c>0;--c){d=d.twice();var a=f.testBit(c);var j=g.testBit(c);if(a!=j){d=d.add2D(a?this:l)}}return d};ECPointFp.prototype.isOnCurve=function(){var d=this.getX().toBigInteger();var i=this.getY().toBigInteger();var f=this.curve.getA().toBigInteger();var c=this.curve.getB().toBigInteger();var h=this.curve.getQ();var e=i.multiply(i).mod(h);var g=d.multiply(d).multiply(d).add(f.multiply(d)).add(c).mod(h);return e.equals(g)};ECPointFp.prototype.toString=function(){return"("+this.getX().toBigInteger().toString()+","+this.getY().toBigInteger().toString()+")"};ECPointFp.prototype.validate=function(){var c=this.curve.getQ();if(this.isInfinity()){throw new Error("Point is at infinity.")}var a=this.getX().toBigInteger();var b=this.getY().toBigInteger();if(a.compareTo(BigInteger.ONE)<0||a.compareTo(c.subtract(BigInteger.ONE))>0){throw new Error("x coordinate out of bounds")}if(b.compareTo(BigInteger.ONE)<0||b.compareTo(c.subtract(BigInteger.ONE))>0){throw new Error("y coordinate out of bounds")}if(!this.isOnCurve()){throw new Error("Point is not on the curve.")}if(this.multiply(c).isInfinity()){throw new Error("Point is not a scalar multiple of G.")}return true}; -/*! asn1-1.0.8.js (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! asn1-1.0.9.js (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license */ -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.asn1=="undefined"||!KJUR.asn1){KJUR.asn1={}}KJUR.asn1.ASN1Util=new function(){this.integerToByteHex=function(a){var b=a.toString(16);if((b.length%2)==1){b="0"+b}return b};this.bigIntToMinTwosComplementsHex=function(j){var f=j.toString(16);if(f.substr(0,1)!="-"){if(f.length%2==1){f="0"+f}else{if(!f.match(/^[0-7]/)){f="00"+f}}}else{var a=f.substr(1);var e=a.length;if(e%2==1){e+=1}else{if(!f.match(/^[0-7]/)){e+=2}}var g="";for(var d=0;d15){throw"ASN.1 length too long to represent by 8x: n = "+i.toString(16)}var f=128+g;return f.toString(16)+h}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(this.s)};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(f){utc=f.getTime()+(f.getTimezoneOffset()*60000);var e=new Date(utc);return e};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";this.hTLV="0101ff"};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(a){KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(b){this.hTLV=null;this.isModified=true;this.hV=b};this.setUnusedBitsAndHexValue=function(b,d){if(b<0||715){throw"ASN.1 length too long to represent by 8x: n = "+i.toString(16)}var f=128+g;return f.toString(16)+h}};this.getEncodedHex=function(){if(this.hTLV==null||this.isModified){this.hV=this.getFreshValueHex();this.hL=this.getLengthHexFromValue();this.hTLV=this.hT+this.hL+this.hV;this.isModified=false}return this.hTLV};this.getValueHex=function(){this.getEncodedHex();return this.hV};this.getFreshValueHex=function(){return""}};KJUR.asn1.DERAbstractString=function(c){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var b=null;var a=null;this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(this.s)};this.setStringHex=function(d){this.hTLV=null;this.isModified=true;this.s=null;this.hV=d};this.getFreshValueHex=function(){return this.hV};if(typeof c!="undefined"){if(typeof c=="string"){this.setString(c)}else{if(typeof c.str!="undefined"){this.setString(c.str)}else{if(typeof c.hex!="undefined"){this.setStringHex(c.hex)}}}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractString,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractTime=function(c){KJUR.asn1.DERAbstractTime.superclass.constructor.call(this);var b=null;var a=null;this.localDateToUTC=function(f){utc=f.getTime()+(f.getTimezoneOffset()*60000);var e=new Date(utc);return e};this.formatDate=function(m,o,e){var g=this.zeroPadding;var n=this.localDateToUTC(m);var p=String(n.getFullYear());if(o=="utc"){p=p.substr(2,2)}var l=g(String(n.getMonth()+1),2);var q=g(String(n.getDate()),2);var h=g(String(n.getHours()),2);var i=g(String(n.getMinutes()),2);var j=g(String(n.getSeconds()),2);var r=p+l+q+h+i+j;if(e===true){var f=n.getMilliseconds();if(f!=0){var k=g(String(f),3);k=k.replace(/[0]+$/,"");r=r+"."+k}}return r+"Z"};this.zeroPadding=function(e,d){if(e.length>=d){return e}return new Array(d-e.length+1).join("0")+e};this.getString=function(){return this.s};this.setString=function(d){this.hTLV=null;this.isModified=true;this.s=d;this.hV=stohex(d)};this.setByDateValue=function(h,j,e,d,f,g){var i=new Date(Date.UTC(h,j-1,e,d,f,g,0));this.setByDate(i)};this.getFreshValueHex=function(){return this.hV}};YAHOO.lang.extend(KJUR.asn1.DERAbstractTime,KJUR.asn1.ASN1Object);KJUR.asn1.DERAbstractStructured=function(b){KJUR.asn1.DERAbstractString.superclass.constructor.call(this);var a=null;this.setByASN1ObjectArray=function(c){this.hTLV=null;this.isModified=true;this.asn1Array=c};this.appendASN1Object=function(c){this.hTLV=null;this.isModified=true;this.asn1Array.push(c)};this.asn1Array=new Array();if(typeof b!="undefined"){if(typeof b.array!="undefined"){this.asn1Array=b.array}}};YAHOO.lang.extend(KJUR.asn1.DERAbstractStructured,KJUR.asn1.ASN1Object);KJUR.asn1.DERBoolean=function(){KJUR.asn1.DERBoolean.superclass.constructor.call(this);this.hT="01";this.hTLV="0101ff"};YAHOO.lang.extend(KJUR.asn1.DERBoolean,KJUR.asn1.ASN1Object);KJUR.asn1.DERInteger=function(a){KJUR.asn1.DERInteger.superclass.constructor.call(this);this.hT="02";this.setByBigInteger=function(b){this.hTLV=null;this.isModified=true;this.hV=KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex(b)};this.setByInteger=function(c){var b=new BigInteger(String(c),10);this.setByBigInteger(b)};this.setValueHex=function(b){this.hV=b};this.getFreshValueHex=function(){return this.hV};if(typeof a!="undefined"){if(typeof a.bigint!="undefined"){this.setByBigInteger(a.bigint)}else{if(typeof a["int"]!="undefined"){this.setByInteger(a["int"])}else{if(typeof a=="number"){this.setByInteger(a)}else{if(typeof a.hex!="undefined"){this.setValueHex(a.hex)}}}}}};YAHOO.lang.extend(KJUR.asn1.DERInteger,KJUR.asn1.ASN1Object);KJUR.asn1.DERBitString=function(a){KJUR.asn1.DERBitString.superclass.constructor.call(this);this.hT="03";this.setHexValueIncludingUnusedBits=function(b){this.hTLV=null;this.isModified=true;this.hV=b};this.setUnusedBitsAndHexValue=function(b,d){if(b<0||7=(b*2))){break}if(d>=200){break}c.push(e);g=e;d++}return c};this.getNthChildIndex_AtObj=function(d,b,e){var c=this.getPosArrayOfChildren_AtObj(d,b);return c[e]};this.getDecendantIndexByNthList=function(e,d,c){if(c.length==0){return d}var f=c.shift();var b=this.getPosArrayOfChildren_AtObj(e,d);return this.getDecendantIndexByNthList(e,b[f],c)};this.getDecendantHexTLVByNthList=function(d,c,b){var a=this.getDecendantIndexByNthList(d,c,b);return this.getHexOfTLV_AtObj(d,a)};this.getDecendantHexVByNthList=function(d,c,b){var a=this.getDecendantIndexByNthList(d,c,b);return this.getHexOfV_AtObj(d,a)}};ASN1HEX.getVbyList=function(d,c,b,e){var a=this.getDecendantIndexByNthList(d,c,b);if(a===undefined){throw"can't find nthList object"}if(e!==undefined){if(d.substr(a,2)!=e){throw"checking tag doesn't match: "+d.substr(a,2)+"!="+e}}return this.getHexOfV_AtObj(d,a)};ASN1HEX.hextooidstr=function(e){var h=function(b,a){if(b.length>=a){return b}return new Array(a-b.length+1).join("0")+b};var l=[];var o=e.substr(0,2);var f=parseInt(o,16);l[0]=new String(Math.floor(f/40));l[1]=new String(f%40);var m=e.substr(2);var k=[];for(var g=0;g0){n=n+"."+j.join(".")}return n};ASN1HEX.dump=function(e,c,k,g){var o=function(w,i){if(w.length<=i*2){return w}else{var v=w.substr(0,i)+"..(total "+w.length/2+"bytes).."+w.substr(w.length-i,i);return v}};if(c===undefined){c={ommit_long_octet:32}}if(k===undefined){k=0}if(g===undefined){g=""}var r=c.ommit_long_octet;if(e.substr(k,2)=="01"){var h=ASN1HEX.getHexOfV_AtObj(e,k);if(h=="00"){return g+"BOOLEAN FALSE\n"}else{return g+"BOOLEAN TRUE\n"}}if(e.substr(k,2)=="02"){var h=ASN1HEX.getHexOfV_AtObj(e,k);return g+"INTEGER "+o(h,r)+"\n"}if(e.substr(k,2)=="03"){var h=ASN1HEX.getHexOfV_AtObj(e,k);return g+"BITSTRING "+o(h,r)+"\n"}if(e.substr(k,2)=="04"){var h=ASN1HEX.getHexOfV_AtObj(e,k);if(ASN1HEX.isASN1HEX(h)){var j=g+"OCTETSTRING, encapsulates\n";j=j+ASN1HEX.dump(h,c,0,g+" ");return j}else{return g+"OCTETSTRING "+o(h,r)+"\n"}}if(e.substr(k,2)=="05"){return g+"NULL\n"}if(e.substr(k,2)=="06"){var l=ASN1HEX.getHexOfV_AtObj(e,k);var a=KJUR.asn1.ASN1Util.oidHexToInt(l);var n=KJUR.asn1.x509.OID.oid2name(a);var b=a.replace(/\./g," ");if(n!=""){return g+"ObjectIdentifier "+n+" ("+b+")\n"}else{return g+"ObjectIdentifier ("+b+")\n"}}if(e.substr(k,2)=="0c"){return g+"UTF8String '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="13"){return g+"PrintableString '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="14"){return g+"TeletexString '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="16"){return g+"IA5String '"+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"'\n"}if(e.substr(k,2)=="17"){return g+"UTCTime "+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"\n"}if(e.substr(k,2)=="18"){return g+"GeneralizedTime "+hextoutf8(ASN1HEX.getHexOfV_AtObj(e,k))+"\n"}if(e.substr(k,2)=="30"){if(e.substr(k,4)=="3000"){return g+"SEQUENCE {}\n"}var j=g+"SEQUENCE\n";var d=ASN1HEX.getPosArrayOfChildren_AtObj(e,k);var f=c;if((d.length==2||d.length==3)&&e.substr(d[0],2)=="06"&&e.substr(d[d.length-1],2)=="04"){var t=ASN1HEX.getHexOfV_AtObj(e,d[0]);var a=KJUR.asn1.ASN1Util.oidHexToInt(t);var n=KJUR.asn1.x509.OID.oid2name(a);var p=JSON.parse(JSON.stringify(c));p.x509ExtName=n;f=p}for(var q=0;qa.length){d=a.length}for(var b=0;b=0;){delete D[n[A]]}}}return q.call(C,B,D)};x=s({"":x},"")}return x}})(); -/*! jws-3.3.2 (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license +/*! jws-3.3.3 (c) 2013-2015 Kenji Urushima | kjur.github.com/jsrsasign/license */ -if(typeof KJUR=="undefined"||!KJUR){KJUR={}}if(typeof KJUR.jws=="undefined"||!KJUR.jws){KJUR.jws={}}KJUR.jws.JWS=function(){var b=KJUR.jws.JWS;this.parseJWS=function(f,h){if((this.parsedJWS!==undefined)&&(h||(this.parsedJWS.sigvalH!==undefined))){return}if(f.match(/^([^.]+)\.([^.]+)\.([^.]+)$/)==null){throw"JWS signature is not a form of 'Head.Payload.SigValue'."}var i=RegExp.$1;var d=RegExp.$2;var j=RegExp.$3;var l=i+"."+d;this.parsedJWS={};this.parsedJWS.headB64U=i;this.parsedJWS.payloadB64U=d;this.parsedJWS.sigvalB64U=j;this.parsedJWS.si=l;if(!h){var g=b64utohex(j);var e=parseBigInt(g,16);this.parsedJWS.sigvalH=g;this.parsedJWS.sigvalBI=e}var c=b64utoutf8(i);var k=b64utoutf8(d);this.parsedJWS.headS=c;this.parsedJWS.payloadS=k;if(!b.isSafeJSONString(c,this.parsedJWS,"headP")){throw"malformed JSON string for JWS Head: "+c}}};KJUR.jws.JWS.sign=function(b,j,d,n,m){var l=KJUR.jws.JWS;var r,f,k;if(typeof j!="string"&&typeof j!="object"){throw"spHeader must be JSON string or object: "+j}if(typeof j=="object"){f=j;r=JSON.stringify(f)}if(typeof j=="string"){r=j;if(!l.isSafeJSONString(r)){throw"JWS Head is not safe JSON string: "+r}f=l.readSafeJSONString(r)}k=d;if(typeof d=="object"){k=JSON.stringify(d)}if((b==""||b==null)&&f.alg!==undefined){b=f.alg}if((b!=""&&b!=null)&&f.alg===undefined){f.alg=b;r=JSON.stringify(f)}if(b!==f.alg){throw"alg and sHeader.alg doesn't match: "+b+"!="+f.alg}var e=null;if(l.jwsalg2sigalg[b]===undefined){throw"unsupported alg name: "+b}else{e=l.jwsalg2sigalg[b]}var c=utf8tob64u(r);var h=utf8tob64u(k);var p=c+"."+h;var o="";if(e.substr(0,4)=="Hmac"){if(n===undefined){throw"mac key shall be specified for HS* alg"}var i=new KJUR.crypto.Mac({alg:e,prov:"cryptojs",pass:n});i.updateString(p);o=i.doFinal()}else{if(e.indexOf("withECDSA")!=-1){var q=new KJUR.crypto.Signature({alg:e});q.init(n,m);q.updateString(p);hASN1Sig=q.sign();o=KJUR.crypto.ECDSA.asn1SigToConcatSig(hASN1Sig)}else{if(e!="none"){var q=new KJUR.crypto.Signature({alg:e});q.init(n,m);q.updateString(p);o=q.sign()}}}var g=hextob64u(o);return p+"."+g};KJUR.jws.JWS.verify=function(p,t,j){var m=KJUR.jws.JWS;var q=p.split(".");var d=q[0];var l=q[1];var b=d+"."+l;var r=b64utohex(q[2]);var i=m.readSafeJSONString(b64utoutf8(q[0]));var h=null;var s=null;if(i.alg===undefined){throw"algorithm not specified in header"}else{h=i.alg;s=h.substr(0,2)}if(j!=null&&Object.prototype.toString.call(j)==="[object Array]"&&j.length>0){var c=":"+j.join(":")+":";if(c.indexOf(":"+h+":")==-1){throw"algorithm '"+h+"' not accepted in the list"}}if(h!="none"&&t===null){throw"key shall be specified to verify."}if(typeof t=="string"&&t.indexOf("-----BEGIN ")!=-1){t=KEYUTIL.getKey(t)}if(s=="RS"||s=="PS"){if(!(t instanceof RSAKey)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(s=="ES"){if(!(t instanceof KJUR.crypto.ECDSA)){throw"key shall be a ECDSA obj for ES* algs"}}if(h=="none"){}var n=null;if(m.jwsalg2sigalg[i.alg]===undefined){throw"unsupported alg name: "+h}else{n=m.jwsalg2sigalg[h]}if(n=="none"){throw"not supported"}else{if(n.substr(0,4)=="Hmac"){var k=null;if(t===undefined){throw"hexadecimal key shall be specified for HMAC"}var g=new KJUR.crypto.Mac({alg:n,pass:t});g.updateString(b);k=g.doFinal();return r==k}else{if(n.indexOf("withECDSA")!=-1){var f=null;try{f=KJUR.crypto.ECDSA.concatSigToASN1Sig(r)}catch(o){return false}var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(f)}else{var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(r)}}}};KJUR.jws.JWS.verifyJWT=function(d,j,l){var h=KJUR.jws.JWS;var i=d.split(".");var c=i[0];var g=i[1];var m=c+"."+g;var k=b64utohex(i[2]);var f=h.readSafeJSONString(b64utoutf8(c));var e=h.readSafeJSONString(b64utoutf8(g));if(f.alg===undefined){return false}if(l.alg===undefined){throw"acceptField.alg shall be specified"}if(!h.inArray(f.alg,l.alg)){return false}if(e.iss!==undefined&&typeof l.iss==="object"){if(!h.inArray(e.iss,l.iss)){return false}}if(e.sub!==undefined&&typeof l.sub==="object"){if(!h.inArray(e.sub,l.sub)){return false}}if(e.aud!==undefined&&typeof l.aud==="object"){if(typeof e.aud=="string"){if(!h.inArray(e.aud,l.aud)){return false}}else{if(typeof e.aud=="object"){if(!h.includedArray(e.aud,l.aud)){return false}}}}var b=KJUR.jws.IntDate.getNow();if(l.verifyAt!==undefined&&typeof l.verifyAt=="number"){b=l.verifyAt}if(e.exp!==undefined&&typeof e.exp=="number"){if(e.exp0){var c=":"+j.join(":")+":";if(c.indexOf(":"+h+":")==-1){throw"algorithm '"+h+"' not accepted in the list"}}if(h!="none"&&t===null){throw"key shall be specified to verify."}if(typeof t=="string"&&t.indexOf("-----BEGIN ")!=-1){t=KEYUTIL.getKey(t)}if(s=="RS"||s=="PS"){if(!(t instanceof RSAKey)){throw"key shall be a RSAKey obj for RS* and PS* algs"}}if(s=="ES"){if(!(t instanceof KJUR.crypto.ECDSA)){throw"key shall be a ECDSA obj for ES* algs"}}if(h=="none"){}var n=null;if(m.jwsalg2sigalg[i.alg]===undefined){throw"unsupported alg name: "+h}else{n=m.jwsalg2sigalg[h]}if(n=="none"){throw"not supported"}else{if(n.substr(0,4)=="Hmac"){var k=null;if(t===undefined){throw"hexadecimal key shall be specified for HMAC"}var g=new KJUR.crypto.Mac({alg:n,pass:t});g.updateString(b);k=g.doFinal();return r==k}else{if(n.indexOf("withECDSA")!=-1){var f=null;try{f=KJUR.crypto.ECDSA.concatSigToASN1Sig(r)}catch(o){return false}var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(f)}else{var e=new KJUR.crypto.Signature({alg:n});e.init(t);e.updateString(b);return e.verify(r)}}}};KJUR.jws.JWS.parse=function(g){var c=g.split(".");var b={};var f,e,d;if(c.length!=2&&c.length!=3){throw"malformed sJWS: wrong number of '.' splitted elements"}f=c[0];e=c[1];if(c.length==3){d=c[2]}b.headerObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(f));b.payloadObj=KJUR.jws.JWS.readSafeJSONString(b64utoutf8(e));b.headerPP=JSON.stringify(b.headerObj,null," ");if(b.payloadObj==null){b.payloadPP=b64utoutf8(e)}else{b.payloadPP=JSON.stringify(b.payloadObj,null," ")}if(d!==undefined){b.sigHex=b64utohex(d)}return b};KJUR.jws.JWS.verifyJWT=function(d,j,l){var h=KJUR.jws.JWS;var i=d.split(".");var c=i[0];var g=i[1];var m=c+"."+g;var k=b64utohex(i[2]);var f=h.readSafeJSONString(b64utoutf8(c));var e=h.readSafeJSONString(b64utoutf8(g));if(f.alg===undefined){return false}if(l.alg===undefined){throw"acceptField.alg shall be specified"}if(!h.inArray(f.alg,l.alg)){return false}if(e.iss!==undefined&&typeof l.iss==="object"){if(!h.inArray(e.iss,l.iss)){return false}}if(e.sub!==undefined&&typeof l.sub==="object"){if(!h.inArray(e.sub,l.sub)){return false}}if(e.aud!==undefined&&typeof l.aud==="object"){if(typeof e.aud=="string"){if(!h.inArray(e.aud,l.aud)){return false}}else{if(typeof e.aud=="object"){if(!h.includedArray(e.aud,l.aud)){return false}}}}var b=KJUR.jws.IntDate.getNow();if(l.verifyAt!==undefined&&typeof l.verifyAt=="number"){b=l.verifyAt}if(e.exp!==undefined&&typeof e.exp=="number"){if(e.exp - + + + + - + @@ -36,5 +53,6 @@
test markup
+TEST INDEX |